diff --git a/site/index.html b/site/index.html
index 09869a7ecf50fe4748756bf5e20a3f364f506c7f..54e0e9434ddf572e253dfaf6fc87606f818c4664 100644
--- a/site/index.html
+++ b/site/index.html
@@ -915,5 +915,5 @@ SIG maintainer每年也会例行审视当前maintainer列表，如果发现有
 
 <!--
 MkDocs version : 1.6.1
-Build Date UTC : 2025-08-01 01:29:15.567944+00:00
+Build Date UTC : 2025-08-04 01:27:23.160321+00:00
 -->
diff --git a/site/install/openEuler-24.03-LTS-SP1/OpenStack-antelope/index.html b/site/install/openEuler-24.03-LTS-SP1/OpenStack-antelope/index.html
index 28b756cec2e84efd48d800a9636ea3236aacf944..22f6a9978bbec730c54954f463a5aaade7886f16 100644
--- a/site/install/openEuler-24.03-LTS-SP1/OpenStack-antelope/index.html
+++ b/site/install/openEuler-24.03-LTS-SP1/OpenStack-antelope/index.html
@@ -442,7 +442,7 @@ server NTP_SERVER iburst</code></pre>
 <ol>
 <li>
 <p>安装软件包</p>
-<pre class="highlight"><code>dnf install mysql-config mariadb mariadb-server python3-PyMySQL</code></pre>
+<pre class="highlight"><code>dnf install mariadb-config mariadb mariadb-server python3-PyMySQL</code></pre>
 </li>
 <li>
 <p>新增配置文件<code>/etc/my.cnf.d/openstack.cnf</code>，内容如下</p>
diff --git a/site/install/openEuler-24.03-LTS-SP2/OpenStack-antelope/index.html b/site/install/openEuler-24.03-LTS-SP2/OpenStack-antelope/index.html
index 48e5d8a2c2ee63df1b1c6aa187c6180c48ce06b5..0b35f5ef8a1551e4dbdeeabcf644b60738011a3d 100644
--- a/site/install/openEuler-24.03-LTS-SP2/OpenStack-antelope/index.html
+++ b/site/install/openEuler-24.03-LTS-SP2/OpenStack-antelope/index.html
@@ -442,7 +442,7 @@ server NTP_SERVER iburst</code></pre>
 <ol>
 <li>
 <p>安装软件包</p>
-<pre class="highlight"><code>dnf install mysql-config mariadb mariadb-server python3-PyMySQL</code></pre>
+<pre class="highlight"><code>dnf install mariadb-config mariadb mariadb-server python3-PyMySQL</code></pre>
 </li>
 <li>
 <p>新增配置文件<code>/etc/my.cnf.d/openstack.cnf</code>，内容如下</p>
diff --git a/site/search/search_index.json b/site/search/search_index.json
index ae99536948b9532a595dbb80cddda28e97fa0b9c..7d1b7958687fc464b16d333b203373bab996822e 100644
--- a/site/search/search_index.json
+++ b/site/search/search_index.json
@@ -1 +1 @@
-{"config":{"indexing":"full","lang":["zh"],"min_search_length":3,"prebuild_index":false,"separator":"[\\s\\-]+"},"docs":[{"location":"","text":"openEuler OpenStack SIG \u00b6 SIG \u5de5\u4f5c\u76ee\u6807\u548c\u8303\u56f4 \u00b6 \u5728openEuler\u4e4b\u4e0a\u63d0\u4f9b\u539f\u751f\u7684OpenStack\uff0c\u6784\u5efa\u5f00\u653e\u53ef\u9760\u7684\u4e91\u8ba1\u7b97\u6280\u672f\u6808\u3002 \u5b9a\u671f\u53ec\u5f00\u4f1a\u8bae\uff0c\u6536\u96c6\u5f00\u53d1\u8005\u3001\u5382\u5546\u8bc9\u6c42\uff0c\u8ba8\u8bbaOpenStack\u793e\u533a\u53d1\u5c55\u3002 \u7ec4\u7ec7\u4f1a\u8bae \u00b6 \u516c\u5f00\u7684\u4f1a\u8bae\u65f6\u95f4\uff1a\u6708\u5ea6\u4f8b\u4f1a\uff0c\u6bcf\u6708\u4e2d\u4e0b\u65ec\u7684\u67d0\u4e2a\u5468\u4e09\u4e0b\u53483:00-4:00(\u5317\u4eac\u65f6\u95f4) \u4f1a\u8bae\u94fe\u63a5\uff1a\u901a\u8fc7\u5fae\u4fe1\u7fa4\u6d88\u606f\u548c\u90ae\u4ef6\u5217\u8868\u53d1\u51fa \u4f1a\u8bae\u7eaa\u8981\uff1a https://etherpad.openeuler.org/p/sig-openstack-meetings OpenStack\u7248\u672c\u652f\u6301\u5217\u8868 \u00b6 OpenStack SIG\u901a\u8fc7\u7528\u6237\u53cd\u9988\u7b49\u65b9\u5f0f\u6536\u96c6OpenStack\u7248\u672c\u9700\u6c42\uff0c\u7ecf\u8fc7SIG\u7ec4\u5185\u6210\u5458\u516c\u5f00\u8ba8\u8bba\u51b3\u5b9aOpenStack\u7684\u7248\u672c\u6f14\u8fdb\u8def\u7ebf\u3002\u89c4\u5212\u4e2d\u7684\u7248\u672c\u53ef\u80fd\u56e0\u4e3a\u9700\u6c42\u66f4\u53d8\u3001\u4eba\u529b\u53d8\u52a8\u7b49\u539f\u56e0\u8fdb\u884c\u8c03\u6574\u3002OpenStack SIG\u6b22\u8fce\u66f4\u591a\u5f00\u53d1\u8005\u3001\u5382\u5546\u53c2\u4e0e\uff0c\u5171\u540c\u5b8c\u5584openEuler\u7684OpenStack\u652f\u6301\u3002 \u25cf - \u5df2\u652f\u6301 \u25cb - \u89c4\u5212\u4e2d/\u5f00\u53d1\u4e2d \u25b2 - \u90e8\u5206openEuler\u7248\u672c\u652f\u6301 Queens Rocky Train Ussuri Victoria Wallaby Xena Yoga Antelope openEuler 20.03 LTS SP1 \u25cf openEuler 20.03 LTS SP2 \u25cf \u25cf openEuler 20.03 LTS SP3 \u25cf \u25cf \u25cf openEuler 20.03 LTS SP4 \u25cf openEuler 21.03 \u25cf openEuler 21.09 \u25cf openEuler 22.03 LTS \u25cf \u25cf openEuler 22.03 LTS SP1 \u25cf \u25cf openEuler 22.03 LTS SP2 \u25cf \u25cf openEuler 22.03 LTS SP3 \u25cf \u25cf openEuler 22.03 LTS SP4 \u25cb \u25cb openEuler 22.09 \u25cf \u25cf openEuler 24.03 LTS \u25cf \u25cf Queens Rocky Train Victoria Wallaby Yoga Antelope Keystone \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf Glance \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf Nova \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf Cinder \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf Neutron \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf Tempest \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf Horizon \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf Ironic \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf Placement \u25cf \u25cf \u25cf \u25cf \u25cf Trove \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf Kolla \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf Rally \u25b2 \u25b2 Swift \u25cf \u25cf \u25cf \u25cf Heat \u25cf \u25b2 \u25cf \u25cf Ceilometer \u25cf \u25b2 \u25cf \u25cf Aodh \u25cf \u25b2 \u25cf \u25cf Cyborg \u25cf \u25b2 \u25cf \u25cf Gnocchi \u25cf \u25cf \u25cf \u25cf OpenStack-helm \u25cf \u25cf Barbican \u25b2 \u25cf Octavia \u25b2 \u25cf Designate \u25b2 \u25cf Manila \u25b2 \u25cf Masakari \u25b2 \u25cf Mistral \u25b2 \u25cf Senlin \u25b2 \u25cf Zaqar \u25b2 \u25cf Note: openEuler 20.03 LTS SP2\u4e0d\u652f\u6301Rally Heat\u3001Ceilometer\u3001Swift\u3001Aodh\u548cCyborg\u53ea\u572822.03 LTS\u4ee5\u4e0a\u7248\u672c\u652f\u6301 Barbican\u3001Octavia\u3001Designate\u3001Manila\u3001Masakari\u3001Mistral\u3001Senlin\u548cZaqar\u53ea\u572822.03 LTS SP2\u4ee5\u4e0a\u7248\u672c\u652f\u6301 oepkg\u8f6f\u4ef6\u4ed3\u5730\u5740\u5217\u8868 \u00b6 Queens\u3001Rocky\u3001Train\u7248\u672c\u7684\u652f\u6301\u653e\u5728SIG\u5b98\u65b9\u8ba4\u8bc1\u7684\u7b2c\u4e09\u65b9\u8f6f\u4ef6\u5e73\u53f0oepkg: 20.03-LTS-SP1 Train: https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP1/contrib/openstack/train/ \u8be5Train\u7248\u672c\u4e0d\u662f\u7eaf\u539f\u751f\u4ee3\u7801\uff0c\u5305\u542b\u4e86\u667a\u80fd\u7f51\u5361\u652f\u6301\u7684\u76f8\u5173\u4ee3\u7801\uff0c\u7528\u6237\u4f7f\u7528\u524d\u8bf7\u81ea\u884c\u8bc4\u5ba1 20.03-LTS-SP2 Rocky\uff1a https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP2/budding-openeuler/openstack/queens/ 20.03-LTS-SP3 Rocky\uff1a https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP3/budding-openeuler/openstack/rocky/ 20.03-LTS-SP2 Queens\uff1a https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP2/budding-openeuler/openstack/queens/ 20.03-LTS-SP3 Rocky\uff1a https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP3/budding-openeuler/openstack/rocky/ \u53e6\u5916\uff0c20.03-LTS-SP1\u867d\u7136\u6709Queens\u3001Rocky\u7248\u672c\u7684\u8f6f\u4ef6\u5305\uff0c\u4f46\u672a\u7ecf\u8fc7\u9a8c\u8bc1\uff0c\u8bf7\u8c28\u614e\u4f7f\u7528\uff1a 20.03-LTS-SP1 Queens: https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP1/contrib/openstack/queens/ 20.03-LTS-SP1 Rocky: https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP1/contrib/openstack/rocky/ Maintainer\u7684\u52a0\u5165\u548c\u9000\u51fa \u00b6 \u79c9\u627f\u5f00\u6e90\u5f00\u653e\u7684\u7406\u5ff5\uff0cOpenStack SIG\u5728maintainer\u6210\u5458\u7684\u7ba1\u7406\u65b9\u9762\u4e5f\u6709\u4e00\u5b9a\u7684\u89c4\u8303\u548c\u8981\u6c42\u3002 \u5982\u4f55\u6210\u4e3amaintainer \u00b6 maintainer\u4f5c\u4e3aSIG\u7684\u76f4\u63a5\u8d1f\u8d23\u4eba\uff0c\u62e5\u6709\u4ee3\u7801\u5408\u5165\u3001\u8def\u6807\u89c4\u5212\u3001\u63d0\u540dmaintainer\u7b49\u65b9\u9762\u7684\u6743\u5229\uff0c\u540c\u65f6\u4e5f\u6709\u8f6f\u4ef6\u8d28\u91cf\u770b\u62a4\u3001\u7248\u672c\u5f00\u53d1\u7684\u4e49\u52a1\u3002\u5982\u679c\u60a8\u60f3\u6210\u4e3aOpenStack SIG\u7684\u4e00\u540dmaintainer\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u51e0\u70b9\u8981\u6c42\uff1a \u6301\u7eed\u53c2\u4e0eOpenStack SIG\u5f00\u53d1\u8d21\u732e\uff0c\u4e0d\u5c0f\u4e8e\u4e00\u4e2aopenEuler release\u5468\u671f\uff08\u4e00\u822c\u4e3a3\u4e2a\u6708\uff09 \u6301\u7eed\u53c2\u4e0eOpenStack SIG\u4ee3\u7801\u68c0\u89c6\uff0creview\u6392\u540d\u5e94\u4e0d\u4f4e\u4e8eSIG\u5e73\u5747\u91cf \u5b9a\u65f6\u53c2\u52a0OpenStack SIG\u4f8b\u4f1a\uff08\u4e00\u822c\u4e3a\u53cc\u5468\u4e00\u6b21\uff09\uff0c\u4e00\u4e2aopenEuler release\u5468\u671f\u4e00\u822c\u5305\u62ec6\u6b21\u4f8b\u4f1a\uff0c\u7f3a\u5e2d\u6b21\u6570\u5e94\u4e0d\u5927\u4e8e2\u6b21 \u52a0\u5206\u9879\uff1a \u79ef\u6781\u53c2\u52a0OpenStack SIG\u7ec4\u7ec7\u7684\u5404\u79cd\u6d3b\u52a8\uff0c\u6bd4\u5982\u7ebf\u4e0a\u5206\u4eab\u3001\u7ebf\u4e0bmeetup\u6216\u5cf0\u4f1a\u7b49\u3002 \u5e2e\u52a9SIG\u6269\u5c55\u8fd0\u8425\u8303\u56f4\uff0c\u8fdb\u884c\u8054\u5408\u6280\u672f\u521b\u65b0\uff0c\u4f8b\u5982\u4e3b\u52a8\u5f00\u6e90\u65b0\u9879\u76ee\uff0c\u5438\u5f15\u65b0\u7684\u5f00\u53d1\u8005\u3001\u5382\u5546\u52a0\u5165SIG\u7b49\u3002 SIG maintainer\u6bcf\u4e2a\u5b63\u5ea6\u4f1a\u7ec4\u7ec7\u95ed\u95e8\u4f1a\u8bae\uff0c\u5ba1\u89c6\u5f53\u524d\u8d21\u732e\u6570\u636e\uff0c\u6839\u636e\u8d21\u732e\u8005\u6ee1\u8db3\u76f8\u5173\u8981\u6c42\uff0c\u7ecf\u8ba8\u8bba\u8fbe\u6210\u4e00\u81f4\u540e\u5e76\u4e14\u8d21\u732e\u8005\u613f\u610f\u62c5\u4efbmaintainer\u4e00\u804c\u65f6\uff0cSIG\u4f1a\u5411openEuler TC\u63d0\u51fa\u76f8\u5173\u7533\u8bf7 \u6d3b\u8dc3maintainer \u00b6 \u53c2\u8003 Apache\u57fa\u91d1\u4f1a \u7b49\u793e\u533a\uff0c\u7ed3\u5408SIG\u5177\u4f53\u60c5\u51b5\uff0c\u5f15\u5165\u6d3b\u8dc3maintainer\u673a\u5236\u3002 \u5bf9\u4e8e\u65e0\u6cd5\u4fdd\u6301\u957f\u671f\u9ad8\u6d3b\u8dc3\uff0c\u4f46\u613f\u610f\u7ee7\u7eed\u627f\u62c5SIG\u8d23\u4efb\u7684maintainer\uff0cmaintainer\u89d2\u8272\u4fdd\u7559\u3002 \u975e\u9ad8\u6d3b\u8dc3maintainer\u8d23\u4efb\u4e0e\u6743\u9650\uff1a \u4fdd\u6301SIG\u52a8\u6001\u8ddf\u8fdb\uff0c\u53c2\u4e0eSIG\u91cd\u5927\u4e8b\u52a1\u3002 \u53c2\u4e0eSIG\u51b3\u7b56\u3002\u6d3b\u8dc3maintainer\u5bf9SIG\u4e8b\u52a1\u51b3\u7b56\u5177\u5907\u66f4\u9ad8\u6743\u91cd\uff0c\u610f\u89c1\u76f8\u5de6\u65f6\u4ee5\u6d3b\u8dc3\u8005\u4e3a\u51c6\u3002 \u4e0d\u5177\u5907\u63d0\u540d\u6743\u9650\u3002 \u6d3b\u8dc3maintainer\u5728SIG\u4e3b\u9875\u5217\u8868\u4e2d\u88ab\u5217\u51fa\u3002 \u5f53SIG maintainer\u56e0\u4e3a\u81ea\u8eab\u539f\u56e0\uff0c\u65e0\u6cd5\u4fdd\u6301\u957f\u671f\u9ad8\u6d3b\u8dc3\u65f6\uff0c\u53ef\u4e3b\u52a8\u7533\u8bf7\u9000\u51fa\u9ad8\u6d3b\u8dc3\u72b6\u6001\u3002SIG maintainer\u6bcf\u534a\u5e74\u4f8b\u884c\u5ba1\u89c6\u5f53\u524dmaintainer\u5217\u8868\uff0c\u66f4\u65b0\u6d3b\u8dc3\u5217\u8868\u3002 maintainer\u7684\u9000\u51fa \u00b6 \u5f53SIG maintainer\u56e0\u4e3a\u81ea\u8eab\u539f\u56e0\uff08\u5de5\u4f5c\u53d8\u52a8\u3001\u4e1a\u52a1\u8c03\u6574\u7b49\u539f\u56e0\uff09\uff0c\u65e0\u6cd5\u518d\u62c5\u4efbmaintainer\u4e00\u804c\u65f6\uff0c\u53ef\u4e3b\u52a8\u7533\u8bf7\u9000\u51fa\u3002 SIG maintainer\u6bcf\u5e74\u4e5f\u4f1a\u4f8b\u884c\u5ba1\u89c6\u5f53\u524dmaintainer\u5217\u8868\uff0c\u5982\u679c\u53d1\u73b0\u6709\u4e0d\u518d\u9002\u5408\u62c5\u4efbmaintainer\u7684\u8d21\u732e\u8005\uff08\u65e0\u6cd5\u4fdd\u969c\u53c2\u4e0e\u7b49\u539f\u56e0\uff09\uff0c\u7ecf\u8ba8\u8bba\u8fbe\u6210\u4e00\u81f4\u540e\uff0c\u4f1a\u5411openEuler TC\u63d0\u51fa\u76f8\u5173\u7533\u8bf7\u3002 \u6d3b\u8dc3Maintainer \u00b6 \u59d3\u540d Gitee ID \u90ae\u7bb1 \u516c\u53f8 \u90d1\u633a tzing_t zhengting13@huawei.com \u534e\u4e3a \u738b\u4e1c\u5174 desert-sailor dongxing.wang_a@thundersoft.com \u521b\u8fbe\u5965\u601d\u7ef4 \u738b\u9759 Accessac wangjing@uniontech.com \u7edf\u4fe1\u8f6f\u4ef6 Maintainer/Committer\u5217\u8868 \u00b6 \u59d3\u540d Gitee ID \u90ae\u7bb1 \u516c\u53f8 \u9648\u7855 joec88 joseph.chn1988@gmail.com \u4e2d\u56fd\u8054\u901a \u674e\u6606\u5c71 liksh li_kunshan@163.com \u4e2d\u56fd\u8054\u901a \u9ec4\u586b\u534e huangtianhua huangtianhua223@gmail.com \u534e\u4e3a \u738b\u73ba\u6e90 xiyuanwang wangxiyuan1007@gmail.com \u534e\u4e3a \u5f20\u5e06 zh-f zh.f@outlook.com \u4e2d\u56fd\u7535\u4fe1 \u5f20\u8fce zhangy1317 zhangy1317@foxmail.com \u4e2d\u56fd\u8054\u901a \u97e9\u5149\u5b87 han-guangyu hanguangyu@uniontech.com \u7edf\u4fe1\u8f6f\u4ef6 \u738b\u4e1c\u5174 desert-sailor dongxing.wang_a@thundersoft.com \u521b\u8fbe\u5965\u601d\u7ef4 \u90d1\u633a tzing_t zhengting13@huawei.com \u534e\u4e3a \u738b\u9759 Accessac wangjing@uniontech.com \u7edf\u4fe1\u8f6f\u4ef6 \u5982\u4f55\u8d21\u732e \u00b6 OpenStack SIG\u79c9\u627fOpenStack\u793e\u533a4\u4e2aOpen\u539f\u5219\uff08Open source\u3001Open Design\u3001Open Development\u3001Open Community\uff09\uff0c\u6b22\u8fce\u5f00\u53d1\u8005\u3001\u7528\u6237\u3001\u5382\u5546\u4ee5\u5404\u79cd\u5f00\u6e90\u65b9\u5f0f\u53c2\u4e0eSIG\u8d21\u732e\uff0c\u5305\u62ec\u4f46\u4e0d\u9650\u4e8e\uff1a \u63d0\u4ea4Issue \u5982\u679c\u60a8\u5728\u4f7f\u7528OpenStack\u65f6\u9047\u5230\u4e86\u4efb\u4f55\u95ee\u9898\uff0c\u53ef\u4ee5\u5411SIG\u63d0\u4ea4ISSUE\uff0c\u5305\u62ec\u4e0d\u9650\u4e8e\u4f7f\u7528\u7591\u95ee\u3001\u8f6f\u4ef6\u5305BUG\u3001\u7279\u6027\u9700\u6c42\u7b49\u7b49\u3002 \u53c2\u4e0e\u6280\u672f\u8ba8\u8bba \u901a\u8fc7\u90ae\u4ef6\u5217\u8868\u3001\u5fae\u4fe1\u7fa4\u3001\u5728\u7ebf\u4f8b\u4f1a\u7b49\u65b9\u5f0f\uff0c\u4e0eSIG\u6210\u5458\u5b9e\u65f6\u8ba8\u8bbaOpenStack\u6280\u672f\u3002 \u53c2\u4e0eSIG\u7684\u8f6f\u4ef6\u5f00\u53d1\u6d4b\u8bd5\u5de5\u4f5c OpenStack SIG\u8ddf\u968fopenEuler\u7248\u672c\u5f00\u53d1\u7684\u8282\u594f\uff0c\u6bcf\u51e0\u4e2a\u6708\u5bf9\u5916\u53d1\u5e03\u4e0d\u540c\u7248\u672c\u7684OpenStack\uff0c\u6bcf\u4e2a\u7248\u672c\u5305\u542b\u4e86\u51e0\u767e\u4e2aRPM\u8f6f\u4ef6\u5305\uff0c\u5f00\u53d1\u8005\u53ef\u4ee5\u53c2\u4e0e\u5230\u8fd9\u4e9bRPM\u5305\u7684\u5f00\u53d1\u5de5\u4f5c\u4e2d\u3002 OpenStack SIG\u5305\u62ec\u4e00\u4e9b\u6765\u81ea\u5382\u5546\u6350\u732e\u3001\u81ea\u4e3b\u7814\u53d1\u7684\u9879\u76ee\uff0c\u5f00\u53d1\u8005\u53ef\u4ee5\u53c2\u4e0e\u76f8\u5173\u9879\u76ee\u7684\u5f00\u53d1\u5de5\u4f5c\u3002 openEuler\u65b0\u7248\u672c\u53d1\u5e03\u540e\uff0c\u7528\u6237\u53ef\u4ee5\u6d4b\u8bd5\u8bd5\u7528\u5bf9\u5e94\u7684OpenStack\uff0c\u76f8\u5173BUG\u548c\u95ee\u9898\u53ef\u4ee5\u63d0\u4ea4\u5230SIG\u3002 OpenStack SIG\u8fd8\u63d0\u4f9b\u4e86\u4e00\u7cfb\u5217\u63d0\u9ad8\u5f00\u53d1\u6548\u7387\u7684\u5de5\u5177\u548c\u6587\u6863\uff0c\u7528\u6237\u53ef\u4ee5\u5e2e\u5fd9\u4f18\u5316\u3001\u5b8c\u5584\u3002 \u6280\u672f\u9884\u8a00\u3001\u8054\u5408\u521b\u65b0 OpenStack SIG\u6b22\u8fce\u5404\u79cd\u5f62\u5f0f\u7684\u8054\u5408\u521b\u65b0\uff0c\u9080\u8bf7\u5404\u4f4d\u5f00\u53d1\u8005\u4ee5\u5f00\u6e90\u7684\u65b9\u5f0f\u3001\u4ee5SIG\u4e3a\u5e73\u53f0\uff0c\u521b\u9020\u5c5e\u4e8e\u56fd\u4eba\u7684\u4e91\u8ba1\u7b97\u65b0\u6280\u672f\u3002\u5982\u679c\u60a8\u6709idea\u6216\u5f00\u53d1\u610f\u613f\uff0c\u6b22\u8fce\u52a0\u5165SIG\u3002 \u5f53\u7136\uff0c\u8d21\u732e\u5f62\u5f0f\u4e0d\u4ec5\u5305\u542b\u8fd9\u4e9b\uff0c\u5176\u4ed6\u4efb\u4f55\u4e0eOpenStack\u76f8\u5173\u3001\u4e0e\u5f00\u6e90\u76f8\u5173\u7684\u4e8b\u52a1\u90fd\u53ef\u4ee5\u5e26\u5230SIG\u4e2d\u3002OpenStack SIG\u6b22\u8fce\u60a8\u7684\u53c2\u4e0e\u3002 \u9879\u76ee\u6e05\u5355 \u00b6 SIG\u5305\u542b\u7684\u5168\u90e8\u9879\u76ee\uff1a https://gitee.com/openeuler/openstack/blob/master/tools/oos/etc/openeuler_sig_repo.yaml OpenStack\u5305\u542b\u9879\u76ee\u4f17\u591a\uff0c\u4e3a\u4e86\u65b9\u4fbf\u7ba1\u7406\uff0c\u8bbe\u7f6e\u4e86\u7edf\u4e00\u5165\u53e3\u9879\u76ee\uff0c\u7528\u6237\u3001\u5f00\u53d1\u8005\u5bf9OpenStack SIG\u4ee5\u53ca\u5404OpenStack\u5b50\u9879\u76ee\u6709\u4efb\u4f55\u95ee\u9898\uff0c\u53ef\u4ee5\u5728\u8be5\u9879\u76ee\u4e2d\u63d0\u4ea4Issue\u3002 https://gitee.com/openeuler/openstack SIG\u540c\u65f6\u8054\u5408\u5404\u5927\u5382\u5546\u3001\u5f00\u53d1\u8005\uff0c\u521b\u5efa\u4e86\u4e00\u7cfb\u5217\u81ea\u7814\u9879\u76ee\uff1a https://gitee.com/openeuler/openstack-kolla-ansible-plugin https://gitee.com/openeuler/openstack-kolla-plugin https://gitee.com/openeuler/openstack-plugin https://gitee.com/openeuler/hostha https://gitee.com/openeuler/opensd \u4ea4\u6d41\u7fa4 \u00b6 \u6dfb\u52a0\u5c0f\u52a9\u624b\u56de\u590d\"\u52a0\u7fa4\"\u8fdb\u5165openEuler sig-OpenStack\u4ea4\u6d41\u7fa4","title":"OpenStack SIG"},{"location":"#openeuler-openstack-sig","text":"","title":"openEuler OpenStack SIG"},{"location":"#sig","text":"\u5728openEuler\u4e4b\u4e0a\u63d0\u4f9b\u539f\u751f\u7684OpenStack\uff0c\u6784\u5efa\u5f00\u653e\u53ef\u9760\u7684\u4e91\u8ba1\u7b97\u6280\u672f\u6808\u3002 \u5b9a\u671f\u53ec\u5f00\u4f1a\u8bae\uff0c\u6536\u96c6\u5f00\u53d1\u8005\u3001\u5382\u5546\u8bc9\u6c42\uff0c\u8ba8\u8bbaOpenStack\u793e\u533a\u53d1\u5c55\u3002","title":"SIG \u5de5\u4f5c\u76ee\u6807\u548c\u8303\u56f4"},{"location":"#_1","text":"\u516c\u5f00\u7684\u4f1a\u8bae\u65f6\u95f4\uff1a\u6708\u5ea6\u4f8b\u4f1a\uff0c\u6bcf\u6708\u4e2d\u4e0b\u65ec\u7684\u67d0\u4e2a\u5468\u4e09\u4e0b\u53483:00-4:00(\u5317\u4eac\u65f6\u95f4) \u4f1a\u8bae\u94fe\u63a5\uff1a\u901a\u8fc7\u5fae\u4fe1\u7fa4\u6d88\u606f\u548c\u90ae\u4ef6\u5217\u8868\u53d1\u51fa \u4f1a\u8bae\u7eaa\u8981\uff1a https://etherpad.openeuler.org/p/sig-openstack-meetings","title":"\u7ec4\u7ec7\u4f1a\u8bae"},{"location":"#openstack","text":"OpenStack SIG\u901a\u8fc7\u7528\u6237\u53cd\u9988\u7b49\u65b9\u5f0f\u6536\u96c6OpenStack\u7248\u672c\u9700\u6c42\uff0c\u7ecf\u8fc7SIG\u7ec4\u5185\u6210\u5458\u516c\u5f00\u8ba8\u8bba\u51b3\u5b9aOpenStack\u7684\u7248\u672c\u6f14\u8fdb\u8def\u7ebf\u3002\u89c4\u5212\u4e2d\u7684\u7248\u672c\u53ef\u80fd\u56e0\u4e3a\u9700\u6c42\u66f4\u53d8\u3001\u4eba\u529b\u53d8\u52a8\u7b49\u539f\u56e0\u8fdb\u884c\u8c03\u6574\u3002OpenStack SIG\u6b22\u8fce\u66f4\u591a\u5f00\u53d1\u8005\u3001\u5382\u5546\u53c2\u4e0e\uff0c\u5171\u540c\u5b8c\u5584openEuler\u7684OpenStack\u652f\u6301\u3002 \u25cf - \u5df2\u652f\u6301 \u25cb - \u89c4\u5212\u4e2d/\u5f00\u53d1\u4e2d \u25b2 - \u90e8\u5206openEuler\u7248\u672c\u652f\u6301 Queens Rocky Train Ussuri Victoria Wallaby Xena Yoga Antelope openEuler 20.03 LTS SP1 \u25cf openEuler 20.03 LTS SP2 \u25cf \u25cf openEuler 20.03 LTS SP3 \u25cf \u25cf \u25cf openEuler 20.03 LTS SP4 \u25cf openEuler 21.03 \u25cf openEuler 21.09 \u25cf openEuler 22.03 LTS \u25cf \u25cf openEuler 22.03 LTS SP1 \u25cf \u25cf openEuler 22.03 LTS SP2 \u25cf \u25cf openEuler 22.03 LTS SP3 \u25cf \u25cf openEuler 22.03 LTS SP4 \u25cb \u25cb openEuler 22.09 \u25cf \u25cf openEuler 24.03 LTS \u25cf \u25cf Queens Rocky Train Victoria Wallaby Yoga Antelope Keystone \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf Glance \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf Nova \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf Cinder \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf Neutron \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf Tempest \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf Horizon \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf Ironic \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf Placement \u25cf \u25cf \u25cf \u25cf \u25cf Trove \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf Kolla \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf Rally \u25b2 \u25b2 Swift \u25cf \u25cf \u25cf \u25cf Heat \u25cf \u25b2 \u25cf \u25cf Ceilometer \u25cf \u25b2 \u25cf \u25cf Aodh \u25cf \u25b2 \u25cf \u25cf Cyborg \u25cf \u25b2 \u25cf \u25cf Gnocchi \u25cf \u25cf \u25cf \u25cf OpenStack-helm \u25cf \u25cf Barbican \u25b2 \u25cf Octavia \u25b2 \u25cf Designate \u25b2 \u25cf Manila \u25b2 \u25cf Masakari \u25b2 \u25cf Mistral \u25b2 \u25cf Senlin \u25b2 \u25cf Zaqar \u25b2 \u25cf Note: openEuler 20.03 LTS SP2\u4e0d\u652f\u6301Rally Heat\u3001Ceilometer\u3001Swift\u3001Aodh\u548cCyborg\u53ea\u572822.03 LTS\u4ee5\u4e0a\u7248\u672c\u652f\u6301 Barbican\u3001Octavia\u3001Designate\u3001Manila\u3001Masakari\u3001Mistral\u3001Senlin\u548cZaqar\u53ea\u572822.03 LTS SP2\u4ee5\u4e0a\u7248\u672c\u652f\u6301","title":"OpenStack\u7248\u672c\u652f\u6301\u5217\u8868"},{"location":"#oepkg","text":"Queens\u3001Rocky\u3001Train\u7248\u672c\u7684\u652f\u6301\u653e\u5728SIG\u5b98\u65b9\u8ba4\u8bc1\u7684\u7b2c\u4e09\u65b9\u8f6f\u4ef6\u5e73\u53f0oepkg: 20.03-LTS-SP1 Train: https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP1/contrib/openstack/train/ \u8be5Train\u7248\u672c\u4e0d\u662f\u7eaf\u539f\u751f\u4ee3\u7801\uff0c\u5305\u542b\u4e86\u667a\u80fd\u7f51\u5361\u652f\u6301\u7684\u76f8\u5173\u4ee3\u7801\uff0c\u7528\u6237\u4f7f\u7528\u524d\u8bf7\u81ea\u884c\u8bc4\u5ba1 20.03-LTS-SP2 Rocky\uff1a https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP2/budding-openeuler/openstack/queens/ 20.03-LTS-SP3 Rocky\uff1a https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP3/budding-openeuler/openstack/rocky/ 20.03-LTS-SP2 Queens\uff1a https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP2/budding-openeuler/openstack/queens/ 20.03-LTS-SP3 Rocky\uff1a https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP3/budding-openeuler/openstack/rocky/ \u53e6\u5916\uff0c20.03-LTS-SP1\u867d\u7136\u6709Queens\u3001Rocky\u7248\u672c\u7684\u8f6f\u4ef6\u5305\uff0c\u4f46\u672a\u7ecf\u8fc7\u9a8c\u8bc1\uff0c\u8bf7\u8c28\u614e\u4f7f\u7528\uff1a 20.03-LTS-SP1 Queens: https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP1/contrib/openstack/queens/ 20.03-LTS-SP1 Rocky: https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP1/contrib/openstack/rocky/","title":"oepkg\u8f6f\u4ef6\u4ed3\u5730\u5740\u5217\u8868"},{"location":"#maintainer","text":"\u79c9\u627f\u5f00\u6e90\u5f00\u653e\u7684\u7406\u5ff5\uff0cOpenStack SIG\u5728maintainer\u6210\u5458\u7684\u7ba1\u7406\u65b9\u9762\u4e5f\u6709\u4e00\u5b9a\u7684\u89c4\u8303\u548c\u8981\u6c42\u3002","title":"Maintainer\u7684\u52a0\u5165\u548c\u9000\u51fa"},{"location":"#maintainer_1","text":"maintainer\u4f5c\u4e3aSIG\u7684\u76f4\u63a5\u8d1f\u8d23\u4eba\uff0c\u62e5\u6709\u4ee3\u7801\u5408\u5165\u3001\u8def\u6807\u89c4\u5212\u3001\u63d0\u540dmaintainer\u7b49\u65b9\u9762\u7684\u6743\u5229\uff0c\u540c\u65f6\u4e5f\u6709\u8f6f\u4ef6\u8d28\u91cf\u770b\u62a4\u3001\u7248\u672c\u5f00\u53d1\u7684\u4e49\u52a1\u3002\u5982\u679c\u60a8\u60f3\u6210\u4e3aOpenStack SIG\u7684\u4e00\u540dmaintainer\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u51e0\u70b9\u8981\u6c42\uff1a \u6301\u7eed\u53c2\u4e0eOpenStack SIG\u5f00\u53d1\u8d21\u732e\uff0c\u4e0d\u5c0f\u4e8e\u4e00\u4e2aopenEuler release\u5468\u671f\uff08\u4e00\u822c\u4e3a3\u4e2a\u6708\uff09 \u6301\u7eed\u53c2\u4e0eOpenStack SIG\u4ee3\u7801\u68c0\u89c6\uff0creview\u6392\u540d\u5e94\u4e0d\u4f4e\u4e8eSIG\u5e73\u5747\u91cf \u5b9a\u65f6\u53c2\u52a0OpenStack SIG\u4f8b\u4f1a\uff08\u4e00\u822c\u4e3a\u53cc\u5468\u4e00\u6b21\uff09\uff0c\u4e00\u4e2aopenEuler release\u5468\u671f\u4e00\u822c\u5305\u62ec6\u6b21\u4f8b\u4f1a\uff0c\u7f3a\u5e2d\u6b21\u6570\u5e94\u4e0d\u5927\u4e8e2\u6b21 \u52a0\u5206\u9879\uff1a \u79ef\u6781\u53c2\u52a0OpenStack SIG\u7ec4\u7ec7\u7684\u5404\u79cd\u6d3b\u52a8\uff0c\u6bd4\u5982\u7ebf\u4e0a\u5206\u4eab\u3001\u7ebf\u4e0bmeetup\u6216\u5cf0\u4f1a\u7b49\u3002 \u5e2e\u52a9SIG\u6269\u5c55\u8fd0\u8425\u8303\u56f4\uff0c\u8fdb\u884c\u8054\u5408\u6280\u672f\u521b\u65b0\uff0c\u4f8b\u5982\u4e3b\u52a8\u5f00\u6e90\u65b0\u9879\u76ee\uff0c\u5438\u5f15\u65b0\u7684\u5f00\u53d1\u8005\u3001\u5382\u5546\u52a0\u5165SIG\u7b49\u3002 SIG maintainer\u6bcf\u4e2a\u5b63\u5ea6\u4f1a\u7ec4\u7ec7\u95ed\u95e8\u4f1a\u8bae\uff0c\u5ba1\u89c6\u5f53\u524d\u8d21\u732e\u6570\u636e\uff0c\u6839\u636e\u8d21\u732e\u8005\u6ee1\u8db3\u76f8\u5173\u8981\u6c42\uff0c\u7ecf\u8ba8\u8bba\u8fbe\u6210\u4e00\u81f4\u540e\u5e76\u4e14\u8d21\u732e\u8005\u613f\u610f\u62c5\u4efbmaintainer\u4e00\u804c\u65f6\uff0cSIG\u4f1a\u5411openEuler TC\u63d0\u51fa\u76f8\u5173\u7533\u8bf7","title":"\u5982\u4f55\u6210\u4e3amaintainer"},{"location":"#maintainer_2","text":"\u53c2\u8003 Apache\u57fa\u91d1\u4f1a \u7b49\u793e\u533a\uff0c\u7ed3\u5408SIG\u5177\u4f53\u60c5\u51b5\uff0c\u5f15\u5165\u6d3b\u8dc3maintainer\u673a\u5236\u3002 \u5bf9\u4e8e\u65e0\u6cd5\u4fdd\u6301\u957f\u671f\u9ad8\u6d3b\u8dc3\uff0c\u4f46\u613f\u610f\u7ee7\u7eed\u627f\u62c5SIG\u8d23\u4efb\u7684maintainer\uff0cmaintainer\u89d2\u8272\u4fdd\u7559\u3002 \u975e\u9ad8\u6d3b\u8dc3maintainer\u8d23\u4efb\u4e0e\u6743\u9650\uff1a \u4fdd\u6301SIG\u52a8\u6001\u8ddf\u8fdb\uff0c\u53c2\u4e0eSIG\u91cd\u5927\u4e8b\u52a1\u3002 \u53c2\u4e0eSIG\u51b3\u7b56\u3002\u6d3b\u8dc3maintainer\u5bf9SIG\u4e8b\u52a1\u51b3\u7b56\u5177\u5907\u66f4\u9ad8\u6743\u91cd\uff0c\u610f\u89c1\u76f8\u5de6\u65f6\u4ee5\u6d3b\u8dc3\u8005\u4e3a\u51c6\u3002 \u4e0d\u5177\u5907\u63d0\u540d\u6743\u9650\u3002 \u6d3b\u8dc3maintainer\u5728SIG\u4e3b\u9875\u5217\u8868\u4e2d\u88ab\u5217\u51fa\u3002 \u5f53SIG maintainer\u56e0\u4e3a\u81ea\u8eab\u539f\u56e0\uff0c\u65e0\u6cd5\u4fdd\u6301\u957f\u671f\u9ad8\u6d3b\u8dc3\u65f6\uff0c\u53ef\u4e3b\u52a8\u7533\u8bf7\u9000\u51fa\u9ad8\u6d3b\u8dc3\u72b6\u6001\u3002SIG maintainer\u6bcf\u534a\u5e74\u4f8b\u884c\u5ba1\u89c6\u5f53\u524dmaintainer\u5217\u8868\uff0c\u66f4\u65b0\u6d3b\u8dc3\u5217\u8868\u3002","title":"\u6d3b\u8dc3maintainer"},{"location":"#maintainer_3","text":"\u5f53SIG maintainer\u56e0\u4e3a\u81ea\u8eab\u539f\u56e0\uff08\u5de5\u4f5c\u53d8\u52a8\u3001\u4e1a\u52a1\u8c03\u6574\u7b49\u539f\u56e0\uff09\uff0c\u65e0\u6cd5\u518d\u62c5\u4efbmaintainer\u4e00\u804c\u65f6\uff0c\u53ef\u4e3b\u52a8\u7533\u8bf7\u9000\u51fa\u3002 SIG maintainer\u6bcf\u5e74\u4e5f\u4f1a\u4f8b\u884c\u5ba1\u89c6\u5f53\u524dmaintainer\u5217\u8868\uff0c\u5982\u679c\u53d1\u73b0\u6709\u4e0d\u518d\u9002\u5408\u62c5\u4efbmaintainer\u7684\u8d21\u732e\u8005\uff08\u65e0\u6cd5\u4fdd\u969c\u53c2\u4e0e\u7b49\u539f\u56e0\uff09\uff0c\u7ecf\u8ba8\u8bba\u8fbe\u6210\u4e00\u81f4\u540e\uff0c\u4f1a\u5411openEuler TC\u63d0\u51fa\u76f8\u5173\u7533\u8bf7\u3002","title":"maintainer\u7684\u9000\u51fa"},{"location":"#maintainer_4","text":"\u59d3\u540d Gitee ID \u90ae\u7bb1 \u516c\u53f8 \u90d1\u633a tzing_t zhengting13@huawei.com \u534e\u4e3a \u738b\u4e1c\u5174 desert-sailor dongxing.wang_a@thundersoft.com \u521b\u8fbe\u5965\u601d\u7ef4 \u738b\u9759 Accessac wangjing@uniontech.com \u7edf\u4fe1\u8f6f\u4ef6","title":"\u6d3b\u8dc3Maintainer"},{"location":"#maintainercommitter","text":"\u59d3\u540d Gitee ID \u90ae\u7bb1 \u516c\u53f8 \u9648\u7855 joec88 joseph.chn1988@gmail.com \u4e2d\u56fd\u8054\u901a \u674e\u6606\u5c71 liksh li_kunshan@163.com \u4e2d\u56fd\u8054\u901a \u9ec4\u586b\u534e huangtianhua huangtianhua223@gmail.com \u534e\u4e3a \u738b\u73ba\u6e90 xiyuanwang wangxiyuan1007@gmail.com \u534e\u4e3a \u5f20\u5e06 zh-f zh.f@outlook.com \u4e2d\u56fd\u7535\u4fe1 \u5f20\u8fce zhangy1317 zhangy1317@foxmail.com \u4e2d\u56fd\u8054\u901a \u97e9\u5149\u5b87 han-guangyu hanguangyu@uniontech.com \u7edf\u4fe1\u8f6f\u4ef6 \u738b\u4e1c\u5174 desert-sailor dongxing.wang_a@thundersoft.com \u521b\u8fbe\u5965\u601d\u7ef4 \u90d1\u633a tzing_t zhengting13@huawei.com \u534e\u4e3a \u738b\u9759 Accessac wangjing@uniontech.com \u7edf\u4fe1\u8f6f\u4ef6","title":"Maintainer/Committer\u5217\u8868"},{"location":"#_2","text":"OpenStack SIG\u79c9\u627fOpenStack\u793e\u533a4\u4e2aOpen\u539f\u5219\uff08Open source\u3001Open Design\u3001Open Development\u3001Open Community\uff09\uff0c\u6b22\u8fce\u5f00\u53d1\u8005\u3001\u7528\u6237\u3001\u5382\u5546\u4ee5\u5404\u79cd\u5f00\u6e90\u65b9\u5f0f\u53c2\u4e0eSIG\u8d21\u732e\uff0c\u5305\u62ec\u4f46\u4e0d\u9650\u4e8e\uff1a \u63d0\u4ea4Issue \u5982\u679c\u60a8\u5728\u4f7f\u7528OpenStack\u65f6\u9047\u5230\u4e86\u4efb\u4f55\u95ee\u9898\uff0c\u53ef\u4ee5\u5411SIG\u63d0\u4ea4ISSUE\uff0c\u5305\u62ec\u4e0d\u9650\u4e8e\u4f7f\u7528\u7591\u95ee\u3001\u8f6f\u4ef6\u5305BUG\u3001\u7279\u6027\u9700\u6c42\u7b49\u7b49\u3002 \u53c2\u4e0e\u6280\u672f\u8ba8\u8bba \u901a\u8fc7\u90ae\u4ef6\u5217\u8868\u3001\u5fae\u4fe1\u7fa4\u3001\u5728\u7ebf\u4f8b\u4f1a\u7b49\u65b9\u5f0f\uff0c\u4e0eSIG\u6210\u5458\u5b9e\u65f6\u8ba8\u8bbaOpenStack\u6280\u672f\u3002 \u53c2\u4e0eSIG\u7684\u8f6f\u4ef6\u5f00\u53d1\u6d4b\u8bd5\u5de5\u4f5c OpenStack SIG\u8ddf\u968fopenEuler\u7248\u672c\u5f00\u53d1\u7684\u8282\u594f\uff0c\u6bcf\u51e0\u4e2a\u6708\u5bf9\u5916\u53d1\u5e03\u4e0d\u540c\u7248\u672c\u7684OpenStack\uff0c\u6bcf\u4e2a\u7248\u672c\u5305\u542b\u4e86\u51e0\u767e\u4e2aRPM\u8f6f\u4ef6\u5305\uff0c\u5f00\u53d1\u8005\u53ef\u4ee5\u53c2\u4e0e\u5230\u8fd9\u4e9bRPM\u5305\u7684\u5f00\u53d1\u5de5\u4f5c\u4e2d\u3002 OpenStack SIG\u5305\u62ec\u4e00\u4e9b\u6765\u81ea\u5382\u5546\u6350\u732e\u3001\u81ea\u4e3b\u7814\u53d1\u7684\u9879\u76ee\uff0c\u5f00\u53d1\u8005\u53ef\u4ee5\u53c2\u4e0e\u76f8\u5173\u9879\u76ee\u7684\u5f00\u53d1\u5de5\u4f5c\u3002 openEuler\u65b0\u7248\u672c\u53d1\u5e03\u540e\uff0c\u7528\u6237\u53ef\u4ee5\u6d4b\u8bd5\u8bd5\u7528\u5bf9\u5e94\u7684OpenStack\uff0c\u76f8\u5173BUG\u548c\u95ee\u9898\u53ef\u4ee5\u63d0\u4ea4\u5230SIG\u3002 OpenStack SIG\u8fd8\u63d0\u4f9b\u4e86\u4e00\u7cfb\u5217\u63d0\u9ad8\u5f00\u53d1\u6548\u7387\u7684\u5de5\u5177\u548c\u6587\u6863\uff0c\u7528\u6237\u53ef\u4ee5\u5e2e\u5fd9\u4f18\u5316\u3001\u5b8c\u5584\u3002 \u6280\u672f\u9884\u8a00\u3001\u8054\u5408\u521b\u65b0 OpenStack SIG\u6b22\u8fce\u5404\u79cd\u5f62\u5f0f\u7684\u8054\u5408\u521b\u65b0\uff0c\u9080\u8bf7\u5404\u4f4d\u5f00\u53d1\u8005\u4ee5\u5f00\u6e90\u7684\u65b9\u5f0f\u3001\u4ee5SIG\u4e3a\u5e73\u53f0\uff0c\u521b\u9020\u5c5e\u4e8e\u56fd\u4eba\u7684\u4e91\u8ba1\u7b97\u65b0\u6280\u672f\u3002\u5982\u679c\u60a8\u6709idea\u6216\u5f00\u53d1\u610f\u613f\uff0c\u6b22\u8fce\u52a0\u5165SIG\u3002 \u5f53\u7136\uff0c\u8d21\u732e\u5f62\u5f0f\u4e0d\u4ec5\u5305\u542b\u8fd9\u4e9b\uff0c\u5176\u4ed6\u4efb\u4f55\u4e0eOpenStack\u76f8\u5173\u3001\u4e0e\u5f00\u6e90\u76f8\u5173\u7684\u4e8b\u52a1\u90fd\u53ef\u4ee5\u5e26\u5230SIG\u4e2d\u3002OpenStack SIG\u6b22\u8fce\u60a8\u7684\u53c2\u4e0e\u3002","title":"\u5982\u4f55\u8d21\u732e"},{"location":"#_3","text":"SIG\u5305\u542b\u7684\u5168\u90e8\u9879\u76ee\uff1a https://gitee.com/openeuler/openstack/blob/master/tools/oos/etc/openeuler_sig_repo.yaml OpenStack\u5305\u542b\u9879\u76ee\u4f17\u591a\uff0c\u4e3a\u4e86\u65b9\u4fbf\u7ba1\u7406\uff0c\u8bbe\u7f6e\u4e86\u7edf\u4e00\u5165\u53e3\u9879\u76ee\uff0c\u7528\u6237\u3001\u5f00\u53d1\u8005\u5bf9OpenStack SIG\u4ee5\u53ca\u5404OpenStack\u5b50\u9879\u76ee\u6709\u4efb\u4f55\u95ee\u9898\uff0c\u53ef\u4ee5\u5728\u8be5\u9879\u76ee\u4e2d\u63d0\u4ea4Issue\u3002 https://gitee.com/openeuler/openstack SIG\u540c\u65f6\u8054\u5408\u5404\u5927\u5382\u5546\u3001\u5f00\u53d1\u8005\uff0c\u521b\u5efa\u4e86\u4e00\u7cfb\u5217\u81ea\u7814\u9879\u76ee\uff1a https://gitee.com/openeuler/openstack-kolla-ansible-plugin https://gitee.com/openeuler/openstack-kolla-plugin https://gitee.com/openeuler/openstack-plugin https://gitee.com/openeuler/hostha https://gitee.com/openeuler/opensd","title":"\u9879\u76ee\u6e05\u5355"},{"location":"#_4","text":"\u6dfb\u52a0\u5c0f\u52a9\u624b\u56de\u590d\"\u52a0\u7fa4\"\u8fdb\u5165openEuler sig-OpenStack\u4ea4\u6d41\u7fa4","title":"\u4ea4\u6d41\u7fa4"},{"location":"contribute/rpm-packaging-reference/","text":"SIG RPM \u7f16\u5305\u6d41\u7a0b\u68b3\u7406 \u00b6 OpenStack SIG \u6709\u4e00\u9879\u957f\u671f\u5f00\u53d1\u5de5\u4f5c\u662f\u8fdb\u884c OpenStack \u5404\u7248\u672c\u76f8\u5173 RPM \u8f6f\u4ef6\u5305\u7684\u6253\u5305\u7ef4\u62a4\u3002\u4e3a\u4e86\u65b9\u4fbf\u65b0\u52a0\u5165 SIG \u7684\u5f00\u53d1\u8005\u66f4\u5feb\u4e86\u89e3 SIG \u7f16\u5305\u6d41\u7a0b\uff0c\u5728\u6b64\u5bf9 SIG \u7f16\u5305\u6d41\u7a0b\u8fdb\u884c\u68b3\u7406\uff0c\u4ee5\u4f9b\u53c2\u8003\u3002 Excel\u8868\u683c\u8bf4\u660e \u00b6 SIG \u7f16\u5305\u65f6\uff0c\u4f1a\u4ee5\u5171\u4eab\u8868\u683c\u7684\u5f62\u5f0f\uff0c\u5c06\u9700\u8981\u5904\u7406\u7684\u8f6f\u4ef6\u5305\u6574\u7406\u51fa\u6765\uff0c\u4f9b\u5f00\u53d1\u8005\u534f\u540c\u5904\u7406\u3002\u5f53\u524d\u8868\u683c\u683c\u5f0f\u5982\u4e0b\uff1a Project Name openEuler Repo SIG Repo version Required (Min) Version lt Version ne Version Upper Version Status Requires Depth Author PR link PR status pyrsistent python-pyrsistent sig-python-modules 0.18.0 0.18.1 [] 0.18.1 Need Upgrade [] 13 ... \u201cProject Name\u201d\u5217\u4e3a\u8f6f\u4ef6\u9879\u76ee\u540d\u3002\u201copenEuler Repo\u201d\u5217\u4e3a\u6b64\u9879\u76ee\u5728 openEuler gitee \u4e0a\u7684\u4ed3\u5e93\u540d\uff0c\u540c\u65f6\u4e5f\u662f\u6b64\u9879\u76ee\u5728openEuler\u7cfb\u7edf\u4e2d\u7684\u8f6f\u4ef6\u5305\u540d\u3002\u6240\u6709 openEuler \u7684\u8f6f\u4ef6\u5305\u4ed3\u5e93\u5747\u5b58\u653e\u4e8ehttps://gitee.com/src-openeuler\u4e4b\u4e2d\u3002\u201cSIG\u201d\u5217\u8bb0\u5f55\u8f6f\u4ef6\u5305\u5f52\u5c5e\u4e8e\u54ea\u4e2a SIG\u3002 \u5904\u7406\u65f6\u9996\u5148\u67e5\u770b\u201cStatus\u201d\u5217\uff0c\u8be5\u5217\u8868\u793a\u8f6f\u4ef6\u5305\u72b6\u6001\u3002\u8f6f\u4ef6\u5305\u5171\u67096\u79cd\u72b6\u6001\uff0c\u5f00\u53d1\u8005\u9700\u8981\u6839\u636e\u201cStatus\u201d\u8fdb\u884c\u76f8\u5e94\u5904\u7406\u3002 \u201cOK\u201d\uff1a\u5f53\u524d\u7248\u672c\u76f4\u63a5\u53ef\u7528\uff0c\u4e0d\u9700\u8981\u5904\u7406\u3002 \u201cNeed Create Repo\u201d\uff1aopenEuler \u7cfb\u7edf\u4e2d\u6ca1\u6709\u6b64\u8f6f\u4ef6\u5305\uff0c\u9700\u8981\u5728 Gitee \u4e2d\u7684 src-openeuler repo \u4ed3\u65b0\u5efa\u4ed3\u5e93\u3002\u6d41\u7a0b\u53ef\u53c2\u8003\u793e\u533a\u6307\u5bfc\u6587\u6863\uff1a \u65b0\u589e\u8f6f\u4ef6\u5305 \u3002\u521b\u5efa\u5e76\u521d\u59cb\u5316\u4ed3\u5e93\u540e\uff0c\u5c06\u8f6f\u4ef6\u5305\u653e\u5165\u9700\u8981\u7684 OBS \u5de5\u7a0b\u3002 \u201cNeed Create Branch\u201d\uff1a\u4ed3\u5e93\u4e2d\u6ca1\u6709\u6240\u9700\u5206\u652f\uff0c\u9700\u8981\u5f00\u53d1\u8005\u521b\u5efa\u5e76\u521d\u59cb\u5316\u3002 \u201cNeed Init Branch\u201d\uff1a\u9700\u8981\u521d\u59cb\u5316\u5206\u652f\u5e76\u5c06\u6b64\u5206\u652f\u8f6f\u4ef6\u5305\u653e\u5165\u9700\u8981\u7684 OBS \u5de5\u7a0b\u3002\u8868\u660e\u5206\u652f\u5b58\u5728\uff0c\u4f46\u662f\u91cc\u9762\u5e76\u6ca1\u6709\u4efb\u4f55\u7248\u672c\u7684\u6e90\u7801\u5305\uff0c\u5f00\u53d1\u8005\u9700\u8981\u5bf9\u6b64\u5206\u652f\u8fdb\u884c\u521d\u59cb\u5316\uff0c\u4e0a\u4f20\u6240\u9700\u7248\u672c\u6e90\u7801\u5305\u53ca spec \u6587\u4ef6\u7b49\u3002\u4ee522.09\u5f00\u53d1\u5468\u671f\u9002\u914d Yoga \u7248\u672c\u4e3a\u4f8b\uff0c\u6b64\u4efb\u52a1\u76f4\u63a5\u5728 master \u5206\u652f\u5de5\u4f5c\u3002get_gitee_project_version \u9879\u76ee\u72b6\u6001\u4e3a\u201cNeed Init Branch\u201d\u201d\uff0c\u5b83\u5bf9\u5e94\u7684\u201cpython-neutron-tempest-plugin\u201d\u4ed3\u5e93\u7684master\u5206\u652f\uff0c\u5728\u5904\u7406\u524d\uff0c\u53ea\u6709 README.md \u548c README.en.md \u4e24\u4e2a\u6587\u4ef6\uff0c\u9700\u8981\u5f00\u53d1\u8005\u521d\u59cb\u5316\u5206\u652f\u3002 \u201cNeed Downgrade\u201d\uff1a\u964d\u7ea7\u8f6f\u4ef6\u5305\u3002\u6b64\u79cd\u60c5\u51b5\u9760\u540e\u5904\u7406\uff0c\u4e0e SIG \u786e\u8ba4\u540e\u518d\u64cd\u4f5c\u3002 \u201cNeed Upgrade\u201d\uff1a\u5347\u7ea7\u8f6f\u4ef6\u5305\u3002 \u786e\u5b9a\u597d\u8f6f\u4ef6\u5305\u5bf9\u5e94\u7684\u5904\u7406\u7c7b\u578b\u540e\uff0c\u9700\u8981\u6839\u636e\u7248\u672c\u4fe1\u606f\u8fdb\u884c\u5904\u7406\u3002\u201cRepo version\u201d\u5217\u4e3a\u5f53\u524d\u4ed3\u5e93\u4e2d\u5bf9\u5e94\u5206\u652f\u7684\u8f6f\u4ef6\u5305\u7248\u672c\u3002\u201cRequired (Min) Version\u201d\u5219\u662f\u9700\u8981\u7684\u6700\u5c0f\u7248\u672c\uff0c\u5982\u679c\u5176\u540e\u6709\"(Must)\"\u6807\u8bc6\uff0c\u5219\u8868\u793a\u5fc5\u987b\u4f7f\u7528\u6b64\u7248\u672c\u3002\u201cUpper Version\u201d\u4e3a\u53ef\u4ee5\u4f7f\u7528\u7684\u6700\u9ad8\u7248\u672c\u3002\u5982\u679c\u201cRequired (Min) Version\u201d\u548c\u201cUpper Version\u201d\u4e0d\u540c\uff0c\u4f18\u5148\u4f7f\u7528\u201cRequired (Min) Version\u201d\u3002\u6bd4\u5982\u5347\u7ea7\u8f6f\u4ef6\u5305\uff0c\u4f18\u5148\u5347\u7ea7\u5230\u201cRequired (Min) Version\u201d\u3002 \u201cRequires\u201d\u5217\u4e3a\u8f6f\u4ef6\u5305\u7684\u4f9d\u8d56\u3002\u201cDepth\u201d\u5217\u8868\u793a\u8f6f\u4ef6\u5305\u4f9d\u8d56\u5c42\u7ea7\u3002\u201cDepth\u201d\u4e3a1\u7684\u662f\u201cDepth\u201d\u4e3a0\u7684\u8f6f\u4ef6\u5305\u7684\u4f9d\u8d56\uff0c\u4ee5\u6b64\u7c7b\u63a8\uff0c\u201cDepth\u201d\u9ad8\u7684\u8f6f\u4ef6\u5305\u4e3a\u201cDepth\u201d\u4f4e\u7684\u8f6f\u4ef6\u5305\u7684\u4f9d\u8d56\u3002\u5904\u7406\u65f6\u5e94\u4f18\u5148\u5904\u7406\u201cDepth\u201d\u9ad8\u7684\u884c\u3002\u4f46\u5982\u679c\u67d0\u4e2a\u5305\uff0c\u6ca1\u6709\u4f9d\u8d56\uff08\u201cRequires\u201d\u4e3a[]\uff09,\u4e5f\u53ef\u76f4\u63a5\u5904\u7406\u3002\u5982\u679c\u67d0\u4e9b\u5305\u9700\u8981\u4f18\u5148\u5904\u7406\uff0c\u5e94\u6309\u7167\u5176\u201cRequires\u201d\uff0c\u4f18\u5148\u5904\u7406\u5176\u4f9d\u8d56\u3002 \u5904\u7406\u4e00\u4e2a\u8f6f\u4ef6\u5305\u65f6\uff0c\u5e94\u9996\u5148\u5728\u201cAuthor\u201d\u5217\u6807\u6ce8\u81ea\u5df1\u7684\u540d\u5b57\uff0c\u4ee5\u544a\u8bc9\u5176\u4ed6\u5f00\u53d1\u8005\u6b64\u5305\u5df2\u6709\u4eba\u5904\u7406\u3002pr\uff08pull request\uff09\u63d0\u4ea4\u540e\uff0c\u5c06 pr \u94fe\u63a5\u8d34\u5230\u201cPR link\u201d\u5217\u3002pr \u5408\u5e76\u540e\uff0c\u5e94\u5728\u201cPR status\u201d\u5217\u6807\u6ce8\u201cDone\u201d\u3002 SIG \u5904\u7406\u7f16\u5305\u95ee\u9898\u6d41\u7a0b \u00b6 \u76ee\u524d SIG \u5904\u7406\u7f16\u5305\u95ee\u9898\u4e3b\u8981\u4f7f\u7528 SIG \u81ea\u5df1\u7f16\u5199\u7684 oos \u5de5\u5177\u3002oos \u5de5\u5177\u7ec6\u8282\u53c2\u8003 oos README \u3002\u4e0d\u540c\u201cStatus\u201d\u5904\u7406\u65f6\u6d89\u53ca\u7684\u201c\u5347\u7ea7\u201d\u3001\u201c\u521d\u59cb\u5316\u5206\u652f\u201d\u3001\u201c\u8f6f\u4ef6\u5305\u653e\u5165 OBS \u5de5\u7a0b\u201d\u7b49\u64cd\u4f5c\uff0coos \u5de5\u5177\u6709\u5bf9\u5e94\u5b9e\u73b0\u3002 \u4ee5 Yoga \u7248\u672c\u5347\u7ea7 python-pyrsistent \u8f6f\u4ef6\u5305\u4e3a\u4f8b\uff0c\u6f14\u793a\u7f16\u5305\u6d41\u7a0b\uff0c\u5e2e\u52a9\u5f00\u53d1\u8005\u719f\u6089 OpenStack SIG \u57fa\u4e8e oos \u5de5\u5177\u7684\u6253\u5305\u76f8\u5173\u6d41\u7a0b\u3002\u5728\u4e86\u89e3\u57fa\u7840\u6d41\u7a0b\u540e\uff0c\u5f00\u53d1\u8005\u53ef\u901a\u8fc7 oos README \u4e86\u89e3\u5176\u4f59\u64cd\u4f5c\u3002python-pyrsistent \u8f6f\u4ef6\u5305\u4fe1\u606f\u53c2\u89c1\u4e0a\u6587\u8868\u683c\u3002\u8be5\u8f6f\u4ef6\u5305\u9700\u8981\u4ece0.18.0\u7248\u672c\u5347\u7ea7\u52300.18.1\u7248\u672c\u3002Yoga \u7248\u672c\u662f\u572822.09\u7248\u672c\u5f00\u53d1\u89c4\u5212\u4e2d\uff0c\u5f53\u524d\u4e3a22\u5e745\u6708\uff0c\u76f4\u63a5\u63d0\u4ea4\u5230master\u5206\u652f\u5373\u53ef\u3002 \u7b7e\u7f72 CLA \u00b6 \u5728 openEuler \u793e\u533a\u63d0\u4ea4\u8d21\u732e\u9700\u8981\u7b7e\u7f72 CLA \u3002 \u5bf9\u4e8e\u521d\u6b21\u53c2\u4e0e openEuler \u793e\u533a\u7684\u5f00\u53d1\u8005\uff0c\u53ef\u9996\u5148\u67e5\u770b openEuler \u8d21\u732e\u653b\u7565 \uff0c\u6982\u89c8\u6574\u4f53\u8d21\u732e\u60c5\u51b5\u3002 \u73af\u5883\u51c6\u5907 \u00b6 dnf install rpm-build rpmdevtools git # \u751f\u6210~/rpmbuild\u76ee\u5f55\uff0coos\u9ed8\u8ba4\u5de5\u4f5c\u8def\u5f84\u4e5f\u4e3a\u6b64 rpmdev-setuptree pip install openstack-sig-tool==1.0.6 \u8bf4\u660e\uff1aopenstack-sig-tool \u5728 1.1.0 \u7248\u672c\u5bf9 oos spec \u547d\u4ee4\u8fdb\u884c\u4e86 \u91cd\u6784 \u3002\u5982\u4e0b\u6d41\u7a0b\u6d89\u53ca oos spec \u547d\u4ee4\u7684\u64cd\u4f5c\u5bf9\u5e94 1.0.6 \u7248\u672c\u3002\u5efa\u8bae\u5b89\u88c5\u65b0\u7248 oos , \u5e76\u53c2\u8003\u5bf9\u5e94 README \u4f7f\u7528\u3002 \u751f\u6210\u4e2a\u4eba Gitee \u5e10\u6237\u7684 pat(personal access token) \u00b6 \u9996\u5148\u8fdb\u5165 Gitee \u5e10\u6237\u7684\u201c\u8bbe\u7f6e\u201d\u754c\u9762\u3002 \u9009\u62e9\u201c\u79c1\u4eba\u4ee4\u724c\u201d\uff0c\u7136\u540e\u70b9\u51fb\u201c\u751f\u6210\u65b0\u4ee4\u724c\u201d\u3002\u751f\u6210\u540e\u5355\u72ec\u4fdd\u5b58\u597d\u81ea\u5df1\u7684\u79c1\u4eba\u4ee4\u724c\uff08pat\uff09\uff0cGitee \u4e0a\u65e0\u6cd5\u518d\u6b21\u67e5\u770b\uff0c\u5982\u679c\u4e22\u5931\u53ea\u80fd\u91cd\u65b0\u751f\u6210\u3002 \u751f\u6210 python-pyrsistent \u5305\u7684 spec \u5e76\u63d0\u4ea4 \u00b6 export GITEE_PAT=<your gitee pat> oos spec push --name python-pyrsistent --version 0.18.1 -dp -dp, --do-push [\u53ef\u9009] \u6307\u5b9a\u662f\u5426\u6267\u884cpush\u5230gitee\u4ed3\u5e93\u4e0a\u5e76\u63d0\u4ea4PR\uff0c\u5982\u679c\u4e0d\u6307\u5b9a\u5219\u53ea\u4f1a\u63d0\u4ea4\u5230\u672c\u5730\u7684\u4ed3\u5e93\u4e2d \u6ce8\u610f\u6b64\u5904 --name \u53c2\u6570\u4e3a\u8868\u683c\u4e2d\u7684\u201cProject Name\u201d\u5217\u3002 oos spec push \u547d\u4ee4\u4f1a\u81ea\u52a8\u8fdb\u884c\u5982\u4e0b\u6d41\u7a0b\uff1a fork --name \u5bf9\u5e94\u4ed3\u5e93\u5230 pat \u5bf9\u5e94\u7684 gitee \u5e10\u6237\u3002 \u5c06\u4ed3\u5e93 clone \u5230\u672c\u5730\uff0c\u9ed8\u8ba4\u8def\u5f84\u4e3a ~/rpmbuild/src-repos \u3002 \u6839\u636e --name \u548c --version \u4e0b\u8f7d\u6e90\u7801\u5305\uff0c\u5e76\u751f\u6210 spec \u6587\u4ef6(\u8bfb\u53d6\u4ed3\u5e93\u4e2d\u539f\u6709 changelog)\u3002\u6b64\u9636\u6bb5\u9ed8\u8ba4\u8def\u5f84\u4e3a ~/rpmbuild \u3002 \u672c\u5730\u8fd0\u884c rpm \u5305\u6784\u5efa\u3002\u672c\u5730\u8fd0\u884c\u901a\u8fc7\u540e\uff0c\u4f1a\u81ea\u52a8\u5c06 spec \u6587\u4ef6\u53ca\u6e90\u7801\u5305\u66f4\u65b0\u5230 git \u4ed3\u5e93\u3002\u5982\u679c\u6709 -dp \u53c2\u6570\u5219\u81ea\u52a8\u8fdb\u884c push \u53ca\u521b\u5efa pr \u64cd\u4f5c\u3002\u5982\u679c\u672c\u5730\u6784\u5efa\u65f6\u5931\u8d25\uff0c\u5219\u505c\u6b62\u6d41\u7a0b\u3002 \u5982\u679c\u672c\u5730\u6784\u5efa\u5931\u8d25\uff0c\u5219\u53ef\u4ee5\u4fee\u6539\u751f\u6210\u7684 spec \u6587\u4ef6\u3002\u7136\u540e\u6267\u884c\uff1a oos spec push --name python-pyrsistent --version 0.18.1 -dp -rs -rs, --reuse-spec [\u53ef\u9009] \u590d\u7528\u5df2\u5b58\u5728\u7684spec\u6587\u4ef6\uff0c\u4e0d\u518d\u91cd\u65b0\u751f\u6210\u3002 \u5982\u6b64\u5faa\u73af\uff0c\u76f4\u81f3\u4e0a\u4f20\u6210\u529f\u3002 \u6ce81\uff1a\u5347\u7ea7\u65f6\u8981\u901a\u8fc7 oos spec push \u547d\u4ee4\u751f\u6210 spec \u6587\u4ef6\uff0c\u4e0d\u8981\u4f7f\u7528 oos spec build \u547d\u4ee4\uff0cpush \u547d\u4ee4\u4f1a\u4fdd\u7559\u4ed3\u5e93\u4e2d \u73b0\u6709 spec \u7684 changelog\uff0cbuild \u547d\u4ee4\u5219\u76f4\u63a5\u751f\u6210\u65b0\u7684 changelog\u3002 \u6ce82\uff1a\u5904\u7406\u9519\u8bef\u65f6\uff0c\u53ef\u4ee5\u53c2\u8003\u4ed3\u5e93\u4e2d\u73b0\u6709\u7684 spec \u6587\u4ef6\uff1b\u5f53\u524d spec \u9664\u4e86 changelog \u90e8\u5206\uff0c\u5176\u4f59\u4e3a oos \u5de5\u5177\u91cd\u65b0\u751f\u6210\uff0c\u524d\u4eba\u9047\u5230\u7684\u9519\u8bef\uff0c\u6b64\u5904\u4ecd\u53ef\u80fd\u9047\u5230\uff0c\u53ef\u53c2\u8003\u524d\u4eba\u64cd\u4f5c\u7ed3\u679c\u95ee\u9898\u3002 \u6ce83\uff1aoos \u547d\u4ee4\u8fd8\u652f\u6301\u6279\u91cf\u5904\u7406\uff0c\u53ef\u4ee5\u53c2\u8003 oos \u7684 README \u81ea\u884c\u5c1d\u8bd5\u3002 PR \u95e8\u7981\u68c0\u67e5 \u00b6 \u6b64\u65f6\u5728\u81ea\u5df1\u7684 gitee \u5e10\u6237\u4e2d\u53ef\u4ee5\u770b\u5230 fork \u8fc7\u6765\u7684\u4ed3\u5e93\u3002\u8fdb\u5165\u81ea\u5df1\u5e10\u53f7\u4e2d\u7684\u4ed3\u5e93\uff0c\u53ef\u901a\u8fc7\u70b9\u51fb\u5982\u4e0b\u6846\u8d77\u4f4d\u7f6e\uff0c\u53ef\u8fdb\u5165\u539f\u4ed3\u5e93\u3002 \u539f\u4ed3\u5e93\u4e2d\u53ef\u4ee5\u770b\u5230\u81ea\u52a8\u63d0\u4ea4\u7684 pr\u3002Pr \u4e2d\u53ef\u4ee5\u770b\u5230 openeuler-ci-bot \u7684\u8bc4\u8bba\uff1a openEuler \u5728 gitee \u4e0a\u6258\u7ba1\u7684\u4ee3\u7801\uff0c\u63d0\u4ea4 pr \u4f1a\u81ea\u52a8\u89e6\u53d1\u95e8\u7981\u3002\u672c\u5730\u6784\u5efa\u901a\u8fc7\u7684\uff0c\u4e5f\u6709\u53ef\u80fd\u5728\u95e8\u7981\u68c0\u67e5\u4e2d\u6784\u5efa\u5931\u8d25\u3002\u6bd4\u5982\u4e0a\u56fe\u4e2d\u6b64\u6b21\u63d0\u4ea4\u4fbf\u6784\u5efa\u5931\u8d25\uff0c\u53ef\u4ee5\u70b9\u51fb\u6846\u8d77\u90e8\u5206\uff0c\u67e5\u770b\u5bf9\u5e94\u67b6\u6784\u7684 build details\u3002 \u6b64\u65f6\u53ef\u4ee5\u6839\u636e build details \u4e2d\u65e5\u5fd7\u4e2d\u62a5\u9519\u4fe1\u606f\uff0c\u5bf9\u672c\u5730 spec \u8fdb\u884c\u4fee\u6539\uff0c\u800c\u540e\u518d\u6b21\u6267\u884c\uff1a oos spec push --name python-pyrsistent --version 0.18.1 -dp -rs \u7ebf\u4e0a\u4f1a\u81ea\u52a8\u91cd\u65b0\u6267\u884c\u6d4b\u8bd5\u3002 \u95e8\u7981\u8be6\u7ec6\u4fe1\u606f\u53ca\u5404\u9879\u7ed3\u679c\u542b\u4e49\u53c2\u8003\u793e\u533a\u7684 \u300a\u95e8\u7981\u529f\u80fd\u6307\u5bfc\u624b\u518c\u300b \u3002 PR \u68c0\u89c6 \u00b6 \u5f53\u4e00\u4e2a pr \u901a\u8fc7\u95e8\u7981\u68c0\u67e5\u540e\uff0c\u9700\u8981\u7531\u8f6f\u4ef6\u4ed3\u5e93\u6240\u5c5e SIG \u7684 maintainer \u8fdb\u884c review\u3002\u4e3a\u4e86\u52a0\u901f\u8fdb\u7a0b\uff0c\u95e8\u7981\u901a\u8fc7\u540e\uff0c\u53ef\u4ee5\u624b\u52a8 @ \u5bf9\u5e94\u7684 maintainer\uff0c\u8bf7\u6c42\u5e2e\u5fd9\u68c0\u89c6\u3002\u5728 pr \u63d0\u4ea4\u540e\uff0copeneuler-ci-bot \u4f1a\u6709\u5982\u4e0b\u56fe\u6240\u793a\u8bc4\u8bba\uff0c\u5176\u4e2d\u88ab @ \u7684\u4eba\u5373\u4e3a\u5f53\u524d\u4ed3\u5e93\u6240\u5c5e SIG \u7684 maintainer\u3002 \u6ce8\u610f\u4e8b\u9879 \u00b6 \u8fd9\u91cc\u5bf9\u4e00\u4e9b\u53ef\u80fd\u9047\u5230\u7684\u7279\u6b8a\u95ee\u9898\u8fdb\u884c\u8bb0\u5f55\u3002 \u6d4b\u8bd5\u672a\u6267\u884c\u95ee\u9898 \u00b6 oos \u81ea\u52a8\u751f\u6210\u7684 spec \u6587\u4ef6\u4e2d\uff0c%check \u90e8\u5206\u9ed8\u8ba4\u4e3a %{__python3} setup.py test \u3002\u4f46\u662f\u5728\u6709\u4e9b\u5305\u4e2d\uff0c\u8fd9\u6837\u5e76\u4e0d\u4f1a\u771f\u6b63\u6267\u884c\u6d4b\u8bd5\uff0c\u4f46\u95e8\u7981\u7ed3\u679c\u4e5f\u663e\u793a\u901a\u8fc7\u3002\u9700\u8981\u5f00\u53d1\u8005\u4eba\u5de5\u8fa8\u522b\u3002\u53c2\u8003\u65b9\u6cd5\u5982\u4e0b\uff1a \u5982\u679c\u662f\u6b64\u524d\u5df2\u6709 spec \u6587\u4ef6\uff0c\u53ef\u4ee5\u53c2\u8003\u4e4b\u524d\u7684 spec \u4e2d %check \u90e8\u5206\u5982\u4f55\u4e66\u5199\u3002\u5982\u679c\u4ee5\u524d\u5199\u7684\u4e0d\u662f %{__python3} setup.py test \uff0c\u4fbf\u9700\u8981\u91cd\u70b9\u6ce8\u610f\u3002 \u8fdb\u5165\u95e8\u7981\u7684 build details(\u53c2\u89c1\u4e0a\u6587\u201cPR \u95e8\u7981\u68c0\u67e5\u201d\u90e8\u5206)\uff0c\u67e5\u770b\u6784\u5efa\u65e5\u5fd7\u7684 %check \u90e8\u5206\u3002\u4e0b\u56fe\u4e3a\u8fdb\u5165 build details\uff0c\u7136\u540e\u9009\u62e9\u201c\u6587\u672c\u65b9\u5f0f\u67e5\u770b\u201d\u7684\u65e5\u5fd7\u663e\u793a\u622a\u56fe\u3002\u53ef\u4ee5\u770b\u5230\u663e\u793a\u5b9e\u9645\u8fd0\u884c\u6d4b\u8bd5\u6570\u4e3a0\u3002 \u5305\u540d\u4e0d\u4e00\u81f4\u95ee\u9898 \u00b6 \u5c0f\u90e8\u5206\u8f6f\u4ef6\u5305\u53ef\u80fd\u4f1a\u78b0\u5230\uff0coos \u81ea\u52a8\u751f\u6210\u7684 spec \u6240\u4f7f\u7528\u7684\u7684\u5305\u540d\u4e0e\u73b0\u6709\u5305\u540d\u4e0d\u4e00\u81f4\u3002\u6bd4\u5982\u4e00\u4e2a\u4f7f\u7528 - ,\u4e00\u4e2a\u4f7f\u7528\u4e0b\u5212\u7ebf _ \u3002\u6b64\u5904\u4ee5\u539f\u672c\u4f7f\u7528\u7684\u5305\u540d\u4e3a\u51c6\uff0c\u4e0d\u4fee\u6539\u539f\u6709\u5305\u540d\u3002 \u4f5c\u4e3a\u4e34\u65f6\u7684\u5904\u7406\uff0c\u5f00\u53d1\u8005\u53ef\u4ee5\u624b\u52a8\u5c06 spec \u6587\u4ef6\u76f8\u5173\u5730\u65b9\u6539\u4e3a\u539f\u6709\u5305\u540d\u3002\u4e0e\u6b64\u540c\u65f6\uff0coos \u62e5\u6709 mapping \u4fee\u6b63\u529f\u80fd\uff0c\u5f00\u53d1\u8005\u53ef\u4ee5\u63d0\u4ea4 issue\uff0cSIG \u5c06\u5728 oos \u4e2d\u8fdb\u884c\u4fee\u590d\u3002","title":"RPM\u5f00\u53d1\u6d41\u7a0b"},{"location":"contribute/rpm-packaging-reference/#sig-rpm","text":"OpenStack SIG \u6709\u4e00\u9879\u957f\u671f\u5f00\u53d1\u5de5\u4f5c\u662f\u8fdb\u884c OpenStack \u5404\u7248\u672c\u76f8\u5173 RPM \u8f6f\u4ef6\u5305\u7684\u6253\u5305\u7ef4\u62a4\u3002\u4e3a\u4e86\u65b9\u4fbf\u65b0\u52a0\u5165 SIG \u7684\u5f00\u53d1\u8005\u66f4\u5feb\u4e86\u89e3 SIG \u7f16\u5305\u6d41\u7a0b\uff0c\u5728\u6b64\u5bf9 SIG \u7f16\u5305\u6d41\u7a0b\u8fdb\u884c\u68b3\u7406\uff0c\u4ee5\u4f9b\u53c2\u8003\u3002","title":"SIG RPM \u7f16\u5305\u6d41\u7a0b\u68b3\u7406"},{"location":"contribute/rpm-packaging-reference/#excel","text":"SIG \u7f16\u5305\u65f6\uff0c\u4f1a\u4ee5\u5171\u4eab\u8868\u683c\u7684\u5f62\u5f0f\uff0c\u5c06\u9700\u8981\u5904\u7406\u7684\u8f6f\u4ef6\u5305\u6574\u7406\u51fa\u6765\uff0c\u4f9b\u5f00\u53d1\u8005\u534f\u540c\u5904\u7406\u3002\u5f53\u524d\u8868\u683c\u683c\u5f0f\u5982\u4e0b\uff1a Project Name openEuler Repo SIG Repo version Required (Min) Version lt Version ne Version Upper Version Status Requires Depth Author PR link PR status pyrsistent python-pyrsistent sig-python-modules 0.18.0 0.18.1 [] 0.18.1 Need Upgrade [] 13 ... \u201cProject Name\u201d\u5217\u4e3a\u8f6f\u4ef6\u9879\u76ee\u540d\u3002\u201copenEuler Repo\u201d\u5217\u4e3a\u6b64\u9879\u76ee\u5728 openEuler gitee \u4e0a\u7684\u4ed3\u5e93\u540d\uff0c\u540c\u65f6\u4e5f\u662f\u6b64\u9879\u76ee\u5728openEuler\u7cfb\u7edf\u4e2d\u7684\u8f6f\u4ef6\u5305\u540d\u3002\u6240\u6709 openEuler \u7684\u8f6f\u4ef6\u5305\u4ed3\u5e93\u5747\u5b58\u653e\u4e8ehttps://gitee.com/src-openeuler\u4e4b\u4e2d\u3002\u201cSIG\u201d\u5217\u8bb0\u5f55\u8f6f\u4ef6\u5305\u5f52\u5c5e\u4e8e\u54ea\u4e2a SIG\u3002 \u5904\u7406\u65f6\u9996\u5148\u67e5\u770b\u201cStatus\u201d\u5217\uff0c\u8be5\u5217\u8868\u793a\u8f6f\u4ef6\u5305\u72b6\u6001\u3002\u8f6f\u4ef6\u5305\u5171\u67096\u79cd\u72b6\u6001\uff0c\u5f00\u53d1\u8005\u9700\u8981\u6839\u636e\u201cStatus\u201d\u8fdb\u884c\u76f8\u5e94\u5904\u7406\u3002 \u201cOK\u201d\uff1a\u5f53\u524d\u7248\u672c\u76f4\u63a5\u53ef\u7528\uff0c\u4e0d\u9700\u8981\u5904\u7406\u3002 \u201cNeed Create Repo\u201d\uff1aopenEuler \u7cfb\u7edf\u4e2d\u6ca1\u6709\u6b64\u8f6f\u4ef6\u5305\uff0c\u9700\u8981\u5728 Gitee \u4e2d\u7684 src-openeuler repo \u4ed3\u65b0\u5efa\u4ed3\u5e93\u3002\u6d41\u7a0b\u53ef\u53c2\u8003\u793e\u533a\u6307\u5bfc\u6587\u6863\uff1a \u65b0\u589e\u8f6f\u4ef6\u5305 \u3002\u521b\u5efa\u5e76\u521d\u59cb\u5316\u4ed3\u5e93\u540e\uff0c\u5c06\u8f6f\u4ef6\u5305\u653e\u5165\u9700\u8981\u7684 OBS \u5de5\u7a0b\u3002 \u201cNeed Create Branch\u201d\uff1a\u4ed3\u5e93\u4e2d\u6ca1\u6709\u6240\u9700\u5206\u652f\uff0c\u9700\u8981\u5f00\u53d1\u8005\u521b\u5efa\u5e76\u521d\u59cb\u5316\u3002 \u201cNeed Init Branch\u201d\uff1a\u9700\u8981\u521d\u59cb\u5316\u5206\u652f\u5e76\u5c06\u6b64\u5206\u652f\u8f6f\u4ef6\u5305\u653e\u5165\u9700\u8981\u7684 OBS \u5de5\u7a0b\u3002\u8868\u660e\u5206\u652f\u5b58\u5728\uff0c\u4f46\u662f\u91cc\u9762\u5e76\u6ca1\u6709\u4efb\u4f55\u7248\u672c\u7684\u6e90\u7801\u5305\uff0c\u5f00\u53d1\u8005\u9700\u8981\u5bf9\u6b64\u5206\u652f\u8fdb\u884c\u521d\u59cb\u5316\uff0c\u4e0a\u4f20\u6240\u9700\u7248\u672c\u6e90\u7801\u5305\u53ca spec \u6587\u4ef6\u7b49\u3002\u4ee522.09\u5f00\u53d1\u5468\u671f\u9002\u914d Yoga \u7248\u672c\u4e3a\u4f8b\uff0c\u6b64\u4efb\u52a1\u76f4\u63a5\u5728 master \u5206\u652f\u5de5\u4f5c\u3002get_gitee_project_version \u9879\u76ee\u72b6\u6001\u4e3a\u201cNeed Init Branch\u201d\u201d\uff0c\u5b83\u5bf9\u5e94\u7684\u201cpython-neutron-tempest-plugin\u201d\u4ed3\u5e93\u7684master\u5206\u652f\uff0c\u5728\u5904\u7406\u524d\uff0c\u53ea\u6709 README.md \u548c README.en.md \u4e24\u4e2a\u6587\u4ef6\uff0c\u9700\u8981\u5f00\u53d1\u8005\u521d\u59cb\u5316\u5206\u652f\u3002 \u201cNeed Downgrade\u201d\uff1a\u964d\u7ea7\u8f6f\u4ef6\u5305\u3002\u6b64\u79cd\u60c5\u51b5\u9760\u540e\u5904\u7406\uff0c\u4e0e SIG \u786e\u8ba4\u540e\u518d\u64cd\u4f5c\u3002 \u201cNeed Upgrade\u201d\uff1a\u5347\u7ea7\u8f6f\u4ef6\u5305\u3002 \u786e\u5b9a\u597d\u8f6f\u4ef6\u5305\u5bf9\u5e94\u7684\u5904\u7406\u7c7b\u578b\u540e\uff0c\u9700\u8981\u6839\u636e\u7248\u672c\u4fe1\u606f\u8fdb\u884c\u5904\u7406\u3002\u201cRepo version\u201d\u5217\u4e3a\u5f53\u524d\u4ed3\u5e93\u4e2d\u5bf9\u5e94\u5206\u652f\u7684\u8f6f\u4ef6\u5305\u7248\u672c\u3002\u201cRequired (Min) Version\u201d\u5219\u662f\u9700\u8981\u7684\u6700\u5c0f\u7248\u672c\uff0c\u5982\u679c\u5176\u540e\u6709\"(Must)\"\u6807\u8bc6\uff0c\u5219\u8868\u793a\u5fc5\u987b\u4f7f\u7528\u6b64\u7248\u672c\u3002\u201cUpper Version\u201d\u4e3a\u53ef\u4ee5\u4f7f\u7528\u7684\u6700\u9ad8\u7248\u672c\u3002\u5982\u679c\u201cRequired (Min) Version\u201d\u548c\u201cUpper Version\u201d\u4e0d\u540c\uff0c\u4f18\u5148\u4f7f\u7528\u201cRequired (Min) Version\u201d\u3002\u6bd4\u5982\u5347\u7ea7\u8f6f\u4ef6\u5305\uff0c\u4f18\u5148\u5347\u7ea7\u5230\u201cRequired (Min) Version\u201d\u3002 \u201cRequires\u201d\u5217\u4e3a\u8f6f\u4ef6\u5305\u7684\u4f9d\u8d56\u3002\u201cDepth\u201d\u5217\u8868\u793a\u8f6f\u4ef6\u5305\u4f9d\u8d56\u5c42\u7ea7\u3002\u201cDepth\u201d\u4e3a1\u7684\u662f\u201cDepth\u201d\u4e3a0\u7684\u8f6f\u4ef6\u5305\u7684\u4f9d\u8d56\uff0c\u4ee5\u6b64\u7c7b\u63a8\uff0c\u201cDepth\u201d\u9ad8\u7684\u8f6f\u4ef6\u5305\u4e3a\u201cDepth\u201d\u4f4e\u7684\u8f6f\u4ef6\u5305\u7684\u4f9d\u8d56\u3002\u5904\u7406\u65f6\u5e94\u4f18\u5148\u5904\u7406\u201cDepth\u201d\u9ad8\u7684\u884c\u3002\u4f46\u5982\u679c\u67d0\u4e2a\u5305\uff0c\u6ca1\u6709\u4f9d\u8d56\uff08\u201cRequires\u201d\u4e3a[]\uff09,\u4e5f\u53ef\u76f4\u63a5\u5904\u7406\u3002\u5982\u679c\u67d0\u4e9b\u5305\u9700\u8981\u4f18\u5148\u5904\u7406\uff0c\u5e94\u6309\u7167\u5176\u201cRequires\u201d\uff0c\u4f18\u5148\u5904\u7406\u5176\u4f9d\u8d56\u3002 \u5904\u7406\u4e00\u4e2a\u8f6f\u4ef6\u5305\u65f6\uff0c\u5e94\u9996\u5148\u5728\u201cAuthor\u201d\u5217\u6807\u6ce8\u81ea\u5df1\u7684\u540d\u5b57\uff0c\u4ee5\u544a\u8bc9\u5176\u4ed6\u5f00\u53d1\u8005\u6b64\u5305\u5df2\u6709\u4eba\u5904\u7406\u3002pr\uff08pull request\uff09\u63d0\u4ea4\u540e\uff0c\u5c06 pr \u94fe\u63a5\u8d34\u5230\u201cPR link\u201d\u5217\u3002pr \u5408\u5e76\u540e\uff0c\u5e94\u5728\u201cPR status\u201d\u5217\u6807\u6ce8\u201cDone\u201d\u3002","title":"Excel\u8868\u683c\u8bf4\u660e"},{"location":"contribute/rpm-packaging-reference/#sig","text":"\u76ee\u524d SIG \u5904\u7406\u7f16\u5305\u95ee\u9898\u4e3b\u8981\u4f7f\u7528 SIG \u81ea\u5df1\u7f16\u5199\u7684 oos \u5de5\u5177\u3002oos \u5de5\u5177\u7ec6\u8282\u53c2\u8003 oos README \u3002\u4e0d\u540c\u201cStatus\u201d\u5904\u7406\u65f6\u6d89\u53ca\u7684\u201c\u5347\u7ea7\u201d\u3001\u201c\u521d\u59cb\u5316\u5206\u652f\u201d\u3001\u201c\u8f6f\u4ef6\u5305\u653e\u5165 OBS \u5de5\u7a0b\u201d\u7b49\u64cd\u4f5c\uff0coos \u5de5\u5177\u6709\u5bf9\u5e94\u5b9e\u73b0\u3002 \u4ee5 Yoga \u7248\u672c\u5347\u7ea7 python-pyrsistent \u8f6f\u4ef6\u5305\u4e3a\u4f8b\uff0c\u6f14\u793a\u7f16\u5305\u6d41\u7a0b\uff0c\u5e2e\u52a9\u5f00\u53d1\u8005\u719f\u6089 OpenStack SIG \u57fa\u4e8e oos \u5de5\u5177\u7684\u6253\u5305\u76f8\u5173\u6d41\u7a0b\u3002\u5728\u4e86\u89e3\u57fa\u7840\u6d41\u7a0b\u540e\uff0c\u5f00\u53d1\u8005\u53ef\u901a\u8fc7 oos README \u4e86\u89e3\u5176\u4f59\u64cd\u4f5c\u3002python-pyrsistent \u8f6f\u4ef6\u5305\u4fe1\u606f\u53c2\u89c1\u4e0a\u6587\u8868\u683c\u3002\u8be5\u8f6f\u4ef6\u5305\u9700\u8981\u4ece0.18.0\u7248\u672c\u5347\u7ea7\u52300.18.1\u7248\u672c\u3002Yoga \u7248\u672c\u662f\u572822.09\u7248\u672c\u5f00\u53d1\u89c4\u5212\u4e2d\uff0c\u5f53\u524d\u4e3a22\u5e745\u6708\uff0c\u76f4\u63a5\u63d0\u4ea4\u5230master\u5206\u652f\u5373\u53ef\u3002","title":"SIG \u5904\u7406\u7f16\u5305\u95ee\u9898\u6d41\u7a0b"},{"location":"contribute/rpm-packaging-reference/#cla","text":"\u5728 openEuler \u793e\u533a\u63d0\u4ea4\u8d21\u732e\u9700\u8981\u7b7e\u7f72 CLA \u3002 \u5bf9\u4e8e\u521d\u6b21\u53c2\u4e0e openEuler \u793e\u533a\u7684\u5f00\u53d1\u8005\uff0c\u53ef\u9996\u5148\u67e5\u770b openEuler \u8d21\u732e\u653b\u7565 \uff0c\u6982\u89c8\u6574\u4f53\u8d21\u732e\u60c5\u51b5\u3002","title":"\u7b7e\u7f72 CLA"},{"location":"contribute/rpm-packaging-reference/#_1","text":"dnf install rpm-build rpmdevtools git # \u751f\u6210~/rpmbuild\u76ee\u5f55\uff0coos\u9ed8\u8ba4\u5de5\u4f5c\u8def\u5f84\u4e5f\u4e3a\u6b64 rpmdev-setuptree pip install openstack-sig-tool==1.0.6 \u8bf4\u660e\uff1aopenstack-sig-tool \u5728 1.1.0 \u7248\u672c\u5bf9 oos spec \u547d\u4ee4\u8fdb\u884c\u4e86 \u91cd\u6784 \u3002\u5982\u4e0b\u6d41\u7a0b\u6d89\u53ca oos spec \u547d\u4ee4\u7684\u64cd\u4f5c\u5bf9\u5e94 1.0.6 \u7248\u672c\u3002\u5efa\u8bae\u5b89\u88c5\u65b0\u7248 oos , \u5e76\u53c2\u8003\u5bf9\u5e94 README \u4f7f\u7528\u3002","title":"\u73af\u5883\u51c6\u5907"},{"location":"contribute/rpm-packaging-reference/#gitee-patpersonal-access-token","text":"\u9996\u5148\u8fdb\u5165 Gitee \u5e10\u6237\u7684\u201c\u8bbe\u7f6e\u201d\u754c\u9762\u3002 \u9009\u62e9\u201c\u79c1\u4eba\u4ee4\u724c\u201d\uff0c\u7136\u540e\u70b9\u51fb\u201c\u751f\u6210\u65b0\u4ee4\u724c\u201d\u3002\u751f\u6210\u540e\u5355\u72ec\u4fdd\u5b58\u597d\u81ea\u5df1\u7684\u79c1\u4eba\u4ee4\u724c\uff08pat\uff09\uff0cGitee \u4e0a\u65e0\u6cd5\u518d\u6b21\u67e5\u770b\uff0c\u5982\u679c\u4e22\u5931\u53ea\u80fd\u91cd\u65b0\u751f\u6210\u3002","title":"\u751f\u6210\u4e2a\u4eba Gitee \u5e10\u6237\u7684 pat(personal access token)"},{"location":"contribute/rpm-packaging-reference/#python-pyrsistent-spec","text":"export GITEE_PAT=<your gitee pat> oos spec push --name python-pyrsistent --version 0.18.1 -dp -dp, --do-push [\u53ef\u9009] \u6307\u5b9a\u662f\u5426\u6267\u884cpush\u5230gitee\u4ed3\u5e93\u4e0a\u5e76\u63d0\u4ea4PR\uff0c\u5982\u679c\u4e0d\u6307\u5b9a\u5219\u53ea\u4f1a\u63d0\u4ea4\u5230\u672c\u5730\u7684\u4ed3\u5e93\u4e2d \u6ce8\u610f\u6b64\u5904 --name \u53c2\u6570\u4e3a\u8868\u683c\u4e2d\u7684\u201cProject Name\u201d\u5217\u3002 oos spec push \u547d\u4ee4\u4f1a\u81ea\u52a8\u8fdb\u884c\u5982\u4e0b\u6d41\u7a0b\uff1a fork --name \u5bf9\u5e94\u4ed3\u5e93\u5230 pat \u5bf9\u5e94\u7684 gitee \u5e10\u6237\u3002 \u5c06\u4ed3\u5e93 clone \u5230\u672c\u5730\uff0c\u9ed8\u8ba4\u8def\u5f84\u4e3a ~/rpmbuild/src-repos \u3002 \u6839\u636e --name \u548c --version \u4e0b\u8f7d\u6e90\u7801\u5305\uff0c\u5e76\u751f\u6210 spec \u6587\u4ef6(\u8bfb\u53d6\u4ed3\u5e93\u4e2d\u539f\u6709 changelog)\u3002\u6b64\u9636\u6bb5\u9ed8\u8ba4\u8def\u5f84\u4e3a ~/rpmbuild \u3002 \u672c\u5730\u8fd0\u884c rpm \u5305\u6784\u5efa\u3002\u672c\u5730\u8fd0\u884c\u901a\u8fc7\u540e\uff0c\u4f1a\u81ea\u52a8\u5c06 spec \u6587\u4ef6\u53ca\u6e90\u7801\u5305\u66f4\u65b0\u5230 git \u4ed3\u5e93\u3002\u5982\u679c\u6709 -dp \u53c2\u6570\u5219\u81ea\u52a8\u8fdb\u884c push \u53ca\u521b\u5efa pr \u64cd\u4f5c\u3002\u5982\u679c\u672c\u5730\u6784\u5efa\u65f6\u5931\u8d25\uff0c\u5219\u505c\u6b62\u6d41\u7a0b\u3002 \u5982\u679c\u672c\u5730\u6784\u5efa\u5931\u8d25\uff0c\u5219\u53ef\u4ee5\u4fee\u6539\u751f\u6210\u7684 spec \u6587\u4ef6\u3002\u7136\u540e\u6267\u884c\uff1a oos spec push --name python-pyrsistent --version 0.18.1 -dp -rs -rs, --reuse-spec [\u53ef\u9009] \u590d\u7528\u5df2\u5b58\u5728\u7684spec\u6587\u4ef6\uff0c\u4e0d\u518d\u91cd\u65b0\u751f\u6210\u3002 \u5982\u6b64\u5faa\u73af\uff0c\u76f4\u81f3\u4e0a\u4f20\u6210\u529f\u3002 \u6ce81\uff1a\u5347\u7ea7\u65f6\u8981\u901a\u8fc7 oos spec push \u547d\u4ee4\u751f\u6210 spec \u6587\u4ef6\uff0c\u4e0d\u8981\u4f7f\u7528 oos spec build \u547d\u4ee4\uff0cpush \u547d\u4ee4\u4f1a\u4fdd\u7559\u4ed3\u5e93\u4e2d \u73b0\u6709 spec \u7684 changelog\uff0cbuild \u547d\u4ee4\u5219\u76f4\u63a5\u751f\u6210\u65b0\u7684 changelog\u3002 \u6ce82\uff1a\u5904\u7406\u9519\u8bef\u65f6\uff0c\u53ef\u4ee5\u53c2\u8003\u4ed3\u5e93\u4e2d\u73b0\u6709\u7684 spec \u6587\u4ef6\uff1b\u5f53\u524d spec \u9664\u4e86 changelog \u90e8\u5206\uff0c\u5176\u4f59\u4e3a oos \u5de5\u5177\u91cd\u65b0\u751f\u6210\uff0c\u524d\u4eba\u9047\u5230\u7684\u9519\u8bef\uff0c\u6b64\u5904\u4ecd\u53ef\u80fd\u9047\u5230\uff0c\u53ef\u53c2\u8003\u524d\u4eba\u64cd\u4f5c\u7ed3\u679c\u95ee\u9898\u3002 \u6ce83\uff1aoos \u547d\u4ee4\u8fd8\u652f\u6301\u6279\u91cf\u5904\u7406\uff0c\u53ef\u4ee5\u53c2\u8003 oos \u7684 README \u81ea\u884c\u5c1d\u8bd5\u3002","title":"\u751f\u6210 python-pyrsistent \u5305\u7684 spec \u5e76\u63d0\u4ea4"},{"location":"contribute/rpm-packaging-reference/#pr","text":"\u6b64\u65f6\u5728\u81ea\u5df1\u7684 gitee \u5e10\u6237\u4e2d\u53ef\u4ee5\u770b\u5230 fork \u8fc7\u6765\u7684\u4ed3\u5e93\u3002\u8fdb\u5165\u81ea\u5df1\u5e10\u53f7\u4e2d\u7684\u4ed3\u5e93\uff0c\u53ef\u901a\u8fc7\u70b9\u51fb\u5982\u4e0b\u6846\u8d77\u4f4d\u7f6e\uff0c\u53ef\u8fdb\u5165\u539f\u4ed3\u5e93\u3002 \u539f\u4ed3\u5e93\u4e2d\u53ef\u4ee5\u770b\u5230\u81ea\u52a8\u63d0\u4ea4\u7684 pr\u3002Pr \u4e2d\u53ef\u4ee5\u770b\u5230 openeuler-ci-bot \u7684\u8bc4\u8bba\uff1a openEuler \u5728 gitee \u4e0a\u6258\u7ba1\u7684\u4ee3\u7801\uff0c\u63d0\u4ea4 pr \u4f1a\u81ea\u52a8\u89e6\u53d1\u95e8\u7981\u3002\u672c\u5730\u6784\u5efa\u901a\u8fc7\u7684\uff0c\u4e5f\u6709\u53ef\u80fd\u5728\u95e8\u7981\u68c0\u67e5\u4e2d\u6784\u5efa\u5931\u8d25\u3002\u6bd4\u5982\u4e0a\u56fe\u4e2d\u6b64\u6b21\u63d0\u4ea4\u4fbf\u6784\u5efa\u5931\u8d25\uff0c\u53ef\u4ee5\u70b9\u51fb\u6846\u8d77\u90e8\u5206\uff0c\u67e5\u770b\u5bf9\u5e94\u67b6\u6784\u7684 build details\u3002 \u6b64\u65f6\u53ef\u4ee5\u6839\u636e build details \u4e2d\u65e5\u5fd7\u4e2d\u62a5\u9519\u4fe1\u606f\uff0c\u5bf9\u672c\u5730 spec \u8fdb\u884c\u4fee\u6539\uff0c\u800c\u540e\u518d\u6b21\u6267\u884c\uff1a oos spec push --name python-pyrsistent --version 0.18.1 -dp -rs \u7ebf\u4e0a\u4f1a\u81ea\u52a8\u91cd\u65b0\u6267\u884c\u6d4b\u8bd5\u3002 \u95e8\u7981\u8be6\u7ec6\u4fe1\u606f\u53ca\u5404\u9879\u7ed3\u679c\u542b\u4e49\u53c2\u8003\u793e\u533a\u7684 \u300a\u95e8\u7981\u529f\u80fd\u6307\u5bfc\u624b\u518c\u300b \u3002","title":"PR \u95e8\u7981\u68c0\u67e5"},{"location":"contribute/rpm-packaging-reference/#pr_1","text":"\u5f53\u4e00\u4e2a pr \u901a\u8fc7\u95e8\u7981\u68c0\u67e5\u540e\uff0c\u9700\u8981\u7531\u8f6f\u4ef6\u4ed3\u5e93\u6240\u5c5e SIG \u7684 maintainer \u8fdb\u884c review\u3002\u4e3a\u4e86\u52a0\u901f\u8fdb\u7a0b\uff0c\u95e8\u7981\u901a\u8fc7\u540e\uff0c\u53ef\u4ee5\u624b\u52a8 @ \u5bf9\u5e94\u7684 maintainer\uff0c\u8bf7\u6c42\u5e2e\u5fd9\u68c0\u89c6\u3002\u5728 pr \u63d0\u4ea4\u540e\uff0copeneuler-ci-bot \u4f1a\u6709\u5982\u4e0b\u56fe\u6240\u793a\u8bc4\u8bba\uff0c\u5176\u4e2d\u88ab @ \u7684\u4eba\u5373\u4e3a\u5f53\u524d\u4ed3\u5e93\u6240\u5c5e SIG \u7684 maintainer\u3002","title":"PR \u68c0\u89c6"},{"location":"contribute/rpm-packaging-reference/#_2","text":"\u8fd9\u91cc\u5bf9\u4e00\u4e9b\u53ef\u80fd\u9047\u5230\u7684\u7279\u6b8a\u95ee\u9898\u8fdb\u884c\u8bb0\u5f55\u3002","title":"\u6ce8\u610f\u4e8b\u9879"},{"location":"contribute/rpm-packaging-reference/#_3","text":"oos \u81ea\u52a8\u751f\u6210\u7684 spec \u6587\u4ef6\u4e2d\uff0c%check \u90e8\u5206\u9ed8\u8ba4\u4e3a %{__python3} setup.py test \u3002\u4f46\u662f\u5728\u6709\u4e9b\u5305\u4e2d\uff0c\u8fd9\u6837\u5e76\u4e0d\u4f1a\u771f\u6b63\u6267\u884c\u6d4b\u8bd5\uff0c\u4f46\u95e8\u7981\u7ed3\u679c\u4e5f\u663e\u793a\u901a\u8fc7\u3002\u9700\u8981\u5f00\u53d1\u8005\u4eba\u5de5\u8fa8\u522b\u3002\u53c2\u8003\u65b9\u6cd5\u5982\u4e0b\uff1a \u5982\u679c\u662f\u6b64\u524d\u5df2\u6709 spec \u6587\u4ef6\uff0c\u53ef\u4ee5\u53c2\u8003\u4e4b\u524d\u7684 spec \u4e2d %check \u90e8\u5206\u5982\u4f55\u4e66\u5199\u3002\u5982\u679c\u4ee5\u524d\u5199\u7684\u4e0d\u662f %{__python3} setup.py test \uff0c\u4fbf\u9700\u8981\u91cd\u70b9\u6ce8\u610f\u3002 \u8fdb\u5165\u95e8\u7981\u7684 build details(\u53c2\u89c1\u4e0a\u6587\u201cPR \u95e8\u7981\u68c0\u67e5\u201d\u90e8\u5206)\uff0c\u67e5\u770b\u6784\u5efa\u65e5\u5fd7\u7684 %check \u90e8\u5206\u3002\u4e0b\u56fe\u4e3a\u8fdb\u5165 build details\uff0c\u7136\u540e\u9009\u62e9\u201c\u6587\u672c\u65b9\u5f0f\u67e5\u770b\u201d\u7684\u65e5\u5fd7\u663e\u793a\u622a\u56fe\u3002\u53ef\u4ee5\u770b\u5230\u663e\u793a\u5b9e\u9645\u8fd0\u884c\u6d4b\u8bd5\u6570\u4e3a0\u3002","title":"\u6d4b\u8bd5\u672a\u6267\u884c\u95ee\u9898"},{"location":"contribute/rpm-packaging-reference/#_4","text":"\u5c0f\u90e8\u5206\u8f6f\u4ef6\u5305\u53ef\u80fd\u4f1a\u78b0\u5230\uff0coos \u81ea\u52a8\u751f\u6210\u7684 spec \u6240\u4f7f\u7528\u7684\u7684\u5305\u540d\u4e0e\u73b0\u6709\u5305\u540d\u4e0d\u4e00\u81f4\u3002\u6bd4\u5982\u4e00\u4e2a\u4f7f\u7528 - ,\u4e00\u4e2a\u4f7f\u7528\u4e0b\u5212\u7ebf _ \u3002\u6b64\u5904\u4ee5\u539f\u672c\u4f7f\u7528\u7684\u5305\u540d\u4e3a\u51c6\uff0c\u4e0d\u4fee\u6539\u539f\u6709\u5305\u540d\u3002 \u4f5c\u4e3a\u4e34\u65f6\u7684\u5904\u7406\uff0c\u5f00\u53d1\u8005\u53ef\u4ee5\u624b\u52a8\u5c06 spec \u6587\u4ef6\u76f8\u5173\u5730\u65b9\u6539\u4e3a\u539f\u6709\u5305\u540d\u3002\u4e0e\u6b64\u540c\u65f6\uff0coos \u62e5\u6709 mapping \u4fee\u6b63\u529f\u80fd\uff0c\u5f00\u53d1\u8005\u53ef\u4ee5\u63d0\u4ea4 issue\uff0cSIG \u5c06\u5728 oos \u4e2d\u8fdb\u884c\u4fee\u590d\u3002","title":"\u5305\u540d\u4e0d\u4e00\u81f4\u95ee\u9898"},{"location":"install/devstack/","text":"\u4f7f\u7528Devstack\u5b89\u88c5OpenStack \u00b6 \u4f7f\u7528Devstack\u5b89\u88c5OpenStack \u5b89\u88c5\u6b65\u9aa4 \u76ee\u524dOpenStack\u539f\u751fDevstack\u9879\u76ee\u5df2\u7ecf\u652f\u6301\u5728openEuler\u4e0a\u5b89\u88c5OpenStack\uff0c\u5176\u4e2dopenEuler 20.03 LTS SP2\u5df2\u7ecf\u8fc7\u9a8c\u8bc1\uff0c\u5e76\u4e14\u6709\u4e0a\u6e38\u5b98\u65b9CI\u4fdd\u8bc1\u8d28\u91cf\u3002\u5176\u4ed6\u7248\u672c\u7684openEuler\u9700\u8981\u7528\u6237\u81ea\u884c\u6d4b\u8bd5(2022-04-25 openEuler master\u5206\u652f\u5df2\u9a8c\u8bc1)\u3002 \u5b89\u88c5\u6b65\u9aa4 \u00b6 \u51c6\u5907\u4e00\u4e2aopenEuler\u73af\u5883, 20.03 LTS SP2 \u865a\u62df\u673a\u955c\u50cf\u5730\u5740 , master \u865a\u62df\u673a\u955c\u50cf\u5730\u5740 \u914d\u7f6eyum\u6e90 openEuler 20.03 LTS SP2 \uff1a openEuler\u5b98\u65b9\u6e90\u4e2d\u7f3a\u5c11\u4e86\u4e00\u4e9bOpenStack\u9700\u8981\u7684RPM\u5305\uff0c\u56e0\u6b64\u9700\u8981\u5148\u914d\u4e0aOpenStack SIG\u5728oepkg\u4e2d\u51c6\u5907\u597d\u7684RPM\u6e90 vi /etc/yum.repos.d/openeuler.repo [openstack] name=openstack baseurl=https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP2/budding-openeuler/openstack-master-ci/aarch64/ enabled=1 gpgcheck=0 openEuler master : \u4f7f\u7528master\u7684RPM\u6e90: vi /etc/yum.repos.d/openeuler.repo [mainline] name=mainline baseurl=http://119.3.219.20:82/openEuler:/Mainline/standard_aarch64/ gpgcheck=false [epol] name=epol baseurl=http://119.3.219.20:82/openEuler:/Epol/standard_aarch64/ gpgcheck=false \u524d\u671f\u51c6\u5907 openEuler 20.03 LTS SP2 \uff1a \u5728\u4e00\u4e9b\u7248\u672c\u7684openEuler\u5b98\u65b9\u955c\u50cf\u7684\u9ed8\u8ba4\u6e90\u4e2d\uff0cEPOL-update\u7684URL\u53ef\u80fd\u914d\u7f6e\u4e0d\u6b63\u786e\uff0c\u9700\u8981\u4fee\u6539 vi /etc/yum.repos.d/openEuler.repo # \u628a[EPOL-UPDATE]URL\u6539\u6210 baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP2/EPOL/update/main/$basearch/ openEuler master : yum remove python3-pip # \u7cfb\u7edf\u7684pip\u4e0edevstack pip\u51b2\u7a81\uff0c\u9700\u8981\u5148\u5220\u9664 # master\u7684\u865a\u673a\u73af\u5883\u7f3a\u5c11\u4e86\u4e00\u4e9b\u4f9d\u8d56\uff0cdevstack\u4e0d\u4f1a\u81ea\u52a8\u5b89\u88c5\uff0c\u9700\u8981\u624b\u52a8\u5b89\u88c5 yum install iptables tar wget python3-devel httpd-devel iscsi-initiator-utils libvirt python3-libvirt qemu memcached \u4e0b\u8f7ddevstack yum update yum install git cd /opt/ git clone https://opendev.org/openstack/devstack.git \u521d\u59cb\u5316devstack\u73af\u5883\u914d\u7f6e # \u521b\u5efastack\u7528\u6237 /opt/devstack/tools/create-stack-user.sh # \u4fee\u6539\u76ee\u5f55\u6743\u9650 chown -R stack:stack /opt/devstack chmod -R 755 /opt/devstack chmod -R 755 /opt/stack # \u5207\u6362\u5230\u8981\u90e8\u7f72\u7684openstack\u7248\u672c\u5206\u652f\uff0c\u4ee5yoga\u4e3a\u4f8b\uff0c\u4e0d\u5207\u6362\u7684\u8bdd\uff0c\u9ed8\u8ba4\u5b89\u88c5\u7684\u662fmaster\u7248\u672c\u7684openstack git checkout stable/yoga \u521d\u59cb\u5316devstack\u914d\u7f6e\u6587\u4ef6 \u5207\u6362\u5230stack\u7528\u6237 su stack \u6b64\u65f6\uff0c\u8bf7\u786e\u8ba4stack\u7528\u6237\u7684PATH\u73af\u5883\u53d8\u91cf\u662f\u5426\u5305\u542b\u4e86`/usr/sbin`\uff0c\u5982\u679c\u6ca1\u6709\uff0c\u5219\u9700\u8981\u6267\u884c PATH=$PATH:/usr/sbin \u65b0\u589e\u914d\u7f6e\u6587\u4ef6 vi /opt/devstack/local.conf [[local|localrc]] DATABASE_PASSWORD=root RABBIT_PASSWORD=root SERVICE_PASSWORD=root ADMIN_PASSWORD=root OVN_BUILD_FROM_SOURCE=True openEuler\u6ca1\u6709\u63d0\u4f9bOVN\u7684RPM\u8f6f\u4ef6\u5305\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6e OVN_BUILD_FROM_SOURCE=True , \u4ece\u6e90\u7801\u7f16\u8bd1OVN \u53e6\u5916\u5982\u679c\u4f7f\u7528\u7684\u662farm64\u865a\u62df\u673a\u73af\u5883\uff0c\u5219\u9700\u8981\u914d\u7f6elibvirt\u5d4c\u5957\u865a\u62df\u5316\uff0c\u5728 local.conf \u4e2d\u8ffd\u52a0\u5982\u4e0b\u914d\u7f6e\uff1a [[post-config|$NOVA_CONF]] [libvirt] cpu_mode=custom cpu_model=cortex-a72 \u5982\u679c\u5b89\u88c5Ironic\uff0c\u9700\u8981\u63d0\u524d\u5b89\u88c5\u4f9d\u8d56\uff1a sudo dnf install syslinux-nonlinux openEuler master\u7684\u7279\u6b8a\u914d\u7f6e \uff1a \u7531\u4e8edevstack\u8fd8\u6ca1\u6709\u9002\u914d\u6700\u65b0\u7684openEuler\uff0c\u6211\u4eec\u9700\u8981\u624b\u52a8\u4fee\u590d\u4e00\u4e9b\u95ee\u9898\uff1a \u4fee\u6539devstack\u6e90\u7801 vi /opt/devstack/tools/fixup_stuff.sh \u628afixup_openeuler\u65b9\u6cd5\u4e2d\u7684\u6240\u6709echo\u8bed\u53e5\u5220\u6389 (echo '[openstack-ci]' echo 'name=openstack' echo 'baseurl=https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP2/budding-openeuler/openstack-master-ci/'$arch'/' echo 'enabled=1' echo 'gpgcheck=0') | sudo tee -a /etc/yum.repos.d/openstack-master.repo > /dev/null 2. \u4fee\u6539requirements\u6e90\u7801 Yoga\u7248keystone\u7684\u4f9d\u8d56 setproctitle \u7684devstack\u9ed8\u8ba4\u7248\u672c\u4e0d\u652f\u6301python3.10\uff0c\u9700\u8981\u5347\u7ea7\uff0c\u624b\u52a8\u4e0b\u8f7drequirements\u9879\u76ee\u5e76\u4fee\u6539 cd /opt/stack git clone https://opendev.org/openstack/requirements --branch stable/yoga vi /opt/stack/requirements/upper-constraints.txt setproctitle===1.2.3 OpenStack horizon\u6709BUG\uff0c\u65e0\u6cd5\u6b63\u5e38\u5b89\u88c5\u3002\u8fd9\u91cc\u6211\u4eec\u6682\u65f6\u4e0d\u5b89\u88c5horizon\uff0c\u4fee\u6539 local.conf \uff0c\u65b0\u589e\u4e00\u884c\uff1a [[local|localrc]] disable_service horizon \u5982\u679c\u786e\u5b9e\u6709\u5bf9horizon\u7684\u9700\u6c42\uff0c\u5219\u9700\u8981\u89e3\u51b3\u4ee5\u4e0b\u95ee\u9898\uff1a # 1. horizon\u4f9d\u8d56\u7684pyScss\u9ed8\u8ba4\u4e3a1.3.7\u7248\u672c\uff0c\u4e0d\u652f\u6301python3.10 # \u89e3\u51b3\u65b9\u6cd5\uff1a\u9700\u8981\u63d0\u524dclone`requirements`\u9879\u76ee\u5e76\u4fee\u6539\u4ee3\u7801 vi /opt/stack/requirements/upper-constraints.txt pyScss===1.4.0 # 2. horizon\u4f9d\u8d56httpd\u7684mod_wsgi\u63d2\u4ef6\uff0c\u4f46\u76ee\u524dopenEuler\u7684mod_wsgi\u6784\u5efa\u5f02\u5e38\uff082022-04-25\uff09\uff08\u89e3\u51b3\u540eyum install mod_wsgi\u5373\u53ef\uff09\uff0c\u65e0\u6cd5\u4eceyum\u5b89\u88c5 # \u89e3\u51b3\u65b9\u6cd5\uff1a\u624b\u52a8\u6e90\u7801build mod_wsgi\u5e76\u914d\u7f6e\uff0c\u8be5\u8fc7\u7a0b\u8f83\u590d\u6742\uff0c\u8fd9\u91cc\u7565\u8fc7 dstat\u670d\u52a1\u4f9d\u8d56\u7684 pcp-system-tools \u6784\u5efa\u5f02\u5e38\uff082022-04-25\uff09\uff08\u89e3\u51b3\u540eyum install pcp-system-tools\u5373\u53ef\uff09\uff0c\u65e0\u6cd5\u4eceyum\u5b89\u88c5\uff0c\u6682\u65f6\u5148\u4e0d\u5b89\u88c5dstat [[local|localrc]] disable_service dstat \u90e8\u7f72OpenStack \u8fdb\u5165devstack\u76ee\u5f55\uff0c\u6267\u884c ./stack.sh \uff0c\u7b49\u5f85OpenStack\u5b8c\u6210\u5b89\u88c5\u90e8\u7f72\u3002","title":"devstack"},{"location":"install/devstack/#devstackopenstack","text":"\u4f7f\u7528Devstack\u5b89\u88c5OpenStack \u5b89\u88c5\u6b65\u9aa4 \u76ee\u524dOpenStack\u539f\u751fDevstack\u9879\u76ee\u5df2\u7ecf\u652f\u6301\u5728openEuler\u4e0a\u5b89\u88c5OpenStack\uff0c\u5176\u4e2dopenEuler 20.03 LTS SP2\u5df2\u7ecf\u8fc7\u9a8c\u8bc1\uff0c\u5e76\u4e14\u6709\u4e0a\u6e38\u5b98\u65b9CI\u4fdd\u8bc1\u8d28\u91cf\u3002\u5176\u4ed6\u7248\u672c\u7684openEuler\u9700\u8981\u7528\u6237\u81ea\u884c\u6d4b\u8bd5(2022-04-25 openEuler master\u5206\u652f\u5df2\u9a8c\u8bc1)\u3002","title":"\u4f7f\u7528Devstack\u5b89\u88c5OpenStack"},{"location":"install/devstack/#_1","text":"\u51c6\u5907\u4e00\u4e2aopenEuler\u73af\u5883, 20.03 LTS SP2 \u865a\u62df\u673a\u955c\u50cf\u5730\u5740 , master \u865a\u62df\u673a\u955c\u50cf\u5730\u5740 \u914d\u7f6eyum\u6e90 openEuler 20.03 LTS SP2 \uff1a openEuler\u5b98\u65b9\u6e90\u4e2d\u7f3a\u5c11\u4e86\u4e00\u4e9bOpenStack\u9700\u8981\u7684RPM\u5305\uff0c\u56e0\u6b64\u9700\u8981\u5148\u914d\u4e0aOpenStack SIG\u5728oepkg\u4e2d\u51c6\u5907\u597d\u7684RPM\u6e90 vi /etc/yum.repos.d/openeuler.repo [openstack] name=openstack baseurl=https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP2/budding-openeuler/openstack-master-ci/aarch64/ enabled=1 gpgcheck=0 openEuler master : \u4f7f\u7528master\u7684RPM\u6e90: vi /etc/yum.repos.d/openeuler.repo [mainline] name=mainline baseurl=http://119.3.219.20:82/openEuler:/Mainline/standard_aarch64/ gpgcheck=false [epol] name=epol baseurl=http://119.3.219.20:82/openEuler:/Epol/standard_aarch64/ gpgcheck=false \u524d\u671f\u51c6\u5907 openEuler 20.03 LTS SP2 \uff1a \u5728\u4e00\u4e9b\u7248\u672c\u7684openEuler\u5b98\u65b9\u955c\u50cf\u7684\u9ed8\u8ba4\u6e90\u4e2d\uff0cEPOL-update\u7684URL\u53ef\u80fd\u914d\u7f6e\u4e0d\u6b63\u786e\uff0c\u9700\u8981\u4fee\u6539 vi /etc/yum.repos.d/openEuler.repo # \u628a[EPOL-UPDATE]URL\u6539\u6210 baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP2/EPOL/update/main/$basearch/ openEuler master : yum remove python3-pip # \u7cfb\u7edf\u7684pip\u4e0edevstack pip\u51b2\u7a81\uff0c\u9700\u8981\u5148\u5220\u9664 # master\u7684\u865a\u673a\u73af\u5883\u7f3a\u5c11\u4e86\u4e00\u4e9b\u4f9d\u8d56\uff0cdevstack\u4e0d\u4f1a\u81ea\u52a8\u5b89\u88c5\uff0c\u9700\u8981\u624b\u52a8\u5b89\u88c5 yum install iptables tar wget python3-devel httpd-devel iscsi-initiator-utils libvirt python3-libvirt qemu memcached \u4e0b\u8f7ddevstack yum update yum install git cd /opt/ git clone https://opendev.org/openstack/devstack.git \u521d\u59cb\u5316devstack\u73af\u5883\u914d\u7f6e # \u521b\u5efastack\u7528\u6237 /opt/devstack/tools/create-stack-user.sh # \u4fee\u6539\u76ee\u5f55\u6743\u9650 chown -R stack:stack /opt/devstack chmod -R 755 /opt/devstack chmod -R 755 /opt/stack # \u5207\u6362\u5230\u8981\u90e8\u7f72\u7684openstack\u7248\u672c\u5206\u652f\uff0c\u4ee5yoga\u4e3a\u4f8b\uff0c\u4e0d\u5207\u6362\u7684\u8bdd\uff0c\u9ed8\u8ba4\u5b89\u88c5\u7684\u662fmaster\u7248\u672c\u7684openstack git checkout stable/yoga \u521d\u59cb\u5316devstack\u914d\u7f6e\u6587\u4ef6 \u5207\u6362\u5230stack\u7528\u6237 su stack \u6b64\u65f6\uff0c\u8bf7\u786e\u8ba4stack\u7528\u6237\u7684PATH\u73af\u5883\u53d8\u91cf\u662f\u5426\u5305\u542b\u4e86`/usr/sbin`\uff0c\u5982\u679c\u6ca1\u6709\uff0c\u5219\u9700\u8981\u6267\u884c PATH=$PATH:/usr/sbin \u65b0\u589e\u914d\u7f6e\u6587\u4ef6 vi /opt/devstack/local.conf [[local|localrc]] DATABASE_PASSWORD=root RABBIT_PASSWORD=root SERVICE_PASSWORD=root ADMIN_PASSWORD=root OVN_BUILD_FROM_SOURCE=True openEuler\u6ca1\u6709\u63d0\u4f9bOVN\u7684RPM\u8f6f\u4ef6\u5305\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6e OVN_BUILD_FROM_SOURCE=True , \u4ece\u6e90\u7801\u7f16\u8bd1OVN \u53e6\u5916\u5982\u679c\u4f7f\u7528\u7684\u662farm64\u865a\u62df\u673a\u73af\u5883\uff0c\u5219\u9700\u8981\u914d\u7f6elibvirt\u5d4c\u5957\u865a\u62df\u5316\uff0c\u5728 local.conf \u4e2d\u8ffd\u52a0\u5982\u4e0b\u914d\u7f6e\uff1a [[post-config|$NOVA_CONF]] [libvirt] cpu_mode=custom cpu_model=cortex-a72 \u5982\u679c\u5b89\u88c5Ironic\uff0c\u9700\u8981\u63d0\u524d\u5b89\u88c5\u4f9d\u8d56\uff1a sudo dnf install syslinux-nonlinux openEuler master\u7684\u7279\u6b8a\u914d\u7f6e \uff1a \u7531\u4e8edevstack\u8fd8\u6ca1\u6709\u9002\u914d\u6700\u65b0\u7684openEuler\uff0c\u6211\u4eec\u9700\u8981\u624b\u52a8\u4fee\u590d\u4e00\u4e9b\u95ee\u9898\uff1a \u4fee\u6539devstack\u6e90\u7801 vi /opt/devstack/tools/fixup_stuff.sh \u628afixup_openeuler\u65b9\u6cd5\u4e2d\u7684\u6240\u6709echo\u8bed\u53e5\u5220\u6389 (echo '[openstack-ci]' echo 'name=openstack' echo 'baseurl=https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP2/budding-openeuler/openstack-master-ci/'$arch'/' echo 'enabled=1' echo 'gpgcheck=0') | sudo tee -a /etc/yum.repos.d/openstack-master.repo > /dev/null 2. \u4fee\u6539requirements\u6e90\u7801 Yoga\u7248keystone\u7684\u4f9d\u8d56 setproctitle \u7684devstack\u9ed8\u8ba4\u7248\u672c\u4e0d\u652f\u6301python3.10\uff0c\u9700\u8981\u5347\u7ea7\uff0c\u624b\u52a8\u4e0b\u8f7drequirements\u9879\u76ee\u5e76\u4fee\u6539 cd /opt/stack git clone https://opendev.org/openstack/requirements --branch stable/yoga vi /opt/stack/requirements/upper-constraints.txt setproctitle===1.2.3 OpenStack horizon\u6709BUG\uff0c\u65e0\u6cd5\u6b63\u5e38\u5b89\u88c5\u3002\u8fd9\u91cc\u6211\u4eec\u6682\u65f6\u4e0d\u5b89\u88c5horizon\uff0c\u4fee\u6539 local.conf \uff0c\u65b0\u589e\u4e00\u884c\uff1a [[local|localrc]] disable_service horizon \u5982\u679c\u786e\u5b9e\u6709\u5bf9horizon\u7684\u9700\u6c42\uff0c\u5219\u9700\u8981\u89e3\u51b3\u4ee5\u4e0b\u95ee\u9898\uff1a # 1. horizon\u4f9d\u8d56\u7684pyScss\u9ed8\u8ba4\u4e3a1.3.7\u7248\u672c\uff0c\u4e0d\u652f\u6301python3.10 # \u89e3\u51b3\u65b9\u6cd5\uff1a\u9700\u8981\u63d0\u524dclone`requirements`\u9879\u76ee\u5e76\u4fee\u6539\u4ee3\u7801 vi /opt/stack/requirements/upper-constraints.txt pyScss===1.4.0 # 2. horizon\u4f9d\u8d56httpd\u7684mod_wsgi\u63d2\u4ef6\uff0c\u4f46\u76ee\u524dopenEuler\u7684mod_wsgi\u6784\u5efa\u5f02\u5e38\uff082022-04-25\uff09\uff08\u89e3\u51b3\u540eyum install mod_wsgi\u5373\u53ef\uff09\uff0c\u65e0\u6cd5\u4eceyum\u5b89\u88c5 # \u89e3\u51b3\u65b9\u6cd5\uff1a\u624b\u52a8\u6e90\u7801build mod_wsgi\u5e76\u914d\u7f6e\uff0c\u8be5\u8fc7\u7a0b\u8f83\u590d\u6742\uff0c\u8fd9\u91cc\u7565\u8fc7 dstat\u670d\u52a1\u4f9d\u8d56\u7684 pcp-system-tools \u6784\u5efa\u5f02\u5e38\uff082022-04-25\uff09\uff08\u89e3\u51b3\u540eyum install pcp-system-tools\u5373\u53ef\uff09\uff0c\u65e0\u6cd5\u4eceyum\u5b89\u88c5\uff0c\u6682\u65f6\u5148\u4e0d\u5b89\u88c5dstat [[local|localrc]] disable_service dstat \u90e8\u7f72OpenStack \u8fdb\u5165devstack\u76ee\u5f55\uff0c\u6267\u884c ./stack.sh \uff0c\u7b49\u5f85OpenStack\u5b8c\u6210\u5b89\u88c5\u90e8\u7f72\u3002","title":"\u5b89\u88c5\u6b65\u9aa4"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-queens/","text":"OpenStack-Queens \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack-Queens \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 OpenStack \u7b80\u4ecb \u00b6 OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 20.03-LTS-SP2 \u7248\u672c\u5b98\u65b9\u8ba4\u8bc1\u7684\u7b2c\u4e09\u65b9oepkg yum \u6e90\u5df2\u7ecf\u652f\u6301 Openstack-Queens \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597doepkg yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002 \u7ea6\u5b9a \u00b6 Openstack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron \u51c6\u5907\u73af\u5883 \u00b6 \u73af\u5883\u914d\u7f6e \u00b6 \u914d\u7f6e 20.03-LTS-SP2 \u5b98\u65b9\u8ba4\u8bc1\u7684\u7b2c\u4e09\u65b9\u6e90 oepkg cat << EOF >> /etc/yum.repos.d/OpenStack_Queens.repo [openstack_queens] name=OpenStack_Queens baseurl=https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP2/budding-openeuler/openstack/queens/$basearch/ gpgcheck=0 enabled=1 EOF yum clean all && yum makecache \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute \u5b89\u88c5 SQL DataBase \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python2-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef \u5b89\u88c5 RabbitMQ \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5 Memcached \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python2-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u5b89\u88c5 OpenStack \u00b6 Keystone \u5b89\u88c5 \u00b6 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd python2-mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython2-openstackclient\uff1a yum install python2-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ vim /etc/glance/glance-registry.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service openstack-glance-registry.service systemctl start openstack-glance-api.service openstack-glance-registry.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7darm64\u7248\u672c\u7684\u955c\u50cf \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Nova \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CPT) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CPT) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTP) openstack role add --project service --user nova admin (CPT) openstack service create --name nova --description \"OpenStack Compute\" compute (CPT) \u521b\u5efaplacement\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt placement (CPT) openstack role add --project service --user placement admin (CPT) openstack service create --name placement --description \"Placement API\" placement (CPT) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CPT) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CPT) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CPT) \u521b\u5efaplacement API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 (CPT) openstack endpoint create --region RegionOne placement internal http://controller:8778 (CPT) openstack endpoint create --region RegionOne placement admin http://controller:8778 (CPT) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor openstack-nova-console \\ openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api (CTL) yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [libvirt] virt_type = qemu (CPT) cpu_mode = custom (CPT) cpu_model = cortex-a7 (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u5e10\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u624b\u52a8\u589e\u52a0Placement API\u63a5\u5165\u914d\u7f6e\u3002 vim /etc/httpd/conf.d/00-nova-placement-api.conf (CTL) <Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory> \u91cd\u542fhttpd\u670d\u52a1\uff1a systemctl restart httpd (CTL) \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF chown nova:nova /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd (CPT) ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd (CPT) vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] (CPT) \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-consoleauth.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-consoleauth.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u548cplacement API\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL) Neutron \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge-agent ebtables ipset \\ (CTL) openstack-neutron-l3-agent openstack-neutron-dhcp-agent \\ openstack-neutron-metadata-agent yum install openstack-neutron-linuxbridge-agent ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u5e10\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini (CTL) [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable openstack-neutron-server.service \\ (CTL) openstack-neutron-linuxbridge-agent.service openstack-neutron-dhcp-agent.service \\ openstack-neutron-metadata-agent.service openstack-neutron-l3-agent.service systemctl restart openstack-nova-api.service openstack-neutron-server.service (CTL) openstack-neutron-linuxbridge-agent.service openstack-neutron-dhcp-agent.service \\ openstack-neutron-metadata-agent.service openstack-neutron-l3-agent.service systemctl enable openstack-neutron-linuxbridge-agent.service (CPT) systemctl restart openstack-neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u5217\u51fa\u4ee3\u7406\u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list Cinder \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (CPT) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (CPT) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (CPT) backup_share=HOST:PATH (CPT) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (CPT) volume_group = cinder-volumes (CPT) iscsi_protocol = iscsi (CPT) iscsi_helper = tgtadm (CPT) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u5e10\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS\u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (CPT) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (CPT) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list horizon \u5b89\u88c5 \u00b6 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings ALLOWED_HOSTS = ['*', ] OPENSTACK_HOST = \"controller\" OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740 Tempest \u5b89\u88c5 \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run Ironic \u5b89\u88c5 \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://172.20.19.13:5050/v1 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenstack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenstack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenstack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenstack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenstack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728Openstack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeopenstack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u7f3a\u7701\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector 3\u3001\u914d\u7f6e\u6d88\u606f\u5ea6\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 4\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD 5\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 6\u3001\u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service deploy ramdisk\u955c\u50cf\u5236\u4f5c Q\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528Q\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 Kolla \u5b89\u88c5 \u00b6 Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 20.03 LTS SP2\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002 Trove \u5b89\u88c5 \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s \u89e3\u91ca\uff1a $TROVE_NODE \u66ff\u6362\u4e3aTrove\u7684API\u670d\u52a1\u90e8\u7f72\u8282\u70b9 \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 ```shell script yum install openstack-trove python-troveclient 2. \u914d\u7f6e`trove.conf` ```shell script vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove auth_strategy = keystone # Config option for showing the IP address that nova doles out add_addresses = True network_label_regex = ^NETWORK_LABEL$ api_paste_config = /etc/trove/api-paste.ini trove_auth_url = http://controller:35357/v3/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASS nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/v3/ auth_url=http://controller:35357/v3/ #auth_uri = http://controller/identity #auth_url = http://controller/identity_admin auth_type = password project_domain_name = default user_domain_name = default project_name = service username = trove password = TROVE_PASS \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 \u914d\u7f6e trove-taskmanager.conf ```shell script vim /etc/trove/trove-taskmanager.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller/identity/v2.0 nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove **\u89e3\u91ca\uff1a** \u53c2\u7167`trove.conf`\u914d\u7f6e 4. \u914d\u7f6e`trove-conductor.conf` ```shell script vim /etc/trove/trove-conductor.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller/identity/v2.0 nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:trove@controller/trove \u89e3\u91ca\uff1a \u53c2\u7167 trove.conf \u914d\u7f6e \u914d\u7f6e trove-guestagent.conf ```shell script vim /etc/trove/trove-guestagent.conf [DEFAULT] rabbit_host = controller rabbit_password = RABBIT_PASS nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASS nova_proxy_admin_tenant_name = service trove_auth_url = http://controller/identity_admin/v2.0 **\u89e3\u91ca\uff1a** `guestagent`\u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 6. \u751f\u6210\u6570\u636e`Trove`\u6570\u636e\u5e93\u8868 ```shell script su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 ```shell script systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2. \u542f\u52a8\u670d\u52a1 ```shell script systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"openEuler-20.03-LTS-SP2_Queens"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-queens/#openstack-queens","text":"OpenStack-Queens \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5","title":"OpenStack-Queens \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-queens/#openstack","text":"OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 20.03-LTS-SP2 \u7248\u672c\u5b98\u65b9\u8ba4\u8bc1\u7684\u7b2c\u4e09\u65b9oepkg yum \u6e90\u5df2\u7ecf\u652f\u6301 Openstack-Queens \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597doepkg yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002","title":"OpenStack \u7b80\u4ecb"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-queens/#_1","text":"Openstack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron","title":"\u7ea6\u5b9a"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-queens/#_2","text":"","title":"\u51c6\u5907\u73af\u5883"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-queens/#_3","text":"\u914d\u7f6e 20.03-LTS-SP2 \u5b98\u65b9\u8ba4\u8bc1\u7684\u7b2c\u4e09\u65b9\u6e90 oepkg cat << EOF >> /etc/yum.repos.d/OpenStack_Queens.repo [openstack_queens] name=OpenStack_Queens baseurl=https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP2/budding-openeuler/openstack/queens/$basearch/ gpgcheck=0 enabled=1 EOF yum clean all && yum makecache \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute","title":"\u73af\u5883\u914d\u7f6e"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-queens/#sql-database","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python2-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef","title":"\u5b89\u88c5 SQL DataBase"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-queens/#rabbitmq","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5 RabbitMQ"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-queens/#memcached","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python2-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002","title":"\u5b89\u88c5 Memcached"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-queens/#openstack_1","text":"","title":"\u5b89\u88c5 OpenStack"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-queens/#keystone","text":"\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd python2-mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython2-openstackclient\uff1a yum install python2-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-queens/#glance","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ vim /etc/glance/glance-registry.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service openstack-glance-registry.service systemctl start openstack-glance-api.service openstack-glance-registry.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7darm64\u7248\u672c\u7684\u955c\u50cf \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-queens/#nova","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CPT) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CPT) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTP) openstack role add --project service --user nova admin (CPT) openstack service create --name nova --description \"OpenStack Compute\" compute (CPT) \u521b\u5efaplacement\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt placement (CPT) openstack role add --project service --user placement admin (CPT) openstack service create --name placement --description \"Placement API\" placement (CPT) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CPT) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CPT) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CPT) \u521b\u5efaplacement API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 (CPT) openstack endpoint create --region RegionOne placement internal http://controller:8778 (CPT) openstack endpoint create --region RegionOne placement admin http://controller:8778 (CPT) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor openstack-nova-console \\ openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api (CTL) yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [libvirt] virt_type = qemu (CPT) cpu_mode = custom (CPT) cpu_model = cortex-a7 (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u5e10\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u624b\u52a8\u589e\u52a0Placement API\u63a5\u5165\u914d\u7f6e\u3002 vim /etc/httpd/conf.d/00-nova-placement-api.conf (CTL) <Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory> \u91cd\u542fhttpd\u670d\u52a1\uff1a systemctl restart httpd (CTL) \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF chown nova:nova /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd (CPT) ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd (CPT) vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] (CPT) \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-consoleauth.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-consoleauth.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u548cplacement API\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL)","title":"Nova \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-queens/#neutron","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge-agent ebtables ipset \\ (CTL) openstack-neutron-l3-agent openstack-neutron-dhcp-agent \\ openstack-neutron-metadata-agent yum install openstack-neutron-linuxbridge-agent ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u5e10\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini (CTL) [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable openstack-neutron-server.service \\ (CTL) openstack-neutron-linuxbridge-agent.service openstack-neutron-dhcp-agent.service \\ openstack-neutron-metadata-agent.service openstack-neutron-l3-agent.service systemctl restart openstack-nova-api.service openstack-neutron-server.service (CTL) openstack-neutron-linuxbridge-agent.service openstack-neutron-dhcp-agent.service \\ openstack-neutron-metadata-agent.service openstack-neutron-l3-agent.service systemctl enable openstack-neutron-linuxbridge-agent.service (CPT) systemctl restart openstack-neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u5217\u51fa\u4ee3\u7406\u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list","title":"Neutron \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-queens/#cinder","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (CPT) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (CPT) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (CPT) backup_share=HOST:PATH (CPT) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (CPT) volume_group = cinder-volumes (CPT) iscsi_protocol = iscsi (CPT) iscsi_helper = tgtadm (CPT) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u5e10\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS\u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (CPT) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (CPT) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list","title":"Cinder \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-queens/#horizon","text":"\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings ALLOWED_HOSTS = ['*', ] OPENSTACK_HOST = \"controller\" OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740","title":"horizon \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-queens/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run","title":"Tempest \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-queens/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://172.20.19.13:5050/v1 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenstack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenstack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenstack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenstack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenstack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728Openstack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeopenstack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u7f3a\u7701\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector 3\u3001\u914d\u7f6e\u6d88\u606f\u5ea6\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 4\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD 5\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 6\u3001\u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service deploy ramdisk\u955c\u50cf\u5236\u4f5c Q\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528Q\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002","title":"Ironic \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-queens/#kolla","text":"Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 20.03 LTS SP2\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002","title":"Kolla \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-queens/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s \u89e3\u91ca\uff1a $TROVE_NODE \u66ff\u6362\u4e3aTrove\u7684API\u670d\u52a1\u90e8\u7f72\u8282\u70b9 \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 ```shell script yum install openstack-trove python-troveclient 2. \u914d\u7f6e`trove.conf` ```shell script vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove auth_strategy = keystone # Config option for showing the IP address that nova doles out add_addresses = True network_label_regex = ^NETWORK_LABEL$ api_paste_config = /etc/trove/api-paste.ini trove_auth_url = http://controller:35357/v3/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASS nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/v3/ auth_url=http://controller:35357/v3/ #auth_uri = http://controller/identity #auth_url = http://controller/identity_admin auth_type = password project_domain_name = default user_domain_name = default project_name = service username = trove password = TROVE_PASS \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 \u914d\u7f6e trove-taskmanager.conf ```shell script vim /etc/trove/trove-taskmanager.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller/identity/v2.0 nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove **\u89e3\u91ca\uff1a** \u53c2\u7167`trove.conf`\u914d\u7f6e 4. \u914d\u7f6e`trove-conductor.conf` ```shell script vim /etc/trove/trove-conductor.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller/identity/v2.0 nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:trove@controller/trove \u89e3\u91ca\uff1a \u53c2\u7167 trove.conf \u914d\u7f6e \u914d\u7f6e trove-guestagent.conf ```shell script vim /etc/trove/trove-guestagent.conf [DEFAULT] rabbit_host = controller rabbit_password = RABBIT_PASS nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASS nova_proxy_admin_tenant_name = service trove_auth_url = http://controller/identity_admin/v2.0 **\u89e3\u91ca\uff1a** `guestagent`\u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 6. \u751f\u6210\u6570\u636e`Trove`\u6570\u636e\u5e93\u8868 ```shell script su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 ```shell script systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2. \u542f\u52a8\u670d\u52a1 ```shell script systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/","text":"OpenStack-Rocky \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack-Rocky \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u51c6\u5907\u73af\u5883 OpenStack yum\u6e90\u914d\u7f6e \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 ... ... ... \u6ce8\u610f\uff1a\u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7darm64\u7248\u672c\u7684\u955c\u50cf\u3002 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 Horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 OpenStack \u7b80\u4ecb \u00b6 OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 20.03-LTS-SP2 \u7248\u672c\u5b98\u65b9\u8ba4\u8bc1\u7684\u7b2c\u4e09\u65b9oepkg yum \u6e90\u5df2\u7ecf\u652f\u6301 Openstack-Rocky \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597doepkg yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002 \u51c6\u5907\u73af\u5883 \u00b6 OpenStack yum\u6e90\u914d\u7f6e \u00b6 \u914d\u7f6e 20.03-LTS-SP2 \u5b98\u65b9\u8ba4\u8bc1\u7684\u7b2c\u4e09\u65b9\u6e90 oepkg\uff0c\u4ee5x86_64\u4e3a\u4f8b $ cat << EOF >> /etc/yum.repos.d/OpenStack_Rocky.repo [openstack_rocky] name=OpenStack_Rocky baseurl=https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP2/budding-openeuler/openstack/rocky/x86_64/ gpgcheck=0 enabled=1 EOF $ yum clean all && yum makecache \u73af\u5883\u914d\u7f6e \u00b6 \u5728 /etc/hosts \u4e2d\u6dfb\u52a0controller\u4fe1\u606f\uff0c\u4f8b\u5982\u8282\u70b9IP\u662f 10.0.0.11 \uff0c\u5219\u65b0\u589e\uff1a 10.0.0.11 controller \u5b89\u88c5 SQL DataBase \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 $ yum install mariadb mariadb-server python2-PyMySQL 2. \u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 \u590d\u5236\u5982\u4e0b\u5185\u5bb9\u5230\u6587\u4ef6\uff0c\u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a $ systemctl enable mariadb.service $ systemctl start mariadb.service \u5b89\u88c5 RabbitMQ \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 $ yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 $ systemctl enable rabbitmq-server.service $ systemctl start rabbitmq-server.service 3. \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 $ rabbitmqctl add_user openstack RABBIT_PASS 4. \u66ff\u6362 RABBIT_PASS\uff0c\u4e3aOpenStack\u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a $ rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5 Memcached \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 $ yum install memcached python2-memcached 2. \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\uff0c\u6dfb\u52a0\u4ee5\u4e0b\u5185\u5bb9 OPTIONS=\"-l 127.0.0.1,::1,controller\" OPTIONS \u4fee\u6539\u4e3a\u5b9e\u9645\u73af\u5883\u4e2d\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 $ systemctl enable memcached.service $ systemctl start memcached.service \u5b89\u88c5 OpenStack \u00b6 Keystone \u5b89\u88c5 \u00b6 \u4ee5 root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u66ff\u6362 KEYSTONE_DBPASS\uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 $ yum install openstack-keystone httpd python2-mod_wsgi \u914d\u7f6ekeystone\uff0c\u7f16\u8f91 /etc/keystone/keystone.conf \u6587\u4ef6\u3002\u5728[database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\u3002\u5728[token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u66ff\u6362KEYSTONE_DBPASS\u4e3aKeystone\u6570\u636e\u5e93\u7684\u5bc6\u7801 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 $ keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone $ keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8\u8eab\u4efd\u670d\u52a1\u3002 $ keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u66ff\u6362 ADMIN_PASS\uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801\u3002 \u7f16\u8f91 /etc/httpd/conf/httpd.conf \u6587\u4ef6\uff0c\u914d\u7f6eApache HTTP server $ vim /etc/httpd/conf/httpd.conf \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9\uff0c\u5982\u4e0b\u6240\u793a\u3002 ServerName controller \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa\u3002 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u4e3a /usr/share/keystone/wsgi-keystone.conf \u6587\u4ef6\u521b\u5efa\u94fe\u63a5\u3002 $ ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u5b8c\u6210\u5b89\u88c5\uff0c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8Apache HTTP\u670d\u52a1\u3002 $ systemctl enable httpd.service $ systemctl start httpd.service \u5b89\u88c5OpenStackClient $ yum install python2-openstackclient \u521b\u5efa OpenStack client \u73af\u5883\u811a\u672c \u521b\u5efaadmin\u7528\u6237\u7684\u73af\u5883\u53d8\u91cf\u811a\u672c\uff1a # vim admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 \u66ff\u6362ADMIN_PASS\u4e3aadmin\u7528\u6237\u7684\u5bc6\u7801, \u4e0e\u4e0a\u8ff0 keystone-manage bootstrap \u547d\u4ee4\u4e2d\u8bbe\u7f6e\u7684\u5bc6\u7801\u4e00\u81f4 \u8fd0\u884c\u811a\u672c\u52a0\u8f7d\u73af\u5883\u53d8\u91cf\uff1a $ source admin-openrc \u5206\u522b\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efadomain, projects, users, roles\u3002 \u521b\u5efadomain \u2018example\u2019\uff1a $ openstack domain create --description \"An Example Domain\" example \u6ce8\uff1adomain \u2018default\u2019\u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa \u521b\u5efaproject \u2018service\u2019\uff1a $ openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project \u2019myproject\u2018\uff0cuser \u2019myuser\u2018 \u548c role \u2019myrole\u2018\uff0c\u4e3a\u2018myproject\u2019\u548c\u2018myuser\u2019\u6dfb\u52a0\u89d2\u8272\u2018myrole\u2019\uff1a $ openstack project create --domain default --description \"Demo Project\" myproject $ openstack user create --domain default --password-prompt myuser $ openstack role create myrole $ openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a $ unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a $ openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a $ openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4ee5 root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa glance \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u66ff\u6362 GLANCE_DBPASS\uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 $ source admin-openrc \u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff0c\u5206\u522b\u5b8c\u6210\u521b\u5efa glance \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efaglance\u7528\u6237\u548c\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018glance\u2019\u3002 $ openstack user create --domain default --password-prompt glance $ openstack role add --project service --user glance admin $ openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a $ openstack endpoint create --region RegionOne image public http://controller:9292 $ openstack endpoint create --region RegionOne image internal http://controller:9292 $ openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install openstack-glance \u914d\u7f6eglance\uff1a \u7f16\u8f91 /etc/glance/glance-api.conf \u6587\u4ef6\uff1a \u5728[database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 \u5728[glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e [database] # ... connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] # ... flavor = keystone [glance_store] # ... stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u7f16\u8f91 /etc/glance/glance-registry.conf \u6587\u4ef6\uff1a \u5728[database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 ```ini [database] ... \u00b6 connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] ... \u00b6 www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] ... \u00b6 flavor = keystone ``` \u5176\u4e2d\uff0c\u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u955c\u50cf\u670d\u52a1\uff1a $ systemctl enable openstack-glance-api.service openstack-glance-registry.service $ systemctl start openstack-glance-api.service openstack-glance-registry.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf ```shell $ source admin-openrc \u6ce8\u610f\uff1a\u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7darm64\u7248\u672c\u7684\u955c\u50cf\u3002 \u00b6 $ wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img ``` \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a shell $ glance image-create --name \"cirros\" --file cirros-0.4.0-x86_64-disk.img --disk-format qcow2 --container-format bare --visibility=public \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a shell $ glance image-list Nova \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3aroot\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efanova\u3001nova_api\u3001nova_cell0 \u6570\u636e\u5e93\u5e76\u6388\u6743 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u66ff\u6362NOVA_DBPASS\u53caPLACEMENT_DBPASS\uff0c\u4e3anova\u53caplacement\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b8c\u6210\u521b\u5efanova\u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efanova\u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018nova\u2019\u3002 $ . admin-openrc $ openstack user create --domain default --password-prompt nova $ openstack role add --project service --user nova admin $ openstack service create --name nova --description \"OpenStack Compute\" compute \u521b\u5efa\u8ba1\u7b97\u670d\u52a1API\u7aef\u70b9\uff1a $ openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 $ openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 $ openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 \u521b\u5efaplacement\u7528\u6237\u5e76\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\uff1a $ openstack user create --domain default --password-prompt placement $ openstack role add --project service --user placement admin \u521b\u5efaplacement\u670d\u52a1\u51ed\u8bc1\u53caAPI\u670d\u52a1\u7aef\u70b9\uff1a $ openstack service create --name placement --description \"Placement API\" placement $ openstack endpoint create --region RegionOne placement public http://controller:8778 $ openstack endpoint create --region RegionOne placement internal http://controller:8778 $ openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install openstack-nova-api openstack-nova-conductor \\ openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-compute \\ openstack-nova-placement-api openstack-nova-console \u914d\u7f6enova\uff1a \u7f16\u8f91 /etc/nova/nova.conf \u6587\u4ef6\uff1a \u5728[default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b \u5728[api_database] [database] [placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b \u5728[vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b \u5728[glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b \u5728[oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b \u5728[placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 [DEFAULT] # ... enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.11 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver = libvirt.LibvirtDriver instances_path = /var/lib/nova/instances/ [api_database] # ... connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api [database] # ... connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true # ... server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html [glance] # ... api_servers = http://controller:9292 [oslo_concurrency] # ... lock_path = /var/lib/nova/tmp [placement] # ... region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] # ... auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS \u66ff\u6362RABBIT_PASS\u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6emy_ip\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362NOVA_DBPASS\u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362PLACEMENT_DBPASS\u4e3aplacement\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362NOVA_PASS\u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362PLACEMENT_PASS\u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362NEUTRON_PASS\u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u7f16\u8f91 /etc/httpd/conf.d/00-nova-placement-api.conf \uff0c\u589e\u52a0Placement API\u63a5\u5165\u914d\u7f6e <Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory> \u91cd\u542fhttpd\u670d\u52a1\uff1a $ systemctl restart httpd \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"nova-manage api_db sync\" nova \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova \u521b\u5efacell1 cell\uff1a $ su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova \u540c\u6b65nova\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"nova-manage db sync\" nova \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a $ egrep -c '(vmx|svm)' /proc/cpuinfo \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a \u6ce8\u610f\uff1a \u5982\u679c\u662f\u5728ARM64\u7684\u670d\u52a1\u5668\u4e0a\uff0c\u8fd8\u9700\u8981\u5728\u914d\u7f6e cpu_mode \u4e3a custom , cpu_model \u4e3a cortex-a72 # vim /etc/nova/nova.conf [libvirt] # ... virt_type = qemu cpu_mode = custom cpu_model = cortex-a72 \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u5728 compute \u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd chown nova:nova /usr/share/AAVMF -R vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd\", \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw:/usr/share/edk2/aarch64/vars-template-pflash.raw\" ] \u542f\u52a8\u8ba1\u7b97\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u914d\u7f6e\u5176\u5f00\u673a\u542f\u52a8\uff1a $ systemctl enable \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service $ systemctl start \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service $ systemctl enable libvirtd.service openstack-nova-compute.service $ systemctl start libvirtd.service openstack-nova-compute.service \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230cell\u6570\u636e\u5e93\uff1a \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u5b58\u5728\uff1a $ . admin-openrc $ openstack compute service list --service nova-compute \u6ce8\u518c\u8ba1\u7b97\u8282\u70b9\uff1a $ su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova \u9a8c\u8bc1 $ . admin-openrc \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a $ openstack compute service list \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a $ openstack catalog list \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a $ openstack image list \u68c0\u67e5cells\u548cplacement API\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 $ nova-status upgrade check Neutron \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3aroot\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa neutron \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u66ff\u6362NEUTRON_DBPASS\uff0c\u4e3aneutron\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 $ . admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b8c\u6210\u521b\u5efa neutron \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efaneutron\u7528\u6237\u548c\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u2018neutron\u2019\u7528\u6237\u64cd\u4f5c\u3002 \u521b\u5efaneutron\u670d\u52a1 $ openstack user create --domain default --password-prompt neutron $ openstack role add --project service --user neutron admin $ openstack service create --name neutron --description \"OpenStack Networking\" network \u521b\u5efa\u7f51\u7edc\u670d\u52a1API\u7aef\u70b9\uff1a $ openstack endpoint create --region RegionOne network public http://controller:9696 $ openstack endpoint create --region RegionOne network internal http://controller:9696 $ openstack endpoint create --region RegionOne network admin http://controller:9696 \u5b89\u88c5\u548c\u914d\u7f6e Self-service \u7f51\u7edc \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install openstack-neutron openstack-neutron-ml2 \\ openstack-neutron-linuxbridge ebtables ipset \u914d\u7f6eneutron\uff1a \u7f16\u8f91 /etc/neutron/neutron.conf \u6587\u4ef6\uff1a \u5728[database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b \u5728[default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b \u5728[default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b \u5728[default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b \u5728[oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 [database] # ... connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron [DEFAULT] # ... core_plugin = ml2 service_plugins = router allow_overlapping_ips = true transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] # ... auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = nova password = NOVA_PASS [oslo_concurrency] # ... lock_path = /var/lib/neutron/tmp \u66ff\u6362NEUTRON_DBPASS\u4e3aneutron\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362RABBIT_PASS\u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362NEUTRON_PASS\u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362NOVA_PASS\u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a \u7f16\u8f91 /etc/neutron/plugins/ml2/ml2_conf.ini \u6587\u4ef6\uff1a \u5728[ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528\u7f51\u6865\u53ca layer-2 population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b \u5728[ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b \u5728[ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b \u5728[securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 # vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] # ... type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] # ... flat_networks = provider [ml2_type_vxlan] # ... vni_ranges = 1:1000 [securitygroup] # ... enable_ipset = true \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a \u7f16\u8f91 /etc/neutron/plugins/ml2/linuxbridge_agent.ini \u6587\u4ef6\uff1a \u5728[linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u5728[vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b \u5728[securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] # ... enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u66ff\u6362PROVIDER_INTERFACE_NAME\u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362OVERLAY_INTERFACE_IP_ADDRESS\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a \u7f16\u8f91 /etc/neutron/l3_agent.ini \u6587\u4ef6\uff1a \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge [DEFAULT] # ... interface_driver = linuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a \u7f16\u8f91 /etc/neutron/dhcp_agent.ini \u6587\u4ef6\uff1a \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 [DEFAULT] # ... interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u914d\u7f6emetadata\u4ee3\u7406\uff1a \u7f16\u8f91 /etc/neutron/metadata_agent.ini \u6587\u4ef6\uff1a \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 [DEFAULT] # ... nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u66ff\u6362METADATA_SECRET\u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6e\u8ba1\u7b97\u670d\u52a1 \u7f16\u8f91 /etc/nova/nova.conf \u6587\u4ef6\uff1a \u5728[neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 [neutron] # ... auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET \u66ff\u6362NEUTRON_PASS\u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362METADATA_SECRET\u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u5b8c\u6210\u5b89\u88c5 \u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u94fe\u63a5\uff1a $ ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u540c\u6b65\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a $ systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1\u5e76\u914d\u7f6e\u5f00\u673a\u542f\u52a8\uff1a $ systemctl enable neutron-server.service \\ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service $ systemctl start neutron-server.service \\ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service $ systemctl enable neutron-l3-agent.service $ systemctl start neutron-l3-agent.service \u9a8c\u8bc1 \u5217\u51fa\u4ee3\u7406\u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a $ openstack network agent list Cinder \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3aroot\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efacinder\u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u66ff\u6362CINDER_DBPASS\uff0c\u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 $ source admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a \u521b\u5efacinder\u7528\u6237 \u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018cinder\u2019 \u521b\u5efacinderv2\u548ccinderv3\u670d\u52a1 $ openstack user create --domain default --password-prompt cinder $ openstack role add --project service --user cinder admin $ openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 $ openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a $ openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s $ openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s $ openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s $ openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s $ openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s $ openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u548c\u914d\u7f6e\u63a7\u5236\u8282\u70b9 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install openstack-cinder \u914d\u7f6ecinder\uff1a \u7f16\u8f91 /etc/cinder/cinder.conf \u6587\u4ef6\uff1a \u5728[database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b \u5728[DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b \u5728[DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b \u5728[oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 [database] # ... connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [DEFAULT] # ... transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] # ... lock_path = /var/lib/cinder/tmp \u66ff\u6362CINDER_DBPASS\u4e3acinder\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362RABBIT_PASS\u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6emy_ip\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362CINDER_PASS\u4e3acinder\u7528\u6237\u7684\u5bc6\u7801\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"cinder-manage db sync\" cinder \u914d\u7f6e\u8ba1\u7b97\u4f7f\u7528\u5757\u5b58\u50a8\uff1a \u7f16\u8f91 /etc/nova/nova.conf \u6587\u4ef6\u3002 [cinder] os_region_name = RegionOne \u5b8c\u6210\u5b89\u88c5\uff1a \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 $ systemctl restart openstack-nova-api.service \u542f\u52a8\u5757\u5b58\u50a8\u670d\u52a1 $ systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service $ systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9\uff08LVM\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install lvm2 device-mapper-persistent-data scsi-target-utils python2-keystone \\ openstack-cinder-volume \u521b\u5efaLVM\u7269\u7406\u5377 /dev/sdb\uff1a $ pvcreate /dev/sdb \u521b\u5efaLVM\u5377\u7ec4 cinder-volumes\uff1a $ vgcreate cinder-volumes /dev/sdb \u7f16\u8f91 /etc/lvm/lvm.conf \u6587\u4ef6\uff1a \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/sdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 devices { # ... filter = [ \"a/sdb/\", \"r/.*/\"] \u7f16\u8f91 /etc/cinder/cinder.conf \u6587\u4ef6\uff1a \u5728[lvm]\u90e8\u5206\uff0c\u4f7f\u7528LVM\u9a71\u52a8\u3001cinder-volumes\u5377\u7ec4\u3001iSCSI\u534f\u8bae\u548c\u9002\u5f53\u7684iSCSI\u670d\u52a1\u914d\u7f6eLVM\u540e\u7aef\u3002 \u5728[DEFAULT]\u90e8\u5206\uff0c\u542f\u7528LVM\u540e\u7aef\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u4f4d\u7f6e\u3002 [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver volume_group = cinder-volumes target_protocol = iscsi target_helper = lioadm [DEFAULT] # ... enabled_backends = lvm glance_api_servers = http://controller:9292 \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u5b8c\u6210\u5b89\u88c5\uff1a $ systemctl enable openstack-cinder-volume.service tgtd.service iscsid.service $ systemctl start openstack-cinder-volume.service tgtd.service iscsid.service \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9\uff08ceph RBD\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install ceph-common python2-rados python2-rbd python2-keystone openstack-cinder-volume \u5728[DEFAULT]\u90e8\u5206\uff0c\u542f\u7528LVM\u540e\u7aef\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u4f4d\u7f6e\u3002 [DEFAULT] enabled_backends = ceph-rbd \u6dfb\u52a0ceph rbd\u914d\u7f6e\u90e8\u5206\uff0c\u914d\u7f6e\u5757\u547d\u540d\u4e0eenabled_backends\u4e2d\u4fdd\u6301\u4e00\u81f4 [ceph-rbd] glance_api_version = 2 rados_connect_timeout = -1 rbd_ceph_conf = /etc/ceph/ceph.conf rbd_flatten_volume_from_snapshot = False rbd_max_clone_depth = 5 rbd_pool = <RBD_POOL_NAME> # RBD\u5b58\u50a8\u6c60\u540d\u79f0 rbd_secret_uuid = <rbd_secret_uuid> # \u968f\u673a\u751f\u6210SECRET UUID rbd_store_chunk_size = 4 rbd_user = <RBD_USER_NAME> volume_backend_name = ceph-rbd volume_driver = cinder.volume.drivers.rbd.RBDDriver \u914d\u7f6e\u5b58\u50a8\u8282\u70b9ceph\u5ba2\u6237\u7aef\uff0c\u9700\u8981\u4fdd\u8bc1/etc/ceph/\u76ee\u5f55\u4e2d\u5305\u542bceph\u96c6\u7fa4\u8bbf\u95ee\u914d\u7f6e\uff0c\u5305\u62ecceph.conf\u4ee5\u53cakeyring [root@openeuler ~]# ll /etc/ceph -rw-r--r-- 1 root root 82 Jun 16 17:11 ceph.client.<rbd_user>.keyring -rw-r--r-- 1 root root 1.5K Jun 16 17:11 ceph.conf -rw-r--r-- 1 root root 92 Jun 16 17:11 rbdmap \u5728\u5b58\u50a8\u8282\u70b9\u68c0\u67e5ceph\u96c6\u7fa4\u662f\u5426\u6b63\u5e38\u53ef\u8bbf\u95ee [root@openeuler ~]# ceph --user cinder -s cluster: id: b7b2fac6-420f-4ec1-aea2-4862d29b4059 health: HEALTH_OK services: mon: 3 daemons, quorum VIRT01,VIRT02,VIRT03 mgr: VIRT03(active), standbys: VIRT02, VIRT01 mds: cephfs_virt-1/1/1 up {0=VIRT03=up:active}, 2 up:standby osd: 15 osds: 15 up, 15 in data: pools: 7 pools, 1416 pgs objects: 5.41M objects, 19.8TiB usage: 49.3TiB used, 59.9TiB / 109TiB avail pgs: 1414 active io: client: 2.73MiB/s rd, 22.4MiB/s wr, 3.21kop/s rd, 1.19kop/s wr \u542f\u52a8\u670d\u52a1 $ systemctl enable openstack-cinder-volume.service $ systemctl start openstack-cinder-volume.service \u5b89\u88c5\u548c\u914d\u7f6e\u5907\u4efd\u670d\u52a1 \u7f16\u8f91 /etc/cinder/cinder.conf \u6587\u4ef6\uff1a \u5728[DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6e\u5907\u4efd\u9009\u9879 [DEFAULT] # ... # \u6ce8\u610f: openEuler 21.03\u4e2d\u6ca1\u6709\u63d0\u4f9bOpenStack Swift\u8f6f\u4ef6\u5305\uff0c\u9700\u8981\u7528\u6237\u81ea\u884c\u5b89\u88c5\u3002\u6216\u8005\u4f7f\u7528\u5176\u4ed6\u7684\u5907\u4efd\u540e\u7aef\uff0c\u4f8b\u5982\uff0cNFS\u3002NFS\u5df2\u7ecf\u8fc7\u6d4b\u8bd5\u9a8c\u8bc1\uff0c\u53ef\u4ee5\u6b63\u5e38\u4f7f\u7528\u3002 backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver backup_swift_url = SWIFT_URL \u66ff\u6362SWIFT_URL\u4e3a\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u7684URL\uff0c\u8be5URL\u53ef\u4ee5\u901a\u8fc7\u5bf9\u8c61\u5b58\u50a8API\u7aef\u70b9\u627e\u5230\uff1a $ openstack catalog show object-store \u5b8c\u6210\u5b89\u88c5\uff1a $ systemctl enable openstack-cinder-backup.service $ systemctl start openstack-cinder-backup.service \u9a8c\u8bc1 \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\u9a8c\u8bc1\u6bcf\u4e2a\u6b65\u9aa4\u6210\u529f\uff1a $ source admin-openrc $ openstack volume service list \u6ce8\uff1a\u76ee\u524d\u6682\u672a\u5bf9swift\u7ec4\u4ef6\u8fdb\u884c\u652f\u6301\uff0c\u6709\u6761\u4ef6\u7684\u540c\u5b66\u53ef\u4ee5\u914d\u7f6e\u5bf9\u63a5ceph\u3002 Horizon \u5b89\u88c5 \u00b6 \u5b89\u88c5\u8f6f\u4ef6\u5305 $ yum install openstack-dashboard 2. \u4fee\u6539\u6587\u4ef6 /usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.py \u4fee\u6539\u53d8\u91cf ALLOWED_HOSTS = ['*', ] OPENSTACK_HOST = \"controller\" OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } \u65b0\u589e\u53d8\u91cf OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } WEBROOT = \"/dashboard/\" COMPRESS_OFFLINE = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"admin\" LOGIN_URL = '/dashboard/auth/login/' LOGOUT_URL = '/dashboard/auth/logout/' 3. \u4fee\u6539\u6587\u4ef6/etc/httpd/conf.d/openstack-dashboard.conf WSGIDaemonProcess dashboard WSGIProcessGroup dashboard WSGISocketPrefix run/wsgi WSGIApplicationGroup %{GLOBAL} WSGIScriptAlias /dashboard /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi Alias /dashboard/static /usr/share/openstack-dashboard/static <Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi> Options All AllowOverride All Require all granted </Directory> <Directory /usr/share/openstack-dashboard/static> Options All AllowOverride All Require all granted </Directory> 4. \u5728/usr/share/openstack-dashboard\u76ee\u5f55\u4e0b\u6267\u884c $ ./manage.py compress 5. \u91cd\u542f httpd \u670d\u52a1 $ systemctl restart httpd 5. \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740http:// \uff0c\u767b\u5f55 horizon\u3002 Tempest \u5b89\u88c5 \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5 \u5b89\u88c5Tempest $ yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 $ tempest init mytest 3. \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 $ cd mytest $ vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 $ tempest run Ironic \u5b89\u88c5 \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u7ec4\u4ef6\u5b89\u88c5\u4e0e\u914d\u7f6e ##### \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 $ openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic $ openstack role add --project service --user ironic admin $ openstack service create --name ironic --description \\ \"Ironic baremetal provisioning service\" baremetal $ openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection $ openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector $ openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 $ openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 $ openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 $ openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 $ openstack endpoint create --region RegionOne baremetal-introspection internal http://$IRONIC_NODE:5050/v1 $ openstack endpoint create --region RegionOne baremetal-introspection public http://$IRONIC_NODE:5050/v1 $ openstack endpoint create --region RegionOne baremetal-introspection admin http://$IRONIC_NODE:5050/v1 ##### \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone force_config_drive = True [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u9700\u8981\u5728\u914d\u7f6e\u6587\u4ef6\u4e2d\u6307\u5b9aironic\u65e5\u5fd7\u76ee\u5f55 [DEFAULT] log_dir = /var/log/ironic/ 5\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 $ ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 6\u3001\u91cd\u542fironic-api\u670d\u52a1 $ systemctl restart openstack-ironic-api ##### \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenstack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenstack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenstack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenstack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenstack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728Openstack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeopenstack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] # ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 $ systemctl restart openstack-ironic-conductor ##### \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84 /etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector 3\u3001\u8c03\u7528 ironic-inspector-dbsync \u751f\u6210\u8868 ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade 4\u3001\u914d\u7f6e\u6d88\u606f\u961f\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 5\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD 6\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 7\u3001\u542f\u52a8\u670d\u52a1 $ systemctl enable --now openstack-ironic-inspector.service $ systemctl enable --now openstack-ironic-inspector-dnsmasq.service 8\u3001\u5982\u679c\u8282\u70b9\u5355\u72ec\u90e8\u7f72ironic\u670d\u52a1\u8fd8\u9700\u8981\u90e8\u7f72\u542f\u52a8iscsid.service\u670d\u52a1 $ systemctl enable openstack-cinder-volume.service tgtd.service iscsid.service $ systemctl start openstack-cinder-volume.service tgtd.service iscsid.service \u6ce8\u610f \uff1aarm\u67b6\u6784\u652f\u6301\u4e0d\u5b8c\u5168\uff0c\u9700\u8981\u6839\u636e\u81ea\u5df1\u60c5\u51b5\u8fdb\u884c\u9002\u914d\uff1b deploy ramdisk\u955c\u50cf\u5236\u4f5c \u76ee\u524dramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic python agent builder\u6765\u8fdb\u884c\u5236\u4f5c\uff0c\u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528\u8fd9\u4e2a\u5de5\u5177\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002\uff08\u7528\u6237\u4e5f\u53ef\u4ee5\u6839\u636e\u81ea\u5df1\u7684\u60c5\u51b5\u83b7\u53d6ironic-python-agent\uff0c\u8fd9\u91cc\u63d0\u4f9b\u4f7f\u7528ipa-builder\u5236\u4f5cipa\u65b9\u6cd5\uff09 ##### \u5b89\u88c5 ironic-python-agent-builder \u5b89\u88c5\u5de5\u5177\uff1a $ pip install ironic-python-agent-builder \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a $ /usr/bin/yum /usr/libexec/urlgrabber-ext-down \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a $ yum install git \u7531\u4e8e DIB \u4f9d\u8d56 semanage \u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a semanage --help \uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ##### \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f aarch64 \u67b6\u6784\uff0c\u8fd8\u9700\u8981\u6dfb\u52a0\uff1a $ export ARCH=aarch64 ###### \u666e\u901a\u955c\u50cf \u57fa\u672c\u7528\u6cd5\uff1a usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder \u4e3e\u4f8b\u8bf4\u660e\uff1a $ ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ###### \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a $ export DIB_DEV_USER_USERNAME=ipa \\ $ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ $ export DIB_DEV_USER_PASSWORD='123' $ ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ###### \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 \u53c2\u8003\uff1a source-repositories \u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 Kolla \u5b89\u88c5 \u00b6 Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 20.03 LTS SP2\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef $ yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002 Trove \u5b89\u88c5 \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5bf9\u5e94\u5bc6\u7801 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 $ openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove $ openstack role add --project service --user trove admin $ openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 $ openstack endpoint create --region RegionOne database public http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s $ openstack endpoint create --region RegionOne database internal http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s $ openstack endpoint create --region RegionOne database admin http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s \u89e3\u91ca\uff1a $TROVE_NODE \u66ff\u6362\u4e3aTrove\u7684API\u670d\u52a1\u90e8\u7f72\u8282\u70b9 \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 $ yum install openstack-trove python-troveclient 2\u3001\u914d\u7f6e /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove auth_strategy = keystone # Config option for showing the IP address that nova doles out add_addresses = True network_label_regex = ^NETWORK_LABEL$ api_paste_config = /etc/trove/api-paste.ini trove_auth_url = http://controller:35357/v3/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASS nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/v3/ auth_url=http://controller:35357/v3/ #auth_uri = http://controller/identity #auth_url = http://controller/identity_admin auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = trove password = TROVE_PASS \u89e3\u91ca\uff1a - [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP - nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint - nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b - transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 3\u3001\u914d\u7f6e /etc/trove/trove-taskmanager.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller/identity/v2.0 nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove \u89e3\u91ca\uff1a \u53c2\u7167 trove.conf \u914d\u7f6e 4\u3001\u914d\u7f6e /etc/trove/trove-conductor.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller/identity/v2.0 nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:trove@controller/trove \u89e3\u91ca\uff1a \u53c2\u7167 trove.conf \u914d\u7f6e 5\u3001\u914d\u7f6e /etc/trove/trove-guestagent.conf [DEFAULT] rabbit_host = controller rabbit_password = RABBIT_PASS nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASS nova_proxy_admin_tenant_name = service trove_auth_url = http://controller/identity_admin/v2.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 6\u3001\u751f\u6210\u6570\u636e Trove \u6570\u636e\u5e93\u8868 $ su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e 1\u3001\u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 $ systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2\u3001\u542f\u52a8\u670d\u52a1 $ systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"openEuler-20.03-LTS-SP2_Rocky"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#openstack-rocky","text":"OpenStack-Rocky \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u51c6\u5907\u73af\u5883 OpenStack yum\u6e90\u914d\u7f6e \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 ... ... ... \u6ce8\u610f\uff1a\u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7darm64\u7248\u672c\u7684\u955c\u50cf\u3002 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 Horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5","title":"OpenStack-Rocky \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#openstack","text":"OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 20.03-LTS-SP2 \u7248\u672c\u5b98\u65b9\u8ba4\u8bc1\u7684\u7b2c\u4e09\u65b9oepkg yum \u6e90\u5df2\u7ecf\u652f\u6301 Openstack-Rocky \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597doepkg yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002","title":"OpenStack \u7b80\u4ecb"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#_1","text":"","title":"\u51c6\u5907\u73af\u5883"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#openstack-yum","text":"\u914d\u7f6e 20.03-LTS-SP2 \u5b98\u65b9\u8ba4\u8bc1\u7684\u7b2c\u4e09\u65b9\u6e90 oepkg\uff0c\u4ee5x86_64\u4e3a\u4f8b $ cat << EOF >> /etc/yum.repos.d/OpenStack_Rocky.repo [openstack_rocky] name=OpenStack_Rocky baseurl=https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP2/budding-openeuler/openstack/rocky/x86_64/ gpgcheck=0 enabled=1 EOF $ yum clean all && yum makecache","title":"OpenStack yum\u6e90\u914d\u7f6e"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#_2","text":"\u5728 /etc/hosts \u4e2d\u6dfb\u52a0controller\u4fe1\u606f\uff0c\u4f8b\u5982\u8282\u70b9IP\u662f 10.0.0.11 \uff0c\u5219\u65b0\u589e\uff1a 10.0.0.11 controller","title":"\u73af\u5883\u914d\u7f6e"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#sql-database","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 $ yum install mariadb mariadb-server python2-PyMySQL 2. \u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 \u590d\u5236\u5982\u4e0b\u5185\u5bb9\u5230\u6587\u4ef6\uff0c\u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a $ systemctl enable mariadb.service $ systemctl start mariadb.service","title":"\u5b89\u88c5 SQL DataBase"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#rabbitmq","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 $ yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 $ systemctl enable rabbitmq-server.service $ systemctl start rabbitmq-server.service 3. \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 $ rabbitmqctl add_user openstack RABBIT_PASS 4. \u66ff\u6362 RABBIT_PASS\uff0c\u4e3aOpenStack\u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a $ rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5 RabbitMQ"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#memcached","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 $ yum install memcached python2-memcached 2. \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\uff0c\u6dfb\u52a0\u4ee5\u4e0b\u5185\u5bb9 OPTIONS=\"-l 127.0.0.1,::1,controller\" OPTIONS \u4fee\u6539\u4e3a\u5b9e\u9645\u73af\u5883\u4e2d\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 $ systemctl enable memcached.service $ systemctl start memcached.service","title":"\u5b89\u88c5 Memcached"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#openstack_1","text":"","title":"\u5b89\u88c5 OpenStack"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#keystone","text":"\u4ee5 root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u66ff\u6362 KEYSTONE_DBPASS\uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 $ yum install openstack-keystone httpd python2-mod_wsgi \u914d\u7f6ekeystone\uff0c\u7f16\u8f91 /etc/keystone/keystone.conf \u6587\u4ef6\u3002\u5728[database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\u3002\u5728[token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u66ff\u6362KEYSTONE_DBPASS\u4e3aKeystone\u6570\u636e\u5e93\u7684\u5bc6\u7801 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 $ keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone $ keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8\u8eab\u4efd\u670d\u52a1\u3002 $ keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u66ff\u6362 ADMIN_PASS\uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801\u3002 \u7f16\u8f91 /etc/httpd/conf/httpd.conf \u6587\u4ef6\uff0c\u914d\u7f6eApache HTTP server $ vim /etc/httpd/conf/httpd.conf \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9\uff0c\u5982\u4e0b\u6240\u793a\u3002 ServerName controller \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa\u3002 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u4e3a /usr/share/keystone/wsgi-keystone.conf \u6587\u4ef6\u521b\u5efa\u94fe\u63a5\u3002 $ ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u5b8c\u6210\u5b89\u88c5\uff0c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8Apache HTTP\u670d\u52a1\u3002 $ systemctl enable httpd.service $ systemctl start httpd.service \u5b89\u88c5OpenStackClient $ yum install python2-openstackclient \u521b\u5efa OpenStack client \u73af\u5883\u811a\u672c \u521b\u5efaadmin\u7528\u6237\u7684\u73af\u5883\u53d8\u91cf\u811a\u672c\uff1a # vim admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 \u66ff\u6362ADMIN_PASS\u4e3aadmin\u7528\u6237\u7684\u5bc6\u7801, \u4e0e\u4e0a\u8ff0 keystone-manage bootstrap \u547d\u4ee4\u4e2d\u8bbe\u7f6e\u7684\u5bc6\u7801\u4e00\u81f4 \u8fd0\u884c\u811a\u672c\u52a0\u8f7d\u73af\u5883\u53d8\u91cf\uff1a $ source admin-openrc \u5206\u522b\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efadomain, projects, users, roles\u3002 \u521b\u5efadomain \u2018example\u2019\uff1a $ openstack domain create --description \"An Example Domain\" example \u6ce8\uff1adomain \u2018default\u2019\u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa \u521b\u5efaproject \u2018service\u2019\uff1a $ openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project \u2019myproject\u2018\uff0cuser \u2019myuser\u2018 \u548c role \u2019myrole\u2018\uff0c\u4e3a\u2018myproject\u2019\u548c\u2018myuser\u2019\u6dfb\u52a0\u89d2\u8272\u2018myrole\u2019\uff1a $ openstack project create --domain default --description \"Demo Project\" myproject $ openstack user create --domain default --password-prompt myuser $ openstack role create myrole $ openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a $ unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a $ openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a $ openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#glance","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4ee5 root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa glance \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u66ff\u6362 GLANCE_DBPASS\uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 $ source admin-openrc \u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff0c\u5206\u522b\u5b8c\u6210\u521b\u5efa glance \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efaglance\u7528\u6237\u548c\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018glance\u2019\u3002 $ openstack user create --domain default --password-prompt glance $ openstack role add --project service --user glance admin $ openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a $ openstack endpoint create --region RegionOne image public http://controller:9292 $ openstack endpoint create --region RegionOne image internal http://controller:9292 $ openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install openstack-glance \u914d\u7f6eglance\uff1a \u7f16\u8f91 /etc/glance/glance-api.conf \u6587\u4ef6\uff1a \u5728[database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 \u5728[glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e [database] # ... connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] # ... flavor = keystone [glance_store] # ... stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u7f16\u8f91 /etc/glance/glance-registry.conf \u6587\u4ef6\uff1a \u5728[database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 ```ini [database]","title":"Glance \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#_3","text":"connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken]","title":"..."},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#_4","text":"www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy]","title":"..."},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#_5","text":"flavor = keystone ``` \u5176\u4e2d\uff0c\u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u955c\u50cf\u670d\u52a1\uff1a $ systemctl enable openstack-glance-api.service openstack-glance-registry.service $ systemctl start openstack-glance-api.service openstack-glance-registry.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf ```shell $ source admin-openrc","title":"..."},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#arm64","text":"$ wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img ``` \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a shell $ glance image-create --name \"cirros\" --file cirros-0.4.0-x86_64-disk.img --disk-format qcow2 --container-format bare --visibility=public \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a shell $ glance image-list","title":"\u6ce8\u610f\uff1a\u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7darm64\u7248\u672c\u7684\u955c\u50cf\u3002"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#nova","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3aroot\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efanova\u3001nova_api\u3001nova_cell0 \u6570\u636e\u5e93\u5e76\u6388\u6743 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u66ff\u6362NOVA_DBPASS\u53caPLACEMENT_DBPASS\uff0c\u4e3anova\u53caplacement\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b8c\u6210\u521b\u5efanova\u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efanova\u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018nova\u2019\u3002 $ . admin-openrc $ openstack user create --domain default --password-prompt nova $ openstack role add --project service --user nova admin $ openstack service create --name nova --description \"OpenStack Compute\" compute \u521b\u5efa\u8ba1\u7b97\u670d\u52a1API\u7aef\u70b9\uff1a $ openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 $ openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 $ openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 \u521b\u5efaplacement\u7528\u6237\u5e76\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\uff1a $ openstack user create --domain default --password-prompt placement $ openstack role add --project service --user placement admin \u521b\u5efaplacement\u670d\u52a1\u51ed\u8bc1\u53caAPI\u670d\u52a1\u7aef\u70b9\uff1a $ openstack service create --name placement --description \"Placement API\" placement $ openstack endpoint create --region RegionOne placement public http://controller:8778 $ openstack endpoint create --region RegionOne placement internal http://controller:8778 $ openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install openstack-nova-api openstack-nova-conductor \\ openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-compute \\ openstack-nova-placement-api openstack-nova-console \u914d\u7f6enova\uff1a \u7f16\u8f91 /etc/nova/nova.conf \u6587\u4ef6\uff1a \u5728[default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b \u5728[api_database] [database] [placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b \u5728[vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b \u5728[glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b \u5728[oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b \u5728[placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 [DEFAULT] # ... enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.11 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver = libvirt.LibvirtDriver instances_path = /var/lib/nova/instances/ [api_database] # ... connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api [database] # ... connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true # ... server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html [glance] # ... api_servers = http://controller:9292 [oslo_concurrency] # ... lock_path = /var/lib/nova/tmp [placement] # ... region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] # ... auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS \u66ff\u6362RABBIT_PASS\u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6emy_ip\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362NOVA_DBPASS\u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362PLACEMENT_DBPASS\u4e3aplacement\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362NOVA_PASS\u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362PLACEMENT_PASS\u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362NEUTRON_PASS\u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u7f16\u8f91 /etc/httpd/conf.d/00-nova-placement-api.conf \uff0c\u589e\u52a0Placement API\u63a5\u5165\u914d\u7f6e <Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory> \u91cd\u542fhttpd\u670d\u52a1\uff1a $ systemctl restart httpd \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"nova-manage api_db sync\" nova \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova \u521b\u5efacell1 cell\uff1a $ su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova \u540c\u6b65nova\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"nova-manage db sync\" nova \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a $ egrep -c '(vmx|svm)' /proc/cpuinfo \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a \u6ce8\u610f\uff1a \u5982\u679c\u662f\u5728ARM64\u7684\u670d\u52a1\u5668\u4e0a\uff0c\u8fd8\u9700\u8981\u5728\u914d\u7f6e cpu_mode \u4e3a custom , cpu_model \u4e3a cortex-a72 # vim /etc/nova/nova.conf [libvirt] # ... virt_type = qemu cpu_mode = custom cpu_model = cortex-a72 \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u5728 compute \u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd chown nova:nova /usr/share/AAVMF -R vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd\", \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw:/usr/share/edk2/aarch64/vars-template-pflash.raw\" ] \u542f\u52a8\u8ba1\u7b97\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u914d\u7f6e\u5176\u5f00\u673a\u542f\u52a8\uff1a $ systemctl enable \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service $ systemctl start \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service $ systemctl enable libvirtd.service openstack-nova-compute.service $ systemctl start libvirtd.service openstack-nova-compute.service \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230cell\u6570\u636e\u5e93\uff1a \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u5b58\u5728\uff1a $ . admin-openrc $ openstack compute service list --service nova-compute \u6ce8\u518c\u8ba1\u7b97\u8282\u70b9\uff1a $ su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova \u9a8c\u8bc1 $ . admin-openrc \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a $ openstack compute service list \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a $ openstack catalog list \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a $ openstack image list \u68c0\u67e5cells\u548cplacement API\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 $ nova-status upgrade check","title":"Nova \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#neutron","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3aroot\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa neutron \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u66ff\u6362NEUTRON_DBPASS\uff0c\u4e3aneutron\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 $ . admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b8c\u6210\u521b\u5efa neutron \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efaneutron\u7528\u6237\u548c\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u2018neutron\u2019\u7528\u6237\u64cd\u4f5c\u3002 \u521b\u5efaneutron\u670d\u52a1 $ openstack user create --domain default --password-prompt neutron $ openstack role add --project service --user neutron admin $ openstack service create --name neutron --description \"OpenStack Networking\" network \u521b\u5efa\u7f51\u7edc\u670d\u52a1API\u7aef\u70b9\uff1a $ openstack endpoint create --region RegionOne network public http://controller:9696 $ openstack endpoint create --region RegionOne network internal http://controller:9696 $ openstack endpoint create --region RegionOne network admin http://controller:9696 \u5b89\u88c5\u548c\u914d\u7f6e Self-service \u7f51\u7edc \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install openstack-neutron openstack-neutron-ml2 \\ openstack-neutron-linuxbridge ebtables ipset \u914d\u7f6eneutron\uff1a \u7f16\u8f91 /etc/neutron/neutron.conf \u6587\u4ef6\uff1a \u5728[database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b \u5728[default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b \u5728[default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b \u5728[default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b \u5728[oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 [database] # ... connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron [DEFAULT] # ... core_plugin = ml2 service_plugins = router allow_overlapping_ips = true transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] # ... auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = nova password = NOVA_PASS [oslo_concurrency] # ... lock_path = /var/lib/neutron/tmp \u66ff\u6362NEUTRON_DBPASS\u4e3aneutron\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362RABBIT_PASS\u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362NEUTRON_PASS\u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362NOVA_PASS\u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a \u7f16\u8f91 /etc/neutron/plugins/ml2/ml2_conf.ini \u6587\u4ef6\uff1a \u5728[ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528\u7f51\u6865\u53ca layer-2 population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b \u5728[ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b \u5728[ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b \u5728[securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 # vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] # ... type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] # ... flat_networks = provider [ml2_type_vxlan] # ... vni_ranges = 1:1000 [securitygroup] # ... enable_ipset = true \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a \u7f16\u8f91 /etc/neutron/plugins/ml2/linuxbridge_agent.ini \u6587\u4ef6\uff1a \u5728[linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u5728[vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b \u5728[securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] # ... enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u66ff\u6362PROVIDER_INTERFACE_NAME\u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362OVERLAY_INTERFACE_IP_ADDRESS\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a \u7f16\u8f91 /etc/neutron/l3_agent.ini \u6587\u4ef6\uff1a \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge [DEFAULT] # ... interface_driver = linuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a \u7f16\u8f91 /etc/neutron/dhcp_agent.ini \u6587\u4ef6\uff1a \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 [DEFAULT] # ... interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u914d\u7f6emetadata\u4ee3\u7406\uff1a \u7f16\u8f91 /etc/neutron/metadata_agent.ini \u6587\u4ef6\uff1a \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 [DEFAULT] # ... nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u66ff\u6362METADATA_SECRET\u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6e\u8ba1\u7b97\u670d\u52a1 \u7f16\u8f91 /etc/nova/nova.conf \u6587\u4ef6\uff1a \u5728[neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 [neutron] # ... auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET \u66ff\u6362NEUTRON_PASS\u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362METADATA_SECRET\u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u5b8c\u6210\u5b89\u88c5 \u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u94fe\u63a5\uff1a $ ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u540c\u6b65\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a $ systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1\u5e76\u914d\u7f6e\u5f00\u673a\u542f\u52a8\uff1a $ systemctl enable neutron-server.service \\ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service $ systemctl start neutron-server.service \\ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service $ systemctl enable neutron-l3-agent.service $ systemctl start neutron-l3-agent.service \u9a8c\u8bc1 \u5217\u51fa\u4ee3\u7406\u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a $ openstack network agent list","title":"Neutron \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#cinder","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3aroot\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efacinder\u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u66ff\u6362CINDER_DBPASS\uff0c\u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 $ source admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a \u521b\u5efacinder\u7528\u6237 \u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018cinder\u2019 \u521b\u5efacinderv2\u548ccinderv3\u670d\u52a1 $ openstack user create --domain default --password-prompt cinder $ openstack role add --project service --user cinder admin $ openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 $ openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a $ openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s $ openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s $ openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s $ openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s $ openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s $ openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u548c\u914d\u7f6e\u63a7\u5236\u8282\u70b9 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install openstack-cinder \u914d\u7f6ecinder\uff1a \u7f16\u8f91 /etc/cinder/cinder.conf \u6587\u4ef6\uff1a \u5728[database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b \u5728[DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b \u5728[DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b \u5728[oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 [database] # ... connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [DEFAULT] # ... transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] # ... lock_path = /var/lib/cinder/tmp \u66ff\u6362CINDER_DBPASS\u4e3acinder\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362RABBIT_PASS\u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6emy_ip\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362CINDER_PASS\u4e3acinder\u7528\u6237\u7684\u5bc6\u7801\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"cinder-manage db sync\" cinder \u914d\u7f6e\u8ba1\u7b97\u4f7f\u7528\u5757\u5b58\u50a8\uff1a \u7f16\u8f91 /etc/nova/nova.conf \u6587\u4ef6\u3002 [cinder] os_region_name = RegionOne \u5b8c\u6210\u5b89\u88c5\uff1a \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 $ systemctl restart openstack-nova-api.service \u542f\u52a8\u5757\u5b58\u50a8\u670d\u52a1 $ systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service $ systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9\uff08LVM\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install lvm2 device-mapper-persistent-data scsi-target-utils python2-keystone \\ openstack-cinder-volume \u521b\u5efaLVM\u7269\u7406\u5377 /dev/sdb\uff1a $ pvcreate /dev/sdb \u521b\u5efaLVM\u5377\u7ec4 cinder-volumes\uff1a $ vgcreate cinder-volumes /dev/sdb \u7f16\u8f91 /etc/lvm/lvm.conf \u6587\u4ef6\uff1a \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/sdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 devices { # ... filter = [ \"a/sdb/\", \"r/.*/\"] \u7f16\u8f91 /etc/cinder/cinder.conf \u6587\u4ef6\uff1a \u5728[lvm]\u90e8\u5206\uff0c\u4f7f\u7528LVM\u9a71\u52a8\u3001cinder-volumes\u5377\u7ec4\u3001iSCSI\u534f\u8bae\u548c\u9002\u5f53\u7684iSCSI\u670d\u52a1\u914d\u7f6eLVM\u540e\u7aef\u3002 \u5728[DEFAULT]\u90e8\u5206\uff0c\u542f\u7528LVM\u540e\u7aef\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u4f4d\u7f6e\u3002 [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver volume_group = cinder-volumes target_protocol = iscsi target_helper = lioadm [DEFAULT] # ... enabled_backends = lvm glance_api_servers = http://controller:9292 \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u5b8c\u6210\u5b89\u88c5\uff1a $ systemctl enable openstack-cinder-volume.service tgtd.service iscsid.service $ systemctl start openstack-cinder-volume.service tgtd.service iscsid.service \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9\uff08ceph RBD\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install ceph-common python2-rados python2-rbd python2-keystone openstack-cinder-volume \u5728[DEFAULT]\u90e8\u5206\uff0c\u542f\u7528LVM\u540e\u7aef\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u4f4d\u7f6e\u3002 [DEFAULT] enabled_backends = ceph-rbd \u6dfb\u52a0ceph rbd\u914d\u7f6e\u90e8\u5206\uff0c\u914d\u7f6e\u5757\u547d\u540d\u4e0eenabled_backends\u4e2d\u4fdd\u6301\u4e00\u81f4 [ceph-rbd] glance_api_version = 2 rados_connect_timeout = -1 rbd_ceph_conf = /etc/ceph/ceph.conf rbd_flatten_volume_from_snapshot = False rbd_max_clone_depth = 5 rbd_pool = <RBD_POOL_NAME> # RBD\u5b58\u50a8\u6c60\u540d\u79f0 rbd_secret_uuid = <rbd_secret_uuid> # \u968f\u673a\u751f\u6210SECRET UUID rbd_store_chunk_size = 4 rbd_user = <RBD_USER_NAME> volume_backend_name = ceph-rbd volume_driver = cinder.volume.drivers.rbd.RBDDriver \u914d\u7f6e\u5b58\u50a8\u8282\u70b9ceph\u5ba2\u6237\u7aef\uff0c\u9700\u8981\u4fdd\u8bc1/etc/ceph/\u76ee\u5f55\u4e2d\u5305\u542bceph\u96c6\u7fa4\u8bbf\u95ee\u914d\u7f6e\uff0c\u5305\u62ecceph.conf\u4ee5\u53cakeyring [root@openeuler ~]# ll /etc/ceph -rw-r--r-- 1 root root 82 Jun 16 17:11 ceph.client.<rbd_user>.keyring -rw-r--r-- 1 root root 1.5K Jun 16 17:11 ceph.conf -rw-r--r-- 1 root root 92 Jun 16 17:11 rbdmap \u5728\u5b58\u50a8\u8282\u70b9\u68c0\u67e5ceph\u96c6\u7fa4\u662f\u5426\u6b63\u5e38\u53ef\u8bbf\u95ee [root@openeuler ~]# ceph --user cinder -s cluster: id: b7b2fac6-420f-4ec1-aea2-4862d29b4059 health: HEALTH_OK services: mon: 3 daemons, quorum VIRT01,VIRT02,VIRT03 mgr: VIRT03(active), standbys: VIRT02, VIRT01 mds: cephfs_virt-1/1/1 up {0=VIRT03=up:active}, 2 up:standby osd: 15 osds: 15 up, 15 in data: pools: 7 pools, 1416 pgs objects: 5.41M objects, 19.8TiB usage: 49.3TiB used, 59.9TiB / 109TiB avail pgs: 1414 active io: client: 2.73MiB/s rd, 22.4MiB/s wr, 3.21kop/s rd, 1.19kop/s wr \u542f\u52a8\u670d\u52a1 $ systemctl enable openstack-cinder-volume.service $ systemctl start openstack-cinder-volume.service \u5b89\u88c5\u548c\u914d\u7f6e\u5907\u4efd\u670d\u52a1 \u7f16\u8f91 /etc/cinder/cinder.conf \u6587\u4ef6\uff1a \u5728[DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6e\u5907\u4efd\u9009\u9879 [DEFAULT] # ... # \u6ce8\u610f: openEuler 21.03\u4e2d\u6ca1\u6709\u63d0\u4f9bOpenStack Swift\u8f6f\u4ef6\u5305\uff0c\u9700\u8981\u7528\u6237\u81ea\u884c\u5b89\u88c5\u3002\u6216\u8005\u4f7f\u7528\u5176\u4ed6\u7684\u5907\u4efd\u540e\u7aef\uff0c\u4f8b\u5982\uff0cNFS\u3002NFS\u5df2\u7ecf\u8fc7\u6d4b\u8bd5\u9a8c\u8bc1\uff0c\u53ef\u4ee5\u6b63\u5e38\u4f7f\u7528\u3002 backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver backup_swift_url = SWIFT_URL \u66ff\u6362SWIFT_URL\u4e3a\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u7684URL\uff0c\u8be5URL\u53ef\u4ee5\u901a\u8fc7\u5bf9\u8c61\u5b58\u50a8API\u7aef\u70b9\u627e\u5230\uff1a $ openstack catalog show object-store \u5b8c\u6210\u5b89\u88c5\uff1a $ systemctl enable openstack-cinder-backup.service $ systemctl start openstack-cinder-backup.service \u9a8c\u8bc1 \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\u9a8c\u8bc1\u6bcf\u4e2a\u6b65\u9aa4\u6210\u529f\uff1a $ source admin-openrc $ openstack volume service list \u6ce8\uff1a\u76ee\u524d\u6682\u672a\u5bf9swift\u7ec4\u4ef6\u8fdb\u884c\u652f\u6301\uff0c\u6709\u6761\u4ef6\u7684\u540c\u5b66\u53ef\u4ee5\u914d\u7f6e\u5bf9\u63a5ceph\u3002","title":"Cinder \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#horizon","text":"\u5b89\u88c5\u8f6f\u4ef6\u5305 $ yum install openstack-dashboard 2. \u4fee\u6539\u6587\u4ef6 /usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.py \u4fee\u6539\u53d8\u91cf ALLOWED_HOSTS = ['*', ] OPENSTACK_HOST = \"controller\" OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } \u65b0\u589e\u53d8\u91cf OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } WEBROOT = \"/dashboard/\" COMPRESS_OFFLINE = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"admin\" LOGIN_URL = '/dashboard/auth/login/' LOGOUT_URL = '/dashboard/auth/logout/' 3. \u4fee\u6539\u6587\u4ef6/etc/httpd/conf.d/openstack-dashboard.conf WSGIDaemonProcess dashboard WSGIProcessGroup dashboard WSGISocketPrefix run/wsgi WSGIApplicationGroup %{GLOBAL} WSGIScriptAlias /dashboard /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi Alias /dashboard/static /usr/share/openstack-dashboard/static <Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi> Options All AllowOverride All Require all granted </Directory> <Directory /usr/share/openstack-dashboard/static> Options All AllowOverride All Require all granted </Directory> 4. \u5728/usr/share/openstack-dashboard\u76ee\u5f55\u4e0b\u6267\u884c $ ./manage.py compress 5. \u91cd\u542f httpd \u670d\u52a1 $ systemctl restart httpd 5. \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740http:// \uff0c\u767b\u5f55 horizon\u3002","title":"Horizon \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5 \u5b89\u88c5Tempest $ yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 $ tempest init mytest 3. \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 $ cd mytest $ vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 $ tempest run","title":"Tempest \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u7ec4\u4ef6\u5b89\u88c5\u4e0e\u914d\u7f6e ##### \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 $ openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic $ openstack role add --project service --user ironic admin $ openstack service create --name ironic --description \\ \"Ironic baremetal provisioning service\" baremetal $ openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection $ openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector $ openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 $ openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 $ openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 $ openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 $ openstack endpoint create --region RegionOne baremetal-introspection internal http://$IRONIC_NODE:5050/v1 $ openstack endpoint create --region RegionOne baremetal-introspection public http://$IRONIC_NODE:5050/v1 $ openstack endpoint create --region RegionOne baremetal-introspection admin http://$IRONIC_NODE:5050/v1 ##### \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone force_config_drive = True [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u9700\u8981\u5728\u914d\u7f6e\u6587\u4ef6\u4e2d\u6307\u5b9aironic\u65e5\u5fd7\u76ee\u5f55 [DEFAULT] log_dir = /var/log/ironic/ 5\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 $ ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 6\u3001\u91cd\u542fironic-api\u670d\u52a1 $ systemctl restart openstack-ironic-api ##### \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenstack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenstack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenstack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenstack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenstack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728Openstack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeopenstack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] # ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 $ systemctl restart openstack-ironic-conductor ##### \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84 /etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector 3\u3001\u8c03\u7528 ironic-inspector-dbsync \u751f\u6210\u8868 ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade 4\u3001\u914d\u7f6e\u6d88\u606f\u961f\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 5\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD 6\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 7\u3001\u542f\u52a8\u670d\u52a1 $ systemctl enable --now openstack-ironic-inspector.service $ systemctl enable --now openstack-ironic-inspector-dnsmasq.service 8\u3001\u5982\u679c\u8282\u70b9\u5355\u72ec\u90e8\u7f72ironic\u670d\u52a1\u8fd8\u9700\u8981\u90e8\u7f72\u542f\u52a8iscsid.service\u670d\u52a1 $ systemctl enable openstack-cinder-volume.service tgtd.service iscsid.service $ systemctl start openstack-cinder-volume.service tgtd.service iscsid.service \u6ce8\u610f \uff1aarm\u67b6\u6784\u652f\u6301\u4e0d\u5b8c\u5168\uff0c\u9700\u8981\u6839\u636e\u81ea\u5df1\u60c5\u51b5\u8fdb\u884c\u9002\u914d\uff1b deploy ramdisk\u955c\u50cf\u5236\u4f5c \u76ee\u524dramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic python agent builder\u6765\u8fdb\u884c\u5236\u4f5c\uff0c\u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528\u8fd9\u4e2a\u5de5\u5177\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002\uff08\u7528\u6237\u4e5f\u53ef\u4ee5\u6839\u636e\u81ea\u5df1\u7684\u60c5\u51b5\u83b7\u53d6ironic-python-agent\uff0c\u8fd9\u91cc\u63d0\u4f9b\u4f7f\u7528ipa-builder\u5236\u4f5cipa\u65b9\u6cd5\uff09 ##### \u5b89\u88c5 ironic-python-agent-builder \u5b89\u88c5\u5de5\u5177\uff1a $ pip install ironic-python-agent-builder \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a $ /usr/bin/yum /usr/libexec/urlgrabber-ext-down \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a $ yum install git \u7531\u4e8e DIB \u4f9d\u8d56 semanage \u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a semanage --help \uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ##### \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f aarch64 \u67b6\u6784\uff0c\u8fd8\u9700\u8981\u6dfb\u52a0\uff1a $ export ARCH=aarch64 ###### \u666e\u901a\u955c\u50cf \u57fa\u672c\u7528\u6cd5\uff1a usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder \u4e3e\u4f8b\u8bf4\u660e\uff1a $ ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ###### \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a $ export DIB_DEV_USER_USERNAME=ipa \\ $ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ $ export DIB_DEV_USER_PASSWORD='123' $ ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ###### \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 \u53c2\u8003\uff1a source-repositories \u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002","title":"Ironic \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#kolla","text":"Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 20.03 LTS SP2\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef $ yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002","title":"Kolla \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5bf9\u5e94\u5bc6\u7801 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 $ openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove $ openstack role add --project service --user trove admin $ openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 $ openstack endpoint create --region RegionOne database public http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s $ openstack endpoint create --region RegionOne database internal http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s $ openstack endpoint create --region RegionOne database admin http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s \u89e3\u91ca\uff1a $TROVE_NODE \u66ff\u6362\u4e3aTrove\u7684API\u670d\u52a1\u90e8\u7f72\u8282\u70b9 \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 $ yum install openstack-trove python-troveclient 2\u3001\u914d\u7f6e /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove auth_strategy = keystone # Config option for showing the IP address that nova doles out add_addresses = True network_label_regex = ^NETWORK_LABEL$ api_paste_config = /etc/trove/api-paste.ini trove_auth_url = http://controller:35357/v3/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASS nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/v3/ auth_url=http://controller:35357/v3/ #auth_uri = http://controller/identity #auth_url = http://controller/identity_admin auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = trove password = TROVE_PASS \u89e3\u91ca\uff1a - [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP - nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint - nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b - transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 3\u3001\u914d\u7f6e /etc/trove/trove-taskmanager.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller/identity/v2.0 nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove \u89e3\u91ca\uff1a \u53c2\u7167 trove.conf \u914d\u7f6e 4\u3001\u914d\u7f6e /etc/trove/trove-conductor.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller/identity/v2.0 nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:trove@controller/trove \u89e3\u91ca\uff1a \u53c2\u7167 trove.conf \u914d\u7f6e 5\u3001\u914d\u7f6e /etc/trove/trove-guestagent.conf [DEFAULT] rabbit_host = controller rabbit_password = RABBIT_PASS nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASS nova_proxy_admin_tenant_name = service trove_auth_url = http://controller/identity_admin/v2.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 6\u3001\u751f\u6210\u6570\u636e Trove \u6570\u636e\u5e93\u8868 $ su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e 1\u3001\u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 $ systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2\u3001\u542f\u52a8\u670d\u52a1 $ systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-queens/","text":"OpenStack-Queens \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack-Queens \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Rally \u5b89\u88c5 OpenStack \u7b80\u4ecb \u00b6 OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531 nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon \u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 20.03-LTS-SP3 \u7248\u672c\u5b98\u65b9\u8ba4\u8bc1\u7684\u7b2c\u4e09\u65b9 oepkg yum \u6e90\u5df2\u7ecf\u652f\u6301 Openstack-Queens \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d oepkg yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002 \u7ea6\u5b9a \u00b6 Openstack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron \u51c6\u5907\u73af\u5883 \u00b6 \u73af\u5883\u914d\u7f6e \u00b6 \u914d\u7f6e 20.03-LTS-SP3 \u5b98\u65b9\u8ba4\u8bc1\u7684\u7b2c\u4e09\u65b9\u6e90 oepkg cat << EOF >> /etc/yum.repos.d/OpenStack_Queens.repo [openstack_queens] name=OpenStack_Queens baseurl=https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP3/budding-openeuler/openstack/queens/$basearch/ gpgcheck=0 enabled=1 EOF \u6ce8\u610f \u5982\u679c\u73af\u5883\u542f\u7528\u4e86Epol\u6e90\uff0c\u9700\u8981\u63d0\u9ad8queens\u4ed3\u7684\u4f18\u5148\u7ea7\uff0c\u8bbe\u7f6epriority=1\uff1a cat << EOF >> /etc/yum.repos.d/OpenStack_Queens.repo [openstack_queens] name=OpenStack_Queens baseurl=https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP3/budding-openeuler/openstack/queens/$basearch/ gpgcheck=0 enabled=1 priority=1 EOF $ yum clean all && yum makecache \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute \u5b89\u88c5 SQL DataBase \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python2-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef \u5b89\u88c5 RabbitMQ \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5 Memcached \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python2-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u5b89\u88c5 OpenStack \u00b6 Keystone \u5b89\u88c5 \u00b6 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd python2-mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython2-openstackclient\uff1a yum install python2-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ vim /etc/glance/glance-registry.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service openstack-glance-registry.service systemctl start openstack-glance-api.service openstack-glance-registry.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7darm64\u7248\u672c\u7684\u955c\u50cf \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Nova \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CPT) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CPT) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTP) openstack role add --project service --user nova admin (CPT) openstack service create --name nova --description \"OpenStack Compute\" compute (CPT) \u521b\u5efaplacement\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt placement (CPT) openstack role add --project service --user placement admin (CPT) openstack service create --name placement --description \"Placement API\" placement (CPT) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CPT) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CPT) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CPT) \u521b\u5efaplacement API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 (CPT) openstack endpoint create --region RegionOne placement internal http://controller:8778 (CPT) openstack endpoint create --region RegionOne placement admin http://controller:8778 (CPT) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor openstack-nova-console \\ novnc openstack-nova-novncproxy openstack-nova-scheduler \\ openstack-nova-placement-api (CTL) yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver = libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) logdir = /var/log/nova/ [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u624b\u52a8\u589e\u52a0Placement API\u63a5\u5165\u914d\u7f6e\u3002 vim /etc/httpd/conf.d/00-nova-placement-api.conf (CTL) <Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory> \u91cd\u542fhttpd\u670d\u52a1\uff1a systemctl restart httpd (CTL) \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF chown nova:nova /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u5e76\u4e14\u5f53ARM\u67b6\u6784\u4e0b\u7684\u90e8\u7f72\u73af\u5883\u4e3a\u5d4c\u5957\u865a\u62df\u5316\u65f6\uff0c libvirt \u914d\u7f6e\u5982\u4e0b\uff1a [libvirt] virt_type = qemu cpu_mode = custom cpu_model = cortex-a72 \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-consoleauth.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-consoleauth.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u548cplacement API\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL) Neutron \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge-agent \\ (CTL) ebtables ipset openstack-neutron-l3-agent \\ openstack-neutron-dhcp-agent \\ openstack-neutron-metadata-agent yum install openstack-neutron-linuxbridge-agent ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable openstack-neutron-server.service \\ (CTL) openstack-neutron-linuxbridge-agent.service openstack-neutron-dhcp-agent.service \\ openstack-neutron-metadata-agent.service openstack-neutron-l3-agent.service systemctl restart openstack-nova-api.service openstack-neutron-server.service \\ (CTL) openstack-neutron-linuxbridge-agent.service openstack-neutron-dhcp-agent.service \\ openstack-neutron-metadata-agent.service openstack-neutron-l3-agent.service systemctl enable openstack-neutron-linuxbridge-agent.service (CPT) systemctl restart openstack-neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u5217\u51fa\u4ee3\u7406\u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list Cinder \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (CPT) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (CPT) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (CPT) backup_share=HOST:PATH (CPT) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (CPT) volume_group = cinder-volumes (CPT) iscsi_protocol = iscsi (CPT) iscsi_helper = tgtadm (CPT) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS\u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (CPT) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (CPT) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list horizon \u5b89\u88c5 \u00b6 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings ALLOWED_HOSTS = ['*', ] OPENSTACK_HOST = \"controller\" OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740 Tempest \u5b89\u88c5 \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run Ironic \u5b89\u88c5 \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-ironic-api openstack-ironic-conductor python2-ironicclient \u542f\u52a8\u670d\u52a1 systemctl enable openstack-ironic-api openstack-ironic-conductor systemctl start openstack-ironic-api openstack-ironic-conductor \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenstack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenstack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenstack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenstack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenstack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728Openstack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeopenstack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor deploy ramdisk\u955c\u50cf\u5236\u4f5c Q\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528Q\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u5728Queens\u4e2d\uff0c\u6211\u4eec\u8fd8\u63d0\u4f9b\u4e86ironic-inspector\u7b49\u670d\u52a1\uff0c\u7528\u6237\u53ef\u6839\u636e\u81ea\u8eab\u9700\u6c42\u5b89\u88c5\u3002 Kolla \u5b89\u88c5 \u00b6 Kolla \u4e3a OpenStack \u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 20.03 LTS SP2\u4e2d\u5df2\u7ecf\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\uff0c\u4f46\u662fKolla \u4ee5\u53ca Kolla-ansible \u539f\u751f\u5e76\u4e0d\u652f\u6301 openEuler\uff0c \u56e0\u6b64 Openstack SIG \u5728openEuler 20.03 LTS SP3\u4e2d\u63d0\u4f9b\u4e86 openstack-kolla-plugin \u548c openstack-kolla-ansible-plugin \u8fd9\u4e24\u4e2a\u8865\u4e01\u5305\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef \u652f\u6301 openEuler \u7248\u672c\uff1a yum install openstack-kolla-plugin openstack-kolla-ansible-plugin \u4e0d\u652f\u6301 openEuler \u7248\u672c\uff1a yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002 Trove \u5b89\u88c5 \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s \u89e3\u91ca\uff1a $TROVE_NODE \u66ff\u6362\u4e3aTrove\u7684API\u670d\u52a1\u90e8\u7f72\u8282\u70b9 \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 ```shell script yum install openstack-trove python2-troveclient 2. \u914d\u7f6e`trove.conf` ```shell script vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove auth_strategy = keystone # Config option for showing the IP address that nova doles out add_addresses = True network_label_regex = ^NETWORK_LABEL$ api_paste_config = /etc/trove/api-paste.ini trove_auth_url = http://controller:35357/v3/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASS nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/v3/ auth_url=http://controller:35357/v3/ #auth_uri = http://controller/identity #auth_url = http://controller/identity_admin auth_type = password project_domain_name = default user_domain_name = default project_name = service username = trove password = TROVE_PASS \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 \u914d\u7f6e trove-taskmanager.conf ```shell script vim /etc/trove/trove-taskmanager.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller/identity/v2.0 nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove **\u89e3\u91ca\uff1a** \u53c2\u7167`trove.conf`\u914d\u7f6e 4. \u914d\u7f6e`trove-conductor.conf` ```shell script vim /etc/trove/trove-conductor.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller/identity/v2.0 nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:trove@controller/trove \u89e3\u91ca\uff1a \u53c2\u7167 trove.conf \u914d\u7f6e \u914d\u7f6e trove-guestagent.conf ```shell script vim /etc/trove/trove-guestagent.conf [DEFAULT] rabbit_host = controller rabbit_password = RABBIT_PASS nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASS nova_proxy_admin_tenant_name = service trove_auth_url = http://controller/identity_admin/v2.0 **\u89e3\u91ca\uff1a** `guestagent`\u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 6. \u751f\u6210\u6570\u636e`Trove`\u6570\u636e\u5e93\u8868 ```shell script su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 ```shell script systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2. \u542f\u52a8\u670d\u52a1 ```shell script systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Rally \u5b89\u88c5 \u00b6 Rally\u662fOpenStack\u63d0\u4f9b\u7684\u6027\u80fd\u6d4b\u8bd5\u5de5\u5177\u3002\u53ea\u9700\u8981\u7b80\u5355\u7684\u5b89\u88c5\u5373\u53ef\u3002 yum install openstack-rally openstack-rally-plugins","title":"openEuler-20.03-LTS-SP3_Queens"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-queens/#openstack-queens","text":"OpenStack-Queens \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Rally \u5b89\u88c5","title":"OpenStack-Queens \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-queens/#openstack","text":"OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531 nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon \u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 20.03-LTS-SP3 \u7248\u672c\u5b98\u65b9\u8ba4\u8bc1\u7684\u7b2c\u4e09\u65b9 oepkg yum \u6e90\u5df2\u7ecf\u652f\u6301 Openstack-Queens \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d oepkg yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002","title":"OpenStack \u7b80\u4ecb"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-queens/#_1","text":"Openstack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron","title":"\u7ea6\u5b9a"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-queens/#_2","text":"","title":"\u51c6\u5907\u73af\u5883"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-queens/#_3","text":"\u914d\u7f6e 20.03-LTS-SP3 \u5b98\u65b9\u8ba4\u8bc1\u7684\u7b2c\u4e09\u65b9\u6e90 oepkg cat << EOF >> /etc/yum.repos.d/OpenStack_Queens.repo [openstack_queens] name=OpenStack_Queens baseurl=https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP3/budding-openeuler/openstack/queens/$basearch/ gpgcheck=0 enabled=1 EOF \u6ce8\u610f \u5982\u679c\u73af\u5883\u542f\u7528\u4e86Epol\u6e90\uff0c\u9700\u8981\u63d0\u9ad8queens\u4ed3\u7684\u4f18\u5148\u7ea7\uff0c\u8bbe\u7f6epriority=1\uff1a cat << EOF >> /etc/yum.repos.d/OpenStack_Queens.repo [openstack_queens] name=OpenStack_Queens baseurl=https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP3/budding-openeuler/openstack/queens/$basearch/ gpgcheck=0 enabled=1 priority=1 EOF $ yum clean all && yum makecache \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute","title":"\u73af\u5883\u914d\u7f6e"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-queens/#sql-database","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python2-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef","title":"\u5b89\u88c5 SQL DataBase"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-queens/#rabbitmq","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5 RabbitMQ"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-queens/#memcached","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python2-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002","title":"\u5b89\u88c5 Memcached"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-queens/#openstack_1","text":"","title":"\u5b89\u88c5 OpenStack"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-queens/#keystone","text":"\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd python2-mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython2-openstackclient\uff1a yum install python2-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-queens/#glance","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ vim /etc/glance/glance-registry.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service openstack-glance-registry.service systemctl start openstack-glance-api.service openstack-glance-registry.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7darm64\u7248\u672c\u7684\u955c\u50cf \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-queens/#nova","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CPT) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CPT) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTP) openstack role add --project service --user nova admin (CPT) openstack service create --name nova --description \"OpenStack Compute\" compute (CPT) \u521b\u5efaplacement\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt placement (CPT) openstack role add --project service --user placement admin (CPT) openstack service create --name placement --description \"Placement API\" placement (CPT) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CPT) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CPT) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CPT) \u521b\u5efaplacement API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 (CPT) openstack endpoint create --region RegionOne placement internal http://controller:8778 (CPT) openstack endpoint create --region RegionOne placement admin http://controller:8778 (CPT) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor openstack-nova-console \\ novnc openstack-nova-novncproxy openstack-nova-scheduler \\ openstack-nova-placement-api (CTL) yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver = libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) logdir = /var/log/nova/ [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u624b\u52a8\u589e\u52a0Placement API\u63a5\u5165\u914d\u7f6e\u3002 vim /etc/httpd/conf.d/00-nova-placement-api.conf (CTL) <Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory> \u91cd\u542fhttpd\u670d\u52a1\uff1a systemctl restart httpd (CTL) \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF chown nova:nova /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u5e76\u4e14\u5f53ARM\u67b6\u6784\u4e0b\u7684\u90e8\u7f72\u73af\u5883\u4e3a\u5d4c\u5957\u865a\u62df\u5316\u65f6\uff0c libvirt \u914d\u7f6e\u5982\u4e0b\uff1a [libvirt] virt_type = qemu cpu_mode = custom cpu_model = cortex-a72 \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-consoleauth.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-consoleauth.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u548cplacement API\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL)","title":"Nova \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-queens/#neutron","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge-agent \\ (CTL) ebtables ipset openstack-neutron-l3-agent \\ openstack-neutron-dhcp-agent \\ openstack-neutron-metadata-agent yum install openstack-neutron-linuxbridge-agent ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable openstack-neutron-server.service \\ (CTL) openstack-neutron-linuxbridge-agent.service openstack-neutron-dhcp-agent.service \\ openstack-neutron-metadata-agent.service openstack-neutron-l3-agent.service systemctl restart openstack-nova-api.service openstack-neutron-server.service \\ (CTL) openstack-neutron-linuxbridge-agent.service openstack-neutron-dhcp-agent.service \\ openstack-neutron-metadata-agent.service openstack-neutron-l3-agent.service systemctl enable openstack-neutron-linuxbridge-agent.service (CPT) systemctl restart openstack-neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u5217\u51fa\u4ee3\u7406\u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list","title":"Neutron \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-queens/#cinder","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (CPT) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (CPT) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (CPT) backup_share=HOST:PATH (CPT) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (CPT) volume_group = cinder-volumes (CPT) iscsi_protocol = iscsi (CPT) iscsi_helper = tgtadm (CPT) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS\u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (CPT) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (CPT) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list","title":"Cinder \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-queens/#horizon","text":"\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings ALLOWED_HOSTS = ['*', ] OPENSTACK_HOST = \"controller\" OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740","title":"horizon \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-queens/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run","title":"Tempest \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-queens/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-ironic-api openstack-ironic-conductor python2-ironicclient \u542f\u52a8\u670d\u52a1 systemctl enable openstack-ironic-api openstack-ironic-conductor systemctl start openstack-ironic-api openstack-ironic-conductor \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenstack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenstack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenstack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenstack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenstack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728Openstack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeopenstack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor deploy ramdisk\u955c\u50cf\u5236\u4f5c Q\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528Q\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u5728Queens\u4e2d\uff0c\u6211\u4eec\u8fd8\u63d0\u4f9b\u4e86ironic-inspector\u7b49\u670d\u52a1\uff0c\u7528\u6237\u53ef\u6839\u636e\u81ea\u8eab\u9700\u6c42\u5b89\u88c5\u3002","title":"Ironic \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-queens/#kolla","text":"Kolla \u4e3a OpenStack \u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 20.03 LTS SP2\u4e2d\u5df2\u7ecf\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\uff0c\u4f46\u662fKolla \u4ee5\u53ca Kolla-ansible \u539f\u751f\u5e76\u4e0d\u652f\u6301 openEuler\uff0c \u56e0\u6b64 Openstack SIG \u5728openEuler 20.03 LTS SP3\u4e2d\u63d0\u4f9b\u4e86 openstack-kolla-plugin \u548c openstack-kolla-ansible-plugin \u8fd9\u4e24\u4e2a\u8865\u4e01\u5305\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef \u652f\u6301 openEuler \u7248\u672c\uff1a yum install openstack-kolla-plugin openstack-kolla-ansible-plugin \u4e0d\u652f\u6301 openEuler \u7248\u672c\uff1a yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002","title":"Kolla \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-queens/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s \u89e3\u91ca\uff1a $TROVE_NODE \u66ff\u6362\u4e3aTrove\u7684API\u670d\u52a1\u90e8\u7f72\u8282\u70b9 \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 ```shell script yum install openstack-trove python2-troveclient 2. \u914d\u7f6e`trove.conf` ```shell script vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove auth_strategy = keystone # Config option for showing the IP address that nova doles out add_addresses = True network_label_regex = ^NETWORK_LABEL$ api_paste_config = /etc/trove/api-paste.ini trove_auth_url = http://controller:35357/v3/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASS nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/v3/ auth_url=http://controller:35357/v3/ #auth_uri = http://controller/identity #auth_url = http://controller/identity_admin auth_type = password project_domain_name = default user_domain_name = default project_name = service username = trove password = TROVE_PASS \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 \u914d\u7f6e trove-taskmanager.conf ```shell script vim /etc/trove/trove-taskmanager.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller/identity/v2.0 nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove **\u89e3\u91ca\uff1a** \u53c2\u7167`trove.conf`\u914d\u7f6e 4. \u914d\u7f6e`trove-conductor.conf` ```shell script vim /etc/trove/trove-conductor.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller/identity/v2.0 nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:trove@controller/trove \u89e3\u91ca\uff1a \u53c2\u7167 trove.conf \u914d\u7f6e \u914d\u7f6e trove-guestagent.conf ```shell script vim /etc/trove/trove-guestagent.conf [DEFAULT] rabbit_host = controller rabbit_password = RABBIT_PASS nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASS nova_proxy_admin_tenant_name = service trove_auth_url = http://controller/identity_admin/v2.0 **\u89e3\u91ca\uff1a** `guestagent`\u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 6. \u751f\u6210\u6570\u636e`Trove`\u6570\u636e\u5e93\u8868 ```shell script su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 ```shell script systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2. \u542f\u52a8\u670d\u52a1 ```shell script systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-queens/#rally","text":"Rally\u662fOpenStack\u63d0\u4f9b\u7684\u6027\u80fd\u6d4b\u8bd5\u5de5\u5177\u3002\u53ea\u9700\u8981\u7b80\u5355\u7684\u5b89\u88c5\u5373\u53ef\u3002 yum install openstack-rally openstack-rally-plugins","title":"Rally \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/","text":"OpenStack-Rocky \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack-Rocky \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u51c6\u5907\u73af\u5883 OpenStack yum\u6e90\u914d\u7f6e \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 ... ... ... \u6ce8\u610f\uff1a\u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7darm64\u7248\u672c\u7684\u955c\u50cf\u3002 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 Horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Rally \u5b89\u88c5 OpenStack \u7b80\u4ecb \u00b6 OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531 nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon \u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 20.03-LTS-SP3 \u7248\u672c\u5b98\u65b9\u8ba4\u8bc1\u7684\u7b2c\u4e09\u65b9 oepkg yum \u6e90\u5df2\u7ecf\u652f\u6301 Openstack-Rocky \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d oepkg yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002 \u51c6\u5907\u73af\u5883 \u00b6 OpenStack yum\u6e90\u914d\u7f6e \u00b6 \u914d\u7f6e 20.03-LTS-SP3 \u5b98\u65b9\u8ba4\u8bc1\u7684\u7b2c\u4e09\u65b9\u6e90 oepkg $ cat << EOF >> /etc/yum.repos.d/OpenStack_Rocky.repo [openstack_rocky] name=OpenStack_Rocky baseurl=https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP3/budding-openeuler/openstack/rocky/$basearch/ gpgcheck=0 enabled=1 EOF \u6ce8\u610f \u5982\u679c\u73af\u5883\u542f\u7528\u4e86Epol\u6e90\uff0c\u9700\u8981\u63d0\u9ad8rocky\u4ed3\u7684\u4f18\u5148\u7ea7\uff0c\u8bbe\u7f6epriority=1\uff1a $ cat << EOF >> /etc/yum.repos.d/OpenStack_Rocky.repo [openstack_rocky] name=OpenStack_Rocky baseurl=https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP3/budding-openeuler/openstack/rocky/$basearch/ gpgcheck=0 enabled=1 priority=1 EOF $ yum clean all && yum makecache \u73af\u5883\u914d\u7f6e \u00b6 \u5728 /etc/hosts \u4e2d\u6dfb\u52a0controller\u4fe1\u606f\uff0c\u4f8b\u5982\u8282\u70b9IP\u662f 10.0.0.11 \uff0c\u5219\u65b0\u589e\uff1a 10.0.0.11 controller \u5b89\u88c5 SQL DataBase \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 $ yum install mariadb mariadb-server python2-PyMySQL 2. \u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 \u590d\u5236\u5982\u4e0b\u5185\u5bb9\u5230\u6587\u4ef6\uff0c\u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a $ systemctl enable mariadb.service $ systemctl start mariadb.service \u5b89\u88c5 RabbitMQ \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 $ yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 $ systemctl enable rabbitmq-server.service $ systemctl start rabbitmq-server.service 3. \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 $ rabbitmqctl add_user openstack RABBIT_PASS 4. \u66ff\u6362 RABBIT_PASS\uff0c\u4e3aOpenStack\u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a $ rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5 Memcached \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 $ yum install memcached python2-memcached 2. \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\uff0c\u6dfb\u52a0\u4ee5\u4e0b\u5185\u5bb9 OPTIONS=\"-l 127.0.0.1,::1,controller\" OPTIONS \u4fee\u6539\u4e3a\u5b9e\u9645\u73af\u5883\u4e2d\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 $ systemctl enable memcached.service $ systemctl start memcached.service \u5b89\u88c5 OpenStack \u00b6 Keystone \u5b89\u88c5 \u00b6 \u4ee5 root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u66ff\u6362 KEYSTONE_DBPASS\uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 $ yum install openstack-keystone httpd python2-mod_wsgi \u914d\u7f6ekeystone\uff0c\u7f16\u8f91 /etc/keystone/keystone.conf \u6587\u4ef6\u3002\u5728[database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\u3002\u5728[token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u66ff\u6362KEYSTONE_DBPASS\u4e3aKeystone\u6570\u636e\u5e93\u7684\u5bc6\u7801 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 $ keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone $ keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8\u8eab\u4efd\u670d\u52a1\u3002 $ keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u66ff\u6362 ADMIN_PASS\uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801\u3002 \u7f16\u8f91 /etc/httpd/conf/httpd.conf \u6587\u4ef6\uff0c\u914d\u7f6eApache HTTP server $ vim /etc/httpd/conf/httpd.conf \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9\uff0c\u5982\u4e0b\u6240\u793a\u3002 ServerName controller \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa\u3002 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u4e3a /usr/share/keystone/wsgi-keystone.conf \u6587\u4ef6\u521b\u5efa\u94fe\u63a5\u3002 $ ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u5b8c\u6210\u5b89\u88c5\uff0c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8Apache HTTP\u670d\u52a1\u3002 $ systemctl enable httpd.service $ systemctl start httpd.service \u5b89\u88c5OpenStackClient $ yum install python2-openstackclient \u521b\u5efa OpenStack client \u73af\u5883\u811a\u672c \u521b\u5efaadmin\u7528\u6237\u7684\u73af\u5883\u53d8\u91cf\u811a\u672c\uff1a # vim admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 \u66ff\u6362ADMIN_PASS\u4e3aadmin\u7528\u6237\u7684\u5bc6\u7801, \u4e0e\u4e0a\u8ff0 keystone-manage bootstrap \u547d\u4ee4\u4e2d\u8bbe\u7f6e\u7684\u5bc6\u7801\u4e00\u81f4 \u8fd0\u884c\u811a\u672c\u52a0\u8f7d\u73af\u5883\u53d8\u91cf\uff1a $ source admin-openrc \u5206\u522b\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efadomain, projects, users, roles\u3002 \u521b\u5efadomain \u2018example\u2019\uff1a $ openstack domain create --description \"An Example Domain\" example \u6ce8\uff1adomain \u2018default\u2019\u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa \u521b\u5efaproject \u2018service\u2019\uff1a $ openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project \u2019myproject\u2018\uff0cuser \u2019myuser\u2018 \u548c role \u2019myrole\u2018\uff0c\u4e3a\u2018myproject\u2019\u548c\u2018myuser\u2019\u6dfb\u52a0\u89d2\u8272\u2018myrole\u2019\uff1a $ openstack project create --domain default --description \"Demo Project\" myproject $ openstack user create --domain default --password-prompt myuser $ openstack role create myrole $ openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a $ unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a $ openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a $ openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4ee5 root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa glance \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u66ff\u6362 GLANCE_DBPASS\uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 $ source admin-openrc \u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff0c\u5206\u522b\u5b8c\u6210\u521b\u5efa glance \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efaglance\u7528\u6237\u548c\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018glance\u2019\u3002 $ openstack user create --domain default --password-prompt glance $ openstack role add --project service --user glance admin $ openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a $ openstack endpoint create --region RegionOne image public http://controller:9292 $ openstack endpoint create --region RegionOne image internal http://controller:9292 $ openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install openstack-glance \u914d\u7f6eglance\uff1a \u7f16\u8f91 /etc/glance/glance-api.conf \u6587\u4ef6\uff1a \u5728[database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 \u5728[glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e [database] # ... connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] # ... flavor = keystone [glance_store] # ... stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u7f16\u8f91 /etc/glance/glance-registry.conf \u6587\u4ef6\uff1a \u5728[database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 ```ini [database] ... \u00b6 connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] ... \u00b6 www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] ... \u00b6 flavor = keystone ``` \u5176\u4e2d\uff0c\u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u955c\u50cf\u670d\u52a1\uff1a $ systemctl enable openstack-glance-api.service openstack-glance-registry.service $ systemctl start openstack-glance-api.service openstack-glance-registry.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf ```shell $ source admin-openrc \u6ce8\u610f\uff1a\u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7darm64\u7248\u672c\u7684\u955c\u50cf\u3002 \u00b6 $ wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img ``` \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a shell $ glance image-create --name \"cirros\" --file cirros-0.4.0-x86_64-disk.img --disk-format qcow2 --container-format bare --visibility=public \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a shell $ glance image-list Nova \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3aroot\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efanova\u3001nova_api\u3001nova_cell0 \u6570\u636e\u5e93\u5e76\u6388\u6743 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u66ff\u6362NOVA_DBPASS\u53caPLACEMENT_DBPASS\uff0c\u4e3anova\u53caplacement\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b8c\u6210\u521b\u5efanova\u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efanova\u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018nova\u2019\u3002 $ . admin-openrc $ openstack user create --domain default --password-prompt nova $ openstack role add --project service --user nova admin $ openstack service create --name nova --description \"OpenStack Compute\" compute \u521b\u5efa\u8ba1\u7b97\u670d\u52a1API\u7aef\u70b9\uff1a $ openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 $ openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 $ openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 \u521b\u5efaplacement\u7528\u6237\u5e76\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\uff1a $ openstack user create --domain default --password-prompt placement $ openstack role add --project service --user placement admin \u521b\u5efaplacement\u670d\u52a1\u51ed\u8bc1\u53caAPI\u670d\u52a1\u7aef\u70b9\uff1a $ openstack service create --name placement --description \"Placement API\" placement $ openstack endpoint create --region RegionOne placement public http://controller:8778 $ openstack endpoint create --region RegionOne placement internal http://controller:8778 $ openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install openstack-nova-api openstack-nova-conductor \\ openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-compute \\ openstack-nova-placement-api openstack-nova-console \u914d\u7f6enova\uff1a \u7f16\u8f91 /etc/nova/nova.conf \u6587\u4ef6\uff1a \u5728[default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b \u5728[api_database] [database] [placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b \u5728[vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b \u5728[glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b \u5728[oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b \u5728[placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 [DEFAULT] # ... enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.11 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver = libvirt.LibvirtDriver instances_path = /var/lib/nova/instances/ [api_database] # ... connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api [database] # ... connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true # ... server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html [glance] # ... api_servers = http://controller:9292 [oslo_concurrency] # ... lock_path = /var/lib/nova/tmp [placement] # ... region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] # ... auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS \u66ff\u6362RABBIT_PASS\u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6emy_ip\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362NOVA_DBPASS\u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362PLACEMENT_DBPASS\u4e3aplacement\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362NOVA_PASS\u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362PLACEMENT_PASS\u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362NEUTRON_PASS\u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u7f16\u8f91 /etc/httpd/conf.d/00-nova-placement-api.conf \uff0c\u589e\u52a0Placement API\u63a5\u5165\u914d\u7f6e <Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory> \u91cd\u542fhttpd\u670d\u52a1\uff1a $ systemctl restart httpd \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"nova-manage api_db sync\" nova \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova \u521b\u5efacell1 cell\uff1a $ su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova \u540c\u6b65nova\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"nova-manage db sync\" nova \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a $ egrep -c '(vmx|svm)' /proc/cpuinfo \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a \u6ce8\u610f\uff1a \u5982\u679c\u662f\u5728ARM64\u7684\u670d\u52a1\u5668\u4e0a\uff0c\u8fd8\u9700\u8981\u5728\u914d\u7f6e cpu_mode \u4e3a custom , cpu_model \u4e3a cortex-a72 # vim /etc/nova/nova.conf [libvirt] # ... virt_type = qemu cpu_mode = custom cpu_model = cortex-a72 \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u5728 compute \u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd chown nova:nova /usr/share/AAVMF -R vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd\", \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw:/usr/share/edk2/aarch64/vars-template-pflash.raw\" ] \u542f\u52a8\u8ba1\u7b97\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u914d\u7f6e\u5176\u5f00\u673a\u542f\u52a8\uff1a $ systemctl enable \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service $ systemctl start \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service $ systemctl enable libvirtd.service openstack-nova-compute.service $ systemctl start libvirtd.service openstack-nova-compute.service \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230cell\u6570\u636e\u5e93\uff1a \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u5b58\u5728\uff1a $ . admin-openrc $ openstack compute service list --service nova-compute \u6ce8\u518c\u8ba1\u7b97\u8282\u70b9\uff1a $ su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova \u9a8c\u8bc1 $ . admin-openrc \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a $ openstack compute service list \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a $ openstack catalog list \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a $ openstack image list \u68c0\u67e5cells\u548cplacement API\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 $ nova-status upgrade check Neutron \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3aroot\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa neutron \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u66ff\u6362NEUTRON_DBPASS\uff0c\u4e3aneutron\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 $ . admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b8c\u6210\u521b\u5efa neutron \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efaneutron\u7528\u6237\u548c\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u2018neutron\u2019\u7528\u6237\u64cd\u4f5c\u3002 \u521b\u5efaneutron\u670d\u52a1 $ openstack user create --domain default --password-prompt neutron $ openstack role add --project service --user neutron admin $ openstack service create --name neutron --description \"OpenStack Networking\" network \u521b\u5efa\u7f51\u7edc\u670d\u52a1API\u7aef\u70b9\uff1a $ openstack endpoint create --region RegionOne network public http://controller:9696 $ openstack endpoint create --region RegionOne network internal http://controller:9696 $ openstack endpoint create --region RegionOne network admin http://controller:9696 \u5b89\u88c5\u548c\u914d\u7f6e Self-service \u7f51\u7edc \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install openstack-neutron openstack-neutron-ml2 \\ openstack-neutron-linuxbridge ebtables ipset \u914d\u7f6eneutron\uff1a \u7f16\u8f91 /etc/neutron/neutron.conf \u6587\u4ef6\uff1a \u5728[database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b \u5728[default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b \u5728[default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b \u5728[default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b \u5728[oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 [database] # ... connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron [DEFAULT] # ... core_plugin = ml2 service_plugins = router allow_overlapping_ips = true transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] # ... auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = nova password = NOVA_PASS [oslo_concurrency] # ... lock_path = /var/lib/neutron/tmp \u66ff\u6362NEUTRON_DBPASS\u4e3aneutron\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362RABBIT_PASS\u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362NEUTRON_PASS\u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362NOVA_PASS\u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a \u7f16\u8f91 /etc/neutron/plugins/ml2/ml2_conf.ini \u6587\u4ef6\uff1a \u5728[ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528\u7f51\u6865\u53ca layer-2 population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b \u5728[ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b \u5728[ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b \u5728[securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 # vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] # ... type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] # ... flat_networks = provider [ml2_type_vxlan] # ... vni_ranges = 1:1000 [securitygroup] # ... enable_ipset = true \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a \u7f16\u8f91 /etc/neutron/plugins/ml2/linuxbridge_agent.ini \u6587\u4ef6\uff1a \u5728[linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u5728[vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b \u5728[securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] # ... enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u66ff\u6362PROVIDER_INTERFACE_NAME\u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362OVERLAY_INTERFACE_IP_ADDRESS\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a \u7f16\u8f91 /etc/neutron/l3_agent.ini \u6587\u4ef6\uff1a \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge [DEFAULT] # ... interface_driver = linuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a \u7f16\u8f91 /etc/neutron/dhcp_agent.ini \u6587\u4ef6\uff1a \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 [DEFAULT] # ... interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u914d\u7f6emetadata\u4ee3\u7406\uff1a \u7f16\u8f91 /etc/neutron/metadata_agent.ini \u6587\u4ef6\uff1a \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 [DEFAULT] # ... nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u66ff\u6362METADATA_SECRET\u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6e\u8ba1\u7b97\u670d\u52a1 \u7f16\u8f91 /etc/nova/nova.conf \u6587\u4ef6\uff1a \u5728[neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 [neutron] # ... auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET \u66ff\u6362NEUTRON_PASS\u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362METADATA_SECRET\u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u5b8c\u6210\u5b89\u88c5 \u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u94fe\u63a5\uff1a $ ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u540c\u6b65\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a $ systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1\u5e76\u914d\u7f6e\u5f00\u673a\u542f\u52a8\uff1a $ systemctl enable neutron-server.service \\ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service $ systemctl start neutron-server.service \\ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service $ systemctl enable neutron-l3-agent.service $ systemctl start neutron-l3-agent.service \u9a8c\u8bc1 \u5217\u51fa\u4ee3\u7406\u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a $ openstack network agent list Cinder \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3aroot\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efacinder\u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u66ff\u6362CINDER_DBPASS\uff0c\u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 $ source admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a \u521b\u5efacinder\u7528\u6237 \u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018cinder\u2019 \u521b\u5efacinderv2\u548ccinderv3\u670d\u52a1 $ openstack user create --domain default --password-prompt cinder $ openstack role add --project service --user cinder admin $ openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 $ openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a $ openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s $ openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s $ openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s $ openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s $ openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s $ openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u548c\u914d\u7f6e\u63a7\u5236\u8282\u70b9 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install openstack-cinder \u914d\u7f6ecinder\uff1a \u7f16\u8f91 /etc/cinder/cinder.conf \u6587\u4ef6\uff1a \u5728[database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b \u5728[DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b \u5728[DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b \u5728[oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 [database] # ... connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [DEFAULT] # ... transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] # ... lock_path = /var/lib/cinder/tmp \u66ff\u6362CINDER_DBPASS\u4e3acinder\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362RABBIT_PASS\u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6emy_ip\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362CINDER_PASS\u4e3acinder\u7528\u6237\u7684\u5bc6\u7801\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"cinder-manage db sync\" cinder \u914d\u7f6e\u8ba1\u7b97\u4f7f\u7528\u5757\u5b58\u50a8\uff1a \u7f16\u8f91 /etc/nova/nova.conf \u6587\u4ef6\u3002 [cinder] os_region_name = RegionOne \u5b8c\u6210\u5b89\u88c5\uff1a \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 $ systemctl restart openstack-nova-api.service \u542f\u52a8\u5757\u5b58\u50a8\u670d\u52a1 $ systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service $ systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9\uff08LVM\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install lvm2 device-mapper-persistent-data scsi-target-utils python2-keystone \\ openstack-cinder-volume \u521b\u5efaLVM\u7269\u7406\u5377 /dev/sdb\uff1a $ pvcreate /dev/sdb \u521b\u5efaLVM\u5377\u7ec4 cinder-volumes\uff1a $ vgcreate cinder-volumes /dev/sdb \u7f16\u8f91 /etc/lvm/lvm.conf \u6587\u4ef6\uff1a \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/sdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 devices { # ... filter = [ \"a/sdb/\", \"r/.*/\"] \u7f16\u8f91 /etc/cinder/cinder.conf \u6587\u4ef6\uff1a \u5728[lvm]\u90e8\u5206\uff0c\u4f7f\u7528LVM\u9a71\u52a8\u3001cinder-volumes\u5377\u7ec4\u3001iSCSI\u534f\u8bae\u548c\u9002\u5f53\u7684iSCSI\u670d\u52a1\u914d\u7f6eLVM\u540e\u7aef\u3002 \u5728[DEFAULT]\u90e8\u5206\uff0c\u542f\u7528LVM\u540e\u7aef\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u4f4d\u7f6e\u3002 [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver volume_group = cinder-volumes target_protocol = iscsi target_helper = lioadm [DEFAULT] # ... enabled_backends = lvm glance_api_servers = http://controller:9292 \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u5b8c\u6210\u5b89\u88c5\uff1a $ systemctl enable openstack-cinder-volume.service tgtd.service iscsid.service $ systemctl start openstack-cinder-volume.service tgtd.service iscsid.service \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9\uff08ceph RBD\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install ceph-common python2-rados python2-rbd python2-keystone openstack-cinder-volume \u5728[DEFAULT]\u90e8\u5206\uff0c\u542f\u7528LVM\u540e\u7aef\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u4f4d\u7f6e\u3002 [DEFAULT] enabled_backends = ceph-rbd \u6dfb\u52a0ceph rbd\u914d\u7f6e\u90e8\u5206\uff0c\u914d\u7f6e\u5757\u547d\u540d\u4e0eenabled_backends\u4e2d\u4fdd\u6301\u4e00\u81f4 [ceph-rbd] glance_api_version = 2 rados_connect_timeout = -1 rbd_ceph_conf = /etc/ceph/ceph.conf rbd_flatten_volume_from_snapshot = False rbd_max_clone_depth = 5 rbd_pool = <RBD_POOL_NAME> # RBD\u5b58\u50a8\u6c60\u540d\u79f0 rbd_secret_uuid = <rbd_secret_uuid> # \u968f\u673a\u751f\u6210SECRET UUID rbd_store_chunk_size = 4 rbd_user = <RBD_USER_NAME> volume_backend_name = ceph-rbd volume_driver = cinder.volume.drivers.rbd.RBDDriver \u914d\u7f6e\u5b58\u50a8\u8282\u70b9ceph\u5ba2\u6237\u7aef\uff0c\u9700\u8981\u4fdd\u8bc1/etc/ceph/\u76ee\u5f55\u4e2d\u5305\u542bceph\u96c6\u7fa4\u8bbf\u95ee\u914d\u7f6e\uff0c\u5305\u62ecceph.conf\u4ee5\u53cakeyring [root@openeuler ~]# ll /etc/ceph -rw-r--r-- 1 root root 82 Jun 16 17:11 ceph.client.<rbd_user>.keyring -rw-r--r-- 1 root root 1.5K Jun 16 17:11 ceph.conf -rw-r--r-- 1 root root 92 Jun 16 17:11 rbdmap \u5728\u5b58\u50a8\u8282\u70b9\u68c0\u67e5ceph\u96c6\u7fa4\u662f\u5426\u6b63\u5e38\u53ef\u8bbf\u95ee [root@openeuler ~]# ceph --user cinder -s cluster: id: b7b2fac6-420f-4ec1-aea2-4862d29b4059 health: HEALTH_OK services: mon: 3 daemons, quorum VIRT01,VIRT02,VIRT03 mgr: VIRT03(active), standbys: VIRT02, VIRT01 mds: cephfs_virt-1/1/1 up {0=VIRT03=up:active}, 2 up:standby osd: 15 osds: 15 up, 15 in data: pools: 7 pools, 1416 pgs objects: 5.41M objects, 19.8TiB usage: 49.3TiB used, 59.9TiB / 109TiB avail pgs: 1414 active io: client: 2.73MiB/s rd, 22.4MiB/s wr, 3.21kop/s rd, 1.19kop/s wr \u542f\u52a8\u670d\u52a1 $ systemctl enable openstack-cinder-volume.service $ systemctl start openstack-cinder-volume.service \u5b89\u88c5\u548c\u914d\u7f6e\u5907\u4efd\u670d\u52a1 \u7f16\u8f91 /etc/cinder/cinder.conf \u6587\u4ef6\uff1a \u5728[DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6e\u5907\u4efd\u9009\u9879 [DEFAULT] # ... # \u6ce8\u610f: openEuler 21.03\u4e2d\u6ca1\u6709\u63d0\u4f9bOpenStack Swift\u8f6f\u4ef6\u5305\uff0c\u9700\u8981\u7528\u6237\u81ea\u884c\u5b89\u88c5\u3002\u6216\u8005\u4f7f\u7528\u5176\u4ed6\u7684\u5907\u4efd\u540e\u7aef\uff0c\u4f8b\u5982\uff0cNFS\u3002NFS\u5df2\u7ecf\u8fc7\u6d4b\u8bd5\u9a8c\u8bc1\uff0c\u53ef\u4ee5\u6b63\u5e38\u4f7f\u7528\u3002 backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver backup_swift_url = SWIFT_URL \u66ff\u6362SWIFT_URL\u4e3a\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u7684URL\uff0c\u8be5URL\u53ef\u4ee5\u901a\u8fc7\u5bf9\u8c61\u5b58\u50a8API\u7aef\u70b9\u627e\u5230\uff1a $ openstack catalog show object-store \u5b8c\u6210\u5b89\u88c5\uff1a $ systemctl enable openstack-cinder-backup.service $ systemctl start openstack-cinder-backup.service \u9a8c\u8bc1 \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\u9a8c\u8bc1\u6bcf\u4e2a\u6b65\u9aa4\u6210\u529f\uff1a $ source admin-openrc $ openstack volume service list \u6ce8\uff1a\u76ee\u524d\u6682\u672a\u5bf9swift\u7ec4\u4ef6\u8fdb\u884c\u652f\u6301\uff0c\u6709\u6761\u4ef6\u7684\u540c\u5b66\u53ef\u4ee5\u914d\u7f6e\u5bf9\u63a5ceph\u3002 Horizon \u5b89\u88c5 \u00b6 \u5b89\u88c5\u8f6f\u4ef6\u5305 $ yum install openstack-dashboard 2. \u4fee\u6539\u6587\u4ef6 /usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.py \u4fee\u6539\u53d8\u91cf ALLOWED_HOSTS = ['*', ] OPENSTACK_HOST = \"controller\" OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } \u65b0\u589e\u53d8\u91cf OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } WEBROOT = \"/dashboard/\" COMPRESS_OFFLINE = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"admin\" LOGIN_URL = '/dashboard/auth/login/' LOGOUT_URL = '/dashboard/auth/logout/' 3. \u4fee\u6539\u6587\u4ef6/etc/httpd/conf.d/openstack-dashboard.conf WSGIDaemonProcess dashboard WSGIProcessGroup dashboard WSGISocketPrefix run/wsgi WSGIApplicationGroup %{GLOBAL} WSGIScriptAlias /dashboard /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi Alias /dashboard/static /usr/share/openstack-dashboard/static <Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi> Options All AllowOverride All Require all granted </Directory> <Directory /usr/share/openstack-dashboard/static> Options All AllowOverride All Require all granted </Directory> 4. \u5728/usr/share/openstack-dashboard\u76ee\u5f55\u4e0b\u6267\u884c $ ./manage.py compress 5. \u91cd\u542f httpd \u670d\u52a1 $ systemctl restart httpd 5. \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740http:// \uff0c\u767b\u5f55 horizon\u3002 Tempest \u5b89\u88c5 \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5 \u5b89\u88c5Tempest $ yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 $ tempest init mytest 3. \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 $ cd mytest $ vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 $ tempest run Ironic \u5b89\u88c5 \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-ironic-api openstack-ironic-conductor python2-ironicclient \u542f\u52a8\u670d\u52a1 systemctl enable openstack-ironic-api openstack-ironic-conductor systemctl start openstack-ironic-api openstack-ironic-conductor \u7ec4\u4ef6\u5b89\u88c5\u4e0e\u914d\u7f6e ##### \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 $ openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic $ openstack role add --project service --user ironic admin $ openstack service create --name ironic --description \\ \"Ironic baremetal provisioning service\" baremetal 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 $ openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 $ openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 $ openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 ##### \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone force_config_drive = True [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u9700\u8981\u5728\u914d\u7f6e\u6587\u4ef6\u4e2d\u6307\u5b9aironic\u65e5\u5fd7\u76ee\u5f55 [DEFAULT] log_dir = /var/log/ironic/ 5\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 $ ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 6\u3001\u91cd\u542fironic-api\u670d\u52a1 $ systemctl restart openstack-ironic-api ##### \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenstack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenstack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenstack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenstack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenstack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728Openstack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeopenstack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] # ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 $ systemctl restart openstack-ironic-conductor deploy ramdisk\u955c\u50cf\u5236\u4f5c \u76ee\u524dramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic python agent builder\u6765\u8fdb\u884c\u5236\u4f5c\uff0c\u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528\u8fd9\u4e2a\u5de5\u5177\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002\uff08\u7528\u6237\u4e5f\u53ef\u4ee5\u6839\u636e\u81ea\u5df1\u7684\u60c5\u51b5\u83b7\u53d6ironic-python-agent\uff0c\u8fd9\u91cc\u63d0\u4f9b\u4f7f\u7528ipa-builder\u5236\u4f5cipa\u65b9\u6cd5\uff09 ##### \u5b89\u88c5 ironic-python-agent-builder \u5b89\u88c5\u5de5\u5177\uff1a $ pip install ironic-python-agent-builder \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a $ /usr/bin/yum /usr/libexec/urlgrabber-ext-down \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a $ yum install git \u7531\u4e8e DIB \u4f9d\u8d56 semanage \u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a semanage --help \uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ##### \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f aarch64 \u67b6\u6784\uff0c\u8fd8\u9700\u8981\u6dfb\u52a0\uff1a $ export ARCH=aarch64 ###### \u666e\u901a\u955c\u50cf \u57fa\u672c\u7528\u6cd5\uff1a usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder \u4e3e\u4f8b\u8bf4\u660e\uff1a $ ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ###### \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a $ export DIB_DEV_USER_USERNAME=ipa \\ $ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ $ export DIB_DEV_USER_PASSWORD='123' $ ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ###### \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 \u53c2\u8003\uff1a source-repositories \u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u5728Rocky\u4e2d\uff0c\u6211\u4eec\u8fd8\u63d0\u4f9b\u4e86ironic-inspector\u7b49\u670d\u52a1\uff0c\u7528\u6237\u53ef\u6839\u636e\u81ea\u8eab\u9700\u6c42\u5b89\u88c5\u3002 Kolla \u5b89\u88c5 \u00b6 Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 20.03 LTS SP2\u4e2d\u5df2\u7ecf\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\uff0c\u4f46\u662fKolla \u4ee5\u53ca Kolla-ansible \u539f\u751f\u5e76\u4e0d\u652f\u6301 openEuler\uff0c \u56e0\u6b64 Openstack SIG \u5728openEuler 20.03 LTS SP3\u4e2d\u63d0\u4f9b\u4e86 openstack-kolla-plugin \u548c openstack-kolla-ansible-plugin \u8fd9\u4e24\u4e2a\u8865\u4e01\u5305\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef \u652f\u6301 openEuler \u7248\u672c\uff1a yum install openstack-kolla-plugin openstack-kolla-ansible-plugin \u4e0d\u652f\u6301 openEuler \u7248\u672c\uff1a yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002 Trove \u5b89\u88c5 \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5bf9\u5e94\u5bc6\u7801 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 $ openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove $ openstack role add --project service --user trove admin $ openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 $ openstack endpoint create --region RegionOne database public http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s $ openstack endpoint create --region RegionOne database internal http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s $ openstack endpoint create --region RegionOne database admin http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s \u89e3\u91ca\uff1a $TROVE_NODE \u66ff\u6362\u4e3aTrove\u7684API\u670d\u52a1\u90e8\u7f72\u8282\u70b9 \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 $ yum install openstack-trove python2-troveclient 2\u3001\u914d\u7f6e /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove auth_strategy = keystone # Config option for showing the IP address that nova doles out add_addresses = True network_label_regex = ^NETWORK_LABEL$ api_paste_config = /etc/trove/api-paste.ini trove_auth_url = http://controller:35357/v3/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASS nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/v3/ auth_url=http://controller:35357/v3/ #auth_uri = http://controller/identity #auth_url = http://controller/identity_admin auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = trove password = TROVE_PASS \u89e3\u91ca\uff1a - [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP - nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint - nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b - transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 3\u3001\u914d\u7f6e /etc/trove/trove-taskmanager.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller/identity/v2.0 nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove \u89e3\u91ca\uff1a \u53c2\u7167 trove.conf \u914d\u7f6e 4\u3001\u914d\u7f6e /etc/trove/trove-conductor.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller/identity/v2.0 nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:trove@controller/trove \u89e3\u91ca\uff1a \u53c2\u7167 trove.conf \u914d\u7f6e 5\u3001\u914d\u7f6e /etc/trove/trove-guestagent.conf [DEFAULT] rabbit_host = controller rabbit_password = RABBIT_PASS nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASS nova_proxy_admin_tenant_name = service trove_auth_url = http://controller/identity_admin/v2.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 6\u3001\u751f\u6210\u6570\u636e Trove \u6570\u636e\u5e93\u8868 $ su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e 1\u3001\u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 $ systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2\u3001\u542f\u52a8\u670d\u52a1 $ systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Rally \u5b89\u88c5 \u00b6 Rally\u662fOpenStack\u63d0\u4f9b\u7684\u6027\u80fd\u6d4b\u8bd5\u5de5\u5177\u3002\u53ea\u9700\u8981\u7b80\u5355\u7684\u5b89\u88c5\u5373\u53ef\u3002 yum install openstack-rally openstack-rally-plugins","title":"openEuler-20.03-LTS-SP3_Rocky"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#openstack-rocky","text":"OpenStack-Rocky \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u51c6\u5907\u73af\u5883 OpenStack yum\u6e90\u914d\u7f6e \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 ... ... ... \u6ce8\u610f\uff1a\u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7darm64\u7248\u672c\u7684\u955c\u50cf\u3002 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 Horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Rally \u5b89\u88c5","title":"OpenStack-Rocky \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#openstack","text":"OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531 nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon \u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 20.03-LTS-SP3 \u7248\u672c\u5b98\u65b9\u8ba4\u8bc1\u7684\u7b2c\u4e09\u65b9 oepkg yum \u6e90\u5df2\u7ecf\u652f\u6301 Openstack-Rocky \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d oepkg yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002","title":"OpenStack \u7b80\u4ecb"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#_1","text":"","title":"\u51c6\u5907\u73af\u5883"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#openstack-yum","text":"\u914d\u7f6e 20.03-LTS-SP3 \u5b98\u65b9\u8ba4\u8bc1\u7684\u7b2c\u4e09\u65b9\u6e90 oepkg $ cat << EOF >> /etc/yum.repos.d/OpenStack_Rocky.repo [openstack_rocky] name=OpenStack_Rocky baseurl=https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP3/budding-openeuler/openstack/rocky/$basearch/ gpgcheck=0 enabled=1 EOF \u6ce8\u610f \u5982\u679c\u73af\u5883\u542f\u7528\u4e86Epol\u6e90\uff0c\u9700\u8981\u63d0\u9ad8rocky\u4ed3\u7684\u4f18\u5148\u7ea7\uff0c\u8bbe\u7f6epriority=1\uff1a $ cat << EOF >> /etc/yum.repos.d/OpenStack_Rocky.repo [openstack_rocky] name=OpenStack_Rocky baseurl=https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP3/budding-openeuler/openstack/rocky/$basearch/ gpgcheck=0 enabled=1 priority=1 EOF $ yum clean all && yum makecache","title":"OpenStack yum\u6e90\u914d\u7f6e"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#_2","text":"\u5728 /etc/hosts \u4e2d\u6dfb\u52a0controller\u4fe1\u606f\uff0c\u4f8b\u5982\u8282\u70b9IP\u662f 10.0.0.11 \uff0c\u5219\u65b0\u589e\uff1a 10.0.0.11 controller","title":"\u73af\u5883\u914d\u7f6e"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#sql-database","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 $ yum install mariadb mariadb-server python2-PyMySQL 2. \u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 \u590d\u5236\u5982\u4e0b\u5185\u5bb9\u5230\u6587\u4ef6\uff0c\u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a $ systemctl enable mariadb.service $ systemctl start mariadb.service","title":"\u5b89\u88c5 SQL DataBase"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#rabbitmq","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 $ yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 $ systemctl enable rabbitmq-server.service $ systemctl start rabbitmq-server.service 3. \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 $ rabbitmqctl add_user openstack RABBIT_PASS 4. \u66ff\u6362 RABBIT_PASS\uff0c\u4e3aOpenStack\u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a $ rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5 RabbitMQ"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#memcached","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 $ yum install memcached python2-memcached 2. \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\uff0c\u6dfb\u52a0\u4ee5\u4e0b\u5185\u5bb9 OPTIONS=\"-l 127.0.0.1,::1,controller\" OPTIONS \u4fee\u6539\u4e3a\u5b9e\u9645\u73af\u5883\u4e2d\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 $ systemctl enable memcached.service $ systemctl start memcached.service","title":"\u5b89\u88c5 Memcached"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#openstack_1","text":"","title":"\u5b89\u88c5 OpenStack"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#keystone","text":"\u4ee5 root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u66ff\u6362 KEYSTONE_DBPASS\uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 $ yum install openstack-keystone httpd python2-mod_wsgi \u914d\u7f6ekeystone\uff0c\u7f16\u8f91 /etc/keystone/keystone.conf \u6587\u4ef6\u3002\u5728[database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\u3002\u5728[token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u66ff\u6362KEYSTONE_DBPASS\u4e3aKeystone\u6570\u636e\u5e93\u7684\u5bc6\u7801 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 $ keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone $ keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8\u8eab\u4efd\u670d\u52a1\u3002 $ keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u66ff\u6362 ADMIN_PASS\uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801\u3002 \u7f16\u8f91 /etc/httpd/conf/httpd.conf \u6587\u4ef6\uff0c\u914d\u7f6eApache HTTP server $ vim /etc/httpd/conf/httpd.conf \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9\uff0c\u5982\u4e0b\u6240\u793a\u3002 ServerName controller \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa\u3002 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u4e3a /usr/share/keystone/wsgi-keystone.conf \u6587\u4ef6\u521b\u5efa\u94fe\u63a5\u3002 $ ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u5b8c\u6210\u5b89\u88c5\uff0c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8Apache HTTP\u670d\u52a1\u3002 $ systemctl enable httpd.service $ systemctl start httpd.service \u5b89\u88c5OpenStackClient $ yum install python2-openstackclient \u521b\u5efa OpenStack client \u73af\u5883\u811a\u672c \u521b\u5efaadmin\u7528\u6237\u7684\u73af\u5883\u53d8\u91cf\u811a\u672c\uff1a # vim admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 \u66ff\u6362ADMIN_PASS\u4e3aadmin\u7528\u6237\u7684\u5bc6\u7801, \u4e0e\u4e0a\u8ff0 keystone-manage bootstrap \u547d\u4ee4\u4e2d\u8bbe\u7f6e\u7684\u5bc6\u7801\u4e00\u81f4 \u8fd0\u884c\u811a\u672c\u52a0\u8f7d\u73af\u5883\u53d8\u91cf\uff1a $ source admin-openrc \u5206\u522b\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efadomain, projects, users, roles\u3002 \u521b\u5efadomain \u2018example\u2019\uff1a $ openstack domain create --description \"An Example Domain\" example \u6ce8\uff1adomain \u2018default\u2019\u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa \u521b\u5efaproject \u2018service\u2019\uff1a $ openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project \u2019myproject\u2018\uff0cuser \u2019myuser\u2018 \u548c role \u2019myrole\u2018\uff0c\u4e3a\u2018myproject\u2019\u548c\u2018myuser\u2019\u6dfb\u52a0\u89d2\u8272\u2018myrole\u2019\uff1a $ openstack project create --domain default --description \"Demo Project\" myproject $ openstack user create --domain default --password-prompt myuser $ openstack role create myrole $ openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a $ unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a $ openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a $ openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#glance","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4ee5 root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa glance \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u66ff\u6362 GLANCE_DBPASS\uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 $ source admin-openrc \u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff0c\u5206\u522b\u5b8c\u6210\u521b\u5efa glance \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efaglance\u7528\u6237\u548c\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018glance\u2019\u3002 $ openstack user create --domain default --password-prompt glance $ openstack role add --project service --user glance admin $ openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a $ openstack endpoint create --region RegionOne image public http://controller:9292 $ openstack endpoint create --region RegionOne image internal http://controller:9292 $ openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install openstack-glance \u914d\u7f6eglance\uff1a \u7f16\u8f91 /etc/glance/glance-api.conf \u6587\u4ef6\uff1a \u5728[database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 \u5728[glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e [database] # ... connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] # ... flavor = keystone [glance_store] # ... stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u7f16\u8f91 /etc/glance/glance-registry.conf \u6587\u4ef6\uff1a \u5728[database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 ```ini [database]","title":"Glance \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#_3","text":"connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken]","title":"..."},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#_4","text":"www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy]","title":"..."},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#_5","text":"flavor = keystone ``` \u5176\u4e2d\uff0c\u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u955c\u50cf\u670d\u52a1\uff1a $ systemctl enable openstack-glance-api.service openstack-glance-registry.service $ systemctl start openstack-glance-api.service openstack-glance-registry.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf ```shell $ source admin-openrc","title":"..."},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#arm64","text":"$ wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img ``` \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a shell $ glance image-create --name \"cirros\" --file cirros-0.4.0-x86_64-disk.img --disk-format qcow2 --container-format bare --visibility=public \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a shell $ glance image-list","title":"\u6ce8\u610f\uff1a\u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7darm64\u7248\u672c\u7684\u955c\u50cf\u3002"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#nova","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3aroot\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efanova\u3001nova_api\u3001nova_cell0 \u6570\u636e\u5e93\u5e76\u6388\u6743 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u66ff\u6362NOVA_DBPASS\u53caPLACEMENT_DBPASS\uff0c\u4e3anova\u53caplacement\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b8c\u6210\u521b\u5efanova\u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efanova\u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018nova\u2019\u3002 $ . admin-openrc $ openstack user create --domain default --password-prompt nova $ openstack role add --project service --user nova admin $ openstack service create --name nova --description \"OpenStack Compute\" compute \u521b\u5efa\u8ba1\u7b97\u670d\u52a1API\u7aef\u70b9\uff1a $ openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 $ openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 $ openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 \u521b\u5efaplacement\u7528\u6237\u5e76\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\uff1a $ openstack user create --domain default --password-prompt placement $ openstack role add --project service --user placement admin \u521b\u5efaplacement\u670d\u52a1\u51ed\u8bc1\u53caAPI\u670d\u52a1\u7aef\u70b9\uff1a $ openstack service create --name placement --description \"Placement API\" placement $ openstack endpoint create --region RegionOne placement public http://controller:8778 $ openstack endpoint create --region RegionOne placement internal http://controller:8778 $ openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install openstack-nova-api openstack-nova-conductor \\ openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-compute \\ openstack-nova-placement-api openstack-nova-console \u914d\u7f6enova\uff1a \u7f16\u8f91 /etc/nova/nova.conf \u6587\u4ef6\uff1a \u5728[default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b \u5728[api_database] [database] [placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b \u5728[vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b \u5728[glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b \u5728[oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b \u5728[placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 [DEFAULT] # ... enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.11 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver = libvirt.LibvirtDriver instances_path = /var/lib/nova/instances/ [api_database] # ... connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api [database] # ... connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true # ... server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html [glance] # ... api_servers = http://controller:9292 [oslo_concurrency] # ... lock_path = /var/lib/nova/tmp [placement] # ... region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] # ... auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS \u66ff\u6362RABBIT_PASS\u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6emy_ip\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362NOVA_DBPASS\u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362PLACEMENT_DBPASS\u4e3aplacement\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362NOVA_PASS\u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362PLACEMENT_PASS\u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362NEUTRON_PASS\u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u7f16\u8f91 /etc/httpd/conf.d/00-nova-placement-api.conf \uff0c\u589e\u52a0Placement API\u63a5\u5165\u914d\u7f6e <Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory> \u91cd\u542fhttpd\u670d\u52a1\uff1a $ systemctl restart httpd \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"nova-manage api_db sync\" nova \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova \u521b\u5efacell1 cell\uff1a $ su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova \u540c\u6b65nova\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"nova-manage db sync\" nova \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a $ egrep -c '(vmx|svm)' /proc/cpuinfo \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a \u6ce8\u610f\uff1a \u5982\u679c\u662f\u5728ARM64\u7684\u670d\u52a1\u5668\u4e0a\uff0c\u8fd8\u9700\u8981\u5728\u914d\u7f6e cpu_mode \u4e3a custom , cpu_model \u4e3a cortex-a72 # vim /etc/nova/nova.conf [libvirt] # ... virt_type = qemu cpu_mode = custom cpu_model = cortex-a72 \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u5728 compute \u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd chown nova:nova /usr/share/AAVMF -R vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd\", \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw:/usr/share/edk2/aarch64/vars-template-pflash.raw\" ] \u542f\u52a8\u8ba1\u7b97\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u914d\u7f6e\u5176\u5f00\u673a\u542f\u52a8\uff1a $ systemctl enable \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service $ systemctl start \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service $ systemctl enable libvirtd.service openstack-nova-compute.service $ systemctl start libvirtd.service openstack-nova-compute.service \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230cell\u6570\u636e\u5e93\uff1a \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u5b58\u5728\uff1a $ . admin-openrc $ openstack compute service list --service nova-compute \u6ce8\u518c\u8ba1\u7b97\u8282\u70b9\uff1a $ su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova \u9a8c\u8bc1 $ . admin-openrc \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a $ openstack compute service list \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a $ openstack catalog list \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a $ openstack image list \u68c0\u67e5cells\u548cplacement API\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 $ nova-status upgrade check","title":"Nova \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#neutron","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3aroot\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa neutron \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u66ff\u6362NEUTRON_DBPASS\uff0c\u4e3aneutron\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 $ . admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b8c\u6210\u521b\u5efa neutron \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efaneutron\u7528\u6237\u548c\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u2018neutron\u2019\u7528\u6237\u64cd\u4f5c\u3002 \u521b\u5efaneutron\u670d\u52a1 $ openstack user create --domain default --password-prompt neutron $ openstack role add --project service --user neutron admin $ openstack service create --name neutron --description \"OpenStack Networking\" network \u521b\u5efa\u7f51\u7edc\u670d\u52a1API\u7aef\u70b9\uff1a $ openstack endpoint create --region RegionOne network public http://controller:9696 $ openstack endpoint create --region RegionOne network internal http://controller:9696 $ openstack endpoint create --region RegionOne network admin http://controller:9696 \u5b89\u88c5\u548c\u914d\u7f6e Self-service \u7f51\u7edc \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install openstack-neutron openstack-neutron-ml2 \\ openstack-neutron-linuxbridge ebtables ipset \u914d\u7f6eneutron\uff1a \u7f16\u8f91 /etc/neutron/neutron.conf \u6587\u4ef6\uff1a \u5728[database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b \u5728[default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b \u5728[default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b \u5728[default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b \u5728[oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 [database] # ... connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron [DEFAULT] # ... core_plugin = ml2 service_plugins = router allow_overlapping_ips = true transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] # ... auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = nova password = NOVA_PASS [oslo_concurrency] # ... lock_path = /var/lib/neutron/tmp \u66ff\u6362NEUTRON_DBPASS\u4e3aneutron\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362RABBIT_PASS\u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362NEUTRON_PASS\u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362NOVA_PASS\u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a \u7f16\u8f91 /etc/neutron/plugins/ml2/ml2_conf.ini \u6587\u4ef6\uff1a \u5728[ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528\u7f51\u6865\u53ca layer-2 population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b \u5728[ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b \u5728[ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b \u5728[securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 # vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] # ... type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] # ... flat_networks = provider [ml2_type_vxlan] # ... vni_ranges = 1:1000 [securitygroup] # ... enable_ipset = true \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a \u7f16\u8f91 /etc/neutron/plugins/ml2/linuxbridge_agent.ini \u6587\u4ef6\uff1a \u5728[linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u5728[vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b \u5728[securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] # ... enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u66ff\u6362PROVIDER_INTERFACE_NAME\u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362OVERLAY_INTERFACE_IP_ADDRESS\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a \u7f16\u8f91 /etc/neutron/l3_agent.ini \u6587\u4ef6\uff1a \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge [DEFAULT] # ... interface_driver = linuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a \u7f16\u8f91 /etc/neutron/dhcp_agent.ini \u6587\u4ef6\uff1a \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 [DEFAULT] # ... interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u914d\u7f6emetadata\u4ee3\u7406\uff1a \u7f16\u8f91 /etc/neutron/metadata_agent.ini \u6587\u4ef6\uff1a \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 [DEFAULT] # ... nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u66ff\u6362METADATA_SECRET\u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6e\u8ba1\u7b97\u670d\u52a1 \u7f16\u8f91 /etc/nova/nova.conf \u6587\u4ef6\uff1a \u5728[neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 [neutron] # ... auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET \u66ff\u6362NEUTRON_PASS\u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362METADATA_SECRET\u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u5b8c\u6210\u5b89\u88c5 \u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u94fe\u63a5\uff1a $ ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u540c\u6b65\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a $ systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1\u5e76\u914d\u7f6e\u5f00\u673a\u542f\u52a8\uff1a $ systemctl enable neutron-server.service \\ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service $ systemctl start neutron-server.service \\ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service $ systemctl enable neutron-l3-agent.service $ systemctl start neutron-l3-agent.service \u9a8c\u8bc1 \u5217\u51fa\u4ee3\u7406\u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a $ openstack network agent list","title":"Neutron \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#cinder","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3aroot\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efacinder\u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u66ff\u6362CINDER_DBPASS\uff0c\u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 $ source admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a \u521b\u5efacinder\u7528\u6237 \u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018cinder\u2019 \u521b\u5efacinderv2\u548ccinderv3\u670d\u52a1 $ openstack user create --domain default --password-prompt cinder $ openstack role add --project service --user cinder admin $ openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 $ openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a $ openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s $ openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s $ openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s $ openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s $ openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s $ openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u548c\u914d\u7f6e\u63a7\u5236\u8282\u70b9 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install openstack-cinder \u914d\u7f6ecinder\uff1a \u7f16\u8f91 /etc/cinder/cinder.conf \u6587\u4ef6\uff1a \u5728[database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b \u5728[DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b \u5728[DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b \u5728[oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 [database] # ... connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [DEFAULT] # ... transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] # ... lock_path = /var/lib/cinder/tmp \u66ff\u6362CINDER_DBPASS\u4e3acinder\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362RABBIT_PASS\u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6emy_ip\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362CINDER_PASS\u4e3acinder\u7528\u6237\u7684\u5bc6\u7801\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"cinder-manage db sync\" cinder \u914d\u7f6e\u8ba1\u7b97\u4f7f\u7528\u5757\u5b58\u50a8\uff1a \u7f16\u8f91 /etc/nova/nova.conf \u6587\u4ef6\u3002 [cinder] os_region_name = RegionOne \u5b8c\u6210\u5b89\u88c5\uff1a \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 $ systemctl restart openstack-nova-api.service \u542f\u52a8\u5757\u5b58\u50a8\u670d\u52a1 $ systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service $ systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9\uff08LVM\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install lvm2 device-mapper-persistent-data scsi-target-utils python2-keystone \\ openstack-cinder-volume \u521b\u5efaLVM\u7269\u7406\u5377 /dev/sdb\uff1a $ pvcreate /dev/sdb \u521b\u5efaLVM\u5377\u7ec4 cinder-volumes\uff1a $ vgcreate cinder-volumes /dev/sdb \u7f16\u8f91 /etc/lvm/lvm.conf \u6587\u4ef6\uff1a \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/sdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 devices { # ... filter = [ \"a/sdb/\", \"r/.*/\"] \u7f16\u8f91 /etc/cinder/cinder.conf \u6587\u4ef6\uff1a \u5728[lvm]\u90e8\u5206\uff0c\u4f7f\u7528LVM\u9a71\u52a8\u3001cinder-volumes\u5377\u7ec4\u3001iSCSI\u534f\u8bae\u548c\u9002\u5f53\u7684iSCSI\u670d\u52a1\u914d\u7f6eLVM\u540e\u7aef\u3002 \u5728[DEFAULT]\u90e8\u5206\uff0c\u542f\u7528LVM\u540e\u7aef\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u4f4d\u7f6e\u3002 [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver volume_group = cinder-volumes target_protocol = iscsi target_helper = lioadm [DEFAULT] # ... enabled_backends = lvm glance_api_servers = http://controller:9292 \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u5b8c\u6210\u5b89\u88c5\uff1a $ systemctl enable openstack-cinder-volume.service tgtd.service iscsid.service $ systemctl start openstack-cinder-volume.service tgtd.service iscsid.service \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9\uff08ceph RBD\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install ceph-common python2-rados python2-rbd python2-keystone openstack-cinder-volume \u5728[DEFAULT]\u90e8\u5206\uff0c\u542f\u7528LVM\u540e\u7aef\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u4f4d\u7f6e\u3002 [DEFAULT] enabled_backends = ceph-rbd \u6dfb\u52a0ceph rbd\u914d\u7f6e\u90e8\u5206\uff0c\u914d\u7f6e\u5757\u547d\u540d\u4e0eenabled_backends\u4e2d\u4fdd\u6301\u4e00\u81f4 [ceph-rbd] glance_api_version = 2 rados_connect_timeout = -1 rbd_ceph_conf = /etc/ceph/ceph.conf rbd_flatten_volume_from_snapshot = False rbd_max_clone_depth = 5 rbd_pool = <RBD_POOL_NAME> # RBD\u5b58\u50a8\u6c60\u540d\u79f0 rbd_secret_uuid = <rbd_secret_uuid> # \u968f\u673a\u751f\u6210SECRET UUID rbd_store_chunk_size = 4 rbd_user = <RBD_USER_NAME> volume_backend_name = ceph-rbd volume_driver = cinder.volume.drivers.rbd.RBDDriver \u914d\u7f6e\u5b58\u50a8\u8282\u70b9ceph\u5ba2\u6237\u7aef\uff0c\u9700\u8981\u4fdd\u8bc1/etc/ceph/\u76ee\u5f55\u4e2d\u5305\u542bceph\u96c6\u7fa4\u8bbf\u95ee\u914d\u7f6e\uff0c\u5305\u62ecceph.conf\u4ee5\u53cakeyring [root@openeuler ~]# ll /etc/ceph -rw-r--r-- 1 root root 82 Jun 16 17:11 ceph.client.<rbd_user>.keyring -rw-r--r-- 1 root root 1.5K Jun 16 17:11 ceph.conf -rw-r--r-- 1 root root 92 Jun 16 17:11 rbdmap \u5728\u5b58\u50a8\u8282\u70b9\u68c0\u67e5ceph\u96c6\u7fa4\u662f\u5426\u6b63\u5e38\u53ef\u8bbf\u95ee [root@openeuler ~]# ceph --user cinder -s cluster: id: b7b2fac6-420f-4ec1-aea2-4862d29b4059 health: HEALTH_OK services: mon: 3 daemons, quorum VIRT01,VIRT02,VIRT03 mgr: VIRT03(active), standbys: VIRT02, VIRT01 mds: cephfs_virt-1/1/1 up {0=VIRT03=up:active}, 2 up:standby osd: 15 osds: 15 up, 15 in data: pools: 7 pools, 1416 pgs objects: 5.41M objects, 19.8TiB usage: 49.3TiB used, 59.9TiB / 109TiB avail pgs: 1414 active io: client: 2.73MiB/s rd, 22.4MiB/s wr, 3.21kop/s rd, 1.19kop/s wr \u542f\u52a8\u670d\u52a1 $ systemctl enable openstack-cinder-volume.service $ systemctl start openstack-cinder-volume.service \u5b89\u88c5\u548c\u914d\u7f6e\u5907\u4efd\u670d\u52a1 \u7f16\u8f91 /etc/cinder/cinder.conf \u6587\u4ef6\uff1a \u5728[DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6e\u5907\u4efd\u9009\u9879 [DEFAULT] # ... # \u6ce8\u610f: openEuler 21.03\u4e2d\u6ca1\u6709\u63d0\u4f9bOpenStack Swift\u8f6f\u4ef6\u5305\uff0c\u9700\u8981\u7528\u6237\u81ea\u884c\u5b89\u88c5\u3002\u6216\u8005\u4f7f\u7528\u5176\u4ed6\u7684\u5907\u4efd\u540e\u7aef\uff0c\u4f8b\u5982\uff0cNFS\u3002NFS\u5df2\u7ecf\u8fc7\u6d4b\u8bd5\u9a8c\u8bc1\uff0c\u53ef\u4ee5\u6b63\u5e38\u4f7f\u7528\u3002 backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver backup_swift_url = SWIFT_URL \u66ff\u6362SWIFT_URL\u4e3a\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u7684URL\uff0c\u8be5URL\u53ef\u4ee5\u901a\u8fc7\u5bf9\u8c61\u5b58\u50a8API\u7aef\u70b9\u627e\u5230\uff1a $ openstack catalog show object-store \u5b8c\u6210\u5b89\u88c5\uff1a $ systemctl enable openstack-cinder-backup.service $ systemctl start openstack-cinder-backup.service \u9a8c\u8bc1 \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\u9a8c\u8bc1\u6bcf\u4e2a\u6b65\u9aa4\u6210\u529f\uff1a $ source admin-openrc $ openstack volume service list \u6ce8\uff1a\u76ee\u524d\u6682\u672a\u5bf9swift\u7ec4\u4ef6\u8fdb\u884c\u652f\u6301\uff0c\u6709\u6761\u4ef6\u7684\u540c\u5b66\u53ef\u4ee5\u914d\u7f6e\u5bf9\u63a5ceph\u3002","title":"Cinder \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#horizon","text":"\u5b89\u88c5\u8f6f\u4ef6\u5305 $ yum install openstack-dashboard 2. \u4fee\u6539\u6587\u4ef6 /usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.py \u4fee\u6539\u53d8\u91cf ALLOWED_HOSTS = ['*', ] OPENSTACK_HOST = \"controller\" OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } \u65b0\u589e\u53d8\u91cf OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } WEBROOT = \"/dashboard/\" COMPRESS_OFFLINE = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"admin\" LOGIN_URL = '/dashboard/auth/login/' LOGOUT_URL = '/dashboard/auth/logout/' 3. \u4fee\u6539\u6587\u4ef6/etc/httpd/conf.d/openstack-dashboard.conf WSGIDaemonProcess dashboard WSGIProcessGroup dashboard WSGISocketPrefix run/wsgi WSGIApplicationGroup %{GLOBAL} WSGIScriptAlias /dashboard /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi Alias /dashboard/static /usr/share/openstack-dashboard/static <Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi> Options All AllowOverride All Require all granted </Directory> <Directory /usr/share/openstack-dashboard/static> Options All AllowOverride All Require all granted </Directory> 4. \u5728/usr/share/openstack-dashboard\u76ee\u5f55\u4e0b\u6267\u884c $ ./manage.py compress 5. \u91cd\u542f httpd \u670d\u52a1 $ systemctl restart httpd 5. \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740http:// \uff0c\u767b\u5f55 horizon\u3002","title":"Horizon \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5 \u5b89\u88c5Tempest $ yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 $ tempest init mytest 3. \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 $ cd mytest $ vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 $ tempest run","title":"Tempest \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-ironic-api openstack-ironic-conductor python2-ironicclient \u542f\u52a8\u670d\u52a1 systemctl enable openstack-ironic-api openstack-ironic-conductor systemctl start openstack-ironic-api openstack-ironic-conductor \u7ec4\u4ef6\u5b89\u88c5\u4e0e\u914d\u7f6e ##### \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 $ openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic $ openstack role add --project service --user ironic admin $ openstack service create --name ironic --description \\ \"Ironic baremetal provisioning service\" baremetal 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 $ openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 $ openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 $ openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 ##### \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone force_config_drive = True [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u9700\u8981\u5728\u914d\u7f6e\u6587\u4ef6\u4e2d\u6307\u5b9aironic\u65e5\u5fd7\u76ee\u5f55 [DEFAULT] log_dir = /var/log/ironic/ 5\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 $ ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 6\u3001\u91cd\u542fironic-api\u670d\u52a1 $ systemctl restart openstack-ironic-api ##### \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenstack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenstack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenstack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenstack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenstack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728Openstack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeopenstack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] # ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 $ systemctl restart openstack-ironic-conductor deploy ramdisk\u955c\u50cf\u5236\u4f5c \u76ee\u524dramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic python agent builder\u6765\u8fdb\u884c\u5236\u4f5c\uff0c\u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528\u8fd9\u4e2a\u5de5\u5177\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002\uff08\u7528\u6237\u4e5f\u53ef\u4ee5\u6839\u636e\u81ea\u5df1\u7684\u60c5\u51b5\u83b7\u53d6ironic-python-agent\uff0c\u8fd9\u91cc\u63d0\u4f9b\u4f7f\u7528ipa-builder\u5236\u4f5cipa\u65b9\u6cd5\uff09 ##### \u5b89\u88c5 ironic-python-agent-builder \u5b89\u88c5\u5de5\u5177\uff1a $ pip install ironic-python-agent-builder \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a $ /usr/bin/yum /usr/libexec/urlgrabber-ext-down \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a $ yum install git \u7531\u4e8e DIB \u4f9d\u8d56 semanage \u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a semanage --help \uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ##### \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f aarch64 \u67b6\u6784\uff0c\u8fd8\u9700\u8981\u6dfb\u52a0\uff1a $ export ARCH=aarch64 ###### \u666e\u901a\u955c\u50cf \u57fa\u672c\u7528\u6cd5\uff1a usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder \u4e3e\u4f8b\u8bf4\u660e\uff1a $ ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ###### \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a $ export DIB_DEV_USER_USERNAME=ipa \\ $ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ $ export DIB_DEV_USER_PASSWORD='123' $ ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ###### \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 \u53c2\u8003\uff1a source-repositories \u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u5728Rocky\u4e2d\uff0c\u6211\u4eec\u8fd8\u63d0\u4f9b\u4e86ironic-inspector\u7b49\u670d\u52a1\uff0c\u7528\u6237\u53ef\u6839\u636e\u81ea\u8eab\u9700\u6c42\u5b89\u88c5\u3002","title":"Ironic \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#kolla","text":"Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 20.03 LTS SP2\u4e2d\u5df2\u7ecf\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\uff0c\u4f46\u662fKolla \u4ee5\u53ca Kolla-ansible \u539f\u751f\u5e76\u4e0d\u652f\u6301 openEuler\uff0c \u56e0\u6b64 Openstack SIG \u5728openEuler 20.03 LTS SP3\u4e2d\u63d0\u4f9b\u4e86 openstack-kolla-plugin \u548c openstack-kolla-ansible-plugin \u8fd9\u4e24\u4e2a\u8865\u4e01\u5305\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef \u652f\u6301 openEuler \u7248\u672c\uff1a yum install openstack-kolla-plugin openstack-kolla-ansible-plugin \u4e0d\u652f\u6301 openEuler \u7248\u672c\uff1a yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002","title":"Kolla \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5bf9\u5e94\u5bc6\u7801 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 $ openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove $ openstack role add --project service --user trove admin $ openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 $ openstack endpoint create --region RegionOne database public http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s $ openstack endpoint create --region RegionOne database internal http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s $ openstack endpoint create --region RegionOne database admin http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s \u89e3\u91ca\uff1a $TROVE_NODE \u66ff\u6362\u4e3aTrove\u7684API\u670d\u52a1\u90e8\u7f72\u8282\u70b9 \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 $ yum install openstack-trove python2-troveclient 2\u3001\u914d\u7f6e /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove auth_strategy = keystone # Config option for showing the IP address that nova doles out add_addresses = True network_label_regex = ^NETWORK_LABEL$ api_paste_config = /etc/trove/api-paste.ini trove_auth_url = http://controller:35357/v3/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASS nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/v3/ auth_url=http://controller:35357/v3/ #auth_uri = http://controller/identity #auth_url = http://controller/identity_admin auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = trove password = TROVE_PASS \u89e3\u91ca\uff1a - [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP - nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint - nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b - transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 3\u3001\u914d\u7f6e /etc/trove/trove-taskmanager.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller/identity/v2.0 nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove \u89e3\u91ca\uff1a \u53c2\u7167 trove.conf \u914d\u7f6e 4\u3001\u914d\u7f6e /etc/trove/trove-conductor.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller/identity/v2.0 nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:trove@controller/trove \u89e3\u91ca\uff1a \u53c2\u7167 trove.conf \u914d\u7f6e 5\u3001\u914d\u7f6e /etc/trove/trove-guestagent.conf [DEFAULT] rabbit_host = controller rabbit_password = RABBIT_PASS nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASS nova_proxy_admin_tenant_name = service trove_auth_url = http://controller/identity_admin/v2.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 6\u3001\u751f\u6210\u6570\u636e Trove \u6570\u636e\u5e93\u8868 $ su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e 1\u3001\u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 $ systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2\u3001\u542f\u52a8\u670d\u52a1 $ systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#rally","text":"Rally\u662fOpenStack\u63d0\u4f9b\u7684\u6027\u80fd\u6d4b\u8bd5\u5de5\u5177\u3002\u53ea\u9700\u8981\u7b80\u5355\u7684\u5b89\u88c5\u5373\u53ef\u3002 yum install openstack-rally openstack-rally-plugins","title":"Rally \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/","text":"OpenStack-Train \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack-Train \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 OpenStack \u7b80\u4ecb \u00b6 OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 20.03-LTS-SP3 \u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Train \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002 \u7ea6\u5b9a \u00b6 OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron \u51c6\u5907\u73af\u5883 \u00b6 \u73af\u5883\u914d\u7f6e \u00b6 \u914d\u7f6e 20.03-LTS-SP3 \u5b98\u65b9yum\u6e90\uff0c\u9700\u8981\u542f\u7528EPOL\u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301OpenStack cat << EOF >> /etc/yum.repos.d/20.03-LTS-SP3-OpenStack_Train.repo [OS] name=OS baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP3/OS/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP3/OS/$basearch/RPM-GPG-KEY-openEuler [everything] name=everything baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP3/everything/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP3/everything/$basearch/RPM-GPG-KEY-openEuler [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP3/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP3/OS/$basearch/RPM-GPG-KEY-openEuler EOF yum clean all && yum makecache \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute \u5b89\u88c5 SQL DataBase \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef \u5b89\u88c5 RabbitMQ \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5 Memcached \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u5b89\u88c5 OpenStack \u00b6 Keystone \u5b89\u88c5 \u00b6 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Placement\u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a . admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name Nova \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) logdir = /var/log/nova/ [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u5219 virt_type \u53ef\u4ee5\u914d\u7f6e\u4e3a kvm \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF chown nova:nova /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u5e76\u4e14\u5f53ARM\u67b6\u6784\u4e0b\u7684\u90e8\u7f72\u73af\u5883\u4e3a\u5d4c\u5957\u865a\u62df\u5316\u65f6\uff0c libvirt \u914d\u7f6e\u5982\u4e0b\uff1a [libvirt] virt_type = qemu cpu_mode = custom cpu_model = cortex-a72 \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CTL) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL) Neutron \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini (CTL) [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ (CTL) --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl restart neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list Cinder \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS\u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list horizon \u5b89\u88c5 \u00b6 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"user\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740 Tempest \u5b89\u88c5 \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Train\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin Ironic \u5b89\u88c5 \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; 2. \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u542f\u52a8\u670d\u52a1 systemctl enable openstack-ironic-api openstack-ironic-conductor systemctl start openstack-ironic-api openstack-ironic-conductor \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y 2. \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7. deploy ramdisk\u955c\u50cf\u5236\u4f5c T\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528T\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728T\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a T\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target \u5728Train\u4e2d\uff0c\u6211\u4eec\u8fd8\u63d0\u4f9b\u4e86ironic-inspector\u7b49\u670d\u52a1\uff0c\u7528\u6237\u53ef\u6839\u636e\u81ea\u8eab\u9700\u6c42\u5b89\u88c5\u3002 Kolla \u5b89\u88c5 \u00b6 Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u8fdb\u884c\u76f8\u5173\u7684\u955c\u50cf\u5236\u4f5c\u548c\u5bb9\u5668\u73af\u5883\u90e8\u7f72\u4e86\u3002 Trove \u5b89\u88c5 \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --domain default --password-prompt trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 ``shell script yum install openstack-trove python3-troveclient 2. \u914d\u7f6e`trove.conf` ```shell script vim /etc/trove/trove.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller:5000/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 swift_url = http://controller:8080/v1/AUTH_ rpc_backend = rabbit transport_url = rabbit://openstack:RABBIT_PASS@controller:5672 auth_strategy = keystone add_addresses = True api_paste_config = /etc/trove/api-paste.ini nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASSWORD nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver = trove.network.neutron.NeutronDriver network_label_regex = .* [database] connection = mysql+pymysql://trove:TROVE_DBPASSWORD@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ auth_type = password project_domain_name = default user_domain_name = default project_name = service username = trove password = TROVE_PASSWORD **\u89e3\u91ca\uff1a** - [Default] \u5206\u7ec4\u4e2d nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint - nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b - transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 \u914d\u7f6e trove-guestagent.conf ```shell script vim /etc/trove/trove-guestagent.conf rabbit_host = controller rabbit_password = RABBIT_PASS trove_auth_url = http://controller:5000/ **\u89e3\u91ca\uff1a** `guestagent`\u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 **\u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002** - `RABBIT_PASS`\u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 4. \u751f\u6210\u6570\u636e`Trove`\u6570\u636e\u5e93\u8868 ```shell script su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 ```shell script systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2. \u542f\u52a8\u670d\u52a1 ```shell script systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Swift \u5b89\u88c5 \u00b6 Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #admin\u4e3aswift\u7528\u6237\u6dfb\u52a0\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8swift\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3a\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230 /etc/swift \u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service Cyborg \u5b89\u88c5 \u00b6 Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 \u5b89\u88c5Cyborg yum install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent Aodh \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync \u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service Gnocchi \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade \u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service Ceilometer \u5b89\u88c5 \u00b6 \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade \u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Heat \u5b89\u88c5 \u00b6 \u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service","title":"openEuler-20.03-LTS-SP3_Train"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#openstack-train","text":"OpenStack-Train \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5","title":"OpenStack-Train \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#openstack","text":"OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 20.03-LTS-SP3 \u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Train \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002","title":"OpenStack \u7b80\u4ecb"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#_1","text":"OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron","title":"\u7ea6\u5b9a"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#_2","text":"","title":"\u51c6\u5907\u73af\u5883"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#_3","text":"\u914d\u7f6e 20.03-LTS-SP3 \u5b98\u65b9yum\u6e90\uff0c\u9700\u8981\u542f\u7528EPOL\u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301OpenStack cat << EOF >> /etc/yum.repos.d/20.03-LTS-SP3-OpenStack_Train.repo [OS] name=OS baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP3/OS/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP3/OS/$basearch/RPM-GPG-KEY-openEuler [everything] name=everything baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP3/everything/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP3/everything/$basearch/RPM-GPG-KEY-openEuler [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP3/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP3/OS/$basearch/RPM-GPG-KEY-openEuler EOF yum clean all && yum makecache \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute","title":"\u73af\u5883\u914d\u7f6e"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#sql-database","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef","title":"\u5b89\u88c5 SQL DataBase"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#rabbitmq","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5 RabbitMQ"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#memcached","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002","title":"\u5b89\u88c5 Memcached"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#openstack_1","text":"","title":"\u5b89\u88c5 OpenStack"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#keystone","text":"\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#glance","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#placement","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a . admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name","title":"Placement\u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#nova","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) logdir = /var/log/nova/ [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u5219 virt_type \u53ef\u4ee5\u914d\u7f6e\u4e3a kvm \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF chown nova:nova /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u5e76\u4e14\u5f53ARM\u67b6\u6784\u4e0b\u7684\u90e8\u7f72\u73af\u5883\u4e3a\u5d4c\u5957\u865a\u62df\u5316\u65f6\uff0c libvirt \u914d\u7f6e\u5982\u4e0b\uff1a [libvirt] virt_type = qemu cpu_mode = custom cpu_model = cortex-a72 \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CTL) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL)","title":"Nova \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#neutron","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini (CTL) [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ (CTL) --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl restart neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list","title":"Neutron \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#cinder","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS\u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list","title":"Cinder \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#horizon","text":"\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"user\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740","title":"horizon \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Train\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin","title":"Tempest \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; 2. \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u542f\u52a8\u670d\u52a1 systemctl enable openstack-ironic-api openstack-ironic-conductor systemctl start openstack-ironic-api openstack-ironic-conductor \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y 2. \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7. deploy ramdisk\u955c\u50cf\u5236\u4f5c T\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528T\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728T\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a T\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target \u5728Train\u4e2d\uff0c\u6211\u4eec\u8fd8\u63d0\u4f9b\u4e86ironic-inspector\u7b49\u670d\u52a1\uff0c\u7528\u6237\u53ef\u6839\u636e\u81ea\u8eab\u9700\u6c42\u5b89\u88c5\u3002","title":"Ironic \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#kolla","text":"Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u8fdb\u884c\u76f8\u5173\u7684\u955c\u50cf\u5236\u4f5c\u548c\u5bb9\u5668\u73af\u5883\u90e8\u7f72\u4e86\u3002","title":"Kolla \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --domain default --password-prompt trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 ``shell script yum install openstack-trove python3-troveclient 2. \u914d\u7f6e`trove.conf` ```shell script vim /etc/trove/trove.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller:5000/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 swift_url = http://controller:8080/v1/AUTH_ rpc_backend = rabbit transport_url = rabbit://openstack:RABBIT_PASS@controller:5672 auth_strategy = keystone add_addresses = True api_paste_config = /etc/trove/api-paste.ini nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASSWORD nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver = trove.network.neutron.NeutronDriver network_label_regex = .* [database] connection = mysql+pymysql://trove:TROVE_DBPASSWORD@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ auth_type = password project_domain_name = default user_domain_name = default project_name = service username = trove password = TROVE_PASSWORD **\u89e3\u91ca\uff1a** - [Default] \u5206\u7ec4\u4e2d nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint - nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b - transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 \u914d\u7f6e trove-guestagent.conf ```shell script vim /etc/trove/trove-guestagent.conf rabbit_host = controller rabbit_password = RABBIT_PASS trove_auth_url = http://controller:5000/ **\u89e3\u91ca\uff1a** `guestagent`\u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 **\u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002** - `RABBIT_PASS`\u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 4. \u751f\u6210\u6570\u636e`Trove`\u6570\u636e\u5e93\u8868 ```shell script su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 ```shell script systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2. \u542f\u52a8\u670d\u52a1 ```shell script systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#swift","text":"Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #admin\u4e3aswift\u7528\u6237\u6dfb\u52a0\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8swift\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3a\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230 /etc/swift \u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service","title":"Swift \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#cyborg","text":"Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 \u5b89\u88c5Cyborg yum install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent","title":"Cyborg \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#aodh","text":"\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync \u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service","title":"Aodh \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#gnocchi","text":"\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade \u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service","title":"Gnocchi \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#ceilometer","text":"\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade \u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service","title":"Ceilometer \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#heat","text":"\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service","title":"Heat \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/","text":"OpenStack-Train \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack-Train \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u65b0\u7279\u6027\u7684\u5b89\u88c5 Neutron\u6d41\u91cf\u5206\u6563\u7279\u6027 OpenStack \u7b80\u4ecb \u00b6 OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 20.03-LTS-SP4 \u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Train \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002 \u7ea6\u5b9a \u00b6 OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron \u51c6\u5907\u73af\u5883 \u00b6 \u73af\u5883\u914d\u7f6e \u00b6 \u914d\u7f6e 20.03-LTS-SP4 \u5b98\u65b9yum\u6e90\uff0c\u9700\u8981\u542f\u7528EPOL\u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301OpenStack cat << EOF >> /etc/yum.repos.d/20.03-LTS-SP4-OpenStack_Train.repo [OS] name=OS baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/OS/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/OS/$basearch/RPM-GPG-KEY-openEuler [everything] name=everything baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/everything/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/everything/$basearch/RPM-GPG-KEY-openEuler [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/OS/$basearch/RPM-GPG-KEY-openEuler EOF yum clean all && yum makecache \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute \u5b89\u88c5 SQL DataBase \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vi /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef \u5b89\u88c5 RabbitMQ \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5 Memcached \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vi /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u5b89\u88c5 OpenStack \u00b6 Keystone \u5b89\u88c5 \u00b6 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vi /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vi /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vi /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Placement\u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vi /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a . admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name Nova \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vi /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) logdir = /var/log/nova/ [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vi /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u5219 virt_type \u53ef\u4ee5\u914d\u7f6e\u4e3a kvm \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF chown nova:nova /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd vi /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u5e76\u4e14\u5f53ARM\u67b6\u6784\u4e0b\u7684\u90e8\u7f72\u73af\u5883\u4e3a\u5d4c\u5957\u865a\u62df\u5316\u65f6\uff0c libvirt \u914d\u7f6e\u5982\u4e0b\uff1a [libvirt] virt_type = qemu cpu_mode = custom cpu_model = cortex-a72 \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CTL) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL) Neutron \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vi /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vi /etc/neutron/plugins/ml2/ml2_conf.ini (CTL) [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vi /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vi /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vi /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vi /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ (CTL) --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl restart neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list Cinder \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vi /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vi /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS\u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vi /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list horizon \u5b89\u88c5 \u00b6 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vi /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"user\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740 Tempest \u5b89\u88c5 \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Train\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin Ironic \u5b89\u88c5 \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; 2. \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u542f\u52a8\u670d\u52a1 systemctl enable openstack-ironic-api openstack-ironic-conductor systemctl start openstack-ironic-api openstack-ironic-conductor \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y 2. \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7. deploy ramdisk\u955c\u50cf\u5236\u4f5c T\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528T\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728T\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a T\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vi usr/lib/systemd/system/ironic-python-agent.service [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target \u5728Train\u4e2d\uff0c\u6211\u4eec\u8fd8\u63d0\u4f9b\u4e86ironic-inspector\u7b49\u670d\u52a1\uff0c\u7528\u6237\u53ef\u6839\u636e\u81ea\u8eab\u9700\u6c42\u5b89\u88c5\u3002 Kolla \u5b89\u88c5 \u00b6 Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u8fdb\u884c\u76f8\u5173\u7684\u955c\u50cf\u5236\u4f5c\u548c\u5bb9\u5668\u73af\u5883\u90e8\u7f72\u4e86\u3002 Trove \u5b89\u88c5 \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --domain default --password-prompt trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 ``shell script yum install openstack-trove python3-troveclient 2. \u914d\u7f6e`trove.conf` ```shell script vi /etc/trove/trove.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller:5000/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 swift_url = http://controller:8080/v1/AUTH_ rpc_backend = rabbit transport_url = rabbit://openstack:RABBIT_PASS@controller:5672 auth_strategy = keystone add_addresses = True api_paste_config = /etc/trove/api-paste.ini nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASSWORD nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver = trove.network.neutron.NeutronDriver network_label_regex = .* [database] connection = mysql+pymysql://trove:TROVE_DBPASSWORD@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ auth_type = password project_domain_name = default user_domain_name = default project_name = service username = trove password = TROVE_PASSWORD **\u89e3\u91ca\uff1a** - [Default] \u5206\u7ec4\u4e2d nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint - nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b - transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 \u914d\u7f6e trove-guestagent.conf ```shell script vi /etc/trove/trove-guestagent.conf rabbit_host = controller rabbit_password = RABBIT_PASS trove_auth_url = http://controller:5000/ **\u89e3\u91ca\uff1a** `guestagent`\u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 **\u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002** - `RABBIT_PASS`\u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 4. \u751f\u6210\u6570\u636e`Trove`\u6570\u636e\u5e93\u8868 ```shell script su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 ```shell script systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2. \u542f\u52a8\u670d\u52a1 ```shell script systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Swift \u5b89\u88c5 \u00b6 Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #admin\u4e3aswift\u7528\u6237\u6dfb\u52a0\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8swift\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3a\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230 /etc/swift \u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service Cyborg \u5b89\u88c5 \u00b6 Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 \u5b89\u88c5Cyborg yum install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent Aodh \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync \u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service Gnocchi \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade \u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service Ceilometer \u5b89\u88c5 \u00b6 \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade \u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Heat \u5b89\u88c5 \u00b6 \u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service \u65b0\u7279\u6027\u7684\u5b89\u88c5 \u00b6 Neutron\u6d41\u91cf\u5206\u6563\u7279\u6027 \u00b6 \u6d41\u91cf\u5206\u6563\u7279\u6027\u662fOpenStack SIG\u5728openEuler 20.03\u4e2d\u57fa\u4e8eOpenStack Train\u5f00\u53d1\u7684Neutron\u65b0\u7279\u6027\uff0c\u8be5\u7279\u6027\u5141\u8bb8\u7528\u6237\u6307\u5b9a\u8def\u7531\u5668\u6240\u5728\u7684\u7f51\u7edc\u8282\u70b9\uff0c\u540c\u65f6\u8fd8\u63d0\u4f9b\u57fa\u4e8e\u8def\u7531\u5668\u5916\u90e8\u7f51\u5173\u7684\u7aef\u53e3\u8f6c\u53d1\u7684\u529f\u80fd\u3002\u8be5\u7279\u6027\u652f\u6301Neutron\u7684L3 HA\u548cDVR\uff0c\u5177\u4f53\u7ec6\u8282\u53ef\u4ee5\u53c2\u8003 \u7279\u6027\u6587\u6863 \u3002\u672c\u6587\u6863\u4e3b\u8981\u63cf\u8ff0\u5b89\u88c5\u6b65\u9aa4\u3002 \u6309\u7167\u524d\u9762\u7ae0\u8282\u90e8\u7f72\u597d\u4e00\u5957OpenStack\u73af\u5883\uff08\u975e\u5bb9\u5668\uff09\uff0c\u7136\u540e\u5148\u5b89\u88c5plugin\u3002 dnf install -y openstack-neutron-distributed-traffic python3-neutron-lib-distributed-traffic \u914d\u7f6e\u6570\u636e\u5e93 \u672c\u7279\u6027\u5bf9Neutron\u7684\u6570\u636e\u8868\u8fdb\u884c\u4e86\u6269\u5145\uff0c\u56e0\u6b64\u9700\u8981\u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron (CTL) \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/neutron/neutron.conf [DEFAULT] enable_set_route_for_single_port = True network_nodes = network-1,network-2,network-3 router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.PreferredL3AgentRoutersScheduler [network-1] compute_nodes = compute-1 [network-2] compute_nodes = compute-2 [network-3] compute_nodes = compute-3 \u5176\u4e2dnetwork-1\u3001network-2\u548cnetwork-3\u662f\u7f51\u7edc\u8282\u70b9\u7684hostname\uff0ccompute-1\u3001compute-2\u548ccompute-3\u662f\u8ba1\u7b97\u8282\u70b9\u7684hostname\u3002\u6309\u7167\u4e0a\u9762\u8bbe\u7f6e\u7528\u6237\u5728\u521b\u5efa\u591a\u4e2a\u8def\u7531\u5668\u8fde\u63a5\u5230\u540c\u4e00\u5b50\u7f51\u65f6\uff0c\u4f4d\u4e8e\u4e0d\u540c\u8ba1\u7b97\u8282\u70b9\u7684\u865a\u62df\u673a\u7684\u6d41\u91cf\u5c31\u6309\u7167\u914d\u7f6e\u6587\u4ef6\u627e\u5230\u5bf9\u5e94\u7684\u7f51\u7edc\u8282\u70b9\u7684\u8def\u7531\u5668\u3002 \u6253\u5f00\u57fa\u4e8e\u8def\u7531\u5668\u5916\u90e8\u7f51\u5173\u7684\u7aef\u53e3\u8f6c\u53d1\uff08\u53ef\u9009\uff09\u3002\u57fa\u4e8e\u5916\u90e8\u7f51\u5173\u7684\u7aef\u53e3\u8f6c\u53d1\u4e0e\u57fa\u4e8e\u6d6e\u52a8IP\u7684\u7aef\u53e3\u8f6c\u53d1\u4e0d\u80fd\u540c\u65f6\u4f7f\u7528\u3002 vim /etc/neutron/neutron.conf [DEFAULT] service_plugins = router,rg_port_forwarding vim /etc/neutron/l3_agent.ini [agent] extensions = rg_port_forwarding \u91cd\u542f\u76f8\u5173\u670d\u52a1\u3002 systemctl restart neutron-server.service neutron-dhcp-agent.service neutron-l3-agent.service (CTL)","title":"openEuler-20.03-LTS-SP4_Train"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#openstack-train","text":"OpenStack-Train \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u65b0\u7279\u6027\u7684\u5b89\u88c5 Neutron\u6d41\u91cf\u5206\u6563\u7279\u6027","title":"OpenStack-Train \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#openstack","text":"OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 20.03-LTS-SP4 \u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Train \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002","title":"OpenStack \u7b80\u4ecb"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#_1","text":"OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron","title":"\u7ea6\u5b9a"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#_2","text":"","title":"\u51c6\u5907\u73af\u5883"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#_3","text":"\u914d\u7f6e 20.03-LTS-SP4 \u5b98\u65b9yum\u6e90\uff0c\u9700\u8981\u542f\u7528EPOL\u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301OpenStack cat << EOF >> /etc/yum.repos.d/20.03-LTS-SP4-OpenStack_Train.repo [OS] name=OS baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/OS/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/OS/$basearch/RPM-GPG-KEY-openEuler [everything] name=everything baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/everything/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/everything/$basearch/RPM-GPG-KEY-openEuler [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/OS/$basearch/RPM-GPG-KEY-openEuler EOF yum clean all && yum makecache \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute","title":"\u73af\u5883\u914d\u7f6e"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#sql-database","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vi /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef","title":"\u5b89\u88c5 SQL DataBase"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#rabbitmq","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5 RabbitMQ"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#memcached","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vi /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002","title":"\u5b89\u88c5 Memcached"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#openstack_1","text":"","title":"\u5b89\u88c5 OpenStack"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#keystone","text":"\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vi /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vi /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#glance","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vi /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#placement","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vi /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a . admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name","title":"Placement\u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#nova","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vi /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) logdir = /var/log/nova/ [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vi /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u5219 virt_type \u53ef\u4ee5\u914d\u7f6e\u4e3a kvm \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF chown nova:nova /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd vi /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u5e76\u4e14\u5f53ARM\u67b6\u6784\u4e0b\u7684\u90e8\u7f72\u73af\u5883\u4e3a\u5d4c\u5957\u865a\u62df\u5316\u65f6\uff0c libvirt \u914d\u7f6e\u5982\u4e0b\uff1a [libvirt] virt_type = qemu cpu_mode = custom cpu_model = cortex-a72 \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CTL) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL)","title":"Nova \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#neutron","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vi /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vi /etc/neutron/plugins/ml2/ml2_conf.ini (CTL) [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vi /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vi /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vi /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vi /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ (CTL) --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl restart neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list","title":"Neutron \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#cinder","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vi /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vi /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS\u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vi /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list","title":"Cinder \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#horizon","text":"\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vi /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"user\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740","title":"horizon \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Train\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin","title":"Tempest \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; 2. \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u542f\u52a8\u670d\u52a1 systemctl enable openstack-ironic-api openstack-ironic-conductor systemctl start openstack-ironic-api openstack-ironic-conductor \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y 2. \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7. deploy ramdisk\u955c\u50cf\u5236\u4f5c T\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528T\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728T\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a T\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vi usr/lib/systemd/system/ironic-python-agent.service [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target \u5728Train\u4e2d\uff0c\u6211\u4eec\u8fd8\u63d0\u4f9b\u4e86ironic-inspector\u7b49\u670d\u52a1\uff0c\u7528\u6237\u53ef\u6839\u636e\u81ea\u8eab\u9700\u6c42\u5b89\u88c5\u3002","title":"Ironic \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#kolla","text":"Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u8fdb\u884c\u76f8\u5173\u7684\u955c\u50cf\u5236\u4f5c\u548c\u5bb9\u5668\u73af\u5883\u90e8\u7f72\u4e86\u3002","title":"Kolla \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --domain default --password-prompt trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 ``shell script yum install openstack-trove python3-troveclient 2. \u914d\u7f6e`trove.conf` ```shell script vi /etc/trove/trove.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller:5000/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 swift_url = http://controller:8080/v1/AUTH_ rpc_backend = rabbit transport_url = rabbit://openstack:RABBIT_PASS@controller:5672 auth_strategy = keystone add_addresses = True api_paste_config = /etc/trove/api-paste.ini nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASSWORD nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver = trove.network.neutron.NeutronDriver network_label_regex = .* [database] connection = mysql+pymysql://trove:TROVE_DBPASSWORD@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ auth_type = password project_domain_name = default user_domain_name = default project_name = service username = trove password = TROVE_PASSWORD **\u89e3\u91ca\uff1a** - [Default] \u5206\u7ec4\u4e2d nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint - nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b - transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 \u914d\u7f6e trove-guestagent.conf ```shell script vi /etc/trove/trove-guestagent.conf rabbit_host = controller rabbit_password = RABBIT_PASS trove_auth_url = http://controller:5000/ **\u89e3\u91ca\uff1a** `guestagent`\u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 **\u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002** - `RABBIT_PASS`\u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 4. \u751f\u6210\u6570\u636e`Trove`\u6570\u636e\u5e93\u8868 ```shell script su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 ```shell script systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2. \u542f\u52a8\u670d\u52a1 ```shell script systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#swift","text":"Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #admin\u4e3aswift\u7528\u6237\u6dfb\u52a0\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8swift\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3a\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230 /etc/swift \u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service","title":"Swift \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#cyborg","text":"Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 \u5b89\u88c5Cyborg yum install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent","title":"Cyborg \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#aodh","text":"\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync \u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service","title":"Aodh \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#gnocchi","text":"\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade \u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service","title":"Gnocchi \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#ceilometer","text":"\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade \u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service","title":"Ceilometer \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#heat","text":"\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service","title":"Heat \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#_4","text":"","title":"\u65b0\u7279\u6027\u7684\u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#neutron_1","text":"\u6d41\u91cf\u5206\u6563\u7279\u6027\u662fOpenStack SIG\u5728openEuler 20.03\u4e2d\u57fa\u4e8eOpenStack Train\u5f00\u53d1\u7684Neutron\u65b0\u7279\u6027\uff0c\u8be5\u7279\u6027\u5141\u8bb8\u7528\u6237\u6307\u5b9a\u8def\u7531\u5668\u6240\u5728\u7684\u7f51\u7edc\u8282\u70b9\uff0c\u540c\u65f6\u8fd8\u63d0\u4f9b\u57fa\u4e8e\u8def\u7531\u5668\u5916\u90e8\u7f51\u5173\u7684\u7aef\u53e3\u8f6c\u53d1\u7684\u529f\u80fd\u3002\u8be5\u7279\u6027\u652f\u6301Neutron\u7684L3 HA\u548cDVR\uff0c\u5177\u4f53\u7ec6\u8282\u53ef\u4ee5\u53c2\u8003 \u7279\u6027\u6587\u6863 \u3002\u672c\u6587\u6863\u4e3b\u8981\u63cf\u8ff0\u5b89\u88c5\u6b65\u9aa4\u3002 \u6309\u7167\u524d\u9762\u7ae0\u8282\u90e8\u7f72\u597d\u4e00\u5957OpenStack\u73af\u5883\uff08\u975e\u5bb9\u5668\uff09\uff0c\u7136\u540e\u5148\u5b89\u88c5plugin\u3002 dnf install -y openstack-neutron-distributed-traffic python3-neutron-lib-distributed-traffic \u914d\u7f6e\u6570\u636e\u5e93 \u672c\u7279\u6027\u5bf9Neutron\u7684\u6570\u636e\u8868\u8fdb\u884c\u4e86\u6269\u5145\uff0c\u56e0\u6b64\u9700\u8981\u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron (CTL) \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/neutron/neutron.conf [DEFAULT] enable_set_route_for_single_port = True network_nodes = network-1,network-2,network-3 router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.PreferredL3AgentRoutersScheduler [network-1] compute_nodes = compute-1 [network-2] compute_nodes = compute-2 [network-3] compute_nodes = compute-3 \u5176\u4e2dnetwork-1\u3001network-2\u548cnetwork-3\u662f\u7f51\u7edc\u8282\u70b9\u7684hostname\uff0ccompute-1\u3001compute-2\u548ccompute-3\u662f\u8ba1\u7b97\u8282\u70b9\u7684hostname\u3002\u6309\u7167\u4e0a\u9762\u8bbe\u7f6e\u7528\u6237\u5728\u521b\u5efa\u591a\u4e2a\u8def\u7531\u5668\u8fde\u63a5\u5230\u540c\u4e00\u5b50\u7f51\u65f6\uff0c\u4f4d\u4e8e\u4e0d\u540c\u8ba1\u7b97\u8282\u70b9\u7684\u865a\u62df\u673a\u7684\u6d41\u91cf\u5c31\u6309\u7167\u914d\u7f6e\u6587\u4ef6\u627e\u5230\u5bf9\u5e94\u7684\u7f51\u7edc\u8282\u70b9\u7684\u8def\u7531\u5668\u3002 \u6253\u5f00\u57fa\u4e8e\u8def\u7531\u5668\u5916\u90e8\u7f51\u5173\u7684\u7aef\u53e3\u8f6c\u53d1\uff08\u53ef\u9009\uff09\u3002\u57fa\u4e8e\u5916\u90e8\u7f51\u5173\u7684\u7aef\u53e3\u8f6c\u53d1\u4e0e\u57fa\u4e8e\u6d6e\u52a8IP\u7684\u7aef\u53e3\u8f6c\u53d1\u4e0d\u80fd\u540c\u65f6\u4f7f\u7528\u3002 vim /etc/neutron/neutron.conf [DEFAULT] service_plugins = router,rg_port_forwarding vim /etc/neutron/l3_agent.ini [agent] extensions = rg_port_forwarding \u91cd\u542f\u76f8\u5173\u670d\u52a1\u3002 systemctl restart neutron-server.service neutron-dhcp-agent.service neutron-l3-agent.service (CTL)","title":"Neutron\u6d41\u91cf\u5206\u6563\u7279\u6027"},{"location":"install/openEuler-21.09/OpenStack-wallaby/","text":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 OpenStack \u7b80\u4ecb \u00b6 OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 21.09 \u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Wallaby \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002 \u7ea6\u5b9a \u00b6 OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron \u51c6\u5907\u73af\u5883 \u00b6 \u73af\u5883\u914d\u7f6e \u00b6 \u914d\u7f6e 21.09 \u5b98\u65b9yum\u6e90\uff0c\u9700\u8981\u542f\u7528EPOL\u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301OpenStack cat << EOF >> /etc/yum.repos.d/21.09-OpenStack_Wallaby.repo [OS] name=OS baseurl=http://repo.openeuler.org/openEuler-21.09/OS/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-21.09/OS/$basearch/RPM-GPG-KEY-openEuler [everything] name=everything baseurl=http://repo.openeuler.org/openEuler-21.09/everything/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-21.09/everything/$basearch/RPM-GPG-KEY-openEuler [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-21.09/EPOL/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-21.09/OS/$basearch/RPM-GPG-KEY-openEuler EOF yum clean all && yum makecache \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute \u5b89\u88c5 SQL DataBase \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef \u5b89\u88c5 RabbitMQ \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5 Memcached \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u5b89\u88c5 OpenStack \u00b6 Keystone \u5b89\u88c5 \u00b6 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Placement\u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a . admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name Nova \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [libvirt] virt_type = qemu (CPT) cpu_mode = custom (CPT) cpu_model = cortex-a72 (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] vim /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } (CPT) \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL) Neutron \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ systemctl enable neutron-l3-agent.service systemctl restart openstack-nova-api.service neutron-server.service (CTL) neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list Cinder \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS\u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list horizon \u5b89\u88c5 \u00b6 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"user\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740 Tempest \u5b89\u88c5 \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Wallaby\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin Ironic \u5b89\u88c5 \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://172.20.19.13:5050/v1 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop transport_url = rabbit://openstack:RABBITPASSWD@controller:5672/ enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:123456@172.20.19.25:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 3\u3001\u914d\u7f6e\u6d88\u606f\u5ea6\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 4\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://control:5000 www_authenticate_uri = http://control:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = control:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True 5\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 6\u3001\u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c 7\u3001\u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\uff1a ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade 8\u3001\u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd deploy ramdisk\u955c\u50cf\u5236\u4f5c W\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528W\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\uff0c\u5982\u4e0b\uff1a \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a w\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 2) ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target Kolla \u5b89\u88c5 \u00b6 Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 21.09\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002 Trove \u5b89\u88c5 \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 ```shell script yum install openstack-trove python-troveclient 2. \u914d\u7f6e`trove.conf` ```shell script vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] project_domain_name = Default project_name = service user_domain_name = Default password = trove username = trove auth_url = http://controller:5000/v3/ auth_type = password [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = trove project_domain_name = Default user_domain_name = Default username = trove [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 \u914d\u7f6e trove-guestagent.conf ```shell script vim /etc/trove/trove-guestagent.conf [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 **\u89e3\u91ca\uff1a** `guestagent`\u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 **\u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002** - `transport_url` \u4e3a`RabbitMQ`\u8fde\u63a5\u4fe1\u606f\uff0c`RABBIT_PASS`\u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d`TROVE_PASS`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 6. \u751f\u6210\u6570\u636e`Trove`\u6570\u636e\u5e93\u8868 ```shell script su -s /bin/sh -c \"trove-manage db_sync\" trove 4. \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e 1. \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 ```shell script systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2. \u542f\u52a8\u670d\u52a1 ```shell script systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Swift \u5b89\u88c5 \u00b6 Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #admin\u4e3aswift\u7528\u6237\u6dfb\u52a0\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8swift\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3a\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230 /etc/swift \u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service","title":"openEuler-21.09_Wallaby"},{"location":"install/openEuler-21.09/OpenStack-wallaby/#openstack-wallaby","text":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5","title":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-21.09/OpenStack-wallaby/#openstack","text":"OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 21.09 \u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Wallaby \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002","title":"OpenStack \u7b80\u4ecb"},{"location":"install/openEuler-21.09/OpenStack-wallaby/#_1","text":"OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron","title":"\u7ea6\u5b9a"},{"location":"install/openEuler-21.09/OpenStack-wallaby/#_2","text":"","title":"\u51c6\u5907\u73af\u5883"},{"location":"install/openEuler-21.09/OpenStack-wallaby/#_3","text":"\u914d\u7f6e 21.09 \u5b98\u65b9yum\u6e90\uff0c\u9700\u8981\u542f\u7528EPOL\u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301OpenStack cat << EOF >> /etc/yum.repos.d/21.09-OpenStack_Wallaby.repo [OS] name=OS baseurl=http://repo.openeuler.org/openEuler-21.09/OS/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-21.09/OS/$basearch/RPM-GPG-KEY-openEuler [everything] name=everything baseurl=http://repo.openeuler.org/openEuler-21.09/everything/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-21.09/everything/$basearch/RPM-GPG-KEY-openEuler [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-21.09/EPOL/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-21.09/OS/$basearch/RPM-GPG-KEY-openEuler EOF yum clean all && yum makecache \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute","title":"\u73af\u5883\u914d\u7f6e"},{"location":"install/openEuler-21.09/OpenStack-wallaby/#sql-database","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef","title":"\u5b89\u88c5 SQL DataBase"},{"location":"install/openEuler-21.09/OpenStack-wallaby/#rabbitmq","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5 RabbitMQ"},{"location":"install/openEuler-21.09/OpenStack-wallaby/#memcached","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002","title":"\u5b89\u88c5 Memcached"},{"location":"install/openEuler-21.09/OpenStack-wallaby/#openstack_1","text":"","title":"\u5b89\u88c5 OpenStack"},{"location":"install/openEuler-21.09/OpenStack-wallaby/#keystone","text":"\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone \u5b89\u88c5"},{"location":"install/openEuler-21.09/OpenStack-wallaby/#glance","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance \u5b89\u88c5"},{"location":"install/openEuler-21.09/OpenStack-wallaby/#placement","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a . admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name","title":"Placement\u5b89\u88c5"},{"location":"install/openEuler-21.09/OpenStack-wallaby/#nova","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [libvirt] virt_type = qemu (CPT) cpu_mode = custom (CPT) cpu_model = cortex-a72 (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] vim /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } (CPT) \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL)","title":"Nova \u5b89\u88c5"},{"location":"install/openEuler-21.09/OpenStack-wallaby/#neutron","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ systemctl enable neutron-l3-agent.service systemctl restart openstack-nova-api.service neutron-server.service (CTL) neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list","title":"Neutron \u5b89\u88c5"},{"location":"install/openEuler-21.09/OpenStack-wallaby/#cinder","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS\u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list","title":"Cinder \u5b89\u88c5"},{"location":"install/openEuler-21.09/OpenStack-wallaby/#horizon","text":"\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"user\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740","title":"horizon \u5b89\u88c5"},{"location":"install/openEuler-21.09/OpenStack-wallaby/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Wallaby\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin","title":"Tempest \u5b89\u88c5"},{"location":"install/openEuler-21.09/OpenStack-wallaby/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://172.20.19.13:5050/v1 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop transport_url = rabbit://openstack:RABBITPASSWD@controller:5672/ enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:123456@172.20.19.25:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 3\u3001\u914d\u7f6e\u6d88\u606f\u5ea6\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 4\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://control:5000 www_authenticate_uri = http://control:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = control:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True 5\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 6\u3001\u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c 7\u3001\u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\uff1a ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade 8\u3001\u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd deploy ramdisk\u955c\u50cf\u5236\u4f5c W\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528W\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\uff0c\u5982\u4e0b\uff1a \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a w\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 2) ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target","title":"Ironic \u5b89\u88c5"},{"location":"install/openEuler-21.09/OpenStack-wallaby/#kolla","text":"Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 21.09\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002","title":"Kolla \u5b89\u88c5"},{"location":"install/openEuler-21.09/OpenStack-wallaby/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 ```shell script yum install openstack-trove python-troveclient 2. \u914d\u7f6e`trove.conf` ```shell script vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] project_domain_name = Default project_name = service user_domain_name = Default password = trove username = trove auth_url = http://controller:5000/v3/ auth_type = password [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = trove project_domain_name = Default user_domain_name = Default username = trove [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 \u914d\u7f6e trove-guestagent.conf ```shell script vim /etc/trove/trove-guestagent.conf [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 **\u89e3\u91ca\uff1a** `guestagent`\u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 **\u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002** - `transport_url` \u4e3a`RabbitMQ`\u8fde\u63a5\u4fe1\u606f\uff0c`RABBIT_PASS`\u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d`TROVE_PASS`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 6. \u751f\u6210\u6570\u636e`Trove`\u6570\u636e\u5e93\u8868 ```shell script su -s /bin/sh -c \"trove-manage db_sync\" trove 4. \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e 1. \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 ```shell script systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2. \u542f\u52a8\u670d\u52a1 ```shell script systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove \u5b89\u88c5"},{"location":"install/openEuler-21.09/OpenStack-wallaby/#swift","text":"Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #admin\u4e3aswift\u7528\u6237\u6dfb\u52a0\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8swift\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3a\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230 /etc/swift \u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service","title":"Swift \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/","text":"OpenStack-Train \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack-Train \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 OpenStack \u7b80\u4ecb \u00b6 OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 22.03-LTS\u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Train \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002 \u7ea6\u5b9a \u00b6 OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron \u51c6\u5907\u73af\u5883 \u00b6 \u73af\u5883\u914d\u7f6e \u00b6 \u542f\u52a8OpenStack Train yum\u6e90 yum update yum install openstack-release-train yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.03-LTS/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.03-LTS/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute \u5b89\u88c5 SQL DataBase \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef \u5b89\u88c5 RabbitMQ \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5 Memcached \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u5b89\u88c5 OpenStack \u00b6 Keystone \u5b89\u88c5 \u00b6 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Placement\u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a . admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name Nova \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) logdir = /var/log/nova/ (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u5219 virt_type \u53ef\u4ee5\u914d\u7f6e\u4e3a kvm \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF chown nova:nova /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u5e76\u4e14\u5f53ARM\u67b6\u6784\u4e0b\u7684\u90e8\u7f72\u73af\u5883\u4e3a\u5d4c\u5957\u865a\u62df\u5316\u65f6\uff0c libvirt \u914d\u7f6e\u5982\u4e0b\uff1a [libvirt] virt_type = qemu cpu_mode = custom cpu_model = cortex-a72 \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CTL) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL) Neutron \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl restart neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list Cinder \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list horizon \u5b89\u88c5 \u00b6 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740 Tempest \u5b89\u88c5 \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Train\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin Ironic \u5b89\u88c5 \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; 2. \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u542f\u52a8\u670d\u52a1 systemctl enable openstack-ironic-api openstack-ironic-conductor systemctl start openstack-ironic-api openstack-ironic-conductor \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y 2. \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7. deploy ramdisk\u955c\u50cf\u5236\u4f5c T\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528T\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728T\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a T\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target \u5728Train\u4e2d\uff0c\u6211\u4eec\u8fd8\u63d0\u4f9b\u4e86ironic-inspector\u7b49\u670d\u52a1\uff0c\u7528\u6237\u53ef\u6839\u636e\u81ea\u8eab\u9700\u6c42\u5b89\u88c5\u3002 Kolla \u5b89\u88c5 \u00b6 Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u8fdb\u884c\u76f8\u5173\u7684\u955c\u50cf\u5236\u4f5c\u548c\u5bb9\u5668\u73af\u5883\u90e8\u7f72\u4e86\u3002 Trove \u5b89\u88c5 \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --domain default --password-prompt trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 ``shell script yum install openstack-trove python3-troveclient 2. \u914d\u7f6e`trove.conf` ```shell script vim /etc/trove/trove.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller:5000/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 swift_url = http://controller:8080/v1/AUTH_ rpc_backend = rabbit transport_url = rabbit://openstack:RABBIT_PASS@controller:5672 auth_strategy = keystone add_addresses = True api_paste_config = /etc/trove/api-paste.ini nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASSWORD nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver = trove.network.neutron.NeutronDriver network_label_regex = .* [database] connection = mysql+pymysql://trove:TROVE_DBPASSWORD@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ auth_type = password project_domain_name = default user_domain_name = default project_name = service username = trove password = TROVE_PASSWORD **\u89e3\u91ca\uff1a** - [Default] \u5206\u7ec4\u4e2d nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint - nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b - transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 \u914d\u7f6e trove-guestagent.conf ```shell script vim /etc/trove/trove-guestagent.conf rabbit_host = controller rabbit_password = RABBIT_PASS trove_auth_url = http://controller:5000/ **\u89e3\u91ca\uff1a** `guestagent`\u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 **\u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002** - `RABBIT_PASS`\u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 4. \u751f\u6210\u6570\u636e`Trove`\u6570\u636e\u5e93\u8868 ```shell script su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 ```shell script systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2. \u542f\u52a8\u670d\u52a1 ```shell script systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Swift \u5b89\u88c5 \u00b6 Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service Cyborg \u5b89\u88c5 \u00b6 Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 \u5b89\u88c5Cyborg yum install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent Aodh \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync \u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service Gnocchi \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade \u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service Ceilometer \u5b89\u88c5 \u00b6 \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade \u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Heat \u5b89\u88c5 \u00b6 \u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 \u00b6 oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 pip install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.03-LTS\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.03-lts -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r train \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.03-lts -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"openEuler-22.03-LTS_Train"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#openstack-train","text":"OpenStack-Train \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72","title":"OpenStack-Train \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#openstack","text":"OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 22.03-LTS\u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Train \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002","title":"OpenStack \u7b80\u4ecb"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#_1","text":"OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron","title":"\u7ea6\u5b9a"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#_2","text":"","title":"\u51c6\u5907\u73af\u5883"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#_3","text":"\u542f\u52a8OpenStack Train yum\u6e90 yum update yum install openstack-release-train yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.03-LTS/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.03-LTS/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute","title":"\u73af\u5883\u914d\u7f6e"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#sql-database","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef","title":"\u5b89\u88c5 SQL DataBase"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#rabbitmq","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5 RabbitMQ"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#memcached","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002","title":"\u5b89\u88c5 Memcached"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#openstack_1","text":"","title":"\u5b89\u88c5 OpenStack"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#keystone","text":"\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#glance","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#placement","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a . admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name","title":"Placement\u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#nova","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) logdir = /var/log/nova/ (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u5219 virt_type \u53ef\u4ee5\u914d\u7f6e\u4e3a kvm \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF chown nova:nova /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u5e76\u4e14\u5f53ARM\u67b6\u6784\u4e0b\u7684\u90e8\u7f72\u73af\u5883\u4e3a\u5d4c\u5957\u865a\u62df\u5316\u65f6\uff0c libvirt \u914d\u7f6e\u5982\u4e0b\uff1a [libvirt] virt_type = qemu cpu_mode = custom cpu_model = cortex-a72 \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CTL) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL)","title":"Nova \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#neutron","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl restart neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list","title":"Neutron \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#cinder","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list","title":"Cinder \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#horizon","text":"\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740","title":"horizon \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Train\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin","title":"Tempest \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; 2. \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u542f\u52a8\u670d\u52a1 systemctl enable openstack-ironic-api openstack-ironic-conductor systemctl start openstack-ironic-api openstack-ironic-conductor \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y 2. \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7. deploy ramdisk\u955c\u50cf\u5236\u4f5c T\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528T\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728T\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a T\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target \u5728Train\u4e2d\uff0c\u6211\u4eec\u8fd8\u63d0\u4f9b\u4e86ironic-inspector\u7b49\u670d\u52a1\uff0c\u7528\u6237\u53ef\u6839\u636e\u81ea\u8eab\u9700\u6c42\u5b89\u88c5\u3002","title":"Ironic \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#kolla","text":"Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u8fdb\u884c\u76f8\u5173\u7684\u955c\u50cf\u5236\u4f5c\u548c\u5bb9\u5668\u73af\u5883\u90e8\u7f72\u4e86\u3002","title":"Kolla \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --domain default --password-prompt trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 ``shell script yum install openstack-trove python3-troveclient 2. \u914d\u7f6e`trove.conf` ```shell script vim /etc/trove/trove.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller:5000/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 swift_url = http://controller:8080/v1/AUTH_ rpc_backend = rabbit transport_url = rabbit://openstack:RABBIT_PASS@controller:5672 auth_strategy = keystone add_addresses = True api_paste_config = /etc/trove/api-paste.ini nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASSWORD nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver = trove.network.neutron.NeutronDriver network_label_regex = .* [database] connection = mysql+pymysql://trove:TROVE_DBPASSWORD@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ auth_type = password project_domain_name = default user_domain_name = default project_name = service username = trove password = TROVE_PASSWORD **\u89e3\u91ca\uff1a** - [Default] \u5206\u7ec4\u4e2d nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint - nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b - transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 \u914d\u7f6e trove-guestagent.conf ```shell script vim /etc/trove/trove-guestagent.conf rabbit_host = controller rabbit_password = RABBIT_PASS trove_auth_url = http://controller:5000/ **\u89e3\u91ca\uff1a** `guestagent`\u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 **\u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002** - `RABBIT_PASS`\u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 4. \u751f\u6210\u6570\u636e`Trove`\u6570\u636e\u5e93\u8868 ```shell script su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 ```shell script systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2. \u542f\u52a8\u670d\u52a1 ```shell script systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#swift","text":"Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service","title":"Swift \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#cyborg","text":"Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 \u5b89\u88c5Cyborg yum install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent","title":"Cyborg \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#aodh","text":"\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync \u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service","title":"Aodh \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#gnocchi","text":"\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade \u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service","title":"Gnocchi \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#ceilometer","text":"\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade \u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service","title":"Ceilometer \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#heat","text":"\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service","title":"Heat \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#openstack-sigoos","text":"oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 pip install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.03-LTS\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.03-lts -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r train \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.03-lts -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"\u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/","text":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 OpenStack \u7b80\u4ecb \u00b6 OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 22.03 LTS \u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Wallaby \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002 \u7ea6\u5b9a \u00b6 OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron \u51c6\u5907\u73af\u5883 \u00b6 \u73af\u5883\u914d\u7f6e \u00b6 \u914d\u7f6e 22.03 LTS \u5b98\u65b9yum\u6e90\uff0c\u9700\u8981\u542f\u7528EPOL\u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301OpenStack yum update yum install openstack-release-wallaby yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.03-LTS/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.03-LTS/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute \u5b89\u88c5 SQL DataBase \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef \u5b89\u88c5 RabbitMQ \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5 Memcached \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u5b89\u88c5 OpenStack \u00b6 Keystone \u5b89\u88c5 \u00b6 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Placement\u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a . admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name Nova \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [libvirt] virt_type = qemu (CPT) cpu_mode = custom (CPT) cpu_model = cortex-a72 (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] vim /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } (CPT) \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL) Neutron \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ systemctl enable neutron-l3-agent.service systemctl restart openstack-nova-api.service neutron-server.service (CTL) neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list Cinder \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list horizon \u5b89\u88c5 \u00b6 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740 Tempest \u5b89\u88c5 \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Wallaby\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin Ironic \u5b89\u88c5 \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://172.20.19.13:5050/v1 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop transport_url = rabbit://openstack:RABBITPASSWD@controller:5672/ enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:123456@172.20.19.25:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 3\u3001\u914d\u7f6e\u6d88\u606f\u5ea6\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 4\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://control:5000 www_authenticate_uri = http://control:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = control:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True 5\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 6\u3001\u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c 7\u3001\u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\uff1a ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade 8\u3001\u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd deploy ramdisk\u955c\u50cf\u5236\u4f5c W\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528W\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\uff0c\u5982\u4e0b\uff1a \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a ![ironic-err](../../img/install/ironic-err.png) \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a w\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 1. \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a ``` [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ``` 2) ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 ``` [DEFAULT] enable_auto_tls = False ``` \u8bbe\u7f6e\u6743\u9650\uff1a ``` chown -R ipa.ipa /etc/ironic_python_agent/ ``` 3. \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service ``` [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target ``` Kolla \u5b89\u88c5 \u00b6 Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 22.03 LTS\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002 Trove \u5b89\u88c5 \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 ``shell script yum install openstack-trove python-troveclient 2. \u914d\u7f6e`trove.conf` ```shell script vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] project_domain_name = Default project_name = service user_domain_name = Default password = trove username = trove auth_url = http://controller:5000/v3/ auth_type = password [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = trove project_domain_name = Default user_domain_name = Default username = trove [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 **\u89e3\u91ca\uff1a** - [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP - nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint - nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b - transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 \u914d\u7f6e trove-guestagent.conf ```shell script vim /etc/trove/trove-guestagent.conf [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 **\u89e3\u91ca\uff1a** `guestagent`\u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 **\u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002** - `transport_url` \u4e3a`RabbitMQ`\u8fde\u63a5\u4fe1\u606f\uff0c`RABBIT_PASS`\u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d`TROVE_PASS`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 6. \u751f\u6210\u6570\u636e`Trove`\u6570\u636e\u5e93\u8868 ```shell script su -s /bin/sh -c \"trove-manage db_sync\" trove 4. \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e 1. \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 ```shell script systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2. \u542f\u52a8\u670d\u52a1 ```shell script systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Swift \u5b89\u88c5 \u00b6 Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service Cyborg \u5b89\u88c5 \u00b6 Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 \u5b89\u88c5Cyborg yum install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent Aodh \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u6ce8\u610f aodh\u4f9d\u8d56\u7684\u8f6f\u4ef6\u5305pytho3-pyparsing\u5728openEuler\u7684OS\u4ed3\u4e0d\u9002\u914d\uff0c\u9700\u8981\u8986\u76d6\u5b89\u88c5OpenStack\u5bf9\u5e94\u7248\u672c\uff0c\u53ef\u4ee5\u4f7f\u7528 yum list |grep pyparsing |grep OpenStack | awk '{print $2}' \u83b7\u53d6\u5bf9\u5e94\u7684\u7248\u672c VERSION,\u7136\u540e\u518d yum install -y python3-pyparsing-VERSION \u8986\u76d6\u5b89\u88c5\u9002\u914d\u7684pyparsing \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync \u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service Gnocchi \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade \u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service Ceilometer \u5b89\u88c5 \u00b6 \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade \u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Heat \u5b89\u88c5 \u00b6 \u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 \u00b6 oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 pip install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.03-LTS\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.03-lts -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r wallaby \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.03-lts -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"openEuler-22.03-LTS_Wallaby"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#openstack-wallaby","text":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72","title":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#openstack","text":"OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 22.03 LTS \u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Wallaby \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002","title":"OpenStack \u7b80\u4ecb"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#_1","text":"OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron","title":"\u7ea6\u5b9a"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#_2","text":"","title":"\u51c6\u5907\u73af\u5883"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#_3","text":"\u914d\u7f6e 22.03 LTS \u5b98\u65b9yum\u6e90\uff0c\u9700\u8981\u542f\u7528EPOL\u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301OpenStack yum update yum install openstack-release-wallaby yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.03-LTS/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.03-LTS/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute","title":"\u73af\u5883\u914d\u7f6e"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#sql-database","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef","title":"\u5b89\u88c5 SQL DataBase"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#rabbitmq","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5 RabbitMQ"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#memcached","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002","title":"\u5b89\u88c5 Memcached"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#openstack_1","text":"","title":"\u5b89\u88c5 OpenStack"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#keystone","text":"\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#glance","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#placement","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a . admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name","title":"Placement\u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#nova","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [libvirt] virt_type = qemu (CPT) cpu_mode = custom (CPT) cpu_model = cortex-a72 (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] vim /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } (CPT) \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL)","title":"Nova \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#neutron","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ systemctl enable neutron-l3-agent.service systemctl restart openstack-nova-api.service neutron-server.service (CTL) neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list","title":"Neutron \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#cinder","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list","title":"Cinder \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#horizon","text":"\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740","title":"horizon \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Wallaby\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin","title":"Tempest \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://172.20.19.13:5050/v1 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop transport_url = rabbit://openstack:RABBITPASSWD@controller:5672/ enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:123456@172.20.19.25:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 3\u3001\u914d\u7f6e\u6d88\u606f\u5ea6\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 4\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://control:5000 www_authenticate_uri = http://control:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = control:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True 5\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 6\u3001\u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c 7\u3001\u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\uff1a ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade 8\u3001\u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd deploy ramdisk\u955c\u50cf\u5236\u4f5c W\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528W\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\uff0c\u5982\u4e0b\uff1a \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a ![ironic-err](../../img/install/ironic-err.png) \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a w\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 1. \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a ``` [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ``` 2) ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 ``` [DEFAULT] enable_auto_tls = False ``` \u8bbe\u7f6e\u6743\u9650\uff1a ``` chown -R ipa.ipa /etc/ironic_python_agent/ ``` 3. \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service ``` [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target ```","title":"Ironic \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#kolla","text":"Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 22.03 LTS\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002","title":"Kolla \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 ``shell script yum install openstack-trove python-troveclient 2. \u914d\u7f6e`trove.conf` ```shell script vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] project_domain_name = Default project_name = service user_domain_name = Default password = trove username = trove auth_url = http://controller:5000/v3/ auth_type = password [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = trove project_domain_name = Default user_domain_name = Default username = trove [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 **\u89e3\u91ca\uff1a** - [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP - nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint - nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b - transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 \u914d\u7f6e trove-guestagent.conf ```shell script vim /etc/trove/trove-guestagent.conf [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 **\u89e3\u91ca\uff1a** `guestagent`\u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 **\u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002** - `transport_url` \u4e3a`RabbitMQ`\u8fde\u63a5\u4fe1\u606f\uff0c`RABBIT_PASS`\u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d`TROVE_PASS`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 6. \u751f\u6210\u6570\u636e`Trove`\u6570\u636e\u5e93\u8868 ```shell script su -s /bin/sh -c \"trove-manage db_sync\" trove 4. \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e 1. \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 ```shell script systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2. \u542f\u52a8\u670d\u52a1 ```shell script systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#swift","text":"Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service","title":"Swift \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#cyborg","text":"Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 \u5b89\u88c5Cyborg yum install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent","title":"Cyborg \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#aodh","text":"\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u6ce8\u610f aodh\u4f9d\u8d56\u7684\u8f6f\u4ef6\u5305pytho3-pyparsing\u5728openEuler\u7684OS\u4ed3\u4e0d\u9002\u914d\uff0c\u9700\u8981\u8986\u76d6\u5b89\u88c5OpenStack\u5bf9\u5e94\u7248\u672c\uff0c\u53ef\u4ee5\u4f7f\u7528 yum list |grep pyparsing |grep OpenStack | awk '{print $2}' \u83b7\u53d6\u5bf9\u5e94\u7684\u7248\u672c VERSION,\u7136\u540e\u518d yum install -y python3-pyparsing-VERSION \u8986\u76d6\u5b89\u88c5\u9002\u914d\u7684pyparsing \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync \u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service","title":"Aodh \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#gnocchi","text":"\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade \u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service","title":"Gnocchi \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#ceilometer","text":"\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade \u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service","title":"Ceilometer \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#heat","text":"\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service","title":"Heat \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#openstack-sigoos","text":"oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 pip install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.03-LTS\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.03-lts -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r wallaby \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.03-lts -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"\u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/","text":"OpenStack-Train \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack-Train \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 \u57fa\u4e8eOpenStack SIG\u90e8\u7f72\u5de5\u5177opensd\u90e8\u7f72 \u90e8\u7f72\u6b65\u9aa4 1. \u90e8\u7f72\u524d\u9700\u8981\u786e\u8ba4\u7684\u4fe1\u606f 2. ceph pool\u4e0e\u8ba4\u8bc1\u521b\u5efa\uff08\u53ef\u9009\uff09 2.1 \u521b\u5efapool: 2.2 \u521d\u59cb\u5316pool 2.3 \u521b\u5efa\u7528\u6237\u8ba4\u8bc1 3. \u914d\u7f6elvm\uff08\u53ef\u9009\uff09 4. \u914d\u7f6eyum repo 4.1 \u5907\u4efdyum\u6e90 4.2 \u914d\u7f6eyum repo 4.3 \u66f4\u65b0yum\u7f13\u5b58 5. \u5b89\u88c5opensd 5.1 \u514b\u9686opensd\u6e90\u7801\u5e76\u5b89\u88c5 6. \u505assh\u4e92\u4fe1 6.1 \u751f\u6210\u5bc6\u94a5\u5bf9 6.2 \u751f\u6210\u4e3b\u673aIP\u5730\u5740\u6587\u4ef6 6.3 \u66f4\u6539\u5bc6\u7801\u5e76\u6267\u884c\u811a\u672c 6.4 \u90e8\u7f72\u8282\u70b9\u4e0eceph monitor\u505a\u4e92\u4fe1\uff08\u53ef\u9009\uff09 7. \u914d\u7f6eopensd 7.1 \u751f\u6210\u968f\u673a\u5bc6\u7801 7.2 \u914d\u7f6einventory\u6587\u4ef6 7.3 \u914d\u7f6e\u5168\u5c40\u53d8\u91cf 7.4 \u68c0\u67e5\u6240\u6709\u8282\u70b9ssh\u8fde\u63a5\u72b6\u6001 8. \u6267\u884c\u90e8\u7f72 8.1 \u6267\u884cbootstrap 8.2 \u91cd\u542f\u670d\u52a1\u5668 8.3 \u6267\u884c\u90e8\u7f72\u524d\u68c0\u67e5 8.4 \u6267\u884c\u90e8\u7f72 OpenStack \u7b80\u4ecb \u00b6 OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 22.03-LTS-SP1\u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Train \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002 \u7ea6\u5b9a \u00b6 OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron \u51c6\u5907\u73af\u5883 \u00b6 \u73af\u5883\u914d\u7f6e \u00b6 \u542f\u52a8OpenStack Train yum\u6e90 yum update yum install openstack-release-train yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP1/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.03-LTS-SP1/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute \u5b89\u88c5 SQL DataBase \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef \u5b89\u88c5 RabbitMQ \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5 Memcached \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u5b89\u88c5 OpenStack \u00b6 Keystone \u5b89\u88c5 \u00b6 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient==4.0.2 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Placement\u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a . admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name Nova \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u5219 virt_type \u53ef\u4ee5\u914d\u7f6e\u4e3a kvm \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF chown nova:nova /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u5e76\u4e14\u5f53ARM\u67b6\u6784\u4e0b\u7684\u90e8\u7f72\u73af\u5883\u4e3a\u5d4c\u5957\u865a\u62df\u5316\u65f6\uff0c libvirt \u914d\u7f6e\u5982\u4e0b\uff1a [libvirt] virt_type = qemu cpu_mode = custom cpu_model = cortex-a72 \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CTL) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL) Neutron \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl restart neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list Cinder \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list horizon \u5b89\u88c5 \u00b6 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740 Tempest \u5b89\u88c5 \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Train\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin Ironic \u5b89\u88c5 \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; 2. \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u542f\u52a8\u670d\u52a1 systemctl enable openstack-ironic-api openstack-ironic-conductor systemctl start openstack-ironic-api openstack-ironic-conductor \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y 2. \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7. deploy ramdisk\u955c\u50cf\u5236\u4f5c T\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528T\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728T\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a T\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target \u5728Train\u4e2d\uff0c\u6211\u4eec\u8fd8\u63d0\u4f9b\u4e86ironic-inspector\u7b49\u670d\u52a1\uff0c\u7528\u6237\u53ef\u6839\u636e\u81ea\u8eab\u9700\u6c42\u5b89\u88c5\u3002 Kolla \u5b89\u88c5 \u00b6 Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u8fdb\u884c\u76f8\u5173\u7684\u955c\u50cf\u5236\u4f5c\u548c\u5bb9\u5668\u73af\u5883\u90e8\u7f72\u4e86\u3002 Trove \u5b89\u88c5 \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --domain default --password-prompt trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 ``shell script yum install openstack-trove python3-troveclient 2. \u914d\u7f6e`trove.conf` ```shell script vim /etc/trove/trove.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller:5000/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 swift_url = http://controller:8080/v1/AUTH_ rpc_backend = rabbit transport_url = rabbit://openstack:RABBIT_PASS@controller:5672 auth_strategy = keystone add_addresses = True api_paste_config = /etc/trove/api-paste.ini nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASSWORD nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver = trove.network.neutron.NeutronDriver network_label_regex = .* [database] connection = mysql+pymysql://trove:TROVE_DBPASSWORD@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ auth_type = password project_domain_name = default user_domain_name = default project_name = service username = trove password = TROVE_PASSWORD **\u89e3\u91ca\uff1a** - [Default] \u5206\u7ec4\u4e2d nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint - nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b - transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 \u914d\u7f6e trove-guestagent.conf ```shell script vim /etc/trove/trove-guestagent.conf rabbit_host = controller rabbit_password = RABBIT_PASS trove_auth_url = http://controller:5000/ **\u89e3\u91ca\uff1a** `guestagent`\u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 **\u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002** - `RABBIT_PASS`\u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 4. \u751f\u6210\u6570\u636e`Trove`\u6570\u636e\u5e93\u8868 ```shell script su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 ```shell script systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2. \u542f\u52a8\u670d\u52a1 ```shell script systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Swift \u5b89\u88c5 \u00b6 Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service Cyborg \u5b89\u88c5 \u00b6 Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 \u5b89\u88c5Cyborg yum install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent Aodh \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync \u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service Gnocchi \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade \u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service Ceilometer \u5b89\u88c5 \u00b6 \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade \u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Heat \u5b89\u88c5 \u00b6 \u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 \u00b6 oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 pip install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.03-LTS-SP1\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.03-lts-sp1 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r train \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.03-lts-sp1 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002 \u57fa\u4e8eOpenStack SIG\u90e8\u7f72\u5de5\u5177opensd\u90e8\u7f72 \u00b6 opensd\u7528\u4e8e\u6279\u91cf\u5730\u811a\u672c\u5316\u90e8\u7f72openstack\u5404\u7ec4\u4ef6\u670d\u52a1\u3002 \u90e8\u7f72\u6b65\u9aa4 \u00b6 1. \u90e8\u7f72\u524d\u9700\u8981\u786e\u8ba4\u7684\u4fe1\u606f \u00b6 \u88c5\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u9700\u5c06selinux\u8bbe\u7f6e\u4e3adisable \u88c5\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u5c06/etc/ssh/sshd_config\u914d\u7f6e\u6587\u4ef6\u5185\u7684UseDNS\u8bbe\u7f6e\u4e3ano \u64cd\u4f5c\u7cfb\u7edf\u8bed\u8a00\u5fc5\u987b\u8bbe\u7f6e\u4e3a\u82f1\u6587 \u90e8\u7f72\u4e4b\u524d\u8bf7\u786e\u4fdd\u6240\u6709\u8ba1\u7b97\u8282\u70b9/etc/hosts\u6587\u4ef6\u5185\u6ca1\u6709\u5bf9\u8ba1\u7b97\u4e3b\u673a\u7684\u89e3\u6790 2. ceph pool\u4e0e\u8ba4\u8bc1\u521b\u5efa\uff08\u53ef\u9009\uff09 \u00b6 \u4e0d\u4f7f\u7528ceph\u6216\u5df2\u6709ceph\u96c6\u7fa4\u53ef\u5ffd\u7565\u6b64\u6b65\u9aa4 \u5728\u4efb\u610f\u4e00\u53f0ceph monitor\u8282\u70b9\u6267\u884c: 2.1 \u521b\u5efapool: \u00b6 ceph osd pool create volumes 2048 ceph osd pool create images 2048 2.2 \u521d\u59cb\u5316pool \u00b6 rbd pool init volumes rbd pool init images 2.3 \u521b\u5efa\u7528\u6237\u8ba4\u8bc1 \u00b6 ceph auth get-or-create client.glance mon 'profile rbd' osd 'profile rbd pool=images' mgr 'profile rbd pool=images' ceph auth get-or-create client.cinder mon 'profile rbd' osd 'profile rbd pool=volumes, profile rbd pool=images' mgr 'profile rbd pool=volumes' 3. \u914d\u7f6elvm\uff08\u53ef\u9009\uff09 \u00b6 \u6839\u636e\u7269\u7406\u673a\u78c1\u76d8\u914d\u7f6e\u4e0e\u95f2\u7f6e\u60c5\u51b5\uff0c\u4e3amysql\u6570\u636e\u76ee\u5f55\u6302\u8f7d\u989d\u5916\u7684\u78c1\u76d8\u7a7a\u95f4\u3002\u793a\u4f8b\u5982\u4e0b\uff08\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u505a\u914d\u7f6e\uff09\uff1a fdisk -l Disk /dev/sdd: 479.6 GB, 479559942144 bytes, 936640512 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes Disk label type: dos Disk identifier: 0x000ed242 \u521b\u5efa\u5206\u533a parted /dev/sdd mkparted 0 -1 \u521b\u5efapv partprobe /dev/sdd1 pvcreate /dev/sdd1 \u521b\u5efa\u3001\u6fc0\u6d3bvg vgcreate vg_mariadb /dev/sdd1 vgchange -ay vg_mariadb \u67e5\u770bvg\u5bb9\u91cf vgdisplay --- Volume group --- VG Name vg_mariadb System ID Format lvm2 Metadata Areas 1 Metadata Sequence No 2 VG Access read/write VG Status resizable MAX LV 0 Cur LV 1 Open LV 1 Max PV 0 Cur PV 1 Act PV 1 VG Size 446.62 GiB PE Size 4.00 MiB Total PE 114335 Alloc PE / Size 114176 / 446.00 GiB Free PE / Size 159 / 636.00 MiB VG UUID bVUmDc-VkMu-Vi43-mg27-TEkG-oQfK-TvqdEc \u521b\u5efalv lvcreate -L 446G -n lv_mariadb vg_mariadb \u683c\u5f0f\u5316\u78c1\u76d8\u5e76\u83b7\u53d6\u5377\u7684UUID mkfs.ext4 /dev/mapper/vg_mariadb-lv_mariadb blkid /dev/mapper/vg_mariadb-lv_mariadb /dev/mapper/vg_mariadb-lv_mariadb: UUID=\"98d513eb-5f64-4aa5-810e-dc7143884fa2\" TYPE=\"ext4\" \u6ce8\uff1a98d513eb-5f64-4aa5-810e-dc7143884fa2\u4e3a\u5377\u7684UUID \u6302\u8f7d\u78c1\u76d8 mount /dev/mapper/vg_mariadb-lv_mariadb /var/lib/mysql rm -rf /var/lib/mysql/* 4. \u914d\u7f6eyum repo \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 4.1 \u5907\u4efdyum\u6e90 \u00b6 mkdir /etc/yum.repos.d/bak/ mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak/ 4.2 \u914d\u7f6eyum repo \u00b6 cat > /etc/yum.repos.d/opensd.repo << EOF [train] name=train baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP1:/Epol:/Multi-Version:/OpenStack:/Train/standard_$basearch/ enabled=1 gpgcheck=0 [epol] name=epol baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP1:/Epol/standard_$basearch/ enabled=1 gpgcheck=0 [everything] name=everything baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP1/standard_$basearch/ enabled=1 gpgcheck=0 EOF 4.3 \u66f4\u65b0yum\u7f13\u5b58 \u00b6 yum clean all yum makecache 5. \u5b89\u88c5opensd \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 5.1 \u514b\u9686opensd\u6e90\u7801\u5e76\u5b89\u88c5 \u00b6 git clone https://gitee.com/openeuler/opensd cd opensd python3 setup.py install 6. \u505assh\u4e92\u4fe1 \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 6.1 \u751f\u6210\u5bc6\u94a5\u5bf9 \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\u5e76\u4e00\u8def\u56de\u8f66 ssh-keygen 6.2 \u751f\u6210\u4e3b\u673aIP\u5730\u5740\u6587\u4ef6 \u00b6 \u5728auto_ssh_host_ip\u4e2d\u914d\u7f6e\u6240\u6709\u7528\u5230\u7684\u4e3b\u673aip, \u793a\u4f8b\uff1a cd /usr/local/share/opensd/tools/ vim auto_ssh_host_ip 10.0.0.1 10.0.0.2 ... 10.0.0.10 6.3 \u66f4\u6539\u5bc6\u7801\u5e76\u6267\u884c\u811a\u672c \u00b6 \u5c06\u514d\u5bc6\u811a\u672c /usr/local/bin/opensd-auto-ssh \u5185123123\u66ff\u6362\u4e3a\u4e3b\u673a\u771f\u5b9e\u5bc6\u7801 # \u66ff\u6362\u811a\u672c\u5185123123\u5b57\u7b26\u4e32 vim /usr/local/bin/opensd-auto-ssh ## \u5b89\u88c5expect\u540e\u6267\u884c\u811a\u672c dnf install expect -y opensd-auto-ssh 6.4 \u90e8\u7f72\u8282\u70b9\u4e0eceph monitor\u505a\u4e92\u4fe1\uff08\u53ef\u9009\uff09 \u00b6 ssh-copy-id root@x.x.x.x 7. \u914d\u7f6eopensd \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 7.1 \u751f\u6210\u968f\u673a\u5bc6\u7801 \u00b6 \u5b89\u88c5 python3-pbr, python3-utils, python3-pyyaml, python3-oslo-utils\u5e76\u968f\u673a\u751f\u6210\u5bc6\u7801 dnf install python3-pbr python3-utils python3-pyyaml python3-oslo-utils -y # \u6267\u884c\u547d\u4ee4\u751f\u6210\u5bc6\u7801 opensd-genpwd # \u68c0\u67e5\u5bc6\u7801\u662f\u5426\u751f\u6210 cat /usr/local/share/opensd/etc_examples/opensd/passwords.yml 7.2 \u914d\u7f6einventory\u6587\u4ef6 \u00b6 \u4e3b\u673a\u4fe1\u606f\u5305\u542b\uff1a\u4e3b\u673a\u540d\u3001ansible_host IP\u3001availability_zone\uff0c\u4e09\u8005\u5747\u9700\u914d\u7f6e\u7f3a\u4e00\u4e0d\u53ef\uff0c\u793a\u4f8b\uff1a vim /usr/local/share/opensd/ansible/inventory/multinode # \u4e09\u53f0\u63a7\u5236\u8282\u70b9\u4e3b\u673a\u4fe1\u606f [control] controller1 ansible_host=10.0.0.35 availability_zone=az01.cell01.cn-yogadev-1 controller2 ansible_host=10.0.0.36 availability_zone=az01.cell01.cn-yogadev-1 controller3 ansible_host=10.0.0.37 availability_zone=az01.cell01.cn-yogadev-1 # \u7f51\u7edc\u8282\u70b9\u4fe1\u606f\uff0c\u4e0e\u63a7\u5236\u8282\u70b9\u4fdd\u6301\u4e00\u81f4 [network] controller1 ansible_host=10.0.0.35 availability_zone=az01.cell01.cn-yogadev-1 controller2 ansible_host=10.0.0.36 availability_zone=az01.cell01.cn-yogadev-1 controller3 ansible_host=10.0.0.37 availability_zone=az01.cell01.cn-yogadev-1 # cinder-volume\u670d\u52a1\u8282\u70b9\u4fe1\u606f [storage] storage1 ansible_host=10.0.0.61 availability_zone=az01.cell01.cn-yogadev-1 storage2 ansible_host=10.0.0.78 availability_zone=az01.cell01.cn-yogadev-1 storage3 ansible_host=10.0.0.82 availability_zone=az01.cell01.cn-yogadev-1 # Cell1 \u96c6\u7fa4\u4fe1\u606f [cell-control-cell1] cell1 ansible_host=10.0.0.24 availability_zone=az01.cell01.cn-yogadev-1 cell2 ansible_host=10.0.0.25 availability_zone=az01.cell01.cn-yogadev-1 cell3 ansible_host=10.0.0.26 availability_zone=az01.cell01.cn-yogadev-1 [compute-cell1] compute1 ansible_host=10.0.0.27 availability_zone=az01.cell01.cn-yogadev-1 compute2 ansible_host=10.0.0.28 availability_zone=az01.cell01.cn-yogadev-1 compute3 ansible_host=10.0.0.29 availability_zone=az01.cell01.cn-yogadev-1 [cell1:children] cell-control-cell1 compute-cell1 # Cell2\u96c6\u7fa4\u4fe1\u606f [cell-control-cell2] cell4 ansible_host=10.0.0.36 availability_zone=az03.cell02.cn-yogadev-1 cell5 ansible_host=10.0.0.37 availability_zone=az03.cell02.cn-yogadev-1 cell6 ansible_host=10.0.0.38 availability_zone=az03.cell02.cn-yogadev-1 [compute-cell2] compute4 ansible_host=10.0.0.39 availability_zone=az03.cell02.cn-yogadev-1 compute5 ansible_host=10.0.0.40 availability_zone=az03.cell02.cn-yogadev-1 compute6 ansible_host=10.0.0.41 availability_zone=az03.cell02.cn-yogadev-1 [cell2:children] cell-control-cell2 compute-cell2 [baremetal] [compute-cell1-ironic] # \u586b\u5199\u6240\u6709cell\u96c6\u7fa4\u7684control\u4e3b\u673a\u7ec4 [nova-conductor:children] cell-control-cell1 cell-control-cell2 # \u586b\u5199\u6240\u6709cell\u96c6\u7fa4\u7684compute\u4e3b\u673a\u7ec4 [nova-compute:children] compute-added compute-cell1 compute-cell2 # \u4e0b\u9762\u7684\u4e3b\u673a\u7ec4\u4fe1\u606f\u4e0d\u9700\u53d8\u52a8\uff0c\u4fdd\u7559\u5373\u53ef [compute-added] [chrony-server:children] control [pacemaker:children] control ...... ...... 7.3 \u914d\u7f6e\u5168\u5c40\u53d8\u91cf \u00b6 \u6ce8: \u6587\u6863\u4e2d\u63d0\u5230\u7684\u6709\u6ce8\u91ca\u914d\u7f6e\u9879\u9700\u8981\u66f4\u6539\uff0c\u5176\u4ed6\u53c2\u6570\u4e0d\u9700\u8981\u66f4\u6539\uff0c\u82e5\u65e0\u76f8\u5173\u914d\u7f6e\u5219\u4e3a\u7a7a vim /usr/local/share/opensd/etc_examples/opensd/globals.yml ######################## # Network & Base options ######################## network_interface: \"eth0\" #\u7ba1\u7406\u7f51\u7edc\u7684\u7f51\u5361\u540d\u79f0 neutron_external_interface: \"eth1\" #\u4e1a\u52a1\u7f51\u7edc\u7684\u7f51\u5361\u540d\u79f0 cidr_netmask: 24 #\u7ba1\u7406\u7f51\u7684\u63a9\u7801 opensd_vip_address: 10.0.0.33 #\u63a7\u5236\u8282\u70b9\u865a\u62dfIP\u5730\u5740 cell1_vip_address: 10.0.0.34 #cell1\u96c6\u7fa4\u7684\u865a\u62dfIP\u5730\u5740 cell2_vip_address: 10.0.0.35 #cell2\u96c6\u7fa4\u7684\u865a\u62dfIP\u5730\u5740 external_fqdn: \"\" #\u7528\u4e8evnc\u8bbf\u95ee\u865a\u62df\u673a\u7684\u5916\u7f51\u57df\u540d\u5730\u5740 external_ntp_servers: [] #\u5916\u90e8ntp\u670d\u52a1\u5668\u5730\u5740 yumrepo_host: #yum\u6e90\u7684IP\u5730\u5740 yumrepo_port: #yum\u6e90\u7aef\u53e3\u53f7 environment: #yum\u6e90\u7684\u7c7b\u578b upgrade_all_packages: \"yes\" #\u662f\u5426\u5347\u7ea7\u6240\u6709\u5b89\u88c5\u7248\u7684\u7248\u672c(\u6267\u884cyum upgrade)\uff0c\u521d\u59cb\u90e8\u7f72\u8d44\u6e90\u8bf7\u8bbe\u7f6e\u4e3a\"yes\" enable_miner: \"no\" #\u662f\u5426\u5f00\u542f\u90e8\u7f72miner\u670d\u52a1 enable_chrony: \"no\" #\u662f\u5426\u5f00\u542f\u90e8\u7f72chrony\u670d\u52a1 enable_pri_mariadb: \"no\" #\u662f\u5426\u4e3a\u79c1\u6709\u4e91\u90e8\u7f72mariadb enable_hosts_file_modify: \"no\" # \u6269\u5bb9\u8ba1\u7b97\u8282\u70b9\u548c\u90e8\u7f72ironic\u670d\u52a1\u7684\u65f6\u5019\uff0c\u662f\u5426\u5c06\u8282\u70b9\u4fe1\u606f\u6dfb\u52a0\u5230`/etc/hosts` ######################## # Available zone options ######################## az_cephmon_compose: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az01\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az01\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az02\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az02\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az03\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az03\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: # `reserve_vcpu_based_on_numa`\u914d\u7f6e\u4e3a`yes` or `no`,\u4e3e\u4f8b\u8bf4\u660e\uff1a NUMA node0 CPU(s): 0-15,32-47 NUMA node1 CPU(s): 16-31,48-63 \u5f53reserve_vcpu_based_on_numa: \"yes\", \u6839\u636enuma node, \u5e73\u5747\u6bcf\u4e2anode\u9884\u7559vcpu: vcpu_pin_set = 2-15,34-47,18-31,50-63 \u5f53reserve_vcpu_based_on_numa: \"no\", \u4ece\u7b2c\u4e00\u4e2avcpu\u5f00\u59cb\uff0c\u987a\u5e8f\u9884\u7559vcpu: vcpu_pin_set = 8-64 ####################### # Nova options ####################### nova_reserved_host_memory_mb: 2048 #\u8ba1\u7b97\u8282\u70b9\u7ed9\u8ba1\u7b97\u670d\u52a1\u9884\u7559\u7684\u5185\u5b58\u5927\u5c0f enable_cells: \"yes\" #cell\u8282\u70b9\u662f\u5426\u5355\u72ec\u8282\u70b9\u90e8\u7f72 support_gpu: \"False\" #cell\u8282\u70b9\u662f\u5426\u6709GPU\u670d\u52a1\u5668\uff0c\u5982\u679c\u6709\u5219\u4e3aTrue\uff0c\u5426\u5219\u4e3aFalse ####################### # Neutron options ####################### monitor_ip: - 10.0.0.9 #\u914d\u7f6e\u76d1\u63a7\u8282\u70b9 - 10.0.0.10 enable_meter_full_eip: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8EIP\u5168\u91cf\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter_port_forwarding: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8port forwarding\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter_ecs_ipv6: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8ecs_ipv6\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter: True #\u914d\u7f6e\u662f\u5426\u5f00\u542f\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue is_sdn_arch: False #\u914d\u7f6e\u662f\u5426\u662fsdn\u67b6\u6784\uff0c\u9ed8\u8ba4\u4e3aFalse # \u9ed8\u8ba4\u4f7f\u80fd\u7684\u7f51\u7edc\u7c7b\u578b\u662fvlan,vlan\u548cvxlan\u4e24\u79cd\u7c7b\u578b\u53ea\u80fd\u4e8c\u9009\u4e00. enable_vxlan_network_type: False # \u9ed8\u8ba4\u4f7f\u80fd\u7684\u7f51\u7edc\u7c7b\u578b\u662fvlan,\u5982\u679c\u4f7f\u7528vxlan\u7f51\u7edc\uff0c\u914d\u7f6e\u4e3aTrue, \u5982\u679c\u4f7f\u7528vlan\u7f51\u7edc\uff0c\u914d\u7f6e\u4e3aFalse. enable_neutron_fwaas: False # \u73af\u5883\u6709\u4f7f\u7528\u9632\u706b\u5899, \u8bbe\u7f6e\u4e3aTrue, \u4f7f\u80fd\u9632\u62a4\u5899\u529f\u80fd. # Neutron provider neutron_provider_networks: network_types: \"{{ 'vxlan' if enable_vxlan_network_type else 'vlan' }}\" network_vlan_ranges: \"default:xxx:xxx\" #\u90e8\u7f72\u4e4b\u524d\u89c4\u5212\u7684\u4e1a\u52a1\u7f51\u7edcvlan\u8303\u56f4 network_mappings: \"default:br-provider\" network_interface: \"{{ neutron_external_interface }}\" network_vxlan_ranges: \"\" #\u90e8\u7f72\u4e4b\u524d\u89c4\u5212\u7684\u4e1a\u52a1\u7f51\u7edcvxlan\u8303\u56f4 # \u5982\u4e0b\u8fd9\u4e9b\u914d\u7f6e\u662fSND\u63a7\u5236\u5668\u7684\u914d\u7f6e\u53c2\u6570, `enable_sdn_controller`\u8bbe\u7f6e\u4e3aTrue, \u4f7f\u80fdSND\u63a7\u5236\u5668\u529f\u80fd. # \u5176\u4ed6\u53c2\u6570\u8bf7\u6839\u636e\u90e8\u7f72\u4e4b\u524d\u7684\u89c4\u5212\u548cSDN\u90e8\u7f72\u4fe1\u606f\u786e\u5b9a. enable_sdn_controller: False sdn_controller_ip_address: # SDN\u63a7\u5236\u5668ip\u5730\u5740 sdn_controller_username: # SDN\u63a7\u5236\u5668\u7684\u7528\u6237\u540d sdn_controller_password: # SDN\u63a7\u5236\u5668\u7684\u7528\u6237\u5bc6\u7801 ####################### # Dimsagent options ####################### enable_dimsagent: \"no\" # \u5b89\u88c5\u955c\u50cf\u670d\u52a1agent, \u9700\u8981\u6539\u4e3ayes # Address and domain name for s2 s3_address_domain_pair: - host_ip: host_name: ####################### # Trove options ####################### enable_trove: \"no\" #\u5b89\u88c5trove \u9700\u8981\u6539\u4e3ayes #default network trove_default_neutron_networks: #trove \u7684\u7ba1\u7406\u7f51\u7edcid `openstack network list|grep -w trove-mgmt|awk '{print$2}'` #s3 setup(\u5982\u679c\u6ca1\u6709s3,\u4ee5\u4e0b\u503c\u586bnull) s3_endpoint_host_ip: #s3\u7684ip s3_endpoint_host_name: #s3\u7684\u57df\u540d s3_endpoint_url: #s3\u7684url \u00b7\u4e00\u822c\u4e3ahttp\uff1a//s3\u57df\u540d s3_access_key: #s3\u7684ak s3_secret_key: #s3\u7684sk ####################### # Ironic options ####################### enable_ironic: \"no\" #\u662f\u5426\u5f00\u673a\u88f8\u91d1\u5c5e\u90e8\u7f72\uff0c\u9ed8\u8ba4\u4e0d\u5f00\u542f ironic_neutron_provisioning_network_uuid: ironic_neutron_cleaning_network_uuid: \"{{ ironic_neutron_provisioning_network_uuid }}\" ironic_dnsmasq_interface: ironic_dnsmasq_dhcp_range: ironic_tftp_server_address: \"{{ hostvars[inventory_hostname]['ansible_' + ironic_dnsmasq_interface]['ipv4']['address'] }}\" # \u4ea4\u6362\u673a\u8bbe\u5907\u76f8\u5173\u4fe1\u606f neutron_ml2_conf_genericswitch: genericswitch:xxxxxxx: device_type: ngs_mac_address: ip: username: password: ngs_port_default_vlan: # Package state setting haproxy_package_state: \"present\" mariadb_package_state: \"present\" rabbitmq_package_state: \"present\" memcached_package_state: \"present\" ceph_client_package_state: \"present\" keystone_package_state: \"present\" glance_package_state: \"present\" cinder_package_state: \"present\" nova_package_state: \"present\" neutron_package_state: \"present\" miner_package_state: \"present\" 7.4 \u68c0\u67e5\u6240\u6709\u8282\u70b9ssh\u8fde\u63a5\u72b6\u6001 \u00b6 dnf install ansible -y ansible all -i /usr/local/share/opensd/ansible/inventory/multinode -m ping # \u6267\u884c\u7ed3\u679c\u663e\u793a\u6bcf\u53f0\u4e3b\u673a\u90fd\u662f\"SUCCESS\"\u5373\u8bf4\u660e\u8fde\u63a5\u72b6\u6001\u6ca1\u95ee\u9898,\u793a\u4f8b\uff1a compute1 | SUCCESS => { \"ansible_facts\": { \"discovered_interpreter_python\": \"/usr/bin/python\" }, \"changed\": false, \"ping\": \"pong\" } 8. \u6267\u884c\u90e8\u7f72 \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 8.1 \u6267\u884cbootstrap \u00b6 # \u6267\u884c\u90e8\u7f72 opensd -i /usr/local/share/opensd/ansible/inventory/multinode bootstrap --forks 50 8.2 \u91cd\u542f\u670d\u52a1\u5668 \u00b6 \u6ce8\uff1a\u6267\u884c\u91cd\u542f\u7684\u539f\u56e0\u662f:bootstrap\u53ef\u80fd\u4f1a\u5347\u5185\u6838,\u66f4\u6539selinux\u914d\u7f6e\u6216\u8005\u6709GPU\u670d\u52a1\u5668,\u5982\u679c\u88c5\u673a\u8fc7\u7a0b\u5df2\u7ecf\u662f\u65b0\u7248\u5185\u6838,selinux disable\u6216\u8005\u6ca1\u6709GPU\u670d\u52a1\u5668,\u5219\u4e0d\u9700\u8981\u6267\u884c\u8be5\u6b65\u9aa4 # \u624b\u52a8\u91cd\u542f\u5bf9\u5e94\u8282\u70b9,\u6267\u884c\u547d\u4ee4 init6 # \u91cd\u542f\u5b8c\u6210\u540e\uff0c\u518d\u6b21\u68c0\u67e5\u8fde\u901a\u6027 ansible all -i /usr/local/share/opensd/ansible/inventory/multinode -m ping # \u91cd\u542f\u5b8c\u540e\u64cd\u4f5c\u7cfb\u7edf\u540e\uff0c\u518d\u6b21\u542f\u52a8yum\u6e90 8.3 \u6267\u884c\u90e8\u7f72\u524d\u68c0\u67e5 \u00b6 opensd -i /usr/local/share/opensd/ansible/inventory/multinode prechecks --forks 50 8.4 \u6267\u884c\u90e8\u7f72 \u00b6 ln -s /usr/bin/python3 /usr/bin/python \u5168\u91cf\u90e8\u7f72\uff1a opensd -i /usr/local/share/opensd/ansible/inventory/multinode deploy --forks 50 \u5355\u670d\u52a1\u90e8\u7f72\uff1a opensd -i /usr/local/share/opensd/ansible/inventory/multinode deploy --forks 50 -t service_name","title":"openEuler-22.03-LTS-SP1_Train"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#openstack-train","text":"OpenStack-Train \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 \u57fa\u4e8eOpenStack SIG\u90e8\u7f72\u5de5\u5177opensd\u90e8\u7f72 \u90e8\u7f72\u6b65\u9aa4 1. \u90e8\u7f72\u524d\u9700\u8981\u786e\u8ba4\u7684\u4fe1\u606f 2. ceph pool\u4e0e\u8ba4\u8bc1\u521b\u5efa\uff08\u53ef\u9009\uff09 2.1 \u521b\u5efapool: 2.2 \u521d\u59cb\u5316pool 2.3 \u521b\u5efa\u7528\u6237\u8ba4\u8bc1 3. \u914d\u7f6elvm\uff08\u53ef\u9009\uff09 4. \u914d\u7f6eyum repo 4.1 \u5907\u4efdyum\u6e90 4.2 \u914d\u7f6eyum repo 4.3 \u66f4\u65b0yum\u7f13\u5b58 5. \u5b89\u88c5opensd 5.1 \u514b\u9686opensd\u6e90\u7801\u5e76\u5b89\u88c5 6. \u505assh\u4e92\u4fe1 6.1 \u751f\u6210\u5bc6\u94a5\u5bf9 6.2 \u751f\u6210\u4e3b\u673aIP\u5730\u5740\u6587\u4ef6 6.3 \u66f4\u6539\u5bc6\u7801\u5e76\u6267\u884c\u811a\u672c 6.4 \u90e8\u7f72\u8282\u70b9\u4e0eceph monitor\u505a\u4e92\u4fe1\uff08\u53ef\u9009\uff09 7. \u914d\u7f6eopensd 7.1 \u751f\u6210\u968f\u673a\u5bc6\u7801 7.2 \u914d\u7f6einventory\u6587\u4ef6 7.3 \u914d\u7f6e\u5168\u5c40\u53d8\u91cf 7.4 \u68c0\u67e5\u6240\u6709\u8282\u70b9ssh\u8fde\u63a5\u72b6\u6001 8. \u6267\u884c\u90e8\u7f72 8.1 \u6267\u884cbootstrap 8.2 \u91cd\u542f\u670d\u52a1\u5668 8.3 \u6267\u884c\u90e8\u7f72\u524d\u68c0\u67e5 8.4 \u6267\u884c\u90e8\u7f72","title":"OpenStack-Train \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#openstack","text":"OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 22.03-LTS-SP1\u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Train \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002","title":"OpenStack \u7b80\u4ecb"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#_1","text":"OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron","title":"\u7ea6\u5b9a"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#_2","text":"","title":"\u51c6\u5907\u73af\u5883"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#_3","text":"\u542f\u52a8OpenStack Train yum\u6e90 yum update yum install openstack-release-train yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP1/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.03-LTS-SP1/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute","title":"\u73af\u5883\u914d\u7f6e"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#sql-database","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef","title":"\u5b89\u88c5 SQL DataBase"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#rabbitmq","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5 RabbitMQ"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#memcached","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002","title":"\u5b89\u88c5 Memcached"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#openstack_1","text":"","title":"\u5b89\u88c5 OpenStack"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#keystone","text":"\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient==4.0.2 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#glance","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#placement","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a . admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name","title":"Placement\u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#nova","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u5219 virt_type \u53ef\u4ee5\u914d\u7f6e\u4e3a kvm \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF chown nova:nova /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u5e76\u4e14\u5f53ARM\u67b6\u6784\u4e0b\u7684\u90e8\u7f72\u73af\u5883\u4e3a\u5d4c\u5957\u865a\u62df\u5316\u65f6\uff0c libvirt \u914d\u7f6e\u5982\u4e0b\uff1a [libvirt] virt_type = qemu cpu_mode = custom cpu_model = cortex-a72 \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CTL) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL)","title":"Nova \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#neutron","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl restart neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list","title":"Neutron \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#cinder","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list","title":"Cinder \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#horizon","text":"\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740","title":"horizon \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Train\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin","title":"Tempest \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; 2. \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u542f\u52a8\u670d\u52a1 systemctl enable openstack-ironic-api openstack-ironic-conductor systemctl start openstack-ironic-api openstack-ironic-conductor \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y 2. \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7. deploy ramdisk\u955c\u50cf\u5236\u4f5c T\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528T\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728T\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a T\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target \u5728Train\u4e2d\uff0c\u6211\u4eec\u8fd8\u63d0\u4f9b\u4e86ironic-inspector\u7b49\u670d\u52a1\uff0c\u7528\u6237\u53ef\u6839\u636e\u81ea\u8eab\u9700\u6c42\u5b89\u88c5\u3002","title":"Ironic \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#kolla","text":"Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u8fdb\u884c\u76f8\u5173\u7684\u955c\u50cf\u5236\u4f5c\u548c\u5bb9\u5668\u73af\u5883\u90e8\u7f72\u4e86\u3002","title":"Kolla \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --domain default --password-prompt trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 ``shell script yum install openstack-trove python3-troveclient 2. \u914d\u7f6e`trove.conf` ```shell script vim /etc/trove/trove.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller:5000/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 swift_url = http://controller:8080/v1/AUTH_ rpc_backend = rabbit transport_url = rabbit://openstack:RABBIT_PASS@controller:5672 auth_strategy = keystone add_addresses = True api_paste_config = /etc/trove/api-paste.ini nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASSWORD nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver = trove.network.neutron.NeutronDriver network_label_regex = .* [database] connection = mysql+pymysql://trove:TROVE_DBPASSWORD@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ auth_type = password project_domain_name = default user_domain_name = default project_name = service username = trove password = TROVE_PASSWORD **\u89e3\u91ca\uff1a** - [Default] \u5206\u7ec4\u4e2d nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint - nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b - transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 \u914d\u7f6e trove-guestagent.conf ```shell script vim /etc/trove/trove-guestagent.conf rabbit_host = controller rabbit_password = RABBIT_PASS trove_auth_url = http://controller:5000/ **\u89e3\u91ca\uff1a** `guestagent`\u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 **\u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002** - `RABBIT_PASS`\u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 4. \u751f\u6210\u6570\u636e`Trove`\u6570\u636e\u5e93\u8868 ```shell script su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 ```shell script systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2. \u542f\u52a8\u670d\u52a1 ```shell script systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#swift","text":"Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service","title":"Swift \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#cyborg","text":"Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 \u5b89\u88c5Cyborg yum install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent","title":"Cyborg \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#aodh","text":"\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync \u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service","title":"Aodh \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#gnocchi","text":"\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade \u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service","title":"Gnocchi \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#ceilometer","text":"\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade \u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service","title":"Ceilometer \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#heat","text":"\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service","title":"Heat \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#openstack-sigoos","text":"oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 pip install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.03-LTS-SP1\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.03-lts-sp1 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r train \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.03-lts-sp1 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"\u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#openstack-sigopensd","text":"opensd\u7528\u4e8e\u6279\u91cf\u5730\u811a\u672c\u5316\u90e8\u7f72openstack\u5404\u7ec4\u4ef6\u670d\u52a1\u3002","title":"\u57fa\u4e8eOpenStack SIG\u90e8\u7f72\u5de5\u5177opensd\u90e8\u7f72"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#_4","text":"","title":"\u90e8\u7f72\u6b65\u9aa4"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#1","text":"\u88c5\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u9700\u5c06selinux\u8bbe\u7f6e\u4e3adisable \u88c5\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u5c06/etc/ssh/sshd_config\u914d\u7f6e\u6587\u4ef6\u5185\u7684UseDNS\u8bbe\u7f6e\u4e3ano \u64cd\u4f5c\u7cfb\u7edf\u8bed\u8a00\u5fc5\u987b\u8bbe\u7f6e\u4e3a\u82f1\u6587 \u90e8\u7f72\u4e4b\u524d\u8bf7\u786e\u4fdd\u6240\u6709\u8ba1\u7b97\u8282\u70b9/etc/hosts\u6587\u4ef6\u5185\u6ca1\u6709\u5bf9\u8ba1\u7b97\u4e3b\u673a\u7684\u89e3\u6790","title":"1. \u90e8\u7f72\u524d\u9700\u8981\u786e\u8ba4\u7684\u4fe1\u606f"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#2-ceph-pool","text":"\u4e0d\u4f7f\u7528ceph\u6216\u5df2\u6709ceph\u96c6\u7fa4\u53ef\u5ffd\u7565\u6b64\u6b65\u9aa4 \u5728\u4efb\u610f\u4e00\u53f0ceph monitor\u8282\u70b9\u6267\u884c:","title":"2. ceph pool\u4e0e\u8ba4\u8bc1\u521b\u5efa\uff08\u53ef\u9009\uff09"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#21-pool","text":"ceph osd pool create volumes 2048 ceph osd pool create images 2048","title":"2.1 \u521b\u5efapool:"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#22-pool","text":"rbd pool init volumes rbd pool init images","title":"2.2 \u521d\u59cb\u5316pool"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#23","text":"ceph auth get-or-create client.glance mon 'profile rbd' osd 'profile rbd pool=images' mgr 'profile rbd pool=images' ceph auth get-or-create client.cinder mon 'profile rbd' osd 'profile rbd pool=volumes, profile rbd pool=images' mgr 'profile rbd pool=volumes'","title":"2.3 \u521b\u5efa\u7528\u6237\u8ba4\u8bc1"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#3-lvm","text":"\u6839\u636e\u7269\u7406\u673a\u78c1\u76d8\u914d\u7f6e\u4e0e\u95f2\u7f6e\u60c5\u51b5\uff0c\u4e3amysql\u6570\u636e\u76ee\u5f55\u6302\u8f7d\u989d\u5916\u7684\u78c1\u76d8\u7a7a\u95f4\u3002\u793a\u4f8b\u5982\u4e0b\uff08\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u505a\u914d\u7f6e\uff09\uff1a fdisk -l Disk /dev/sdd: 479.6 GB, 479559942144 bytes, 936640512 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes Disk label type: dos Disk identifier: 0x000ed242 \u521b\u5efa\u5206\u533a parted /dev/sdd mkparted 0 -1 \u521b\u5efapv partprobe /dev/sdd1 pvcreate /dev/sdd1 \u521b\u5efa\u3001\u6fc0\u6d3bvg vgcreate vg_mariadb /dev/sdd1 vgchange -ay vg_mariadb \u67e5\u770bvg\u5bb9\u91cf vgdisplay --- Volume group --- VG Name vg_mariadb System ID Format lvm2 Metadata Areas 1 Metadata Sequence No 2 VG Access read/write VG Status resizable MAX LV 0 Cur LV 1 Open LV 1 Max PV 0 Cur PV 1 Act PV 1 VG Size 446.62 GiB PE Size 4.00 MiB Total PE 114335 Alloc PE / Size 114176 / 446.00 GiB Free PE / Size 159 / 636.00 MiB VG UUID bVUmDc-VkMu-Vi43-mg27-TEkG-oQfK-TvqdEc \u521b\u5efalv lvcreate -L 446G -n lv_mariadb vg_mariadb \u683c\u5f0f\u5316\u78c1\u76d8\u5e76\u83b7\u53d6\u5377\u7684UUID mkfs.ext4 /dev/mapper/vg_mariadb-lv_mariadb blkid /dev/mapper/vg_mariadb-lv_mariadb /dev/mapper/vg_mariadb-lv_mariadb: UUID=\"98d513eb-5f64-4aa5-810e-dc7143884fa2\" TYPE=\"ext4\" \u6ce8\uff1a98d513eb-5f64-4aa5-810e-dc7143884fa2\u4e3a\u5377\u7684UUID \u6302\u8f7d\u78c1\u76d8 mount /dev/mapper/vg_mariadb-lv_mariadb /var/lib/mysql rm -rf /var/lib/mysql/*","title":"3. \u914d\u7f6elvm\uff08\u53ef\u9009\uff09"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#4-yum-repo","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"4. \u914d\u7f6eyum repo"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#41-yum","text":"mkdir /etc/yum.repos.d/bak/ mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak/","title":"4.1 \u5907\u4efdyum\u6e90"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#42-yum-repo","text":"cat > /etc/yum.repos.d/opensd.repo << EOF [train] name=train baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP1:/Epol:/Multi-Version:/OpenStack:/Train/standard_$basearch/ enabled=1 gpgcheck=0 [epol] name=epol baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP1:/Epol/standard_$basearch/ enabled=1 gpgcheck=0 [everything] name=everything baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP1/standard_$basearch/ enabled=1 gpgcheck=0 EOF","title":"4.2 \u914d\u7f6eyum repo"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#43-yum","text":"yum clean all yum makecache","title":"4.3 \u66f4\u65b0yum\u7f13\u5b58"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#5-opensd","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"5. \u5b89\u88c5opensd"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#51-opensd","text":"git clone https://gitee.com/openeuler/opensd cd opensd python3 setup.py install","title":"5.1 \u514b\u9686opensd\u6e90\u7801\u5e76\u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#6-ssh","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"6. \u505assh\u4e92\u4fe1"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#61","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u5e76\u4e00\u8def\u56de\u8f66 ssh-keygen","title":"6.1 \u751f\u6210\u5bc6\u94a5\u5bf9"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#62-ip","text":"\u5728auto_ssh_host_ip\u4e2d\u914d\u7f6e\u6240\u6709\u7528\u5230\u7684\u4e3b\u673aip, \u793a\u4f8b\uff1a cd /usr/local/share/opensd/tools/ vim auto_ssh_host_ip 10.0.0.1 10.0.0.2 ... 10.0.0.10","title":"6.2 \u751f\u6210\u4e3b\u673aIP\u5730\u5740\u6587\u4ef6"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#63","text":"\u5c06\u514d\u5bc6\u811a\u672c /usr/local/bin/opensd-auto-ssh \u5185123123\u66ff\u6362\u4e3a\u4e3b\u673a\u771f\u5b9e\u5bc6\u7801 # \u66ff\u6362\u811a\u672c\u5185123123\u5b57\u7b26\u4e32 vim /usr/local/bin/opensd-auto-ssh ## \u5b89\u88c5expect\u540e\u6267\u884c\u811a\u672c dnf install expect -y opensd-auto-ssh","title":"6.3 \u66f4\u6539\u5bc6\u7801\u5e76\u6267\u884c\u811a\u672c"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#64-ceph-monitor","text":"ssh-copy-id root@x.x.x.x","title":"6.4 \u90e8\u7f72\u8282\u70b9\u4e0eceph monitor\u505a\u4e92\u4fe1\uff08\u53ef\u9009\uff09"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#7-opensd","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"7. \u914d\u7f6eopensd"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#71","text":"\u5b89\u88c5 python3-pbr, python3-utils, python3-pyyaml, python3-oslo-utils\u5e76\u968f\u673a\u751f\u6210\u5bc6\u7801 dnf install python3-pbr python3-utils python3-pyyaml python3-oslo-utils -y # \u6267\u884c\u547d\u4ee4\u751f\u6210\u5bc6\u7801 opensd-genpwd # \u68c0\u67e5\u5bc6\u7801\u662f\u5426\u751f\u6210 cat /usr/local/share/opensd/etc_examples/opensd/passwords.yml","title":"7.1 \u751f\u6210\u968f\u673a\u5bc6\u7801"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#72-inventory","text":"\u4e3b\u673a\u4fe1\u606f\u5305\u542b\uff1a\u4e3b\u673a\u540d\u3001ansible_host IP\u3001availability_zone\uff0c\u4e09\u8005\u5747\u9700\u914d\u7f6e\u7f3a\u4e00\u4e0d\u53ef\uff0c\u793a\u4f8b\uff1a vim /usr/local/share/opensd/ansible/inventory/multinode # \u4e09\u53f0\u63a7\u5236\u8282\u70b9\u4e3b\u673a\u4fe1\u606f [control] controller1 ansible_host=10.0.0.35 availability_zone=az01.cell01.cn-yogadev-1 controller2 ansible_host=10.0.0.36 availability_zone=az01.cell01.cn-yogadev-1 controller3 ansible_host=10.0.0.37 availability_zone=az01.cell01.cn-yogadev-1 # \u7f51\u7edc\u8282\u70b9\u4fe1\u606f\uff0c\u4e0e\u63a7\u5236\u8282\u70b9\u4fdd\u6301\u4e00\u81f4 [network] controller1 ansible_host=10.0.0.35 availability_zone=az01.cell01.cn-yogadev-1 controller2 ansible_host=10.0.0.36 availability_zone=az01.cell01.cn-yogadev-1 controller3 ansible_host=10.0.0.37 availability_zone=az01.cell01.cn-yogadev-1 # cinder-volume\u670d\u52a1\u8282\u70b9\u4fe1\u606f [storage] storage1 ansible_host=10.0.0.61 availability_zone=az01.cell01.cn-yogadev-1 storage2 ansible_host=10.0.0.78 availability_zone=az01.cell01.cn-yogadev-1 storage3 ansible_host=10.0.0.82 availability_zone=az01.cell01.cn-yogadev-1 # Cell1 \u96c6\u7fa4\u4fe1\u606f [cell-control-cell1] cell1 ansible_host=10.0.0.24 availability_zone=az01.cell01.cn-yogadev-1 cell2 ansible_host=10.0.0.25 availability_zone=az01.cell01.cn-yogadev-1 cell3 ansible_host=10.0.0.26 availability_zone=az01.cell01.cn-yogadev-1 [compute-cell1] compute1 ansible_host=10.0.0.27 availability_zone=az01.cell01.cn-yogadev-1 compute2 ansible_host=10.0.0.28 availability_zone=az01.cell01.cn-yogadev-1 compute3 ansible_host=10.0.0.29 availability_zone=az01.cell01.cn-yogadev-1 [cell1:children] cell-control-cell1 compute-cell1 # Cell2\u96c6\u7fa4\u4fe1\u606f [cell-control-cell2] cell4 ansible_host=10.0.0.36 availability_zone=az03.cell02.cn-yogadev-1 cell5 ansible_host=10.0.0.37 availability_zone=az03.cell02.cn-yogadev-1 cell6 ansible_host=10.0.0.38 availability_zone=az03.cell02.cn-yogadev-1 [compute-cell2] compute4 ansible_host=10.0.0.39 availability_zone=az03.cell02.cn-yogadev-1 compute5 ansible_host=10.0.0.40 availability_zone=az03.cell02.cn-yogadev-1 compute6 ansible_host=10.0.0.41 availability_zone=az03.cell02.cn-yogadev-1 [cell2:children] cell-control-cell2 compute-cell2 [baremetal] [compute-cell1-ironic] # \u586b\u5199\u6240\u6709cell\u96c6\u7fa4\u7684control\u4e3b\u673a\u7ec4 [nova-conductor:children] cell-control-cell1 cell-control-cell2 # \u586b\u5199\u6240\u6709cell\u96c6\u7fa4\u7684compute\u4e3b\u673a\u7ec4 [nova-compute:children] compute-added compute-cell1 compute-cell2 # \u4e0b\u9762\u7684\u4e3b\u673a\u7ec4\u4fe1\u606f\u4e0d\u9700\u53d8\u52a8\uff0c\u4fdd\u7559\u5373\u53ef [compute-added] [chrony-server:children] control [pacemaker:children] control ...... ......","title":"7.2 \u914d\u7f6einventory\u6587\u4ef6"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#73","text":"\u6ce8: \u6587\u6863\u4e2d\u63d0\u5230\u7684\u6709\u6ce8\u91ca\u914d\u7f6e\u9879\u9700\u8981\u66f4\u6539\uff0c\u5176\u4ed6\u53c2\u6570\u4e0d\u9700\u8981\u66f4\u6539\uff0c\u82e5\u65e0\u76f8\u5173\u914d\u7f6e\u5219\u4e3a\u7a7a vim /usr/local/share/opensd/etc_examples/opensd/globals.yml ######################## # Network & Base options ######################## network_interface: \"eth0\" #\u7ba1\u7406\u7f51\u7edc\u7684\u7f51\u5361\u540d\u79f0 neutron_external_interface: \"eth1\" #\u4e1a\u52a1\u7f51\u7edc\u7684\u7f51\u5361\u540d\u79f0 cidr_netmask: 24 #\u7ba1\u7406\u7f51\u7684\u63a9\u7801 opensd_vip_address: 10.0.0.33 #\u63a7\u5236\u8282\u70b9\u865a\u62dfIP\u5730\u5740 cell1_vip_address: 10.0.0.34 #cell1\u96c6\u7fa4\u7684\u865a\u62dfIP\u5730\u5740 cell2_vip_address: 10.0.0.35 #cell2\u96c6\u7fa4\u7684\u865a\u62dfIP\u5730\u5740 external_fqdn: \"\" #\u7528\u4e8evnc\u8bbf\u95ee\u865a\u62df\u673a\u7684\u5916\u7f51\u57df\u540d\u5730\u5740 external_ntp_servers: [] #\u5916\u90e8ntp\u670d\u52a1\u5668\u5730\u5740 yumrepo_host: #yum\u6e90\u7684IP\u5730\u5740 yumrepo_port: #yum\u6e90\u7aef\u53e3\u53f7 environment: #yum\u6e90\u7684\u7c7b\u578b upgrade_all_packages: \"yes\" #\u662f\u5426\u5347\u7ea7\u6240\u6709\u5b89\u88c5\u7248\u7684\u7248\u672c(\u6267\u884cyum upgrade)\uff0c\u521d\u59cb\u90e8\u7f72\u8d44\u6e90\u8bf7\u8bbe\u7f6e\u4e3a\"yes\" enable_miner: \"no\" #\u662f\u5426\u5f00\u542f\u90e8\u7f72miner\u670d\u52a1 enable_chrony: \"no\" #\u662f\u5426\u5f00\u542f\u90e8\u7f72chrony\u670d\u52a1 enable_pri_mariadb: \"no\" #\u662f\u5426\u4e3a\u79c1\u6709\u4e91\u90e8\u7f72mariadb enable_hosts_file_modify: \"no\" # \u6269\u5bb9\u8ba1\u7b97\u8282\u70b9\u548c\u90e8\u7f72ironic\u670d\u52a1\u7684\u65f6\u5019\uff0c\u662f\u5426\u5c06\u8282\u70b9\u4fe1\u606f\u6dfb\u52a0\u5230`/etc/hosts` ######################## # Available zone options ######################## az_cephmon_compose: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az01\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az01\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az02\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az02\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az03\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az03\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: # `reserve_vcpu_based_on_numa`\u914d\u7f6e\u4e3a`yes` or `no`,\u4e3e\u4f8b\u8bf4\u660e\uff1a NUMA node0 CPU(s): 0-15,32-47 NUMA node1 CPU(s): 16-31,48-63 \u5f53reserve_vcpu_based_on_numa: \"yes\", \u6839\u636enuma node, \u5e73\u5747\u6bcf\u4e2anode\u9884\u7559vcpu: vcpu_pin_set = 2-15,34-47,18-31,50-63 \u5f53reserve_vcpu_based_on_numa: \"no\", \u4ece\u7b2c\u4e00\u4e2avcpu\u5f00\u59cb\uff0c\u987a\u5e8f\u9884\u7559vcpu: vcpu_pin_set = 8-64 ####################### # Nova options ####################### nova_reserved_host_memory_mb: 2048 #\u8ba1\u7b97\u8282\u70b9\u7ed9\u8ba1\u7b97\u670d\u52a1\u9884\u7559\u7684\u5185\u5b58\u5927\u5c0f enable_cells: \"yes\" #cell\u8282\u70b9\u662f\u5426\u5355\u72ec\u8282\u70b9\u90e8\u7f72 support_gpu: \"False\" #cell\u8282\u70b9\u662f\u5426\u6709GPU\u670d\u52a1\u5668\uff0c\u5982\u679c\u6709\u5219\u4e3aTrue\uff0c\u5426\u5219\u4e3aFalse ####################### # Neutron options ####################### monitor_ip: - 10.0.0.9 #\u914d\u7f6e\u76d1\u63a7\u8282\u70b9 - 10.0.0.10 enable_meter_full_eip: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8EIP\u5168\u91cf\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter_port_forwarding: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8port forwarding\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter_ecs_ipv6: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8ecs_ipv6\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter: True #\u914d\u7f6e\u662f\u5426\u5f00\u542f\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue is_sdn_arch: False #\u914d\u7f6e\u662f\u5426\u662fsdn\u67b6\u6784\uff0c\u9ed8\u8ba4\u4e3aFalse # \u9ed8\u8ba4\u4f7f\u80fd\u7684\u7f51\u7edc\u7c7b\u578b\u662fvlan,vlan\u548cvxlan\u4e24\u79cd\u7c7b\u578b\u53ea\u80fd\u4e8c\u9009\u4e00. enable_vxlan_network_type: False # \u9ed8\u8ba4\u4f7f\u80fd\u7684\u7f51\u7edc\u7c7b\u578b\u662fvlan,\u5982\u679c\u4f7f\u7528vxlan\u7f51\u7edc\uff0c\u914d\u7f6e\u4e3aTrue, \u5982\u679c\u4f7f\u7528vlan\u7f51\u7edc\uff0c\u914d\u7f6e\u4e3aFalse. enable_neutron_fwaas: False # \u73af\u5883\u6709\u4f7f\u7528\u9632\u706b\u5899, \u8bbe\u7f6e\u4e3aTrue, \u4f7f\u80fd\u9632\u62a4\u5899\u529f\u80fd. # Neutron provider neutron_provider_networks: network_types: \"{{ 'vxlan' if enable_vxlan_network_type else 'vlan' }}\" network_vlan_ranges: \"default:xxx:xxx\" #\u90e8\u7f72\u4e4b\u524d\u89c4\u5212\u7684\u4e1a\u52a1\u7f51\u7edcvlan\u8303\u56f4 network_mappings: \"default:br-provider\" network_interface: \"{{ neutron_external_interface }}\" network_vxlan_ranges: \"\" #\u90e8\u7f72\u4e4b\u524d\u89c4\u5212\u7684\u4e1a\u52a1\u7f51\u7edcvxlan\u8303\u56f4 # \u5982\u4e0b\u8fd9\u4e9b\u914d\u7f6e\u662fSND\u63a7\u5236\u5668\u7684\u914d\u7f6e\u53c2\u6570, `enable_sdn_controller`\u8bbe\u7f6e\u4e3aTrue, \u4f7f\u80fdSND\u63a7\u5236\u5668\u529f\u80fd. # \u5176\u4ed6\u53c2\u6570\u8bf7\u6839\u636e\u90e8\u7f72\u4e4b\u524d\u7684\u89c4\u5212\u548cSDN\u90e8\u7f72\u4fe1\u606f\u786e\u5b9a. enable_sdn_controller: False sdn_controller_ip_address: # SDN\u63a7\u5236\u5668ip\u5730\u5740 sdn_controller_username: # SDN\u63a7\u5236\u5668\u7684\u7528\u6237\u540d sdn_controller_password: # SDN\u63a7\u5236\u5668\u7684\u7528\u6237\u5bc6\u7801 ####################### # Dimsagent options ####################### enable_dimsagent: \"no\" # \u5b89\u88c5\u955c\u50cf\u670d\u52a1agent, \u9700\u8981\u6539\u4e3ayes # Address and domain name for s2 s3_address_domain_pair: - host_ip: host_name: ####################### # Trove options ####################### enable_trove: \"no\" #\u5b89\u88c5trove \u9700\u8981\u6539\u4e3ayes #default network trove_default_neutron_networks: #trove \u7684\u7ba1\u7406\u7f51\u7edcid `openstack network list|grep -w trove-mgmt|awk '{print$2}'` #s3 setup(\u5982\u679c\u6ca1\u6709s3,\u4ee5\u4e0b\u503c\u586bnull) s3_endpoint_host_ip: #s3\u7684ip s3_endpoint_host_name: #s3\u7684\u57df\u540d s3_endpoint_url: #s3\u7684url \u00b7\u4e00\u822c\u4e3ahttp\uff1a//s3\u57df\u540d s3_access_key: #s3\u7684ak s3_secret_key: #s3\u7684sk ####################### # Ironic options ####################### enable_ironic: \"no\" #\u662f\u5426\u5f00\u673a\u88f8\u91d1\u5c5e\u90e8\u7f72\uff0c\u9ed8\u8ba4\u4e0d\u5f00\u542f ironic_neutron_provisioning_network_uuid: ironic_neutron_cleaning_network_uuid: \"{{ ironic_neutron_provisioning_network_uuid }}\" ironic_dnsmasq_interface: ironic_dnsmasq_dhcp_range: ironic_tftp_server_address: \"{{ hostvars[inventory_hostname]['ansible_' + ironic_dnsmasq_interface]['ipv4']['address'] }}\" # \u4ea4\u6362\u673a\u8bbe\u5907\u76f8\u5173\u4fe1\u606f neutron_ml2_conf_genericswitch: genericswitch:xxxxxxx: device_type: ngs_mac_address: ip: username: password: ngs_port_default_vlan: # Package state setting haproxy_package_state: \"present\" mariadb_package_state: \"present\" rabbitmq_package_state: \"present\" memcached_package_state: \"present\" ceph_client_package_state: \"present\" keystone_package_state: \"present\" glance_package_state: \"present\" cinder_package_state: \"present\" nova_package_state: \"present\" neutron_package_state: \"present\" miner_package_state: \"present\"","title":"7.3 \u914d\u7f6e\u5168\u5c40\u53d8\u91cf"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#74-ssh","text":"dnf install ansible -y ansible all -i /usr/local/share/opensd/ansible/inventory/multinode -m ping # \u6267\u884c\u7ed3\u679c\u663e\u793a\u6bcf\u53f0\u4e3b\u673a\u90fd\u662f\"SUCCESS\"\u5373\u8bf4\u660e\u8fde\u63a5\u72b6\u6001\u6ca1\u95ee\u9898,\u793a\u4f8b\uff1a compute1 | SUCCESS => { \"ansible_facts\": { \"discovered_interpreter_python\": \"/usr/bin/python\" }, \"changed\": false, \"ping\": \"pong\" }","title":"7.4 \u68c0\u67e5\u6240\u6709\u8282\u70b9ssh\u8fde\u63a5\u72b6\u6001"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#8","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"8. \u6267\u884c\u90e8\u7f72"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#81-bootstrap","text":"# \u6267\u884c\u90e8\u7f72 opensd -i /usr/local/share/opensd/ansible/inventory/multinode bootstrap --forks 50","title":"8.1 \u6267\u884cbootstrap"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#82","text":"\u6ce8\uff1a\u6267\u884c\u91cd\u542f\u7684\u539f\u56e0\u662f:bootstrap\u53ef\u80fd\u4f1a\u5347\u5185\u6838,\u66f4\u6539selinux\u914d\u7f6e\u6216\u8005\u6709GPU\u670d\u52a1\u5668,\u5982\u679c\u88c5\u673a\u8fc7\u7a0b\u5df2\u7ecf\u662f\u65b0\u7248\u5185\u6838,selinux disable\u6216\u8005\u6ca1\u6709GPU\u670d\u52a1\u5668,\u5219\u4e0d\u9700\u8981\u6267\u884c\u8be5\u6b65\u9aa4 # \u624b\u52a8\u91cd\u542f\u5bf9\u5e94\u8282\u70b9,\u6267\u884c\u547d\u4ee4 init6 # \u91cd\u542f\u5b8c\u6210\u540e\uff0c\u518d\u6b21\u68c0\u67e5\u8fde\u901a\u6027 ansible all -i /usr/local/share/opensd/ansible/inventory/multinode -m ping # \u91cd\u542f\u5b8c\u540e\u64cd\u4f5c\u7cfb\u7edf\u540e\uff0c\u518d\u6b21\u542f\u52a8yum\u6e90","title":"8.2 \u91cd\u542f\u670d\u52a1\u5668"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#83","text":"opensd -i /usr/local/share/opensd/ansible/inventory/multinode prechecks --forks 50","title":"8.3 \u6267\u884c\u90e8\u7f72\u524d\u68c0\u67e5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#84","text":"ln -s /usr/bin/python3 /usr/bin/python \u5168\u91cf\u90e8\u7f72\uff1a opensd -i /usr/local/share/opensd/ansible/inventory/multinode deploy --forks 50 \u5355\u670d\u52a1\u90e8\u7f72\uff1a opensd -i /usr/local/share/opensd/ansible/inventory/multinode deploy --forks 50 -t service_name","title":"8.4 \u6267\u884c\u90e8\u7f72"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/","text":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 OpenStack \u7b80\u4ecb \u00b6 OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 22.03-LTS-SP1\u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Wallaby \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002 \u7ea6\u5b9a \u00b6 OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron \u51c6\u5907\u73af\u5883 \u00b6 \u73af\u5883\u914d\u7f6e \u00b6 \u914d\u7f6e 22.03 LTS \u5b98\u65b9yum\u6e90\uff0c\u9700\u8981\u542f\u7528EPOL\u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301OpenStack yum update yum install openstack-release-wallaby yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP1/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.03-LTS-SP1/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute \u5b89\u88c5 SQL DataBase \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef \u5b89\u88c5 RabbitMQ \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5 Memcached \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u5b89\u88c5 OpenStack \u00b6 Keystone \u5b89\u88c5 \u00b6 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Placement\u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a . admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name Nova \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) logdir = /var/log/nova/ (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [libvirt] virt_type = qemu (CPT) cpu_mode = custom (CPT) cpu_model = cortex-a72 (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] vim /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } (CPT) \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL) Neutron \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ systemctl enable neutron-l3-agent.service systemctl restart openstack-nova-api.service neutron-server.service (CTL) neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list Cinder \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list horizon \u5b89\u88c5 \u00b6 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740 Tempest \u5b89\u88c5 \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Wallaby\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin Ironic \u5b89\u88c5 \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://172.20.19.13:5050/v1 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop transport_url = rabbit://openstack:RABBITPASSWD@controller:5672/ enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:123456@172.20.19.25:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 3\u3001\u914d\u7f6e\u6d88\u606f\u5ea6\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 4\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://control:5000 www_authenticate_uri = http://control:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = control:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True 5\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 6\u3001\u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c 7\u3001\u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\uff1a ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade 8\u3001\u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd deploy ramdisk\u955c\u50cf\u5236\u4f5c W\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528W\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\uff0c\u5982\u4e0b\uff1a \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a w\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 1. \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a ``` [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ``` 2) ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 ``` [DEFAULT] enable_auto_tls = False ``` \u8bbe\u7f6e\u6743\u9650\uff1a ``` chown -R ipa.ipa /etc/ironic_python_agent/ ``` 3. \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service ``` [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target ``` Kolla \u5b89\u88c5 \u00b6 Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 22.03 LTS\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002 Trove \u5b89\u88c5 \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 1.\u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; 2.\u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s 3.\u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 yum install openstack-trove python-troveclient 2\u3001\u914d\u7f6e trove.conf vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] project_domain_name = Default project_name = service user_domain_name = Default password = trove username = trove auth_url = http://controller:5000/v3/ auth_type = password [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = trove project_domain_name = Default user_domain_name = Default username = trove [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a - `[Default]`\u5206\u7ec4\u4e2d`bind_host`\u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP - `nova_compute_url` \u548c `cinder_url` \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint - `nova_proxy_XXX` \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528`admin`\u7528\u6237\u4e3a\u4f8b - `transport_url` \u4e3a`RabbitMQ`\u8fde\u63a5\u4fe1\u606f\uff0c`RABBIT_PASS`\u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - `[database]`\u5206\u7ec4\u4e2d\u7684`connection` \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d`TROVE_PASS`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 3\u3001\u914d\u7f6e trove-guestagent.conf vim /etc/trove/trove-guestagent.conf [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 - transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 4\u3001\u751f\u6210\u6570\u636e Trove \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"trove-manage db_sync\" trove 4.\u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Swift \u5b89\u88c5 \u00b6 Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 \u6ce8\u610f \u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801 \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service Cyborg \u5b89\u88c5 \u00b6 Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 \u5b89\u88c5Cyborg yum install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent Aodh \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u6ce8\u610f aodh\u4f9d\u8d56\u7684\u8f6f\u4ef6\u5305pytho3-pyparsing\u5728openEuler\u7684OS\u4ed3\u4e0d\u9002\u914d\uff0c\u9700\u8981\u8986\u76d6\u5b89\u88c5OpenStack\u5bf9\u5e94\u7248\u672c\uff0c\u53ef\u4ee5\u4f7f\u7528 yum list |grep pyparsing |grep OpenStack | awk '{print $2}' \u83b7\u53d6\u5bf9\u5e94\u7684\u7248\u672c VERSION,\u7136\u540e\u518d yum install -y python3-pyparsing-VERSION \u8986\u76d6\u5b89\u88c5\u9002\u914d\u7684pyparsing \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync \u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service Gnocchi \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade \u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service Ceilometer \u5b89\u88c5 \u00b6 \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade \u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Heat \u5b89\u88c5 \u00b6 \u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 \u00b6 oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 pip install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.03-LTS-SP1\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.03-lts-sp1 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r wallaby \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.03-lts-sp1 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"openEuler-22.03-LTS-SP1_Wallaby"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#openstack-wallaby","text":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72","title":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#openstack","text":"OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 22.03-LTS-SP1\u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Wallaby \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002","title":"OpenStack \u7b80\u4ecb"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#_1","text":"OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron","title":"\u7ea6\u5b9a"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#_2","text":"","title":"\u51c6\u5907\u73af\u5883"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#_3","text":"\u914d\u7f6e 22.03 LTS \u5b98\u65b9yum\u6e90\uff0c\u9700\u8981\u542f\u7528EPOL\u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301OpenStack yum update yum install openstack-release-wallaby yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP1/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.03-LTS-SP1/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute","title":"\u73af\u5883\u914d\u7f6e"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#sql-database","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef","title":"\u5b89\u88c5 SQL DataBase"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#rabbitmq","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5 RabbitMQ"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#memcached","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002","title":"\u5b89\u88c5 Memcached"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#openstack_1","text":"","title":"\u5b89\u88c5 OpenStack"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#keystone","text":"\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#glance","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#placement","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a . admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name","title":"Placement\u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#nova","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) logdir = /var/log/nova/ (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [libvirt] virt_type = qemu (CPT) cpu_mode = custom (CPT) cpu_model = cortex-a72 (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] vim /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } (CPT) \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL)","title":"Nova \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#neutron","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ systemctl enable neutron-l3-agent.service systemctl restart openstack-nova-api.service neutron-server.service (CTL) neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list","title":"Neutron \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#cinder","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list","title":"Cinder \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#horizon","text":"\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740","title":"horizon \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Wallaby\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin","title":"Tempest \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://172.20.19.13:5050/v1 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop transport_url = rabbit://openstack:RABBITPASSWD@controller:5672/ enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:123456@172.20.19.25:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 3\u3001\u914d\u7f6e\u6d88\u606f\u5ea6\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 4\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://control:5000 www_authenticate_uri = http://control:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = control:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True 5\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 6\u3001\u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c 7\u3001\u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\uff1a ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade 8\u3001\u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd deploy ramdisk\u955c\u50cf\u5236\u4f5c W\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528W\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\uff0c\u5982\u4e0b\uff1a \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a w\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 1. \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a ``` [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ``` 2) ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 ``` [DEFAULT] enable_auto_tls = False ``` \u8bbe\u7f6e\u6743\u9650\uff1a ``` chown -R ipa.ipa /etc/ironic_python_agent/ ``` 3. \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service ``` [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target ```","title":"Ironic \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#kolla","text":"Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 22.03 LTS\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002","title":"Kolla \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 1.\u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; 2.\u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s 3.\u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 yum install openstack-trove python-troveclient 2\u3001\u914d\u7f6e trove.conf vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] project_domain_name = Default project_name = service user_domain_name = Default password = trove username = trove auth_url = http://controller:5000/v3/ auth_type = password [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = trove project_domain_name = Default user_domain_name = Default username = trove [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a - `[Default]`\u5206\u7ec4\u4e2d`bind_host`\u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP - `nova_compute_url` \u548c `cinder_url` \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint - `nova_proxy_XXX` \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528`admin`\u7528\u6237\u4e3a\u4f8b - `transport_url` \u4e3a`RabbitMQ`\u8fde\u63a5\u4fe1\u606f\uff0c`RABBIT_PASS`\u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - `[database]`\u5206\u7ec4\u4e2d\u7684`connection` \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d`TROVE_PASS`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 3\u3001\u914d\u7f6e trove-guestagent.conf vim /etc/trove/trove-guestagent.conf [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 - transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 4\u3001\u751f\u6210\u6570\u636e Trove \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"trove-manage db_sync\" trove 4.\u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#swift","text":"Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 \u6ce8\u610f \u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801 \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service","title":"Swift \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#cyborg","text":"Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 \u5b89\u88c5Cyborg yum install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent","title":"Cyborg \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#aodh","text":"\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u6ce8\u610f aodh\u4f9d\u8d56\u7684\u8f6f\u4ef6\u5305pytho3-pyparsing\u5728openEuler\u7684OS\u4ed3\u4e0d\u9002\u914d\uff0c\u9700\u8981\u8986\u76d6\u5b89\u88c5OpenStack\u5bf9\u5e94\u7248\u672c\uff0c\u53ef\u4ee5\u4f7f\u7528 yum list |grep pyparsing |grep OpenStack | awk '{print $2}' \u83b7\u53d6\u5bf9\u5e94\u7684\u7248\u672c VERSION,\u7136\u540e\u518d yum install -y python3-pyparsing-VERSION \u8986\u76d6\u5b89\u88c5\u9002\u914d\u7684pyparsing \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync \u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service","title":"Aodh \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#gnocchi","text":"\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade \u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service","title":"Gnocchi \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#ceilometer","text":"\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade \u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service","title":"Ceilometer \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#heat","text":"\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service","title":"Heat \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#openstack-sigoos","text":"oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 pip install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.03-LTS-SP1\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.03-lts-sp1 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r wallaby \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.03-lts-sp1 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"\u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/","text":"OpenStack-Train \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack-Train \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 \u57fa\u4e8eOpenStack SIG\u90e8\u7f72\u5de5\u5177opensd\u90e8\u7f72 \u90e8\u7f72\u6b65\u9aa4 1. \u90e8\u7f72\u524d\u9700\u8981\u786e\u8ba4\u7684\u4fe1\u606f 2. ceph pool\u4e0e\u8ba4\u8bc1\u521b\u5efa\uff08\u53ef\u9009\uff09 2.1 \u521b\u5efapool: 2.2 \u521d\u59cb\u5316pool 2.3 \u521b\u5efa\u7528\u6237\u8ba4\u8bc1 3. \u914d\u7f6elvm\uff08\u53ef\u9009\uff09 4. \u914d\u7f6eyum repo 4.1 \u5907\u4efdyum\u6e90 4.2 \u914d\u7f6eyum repo 4.3 \u66f4\u65b0yum\u7f13\u5b58 5. \u5b89\u88c5opensd 5.1 \u514b\u9686opensd\u6e90\u7801\u5e76\u5b89\u88c5 6. \u505assh\u4e92\u4fe1 6.1 \u751f\u6210\u5bc6\u94a5\u5bf9 6.2 \u751f\u6210\u4e3b\u673aIP\u5730\u5740\u6587\u4ef6 6.3 \u66f4\u6539\u5bc6\u7801\u5e76\u6267\u884c\u811a\u672c 6.4 \u90e8\u7f72\u8282\u70b9\u4e0eceph monitor\u505a\u4e92\u4fe1\uff08\u53ef\u9009\uff09 7. \u914d\u7f6eopensd 7.1 \u751f\u6210\u968f\u673a\u5bc6\u7801 7.2 \u914d\u7f6einventory\u6587\u4ef6 7.3 \u914d\u7f6e\u5168\u5c40\u53d8\u91cf 7.4 \u68c0\u67e5\u6240\u6709\u8282\u70b9ssh\u8fde\u63a5\u72b6\u6001 8. \u6267\u884c\u90e8\u7f72 8.1 \u6267\u884cbootstrap 8.2 \u91cd\u542f\u670d\u52a1\u5668 8.3 \u6267\u884c\u90e8\u7f72\u524d\u68c0\u67e5 8.4 \u6267\u884c\u90e8\u7f72 OpenStack \u7b80\u4ecb \u00b6 OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 22.03-LTS-SP2\u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Train \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002 \u7ea6\u5b9a \u00b6 OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron \u51c6\u5907\u73af\u5883 \u00b6 \u73af\u5883\u914d\u7f6e \u00b6 \u542f\u52a8OpenStack Train yum\u6e90 yum update yum install openstack-release-train yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP2/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.03-LTS-SP2/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute \u5b89\u88c5 SQL DataBase \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef \u5b89\u88c5 RabbitMQ \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5 Memcached \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u5b89\u88c5 OpenStack \u00b6 Keystone \u5b89\u88c5 \u00b6 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient==4.0.2 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Placement\u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a . admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name Nova \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u5219 virt_type \u53ef\u4ee5\u914d\u7f6e\u4e3a kvm \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF chown nova:nova /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u5e76\u4e14\u5f53ARM\u67b6\u6784\u4e0b\u7684\u90e8\u7f72\u73af\u5883\u4e3a\u5d4c\u5957\u865a\u62df\u5316\u65f6\uff0c libvirt \u914d\u7f6e\u5982\u4e0b\uff1a [libvirt] virt_type = qemu cpu_mode = custom cpu_model = cortex-a72 \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CTL) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL) Neutron \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl restart neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list Cinder \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list horizon \u5b89\u88c5 \u00b6 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740 Tempest \u5b89\u88c5 \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Train\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin Ironic \u5b89\u88c5 \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; 2. \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u542f\u52a8\u670d\u52a1 systemctl enable openstack-ironic-api openstack-ironic-conductor systemctl start openstack-ironic-api openstack-ironic-conductor \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y 2. \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7. deploy ramdisk\u955c\u50cf\u5236\u4f5c T\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528T\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728T\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a T\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target \u5728Train\u4e2d\uff0c\u6211\u4eec\u8fd8\u63d0\u4f9b\u4e86ironic-inspector\u7b49\u670d\u52a1\uff0c\u7528\u6237\u53ef\u6839\u636e\u81ea\u8eab\u9700\u6c42\u5b89\u88c5\u3002 Kolla \u5b89\u88c5 \u00b6 Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u8fdb\u884c\u76f8\u5173\u7684\u955c\u50cf\u5236\u4f5c\u548c\u5bb9\u5668\u73af\u5883\u90e8\u7f72\u4e86\u3002 Trove \u5b89\u88c5 \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --domain default --password-prompt trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 ``shell script yum install openstack-trove python3-troveclient 2. \u914d\u7f6e`trove.conf` ```shell script vim /etc/trove/trove.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller:5000/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 swift_url = http://controller:8080/v1/AUTH_ rpc_backend = rabbit transport_url = rabbit://openstack:RABBIT_PASS@controller:5672 auth_strategy = keystone add_addresses = True api_paste_config = /etc/trove/api-paste.ini nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASSWORD nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver = trove.network.neutron.NeutronDriver network_label_regex = .* [database] connection = mysql+pymysql://trove:TROVE_DBPASSWORD@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ auth_type = password project_domain_name = default user_domain_name = default project_name = service username = trove password = TROVE_PASSWORD **\u89e3\u91ca\uff1a** - [Default] \u5206\u7ec4\u4e2d nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint - nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b - transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 \u914d\u7f6e trove-guestagent.conf ```shell script vim /etc/trove/trove-guestagent.conf rabbit_host = controller rabbit_password = RABBIT_PASS trove_auth_url = http://controller:5000/ **\u89e3\u91ca\uff1a** `guestagent`\u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 **\u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002** - `RABBIT_PASS`\u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 4. \u751f\u6210\u6570\u636e`Trove`\u6570\u636e\u5e93\u8868 ```shell script su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 ```shell script systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2. \u542f\u52a8\u670d\u52a1 ```shell script systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Swift \u5b89\u88c5 \u00b6 Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service Cyborg \u5b89\u88c5 \u00b6 Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 \u5b89\u88c5Cyborg yum install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent Aodh \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync \u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service Gnocchi \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade \u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service Ceilometer \u5b89\u88c5 \u00b6 \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade \u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Heat \u5b89\u88c5 \u00b6 \u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 \u00b6 oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 pip install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.03-LTS-SP2\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.03-lts-sp2 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r train \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.03-lts-sp2 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002 \u57fa\u4e8eOpenStack SIG\u90e8\u7f72\u5de5\u5177opensd\u90e8\u7f72 \u00b6 opensd\u7528\u4e8e\u6279\u91cf\u5730\u811a\u672c\u5316\u90e8\u7f72openstack\u5404\u7ec4\u4ef6\u670d\u52a1\u3002 \u90e8\u7f72\u6b65\u9aa4 \u00b6 1. \u90e8\u7f72\u524d\u9700\u8981\u786e\u8ba4\u7684\u4fe1\u606f \u00b6 \u88c5\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u9700\u5c06selinux\u8bbe\u7f6e\u4e3adisable \u88c5\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u5c06/etc/ssh/sshd_config\u914d\u7f6e\u6587\u4ef6\u5185\u7684UseDNS\u8bbe\u7f6e\u4e3ano \u64cd\u4f5c\u7cfb\u7edf\u8bed\u8a00\u5fc5\u987b\u8bbe\u7f6e\u4e3a\u82f1\u6587 \u90e8\u7f72\u4e4b\u524d\u8bf7\u786e\u4fdd\u6240\u6709\u8ba1\u7b97\u8282\u70b9/etc/hosts\u6587\u4ef6\u5185\u6ca1\u6709\u5bf9\u8ba1\u7b97\u4e3b\u673a\u7684\u89e3\u6790 2. ceph pool\u4e0e\u8ba4\u8bc1\u521b\u5efa\uff08\u53ef\u9009\uff09 \u00b6 \u4e0d\u4f7f\u7528ceph\u6216\u5df2\u6709ceph\u96c6\u7fa4\u53ef\u5ffd\u7565\u6b64\u6b65\u9aa4 \u5728\u4efb\u610f\u4e00\u53f0ceph monitor\u8282\u70b9\u6267\u884c: 2.1 \u521b\u5efapool: \u00b6 ceph osd pool create volumes 2048 ceph osd pool create images 2048 2.2 \u521d\u59cb\u5316pool \u00b6 rbd pool init volumes rbd pool init images 2.3 \u521b\u5efa\u7528\u6237\u8ba4\u8bc1 \u00b6 ceph auth get-or-create client.glance mon 'profile rbd' osd 'profile rbd pool=images' mgr 'profile rbd pool=images' ceph auth get-or-create client.cinder mon 'profile rbd' osd 'profile rbd pool=volumes, profile rbd pool=images' mgr 'profile rbd pool=volumes' 3. \u914d\u7f6elvm\uff08\u53ef\u9009\uff09 \u00b6 \u6839\u636e\u7269\u7406\u673a\u78c1\u76d8\u914d\u7f6e\u4e0e\u95f2\u7f6e\u60c5\u51b5\uff0c\u4e3amysql\u6570\u636e\u76ee\u5f55\u6302\u8f7d\u989d\u5916\u7684\u78c1\u76d8\u7a7a\u95f4\u3002\u793a\u4f8b\u5982\u4e0b\uff08\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u505a\u914d\u7f6e\uff09\uff1a fdisk -l Disk /dev/sdd: 479.6 GB, 479559942144 bytes, 936640512 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes Disk label type: dos Disk identifier: 0x000ed242 \u521b\u5efa\u5206\u533a parted /dev/sdd mkparted 0 -1 \u521b\u5efapv partprobe /dev/sdd1 pvcreate /dev/sdd1 \u521b\u5efa\u3001\u6fc0\u6d3bvg vgcreate vg_mariadb /dev/sdd1 vgchange -ay vg_mariadb \u67e5\u770bvg\u5bb9\u91cf vgdisplay --- Volume group --- VG Name vg_mariadb System ID Format lvm2 Metadata Areas 1 Metadata Sequence No 2 VG Access read/write VG Status resizable MAX LV 0 Cur LV 1 Open LV 1 Max PV 0 Cur PV 1 Act PV 1 VG Size 446.62 GiB PE Size 4.00 MiB Total PE 114335 Alloc PE / Size 114176 / 446.00 GiB Free PE / Size 159 / 636.00 MiB VG UUID bVUmDc-VkMu-Vi43-mg27-TEkG-oQfK-TvqdEc \u521b\u5efalv lvcreate -L 446G -n lv_mariadb vg_mariadb \u683c\u5f0f\u5316\u78c1\u76d8\u5e76\u83b7\u53d6\u5377\u7684UUID mkfs.ext4 /dev/mapper/vg_mariadb-lv_mariadb blkid /dev/mapper/vg_mariadb-lv_mariadb /dev/mapper/vg_mariadb-lv_mariadb: UUID=\"98d513eb-5f64-4aa5-810e-dc7143884fa2\" TYPE=\"ext4\" \u6ce8\uff1a98d513eb-5f64-4aa5-810e-dc7143884fa2\u4e3a\u5377\u7684UUID \u6302\u8f7d\u78c1\u76d8 mount /dev/mapper/vg_mariadb-lv_mariadb /var/lib/mysql rm -rf /var/lib/mysql/* 4. \u914d\u7f6eyum repo \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 4.1 \u5907\u4efdyum\u6e90 \u00b6 mkdir /etc/yum.repos.d/bak/ mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak/ 4.2 \u914d\u7f6eyum repo \u00b6 cat > /etc/yum.repos.d/opensd.repo << EOF [train] name=train baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP2:/Epol:/Multi-Version:/OpenStack:/Train/standard_$basearch/ enabled=1 gpgcheck=0 [epol] name=epol baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP2:/Epol/standard_$basearch/ enabled=1 gpgcheck=0 [everything] name=everything baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP2/standard_$basearch/ enabled=1 gpgcheck=0 EOF 4.3 \u66f4\u65b0yum\u7f13\u5b58 \u00b6 yum clean all yum makecache 5. \u5b89\u88c5opensd \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 5.1 \u514b\u9686opensd\u6e90\u7801\u5e76\u5b89\u88c5 \u00b6 git clone https://gitee.com/openeuler/opensd cd opensd python3 setup.py install 6. \u505assh\u4e92\u4fe1 \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 6.1 \u751f\u6210\u5bc6\u94a5\u5bf9 \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\u5e76\u4e00\u8def\u56de\u8f66 ssh-keygen 6.2 \u751f\u6210\u4e3b\u673aIP\u5730\u5740\u6587\u4ef6 \u00b6 \u5728auto_ssh_host_ip\u4e2d\u914d\u7f6e\u6240\u6709\u7528\u5230\u7684\u4e3b\u673aip, \u793a\u4f8b\uff1a cd /usr/local/share/opensd/tools/ vim auto_ssh_host_ip 10.0.0.1 10.0.0.2 ... 10.0.0.10 6.3 \u66f4\u6539\u5bc6\u7801\u5e76\u6267\u884c\u811a\u672c \u00b6 \u5c06\u514d\u5bc6\u811a\u672c /usr/local/bin/opensd-auto-ssh \u5185123123\u66ff\u6362\u4e3a\u4e3b\u673a\u771f\u5b9e\u5bc6\u7801 # \u66ff\u6362\u811a\u672c\u5185123123\u5b57\u7b26\u4e32 vim /usr/local/bin/opensd-auto-ssh ## \u5b89\u88c5expect\u540e\u6267\u884c\u811a\u672c dnf install expect -y opensd-auto-ssh 6.4 \u90e8\u7f72\u8282\u70b9\u4e0eceph monitor\u505a\u4e92\u4fe1\uff08\u53ef\u9009\uff09 \u00b6 ssh-copy-id root@x.x.x.x 7. \u914d\u7f6eopensd \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 7.1 \u751f\u6210\u968f\u673a\u5bc6\u7801 \u00b6 \u5b89\u88c5 python3-pbr, python3-utils, python3-pyyaml, python3-oslo-utils\u5e76\u968f\u673a\u751f\u6210\u5bc6\u7801 dnf install python3-pbr python3-utils python3-pyyaml python3-oslo-utils -y # \u6267\u884c\u547d\u4ee4\u751f\u6210\u5bc6\u7801 opensd-genpwd # \u68c0\u67e5\u5bc6\u7801\u662f\u5426\u751f\u6210 cat /usr/local/share/opensd/etc_examples/opensd/passwords.yml 7.2 \u914d\u7f6einventory\u6587\u4ef6 \u00b6 \u4e3b\u673a\u4fe1\u606f\u5305\u542b\uff1a\u4e3b\u673a\u540d\u3001ansible_host IP\u3001availability_zone\uff0c\u4e09\u8005\u5747\u9700\u914d\u7f6e\u7f3a\u4e00\u4e0d\u53ef\uff0c\u793a\u4f8b\uff1a vim /usr/local/share/opensd/ansible/inventory/multinode # \u4e09\u53f0\u63a7\u5236\u8282\u70b9\u4e3b\u673a\u4fe1\u606f [control] controller1 ansible_host=10.0.0.35 availability_zone=az01.cell01.cn-yogadev-1 controller2 ansible_host=10.0.0.36 availability_zone=az01.cell01.cn-yogadev-1 controller3 ansible_host=10.0.0.37 availability_zone=az01.cell01.cn-yogadev-1 # \u7f51\u7edc\u8282\u70b9\u4fe1\u606f\uff0c\u4e0e\u63a7\u5236\u8282\u70b9\u4fdd\u6301\u4e00\u81f4 [network] controller1 ansible_host=10.0.0.35 availability_zone=az01.cell01.cn-yogadev-1 controller2 ansible_host=10.0.0.36 availability_zone=az01.cell01.cn-yogadev-1 controller3 ansible_host=10.0.0.37 availability_zone=az01.cell01.cn-yogadev-1 # cinder-volume\u670d\u52a1\u8282\u70b9\u4fe1\u606f [storage] storage1 ansible_host=10.0.0.61 availability_zone=az01.cell01.cn-yogadev-1 storage2 ansible_host=10.0.0.78 availability_zone=az01.cell01.cn-yogadev-1 storage3 ansible_host=10.0.0.82 availability_zone=az01.cell01.cn-yogadev-1 # Cell1 \u96c6\u7fa4\u4fe1\u606f [cell-control-cell1] cell1 ansible_host=10.0.0.24 availability_zone=az01.cell01.cn-yogadev-1 cell2 ansible_host=10.0.0.25 availability_zone=az01.cell01.cn-yogadev-1 cell3 ansible_host=10.0.0.26 availability_zone=az01.cell01.cn-yogadev-1 [compute-cell1] compute1 ansible_host=10.0.0.27 availability_zone=az01.cell01.cn-yogadev-1 compute2 ansible_host=10.0.0.28 availability_zone=az01.cell01.cn-yogadev-1 compute3 ansible_host=10.0.0.29 availability_zone=az01.cell01.cn-yogadev-1 [cell1:children] cell-control-cell1 compute-cell1 # Cell2\u96c6\u7fa4\u4fe1\u606f [cell-control-cell2] cell4 ansible_host=10.0.0.36 availability_zone=az03.cell02.cn-yogadev-1 cell5 ansible_host=10.0.0.37 availability_zone=az03.cell02.cn-yogadev-1 cell6 ansible_host=10.0.0.38 availability_zone=az03.cell02.cn-yogadev-1 [compute-cell2] compute4 ansible_host=10.0.0.39 availability_zone=az03.cell02.cn-yogadev-1 compute5 ansible_host=10.0.0.40 availability_zone=az03.cell02.cn-yogadev-1 compute6 ansible_host=10.0.0.41 availability_zone=az03.cell02.cn-yogadev-1 [cell2:children] cell-control-cell2 compute-cell2 [baremetal] [compute-cell1-ironic] # \u586b\u5199\u6240\u6709cell\u96c6\u7fa4\u7684control\u4e3b\u673a\u7ec4 [nova-conductor:children] cell-control-cell1 cell-control-cell2 # \u586b\u5199\u6240\u6709cell\u96c6\u7fa4\u7684compute\u4e3b\u673a\u7ec4 [nova-compute:children] compute-added compute-cell1 compute-cell2 # \u4e0b\u9762\u7684\u4e3b\u673a\u7ec4\u4fe1\u606f\u4e0d\u9700\u53d8\u52a8\uff0c\u4fdd\u7559\u5373\u53ef [compute-added] [chrony-server:children] control [pacemaker:children] control ...... ...... 7.3 \u914d\u7f6e\u5168\u5c40\u53d8\u91cf \u00b6 \u6ce8: \u6587\u6863\u4e2d\u63d0\u5230\u7684\u6709\u6ce8\u91ca\u914d\u7f6e\u9879\u9700\u8981\u66f4\u6539\uff0c\u5176\u4ed6\u53c2\u6570\u4e0d\u9700\u8981\u66f4\u6539\uff0c\u82e5\u65e0\u76f8\u5173\u914d\u7f6e\u5219\u4e3a\u7a7a vim /usr/local/share/opensd/etc_examples/opensd/globals.yml ######################## # Network & Base options ######################## network_interface: \"eth0\" #\u7ba1\u7406\u7f51\u7edc\u7684\u7f51\u5361\u540d\u79f0 neutron_external_interface: \"eth1\" #\u4e1a\u52a1\u7f51\u7edc\u7684\u7f51\u5361\u540d\u79f0 cidr_netmask: 24 #\u7ba1\u7406\u7f51\u7684\u63a9\u7801 opensd_vip_address: 10.0.0.33 #\u63a7\u5236\u8282\u70b9\u865a\u62dfIP\u5730\u5740 cell1_vip_address: 10.0.0.34 #cell1\u96c6\u7fa4\u7684\u865a\u62dfIP\u5730\u5740 cell2_vip_address: 10.0.0.35 #cell2\u96c6\u7fa4\u7684\u865a\u62dfIP\u5730\u5740 external_fqdn: \"\" #\u7528\u4e8evnc\u8bbf\u95ee\u865a\u62df\u673a\u7684\u5916\u7f51\u57df\u540d\u5730\u5740 external_ntp_servers: [] #\u5916\u90e8ntp\u670d\u52a1\u5668\u5730\u5740 yumrepo_host: #yum\u6e90\u7684IP\u5730\u5740 yumrepo_port: #yum\u6e90\u7aef\u53e3\u53f7 environment: #yum\u6e90\u7684\u7c7b\u578b upgrade_all_packages: \"yes\" #\u662f\u5426\u5347\u7ea7\u6240\u6709\u5b89\u88c5\u7248\u7684\u7248\u672c(\u6267\u884cyum upgrade)\uff0c\u521d\u59cb\u90e8\u7f72\u8d44\u6e90\u8bf7\u8bbe\u7f6e\u4e3a\"yes\" enable_miner: \"no\" #\u662f\u5426\u5f00\u542f\u90e8\u7f72miner\u670d\u52a1 enable_chrony: \"no\" #\u662f\u5426\u5f00\u542f\u90e8\u7f72chrony\u670d\u52a1 enable_pri_mariadb: \"no\" #\u662f\u5426\u4e3a\u79c1\u6709\u4e91\u90e8\u7f72mariadb enable_hosts_file_modify: \"no\" # \u6269\u5bb9\u8ba1\u7b97\u8282\u70b9\u548c\u90e8\u7f72ironic\u670d\u52a1\u7684\u65f6\u5019\uff0c\u662f\u5426\u5c06\u8282\u70b9\u4fe1\u606f\u6dfb\u52a0\u5230`/etc/hosts` ######################## # Available zone options ######################## az_cephmon_compose: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az01\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az01\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az02\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az02\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az03\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az03\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: # `reserve_vcpu_based_on_numa`\u914d\u7f6e\u4e3a`yes` or `no`,\u4e3e\u4f8b\u8bf4\u660e\uff1a NUMA node0 CPU(s): 0-15,32-47 NUMA node1 CPU(s): 16-31,48-63 \u5f53reserve_vcpu_based_on_numa: \"yes\", \u6839\u636enuma node, \u5e73\u5747\u6bcf\u4e2anode\u9884\u7559vcpu: vcpu_pin_set = 2-15,34-47,18-31,50-63 \u5f53reserve_vcpu_based_on_numa: \"no\", \u4ece\u7b2c\u4e00\u4e2avcpu\u5f00\u59cb\uff0c\u987a\u5e8f\u9884\u7559vcpu: vcpu_pin_set = 8-64 ####################### # Nova options ####################### nova_reserved_host_memory_mb: 2048 #\u8ba1\u7b97\u8282\u70b9\u7ed9\u8ba1\u7b97\u670d\u52a1\u9884\u7559\u7684\u5185\u5b58\u5927\u5c0f enable_cells: \"yes\" #cell\u8282\u70b9\u662f\u5426\u5355\u72ec\u8282\u70b9\u90e8\u7f72 support_gpu: \"False\" #cell\u8282\u70b9\u662f\u5426\u6709GPU\u670d\u52a1\u5668\uff0c\u5982\u679c\u6709\u5219\u4e3aTrue\uff0c\u5426\u5219\u4e3aFalse ####################### # Neutron options ####################### monitor_ip: - 10.0.0.9 #\u914d\u7f6e\u76d1\u63a7\u8282\u70b9 - 10.0.0.10 enable_meter_full_eip: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8EIP\u5168\u91cf\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter_port_forwarding: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8port forwarding\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter_ecs_ipv6: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8ecs_ipv6\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter: True #\u914d\u7f6e\u662f\u5426\u5f00\u542f\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue is_sdn_arch: False #\u914d\u7f6e\u662f\u5426\u662fsdn\u67b6\u6784\uff0c\u9ed8\u8ba4\u4e3aFalse # \u9ed8\u8ba4\u4f7f\u80fd\u7684\u7f51\u7edc\u7c7b\u578b\u662fvlan,vlan\u548cvxlan\u4e24\u79cd\u7c7b\u578b\u53ea\u80fd\u4e8c\u9009\u4e00. enable_vxlan_network_type: False # \u9ed8\u8ba4\u4f7f\u80fd\u7684\u7f51\u7edc\u7c7b\u578b\u662fvlan,\u5982\u679c\u4f7f\u7528vxlan\u7f51\u7edc\uff0c\u914d\u7f6e\u4e3aTrue, \u5982\u679c\u4f7f\u7528vlan\u7f51\u7edc\uff0c\u914d\u7f6e\u4e3aFalse. enable_neutron_fwaas: False # \u73af\u5883\u6709\u4f7f\u7528\u9632\u706b\u5899, \u8bbe\u7f6e\u4e3aTrue, \u4f7f\u80fd\u9632\u62a4\u5899\u529f\u80fd. # Neutron provider neutron_provider_networks: network_types: \"{{ 'vxlan' if enable_vxlan_network_type else 'vlan' }}\" network_vlan_ranges: \"default:xxx:xxx\" #\u90e8\u7f72\u4e4b\u524d\u89c4\u5212\u7684\u4e1a\u52a1\u7f51\u7edcvlan\u8303\u56f4 network_mappings: \"default:br-provider\" network_interface: \"{{ neutron_external_interface }}\" network_vxlan_ranges: \"\" #\u90e8\u7f72\u4e4b\u524d\u89c4\u5212\u7684\u4e1a\u52a1\u7f51\u7edcvxlan\u8303\u56f4 # \u5982\u4e0b\u8fd9\u4e9b\u914d\u7f6e\u662fSND\u63a7\u5236\u5668\u7684\u914d\u7f6e\u53c2\u6570, `enable_sdn_controller`\u8bbe\u7f6e\u4e3aTrue, \u4f7f\u80fdSND\u63a7\u5236\u5668\u529f\u80fd. # \u5176\u4ed6\u53c2\u6570\u8bf7\u6839\u636e\u90e8\u7f72\u4e4b\u524d\u7684\u89c4\u5212\u548cSDN\u90e8\u7f72\u4fe1\u606f\u786e\u5b9a. enable_sdn_controller: False sdn_controller_ip_address: # SDN\u63a7\u5236\u5668ip\u5730\u5740 sdn_controller_username: # SDN\u63a7\u5236\u5668\u7684\u7528\u6237\u540d sdn_controller_password: # SDN\u63a7\u5236\u5668\u7684\u7528\u6237\u5bc6\u7801 ####################### # Dimsagent options ####################### enable_dimsagent: \"no\" # \u5b89\u88c5\u955c\u50cf\u670d\u52a1agent, \u9700\u8981\u6539\u4e3ayes # Address and domain name for s2 s3_address_domain_pair: - host_ip: host_name: ####################### # Trove options ####################### enable_trove: \"no\" #\u5b89\u88c5trove \u9700\u8981\u6539\u4e3ayes #default network trove_default_neutron_networks: #trove \u7684\u7ba1\u7406\u7f51\u7edcid `openstack network list|grep -w trove-mgmt|awk '{print$2}'` #s3 setup(\u5982\u679c\u6ca1\u6709s3,\u4ee5\u4e0b\u503c\u586bnull) s3_endpoint_host_ip: #s3\u7684ip s3_endpoint_host_name: #s3\u7684\u57df\u540d s3_endpoint_url: #s3\u7684url \u00b7\u4e00\u822c\u4e3ahttp\uff1a//s3\u57df\u540d s3_access_key: #s3\u7684ak s3_secret_key: #s3\u7684sk ####################### # Ironic options ####################### enable_ironic: \"no\" #\u662f\u5426\u5f00\u673a\u88f8\u91d1\u5c5e\u90e8\u7f72\uff0c\u9ed8\u8ba4\u4e0d\u5f00\u542f ironic_neutron_provisioning_network_uuid: ironic_neutron_cleaning_network_uuid: \"{{ ironic_neutron_provisioning_network_uuid }}\" ironic_dnsmasq_interface: ironic_dnsmasq_dhcp_range: ironic_tftp_server_address: \"{{ hostvars[inventory_hostname]['ansible_' + ironic_dnsmasq_interface]['ipv4']['address'] }}\" # \u4ea4\u6362\u673a\u8bbe\u5907\u76f8\u5173\u4fe1\u606f neutron_ml2_conf_genericswitch: genericswitch:xxxxxxx: device_type: ngs_mac_address: ip: username: password: ngs_port_default_vlan: # Package state setting haproxy_package_state: \"present\" mariadb_package_state: \"present\" rabbitmq_package_state: \"present\" memcached_package_state: \"present\" ceph_client_package_state: \"present\" keystone_package_state: \"present\" glance_package_state: \"present\" cinder_package_state: \"present\" nova_package_state: \"present\" neutron_package_state: \"present\" miner_package_state: \"present\" 7.4 \u68c0\u67e5\u6240\u6709\u8282\u70b9ssh\u8fde\u63a5\u72b6\u6001 \u00b6 dnf install ansible -y ansible all -i /usr/local/share/opensd/ansible/inventory/multinode -m ping # \u6267\u884c\u7ed3\u679c\u663e\u793a\u6bcf\u53f0\u4e3b\u673a\u90fd\u662f\"SUCCESS\"\u5373\u8bf4\u660e\u8fde\u63a5\u72b6\u6001\u6ca1\u95ee\u9898,\u793a\u4f8b\uff1a compute1 | SUCCESS => { \"ansible_facts\": { \"discovered_interpreter_python\": \"/usr/bin/python\" }, \"changed\": false, \"ping\": \"pong\" } 8. \u6267\u884c\u90e8\u7f72 \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 8.1 \u6267\u884cbootstrap \u00b6 # \u6267\u884c\u90e8\u7f72 opensd -i /usr/local/share/opensd/ansible/inventory/multinode bootstrap --forks 50 8.2 \u91cd\u542f\u670d\u52a1\u5668 \u00b6 \u6ce8\uff1a\u6267\u884c\u91cd\u542f\u7684\u539f\u56e0\u662f:bootstrap\u53ef\u80fd\u4f1a\u5347\u5185\u6838,\u66f4\u6539selinux\u914d\u7f6e\u6216\u8005\u6709GPU\u670d\u52a1\u5668,\u5982\u679c\u88c5\u673a\u8fc7\u7a0b\u5df2\u7ecf\u662f\u65b0\u7248\u5185\u6838,selinux disable\u6216\u8005\u6ca1\u6709GPU\u670d\u52a1\u5668,\u5219\u4e0d\u9700\u8981\u6267\u884c\u8be5\u6b65\u9aa4 # \u624b\u52a8\u91cd\u542f\u5bf9\u5e94\u8282\u70b9,\u6267\u884c\u547d\u4ee4 init6 # \u91cd\u542f\u5b8c\u6210\u540e\uff0c\u518d\u6b21\u68c0\u67e5\u8fde\u901a\u6027 ansible all -i /usr/local/share/opensd/ansible/inventory/multinode -m ping # \u91cd\u542f\u5b8c\u540e\u64cd\u4f5c\u7cfb\u7edf\u540e\uff0c\u518d\u6b21\u542f\u52a8yum\u6e90 8.3 \u6267\u884c\u90e8\u7f72\u524d\u68c0\u67e5 \u00b6 opensd -i /usr/local/share/opensd/ansible/inventory/multinode prechecks --forks 50 8.4 \u6267\u884c\u90e8\u7f72 \u00b6 ln -s /usr/bin/python3 /usr/bin/python \u5168\u91cf\u90e8\u7f72\uff1a opensd -i /usr/local/share/opensd/ansible/inventory/multinode deploy --forks 50 \u5355\u670d\u52a1\u90e8\u7f72\uff1a opensd -i /usr/local/share/opensd/ansible/inventory/multinode deploy --forks 50 -t service_name","title":"openEuler-22.03-LTS-SP2_Train"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#openstack-train","text":"OpenStack-Train \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 \u57fa\u4e8eOpenStack SIG\u90e8\u7f72\u5de5\u5177opensd\u90e8\u7f72 \u90e8\u7f72\u6b65\u9aa4 1. \u90e8\u7f72\u524d\u9700\u8981\u786e\u8ba4\u7684\u4fe1\u606f 2. ceph pool\u4e0e\u8ba4\u8bc1\u521b\u5efa\uff08\u53ef\u9009\uff09 2.1 \u521b\u5efapool: 2.2 \u521d\u59cb\u5316pool 2.3 \u521b\u5efa\u7528\u6237\u8ba4\u8bc1 3. \u914d\u7f6elvm\uff08\u53ef\u9009\uff09 4. \u914d\u7f6eyum repo 4.1 \u5907\u4efdyum\u6e90 4.2 \u914d\u7f6eyum repo 4.3 \u66f4\u65b0yum\u7f13\u5b58 5. \u5b89\u88c5opensd 5.1 \u514b\u9686opensd\u6e90\u7801\u5e76\u5b89\u88c5 6. \u505assh\u4e92\u4fe1 6.1 \u751f\u6210\u5bc6\u94a5\u5bf9 6.2 \u751f\u6210\u4e3b\u673aIP\u5730\u5740\u6587\u4ef6 6.3 \u66f4\u6539\u5bc6\u7801\u5e76\u6267\u884c\u811a\u672c 6.4 \u90e8\u7f72\u8282\u70b9\u4e0eceph monitor\u505a\u4e92\u4fe1\uff08\u53ef\u9009\uff09 7. \u914d\u7f6eopensd 7.1 \u751f\u6210\u968f\u673a\u5bc6\u7801 7.2 \u914d\u7f6einventory\u6587\u4ef6 7.3 \u914d\u7f6e\u5168\u5c40\u53d8\u91cf 7.4 \u68c0\u67e5\u6240\u6709\u8282\u70b9ssh\u8fde\u63a5\u72b6\u6001 8. \u6267\u884c\u90e8\u7f72 8.1 \u6267\u884cbootstrap 8.2 \u91cd\u542f\u670d\u52a1\u5668 8.3 \u6267\u884c\u90e8\u7f72\u524d\u68c0\u67e5 8.4 \u6267\u884c\u90e8\u7f72","title":"OpenStack-Train \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#openstack","text":"OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 22.03-LTS-SP2\u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Train \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002","title":"OpenStack \u7b80\u4ecb"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#_1","text":"OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron","title":"\u7ea6\u5b9a"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#_2","text":"","title":"\u51c6\u5907\u73af\u5883"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#_3","text":"\u542f\u52a8OpenStack Train yum\u6e90 yum update yum install openstack-release-train yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP2/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.03-LTS-SP2/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute","title":"\u73af\u5883\u914d\u7f6e"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#sql-database","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef","title":"\u5b89\u88c5 SQL DataBase"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#rabbitmq","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5 RabbitMQ"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#memcached","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002","title":"\u5b89\u88c5 Memcached"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#openstack_1","text":"","title":"\u5b89\u88c5 OpenStack"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#keystone","text":"\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient==4.0.2 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#glance","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#placement","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a . admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name","title":"Placement\u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#nova","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u5219 virt_type \u53ef\u4ee5\u914d\u7f6e\u4e3a kvm \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF chown nova:nova /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u5e76\u4e14\u5f53ARM\u67b6\u6784\u4e0b\u7684\u90e8\u7f72\u73af\u5883\u4e3a\u5d4c\u5957\u865a\u62df\u5316\u65f6\uff0c libvirt \u914d\u7f6e\u5982\u4e0b\uff1a [libvirt] virt_type = qemu cpu_mode = custom cpu_model = cortex-a72 \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CTL) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL)","title":"Nova \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#neutron","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl restart neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list","title":"Neutron \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#cinder","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list","title":"Cinder \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#horizon","text":"\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740","title":"horizon \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Train\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin","title":"Tempest \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; 2. \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u542f\u52a8\u670d\u52a1 systemctl enable openstack-ironic-api openstack-ironic-conductor systemctl start openstack-ironic-api openstack-ironic-conductor \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y 2. \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7. deploy ramdisk\u955c\u50cf\u5236\u4f5c T\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528T\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728T\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a T\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target \u5728Train\u4e2d\uff0c\u6211\u4eec\u8fd8\u63d0\u4f9b\u4e86ironic-inspector\u7b49\u670d\u52a1\uff0c\u7528\u6237\u53ef\u6839\u636e\u81ea\u8eab\u9700\u6c42\u5b89\u88c5\u3002","title":"Ironic \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#kolla","text":"Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u8fdb\u884c\u76f8\u5173\u7684\u955c\u50cf\u5236\u4f5c\u548c\u5bb9\u5668\u73af\u5883\u90e8\u7f72\u4e86\u3002","title":"Kolla \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --domain default --password-prompt trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 ``shell script yum install openstack-trove python3-troveclient 2. \u914d\u7f6e`trove.conf` ```shell script vim /etc/trove/trove.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller:5000/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 swift_url = http://controller:8080/v1/AUTH_ rpc_backend = rabbit transport_url = rabbit://openstack:RABBIT_PASS@controller:5672 auth_strategy = keystone add_addresses = True api_paste_config = /etc/trove/api-paste.ini nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASSWORD nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver = trove.network.neutron.NeutronDriver network_label_regex = .* [database] connection = mysql+pymysql://trove:TROVE_DBPASSWORD@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ auth_type = password project_domain_name = default user_domain_name = default project_name = service username = trove password = TROVE_PASSWORD **\u89e3\u91ca\uff1a** - [Default] \u5206\u7ec4\u4e2d nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint - nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b - transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 \u914d\u7f6e trove-guestagent.conf ```shell script vim /etc/trove/trove-guestagent.conf rabbit_host = controller rabbit_password = RABBIT_PASS trove_auth_url = http://controller:5000/ **\u89e3\u91ca\uff1a** `guestagent`\u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 **\u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002** - `RABBIT_PASS`\u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 4. \u751f\u6210\u6570\u636e`Trove`\u6570\u636e\u5e93\u8868 ```shell script su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 ```shell script systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2. \u542f\u52a8\u670d\u52a1 ```shell script systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#swift","text":"Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service","title":"Swift \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#cyborg","text":"Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 \u5b89\u88c5Cyborg yum install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent","title":"Cyborg \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#aodh","text":"\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync \u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service","title":"Aodh \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#gnocchi","text":"\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade \u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service","title":"Gnocchi \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#ceilometer","text":"\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade \u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service","title":"Ceilometer \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#heat","text":"\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service","title":"Heat \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#openstack-sigoos","text":"oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 pip install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.03-LTS-SP2\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.03-lts-sp2 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r train \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.03-lts-sp2 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"\u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#openstack-sigopensd","text":"opensd\u7528\u4e8e\u6279\u91cf\u5730\u811a\u672c\u5316\u90e8\u7f72openstack\u5404\u7ec4\u4ef6\u670d\u52a1\u3002","title":"\u57fa\u4e8eOpenStack SIG\u90e8\u7f72\u5de5\u5177opensd\u90e8\u7f72"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#_4","text":"","title":"\u90e8\u7f72\u6b65\u9aa4"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#1","text":"\u88c5\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u9700\u5c06selinux\u8bbe\u7f6e\u4e3adisable \u88c5\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u5c06/etc/ssh/sshd_config\u914d\u7f6e\u6587\u4ef6\u5185\u7684UseDNS\u8bbe\u7f6e\u4e3ano \u64cd\u4f5c\u7cfb\u7edf\u8bed\u8a00\u5fc5\u987b\u8bbe\u7f6e\u4e3a\u82f1\u6587 \u90e8\u7f72\u4e4b\u524d\u8bf7\u786e\u4fdd\u6240\u6709\u8ba1\u7b97\u8282\u70b9/etc/hosts\u6587\u4ef6\u5185\u6ca1\u6709\u5bf9\u8ba1\u7b97\u4e3b\u673a\u7684\u89e3\u6790","title":"1. \u90e8\u7f72\u524d\u9700\u8981\u786e\u8ba4\u7684\u4fe1\u606f"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#2-ceph-pool","text":"\u4e0d\u4f7f\u7528ceph\u6216\u5df2\u6709ceph\u96c6\u7fa4\u53ef\u5ffd\u7565\u6b64\u6b65\u9aa4 \u5728\u4efb\u610f\u4e00\u53f0ceph monitor\u8282\u70b9\u6267\u884c:","title":"2. ceph pool\u4e0e\u8ba4\u8bc1\u521b\u5efa\uff08\u53ef\u9009\uff09"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#21-pool","text":"ceph osd pool create volumes 2048 ceph osd pool create images 2048","title":"2.1 \u521b\u5efapool:"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#22-pool","text":"rbd pool init volumes rbd pool init images","title":"2.2 \u521d\u59cb\u5316pool"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#23","text":"ceph auth get-or-create client.glance mon 'profile rbd' osd 'profile rbd pool=images' mgr 'profile rbd pool=images' ceph auth get-or-create client.cinder mon 'profile rbd' osd 'profile rbd pool=volumes, profile rbd pool=images' mgr 'profile rbd pool=volumes'","title":"2.3 \u521b\u5efa\u7528\u6237\u8ba4\u8bc1"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#3-lvm","text":"\u6839\u636e\u7269\u7406\u673a\u78c1\u76d8\u914d\u7f6e\u4e0e\u95f2\u7f6e\u60c5\u51b5\uff0c\u4e3amysql\u6570\u636e\u76ee\u5f55\u6302\u8f7d\u989d\u5916\u7684\u78c1\u76d8\u7a7a\u95f4\u3002\u793a\u4f8b\u5982\u4e0b\uff08\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u505a\u914d\u7f6e\uff09\uff1a fdisk -l Disk /dev/sdd: 479.6 GB, 479559942144 bytes, 936640512 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes Disk label type: dos Disk identifier: 0x000ed242 \u521b\u5efa\u5206\u533a parted /dev/sdd mkparted 0 -1 \u521b\u5efapv partprobe /dev/sdd1 pvcreate /dev/sdd1 \u521b\u5efa\u3001\u6fc0\u6d3bvg vgcreate vg_mariadb /dev/sdd1 vgchange -ay vg_mariadb \u67e5\u770bvg\u5bb9\u91cf vgdisplay --- Volume group --- VG Name vg_mariadb System ID Format lvm2 Metadata Areas 1 Metadata Sequence No 2 VG Access read/write VG Status resizable MAX LV 0 Cur LV 1 Open LV 1 Max PV 0 Cur PV 1 Act PV 1 VG Size 446.62 GiB PE Size 4.00 MiB Total PE 114335 Alloc PE / Size 114176 / 446.00 GiB Free PE / Size 159 / 636.00 MiB VG UUID bVUmDc-VkMu-Vi43-mg27-TEkG-oQfK-TvqdEc \u521b\u5efalv lvcreate -L 446G -n lv_mariadb vg_mariadb \u683c\u5f0f\u5316\u78c1\u76d8\u5e76\u83b7\u53d6\u5377\u7684UUID mkfs.ext4 /dev/mapper/vg_mariadb-lv_mariadb blkid /dev/mapper/vg_mariadb-lv_mariadb /dev/mapper/vg_mariadb-lv_mariadb: UUID=\"98d513eb-5f64-4aa5-810e-dc7143884fa2\" TYPE=\"ext4\" \u6ce8\uff1a98d513eb-5f64-4aa5-810e-dc7143884fa2\u4e3a\u5377\u7684UUID \u6302\u8f7d\u78c1\u76d8 mount /dev/mapper/vg_mariadb-lv_mariadb /var/lib/mysql rm -rf /var/lib/mysql/*","title":"3. \u914d\u7f6elvm\uff08\u53ef\u9009\uff09"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#4-yum-repo","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"4. \u914d\u7f6eyum repo"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#41-yum","text":"mkdir /etc/yum.repos.d/bak/ mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak/","title":"4.1 \u5907\u4efdyum\u6e90"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#42-yum-repo","text":"cat > /etc/yum.repos.d/opensd.repo << EOF [train] name=train baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP2:/Epol:/Multi-Version:/OpenStack:/Train/standard_$basearch/ enabled=1 gpgcheck=0 [epol] name=epol baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP2:/Epol/standard_$basearch/ enabled=1 gpgcheck=0 [everything] name=everything baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP2/standard_$basearch/ enabled=1 gpgcheck=0 EOF","title":"4.2 \u914d\u7f6eyum repo"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#43-yum","text":"yum clean all yum makecache","title":"4.3 \u66f4\u65b0yum\u7f13\u5b58"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#5-opensd","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"5. \u5b89\u88c5opensd"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#51-opensd","text":"git clone https://gitee.com/openeuler/opensd cd opensd python3 setup.py install","title":"5.1 \u514b\u9686opensd\u6e90\u7801\u5e76\u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#6-ssh","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"6. \u505assh\u4e92\u4fe1"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#61","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u5e76\u4e00\u8def\u56de\u8f66 ssh-keygen","title":"6.1 \u751f\u6210\u5bc6\u94a5\u5bf9"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#62-ip","text":"\u5728auto_ssh_host_ip\u4e2d\u914d\u7f6e\u6240\u6709\u7528\u5230\u7684\u4e3b\u673aip, \u793a\u4f8b\uff1a cd /usr/local/share/opensd/tools/ vim auto_ssh_host_ip 10.0.0.1 10.0.0.2 ... 10.0.0.10","title":"6.2 \u751f\u6210\u4e3b\u673aIP\u5730\u5740\u6587\u4ef6"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#63","text":"\u5c06\u514d\u5bc6\u811a\u672c /usr/local/bin/opensd-auto-ssh \u5185123123\u66ff\u6362\u4e3a\u4e3b\u673a\u771f\u5b9e\u5bc6\u7801 # \u66ff\u6362\u811a\u672c\u5185123123\u5b57\u7b26\u4e32 vim /usr/local/bin/opensd-auto-ssh ## \u5b89\u88c5expect\u540e\u6267\u884c\u811a\u672c dnf install expect -y opensd-auto-ssh","title":"6.3 \u66f4\u6539\u5bc6\u7801\u5e76\u6267\u884c\u811a\u672c"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#64-ceph-monitor","text":"ssh-copy-id root@x.x.x.x","title":"6.4 \u90e8\u7f72\u8282\u70b9\u4e0eceph monitor\u505a\u4e92\u4fe1\uff08\u53ef\u9009\uff09"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#7-opensd","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"7. \u914d\u7f6eopensd"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#71","text":"\u5b89\u88c5 python3-pbr, python3-utils, python3-pyyaml, python3-oslo-utils\u5e76\u968f\u673a\u751f\u6210\u5bc6\u7801 dnf install python3-pbr python3-utils python3-pyyaml python3-oslo-utils -y # \u6267\u884c\u547d\u4ee4\u751f\u6210\u5bc6\u7801 opensd-genpwd # \u68c0\u67e5\u5bc6\u7801\u662f\u5426\u751f\u6210 cat /usr/local/share/opensd/etc_examples/opensd/passwords.yml","title":"7.1 \u751f\u6210\u968f\u673a\u5bc6\u7801"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#72-inventory","text":"\u4e3b\u673a\u4fe1\u606f\u5305\u542b\uff1a\u4e3b\u673a\u540d\u3001ansible_host IP\u3001availability_zone\uff0c\u4e09\u8005\u5747\u9700\u914d\u7f6e\u7f3a\u4e00\u4e0d\u53ef\uff0c\u793a\u4f8b\uff1a vim /usr/local/share/opensd/ansible/inventory/multinode # \u4e09\u53f0\u63a7\u5236\u8282\u70b9\u4e3b\u673a\u4fe1\u606f [control] controller1 ansible_host=10.0.0.35 availability_zone=az01.cell01.cn-yogadev-1 controller2 ansible_host=10.0.0.36 availability_zone=az01.cell01.cn-yogadev-1 controller3 ansible_host=10.0.0.37 availability_zone=az01.cell01.cn-yogadev-1 # \u7f51\u7edc\u8282\u70b9\u4fe1\u606f\uff0c\u4e0e\u63a7\u5236\u8282\u70b9\u4fdd\u6301\u4e00\u81f4 [network] controller1 ansible_host=10.0.0.35 availability_zone=az01.cell01.cn-yogadev-1 controller2 ansible_host=10.0.0.36 availability_zone=az01.cell01.cn-yogadev-1 controller3 ansible_host=10.0.0.37 availability_zone=az01.cell01.cn-yogadev-1 # cinder-volume\u670d\u52a1\u8282\u70b9\u4fe1\u606f [storage] storage1 ansible_host=10.0.0.61 availability_zone=az01.cell01.cn-yogadev-1 storage2 ansible_host=10.0.0.78 availability_zone=az01.cell01.cn-yogadev-1 storage3 ansible_host=10.0.0.82 availability_zone=az01.cell01.cn-yogadev-1 # Cell1 \u96c6\u7fa4\u4fe1\u606f [cell-control-cell1] cell1 ansible_host=10.0.0.24 availability_zone=az01.cell01.cn-yogadev-1 cell2 ansible_host=10.0.0.25 availability_zone=az01.cell01.cn-yogadev-1 cell3 ansible_host=10.0.0.26 availability_zone=az01.cell01.cn-yogadev-1 [compute-cell1] compute1 ansible_host=10.0.0.27 availability_zone=az01.cell01.cn-yogadev-1 compute2 ansible_host=10.0.0.28 availability_zone=az01.cell01.cn-yogadev-1 compute3 ansible_host=10.0.0.29 availability_zone=az01.cell01.cn-yogadev-1 [cell1:children] cell-control-cell1 compute-cell1 # Cell2\u96c6\u7fa4\u4fe1\u606f [cell-control-cell2] cell4 ansible_host=10.0.0.36 availability_zone=az03.cell02.cn-yogadev-1 cell5 ansible_host=10.0.0.37 availability_zone=az03.cell02.cn-yogadev-1 cell6 ansible_host=10.0.0.38 availability_zone=az03.cell02.cn-yogadev-1 [compute-cell2] compute4 ansible_host=10.0.0.39 availability_zone=az03.cell02.cn-yogadev-1 compute5 ansible_host=10.0.0.40 availability_zone=az03.cell02.cn-yogadev-1 compute6 ansible_host=10.0.0.41 availability_zone=az03.cell02.cn-yogadev-1 [cell2:children] cell-control-cell2 compute-cell2 [baremetal] [compute-cell1-ironic] # \u586b\u5199\u6240\u6709cell\u96c6\u7fa4\u7684control\u4e3b\u673a\u7ec4 [nova-conductor:children] cell-control-cell1 cell-control-cell2 # \u586b\u5199\u6240\u6709cell\u96c6\u7fa4\u7684compute\u4e3b\u673a\u7ec4 [nova-compute:children] compute-added compute-cell1 compute-cell2 # \u4e0b\u9762\u7684\u4e3b\u673a\u7ec4\u4fe1\u606f\u4e0d\u9700\u53d8\u52a8\uff0c\u4fdd\u7559\u5373\u53ef [compute-added] [chrony-server:children] control [pacemaker:children] control ...... ......","title":"7.2 \u914d\u7f6einventory\u6587\u4ef6"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#73","text":"\u6ce8: \u6587\u6863\u4e2d\u63d0\u5230\u7684\u6709\u6ce8\u91ca\u914d\u7f6e\u9879\u9700\u8981\u66f4\u6539\uff0c\u5176\u4ed6\u53c2\u6570\u4e0d\u9700\u8981\u66f4\u6539\uff0c\u82e5\u65e0\u76f8\u5173\u914d\u7f6e\u5219\u4e3a\u7a7a vim /usr/local/share/opensd/etc_examples/opensd/globals.yml ######################## # Network & Base options ######################## network_interface: \"eth0\" #\u7ba1\u7406\u7f51\u7edc\u7684\u7f51\u5361\u540d\u79f0 neutron_external_interface: \"eth1\" #\u4e1a\u52a1\u7f51\u7edc\u7684\u7f51\u5361\u540d\u79f0 cidr_netmask: 24 #\u7ba1\u7406\u7f51\u7684\u63a9\u7801 opensd_vip_address: 10.0.0.33 #\u63a7\u5236\u8282\u70b9\u865a\u62dfIP\u5730\u5740 cell1_vip_address: 10.0.0.34 #cell1\u96c6\u7fa4\u7684\u865a\u62dfIP\u5730\u5740 cell2_vip_address: 10.0.0.35 #cell2\u96c6\u7fa4\u7684\u865a\u62dfIP\u5730\u5740 external_fqdn: \"\" #\u7528\u4e8evnc\u8bbf\u95ee\u865a\u62df\u673a\u7684\u5916\u7f51\u57df\u540d\u5730\u5740 external_ntp_servers: [] #\u5916\u90e8ntp\u670d\u52a1\u5668\u5730\u5740 yumrepo_host: #yum\u6e90\u7684IP\u5730\u5740 yumrepo_port: #yum\u6e90\u7aef\u53e3\u53f7 environment: #yum\u6e90\u7684\u7c7b\u578b upgrade_all_packages: \"yes\" #\u662f\u5426\u5347\u7ea7\u6240\u6709\u5b89\u88c5\u7248\u7684\u7248\u672c(\u6267\u884cyum upgrade)\uff0c\u521d\u59cb\u90e8\u7f72\u8d44\u6e90\u8bf7\u8bbe\u7f6e\u4e3a\"yes\" enable_miner: \"no\" #\u662f\u5426\u5f00\u542f\u90e8\u7f72miner\u670d\u52a1 enable_chrony: \"no\" #\u662f\u5426\u5f00\u542f\u90e8\u7f72chrony\u670d\u52a1 enable_pri_mariadb: \"no\" #\u662f\u5426\u4e3a\u79c1\u6709\u4e91\u90e8\u7f72mariadb enable_hosts_file_modify: \"no\" # \u6269\u5bb9\u8ba1\u7b97\u8282\u70b9\u548c\u90e8\u7f72ironic\u670d\u52a1\u7684\u65f6\u5019\uff0c\u662f\u5426\u5c06\u8282\u70b9\u4fe1\u606f\u6dfb\u52a0\u5230`/etc/hosts` ######################## # Available zone options ######################## az_cephmon_compose: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az01\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az01\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az02\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az02\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az03\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az03\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: # `reserve_vcpu_based_on_numa`\u914d\u7f6e\u4e3a`yes` or `no`,\u4e3e\u4f8b\u8bf4\u660e\uff1a NUMA node0 CPU(s): 0-15,32-47 NUMA node1 CPU(s): 16-31,48-63 \u5f53reserve_vcpu_based_on_numa: \"yes\", \u6839\u636enuma node, \u5e73\u5747\u6bcf\u4e2anode\u9884\u7559vcpu: vcpu_pin_set = 2-15,34-47,18-31,50-63 \u5f53reserve_vcpu_based_on_numa: \"no\", \u4ece\u7b2c\u4e00\u4e2avcpu\u5f00\u59cb\uff0c\u987a\u5e8f\u9884\u7559vcpu: vcpu_pin_set = 8-64 ####################### # Nova options ####################### nova_reserved_host_memory_mb: 2048 #\u8ba1\u7b97\u8282\u70b9\u7ed9\u8ba1\u7b97\u670d\u52a1\u9884\u7559\u7684\u5185\u5b58\u5927\u5c0f enable_cells: \"yes\" #cell\u8282\u70b9\u662f\u5426\u5355\u72ec\u8282\u70b9\u90e8\u7f72 support_gpu: \"False\" #cell\u8282\u70b9\u662f\u5426\u6709GPU\u670d\u52a1\u5668\uff0c\u5982\u679c\u6709\u5219\u4e3aTrue\uff0c\u5426\u5219\u4e3aFalse ####################### # Neutron options ####################### monitor_ip: - 10.0.0.9 #\u914d\u7f6e\u76d1\u63a7\u8282\u70b9 - 10.0.0.10 enable_meter_full_eip: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8EIP\u5168\u91cf\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter_port_forwarding: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8port forwarding\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter_ecs_ipv6: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8ecs_ipv6\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter: True #\u914d\u7f6e\u662f\u5426\u5f00\u542f\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue is_sdn_arch: False #\u914d\u7f6e\u662f\u5426\u662fsdn\u67b6\u6784\uff0c\u9ed8\u8ba4\u4e3aFalse # \u9ed8\u8ba4\u4f7f\u80fd\u7684\u7f51\u7edc\u7c7b\u578b\u662fvlan,vlan\u548cvxlan\u4e24\u79cd\u7c7b\u578b\u53ea\u80fd\u4e8c\u9009\u4e00. enable_vxlan_network_type: False # \u9ed8\u8ba4\u4f7f\u80fd\u7684\u7f51\u7edc\u7c7b\u578b\u662fvlan,\u5982\u679c\u4f7f\u7528vxlan\u7f51\u7edc\uff0c\u914d\u7f6e\u4e3aTrue, \u5982\u679c\u4f7f\u7528vlan\u7f51\u7edc\uff0c\u914d\u7f6e\u4e3aFalse. enable_neutron_fwaas: False # \u73af\u5883\u6709\u4f7f\u7528\u9632\u706b\u5899, \u8bbe\u7f6e\u4e3aTrue, \u4f7f\u80fd\u9632\u62a4\u5899\u529f\u80fd. # Neutron provider neutron_provider_networks: network_types: \"{{ 'vxlan' if enable_vxlan_network_type else 'vlan' }}\" network_vlan_ranges: \"default:xxx:xxx\" #\u90e8\u7f72\u4e4b\u524d\u89c4\u5212\u7684\u4e1a\u52a1\u7f51\u7edcvlan\u8303\u56f4 network_mappings: \"default:br-provider\" network_interface: \"{{ neutron_external_interface }}\" network_vxlan_ranges: \"\" #\u90e8\u7f72\u4e4b\u524d\u89c4\u5212\u7684\u4e1a\u52a1\u7f51\u7edcvxlan\u8303\u56f4 # \u5982\u4e0b\u8fd9\u4e9b\u914d\u7f6e\u662fSND\u63a7\u5236\u5668\u7684\u914d\u7f6e\u53c2\u6570, `enable_sdn_controller`\u8bbe\u7f6e\u4e3aTrue, \u4f7f\u80fdSND\u63a7\u5236\u5668\u529f\u80fd. # \u5176\u4ed6\u53c2\u6570\u8bf7\u6839\u636e\u90e8\u7f72\u4e4b\u524d\u7684\u89c4\u5212\u548cSDN\u90e8\u7f72\u4fe1\u606f\u786e\u5b9a. enable_sdn_controller: False sdn_controller_ip_address: # SDN\u63a7\u5236\u5668ip\u5730\u5740 sdn_controller_username: # SDN\u63a7\u5236\u5668\u7684\u7528\u6237\u540d sdn_controller_password: # SDN\u63a7\u5236\u5668\u7684\u7528\u6237\u5bc6\u7801 ####################### # Dimsagent options ####################### enable_dimsagent: \"no\" # \u5b89\u88c5\u955c\u50cf\u670d\u52a1agent, \u9700\u8981\u6539\u4e3ayes # Address and domain name for s2 s3_address_domain_pair: - host_ip: host_name: ####################### # Trove options ####################### enable_trove: \"no\" #\u5b89\u88c5trove \u9700\u8981\u6539\u4e3ayes #default network trove_default_neutron_networks: #trove \u7684\u7ba1\u7406\u7f51\u7edcid `openstack network list|grep -w trove-mgmt|awk '{print$2}'` #s3 setup(\u5982\u679c\u6ca1\u6709s3,\u4ee5\u4e0b\u503c\u586bnull) s3_endpoint_host_ip: #s3\u7684ip s3_endpoint_host_name: #s3\u7684\u57df\u540d s3_endpoint_url: #s3\u7684url \u00b7\u4e00\u822c\u4e3ahttp\uff1a//s3\u57df\u540d s3_access_key: #s3\u7684ak s3_secret_key: #s3\u7684sk ####################### # Ironic options ####################### enable_ironic: \"no\" #\u662f\u5426\u5f00\u673a\u88f8\u91d1\u5c5e\u90e8\u7f72\uff0c\u9ed8\u8ba4\u4e0d\u5f00\u542f ironic_neutron_provisioning_network_uuid: ironic_neutron_cleaning_network_uuid: \"{{ ironic_neutron_provisioning_network_uuid }}\" ironic_dnsmasq_interface: ironic_dnsmasq_dhcp_range: ironic_tftp_server_address: \"{{ hostvars[inventory_hostname]['ansible_' + ironic_dnsmasq_interface]['ipv4']['address'] }}\" # \u4ea4\u6362\u673a\u8bbe\u5907\u76f8\u5173\u4fe1\u606f neutron_ml2_conf_genericswitch: genericswitch:xxxxxxx: device_type: ngs_mac_address: ip: username: password: ngs_port_default_vlan: # Package state setting haproxy_package_state: \"present\" mariadb_package_state: \"present\" rabbitmq_package_state: \"present\" memcached_package_state: \"present\" ceph_client_package_state: \"present\" keystone_package_state: \"present\" glance_package_state: \"present\" cinder_package_state: \"present\" nova_package_state: \"present\" neutron_package_state: \"present\" miner_package_state: \"present\"","title":"7.3 \u914d\u7f6e\u5168\u5c40\u53d8\u91cf"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#74-ssh","text":"dnf install ansible -y ansible all -i /usr/local/share/opensd/ansible/inventory/multinode -m ping # \u6267\u884c\u7ed3\u679c\u663e\u793a\u6bcf\u53f0\u4e3b\u673a\u90fd\u662f\"SUCCESS\"\u5373\u8bf4\u660e\u8fde\u63a5\u72b6\u6001\u6ca1\u95ee\u9898,\u793a\u4f8b\uff1a compute1 | SUCCESS => { \"ansible_facts\": { \"discovered_interpreter_python\": \"/usr/bin/python\" }, \"changed\": false, \"ping\": \"pong\" }","title":"7.4 \u68c0\u67e5\u6240\u6709\u8282\u70b9ssh\u8fde\u63a5\u72b6\u6001"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#8","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"8. \u6267\u884c\u90e8\u7f72"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#81-bootstrap","text":"# \u6267\u884c\u90e8\u7f72 opensd -i /usr/local/share/opensd/ansible/inventory/multinode bootstrap --forks 50","title":"8.1 \u6267\u884cbootstrap"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#82","text":"\u6ce8\uff1a\u6267\u884c\u91cd\u542f\u7684\u539f\u56e0\u662f:bootstrap\u53ef\u80fd\u4f1a\u5347\u5185\u6838,\u66f4\u6539selinux\u914d\u7f6e\u6216\u8005\u6709GPU\u670d\u52a1\u5668,\u5982\u679c\u88c5\u673a\u8fc7\u7a0b\u5df2\u7ecf\u662f\u65b0\u7248\u5185\u6838,selinux disable\u6216\u8005\u6ca1\u6709GPU\u670d\u52a1\u5668,\u5219\u4e0d\u9700\u8981\u6267\u884c\u8be5\u6b65\u9aa4 # \u624b\u52a8\u91cd\u542f\u5bf9\u5e94\u8282\u70b9,\u6267\u884c\u547d\u4ee4 init6 # \u91cd\u542f\u5b8c\u6210\u540e\uff0c\u518d\u6b21\u68c0\u67e5\u8fde\u901a\u6027 ansible all -i /usr/local/share/opensd/ansible/inventory/multinode -m ping # \u91cd\u542f\u5b8c\u540e\u64cd\u4f5c\u7cfb\u7edf\u540e\uff0c\u518d\u6b21\u542f\u52a8yum\u6e90","title":"8.2 \u91cd\u542f\u670d\u52a1\u5668"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#83","text":"opensd -i /usr/local/share/opensd/ansible/inventory/multinode prechecks --forks 50","title":"8.3 \u6267\u884c\u90e8\u7f72\u524d\u68c0\u67e5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#84","text":"ln -s /usr/bin/python3 /usr/bin/python \u5168\u91cf\u90e8\u7f72\uff1a opensd -i /usr/local/share/opensd/ansible/inventory/multinode deploy --forks 50 \u5355\u670d\u52a1\u90e8\u7f72\uff1a opensd -i /usr/local/share/opensd/ansible/inventory/multinode deploy --forks 50 -t service_name","title":"8.4 \u6267\u884c\u90e8\u7f72"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/","text":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 OpenStack \u7b80\u4ecb \u00b6 OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 22.03-LTS-SP2\u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Wallaby \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002 \u7ea6\u5b9a \u00b6 OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a CinderSP1 Nova Neutron \u51c6\u5907\u73af\u5883 \u00b6 \u73af\u5883\u914d\u7f6e \u00b6 \u914d\u7f6e 22.03 LTS \u5b98\u65b9yum\u6e90\uff0c\u9700\u8981\u542f\u7528EPOL\u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301OpenStack yum update yum install openstack-release-wallaby yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP2/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.03-LTS-SP2/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute \u5b89\u88c5 SQL DataBase \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef \u5b89\u88c5 RabbitMQ \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5 Memcached \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u5b89\u88c5 OpenStack \u00b6 Keystone \u5b89\u88c5 \u00b6 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Placement\u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a source ~/.admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name Nova \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [libvirt] virt_type = qemu (CPT) cpu_mode = custom (CPT) cpu_model = cortex-a72 (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] vim /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } (CPT) \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL) Neutron \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service systemctl enable neutron-l3-agent.service systemctl restart openstack-nova-api.service neutron-server.service (CTL) neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list Cinder \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list horizon \u5b89\u88c5 \u00b6 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740 Tempest \u5b89\u88c5 \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Wallaby\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin Ironic \u5b89\u88c5 \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://172.20.19.13:5050/v1 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop transport_url = rabbit://openstack:RABBITPASSWD@controller:5672/ enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:123456@172.20.19.25:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 3\u3001\u914d\u7f6e\u6d88\u606f\u5ea6\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 4\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://control:5000 www_authenticate_uri = http://control:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = control:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True 5\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 6\u3001\u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c 7\u3001\u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\uff1a ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade 8\u3001\u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd deploy ramdisk\u955c\u50cf\u5236\u4f5c W\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528W\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\uff0c\u5982\u4e0b\uff1a \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a ![ironic-err](../../img/install/ironic-err.png) \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a w\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 1. \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a ``` [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ``` 2) ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 ``` [DEFAULT] enable_auto_tls = False ``` \u8bbe\u7f6e\u6743\u9650\uff1a ``` chown -R ipa.ipa /etc/ironic_python_agent/ ``` 3. \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service ``` [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target ``` Kolla \u5b89\u88c5 \u00b6 Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 22.03 LTS\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002 Trove \u5b89\u88c5 \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 ``shell script yum install openstack-trove python-troveclient 2. \u914d\u7f6e`trove.conf` ```shell script vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] project_domain_name = Default project_name = service user_domain_name = Default password = trove username = trove auth_url = http://controller:5000/v3/ auth_type = password [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = trove project_domain_name = Default user_domain_name = Default username = trove [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 **\u89e3\u91ca\uff1a** - [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP - nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint - nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b - transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 \u914d\u7f6e trove-guestagent.conf ```shell script vim /etc/trove/trove-guestagent.conf [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 **\u89e3\u91ca\uff1a** `guestagent`\u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 **\u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002** - `transport_url` \u4e3a`RabbitMQ`\u8fde\u63a5\u4fe1\u606f\uff0c`RABBIT_PASS`\u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d`TROVE_PASS`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 6. \u751f\u6210\u6570\u636e`Trove`\u6570\u636e\u5e93\u8868 ```shell script su -s /bin/sh -c \"trove-manage db_sync\" trove 4. \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e 1. \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 ```shell script systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2. \u542f\u52a8\u670d\u52a1 ```shell script systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Swift \u5b89\u88c5 \u00b6 Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service Cyborg \u5b89\u88c5 \u00b6 Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 \u5b89\u88c5Cyborg yum install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent Aodh \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u6ce8\u610f aodh\u4f9d\u8d56\u7684\u8f6f\u4ef6\u5305pytho3-pyparsing\u5728openEuler\u7684OS\u4ed3\u4e0d\u9002\u914d\uff0c\u9700\u8981\u8986\u76d6\u5b89\u88c5OpenStack\u5bf9\u5e94\u7248\u672c\uff0c\u53ef\u4ee5\u4f7f\u7528 yum list |grep pyparsing |grep OpenStack | awk '{print $2}' \u83b7\u53d6\u5bf9\u5e94\u7684\u7248\u672c VERSION,\u7136\u540e\u518d yum install -y python3-pyparsing-VERSION \u8986\u76d6\u5b89\u88c5\u9002\u914d\u7684pyparsing \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync \u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service Gnocchi \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade \u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service Ceilometer \u5b89\u88c5 \u00b6 \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade \u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Heat \u5b89\u88c5 \u00b6 \u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 \u00b6 oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 pip install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.03-LTS-SP2\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.03-lts-sp2 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r wallaby \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.03-lts-sp2 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"openEuler-22.03-LTS-SP2_Wallaby"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#openstack-wallaby","text":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72","title":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#openstack","text":"OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 22.03-LTS-SP2\u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Wallaby \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002","title":"OpenStack \u7b80\u4ecb"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#_1","text":"OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a CinderSP1 Nova Neutron","title":"\u7ea6\u5b9a"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#_2","text":"","title":"\u51c6\u5907\u73af\u5883"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#_3","text":"\u914d\u7f6e 22.03 LTS \u5b98\u65b9yum\u6e90\uff0c\u9700\u8981\u542f\u7528EPOL\u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301OpenStack yum update yum install openstack-release-wallaby yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP2/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.03-LTS-SP2/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute","title":"\u73af\u5883\u914d\u7f6e"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#sql-database","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef","title":"\u5b89\u88c5 SQL DataBase"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#rabbitmq","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5 RabbitMQ"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#memcached","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002","title":"\u5b89\u88c5 Memcached"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#openstack_1","text":"","title":"\u5b89\u88c5 OpenStack"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#keystone","text":"\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#glance","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#placement","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a source ~/.admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name","title":"Placement\u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#nova","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [libvirt] virt_type = qemu (CPT) cpu_mode = custom (CPT) cpu_model = cortex-a72 (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] vim /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } (CPT) \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL)","title":"Nova \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#neutron","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service systemctl enable neutron-l3-agent.service systemctl restart openstack-nova-api.service neutron-server.service (CTL) neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list","title":"Neutron \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#cinder","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list","title":"Cinder \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#horizon","text":"\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740","title":"horizon \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Wallaby\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin","title":"Tempest \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://172.20.19.13:5050/v1 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop transport_url = rabbit://openstack:RABBITPASSWD@controller:5672/ enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:123456@172.20.19.25:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 3\u3001\u914d\u7f6e\u6d88\u606f\u5ea6\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 4\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://control:5000 www_authenticate_uri = http://control:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = control:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True 5\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 6\u3001\u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c 7\u3001\u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\uff1a ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade 8\u3001\u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd deploy ramdisk\u955c\u50cf\u5236\u4f5c W\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528W\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\uff0c\u5982\u4e0b\uff1a \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a ![ironic-err](../../img/install/ironic-err.png) \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a w\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 1. \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a ``` [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ``` 2) ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 ``` [DEFAULT] enable_auto_tls = False ``` \u8bbe\u7f6e\u6743\u9650\uff1a ``` chown -R ipa.ipa /etc/ironic_python_agent/ ``` 3. \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service ``` [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target ```","title":"Ironic \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#kolla","text":"Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 22.03 LTS\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002","title":"Kolla \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 ``shell script yum install openstack-trove python-troveclient 2. \u914d\u7f6e`trove.conf` ```shell script vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] project_domain_name = Default project_name = service user_domain_name = Default password = trove username = trove auth_url = http://controller:5000/v3/ auth_type = password [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = trove project_domain_name = Default user_domain_name = Default username = trove [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 **\u89e3\u91ca\uff1a** - [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP - nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint - nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b - transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 \u914d\u7f6e trove-guestagent.conf ```shell script vim /etc/trove/trove-guestagent.conf [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 **\u89e3\u91ca\uff1a** `guestagent`\u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 **\u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002** - `transport_url` \u4e3a`RabbitMQ`\u8fde\u63a5\u4fe1\u606f\uff0c`RABBIT_PASS`\u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d`TROVE_PASS`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 6. \u751f\u6210\u6570\u636e`Trove`\u6570\u636e\u5e93\u8868 ```shell script su -s /bin/sh -c \"trove-manage db_sync\" trove 4. \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e 1. \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 ```shell script systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2. \u542f\u52a8\u670d\u52a1 ```shell script systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#swift","text":"Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service","title":"Swift \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#cyborg","text":"Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 \u5b89\u88c5Cyborg yum install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent","title":"Cyborg \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#aodh","text":"\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u6ce8\u610f aodh\u4f9d\u8d56\u7684\u8f6f\u4ef6\u5305pytho3-pyparsing\u5728openEuler\u7684OS\u4ed3\u4e0d\u9002\u914d\uff0c\u9700\u8981\u8986\u76d6\u5b89\u88c5OpenStack\u5bf9\u5e94\u7248\u672c\uff0c\u53ef\u4ee5\u4f7f\u7528 yum list |grep pyparsing |grep OpenStack | awk '{print $2}' \u83b7\u53d6\u5bf9\u5e94\u7684\u7248\u672c VERSION,\u7136\u540e\u518d yum install -y python3-pyparsing-VERSION \u8986\u76d6\u5b89\u88c5\u9002\u914d\u7684pyparsing \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync \u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service","title":"Aodh \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#gnocchi","text":"\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade \u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service","title":"Gnocchi \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#ceilometer","text":"\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade \u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service","title":"Ceilometer \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#heat","text":"\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service","title":"Heat \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#openstack-sigoos","text":"oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 pip install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.03-LTS-SP2\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.03-lts-sp2 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r wallaby \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.03-lts-sp2 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"\u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/","text":"OpenStack-Train \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack-Train \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 \u57fa\u4e8eOpenStack SIG\u90e8\u7f72\u5de5\u5177opensd\u90e8\u7f72 \u90e8\u7f72\u6b65\u9aa4 1. \u90e8\u7f72\u524d\u9700\u8981\u786e\u8ba4\u7684\u4fe1\u606f 2. ceph pool\u4e0e\u8ba4\u8bc1\u521b\u5efa\uff08\u53ef\u9009\uff09 2.1 \u521b\u5efapool: 2.2 \u521d\u59cb\u5316pool 2.3 \u521b\u5efa\u7528\u6237\u8ba4\u8bc1 3. \u914d\u7f6elvm\uff08\u53ef\u9009\uff09 4. \u914d\u7f6eyum repo 4.1 \u5907\u4efdyum\u6e90 4.2 \u914d\u7f6eyum repo 4.3 \u66f4\u65b0yum\u7f13\u5b58 5. \u5b89\u88c5opensd 5.1 \u514b\u9686opensd\u6e90\u7801\u5e76\u5b89\u88c5 6. \u505assh\u4e92\u4fe1 6.1 \u751f\u6210\u5bc6\u94a5\u5bf9 6.2 \u751f\u6210\u4e3b\u673aIP\u5730\u5740\u6587\u4ef6 6.3 \u66f4\u6539\u5bc6\u7801\u5e76\u6267\u884c\u811a\u672c 6.4 \u90e8\u7f72\u8282\u70b9\u4e0eceph monitor\u505a\u4e92\u4fe1\uff08\u53ef\u9009\uff09 7. \u914d\u7f6eopensd 7.1 \u751f\u6210\u968f\u673a\u5bc6\u7801 7.2 \u914d\u7f6einventory\u6587\u4ef6 7.3 \u914d\u7f6e\u5168\u5c40\u53d8\u91cf 7.4 \u68c0\u67e5\u6240\u6709\u8282\u70b9ssh\u8fde\u63a5\u72b6\u6001 8. \u6267\u884c\u90e8\u7f72 8.1 \u6267\u884cbootstrap 8.2 \u91cd\u542f\u670d\u52a1\u5668 8.3 \u6267\u884c\u90e8\u7f72\u524d\u68c0\u67e5 8.4 \u6267\u884c\u90e8\u7f72 OpenStack \u7b80\u4ecb \u00b6 OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 22.03-LTS-SP3\u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Train \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002 \u7ea6\u5b9a \u00b6 OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron \u51c6\u5907\u73af\u5883 \u00b6 \u73af\u5883\u914d\u7f6e \u00b6 \u542f\u52a8OpenStack Train yum\u6e90 yum update yum install openstack-release-train yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute \u5b89\u88c5 SQL DataBase \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef \u5b89\u88c5 RabbitMQ \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5 Memcached \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u5b89\u88c5 OpenStack \u00b6 Keystone \u5b89\u88c5 \u00b6 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient==4.0.2 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Placement\u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a . admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name Nova \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u5219 virt_type \u53ef\u4ee5\u914d\u7f6e\u4e3a kvm \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF chown nova:nova /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u5e76\u4e14\u5f53ARM\u67b6\u6784\u4e0b\u7684\u90e8\u7f72\u73af\u5883\u4e3a\u5d4c\u5957\u865a\u62df\u5316\u65f6\uff0c libvirt \u914d\u7f6e\u5982\u4e0b\uff1a [libvirt] virt_type = qemu cpu_mode = custom cpu_model = cortex-a72 \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CTL) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL) Neutron \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl restart neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list Cinder \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list horizon \u5b89\u88c5 \u00b6 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740 Tempest \u5b89\u88c5 \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Train\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin Ironic \u5b89\u88c5 \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; 2. \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u542f\u52a8\u670d\u52a1 systemctl enable openstack-ironic-api openstack-ironic-conductor systemctl start openstack-ironic-api openstack-ironic-conductor \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y 2. \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7.deploy ramdisk\u955c\u50cf\u5236\u4f5c T\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528T\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728T\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a T\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target \u5728Train\u4e2d\uff0c\u6211\u4eec\u8fd8\u63d0\u4f9b\u4e86ironic-inspector\u7b49\u670d\u52a1\uff0c\u7528\u6237\u53ef\u6839\u636e\u81ea\u8eab\u9700\u6c42\u5b89\u88c5\u3002 Kolla \u5b89\u88c5 \u00b6 Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u8fdb\u884c\u76f8\u5173\u7684\u955c\u50cf\u5236\u4f5c\u548c\u5bb9\u5668\u73af\u5883\u90e8\u7f72\u4e86\u3002 Trove \u5b89\u88c5 \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 1.\u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; 2.\u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --domain default --password-prompt trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s 3.\u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1.\u5b89\u88c5 Trove \u5305 yum install openstack-trove python3-troveclient 2.\u914d\u7f6e trove.conf vim /etc/trove/trove.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller:5000/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 swift_url = http://controller:8080/v1/AUTH_ rpc_backend = rabbit transport_url = rabbit://openstack:RABBIT_PASS@controller:5672 auth_strategy = keystone add_addresses = True api_paste_config = /etc/trove/api-paste.ini nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASSWORD nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver = trove.network.neutron.NeutronDriver network_label_regex = .* [database] connection = mysql+pymysql://trove:TROVE_DBPASSWORD@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ auth_type = password project_domain_name = default user_domain_name = default project_name = service username = trove password = TROVE_PASSWORD \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 3.\u914d\u7f6e trove-guestagent.conf vim /etc/trove/trove-guestagent.conf rabbit_host = controller rabbit_password = RABBIT_PASS trove_auth_url = http://controller:5000/ \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 4.\u751f\u6210\u6570\u636e Trove \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"trove-manage db_sync\" trove 4.\u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Swift \u5b89\u88c5 \u00b6 Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service Cyborg \u5b89\u88c5 \u00b6 Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 1.\u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 3.\u5b89\u88c5Cyborg yum install openstack-cyborg 4.\u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f 5.\u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade 6.\u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent Aodh \u5b89\u88c5 \u00b6 1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 3.\u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync 6.\u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service Gnocchi \u5b89\u88c5 \u00b6 1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 3.\u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade 6.\u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service Ceilometer \u5b89\u88c5 \u00b6 1.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering 2.\u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central 3.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade 6.\u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Heat \u5b89\u88c5 \u00b6 1.\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; 2.\u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin 3.\u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 4.\u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user 5.\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine 6.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 7.\u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat 8.\u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 \u00b6 oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 pip install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.03-LTS-SP3\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.03-lts-SP3 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r train \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.03-lts-SP3 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002 \u57fa\u4e8eOpenStack SIG\u90e8\u7f72\u5de5\u5177opensd\u90e8\u7f72 \u00b6 opensd\u7528\u4e8e\u6279\u91cf\u5730\u811a\u672c\u5316\u90e8\u7f72openstack\u5404\u7ec4\u4ef6\u670d\u52a1\u3002 \u90e8\u7f72\u6b65\u9aa4 \u00b6 1. \u90e8\u7f72\u524d\u9700\u8981\u786e\u8ba4\u7684\u4fe1\u606f \u00b6 \u88c5\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u9700\u5c06selinux\u8bbe\u7f6e\u4e3adisable \u88c5\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u5c06/etc/ssh/sshd_config\u914d\u7f6e\u6587\u4ef6\u5185\u7684UseDNS\u8bbe\u7f6e\u4e3ano \u64cd\u4f5c\u7cfb\u7edf\u8bed\u8a00\u5fc5\u987b\u8bbe\u7f6e\u4e3a\u82f1\u6587 \u90e8\u7f72\u4e4b\u524d\u8bf7\u786e\u4fdd\u6240\u6709\u8ba1\u7b97\u8282\u70b9/etc/hosts\u6587\u4ef6\u5185\u6ca1\u6709\u5bf9\u8ba1\u7b97\u4e3b\u673a\u7684\u89e3\u6790 2. ceph pool\u4e0e\u8ba4\u8bc1\u521b\u5efa\uff08\u53ef\u9009\uff09 \u00b6 \u4e0d\u4f7f\u7528ceph\u6216\u5df2\u6709ceph\u96c6\u7fa4\u53ef\u5ffd\u7565\u6b64\u6b65\u9aa4 \u5728\u4efb\u610f\u4e00\u53f0ceph monitor\u8282\u70b9\u6267\u884c: 2.1 \u521b\u5efapool: \u00b6 ceph osd pool create volumes 2048 ceph osd pool create images 2048 2.2 \u521d\u59cb\u5316pool \u00b6 rbd pool init volumes rbd pool init images 2.3 \u521b\u5efa\u7528\u6237\u8ba4\u8bc1 \u00b6 ceph auth get-or-create client.glance mon 'profile rbd' osd 'profile rbd pool=images' mgr 'profile rbd pool=images' ceph auth get-or-create client.cinder mon 'profile rbd' osd 'profile rbd pool=volumes, profile rbd pool=images' mgr 'profile rbd pool=volumes' 3. \u914d\u7f6elvm\uff08\u53ef\u9009\uff09 \u00b6 \u6839\u636e\u7269\u7406\u673a\u78c1\u76d8\u914d\u7f6e\u4e0e\u95f2\u7f6e\u60c5\u51b5\uff0c\u4e3amysql\u6570\u636e\u76ee\u5f55\u6302\u8f7d\u989d\u5916\u7684\u78c1\u76d8\u7a7a\u95f4\u3002\u793a\u4f8b\u5982\u4e0b\uff08\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u505a\u914d\u7f6e\uff09\uff1a fdisk -l Disk /dev/sdd: 479.6 GB, 479559942144 bytes, 936640512 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes Disk label type: dos Disk identifier: 0x000ed242 \u521b\u5efa\u5206\u533a parted /dev/sdd mkparted 0 -1 \u521b\u5efapv partprobe /dev/sdd1 pvcreate /dev/sdd1 \u521b\u5efa\u3001\u6fc0\u6d3bvg vgcreate vg_mariadb /dev/sdd1 vgchange -ay vg_mariadb \u67e5\u770bvg\u5bb9\u91cf vgdisplay --- Volume group --- VG Name vg_mariadb System ID Format lvm2 Metadata Areas 1 Metadata Sequence No 2 VG Access read/write VG Status resizable MAX LV 0 Cur LV 1 Open LV 1 Max PV 0 Cur PV 1 Act PV 1 VG Size 446.62 GiB PE Size 4.00 MiB Total PE 114335 Alloc PE / Size 114176 / 446.00 GiB Free PE / Size 159 / 636.00 MiB VG UUID bVUmDc-VkMu-Vi43-mg27-TEkG-oQfK-TvqdEc \u521b\u5efalv lvcreate -L 446G -n lv_mariadb vg_mariadb \u683c\u5f0f\u5316\u78c1\u76d8\u5e76\u83b7\u53d6\u5377\u7684UUID mkfs.ext4 /dev/mapper/vg_mariadb-lv_mariadb blkid /dev/mapper/vg_mariadb-lv_mariadb /dev/mapper/vg_mariadb-lv_mariadb: UUID=\"98d513eb-5f64-4aa5-810e-dc7143884fa2\" TYPE=\"ext4\" \u6ce8\uff1a98d513eb-5f64-4aa5-810e-dc7143884fa2\u4e3a\u5377\u7684UUID \u6302\u8f7d\u78c1\u76d8 mount /dev/mapper/vg_mariadb-lv_mariadb /var/lib/mysql rm -rf /var/lib/mysql/* 4. \u914d\u7f6eyum repo \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 4.1 \u5907\u4efdyum\u6e90 \u00b6 mkdir /etc/yum.repos.d/bak/ mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak/ 4.2 \u914d\u7f6eyum repo \u00b6 cat > /etc/yum.repos.d/opensd.repo << EOF [train] name=train baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP3:/Epol:/Multi-Version:/OpenStack:/Train/standard_$basearch/ enabled=1 gpgcheck=0 [epol] name=epol baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP3:/Epol/standard_$basearch/ enabled=1 gpgcheck=0 [everything] name=everything baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP3/standard_$basearch/ enabled=1 gpgcheck=0 EOF 4.3 \u66f4\u65b0yum\u7f13\u5b58 \u00b6 yum clean all yum makecache 5. \u5b89\u88c5opensd \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 5.1 \u514b\u9686opensd\u6e90\u7801\u5e76\u5b89\u88c5 \u00b6 git clone https://gitee.com/openeuler/opensd cd opensd python3 setup.py install 6. \u505assh\u4e92\u4fe1 \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 6.1 \u751f\u6210\u5bc6\u94a5\u5bf9 \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\u5e76\u4e00\u8def\u56de\u8f66 ssh-keygen 6.2 \u751f\u6210\u4e3b\u673aIP\u5730\u5740\u6587\u4ef6 \u00b6 \u5728auto_ssh_host_ip\u4e2d\u914d\u7f6e\u6240\u6709\u7528\u5230\u7684\u4e3b\u673aip, \u793a\u4f8b\uff1a cd /usr/local/share/opensd/tools/ vim auto_ssh_host_ip 10.0.0.1 10.0.0.2 ... 10.0.0.10 6.3 \u66f4\u6539\u5bc6\u7801\u5e76\u6267\u884c\u811a\u672c \u00b6 \u5c06\u514d\u5bc6\u811a\u672c /usr/local/bin/opensd-auto-ssh \u5185123123\u66ff\u6362\u4e3a\u4e3b\u673a\u771f\u5b9e\u5bc6\u7801 # \u66ff\u6362\u811a\u672c\u5185123123\u5b57\u7b26\u4e32 vim /usr/local/bin/opensd-auto-ssh ## \u5b89\u88c5expect\u540e\u6267\u884c\u811a\u672c dnf install expect -y opensd-auto-ssh 6.4 \u90e8\u7f72\u8282\u70b9\u4e0eceph monitor\u505a\u4e92\u4fe1\uff08\u53ef\u9009\uff09 \u00b6 ssh-copy-id root@x.x.x.x 7. \u914d\u7f6eopensd \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 7.1 \u751f\u6210\u968f\u673a\u5bc6\u7801 \u00b6 \u5b89\u88c5 python3-pbr, python3-utils, python3-pyyaml, python3-oslo-utils\u5e76\u968f\u673a\u751f\u6210\u5bc6\u7801 dnf install python3-pbr python3-utils python3-pyyaml python3-oslo-utils -y # \u6267\u884c\u547d\u4ee4\u751f\u6210\u5bc6\u7801 opensd-genpwd # \u68c0\u67e5\u5bc6\u7801\u662f\u5426\u751f\u6210 cat /usr/local/share/opensd/etc_examples/opensd/passwords.yml 7.2 \u914d\u7f6einventory\u6587\u4ef6 \u00b6 \u4e3b\u673a\u4fe1\u606f\u5305\u542b\uff1a\u4e3b\u673a\u540d\u3001ansible_host IP\u3001availability_zone\uff0c\u4e09\u8005\u5747\u9700\u914d\u7f6e\u7f3a\u4e00\u4e0d\u53ef\uff0c\u793a\u4f8b\uff1a vim /usr/local/share/opensd/ansible/inventory/multinode # \u4e09\u53f0\u63a7\u5236\u8282\u70b9\u4e3b\u673a\u4fe1\u606f [control] controller1 ansible_host=10.0.0.35 availability_zone=az01.cell01.cn-yogadev-1 controller2 ansible_host=10.0.0.36 availability_zone=az01.cell01.cn-yogadev-1 controller3 ansible_host=10.0.0.37 availability_zone=az01.cell01.cn-yogadev-1 # \u7f51\u7edc\u8282\u70b9\u4fe1\u606f\uff0c\u4e0e\u63a7\u5236\u8282\u70b9\u4fdd\u6301\u4e00\u81f4 [network] controller1 ansible_host=10.0.0.35 availability_zone=az01.cell01.cn-yogadev-1 controller2 ansible_host=10.0.0.36 availability_zone=az01.cell01.cn-yogadev-1 controller3 ansible_host=10.0.0.37 availability_zone=az01.cell01.cn-yogadev-1 # cinder-volume\u670d\u52a1\u8282\u70b9\u4fe1\u606f [storage] storage1 ansible_host=10.0.0.61 availability_zone=az01.cell01.cn-yogadev-1 storage2 ansible_host=10.0.0.78 availability_zone=az01.cell01.cn-yogadev-1 storage3 ansible_host=10.0.0.82 availability_zone=az01.cell01.cn-yogadev-1 # Cell1 \u96c6\u7fa4\u4fe1\u606f [cell-control-cell1] cell1 ansible_host=10.0.0.24 availability_zone=az01.cell01.cn-yogadev-1 cell2 ansible_host=10.0.0.25 availability_zone=az01.cell01.cn-yogadev-1 cell3 ansible_host=10.0.0.26 availability_zone=az01.cell01.cn-yogadev-1 [compute-cell1] compute1 ansible_host=10.0.0.27 availability_zone=az01.cell01.cn-yogadev-1 compute2 ansible_host=10.0.0.28 availability_zone=az01.cell01.cn-yogadev-1 compute3 ansible_host=10.0.0.29 availability_zone=az01.cell01.cn-yogadev-1 [cell1:children] cell-control-cell1 compute-cell1 # Cell2\u96c6\u7fa4\u4fe1\u606f [cell-control-cell2] cell4 ansible_host=10.0.0.36 availability_zone=az03.cell02.cn-yogadev-1 cell5 ansible_host=10.0.0.37 availability_zone=az03.cell02.cn-yogadev-1 cell6 ansible_host=10.0.0.38 availability_zone=az03.cell02.cn-yogadev-1 [compute-cell2] compute4 ansible_host=10.0.0.39 availability_zone=az03.cell02.cn-yogadev-1 compute5 ansible_host=10.0.0.40 availability_zone=az03.cell02.cn-yogadev-1 compute6 ansible_host=10.0.0.41 availability_zone=az03.cell02.cn-yogadev-1 [cell2:children] cell-control-cell2 compute-cell2 [baremetal] [compute-cell1-ironic] # \u586b\u5199\u6240\u6709cell\u96c6\u7fa4\u7684control\u4e3b\u673a\u7ec4 [nova-conductor:children] cell-control-cell1 cell-control-cell2 # \u586b\u5199\u6240\u6709cell\u96c6\u7fa4\u7684compute\u4e3b\u673a\u7ec4 [nova-compute:children] compute-added compute-cell1 compute-cell2 # \u4e0b\u9762\u7684\u4e3b\u673a\u7ec4\u4fe1\u606f\u4e0d\u9700\u53d8\u52a8\uff0c\u4fdd\u7559\u5373\u53ef [compute-added] [chrony-server:children] control [pacemaker:children] control ...... ...... 7.3 \u914d\u7f6e\u5168\u5c40\u53d8\u91cf \u00b6 \u6ce8: \u6587\u6863\u4e2d\u63d0\u5230\u7684\u6709\u6ce8\u91ca\u914d\u7f6e\u9879\u9700\u8981\u66f4\u6539\uff0c\u5176\u4ed6\u53c2\u6570\u4e0d\u9700\u8981\u66f4\u6539\uff0c\u82e5\u65e0\u76f8\u5173\u914d\u7f6e\u5219\u4e3a\u7a7a vim /usr/local/share/opensd/etc_examples/opensd/globals.yml ######################## # Network & Base options ######################## network_interface: \"eth0\" #\u7ba1\u7406\u7f51\u7edc\u7684\u7f51\u5361\u540d\u79f0 neutron_external_interface: \"eth1\" #\u4e1a\u52a1\u7f51\u7edc\u7684\u7f51\u5361\u540d\u79f0 cidr_netmask: 24 #\u7ba1\u7406\u7f51\u7684\u63a9\u7801 opensd_vip_address: 10.0.0.33 #\u63a7\u5236\u8282\u70b9\u865a\u62dfIP\u5730\u5740 cell1_vip_address: 10.0.0.34 #cell1\u96c6\u7fa4\u7684\u865a\u62dfIP\u5730\u5740 cell2_vip_address: 10.0.0.35 #cell2\u96c6\u7fa4\u7684\u865a\u62dfIP\u5730\u5740 external_fqdn: \"\" #\u7528\u4e8evnc\u8bbf\u95ee\u865a\u62df\u673a\u7684\u5916\u7f51\u57df\u540d\u5730\u5740 external_ntp_servers: [] #\u5916\u90e8ntp\u670d\u52a1\u5668\u5730\u5740 yumrepo_host: #yum\u6e90\u7684IP\u5730\u5740 yumrepo_port: #yum\u6e90\u7aef\u53e3\u53f7 environment: #yum\u6e90\u7684\u7c7b\u578b upgrade_all_packages: \"yes\" #\u662f\u5426\u5347\u7ea7\u6240\u6709\u5b89\u88c5\u7248\u7684\u7248\u672c(\u6267\u884cyum upgrade)\uff0c\u521d\u59cb\u90e8\u7f72\u8d44\u6e90\u8bf7\u8bbe\u7f6e\u4e3a\"yes\" enable_miner: \"no\" #\u662f\u5426\u5f00\u542f\u90e8\u7f72miner\u670d\u52a1 enable_chrony: \"no\" #\u662f\u5426\u5f00\u542f\u90e8\u7f72chrony\u670d\u52a1 enable_pri_mariadb: \"no\" #\u662f\u5426\u4e3a\u79c1\u6709\u4e91\u90e8\u7f72mariadb enable_hosts_file_modify: \"no\" # \u6269\u5bb9\u8ba1\u7b97\u8282\u70b9\u548c\u90e8\u7f72ironic\u670d\u52a1\u7684\u65f6\u5019\uff0c\u662f\u5426\u5c06\u8282\u70b9\u4fe1\u606f\u6dfb\u52a0\u5230`/etc/hosts` ######################## # Available zone options ######################## az_cephmon_compose: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az01\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az01\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az02\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az02\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az03\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az03\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: # `reserve_vcpu_based_on_numa`\u914d\u7f6e\u4e3a`yes` or `no`,\u4e3e\u4f8b\u8bf4\u660e\uff1a NUMA node0 CPU(s): 0-15,32-47 NUMA node1 CPU(s): 16-31,48-63 \u5f53reserve_vcpu_based_on_numa: \"yes\", \u6839\u636enuma node, \u5e73\u5747\u6bcf\u4e2anode\u9884\u7559vcpu: vcpu_pin_set = 2-15,34-47,18-31,50-63 \u5f53reserve_vcpu_based_on_numa: \"no\", \u4ece\u7b2c\u4e00\u4e2avcpu\u5f00\u59cb\uff0c\u987a\u5e8f\u9884\u7559vcpu: vcpu_pin_set = 8-64 ####################### # Nova options ####################### nova_reserved_host_memory_mb: 2048 #\u8ba1\u7b97\u8282\u70b9\u7ed9\u8ba1\u7b97\u670d\u52a1\u9884\u7559\u7684\u5185\u5b58\u5927\u5c0f enable_cells: \"yes\" #cell\u8282\u70b9\u662f\u5426\u5355\u72ec\u8282\u70b9\u90e8\u7f72 support_gpu: \"False\" #cell\u8282\u70b9\u662f\u5426\u6709GPU\u670d\u52a1\u5668\uff0c\u5982\u679c\u6709\u5219\u4e3aTrue\uff0c\u5426\u5219\u4e3aFalse ####################### # Neutron options ####################### monitor_ip: - 10.0.0.9 #\u914d\u7f6e\u76d1\u63a7\u8282\u70b9 - 10.0.0.10 enable_meter_full_eip: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8EIP\u5168\u91cf\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter_port_forwarding: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8port forwarding\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter_ecs_ipv6: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8ecs_ipv6\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter: True #\u914d\u7f6e\u662f\u5426\u5f00\u542f\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue is_sdn_arch: False #\u914d\u7f6e\u662f\u5426\u662fsdn\u67b6\u6784\uff0c\u9ed8\u8ba4\u4e3aFalse # \u9ed8\u8ba4\u4f7f\u80fd\u7684\u7f51\u7edc\u7c7b\u578b\u662fvlan,vlan\u548cvxlan\u4e24\u79cd\u7c7b\u578b\u53ea\u80fd\u4e8c\u9009\u4e00. enable_vxlan_network_type: False # \u9ed8\u8ba4\u4f7f\u80fd\u7684\u7f51\u7edc\u7c7b\u578b\u662fvlan,\u5982\u679c\u4f7f\u7528vxlan\u7f51\u7edc\uff0c\u914d\u7f6e\u4e3aTrue, \u5982\u679c\u4f7f\u7528vlan\u7f51\u7edc\uff0c\u914d\u7f6e\u4e3aFalse. enable_neutron_fwaas: False # \u73af\u5883\u6709\u4f7f\u7528\u9632\u706b\u5899, \u8bbe\u7f6e\u4e3aTrue, \u4f7f\u80fd\u9632\u62a4\u5899\u529f\u80fd. # Neutron provider neutron_provider_networks: network_types: \"{{ 'vxlan' if enable_vxlan_network_type else 'vlan' }}\" network_vlan_ranges: \"default:xxx:xxx\" #\u90e8\u7f72\u4e4b\u524d\u89c4\u5212\u7684\u4e1a\u52a1\u7f51\u7edcvlan\u8303\u56f4 network_mappings: \"default:br-provider\" network_interface: \"{{ neutron_external_interface }}\" network_vxlan_ranges: \"\" #\u90e8\u7f72\u4e4b\u524d\u89c4\u5212\u7684\u4e1a\u52a1\u7f51\u7edcvxlan\u8303\u56f4 # \u5982\u4e0b\u8fd9\u4e9b\u914d\u7f6e\u662fSND\u63a7\u5236\u5668\u7684\u914d\u7f6e\u53c2\u6570, `enable_sdn_controller`\u8bbe\u7f6e\u4e3aTrue, \u4f7f\u80fdSND\u63a7\u5236\u5668\u529f\u80fd. # \u5176\u4ed6\u53c2\u6570\u8bf7\u6839\u636e\u90e8\u7f72\u4e4b\u524d\u7684\u89c4\u5212\u548cSDN\u90e8\u7f72\u4fe1\u606f\u786e\u5b9a. enable_sdn_controller: False sdn_controller_ip_address: # SDN\u63a7\u5236\u5668ip\u5730\u5740 sdn_controller_username: # SDN\u63a7\u5236\u5668\u7684\u7528\u6237\u540d sdn_controller_password: # SDN\u63a7\u5236\u5668\u7684\u7528\u6237\u5bc6\u7801 ####################### # Dimsagent options ####################### enable_dimsagent: \"no\" # \u5b89\u88c5\u955c\u50cf\u670d\u52a1agent, \u9700\u8981\u6539\u4e3ayes # Address and domain name for s2 s3_address_domain_pair: - host_ip: host_name: ####################### # Trove options ####################### enable_trove: \"no\" #\u5b89\u88c5trove \u9700\u8981\u6539\u4e3ayes #default network trove_default_neutron_networks: #trove \u7684\u7ba1\u7406\u7f51\u7edcid `openstack network list|grep -w trove-mgmt|awk '{print$2}'` #s3 setup(\u5982\u679c\u6ca1\u6709s3,\u4ee5\u4e0b\u503c\u586bnull) s3_endpoint_host_ip: #s3\u7684ip s3_endpoint_host_name: #s3\u7684\u57df\u540d s3_endpoint_url: #s3\u7684url \u00b7\u4e00\u822c\u4e3ahttp\uff1a//s3\u57df\u540d s3_access_key: #s3\u7684ak s3_secret_key: #s3\u7684sk ####################### # Ironic options ####################### enable_ironic: \"no\" #\u662f\u5426\u5f00\u673a\u88f8\u91d1\u5c5e\u90e8\u7f72\uff0c\u9ed8\u8ba4\u4e0d\u5f00\u542f ironic_neutron_provisioning_network_uuid: ironic_neutron_cleaning_network_uuid: \"{{ ironic_neutron_provisioning_network_uuid }}\" ironic_dnsmasq_interface: ironic_dnsmasq_dhcp_range: ironic_tftp_server_address: \"{{ hostvars[inventory_hostname]['ansible_' + ironic_dnsmasq_interface]['ipv4']['address'] }}\" # \u4ea4\u6362\u673a\u8bbe\u5907\u76f8\u5173\u4fe1\u606f neutron_ml2_conf_genericswitch: genericswitch:xxxxxxx: device_type: ngs_mac_address: ip: username: password: ngs_port_default_vlan: # Package state setting haproxy_package_state: \"present\" mariadb_package_state: \"present\" rabbitmq_package_state: \"present\" memcached_package_state: \"present\" ceph_client_package_state: \"present\" keystone_package_state: \"present\" glance_package_state: \"present\" cinder_package_state: \"present\" nova_package_state: \"present\" neutron_package_state: \"present\" miner_package_state: \"present\" 7.4 \u68c0\u67e5\u6240\u6709\u8282\u70b9ssh\u8fde\u63a5\u72b6\u6001 \u00b6 dnf install ansible -y ansible all -i /usr/local/share/opensd/ansible/inventory/multinode -m ping # \u6267\u884c\u7ed3\u679c\u663e\u793a\u6bcf\u53f0\u4e3b\u673a\u90fd\u662f\"SUCCESS\"\u5373\u8bf4\u660e\u8fde\u63a5\u72b6\u6001\u6ca1\u95ee\u9898,\u793a\u4f8b\uff1a compute1 | SUCCESS => { \"ansible_facts\": { \"discovered_interpreter_python\": \"/usr/bin/python\" }, \"changed\": false, \"ping\": \"pong\" } 8. \u6267\u884c\u90e8\u7f72 \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 8.1 \u6267\u884cbootstrap \u00b6 # \u6267\u884c\u90e8\u7f72 opensd -i /usr/local/share/opensd/ansible/inventory/multinode bootstrap --forks 50 8.2 \u91cd\u542f\u670d\u52a1\u5668 \u00b6 \u6ce8\uff1a\u6267\u884c\u91cd\u542f\u7684\u539f\u56e0\u662f:bootstrap\u53ef\u80fd\u4f1a\u5347\u5185\u6838,\u66f4\u6539selinux\u914d\u7f6e\u6216\u8005\u6709GPU\u670d\u52a1\u5668,\u5982\u679c\u88c5\u673a\u8fc7\u7a0b\u5df2\u7ecf\u662f\u65b0\u7248\u5185\u6838,selinux disable\u6216\u8005\u6ca1\u6709GPU\u670d\u52a1\u5668,\u5219\u4e0d\u9700\u8981\u6267\u884c\u8be5\u6b65\u9aa4 # \u624b\u52a8\u91cd\u542f\u5bf9\u5e94\u8282\u70b9,\u6267\u884c\u547d\u4ee4 init6 # \u91cd\u542f\u5b8c\u6210\u540e\uff0c\u518d\u6b21\u68c0\u67e5\u8fde\u901a\u6027 ansible all -i /usr/local/share/opensd/ansible/inventory/multinode -m ping # \u91cd\u542f\u5b8c\u540e\u64cd\u4f5c\u7cfb\u7edf\u540e\uff0c\u518d\u6b21\u542f\u52a8yum\u6e90 8.3 \u6267\u884c\u90e8\u7f72\u524d\u68c0\u67e5 \u00b6 opensd -i /usr/local/share/opensd/ansible/inventory/multinode prechecks --forks 50 8.4 \u6267\u884c\u90e8\u7f72 \u00b6 ln -s /usr/bin/python3 /usr/bin/python \u5168\u91cf\u90e8\u7f72\uff1a opensd -i /usr/local/share/opensd/ansible/inventory/multinode deploy --forks 50 \u5355\u670d\u52a1\u90e8\u7f72\uff1a opensd -i /usr/local/share/opensd/ansible/inventory/multinode deploy --forks 50 -t service_name","title":"openEuler-22.03-LTS-SP3_Train"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#openstack-train","text":"OpenStack-Train \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 \u57fa\u4e8eOpenStack SIG\u90e8\u7f72\u5de5\u5177opensd\u90e8\u7f72 \u90e8\u7f72\u6b65\u9aa4 1. \u90e8\u7f72\u524d\u9700\u8981\u786e\u8ba4\u7684\u4fe1\u606f 2. ceph pool\u4e0e\u8ba4\u8bc1\u521b\u5efa\uff08\u53ef\u9009\uff09 2.1 \u521b\u5efapool: 2.2 \u521d\u59cb\u5316pool 2.3 \u521b\u5efa\u7528\u6237\u8ba4\u8bc1 3. \u914d\u7f6elvm\uff08\u53ef\u9009\uff09 4. \u914d\u7f6eyum repo 4.1 \u5907\u4efdyum\u6e90 4.2 \u914d\u7f6eyum repo 4.3 \u66f4\u65b0yum\u7f13\u5b58 5. \u5b89\u88c5opensd 5.1 \u514b\u9686opensd\u6e90\u7801\u5e76\u5b89\u88c5 6. \u505assh\u4e92\u4fe1 6.1 \u751f\u6210\u5bc6\u94a5\u5bf9 6.2 \u751f\u6210\u4e3b\u673aIP\u5730\u5740\u6587\u4ef6 6.3 \u66f4\u6539\u5bc6\u7801\u5e76\u6267\u884c\u811a\u672c 6.4 \u90e8\u7f72\u8282\u70b9\u4e0eceph monitor\u505a\u4e92\u4fe1\uff08\u53ef\u9009\uff09 7. \u914d\u7f6eopensd 7.1 \u751f\u6210\u968f\u673a\u5bc6\u7801 7.2 \u914d\u7f6einventory\u6587\u4ef6 7.3 \u914d\u7f6e\u5168\u5c40\u53d8\u91cf 7.4 \u68c0\u67e5\u6240\u6709\u8282\u70b9ssh\u8fde\u63a5\u72b6\u6001 8. \u6267\u884c\u90e8\u7f72 8.1 \u6267\u884cbootstrap 8.2 \u91cd\u542f\u670d\u52a1\u5668 8.3 \u6267\u884c\u90e8\u7f72\u524d\u68c0\u67e5 8.4 \u6267\u884c\u90e8\u7f72","title":"OpenStack-Train \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#openstack","text":"OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 22.03-LTS-SP3\u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Train \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002","title":"OpenStack \u7b80\u4ecb"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#_1","text":"OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron","title":"\u7ea6\u5b9a"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#_2","text":"","title":"\u51c6\u5907\u73af\u5883"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#_3","text":"\u542f\u52a8OpenStack Train yum\u6e90 yum update yum install openstack-release-train yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute","title":"\u73af\u5883\u914d\u7f6e"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#sql-database","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef","title":"\u5b89\u88c5 SQL DataBase"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#rabbitmq","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5 RabbitMQ"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#memcached","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002","title":"\u5b89\u88c5 Memcached"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#openstack_1","text":"","title":"\u5b89\u88c5 OpenStack"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#keystone","text":"\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient==4.0.2 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#glance","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#placement","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a . admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name","title":"Placement\u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#nova","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u5219 virt_type \u53ef\u4ee5\u914d\u7f6e\u4e3a kvm \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF chown nova:nova /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u5e76\u4e14\u5f53ARM\u67b6\u6784\u4e0b\u7684\u90e8\u7f72\u73af\u5883\u4e3a\u5d4c\u5957\u865a\u62df\u5316\u65f6\uff0c libvirt \u914d\u7f6e\u5982\u4e0b\uff1a [libvirt] virt_type = qemu cpu_mode = custom cpu_model = cortex-a72 \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CTL) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL)","title":"Nova \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#neutron","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl restart neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list","title":"Neutron \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#cinder","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list","title":"Cinder \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#horizon","text":"\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740","title":"horizon \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Train\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin","title":"Tempest \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; 2. \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u542f\u52a8\u670d\u52a1 systemctl enable openstack-ironic-api openstack-ironic-conductor systemctl start openstack-ironic-api openstack-ironic-conductor \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y 2. \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7.deploy ramdisk\u955c\u50cf\u5236\u4f5c T\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528T\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728T\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a T\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target \u5728Train\u4e2d\uff0c\u6211\u4eec\u8fd8\u63d0\u4f9b\u4e86ironic-inspector\u7b49\u670d\u52a1\uff0c\u7528\u6237\u53ef\u6839\u636e\u81ea\u8eab\u9700\u6c42\u5b89\u88c5\u3002","title":"Ironic \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#kolla","text":"Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u8fdb\u884c\u76f8\u5173\u7684\u955c\u50cf\u5236\u4f5c\u548c\u5bb9\u5668\u73af\u5883\u90e8\u7f72\u4e86\u3002","title":"Kolla \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 1.\u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; 2.\u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --domain default --password-prompt trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s 3.\u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1.\u5b89\u88c5 Trove \u5305 yum install openstack-trove python3-troveclient 2.\u914d\u7f6e trove.conf vim /etc/trove/trove.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller:5000/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 swift_url = http://controller:8080/v1/AUTH_ rpc_backend = rabbit transport_url = rabbit://openstack:RABBIT_PASS@controller:5672 auth_strategy = keystone add_addresses = True api_paste_config = /etc/trove/api-paste.ini nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASSWORD nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver = trove.network.neutron.NeutronDriver network_label_regex = .* [database] connection = mysql+pymysql://trove:TROVE_DBPASSWORD@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ auth_type = password project_domain_name = default user_domain_name = default project_name = service username = trove password = TROVE_PASSWORD \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 3.\u914d\u7f6e trove-guestagent.conf vim /etc/trove/trove-guestagent.conf rabbit_host = controller rabbit_password = RABBIT_PASS trove_auth_url = http://controller:5000/ \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 4.\u751f\u6210\u6570\u636e Trove \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"trove-manage db_sync\" trove 4.\u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#swift","text":"Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service","title":"Swift \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#cyborg","text":"Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 1.\u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 3.\u5b89\u88c5Cyborg yum install openstack-cyborg 4.\u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f 5.\u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade 6.\u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent","title":"Cyborg \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#aodh","text":"1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 3.\u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync 6.\u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service","title":"Aodh \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#gnocchi","text":"1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 3.\u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade 6.\u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service","title":"Gnocchi \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#ceilometer","text":"1.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering 2.\u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central 3.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade 6.\u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service","title":"Ceilometer \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#heat","text":"1.\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; 2.\u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin 3.\u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 4.\u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user 5.\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine 6.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 7.\u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat 8.\u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service","title":"Heat \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#openstack-sigoos","text":"oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 pip install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.03-LTS-SP3\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.03-lts-SP3 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r train \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.03-lts-SP3 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"\u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#openstack-sigopensd","text":"opensd\u7528\u4e8e\u6279\u91cf\u5730\u811a\u672c\u5316\u90e8\u7f72openstack\u5404\u7ec4\u4ef6\u670d\u52a1\u3002","title":"\u57fa\u4e8eOpenStack SIG\u90e8\u7f72\u5de5\u5177opensd\u90e8\u7f72"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#_4","text":"","title":"\u90e8\u7f72\u6b65\u9aa4"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#1","text":"\u88c5\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u9700\u5c06selinux\u8bbe\u7f6e\u4e3adisable \u88c5\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u5c06/etc/ssh/sshd_config\u914d\u7f6e\u6587\u4ef6\u5185\u7684UseDNS\u8bbe\u7f6e\u4e3ano \u64cd\u4f5c\u7cfb\u7edf\u8bed\u8a00\u5fc5\u987b\u8bbe\u7f6e\u4e3a\u82f1\u6587 \u90e8\u7f72\u4e4b\u524d\u8bf7\u786e\u4fdd\u6240\u6709\u8ba1\u7b97\u8282\u70b9/etc/hosts\u6587\u4ef6\u5185\u6ca1\u6709\u5bf9\u8ba1\u7b97\u4e3b\u673a\u7684\u89e3\u6790","title":"1. \u90e8\u7f72\u524d\u9700\u8981\u786e\u8ba4\u7684\u4fe1\u606f"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#2-ceph-pool","text":"\u4e0d\u4f7f\u7528ceph\u6216\u5df2\u6709ceph\u96c6\u7fa4\u53ef\u5ffd\u7565\u6b64\u6b65\u9aa4 \u5728\u4efb\u610f\u4e00\u53f0ceph monitor\u8282\u70b9\u6267\u884c:","title":"2. ceph pool\u4e0e\u8ba4\u8bc1\u521b\u5efa\uff08\u53ef\u9009\uff09"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#21-pool","text":"ceph osd pool create volumes 2048 ceph osd pool create images 2048","title":"2.1 \u521b\u5efapool:"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#22-pool","text":"rbd pool init volumes rbd pool init images","title":"2.2 \u521d\u59cb\u5316pool"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#23","text":"ceph auth get-or-create client.glance mon 'profile rbd' osd 'profile rbd pool=images' mgr 'profile rbd pool=images' ceph auth get-or-create client.cinder mon 'profile rbd' osd 'profile rbd pool=volumes, profile rbd pool=images' mgr 'profile rbd pool=volumes'","title":"2.3 \u521b\u5efa\u7528\u6237\u8ba4\u8bc1"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#3-lvm","text":"\u6839\u636e\u7269\u7406\u673a\u78c1\u76d8\u914d\u7f6e\u4e0e\u95f2\u7f6e\u60c5\u51b5\uff0c\u4e3amysql\u6570\u636e\u76ee\u5f55\u6302\u8f7d\u989d\u5916\u7684\u78c1\u76d8\u7a7a\u95f4\u3002\u793a\u4f8b\u5982\u4e0b\uff08\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u505a\u914d\u7f6e\uff09\uff1a fdisk -l Disk /dev/sdd: 479.6 GB, 479559942144 bytes, 936640512 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes Disk label type: dos Disk identifier: 0x000ed242 \u521b\u5efa\u5206\u533a parted /dev/sdd mkparted 0 -1 \u521b\u5efapv partprobe /dev/sdd1 pvcreate /dev/sdd1 \u521b\u5efa\u3001\u6fc0\u6d3bvg vgcreate vg_mariadb /dev/sdd1 vgchange -ay vg_mariadb \u67e5\u770bvg\u5bb9\u91cf vgdisplay --- Volume group --- VG Name vg_mariadb System ID Format lvm2 Metadata Areas 1 Metadata Sequence No 2 VG Access read/write VG Status resizable MAX LV 0 Cur LV 1 Open LV 1 Max PV 0 Cur PV 1 Act PV 1 VG Size 446.62 GiB PE Size 4.00 MiB Total PE 114335 Alloc PE / Size 114176 / 446.00 GiB Free PE / Size 159 / 636.00 MiB VG UUID bVUmDc-VkMu-Vi43-mg27-TEkG-oQfK-TvqdEc \u521b\u5efalv lvcreate -L 446G -n lv_mariadb vg_mariadb \u683c\u5f0f\u5316\u78c1\u76d8\u5e76\u83b7\u53d6\u5377\u7684UUID mkfs.ext4 /dev/mapper/vg_mariadb-lv_mariadb blkid /dev/mapper/vg_mariadb-lv_mariadb /dev/mapper/vg_mariadb-lv_mariadb: UUID=\"98d513eb-5f64-4aa5-810e-dc7143884fa2\" TYPE=\"ext4\" \u6ce8\uff1a98d513eb-5f64-4aa5-810e-dc7143884fa2\u4e3a\u5377\u7684UUID \u6302\u8f7d\u78c1\u76d8 mount /dev/mapper/vg_mariadb-lv_mariadb /var/lib/mysql rm -rf /var/lib/mysql/*","title":"3. \u914d\u7f6elvm\uff08\u53ef\u9009\uff09"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#4-yum-repo","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"4. \u914d\u7f6eyum repo"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#41-yum","text":"mkdir /etc/yum.repos.d/bak/ mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak/","title":"4.1 \u5907\u4efdyum\u6e90"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#42-yum-repo","text":"cat > /etc/yum.repos.d/opensd.repo << EOF [train] name=train baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP3:/Epol:/Multi-Version:/OpenStack:/Train/standard_$basearch/ enabled=1 gpgcheck=0 [epol] name=epol baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP3:/Epol/standard_$basearch/ enabled=1 gpgcheck=0 [everything] name=everything baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP3/standard_$basearch/ enabled=1 gpgcheck=0 EOF","title":"4.2 \u914d\u7f6eyum repo"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#43-yum","text":"yum clean all yum makecache","title":"4.3 \u66f4\u65b0yum\u7f13\u5b58"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#5-opensd","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"5. \u5b89\u88c5opensd"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#51-opensd","text":"git clone https://gitee.com/openeuler/opensd cd opensd python3 setup.py install","title":"5.1 \u514b\u9686opensd\u6e90\u7801\u5e76\u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#6-ssh","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"6. \u505assh\u4e92\u4fe1"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#61","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u5e76\u4e00\u8def\u56de\u8f66 ssh-keygen","title":"6.1 \u751f\u6210\u5bc6\u94a5\u5bf9"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#62-ip","text":"\u5728auto_ssh_host_ip\u4e2d\u914d\u7f6e\u6240\u6709\u7528\u5230\u7684\u4e3b\u673aip, \u793a\u4f8b\uff1a cd /usr/local/share/opensd/tools/ vim auto_ssh_host_ip 10.0.0.1 10.0.0.2 ... 10.0.0.10","title":"6.2 \u751f\u6210\u4e3b\u673aIP\u5730\u5740\u6587\u4ef6"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#63","text":"\u5c06\u514d\u5bc6\u811a\u672c /usr/local/bin/opensd-auto-ssh \u5185123123\u66ff\u6362\u4e3a\u4e3b\u673a\u771f\u5b9e\u5bc6\u7801 # \u66ff\u6362\u811a\u672c\u5185123123\u5b57\u7b26\u4e32 vim /usr/local/bin/opensd-auto-ssh ## \u5b89\u88c5expect\u540e\u6267\u884c\u811a\u672c dnf install expect -y opensd-auto-ssh","title":"6.3 \u66f4\u6539\u5bc6\u7801\u5e76\u6267\u884c\u811a\u672c"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#64-ceph-monitor","text":"ssh-copy-id root@x.x.x.x","title":"6.4 \u90e8\u7f72\u8282\u70b9\u4e0eceph monitor\u505a\u4e92\u4fe1\uff08\u53ef\u9009\uff09"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#7-opensd","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"7. \u914d\u7f6eopensd"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#71","text":"\u5b89\u88c5 python3-pbr, python3-utils, python3-pyyaml, python3-oslo-utils\u5e76\u968f\u673a\u751f\u6210\u5bc6\u7801 dnf install python3-pbr python3-utils python3-pyyaml python3-oslo-utils -y # \u6267\u884c\u547d\u4ee4\u751f\u6210\u5bc6\u7801 opensd-genpwd # \u68c0\u67e5\u5bc6\u7801\u662f\u5426\u751f\u6210 cat /usr/local/share/opensd/etc_examples/opensd/passwords.yml","title":"7.1 \u751f\u6210\u968f\u673a\u5bc6\u7801"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#72-inventory","text":"\u4e3b\u673a\u4fe1\u606f\u5305\u542b\uff1a\u4e3b\u673a\u540d\u3001ansible_host IP\u3001availability_zone\uff0c\u4e09\u8005\u5747\u9700\u914d\u7f6e\u7f3a\u4e00\u4e0d\u53ef\uff0c\u793a\u4f8b\uff1a vim /usr/local/share/opensd/ansible/inventory/multinode # \u4e09\u53f0\u63a7\u5236\u8282\u70b9\u4e3b\u673a\u4fe1\u606f [control] controller1 ansible_host=10.0.0.35 availability_zone=az01.cell01.cn-yogadev-1 controller2 ansible_host=10.0.0.36 availability_zone=az01.cell01.cn-yogadev-1 controller3 ansible_host=10.0.0.37 availability_zone=az01.cell01.cn-yogadev-1 # \u7f51\u7edc\u8282\u70b9\u4fe1\u606f\uff0c\u4e0e\u63a7\u5236\u8282\u70b9\u4fdd\u6301\u4e00\u81f4 [network] controller1 ansible_host=10.0.0.35 availability_zone=az01.cell01.cn-yogadev-1 controller2 ansible_host=10.0.0.36 availability_zone=az01.cell01.cn-yogadev-1 controller3 ansible_host=10.0.0.37 availability_zone=az01.cell01.cn-yogadev-1 # cinder-volume\u670d\u52a1\u8282\u70b9\u4fe1\u606f [storage] storage1 ansible_host=10.0.0.61 availability_zone=az01.cell01.cn-yogadev-1 storage2 ansible_host=10.0.0.78 availability_zone=az01.cell01.cn-yogadev-1 storage3 ansible_host=10.0.0.82 availability_zone=az01.cell01.cn-yogadev-1 # Cell1 \u96c6\u7fa4\u4fe1\u606f [cell-control-cell1] cell1 ansible_host=10.0.0.24 availability_zone=az01.cell01.cn-yogadev-1 cell2 ansible_host=10.0.0.25 availability_zone=az01.cell01.cn-yogadev-1 cell3 ansible_host=10.0.0.26 availability_zone=az01.cell01.cn-yogadev-1 [compute-cell1] compute1 ansible_host=10.0.0.27 availability_zone=az01.cell01.cn-yogadev-1 compute2 ansible_host=10.0.0.28 availability_zone=az01.cell01.cn-yogadev-1 compute3 ansible_host=10.0.0.29 availability_zone=az01.cell01.cn-yogadev-1 [cell1:children] cell-control-cell1 compute-cell1 # Cell2\u96c6\u7fa4\u4fe1\u606f [cell-control-cell2] cell4 ansible_host=10.0.0.36 availability_zone=az03.cell02.cn-yogadev-1 cell5 ansible_host=10.0.0.37 availability_zone=az03.cell02.cn-yogadev-1 cell6 ansible_host=10.0.0.38 availability_zone=az03.cell02.cn-yogadev-1 [compute-cell2] compute4 ansible_host=10.0.0.39 availability_zone=az03.cell02.cn-yogadev-1 compute5 ansible_host=10.0.0.40 availability_zone=az03.cell02.cn-yogadev-1 compute6 ansible_host=10.0.0.41 availability_zone=az03.cell02.cn-yogadev-1 [cell2:children] cell-control-cell2 compute-cell2 [baremetal] [compute-cell1-ironic] # \u586b\u5199\u6240\u6709cell\u96c6\u7fa4\u7684control\u4e3b\u673a\u7ec4 [nova-conductor:children] cell-control-cell1 cell-control-cell2 # \u586b\u5199\u6240\u6709cell\u96c6\u7fa4\u7684compute\u4e3b\u673a\u7ec4 [nova-compute:children] compute-added compute-cell1 compute-cell2 # \u4e0b\u9762\u7684\u4e3b\u673a\u7ec4\u4fe1\u606f\u4e0d\u9700\u53d8\u52a8\uff0c\u4fdd\u7559\u5373\u53ef [compute-added] [chrony-server:children] control [pacemaker:children] control ...... ......","title":"7.2 \u914d\u7f6einventory\u6587\u4ef6"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#73","text":"\u6ce8: \u6587\u6863\u4e2d\u63d0\u5230\u7684\u6709\u6ce8\u91ca\u914d\u7f6e\u9879\u9700\u8981\u66f4\u6539\uff0c\u5176\u4ed6\u53c2\u6570\u4e0d\u9700\u8981\u66f4\u6539\uff0c\u82e5\u65e0\u76f8\u5173\u914d\u7f6e\u5219\u4e3a\u7a7a vim /usr/local/share/opensd/etc_examples/opensd/globals.yml ######################## # Network & Base options ######################## network_interface: \"eth0\" #\u7ba1\u7406\u7f51\u7edc\u7684\u7f51\u5361\u540d\u79f0 neutron_external_interface: \"eth1\" #\u4e1a\u52a1\u7f51\u7edc\u7684\u7f51\u5361\u540d\u79f0 cidr_netmask: 24 #\u7ba1\u7406\u7f51\u7684\u63a9\u7801 opensd_vip_address: 10.0.0.33 #\u63a7\u5236\u8282\u70b9\u865a\u62dfIP\u5730\u5740 cell1_vip_address: 10.0.0.34 #cell1\u96c6\u7fa4\u7684\u865a\u62dfIP\u5730\u5740 cell2_vip_address: 10.0.0.35 #cell2\u96c6\u7fa4\u7684\u865a\u62dfIP\u5730\u5740 external_fqdn: \"\" #\u7528\u4e8evnc\u8bbf\u95ee\u865a\u62df\u673a\u7684\u5916\u7f51\u57df\u540d\u5730\u5740 external_ntp_servers: [] #\u5916\u90e8ntp\u670d\u52a1\u5668\u5730\u5740 yumrepo_host: #yum\u6e90\u7684IP\u5730\u5740 yumrepo_port: #yum\u6e90\u7aef\u53e3\u53f7 environment: #yum\u6e90\u7684\u7c7b\u578b upgrade_all_packages: \"yes\" #\u662f\u5426\u5347\u7ea7\u6240\u6709\u5b89\u88c5\u7248\u7684\u7248\u672c(\u6267\u884cyum upgrade)\uff0c\u521d\u59cb\u90e8\u7f72\u8d44\u6e90\u8bf7\u8bbe\u7f6e\u4e3a\"yes\" enable_miner: \"no\" #\u662f\u5426\u5f00\u542f\u90e8\u7f72miner\u670d\u52a1 enable_chrony: \"no\" #\u662f\u5426\u5f00\u542f\u90e8\u7f72chrony\u670d\u52a1 enable_pri_mariadb: \"no\" #\u662f\u5426\u4e3a\u79c1\u6709\u4e91\u90e8\u7f72mariadb enable_hosts_file_modify: \"no\" # \u6269\u5bb9\u8ba1\u7b97\u8282\u70b9\u548c\u90e8\u7f72ironic\u670d\u52a1\u7684\u65f6\u5019\uff0c\u662f\u5426\u5c06\u8282\u70b9\u4fe1\u606f\u6dfb\u52a0\u5230`/etc/hosts` ######################## # Available zone options ######################## az_cephmon_compose: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az01\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az01\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az02\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az02\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az03\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az03\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: # `reserve_vcpu_based_on_numa`\u914d\u7f6e\u4e3a`yes` or `no`,\u4e3e\u4f8b\u8bf4\u660e\uff1a NUMA node0 CPU(s): 0-15,32-47 NUMA node1 CPU(s): 16-31,48-63 \u5f53reserve_vcpu_based_on_numa: \"yes\", \u6839\u636enuma node, \u5e73\u5747\u6bcf\u4e2anode\u9884\u7559vcpu: vcpu_pin_set = 2-15,34-47,18-31,50-63 \u5f53reserve_vcpu_based_on_numa: \"no\", \u4ece\u7b2c\u4e00\u4e2avcpu\u5f00\u59cb\uff0c\u987a\u5e8f\u9884\u7559vcpu: vcpu_pin_set = 8-64 ####################### # Nova options ####################### nova_reserved_host_memory_mb: 2048 #\u8ba1\u7b97\u8282\u70b9\u7ed9\u8ba1\u7b97\u670d\u52a1\u9884\u7559\u7684\u5185\u5b58\u5927\u5c0f enable_cells: \"yes\" #cell\u8282\u70b9\u662f\u5426\u5355\u72ec\u8282\u70b9\u90e8\u7f72 support_gpu: \"False\" #cell\u8282\u70b9\u662f\u5426\u6709GPU\u670d\u52a1\u5668\uff0c\u5982\u679c\u6709\u5219\u4e3aTrue\uff0c\u5426\u5219\u4e3aFalse ####################### # Neutron options ####################### monitor_ip: - 10.0.0.9 #\u914d\u7f6e\u76d1\u63a7\u8282\u70b9 - 10.0.0.10 enable_meter_full_eip: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8EIP\u5168\u91cf\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter_port_forwarding: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8port forwarding\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter_ecs_ipv6: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8ecs_ipv6\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter: True #\u914d\u7f6e\u662f\u5426\u5f00\u542f\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue is_sdn_arch: False #\u914d\u7f6e\u662f\u5426\u662fsdn\u67b6\u6784\uff0c\u9ed8\u8ba4\u4e3aFalse # \u9ed8\u8ba4\u4f7f\u80fd\u7684\u7f51\u7edc\u7c7b\u578b\u662fvlan,vlan\u548cvxlan\u4e24\u79cd\u7c7b\u578b\u53ea\u80fd\u4e8c\u9009\u4e00. enable_vxlan_network_type: False # \u9ed8\u8ba4\u4f7f\u80fd\u7684\u7f51\u7edc\u7c7b\u578b\u662fvlan,\u5982\u679c\u4f7f\u7528vxlan\u7f51\u7edc\uff0c\u914d\u7f6e\u4e3aTrue, \u5982\u679c\u4f7f\u7528vlan\u7f51\u7edc\uff0c\u914d\u7f6e\u4e3aFalse. enable_neutron_fwaas: False # \u73af\u5883\u6709\u4f7f\u7528\u9632\u706b\u5899, \u8bbe\u7f6e\u4e3aTrue, \u4f7f\u80fd\u9632\u62a4\u5899\u529f\u80fd. # Neutron provider neutron_provider_networks: network_types: \"{{ 'vxlan' if enable_vxlan_network_type else 'vlan' }}\" network_vlan_ranges: \"default:xxx:xxx\" #\u90e8\u7f72\u4e4b\u524d\u89c4\u5212\u7684\u4e1a\u52a1\u7f51\u7edcvlan\u8303\u56f4 network_mappings: \"default:br-provider\" network_interface: \"{{ neutron_external_interface }}\" network_vxlan_ranges: \"\" #\u90e8\u7f72\u4e4b\u524d\u89c4\u5212\u7684\u4e1a\u52a1\u7f51\u7edcvxlan\u8303\u56f4 # \u5982\u4e0b\u8fd9\u4e9b\u914d\u7f6e\u662fSND\u63a7\u5236\u5668\u7684\u914d\u7f6e\u53c2\u6570, `enable_sdn_controller`\u8bbe\u7f6e\u4e3aTrue, \u4f7f\u80fdSND\u63a7\u5236\u5668\u529f\u80fd. # \u5176\u4ed6\u53c2\u6570\u8bf7\u6839\u636e\u90e8\u7f72\u4e4b\u524d\u7684\u89c4\u5212\u548cSDN\u90e8\u7f72\u4fe1\u606f\u786e\u5b9a. enable_sdn_controller: False sdn_controller_ip_address: # SDN\u63a7\u5236\u5668ip\u5730\u5740 sdn_controller_username: # SDN\u63a7\u5236\u5668\u7684\u7528\u6237\u540d sdn_controller_password: # SDN\u63a7\u5236\u5668\u7684\u7528\u6237\u5bc6\u7801 ####################### # Dimsagent options ####################### enable_dimsagent: \"no\" # \u5b89\u88c5\u955c\u50cf\u670d\u52a1agent, \u9700\u8981\u6539\u4e3ayes # Address and domain name for s2 s3_address_domain_pair: - host_ip: host_name: ####################### # Trove options ####################### enable_trove: \"no\" #\u5b89\u88c5trove \u9700\u8981\u6539\u4e3ayes #default network trove_default_neutron_networks: #trove \u7684\u7ba1\u7406\u7f51\u7edcid `openstack network list|grep -w trove-mgmt|awk '{print$2}'` #s3 setup(\u5982\u679c\u6ca1\u6709s3,\u4ee5\u4e0b\u503c\u586bnull) s3_endpoint_host_ip: #s3\u7684ip s3_endpoint_host_name: #s3\u7684\u57df\u540d s3_endpoint_url: #s3\u7684url \u00b7\u4e00\u822c\u4e3ahttp\uff1a//s3\u57df\u540d s3_access_key: #s3\u7684ak s3_secret_key: #s3\u7684sk ####################### # Ironic options ####################### enable_ironic: \"no\" #\u662f\u5426\u5f00\u673a\u88f8\u91d1\u5c5e\u90e8\u7f72\uff0c\u9ed8\u8ba4\u4e0d\u5f00\u542f ironic_neutron_provisioning_network_uuid: ironic_neutron_cleaning_network_uuid: \"{{ ironic_neutron_provisioning_network_uuid }}\" ironic_dnsmasq_interface: ironic_dnsmasq_dhcp_range: ironic_tftp_server_address: \"{{ hostvars[inventory_hostname]['ansible_' + ironic_dnsmasq_interface]['ipv4']['address'] }}\" # \u4ea4\u6362\u673a\u8bbe\u5907\u76f8\u5173\u4fe1\u606f neutron_ml2_conf_genericswitch: genericswitch:xxxxxxx: device_type: ngs_mac_address: ip: username: password: ngs_port_default_vlan: # Package state setting haproxy_package_state: \"present\" mariadb_package_state: \"present\" rabbitmq_package_state: \"present\" memcached_package_state: \"present\" ceph_client_package_state: \"present\" keystone_package_state: \"present\" glance_package_state: \"present\" cinder_package_state: \"present\" nova_package_state: \"present\" neutron_package_state: \"present\" miner_package_state: \"present\"","title":"7.3 \u914d\u7f6e\u5168\u5c40\u53d8\u91cf"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#74-ssh","text":"dnf install ansible -y ansible all -i /usr/local/share/opensd/ansible/inventory/multinode -m ping # \u6267\u884c\u7ed3\u679c\u663e\u793a\u6bcf\u53f0\u4e3b\u673a\u90fd\u662f\"SUCCESS\"\u5373\u8bf4\u660e\u8fde\u63a5\u72b6\u6001\u6ca1\u95ee\u9898,\u793a\u4f8b\uff1a compute1 | SUCCESS => { \"ansible_facts\": { \"discovered_interpreter_python\": \"/usr/bin/python\" }, \"changed\": false, \"ping\": \"pong\" }","title":"7.4 \u68c0\u67e5\u6240\u6709\u8282\u70b9ssh\u8fde\u63a5\u72b6\u6001"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#8","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"8. \u6267\u884c\u90e8\u7f72"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#81-bootstrap","text":"# \u6267\u884c\u90e8\u7f72 opensd -i /usr/local/share/opensd/ansible/inventory/multinode bootstrap --forks 50","title":"8.1 \u6267\u884cbootstrap"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#82","text":"\u6ce8\uff1a\u6267\u884c\u91cd\u542f\u7684\u539f\u56e0\u662f:bootstrap\u53ef\u80fd\u4f1a\u5347\u5185\u6838,\u66f4\u6539selinux\u914d\u7f6e\u6216\u8005\u6709GPU\u670d\u52a1\u5668,\u5982\u679c\u88c5\u673a\u8fc7\u7a0b\u5df2\u7ecf\u662f\u65b0\u7248\u5185\u6838,selinux disable\u6216\u8005\u6ca1\u6709GPU\u670d\u52a1\u5668,\u5219\u4e0d\u9700\u8981\u6267\u884c\u8be5\u6b65\u9aa4 # \u624b\u52a8\u91cd\u542f\u5bf9\u5e94\u8282\u70b9,\u6267\u884c\u547d\u4ee4 init6 # \u91cd\u542f\u5b8c\u6210\u540e\uff0c\u518d\u6b21\u68c0\u67e5\u8fde\u901a\u6027 ansible all -i /usr/local/share/opensd/ansible/inventory/multinode -m ping # \u91cd\u542f\u5b8c\u540e\u64cd\u4f5c\u7cfb\u7edf\u540e\uff0c\u518d\u6b21\u542f\u52a8yum\u6e90","title":"8.2 \u91cd\u542f\u670d\u52a1\u5668"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#83","text":"opensd -i /usr/local/share/opensd/ansible/inventory/multinode prechecks --forks 50","title":"8.3 \u6267\u884c\u90e8\u7f72\u524d\u68c0\u67e5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#84","text":"ln -s /usr/bin/python3 /usr/bin/python \u5168\u91cf\u90e8\u7f72\uff1a opensd -i /usr/local/share/opensd/ansible/inventory/multinode deploy --forks 50 \u5355\u670d\u52a1\u90e8\u7f72\uff1a opensd -i /usr/local/share/opensd/ansible/inventory/multinode deploy --forks 50 -t service_name","title":"8.4 \u6267\u884c\u90e8\u7f72"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/","text":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 OpenStack \u7b80\u4ecb \u00b6 OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 22.03-LTS-SP3\u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Wallaby \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002 \u7ea6\u5b9a \u00b6 OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a CinderSP1 Nova Neutron \u51c6\u5907\u73af\u5883 \u00b6 \u73af\u5883\u914d\u7f6e \u00b6 \u914d\u7f6e 22.03 LTS \u5b98\u65b9yum\u6e90\uff0c\u9700\u8981\u542f\u7528EPOL\u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301OpenStack yum update yum install openstack-release-wallaby yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute \u5b89\u88c5 SQL DataBase \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef \u5b89\u88c5 RabbitMQ \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5 Memcached \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u5b89\u88c5 OpenStack \u00b6 Keystone \u5b89\u88c5 \u00b6 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Placement\u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a source ~/.admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name Nova \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [libvirt] virt_type = qemu (CPT) cpu_mode = custom (CPT) cpu_model = cortex-a72 (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] vim /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } (CPT) \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL) Neutron \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service systemctl enable neutron-l3-agent.service systemctl restart openstack-nova-api.service neutron-server.service (CTL) neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list Cinder \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list horizon \u5b89\u88c5 \u00b6 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740 Tempest \u5b89\u88c5 \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Wallaby\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin Ironic \u5b89\u88c5 \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://172.20.19.13:5050/v1 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop transport_url = rabbit://openstack:RABBITPASSWD@controller:5672/ enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:123456@172.20.19.25:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 3\u3001\u914d\u7f6e\u6d88\u606f\u5ea6\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 4\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://control:5000 www_authenticate_uri = http://control:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = control:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True 5\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 6\u3001\u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c 7\u3001\u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\uff1a ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade 8\u3001\u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service 6.\u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7.deploy ramdisk\u955c\u50cf\u5236\u4f5c W\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528W\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\uff0c\u5982\u4e0b\uff1a \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a ![ironic-err](../../img/install/ironic-err.png) \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a w\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 1. \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a ``` [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ``` 2) ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 ``` [DEFAULT] enable_auto_tls = False ``` \u8bbe\u7f6e\u6743\u9650\uff1a ``` chown -R ipa.ipa /etc/ironic_python_agent/ ``` 3. \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service ``` [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target ``` Kolla \u5b89\u88c5 \u00b6 Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 22.03 LTS\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002 Trove \u5b89\u88c5 \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 1.\u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; 2.\u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s 3.\u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 yum install openstack-trove python-troveclient 2. \u914d\u7f6e trove.conf vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] project_domain_name = Default project_name = service user_domain_name = Default password = trove username = trove auth_url = http://controller:5000/v3/ auth_type = password [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = trove project_domain_name = Default user_domain_name = Default username = trove [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 3.\u914d\u7f6e trove-guestagent.conf vim /etc/trove/trove-guestagent.conf [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 4.\u751f\u6210\u6570\u636e Trove \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"trove-manage db_sync\" trove 4.\u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Swift \u5b89\u88c5 \u00b6 Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** 4.\u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: ```shell yum install xfsprogs rsync ``` \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS ```shell mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc ``` \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: ```shell mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc ``` \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: ```shell blkid ``` \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: ```shell UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 ``` \u6302\u8f7d\u8bbe\u5907\uff1a ```shell mount /srv/node/vdb mount /srv/node/vdc ``` ***\u6ce8\u610f*** **\u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e** \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: ```shell [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock ``` **\u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740** \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: ```shell systemctl enable rsyncd.service systemctl start rsyncd.service ``` 5.\u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: ```shell yum install openstack-swift-account openstack-swift-container openstack-swift-object ``` \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: ```shell chown -R swift:swift /srv/node ``` \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a ```shell mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift ``` 6.\u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 ```shell cd /etc/swift ``` \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: ```shell swift-ring-builder account.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a ```shell swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f *** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder account.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder account.builder rebalance ``` 7.\u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230`/etc/swift`\u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840`container.builder`\u6587\u4ef6\uff1a ```shell swift-ring-builder container.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a ```shell swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f*** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder container.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder container.builder rebalance ``` 8.\u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230`/etc/swift`\u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840`object.builder`\u6587\u4ef6\uff1a ```shell swift-ring-builder object.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d ```shell swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f *** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder object.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder object.builder rebalance ``` \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06`account.ring.gz`\uff0c`container.ring.gz`\u4ee5\u53ca `object.ring.gz`\u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684`/etc/swift`\u76ee\u5f55\u3002 9.\u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service Cyborg \u5b89\u88c5 \u00b6 Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 1.\u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 3.\u5b89\u88c5Cyborg yum install openstack-cyborg 4.\u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f 5.\u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade 6.\u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent Aodh \u5b89\u88c5 \u00b6 1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 3.\u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u6ce8\u610f aodh\u4f9d\u8d56\u7684\u8f6f\u4ef6\u5305pytho3-pyparsing\u5728openEuler\u7684OS\u4ed3\u4e0d\u9002\u914d\uff0c\u9700\u8981\u8986\u76d6\u5b89\u88c5OpenStack\u5bf9\u5e94\u7248\u672c\uff0c\u53ef\u4ee5\u4f7f\u7528 yum list |grep pyparsing |grep OpenStack | awk '{print $2}' \u83b7\u53d6\u5bf9\u5e94\u7684\u7248\u672c VERSION,\u7136\u540e\u518d yum install -y python3-pyparsing-VERSION \u8986\u76d6\u5b89\u88c5\u9002\u914d\u7684pyparsing 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync 6.\u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service Gnocchi \u5b89\u88c5 \u00b6 1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 3.\u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade 6.\u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service Ceilometer \u5b89\u88c5 \u00b6 1.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering 2.\u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central 3.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade 6.\u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Heat \u5b89\u88c5 \u00b6 1.\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; 2.\u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin 3.\u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 4.\u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user 5.\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine 6.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 7.\u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat 8.\u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 \u00b6 oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 pip install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.03-LTS-SP3\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.03-lts-SP3 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r wallaby \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.03-lts-SP3 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"openEuler-22.03-LTS-SP3_Wallaby"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#openstack-wallaby","text":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72","title":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#openstack","text":"OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 22.03-LTS-SP3\u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Wallaby \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002","title":"OpenStack \u7b80\u4ecb"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#_1","text":"OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a CinderSP1 Nova Neutron","title":"\u7ea6\u5b9a"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#_2","text":"","title":"\u51c6\u5907\u73af\u5883"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#_3","text":"\u914d\u7f6e 22.03 LTS \u5b98\u65b9yum\u6e90\uff0c\u9700\u8981\u542f\u7528EPOL\u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301OpenStack yum update yum install openstack-release-wallaby yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute","title":"\u73af\u5883\u914d\u7f6e"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#sql-database","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef","title":"\u5b89\u88c5 SQL DataBase"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#rabbitmq","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5 RabbitMQ"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#memcached","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002","title":"\u5b89\u88c5 Memcached"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#openstack_1","text":"","title":"\u5b89\u88c5 OpenStack"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#keystone","text":"\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#glance","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#placement","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a source ~/.admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name","title":"Placement\u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#nova","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [libvirt] virt_type = qemu (CPT) cpu_mode = custom (CPT) cpu_model = cortex-a72 (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] vim /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } (CPT) \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL)","title":"Nova \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#neutron","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service systemctl enable neutron-l3-agent.service systemctl restart openstack-nova-api.service neutron-server.service (CTL) neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list","title":"Neutron \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#cinder","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list","title":"Cinder \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#horizon","text":"\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740","title":"horizon \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Wallaby\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin","title":"Tempest \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://172.20.19.13:5050/v1 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop transport_url = rabbit://openstack:RABBITPASSWD@controller:5672/ enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:123456@172.20.19.25:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 3\u3001\u914d\u7f6e\u6d88\u606f\u5ea6\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 4\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://control:5000 www_authenticate_uri = http://control:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = control:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True 5\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 6\u3001\u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c 7\u3001\u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\uff1a ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade 8\u3001\u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service 6.\u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7.deploy ramdisk\u955c\u50cf\u5236\u4f5c W\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528W\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\uff0c\u5982\u4e0b\uff1a \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a ![ironic-err](../../img/install/ironic-err.png) \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a w\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 1. \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a ``` [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ``` 2) ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 ``` [DEFAULT] enable_auto_tls = False ``` \u8bbe\u7f6e\u6743\u9650\uff1a ``` chown -R ipa.ipa /etc/ironic_python_agent/ ``` 3. \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service ``` [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target ```","title":"Ironic \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#kolla","text":"Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 22.03 LTS\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002","title":"Kolla \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 1.\u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; 2.\u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s 3.\u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 yum install openstack-trove python-troveclient 2. \u914d\u7f6e trove.conf vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] project_domain_name = Default project_name = service user_domain_name = Default password = trove username = trove auth_url = http://controller:5000/v3/ auth_type = password [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = trove project_domain_name = Default user_domain_name = Default username = trove [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 3.\u914d\u7f6e trove-guestagent.conf vim /etc/trove/trove-guestagent.conf [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 4.\u751f\u6210\u6570\u636e Trove \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"trove-manage db_sync\" trove 4.\u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#swift","text":"Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** 4.\u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: ```shell yum install xfsprogs rsync ``` \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS ```shell mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc ``` \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: ```shell mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc ``` \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: ```shell blkid ``` \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: ```shell UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 ``` \u6302\u8f7d\u8bbe\u5907\uff1a ```shell mount /srv/node/vdb mount /srv/node/vdc ``` ***\u6ce8\u610f*** **\u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e** \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: ```shell [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock ``` **\u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740** \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: ```shell systemctl enable rsyncd.service systemctl start rsyncd.service ``` 5.\u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: ```shell yum install openstack-swift-account openstack-swift-container openstack-swift-object ``` \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: ```shell chown -R swift:swift /srv/node ``` \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a ```shell mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift ``` 6.\u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 ```shell cd /etc/swift ``` \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: ```shell swift-ring-builder account.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a ```shell swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f *** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder account.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder account.builder rebalance ``` 7.\u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230`/etc/swift`\u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840`container.builder`\u6587\u4ef6\uff1a ```shell swift-ring-builder container.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a ```shell swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f*** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder container.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder container.builder rebalance ``` 8.\u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230`/etc/swift`\u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840`object.builder`\u6587\u4ef6\uff1a ```shell swift-ring-builder object.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d ```shell swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f *** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder object.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder object.builder rebalance ``` \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06`account.ring.gz`\uff0c`container.ring.gz`\u4ee5\u53ca `object.ring.gz`\u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684`/etc/swift`\u76ee\u5f55\u3002 9.\u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service","title":"Swift \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#cyborg","text":"Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 1.\u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 3.\u5b89\u88c5Cyborg yum install openstack-cyborg 4.\u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f 5.\u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade 6.\u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent","title":"Cyborg \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#aodh","text":"1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 3.\u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u6ce8\u610f aodh\u4f9d\u8d56\u7684\u8f6f\u4ef6\u5305pytho3-pyparsing\u5728openEuler\u7684OS\u4ed3\u4e0d\u9002\u914d\uff0c\u9700\u8981\u8986\u76d6\u5b89\u88c5OpenStack\u5bf9\u5e94\u7248\u672c\uff0c\u53ef\u4ee5\u4f7f\u7528 yum list |grep pyparsing |grep OpenStack | awk '{print $2}' \u83b7\u53d6\u5bf9\u5e94\u7684\u7248\u672c VERSION,\u7136\u540e\u518d yum install -y python3-pyparsing-VERSION \u8986\u76d6\u5b89\u88c5\u9002\u914d\u7684pyparsing 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync 6.\u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service","title":"Aodh \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#gnocchi","text":"1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 3.\u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade 6.\u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service","title":"Gnocchi \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#ceilometer","text":"1.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering 2.\u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central 3.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade 6.\u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service","title":"Ceilometer \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#heat","text":"1.\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; 2.\u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin 3.\u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 4.\u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user 5.\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine 6.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 7.\u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat 8.\u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service","title":"Heat \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#openstack-sigoos","text":"oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 pip install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.03-LTS-SP3\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.03-lts-SP3 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r wallaby \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.03-lts-SP3 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"\u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/","text":"OpenStack-Train \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack-Train \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 \u57fa\u4e8eOpenStack SIG\u90e8\u7f72\u5de5\u5177opensd\u90e8\u7f72 \u90e8\u7f72\u6b65\u9aa4 1. \u90e8\u7f72\u524d\u9700\u8981\u786e\u8ba4\u7684\u4fe1\u606f 2. ceph pool\u4e0e\u8ba4\u8bc1\u521b\u5efa\uff08\u53ef\u9009\uff09 2.1 \u521b\u5efapool: 2.2 \u521d\u59cb\u5316pool 2.3 \u521b\u5efa\u7528\u6237\u8ba4\u8bc1 3. \u914d\u7f6elvm\uff08\u53ef\u9009\uff09 4. \u914d\u7f6eyum repo 4.1 \u5907\u4efdyum\u6e90 4.2 \u914d\u7f6eyum repo 4.3 \u66f4\u65b0yum\u7f13\u5b58 5. \u5b89\u88c5opensd 5.1 \u514b\u9686opensd\u6e90\u7801\u5e76\u5b89\u88c5 6. \u505assh\u4e92\u4fe1 6.1 \u751f\u6210\u5bc6\u94a5\u5bf9 6.2 \u751f\u6210\u4e3b\u673aIP\u5730\u5740\u6587\u4ef6 6.3 \u66f4\u6539\u5bc6\u7801\u5e76\u6267\u884c\u811a\u672c 6.4 \u90e8\u7f72\u8282\u70b9\u4e0eceph monitor\u505a\u4e92\u4fe1\uff08\u53ef\u9009\uff09 7. \u914d\u7f6eopensd 7.1 \u751f\u6210\u968f\u673a\u5bc6\u7801 7.2 \u914d\u7f6einventory\u6587\u4ef6 7.3 \u914d\u7f6e\u5168\u5c40\u53d8\u91cf 7.4 \u68c0\u67e5\u6240\u6709\u8282\u70b9ssh\u8fde\u63a5\u72b6\u6001 8. \u6267\u884c\u90e8\u7f72 8.1 \u6267\u884cbootstrap 8.2 \u91cd\u542f\u670d\u52a1\u5668 8.3 \u6267\u884c\u90e8\u7f72\u524d\u68c0\u67e5 8.4 \u6267\u884c\u90e8\u7f72 OpenStack \u7b80\u4ecb \u00b6 OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 22.03-LTS-SP4\u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Train \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002 \u7ea6\u5b9a \u00b6 OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron \u51c6\u5907\u73af\u5883 \u00b6 \u73af\u5883\u914d\u7f6e \u00b6 \u542f\u52a8OpenStack Train yum\u6e90 yum update yum install openstack-release-train yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.04-LTS-SP4/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.04-LTS-SP4/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute \u5b89\u88c5 SQL DataBase \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef \u5b89\u88c5 RabbitMQ \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5 Memcached \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u5b89\u88c5 OpenStack \u00b6 Keystone \u5b89\u88c5 \u00b6 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient==4.0.2 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Placement\u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a . admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name Nova \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u5219 virt_type \u53ef\u4ee5\u914d\u7f6e\u4e3a kvm \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF chown nova:nova /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u5e76\u4e14\u5f53ARM\u67b6\u6784\u4e0b\u7684\u90e8\u7f72\u73af\u5883\u4e3a\u5d4c\u5957\u865a\u62df\u5316\u65f6\uff0c libvirt \u914d\u7f6e\u5982\u4e0b\uff1a [libvirt] virt_type = qemu cpu_mode = custom cpu_model = cortex-a72 \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CTL) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL) Neutron \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl restart neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list Cinder \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list horizon \u5b89\u88c5 \u00b6 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740 Tempest \u5b89\u88c5 \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Train\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin Ironic \u5b89\u88c5 \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; 2. \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u542f\u52a8\u670d\u52a1 systemctl enable openstack-ironic-api openstack-ironic-conductor systemctl start openstack-ironic-api openstack-ironic-conductor \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y 2. \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7.deploy ramdisk\u955c\u50cf\u5236\u4f5c T\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528T\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728T\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a T\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target \u5728Train\u4e2d\uff0c\u6211\u4eec\u8fd8\u63d0\u4f9b\u4e86ironic-inspector\u7b49\u670d\u52a1\uff0c\u7528\u6237\u53ef\u6839\u636e\u81ea\u8eab\u9700\u6c42\u5b89\u88c5\u3002 Kolla \u5b89\u88c5 \u00b6 Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u8fdb\u884c\u76f8\u5173\u7684\u955c\u50cf\u5236\u4f5c\u548c\u5bb9\u5668\u73af\u5883\u90e8\u7f72\u4e86\u3002 Trove \u5b89\u88c5 \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 1.\u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; 2.\u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --domain default --password-prompt trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s 3.\u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1.\u5b89\u88c5 Trove \u5305 yum install openstack-trove python3-troveclient 2.\u914d\u7f6e trove.conf vim /etc/trove/trove.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller:5000/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 swift_url = http://controller:8080/v1/AUTH_ rpc_backend = rabbit transport_url = rabbit://openstack:RABBIT_PASS@controller:5672 auth_strategy = keystone add_addresses = True api_paste_config = /etc/trove/api-paste.ini nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASSWORD nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver = trove.network.neutron.NeutronDriver network_label_regex = .* [database] connection = mysql+pymysql://trove:TROVE_DBPASSWORD@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ auth_type = password project_domain_name = default user_domain_name = default project_name = service username = trove password = TROVE_PASSWORD \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 3.\u914d\u7f6e trove-guestagent.conf vim /etc/trove/trove-guestagent.conf rabbit_host = controller rabbit_password = RABBIT_PASS trove_auth_url = http://controller:5000/ \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 4.\u751f\u6210\u6570\u636e Trove \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"trove-manage db_sync\" trove 4.\u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Swift \u5b89\u88c5 \u00b6 Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service Cyborg \u5b89\u88c5 \u00b6 Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 1.\u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 3.\u5b89\u88c5Cyborg yum install openstack-cyborg 4.\u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f 5.\u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade 6.\u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent Aodh \u5b89\u88c5 \u00b6 1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 3.\u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync 6.\u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service Gnocchi \u5b89\u88c5 \u00b6 1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 3.\u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade 6.\u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service Ceilometer \u5b89\u88c5 \u00b6 1.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering 2.\u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central 3.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade 6.\u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Heat \u5b89\u88c5 \u00b6 1.\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; 2.\u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin 3.\u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 4.\u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user 5.\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine 6.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 7.\u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat 8.\u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 \u00b6 oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 pip install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.03-LTS-SP4\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.03-lts-sp4 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r train \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.03-lts-sp4 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002 \u57fa\u4e8eOpenStack SIG\u90e8\u7f72\u5de5\u5177opensd\u90e8\u7f72 \u00b6 opensd\u7528\u4e8e\u6279\u91cf\u5730\u811a\u672c\u5316\u90e8\u7f72openstack\u5404\u7ec4\u4ef6\u670d\u52a1\u3002 \u90e8\u7f72\u6b65\u9aa4 \u00b6 1. \u90e8\u7f72\u524d\u9700\u8981\u786e\u8ba4\u7684\u4fe1\u606f \u00b6 \u88c5\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u9700\u5c06selinux\u8bbe\u7f6e\u4e3adisable \u88c5\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u5c06/etc/ssh/sshd_config\u914d\u7f6e\u6587\u4ef6\u5185\u7684UseDNS\u8bbe\u7f6e\u4e3ano \u64cd\u4f5c\u7cfb\u7edf\u8bed\u8a00\u5fc5\u987b\u8bbe\u7f6e\u4e3a\u82f1\u6587 \u90e8\u7f72\u4e4b\u524d\u8bf7\u786e\u4fdd\u6240\u6709\u8ba1\u7b97\u8282\u70b9/etc/hosts\u6587\u4ef6\u5185\u6ca1\u6709\u5bf9\u8ba1\u7b97\u4e3b\u673a\u7684\u89e3\u6790 2. ceph pool\u4e0e\u8ba4\u8bc1\u521b\u5efa\uff08\u53ef\u9009\uff09 \u00b6 \u4e0d\u4f7f\u7528ceph\u6216\u5df2\u6709ceph\u96c6\u7fa4\u53ef\u5ffd\u7565\u6b64\u6b65\u9aa4 \u5728\u4efb\u610f\u4e00\u53f0ceph monitor\u8282\u70b9\u6267\u884c: 2.1 \u521b\u5efapool: \u00b6 ceph osd pool create volumes 2048 ceph osd pool create images 2048 2.2 \u521d\u59cb\u5316pool \u00b6 rbd pool init volumes rbd pool init images 2.3 \u521b\u5efa\u7528\u6237\u8ba4\u8bc1 \u00b6 ceph auth get-or-create client.glance mon 'profile rbd' osd 'profile rbd pool=images' mgr 'profile rbd pool=images' ceph auth get-or-create client.cinder mon 'profile rbd' osd 'profile rbd pool=volumes, profile rbd pool=images' mgr 'profile rbd pool=volumes' 3. \u914d\u7f6elvm\uff08\u53ef\u9009\uff09 \u00b6 \u6839\u636e\u7269\u7406\u673a\u78c1\u76d8\u914d\u7f6e\u4e0e\u95f2\u7f6e\u60c5\u51b5\uff0c\u4e3amysql\u6570\u636e\u76ee\u5f55\u6302\u8f7d\u989d\u5916\u7684\u78c1\u76d8\u7a7a\u95f4\u3002\u793a\u4f8b\u5982\u4e0b\uff08\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u505a\u914d\u7f6e\uff09\uff1a fdisk -l Disk /dev/sdd: 479.6 GB, 479559942144 bytes, 936640512 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes Disk label type: dos Disk identifier: 0x000ed242 \u521b\u5efa\u5206\u533a parted /dev/sdd mkparted 0 -1 \u521b\u5efapv partprobe /dev/sdd1 pvcreate /dev/sdd1 \u521b\u5efa\u3001\u6fc0\u6d3bvg vgcreate vg_mariadb /dev/sdd1 vgchange -ay vg_mariadb \u67e5\u770bvg\u5bb9\u91cf vgdisplay --- Volume group --- VG Name vg_mariadb System ID Format lvm2 Metadata Areas 1 Metadata Sequence No 2 VG Access read/write VG Status resizable MAX LV 0 Cur LV 1 Open LV 1 Max PV 0 Cur PV 1 Act PV 1 VG Size 446.62 GiB PE Size 4.00 MiB Total PE 114335 Alloc PE / Size 114176 / 446.00 GiB Free PE / Size 159 / 636.00 MiB VG UUID bVUmDc-VkMu-Vi43-mg27-TEkG-oQfK-TvqdEc \u521b\u5efalv lvcreate -L 446G -n lv_mariadb vg_mariadb \u683c\u5f0f\u5316\u78c1\u76d8\u5e76\u83b7\u53d6\u5377\u7684UUID mkfs.ext4 /dev/mapper/vg_mariadb-lv_mariadb blkid /dev/mapper/vg_mariadb-lv_mariadb /dev/mapper/vg_mariadb-lv_mariadb: UUID=\"98d513eb-5f64-4aa5-810e-dc7143884fa2\" TYPE=\"ext4\" \u6ce8\uff1a98d513eb-5f64-4aa5-810e-dc7143884fa2\u4e3a\u5377\u7684UUID \u6302\u8f7d\u78c1\u76d8 mount /dev/mapper/vg_mariadb-lv_mariadb /var/lib/mysql rm -rf /var/lib/mysql/* 4. \u914d\u7f6eyum repo \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 4.1 \u5907\u4efdyum\u6e90 \u00b6 mkdir /etc/yum.repos.d/bak/ mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak/ 4.2 \u914d\u7f6eyum repo \u00b6 cat > /etc/yum.repos.d/opensd.repo << EOF [train] name=train baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP4:/Epol:/Multi-Version:/OpenStack:/Train/standard_$basearch/ enabled=1 gpgcheck=0 [epol] name=epol baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP4:/Epol/standard_$basearch/ enabled=1 gpgcheck=0 [everything] name=everything baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP4s/standard_$basearch/ enabled=1 gpgcheck=0 EOF 4.3 \u66f4\u65b0yum\u7f13\u5b58 \u00b6 yum clean all yum makecache 5. \u5b89\u88c5opensd \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 5.1 \u514b\u9686opensd\u6e90\u7801\u5e76\u5b89\u88c5 \u00b6 git clone https://gitee.com/openeuler/opensd cd opensd python3 setup.py install 6. \u505assh\u4e92\u4fe1 \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 6.1 \u751f\u6210\u5bc6\u94a5\u5bf9 \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\u5e76\u4e00\u8def\u56de\u8f66 ssh-keygen 6.2 \u751f\u6210\u4e3b\u673aIP\u5730\u5740\u6587\u4ef6 \u00b6 \u5728auto_ssh_host_ip\u4e2d\u914d\u7f6e\u6240\u6709\u7528\u5230\u7684\u4e3b\u673aip, \u793a\u4f8b\uff1a cd /usr/local/share/opensd/tools/ vim auto_ssh_host_ip 10.0.0.1 10.0.0.2 ... 10.0.0.10 6.3 \u66f4\u6539\u5bc6\u7801\u5e76\u6267\u884c\u811a\u672c \u00b6 \u5c06\u514d\u5bc6\u811a\u672c /usr/local/bin/opensd-auto-ssh \u5185123123\u66ff\u6362\u4e3a\u4e3b\u673a\u771f\u5b9e\u5bc6\u7801 # \u66ff\u6362\u811a\u672c\u5185123123\u5b57\u7b26\u4e32 vim /usr/local/bin/opensd-auto-ssh ## \u5b89\u88c5expect\u540e\u6267\u884c\u811a\u672c dnf install expect -y opensd-auto-ssh 6.4 \u90e8\u7f72\u8282\u70b9\u4e0eceph monitor\u505a\u4e92\u4fe1\uff08\u53ef\u9009\uff09 \u00b6 ssh-copy-id root@x.x.x.x 7. \u914d\u7f6eopensd \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 7.1 \u751f\u6210\u968f\u673a\u5bc6\u7801 \u00b6 \u5b89\u88c5 python3-pbr, python3-utils, python3-pyyaml, python3-oslo-utils\u5e76\u968f\u673a\u751f\u6210\u5bc6\u7801 dnf install python3-pbr python3-utils python3-pyyaml python3-oslo-utils -y # \u6267\u884c\u547d\u4ee4\u751f\u6210\u5bc6\u7801 opensd-genpwd # \u68c0\u67e5\u5bc6\u7801\u662f\u5426\u751f\u6210 cat /usr/local/share/opensd/etc_examples/opensd/passwords.yml 7.2 \u914d\u7f6einventory\u6587\u4ef6 \u00b6 \u4e3b\u673a\u4fe1\u606f\u5305\u542b\uff1a\u4e3b\u673a\u540d\u3001ansible_host IP\u3001availability_zone\uff0c\u4e09\u8005\u5747\u9700\u914d\u7f6e\u7f3a\u4e00\u4e0d\u53ef\uff0c\u793a\u4f8b\uff1a vim /usr/local/share/opensd/ansible/inventory/multinode # \u4e09\u53f0\u63a7\u5236\u8282\u70b9\u4e3b\u673a\u4fe1\u606f [control] controller1 ansible_host=10.0.0.35 availability_zone=az01.cell01.cn-yogadev-1 controller2 ansible_host=10.0.0.36 availability_zone=az01.cell01.cn-yogadev-1 controller3 ansible_host=10.0.0.37 availability_zone=az01.cell01.cn-yogadev-1 # \u7f51\u7edc\u8282\u70b9\u4fe1\u606f\uff0c\u4e0e\u63a7\u5236\u8282\u70b9\u4fdd\u6301\u4e00\u81f4 [network] controller1 ansible_host=10.0.0.35 availability_zone=az01.cell01.cn-yogadev-1 controller2 ansible_host=10.0.0.36 availability_zone=az01.cell01.cn-yogadev-1 controller3 ansible_host=10.0.0.37 availability_zone=az01.cell01.cn-yogadev-1 # cinder-volume\u670d\u52a1\u8282\u70b9\u4fe1\u606f [storage] storage1 ansible_host=10.0.0.61 availability_zone=az01.cell01.cn-yogadev-1 storage2 ansible_host=10.0.0.78 availability_zone=az01.cell01.cn-yogadev-1 storage3 ansible_host=10.0.0.82 availability_zone=az01.cell01.cn-yogadev-1 # Cell1 \u96c6\u7fa4\u4fe1\u606f [cell-control-cell1] cell1 ansible_host=10.0.0.24 availability_zone=az01.cell01.cn-yogadev-1 cell2 ansible_host=10.0.0.25 availability_zone=az01.cell01.cn-yogadev-1 cell3 ansible_host=10.0.0.26 availability_zone=az01.cell01.cn-yogadev-1 [compute-cell1] compute1 ansible_host=10.0.0.27 availability_zone=az01.cell01.cn-yogadev-1 compute2 ansible_host=10.0.0.28 availability_zone=az01.cell01.cn-yogadev-1 compute3 ansible_host=10.0.0.29 availability_zone=az01.cell01.cn-yogadev-1 [cell1:children] cell-control-cell1 compute-cell1 # Cell2\u96c6\u7fa4\u4fe1\u606f [cell-control-cell2] cell4 ansible_host=10.0.0.36 availability_zone=az03.cell02.cn-yogadev-1 cell5 ansible_host=10.0.0.37 availability_zone=az03.cell02.cn-yogadev-1 cell6 ansible_host=10.0.0.38 availability_zone=az03.cell02.cn-yogadev-1 [compute-cell2] compute4 ansible_host=10.0.0.39 availability_zone=az03.cell02.cn-yogadev-1 compute5 ansible_host=10.0.0.40 availability_zone=az03.cell02.cn-yogadev-1 compute6 ansible_host=10.0.0.41 availability_zone=az03.cell02.cn-yogadev-1 [cell2:children] cell-control-cell2 compute-cell2 [baremetal] [compute-cell1-ironic] # \u586b\u5199\u6240\u6709cell\u96c6\u7fa4\u7684control\u4e3b\u673a\u7ec4 [nova-conductor:children] cell-control-cell1 cell-control-cell2 # \u586b\u5199\u6240\u6709cell\u96c6\u7fa4\u7684compute\u4e3b\u673a\u7ec4 [nova-compute:children] compute-added compute-cell1 compute-cell2 # \u4e0b\u9762\u7684\u4e3b\u673a\u7ec4\u4fe1\u606f\u4e0d\u9700\u53d8\u52a8\uff0c\u4fdd\u7559\u5373\u53ef [compute-added] [chrony-server:children] control [pacemaker:children] control ...... ...... 7.3 \u914d\u7f6e\u5168\u5c40\u53d8\u91cf \u00b6 \u6ce8: \u6587\u6863\u4e2d\u63d0\u5230\u7684\u6709\u6ce8\u91ca\u914d\u7f6e\u9879\u9700\u8981\u66f4\u6539\uff0c\u5176\u4ed6\u53c2\u6570\u4e0d\u9700\u8981\u66f4\u6539\uff0c\u82e5\u65e0\u76f8\u5173\u914d\u7f6e\u5219\u4e3a\u7a7a vim /usr/local/share/opensd/etc_examples/opensd/globals.yml ######################## # Network & Base options ######################## network_interface: \"eth0\" #\u7ba1\u7406\u7f51\u7edc\u7684\u7f51\u5361\u540d\u79f0 neutron_external_interface: \"eth1\" #\u4e1a\u52a1\u7f51\u7edc\u7684\u7f51\u5361\u540d\u79f0 cidr_netmask: 24 #\u7ba1\u7406\u7f51\u7684\u63a9\u7801 opensd_vip_address: 10.0.0.33 #\u63a7\u5236\u8282\u70b9\u865a\u62dfIP\u5730\u5740 cell1_vip_address: 10.0.0.34 #cell1\u96c6\u7fa4\u7684\u865a\u62dfIP\u5730\u5740 cell2_vip_address: 10.0.0.35 #cell2\u96c6\u7fa4\u7684\u865a\u62dfIP\u5730\u5740 external_fqdn: \"\" #\u7528\u4e8evnc\u8bbf\u95ee\u865a\u62df\u673a\u7684\u5916\u7f51\u57df\u540d\u5730\u5740 external_ntp_servers: [] #\u5916\u90e8ntp\u670d\u52a1\u5668\u5730\u5740 yumrepo_host: #yum\u6e90\u7684IP\u5730\u5740 yumrepo_port: #yum\u6e90\u7aef\u53e3\u53f7 environment: #yum\u6e90\u7684\u7c7b\u578b upgrade_all_packages: \"yes\" #\u662f\u5426\u5347\u7ea7\u6240\u6709\u5b89\u88c5\u7248\u7684\u7248\u672c(\u6267\u884cyum upgrade)\uff0c\u521d\u59cb\u90e8\u7f72\u8d44\u6e90\u8bf7\u8bbe\u7f6e\u4e3a\"yes\" enable_miner: \"no\" #\u662f\u5426\u5f00\u542f\u90e8\u7f72miner\u670d\u52a1 enable_chrony: \"no\" #\u662f\u5426\u5f00\u542f\u90e8\u7f72chrony\u670d\u52a1 enable_pri_mariadb: \"no\" #\u662f\u5426\u4e3a\u79c1\u6709\u4e91\u90e8\u7f72mariadb enable_hosts_file_modify: \"no\" # \u6269\u5bb9\u8ba1\u7b97\u8282\u70b9\u548c\u90e8\u7f72ironic\u670d\u52a1\u7684\u65f6\u5019\uff0c\u662f\u5426\u5c06\u8282\u70b9\u4fe1\u606f\u6dfb\u52a0\u5230`/etc/hosts` ######################## # Available zone options ######################## az_cephmon_compose: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az01\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az01\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az02\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az02\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az03\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az03\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: # `reserve_vcpu_based_on_numa`\u914d\u7f6e\u4e3a`yes` or `no`,\u4e3e\u4f8b\u8bf4\u660e\uff1a NUMA node0 CPU(s): 0-15,32-47 NUMA node1 CPU(s): 16-31,48-63 \u5f53reserve_vcpu_based_on_numa: \"yes\", \u6839\u636enuma node, \u5e73\u5747\u6bcf\u4e2anode\u9884\u7559vcpu: vcpu_pin_set = 2-15,34-47,18-31,50-63 \u5f53reserve_vcpu_based_on_numa: \"no\", \u4ece\u7b2c\u4e00\u4e2avcpu\u5f00\u59cb\uff0c\u987a\u5e8f\u9884\u7559vcpu: vcpu_pin_set = 8-64 ####################### # Nova options ####################### nova_reserved_host_memory_mb: 2048 #\u8ba1\u7b97\u8282\u70b9\u7ed9\u8ba1\u7b97\u670d\u52a1\u9884\u7559\u7684\u5185\u5b58\u5927\u5c0f enable_cells: \"yes\" #cell\u8282\u70b9\u662f\u5426\u5355\u72ec\u8282\u70b9\u90e8\u7f72 support_gpu: \"False\" #cell\u8282\u70b9\u662f\u5426\u6709GPU\u670d\u52a1\u5668\uff0c\u5982\u679c\u6709\u5219\u4e3aTrue\uff0c\u5426\u5219\u4e3aFalse ####################### # Neutron options ####################### monitor_ip: - 10.0.0.9 #\u914d\u7f6e\u76d1\u63a7\u8282\u70b9 - 10.0.0.10 enable_meter_full_eip: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8EIP\u5168\u91cf\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter_port_forwarding: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8port forwarding\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter_ecs_ipv6: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8ecs_ipv6\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter: True #\u914d\u7f6e\u662f\u5426\u5f00\u542f\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue is_sdn_arch: False #\u914d\u7f6e\u662f\u5426\u662fsdn\u67b6\u6784\uff0c\u9ed8\u8ba4\u4e3aFalse # \u9ed8\u8ba4\u4f7f\u80fd\u7684\u7f51\u7edc\u7c7b\u578b\u662fvlan,vlan\u548cvxlan\u4e24\u79cd\u7c7b\u578b\u53ea\u80fd\u4e8c\u9009\u4e00. enable_vxlan_network_type: False # \u9ed8\u8ba4\u4f7f\u80fd\u7684\u7f51\u7edc\u7c7b\u578b\u662fvlan,\u5982\u679c\u4f7f\u7528vxlan\u7f51\u7edc\uff0c\u914d\u7f6e\u4e3aTrue, \u5982\u679c\u4f7f\u7528vlan\u7f51\u7edc\uff0c\u914d\u7f6e\u4e3aFalse. enable_neutron_fwaas: False # \u73af\u5883\u6709\u4f7f\u7528\u9632\u706b\u5899, \u8bbe\u7f6e\u4e3aTrue, \u4f7f\u80fd\u9632\u62a4\u5899\u529f\u80fd. # Neutron provider neutron_provider_networks: network_types: \"{{ 'vxlan' if enable_vxlan_network_type else 'vlan' }}\" network_vlan_ranges: \"default:xxx:xxx\" #\u90e8\u7f72\u4e4b\u524d\u89c4\u5212\u7684\u4e1a\u52a1\u7f51\u7edcvlan\u8303\u56f4 network_mappings: \"default:br-provider\" network_interface: \"{{ neutron_external_interface }}\" network_vxlan_ranges: \"\" #\u90e8\u7f72\u4e4b\u524d\u89c4\u5212\u7684\u4e1a\u52a1\u7f51\u7edcvxlan\u8303\u56f4 # \u5982\u4e0b\u8fd9\u4e9b\u914d\u7f6e\u662fSND\u63a7\u5236\u5668\u7684\u914d\u7f6e\u53c2\u6570, `enable_sdn_controller`\u8bbe\u7f6e\u4e3aTrue, \u4f7f\u80fdSND\u63a7\u5236\u5668\u529f\u80fd. # \u5176\u4ed6\u53c2\u6570\u8bf7\u6839\u636e\u90e8\u7f72\u4e4b\u524d\u7684\u89c4\u5212\u548cSDN\u90e8\u7f72\u4fe1\u606f\u786e\u5b9a. enable_sdn_controller: False sdn_controller_ip_address: # SDN\u63a7\u5236\u5668ip\u5730\u5740 sdn_controller_username: # SDN\u63a7\u5236\u5668\u7684\u7528\u6237\u540d sdn_controller_password: # SDN\u63a7\u5236\u5668\u7684\u7528\u6237\u5bc6\u7801 ####################### # Dimsagent options ####################### enable_dimsagent: \"no\" # \u5b89\u88c5\u955c\u50cf\u670d\u52a1agent, \u9700\u8981\u6539\u4e3ayes # Address and domain name for s2 s3_address_domain_pair: - host_ip: host_name: ####################### # Trove options ####################### enable_trove: \"no\" #\u5b89\u88c5trove \u9700\u8981\u6539\u4e3ayes #default network trove_default_neutron_networks: #trove \u7684\u7ba1\u7406\u7f51\u7edcid `openstack network list|grep -w trove-mgmt|awk '{print$2}'` #s3 setup(\u5982\u679c\u6ca1\u6709s3,\u4ee5\u4e0b\u503c\u586bnull) s3_endpoint_host_ip: #s3\u7684ip s3_endpoint_host_name: #s3\u7684\u57df\u540d s3_endpoint_url: #s3\u7684url \u00b7\u4e00\u822c\u4e3ahttp\uff1a//s3\u57df\u540d s3_access_key: #s3\u7684ak s3_secret_key: #s3\u7684sk ####################### # Ironic options ####################### enable_ironic: \"no\" #\u662f\u5426\u5f00\u673a\u88f8\u91d1\u5c5e\u90e8\u7f72\uff0c\u9ed8\u8ba4\u4e0d\u5f00\u542f ironic_neutron_provisioning_network_uuid: ironic_neutron_cleaning_network_uuid: \"{{ ironic_neutron_provisioning_network_uuid }}\" ironic_dnsmasq_interface: ironic_dnsmasq_dhcp_range: ironic_tftp_server_address: \"{{ hostvars[inventory_hostname]['ansible_' + ironic_dnsmasq_interface]['ipv4']['address'] }}\" # \u4ea4\u6362\u673a\u8bbe\u5907\u76f8\u5173\u4fe1\u606f neutron_ml2_conf_genericswitch: genericswitch:xxxxxxx: device_type: ngs_mac_address: ip: username: password: ngs_port_default_vlan: # Package state setting haproxy_package_state: \"present\" mariadb_package_state: \"present\" rabbitmq_package_state: \"present\" memcached_package_state: \"present\" ceph_client_package_state: \"present\" keystone_package_state: \"present\" glance_package_state: \"present\" cinder_package_state: \"present\" nova_package_state: \"present\" neutron_package_state: \"present\" miner_package_state: \"present\" 7.4 \u68c0\u67e5\u6240\u6709\u8282\u70b9ssh\u8fde\u63a5\u72b6\u6001 \u00b6 dnf install ansible -y ansible all -i /usr/local/share/opensd/ansible/inventory/multinode -m ping # \u6267\u884c\u7ed3\u679c\u663e\u793a\u6bcf\u53f0\u4e3b\u673a\u90fd\u662f\"SUCCESS\"\u5373\u8bf4\u660e\u8fde\u63a5\u72b6\u6001\u6ca1\u95ee\u9898,\u793a\u4f8b\uff1a compute1 | SUCCESS => { \"ansible_facts\": { \"discovered_interpreter_python\": \"/usr/bin/python\" }, \"changed\": false, \"ping\": \"pong\" } 8. \u6267\u884c\u90e8\u7f72 \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 8.1 \u6267\u884cbootstrap \u00b6 # \u6267\u884c\u90e8\u7f72 opensd -i /usr/local/share/opensd/ansible/inventory/multinode bootstrap --forks 50 8.2 \u91cd\u542f\u670d\u52a1\u5668 \u00b6 \u6ce8\uff1a\u6267\u884c\u91cd\u542f\u7684\u539f\u56e0\u662f:bootstrap\u53ef\u80fd\u4f1a\u5347\u5185\u6838,\u66f4\u6539selinux\u914d\u7f6e\u6216\u8005\u6709GPU\u670d\u52a1\u5668,\u5982\u679c\u88c5\u673a\u8fc7\u7a0b\u5df2\u7ecf\u662f\u65b0\u7248\u5185\u6838,selinux disable\u6216\u8005\u6ca1\u6709GPU\u670d\u52a1\u5668,\u5219\u4e0d\u9700\u8981\u6267\u884c\u8be5\u6b65\u9aa4 # \u624b\u52a8\u91cd\u542f\u5bf9\u5e94\u8282\u70b9,\u6267\u884c\u547d\u4ee4 init6 # \u91cd\u542f\u5b8c\u6210\u540e\uff0c\u518d\u6b21\u68c0\u67e5\u8fde\u901a\u6027 ansible all -i /usr/local/share/opensd/ansible/inventory/multinode -m ping # \u91cd\u542f\u5b8c\u540e\u64cd\u4f5c\u7cfb\u7edf\u540e\uff0c\u518d\u6b21\u542f\u52a8yum\u6e90 8.3 \u6267\u884c\u90e8\u7f72\u524d\u68c0\u67e5 \u00b6 opensd -i /usr/local/share/opensd/ansible/inventory/multinode prechecks --forks 50 8.4 \u6267\u884c\u90e8\u7f72 \u00b6 ln -s /usr/bin/python3 /usr/bin/python \u5168\u91cf\u90e8\u7f72\uff1a opensd -i /usr/local/share/opensd/ansible/inventory/multinode deploy --forks 50 \u5355\u670d\u52a1\u90e8\u7f72\uff1a opensd -i /usr/local/share/opensd/ansible/inventory/multinode deploy --forks 50 -t service_name","title":"openEuler-22.03-LTS-SP4_Train"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#openstack-train","text":"OpenStack-Train \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 \u57fa\u4e8eOpenStack SIG\u90e8\u7f72\u5de5\u5177opensd\u90e8\u7f72 \u90e8\u7f72\u6b65\u9aa4 1. \u90e8\u7f72\u524d\u9700\u8981\u786e\u8ba4\u7684\u4fe1\u606f 2. ceph pool\u4e0e\u8ba4\u8bc1\u521b\u5efa\uff08\u53ef\u9009\uff09 2.1 \u521b\u5efapool: 2.2 \u521d\u59cb\u5316pool 2.3 \u521b\u5efa\u7528\u6237\u8ba4\u8bc1 3. \u914d\u7f6elvm\uff08\u53ef\u9009\uff09 4. \u914d\u7f6eyum repo 4.1 \u5907\u4efdyum\u6e90 4.2 \u914d\u7f6eyum repo 4.3 \u66f4\u65b0yum\u7f13\u5b58 5. \u5b89\u88c5opensd 5.1 \u514b\u9686opensd\u6e90\u7801\u5e76\u5b89\u88c5 6. \u505assh\u4e92\u4fe1 6.1 \u751f\u6210\u5bc6\u94a5\u5bf9 6.2 \u751f\u6210\u4e3b\u673aIP\u5730\u5740\u6587\u4ef6 6.3 \u66f4\u6539\u5bc6\u7801\u5e76\u6267\u884c\u811a\u672c 6.4 \u90e8\u7f72\u8282\u70b9\u4e0eceph monitor\u505a\u4e92\u4fe1\uff08\u53ef\u9009\uff09 7. \u914d\u7f6eopensd 7.1 \u751f\u6210\u968f\u673a\u5bc6\u7801 7.2 \u914d\u7f6einventory\u6587\u4ef6 7.3 \u914d\u7f6e\u5168\u5c40\u53d8\u91cf 7.4 \u68c0\u67e5\u6240\u6709\u8282\u70b9ssh\u8fde\u63a5\u72b6\u6001 8. \u6267\u884c\u90e8\u7f72 8.1 \u6267\u884cbootstrap 8.2 \u91cd\u542f\u670d\u52a1\u5668 8.3 \u6267\u884c\u90e8\u7f72\u524d\u68c0\u67e5 8.4 \u6267\u884c\u90e8\u7f72","title":"OpenStack-Train \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#openstack","text":"OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 22.03-LTS-SP4\u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Train \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002","title":"OpenStack \u7b80\u4ecb"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#_1","text":"OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron","title":"\u7ea6\u5b9a"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#_2","text":"","title":"\u51c6\u5907\u73af\u5883"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#_3","text":"\u542f\u52a8OpenStack Train yum\u6e90 yum update yum install openstack-release-train yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.04-LTS-SP4/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.04-LTS-SP4/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute","title":"\u73af\u5883\u914d\u7f6e"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#sql-database","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef","title":"\u5b89\u88c5 SQL DataBase"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#rabbitmq","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5 RabbitMQ"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#memcached","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002","title":"\u5b89\u88c5 Memcached"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#openstack_1","text":"","title":"\u5b89\u88c5 OpenStack"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#keystone","text":"\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient==4.0.2 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#glance","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#placement","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a . admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name","title":"Placement\u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#nova","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u5219 virt_type \u53ef\u4ee5\u914d\u7f6e\u4e3a kvm \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF chown nova:nova /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u5e76\u4e14\u5f53ARM\u67b6\u6784\u4e0b\u7684\u90e8\u7f72\u73af\u5883\u4e3a\u5d4c\u5957\u865a\u62df\u5316\u65f6\uff0c libvirt \u914d\u7f6e\u5982\u4e0b\uff1a [libvirt] virt_type = qemu cpu_mode = custom cpu_model = cortex-a72 \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CTL) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL)","title":"Nova \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#neutron","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl restart neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list","title":"Neutron \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#cinder","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list","title":"Cinder \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#horizon","text":"\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740","title":"horizon \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Train\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin","title":"Tempest \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; 2. \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u542f\u52a8\u670d\u52a1 systemctl enable openstack-ironic-api openstack-ironic-conductor systemctl start openstack-ironic-api openstack-ironic-conductor \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y 2. \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7.deploy ramdisk\u955c\u50cf\u5236\u4f5c T\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528T\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728T\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a T\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target \u5728Train\u4e2d\uff0c\u6211\u4eec\u8fd8\u63d0\u4f9b\u4e86ironic-inspector\u7b49\u670d\u52a1\uff0c\u7528\u6237\u53ef\u6839\u636e\u81ea\u8eab\u9700\u6c42\u5b89\u88c5\u3002","title":"Ironic \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#kolla","text":"Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u8fdb\u884c\u76f8\u5173\u7684\u955c\u50cf\u5236\u4f5c\u548c\u5bb9\u5668\u73af\u5883\u90e8\u7f72\u4e86\u3002","title":"Kolla \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 1.\u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; 2.\u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --domain default --password-prompt trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s 3.\u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1.\u5b89\u88c5 Trove \u5305 yum install openstack-trove python3-troveclient 2.\u914d\u7f6e trove.conf vim /etc/trove/trove.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller:5000/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 swift_url = http://controller:8080/v1/AUTH_ rpc_backend = rabbit transport_url = rabbit://openstack:RABBIT_PASS@controller:5672 auth_strategy = keystone add_addresses = True api_paste_config = /etc/trove/api-paste.ini nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASSWORD nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver = trove.network.neutron.NeutronDriver network_label_regex = .* [database] connection = mysql+pymysql://trove:TROVE_DBPASSWORD@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ auth_type = password project_domain_name = default user_domain_name = default project_name = service username = trove password = TROVE_PASSWORD \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 3.\u914d\u7f6e trove-guestagent.conf vim /etc/trove/trove-guestagent.conf rabbit_host = controller rabbit_password = RABBIT_PASS trove_auth_url = http://controller:5000/ \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 4.\u751f\u6210\u6570\u636e Trove \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"trove-manage db_sync\" trove 4.\u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#swift","text":"Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service","title":"Swift \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#cyborg","text":"Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 1.\u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 3.\u5b89\u88c5Cyborg yum install openstack-cyborg 4.\u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f 5.\u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade 6.\u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent","title":"Cyborg \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#aodh","text":"1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 3.\u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync 6.\u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service","title":"Aodh \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#gnocchi","text":"1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 3.\u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade 6.\u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service","title":"Gnocchi \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#ceilometer","text":"1.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering 2.\u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central 3.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade 6.\u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service","title":"Ceilometer \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#heat","text":"1.\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; 2.\u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin 3.\u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 4.\u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user 5.\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine 6.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 7.\u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat 8.\u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service","title":"Heat \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#openstack-sigoos","text":"oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 pip install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.03-LTS-SP4\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.03-lts-sp4 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r train \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.03-lts-sp4 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"\u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#openstack-sigopensd","text":"opensd\u7528\u4e8e\u6279\u91cf\u5730\u811a\u672c\u5316\u90e8\u7f72openstack\u5404\u7ec4\u4ef6\u670d\u52a1\u3002","title":"\u57fa\u4e8eOpenStack SIG\u90e8\u7f72\u5de5\u5177opensd\u90e8\u7f72"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#_4","text":"","title":"\u90e8\u7f72\u6b65\u9aa4"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#1","text":"\u88c5\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u9700\u5c06selinux\u8bbe\u7f6e\u4e3adisable \u88c5\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u5c06/etc/ssh/sshd_config\u914d\u7f6e\u6587\u4ef6\u5185\u7684UseDNS\u8bbe\u7f6e\u4e3ano \u64cd\u4f5c\u7cfb\u7edf\u8bed\u8a00\u5fc5\u987b\u8bbe\u7f6e\u4e3a\u82f1\u6587 \u90e8\u7f72\u4e4b\u524d\u8bf7\u786e\u4fdd\u6240\u6709\u8ba1\u7b97\u8282\u70b9/etc/hosts\u6587\u4ef6\u5185\u6ca1\u6709\u5bf9\u8ba1\u7b97\u4e3b\u673a\u7684\u89e3\u6790","title":"1. \u90e8\u7f72\u524d\u9700\u8981\u786e\u8ba4\u7684\u4fe1\u606f"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#2-ceph-pool","text":"\u4e0d\u4f7f\u7528ceph\u6216\u5df2\u6709ceph\u96c6\u7fa4\u53ef\u5ffd\u7565\u6b64\u6b65\u9aa4 \u5728\u4efb\u610f\u4e00\u53f0ceph monitor\u8282\u70b9\u6267\u884c:","title":"2. ceph pool\u4e0e\u8ba4\u8bc1\u521b\u5efa\uff08\u53ef\u9009\uff09"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#21-pool","text":"ceph osd pool create volumes 2048 ceph osd pool create images 2048","title":"2.1 \u521b\u5efapool:"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#22-pool","text":"rbd pool init volumes rbd pool init images","title":"2.2 \u521d\u59cb\u5316pool"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#23","text":"ceph auth get-or-create client.glance mon 'profile rbd' osd 'profile rbd pool=images' mgr 'profile rbd pool=images' ceph auth get-or-create client.cinder mon 'profile rbd' osd 'profile rbd pool=volumes, profile rbd pool=images' mgr 'profile rbd pool=volumes'","title":"2.3 \u521b\u5efa\u7528\u6237\u8ba4\u8bc1"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#3-lvm","text":"\u6839\u636e\u7269\u7406\u673a\u78c1\u76d8\u914d\u7f6e\u4e0e\u95f2\u7f6e\u60c5\u51b5\uff0c\u4e3amysql\u6570\u636e\u76ee\u5f55\u6302\u8f7d\u989d\u5916\u7684\u78c1\u76d8\u7a7a\u95f4\u3002\u793a\u4f8b\u5982\u4e0b\uff08\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u505a\u914d\u7f6e\uff09\uff1a fdisk -l Disk /dev/sdd: 479.6 GB, 479559942144 bytes, 936640512 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes Disk label type: dos Disk identifier: 0x000ed242 \u521b\u5efa\u5206\u533a parted /dev/sdd mkparted 0 -1 \u521b\u5efapv partprobe /dev/sdd1 pvcreate /dev/sdd1 \u521b\u5efa\u3001\u6fc0\u6d3bvg vgcreate vg_mariadb /dev/sdd1 vgchange -ay vg_mariadb \u67e5\u770bvg\u5bb9\u91cf vgdisplay --- Volume group --- VG Name vg_mariadb System ID Format lvm2 Metadata Areas 1 Metadata Sequence No 2 VG Access read/write VG Status resizable MAX LV 0 Cur LV 1 Open LV 1 Max PV 0 Cur PV 1 Act PV 1 VG Size 446.62 GiB PE Size 4.00 MiB Total PE 114335 Alloc PE / Size 114176 / 446.00 GiB Free PE / Size 159 / 636.00 MiB VG UUID bVUmDc-VkMu-Vi43-mg27-TEkG-oQfK-TvqdEc \u521b\u5efalv lvcreate -L 446G -n lv_mariadb vg_mariadb \u683c\u5f0f\u5316\u78c1\u76d8\u5e76\u83b7\u53d6\u5377\u7684UUID mkfs.ext4 /dev/mapper/vg_mariadb-lv_mariadb blkid /dev/mapper/vg_mariadb-lv_mariadb /dev/mapper/vg_mariadb-lv_mariadb: UUID=\"98d513eb-5f64-4aa5-810e-dc7143884fa2\" TYPE=\"ext4\" \u6ce8\uff1a98d513eb-5f64-4aa5-810e-dc7143884fa2\u4e3a\u5377\u7684UUID \u6302\u8f7d\u78c1\u76d8 mount /dev/mapper/vg_mariadb-lv_mariadb /var/lib/mysql rm -rf /var/lib/mysql/*","title":"3. \u914d\u7f6elvm\uff08\u53ef\u9009\uff09"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#4-yum-repo","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"4. \u914d\u7f6eyum repo"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#41-yum","text":"mkdir /etc/yum.repos.d/bak/ mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak/","title":"4.1 \u5907\u4efdyum\u6e90"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#42-yum-repo","text":"cat > /etc/yum.repos.d/opensd.repo << EOF [train] name=train baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP4:/Epol:/Multi-Version:/OpenStack:/Train/standard_$basearch/ enabled=1 gpgcheck=0 [epol] name=epol baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP4:/Epol/standard_$basearch/ enabled=1 gpgcheck=0 [everything] name=everything baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP4s/standard_$basearch/ enabled=1 gpgcheck=0 EOF","title":"4.2 \u914d\u7f6eyum repo"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#43-yum","text":"yum clean all yum makecache","title":"4.3 \u66f4\u65b0yum\u7f13\u5b58"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#5-opensd","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"5. \u5b89\u88c5opensd"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#51-opensd","text":"git clone https://gitee.com/openeuler/opensd cd opensd python3 setup.py install","title":"5.1 \u514b\u9686opensd\u6e90\u7801\u5e76\u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#6-ssh","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"6. \u505assh\u4e92\u4fe1"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#61","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u5e76\u4e00\u8def\u56de\u8f66 ssh-keygen","title":"6.1 \u751f\u6210\u5bc6\u94a5\u5bf9"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#62-ip","text":"\u5728auto_ssh_host_ip\u4e2d\u914d\u7f6e\u6240\u6709\u7528\u5230\u7684\u4e3b\u673aip, \u793a\u4f8b\uff1a cd /usr/local/share/opensd/tools/ vim auto_ssh_host_ip 10.0.0.1 10.0.0.2 ... 10.0.0.10","title":"6.2 \u751f\u6210\u4e3b\u673aIP\u5730\u5740\u6587\u4ef6"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#63","text":"\u5c06\u514d\u5bc6\u811a\u672c /usr/local/bin/opensd-auto-ssh \u5185123123\u66ff\u6362\u4e3a\u4e3b\u673a\u771f\u5b9e\u5bc6\u7801 # \u66ff\u6362\u811a\u672c\u5185123123\u5b57\u7b26\u4e32 vim /usr/local/bin/opensd-auto-ssh ## \u5b89\u88c5expect\u540e\u6267\u884c\u811a\u672c dnf install expect -y opensd-auto-ssh","title":"6.3 \u66f4\u6539\u5bc6\u7801\u5e76\u6267\u884c\u811a\u672c"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#64-ceph-monitor","text":"ssh-copy-id root@x.x.x.x","title":"6.4 \u90e8\u7f72\u8282\u70b9\u4e0eceph monitor\u505a\u4e92\u4fe1\uff08\u53ef\u9009\uff09"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#7-opensd","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"7. \u914d\u7f6eopensd"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#71","text":"\u5b89\u88c5 python3-pbr, python3-utils, python3-pyyaml, python3-oslo-utils\u5e76\u968f\u673a\u751f\u6210\u5bc6\u7801 dnf install python3-pbr python3-utils python3-pyyaml python3-oslo-utils -y # \u6267\u884c\u547d\u4ee4\u751f\u6210\u5bc6\u7801 opensd-genpwd # \u68c0\u67e5\u5bc6\u7801\u662f\u5426\u751f\u6210 cat /usr/local/share/opensd/etc_examples/opensd/passwords.yml","title":"7.1 \u751f\u6210\u968f\u673a\u5bc6\u7801"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#72-inventory","text":"\u4e3b\u673a\u4fe1\u606f\u5305\u542b\uff1a\u4e3b\u673a\u540d\u3001ansible_host IP\u3001availability_zone\uff0c\u4e09\u8005\u5747\u9700\u914d\u7f6e\u7f3a\u4e00\u4e0d\u53ef\uff0c\u793a\u4f8b\uff1a vim /usr/local/share/opensd/ansible/inventory/multinode # \u4e09\u53f0\u63a7\u5236\u8282\u70b9\u4e3b\u673a\u4fe1\u606f [control] controller1 ansible_host=10.0.0.35 availability_zone=az01.cell01.cn-yogadev-1 controller2 ansible_host=10.0.0.36 availability_zone=az01.cell01.cn-yogadev-1 controller3 ansible_host=10.0.0.37 availability_zone=az01.cell01.cn-yogadev-1 # \u7f51\u7edc\u8282\u70b9\u4fe1\u606f\uff0c\u4e0e\u63a7\u5236\u8282\u70b9\u4fdd\u6301\u4e00\u81f4 [network] controller1 ansible_host=10.0.0.35 availability_zone=az01.cell01.cn-yogadev-1 controller2 ansible_host=10.0.0.36 availability_zone=az01.cell01.cn-yogadev-1 controller3 ansible_host=10.0.0.37 availability_zone=az01.cell01.cn-yogadev-1 # cinder-volume\u670d\u52a1\u8282\u70b9\u4fe1\u606f [storage] storage1 ansible_host=10.0.0.61 availability_zone=az01.cell01.cn-yogadev-1 storage2 ansible_host=10.0.0.78 availability_zone=az01.cell01.cn-yogadev-1 storage3 ansible_host=10.0.0.82 availability_zone=az01.cell01.cn-yogadev-1 # Cell1 \u96c6\u7fa4\u4fe1\u606f [cell-control-cell1] cell1 ansible_host=10.0.0.24 availability_zone=az01.cell01.cn-yogadev-1 cell2 ansible_host=10.0.0.25 availability_zone=az01.cell01.cn-yogadev-1 cell3 ansible_host=10.0.0.26 availability_zone=az01.cell01.cn-yogadev-1 [compute-cell1] compute1 ansible_host=10.0.0.27 availability_zone=az01.cell01.cn-yogadev-1 compute2 ansible_host=10.0.0.28 availability_zone=az01.cell01.cn-yogadev-1 compute3 ansible_host=10.0.0.29 availability_zone=az01.cell01.cn-yogadev-1 [cell1:children] cell-control-cell1 compute-cell1 # Cell2\u96c6\u7fa4\u4fe1\u606f [cell-control-cell2] cell4 ansible_host=10.0.0.36 availability_zone=az03.cell02.cn-yogadev-1 cell5 ansible_host=10.0.0.37 availability_zone=az03.cell02.cn-yogadev-1 cell6 ansible_host=10.0.0.38 availability_zone=az03.cell02.cn-yogadev-1 [compute-cell2] compute4 ansible_host=10.0.0.39 availability_zone=az03.cell02.cn-yogadev-1 compute5 ansible_host=10.0.0.40 availability_zone=az03.cell02.cn-yogadev-1 compute6 ansible_host=10.0.0.41 availability_zone=az03.cell02.cn-yogadev-1 [cell2:children] cell-control-cell2 compute-cell2 [baremetal] [compute-cell1-ironic] # \u586b\u5199\u6240\u6709cell\u96c6\u7fa4\u7684control\u4e3b\u673a\u7ec4 [nova-conductor:children] cell-control-cell1 cell-control-cell2 # \u586b\u5199\u6240\u6709cell\u96c6\u7fa4\u7684compute\u4e3b\u673a\u7ec4 [nova-compute:children] compute-added compute-cell1 compute-cell2 # \u4e0b\u9762\u7684\u4e3b\u673a\u7ec4\u4fe1\u606f\u4e0d\u9700\u53d8\u52a8\uff0c\u4fdd\u7559\u5373\u53ef [compute-added] [chrony-server:children] control [pacemaker:children] control ...... ......","title":"7.2 \u914d\u7f6einventory\u6587\u4ef6"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#73","text":"\u6ce8: \u6587\u6863\u4e2d\u63d0\u5230\u7684\u6709\u6ce8\u91ca\u914d\u7f6e\u9879\u9700\u8981\u66f4\u6539\uff0c\u5176\u4ed6\u53c2\u6570\u4e0d\u9700\u8981\u66f4\u6539\uff0c\u82e5\u65e0\u76f8\u5173\u914d\u7f6e\u5219\u4e3a\u7a7a vim /usr/local/share/opensd/etc_examples/opensd/globals.yml ######################## # Network & Base options ######################## network_interface: \"eth0\" #\u7ba1\u7406\u7f51\u7edc\u7684\u7f51\u5361\u540d\u79f0 neutron_external_interface: \"eth1\" #\u4e1a\u52a1\u7f51\u7edc\u7684\u7f51\u5361\u540d\u79f0 cidr_netmask: 24 #\u7ba1\u7406\u7f51\u7684\u63a9\u7801 opensd_vip_address: 10.0.0.33 #\u63a7\u5236\u8282\u70b9\u865a\u62dfIP\u5730\u5740 cell1_vip_address: 10.0.0.34 #cell1\u96c6\u7fa4\u7684\u865a\u62dfIP\u5730\u5740 cell2_vip_address: 10.0.0.35 #cell2\u96c6\u7fa4\u7684\u865a\u62dfIP\u5730\u5740 external_fqdn: \"\" #\u7528\u4e8evnc\u8bbf\u95ee\u865a\u62df\u673a\u7684\u5916\u7f51\u57df\u540d\u5730\u5740 external_ntp_servers: [] #\u5916\u90e8ntp\u670d\u52a1\u5668\u5730\u5740 yumrepo_host: #yum\u6e90\u7684IP\u5730\u5740 yumrepo_port: #yum\u6e90\u7aef\u53e3\u53f7 environment: #yum\u6e90\u7684\u7c7b\u578b upgrade_all_packages: \"yes\" #\u662f\u5426\u5347\u7ea7\u6240\u6709\u5b89\u88c5\u7248\u7684\u7248\u672c(\u6267\u884cyum upgrade)\uff0c\u521d\u59cb\u90e8\u7f72\u8d44\u6e90\u8bf7\u8bbe\u7f6e\u4e3a\"yes\" enable_miner: \"no\" #\u662f\u5426\u5f00\u542f\u90e8\u7f72miner\u670d\u52a1 enable_chrony: \"no\" #\u662f\u5426\u5f00\u542f\u90e8\u7f72chrony\u670d\u52a1 enable_pri_mariadb: \"no\" #\u662f\u5426\u4e3a\u79c1\u6709\u4e91\u90e8\u7f72mariadb enable_hosts_file_modify: \"no\" # \u6269\u5bb9\u8ba1\u7b97\u8282\u70b9\u548c\u90e8\u7f72ironic\u670d\u52a1\u7684\u65f6\u5019\uff0c\u662f\u5426\u5c06\u8282\u70b9\u4fe1\u606f\u6dfb\u52a0\u5230`/etc/hosts` ######################## # Available zone options ######################## az_cephmon_compose: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az01\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az01\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az02\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az02\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az03\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az03\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: # `reserve_vcpu_based_on_numa`\u914d\u7f6e\u4e3a`yes` or `no`,\u4e3e\u4f8b\u8bf4\u660e\uff1a NUMA node0 CPU(s): 0-15,32-47 NUMA node1 CPU(s): 16-31,48-63 \u5f53reserve_vcpu_based_on_numa: \"yes\", \u6839\u636enuma node, \u5e73\u5747\u6bcf\u4e2anode\u9884\u7559vcpu: vcpu_pin_set = 2-15,34-47,18-31,50-63 \u5f53reserve_vcpu_based_on_numa: \"no\", \u4ece\u7b2c\u4e00\u4e2avcpu\u5f00\u59cb\uff0c\u987a\u5e8f\u9884\u7559vcpu: vcpu_pin_set = 8-64 ####################### # Nova options ####################### nova_reserved_host_memory_mb: 2048 #\u8ba1\u7b97\u8282\u70b9\u7ed9\u8ba1\u7b97\u670d\u52a1\u9884\u7559\u7684\u5185\u5b58\u5927\u5c0f enable_cells: \"yes\" #cell\u8282\u70b9\u662f\u5426\u5355\u72ec\u8282\u70b9\u90e8\u7f72 support_gpu: \"False\" #cell\u8282\u70b9\u662f\u5426\u6709GPU\u670d\u52a1\u5668\uff0c\u5982\u679c\u6709\u5219\u4e3aTrue\uff0c\u5426\u5219\u4e3aFalse ####################### # Neutron options ####################### monitor_ip: - 10.0.0.9 #\u914d\u7f6e\u76d1\u63a7\u8282\u70b9 - 10.0.0.10 enable_meter_full_eip: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8EIP\u5168\u91cf\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter_port_forwarding: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8port forwarding\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter_ecs_ipv6: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8ecs_ipv6\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter: True #\u914d\u7f6e\u662f\u5426\u5f00\u542f\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue is_sdn_arch: False #\u914d\u7f6e\u662f\u5426\u662fsdn\u67b6\u6784\uff0c\u9ed8\u8ba4\u4e3aFalse # \u9ed8\u8ba4\u4f7f\u80fd\u7684\u7f51\u7edc\u7c7b\u578b\u662fvlan,vlan\u548cvxlan\u4e24\u79cd\u7c7b\u578b\u53ea\u80fd\u4e8c\u9009\u4e00. enable_vxlan_network_type: False # \u9ed8\u8ba4\u4f7f\u80fd\u7684\u7f51\u7edc\u7c7b\u578b\u662fvlan,\u5982\u679c\u4f7f\u7528vxlan\u7f51\u7edc\uff0c\u914d\u7f6e\u4e3aTrue, \u5982\u679c\u4f7f\u7528vlan\u7f51\u7edc\uff0c\u914d\u7f6e\u4e3aFalse. enable_neutron_fwaas: False # \u73af\u5883\u6709\u4f7f\u7528\u9632\u706b\u5899, \u8bbe\u7f6e\u4e3aTrue, \u4f7f\u80fd\u9632\u62a4\u5899\u529f\u80fd. # Neutron provider neutron_provider_networks: network_types: \"{{ 'vxlan' if enable_vxlan_network_type else 'vlan' }}\" network_vlan_ranges: \"default:xxx:xxx\" #\u90e8\u7f72\u4e4b\u524d\u89c4\u5212\u7684\u4e1a\u52a1\u7f51\u7edcvlan\u8303\u56f4 network_mappings: \"default:br-provider\" network_interface: \"{{ neutron_external_interface }}\" network_vxlan_ranges: \"\" #\u90e8\u7f72\u4e4b\u524d\u89c4\u5212\u7684\u4e1a\u52a1\u7f51\u7edcvxlan\u8303\u56f4 # \u5982\u4e0b\u8fd9\u4e9b\u914d\u7f6e\u662fSND\u63a7\u5236\u5668\u7684\u914d\u7f6e\u53c2\u6570, `enable_sdn_controller`\u8bbe\u7f6e\u4e3aTrue, \u4f7f\u80fdSND\u63a7\u5236\u5668\u529f\u80fd. # \u5176\u4ed6\u53c2\u6570\u8bf7\u6839\u636e\u90e8\u7f72\u4e4b\u524d\u7684\u89c4\u5212\u548cSDN\u90e8\u7f72\u4fe1\u606f\u786e\u5b9a. enable_sdn_controller: False sdn_controller_ip_address: # SDN\u63a7\u5236\u5668ip\u5730\u5740 sdn_controller_username: # SDN\u63a7\u5236\u5668\u7684\u7528\u6237\u540d sdn_controller_password: # SDN\u63a7\u5236\u5668\u7684\u7528\u6237\u5bc6\u7801 ####################### # Dimsagent options ####################### enable_dimsagent: \"no\" # \u5b89\u88c5\u955c\u50cf\u670d\u52a1agent, \u9700\u8981\u6539\u4e3ayes # Address and domain name for s2 s3_address_domain_pair: - host_ip: host_name: ####################### # Trove options ####################### enable_trove: \"no\" #\u5b89\u88c5trove \u9700\u8981\u6539\u4e3ayes #default network trove_default_neutron_networks: #trove \u7684\u7ba1\u7406\u7f51\u7edcid `openstack network list|grep -w trove-mgmt|awk '{print$2}'` #s3 setup(\u5982\u679c\u6ca1\u6709s3,\u4ee5\u4e0b\u503c\u586bnull) s3_endpoint_host_ip: #s3\u7684ip s3_endpoint_host_name: #s3\u7684\u57df\u540d s3_endpoint_url: #s3\u7684url \u00b7\u4e00\u822c\u4e3ahttp\uff1a//s3\u57df\u540d s3_access_key: #s3\u7684ak s3_secret_key: #s3\u7684sk ####################### # Ironic options ####################### enable_ironic: \"no\" #\u662f\u5426\u5f00\u673a\u88f8\u91d1\u5c5e\u90e8\u7f72\uff0c\u9ed8\u8ba4\u4e0d\u5f00\u542f ironic_neutron_provisioning_network_uuid: ironic_neutron_cleaning_network_uuid: \"{{ ironic_neutron_provisioning_network_uuid }}\" ironic_dnsmasq_interface: ironic_dnsmasq_dhcp_range: ironic_tftp_server_address: \"{{ hostvars[inventory_hostname]['ansible_' + ironic_dnsmasq_interface]['ipv4']['address'] }}\" # \u4ea4\u6362\u673a\u8bbe\u5907\u76f8\u5173\u4fe1\u606f neutron_ml2_conf_genericswitch: genericswitch:xxxxxxx: device_type: ngs_mac_address: ip: username: password: ngs_port_default_vlan: # Package state setting haproxy_package_state: \"present\" mariadb_package_state: \"present\" rabbitmq_package_state: \"present\" memcached_package_state: \"present\" ceph_client_package_state: \"present\" keystone_package_state: \"present\" glance_package_state: \"present\" cinder_package_state: \"present\" nova_package_state: \"present\" neutron_package_state: \"present\" miner_package_state: \"present\"","title":"7.3 \u914d\u7f6e\u5168\u5c40\u53d8\u91cf"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#74-ssh","text":"dnf install ansible -y ansible all -i /usr/local/share/opensd/ansible/inventory/multinode -m ping # \u6267\u884c\u7ed3\u679c\u663e\u793a\u6bcf\u53f0\u4e3b\u673a\u90fd\u662f\"SUCCESS\"\u5373\u8bf4\u660e\u8fde\u63a5\u72b6\u6001\u6ca1\u95ee\u9898,\u793a\u4f8b\uff1a compute1 | SUCCESS => { \"ansible_facts\": { \"discovered_interpreter_python\": \"/usr/bin/python\" }, \"changed\": false, \"ping\": \"pong\" }","title":"7.4 \u68c0\u67e5\u6240\u6709\u8282\u70b9ssh\u8fde\u63a5\u72b6\u6001"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#8","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"8. \u6267\u884c\u90e8\u7f72"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#81-bootstrap","text":"# \u6267\u884c\u90e8\u7f72 opensd -i /usr/local/share/opensd/ansible/inventory/multinode bootstrap --forks 50","title":"8.1 \u6267\u884cbootstrap"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#82","text":"\u6ce8\uff1a\u6267\u884c\u91cd\u542f\u7684\u539f\u56e0\u662f:bootstrap\u53ef\u80fd\u4f1a\u5347\u5185\u6838,\u66f4\u6539selinux\u914d\u7f6e\u6216\u8005\u6709GPU\u670d\u52a1\u5668,\u5982\u679c\u88c5\u673a\u8fc7\u7a0b\u5df2\u7ecf\u662f\u65b0\u7248\u5185\u6838,selinux disable\u6216\u8005\u6ca1\u6709GPU\u670d\u52a1\u5668,\u5219\u4e0d\u9700\u8981\u6267\u884c\u8be5\u6b65\u9aa4 # \u624b\u52a8\u91cd\u542f\u5bf9\u5e94\u8282\u70b9,\u6267\u884c\u547d\u4ee4 init6 # \u91cd\u542f\u5b8c\u6210\u540e\uff0c\u518d\u6b21\u68c0\u67e5\u8fde\u901a\u6027 ansible all -i /usr/local/share/opensd/ansible/inventory/multinode -m ping # \u91cd\u542f\u5b8c\u540e\u64cd\u4f5c\u7cfb\u7edf\u540e\uff0c\u518d\u6b21\u542f\u52a8yum\u6e90","title":"8.2 \u91cd\u542f\u670d\u52a1\u5668"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#83","text":"opensd -i /usr/local/share/opensd/ansible/inventory/multinode prechecks --forks 50","title":"8.3 \u6267\u884c\u90e8\u7f72\u524d\u68c0\u67e5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#84","text":"ln -s /usr/bin/python3 /usr/bin/python \u5168\u91cf\u90e8\u7f72\uff1a opensd -i /usr/local/share/opensd/ansible/inventory/multinode deploy --forks 50 \u5355\u670d\u52a1\u90e8\u7f72\uff1a opensd -i /usr/local/share/opensd/ansible/inventory/multinode deploy --forks 50 -t service_name","title":"8.4 \u6267\u884c\u90e8\u7f72"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/","text":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 OpenStack \u7b80\u4ecb \u00b6 OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 22.03-LTS-SP4\u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Wallaby \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002 \u7ea6\u5b9a \u00b6 OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a CinderSP1 Nova Neutron \u51c6\u5907\u73af\u5883 \u00b6 \u73af\u5883\u914d\u7f6e \u00b6 \u914d\u7f6e 22.03 LTS \u5b98\u65b9yum\u6e90\uff0c\u9700\u8981\u542f\u7528EPOL\u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301OpenStack yum update yum install openstack-release-wallaby yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP4/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.03-LTS-SP4/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute \u5b89\u88c5 SQL DataBase \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef \u5b89\u88c5 RabbitMQ \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5 Memcached \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u5b89\u88c5 OpenStack \u00b6 Keystone \u5b89\u88c5 \u00b6 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Placement\u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a source ~/.admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name Nova \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [libvirt] virt_type = qemu (CPT) cpu_mode = custom (CPT) cpu_model = cortex-a72 (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] vim /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } (CPT) \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL) Neutron \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service systemctl enable neutron-l3-agent.service systemctl restart openstack-nova-api.service neutron-server.service (CTL) neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list Cinder \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list horizon \u5b89\u88c5 \u00b6 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740 Tempest \u5b89\u88c5 \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Wallaby\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin Ironic \u5b89\u88c5 \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://172.20.19.13:5050/v1 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop transport_url = rabbit://openstack:RABBITPASSWD@controller:5672/ enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:123456@172.20.19.25:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 3\u3001\u914d\u7f6e\u6d88\u606f\u5ea6\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 4\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://control:5000 www_authenticate_uri = http://control:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = control:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True 5\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 6\u3001\u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c 7\u3001\u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\uff1a ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade 8\u3001\u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service 6.\u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7.deploy ramdisk\u955c\u50cf\u5236\u4f5c W\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528W\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\uff0c\u5982\u4e0b\uff1a \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a ![ironic-err](../../img/install/ironic-err.png) \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a w\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 1. \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a ``` [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ``` 2) ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 ``` [DEFAULT] enable_auto_tls = False ``` \u8bbe\u7f6e\u6743\u9650\uff1a ``` chown -R ipa.ipa /etc/ironic_python_agent/ ``` 3. \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service ``` [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target ``` Kolla \u5b89\u88c5 \u00b6 Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 22.03 LTS\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002 Trove \u5b89\u88c5 \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 1.\u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; 2.\u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s 3.\u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 yum install openstack-trove python-troveclient 2. \u914d\u7f6e trove.conf vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] project_domain_name = Default project_name = service user_domain_name = Default password = trove username = trove auth_url = http://controller:5000/v3/ auth_type = password [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = trove project_domain_name = Default user_domain_name = Default username = trove [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 3.\u914d\u7f6e trove-guestagent.conf vim /etc/trove/trove-guestagent.conf [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 4.\u751f\u6210\u6570\u636e Trove \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"trove-manage db_sync\" trove 4.\u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Swift \u5b89\u88c5 \u00b6 Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** 4.\u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: ```shell yum install xfsprogs rsync ``` \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS ```shell mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc ``` \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: ```shell mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc ``` \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: ```shell blkid ``` \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: ```shell UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 ``` \u6302\u8f7d\u8bbe\u5907\uff1a ```shell mount /srv/node/vdb mount /srv/node/vdc ``` ***\u6ce8\u610f*** **\u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e** \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: ```shell [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock ``` **\u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740** \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: ```shell systemctl enable rsyncd.service systemctl start rsyncd.service ``` 5.\u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: ```shell yum install openstack-swift-account openstack-swift-container openstack-swift-object ``` \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: ```shell chown -R swift:swift /srv/node ``` \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a ```shell mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift ``` 6.\u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 ```shell cd /etc/swift ``` \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: ```shell swift-ring-builder account.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a ```shell swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f *** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder account.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder account.builder rebalance ``` 7.\u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230`/etc/swift`\u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840`container.builder`\u6587\u4ef6\uff1a ```shell swift-ring-builder container.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a ```shell swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f*** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder container.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder container.builder rebalance ``` 8.\u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230`/etc/swift`\u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840`object.builder`\u6587\u4ef6\uff1a ```shell swift-ring-builder object.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d ```shell swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f *** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder object.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder object.builder rebalance ``` \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06`account.ring.gz`\uff0c`container.ring.gz`\u4ee5\u53ca `object.ring.gz`\u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684`/etc/swift`\u76ee\u5f55\u3002 9.\u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service Cyborg \u5b89\u88c5 \u00b6 Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 1.\u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 3.\u5b89\u88c5Cyborg yum install openstack-cyborg 4.\u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f 5.\u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade 6.\u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent Aodh \u5b89\u88c5 \u00b6 1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 3.\u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u6ce8\u610f aodh\u4f9d\u8d56\u7684\u8f6f\u4ef6\u5305pytho3-pyparsing\u5728openEuler\u7684OS\u4ed3\u4e0d\u9002\u914d\uff0c\u9700\u8981\u8986\u76d6\u5b89\u88c5OpenStack\u5bf9\u5e94\u7248\u672c\uff0c\u53ef\u4ee5\u4f7f\u7528 yum list |grep pyparsing |grep OpenStack | awk '{print $2}' \u83b7\u53d6\u5bf9\u5e94\u7684\u7248\u672c VERSION,\u7136\u540e\u518d yum install -y python3-pyparsing-VERSION \u8986\u76d6\u5b89\u88c5\u9002\u914d\u7684pyparsing 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync 6.\u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service Gnocchi \u5b89\u88c5 \u00b6 1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 3.\u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade 6.\u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service Ceilometer \u5b89\u88c5 \u00b6 1.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering 2.\u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central 3.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade 6.\u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Heat \u5b89\u88c5 \u00b6 1.\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; 2.\u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin 3.\u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 4.\u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user 5.\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine 6.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 7.\u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat 8.\u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 \u00b6 oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 pip install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.03-LTS-SP4\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.03-lts-sp4 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r wallaby \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.03-lts-sp4 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"openEuler-22.03-LTS-SP4_Wallaby"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#openstack-wallaby","text":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72","title":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#openstack","text":"OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 22.03-LTS-SP4\u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Wallaby \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002","title":"OpenStack \u7b80\u4ecb"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#_1","text":"OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a CinderSP1 Nova Neutron","title":"\u7ea6\u5b9a"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#_2","text":"","title":"\u51c6\u5907\u73af\u5883"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#_3","text":"\u914d\u7f6e 22.03 LTS \u5b98\u65b9yum\u6e90\uff0c\u9700\u8981\u542f\u7528EPOL\u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301OpenStack yum update yum install openstack-release-wallaby yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP4/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.03-LTS-SP4/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute","title":"\u73af\u5883\u914d\u7f6e"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#sql-database","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef","title":"\u5b89\u88c5 SQL DataBase"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#rabbitmq","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5 RabbitMQ"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#memcached","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002","title":"\u5b89\u88c5 Memcached"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#openstack_1","text":"","title":"\u5b89\u88c5 OpenStack"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#keystone","text":"\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#glance","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#placement","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a source ~/.admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name","title":"Placement\u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#nova","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [libvirt] virt_type = qemu (CPT) cpu_mode = custom (CPT) cpu_model = cortex-a72 (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] vim /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } (CPT) \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL)","title":"Nova \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#neutron","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service systemctl enable neutron-l3-agent.service systemctl restart openstack-nova-api.service neutron-server.service (CTL) neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list","title":"Neutron \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#cinder","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list","title":"Cinder \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#horizon","text":"\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740","title":"horizon \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Wallaby\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin","title":"Tempest \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://172.20.19.13:5050/v1 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop transport_url = rabbit://openstack:RABBITPASSWD@controller:5672/ enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:123456@172.20.19.25:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 3\u3001\u914d\u7f6e\u6d88\u606f\u5ea6\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 4\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://control:5000 www_authenticate_uri = http://control:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = control:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True 5\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 6\u3001\u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c 7\u3001\u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\uff1a ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade 8\u3001\u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service 6.\u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7.deploy ramdisk\u955c\u50cf\u5236\u4f5c W\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528W\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\uff0c\u5982\u4e0b\uff1a \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a ![ironic-err](../../img/install/ironic-err.png) \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a w\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 1. \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a ``` [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ``` 2) ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 ``` [DEFAULT] enable_auto_tls = False ``` \u8bbe\u7f6e\u6743\u9650\uff1a ``` chown -R ipa.ipa /etc/ironic_python_agent/ ``` 3. \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service ``` [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target ```","title":"Ironic \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#kolla","text":"Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 22.03 LTS\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002","title":"Kolla \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 1.\u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; 2.\u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s 3.\u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 yum install openstack-trove python-troveclient 2. \u914d\u7f6e trove.conf vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] project_domain_name = Default project_name = service user_domain_name = Default password = trove username = trove auth_url = http://controller:5000/v3/ auth_type = password [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = trove project_domain_name = Default user_domain_name = Default username = trove [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 3.\u914d\u7f6e trove-guestagent.conf vim /etc/trove/trove-guestagent.conf [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 4.\u751f\u6210\u6570\u636e Trove \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"trove-manage db_sync\" trove 4.\u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#swift","text":"Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** 4.\u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: ```shell yum install xfsprogs rsync ``` \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS ```shell mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc ``` \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: ```shell mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc ``` \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: ```shell blkid ``` \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: ```shell UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 ``` \u6302\u8f7d\u8bbe\u5907\uff1a ```shell mount /srv/node/vdb mount /srv/node/vdc ``` ***\u6ce8\u610f*** **\u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e** \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: ```shell [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock ``` **\u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740** \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: ```shell systemctl enable rsyncd.service systemctl start rsyncd.service ``` 5.\u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: ```shell yum install openstack-swift-account openstack-swift-container openstack-swift-object ``` \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: ```shell chown -R swift:swift /srv/node ``` \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a ```shell mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift ``` 6.\u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 ```shell cd /etc/swift ``` \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: ```shell swift-ring-builder account.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a ```shell swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f *** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder account.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder account.builder rebalance ``` 7.\u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230`/etc/swift`\u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840`container.builder`\u6587\u4ef6\uff1a ```shell swift-ring-builder container.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a ```shell swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f*** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder container.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder container.builder rebalance ``` 8.\u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230`/etc/swift`\u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840`object.builder`\u6587\u4ef6\uff1a ```shell swift-ring-builder object.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d ```shell swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f *** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder object.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder object.builder rebalance ``` \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06`account.ring.gz`\uff0c`container.ring.gz`\u4ee5\u53ca `object.ring.gz`\u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684`/etc/swift`\u76ee\u5f55\u3002 9.\u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service","title":"Swift \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#cyborg","text":"Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 1.\u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 3.\u5b89\u88c5Cyborg yum install openstack-cyborg 4.\u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f 5.\u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade 6.\u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent","title":"Cyborg \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#aodh","text":"1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 3.\u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u6ce8\u610f aodh\u4f9d\u8d56\u7684\u8f6f\u4ef6\u5305pytho3-pyparsing\u5728openEuler\u7684OS\u4ed3\u4e0d\u9002\u914d\uff0c\u9700\u8981\u8986\u76d6\u5b89\u88c5OpenStack\u5bf9\u5e94\u7248\u672c\uff0c\u53ef\u4ee5\u4f7f\u7528 yum list |grep pyparsing |grep OpenStack | awk '{print $2}' \u83b7\u53d6\u5bf9\u5e94\u7684\u7248\u672c VERSION,\u7136\u540e\u518d yum install -y python3-pyparsing-VERSION \u8986\u76d6\u5b89\u88c5\u9002\u914d\u7684pyparsing 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync 6.\u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service","title":"Aodh \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#gnocchi","text":"1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 3.\u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade 6.\u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service","title":"Gnocchi \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#ceilometer","text":"1.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering 2.\u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central 3.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade 6.\u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service","title":"Ceilometer \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#heat","text":"1.\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; 2.\u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin 3.\u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 4.\u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user 5.\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine 6.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 7.\u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat 8.\u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service","title":"Heat \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#openstack-sigoos","text":"oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 pip install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.03-LTS-SP4\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.03-lts-sp4 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r wallaby \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.03-lts-sp4 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"\u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72"},{"location":"install/openEuler-22.09/OpenStack-yoga/","text":"OpenStack Yoga \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack Yoga \u90e8\u7f72\u6307\u5357 \u57fa\u4e8eRPM\u90e8\u7f72 \u73af\u5883\u51c6\u5907 \u65f6\u949f\u540c\u6b65 \u5b89\u88c5\u6570\u636e\u5e93 \u5b89\u88c5\u6d88\u606f\u961f\u5217 \u5b89\u88c5\u7f13\u5b58\u670d\u52a1 \u90e8\u7f72\u670d\u52a1 Keystone Glance Placement Nova Neutron Cinder Horizon Ironic Trove Swift Cyborg Aodh Gnocchi Ceilometer Heat Tempest \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u90e8\u7f72 \u57fa\u4e8eOpenStack SIG\u90e8\u7f72\u5de5\u5177opensd\u90e8\u7f72 \u90e8\u7f72\u6b65\u9aa4 1. \u90e8\u7f72\u524d\u9700\u8981\u786e\u8ba4\u7684\u4fe1\u606f 2. ceph pool\u4e0e\u8ba4\u8bc1\u521b\u5efa\uff08\u53ef\u9009\uff09 2.1 \u521b\u5efapool: 2.2 \u521d\u59cb\u5316pool 2.3 \u521b\u5efa\u7528\u6237\u8ba4\u8bc1 3. \u914d\u7f6elvm\uff08\u53ef\u9009\uff09 4. \u914d\u7f6eyum repo 4.1 \u5907\u4efdyum\u6e90 4.2 \u914d\u7f6eyum repo 4.3 \u66f4\u65b0yum\u7f13\u5b58 5. \u5b89\u88c5opensd 5.1 \u514b\u9686opensd\u6e90\u7801\u5e76\u5b89\u88c5 6. \u505assh\u4e92\u4fe1 6.1 \u751f\u6210\u5bc6\u94a5\u5bf9 6.2 \u751f\u6210\u4e3b\u673aIP\u5730\u5740\u6587\u4ef6 6.3 \u66f4\u6539\u5bc6\u7801\u5e76\u6267\u884c\u811a\u672c 6.4 \u90e8\u7f72\u8282\u70b9\u4e0eceph monitor\u505a\u4e92\u4fe1\uff08\u53ef\u9009\uff09 7. \u914d\u7f6eopensd 7.1 \u751f\u6210\u968f\u673a\u5bc6\u7801 7.2 \u914d\u7f6einventory\u6587\u4ef6 7.3 \u914d\u7f6e\u5168\u5c40\u53d8\u91cf 7.4 \u68c0\u67e5\u6240\u6709\u8282\u70b9ssh\u8fde\u63a5\u72b6\u6001 8. \u6267\u884c\u90e8\u7f72 8.1 \u6267\u884cbootstrap 8.2 \u91cd\u542f\u670d\u52a1\u5668 8.3 \u6267\u884c\u90e8\u7f72\u524d\u68c0\u67e5 8.4 \u6267\u884c\u90e8\u7f72 \u57fa\u4e8eOpenStack helm\u90e8\u7f72 \u7b80\u4ecb \u524d\u7f6e\u8bbe\u7f6e \u81ea\u52a8\u5b89\u88c5 \u624b\u52a8\u5b89\u88c5 \u4f7f\u7528 OpenStack-Helm \u65b0\u7279\u6027\u7684\u5b89\u88c5 Kolla\u652f\u6301iSula Nova\u652f\u6301\u9ad8\u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u7279\u6027 \u672c\u6587\u6863\u662fopenEuler OpenStack SIG\u7f16\u5199\u7684\u57fa\u4e8eopenEuler 22.09\u7684OpenStack\u90e8\u7f72\u6307\u5357\uff0c\u5185\u5bb9\u7531SIG\u8d21\u732e\u8005\u63d0\u4f9b\u3002\u5728\u9605\u8bfb\u8fc7\u7a0b\u4e2d\uff0c\u5982\u679c\u60a8\u6709\u4efb\u4f55\u7591\u95ee\u6216\u8005\u53d1\u73b0\u4efb\u4f55\u95ee\u9898\uff0c\u8bf7 \u8054\u7cfb SIG\u7ef4\u62a4\u4eba\u5458\uff0c\u6216\u8005\u76f4\u63a5 \u63d0\u4ea4issue \u7ea6\u5b9a \u672c\u7ae0\u8282\u63cf\u8ff0\u6587\u6863\u4e2d\u7684\u4e00\u4e9b\u901a\u7528\u7ea6\u5b9a\u3002 \u540d\u79f0 \u5b9a\u4e49 RABBIT_PASS rabbitmq\u7684\u5bc6\u7801\uff0c\u7531\u7528\u6237\u8bbe\u7f6e\uff0c\u5728OpenStack\u5404\u4e2a\u670d\u52a1\u914d\u7f6e\u4e2d\u4f7f\u7528 CINDER_PASS cinder\u670d\u52a1keystone\u7528\u6237\u7684\u5bc6\u7801\uff0c\u5728cinder\u914d\u7f6e\u4e2d\u4f7f\u7528 CINDER_DBPASS cinder\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728cinder\u914d\u7f6e\u4e2d\u4f7f\u7528 KEYSTONE_DBPASS keystone\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728keystone\u914d\u7f6e\u4e2d\u4f7f\u7528 GLANCE_PASS glance\u670d\u52a1keystone\u7528\u6237\u7684\u5bc6\u7801\uff0c\u5728glance\u914d\u7f6e\u4e2d\u4f7f\u7528 GLANCE_DBPASS glance\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728glance\u914d\u7f6e\u4e2d\u4f7f\u7528 HEAT_PASS \u5728keystone\u6ce8\u518c\u7684heat\u7528\u6237\u5bc6\u7801\uff0c\u5728heat\u914d\u7f6e\u4e2d\u4f7f\u7528 HEAT_DBPASS heat\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728heat\u914d\u7f6e\u4e2d\u4f7f\u7528 CYBORG_PASS \u5728keystone\u6ce8\u518c\u7684cyborg\u7528\u6237\u5bc6\u7801\uff0c\u5728cyborg\u914d\u7f6e\u4e2d\u4f7f\u7528 CYBORG_DBPASS cyborg\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728cyborg\u914d\u7f6e\u4e2d\u4f7f\u7528 NEUTRON_PASS \u5728keystone\u6ce8\u518c\u7684neutron\u7528\u6237\u5bc6\u7801\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 NEUTRON_DBPASS neutron\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 PROVIDER_INTERFACE_NAME \u7269\u7406\u7f51\u7edc\u63a5\u53e3\u7684\u540d\u79f0\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 OVERLAY_INTERFACE_IP_ADDRESS Controller\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406ip\u5730\u5740\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 METADATA_SECRET metadata proxy\u7684secret\u5bc6\u7801\uff0c\u5728nova\u548cneutron\u914d\u7f6e\u4e2d\u4f7f\u7528 PLACEMENT_DBPASS placement\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728placement\u914d\u7f6e\u4e2d\u4f7f\u7528 PLACEMENT_PASS \u5728keystone\u6ce8\u518c\u7684placement\u7528\u6237\u5bc6\u7801\uff0c\u5728placement\u914d\u7f6e\u4e2d\u4f7f\u7528 NOVA_DBPASS nova\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728nova\u914d\u7f6e\u4e2d\u4f7f\u7528 NOVA_PASS \u5728keystone\u6ce8\u518c\u7684nova\u7528\u6237\u5bc6\u7801\uff0c\u5728nova,cyborg,neutron\u7b49\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_DBPASS ironic\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728ironic\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_PASS \u5728keystone\u6ce8\u518c\u7684ironic\u7528\u6237\u5bc6\u7801\uff0c\u5728ironic\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_INSPECTOR_DBPASS ironic-inspector\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728ironic-inspector\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_INSPECTOR_PASS \u5728keystone\u6ce8\u518c\u7684ironic-inspector\u7528\u6237\u5bc6\u7801\uff0c\u5728ironic-inspector\u914d\u7f6e\u4e2d\u4f7f\u7528 OpenStack SIG\u63d0\u4f9b\u4e86\u591a\u79cd\u57fa\u4e8eopenEuler\u90e8\u7f72OpenStack\u7684\u65b9\u6cd5\uff0c\u4ee5\u6ee1\u8db3\u4e0d\u540c\u7684\u7528\u6237\u573a\u666f\uff0c\u8bf7\u6309\u9700\u9009\u62e9\u3002 \u57fa\u4e8eRPM\u90e8\u7f72 \u00b6 \u73af\u5883\u51c6\u5907 \u00b6 \u672c\u6587\u6863\u57fa\u4e8eOpenStack\u7ecf\u5178\u7684\u4e09\u8282\u70b9\u73af\u5883\u8fdb\u884c\u90e8\u7f72\uff0c\u4e09\u4e2a\u8282\u70b9\u5206\u522b\u662f\u63a7\u5236\u8282\u70b9(Controller)\u3001\u8ba1\u7b97\u8282\u70b9(Compute)\u3001\u5b58\u50a8\u8282\u70b9(Storage)\uff0c\u5176\u4e2d\u5b58\u50a8\u8282\u70b9\u4e00\u822c\u53ea\u90e8\u7f72\u5b58\u50a8\u670d\u52a1\uff0c\u5728\u8d44\u6e90\u6709\u9650\u7684\u60c5\u51b5\u4e0b\uff0c\u53ef\u4ee5\u4e0d\u5355\u72ec\u90e8\u7f72\u8be5\u8282\u70b9\uff0c\u628a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u670d\u52a1\u90e8\u7f72\u5230\u8ba1\u7b97\u8282\u70b9\u5373\u53ef\u3002 \u9996\u5148\u51c6\u5907\u4e09\u4e2aopenEuler 22.09\u73af\u5883\uff0c\u6839\u636e\u60a8\u7684\u73af\u5883\uff0c\u4e0b\u8f7d\u5bf9\u5e94\u7684\u955c\u50cf\u5e76\u5b89\u88c5\u5373\u53ef\uff1a ISO\u955c\u50cf \u3001 qcow2\u955c\u50cf \u3002 \u4e0b\u9762\u7684\u5b89\u88c5\u6309\u7167\u5982\u4e0b\u62d3\u6251\u8fdb\u884c\uff1a controller\uff1a192.168.0.2 compute\uff1a 192.168.0.3 storage\uff1a 192.168.0.4 \u5982\u679c\u60a8\u7684\u73af\u5883IP\u4e0d\u540c\uff0c\u8bf7\u6309\u7167\u60a8\u7684\u73af\u5883IP\u4fee\u6539\u76f8\u5e94\u7684\u914d\u7f6e\u6587\u4ef6\u3002 \u672c\u6587\u6863\u7684\u4e09\u8282\u70b9\u670d\u52a1\u62d3\u6251\u5982\u4e0b\u56fe\u6240\u793a(\u53ea\u5305\u542bKeystone\u3001Glance\u3001Nova\u3001Cinder\u3001Neutron\u8fd9\u51e0\u4e2a\u6838\u5fc3\u670d\u52a1\uff0c\u5176\u4ed6\u670d\u52a1\u8bf7\u53c2\u8003\u5177\u4f53\u90e8\u7f72\u7ae0\u8282)\uff1a \u5728\u6b63\u5f0f\u90e8\u7f72\u4e4b\u524d\uff0c\u9700\u8981\u5bf9\u6bcf\u4e2a\u8282\u70b9\u505a\u5982\u4e0b\u914d\u7f6e\u548c\u68c0\u67e5\uff1a \u4fdd\u8bc1EPOL yum\u6e90\u5df2\u914d\u7f6e \u6253\u5f00 /etc/yum.repos.d/openEuler.repo \u6587\u4ef6\uff0c\u68c0\u67e5 [EPOL] \u6e90\u662f\u5426\u5b58\u5728\uff0c\u82e5\u4e0d\u5b58\u5728\uff0c\u5219\u6dfb\u52a0\u5982\u4e0b\u5185\u5bb9: [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.09/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.09/OS/$basearch/RPM-GPG-KEY-openEuler \u4e0d\u8bba\u6539\u4e0d\u6539\u8fd9\u4e2a\u6587\u4ef6\uff0c\u65b0\u673a\u5668\u7684\u7b2c\u4e00\u6b65\u90fd\u8981\u66f4\u65b0\u4e00\u4e0byum\u6e90\uff0c\u6267\u884c yum update \u3002 \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u6bcf\u4e2a\u8282\u70b9\u5206\u522b\u4fee\u6539\u4e3b\u673a\u540d\uff0c\u4ee5controller\u4e3a\u4f8b\uff1a hostnamectl set-hostname controller vi /etc/hostname \u5185\u5bb9\u4fee\u6539\u4e3acontroller \u7136\u540e\u4fee\u6539\u6bcf\u4e2a\u8282\u70b9\u7684 /etc/hosts \u6587\u4ef6\uff0c\u65b0\u589e\u5982\u4e0b\u5185\u5bb9: 192.168.0.2 controller 192.168.0.3 compute 192.168.0.4 storage \u65f6\u949f\u540c\u6b65 \u00b6 \u96c6\u7fa4\u73af\u5883\u65f6\u523b\u8981\u6c42\u6bcf\u4e2a\u8282\u70b9\u7684\u65f6\u95f4\u4e00\u81f4\uff0c\u4e00\u822c\u7531\u65f6\u949f\u540c\u6b65\u8f6f\u4ef6\u4fdd\u8bc1\u3002\u672c\u6587\u4f7f\u7528 chrony \u8f6f\u4ef6\u3002\u6b65\u9aa4\u5982\u4e0b\uff1a Controller\u8282\u70b9 \uff1a \u5b89\u88c5\u670d\u52a1 dnf install chrony \u4fee\u6539 /etc/chrony.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u65b0\u589e\u4e00\u884c # \u8868\u793a\u5141\u8bb8\u54ea\u4e9bIP\u4ece\u672c\u8282\u70b9\u540c\u6b65\u65f6\u949f allow 192.168.0.0/24 \u91cd\u542f\u670d\u52a1 systemctl restart chronyd \u5176\u4ed6\u8282\u70b9 \u5b89\u88c5\u670d\u52a1 dnf install chrony \u4fee\u6539 /etc/chrony.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u65b0\u589e\u4e00\u884c # NTP_SERVER\u662fcontroller IP\uff0c\u8868\u793a\u4ece\u8fd9\u4e2a\u673a\u5668\u83b7\u53d6\u65f6\u95f4\uff0c\u8fd9\u91cc\u6211\u4eec\u586b192.168.0.2\uff0c\u6216\u8005\u5728`/etc/hosts`\u91cc\u914d\u7f6e\u597d\u7684controller\u540d\u5b57\u5373\u53ef\u3002 server NTP_SERVER iburst \u540c\u65f6\uff0c\u8981\u628a pool pool.ntp.org iburst \u8fd9\u4e00\u884c\u6ce8\u91ca\u6389\uff0c\u8868\u793a\u4e0d\u4ece\u516c\u7f51\u540c\u6b65\u65f6\u949f\u3002 \u91cd\u542f\u670d\u52a1 systemctl restart chronyd \u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u68c0\u67e5\u4e00\u4e0b\u7ed3\u679c\uff0c\u5728\u5176\u4ed6\u975econtroller\u8282\u70b9\u6267\u884c chronyc sources \uff0c\u8fd4\u56de\u7ed3\u679c\u7c7b\u4f3c\u5982\u4e0b\u5185\u5bb9\uff0c\u8868\u793a\u6210\u529f\u4ececontroller\u540c\u6b65\u65f6\u949f\u3002 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* 192.168.0.2 4 6 7 0 -1406ns[ +55us] +/- 16ms \u5b89\u88c5\u6570\u636e\u5e93 \u00b6 \u6570\u636e\u5e93\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528mariadb\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install mysql-config mariadb mariadb-server python3-PyMySQL \u65b0\u589e\u914d\u7f6e\u6587\u4ef6 /etc/my.cnf.d/openstack.cnf \uff0c\u5185\u5bb9\u5982\u4e0b [mysqld] bind-address = 192.168.0.2 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u542f\u52a8\u670d\u52a1\u5668 systemctl start mariadb \u521d\u59cb\u5316\u6570\u636e\u5e93\uff0c\u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef mysql_secure_installation \u793a\u4f8b\u5982\u4e0b\uff1a NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and haven't set the root password yet, you should just press enter here. Enter current password for root (enter for none): #\u8fd9\u91cc\u8f93\u5165\u5bc6\u7801\uff0c\u7531\u4e8e\u6211\u4eec\u662f\u521d\u59cb\u5316DB\uff0c\u76f4\u63a5\u56de\u8f66\u5c31\u884c OK, successfully used password, moving on... Setting the root password or using the unix_socket ensures that nobody can log into the MariaDB root user without the proper authorisation. You already have your root account protected, so you can safely answer 'n'. # \u8fd9\u91cc\u6839\u636e\u63d0\u793a\u8f93\u5165N Switch to unix_socket authentication [Y/n] N Enabled successfully! Reloading privilege tables.. ... Success! You already have your root account protected, so you can safely answer 'n'. # \u8f93\u5165Y\uff0c\u4fee\u6539\u5bc6\u7801 Change the root password? [Y/n] Y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. # \u8f93\u5165Y\uff0c\u5220\u9664\u533f\u540d\u7528\u6237 Remove anonymous users? [Y/n] Y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. # \u8f93\u5165Y\uff0c\u5173\u95edroot\u8fdc\u7a0b\u767b\u5f55\u6743\u9650 Disallow root login remotely? [Y/n] Y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. # \u8f93\u5165Y\uff0c\u5220\u9664test\u6570\u636e\u5e93 Remove test database and access to it? [Y/n] Y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. # \u8f93\u5165Y\uff0c\u91cd\u8f7d\u914d\u7f6e Reload privilege tables now? [Y/n] Y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. \u9a8c\u8bc1\uff0c\u6839\u636e\u7b2c\u56db\u6b65\u8bbe\u7f6e\u7684\u5bc6\u7801\uff0c\u68c0\u67e5\u662f\u5426\u80fd\u767b\u5f55mariadb mysql -uroot -p \u5b89\u88c5\u6d88\u606f\u961f\u5217 \u00b6 \u6d88\u606f\u961f\u5217\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528rabbitmq\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install rabbitmq-server \u542f\u52a8\u670d\u52a1 systemctl start rabbitmq-server \u914d\u7f6eopenstack\u7528\u6237\uff0c RABBIT_PASS \u662fopenstack\u670d\u52a1\u767b\u5f55\u6d88\u606f\u961f\u91cc\u7684\u5bc6\u7801\uff0c\u9700\u8981\u548c\u540e\u9762\u5404\u4e2a\u670d\u52a1\u7684\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\u3002 rabbitmqctl add_user openstack RABBIT_PASS rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5\u7f13\u5b58\u670d\u52a1 \u00b6 \u6d88\u606f\u961f\u5217\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528Memcached\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install memcached python3-memcached \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u542f\u52a8\u670d\u52a1 systemctl start memcached \u90e8\u7f72\u670d\u52a1 \u00b6 Keystone \u00b6 Keystone\u662fOpenStack\u63d0\u4f9b\u7684\u9274\u6743\u670d\u52a1\uff0c\u662f\u6574\u4e2aOpenStack\u7684\u5165\u53e3\uff0c\u63d0\u4f9b\u4e86\u79df\u6237\u9694\u79bb\u3001\u7528\u6237\u8ba4\u8bc1\u3001\u670d\u52a1\u53d1\u73b0\u7b49\u529f\u80fd\uff0c\u5fc5\u987b\u5b89\u88c5\u3002 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server \u6253\u5f00httpd.conf\u5e76\u914d\u7f6e #\u9700\u8981\u4fee\u6539\u7684\u914d\u7f6e\u6587\u4ef6\u8def\u5f84 vim /etc/httpd/conf/httpd.conf #\u4fee\u6539\u4ee5\u4e0b\u9879\uff0c\u5982\u679c\u6ca1\u6709\u5219\u65b0\u6dfb\u52a0 ServerName controller \u521b\u5efa\u8f6f\u94fe\u63a5 ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles \u9700\u8981\u5148\u5b89\u88c5python3-openstackclient dnf install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u00b6 Glance\u662fOpenStack\u63d0\u4f9b\u7684\u955c\u50cf\u670d\u52a1\uff0c\u8d1f\u8d23\u865a\u62df\u673a\u3001\u88f8\u673a\u955c\u50cf\u7684\u4e0a\u4f20\u4e0e\u4e0b\u8f7d\uff0c\u5fc5\u987b\u5b89\u88c5\u3002 Controller\u8282\u70b9 \uff1a \u521b\u5efa glance \u6570\u636e\u5e93\u5e76\u6388\u6743 mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521d\u59cb\u5316 glance \u8d44\u6e90\u5bf9\u8c61 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efa\u7528\u6237\u65f6\uff0c\u547d\u4ee4\u884c\u4f1a\u63d0\u793a\u8f93\u5165\u5bc6\u7801\uff0c\u8bf7\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u5bc6\u7801\uff0c\u4e0b\u6587\u6d89\u53ca\u5230 GLANCE_PASS \u7684\u5730\u65b9\u66ff\u6362\u6210\u8be5\u5bc6\u7801\u5373\u53ef\u3002 openstack user create --domain default --password-prompt glance User Password: Repeat User Password: \u6dfb\u52a0glance\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user glance admin \u521b\u5efaglance\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efaglance API\u670d\u52a1\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-glance \u4fee\u6539 glance \u914d\u7f6e\u6587\u4ef6 vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrcu \u4e0b\u8f7d\u955c\u50cf x86\u955c\u50cf\u4e0b\u8f7d\uff1a wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img arm\u955c\u50cf\u4e0b\u8f7d\uff1a wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-aarch64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Placement \u00b6 Placement\u662fOpenStack\u63d0\u4f9b\u7684\u8d44\u6e90\u8c03\u5ea6\u7ec4\u4ef6\uff0c\u4e00\u822c\u4e0d\u9762\u5411\u7528\u6237\uff0c\u7531Nova\u7b49\u7ec4\u4ef6\u8c03\u7528\uff0c\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\u3002 \u5b89\u88c5\u3001\u914d\u7f6ePlacement\u670d\u52a1\u524d\uff0c\u9700\u8981\u5148\u521b\u5efa\u76f8\u5e94\u7684\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548cAPI endpoints\u3002 \u521b\u5efa\u6570\u636e\u5e93 \u4f7f\u7528root\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\u670d\u52a1\uff1a mysql -u root -p \u521b\u5efaplacement\u6570\u636e\u5e93\uff1a MariaDB [(none)]> CREATE DATABASE placement; \u6388\u6743\u6570\u636e\u5e93\u8bbf\u95ee\uff1a MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; \u66ff\u6362 PLACEMENT_DBPASS \u4e3aplacement\u6570\u636e\u5e93\u8bbf\u95ee\u5bc6\u7801\u3002 \u9000\u51fa\u6570\u636e\u5e93\u8bbf\u95ee\u5ba2\u6237\u7aef\uff1a exit \u914d\u7f6e\u7528\u6237\u548cEndpoints source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u521b\u5efaplacement\u7528\u6237\u5e76\u8bbe\u7f6e\u7528\u6237\u5bc6\u7801\uff1a openstack user create --domain default --password-prompt placement User Password: Repeat User Password: \u6dfb\u52a0placement\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user placement admin \u521b\u5efaplacement\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name placement \\ --description \"Placement API\" placement \u521b\u5efaPlacement API\u670d\u52a1endpoints\uff1a openstack endpoint create --region RegionOne \\ placement public http://controller:8778 openstack endpoint create --region RegionOne \\ placement internal http://controller:8778 openstack endpoint create --region RegionOne \\ placement admin http://controller:8778 \u5b89\u88c5\u53ca\u914d\u7f6e\u7ec4\u4ef6 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a dnf install openstack-placement-api \u7f16\u8f91 /etc/placement/placement.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u5b8c\u6210\u5982\u4e0b\u64cd\u4f5c\uff1a \u5728 [placement_database] \u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1a [placement_database] connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement \u66ff\u6362 PLACEMENT_DBPASS \u4e3aplacement\u6570\u636e\u5e93\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u6570\u636e\u5e93\u540c\u6b65\uff0c\u586b\u5145Placement\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8\u670d\u52a1 \u91cd\u542fhttpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650 source ~/.admin-openrc \u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a placement-status upgrade check +----------------------------------------------------------------------+ | Upgrade Check Results | +----------------------------------------------------------------------+ | Check: Missing Root Provider IDs | | Result: Success | | Details: None | +----------------------------------------------------------------------+ | Check: Incomplete Consumers | | Result: Success | | Details: None | +----------------------------------------------------------------------+ | Check: Policy File JSON to YAML Migration | | Result: Failure | | Details: Your policy file is JSON-formatted which is deprecated. You | | need to switch to YAML-formatted file. Use the | | ``oslopolicy-convert-json-to-yaml`` tool to convert the | | existing JSON-formatted files to YAML in a backwards- | | compatible manner: https://docs.openstack.org/oslo.policy/ | | latest/cli/oslopolicy-convert-json-to-yaml.html. | +----------------------------------------------------------------------+ \u8fd9\u91cc\u53ef\u4ee5\u770b\u5230 Policy File JSON to YAML Migration \u7684\u7ed3\u679c\u4e3aFailure\u3002\u8fd9\u662f\u56e0\u4e3a\u5728Placement\u4e2d\uff0cJSON\u683c\u5f0f\u7684policy\u6587\u4ef6\u4eceWallaby\u7248\u672c\u5f00\u59cb\u5df2\u5904\u4e8e deprecated \u72b6\u6001\u3002\u53ef\u4ee5\u53c2\u8003\u63d0\u793a\uff0c\u4f7f\u7528 oslopolicy-convert-json-to-yaml \u5de5\u5177 \u5c06\u73b0\u6709\u7684JSON\u683c\u5f0fpolicy\u6587\u4ef6\u8f6c\u5316\u4e3aYAML\u683c\u5f0f\u3002 oslopolicy-convert-json-to-yaml --namespace placement \\ --policy-file /etc/placement/policy.json \\ --output-file /etc/placement/policy.yaml mv /etc/placement/policy.json{,.bak} \u6ce8\uff1a\u5f53\u524d\u73af\u5883\u4e2d\u6b64\u95ee\u9898\u53ef\u5ffd\u7565\uff0c\u4e0d\u5f71\u54cd\u8fd0\u884c\u3002 \u9488\u5bf9placement API\u8fd0\u884c\u547d\u4ee4\uff1a \u5b89\u88c5osc-placement\u63d2\u4ef6\uff1a dnf install python3-osc-placement \u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a openstack --os-placement-api-version 1.2 resource class list --sort-column name +----------------------------+ | name | +----------------------------+ | DISK_GB | | FPGA | | ... | openstack --os-placement-api-version 1.6 trait list --sort-column name +---------------------------------------+ | name | +---------------------------------------+ | COMPUTE_ACCELERATORS | | COMPUTE_ARCH_AARCH64 | | ... | Nova \u00b6 Nova\u662fOpenStack\u7684\u8ba1\u7b97\u670d\u52a1\uff0c\u8d1f\u8d23\u865a\u62df\u673a\u7684\u521b\u5efa\u3001\u53d1\u653e\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u521b\u5efa\u6570\u636e\u5e93 \u4f7f\u7528root\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\u670d\u52a1\uff1a mysql -u root -p \u521b\u5efa nova_api \u3001 nova \u548c nova_cell0 \u6570\u636e\u5e93\uff1a MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; \u6388\u6743\u6570\u636e\u5e93\u8bbf\u95ee\uff1a MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; \u66ff\u6362 NOVA_DBPASS \u4e3anova\u76f8\u5173\u6570\u636e\u5e93\u8bbf\u95ee\u5bc6\u7801\u3002 \u9000\u51fa\u6570\u636e\u5e93\u8bbf\u95ee\u5ba2\u6237\u7aef\uff1a exit \u914d\u7f6e\u7528\u6237\u548cEndpoints source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u521b\u5efanova\u7528\u6237\u5e76\u8bbe\u7f6e\u7528\u6237\u5bc6\u7801\uff1a openstack user create --domain default --password-prompt nova User Password: Repeat User Password: \u6dfb\u52a0nova\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user nova admin \u521b\u5efanova\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name nova \\ --description \"OpenStack Compute\" compute \u521b\u5efaNova API\u670d\u52a1endpoints\uff1a openstack endpoint create --region RegionOne \\ compute public http://controller:8774/v2.1 openstack endpoint create --region RegionOne \\ compute internal http://controller:8774/v2.1 openstack endpoint create --region RegionOne \\ compute admin http://controller:8774/v2.1 \u5b89\u88c5\u53ca\u914d\u7f6e\u7ec4\u4ef6 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a dnf install openstack-nova-api openstack-nova-conductor \\ openstack-nova-novncproxy openstack-nova-scheduler \u7f16\u8f91 /etc/nova/nova.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u5b8c\u6210\u5982\u4e0b\u64cd\u4f5c\uff1a \u5728 [default] \u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u4f7f\u7528controller\u8282\u70b9\u7ba1\u7406IP\u914d\u7f6emy_ip\uff0c\u663e\u5f0f\u5b9a\u4e49log_dir\uff1a [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 192.168.0.2 log_dir = /var/log/nova \u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002 \u5728 [api_database] \u548c [database] \u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1a [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova \u66ff\u6362 NOVA_DBPASS \u4e3anova\u76f8\u5173\u6570\u636e\u5e93\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u5728 [vnc] \u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1a [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip \u5728 [glance] \u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1a [glance] api_servers = http://controller:9292 \u5728 [oslo_concurrency] \u90e8\u5206\uff0c\u914d\u7f6elock path\uff1a [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\uff1a [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u6570\u636e\u5e93\u540c\u6b65\uff1a \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova \u542f\u52a8\u670d\u52a1 systemctl enable \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service Compute\u8282\u70b9 \u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-nova-compute \u7f16\u8f91 /etc/nova/nova.conf \u914d\u7f6e\u6587\u4ef6 \u5728 [default] \u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u4f7f\u7528Compute\u8282\u70b9\u7ba1\u7406IP\u914d\u7f6emy_ip\uff0c\u663e\u5f0f\u5b9a\u4e49compute_driver\u3001instances_path\u3001log_dir\uff1a [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 192.168.0.3 compute_driver = libvirt.LibvirtDriver instances_path = /var/lib/nova/instances log_dir = /var/log/nova \u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u5728 [vnc] \u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1a [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html \u5728 [glance] \u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1a [glance] api_servers = http://controller:9292 \u5728 [oslo_concurrency] \u90e8\u5206\uff0c\u914d\u7f6elock path\uff1a [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\uff1a [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86_64\uff09 \u5904\u7406\u5668\u4e3ax86_64\u67b6\u6784\u65f6\uff0c\u53ef\u901a\u8fc7\u8fd0\u884c\u5982\u4e0b\u547d\u4ee4\u786e\u8ba4\u662f\u5426\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662f\u9ed8\u8ba4\u7684KVM\u3002\u7f16\u8f91 /etc/nova/nova.conf \u7684 [libvirt] \u90e8\u5206\uff1a [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e\u3002 \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08arm64\uff09 \u5904\u7406\u5668\u4e3aarm64\u67b6\u6784\u65f6\uff0c\u53ef\u901a\u8fc7\u8fd0\u884c\u5982\u4e0b\u547d\u4ee4\u786e\u8ba4\u662f\u5426\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff1a virt-host-validate # \u8be5\u547d\u4ee4\u7531libvirt\u63d0\u4f9b\uff0c\u6b64\u65f6libvirt\u5e94\u5df2\u4f5c\u4e3aopenstack-nova-compute\u4f9d\u8d56\u88ab\u5b89\u88c5\uff0c\u73af\u5883\u4e2d\u5df2\u6709\u6b64\u547d\u4ee4 \u663e\u793aFAIL\u65f6\uff0c\u8868\u793a\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662f\u9ed8\u8ba4\u7684KVM\u3002 QEMU: Checking if device /dev/kvm exists: FAIL (Check that CPU and firmware supports virtualization and kvm module is loaded) \u7f16\u8f91 /etc/nova/nova.conf \u7684 [libvirt] \u90e8\u5206\uff1a [libvirt] virt_type = qemu \u663e\u793aPASS\u65f6\uff0c\u8868\u793a\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e\u3002 QEMU: Checking if device /dev/kvm exists: PASS \u914d\u7f6eqemu\uff08\u4ec5arm64\uff09 \u4ec5\u5f53\u5904\u7406\u5668\u4e3aarm64\u67b6\u6784\u65f6\u9700\u8981\u6267\u884c\u6b64\u64cd\u4f5c\u3002 \u7f16\u8f91 /etc/libvirt/qemu.conf : nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u7f16\u8f91 /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } \u542f\u52a8\u670d\u52a1 systemctl enable libvirtd.service openstack-nova-compute.service systemctl start libvirtd.service openstack-nova-compute.service Controller\u8282\u70b9 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u786e\u8ba4nova-compute\u670d\u52a1\u5df2\u8bc6\u522b\u5230\u6570\u636e\u5e93\u4e2d\uff1a openstack compute service list --service nova-compute \u53d1\u73b0\u8ba1\u7b97\u8282\u70b9\uff0c\u5c06\u8ba1\u7b97\u8282\u70b9\u6dfb\u52a0\u5230cell\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova \u7ed3\u679c\u5982\u4e0b\uff1a Modules with known eventlet monkey patching issues were imported prior to eventlet monkey patching: urllib3. This warning can usually be ignored if the caller is only importing and not executing nova code. Found 2 cell mappings. Skipping cell0 since it does not contain hosts. Getting computes from cell 'cell1': 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2 Checking host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e Creating host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e Found 1 unmapped computes in cell: 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2 \u9a8c\u8bc1 \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check Neutron \u00b6 Neutron\u662fOpenStack\u7684\u7f51\u7edc\u670d\u52a1\uff0c\u63d0\u4f9b\u865a\u62df\u4ea4\u6362\u673a\u3001IP\u8def\u7531\u3001DHCP\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u670d\u52a1\u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u7528\u6237\u548c\u670d\u52a1\uff0c\u5e76\u8bb0\u4f4f\u521b\u5efaneutron\u7528\u6237\u65f6\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6eNEUTRON_PASS\uff1a source ~/.admin-openrc openstack user create --domain default --password-prompt neutron openstack role add --project service --user neutron admin openstack service create --name neutron --description \"OpenStack Networking\" network \u90e8\u7f72 Neutron API \u670d\u52a1\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 openstack endpoint create --region RegionOne network internal http://controller:9696 openstack endpoint create --region RegionOne network admin http://controller:9696 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install -y openstack-neutron openstack-neutron-linuxbridge ebtables ipset openstack-neutron-ml2 3. \u914d\u7f6eNeutron \u4fee\u6539/etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron [DEFAULT] core_plugin = ml2 service_plugins = router allow_overlapping_ips = true transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = nova password = NOVA_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u914d\u7f6eML2\uff0cML2\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge** \u4fee\u6539/etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u4fee\u6539/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u914d\u7f6eLayer-3\u4ee3\u7406 \u4fee\u6539/etc/neutron/l3_agent.ini [DEFAULT] interface_driver = linuxbridge \u914d\u7f6eDHCP\u4ee3\u7406 \u4fee\u6539/etc/neutron/dhcp_agent.ini [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u914d\u7f6emetadata\u4ee3\u7406 \u4fee\u6539/etc/neutron/metadata_agent.ini [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u914d\u7f6enova\u670d\u52a1\u4f7f\u7528neutron\uff0c\u4fee\u6539/etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542fnova api\u670d\u52a1 systemctl restart openstack-nova-api \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service systemctl start neutron-server.service neutron-linuxbridge-agent.service \\ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service Compute\u8282\u70b9 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-neutron-linuxbridge ebtables ipset -y \u914d\u7f6eNeutron \u4fee\u6539/etc/neutron/neutron.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u4fee\u6539/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u914d\u7f6enova compute\u670d\u52a1\u4f7f\u7528neutron\uff0c\u4fee\u6539/etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS \u91cd\u542fnova-compute\u670d\u52a1 systemctl restart openstack-nova-compute.service \u542f\u52a8Neutron linuxbridge agent\u670d\u52a1 systemctl enable neutron-linuxbridge-agent systemctl start neutron-linuxbridge-agent Cinder \u00b6 Cinder\u662fOpenStack\u7684\u5b58\u50a8\u670d\u52a1\uff0c\u63d0\u4f9b\u5757\u8bbe\u5907\u7684\u521b\u5efa\u3001\u53d1\u653e\u3001\u5907\u4efd\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \uff1a \u521d\u59cb\u5316\u6570\u636e\u5e93 CINDER_DBPASS \u662f\u7528\u6237\u81ea\u5b9a\u4e49\u7684cinder\u6570\u636e\u5e93\u5bc6\u7801\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u521d\u59cb\u5316Keystone\u8d44\u6e90\u5bf9\u8c61 source ~/.admin-openrc #\u521b\u5efa\u7528\u6237\u65f6\uff0c\u547d\u4ee4\u884c\u4f1a\u63d0\u793a\u8f93\u5165\u5bc6\u7801\uff0c\u8bf7\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u5bc6\u7801\uff0c\u4e0b\u6587\u6d89\u53ca\u5230`CINDER_PASS`\u7684\u5730\u65b9\u66ff\u6362\u6210\u8be5\u5bc6\u7801\u5373\u53ef\u3002 openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s 3. \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-cinder-api openstack-cinder-scheduler \u4fee\u6539cinder\u914d\u7f6e\u6587\u4ef6 /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 192.168.0.2 [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp \u6570\u636e\u5e93\u540c\u6b65 su -s /bin/sh -c \"cinder-manage db sync\" cinder \u4fee\u6539nova\u914d\u7f6e /etc/nova/nova.conf [cinder] os_region_name = RegionOne \u542f\u52a8\u670d\u52a1 systemctl restart openstack-nova-api systemctl start openstack-cinder-api openstack-cinder-scheduler Storage\u8282\u70b9 \uff1a Storage\u8282\u70b9\u8981\u63d0\u524d\u51c6\u5907\u81f3\u5c11\u4e00\u5757\u786c\u76d8\uff0c\u4f5c\u4e3acinder\u7684\u5b58\u50a8\u540e\u7aef\uff0c\u4e0b\u6587\u9ed8\u8ba4storage\u8282\u70b9\u5df2\u7ecf\u5b58\u5728\u4e00\u5757\u672a\u4f7f\u7528\u7684\u786c\u76d8\uff0c\u8bbe\u5907\u540d\u79f0\u4e3a /dev/sdb \uff0c\u7528\u6237\u5728\u914d\u7f6e\u8fc7\u7a0b\u4e2d\uff0c\u8bf7\u6309\u7167\u771f\u5b9e\u73af\u5883\u4fe1\u606f\u8fdb\u884c\u540d\u79f0\u66ff\u6362\u3002 Cinder\u652f\u6301\u5f88\u591a\u7c7b\u578b\u7684\u540e\u7aef\u5b58\u50a8\uff0c\u672c\u6307\u5bfc\u4f7f\u7528\u6700\u7b80\u5355\u7684lvm\u4e3a\u53c2\u8003\uff0c\u5982\u679c\u60a8\u60f3\u4f7f\u7528\u5982ceph\u7b49\u5176\u4ed6\u540e\u7aef\uff0c\u8bf7\u81ea\u884c\u914d\u7f6e\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils openstack-cinder-volume openstack-cinder-backup \u914d\u7f6elvm\u5377\u7ec4 pvcreate /dev/sdb vgcreate cinder-volumes /dev/sdb \u4fee\u6539cinder\u914d\u7f6e /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 192.168.0.4 enabled_backends = lvm glance_api_servers = http://controller:9292 [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = cinder password = CINDER_PASS [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver volume_group = cinder-volumes target_protocol = iscsi target_helper = lioadm [oslo_concurrency] lock_path = /var/lib/cinder/tmp \u914d\u7f6ecinder backup \uff08\u53ef\u9009\uff09 cinder-backup\u662f\u53ef\u9009\u7684\u5907\u4efd\u670d\u52a1\uff0ccinder\u540c\u6837\u652f\u6301\u5f88\u591a\u79cd\u5907\u4efd\u540e\u7aef\uff0c\u672c\u6587\u4f7f\u7528swift\u5b58\u50a8\uff0c\u5982\u679c\u60a8\u60f3\u4f7f\u7528\u5982NFS\u7b49\u540e\u7aef\uff0c\u8bf7\u81ea\u884c\u914d\u7f6e\uff0c\u4f8b\u5982\u53ef\u4ee5\u53c2\u8003 OpenStack\u5b98\u65b9\u6587\u6863 \u5bf9NFS\u7684\u914d\u7f6e\u8bf4\u660e\u3002 \u4fee\u6539 /etc/cinder/cinder.conf \uff0c\u5728 [DEFAULT] \u4e2d\u65b0\u589e [DEFAULT] backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver backup_swift_url = SWIFT_URL \u8fd9\u91cc\u7684 SWIFT_URL \u662f\u6307\u73af\u5883\u4e2dswift\u670d\u52a1\u7684URL\uff0c\u5728\u90e8\u7f72\u5b8cswift\u670d\u52a1\u540e\uff0c\u6267\u884c openstack catalog show object-store \u547d\u4ee4\u83b7\u53d6\u3002 \u542f\u52a8\u670d\u52a1 systemctl start openstack-cinder-volume target systemctl start openstack-cinder-backup (\u53ef\u9009) \u81f3\u6b64\uff0cCinder\u670d\u52a1\u7684\u90e8\u7f72\u5df2\u5168\u90e8\u5b8c\u6210\uff0c\u53ef\u4ee5\u5728controller\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u8fdb\u884c\u7b80\u5355\u7684\u9a8c\u8bc1 source ~/.admin-openrc openstack storage service list openstack volume list Horizon \u00b6 Horizon\u662fOpenStack\u63d0\u4f9b\u7684\u524d\u7aef\u9875\u9762\uff0c\u53ef\u4ee5\u8ba9\u7528\u6237\u901a\u8fc7\u7f51\u9875\u9f20\u6807\u7684\u64cd\u4f5c\u6765\u63a7\u5236OpenStack\u96c6\u7fa4\uff0c\u800c\u4e0d\u7528\u7e41\u7410\u7684CLI\u547d\u4ee4\u884c\u3002Horizon\u4e00\u822c\u90e8\u7f72\u5728\u63a7\u5236\u8282\u70b9\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-dashboard \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] OPENSTACK_KEYSTONE_URL = \"http://controller:5000/v3\" SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f\u670d\u52a1 systemctl restart httpd \u81f3\u6b64\uff0chorizon\u670d\u52a1\u7684\u90e8\u7f72\u5df2\u5168\u90e8\u5b8c\u6210\uff0c\u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165 http://192.168.0.2/dashboard \uff0c\u6253\u5f00horizon\u767b\u5f55\u9875\u9762\u3002 Ironic \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASS'; MariaDB [(none)]> exit Bye \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 \u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 \u66ff\u6362 IRONIC_PASS \u4e3aironic\u7528\u6237\u5bc6\u7801\uff0c IRONIC_INSPECTOR_PASS \u4e3aironic_inspector\u7528\u6237\u5bc6\u7801\u3002 openstack user create --password IRONIC_PASS \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASS --email ironic_inspector@example.com ironic-inspector openstack role add --project service --user ironic-inspector admin \u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal public http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal internal http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://192.168.0.2:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://192.168.0.2:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://192.168.0.2:5050/v1 \u5b89\u88c5\u7ec4\u4ef6 dnf install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf \u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASS \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQ LAlchemy connection string used to connect to the # database (string value) # connection = mysql+pymysql://ironic:IRONIC_DBPASS@DB_IP/ironic connection = mysql+pymysql://ironic:IRONIC_DBPASS@controller/ironic \u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) # transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq \u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASS \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s % (user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) # www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 www_authenticate_uri=http://controller:5000 # Complete admin Identity API endpoint. (string value) # auth_url=http://PRIVATE_IDENTITY_IP:5000 auth_url=http://controller:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASS # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none \u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema \u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 \u5982\u4e0b\u4e3aironic-conductor\u670d\u52a1\u81ea\u8eab\u7684\u6807\u51c6\u914d\u7f6e\uff0cironic-conductor\u670d\u52a1\u53ef\u4ee5\u4e0eironic-api\u670d\u52a1\u5206\u5e03\u4e8e\u4e0d\u540c\u8282\u70b9\uff0c\u672c\u6307\u5357\u4e2d\u5747\u90e8\u7f72\u4e0e\u63a7\u5236\u8282\u70b9\uff0c\u6240\u4ee5\u91cd\u590d\u7684\u914d\u7f6e\u9879\u53ef\u8df3\u8fc7\u3002 \u66ff\u6362\u4f7f\u7528conductor\u670d\u52a1\u6240\u5728host\u7684IP\u914d\u7f6emy_ip\uff1a [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) # my_ip=HOST_IP my_ip = 192.168.0.2 \u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASS \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASS@controller/ironic \u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq \u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c \u66ff\u6362IRONIC_PASS\u4e3aironic\u7528\u6237\u5bc6\u7801\u3002 [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASS # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public # \u5176\u4ed6\u53c2\u8003\u914d\u7f6e [glance] endpoint_override = http://controller:9292 www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 auth_type = password username = ironic password = IRONIC_PASS project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service [service_catalog] region_name = RegionOne project_domain_id = default user_domain_id = default project_name = service password = IRONIC_PASS username = ironic auth_url = http://controller:5000 auth_type = password \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] endpoint_override = <NEUTRON_API_ADDRESS> \u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 \u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u5b89\u88c5\u7ec4\u4ef6 dnf install openstack-ironic-inspector \u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASS'; MariaDB [(none)]> exit Bye \u914d\u7f6e /etc/ironic-inspector/inspector.conf \u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASS \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801 [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASS@controller/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 \u914d\u7f6e\u6d88\u606f\u961f\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s % (user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://controller:5000 www_authenticate_uri = http://controller:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = controller:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True \u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=192.168.0.40,192.168.0.50 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log \u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c \u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade \u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 dnf install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd deploy ramdisk\u955c\u50cf\u4e0b\u8f7d\u6216\u5236\u4f5c \u90e8\u7f72\u4e00\u4e2a\u88f8\u673a\u8282\u70b9\u603b\u5171\u9700\u8981\u4e24\u7ec4\u955c\u50cf\uff1adeploy ramdisk images\u548cuser images\u3002Deploy ramdisk images\u4e0a\u8fd0\u884c\u6709ironic-python-agent(IPA)\u670d\u52a1\uff0cIronic\u901a\u8fc7\u5b83\u8fdb\u884c\u88f8\u673a\u8282\u70b9\u7684\u73af\u5883\u51c6\u5907\u3002User images\u662f\u6700\u7ec8\u88ab\u5b89\u88c5\u88f8\u673a\u8282\u70b9\u4e0a\uff0c\u4f9b\u7528\u6237\u4f7f\u7528\u7684\u955c\u50cf\u3002 ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent-builder\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002\u82e5\u4f7f\u7528\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \uff0c\u540c\u65f6\u5b98\u65b9\u4e5f\u6709\u63d0\u4f9b\u5236\u4f5c\u597d\u7684deploy\u955c\u50cf\uff0c\u53ef\u5c1d\u8bd5\u4e0b\u8f7d\u3002 \u4e0b\u6587\u4ecb\u7ecd\u901a\u8fc7ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder dnf install python3-ironic-python-agent-builder python3-ironic-python-agent-builder-doc \u6216 pip3 install ironic-python-agent-builder dnf install qemu-img git \u6ce8\uff1a22.09\u7cfb\u7edf\u4e2d\uff0c\u4f7f\u7528dnf\u5b89\u88c5\u65f6\uff0c\u9700\u8981\u540c\u65f6\u6309\u7167\u4e3b\u5305\u548cdoc\u5305\u3002doc\u5305\u5185\u6253\u5305\u7684 /usr/share \u76ee\u5f55\u4e2d\u6587\u4ef6\u4e3a\u8fd0\u884c\u6240\u9700\uff0c\u540e\u7eed\u7cfb\u7edf\u7248\u672c\u5c06\u5408\u5e76\u6587\u4ef6\u5230python3-ironic-python-agent-builder\u5305\u4e2d\u3002 \u5236\u4f5c\u955c\u50cf \u57fa\u672c\u7528\u6cd5\uff1a usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--lzma] [--extra-args EXTRA_ARGS] [--elements-path ELEMENTS_PATH] distribution positional arguments: distribution Distribution to use options: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic-python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --lzma Use lzma compression for smaller images --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder --elements-path ELEMENTS_PATH Path(s) to custom DIB elements separated by a colon \u64cd\u4f5c\u5b9e\u4f8b\uff1a # -o\u9009\u9879\u6307\u5b9a\u751f\u6210\u7684\u955c\u50cf\u540d # ubuntu\u6307\u5b9a\u751f\u6210ubuntu\u7cfb\u7edf\u7684\u955c\u50cf ironic-python-agent-builder -o my-ubuntu-ipa ubuntu \u53ef\u901a\u8fc7\u8bbe\u7f6e ARCH \u73af\u5883\u53d8\u91cf\uff08\u9ed8\u8ba4\u4e3aamd64\uff09\u6307\u5b9a\u6240\u6784\u5efa\u955c\u50cf\u7684\u67b6\u6784\u3002\u5982\u679c\u662f arm \u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a export ARCH=aarch64 \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf,\u8bbe\u7f6e\u7528\u6237\u540d\u3001\u5bc6\u7801\uff0c\u542f\u7528 sodo \u6743\u9650\uff1b\u5e76\u6dfb\u52a0 -e \u9009\u9879\u4f7f\u7528\u76f8\u5e94\u7684DIB\u5143\u7d20\u3002\u5236\u4f5c\u955c\u50cf\u64cd\u4f5c\u5982\u4e0b\uff1a export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder -o my-ssh-ubuntu-ipa -e selinux-permissive -e devuser ubuntu \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=stable/yoga # \u6307\u5b9a\u672c\u5730\u4ed3\u5e93\u53ca\u5206\u652f DIB_REPOLOCATION_ironic_python_agent=/home/user/path/to/repo DIB_REPOREF_ironic_python_agent=my-test-branch ironic-python-agent-builder ubuntu \u53c2\u8003\uff1a source-repositories \u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\u3002 \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a \u5f53\u524d\u7248\u672c\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ ramdisk\u955c\u50cf\u4e2d\u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 \u7f16\u8f91/usr/lib/systemd/system/ironic-python-agent.service\u6587\u4ef6 [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target Trove \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2atrove\u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684trove\u6570\u636e\u5e93\uff0c\u66ff\u6362TROVE_DBPASS\u4e3a\u5408\u9002\u7684\u5bc6\u7801\u3002 CREATE DATABASE trove CHARACTER SET utf8; GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' IDENTIFIED BY 'TROVE_DBPASS'; GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' IDENTIFIED BY 'TROVE_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 # \u521b\u5efatrove\u7528\u6237 openstack user create --domain default --password-prompt trove # \u6dfb\u52a0admin\u89d2\u8272 openstack role add --project service --user trove admin # \u521b\u5efadatabase\u670d\u52a1 openstack service create --name trove --description \"Database service\" database \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5Trove\u3002 dnf install openstack-trove python-troveclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 \u7f16\u8f91/etc/trove/trove.conf\u3002 [DEFAULT] bind_host=192.168.0.2 log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver network_label_regex=.* management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] auth_url = http://controller:5000/v3/ auth_type = password project_domain_name = Default project_name = service user_domain_name = Default password = trove username = TROVE_PASS [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = trove password = TROVE_PASS [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u63a7\u5236\u8282\u70b9\u7684IP\u3002\\ transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801\u3002\\ [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f\u3002\\ Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801\u3002 \u7f16\u8f91/etc/trove/trove-guestagent.conf\u3002 [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df\u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a\u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002\\ transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801\u3002\\ Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801\u3002\\ \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 \u6570\u636e\u5e93\u540c\u6b65\u3002 su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-trove-api.service openstack-trove-taskmanager.service \\ openstack-trove-conductor.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Swift \u00b6 Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 Controller\u8282\u70b9 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 # \u521b\u5efaswift\u7528\u6237 openstack user create --domain default --password-prompt swift # \u6dfb\u52a0admin\u89d2\u8272 openstack role add --project service --user swift admin # \u521b\u5efa\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5Swift\u3002 dnf install openstack-swift-proxy python3-swiftclient python3-keystoneclient \\ python3-keystonemiddleware memcached \u914d\u7f6eproxy-server\u3002 Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cSWIFT_PASS\u5373\u53ef\u3002 vim /etc/swift/proxy-server.conf [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = swift password = SWIFT_PASS delay_auth_decision = True service_token_roles_required = True Storage\u8282\u70b9 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305\u3002 dnf install openstack-swift-account openstack-swift-container openstack-swift-object dnf install xfsprogs rsync \u5c06\u8bbe\u5907/dev/sdb\u548c/dev/sdc\u683c\u5f0f\u5316\u4e3aXFS\u3002 mkfs.xfs /dev/sdb mkfs.xfs /dev/sdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u3002 mkdir -p /srv/node/sdb mkdir -p /srv/node/sdc \u627e\u5230\u65b0\u5206\u533a\u7684UUID\u3002 blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d\u3002 UUID=\"<UUID-from-output-above>\" /srv/node/sdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/sdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\u3002 mount /srv/node/sdb mount /srv/node/sdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e\u3002 \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u914d\u7f6e\u5b58\u50a8\u8282\u70b9\u3002 \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 [DEFAULT] bind_ip = 192.168.0.4 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743\u3002 chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\u3002 mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift Controller\u8282\u70b9\u521b\u5efa\u5e76\u5206\u53d1\u73af \u521b\u5efa\u8d26\u53f7\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840 account.builder \u6587\u4ef6\u3002 swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder account.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS \\ --port 6202 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u8d26\u53f7\u73af\u5185\u5bb9\u3002 swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u8d26\u53f7\u73af\u3002 swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\u3002 swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder container.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u5bb9\u5668\u73af\u5185\u5bb9\u3002 swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u5bb9\u5668\u73af\u3002 swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\u3002 swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder object.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS \\ --port 6200 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u5bf9\u8c61\u73af\u5185\u5bb9\u3002 swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u5bf9\u8c61\u73af\u3002 swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\u3002 \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/swift/swift.conf\u3002 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\u3002 chown -R root:swift /etc/swift \u5b8c\u6210\u5b89\u88c5 \u5728\u63a7\u5236\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\u3002 systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\u3002 systemctl enable openstack-swift-account.service \\ openstack-swift-account-auditor.service \\ openstack-swift-account-reaper.service \\ openstack-swift-account-replicator.service \\ openstack-swift-container.service \\ openstack-swift-container-auditor.service \\ openstack-swift-container-replicator.service \\ openstack-swift-container-updater.service \\ openstack-swift-object.service \\ openstack-swift-object-auditor.service \\ openstack-swift-object-replicator.service \\ openstack-swift-object-updater.service systemctl start openstack-swift-account.service \\ openstack-swift-account-auditor.service \\ openstack-swift-account-reaper.service \\ openstack-swift-account-replicator.service \\ openstack-swift-container.service \\ openstack-swift-container-auditor.service \\ openstack-swift-container-replicator.service \\ openstack-swift-container-updater.service \\ openstack-swift-object.service \\ openstack-swift-object-auditor.service \\ openstack-swift-object-replicator.service \\ openstack-swift-object-updater.service Cyborg \u00b6 Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 Controller\u8282\u70b9 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 mysql -u root -p MariaDB [(none)]> CREATE DATABASE cyborg; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u7528\u6237\u548c\u670d\u52a1\uff0c\u5e76\u8bb0\u4f4f\u521b\u5efacybory\u7528\u6237\u65f6\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6eCYBORG_PASS source ~/.admin-openrc openstack user create --domain default --password-prompt cyborg openstack role add --project service --user cyborg admin openstack service create --name cyborg --description \"Acceleration Service\" accelerator \u4f7f\u7528uwsgi\u90e8\u7f72Cyborg api\u670d\u52a1 openstack endpoint create --region RegionOne accelerator public http://controller/accelerator/v2 openstack endpoint create --region RegionOne accelerator internal http://controller/accelerator/v2 openstack endpoint create --region RegionOne accelerator admin http://controller/accelerator/v2 \u5b89\u88c5Cyborg dnf install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [api] host_ip = 0.0.0.0 [database] connection = mysql+pymysql://cyborg:CYBORG_DBPASS@controller/cyborg [service_catalog] cafile = /opt/stack/data/ca-bundle.pem project_domain_id = default user_domain_id = default project_name = service password = CYBORG_PASS username = cyborg auth_url = http://controller:5000/v3/ auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = password username = PLACEMENT_PASS auth_url = http://controller:5000/v3/ auth_type = password auth_section = keystone_authtoken [nova] project_domain_name = Default project_name = service user_domain_name = Default password = NOVA_PASS username = nova auth_url = http://controller:5000/v3/ auth_type = password auth_section = keystone_authtoken [keystone_authtoken] memcached_servers = localhost:11211 signing_dir = /var/cache/cyborg/api cafile = /opt/stack/data/ca-bundle.pem project_domain_name = Default project_name = service user_domain_name = Default password = CYBORG_PASS username = cyborg auth_url = http://controller:5000/v3/ auth_type = password \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent Aodh \u00b6 Aodh\u53ef\u4ee5\u6839\u636e\u7531Ceilometer\u6216\u8005Gnocchi\u6536\u96c6\u7684\u76d1\u63a7\u6570\u636e\u521b\u5efa\u544a\u8b66\uff0c\u5e76\u8bbe\u7f6e\u89e6\u53d1\u89c4\u5219\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh\u3002 dnf install openstack-aodh-api openstack-aodh-evaluator \\ openstack-aodh-notifier openstack-aodh-listener \\ openstack-aodh-expirer python3-aodhclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/aodh/aodh.conf [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u540c\u6b65\u6570\u636e\u5e93\u3002 aodh-dbsync \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service \\ openstack-aodh-notifier.service openstack-aodh-listener.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service \\ openstack-aodh-notifier.service openstack-aodh-listener.service Gnocchi \u00b6 Gnocchi\u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u65f6\u95f4\u5e8f\u5217\u6570\u636e\u5e93\uff0c\u53ef\u4ee5\u5bf9\u63a5Ceilometer\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi\u3002 dnf install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. # coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u540c\u6b65\u6570\u636e\u5e93\u3002 gnocchi-upgrade \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service Ceilometer \u00b6 Ceilometer\u662fOpenStack\u4e2d\u8d1f\u8d23\u6570\u636e\u6536\u96c6\u7684\u670d\u52a1\u3002 Controller\u8282\u70b9 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer\u8f6f\u4ef6\u5305\u3002 dnf install openstack-ceilometer-notification openstack-ceilometer-central \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/pipeline.yaml\u3002 publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/ceilometer.conf\u3002 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u6570\u636e\u5e93\u540c\u6b65\u3002 ceilometer-upgrade \u5b8c\u6210\u63a7\u5236\u8282\u70b9Ceilometer\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Compute\u8282\u70b9 \u5b89\u88c5Ceilometer\u8f6f\u4ef6\u5305\u3002 dnf install openstack-ceilometer-compute dnf install openstack-ceilometer-ipmi # \u53ef\u9009 \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/ceilometer.conf\u3002 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_url = http://controller:5000 project_domain_id = default user_domain_id = default auth_type = password username = ceilometer project_name = service password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/nova/nova.conf\u3002 [DEFAULT] instance_usage_audit = True instance_usage_audit_period = hour [notifications] notify_on_state_change = vm_and_task_state [oslo_messaging_notifications] driver = messagingv2 \u5b8c\u6210\u5b89\u88c5\u3002 systemctl enable openstack-ceilometer-compute.service systemctl start openstack-ceilometer-compute.service systemctl enable openstack-ceilometer-ipmi.service # \u53ef\u9009 systemctl start openstack-ceilometer-ipmi.service # \u53ef\u9009 # \u91cd\u542fnova-compute\u670d\u52a1 systemctl restart openstack-nova-compute.service Heat \u00b6 Heat\u662f OpenStack \u81ea\u52a8\u7f16\u6392\u670d\u52a1\uff0c\u57fa\u4e8e\u63cf\u8ff0\u6027\u7684\u6a21\u677f\u6765\u7f16\u6392\u590d\u5408\u4e91\u5e94\u7528\uff0c\u4e5f\u79f0\u4e3a Orchestration Service \u3002Heat \u7684\u5404\u670d\u52a1\u4e00\u822c\u5b89\u88c5\u5728 Controller \u8282\u70b9\u4e0a\u3002 Controller\u8282\u70b9 \u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE heat; MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 source ~/.admin-openrc openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f \u521b\u5efa heat domain openstack domain create --description \"Stack projects and users\" heat \u5728 heat domain\u4e0b\u521b\u5efa heat_domain_admin \u7528\u6237\uff0c\u5e76\u8bb0\u4e0b\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6e\u4e0b\u9762\u7684 HEAT_DOMAIN_PASS openstack user create --domain heat --password-prompt heat_domain_admin \u4e3a heat_domain_admin \u7528\u6237\u589e\u52a0 admin \u89d2\u8272 openstack role add --domain heat --user-domain heat --user heat_domain_admin admin \u521b\u5efa heat_stack_owner \u89d2\u8272 openstack role create heat_stack_owner \u521b\u5efa heat_stack_user \u89d2\u8272 openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service Tempest \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 Controller\u8282\u70b9 \uff1a \u5b89\u88c5Tempest dnf install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Yoga\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a dnf install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u90e8\u7f72 \u00b6 oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 oos\u5de5\u5177\u5728\u4e0d\u65ad\u6f14\u8fdb\uff0c\u517c\u5bb9\u6027\u3001\u53ef\u7528\u6027\u4e0d\u80fd\u65f6\u523b\u4fdd\u8bc1\uff0c\u5efa\u8bae\u4f7f\u7528\u5df2\u9a8c\u8bc1\u7684\u672c\u7248\uff0c\u8fd9\u91cc\u9009\u62e9 1.0.6 pip install openstack-sig-tool==1.0.6 \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff0cAK/SK\u662f\u7528\u6237\u7684\u534e\u4e3a\u4e91\u767b\u5f55\u5bc6\u94a5\uff0c\u5176\u4ed6\u914d\u7f6e\u4fdd\u6301\u9ed8\u8ba4\u5373\u53ef\uff08\u9ed8\u8ba4\u4f7f\u7528\u65b0\u52a0\u5761region\uff09\uff0c\u9700\u8981\u63d0\u524d\u5728\u4e91\u4e0a\u521b\u5efa\u5bf9\u5e94\u7684\u8d44\u6e90\uff0c\u5305\u62ec\uff1a \u4e00\u4e2a\u5b89\u5168\u7ec4\uff0c\u540d\u5b57\u9ed8\u8ba4\u662f oos \u4e00\u4e2aopenEuler\u955c\u50cf\uff0c\u540d\u79f0\u683c\u5f0f\u662fopenEuler-%(release)s-%(arch)s\uff0c\u4f8b\u5982 openEuler-22.09-arm64 \u4e00\u4e2aVPC\uff0c\u540d\u79f0\u662f oos_vpc \u8be5VPC\u4e0b\u9762\u4e24\u4e2a\u5b50\u7f51\uff0c\u540d\u79f0\u662f oos_subnet1 \u3001 oos_subnet2 [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668(\u53ea\u5728openEuler LTS\u4e0a\u652f\u6301) \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.09\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.09 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r yoga \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u6267\u884ctempest\u6d4b\u8bd5 \u7528\u6237\u53ef\u4ee5\u4f7f\u7528oos\u81ea\u52a8\u6267\u884c\uff1a oos env test test-oos \u4e5f\u53ef\u4ee5\u624b\u52a8\u767b\u5f55\u76ee\u6807\u8282\u70b9\uff0c\u8fdb\u5165\u6839\u76ee\u5f55\u4e0b\u7684 mytest \u76ee\u5f55\uff0c\u624b\u52a8\u6267\u884c tempest run \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u8df3\u8fc7\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u5728\u7b2c4\u6b65\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 \u88ab\u7eb3\u7ba1\u7684\u865a\u673a\u9700\u8981\u4fdd\u8bc1\uff1a \u81f3\u5c11\u6709\u4e00\u5f20\u7ed9oos\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e neutron_dataplane_interface_name \u81f3\u5c11\u6709\u4e00\u5757\u7ed9oos\u4f7f\u7528\u7684\u786c\u76d8\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e cinder_block_device \u5982\u679c\u8981\u90e8\u7f72swift\u670d\u52a1\uff0c\u5219\u9700\u8981\u65b0\u589e\u4e00\u5757\u786c\u76d8\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e swift_storage_devices # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.09 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002 \u57fa\u4e8eOpenStack SIG\u90e8\u7f72\u5de5\u5177opensd\u90e8\u7f72 \u00b6 opensd\u7528\u4e8e\u6279\u91cf\u5730\u811a\u672c\u5316\u90e8\u7f72openstack\u5404\u7ec4\u4ef6\u670d\u52a1\u3002 \u90e8\u7f72\u6b65\u9aa4 \u00b6 1. \u90e8\u7f72\u524d\u9700\u8981\u786e\u8ba4\u7684\u4fe1\u606f \u00b6 \u88c5\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u9700\u5c06selinux\u8bbe\u7f6e\u4e3adisable \u88c5\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u5c06/etc/ssh/sshd_config\u914d\u7f6e\u6587\u4ef6\u5185\u7684UseDNS\u8bbe\u7f6e\u4e3ano \u64cd\u4f5c\u7cfb\u7edf\u8bed\u8a00\u5fc5\u987b\u8bbe\u7f6e\u4e3a\u82f1\u6587 \u90e8\u7f72\u4e4b\u524d\u8bf7\u786e\u4fdd\u6240\u6709\u8ba1\u7b97\u8282\u70b9/etc/hosts\u6587\u4ef6\u5185\u6ca1\u6709\u5bf9\u8ba1\u7b97\u4e3b\u673a\u7684\u89e3\u6790 2. ceph pool\u4e0e\u8ba4\u8bc1\u521b\u5efa\uff08\u53ef\u9009\uff09 \u00b6 \u4e0d\u4f7f\u7528ceph\u6216\u5df2\u6709ceph\u96c6\u7fa4\u53ef\u5ffd\u7565\u6b64\u6b65\u9aa4 \u5728\u4efb\u610f\u4e00\u53f0ceph monitor\u8282\u70b9\u6267\u884c: 2.1 \u521b\u5efapool: \u00b6 ceph osd pool create volumes 2048 ceph osd pool create images 2048 2.2 \u521d\u59cb\u5316pool \u00b6 rbd pool init volumes rbd pool init images 2.3 \u521b\u5efa\u7528\u6237\u8ba4\u8bc1 \u00b6 ceph auth get-or-create client.glance mon 'profile rbd' osd 'profile rbd pool=images' mgr 'profile rbd pool=images' ceph auth get-or-create client.cinder mon 'profile rbd' osd 'profile rbd pool=volumes, profile rbd pool=images' mgr 'profile rbd pool=volumes' 3. \u914d\u7f6elvm\uff08\u53ef\u9009\uff09 \u00b6 \u6839\u636e\u7269\u7406\u673a\u78c1\u76d8\u914d\u7f6e\u4e0e\u95f2\u7f6e\u60c5\u51b5\uff0c\u4e3amysql\u6570\u636e\u76ee\u5f55\u6302\u8f7d\u989d\u5916\u7684\u78c1\u76d8\u7a7a\u95f4\u3002\u793a\u4f8b\u5982\u4e0b\uff08\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u505a\u914d\u7f6e\uff09\uff1a fdisk -l Disk /dev/sdd: 479.6 GB, 479559942144 bytes, 936640512 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes Disk label type: dos Disk identifier: 0x000ed242 \u521b\u5efa\u5206\u533a parted /dev/sdd mkparted 0 -1 \u521b\u5efapv partprobe /dev/sdd1 pvcreate /dev/sdd1 \u521b\u5efa\u3001\u6fc0\u6d3bvg vgcreate vg_mariadb /dev/sdd1 vgchange -ay vg_mariadb \u67e5\u770bvg\u5bb9\u91cf vgdisplay --- Volume group --- VG Name vg_mariadb System ID Format lvm2 Metadata Areas 1 Metadata Sequence No 2 VG Access read/write VG Status resizable MAX LV 0 Cur LV 1 Open LV 1 Max PV 0 Cur PV 1 Act PV 1 VG Size 446.62 GiB PE Size 4.00 MiB Total PE 114335 Alloc PE / Size 114176 / 446.00 GiB Free PE / Size 159 / 636.00 MiB VG UUID bVUmDc-VkMu-Vi43-mg27-TEkG-oQfK-TvqdEc \u521b\u5efalv lvcreate -L 446G -n lv_mariadb vg_mariadb \u683c\u5f0f\u5316\u78c1\u76d8\u5e76\u83b7\u53d6\u5377\u7684UUID mkfs.ext4 /dev/mapper/vg_mariadb-lv_mariadb blkid /dev/mapper/vg_mariadb-lv_mariadb /dev/mapper/vg_mariadb-lv_mariadb: UUID=\"98d513eb-5f64-4aa5-810e-dc7143884fa2\" TYPE=\"ext4\" \u6ce8\uff1a98d513eb-5f64-4aa5-810e-dc7143884fa2\u4e3a\u5377\u7684UUID \u6302\u8f7d\u78c1\u76d8 mount /dev/mapper/vg_mariadb-lv_mariadb /var/lib/mysql rm -rf /var/lib/mysql/* 4. \u914d\u7f6eyum repo \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 4.1 \u5907\u4efdyum\u6e90 \u00b6 mkdir /etc/yum.repos.d/bak/ mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak/ 4.2 \u914d\u7f6eyum repo \u00b6 cat > /etc/yum.repos.d/opensd.repo << EOF [epol] name=epol baseurl=http://repo.openeuler.org/openEuler-22.09/EPOL/main/$basearch/ enabled=1 gpgcheck=0 [everything] name=everything baseurl=http://repo.openeuler.org/openEuler-22.09/$basearch/ enabled=1 gpgcheck=0 EOF 4.3 \u66f4\u65b0yum\u7f13\u5b58 \u00b6 yum clean all yum makecache 5. \u5b89\u88c5opensd \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 5.1 \u514b\u9686opensd\u6e90\u7801\u5e76\u5b89\u88c5 \u00b6 git clone https://gitee.com/openeuler/opensd cd opensd python3 setup.py install 6. \u505assh\u4e92\u4fe1 \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 6.1 \u751f\u6210\u5bc6\u94a5\u5bf9 \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\u5e76\u4e00\u8def\u56de\u8f66 ssh-keygen 6.2 \u751f\u6210\u4e3b\u673aIP\u5730\u5740\u6587\u4ef6 \u00b6 \u5728auto_ssh_host_ip\u4e2d\u914d\u7f6e\u6240\u6709\u7528\u5230\u7684\u4e3b\u673aip, \u793a\u4f8b\uff1a cd /usr/local/share/opensd/tools/ vim auto_ssh_host_ip 10.0.0.1 10.0.0.2 ... 10.0.0.10 6.3 \u66f4\u6539\u5bc6\u7801\u5e76\u6267\u884c\u811a\u672c \u00b6 \u5c06\u514d\u5bc6\u811a\u672c /usr/local/bin/opensd-auto-ssh \u5185123123\u66ff\u6362\u4e3a\u4e3b\u673a\u771f\u5b9e\u5bc6\u7801 # \u66ff\u6362\u811a\u672c\u5185123123\u5b57\u7b26\u4e32 vim /usr/local/bin/opensd-auto-ssh ## \u5b89\u88c5expect\u540e\u6267\u884c\u811a\u672c dnf install expect -y opensd-auto-ssh 6.4 \u90e8\u7f72\u8282\u70b9\u4e0eceph monitor\u505a\u4e92\u4fe1\uff08\u53ef\u9009\uff09 \u00b6 ssh-copy-id root@x.x.x.x 7. \u914d\u7f6eopensd \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 7.1 \u751f\u6210\u968f\u673a\u5bc6\u7801 \u00b6 \u5b89\u88c5 python3-pbr, python3-utils, python3-pyyaml, python3-oslo-utils\u5e76\u968f\u673a\u751f\u6210\u5bc6\u7801 dnf install python3-pbr python3-utils python3-pyyaml python3-oslo-utils -y # \u6267\u884c\u547d\u4ee4\u751f\u6210\u5bc6\u7801 opensd-genpwd # \u68c0\u67e5\u5bc6\u7801\u662f\u5426\u751f\u6210 cat /usr/local/share/opensd/etc_examples/opensd/passwords.yml 7.2 \u914d\u7f6einventory\u6587\u4ef6 \u00b6 \u4e3b\u673a\u4fe1\u606f\u5305\u542b\uff1a\u4e3b\u673a\u540d\u3001ansible_host IP\u3001availability_zone\uff0c\u4e09\u8005\u5747\u9700\u914d\u7f6e\u7f3a\u4e00\u4e0d\u53ef\uff0c\u793a\u4f8b\uff1a vim /usr/local/share/opensd/ansible/inventory/multinode # \u4e09\u53f0\u63a7\u5236\u8282\u70b9\u4e3b\u673a\u4fe1\u606f [control] controller1 ansible_host=10.0.0.35 availability_zone=az01.cell01.cn-yogadev-1 controller2 ansible_host=10.0.0.36 availability_zone=az01.cell01.cn-yogadev-1 controller3 ansible_host=10.0.0.37 availability_zone=az01.cell01.cn-yogadev-1 # \u7f51\u7edc\u8282\u70b9\u4fe1\u606f\uff0c\u4e0e\u63a7\u5236\u8282\u70b9\u4fdd\u6301\u4e00\u81f4 [network] controller1 ansible_host=10.0.0.35 availability_zone=az01.cell01.cn-yogadev-1 controller2 ansible_host=10.0.0.36 availability_zone=az01.cell01.cn-yogadev-1 controller3 ansible_host=10.0.0.37 availability_zone=az01.cell01.cn-yogadev-1 # cinder-volume\u670d\u52a1\u8282\u70b9\u4fe1\u606f [storage] storage1 ansible_host=10.0.0.61 availability_zone=az01.cell01.cn-yogadev-1 storage2 ansible_host=10.0.0.78 availability_zone=az01.cell01.cn-yogadev-1 storage3 ansible_host=10.0.0.82 availability_zone=az01.cell01.cn-yogadev-1 # Cell1 \u96c6\u7fa4\u4fe1\u606f [cell-control-cell1] cell1 ansible_host=10.0.0.24 availability_zone=az01.cell01.cn-yogadev-1 cell2 ansible_host=10.0.0.25 availability_zone=az01.cell01.cn-yogadev-1 cell3 ansible_host=10.0.0.26 availability_zone=az01.cell01.cn-yogadev-1 [compute-cell1] compute1 ansible_host=10.0.0.27 availability_zone=az01.cell01.cn-yogadev-1 compute2 ansible_host=10.0.0.28 availability_zone=az01.cell01.cn-yogadev-1 compute3 ansible_host=10.0.0.29 availability_zone=az01.cell01.cn-yogadev-1 [cell1:children] cell-control-cell1 compute-cell1 # Cell2\u96c6\u7fa4\u4fe1\u606f [cell-control-cell2] cell4 ansible_host=10.0.0.36 availability_zone=az03.cell02.cn-yogadev-1 cell5 ansible_host=10.0.0.37 availability_zone=az03.cell02.cn-yogadev-1 cell6 ansible_host=10.0.0.38 availability_zone=az03.cell02.cn-yogadev-1 [compute-cell2] compute4 ansible_host=10.0.0.39 availability_zone=az03.cell02.cn-yogadev-1 compute5 ansible_host=10.0.0.40 availability_zone=az03.cell02.cn-yogadev-1 compute6 ansible_host=10.0.0.41 availability_zone=az03.cell02.cn-yogadev-1 [cell2:children] cell-control-cell2 compute-cell2 [baremetal] [compute-cell1-ironic] # \u586b\u5199\u6240\u6709cell\u96c6\u7fa4\u7684control\u4e3b\u673a\u7ec4 [nova-conductor:children] cell-control-cell1 cell-control-cell2 # \u586b\u5199\u6240\u6709cell\u96c6\u7fa4\u7684compute\u4e3b\u673a\u7ec4 [nova-compute:children] compute-added compute-cell1 compute-cell2 # \u4e0b\u9762\u7684\u4e3b\u673a\u7ec4\u4fe1\u606f\u4e0d\u9700\u53d8\u52a8\uff0c\u4fdd\u7559\u5373\u53ef [compute-added] [chrony-server:children] control [pacemaker:children] control ...... ...... 7.3 \u914d\u7f6e\u5168\u5c40\u53d8\u91cf \u00b6 \u6ce8: \u6587\u6863\u4e2d\u63d0\u5230\u7684\u6709\u6ce8\u91ca\u914d\u7f6e\u9879\u9700\u8981\u66f4\u6539\uff0c\u5176\u4ed6\u53c2\u6570\u4e0d\u9700\u8981\u66f4\u6539\uff0c\u82e5\u65e0\u76f8\u5173\u914d\u7f6e\u5219\u4e3a\u7a7a vim /usr/local/share/opensd/etc_examples/opensd/globals.yml ######################## # Network & Base options ######################## network_interface: \"eth0\" #\u7ba1\u7406\u7f51\u7edc\u7684\u7f51\u5361\u540d\u79f0 neutron_external_interface: \"eth1\" #\u4e1a\u52a1\u7f51\u7edc\u7684\u7f51\u5361\u540d\u79f0 cidr_netmask: 24 #\u7ba1\u7406\u7f51\u7684\u63a9\u7801 opensd_vip_address: 10.0.0.33 #\u63a7\u5236\u8282\u70b9\u865a\u62dfIP\u5730\u5740 cell1_vip_address: 10.0.0.34 #cell1\u96c6\u7fa4\u7684\u865a\u62dfIP\u5730\u5740 cell2_vip_address: 10.0.0.35 #cell2\u96c6\u7fa4\u7684\u865a\u62dfIP\u5730\u5740 external_fqdn: \"\" #\u7528\u4e8evnc\u8bbf\u95ee\u865a\u62df\u673a\u7684\u5916\u7f51\u57df\u540d\u5730\u5740 external_ntp_servers: [] #\u5916\u90e8ntp\u670d\u52a1\u5668\u5730\u5740 yumrepo_host: #yum\u6e90\u7684IP\u5730\u5740 yumrepo_port: #yum\u6e90\u7aef\u53e3\u53f7 environment: #yum\u6e90\u7684\u7c7b\u578b upgrade_all_packages: \"yes\" #\u662f\u5426\u5347\u7ea7\u6240\u6709\u5b89\u88c5\u7248\u7684\u7248\u672c(\u6267\u884cyum upgrade)\uff0c\u521d\u59cb\u90e8\u7f72\u8d44\u6e90\u8bf7\u8bbe\u7f6e\u4e3a\"yes\" enable_miner: \"no\" #\u662f\u5426\u5f00\u542f\u90e8\u7f72miner\u670d\u52a1 enable_chrony: \"no\" #\u662f\u5426\u5f00\u542f\u90e8\u7f72chrony\u670d\u52a1 enable_pri_mariadb: \"no\" #\u662f\u5426\u4e3a\u79c1\u6709\u4e91\u90e8\u7f72mariadb enable_hosts_file_modify: \"no\" # \u6269\u5bb9\u8ba1\u7b97\u8282\u70b9\u548c\u90e8\u7f72ironic\u670d\u52a1\u7684\u65f6\u5019\uff0c\u662f\u5426\u5c06\u8282\u70b9\u4fe1\u606f\u6dfb\u52a0\u5230`/etc/hosts` ######################## # Available zone options ######################## az_cephmon_compose: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az01\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az01\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az02\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az02\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az03\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az03\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: # `reserve_vcpu_based_on_numa`\u914d\u7f6e\u4e3a`yes` or `no`,\u4e3e\u4f8b\u8bf4\u660e\uff1a NUMA node0 CPU(s): 0-15,32-47 NUMA node1 CPU(s): 16-31,48-63 \u5f53reserve_vcpu_based_on_numa: \"yes\", \u6839\u636enuma node, \u5e73\u5747\u6bcf\u4e2anode\u9884\u7559vcpu: vcpu_pin_set = 2-15,34-47,18-31,50-63 \u5f53reserve_vcpu_based_on_numa: \"no\", \u4ece\u7b2c\u4e00\u4e2avcpu\u5f00\u59cb\uff0c\u987a\u5e8f\u9884\u7559vcpu: vcpu_pin_set = 8-64 ####################### # Nova options ####################### nova_reserved_host_memory_mb: 2048 #\u8ba1\u7b97\u8282\u70b9\u7ed9\u8ba1\u7b97\u670d\u52a1\u9884\u7559\u7684\u5185\u5b58\u5927\u5c0f enable_cells: \"yes\" #cell\u8282\u70b9\u662f\u5426\u5355\u72ec\u8282\u70b9\u90e8\u7f72 support_gpu: \"False\" #cell\u8282\u70b9\u662f\u5426\u6709GPU\u670d\u52a1\u5668\uff0c\u5982\u679c\u6709\u5219\u4e3aTrue\uff0c\u5426\u5219\u4e3aFalse ####################### # Neutron options ####################### monitor_ip: - 10.0.0.9 #\u914d\u7f6e\u76d1\u63a7\u8282\u70b9 - 10.0.0.10 enable_meter_full_eip: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8EIP\u5168\u91cf\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter_port_forwarding: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8port forwarding\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter_ecs_ipv6: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8ecs_ipv6\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter: True #\u914d\u7f6e\u662f\u5426\u5f00\u542f\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue is_sdn_arch: False #\u914d\u7f6e\u662f\u5426\u662fsdn\u67b6\u6784\uff0c\u9ed8\u8ba4\u4e3aFalse # \u9ed8\u8ba4\u4f7f\u80fd\u7684\u7f51\u7edc\u7c7b\u578b\u662fvlan,vlan\u548cvxlan\u4e24\u79cd\u7c7b\u578b\u53ea\u80fd\u4e8c\u9009\u4e00. enable_vxlan_network_type: False # \u9ed8\u8ba4\u4f7f\u80fd\u7684\u7f51\u7edc\u7c7b\u578b\u662fvlan,\u5982\u679c\u4f7f\u7528vxlan\u7f51\u7edc\uff0c\u914d\u7f6e\u4e3aTrue, \u5982\u679c\u4f7f\u7528vlan\u7f51\u7edc\uff0c\u914d\u7f6e\u4e3aFalse. enable_neutron_fwaas: False # \u73af\u5883\u6709\u4f7f\u7528\u9632\u706b\u5899, \u8bbe\u7f6e\u4e3aTrue, \u4f7f\u80fd\u9632\u62a4\u5899\u529f\u80fd. # Neutron provider neutron_provider_networks: network_types: \"{{ 'vxlan' if enable_vxlan_network_type else 'vlan' }}\" network_vlan_ranges: \"default:xxx:xxx\" #\u90e8\u7f72\u4e4b\u524d\u89c4\u5212\u7684\u4e1a\u52a1\u7f51\u7edcvlan\u8303\u56f4 network_mappings: \"default:br-provider\" network_interface: \"{{ neutron_external_interface }}\" network_vxlan_ranges: \"\" #\u90e8\u7f72\u4e4b\u524d\u89c4\u5212\u7684\u4e1a\u52a1\u7f51\u7edcvxlan\u8303\u56f4 # \u5982\u4e0b\u8fd9\u4e9b\u914d\u7f6e\u662fSND\u63a7\u5236\u5668\u7684\u914d\u7f6e\u53c2\u6570, `enable_sdn_controller`\u8bbe\u7f6e\u4e3aTrue, \u4f7f\u80fdSND\u63a7\u5236\u5668\u529f\u80fd. # \u5176\u4ed6\u53c2\u6570\u8bf7\u6839\u636e\u90e8\u7f72\u4e4b\u524d\u7684\u89c4\u5212\u548cSDN\u90e8\u7f72\u4fe1\u606f\u786e\u5b9a. enable_sdn_controller: False sdn_controller_ip_address: # SDN\u63a7\u5236\u5668ip\u5730\u5740 sdn_controller_username: # SDN\u63a7\u5236\u5668\u7684\u7528\u6237\u540d sdn_controller_password: # SDN\u63a7\u5236\u5668\u7684\u7528\u6237\u5bc6\u7801 ####################### # Dimsagent options ####################### enable_dimsagent: \"no\" # \u5b89\u88c5\u955c\u50cf\u670d\u52a1agent, \u9700\u8981\u6539\u4e3ayes # Address and domain name for s2 s3_address_domain_pair: - host_ip: host_name: ####################### # Trove options ####################### enable_trove: \"no\" #\u5b89\u88c5trove \u9700\u8981\u6539\u4e3ayes #default network trove_default_neutron_networks: #trove \u7684\u7ba1\u7406\u7f51\u7edcid `openstack network list|grep -w trove-mgmt|awk '{print$2}'` #s3 setup(\u5982\u679c\u6ca1\u6709s3,\u4ee5\u4e0b\u503c\u586bnull) s3_endpoint_host_ip: #s3\u7684ip s3_endpoint_host_name: #s3\u7684\u57df\u540d s3_endpoint_url: #s3\u7684url \u00b7\u4e00\u822c\u4e3ahttp\uff1a//s3\u57df\u540d s3_access_key: #s3\u7684ak s3_secret_key: #s3\u7684sk ####################### # Ironic options ####################### enable_ironic: \"no\" #\u662f\u5426\u5f00\u673a\u88f8\u91d1\u5c5e\u90e8\u7f72\uff0c\u9ed8\u8ba4\u4e0d\u5f00\u542f ironic_neutron_provisioning_network_uuid: ironic_neutron_cleaning_network_uuid: \"{{ ironic_neutron_provisioning_network_uuid }}\" ironic_dnsmasq_interface: ironic_dnsmasq_dhcp_range: ironic_tftp_server_address: \"{{ hostvars[inventory_hostname]['ansible_' + ironic_dnsmasq_interface]['ipv4']['address'] }}\" # \u4ea4\u6362\u673a\u8bbe\u5907\u76f8\u5173\u4fe1\u606f neutron_ml2_conf_genericswitch: genericswitch:xxxxxxx: device_type: ngs_mac_address: ip: username: password: ngs_port_default_vlan: # Package state setting haproxy_package_state: \"present\" mariadb_package_state: \"present\" rabbitmq_package_state: \"present\" memcached_package_state: \"present\" ceph_client_package_state: \"present\" keystone_package_state: \"present\" glance_package_state: \"present\" cinder_package_state: \"present\" nova_package_state: \"present\" neutron_package_state: \"present\" miner_package_state: \"present\" 7.4 \u68c0\u67e5\u6240\u6709\u8282\u70b9ssh\u8fde\u63a5\u72b6\u6001 \u00b6 dnf install ansible -y ansible all -i /usr/local/share/opensd/ansible/inventory/multinode -m ping # \u6267\u884c\u7ed3\u679c\u663e\u793a\u6bcf\u53f0\u4e3b\u673a\u90fd\u662f\"SUCCESS\"\u5373\u8bf4\u660e\u8fde\u63a5\u72b6\u6001\u6ca1\u95ee\u9898,\u793a\u4f8b\uff1a compute1 | SUCCESS => { \"ansible_facts\": { \"discovered_interpreter_python\": \"/usr/bin/python\" }, \"changed\": false, \"ping\": \"pong\" } 8. \u6267\u884c\u90e8\u7f72 \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 8.1 \u6267\u884cbootstrap \u00b6 # \u6267\u884c\u90e8\u7f72 opensd -i /usr/local/share/opensd/ansible/inventory/multinode bootstrap --forks 50 8.2 \u91cd\u542f\u670d\u52a1\u5668 \u00b6 \u6ce8\uff1a\u6267\u884c\u91cd\u542f\u7684\u539f\u56e0\u662f:bootstrap\u53ef\u80fd\u4f1a\u5347\u5185\u6838,\u66f4\u6539selinux\u914d\u7f6e\u6216\u8005\u6709GPU\u670d\u52a1\u5668,\u5982\u679c\u88c5\u673a\u8fc7\u7a0b\u5df2\u7ecf\u662f\u65b0\u7248\u5185\u6838,selinux disable\u6216\u8005\u6ca1\u6709GPU\u670d\u52a1\u5668,\u5219\u4e0d\u9700\u8981\u6267\u884c\u8be5\u6b65\u9aa4 # \u624b\u52a8\u91cd\u542f\u5bf9\u5e94\u8282\u70b9,\u6267\u884c\u547d\u4ee4 init6 # \u91cd\u542f\u5b8c\u6210\u540e\uff0c\u518d\u6b21\u68c0\u67e5\u8fde\u901a\u6027 ansible all -i /usr/local/share/opensd/ansible/inventory/multinode -m ping # \u91cd\u542f\u5b8c\u540e\u64cd\u4f5c\u7cfb\u7edf\u540e\uff0c\u518d\u6b21\u542f\u52a8yum\u6e90 8.3 \u6267\u884c\u90e8\u7f72\u524d\u68c0\u67e5 \u00b6 opensd -i /usr/local/share/opensd/ansible/inventory/multinode prechecks --forks 50 8.4 \u6267\u884c\u90e8\u7f72 \u00b6 ln -s /usr/bin/python3 /usr/bin/python \u5168\u91cf\u90e8\u7f72\uff1a opensd -i /usr/local/share/opensd/ansible/inventory/multinode deploy --forks 50 \u5355\u670d\u52a1\u90e8\u7f72\uff1a opensd -i /usr/local/share/opensd/ansible/inventory/multinode deploy --forks 50 -t service_name \u57fa\u4e8eOpenStack helm\u90e8\u7f72 \u00b6 \u7b80\u4ecb \u00b6 OpenStack-Helm \u662f\u4e00\u4e2a\u7528\u6765\u5141\u8bb8\u7528\u6237\u5728 Kubernetes \u4e0a\u90e8\u7f72 OpenStack \u7ec4\u4ef6\u7684\u9879\u76ee\u3002\u8be5\u9879\u76ee\u63d0\u4f9b\u4e86 OpenStack \u5404\u4e2a\u7ec4\u4ef6\u7684 Helm Chart\uff0c\u5e76\u63d0\u4f9b\u4e86\u4e00\u7cfb\u5217\u811a\u672c\u6765\u4f9b\u7528\u6237\u5b8c\u6210\u5b89\u88c5\u6d41\u7a0b\u3002 OpenStack-Helm \u8f83\u4e3a\u590d\u6742\uff0c\u5efa\u8bae\u5728\u4e00\u4e2a\u65b0\u7cfb\u7edf\u4e0a\u90e8\u7f72\u3002\u6574\u4e2a\u90e8\u7f72\u5c06\u5360\u7528\u7ea6 30GB \u7684\u78c1\u76d8\u7a7a\u95f4\u3002\u5b89\u88c5\u65f6\u8bf7\u4f7f\u7528 root \u7528\u6237\u3002 \u524d\u7f6e\u8bbe\u7f6e \u00b6 \u5728\u5f00\u59cb\u5b89\u88c5 OpenStack-Helm \u524d\uff0c\u53ef\u80fd\u9700\u8981\u5bf9\u7cfb\u7edf\u8fdb\u884c\u4e00\u4e9b\u57fa\u7840\u8bbe\u7f6e\uff0c\u5305\u62ec\u4e3b\u673a\u540d\u548c\u65f6\u95f4\u7b49\u3002\u8bf7\u53c2\u8003\u201c\u57fa\u4e8eRPM\u90e8\u7f72\u201d\u7ae0\u8282\u7684\u6709\u5173\u4fe1\u606f\u3002 openEuler 22.09 \u4e2d\u5df2\u7ecf\u5305\u542b\u4e86 OpenStack-Helm \u8f6f\u4ef6\u5305\u3002\u9996\u5148\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u548c\u8865\u4e01\uff1a dnf install openstack-helm openstack-helm-infra openstack-helm-images loci \u8fd9\u91cc\u5b89\u88c5\u7684\u662f\u539f\u751fopenstack-helm\uff0c\u9ed8\u8ba4\u4e0d\u652f\u6301openEuler\uff0c\u56e0\u6b64\u5982\u679c\u60f3\u5728openEuler\u4e0a\u4f7f\u7528openstack-helm\uff0c\u8fd8\u9700\u8981\u5b89\u88c5plugin\u63d2\u4ef6\uff0c\u672c\u7ae0\u8282\u662f\u5bf9plugin\u7684\u4f7f\u7528\u8bf4\u660e\u3002 dnf install openstack-plugin-openstack-helm-openeuler-support \u81ea\u52a8\u5b89\u88c5 \u00b6 OpenStack-Helm \u5b89\u88c5\u6587\u4ef6\u5c06\u88ab\u653e\u7f6e\u5230\u7cfb\u7edf\u7684 /usr/share/openstack-helm \u76ee\u5f55\u3002 openEuler \u63d0\u4f9b\u7684\u8f6f\u4ef6\u5305\u4e2d\u5305\u542b\u4e00\u4e2a\u7b80\u6613\u7684\u5b89\u88c5\u5411\u5bfc\u7a0b\u5e8f\uff0c\u4f4d\u4e8e /usr/bin/openstack-helm \u3002\u6267\u884c\u547d\u4ee4\u8fdb\u5165\u5411\u5bfc\u7a0b\u5e8f\uff1a openstack-helm Welcome to OpenStack-Helm installation program for openEuler. I will guide you through the installation. Please refer to https://docs.openstack.org/openstack-helm/latest/ to get more information about OpenStack-Helm. We recommend doing this on a new bare metal or virtual OS installation. Now you have the following options: i: Start automated installation c: Check if all pods in Kubernetes are working e: Exit Your choice? [i/c/e]: \u8f93\u5165 i \u5e76\u70b9\u51fb\u56de\u8f66\u8fdb\u5165\u4e0b\u4e00\u7ea7\u9875\u9762\uff1a Welcome to OpenStack-Helm installation program for openEuler. I will guide you through the installation. Please refer to https://docs.openstack.org/openstack-helm/latest/ to get more information about OpenStack-Helm. We recommend doing this on a new bare metal or virtual OS installation. Now you have the following options: i: Start automated installation c: Check if all pods in Kubernetes are working e: Exit Your choice? [i/c/e]: i There are two storage backends available for OpenStack-Helm: NFS and CEPH. Which storage backend would you like to use? n: NFS storage backend c: CEPH storage backend b: Go back to parent menu Your choice? [n/c/b]: OpenStack-Helm \u63d0\u4f9b\u4e86\u4e24\u79cd\u5b58\u50a8\u65b9\u6cd5\uff1a NFS \u548c Ceph \u3002\u7528\u6237\u53ef\u6839\u636e\u9700\u8981\u8f93\u5165 n \u6765\u9009\u62e9 NFS \u5b58\u50a8\u540e\u7aef\u6216\u8005 c \u6765\u9009\u62e9 Ceph \u5b58\u50a8\u540e\u7aef\u3002 \u9009\u62e9\u5b8c\u6210\u5b58\u50a8\u540e\u7aef\u540e\uff0c\u7528\u6237\u5c06\u6709\u673a\u4f1a\u5b8c\u6210\u786e\u8ba4\u3002\u6536\u5230\u63d0\u793a\u65f6\uff0c\u6309\u4e0b\u56de\u8f66\u4ee5\u5f00\u59cb\u5b89\u88c5\u3002\u5b89\u88c5\u8fc7\u7a0b\u4e2d\uff0c\u7a0b\u5e8f\u5c06\u987a\u5e8f\u6267\u884c\u4e00\u7cfb\u5217\u5b89\u88c5\u811a\u672c\u4ee5\u5b8c\u6210\u90e8\u7f72\u3002\u8fd9\u4e00\u8fc7\u7a0b\u53ef\u80fd\u9700\u8981\u6301\u7eed\u51e0\u5341\u5206\u949f\uff0c\u5b89\u88c5\u8fc7\u7a0b\u4e2d\u8bf7\u786e\u4fdd\u78c1\u76d8\u7a7a\u95f4\u5145\u8db3\u4ee5\u53ca\u4e92\u8054\u7f51\u8fde\u63a5\u7545\u901a\u3002 \u5b89\u88c5\u8fc7\u7a0b\u4e2d\u6267\u884c\u5230\u7684\u811a\u672c\u4f1a\u5c06\u4e00\u4e9b Helm Chart \u90e8\u7f72\u5230\u7cfb\u7edf\u4e0a\u3002\u7531\u4e8e\u76ee\u6807\u7cfb\u7edf\u73af\u5883\u590d\u6742\u591a\u53d8\uff0c\u67d0\u4e9b\u7279\u5b9a\u7684 Helm Chart \u53ef\u80fd\u65e0\u6cd5\u987a\u5229\u88ab\u90e8\u7f72\u3002\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u60a8\u4f1a\u6ce8\u610f\u5230\u8f93\u51fa\u4fe1\u606f\u7684\u6700\u540e\u5305\u542b\u7b49\u5f85 Pod \u5c31\u4f4d\u4f46\u8d85\u65f6\u7684\u63d0\u793a\u3002\u82e5\u53d1\u751f\u6b64\u7c7b\u73b0\u8c61\uff0c\u60a8\u53ef\u80fd\u9700\u8981\u901a\u8fc7\u4e0b\u4e00\u8282\u7ed9\u51fa\u7684\u624b\u52a8\u5b89\u88c5\u65b9\u6cd5\u6765\u5b9a\u4f4d\u95ee\u9898\u6240\u5728\u3002 \u82e5\u60a8\u672a\u89c2\u5bdf\u5230\u4e0a\u8ff0\u7684\u73b0\u8c61\uff0c\u5219\u606d\u559c\u60a8\u5b8c\u6210\u4e86\u90e8\u7f72\u3002\u8bf7\u53c2\u8003\u201c\u4f7f\u7528 OpenStack-Helm\u201d\u4e00\u8282\u6765\u5f00\u59cb\u4f7f\u7528\u3002 \u624b\u52a8\u5b89\u88c5 \u00b6 \u82e5\u60a8\u5728\u81ea\u52a8\u5b89\u88c5\u7684\u8fc7\u7a0b\u4e2d\u9047\u5230\u4e86\u9519\u8bef\uff0c\u6216\u8005\u5e0c\u671b\u624b\u52a8\u5b89\u88c5\u6765\u63a7\u5236\u6574\u4e2a\u5b89\u88c5\u6d41\u7a0b\uff0c\u60a8\u53ef\u4ee5\u53c2\u7167\u4ee5\u4e0b\u987a\u5e8f\u6267\u884c\u5b89\u88c5\u6d41\u7a0b\uff1a cd /usr/share/openstack-helm/openstack-helm #\u57fa\u4e8e NFS ./tools/deployment/developer/common/010-deploy-k8s.sh ./tools/deployment/developer/common/020-setup-client.sh ./tools/deployment/developer/common/030-ingress.sh ./tools/deployment/developer/nfs/040-nfs-provisioner.sh ./tools/deployment/developer/nfs/050-mariadb.sh ./tools/deployment/developer/nfs/060-rabbitmq.sh ./tools/deployment/developer/nfs/070-memcached.sh ./tools/deployment/developer/nfs/080-keystone.sh ./tools/deployment/developer/nfs/090-heat.sh ./tools/deployment/developer/nfs/100-horizon.sh ./tools/deployment/developer/nfs/120-glance.sh ./tools/deployment/developer/nfs/140-openvswitch.sh ./tools/deployment/developer/nfs/150-libvirt.sh ./tools/deployment/developer/nfs/160-compute-kit.sh ./tools/deployment/developer/nfs/170-setup-gateway.sh #\u6216\u8005\u57fa\u4e8e Ceph ./tools/deployment/developer/common/010-deploy-k8s.sh ./tools/deployment/developer/common/020-setup-client.sh ./tools/deployment/developer/common/030-ingress.sh ./tools/deployment/developer/ceph/040-ceph.sh ./tools/deployment/developer/ceph/050-mariadb.sh ./tools/deployment/developer/ceph/060-rabbitmq.sh ./tools/deployment/developer/ceph/070-memcached.sh ./tools/deployment/developer/ceph/080-keystone.sh ./tools/deployment/developer/ceph/090-heat.sh ./tools/deployment/developer/ceph/100-horizon.sh ./tools/deployment/developer/ceph/120-glance.sh ./tools/deployment/developer/ceph/140-openvswitch.sh ./tools/deployment/developer/ceph/150-libvirt.sh ./tools/deployment/developer/ceph/160-compute-kit.sh ./tools/deployment/developer/ceph/170-setup-gateway.sh \u5b89\u88c5\u5b8c\u6210\u540e\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528 kubectl get pods -A \u6765\u67e5\u770b\u5f53\u524d\u7cfb\u7edf\u4e0a\u7684 Pod \u7684\u8fd0\u884c\u60c5\u51b5\u3002 \u4f7f\u7528 OpenStack-Helm \u00b6 \u7cfb\u7edf\u90e8\u7f72\u5b8c\u6210\u540e\uff0cOpenStack CLI \u754c\u9762\u5c06\u88ab\u90e8\u7f72\u5728 /usr/local/bin/openstack \u3002\u53c2\u7167\u4e0b\u9762\u7684\u4f8b\u5b50\u6765\u4f7f\u7528 OpenStack CLI\uff1a export OS_CLOUD=openstack_helm export OS_USERNAME='admin' export OS_PASSWORD='password' export OS_PROJECT_NAME='admin' export OS_PROJECT_DOMAIN_NAME='default' export OS_USER_DOMAIN_NAME='default' export OS_AUTH_URL='http://keystone.openstack.svc.cluster.local/v3' openstack service list openstack stack list \u5f53\u7136\uff0c\u60a8\u4e5f\u53ef\u4ee5\u901a\u8fc7 Web \u754c\u9762\u6765\u8bbf\u95ee OpenStack \u7684\u63a7\u5236\u9762\u677f\u3002Horizon Dashboard \u4f4d\u4e8e http://localhost:31000 \uff0c\u4f7f\u7528\u4ee5\u4e0b\u51ed\u636e\u767b\u5f55\uff1a Domain\uff1a default User Name\uff1a admin Password\uff1a password \u6b64\u65f6\uff0c\u60a8\u5e94\u5f53\u53ef\u4ee5\u770b\u5230\u719f\u6089\u7684 OpenStack \u63a7\u5236\u9762\u677f\u4e86\u3002 \u65b0\u7279\u6027\u7684\u5b89\u88c5 \u00b6 Kolla\u652f\u6301iSula \u00b6 Kolla\u662fOpenStack\u57fa\u4e8eDocker\u548cansible\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u65b9\u6848\uff0c\u5305\u542b\u4e86Kolla\u548cKolla-ansible\u4e24\u4e2a\u9879\u76ee\u3002Kolla\u662f\u5bb9\u5668\u955c\u50cf\u5236\u4f5c\u5de5\u5177\uff0cKolla-ansible\u662f\u5bb9\u5668\u955c\u50cf\u90e8\u7f72\u5de5\u5177\u3002\u5176\u4e2dKolla-ansible\u53ea\u652f\u6301\u5728openEuler LTS\u4e0a\u4f7f\u7528\uff0copenEuler\u521b\u65b0\u7248\u6682\u4e0d\u652f\u6301\u3002\u4f7f\u7528openEuler 22.09\uff0c\u7528\u6237\u53ef\u4ee5\u57fa\u4e8eKolla\u5236\u4f5c\u76f8\u5e94\u7684\u5bb9\u5668\u955c\u50cf\u3002\u540c\u65f6OpenStack SIG\u5728openEuler 22.09\u4e2d\u65b0\u589e\u4e86Kolla\u5bf9iSula\u8fd0\u884c\u65f6\u7684\u652f\u6301\uff0c\u5177\u4f53\u6b65\u9aa4\u5982\u4e0b\uff1a \u5b89\u88c5Kolla dnf install openstack-kolla docker \u5b89\u88c5\u5b8c\u6210\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-build \u547d\u4ee4\u5236\u4f5c\u57fa\u4e8eDocker\u5bb9\u5668\u955c\u50cf\u4e86\uff0c\u975e\u5e38\u7b80\u5355\uff0c\u5982\u679c\u7528\u6237\u60f3\u5c1d\u8bd5\u57fa\u4e8eisula\u7684\u65b9\u5f0f\uff0c\u53ef\u4ee5\u7ee7\u7eed\u64cd\u4f5c \u5b89\u88c5OpenStack iSula\u63d2\u4ef6 dnf install openstack-plugin-kolla-isula-support \u542f\u52a8isula-build\u670d\u52a1 \u7b2c\u4e8c\u6b65\u4f1a\u81ea\u52a8\u5b89\u88c5iSulad\u548cisula-builder\u670d\u52a1\uff0cisulad\u4f1a\u81ea\u52a8\u542f\u52a8\uff0c\u4f46isula-builder\u4e0d\u5bf9\uff0c\u9700\u8981\u624b\u52a8\u62c9\u8d77 systemctl start isula-builder \u914d\u7f6ekolla \u5728 kolla.conf \u4e2d\u7684[Default]\u91cc\u65b0\u589e base_runtime vim /etc/kolla/kolla.conf base_runtime=isula \u81f3\u6b64\u5b89\u88c5\u5b8c\u6210\uff0c\u4f7f\u7528 kolla-build \u5373\u53ef\u57fa\u4e8eisula\u5236\u4f5c\u955c\u50cf\u4e86\uff0c\u6267\u884c\u5b8c\u540e\uff0c\u6267\u884c isula images \u67e5\u770b\u955c\u50cf\u3002 Nova\u652f\u6301\u9ad8\u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u7279\u6027 \u00b6 \u9ad8\u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u7279\u6027\u662fOpenStack SIG\u5728openEuler 22.09\u4e2d\u57fa\u4e8eOpenStack Yoga\u5f00\u53d1\u7684Nova\u7279\u6027\uff0c\u8be5\u7279\u6027\u5141\u8bb8\u7528\u6237\u6307\u5b9a\u865a\u62df\u673a\u7684\u4f18\u5148\u7ea7\uff0c\u57fa\u4e8e\u4e0d\u540c\u7684\u4f18\u5148\u7ea7\uff0cOpenStack\u81ea\u52a8\u5206\u914d\u4e0d\u540c\u7684\u7ed1\u6838\u7b56\u7565\uff0c\u914d\u5408openEuler\u81ea\u7814\u7684 skylark QOS\u670d\u52a1\uff0c\u5b9e\u73b0\u9ad8\u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u5bf9\u8d44\u6e90\u7684\u5408\u7406\u4f7f\u7528\u3002\u5177\u4f53\u7ec6\u8282\u53ef\u4ee5\u53c2\u8003 \u7279\u6027\u6587\u6863 \u3002\u672c\u6587\u6863\u4e3b\u8981\u63cf\u8ff0\u5b89\u88c5\u6b65\u9aa4\u3002 \u6309\u7167\u524d\u9762\u7ae0\u8282\u90e8\u7f72\u597d\u4e00\u5957OpenStack\u73af\u5883\uff08\u975e\u5bb9\u5668\uff09\uff0c\u7136\u540e\u5148\u5b89\u88c5plugin\u3002 dnf install openstack-plugin-priority-vm \u914d\u7f6e\u6570\u636e\u5e93 \u672c\u7279\u6027\u5bf9Nova\u7684\u6570\u636e\u8868\u8fdb\u884c\u4e86\u6269\u5145\uff0c\u56e0\u6b64\u9700\u8981\u540c\u6b65\u6570\u636e\u5e93 nova-manage api_db sync nova-manage db sync \u91cd\u542fnova\u670d\u52a1 \u5728\u63a7\u5236\u8282\u70b9\u548c\u8ba1\u7b97\u8282\u70b9\u5206\u522b\u6267\u884c systemctl restart openstack-nova-*","title":"openEuler-22.09_Yoga"},{"location":"install/openEuler-22.09/OpenStack-yoga/#openstack-yoga","text":"OpenStack Yoga \u90e8\u7f72\u6307\u5357 \u57fa\u4e8eRPM\u90e8\u7f72 \u73af\u5883\u51c6\u5907 \u65f6\u949f\u540c\u6b65 \u5b89\u88c5\u6570\u636e\u5e93 \u5b89\u88c5\u6d88\u606f\u961f\u5217 \u5b89\u88c5\u7f13\u5b58\u670d\u52a1 \u90e8\u7f72\u670d\u52a1 Keystone Glance Placement Nova Neutron Cinder Horizon Ironic Trove Swift Cyborg Aodh Gnocchi Ceilometer Heat Tempest \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u90e8\u7f72 \u57fa\u4e8eOpenStack SIG\u90e8\u7f72\u5de5\u5177opensd\u90e8\u7f72 \u90e8\u7f72\u6b65\u9aa4 1. \u90e8\u7f72\u524d\u9700\u8981\u786e\u8ba4\u7684\u4fe1\u606f 2. ceph pool\u4e0e\u8ba4\u8bc1\u521b\u5efa\uff08\u53ef\u9009\uff09 2.1 \u521b\u5efapool: 2.2 \u521d\u59cb\u5316pool 2.3 \u521b\u5efa\u7528\u6237\u8ba4\u8bc1 3. \u914d\u7f6elvm\uff08\u53ef\u9009\uff09 4. \u914d\u7f6eyum repo 4.1 \u5907\u4efdyum\u6e90 4.2 \u914d\u7f6eyum repo 4.3 \u66f4\u65b0yum\u7f13\u5b58 5. \u5b89\u88c5opensd 5.1 \u514b\u9686opensd\u6e90\u7801\u5e76\u5b89\u88c5 6. \u505assh\u4e92\u4fe1 6.1 \u751f\u6210\u5bc6\u94a5\u5bf9 6.2 \u751f\u6210\u4e3b\u673aIP\u5730\u5740\u6587\u4ef6 6.3 \u66f4\u6539\u5bc6\u7801\u5e76\u6267\u884c\u811a\u672c 6.4 \u90e8\u7f72\u8282\u70b9\u4e0eceph monitor\u505a\u4e92\u4fe1\uff08\u53ef\u9009\uff09 7. \u914d\u7f6eopensd 7.1 \u751f\u6210\u968f\u673a\u5bc6\u7801 7.2 \u914d\u7f6einventory\u6587\u4ef6 7.3 \u914d\u7f6e\u5168\u5c40\u53d8\u91cf 7.4 \u68c0\u67e5\u6240\u6709\u8282\u70b9ssh\u8fde\u63a5\u72b6\u6001 8. \u6267\u884c\u90e8\u7f72 8.1 \u6267\u884cbootstrap 8.2 \u91cd\u542f\u670d\u52a1\u5668 8.3 \u6267\u884c\u90e8\u7f72\u524d\u68c0\u67e5 8.4 \u6267\u884c\u90e8\u7f72 \u57fa\u4e8eOpenStack helm\u90e8\u7f72 \u7b80\u4ecb \u524d\u7f6e\u8bbe\u7f6e \u81ea\u52a8\u5b89\u88c5 \u624b\u52a8\u5b89\u88c5 \u4f7f\u7528 OpenStack-Helm \u65b0\u7279\u6027\u7684\u5b89\u88c5 Kolla\u652f\u6301iSula Nova\u652f\u6301\u9ad8\u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u7279\u6027 \u672c\u6587\u6863\u662fopenEuler OpenStack SIG\u7f16\u5199\u7684\u57fa\u4e8eopenEuler 22.09\u7684OpenStack\u90e8\u7f72\u6307\u5357\uff0c\u5185\u5bb9\u7531SIG\u8d21\u732e\u8005\u63d0\u4f9b\u3002\u5728\u9605\u8bfb\u8fc7\u7a0b\u4e2d\uff0c\u5982\u679c\u60a8\u6709\u4efb\u4f55\u7591\u95ee\u6216\u8005\u53d1\u73b0\u4efb\u4f55\u95ee\u9898\uff0c\u8bf7 \u8054\u7cfb SIG\u7ef4\u62a4\u4eba\u5458\uff0c\u6216\u8005\u76f4\u63a5 \u63d0\u4ea4issue \u7ea6\u5b9a \u672c\u7ae0\u8282\u63cf\u8ff0\u6587\u6863\u4e2d\u7684\u4e00\u4e9b\u901a\u7528\u7ea6\u5b9a\u3002 \u540d\u79f0 \u5b9a\u4e49 RABBIT_PASS rabbitmq\u7684\u5bc6\u7801\uff0c\u7531\u7528\u6237\u8bbe\u7f6e\uff0c\u5728OpenStack\u5404\u4e2a\u670d\u52a1\u914d\u7f6e\u4e2d\u4f7f\u7528 CINDER_PASS cinder\u670d\u52a1keystone\u7528\u6237\u7684\u5bc6\u7801\uff0c\u5728cinder\u914d\u7f6e\u4e2d\u4f7f\u7528 CINDER_DBPASS cinder\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728cinder\u914d\u7f6e\u4e2d\u4f7f\u7528 KEYSTONE_DBPASS keystone\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728keystone\u914d\u7f6e\u4e2d\u4f7f\u7528 GLANCE_PASS glance\u670d\u52a1keystone\u7528\u6237\u7684\u5bc6\u7801\uff0c\u5728glance\u914d\u7f6e\u4e2d\u4f7f\u7528 GLANCE_DBPASS glance\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728glance\u914d\u7f6e\u4e2d\u4f7f\u7528 HEAT_PASS \u5728keystone\u6ce8\u518c\u7684heat\u7528\u6237\u5bc6\u7801\uff0c\u5728heat\u914d\u7f6e\u4e2d\u4f7f\u7528 HEAT_DBPASS heat\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728heat\u914d\u7f6e\u4e2d\u4f7f\u7528 CYBORG_PASS \u5728keystone\u6ce8\u518c\u7684cyborg\u7528\u6237\u5bc6\u7801\uff0c\u5728cyborg\u914d\u7f6e\u4e2d\u4f7f\u7528 CYBORG_DBPASS cyborg\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728cyborg\u914d\u7f6e\u4e2d\u4f7f\u7528 NEUTRON_PASS \u5728keystone\u6ce8\u518c\u7684neutron\u7528\u6237\u5bc6\u7801\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 NEUTRON_DBPASS neutron\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 PROVIDER_INTERFACE_NAME \u7269\u7406\u7f51\u7edc\u63a5\u53e3\u7684\u540d\u79f0\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 OVERLAY_INTERFACE_IP_ADDRESS Controller\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406ip\u5730\u5740\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 METADATA_SECRET metadata proxy\u7684secret\u5bc6\u7801\uff0c\u5728nova\u548cneutron\u914d\u7f6e\u4e2d\u4f7f\u7528 PLACEMENT_DBPASS placement\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728placement\u914d\u7f6e\u4e2d\u4f7f\u7528 PLACEMENT_PASS \u5728keystone\u6ce8\u518c\u7684placement\u7528\u6237\u5bc6\u7801\uff0c\u5728placement\u914d\u7f6e\u4e2d\u4f7f\u7528 NOVA_DBPASS nova\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728nova\u914d\u7f6e\u4e2d\u4f7f\u7528 NOVA_PASS \u5728keystone\u6ce8\u518c\u7684nova\u7528\u6237\u5bc6\u7801\uff0c\u5728nova,cyborg,neutron\u7b49\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_DBPASS ironic\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728ironic\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_PASS \u5728keystone\u6ce8\u518c\u7684ironic\u7528\u6237\u5bc6\u7801\uff0c\u5728ironic\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_INSPECTOR_DBPASS ironic-inspector\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728ironic-inspector\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_INSPECTOR_PASS \u5728keystone\u6ce8\u518c\u7684ironic-inspector\u7528\u6237\u5bc6\u7801\uff0c\u5728ironic-inspector\u914d\u7f6e\u4e2d\u4f7f\u7528 OpenStack SIG\u63d0\u4f9b\u4e86\u591a\u79cd\u57fa\u4e8eopenEuler\u90e8\u7f72OpenStack\u7684\u65b9\u6cd5\uff0c\u4ee5\u6ee1\u8db3\u4e0d\u540c\u7684\u7528\u6237\u573a\u666f\uff0c\u8bf7\u6309\u9700\u9009\u62e9\u3002","title":"OpenStack Yoga \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-22.09/OpenStack-yoga/#rpm","text":"","title":"\u57fa\u4e8eRPM\u90e8\u7f72"},{"location":"install/openEuler-22.09/OpenStack-yoga/#_1","text":"\u672c\u6587\u6863\u57fa\u4e8eOpenStack\u7ecf\u5178\u7684\u4e09\u8282\u70b9\u73af\u5883\u8fdb\u884c\u90e8\u7f72\uff0c\u4e09\u4e2a\u8282\u70b9\u5206\u522b\u662f\u63a7\u5236\u8282\u70b9(Controller)\u3001\u8ba1\u7b97\u8282\u70b9(Compute)\u3001\u5b58\u50a8\u8282\u70b9(Storage)\uff0c\u5176\u4e2d\u5b58\u50a8\u8282\u70b9\u4e00\u822c\u53ea\u90e8\u7f72\u5b58\u50a8\u670d\u52a1\uff0c\u5728\u8d44\u6e90\u6709\u9650\u7684\u60c5\u51b5\u4e0b\uff0c\u53ef\u4ee5\u4e0d\u5355\u72ec\u90e8\u7f72\u8be5\u8282\u70b9\uff0c\u628a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u670d\u52a1\u90e8\u7f72\u5230\u8ba1\u7b97\u8282\u70b9\u5373\u53ef\u3002 \u9996\u5148\u51c6\u5907\u4e09\u4e2aopenEuler 22.09\u73af\u5883\uff0c\u6839\u636e\u60a8\u7684\u73af\u5883\uff0c\u4e0b\u8f7d\u5bf9\u5e94\u7684\u955c\u50cf\u5e76\u5b89\u88c5\u5373\u53ef\uff1a ISO\u955c\u50cf \u3001 qcow2\u955c\u50cf \u3002 \u4e0b\u9762\u7684\u5b89\u88c5\u6309\u7167\u5982\u4e0b\u62d3\u6251\u8fdb\u884c\uff1a controller\uff1a192.168.0.2 compute\uff1a 192.168.0.3 storage\uff1a 192.168.0.4 \u5982\u679c\u60a8\u7684\u73af\u5883IP\u4e0d\u540c\uff0c\u8bf7\u6309\u7167\u60a8\u7684\u73af\u5883IP\u4fee\u6539\u76f8\u5e94\u7684\u914d\u7f6e\u6587\u4ef6\u3002 \u672c\u6587\u6863\u7684\u4e09\u8282\u70b9\u670d\u52a1\u62d3\u6251\u5982\u4e0b\u56fe\u6240\u793a(\u53ea\u5305\u542bKeystone\u3001Glance\u3001Nova\u3001Cinder\u3001Neutron\u8fd9\u51e0\u4e2a\u6838\u5fc3\u670d\u52a1\uff0c\u5176\u4ed6\u670d\u52a1\u8bf7\u53c2\u8003\u5177\u4f53\u90e8\u7f72\u7ae0\u8282)\uff1a \u5728\u6b63\u5f0f\u90e8\u7f72\u4e4b\u524d\uff0c\u9700\u8981\u5bf9\u6bcf\u4e2a\u8282\u70b9\u505a\u5982\u4e0b\u914d\u7f6e\u548c\u68c0\u67e5\uff1a \u4fdd\u8bc1EPOL yum\u6e90\u5df2\u914d\u7f6e \u6253\u5f00 /etc/yum.repos.d/openEuler.repo \u6587\u4ef6\uff0c\u68c0\u67e5 [EPOL] \u6e90\u662f\u5426\u5b58\u5728\uff0c\u82e5\u4e0d\u5b58\u5728\uff0c\u5219\u6dfb\u52a0\u5982\u4e0b\u5185\u5bb9: [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.09/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.09/OS/$basearch/RPM-GPG-KEY-openEuler \u4e0d\u8bba\u6539\u4e0d\u6539\u8fd9\u4e2a\u6587\u4ef6\uff0c\u65b0\u673a\u5668\u7684\u7b2c\u4e00\u6b65\u90fd\u8981\u66f4\u65b0\u4e00\u4e0byum\u6e90\uff0c\u6267\u884c yum update \u3002 \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u6bcf\u4e2a\u8282\u70b9\u5206\u522b\u4fee\u6539\u4e3b\u673a\u540d\uff0c\u4ee5controller\u4e3a\u4f8b\uff1a hostnamectl set-hostname controller vi /etc/hostname \u5185\u5bb9\u4fee\u6539\u4e3acontroller \u7136\u540e\u4fee\u6539\u6bcf\u4e2a\u8282\u70b9\u7684 /etc/hosts \u6587\u4ef6\uff0c\u65b0\u589e\u5982\u4e0b\u5185\u5bb9: 192.168.0.2 controller 192.168.0.3 compute 192.168.0.4 storage","title":"\u73af\u5883\u51c6\u5907"},{"location":"install/openEuler-22.09/OpenStack-yoga/#_2","text":"\u96c6\u7fa4\u73af\u5883\u65f6\u523b\u8981\u6c42\u6bcf\u4e2a\u8282\u70b9\u7684\u65f6\u95f4\u4e00\u81f4\uff0c\u4e00\u822c\u7531\u65f6\u949f\u540c\u6b65\u8f6f\u4ef6\u4fdd\u8bc1\u3002\u672c\u6587\u4f7f\u7528 chrony \u8f6f\u4ef6\u3002\u6b65\u9aa4\u5982\u4e0b\uff1a Controller\u8282\u70b9 \uff1a \u5b89\u88c5\u670d\u52a1 dnf install chrony \u4fee\u6539 /etc/chrony.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u65b0\u589e\u4e00\u884c # \u8868\u793a\u5141\u8bb8\u54ea\u4e9bIP\u4ece\u672c\u8282\u70b9\u540c\u6b65\u65f6\u949f allow 192.168.0.0/24 \u91cd\u542f\u670d\u52a1 systemctl restart chronyd \u5176\u4ed6\u8282\u70b9 \u5b89\u88c5\u670d\u52a1 dnf install chrony \u4fee\u6539 /etc/chrony.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u65b0\u589e\u4e00\u884c # NTP_SERVER\u662fcontroller IP\uff0c\u8868\u793a\u4ece\u8fd9\u4e2a\u673a\u5668\u83b7\u53d6\u65f6\u95f4\uff0c\u8fd9\u91cc\u6211\u4eec\u586b192.168.0.2\uff0c\u6216\u8005\u5728`/etc/hosts`\u91cc\u914d\u7f6e\u597d\u7684controller\u540d\u5b57\u5373\u53ef\u3002 server NTP_SERVER iburst \u540c\u65f6\uff0c\u8981\u628a pool pool.ntp.org iburst \u8fd9\u4e00\u884c\u6ce8\u91ca\u6389\uff0c\u8868\u793a\u4e0d\u4ece\u516c\u7f51\u540c\u6b65\u65f6\u949f\u3002 \u91cd\u542f\u670d\u52a1 systemctl restart chronyd \u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u68c0\u67e5\u4e00\u4e0b\u7ed3\u679c\uff0c\u5728\u5176\u4ed6\u975econtroller\u8282\u70b9\u6267\u884c chronyc sources \uff0c\u8fd4\u56de\u7ed3\u679c\u7c7b\u4f3c\u5982\u4e0b\u5185\u5bb9\uff0c\u8868\u793a\u6210\u529f\u4ececontroller\u540c\u6b65\u65f6\u949f\u3002 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* 192.168.0.2 4 6 7 0 -1406ns[ +55us] +/- 16ms","title":"\u65f6\u949f\u540c\u6b65"},{"location":"install/openEuler-22.09/OpenStack-yoga/#_3","text":"\u6570\u636e\u5e93\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528mariadb\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install mysql-config mariadb mariadb-server python3-PyMySQL \u65b0\u589e\u914d\u7f6e\u6587\u4ef6 /etc/my.cnf.d/openstack.cnf \uff0c\u5185\u5bb9\u5982\u4e0b [mysqld] bind-address = 192.168.0.2 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u542f\u52a8\u670d\u52a1\u5668 systemctl start mariadb \u521d\u59cb\u5316\u6570\u636e\u5e93\uff0c\u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef mysql_secure_installation \u793a\u4f8b\u5982\u4e0b\uff1a NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and haven't set the root password yet, you should just press enter here. Enter current password for root (enter for none): #\u8fd9\u91cc\u8f93\u5165\u5bc6\u7801\uff0c\u7531\u4e8e\u6211\u4eec\u662f\u521d\u59cb\u5316DB\uff0c\u76f4\u63a5\u56de\u8f66\u5c31\u884c OK, successfully used password, moving on... Setting the root password or using the unix_socket ensures that nobody can log into the MariaDB root user without the proper authorisation. You already have your root account protected, so you can safely answer 'n'. # \u8fd9\u91cc\u6839\u636e\u63d0\u793a\u8f93\u5165N Switch to unix_socket authentication [Y/n] N Enabled successfully! Reloading privilege tables.. ... Success! You already have your root account protected, so you can safely answer 'n'. # \u8f93\u5165Y\uff0c\u4fee\u6539\u5bc6\u7801 Change the root password? [Y/n] Y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. # \u8f93\u5165Y\uff0c\u5220\u9664\u533f\u540d\u7528\u6237 Remove anonymous users? [Y/n] Y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. # \u8f93\u5165Y\uff0c\u5173\u95edroot\u8fdc\u7a0b\u767b\u5f55\u6743\u9650 Disallow root login remotely? [Y/n] Y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. # \u8f93\u5165Y\uff0c\u5220\u9664test\u6570\u636e\u5e93 Remove test database and access to it? [Y/n] Y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. # \u8f93\u5165Y\uff0c\u91cd\u8f7d\u914d\u7f6e Reload privilege tables now? [Y/n] Y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. \u9a8c\u8bc1\uff0c\u6839\u636e\u7b2c\u56db\u6b65\u8bbe\u7f6e\u7684\u5bc6\u7801\uff0c\u68c0\u67e5\u662f\u5426\u80fd\u767b\u5f55mariadb mysql -uroot -p","title":"\u5b89\u88c5\u6570\u636e\u5e93"},{"location":"install/openEuler-22.09/OpenStack-yoga/#_4","text":"\u6d88\u606f\u961f\u5217\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528rabbitmq\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install rabbitmq-server \u542f\u52a8\u670d\u52a1 systemctl start rabbitmq-server \u914d\u7f6eopenstack\u7528\u6237\uff0c RABBIT_PASS \u662fopenstack\u670d\u52a1\u767b\u5f55\u6d88\u606f\u961f\u91cc\u7684\u5bc6\u7801\uff0c\u9700\u8981\u548c\u540e\u9762\u5404\u4e2a\u670d\u52a1\u7684\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\u3002 rabbitmqctl add_user openstack RABBIT_PASS rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5\u6d88\u606f\u961f\u5217"},{"location":"install/openEuler-22.09/OpenStack-yoga/#_5","text":"\u6d88\u606f\u961f\u5217\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528Memcached\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install memcached python3-memcached \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u542f\u52a8\u670d\u52a1 systemctl start memcached","title":"\u5b89\u88c5\u7f13\u5b58\u670d\u52a1"},{"location":"install/openEuler-22.09/OpenStack-yoga/#_6","text":"","title":"\u90e8\u7f72\u670d\u52a1"},{"location":"install/openEuler-22.09/OpenStack-yoga/#keystone","text":"Keystone\u662fOpenStack\u63d0\u4f9b\u7684\u9274\u6743\u670d\u52a1\uff0c\u662f\u6574\u4e2aOpenStack\u7684\u5165\u53e3\uff0c\u63d0\u4f9b\u4e86\u79df\u6237\u9694\u79bb\u3001\u7528\u6237\u8ba4\u8bc1\u3001\u670d\u52a1\u53d1\u73b0\u7b49\u529f\u80fd\uff0c\u5fc5\u987b\u5b89\u88c5\u3002 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server \u6253\u5f00httpd.conf\u5e76\u914d\u7f6e #\u9700\u8981\u4fee\u6539\u7684\u914d\u7f6e\u6587\u4ef6\u8def\u5f84 vim /etc/httpd/conf/httpd.conf #\u4fee\u6539\u4ee5\u4e0b\u9879\uff0c\u5982\u679c\u6ca1\u6709\u5219\u65b0\u6dfb\u52a0 ServerName controller \u521b\u5efa\u8f6f\u94fe\u63a5 ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles \u9700\u8981\u5148\u5b89\u88c5python3-openstackclient dnf install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone"},{"location":"install/openEuler-22.09/OpenStack-yoga/#glance","text":"Glance\u662fOpenStack\u63d0\u4f9b\u7684\u955c\u50cf\u670d\u52a1\uff0c\u8d1f\u8d23\u865a\u62df\u673a\u3001\u88f8\u673a\u955c\u50cf\u7684\u4e0a\u4f20\u4e0e\u4e0b\u8f7d\uff0c\u5fc5\u987b\u5b89\u88c5\u3002 Controller\u8282\u70b9 \uff1a \u521b\u5efa glance \u6570\u636e\u5e93\u5e76\u6388\u6743 mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521d\u59cb\u5316 glance \u8d44\u6e90\u5bf9\u8c61 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efa\u7528\u6237\u65f6\uff0c\u547d\u4ee4\u884c\u4f1a\u63d0\u793a\u8f93\u5165\u5bc6\u7801\uff0c\u8bf7\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u5bc6\u7801\uff0c\u4e0b\u6587\u6d89\u53ca\u5230 GLANCE_PASS \u7684\u5730\u65b9\u66ff\u6362\u6210\u8be5\u5bc6\u7801\u5373\u53ef\u3002 openstack user create --domain default --password-prompt glance User Password: Repeat User Password: \u6dfb\u52a0glance\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user glance admin \u521b\u5efaglance\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efaglance API\u670d\u52a1\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-glance \u4fee\u6539 glance \u914d\u7f6e\u6587\u4ef6 vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrcu \u4e0b\u8f7d\u955c\u50cf x86\u955c\u50cf\u4e0b\u8f7d\uff1a wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img arm\u955c\u50cf\u4e0b\u8f7d\uff1a wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-aarch64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance"},{"location":"install/openEuler-22.09/OpenStack-yoga/#placement","text":"Placement\u662fOpenStack\u63d0\u4f9b\u7684\u8d44\u6e90\u8c03\u5ea6\u7ec4\u4ef6\uff0c\u4e00\u822c\u4e0d\u9762\u5411\u7528\u6237\uff0c\u7531Nova\u7b49\u7ec4\u4ef6\u8c03\u7528\uff0c\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\u3002 \u5b89\u88c5\u3001\u914d\u7f6ePlacement\u670d\u52a1\u524d\uff0c\u9700\u8981\u5148\u521b\u5efa\u76f8\u5e94\u7684\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548cAPI endpoints\u3002 \u521b\u5efa\u6570\u636e\u5e93 \u4f7f\u7528root\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\u670d\u52a1\uff1a mysql -u root -p \u521b\u5efaplacement\u6570\u636e\u5e93\uff1a MariaDB [(none)]> CREATE DATABASE placement; \u6388\u6743\u6570\u636e\u5e93\u8bbf\u95ee\uff1a MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; \u66ff\u6362 PLACEMENT_DBPASS \u4e3aplacement\u6570\u636e\u5e93\u8bbf\u95ee\u5bc6\u7801\u3002 \u9000\u51fa\u6570\u636e\u5e93\u8bbf\u95ee\u5ba2\u6237\u7aef\uff1a exit \u914d\u7f6e\u7528\u6237\u548cEndpoints source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u521b\u5efaplacement\u7528\u6237\u5e76\u8bbe\u7f6e\u7528\u6237\u5bc6\u7801\uff1a openstack user create --domain default --password-prompt placement User Password: Repeat User Password: \u6dfb\u52a0placement\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user placement admin \u521b\u5efaplacement\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name placement \\ --description \"Placement API\" placement \u521b\u5efaPlacement API\u670d\u52a1endpoints\uff1a openstack endpoint create --region RegionOne \\ placement public http://controller:8778 openstack endpoint create --region RegionOne \\ placement internal http://controller:8778 openstack endpoint create --region RegionOne \\ placement admin http://controller:8778 \u5b89\u88c5\u53ca\u914d\u7f6e\u7ec4\u4ef6 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a dnf install openstack-placement-api \u7f16\u8f91 /etc/placement/placement.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u5b8c\u6210\u5982\u4e0b\u64cd\u4f5c\uff1a \u5728 [placement_database] \u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1a [placement_database] connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement \u66ff\u6362 PLACEMENT_DBPASS \u4e3aplacement\u6570\u636e\u5e93\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u6570\u636e\u5e93\u540c\u6b65\uff0c\u586b\u5145Placement\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8\u670d\u52a1 \u91cd\u542fhttpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650 source ~/.admin-openrc \u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a placement-status upgrade check +----------------------------------------------------------------------+ | Upgrade Check Results | +----------------------------------------------------------------------+ | Check: Missing Root Provider IDs | | Result: Success | | Details: None | +----------------------------------------------------------------------+ | Check: Incomplete Consumers | | Result: Success | | Details: None | +----------------------------------------------------------------------+ | Check: Policy File JSON to YAML Migration | | Result: Failure | | Details: Your policy file is JSON-formatted which is deprecated. You | | need to switch to YAML-formatted file. Use the | | ``oslopolicy-convert-json-to-yaml`` tool to convert the | | existing JSON-formatted files to YAML in a backwards- | | compatible manner: https://docs.openstack.org/oslo.policy/ | | latest/cli/oslopolicy-convert-json-to-yaml.html. | +----------------------------------------------------------------------+ \u8fd9\u91cc\u53ef\u4ee5\u770b\u5230 Policy File JSON to YAML Migration \u7684\u7ed3\u679c\u4e3aFailure\u3002\u8fd9\u662f\u56e0\u4e3a\u5728Placement\u4e2d\uff0cJSON\u683c\u5f0f\u7684policy\u6587\u4ef6\u4eceWallaby\u7248\u672c\u5f00\u59cb\u5df2\u5904\u4e8e deprecated \u72b6\u6001\u3002\u53ef\u4ee5\u53c2\u8003\u63d0\u793a\uff0c\u4f7f\u7528 oslopolicy-convert-json-to-yaml \u5de5\u5177 \u5c06\u73b0\u6709\u7684JSON\u683c\u5f0fpolicy\u6587\u4ef6\u8f6c\u5316\u4e3aYAML\u683c\u5f0f\u3002 oslopolicy-convert-json-to-yaml --namespace placement \\ --policy-file /etc/placement/policy.json \\ --output-file /etc/placement/policy.yaml mv /etc/placement/policy.json{,.bak} \u6ce8\uff1a\u5f53\u524d\u73af\u5883\u4e2d\u6b64\u95ee\u9898\u53ef\u5ffd\u7565\uff0c\u4e0d\u5f71\u54cd\u8fd0\u884c\u3002 \u9488\u5bf9placement API\u8fd0\u884c\u547d\u4ee4\uff1a \u5b89\u88c5osc-placement\u63d2\u4ef6\uff1a dnf install python3-osc-placement \u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a openstack --os-placement-api-version 1.2 resource class list --sort-column name +----------------------------+ | name | +----------------------------+ | DISK_GB | | FPGA | | ... | openstack --os-placement-api-version 1.6 trait list --sort-column name +---------------------------------------+ | name | +---------------------------------------+ | COMPUTE_ACCELERATORS | | COMPUTE_ARCH_AARCH64 | | ... |","title":"Placement"},{"location":"install/openEuler-22.09/OpenStack-yoga/#nova","text":"Nova\u662fOpenStack\u7684\u8ba1\u7b97\u670d\u52a1\uff0c\u8d1f\u8d23\u865a\u62df\u673a\u7684\u521b\u5efa\u3001\u53d1\u653e\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u521b\u5efa\u6570\u636e\u5e93 \u4f7f\u7528root\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\u670d\u52a1\uff1a mysql -u root -p \u521b\u5efa nova_api \u3001 nova \u548c nova_cell0 \u6570\u636e\u5e93\uff1a MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; \u6388\u6743\u6570\u636e\u5e93\u8bbf\u95ee\uff1a MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; \u66ff\u6362 NOVA_DBPASS \u4e3anova\u76f8\u5173\u6570\u636e\u5e93\u8bbf\u95ee\u5bc6\u7801\u3002 \u9000\u51fa\u6570\u636e\u5e93\u8bbf\u95ee\u5ba2\u6237\u7aef\uff1a exit \u914d\u7f6e\u7528\u6237\u548cEndpoints source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u521b\u5efanova\u7528\u6237\u5e76\u8bbe\u7f6e\u7528\u6237\u5bc6\u7801\uff1a openstack user create --domain default --password-prompt nova User Password: Repeat User Password: \u6dfb\u52a0nova\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user nova admin \u521b\u5efanova\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name nova \\ --description \"OpenStack Compute\" compute \u521b\u5efaNova API\u670d\u52a1endpoints\uff1a openstack endpoint create --region RegionOne \\ compute public http://controller:8774/v2.1 openstack endpoint create --region RegionOne \\ compute internal http://controller:8774/v2.1 openstack endpoint create --region RegionOne \\ compute admin http://controller:8774/v2.1 \u5b89\u88c5\u53ca\u914d\u7f6e\u7ec4\u4ef6 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a dnf install openstack-nova-api openstack-nova-conductor \\ openstack-nova-novncproxy openstack-nova-scheduler \u7f16\u8f91 /etc/nova/nova.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u5b8c\u6210\u5982\u4e0b\u64cd\u4f5c\uff1a \u5728 [default] \u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u4f7f\u7528controller\u8282\u70b9\u7ba1\u7406IP\u914d\u7f6emy_ip\uff0c\u663e\u5f0f\u5b9a\u4e49log_dir\uff1a [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 192.168.0.2 log_dir = /var/log/nova \u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002 \u5728 [api_database] \u548c [database] \u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1a [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova \u66ff\u6362 NOVA_DBPASS \u4e3anova\u76f8\u5173\u6570\u636e\u5e93\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u5728 [vnc] \u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1a [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip \u5728 [glance] \u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1a [glance] api_servers = http://controller:9292 \u5728 [oslo_concurrency] \u90e8\u5206\uff0c\u914d\u7f6elock path\uff1a [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\uff1a [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u6570\u636e\u5e93\u540c\u6b65\uff1a \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova \u542f\u52a8\u670d\u52a1 systemctl enable \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service Compute\u8282\u70b9 \u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-nova-compute \u7f16\u8f91 /etc/nova/nova.conf \u914d\u7f6e\u6587\u4ef6 \u5728 [default] \u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u4f7f\u7528Compute\u8282\u70b9\u7ba1\u7406IP\u914d\u7f6emy_ip\uff0c\u663e\u5f0f\u5b9a\u4e49compute_driver\u3001instances_path\u3001log_dir\uff1a [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 192.168.0.3 compute_driver = libvirt.LibvirtDriver instances_path = /var/lib/nova/instances log_dir = /var/log/nova \u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u5728 [vnc] \u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1a [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html \u5728 [glance] \u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1a [glance] api_servers = http://controller:9292 \u5728 [oslo_concurrency] \u90e8\u5206\uff0c\u914d\u7f6elock path\uff1a [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\uff1a [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86_64\uff09 \u5904\u7406\u5668\u4e3ax86_64\u67b6\u6784\u65f6\uff0c\u53ef\u901a\u8fc7\u8fd0\u884c\u5982\u4e0b\u547d\u4ee4\u786e\u8ba4\u662f\u5426\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662f\u9ed8\u8ba4\u7684KVM\u3002\u7f16\u8f91 /etc/nova/nova.conf \u7684 [libvirt] \u90e8\u5206\uff1a [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e\u3002 \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08arm64\uff09 \u5904\u7406\u5668\u4e3aarm64\u67b6\u6784\u65f6\uff0c\u53ef\u901a\u8fc7\u8fd0\u884c\u5982\u4e0b\u547d\u4ee4\u786e\u8ba4\u662f\u5426\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff1a virt-host-validate # \u8be5\u547d\u4ee4\u7531libvirt\u63d0\u4f9b\uff0c\u6b64\u65f6libvirt\u5e94\u5df2\u4f5c\u4e3aopenstack-nova-compute\u4f9d\u8d56\u88ab\u5b89\u88c5\uff0c\u73af\u5883\u4e2d\u5df2\u6709\u6b64\u547d\u4ee4 \u663e\u793aFAIL\u65f6\uff0c\u8868\u793a\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662f\u9ed8\u8ba4\u7684KVM\u3002 QEMU: Checking if device /dev/kvm exists: FAIL (Check that CPU and firmware supports virtualization and kvm module is loaded) \u7f16\u8f91 /etc/nova/nova.conf \u7684 [libvirt] \u90e8\u5206\uff1a [libvirt] virt_type = qemu \u663e\u793aPASS\u65f6\uff0c\u8868\u793a\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e\u3002 QEMU: Checking if device /dev/kvm exists: PASS \u914d\u7f6eqemu\uff08\u4ec5arm64\uff09 \u4ec5\u5f53\u5904\u7406\u5668\u4e3aarm64\u67b6\u6784\u65f6\u9700\u8981\u6267\u884c\u6b64\u64cd\u4f5c\u3002 \u7f16\u8f91 /etc/libvirt/qemu.conf : nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u7f16\u8f91 /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } \u542f\u52a8\u670d\u52a1 systemctl enable libvirtd.service openstack-nova-compute.service systemctl start libvirtd.service openstack-nova-compute.service Controller\u8282\u70b9 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u786e\u8ba4nova-compute\u670d\u52a1\u5df2\u8bc6\u522b\u5230\u6570\u636e\u5e93\u4e2d\uff1a openstack compute service list --service nova-compute \u53d1\u73b0\u8ba1\u7b97\u8282\u70b9\uff0c\u5c06\u8ba1\u7b97\u8282\u70b9\u6dfb\u52a0\u5230cell\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova \u7ed3\u679c\u5982\u4e0b\uff1a Modules with known eventlet monkey patching issues were imported prior to eventlet monkey patching: urllib3. This warning can usually be ignored if the caller is only importing and not executing nova code. Found 2 cell mappings. Skipping cell0 since it does not contain hosts. Getting computes from cell 'cell1': 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2 Checking host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e Creating host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e Found 1 unmapped computes in cell: 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2 \u9a8c\u8bc1 \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check","title":"Nova"},{"location":"install/openEuler-22.09/OpenStack-yoga/#neutron","text":"Neutron\u662fOpenStack\u7684\u7f51\u7edc\u670d\u52a1\uff0c\u63d0\u4f9b\u865a\u62df\u4ea4\u6362\u673a\u3001IP\u8def\u7531\u3001DHCP\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u670d\u52a1\u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u7528\u6237\u548c\u670d\u52a1\uff0c\u5e76\u8bb0\u4f4f\u521b\u5efaneutron\u7528\u6237\u65f6\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6eNEUTRON_PASS\uff1a source ~/.admin-openrc openstack user create --domain default --password-prompt neutron openstack role add --project service --user neutron admin openstack service create --name neutron --description \"OpenStack Networking\" network \u90e8\u7f72 Neutron API \u670d\u52a1\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 openstack endpoint create --region RegionOne network internal http://controller:9696 openstack endpoint create --region RegionOne network admin http://controller:9696 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install -y openstack-neutron openstack-neutron-linuxbridge ebtables ipset openstack-neutron-ml2 3. \u914d\u7f6eNeutron \u4fee\u6539/etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron [DEFAULT] core_plugin = ml2 service_plugins = router allow_overlapping_ips = true transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = nova password = NOVA_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u914d\u7f6eML2\uff0cML2\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge** \u4fee\u6539/etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u4fee\u6539/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u914d\u7f6eLayer-3\u4ee3\u7406 \u4fee\u6539/etc/neutron/l3_agent.ini [DEFAULT] interface_driver = linuxbridge \u914d\u7f6eDHCP\u4ee3\u7406 \u4fee\u6539/etc/neutron/dhcp_agent.ini [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u914d\u7f6emetadata\u4ee3\u7406 \u4fee\u6539/etc/neutron/metadata_agent.ini [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u914d\u7f6enova\u670d\u52a1\u4f7f\u7528neutron\uff0c\u4fee\u6539/etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542fnova api\u670d\u52a1 systemctl restart openstack-nova-api \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service systemctl start neutron-server.service neutron-linuxbridge-agent.service \\ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service Compute\u8282\u70b9 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-neutron-linuxbridge ebtables ipset -y \u914d\u7f6eNeutron \u4fee\u6539/etc/neutron/neutron.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u4fee\u6539/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u914d\u7f6enova compute\u670d\u52a1\u4f7f\u7528neutron\uff0c\u4fee\u6539/etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS \u91cd\u542fnova-compute\u670d\u52a1 systemctl restart openstack-nova-compute.service \u542f\u52a8Neutron linuxbridge agent\u670d\u52a1 systemctl enable neutron-linuxbridge-agent systemctl start neutron-linuxbridge-agent","title":"Neutron"},{"location":"install/openEuler-22.09/OpenStack-yoga/#cinder","text":"Cinder\u662fOpenStack\u7684\u5b58\u50a8\u670d\u52a1\uff0c\u63d0\u4f9b\u5757\u8bbe\u5907\u7684\u521b\u5efa\u3001\u53d1\u653e\u3001\u5907\u4efd\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \uff1a \u521d\u59cb\u5316\u6570\u636e\u5e93 CINDER_DBPASS \u662f\u7528\u6237\u81ea\u5b9a\u4e49\u7684cinder\u6570\u636e\u5e93\u5bc6\u7801\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u521d\u59cb\u5316Keystone\u8d44\u6e90\u5bf9\u8c61 source ~/.admin-openrc #\u521b\u5efa\u7528\u6237\u65f6\uff0c\u547d\u4ee4\u884c\u4f1a\u63d0\u793a\u8f93\u5165\u5bc6\u7801\uff0c\u8bf7\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u5bc6\u7801\uff0c\u4e0b\u6587\u6d89\u53ca\u5230`CINDER_PASS`\u7684\u5730\u65b9\u66ff\u6362\u6210\u8be5\u5bc6\u7801\u5373\u53ef\u3002 openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s 3. \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-cinder-api openstack-cinder-scheduler \u4fee\u6539cinder\u914d\u7f6e\u6587\u4ef6 /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 192.168.0.2 [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp \u6570\u636e\u5e93\u540c\u6b65 su -s /bin/sh -c \"cinder-manage db sync\" cinder \u4fee\u6539nova\u914d\u7f6e /etc/nova/nova.conf [cinder] os_region_name = RegionOne \u542f\u52a8\u670d\u52a1 systemctl restart openstack-nova-api systemctl start openstack-cinder-api openstack-cinder-scheduler Storage\u8282\u70b9 \uff1a Storage\u8282\u70b9\u8981\u63d0\u524d\u51c6\u5907\u81f3\u5c11\u4e00\u5757\u786c\u76d8\uff0c\u4f5c\u4e3acinder\u7684\u5b58\u50a8\u540e\u7aef\uff0c\u4e0b\u6587\u9ed8\u8ba4storage\u8282\u70b9\u5df2\u7ecf\u5b58\u5728\u4e00\u5757\u672a\u4f7f\u7528\u7684\u786c\u76d8\uff0c\u8bbe\u5907\u540d\u79f0\u4e3a /dev/sdb \uff0c\u7528\u6237\u5728\u914d\u7f6e\u8fc7\u7a0b\u4e2d\uff0c\u8bf7\u6309\u7167\u771f\u5b9e\u73af\u5883\u4fe1\u606f\u8fdb\u884c\u540d\u79f0\u66ff\u6362\u3002 Cinder\u652f\u6301\u5f88\u591a\u7c7b\u578b\u7684\u540e\u7aef\u5b58\u50a8\uff0c\u672c\u6307\u5bfc\u4f7f\u7528\u6700\u7b80\u5355\u7684lvm\u4e3a\u53c2\u8003\uff0c\u5982\u679c\u60a8\u60f3\u4f7f\u7528\u5982ceph\u7b49\u5176\u4ed6\u540e\u7aef\uff0c\u8bf7\u81ea\u884c\u914d\u7f6e\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils openstack-cinder-volume openstack-cinder-backup \u914d\u7f6elvm\u5377\u7ec4 pvcreate /dev/sdb vgcreate cinder-volumes /dev/sdb \u4fee\u6539cinder\u914d\u7f6e /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 192.168.0.4 enabled_backends = lvm glance_api_servers = http://controller:9292 [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = cinder password = CINDER_PASS [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver volume_group = cinder-volumes target_protocol = iscsi target_helper = lioadm [oslo_concurrency] lock_path = /var/lib/cinder/tmp \u914d\u7f6ecinder backup \uff08\u53ef\u9009\uff09 cinder-backup\u662f\u53ef\u9009\u7684\u5907\u4efd\u670d\u52a1\uff0ccinder\u540c\u6837\u652f\u6301\u5f88\u591a\u79cd\u5907\u4efd\u540e\u7aef\uff0c\u672c\u6587\u4f7f\u7528swift\u5b58\u50a8\uff0c\u5982\u679c\u60a8\u60f3\u4f7f\u7528\u5982NFS\u7b49\u540e\u7aef\uff0c\u8bf7\u81ea\u884c\u914d\u7f6e\uff0c\u4f8b\u5982\u53ef\u4ee5\u53c2\u8003 OpenStack\u5b98\u65b9\u6587\u6863 \u5bf9NFS\u7684\u914d\u7f6e\u8bf4\u660e\u3002 \u4fee\u6539 /etc/cinder/cinder.conf \uff0c\u5728 [DEFAULT] \u4e2d\u65b0\u589e [DEFAULT] backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver backup_swift_url = SWIFT_URL \u8fd9\u91cc\u7684 SWIFT_URL \u662f\u6307\u73af\u5883\u4e2dswift\u670d\u52a1\u7684URL\uff0c\u5728\u90e8\u7f72\u5b8cswift\u670d\u52a1\u540e\uff0c\u6267\u884c openstack catalog show object-store \u547d\u4ee4\u83b7\u53d6\u3002 \u542f\u52a8\u670d\u52a1 systemctl start openstack-cinder-volume target systemctl start openstack-cinder-backup (\u53ef\u9009) \u81f3\u6b64\uff0cCinder\u670d\u52a1\u7684\u90e8\u7f72\u5df2\u5168\u90e8\u5b8c\u6210\uff0c\u53ef\u4ee5\u5728controller\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u8fdb\u884c\u7b80\u5355\u7684\u9a8c\u8bc1 source ~/.admin-openrc openstack storage service list openstack volume list","title":"Cinder"},{"location":"install/openEuler-22.09/OpenStack-yoga/#horizon","text":"Horizon\u662fOpenStack\u63d0\u4f9b\u7684\u524d\u7aef\u9875\u9762\uff0c\u53ef\u4ee5\u8ba9\u7528\u6237\u901a\u8fc7\u7f51\u9875\u9f20\u6807\u7684\u64cd\u4f5c\u6765\u63a7\u5236OpenStack\u96c6\u7fa4\uff0c\u800c\u4e0d\u7528\u7e41\u7410\u7684CLI\u547d\u4ee4\u884c\u3002Horizon\u4e00\u822c\u90e8\u7f72\u5728\u63a7\u5236\u8282\u70b9\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-dashboard \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] OPENSTACK_KEYSTONE_URL = \"http://controller:5000/v3\" SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f\u670d\u52a1 systemctl restart httpd \u81f3\u6b64\uff0chorizon\u670d\u52a1\u7684\u90e8\u7f72\u5df2\u5168\u90e8\u5b8c\u6210\uff0c\u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165 http://192.168.0.2/dashboard \uff0c\u6253\u5f00horizon\u767b\u5f55\u9875\u9762\u3002","title":"Horizon"},{"location":"install/openEuler-22.09/OpenStack-yoga/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASS'; MariaDB [(none)]> exit Bye \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 \u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 \u66ff\u6362 IRONIC_PASS \u4e3aironic\u7528\u6237\u5bc6\u7801\uff0c IRONIC_INSPECTOR_PASS \u4e3aironic_inspector\u7528\u6237\u5bc6\u7801\u3002 openstack user create --password IRONIC_PASS \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASS --email ironic_inspector@example.com ironic-inspector openstack role add --project service --user ironic-inspector admin \u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal public http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal internal http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://192.168.0.2:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://192.168.0.2:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://192.168.0.2:5050/v1 \u5b89\u88c5\u7ec4\u4ef6 dnf install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf \u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASS \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQ LAlchemy connection string used to connect to the # database (string value) # connection = mysql+pymysql://ironic:IRONIC_DBPASS@DB_IP/ironic connection = mysql+pymysql://ironic:IRONIC_DBPASS@controller/ironic \u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) # transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq \u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASS \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s % (user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) # www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 www_authenticate_uri=http://controller:5000 # Complete admin Identity API endpoint. (string value) # auth_url=http://PRIVATE_IDENTITY_IP:5000 auth_url=http://controller:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASS # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none \u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema \u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 \u5982\u4e0b\u4e3aironic-conductor\u670d\u52a1\u81ea\u8eab\u7684\u6807\u51c6\u914d\u7f6e\uff0cironic-conductor\u670d\u52a1\u53ef\u4ee5\u4e0eironic-api\u670d\u52a1\u5206\u5e03\u4e8e\u4e0d\u540c\u8282\u70b9\uff0c\u672c\u6307\u5357\u4e2d\u5747\u90e8\u7f72\u4e0e\u63a7\u5236\u8282\u70b9\uff0c\u6240\u4ee5\u91cd\u590d\u7684\u914d\u7f6e\u9879\u53ef\u8df3\u8fc7\u3002 \u66ff\u6362\u4f7f\u7528conductor\u670d\u52a1\u6240\u5728host\u7684IP\u914d\u7f6emy_ip\uff1a [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) # my_ip=HOST_IP my_ip = 192.168.0.2 \u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASS \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASS@controller/ironic \u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq \u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c \u66ff\u6362IRONIC_PASS\u4e3aironic\u7528\u6237\u5bc6\u7801\u3002 [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASS # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public # \u5176\u4ed6\u53c2\u8003\u914d\u7f6e [glance] endpoint_override = http://controller:9292 www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 auth_type = password username = ironic password = IRONIC_PASS project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service [service_catalog] region_name = RegionOne project_domain_id = default user_domain_id = default project_name = service password = IRONIC_PASS username = ironic auth_url = http://controller:5000 auth_type = password \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] endpoint_override = <NEUTRON_API_ADDRESS> \u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 \u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u5b89\u88c5\u7ec4\u4ef6 dnf install openstack-ironic-inspector \u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASS'; MariaDB [(none)]> exit Bye \u914d\u7f6e /etc/ironic-inspector/inspector.conf \u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASS \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801 [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASS@controller/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 \u914d\u7f6e\u6d88\u606f\u961f\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s % (user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://controller:5000 www_authenticate_uri = http://controller:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = controller:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True \u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=192.168.0.40,192.168.0.50 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log \u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c \u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade \u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 dnf install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd deploy ramdisk\u955c\u50cf\u4e0b\u8f7d\u6216\u5236\u4f5c \u90e8\u7f72\u4e00\u4e2a\u88f8\u673a\u8282\u70b9\u603b\u5171\u9700\u8981\u4e24\u7ec4\u955c\u50cf\uff1adeploy ramdisk images\u548cuser images\u3002Deploy ramdisk images\u4e0a\u8fd0\u884c\u6709ironic-python-agent(IPA)\u670d\u52a1\uff0cIronic\u901a\u8fc7\u5b83\u8fdb\u884c\u88f8\u673a\u8282\u70b9\u7684\u73af\u5883\u51c6\u5907\u3002User images\u662f\u6700\u7ec8\u88ab\u5b89\u88c5\u88f8\u673a\u8282\u70b9\u4e0a\uff0c\u4f9b\u7528\u6237\u4f7f\u7528\u7684\u955c\u50cf\u3002 ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent-builder\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002\u82e5\u4f7f\u7528\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \uff0c\u540c\u65f6\u5b98\u65b9\u4e5f\u6709\u63d0\u4f9b\u5236\u4f5c\u597d\u7684deploy\u955c\u50cf\uff0c\u53ef\u5c1d\u8bd5\u4e0b\u8f7d\u3002 \u4e0b\u6587\u4ecb\u7ecd\u901a\u8fc7ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder dnf install python3-ironic-python-agent-builder python3-ironic-python-agent-builder-doc \u6216 pip3 install ironic-python-agent-builder dnf install qemu-img git \u6ce8\uff1a22.09\u7cfb\u7edf\u4e2d\uff0c\u4f7f\u7528dnf\u5b89\u88c5\u65f6\uff0c\u9700\u8981\u540c\u65f6\u6309\u7167\u4e3b\u5305\u548cdoc\u5305\u3002doc\u5305\u5185\u6253\u5305\u7684 /usr/share \u76ee\u5f55\u4e2d\u6587\u4ef6\u4e3a\u8fd0\u884c\u6240\u9700\uff0c\u540e\u7eed\u7cfb\u7edf\u7248\u672c\u5c06\u5408\u5e76\u6587\u4ef6\u5230python3-ironic-python-agent-builder\u5305\u4e2d\u3002 \u5236\u4f5c\u955c\u50cf \u57fa\u672c\u7528\u6cd5\uff1a usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--lzma] [--extra-args EXTRA_ARGS] [--elements-path ELEMENTS_PATH] distribution positional arguments: distribution Distribution to use options: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic-python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --lzma Use lzma compression for smaller images --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder --elements-path ELEMENTS_PATH Path(s) to custom DIB elements separated by a colon \u64cd\u4f5c\u5b9e\u4f8b\uff1a # -o\u9009\u9879\u6307\u5b9a\u751f\u6210\u7684\u955c\u50cf\u540d # ubuntu\u6307\u5b9a\u751f\u6210ubuntu\u7cfb\u7edf\u7684\u955c\u50cf ironic-python-agent-builder -o my-ubuntu-ipa ubuntu \u53ef\u901a\u8fc7\u8bbe\u7f6e ARCH \u73af\u5883\u53d8\u91cf\uff08\u9ed8\u8ba4\u4e3aamd64\uff09\u6307\u5b9a\u6240\u6784\u5efa\u955c\u50cf\u7684\u67b6\u6784\u3002\u5982\u679c\u662f arm \u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a export ARCH=aarch64 \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf,\u8bbe\u7f6e\u7528\u6237\u540d\u3001\u5bc6\u7801\uff0c\u542f\u7528 sodo \u6743\u9650\uff1b\u5e76\u6dfb\u52a0 -e \u9009\u9879\u4f7f\u7528\u76f8\u5e94\u7684DIB\u5143\u7d20\u3002\u5236\u4f5c\u955c\u50cf\u64cd\u4f5c\u5982\u4e0b\uff1a export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder -o my-ssh-ubuntu-ipa -e selinux-permissive -e devuser ubuntu \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=stable/yoga # \u6307\u5b9a\u672c\u5730\u4ed3\u5e93\u53ca\u5206\u652f DIB_REPOLOCATION_ironic_python_agent=/home/user/path/to/repo DIB_REPOREF_ironic_python_agent=my-test-branch ironic-python-agent-builder ubuntu \u53c2\u8003\uff1a source-repositories \u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\u3002 \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a \u5f53\u524d\u7248\u672c\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ ramdisk\u955c\u50cf\u4e2d\u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 \u7f16\u8f91/usr/lib/systemd/system/ironic-python-agent.service\u6587\u4ef6 [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target","title":"Ironic"},{"location":"install/openEuler-22.09/OpenStack-yoga/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2atrove\u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684trove\u6570\u636e\u5e93\uff0c\u66ff\u6362TROVE_DBPASS\u4e3a\u5408\u9002\u7684\u5bc6\u7801\u3002 CREATE DATABASE trove CHARACTER SET utf8; GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' IDENTIFIED BY 'TROVE_DBPASS'; GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' IDENTIFIED BY 'TROVE_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 # \u521b\u5efatrove\u7528\u6237 openstack user create --domain default --password-prompt trove # \u6dfb\u52a0admin\u89d2\u8272 openstack role add --project service --user trove admin # \u521b\u5efadatabase\u670d\u52a1 openstack service create --name trove --description \"Database service\" database \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5Trove\u3002 dnf install openstack-trove python-troveclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 \u7f16\u8f91/etc/trove/trove.conf\u3002 [DEFAULT] bind_host=192.168.0.2 log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver network_label_regex=.* management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] auth_url = http://controller:5000/v3/ auth_type = password project_domain_name = Default project_name = service user_domain_name = Default password = trove username = TROVE_PASS [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = trove password = TROVE_PASS [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u63a7\u5236\u8282\u70b9\u7684IP\u3002\\ transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801\u3002\\ [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f\u3002\\ Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801\u3002 \u7f16\u8f91/etc/trove/trove-guestagent.conf\u3002 [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df\u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a\u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002\\ transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801\u3002\\ Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801\u3002\\ \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 \u6570\u636e\u5e93\u540c\u6b65\u3002 su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-trove-api.service openstack-trove-taskmanager.service \\ openstack-trove-conductor.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove"},{"location":"install/openEuler-22.09/OpenStack-yoga/#swift","text":"Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 Controller\u8282\u70b9 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 # \u521b\u5efaswift\u7528\u6237 openstack user create --domain default --password-prompt swift # \u6dfb\u52a0admin\u89d2\u8272 openstack role add --project service --user swift admin # \u521b\u5efa\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5Swift\u3002 dnf install openstack-swift-proxy python3-swiftclient python3-keystoneclient \\ python3-keystonemiddleware memcached \u914d\u7f6eproxy-server\u3002 Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cSWIFT_PASS\u5373\u53ef\u3002 vim /etc/swift/proxy-server.conf [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = swift password = SWIFT_PASS delay_auth_decision = True service_token_roles_required = True Storage\u8282\u70b9 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305\u3002 dnf install openstack-swift-account openstack-swift-container openstack-swift-object dnf install xfsprogs rsync \u5c06\u8bbe\u5907/dev/sdb\u548c/dev/sdc\u683c\u5f0f\u5316\u4e3aXFS\u3002 mkfs.xfs /dev/sdb mkfs.xfs /dev/sdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u3002 mkdir -p /srv/node/sdb mkdir -p /srv/node/sdc \u627e\u5230\u65b0\u5206\u533a\u7684UUID\u3002 blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d\u3002 UUID=\"<UUID-from-output-above>\" /srv/node/sdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/sdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\u3002 mount /srv/node/sdb mount /srv/node/sdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e\u3002 \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u914d\u7f6e\u5b58\u50a8\u8282\u70b9\u3002 \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 [DEFAULT] bind_ip = 192.168.0.4 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743\u3002 chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\u3002 mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift Controller\u8282\u70b9\u521b\u5efa\u5e76\u5206\u53d1\u73af \u521b\u5efa\u8d26\u53f7\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840 account.builder \u6587\u4ef6\u3002 swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder account.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS \\ --port 6202 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u8d26\u53f7\u73af\u5185\u5bb9\u3002 swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u8d26\u53f7\u73af\u3002 swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\u3002 swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder container.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u5bb9\u5668\u73af\u5185\u5bb9\u3002 swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u5bb9\u5668\u73af\u3002 swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\u3002 swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder object.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS \\ --port 6200 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u5bf9\u8c61\u73af\u5185\u5bb9\u3002 swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u5bf9\u8c61\u73af\u3002 swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\u3002 \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/swift/swift.conf\u3002 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\u3002 chown -R root:swift /etc/swift \u5b8c\u6210\u5b89\u88c5 \u5728\u63a7\u5236\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\u3002 systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\u3002 systemctl enable openstack-swift-account.service \\ openstack-swift-account-auditor.service \\ openstack-swift-account-reaper.service \\ openstack-swift-account-replicator.service \\ openstack-swift-container.service \\ openstack-swift-container-auditor.service \\ openstack-swift-container-replicator.service \\ openstack-swift-container-updater.service \\ openstack-swift-object.service \\ openstack-swift-object-auditor.service \\ openstack-swift-object-replicator.service \\ openstack-swift-object-updater.service systemctl start openstack-swift-account.service \\ openstack-swift-account-auditor.service \\ openstack-swift-account-reaper.service \\ openstack-swift-account-replicator.service \\ openstack-swift-container.service \\ openstack-swift-container-auditor.service \\ openstack-swift-container-replicator.service \\ openstack-swift-container-updater.service \\ openstack-swift-object.service \\ openstack-swift-object-auditor.service \\ openstack-swift-object-replicator.service \\ openstack-swift-object-updater.service","title":"Swift"},{"location":"install/openEuler-22.09/OpenStack-yoga/#cyborg","text":"Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 Controller\u8282\u70b9 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 mysql -u root -p MariaDB [(none)]> CREATE DATABASE cyborg; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u7528\u6237\u548c\u670d\u52a1\uff0c\u5e76\u8bb0\u4f4f\u521b\u5efacybory\u7528\u6237\u65f6\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6eCYBORG_PASS source ~/.admin-openrc openstack user create --domain default --password-prompt cyborg openstack role add --project service --user cyborg admin openstack service create --name cyborg --description \"Acceleration Service\" accelerator \u4f7f\u7528uwsgi\u90e8\u7f72Cyborg api\u670d\u52a1 openstack endpoint create --region RegionOne accelerator public http://controller/accelerator/v2 openstack endpoint create --region RegionOne accelerator internal http://controller/accelerator/v2 openstack endpoint create --region RegionOne accelerator admin http://controller/accelerator/v2 \u5b89\u88c5Cyborg dnf install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [api] host_ip = 0.0.0.0 [database] connection = mysql+pymysql://cyborg:CYBORG_DBPASS@controller/cyborg [service_catalog] cafile = /opt/stack/data/ca-bundle.pem project_domain_id = default user_domain_id = default project_name = service password = CYBORG_PASS username = cyborg auth_url = http://controller:5000/v3/ auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = password username = PLACEMENT_PASS auth_url = http://controller:5000/v3/ auth_type = password auth_section = keystone_authtoken [nova] project_domain_name = Default project_name = service user_domain_name = Default password = NOVA_PASS username = nova auth_url = http://controller:5000/v3/ auth_type = password auth_section = keystone_authtoken [keystone_authtoken] memcached_servers = localhost:11211 signing_dir = /var/cache/cyborg/api cafile = /opt/stack/data/ca-bundle.pem project_domain_name = Default project_name = service user_domain_name = Default password = CYBORG_PASS username = cyborg auth_url = http://controller:5000/v3/ auth_type = password \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent","title":"Cyborg"},{"location":"install/openEuler-22.09/OpenStack-yoga/#aodh","text":"Aodh\u53ef\u4ee5\u6839\u636e\u7531Ceilometer\u6216\u8005Gnocchi\u6536\u96c6\u7684\u76d1\u63a7\u6570\u636e\u521b\u5efa\u544a\u8b66\uff0c\u5e76\u8bbe\u7f6e\u89e6\u53d1\u89c4\u5219\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh\u3002 dnf install openstack-aodh-api openstack-aodh-evaluator \\ openstack-aodh-notifier openstack-aodh-listener \\ openstack-aodh-expirer python3-aodhclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/aodh/aodh.conf [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u540c\u6b65\u6570\u636e\u5e93\u3002 aodh-dbsync \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service \\ openstack-aodh-notifier.service openstack-aodh-listener.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service \\ openstack-aodh-notifier.service openstack-aodh-listener.service","title":"Aodh"},{"location":"install/openEuler-22.09/OpenStack-yoga/#gnocchi","text":"Gnocchi\u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u65f6\u95f4\u5e8f\u5217\u6570\u636e\u5e93\uff0c\u53ef\u4ee5\u5bf9\u63a5Ceilometer\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi\u3002 dnf install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. # coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u540c\u6b65\u6570\u636e\u5e93\u3002 gnocchi-upgrade \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service","title":"Gnocchi"},{"location":"install/openEuler-22.09/OpenStack-yoga/#ceilometer","text":"Ceilometer\u662fOpenStack\u4e2d\u8d1f\u8d23\u6570\u636e\u6536\u96c6\u7684\u670d\u52a1\u3002 Controller\u8282\u70b9 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer\u8f6f\u4ef6\u5305\u3002 dnf install openstack-ceilometer-notification openstack-ceilometer-central \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/pipeline.yaml\u3002 publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/ceilometer.conf\u3002 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u6570\u636e\u5e93\u540c\u6b65\u3002 ceilometer-upgrade \u5b8c\u6210\u63a7\u5236\u8282\u70b9Ceilometer\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Compute\u8282\u70b9 \u5b89\u88c5Ceilometer\u8f6f\u4ef6\u5305\u3002 dnf install openstack-ceilometer-compute dnf install openstack-ceilometer-ipmi # \u53ef\u9009 \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/ceilometer.conf\u3002 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_url = http://controller:5000 project_domain_id = default user_domain_id = default auth_type = password username = ceilometer project_name = service password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/nova/nova.conf\u3002 [DEFAULT] instance_usage_audit = True instance_usage_audit_period = hour [notifications] notify_on_state_change = vm_and_task_state [oslo_messaging_notifications] driver = messagingv2 \u5b8c\u6210\u5b89\u88c5\u3002 systemctl enable openstack-ceilometer-compute.service systemctl start openstack-ceilometer-compute.service systemctl enable openstack-ceilometer-ipmi.service # \u53ef\u9009 systemctl start openstack-ceilometer-ipmi.service # \u53ef\u9009 # \u91cd\u542fnova-compute\u670d\u52a1 systemctl restart openstack-nova-compute.service","title":"Ceilometer"},{"location":"install/openEuler-22.09/OpenStack-yoga/#heat","text":"Heat\u662f OpenStack \u81ea\u52a8\u7f16\u6392\u670d\u52a1\uff0c\u57fa\u4e8e\u63cf\u8ff0\u6027\u7684\u6a21\u677f\u6765\u7f16\u6392\u590d\u5408\u4e91\u5e94\u7528\uff0c\u4e5f\u79f0\u4e3a Orchestration Service \u3002Heat \u7684\u5404\u670d\u52a1\u4e00\u822c\u5b89\u88c5\u5728 Controller \u8282\u70b9\u4e0a\u3002 Controller\u8282\u70b9 \u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE heat; MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 source ~/.admin-openrc openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f \u521b\u5efa heat domain openstack domain create --description \"Stack projects and users\" heat \u5728 heat domain\u4e0b\u521b\u5efa heat_domain_admin \u7528\u6237\uff0c\u5e76\u8bb0\u4e0b\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6e\u4e0b\u9762\u7684 HEAT_DOMAIN_PASS openstack user create --domain heat --password-prompt heat_domain_admin \u4e3a heat_domain_admin \u7528\u6237\u589e\u52a0 admin \u89d2\u8272 openstack role add --domain heat --user-domain heat --user heat_domain_admin admin \u521b\u5efa heat_stack_owner \u89d2\u8272 openstack role create heat_stack_owner \u521b\u5efa heat_stack_user \u89d2\u8272 openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service","title":"Heat"},{"location":"install/openEuler-22.09/OpenStack-yoga/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 Controller\u8282\u70b9 \uff1a \u5b89\u88c5Tempest dnf install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Yoga\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a dnf install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin","title":"Tempest"},{"location":"install/openEuler-22.09/OpenStack-yoga/#openstack-sigoos","text":"oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 oos\u5de5\u5177\u5728\u4e0d\u65ad\u6f14\u8fdb\uff0c\u517c\u5bb9\u6027\u3001\u53ef\u7528\u6027\u4e0d\u80fd\u65f6\u523b\u4fdd\u8bc1\uff0c\u5efa\u8bae\u4f7f\u7528\u5df2\u9a8c\u8bc1\u7684\u672c\u7248\uff0c\u8fd9\u91cc\u9009\u62e9 1.0.6 pip install openstack-sig-tool==1.0.6 \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff0cAK/SK\u662f\u7528\u6237\u7684\u534e\u4e3a\u4e91\u767b\u5f55\u5bc6\u94a5\uff0c\u5176\u4ed6\u914d\u7f6e\u4fdd\u6301\u9ed8\u8ba4\u5373\u53ef\uff08\u9ed8\u8ba4\u4f7f\u7528\u65b0\u52a0\u5761region\uff09\uff0c\u9700\u8981\u63d0\u524d\u5728\u4e91\u4e0a\u521b\u5efa\u5bf9\u5e94\u7684\u8d44\u6e90\uff0c\u5305\u62ec\uff1a \u4e00\u4e2a\u5b89\u5168\u7ec4\uff0c\u540d\u5b57\u9ed8\u8ba4\u662f oos \u4e00\u4e2aopenEuler\u955c\u50cf\uff0c\u540d\u79f0\u683c\u5f0f\u662fopenEuler-%(release)s-%(arch)s\uff0c\u4f8b\u5982 openEuler-22.09-arm64 \u4e00\u4e2aVPC\uff0c\u540d\u79f0\u662f oos_vpc \u8be5VPC\u4e0b\u9762\u4e24\u4e2a\u5b50\u7f51\uff0c\u540d\u79f0\u662f oos_subnet1 \u3001 oos_subnet2 [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668(\u53ea\u5728openEuler LTS\u4e0a\u652f\u6301) \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.09\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.09 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r yoga \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u6267\u884ctempest\u6d4b\u8bd5 \u7528\u6237\u53ef\u4ee5\u4f7f\u7528oos\u81ea\u52a8\u6267\u884c\uff1a oos env test test-oos \u4e5f\u53ef\u4ee5\u624b\u52a8\u767b\u5f55\u76ee\u6807\u8282\u70b9\uff0c\u8fdb\u5165\u6839\u76ee\u5f55\u4e0b\u7684 mytest \u76ee\u5f55\uff0c\u624b\u52a8\u6267\u884c tempest run \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u8df3\u8fc7\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u5728\u7b2c4\u6b65\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 \u88ab\u7eb3\u7ba1\u7684\u865a\u673a\u9700\u8981\u4fdd\u8bc1\uff1a \u81f3\u5c11\u6709\u4e00\u5f20\u7ed9oos\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e neutron_dataplane_interface_name \u81f3\u5c11\u6709\u4e00\u5757\u7ed9oos\u4f7f\u7528\u7684\u786c\u76d8\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e cinder_block_device \u5982\u679c\u8981\u90e8\u7f72swift\u670d\u52a1\uff0c\u5219\u9700\u8981\u65b0\u589e\u4e00\u5757\u786c\u76d8\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e swift_storage_devices # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.09 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"\u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u90e8\u7f72"},{"location":"install/openEuler-22.09/OpenStack-yoga/#openstack-sigopensd","text":"opensd\u7528\u4e8e\u6279\u91cf\u5730\u811a\u672c\u5316\u90e8\u7f72openstack\u5404\u7ec4\u4ef6\u670d\u52a1\u3002","title":"\u57fa\u4e8eOpenStack SIG\u90e8\u7f72\u5de5\u5177opensd\u90e8\u7f72"},{"location":"install/openEuler-22.09/OpenStack-yoga/#_7","text":"","title":"\u90e8\u7f72\u6b65\u9aa4"},{"location":"install/openEuler-22.09/OpenStack-yoga/#1","text":"\u88c5\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u9700\u5c06selinux\u8bbe\u7f6e\u4e3adisable \u88c5\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u5c06/etc/ssh/sshd_config\u914d\u7f6e\u6587\u4ef6\u5185\u7684UseDNS\u8bbe\u7f6e\u4e3ano \u64cd\u4f5c\u7cfb\u7edf\u8bed\u8a00\u5fc5\u987b\u8bbe\u7f6e\u4e3a\u82f1\u6587 \u90e8\u7f72\u4e4b\u524d\u8bf7\u786e\u4fdd\u6240\u6709\u8ba1\u7b97\u8282\u70b9/etc/hosts\u6587\u4ef6\u5185\u6ca1\u6709\u5bf9\u8ba1\u7b97\u4e3b\u673a\u7684\u89e3\u6790","title":"1. \u90e8\u7f72\u524d\u9700\u8981\u786e\u8ba4\u7684\u4fe1\u606f"},{"location":"install/openEuler-22.09/OpenStack-yoga/#2-ceph-pool","text":"\u4e0d\u4f7f\u7528ceph\u6216\u5df2\u6709ceph\u96c6\u7fa4\u53ef\u5ffd\u7565\u6b64\u6b65\u9aa4 \u5728\u4efb\u610f\u4e00\u53f0ceph monitor\u8282\u70b9\u6267\u884c:","title":"2. ceph pool\u4e0e\u8ba4\u8bc1\u521b\u5efa\uff08\u53ef\u9009\uff09"},{"location":"install/openEuler-22.09/OpenStack-yoga/#21-pool","text":"ceph osd pool create volumes 2048 ceph osd pool create images 2048","title":"2.1 \u521b\u5efapool:"},{"location":"install/openEuler-22.09/OpenStack-yoga/#22-pool","text":"rbd pool init volumes rbd pool init images","title":"2.2 \u521d\u59cb\u5316pool"},{"location":"install/openEuler-22.09/OpenStack-yoga/#23","text":"ceph auth get-or-create client.glance mon 'profile rbd' osd 'profile rbd pool=images' mgr 'profile rbd pool=images' ceph auth get-or-create client.cinder mon 'profile rbd' osd 'profile rbd pool=volumes, profile rbd pool=images' mgr 'profile rbd pool=volumes'","title":"2.3 \u521b\u5efa\u7528\u6237\u8ba4\u8bc1"},{"location":"install/openEuler-22.09/OpenStack-yoga/#3-lvm","text":"\u6839\u636e\u7269\u7406\u673a\u78c1\u76d8\u914d\u7f6e\u4e0e\u95f2\u7f6e\u60c5\u51b5\uff0c\u4e3amysql\u6570\u636e\u76ee\u5f55\u6302\u8f7d\u989d\u5916\u7684\u78c1\u76d8\u7a7a\u95f4\u3002\u793a\u4f8b\u5982\u4e0b\uff08\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u505a\u914d\u7f6e\uff09\uff1a fdisk -l Disk /dev/sdd: 479.6 GB, 479559942144 bytes, 936640512 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes Disk label type: dos Disk identifier: 0x000ed242 \u521b\u5efa\u5206\u533a parted /dev/sdd mkparted 0 -1 \u521b\u5efapv partprobe /dev/sdd1 pvcreate /dev/sdd1 \u521b\u5efa\u3001\u6fc0\u6d3bvg vgcreate vg_mariadb /dev/sdd1 vgchange -ay vg_mariadb \u67e5\u770bvg\u5bb9\u91cf vgdisplay --- Volume group --- VG Name vg_mariadb System ID Format lvm2 Metadata Areas 1 Metadata Sequence No 2 VG Access read/write VG Status resizable MAX LV 0 Cur LV 1 Open LV 1 Max PV 0 Cur PV 1 Act PV 1 VG Size 446.62 GiB PE Size 4.00 MiB Total PE 114335 Alloc PE / Size 114176 / 446.00 GiB Free PE / Size 159 / 636.00 MiB VG UUID bVUmDc-VkMu-Vi43-mg27-TEkG-oQfK-TvqdEc \u521b\u5efalv lvcreate -L 446G -n lv_mariadb vg_mariadb \u683c\u5f0f\u5316\u78c1\u76d8\u5e76\u83b7\u53d6\u5377\u7684UUID mkfs.ext4 /dev/mapper/vg_mariadb-lv_mariadb blkid /dev/mapper/vg_mariadb-lv_mariadb /dev/mapper/vg_mariadb-lv_mariadb: UUID=\"98d513eb-5f64-4aa5-810e-dc7143884fa2\" TYPE=\"ext4\" \u6ce8\uff1a98d513eb-5f64-4aa5-810e-dc7143884fa2\u4e3a\u5377\u7684UUID \u6302\u8f7d\u78c1\u76d8 mount /dev/mapper/vg_mariadb-lv_mariadb /var/lib/mysql rm -rf /var/lib/mysql/*","title":"3. \u914d\u7f6elvm\uff08\u53ef\u9009\uff09"},{"location":"install/openEuler-22.09/OpenStack-yoga/#4-yum-repo","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"4. \u914d\u7f6eyum repo"},{"location":"install/openEuler-22.09/OpenStack-yoga/#41-yum","text":"mkdir /etc/yum.repos.d/bak/ mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak/","title":"4.1 \u5907\u4efdyum\u6e90"},{"location":"install/openEuler-22.09/OpenStack-yoga/#42-yum-repo","text":"cat > /etc/yum.repos.d/opensd.repo << EOF [epol] name=epol baseurl=http://repo.openeuler.org/openEuler-22.09/EPOL/main/$basearch/ enabled=1 gpgcheck=0 [everything] name=everything baseurl=http://repo.openeuler.org/openEuler-22.09/$basearch/ enabled=1 gpgcheck=0 EOF","title":"4.2 \u914d\u7f6eyum repo"},{"location":"install/openEuler-22.09/OpenStack-yoga/#43-yum","text":"yum clean all yum makecache","title":"4.3 \u66f4\u65b0yum\u7f13\u5b58"},{"location":"install/openEuler-22.09/OpenStack-yoga/#5-opensd","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"5. \u5b89\u88c5opensd"},{"location":"install/openEuler-22.09/OpenStack-yoga/#51-opensd","text":"git clone https://gitee.com/openeuler/opensd cd opensd python3 setup.py install","title":"5.1 \u514b\u9686opensd\u6e90\u7801\u5e76\u5b89\u88c5"},{"location":"install/openEuler-22.09/OpenStack-yoga/#6-ssh","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"6. \u505assh\u4e92\u4fe1"},{"location":"install/openEuler-22.09/OpenStack-yoga/#61","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u5e76\u4e00\u8def\u56de\u8f66 ssh-keygen","title":"6.1 \u751f\u6210\u5bc6\u94a5\u5bf9"},{"location":"install/openEuler-22.09/OpenStack-yoga/#62-ip","text":"\u5728auto_ssh_host_ip\u4e2d\u914d\u7f6e\u6240\u6709\u7528\u5230\u7684\u4e3b\u673aip, \u793a\u4f8b\uff1a cd /usr/local/share/opensd/tools/ vim auto_ssh_host_ip 10.0.0.1 10.0.0.2 ... 10.0.0.10","title":"6.2 \u751f\u6210\u4e3b\u673aIP\u5730\u5740\u6587\u4ef6"},{"location":"install/openEuler-22.09/OpenStack-yoga/#63","text":"\u5c06\u514d\u5bc6\u811a\u672c /usr/local/bin/opensd-auto-ssh \u5185123123\u66ff\u6362\u4e3a\u4e3b\u673a\u771f\u5b9e\u5bc6\u7801 # \u66ff\u6362\u811a\u672c\u5185123123\u5b57\u7b26\u4e32 vim /usr/local/bin/opensd-auto-ssh ## \u5b89\u88c5expect\u540e\u6267\u884c\u811a\u672c dnf install expect -y opensd-auto-ssh","title":"6.3 \u66f4\u6539\u5bc6\u7801\u5e76\u6267\u884c\u811a\u672c"},{"location":"install/openEuler-22.09/OpenStack-yoga/#64-ceph-monitor","text":"ssh-copy-id root@x.x.x.x","title":"6.4 \u90e8\u7f72\u8282\u70b9\u4e0eceph monitor\u505a\u4e92\u4fe1\uff08\u53ef\u9009\uff09"},{"location":"install/openEuler-22.09/OpenStack-yoga/#7-opensd","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"7. \u914d\u7f6eopensd"},{"location":"install/openEuler-22.09/OpenStack-yoga/#71","text":"\u5b89\u88c5 python3-pbr, python3-utils, python3-pyyaml, python3-oslo-utils\u5e76\u968f\u673a\u751f\u6210\u5bc6\u7801 dnf install python3-pbr python3-utils python3-pyyaml python3-oslo-utils -y # \u6267\u884c\u547d\u4ee4\u751f\u6210\u5bc6\u7801 opensd-genpwd # \u68c0\u67e5\u5bc6\u7801\u662f\u5426\u751f\u6210 cat /usr/local/share/opensd/etc_examples/opensd/passwords.yml","title":"7.1 \u751f\u6210\u968f\u673a\u5bc6\u7801"},{"location":"install/openEuler-22.09/OpenStack-yoga/#72-inventory","text":"\u4e3b\u673a\u4fe1\u606f\u5305\u542b\uff1a\u4e3b\u673a\u540d\u3001ansible_host IP\u3001availability_zone\uff0c\u4e09\u8005\u5747\u9700\u914d\u7f6e\u7f3a\u4e00\u4e0d\u53ef\uff0c\u793a\u4f8b\uff1a vim /usr/local/share/opensd/ansible/inventory/multinode # \u4e09\u53f0\u63a7\u5236\u8282\u70b9\u4e3b\u673a\u4fe1\u606f [control] controller1 ansible_host=10.0.0.35 availability_zone=az01.cell01.cn-yogadev-1 controller2 ansible_host=10.0.0.36 availability_zone=az01.cell01.cn-yogadev-1 controller3 ansible_host=10.0.0.37 availability_zone=az01.cell01.cn-yogadev-1 # \u7f51\u7edc\u8282\u70b9\u4fe1\u606f\uff0c\u4e0e\u63a7\u5236\u8282\u70b9\u4fdd\u6301\u4e00\u81f4 [network] controller1 ansible_host=10.0.0.35 availability_zone=az01.cell01.cn-yogadev-1 controller2 ansible_host=10.0.0.36 availability_zone=az01.cell01.cn-yogadev-1 controller3 ansible_host=10.0.0.37 availability_zone=az01.cell01.cn-yogadev-1 # cinder-volume\u670d\u52a1\u8282\u70b9\u4fe1\u606f [storage] storage1 ansible_host=10.0.0.61 availability_zone=az01.cell01.cn-yogadev-1 storage2 ansible_host=10.0.0.78 availability_zone=az01.cell01.cn-yogadev-1 storage3 ansible_host=10.0.0.82 availability_zone=az01.cell01.cn-yogadev-1 # Cell1 \u96c6\u7fa4\u4fe1\u606f [cell-control-cell1] cell1 ansible_host=10.0.0.24 availability_zone=az01.cell01.cn-yogadev-1 cell2 ansible_host=10.0.0.25 availability_zone=az01.cell01.cn-yogadev-1 cell3 ansible_host=10.0.0.26 availability_zone=az01.cell01.cn-yogadev-1 [compute-cell1] compute1 ansible_host=10.0.0.27 availability_zone=az01.cell01.cn-yogadev-1 compute2 ansible_host=10.0.0.28 availability_zone=az01.cell01.cn-yogadev-1 compute3 ansible_host=10.0.0.29 availability_zone=az01.cell01.cn-yogadev-1 [cell1:children] cell-control-cell1 compute-cell1 # Cell2\u96c6\u7fa4\u4fe1\u606f [cell-control-cell2] cell4 ansible_host=10.0.0.36 availability_zone=az03.cell02.cn-yogadev-1 cell5 ansible_host=10.0.0.37 availability_zone=az03.cell02.cn-yogadev-1 cell6 ansible_host=10.0.0.38 availability_zone=az03.cell02.cn-yogadev-1 [compute-cell2] compute4 ansible_host=10.0.0.39 availability_zone=az03.cell02.cn-yogadev-1 compute5 ansible_host=10.0.0.40 availability_zone=az03.cell02.cn-yogadev-1 compute6 ansible_host=10.0.0.41 availability_zone=az03.cell02.cn-yogadev-1 [cell2:children] cell-control-cell2 compute-cell2 [baremetal] [compute-cell1-ironic] # \u586b\u5199\u6240\u6709cell\u96c6\u7fa4\u7684control\u4e3b\u673a\u7ec4 [nova-conductor:children] cell-control-cell1 cell-control-cell2 # \u586b\u5199\u6240\u6709cell\u96c6\u7fa4\u7684compute\u4e3b\u673a\u7ec4 [nova-compute:children] compute-added compute-cell1 compute-cell2 # \u4e0b\u9762\u7684\u4e3b\u673a\u7ec4\u4fe1\u606f\u4e0d\u9700\u53d8\u52a8\uff0c\u4fdd\u7559\u5373\u53ef [compute-added] [chrony-server:children] control [pacemaker:children] control ...... ......","title":"7.2 \u914d\u7f6einventory\u6587\u4ef6"},{"location":"install/openEuler-22.09/OpenStack-yoga/#73","text":"\u6ce8: \u6587\u6863\u4e2d\u63d0\u5230\u7684\u6709\u6ce8\u91ca\u914d\u7f6e\u9879\u9700\u8981\u66f4\u6539\uff0c\u5176\u4ed6\u53c2\u6570\u4e0d\u9700\u8981\u66f4\u6539\uff0c\u82e5\u65e0\u76f8\u5173\u914d\u7f6e\u5219\u4e3a\u7a7a vim /usr/local/share/opensd/etc_examples/opensd/globals.yml ######################## # Network & Base options ######################## network_interface: \"eth0\" #\u7ba1\u7406\u7f51\u7edc\u7684\u7f51\u5361\u540d\u79f0 neutron_external_interface: \"eth1\" #\u4e1a\u52a1\u7f51\u7edc\u7684\u7f51\u5361\u540d\u79f0 cidr_netmask: 24 #\u7ba1\u7406\u7f51\u7684\u63a9\u7801 opensd_vip_address: 10.0.0.33 #\u63a7\u5236\u8282\u70b9\u865a\u62dfIP\u5730\u5740 cell1_vip_address: 10.0.0.34 #cell1\u96c6\u7fa4\u7684\u865a\u62dfIP\u5730\u5740 cell2_vip_address: 10.0.0.35 #cell2\u96c6\u7fa4\u7684\u865a\u62dfIP\u5730\u5740 external_fqdn: \"\" #\u7528\u4e8evnc\u8bbf\u95ee\u865a\u62df\u673a\u7684\u5916\u7f51\u57df\u540d\u5730\u5740 external_ntp_servers: [] #\u5916\u90e8ntp\u670d\u52a1\u5668\u5730\u5740 yumrepo_host: #yum\u6e90\u7684IP\u5730\u5740 yumrepo_port: #yum\u6e90\u7aef\u53e3\u53f7 environment: #yum\u6e90\u7684\u7c7b\u578b upgrade_all_packages: \"yes\" #\u662f\u5426\u5347\u7ea7\u6240\u6709\u5b89\u88c5\u7248\u7684\u7248\u672c(\u6267\u884cyum upgrade)\uff0c\u521d\u59cb\u90e8\u7f72\u8d44\u6e90\u8bf7\u8bbe\u7f6e\u4e3a\"yes\" enable_miner: \"no\" #\u662f\u5426\u5f00\u542f\u90e8\u7f72miner\u670d\u52a1 enable_chrony: \"no\" #\u662f\u5426\u5f00\u542f\u90e8\u7f72chrony\u670d\u52a1 enable_pri_mariadb: \"no\" #\u662f\u5426\u4e3a\u79c1\u6709\u4e91\u90e8\u7f72mariadb enable_hosts_file_modify: \"no\" # \u6269\u5bb9\u8ba1\u7b97\u8282\u70b9\u548c\u90e8\u7f72ironic\u670d\u52a1\u7684\u65f6\u5019\uff0c\u662f\u5426\u5c06\u8282\u70b9\u4fe1\u606f\u6dfb\u52a0\u5230`/etc/hosts` ######################## # Available zone options ######################## az_cephmon_compose: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az01\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az01\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az02\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az02\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az03\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az03\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: # `reserve_vcpu_based_on_numa`\u914d\u7f6e\u4e3a`yes` or `no`,\u4e3e\u4f8b\u8bf4\u660e\uff1a NUMA node0 CPU(s): 0-15,32-47 NUMA node1 CPU(s): 16-31,48-63 \u5f53reserve_vcpu_based_on_numa: \"yes\", \u6839\u636enuma node, \u5e73\u5747\u6bcf\u4e2anode\u9884\u7559vcpu: vcpu_pin_set = 2-15,34-47,18-31,50-63 \u5f53reserve_vcpu_based_on_numa: \"no\", \u4ece\u7b2c\u4e00\u4e2avcpu\u5f00\u59cb\uff0c\u987a\u5e8f\u9884\u7559vcpu: vcpu_pin_set = 8-64 ####################### # Nova options ####################### nova_reserved_host_memory_mb: 2048 #\u8ba1\u7b97\u8282\u70b9\u7ed9\u8ba1\u7b97\u670d\u52a1\u9884\u7559\u7684\u5185\u5b58\u5927\u5c0f enable_cells: \"yes\" #cell\u8282\u70b9\u662f\u5426\u5355\u72ec\u8282\u70b9\u90e8\u7f72 support_gpu: \"False\" #cell\u8282\u70b9\u662f\u5426\u6709GPU\u670d\u52a1\u5668\uff0c\u5982\u679c\u6709\u5219\u4e3aTrue\uff0c\u5426\u5219\u4e3aFalse ####################### # Neutron options ####################### monitor_ip: - 10.0.0.9 #\u914d\u7f6e\u76d1\u63a7\u8282\u70b9 - 10.0.0.10 enable_meter_full_eip: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8EIP\u5168\u91cf\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter_port_forwarding: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8port forwarding\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter_ecs_ipv6: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8ecs_ipv6\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter: True #\u914d\u7f6e\u662f\u5426\u5f00\u542f\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue is_sdn_arch: False #\u914d\u7f6e\u662f\u5426\u662fsdn\u67b6\u6784\uff0c\u9ed8\u8ba4\u4e3aFalse # \u9ed8\u8ba4\u4f7f\u80fd\u7684\u7f51\u7edc\u7c7b\u578b\u662fvlan,vlan\u548cvxlan\u4e24\u79cd\u7c7b\u578b\u53ea\u80fd\u4e8c\u9009\u4e00. enable_vxlan_network_type: False # \u9ed8\u8ba4\u4f7f\u80fd\u7684\u7f51\u7edc\u7c7b\u578b\u662fvlan,\u5982\u679c\u4f7f\u7528vxlan\u7f51\u7edc\uff0c\u914d\u7f6e\u4e3aTrue, \u5982\u679c\u4f7f\u7528vlan\u7f51\u7edc\uff0c\u914d\u7f6e\u4e3aFalse. enable_neutron_fwaas: False # \u73af\u5883\u6709\u4f7f\u7528\u9632\u706b\u5899, \u8bbe\u7f6e\u4e3aTrue, \u4f7f\u80fd\u9632\u62a4\u5899\u529f\u80fd. # Neutron provider neutron_provider_networks: network_types: \"{{ 'vxlan' if enable_vxlan_network_type else 'vlan' }}\" network_vlan_ranges: \"default:xxx:xxx\" #\u90e8\u7f72\u4e4b\u524d\u89c4\u5212\u7684\u4e1a\u52a1\u7f51\u7edcvlan\u8303\u56f4 network_mappings: \"default:br-provider\" network_interface: \"{{ neutron_external_interface }}\" network_vxlan_ranges: \"\" #\u90e8\u7f72\u4e4b\u524d\u89c4\u5212\u7684\u4e1a\u52a1\u7f51\u7edcvxlan\u8303\u56f4 # \u5982\u4e0b\u8fd9\u4e9b\u914d\u7f6e\u662fSND\u63a7\u5236\u5668\u7684\u914d\u7f6e\u53c2\u6570, `enable_sdn_controller`\u8bbe\u7f6e\u4e3aTrue, \u4f7f\u80fdSND\u63a7\u5236\u5668\u529f\u80fd. # \u5176\u4ed6\u53c2\u6570\u8bf7\u6839\u636e\u90e8\u7f72\u4e4b\u524d\u7684\u89c4\u5212\u548cSDN\u90e8\u7f72\u4fe1\u606f\u786e\u5b9a. enable_sdn_controller: False sdn_controller_ip_address: # SDN\u63a7\u5236\u5668ip\u5730\u5740 sdn_controller_username: # SDN\u63a7\u5236\u5668\u7684\u7528\u6237\u540d sdn_controller_password: # SDN\u63a7\u5236\u5668\u7684\u7528\u6237\u5bc6\u7801 ####################### # Dimsagent options ####################### enable_dimsagent: \"no\" # \u5b89\u88c5\u955c\u50cf\u670d\u52a1agent, \u9700\u8981\u6539\u4e3ayes # Address and domain name for s2 s3_address_domain_pair: - host_ip: host_name: ####################### # Trove options ####################### enable_trove: \"no\" #\u5b89\u88c5trove \u9700\u8981\u6539\u4e3ayes #default network trove_default_neutron_networks: #trove \u7684\u7ba1\u7406\u7f51\u7edcid `openstack network list|grep -w trove-mgmt|awk '{print$2}'` #s3 setup(\u5982\u679c\u6ca1\u6709s3,\u4ee5\u4e0b\u503c\u586bnull) s3_endpoint_host_ip: #s3\u7684ip s3_endpoint_host_name: #s3\u7684\u57df\u540d s3_endpoint_url: #s3\u7684url \u00b7\u4e00\u822c\u4e3ahttp\uff1a//s3\u57df\u540d s3_access_key: #s3\u7684ak s3_secret_key: #s3\u7684sk ####################### # Ironic options ####################### enable_ironic: \"no\" #\u662f\u5426\u5f00\u673a\u88f8\u91d1\u5c5e\u90e8\u7f72\uff0c\u9ed8\u8ba4\u4e0d\u5f00\u542f ironic_neutron_provisioning_network_uuid: ironic_neutron_cleaning_network_uuid: \"{{ ironic_neutron_provisioning_network_uuid }}\" ironic_dnsmasq_interface: ironic_dnsmasq_dhcp_range: ironic_tftp_server_address: \"{{ hostvars[inventory_hostname]['ansible_' + ironic_dnsmasq_interface]['ipv4']['address'] }}\" # \u4ea4\u6362\u673a\u8bbe\u5907\u76f8\u5173\u4fe1\u606f neutron_ml2_conf_genericswitch: genericswitch:xxxxxxx: device_type: ngs_mac_address: ip: username: password: ngs_port_default_vlan: # Package state setting haproxy_package_state: \"present\" mariadb_package_state: \"present\" rabbitmq_package_state: \"present\" memcached_package_state: \"present\" ceph_client_package_state: \"present\" keystone_package_state: \"present\" glance_package_state: \"present\" cinder_package_state: \"present\" nova_package_state: \"present\" neutron_package_state: \"present\" miner_package_state: \"present\"","title":"7.3 \u914d\u7f6e\u5168\u5c40\u53d8\u91cf"},{"location":"install/openEuler-22.09/OpenStack-yoga/#74-ssh","text":"dnf install ansible -y ansible all -i /usr/local/share/opensd/ansible/inventory/multinode -m ping # \u6267\u884c\u7ed3\u679c\u663e\u793a\u6bcf\u53f0\u4e3b\u673a\u90fd\u662f\"SUCCESS\"\u5373\u8bf4\u660e\u8fde\u63a5\u72b6\u6001\u6ca1\u95ee\u9898,\u793a\u4f8b\uff1a compute1 | SUCCESS => { \"ansible_facts\": { \"discovered_interpreter_python\": \"/usr/bin/python\" }, \"changed\": false, \"ping\": \"pong\" }","title":"7.4 \u68c0\u67e5\u6240\u6709\u8282\u70b9ssh\u8fde\u63a5\u72b6\u6001"},{"location":"install/openEuler-22.09/OpenStack-yoga/#8","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"8. \u6267\u884c\u90e8\u7f72"},{"location":"install/openEuler-22.09/OpenStack-yoga/#81-bootstrap","text":"# \u6267\u884c\u90e8\u7f72 opensd -i /usr/local/share/opensd/ansible/inventory/multinode bootstrap --forks 50","title":"8.1 \u6267\u884cbootstrap"},{"location":"install/openEuler-22.09/OpenStack-yoga/#82","text":"\u6ce8\uff1a\u6267\u884c\u91cd\u542f\u7684\u539f\u56e0\u662f:bootstrap\u53ef\u80fd\u4f1a\u5347\u5185\u6838,\u66f4\u6539selinux\u914d\u7f6e\u6216\u8005\u6709GPU\u670d\u52a1\u5668,\u5982\u679c\u88c5\u673a\u8fc7\u7a0b\u5df2\u7ecf\u662f\u65b0\u7248\u5185\u6838,selinux disable\u6216\u8005\u6ca1\u6709GPU\u670d\u52a1\u5668,\u5219\u4e0d\u9700\u8981\u6267\u884c\u8be5\u6b65\u9aa4 # \u624b\u52a8\u91cd\u542f\u5bf9\u5e94\u8282\u70b9,\u6267\u884c\u547d\u4ee4 init6 # \u91cd\u542f\u5b8c\u6210\u540e\uff0c\u518d\u6b21\u68c0\u67e5\u8fde\u901a\u6027 ansible all -i /usr/local/share/opensd/ansible/inventory/multinode -m ping # \u91cd\u542f\u5b8c\u540e\u64cd\u4f5c\u7cfb\u7edf\u540e\uff0c\u518d\u6b21\u542f\u52a8yum\u6e90","title":"8.2 \u91cd\u542f\u670d\u52a1\u5668"},{"location":"install/openEuler-22.09/OpenStack-yoga/#83","text":"opensd -i /usr/local/share/opensd/ansible/inventory/multinode prechecks --forks 50","title":"8.3 \u6267\u884c\u90e8\u7f72\u524d\u68c0\u67e5"},{"location":"install/openEuler-22.09/OpenStack-yoga/#84","text":"ln -s /usr/bin/python3 /usr/bin/python \u5168\u91cf\u90e8\u7f72\uff1a opensd -i /usr/local/share/opensd/ansible/inventory/multinode deploy --forks 50 \u5355\u670d\u52a1\u90e8\u7f72\uff1a opensd -i /usr/local/share/opensd/ansible/inventory/multinode deploy --forks 50 -t service_name","title":"8.4 \u6267\u884c\u90e8\u7f72"},{"location":"install/openEuler-22.09/OpenStack-yoga/#openstack-helm","text":"","title":"\u57fa\u4e8eOpenStack helm\u90e8\u7f72"},{"location":"install/openEuler-22.09/OpenStack-yoga/#_8","text":"OpenStack-Helm \u662f\u4e00\u4e2a\u7528\u6765\u5141\u8bb8\u7528\u6237\u5728 Kubernetes \u4e0a\u90e8\u7f72 OpenStack \u7ec4\u4ef6\u7684\u9879\u76ee\u3002\u8be5\u9879\u76ee\u63d0\u4f9b\u4e86 OpenStack \u5404\u4e2a\u7ec4\u4ef6\u7684 Helm Chart\uff0c\u5e76\u63d0\u4f9b\u4e86\u4e00\u7cfb\u5217\u811a\u672c\u6765\u4f9b\u7528\u6237\u5b8c\u6210\u5b89\u88c5\u6d41\u7a0b\u3002 OpenStack-Helm \u8f83\u4e3a\u590d\u6742\uff0c\u5efa\u8bae\u5728\u4e00\u4e2a\u65b0\u7cfb\u7edf\u4e0a\u90e8\u7f72\u3002\u6574\u4e2a\u90e8\u7f72\u5c06\u5360\u7528\u7ea6 30GB \u7684\u78c1\u76d8\u7a7a\u95f4\u3002\u5b89\u88c5\u65f6\u8bf7\u4f7f\u7528 root \u7528\u6237\u3002","title":"\u7b80\u4ecb"},{"location":"install/openEuler-22.09/OpenStack-yoga/#_9","text":"\u5728\u5f00\u59cb\u5b89\u88c5 OpenStack-Helm \u524d\uff0c\u53ef\u80fd\u9700\u8981\u5bf9\u7cfb\u7edf\u8fdb\u884c\u4e00\u4e9b\u57fa\u7840\u8bbe\u7f6e\uff0c\u5305\u62ec\u4e3b\u673a\u540d\u548c\u65f6\u95f4\u7b49\u3002\u8bf7\u53c2\u8003\u201c\u57fa\u4e8eRPM\u90e8\u7f72\u201d\u7ae0\u8282\u7684\u6709\u5173\u4fe1\u606f\u3002 openEuler 22.09 \u4e2d\u5df2\u7ecf\u5305\u542b\u4e86 OpenStack-Helm \u8f6f\u4ef6\u5305\u3002\u9996\u5148\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u548c\u8865\u4e01\uff1a dnf install openstack-helm openstack-helm-infra openstack-helm-images loci \u8fd9\u91cc\u5b89\u88c5\u7684\u662f\u539f\u751fopenstack-helm\uff0c\u9ed8\u8ba4\u4e0d\u652f\u6301openEuler\uff0c\u56e0\u6b64\u5982\u679c\u60f3\u5728openEuler\u4e0a\u4f7f\u7528openstack-helm\uff0c\u8fd8\u9700\u8981\u5b89\u88c5plugin\u63d2\u4ef6\uff0c\u672c\u7ae0\u8282\u662f\u5bf9plugin\u7684\u4f7f\u7528\u8bf4\u660e\u3002 dnf install openstack-plugin-openstack-helm-openeuler-support","title":"\u524d\u7f6e\u8bbe\u7f6e"},{"location":"install/openEuler-22.09/OpenStack-yoga/#_10","text":"OpenStack-Helm \u5b89\u88c5\u6587\u4ef6\u5c06\u88ab\u653e\u7f6e\u5230\u7cfb\u7edf\u7684 /usr/share/openstack-helm \u76ee\u5f55\u3002 openEuler \u63d0\u4f9b\u7684\u8f6f\u4ef6\u5305\u4e2d\u5305\u542b\u4e00\u4e2a\u7b80\u6613\u7684\u5b89\u88c5\u5411\u5bfc\u7a0b\u5e8f\uff0c\u4f4d\u4e8e /usr/bin/openstack-helm \u3002\u6267\u884c\u547d\u4ee4\u8fdb\u5165\u5411\u5bfc\u7a0b\u5e8f\uff1a openstack-helm Welcome to OpenStack-Helm installation program for openEuler. I will guide you through the installation. Please refer to https://docs.openstack.org/openstack-helm/latest/ to get more information about OpenStack-Helm. We recommend doing this on a new bare metal or virtual OS installation. Now you have the following options: i: Start automated installation c: Check if all pods in Kubernetes are working e: Exit Your choice? [i/c/e]: \u8f93\u5165 i \u5e76\u70b9\u51fb\u56de\u8f66\u8fdb\u5165\u4e0b\u4e00\u7ea7\u9875\u9762\uff1a Welcome to OpenStack-Helm installation program for openEuler. I will guide you through the installation. Please refer to https://docs.openstack.org/openstack-helm/latest/ to get more information about OpenStack-Helm. We recommend doing this on a new bare metal or virtual OS installation. Now you have the following options: i: Start automated installation c: Check if all pods in Kubernetes are working e: Exit Your choice? [i/c/e]: i There are two storage backends available for OpenStack-Helm: NFS and CEPH. Which storage backend would you like to use? n: NFS storage backend c: CEPH storage backend b: Go back to parent menu Your choice? [n/c/b]: OpenStack-Helm \u63d0\u4f9b\u4e86\u4e24\u79cd\u5b58\u50a8\u65b9\u6cd5\uff1a NFS \u548c Ceph \u3002\u7528\u6237\u53ef\u6839\u636e\u9700\u8981\u8f93\u5165 n \u6765\u9009\u62e9 NFS \u5b58\u50a8\u540e\u7aef\u6216\u8005 c \u6765\u9009\u62e9 Ceph \u5b58\u50a8\u540e\u7aef\u3002 \u9009\u62e9\u5b8c\u6210\u5b58\u50a8\u540e\u7aef\u540e\uff0c\u7528\u6237\u5c06\u6709\u673a\u4f1a\u5b8c\u6210\u786e\u8ba4\u3002\u6536\u5230\u63d0\u793a\u65f6\uff0c\u6309\u4e0b\u56de\u8f66\u4ee5\u5f00\u59cb\u5b89\u88c5\u3002\u5b89\u88c5\u8fc7\u7a0b\u4e2d\uff0c\u7a0b\u5e8f\u5c06\u987a\u5e8f\u6267\u884c\u4e00\u7cfb\u5217\u5b89\u88c5\u811a\u672c\u4ee5\u5b8c\u6210\u90e8\u7f72\u3002\u8fd9\u4e00\u8fc7\u7a0b\u53ef\u80fd\u9700\u8981\u6301\u7eed\u51e0\u5341\u5206\u949f\uff0c\u5b89\u88c5\u8fc7\u7a0b\u4e2d\u8bf7\u786e\u4fdd\u78c1\u76d8\u7a7a\u95f4\u5145\u8db3\u4ee5\u53ca\u4e92\u8054\u7f51\u8fde\u63a5\u7545\u901a\u3002 \u5b89\u88c5\u8fc7\u7a0b\u4e2d\u6267\u884c\u5230\u7684\u811a\u672c\u4f1a\u5c06\u4e00\u4e9b Helm Chart \u90e8\u7f72\u5230\u7cfb\u7edf\u4e0a\u3002\u7531\u4e8e\u76ee\u6807\u7cfb\u7edf\u73af\u5883\u590d\u6742\u591a\u53d8\uff0c\u67d0\u4e9b\u7279\u5b9a\u7684 Helm Chart \u53ef\u80fd\u65e0\u6cd5\u987a\u5229\u88ab\u90e8\u7f72\u3002\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u60a8\u4f1a\u6ce8\u610f\u5230\u8f93\u51fa\u4fe1\u606f\u7684\u6700\u540e\u5305\u542b\u7b49\u5f85 Pod \u5c31\u4f4d\u4f46\u8d85\u65f6\u7684\u63d0\u793a\u3002\u82e5\u53d1\u751f\u6b64\u7c7b\u73b0\u8c61\uff0c\u60a8\u53ef\u80fd\u9700\u8981\u901a\u8fc7\u4e0b\u4e00\u8282\u7ed9\u51fa\u7684\u624b\u52a8\u5b89\u88c5\u65b9\u6cd5\u6765\u5b9a\u4f4d\u95ee\u9898\u6240\u5728\u3002 \u82e5\u60a8\u672a\u89c2\u5bdf\u5230\u4e0a\u8ff0\u7684\u73b0\u8c61\uff0c\u5219\u606d\u559c\u60a8\u5b8c\u6210\u4e86\u90e8\u7f72\u3002\u8bf7\u53c2\u8003\u201c\u4f7f\u7528 OpenStack-Helm\u201d\u4e00\u8282\u6765\u5f00\u59cb\u4f7f\u7528\u3002","title":"\u81ea\u52a8\u5b89\u88c5"},{"location":"install/openEuler-22.09/OpenStack-yoga/#_11","text":"\u82e5\u60a8\u5728\u81ea\u52a8\u5b89\u88c5\u7684\u8fc7\u7a0b\u4e2d\u9047\u5230\u4e86\u9519\u8bef\uff0c\u6216\u8005\u5e0c\u671b\u624b\u52a8\u5b89\u88c5\u6765\u63a7\u5236\u6574\u4e2a\u5b89\u88c5\u6d41\u7a0b\uff0c\u60a8\u53ef\u4ee5\u53c2\u7167\u4ee5\u4e0b\u987a\u5e8f\u6267\u884c\u5b89\u88c5\u6d41\u7a0b\uff1a cd /usr/share/openstack-helm/openstack-helm #\u57fa\u4e8e NFS ./tools/deployment/developer/common/010-deploy-k8s.sh ./tools/deployment/developer/common/020-setup-client.sh ./tools/deployment/developer/common/030-ingress.sh ./tools/deployment/developer/nfs/040-nfs-provisioner.sh ./tools/deployment/developer/nfs/050-mariadb.sh ./tools/deployment/developer/nfs/060-rabbitmq.sh ./tools/deployment/developer/nfs/070-memcached.sh ./tools/deployment/developer/nfs/080-keystone.sh ./tools/deployment/developer/nfs/090-heat.sh ./tools/deployment/developer/nfs/100-horizon.sh ./tools/deployment/developer/nfs/120-glance.sh ./tools/deployment/developer/nfs/140-openvswitch.sh ./tools/deployment/developer/nfs/150-libvirt.sh ./tools/deployment/developer/nfs/160-compute-kit.sh ./tools/deployment/developer/nfs/170-setup-gateway.sh #\u6216\u8005\u57fa\u4e8e Ceph ./tools/deployment/developer/common/010-deploy-k8s.sh ./tools/deployment/developer/common/020-setup-client.sh ./tools/deployment/developer/common/030-ingress.sh ./tools/deployment/developer/ceph/040-ceph.sh ./tools/deployment/developer/ceph/050-mariadb.sh ./tools/deployment/developer/ceph/060-rabbitmq.sh ./tools/deployment/developer/ceph/070-memcached.sh ./tools/deployment/developer/ceph/080-keystone.sh ./tools/deployment/developer/ceph/090-heat.sh ./tools/deployment/developer/ceph/100-horizon.sh ./tools/deployment/developer/ceph/120-glance.sh ./tools/deployment/developer/ceph/140-openvswitch.sh ./tools/deployment/developer/ceph/150-libvirt.sh ./tools/deployment/developer/ceph/160-compute-kit.sh ./tools/deployment/developer/ceph/170-setup-gateway.sh \u5b89\u88c5\u5b8c\u6210\u540e\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528 kubectl get pods -A \u6765\u67e5\u770b\u5f53\u524d\u7cfb\u7edf\u4e0a\u7684 Pod \u7684\u8fd0\u884c\u60c5\u51b5\u3002","title":"\u624b\u52a8\u5b89\u88c5"},{"location":"install/openEuler-22.09/OpenStack-yoga/#openstack-helm_1","text":"\u7cfb\u7edf\u90e8\u7f72\u5b8c\u6210\u540e\uff0cOpenStack CLI \u754c\u9762\u5c06\u88ab\u90e8\u7f72\u5728 /usr/local/bin/openstack \u3002\u53c2\u7167\u4e0b\u9762\u7684\u4f8b\u5b50\u6765\u4f7f\u7528 OpenStack CLI\uff1a export OS_CLOUD=openstack_helm export OS_USERNAME='admin' export OS_PASSWORD='password' export OS_PROJECT_NAME='admin' export OS_PROJECT_DOMAIN_NAME='default' export OS_USER_DOMAIN_NAME='default' export OS_AUTH_URL='http://keystone.openstack.svc.cluster.local/v3' openstack service list openstack stack list \u5f53\u7136\uff0c\u60a8\u4e5f\u53ef\u4ee5\u901a\u8fc7 Web \u754c\u9762\u6765\u8bbf\u95ee OpenStack \u7684\u63a7\u5236\u9762\u677f\u3002Horizon Dashboard \u4f4d\u4e8e http://localhost:31000 \uff0c\u4f7f\u7528\u4ee5\u4e0b\u51ed\u636e\u767b\u5f55\uff1a Domain\uff1a default User Name\uff1a admin Password\uff1a password \u6b64\u65f6\uff0c\u60a8\u5e94\u5f53\u53ef\u4ee5\u770b\u5230\u719f\u6089\u7684 OpenStack \u63a7\u5236\u9762\u677f\u4e86\u3002","title":"\u4f7f\u7528 OpenStack-Helm"},{"location":"install/openEuler-22.09/OpenStack-yoga/#_12","text":"","title":"\u65b0\u7279\u6027\u7684\u5b89\u88c5"},{"location":"install/openEuler-22.09/OpenStack-yoga/#kollaisula","text":"Kolla\u662fOpenStack\u57fa\u4e8eDocker\u548cansible\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u65b9\u6848\uff0c\u5305\u542b\u4e86Kolla\u548cKolla-ansible\u4e24\u4e2a\u9879\u76ee\u3002Kolla\u662f\u5bb9\u5668\u955c\u50cf\u5236\u4f5c\u5de5\u5177\uff0cKolla-ansible\u662f\u5bb9\u5668\u955c\u50cf\u90e8\u7f72\u5de5\u5177\u3002\u5176\u4e2dKolla-ansible\u53ea\u652f\u6301\u5728openEuler LTS\u4e0a\u4f7f\u7528\uff0copenEuler\u521b\u65b0\u7248\u6682\u4e0d\u652f\u6301\u3002\u4f7f\u7528openEuler 22.09\uff0c\u7528\u6237\u53ef\u4ee5\u57fa\u4e8eKolla\u5236\u4f5c\u76f8\u5e94\u7684\u5bb9\u5668\u955c\u50cf\u3002\u540c\u65f6OpenStack SIG\u5728openEuler 22.09\u4e2d\u65b0\u589e\u4e86Kolla\u5bf9iSula\u8fd0\u884c\u65f6\u7684\u652f\u6301\uff0c\u5177\u4f53\u6b65\u9aa4\u5982\u4e0b\uff1a \u5b89\u88c5Kolla dnf install openstack-kolla docker \u5b89\u88c5\u5b8c\u6210\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-build \u547d\u4ee4\u5236\u4f5c\u57fa\u4e8eDocker\u5bb9\u5668\u955c\u50cf\u4e86\uff0c\u975e\u5e38\u7b80\u5355\uff0c\u5982\u679c\u7528\u6237\u60f3\u5c1d\u8bd5\u57fa\u4e8eisula\u7684\u65b9\u5f0f\uff0c\u53ef\u4ee5\u7ee7\u7eed\u64cd\u4f5c \u5b89\u88c5OpenStack iSula\u63d2\u4ef6 dnf install openstack-plugin-kolla-isula-support \u542f\u52a8isula-build\u670d\u52a1 \u7b2c\u4e8c\u6b65\u4f1a\u81ea\u52a8\u5b89\u88c5iSulad\u548cisula-builder\u670d\u52a1\uff0cisulad\u4f1a\u81ea\u52a8\u542f\u52a8\uff0c\u4f46isula-builder\u4e0d\u5bf9\uff0c\u9700\u8981\u624b\u52a8\u62c9\u8d77 systemctl start isula-builder \u914d\u7f6ekolla \u5728 kolla.conf \u4e2d\u7684[Default]\u91cc\u65b0\u589e base_runtime vim /etc/kolla/kolla.conf base_runtime=isula \u81f3\u6b64\u5b89\u88c5\u5b8c\u6210\uff0c\u4f7f\u7528 kolla-build \u5373\u53ef\u57fa\u4e8eisula\u5236\u4f5c\u955c\u50cf\u4e86\uff0c\u6267\u884c\u5b8c\u540e\uff0c\u6267\u884c isula images \u67e5\u770b\u955c\u50cf\u3002","title":"Kolla\u652f\u6301iSula"},{"location":"install/openEuler-22.09/OpenStack-yoga/#nova_1","text":"\u9ad8\u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u7279\u6027\u662fOpenStack SIG\u5728openEuler 22.09\u4e2d\u57fa\u4e8eOpenStack Yoga\u5f00\u53d1\u7684Nova\u7279\u6027\uff0c\u8be5\u7279\u6027\u5141\u8bb8\u7528\u6237\u6307\u5b9a\u865a\u62df\u673a\u7684\u4f18\u5148\u7ea7\uff0c\u57fa\u4e8e\u4e0d\u540c\u7684\u4f18\u5148\u7ea7\uff0cOpenStack\u81ea\u52a8\u5206\u914d\u4e0d\u540c\u7684\u7ed1\u6838\u7b56\u7565\uff0c\u914d\u5408openEuler\u81ea\u7814\u7684 skylark QOS\u670d\u52a1\uff0c\u5b9e\u73b0\u9ad8\u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u5bf9\u8d44\u6e90\u7684\u5408\u7406\u4f7f\u7528\u3002\u5177\u4f53\u7ec6\u8282\u53ef\u4ee5\u53c2\u8003 \u7279\u6027\u6587\u6863 \u3002\u672c\u6587\u6863\u4e3b\u8981\u63cf\u8ff0\u5b89\u88c5\u6b65\u9aa4\u3002 \u6309\u7167\u524d\u9762\u7ae0\u8282\u90e8\u7f72\u597d\u4e00\u5957OpenStack\u73af\u5883\uff08\u975e\u5bb9\u5668\uff09\uff0c\u7136\u540e\u5148\u5b89\u88c5plugin\u3002 dnf install openstack-plugin-priority-vm \u914d\u7f6e\u6570\u636e\u5e93 \u672c\u7279\u6027\u5bf9Nova\u7684\u6570\u636e\u8868\u8fdb\u884c\u4e86\u6269\u5145\uff0c\u56e0\u6b64\u9700\u8981\u540c\u6b65\u6570\u636e\u5e93 nova-manage api_db sync nova-manage db sync \u91cd\u542fnova\u670d\u52a1 \u5728\u63a7\u5236\u8282\u70b9\u548c\u8ba1\u7b97\u8282\u70b9\u5206\u522b\u6267\u884c systemctl restart openstack-nova-*","title":"Nova\u652f\u6301\u9ad8\u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u7279\u6027"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/","text":"OpenStack Antelope \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack Antelope \u90e8\u7f72\u6307\u5357 \u57fa\u4e8eRPM\u90e8\u7f72 \u73af\u5883\u51c6\u5907 \u65f6\u949f\u540c\u6b65 \u5b89\u88c5\u6570\u636e\u5e93 \u5b89\u88c5\u6d88\u606f\u961f\u5217 \u5b89\u88c5\u7f13\u5b58\u670d\u52a1 \u90e8\u7f72\u670d\u52a1 Keystone Glance Placement Nova Neutron Cinder Horizon Ironic Trove Swift Cyborg Aodh Gnocchi Ceilometer Heat Tempest \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u90e8\u7f72 \u672c\u6587\u6863\u662f openEuler OpenStack SIG \u7f16\u5199\u7684\u57fa\u4e8e openEuler 24.03 LTS \u7684 OpenStack \u90e8\u7f72\u6307\u5357\uff0c\u5185\u5bb9\u7531 SIG \u8d21\u732e\u8005\u63d0\u4f9b\u3002\u5728\u9605\u8bfb\u8fc7\u7a0b\u4e2d\uff0c\u5982\u679c\u60a8\u6709\u4efb\u4f55\u7591\u95ee\u6216\u8005\u53d1\u73b0\u4efb\u4f55\u95ee\u9898\uff0c\u8bf7 \u8054\u7cfb SIG\u7ef4\u62a4\u4eba\u5458\uff0c\u6216\u8005\u76f4\u63a5 \u63d0\u4ea4issue \u7ea6\u5b9a \u672c\u7ae0\u8282\u63cf\u8ff0\u6587\u6863\u4e2d\u7684\u4e00\u4e9b\u901a\u7528\u7ea6\u5b9a\u3002 \u540d\u79f0 \u5b9a\u4e49 RABBIT_PASS rabbitmq\u7684\u5bc6\u7801\uff0c\u7531\u7528\u6237\u8bbe\u7f6e\uff0c\u5728OpenStack\u5404\u4e2a\u670d\u52a1\u914d\u7f6e\u4e2d\u4f7f\u7528 CINDER_PASS cinder\u670d\u52a1keystone\u7528\u6237\u7684\u5bc6\u7801\uff0c\u5728cinder\u914d\u7f6e\u4e2d\u4f7f\u7528 CINDER_DBPASS cinder\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728cinder\u914d\u7f6e\u4e2d\u4f7f\u7528 KEYSTONE_DBPASS keystone\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728keystone\u914d\u7f6e\u4e2d\u4f7f\u7528 GLANCE_PASS glance\u670d\u52a1keystone\u7528\u6237\u7684\u5bc6\u7801\uff0c\u5728glance\u914d\u7f6e\u4e2d\u4f7f\u7528 GLANCE_DBPASS glance\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728glance\u914d\u7f6e\u4e2d\u4f7f\u7528 HEAT_PASS \u5728keystone\u6ce8\u518c\u7684heat\u7528\u6237\u5bc6\u7801\uff0c\u5728heat\u914d\u7f6e\u4e2d\u4f7f\u7528 HEAT_DBPASS heat\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728heat\u914d\u7f6e\u4e2d\u4f7f\u7528 CYBORG_PASS \u5728keystone\u6ce8\u518c\u7684cyborg\u7528\u6237\u5bc6\u7801\uff0c\u5728cyborg\u914d\u7f6e\u4e2d\u4f7f\u7528 CYBORG_DBPASS cyborg\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728cyborg\u914d\u7f6e\u4e2d\u4f7f\u7528 NEUTRON_PASS \u5728keystone\u6ce8\u518c\u7684neutron\u7528\u6237\u5bc6\u7801\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 NEUTRON_DBPASS neutron\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 PROVIDER_INTERFACE_NAME \u7269\u7406\u7f51\u7edc\u63a5\u53e3\u7684\u540d\u79f0\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 OVERLAY_INTERFACE_IP_ADDRESS Controller\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406ip\u5730\u5740\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 METADATA_SECRET metadata proxy\u7684secret\u5bc6\u7801\uff0c\u5728nova\u548cneutron\u914d\u7f6e\u4e2d\u4f7f\u7528 PLACEMENT_DBPASS placement\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728placement\u914d\u7f6e\u4e2d\u4f7f\u7528 PLACEMENT_PASS \u5728keystone\u6ce8\u518c\u7684placement\u7528\u6237\u5bc6\u7801\uff0c\u5728placement\u914d\u7f6e\u4e2d\u4f7f\u7528 NOVA_DBPASS nova\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728nova\u914d\u7f6e\u4e2d\u4f7f\u7528 NOVA_PASS \u5728keystone\u6ce8\u518c\u7684nova\u7528\u6237\u5bc6\u7801\uff0c\u5728nova,cyborg,neutron\u7b49\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_DBPASS ironic\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728ironic\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_PASS \u5728keystone\u6ce8\u518c\u7684ironic\u7528\u6237\u5bc6\u7801\uff0c\u5728ironic\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_INSPECTOR_DBPASS ironic-inspector\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728ironic-inspector\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_INSPECTOR_PASS \u5728keystone\u6ce8\u518c\u7684ironic-inspector\u7528\u6237\u5bc6\u7801\uff0c\u5728ironic-inspector\u914d\u7f6e\u4e2d\u4f7f\u7528 OpenStack SIG \u63d0\u4f9b\u4e86\u591a\u79cd\u57fa\u4e8e openEuler \u90e8\u7f72 OpenStack \u7684\u65b9\u6cd5\uff0c\u4ee5\u6ee1\u8db3\u4e0d\u540c\u7684\u7528\u6237\u573a\u666f\uff0c\u8bf7\u6309\u9700\u9009\u62e9\u3002 \u57fa\u4e8eRPM\u90e8\u7f72 \u00b6 \u73af\u5883\u51c6\u5907 \u00b6 \u672c\u6587\u6863\u57fa\u4e8eOpenStack\u7ecf\u5178\u7684\u4e09\u8282\u70b9\u73af\u5883\u8fdb\u884c\u90e8\u7f72\uff0c\u4e09\u4e2a\u8282\u70b9\u5206\u522b\u662f\u63a7\u5236\u8282\u70b9(Controller)\u3001\u8ba1\u7b97\u8282\u70b9(Compute)\u3001\u5b58\u50a8\u8282\u70b9(Storage)\uff0c\u5176\u4e2d\u5b58\u50a8\u8282\u70b9\u4e00\u822c\u53ea\u90e8\u7f72\u5b58\u50a8\u670d\u52a1\uff0c\u5728\u8d44\u6e90\u6709\u9650\u7684\u60c5\u51b5\u4e0b\uff0c\u53ef\u4ee5\u4e0d\u5355\u72ec\u90e8\u7f72\u8be5\u8282\u70b9\uff0c\u628a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u670d\u52a1\u90e8\u7f72\u5230\u8ba1\u7b97\u8282\u70b9\u5373\u53ef\u3002 \u9996\u5148\u51c6\u5907\u4e09\u4e2aopenEuler 24.03 LTS\u73af\u5883\uff0c\u6839\u636e\u60a8\u7684\u73af\u5883\uff0c\u4e0b\u8f7d\u5bf9\u5e94\u7684\u955c\u50cf\u5e76\u5b89\u88c5\u5373\u53ef\uff1a ISO\u955c\u50cf \u3001 qcow2\u955c\u50cf \u3002 \u4e0b\u9762\u7684\u5b89\u88c5\u6309\u7167\u5982\u4e0b\u62d3\u6251\u8fdb\u884c\uff1a controller\uff1a192.168.0.2 compute\uff1a 192.168.0.3 storage\uff1a 192.168.0.4 \u5982\u679c\u60a8\u7684\u73af\u5883IP\u4e0d\u540c\uff0c\u8bf7\u6309\u7167\u60a8\u7684\u73af\u5883IP\u4fee\u6539\u76f8\u5e94\u7684\u914d\u7f6e\u6587\u4ef6\u3002 \u672c\u6587\u6863\u7684\u4e09\u8282\u70b9\u670d\u52a1\u62d3\u6251\u5982\u4e0b\u56fe\u6240\u793a(\u53ea\u5305\u542bKeystone\u3001Glance\u3001Nova\u3001Cinder\u3001Neutron\u8fd9\u51e0\u4e2a\u6838\u5fc3\u670d\u52a1\uff0c\u5176\u4ed6\u670d\u52a1\u8bf7\u53c2\u8003\u5177\u4f53\u90e8\u7f72\u7ae0\u8282)\uff1a \u5728\u6b63\u5f0f\u90e8\u7f72\u4e4b\u524d\uff0c\u9700\u8981\u5bf9\u6bcf\u4e2a\u8282\u70b9\u505a\u5982\u4e0b\u914d\u7f6e\u548c\u68c0\u67e5\uff1a \u914d\u7f6e openEuler 24.03 LTS \u5b98\u65b9 yum \u6e90\uff0c\u9700\u8981\u542f\u7528 EPOL \u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301 OpenStack yum update yum install openstack-release-antelope yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-24.03-LTS/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-24.03-LTS/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u6bcf\u4e2a\u8282\u70b9\u5206\u522b\u4fee\u6539\u4e3b\u673a\u540d\uff0c\u4ee5controller\u4e3a\u4f8b\uff1a hostnamectl set-hostname controller vi /etc/hostname \u5185\u5bb9\u4fee\u6539\u4e3acontroller \u7136\u540e\u4fee\u6539\u6bcf\u4e2a\u8282\u70b9\u7684 /etc/hosts \u6587\u4ef6\uff0c\u65b0\u589e\u5982\u4e0b\u5185\u5bb9: 192.168.0.2 controller 192.168.0.3 compute 192.168.0.4 storage \u65f6\u949f\u540c\u6b65 \u00b6 \u96c6\u7fa4\u73af\u5883\u65f6\u523b\u8981\u6c42\u6bcf\u4e2a\u8282\u70b9\u7684\u65f6\u95f4\u4e00\u81f4\uff0c\u4e00\u822c\u7531\u65f6\u949f\u540c\u6b65\u8f6f\u4ef6\u4fdd\u8bc1\u3002\u672c\u6587\u4f7f\u7528 chrony \u8f6f\u4ef6\u3002\u6b65\u9aa4\u5982\u4e0b\uff1a Controller\u8282\u70b9 \uff1a \u5b89\u88c5\u670d\u52a1 dnf install chrony \u4fee\u6539 /etc/chrony.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u65b0\u589e\u4e00\u884c # \u8868\u793a\u5141\u8bb8\u54ea\u4e9bIP\u4ece\u672c\u8282\u70b9\u540c\u6b65\u65f6\u949f allow 192.168.0.0/24 \u91cd\u542f\u670d\u52a1 systemctl restart chronyd \u5176\u4ed6\u8282\u70b9 \u5b89\u88c5\u670d\u52a1 dnf install chrony \u4fee\u6539 /etc/chrony.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u65b0\u589e\u4e00\u884c # NTP_SERVER\u662fcontroller IP\uff0c\u8868\u793a\u4ece\u8fd9\u4e2a\u673a\u5668\u83b7\u53d6\u65f6\u95f4\uff0c\u8fd9\u91cc\u6211\u4eec\u586b192.168.0.2\uff0c\u6216\u8005\u5728`/etc/hosts`\u91cc\u914d\u7f6e\u597d\u7684controller\u540d\u5b57\u5373\u53ef\u3002 server NTP_SERVER iburst \u540c\u65f6\uff0c\u8981\u628a pool pool.ntp.org iburst \u8fd9\u4e00\u884c\u6ce8\u91ca\u6389\uff0c\u8868\u793a\u4e0d\u4ece\u516c\u7f51\u540c\u6b65\u65f6\u949f\u3002 \u91cd\u542f\u670d\u52a1 systemctl restart chronyd \u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u68c0\u67e5\u4e00\u4e0b\u7ed3\u679c\uff0c\u5728\u5176\u4ed6\u975econtroller\u8282\u70b9\u6267\u884c chronyc sources \uff0c\u8fd4\u56de\u7ed3\u679c\u7c7b\u4f3c\u5982\u4e0b\u5185\u5bb9\uff0c\u8868\u793a\u6210\u529f\u4ececontroller\u540c\u6b65\u65f6\u949f\u3002 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* 192.168.0.2 4 6 7 0 -1406ns[ +55us] +/- 16ms \u5b89\u88c5\u6570\u636e\u5e93 \u00b6 \u6570\u636e\u5e93\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528mariadb\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install mysql-config mariadb mariadb-server python3-PyMySQL \u65b0\u589e\u914d\u7f6e\u6587\u4ef6 /etc/my.cnf.d/openstack.cnf \uff0c\u5185\u5bb9\u5982\u4e0b [mysqld] bind-address = 192.168.0.2 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u542f\u52a8\u670d\u52a1\u5668 systemctl start mariadb \u521d\u59cb\u5316\u6570\u636e\u5e93\uff0c\u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef mysql_secure_installation \u793a\u4f8b\u5982\u4e0b\uff1a NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and haven't set the root password yet, you should just press enter here. Enter current password for root (enter for none): #\u8fd9\u91cc\u8f93\u5165\u5bc6\u7801\uff0c\u7531\u4e8e\u6211\u4eec\u662f\u521d\u59cb\u5316DB\uff0c\u76f4\u63a5\u56de\u8f66\u5c31\u884c OK, successfully used password, moving on... Setting the root password or using the unix_socket ensures that nobody can log into the MariaDB root user without the proper authorisation. You already have your root account protected, so you can safely answer 'n'. # \u8fd9\u91cc\u6839\u636e\u63d0\u793a\u8f93\u5165N Switch to unix_socket authentication [Y/n] N Enabled successfully! Reloading privilege tables.. ... Success! You already have your root account protected, so you can safely answer 'n'. # \u8f93\u5165Y\uff0c\u4fee\u6539\u5bc6\u7801 Change the root password? [Y/n] Y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. # \u8f93\u5165Y\uff0c\u5220\u9664\u533f\u540d\u7528\u6237 Remove anonymous users? [Y/n] Y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. # \u8f93\u5165Y\uff0c\u5173\u95edroot\u8fdc\u7a0b\u767b\u5f55\u6743\u9650 Disallow root login remotely? [Y/n] Y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. # \u8f93\u5165Y\uff0c\u5220\u9664test\u6570\u636e\u5e93 Remove test database and access to it? [Y/n] Y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. # \u8f93\u5165Y\uff0c\u91cd\u8f7d\u914d\u7f6e Reload privilege tables now? [Y/n] Y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. \u9a8c\u8bc1\uff0c\u6839\u636e\u7b2c\u56db\u6b65\u8bbe\u7f6e\u7684\u5bc6\u7801\uff0c\u68c0\u67e5\u662f\u5426\u80fd\u767b\u5f55mariadb mysql -uroot -p \u5b89\u88c5\u6d88\u606f\u961f\u5217 \u00b6 \u6d88\u606f\u961f\u5217\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528rabbitmq\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install rabbitmq-server \u542f\u52a8\u670d\u52a1 systemctl start rabbitmq-server \u914d\u7f6eopenstack\u7528\u6237\uff0c RABBIT_PASS \u662fopenstack\u670d\u52a1\u767b\u5f55\u6d88\u606f\u961f\u91cc\u7684\u5bc6\u7801\uff0c\u9700\u8981\u548c\u540e\u9762\u5404\u4e2a\u670d\u52a1\u7684\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\u3002 rabbitmqctl add_user openstack RABBIT_PASS rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5\u7f13\u5b58\u670d\u52a1 \u00b6 \u6d88\u606f\u961f\u5217\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528Memcached\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install memcached python3-memcached \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u542f\u52a8\u670d\u52a1 systemctl start memcached \u90e8\u7f72\u670d\u52a1 \u00b6 Keystone \u00b6 Keystone\u662fOpenStack\u63d0\u4f9b\u7684\u9274\u6743\u670d\u52a1\uff0c\u662f\u6574\u4e2aOpenStack\u7684\u5165\u53e3\uff0c\u63d0\u4f9b\u4e86\u79df\u6237\u9694\u79bb\u3001\u7528\u6237\u8ba4\u8bc1\u3001\u670d\u52a1\u53d1\u73b0\u7b49\u529f\u80fd\uff0c\u5fc5\u987b\u5b89\u88c5\u3002 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server \u6253\u5f00httpd.conf\u5e76\u914d\u7f6e #\u9700\u8981\u4fee\u6539\u7684\u914d\u7f6e\u6587\u4ef6\u8def\u5f84 vim /etc/httpd/conf/httpd.conf #\u4fee\u6539\u4ee5\u4e0b\u9879\uff0c\u5982\u679c\u6ca1\u6709\u5219\u65b0\u6dfb\u52a0 ServerName controller \u521b\u5efa\u8f6f\u94fe\u63a5 ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles \u9700\u8981\u5148\u5b89\u88c5python3-openstackclient dnf install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u00b6 Glance\u662fOpenStack\u63d0\u4f9b\u7684\u955c\u50cf\u670d\u52a1\uff0c\u8d1f\u8d23\u865a\u62df\u673a\u3001\u88f8\u673a\u955c\u50cf\u7684\u4e0a\u4f20\u4e0e\u4e0b\u8f7d\uff0c\u5fc5\u987b\u5b89\u88c5\u3002 Controller\u8282\u70b9 \uff1a \u521b\u5efa glance \u6570\u636e\u5e93\u5e76\u6388\u6743 mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521d\u59cb\u5316 glance \u8d44\u6e90\u5bf9\u8c61 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efa\u7528\u6237\u65f6\uff0c\u547d\u4ee4\u884c\u4f1a\u63d0\u793a\u8f93\u5165\u5bc6\u7801\uff0c\u8bf7\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u5bc6\u7801\uff0c\u4e0b\u6587\u6d89\u53ca\u5230 GLANCE_PASS \u7684\u5730\u65b9\u66ff\u6362\u6210\u8be5\u5bc6\u7801\u5373\u53ef\u3002 openstack user create --domain default --password-prompt glance User Password: Repeat User Password: \u6dfb\u52a0glance\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user glance admin \u521b\u5efaglance\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efaglance API\u670d\u52a1\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-glance \u4fee\u6539 glance \u914d\u7f6e\u6587\u4ef6 vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u5bfc\u5165\u73af\u5883\u53d8\u91cf sorce ~/.admin-openrcu \u4e0b\u8f7d\u955c\u50cf x86\u955c\u50cf\u4e0b\u8f7d\uff1a wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img arm\u955c\u50cf\u4e0b\u8f7d\uff1a wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-aarch64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Placement \u00b6 Placement\u662fOpenStack\u63d0\u4f9b\u7684\u8d44\u6e90\u8c03\u5ea6\u7ec4\u4ef6\uff0c\u4e00\u822c\u4e0d\u9762\u5411\u7528\u6237\uff0c\u7531Nova\u7b49\u7ec4\u4ef6\u8c03\u7528\uff0c\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\u3002 \u5b89\u88c5\u3001\u914d\u7f6ePlacement\u670d\u52a1\u524d\uff0c\u9700\u8981\u5148\u521b\u5efa\u76f8\u5e94\u7684\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548cAPI endpoints\u3002 \u521b\u5efa\u6570\u636e\u5e93 \u4f7f\u7528root\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\u670d\u52a1\uff1a mysql -u root -p \u521b\u5efaplacement\u6570\u636e\u5e93\uff1a MariaDB [(none)]> CREATE DATABASE placement; \u6388\u6743\u6570\u636e\u5e93\u8bbf\u95ee\uff1a MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; \u66ff\u6362 PLACEMENT_DBPASS \u4e3aplacement\u6570\u636e\u5e93\u8bbf\u95ee\u5bc6\u7801\u3002 \u9000\u51fa\u6570\u636e\u5e93\u8bbf\u95ee\u5ba2\u6237\u7aef\uff1a exit \u914d\u7f6e\u7528\u6237\u548cEndpoints source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u521b\u5efaplacement\u7528\u6237\u5e76\u8bbe\u7f6e\u7528\u6237\u5bc6\u7801\uff1a openstack user create --domain default --password-prompt placement User Password: Repeat User Password: \u6dfb\u52a0placement\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user placement admin \u521b\u5efaplacement\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name placement \\ --description \"Placement API\" placement \u521b\u5efaPlacement API\u670d\u52a1endpoints\uff1a openstack endpoint create --region RegionOne \\ placement public http://controller:8778 openstack endpoint create --region RegionOne \\ placement internal http://controller:8778 openstack endpoint create --region RegionOne \\ placement admin http://controller:8778 \u5b89\u88c5\u53ca\u914d\u7f6e\u7ec4\u4ef6 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a dnf install openstack-placement-api \u7f16\u8f91 /etc/placement/placement.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u5b8c\u6210\u5982\u4e0b\u64cd\u4f5c\uff1a \u5728 [placement_database] \u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1a [placement_database] connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement \u66ff\u6362 PLACEMENT_DBPASS \u4e3aplacement\u6570\u636e\u5e93\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u6570\u636e\u5e93\u540c\u6b65\uff0c\u586b\u5145Placement\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8\u670d\u52a1 \u91cd\u542fhttpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650 source ~/.admin-openrc \u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a placement-status upgrade check +----------------------------------------------------------------------+ | Upgrade Check Results | +----------------------------------------------------------------------+ | Check: Missing Root Provider IDs | | Result: Success | | Details: None | +----------------------------------------------------------------------+ | Check: Incomplete Consumers | | Result: Success | | Details: None | +----------------------------------------------------------------------+ | Check: Policy File JSON to YAML Migration | | Result: Failure | | Details: Your policy file is JSON-formatted which is deprecated. You | | need to switch to YAML-formatted file. Use the | | ``oslopolicy-convert-json-to-yaml`` tool to convert the | | existing JSON-formatted files to YAML in a backwards- | | compatible manner: https://docs.openstack.org/oslo.policy/ | | latest/cli/oslopolicy-convert-json-to-yaml.html. | +----------------------------------------------------------------------+ \u8fd9\u91cc\u53ef\u4ee5\u770b\u5230 Policy File JSON to YAML Migration \u7684\u7ed3\u679c\u4e3aFailure\u3002\u8fd9\u662f\u56e0\u4e3a\u5728Placement\u4e2d\uff0cJSON\u683c\u5f0f\u7684policy\u6587\u4ef6\u4eceWallaby\u7248\u672c\u5f00\u59cb\u5df2\u5904\u4e8e deprecated \u72b6\u6001\u3002\u53ef\u4ee5\u53c2\u8003\u63d0\u793a\uff0c\u4f7f\u7528 oslopolicy-convert-json-to-yaml \u5de5\u5177 \u5c06\u73b0\u6709\u7684JSON\u683c\u5f0fpolicy\u6587\u4ef6\u8f6c\u5316\u4e3aYAML\u683c\u5f0f\u3002 oslopolicy-convert-json-to-yaml --namespace placement \\ --policy-file /etc/placement/policy.json \\ --output-file /etc/placement/policy.yaml mv /etc/placement/policy.json{,.bak} \u6ce8\uff1a\u5f53\u524d\u73af\u5883\u4e2d\u6b64\u95ee\u9898\u53ef\u5ffd\u7565\uff0c\u4e0d\u5f71\u54cd\u8fd0\u884c\u3002 \u9488\u5bf9placement API\u8fd0\u884c\u547d\u4ee4\uff1a \u5b89\u88c5osc-placement\u63d2\u4ef6\uff1a dnf install python3-osc-placement \u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a openstack --os-placement-api-version 1.2 resource class list --sort-column name +----------------------------+ | name | +----------------------------+ | DISK_GB | | FPGA | | ... | openstack --os-placement-api-version 1.6 trait list --sort-column name +---------------------------------------+ | name | +---------------------------------------+ | COMPUTE_ACCELERATORS | | COMPUTE_ARCH_AARCH64 | | ... | Nova \u00b6 Nova\u662fOpenStack\u7684\u8ba1\u7b97\u670d\u52a1\uff0c\u8d1f\u8d23\u865a\u62df\u673a\u7684\u521b\u5efa\u3001\u53d1\u653e\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u521b\u5efa\u6570\u636e\u5e93 \u4f7f\u7528root\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\u670d\u52a1\uff1a mysql -u root -p \u521b\u5efa nova_api \u3001 nova \u548c nova_cell0 \u6570\u636e\u5e93\uff1a MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; \u6388\u6743\u6570\u636e\u5e93\u8bbf\u95ee\uff1a MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; \u66ff\u6362 NOVA_DBPASS \u4e3anova\u76f8\u5173\u6570\u636e\u5e93\u8bbf\u95ee\u5bc6\u7801\u3002 \u9000\u51fa\u6570\u636e\u5e93\u8bbf\u95ee\u5ba2\u6237\u7aef\uff1a exit \u914d\u7f6e\u7528\u6237\u548cEndpoints source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u521b\u5efanova\u7528\u6237\u5e76\u8bbe\u7f6e\u7528\u6237\u5bc6\u7801\uff1a openstack user create --domain default --password-prompt nova User Password: Repeat User Password: \u6dfb\u52a0nova\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user nova admin \u521b\u5efanova\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name nova \\ --description \"OpenStack Compute\" compute \u521b\u5efaNova API\u670d\u52a1endpoints\uff1a openstack endpoint create --region RegionOne \\ compute public http://controller:8774/v2.1 openstack endpoint create --region RegionOne \\ compute internal http://controller:8774/v2.1 openstack endpoint create --region RegionOne \\ compute admin http://controller:8774/v2.1 \u5b89\u88c5\u53ca\u914d\u7f6e\u7ec4\u4ef6 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a dnf install openstack-nova-api openstack-nova-conductor \\ openstack-nova-novncproxy openstack-nova-scheduler \u7f16\u8f91 /etc/nova/nova.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u5b8c\u6210\u5982\u4e0b\u64cd\u4f5c\uff1a \u5728 [default] \u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u4f7f\u7528controller\u8282\u70b9\u7ba1\u7406IP\u914d\u7f6emy_ip\uff0c\u663e\u5f0f\u5b9a\u4e49log_dir\uff1a [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 192.168.0.2 log_dir = /var/log/nova state_path = /var/lib/nova \u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002 \u5728 [api_database] \u548c [database] \u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1a [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova \u66ff\u6362 NOVA_DBPASS \u4e3anova\u76f8\u5173\u6570\u636e\u5e93\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u5728 [vnc] \u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1a [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip \u5728 [glance] \u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1a [glance] api_servers = http://controller:9292 \u5728 [oslo_concurrency] \u90e8\u5206\uff0c\u914d\u7f6elock path\uff1a [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\uff1a [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u6570\u636e\u5e93\u540c\u6b65\uff1a \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova \u542f\u52a8\u670d\u52a1 systemctl enable \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service Compute\u8282\u70b9 \u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-nova-compute \u7f16\u8f91 /etc/nova/nova.conf \u914d\u7f6e\u6587\u4ef6 \u5728 [default] \u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u4f7f\u7528Compute\u8282\u70b9\u7ba1\u7406IP\u914d\u7f6emy_ip\uff0c\u663e\u5f0f\u5b9a\u4e49compute_driver\u3001instances_path\u3001log_dir\uff1a [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 192.168.0.3 compute_driver = libvirt.LibvirtDriver instances_path = /var/lib/nova/instances log_dir = /var/log/nova \u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u5728 [vnc] \u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1a [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html \u5728 [glance] \u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1a [glance] api_servers = http://controller:9292 \u5728 [oslo_concurrency] \u90e8\u5206\uff0c\u914d\u7f6elock path\uff1a [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\uff1a [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86_64\uff09 \u5904\u7406\u5668\u4e3ax86_64\u67b6\u6784\u65f6\uff0c\u53ef\u901a\u8fc7\u8fd0\u884c\u5982\u4e0b\u547d\u4ee4\u786e\u8ba4\u662f\u5426\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662f\u9ed8\u8ba4\u7684KVM\u3002\u7f16\u8f91 /etc/nova/nova.conf \u7684 [libvirt] \u90e8\u5206\uff1a [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e\u3002 \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08arm64\uff09 \u5904\u7406\u5668\u4e3aarm64\u67b6\u6784\u65f6\uff0c\u53ef\u901a\u8fc7\u8fd0\u884c\u5982\u4e0b\u547d\u4ee4\u786e\u8ba4\u662f\u5426\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff1a virt-host-validate # \u8be5\u547d\u4ee4\u7531libvirt\u63d0\u4f9b\uff0c\u6b64\u65f6libvirt\u5e94\u5df2\u4f5c\u4e3aopenstack-nova-compute\u4f9d\u8d56\u88ab\u5b89\u88c5\uff0c\u73af\u5883\u4e2d\u5df2\u6709\u6b64\u547d\u4ee4 \u663e\u793aFAIL\u65f6\uff0c\u8868\u793a\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662f\u9ed8\u8ba4\u7684KVM\u3002 QEMU: Checking if device /dev/kvm exists: FAIL (Check that CPU and firmware supports virtualization and kvm module is loaded) \u7f16\u8f91 /etc/nova/nova.conf \u7684 [libvirt] \u90e8\u5206\uff1a [libvirt] virt_type = qemu \u663e\u793aPASS\u65f6\uff0c\u8868\u793a\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e\u3002 QEMU: Checking if device /dev/kvm exists: PASS \u914d\u7f6eqemu\uff08\u4ec5arm64\uff09 \u4ec5\u5f53\u5904\u7406\u5668\u4e3aarm64\u67b6\u6784\u65f6\u9700\u8981\u6267\u884c\u6b64\u64cd\u4f5c\u3002 \u7f16\u8f91 /etc/libvirt/qemu.conf : nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u7f16\u8f91 /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } \u542f\u52a8\u670d\u52a1 systemctl enable libvirtd.service openstack-nova-compute.service systemctl start libvirtd.service openstack-nova-compute.service Controller\u8282\u70b9 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u786e\u8ba4nova-compute\u670d\u52a1\u5df2\u8bc6\u522b\u5230\u6570\u636e\u5e93\u4e2d\uff1a openstack compute service list --service nova-compute \u53d1\u73b0\u8ba1\u7b97\u8282\u70b9\uff0c\u5c06\u8ba1\u7b97\u8282\u70b9\u6dfb\u52a0\u5230cell\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova \u7ed3\u679c\u5982\u4e0b\uff1a Modules with known eventlet monkey patching issues were imported prior to eventlet monkey patching: urllib3. This warning can usually be ignored if the caller is only importing and not executing nova code. Found 2 cell mappings. Skipping cell0 since it does not contain hosts. Getting computes from cell 'cell1': 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2 Checking host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e Creating host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e Found 1 unmapped computes in cell: 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2 \u9a8c\u8bc1 \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check Neutron \u00b6 Neutron\u662fOpenStack\u7684\u7f51\u7edc\u670d\u52a1\uff0c\u63d0\u4f9b\u865a\u62df\u4ea4\u6362\u673a\u3001IP\u8def\u7531\u3001DHCP\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u670d\u52a1\u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u7528\u6237\u548c\u670d\u52a1\uff0c\u5e76\u8bb0\u4f4f\u521b\u5efaneutron\u7528\u6237\u65f6\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6eNEUTRON_PASS\uff1a source ~/.admin-openrc openstack user create --domain default --password-prompt neutron openstack role add --project service --user neutron admin openstack service create --name neutron --description \"OpenStack Networking\" network \u90e8\u7f72 Neutron API \u670d\u52a1\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 openstack endpoint create --region RegionOne network internal http://controller:9696 openstack endpoint create --region RegionOne network admin http://controller:9696 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install -y openstack-neutron openstack-neutron-linuxbridge ebtables ipset openstack-neutron-ml2 3. \u914d\u7f6eNeutron \u4fee\u6539/etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron [DEFAULT] core_plugin = ml2 service_plugins = router allow_overlapping_ips = true transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = nova password = NOVA_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp [experimental] linuxbridge = true \u914d\u7f6eML2\uff0cML2\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge** \u4fee\u6539/etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u4fee\u6539/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u914d\u7f6eLayer-3\u4ee3\u7406 \u4fee\u6539/etc/neutron/l3_agent.ini [DEFAULT] interface_driver = linuxbridge \u914d\u7f6eDHCP\u4ee3\u7406 \u4fee\u6539/etc/neutron/dhcp_agent.ini [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u914d\u7f6emetadata\u4ee3\u7406 \u4fee\u6539/etc/neutron/metadata_agent.ini [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u914d\u7f6enova\u670d\u52a1\u4f7f\u7528neutron\uff0c\u4fee\u6539/etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542fnova api\u670d\u52a1 systemctl restart openstack-nova-api \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service systemctl start neutron-server.service neutron-linuxbridge-agent.service \\ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service Compute\u8282\u70b9 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-neutron-linuxbridge ebtables ipset -y \u914d\u7f6eNeutron \u4fee\u6539/etc/neutron/neutron.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u4fee\u6539/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u914d\u7f6enova compute\u670d\u52a1\u4f7f\u7528neutron\uff0c\u4fee\u6539/etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS \u91cd\u542fnova-compute\u670d\u52a1 systemctl restart openstack-nova-compute.service \u542f\u52a8Neutron linuxbridge agent\u670d\u52a1 systemctl enable neutron-linuxbridge-agent systemctl start neutron-linuxbridge-agent Cinder \u00b6 Cinder\u662fOpenStack\u7684\u5b58\u50a8\u670d\u52a1\uff0c\u63d0\u4f9b\u5757\u8bbe\u5907\u7684\u521b\u5efa\u3001\u53d1\u653e\u3001\u5907\u4efd\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \uff1a \u521d\u59cb\u5316\u6570\u636e\u5e93 CINDER_DBPASS \u662f\u7528\u6237\u81ea\u5b9a\u4e49\u7684cinder\u6570\u636e\u5e93\u5bc6\u7801\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u521d\u59cb\u5316Keystone\u8d44\u6e90\u5bf9\u8c61 source ~/.admin-openrc #\u521b\u5efa\u7528\u6237\u65f6\uff0c\u547d\u4ee4\u884c\u4f1a\u63d0\u793a\u8f93\u5165\u5bc6\u7801\uff0c\u8bf7\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u5bc6\u7801\uff0c\u4e0b\u6587\u6d89\u53ca\u5230`CINDER_PASS`\u7684\u5730\u65b9\u66ff\u6362\u6210\u8be5\u5bc6\u7801\u5373\u53ef\u3002 openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s 3. \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-cinder-api openstack-cinder-scheduler \u4fee\u6539cinder\u914d\u7f6e\u6587\u4ef6 /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 192.168.0.2 [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp \u6570\u636e\u5e93\u540c\u6b65 su -s /bin/sh -c \"cinder-manage db sync\" cinder \u4fee\u6539nova\u914d\u7f6e /etc/nova/nova.conf [cinder] os_region_name = RegionOne \u542f\u52a8\u670d\u52a1 systemctl restart openstack-nova-api systemctl start openstack-cinder-api openstack-cinder-scheduler Storage\u8282\u70b9 \uff1a Storage\u8282\u70b9\u8981\u63d0\u524d\u51c6\u5907\u81f3\u5c11\u4e00\u5757\u786c\u76d8\uff0c\u4f5c\u4e3acinder\u7684\u5b58\u50a8\u540e\u7aef\uff0c\u4e0b\u6587\u9ed8\u8ba4storage\u8282\u70b9\u5df2\u7ecf\u5b58\u5728\u4e00\u5757\u672a\u4f7f\u7528\u7684\u786c\u76d8\uff0c\u8bbe\u5907\u540d\u79f0\u4e3a /dev/sdb \uff0c\u7528\u6237\u5728\u914d\u7f6e\u8fc7\u7a0b\u4e2d\uff0c\u8bf7\u6309\u7167\u771f\u5b9e\u73af\u5883\u4fe1\u606f\u8fdb\u884c\u540d\u79f0\u66ff\u6362\u3002 Cinder\u652f\u6301\u5f88\u591a\u7c7b\u578b\u7684\u540e\u7aef\u5b58\u50a8\uff0c\u672c\u6307\u5bfc\u4f7f\u7528\u6700\u7b80\u5355\u7684lvm\u4e3a\u53c2\u8003\uff0c\u5982\u679c\u60a8\u60f3\u4f7f\u7528\u5982ceph\u7b49\u5176\u4ed6\u540e\u7aef\uff0c\u8bf7\u81ea\u884c\u914d\u7f6e\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils openstack-cinder-volume openstack-cinder-backup \u914d\u7f6elvm\u5377\u7ec4 pvcreate /dev/sdb vgcreate cinder-volumes /dev/sdb \u4fee\u6539cinder\u914d\u7f6e /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 192.168.0.4 enabled_backends = lvm glance_api_servers = http://controller:9292 [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = cinder password = CINDER_PASS [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver volume_group = cinder-volumes target_protocol = iscsi target_helper = lioadm [oslo_concurrency] lock_path = /var/lib/cinder/tmp \u914d\u7f6ecinder backup \uff08\u53ef\u9009\uff09 cinder-backup\u662f\u53ef\u9009\u7684\u5907\u4efd\u670d\u52a1\uff0ccinder\u540c\u6837\u652f\u6301\u5f88\u591a\u79cd\u5907\u4efd\u540e\u7aef\uff0c\u672c\u6587\u4f7f\u7528swift\u5b58\u50a8\uff0c\u5982\u679c\u60a8\u60f3\u4f7f\u7528\u5982NFS\u7b49\u540e\u7aef\uff0c\u8bf7\u81ea\u884c\u914d\u7f6e\uff0c\u4f8b\u5982\u53ef\u4ee5\u53c2\u8003 OpenStack\u5b98\u65b9\u6587\u6863 \u5bf9NFS\u7684\u914d\u7f6e\u8bf4\u660e\u3002 \u4fee\u6539 /etc/cinder/cinder.conf \uff0c\u5728 [DEFAULT] \u4e2d\u65b0\u589e [DEFAULT] backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver backup_swift_url = SWIFT_URL \u8fd9\u91cc\u7684 SWIFT_URL \u662f\u6307\u73af\u5883\u4e2dswift\u670d\u52a1\u7684URL\uff0c\u5728\u90e8\u7f72\u5b8cswift\u670d\u52a1\u540e\uff0c\u6267\u884c openstack catalog show object-store \u547d\u4ee4\u83b7\u53d6\u3002 \u542f\u52a8\u670d\u52a1 systemctl start openstack-cinder-volume target systemctl start openstack-cinder-backup (\u53ef\u9009) \u81f3\u6b64\uff0cCinder\u670d\u52a1\u7684\u90e8\u7f72\u5df2\u5168\u90e8\u5b8c\u6210\uff0c\u53ef\u4ee5\u5728controller\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u8fdb\u884c\u7b80\u5355\u7684\u9a8c\u8bc1 source ~/.admin-openrc openstack storage service list openstack volume list Horizon \u00b6 Horizon\u662fOpenStack\u63d0\u4f9b\u7684\u524d\u7aef\u9875\u9762\uff0c\u53ef\u4ee5\u8ba9\u7528\u6237\u901a\u8fc7\u7f51\u9875\u9f20\u6807\u7684\u64cd\u4f5c\u6765\u63a7\u5236OpenStack\u96c6\u7fa4\uff0c\u800c\u4e0d\u7528\u7e41\u7410\u7684CLI\u547d\u4ee4\u884c\u3002Horizon\u4e00\u822c\u90e8\u7f72\u5728\u63a7\u5236\u8282\u70b9\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-dashboard \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] OPENSTACK_KEYSTONE_URL = \"http://controller:5000/v3\" SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f\u670d\u52a1 systemctl restart httpd \u81f3\u6b64\uff0chorizon\u670d\u52a1\u7684\u90e8\u7f72\u5df2\u5168\u90e8\u5b8c\u6210\uff0c\u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165 http://192.168.0.2/dashboard \uff0c\u6253\u5f00horizon\u767b\u5f55\u9875\u9762\u3002 Ironic \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASS'; MariaDB [(none)]> exit Bye \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 \u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 \u66ff\u6362 IRONIC_PASS \u4e3aironic\u7528\u6237\u5bc6\u7801\uff0c IRONIC_INSPECTOR_PASS \u4e3aironic_inspector\u7528\u6237\u5bc6\u7801\u3002 openstack user create --password IRONIC_PASS \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASS --email ironic_inspector@example.com ironic-inspector openstack role add --project service --user ironic-inspector admin \u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal public http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal internal http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://192.168.0.2:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://192.168.0.2:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://192.168.0.2:5050/v1 \u5b89\u88c5\u7ec4\u4ef6 dnf install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf \u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASS \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQ LAlchemy connection string used to connect to the # database (string value) # connection = mysql+pymysql://ironic:IRONIC_DBPASS@DB_IP/ironic connection = mysql+pymysql://ironic:IRONIC_DBPASS@controller/ironic \u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) # transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq \u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASS \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s % (user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) # www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 www_authenticate_uri=http://controller:5000 # Complete admin Identity API endpoint. (string value) # auth_url=http://PRIVATE_IDENTITY_IP:5000 auth_url=http://controller:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASS # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none \u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema \u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 \u5982\u4e0b\u4e3aironic-conductor\u670d\u52a1\u81ea\u8eab\u7684\u6807\u51c6\u914d\u7f6e\uff0cironic-conductor\u670d\u52a1\u53ef\u4ee5\u4e0eironic-api\u670d\u52a1\u5206\u5e03\u4e8e\u4e0d\u540c\u8282\u70b9\uff0c\u672c\u6307\u5357\u4e2d\u5747\u90e8\u7f72\u4e0e\u63a7\u5236\u8282\u70b9\uff0c\u6240\u4ee5\u91cd\u590d\u7684\u914d\u7f6e\u9879\u53ef\u8df3\u8fc7\u3002 \u66ff\u6362\u4f7f\u7528conductor\u670d\u52a1\u6240\u5728host\u7684IP\u914d\u7f6emy_ip\uff1a [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) # my_ip=HOST_IP my_ip = 192.168.0.2 \u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASS \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASS@controller/ironic \u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq \u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c \u66ff\u6362IRONIC_PASS\u4e3aironic\u7528\u6237\u5bc6\u7801\u3002 [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASS # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public # \u5176\u4ed6\u53c2\u8003\u914d\u7f6e [glance] endpoint_override = http://controller:9292 www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 auth_type = password username = ironic password = IRONIC_PASS project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service [service_catalog] region_name = RegionOne project_domain_id = default user_domain_id = default project_name = service password = IRONIC_PASS username = ironic auth_url = http://controller:5000 auth_type = password \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] endpoint_override = <NEUTRON_API_ADDRESS> \u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 \u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u5b89\u88c5\u7ec4\u4ef6 dnf install openstack-ironic-inspector \u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASS'; MariaDB [(none)]> exit Bye \u914d\u7f6e /etc/ironic-inspector/inspector.conf \u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASS \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801 [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASS@controller/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 \u914d\u7f6e\u6d88\u606f\u961f\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s % (user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://controller:5000 www_authenticate_uri = http://controller:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = controller:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True \u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=192.168.0.40,192.168.0.50 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log \u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c \u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade \u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 dnf install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd deploy ramdisk\u955c\u50cf\u4e0b\u8f7d\u6216\u5236\u4f5c \u90e8\u7f72\u4e00\u4e2a\u88f8\u673a\u8282\u70b9\u603b\u5171\u9700\u8981\u4e24\u7ec4\u955c\u50cf\uff1adeploy ramdisk images\u548cuser images\u3002Deploy ramdisk images\u4e0a\u8fd0\u884c\u6709ironic-python-agent(IPA)\u670d\u52a1\uff0cIronic\u901a\u8fc7\u5b83\u8fdb\u884c\u88f8\u673a\u8282\u70b9\u7684\u73af\u5883\u51c6\u5907\u3002User images\u662f\u6700\u7ec8\u88ab\u5b89\u88c5\u88f8\u673a\u8282\u70b9\u4e0a\uff0c\u4f9b\u7528\u6237\u4f7f\u7528\u7684\u955c\u50cf\u3002 ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent-builder\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002\u82e5\u4f7f\u7528\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \uff0c\u540c\u65f6\u5b98\u65b9\u4e5f\u6709\u63d0\u4f9b\u5236\u4f5c\u597d\u7684deploy\u955c\u50cf\uff0c\u53ef\u5c1d\u8bd5\u4e0b\u8f7d\u3002 \u4e0b\u6587\u4ecb\u7ecd\u901a\u8fc7ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder dnf install python3-ironic-python-agent-builder \u6216 pip3 install ironic-python-agent-builder dnf install qemu-img git \u5236\u4f5c\u955c\u50cf \u57fa\u672c\u7528\u6cd5\uff1a usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--lzma] [--extra-args EXTRA_ARGS] [--elements-path ELEMENTS_PATH] distribution positional arguments: distribution Distribution to use options: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic-python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --lzma Use lzma compression for smaller images --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder --elements-path ELEMENTS_PATH Path(s) to custom DIB elements separated by a colon \u64cd\u4f5c\u5b9e\u4f8b\uff1a # -o\u9009\u9879\u6307\u5b9a\u751f\u6210\u7684\u955c\u50cf\u540d # ubuntu\u6307\u5b9a\u751f\u6210ubuntu\u7cfb\u7edf\u7684\u955c\u50cf ironic-python-agent-builder -o my-ubuntu-ipa ubuntu \u53ef\u901a\u8fc7\u8bbe\u7f6e ARCH \u73af\u5883\u53d8\u91cf\uff08\u9ed8\u8ba4\u4e3aamd64\uff09\u6307\u5b9a\u6240\u6784\u5efa\u955c\u50cf\u7684\u67b6\u6784\u3002\u5982\u679c\u662f arm \u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a export ARCH=aarch64 \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf,\u8bbe\u7f6e\u7528\u6237\u540d\u3001\u5bc6\u7801\uff0c\u542f\u7528 sodo \u6743\u9650\uff1b\u5e76\u6dfb\u52a0 -e \u9009\u9879\u4f7f\u7528\u76f8\u5e94\u7684DIB\u5143\u7d20\u3002\u5236\u4f5c\u955c\u50cf\u64cd\u4f5c\u5982\u4e0b\uff1a export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder -o my-ssh-ubuntu-ipa -e selinux-permissive -e devuser ubuntu \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=stable/2023.1 # \u6307\u5b9a\u672c\u5730\u4ed3\u5e93\u53ca\u5206\u652f DIB_REPOLOCATION_ironic_python_agent=/home/user/path/to/repo DIB_REPOREF_ironic_python_agent=my-test-branch ironic-python-agent-builder ubuntu \u53c2\u8003\uff1a source-repositories \u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\u3002 \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a \u5f53\u524d\u7248\u672c\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ ramdisk\u955c\u50cf\u4e2d\u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 \u7f16\u8f91/usr/lib/systemd/system/ironic-python-agent.service\u6587\u4ef6 [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target Trove \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2atrove\u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684trove\u6570\u636e\u5e93\uff0c\u66ff\u6362TROVE_DBPASS\u4e3a\u5408\u9002\u7684\u5bc6\u7801\u3002 CREATE DATABASE trove CHARACTER SET utf8; GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' IDENTIFIED BY 'TROVE_DBPASS'; GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' IDENTIFIED BY 'TROVE_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 # \u521b\u5efatrove\u7528\u6237 openstack user create --domain default --password-prompt trove # \u6dfb\u52a0admin\u89d2\u8272 openstack role add --project service --user trove admin # \u521b\u5efadatabase\u670d\u52a1 openstack service create --name trove --description \"Database service\" database \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5Trove\u3002 dnf install openstack-trove python-troveclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 \u7f16\u8f91/etc/trove/trove.conf\u3002 [DEFAULT] bind_host=192.168.0.2 log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver network_label_regex=.* management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] auth_url = http://controller:5000/v3/ auth_type = password project_domain_name = Default project_name = service user_domain_name = Default password = trove username = TROVE_PASS [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = trove password = TROVE_PASS [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u63a7\u5236\u8282\u70b9\u7684IP\u3002\\ transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801\u3002\\ [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f\u3002\\ Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801\u3002 \u7f16\u8f91/etc/trove/trove-guestagent.conf\u3002 [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df\u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a\u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002\\ transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801\u3002\\ Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801\u3002\\ \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 \u6570\u636e\u5e93\u540c\u6b65\u3002 su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-trove-api.service openstack-trove-taskmanager.service \\ openstack-trove-conductor.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Swift \u00b6 Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 Controller\u8282\u70b9 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 # \u521b\u5efaswift\u7528\u6237 openstack user create --domain default --password-prompt swift # \u6dfb\u52a0admin\u89d2\u8272 openstack role add --project service --user swift admin # \u521b\u5efa\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5Swift\u3002 dnf install openstack-swift-proxy python3-swiftclient python3-keystoneclient \\ python3-keystonemiddleware memcached \u914d\u7f6eproxy-server\u3002 Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cSWIFT_PASS\u5373\u53ef\u3002 vim /etc/swift/proxy-server.conf [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = swift password = SWIFT_PASS delay_auth_decision = True service_token_roles_required = True Storage\u8282\u70b9 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305\u3002 dnf install openstack-swift-account openstack-swift-container openstack-swift-object dnf install xfsprogs rsync \u5c06\u8bbe\u5907/dev/sdb\u548c/dev/sdc\u683c\u5f0f\u5316\u4e3aXFS\u3002 mkfs.xfs /dev/sdb mkfs.xfs /dev/sdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u3002 mkdir -p /srv/node/sdb mkdir -p /srv/node/sdc \u627e\u5230\u65b0\u5206\u533a\u7684UUID\u3002 blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d\u3002 UUID=\"<UUID-from-output-above>\" /srv/node/sdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/sdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\u3002 mount /srv/node/sdb mount /srv/node/sdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e\u3002 \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u914d\u7f6e\u5b58\u50a8\u8282\u70b9\u3002 \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 [DEFAULT] bind_ip = 192.168.0.4 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743\u3002 chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\u3002 mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift Controller\u8282\u70b9\u521b\u5efa\u5e76\u5206\u53d1\u73af \u521b\u5efa\u8d26\u53f7\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840 account.builder \u6587\u4ef6\u3002 swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder account.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS \\ --port 6202 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u8d26\u53f7\u73af\u5185\u5bb9\u3002 swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u8d26\u53f7\u73af\u3002 swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\u3002 swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder container.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u5bb9\u5668\u73af\u5185\u5bb9\u3002 swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u5bb9\u5668\u73af\u3002 swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\u3002 swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder object.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS \\ --port 6200 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u5bf9\u8c61\u73af\u5185\u5bb9\u3002 swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u5bf9\u8c61\u73af\u3002 swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\u3002 \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/swift/swift.conf\u3002 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\u3002 chown -R root:swift /etc/swift \u5b8c\u6210\u5b89\u88c5 \u5728\u63a7\u5236\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\u3002 systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\u3002 systemctl enable openstack-swift-account.service \\ openstack-swift-account-auditor.service \\ openstack-swift-account-reaper.service \\ openstack-swift-account-replicator.service \\ openstack-swift-container.service \\ openstack-swift-container-auditor.service \\ openstack-swift-container-replicator.service \\ openstack-swift-container-updater.service \\ openstack-swift-object.service \\ openstack-swift-object-auditor.service \\ openstack-swift-object-replicator.service \\ openstack-swift-object-updater.service systemctl start openstack-swift-account.service \\ openstack-swift-account-auditor.service \\ openstack-swift-account-reaper.service \\ openstack-swift-account-replicator.service \\ openstack-swift-container.service \\ openstack-swift-container-auditor.service \\ openstack-swift-container-replicator.service \\ openstack-swift-container-updater.service \\ openstack-swift-object.service \\ openstack-swift-object-auditor.service \\ openstack-swift-object-replicator.service \\ openstack-swift-object-updater.service Cyborg \u00b6 Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 Controller\u8282\u70b9 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 mysql -u root -p MariaDB [(none)]> CREATE DATABASE cyborg; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u7528\u6237\u548c\u670d\u52a1\uff0c\u5e76\u8bb0\u4f4f\u521b\u5efacybory\u7528\u6237\u65f6\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6eCYBORG_PASS source ~/.admin-openrc openstack user create --domain default --password-prompt cyborg openstack role add --project service --user cyborg admin openstack service create --name cyborg --description \"Acceleration Service\" accelerator \u4f7f\u7528uwsgi\u90e8\u7f72Cyborg api\u670d\u52a1 openstack endpoint create --region RegionOne accelerator public http://controller/accelerator/v2 openstack endpoint create --region RegionOne accelerator internal http://controller/accelerator/v2 openstack endpoint create --region RegionOne accelerator admin http://controller/accelerator/v2 \u5b89\u88c5Cyborg dnf install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [api] host_ip = 0.0.0.0 [database] connection = mysql+pymysql://cyborg:CYBORG_DBPASS@controller/cyborg [service_catalog] cafile = /opt/stack/data/ca-bundle.pem project_domain_id = default user_domain_id = default project_name = service password = CYBORG_PASS username = cyborg auth_url = http://controller:5000/v3/ auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = password username = PLACEMENT_PASS auth_url = http://controller:5000/v3/ auth_type = password auth_section = keystone_authtoken [nova] project_domain_name = Default project_name = service user_domain_name = Default password = NOVA_PASS username = nova auth_url = http://controller:5000/v3/ auth_type = password auth_section = keystone_authtoken [keystone_authtoken] memcached_servers = localhost:11211 signing_dir = /var/cache/cyborg/api cafile = /opt/stack/data/ca-bundle.pem project_domain_name = Default project_name = service user_domain_name = Default password = CYBORG_PASS username = cyborg auth_url = http://controller:5000/v3/ auth_type = password \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent Aodh \u00b6 Aodh\u53ef\u4ee5\u6839\u636e\u7531Ceilometer\u6216\u8005Gnocchi\u6536\u96c6\u7684\u76d1\u63a7\u6570\u636e\u521b\u5efa\u544a\u8b66\uff0c\u5e76\u8bbe\u7f6e\u89e6\u53d1\u89c4\u5219\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh\u3002 dnf install openstack-aodh-api openstack-aodh-evaluator \\ openstack-aodh-notifier openstack-aodh-listener \\ openstack-aodh-expirer python3-aodhclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/aodh/aodh.conf [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u540c\u6b65\u6570\u636e\u5e93\u3002 aodh-dbsync \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service \\ openstack-aodh-notifier.service openstack-aodh-listener.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service \\ openstack-aodh-notifier.service openstack-aodh-listener.service Gnocchi \u00b6 Gnocchi\u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u65f6\u95f4\u5e8f\u5217\u6570\u636e\u5e93\uff0c\u53ef\u4ee5\u5bf9\u63a5Ceilometer\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi\u3002 dnf install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. # coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u540c\u6b65\u6570\u636e\u5e93\u3002 gnocchi-upgrade \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service Ceilometer \u00b6 Ceilometer\u662fOpenStack\u4e2d\u8d1f\u8d23\u6570\u636e\u6536\u96c6\u7684\u670d\u52a1\u3002 Controller\u8282\u70b9 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer\u8f6f\u4ef6\u5305\u3002 dnf install openstack-ceilometer-notification openstack-ceilometer-central \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/pipeline.yaml\u3002 publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/ceilometer.conf\u3002 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u6570\u636e\u5e93\u540c\u6b65\u3002 ceilometer-upgrade \u5b8c\u6210\u63a7\u5236\u8282\u70b9Ceilometer\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Compute\u8282\u70b9 \u5b89\u88c5Ceilometer\u8f6f\u4ef6\u5305\u3002 dnf install openstack-ceilometer-compute dnf install openstack-ceilometer-ipmi # \u53ef\u9009 \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/ceilometer.conf\u3002 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_url = http://controller:5000 project_domain_id = default user_domain_id = default auth_type = password username = ceilometer project_name = service password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/nova/nova.conf\u3002 [DEFAULT] instance_usage_audit = True instance_usage_audit_period = hour [notifications] notify_on_state_change = vm_and_task_state [oslo_messaging_notifications] driver = messagingv2 \u5b8c\u6210\u5b89\u88c5\u3002 systemctl enable openstack-ceilometer-compute.service systemctl start openstack-ceilometer-compute.service systemctl enable openstack-ceilometer-ipmi.service # \u53ef\u9009 systemctl start openstack-ceilometer-ipmi.service # \u53ef\u9009 # \u91cd\u542fnova-compute\u670d\u52a1 systemctl restart openstack-nova-compute.service Heat \u00b6 Heat\u662f OpenStack \u81ea\u52a8\u7f16\u6392\u670d\u52a1\uff0c\u57fa\u4e8e\u63cf\u8ff0\u6027\u7684\u6a21\u677f\u6765\u7f16\u6392\u590d\u5408\u4e91\u5e94\u7528\uff0c\u4e5f\u79f0\u4e3a Orchestration Service \u3002Heat \u7684\u5404\u670d\u52a1\u4e00\u822c\u5b89\u88c5\u5728 Controller \u8282\u70b9\u4e0a\u3002 Controller\u8282\u70b9 \u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE heat; MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 source ~/.admin-openrc openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f \u521b\u5efa heat domain openstack domain create --description \"Stack projects and users\" heat \u5728 heat domain\u4e0b\u521b\u5efa heat_domain_admin \u7528\u6237\uff0c\u5e76\u8bb0\u4e0b\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6e\u4e0b\u9762\u7684 HEAT_DOMAIN_PASS openstack user create --domain heat --password-prompt heat_domain_admin \u4e3a heat_domain_admin \u7528\u6237\u589e\u52a0 admin \u89d2\u8272 openstack role add --domain heat --user-domain heat --user heat_domain_admin admin \u521b\u5efa heat_stack_owner \u89d2\u8272 openstack role create heat_stack_owner \u521b\u5efa heat_stack_user \u89d2\u8272 openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service Tempest \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 Controller\u8282\u70b9 \uff1a \u5b89\u88c5Tempest dnf install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Antelope\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a dnf install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u90e8\u7f72 \u00b6 oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 oos\u5de5\u5177\u5728\u4e0d\u65ad\u6f14\u8fdb\uff0c\u517c\u5bb9\u6027\u3001\u53ef\u7528\u6027\u4e0d\u80fd\u65f6\u523b\u4fdd\u8bc1\uff0c\u5efa\u8bae\u4f7f\u7528\u5df2\u9a8c\u8bc1\u7684\u672c\u7248\uff0c\u8fd9\u91cc\u9009\u62e9 1.3.1 pip install openstack-sig-tool==1.3.1 \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff0cAK/SK\u662f\u7528\u6237\u7684\u534e\u4e3a\u4e91\u767b\u5f55\u5bc6\u94a5\uff0c\u5176\u4ed6\u914d\u7f6e\u4fdd\u6301\u9ed8\u8ba4\u5373\u53ef\uff08\u9ed8\u8ba4\u4f7f\u7528\u65b0\u52a0\u5761region\uff09\uff0c\u9700\u8981\u63d0\u524d\u5728\u4e91\u4e0a\u521b\u5efa\u5bf9\u5e94\u7684\u8d44\u6e90\uff0c\u5305\u62ec\uff1a \u4e00\u4e2a\u5b89\u5168\u7ec4\uff0c\u540d\u5b57\u9ed8\u8ba4\u662f oos \u4e00\u4e2aopenEuler\u955c\u50cf\uff0c\u540d\u79f0\u683c\u5f0f\u662fopenEuler-%(release)s-%(arch)s\uff0c\u4f8b\u5982 openEuler-24.03-arm64 \u4e00\u4e2aVPC\uff0c\u540d\u79f0\u662f oos_vpc \u8be5VPC\u4e0b\u9762\u4e24\u4e2a\u5b50\u7f51\uff0c\u540d\u79f0\u662f oos_subnet1 \u3001 oos_subnet2 [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668(\u53ea\u5728openEuler LTS\u4e0a\u652f\u6301) \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 24.03 LTS\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 24.03-lts -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r antelope \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u6267\u884ctempest\u6d4b\u8bd5 \u7528\u6237\u53ef\u4ee5\u4f7f\u7528oos\u81ea\u52a8\u6267\u884c\uff1a oos env test test-oos \u4e5f\u53ef\u4ee5\u624b\u52a8\u767b\u5f55\u76ee\u6807\u8282\u70b9\uff0c\u8fdb\u5165\u6839\u76ee\u5f55\u4e0b\u7684 mytest \u76ee\u5f55\uff0c\u624b\u52a8\u6267\u884c tempest run \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u8df3\u8fc7\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u5728\u7b2c4\u6b65\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 \u88ab\u7eb3\u7ba1\u7684\u865a\u673a\u9700\u8981\u4fdd\u8bc1\uff1a \u81f3\u5c11\u6709\u4e00\u5f20\u7ed9oos\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e neutron_dataplane_interface_name \u81f3\u5c11\u6709\u4e00\u5757\u7ed9oos\u4f7f\u7528\u7684\u786c\u76d8\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e cinder_block_device \u5982\u679c\u8981\u90e8\u7f72swift\u670d\u52a1\uff0c\u5219\u9700\u8981\u65b0\u589e\u4e00\u5757\u786c\u76d8\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e swift_storage_devices # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 24.03-lts -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"openEuler-24.03-LTS_Antelope"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#openstack-antelope","text":"OpenStack Antelope \u90e8\u7f72\u6307\u5357 \u57fa\u4e8eRPM\u90e8\u7f72 \u73af\u5883\u51c6\u5907 \u65f6\u949f\u540c\u6b65 \u5b89\u88c5\u6570\u636e\u5e93 \u5b89\u88c5\u6d88\u606f\u961f\u5217 \u5b89\u88c5\u7f13\u5b58\u670d\u52a1 \u90e8\u7f72\u670d\u52a1 Keystone Glance Placement Nova Neutron Cinder Horizon Ironic Trove Swift Cyborg Aodh Gnocchi Ceilometer Heat Tempest \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u90e8\u7f72 \u672c\u6587\u6863\u662f openEuler OpenStack SIG \u7f16\u5199\u7684\u57fa\u4e8e openEuler 24.03 LTS \u7684 OpenStack \u90e8\u7f72\u6307\u5357\uff0c\u5185\u5bb9\u7531 SIG \u8d21\u732e\u8005\u63d0\u4f9b\u3002\u5728\u9605\u8bfb\u8fc7\u7a0b\u4e2d\uff0c\u5982\u679c\u60a8\u6709\u4efb\u4f55\u7591\u95ee\u6216\u8005\u53d1\u73b0\u4efb\u4f55\u95ee\u9898\uff0c\u8bf7 \u8054\u7cfb SIG\u7ef4\u62a4\u4eba\u5458\uff0c\u6216\u8005\u76f4\u63a5 \u63d0\u4ea4issue \u7ea6\u5b9a \u672c\u7ae0\u8282\u63cf\u8ff0\u6587\u6863\u4e2d\u7684\u4e00\u4e9b\u901a\u7528\u7ea6\u5b9a\u3002 \u540d\u79f0 \u5b9a\u4e49 RABBIT_PASS rabbitmq\u7684\u5bc6\u7801\uff0c\u7531\u7528\u6237\u8bbe\u7f6e\uff0c\u5728OpenStack\u5404\u4e2a\u670d\u52a1\u914d\u7f6e\u4e2d\u4f7f\u7528 CINDER_PASS cinder\u670d\u52a1keystone\u7528\u6237\u7684\u5bc6\u7801\uff0c\u5728cinder\u914d\u7f6e\u4e2d\u4f7f\u7528 CINDER_DBPASS cinder\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728cinder\u914d\u7f6e\u4e2d\u4f7f\u7528 KEYSTONE_DBPASS keystone\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728keystone\u914d\u7f6e\u4e2d\u4f7f\u7528 GLANCE_PASS glance\u670d\u52a1keystone\u7528\u6237\u7684\u5bc6\u7801\uff0c\u5728glance\u914d\u7f6e\u4e2d\u4f7f\u7528 GLANCE_DBPASS glance\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728glance\u914d\u7f6e\u4e2d\u4f7f\u7528 HEAT_PASS \u5728keystone\u6ce8\u518c\u7684heat\u7528\u6237\u5bc6\u7801\uff0c\u5728heat\u914d\u7f6e\u4e2d\u4f7f\u7528 HEAT_DBPASS heat\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728heat\u914d\u7f6e\u4e2d\u4f7f\u7528 CYBORG_PASS \u5728keystone\u6ce8\u518c\u7684cyborg\u7528\u6237\u5bc6\u7801\uff0c\u5728cyborg\u914d\u7f6e\u4e2d\u4f7f\u7528 CYBORG_DBPASS cyborg\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728cyborg\u914d\u7f6e\u4e2d\u4f7f\u7528 NEUTRON_PASS \u5728keystone\u6ce8\u518c\u7684neutron\u7528\u6237\u5bc6\u7801\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 NEUTRON_DBPASS neutron\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 PROVIDER_INTERFACE_NAME \u7269\u7406\u7f51\u7edc\u63a5\u53e3\u7684\u540d\u79f0\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 OVERLAY_INTERFACE_IP_ADDRESS Controller\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406ip\u5730\u5740\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 METADATA_SECRET metadata proxy\u7684secret\u5bc6\u7801\uff0c\u5728nova\u548cneutron\u914d\u7f6e\u4e2d\u4f7f\u7528 PLACEMENT_DBPASS placement\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728placement\u914d\u7f6e\u4e2d\u4f7f\u7528 PLACEMENT_PASS \u5728keystone\u6ce8\u518c\u7684placement\u7528\u6237\u5bc6\u7801\uff0c\u5728placement\u914d\u7f6e\u4e2d\u4f7f\u7528 NOVA_DBPASS nova\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728nova\u914d\u7f6e\u4e2d\u4f7f\u7528 NOVA_PASS \u5728keystone\u6ce8\u518c\u7684nova\u7528\u6237\u5bc6\u7801\uff0c\u5728nova,cyborg,neutron\u7b49\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_DBPASS ironic\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728ironic\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_PASS \u5728keystone\u6ce8\u518c\u7684ironic\u7528\u6237\u5bc6\u7801\uff0c\u5728ironic\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_INSPECTOR_DBPASS ironic-inspector\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728ironic-inspector\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_INSPECTOR_PASS \u5728keystone\u6ce8\u518c\u7684ironic-inspector\u7528\u6237\u5bc6\u7801\uff0c\u5728ironic-inspector\u914d\u7f6e\u4e2d\u4f7f\u7528 OpenStack SIG \u63d0\u4f9b\u4e86\u591a\u79cd\u57fa\u4e8e openEuler \u90e8\u7f72 OpenStack \u7684\u65b9\u6cd5\uff0c\u4ee5\u6ee1\u8db3\u4e0d\u540c\u7684\u7528\u6237\u573a\u666f\uff0c\u8bf7\u6309\u9700\u9009\u62e9\u3002","title":"OpenStack Antelope \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#rpm","text":"","title":"\u57fa\u4e8eRPM\u90e8\u7f72"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#_1","text":"\u672c\u6587\u6863\u57fa\u4e8eOpenStack\u7ecf\u5178\u7684\u4e09\u8282\u70b9\u73af\u5883\u8fdb\u884c\u90e8\u7f72\uff0c\u4e09\u4e2a\u8282\u70b9\u5206\u522b\u662f\u63a7\u5236\u8282\u70b9(Controller)\u3001\u8ba1\u7b97\u8282\u70b9(Compute)\u3001\u5b58\u50a8\u8282\u70b9(Storage)\uff0c\u5176\u4e2d\u5b58\u50a8\u8282\u70b9\u4e00\u822c\u53ea\u90e8\u7f72\u5b58\u50a8\u670d\u52a1\uff0c\u5728\u8d44\u6e90\u6709\u9650\u7684\u60c5\u51b5\u4e0b\uff0c\u53ef\u4ee5\u4e0d\u5355\u72ec\u90e8\u7f72\u8be5\u8282\u70b9\uff0c\u628a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u670d\u52a1\u90e8\u7f72\u5230\u8ba1\u7b97\u8282\u70b9\u5373\u53ef\u3002 \u9996\u5148\u51c6\u5907\u4e09\u4e2aopenEuler 24.03 LTS\u73af\u5883\uff0c\u6839\u636e\u60a8\u7684\u73af\u5883\uff0c\u4e0b\u8f7d\u5bf9\u5e94\u7684\u955c\u50cf\u5e76\u5b89\u88c5\u5373\u53ef\uff1a ISO\u955c\u50cf \u3001 qcow2\u955c\u50cf \u3002 \u4e0b\u9762\u7684\u5b89\u88c5\u6309\u7167\u5982\u4e0b\u62d3\u6251\u8fdb\u884c\uff1a controller\uff1a192.168.0.2 compute\uff1a 192.168.0.3 storage\uff1a 192.168.0.4 \u5982\u679c\u60a8\u7684\u73af\u5883IP\u4e0d\u540c\uff0c\u8bf7\u6309\u7167\u60a8\u7684\u73af\u5883IP\u4fee\u6539\u76f8\u5e94\u7684\u914d\u7f6e\u6587\u4ef6\u3002 \u672c\u6587\u6863\u7684\u4e09\u8282\u70b9\u670d\u52a1\u62d3\u6251\u5982\u4e0b\u56fe\u6240\u793a(\u53ea\u5305\u542bKeystone\u3001Glance\u3001Nova\u3001Cinder\u3001Neutron\u8fd9\u51e0\u4e2a\u6838\u5fc3\u670d\u52a1\uff0c\u5176\u4ed6\u670d\u52a1\u8bf7\u53c2\u8003\u5177\u4f53\u90e8\u7f72\u7ae0\u8282)\uff1a \u5728\u6b63\u5f0f\u90e8\u7f72\u4e4b\u524d\uff0c\u9700\u8981\u5bf9\u6bcf\u4e2a\u8282\u70b9\u505a\u5982\u4e0b\u914d\u7f6e\u548c\u68c0\u67e5\uff1a \u914d\u7f6e openEuler 24.03 LTS \u5b98\u65b9 yum \u6e90\uff0c\u9700\u8981\u542f\u7528 EPOL \u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301 OpenStack yum update yum install openstack-release-antelope yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-24.03-LTS/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-24.03-LTS/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u6bcf\u4e2a\u8282\u70b9\u5206\u522b\u4fee\u6539\u4e3b\u673a\u540d\uff0c\u4ee5controller\u4e3a\u4f8b\uff1a hostnamectl set-hostname controller vi /etc/hostname \u5185\u5bb9\u4fee\u6539\u4e3acontroller \u7136\u540e\u4fee\u6539\u6bcf\u4e2a\u8282\u70b9\u7684 /etc/hosts \u6587\u4ef6\uff0c\u65b0\u589e\u5982\u4e0b\u5185\u5bb9: 192.168.0.2 controller 192.168.0.3 compute 192.168.0.4 storage","title":"\u73af\u5883\u51c6\u5907"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#_2","text":"\u96c6\u7fa4\u73af\u5883\u65f6\u523b\u8981\u6c42\u6bcf\u4e2a\u8282\u70b9\u7684\u65f6\u95f4\u4e00\u81f4\uff0c\u4e00\u822c\u7531\u65f6\u949f\u540c\u6b65\u8f6f\u4ef6\u4fdd\u8bc1\u3002\u672c\u6587\u4f7f\u7528 chrony \u8f6f\u4ef6\u3002\u6b65\u9aa4\u5982\u4e0b\uff1a Controller\u8282\u70b9 \uff1a \u5b89\u88c5\u670d\u52a1 dnf install chrony \u4fee\u6539 /etc/chrony.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u65b0\u589e\u4e00\u884c # \u8868\u793a\u5141\u8bb8\u54ea\u4e9bIP\u4ece\u672c\u8282\u70b9\u540c\u6b65\u65f6\u949f allow 192.168.0.0/24 \u91cd\u542f\u670d\u52a1 systemctl restart chronyd \u5176\u4ed6\u8282\u70b9 \u5b89\u88c5\u670d\u52a1 dnf install chrony \u4fee\u6539 /etc/chrony.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u65b0\u589e\u4e00\u884c # NTP_SERVER\u662fcontroller IP\uff0c\u8868\u793a\u4ece\u8fd9\u4e2a\u673a\u5668\u83b7\u53d6\u65f6\u95f4\uff0c\u8fd9\u91cc\u6211\u4eec\u586b192.168.0.2\uff0c\u6216\u8005\u5728`/etc/hosts`\u91cc\u914d\u7f6e\u597d\u7684controller\u540d\u5b57\u5373\u53ef\u3002 server NTP_SERVER iburst \u540c\u65f6\uff0c\u8981\u628a pool pool.ntp.org iburst \u8fd9\u4e00\u884c\u6ce8\u91ca\u6389\uff0c\u8868\u793a\u4e0d\u4ece\u516c\u7f51\u540c\u6b65\u65f6\u949f\u3002 \u91cd\u542f\u670d\u52a1 systemctl restart chronyd \u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u68c0\u67e5\u4e00\u4e0b\u7ed3\u679c\uff0c\u5728\u5176\u4ed6\u975econtroller\u8282\u70b9\u6267\u884c chronyc sources \uff0c\u8fd4\u56de\u7ed3\u679c\u7c7b\u4f3c\u5982\u4e0b\u5185\u5bb9\uff0c\u8868\u793a\u6210\u529f\u4ececontroller\u540c\u6b65\u65f6\u949f\u3002 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* 192.168.0.2 4 6 7 0 -1406ns[ +55us] +/- 16ms","title":"\u65f6\u949f\u540c\u6b65"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#_3","text":"\u6570\u636e\u5e93\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528mariadb\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install mysql-config mariadb mariadb-server python3-PyMySQL \u65b0\u589e\u914d\u7f6e\u6587\u4ef6 /etc/my.cnf.d/openstack.cnf \uff0c\u5185\u5bb9\u5982\u4e0b [mysqld] bind-address = 192.168.0.2 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u542f\u52a8\u670d\u52a1\u5668 systemctl start mariadb \u521d\u59cb\u5316\u6570\u636e\u5e93\uff0c\u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef mysql_secure_installation \u793a\u4f8b\u5982\u4e0b\uff1a NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and haven't set the root password yet, you should just press enter here. Enter current password for root (enter for none): #\u8fd9\u91cc\u8f93\u5165\u5bc6\u7801\uff0c\u7531\u4e8e\u6211\u4eec\u662f\u521d\u59cb\u5316DB\uff0c\u76f4\u63a5\u56de\u8f66\u5c31\u884c OK, successfully used password, moving on... Setting the root password or using the unix_socket ensures that nobody can log into the MariaDB root user without the proper authorisation. You already have your root account protected, so you can safely answer 'n'. # \u8fd9\u91cc\u6839\u636e\u63d0\u793a\u8f93\u5165N Switch to unix_socket authentication [Y/n] N Enabled successfully! Reloading privilege tables.. ... Success! You already have your root account protected, so you can safely answer 'n'. # \u8f93\u5165Y\uff0c\u4fee\u6539\u5bc6\u7801 Change the root password? [Y/n] Y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. # \u8f93\u5165Y\uff0c\u5220\u9664\u533f\u540d\u7528\u6237 Remove anonymous users? [Y/n] Y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. # \u8f93\u5165Y\uff0c\u5173\u95edroot\u8fdc\u7a0b\u767b\u5f55\u6743\u9650 Disallow root login remotely? [Y/n] Y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. # \u8f93\u5165Y\uff0c\u5220\u9664test\u6570\u636e\u5e93 Remove test database and access to it? [Y/n] Y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. # \u8f93\u5165Y\uff0c\u91cd\u8f7d\u914d\u7f6e Reload privilege tables now? [Y/n] Y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. \u9a8c\u8bc1\uff0c\u6839\u636e\u7b2c\u56db\u6b65\u8bbe\u7f6e\u7684\u5bc6\u7801\uff0c\u68c0\u67e5\u662f\u5426\u80fd\u767b\u5f55mariadb mysql -uroot -p","title":"\u5b89\u88c5\u6570\u636e\u5e93"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#_4","text":"\u6d88\u606f\u961f\u5217\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528rabbitmq\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install rabbitmq-server \u542f\u52a8\u670d\u52a1 systemctl start rabbitmq-server \u914d\u7f6eopenstack\u7528\u6237\uff0c RABBIT_PASS \u662fopenstack\u670d\u52a1\u767b\u5f55\u6d88\u606f\u961f\u91cc\u7684\u5bc6\u7801\uff0c\u9700\u8981\u548c\u540e\u9762\u5404\u4e2a\u670d\u52a1\u7684\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\u3002 rabbitmqctl add_user openstack RABBIT_PASS rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5\u6d88\u606f\u961f\u5217"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#_5","text":"\u6d88\u606f\u961f\u5217\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528Memcached\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install memcached python3-memcached \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u542f\u52a8\u670d\u52a1 systemctl start memcached","title":"\u5b89\u88c5\u7f13\u5b58\u670d\u52a1"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#_6","text":"","title":"\u90e8\u7f72\u670d\u52a1"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#keystone","text":"Keystone\u662fOpenStack\u63d0\u4f9b\u7684\u9274\u6743\u670d\u52a1\uff0c\u662f\u6574\u4e2aOpenStack\u7684\u5165\u53e3\uff0c\u63d0\u4f9b\u4e86\u79df\u6237\u9694\u79bb\u3001\u7528\u6237\u8ba4\u8bc1\u3001\u670d\u52a1\u53d1\u73b0\u7b49\u529f\u80fd\uff0c\u5fc5\u987b\u5b89\u88c5\u3002 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server \u6253\u5f00httpd.conf\u5e76\u914d\u7f6e #\u9700\u8981\u4fee\u6539\u7684\u914d\u7f6e\u6587\u4ef6\u8def\u5f84 vim /etc/httpd/conf/httpd.conf #\u4fee\u6539\u4ee5\u4e0b\u9879\uff0c\u5982\u679c\u6ca1\u6709\u5219\u65b0\u6dfb\u52a0 ServerName controller \u521b\u5efa\u8f6f\u94fe\u63a5 ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles \u9700\u8981\u5148\u5b89\u88c5python3-openstackclient dnf install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#glance","text":"Glance\u662fOpenStack\u63d0\u4f9b\u7684\u955c\u50cf\u670d\u52a1\uff0c\u8d1f\u8d23\u865a\u62df\u673a\u3001\u88f8\u673a\u955c\u50cf\u7684\u4e0a\u4f20\u4e0e\u4e0b\u8f7d\uff0c\u5fc5\u987b\u5b89\u88c5\u3002 Controller\u8282\u70b9 \uff1a \u521b\u5efa glance \u6570\u636e\u5e93\u5e76\u6388\u6743 mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521d\u59cb\u5316 glance \u8d44\u6e90\u5bf9\u8c61 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efa\u7528\u6237\u65f6\uff0c\u547d\u4ee4\u884c\u4f1a\u63d0\u793a\u8f93\u5165\u5bc6\u7801\uff0c\u8bf7\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u5bc6\u7801\uff0c\u4e0b\u6587\u6d89\u53ca\u5230 GLANCE_PASS \u7684\u5730\u65b9\u66ff\u6362\u6210\u8be5\u5bc6\u7801\u5373\u53ef\u3002 openstack user create --domain default --password-prompt glance User Password: Repeat User Password: \u6dfb\u52a0glance\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user glance admin \u521b\u5efaglance\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efaglance API\u670d\u52a1\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-glance \u4fee\u6539 glance \u914d\u7f6e\u6587\u4ef6 vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u5bfc\u5165\u73af\u5883\u53d8\u91cf sorce ~/.admin-openrcu \u4e0b\u8f7d\u955c\u50cf x86\u955c\u50cf\u4e0b\u8f7d\uff1a wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img arm\u955c\u50cf\u4e0b\u8f7d\uff1a wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-aarch64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#placement","text":"Placement\u662fOpenStack\u63d0\u4f9b\u7684\u8d44\u6e90\u8c03\u5ea6\u7ec4\u4ef6\uff0c\u4e00\u822c\u4e0d\u9762\u5411\u7528\u6237\uff0c\u7531Nova\u7b49\u7ec4\u4ef6\u8c03\u7528\uff0c\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\u3002 \u5b89\u88c5\u3001\u914d\u7f6ePlacement\u670d\u52a1\u524d\uff0c\u9700\u8981\u5148\u521b\u5efa\u76f8\u5e94\u7684\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548cAPI endpoints\u3002 \u521b\u5efa\u6570\u636e\u5e93 \u4f7f\u7528root\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\u670d\u52a1\uff1a mysql -u root -p \u521b\u5efaplacement\u6570\u636e\u5e93\uff1a MariaDB [(none)]> CREATE DATABASE placement; \u6388\u6743\u6570\u636e\u5e93\u8bbf\u95ee\uff1a MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; \u66ff\u6362 PLACEMENT_DBPASS \u4e3aplacement\u6570\u636e\u5e93\u8bbf\u95ee\u5bc6\u7801\u3002 \u9000\u51fa\u6570\u636e\u5e93\u8bbf\u95ee\u5ba2\u6237\u7aef\uff1a exit \u914d\u7f6e\u7528\u6237\u548cEndpoints source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u521b\u5efaplacement\u7528\u6237\u5e76\u8bbe\u7f6e\u7528\u6237\u5bc6\u7801\uff1a openstack user create --domain default --password-prompt placement User Password: Repeat User Password: \u6dfb\u52a0placement\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user placement admin \u521b\u5efaplacement\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name placement \\ --description \"Placement API\" placement \u521b\u5efaPlacement API\u670d\u52a1endpoints\uff1a openstack endpoint create --region RegionOne \\ placement public http://controller:8778 openstack endpoint create --region RegionOne \\ placement internal http://controller:8778 openstack endpoint create --region RegionOne \\ placement admin http://controller:8778 \u5b89\u88c5\u53ca\u914d\u7f6e\u7ec4\u4ef6 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a dnf install openstack-placement-api \u7f16\u8f91 /etc/placement/placement.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u5b8c\u6210\u5982\u4e0b\u64cd\u4f5c\uff1a \u5728 [placement_database] \u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1a [placement_database] connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement \u66ff\u6362 PLACEMENT_DBPASS \u4e3aplacement\u6570\u636e\u5e93\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u6570\u636e\u5e93\u540c\u6b65\uff0c\u586b\u5145Placement\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8\u670d\u52a1 \u91cd\u542fhttpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650 source ~/.admin-openrc \u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a placement-status upgrade check +----------------------------------------------------------------------+ | Upgrade Check Results | +----------------------------------------------------------------------+ | Check: Missing Root Provider IDs | | Result: Success | | Details: None | +----------------------------------------------------------------------+ | Check: Incomplete Consumers | | Result: Success | | Details: None | +----------------------------------------------------------------------+ | Check: Policy File JSON to YAML Migration | | Result: Failure | | Details: Your policy file is JSON-formatted which is deprecated. You | | need to switch to YAML-formatted file. Use the | | ``oslopolicy-convert-json-to-yaml`` tool to convert the | | existing JSON-formatted files to YAML in a backwards- | | compatible manner: https://docs.openstack.org/oslo.policy/ | | latest/cli/oslopolicy-convert-json-to-yaml.html. | +----------------------------------------------------------------------+ \u8fd9\u91cc\u53ef\u4ee5\u770b\u5230 Policy File JSON to YAML Migration \u7684\u7ed3\u679c\u4e3aFailure\u3002\u8fd9\u662f\u56e0\u4e3a\u5728Placement\u4e2d\uff0cJSON\u683c\u5f0f\u7684policy\u6587\u4ef6\u4eceWallaby\u7248\u672c\u5f00\u59cb\u5df2\u5904\u4e8e deprecated \u72b6\u6001\u3002\u53ef\u4ee5\u53c2\u8003\u63d0\u793a\uff0c\u4f7f\u7528 oslopolicy-convert-json-to-yaml \u5de5\u5177 \u5c06\u73b0\u6709\u7684JSON\u683c\u5f0fpolicy\u6587\u4ef6\u8f6c\u5316\u4e3aYAML\u683c\u5f0f\u3002 oslopolicy-convert-json-to-yaml --namespace placement \\ --policy-file /etc/placement/policy.json \\ --output-file /etc/placement/policy.yaml mv /etc/placement/policy.json{,.bak} \u6ce8\uff1a\u5f53\u524d\u73af\u5883\u4e2d\u6b64\u95ee\u9898\u53ef\u5ffd\u7565\uff0c\u4e0d\u5f71\u54cd\u8fd0\u884c\u3002 \u9488\u5bf9placement API\u8fd0\u884c\u547d\u4ee4\uff1a \u5b89\u88c5osc-placement\u63d2\u4ef6\uff1a dnf install python3-osc-placement \u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a openstack --os-placement-api-version 1.2 resource class list --sort-column name +----------------------------+ | name | +----------------------------+ | DISK_GB | | FPGA | | ... | openstack --os-placement-api-version 1.6 trait list --sort-column name +---------------------------------------+ | name | +---------------------------------------+ | COMPUTE_ACCELERATORS | | COMPUTE_ARCH_AARCH64 | | ... |","title":"Placement"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#nova","text":"Nova\u662fOpenStack\u7684\u8ba1\u7b97\u670d\u52a1\uff0c\u8d1f\u8d23\u865a\u62df\u673a\u7684\u521b\u5efa\u3001\u53d1\u653e\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u521b\u5efa\u6570\u636e\u5e93 \u4f7f\u7528root\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\u670d\u52a1\uff1a mysql -u root -p \u521b\u5efa nova_api \u3001 nova \u548c nova_cell0 \u6570\u636e\u5e93\uff1a MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; \u6388\u6743\u6570\u636e\u5e93\u8bbf\u95ee\uff1a MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; \u66ff\u6362 NOVA_DBPASS \u4e3anova\u76f8\u5173\u6570\u636e\u5e93\u8bbf\u95ee\u5bc6\u7801\u3002 \u9000\u51fa\u6570\u636e\u5e93\u8bbf\u95ee\u5ba2\u6237\u7aef\uff1a exit \u914d\u7f6e\u7528\u6237\u548cEndpoints source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u521b\u5efanova\u7528\u6237\u5e76\u8bbe\u7f6e\u7528\u6237\u5bc6\u7801\uff1a openstack user create --domain default --password-prompt nova User Password: Repeat User Password: \u6dfb\u52a0nova\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user nova admin \u521b\u5efanova\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name nova \\ --description \"OpenStack Compute\" compute \u521b\u5efaNova API\u670d\u52a1endpoints\uff1a openstack endpoint create --region RegionOne \\ compute public http://controller:8774/v2.1 openstack endpoint create --region RegionOne \\ compute internal http://controller:8774/v2.1 openstack endpoint create --region RegionOne \\ compute admin http://controller:8774/v2.1 \u5b89\u88c5\u53ca\u914d\u7f6e\u7ec4\u4ef6 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a dnf install openstack-nova-api openstack-nova-conductor \\ openstack-nova-novncproxy openstack-nova-scheduler \u7f16\u8f91 /etc/nova/nova.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u5b8c\u6210\u5982\u4e0b\u64cd\u4f5c\uff1a \u5728 [default] \u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u4f7f\u7528controller\u8282\u70b9\u7ba1\u7406IP\u914d\u7f6emy_ip\uff0c\u663e\u5f0f\u5b9a\u4e49log_dir\uff1a [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 192.168.0.2 log_dir = /var/log/nova state_path = /var/lib/nova \u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002 \u5728 [api_database] \u548c [database] \u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1a [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova \u66ff\u6362 NOVA_DBPASS \u4e3anova\u76f8\u5173\u6570\u636e\u5e93\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u5728 [vnc] \u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1a [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip \u5728 [glance] \u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1a [glance] api_servers = http://controller:9292 \u5728 [oslo_concurrency] \u90e8\u5206\uff0c\u914d\u7f6elock path\uff1a [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\uff1a [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u6570\u636e\u5e93\u540c\u6b65\uff1a \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova \u542f\u52a8\u670d\u52a1 systemctl enable \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service Compute\u8282\u70b9 \u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-nova-compute \u7f16\u8f91 /etc/nova/nova.conf \u914d\u7f6e\u6587\u4ef6 \u5728 [default] \u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u4f7f\u7528Compute\u8282\u70b9\u7ba1\u7406IP\u914d\u7f6emy_ip\uff0c\u663e\u5f0f\u5b9a\u4e49compute_driver\u3001instances_path\u3001log_dir\uff1a [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 192.168.0.3 compute_driver = libvirt.LibvirtDriver instances_path = /var/lib/nova/instances log_dir = /var/log/nova \u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u5728 [vnc] \u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1a [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html \u5728 [glance] \u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1a [glance] api_servers = http://controller:9292 \u5728 [oslo_concurrency] \u90e8\u5206\uff0c\u914d\u7f6elock path\uff1a [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\uff1a [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86_64\uff09 \u5904\u7406\u5668\u4e3ax86_64\u67b6\u6784\u65f6\uff0c\u53ef\u901a\u8fc7\u8fd0\u884c\u5982\u4e0b\u547d\u4ee4\u786e\u8ba4\u662f\u5426\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662f\u9ed8\u8ba4\u7684KVM\u3002\u7f16\u8f91 /etc/nova/nova.conf \u7684 [libvirt] \u90e8\u5206\uff1a [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e\u3002 \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08arm64\uff09 \u5904\u7406\u5668\u4e3aarm64\u67b6\u6784\u65f6\uff0c\u53ef\u901a\u8fc7\u8fd0\u884c\u5982\u4e0b\u547d\u4ee4\u786e\u8ba4\u662f\u5426\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff1a virt-host-validate # \u8be5\u547d\u4ee4\u7531libvirt\u63d0\u4f9b\uff0c\u6b64\u65f6libvirt\u5e94\u5df2\u4f5c\u4e3aopenstack-nova-compute\u4f9d\u8d56\u88ab\u5b89\u88c5\uff0c\u73af\u5883\u4e2d\u5df2\u6709\u6b64\u547d\u4ee4 \u663e\u793aFAIL\u65f6\uff0c\u8868\u793a\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662f\u9ed8\u8ba4\u7684KVM\u3002 QEMU: Checking if device /dev/kvm exists: FAIL (Check that CPU and firmware supports virtualization and kvm module is loaded) \u7f16\u8f91 /etc/nova/nova.conf \u7684 [libvirt] \u90e8\u5206\uff1a [libvirt] virt_type = qemu \u663e\u793aPASS\u65f6\uff0c\u8868\u793a\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e\u3002 QEMU: Checking if device /dev/kvm exists: PASS \u914d\u7f6eqemu\uff08\u4ec5arm64\uff09 \u4ec5\u5f53\u5904\u7406\u5668\u4e3aarm64\u67b6\u6784\u65f6\u9700\u8981\u6267\u884c\u6b64\u64cd\u4f5c\u3002 \u7f16\u8f91 /etc/libvirt/qemu.conf : nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u7f16\u8f91 /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } \u542f\u52a8\u670d\u52a1 systemctl enable libvirtd.service openstack-nova-compute.service systemctl start libvirtd.service openstack-nova-compute.service Controller\u8282\u70b9 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u786e\u8ba4nova-compute\u670d\u52a1\u5df2\u8bc6\u522b\u5230\u6570\u636e\u5e93\u4e2d\uff1a openstack compute service list --service nova-compute \u53d1\u73b0\u8ba1\u7b97\u8282\u70b9\uff0c\u5c06\u8ba1\u7b97\u8282\u70b9\u6dfb\u52a0\u5230cell\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova \u7ed3\u679c\u5982\u4e0b\uff1a Modules with known eventlet monkey patching issues were imported prior to eventlet monkey patching: urllib3. This warning can usually be ignored if the caller is only importing and not executing nova code. Found 2 cell mappings. Skipping cell0 since it does not contain hosts. Getting computes from cell 'cell1': 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2 Checking host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e Creating host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e Found 1 unmapped computes in cell: 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2 \u9a8c\u8bc1 \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check","title":"Nova"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#neutron","text":"Neutron\u662fOpenStack\u7684\u7f51\u7edc\u670d\u52a1\uff0c\u63d0\u4f9b\u865a\u62df\u4ea4\u6362\u673a\u3001IP\u8def\u7531\u3001DHCP\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u670d\u52a1\u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u7528\u6237\u548c\u670d\u52a1\uff0c\u5e76\u8bb0\u4f4f\u521b\u5efaneutron\u7528\u6237\u65f6\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6eNEUTRON_PASS\uff1a source ~/.admin-openrc openstack user create --domain default --password-prompt neutron openstack role add --project service --user neutron admin openstack service create --name neutron --description \"OpenStack Networking\" network \u90e8\u7f72 Neutron API \u670d\u52a1\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 openstack endpoint create --region RegionOne network internal http://controller:9696 openstack endpoint create --region RegionOne network admin http://controller:9696 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install -y openstack-neutron openstack-neutron-linuxbridge ebtables ipset openstack-neutron-ml2 3. \u914d\u7f6eNeutron \u4fee\u6539/etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron [DEFAULT] core_plugin = ml2 service_plugins = router allow_overlapping_ips = true transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = nova password = NOVA_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp [experimental] linuxbridge = true \u914d\u7f6eML2\uff0cML2\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge** \u4fee\u6539/etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u4fee\u6539/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u914d\u7f6eLayer-3\u4ee3\u7406 \u4fee\u6539/etc/neutron/l3_agent.ini [DEFAULT] interface_driver = linuxbridge \u914d\u7f6eDHCP\u4ee3\u7406 \u4fee\u6539/etc/neutron/dhcp_agent.ini [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u914d\u7f6emetadata\u4ee3\u7406 \u4fee\u6539/etc/neutron/metadata_agent.ini [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u914d\u7f6enova\u670d\u52a1\u4f7f\u7528neutron\uff0c\u4fee\u6539/etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542fnova api\u670d\u52a1 systemctl restart openstack-nova-api \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service systemctl start neutron-server.service neutron-linuxbridge-agent.service \\ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service Compute\u8282\u70b9 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-neutron-linuxbridge ebtables ipset -y \u914d\u7f6eNeutron \u4fee\u6539/etc/neutron/neutron.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u4fee\u6539/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u914d\u7f6enova compute\u670d\u52a1\u4f7f\u7528neutron\uff0c\u4fee\u6539/etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS \u91cd\u542fnova-compute\u670d\u52a1 systemctl restart openstack-nova-compute.service \u542f\u52a8Neutron linuxbridge agent\u670d\u52a1 systemctl enable neutron-linuxbridge-agent systemctl start neutron-linuxbridge-agent","title":"Neutron"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#cinder","text":"Cinder\u662fOpenStack\u7684\u5b58\u50a8\u670d\u52a1\uff0c\u63d0\u4f9b\u5757\u8bbe\u5907\u7684\u521b\u5efa\u3001\u53d1\u653e\u3001\u5907\u4efd\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \uff1a \u521d\u59cb\u5316\u6570\u636e\u5e93 CINDER_DBPASS \u662f\u7528\u6237\u81ea\u5b9a\u4e49\u7684cinder\u6570\u636e\u5e93\u5bc6\u7801\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u521d\u59cb\u5316Keystone\u8d44\u6e90\u5bf9\u8c61 source ~/.admin-openrc #\u521b\u5efa\u7528\u6237\u65f6\uff0c\u547d\u4ee4\u884c\u4f1a\u63d0\u793a\u8f93\u5165\u5bc6\u7801\uff0c\u8bf7\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u5bc6\u7801\uff0c\u4e0b\u6587\u6d89\u53ca\u5230`CINDER_PASS`\u7684\u5730\u65b9\u66ff\u6362\u6210\u8be5\u5bc6\u7801\u5373\u53ef\u3002 openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s 3. \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-cinder-api openstack-cinder-scheduler \u4fee\u6539cinder\u914d\u7f6e\u6587\u4ef6 /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 192.168.0.2 [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp \u6570\u636e\u5e93\u540c\u6b65 su -s /bin/sh -c \"cinder-manage db sync\" cinder \u4fee\u6539nova\u914d\u7f6e /etc/nova/nova.conf [cinder] os_region_name = RegionOne \u542f\u52a8\u670d\u52a1 systemctl restart openstack-nova-api systemctl start openstack-cinder-api openstack-cinder-scheduler Storage\u8282\u70b9 \uff1a Storage\u8282\u70b9\u8981\u63d0\u524d\u51c6\u5907\u81f3\u5c11\u4e00\u5757\u786c\u76d8\uff0c\u4f5c\u4e3acinder\u7684\u5b58\u50a8\u540e\u7aef\uff0c\u4e0b\u6587\u9ed8\u8ba4storage\u8282\u70b9\u5df2\u7ecf\u5b58\u5728\u4e00\u5757\u672a\u4f7f\u7528\u7684\u786c\u76d8\uff0c\u8bbe\u5907\u540d\u79f0\u4e3a /dev/sdb \uff0c\u7528\u6237\u5728\u914d\u7f6e\u8fc7\u7a0b\u4e2d\uff0c\u8bf7\u6309\u7167\u771f\u5b9e\u73af\u5883\u4fe1\u606f\u8fdb\u884c\u540d\u79f0\u66ff\u6362\u3002 Cinder\u652f\u6301\u5f88\u591a\u7c7b\u578b\u7684\u540e\u7aef\u5b58\u50a8\uff0c\u672c\u6307\u5bfc\u4f7f\u7528\u6700\u7b80\u5355\u7684lvm\u4e3a\u53c2\u8003\uff0c\u5982\u679c\u60a8\u60f3\u4f7f\u7528\u5982ceph\u7b49\u5176\u4ed6\u540e\u7aef\uff0c\u8bf7\u81ea\u884c\u914d\u7f6e\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils openstack-cinder-volume openstack-cinder-backup \u914d\u7f6elvm\u5377\u7ec4 pvcreate /dev/sdb vgcreate cinder-volumes /dev/sdb \u4fee\u6539cinder\u914d\u7f6e /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 192.168.0.4 enabled_backends = lvm glance_api_servers = http://controller:9292 [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = cinder password = CINDER_PASS [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver volume_group = cinder-volumes target_protocol = iscsi target_helper = lioadm [oslo_concurrency] lock_path = /var/lib/cinder/tmp \u914d\u7f6ecinder backup \uff08\u53ef\u9009\uff09 cinder-backup\u662f\u53ef\u9009\u7684\u5907\u4efd\u670d\u52a1\uff0ccinder\u540c\u6837\u652f\u6301\u5f88\u591a\u79cd\u5907\u4efd\u540e\u7aef\uff0c\u672c\u6587\u4f7f\u7528swift\u5b58\u50a8\uff0c\u5982\u679c\u60a8\u60f3\u4f7f\u7528\u5982NFS\u7b49\u540e\u7aef\uff0c\u8bf7\u81ea\u884c\u914d\u7f6e\uff0c\u4f8b\u5982\u53ef\u4ee5\u53c2\u8003 OpenStack\u5b98\u65b9\u6587\u6863 \u5bf9NFS\u7684\u914d\u7f6e\u8bf4\u660e\u3002 \u4fee\u6539 /etc/cinder/cinder.conf \uff0c\u5728 [DEFAULT] \u4e2d\u65b0\u589e [DEFAULT] backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver backup_swift_url = SWIFT_URL \u8fd9\u91cc\u7684 SWIFT_URL \u662f\u6307\u73af\u5883\u4e2dswift\u670d\u52a1\u7684URL\uff0c\u5728\u90e8\u7f72\u5b8cswift\u670d\u52a1\u540e\uff0c\u6267\u884c openstack catalog show object-store \u547d\u4ee4\u83b7\u53d6\u3002 \u542f\u52a8\u670d\u52a1 systemctl start openstack-cinder-volume target systemctl start openstack-cinder-backup (\u53ef\u9009) \u81f3\u6b64\uff0cCinder\u670d\u52a1\u7684\u90e8\u7f72\u5df2\u5168\u90e8\u5b8c\u6210\uff0c\u53ef\u4ee5\u5728controller\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u8fdb\u884c\u7b80\u5355\u7684\u9a8c\u8bc1 source ~/.admin-openrc openstack storage service list openstack volume list","title":"Cinder"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#horizon","text":"Horizon\u662fOpenStack\u63d0\u4f9b\u7684\u524d\u7aef\u9875\u9762\uff0c\u53ef\u4ee5\u8ba9\u7528\u6237\u901a\u8fc7\u7f51\u9875\u9f20\u6807\u7684\u64cd\u4f5c\u6765\u63a7\u5236OpenStack\u96c6\u7fa4\uff0c\u800c\u4e0d\u7528\u7e41\u7410\u7684CLI\u547d\u4ee4\u884c\u3002Horizon\u4e00\u822c\u90e8\u7f72\u5728\u63a7\u5236\u8282\u70b9\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-dashboard \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] OPENSTACK_KEYSTONE_URL = \"http://controller:5000/v3\" SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f\u670d\u52a1 systemctl restart httpd \u81f3\u6b64\uff0chorizon\u670d\u52a1\u7684\u90e8\u7f72\u5df2\u5168\u90e8\u5b8c\u6210\uff0c\u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165 http://192.168.0.2/dashboard \uff0c\u6253\u5f00horizon\u767b\u5f55\u9875\u9762\u3002","title":"Horizon"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASS'; MariaDB [(none)]> exit Bye \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 \u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 \u66ff\u6362 IRONIC_PASS \u4e3aironic\u7528\u6237\u5bc6\u7801\uff0c IRONIC_INSPECTOR_PASS \u4e3aironic_inspector\u7528\u6237\u5bc6\u7801\u3002 openstack user create --password IRONIC_PASS \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASS --email ironic_inspector@example.com ironic-inspector openstack role add --project service --user ironic-inspector admin \u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal public http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal internal http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://192.168.0.2:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://192.168.0.2:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://192.168.0.2:5050/v1 \u5b89\u88c5\u7ec4\u4ef6 dnf install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf \u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASS \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQ LAlchemy connection string used to connect to the # database (string value) # connection = mysql+pymysql://ironic:IRONIC_DBPASS@DB_IP/ironic connection = mysql+pymysql://ironic:IRONIC_DBPASS@controller/ironic \u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) # transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq \u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASS \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s % (user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) # www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 www_authenticate_uri=http://controller:5000 # Complete admin Identity API endpoint. (string value) # auth_url=http://PRIVATE_IDENTITY_IP:5000 auth_url=http://controller:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASS # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none \u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema \u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 \u5982\u4e0b\u4e3aironic-conductor\u670d\u52a1\u81ea\u8eab\u7684\u6807\u51c6\u914d\u7f6e\uff0cironic-conductor\u670d\u52a1\u53ef\u4ee5\u4e0eironic-api\u670d\u52a1\u5206\u5e03\u4e8e\u4e0d\u540c\u8282\u70b9\uff0c\u672c\u6307\u5357\u4e2d\u5747\u90e8\u7f72\u4e0e\u63a7\u5236\u8282\u70b9\uff0c\u6240\u4ee5\u91cd\u590d\u7684\u914d\u7f6e\u9879\u53ef\u8df3\u8fc7\u3002 \u66ff\u6362\u4f7f\u7528conductor\u670d\u52a1\u6240\u5728host\u7684IP\u914d\u7f6emy_ip\uff1a [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) # my_ip=HOST_IP my_ip = 192.168.0.2 \u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASS \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASS@controller/ironic \u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq \u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c \u66ff\u6362IRONIC_PASS\u4e3aironic\u7528\u6237\u5bc6\u7801\u3002 [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASS # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public # \u5176\u4ed6\u53c2\u8003\u914d\u7f6e [glance] endpoint_override = http://controller:9292 www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 auth_type = password username = ironic password = IRONIC_PASS project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service [service_catalog] region_name = RegionOne project_domain_id = default user_domain_id = default project_name = service password = IRONIC_PASS username = ironic auth_url = http://controller:5000 auth_type = password \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] endpoint_override = <NEUTRON_API_ADDRESS> \u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 \u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u5b89\u88c5\u7ec4\u4ef6 dnf install openstack-ironic-inspector \u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASS'; MariaDB [(none)]> exit Bye \u914d\u7f6e /etc/ironic-inspector/inspector.conf \u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASS \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801 [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASS@controller/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 \u914d\u7f6e\u6d88\u606f\u961f\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s % (user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://controller:5000 www_authenticate_uri = http://controller:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = controller:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True \u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=192.168.0.40,192.168.0.50 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log \u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c \u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade \u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 dnf install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd deploy ramdisk\u955c\u50cf\u4e0b\u8f7d\u6216\u5236\u4f5c \u90e8\u7f72\u4e00\u4e2a\u88f8\u673a\u8282\u70b9\u603b\u5171\u9700\u8981\u4e24\u7ec4\u955c\u50cf\uff1adeploy ramdisk images\u548cuser images\u3002Deploy ramdisk images\u4e0a\u8fd0\u884c\u6709ironic-python-agent(IPA)\u670d\u52a1\uff0cIronic\u901a\u8fc7\u5b83\u8fdb\u884c\u88f8\u673a\u8282\u70b9\u7684\u73af\u5883\u51c6\u5907\u3002User images\u662f\u6700\u7ec8\u88ab\u5b89\u88c5\u88f8\u673a\u8282\u70b9\u4e0a\uff0c\u4f9b\u7528\u6237\u4f7f\u7528\u7684\u955c\u50cf\u3002 ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent-builder\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002\u82e5\u4f7f\u7528\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \uff0c\u540c\u65f6\u5b98\u65b9\u4e5f\u6709\u63d0\u4f9b\u5236\u4f5c\u597d\u7684deploy\u955c\u50cf\uff0c\u53ef\u5c1d\u8bd5\u4e0b\u8f7d\u3002 \u4e0b\u6587\u4ecb\u7ecd\u901a\u8fc7ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder dnf install python3-ironic-python-agent-builder \u6216 pip3 install ironic-python-agent-builder dnf install qemu-img git \u5236\u4f5c\u955c\u50cf \u57fa\u672c\u7528\u6cd5\uff1a usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--lzma] [--extra-args EXTRA_ARGS] [--elements-path ELEMENTS_PATH] distribution positional arguments: distribution Distribution to use options: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic-python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --lzma Use lzma compression for smaller images --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder --elements-path ELEMENTS_PATH Path(s) to custom DIB elements separated by a colon \u64cd\u4f5c\u5b9e\u4f8b\uff1a # -o\u9009\u9879\u6307\u5b9a\u751f\u6210\u7684\u955c\u50cf\u540d # ubuntu\u6307\u5b9a\u751f\u6210ubuntu\u7cfb\u7edf\u7684\u955c\u50cf ironic-python-agent-builder -o my-ubuntu-ipa ubuntu \u53ef\u901a\u8fc7\u8bbe\u7f6e ARCH \u73af\u5883\u53d8\u91cf\uff08\u9ed8\u8ba4\u4e3aamd64\uff09\u6307\u5b9a\u6240\u6784\u5efa\u955c\u50cf\u7684\u67b6\u6784\u3002\u5982\u679c\u662f arm \u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a export ARCH=aarch64 \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf,\u8bbe\u7f6e\u7528\u6237\u540d\u3001\u5bc6\u7801\uff0c\u542f\u7528 sodo \u6743\u9650\uff1b\u5e76\u6dfb\u52a0 -e \u9009\u9879\u4f7f\u7528\u76f8\u5e94\u7684DIB\u5143\u7d20\u3002\u5236\u4f5c\u955c\u50cf\u64cd\u4f5c\u5982\u4e0b\uff1a export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder -o my-ssh-ubuntu-ipa -e selinux-permissive -e devuser ubuntu \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=stable/2023.1 # \u6307\u5b9a\u672c\u5730\u4ed3\u5e93\u53ca\u5206\u652f DIB_REPOLOCATION_ironic_python_agent=/home/user/path/to/repo DIB_REPOREF_ironic_python_agent=my-test-branch ironic-python-agent-builder ubuntu \u53c2\u8003\uff1a source-repositories \u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\u3002 \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a \u5f53\u524d\u7248\u672c\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ ramdisk\u955c\u50cf\u4e2d\u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 \u7f16\u8f91/usr/lib/systemd/system/ironic-python-agent.service\u6587\u4ef6 [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target","title":"Ironic"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2atrove\u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684trove\u6570\u636e\u5e93\uff0c\u66ff\u6362TROVE_DBPASS\u4e3a\u5408\u9002\u7684\u5bc6\u7801\u3002 CREATE DATABASE trove CHARACTER SET utf8; GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' IDENTIFIED BY 'TROVE_DBPASS'; GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' IDENTIFIED BY 'TROVE_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 # \u521b\u5efatrove\u7528\u6237 openstack user create --domain default --password-prompt trove # \u6dfb\u52a0admin\u89d2\u8272 openstack role add --project service --user trove admin # \u521b\u5efadatabase\u670d\u52a1 openstack service create --name trove --description \"Database service\" database \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5Trove\u3002 dnf install openstack-trove python-troveclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 \u7f16\u8f91/etc/trove/trove.conf\u3002 [DEFAULT] bind_host=192.168.0.2 log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver network_label_regex=.* management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] auth_url = http://controller:5000/v3/ auth_type = password project_domain_name = Default project_name = service user_domain_name = Default password = trove username = TROVE_PASS [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = trove password = TROVE_PASS [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u63a7\u5236\u8282\u70b9\u7684IP\u3002\\ transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801\u3002\\ [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f\u3002\\ Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801\u3002 \u7f16\u8f91/etc/trove/trove-guestagent.conf\u3002 [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df\u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a\u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002\\ transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801\u3002\\ Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801\u3002\\ \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 \u6570\u636e\u5e93\u540c\u6b65\u3002 su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-trove-api.service openstack-trove-taskmanager.service \\ openstack-trove-conductor.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#swift","text":"Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 Controller\u8282\u70b9 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 # \u521b\u5efaswift\u7528\u6237 openstack user create --domain default --password-prompt swift # \u6dfb\u52a0admin\u89d2\u8272 openstack role add --project service --user swift admin # \u521b\u5efa\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5Swift\u3002 dnf install openstack-swift-proxy python3-swiftclient python3-keystoneclient \\ python3-keystonemiddleware memcached \u914d\u7f6eproxy-server\u3002 Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cSWIFT_PASS\u5373\u53ef\u3002 vim /etc/swift/proxy-server.conf [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = swift password = SWIFT_PASS delay_auth_decision = True service_token_roles_required = True Storage\u8282\u70b9 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305\u3002 dnf install openstack-swift-account openstack-swift-container openstack-swift-object dnf install xfsprogs rsync \u5c06\u8bbe\u5907/dev/sdb\u548c/dev/sdc\u683c\u5f0f\u5316\u4e3aXFS\u3002 mkfs.xfs /dev/sdb mkfs.xfs /dev/sdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u3002 mkdir -p /srv/node/sdb mkdir -p /srv/node/sdc \u627e\u5230\u65b0\u5206\u533a\u7684UUID\u3002 blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d\u3002 UUID=\"<UUID-from-output-above>\" /srv/node/sdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/sdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\u3002 mount /srv/node/sdb mount /srv/node/sdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e\u3002 \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u914d\u7f6e\u5b58\u50a8\u8282\u70b9\u3002 \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 [DEFAULT] bind_ip = 192.168.0.4 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743\u3002 chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\u3002 mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift Controller\u8282\u70b9\u521b\u5efa\u5e76\u5206\u53d1\u73af \u521b\u5efa\u8d26\u53f7\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840 account.builder \u6587\u4ef6\u3002 swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder account.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS \\ --port 6202 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u8d26\u53f7\u73af\u5185\u5bb9\u3002 swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u8d26\u53f7\u73af\u3002 swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\u3002 swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder container.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u5bb9\u5668\u73af\u5185\u5bb9\u3002 swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u5bb9\u5668\u73af\u3002 swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\u3002 swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder object.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS \\ --port 6200 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u5bf9\u8c61\u73af\u5185\u5bb9\u3002 swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u5bf9\u8c61\u73af\u3002 swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\u3002 \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/swift/swift.conf\u3002 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\u3002 chown -R root:swift /etc/swift \u5b8c\u6210\u5b89\u88c5 \u5728\u63a7\u5236\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\u3002 systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\u3002 systemctl enable openstack-swift-account.service \\ openstack-swift-account-auditor.service \\ openstack-swift-account-reaper.service \\ openstack-swift-account-replicator.service \\ openstack-swift-container.service \\ openstack-swift-container-auditor.service \\ openstack-swift-container-replicator.service \\ openstack-swift-container-updater.service \\ openstack-swift-object.service \\ openstack-swift-object-auditor.service \\ openstack-swift-object-replicator.service \\ openstack-swift-object-updater.service systemctl start openstack-swift-account.service \\ openstack-swift-account-auditor.service \\ openstack-swift-account-reaper.service \\ openstack-swift-account-replicator.service \\ openstack-swift-container.service \\ openstack-swift-container-auditor.service \\ openstack-swift-container-replicator.service \\ openstack-swift-container-updater.service \\ openstack-swift-object.service \\ openstack-swift-object-auditor.service \\ openstack-swift-object-replicator.service \\ openstack-swift-object-updater.service","title":"Swift"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#cyborg","text":"Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 Controller\u8282\u70b9 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 mysql -u root -p MariaDB [(none)]> CREATE DATABASE cyborg; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u7528\u6237\u548c\u670d\u52a1\uff0c\u5e76\u8bb0\u4f4f\u521b\u5efacybory\u7528\u6237\u65f6\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6eCYBORG_PASS source ~/.admin-openrc openstack user create --domain default --password-prompt cyborg openstack role add --project service --user cyborg admin openstack service create --name cyborg --description \"Acceleration Service\" accelerator \u4f7f\u7528uwsgi\u90e8\u7f72Cyborg api\u670d\u52a1 openstack endpoint create --region RegionOne accelerator public http://controller/accelerator/v2 openstack endpoint create --region RegionOne accelerator internal http://controller/accelerator/v2 openstack endpoint create --region RegionOne accelerator admin http://controller/accelerator/v2 \u5b89\u88c5Cyborg dnf install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [api] host_ip = 0.0.0.0 [database] connection = mysql+pymysql://cyborg:CYBORG_DBPASS@controller/cyborg [service_catalog] cafile = /opt/stack/data/ca-bundle.pem project_domain_id = default user_domain_id = default project_name = service password = CYBORG_PASS username = cyborg auth_url = http://controller:5000/v3/ auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = password username = PLACEMENT_PASS auth_url = http://controller:5000/v3/ auth_type = password auth_section = keystone_authtoken [nova] project_domain_name = Default project_name = service user_domain_name = Default password = NOVA_PASS username = nova auth_url = http://controller:5000/v3/ auth_type = password auth_section = keystone_authtoken [keystone_authtoken] memcached_servers = localhost:11211 signing_dir = /var/cache/cyborg/api cafile = /opt/stack/data/ca-bundle.pem project_domain_name = Default project_name = service user_domain_name = Default password = CYBORG_PASS username = cyborg auth_url = http://controller:5000/v3/ auth_type = password \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent","title":"Cyborg"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#aodh","text":"Aodh\u53ef\u4ee5\u6839\u636e\u7531Ceilometer\u6216\u8005Gnocchi\u6536\u96c6\u7684\u76d1\u63a7\u6570\u636e\u521b\u5efa\u544a\u8b66\uff0c\u5e76\u8bbe\u7f6e\u89e6\u53d1\u89c4\u5219\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh\u3002 dnf install openstack-aodh-api openstack-aodh-evaluator \\ openstack-aodh-notifier openstack-aodh-listener \\ openstack-aodh-expirer python3-aodhclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/aodh/aodh.conf [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u540c\u6b65\u6570\u636e\u5e93\u3002 aodh-dbsync \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service \\ openstack-aodh-notifier.service openstack-aodh-listener.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service \\ openstack-aodh-notifier.service openstack-aodh-listener.service","title":"Aodh"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#gnocchi","text":"Gnocchi\u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u65f6\u95f4\u5e8f\u5217\u6570\u636e\u5e93\uff0c\u53ef\u4ee5\u5bf9\u63a5Ceilometer\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi\u3002 dnf install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. # coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u540c\u6b65\u6570\u636e\u5e93\u3002 gnocchi-upgrade \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service","title":"Gnocchi"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#ceilometer","text":"Ceilometer\u662fOpenStack\u4e2d\u8d1f\u8d23\u6570\u636e\u6536\u96c6\u7684\u670d\u52a1\u3002 Controller\u8282\u70b9 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer\u8f6f\u4ef6\u5305\u3002 dnf install openstack-ceilometer-notification openstack-ceilometer-central \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/pipeline.yaml\u3002 publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/ceilometer.conf\u3002 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u6570\u636e\u5e93\u540c\u6b65\u3002 ceilometer-upgrade \u5b8c\u6210\u63a7\u5236\u8282\u70b9Ceilometer\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Compute\u8282\u70b9 \u5b89\u88c5Ceilometer\u8f6f\u4ef6\u5305\u3002 dnf install openstack-ceilometer-compute dnf install openstack-ceilometer-ipmi # \u53ef\u9009 \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/ceilometer.conf\u3002 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_url = http://controller:5000 project_domain_id = default user_domain_id = default auth_type = password username = ceilometer project_name = service password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/nova/nova.conf\u3002 [DEFAULT] instance_usage_audit = True instance_usage_audit_period = hour [notifications] notify_on_state_change = vm_and_task_state [oslo_messaging_notifications] driver = messagingv2 \u5b8c\u6210\u5b89\u88c5\u3002 systemctl enable openstack-ceilometer-compute.service systemctl start openstack-ceilometer-compute.service systemctl enable openstack-ceilometer-ipmi.service # \u53ef\u9009 systemctl start openstack-ceilometer-ipmi.service # \u53ef\u9009 # \u91cd\u542fnova-compute\u670d\u52a1 systemctl restart openstack-nova-compute.service","title":"Ceilometer"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#heat","text":"Heat\u662f OpenStack \u81ea\u52a8\u7f16\u6392\u670d\u52a1\uff0c\u57fa\u4e8e\u63cf\u8ff0\u6027\u7684\u6a21\u677f\u6765\u7f16\u6392\u590d\u5408\u4e91\u5e94\u7528\uff0c\u4e5f\u79f0\u4e3a Orchestration Service \u3002Heat \u7684\u5404\u670d\u52a1\u4e00\u822c\u5b89\u88c5\u5728 Controller \u8282\u70b9\u4e0a\u3002 Controller\u8282\u70b9 \u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE heat; MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 source ~/.admin-openrc openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f \u521b\u5efa heat domain openstack domain create --description \"Stack projects and users\" heat \u5728 heat domain\u4e0b\u521b\u5efa heat_domain_admin \u7528\u6237\uff0c\u5e76\u8bb0\u4e0b\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6e\u4e0b\u9762\u7684 HEAT_DOMAIN_PASS openstack user create --domain heat --password-prompt heat_domain_admin \u4e3a heat_domain_admin \u7528\u6237\u589e\u52a0 admin \u89d2\u8272 openstack role add --domain heat --user-domain heat --user heat_domain_admin admin \u521b\u5efa heat_stack_owner \u89d2\u8272 openstack role create heat_stack_owner \u521b\u5efa heat_stack_user \u89d2\u8272 openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service","title":"Heat"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 Controller\u8282\u70b9 \uff1a \u5b89\u88c5Tempest dnf install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Antelope\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a dnf install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin","title":"Tempest"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#openstack-sigoos","text":"oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 oos\u5de5\u5177\u5728\u4e0d\u65ad\u6f14\u8fdb\uff0c\u517c\u5bb9\u6027\u3001\u53ef\u7528\u6027\u4e0d\u80fd\u65f6\u523b\u4fdd\u8bc1\uff0c\u5efa\u8bae\u4f7f\u7528\u5df2\u9a8c\u8bc1\u7684\u672c\u7248\uff0c\u8fd9\u91cc\u9009\u62e9 1.3.1 pip install openstack-sig-tool==1.3.1 \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff0cAK/SK\u662f\u7528\u6237\u7684\u534e\u4e3a\u4e91\u767b\u5f55\u5bc6\u94a5\uff0c\u5176\u4ed6\u914d\u7f6e\u4fdd\u6301\u9ed8\u8ba4\u5373\u53ef\uff08\u9ed8\u8ba4\u4f7f\u7528\u65b0\u52a0\u5761region\uff09\uff0c\u9700\u8981\u63d0\u524d\u5728\u4e91\u4e0a\u521b\u5efa\u5bf9\u5e94\u7684\u8d44\u6e90\uff0c\u5305\u62ec\uff1a \u4e00\u4e2a\u5b89\u5168\u7ec4\uff0c\u540d\u5b57\u9ed8\u8ba4\u662f oos \u4e00\u4e2aopenEuler\u955c\u50cf\uff0c\u540d\u79f0\u683c\u5f0f\u662fopenEuler-%(release)s-%(arch)s\uff0c\u4f8b\u5982 openEuler-24.03-arm64 \u4e00\u4e2aVPC\uff0c\u540d\u79f0\u662f oos_vpc \u8be5VPC\u4e0b\u9762\u4e24\u4e2a\u5b50\u7f51\uff0c\u540d\u79f0\u662f oos_subnet1 \u3001 oos_subnet2 [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668(\u53ea\u5728openEuler LTS\u4e0a\u652f\u6301) \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 24.03 LTS\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 24.03-lts -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r antelope \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u6267\u884ctempest\u6d4b\u8bd5 \u7528\u6237\u53ef\u4ee5\u4f7f\u7528oos\u81ea\u52a8\u6267\u884c\uff1a oos env test test-oos \u4e5f\u53ef\u4ee5\u624b\u52a8\u767b\u5f55\u76ee\u6807\u8282\u70b9\uff0c\u8fdb\u5165\u6839\u76ee\u5f55\u4e0b\u7684 mytest \u76ee\u5f55\uff0c\u624b\u52a8\u6267\u884c tempest run \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u8df3\u8fc7\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u5728\u7b2c4\u6b65\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 \u88ab\u7eb3\u7ba1\u7684\u865a\u673a\u9700\u8981\u4fdd\u8bc1\uff1a \u81f3\u5c11\u6709\u4e00\u5f20\u7ed9oos\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e neutron_dataplane_interface_name \u81f3\u5c11\u6709\u4e00\u5757\u7ed9oos\u4f7f\u7528\u7684\u786c\u76d8\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e cinder_block_device \u5982\u679c\u8981\u90e8\u7f72swift\u670d\u52a1\uff0c\u5219\u9700\u8981\u65b0\u589e\u4e00\u5757\u786c\u76d8\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e swift_storage_devices # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 24.03-lts -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"\u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u90e8\u7f72"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/","text":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 OpenStack \u7b80\u4ecb \u00b6 OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 24.03-LTS \u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Wallaby \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002 \u7ea6\u5b9a \u00b6 OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a CinderSP1 Nova Neutron \u51c6\u5907\u73af\u5883 \u00b6 \u73af\u5883\u914d\u7f6e \u00b6 \u914d\u7f6e 24.03 LTS \u5b98\u65b9 yum \u6e90\uff0c\u9700\u8981\u542f\u7528 EPOL \u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301 OpenStack yum update yum install openstack-release-wallaby yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-24.03-LTS/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-24.03-LTS/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute \u5b89\u88c5 SQL DataBase \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef \u5b89\u88c5 RabbitMQ \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5 Memcached \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u5b89\u88c5 OpenStack \u00b6 Keystone \u5b89\u88c5 \u00b6 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Placement\u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a source ~/.admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name Nova \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [libvirt] virt_type = qemu (CPT) cpu_mode = custom (CPT) cpu_model = cortex-a72 (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] vim /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } (CPT) \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL) Neutron \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service systemctl enable neutron-l3-agent.service systemctl restart openstack-nova-api.service neutron-server.service (CTL) neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list Cinder \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list horizon \u5b89\u88c5 \u00b6 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740 Tempest \u5b89\u88c5 \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Wallaby\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin Ironic \u5b89\u88c5 \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://172.20.19.13:5050/v1 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop transport_url = rabbit://openstack:RABBITPASSWD@controller:5672/ enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:123456@172.20.19.25:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 3\u3001\u914d\u7f6e\u6d88\u606f\u5ea6\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 4\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://control:5000 www_authenticate_uri = http://control:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = control:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True 5\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 6\u3001\u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c 7\u3001\u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\uff1a ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade 8\u3001\u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service 6.\u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7.deploy ramdisk\u955c\u50cf\u5236\u4f5c W\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528W\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\uff0c\u5982\u4e0b\uff1a \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a ![ironic-err](../../img/install/ironic-err.png) \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a w\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 1. \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a ``` [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ``` 2) ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 ``` [DEFAULT] enable_auto_tls = False ``` \u8bbe\u7f6e\u6743\u9650\uff1a ``` chown -R ipa.ipa /etc/ironic_python_agent/ ``` 3. \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service ``` [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target ``` Kolla \u5b89\u88c5 \u00b6 Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 24.03 LTS\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002 Trove \u5b89\u88c5 \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 1.\u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; 2.\u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s 3.\u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 yum install openstack-trove python-troveclient 2. \u914d\u7f6e trove.conf vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] project_domain_name = Default project_name = service user_domain_name = Default password = trove username = trove auth_url = http://controller:5000/v3/ auth_type = password [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = trove project_domain_name = Default user_domain_name = Default username = trove [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 3.\u914d\u7f6e trove-guestagent.conf vim /etc/trove/trove-guestagent.conf [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 4.\u751f\u6210\u6570\u636e Trove \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"trove-manage db_sync\" trove 4.\u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Swift \u5b89\u88c5 \u00b6 Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** 4.\u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: ```shell yum install xfsprogs rsync ``` \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS ```shell mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc ``` \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: ```shell mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc ``` \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: ```shell blkid ``` \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: ```shell UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 ``` \u6302\u8f7d\u8bbe\u5907\uff1a ```shell mount /srv/node/vdb mount /srv/node/vdc ``` ***\u6ce8\u610f*** **\u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e** \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: ```shell [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock ``` **\u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740** \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: ```shell systemctl enable rsyncd.service systemctl start rsyncd.service ``` 5.\u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: ```shell yum install openstack-swift-account openstack-swift-container openstack-swift-object ``` \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: ```shell chown -R swift:swift /srv/node ``` \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a ```shell mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift ``` 6.\u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 ```shell cd /etc/swift ``` \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: ```shell swift-ring-builder account.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a ```shell swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f *** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder account.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder account.builder rebalance ``` 7.\u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230`/etc/swift`\u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840`container.builder`\u6587\u4ef6\uff1a ```shell swift-ring-builder container.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a ```shell swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f*** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder container.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder container.builder rebalance ``` 8.\u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230`/etc/swift`\u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840`object.builder`\u6587\u4ef6\uff1a ```shell swift-ring-builder object.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d ```shell swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f *** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder object.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder object.builder rebalance ``` \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06`account.ring.gz`\uff0c`container.ring.gz`\u4ee5\u53ca `object.ring.gz`\u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684`/etc/swift`\u76ee\u5f55\u3002 9.\u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service Cyborg \u5b89\u88c5 \u00b6 Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 1.\u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 3.\u5b89\u88c5Cyborg yum install openstack-cyborg 4.\u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f 5.\u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade 6.\u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent Aodh \u5b89\u88c5 \u00b6 1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 3.\u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u6ce8\u610f aodh\u4f9d\u8d56\u7684\u8f6f\u4ef6\u5305pytho3-pyparsing\u5728openEuler\u7684OS\u4ed3\u4e0d\u9002\u914d\uff0c\u9700\u8981\u8986\u76d6\u5b89\u88c5OpenStack\u5bf9\u5e94\u7248\u672c\uff0c\u53ef\u4ee5\u4f7f\u7528 yum list |grep pyparsing |grep OpenStack | awk '{print $2}' \u83b7\u53d6\u5bf9\u5e94\u7684\u7248\u672c VERSION,\u7136\u540e\u518d yum install -y python3-pyparsing-VERSION \u8986\u76d6\u5b89\u88c5\u9002\u914d\u7684pyparsing 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync 6.\u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service Gnocchi \u5b89\u88c5 \u00b6 1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 3.\u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade 6.\u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service Ceilometer \u5b89\u88c5 \u00b6 1.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering 2.\u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central 3.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade 6.\u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Heat \u5b89\u88c5 \u00b6 1.\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; 2.\u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin 3.\u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 4.\u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user 5.\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine 6.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 7.\u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat 8.\u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 \u00b6 oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 oos\u5de5\u5177\u5728\u4e0d\u65ad\u6f14\u8fdb\uff0c\u517c\u5bb9\u6027\u3001\u53ef\u7528\u6027\u4e0d\u80fd\u65f6\u523b\u4fdd\u8bc1\uff0c\u5efa\u8bae\u4f7f\u7528\u5df2\u9a8c\u8bc1\u7684\u672c\u7248\uff0c\u8fd9\u91cc\u9009\u62e9 1.3.1 pip install openstack-sig-tool==1.3.1 \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 24.03-LTS\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 24.03-lts -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r wallaby \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 24.03-lts -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"openEuler-24.03-LTS_Wallaby"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#openstack-wallaby","text":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72","title":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#openstack","text":"OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 24.03-LTS \u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Wallaby \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002","title":"OpenStack \u7b80\u4ecb"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#_1","text":"OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a CinderSP1 Nova Neutron","title":"\u7ea6\u5b9a"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#_2","text":"","title":"\u51c6\u5907\u73af\u5883"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#_3","text":"\u914d\u7f6e 24.03 LTS \u5b98\u65b9 yum \u6e90\uff0c\u9700\u8981\u542f\u7528 EPOL \u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301 OpenStack yum update yum install openstack-release-wallaby yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-24.03-LTS/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-24.03-LTS/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute","title":"\u73af\u5883\u914d\u7f6e"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#sql-database","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef","title":"\u5b89\u88c5 SQL DataBase"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#rabbitmq","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5 RabbitMQ"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#memcached","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002","title":"\u5b89\u88c5 Memcached"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#openstack_1","text":"","title":"\u5b89\u88c5 OpenStack"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#keystone","text":"\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#glance","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#placement","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a source ~/.admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name","title":"Placement\u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#nova","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [libvirt] virt_type = qemu (CPT) cpu_mode = custom (CPT) cpu_model = cortex-a72 (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] vim /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } (CPT) \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL)","title":"Nova \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#neutron","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service systemctl enable neutron-l3-agent.service systemctl restart openstack-nova-api.service neutron-server.service (CTL) neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list","title":"Neutron \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#cinder","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list","title":"Cinder \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#horizon","text":"\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740","title":"horizon \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Wallaby\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin","title":"Tempest \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://172.20.19.13:5050/v1 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop transport_url = rabbit://openstack:RABBITPASSWD@controller:5672/ enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:123456@172.20.19.25:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 3\u3001\u914d\u7f6e\u6d88\u606f\u5ea6\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 4\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://control:5000 www_authenticate_uri = http://control:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = control:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True 5\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 6\u3001\u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c 7\u3001\u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\uff1a ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade 8\u3001\u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service 6.\u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7.deploy ramdisk\u955c\u50cf\u5236\u4f5c W\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528W\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\uff0c\u5982\u4e0b\uff1a \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a ![ironic-err](../../img/install/ironic-err.png) \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a w\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 1. \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a ``` [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ``` 2) ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 ``` [DEFAULT] enable_auto_tls = False ``` \u8bbe\u7f6e\u6743\u9650\uff1a ``` chown -R ipa.ipa /etc/ironic_python_agent/ ``` 3. \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service ``` [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target ```","title":"Ironic \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#kolla","text":"Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 24.03 LTS\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002","title":"Kolla \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 1.\u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; 2.\u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s 3.\u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 yum install openstack-trove python-troveclient 2. \u914d\u7f6e trove.conf vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] project_domain_name = Default project_name = service user_domain_name = Default password = trove username = trove auth_url = http://controller:5000/v3/ auth_type = password [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = trove project_domain_name = Default user_domain_name = Default username = trove [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 3.\u914d\u7f6e trove-guestagent.conf vim /etc/trove/trove-guestagent.conf [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 4.\u751f\u6210\u6570\u636e Trove \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"trove-manage db_sync\" trove 4.\u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#swift","text":"Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** 4.\u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: ```shell yum install xfsprogs rsync ``` \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS ```shell mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc ``` \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: ```shell mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc ``` \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: ```shell blkid ``` \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: ```shell UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 ``` \u6302\u8f7d\u8bbe\u5907\uff1a ```shell mount /srv/node/vdb mount /srv/node/vdc ``` ***\u6ce8\u610f*** **\u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e** \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: ```shell [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock ``` **\u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740** \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: ```shell systemctl enable rsyncd.service systemctl start rsyncd.service ``` 5.\u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: ```shell yum install openstack-swift-account openstack-swift-container openstack-swift-object ``` \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: ```shell chown -R swift:swift /srv/node ``` \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a ```shell mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift ``` 6.\u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 ```shell cd /etc/swift ``` \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: ```shell swift-ring-builder account.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a ```shell swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f *** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder account.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder account.builder rebalance ``` 7.\u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230`/etc/swift`\u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840`container.builder`\u6587\u4ef6\uff1a ```shell swift-ring-builder container.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a ```shell swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f*** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder container.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder container.builder rebalance ``` 8.\u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230`/etc/swift`\u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840`object.builder`\u6587\u4ef6\uff1a ```shell swift-ring-builder object.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d ```shell swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f *** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder object.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder object.builder rebalance ``` \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06`account.ring.gz`\uff0c`container.ring.gz`\u4ee5\u53ca `object.ring.gz`\u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684`/etc/swift`\u76ee\u5f55\u3002 9.\u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service","title":"Swift \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#cyborg","text":"Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 1.\u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 3.\u5b89\u88c5Cyborg yum install openstack-cyborg 4.\u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f 5.\u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade 6.\u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent","title":"Cyborg \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#aodh","text":"1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 3.\u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u6ce8\u610f aodh\u4f9d\u8d56\u7684\u8f6f\u4ef6\u5305pytho3-pyparsing\u5728openEuler\u7684OS\u4ed3\u4e0d\u9002\u914d\uff0c\u9700\u8981\u8986\u76d6\u5b89\u88c5OpenStack\u5bf9\u5e94\u7248\u672c\uff0c\u53ef\u4ee5\u4f7f\u7528 yum list |grep pyparsing |grep OpenStack | awk '{print $2}' \u83b7\u53d6\u5bf9\u5e94\u7684\u7248\u672c VERSION,\u7136\u540e\u518d yum install -y python3-pyparsing-VERSION \u8986\u76d6\u5b89\u88c5\u9002\u914d\u7684pyparsing 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync 6.\u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service","title":"Aodh \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#gnocchi","text":"1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 3.\u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade 6.\u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service","title":"Gnocchi \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#ceilometer","text":"1.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering 2.\u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central 3.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade 6.\u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service","title":"Ceilometer \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#heat","text":"1.\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; 2.\u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin 3.\u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 4.\u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user 5.\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine 6.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 7.\u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat 8.\u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service","title":"Heat \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#openstack-sigoos","text":"oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 oos\u5de5\u5177\u5728\u4e0d\u65ad\u6f14\u8fdb\uff0c\u517c\u5bb9\u6027\u3001\u53ef\u7528\u6027\u4e0d\u80fd\u65f6\u523b\u4fdd\u8bc1\uff0c\u5efa\u8bae\u4f7f\u7528\u5df2\u9a8c\u8bc1\u7684\u672c\u7248\uff0c\u8fd9\u91cc\u9009\u62e9 1.3.1 pip install openstack-sig-tool==1.3.1 \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 24.03-LTS\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 24.03-lts -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r wallaby \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 24.03-lts -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"\u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/","text":"OpenStack Antelope \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack Antelope \u90e8\u7f72\u6307\u5357 \u57fa\u4e8eRPM\u90e8\u7f72 \u73af\u5883\u51c6\u5907 \u65f6\u949f\u540c\u6b65 \u5b89\u88c5\u6570\u636e\u5e93 \u5b89\u88c5\u6d88\u606f\u961f\u5217 \u5b89\u88c5\u7f13\u5b58\u670d\u52a1 \u90e8\u7f72\u670d\u52a1 Keystone Glance Placement Nova Neutron Cinder Horizon Ironic Trove Swift Cyborg Aodh Gnocchi Ceilometer Heat Tempest \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u90e8\u7f72 \u672c\u6587\u6863\u662f openEuler OpenStack SIG \u7f16\u5199\u7684\u57fa\u4e8e |openEuler 24.03 LTS SP1 \u7684 OpenStack \u90e8\u7f72\u6307\u5357\uff0c\u5185\u5bb9\u7531 SIG \u8d21\u732e\u8005\u63d0\u4f9b\u3002\u5728\u9605\u8bfb\u8fc7\u7a0b\u4e2d\uff0c\u5982\u679c\u60a8\u6709\u4efb\u4f55\u7591\u95ee\u6216\u8005\u53d1\u73b0\u4efb\u4f55\u95ee\u9898\uff0c\u8bf7 \u8054\u7cfb SIG\u7ef4\u62a4\u4eba\u5458\uff0c\u6216\u8005\u76f4\u63a5 \u63d0\u4ea4issue \u7ea6\u5b9a \u672c\u7ae0\u8282\u63cf\u8ff0\u6587\u6863\u4e2d\u7684\u4e00\u4e9b\u901a\u7528\u7ea6\u5b9a\u3002 \u540d\u79f0 \u5b9a\u4e49 RABBIT_PASS rabbitmq\u7684\u5bc6\u7801\uff0c\u7531\u7528\u6237\u8bbe\u7f6e\uff0c\u5728OpenStack\u5404\u4e2a\u670d\u52a1\u914d\u7f6e\u4e2d\u4f7f\u7528 CINDER_PASS cinder\u670d\u52a1keystone\u7528\u6237\u7684\u5bc6\u7801\uff0c\u5728cinder\u914d\u7f6e\u4e2d\u4f7f\u7528 CINDER_DBPASS cinder\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728cinder\u914d\u7f6e\u4e2d\u4f7f\u7528 KEYSTONE_DBPASS keystone\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728keystone\u914d\u7f6e\u4e2d\u4f7f\u7528 GLANCE_PASS glance\u670d\u52a1keystone\u7528\u6237\u7684\u5bc6\u7801\uff0c\u5728glance\u914d\u7f6e\u4e2d\u4f7f\u7528 GLANCE_DBPASS glance\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728glance\u914d\u7f6e\u4e2d\u4f7f\u7528 HEAT_PASS \u5728keystone\u6ce8\u518c\u7684heat\u7528\u6237\u5bc6\u7801\uff0c\u5728heat\u914d\u7f6e\u4e2d\u4f7f\u7528 HEAT_DBPASS heat\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728heat\u914d\u7f6e\u4e2d\u4f7f\u7528 CYBORG_PASS \u5728keystone\u6ce8\u518c\u7684cyborg\u7528\u6237\u5bc6\u7801\uff0c\u5728cyborg\u914d\u7f6e\u4e2d\u4f7f\u7528 CYBORG_DBPASS cyborg\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728cyborg\u914d\u7f6e\u4e2d\u4f7f\u7528 NEUTRON_PASS \u5728keystone\u6ce8\u518c\u7684neutron\u7528\u6237\u5bc6\u7801\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 NEUTRON_DBPASS neutron\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 PROVIDER_INTERFACE_NAME \u7269\u7406\u7f51\u7edc\u63a5\u53e3\u7684\u540d\u79f0\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 OVERLAY_INTERFACE_IP_ADDRESS Controller\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406ip\u5730\u5740\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 METADATA_SECRET metadata proxy\u7684secret\u5bc6\u7801\uff0c\u5728nova\u548cneutron\u914d\u7f6e\u4e2d\u4f7f\u7528 PLACEMENT_DBPASS placement\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728placement\u914d\u7f6e\u4e2d\u4f7f\u7528 PLACEMENT_PASS \u5728keystone\u6ce8\u518c\u7684placement\u7528\u6237\u5bc6\u7801\uff0c\u5728placement\u914d\u7f6e\u4e2d\u4f7f\u7528 NOVA_DBPASS nova\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728nova\u914d\u7f6e\u4e2d\u4f7f\u7528 NOVA_PASS \u5728keystone\u6ce8\u518c\u7684nova\u7528\u6237\u5bc6\u7801\uff0c\u5728nova,cyborg,neutron\u7b49\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_DBPASS ironic\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728ironic\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_PASS \u5728keystone\u6ce8\u518c\u7684ironic\u7528\u6237\u5bc6\u7801\uff0c\u5728ironic\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_INSPECTOR_DBPASS ironic-inspector\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728ironic-inspector\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_INSPECTOR_PASS \u5728keystone\u6ce8\u518c\u7684ironic-inspector\u7528\u6237\u5bc6\u7801\uff0c\u5728ironic-inspector\u914d\u7f6e\u4e2d\u4f7f\u7528 OpenStack SIG \u63d0\u4f9b\u4e86\u591a\u79cd\u57fa\u4e8e openEuler \u90e8\u7f72 OpenStack \u7684\u65b9\u6cd5\uff0c\u4ee5\u6ee1\u8db3\u4e0d\u540c\u7684\u7528\u6237\u573a\u666f\uff0c\u8bf7\u6309\u9700\u9009\u62e9\u3002 \u57fa\u4e8eRPM\u90e8\u7f72 \u00b6 \u73af\u5883\u51c6\u5907 \u00b6 \u672c\u6587\u6863\u57fa\u4e8eOpenStack\u7ecf\u5178\u7684\u4e09\u8282\u70b9\u73af\u5883\u8fdb\u884c\u90e8\u7f72\uff0c\u4e09\u4e2a\u8282\u70b9\u5206\u522b\u662f\u63a7\u5236\u8282\u70b9(Controller)\u3001\u8ba1\u7b97\u8282\u70b9(Compute)\u3001\u5b58\u50a8\u8282\u70b9(Storage)\uff0c\u5176\u4e2d\u5b58\u50a8\u8282\u70b9\u4e00\u822c\u53ea\u90e8\u7f72\u5b58\u50a8\u670d\u52a1\uff0c\u5728\u8d44\u6e90\u6709\u9650\u7684\u60c5\u51b5\u4e0b\uff0c\u53ef\u4ee5\u4e0d\u5355\u72ec\u90e8\u7f72\u8be5\u8282\u70b9\uff0c\u628a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u670d\u52a1\u90e8\u7f72\u5230\u8ba1\u7b97\u8282\u70b9\u5373\u53ef\u3002 \u9996\u5148\u51c6\u5907\u4e09\u4e2a|openEuler 24.03 LTS SP1\u73af\u5883\uff0c\u6839\u636e\u60a8\u7684\u73af\u5883\uff0c\u4e0b\u8f7d\u5bf9\u5e94\u7684\u955c\u50cf\u5e76\u5b89\u88c5\u5373\u53ef\uff1a ISO\u955c\u50cf \u3001 qcow2\u955c\u50cf \u3002 \u4e0b\u9762\u7684\u5b89\u88c5\u6309\u7167\u5982\u4e0b\u62d3\u6251\u8fdb\u884c\uff1a controller\uff1a192.168.0.2 compute\uff1a 192.168.0.3 storage\uff1a 192.168.0.4 \u5982\u679c\u60a8\u7684\u73af\u5883IP\u4e0d\u540c\uff0c\u8bf7\u6309\u7167\u60a8\u7684\u73af\u5883IP\u4fee\u6539\u76f8\u5e94\u7684\u914d\u7f6e\u6587\u4ef6\u3002 \u672c\u6587\u6863\u7684\u4e09\u8282\u70b9\u670d\u52a1\u62d3\u6251\u5982\u4e0b\u56fe\u6240\u793a(\u53ea\u5305\u542bKeystone\u3001Glance\u3001Nova\u3001Cinder\u3001Neutron\u8fd9\u51e0\u4e2a\u6838\u5fc3\u670d\u52a1\uff0c\u5176\u4ed6\u670d\u52a1\u8bf7\u53c2\u8003\u5177\u4f53\u90e8\u7f72\u7ae0\u8282)\uff1a \u5728\u6b63\u5f0f\u90e8\u7f72\u4e4b\u524d\uff0c\u9700\u8981\u5bf9\u6bcf\u4e2a\u8282\u70b9\u505a\u5982\u4e0b\u914d\u7f6e\u548c\u68c0\u67e5\uff1a \u914d\u7f6e |openEuler 24.03 LTS SP1 \u5b98\u65b9 yum \u6e90\uff0c\u9700\u8981\u542f\u7528 EPOL \u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301 OpenStack yum update yum install openstack-release-antelope yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP1/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-24.03-LTS-SP1/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u6bcf\u4e2a\u8282\u70b9\u5206\u522b\u4fee\u6539\u4e3b\u673a\u540d\uff0c\u4ee5controller\u4e3a\u4f8b\uff1a hostnamectl set-hostname controller vi /etc/hostname \u5185\u5bb9\u4fee\u6539\u4e3acontroller \u7136\u540e\u4fee\u6539\u6bcf\u4e2a\u8282\u70b9\u7684 /etc/hosts \u6587\u4ef6\uff0c\u65b0\u589e\u5982\u4e0b\u5185\u5bb9: 192.168.0.2 controller 192.168.0.3 compute 192.168.0.4 storage \u65f6\u949f\u540c\u6b65 \u00b6 \u96c6\u7fa4\u73af\u5883\u65f6\u523b\u8981\u6c42\u6bcf\u4e2a\u8282\u70b9\u7684\u65f6\u95f4\u4e00\u81f4\uff0c\u4e00\u822c\u7531\u65f6\u949f\u540c\u6b65\u8f6f\u4ef6\u4fdd\u8bc1\u3002\u672c\u6587\u4f7f\u7528 chrony \u8f6f\u4ef6\u3002\u6b65\u9aa4\u5982\u4e0b\uff1a Controller\u8282\u70b9 \uff1a \u5b89\u88c5\u670d\u52a1 dnf install chrony \u4fee\u6539 /etc/chrony.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u65b0\u589e\u4e00\u884c # \u8868\u793a\u5141\u8bb8\u54ea\u4e9bIP\u4ece\u672c\u8282\u70b9\u540c\u6b65\u65f6\u949f allow 192.168.0.0/24 \u91cd\u542f\u670d\u52a1 systemctl restart chronyd \u5176\u4ed6\u8282\u70b9 \u5b89\u88c5\u670d\u52a1 dnf install chrony \u4fee\u6539 /etc/chrony.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u65b0\u589e\u4e00\u884c # NTP_SERVER\u662fcontroller IP\uff0c\u8868\u793a\u4ece\u8fd9\u4e2a\u673a\u5668\u83b7\u53d6\u65f6\u95f4\uff0c\u8fd9\u91cc\u6211\u4eec\u586b192.168.0.2\uff0c\u6216\u8005\u5728`/etc/hosts`\u91cc\u914d\u7f6e\u597d\u7684controller\u540d\u5b57\u5373\u53ef\u3002 server NTP_SERVER iburst \u540c\u65f6\uff0c\u8981\u628a pool pool.ntp.org iburst \u8fd9\u4e00\u884c\u6ce8\u91ca\u6389\uff0c\u8868\u793a\u4e0d\u4ece\u516c\u7f51\u540c\u6b65\u65f6\u949f\u3002 \u91cd\u542f\u670d\u52a1 systemctl restart chronyd \u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u68c0\u67e5\u4e00\u4e0b\u7ed3\u679c\uff0c\u5728\u5176\u4ed6\u975econtroller\u8282\u70b9\u6267\u884c chronyc sources \uff0c\u8fd4\u56de\u7ed3\u679c\u7c7b\u4f3c\u5982\u4e0b\u5185\u5bb9\uff0c\u8868\u793a\u6210\u529f\u4ececontroller\u540c\u6b65\u65f6\u949f\u3002 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* 192.168.0.2 4 6 7 0 -1406ns[ +55us] +/- 16ms \u5b89\u88c5\u6570\u636e\u5e93 \u00b6 \u6570\u636e\u5e93\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528mariadb\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install mysql-config mariadb mariadb-server python3-PyMySQL \u65b0\u589e\u914d\u7f6e\u6587\u4ef6 /etc/my.cnf.d/openstack.cnf \uff0c\u5185\u5bb9\u5982\u4e0b [mysqld] bind-address = 192.168.0.2 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u542f\u52a8\u670d\u52a1\u5668 systemctl start mariadb \u521d\u59cb\u5316\u6570\u636e\u5e93\uff0c\u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef mysql_secure_installation \u793a\u4f8b\u5982\u4e0b\uff1a NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and haven't set the root password yet, you should just press enter here. Enter current password for root (enter for none): #\u8fd9\u91cc\u8f93\u5165\u5bc6\u7801\uff0c\u7531\u4e8e\u6211\u4eec\u662f\u521d\u59cb\u5316DB\uff0c\u76f4\u63a5\u56de\u8f66\u5c31\u884c OK, successfully used password, moving on... Setting the root password or using the unix_socket ensures that nobody can log into the MariaDB root user without the proper authorisation. You already have your root account protected, so you can safely answer 'n'. # \u8fd9\u91cc\u6839\u636e\u63d0\u793a\u8f93\u5165N Switch to unix_socket authentication [Y/n] N Enabled successfully! Reloading privilege tables.. ... Success! You already have your root account protected, so you can safely answer 'n'. # \u8f93\u5165Y\uff0c\u4fee\u6539\u5bc6\u7801 Change the root password? [Y/n] Y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. # \u8f93\u5165Y\uff0c\u5220\u9664\u533f\u540d\u7528\u6237 Remove anonymous users? [Y/n] Y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. # \u8f93\u5165Y\uff0c\u5173\u95edroot\u8fdc\u7a0b\u767b\u5f55\u6743\u9650 Disallow root login remotely? [Y/n] Y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. # \u8f93\u5165Y\uff0c\u5220\u9664test\u6570\u636e\u5e93 Remove test database and access to it? [Y/n] Y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. # \u8f93\u5165Y\uff0c\u91cd\u8f7d\u914d\u7f6e Reload privilege tables now? [Y/n] Y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. \u9a8c\u8bc1\uff0c\u6839\u636e\u7b2c\u56db\u6b65\u8bbe\u7f6e\u7684\u5bc6\u7801\uff0c\u68c0\u67e5\u662f\u5426\u80fd\u767b\u5f55mariadb mysql -uroot -p \u5b89\u88c5\u6d88\u606f\u961f\u5217 \u00b6 \u6d88\u606f\u961f\u5217\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528rabbitmq\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install rabbitmq-server \u542f\u52a8\u670d\u52a1 systemctl start rabbitmq-server \u914d\u7f6eopenstack\u7528\u6237\uff0c RABBIT_PASS \u662fopenstack\u670d\u52a1\u767b\u5f55\u6d88\u606f\u961f\u91cc\u7684\u5bc6\u7801\uff0c\u9700\u8981\u548c\u540e\u9762\u5404\u4e2a\u670d\u52a1\u7684\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\u3002 rabbitmqctl add_user openstack RABBIT_PASS rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5\u7f13\u5b58\u670d\u52a1 \u00b6 \u6d88\u606f\u961f\u5217\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528Memcached\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install memcached python3-memcached \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u542f\u52a8\u670d\u52a1 systemctl start memcached \u90e8\u7f72\u670d\u52a1 \u00b6 Keystone \u00b6 Keystone\u662fOpenStack\u63d0\u4f9b\u7684\u9274\u6743\u670d\u52a1\uff0c\u662f\u6574\u4e2aOpenStack\u7684\u5165\u53e3\uff0c\u63d0\u4f9b\u4e86\u79df\u6237\u9694\u79bb\u3001\u7528\u6237\u8ba4\u8bc1\u3001\u670d\u52a1\u53d1\u73b0\u7b49\u529f\u80fd\uff0c\u5fc5\u987b\u5b89\u88c5\u3002 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server \u6253\u5f00httpd.conf\u5e76\u914d\u7f6e #\u9700\u8981\u4fee\u6539\u7684\u914d\u7f6e\u6587\u4ef6\u8def\u5f84 vim /etc/httpd/conf/httpd.conf #\u4fee\u6539\u4ee5\u4e0b\u9879\uff0c\u5982\u679c\u6ca1\u6709\u5219\u65b0\u6dfb\u52a0 ServerName controller \u521b\u5efa\u8f6f\u94fe\u63a5 ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles \u9700\u8981\u5148\u5b89\u88c5python3-openstackclient dnf install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u00b6 Glance\u662fOpenStack\u63d0\u4f9b\u7684\u955c\u50cf\u670d\u52a1\uff0c\u8d1f\u8d23\u865a\u62df\u673a\u3001\u88f8\u673a\u955c\u50cf\u7684\u4e0a\u4f20\u4e0e\u4e0b\u8f7d\uff0c\u5fc5\u987b\u5b89\u88c5\u3002 Controller\u8282\u70b9 \uff1a \u521b\u5efa glance \u6570\u636e\u5e93\u5e76\u6388\u6743 mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521d\u59cb\u5316 glance \u8d44\u6e90\u5bf9\u8c61 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efa\u7528\u6237\u65f6\uff0c\u547d\u4ee4\u884c\u4f1a\u63d0\u793a\u8f93\u5165\u5bc6\u7801\uff0c\u8bf7\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u5bc6\u7801\uff0c\u4e0b\u6587\u6d89\u53ca\u5230 GLANCE_PASS \u7684\u5730\u65b9\u66ff\u6362\u6210\u8be5\u5bc6\u7801\u5373\u53ef\u3002 openstack user create --domain default --password-prompt glance User Password: Repeat User Password: \u6dfb\u52a0glance\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user glance admin \u521b\u5efaglance\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efaglance API\u670d\u52a1\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-glance \u4fee\u6539 glance \u914d\u7f6e\u6587\u4ef6 vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u5bfc\u5165\u73af\u5883\u53d8\u91cf sorce ~/.admin-openrcu \u4e0b\u8f7d\u955c\u50cf x86\u955c\u50cf\u4e0b\u8f7d\uff1a wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img arm\u955c\u50cf\u4e0b\u8f7d\uff1a wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-aarch64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Placement \u00b6 Placement\u662fOpenStack\u63d0\u4f9b\u7684\u8d44\u6e90\u8c03\u5ea6\u7ec4\u4ef6\uff0c\u4e00\u822c\u4e0d\u9762\u5411\u7528\u6237\uff0c\u7531Nova\u7b49\u7ec4\u4ef6\u8c03\u7528\uff0c\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\u3002 \u5b89\u88c5\u3001\u914d\u7f6ePlacement\u670d\u52a1\u524d\uff0c\u9700\u8981\u5148\u521b\u5efa\u76f8\u5e94\u7684\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548cAPI endpoints\u3002 \u521b\u5efa\u6570\u636e\u5e93 \u4f7f\u7528root\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\u670d\u52a1\uff1a mysql -u root -p \u521b\u5efaplacement\u6570\u636e\u5e93\uff1a MariaDB [(none)]> CREATE DATABASE placement; \u6388\u6743\u6570\u636e\u5e93\u8bbf\u95ee\uff1a MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; \u66ff\u6362 PLACEMENT_DBPASS \u4e3aplacement\u6570\u636e\u5e93\u8bbf\u95ee\u5bc6\u7801\u3002 \u9000\u51fa\u6570\u636e\u5e93\u8bbf\u95ee\u5ba2\u6237\u7aef\uff1a exit \u914d\u7f6e\u7528\u6237\u548cEndpoints source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u521b\u5efaplacement\u7528\u6237\u5e76\u8bbe\u7f6e\u7528\u6237\u5bc6\u7801\uff1a openstack user create --domain default --password-prompt placement User Password: Repeat User Password: \u6dfb\u52a0placement\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user placement admin \u521b\u5efaplacement\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name placement \\ --description \"Placement API\" placement \u521b\u5efaPlacement API\u670d\u52a1endpoints\uff1a openstack endpoint create --region RegionOne \\ placement public http://controller:8778 openstack endpoint create --region RegionOne \\ placement internal http://controller:8778 openstack endpoint create --region RegionOne \\ placement admin http://controller:8778 \u5b89\u88c5\u53ca\u914d\u7f6e\u7ec4\u4ef6 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a dnf install openstack-placement-api \u7f16\u8f91 /etc/placement/placement.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u5b8c\u6210\u5982\u4e0b\u64cd\u4f5c\uff1a \u5728 [placement_database] \u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1a [placement_database] connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement \u66ff\u6362 PLACEMENT_DBPASS \u4e3aplacement\u6570\u636e\u5e93\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u6570\u636e\u5e93\u540c\u6b65\uff0c\u586b\u5145Placement\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8\u670d\u52a1 \u91cd\u542fhttpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650 source ~/.admin-openrc \u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a placement-status upgrade check +----------------------------------------------------------------------+ | Upgrade Check Results | +----------------------------------------------------------------------+ | Check: Missing Root Provider IDs | | Result: Success | | Details: None | +----------------------------------------------------------------------+ | Check: Incomplete Consumers | | Result: Success | | Details: None | +----------------------------------------------------------------------+ | Check: Policy File JSON to YAML Migration | | Result: Failure | | Details: Your policy file is JSON-formatted which is deprecated. You | | need to switch to YAML-formatted file. Use the | | ``oslopolicy-convert-json-to-yaml`` tool to convert the | | existing JSON-formatted files to YAML in a backwards- | | compatible manner: https://docs.openstack.org/oslo.policy/ | | latest/cli/oslopolicy-convert-json-to-yaml.html. | +----------------------------------------------------------------------+ \u8fd9\u91cc\u53ef\u4ee5\u770b\u5230 Policy File JSON to YAML Migration \u7684\u7ed3\u679c\u4e3aFailure\u3002\u8fd9\u662f\u56e0\u4e3a\u5728Placement\u4e2d\uff0cJSON\u683c\u5f0f\u7684policy\u6587\u4ef6\u4eceWallaby\u7248\u672c\u5f00\u59cb\u5df2\u5904\u4e8e deprecated \u72b6\u6001\u3002\u53ef\u4ee5\u53c2\u8003\u63d0\u793a\uff0c\u4f7f\u7528 oslopolicy-convert-json-to-yaml \u5de5\u5177 \u5c06\u73b0\u6709\u7684JSON\u683c\u5f0fpolicy\u6587\u4ef6\u8f6c\u5316\u4e3aYAML\u683c\u5f0f\u3002 oslopolicy-convert-json-to-yaml --namespace placement \\ --policy-file /etc/placement/policy.json \\ --output-file /etc/placement/policy.yaml mv /etc/placement/policy.json{,.bak} \u6ce8\uff1a\u5f53\u524d\u73af\u5883\u4e2d\u6b64\u95ee\u9898\u53ef\u5ffd\u7565\uff0c\u4e0d\u5f71\u54cd\u8fd0\u884c\u3002 \u9488\u5bf9placement API\u8fd0\u884c\u547d\u4ee4\uff1a \u5b89\u88c5osc-placement\u63d2\u4ef6\uff1a dnf install python3-osc-placement \u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a openstack --os-placement-api-version 1.2 resource class list --sort-column name +----------------------------+ | name | +----------------------------+ | DISK_GB | | FPGA | | ... | openstack --os-placement-api-version 1.6 trait list --sort-column name +---------------------------------------+ | name | +---------------------------------------+ | COMPUTE_ACCELERATORS | | COMPUTE_ARCH_AARCH64 | | ... | Nova \u00b6 Nova\u662fOpenStack\u7684\u8ba1\u7b97\u670d\u52a1\uff0c\u8d1f\u8d23\u865a\u62df\u673a\u7684\u521b\u5efa\u3001\u53d1\u653e\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u521b\u5efa\u6570\u636e\u5e93 \u4f7f\u7528root\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\u670d\u52a1\uff1a mysql -u root -p \u521b\u5efa nova_api \u3001 nova \u548c nova_cell0 \u6570\u636e\u5e93\uff1a MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; \u6388\u6743\u6570\u636e\u5e93\u8bbf\u95ee\uff1a MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; \u66ff\u6362 NOVA_DBPASS \u4e3anova\u76f8\u5173\u6570\u636e\u5e93\u8bbf\u95ee\u5bc6\u7801\u3002 \u9000\u51fa\u6570\u636e\u5e93\u8bbf\u95ee\u5ba2\u6237\u7aef\uff1a exit \u914d\u7f6e\u7528\u6237\u548cEndpoints source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u521b\u5efanova\u7528\u6237\u5e76\u8bbe\u7f6e\u7528\u6237\u5bc6\u7801\uff1a openstack user create --domain default --password-prompt nova User Password: Repeat User Password: \u6dfb\u52a0nova\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user nova admin \u521b\u5efanova\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name nova \\ --description \"OpenStack Compute\" compute \u521b\u5efaNova API\u670d\u52a1endpoints\uff1a openstack endpoint create --region RegionOne \\ compute public http://controller:8774/v2.1 openstack endpoint create --region RegionOne \\ compute internal http://controller:8774/v2.1 openstack endpoint create --region RegionOne \\ compute admin http://controller:8774/v2.1 \u5b89\u88c5\u53ca\u914d\u7f6e\u7ec4\u4ef6 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a dnf install openstack-nova-api openstack-nova-conductor \\ openstack-nova-novncproxy openstack-nova-scheduler \u7f16\u8f91 /etc/nova/nova.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u5b8c\u6210\u5982\u4e0b\u64cd\u4f5c\uff1a \u5728 [default] \u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u4f7f\u7528controller\u8282\u70b9\u7ba1\u7406IP\u914d\u7f6emy_ip\uff0c\u663e\u5f0f\u5b9a\u4e49log_dir\uff1a [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 192.168.0.2 log_dir = /var/log/nova state_path = /var/lib/nova \u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002 \u5728 [api_database] \u548c [database] \u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1a [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova \u66ff\u6362 NOVA_DBPASS \u4e3anova\u76f8\u5173\u6570\u636e\u5e93\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u5728 [vnc] \u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1a [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip \u5728 [glance] \u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1a [glance] api_servers = http://controller:9292 \u5728 [oslo_concurrency] \u90e8\u5206\uff0c\u914d\u7f6elock path\uff1a [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\uff1a [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u6570\u636e\u5e93\u540c\u6b65\uff1a \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova \u542f\u52a8\u670d\u52a1 systemctl enable \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service Compute\u8282\u70b9 \u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-nova-compute \u7f16\u8f91 /etc/nova/nova.conf \u914d\u7f6e\u6587\u4ef6 \u5728 [default] \u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u4f7f\u7528Compute\u8282\u70b9\u7ba1\u7406IP\u914d\u7f6emy_ip\uff0c\u663e\u5f0f\u5b9a\u4e49compute_driver\u3001instances_path\u3001log_dir\uff1a [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 192.168.0.3 compute_driver = libvirt.LibvirtDriver instances_path = /var/lib/nova/instances log_dir = /var/log/nova \u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u5728 [vnc] \u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1a [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html \u5728 [glance] \u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1a [glance] api_servers = http://controller:9292 \u5728 [oslo_concurrency] \u90e8\u5206\uff0c\u914d\u7f6elock path\uff1a [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\uff1a [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86_64\uff09 \u5904\u7406\u5668\u4e3ax86_64\u67b6\u6784\u65f6\uff0c\u53ef\u901a\u8fc7\u8fd0\u884c\u5982\u4e0b\u547d\u4ee4\u786e\u8ba4\u662f\u5426\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662f\u9ed8\u8ba4\u7684KVM\u3002\u7f16\u8f91 /etc/nova/nova.conf \u7684 [libvirt] \u90e8\u5206\uff1a [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e\u3002 \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08arm64\uff09 \u5904\u7406\u5668\u4e3aarm64\u67b6\u6784\u65f6\uff0c\u53ef\u901a\u8fc7\u8fd0\u884c\u5982\u4e0b\u547d\u4ee4\u786e\u8ba4\u662f\u5426\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff1a virt-host-validate # \u8be5\u547d\u4ee4\u7531libvirt\u63d0\u4f9b\uff0c\u6b64\u65f6libvirt\u5e94\u5df2\u4f5c\u4e3aopenstack-nova-compute\u4f9d\u8d56\u88ab\u5b89\u88c5\uff0c\u73af\u5883\u4e2d\u5df2\u6709\u6b64\u547d\u4ee4 \u663e\u793aFAIL\u65f6\uff0c\u8868\u793a\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662f\u9ed8\u8ba4\u7684KVM\u3002 QEMU: Checking if device /dev/kvm exists: FAIL (Check that CPU and firmware supports virtualization and kvm module is loaded) \u7f16\u8f91 /etc/nova/nova.conf \u7684 [libvirt] \u90e8\u5206\uff1a [libvirt] virt_type = qemu \u663e\u793aPASS\u65f6\uff0c\u8868\u793a\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e\u3002 QEMU: Checking if device /dev/kvm exists: PASS \u914d\u7f6eqemu\uff08\u4ec5arm64\uff09 \u4ec5\u5f53\u5904\u7406\u5668\u4e3aarm64\u67b6\u6784\u65f6\u9700\u8981\u6267\u884c\u6b64\u64cd\u4f5c\u3002 \u7f16\u8f91 /etc/libvirt/qemu.conf : nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u7f16\u8f91 /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } \u542f\u52a8\u670d\u52a1 systemctl enable libvirtd.service openstack-nova-compute.service systemctl start libvirtd.service openstack-nova-compute.service Controller\u8282\u70b9 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u786e\u8ba4nova-compute\u670d\u52a1\u5df2\u8bc6\u522b\u5230\u6570\u636e\u5e93\u4e2d\uff1a openstack compute service list --service nova-compute \u53d1\u73b0\u8ba1\u7b97\u8282\u70b9\uff0c\u5c06\u8ba1\u7b97\u8282\u70b9\u6dfb\u52a0\u5230cell\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova \u7ed3\u679c\u5982\u4e0b\uff1a Modules with known eventlet monkey patching issues were imported prior to eventlet monkey patching: urllib3. This warning can usually be ignored if the caller is only importing and not executing nova code. Found 2 cell mappings. Skipping cell0 since it does not contain hosts. Getting computes from cell 'cell1': 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2 Checking host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e Creating host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e Found 1 unmapped computes in cell: 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2 \u9a8c\u8bc1 \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check Neutron \u00b6 Neutron\u662fOpenStack\u7684\u7f51\u7edc\u670d\u52a1\uff0c\u63d0\u4f9b\u865a\u62df\u4ea4\u6362\u673a\u3001IP\u8def\u7531\u3001DHCP\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u670d\u52a1\u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u7528\u6237\u548c\u670d\u52a1\uff0c\u5e76\u8bb0\u4f4f\u521b\u5efaneutron\u7528\u6237\u65f6\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6eNEUTRON_PASS\uff1a source ~/.admin-openrc openstack user create --domain default --password-prompt neutron openstack role add --project service --user neutron admin openstack service create --name neutron --description \"OpenStack Networking\" network \u90e8\u7f72 Neutron API \u670d\u52a1\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 openstack endpoint create --region RegionOne network internal http://controller:9696 openstack endpoint create --region RegionOne network admin http://controller:9696 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install -y openstack-neutron openstack-neutron-linuxbridge ebtables ipset openstack-neutron-ml2 3. \u914d\u7f6eNeutron \u4fee\u6539/etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron [DEFAULT] core_plugin = ml2 service_plugins = router allow_overlapping_ips = true transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = nova password = NOVA_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp [experimental] linuxbridge = true \u914d\u7f6eML2\uff0cML2\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge** \u4fee\u6539/etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u4fee\u6539/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u914d\u7f6eLayer-3\u4ee3\u7406 \u4fee\u6539/etc/neutron/l3_agent.ini [DEFAULT] interface_driver = linuxbridge \u914d\u7f6eDHCP\u4ee3\u7406 \u4fee\u6539/etc/neutron/dhcp_agent.ini [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u914d\u7f6emetadata\u4ee3\u7406 \u4fee\u6539/etc/neutron/metadata_agent.ini [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u914d\u7f6enova\u670d\u52a1\u4f7f\u7528neutron\uff0c\u4fee\u6539/etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542fnova api\u670d\u52a1 systemctl restart openstack-nova-api \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service systemctl start neutron-server.service neutron-linuxbridge-agent.service \\ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service Compute\u8282\u70b9 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-neutron-linuxbridge ebtables ipset -y \u914d\u7f6eNeutron \u4fee\u6539/etc/neutron/neutron.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u4fee\u6539/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u914d\u7f6enova compute\u670d\u52a1\u4f7f\u7528neutron\uff0c\u4fee\u6539/etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS \u91cd\u542fnova-compute\u670d\u52a1 systemctl restart openstack-nova-compute.service \u542f\u52a8Neutron linuxbridge agent\u670d\u52a1 systemctl enable neutron-linuxbridge-agent systemctl start neutron-linuxbridge-agent Cinder \u00b6 Cinder\u662fOpenStack\u7684\u5b58\u50a8\u670d\u52a1\uff0c\u63d0\u4f9b\u5757\u8bbe\u5907\u7684\u521b\u5efa\u3001\u53d1\u653e\u3001\u5907\u4efd\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \uff1a \u521d\u59cb\u5316\u6570\u636e\u5e93 CINDER_DBPASS \u662f\u7528\u6237\u81ea\u5b9a\u4e49\u7684cinder\u6570\u636e\u5e93\u5bc6\u7801\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u521d\u59cb\u5316Keystone\u8d44\u6e90\u5bf9\u8c61 source ~/.admin-openrc #\u521b\u5efa\u7528\u6237\u65f6\uff0c\u547d\u4ee4\u884c\u4f1a\u63d0\u793a\u8f93\u5165\u5bc6\u7801\uff0c\u8bf7\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u5bc6\u7801\uff0c\u4e0b\u6587\u6d89\u53ca\u5230`CINDER_PASS`\u7684\u5730\u65b9\u66ff\u6362\u6210\u8be5\u5bc6\u7801\u5373\u53ef\u3002 openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s 3. \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-cinder-api openstack-cinder-scheduler \u4fee\u6539cinder\u914d\u7f6e\u6587\u4ef6 /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 192.168.0.2 [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp \u6570\u636e\u5e93\u540c\u6b65 su -s /bin/sh -c \"cinder-manage db sync\" cinder \u4fee\u6539nova\u914d\u7f6e /etc/nova/nova.conf [cinder] os_region_name = RegionOne \u542f\u52a8\u670d\u52a1 systemctl restart openstack-nova-api systemctl start openstack-cinder-api openstack-cinder-scheduler Storage\u8282\u70b9 \uff1a Storage\u8282\u70b9\u8981\u63d0\u524d\u51c6\u5907\u81f3\u5c11\u4e00\u5757\u786c\u76d8\uff0c\u4f5c\u4e3acinder\u7684\u5b58\u50a8\u540e\u7aef\uff0c\u4e0b\u6587\u9ed8\u8ba4storage\u8282\u70b9\u5df2\u7ecf\u5b58\u5728\u4e00\u5757\u672a\u4f7f\u7528\u7684\u786c\u76d8\uff0c\u8bbe\u5907\u540d\u79f0\u4e3a /dev/sdb \uff0c\u7528\u6237\u5728\u914d\u7f6e\u8fc7\u7a0b\u4e2d\uff0c\u8bf7\u6309\u7167\u771f\u5b9e\u73af\u5883\u4fe1\u606f\u8fdb\u884c\u540d\u79f0\u66ff\u6362\u3002 Cinder\u652f\u6301\u5f88\u591a\u7c7b\u578b\u7684\u540e\u7aef\u5b58\u50a8\uff0c\u672c\u6307\u5bfc\u4f7f\u7528\u6700\u7b80\u5355\u7684lvm\u4e3a\u53c2\u8003\uff0c\u5982\u679c\u60a8\u60f3\u4f7f\u7528\u5982ceph\u7b49\u5176\u4ed6\u540e\u7aef\uff0c\u8bf7\u81ea\u884c\u914d\u7f6e\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils openstack-cinder-volume openstack-cinder-backup \u914d\u7f6elvm\u5377\u7ec4 pvcreate /dev/sdb vgcreate cinder-volumes /dev/sdb \u4fee\u6539cinder\u914d\u7f6e /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 192.168.0.4 enabled_backends = lvm glance_api_servers = http://controller:9292 [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = cinder password = CINDER_PASS [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver volume_group = cinder-volumes target_protocol = iscsi target_helper = lioadm [oslo_concurrency] lock_path = /var/lib/cinder/tmp \u914d\u7f6ecinder backup \uff08\u53ef\u9009\uff09 cinder-backup\u662f\u53ef\u9009\u7684\u5907\u4efd\u670d\u52a1\uff0ccinder\u540c\u6837\u652f\u6301\u5f88\u591a\u79cd\u5907\u4efd\u540e\u7aef\uff0c\u672c\u6587\u4f7f\u7528swift\u5b58\u50a8\uff0c\u5982\u679c\u60a8\u60f3\u4f7f\u7528\u5982NFS\u7b49\u540e\u7aef\uff0c\u8bf7\u81ea\u884c\u914d\u7f6e\uff0c\u4f8b\u5982\u53ef\u4ee5\u53c2\u8003 OpenStack\u5b98\u65b9\u6587\u6863 \u5bf9NFS\u7684\u914d\u7f6e\u8bf4\u660e\u3002 \u4fee\u6539 /etc/cinder/cinder.conf \uff0c\u5728 [DEFAULT] \u4e2d\u65b0\u589e [DEFAULT] backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver backup_swift_url = SWIFT_URL \u8fd9\u91cc\u7684 SWIFT_URL \u662f\u6307\u73af\u5883\u4e2dswift\u670d\u52a1\u7684URL\uff0c\u5728\u90e8\u7f72\u5b8cswift\u670d\u52a1\u540e\uff0c\u6267\u884c openstack catalog show object-store \u547d\u4ee4\u83b7\u53d6\u3002 \u542f\u52a8\u670d\u52a1 systemctl start openstack-cinder-volume target systemctl start openstack-cinder-backup (\u53ef\u9009) \u81f3\u6b64\uff0cCinder\u670d\u52a1\u7684\u90e8\u7f72\u5df2\u5168\u90e8\u5b8c\u6210\uff0c\u53ef\u4ee5\u5728controller\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u8fdb\u884c\u7b80\u5355\u7684\u9a8c\u8bc1 source ~/.admin-openrc openstack storage service list openstack volume list Horizon \u00b6 Horizon\u662fOpenStack\u63d0\u4f9b\u7684\u524d\u7aef\u9875\u9762\uff0c\u53ef\u4ee5\u8ba9\u7528\u6237\u901a\u8fc7\u7f51\u9875\u9f20\u6807\u7684\u64cd\u4f5c\u6765\u63a7\u5236OpenStack\u96c6\u7fa4\uff0c\u800c\u4e0d\u7528\u7e41\u7410\u7684CLI\u547d\u4ee4\u884c\u3002Horizon\u4e00\u822c\u90e8\u7f72\u5728\u63a7\u5236\u8282\u70b9\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-dashboard \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] OPENSTACK_KEYSTONE_URL = \"http://controller:5000/v3\" SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f\u670d\u52a1 systemctl restart httpd \u81f3\u6b64\uff0chorizon\u670d\u52a1\u7684\u90e8\u7f72\u5df2\u5168\u90e8\u5b8c\u6210\uff0c\u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165 http://192.168.0.2/dashboard \uff0c\u6253\u5f00horizon\u767b\u5f55\u9875\u9762\u3002 Ironic \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASS'; MariaDB [(none)]> exit Bye \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 \u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 \u66ff\u6362 IRONIC_PASS \u4e3aironic\u7528\u6237\u5bc6\u7801\uff0c IRONIC_INSPECTOR_PASS \u4e3aironic_inspector\u7528\u6237\u5bc6\u7801\u3002 openstack user create --password IRONIC_PASS \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASS --email ironic_inspector@example.com ironic-inspector openstack role add --project service --user ironic-inspector admin \u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal public http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal internal http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://192.168.0.2:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://192.168.0.2:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://192.168.0.2:5050/v1 \u5b89\u88c5\u7ec4\u4ef6 dnf install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf \u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASS \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQ LAlchemy connection string used to connect to the # database (string value) # connection = mysql+pymysql://ironic:IRONIC_DBPASS@DB_IP/ironic connection = mysql+pymysql://ironic:IRONIC_DBPASS@controller/ironic \u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) # transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq \u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASS \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s % (user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) # www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 www_authenticate_uri=http://controller:5000 # Complete admin Identity API endpoint. (string value) # auth_url=http://PRIVATE_IDENTITY_IP:5000 auth_url=http://controller:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASS # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none \u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema \u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 \u5982\u4e0b\u4e3aironic-conductor\u670d\u52a1\u81ea\u8eab\u7684\u6807\u51c6\u914d\u7f6e\uff0cironic-conductor\u670d\u52a1\u53ef\u4ee5\u4e0eironic-api\u670d\u52a1\u5206\u5e03\u4e8e\u4e0d\u540c\u8282\u70b9\uff0c\u672c\u6307\u5357\u4e2d\u5747\u90e8\u7f72\u4e0e\u63a7\u5236\u8282\u70b9\uff0c\u6240\u4ee5\u91cd\u590d\u7684\u914d\u7f6e\u9879\u53ef\u8df3\u8fc7\u3002 \u66ff\u6362\u4f7f\u7528conductor\u670d\u52a1\u6240\u5728host\u7684IP\u914d\u7f6emy_ip\uff1a [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) # my_ip=HOST_IP my_ip = 192.168.0.2 \u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASS \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASS@controller/ironic \u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq \u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c \u66ff\u6362IRONIC_PASS\u4e3aironic\u7528\u6237\u5bc6\u7801\u3002 [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASS # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public # \u5176\u4ed6\u53c2\u8003\u914d\u7f6e [glance] endpoint_override = http://controller:9292 www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 auth_type = password username = ironic password = IRONIC_PASS project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service [service_catalog] region_name = RegionOne project_domain_id = default user_domain_id = default project_name = service password = IRONIC_PASS username = ironic auth_url = http://controller:5000 auth_type = password \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] endpoint_override = <NEUTRON_API_ADDRESS> \u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 \u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u5b89\u88c5\u7ec4\u4ef6 dnf install openstack-ironic-inspector \u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASS'; MariaDB [(none)]> exit Bye \u914d\u7f6e /etc/ironic-inspector/inspector.conf \u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASS \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801 [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASS@controller/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 \u914d\u7f6e\u6d88\u606f\u961f\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s % (user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://controller:5000 www_authenticate_uri = http://controller:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = controller:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True \u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=192.168.0.40,192.168.0.50 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log \u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c \u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade \u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 dnf install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd deploy ramdisk\u955c\u50cf\u4e0b\u8f7d\u6216\u5236\u4f5c \u90e8\u7f72\u4e00\u4e2a\u88f8\u673a\u8282\u70b9\u603b\u5171\u9700\u8981\u4e24\u7ec4\u955c\u50cf\uff1adeploy ramdisk images\u548cuser images\u3002Deploy ramdisk images\u4e0a\u8fd0\u884c\u6709ironic-python-agent(IPA)\u670d\u52a1\uff0cIronic\u901a\u8fc7\u5b83\u8fdb\u884c\u88f8\u673a\u8282\u70b9\u7684\u73af\u5883\u51c6\u5907\u3002User images\u662f\u6700\u7ec8\u88ab\u5b89\u88c5\u88f8\u673a\u8282\u70b9\u4e0a\uff0c\u4f9b\u7528\u6237\u4f7f\u7528\u7684\u955c\u50cf\u3002 ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent-builder\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002\u82e5\u4f7f\u7528\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \uff0c\u540c\u65f6\u5b98\u65b9\u4e5f\u6709\u63d0\u4f9b\u5236\u4f5c\u597d\u7684deploy\u955c\u50cf\uff0c\u53ef\u5c1d\u8bd5\u4e0b\u8f7d\u3002 \u4e0b\u6587\u4ecb\u7ecd\u901a\u8fc7ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder dnf install python3-ironic-python-agent-builder \u6216 pip3 install ironic-python-agent-builder dnf install qemu-img git \u5236\u4f5c\u955c\u50cf \u57fa\u672c\u7528\u6cd5\uff1a usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--lzma] [--extra-args EXTRA_ARGS] [--elements-path ELEMENTS_PATH] distribution positional arguments: distribution Distribution to use options: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic-python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --lzma Use lzma compression for smaller images --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder --elements-path ELEMENTS_PATH Path(s) to custom DIB elements separated by a colon \u64cd\u4f5c\u5b9e\u4f8b\uff1a # -o\u9009\u9879\u6307\u5b9a\u751f\u6210\u7684\u955c\u50cf\u540d # ubuntu\u6307\u5b9a\u751f\u6210ubuntu\u7cfb\u7edf\u7684\u955c\u50cf ironic-python-agent-builder -o my-ubuntu-ipa ubuntu \u53ef\u901a\u8fc7\u8bbe\u7f6e ARCH \u73af\u5883\u53d8\u91cf\uff08\u9ed8\u8ba4\u4e3aamd64\uff09\u6307\u5b9a\u6240\u6784\u5efa\u955c\u50cf\u7684\u67b6\u6784\u3002\u5982\u679c\u662f arm \u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a export ARCH=aarch64 \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf,\u8bbe\u7f6e\u7528\u6237\u540d\u3001\u5bc6\u7801\uff0c\u542f\u7528 sodo \u6743\u9650\uff1b\u5e76\u6dfb\u52a0 -e \u9009\u9879\u4f7f\u7528\u76f8\u5e94\u7684DIB\u5143\u7d20\u3002\u5236\u4f5c\u955c\u50cf\u64cd\u4f5c\u5982\u4e0b\uff1a export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder -o my-ssh-ubuntu-ipa -e selinux-permissive -e devuser ubuntu \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=stable/2023.1 # \u6307\u5b9a\u672c\u5730\u4ed3\u5e93\u53ca\u5206\u652f DIB_REPOLOCATION_ironic_python_agent=/home/user/path/to/repo DIB_REPOREF_ironic_python_agent=my-test-branch ironic-python-agent-builder ubuntu \u53c2\u8003\uff1a source-repositories \u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\u3002 \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a \u5f53\u524d\u7248\u672c\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ ramdisk\u955c\u50cf\u4e2d\u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 \u7f16\u8f91/usr/lib/systemd/system/ironic-python-agent.service\u6587\u4ef6 [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target Trove \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2atrove\u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684trove\u6570\u636e\u5e93\uff0c\u66ff\u6362TROVE_DBPASS\u4e3a\u5408\u9002\u7684\u5bc6\u7801\u3002 CREATE DATABASE trove CHARACTER SET utf8; GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' IDENTIFIED BY 'TROVE_DBPASS'; GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' IDENTIFIED BY 'TROVE_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 # \u521b\u5efatrove\u7528\u6237 openstack user create --domain default --password-prompt trove # \u6dfb\u52a0admin\u89d2\u8272 openstack role add --project service --user trove admin # \u521b\u5efadatabase\u670d\u52a1 openstack service create --name trove --description \"Database service\" database \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5Trove\u3002 dnf install openstack-trove python-troveclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 \u7f16\u8f91/etc/trove/trove.conf\u3002 [DEFAULT] bind_host=192.168.0.2 log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver network_label_regex=.* management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] auth_url = http://controller:5000/v3/ auth_type = password project_domain_name = Default project_name = service user_domain_name = Default password = trove username = TROVE_PASS [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = trove password = TROVE_PASS [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u63a7\u5236\u8282\u70b9\u7684IP\u3002\\ transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801\u3002\\ [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f\u3002\\ Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801\u3002 \u7f16\u8f91/etc/trove/trove-guestagent.conf\u3002 [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df\u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a\u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002\\ transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801\u3002\\ Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801\u3002\\ \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 \u6570\u636e\u5e93\u540c\u6b65\u3002 su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-trove-api.service openstack-trove-taskmanager.service \\ openstack-trove-conductor.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Swift \u00b6 Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 Controller\u8282\u70b9 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 # \u521b\u5efaswift\u7528\u6237 openstack user create --domain default --password-prompt swift # \u6dfb\u52a0admin\u89d2\u8272 openstack role add --project service --user swift admin # \u521b\u5efa\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5Swift\u3002 dnf install openstack-swift-proxy python3-swiftclient python3-keystoneclient \\ python3-keystonemiddleware memcached \u914d\u7f6eproxy-server\u3002 Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cSWIFT_PASS\u5373\u53ef\u3002 vim /etc/swift/proxy-server.conf [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = swift password = SWIFT_PASS delay_auth_decision = True service_token_roles_required = True Storage\u8282\u70b9 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305\u3002 dnf install openstack-swift-account openstack-swift-container openstack-swift-object dnf install xfsprogs rsync \u5c06\u8bbe\u5907/dev/sdb\u548c/dev/sdc\u683c\u5f0f\u5316\u4e3aXFS\u3002 mkfs.xfs /dev/sdb mkfs.xfs /dev/sdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u3002 mkdir -p /srv/node/sdb mkdir -p /srv/node/sdc \u627e\u5230\u65b0\u5206\u533a\u7684UUID\u3002 blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d\u3002 UUID=\"<UUID-from-output-above>\" /srv/node/sdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/sdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\u3002 mount /srv/node/sdb mount /srv/node/sdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e\u3002 \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u914d\u7f6e\u5b58\u50a8\u8282\u70b9\u3002 \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 [DEFAULT] bind_ip = 192.168.0.4 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743\u3002 chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\u3002 mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift Controller\u8282\u70b9\u521b\u5efa\u5e76\u5206\u53d1\u73af \u521b\u5efa\u8d26\u53f7\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840 account.builder \u6587\u4ef6\u3002 swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder account.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS \\ --port 6202 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u8d26\u53f7\u73af\u5185\u5bb9\u3002 swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u8d26\u53f7\u73af\u3002 swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\u3002 swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder container.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u5bb9\u5668\u73af\u5185\u5bb9\u3002 swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u5bb9\u5668\u73af\u3002 swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\u3002 swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder object.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS \\ --port 6200 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u5bf9\u8c61\u73af\u5185\u5bb9\u3002 swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u5bf9\u8c61\u73af\u3002 swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\u3002 \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/swift/swift.conf\u3002 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\u3002 chown -R root:swift /etc/swift \u5b8c\u6210\u5b89\u88c5 \u5728\u63a7\u5236\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\u3002 systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\u3002 systemctl enable openstack-swift-account.service \\ openstack-swift-account-auditor.service \\ openstack-swift-account-reaper.service \\ openstack-swift-account-replicator.service \\ openstack-swift-container.service \\ openstack-swift-container-auditor.service \\ openstack-swift-container-replicator.service \\ openstack-swift-container-updater.service \\ openstack-swift-object.service \\ openstack-swift-object-auditor.service \\ openstack-swift-object-replicator.service \\ openstack-swift-object-updater.service systemctl start openstack-swift-account.service \\ openstack-swift-account-auditor.service \\ openstack-swift-account-reaper.service \\ openstack-swift-account-replicator.service \\ openstack-swift-container.service \\ openstack-swift-container-auditor.service \\ openstack-swift-container-replicator.service \\ openstack-swift-container-updater.service \\ openstack-swift-object.service \\ openstack-swift-object-auditor.service \\ openstack-swift-object-replicator.service \\ openstack-swift-object-updater.service Cyborg \u00b6 Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 Controller\u8282\u70b9 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 mysql -u root -p MariaDB [(none)]> CREATE DATABASE cyborg; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u7528\u6237\u548c\u670d\u52a1\uff0c\u5e76\u8bb0\u4f4f\u521b\u5efacybory\u7528\u6237\u65f6\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6eCYBORG_PASS source ~/.admin-openrc openstack user create --domain default --password-prompt cyborg openstack role add --project service --user cyborg admin openstack service create --name cyborg --description \"Acceleration Service\" accelerator \u4f7f\u7528uwsgi\u90e8\u7f72Cyborg api\u670d\u52a1 openstack endpoint create --region RegionOne accelerator public http://controller/accelerator/v2 openstack endpoint create --region RegionOne accelerator internal http://controller/accelerator/v2 openstack endpoint create --region RegionOne accelerator admin http://controller/accelerator/v2 \u5b89\u88c5Cyborg dnf install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [api] host_ip = 0.0.0.0 [database] connection = mysql+pymysql://cyborg:CYBORG_DBPASS@controller/cyborg [service_catalog] cafile = /opt/stack/data/ca-bundle.pem project_domain_id = default user_domain_id = default project_name = service password = CYBORG_PASS username = cyborg auth_url = http://controller:5000/v3/ auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = password username = PLACEMENT_PASS auth_url = http://controller:5000/v3/ auth_type = password auth_section = keystone_authtoken [nova] project_domain_name = Default project_name = service user_domain_name = Default password = NOVA_PASS username = nova auth_url = http://controller:5000/v3/ auth_type = password auth_section = keystone_authtoken [keystone_authtoken] memcached_servers = localhost:11211 signing_dir = /var/cache/cyborg/api cafile = /opt/stack/data/ca-bundle.pem project_domain_name = Default project_name = service user_domain_name = Default password = CYBORG_PASS username = cyborg auth_url = http://controller:5000/v3/ auth_type = password \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent Aodh \u00b6 Aodh\u53ef\u4ee5\u6839\u636e\u7531Ceilometer\u6216\u8005Gnocchi\u6536\u96c6\u7684\u76d1\u63a7\u6570\u636e\u521b\u5efa\u544a\u8b66\uff0c\u5e76\u8bbe\u7f6e\u89e6\u53d1\u89c4\u5219\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh\u3002 dnf install openstack-aodh-api openstack-aodh-evaluator \\ openstack-aodh-notifier openstack-aodh-listener \\ openstack-aodh-expirer python3-aodhclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/aodh/aodh.conf [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u540c\u6b65\u6570\u636e\u5e93\u3002 aodh-dbsync \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service \\ openstack-aodh-notifier.service openstack-aodh-listener.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service \\ openstack-aodh-notifier.service openstack-aodh-listener.service Gnocchi \u00b6 Gnocchi\u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u65f6\u95f4\u5e8f\u5217\u6570\u636e\u5e93\uff0c\u53ef\u4ee5\u5bf9\u63a5Ceilometer\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi\u3002 dnf install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. # coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u540c\u6b65\u6570\u636e\u5e93\u3002 gnocchi-upgrade \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service Ceilometer \u00b6 Ceilometer\u662fOpenStack\u4e2d\u8d1f\u8d23\u6570\u636e\u6536\u96c6\u7684\u670d\u52a1\u3002 Controller\u8282\u70b9 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer\u8f6f\u4ef6\u5305\u3002 dnf install openstack-ceilometer-notification openstack-ceilometer-central \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/pipeline.yaml\u3002 publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/ceilometer.conf\u3002 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u6570\u636e\u5e93\u540c\u6b65\u3002 ceilometer-upgrade \u5b8c\u6210\u63a7\u5236\u8282\u70b9Ceilometer\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Compute\u8282\u70b9 \u5b89\u88c5Ceilometer\u8f6f\u4ef6\u5305\u3002 dnf install openstack-ceilometer-compute dnf install openstack-ceilometer-ipmi # \u53ef\u9009 \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/ceilometer.conf\u3002 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_url = http://controller:5000 project_domain_id = default user_domain_id = default auth_type = password username = ceilometer project_name = service password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/nova/nova.conf\u3002 [DEFAULT] instance_usage_audit = True instance_usage_audit_period = hour [notifications] notify_on_state_change = vm_and_task_state [oslo_messaging_notifications] driver = messagingv2 \u5b8c\u6210\u5b89\u88c5\u3002 systemctl enable openstack-ceilometer-compute.service systemctl start openstack-ceilometer-compute.service systemctl enable openstack-ceilometer-ipmi.service # \u53ef\u9009 systemctl start openstack-ceilometer-ipmi.service # \u53ef\u9009 # \u91cd\u542fnova-compute\u670d\u52a1 systemctl restart openstack-nova-compute.service Heat \u00b6 Heat\u662f OpenStack \u81ea\u52a8\u7f16\u6392\u670d\u52a1\uff0c\u57fa\u4e8e\u63cf\u8ff0\u6027\u7684\u6a21\u677f\u6765\u7f16\u6392\u590d\u5408\u4e91\u5e94\u7528\uff0c\u4e5f\u79f0\u4e3a Orchestration Service \u3002Heat \u7684\u5404\u670d\u52a1\u4e00\u822c\u5b89\u88c5\u5728 Controller \u8282\u70b9\u4e0a\u3002 Controller\u8282\u70b9 \u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE heat; MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 source ~/.admin-openrc openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f \u521b\u5efa heat domain openstack domain create --description \"Stack projects and users\" heat \u5728 heat domain\u4e0b\u521b\u5efa heat_domain_admin \u7528\u6237\uff0c\u5e76\u8bb0\u4e0b\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6e\u4e0b\u9762\u7684 HEAT_DOMAIN_PASS openstack user create --domain heat --password-prompt heat_domain_admin \u4e3a heat_domain_admin \u7528\u6237\u589e\u52a0 admin \u89d2\u8272 openstack role add --domain heat --user-domain heat --user heat_domain_admin admin \u521b\u5efa heat_stack_owner \u89d2\u8272 openstack role create heat_stack_owner \u521b\u5efa heat_stack_user \u89d2\u8272 openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service Tempest \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 Controller\u8282\u70b9 \uff1a \u5b89\u88c5Tempest dnf install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Antelope\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a dnf install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u90e8\u7f72 \u00b6 oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 yum install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff0cAK/SK\u662f\u7528\u6237\u7684\u534e\u4e3a\u4e91\u767b\u5f55\u5bc6\u94a5\uff0c\u5176\u4ed6\u914d\u7f6e\u4fdd\u6301\u9ed8\u8ba4\u5373\u53ef\uff08\u9ed8\u8ba4\u4f7f\u7528\u65b0\u52a0\u5761region\uff09\uff0c\u9700\u8981\u63d0\u524d\u5728\u4e91\u4e0a\u521b\u5efa\u5bf9\u5e94\u7684\u8d44\u6e90\uff0c\u5305\u62ec\uff1a \u4e00\u4e2a\u5b89\u5168\u7ec4\uff0c\u540d\u5b57\u9ed8\u8ba4\u662f oos \u4e00\u4e2aopenEuler\u955c\u50cf\uff0c\u540d\u79f0\u683c\u5f0f\u662fopenEuler-%(release)s-%(arch)s\uff0c\u4f8b\u5982 openEuler-24.03-sp1-arm64 \u4e00\u4e2aVPC\uff0c\u540d\u79f0\u662f oos_vpc \u8be5VPC\u4e0b\u9762\u4e24\u4e2a\u5b50\u7f51\uff0c\u540d\u79f0\u662f oos_subnet1 \u3001 oos_subnet2 [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668(\u53ea\u5728openEuler LTS\u4e0a\u652f\u6301) \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0|openEuler 24.03 LTS SP1\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 24.03-lts-sp1 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r antelope \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u6267\u884ctempest\u6d4b\u8bd5 \u7528\u6237\u53ef\u4ee5\u4f7f\u7528oos\u81ea\u52a8\u6267\u884c\uff1a oos env test test-oos \u4e5f\u53ef\u4ee5\u624b\u52a8\u767b\u5f55\u76ee\u6807\u8282\u70b9\uff0c\u8fdb\u5165\u6839\u76ee\u5f55\u4e0b\u7684 mytest \u76ee\u5f55\uff0c\u624b\u52a8\u6267\u884c tempest run \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u8df3\u8fc7\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u5728\u7b2c4\u6b65\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 \u88ab\u7eb3\u7ba1\u7684\u865a\u673a\u9700\u8981\u4fdd\u8bc1\uff1a \u81f3\u5c11\u6709\u4e00\u5f20\u7ed9oos\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e neutron_dataplane_interface_name \u81f3\u5c11\u6709\u4e00\u5757\u7ed9oos\u4f7f\u7528\u7684\u786c\u76d8\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e cinder_block_device \u5982\u679c\u8981\u90e8\u7f72swift\u670d\u52a1\uff0c\u5219\u9700\u8981\u65b0\u589e\u4e00\u5757\u786c\u76d8\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e swift_storage_devices # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 24.03-lts-sp1 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"openEuler-24.03-LTS-SP1_Antelope"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#openstack-antelope","text":"OpenStack Antelope \u90e8\u7f72\u6307\u5357 \u57fa\u4e8eRPM\u90e8\u7f72 \u73af\u5883\u51c6\u5907 \u65f6\u949f\u540c\u6b65 \u5b89\u88c5\u6570\u636e\u5e93 \u5b89\u88c5\u6d88\u606f\u961f\u5217 \u5b89\u88c5\u7f13\u5b58\u670d\u52a1 \u90e8\u7f72\u670d\u52a1 Keystone Glance Placement Nova Neutron Cinder Horizon Ironic Trove Swift Cyborg Aodh Gnocchi Ceilometer Heat Tempest \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u90e8\u7f72 \u672c\u6587\u6863\u662f openEuler OpenStack SIG \u7f16\u5199\u7684\u57fa\u4e8e |openEuler 24.03 LTS SP1 \u7684 OpenStack \u90e8\u7f72\u6307\u5357\uff0c\u5185\u5bb9\u7531 SIG \u8d21\u732e\u8005\u63d0\u4f9b\u3002\u5728\u9605\u8bfb\u8fc7\u7a0b\u4e2d\uff0c\u5982\u679c\u60a8\u6709\u4efb\u4f55\u7591\u95ee\u6216\u8005\u53d1\u73b0\u4efb\u4f55\u95ee\u9898\uff0c\u8bf7 \u8054\u7cfb SIG\u7ef4\u62a4\u4eba\u5458\uff0c\u6216\u8005\u76f4\u63a5 \u63d0\u4ea4issue \u7ea6\u5b9a \u672c\u7ae0\u8282\u63cf\u8ff0\u6587\u6863\u4e2d\u7684\u4e00\u4e9b\u901a\u7528\u7ea6\u5b9a\u3002 \u540d\u79f0 \u5b9a\u4e49 RABBIT_PASS rabbitmq\u7684\u5bc6\u7801\uff0c\u7531\u7528\u6237\u8bbe\u7f6e\uff0c\u5728OpenStack\u5404\u4e2a\u670d\u52a1\u914d\u7f6e\u4e2d\u4f7f\u7528 CINDER_PASS cinder\u670d\u52a1keystone\u7528\u6237\u7684\u5bc6\u7801\uff0c\u5728cinder\u914d\u7f6e\u4e2d\u4f7f\u7528 CINDER_DBPASS cinder\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728cinder\u914d\u7f6e\u4e2d\u4f7f\u7528 KEYSTONE_DBPASS keystone\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728keystone\u914d\u7f6e\u4e2d\u4f7f\u7528 GLANCE_PASS glance\u670d\u52a1keystone\u7528\u6237\u7684\u5bc6\u7801\uff0c\u5728glance\u914d\u7f6e\u4e2d\u4f7f\u7528 GLANCE_DBPASS glance\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728glance\u914d\u7f6e\u4e2d\u4f7f\u7528 HEAT_PASS \u5728keystone\u6ce8\u518c\u7684heat\u7528\u6237\u5bc6\u7801\uff0c\u5728heat\u914d\u7f6e\u4e2d\u4f7f\u7528 HEAT_DBPASS heat\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728heat\u914d\u7f6e\u4e2d\u4f7f\u7528 CYBORG_PASS \u5728keystone\u6ce8\u518c\u7684cyborg\u7528\u6237\u5bc6\u7801\uff0c\u5728cyborg\u914d\u7f6e\u4e2d\u4f7f\u7528 CYBORG_DBPASS cyborg\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728cyborg\u914d\u7f6e\u4e2d\u4f7f\u7528 NEUTRON_PASS \u5728keystone\u6ce8\u518c\u7684neutron\u7528\u6237\u5bc6\u7801\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 NEUTRON_DBPASS neutron\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 PROVIDER_INTERFACE_NAME \u7269\u7406\u7f51\u7edc\u63a5\u53e3\u7684\u540d\u79f0\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 OVERLAY_INTERFACE_IP_ADDRESS Controller\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406ip\u5730\u5740\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 METADATA_SECRET metadata proxy\u7684secret\u5bc6\u7801\uff0c\u5728nova\u548cneutron\u914d\u7f6e\u4e2d\u4f7f\u7528 PLACEMENT_DBPASS placement\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728placement\u914d\u7f6e\u4e2d\u4f7f\u7528 PLACEMENT_PASS \u5728keystone\u6ce8\u518c\u7684placement\u7528\u6237\u5bc6\u7801\uff0c\u5728placement\u914d\u7f6e\u4e2d\u4f7f\u7528 NOVA_DBPASS nova\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728nova\u914d\u7f6e\u4e2d\u4f7f\u7528 NOVA_PASS \u5728keystone\u6ce8\u518c\u7684nova\u7528\u6237\u5bc6\u7801\uff0c\u5728nova,cyborg,neutron\u7b49\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_DBPASS ironic\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728ironic\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_PASS \u5728keystone\u6ce8\u518c\u7684ironic\u7528\u6237\u5bc6\u7801\uff0c\u5728ironic\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_INSPECTOR_DBPASS ironic-inspector\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728ironic-inspector\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_INSPECTOR_PASS \u5728keystone\u6ce8\u518c\u7684ironic-inspector\u7528\u6237\u5bc6\u7801\uff0c\u5728ironic-inspector\u914d\u7f6e\u4e2d\u4f7f\u7528 OpenStack SIG \u63d0\u4f9b\u4e86\u591a\u79cd\u57fa\u4e8e openEuler \u90e8\u7f72 OpenStack \u7684\u65b9\u6cd5\uff0c\u4ee5\u6ee1\u8db3\u4e0d\u540c\u7684\u7528\u6237\u573a\u666f\uff0c\u8bf7\u6309\u9700\u9009\u62e9\u3002","title":"OpenStack Antelope \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#rpm","text":"","title":"\u57fa\u4e8eRPM\u90e8\u7f72"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#_1","text":"\u672c\u6587\u6863\u57fa\u4e8eOpenStack\u7ecf\u5178\u7684\u4e09\u8282\u70b9\u73af\u5883\u8fdb\u884c\u90e8\u7f72\uff0c\u4e09\u4e2a\u8282\u70b9\u5206\u522b\u662f\u63a7\u5236\u8282\u70b9(Controller)\u3001\u8ba1\u7b97\u8282\u70b9(Compute)\u3001\u5b58\u50a8\u8282\u70b9(Storage)\uff0c\u5176\u4e2d\u5b58\u50a8\u8282\u70b9\u4e00\u822c\u53ea\u90e8\u7f72\u5b58\u50a8\u670d\u52a1\uff0c\u5728\u8d44\u6e90\u6709\u9650\u7684\u60c5\u51b5\u4e0b\uff0c\u53ef\u4ee5\u4e0d\u5355\u72ec\u90e8\u7f72\u8be5\u8282\u70b9\uff0c\u628a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u670d\u52a1\u90e8\u7f72\u5230\u8ba1\u7b97\u8282\u70b9\u5373\u53ef\u3002 \u9996\u5148\u51c6\u5907\u4e09\u4e2a|openEuler 24.03 LTS SP1\u73af\u5883\uff0c\u6839\u636e\u60a8\u7684\u73af\u5883\uff0c\u4e0b\u8f7d\u5bf9\u5e94\u7684\u955c\u50cf\u5e76\u5b89\u88c5\u5373\u53ef\uff1a ISO\u955c\u50cf \u3001 qcow2\u955c\u50cf \u3002 \u4e0b\u9762\u7684\u5b89\u88c5\u6309\u7167\u5982\u4e0b\u62d3\u6251\u8fdb\u884c\uff1a controller\uff1a192.168.0.2 compute\uff1a 192.168.0.3 storage\uff1a 192.168.0.4 \u5982\u679c\u60a8\u7684\u73af\u5883IP\u4e0d\u540c\uff0c\u8bf7\u6309\u7167\u60a8\u7684\u73af\u5883IP\u4fee\u6539\u76f8\u5e94\u7684\u914d\u7f6e\u6587\u4ef6\u3002 \u672c\u6587\u6863\u7684\u4e09\u8282\u70b9\u670d\u52a1\u62d3\u6251\u5982\u4e0b\u56fe\u6240\u793a(\u53ea\u5305\u542bKeystone\u3001Glance\u3001Nova\u3001Cinder\u3001Neutron\u8fd9\u51e0\u4e2a\u6838\u5fc3\u670d\u52a1\uff0c\u5176\u4ed6\u670d\u52a1\u8bf7\u53c2\u8003\u5177\u4f53\u90e8\u7f72\u7ae0\u8282)\uff1a \u5728\u6b63\u5f0f\u90e8\u7f72\u4e4b\u524d\uff0c\u9700\u8981\u5bf9\u6bcf\u4e2a\u8282\u70b9\u505a\u5982\u4e0b\u914d\u7f6e\u548c\u68c0\u67e5\uff1a \u914d\u7f6e |openEuler 24.03 LTS SP1 \u5b98\u65b9 yum \u6e90\uff0c\u9700\u8981\u542f\u7528 EPOL \u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301 OpenStack yum update yum install openstack-release-antelope yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP1/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-24.03-LTS-SP1/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u6bcf\u4e2a\u8282\u70b9\u5206\u522b\u4fee\u6539\u4e3b\u673a\u540d\uff0c\u4ee5controller\u4e3a\u4f8b\uff1a hostnamectl set-hostname controller vi /etc/hostname \u5185\u5bb9\u4fee\u6539\u4e3acontroller \u7136\u540e\u4fee\u6539\u6bcf\u4e2a\u8282\u70b9\u7684 /etc/hosts \u6587\u4ef6\uff0c\u65b0\u589e\u5982\u4e0b\u5185\u5bb9: 192.168.0.2 controller 192.168.0.3 compute 192.168.0.4 storage","title":"\u73af\u5883\u51c6\u5907"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#_2","text":"\u96c6\u7fa4\u73af\u5883\u65f6\u523b\u8981\u6c42\u6bcf\u4e2a\u8282\u70b9\u7684\u65f6\u95f4\u4e00\u81f4\uff0c\u4e00\u822c\u7531\u65f6\u949f\u540c\u6b65\u8f6f\u4ef6\u4fdd\u8bc1\u3002\u672c\u6587\u4f7f\u7528 chrony \u8f6f\u4ef6\u3002\u6b65\u9aa4\u5982\u4e0b\uff1a Controller\u8282\u70b9 \uff1a \u5b89\u88c5\u670d\u52a1 dnf install chrony \u4fee\u6539 /etc/chrony.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u65b0\u589e\u4e00\u884c # \u8868\u793a\u5141\u8bb8\u54ea\u4e9bIP\u4ece\u672c\u8282\u70b9\u540c\u6b65\u65f6\u949f allow 192.168.0.0/24 \u91cd\u542f\u670d\u52a1 systemctl restart chronyd \u5176\u4ed6\u8282\u70b9 \u5b89\u88c5\u670d\u52a1 dnf install chrony \u4fee\u6539 /etc/chrony.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u65b0\u589e\u4e00\u884c # NTP_SERVER\u662fcontroller IP\uff0c\u8868\u793a\u4ece\u8fd9\u4e2a\u673a\u5668\u83b7\u53d6\u65f6\u95f4\uff0c\u8fd9\u91cc\u6211\u4eec\u586b192.168.0.2\uff0c\u6216\u8005\u5728`/etc/hosts`\u91cc\u914d\u7f6e\u597d\u7684controller\u540d\u5b57\u5373\u53ef\u3002 server NTP_SERVER iburst \u540c\u65f6\uff0c\u8981\u628a pool pool.ntp.org iburst \u8fd9\u4e00\u884c\u6ce8\u91ca\u6389\uff0c\u8868\u793a\u4e0d\u4ece\u516c\u7f51\u540c\u6b65\u65f6\u949f\u3002 \u91cd\u542f\u670d\u52a1 systemctl restart chronyd \u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u68c0\u67e5\u4e00\u4e0b\u7ed3\u679c\uff0c\u5728\u5176\u4ed6\u975econtroller\u8282\u70b9\u6267\u884c chronyc sources \uff0c\u8fd4\u56de\u7ed3\u679c\u7c7b\u4f3c\u5982\u4e0b\u5185\u5bb9\uff0c\u8868\u793a\u6210\u529f\u4ececontroller\u540c\u6b65\u65f6\u949f\u3002 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* 192.168.0.2 4 6 7 0 -1406ns[ +55us] +/- 16ms","title":"\u65f6\u949f\u540c\u6b65"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#_3","text":"\u6570\u636e\u5e93\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528mariadb\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install mysql-config mariadb mariadb-server python3-PyMySQL \u65b0\u589e\u914d\u7f6e\u6587\u4ef6 /etc/my.cnf.d/openstack.cnf \uff0c\u5185\u5bb9\u5982\u4e0b [mysqld] bind-address = 192.168.0.2 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u542f\u52a8\u670d\u52a1\u5668 systemctl start mariadb \u521d\u59cb\u5316\u6570\u636e\u5e93\uff0c\u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef mysql_secure_installation \u793a\u4f8b\u5982\u4e0b\uff1a NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and haven't set the root password yet, you should just press enter here. Enter current password for root (enter for none): #\u8fd9\u91cc\u8f93\u5165\u5bc6\u7801\uff0c\u7531\u4e8e\u6211\u4eec\u662f\u521d\u59cb\u5316DB\uff0c\u76f4\u63a5\u56de\u8f66\u5c31\u884c OK, successfully used password, moving on... Setting the root password or using the unix_socket ensures that nobody can log into the MariaDB root user without the proper authorisation. You already have your root account protected, so you can safely answer 'n'. # \u8fd9\u91cc\u6839\u636e\u63d0\u793a\u8f93\u5165N Switch to unix_socket authentication [Y/n] N Enabled successfully! Reloading privilege tables.. ... Success! You already have your root account protected, so you can safely answer 'n'. # \u8f93\u5165Y\uff0c\u4fee\u6539\u5bc6\u7801 Change the root password? [Y/n] Y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. # \u8f93\u5165Y\uff0c\u5220\u9664\u533f\u540d\u7528\u6237 Remove anonymous users? [Y/n] Y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. # \u8f93\u5165Y\uff0c\u5173\u95edroot\u8fdc\u7a0b\u767b\u5f55\u6743\u9650 Disallow root login remotely? [Y/n] Y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. # \u8f93\u5165Y\uff0c\u5220\u9664test\u6570\u636e\u5e93 Remove test database and access to it? [Y/n] Y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. # \u8f93\u5165Y\uff0c\u91cd\u8f7d\u914d\u7f6e Reload privilege tables now? [Y/n] Y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. \u9a8c\u8bc1\uff0c\u6839\u636e\u7b2c\u56db\u6b65\u8bbe\u7f6e\u7684\u5bc6\u7801\uff0c\u68c0\u67e5\u662f\u5426\u80fd\u767b\u5f55mariadb mysql -uroot -p","title":"\u5b89\u88c5\u6570\u636e\u5e93"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#_4","text":"\u6d88\u606f\u961f\u5217\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528rabbitmq\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install rabbitmq-server \u542f\u52a8\u670d\u52a1 systemctl start rabbitmq-server \u914d\u7f6eopenstack\u7528\u6237\uff0c RABBIT_PASS \u662fopenstack\u670d\u52a1\u767b\u5f55\u6d88\u606f\u961f\u91cc\u7684\u5bc6\u7801\uff0c\u9700\u8981\u548c\u540e\u9762\u5404\u4e2a\u670d\u52a1\u7684\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\u3002 rabbitmqctl add_user openstack RABBIT_PASS rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5\u6d88\u606f\u961f\u5217"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#_5","text":"\u6d88\u606f\u961f\u5217\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528Memcached\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install memcached python3-memcached \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u542f\u52a8\u670d\u52a1 systemctl start memcached","title":"\u5b89\u88c5\u7f13\u5b58\u670d\u52a1"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#_6","text":"","title":"\u90e8\u7f72\u670d\u52a1"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#keystone","text":"Keystone\u662fOpenStack\u63d0\u4f9b\u7684\u9274\u6743\u670d\u52a1\uff0c\u662f\u6574\u4e2aOpenStack\u7684\u5165\u53e3\uff0c\u63d0\u4f9b\u4e86\u79df\u6237\u9694\u79bb\u3001\u7528\u6237\u8ba4\u8bc1\u3001\u670d\u52a1\u53d1\u73b0\u7b49\u529f\u80fd\uff0c\u5fc5\u987b\u5b89\u88c5\u3002 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server \u6253\u5f00httpd.conf\u5e76\u914d\u7f6e #\u9700\u8981\u4fee\u6539\u7684\u914d\u7f6e\u6587\u4ef6\u8def\u5f84 vim /etc/httpd/conf/httpd.conf #\u4fee\u6539\u4ee5\u4e0b\u9879\uff0c\u5982\u679c\u6ca1\u6709\u5219\u65b0\u6dfb\u52a0 ServerName controller \u521b\u5efa\u8f6f\u94fe\u63a5 ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles \u9700\u8981\u5148\u5b89\u88c5python3-openstackclient dnf install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#glance","text":"Glance\u662fOpenStack\u63d0\u4f9b\u7684\u955c\u50cf\u670d\u52a1\uff0c\u8d1f\u8d23\u865a\u62df\u673a\u3001\u88f8\u673a\u955c\u50cf\u7684\u4e0a\u4f20\u4e0e\u4e0b\u8f7d\uff0c\u5fc5\u987b\u5b89\u88c5\u3002 Controller\u8282\u70b9 \uff1a \u521b\u5efa glance \u6570\u636e\u5e93\u5e76\u6388\u6743 mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521d\u59cb\u5316 glance \u8d44\u6e90\u5bf9\u8c61 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efa\u7528\u6237\u65f6\uff0c\u547d\u4ee4\u884c\u4f1a\u63d0\u793a\u8f93\u5165\u5bc6\u7801\uff0c\u8bf7\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u5bc6\u7801\uff0c\u4e0b\u6587\u6d89\u53ca\u5230 GLANCE_PASS \u7684\u5730\u65b9\u66ff\u6362\u6210\u8be5\u5bc6\u7801\u5373\u53ef\u3002 openstack user create --domain default --password-prompt glance User Password: Repeat User Password: \u6dfb\u52a0glance\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user glance admin \u521b\u5efaglance\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efaglance API\u670d\u52a1\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-glance \u4fee\u6539 glance \u914d\u7f6e\u6587\u4ef6 vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u5bfc\u5165\u73af\u5883\u53d8\u91cf sorce ~/.admin-openrcu \u4e0b\u8f7d\u955c\u50cf x86\u955c\u50cf\u4e0b\u8f7d\uff1a wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img arm\u955c\u50cf\u4e0b\u8f7d\uff1a wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-aarch64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#placement","text":"Placement\u662fOpenStack\u63d0\u4f9b\u7684\u8d44\u6e90\u8c03\u5ea6\u7ec4\u4ef6\uff0c\u4e00\u822c\u4e0d\u9762\u5411\u7528\u6237\uff0c\u7531Nova\u7b49\u7ec4\u4ef6\u8c03\u7528\uff0c\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\u3002 \u5b89\u88c5\u3001\u914d\u7f6ePlacement\u670d\u52a1\u524d\uff0c\u9700\u8981\u5148\u521b\u5efa\u76f8\u5e94\u7684\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548cAPI endpoints\u3002 \u521b\u5efa\u6570\u636e\u5e93 \u4f7f\u7528root\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\u670d\u52a1\uff1a mysql -u root -p \u521b\u5efaplacement\u6570\u636e\u5e93\uff1a MariaDB [(none)]> CREATE DATABASE placement; \u6388\u6743\u6570\u636e\u5e93\u8bbf\u95ee\uff1a MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; \u66ff\u6362 PLACEMENT_DBPASS \u4e3aplacement\u6570\u636e\u5e93\u8bbf\u95ee\u5bc6\u7801\u3002 \u9000\u51fa\u6570\u636e\u5e93\u8bbf\u95ee\u5ba2\u6237\u7aef\uff1a exit \u914d\u7f6e\u7528\u6237\u548cEndpoints source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u521b\u5efaplacement\u7528\u6237\u5e76\u8bbe\u7f6e\u7528\u6237\u5bc6\u7801\uff1a openstack user create --domain default --password-prompt placement User Password: Repeat User Password: \u6dfb\u52a0placement\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user placement admin \u521b\u5efaplacement\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name placement \\ --description \"Placement API\" placement \u521b\u5efaPlacement API\u670d\u52a1endpoints\uff1a openstack endpoint create --region RegionOne \\ placement public http://controller:8778 openstack endpoint create --region RegionOne \\ placement internal http://controller:8778 openstack endpoint create --region RegionOne \\ placement admin http://controller:8778 \u5b89\u88c5\u53ca\u914d\u7f6e\u7ec4\u4ef6 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a dnf install openstack-placement-api \u7f16\u8f91 /etc/placement/placement.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u5b8c\u6210\u5982\u4e0b\u64cd\u4f5c\uff1a \u5728 [placement_database] \u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1a [placement_database] connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement \u66ff\u6362 PLACEMENT_DBPASS \u4e3aplacement\u6570\u636e\u5e93\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u6570\u636e\u5e93\u540c\u6b65\uff0c\u586b\u5145Placement\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8\u670d\u52a1 \u91cd\u542fhttpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650 source ~/.admin-openrc \u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a placement-status upgrade check +----------------------------------------------------------------------+ | Upgrade Check Results | +----------------------------------------------------------------------+ | Check: Missing Root Provider IDs | | Result: Success | | Details: None | +----------------------------------------------------------------------+ | Check: Incomplete Consumers | | Result: Success | | Details: None | +----------------------------------------------------------------------+ | Check: Policy File JSON to YAML Migration | | Result: Failure | | Details: Your policy file is JSON-formatted which is deprecated. You | | need to switch to YAML-formatted file. Use the | | ``oslopolicy-convert-json-to-yaml`` tool to convert the | | existing JSON-formatted files to YAML in a backwards- | | compatible manner: https://docs.openstack.org/oslo.policy/ | | latest/cli/oslopolicy-convert-json-to-yaml.html. | +----------------------------------------------------------------------+ \u8fd9\u91cc\u53ef\u4ee5\u770b\u5230 Policy File JSON to YAML Migration \u7684\u7ed3\u679c\u4e3aFailure\u3002\u8fd9\u662f\u56e0\u4e3a\u5728Placement\u4e2d\uff0cJSON\u683c\u5f0f\u7684policy\u6587\u4ef6\u4eceWallaby\u7248\u672c\u5f00\u59cb\u5df2\u5904\u4e8e deprecated \u72b6\u6001\u3002\u53ef\u4ee5\u53c2\u8003\u63d0\u793a\uff0c\u4f7f\u7528 oslopolicy-convert-json-to-yaml \u5de5\u5177 \u5c06\u73b0\u6709\u7684JSON\u683c\u5f0fpolicy\u6587\u4ef6\u8f6c\u5316\u4e3aYAML\u683c\u5f0f\u3002 oslopolicy-convert-json-to-yaml --namespace placement \\ --policy-file /etc/placement/policy.json \\ --output-file /etc/placement/policy.yaml mv /etc/placement/policy.json{,.bak} \u6ce8\uff1a\u5f53\u524d\u73af\u5883\u4e2d\u6b64\u95ee\u9898\u53ef\u5ffd\u7565\uff0c\u4e0d\u5f71\u54cd\u8fd0\u884c\u3002 \u9488\u5bf9placement API\u8fd0\u884c\u547d\u4ee4\uff1a \u5b89\u88c5osc-placement\u63d2\u4ef6\uff1a dnf install python3-osc-placement \u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a openstack --os-placement-api-version 1.2 resource class list --sort-column name +----------------------------+ | name | +----------------------------+ | DISK_GB | | FPGA | | ... | openstack --os-placement-api-version 1.6 trait list --sort-column name +---------------------------------------+ | name | +---------------------------------------+ | COMPUTE_ACCELERATORS | | COMPUTE_ARCH_AARCH64 | | ... |","title":"Placement"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#nova","text":"Nova\u662fOpenStack\u7684\u8ba1\u7b97\u670d\u52a1\uff0c\u8d1f\u8d23\u865a\u62df\u673a\u7684\u521b\u5efa\u3001\u53d1\u653e\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u521b\u5efa\u6570\u636e\u5e93 \u4f7f\u7528root\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\u670d\u52a1\uff1a mysql -u root -p \u521b\u5efa nova_api \u3001 nova \u548c nova_cell0 \u6570\u636e\u5e93\uff1a MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; \u6388\u6743\u6570\u636e\u5e93\u8bbf\u95ee\uff1a MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; \u66ff\u6362 NOVA_DBPASS \u4e3anova\u76f8\u5173\u6570\u636e\u5e93\u8bbf\u95ee\u5bc6\u7801\u3002 \u9000\u51fa\u6570\u636e\u5e93\u8bbf\u95ee\u5ba2\u6237\u7aef\uff1a exit \u914d\u7f6e\u7528\u6237\u548cEndpoints source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u521b\u5efanova\u7528\u6237\u5e76\u8bbe\u7f6e\u7528\u6237\u5bc6\u7801\uff1a openstack user create --domain default --password-prompt nova User Password: Repeat User Password: \u6dfb\u52a0nova\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user nova admin \u521b\u5efanova\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name nova \\ --description \"OpenStack Compute\" compute \u521b\u5efaNova API\u670d\u52a1endpoints\uff1a openstack endpoint create --region RegionOne \\ compute public http://controller:8774/v2.1 openstack endpoint create --region RegionOne \\ compute internal http://controller:8774/v2.1 openstack endpoint create --region RegionOne \\ compute admin http://controller:8774/v2.1 \u5b89\u88c5\u53ca\u914d\u7f6e\u7ec4\u4ef6 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a dnf install openstack-nova-api openstack-nova-conductor \\ openstack-nova-novncproxy openstack-nova-scheduler \u7f16\u8f91 /etc/nova/nova.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u5b8c\u6210\u5982\u4e0b\u64cd\u4f5c\uff1a \u5728 [default] \u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u4f7f\u7528controller\u8282\u70b9\u7ba1\u7406IP\u914d\u7f6emy_ip\uff0c\u663e\u5f0f\u5b9a\u4e49log_dir\uff1a [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 192.168.0.2 log_dir = /var/log/nova state_path = /var/lib/nova \u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002 \u5728 [api_database] \u548c [database] \u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1a [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova \u66ff\u6362 NOVA_DBPASS \u4e3anova\u76f8\u5173\u6570\u636e\u5e93\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u5728 [vnc] \u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1a [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip \u5728 [glance] \u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1a [glance] api_servers = http://controller:9292 \u5728 [oslo_concurrency] \u90e8\u5206\uff0c\u914d\u7f6elock path\uff1a [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\uff1a [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u6570\u636e\u5e93\u540c\u6b65\uff1a \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova \u542f\u52a8\u670d\u52a1 systemctl enable \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service Compute\u8282\u70b9 \u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-nova-compute \u7f16\u8f91 /etc/nova/nova.conf \u914d\u7f6e\u6587\u4ef6 \u5728 [default] \u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u4f7f\u7528Compute\u8282\u70b9\u7ba1\u7406IP\u914d\u7f6emy_ip\uff0c\u663e\u5f0f\u5b9a\u4e49compute_driver\u3001instances_path\u3001log_dir\uff1a [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 192.168.0.3 compute_driver = libvirt.LibvirtDriver instances_path = /var/lib/nova/instances log_dir = /var/log/nova \u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u5728 [vnc] \u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1a [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html \u5728 [glance] \u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1a [glance] api_servers = http://controller:9292 \u5728 [oslo_concurrency] \u90e8\u5206\uff0c\u914d\u7f6elock path\uff1a [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\uff1a [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86_64\uff09 \u5904\u7406\u5668\u4e3ax86_64\u67b6\u6784\u65f6\uff0c\u53ef\u901a\u8fc7\u8fd0\u884c\u5982\u4e0b\u547d\u4ee4\u786e\u8ba4\u662f\u5426\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662f\u9ed8\u8ba4\u7684KVM\u3002\u7f16\u8f91 /etc/nova/nova.conf \u7684 [libvirt] \u90e8\u5206\uff1a [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e\u3002 \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08arm64\uff09 \u5904\u7406\u5668\u4e3aarm64\u67b6\u6784\u65f6\uff0c\u53ef\u901a\u8fc7\u8fd0\u884c\u5982\u4e0b\u547d\u4ee4\u786e\u8ba4\u662f\u5426\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff1a virt-host-validate # \u8be5\u547d\u4ee4\u7531libvirt\u63d0\u4f9b\uff0c\u6b64\u65f6libvirt\u5e94\u5df2\u4f5c\u4e3aopenstack-nova-compute\u4f9d\u8d56\u88ab\u5b89\u88c5\uff0c\u73af\u5883\u4e2d\u5df2\u6709\u6b64\u547d\u4ee4 \u663e\u793aFAIL\u65f6\uff0c\u8868\u793a\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662f\u9ed8\u8ba4\u7684KVM\u3002 QEMU: Checking if device /dev/kvm exists: FAIL (Check that CPU and firmware supports virtualization and kvm module is loaded) \u7f16\u8f91 /etc/nova/nova.conf \u7684 [libvirt] \u90e8\u5206\uff1a [libvirt] virt_type = qemu \u663e\u793aPASS\u65f6\uff0c\u8868\u793a\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e\u3002 QEMU: Checking if device /dev/kvm exists: PASS \u914d\u7f6eqemu\uff08\u4ec5arm64\uff09 \u4ec5\u5f53\u5904\u7406\u5668\u4e3aarm64\u67b6\u6784\u65f6\u9700\u8981\u6267\u884c\u6b64\u64cd\u4f5c\u3002 \u7f16\u8f91 /etc/libvirt/qemu.conf : nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u7f16\u8f91 /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } \u542f\u52a8\u670d\u52a1 systemctl enable libvirtd.service openstack-nova-compute.service systemctl start libvirtd.service openstack-nova-compute.service Controller\u8282\u70b9 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u786e\u8ba4nova-compute\u670d\u52a1\u5df2\u8bc6\u522b\u5230\u6570\u636e\u5e93\u4e2d\uff1a openstack compute service list --service nova-compute \u53d1\u73b0\u8ba1\u7b97\u8282\u70b9\uff0c\u5c06\u8ba1\u7b97\u8282\u70b9\u6dfb\u52a0\u5230cell\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova \u7ed3\u679c\u5982\u4e0b\uff1a Modules with known eventlet monkey patching issues were imported prior to eventlet monkey patching: urllib3. This warning can usually be ignored if the caller is only importing and not executing nova code. Found 2 cell mappings. Skipping cell0 since it does not contain hosts. Getting computes from cell 'cell1': 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2 Checking host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e Creating host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e Found 1 unmapped computes in cell: 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2 \u9a8c\u8bc1 \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check","title":"Nova"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#neutron","text":"Neutron\u662fOpenStack\u7684\u7f51\u7edc\u670d\u52a1\uff0c\u63d0\u4f9b\u865a\u62df\u4ea4\u6362\u673a\u3001IP\u8def\u7531\u3001DHCP\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u670d\u52a1\u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u7528\u6237\u548c\u670d\u52a1\uff0c\u5e76\u8bb0\u4f4f\u521b\u5efaneutron\u7528\u6237\u65f6\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6eNEUTRON_PASS\uff1a source ~/.admin-openrc openstack user create --domain default --password-prompt neutron openstack role add --project service --user neutron admin openstack service create --name neutron --description \"OpenStack Networking\" network \u90e8\u7f72 Neutron API \u670d\u52a1\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 openstack endpoint create --region RegionOne network internal http://controller:9696 openstack endpoint create --region RegionOne network admin http://controller:9696 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install -y openstack-neutron openstack-neutron-linuxbridge ebtables ipset openstack-neutron-ml2 3. \u914d\u7f6eNeutron \u4fee\u6539/etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron [DEFAULT] core_plugin = ml2 service_plugins = router allow_overlapping_ips = true transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = nova password = NOVA_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp [experimental] linuxbridge = true \u914d\u7f6eML2\uff0cML2\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge** \u4fee\u6539/etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u4fee\u6539/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u914d\u7f6eLayer-3\u4ee3\u7406 \u4fee\u6539/etc/neutron/l3_agent.ini [DEFAULT] interface_driver = linuxbridge \u914d\u7f6eDHCP\u4ee3\u7406 \u4fee\u6539/etc/neutron/dhcp_agent.ini [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u914d\u7f6emetadata\u4ee3\u7406 \u4fee\u6539/etc/neutron/metadata_agent.ini [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u914d\u7f6enova\u670d\u52a1\u4f7f\u7528neutron\uff0c\u4fee\u6539/etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542fnova api\u670d\u52a1 systemctl restart openstack-nova-api \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service systemctl start neutron-server.service neutron-linuxbridge-agent.service \\ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service Compute\u8282\u70b9 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-neutron-linuxbridge ebtables ipset -y \u914d\u7f6eNeutron \u4fee\u6539/etc/neutron/neutron.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u4fee\u6539/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u914d\u7f6enova compute\u670d\u52a1\u4f7f\u7528neutron\uff0c\u4fee\u6539/etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS \u91cd\u542fnova-compute\u670d\u52a1 systemctl restart openstack-nova-compute.service \u542f\u52a8Neutron linuxbridge agent\u670d\u52a1 systemctl enable neutron-linuxbridge-agent systemctl start neutron-linuxbridge-agent","title":"Neutron"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#cinder","text":"Cinder\u662fOpenStack\u7684\u5b58\u50a8\u670d\u52a1\uff0c\u63d0\u4f9b\u5757\u8bbe\u5907\u7684\u521b\u5efa\u3001\u53d1\u653e\u3001\u5907\u4efd\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \uff1a \u521d\u59cb\u5316\u6570\u636e\u5e93 CINDER_DBPASS \u662f\u7528\u6237\u81ea\u5b9a\u4e49\u7684cinder\u6570\u636e\u5e93\u5bc6\u7801\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u521d\u59cb\u5316Keystone\u8d44\u6e90\u5bf9\u8c61 source ~/.admin-openrc #\u521b\u5efa\u7528\u6237\u65f6\uff0c\u547d\u4ee4\u884c\u4f1a\u63d0\u793a\u8f93\u5165\u5bc6\u7801\uff0c\u8bf7\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u5bc6\u7801\uff0c\u4e0b\u6587\u6d89\u53ca\u5230`CINDER_PASS`\u7684\u5730\u65b9\u66ff\u6362\u6210\u8be5\u5bc6\u7801\u5373\u53ef\u3002 openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s 3. \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-cinder-api openstack-cinder-scheduler \u4fee\u6539cinder\u914d\u7f6e\u6587\u4ef6 /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 192.168.0.2 [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp \u6570\u636e\u5e93\u540c\u6b65 su -s /bin/sh -c \"cinder-manage db sync\" cinder \u4fee\u6539nova\u914d\u7f6e /etc/nova/nova.conf [cinder] os_region_name = RegionOne \u542f\u52a8\u670d\u52a1 systemctl restart openstack-nova-api systemctl start openstack-cinder-api openstack-cinder-scheduler Storage\u8282\u70b9 \uff1a Storage\u8282\u70b9\u8981\u63d0\u524d\u51c6\u5907\u81f3\u5c11\u4e00\u5757\u786c\u76d8\uff0c\u4f5c\u4e3acinder\u7684\u5b58\u50a8\u540e\u7aef\uff0c\u4e0b\u6587\u9ed8\u8ba4storage\u8282\u70b9\u5df2\u7ecf\u5b58\u5728\u4e00\u5757\u672a\u4f7f\u7528\u7684\u786c\u76d8\uff0c\u8bbe\u5907\u540d\u79f0\u4e3a /dev/sdb \uff0c\u7528\u6237\u5728\u914d\u7f6e\u8fc7\u7a0b\u4e2d\uff0c\u8bf7\u6309\u7167\u771f\u5b9e\u73af\u5883\u4fe1\u606f\u8fdb\u884c\u540d\u79f0\u66ff\u6362\u3002 Cinder\u652f\u6301\u5f88\u591a\u7c7b\u578b\u7684\u540e\u7aef\u5b58\u50a8\uff0c\u672c\u6307\u5bfc\u4f7f\u7528\u6700\u7b80\u5355\u7684lvm\u4e3a\u53c2\u8003\uff0c\u5982\u679c\u60a8\u60f3\u4f7f\u7528\u5982ceph\u7b49\u5176\u4ed6\u540e\u7aef\uff0c\u8bf7\u81ea\u884c\u914d\u7f6e\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils openstack-cinder-volume openstack-cinder-backup \u914d\u7f6elvm\u5377\u7ec4 pvcreate /dev/sdb vgcreate cinder-volumes /dev/sdb \u4fee\u6539cinder\u914d\u7f6e /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 192.168.0.4 enabled_backends = lvm glance_api_servers = http://controller:9292 [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = cinder password = CINDER_PASS [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver volume_group = cinder-volumes target_protocol = iscsi target_helper = lioadm [oslo_concurrency] lock_path = /var/lib/cinder/tmp \u914d\u7f6ecinder backup \uff08\u53ef\u9009\uff09 cinder-backup\u662f\u53ef\u9009\u7684\u5907\u4efd\u670d\u52a1\uff0ccinder\u540c\u6837\u652f\u6301\u5f88\u591a\u79cd\u5907\u4efd\u540e\u7aef\uff0c\u672c\u6587\u4f7f\u7528swift\u5b58\u50a8\uff0c\u5982\u679c\u60a8\u60f3\u4f7f\u7528\u5982NFS\u7b49\u540e\u7aef\uff0c\u8bf7\u81ea\u884c\u914d\u7f6e\uff0c\u4f8b\u5982\u53ef\u4ee5\u53c2\u8003 OpenStack\u5b98\u65b9\u6587\u6863 \u5bf9NFS\u7684\u914d\u7f6e\u8bf4\u660e\u3002 \u4fee\u6539 /etc/cinder/cinder.conf \uff0c\u5728 [DEFAULT] \u4e2d\u65b0\u589e [DEFAULT] backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver backup_swift_url = SWIFT_URL \u8fd9\u91cc\u7684 SWIFT_URL \u662f\u6307\u73af\u5883\u4e2dswift\u670d\u52a1\u7684URL\uff0c\u5728\u90e8\u7f72\u5b8cswift\u670d\u52a1\u540e\uff0c\u6267\u884c openstack catalog show object-store \u547d\u4ee4\u83b7\u53d6\u3002 \u542f\u52a8\u670d\u52a1 systemctl start openstack-cinder-volume target systemctl start openstack-cinder-backup (\u53ef\u9009) \u81f3\u6b64\uff0cCinder\u670d\u52a1\u7684\u90e8\u7f72\u5df2\u5168\u90e8\u5b8c\u6210\uff0c\u53ef\u4ee5\u5728controller\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u8fdb\u884c\u7b80\u5355\u7684\u9a8c\u8bc1 source ~/.admin-openrc openstack storage service list openstack volume list","title":"Cinder"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#horizon","text":"Horizon\u662fOpenStack\u63d0\u4f9b\u7684\u524d\u7aef\u9875\u9762\uff0c\u53ef\u4ee5\u8ba9\u7528\u6237\u901a\u8fc7\u7f51\u9875\u9f20\u6807\u7684\u64cd\u4f5c\u6765\u63a7\u5236OpenStack\u96c6\u7fa4\uff0c\u800c\u4e0d\u7528\u7e41\u7410\u7684CLI\u547d\u4ee4\u884c\u3002Horizon\u4e00\u822c\u90e8\u7f72\u5728\u63a7\u5236\u8282\u70b9\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-dashboard \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] OPENSTACK_KEYSTONE_URL = \"http://controller:5000/v3\" SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f\u670d\u52a1 systemctl restart httpd \u81f3\u6b64\uff0chorizon\u670d\u52a1\u7684\u90e8\u7f72\u5df2\u5168\u90e8\u5b8c\u6210\uff0c\u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165 http://192.168.0.2/dashboard \uff0c\u6253\u5f00horizon\u767b\u5f55\u9875\u9762\u3002","title":"Horizon"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASS'; MariaDB [(none)]> exit Bye \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 \u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 \u66ff\u6362 IRONIC_PASS \u4e3aironic\u7528\u6237\u5bc6\u7801\uff0c IRONIC_INSPECTOR_PASS \u4e3aironic_inspector\u7528\u6237\u5bc6\u7801\u3002 openstack user create --password IRONIC_PASS \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASS --email ironic_inspector@example.com ironic-inspector openstack role add --project service --user ironic-inspector admin \u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal public http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal internal http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://192.168.0.2:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://192.168.0.2:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://192.168.0.2:5050/v1 \u5b89\u88c5\u7ec4\u4ef6 dnf install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf \u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASS \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQ LAlchemy connection string used to connect to the # database (string value) # connection = mysql+pymysql://ironic:IRONIC_DBPASS@DB_IP/ironic connection = mysql+pymysql://ironic:IRONIC_DBPASS@controller/ironic \u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) # transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq \u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASS \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s % (user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) # www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 www_authenticate_uri=http://controller:5000 # Complete admin Identity API endpoint. (string value) # auth_url=http://PRIVATE_IDENTITY_IP:5000 auth_url=http://controller:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASS # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none \u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema \u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 \u5982\u4e0b\u4e3aironic-conductor\u670d\u52a1\u81ea\u8eab\u7684\u6807\u51c6\u914d\u7f6e\uff0cironic-conductor\u670d\u52a1\u53ef\u4ee5\u4e0eironic-api\u670d\u52a1\u5206\u5e03\u4e8e\u4e0d\u540c\u8282\u70b9\uff0c\u672c\u6307\u5357\u4e2d\u5747\u90e8\u7f72\u4e0e\u63a7\u5236\u8282\u70b9\uff0c\u6240\u4ee5\u91cd\u590d\u7684\u914d\u7f6e\u9879\u53ef\u8df3\u8fc7\u3002 \u66ff\u6362\u4f7f\u7528conductor\u670d\u52a1\u6240\u5728host\u7684IP\u914d\u7f6emy_ip\uff1a [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) # my_ip=HOST_IP my_ip = 192.168.0.2 \u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASS \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASS@controller/ironic \u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq \u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c \u66ff\u6362IRONIC_PASS\u4e3aironic\u7528\u6237\u5bc6\u7801\u3002 [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASS # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public # \u5176\u4ed6\u53c2\u8003\u914d\u7f6e [glance] endpoint_override = http://controller:9292 www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 auth_type = password username = ironic password = IRONIC_PASS project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service [service_catalog] region_name = RegionOne project_domain_id = default user_domain_id = default project_name = service password = IRONIC_PASS username = ironic auth_url = http://controller:5000 auth_type = password \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] endpoint_override = <NEUTRON_API_ADDRESS> \u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 \u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u5b89\u88c5\u7ec4\u4ef6 dnf install openstack-ironic-inspector \u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASS'; MariaDB [(none)]> exit Bye \u914d\u7f6e /etc/ironic-inspector/inspector.conf \u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASS \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801 [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASS@controller/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 \u914d\u7f6e\u6d88\u606f\u961f\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s % (user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://controller:5000 www_authenticate_uri = http://controller:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = controller:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True \u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=192.168.0.40,192.168.0.50 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log \u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c \u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade \u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 dnf install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd deploy ramdisk\u955c\u50cf\u4e0b\u8f7d\u6216\u5236\u4f5c \u90e8\u7f72\u4e00\u4e2a\u88f8\u673a\u8282\u70b9\u603b\u5171\u9700\u8981\u4e24\u7ec4\u955c\u50cf\uff1adeploy ramdisk images\u548cuser images\u3002Deploy ramdisk images\u4e0a\u8fd0\u884c\u6709ironic-python-agent(IPA)\u670d\u52a1\uff0cIronic\u901a\u8fc7\u5b83\u8fdb\u884c\u88f8\u673a\u8282\u70b9\u7684\u73af\u5883\u51c6\u5907\u3002User images\u662f\u6700\u7ec8\u88ab\u5b89\u88c5\u88f8\u673a\u8282\u70b9\u4e0a\uff0c\u4f9b\u7528\u6237\u4f7f\u7528\u7684\u955c\u50cf\u3002 ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent-builder\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002\u82e5\u4f7f\u7528\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \uff0c\u540c\u65f6\u5b98\u65b9\u4e5f\u6709\u63d0\u4f9b\u5236\u4f5c\u597d\u7684deploy\u955c\u50cf\uff0c\u53ef\u5c1d\u8bd5\u4e0b\u8f7d\u3002 \u4e0b\u6587\u4ecb\u7ecd\u901a\u8fc7ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder dnf install python3-ironic-python-agent-builder \u6216 pip3 install ironic-python-agent-builder dnf install qemu-img git \u5236\u4f5c\u955c\u50cf \u57fa\u672c\u7528\u6cd5\uff1a usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--lzma] [--extra-args EXTRA_ARGS] [--elements-path ELEMENTS_PATH] distribution positional arguments: distribution Distribution to use options: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic-python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --lzma Use lzma compression for smaller images --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder --elements-path ELEMENTS_PATH Path(s) to custom DIB elements separated by a colon \u64cd\u4f5c\u5b9e\u4f8b\uff1a # -o\u9009\u9879\u6307\u5b9a\u751f\u6210\u7684\u955c\u50cf\u540d # ubuntu\u6307\u5b9a\u751f\u6210ubuntu\u7cfb\u7edf\u7684\u955c\u50cf ironic-python-agent-builder -o my-ubuntu-ipa ubuntu \u53ef\u901a\u8fc7\u8bbe\u7f6e ARCH \u73af\u5883\u53d8\u91cf\uff08\u9ed8\u8ba4\u4e3aamd64\uff09\u6307\u5b9a\u6240\u6784\u5efa\u955c\u50cf\u7684\u67b6\u6784\u3002\u5982\u679c\u662f arm \u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a export ARCH=aarch64 \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf,\u8bbe\u7f6e\u7528\u6237\u540d\u3001\u5bc6\u7801\uff0c\u542f\u7528 sodo \u6743\u9650\uff1b\u5e76\u6dfb\u52a0 -e \u9009\u9879\u4f7f\u7528\u76f8\u5e94\u7684DIB\u5143\u7d20\u3002\u5236\u4f5c\u955c\u50cf\u64cd\u4f5c\u5982\u4e0b\uff1a export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder -o my-ssh-ubuntu-ipa -e selinux-permissive -e devuser ubuntu \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=stable/2023.1 # \u6307\u5b9a\u672c\u5730\u4ed3\u5e93\u53ca\u5206\u652f DIB_REPOLOCATION_ironic_python_agent=/home/user/path/to/repo DIB_REPOREF_ironic_python_agent=my-test-branch ironic-python-agent-builder ubuntu \u53c2\u8003\uff1a source-repositories \u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\u3002 \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a \u5f53\u524d\u7248\u672c\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ ramdisk\u955c\u50cf\u4e2d\u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 \u7f16\u8f91/usr/lib/systemd/system/ironic-python-agent.service\u6587\u4ef6 [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target","title":"Ironic"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2atrove\u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684trove\u6570\u636e\u5e93\uff0c\u66ff\u6362TROVE_DBPASS\u4e3a\u5408\u9002\u7684\u5bc6\u7801\u3002 CREATE DATABASE trove CHARACTER SET utf8; GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' IDENTIFIED BY 'TROVE_DBPASS'; GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' IDENTIFIED BY 'TROVE_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 # \u521b\u5efatrove\u7528\u6237 openstack user create --domain default --password-prompt trove # \u6dfb\u52a0admin\u89d2\u8272 openstack role add --project service --user trove admin # \u521b\u5efadatabase\u670d\u52a1 openstack service create --name trove --description \"Database service\" database \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5Trove\u3002 dnf install openstack-trove python-troveclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 \u7f16\u8f91/etc/trove/trove.conf\u3002 [DEFAULT] bind_host=192.168.0.2 log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver network_label_regex=.* management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] auth_url = http://controller:5000/v3/ auth_type = password project_domain_name = Default project_name = service user_domain_name = Default password = trove username = TROVE_PASS [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = trove password = TROVE_PASS [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u63a7\u5236\u8282\u70b9\u7684IP\u3002\\ transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801\u3002\\ [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f\u3002\\ Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801\u3002 \u7f16\u8f91/etc/trove/trove-guestagent.conf\u3002 [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df\u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a\u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002\\ transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801\u3002\\ Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801\u3002\\ \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 \u6570\u636e\u5e93\u540c\u6b65\u3002 su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-trove-api.service openstack-trove-taskmanager.service \\ openstack-trove-conductor.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#swift","text":"Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 Controller\u8282\u70b9 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 # \u521b\u5efaswift\u7528\u6237 openstack user create --domain default --password-prompt swift # \u6dfb\u52a0admin\u89d2\u8272 openstack role add --project service --user swift admin # \u521b\u5efa\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5Swift\u3002 dnf install openstack-swift-proxy python3-swiftclient python3-keystoneclient \\ python3-keystonemiddleware memcached \u914d\u7f6eproxy-server\u3002 Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cSWIFT_PASS\u5373\u53ef\u3002 vim /etc/swift/proxy-server.conf [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = swift password = SWIFT_PASS delay_auth_decision = True service_token_roles_required = True Storage\u8282\u70b9 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305\u3002 dnf install openstack-swift-account openstack-swift-container openstack-swift-object dnf install xfsprogs rsync \u5c06\u8bbe\u5907/dev/sdb\u548c/dev/sdc\u683c\u5f0f\u5316\u4e3aXFS\u3002 mkfs.xfs /dev/sdb mkfs.xfs /dev/sdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u3002 mkdir -p /srv/node/sdb mkdir -p /srv/node/sdc \u627e\u5230\u65b0\u5206\u533a\u7684UUID\u3002 blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d\u3002 UUID=\"<UUID-from-output-above>\" /srv/node/sdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/sdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\u3002 mount /srv/node/sdb mount /srv/node/sdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e\u3002 \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u914d\u7f6e\u5b58\u50a8\u8282\u70b9\u3002 \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 [DEFAULT] bind_ip = 192.168.0.4 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743\u3002 chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\u3002 mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift Controller\u8282\u70b9\u521b\u5efa\u5e76\u5206\u53d1\u73af \u521b\u5efa\u8d26\u53f7\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840 account.builder \u6587\u4ef6\u3002 swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder account.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS \\ --port 6202 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u8d26\u53f7\u73af\u5185\u5bb9\u3002 swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u8d26\u53f7\u73af\u3002 swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\u3002 swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder container.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u5bb9\u5668\u73af\u5185\u5bb9\u3002 swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u5bb9\u5668\u73af\u3002 swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\u3002 swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder object.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS \\ --port 6200 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u5bf9\u8c61\u73af\u5185\u5bb9\u3002 swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u5bf9\u8c61\u73af\u3002 swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\u3002 \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/swift/swift.conf\u3002 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\u3002 chown -R root:swift /etc/swift \u5b8c\u6210\u5b89\u88c5 \u5728\u63a7\u5236\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\u3002 systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\u3002 systemctl enable openstack-swift-account.service \\ openstack-swift-account-auditor.service \\ openstack-swift-account-reaper.service \\ openstack-swift-account-replicator.service \\ openstack-swift-container.service \\ openstack-swift-container-auditor.service \\ openstack-swift-container-replicator.service \\ openstack-swift-container-updater.service \\ openstack-swift-object.service \\ openstack-swift-object-auditor.service \\ openstack-swift-object-replicator.service \\ openstack-swift-object-updater.service systemctl start openstack-swift-account.service \\ openstack-swift-account-auditor.service \\ openstack-swift-account-reaper.service \\ openstack-swift-account-replicator.service \\ openstack-swift-container.service \\ openstack-swift-container-auditor.service \\ openstack-swift-container-replicator.service \\ openstack-swift-container-updater.service \\ openstack-swift-object.service \\ openstack-swift-object-auditor.service \\ openstack-swift-object-replicator.service \\ openstack-swift-object-updater.service","title":"Swift"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#cyborg","text":"Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 Controller\u8282\u70b9 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 mysql -u root -p MariaDB [(none)]> CREATE DATABASE cyborg; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u7528\u6237\u548c\u670d\u52a1\uff0c\u5e76\u8bb0\u4f4f\u521b\u5efacybory\u7528\u6237\u65f6\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6eCYBORG_PASS source ~/.admin-openrc openstack user create --domain default --password-prompt cyborg openstack role add --project service --user cyborg admin openstack service create --name cyborg --description \"Acceleration Service\" accelerator \u4f7f\u7528uwsgi\u90e8\u7f72Cyborg api\u670d\u52a1 openstack endpoint create --region RegionOne accelerator public http://controller/accelerator/v2 openstack endpoint create --region RegionOne accelerator internal http://controller/accelerator/v2 openstack endpoint create --region RegionOne accelerator admin http://controller/accelerator/v2 \u5b89\u88c5Cyborg dnf install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [api] host_ip = 0.0.0.0 [database] connection = mysql+pymysql://cyborg:CYBORG_DBPASS@controller/cyborg [service_catalog] cafile = /opt/stack/data/ca-bundle.pem project_domain_id = default user_domain_id = default project_name = service password = CYBORG_PASS username = cyborg auth_url = http://controller:5000/v3/ auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = password username = PLACEMENT_PASS auth_url = http://controller:5000/v3/ auth_type = password auth_section = keystone_authtoken [nova] project_domain_name = Default project_name = service user_domain_name = Default password = NOVA_PASS username = nova auth_url = http://controller:5000/v3/ auth_type = password auth_section = keystone_authtoken [keystone_authtoken] memcached_servers = localhost:11211 signing_dir = /var/cache/cyborg/api cafile = /opt/stack/data/ca-bundle.pem project_domain_name = Default project_name = service user_domain_name = Default password = CYBORG_PASS username = cyborg auth_url = http://controller:5000/v3/ auth_type = password \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent","title":"Cyborg"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#aodh","text":"Aodh\u53ef\u4ee5\u6839\u636e\u7531Ceilometer\u6216\u8005Gnocchi\u6536\u96c6\u7684\u76d1\u63a7\u6570\u636e\u521b\u5efa\u544a\u8b66\uff0c\u5e76\u8bbe\u7f6e\u89e6\u53d1\u89c4\u5219\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh\u3002 dnf install openstack-aodh-api openstack-aodh-evaluator \\ openstack-aodh-notifier openstack-aodh-listener \\ openstack-aodh-expirer python3-aodhclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/aodh/aodh.conf [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u540c\u6b65\u6570\u636e\u5e93\u3002 aodh-dbsync \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service \\ openstack-aodh-notifier.service openstack-aodh-listener.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service \\ openstack-aodh-notifier.service openstack-aodh-listener.service","title":"Aodh"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#gnocchi","text":"Gnocchi\u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u65f6\u95f4\u5e8f\u5217\u6570\u636e\u5e93\uff0c\u53ef\u4ee5\u5bf9\u63a5Ceilometer\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi\u3002 dnf install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. # coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u540c\u6b65\u6570\u636e\u5e93\u3002 gnocchi-upgrade \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service","title":"Gnocchi"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#ceilometer","text":"Ceilometer\u662fOpenStack\u4e2d\u8d1f\u8d23\u6570\u636e\u6536\u96c6\u7684\u670d\u52a1\u3002 Controller\u8282\u70b9 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer\u8f6f\u4ef6\u5305\u3002 dnf install openstack-ceilometer-notification openstack-ceilometer-central \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/pipeline.yaml\u3002 publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/ceilometer.conf\u3002 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u6570\u636e\u5e93\u540c\u6b65\u3002 ceilometer-upgrade \u5b8c\u6210\u63a7\u5236\u8282\u70b9Ceilometer\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Compute\u8282\u70b9 \u5b89\u88c5Ceilometer\u8f6f\u4ef6\u5305\u3002 dnf install openstack-ceilometer-compute dnf install openstack-ceilometer-ipmi # \u53ef\u9009 \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/ceilometer.conf\u3002 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_url = http://controller:5000 project_domain_id = default user_domain_id = default auth_type = password username = ceilometer project_name = service password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/nova/nova.conf\u3002 [DEFAULT] instance_usage_audit = True instance_usage_audit_period = hour [notifications] notify_on_state_change = vm_and_task_state [oslo_messaging_notifications] driver = messagingv2 \u5b8c\u6210\u5b89\u88c5\u3002 systemctl enable openstack-ceilometer-compute.service systemctl start openstack-ceilometer-compute.service systemctl enable openstack-ceilometer-ipmi.service # \u53ef\u9009 systemctl start openstack-ceilometer-ipmi.service # \u53ef\u9009 # \u91cd\u542fnova-compute\u670d\u52a1 systemctl restart openstack-nova-compute.service","title":"Ceilometer"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#heat","text":"Heat\u662f OpenStack \u81ea\u52a8\u7f16\u6392\u670d\u52a1\uff0c\u57fa\u4e8e\u63cf\u8ff0\u6027\u7684\u6a21\u677f\u6765\u7f16\u6392\u590d\u5408\u4e91\u5e94\u7528\uff0c\u4e5f\u79f0\u4e3a Orchestration Service \u3002Heat \u7684\u5404\u670d\u52a1\u4e00\u822c\u5b89\u88c5\u5728 Controller \u8282\u70b9\u4e0a\u3002 Controller\u8282\u70b9 \u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE heat; MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 source ~/.admin-openrc openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f \u521b\u5efa heat domain openstack domain create --description \"Stack projects and users\" heat \u5728 heat domain\u4e0b\u521b\u5efa heat_domain_admin \u7528\u6237\uff0c\u5e76\u8bb0\u4e0b\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6e\u4e0b\u9762\u7684 HEAT_DOMAIN_PASS openstack user create --domain heat --password-prompt heat_domain_admin \u4e3a heat_domain_admin \u7528\u6237\u589e\u52a0 admin \u89d2\u8272 openstack role add --domain heat --user-domain heat --user heat_domain_admin admin \u521b\u5efa heat_stack_owner \u89d2\u8272 openstack role create heat_stack_owner \u521b\u5efa heat_stack_user \u89d2\u8272 openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service","title":"Heat"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 Controller\u8282\u70b9 \uff1a \u5b89\u88c5Tempest dnf install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Antelope\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a dnf install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin","title":"Tempest"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#openstack-sigoos","text":"oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 yum install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff0cAK/SK\u662f\u7528\u6237\u7684\u534e\u4e3a\u4e91\u767b\u5f55\u5bc6\u94a5\uff0c\u5176\u4ed6\u914d\u7f6e\u4fdd\u6301\u9ed8\u8ba4\u5373\u53ef\uff08\u9ed8\u8ba4\u4f7f\u7528\u65b0\u52a0\u5761region\uff09\uff0c\u9700\u8981\u63d0\u524d\u5728\u4e91\u4e0a\u521b\u5efa\u5bf9\u5e94\u7684\u8d44\u6e90\uff0c\u5305\u62ec\uff1a \u4e00\u4e2a\u5b89\u5168\u7ec4\uff0c\u540d\u5b57\u9ed8\u8ba4\u662f oos \u4e00\u4e2aopenEuler\u955c\u50cf\uff0c\u540d\u79f0\u683c\u5f0f\u662fopenEuler-%(release)s-%(arch)s\uff0c\u4f8b\u5982 openEuler-24.03-sp1-arm64 \u4e00\u4e2aVPC\uff0c\u540d\u79f0\u662f oos_vpc \u8be5VPC\u4e0b\u9762\u4e24\u4e2a\u5b50\u7f51\uff0c\u540d\u79f0\u662f oos_subnet1 \u3001 oos_subnet2 [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668(\u53ea\u5728openEuler LTS\u4e0a\u652f\u6301) \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0|openEuler 24.03 LTS SP1\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 24.03-lts-sp1 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r antelope \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u6267\u884ctempest\u6d4b\u8bd5 \u7528\u6237\u53ef\u4ee5\u4f7f\u7528oos\u81ea\u52a8\u6267\u884c\uff1a oos env test test-oos \u4e5f\u53ef\u4ee5\u624b\u52a8\u767b\u5f55\u76ee\u6807\u8282\u70b9\uff0c\u8fdb\u5165\u6839\u76ee\u5f55\u4e0b\u7684 mytest \u76ee\u5f55\uff0c\u624b\u52a8\u6267\u884c tempest run \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u8df3\u8fc7\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u5728\u7b2c4\u6b65\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 \u88ab\u7eb3\u7ba1\u7684\u865a\u673a\u9700\u8981\u4fdd\u8bc1\uff1a \u81f3\u5c11\u6709\u4e00\u5f20\u7ed9oos\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e neutron_dataplane_interface_name \u81f3\u5c11\u6709\u4e00\u5757\u7ed9oos\u4f7f\u7528\u7684\u786c\u76d8\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e cinder_block_device \u5982\u679c\u8981\u90e8\u7f72swift\u670d\u52a1\uff0c\u5219\u9700\u8981\u65b0\u589e\u4e00\u5757\u786c\u76d8\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e swift_storage_devices # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 24.03-lts-sp1 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"\u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u90e8\u7f72"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/","text":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 OpenStack \u7b80\u4ecb \u00b6 OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 24.03-LTS-SP1 \u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Wallaby \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002 \u7ea6\u5b9a \u00b6 OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a CinderSP1 Nova Neutron \u51c6\u5907\u73af\u5883 \u00b6 \u73af\u5883\u914d\u7f6e \u00b6 \u914d\u7f6e 24.03 LTS SP1 \u5b98\u65b9 yum \u6e90\uff0c\u9700\u8981\u542f\u7528 EPOL \u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301 OpenStack yum update yum install openstack-release-wallaby yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP1/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-24.03-LTS-SP1/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute \u5b89\u88c5 SQL DataBase \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef \u5b89\u88c5 RabbitMQ \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5 Memcached \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u5b89\u88c5 OpenStack \u00b6 Keystone \u5b89\u88c5 \u00b6 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Placement\u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a source ~/.admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name Nova \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [libvirt] virt_type = qemu (CPT) cpu_mode = custom (CPT) cpu_model = cortex-a72 (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] vim /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } (CPT) \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL) Neutron \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service systemctl enable neutron-l3-agent.service systemctl restart openstack-nova-api.service neutron-server.service (CTL) neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list Cinder \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list horizon \u5b89\u88c5 \u00b6 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740 Tempest \u5b89\u88c5 \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Wallaby\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin Ironic \u5b89\u88c5 \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://172.20.19.13:5050/v1 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop transport_url = rabbit://openstack:RABBITPASSWD@controller:5672/ enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:123456@172.20.19.25:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 3\u3001\u914d\u7f6e\u6d88\u606f\u5ea6\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 4\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://control:5000 www_authenticate_uri = http://control:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = control:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True 5\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 6\u3001\u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c 7\u3001\u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\uff1a ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade 8\u3001\u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service 6.\u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7.deploy ramdisk\u955c\u50cf\u5236\u4f5c W\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528W\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\uff0c\u5982\u4e0b\uff1a \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a ![ironic-err](../../img/install/ironic-err.png) \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a w\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 1. \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a ``` [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ``` 2) ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 ``` [DEFAULT] enable_auto_tls = False ``` \u8bbe\u7f6e\u6743\u9650\uff1a ``` chown -R ipa.ipa /etc/ironic_python_agent/ ``` 3. \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service ``` [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target ``` Kolla \u5b89\u88c5 \u00b6 Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 24.03 LTS SP1\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002 Trove \u5b89\u88c5 \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 1.\u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; 2.\u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s 3.\u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 yum install openstack-trove python-troveclient 2. \u914d\u7f6e trove.conf vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] project_domain_name = Default project_name = service user_domain_name = Default password = trove username = trove auth_url = http://controller:5000/v3/ auth_type = password [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = trove project_domain_name = Default user_domain_name = Default username = trove [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 3.\u914d\u7f6e trove-guestagent.conf vim /etc/trove/trove-guestagent.conf [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 4.\u751f\u6210\u6570\u636e Trove \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"trove-manage db_sync\" trove 4.\u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Swift \u5b89\u88c5 \u00b6 Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** 4.\u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: ```shell yum install xfsprogs rsync ``` \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS ```shell mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc ``` \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: ```shell mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc ``` \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: ```shell blkid ``` \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: ```shell UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 ``` \u6302\u8f7d\u8bbe\u5907\uff1a ```shell mount /srv/node/vdb mount /srv/node/vdc ``` ***\u6ce8\u610f*** **\u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e** \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: ```shell [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock ``` **\u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740** \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: ```shell systemctl enable rsyncd.service systemctl start rsyncd.service ``` 5.\u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: ```shell yum install openstack-swift-account openstack-swift-container openstack-swift-object ``` \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: ```shell chown -R swift:swift /srv/node ``` \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a ```shell mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift ``` 6.\u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 ```shell cd /etc/swift ``` \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: ```shell swift-ring-builder account.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a ```shell swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f *** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder account.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder account.builder rebalance ``` 7.\u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230`/etc/swift`\u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840`container.builder`\u6587\u4ef6\uff1a ```shell swift-ring-builder container.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a ```shell swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f*** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder container.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder container.builder rebalance ``` 8.\u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230`/etc/swift`\u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840`object.builder`\u6587\u4ef6\uff1a ```shell swift-ring-builder object.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d ```shell swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f *** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder object.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder object.builder rebalance ``` \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06`account.ring.gz`\uff0c`container.ring.gz`\u4ee5\u53ca `object.ring.gz`\u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684`/etc/swift`\u76ee\u5f55\u3002 9.\u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service Cyborg \u5b89\u88c5 \u00b6 Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 1.\u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 3.\u5b89\u88c5Cyborg yum install openstack-cyborg 4.\u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f 5.\u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade 6.\u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent Aodh \u5b89\u88c5 \u00b6 1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 3.\u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u6ce8\u610f aodh\u4f9d\u8d56\u7684\u8f6f\u4ef6\u5305pytho3-pyparsing\u5728openEuler\u7684OS\u4ed3\u4e0d\u9002\u914d\uff0c\u9700\u8981\u8986\u76d6\u5b89\u88c5OpenStack\u5bf9\u5e94\u7248\u672c\uff0c\u53ef\u4ee5\u4f7f\u7528 yum list |grep pyparsing |grep OpenStack | awk '{print $2}' \u83b7\u53d6\u5bf9\u5e94\u7684\u7248\u672c VERSION,\u7136\u540e\u518d yum install -y python3-pyparsing-VERSION \u8986\u76d6\u5b89\u88c5\u9002\u914d\u7684pyparsing 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync 6.\u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service Gnocchi \u5b89\u88c5 \u00b6 1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 3.\u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade 6.\u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service Ceilometer \u5b89\u88c5 \u00b6 1.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering 2.\u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central 3.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade 6.\u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Heat \u5b89\u88c5 \u00b6 1.\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; 2.\u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin 3.\u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 4.\u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user 5.\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine 6.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 7.\u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat 8.\u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 \u00b6 oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 yum install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 24.03-LTS-SP1\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 24.03-lts-sp1 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r wallaby \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 24.03-lts-sp1 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"openEuler-24.03-LTS-SP1_Wallaby"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#openstack-wallaby","text":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72","title":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#openstack","text":"OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 24.03-LTS-SP1 \u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Wallaby \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002","title":"OpenStack \u7b80\u4ecb"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#_1","text":"OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a CinderSP1 Nova Neutron","title":"\u7ea6\u5b9a"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#_2","text":"","title":"\u51c6\u5907\u73af\u5883"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#_3","text":"\u914d\u7f6e 24.03 LTS SP1 \u5b98\u65b9 yum \u6e90\uff0c\u9700\u8981\u542f\u7528 EPOL \u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301 OpenStack yum update yum install openstack-release-wallaby yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP1/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-24.03-LTS-SP1/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute","title":"\u73af\u5883\u914d\u7f6e"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#sql-database","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef","title":"\u5b89\u88c5 SQL DataBase"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#rabbitmq","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5 RabbitMQ"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#memcached","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002","title":"\u5b89\u88c5 Memcached"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#openstack_1","text":"","title":"\u5b89\u88c5 OpenStack"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#keystone","text":"\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#glance","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#placement","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a source ~/.admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name","title":"Placement\u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#nova","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [libvirt] virt_type = qemu (CPT) cpu_mode = custom (CPT) cpu_model = cortex-a72 (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] vim /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } (CPT) \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL)","title":"Nova \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#neutron","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service systemctl enable neutron-l3-agent.service systemctl restart openstack-nova-api.service neutron-server.service (CTL) neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list","title":"Neutron \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#cinder","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list","title":"Cinder \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#horizon","text":"\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740","title":"horizon \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Wallaby\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin","title":"Tempest \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://172.20.19.13:5050/v1 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop transport_url = rabbit://openstack:RABBITPASSWD@controller:5672/ enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:123456@172.20.19.25:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 3\u3001\u914d\u7f6e\u6d88\u606f\u5ea6\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 4\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://control:5000 www_authenticate_uri = http://control:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = control:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True 5\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 6\u3001\u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c 7\u3001\u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\uff1a ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade 8\u3001\u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service 6.\u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7.deploy ramdisk\u955c\u50cf\u5236\u4f5c W\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528W\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\uff0c\u5982\u4e0b\uff1a \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a ![ironic-err](../../img/install/ironic-err.png) \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a w\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 1. \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a ``` [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ``` 2) ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 ``` [DEFAULT] enable_auto_tls = False ``` \u8bbe\u7f6e\u6743\u9650\uff1a ``` chown -R ipa.ipa /etc/ironic_python_agent/ ``` 3. \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service ``` [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target ```","title":"Ironic \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#kolla","text":"Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 24.03 LTS SP1\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002","title":"Kolla \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 1.\u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; 2.\u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s 3.\u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 yum install openstack-trove python-troveclient 2. \u914d\u7f6e trove.conf vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] project_domain_name = Default project_name = service user_domain_name = Default password = trove username = trove auth_url = http://controller:5000/v3/ auth_type = password [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = trove project_domain_name = Default user_domain_name = Default username = trove [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 3.\u914d\u7f6e trove-guestagent.conf vim /etc/trove/trove-guestagent.conf [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 4.\u751f\u6210\u6570\u636e Trove \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"trove-manage db_sync\" trove 4.\u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#swift","text":"Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** 4.\u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: ```shell yum install xfsprogs rsync ``` \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS ```shell mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc ``` \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: ```shell mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc ``` \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: ```shell blkid ``` \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: ```shell UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 ``` \u6302\u8f7d\u8bbe\u5907\uff1a ```shell mount /srv/node/vdb mount /srv/node/vdc ``` ***\u6ce8\u610f*** **\u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e** \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: ```shell [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock ``` **\u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740** \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: ```shell systemctl enable rsyncd.service systemctl start rsyncd.service ``` 5.\u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: ```shell yum install openstack-swift-account openstack-swift-container openstack-swift-object ``` \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: ```shell chown -R swift:swift /srv/node ``` \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a ```shell mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift ``` 6.\u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 ```shell cd /etc/swift ``` \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: ```shell swift-ring-builder account.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a ```shell swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f *** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder account.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder account.builder rebalance ``` 7.\u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230`/etc/swift`\u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840`container.builder`\u6587\u4ef6\uff1a ```shell swift-ring-builder container.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a ```shell swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f*** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder container.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder container.builder rebalance ``` 8.\u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230`/etc/swift`\u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840`object.builder`\u6587\u4ef6\uff1a ```shell swift-ring-builder object.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d ```shell swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f *** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder object.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder object.builder rebalance ``` \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06`account.ring.gz`\uff0c`container.ring.gz`\u4ee5\u53ca `object.ring.gz`\u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684`/etc/swift`\u76ee\u5f55\u3002 9.\u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service","title":"Swift \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#cyborg","text":"Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 1.\u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 3.\u5b89\u88c5Cyborg yum install openstack-cyborg 4.\u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f 5.\u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade 6.\u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent","title":"Cyborg \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#aodh","text":"1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 3.\u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u6ce8\u610f aodh\u4f9d\u8d56\u7684\u8f6f\u4ef6\u5305pytho3-pyparsing\u5728openEuler\u7684OS\u4ed3\u4e0d\u9002\u914d\uff0c\u9700\u8981\u8986\u76d6\u5b89\u88c5OpenStack\u5bf9\u5e94\u7248\u672c\uff0c\u53ef\u4ee5\u4f7f\u7528 yum list |grep pyparsing |grep OpenStack | awk '{print $2}' \u83b7\u53d6\u5bf9\u5e94\u7684\u7248\u672c VERSION,\u7136\u540e\u518d yum install -y python3-pyparsing-VERSION \u8986\u76d6\u5b89\u88c5\u9002\u914d\u7684pyparsing 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync 6.\u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service","title":"Aodh \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#gnocchi","text":"1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 3.\u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade 6.\u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service","title":"Gnocchi \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#ceilometer","text":"1.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering 2.\u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central 3.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade 6.\u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service","title":"Ceilometer \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#heat","text":"1.\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; 2.\u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin 3.\u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 4.\u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user 5.\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine 6.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 7.\u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat 8.\u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service","title":"Heat \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#openstack-sigoos","text":"oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 yum install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 24.03-LTS-SP1\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 24.03-lts-sp1 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r wallaby \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 24.03-lts-sp1 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"\u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/","text":"OpenStack Antelope \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack Antelope \u90e8\u7f72\u6307\u5357 \u57fa\u4e8eRPM\u90e8\u7f72 \u73af\u5883\u51c6\u5907 \u65f6\u949f\u540c\u6b65 \u5b89\u88c5\u6570\u636e\u5e93 \u5b89\u88c5\u6d88\u606f\u961f\u5217 \u5b89\u88c5\u7f13\u5b58\u670d\u52a1 \u90e8\u7f72\u670d\u52a1 Keystone Glance Placement Nova Neutron Cinder Horizon Ironic Trove Swift Cyborg Aodh Gnocchi Ceilometer Heat Tempest \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u90e8\u7f72 \u672c\u6587\u6863\u662f openEuler OpenStack SIG \u7f16\u5199\u7684\u57fa\u4e8e |openEuler 24.03 LTS SP2 \u7684 OpenStack \u90e8\u7f72\u6307\u5357\uff0c\u5185\u5bb9\u7531 SIG \u8d21\u732e\u8005\u63d0\u4f9b\u3002\u5728\u9605\u8bfb\u8fc7\u7a0b\u4e2d\uff0c\u5982\u679c\u60a8\u6709\u4efb\u4f55\u7591\u95ee\u6216\u8005\u53d1\u73b0\u4efb\u4f55\u95ee\u9898\uff0c\u8bf7 \u8054\u7cfb SIG\u7ef4\u62a4\u4eba\u5458\uff0c\u6216\u8005\u76f4\u63a5 \u63d0\u4ea4issue \u7ea6\u5b9a \u672c\u7ae0\u8282\u63cf\u8ff0\u6587\u6863\u4e2d\u7684\u4e00\u4e9b\u901a\u7528\u7ea6\u5b9a\u3002 \u540d\u79f0 \u5b9a\u4e49 RABBIT_PASS rabbitmq\u7684\u5bc6\u7801\uff0c\u7531\u7528\u6237\u8bbe\u7f6e\uff0c\u5728OpenStack\u5404\u4e2a\u670d\u52a1\u914d\u7f6e\u4e2d\u4f7f\u7528 CINDER_PASS cinder\u670d\u52a1keystone\u7528\u6237\u7684\u5bc6\u7801\uff0c\u5728cinder\u914d\u7f6e\u4e2d\u4f7f\u7528 CINDER_DBPASS cinder\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728cinder\u914d\u7f6e\u4e2d\u4f7f\u7528 KEYSTONE_DBPASS keystone\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728keystone\u914d\u7f6e\u4e2d\u4f7f\u7528 GLANCE_PASS glance\u670d\u52a1keystone\u7528\u6237\u7684\u5bc6\u7801\uff0c\u5728glance\u914d\u7f6e\u4e2d\u4f7f\u7528 GLANCE_DBPASS glance\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728glance\u914d\u7f6e\u4e2d\u4f7f\u7528 HEAT_PASS \u5728keystone\u6ce8\u518c\u7684heat\u7528\u6237\u5bc6\u7801\uff0c\u5728heat\u914d\u7f6e\u4e2d\u4f7f\u7528 HEAT_DBPASS heat\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728heat\u914d\u7f6e\u4e2d\u4f7f\u7528 CYBORG_PASS \u5728keystone\u6ce8\u518c\u7684cyborg\u7528\u6237\u5bc6\u7801\uff0c\u5728cyborg\u914d\u7f6e\u4e2d\u4f7f\u7528 CYBORG_DBPASS cyborg\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728cyborg\u914d\u7f6e\u4e2d\u4f7f\u7528 NEUTRON_PASS \u5728keystone\u6ce8\u518c\u7684neutron\u7528\u6237\u5bc6\u7801\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 NEUTRON_DBPASS neutron\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 PROVIDER_INTERFACE_NAME \u7269\u7406\u7f51\u7edc\u63a5\u53e3\u7684\u540d\u79f0\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 OVERLAY_INTERFACE_IP_ADDRESS Controller\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406ip\u5730\u5740\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 METADATA_SECRET metadata proxy\u7684secret\u5bc6\u7801\uff0c\u5728nova\u548cneutron\u914d\u7f6e\u4e2d\u4f7f\u7528 PLACEMENT_DBPASS placement\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728placement\u914d\u7f6e\u4e2d\u4f7f\u7528 PLACEMENT_PASS \u5728keystone\u6ce8\u518c\u7684placement\u7528\u6237\u5bc6\u7801\uff0c\u5728placement\u914d\u7f6e\u4e2d\u4f7f\u7528 NOVA_DBPASS nova\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728nova\u914d\u7f6e\u4e2d\u4f7f\u7528 NOVA_PASS \u5728keystone\u6ce8\u518c\u7684nova\u7528\u6237\u5bc6\u7801\uff0c\u5728nova,cyborg,neutron\u7b49\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_DBPASS ironic\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728ironic\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_PASS \u5728keystone\u6ce8\u518c\u7684ironic\u7528\u6237\u5bc6\u7801\uff0c\u5728ironic\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_INSPECTOR_DBPASS ironic-inspector\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728ironic-inspector\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_INSPECTOR_PASS \u5728keystone\u6ce8\u518c\u7684ironic-inspector\u7528\u6237\u5bc6\u7801\uff0c\u5728ironic-inspector\u914d\u7f6e\u4e2d\u4f7f\u7528 OpenStack SIG \u63d0\u4f9b\u4e86\u591a\u79cd\u57fa\u4e8e openEuler \u90e8\u7f72 OpenStack \u7684\u65b9\u6cd5\uff0c\u4ee5\u6ee1\u8db3\u4e0d\u540c\u7684\u7528\u6237\u573a\u666f\uff0c\u8bf7\u6309\u9700\u9009\u62e9\u3002 \u57fa\u4e8eRPM\u90e8\u7f72 \u00b6 \u73af\u5883\u51c6\u5907 \u00b6 \u672c\u6587\u6863\u57fa\u4e8eOpenStack\u7ecf\u5178\u7684\u4e09\u8282\u70b9\u73af\u5883\u8fdb\u884c\u90e8\u7f72\uff0c\u4e09\u4e2a\u8282\u70b9\u5206\u522b\u662f\u63a7\u5236\u8282\u70b9(Controller)\u3001\u8ba1\u7b97\u8282\u70b9(Compute)\u3001\u5b58\u50a8\u8282\u70b9(Storage)\uff0c\u5176\u4e2d\u5b58\u50a8\u8282\u70b9\u4e00\u822c\u53ea\u90e8\u7f72\u5b58\u50a8\u670d\u52a1\uff0c\u5728\u8d44\u6e90\u6709\u9650\u7684\u60c5\u51b5\u4e0b\uff0c\u53ef\u4ee5\u4e0d\u5355\u72ec\u90e8\u7f72\u8be5\u8282\u70b9\uff0c\u628a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u670d\u52a1\u90e8\u7f72\u5230\u8ba1\u7b97\u8282\u70b9\u5373\u53ef\u3002 \u9996\u5148\u51c6\u5907\u4e09\u4e2a|openEuler 24.03 LTS SP2\u73af\u5883\uff0c\u6839\u636e\u60a8\u7684\u73af\u5883\uff0c\u4e0b\u8f7d\u5bf9\u5e94\u7684\u955c\u50cf\u5e76\u5b89\u88c5\u5373\u53ef\uff1a ISO\u955c\u50cf \u3001 qcow2\u955c\u50cf \u3002 \u4e0b\u9762\u7684\u5b89\u88c5\u6309\u7167\u5982\u4e0b\u62d3\u6251\u8fdb\u884c\uff1a controller\uff1a192.168.0.2 compute\uff1a 192.168.0.3 storage\uff1a 192.168.0.4 \u5982\u679c\u60a8\u7684\u73af\u5883IP\u4e0d\u540c\uff0c\u8bf7\u6309\u7167\u60a8\u7684\u73af\u5883IP\u4fee\u6539\u76f8\u5e94\u7684\u914d\u7f6e\u6587\u4ef6\u3002 \u672c\u6587\u6863\u7684\u4e09\u8282\u70b9\u670d\u52a1\u62d3\u6251\u5982\u4e0b\u56fe\u6240\u793a(\u53ea\u5305\u542bKeystone\u3001Glance\u3001Nova\u3001Cinder\u3001Neutron\u8fd9\u51e0\u4e2a\u6838\u5fc3\u670d\u52a1\uff0c\u5176\u4ed6\u670d\u52a1\u8bf7\u53c2\u8003\u5177\u4f53\u90e8\u7f72\u7ae0\u8282)\uff1a \u5728\u6b63\u5f0f\u90e8\u7f72\u4e4b\u524d\uff0c\u9700\u8981\u5bf9\u6bcf\u4e2a\u8282\u70b9\u505a\u5982\u4e0b\u914d\u7f6e\u548c\u68c0\u67e5\uff1a \u914d\u7f6e |openEuler 24.03 LTS SP2 \u5b98\u65b9 yum \u6e90\uff0c\u9700\u8981\u542f\u7528 EPOL \u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301 OpenStack yum update yum install openstack-release-antelope yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP2/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-24.03-LTS-SP2/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u6bcf\u4e2a\u8282\u70b9\u5206\u522b\u4fee\u6539\u4e3b\u673a\u540d\uff0c\u4ee5controller\u4e3a\u4f8b\uff1a hostnamectl set-hostname controller vi /etc/hostname \u5185\u5bb9\u4fee\u6539\u4e3acontroller \u7136\u540e\u4fee\u6539\u6bcf\u4e2a\u8282\u70b9\u7684 /etc/hosts \u6587\u4ef6\uff0c\u65b0\u589e\u5982\u4e0b\u5185\u5bb9: 192.168.0.2 controller 192.168.0.3 compute 192.168.0.4 storage \u65f6\u949f\u540c\u6b65 \u00b6 \u96c6\u7fa4\u73af\u5883\u65f6\u523b\u8981\u6c42\u6bcf\u4e2a\u8282\u70b9\u7684\u65f6\u95f4\u4e00\u81f4\uff0c\u4e00\u822c\u7531\u65f6\u949f\u540c\u6b65\u8f6f\u4ef6\u4fdd\u8bc1\u3002\u672c\u6587\u4f7f\u7528 chrony \u8f6f\u4ef6\u3002\u6b65\u9aa4\u5982\u4e0b\uff1a Controller\u8282\u70b9 \uff1a \u5b89\u88c5\u670d\u52a1 dnf install chrony \u4fee\u6539 /etc/chrony.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u65b0\u589e\u4e00\u884c # \u8868\u793a\u5141\u8bb8\u54ea\u4e9bIP\u4ece\u672c\u8282\u70b9\u540c\u6b65\u65f6\u949f allow 192.168.0.0/24 \u91cd\u542f\u670d\u52a1 systemctl restart chronyd \u5176\u4ed6\u8282\u70b9 \u5b89\u88c5\u670d\u52a1 dnf install chrony \u4fee\u6539 /etc/chrony.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u65b0\u589e\u4e00\u884c # NTP_SERVER\u662fcontroller IP\uff0c\u8868\u793a\u4ece\u8fd9\u4e2a\u673a\u5668\u83b7\u53d6\u65f6\u95f4\uff0c\u8fd9\u91cc\u6211\u4eec\u586b192.168.0.2\uff0c\u6216\u8005\u5728`/etc/hosts`\u91cc\u914d\u7f6e\u597d\u7684controller\u540d\u5b57\u5373\u53ef\u3002 server NTP_SERVER iburst \u540c\u65f6\uff0c\u8981\u628a pool pool.ntp.org iburst \u8fd9\u4e00\u884c\u6ce8\u91ca\u6389\uff0c\u8868\u793a\u4e0d\u4ece\u516c\u7f51\u540c\u6b65\u65f6\u949f\u3002 \u91cd\u542f\u670d\u52a1 systemctl restart chronyd \u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u68c0\u67e5\u4e00\u4e0b\u7ed3\u679c\uff0c\u5728\u5176\u4ed6\u975econtroller\u8282\u70b9\u6267\u884c chronyc sources \uff0c\u8fd4\u56de\u7ed3\u679c\u7c7b\u4f3c\u5982\u4e0b\u5185\u5bb9\uff0c\u8868\u793a\u6210\u529f\u4ececontroller\u540c\u6b65\u65f6\u949f\u3002 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* 192.168.0.2 4 6 7 0 -1406ns[ +55us] +/- 16ms \u5b89\u88c5\u6570\u636e\u5e93 \u00b6 \u6570\u636e\u5e93\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528mariadb\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install mysql-config mariadb mariadb-server python3-PyMySQL \u65b0\u589e\u914d\u7f6e\u6587\u4ef6 /etc/my.cnf.d/openstack.cnf \uff0c\u5185\u5bb9\u5982\u4e0b [mysqld] bind-address = 192.168.0.2 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u542f\u52a8\u670d\u52a1\u5668 systemctl start mariadb \u521d\u59cb\u5316\u6570\u636e\u5e93\uff0c\u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef mysql_secure_installation \u793a\u4f8b\u5982\u4e0b\uff1a NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and haven't set the root password yet, you should just press enter here. Enter current password for root (enter for none): #\u8fd9\u91cc\u8f93\u5165\u5bc6\u7801\uff0c\u7531\u4e8e\u6211\u4eec\u662f\u521d\u59cb\u5316DB\uff0c\u76f4\u63a5\u56de\u8f66\u5c31\u884c OK, successfully used password, moving on... Setting the root password or using the unix_socket ensures that nobody can log into the MariaDB root user without the proper authorisation. You already have your root account protected, so you can safely answer 'n'. # \u8fd9\u91cc\u6839\u636e\u63d0\u793a\u8f93\u5165N Switch to unix_socket authentication [Y/n] N Enabled successfully! Reloading privilege tables.. ... Success! You already have your root account protected, so you can safely answer 'n'. # \u8f93\u5165Y\uff0c\u4fee\u6539\u5bc6\u7801 Change the root password? [Y/n] Y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. # \u8f93\u5165Y\uff0c\u5220\u9664\u533f\u540d\u7528\u6237 Remove anonymous users? [Y/n] Y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. # \u8f93\u5165Y\uff0c\u5173\u95edroot\u8fdc\u7a0b\u767b\u5f55\u6743\u9650 Disallow root login remotely? [Y/n] Y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. # \u8f93\u5165Y\uff0c\u5220\u9664test\u6570\u636e\u5e93 Remove test database and access to it? [Y/n] Y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. # \u8f93\u5165Y\uff0c\u91cd\u8f7d\u914d\u7f6e Reload privilege tables now? [Y/n] Y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. \u9a8c\u8bc1\uff0c\u6839\u636e\u7b2c\u56db\u6b65\u8bbe\u7f6e\u7684\u5bc6\u7801\uff0c\u68c0\u67e5\u662f\u5426\u80fd\u767b\u5f55mariadb mysql -uroot -p \u5b89\u88c5\u6d88\u606f\u961f\u5217 \u00b6 \u6d88\u606f\u961f\u5217\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528rabbitmq\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install rabbitmq-server \u542f\u52a8\u670d\u52a1 systemctl start rabbitmq-server \u914d\u7f6eopenstack\u7528\u6237\uff0c RABBIT_PASS \u662fopenstack\u670d\u52a1\u767b\u5f55\u6d88\u606f\u961f\u91cc\u7684\u5bc6\u7801\uff0c\u9700\u8981\u548c\u540e\u9762\u5404\u4e2a\u670d\u52a1\u7684\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\u3002 rabbitmqctl add_user openstack RABBIT_PASS rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5\u7f13\u5b58\u670d\u52a1 \u00b6 \u6d88\u606f\u961f\u5217\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528Memcached\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install memcached python3-memcached \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u542f\u52a8\u670d\u52a1 systemctl start memcached \u90e8\u7f72\u670d\u52a1 \u00b6 Keystone \u00b6 Keystone\u662fOpenStack\u63d0\u4f9b\u7684\u9274\u6743\u670d\u52a1\uff0c\u662f\u6574\u4e2aOpenStack\u7684\u5165\u53e3\uff0c\u63d0\u4f9b\u4e86\u79df\u6237\u9694\u79bb\u3001\u7528\u6237\u8ba4\u8bc1\u3001\u670d\u52a1\u53d1\u73b0\u7b49\u529f\u80fd\uff0c\u5fc5\u987b\u5b89\u88c5\u3002 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server \u6253\u5f00httpd.conf\u5e76\u914d\u7f6e #\u9700\u8981\u4fee\u6539\u7684\u914d\u7f6e\u6587\u4ef6\u8def\u5f84 vim /etc/httpd/conf/httpd.conf #\u4fee\u6539\u4ee5\u4e0b\u9879\uff0c\u5982\u679c\u6ca1\u6709\u5219\u65b0\u6dfb\u52a0 ServerName controller \u521b\u5efa\u8f6f\u94fe\u63a5 ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles \u9700\u8981\u5148\u5b89\u88c5python3-openstackclient dnf install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u00b6 Glance\u662fOpenStack\u63d0\u4f9b\u7684\u955c\u50cf\u670d\u52a1\uff0c\u8d1f\u8d23\u865a\u62df\u673a\u3001\u88f8\u673a\u955c\u50cf\u7684\u4e0a\u4f20\u4e0e\u4e0b\u8f7d\uff0c\u5fc5\u987b\u5b89\u88c5\u3002 Controller\u8282\u70b9 \uff1a \u521b\u5efa glance \u6570\u636e\u5e93\u5e76\u6388\u6743 mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521d\u59cb\u5316 glance \u8d44\u6e90\u5bf9\u8c61 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efa\u7528\u6237\u65f6\uff0c\u547d\u4ee4\u884c\u4f1a\u63d0\u793a\u8f93\u5165\u5bc6\u7801\uff0c\u8bf7\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u5bc6\u7801\uff0c\u4e0b\u6587\u6d89\u53ca\u5230 GLANCE_PASS \u7684\u5730\u65b9\u66ff\u6362\u6210\u8be5\u5bc6\u7801\u5373\u53ef\u3002 openstack user create --domain default --password-prompt glance User Password: Repeat User Password: \u6dfb\u52a0glance\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user glance admin \u521b\u5efaglance\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efaglance API\u670d\u52a1\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-glance \u4fee\u6539 glance \u914d\u7f6e\u6587\u4ef6 vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u5bfc\u5165\u73af\u5883\u53d8\u91cf sorce ~/.admin-openrcu \u4e0b\u8f7d\u955c\u50cf x86\u955c\u50cf\u4e0b\u8f7d\uff1a wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img arm\u955c\u50cf\u4e0b\u8f7d\uff1a wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-aarch64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Placement \u00b6 Placement\u662fOpenStack\u63d0\u4f9b\u7684\u8d44\u6e90\u8c03\u5ea6\u7ec4\u4ef6\uff0c\u4e00\u822c\u4e0d\u9762\u5411\u7528\u6237\uff0c\u7531Nova\u7b49\u7ec4\u4ef6\u8c03\u7528\uff0c\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\u3002 \u5b89\u88c5\u3001\u914d\u7f6ePlacement\u670d\u52a1\u524d\uff0c\u9700\u8981\u5148\u521b\u5efa\u76f8\u5e94\u7684\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548cAPI endpoints\u3002 \u521b\u5efa\u6570\u636e\u5e93 \u4f7f\u7528root\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\u670d\u52a1\uff1a mysql -u root -p \u521b\u5efaplacement\u6570\u636e\u5e93\uff1a MariaDB [(none)]> CREATE DATABASE placement; \u6388\u6743\u6570\u636e\u5e93\u8bbf\u95ee\uff1a MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; \u66ff\u6362 PLACEMENT_DBPASS \u4e3aplacement\u6570\u636e\u5e93\u8bbf\u95ee\u5bc6\u7801\u3002 \u9000\u51fa\u6570\u636e\u5e93\u8bbf\u95ee\u5ba2\u6237\u7aef\uff1a exit \u914d\u7f6e\u7528\u6237\u548cEndpoints source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u521b\u5efaplacement\u7528\u6237\u5e76\u8bbe\u7f6e\u7528\u6237\u5bc6\u7801\uff1a openstack user create --domain default --password-prompt placement User Password: Repeat User Password: \u6dfb\u52a0placement\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user placement admin \u521b\u5efaplacement\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name placement \\ --description \"Placement API\" placement \u521b\u5efaPlacement API\u670d\u52a1endpoints\uff1a openstack endpoint create --region RegionOne \\ placement public http://controller:8778 openstack endpoint create --region RegionOne \\ placement internal http://controller:8778 openstack endpoint create --region RegionOne \\ placement admin http://controller:8778 \u5b89\u88c5\u53ca\u914d\u7f6e\u7ec4\u4ef6 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a dnf install openstack-placement-api \u7f16\u8f91 /etc/placement/placement.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u5b8c\u6210\u5982\u4e0b\u64cd\u4f5c\uff1a \u5728 [placement_database] \u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1a [placement_database] connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement \u66ff\u6362 PLACEMENT_DBPASS \u4e3aplacement\u6570\u636e\u5e93\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u6570\u636e\u5e93\u540c\u6b65\uff0c\u586b\u5145Placement\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8\u670d\u52a1 \u91cd\u542fhttpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650 source ~/.admin-openrc \u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a placement-status upgrade check +----------------------------------------------------------------------+ | Upgrade Check Results | +----------------------------------------------------------------------+ | Check: Missing Root Provider IDs | | Result: Success | | Details: None | +----------------------------------------------------------------------+ | Check: Incomplete Consumers | | Result: Success | | Details: None | +----------------------------------------------------------------------+ | Check: Policy File JSON to YAML Migration | | Result: Failure | | Details: Your policy file is JSON-formatted which is deprecated. You | | need to switch to YAML-formatted file. Use the | | ``oslopolicy-convert-json-to-yaml`` tool to convert the | | existing JSON-formatted files to YAML in a backwards- | | compatible manner: https://docs.openstack.org/oslo.policy/ | | latest/cli/oslopolicy-convert-json-to-yaml.html. | +----------------------------------------------------------------------+ \u8fd9\u91cc\u53ef\u4ee5\u770b\u5230 Policy File JSON to YAML Migration \u7684\u7ed3\u679c\u4e3aFailure\u3002\u8fd9\u662f\u56e0\u4e3a\u5728Placement\u4e2d\uff0cJSON\u683c\u5f0f\u7684policy\u6587\u4ef6\u4eceWallaby\u7248\u672c\u5f00\u59cb\u5df2\u5904\u4e8e deprecated \u72b6\u6001\u3002\u53ef\u4ee5\u53c2\u8003\u63d0\u793a\uff0c\u4f7f\u7528 oslopolicy-convert-json-to-yaml \u5de5\u5177 \u5c06\u73b0\u6709\u7684JSON\u683c\u5f0fpolicy\u6587\u4ef6\u8f6c\u5316\u4e3aYAML\u683c\u5f0f\u3002 oslopolicy-convert-json-to-yaml --namespace placement \\ --policy-file /etc/placement/policy.json \\ --output-file /etc/placement/policy.yaml mv /etc/placement/policy.json{,.bak} \u6ce8\uff1a\u5f53\u524d\u73af\u5883\u4e2d\u6b64\u95ee\u9898\u53ef\u5ffd\u7565\uff0c\u4e0d\u5f71\u54cd\u8fd0\u884c\u3002 \u9488\u5bf9placement API\u8fd0\u884c\u547d\u4ee4\uff1a \u5b89\u88c5osc-placement\u63d2\u4ef6\uff1a dnf install python3-osc-placement \u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a openstack --os-placement-api-version 1.2 resource class list --sort-column name +----------------------------+ | name | +----------------------------+ | DISK_GB | | FPGA | | ... | openstack --os-placement-api-version 1.6 trait list --sort-column name +---------------------------------------+ | name | +---------------------------------------+ | COMPUTE_ACCELERATORS | | COMPUTE_ARCH_AARCH64 | | ... | Nova \u00b6 Nova\u662fOpenStack\u7684\u8ba1\u7b97\u670d\u52a1\uff0c\u8d1f\u8d23\u865a\u62df\u673a\u7684\u521b\u5efa\u3001\u53d1\u653e\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u521b\u5efa\u6570\u636e\u5e93 \u4f7f\u7528root\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\u670d\u52a1\uff1a mysql -u root -p \u521b\u5efa nova_api \u3001 nova \u548c nova_cell0 \u6570\u636e\u5e93\uff1a MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; \u6388\u6743\u6570\u636e\u5e93\u8bbf\u95ee\uff1a MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; \u66ff\u6362 NOVA_DBPASS \u4e3anova\u76f8\u5173\u6570\u636e\u5e93\u8bbf\u95ee\u5bc6\u7801\u3002 \u9000\u51fa\u6570\u636e\u5e93\u8bbf\u95ee\u5ba2\u6237\u7aef\uff1a exit \u914d\u7f6e\u7528\u6237\u548cEndpoints source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u521b\u5efanova\u7528\u6237\u5e76\u8bbe\u7f6e\u7528\u6237\u5bc6\u7801\uff1a openstack user create --domain default --password-prompt nova User Password: Repeat User Password: \u6dfb\u52a0nova\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user nova admin \u521b\u5efanova\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name nova \\ --description \"OpenStack Compute\" compute \u521b\u5efaNova API\u670d\u52a1endpoints\uff1a openstack endpoint create --region RegionOne \\ compute public http://controller:8774/v2.1 openstack endpoint create --region RegionOne \\ compute internal http://controller:8774/v2.1 openstack endpoint create --region RegionOne \\ compute admin http://controller:8774/v2.1 \u5b89\u88c5\u53ca\u914d\u7f6e\u7ec4\u4ef6 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a dnf install openstack-nova-api openstack-nova-conductor \\ openstack-nova-novncproxy openstack-nova-scheduler \u7f16\u8f91 /etc/nova/nova.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u5b8c\u6210\u5982\u4e0b\u64cd\u4f5c\uff1a \u5728 [default] \u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u4f7f\u7528controller\u8282\u70b9\u7ba1\u7406IP\u914d\u7f6emy_ip\uff0c\u663e\u5f0f\u5b9a\u4e49log_dir\uff1a [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 192.168.0.2 log_dir = /var/log/nova state_path = /var/lib/nova \u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002 \u5728 [api_database] \u548c [database] \u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1a [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova \u66ff\u6362 NOVA_DBPASS \u4e3anova\u76f8\u5173\u6570\u636e\u5e93\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u5728 [vnc] \u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1a [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip \u5728 [glance] \u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1a [glance] api_servers = http://controller:9292 \u5728 [oslo_concurrency] \u90e8\u5206\uff0c\u914d\u7f6elock path\uff1a [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\uff1a [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u6570\u636e\u5e93\u540c\u6b65\uff1a \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova \u542f\u52a8\u670d\u52a1 systemctl enable \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service Compute\u8282\u70b9 \u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-nova-compute \u7f16\u8f91 /etc/nova/nova.conf \u914d\u7f6e\u6587\u4ef6 \u5728 [default] \u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u4f7f\u7528Compute\u8282\u70b9\u7ba1\u7406IP\u914d\u7f6emy_ip\uff0c\u663e\u5f0f\u5b9a\u4e49compute_driver\u3001instances_path\u3001log_dir\uff1a [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 192.168.0.3 compute_driver = libvirt.LibvirtDriver instances_path = /var/lib/nova/instances log_dir = /var/log/nova \u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u5728 [vnc] \u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1a [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html \u5728 [glance] \u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1a [glance] api_servers = http://controller:9292 \u5728 [oslo_concurrency] \u90e8\u5206\uff0c\u914d\u7f6elock path\uff1a [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\uff1a [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86_64\uff09 \u5904\u7406\u5668\u4e3ax86_64\u67b6\u6784\u65f6\uff0c\u53ef\u901a\u8fc7\u8fd0\u884c\u5982\u4e0b\u547d\u4ee4\u786e\u8ba4\u662f\u5426\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662f\u9ed8\u8ba4\u7684KVM\u3002\u7f16\u8f91 /etc/nova/nova.conf \u7684 [libvirt] \u90e8\u5206\uff1a [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e\u3002 \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08arm64\uff09 \u5904\u7406\u5668\u4e3aarm64\u67b6\u6784\u65f6\uff0c\u53ef\u901a\u8fc7\u8fd0\u884c\u5982\u4e0b\u547d\u4ee4\u786e\u8ba4\u662f\u5426\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff1a virt-host-validate # \u8be5\u547d\u4ee4\u7531libvirt\u63d0\u4f9b\uff0c\u6b64\u65f6libvirt\u5e94\u5df2\u4f5c\u4e3aopenstack-nova-compute\u4f9d\u8d56\u88ab\u5b89\u88c5\uff0c\u73af\u5883\u4e2d\u5df2\u6709\u6b64\u547d\u4ee4 \u663e\u793aFAIL\u65f6\uff0c\u8868\u793a\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662f\u9ed8\u8ba4\u7684KVM\u3002 QEMU: Checking if device /dev/kvm exists: FAIL (Check that CPU and firmware supports virtualization and kvm module is loaded) \u7f16\u8f91 /etc/nova/nova.conf \u7684 [libvirt] \u90e8\u5206\uff1a [libvirt] virt_type = qemu \u663e\u793aPASS\u65f6\uff0c\u8868\u793a\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e\u3002 QEMU: Checking if device /dev/kvm exists: PASS \u914d\u7f6eqemu\uff08\u4ec5arm64\uff09 \u4ec5\u5f53\u5904\u7406\u5668\u4e3aarm64\u67b6\u6784\u65f6\u9700\u8981\u6267\u884c\u6b64\u64cd\u4f5c\u3002 \u7f16\u8f91 /etc/libvirt/qemu.conf : nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u7f16\u8f91 /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } \u542f\u52a8\u670d\u52a1 systemctl enable libvirtd.service openstack-nova-compute.service systemctl start libvirtd.service openstack-nova-compute.service Controller\u8282\u70b9 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u786e\u8ba4nova-compute\u670d\u52a1\u5df2\u8bc6\u522b\u5230\u6570\u636e\u5e93\u4e2d\uff1a openstack compute service list --service nova-compute \u53d1\u73b0\u8ba1\u7b97\u8282\u70b9\uff0c\u5c06\u8ba1\u7b97\u8282\u70b9\u6dfb\u52a0\u5230cell\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova \u7ed3\u679c\u5982\u4e0b\uff1a Modules with known eventlet monkey patching issues were imported prior to eventlet monkey patching: urllib3. This warning can usually be ignored if the caller is only importing and not executing nova code. Found 2 cell mappings. Skipping cell0 since it does not contain hosts. Getting computes from cell 'cell1': 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2 Checking host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e Creating host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e Found 1 unmapped computes in cell: 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2 \u9a8c\u8bc1 \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check Neutron \u00b6 Neutron\u662fOpenStack\u7684\u7f51\u7edc\u670d\u52a1\uff0c\u63d0\u4f9b\u865a\u62df\u4ea4\u6362\u673a\u3001IP\u8def\u7531\u3001DHCP\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u670d\u52a1\u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u7528\u6237\u548c\u670d\u52a1\uff0c\u5e76\u8bb0\u4f4f\u521b\u5efaneutron\u7528\u6237\u65f6\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6eNEUTRON_PASS\uff1a source ~/.admin-openrc openstack user create --domain default --password-prompt neutron openstack role add --project service --user neutron admin openstack service create --name neutron --description \"OpenStack Networking\" network \u90e8\u7f72 Neutron API \u670d\u52a1\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 openstack endpoint create --region RegionOne network internal http://controller:9696 openstack endpoint create --region RegionOne network admin http://controller:9696 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install -y openstack-neutron openstack-neutron-linuxbridge ebtables ipset openstack-neutron-ml2 3. \u914d\u7f6eNeutron \u4fee\u6539/etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron [DEFAULT] core_plugin = ml2 service_plugins = router allow_overlapping_ips = true transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = nova password = NOVA_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp [experimental] linuxbridge = true \u914d\u7f6eML2\uff0cML2\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge** \u4fee\u6539/etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u4fee\u6539/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u914d\u7f6eLayer-3\u4ee3\u7406 \u4fee\u6539/etc/neutron/l3_agent.ini [DEFAULT] interface_driver = linuxbridge \u914d\u7f6eDHCP\u4ee3\u7406 \u4fee\u6539/etc/neutron/dhcp_agent.ini [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u914d\u7f6emetadata\u4ee3\u7406 \u4fee\u6539/etc/neutron/metadata_agent.ini [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u914d\u7f6enova\u670d\u52a1\u4f7f\u7528neutron\uff0c\u4fee\u6539/etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542fnova api\u670d\u52a1 systemctl restart openstack-nova-api \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service systemctl start neutron-server.service neutron-linuxbridge-agent.service \\ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service Compute\u8282\u70b9 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-neutron-linuxbridge ebtables ipset -y \u914d\u7f6eNeutron \u4fee\u6539/etc/neutron/neutron.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u4fee\u6539/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u914d\u7f6enova compute\u670d\u52a1\u4f7f\u7528neutron\uff0c\u4fee\u6539/etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS \u91cd\u542fnova-compute\u670d\u52a1 systemctl restart openstack-nova-compute.service \u542f\u52a8Neutron linuxbridge agent\u670d\u52a1 systemctl enable neutron-linuxbridge-agent systemctl start neutron-linuxbridge-agent Cinder \u00b6 Cinder\u662fOpenStack\u7684\u5b58\u50a8\u670d\u52a1\uff0c\u63d0\u4f9b\u5757\u8bbe\u5907\u7684\u521b\u5efa\u3001\u53d1\u653e\u3001\u5907\u4efd\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \uff1a \u521d\u59cb\u5316\u6570\u636e\u5e93 CINDER_DBPASS \u662f\u7528\u6237\u81ea\u5b9a\u4e49\u7684cinder\u6570\u636e\u5e93\u5bc6\u7801\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u521d\u59cb\u5316Keystone\u8d44\u6e90\u5bf9\u8c61 source ~/.admin-openrc #\u521b\u5efa\u7528\u6237\u65f6\uff0c\u547d\u4ee4\u884c\u4f1a\u63d0\u793a\u8f93\u5165\u5bc6\u7801\uff0c\u8bf7\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u5bc6\u7801\uff0c\u4e0b\u6587\u6d89\u53ca\u5230`CINDER_PASS`\u7684\u5730\u65b9\u66ff\u6362\u6210\u8be5\u5bc6\u7801\u5373\u53ef\u3002 openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s 3. \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-cinder-api openstack-cinder-scheduler \u4fee\u6539cinder\u914d\u7f6e\u6587\u4ef6 /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 192.168.0.2 [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp \u6570\u636e\u5e93\u540c\u6b65 su -s /bin/sh -c \"cinder-manage db sync\" cinder \u4fee\u6539nova\u914d\u7f6e /etc/nova/nova.conf [cinder] os_region_name = RegionOne \u542f\u52a8\u670d\u52a1 systemctl restart openstack-nova-api systemctl start openstack-cinder-api openstack-cinder-scheduler Storage\u8282\u70b9 \uff1a Storage\u8282\u70b9\u8981\u63d0\u524d\u51c6\u5907\u81f3\u5c11\u4e00\u5757\u786c\u76d8\uff0c\u4f5c\u4e3acinder\u7684\u5b58\u50a8\u540e\u7aef\uff0c\u4e0b\u6587\u9ed8\u8ba4storage\u8282\u70b9\u5df2\u7ecf\u5b58\u5728\u4e00\u5757\u672a\u4f7f\u7528\u7684\u786c\u76d8\uff0c\u8bbe\u5907\u540d\u79f0\u4e3a /dev/sdb \uff0c\u7528\u6237\u5728\u914d\u7f6e\u8fc7\u7a0b\u4e2d\uff0c\u8bf7\u6309\u7167\u771f\u5b9e\u73af\u5883\u4fe1\u606f\u8fdb\u884c\u540d\u79f0\u66ff\u6362\u3002 Cinder\u652f\u6301\u5f88\u591a\u7c7b\u578b\u7684\u540e\u7aef\u5b58\u50a8\uff0c\u672c\u6307\u5bfc\u4f7f\u7528\u6700\u7b80\u5355\u7684lvm\u4e3a\u53c2\u8003\uff0c\u5982\u679c\u60a8\u60f3\u4f7f\u7528\u5982ceph\u7b49\u5176\u4ed6\u540e\u7aef\uff0c\u8bf7\u81ea\u884c\u914d\u7f6e\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils openstack-cinder-volume openstack-cinder-backup \u914d\u7f6elvm\u5377\u7ec4 pvcreate /dev/sdb vgcreate cinder-volumes /dev/sdb \u4fee\u6539cinder\u914d\u7f6e /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 192.168.0.4 enabled_backends = lvm glance_api_servers = http://controller:9292 [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = cinder password = CINDER_PASS [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver volume_group = cinder-volumes target_protocol = iscsi target_helper = lioadm [oslo_concurrency] lock_path = /var/lib/cinder/tmp \u914d\u7f6ecinder backup \uff08\u53ef\u9009\uff09 cinder-backup\u662f\u53ef\u9009\u7684\u5907\u4efd\u670d\u52a1\uff0ccinder\u540c\u6837\u652f\u6301\u5f88\u591a\u79cd\u5907\u4efd\u540e\u7aef\uff0c\u672c\u6587\u4f7f\u7528swift\u5b58\u50a8\uff0c\u5982\u679c\u60a8\u60f3\u4f7f\u7528\u5982NFS\u7b49\u540e\u7aef\uff0c\u8bf7\u81ea\u884c\u914d\u7f6e\uff0c\u4f8b\u5982\u53ef\u4ee5\u53c2\u8003 OpenStack\u5b98\u65b9\u6587\u6863 \u5bf9NFS\u7684\u914d\u7f6e\u8bf4\u660e\u3002 \u4fee\u6539 /etc/cinder/cinder.conf \uff0c\u5728 [DEFAULT] \u4e2d\u65b0\u589e [DEFAULT] backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver backup_swift_url = SWIFT_URL \u8fd9\u91cc\u7684 SWIFT_URL \u662f\u6307\u73af\u5883\u4e2dswift\u670d\u52a1\u7684URL\uff0c\u5728\u90e8\u7f72\u5b8cswift\u670d\u52a1\u540e\uff0c\u6267\u884c openstack catalog show object-store \u547d\u4ee4\u83b7\u53d6\u3002 \u542f\u52a8\u670d\u52a1 systemctl start openstack-cinder-volume target systemctl start openstack-cinder-backup (\u53ef\u9009) \u81f3\u6b64\uff0cCinder\u670d\u52a1\u7684\u90e8\u7f72\u5df2\u5168\u90e8\u5b8c\u6210\uff0c\u53ef\u4ee5\u5728controller\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u8fdb\u884c\u7b80\u5355\u7684\u9a8c\u8bc1 source ~/.admin-openrc openstack storage service list openstack volume list Horizon \u00b6 Horizon\u662fOpenStack\u63d0\u4f9b\u7684\u524d\u7aef\u9875\u9762\uff0c\u53ef\u4ee5\u8ba9\u7528\u6237\u901a\u8fc7\u7f51\u9875\u9f20\u6807\u7684\u64cd\u4f5c\u6765\u63a7\u5236OpenStack\u96c6\u7fa4\uff0c\u800c\u4e0d\u7528\u7e41\u7410\u7684CLI\u547d\u4ee4\u884c\u3002Horizon\u4e00\u822c\u90e8\u7f72\u5728\u63a7\u5236\u8282\u70b9\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-dashboard \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] OPENSTACK_KEYSTONE_URL = \"http://controller:5000/v3\" SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f\u670d\u52a1 systemctl restart httpd \u81f3\u6b64\uff0chorizon\u670d\u52a1\u7684\u90e8\u7f72\u5df2\u5168\u90e8\u5b8c\u6210\uff0c\u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165 http://192.168.0.2/dashboard \uff0c\u6253\u5f00horizon\u767b\u5f55\u9875\u9762\u3002 Ironic \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASS'; MariaDB [(none)]> exit Bye \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 \u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 \u66ff\u6362 IRONIC_PASS \u4e3aironic\u7528\u6237\u5bc6\u7801\uff0c IRONIC_INSPECTOR_PASS \u4e3aironic_inspector\u7528\u6237\u5bc6\u7801\u3002 openstack user create --password IRONIC_PASS \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASS --email ironic_inspector@example.com ironic-inspector openstack role add --project service --user ironic-inspector admin \u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal public http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal internal http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://192.168.0.2:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://192.168.0.2:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://192.168.0.2:5050/v1 \u5b89\u88c5\u7ec4\u4ef6 dnf install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf \u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASS \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQ LAlchemy connection string used to connect to the # database (string value) # connection = mysql+pymysql://ironic:IRONIC_DBPASS@DB_IP/ironic connection = mysql+pymysql://ironic:IRONIC_DBPASS@controller/ironic \u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) # transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq \u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASS \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s % (user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) # www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 www_authenticate_uri=http://controller:5000 # Complete admin Identity API endpoint. (string value) # auth_url=http://PRIVATE_IDENTITY_IP:5000 auth_url=http://controller:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASS # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none \u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema \u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 \u5982\u4e0b\u4e3aironic-conductor\u670d\u52a1\u81ea\u8eab\u7684\u6807\u51c6\u914d\u7f6e\uff0cironic-conductor\u670d\u52a1\u53ef\u4ee5\u4e0eironic-api\u670d\u52a1\u5206\u5e03\u4e8e\u4e0d\u540c\u8282\u70b9\uff0c\u672c\u6307\u5357\u4e2d\u5747\u90e8\u7f72\u4e0e\u63a7\u5236\u8282\u70b9\uff0c\u6240\u4ee5\u91cd\u590d\u7684\u914d\u7f6e\u9879\u53ef\u8df3\u8fc7\u3002 \u66ff\u6362\u4f7f\u7528conductor\u670d\u52a1\u6240\u5728host\u7684IP\u914d\u7f6emy_ip\uff1a [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) # my_ip=HOST_IP my_ip = 192.168.0.2 \u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASS \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASS@controller/ironic \u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq \u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c \u66ff\u6362IRONIC_PASS\u4e3aironic\u7528\u6237\u5bc6\u7801\u3002 [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASS # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public # \u5176\u4ed6\u53c2\u8003\u914d\u7f6e [glance] endpoint_override = http://controller:9292 www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 auth_type = password username = ironic password = IRONIC_PASS project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service [service_catalog] region_name = RegionOne project_domain_id = default user_domain_id = default project_name = service password = IRONIC_PASS username = ironic auth_url = http://controller:5000 auth_type = password \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] endpoint_override = <NEUTRON_API_ADDRESS> \u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 \u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u5b89\u88c5\u7ec4\u4ef6 dnf install openstack-ironic-inspector \u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASS'; MariaDB [(none)]> exit Bye \u914d\u7f6e /etc/ironic-inspector/inspector.conf \u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASS \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801 [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASS@controller/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 \u914d\u7f6e\u6d88\u606f\u961f\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s % (user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://controller:5000 www_authenticate_uri = http://controller:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = controller:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True \u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=192.168.0.40,192.168.0.50 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log \u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c \u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade \u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 dnf install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd deploy ramdisk\u955c\u50cf\u4e0b\u8f7d\u6216\u5236\u4f5c \u90e8\u7f72\u4e00\u4e2a\u88f8\u673a\u8282\u70b9\u603b\u5171\u9700\u8981\u4e24\u7ec4\u955c\u50cf\uff1adeploy ramdisk images\u548cuser images\u3002Deploy ramdisk images\u4e0a\u8fd0\u884c\u6709ironic-python-agent(IPA)\u670d\u52a1\uff0cIronic\u901a\u8fc7\u5b83\u8fdb\u884c\u88f8\u673a\u8282\u70b9\u7684\u73af\u5883\u51c6\u5907\u3002User images\u662f\u6700\u7ec8\u88ab\u5b89\u88c5\u88f8\u673a\u8282\u70b9\u4e0a\uff0c\u4f9b\u7528\u6237\u4f7f\u7528\u7684\u955c\u50cf\u3002 ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent-builder\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002\u82e5\u4f7f\u7528\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \uff0c\u540c\u65f6\u5b98\u65b9\u4e5f\u6709\u63d0\u4f9b\u5236\u4f5c\u597d\u7684deploy\u955c\u50cf\uff0c\u53ef\u5c1d\u8bd5\u4e0b\u8f7d\u3002 \u4e0b\u6587\u4ecb\u7ecd\u901a\u8fc7ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder dnf install python3-ironic-python-agent-builder \u6216 pip3 install ironic-python-agent-builder dnf install qemu-img git \u5236\u4f5c\u955c\u50cf \u57fa\u672c\u7528\u6cd5\uff1a usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--lzma] [--extra-args EXTRA_ARGS] [--elements-path ELEMENTS_PATH] distribution positional arguments: distribution Distribution to use options: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic-python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --lzma Use lzma compression for smaller images --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder --elements-path ELEMENTS_PATH Path(s) to custom DIB elements separated by a colon \u64cd\u4f5c\u5b9e\u4f8b\uff1a # -o\u9009\u9879\u6307\u5b9a\u751f\u6210\u7684\u955c\u50cf\u540d # ubuntu\u6307\u5b9a\u751f\u6210ubuntu\u7cfb\u7edf\u7684\u955c\u50cf ironic-python-agent-builder -o my-ubuntu-ipa ubuntu \u53ef\u901a\u8fc7\u8bbe\u7f6e ARCH \u73af\u5883\u53d8\u91cf\uff08\u9ed8\u8ba4\u4e3aamd64\uff09\u6307\u5b9a\u6240\u6784\u5efa\u955c\u50cf\u7684\u67b6\u6784\u3002\u5982\u679c\u662f arm \u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a export ARCH=aarch64 \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf,\u8bbe\u7f6e\u7528\u6237\u540d\u3001\u5bc6\u7801\uff0c\u542f\u7528 sodo \u6743\u9650\uff1b\u5e76\u6dfb\u52a0 -e \u9009\u9879\u4f7f\u7528\u76f8\u5e94\u7684DIB\u5143\u7d20\u3002\u5236\u4f5c\u955c\u50cf\u64cd\u4f5c\u5982\u4e0b\uff1a export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder -o my-ssh-ubuntu-ipa -e selinux-permissive -e devuser ubuntu \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=stable/2023.1 # \u6307\u5b9a\u672c\u5730\u4ed3\u5e93\u53ca\u5206\u652f DIB_REPOLOCATION_ironic_python_agent=/home/user/path/to/repo DIB_REPOREF_ironic_python_agent=my-test-branch ironic-python-agent-builder ubuntu \u53c2\u8003\uff1a source-repositories \u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\u3002 \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a \u5f53\u524d\u7248\u672c\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ ramdisk\u955c\u50cf\u4e2d\u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 \u7f16\u8f91/usr/lib/systemd/system/ironic-python-agent.service\u6587\u4ef6 [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target Trove \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2atrove\u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684trove\u6570\u636e\u5e93\uff0c\u66ff\u6362TROVE_DBPASS\u4e3a\u5408\u9002\u7684\u5bc6\u7801\u3002 CREATE DATABASE trove CHARACTER SET utf8; GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' IDENTIFIED BY 'TROVE_DBPASS'; GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' IDENTIFIED BY 'TROVE_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 # \u521b\u5efatrove\u7528\u6237 openstack user create --domain default --password-prompt trove # \u6dfb\u52a0admin\u89d2\u8272 openstack role add --project service --user trove admin # \u521b\u5efadatabase\u670d\u52a1 openstack service create --name trove --description \"Database service\" database \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5Trove\u3002 dnf install openstack-trove python-troveclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 \u7f16\u8f91/etc/trove/trove.conf\u3002 [DEFAULT] bind_host=192.168.0.2 log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver network_label_regex=.* management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] auth_url = http://controller:5000/v3/ auth_type = password project_domain_name = Default project_name = service user_domain_name = Default password = trove username = TROVE_PASS [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = trove password = TROVE_PASS [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u63a7\u5236\u8282\u70b9\u7684IP\u3002\\ transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801\u3002\\ [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f\u3002\\ Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801\u3002 \u7f16\u8f91/etc/trove/trove-guestagent.conf\u3002 [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df\u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a\u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002\\ transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801\u3002\\ Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801\u3002\\ \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 \u6570\u636e\u5e93\u540c\u6b65\u3002 su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-trove-api.service openstack-trove-taskmanager.service \\ openstack-trove-conductor.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Swift \u00b6 Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 Controller\u8282\u70b9 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 # \u521b\u5efaswift\u7528\u6237 openstack user create --domain default --password-prompt swift # \u6dfb\u52a0admin\u89d2\u8272 openstack role add --project service --user swift admin # \u521b\u5efa\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5Swift\u3002 dnf install openstack-swift-proxy python3-swiftclient python3-keystoneclient \\ python3-keystonemiddleware memcached \u914d\u7f6eproxy-server\u3002 Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cSWIFT_PASS\u5373\u53ef\u3002 vim /etc/swift/proxy-server.conf [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = swift password = SWIFT_PASS delay_auth_decision = True service_token_roles_required = True Storage\u8282\u70b9 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305\u3002 dnf install openstack-swift-account openstack-swift-container openstack-swift-object dnf install xfsprogs rsync \u5c06\u8bbe\u5907/dev/sdb\u548c/dev/sdc\u683c\u5f0f\u5316\u4e3aXFS\u3002 mkfs.xfs /dev/sdb mkfs.xfs /dev/sdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u3002 mkdir -p /srv/node/sdb mkdir -p /srv/node/sdc \u627e\u5230\u65b0\u5206\u533a\u7684UUID\u3002 blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d\u3002 UUID=\"<UUID-from-output-above>\" /srv/node/sdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/sdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\u3002 mount /srv/node/sdb mount /srv/node/sdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e\u3002 \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u914d\u7f6e\u5b58\u50a8\u8282\u70b9\u3002 \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 [DEFAULT] bind_ip = 192.168.0.4 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743\u3002 chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\u3002 mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift Controller\u8282\u70b9\u521b\u5efa\u5e76\u5206\u53d1\u73af \u521b\u5efa\u8d26\u53f7\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840 account.builder \u6587\u4ef6\u3002 swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder account.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS \\ --port 6202 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u8d26\u53f7\u73af\u5185\u5bb9\u3002 swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u8d26\u53f7\u73af\u3002 swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\u3002 swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder container.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u5bb9\u5668\u73af\u5185\u5bb9\u3002 swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u5bb9\u5668\u73af\u3002 swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\u3002 swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder object.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS \\ --port 6200 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u5bf9\u8c61\u73af\u5185\u5bb9\u3002 swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u5bf9\u8c61\u73af\u3002 swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\u3002 \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/swift/swift.conf\u3002 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\u3002 chown -R root:swift /etc/swift \u5b8c\u6210\u5b89\u88c5 \u5728\u63a7\u5236\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\u3002 systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\u3002 systemctl enable openstack-swift-account.service \\ openstack-swift-account-auditor.service \\ openstack-swift-account-reaper.service \\ openstack-swift-account-replicator.service \\ openstack-swift-container.service \\ openstack-swift-container-auditor.service \\ openstack-swift-container-replicator.service \\ openstack-swift-container-updater.service \\ openstack-swift-object.service \\ openstack-swift-object-auditor.service \\ openstack-swift-object-replicator.service \\ openstack-swift-object-updater.service systemctl start openstack-swift-account.service \\ openstack-swift-account-auditor.service \\ openstack-swift-account-reaper.service \\ openstack-swift-account-replicator.service \\ openstack-swift-container.service \\ openstack-swift-container-auditor.service \\ openstack-swift-container-replicator.service \\ openstack-swift-container-updater.service \\ openstack-swift-object.service \\ openstack-swift-object-auditor.service \\ openstack-swift-object-replicator.service \\ openstack-swift-object-updater.service Cyborg \u00b6 Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 Controller\u8282\u70b9 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 mysql -u root -p MariaDB [(none)]> CREATE DATABASE cyborg; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u7528\u6237\u548c\u670d\u52a1\uff0c\u5e76\u8bb0\u4f4f\u521b\u5efacybory\u7528\u6237\u65f6\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6eCYBORG_PASS source ~/.admin-openrc openstack user create --domain default --password-prompt cyborg openstack role add --project service --user cyborg admin openstack service create --name cyborg --description \"Acceleration Service\" accelerator \u4f7f\u7528uwsgi\u90e8\u7f72Cyborg api\u670d\u52a1 openstack endpoint create --region RegionOne accelerator public http://controller/accelerator/v2 openstack endpoint create --region RegionOne accelerator internal http://controller/accelerator/v2 openstack endpoint create --region RegionOne accelerator admin http://controller/accelerator/v2 \u5b89\u88c5Cyborg dnf install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [api] host_ip = 0.0.0.0 [database] connection = mysql+pymysql://cyborg:CYBORG_DBPASS@controller/cyborg [service_catalog] cafile = /opt/stack/data/ca-bundle.pem project_domain_id = default user_domain_id = default project_name = service password = CYBORG_PASS username = cyborg auth_url = http://controller:5000/v3/ auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = password username = PLACEMENT_PASS auth_url = http://controller:5000/v3/ auth_type = password auth_section = keystone_authtoken [nova] project_domain_name = Default project_name = service user_domain_name = Default password = NOVA_PASS username = nova auth_url = http://controller:5000/v3/ auth_type = password auth_section = keystone_authtoken [keystone_authtoken] memcached_servers = localhost:11211 signing_dir = /var/cache/cyborg/api cafile = /opt/stack/data/ca-bundle.pem project_domain_name = Default project_name = service user_domain_name = Default password = CYBORG_PASS username = cyborg auth_url = http://controller:5000/v3/ auth_type = password \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent Aodh \u00b6 Aodh\u53ef\u4ee5\u6839\u636e\u7531Ceilometer\u6216\u8005Gnocchi\u6536\u96c6\u7684\u76d1\u63a7\u6570\u636e\u521b\u5efa\u544a\u8b66\uff0c\u5e76\u8bbe\u7f6e\u89e6\u53d1\u89c4\u5219\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh\u3002 dnf install openstack-aodh-api openstack-aodh-evaluator \\ openstack-aodh-notifier openstack-aodh-listener \\ openstack-aodh-expirer python3-aodhclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/aodh/aodh.conf [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u540c\u6b65\u6570\u636e\u5e93\u3002 aodh-dbsync \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service \\ openstack-aodh-notifier.service openstack-aodh-listener.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service \\ openstack-aodh-notifier.service openstack-aodh-listener.service Gnocchi \u00b6 Gnocchi\u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u65f6\u95f4\u5e8f\u5217\u6570\u636e\u5e93\uff0c\u53ef\u4ee5\u5bf9\u63a5Ceilometer\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi\u3002 dnf install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. # coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u540c\u6b65\u6570\u636e\u5e93\u3002 gnocchi-upgrade \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service Ceilometer \u00b6 Ceilometer\u662fOpenStack\u4e2d\u8d1f\u8d23\u6570\u636e\u6536\u96c6\u7684\u670d\u52a1\u3002 Controller\u8282\u70b9 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer\u8f6f\u4ef6\u5305\u3002 dnf install openstack-ceilometer-notification openstack-ceilometer-central \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/pipeline.yaml\u3002 publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/ceilometer.conf\u3002 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u6570\u636e\u5e93\u540c\u6b65\u3002 ceilometer-upgrade \u5b8c\u6210\u63a7\u5236\u8282\u70b9Ceilometer\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Compute\u8282\u70b9 \u5b89\u88c5Ceilometer\u8f6f\u4ef6\u5305\u3002 dnf install openstack-ceilometer-compute dnf install openstack-ceilometer-ipmi # \u53ef\u9009 \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/ceilometer.conf\u3002 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_url = http://controller:5000 project_domain_id = default user_domain_id = default auth_type = password username = ceilometer project_name = service password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/nova/nova.conf\u3002 [DEFAULT] instance_usage_audit = True instance_usage_audit_period = hour [notifications] notify_on_state_change = vm_and_task_state [oslo_messaging_notifications] driver = messagingv2 \u5b8c\u6210\u5b89\u88c5\u3002 systemctl enable openstack-ceilometer-compute.service systemctl start openstack-ceilometer-compute.service systemctl enable openstack-ceilometer-ipmi.service # \u53ef\u9009 systemctl start openstack-ceilometer-ipmi.service # \u53ef\u9009 # \u91cd\u542fnova-compute\u670d\u52a1 systemctl restart openstack-nova-compute.service Heat \u00b6 Heat\u662f OpenStack \u81ea\u52a8\u7f16\u6392\u670d\u52a1\uff0c\u57fa\u4e8e\u63cf\u8ff0\u6027\u7684\u6a21\u677f\u6765\u7f16\u6392\u590d\u5408\u4e91\u5e94\u7528\uff0c\u4e5f\u79f0\u4e3a Orchestration Service \u3002Heat \u7684\u5404\u670d\u52a1\u4e00\u822c\u5b89\u88c5\u5728 Controller \u8282\u70b9\u4e0a\u3002 Controller\u8282\u70b9 \u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE heat; MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 source ~/.admin-openrc openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f \u521b\u5efa heat domain openstack domain create --description \"Stack projects and users\" heat \u5728 heat domain\u4e0b\u521b\u5efa heat_domain_admin \u7528\u6237\uff0c\u5e76\u8bb0\u4e0b\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6e\u4e0b\u9762\u7684 HEAT_DOMAIN_PASS openstack user create --domain heat --password-prompt heat_domain_admin \u4e3a heat_domain_admin \u7528\u6237\u589e\u52a0 admin \u89d2\u8272 openstack role add --domain heat --user-domain heat --user heat_domain_admin admin \u521b\u5efa heat_stack_owner \u89d2\u8272 openstack role create heat_stack_owner \u521b\u5efa heat_stack_user \u89d2\u8272 openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service Tempest \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 Controller\u8282\u70b9 \uff1a \u5b89\u88c5Tempest dnf install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Antelope\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a dnf install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u90e8\u7f72 \u00b6 oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 yum install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff0cAK/SK\u662f\u7528\u6237\u7684\u534e\u4e3a\u4e91\u767b\u5f55\u5bc6\u94a5\uff0c\u5176\u4ed6\u914d\u7f6e\u4fdd\u6301\u9ed8\u8ba4\u5373\u53ef\uff08\u9ed8\u8ba4\u4f7f\u7528\u65b0\u52a0\u5761region\uff09\uff0c\u9700\u8981\u63d0\u524d\u5728\u4e91\u4e0a\u521b\u5efa\u5bf9\u5e94\u7684\u8d44\u6e90\uff0c\u5305\u62ec\uff1a \u4e00\u4e2a\u5b89\u5168\u7ec4\uff0c\u540d\u5b57\u9ed8\u8ba4\u662f oos \u4e00\u4e2aopenEuler\u955c\u50cf\uff0c\u540d\u79f0\u683c\u5f0f\u662fopenEuler-%(release)s-%(arch)s\uff0c\u4f8b\u5982 openEuler-24.03-SP2-arm64 \u4e00\u4e2aVPC\uff0c\u540d\u79f0\u662f oos_vpc \u8be5VPC\u4e0b\u9762\u4e24\u4e2a\u5b50\u7f51\uff0c\u540d\u79f0\u662f oos_subnet1 \u3001 oos_subnet2 [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668(\u53ea\u5728openEuler LTS\u4e0a\u652f\u6301) \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0|openEuler 24.03 LTS SP2\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 24.03-lts-SP2 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r antelope \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u6267\u884ctempest\u6d4b\u8bd5 \u7528\u6237\u53ef\u4ee5\u4f7f\u7528oos\u81ea\u52a8\u6267\u884c\uff1a oos env test test-oos \u4e5f\u53ef\u4ee5\u624b\u52a8\u767b\u5f55\u76ee\u6807\u8282\u70b9\uff0c\u8fdb\u5165\u6839\u76ee\u5f55\u4e0b\u7684 mytest \u76ee\u5f55\uff0c\u624b\u52a8\u6267\u884c tempest run \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u8df3\u8fc7\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u5728\u7b2c4\u6b65\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 \u88ab\u7eb3\u7ba1\u7684\u865a\u673a\u9700\u8981\u4fdd\u8bc1\uff1a \u81f3\u5c11\u6709\u4e00\u5f20\u7ed9oos\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e neutron_dataplane_interface_name \u81f3\u5c11\u6709\u4e00\u5757\u7ed9oos\u4f7f\u7528\u7684\u786c\u76d8\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e cinder_block_device \u5982\u679c\u8981\u90e8\u7f72swift\u670d\u52a1\uff0c\u5219\u9700\u8981\u65b0\u589e\u4e00\u5757\u786c\u76d8\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e swift_storage_devices # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 24.03-lts-SP2 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"openEuler-24.03-LTS-SP2_Antelope"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#openstack-antelope","text":"OpenStack Antelope \u90e8\u7f72\u6307\u5357 \u57fa\u4e8eRPM\u90e8\u7f72 \u73af\u5883\u51c6\u5907 \u65f6\u949f\u540c\u6b65 \u5b89\u88c5\u6570\u636e\u5e93 \u5b89\u88c5\u6d88\u606f\u961f\u5217 \u5b89\u88c5\u7f13\u5b58\u670d\u52a1 \u90e8\u7f72\u670d\u52a1 Keystone Glance Placement Nova Neutron Cinder Horizon Ironic Trove Swift Cyborg Aodh Gnocchi Ceilometer Heat Tempest \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u90e8\u7f72 \u672c\u6587\u6863\u662f openEuler OpenStack SIG \u7f16\u5199\u7684\u57fa\u4e8e |openEuler 24.03 LTS SP2 \u7684 OpenStack \u90e8\u7f72\u6307\u5357\uff0c\u5185\u5bb9\u7531 SIG \u8d21\u732e\u8005\u63d0\u4f9b\u3002\u5728\u9605\u8bfb\u8fc7\u7a0b\u4e2d\uff0c\u5982\u679c\u60a8\u6709\u4efb\u4f55\u7591\u95ee\u6216\u8005\u53d1\u73b0\u4efb\u4f55\u95ee\u9898\uff0c\u8bf7 \u8054\u7cfb SIG\u7ef4\u62a4\u4eba\u5458\uff0c\u6216\u8005\u76f4\u63a5 \u63d0\u4ea4issue \u7ea6\u5b9a \u672c\u7ae0\u8282\u63cf\u8ff0\u6587\u6863\u4e2d\u7684\u4e00\u4e9b\u901a\u7528\u7ea6\u5b9a\u3002 \u540d\u79f0 \u5b9a\u4e49 RABBIT_PASS rabbitmq\u7684\u5bc6\u7801\uff0c\u7531\u7528\u6237\u8bbe\u7f6e\uff0c\u5728OpenStack\u5404\u4e2a\u670d\u52a1\u914d\u7f6e\u4e2d\u4f7f\u7528 CINDER_PASS cinder\u670d\u52a1keystone\u7528\u6237\u7684\u5bc6\u7801\uff0c\u5728cinder\u914d\u7f6e\u4e2d\u4f7f\u7528 CINDER_DBPASS cinder\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728cinder\u914d\u7f6e\u4e2d\u4f7f\u7528 KEYSTONE_DBPASS keystone\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728keystone\u914d\u7f6e\u4e2d\u4f7f\u7528 GLANCE_PASS glance\u670d\u52a1keystone\u7528\u6237\u7684\u5bc6\u7801\uff0c\u5728glance\u914d\u7f6e\u4e2d\u4f7f\u7528 GLANCE_DBPASS glance\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728glance\u914d\u7f6e\u4e2d\u4f7f\u7528 HEAT_PASS \u5728keystone\u6ce8\u518c\u7684heat\u7528\u6237\u5bc6\u7801\uff0c\u5728heat\u914d\u7f6e\u4e2d\u4f7f\u7528 HEAT_DBPASS heat\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728heat\u914d\u7f6e\u4e2d\u4f7f\u7528 CYBORG_PASS \u5728keystone\u6ce8\u518c\u7684cyborg\u7528\u6237\u5bc6\u7801\uff0c\u5728cyborg\u914d\u7f6e\u4e2d\u4f7f\u7528 CYBORG_DBPASS cyborg\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728cyborg\u914d\u7f6e\u4e2d\u4f7f\u7528 NEUTRON_PASS \u5728keystone\u6ce8\u518c\u7684neutron\u7528\u6237\u5bc6\u7801\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 NEUTRON_DBPASS neutron\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 PROVIDER_INTERFACE_NAME \u7269\u7406\u7f51\u7edc\u63a5\u53e3\u7684\u540d\u79f0\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 OVERLAY_INTERFACE_IP_ADDRESS Controller\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406ip\u5730\u5740\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 METADATA_SECRET metadata proxy\u7684secret\u5bc6\u7801\uff0c\u5728nova\u548cneutron\u914d\u7f6e\u4e2d\u4f7f\u7528 PLACEMENT_DBPASS placement\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728placement\u914d\u7f6e\u4e2d\u4f7f\u7528 PLACEMENT_PASS \u5728keystone\u6ce8\u518c\u7684placement\u7528\u6237\u5bc6\u7801\uff0c\u5728placement\u914d\u7f6e\u4e2d\u4f7f\u7528 NOVA_DBPASS nova\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728nova\u914d\u7f6e\u4e2d\u4f7f\u7528 NOVA_PASS \u5728keystone\u6ce8\u518c\u7684nova\u7528\u6237\u5bc6\u7801\uff0c\u5728nova,cyborg,neutron\u7b49\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_DBPASS ironic\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728ironic\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_PASS \u5728keystone\u6ce8\u518c\u7684ironic\u7528\u6237\u5bc6\u7801\uff0c\u5728ironic\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_INSPECTOR_DBPASS ironic-inspector\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728ironic-inspector\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_INSPECTOR_PASS \u5728keystone\u6ce8\u518c\u7684ironic-inspector\u7528\u6237\u5bc6\u7801\uff0c\u5728ironic-inspector\u914d\u7f6e\u4e2d\u4f7f\u7528 OpenStack SIG \u63d0\u4f9b\u4e86\u591a\u79cd\u57fa\u4e8e openEuler \u90e8\u7f72 OpenStack \u7684\u65b9\u6cd5\uff0c\u4ee5\u6ee1\u8db3\u4e0d\u540c\u7684\u7528\u6237\u573a\u666f\uff0c\u8bf7\u6309\u9700\u9009\u62e9\u3002","title":"OpenStack Antelope \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#rpm","text":"","title":"\u57fa\u4e8eRPM\u90e8\u7f72"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#_1","text":"\u672c\u6587\u6863\u57fa\u4e8eOpenStack\u7ecf\u5178\u7684\u4e09\u8282\u70b9\u73af\u5883\u8fdb\u884c\u90e8\u7f72\uff0c\u4e09\u4e2a\u8282\u70b9\u5206\u522b\u662f\u63a7\u5236\u8282\u70b9(Controller)\u3001\u8ba1\u7b97\u8282\u70b9(Compute)\u3001\u5b58\u50a8\u8282\u70b9(Storage)\uff0c\u5176\u4e2d\u5b58\u50a8\u8282\u70b9\u4e00\u822c\u53ea\u90e8\u7f72\u5b58\u50a8\u670d\u52a1\uff0c\u5728\u8d44\u6e90\u6709\u9650\u7684\u60c5\u51b5\u4e0b\uff0c\u53ef\u4ee5\u4e0d\u5355\u72ec\u90e8\u7f72\u8be5\u8282\u70b9\uff0c\u628a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u670d\u52a1\u90e8\u7f72\u5230\u8ba1\u7b97\u8282\u70b9\u5373\u53ef\u3002 \u9996\u5148\u51c6\u5907\u4e09\u4e2a|openEuler 24.03 LTS SP2\u73af\u5883\uff0c\u6839\u636e\u60a8\u7684\u73af\u5883\uff0c\u4e0b\u8f7d\u5bf9\u5e94\u7684\u955c\u50cf\u5e76\u5b89\u88c5\u5373\u53ef\uff1a ISO\u955c\u50cf \u3001 qcow2\u955c\u50cf \u3002 \u4e0b\u9762\u7684\u5b89\u88c5\u6309\u7167\u5982\u4e0b\u62d3\u6251\u8fdb\u884c\uff1a controller\uff1a192.168.0.2 compute\uff1a 192.168.0.3 storage\uff1a 192.168.0.4 \u5982\u679c\u60a8\u7684\u73af\u5883IP\u4e0d\u540c\uff0c\u8bf7\u6309\u7167\u60a8\u7684\u73af\u5883IP\u4fee\u6539\u76f8\u5e94\u7684\u914d\u7f6e\u6587\u4ef6\u3002 \u672c\u6587\u6863\u7684\u4e09\u8282\u70b9\u670d\u52a1\u62d3\u6251\u5982\u4e0b\u56fe\u6240\u793a(\u53ea\u5305\u542bKeystone\u3001Glance\u3001Nova\u3001Cinder\u3001Neutron\u8fd9\u51e0\u4e2a\u6838\u5fc3\u670d\u52a1\uff0c\u5176\u4ed6\u670d\u52a1\u8bf7\u53c2\u8003\u5177\u4f53\u90e8\u7f72\u7ae0\u8282)\uff1a \u5728\u6b63\u5f0f\u90e8\u7f72\u4e4b\u524d\uff0c\u9700\u8981\u5bf9\u6bcf\u4e2a\u8282\u70b9\u505a\u5982\u4e0b\u914d\u7f6e\u548c\u68c0\u67e5\uff1a \u914d\u7f6e |openEuler 24.03 LTS SP2 \u5b98\u65b9 yum \u6e90\uff0c\u9700\u8981\u542f\u7528 EPOL \u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301 OpenStack yum update yum install openstack-release-antelope yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP2/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-24.03-LTS-SP2/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u6bcf\u4e2a\u8282\u70b9\u5206\u522b\u4fee\u6539\u4e3b\u673a\u540d\uff0c\u4ee5controller\u4e3a\u4f8b\uff1a hostnamectl set-hostname controller vi /etc/hostname \u5185\u5bb9\u4fee\u6539\u4e3acontroller \u7136\u540e\u4fee\u6539\u6bcf\u4e2a\u8282\u70b9\u7684 /etc/hosts \u6587\u4ef6\uff0c\u65b0\u589e\u5982\u4e0b\u5185\u5bb9: 192.168.0.2 controller 192.168.0.3 compute 192.168.0.4 storage","title":"\u73af\u5883\u51c6\u5907"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#_2","text":"\u96c6\u7fa4\u73af\u5883\u65f6\u523b\u8981\u6c42\u6bcf\u4e2a\u8282\u70b9\u7684\u65f6\u95f4\u4e00\u81f4\uff0c\u4e00\u822c\u7531\u65f6\u949f\u540c\u6b65\u8f6f\u4ef6\u4fdd\u8bc1\u3002\u672c\u6587\u4f7f\u7528 chrony \u8f6f\u4ef6\u3002\u6b65\u9aa4\u5982\u4e0b\uff1a Controller\u8282\u70b9 \uff1a \u5b89\u88c5\u670d\u52a1 dnf install chrony \u4fee\u6539 /etc/chrony.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u65b0\u589e\u4e00\u884c # \u8868\u793a\u5141\u8bb8\u54ea\u4e9bIP\u4ece\u672c\u8282\u70b9\u540c\u6b65\u65f6\u949f allow 192.168.0.0/24 \u91cd\u542f\u670d\u52a1 systemctl restart chronyd \u5176\u4ed6\u8282\u70b9 \u5b89\u88c5\u670d\u52a1 dnf install chrony \u4fee\u6539 /etc/chrony.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u65b0\u589e\u4e00\u884c # NTP_SERVER\u662fcontroller IP\uff0c\u8868\u793a\u4ece\u8fd9\u4e2a\u673a\u5668\u83b7\u53d6\u65f6\u95f4\uff0c\u8fd9\u91cc\u6211\u4eec\u586b192.168.0.2\uff0c\u6216\u8005\u5728`/etc/hosts`\u91cc\u914d\u7f6e\u597d\u7684controller\u540d\u5b57\u5373\u53ef\u3002 server NTP_SERVER iburst \u540c\u65f6\uff0c\u8981\u628a pool pool.ntp.org iburst \u8fd9\u4e00\u884c\u6ce8\u91ca\u6389\uff0c\u8868\u793a\u4e0d\u4ece\u516c\u7f51\u540c\u6b65\u65f6\u949f\u3002 \u91cd\u542f\u670d\u52a1 systemctl restart chronyd \u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u68c0\u67e5\u4e00\u4e0b\u7ed3\u679c\uff0c\u5728\u5176\u4ed6\u975econtroller\u8282\u70b9\u6267\u884c chronyc sources \uff0c\u8fd4\u56de\u7ed3\u679c\u7c7b\u4f3c\u5982\u4e0b\u5185\u5bb9\uff0c\u8868\u793a\u6210\u529f\u4ececontroller\u540c\u6b65\u65f6\u949f\u3002 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* 192.168.0.2 4 6 7 0 -1406ns[ +55us] +/- 16ms","title":"\u65f6\u949f\u540c\u6b65"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#_3","text":"\u6570\u636e\u5e93\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528mariadb\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install mysql-config mariadb mariadb-server python3-PyMySQL \u65b0\u589e\u914d\u7f6e\u6587\u4ef6 /etc/my.cnf.d/openstack.cnf \uff0c\u5185\u5bb9\u5982\u4e0b [mysqld] bind-address = 192.168.0.2 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u542f\u52a8\u670d\u52a1\u5668 systemctl start mariadb \u521d\u59cb\u5316\u6570\u636e\u5e93\uff0c\u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef mysql_secure_installation \u793a\u4f8b\u5982\u4e0b\uff1a NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and haven't set the root password yet, you should just press enter here. Enter current password for root (enter for none): #\u8fd9\u91cc\u8f93\u5165\u5bc6\u7801\uff0c\u7531\u4e8e\u6211\u4eec\u662f\u521d\u59cb\u5316DB\uff0c\u76f4\u63a5\u56de\u8f66\u5c31\u884c OK, successfully used password, moving on... Setting the root password or using the unix_socket ensures that nobody can log into the MariaDB root user without the proper authorisation. You already have your root account protected, so you can safely answer 'n'. # \u8fd9\u91cc\u6839\u636e\u63d0\u793a\u8f93\u5165N Switch to unix_socket authentication [Y/n] N Enabled successfully! Reloading privilege tables.. ... Success! You already have your root account protected, so you can safely answer 'n'. # \u8f93\u5165Y\uff0c\u4fee\u6539\u5bc6\u7801 Change the root password? [Y/n] Y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. # \u8f93\u5165Y\uff0c\u5220\u9664\u533f\u540d\u7528\u6237 Remove anonymous users? [Y/n] Y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. # \u8f93\u5165Y\uff0c\u5173\u95edroot\u8fdc\u7a0b\u767b\u5f55\u6743\u9650 Disallow root login remotely? [Y/n] Y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. # \u8f93\u5165Y\uff0c\u5220\u9664test\u6570\u636e\u5e93 Remove test database and access to it? [Y/n] Y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. # \u8f93\u5165Y\uff0c\u91cd\u8f7d\u914d\u7f6e Reload privilege tables now? [Y/n] Y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. \u9a8c\u8bc1\uff0c\u6839\u636e\u7b2c\u56db\u6b65\u8bbe\u7f6e\u7684\u5bc6\u7801\uff0c\u68c0\u67e5\u662f\u5426\u80fd\u767b\u5f55mariadb mysql -uroot -p","title":"\u5b89\u88c5\u6570\u636e\u5e93"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#_4","text":"\u6d88\u606f\u961f\u5217\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528rabbitmq\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install rabbitmq-server \u542f\u52a8\u670d\u52a1 systemctl start rabbitmq-server \u914d\u7f6eopenstack\u7528\u6237\uff0c RABBIT_PASS \u662fopenstack\u670d\u52a1\u767b\u5f55\u6d88\u606f\u961f\u91cc\u7684\u5bc6\u7801\uff0c\u9700\u8981\u548c\u540e\u9762\u5404\u4e2a\u670d\u52a1\u7684\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\u3002 rabbitmqctl add_user openstack RABBIT_PASS rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5\u6d88\u606f\u961f\u5217"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#_5","text":"\u6d88\u606f\u961f\u5217\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528Memcached\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install memcached python3-memcached \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u542f\u52a8\u670d\u52a1 systemctl start memcached","title":"\u5b89\u88c5\u7f13\u5b58\u670d\u52a1"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#_6","text":"","title":"\u90e8\u7f72\u670d\u52a1"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#keystone","text":"Keystone\u662fOpenStack\u63d0\u4f9b\u7684\u9274\u6743\u670d\u52a1\uff0c\u662f\u6574\u4e2aOpenStack\u7684\u5165\u53e3\uff0c\u63d0\u4f9b\u4e86\u79df\u6237\u9694\u79bb\u3001\u7528\u6237\u8ba4\u8bc1\u3001\u670d\u52a1\u53d1\u73b0\u7b49\u529f\u80fd\uff0c\u5fc5\u987b\u5b89\u88c5\u3002 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server \u6253\u5f00httpd.conf\u5e76\u914d\u7f6e #\u9700\u8981\u4fee\u6539\u7684\u914d\u7f6e\u6587\u4ef6\u8def\u5f84 vim /etc/httpd/conf/httpd.conf #\u4fee\u6539\u4ee5\u4e0b\u9879\uff0c\u5982\u679c\u6ca1\u6709\u5219\u65b0\u6dfb\u52a0 ServerName controller \u521b\u5efa\u8f6f\u94fe\u63a5 ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles \u9700\u8981\u5148\u5b89\u88c5python3-openstackclient dnf install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#glance","text":"Glance\u662fOpenStack\u63d0\u4f9b\u7684\u955c\u50cf\u670d\u52a1\uff0c\u8d1f\u8d23\u865a\u62df\u673a\u3001\u88f8\u673a\u955c\u50cf\u7684\u4e0a\u4f20\u4e0e\u4e0b\u8f7d\uff0c\u5fc5\u987b\u5b89\u88c5\u3002 Controller\u8282\u70b9 \uff1a \u521b\u5efa glance \u6570\u636e\u5e93\u5e76\u6388\u6743 mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521d\u59cb\u5316 glance \u8d44\u6e90\u5bf9\u8c61 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efa\u7528\u6237\u65f6\uff0c\u547d\u4ee4\u884c\u4f1a\u63d0\u793a\u8f93\u5165\u5bc6\u7801\uff0c\u8bf7\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u5bc6\u7801\uff0c\u4e0b\u6587\u6d89\u53ca\u5230 GLANCE_PASS \u7684\u5730\u65b9\u66ff\u6362\u6210\u8be5\u5bc6\u7801\u5373\u53ef\u3002 openstack user create --domain default --password-prompt glance User Password: Repeat User Password: \u6dfb\u52a0glance\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user glance admin \u521b\u5efaglance\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efaglance API\u670d\u52a1\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-glance \u4fee\u6539 glance \u914d\u7f6e\u6587\u4ef6 vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u5bfc\u5165\u73af\u5883\u53d8\u91cf sorce ~/.admin-openrcu \u4e0b\u8f7d\u955c\u50cf x86\u955c\u50cf\u4e0b\u8f7d\uff1a wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img arm\u955c\u50cf\u4e0b\u8f7d\uff1a wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-aarch64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#placement","text":"Placement\u662fOpenStack\u63d0\u4f9b\u7684\u8d44\u6e90\u8c03\u5ea6\u7ec4\u4ef6\uff0c\u4e00\u822c\u4e0d\u9762\u5411\u7528\u6237\uff0c\u7531Nova\u7b49\u7ec4\u4ef6\u8c03\u7528\uff0c\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\u3002 \u5b89\u88c5\u3001\u914d\u7f6ePlacement\u670d\u52a1\u524d\uff0c\u9700\u8981\u5148\u521b\u5efa\u76f8\u5e94\u7684\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548cAPI endpoints\u3002 \u521b\u5efa\u6570\u636e\u5e93 \u4f7f\u7528root\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\u670d\u52a1\uff1a mysql -u root -p \u521b\u5efaplacement\u6570\u636e\u5e93\uff1a MariaDB [(none)]> CREATE DATABASE placement; \u6388\u6743\u6570\u636e\u5e93\u8bbf\u95ee\uff1a MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; \u66ff\u6362 PLACEMENT_DBPASS \u4e3aplacement\u6570\u636e\u5e93\u8bbf\u95ee\u5bc6\u7801\u3002 \u9000\u51fa\u6570\u636e\u5e93\u8bbf\u95ee\u5ba2\u6237\u7aef\uff1a exit \u914d\u7f6e\u7528\u6237\u548cEndpoints source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u521b\u5efaplacement\u7528\u6237\u5e76\u8bbe\u7f6e\u7528\u6237\u5bc6\u7801\uff1a openstack user create --domain default --password-prompt placement User Password: Repeat User Password: \u6dfb\u52a0placement\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user placement admin \u521b\u5efaplacement\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name placement \\ --description \"Placement API\" placement \u521b\u5efaPlacement API\u670d\u52a1endpoints\uff1a openstack endpoint create --region RegionOne \\ placement public http://controller:8778 openstack endpoint create --region RegionOne \\ placement internal http://controller:8778 openstack endpoint create --region RegionOne \\ placement admin http://controller:8778 \u5b89\u88c5\u53ca\u914d\u7f6e\u7ec4\u4ef6 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a dnf install openstack-placement-api \u7f16\u8f91 /etc/placement/placement.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u5b8c\u6210\u5982\u4e0b\u64cd\u4f5c\uff1a \u5728 [placement_database] \u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1a [placement_database] connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement \u66ff\u6362 PLACEMENT_DBPASS \u4e3aplacement\u6570\u636e\u5e93\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u6570\u636e\u5e93\u540c\u6b65\uff0c\u586b\u5145Placement\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8\u670d\u52a1 \u91cd\u542fhttpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650 source ~/.admin-openrc \u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a placement-status upgrade check +----------------------------------------------------------------------+ | Upgrade Check Results | +----------------------------------------------------------------------+ | Check: Missing Root Provider IDs | | Result: Success | | Details: None | +----------------------------------------------------------------------+ | Check: Incomplete Consumers | | Result: Success | | Details: None | +----------------------------------------------------------------------+ | Check: Policy File JSON to YAML Migration | | Result: Failure | | Details: Your policy file is JSON-formatted which is deprecated. You | | need to switch to YAML-formatted file. Use the | | ``oslopolicy-convert-json-to-yaml`` tool to convert the | | existing JSON-formatted files to YAML in a backwards- | | compatible manner: https://docs.openstack.org/oslo.policy/ | | latest/cli/oslopolicy-convert-json-to-yaml.html. | +----------------------------------------------------------------------+ \u8fd9\u91cc\u53ef\u4ee5\u770b\u5230 Policy File JSON to YAML Migration \u7684\u7ed3\u679c\u4e3aFailure\u3002\u8fd9\u662f\u56e0\u4e3a\u5728Placement\u4e2d\uff0cJSON\u683c\u5f0f\u7684policy\u6587\u4ef6\u4eceWallaby\u7248\u672c\u5f00\u59cb\u5df2\u5904\u4e8e deprecated \u72b6\u6001\u3002\u53ef\u4ee5\u53c2\u8003\u63d0\u793a\uff0c\u4f7f\u7528 oslopolicy-convert-json-to-yaml \u5de5\u5177 \u5c06\u73b0\u6709\u7684JSON\u683c\u5f0fpolicy\u6587\u4ef6\u8f6c\u5316\u4e3aYAML\u683c\u5f0f\u3002 oslopolicy-convert-json-to-yaml --namespace placement \\ --policy-file /etc/placement/policy.json \\ --output-file /etc/placement/policy.yaml mv /etc/placement/policy.json{,.bak} \u6ce8\uff1a\u5f53\u524d\u73af\u5883\u4e2d\u6b64\u95ee\u9898\u53ef\u5ffd\u7565\uff0c\u4e0d\u5f71\u54cd\u8fd0\u884c\u3002 \u9488\u5bf9placement API\u8fd0\u884c\u547d\u4ee4\uff1a \u5b89\u88c5osc-placement\u63d2\u4ef6\uff1a dnf install python3-osc-placement \u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a openstack --os-placement-api-version 1.2 resource class list --sort-column name +----------------------------+ | name | +----------------------------+ | DISK_GB | | FPGA | | ... | openstack --os-placement-api-version 1.6 trait list --sort-column name +---------------------------------------+ | name | +---------------------------------------+ | COMPUTE_ACCELERATORS | | COMPUTE_ARCH_AARCH64 | | ... |","title":"Placement"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#nova","text":"Nova\u662fOpenStack\u7684\u8ba1\u7b97\u670d\u52a1\uff0c\u8d1f\u8d23\u865a\u62df\u673a\u7684\u521b\u5efa\u3001\u53d1\u653e\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u521b\u5efa\u6570\u636e\u5e93 \u4f7f\u7528root\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\u670d\u52a1\uff1a mysql -u root -p \u521b\u5efa nova_api \u3001 nova \u548c nova_cell0 \u6570\u636e\u5e93\uff1a MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; \u6388\u6743\u6570\u636e\u5e93\u8bbf\u95ee\uff1a MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; \u66ff\u6362 NOVA_DBPASS \u4e3anova\u76f8\u5173\u6570\u636e\u5e93\u8bbf\u95ee\u5bc6\u7801\u3002 \u9000\u51fa\u6570\u636e\u5e93\u8bbf\u95ee\u5ba2\u6237\u7aef\uff1a exit \u914d\u7f6e\u7528\u6237\u548cEndpoints source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u521b\u5efanova\u7528\u6237\u5e76\u8bbe\u7f6e\u7528\u6237\u5bc6\u7801\uff1a openstack user create --domain default --password-prompt nova User Password: Repeat User Password: \u6dfb\u52a0nova\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user nova admin \u521b\u5efanova\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name nova \\ --description \"OpenStack Compute\" compute \u521b\u5efaNova API\u670d\u52a1endpoints\uff1a openstack endpoint create --region RegionOne \\ compute public http://controller:8774/v2.1 openstack endpoint create --region RegionOne \\ compute internal http://controller:8774/v2.1 openstack endpoint create --region RegionOne \\ compute admin http://controller:8774/v2.1 \u5b89\u88c5\u53ca\u914d\u7f6e\u7ec4\u4ef6 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a dnf install openstack-nova-api openstack-nova-conductor \\ openstack-nova-novncproxy openstack-nova-scheduler \u7f16\u8f91 /etc/nova/nova.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u5b8c\u6210\u5982\u4e0b\u64cd\u4f5c\uff1a \u5728 [default] \u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u4f7f\u7528controller\u8282\u70b9\u7ba1\u7406IP\u914d\u7f6emy_ip\uff0c\u663e\u5f0f\u5b9a\u4e49log_dir\uff1a [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 192.168.0.2 log_dir = /var/log/nova state_path = /var/lib/nova \u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002 \u5728 [api_database] \u548c [database] \u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1a [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova \u66ff\u6362 NOVA_DBPASS \u4e3anova\u76f8\u5173\u6570\u636e\u5e93\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u5728 [vnc] \u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1a [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip \u5728 [glance] \u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1a [glance] api_servers = http://controller:9292 \u5728 [oslo_concurrency] \u90e8\u5206\uff0c\u914d\u7f6elock path\uff1a [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\uff1a [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u6570\u636e\u5e93\u540c\u6b65\uff1a \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova \u542f\u52a8\u670d\u52a1 systemctl enable \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service Compute\u8282\u70b9 \u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-nova-compute \u7f16\u8f91 /etc/nova/nova.conf \u914d\u7f6e\u6587\u4ef6 \u5728 [default] \u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u4f7f\u7528Compute\u8282\u70b9\u7ba1\u7406IP\u914d\u7f6emy_ip\uff0c\u663e\u5f0f\u5b9a\u4e49compute_driver\u3001instances_path\u3001log_dir\uff1a [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 192.168.0.3 compute_driver = libvirt.LibvirtDriver instances_path = /var/lib/nova/instances log_dir = /var/log/nova \u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u5728 [vnc] \u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1a [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html \u5728 [glance] \u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1a [glance] api_servers = http://controller:9292 \u5728 [oslo_concurrency] \u90e8\u5206\uff0c\u914d\u7f6elock path\uff1a [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\uff1a [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86_64\uff09 \u5904\u7406\u5668\u4e3ax86_64\u67b6\u6784\u65f6\uff0c\u53ef\u901a\u8fc7\u8fd0\u884c\u5982\u4e0b\u547d\u4ee4\u786e\u8ba4\u662f\u5426\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662f\u9ed8\u8ba4\u7684KVM\u3002\u7f16\u8f91 /etc/nova/nova.conf \u7684 [libvirt] \u90e8\u5206\uff1a [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e\u3002 \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08arm64\uff09 \u5904\u7406\u5668\u4e3aarm64\u67b6\u6784\u65f6\uff0c\u53ef\u901a\u8fc7\u8fd0\u884c\u5982\u4e0b\u547d\u4ee4\u786e\u8ba4\u662f\u5426\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff1a virt-host-validate # \u8be5\u547d\u4ee4\u7531libvirt\u63d0\u4f9b\uff0c\u6b64\u65f6libvirt\u5e94\u5df2\u4f5c\u4e3aopenstack-nova-compute\u4f9d\u8d56\u88ab\u5b89\u88c5\uff0c\u73af\u5883\u4e2d\u5df2\u6709\u6b64\u547d\u4ee4 \u663e\u793aFAIL\u65f6\uff0c\u8868\u793a\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662f\u9ed8\u8ba4\u7684KVM\u3002 QEMU: Checking if device /dev/kvm exists: FAIL (Check that CPU and firmware supports virtualization and kvm module is loaded) \u7f16\u8f91 /etc/nova/nova.conf \u7684 [libvirt] \u90e8\u5206\uff1a [libvirt] virt_type = qemu \u663e\u793aPASS\u65f6\uff0c\u8868\u793a\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e\u3002 QEMU: Checking if device /dev/kvm exists: PASS \u914d\u7f6eqemu\uff08\u4ec5arm64\uff09 \u4ec5\u5f53\u5904\u7406\u5668\u4e3aarm64\u67b6\u6784\u65f6\u9700\u8981\u6267\u884c\u6b64\u64cd\u4f5c\u3002 \u7f16\u8f91 /etc/libvirt/qemu.conf : nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u7f16\u8f91 /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } \u542f\u52a8\u670d\u52a1 systemctl enable libvirtd.service openstack-nova-compute.service systemctl start libvirtd.service openstack-nova-compute.service Controller\u8282\u70b9 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u786e\u8ba4nova-compute\u670d\u52a1\u5df2\u8bc6\u522b\u5230\u6570\u636e\u5e93\u4e2d\uff1a openstack compute service list --service nova-compute \u53d1\u73b0\u8ba1\u7b97\u8282\u70b9\uff0c\u5c06\u8ba1\u7b97\u8282\u70b9\u6dfb\u52a0\u5230cell\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova \u7ed3\u679c\u5982\u4e0b\uff1a Modules with known eventlet monkey patching issues were imported prior to eventlet monkey patching: urllib3. This warning can usually be ignored if the caller is only importing and not executing nova code. Found 2 cell mappings. Skipping cell0 since it does not contain hosts. Getting computes from cell 'cell1': 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2 Checking host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e Creating host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e Found 1 unmapped computes in cell: 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2 \u9a8c\u8bc1 \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check","title":"Nova"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#neutron","text":"Neutron\u662fOpenStack\u7684\u7f51\u7edc\u670d\u52a1\uff0c\u63d0\u4f9b\u865a\u62df\u4ea4\u6362\u673a\u3001IP\u8def\u7531\u3001DHCP\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u670d\u52a1\u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u7528\u6237\u548c\u670d\u52a1\uff0c\u5e76\u8bb0\u4f4f\u521b\u5efaneutron\u7528\u6237\u65f6\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6eNEUTRON_PASS\uff1a source ~/.admin-openrc openstack user create --domain default --password-prompt neutron openstack role add --project service --user neutron admin openstack service create --name neutron --description \"OpenStack Networking\" network \u90e8\u7f72 Neutron API \u670d\u52a1\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 openstack endpoint create --region RegionOne network internal http://controller:9696 openstack endpoint create --region RegionOne network admin http://controller:9696 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install -y openstack-neutron openstack-neutron-linuxbridge ebtables ipset openstack-neutron-ml2 3. \u914d\u7f6eNeutron \u4fee\u6539/etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron [DEFAULT] core_plugin = ml2 service_plugins = router allow_overlapping_ips = true transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = nova password = NOVA_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp [experimental] linuxbridge = true \u914d\u7f6eML2\uff0cML2\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge** \u4fee\u6539/etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u4fee\u6539/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u914d\u7f6eLayer-3\u4ee3\u7406 \u4fee\u6539/etc/neutron/l3_agent.ini [DEFAULT] interface_driver = linuxbridge \u914d\u7f6eDHCP\u4ee3\u7406 \u4fee\u6539/etc/neutron/dhcp_agent.ini [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u914d\u7f6emetadata\u4ee3\u7406 \u4fee\u6539/etc/neutron/metadata_agent.ini [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u914d\u7f6enova\u670d\u52a1\u4f7f\u7528neutron\uff0c\u4fee\u6539/etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542fnova api\u670d\u52a1 systemctl restart openstack-nova-api \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service systemctl start neutron-server.service neutron-linuxbridge-agent.service \\ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service Compute\u8282\u70b9 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-neutron-linuxbridge ebtables ipset -y \u914d\u7f6eNeutron \u4fee\u6539/etc/neutron/neutron.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u4fee\u6539/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u914d\u7f6enova compute\u670d\u52a1\u4f7f\u7528neutron\uff0c\u4fee\u6539/etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS \u91cd\u542fnova-compute\u670d\u52a1 systemctl restart openstack-nova-compute.service \u542f\u52a8Neutron linuxbridge agent\u670d\u52a1 systemctl enable neutron-linuxbridge-agent systemctl start neutron-linuxbridge-agent","title":"Neutron"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#cinder","text":"Cinder\u662fOpenStack\u7684\u5b58\u50a8\u670d\u52a1\uff0c\u63d0\u4f9b\u5757\u8bbe\u5907\u7684\u521b\u5efa\u3001\u53d1\u653e\u3001\u5907\u4efd\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \uff1a \u521d\u59cb\u5316\u6570\u636e\u5e93 CINDER_DBPASS \u662f\u7528\u6237\u81ea\u5b9a\u4e49\u7684cinder\u6570\u636e\u5e93\u5bc6\u7801\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u521d\u59cb\u5316Keystone\u8d44\u6e90\u5bf9\u8c61 source ~/.admin-openrc #\u521b\u5efa\u7528\u6237\u65f6\uff0c\u547d\u4ee4\u884c\u4f1a\u63d0\u793a\u8f93\u5165\u5bc6\u7801\uff0c\u8bf7\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u5bc6\u7801\uff0c\u4e0b\u6587\u6d89\u53ca\u5230`CINDER_PASS`\u7684\u5730\u65b9\u66ff\u6362\u6210\u8be5\u5bc6\u7801\u5373\u53ef\u3002 openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s 3. \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-cinder-api openstack-cinder-scheduler \u4fee\u6539cinder\u914d\u7f6e\u6587\u4ef6 /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 192.168.0.2 [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp \u6570\u636e\u5e93\u540c\u6b65 su -s /bin/sh -c \"cinder-manage db sync\" cinder \u4fee\u6539nova\u914d\u7f6e /etc/nova/nova.conf [cinder] os_region_name = RegionOne \u542f\u52a8\u670d\u52a1 systemctl restart openstack-nova-api systemctl start openstack-cinder-api openstack-cinder-scheduler Storage\u8282\u70b9 \uff1a Storage\u8282\u70b9\u8981\u63d0\u524d\u51c6\u5907\u81f3\u5c11\u4e00\u5757\u786c\u76d8\uff0c\u4f5c\u4e3acinder\u7684\u5b58\u50a8\u540e\u7aef\uff0c\u4e0b\u6587\u9ed8\u8ba4storage\u8282\u70b9\u5df2\u7ecf\u5b58\u5728\u4e00\u5757\u672a\u4f7f\u7528\u7684\u786c\u76d8\uff0c\u8bbe\u5907\u540d\u79f0\u4e3a /dev/sdb \uff0c\u7528\u6237\u5728\u914d\u7f6e\u8fc7\u7a0b\u4e2d\uff0c\u8bf7\u6309\u7167\u771f\u5b9e\u73af\u5883\u4fe1\u606f\u8fdb\u884c\u540d\u79f0\u66ff\u6362\u3002 Cinder\u652f\u6301\u5f88\u591a\u7c7b\u578b\u7684\u540e\u7aef\u5b58\u50a8\uff0c\u672c\u6307\u5bfc\u4f7f\u7528\u6700\u7b80\u5355\u7684lvm\u4e3a\u53c2\u8003\uff0c\u5982\u679c\u60a8\u60f3\u4f7f\u7528\u5982ceph\u7b49\u5176\u4ed6\u540e\u7aef\uff0c\u8bf7\u81ea\u884c\u914d\u7f6e\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils openstack-cinder-volume openstack-cinder-backup \u914d\u7f6elvm\u5377\u7ec4 pvcreate /dev/sdb vgcreate cinder-volumes /dev/sdb \u4fee\u6539cinder\u914d\u7f6e /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 192.168.0.4 enabled_backends = lvm glance_api_servers = http://controller:9292 [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = cinder password = CINDER_PASS [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver volume_group = cinder-volumes target_protocol = iscsi target_helper = lioadm [oslo_concurrency] lock_path = /var/lib/cinder/tmp \u914d\u7f6ecinder backup \uff08\u53ef\u9009\uff09 cinder-backup\u662f\u53ef\u9009\u7684\u5907\u4efd\u670d\u52a1\uff0ccinder\u540c\u6837\u652f\u6301\u5f88\u591a\u79cd\u5907\u4efd\u540e\u7aef\uff0c\u672c\u6587\u4f7f\u7528swift\u5b58\u50a8\uff0c\u5982\u679c\u60a8\u60f3\u4f7f\u7528\u5982NFS\u7b49\u540e\u7aef\uff0c\u8bf7\u81ea\u884c\u914d\u7f6e\uff0c\u4f8b\u5982\u53ef\u4ee5\u53c2\u8003 OpenStack\u5b98\u65b9\u6587\u6863 \u5bf9NFS\u7684\u914d\u7f6e\u8bf4\u660e\u3002 \u4fee\u6539 /etc/cinder/cinder.conf \uff0c\u5728 [DEFAULT] \u4e2d\u65b0\u589e [DEFAULT] backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver backup_swift_url = SWIFT_URL \u8fd9\u91cc\u7684 SWIFT_URL \u662f\u6307\u73af\u5883\u4e2dswift\u670d\u52a1\u7684URL\uff0c\u5728\u90e8\u7f72\u5b8cswift\u670d\u52a1\u540e\uff0c\u6267\u884c openstack catalog show object-store \u547d\u4ee4\u83b7\u53d6\u3002 \u542f\u52a8\u670d\u52a1 systemctl start openstack-cinder-volume target systemctl start openstack-cinder-backup (\u53ef\u9009) \u81f3\u6b64\uff0cCinder\u670d\u52a1\u7684\u90e8\u7f72\u5df2\u5168\u90e8\u5b8c\u6210\uff0c\u53ef\u4ee5\u5728controller\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u8fdb\u884c\u7b80\u5355\u7684\u9a8c\u8bc1 source ~/.admin-openrc openstack storage service list openstack volume list","title":"Cinder"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#horizon","text":"Horizon\u662fOpenStack\u63d0\u4f9b\u7684\u524d\u7aef\u9875\u9762\uff0c\u53ef\u4ee5\u8ba9\u7528\u6237\u901a\u8fc7\u7f51\u9875\u9f20\u6807\u7684\u64cd\u4f5c\u6765\u63a7\u5236OpenStack\u96c6\u7fa4\uff0c\u800c\u4e0d\u7528\u7e41\u7410\u7684CLI\u547d\u4ee4\u884c\u3002Horizon\u4e00\u822c\u90e8\u7f72\u5728\u63a7\u5236\u8282\u70b9\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-dashboard \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] OPENSTACK_KEYSTONE_URL = \"http://controller:5000/v3\" SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f\u670d\u52a1 systemctl restart httpd \u81f3\u6b64\uff0chorizon\u670d\u52a1\u7684\u90e8\u7f72\u5df2\u5168\u90e8\u5b8c\u6210\uff0c\u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165 http://192.168.0.2/dashboard \uff0c\u6253\u5f00horizon\u767b\u5f55\u9875\u9762\u3002","title":"Horizon"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASS'; MariaDB [(none)]> exit Bye \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 \u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 \u66ff\u6362 IRONIC_PASS \u4e3aironic\u7528\u6237\u5bc6\u7801\uff0c IRONIC_INSPECTOR_PASS \u4e3aironic_inspector\u7528\u6237\u5bc6\u7801\u3002 openstack user create --password IRONIC_PASS \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASS --email ironic_inspector@example.com ironic-inspector openstack role add --project service --user ironic-inspector admin \u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal public http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal internal http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://192.168.0.2:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://192.168.0.2:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://192.168.0.2:5050/v1 \u5b89\u88c5\u7ec4\u4ef6 dnf install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf \u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASS \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQ LAlchemy connection string used to connect to the # database (string value) # connection = mysql+pymysql://ironic:IRONIC_DBPASS@DB_IP/ironic connection = mysql+pymysql://ironic:IRONIC_DBPASS@controller/ironic \u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) # transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq \u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASS \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s % (user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) # www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 www_authenticate_uri=http://controller:5000 # Complete admin Identity API endpoint. (string value) # auth_url=http://PRIVATE_IDENTITY_IP:5000 auth_url=http://controller:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASS # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none \u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema \u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 \u5982\u4e0b\u4e3aironic-conductor\u670d\u52a1\u81ea\u8eab\u7684\u6807\u51c6\u914d\u7f6e\uff0cironic-conductor\u670d\u52a1\u53ef\u4ee5\u4e0eironic-api\u670d\u52a1\u5206\u5e03\u4e8e\u4e0d\u540c\u8282\u70b9\uff0c\u672c\u6307\u5357\u4e2d\u5747\u90e8\u7f72\u4e0e\u63a7\u5236\u8282\u70b9\uff0c\u6240\u4ee5\u91cd\u590d\u7684\u914d\u7f6e\u9879\u53ef\u8df3\u8fc7\u3002 \u66ff\u6362\u4f7f\u7528conductor\u670d\u52a1\u6240\u5728host\u7684IP\u914d\u7f6emy_ip\uff1a [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) # my_ip=HOST_IP my_ip = 192.168.0.2 \u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASS \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASS@controller/ironic \u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq \u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c \u66ff\u6362IRONIC_PASS\u4e3aironic\u7528\u6237\u5bc6\u7801\u3002 [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASS # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public # \u5176\u4ed6\u53c2\u8003\u914d\u7f6e [glance] endpoint_override = http://controller:9292 www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 auth_type = password username = ironic password = IRONIC_PASS project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service [service_catalog] region_name = RegionOne project_domain_id = default user_domain_id = default project_name = service password = IRONIC_PASS username = ironic auth_url = http://controller:5000 auth_type = password \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] endpoint_override = <NEUTRON_API_ADDRESS> \u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 \u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u5b89\u88c5\u7ec4\u4ef6 dnf install openstack-ironic-inspector \u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASS'; MariaDB [(none)]> exit Bye \u914d\u7f6e /etc/ironic-inspector/inspector.conf \u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASS \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801 [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASS@controller/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 \u914d\u7f6e\u6d88\u606f\u961f\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s % (user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://controller:5000 www_authenticate_uri = http://controller:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = controller:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True \u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=192.168.0.40,192.168.0.50 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log \u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c \u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade \u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 dnf install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd deploy ramdisk\u955c\u50cf\u4e0b\u8f7d\u6216\u5236\u4f5c \u90e8\u7f72\u4e00\u4e2a\u88f8\u673a\u8282\u70b9\u603b\u5171\u9700\u8981\u4e24\u7ec4\u955c\u50cf\uff1adeploy ramdisk images\u548cuser images\u3002Deploy ramdisk images\u4e0a\u8fd0\u884c\u6709ironic-python-agent(IPA)\u670d\u52a1\uff0cIronic\u901a\u8fc7\u5b83\u8fdb\u884c\u88f8\u673a\u8282\u70b9\u7684\u73af\u5883\u51c6\u5907\u3002User images\u662f\u6700\u7ec8\u88ab\u5b89\u88c5\u88f8\u673a\u8282\u70b9\u4e0a\uff0c\u4f9b\u7528\u6237\u4f7f\u7528\u7684\u955c\u50cf\u3002 ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent-builder\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002\u82e5\u4f7f\u7528\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \uff0c\u540c\u65f6\u5b98\u65b9\u4e5f\u6709\u63d0\u4f9b\u5236\u4f5c\u597d\u7684deploy\u955c\u50cf\uff0c\u53ef\u5c1d\u8bd5\u4e0b\u8f7d\u3002 \u4e0b\u6587\u4ecb\u7ecd\u901a\u8fc7ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder dnf install python3-ironic-python-agent-builder \u6216 pip3 install ironic-python-agent-builder dnf install qemu-img git \u5236\u4f5c\u955c\u50cf \u57fa\u672c\u7528\u6cd5\uff1a usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--lzma] [--extra-args EXTRA_ARGS] [--elements-path ELEMENTS_PATH] distribution positional arguments: distribution Distribution to use options: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic-python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --lzma Use lzma compression for smaller images --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder --elements-path ELEMENTS_PATH Path(s) to custom DIB elements separated by a colon \u64cd\u4f5c\u5b9e\u4f8b\uff1a # -o\u9009\u9879\u6307\u5b9a\u751f\u6210\u7684\u955c\u50cf\u540d # ubuntu\u6307\u5b9a\u751f\u6210ubuntu\u7cfb\u7edf\u7684\u955c\u50cf ironic-python-agent-builder -o my-ubuntu-ipa ubuntu \u53ef\u901a\u8fc7\u8bbe\u7f6e ARCH \u73af\u5883\u53d8\u91cf\uff08\u9ed8\u8ba4\u4e3aamd64\uff09\u6307\u5b9a\u6240\u6784\u5efa\u955c\u50cf\u7684\u67b6\u6784\u3002\u5982\u679c\u662f arm \u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a export ARCH=aarch64 \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf,\u8bbe\u7f6e\u7528\u6237\u540d\u3001\u5bc6\u7801\uff0c\u542f\u7528 sodo \u6743\u9650\uff1b\u5e76\u6dfb\u52a0 -e \u9009\u9879\u4f7f\u7528\u76f8\u5e94\u7684DIB\u5143\u7d20\u3002\u5236\u4f5c\u955c\u50cf\u64cd\u4f5c\u5982\u4e0b\uff1a export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder -o my-ssh-ubuntu-ipa -e selinux-permissive -e devuser ubuntu \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=stable/2023.1 # \u6307\u5b9a\u672c\u5730\u4ed3\u5e93\u53ca\u5206\u652f DIB_REPOLOCATION_ironic_python_agent=/home/user/path/to/repo DIB_REPOREF_ironic_python_agent=my-test-branch ironic-python-agent-builder ubuntu \u53c2\u8003\uff1a source-repositories \u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\u3002 \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a \u5f53\u524d\u7248\u672c\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ ramdisk\u955c\u50cf\u4e2d\u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 \u7f16\u8f91/usr/lib/systemd/system/ironic-python-agent.service\u6587\u4ef6 [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target","title":"Ironic"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2atrove\u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684trove\u6570\u636e\u5e93\uff0c\u66ff\u6362TROVE_DBPASS\u4e3a\u5408\u9002\u7684\u5bc6\u7801\u3002 CREATE DATABASE trove CHARACTER SET utf8; GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' IDENTIFIED BY 'TROVE_DBPASS'; GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' IDENTIFIED BY 'TROVE_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 # \u521b\u5efatrove\u7528\u6237 openstack user create --domain default --password-prompt trove # \u6dfb\u52a0admin\u89d2\u8272 openstack role add --project service --user trove admin # \u521b\u5efadatabase\u670d\u52a1 openstack service create --name trove --description \"Database service\" database \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5Trove\u3002 dnf install openstack-trove python-troveclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 \u7f16\u8f91/etc/trove/trove.conf\u3002 [DEFAULT] bind_host=192.168.0.2 log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver network_label_regex=.* management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] auth_url = http://controller:5000/v3/ auth_type = password project_domain_name = Default project_name = service user_domain_name = Default password = trove username = TROVE_PASS [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = trove password = TROVE_PASS [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u63a7\u5236\u8282\u70b9\u7684IP\u3002\\ transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801\u3002\\ [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f\u3002\\ Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801\u3002 \u7f16\u8f91/etc/trove/trove-guestagent.conf\u3002 [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df\u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a\u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002\\ transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801\u3002\\ Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801\u3002\\ \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 \u6570\u636e\u5e93\u540c\u6b65\u3002 su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-trove-api.service openstack-trove-taskmanager.service \\ openstack-trove-conductor.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#swift","text":"Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 Controller\u8282\u70b9 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 # \u521b\u5efaswift\u7528\u6237 openstack user create --domain default --password-prompt swift # \u6dfb\u52a0admin\u89d2\u8272 openstack role add --project service --user swift admin # \u521b\u5efa\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5Swift\u3002 dnf install openstack-swift-proxy python3-swiftclient python3-keystoneclient \\ python3-keystonemiddleware memcached \u914d\u7f6eproxy-server\u3002 Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cSWIFT_PASS\u5373\u53ef\u3002 vim /etc/swift/proxy-server.conf [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = swift password = SWIFT_PASS delay_auth_decision = True service_token_roles_required = True Storage\u8282\u70b9 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305\u3002 dnf install openstack-swift-account openstack-swift-container openstack-swift-object dnf install xfsprogs rsync \u5c06\u8bbe\u5907/dev/sdb\u548c/dev/sdc\u683c\u5f0f\u5316\u4e3aXFS\u3002 mkfs.xfs /dev/sdb mkfs.xfs /dev/sdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u3002 mkdir -p /srv/node/sdb mkdir -p /srv/node/sdc \u627e\u5230\u65b0\u5206\u533a\u7684UUID\u3002 blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d\u3002 UUID=\"<UUID-from-output-above>\" /srv/node/sdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/sdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\u3002 mount /srv/node/sdb mount /srv/node/sdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e\u3002 \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u914d\u7f6e\u5b58\u50a8\u8282\u70b9\u3002 \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 [DEFAULT] bind_ip = 192.168.0.4 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743\u3002 chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\u3002 mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift Controller\u8282\u70b9\u521b\u5efa\u5e76\u5206\u53d1\u73af \u521b\u5efa\u8d26\u53f7\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840 account.builder \u6587\u4ef6\u3002 swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder account.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS \\ --port 6202 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u8d26\u53f7\u73af\u5185\u5bb9\u3002 swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u8d26\u53f7\u73af\u3002 swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\u3002 swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder container.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u5bb9\u5668\u73af\u5185\u5bb9\u3002 swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u5bb9\u5668\u73af\u3002 swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\u3002 swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder object.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS \\ --port 6200 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u5bf9\u8c61\u73af\u5185\u5bb9\u3002 swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u5bf9\u8c61\u73af\u3002 swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\u3002 \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/swift/swift.conf\u3002 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\u3002 chown -R root:swift /etc/swift \u5b8c\u6210\u5b89\u88c5 \u5728\u63a7\u5236\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\u3002 systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\u3002 systemctl enable openstack-swift-account.service \\ openstack-swift-account-auditor.service \\ openstack-swift-account-reaper.service \\ openstack-swift-account-replicator.service \\ openstack-swift-container.service \\ openstack-swift-container-auditor.service \\ openstack-swift-container-replicator.service \\ openstack-swift-container-updater.service \\ openstack-swift-object.service \\ openstack-swift-object-auditor.service \\ openstack-swift-object-replicator.service \\ openstack-swift-object-updater.service systemctl start openstack-swift-account.service \\ openstack-swift-account-auditor.service \\ openstack-swift-account-reaper.service \\ openstack-swift-account-replicator.service \\ openstack-swift-container.service \\ openstack-swift-container-auditor.service \\ openstack-swift-container-replicator.service \\ openstack-swift-container-updater.service \\ openstack-swift-object.service \\ openstack-swift-object-auditor.service \\ openstack-swift-object-replicator.service \\ openstack-swift-object-updater.service","title":"Swift"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#cyborg","text":"Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 Controller\u8282\u70b9 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 mysql -u root -p MariaDB [(none)]> CREATE DATABASE cyborg; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u7528\u6237\u548c\u670d\u52a1\uff0c\u5e76\u8bb0\u4f4f\u521b\u5efacybory\u7528\u6237\u65f6\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6eCYBORG_PASS source ~/.admin-openrc openstack user create --domain default --password-prompt cyborg openstack role add --project service --user cyborg admin openstack service create --name cyborg --description \"Acceleration Service\" accelerator \u4f7f\u7528uwsgi\u90e8\u7f72Cyborg api\u670d\u52a1 openstack endpoint create --region RegionOne accelerator public http://controller/accelerator/v2 openstack endpoint create --region RegionOne accelerator internal http://controller/accelerator/v2 openstack endpoint create --region RegionOne accelerator admin http://controller/accelerator/v2 \u5b89\u88c5Cyborg dnf install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [api] host_ip = 0.0.0.0 [database] connection = mysql+pymysql://cyborg:CYBORG_DBPASS@controller/cyborg [service_catalog] cafile = /opt/stack/data/ca-bundle.pem project_domain_id = default user_domain_id = default project_name = service password = CYBORG_PASS username = cyborg auth_url = http://controller:5000/v3/ auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = password username = PLACEMENT_PASS auth_url = http://controller:5000/v3/ auth_type = password auth_section = keystone_authtoken [nova] project_domain_name = Default project_name = service user_domain_name = Default password = NOVA_PASS username = nova auth_url = http://controller:5000/v3/ auth_type = password auth_section = keystone_authtoken [keystone_authtoken] memcached_servers = localhost:11211 signing_dir = /var/cache/cyborg/api cafile = /opt/stack/data/ca-bundle.pem project_domain_name = Default project_name = service user_domain_name = Default password = CYBORG_PASS username = cyborg auth_url = http://controller:5000/v3/ auth_type = password \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent","title":"Cyborg"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#aodh","text":"Aodh\u53ef\u4ee5\u6839\u636e\u7531Ceilometer\u6216\u8005Gnocchi\u6536\u96c6\u7684\u76d1\u63a7\u6570\u636e\u521b\u5efa\u544a\u8b66\uff0c\u5e76\u8bbe\u7f6e\u89e6\u53d1\u89c4\u5219\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh\u3002 dnf install openstack-aodh-api openstack-aodh-evaluator \\ openstack-aodh-notifier openstack-aodh-listener \\ openstack-aodh-expirer python3-aodhclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/aodh/aodh.conf [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u540c\u6b65\u6570\u636e\u5e93\u3002 aodh-dbsync \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service \\ openstack-aodh-notifier.service openstack-aodh-listener.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service \\ openstack-aodh-notifier.service openstack-aodh-listener.service","title":"Aodh"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#gnocchi","text":"Gnocchi\u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u65f6\u95f4\u5e8f\u5217\u6570\u636e\u5e93\uff0c\u53ef\u4ee5\u5bf9\u63a5Ceilometer\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi\u3002 dnf install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. # coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u540c\u6b65\u6570\u636e\u5e93\u3002 gnocchi-upgrade \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service","title":"Gnocchi"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#ceilometer","text":"Ceilometer\u662fOpenStack\u4e2d\u8d1f\u8d23\u6570\u636e\u6536\u96c6\u7684\u670d\u52a1\u3002 Controller\u8282\u70b9 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer\u8f6f\u4ef6\u5305\u3002 dnf install openstack-ceilometer-notification openstack-ceilometer-central \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/pipeline.yaml\u3002 publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/ceilometer.conf\u3002 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u6570\u636e\u5e93\u540c\u6b65\u3002 ceilometer-upgrade \u5b8c\u6210\u63a7\u5236\u8282\u70b9Ceilometer\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Compute\u8282\u70b9 \u5b89\u88c5Ceilometer\u8f6f\u4ef6\u5305\u3002 dnf install openstack-ceilometer-compute dnf install openstack-ceilometer-ipmi # \u53ef\u9009 \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/ceilometer.conf\u3002 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_url = http://controller:5000 project_domain_id = default user_domain_id = default auth_type = password username = ceilometer project_name = service password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/nova/nova.conf\u3002 [DEFAULT] instance_usage_audit = True instance_usage_audit_period = hour [notifications] notify_on_state_change = vm_and_task_state [oslo_messaging_notifications] driver = messagingv2 \u5b8c\u6210\u5b89\u88c5\u3002 systemctl enable openstack-ceilometer-compute.service systemctl start openstack-ceilometer-compute.service systemctl enable openstack-ceilometer-ipmi.service # \u53ef\u9009 systemctl start openstack-ceilometer-ipmi.service # \u53ef\u9009 # \u91cd\u542fnova-compute\u670d\u52a1 systemctl restart openstack-nova-compute.service","title":"Ceilometer"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#heat","text":"Heat\u662f OpenStack \u81ea\u52a8\u7f16\u6392\u670d\u52a1\uff0c\u57fa\u4e8e\u63cf\u8ff0\u6027\u7684\u6a21\u677f\u6765\u7f16\u6392\u590d\u5408\u4e91\u5e94\u7528\uff0c\u4e5f\u79f0\u4e3a Orchestration Service \u3002Heat \u7684\u5404\u670d\u52a1\u4e00\u822c\u5b89\u88c5\u5728 Controller \u8282\u70b9\u4e0a\u3002 Controller\u8282\u70b9 \u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE heat; MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 source ~/.admin-openrc openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f \u521b\u5efa heat domain openstack domain create --description \"Stack projects and users\" heat \u5728 heat domain\u4e0b\u521b\u5efa heat_domain_admin \u7528\u6237\uff0c\u5e76\u8bb0\u4e0b\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6e\u4e0b\u9762\u7684 HEAT_DOMAIN_PASS openstack user create --domain heat --password-prompt heat_domain_admin \u4e3a heat_domain_admin \u7528\u6237\u589e\u52a0 admin \u89d2\u8272 openstack role add --domain heat --user-domain heat --user heat_domain_admin admin \u521b\u5efa heat_stack_owner \u89d2\u8272 openstack role create heat_stack_owner \u521b\u5efa heat_stack_user \u89d2\u8272 openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service","title":"Heat"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 Controller\u8282\u70b9 \uff1a \u5b89\u88c5Tempest dnf install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Antelope\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a dnf install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin","title":"Tempest"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#openstack-sigoos","text":"oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 yum install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff0cAK/SK\u662f\u7528\u6237\u7684\u534e\u4e3a\u4e91\u767b\u5f55\u5bc6\u94a5\uff0c\u5176\u4ed6\u914d\u7f6e\u4fdd\u6301\u9ed8\u8ba4\u5373\u53ef\uff08\u9ed8\u8ba4\u4f7f\u7528\u65b0\u52a0\u5761region\uff09\uff0c\u9700\u8981\u63d0\u524d\u5728\u4e91\u4e0a\u521b\u5efa\u5bf9\u5e94\u7684\u8d44\u6e90\uff0c\u5305\u62ec\uff1a \u4e00\u4e2a\u5b89\u5168\u7ec4\uff0c\u540d\u5b57\u9ed8\u8ba4\u662f oos \u4e00\u4e2aopenEuler\u955c\u50cf\uff0c\u540d\u79f0\u683c\u5f0f\u662fopenEuler-%(release)s-%(arch)s\uff0c\u4f8b\u5982 openEuler-24.03-SP2-arm64 \u4e00\u4e2aVPC\uff0c\u540d\u79f0\u662f oos_vpc \u8be5VPC\u4e0b\u9762\u4e24\u4e2a\u5b50\u7f51\uff0c\u540d\u79f0\u662f oos_subnet1 \u3001 oos_subnet2 [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668(\u53ea\u5728openEuler LTS\u4e0a\u652f\u6301) \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0|openEuler 24.03 LTS SP2\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 24.03-lts-SP2 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r antelope \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u6267\u884ctempest\u6d4b\u8bd5 \u7528\u6237\u53ef\u4ee5\u4f7f\u7528oos\u81ea\u52a8\u6267\u884c\uff1a oos env test test-oos \u4e5f\u53ef\u4ee5\u624b\u52a8\u767b\u5f55\u76ee\u6807\u8282\u70b9\uff0c\u8fdb\u5165\u6839\u76ee\u5f55\u4e0b\u7684 mytest \u76ee\u5f55\uff0c\u624b\u52a8\u6267\u884c tempest run \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u8df3\u8fc7\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u5728\u7b2c4\u6b65\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 \u88ab\u7eb3\u7ba1\u7684\u865a\u673a\u9700\u8981\u4fdd\u8bc1\uff1a \u81f3\u5c11\u6709\u4e00\u5f20\u7ed9oos\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e neutron_dataplane_interface_name \u81f3\u5c11\u6709\u4e00\u5757\u7ed9oos\u4f7f\u7528\u7684\u786c\u76d8\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e cinder_block_device \u5982\u679c\u8981\u90e8\u7f72swift\u670d\u52a1\uff0c\u5219\u9700\u8981\u65b0\u589e\u4e00\u5757\u786c\u76d8\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e swift_storage_devices # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 24.03-lts-SP2 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"\u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u90e8\u7f72"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/","text":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 OpenStack \u7b80\u4ecb \u00b6 OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 24.03-LTS-SP2 \u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Wallaby \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002 \u7ea6\u5b9a \u00b6 OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a CinderSP2 Nova Neutron \u51c6\u5907\u73af\u5883 \u00b6 \u73af\u5883\u914d\u7f6e \u00b6 \u914d\u7f6e 24.03 LTS SP2 \u5b98\u65b9 yum \u6e90\uff0c\u9700\u8981\u542f\u7528 EPOL \u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301 OpenStack yum update yum install openstack-release-wallaby yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP2/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-24.03-LTS-SP2/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute \u5b89\u88c5 SQL DataBase \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef \u5b89\u88c5 RabbitMQ \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5 Memcached \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u5b89\u88c5 OpenStack \u00b6 Keystone \u5b89\u88c5 \u00b6 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Placement\u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a source ~/.admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name Nova \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [libvirt] virt_type = qemu (CPT) cpu_mode = custom (CPT) cpu_model = cortex-a72 (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] vim /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } (CPT) \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL) Neutron \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service systemctl enable neutron-l3-agent.service systemctl restart openstack-nova-api.service neutron-server.service (CTL) neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list Cinder \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list horizon \u5b89\u88c5 \u00b6 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740 Tempest \u5b89\u88c5 \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Wallaby\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin Ironic \u5b89\u88c5 \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://172.20.19.13:5050/v1 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop transport_url = rabbit://openstack:RABBITPASSWD@controller:5672/ enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:123456@172.20.19.25:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 3\u3001\u914d\u7f6e\u6d88\u606f\u5ea6\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 4\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://control:5000 www_authenticate_uri = http://control:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = control:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True 5\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 6\u3001\u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c 7\u3001\u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\uff1a ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade 8\u3001\u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service 6.\u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7.deploy ramdisk\u955c\u50cf\u5236\u4f5c W\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528W\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\uff0c\u5982\u4e0b\uff1a \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a ![ironic-err](../../img/install/ironic-err.png) \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a w\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 1. \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a ``` [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ``` 2) ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 ``` [DEFAULT] enable_auto_tls = False ``` \u8bbe\u7f6e\u6743\u9650\uff1a ``` chown -R ipa.ipa /etc/ironic_python_agent/ ``` 3. \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service ``` [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target ``` Kolla \u5b89\u88c5 \u00b6 Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 24.03 LTS SP2\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002 Trove \u5b89\u88c5 \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 1.\u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; 2.\u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s 3.\u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 yum install openstack-trove python-troveclient 2. \u914d\u7f6e trove.conf vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] project_domain_name = Default project_name = service user_domain_name = Default password = trove username = trove auth_url = http://controller:5000/v3/ auth_type = password [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = trove project_domain_name = Default user_domain_name = Default username = trove [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 3.\u914d\u7f6e trove-guestagent.conf vim /etc/trove/trove-guestagent.conf [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 4.\u751f\u6210\u6570\u636e Trove \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"trove-manage db_sync\" trove 4.\u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Swift \u5b89\u88c5 \u00b6 Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** 4.\u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: ```shell yum install xfsprogs rsync ``` \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS ```shell mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc ``` \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: ```shell mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc ``` \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: ```shell blkid ``` \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: ```shell UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 ``` \u6302\u8f7d\u8bbe\u5907\uff1a ```shell mount /srv/node/vdb mount /srv/node/vdc ``` ***\u6ce8\u610f*** **\u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e** \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: ```shell [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock ``` **\u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740** \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: ```shell systemctl enable rsyncd.service systemctl start rsyncd.service ``` 5.\u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: ```shell yum install openstack-swift-account openstack-swift-container openstack-swift-object ``` \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: ```shell chown -R swift:swift /srv/node ``` \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a ```shell mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift ``` 6.\u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 ```shell cd /etc/swift ``` \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: ```shell swift-ring-builder account.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a ```shell swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f *** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder account.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder account.builder rebalance ``` 7.\u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230`/etc/swift`\u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840`container.builder`\u6587\u4ef6\uff1a ```shell swift-ring-builder container.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a ```shell swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f*** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder container.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder container.builder rebalance ``` 8.\u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230`/etc/swift`\u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840`object.builder`\u6587\u4ef6\uff1a ```shell swift-ring-builder object.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d ```shell swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f *** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder object.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder object.builder rebalance ``` \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06`account.ring.gz`\uff0c`container.ring.gz`\u4ee5\u53ca `object.ring.gz`\u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684`/etc/swift`\u76ee\u5f55\u3002 9.\u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service Cyborg \u5b89\u88c5 \u00b6 Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 1.\u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 3.\u5b89\u88c5Cyborg yum install openstack-cyborg 4.\u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f 5.\u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade 6.\u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent Aodh \u5b89\u88c5 \u00b6 1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 3.\u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u6ce8\u610f aodh\u4f9d\u8d56\u7684\u8f6f\u4ef6\u5305pytho3-pyparsing\u5728openEuler\u7684OS\u4ed3\u4e0d\u9002\u914d\uff0c\u9700\u8981\u8986\u76d6\u5b89\u88c5OpenStack\u5bf9\u5e94\u7248\u672c\uff0c\u53ef\u4ee5\u4f7f\u7528 yum list |grep pyparsing |grep OpenStack | awk '{print $2}' \u83b7\u53d6\u5bf9\u5e94\u7684\u7248\u672c VERSION,\u7136\u540e\u518d yum install -y python3-pyparsing-VERSION \u8986\u76d6\u5b89\u88c5\u9002\u914d\u7684pyparsing 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync 6.\u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service Gnocchi \u5b89\u88c5 \u00b6 1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 3.\u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade 6.\u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service Ceilometer \u5b89\u88c5 \u00b6 1.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering 2.\u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central 3.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade 6.\u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Heat \u5b89\u88c5 \u00b6 1.\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; 2.\u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin 3.\u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 4.\u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user 5.\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine 6.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 7.\u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat 8.\u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 \u00b6 oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 yum install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 24.03-LTS-SP2\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 24.03-lts-SP2 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r wallaby \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 24.03-lts-SP2 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"openEuler-24.03-LTS-SP2_Wallaby"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#openstack-wallaby","text":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72","title":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#openstack","text":"OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 24.03-LTS-SP2 \u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Wallaby \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002","title":"OpenStack \u7b80\u4ecb"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#_1","text":"OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a CinderSP2 Nova Neutron","title":"\u7ea6\u5b9a"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#_2","text":"","title":"\u51c6\u5907\u73af\u5883"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#_3","text":"\u914d\u7f6e 24.03 LTS SP2 \u5b98\u65b9 yum \u6e90\uff0c\u9700\u8981\u542f\u7528 EPOL \u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301 OpenStack yum update yum install openstack-release-wallaby yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP2/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-24.03-LTS-SP2/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute","title":"\u73af\u5883\u914d\u7f6e"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#sql-database","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef","title":"\u5b89\u88c5 SQL DataBase"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#rabbitmq","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5 RabbitMQ"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#memcached","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002","title":"\u5b89\u88c5 Memcached"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#openstack_1","text":"","title":"\u5b89\u88c5 OpenStack"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#keystone","text":"\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#glance","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#placement","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a source ~/.admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name","title":"Placement\u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#nova","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [libvirt] virt_type = qemu (CPT) cpu_mode = custom (CPT) cpu_model = cortex-a72 (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] vim /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } (CPT) \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL)","title":"Nova \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#neutron","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service systemctl enable neutron-l3-agent.service systemctl restart openstack-nova-api.service neutron-server.service (CTL) neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list","title":"Neutron \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#cinder","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list","title":"Cinder \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#horizon","text":"\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740","title":"horizon \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Wallaby\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin","title":"Tempest \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://172.20.19.13:5050/v1 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop transport_url = rabbit://openstack:RABBITPASSWD@controller:5672/ enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:123456@172.20.19.25:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 3\u3001\u914d\u7f6e\u6d88\u606f\u5ea6\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 4\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://control:5000 www_authenticate_uri = http://control:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = control:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True 5\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 6\u3001\u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c 7\u3001\u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\uff1a ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade 8\u3001\u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service 6.\u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7.deploy ramdisk\u955c\u50cf\u5236\u4f5c W\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528W\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\uff0c\u5982\u4e0b\uff1a \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a ![ironic-err](../../img/install/ironic-err.png) \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a w\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 1. \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a ``` [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ``` 2) ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 ``` [DEFAULT] enable_auto_tls = False ``` \u8bbe\u7f6e\u6743\u9650\uff1a ``` chown -R ipa.ipa /etc/ironic_python_agent/ ``` 3. \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service ``` [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target ```","title":"Ironic \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#kolla","text":"Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 24.03 LTS SP2\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002","title":"Kolla \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 1.\u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; 2.\u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s 3.\u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 yum install openstack-trove python-troveclient 2. \u914d\u7f6e trove.conf vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] project_domain_name = Default project_name = service user_domain_name = Default password = trove username = trove auth_url = http://controller:5000/v3/ auth_type = password [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = trove project_domain_name = Default user_domain_name = Default username = trove [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 3.\u914d\u7f6e trove-guestagent.conf vim /etc/trove/trove-guestagent.conf [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 4.\u751f\u6210\u6570\u636e Trove \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"trove-manage db_sync\" trove 4.\u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#swift","text":"Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** 4.\u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: ```shell yum install xfsprogs rsync ``` \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS ```shell mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc ``` \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: ```shell mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc ``` \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: ```shell blkid ``` \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: ```shell UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 ``` \u6302\u8f7d\u8bbe\u5907\uff1a ```shell mount /srv/node/vdb mount /srv/node/vdc ``` ***\u6ce8\u610f*** **\u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e** \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: ```shell [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock ``` **\u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740** \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: ```shell systemctl enable rsyncd.service systemctl start rsyncd.service ``` 5.\u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: ```shell yum install openstack-swift-account openstack-swift-container openstack-swift-object ``` \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: ```shell chown -R swift:swift /srv/node ``` \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a ```shell mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift ``` 6.\u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 ```shell cd /etc/swift ``` \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: ```shell swift-ring-builder account.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a ```shell swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f *** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder account.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder account.builder rebalance ``` 7.\u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230`/etc/swift`\u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840`container.builder`\u6587\u4ef6\uff1a ```shell swift-ring-builder container.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a ```shell swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f*** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder container.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder container.builder rebalance ``` 8.\u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230`/etc/swift`\u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840`object.builder`\u6587\u4ef6\uff1a ```shell swift-ring-builder object.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d ```shell swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f *** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder object.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder object.builder rebalance ``` \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06`account.ring.gz`\uff0c`container.ring.gz`\u4ee5\u53ca `object.ring.gz`\u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684`/etc/swift`\u76ee\u5f55\u3002 9.\u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service","title":"Swift \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#cyborg","text":"Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 1.\u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 3.\u5b89\u88c5Cyborg yum install openstack-cyborg 4.\u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f 5.\u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade 6.\u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent","title":"Cyborg \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#aodh","text":"1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 3.\u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u6ce8\u610f aodh\u4f9d\u8d56\u7684\u8f6f\u4ef6\u5305pytho3-pyparsing\u5728openEuler\u7684OS\u4ed3\u4e0d\u9002\u914d\uff0c\u9700\u8981\u8986\u76d6\u5b89\u88c5OpenStack\u5bf9\u5e94\u7248\u672c\uff0c\u53ef\u4ee5\u4f7f\u7528 yum list |grep pyparsing |grep OpenStack | awk '{print $2}' \u83b7\u53d6\u5bf9\u5e94\u7684\u7248\u672c VERSION,\u7136\u540e\u518d yum install -y python3-pyparsing-VERSION \u8986\u76d6\u5b89\u88c5\u9002\u914d\u7684pyparsing 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync 6.\u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service","title":"Aodh \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#gnocchi","text":"1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 3.\u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade 6.\u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service","title":"Gnocchi \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#ceilometer","text":"1.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering 2.\u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central 3.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade 6.\u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service","title":"Ceilometer \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#heat","text":"1.\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; 2.\u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin 3.\u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 4.\u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user 5.\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine 6.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 7.\u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat 8.\u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service","title":"Heat \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#openstack-sigoos","text":"oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 yum install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 24.03-LTS-SP2\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 24.03-lts-SP2 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r wallaby \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 24.03-lts-SP2 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"\u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72"},{"location":"install/openEuler-25.03/OpenStack-antelope/","text":"OpenStack Antelope \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack Antelope \u90e8\u7f72\u6307\u5357 \u57fa\u4e8eRPM\u90e8\u7f72 \u73af\u5883\u51c6\u5907 \u65f6\u949f\u540c\u6b65 \u5b89\u88c5\u6570\u636e\u5e93 \u5b89\u88c5\u6d88\u606f\u961f\u5217 \u5b89\u88c5\u7f13\u5b58\u670d\u52a1 \u90e8\u7f72\u670d\u52a1 Keystone Glance Placement Nova Neutron Cinder Horizon Ironic Trove Swift Cyborg Aodh Gnocchi Ceilometer Heat Tempest \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u90e8\u7f72 \u672c\u6587\u6863\u662f openEuler OpenStack SIG \u7f16\u5199\u7684\u57fa\u4e8e |openEuler 25.03 \u7684 OpenStack \u90e8\u7f72\u6307\u5357\uff0c\u5185\u5bb9\u7531 SIG \u8d21\u732e\u8005\u63d0\u4f9b\u3002\u5728\u9605\u8bfb\u8fc7\u7a0b\u4e2d\uff0c\u5982\u679c\u60a8\u6709\u4efb\u4f55\u7591\u95ee\u6216\u8005\u53d1\u73b0\u4efb\u4f55\u95ee\u9898\uff0c\u8bf7 \u8054\u7cfb SIG\u7ef4\u62a4\u4eba\u5458\uff0c\u6216\u8005\u76f4\u63a5 \u63d0\u4ea4issue \u7ea6\u5b9a \u672c\u7ae0\u8282\u63cf\u8ff0\u6587\u6863\u4e2d\u7684\u4e00\u4e9b\u901a\u7528\u7ea6\u5b9a\u3002 \u540d\u79f0 \u5b9a\u4e49 RABBIT_PASS rabbitmq\u7684\u5bc6\u7801\uff0c\u7531\u7528\u6237\u8bbe\u7f6e\uff0c\u5728OpenStack\u5404\u4e2a\u670d\u52a1\u914d\u7f6e\u4e2d\u4f7f\u7528 CINDER_PASS cinder\u670d\u52a1keystone\u7528\u6237\u7684\u5bc6\u7801\uff0c\u5728cinder\u914d\u7f6e\u4e2d\u4f7f\u7528 CINDER_DBPASS cinder\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728cinder\u914d\u7f6e\u4e2d\u4f7f\u7528 KEYSTONE_DBPASS keystone\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728keystone\u914d\u7f6e\u4e2d\u4f7f\u7528 GLANCE_PASS glance\u670d\u52a1keystone\u7528\u6237\u7684\u5bc6\u7801\uff0c\u5728glance\u914d\u7f6e\u4e2d\u4f7f\u7528 GLANCE_DBPASS glance\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728glance\u914d\u7f6e\u4e2d\u4f7f\u7528 HEAT_PASS \u5728keystone\u6ce8\u518c\u7684heat\u7528\u6237\u5bc6\u7801\uff0c\u5728heat\u914d\u7f6e\u4e2d\u4f7f\u7528 HEAT_DBPASS heat\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728heat\u914d\u7f6e\u4e2d\u4f7f\u7528 CYBORG_PASS \u5728keystone\u6ce8\u518c\u7684cyborg\u7528\u6237\u5bc6\u7801\uff0c\u5728cyborg\u914d\u7f6e\u4e2d\u4f7f\u7528 CYBORG_DBPASS cyborg\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728cyborg\u914d\u7f6e\u4e2d\u4f7f\u7528 NEUTRON_PASS \u5728keystone\u6ce8\u518c\u7684neutron\u7528\u6237\u5bc6\u7801\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 NEUTRON_DBPASS neutron\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 PROVIDER_INTERFACE_NAME \u7269\u7406\u7f51\u7edc\u63a5\u53e3\u7684\u540d\u79f0\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 OVERLAY_INTERFACE_IP_ADDRESS Controller\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406ip\u5730\u5740\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 METADATA_SECRET metadata proxy\u7684secret\u5bc6\u7801\uff0c\u5728nova\u548cneutron\u914d\u7f6e\u4e2d\u4f7f\u7528 PLACEMENT_DBPASS placement\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728placement\u914d\u7f6e\u4e2d\u4f7f\u7528 PLACEMENT_PASS \u5728keystone\u6ce8\u518c\u7684placement\u7528\u6237\u5bc6\u7801\uff0c\u5728placement\u914d\u7f6e\u4e2d\u4f7f\u7528 NOVA_DBPASS nova\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728nova\u914d\u7f6e\u4e2d\u4f7f\u7528 NOVA_PASS \u5728keystone\u6ce8\u518c\u7684nova\u7528\u6237\u5bc6\u7801\uff0c\u5728nova,cyborg,neutron\u7b49\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_DBPASS ironic\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728ironic\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_PASS \u5728keystone\u6ce8\u518c\u7684ironic\u7528\u6237\u5bc6\u7801\uff0c\u5728ironic\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_INSPECTOR_DBPASS ironic-inspector\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728ironic-inspector\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_INSPECTOR_PASS \u5728keystone\u6ce8\u518c\u7684ironic-inspector\u7528\u6237\u5bc6\u7801\uff0c\u5728ironic-inspector\u914d\u7f6e\u4e2d\u4f7f\u7528 OpenStack SIG \u63d0\u4f9b\u4e86\u591a\u79cd\u57fa\u4e8e openEuler \u90e8\u7f72 OpenStack \u7684\u65b9\u6cd5\uff0c\u4ee5\u6ee1\u8db3\u4e0d\u540c\u7684\u7528\u6237\u573a\u666f\uff0c\u8bf7\u6309\u9700\u9009\u62e9\u3002 \u57fa\u4e8eRPM\u90e8\u7f72 \u00b6 \u73af\u5883\u51c6\u5907 \u00b6 \u672c\u6587\u6863\u57fa\u4e8eOpenStack\u7ecf\u5178\u7684\u4e09\u8282\u70b9\u73af\u5883\u8fdb\u884c\u90e8\u7f72\uff0c\u4e09\u4e2a\u8282\u70b9\u5206\u522b\u662f\u63a7\u5236\u8282\u70b9(Controller)\u3001\u8ba1\u7b97\u8282\u70b9(Compute)\u3001\u5b58\u50a8\u8282\u70b9(Storage)\uff0c\u5176\u4e2d\u5b58\u50a8\u8282\u70b9\u4e00\u822c\u53ea\u90e8\u7f72\u5b58\u50a8\u670d\u52a1\uff0c\u5728\u8d44\u6e90\u6709\u9650\u7684\u60c5\u51b5\u4e0b\uff0c\u53ef\u4ee5\u4e0d\u5355\u72ec\u90e8\u7f72\u8be5\u8282\u70b9\uff0c\u628a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u670d\u52a1\u90e8\u7f72\u5230\u8ba1\u7b97\u8282\u70b9\u5373\u53ef\u3002 \u9996\u5148\u51c6\u5907\u4e09\u4e2a|openEuler 25.03\u73af\u5883\uff0c\u6839\u636e\u60a8\u7684\u73af\u5883\uff0c\u4e0b\u8f7d\u5bf9\u5e94\u7684\u955c\u50cf\u5e76\u5b89\u88c5\u5373\u53ef\uff1a[ISO\u955c\u50cf] https://repo.openeuler.org/openEuler-24.03-LTS-SP1/ISO/ \u3001[qcow2\u955c\u50cf] https://repo.openeuler.org/openEuler-24.03-LTS-SP1/virtual_machine_img/ \u3002 \u4e0b\u9762\u7684\u5b89\u88c5\u6309\u7167\u5982\u4e0b\u62d3\u6251\u8fdb\u884c\uff1a controller\uff1a192.168.0.2 compute\uff1a 192.168.0.3 storage\uff1a 192.168.0.4 \u5982\u679c\u60a8\u7684\u73af\u5883IP\u4e0d\u540c\uff0c\u8bf7\u6309\u7167\u60a8\u7684\u73af\u5883IP\u4fee\u6539\u76f8\u5e94\u7684\u914d\u7f6e\u6587\u4ef6\u3002 \u672c\u6587\u6863\u7684\u4e09\u8282\u70b9\u670d\u52a1\u62d3\u6251\u5982\u4e0b\u56fe\u6240\u793a(\u53ea\u5305\u542bKeystone\u3001Glance\u3001Nova\u3001Cinder\u3001Neutron\u8fd9\u51e0\u4e2a\u6838\u5fc3\u670d\u52a1\uff0c\u5176\u4ed6\u670d\u52a1\u8bf7\u53c2\u8003\u5177\u4f53\u90e8\u7f72\u7ae0\u8282)\uff1a \u5728\u6b63\u5f0f\u90e8\u7f72\u4e4b\u524d\uff0c\u9700\u8981\u5bf9\u6bcf\u4e2a\u8282\u70b9\u505a\u5982\u4e0b\u914d\u7f6e\u548c\u68c0\u67e5\uff1a \u914d\u7f6e |openEuler 25.03 \u5b98\u65b9 yum \u6e90\uff0c\u9700\u8981\u542f\u7528 EPOL \u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301 OpenStack yum update yum install openstack-release-antelope yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP1/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-24.03-LTS-SP1/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u6bcf\u4e2a\u8282\u70b9\u5206\u522b\u4fee\u6539\u4e3b\u673a\u540d\uff0c\u4ee5controller\u4e3a\u4f8b\uff1a hostnamectl set-hostname controller vi /etc/hostname \u5185\u5bb9\u4fee\u6539\u4e3acontroller \u7136\u540e\u4fee\u6539\u6bcf\u4e2a\u8282\u70b9\u7684 /etc/hosts \u6587\u4ef6\uff0c\u65b0\u589e\u5982\u4e0b\u5185\u5bb9: 192.168.0.2 controller 192.168.0.3 compute 192.168.0.4 storage \u65f6\u949f\u540c\u6b65 \u00b6 \u96c6\u7fa4\u73af\u5883\u65f6\u523b\u8981\u6c42\u6bcf\u4e2a\u8282\u70b9\u7684\u65f6\u95f4\u4e00\u81f4\uff0c\u4e00\u822c\u7531\u65f6\u949f\u540c\u6b65\u8f6f\u4ef6\u4fdd\u8bc1\u3002\u672c\u6587\u4f7f\u7528 chrony \u8f6f\u4ef6\u3002\u6b65\u9aa4\u5982\u4e0b\uff1a Controller\u8282\u70b9 \uff1a \u5b89\u88c5\u670d\u52a1 dnf install chrony \u4fee\u6539 /etc/chrony.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u65b0\u589e\u4e00\u884c # \u8868\u793a\u5141\u8bb8\u54ea\u4e9bIP\u4ece\u672c\u8282\u70b9\u540c\u6b65\u65f6\u949f allow 192.168.0.0/24 \u91cd\u542f\u670d\u52a1 systemctl restart chronyd \u5176\u4ed6\u8282\u70b9 \u5b89\u88c5\u670d\u52a1 dnf install chrony \u4fee\u6539 /etc/chrony.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u65b0\u589e\u4e00\u884c # NTP_SERVER\u662fcontroller IP\uff0c\u8868\u793a\u4ece\u8fd9\u4e2a\u673a\u5668\u83b7\u53d6\u65f6\u95f4\uff0c\u8fd9\u91cc\u6211\u4eec\u586b192.168.0.2\uff0c\u6216\u8005\u5728`/etc/hosts`\u91cc\u914d\u7f6e\u597d\u7684controller\u540d\u5b57\u5373\u53ef\u3002 server NTP_SERVER iburst \u540c\u65f6\uff0c\u8981\u628a pool pool.ntp.org iburst \u8fd9\u4e00\u884c\u6ce8\u91ca\u6389\uff0c\u8868\u793a\u4e0d\u4ece\u516c\u7f51\u540c\u6b65\u65f6\u949f\u3002 \u91cd\u542f\u670d\u52a1 systemctl restart chronyd \u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u68c0\u67e5\u4e00\u4e0b\u7ed3\u679c\uff0c\u5728\u5176\u4ed6\u975econtroller\u8282\u70b9\u6267\u884c chronyc sources \uff0c\u8fd4\u56de\u7ed3\u679c\u7c7b\u4f3c\u5982\u4e0b\u5185\u5bb9\uff0c\u8868\u793a\u6210\u529f\u4ececontroller\u540c\u6b65\u65f6\u949f\u3002 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* 192.168.0.2 4 6 7 0 -1406ns[ +55us] +/- 16ms \u5b89\u88c5\u6570\u636e\u5e93 \u00b6 \u6570\u636e\u5e93\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528mariadb\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install mysql-config mariadb mariadb-server python3-PyMySQL \u65b0\u589e\u914d\u7f6e\u6587\u4ef6 /etc/my.cnf.d/openstack.cnf \uff0c\u5185\u5bb9\u5982\u4e0b [mysqld] bind-address = 192.168.0.2 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u542f\u52a8\u670d\u52a1\u5668 systemctl start mariadb \u521d\u59cb\u5316\u6570\u636e\u5e93\uff0c\u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef mysql_secure_installation \u793a\u4f8b\u5982\u4e0b\uff1a NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and haven't set the root password yet, you should just press enter here. Enter current password for root (enter for none): #\u8fd9\u91cc\u8f93\u5165\u5bc6\u7801\uff0c\u7531\u4e8e\u6211\u4eec\u662f\u521d\u59cb\u5316DB\uff0c\u76f4\u63a5\u56de\u8f66\u5c31\u884c OK, successfully used password, moving on... Setting the root password or using the unix_socket ensures that nobody can log into the MariaDB root user without the proper authorisation. You already have your root account protected, so you can safely answer 'n'. # \u8fd9\u91cc\u6839\u636e\u63d0\u793a\u8f93\u5165N Switch to unix_socket authentication [Y/n] N Enabled successfully! Reloading privilege tables.. ... Success! You already have your root account protected, so you can safely answer 'n'. # \u8f93\u5165Y\uff0c\u4fee\u6539\u5bc6\u7801 Change the root password? [Y/n] Y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. # \u8f93\u5165Y\uff0c\u5220\u9664\u533f\u540d\u7528\u6237 Remove anonymous users? [Y/n] Y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. # \u8f93\u5165Y\uff0c\u5173\u95edroot\u8fdc\u7a0b\u767b\u5f55\u6743\u9650 Disallow root login remotely? [Y/n] Y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. # \u8f93\u5165Y\uff0c\u5220\u9664test\u6570\u636e\u5e93 Remove test database and access to it? [Y/n] Y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. # \u8f93\u5165Y\uff0c\u91cd\u8f7d\u914d\u7f6e Reload privilege tables now? [Y/n] Y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. \u9a8c\u8bc1\uff0c\u6839\u636e\u7b2c\u56db\u6b65\u8bbe\u7f6e\u7684\u5bc6\u7801\uff0c\u68c0\u67e5\u662f\u5426\u80fd\u767b\u5f55mariadb mysql -uroot -p \u5b89\u88c5\u6d88\u606f\u961f\u5217 \u00b6 \u6d88\u606f\u961f\u5217\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528rabbitmq\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install rabbitmq-server \u542f\u52a8\u670d\u52a1 systemctl start rabbitmq-server \u914d\u7f6eopenstack\u7528\u6237\uff0c RABBIT_PASS \u662fopenstack\u670d\u52a1\u767b\u5f55\u6d88\u606f\u961f\u91cc\u7684\u5bc6\u7801\uff0c\u9700\u8981\u548c\u540e\u9762\u5404\u4e2a\u670d\u52a1\u7684\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\u3002 rabbitmqctl add_user openstack RABBIT_PASS rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5\u7f13\u5b58\u670d\u52a1 \u00b6 \u7f13\u5b58\u670d\u52a1\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528Memcached\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install memcached python3-memcached \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u542f\u52a8\u670d\u52a1 systemctl start memcached \u90e8\u7f72\u670d\u52a1 \u00b6 Keystone \u00b6 Keystone\u662fOpenStack\u63d0\u4f9b\u7684\u9274\u6743\u670d\u52a1\uff0c\u662f\u6574\u4e2aOpenStack\u7684\u5165\u53e3\uff0c\u63d0\u4f9b\u4e86\u79df\u6237\u9694\u79bb\u3001\u7528\u6237\u8ba4\u8bc1\u3001\u670d\u52a1\u53d1\u73b0\u7b49\u529f\u80fd\uff0c\u5fc5\u987b\u5b89\u88c5\u3002 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server \u6253\u5f00httpd.conf\u5e76\u914d\u7f6e #\u9700\u8981\u4fee\u6539\u7684\u914d\u7f6e\u6587\u4ef6\u8def\u5f84 vim /etc/httpd/conf/httpd.conf #\u4fee\u6539\u4ee5\u4e0b\u9879\uff0c\u5982\u679c\u6ca1\u6709\u5219\u65b0\u6dfb\u52a0 ServerName controller \u521b\u5efa\u8f6f\u94fe\u63a5 ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles \u9700\u8981\u5148\u5b89\u88c5python3-openstackclient dnf install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u00b6 Glance\u662fOpenStack\u63d0\u4f9b\u7684\u955c\u50cf\u670d\u52a1\uff0c\u8d1f\u8d23\u865a\u62df\u673a\u3001\u88f8\u673a\u955c\u50cf\u7684\u4e0a\u4f20\u4e0e\u4e0b\u8f7d\uff0c\u5fc5\u987b\u5b89\u88c5\u3002 Controller\u8282\u70b9 \uff1a \u521b\u5efa glance \u6570\u636e\u5e93\u5e76\u6388\u6743 mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521d\u59cb\u5316 glance \u8d44\u6e90\u5bf9\u8c61 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efa\u7528\u6237\u65f6\uff0c\u547d\u4ee4\u884c\u4f1a\u63d0\u793a\u8f93\u5165\u5bc6\u7801\uff0c\u8bf7\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u5bc6\u7801\uff0c\u4e0b\u6587\u6d89\u53ca\u5230 GLANCE_PASS \u7684\u5730\u65b9\u66ff\u6362\u6210\u8be5\u5bc6\u7801\u5373\u53ef\u3002 openstack user create --domain default --password-prompt glance User Password: Repeat User Password: \u6dfb\u52a0glance\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user glance admin \u521b\u5efaglance\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efaglance API\u670d\u52a1\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-glance \u4fee\u6539 glance \u914d\u7f6e\u6587\u4ef6 vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrcu \u4e0b\u8f7d\u955c\u50cf x86\u955c\u50cf\u4e0b\u8f7d\uff1a wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img arm\u955c\u50cf\u4e0b\u8f7d\uff1a wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-aarch64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Placement \u00b6 Placement\u662fOpenStack\u63d0\u4f9b\u7684\u8d44\u6e90\u8c03\u5ea6\u7ec4\u4ef6\uff0c\u4e00\u822c\u4e0d\u9762\u5411\u7528\u6237\uff0c\u7531Nova\u7b49\u7ec4\u4ef6\u8c03\u7528\uff0c\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\u3002 \u5b89\u88c5\u3001\u914d\u7f6ePlacement\u670d\u52a1\u524d\uff0c\u9700\u8981\u5148\u521b\u5efa\u76f8\u5e94\u7684\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548cAPI endpoints\u3002 \u521b\u5efa\u6570\u636e\u5e93 \u4f7f\u7528root\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\u670d\u52a1\uff1a mysql -u root -p \u521b\u5efaplacement\u6570\u636e\u5e93\uff1a MariaDB [(none)]> CREATE DATABASE placement; \u6388\u6743\u6570\u636e\u5e93\u8bbf\u95ee\uff1a MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; \u66ff\u6362 PLACEMENT_DBPASS \u4e3aplacement\u6570\u636e\u5e93\u8bbf\u95ee\u5bc6\u7801\u3002 \u9000\u51fa\u6570\u636e\u5e93\u8bbf\u95ee\u5ba2\u6237\u7aef\uff1a exit \u914d\u7f6e\u7528\u6237\u548cEndpoints source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u521b\u5efaplacement\u7528\u6237\u5e76\u8bbe\u7f6e\u7528\u6237\u5bc6\u7801\uff1a openstack user create --domain default --password-prompt placement User Password: Repeat User Password: \u6dfb\u52a0placement\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user placement admin \u521b\u5efaplacement\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name placement \\ --description \"Placement API\" placement \u521b\u5efaPlacement API\u670d\u52a1endpoints\uff1a openstack endpoint create --region RegionOne \\ placement public http://controller:8778 openstack endpoint create --region RegionOne \\ placement internal http://controller:8778 openstack endpoint create --region RegionOne \\ placement admin http://controller:8778 \u5b89\u88c5\u53ca\u914d\u7f6e\u7ec4\u4ef6 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a dnf install openstack-placement-api \u7f16\u8f91 /etc/placement/placement.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u5b8c\u6210\u5982\u4e0b\u64cd\u4f5c\uff1a \u5728 [placement_database] \u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1a [placement_database] connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement \u66ff\u6362 PLACEMENT_DBPASS \u4e3aplacement\u6570\u636e\u5e93\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u6570\u636e\u5e93\u540c\u6b65\uff0c\u586b\u5145Placement\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8\u670d\u52a1 \u91cd\u542fhttpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650 source ~/.admin-openrc \u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a placement-status upgrade check +----------------------------------------------------------------------+ | Upgrade Check Results | +----------------------------------------------------------------------+ | Check: Missing Root Provider IDs | | Result: Success | | Details: None | +----------------------------------------------------------------------+ | Check: Incomplete Consumers | | Result: Success | | Details: None | +----------------------------------------------------------------------+ | Check: Policy File JSON to YAML Migration | | Result: Failure | | Details: Your policy file is JSON-formatted which is deprecated. You | | need to switch to YAML-formatted file. Use the | | ``oslopolicy-convert-json-to-yaml`` tool to convert the | | existing JSON-formatted files to YAML in a backwards- | | compatible manner: https://docs.openstack.org/oslo.policy/ | | latest/cli/oslopolicy-convert-json-to-yaml.html. | +----------------------------------------------------------------------+ \u8fd9\u91cc\u53ef\u4ee5\u770b\u5230 Policy File JSON to YAML Migration \u7684\u7ed3\u679c\u4e3aFailure\u3002\u8fd9\u662f\u56e0\u4e3a\u5728Placement\u4e2d\uff0cJSON\u683c\u5f0f\u7684policy\u6587\u4ef6\u4eceWallaby\u7248\u672c\u5f00\u59cb\u5df2\u5904\u4e8e deprecated \u72b6\u6001\u3002\u53ef\u4ee5\u53c2\u8003\u63d0\u793a\uff0c\u4f7f\u7528 oslopolicy-convert-json-to-yaml \u5de5\u5177 \u5c06\u73b0\u6709\u7684JSON\u683c\u5f0fpolicy\u6587\u4ef6\u8f6c\u5316\u4e3aYAML\u683c\u5f0f\u3002 oslopolicy-convert-json-to-yaml --namespace placement \\ --policy-file /etc/placement/policy.json \\ --output-file /etc/placement/policy.yaml mv /etc/placement/policy.json{,.bak} \u6ce8\uff1a\u5f53\u524d\u73af\u5883\u4e2d\u6b64\u95ee\u9898\u53ef\u5ffd\u7565\uff0c\u4e0d\u5f71\u54cd\u8fd0\u884c\u3002 \u9488\u5bf9placement API\u8fd0\u884c\u547d\u4ee4\uff1a \u5b89\u88c5osc-placement\u63d2\u4ef6\uff1a dnf install python3-osc-placement \u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a openstack --os-placement-api-version 1.2 resource class list --sort-column name +----------------------------+ | name | +----------------------------+ | DISK_GB | | FPGA | | ... | openstack --os-placement-api-version 1.6 trait list --sort-column name +---------------------------------------+ | name | +---------------------------------------+ | COMPUTE_ACCELERATORS | | COMPUTE_ARCH_AARCH64 | | ... | Nova \u00b6 Nova\u662fOpenStack\u7684\u8ba1\u7b97\u670d\u52a1\uff0c\u8d1f\u8d23\u865a\u62df\u673a\u7684\u521b\u5efa\u3001\u53d1\u653e\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u521b\u5efa\u6570\u636e\u5e93 \u4f7f\u7528root\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\u670d\u52a1\uff1a mysql -u root -p \u521b\u5efa nova_api \u3001 nova \u548c nova_cell0 \u6570\u636e\u5e93\uff1a MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; \u6388\u6743\u6570\u636e\u5e93\u8bbf\u95ee\uff1a MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; \u66ff\u6362 NOVA_DBPASS \u4e3anova\u76f8\u5173\u6570\u636e\u5e93\u8bbf\u95ee\u5bc6\u7801\u3002 \u9000\u51fa\u6570\u636e\u5e93\u8bbf\u95ee\u5ba2\u6237\u7aef\uff1a exit \u914d\u7f6e\u7528\u6237\u548cEndpoints source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u521b\u5efanova\u7528\u6237\u5e76\u8bbe\u7f6e\u7528\u6237\u5bc6\u7801\uff1a openstack user create --domain default --password-prompt nova User Password: Repeat User Password: \u6dfb\u52a0nova\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user nova admin \u521b\u5efanova\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name nova \\ --description \"OpenStack Compute\" compute \u521b\u5efaNova API\u670d\u52a1endpoints\uff1a openstack endpoint create --region RegionOne \\ compute public http://controller:8774/v2.1 openstack endpoint create --region RegionOne \\ compute internal http://controller:8774/v2.1 openstack endpoint create --region RegionOne \\ compute admin http://controller:8774/v2.1 \u5b89\u88c5\u53ca\u914d\u7f6e\u7ec4\u4ef6 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a dnf install openstack-nova-api openstack-nova-conductor \\ openstack-nova-novncproxy openstack-nova-scheduler \u7f16\u8f91 /etc/nova/nova.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u5b8c\u6210\u5982\u4e0b\u64cd\u4f5c\uff1a \u5728 [default] \u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u4f7f\u7528controller\u8282\u70b9\u7ba1\u7406IP\u914d\u7f6emy_ip\uff0c\u663e\u5f0f\u5b9a\u4e49log_dir\uff1a [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 192.168.0.2 log_dir = /var/log/nova state_path = /var/lib/nova \u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002 \u5728 [api_database] \u548c [database] \u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1a [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova \u66ff\u6362 NOVA_DBPASS \u4e3anova\u76f8\u5173\u6570\u636e\u5e93\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u5728 [vnc] \u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1a [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip \u5728 [glance] \u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1a [glance] api_servers = http://controller:9292 \u5728 [oslo_concurrency] \u90e8\u5206\uff0c\u914d\u7f6elock path\uff1a [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\uff1a [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u6570\u636e\u5e93\u540c\u6b65\uff1a \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova \u542f\u52a8\u670d\u52a1 systemctl enable \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service Compute\u8282\u70b9 \u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-nova-compute \u7f16\u8f91 /etc/nova/nova.conf \u914d\u7f6e\u6587\u4ef6 \u5728 [default] \u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u4f7f\u7528Compute\u8282\u70b9\u7ba1\u7406IP\u914d\u7f6emy_ip\uff0c\u663e\u5f0f\u5b9a\u4e49compute_driver\u3001instances_path\u3001log_dir\uff1a [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 192.168.0.3 compute_driver = libvirt.LibvirtDriver instances_path = /var/lib/nova/instances log_dir = /var/log/nova \u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u5728 [vnc] \u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1a [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html \u5728 [glance] \u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1a [glance] api_servers = http://controller:9292 \u5728 [oslo_concurrency] \u90e8\u5206\uff0c\u914d\u7f6elock path\uff1a [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\uff1a [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86_64\uff09 \u5904\u7406\u5668\u4e3ax86_64\u67b6\u6784\u65f6\uff0c\u53ef\u901a\u8fc7\u8fd0\u884c\u5982\u4e0b\u547d\u4ee4\u786e\u8ba4\u662f\u5426\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662f\u9ed8\u8ba4\u7684KVM\u3002\u7f16\u8f91 /etc/nova/nova.conf \u7684 [libvirt] \u90e8\u5206\uff1a [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e\u3002 \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08arm64\uff09 \u5904\u7406\u5668\u4e3aarm64\u67b6\u6784\u65f6\uff0c\u53ef\u901a\u8fc7\u8fd0\u884c\u5982\u4e0b\u547d\u4ee4\u786e\u8ba4\u662f\u5426\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff1a virt-host-validate # \u8be5\u547d\u4ee4\u7531libvirt\u63d0\u4f9b\uff0c\u6b64\u65f6libvirt\u5e94\u5df2\u4f5c\u4e3aopenstack-nova-compute\u4f9d\u8d56\u88ab\u5b89\u88c5\uff0c\u73af\u5883\u4e2d\u5df2\u6709\u6b64\u547d\u4ee4 \u663e\u793aFAIL\u65f6\uff0c\u8868\u793a\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662f\u9ed8\u8ba4\u7684KVM\u3002 QEMU: Checking if device /dev/kvm exists: FAIL (Check that CPU and firmware supports virtualization and kvm module is loaded) \u7f16\u8f91 /etc/nova/nova.conf \u7684 [libvirt] \u90e8\u5206\uff1a [libvirt] virt_type = qemu \u663e\u793aPASS\u65f6\uff0c\u8868\u793a\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e\u3002 QEMU: Checking if device /dev/kvm exists: PASS \u914d\u7f6eqemu\uff08\u4ec5arm64\uff09 \u4ec5\u5f53\u5904\u7406\u5668\u4e3aarm64\u67b6\u6784\u65f6\u9700\u8981\u6267\u884c\u6b64\u64cd\u4f5c\u3002 \u7f16\u8f91 /etc/libvirt/qemu.conf : nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u7f16\u8f91 /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } \u542f\u52a8\u670d\u52a1 systemctl enable libvirtd.service openstack-nova-compute.service systemctl start libvirtd.service openstack-nova-compute.service Controller\u8282\u70b9 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u786e\u8ba4nova-compute\u670d\u52a1\u5df2\u8bc6\u522b\u5230\u6570\u636e\u5e93\u4e2d\uff1a openstack compute service list --service nova-compute \u53d1\u73b0\u8ba1\u7b97\u8282\u70b9\uff0c\u5c06\u8ba1\u7b97\u8282\u70b9\u6dfb\u52a0\u5230cell\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova \u7ed3\u679c\u5982\u4e0b\uff1a Modules with known eventlet monkey patching issues were imported prior to eventlet monkey patching: urllib3. This warning can usually be ignored if the caller is only importing and not executing nova code. Found 2 cell mappings. Skipping cell0 since it does not contain hosts. Getting computes from cell 'cell1': 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2 Checking host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e Creating host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e Found 1 unmapped computes in cell: 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2 \u9a8c\u8bc1 \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check Neutron \u00b6 Neutron\u662fOpenStack\u7684\u7f51\u7edc\u670d\u52a1\uff0c\u63d0\u4f9b\u865a\u62df\u4ea4\u6362\u673a\u3001IP\u8def\u7531\u3001DHCP\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u670d\u52a1\u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u7528\u6237\u548c\u670d\u52a1\uff0c\u5e76\u8bb0\u4f4f\u521b\u5efaneutron\u7528\u6237\u65f6\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6eNEUTRON_PASS\uff1a source ~/.admin-openrc openstack user create --domain default --password-prompt neutron openstack role add --project service --user neutron admin openstack service create --name neutron --description \"OpenStack Networking\" network \u90e8\u7f72 Neutron API \u670d\u52a1\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 openstack endpoint create --region RegionOne network internal http://controller:9696 openstack endpoint create --region RegionOne network admin http://controller:9696 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install -y openstack-neutron openstack-neutron-linuxbridge ebtables ipset openstack-neutron-ml2 \u914d\u7f6eNeutron \u4fee\u6539/etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron [DEFAULT] core_plugin = ml2 service_plugins = router allow_overlapping_ips = true transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = nova password = NOVA_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp [experimental] linuxbridge = true \u914d\u7f6eML2\uff0cML2\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge** \u4fee\u6539/etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u4fee\u6539/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u914d\u7f6eLayer-3\u4ee3\u7406 \u4fee\u6539/etc/neutron/l3_agent.ini [DEFAULT] interface_driver = linuxbridge \u914d\u7f6eDHCP\u4ee3\u7406 \u4fee\u6539/etc/neutron/dhcp_agent.ini [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u914d\u7f6emetadata\u4ee3\u7406 \u4fee\u6539/etc/neutron/metadata_agent.ini [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u914d\u7f6enova\u670d\u52a1\u4f7f\u7528neutron\uff0c\u4fee\u6539/etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542fnova api\u670d\u52a1 systemctl restart openstack-nova-api \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service systemctl start neutron-server.service neutron-linuxbridge-agent.service \\ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service Compute\u8282\u70b9 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-neutron-linuxbridge ebtables ipset -y \u914d\u7f6eNeutron \u4fee\u6539/etc/neutron/neutron.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u4fee\u6539/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u914d\u7f6enova compute\u670d\u52a1\u4f7f\u7528neutron\uff0c\u4fee\u6539/etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS \u91cd\u542fnova-compute\u670d\u52a1 systemctl restart openstack-nova-compute.service \u542f\u52a8Neutron linuxbridge agent\u670d\u52a1 systemctl enable neutron-linuxbridge-agent systemctl start neutron-linuxbridge-agent Cinder \u00b6 Cinder\u662fOpenStack\u7684\u5b58\u50a8\u670d\u52a1\uff0c\u63d0\u4f9b\u5757\u8bbe\u5907\u7684\u521b\u5efa\u3001\u53d1\u653e\u3001\u5907\u4efd\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \uff1a \u521d\u59cb\u5316\u6570\u636e\u5e93 CINDER_DBPASS \u662f\u7528\u6237\u81ea\u5b9a\u4e49\u7684cinder\u6570\u636e\u5e93\u5bc6\u7801\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u521d\u59cb\u5316Keystone\u8d44\u6e90\u5bf9\u8c61 source ~/.admin-openrc #\u521b\u5efa\u7528\u6237\u65f6\uff0c\u547d\u4ee4\u884c\u4f1a\u63d0\u793a\u8f93\u5165\u5bc6\u7801\uff0c\u8bf7\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u5bc6\u7801\uff0c\u4e0b\u6587\u6d89\u53ca\u5230`CINDER_PASS`\u7684\u5730\u65b9\u66ff\u6362\u6210\u8be5\u5bc6\u7801\u5373\u53ef\u3002 openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-cinder-api openstack-cinder-scheduler \u4fee\u6539cinder\u914d\u7f6e\u6587\u4ef6 /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 192.168.0.2 [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp \u6570\u636e\u5e93\u540c\u6b65 su -s /bin/sh -c \"cinder-manage db sync\" cinder \u4fee\u6539nova\u914d\u7f6e /etc/nova/nova.conf [cinder] os_region_name = RegionOne \u542f\u52a8\u670d\u52a1 systemctl restart openstack-nova-api systemctl start openstack-cinder-api openstack-cinder-scheduler Storage\u8282\u70b9 \uff1a Storage\u8282\u70b9\u8981\u63d0\u524d\u51c6\u5907\u81f3\u5c11\u4e00\u5757\u786c\u76d8\uff0c\u4f5c\u4e3acinder\u7684\u5b58\u50a8\u540e\u7aef\uff0c\u4e0b\u6587\u9ed8\u8ba4storage\u8282\u70b9\u5df2\u7ecf\u5b58\u5728\u4e00\u5757\u672a\u4f7f\u7528\u7684\u786c\u76d8\uff0c\u8bbe\u5907\u540d\u79f0\u4e3a /dev/sdb \uff0c\u7528\u6237\u5728\u914d\u7f6e\u8fc7\u7a0b\u4e2d\uff0c\u8bf7\u6309\u7167\u771f\u5b9e\u73af\u5883\u4fe1\u606f\u8fdb\u884c\u540d\u79f0\u66ff\u6362\u3002 Cinder\u652f\u6301\u5f88\u591a\u7c7b\u578b\u7684\u540e\u7aef\u5b58\u50a8\uff0c\u672c\u6307\u5bfc\u4f7f\u7528\u6700\u7b80\u5355\u7684lvm\u4e3a\u53c2\u8003\uff0c\u5982\u679c\u60a8\u60f3\u4f7f\u7528\u5982ceph\u7b49\u5176\u4ed6\u540e\u7aef\uff0c\u8bf7\u81ea\u884c\u914d\u7f6e\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils openstack-cinder-volume openstack-cinder-backup \u914d\u7f6elvm\u5377\u7ec4 pvcreate /dev/sdb vgcreate cinder-volumes /dev/sdb \u4fee\u6539cinder\u914d\u7f6e /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 192.168.0.4 enabled_backends = lvm glance_api_servers = http://controller:9292 [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = cinder password = CINDER_PASS [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver volume_group = cinder-volumes target_protocol = iscsi target_helper = lioadm [oslo_concurrency] lock_path = /var/lib/cinder/tmp \u914d\u7f6ecinder backup \uff08\u53ef\u9009\uff09 cinder-backup\u662f\u53ef\u9009\u7684\u5907\u4efd\u670d\u52a1\uff0ccinder\u540c\u6837\u652f\u6301\u5f88\u591a\u79cd\u5907\u4efd\u540e\u7aef\uff0c\u672c\u6587\u4f7f\u7528swift\u5b58\u50a8\uff0c\u5982\u679c\u60a8\u60f3\u4f7f\u7528\u5982NFS\u7b49\u540e\u7aef\uff0c\u8bf7\u81ea\u884c\u914d\u7f6e\uff0c\u4f8b\u5982\u53ef\u4ee5\u53c2\u8003 OpenStack\u5b98\u65b9\u6587\u6863 \u5bf9NFS\u7684\u914d\u7f6e\u8bf4\u660e\u3002 \u4fee\u6539 /etc/cinder/cinder.conf \uff0c\u5728 [DEFAULT] \u4e2d\u65b0\u589e [DEFAULT] backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver backup_swift_url = SWIFT_URL \u8fd9\u91cc\u7684 SWIFT_URL \u662f\u6307\u73af\u5883\u4e2dswift\u670d\u52a1\u7684URL\uff0c\u5728\u90e8\u7f72\u5b8cswift\u670d\u52a1\u540e\uff0c\u6267\u884c openstack catalog show object-store \u547d\u4ee4\u83b7\u53d6\u3002 \u542f\u52a8\u670d\u52a1 systemctl start openstack-cinder-volume target systemctl start openstack-cinder-backup (\u53ef\u9009) \u81f3\u6b64\uff0cCinder\u670d\u52a1\u7684\u90e8\u7f72\u5df2\u5168\u90e8\u5b8c\u6210\uff0c\u53ef\u4ee5\u5728controller\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u8fdb\u884c\u7b80\u5355\u7684\u9a8c\u8bc1 source ~/.admin-openrc openstack storage service list openstack volume list Horizon \u00b6 Horizon\u662fOpenStack\u63d0\u4f9b\u7684\u524d\u7aef\u9875\u9762\uff0c\u53ef\u4ee5\u8ba9\u7528\u6237\u901a\u8fc7\u7f51\u9875\u9f20\u6807\u7684\u64cd\u4f5c\u6765\u63a7\u5236OpenStack\u96c6\u7fa4\uff0c\u800c\u4e0d\u7528\u7e41\u7410\u7684CLI\u547d\u4ee4\u884c\u3002Horizon\u4e00\u822c\u90e8\u7f72\u5728\u63a7\u5236\u8282\u70b9\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-dashboard \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] OPENSTACK_KEYSTONE_URL = \"http://controller:5000/v3\" SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f\u670d\u52a1 systemctl restart httpd \u81f3\u6b64\uff0chorizon\u670d\u52a1\u7684\u90e8\u7f72\u5df2\u5168\u90e8\u5b8c\u6210\uff0c\u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165 http://192.168.0.2/dashboard \uff0c\u6253\u5f00horizon\u767b\u5f55\u9875\u9762\u3002 Ironic \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASS'; MariaDB [(none)]> exit Bye \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 \u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 \u66ff\u6362 IRONIC_PASS \u4e3aironic\u7528\u6237\u5bc6\u7801\uff0c IRONIC_INSPECTOR_PASS \u4e3aironic_inspector\u7528\u6237\u5bc6\u7801\u3002 openstack user create --password IRONIC_PASS \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASS --email ironic_inspector@example.com ironic-inspector openstack role add --project service --user ironic-inspector admin \u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal public http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal internal http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://192.168.0.2:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://192.168.0.2:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://192.168.0.2:5050/v1 \u5b89\u88c5\u7ec4\u4ef6 dnf install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf \u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASS \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQ LAlchemy connection string used to connect to the # database (string value) # connection = mysql+pymysql://ironic:IRONIC_DBPASS@DB_IP/ironic connection = mysql+pymysql://ironic:IRONIC_DBPASS@controller/ironic \u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) # transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq \u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASS \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s % (user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) # www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 www_authenticate_uri=http://controller:5000 # Complete admin Identity API endpoint. (string value) # auth_url=http://PRIVATE_IDENTITY_IP:5000 auth_url=http://controller:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASS # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none \u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema \u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 \u5982\u4e0b\u4e3aironic-conductor\u670d\u52a1\u81ea\u8eab\u7684\u6807\u51c6\u914d\u7f6e\uff0cironic-conductor\u670d\u52a1\u53ef\u4ee5\u4e0eironic-api\u670d\u52a1\u5206\u5e03\u4e8e\u4e0d\u540c\u8282\u70b9\uff0c\u672c\u6307\u5357\u4e2d\u5747\u90e8\u7f72\u4e0e\u63a7\u5236\u8282\u70b9\uff0c\u6240\u4ee5\u91cd\u590d\u7684\u914d\u7f6e\u9879\u53ef\u8df3\u8fc7\u3002 \u66ff\u6362\u4f7f\u7528conductor\u670d\u52a1\u6240\u5728host\u7684IP\u914d\u7f6emy_ip\uff1a [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) # my_ip=HOST_IP my_ip = 192.168.0.2 \u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASS \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASS@controller/ironic \u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq \u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c \u66ff\u6362IRONIC_PASS\u4e3aironic\u7528\u6237\u5bc6\u7801\u3002 [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASS # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public # \u5176\u4ed6\u53c2\u8003\u914d\u7f6e [glance] endpoint_override = http://controller:9292 www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 auth_type = password username = ironic password = IRONIC_PASS project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service [service_catalog] region_name = RegionOne project_domain_id = default user_domain_id = default project_name = service password = IRONIC_PASS username = ironic auth_url = http://controller:5000 auth_type = password \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] endpoint_override = <NEUTRON_API_ADDRESS> \u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 \u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u5b89\u88c5\u7ec4\u4ef6 dnf install openstack-ironic-inspector \u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASS'; MariaDB [(none)]> exit Bye \u914d\u7f6e /etc/ironic-inspector/inspector.conf \u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASS \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801 [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASS@controller/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 \u914d\u7f6e\u6d88\u606f\u961f\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s % (user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://controller:5000 www_authenticate_uri = http://controller:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = controller:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True \u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=192.168.0.40,192.168.0.50 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log \u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c \u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade \u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 dnf install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd deploy ramdisk\u955c\u50cf\u4e0b\u8f7d\u6216\u5236\u4f5c \u90e8\u7f72\u4e00\u4e2a\u88f8\u673a\u8282\u70b9\u603b\u5171\u9700\u8981\u4e24\u7ec4\u955c\u50cf\uff1adeploy ramdisk images\u548cuser images\u3002Deploy ramdisk images\u4e0a\u8fd0\u884c\u6709ironic-python-agent(IPA)\u670d\u52a1\uff0cIronic\u901a\u8fc7\u5b83\u8fdb\u884c\u88f8\u673a\u8282\u70b9\u7684\u73af\u5883\u51c6\u5907\u3002User images\u662f\u6700\u7ec8\u88ab\u5b89\u88c5\u88f8\u673a\u8282\u70b9\u4e0a\uff0c\u4f9b\u7528\u6237\u4f7f\u7528\u7684\u955c\u50cf\u3002 ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent-builder\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002\u82e5\u4f7f\u7528\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \uff0c\u540c\u65f6\u5b98\u65b9\u4e5f\u6709\u63d0\u4f9b\u5236\u4f5c\u597d\u7684deploy\u955c\u50cf\uff0c\u53ef\u5c1d\u8bd5\u4e0b\u8f7d\u3002 \u4e0b\u6587\u4ecb\u7ecd\u901a\u8fc7ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder dnf install python3-ironic-python-agent-builder \u6216 pip3 install ironic-python-agent-builder dnf install qemu-img git \u5236\u4f5c\u955c\u50cf \u57fa\u672c\u7528\u6cd5\uff1a usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--lzma] [--extra-args EXTRA_ARGS] [--elements-path ELEMENTS_PATH] distribution positional arguments: distribution Distribution to use options: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic-python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --lzma Use lzma compression for smaller images --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder --elements-path ELEMENTS_PATH Path(s) to custom DIB elements separated by a colon \u64cd\u4f5c\u5b9e\u4f8b\uff1a # -o\u9009\u9879\u6307\u5b9a\u751f\u6210\u7684\u955c\u50cf\u540d # ubuntu\u6307\u5b9a\u751f\u6210ubuntu\u7cfb\u7edf\u7684\u955c\u50cf ironic-python-agent-builder -o my-ubuntu-ipa ubuntu \u53ef\u901a\u8fc7\u8bbe\u7f6e ARCH \u73af\u5883\u53d8\u91cf\uff08\u9ed8\u8ba4\u4e3aamd64\uff09\u6307\u5b9a\u6240\u6784\u5efa\u955c\u50cf\u7684\u67b6\u6784\u3002\u5982\u679c\u662f arm \u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a export ARCH=aarch64 \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf,\u8bbe\u7f6e\u7528\u6237\u540d\u3001\u5bc6\u7801\uff0c\u542f\u7528 sodo \u6743\u9650\uff1b\u5e76\u6dfb\u52a0 -e \u9009\u9879\u4f7f\u7528\u76f8\u5e94\u7684DIB\u5143\u7d20\u3002\u5236\u4f5c\u955c\u50cf\u64cd\u4f5c\u5982\u4e0b\uff1a export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder -o my-ssh-ubuntu-ipa -e selinux-permissive -e devuser ubuntu \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=stable/2023.1 # \u6307\u5b9a\u672c\u5730\u4ed3\u5e93\u53ca\u5206\u652f DIB_REPOLOCATION_ironic_python_agent=/home/user/path/to/repo DIB_REPOREF_ironic_python_agent=my-test-branch ironic-python-agent-builder ubuntu \u53c2\u8003\uff1a source-repositories \u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\u3002 \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a \u5f53\u524d\u7248\u672c\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ ramdisk\u955c\u50cf\u4e2d\u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 \u7f16\u8f91/usr/lib/systemd/system/ironic-python-agent.service\u6587\u4ef6 [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target Trove \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2atrove\u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684trove\u6570\u636e\u5e93\uff0c\u66ff\u6362TROVE_DBPASS\u4e3a\u5408\u9002\u7684\u5bc6\u7801\u3002 CREATE DATABASE trove CHARACTER SET utf8; GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' IDENTIFIED BY 'TROVE_DBPASS'; GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' IDENTIFIED BY 'TROVE_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 # \u521b\u5efatrove\u7528\u6237 openstack user create --domain default --password-prompt trove # \u6dfb\u52a0admin\u89d2\u8272 openstack role add --project service --user trove admin # \u521b\u5efadatabase\u670d\u52a1 openstack service create --name trove --description \"Database service\" database \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5Trove\u3002 dnf install openstack-trove python-troveclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 \u7f16\u8f91/etc/trove/trove.conf\u3002 [DEFAULT] bind_host=192.168.0.2 log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver network_label_regex=.* management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] auth_url = http://controller:5000/v3/ auth_type = password project_domain_name = Default project_name = service user_domain_name = Default password = trove username = TROVE_PASS [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = trove password = TROVE_PASS [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u63a7\u5236\u8282\u70b9\u7684IP\u3002\\ transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801\u3002\\ [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f\u3002\\ Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801\u3002 \u7f16\u8f91/etc/trove/trove-guestagent.conf\u3002 [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df\u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a\u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002\\ transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801\u3002\\ Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801\u3002\\ \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 \u6570\u636e\u5e93\u540c\u6b65\u3002 su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-trove-api.service openstack-trove-taskmanager.service \\ openstack-trove-conductor.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Swift \u00b6 Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 Controller\u8282\u70b9 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 # \u521b\u5efaswift\u7528\u6237 openstack user create --domain default --password-prompt swift # \u6dfb\u52a0admin\u89d2\u8272 openstack role add --project service --user swift admin # \u521b\u5efa\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5Swift\u3002 dnf install openstack-swift-proxy python3-swiftclient python3-keystoneclient \\ python3-keystonemiddleware memcached \u914d\u7f6eproxy-server\u3002 Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cSWIFT_PASS\u5373\u53ef\u3002 vim /etc/swift/proxy-server.conf [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = swift password = SWIFT_PASS delay_auth_decision = True service_token_roles_required = True Storage\u8282\u70b9 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305\u3002 dnf install openstack-swift-account openstack-swift-container openstack-swift-object dnf install xfsprogs rsync \u5c06\u8bbe\u5907/dev/sdb\u548c/dev/sdc\u683c\u5f0f\u5316\u4e3aXFS\u3002 mkfs.xfs /dev/sdb mkfs.xfs /dev/sdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u3002 mkdir -p /srv/node/sdb mkdir -p /srv/node/sdc \u627e\u5230\u65b0\u5206\u533a\u7684UUID\u3002 blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d\u3002 UUID=\"<UUID-from-output-above>\" /srv/node/sdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/sdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\u3002 mount /srv/node/sdb mount /srv/node/sdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e\u3002 \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u914d\u7f6e\u5b58\u50a8\u8282\u70b9\u3002 \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 [DEFAULT] bind_ip = 192.168.0.4 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743\u3002 chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\u3002 mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift Controller\u8282\u70b9\u521b\u5efa\u5e76\u5206\u53d1\u73af \u521b\u5efa\u8d26\u53f7\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840 account.builder \u6587\u4ef6\u3002 swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder account.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS \\ --port 6202 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u8d26\u53f7\u73af\u5185\u5bb9\u3002 swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u8d26\u53f7\u73af\u3002 swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\u3002 swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder container.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u5bb9\u5668\u73af\u5185\u5bb9\u3002 swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u5bb9\u5668\u73af\u3002 swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\u3002 swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder object.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS \\ --port 6200 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u5bf9\u8c61\u73af\u5185\u5bb9\u3002 swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u5bf9\u8c61\u73af\u3002 swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\u3002 \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/swift/swift.conf\u3002 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\u3002 chown -R root:swift /etc/swift \u5b8c\u6210\u5b89\u88c5 \u5728\u63a7\u5236\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\u3002 systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\u3002 systemctl enable openstack-swift-account.service \\ openstack-swift-account-auditor.service \\ openstack-swift-account-reaper.service \\ openstack-swift-account-replicator.service \\ openstack-swift-container.service \\ openstack-swift-container-auditor.service \\ openstack-swift-container-replicator.service \\ openstack-swift-container-updater.service \\ openstack-swift-object.service \\ openstack-swift-object-auditor.service \\ openstack-swift-object-replicator.service \\ openstack-swift-object-updater.service systemctl start openstack-swift-account.service \\ openstack-swift-account-auditor.service \\ openstack-swift-account-reaper.service \\ openstack-swift-account-replicator.service \\ openstack-swift-container.service \\ openstack-swift-container-auditor.service \\ openstack-swift-container-replicator.service \\ openstack-swift-container-updater.service \\ openstack-swift-object.service \\ openstack-swift-object-auditor.service \\ openstack-swift-object-replicator.service \\ openstack-swift-object-updater.service Cyborg \u00b6 Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 Controller\u8282\u70b9 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 mysql -u root -p MariaDB [(none)]> CREATE DATABASE cyborg; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u7528\u6237\u548c\u670d\u52a1\uff0c\u5e76\u8bb0\u4f4f\u521b\u5efacybory\u7528\u6237\u65f6\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6eCYBORG_PASS source ~/.admin-openrc openstack user create --domain default --password-prompt cyborg openstack role add --project service --user cyborg admin openstack service create --name cyborg --description \"Acceleration Service\" accelerator \u4f7f\u7528uwsgi\u90e8\u7f72Cyborg api\u670d\u52a1 openstack endpoint create --region RegionOne accelerator public http://controller/accelerator/v2 openstack endpoint create --region RegionOne accelerator internal http://controller/accelerator/v2 openstack endpoint create --region RegionOne accelerator admin http://controller/accelerator/v2 \u5b89\u88c5Cyborg dnf install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [api] host_ip = 0.0.0.0 [database] connection = mysql+pymysql://cyborg:CYBORG_DBPASS@controller/cyborg [service_catalog] cafile = /opt/stack/data/ca-bundle.pem project_domain_id = default user_domain_id = default project_name = service password = CYBORG_PASS username = cyborg auth_url = http://controller:5000/v3/ auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = password username = PLACEMENT_PASS auth_url = http://controller:5000/v3/ auth_type = password auth_section = keystone_authtoken [nova] project_domain_name = Default project_name = service user_domain_name = Default password = NOVA_PASS username = nova auth_url = http://controller:5000/v3/ auth_type = password auth_section = keystone_authtoken [keystone_authtoken] memcached_servers = localhost:11211 signing_dir = /var/cache/cyborg/api cafile = /opt/stack/data/ca-bundle.pem project_domain_name = Default project_name = service user_domain_name = Default password = CYBORG_PASS username = cyborg auth_url = http://controller:5000/v3/ auth_type = password \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent Aodh \u00b6 Aodh\u53ef\u4ee5\u6839\u636e\u7531Ceilometer\u6216\u8005Gnocchi\u6536\u96c6\u7684\u76d1\u63a7\u6570\u636e\u521b\u5efa\u544a\u8b66\uff0c\u5e76\u8bbe\u7f6e\u89e6\u53d1\u89c4\u5219\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh\u3002 dnf install openstack-aodh-api openstack-aodh-evaluator \\ openstack-aodh-notifier openstack-aodh-listener \\ openstack-aodh-expirer python3-aodhclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/aodh/aodh.conf [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u540c\u6b65\u6570\u636e\u5e93\u3002 aodh-dbsync \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service \\ openstack-aodh-notifier.service openstack-aodh-listener.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service \\ openstack-aodh-notifier.service openstack-aodh-listener.service Gnocchi \u00b6 Gnocchi\u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u65f6\u95f4\u5e8f\u5217\u6570\u636e\u5e93\uff0c\u53ef\u4ee5\u5bf9\u63a5Ceilometer\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi\u3002 dnf install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. # coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u540c\u6b65\u6570\u636e\u5e93\u3002 gnocchi-upgrade \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service Ceilometer \u00b6 Ceilometer\u662fOpenStack\u4e2d\u8d1f\u8d23\u6570\u636e\u6536\u96c6\u7684\u670d\u52a1\u3002 Controller\u8282\u70b9 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer\u8f6f\u4ef6\u5305\u3002 dnf install openstack-ceilometer-notification openstack-ceilometer-central \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/pipeline.yaml\u3002 publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/ceilometer.conf\u3002 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u6570\u636e\u5e93\u540c\u6b65\u3002 ceilometer-upgrade \u5b8c\u6210\u63a7\u5236\u8282\u70b9Ceilometer\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Compute\u8282\u70b9 \u5b89\u88c5Ceilometer\u8f6f\u4ef6\u5305\u3002 dnf install openstack-ceilometer-compute dnf install openstack-ceilometer-ipmi # \u53ef\u9009 \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/ceilometer.conf\u3002 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_url = http://controller:5000 project_domain_id = default user_domain_id = default auth_type = password username = ceilometer project_name = service password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/nova/nova.conf\u3002 [DEFAULT] instance_usage_audit = True instance_usage_audit_period = hour [notifications] notify_on_state_change = vm_and_task_state [oslo_messaging_notifications] driver = messagingv2 \u5b8c\u6210\u5b89\u88c5\u3002 systemctl enable openstack-ceilometer-compute.service systemctl start openstack-ceilometer-compute.service systemctl enable openstack-ceilometer-ipmi.service # \u53ef\u9009 systemctl start openstack-ceilometer-ipmi.service # \u53ef\u9009 # \u91cd\u542fnova-compute\u670d\u52a1 systemctl restart openstack-nova-compute.service Heat \u00b6 Heat\u662f OpenStack \u81ea\u52a8\u7f16\u6392\u670d\u52a1\uff0c\u57fa\u4e8e\u63cf\u8ff0\u6027\u7684\u6a21\u677f\u6765\u7f16\u6392\u590d\u5408\u4e91\u5e94\u7528\uff0c\u4e5f\u79f0\u4e3a Orchestration Service \u3002Heat \u7684\u5404\u670d\u52a1\u4e00\u822c\u5b89\u88c5\u5728 Controller \u8282\u70b9\u4e0a\u3002 Controller\u8282\u70b9 \u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE heat; MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 source ~/.admin-openrc openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f \u521b\u5efa heat domain openstack domain create --description \"Stack projects and users\" heat \u5728 heat domain\u4e0b\u521b\u5efa heat_domain_admin \u7528\u6237\uff0c\u5e76\u8bb0\u4e0b\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6e\u4e0b\u9762\u7684 HEAT_DOMAIN_PASS openstack user create --domain heat --password-prompt heat_domain_admin \u4e3a heat_domain_admin \u7528\u6237\u589e\u52a0 admin \u89d2\u8272 openstack role add --domain heat --user-domain heat --user heat_domain_admin admin \u521b\u5efa heat_stack_owner \u89d2\u8272 openstack role create heat_stack_owner \u521b\u5efa heat_stack_user \u89d2\u8272 openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service Tempest \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 Controller\u8282\u70b9 \uff1a \u5b89\u88c5Tempest dnf install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Antelope\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a dnf install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u90e8\u7f72 \u00b6 oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 yum install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff0cAK/SK\u662f\u7528\u6237\u7684\u534e\u4e3a\u4e91\u767b\u5f55\u5bc6\u94a5\uff0c\u5176\u4ed6\u914d\u7f6e\u4fdd\u6301\u9ed8\u8ba4\u5373\u53ef\uff08\u9ed8\u8ba4\u4f7f\u7528\u65b0\u52a0\u5761region\uff09\uff0c\u9700\u8981\u63d0\u524d\u5728\u4e91\u4e0a\u521b\u5efa\u5bf9\u5e94\u7684\u8d44\u6e90\uff0c\u5305\u62ec\uff1a \u4e00\u4e2a\u5b89\u5168\u7ec4\uff0c\u540d\u5b57\u9ed8\u8ba4\u662f oos \u4e00\u4e2aopenEuler\u955c\u50cf\uff0c\u540d\u79f0\u683c\u5f0f\u662fopenEuler-%(release)s-%(arch)s\uff0c\u4f8b\u5982 openEuler-25.03-arm64 \u4e00\u4e2aVPC\uff0c\u540d\u79f0\u662f oos_vpc \u8be5VPC\u4e0b\u9762\u4e24\u4e2a\u5b50\u7f51\uff0c\u540d\u79f0\u662f oos_subnet1 \u3001 oos_subnet2 [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668(\u53ea\u5728openEuler LTS\u4e0a\u652f\u6301) \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0|openEuler 25.03\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 25.03 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r antelope \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u6267\u884ctempest\u6d4b\u8bd5 \u7528\u6237\u53ef\u4ee5\u4f7f\u7528oos\u81ea\u52a8\u6267\u884c\uff1a oos env test test-oos \u4e5f\u53ef\u4ee5\u624b\u52a8\u767b\u5f55\u76ee\u6807\u8282\u70b9\uff0c\u8fdb\u5165\u6839\u76ee\u5f55\u4e0b\u7684 mytest \u76ee\u5f55\uff0c\u624b\u52a8\u6267\u884c tempest run \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u8df3\u8fc7\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u5728\u7b2c4\u6b65\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 \u88ab\u7eb3\u7ba1\u7684\u865a\u673a\u9700\u8981\u4fdd\u8bc1\uff1a \u81f3\u5c11\u6709\u4e00\u5f20\u7ed9oos\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e neutron_dataplane_interface_name \u81f3\u5c11\u6709\u4e00\u5757\u7ed9oos\u4f7f\u7528\u7684\u786c\u76d8\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e cinder_block_device \u5982\u679c\u8981\u90e8\u7f72swift\u670d\u52a1\uff0c\u5219\u9700\u8981\u65b0\u589e\u4e00\u5757\u786c\u76d8\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e swift_storage_devices # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 25.03 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"openEuler-25.03_Antelope"},{"location":"install/openEuler-25.03/OpenStack-antelope/#openstack-antelope","text":"OpenStack Antelope \u90e8\u7f72\u6307\u5357 \u57fa\u4e8eRPM\u90e8\u7f72 \u73af\u5883\u51c6\u5907 \u65f6\u949f\u540c\u6b65 \u5b89\u88c5\u6570\u636e\u5e93 \u5b89\u88c5\u6d88\u606f\u961f\u5217 \u5b89\u88c5\u7f13\u5b58\u670d\u52a1 \u90e8\u7f72\u670d\u52a1 Keystone Glance Placement Nova Neutron Cinder Horizon Ironic Trove Swift Cyborg Aodh Gnocchi Ceilometer Heat Tempest \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u90e8\u7f72 \u672c\u6587\u6863\u662f openEuler OpenStack SIG \u7f16\u5199\u7684\u57fa\u4e8e |openEuler 25.03 \u7684 OpenStack \u90e8\u7f72\u6307\u5357\uff0c\u5185\u5bb9\u7531 SIG \u8d21\u732e\u8005\u63d0\u4f9b\u3002\u5728\u9605\u8bfb\u8fc7\u7a0b\u4e2d\uff0c\u5982\u679c\u60a8\u6709\u4efb\u4f55\u7591\u95ee\u6216\u8005\u53d1\u73b0\u4efb\u4f55\u95ee\u9898\uff0c\u8bf7 \u8054\u7cfb SIG\u7ef4\u62a4\u4eba\u5458\uff0c\u6216\u8005\u76f4\u63a5 \u63d0\u4ea4issue \u7ea6\u5b9a \u672c\u7ae0\u8282\u63cf\u8ff0\u6587\u6863\u4e2d\u7684\u4e00\u4e9b\u901a\u7528\u7ea6\u5b9a\u3002 \u540d\u79f0 \u5b9a\u4e49 RABBIT_PASS rabbitmq\u7684\u5bc6\u7801\uff0c\u7531\u7528\u6237\u8bbe\u7f6e\uff0c\u5728OpenStack\u5404\u4e2a\u670d\u52a1\u914d\u7f6e\u4e2d\u4f7f\u7528 CINDER_PASS cinder\u670d\u52a1keystone\u7528\u6237\u7684\u5bc6\u7801\uff0c\u5728cinder\u914d\u7f6e\u4e2d\u4f7f\u7528 CINDER_DBPASS cinder\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728cinder\u914d\u7f6e\u4e2d\u4f7f\u7528 KEYSTONE_DBPASS keystone\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728keystone\u914d\u7f6e\u4e2d\u4f7f\u7528 GLANCE_PASS glance\u670d\u52a1keystone\u7528\u6237\u7684\u5bc6\u7801\uff0c\u5728glance\u914d\u7f6e\u4e2d\u4f7f\u7528 GLANCE_DBPASS glance\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728glance\u914d\u7f6e\u4e2d\u4f7f\u7528 HEAT_PASS \u5728keystone\u6ce8\u518c\u7684heat\u7528\u6237\u5bc6\u7801\uff0c\u5728heat\u914d\u7f6e\u4e2d\u4f7f\u7528 HEAT_DBPASS heat\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728heat\u914d\u7f6e\u4e2d\u4f7f\u7528 CYBORG_PASS \u5728keystone\u6ce8\u518c\u7684cyborg\u7528\u6237\u5bc6\u7801\uff0c\u5728cyborg\u914d\u7f6e\u4e2d\u4f7f\u7528 CYBORG_DBPASS cyborg\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728cyborg\u914d\u7f6e\u4e2d\u4f7f\u7528 NEUTRON_PASS \u5728keystone\u6ce8\u518c\u7684neutron\u7528\u6237\u5bc6\u7801\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 NEUTRON_DBPASS neutron\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 PROVIDER_INTERFACE_NAME \u7269\u7406\u7f51\u7edc\u63a5\u53e3\u7684\u540d\u79f0\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 OVERLAY_INTERFACE_IP_ADDRESS Controller\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406ip\u5730\u5740\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 METADATA_SECRET metadata proxy\u7684secret\u5bc6\u7801\uff0c\u5728nova\u548cneutron\u914d\u7f6e\u4e2d\u4f7f\u7528 PLACEMENT_DBPASS placement\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728placement\u914d\u7f6e\u4e2d\u4f7f\u7528 PLACEMENT_PASS \u5728keystone\u6ce8\u518c\u7684placement\u7528\u6237\u5bc6\u7801\uff0c\u5728placement\u914d\u7f6e\u4e2d\u4f7f\u7528 NOVA_DBPASS nova\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728nova\u914d\u7f6e\u4e2d\u4f7f\u7528 NOVA_PASS \u5728keystone\u6ce8\u518c\u7684nova\u7528\u6237\u5bc6\u7801\uff0c\u5728nova,cyborg,neutron\u7b49\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_DBPASS ironic\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728ironic\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_PASS \u5728keystone\u6ce8\u518c\u7684ironic\u7528\u6237\u5bc6\u7801\uff0c\u5728ironic\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_INSPECTOR_DBPASS ironic-inspector\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728ironic-inspector\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_INSPECTOR_PASS \u5728keystone\u6ce8\u518c\u7684ironic-inspector\u7528\u6237\u5bc6\u7801\uff0c\u5728ironic-inspector\u914d\u7f6e\u4e2d\u4f7f\u7528 OpenStack SIG \u63d0\u4f9b\u4e86\u591a\u79cd\u57fa\u4e8e openEuler \u90e8\u7f72 OpenStack \u7684\u65b9\u6cd5\uff0c\u4ee5\u6ee1\u8db3\u4e0d\u540c\u7684\u7528\u6237\u573a\u666f\uff0c\u8bf7\u6309\u9700\u9009\u62e9\u3002","title":"OpenStack Antelope \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-25.03/OpenStack-antelope/#rpm","text":"","title":"\u57fa\u4e8eRPM\u90e8\u7f72"},{"location":"install/openEuler-25.03/OpenStack-antelope/#_1","text":"\u672c\u6587\u6863\u57fa\u4e8eOpenStack\u7ecf\u5178\u7684\u4e09\u8282\u70b9\u73af\u5883\u8fdb\u884c\u90e8\u7f72\uff0c\u4e09\u4e2a\u8282\u70b9\u5206\u522b\u662f\u63a7\u5236\u8282\u70b9(Controller)\u3001\u8ba1\u7b97\u8282\u70b9(Compute)\u3001\u5b58\u50a8\u8282\u70b9(Storage)\uff0c\u5176\u4e2d\u5b58\u50a8\u8282\u70b9\u4e00\u822c\u53ea\u90e8\u7f72\u5b58\u50a8\u670d\u52a1\uff0c\u5728\u8d44\u6e90\u6709\u9650\u7684\u60c5\u51b5\u4e0b\uff0c\u53ef\u4ee5\u4e0d\u5355\u72ec\u90e8\u7f72\u8be5\u8282\u70b9\uff0c\u628a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u670d\u52a1\u90e8\u7f72\u5230\u8ba1\u7b97\u8282\u70b9\u5373\u53ef\u3002 \u9996\u5148\u51c6\u5907\u4e09\u4e2a|openEuler 25.03\u73af\u5883\uff0c\u6839\u636e\u60a8\u7684\u73af\u5883\uff0c\u4e0b\u8f7d\u5bf9\u5e94\u7684\u955c\u50cf\u5e76\u5b89\u88c5\u5373\u53ef\uff1a[ISO\u955c\u50cf] https://repo.openeuler.org/openEuler-24.03-LTS-SP1/ISO/ \u3001[qcow2\u955c\u50cf] https://repo.openeuler.org/openEuler-24.03-LTS-SP1/virtual_machine_img/ \u3002 \u4e0b\u9762\u7684\u5b89\u88c5\u6309\u7167\u5982\u4e0b\u62d3\u6251\u8fdb\u884c\uff1a controller\uff1a192.168.0.2 compute\uff1a 192.168.0.3 storage\uff1a 192.168.0.4 \u5982\u679c\u60a8\u7684\u73af\u5883IP\u4e0d\u540c\uff0c\u8bf7\u6309\u7167\u60a8\u7684\u73af\u5883IP\u4fee\u6539\u76f8\u5e94\u7684\u914d\u7f6e\u6587\u4ef6\u3002 \u672c\u6587\u6863\u7684\u4e09\u8282\u70b9\u670d\u52a1\u62d3\u6251\u5982\u4e0b\u56fe\u6240\u793a(\u53ea\u5305\u542bKeystone\u3001Glance\u3001Nova\u3001Cinder\u3001Neutron\u8fd9\u51e0\u4e2a\u6838\u5fc3\u670d\u52a1\uff0c\u5176\u4ed6\u670d\u52a1\u8bf7\u53c2\u8003\u5177\u4f53\u90e8\u7f72\u7ae0\u8282)\uff1a \u5728\u6b63\u5f0f\u90e8\u7f72\u4e4b\u524d\uff0c\u9700\u8981\u5bf9\u6bcf\u4e2a\u8282\u70b9\u505a\u5982\u4e0b\u914d\u7f6e\u548c\u68c0\u67e5\uff1a \u914d\u7f6e |openEuler 25.03 \u5b98\u65b9 yum \u6e90\uff0c\u9700\u8981\u542f\u7528 EPOL \u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301 OpenStack yum update yum install openstack-release-antelope yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP1/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-24.03-LTS-SP1/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u6bcf\u4e2a\u8282\u70b9\u5206\u522b\u4fee\u6539\u4e3b\u673a\u540d\uff0c\u4ee5controller\u4e3a\u4f8b\uff1a hostnamectl set-hostname controller vi /etc/hostname \u5185\u5bb9\u4fee\u6539\u4e3acontroller \u7136\u540e\u4fee\u6539\u6bcf\u4e2a\u8282\u70b9\u7684 /etc/hosts \u6587\u4ef6\uff0c\u65b0\u589e\u5982\u4e0b\u5185\u5bb9: 192.168.0.2 controller 192.168.0.3 compute 192.168.0.4 storage","title":"\u73af\u5883\u51c6\u5907"},{"location":"install/openEuler-25.03/OpenStack-antelope/#_2","text":"\u96c6\u7fa4\u73af\u5883\u65f6\u523b\u8981\u6c42\u6bcf\u4e2a\u8282\u70b9\u7684\u65f6\u95f4\u4e00\u81f4\uff0c\u4e00\u822c\u7531\u65f6\u949f\u540c\u6b65\u8f6f\u4ef6\u4fdd\u8bc1\u3002\u672c\u6587\u4f7f\u7528 chrony \u8f6f\u4ef6\u3002\u6b65\u9aa4\u5982\u4e0b\uff1a Controller\u8282\u70b9 \uff1a \u5b89\u88c5\u670d\u52a1 dnf install chrony \u4fee\u6539 /etc/chrony.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u65b0\u589e\u4e00\u884c # \u8868\u793a\u5141\u8bb8\u54ea\u4e9bIP\u4ece\u672c\u8282\u70b9\u540c\u6b65\u65f6\u949f allow 192.168.0.0/24 \u91cd\u542f\u670d\u52a1 systemctl restart chronyd \u5176\u4ed6\u8282\u70b9 \u5b89\u88c5\u670d\u52a1 dnf install chrony \u4fee\u6539 /etc/chrony.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u65b0\u589e\u4e00\u884c # NTP_SERVER\u662fcontroller IP\uff0c\u8868\u793a\u4ece\u8fd9\u4e2a\u673a\u5668\u83b7\u53d6\u65f6\u95f4\uff0c\u8fd9\u91cc\u6211\u4eec\u586b192.168.0.2\uff0c\u6216\u8005\u5728`/etc/hosts`\u91cc\u914d\u7f6e\u597d\u7684controller\u540d\u5b57\u5373\u53ef\u3002 server NTP_SERVER iburst \u540c\u65f6\uff0c\u8981\u628a pool pool.ntp.org iburst \u8fd9\u4e00\u884c\u6ce8\u91ca\u6389\uff0c\u8868\u793a\u4e0d\u4ece\u516c\u7f51\u540c\u6b65\u65f6\u949f\u3002 \u91cd\u542f\u670d\u52a1 systemctl restart chronyd \u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u68c0\u67e5\u4e00\u4e0b\u7ed3\u679c\uff0c\u5728\u5176\u4ed6\u975econtroller\u8282\u70b9\u6267\u884c chronyc sources \uff0c\u8fd4\u56de\u7ed3\u679c\u7c7b\u4f3c\u5982\u4e0b\u5185\u5bb9\uff0c\u8868\u793a\u6210\u529f\u4ececontroller\u540c\u6b65\u65f6\u949f\u3002 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* 192.168.0.2 4 6 7 0 -1406ns[ +55us] +/- 16ms","title":"\u65f6\u949f\u540c\u6b65"},{"location":"install/openEuler-25.03/OpenStack-antelope/#_3","text":"\u6570\u636e\u5e93\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528mariadb\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install mysql-config mariadb mariadb-server python3-PyMySQL \u65b0\u589e\u914d\u7f6e\u6587\u4ef6 /etc/my.cnf.d/openstack.cnf \uff0c\u5185\u5bb9\u5982\u4e0b [mysqld] bind-address = 192.168.0.2 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u542f\u52a8\u670d\u52a1\u5668 systemctl start mariadb \u521d\u59cb\u5316\u6570\u636e\u5e93\uff0c\u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef mysql_secure_installation \u793a\u4f8b\u5982\u4e0b\uff1a NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and haven't set the root password yet, you should just press enter here. Enter current password for root (enter for none): #\u8fd9\u91cc\u8f93\u5165\u5bc6\u7801\uff0c\u7531\u4e8e\u6211\u4eec\u662f\u521d\u59cb\u5316DB\uff0c\u76f4\u63a5\u56de\u8f66\u5c31\u884c OK, successfully used password, moving on... Setting the root password or using the unix_socket ensures that nobody can log into the MariaDB root user without the proper authorisation. You already have your root account protected, so you can safely answer 'n'. # \u8fd9\u91cc\u6839\u636e\u63d0\u793a\u8f93\u5165N Switch to unix_socket authentication [Y/n] N Enabled successfully! Reloading privilege tables.. ... Success! You already have your root account protected, so you can safely answer 'n'. # \u8f93\u5165Y\uff0c\u4fee\u6539\u5bc6\u7801 Change the root password? [Y/n] Y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. # \u8f93\u5165Y\uff0c\u5220\u9664\u533f\u540d\u7528\u6237 Remove anonymous users? [Y/n] Y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. # \u8f93\u5165Y\uff0c\u5173\u95edroot\u8fdc\u7a0b\u767b\u5f55\u6743\u9650 Disallow root login remotely? [Y/n] Y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. # \u8f93\u5165Y\uff0c\u5220\u9664test\u6570\u636e\u5e93 Remove test database and access to it? [Y/n] Y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. # \u8f93\u5165Y\uff0c\u91cd\u8f7d\u914d\u7f6e Reload privilege tables now? [Y/n] Y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. \u9a8c\u8bc1\uff0c\u6839\u636e\u7b2c\u56db\u6b65\u8bbe\u7f6e\u7684\u5bc6\u7801\uff0c\u68c0\u67e5\u662f\u5426\u80fd\u767b\u5f55mariadb mysql -uroot -p","title":"\u5b89\u88c5\u6570\u636e\u5e93"},{"location":"install/openEuler-25.03/OpenStack-antelope/#_4","text":"\u6d88\u606f\u961f\u5217\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528rabbitmq\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install rabbitmq-server \u542f\u52a8\u670d\u52a1 systemctl start rabbitmq-server \u914d\u7f6eopenstack\u7528\u6237\uff0c RABBIT_PASS \u662fopenstack\u670d\u52a1\u767b\u5f55\u6d88\u606f\u961f\u91cc\u7684\u5bc6\u7801\uff0c\u9700\u8981\u548c\u540e\u9762\u5404\u4e2a\u670d\u52a1\u7684\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\u3002 rabbitmqctl add_user openstack RABBIT_PASS rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5\u6d88\u606f\u961f\u5217"},{"location":"install/openEuler-25.03/OpenStack-antelope/#_5","text":"\u7f13\u5b58\u670d\u52a1\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528Memcached\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install memcached python3-memcached \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u542f\u52a8\u670d\u52a1 systemctl start memcached","title":"\u5b89\u88c5\u7f13\u5b58\u670d\u52a1"},{"location":"install/openEuler-25.03/OpenStack-antelope/#_6","text":"","title":"\u90e8\u7f72\u670d\u52a1"},{"location":"install/openEuler-25.03/OpenStack-antelope/#keystone","text":"Keystone\u662fOpenStack\u63d0\u4f9b\u7684\u9274\u6743\u670d\u52a1\uff0c\u662f\u6574\u4e2aOpenStack\u7684\u5165\u53e3\uff0c\u63d0\u4f9b\u4e86\u79df\u6237\u9694\u79bb\u3001\u7528\u6237\u8ba4\u8bc1\u3001\u670d\u52a1\u53d1\u73b0\u7b49\u529f\u80fd\uff0c\u5fc5\u987b\u5b89\u88c5\u3002 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server \u6253\u5f00httpd.conf\u5e76\u914d\u7f6e #\u9700\u8981\u4fee\u6539\u7684\u914d\u7f6e\u6587\u4ef6\u8def\u5f84 vim /etc/httpd/conf/httpd.conf #\u4fee\u6539\u4ee5\u4e0b\u9879\uff0c\u5982\u679c\u6ca1\u6709\u5219\u65b0\u6dfb\u52a0 ServerName controller \u521b\u5efa\u8f6f\u94fe\u63a5 ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles \u9700\u8981\u5148\u5b89\u88c5python3-openstackclient dnf install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone"},{"location":"install/openEuler-25.03/OpenStack-antelope/#glance","text":"Glance\u662fOpenStack\u63d0\u4f9b\u7684\u955c\u50cf\u670d\u52a1\uff0c\u8d1f\u8d23\u865a\u62df\u673a\u3001\u88f8\u673a\u955c\u50cf\u7684\u4e0a\u4f20\u4e0e\u4e0b\u8f7d\uff0c\u5fc5\u987b\u5b89\u88c5\u3002 Controller\u8282\u70b9 \uff1a \u521b\u5efa glance \u6570\u636e\u5e93\u5e76\u6388\u6743 mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521d\u59cb\u5316 glance \u8d44\u6e90\u5bf9\u8c61 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efa\u7528\u6237\u65f6\uff0c\u547d\u4ee4\u884c\u4f1a\u63d0\u793a\u8f93\u5165\u5bc6\u7801\uff0c\u8bf7\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u5bc6\u7801\uff0c\u4e0b\u6587\u6d89\u53ca\u5230 GLANCE_PASS \u7684\u5730\u65b9\u66ff\u6362\u6210\u8be5\u5bc6\u7801\u5373\u53ef\u3002 openstack user create --domain default --password-prompt glance User Password: Repeat User Password: \u6dfb\u52a0glance\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user glance admin \u521b\u5efaglance\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efaglance API\u670d\u52a1\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-glance \u4fee\u6539 glance \u914d\u7f6e\u6587\u4ef6 vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrcu \u4e0b\u8f7d\u955c\u50cf x86\u955c\u50cf\u4e0b\u8f7d\uff1a wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img arm\u955c\u50cf\u4e0b\u8f7d\uff1a wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-aarch64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance"},{"location":"install/openEuler-25.03/OpenStack-antelope/#placement","text":"Placement\u662fOpenStack\u63d0\u4f9b\u7684\u8d44\u6e90\u8c03\u5ea6\u7ec4\u4ef6\uff0c\u4e00\u822c\u4e0d\u9762\u5411\u7528\u6237\uff0c\u7531Nova\u7b49\u7ec4\u4ef6\u8c03\u7528\uff0c\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\u3002 \u5b89\u88c5\u3001\u914d\u7f6ePlacement\u670d\u52a1\u524d\uff0c\u9700\u8981\u5148\u521b\u5efa\u76f8\u5e94\u7684\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548cAPI endpoints\u3002 \u521b\u5efa\u6570\u636e\u5e93 \u4f7f\u7528root\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\u670d\u52a1\uff1a mysql -u root -p \u521b\u5efaplacement\u6570\u636e\u5e93\uff1a MariaDB [(none)]> CREATE DATABASE placement; \u6388\u6743\u6570\u636e\u5e93\u8bbf\u95ee\uff1a MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; \u66ff\u6362 PLACEMENT_DBPASS \u4e3aplacement\u6570\u636e\u5e93\u8bbf\u95ee\u5bc6\u7801\u3002 \u9000\u51fa\u6570\u636e\u5e93\u8bbf\u95ee\u5ba2\u6237\u7aef\uff1a exit \u914d\u7f6e\u7528\u6237\u548cEndpoints source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u521b\u5efaplacement\u7528\u6237\u5e76\u8bbe\u7f6e\u7528\u6237\u5bc6\u7801\uff1a openstack user create --domain default --password-prompt placement User Password: Repeat User Password: \u6dfb\u52a0placement\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user placement admin \u521b\u5efaplacement\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name placement \\ --description \"Placement API\" placement \u521b\u5efaPlacement API\u670d\u52a1endpoints\uff1a openstack endpoint create --region RegionOne \\ placement public http://controller:8778 openstack endpoint create --region RegionOne \\ placement internal http://controller:8778 openstack endpoint create --region RegionOne \\ placement admin http://controller:8778 \u5b89\u88c5\u53ca\u914d\u7f6e\u7ec4\u4ef6 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a dnf install openstack-placement-api \u7f16\u8f91 /etc/placement/placement.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u5b8c\u6210\u5982\u4e0b\u64cd\u4f5c\uff1a \u5728 [placement_database] \u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1a [placement_database] connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement \u66ff\u6362 PLACEMENT_DBPASS \u4e3aplacement\u6570\u636e\u5e93\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u6570\u636e\u5e93\u540c\u6b65\uff0c\u586b\u5145Placement\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8\u670d\u52a1 \u91cd\u542fhttpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650 source ~/.admin-openrc \u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a placement-status upgrade check +----------------------------------------------------------------------+ | Upgrade Check Results | +----------------------------------------------------------------------+ | Check: Missing Root Provider IDs | | Result: Success | | Details: None | +----------------------------------------------------------------------+ | Check: Incomplete Consumers | | Result: Success | | Details: None | +----------------------------------------------------------------------+ | Check: Policy File JSON to YAML Migration | | Result: Failure | | Details: Your policy file is JSON-formatted which is deprecated. You | | need to switch to YAML-formatted file. Use the | | ``oslopolicy-convert-json-to-yaml`` tool to convert the | | existing JSON-formatted files to YAML in a backwards- | | compatible manner: https://docs.openstack.org/oslo.policy/ | | latest/cli/oslopolicy-convert-json-to-yaml.html. | +----------------------------------------------------------------------+ \u8fd9\u91cc\u53ef\u4ee5\u770b\u5230 Policy File JSON to YAML Migration \u7684\u7ed3\u679c\u4e3aFailure\u3002\u8fd9\u662f\u56e0\u4e3a\u5728Placement\u4e2d\uff0cJSON\u683c\u5f0f\u7684policy\u6587\u4ef6\u4eceWallaby\u7248\u672c\u5f00\u59cb\u5df2\u5904\u4e8e deprecated \u72b6\u6001\u3002\u53ef\u4ee5\u53c2\u8003\u63d0\u793a\uff0c\u4f7f\u7528 oslopolicy-convert-json-to-yaml \u5de5\u5177 \u5c06\u73b0\u6709\u7684JSON\u683c\u5f0fpolicy\u6587\u4ef6\u8f6c\u5316\u4e3aYAML\u683c\u5f0f\u3002 oslopolicy-convert-json-to-yaml --namespace placement \\ --policy-file /etc/placement/policy.json \\ --output-file /etc/placement/policy.yaml mv /etc/placement/policy.json{,.bak} \u6ce8\uff1a\u5f53\u524d\u73af\u5883\u4e2d\u6b64\u95ee\u9898\u53ef\u5ffd\u7565\uff0c\u4e0d\u5f71\u54cd\u8fd0\u884c\u3002 \u9488\u5bf9placement API\u8fd0\u884c\u547d\u4ee4\uff1a \u5b89\u88c5osc-placement\u63d2\u4ef6\uff1a dnf install python3-osc-placement \u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a openstack --os-placement-api-version 1.2 resource class list --sort-column name +----------------------------+ | name | +----------------------------+ | DISK_GB | | FPGA | | ... | openstack --os-placement-api-version 1.6 trait list --sort-column name +---------------------------------------+ | name | +---------------------------------------+ | COMPUTE_ACCELERATORS | | COMPUTE_ARCH_AARCH64 | | ... |","title":"Placement"},{"location":"install/openEuler-25.03/OpenStack-antelope/#nova","text":"Nova\u662fOpenStack\u7684\u8ba1\u7b97\u670d\u52a1\uff0c\u8d1f\u8d23\u865a\u62df\u673a\u7684\u521b\u5efa\u3001\u53d1\u653e\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u521b\u5efa\u6570\u636e\u5e93 \u4f7f\u7528root\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\u670d\u52a1\uff1a mysql -u root -p \u521b\u5efa nova_api \u3001 nova \u548c nova_cell0 \u6570\u636e\u5e93\uff1a MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; \u6388\u6743\u6570\u636e\u5e93\u8bbf\u95ee\uff1a MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; \u66ff\u6362 NOVA_DBPASS \u4e3anova\u76f8\u5173\u6570\u636e\u5e93\u8bbf\u95ee\u5bc6\u7801\u3002 \u9000\u51fa\u6570\u636e\u5e93\u8bbf\u95ee\u5ba2\u6237\u7aef\uff1a exit \u914d\u7f6e\u7528\u6237\u548cEndpoints source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u521b\u5efanova\u7528\u6237\u5e76\u8bbe\u7f6e\u7528\u6237\u5bc6\u7801\uff1a openstack user create --domain default --password-prompt nova User Password: Repeat User Password: \u6dfb\u52a0nova\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user nova admin \u521b\u5efanova\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name nova \\ --description \"OpenStack Compute\" compute \u521b\u5efaNova API\u670d\u52a1endpoints\uff1a openstack endpoint create --region RegionOne \\ compute public http://controller:8774/v2.1 openstack endpoint create --region RegionOne \\ compute internal http://controller:8774/v2.1 openstack endpoint create --region RegionOne \\ compute admin http://controller:8774/v2.1 \u5b89\u88c5\u53ca\u914d\u7f6e\u7ec4\u4ef6 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a dnf install openstack-nova-api openstack-nova-conductor \\ openstack-nova-novncproxy openstack-nova-scheduler \u7f16\u8f91 /etc/nova/nova.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u5b8c\u6210\u5982\u4e0b\u64cd\u4f5c\uff1a \u5728 [default] \u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u4f7f\u7528controller\u8282\u70b9\u7ba1\u7406IP\u914d\u7f6emy_ip\uff0c\u663e\u5f0f\u5b9a\u4e49log_dir\uff1a [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 192.168.0.2 log_dir = /var/log/nova state_path = /var/lib/nova \u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002 \u5728 [api_database] \u548c [database] \u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1a [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova \u66ff\u6362 NOVA_DBPASS \u4e3anova\u76f8\u5173\u6570\u636e\u5e93\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u5728 [vnc] \u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1a [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip \u5728 [glance] \u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1a [glance] api_servers = http://controller:9292 \u5728 [oslo_concurrency] \u90e8\u5206\uff0c\u914d\u7f6elock path\uff1a [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\uff1a [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u6570\u636e\u5e93\u540c\u6b65\uff1a \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova \u542f\u52a8\u670d\u52a1 systemctl enable \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service Compute\u8282\u70b9 \u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-nova-compute \u7f16\u8f91 /etc/nova/nova.conf \u914d\u7f6e\u6587\u4ef6 \u5728 [default] \u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u4f7f\u7528Compute\u8282\u70b9\u7ba1\u7406IP\u914d\u7f6emy_ip\uff0c\u663e\u5f0f\u5b9a\u4e49compute_driver\u3001instances_path\u3001log_dir\uff1a [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 192.168.0.3 compute_driver = libvirt.LibvirtDriver instances_path = /var/lib/nova/instances log_dir = /var/log/nova \u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u5728 [vnc] \u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1a [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html \u5728 [glance] \u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1a [glance] api_servers = http://controller:9292 \u5728 [oslo_concurrency] \u90e8\u5206\uff0c\u914d\u7f6elock path\uff1a [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\uff1a [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86_64\uff09 \u5904\u7406\u5668\u4e3ax86_64\u67b6\u6784\u65f6\uff0c\u53ef\u901a\u8fc7\u8fd0\u884c\u5982\u4e0b\u547d\u4ee4\u786e\u8ba4\u662f\u5426\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662f\u9ed8\u8ba4\u7684KVM\u3002\u7f16\u8f91 /etc/nova/nova.conf \u7684 [libvirt] \u90e8\u5206\uff1a [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e\u3002 \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08arm64\uff09 \u5904\u7406\u5668\u4e3aarm64\u67b6\u6784\u65f6\uff0c\u53ef\u901a\u8fc7\u8fd0\u884c\u5982\u4e0b\u547d\u4ee4\u786e\u8ba4\u662f\u5426\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff1a virt-host-validate # \u8be5\u547d\u4ee4\u7531libvirt\u63d0\u4f9b\uff0c\u6b64\u65f6libvirt\u5e94\u5df2\u4f5c\u4e3aopenstack-nova-compute\u4f9d\u8d56\u88ab\u5b89\u88c5\uff0c\u73af\u5883\u4e2d\u5df2\u6709\u6b64\u547d\u4ee4 \u663e\u793aFAIL\u65f6\uff0c\u8868\u793a\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662f\u9ed8\u8ba4\u7684KVM\u3002 QEMU: Checking if device /dev/kvm exists: FAIL (Check that CPU and firmware supports virtualization and kvm module is loaded) \u7f16\u8f91 /etc/nova/nova.conf \u7684 [libvirt] \u90e8\u5206\uff1a [libvirt] virt_type = qemu \u663e\u793aPASS\u65f6\uff0c\u8868\u793a\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e\u3002 QEMU: Checking if device /dev/kvm exists: PASS \u914d\u7f6eqemu\uff08\u4ec5arm64\uff09 \u4ec5\u5f53\u5904\u7406\u5668\u4e3aarm64\u67b6\u6784\u65f6\u9700\u8981\u6267\u884c\u6b64\u64cd\u4f5c\u3002 \u7f16\u8f91 /etc/libvirt/qemu.conf : nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u7f16\u8f91 /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } \u542f\u52a8\u670d\u52a1 systemctl enable libvirtd.service openstack-nova-compute.service systemctl start libvirtd.service openstack-nova-compute.service Controller\u8282\u70b9 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u786e\u8ba4nova-compute\u670d\u52a1\u5df2\u8bc6\u522b\u5230\u6570\u636e\u5e93\u4e2d\uff1a openstack compute service list --service nova-compute \u53d1\u73b0\u8ba1\u7b97\u8282\u70b9\uff0c\u5c06\u8ba1\u7b97\u8282\u70b9\u6dfb\u52a0\u5230cell\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova \u7ed3\u679c\u5982\u4e0b\uff1a Modules with known eventlet monkey patching issues were imported prior to eventlet monkey patching: urllib3. This warning can usually be ignored if the caller is only importing and not executing nova code. Found 2 cell mappings. Skipping cell0 since it does not contain hosts. Getting computes from cell 'cell1': 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2 Checking host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e Creating host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e Found 1 unmapped computes in cell: 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2 \u9a8c\u8bc1 \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check","title":"Nova"},{"location":"install/openEuler-25.03/OpenStack-antelope/#neutron","text":"Neutron\u662fOpenStack\u7684\u7f51\u7edc\u670d\u52a1\uff0c\u63d0\u4f9b\u865a\u62df\u4ea4\u6362\u673a\u3001IP\u8def\u7531\u3001DHCP\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u670d\u52a1\u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u7528\u6237\u548c\u670d\u52a1\uff0c\u5e76\u8bb0\u4f4f\u521b\u5efaneutron\u7528\u6237\u65f6\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6eNEUTRON_PASS\uff1a source ~/.admin-openrc openstack user create --domain default --password-prompt neutron openstack role add --project service --user neutron admin openstack service create --name neutron --description \"OpenStack Networking\" network \u90e8\u7f72 Neutron API \u670d\u52a1\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 openstack endpoint create --region RegionOne network internal http://controller:9696 openstack endpoint create --region RegionOne network admin http://controller:9696 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install -y openstack-neutron openstack-neutron-linuxbridge ebtables ipset openstack-neutron-ml2 \u914d\u7f6eNeutron \u4fee\u6539/etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron [DEFAULT] core_plugin = ml2 service_plugins = router allow_overlapping_ips = true transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = nova password = NOVA_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp [experimental] linuxbridge = true \u914d\u7f6eML2\uff0cML2\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge** \u4fee\u6539/etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u4fee\u6539/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u914d\u7f6eLayer-3\u4ee3\u7406 \u4fee\u6539/etc/neutron/l3_agent.ini [DEFAULT] interface_driver = linuxbridge \u914d\u7f6eDHCP\u4ee3\u7406 \u4fee\u6539/etc/neutron/dhcp_agent.ini [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u914d\u7f6emetadata\u4ee3\u7406 \u4fee\u6539/etc/neutron/metadata_agent.ini [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u914d\u7f6enova\u670d\u52a1\u4f7f\u7528neutron\uff0c\u4fee\u6539/etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542fnova api\u670d\u52a1 systemctl restart openstack-nova-api \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service systemctl start neutron-server.service neutron-linuxbridge-agent.service \\ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service Compute\u8282\u70b9 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-neutron-linuxbridge ebtables ipset -y \u914d\u7f6eNeutron \u4fee\u6539/etc/neutron/neutron.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u4fee\u6539/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u914d\u7f6enova compute\u670d\u52a1\u4f7f\u7528neutron\uff0c\u4fee\u6539/etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS \u91cd\u542fnova-compute\u670d\u52a1 systemctl restart openstack-nova-compute.service \u542f\u52a8Neutron linuxbridge agent\u670d\u52a1 systemctl enable neutron-linuxbridge-agent systemctl start neutron-linuxbridge-agent","title":"Neutron"},{"location":"install/openEuler-25.03/OpenStack-antelope/#cinder","text":"Cinder\u662fOpenStack\u7684\u5b58\u50a8\u670d\u52a1\uff0c\u63d0\u4f9b\u5757\u8bbe\u5907\u7684\u521b\u5efa\u3001\u53d1\u653e\u3001\u5907\u4efd\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \uff1a \u521d\u59cb\u5316\u6570\u636e\u5e93 CINDER_DBPASS \u662f\u7528\u6237\u81ea\u5b9a\u4e49\u7684cinder\u6570\u636e\u5e93\u5bc6\u7801\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u521d\u59cb\u5316Keystone\u8d44\u6e90\u5bf9\u8c61 source ~/.admin-openrc #\u521b\u5efa\u7528\u6237\u65f6\uff0c\u547d\u4ee4\u884c\u4f1a\u63d0\u793a\u8f93\u5165\u5bc6\u7801\uff0c\u8bf7\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u5bc6\u7801\uff0c\u4e0b\u6587\u6d89\u53ca\u5230`CINDER_PASS`\u7684\u5730\u65b9\u66ff\u6362\u6210\u8be5\u5bc6\u7801\u5373\u53ef\u3002 openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-cinder-api openstack-cinder-scheduler \u4fee\u6539cinder\u914d\u7f6e\u6587\u4ef6 /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 192.168.0.2 [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp \u6570\u636e\u5e93\u540c\u6b65 su -s /bin/sh -c \"cinder-manage db sync\" cinder \u4fee\u6539nova\u914d\u7f6e /etc/nova/nova.conf [cinder] os_region_name = RegionOne \u542f\u52a8\u670d\u52a1 systemctl restart openstack-nova-api systemctl start openstack-cinder-api openstack-cinder-scheduler Storage\u8282\u70b9 \uff1a Storage\u8282\u70b9\u8981\u63d0\u524d\u51c6\u5907\u81f3\u5c11\u4e00\u5757\u786c\u76d8\uff0c\u4f5c\u4e3acinder\u7684\u5b58\u50a8\u540e\u7aef\uff0c\u4e0b\u6587\u9ed8\u8ba4storage\u8282\u70b9\u5df2\u7ecf\u5b58\u5728\u4e00\u5757\u672a\u4f7f\u7528\u7684\u786c\u76d8\uff0c\u8bbe\u5907\u540d\u79f0\u4e3a /dev/sdb \uff0c\u7528\u6237\u5728\u914d\u7f6e\u8fc7\u7a0b\u4e2d\uff0c\u8bf7\u6309\u7167\u771f\u5b9e\u73af\u5883\u4fe1\u606f\u8fdb\u884c\u540d\u79f0\u66ff\u6362\u3002 Cinder\u652f\u6301\u5f88\u591a\u7c7b\u578b\u7684\u540e\u7aef\u5b58\u50a8\uff0c\u672c\u6307\u5bfc\u4f7f\u7528\u6700\u7b80\u5355\u7684lvm\u4e3a\u53c2\u8003\uff0c\u5982\u679c\u60a8\u60f3\u4f7f\u7528\u5982ceph\u7b49\u5176\u4ed6\u540e\u7aef\uff0c\u8bf7\u81ea\u884c\u914d\u7f6e\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils openstack-cinder-volume openstack-cinder-backup \u914d\u7f6elvm\u5377\u7ec4 pvcreate /dev/sdb vgcreate cinder-volumes /dev/sdb \u4fee\u6539cinder\u914d\u7f6e /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 192.168.0.4 enabled_backends = lvm glance_api_servers = http://controller:9292 [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = cinder password = CINDER_PASS [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver volume_group = cinder-volumes target_protocol = iscsi target_helper = lioadm [oslo_concurrency] lock_path = /var/lib/cinder/tmp \u914d\u7f6ecinder backup \uff08\u53ef\u9009\uff09 cinder-backup\u662f\u53ef\u9009\u7684\u5907\u4efd\u670d\u52a1\uff0ccinder\u540c\u6837\u652f\u6301\u5f88\u591a\u79cd\u5907\u4efd\u540e\u7aef\uff0c\u672c\u6587\u4f7f\u7528swift\u5b58\u50a8\uff0c\u5982\u679c\u60a8\u60f3\u4f7f\u7528\u5982NFS\u7b49\u540e\u7aef\uff0c\u8bf7\u81ea\u884c\u914d\u7f6e\uff0c\u4f8b\u5982\u53ef\u4ee5\u53c2\u8003 OpenStack\u5b98\u65b9\u6587\u6863 \u5bf9NFS\u7684\u914d\u7f6e\u8bf4\u660e\u3002 \u4fee\u6539 /etc/cinder/cinder.conf \uff0c\u5728 [DEFAULT] \u4e2d\u65b0\u589e [DEFAULT] backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver backup_swift_url = SWIFT_URL \u8fd9\u91cc\u7684 SWIFT_URL \u662f\u6307\u73af\u5883\u4e2dswift\u670d\u52a1\u7684URL\uff0c\u5728\u90e8\u7f72\u5b8cswift\u670d\u52a1\u540e\uff0c\u6267\u884c openstack catalog show object-store \u547d\u4ee4\u83b7\u53d6\u3002 \u542f\u52a8\u670d\u52a1 systemctl start openstack-cinder-volume target systemctl start openstack-cinder-backup (\u53ef\u9009) \u81f3\u6b64\uff0cCinder\u670d\u52a1\u7684\u90e8\u7f72\u5df2\u5168\u90e8\u5b8c\u6210\uff0c\u53ef\u4ee5\u5728controller\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u8fdb\u884c\u7b80\u5355\u7684\u9a8c\u8bc1 source ~/.admin-openrc openstack storage service list openstack volume list","title":"Cinder"},{"location":"install/openEuler-25.03/OpenStack-antelope/#horizon","text":"Horizon\u662fOpenStack\u63d0\u4f9b\u7684\u524d\u7aef\u9875\u9762\uff0c\u53ef\u4ee5\u8ba9\u7528\u6237\u901a\u8fc7\u7f51\u9875\u9f20\u6807\u7684\u64cd\u4f5c\u6765\u63a7\u5236OpenStack\u96c6\u7fa4\uff0c\u800c\u4e0d\u7528\u7e41\u7410\u7684CLI\u547d\u4ee4\u884c\u3002Horizon\u4e00\u822c\u90e8\u7f72\u5728\u63a7\u5236\u8282\u70b9\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-dashboard \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] OPENSTACK_KEYSTONE_URL = \"http://controller:5000/v3\" SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f\u670d\u52a1 systemctl restart httpd \u81f3\u6b64\uff0chorizon\u670d\u52a1\u7684\u90e8\u7f72\u5df2\u5168\u90e8\u5b8c\u6210\uff0c\u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165 http://192.168.0.2/dashboard \uff0c\u6253\u5f00horizon\u767b\u5f55\u9875\u9762\u3002","title":"Horizon"},{"location":"install/openEuler-25.03/OpenStack-antelope/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASS'; MariaDB [(none)]> exit Bye \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 \u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 \u66ff\u6362 IRONIC_PASS \u4e3aironic\u7528\u6237\u5bc6\u7801\uff0c IRONIC_INSPECTOR_PASS \u4e3aironic_inspector\u7528\u6237\u5bc6\u7801\u3002 openstack user create --password IRONIC_PASS \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASS --email ironic_inspector@example.com ironic-inspector openstack role add --project service --user ironic-inspector admin \u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal public http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal internal http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://192.168.0.2:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://192.168.0.2:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://192.168.0.2:5050/v1 \u5b89\u88c5\u7ec4\u4ef6 dnf install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf \u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASS \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQ LAlchemy connection string used to connect to the # database (string value) # connection = mysql+pymysql://ironic:IRONIC_DBPASS@DB_IP/ironic connection = mysql+pymysql://ironic:IRONIC_DBPASS@controller/ironic \u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) # transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq \u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASS \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s % (user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) # www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 www_authenticate_uri=http://controller:5000 # Complete admin Identity API endpoint. (string value) # auth_url=http://PRIVATE_IDENTITY_IP:5000 auth_url=http://controller:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASS # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none \u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema \u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 \u5982\u4e0b\u4e3aironic-conductor\u670d\u52a1\u81ea\u8eab\u7684\u6807\u51c6\u914d\u7f6e\uff0cironic-conductor\u670d\u52a1\u53ef\u4ee5\u4e0eironic-api\u670d\u52a1\u5206\u5e03\u4e8e\u4e0d\u540c\u8282\u70b9\uff0c\u672c\u6307\u5357\u4e2d\u5747\u90e8\u7f72\u4e0e\u63a7\u5236\u8282\u70b9\uff0c\u6240\u4ee5\u91cd\u590d\u7684\u914d\u7f6e\u9879\u53ef\u8df3\u8fc7\u3002 \u66ff\u6362\u4f7f\u7528conductor\u670d\u52a1\u6240\u5728host\u7684IP\u914d\u7f6emy_ip\uff1a [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) # my_ip=HOST_IP my_ip = 192.168.0.2 \u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASS \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASS@controller/ironic \u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq \u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c \u66ff\u6362IRONIC_PASS\u4e3aironic\u7528\u6237\u5bc6\u7801\u3002 [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASS # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public # \u5176\u4ed6\u53c2\u8003\u914d\u7f6e [glance] endpoint_override = http://controller:9292 www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 auth_type = password username = ironic password = IRONIC_PASS project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service [service_catalog] region_name = RegionOne project_domain_id = default user_domain_id = default project_name = service password = IRONIC_PASS username = ironic auth_url = http://controller:5000 auth_type = password \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] endpoint_override = <NEUTRON_API_ADDRESS> \u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 \u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u5b89\u88c5\u7ec4\u4ef6 dnf install openstack-ironic-inspector \u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASS'; MariaDB [(none)]> exit Bye \u914d\u7f6e /etc/ironic-inspector/inspector.conf \u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASS \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801 [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASS@controller/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 \u914d\u7f6e\u6d88\u606f\u961f\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s % (user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://controller:5000 www_authenticate_uri = http://controller:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = controller:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True \u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=192.168.0.40,192.168.0.50 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log \u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c \u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade \u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 dnf install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd deploy ramdisk\u955c\u50cf\u4e0b\u8f7d\u6216\u5236\u4f5c \u90e8\u7f72\u4e00\u4e2a\u88f8\u673a\u8282\u70b9\u603b\u5171\u9700\u8981\u4e24\u7ec4\u955c\u50cf\uff1adeploy ramdisk images\u548cuser images\u3002Deploy ramdisk images\u4e0a\u8fd0\u884c\u6709ironic-python-agent(IPA)\u670d\u52a1\uff0cIronic\u901a\u8fc7\u5b83\u8fdb\u884c\u88f8\u673a\u8282\u70b9\u7684\u73af\u5883\u51c6\u5907\u3002User images\u662f\u6700\u7ec8\u88ab\u5b89\u88c5\u88f8\u673a\u8282\u70b9\u4e0a\uff0c\u4f9b\u7528\u6237\u4f7f\u7528\u7684\u955c\u50cf\u3002 ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent-builder\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002\u82e5\u4f7f\u7528\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \uff0c\u540c\u65f6\u5b98\u65b9\u4e5f\u6709\u63d0\u4f9b\u5236\u4f5c\u597d\u7684deploy\u955c\u50cf\uff0c\u53ef\u5c1d\u8bd5\u4e0b\u8f7d\u3002 \u4e0b\u6587\u4ecb\u7ecd\u901a\u8fc7ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder dnf install python3-ironic-python-agent-builder \u6216 pip3 install ironic-python-agent-builder dnf install qemu-img git \u5236\u4f5c\u955c\u50cf \u57fa\u672c\u7528\u6cd5\uff1a usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--lzma] [--extra-args EXTRA_ARGS] [--elements-path ELEMENTS_PATH] distribution positional arguments: distribution Distribution to use options: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic-python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --lzma Use lzma compression for smaller images --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder --elements-path ELEMENTS_PATH Path(s) to custom DIB elements separated by a colon \u64cd\u4f5c\u5b9e\u4f8b\uff1a # -o\u9009\u9879\u6307\u5b9a\u751f\u6210\u7684\u955c\u50cf\u540d # ubuntu\u6307\u5b9a\u751f\u6210ubuntu\u7cfb\u7edf\u7684\u955c\u50cf ironic-python-agent-builder -o my-ubuntu-ipa ubuntu \u53ef\u901a\u8fc7\u8bbe\u7f6e ARCH \u73af\u5883\u53d8\u91cf\uff08\u9ed8\u8ba4\u4e3aamd64\uff09\u6307\u5b9a\u6240\u6784\u5efa\u955c\u50cf\u7684\u67b6\u6784\u3002\u5982\u679c\u662f arm \u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a export ARCH=aarch64 \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf,\u8bbe\u7f6e\u7528\u6237\u540d\u3001\u5bc6\u7801\uff0c\u542f\u7528 sodo \u6743\u9650\uff1b\u5e76\u6dfb\u52a0 -e \u9009\u9879\u4f7f\u7528\u76f8\u5e94\u7684DIB\u5143\u7d20\u3002\u5236\u4f5c\u955c\u50cf\u64cd\u4f5c\u5982\u4e0b\uff1a export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder -o my-ssh-ubuntu-ipa -e selinux-permissive -e devuser ubuntu \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=stable/2023.1 # \u6307\u5b9a\u672c\u5730\u4ed3\u5e93\u53ca\u5206\u652f DIB_REPOLOCATION_ironic_python_agent=/home/user/path/to/repo DIB_REPOREF_ironic_python_agent=my-test-branch ironic-python-agent-builder ubuntu \u53c2\u8003\uff1a source-repositories \u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\u3002 \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a \u5f53\u524d\u7248\u672c\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ ramdisk\u955c\u50cf\u4e2d\u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 \u7f16\u8f91/usr/lib/systemd/system/ironic-python-agent.service\u6587\u4ef6 [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target","title":"Ironic"},{"location":"install/openEuler-25.03/OpenStack-antelope/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2atrove\u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684trove\u6570\u636e\u5e93\uff0c\u66ff\u6362TROVE_DBPASS\u4e3a\u5408\u9002\u7684\u5bc6\u7801\u3002 CREATE DATABASE trove CHARACTER SET utf8; GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' IDENTIFIED BY 'TROVE_DBPASS'; GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' IDENTIFIED BY 'TROVE_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 # \u521b\u5efatrove\u7528\u6237 openstack user create --domain default --password-prompt trove # \u6dfb\u52a0admin\u89d2\u8272 openstack role add --project service --user trove admin # \u521b\u5efadatabase\u670d\u52a1 openstack service create --name trove --description \"Database service\" database \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5Trove\u3002 dnf install openstack-trove python-troveclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 \u7f16\u8f91/etc/trove/trove.conf\u3002 [DEFAULT] bind_host=192.168.0.2 log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver network_label_regex=.* management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] auth_url = http://controller:5000/v3/ auth_type = password project_domain_name = Default project_name = service user_domain_name = Default password = trove username = TROVE_PASS [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = trove password = TROVE_PASS [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u63a7\u5236\u8282\u70b9\u7684IP\u3002\\ transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801\u3002\\ [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f\u3002\\ Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801\u3002 \u7f16\u8f91/etc/trove/trove-guestagent.conf\u3002 [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df\u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a\u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002\\ transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801\u3002\\ Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801\u3002\\ \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 \u6570\u636e\u5e93\u540c\u6b65\u3002 su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-trove-api.service openstack-trove-taskmanager.service \\ openstack-trove-conductor.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove"},{"location":"install/openEuler-25.03/OpenStack-antelope/#swift","text":"Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 Controller\u8282\u70b9 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 # \u521b\u5efaswift\u7528\u6237 openstack user create --domain default --password-prompt swift # \u6dfb\u52a0admin\u89d2\u8272 openstack role add --project service --user swift admin # \u521b\u5efa\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5Swift\u3002 dnf install openstack-swift-proxy python3-swiftclient python3-keystoneclient \\ python3-keystonemiddleware memcached \u914d\u7f6eproxy-server\u3002 Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cSWIFT_PASS\u5373\u53ef\u3002 vim /etc/swift/proxy-server.conf [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = swift password = SWIFT_PASS delay_auth_decision = True service_token_roles_required = True Storage\u8282\u70b9 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305\u3002 dnf install openstack-swift-account openstack-swift-container openstack-swift-object dnf install xfsprogs rsync \u5c06\u8bbe\u5907/dev/sdb\u548c/dev/sdc\u683c\u5f0f\u5316\u4e3aXFS\u3002 mkfs.xfs /dev/sdb mkfs.xfs /dev/sdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u3002 mkdir -p /srv/node/sdb mkdir -p /srv/node/sdc \u627e\u5230\u65b0\u5206\u533a\u7684UUID\u3002 blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d\u3002 UUID=\"<UUID-from-output-above>\" /srv/node/sdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/sdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\u3002 mount /srv/node/sdb mount /srv/node/sdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e\u3002 \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u914d\u7f6e\u5b58\u50a8\u8282\u70b9\u3002 \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 [DEFAULT] bind_ip = 192.168.0.4 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743\u3002 chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\u3002 mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift Controller\u8282\u70b9\u521b\u5efa\u5e76\u5206\u53d1\u73af \u521b\u5efa\u8d26\u53f7\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840 account.builder \u6587\u4ef6\u3002 swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder account.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS \\ --port 6202 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u8d26\u53f7\u73af\u5185\u5bb9\u3002 swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u8d26\u53f7\u73af\u3002 swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\u3002 swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder container.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u5bb9\u5668\u73af\u5185\u5bb9\u3002 swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u5bb9\u5668\u73af\u3002 swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\u3002 swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder object.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS \\ --port 6200 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u5bf9\u8c61\u73af\u5185\u5bb9\u3002 swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u5bf9\u8c61\u73af\u3002 swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\u3002 \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/swift/swift.conf\u3002 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\u3002 chown -R root:swift /etc/swift \u5b8c\u6210\u5b89\u88c5 \u5728\u63a7\u5236\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\u3002 systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\u3002 systemctl enable openstack-swift-account.service \\ openstack-swift-account-auditor.service \\ openstack-swift-account-reaper.service \\ openstack-swift-account-replicator.service \\ openstack-swift-container.service \\ openstack-swift-container-auditor.service \\ openstack-swift-container-replicator.service \\ openstack-swift-container-updater.service \\ openstack-swift-object.service \\ openstack-swift-object-auditor.service \\ openstack-swift-object-replicator.service \\ openstack-swift-object-updater.service systemctl start openstack-swift-account.service \\ openstack-swift-account-auditor.service \\ openstack-swift-account-reaper.service \\ openstack-swift-account-replicator.service \\ openstack-swift-container.service \\ openstack-swift-container-auditor.service \\ openstack-swift-container-replicator.service \\ openstack-swift-container-updater.service \\ openstack-swift-object.service \\ openstack-swift-object-auditor.service \\ openstack-swift-object-replicator.service \\ openstack-swift-object-updater.service","title":"Swift"},{"location":"install/openEuler-25.03/OpenStack-antelope/#cyborg","text":"Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 Controller\u8282\u70b9 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 mysql -u root -p MariaDB [(none)]> CREATE DATABASE cyborg; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u7528\u6237\u548c\u670d\u52a1\uff0c\u5e76\u8bb0\u4f4f\u521b\u5efacybory\u7528\u6237\u65f6\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6eCYBORG_PASS source ~/.admin-openrc openstack user create --domain default --password-prompt cyborg openstack role add --project service --user cyborg admin openstack service create --name cyborg --description \"Acceleration Service\" accelerator \u4f7f\u7528uwsgi\u90e8\u7f72Cyborg api\u670d\u52a1 openstack endpoint create --region RegionOne accelerator public http://controller/accelerator/v2 openstack endpoint create --region RegionOne accelerator internal http://controller/accelerator/v2 openstack endpoint create --region RegionOne accelerator admin http://controller/accelerator/v2 \u5b89\u88c5Cyborg dnf install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [api] host_ip = 0.0.0.0 [database] connection = mysql+pymysql://cyborg:CYBORG_DBPASS@controller/cyborg [service_catalog] cafile = /opt/stack/data/ca-bundle.pem project_domain_id = default user_domain_id = default project_name = service password = CYBORG_PASS username = cyborg auth_url = http://controller:5000/v3/ auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = password username = PLACEMENT_PASS auth_url = http://controller:5000/v3/ auth_type = password auth_section = keystone_authtoken [nova] project_domain_name = Default project_name = service user_domain_name = Default password = NOVA_PASS username = nova auth_url = http://controller:5000/v3/ auth_type = password auth_section = keystone_authtoken [keystone_authtoken] memcached_servers = localhost:11211 signing_dir = /var/cache/cyborg/api cafile = /opt/stack/data/ca-bundle.pem project_domain_name = Default project_name = service user_domain_name = Default password = CYBORG_PASS username = cyborg auth_url = http://controller:5000/v3/ auth_type = password \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent","title":"Cyborg"},{"location":"install/openEuler-25.03/OpenStack-antelope/#aodh","text":"Aodh\u53ef\u4ee5\u6839\u636e\u7531Ceilometer\u6216\u8005Gnocchi\u6536\u96c6\u7684\u76d1\u63a7\u6570\u636e\u521b\u5efa\u544a\u8b66\uff0c\u5e76\u8bbe\u7f6e\u89e6\u53d1\u89c4\u5219\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh\u3002 dnf install openstack-aodh-api openstack-aodh-evaluator \\ openstack-aodh-notifier openstack-aodh-listener \\ openstack-aodh-expirer python3-aodhclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/aodh/aodh.conf [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u540c\u6b65\u6570\u636e\u5e93\u3002 aodh-dbsync \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service \\ openstack-aodh-notifier.service openstack-aodh-listener.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service \\ openstack-aodh-notifier.service openstack-aodh-listener.service","title":"Aodh"},{"location":"install/openEuler-25.03/OpenStack-antelope/#gnocchi","text":"Gnocchi\u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u65f6\u95f4\u5e8f\u5217\u6570\u636e\u5e93\uff0c\u53ef\u4ee5\u5bf9\u63a5Ceilometer\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi\u3002 dnf install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. # coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u540c\u6b65\u6570\u636e\u5e93\u3002 gnocchi-upgrade \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service","title":"Gnocchi"},{"location":"install/openEuler-25.03/OpenStack-antelope/#ceilometer","text":"Ceilometer\u662fOpenStack\u4e2d\u8d1f\u8d23\u6570\u636e\u6536\u96c6\u7684\u670d\u52a1\u3002 Controller\u8282\u70b9 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer\u8f6f\u4ef6\u5305\u3002 dnf install openstack-ceilometer-notification openstack-ceilometer-central \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/pipeline.yaml\u3002 publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/ceilometer.conf\u3002 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u6570\u636e\u5e93\u540c\u6b65\u3002 ceilometer-upgrade \u5b8c\u6210\u63a7\u5236\u8282\u70b9Ceilometer\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Compute\u8282\u70b9 \u5b89\u88c5Ceilometer\u8f6f\u4ef6\u5305\u3002 dnf install openstack-ceilometer-compute dnf install openstack-ceilometer-ipmi # \u53ef\u9009 \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/ceilometer.conf\u3002 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_url = http://controller:5000 project_domain_id = default user_domain_id = default auth_type = password username = ceilometer project_name = service password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/nova/nova.conf\u3002 [DEFAULT] instance_usage_audit = True instance_usage_audit_period = hour [notifications] notify_on_state_change = vm_and_task_state [oslo_messaging_notifications] driver = messagingv2 \u5b8c\u6210\u5b89\u88c5\u3002 systemctl enable openstack-ceilometer-compute.service systemctl start openstack-ceilometer-compute.service systemctl enable openstack-ceilometer-ipmi.service # \u53ef\u9009 systemctl start openstack-ceilometer-ipmi.service # \u53ef\u9009 # \u91cd\u542fnova-compute\u670d\u52a1 systemctl restart openstack-nova-compute.service","title":"Ceilometer"},{"location":"install/openEuler-25.03/OpenStack-antelope/#heat","text":"Heat\u662f OpenStack \u81ea\u52a8\u7f16\u6392\u670d\u52a1\uff0c\u57fa\u4e8e\u63cf\u8ff0\u6027\u7684\u6a21\u677f\u6765\u7f16\u6392\u590d\u5408\u4e91\u5e94\u7528\uff0c\u4e5f\u79f0\u4e3a Orchestration Service \u3002Heat \u7684\u5404\u670d\u52a1\u4e00\u822c\u5b89\u88c5\u5728 Controller \u8282\u70b9\u4e0a\u3002 Controller\u8282\u70b9 \u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE heat; MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 source ~/.admin-openrc openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f \u521b\u5efa heat domain openstack domain create --description \"Stack projects and users\" heat \u5728 heat domain\u4e0b\u521b\u5efa heat_domain_admin \u7528\u6237\uff0c\u5e76\u8bb0\u4e0b\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6e\u4e0b\u9762\u7684 HEAT_DOMAIN_PASS openstack user create --domain heat --password-prompt heat_domain_admin \u4e3a heat_domain_admin \u7528\u6237\u589e\u52a0 admin \u89d2\u8272 openstack role add --domain heat --user-domain heat --user heat_domain_admin admin \u521b\u5efa heat_stack_owner \u89d2\u8272 openstack role create heat_stack_owner \u521b\u5efa heat_stack_user \u89d2\u8272 openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service","title":"Heat"},{"location":"install/openEuler-25.03/OpenStack-antelope/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 Controller\u8282\u70b9 \uff1a \u5b89\u88c5Tempest dnf install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Antelope\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a dnf install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin","title":"Tempest"},{"location":"install/openEuler-25.03/OpenStack-antelope/#openstack-sigoos","text":"oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 yum install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff0cAK/SK\u662f\u7528\u6237\u7684\u534e\u4e3a\u4e91\u767b\u5f55\u5bc6\u94a5\uff0c\u5176\u4ed6\u914d\u7f6e\u4fdd\u6301\u9ed8\u8ba4\u5373\u53ef\uff08\u9ed8\u8ba4\u4f7f\u7528\u65b0\u52a0\u5761region\uff09\uff0c\u9700\u8981\u63d0\u524d\u5728\u4e91\u4e0a\u521b\u5efa\u5bf9\u5e94\u7684\u8d44\u6e90\uff0c\u5305\u62ec\uff1a \u4e00\u4e2a\u5b89\u5168\u7ec4\uff0c\u540d\u5b57\u9ed8\u8ba4\u662f oos \u4e00\u4e2aopenEuler\u955c\u50cf\uff0c\u540d\u79f0\u683c\u5f0f\u662fopenEuler-%(release)s-%(arch)s\uff0c\u4f8b\u5982 openEuler-25.03-arm64 \u4e00\u4e2aVPC\uff0c\u540d\u79f0\u662f oos_vpc \u8be5VPC\u4e0b\u9762\u4e24\u4e2a\u5b50\u7f51\uff0c\u540d\u79f0\u662f oos_subnet1 \u3001 oos_subnet2 [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668(\u53ea\u5728openEuler LTS\u4e0a\u652f\u6301) \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0|openEuler 25.03\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 25.03 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r antelope \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u6267\u884ctempest\u6d4b\u8bd5 \u7528\u6237\u53ef\u4ee5\u4f7f\u7528oos\u81ea\u52a8\u6267\u884c\uff1a oos env test test-oos \u4e5f\u53ef\u4ee5\u624b\u52a8\u767b\u5f55\u76ee\u6807\u8282\u70b9\uff0c\u8fdb\u5165\u6839\u76ee\u5f55\u4e0b\u7684 mytest \u76ee\u5f55\uff0c\u624b\u52a8\u6267\u884c tempest run \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u8df3\u8fc7\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u5728\u7b2c4\u6b65\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 \u88ab\u7eb3\u7ba1\u7684\u865a\u673a\u9700\u8981\u4fdd\u8bc1\uff1a \u81f3\u5c11\u6709\u4e00\u5f20\u7ed9oos\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e neutron_dataplane_interface_name \u81f3\u5c11\u6709\u4e00\u5757\u7ed9oos\u4f7f\u7528\u7684\u786c\u76d8\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e cinder_block_device \u5982\u679c\u8981\u90e8\u7f72swift\u670d\u52a1\uff0c\u5219\u9700\u8981\u65b0\u589e\u4e00\u5757\u786c\u76d8\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e swift_storage_devices # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 25.03 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"\u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u90e8\u7f72"},{"location":"security/security-guide/","text":"OpenStack\u5b89\u5168\u6307\u5357 \u00b6 \u672c\u6587\u7ffb\u8bd1\u81ea \u4e0a\u6e38\u5b89\u5168\u6307\u5357 OpenStack\u5b89\u5168\u6307\u5357 \u6458\u8981 \u5185\u5bb9 \u7ea6\u5b9a \u6ce8\u610f\u4e8b\u9879 \u547d\u4ee4\u63d0\u793a\u7b26 \u4ecb\u7ecd \u81f4\u8c22 \u6211\u4eec\u4e3a\u4ec0\u4e48\u4ee5\u53ca\u5982\u4f55\u5199\u8fd9\u672c\u4e66 \u76ee\u6807 \u5199\u4f5c\u8bb0\u5f55 \u5982\u4f55\u4e3a\u672c\u4e66\u505a\u8d21\u732e OpenStack \u7b80\u4ecb \u4e91\u7c7b\u578b \u516c\u6709\u4e91 \u79c1\u6709\u4e91 \u793e\u533a\u4e91 \u6df7\u5408\u4e91 OpenStack \u670d\u52a1\u6982\u8ff0 \u8ba1\u7b97 \u5bf9\u8c61\u5b58\u50a8 \u5757\u5b58\u50a8 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf \u7f51\u7edc \u4eea\u8868\u677f \u8eab\u4efd\u9274\u522b\u670d\u52a1 \u955c\u50cf\u670d\u52a1 \u6570\u636e\u5904\u7406\u670d\u52a1 \u5176\u4ed6\u914d\u5957\u6280\u672f \u5b89\u5168\u8fb9\u754c\u548c\u5a01\u80c1 \u5b89\u5168\u57df \u516c\u5171 \u8bbf\u5ba2 \u7ba1\u7406 \u6570\u636e \u6865\u63a5\u5b89\u5168\u57df \u5a01\u80c1\u5206\u7c7b\u3001\u53c2\u4e0e\u8005\u548c\u653b\u51fb\u5411\u91cf \u5a01\u80c1\u53c2\u4e0e\u8005 \u60c5\u62a5\u673a\u6784 \u4e25\u91cd\u6709\u7ec4\u7ec7\u72af\u7f6a \u9ad8\u80fd\u529b\u7684\u56e2\u961f \u6709\u52a8\u673a\u7684\u4e2a\u4eba \u811a\u672c\u653b\u51fb\u8005 \u516c\u6709\u4e91\u548c\u79c1\u6709\u4e91\u6ce8\u610f\u4e8b\u9879 \u51fa\u7ad9\u653b\u51fb\u548c\u58f0\u8a89\u98ce\u9669 \u653b\u51fb\u7c7b\u578b \u9009\u62e9\u652f\u6301\u8f6f\u4ef6 \u56e2\u961f\u4e13\u4e1a\u77e5\u8bc6 \u4ea7\u54c1\u6216\u9879\u76ee\u6210\u719f\u5ea6 \u901a\u7528\u6807\u51c6 \u786c\u4ef6\u95ee\u9898 \u7cfb\u7edf\u6587\u6863 \u7cfb\u7edf\u6587\u6863\u8981\u6c42 \u7cfb\u7edf\u89d2\u8272\u548c\u7c7b\u578b \u57fa\u7840\u8bbe\u65bd\u8282\u70b9 \u8ba1\u7b97\u3001\u5b58\u50a8\u6216\u5176\u4ed6\u8d44\u6e90\u8282\u70b9 \u7cfb\u7edf\u6e05\u5355 \u786c\u4ef6\u6e05\u5355 \u8f6f\u4ef6\u6e05\u5355 \u7f51\u7edc\u62d3\u6251 \u670d\u52a1\u3001\u534f\u8bae\u548c\u7aef\u53e3 \u7ba1\u7406 \u6301\u7eed\u7684\u7cfb\u7edf\u7ba1\u7406 \u6f0f\u6d1e\u7ba1\u7406 \u5206\u7c7b \u6d4b\u8bd5\u66f4\u65b0 \u90e8\u7f72\u66f4\u65b0 \u914d\u7f6e\u7ba1\u7406 \u7b56\u7565\u66f4\u6539 \u5b89\u5168\u5907\u4efd\u548c\u6062\u590d \u5b89\u5168\u5ba1\u8ba1\u5de5\u5177 \u5b8c\u6574\u6027\u751f\u547d\u5468\u671f \u5b89\u5168\u5f15\u5bfc \u8282\u70b9\u914d\u7f6e \u9a8c\u8bc1\u542f\u52a8 \u8282\u70b9\u52a0\u56fa \u5f3a\u5236\u8bbf\u95ee\u63a7\u5236 \uff08MAC\uff09 \u5220\u9664\u8f6f\u4ef6\u5305\u5e76\u505c\u6b62\u670d\u52a1 \u53ea\u8bfb\u6587\u4ef6\u7cfb\u7edf \u7cfb\u7edf\u9a8c\u8bc1 \u8fd0\u884c\u65f6\u9a8c\u8bc1 \u5165\u4fb5\u68c0\u6d4b\u7cfb\u7edf \u670d\u52a1\u5668\u52a0\u56fa \u6587\u4ef6\u5b8c\u6574\u6027\u7ba1\u7406\uff08FIM\uff09 \u7ba1\u7406\u754c\u9762 \u4eea\u8868\u677f \u529f\u80fd \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u53c2\u8003\u4e66\u76ee OpenStack \u63a5\u53e3 \u529f\u80fd \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u5b89\u5168\u5916\u58f3 \uff08SSH\uff09 \u4e3b\u673a\u5bc6\u94a5\u6307\u7eb9 \u7ba1\u7406\u5b9e\u7528\u7a0b\u5e8f \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u53c2\u8003\u4e66\u76ee \u5e26\u5916\u7ba1\u7406\u63a5\u53e3 \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u53c2\u8003\u4e66\u76ee \u5b89\u5168\u901a\u4fe1 TLS \u548c SSL \u7b80\u4ecb \u8bc1\u4e66\u9881\u53d1\u673a\u6784 TLS \u5e93 \u52a0\u5bc6\u7b97\u6cd5\u3001\u5bc6\u7801\u6a21\u5f0f\u548c\u534f\u8bae \u603b\u7ed3 TLS \u4ee3\u7406\u548c HTTP \u670d\u52a1 \u793a\u4f8b Pound Stud Nginx Apache HTTP \u4e25\u683c\u4f20\u8f93\u5b89\u5168 \u5b8c\u5168\u524d\u5411\u4fdd\u5bc6 \u5b89\u5168\u53c2\u8003\u67b6\u6784 SSL/TLS \u4ee3\u7406\u5728\u524d\u9762 \u4e0e API \u7aef\u70b9\u4f4d\u4e8e\u540c\u4e00\u7269\u7406\u4e3b\u673a\u4e0a\u7684 SSL/TLS SSL/TLS\u8d1f\u8f7d\u5e73\u8861\u5668 \u5916\u90e8\u548c\u5185\u90e8\u73af\u5883\u7684\u52a0\u5bc6\u5206\u79bb API \u7aef\u70b9 API \u7aef\u70b9\u914d\u7f6e\u5efa\u8bae \u5185\u90e8 API \u901a\u4fe1 \u5728\u8eab\u4efd\u670d\u52a1\u76ee\u5f55\u4e2d\u914d\u7f6e\u5185\u90e8 URL \u4e3a\u5185\u90e8 URL \u914d\u7f6e\u5e94\u7528\u7a0b\u5e8f \u7c98\u8d34\u548c\u4e2d\u95f4\u4ef6 API \u7aef\u70b9\u8fdb\u7a0b\u9694\u79bb\u548c\u7b56\u7565 \u547d\u540d\u7a7a\u95f4 \u7f51\u7edc\u7b56\u7565 \u5f3a\u5236\u8bbf\u95ee\u63a7\u5236 API \u7aef\u70b9\u901f\u7387\u9650\u5236 \u8eab\u4efd\u9274\u522b \u8ba4\u8bc1 \u65e0\u6548\u7684\u767b\u5f55\u5c1d\u8bd5 \u591a\u56e0\u7d20\u8eab\u4efd\u9a8c\u8bc1 \u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5 \u5185\u90e8\u5b9e\u73b0\u7684\u8ba4\u8bc1\u65b9\u5f0f \u5916\u90e8\u8ba4\u8bc1\u65b9\u5f0f \u6388\u6743 \u5efa\u7acb\u6b63\u5f0f\u7684\u8bbf\u95ee\u63a7\u5236\u7b56\u7565 \u670d\u52a1\u6388\u6743 \u7ba1\u7406\u5458\u7528\u6237 \u7ec8\u7aef\u7528\u6237 \u653f\u7b56 \u4ee4\u724c Fernet \u4ee4\u724c JWT \u4ee4\u724c \u57df \u8054\u5408\u9274\u6743 \u4e3a\u4ec0\u4e48\u8981\u4f7f\u7528\u8054\u5408\u8eab\u4efd\uff1f \u68c0\u67e5\u8868 Check-Identity-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a keystone\uff1f Check-Identity-02\uff1a\u662f\u5426\u4e3a Identity \u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u6743\u9650\uff1f Check-Identity-03\uff1a\u662f\u5426\u4e3a Identity \u542f\u7528\u4e86 TLS\uff1f Check-Identity-04\uff1a\uff08\u5df2\u8fc7\u65f6\uff09 Check-Identity-05\uff1a\u662f\u5426 max_request_body_size \u8bbe\u7f6e\u4e3a\u9ed8\u8ba4\u503c \uff08114688\uff09\uff1f check-identity-06:\u7981\u7528/etc/keystone/keystone.conf\u4e2d\u7684\u7ba1\u7406\u4ee4\u724c check-identity-07:/etc/keystone/keystone.conf\u4e2d\u7684\u4e0d\u5b89\u5168_\u8c03\u8bd5\u4e3a\u5047 check-identity-08:\u4f7f\u7528/etc/keystone/keystone.conf\u4e2d\u7684Fernet\u4ee4\u724c \u4eea\u8868\u677f \u57df\u540d\u3001\u4eea\u8868\u677f\u5347\u7ea7\u548c\u57fa\u672c Web \u670d\u52a1\u5668\u914d\u7f6e \u57df\u540d \u57fa\u672c\u7684 Web \u670d\u52a1\u5668\u914d\u7f6e \u5141\u8bb8\u7684\u4e3b\u673a Horizon \u955c\u50cf\u4e0a\u4f20 HTTPS\u3001HSTS\u3001XSS \u548c SSRF \u8de8\u7ad9\u811a\u672c \uff08XSS\uff09 \u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020 \uff08CSRF\uff09 \u8de8\u5e27\u811a\u672c \uff08XFS\uff09 HTTPS \u51fd\u6570 HTTP \u4e25\u683c\u4f20\u8f93\u5b89\u5168 \uff08HSTS\uff09 \u524d\u7aef\u7f13\u5b58\u548c\u4f1a\u8bdd\u540e\u7aef \u524d\u7aef\u7f13\u5b58 \u4f1a\u8bdd\u540e\u7aef \u9759\u6001\u5a92\u4f53 \u5bc6\u7801 \u5bc6\u94a5 Cookies \u8de8\u57df\u8d44\u6e90\u5171\u4eab \uff08CORS\uff09 \u8c03\u8bd5 \u68c0\u67e5\u8868 Check-Dashboard-01\uff1a\u7528\u6237/\u914d\u7f6e\u6587\u4ef6\u7ec4\u662f\u5426\u8bbe\u7f6e\u4e3a root/horizon\uff1f Check-Dashboard-02\uff1a\u662f\u5426\u4e3a Horizon \u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u6743\u9650\uff1f Check-Dashboard-03\uff1a\u53c2\u6570\u662f\u5426 DISALLOW_IFRAME_EMBED \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-04\uff1a\u53c2\u6570\u662f\u5426 CSRF_COOKIE_SECURE \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-05\uff1a\u53c2\u6570\u662f\u5426 SESSION_COOKIE_SECURE \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-06\uff1a\u53c2\u6570\u662f\u5426 SESSION_COOKIE_HTTPONLY \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-07\uff1a PASSWORD_AUTOCOMPLETE \u8bbe\u7f6e\u4e3a False \uff1f Check-Dashboard-08\uff1a DISABLE_PASSWORD_REVEAL \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-09\uff1a ENFORCE_PASSWORD_CHECK \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-10\uff1a\u662f\u5426 PASSWORD_VALIDATOR \u5df2\u914d\u7f6e\uff1f Check-Dashboard-11\uff1a\u662f\u5426 SECURE_PROXY_SSL_HEADER \u5df2\u914d\u7f6e\uff1f \u8ba1\u7b97 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u9009\u62e9 OpenStack \u4e2d\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f \u9009\u62e9\u6807\u51c6 \u56e2\u961f\u4e13\u957f \u4ea7\u54c1\u6216\u9879\u76ee\u6210\u719f\u5ea6 \u8ba4\u8bc1\u548c\u8bc1\u660e \u901a\u7528\u6807\u51c6 \u5bc6\u7801\u5b66\u6807\u51c6 FIPS 140-2 \u786c\u4ef6\u95ee\u9898 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e0e\u88f8\u673a Hypervisor \u5185\u5b58\u4f18\u5316 KVM \u5185\u6838\u540c\u9875\u5408\u5e76 XEN \u900f\u660e\u9875\u9762\u5171\u4eab \u5185\u5b58\u4f18\u5316\u7684\u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u5176\u4ed6\u5b89\u5168\u529f\u80fd \u53c2\u8003\u4e66\u76ee \u52a0\u56fa\u865a\u62df\u5316\u5c42 \u7269\u7406\u786c\u4ef6\uff08PCI\u76f4\u901a\uff09 \u865a\u62df\u786c\u4ef6 \uff08QEMU\uff09 \u6700\u5c0f\u5316 QEMU \u4ee3\u7801\u5e93 \u7f16\u8bd1\u5668\u52a0\u56fa \u5b89\u5168\u52a0\u5bc6\u865a\u62df\u5316 \u5f3a\u5236\u8bbf\u95ee\u63a7\u5236 sVirt\uff1aSELinux \u548c\u865a\u62df\u5316 \u6807\u7b7e\u548c\u7c7b\u522b SELinux \u7528\u6237\u548c\u89d2\u8272 \u5e03\u5c14\u503c \u52a0\u56fa\u8ba1\u7b97\u90e8\u7f72 OpenStack \u6f0f\u6d1e\u7ba1\u7406\u56e2\u961f OpenStack \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 OpenStack-dev \u90ae\u4ef6\u5217\u8868 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u90ae\u4ef6\u5217\u8868 \u6f0f\u6d1e\u610f\u8bc6 OpenStack \u6f0f\u6d1e\u7ba1\u7406\u56e2\u961f OpenStack \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 OpenStack-discuss \u90ae\u4ef6\u5217\u8868 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u90ae\u4ef6\u5217\u8868 \u5982\u4f55\u9009\u62e9\u865a\u62df\u63a7\u5236\u53f0 \u865a\u62df\u7f51\u7edc\u8ba1\u7b97\u673a \uff08VNC\uff09 \u529f\u80fd \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u53c2\u8003\u4e66\u76ee \u72ec\u7acb\u8ba1\u7b97\u73af\u5883\u7684\u7b80\u5355\u534f\u8bae \uff08SPICE\uff09 \u529f\u80fd \u9650\u5236 \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u53c2\u8003\u4e66\u76ee \u68c0\u67e5\u8868 Check-Compute-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/nova\uff1f Check-Compute-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Compute-03\uff1aKeystone \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Compute-04\uff1a\u662f\u5426\u4f7f\u7528\u5b89\u5168\u534f\u8bae\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Compute-05\uff1aNova \u4e0e Glance \u7684\u901a\u4fe1\u662f\u5426\u5b89\u5168\uff1f \u5757\u5b58\u50a8 \u5377\u64e6\u9664 \u68c0\u67e5\u8868 Check-Block-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/cinder\uff1f Check-Block-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Block-03\uff1aKeystone \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Block-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Block-05\uff1acinder \u662f\u5426\u901a\u8fc7 TLS \u4e0e nova \u901a\u4fe1\uff1f Check-Block-06\uff1acinder \u662f\u5426\u901a\u8fc7 TLS \u4e0e glance \u901a\u4fe1\uff1f Check-Block-07\uff1a NAS \u662f\u5426\u5728\u5b89\u5168\u7684\u73af\u5883\u4e2d\u8fd0\u884c\uff1f Check-Block-08\uff1a\u8bf7\u6c42\u6b63\u6587\u7684\u6700\u5927\u5927\u5c0f\u662f\u5426\u8bbe\u7f6e\u4e3a\u9ed8\u8ba4\u503c \uff08114688\uff09\uff1f Check-Block-09\uff1a\u662f\u5426\u542f\u7528\u4e86\u5377\u52a0\u5bc6\u529f\u80fd\uff1f \u56fe\u50cf\u5b58\u50a8 \u68c0\u67e5\u8868 Check-Image-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/glance\uff1f Check-Image-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Image-03\uff1aKeystone \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Image-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Image-05\uff1a\u662f\u5426\u963b\u6b62\u4e86\u5c4f\u853d\u7aef\u53e3\u626b\u63cf\uff1f \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf \u4ecb\u7ecd \u4e00\u822c\u5b89\u5168\u4fe1\u606f \u7f51\u7edc\u548c\u5b89\u5168\u6a21\u578b \u5171\u4eab\u540e\u7aef\u6a21\u5f0f \u6241\u5e73\u5316\u4e0e\u5206\u6bb5\u5316\u7f51\u7edc \u7f51\u7edc\u63d2\u4ef6 \u5b89\u5168\u670d\u52a1 \u5b89\u5168\u670d\u52a1\u4ecb\u7ecd \u5b89\u5168\u670d\u52a1\u7ba1\u7406 \u5171\u4eab\u8bbf\u95ee\u63a7\u5236 \u5171\u4eab\u7c7b\u578b\u8bbf\u95ee\u63a7\u5236 \u653f\u7b56 \u68c0\u67e5\u8868 Check-Shared-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/manila\uff1f Check-Shared-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Shared-03\uff1aOpenStack Identity \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Shared-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Shared-05\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u8ba1\u7b97\u8054\u7cfb\uff1f Check-Shared-06\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u7f51\u7edc\u8054\u7cfb\uff1f Check-Shared-07\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u5757\u5b58\u50a8\u8054\u7cfb\uff1f Check-Shared-08\uff1a\u8bf7\u6c42\u6b63\u6587\u7684\u6700\u5927\u5927\u5c0f\u662f\u5426\u8bbe\u7f6e\u4e3a\u9ed8\u8ba4\u503c \uff08114688\uff09\uff1f \u8054\u7f51 \u7f51\u7edc\u67b6\u6784 OpenStack Networking \u670d\u52a1\u5728\u7269\u7406\u670d\u52a1\u5668\u4e0a\u7684\u653e\u7f6e \u7269\u7406\u670d\u52a1\u5668\u7684\u7f51\u7edc\u8fde\u63a5 \u7f51\u7edc\u670d\u52a1 \u4f7f\u7528 VLAN \u548c\u96a7\u9053\u7684 L2 \u9694\u79bb VLANs L2 \u96a7\u9053 \u7f51\u7edc\u670d\u52a1 \u8bbf\u95ee\u63a7\u5236\u5217\u8868 L3 \u8def\u7531\u548c NAT \u670d\u52a1\u8d28\u91cf \uff08QoS\uff09 \u8d1f\u8f7d\u5747\u8861 \u9632\u706b\u5899 \u7f51\u7edc\u670d\u52a1\u6269\u5c55 \u7f51\u7edc\u670d\u52a1\u9650\u5236 \u7f51\u7edc\u670d\u52a1\u5b89\u5168\u6700\u4f73\u505a\u6cd5 OpenStack Networking \u670d\u52a1\u914d\u7f6e \u9650\u5236 API \u670d\u52a1\u5668\u7684\u7ed1\u5b9a\u5730\u5740\uff1aneutron-server \u9650\u5236 OpenStack Networking \u670d\u52a1\u7684 DB \u548c RPC \u901a\u4fe1 \u4fdd\u62a4 OpenStack \u7f51\u7edc\u670d\u52a1 \u9879\u76ee\u7f51\u7edc\u670d\u52a1\u5de5\u4f5c\u6d41 \u7f51\u7edc\u8d44\u6e90\u7b56\u7565\u5f15\u64ce \u5b89\u5168\u7ec4 \u914d\u989d \u7f13\u89e3 ARP \u6b3a\u9a97 \u68c0\u67e5\u8868 Check-Neutron-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/neutron\uff1f Check-Neutron-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Neutron-03\uff1aKeystone\u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Neutron-04\uff1a\u662f\u5426\u4f7f\u7528\u5b89\u5168\u534f\u8bae\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Neutron-05\uff1aNeutron API \u670d\u52a1\u5668\u4e0a\u662f\u5426\u542f\u7528\u4e86 TLS\uff1f \u5bf9\u8c61\u5b58\u50a8 \u7f51\u7edc\u5b89\u5168 \u4e00\u822c\u670d\u52a1\u5b89\u5168 \u4ee5\u975e root \u7528\u6237\u8eab\u4efd\u8fd0\u884c\u670d\u52a1 \u6587\u4ef6\u6743\u9650 \u4fdd\u62a4\u5b58\u50a8\u670d\u52a1 \u5bf9\u8c61\u5b58\u50a8\u5e10\u6237\u672f\u8bed \u4fdd\u62a4\u4ee3\u7406\u670d\u52a1 HTTP \u76d1\u542c\u7aef\u53e3 \u8d1f\u8f7d\u5747\u8861\u5668 \u5bf9\u8c61\u5b58\u50a8\u8eab\u4efd\u9a8c\u8bc1 TempAuth \u51fd\u6570 Keystone \u5176\u4ed6\u503c\u5f97\u6ce8\u610f\u7684\u4e8b\u9879 \u673a\u5bc6\u7ba1\u7406 \u73b0\u6709\u6280\u672f\u6458\u8981 \u76f8\u5173 Openstack \u9879\u76ee \u4f7f\u7528\u6848\u4f8b \u955c\u50cf\u7b7e\u540d\u9a8c\u8bc1 \u5377\u52a0\u5bc6 \u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6 Sahara Magnum Octavia/LBaaS Swift \u914d\u7f6e\u6587\u4ef6\u4e2d\u7684\u5bc6\u7801 Barbican \u6982\u8ff0 Barbican \u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236 \u673a\u5bc6\u5b58\u50a8\u540e\u7aef \u52a0\u5bc6\u63d2\u4ef6 \u7b80\u5355\u7684\u52a0\u5bc6\u63d2\u4ef6 PKCS#11 \u52a0\u5bc6\u63d2\u4ef6 \u673a\u5bc6\u5b58\u50a8\u63d2\u4ef6 KMIP \u63d2\u4ef6 Dogtag \u63d2\u4ef6 Vault \u63d2\u4ef6 \u5a01\u80c1\u5206\u6790 Castellan \u6982\u8ff0 \u5e38\u89c1\u95ee\u9898\u89e3\u7b54 \u68c0\u67e5\u8868 Check-Key-Manager-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/barbican\uff1f Check-Key-Manager-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Key-Manager-03\uff1aOpenStack Identity \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Key-Manager-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f \u6d88\u606f\u961f\u5217 \u6d88\u606f\u5b89\u5168 \u6d88\u606f\u4f20\u8f93\u5b89\u5168 RabbitMQ \u670d\u52a1\u5668 SSL \u914d\u7f6e Qpid \u670d\u52a1\u5668 SSL \u914d\u7f6e \u961f\u5217\u8ba4\u8bc1\u548c\u8bbf\u95ee\u63a7\u5236 \u8eab\u4efd\u9a8c\u8bc1\u914d\u7f6e\u793a\u4f8b\uff1aRabbitMQ OpenStack \u670d\u52a1\u914d\u7f6e\uff1aRabbitMQ \u8eab\u4efd\u9a8c\u8bc1\u914d\u7f6e\u793a\u4f8b\uff1aQpid OpenStack \u670d\u52a1\u914d\u7f6e\uff1aQpid \u6d88\u606f\u961f\u5217\u8fdb\u7a0b\u9694\u79bb\u548c\u7b56\u7565 \u547d\u540d\u7a7a\u95f4 \u7f51\u7edc\u7b56\u7565 \u5f3a\u5236\u8bbf\u95ee\u63a7\u5236 \u6570\u636e\u5904\u7406 \u6570\u636e\u5904\u7406\u7b80\u4ecb \u67b6\u6784 \u6d89\u53ca\u7684\u6280\u672f \u7528\u6237\u8bbf\u95ee\u8d44\u6e90 \u90e8\u7f72 \u63a7\u5236\u5668\u5bf9\u96c6\u7fa4\u7684\u7f51\u7edc\u8bbf\u95ee \u914d\u7f6e\u548c\u5f3a\u5316 TLS\u7cfb\u7edf \u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236\u7b56\u7565 \u5b89\u5168\u7ec4 \u4ee3\u7406\u57df \u81ea\u5b9a\u4e49\u7f51\u7edc\u62d3\u6251 \u95f4\u63a5\u8bbf\u95ee Rootwrap \u65e5\u5fd7 \u53c2\u8003\u4e66\u76ee \u6570\u636e\u5e93 \u6570\u636e\u5e93\u540e\u7aef\u6ce8\u610f\u4e8b\u9879 \u6570\u636e\u5e93\u540e\u7aef\u7684\u5b89\u5168\u53c2\u8003 \u6570\u636e\u5e93\u8bbf\u95ee\u63a7\u5236 OpenStack \u6570\u636e\u5e93\u8bbf\u95ee\u6a21\u578b \u7cbe\u7ec6\u8bbf\u95ee\u63a7\u5236 Nova-conductor \u6570\u636e\u5e93\u8ba4\u8bc1\u548c\u8bbf\u95ee\u63a7\u5236 \u6743\u9650 \u8981\u6c42\u7528\u6237\u5e10\u6237\u9700\u8981 SSL \u4f20\u8f93 \u914d\u7f6e\u793a\u4f8b #1\uff1a\uff08MySQL\uff09 \u914d\u7f6e\u793a\u4f8b #2\uff1a\uff08PostgreSQL\uff09 OpenStack \u670d\u52a1\u6570\u636e\u5e93\u914d\u7f6e MySQL :sql_connection \u7684\u5b57\u7b26\u4e32\u793a\u4f8b\uff1a \u4f7f\u7528 X.509 \u8bc1\u4e66\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1 \u914d\u7f6e\u793a\u4f8b #1\uff1a\uff08MySQL\uff09 \u914d\u7f6e\u793a\u4f8b #2\uff1a\uff08PostgreSQL\uff09 OpenStack \u670d\u52a1\u6570\u636e\u5e93\u914d\u7f6e Nova-conductor \u6570\u636e\u5e93\u4f20\u8f93\u5b89\u5168\u6027 \u6570\u636e\u5e93\u670d\u52a1\u5668 IP \u5730\u5740\u7ed1\u5b9a \u9650\u5236 MySQL \u7684\u7ed1\u5b9a\u5730\u5740 \u9650\u5236 PostgreSQL \u7684\u76d1\u542c\u5730\u5740 \u6570\u636e\u5e93\u4f20\u8f93 MySQL SSL\u914d\u7f6e PostgreSQL SSL \u914d\u7f6e \u79df\u6237\u6570\u636e\u9690\u79c1 \u6570\u636e\u9690\u79c1\u95ee\u9898 \u6570\u636e\u9a7b\u7559 \u6570\u636e\u5904\u7f6e \u6570\u636e\u672a\u5b89\u5168\u5220\u9664 \u5b9e\u4f8b\u5185\u5b58\u6e05\u7406 Cinder \u5377\u6570\u636e \u955c\u50cf\u670d\u52a1\u5ef6\u65f6\u5220\u9664\u529f\u80fd \u8ba1\u7b97\u8f6f\u5220\u9664\u529f\u80fd \u8ba1\u7b97\u5b9e\u4f8b\u4e34\u65f6\u5b58\u50a8 \u88f8\u673a\u670d\u52a1\u5668\u6e05\u7406 \u6570\u636e\u52a0\u5bc6 \u5377\u52a0\u5bc6 \u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6 \u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61 \u5757\u5b58\u50a8\u6027\u80fd\u548c\u540e\u7aef \u7f51\u7edc\u6570\u636e \u5bc6\u94a5\u7ba1\u7406 \u53c2\u8003\u4e66\u76ee\uff1a \u5b9e\u4f8b\u5b89\u5168\u7ba1\u7406 \u5b9e\u4f8b\u7684\u5b89\u5168\u670d\u52a1 \u5b9e\u4f8b\u7684\u71b5 \u5c06\u5b9e\u4f8b\u8c03\u5ea6\u5230\u8282\u70b9 \u53ef\u4fe1\u955c\u50cf \u955c\u50cf\u521b\u5efa\u8fc7\u7a0b \u6620\u50cf\u7b7e\u540d\u9a8c\u8bc1 \u5b9e\u4f8b\u8fc1\u79fb \u5b9e\u65f6\u8fc1\u79fb\u98ce\u9669 \u5b9e\u65f6\u8fc1\u79fb\u7f13\u89e3\u63aa\u65bd \u7981\u7528\u5b9e\u65f6\u8fc1\u79fb \u8fc1\u79fb\u7f51\u7edc \u52a0\u5bc6\u5b9e\u65f6\u8fc1\u79fb \u76d1\u63a7\u3001\u544a\u8b66\u548c\u62a5\u544a \u66f4\u65b0\u548c\u8865\u4e01 \u9632\u706b\u5899\u548c\u5176\u4ed6\u57fa\u4e8e\u4e3b\u673a\u7684\u5b89\u5168\u63a7\u5236 \u76d1\u89c6\u548c\u65e5\u5fd7\u8bb0\u5f55 \u53d6\u8bc1\u548c\u4e8b\u4ef6\u54cd\u5e94 \u76d1\u63a7\u7528\u4f8b \u53c2\u8003\u4e66\u76ee \u5408\u89c4 \u5408\u89c4\u6027\u6982\u8ff0 \u5b89\u5168\u539f\u5219 \u5206\u5c42\u9632\u5fa1 \u5b89\u5168\u5931\u8d25 \u6700\u5c0f\u6743\u9650 \u5206\u9694 \u4fc3\u8fdb\u9690\u79c1 \u65e5\u5fd7\u8bb0\u5f55\u80fd\u529b \u5e38\u7528\u63a7\u5236\u6846\u67b6 \u5ba1\u8ba1\u53c2\u8003 \u4e86\u89e3\u5ba1\u6838\u6d41\u7a0b \u786e\u5b9a\u5ba1\u8ba1\u8303\u56f4 \u5ba1\u8ba1\u7684\u9636\u6bb5 \u5185\u90e8\u5ba1\u8ba1 \u51c6\u5907\u5916\u90e8\u5ba1\u8ba1 \u5916\u90e8\u5ba1\u8ba1 \u5408\u89c4\u6027\u7ef4\u62a4 \u5408\u89c4\u6d3b\u52a8 \u4fe1\u606f\u5b89\u5168\u7ba1\u7406\u7cfb\u7edf \uff08ISMS\uff09 \u98ce\u9669\u8bc4\u4f30 \u8bbf\u95ee\u548c\u65e5\u5fd7\u5ba1\u67e5 \u5907\u4efd\u548c\u707e\u96be\u6062\u590d \u5b89\u5168\u57f9\u8bad \u5b89\u5168\u5ba1\u67e5 \u6f0f\u6d1e\u7ba1\u7406 \u6570\u636e\u5206\u7c7b \u5f02\u5e38\u8fc7\u7a0b \u8ba4\u8bc1\u548c\u5408\u89c4\u58f0\u660e \u5546\u4e1a\u6807\u51c6 SOC 1 \uff08SSAE 16\uff09 / ISAE 3402 SOC 2 \u51fd\u6570 SOC 3 \u51fd\u6570 ISO 27001/2 \u8ba4\u8bc1 HIPAA / HITECH PCI-DSS \u653f\u5e9c\u6807\u51c6 FedRAMP ITAR FISMA \u9690\u79c1 \u5b89\u5168\u5ba1\u67e5 \u67b6\u6784\u9875\u9762\u6307\u5357 \u6807\u9898\u3001\u7248\u672c\u4fe1\u606f\u3001\u8054\u7cfb\u65b9\u5f0f \u9879\u76ee\u63cf\u8ff0\u548c\u76ee\u7684 \u4e3b\u8981\u7528\u6237\u548c\u7528\u4f8b \u5916\u90e8\u4f9d\u8d56\u548c\u76f8\u5173\u7684\u5b89\u5168\u5047\u8bbe \u7ec4\u4ef6 \u670d\u52a1\u67b6\u6784\u56fe \u6570\u636e\u8d44\u4ea7 \u6570\u636e\u8d44\u4ea7\u5f71\u54cd\u5206\u6790 \u63a5\u53e3 \u8d44\u6e90 \u5b89\u5168\u68c0\u67e5\u8868 \u9644\u5f55 \u793e\u533a\u652f\u6301 \u6587\u6863 OpenStack wiki Launchpad bug \u533a\u57df \u6587\u6863\u53cd\u9988 OpenStack IRC \u9891\u9053 OpenStack \u90ae\u4ef6\u5217\u8868 OpenStack \u53d1\u884c\u5305 \u8bcd\u6c47\u8868 0-9 A B C D E F G H I J K M N O P Q R S T U V W X Y Z \u6458\u8981 \u00b6 \u672c\u4e66\u63d0\u4f9b\u4e86\u6709\u5173\u4fdd\u62a4OpenStack\u4e91\u7684\u6700\u4f73\u5b9e\u8df5\u548c\u6982\u5ff5\u4fe1\u606f\u3002 \u672c\u6307\u5357\u6700\u540e\u4e00\u6b21\u66f4\u65b0\u662f\u5728Train\u53d1\u5e03\u671f\u95f4\uff0c\u8bb0\u5f55\u4e86OpenStack Train\u3001Stein\u548cRocky\u7248\u672c\u3002\u5b83\u53ef\u80fd\u4e0d\u9002\u7528\u4e8eEOL\u7248\u672c\uff08\u4f8b\u5982Newton\uff09\u3002\u6211\u4eec\u5efa\u8bae\u60a8\u5728\u8ba1\u5212\u4e3a\u60a8\u7684OpenStack\u4e91\u5b9e\u65bd\u5b89\u5168\u63aa\u65bd\u65f6\uff0c\u81ea\u884c\u9605\u8bfb\u672c\u6587\u3002\u672c\u6307\u5357\u4ec5\u4f9b\u53c2\u8003\u3002OpenStack\u5b89\u5168\u56e2\u961f\u57fa\u4e8eOpenStack\u793e\u533a\u7684\u81ea\u613f\u8d21\u732e\u3002\u60a8\u53ef\u4ee5\u5728OFTC IRC\u4e0a\u7684#OpenStack-Security\u9891\u9053\u4e2d\u76f4\u63a5\u8054\u7cfb\u5b89\u5168\u793e\u533a\uff0c\u6216\u8005\u901a\u8fc7\u5411OpenStack-Discussion\u90ae\u4ef6\u5217\u8868\u53d1\u9001\u4e3b\u9898\u6807\u9898\u4e2d\u5e26\u6709[Security]\u524d\u7f00\u7684\u90ae\u4ef6\u6765\u8054\u7cfb\u3002 \u5185\u5bb9 \u00b6 \u7ea6\u5b9a \u901a\u77e5 \u547d\u4ee4\u63d0\u793a\u7b26 \u4ecb\u7ecd \u786e\u5b9a \u6211\u4eec\u4e3a\u4ec0\u4e48\u4ee5\u53ca\u5982\u4f55\u5199\u8fd9\u672c\u4e66 OpenStack\u7b80\u4ecb \u5b89\u5168\u8fb9\u754c\u548c\u5a01\u80c1 \u9009\u62e9\u652f\u6301\u8f6f\u4ef6 \u7cfb\u7edf\u6587\u6863 \u7cfb\u7edf\u6587\u6863\u8981\u6c42 \u7ba1\u7406 \u6301\u7eed\u7684\u7cfb\u7edf\u7ba1\u7406 \u5b8c\u6574\u6027\u751f\u547d\u5468\u671f \u7ba1\u7406\u754c\u9762 \u5b89\u5168\u901a\u4fe1 TLS\u548cSSL\u7b80\u4ecb TLS\u4ee3\u7406\u548cHTTP\u670d\u52a1 \u5b89\u5168\u53c2\u8003\u67b6\u6784 \u7aef\u70b9 APL\u7aef\u70b9\u914d\u7f6e\u5efa\u8bae \u8eab\u4efd \u8ba4\u8bc1 \u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5 \u6388\u6743 \u653f\u7b56 \u4ee4\u724c \u57df \u8054\u5408\u68af\u5f62\u5931\u771f \u6e05\u5355 \u4eea\u8868\u677f \u57df\u540d\u3001\u4eea\u8868\u677f\u5347\u7ea7\u548c\u57fa\u672cWeb\u670d\u52a1\u5668\u914d\u7f6e HTTPS\u3001HSTS\u3001XSS\u548cSSRF \u524d\u7aef\u7f13\u5b58\u548c\u4f1a\u8bdd\u540e\u7aef \u9759\u6001\u5a92\u4f53 \u5bc6\u7801 \u5bc6\u94a5 \u7f51\u7ad9\u6570\u636e \u8de8\u57df\u8d44\u6e90\u5171\u4eab \uff08CORS\uff09 \u8c03\u8bd5 \u68c0\u67e5\u8868 \u8ba1\u7b97 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u9009\u62e9 \u5f3a\u5316\u865a\u62df\u5316\u5c42 \u5f3a\u5316\u8ba1\u7b97\u90e8\u7f72 \u6f0f\u6d1e\u610f\u8bc6 \u5982\u4f55\u9009\u62e9\u865a\u62df\u63a7\u5236\u53f0 \u68c0\u67e5\u8868 \u5757\u5b58\u50a8 \u97f3\u91cf\u64e6\u9664 \u68c0\u67e5\u8868 \u56fe\u50cf\u5b58\u50a8 \u68c0\u67e5\u8868 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf \u4ecb\u7ecd \u7f51\u7edc\u548c\u5b89\u5168\u6a21\u578b \u5b89\u5168\u670d\u52a1 \u5171\u4eab\u8bbf\u95ee\u63a7\u5236 \u5171\u4eab\u7c7b\u578b\u8bbf\u95ee\u63a7\u5236 \u653f\u7b56 \u68c0\u67e5\u8868 \u8054\u7f51 \u7f51\u7edc\u67b6\u6784 \u7f51\u7edc\u670d\u52a1 \u7f51\u7edc\u670d\u52a1\u5b89\u5168\u6700\u4f73\u505a\u6cd5 \u4fdd\u62a4 OpenStack \u7f51\u7edc\u670d\u52a1 \u68c0\u67e5\u8868 \u5bf9\u8c61\u5b58\u50a8 \u7f51\u7edc\u5b89\u5168 \u4e00\u822c\u4e8b\u52a1\u5b89\u5168 \u4fdd\u62a4\u5b58\u50a8\u670d\u52a1 \u4fdd\u62a4\u4ee3\u7406\u670d\u52a1 \u5bf9\u8c61\u5b58\u50a8\u8eab\u4efd\u9a8c\u8bc1 \u5176\u4ed6\u503c\u5f97\u6ce8\u610f\u7684\u9879\u76ee \u673a\u5bc6\u7ba1\u7406 \u73b0\u6709\u6280\u672f\u6458\u8981 \u76f8\u5173 Openstack \u9879\u76ee \u4f7f\u7528\u6848\u4f8b \u5bc6\u94a5\u7ba1\u7406\u670d\u52a1 \u5bc6\u94a5\u7ba1\u7406\u63a5\u53e3 \u5e38\u89c1\u95ee\u9898\u89e3\u7b54 \u68c0\u67e5\u8868 \u6d88\u606f\u961f\u5217 \u90ae\u4ef6\u5b89\u5168 \u6570\u636e\u5904\u7406 \u6570\u636e\u5904\u7406\u7b80\u4ecb \u90e8\u7f72 \u914d\u7f6e\u548c\u5f3a\u5316 \u6570\u636e\u5e93 \u6570\u636e\u5e93\u540e\u7aef\u6ce8\u610f\u4e8b\u9879 \u6570\u636e\u5e93\u8bbf\u95ee\u63a7\u5236 \u6570\u636e\u5e93\u4f20\u8f93\u5b89\u5168\u6027 \u79df\u6237\u6570\u636e\u9690\u79c1 \u6570\u636e\u9690\u79c1\u95ee\u9898 \u6570\u636e\u52a0\u5bc6 \u5bc6\u94a5\u7ba1\u7406 \u5b9e\u4f8b\u5b89\u5168\u7ba1\u7406 \u5b9e\u4f8b\u7684\u5b89\u5168\u670d\u52a1 \u76d1\u89c6\u548c\u65e5\u5fd7\u8bb0\u5f55 \u53d6\u8bc1\u548c\u4e8b\u4ef6\u54cd\u5e94 \u5408\u89c4 \u5408\u89c4\u6027\u6982\u8ff0 \u4e86\u89e3\u5ba1\u6838\u6d41\u7a0b \u5408\u89c4\u6d3b\u52a8 \u8ba4\u8bc1\u548c\u5408\u89c4\u58f0\u660e \u9690\u79c1 \u5b89\u5168\u5ba1\u67e5 \u4f53\u7cfb\u7ed3\u6784\u9875\u9762\u6307\u5357 \u5b89\u5168\u68c0\u67e5\u8868 \u9644\u5f55 \u793e\u533a\u652f\u6301 \u8bcd\u6c47\u8868 \u7ea6\u5b9a \u00b6 OpenStack \u6587\u6863\u4f7f\u7528\u4e86\u51e0\u79cd\u6392\u7248\u7ea6\u5b9a\u3002 \u6ce8\u610f\u4e8b\u9879 \u00b6 \u6ce8\u610f \u5e26\u6709\u9644\u52a0\u4fe1\u606f\u7684\u6ce8\u91ca\uff0c\u7528\u4e8e\u89e3\u91ca\u6587\u672c\u7684\u67d0\u4e00\u90e8\u5206\u3002 \u91cd\u8981 \u5728\u7ee7\u7eed\u4e4b\u524d\uff0c\u60a8\u5fc5\u987b\u6ce8\u610f\u8fd9\u4e00\u70b9\u3002 \u63d0\u793a \u4e00\u4e2a\u989d\u5916\u4f46\u6709\u7528\u7684\u5b9e\u7528\u5efa\u8bae\u3002 \u8b66\u793a \u9632\u6b62\u7528\u6237\u72af\u9519\u8bef\u7684\u6709\u7528\u4fe1\u606f\u3002 \u8b66\u544a \u6709\u5173\u6570\u636e\u4e22\u5931\u98ce\u9669\u6216\u5b89\u5168\u95ee\u9898\u7684\u5173\u952e\u4fe1\u606f\u3002 \u547d\u4ee4\u63d0\u793a\u7b26 \u00b6 $ command \u4efb\u4f55\u7528\u6237\uff08\u5305\u62ecroot\u7528\u6237\uff09\u90fd\u53ef\u4ee5\u8fd0\u884c\u4ee5$\u63d0\u793a\u7b26\u4e3a\u524d\u7f00\u7684\u547d\u4ee4\u3002 # command root\u7528\u6237\u5fc5\u987b\u8fd0\u884c\u524d\u7f00\u4e3a#\u63d0\u793a\u7b26\u7684\u547d\u4ee4\u3002\u60a8\u8fd8\u53ef\u4ee5\u5728\u8fd9\u4e9b\u547d\u4ee4\u524d\u9762\u52a0\u4e0asudo\u547d\u4ee4\uff08\u5982\u679c\u53ef\u7528\uff09\uff0c\u4ee5\u8fd0\u884c\u8fd9\u4e9b\u547d\u4ee4\u3002 \u4ecb\u7ecd \u00b6 \u300aOpenStack \u5b89\u5168\u6307\u5357\u300b\u662f\u8bb8\u591a\u4eba\u7ecf\u8fc7\u4e94\u5929\u534f\u4f5c\u7684\u6210\u679c\u3002\u672c\u6587\u6863\u65e8\u5728\u63d0\u4f9b\u90e8\u7f72\u5b89\u5168 OpenStack \u4e91\u7684\u6700\u4f73\u5b9e\u8df5\u6307\u5357\u3002\u5b83\u65e8\u5728\u53cd\u6620OpenStack\u793e\u533a\u7684\u5f53\u524d\u5b89\u5168\u72b6\u6001\uff0c\u5e76\u4e3a\u7531\u4e8e\u590d\u6742\u6027\u6216\u5176\u4ed6\u7279\u5b9a\u4e8e\u73af\u5883\u7684\u7ec6\u8282\u800c\u65e0\u6cd5\u5217\u51fa\u7279\u5b9a\u5b89\u5168\u63a7\u5236\u63aa\u65bd\u7684\u51b3\u7b56\u63d0\u4f9b\u6846\u67b6\u3002 \u81f4\u8c22 \u6211\u4eec\u4e3a\u4ec0\u4e48\u4ee5\u53ca\u5982\u4f55\u5199\u8fd9\u672c\u4e66 \u76ee\u6807 \u5982\u4f55 OpenStack \u7b80\u4ecb \u4e91\u7c7b\u578b OpenStack \u670d\u52a1\u6982\u8ff0 \u5b89\u5168\u8fb9\u754c\u548c\u5a01\u80c1 \u5b89\u5168\u57df \u6865\u63a5\u5b89\u5168\u57df \u5a01\u80c1\u5206\u7c7b\u3001\u53c2\u4e0e\u8005\u548c\u653b\u51fb\u5a92\u4ecb \u9009\u62e9\u652f\u6301\u8f6f\u4ef6 \u56e2\u961f\u4e13\u957f \u4ea7\u54c1\u6216\u9879\u76ee\u6210\u719f\u5ea6 \u901a\u7528\u6807\u51c6 \u786c\u4ef6\u95ee\u9898 \u81f4\u8c22 \u00b6 OpenStack \u5b89\u5168\u7ec4\u8981\u611f\u8c22\u4ee5\u4e0b\u7ec4\u7ec7\u7684\u8d21\u732e\uff0c\u4ed6\u4eec\u4e3a\u672c\u4e66\u7684\u51fa\u7248\u505a\u51fa\u4e86\u8d21\u732e\u3002\u8fd9\u4e9b\u7ec4\u7ec7\u662f\uff1a \u6211\u4eec\u4e3a\u4ec0\u4e48\u4ee5\u53ca\u5982\u4f55\u5199\u8fd9\u672c\u4e66 \u00b6 \u968f\u7740 OpenStack \u7684\u666e\u53ca\u548c\u4ea7\u54c1\u6210\u719f\uff0c\u5b89\u5168\u6027\u5df2\u6210\u4e3a\u91cd\u4e2d\u4e4b\u91cd\u3002OpenStack \u5b89\u5168\u7ec4\u5df2\u7ecf\u8ba4\u8bc6\u5230\u9700\u8981\u4e00\u4e2a\u5168\u9762\u800c\u6743\u5a01\u7684\u5b89\u5168\u6307\u5357\u3002\u300aOpenStack \u5b89\u5168\u6307\u5357\u300b\u65e8\u5728\u6982\u8ff0\u63d0\u9ad8 OpenStack \u90e8\u7f72\u5b89\u5168\u6027\u7684\u5b89\u5168\u6700\u4f73\u5b9e\u8df5\u3001\u6307\u5357\u548c\u5efa\u8bae\u3002\u4f5c\u8005\u5e26\u6765\u4e86\u4ed6\u4eec\u5728\u5404\u79cd\u73af\u5883\u4e2d\u90e8\u7f72\u548c\u4fdd\u62a4 OpenStack \u7684\u4e13\u4e1a\u77e5\u8bc6\u3002 \u672c\u6307\u5357\u662f\u5bf9\u300aOpenStack \u64cd\u4f5c\u6307\u5357\u300b\u7684\u8865\u5145\uff0c\u53ef\u7528\u4e8e\u5f3a\u5316\u73b0\u6709\u7684 OpenStack \u90e8\u7f72\u6216\u8bc4\u4f30 OpenStack \u4e91\u63d0\u4f9b\u5546\u7684\u5b89\u5168\u63a7\u5236\u3002 \u76ee\u6807 \u00b6 \u8bc6\u522b OpenStack \u4e2d\u7684\u5b89\u5168\u57df \u63d0\u4f9b\u4fdd\u62a4 OpenStack \u90e8\u7f72\u7684\u6307\u5bfc \u5f3a\u8c03\u5f53\u4eca OpenStack \u4e2d\u7684\u5b89\u5168\u95ee\u9898\u548c\u6f5c\u5728\u7684\u7f13\u89e3\u63aa\u65bd \u8ba8\u8bba\u5373\u5c06\u63a8\u51fa\u7684\u5b89\u5168\u529f\u80fd \u4e3a\u77e5\u8bc6\u83b7\u53d6\u548c\u4f20\u64ad\u63d0\u4f9b\u793e\u533a\u9a71\u52a8\u7684\u8bbe\u65bd \u5199\u4f5c\u8bb0\u5f55 \u00b6 \u4e0e\u300aOpenStack \u64cd\u4f5c\u6307\u5357\u300b\u4e00\u6837\uff0c\u6211\u4eec\u9075\u5faa\u4e86\u672c\u4e66\u7684\u51b2\u523a\u65b9\u6cd5\u3002\u4e66\u7c4d\u51b2\u523a\u8fc7\u7a0b\u5141\u8bb8\u5feb\u901f\u5f00\u53d1\u548c\u5236\u4f5c\u5927\u91cf\u4e66\u9762\u4f5c\u54c1\u3002OpenStack \u5b89\u5168\u7ec4\u7684\u534f\u8c03\u5458\u91cd\u65b0\u9080\u8bf7\u4e86 Adam Hyde \u4f5c\u4e3a\u534f\u8c03\u4eba\u3002\u8be5\u9879\u76ee\u5728\u4fc4\u52d2\u5188\u5dde\u6ce2\u7279\u5170\u5e02\u7684OpenStack\u5cf0\u4f1a\u4e0a\u6b63\u5f0f\u5ba3\u5e03\u3002 \u7531\u4e8e\u8be5\u5c0f\u7ec4\u7684\u4e00\u4e9b\u5173\u952e\u6210\u5458\u79bb\u5f97\u5f88\u8fd1\uff0c\u8be5\u56e2\u961f\u805a\u96c6\u5728\u9a6c\u91cc\u5170\u5dde\u5b89\u7eb3\u6ce2\u5229\u65af\u3002\u8fd9\u662f\u516c\u5171\u90e8\u95e8\u60c5\u62a5\u754c\u6210\u5458\u3001\u7845\u8c37\u521d\u521b\u516c\u53f8\u548c\u4e00\u4e9b\u5927\u578b\u77e5\u540d\u79d1\u6280\u516c\u53f8\u4e4b\u95f4\u7684\u975e\u51e1\u5408\u4f5c\u3002\u8be5\u4e66\u7684\u51b2\u523a\u57282013\u5e746\u6708\u7684\u6700\u540e\u4e00\u5468\u8fdb\u884c\uff0c\u7b2c\u4e00\u7248\u5728\u4e94\u5929\u5185\u5b8c\u6210\u3002 \u8be5\u56e2\u961f\u5305\u62ec\uff1a Bryan D. Payne\uff0c\u661f\u4e91 Bryan D. Payne \u535a\u58eb\u662f Nebula \u7684\u5b89\u5168\u7814\u7a76\u603b\u76d1\uff0c\u4e5f\u662f OpenStack \u5b89\u5168\u7ec4\u7ec7 \uff08OSSG\uff09 \u7684\u8054\u5408\u521b\u59cb\u4eba\u3002\u5728\u52a0\u5165 Nebula \u4e4b\u524d\uff0c\u4ed6\u66fe\u5728\u6851\u8fea\u4e9a\u56fd\u5bb6\u5b9e\u9a8c\u5ba4\u3001\u56fd\u5bb6\u5b89\u5168\u5c40\u3001BAE Systems \u548c IBM \u7814\u7a76\u9662\u5de5\u4f5c\u3002\u4ed6\u6bd5\u4e1a\u4e8e\u4f50\u6cbb\u4e9a\u7406\u5de5\u5b66\u9662\u8ba1\u7b97\u673a\u5b66\u9662\uff0c\u83b7\u5f97\u8ba1\u7b97\u673a\u79d1\u5b66\u535a\u58eb\u5b66\u4f4d\uff0c\u4e13\u653b\u7cfb\u7edf\u5b89\u5168\u3002Bryan \u662f\u300aOpenStack \u5b89\u5168\u6307\u5357\u300b\u7684\u7f16\u8f91\u548c\u8d1f\u8d23\u4eba\uff0c\u8d1f\u8d23\u8be5\u6307\u5357\u5728\u7f16\u5199\u540e\u7684\u4e24\u5e74\u4e2d\u6301\u7eed\u589e\u957f\u3002 Robert Clark\uff0c\u60e0\u666e Robert Clark \u662f\u60e0\u666e\u4e91\u670d\u52a1\u7684\u9996\u5e2d\u5b89\u5168\u67b6\u6784\u5e08\uff0c\u4e5f\u662f OpenStack \u5b89\u5168\u7ec4\u7ec7 \uff08OSSG\uff09 \u7684\u8054\u5408\u521b\u59cb\u4eba\u3002\u5728\u88ab\u60e0\u666e\u62db\u52df\u4e4b\u524d\uff0c\u4ed6\u66fe\u5728\u82f1\u56fd\u60c5\u62a5\u754c\u5de5\u4f5c\u3002Robert \u5728\u5a01\u80c1\u5efa\u6a21\u3001\u5b89\u5168\u67b6\u6784\u548c\u865a\u62df\u5316\u6280\u672f\u65b9\u9762\u62e5\u6709\u6df1\u539a\u7684\u80cc\u666f\u3002Robert \u62e5\u6709\u5a01\u5c14\u58eb\u5927\u5b66\u7684\u8f6f\u4ef6\u5de5\u7a0b\u7855\u58eb\u5b66\u4f4d\u3002 Keith Basil \uff0c\u7ea2\u5e3d Keith Basil \u662f\u7ea2\u5e3d OpenStack \u7684\u9996\u5e2d\u4ea7\u54c1\u7ecf\u7406\uff0c\u4e13\u6ce8\u4e8e\u7ea2\u5e3d\u7684 OpenStack \u4ea7\u54c1\u7ba1\u7406\u3001\u5f00\u53d1\u548c\u6218\u7565\u3002\u5728\u7f8e\u56fd\u516c\u5171\u90e8\u95e8\uff0cBasil \u5e26\u6765\u4e86\u4e3a\u8054\u90a6\u6c11\u7528\u673a\u6784\u548c\u627f\u5305\u5546\u8bbe\u8ba1\u6388\u6743\u3001\u5b89\u5168\u3001\u9ad8\u6027\u80fd\u4e91\u67b6\u6784\u7684\u7ecf\u9a8c\u3002 Cody Bunch\uff0c\u62c9\u514b\u7a7a\u95f4 Cody Bunch \u662f Rackspace \u7684\u79c1\u6709\u4e91\u67b6\u6784\u5e08\u3002Cody \u4e0e\u4eba\u5408\u8457\u4e86\u300aThe OpenStack Cookbook\u300b\u7684\u66f4\u65b0\u4ee5\u53ca\u6709\u5173 VMware \u81ea\u52a8\u5316\u7684\u4e66\u7c4d\u3002 Malini Bhandaru\uff0c\u82f1\u7279\u5c14 Malini Bhandaru \u662f\u82f1\u7279\u5c14\u7684\u4e00\u540d\u5b89\u5168\u67b6\u6784\u5e08\u3002\u5979\u62e5\u6709\u591a\u5143\u5316\u7684\u80cc\u666f\uff0c\u66fe\u5728\u82f1\u7279\u5c14\u4ece\u4e8b\u5e73\u53f0\u529f\u80fd\u548c\u6027\u80fd\u65b9\u9762\u7684\u5de5\u4f5c\uff0c\u5728 Nuance \u4ece\u4e8b\u8bed\u97f3\u4ea7\u54c1\u65b9\u9762\u7684\u5de5\u4f5c\uff0c\u5728 ComBrio \u4ece\u4e8b\u8fdc\u7a0b\u76d1\u63a7\u548c\u7ba1\u7406\u5de5\u4f5c\uff0c\u5728 Verizon \u4ece\u4e8b\u7f51\u7edc\u5546\u52a1\u5de5\u4f5c\u3002\u5979\u62e5\u6709\u9a6c\u8428\u8bf8\u585e\u5927\u5b66\u963f\u9ed8\u65af\u7279\u5206\u6821\u7684\u4eba\u5de5\u667a\u80fd\u535a\u58eb\u5b66\u4f4d\u3002 Gregg Tally\uff0c\u7ea6\u7ff0\u970d\u666e\u91d1\u65af\u5927\u5b66\u5e94\u7528\u7269\u7406\u5b9e\u9a8c\u5ba4 Gregg Tally \u662f JHU/APL \u7f51\u7edc\u7cfb\u7edf\u90e8\u95e8\u975e\u5bf9\u79f0\u8fd0\u8425\u90e8\u7684\u603b\u5de5\u7a0b\u5e08\u3002\u4ed6\u4e3b\u8981\u4ece\u4e8b\u7cfb\u7edf\u5b89\u5168\u5de5\u7a0b\u65b9\u9762\u7684\u5de5\u4f5c\u3002\u6b64\u524d\uff0c\u4ed6\u66fe\u5728\u65af\u5df4\u8fbe\u3001\u8fc8\u514b\u83f2\u548c\u53ef\u4fe1\u4fe1\u606f\u7cfb\u7edf\u516c\u53f8\u5de5\u4f5c\uff0c\u53c2\u4e0e\u7f51\u7edc\u5b89\u5168\u7814\u7a76\u9879\u76ee\u3002 Eric Lopez, \u5a01\u777f Eric Lopez \u662f VMware \u7f51\u7edc\u548c\u5b89\u5168\u4e1a\u52a1\u90e8\u95e8\u7684\u9ad8\u7ea7\u89e3\u51b3\u65b9\u6848\u67b6\u6784\u5e08\uff0c\u4ed6\u5e2e\u52a9\u5ba2\u6237\u5b9e\u65bd OpenStack \u548c VMware NSX\uff08\u4ee5\u524d\u79f0\u4e3a Nicira \u7684\u7f51\u7edc\u865a\u62df\u5316\u5e73\u53f0\uff09\u3002\u5728\u52a0\u5165 VMware\uff08\u901a\u8fc7\u516c\u53f8\u6536\u8d2d Nicira\uff09\u4e4b\u524d\uff0c\u4ed6\u66fe\u5728 Q1 Labs\u3001Symantec\u3001Vontu \u548c Brightmail \u5de5\u4f5c\u3002\u4ed6\u62e5\u6709\u52a0\u5dde\u5927\u5b66\u4f2f\u514b\u5229\u5206\u6821\u7684\u7535\u6c14\u5de5\u7a0b/\u8ba1\u7b97\u673a\u79d1\u5b66\u548c\u6838\u5de5\u7a0b\u5b66\u58eb\u5b66\u4f4d\u548c\u65e7\u91d1\u5c71\u5927\u5b66\u7684\u5de5\u5546\u7ba1\u7406\u7855\u58eb\u5b66\u4f4d\u3002 Shawn Wells\uff0c\u7ea2\u5e3d Shawn Wells \u662f\u7ea2\u5e3d\u521b\u65b0\u9879\u76ee\u603b\u76d1\uff0c\u4e13\u6ce8\u4e8e\u6539\u8fdb\u7f8e\u56fd\u653f\u5e9c\u5185\u90e8\u91c7\u7528\u3001\u4fc3\u8fdb\u548c\u7ba1\u7406\u5f00\u6e90\u6280\u672f\u7684\u6d41\u7a0b\u3002\u6b64\u5916\uff0cShawn \u8fd8\u662f SCAP \u5b89\u5168\u6307\u5357\u9879\u76ee\u7684\u4e0a\u6e38\u7ef4\u62a4\u8005\uff0c\u8be5\u9879\u76ee\u4e0e\u7f8e\u56fd\u519b\u65b9\u3001NSA \u548c DISA \u4e00\u8d77\u5236\u5b9a\u865a\u62df\u5316\u548c\u64cd\u4f5c\u7cfb\u7edf\u5f3a\u5316\u7b56\u7565\u3002Shawn\u66fe\u662fNSA\u7684\u5e73\u6c11\uff0c\u5229\u7528\u5927\u578b\u5206\u5e03\u5f0f\u8ba1\u7b97\u57fa\u7840\u8bbe\u65bd\u5f00\u53d1\u4e86SIGINT\u6536\u96c6\u7cfb\u7edf\u3002 Ben de Bont\uff0c\u60e0\u666e Ben de Bont \u662f\u60e0\u666e\u4e91\u670d\u52a1\u7684\u9996\u5e2d\u6218\u7565\u5b98\u3002\u5728\u62c5\u4efb\u73b0\u804c\u4e4b\u524d\uff0cBen \u9886\u5bfc MySpace \u7684\u4fe1\u606f\u5b89\u5168\u5c0f\u7ec4\u548c MSN Security \u7684\u4e8b\u4ef6\u54cd\u5e94\u56e2\u961f\u3002Ben \u62e5\u6709\u6606\u58eb\u5170\u79d1\u6280\u5927\u5b66\u7684\u8ba1\u7b97\u673a\u79d1\u5b66\u7855\u58eb\u5b66\u4f4d\u3002 Nathanael Burton\uff0c\u56fd\u5bb6\u5b89\u5168\u5c40 \u7eb3\u5854\u5185\u5c14\u00b7\u4f2f\u987f\uff08Nathanael Burton\uff09\u662f\u7f8e\u56fd\u56fd\u5bb6\u5b89\u5168\u5c40\uff08National Security Agency\uff09\u7684\u8ba1\u7b97\u673a\u79d1\u5b66\u5bb6\u3002\u4ed6\u5728\u8be5\u673a\u6784\u5de5\u4f5c\u4e86 10 \u591a\u5e74\uff0c\u4ece\u4e8b\u5206\u5e03\u5f0f\u7cfb\u7edf\u3001\u5927\u89c4\u6a21\u6258\u7ba1\u3001\u5f00\u6e90\u8ba1\u5212\u3001\u64cd\u4f5c\u7cfb\u7edf\u3001\u5b89\u5168\u3001\u5b58\u50a8\u548c\u865a\u62df\u5316\u6280\u672f\u65b9\u9762\u7684\u5de5\u4f5c\u3002\u4ed6\u62e5\u6709\u5f17\u5409\u5c3c\u4e9a\u7406\u5de5\u5927\u5b66\u7684\u8ba1\u7b97\u673a\u79d1\u5b66\u5b66\u58eb\u5b66\u4f4d\u3002 Vibha Fauver Vibha Fauver\uff0cGWEB\uff0cCISSP\uff0cPMP\uff0c\u5728\u4fe1\u606f\u6280\u672f\u9886\u57df\u62e5\u6709\u8d85\u8fc715\u5e74\u7684\u7ecf\u9a8c\u3002\u5979\u7684\u4e13\u4e1a\u9886\u57df\u5305\u62ec\u8f6f\u4ef6\u5de5\u7a0b\u3001\u9879\u76ee\u7ba1\u7406\u548c\u4fe1\u606f\u5b89\u5168\u3002\u5979\u62e5\u6709\u8ba1\u7b97\u673a\u4e0e\u4fe1\u606f\u79d1\u5b66\u5b66\u58eb\u5b66\u4f4d\u548c\u5de5\u7a0b\u7ba1\u7406\u7855\u58eb\u5b66\u4f4d\uff0c\u4e13\u4e1a\u548c\u7cfb\u7edf\u5de5\u7a0b\u8bc1\u4e66\u3002 Eric Windisch\uff0c\u4e91\u7f29\u653e Eric Windisch \u662f Cloudscaling \u7684\u9996\u5e2d\u5de5\u7a0b\u5e08\uff0c\u4ed6\u4e3a OpenStack \u8d21\u732e\u4e86\u4e24\u5e74\u591a\u3002\u57c3\u91cc\u514b\uff08Eric\uff09\u5728\u7f51\u7edc\u6258\u7ba1\u884c\u4e1a\u62e5\u6709\u5341\u591a\u5e74\u7684\u7ecf\u9a8c\uff0c\u4e00\u76f4\u5728\u654c\u5bf9\u73af\u5883\u7684\u6218\u58d5\u4e2d\uff0c\u5efa\u7acb\u4e86\u79df\u6237\u9694\u79bb\u548c\u57fa\u7840\u8bbe\u65bd\u5b89\u5168\u6027\u3002\u81ea 2007 \u5e74\u4ee5\u6765\uff0c\u4ed6\u4e00\u76f4\u5728\u6784\u5efa\u4e91\u8ba1\u7b97\u57fa\u7840\u8bbe\u65bd\u548c\u81ea\u52a8\u5316\u3002 Andrew Hay\uff0c\u4e91\u9053 Andrew Hay \u662f CloudPassage\uff0c Inc. \u7684\u5e94\u7528\u5b89\u5168\u7814\u7a76\u603b\u76d1\uff0c\u8d1f\u8d23\u9886\u5bfc\u8be5\u516c\u53f8\u53ca\u5176\u4e13\u4e3a\u52a8\u6001\u516c\u6709\u4e91\u3001\u79c1\u6709\u4e91\u548c\u6df7\u5408\u4e91\u6258\u7ba1\u73af\u5883\u6784\u5efa\u7684\u670d\u52a1\u5668\u5b89\u5168\u4ea7\u54c1\u7684\u5b89\u5168\u7814\u7a76\u5de5\u4f5c\u3002 Adam Hyde \u4e9a\u5f53\u4fc3\u6210\u4e86\u8fd9\u4e2a Book Sprint\u3002\u4ed6\u8fd8\u521b\u7acb\u4e86 Book Sprint \u65b9\u6cd5\u8bba\uff0c\u5e76\u4e14\u662f\u6700\u6709\u7ecf\u9a8c\u7684 Book Sprint \u4fc3\u8fdb\u8005\u3002Adam \u521b\u7acb\u4e86 FLOSS Manuals\uff0c\u8fd9\u662f\u4e00\u4e2a\u7531 3,000 \u4eba\u7ec4\u6210\u7684\u793e\u533a\uff0c\u81f4\u529b\u4e8e\u5f00\u53d1\u5173\u4e8e\u81ea\u7531\u8f6f\u4ef6\u7684\u81ea\u7531\u624b\u518c\u3002\u4ed6\u8fd8\u662f Booktype \u7684\u521b\u59cb\u4eba\u548c\u9879\u76ee\u7ecf\u7406\uff0cBooktype \u662f\u4e00\u4e2a\u7528\u4e8e\u5728\u7ebf\u548c\u5370\u5237\u4e66\u7c4d\u7f16\u5199\u3001\u7f16\u8f91\u548c\u51fa\u7248\u7684\u5f00\u6e90\u9879\u76ee\u3002 \u5728\u51b2\u523a\u671f\u95f4\uff0c\u6211\u4eec\u8fd8\u5f97\u5230\u4e86 Anne Gentle\u3001Warren Wang\u3001Paul McMillan\u3001Brian Schott \u548c Lorin Hochstein \u7684\u5e2e\u52a9\u3002 \u8fd9\u672c\u4e66\u662f\u5728\u4e3a\u671f 5 \u5929\u7684\u56fe\u4e66\u51b2\u523a\u4e2d\u5236\u4f5c\u7684\u3002\u56fe\u4e66\u51b2\u523a\u662f\u4e00\u4e2a\u9ad8\u5ea6\u534f\u4f5c\u3001\u4fc3\u8fdb\u7684\u8fc7\u7a0b\uff0c\u5b83\u5c06\u4e00\u4e2a\u5c0f\u7ec4\u805a\u96c6\u5728\u4e00\u8d77\uff0c\u5728 3-5 \u5929\u5185\u5236\u4f5c\u4e00\u672c\u4e66\u3002\u8fd9\u662f\u4e00\u4e2a\u7531\u4e9a\u5f53\u00b7\u6d77\u5fb7\uff08Adam Hyde\uff09\u521b\u7acb\u548c\u53d1\u5c55\u7684\u7279\u5b9a\u65b9\u6cd5\u7684\u6709\u529b\u4fc3\u8fdb\u8fc7\u7a0b\u3002\u6709\u5173\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u8bbf\u95eeBookSprints\u7684Book Sprint\u7f51\u9875\u3002 \u5982\u4f55\u4e3a\u672c\u4e66\u505a\u8d21\u732e \u00b6 \u672c\u4e66\u7684\u6700\u521d\u5de5\u4f5c\u662f\u5728\u4e00\u95f4\u7a7a\u8c03\u8fc7\u9ad8\u7684\u623f\u95f4\u91cc\u8fdb\u884c\u7684\uff0c\u8be5\u623f\u95f4\u662f\u6574\u4e2a\u6587\u6863\u51b2\u523a\u671f\u95f4\u7684\u5c0f\u7ec4\u529e\u516c\u5ba4\u3002 \u8981\u4e86\u89e3\u6709\u5173\u5982\u4f55\u4e3a OpenStack \u6587\u6863\u505a\u51fa\u8d21\u732e\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 OpenStack \u6587\u6863\u8d21\u732e\u8005\u6307\u5357\u3002 OpenStack \u7b80\u4ecb \u00b6 \u672c\u6307\u5357\u63d0\u4f9b\u4e86\u5bf9 OpenStack \u90e8\u7f72\u7684\u5b89\u5168\u89c1\u89e3\u3002\u76ee\u6807\u53d7\u4f17\u662f\u4e91\u67b6\u6784\u5e08\u3001\u90e8\u7f72\u4eba\u5458\u548c\u7ba1\u7406\u5458\u3002\u6b64\u5916\uff0c\u4e91\u7528\u6237\u4f1a\u53d1\u73b0\u8be5\u6307\u5357\u5728\u63d0\u4f9b\u5546\u9009\u62e9\u65b9\u9762\u65e2\u6709\u6559\u80b2\u610f\u4e49\u53c8\u6709\u5e2e\u52a9\uff0c\u800c\u5ba1\u8ba1\u4eba\u5458\u4f1a\u53d1\u73b0\u5b83\u4f5c\u4e3a\u53c2\u8003\u6587\u6863\u5f88\u6709\u7528\uff0c\u53ef\u4ee5\u652f\u6301\u4ed6\u4eec\u7684\u5408\u89c4\u6027\u8ba4\u8bc1\u5de5\u4f5c\u3002\u672c\u6307\u5357\u4e5f\u63a8\u8350\u7ed9\u4efb\u4f55\u5bf9\u4e91\u5b89\u5168\u611f\u5174\u8da3\u7684\u4eba\u3002 \u6bcf\u4e2a OpenStack \u90e8\u7f72\u90fd\u5305\u542b\u5404\u79cd\u5404\u6837\u7684\u6280\u672f\uff0c\u5305\u62ec Linux \u53d1\u884c\u7248\u3001\u6570\u636e\u5e93\u7cfb\u7edf\u3001\u6d88\u606f\u961f\u5217\u3001OpenStack \u7ec4\u4ef6\u672c\u8eab\u3001\u8bbf\u95ee\u63a7\u5236\u7b56\u7565\u3001\u65e5\u5fd7\u8bb0\u5f55\u670d\u52a1\u3001\u5b89\u5168\u76d1\u63a7\u5de5\u5177\u7b49\u7b49\u3002\u6240\u6d89\u53ca\u7684\u5b89\u5168\u95ee\u9898\u540c\u6837\u591a\u79cd\u591a\u6837\u4e5f\u5c31\u4e0d\u8db3\u4e3a\u5947\u4e86\uff0c\u5bf9\u8fd9\u4e9b\u95ee\u9898\u7684\u6df1\u5165\u5206\u6790\u9700\u8981\u4e00\u4e9b\u6307\u5357\u3002\u6211\u4eec\u52aa\u529b\u5bfb\u627e\u5e73\u8861\u70b9\uff0c\u63d0\u4f9b\u8db3\u591f\u7684\u80cc\u666f\u4fe1\u606f\u6765\u7406\u89e3OpenStack\u5b89\u5168\u95ee\u9898\u53ca\u5176\u5904\u7406\uff0c\u5e76\u4e3a\u8fdb\u4e00\u6b65\u7684\u4fe1\u606f\u63d0\u4f9b\u5916\u90e8\u53c2\u8003\u3002\u8be5\u6307\u5357\u53ef\u4ee5\u4ece\u5934\u5230\u5c3e\u9605\u8bfb\uff0c\u4e5f\u53ef\u4ee5\u50cf\u53c2\u8003\u4e00\u6837\u4f7f\u7528\u3002 \u6211\u4eec\u7b80\u8981\u4ecb\u7ecd\u4e86\u4e91\u7684\u79cd\u7c7b\uff08\u79c1\u6709\u4e91\u3001\u516c\u6709\u4e91\u548c\u6df7\u5408\u4e91\uff09\uff0c\u7136\u540e\u5728\u672c\u7ae0\u7684\u5176\u4f59\u90e8\u5206\u6982\u8ff0\u4e86 OpenStack \u7ec4\u4ef6\u53ca\u5176\u76f8\u5173\u7684\u5b89\u5168\u95ee\u9898\u3002 \u5728\u6574\u672c\u4e66\u4e2d\uff0c\u6211\u4eec\u63d0\u5230\u4e86\u51e0\u79cd\u7c7b\u578b\u7684OpenStack\u4e91\u7528\u6237\uff1a\u7ba1\u7406\u5458\u3001\u64cd\u4f5c\u5458\u548c\u7528\u6237\u3002\u6211\u4eec\u4f7f\u7528\u8fd9\u4e9b\u672f\u8bed\u6765\u6807\u8bc6\u6bcf\u4e2a\u89d2\u8272\u5177\u6709\u7684\u5b89\u5168\u8bbf\u95ee\u7ea7\u522b\uff0c\u5c3d\u7ba1\u5b9e\u9645\u4e0a\uff0c\u6211\u4eec\u77e5\u9053\u4e0d\u540c\u7684\u89d2\u8272\u901a\u5e38\u7531\u540c\u4e00\u4e2a\u4eba\u62c5\u4efb\u3002 \u4e91\u7c7b\u578b \u00b6 OpenStack\u662f\u91c7\u7528\u4e91\u6280\u672f\u7684\u5173\u952e\u63a8\u52a8\u56e0\u7d20\uff0c\u5e76\u5177\u6709\u51e0\u4e2a\u5e38\u89c1\u7684\u90e8\u7f72\u7528\u4f8b\u3002\u8fd9\u4e9b\u6a21\u578b\u901a\u5e38\u79f0\u4e3a\u516c\u5171\u6a21\u578b\u3001\u4e13\u7528\u6a21\u578b\u548c\u6df7\u5408\u6a21\u578b\u3002\u4ee5\u4e0b\u5404\u8282\u4f7f\u7528\u7f8e\u56fd\u56fd\u5bb6\u6807\u51c6\u4e0e\u6280\u672f\u7814\u7a76\u9662 \uff08NIST\uff09 \u5bf9\u4e91\u7684\u5b9a\u4e49\u6765\u4ecb\u7ecd\u8fd9\u4e9b\u9002\u7528\u4e8e OpenStack \u7684\u4e0d\u540c\u7c7b\u578b\u7684\u4e91\u3002 \u516c\u6709\u4e91 \u00b6 \u6839\u636eNIST\u7684\u8bf4\u6cd5\uff0c\u516c\u5171\u4e91\u662f\u57fa\u7840\u8bbe\u65bd\u5411\u516c\u4f17\u5f00\u653e\u4f9b\u6d88\u8d39\u7684\u4e91\u3002OpenStack\u516c\u6709\u4e91\u901a\u5e38\u7531\u670d\u52a1\u63d0\u4f9b\u5546\u8fd0\u884c\uff0c\u53ef\u4f9b\u4e2a\u4eba\u3001\u516c\u53f8\u6216\u4efb\u4f55\u4ed8\u8d39\u5ba2\u6237\u4f7f\u7528\u3002\u9664\u4e86\u591a\u79cd\u5b9e\u4f8b\u7c7b\u578b\u5916\uff0c\u516c\u6709\u4e91\u63d0\u4f9b\u5546\u8fd8\u53ef\u80fd\u516c\u5f00\u4e00\u6574\u5957\u529f\u80fd\uff0c\u4f8b\u5982\u8f6f\u4ef6\u5b9a\u4e49\u7f51\u7edc\u6216\u5757\u5b58\u50a8\u3002 \u5c31\u5176\u6027\u8d28\u800c\u8a00\uff0c\u516c\u6709\u4e91\u9762\u4e34\u66f4\u9ad8\u7684\u98ce\u9669\u3002\u4f5c\u4e3a\u516c\u6709\u4e91\u7684\u4f7f\u7528\u8005\uff0c\u60a8\u5e94\u8be5\u9a8c\u8bc1\u6240\u9009\u63d0\u4f9b\u5546\u662f\u5426\u5177\u6709\u5fc5\u8981\u7684\u8ba4\u8bc1\u3001\u8bc1\u660e\u548c\u5176\u4ed6\u6cd5\u89c4\u6ce8\u610f\u4e8b\u9879\u3002\u4f5c\u4e3a\u516c\u6709\u4e91\u63d0\u4f9b\u5546\uff0c\u6839\u636e\u60a8\u7684\u76ee\u6807\u5ba2\u6237\uff0c\u60a8\u53ef\u80fd\u9700\u8981\u9075\u5b88\u4e00\u9879\u6216\u591a\u9879\u6cd5\u89c4\u3002\u6b64\u5916\uff0c\u5373\u4f7f\u4e0d\u9700\u8981\u6ee1\u8db3\u6cd5\u89c4\u8981\u6c42\uff0c\u63d0\u4f9b\u5546\u4e5f\u5e94\u786e\u4fdd\u79df\u6237\u9694\u79bb\uff0c\u5e76\u4fdd\u62a4\u7ba1\u7406\u57fa\u7840\u7ed3\u6784\u514d\u53d7\u5916\u90e8\u653b\u51fb\u3002 \u79c1\u6709\u4e91 \u00b6 \u5728\u9891\u8c31\u7684\u53e6\u4e00\u7aef\u662f\u79c1\u6709\u4e91\u3002\u6b63\u5982NIST\u6240\u5b9a\u4e49\u7684\u90a3\u6837\uff0c\u79c1\u6709\u4e91\u88ab\u914d\u7f6e\u4e3a\u7531\u591a\u4e2a\u6d88\u8d39\u8005\uff08\u5982\u4e1a\u52a1\u90e8\u95e8\uff09\u7ec4\u6210\u7684\u5355\u4e2a\u7ec4\u7ec7\u72ec\u5360\u4f7f\u7528\u3002\u4e91\u53ef\u80fd\u7531\u7ec4\u7ec7\u3001\u7b2c\u4e09\u65b9\u6216\u5b83\u4eec\u7684\u67d0\u79cd\u7ec4\u5408\u62e5\u6709\u3001\u7ba1\u7406\u548c\u8fd0\u8425\uff0c\u5e76\u4e14\u53ef\u80fd\u5b58\u5728\u4e8e\u672c\u5730\u6216\u5916\u90e8\u3002\u79c1\u6709\u4e91\u7528\u4f8b\u591a\u79cd\u591a\u6837\uff0c\u56e0\u6b64\uff0c\u5b83\u4eec\u5404\u81ea\u7684\u5b89\u5168\u95ee\u9898\u5404\u4e0d\u76f8\u540c\u3002 \u793e\u533a\u4e91 \u00b6 NIST \u5c06\u793e\u533a\u4e91\u5b9a\u4e49\u4e3a\u5176\u57fa\u7840\u7ed3\u6784\u4ec5\u4f9b\u5177\u6709\u5171\u540c\u5173\u6ce8\u70b9\uff08\u4f8b\u5982\uff0c\u4efb\u52a1\u3001\u5b89\u5168\u8981\u6c42\u3001\u7b56\u7565\u6216\u5408\u89c4\u6027\u6ce8\u610f\u4e8b\u9879\uff09\u7684\u7ec4\u7ec7\u7684\u7279\u5b9a\u6d88\u8d39\u8005\u793e\u533a\u4f7f\u7528\u3002\u4e91\u53ef\u80fd\u7531\u793e\u533a\u4e2d\u7684\u4e00\u4e2a\u6216\u591a\u4e2a\u7ec4\u7ec7\u3001\u7b2c\u4e09\u65b9\u6216\u5b83\u4eec\u7684\u67d0\u79cd\u7ec4\u5408\u62e5\u6709\u3001\u7ba1\u7406\u548c\u8fd0\u8425\uff0c\u5e76\u4e14\u5b83\u53ef\u80fd\u5b58\u5728\u4e8e\u672c\u5730\u6216\u5916\u90e8\u3002 \u6df7\u5408\u4e91 \u00b6 NIST\u5c06\u6df7\u5408\u4e91\u5b9a\u4e49\u4e3a\u4e24\u4e2a\u6216\u591a\u4e2a\u4e0d\u540c\u7684\u4e91\u57fa\u7840\u8bbe\u65bd\uff08\u5982\u79c1\u6709\u4e91\u3001\u793e\u533a\u4e91\u6216\u516c\u5171\u4e91\uff09\u7684\u7ec4\u5408\uff0c\u8fd9\u4e9b\u4e91\u57fa\u7840\u8bbe\u65bd\u4ecd\u7136\u662f\u552f\u4e00\u7684\u5b9e\u4f53\uff0c\u4f46\u901a\u8fc7\u6807\u51c6\u5316\u6216\u4e13\u6709\u6280\u672f\u7ed1\u5b9a\u5728\u4e00\u8d77\uff0c\u4ece\u800c\u5b9e\u73b0\u6570\u636e\u548c\u5e94\u7528\u7a0b\u5e8f\u7684\u53ef\u79fb\u690d\u6027\uff0c\u4f8b\u5982\u7528\u4e8e\u4e91\u4e4b\u95f4\u8d1f\u8f7d\u5e73\u8861\u7684\u4e91\u7206\u53d1\u3002\u4f8b\u5982\uff0c\u5728\u7ebf\u96f6\u552e\u5546\u53ef\u80fd\u4f1a\u5728\u5141\u8bb8\u5f39\u6027\u914d\u7f6e\u7684\u516c\u6709\u4e91\u4e0a\u5c55\u793a\u5176\u5e7f\u544a\u548c\u76ee\u5f55\u3002\u8fd9\u5c06\u4f7f\u4ed6\u4eec\u80fd\u591f\u4ee5\u7075\u6d3b\u3001\u5177\u6709\u6210\u672c\u6548\u76ca\u7684\u65b9\u5f0f\u5904\u7406\u5b63\u8282\u6027\u8d1f\u8f7d\u3002\u4e00\u65e6\u5ba2\u6237\u5f00\u59cb\u5904\u7406\u4ed6\u4eec\u7684\u8ba2\u5355\uff0c\u4ed6\u4eec\u5c31\u4f1a\u88ab\u8f6c\u79fb\u5230\u4e00\u4e2a\u66f4\u5b89\u5168\u7684\u79c1\u6709\u4e91\u4e2d\uff0c\u8be5\u79c1\u6709\u4e91\u7b26\u5408PCI\u6807\u51c6\u3002 \u5728\u672c\u6587\u6863\u4e2d\uff0c\u6211\u4eec\u4ee5\u7c7b\u4f3c\u7684\u65b9\u5f0f\u5bf9\u5f85\u793e\u533a\u548c\u6df7\u5408\u4e91\uff0c\u4ec5\u4ece\u5b89\u5168\u89d2\u5ea6\u660e\u786e\u5904\u7406\u516c\u6709\u4e91\u548c\u79c1\u6709\u4e91\u7684\u6781\u7aef\u60c5\u51b5\u3002\u5b89\u5168\u63aa\u65bd\u53d6\u51b3\u4e8e\u90e8\u7f72\u5728\u79c1\u6709\u516c\u5171\u8fde\u7eed\u4f53\u4e0a\u7684\u4f4d\u7f6e\u3002 OpenStack \u670d\u52a1\u6982\u8ff0 \u00b6 OpenStack \u91c7\u7528\u6a21\u5757\u5316\u67b6\u6784\uff0c\u63d0\u4f9b\u4e00\u7ec4\u6838\u5fc3\u670d\u52a1\uff0c\u4ee5\u4fc3\u8fdb\u53ef\u6269\u5c55\u6027\u548c\u5f39\u6027\u4f5c\u4e3a\u6838\u5fc3\u8bbe\u8ba1\u539f\u5219\u3002\u672c\u7ae0\u7b80\u8981\u56de\u987e\u4e86 OpenStack \u7ec4\u4ef6\u3001\u5b83\u4eec\u7684\u7528\u4f8b\u548c\u5b89\u5168\u6ce8\u610f\u4e8b\u9879\u3002 \u8ba1\u7b97 \u00b6 OpenStack Compute \u670d\u52a1 \uff08nova\uff09 \u63d0\u4f9b\u7684\u670d\u52a1\u652f\u6301\u5927\u89c4\u6a21\u7ba1\u7406\u865a\u62df\u673a\u5b9e\u4f8b\u3001\u6258\u7ba1\u591a\u5c42\u5e94\u7528\u7a0b\u5e8f\u7684\u5b9e\u4f8b\u3001\u5f00\u53d1\u6216\u6d4b\u8bd5\u73af\u5883\u3001\u5904\u7406 Hadoop \u96c6\u7fa4\u7684\u201c\u5927\u6570\u636e\u201d\u6216\u9ad8\u6027\u80fd\u8ba1\u7b97\u3002 \u8ba1\u7b97\u670d\u52a1\u901a\u8fc7\u4e0e\u652f\u6301\u7684\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u4ea4\u4e92\u7684\u62bd\u8c61\u5c42\u6765\u4fc3\u8fdb\u8fd9\u79cd\u7ba1\u7406\uff08\u6211\u4eec\u7a0d\u540e\u4f1a\u66f4\u8be6\u7ec6\u5730\u8ba8\u8bba\u8fd9\u4e2a\u95ee\u9898\uff09\u3002 \u5728\u672c\u6307\u5357\u7684\u540e\u9762\u90e8\u5206\uff0c\u6211\u4eec\u5c06\u91cd\u70b9\u4ecb\u7ecd\u865a\u62df\u5316\u5806\u6808\uff0c\u56e0\u4e3a\u5b83\u4e0e\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u76f8\u5173\u3002 \u6709\u5173\u529f\u80fd\u652f\u6301\u7684\u5f53\u524d\u72b6\u6001\u7684\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 OpenStack Hypervisor \u652f\u6301\u77e9\u9635\u3002 \u8ba1\u7b97\u5b89\u5168\u6027\u5bf9\u4e8eOpenStack\u90e8\u7f72\u81f3\u5173\u91cd\u8981\u3002\u5f3a\u5316\u6280\u672f\u5e94\u5305\u62ec\u5bf9\u5f3a\u5b9e\u4f8b\u9694\u79bb\u7684\u652f\u6301\u3001\u8ba1\u7b97\u5b50\u7ec4\u4ef6\u4e4b\u95f4\u7684\u5b89\u5168\u901a\u4fe1\u4ee5\u53ca\u9762\u5411\u516c\u4f17\u7684 API \u7ec8\u7ed3\u70b9\u7684\u590d\u539f\u80fd\u529b\u3002 \u5bf9\u8c61\u5b58\u50a8 \u00b6 OpenStack \u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 \uff08swift\uff09 \u652f\u6301\u5728\u4e91\u4e2d\u5b58\u50a8\u548c\u68c0\u7d22\u4efb\u610f\u6570\u636e\u3002\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u63d0\u4f9b\u672c\u673a API \u548c\u4e9a\u9a6c\u900a\u4e91\u79d1\u6280 S3 \u517c\u5bb9 API\u3002\u8be5\u670d\u52a1\u901a\u8fc7\u6570\u636e\u590d\u5236\u63d0\u4f9b\u9ad8\u5ea6\u7684\u590d\u539f\u80fd\u529b\uff0c\u5e76\u4e14\u53ef\u4ee5\u5904\u7406 PB \u7ea7\u7684\u6570\u636e\u3002 \u8bf7\u52a1\u5fc5\u4e86\u89e3\u5bf9\u8c61\u5b58\u50a8\u4e0d\u540c\u4e8e\u4f20\u7edf\u7684\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u3002\u5bf9\u8c61\u5b58\u50a8\u6700\u9002\u5408\u7528\u4e8e\u9759\u6001\u6570\u636e\uff0c\u4f8b\u5982\u5a92\u4f53\u6587\u4ef6\uff08MP3\u3001\u56fe\u50cf\u6216\u89c6\u9891\uff09\u3001\u865a\u62df\u673a\u6620\u50cf\u548c\u5907\u4efd\u6587\u4ef6\u3002 \u5bf9\u8c61\u5b89\u5168\u5e94\u4fa7\u91cd\u4e8e\u4f20\u8f93\u4e2d\u548c\u9759\u6001\u6570\u636e\u7684\u8bbf\u95ee\u63a7\u5236\u548c\u52a0\u5bc6\u3002\u5176\u4ed6\u95ee\u9898\u53ef\u80fd\u4e0e\u7cfb\u7edf\u6ee5\u7528\u3001\u975e\u6cd5\u6216\u6076\u610f\u5185\u5bb9\u5b58\u50a8\u4ee5\u53ca\u4ea4\u53c9\u8eab\u4efd\u9a8c\u8bc1\u653b\u51fb\u5a92\u4ecb\u6709\u5173\u3002 \u5757\u5b58\u50a8 \u00b6 OpenStack \u5757\u5b58\u50a8\u670d\u52a1 \uff08cinder\uff09 \u4e3a\u8ba1\u7b97\u5b9e\u4f8b\u63d0\u4f9b\u6301\u4e45\u6027\u5757\u5b58\u50a8\u3002\u5757\u5b58\u50a8\u670d\u52a1\u8d1f\u8d23\u7ba1\u7406\u5757\u8bbe\u5907\u7684\u751f\u547d\u5468\u671f\uff0c\u4ece\u521b\u5efa\u5377\u548c\u9644\u52a0\u5230\u5b9e\u4f8b\uff0c\u518d\u5230\u91ca\u653e\u3002 \u5757\u5b58\u50a8\u7684\u5b89\u5168\u6ce8\u610f\u4e8b\u9879\u4e0e\u5bf9\u8c61\u5b58\u50a8\u7684\u5b89\u5168\u6ce8\u610f\u4e8b\u9879\u7c7b\u4f3c\u3002 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf \u00b6 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\uff08\u9a6c\u5c3c\u62c9\uff09\u63d0\u4f9b\u4e86\u4e00\u7ec4\u7528\u4e8e\u7ba1\u7406\u591a\u79df\u6237\u4e91\u73af\u5883\u4e2d\u7684\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u7684\u670d\u52a1\uff0c\u7c7b\u4f3c\u4e8e OpenStack \u901a\u8fc7 OpenStack \u5757\u5b58\u50a8\u670d\u52a1\u9879\u76ee\u63d0\u4f9b\u57fa\u4e8e\u5757\u7684\u5b58\u50a8\u7ba1\u7406\u7684\u65b9\u5f0f\u3002\u4f7f\u7528\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\uff0c\u60a8\u53ef\u4ee5\u521b\u5efa\u8fdc\u7a0b\u6587\u4ef6\u7cfb\u7edf\uff0c\u5c06\u6587\u4ef6\u7cfb\u7edf\u6302\u8f7d\u5230\u5b9e\u4f8b\u4e0a\uff0c\u7136\u540e\u4ece\u5b9e\u4f8b\u8bfb\u53d6\u548c\u5199\u5165\u6587\u4ef6\u7cfb\u7edf\u4e2d\u7684\u6570\u636e\u3002 \u7f51\u7edc \u00b6 OpenStack \u7f51\u7edc\u670d\u52a1\uff08neutron\uff0c\u4ee5\u524d\u79f0\u4e3a\u91cf\u5b50\uff09\u4e3a\u4e91\u7528\u6237\uff08\u79df\u6237\uff09\u63d0\u4f9b\u5404\u79cd\u7f51\u7edc\u670d\u52a1\uff0c\u4f8b\u5982 IP \u5730\u5740\u7ba1\u7406\u3001DNS\u3001DHCP\u3001\u8d1f\u8f7d\u5747\u8861\u548c\u5b89\u5168\u7ec4\uff08\u7f51\u7edc\u8bbf\u95ee\u89c4\u5219\uff0c\u5982\u9632\u706b\u5899\u7b56\u7565\uff09\u3002\u6b64\u670d\u52a1\u4e3a\u8f6f\u4ef6\u5b9a\u4e49\u7f51\u7edc \uff08SDN\uff09 \u63d0\u4f9b\u4e86\u4e00\u4e2a\u6846\u67b6\uff0c\u5141\u8bb8\u4e0e\u5404\u79cd\u7f51\u7edc\u89e3\u51b3\u65b9\u6848\u8fdb\u884c\u53ef\u63d2\u62d4\u96c6\u6210\u3002 OpenStack Networking \u5141\u8bb8\u4e91\u79df\u6237\u7ba1\u7406\u5176\u8bbf\u5ba2\u7f51\u7edc\u914d\u7f6e\u3002\u7f51\u7edc\u670d\u52a1\u7684\u5b89\u5168\u95ee\u9898\u5305\u62ec\u7f51\u7edc\u6d41\u91cf\u9694\u79bb\u3001\u53ef\u7528\u6027\u3001\u5b8c\u6574\u6027\u548c\u673a\u5bc6\u6027\u3002 \u4eea\u8868\u677f \u00b6 OpenStack \u4eea\u8868\u677f \uff08horizon\uff09 \u4e3a\u4e91\u7ba1\u7406\u5458\u548c\u4e91\u79df\u6237\u63d0\u4f9b\u4e86\u4e00\u4e2a\u57fa\u4e8e Web \u7684\u754c\u9762\u3002\u4f7f\u7528\u6b64\u754c\u9762\uff0c\u7ba1\u7406\u5458\u548c\u79df\u6237\u53ef\u4ee5\u9884\u914d\u3001\u7ba1\u7406\u548c\u76d1\u89c6\u4e91\u8d44\u6e90\u3002\u4eea\u8868\u677f\u901a\u5e38\u4ee5\u9762\u5411\u516c\u4f17\u7684\u65b9\u5f0f\u90e8\u7f72\uff0c\u5177\u6709\u516c\u5171 Web \u95e8\u6237\u7684\u6240\u6709\u5e38\u89c1\u5b89\u5168\u95ee\u9898\u3002 \u8eab\u4efd\u9274\u522b\u670d\u52a1 \u00b6 OpenStack Identity \u670d\u52a1 \uff08keystone\uff09 \u662f\u4e00\u9879\u5171\u4eab\u670d\u52a1\uff0c\u53ef\u5728\u6574\u4e2a\u4e91\u57fa\u7840\u67b6\u6784\u4e2d\u63d0\u4f9b\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743\u670d\u52a1\u3002Identity \u670d\u52a1\u5177\u6709\u5bf9\u591a\u79cd\u8eab\u4efd\u9a8c\u8bc1\u5f62\u5f0f\u7684\u53ef\u63d2\u5165\u652f\u6301\u3002 Identity \u670d\u52a1\u7684\u5b89\u5168\u95ee\u9898\u5305\u62ec\u5bf9\u8eab\u4efd\u9a8c\u8bc1\u7684\u4fe1\u4efb\u3001\u6388\u6743\u4ee4\u724c\u7684\u7ba1\u7406\u4ee5\u53ca\u5b89\u5168\u901a\u4fe1\u3002 \u955c\u50cf\u670d\u52a1 \u00b6 OpenStack \u955c\u50cf\u670d\u52a1\uff08glance\uff09\u63d0\u4f9b\u78c1\u76d8\u955c\u50cf\u7ba1\u7406\u670d\u52a1\uff0c\u5305\u62ec\u955c\u50cf\u53d1\u73b0\u3001\u6ce8\u518c\u548c\u6839\u636e\u9700\u8981\u5411\u8ba1\u7b97\u670d\u52a1\u4ea4\u4ed8\u670d\u52a1\u3002 \u9700\u8981\u53d7\u4fe1\u4efb\u7684\u8fdb\u7a0b\u6765\u7ba1\u7406\u78c1\u76d8\u6620\u50cf\u7684\u751f\u547d\u5468\u671f\uff0c\u4ee5\u53ca\u524d\u9762\u63d0\u5230\u7684\u4e0e\u6570\u636e\u5b89\u5168\u6709\u5173\u7684\u6240\u6709\u95ee\u9898\u3002 \u6570\u636e\u5904\u7406\u670d\u52a1 \u00b6 \u6570\u636e\u5904\u7406\u670d\u52a1 \uff08sahara\uff09 \u63d0\u4f9b\u4e86\u4e00\u4e2a\u5e73\u53f0\uff0c\u7528\u4e8e\u914d\u7f6e\u3001\u7ba1\u7406\u548c\u4f7f\u7528\u8fd0\u884c\u5e38\u7528\u5904\u7406\u6846\u67b6\u7684\u7fa4\u96c6\u3002 \u6570\u636e\u5904\u7406\u7684\u5b89\u5168\u6ce8\u610f\u4e8b\u9879\u5e94\u4fa7\u91cd\u4e8e\u6570\u636e\u9690\u79c1\u548c\u4e0e\u9884\u7f6e\u96c6\u7fa4\u7684\u5b89\u5168\u901a\u4fe1\u3002 \u5176\u4ed6\u914d\u5957\u6280\u672f \u00b6 \u6d88\u606f\u4f20\u9012\u7528\u4e8e\u591a\u4e2a OpenStack \u670d\u52a1\u4e4b\u95f4\u7684\u5185\u90e8\u901a\u4fe1\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0cOpenStack \u4f7f\u7528\u57fa\u4e8e AMQP \u7684\u6d88\u606f\u961f\u5217\u3002\u4e0e\u5927\u591a\u6570 OpenStack \u670d\u52a1\u4e00\u6837\uff0cAMQP \u652f\u6301\u53ef\u63d2\u62d4\u7ec4\u4ef6\u3002\u73b0\u5728\uff0c\u5b9e\u73b0\u540e\u7aef\u53ef\u4ee5\u662f RabbitMQ\u3001Qpid \u6216 ZeroMQ\u3002 \u7531\u4e8e\u5927\u591a\u6570\u7ba1\u7406\u547d\u4ee4\u90fd\u6d41\u7ecf\u6d88\u606f\u961f\u5217\u7cfb\u7edf\uff0c\u56e0\u6b64\u6d88\u606f\u961f\u5217\u5b89\u5168\u6027\u662f\u4efb\u4f55 OpenStack \u90e8\u7f72\u7684\u4e3b\u8981\u5b89\u5168\u95ee\u9898\uff0c\u672c\u6307\u5357\u7a0d\u540e\u5c06\u5bf9\u6b64\u8fdb\u884c\u8be6\u7ec6\u8ba8\u8bba\u3002 \u6709\u51e0\u4e2a\u7ec4\u4ef6\u4f7f\u7528\u6570\u636e\u5e93\uff0c\u5c3d\u7ba1\u5b83\u6ca1\u6709\u663e\u5f0f\u8c03\u7528\u3002\u4fdd\u62a4\u6570\u636e\u5e93\u8bbf\u95ee\u662f\u53e6\u4e00\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u56e0\u6b64\u5728\u672c\u6307\u5357\u540e\u9762\u5c06\u66f4\u8be6\u7ec6\u5730\u8ba8\u8bba\u3002 \u5b89\u5168\u8fb9\u754c\u548c\u5a01\u80c1 \u00b6 \u4e91\u53ef\u4ee5\u62bd\u8c61\u4e3a\u903b\u8f91\u7ec4\u4ef6\u7684\u96c6\u5408\uff0c\u56e0\u4e3a\u5b83\u4eec\u7684\u529f\u80fd\u3001\u7528\u6237\u548c\u5171\u4eab\u7684\u5b89\u5168\u95ee\u9898\uff0c\u6211\u4eec\u79f0\u4e4b\u4e3a\u5b89\u5168\u57df\u3002\u5a01\u80c1\u53c2\u4e0e\u8005\u548c\u5411\u91cf\u6839\u636e\u5176\u52a8\u673a\u548c\u5bf9\u8d44\u6e90\u7684\u8bbf\u95ee\u8fdb\u884c\u5206\u7c7b\u3002\u6211\u4eec\u7684\u76ee\u6807\u662f\u6839\u636e\u60a8\u7684\u98ce\u9669/\u6f0f\u6d1e\u4fdd\u62a4\u76ee\u6807\uff0c\u8ba9\u60a8\u4e86\u89e3\u6bcf\u4e2a\u57df\u7684\u5b89\u5168\u95ee\u9898\u3002 \u5b89\u5168\u57df \u00b6 \u5b89\u5168\u57df\u5305\u62ec\u7528\u6237\u3001\u5e94\u7528\u7a0b\u5e8f\u3001\u670d\u52a1\u5668\u6216\u7f51\u7edc\uff0c\u5b83\u4eec\u5728\u7cfb\u7edf\u4e2d\u5177\u6709\u5171\u540c\u7684\u4fe1\u4efb\u8981\u6c42\u548c\u671f\u671b\u3002\u901a\u5e38\uff0c\u5b83\u4eec\u5177\u6709\u76f8\u540c\u7684\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743 \uff08AuthN/Z\uff09 \u8981\u6c42\u548c\u7528\u6237\u3002 \u5c3d\u7ba1\u60a8\u53ef\u80fd\u5e0c\u671b\u8fdb\u4e00\u6b65\u7ec6\u5206\u8fd9\u4e9b\u57df\uff08\u6211\u4eec\u7a0d\u540e\u5c06\u8ba8\u8bba\u5728\u54ea\u4e9b\u65b9\u9762\u53ef\u80fd\u5408\u9002\uff09\uff0c\u4f46\u6211\u4eec\u901a\u5e38\u6307\u7684\u662f\u56db\u4e2a\u4e0d\u540c\u7684\u5b89\u5168\u57df\uff0c\u5b83\u4eec\u6784\u6210\u4e86\u5b89\u5168\u90e8\u7f72\u4efb\u4f55 OpenStack \u4e91\u6240\u9700\u7684\u6700\u4f4e\u9650\u5ea6\u3002\u8fd9\u4e9b\u5b89\u5168\u57df\u5305\u62ec\uff1a \u516c\u5171\u57df \u8bbf\u5ba2\u57df \u7ba1\u7406\u57df \u6570\u636e\u57df \u6211\u4eec\u4e4b\u6240\u4ee5\u9009\u62e9\u8fd9\u4e9b\u5b89\u5168\u57df\uff0c\u662f\u56e0\u4e3a\u5b83\u4eec\u53ef\u4ee5\u72ec\u7acb\u6620\u5c04\uff0c\u4e5f\u53ef\u4ee5\u7ec4\u5408\u8d77\u6765\uff0c\u4ee5\u8868\u793a\u7ed9\u5b9a OpenStack \u90e8\u7f72\u4e2d\u5927\u591a\u6570\u53ef\u80fd\u7684\u4fe1\u4efb\u533a\u57df\u3002\u4f8b\u5982\uff0c\u67d0\u4e9b\u90e8\u7f72\u62d3\u6251\u53ef\u80fd\u7531\u4e00\u4e2a\u7269\u7406\u7f51\u7edc\u4e0a\u7684\u6765\u5bbe\u57df\u548c\u6570\u636e\u57df\u7684\u7ec4\u5408\u7ec4\u6210\uff0c\u800c\u5176\u4ed6\u62d3\u6251\u5219\u5c06\u8fd9\u4e9b\u57df\u5206\u5f00\u3002\u5728\u6bcf\u79cd\u60c5\u51b5\u4e0b\uff0c\u4e91\u64cd\u4f5c\u5458\u90fd\u5e94\u6ce8\u610f\u9002\u5f53\u7684\u5b89\u5168\u95ee\u9898\u3002\u5b89\u5168\u57df\u5e94\u9488\u5bf9\u7279\u5b9a\u7684 OpenStack \u90e8\u7f72\u62d3\u6251\u8fdb\u884c\u6620\u5c04\u3002\u57df\u53ca\u5176\u4fe1\u4efb\u8981\u6c42\u53d6\u51b3\u4e8e\u4e91\u5b9e\u4f8b\u662f\u516c\u6709\u4e91\u5b9e\u4f8b\u3001\u79c1\u6709\u4e91\u5b9e\u4f8b\u8fd8\u662f\u6df7\u5408\u4e91\u5b9e\u4f8b\u3002 \u516c\u5171 \u00b6 \u516c\u5171\u5b89\u5168\u57df\u662f\u4e91\u57fa\u7840\u67b6\u6784\u4e2d\u5b8c\u5168\u4e0d\u53d7\u4fe1\u4efb\u7684\u533a\u57df\u3002\u5b83\u53ef\u4ee5\u6307\u6574\u4e2a\u4e92\u8054\u7f51\uff0c\u4e5f\u53ef\u4ee5\u7b80\u5355\u5730\u6307\u60a8\u65e0\u6743\u8bbf\u95ee\u7684\u7f51\u7edc\u3002\u4efb\u4f55\u5177\u6709\u673a\u5bc6\u6027\u6216\u5b8c\u6574\u6027\u8981\u6c42\u4f20\u8f93\u6b64\u57df\u7684\u6570\u636e\u90fd\u5e94\u4f7f\u7528\u8865\u507f\u63a7\u5236\u8fdb\u884c\u4fdd\u62a4\u3002 \u6b64\u57df\u5e94\u59cb\u7ec8\u88ab\u89c6\u4e3a\u4e0d\u53d7\u4fe1\u4efb\u3002 \u8bbf\u5ba2 \u00b6 \u8bbf\u5ba2\u5b89\u5168\u57df\u901a\u5e38\u7528\u4e8e\u8ba1\u7b97\u5b9e\u4f8b\u5230\u5b9e\u4f8b\u7684\u6d41\u91cf\uff0c\u5b83\u5904\u7406\u7531\u4e91\u4e0a\u7684\u5b9e\u4f8b\u751f\u6210\u7684\u8ba1\u7b97\u6570\u636e\uff0c\u4f46\u4e0d\u5904\u7406\u652f\u6301\u4e91\u64cd\u4f5c\u7684\u670d\u52a1\uff0c\u4f8b\u5982 API \u8c03\u7528\u3002 \u5982\u679c\u516c\u6709\u4e91\u548c\u79c1\u6709\u4e91\u63d0\u4f9b\u5546\u5bf9\u5b9e\u4f8b\u4f7f\u7528\u6ca1\u6709\u4e25\u683c\u63a7\u5236\uff0c\u4e5f\u4e0d\u5141\u8bb8\u5bf9\u865a\u62df\u673a\u8fdb\u884c\u4e0d\u53d7\u9650\u5236\u7684 Internet \u8bbf\u95ee\uff0c\u5219\u5e94\u5c06\u6b64\u57df\u89c6\u4e3a\u4e0d\u53d7\u4fe1\u4efb\u7684\u57df\u3002\u79c1\u6709\u4e91\u63d0\u4f9b\u5546\u53ef\u80fd\u5e0c\u671b\u5c06\u6b64\u7f51\u7edc\u89c6\u4e3a\u5185\u90e8\u7f51\u7edc\uff0c\u5e76\u4e14\u53ea\u6709\u5728\u5b9e\u65bd\u9002\u5f53\u7684\u63a7\u5236\u4ee5\u65ad\u8a00\u5b9e\u4f8b\u548c\u6240\u6709\u5173\u8054\u79df\u6237\u90fd\u662f\u53ef\u4fe1\u7684\u65f6\u3002 \u7ba1\u7406 \u00b6 \u7ba1\u7406\u5b89\u5168\u57df\u662f\u670d\u52a1\u4ea4\u4e92\u7684\u5730\u65b9\u3002\u6709\u65f6\u79f0\u4e3a\u201c\u63a7\u5236\u5e73\u9762\u201d\uff0c\u6b64\u57df\u4e2d\u7684\u7f51\u7edc\u4f20\u8f93\u673a\u5bc6\u6570\u636e\uff0c\u4f8b\u5982\u914d\u7f6e\u53c2\u6570\u3001\u7528\u6237\u540d\u548c\u5bc6\u7801\u3002\u547d\u4ee4\u548c\u63a7\u5236\u6d41\u91cf\u901a\u5e38\u9a7b\u7559\u5728\u6b64\u57df\u4e2d\uff0c\u8fd9\u9700\u8981\u5f3a\u5927\u7684\u5b8c\u6574\u6027\u8981\u6c42\u3002\u5bf9\u6b64\u57df\u7684\u8bbf\u95ee\u5e94\u53d7\u5230\u9ad8\u5ea6\u9650\u5236\u548c\u76d1\u89c6\u3002\u540c\u65f6\uff0c\u6b64\u57df\u4ecd\u5e94\u91c7\u7528\u672c\u6307\u5357\u4e2d\u63cf\u8ff0\u7684\u6240\u6709\u5b89\u5168\u6700\u4f73\u505a\u6cd5\u3002 \u5728\u5927\u591a\u6570\u90e8\u7f72\u4e2d\uff0c\u6b64\u57df\u88ab\u89c6\u4e3a\u53d7\u4fe1\u4efb\u7684\u57df\u3002\u4f46\u662f\uff0c\u5728\u8003\u8651 OpenStack \u90e8\u7f72\u65f6\uff0c\u6709\u8bb8\u591a\u7cfb\u7edf\u5c06\u6b64\u57df\u4e0e\u5176\u4ed6\u57df\u6865\u63a5\u8d77\u6765\uff0c\u8fd9\u53ef\u80fd\u4f1a\u964d\u4f4e\u60a8\u53ef\u4ee5\u5bf9\u8be5\u57df\u7684\u4fe1\u4efb\u7ea7\u522b\u3002\u6709\u5173\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u6865\u63a5\u5b89\u5168\u57df\u3002 \u6570\u636e \u00b6 \u6570\u636e\u5b89\u5168\u57df\u4e3b\u8981\u5173\u6ce8\u4e0eOpenStack\u4e2d\u7684\u5b58\u50a8\u670d\u52a1\u6709\u5173\u7684\u4fe1\u606f\u3002\u901a\u8fc7\u8be5\u7f51\u7edc\u4f20\u8f93\u7684\u5927\u591a\u6570\u6570\u636e\u90fd\u9700\u8981\u9ad8\u5ea6\u7684\u5b8c\u6574\u6027\u548c\u673a\u5bc6\u6027\u3002\u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\uff0c\u6839\u636e\u90e8\u7f72\u7c7b\u578b\uff0c\u53ef\u80fd\u8fd8\u4f1a\u6709\u5f88\u5f3a\u7684\u53ef\u7528\u6027\u8981\u6c42\u3002 \u6b64\u7f51\u7edc\u7684\u4fe1\u4efb\u7ea7\u522b\u5f88\u5927\u7a0b\u5ea6\u4e0a\u53d6\u51b3\u4e8e\u90e8\u7f72\u51b3\u7b56\uff0c\u56e0\u6b64\u6211\u4eec\u4e0d\u4f1a\u4e3a\u5176\u5206\u914d\u4efb\u4f55\u9ed8\u8ba4\u7684\u4fe1\u4efb\u7ea7\u522b\u3002 \u6865\u63a5\u5b89\u5168\u57df \u00b6 \u7f51\u6865\u662f\u5b58\u5728\u4e8e\u591a\u4e2a\u5b89\u5168\u57df\u4e2d\u7684\u7ec4\u4ef6\u3002\u5fc5\u987b\u4ed4\u7ec6\u914d\u7f6e\u6865\u63a5\u5177\u6709\u4e0d\u540c\u4fe1\u4efb\u7ea7\u522b\u6216\u8eab\u4efd\u9a8c\u8bc1\u8981\u6c42\u7684\u5b89\u5168\u57df\u7684\u4efb\u4f55\u7ec4\u4ef6\u3002\u8fd9\u4e9b\u7f51\u6865\u901a\u5e38\u662f\u7f51\u7edc\u67b6\u6784\u4e2d\u7684\u8584\u5f31\u73af\u8282\u3002\u6865\u63a5\u5e94\u59cb\u7ec8\u914d\u7f6e\u4e3a\u6ee1\u8db3\u5b83\u6240\u6865\u63a5\u7684\u4efb\u4f55\u57df\u7684\u6700\u9ad8\u4fe1\u4efb\u7ea7\u522b\u7684\u5b89\u5168\u8981\u6c42\u3002\u5728\u8bb8\u591a\u60c5\u51b5\u4e0b\uff0c\u7531\u4e8e\u653b\u51fb\u7684\u53ef\u80fd\u6027\uff0c\u6865\u63a5\u5668\u7684\u5b89\u5168\u63a7\u5236\u5e94\u8be5\u662f\u4e3b\u8981\u5173\u6ce8\u70b9\u3002 \u4e0a\u56fe\u663e\u793a\u4e86\u6865\u63a5\u6570\u636e\u548c\u7ba1\u7406\u57df\u7684\u8ba1\u7b97\u8282\u70b9;\u56e0\u6b64\uff0c\u5e94\u5c06\u8ba1\u7b97\u8282\u70b9\u914d\u7f6e\u4e3a\u6ee1\u8db3\u7ba1\u7406\u57df\u7684\u5b89\u5168\u8981\u6c42\u3002\u540c\u6837\uff0c\u6b64\u56fe\u4e2d\u7684 API \u7aef\u70b9\u6b63\u5728\u6865\u63a5\u4e0d\u53d7\u4fe1\u4efb\u7684\u516c\u5171\u57df\u548c\u7ba1\u7406\u57df\uff0c\u5e94\u5c06\u5176\u914d\u7f6e\u4e3a\u9632\u6b62\u4ece\u516c\u5171\u57df\u4f20\u64ad\u5230\u7ba1\u7406\u57df\u7684\u653b\u51fb\u3002 \u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\uff0c\u90e8\u7f72\u4eba\u5458\u53ef\u80fd\u5e0c\u671b\u8003\u8651\u5c06\u7f51\u6865\u4fdd\u62a4\u5230\u6bd4\u5b83\u6240\u5728\u7684\u4efb\u4f55\u57df\u66f4\u9ad8\u7684\u6807\u51c6\u3002\u9274\u4e8e\u4e0a\u8ff0 API \u7aef\u70b9\u793a\u4f8b\uff0c\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u4ece\u516c\u5171\u57df\u4ee5 API \u7aef\u70b9\u4e3a\u76ee\u6807\uff0c\u5229\u7528\u5b83\u6765\u5165\u4fb5\u6216\u8bbf\u95ee\u7ba1\u7406\u57df\u3002 OpenStack\u7684\u8bbe\u8ba1\u4f7f\u5f97\u5b89\u5168\u57df\u7684\u5206\u79bb\u662f\u5f88\u56f0\u96be\u7684\u3002\u7531\u4e8e\u6838\u5fc3\u670d\u52a1\u901a\u5e38\u81f3\u5c11\u6865\u63a5\u4e24\u4e2a\u57df\uff0c\u56e0\u6b64\u5728\u5bf9\u5b83\u4eec\u5e94\u7528\u5b89\u5168\u63a7\u5236\u65f6\u5fc5\u987b\u7279\u522b\u8003\u8651\u3002 \u5a01\u80c1\u5206\u7c7b\u3001\u53c2\u4e0e\u8005\u548c\u653b\u51fb\u5411\u91cf \u00b6 \u5927\u591a\u6570\u7c7b\u578b\u7684\u4e91\u90e8\u7f72\uff08\u516c\u6709\u4e91\u6216\u79c1\u6709\u4e91\uff09\u90fd\u4f1a\u53d7\u5230\u67d0\u79cd\u5f62\u5f0f\u7684\u653b\u51fb\u3002\u5728\u672c\u7ae0\u4e2d\uff0c\u6211\u4eec\u5c06\u5bf9\u653b\u51fb\u8005\u8fdb\u884c\u5206\u7c7b\uff0c\u5e76\u603b\u7ed3\u6bcf\u4e2a\u5b89\u5168\u57df\u4e2d\u7684\u6f5c\u5728\u653b\u51fb\u7c7b\u578b\u3002 \u5a01\u80c1\u53c2\u4e0e\u8005 \u00b6 \u5a01\u80c1\u53c2\u4e0e\u8005\u662f\u4e00\u79cd\u62bd\u8c61\u7684\u65b9\u5f0f\uff0c\u7528\u4e8e\u6307\u4ee3\u60a8\u53ef\u80fd\u5c1d\u8bd5\u9632\u5fa1\u7684\u4e00\u7c7b\u5bf9\u624b\u3002\u53c2\u4e0e\u8005\u7684\u80fd\u529b\u8d8a\u5f3a\uff0c\u6210\u529f\u7f13\u89e3\u548c\u9884\u9632\u653b\u51fb\u6240\u9700\u7684\u5b89\u5168\u63a7\u5236\u5c31\u8d8a\u6602\u8d35\u3002\u5b89\u5168\u6027\u662f\u6210\u672c\u3001\u53ef\u7528\u6027\u548c\u9632\u5fa1\u4e4b\u95f4\u7684\u6743\u8861\u3002\u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\uff0c\u4e0d\u53ef\u80fd\u9488\u5bf9\u6211\u4eec\u5728\u6b64\u5904\u63cf\u8ff0\u7684\u6240\u6709\u5a01\u80c1\u53c2\u4e0e\u8005\u4fdd\u62a4\u4e91\u90e8\u7f72\u3002\u90a3\u4e9b\u90e8\u7f72OpenStack\u4e91\u7684\u4eba\u5c06\u4e0d\u5f97\u4e0d\u51b3\u5b9a\u5176\u90e8\u7f72/\u4f7f\u7528\u7684\u5e73\u8861\u70b9\u5728\u54ea\u91cc\u3002 \u60c5\u62a5\u673a\u6784 \u00b6 \u672c\u6307\u5357\u8ba4\u4e3a\u662f\u6700\u6709\u80fd\u529b\u7684\u5bf9\u624b\u3002\u60c5\u62a5\u90e8\u95e8\u548c\u5176\u4ed6\u56fd\u5bb6\u884c\u4e3a\u8005\u53ef\u4ee5\u4e3a\u76ee\u6807\u5e26\u6765\u5de8\u5927\u7684\u8d44\u6e90\u3002\u4ed6\u4eec\u62e5\u6709\u8d85\u8d8a\u4efb\u4f55\u5176\u4ed6\u53c2\u4e0e\u8005\u7684\u80fd\u529b\u3002\u5982\u679c\u6ca1\u6709\u6781\u5176\u4e25\u683c\u7684\u63a7\u5236\u63aa\u65bd\uff0c\u65e0\u8bba\u662f\u4eba\u529b\u8fd8\u662f\u6280\u672f\uff0c\u90fd\u5f88\u96be\u9632\u5fa1\u8fd9\u4e9b\u884c\u4e3a\u8005\u3002 \u4e25\u91cd\u6709\u7ec4\u7ec7\u72af\u7f6a \u00b6 \u80fd\u529b\u5f3a\u4e14\u53d7\u7ecf\u6d4e\u9a71\u52a8\u7684\u653b\u51fb\u8005\u7fa4\u4f53\u3002\u80fd\u591f\u8d44\u52a9\u5185\u90e8\u6f0f\u6d1e\u5f00\u53d1\u548c\u76ee\u6807\u7814\u7a76\u3002\u8fd1\u5e74\u6765\uff0c\u4fc4\u7f57\u65af\u5546\u4e1a\u7f51\u7edc\uff08Russian Business Network\uff09\u7b49\u7ec4\u7ec7\u7684\u5d1b\u8d77\uff0c\u4e00\u4e2a\u5e9e\u5927\u7684\u7f51\u7edc\u72af\u7f6a\u4f01\u4e1a\uff0c\u5df2\u7ecf\u8bc1\u660e\u4e86\u7f51\u7edc\u653b\u51fb\u5982\u4f55\u6210\u4e3a\u4e00\u79cd\u5546\u54c1\u3002\u5de5\u4e1a\u95f4\u8c0d\u6d3b\u52a8\u5c5e\u4e8e\u4e25\u91cd\u7684\u6709\u7ec4\u7ec7\u72af\u7f6a\u96c6\u56e2\u3002 \u9ad8\u80fd\u529b\u7684\u56e2\u961f \u00b6 \u8fd9\u662f\u6307\u201c\u9ed1\u5ba2\u884c\u52a8\u4e3b\u4e49\u8005\u201d\u7c7b\u578b\u7684\u7ec4\u7ec7\uff0c\u4ed6\u4eec\u901a\u5e38\u6ca1\u6709\u5546\u4e1a\u8d44\u52a9\uff0c\u4f46\u53ef\u80fd\u5bf9\u670d\u52a1\u63d0\u4f9b\u5546\u548c\u4e91\u8fd0\u8425\u5546\u6784\u6210\u4e25\u91cd\u5a01\u80c1\u3002 \u6709\u52a8\u673a\u7684\u4e2a\u4eba \u00b6 \u8fd9\u4e9b\u653b\u51fb\u8005\u5355\u72ec\u884c\u52a8\uff0c\u4ee5\u591a\u79cd\u5f62\u5f0f\u51fa\u73b0\uff0c\u4f8b\u5982\u6d41\u6c13\u6216\u6076\u610f\u5458\u5de5\u3001\u5fc3\u6000\u4e0d\u6ee1\u7684\u5ba2\u6237\u6216\u5c0f\u89c4\u6a21\u7684\u5de5\u4e1a\u95f4\u8c0d\u6d3b\u52a8\u3002 \u811a\u672c\u653b\u51fb\u8005 \u00b6 \u81ea\u52a8\u6f0f\u6d1e\u626b\u63cf/\u5229\u7528\u3002\u975e\u9488\u5bf9\u6027\u653b\u51fb\u3002\u901a\u5e38\uff0c\u53ea\u6709\u8fd9\u4e9b\u884c\u4e3a\u8005\u4e4b\u4e00\u7684\u6ecb\u6270\u3001\u59a5\u534f\u624d\u4f1a\u5bf9\u7ec4\u7ec7\u7684\u58f0\u8a89\u6784\u6210\u91cd\u5927\u98ce\u9669\u3002 \u516c\u6709\u4e91\u548c\u79c1\u6709\u4e91\u6ce8\u610f\u4e8b\u9879 \u00b6 \u79c1\u6709\u4e91\u901a\u5e38\u7531\u4f01\u4e1a\u6216\u673a\u6784\u5728\u5176\u7f51\u7edc\u5185\u90e8\u548c\u9632\u706b\u5899\u540e\u9762\u90e8\u7f72\u3002\u4f01\u4e1a\u5c06\u5bf9\u5141\u8bb8\u54ea\u4e9b\u6570\u636e\u9000\u51fa\u5176\u7f51\u7edc\u6709\u4e25\u683c\u7684\u653f\u7b56\uff0c\u751a\u81f3\u53ef\u80fd\u4e3a\u7279\u5b9a\u76ee\u7684\u4f7f\u7528\u4e0d\u540c\u7684\u4e91\u3002\u79c1\u6709\u4e91\u7684\u7528\u6237\u901a\u5e38\u662f\u62e5\u6709\u4e91\u7684\u7ec4\u7ec7\u7684\u5458\u5de5\uff0c\u5e76\u4e14\u80fd\u591f\u5bf9\u5176\u884c\u4e3a\u8d1f\u8d23\u3002\u5458\u5de5\u901a\u5e38\u4f1a\u5728\u8bbf\u95ee\u4e91\u4e4b\u524d\u53c2\u52a0\u57f9\u8bad\u8bfe\u7a0b\uff0c\u5e76\u4e14\u53ef\u80fd\u4f1a\u53c2\u52a0\u5b9a\u671f\u5b89\u6392\u7684\u5b89\u5168\u610f\u8bc6\u57f9\u8bad\u3002\u76f8\u6bd4\u4e4b\u4e0b\uff0c\u516c\u6709\u4e91\u4e0d\u80fd\u5bf9\u5176\u7528\u6237\u3001\u4e91\u7528\u4f8b\u6216\u7528\u6237\u52a8\u673a\u505a\u51fa\u4efb\u4f55\u65ad\u8a00\u3002\u5bf9\u4e8e\u516c\u6709\u4e91\u63d0\u4f9b\u5546\u6765\u8bf4\uff0c\u8fd9\u4f1a\u7acb\u5373\u5c06\u5ba2\u6237\u673a\u5b89\u5168\u57df\u63a8\u5165\u5b8c\u5168\u4e0d\u53d7\u4fe1\u4efb\u7684\u72b6\u6001\u3002 \u516c\u6709\u4e91\u653b\u51fb\u9762\u7684\u4e00\u4e2a\u663e\u7740\u533a\u522b\u662f\uff0c\u5b83\u4eec\u5fc5\u987b\u63d0\u4f9b\u5bf9\u5176\u670d\u52a1\u7684\u4e92\u8054\u7f51\u8bbf\u95ee\u3002\u5b9e\u4f8b\u8fde\u63a5\u3001\u901a\u8fc7 Internet \u8bbf\u95ee\u6587\u4ef6\u4ee5\u53ca\u4e0e\u4e91\u63a7\u5236\u7ed3\u6784\uff08\u5982 API \u7aef\u70b9\u548c\u4eea\u8868\u677f\uff09\u4ea4\u4e92\u7684\u80fd\u529b\u662f\u516c\u6709\u4e91\u7684\u5fc5\u5907\u6761\u4ef6\u3002 \u516c\u6709\u4e91\u548c\u79c1\u6709\u4e91\u7528\u6237\u7684\u9690\u79c1\u95ee\u9898\u901a\u5e38\u662f\u622a\u7136\u76f8\u53cd\u7684\u3002\u5728\u79c1\u6709\u4e91\u4e2d\u751f\u6210\u548c\u5b58\u50a8\u7684\u6570\u636e\u901a\u5e38\u7531\u4e91\u8fd0\u8425\u5546\u62e5\u6709\uff0c\u4ed6\u4eec\u80fd\u591f\u90e8\u7f72\u6570\u636e\u4e22\u5931\u9632\u62a4 \uff08DLP\uff09 \u4fdd\u62a4\u3001\u6587\u4ef6\u68c0\u67e5\u3001\u6df1\u5ea6\u6570\u636e\u5305\u68c0\u67e5\u548c\u89c4\u8303\u6027\u9632\u706b\u5899\u7b49\u6280\u672f\u3002\u76f8\u6bd4\u4e4b\u4e0b\uff0c\u9690\u79c1\u662f\u91c7\u7528\u516c\u6709\u4e91\u57fa\u7840\u8bbe\u65bd\u7684\u4e3b\u8981\u969c\u788d\u4e4b\u4e00\uff0c\u56e0\u4e3a\u524d\u9762\u63d0\u5230\u7684\u8bb8\u591a\u63a7\u5236\u63aa\u65bd\u5e76\u4e0d\u5b58\u5728\u3002 \u51fa\u7ad9\u653b\u51fb\u548c\u58f0\u8a89\u98ce\u9669 \u00b6 \u5e94\u4ed4\u7ec6\u8003\u8651\u4e91\u90e8\u7f72\u4e2d\u6f5c\u5728\u7684\u51fa\u7ad9\u6ee5\u7528\u3002\u65e0\u8bba\u662f\u516c\u6709\u4e91\u8fd8\u662f\u79c1\u6709\u4e91\uff0c\u4e91\u5f80\u5f80\u90fd\u6709\u5927\u91cf\u53ef\u7528\u8d44\u6e90\u3002\u901a\u8fc7\u9ed1\u5ba2\u653b\u51fb\u6216\u6388\u6743\u8bbf\u95ee\u5728\u4e91\u4e2d\u5efa\u7acb\u5b58\u5728\u70b9\u7684\u653b\u51fb\u8005\uff08\u4f8b\u5982\u6d41\u6c13\u5458\u5de5\uff09\u53ef\u4ee5\u4f7f\u8fd9\u4e9b\u8d44\u6e90\u5bf9\u6574\u4e2a\u4e92\u8054\u7f51\u4ea7\u751f\u5f71\u54cd\u3002\u5177\u6709\u8ba1\u7b97\u670d\u52a1\u7684\u4e91\u662f\u7406\u60f3\u7684 DDoS \u548c\u66b4\u529b\u5f15\u64ce\u3002\u5bf9\u4e8e\u516c\u6709\u4e91\u6765\u8bf4\uff0c\u8fd9\u4e2a\u95ee\u9898\u66f4\u4e3a\u7d27\u8feb\uff0c\u56e0\u4e3a\u5b83\u4eec\u7684\u7528\u6237\u5728\u5f88\u5927\u7a0b\u5ea6\u4e0a\u662f\u4e0d\u8d1f\u8d23\u4efb\u7684\uff0c\u5e76\u4e14\u53ef\u4ee5\u8fc5\u901f\u542f\u52a8\u5927\u91cf\u4e00\u6b21\u6027\u5b9e\u4f8b\u8fdb\u884c\u51fa\u7ad9\u653b\u51fb\u3002\u5982\u679c\u4e00\u5bb6\u516c\u53f8\u56e0\u6258\u7ba1\u6076\u610f\u8f6f\u4ef6\u6216\u5bf9\u5176\u4ed6\u7f51\u7edc\u53d1\u8d77\u653b\u51fb\u800c\u95fb\u540d\uff0c\u53ef\u80fd\u4f1a\u5bf9\u516c\u53f8\u7684\u58f0\u8a89\u9020\u6210\u91cd\u5927\u635f\u5bb3\u3002\u9884\u9632\u65b9\u6cd5\u5305\u62ec\u51fa\u53e3\u5b89\u5168\u7ec4\u3001\u51fa\u7ad9\u6d41\u91cf\u68c0\u67e5\u3001\u5ba2\u6237\u6559\u80b2\u548c\u610f\u8bc6\uff0c\u4ee5\u53ca\u6b3a\u8bc8\u548c\u6ee5\u7528\u7f13\u89e3\u7b56\u7565\u3002 \u653b\u51fb\u7c7b\u578b \u00b6 \u8be5\u56fe\u663e\u793a\u4e86\u4e0a\u4e00\u8282\u4e2d\u63cf\u8ff0\u7684\u53c2\u4e0e\u8005\u53ef\u80fd\u9884\u671f\u7684\u5178\u578b\u653b\u51fb\u7c7b\u578b\u3002\u8bf7\u6ce8\u610f\uff0c\u6b64\u56fe\u4e0d\u6392\u9664\u6709\u4e0d\u53ef\u9884\u671f\u7684\u653b\u51fb\u7c7b\u578b\u3002 \u653b\u51fb\u7c7b\u578b \u6bcf\u79cd\u653b\u51fb\u5f62\u5f0f\u7684\u89c4\u8303\u6027\u9632\u5fa1\u8d85\u51fa\u4e86\u672c\u6587\u6863\u7684\u8303\u56f4\u3002\u4e0a\u56fe\u53ef\u4ee5\u5e2e\u52a9\u60a8\u5c31\u5e94\u9632\u8303\u54ea\u4e9b\u7c7b\u578b\u7684\u5a01\u80c1\u548c\u5a01\u80c1\u53c2\u4e0e\u8005\u505a\u51fa\u660e\u667a\u7684\u51b3\u5b9a\u3002\u5bf9\u4e8e\u5546\u4e1a\u516c\u6709\u4e91\u90e8\u7f72\uff0c\u8fd9\u53ef\u80fd\u5305\u62ec\u9884\u9632\u4e25\u91cd\u72af\u7f6a\u3002\u5bf9\u4e8e\u90a3\u4e9b\u4e3a\u653f\u5e9c\u4f7f\u7528\u90e8\u7f72\u79c1\u6709\u4e91\u7684\u4eba\u6765\u8bf4\uff0c\u5e94\u8be5\u5efa\u7acb\u66f4\u4e25\u683c\u7684\u4fdd\u62a4\u673a\u5236\uff0c\u5305\u62ec\u7cbe\u5fc3\u4fdd\u62a4\u7684\u8bbe\u65bd\u548c\u4f9b\u5e94\u94fe\u3002\u76f8\u6bd4\u4e4b\u4e0b\uff0c\u90a3\u4e9b\u5efa\u7acb\u57fa\u672c\u5f00\u53d1\u6216\u6d4b\u8bd5\u73af\u5883\u7684\u4eba\u53ef\u80fd\u9700\u8981\u9650\u5236\u8f83\u5c11\u7684\u63a7\u5236\uff08\u4e2d\u95f4\uff09\u3002 \u9009\u62e9\u652f\u6301\u8f6f\u4ef6 \u00b6 \u60a8\u9009\u62e9\u7684\u652f\u6301\u8f6f\u4ef6\uff08\u5982\u6d88\u606f\u4f20\u9012\u548c\u8d1f\u8f7d\u5e73\u8861\uff09\u53ef\u80fd\u4f1a\u5bf9\u4e91\u4ea7\u751f\u4e25\u91cd\u7684\u5b89\u5168\u5f71\u54cd\u3002\u4e3a\u7ec4\u7ec7\u505a\u51fa\u6b63\u786e\u7684\u9009\u62e9\u975e\u5e38\u91cd\u8981\u3002\u672c\u8282\u63d0\u4f9b\u4e86\u9009\u62e9\u652f\u6301\u8f6f\u4ef6\u7684\u4e00\u4e9b\u4e00\u822c\u51c6\u5219\u3002 \u4e3a\u4e86\u9009\u62e9\u6700\u4f73\u652f\u6301\u8f6f\u4ef6\uff0c\u8bf7\u8003\u8651\u4ee5\u4e0b\u56e0\u7d20\uff1a \u56e2\u961f\u4e13\u4e1a\u77e5\u8bc6 \u4ea7\u54c1\u6216\u9879\u76ee\u6210\u719f\u5ea6 \u901a\u7528\u6807\u51c6 \u786c\u4ef6\u95ee\u9898 \u56e2\u961f\u4e13\u4e1a\u77e5\u8bc6 \u00b6 \u56e2\u961f\u8d8a\u719f\u6089\u7279\u5b9a\u4ea7\u54c1\u3001\u5176\u914d\u7f6e\u548c\u7279\u6b8a\u6027\uff0c\u5c31\u8d8a\u5c11\u4f1a\u51fa\u73b0\u914d\u7f6e\u9519\u8bef\u3002\u6b64\u5916\uff0c\u5c06\u5458\u5de5\u7684\u4e13\u4e1a\u77e5\u8bc6\u5206\u6563\u5230\u6574\u4e2a\u7ec4\u7ec7\u4e2d\u53ef\u4ee5\u589e\u52a0\u7cfb\u7edf\u7684\u53ef\u7528\u6027\uff0c\u5141\u8bb8\u5206\u5de5\uff0c\u5e76\u5728\u56e2\u961f\u6210\u5458\u4e0d\u53ef\u7528\u65f6\u51cf\u8f7b\u95ee\u9898\u3002 \u4ea7\u54c1\u6216\u9879\u76ee\u6210\u719f\u5ea6 \u00b6 \u7ed9\u5b9a\u4ea7\u54c1\u6216\u9879\u76ee\u7684\u6210\u719f\u5ea6\u5bf9\u60a8\u7684\u5b89\u5168\u72b6\u51b5\u81f3\u5173\u91cd\u8981\u3002\u90e8\u7f72\u4e91\u540e\uff0c\u4ea7\u54c1\u6210\u719f\u5ea6\u4f1a\u4ea7\u751f\u8bb8\u591a\u5f71\u54cd\uff1a \u4e13\u4e1a\u77e5\u8bc6\u7684\u53ef\u7528\u6027 \u6d3b\u8dc3\u7684\u5f00\u53d1\u4eba\u5458\u548c\u7528\u6237\u793e\u533a \u66f4\u65b0\u7684\u53ca\u65f6\u6027\u548c\u53ef\u7528\u6027 \u4e8b\u4ef6\u54cd\u5e94 \u901a\u7528\u6807\u51c6 \u00b6 \u901a\u7528\u6807\u51c6\u662f\u4e00\u4e2a\u56fd\u9645\u6807\u51c6\u5316\u7684\u8f6f\u4ef6\u8bc4\u4f30\u8fc7\u7a0b\uff0c\u653f\u5e9c\u548c\u5546\u4e1a\u516c\u53f8\u4f7f\u7528\u5b83\u6765\u9a8c\u8bc1\u8f6f\u4ef6\u6280\u672f\u7684\u6027\u80fd\u662f\u5426\u5982\u5ba3\u4f20\u7684\u90a3\u6837\u3002 \u786c\u4ef6\u95ee\u9898 \u00b6 \u8003\u8651\u8fd0\u884c\u8f6f\u4ef6\u7684\u786c\u4ef6\u7684\u53ef\u652f\u6301\u6027\u3002\u6b64\u5916\uff0c\u8bf7\u8003\u8651\u786c\u4ef6\u4e2d\u53ef\u7528\u7684\u5176\u4ed6\u529f\u80fd\uff0c\u4ee5\u53ca\u60a8\u9009\u62e9\u7684\u8f6f\u4ef6\u5982\u4f55\u652f\u6301\u8fd9\u4e9b\u529f\u80fd\u3002 \u7cfb\u7edf\u6587\u6863 \u00b6 OpenStack \u4e91\u90e8\u7f72\u7684\u7cfb\u7edf\u6587\u6863\u5e94\u9075\u5faa\u7ec4\u7ec7\u4e2d\u4f01\u4e1a\u4fe1\u606f\u6280\u672f\u7cfb\u7edf\u7684\u6a21\u677f\u548c\u6700\u4f73\u5b9e\u8df5\u3002\u7ec4\u7ec7\u901a\u5e38\u6709\u5408\u89c4\u6027\u8981\u6c42\uff0c\u8fd9\u53ef\u80fd\u9700\u8981\u4e00\u4e2a\u6574\u4f53\u7684\u7cfb\u7edf\u5b89\u5168\u8ba1\u5212\u6765\u6e05\u70b9\u548c\u8bb0\u5f55\u7ed9\u5b9a\u7cfb\u7edf\u7684\u67b6\u6784\u3002\u6574\u4e2a\u884c\u4e1a\u90fd\u9762\u4e34\u7740\u4e0e\u8bb0\u5f55\u52a8\u6001\u4e91\u57fa\u7840\u67b6\u6784\u548c\u4fdd\u6301\u4fe1\u606f\u6700\u65b0\u76f8\u5173\u7684\u5171\u540c\u6311\u6218\u3002 \u7cfb\u7edf\u6587\u6863\u8981\u6c42 \u7cfb\u7edf\u89d2\u8272\u548c\u7c7b\u578b \u7cfb\u7edf\u6e05\u5355 \u7f51\u7edc\u62d3\u6251 \u670d\u52a1\u3001\u534f\u8bae\u548c\u7aef\u53e3 \u7cfb\u7edf\u6587\u6863\u8981\u6c42 \u00b6 \u7cfb\u7edf\u89d2\u8272\u548c\u7c7b\u578b \u00b6 \u901a\u5e38\u6784\u6210 OpenStack \u5b89\u88c5\u7684\u4e24\u79cd\u5e7f\u4e49\u8282\u70b9\u7c7b\u578b\u662f\uff1a \u57fa\u7840\u8bbe\u65bd\u8282\u70b9 \u00b6 \u8fd0\u884c\u4e0e\u4e91\u76f8\u5173\u7684\u670d\u52a1\uff0c\u4f8b\u5982 OpenStack Identity \u670d\u52a1\u3001\u6d88\u606f\u961f\u5217\u670d\u52a1\u3001\u5b58\u50a8\u3001\u7f51\u7edc\u4ee5\u53ca\u652f\u6301\u4e91\u8fd0\u884c\u6240\u9700\u7684\u5176\u4ed6\u670d\u52a1\u3002 \u8ba1\u7b97\u3001\u5b58\u50a8\u6216\u5176\u4ed6\u8d44\u6e90\u8282\u70b9 \u00b6 \u4e3a\u4e91\u63d0\u4f9b\u5b58\u50a8\u5bb9\u91cf\u6216\u865a\u62df\u673a\u3002 \u7cfb\u7edf\u6e05\u5355 \u00b6 \u6587\u6863\u5e94\u63d0\u4f9bOpenStack\u73af\u5883\u7684\u4e00\u822c\u63cf\u8ff0\uff0c\u5e76\u6db5\u76d6\u4f7f\u7528\u7684\u6240\u6709\u7cfb\u7edf\uff08\u4f8b\u5982\uff0c\u751f\u4ea7\u3001\u5f00\u53d1\u6216\u6d4b\u8bd5\uff09\u3002\u8bb0\u5f55\u7cfb\u7edf\u7ec4\u4ef6\u3001\u7f51\u7edc\u3001\u670d\u52a1\u548c\u8f6f\u4ef6\u901a\u5e38\u63d0\u4f9b\u5168\u9762\u8986\u76d6\u548c\u8003\u8651\u5b89\u5168\u95ee\u9898\u3001\u653b\u51fb\u5a92\u4ecb\u548c\u53ef\u80fd\u7684\u5b89\u5168\u57df\u6865\u63a5\u70b9\u6240\u9700\u7684\u9e1f\u77b0\u56fe\u3002\u7cfb\u7edf\u6e05\u5355\u53ef\u80fd\u9700\u8981\u6355\u83b7\u4e34\u65f6\u8d44\u6e90\uff0c\u4f8b\u5982\u865a\u62df\u673a\u6216\u865a\u62df\u78c1\u76d8\u5377\uff0c\u5426\u5219\u8fd9\u4e9b\u8d44\u6e90\u5c06\u6210\u4e3a\u4f20\u7edf IT \u7cfb\u7edf\u4e2d\u7684\u6301\u4e45\u6027\u8d44\u6e90\u3002 \u786c\u4ef6\u6e05\u5355 \u00b6 \u5bf9\u4e66\u9762\u6587\u6863\u6ca1\u6709\u4e25\u683c\u5408\u89c4\u6027\u8981\u6c42\u7684\u4e91\u53ef\u80fd\u4f1a\u53d7\u76ca\u4e8e\u914d\u7f6e\u7ba1\u7406\u6570\u636e\u5e93 \uff08CMDB\uff09\u3002CMDB\u901a\u5e38\u7528\u4e8e\u786c\u4ef6\u8d44\u4ea7\u8ddf\u8e2a\u548c\u6574\u4f53\u751f\u547d\u5468\u671f\u7ba1\u7406\u3002\u901a\u8fc7\u5229\u7528 CMDB\uff0c\u7ec4\u7ec7\u53ef\u4ee5\u5feb\u901f\u8bc6\u522b\u4e91\u57fa\u7840\u8bbe\u65bd\u786c\u4ef6\uff0c\u4f8b\u5982\u8ba1\u7b97\u8282\u70b9\u3001\u5b58\u50a8\u8282\u70b9\u6216\u7f51\u7edc\u8bbe\u5907\u3002CMDB\u53ef\u4ee5\u5e2e\u52a9\u8bc6\u522b\u7f51\u7edc\u4e0a\u5b58\u5728\u7684\u8d44\u4ea7\uff0c\u8fd9\u4e9b\u8d44\u4ea7\u53ef\u80fd\u7531\u4e8e\u7ef4\u62a4\u4e0d\u8db3\u3001\u4fdd\u62a4\u4e0d\u8db3\u6216\u88ab\u53d6\u4ee3\u548c\u9057\u5fd8\u800c\u5b58\u5728\u6f0f\u6d1e\u3002\u5982\u679c\u5e95\u5c42\u786c\u4ef6\u652f\u6301\u5fc5\u8981\u7684\u81ea\u52a8\u53d1\u73b0\u529f\u80fd\uff0c\u5219 OpenStack \u7f6e\u5907\u7cfb\u7edf\u53ef\u4ee5\u63d0\u4f9b\u4e00\u4e9b\u57fa\u672c\u7684 CMDB \u529f\u80fd\u3002 \u8f6f\u4ef6\u6e05\u5355 \u00b6 \u4e0e\u786c\u4ef6\u4e00\u6837\uff0cOpenStack \u90e8\u7f72\u4e2d\u7684\u6240\u6709\u8f6f\u4ef6\u7ec4\u4ef6\u90fd\u5e94\u8bb0\u5f55\u5728\u6848\u3002\u793a\u4f8b\u5305\u62ec\uff1a \u7cfb\u7edf\u6570\u636e\u5e93\uff0c\u4f8b\u5982 MySQL \u6216 mongoDB OpenStack \u8f6f\u4ef6\u7ec4\u4ef6\uff0c\u4f8b\u5982 Identity \u6216 Compute \u652f\u6301\u7ec4\u4ef6\uff0c\u4f8b\u5982\u8d1f\u8f7d\u5747\u8861\u5668\u3001\u53cd\u5411\u4ee3\u7406\u3001DNS \u6216 DHCP \u670d\u52a1 \u5728\u8bc4\u4f30\u5e93\u3001\u5e94\u7528\u7a0b\u5e8f\u6216\u8f6f\u4ef6\u7c7b\u522b\u4e2d\u6cc4\u9732\u6216\u6f0f\u6d1e\u7684\u5f71\u54cd\u65f6\uff0c\u8f6f\u4ef6\u7ec4\u4ef6\u7684\u6743\u5a01\u5217\u8868\u53ef\u80fd\u81f3\u5173\u91cd\u8981\u3002 \u7f51\u7edc\u62d3\u6251 \u00b6 \u5e94\u63d0\u4f9b\u7f51\u7edc\u62d3\u6251\uff0c\u5e76\u7a81\u51fa\u663e\u793a\u5b89\u5168\u57df\u4e4b\u95f4\u7684\u6570\u636e\u6d41\u548c\u6865\u63a5\u70b9\u3002\u7f51\u7edc\u5165\u53e3\u548c\u51fa\u53e3\u70b9\u5e94\u4e0e\u4efb\u4f55 OpenStack \u903b\u8f91\u7cfb\u7edf\u8fb9\u754c\u4e00\u8d77\u6807\u8bc6\u3002\u53ef\u80fd\u9700\u8981\u591a\u4e2a\u56fe\u8868\u6765\u63d0\u4f9b\u7cfb\u7edf\u7684\u5b8c\u6574\u89c6\u89c9\u8986\u76d6\u3002\u7f51\u7edc\u62d3\u6251\u6587\u6863\u5e94\u5305\u62ec\u7cfb\u7edf\u4ee3\u8868\u79df\u6237\u521b\u5efa\u7684\u865a\u62df\u7f51\u7edc\uff0c\u4ee5\u53ca OpenStack \u521b\u5efa\u7684\u865a\u62df\u673a\u5b9e\u4f8b\u548c\u7f51\u5173\u3002 \u670d\u52a1\u3001\u534f\u8bae\u548c\u7aef\u53e3 \u00b6 \u4e86\u89e3\u6709\u5173\u7ec4\u7ec7\u8d44\u4ea7\u7684\u4fe1\u606f\u901a\u5e38\u662f\u6700\u4f73\u505a\u6cd5\u3002\u8d44\u4ea7\u8868\u53ef\u4ee5\u5e2e\u52a9\u9a8c\u8bc1\u5b89\u5168\u8981\u6c42\uff0c\u5e76\u5e2e\u52a9\u7ef4\u62a4\u6807\u51c6\u5b89\u5168\u7ec4\u4ef6\uff0c\u4f8b\u5982\u9632\u706b\u5899\u914d\u7f6e\u3001\u670d\u52a1\u7aef\u53e3\u51b2\u7a81\u3001\u5b89\u5168\u4fee\u6b63\u533a\u57df\u548c\u5408\u89c4\u6027\u3002\u6b64\u5916\uff0c\u8be5\u8868\u8fd8\u6709\u52a9\u4e8e\u7406\u89e3 OpenStack \u7ec4\u4ef6\u4e4b\u95f4\u7684\u5173\u7cfb\u3002\u8be5\u8868\u53ef\u80fd\u5305\u62ec\uff1a OpenStack \u90e8\u7f72\u4e2d\u4f7f\u7528\u7684\u670d\u52a1\u3001\u534f\u8bae\u548c\u7aef\u53e3\u3002 \u4e91\u57fa\u7840\u67b6\u6784\u4e2d\u8fd0\u884c\u7684\u6240\u6709\u670d\u52a1\u7684\u6982\u8ff0\u3002 \u5f3a\u70c8\u5efa\u8bae OpenStack \u90e8\u7f72\u8bb0\u5f55\u4e0e\u6b64\u7c7b\u4f3c\u7684\u4fe1\u606f\u3002\u8be5\u8868\u53ef\u4ee5\u6839\u636e\u4ece CMDB \u6d3e\u751f\u7684\u4fe1\u606f\u521b\u5efa\uff0c\u4e5f\u53ef\u4ee5\u624b\u52a8\u6784\u5efa\u3002 \u4e0b\u9762\u63d0\u4f9b\u4e86\u4e00\u4e2a\u8868\u683c\u793a\u4f8b\uff1a \u670d\u52a1 \u534f\u8bae \u7aef\u53e3 \u76ee\u7684 \u4f7f\u7528\u8005 \u5b89\u5168\u57df beam.smp AMQP 5672/tcp AMQP \u6d88\u606f\u670d\u52a1 RabbitMQ \u7ba1\u7406\u57df tgtd iSCSI 3260/tcp iSCSI \u53d1\u8d77\u7a0b\u5e8f\u670d\u52a1 iSCSI \u79c1\u6709\uff08\u6570\u636e\u7f51\u7edc\uff09 sshd ssh 22/tcp \u5141\u8bb8\u5b89\u5168\u767b\u5f55\u5230\u8282\u70b9\u548c\u6765\u5bbe\u865a\u62df\u673a Various \u6309\u9700\u914d\u7f6e\u4f5c\u7528\u4e8e\u7ba1\u7406\u57df\u3001\u516c\u5171\u57df\u548c\u8bbf\u5ba2\u57df mysqld mysql 3306/tcp \u6570\u636e\u5e93\u670d\u52a1 Various \u7ba1\u7406\u57df apache2 http 443/tcp \u4eea\u8868\u677f Tenants \u516c\u5171\u57df dnsmasq dns 53/tcp DNS \u670d\u52a1 Guest VMs \u8bbf\u5ba2\u57df \u7ba1\u7406 \u00b6 \u4e91\u90e8\u7f72\u662f\u4e00\u4e2a\u4e0d\u65ad\u53d8\u5316\u7684\u7cfb\u7edf\u3002\u673a\u5668\u8001\u5316\u548c\u6545\u969c\uff0c\u8f6f\u4ef6\u8fc7\u65f6\uff0c\u6f0f\u6d1e\u88ab\u53d1\u73b0\u3002\u5f53\u914d\u7f6e\u4e2d\u51fa\u73b0\u9519\u8bef\u6216\u9057\u6f0f\u65f6\uff0c\u6216\u8005\u5fc5\u987b\u5e94\u7528\u8f6f\u4ef6\u4fee\u590d\u65f6\uff0c\u5fc5\u987b\u4ee5\u5b89\u5168\u4f46\u65b9\u4fbf\u7684\u65b9\u5f0f\u8fdb\u884c\u8fd9\u4e9b\u66f4\u6539\u3002\u8fd9\u4e9b\u66f4\u6539\u901a\u5e38\u901a\u8fc7\u914d\u7f6e\u7ba1\u7406\u6765\u89e3\u51b3\u3002 \u4fdd\u62a4\u4e91\u90e8\u7f72\u4e0d\u88ab\u6076\u610f\u5b9e\u4f53\u914d\u7f6e\u6216\u64cd\u7eb5\u975e\u5e38\u91cd\u8981\u3002\u7531\u4e8e\u4e91\u4e2d\u7684\u8bb8\u591a\u7cfb\u7edf\u90fd\u91c7\u7528\u8ba1\u7b97\u548c\u7f51\u7edc\u865a\u62df\u5316\uff0c\u56e0\u6b64 OpenStack \u9762\u4e34\u7740\u660e\u663e\u7684\u6311\u6218\uff0c\u5fc5\u987b\u901a\u8fc7\u5b8c\u6574\u6027\u751f\u547d\u5468\u671f\u7ba1\u7406\u6765\u89e3\u51b3\u8fd9\u4e9b\u6311\u6218\u3002 \u7ba1\u7406\u5458\u5fc5\u987b\u5bf9\u4e91\u6267\u884c\u547d\u4ee4\u548c\u63a7\u5236\uff0c\u4ee5\u5b9e\u73b0\u5404\u79cd\u64cd\u4f5c\u529f\u80fd\u3002\u7406\u89e3\u548c\u4fdd\u62a4\u8fd9\u4e9b\u6307\u6325\u548c\u63a7\u5236\u8bbe\u65bd\u975e\u5e38\u91cd\u8981\u3002 \u6301\u7eed\u7684\u7cfb\u7edf\u7ba1\u7406 \u6f0f\u6d1e\u7ba1\u7406 \u914d\u7f6e\u7ba1\u7406 \u5b89\u5168\u5907\u4efd\u548c\u6062\u590d \u5b89\u5168\u5ba1\u8ba1\u5de5\u5177 \u5b8c\u6574\u6027\u751f\u547d\u5468\u671f \u5b89\u5168\u5f15\u5bfc \u8fd0\u884c\u65f6\u9a8c\u8bc1 \u670d\u52a1\u5668\u52a0\u56fa \u7ba1\u7406\u754c\u9762 \u4eea\u8868\u677f OpenStack \u63a5\u53e3 \u5b89\u5168\u5916\u58f3 \uff08SSH\uff09 \u7ba1\u7406\u5b9e\u7528\u7a0b\u5e8f \u5e26\u5916\u7ba1\u7406\u63a5\u53e3 \u6301\u7eed\u7684\u7cfb\u7edf\u7ba1\u7406 \u00b6 \u4e91\u7cfb\u7edf\u603b\u4f1a\u5b58\u5728\u6f0f\u6d1e\uff0c\u5176\u4e2d\u4e00\u4e9b\u53ef\u80fd\u662f\u5b89\u5168\u95ee\u9898\u3002\u56e0\u6b64\uff0c\u51c6\u5907\u597d\u5e94\u7528\u5b89\u5168\u66f4\u65b0\u548c\u5e38\u89c4\u8f6f\u4ef6\u66f4\u65b0\u81f3\u5173\u91cd\u8981\u3002\u8fd9\u6d89\u53ca\u5230\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\u7684\u667a\u80fd\u4f7f\u7528\uff0c\u4e0b\u9762\u5c06\u5bf9\u6b64\u8fdb\u884c\u8ba8\u8bba\u3002\u8fd9\u8fd8\u6d89\u53ca\u4e86\u89e3\u4f55\u65f6\u9700\u8981\u5347\u7ea7\u3002 \u6f0f\u6d1e\u7ba1\u7406 \u00b6 \u6709\u5173\u5b89\u5168\u76f8\u5173\u66f4\u6539\u7684\u516c\u544a\uff0c\u8bf7\u8ba2\u9605 OpenStack Announce \u90ae\u4ef6\u5217\u8868\u3002\u5b89\u5168\u901a\u77e5\u8fd8\u4f1a\u901a\u8fc7\u4e0b\u6e38\u8f6f\u4ef6\u5305\u53d1\u5e03\uff0c\u4f8b\u5982\uff0c\u901a\u8fc7\u60a8\u53ef\u80fd\u4f5c\u4e3a\u8f6f\u4ef6\u5305\u66f4\u65b0\u7684\u4e00\u90e8\u5206\u8ba2\u9605\u7684 Linux \u53d1\u884c\u7248\u3002 OpenStack\u7ec4\u4ef6\u53ea\u662f\u4e91\u4e2d\u8f6f\u4ef6\u7684\u4e00\u5c0f\u90e8\u5206\u3002\u4e0e\u6240\u6709\u8fd9\u4e9b\u5176\u4ed6\u7ec4\u4ef6\u4fdd\u6301\u540c\u6b65\u4e5f\u5f88\u91cd\u8981\u3002\u867d\u7136\u67d0\u4e9b\u6570\u636e\u6e90\u662f\u7279\u5b9a\u4e8e\u90e8\u7f72\u7684\uff0c\u4f46\u4e91\u7ba1\u7406\u5458\u5fc5\u987b\u8ba2\u9605\u5fc5\u8981\u7684\u90ae\u4ef6\u5217\u8868\uff0c\u4ee5\u4fbf\u63a5\u6536\u9002\u7528\u4e8e\u7ec4\u7ec7\u73af\u5883\u7684\u4efb\u4f55\u5b89\u5168\u66f4\u65b0\u7684\u901a\u77e5\u3002\u901a\u5e38\uff0c\u8fd9\u5c31\u50cf\u8ddf\u8e2a\u4e0a\u6e38 Linux \u53d1\u884c\u7248\u4e00\u6837\u7b80\u5355\u3002 \u6ce8\u610f OpenStack \u901a\u8fc7\u4e24\u4e2a\u6e20\u9053\u53d1\u5e03\u5b89\u5168\u4fe1\u606f\u3002 - OpenStack \u5b89\u5168\u516c\u544a \uff08OSSA\uff09 \u7531 OpenStack \u6f0f\u6d1e\u7ba1\u7406\u56e2\u961f \uff08VMT\uff09 \u521b\u5efa\u3002\u5b83\u4eec\u4e0e\u6838\u5fc3OpenStack\u670d\u52a1\u4e2d\u7684\u5b89\u5168\u6f0f\u6d1e\u6709\u5173\u3002\u6709\u5173 VMT \u7684\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u6f0f\u6d1e\u7ba1\u7406\u6d41\u7a0b\u3002 - OpenStack \u5b89\u5168\u8bf4\u660e \uff08OSSN\uff09 \u7531 OpenStack \u5b89\u5168\u7ec4 \uff08OSSG\uff09 \u521b\u5efa\uff0c\u4ee5\u652f\u6301 VMT \u7684\u5de5\u4f5c\u3002OSSN\u89e3\u51b3\u4e86\u652f\u6301\u8f6f\u4ef6\u548c\u5e38\u89c1\u90e8\u7f72\u914d\u7f6e\u4e2d\u7684\u95ee\u9898\u3002\u672c\u6307\u5357\u4e2d\u5f15\u7528\u4e86\u5b83\u4eec\u3002\u5b89\u5168\u8bf4\u660e\u5b58\u6863\u5728OSSN\u4e0a\u3002 \u5206\u7c7b \u00b6 \u6536\u5230\u5b89\u5168\u66f4\u65b0\u901a\u77e5\u540e\uff0c\u4e0b\u4e00\u6b65\u662f\u786e\u5b9a\u6b64\u66f4\u65b0\u5bf9\u7ed9\u5b9a\u4e91\u90e8\u7f72\u7684\u91cd\u8981\u6027\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u62e5\u6709\u9884\u5b9a\u4e49\u7684\u7b56\u7565\u5f88\u6709\u7528\u3002\u73b0\u6709\u7684\u6f0f\u6d1e\u8bc4\u7ea7\u7cfb\u7edf\uff08\u5982\u901a\u7528\u6f0f\u6d1e\u8bc4\u5206\u7cfb\u7edf \uff08CVSS\uff09\uff09\u65e0\u6cd5\u6b63\u786e\u8003\u8651\u4e91\u90e8\u7f72\u3002 \u5728\u6b64\u793a\u4f8b\u4e2d\uff0c\u6211\u4eec\u5f15\u5165\u4e86\u4e00\u4e2a\u8bc4\u5206\u77e9\u9635\uff0c\u8be5\u77e9\u9635\u5c06\u6f0f\u6d1e\u5206\u4e3a\u4e09\u7c7b\uff1a\u6743\u9650\u63d0\u5347\u3001\u62d2\u7edd\u670d\u52a1\u548c\u4fe1\u606f\u6cc4\u9732\u3002\u4e86\u89e3\u6f0f\u6d1e\u7684\u7c7b\u578b\u53ca\u5176\u5728\u57fa\u7840\u67b6\u6784\u4e2d\u53d1\u751f\u7684\u4f4d\u7f6e\u5c06\u4f7f\u60a8\u80fd\u591f\u505a\u51fa\u5408\u7406\u7684\u54cd\u5e94\u51b3\u7b56\u3002 \u6743\u9650\u63d0\u5347\u63cf\u8ff0\u4e86\u7528\u6237\u4f7f\u7528\u7cfb\u7edf\u4e2d\u5176\u4ed6\u7528\u6237\u7684\u6743\u9650\u8fdb\u884c\u64cd\u4f5c\u7684\u80fd\u529b\uff0c\u7ed5\u8fc7\u9002\u5f53\u7684\u6388\u6743\u68c0\u67e5\u3002\u6765\u5bbe\u7528\u6237\u6267\u884c\u7684\u64cd\u4f5c\u5141\u8bb8\u4ed6\u4eec\u4ee5\u7ba1\u7406\u5458\u6743\u9650\u6267\u884c\u672a\u7ecf\u6388\u6743\u7684\u64cd\u4f5c\uff0c\u8fd9\u662f\u6b64\u7c7b\u6f0f\u6d1e\u7684\u4e00\u4e2a\u793a\u4f8b\u3002 \u62d2\u7edd\u670d\u52a1\u662f\u6307\u88ab\u5229\u7528\u7684\u6f0f\u6d1e\uff0c\u53ef\u80fd\u5bfc\u81f4\u670d\u52a1\u6216\u7cfb\u7edf\u4e2d\u65ad\u3002\u8fd9\u65e2\u5305\u62ec\u4f7f\u7f51\u7edc\u8d44\u6e90\u4e0d\u582a\u91cd\u8d1f\u7684\u5206\u5e03\u5f0f\u653b\u51fb\uff0c\u4e5f\u5305\u62ec\u901a\u5e38\u7531\u8d44\u6e90\u5206\u914d\u9519\u8bef\u6216\u8f93\u5165\u5f15\u8d77\u7684\u7cfb\u7edf\u6545\u969c\u7f3a\u9677\u5f15\u8d77\u7684\u5355\u7528\u6237\u653b\u51fb\u3002 \u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u4f1a\u6cc4\u9732\u6709\u5173\u60a8\u7684\u7cfb\u7edf\u6216\u64cd\u4f5c\u7684\u4fe1\u606f\u3002\u8fd9\u4e9b\u6f0f\u6d1e\u7684\u8303\u56f4\u4ece\u8c03\u8bd5\u4fe1\u606f\u6cc4\u9732\u5230\u5173\u952e\u5b89\u5168\u6570\u636e\uff08\u5982\u8eab\u4efd\u9a8c\u8bc1\u51ed\u636e\u548c\u5bc6\u7801\uff09\u7684\u66b4\u9732\u3002 \u653b\u51fb\u8005\u4f4d\u7f6e/\u6743\u9650\u7ea7\u522b \u5916\u90e8 \u4e91\u7528\u6237 \u4e91\u7ba1\u7406\u5458 \u63a7\u5236\u5e73\u9762 \u6743\u9650\u63d0\u5347\uff083 \u7ea7\uff09 \u7d27\u6025 n/a n/a n/a \u6743\u9650\u63d0\u5347\uff082 \u4e2a\u7ea7\u522b\uff09 \u7d27\u6025 \u7d27\u6025 n/a n/a \u7279\u6743\u63d0\u5347\uff081 \u7ea7\uff09 \u7d27\u6025 \u7d27\u6025 \u7d27\u6025 n/a \u62d2\u7edd\u670d\u52a1 \u9ad8 \u4e2d \u4f4e \u4f4e \u4fe1\u606f\u62ab\u9732 \u7d27\u6025/\u9ad8 \u7d27\u6025/\u9ad8 \u4e2d/\u4f4e \u4f4e \u8be5\u8868\u8bf4\u660e\u4e86\u4e00\u79cd\u901a\u7528\u65b9\u6cd5\uff0c\u8be5\u65b9\u6cd5\u6839\u636e\u6f0f\u6d1e\u5728\u90e8\u7f72\u4e2d\u53d1\u751f\u7684\u4f4d\u7f6e\u548c\u5f71\u54cd\u6765\u8861\u91cf\u6f0f\u6d1e\u7684\u5f71\u54cd\u3002\u4f8b\u5982\uff0c\u8ba1\u7b97 API \u8282\u70b9\u4e0a\u7684\u5355\u7ea7\u6743\u9650\u63d0\u5347\u53ef\u80fd\u5141\u8bb8 API \u7684\u6807\u51c6\u7528\u6237\u5347\u7ea7\u4e3a\u5177\u6709\u4e0e\u8282\u70b9\u4e0a\u7684 root \u7528\u6237\u76f8\u540c\u7684\u6743\u9650\u3002 \u6211\u4eec\u5efa\u8bae\u4e91\u7ba1\u7406\u5458\u4f7f\u7528\u6b64\u8868\u4f5c\u4e3a\u6a21\u578b\uff0c\u4ee5\u5e2e\u52a9\u5b9a\u4e49\u8981\u9488\u5bf9\u5404\u79cd\u5b89\u5168\u7ea7\u522b\u6267\u884c\u7684\u64cd\u4f5c\u3002\u4f8b\u5982\uff0c\u5173\u952e\u7ea7\u522b\u7684\u5b89\u5168\u66f4\u65b0\u53ef\u80fd\u9700\u8981\u5feb\u901f\u5347\u7ea7\u4e91\uff0c\u800c\u4f4e\u7ea7\u522b\u7684\u66f4\u65b0\u53ef\u80fd\u9700\u8981\u66f4\u957f\u7684\u65f6\u95f4\u624d\u80fd\u5b8c\u6210\u3002 \u6d4b\u8bd5\u66f4\u65b0 \u00b6 \u5728\u751f\u4ea7\u73af\u5883\u4e2d\u90e8\u7f72\u4efb\u4f55\u66f4\u65b0\u4e4b\u524d\uff0c\u5e94\u5bf9\u5176\u8fdb\u884c\u6d4b\u8bd5\u3002\u901a\u5e38\uff0c\u8fd9\u9700\u8981\u6709\u4e00\u4e2a\u5355\u72ec\u7684\u6d4b\u8bd5\u4e91\u8bbe\u7f6e\uff0c\u8be5\u8bbe\u7f6e\u9996\u5148\u63a5\u6536\u66f4\u65b0\u3002\u5728\u8f6f\u4ef6\u548c\u786c\u4ef6\u65b9\u9762\uff0c\u6b64\u4e91\u5e94\u5c3d\u53ef\u80fd\u63a5\u8fd1\u751f\u4ea7\u4e91\u3002\u5e94\u5728\u6027\u80fd\u5f71\u54cd\u3001\u7a33\u5b9a\u6027\u3001\u5e94\u7528\u7a0b\u5e8f\u5f71\u54cd\u7b49\u65b9\u9762\u5bf9\u66f4\u65b0\u8fdb\u884c\u5168\u9762\u6d4b\u8bd5\u3002\u7279\u522b\u91cd\u8981\u7684\u662f\u9a8c\u8bc1\u66f4\u65b0\u7406\u8bba\u4e0a\u89e3\u51b3\u7684\u95ee\u9898\uff08\u4f8b\u5982\u7279\u5b9a\u6f0f\u6d1e\uff09\u662f\u5426\u5df2\u5b9e\u9645\u4fee\u590d\u3002 \u90e8\u7f72\u66f4\u65b0 \u00b6 \u5b8c\u5168\u6d4b\u8bd5\u66f4\u65b0\u540e\uff0c\u53ef\u4ee5\u5c06\u5176\u90e8\u7f72\u5230\u751f\u4ea7\u73af\u5883\u3002\u5e94\u4f7f\u7528\u4e0b\u9762\u6240\u8ff0\u7684\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\u5b8c\u5168\u81ea\u52a8\u5316\u6b64\u90e8\u7f72\u3002 \u914d\u7f6e\u7ba1\u7406 \u00b6 \u751f\u4ea7\u8d28\u91cf\u7684\u4e91\u5e94\u59cb\u7ec8\u4f7f\u7528\u5de5\u5177\u6765\u81ea\u52a8\u6267\u884c\u914d\u7f6e\u548c\u90e8\u7f72\u3002\u8fd9\u6d88\u9664\u4e86\u4eba\u4e3a\u9519\u8bef\uff0c\u5e76\u5141\u8bb8\u4e91\u66f4\u5feb\u5730\u6269\u5c55\u3002\u81ea\u52a8\u5316\u8fd8\u6709\u52a9\u4e8e\u6301\u7eed\u96c6\u6210\u548c\u6d4b\u8bd5\u3002 \u5728\u6784\u5efa OpenStack \u4e91\u65f6\uff0c\u5f3a\u70c8\u5efa\u8bae\u5728\u8bbe\u8ba1\u548c\u5b9e\u73b0\u65f6\u8003\u8651\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\u6216\u6846\u67b6\u3002\u901a\u8fc7\u914d\u7f6e\u7ba1\u7406\uff0c\u60a8\u53ef\u4ee5\u907f\u514d\u5728\u6784\u5efa\u3001\u7ba1\u7406\u548c\u7ef4\u62a4\u50cf OpenStack \u8fd9\u6837\u590d\u6742\u7684\u57fa\u7840\u67b6\u6784\u65f6\u56fa\u6709\u7684\u8bb8\u591a\u9677\u9631\u3002\u901a\u8fc7\u751f\u6210\u914d\u7f6e\u7ba1\u7406\u5b9e\u7528\u7a0b\u5e8f\u6240\u9700\u7684\u6e05\u5355\u3001\u8bf4\u660e\u4e66\u6216\u6a21\u677f\uff0c\u60a8\u53ef\u4ee5\u6ee1\u8db3\u8bb8\u591a\u6587\u6863\u548c\u6cd5\u89c4\u62a5\u544a\u8981\u6c42\u3002\u6b64\u5916\uff0c\u914d\u7f6e\u7ba1\u7406\u8fd8\u53ef\u4ee5\u4f5c\u4e3a\u4e1a\u52a1\u8fde\u7eed\u6027\u8ba1\u5212 \uff08BCP\uff09 \u548c\u6570\u636e\u6062\u590d \uff08DR\uff09 \u8ba1\u5212\u7684\u4e00\u90e8\u5206\uff0c\u60a8\u53ef\u4ee5\u5728\u5176\u4e2d\u5c06\u8282\u70b9\u6216\u670d\u52a1\u91cd\u5efa\u56de DR \u4e8b\u4ef6\u4e2d\u7684\u5df2\u77e5\u72b6\u6001\u6216\u7ed9\u5b9a\u7684\u59a5\u534f\u72b6\u6001\u3002 \u6b64\u5916\uff0c\u5f53\u4e0e Git \u6216 SVN \u7b49\u7248\u672c\u63a7\u5236\u7cfb\u7edf\u7ed3\u5408\u4f7f\u7528\u65f6\uff0c\u60a8\u53ef\u4ee5\u8ddf\u8e2a\u73af\u5883\u968f\u65f6\u95f4\u63a8\u79fb\u800c\u53d1\u751f\u7684\u66f4\u6539\uff0c\u5e76\u91cd\u65b0\u8c03\u89e3\u53ef\u80fd\u53d1\u751f\u7684\u672a\u7ecf\u6388\u6743\u7684\u66f4\u6539\u3002\u4f8b\u5982\uff0c\u6587\u4ef6 nova.conf \u6216\u5176\u4ed6\u914d\u7f6e\u6587\u4ef6\u4e0d\u7b26\u5408\u60a8\u7684\u6807\u51c6\uff0c\u60a8\u7684\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\u53ef\u4ee5\u8fd8\u539f\u6216\u66ff\u6362\u8be5\u6587\u4ef6\uff0c\u5e76\u5c06\u60a8\u7684\u914d\u7f6e\u6062\u590d\u5230\u5df2\u77e5\u72b6\u6001\u3002\u6700\u540e\uff0c\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\u4e5f\u53ef\u7528\u4e8e\u90e8\u7f72\u66f4\u65b0;\u7b80\u5316\u5b89\u5168\u8865\u4e01\u6d41\u7a0b\u3002\u8fd9\u4e9b\u5de5\u5177\u5177\u6709\u5e7f\u6cdb\u7684\u529f\u80fd\uff0c\u5728\u8be5\u9886\u57df\u975e\u5e38\u6709\u7528\u3002\u4fdd\u62a4\u4e91\u7684\u5173\u952e\u70b9\u662f\u9009\u62e9\u4e00\u79cd\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\u5e76\u4f7f\u7528\u5b83\u3002 \u6709\u8bb8\u591a\u914d\u7f6e\u7ba1\u7406\u89e3\u51b3\u65b9\u6848;\u5728\u64b0\u5199\u672c\u6587\u65f6\uff0c\u5e02\u573a\u4e0a\u6709\u4e24\u4e2a\u5728\u652f\u6301 OpenStack \u73af\u5883\u65b9\u9762\u975e\u5e38\u5f3a\u5927\u7684\u516c\u53f8\uff1aChef \u548c Puppet\u3002\u4e0b\u9762\u63d0\u4f9b\u4e86\u6b64\u7a7a\u95f4\u4e2d\u7684\u5de5\u5177\u7684\u975e\u8be6\u5c3d\u5217\u8868\uff1a Chef Puppet Salt Stack Ansible \u7b56\u7565\u66f4\u6539 \u00b6 \u6bcf\u5f53\u66f4\u6539\u7b56\u7565\u6216\u914d\u7f6e\u7ba1\u7406\u65f6\uff0c\u6700\u597d\u8bb0\u5f55\u6d3b\u52a8\u5e76\u5907\u4efd\u65b0\u96c6\u7684\u526f\u672c\u3002\u901a\u5e38\uff0c\u6b64\u7c7b\u7b56\u7565\u548c\u914d\u7f6e\u5b58\u50a8\u5728\u53d7\u7248\u672c\u63a7\u5236\u7684\u5b58\u50a8\u5e93\uff08\u5982 Git\uff09\u4e2d\u3002 \u5b89\u5168\u5907\u4efd\u548c\u6062\u590d \u00b6 \u5728\u6574\u4e2a\u7cfb\u7edf\u5b89\u5168\u8ba1\u5212\u4e2d\u5305\u62ec\u5907\u4efd\u8fc7\u7a0b\u548c\u7b56\u7565\u975e\u5e38\u91cd\u8981\u3002\u6709\u5173 OpenStack \u5907\u4efd\u548c\u6062\u590d\u529f\u80fd\u548c\u8fc7\u7a0b\u7684\u6982\u8ff0\uff0c\u8bf7\u53c2\u9605\u6709\u5173\u5907\u4efd\u548c\u6062\u590d\u7684 OpenStack \u64cd\u4f5c\u6307\u5357\u3002 \u786e\u4fdd\u53ea\u6709\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u7528\u6237\u548c\u5907\u4efd\u5ba2\u6237\u7aef\u624d\u80fd\u8bbf\u95ee\u5907\u4efd\u670d\u52a1\u5668\u3002 \u4f7f\u7528\u6570\u636e\u52a0\u5bc6\u9009\u9879\u6765\u5b58\u50a8\u548c\u4f20\u8f93\u5907\u4efd\u3002 \u4f7f\u7528\u4e13\u7528\u4e14\u5f3a\u5316\u7684\u5907\u4efd\u670d\u52a1\u5668\u3002\u5907\u4efd\u670d\u52a1\u5668\u7684\u65e5\u5fd7\u5fc5\u987b\u6bcf\u5929\u8fdb\u884c\u76d1\u89c6\uff0c\u5e76\u4e14\u53ea\u6709\u5c11\u6570\u4eba\u53ef\u4ee5\u8bbf\u95ee\u3002 \u5b9a\u671f\u6d4b\u8bd5\u6570\u636e\u6062\u590d\u9009\u9879\uff0c\u5305\u62ec\u5b58\u50a8\u5728\u5b89\u5168\u5907\u4efd\u4e2d\u7684\u955c\u50cf\uff0c\u662f\u786e\u4fdd\u707e\u96be\u6062\u590d\u51c6\u5907\u7684\u5173\u952e\u90e8\u5206\u3002\u5728\u53d1\u751f\u5b89\u5168\u6f0f\u6d1e\u6216\u53d7\u635f\u65f6\uff0c\u7ec8\u6b62\u8fd0\u884c\u4e2d\u7684\u5b9e\u4f8b\u5e76\u4ece\u5df2\u77e5\u7684\u5b89\u5168\u955c\u50cf\u5907\u4efd\u4e2d\u91cd\u65b0\u542f\u52a8\u5b9e\u4f8b\u786e\u5b9e\u662f\u6700\u4f73\u505a\u6cd5\u3002\u8fd9\u6709\u52a9\u4e8e\u786e\u4fdd\u53d7\u635f\u7684\u5b9e\u4f8b\u88ab\u6d88\u9664\uff0c\u5e76\u4e14\u53ef\u4ee5\u8fc5\u901f\u4ece\u5907\u4efd\u7684\u955c\u50cf\u4e2d\u91cd\u65b0\u90e8\u7f72\u5e72\u51c0\u3001\u53ef\u4fe1\u8d56\u7684\u7248\u672c\u3002 \u5b89\u5168\u5ba1\u8ba1\u5de5\u5177 \u00b6 \u5b89\u5168\u5ba1\u6838\u5de5\u5177\u53ef\u4ee5\u8865\u5145\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\u3002\u5b89\u5168\u5ba1\u6838\u5de5\u5177\u53ef\u81ea\u52a8\u6267\u884c\u9a8c\u8bc1\u7ed9\u5b9a\u7cfb\u7edf\u914d\u7f6e\u662f\u5426\u6ee1\u8db3\u5927\u91cf\u5b89\u5168\u63a7\u5236\u7684\u8fc7\u7a0b\u3002\u8fd9\u4e9b\u5de5\u5177\u6709\u52a9\u4e8e\u5f25\u5408\u4ece\u5b89\u5168\u914d\u7f6e\u6307\u5357\u6587\u6863\uff08\u4f8b\u5982\uff0cSTIG \u548c NSA \u6307\u5357\uff09\u5230\u7279\u5b9a\u7cfb\u7edf\u5b89\u88c5\u7684\u5dee\u8ddd\u3002\u4f8b\u5982\uff0cSCAP \u53ef\u4ee5\u5c06\u6b63\u5728\u8fd0\u884c\u7684\u7cfb\u7edf\u4e0e\u9884\u5b9a\u4e49\u7684\u914d\u7f6e\u6587\u4ef6\u8fdb\u884c\u6bd4\u8f83\u3002SCAP \u8f93\u51fa\u4e00\u4efd\u62a5\u544a\uff0c\u8be6\u7ec6\u8bf4\u660e\u914d\u7f6e\u6587\u4ef6\u4e2d\u7684\u54ea\u4e9b\u63a7\u4ef6\u5df2\u6ee1\u8db3\uff0c\u54ea\u4e9b\u63a7\u4ef6\u672a\u901a\u8fc7\uff0c\u54ea\u4e9b\u63a7\u4ef6\u672a\u9009\u4e2d\u3002 \u5c06\u914d\u7f6e\u7ba1\u7406\u548c\u5b89\u5168\u5ba1\u8ba1\u5de5\u5177\u76f8\u7ed3\u5408\uff0c\u5f62\u6210\u4e86\u4e00\u4e2a\u5f3a\u5927\u7684\u7ec4\u5408\u3002\u5ba1\u6838\u5de5\u5177\u5c06\u7a81\u51fa\u663e\u793a\u90e8\u7f72\u95ee\u9898\u3002\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\u7b80\u5316\u4e86\u66f4\u6539\u6bcf\u4e2a\u7cfb\u7edf\u7684\u8fc7\u7a0b\uff0c\u4ee5\u89e3\u51b3\u5ba1\u8ba1\u95ee\u9898\u3002\u4ee5\u8fd9\u79cd\u65b9\u5f0f\u4e00\u8d77\u4f7f\u7528\uff0c\u8fd9\u4e9b\u5de5\u5177\u6709\u52a9\u4e8e\u7ef4\u62a4\u6ee1\u8db3\u4ece\u57fa\u672c\u5f3a\u5316\u5230\u5408\u89c4\u6027\u9a8c\u8bc1\u7b49\u5b89\u5168\u8981\u6c42\u7684\u4e91\u73af\u5883\u3002 \u914d\u7f6e\u7ba1\u7406\u548c\u5b89\u5168\u5ba1\u8ba1\u5de5\u5177\u5c06\u7ed9\u4e91\u5e26\u6765\u53e6\u4e00\u5c42\u590d\u6742\u6027\u3002\u8fd9\u79cd\u590d\u6742\u6027\u5e26\u6765\u4e86\u989d\u5916\u7684\u5b89\u5168\u95ee\u9898\u3002\u8003\u8651\u5230\u5176\u5b89\u5168\u4f18\u52bf\uff0c\u6211\u4eec\u8ba4\u4e3a\u8fd9\u662f\u4e00\u79cd\u53ef\u63a5\u53d7\u7684\u98ce\u9669\u6743\u8861\u3002\u5bf9\u4e8e\u8fd9\u4e9b\u5de5\u5177\u7684\u64cd\u4f5c\u5b89\u5168\u6027\u4fdd\u969c\u8d85\u51fa\u4e86\u672c\u6307\u5357\u7684\u8303\u56f4\u3002 \u5b8c\u6574\u6027\u751f\u547d\u5468\u671f \u00b6 \u6211\u4eec\u5c06\u5b8c\u6574\u6027\u751f\u547d\u5468\u671f\u5b9a\u4e49\u4e3a\u4e00\u4e2a\u6df1\u601d\u719f\u8651\u7684\u8fc7\u7a0b\uff0c\u5b83\u786e\u4fdd\u6211\u4eec\u59cb\u7ec8\u5728\u6574\u4e2a\u4e91\u4e2d\u4ee5\u9884\u671f\u7684\u914d\u7f6e\u8fd0\u884c\u9884\u671f\u7684\u8f6f\u4ef6\u3002\u6b64\u8fc7\u7a0b\u4ece\u5b89\u5168\u5f15\u5bfc\u5f00\u59cb\uff0c\u5e76\u901a\u8fc7\u914d\u7f6e\u7ba1\u7406\u548c\u5b89\u5168\u76d1\u63a7\u8fdb\u884c\u7ef4\u62a4\u3002\u672c\u7ae0\u5c31\u5982\u4f55\u5904\u7406\u5b8c\u6574\u6027\u751f\u547d\u5468\u671f\u8fc7\u7a0b\u63d0\u4f9b\u4e86\u5efa\u8bae\u3002 \u5b89\u5168\u5f15\u5bfc \u00b6 \u4e91\u4e2d\u7684\u8282\u70b9\uff0c\u5305\u62ec\u8ba1\u7b97\u3001\u5b58\u50a8\u3001\u7f51\u7edc\u3001\u670d\u52a1\u548c\u6df7\u5408\u8282\u70b9\uff0c\u5e94\u8be5\u6709\u4e00\u4e2a\u81ea\u52a8\u5316\u7684\u914d\u7f6e\u8fc7\u7a0b\u3002\u8fd9\u786e\u4fdd\u4e86\u8282\u70b9\u7684\u4e00\u81f4\u548c\u6b63\u786e\u914d\u7f6e\u3002\u8fd9\u4e5f\u4fbf\u4e8e\u5b89\u5168\u8865\u4e01\u3001\u5347\u7ea7\u3001\u6545\u969c\u4fee\u590d\u548c\u5176\u4ed6\u5173\u952e\u53d8\u66f4\u3002\u7531\u4e8e\u8fd9\u4e2a\u8fc7\u7a0b\u5b89\u88c5\u4e86\u5728\u4e91\u4e2d\u5177\u6709\u6700\u9ad8\u7279\u6743\u7ea7\u522b\u7684\u65b0\u8f6f\u4ef6\uff0c\u56e0\u6b64\u9a8c\u8bc1\u5b89\u88c5\u6b63\u786e\u7684\u8f6f\u4ef6\u975e\u5e38\u91cd\u8981\uff0c\u5305\u62ec\u542f\u52a8\u8fc7\u7a0b\u7684\u6700\u65e9\u9636\u6bb5\u3002 \u6709\u591a\u79cd\u6280\u672f\u53ef\u4ee5\u9a8c\u8bc1\u8fd9\u4e9b\u65e9\u671f\u542f\u52a8\u9636\u6bb5\u3002\u8fd9\u4e9b\u901a\u5e38\u9700\u8981\u786c\u4ef6\u652f\u6301\uff0c\u4f8b\u5982\u53ef\u4fe1\u5e73\u53f0\u6a21\u5757 \uff08TPM\uff09\u3001\u82f1\u7279\u5c14\u53ef\u4fe1\u6267\u884c\u6280\u672f \uff08TXT\uff09\u3001\u52a8\u6001\u4fe1\u4efb\u6839\u6d4b\u91cf \uff08DRTM\uff09 \u548c\u7edf\u4e00\u53ef\u6269\u5c55\u56fa\u4ef6\u63a5\u53e3 \uff08UEFI\uff09 \u5b89\u5168\u542f\u52a8\u3002\u5728\u672c\u4e66\u4e2d\uff0c\u6211\u4eec\u5c06\u6240\u6709\u8fd9\u4e9b\u7edf\u79f0\u4e3a\u5b89\u5168\u542f\u52a8\u6280\u672f\u3002\u6211\u4eec\u5efa\u8bae\u4f7f\u7528\u5b89\u5168\u542f\u52a8\uff0c\u540c\u65f6\u627f\u8ba4\u90e8\u7f72\u6b64\u542f\u52a8\u6240\u9700\u7684\u8bb8\u591a\u90e8\u5206\u9700\u8981\u9ad8\u7ea7\u6280\u672f\u6280\u80fd\u624d\u80fd\u4e3a\u6bcf\u4e2a\u73af\u5883\u81ea\u5b9a\u4e49\u5de5\u5177\u3002\u4e0e\u672c\u6307\u5357\u4e2d\u7684\u8bb8\u591a\u5176\u4ed6\u5efa\u8bae\u76f8\u6bd4\uff0c\u4f7f\u7528\u5b89\u5168\u542f\u52a8\u9700\u8981\u66f4\u6df1\u5165\u7684\u96c6\u6210\u548c\u81ea\u5b9a\u4e49\u3002TPM \u6280\u672f\u867d\u7136\u5728\u5927\u591a\u6570\u5546\u52a1\u7ea7\u7b14\u8bb0\u672c\u7535\u8111\u548c\u53f0\u5f0f\u673a\u4e2d\u5f88\u5e38\u89c1\u6570\u5e74\uff0c\u4f46\u73b0\u5728\u5df2\u4e0e\u652f\u6301\u7684 BIOS \u4e00\u8d77\u5728\u670d\u52a1\u5668\u4e2d\u53ef\u7528\u3002\u6b63\u786e\u7684\u89c4\u5212\u5bf9\u4e8e\u6210\u529f\u7684\u5b89\u5168\u542f\u52a8\u90e8\u7f72\u81f3\u5173\u91cd\u8981\u3002 \u6709\u5173\u5b89\u5168\u542f\u52a8\u90e8\u7f72\u7684\u5b8c\u6574\u6559\u7a0b\u8d85\u51fa\u4e86\u672c\u4e66\u7684\u8303\u56f4\u3002\u76f8\u53cd\uff0c\u6211\u4eec\u5728\u8fd9\u91cc\u63d0\u4f9b\u4e86\u4e00\u4e2a\u6846\u67b6\uff0c\u7528\u4e8e\u5c06\u5b89\u5168\u542f\u52a8\u6280\u672f\u4e0e\u5178\u578b\u7684\u8282\u70b9\u9884\u914d\u8fc7\u7a0b\u96c6\u6210\u3002\u6709\u5173\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u4e91\u67b6\u6784\u5e08\u5e94\u53c2\u8003\u76f8\u5173\u89c4\u8303\u548c\u8f6f\u4ef6\u914d\u7f6e\u624b\u518c\u3002 \u8282\u70b9\u914d\u7f6e \u00b6 \u8282\u70b9\u5e94\u4f7f\u7528\u9884\u5f15\u5bfc\u6267\u884c\u73af\u5883\uff08PXE\uff09\u8fdb\u884c\u914d\u7f6e\u3002\u8fd9\u5927\u5927\u51cf\u5c11\u4e86\u91cd\u65b0\u90e8\u7f72\u8282\u70b9\u6240\u9700\u7684\u5de5\u4f5c\u91cf\u3002\u5178\u578b\u7684\u8fc7\u7a0b\u6d89\u53ca\u8282\u70b9\u4ece\u670d\u52a1\u5668\u63a5\u6536\u5404\u79cd\u5f15\u5bfc\u9636\u6bb5\uff08\u5373\u6267\u884c\u7684\u8f6f\u4ef6\u9010\u6e10\u590d\u6742\uff09\u3002 \u6211\u4eec\u5efa\u8bae\u5728\u7ba1\u7406\u5b89\u5168\u57df\u4e2d\u4f7f\u7528\u5355\u72ec\u7684\u9694\u79bb\u7f51\u7edc\u8fdb\u884c\u7f6e\u5907\u3002\u6b64\u7f51\u7edc\u5c06\u5904\u7406\u6240\u6709 PXE \u6d41\u91cf\uff0c\u4ee5\u53ca\u4e0a\u9762\u63cf\u8ff0\u7684\u540e\u7eed\u542f\u52a8\u9636\u6bb5\u4e0b\u8f7d\u3002\u8bf7\u6ce8\u610f\uff0c\u8282\u70b9\u5f15\u5bfc\u8fc7\u7a0b\u4ece\u4e24\u4e2a\u4e0d\u5b89\u5168\u7684\u64cd\u4f5c\u5f00\u59cb\uff1aDHCP \u548c TFTP\u3002\u7136\u540e\uff0c\u5f15\u5bfc\u8fc7\u7a0b\u4f7f\u7528 TLS \u4e0b\u8f7d\u90e8\u7f72\u8282\u70b9\u6240\u9700\u7684\u5176\u4f59\u4fe1\u606f\u3002\u8fd9\u53ef\u80fd\u662f\u64cd\u4f5c\u7cfb\u7edf\u5b89\u88c5\u7a0b\u5e8f\u3001\u7531 Chef \u6216 Puppet \u7ba1\u7406\u7684\u57fa\u672c\u5b89\u88c5\uff0c\u751a\u81f3\u662f\u76f4\u63a5\u5199\u5165\u78c1\u76d8\u7684\u5b8c\u6574\u6587\u4ef6\u7cfb\u7edf\u6620\u50cf\u3002 \u867d\u7136\u5728 PXE \u542f\u52a8\u8fc7\u7a0b\u4e2d\u4f7f\u7528 TLS \u66f4\u5177\u6311\u6218\u6027\uff0c\u4f46\u5e38\u89c1\u7684 PXE \u56fa\u4ef6\u9879\u76ee\uff08\u5982 iPXE\uff09\u63d0\u4f9b\u4e86\u8fd9\u79cd\u652f\u6301\u3002\u901a\u5e38\uff0c\u8fd9\u6d89\u53ca\u5728\u4e86\u89e3\u5141\u8bb8\u7684 TLS \u8bc1\u4e66\u94fe\u7684\u60c5\u51b5\u4e0b\u6784\u5efa PXE \u56fa\u4ef6\uff0c\u4ee5\u4fbf\u5b83\u53ef\u4ee5\u6b63\u786e\u9a8c\u8bc1\u670d\u52a1\u5668\u8bc1\u4e66\u3002\u8fd9\u901a\u8fc7\u9650\u5236\u4e0d\u5b89\u5168\u7684\u7eaf\u6587\u672c\u7f51\u7edc\u64cd\u4f5c\u7684\u6570\u91cf\u6765\u63d0\u9ad8\u653b\u51fb\u8005\u7684\u95e8\u69db\u3002 \u9a8c\u8bc1\u542f\u52a8 \u00b6 \u901a\u5e38\uff0c\u6709\u4e24\u79cd\u4e0d\u540c\u7684\u7b56\u7565\u6765\u9a8c\u8bc1\u542f\u52a8\u8fc7\u7a0b\u3002\u4f20\u7edf\u7684\u5b89\u5168\u542f\u52a8\u5c06\u9a8c\u8bc1\u5728\u8fc7\u7a0b\u4e2d\u7684\u6bcf\u4e2a\u6b65\u9aa4\u8fd0\u884c\u7684\u4ee3\u7801\uff0c\u5e76\u5728\u4ee3\u7801\u4e0d\u6b63\u786e\u65f6\u505c\u6b62\u542f\u52a8\u3002\u542f\u52a8\u8bc1\u660e\u5c06\u8bb0\u5f55\u5728\u6bcf\u4e2a\u6b65\u9aa4\u4e2d\u8fd0\u884c\u7684\u4ee3\u7801\uff0c\u5e76\u5c06\u6b64\u4fe1\u606f\u63d0\u4f9b\u7ed9\u53e6\u4e00\u53f0\u8ba1\u7b97\u673a\uff0c\u4ee5\u8bc1\u660e\u542f\u52a8\u8fc7\u7a0b\u6309\u9884\u671f\u5b8c\u6210\u3002\u5728\u8fd9\u4e24\u79cd\u60c5\u51b5\u4e0b\uff0c\u7b2c\u4e00\u6b65\u90fd\u662f\u5728\u8fd0\u884c\u4e4b\u524d\u6d4b\u91cf\u6bcf\u6bb5\u4ee3\u7801\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u6d4b\u91cf\u5b9e\u9645\u4e0a\u662f\u4ee3\u7801\u7684 SHA-1 \u54c8\u5e0c\u503c\uff0c\u5728\u6267\u884c\u4e4b\u524d\u83b7\u53d6\u3002\u54c8\u5e0c\u5b58\u50a8\u5728 TPM \u7684\u5e73\u53f0\u914d\u7f6e\u5bc4\u5b58\u5668 \uff08PCR\uff09 \u4e2d\u3002 \u6ce8\u610f \u6b64\u5904\u4f7f\u7528 SHA-1\uff0c\u56e0\u4e3a\u8fd9\u662f TPM \u82af\u7247\u652f\u6301\u7684\u5185\u5bb9\u3002 \u6bcf\u4e2a TPM \u81f3\u5c11\u6709 24 \u4e2a PCR\u30022005 \u5e74 3 \u6708\u7684 TCG \u901a\u7528\u670d\u52a1\u5668\u89c4\u8303 v1.0 \u5b9a\u4e49\u4e86\u542f\u52a8\u65f6\u5b8c\u6574\u6027\u6d4b\u91cf\u7684 PCR \u5206\u914d\u3002\u4e0b\u8868\u663e\u793a\u4e86\u5178\u578b\u7684PCR\u914d\u7f6e\u3002\u4e0a\u4e0b\u6587\u6307\u793a\u8fd9\u4e9b\u503c\u662f\u6839\u636e\u8282\u70b9\u786c\u4ef6\uff08\u56fa\u4ef6\uff09\u8fd8\u662f\u6839\u636e\u8282\u70b9\u4e0a\u7f6e\u5907\u7684\u8f6f\u4ef6\u786e\u5b9a\u7684\u3002\u67d0\u4e9b\u503c\u53d7\u56fa\u4ef6\u7248\u672c\u3001\u78c1\u76d8\u5927\u5c0f\u548c\u5176\u4ed6\u4f4e\u7ea7\u4fe1\u606f\u7684\u5f71\u54cd\u3002\u56e0\u6b64\uff0c\u5728\u914d\u7f6e\u7ba1\u7406\u65b9\u9762\u91c7\u53d6\u826f\u597d\u7684\u505a\u6cd5\u975e\u5e38\u91cd\u8981\uff0c\u4ee5\u786e\u4fdd\u90e8\u7f72\u7684\u6bcf\u4e2a\u7cfb\u7edf\u90fd\u5b8c\u5168\u6309\u7167\u9884\u671f\u8fdb\u884c\u914d\u7f6e\u3002 \u6ce8\u518c \u6d4b\u91cf\u5185\u5bb9 \u4e0a\u4e0b\u6587 PCR-00 \u6838\u5fc3\u4fe1\u4efb\u6839\u6d4b\u91cf \uff08CRTM\uff09\u3001BIOS \u4ee3\u7801\u3001\u4e3b\u673a\u5e73\u53f0\u6269\u5c55 \u786c\u4ef6 PCR-01 \u4e3b\u673a\u5e73\u53f0\u914d\u7f6e \u786c\u4ef6 PCR-02 \u9009\u9879 ROM \u4ee3\u7801 \u786c\u4ef6 PCR-03 \u9009\u9879 ROM \u914d\u7f6e\u548c\u6570\u636e \u786c\u4ef6 PCR-04 \u521d\u59cb\u7a0b\u5e8f\u52a0\u8f7d\u7a0b\u5e8f \uff08IPL\uff09 \u4ee3\u7801\u3002\u4f8b\u5982\uff0c\u4e3b\u5f15\u5bfc\u8bb0\u5f55\u3002 \u8f6f\u4ef6 PCR-05 IPL \u4ee3\u7801\u914d\u7f6e\u548c\u6570\u636e \u8f6f\u4ef6 PCR-06 \u72b6\u6001\u8f6c\u6362\u548c\u5524\u9192\u4e8b\u4ef6 \u8f6f\u4ef6 PCR-07 \u4e3b\u673a\u5e73\u53f0\u5236\u9020\u5546\u63a7\u5236 \u8f6f\u4ef6 PCR-08 \u7279\u5b9a\u4e8e\u5e73\u53f0\uff0c\u901a\u5e38\u662f\u5185\u6838\u3001\u5185\u6838\u6269\u5c55\u548c\u9a71\u52a8\u7a0b\u5e8f \u8f6f\u4ef6 PCR-09 \u7279\u5b9a\u4e8e\u5e73\u53f0\uff0c\u901a\u5e38\u662f Initramfs \u8f6f\u4ef6 PCR-10 \u81f3 PCR-23 \u7279\u5b9a\u4e8e\u5e73\u53f0 \u8f6f\u4ef6 \u5b89\u5168\u542f\u52a8\u53ef\u80fd\u662f\u6784\u5efa\u4e91\u7684\u4e00\u4e2a\u9009\u9879\uff0c\u4f46\u9700\u8981\u5728\u786c\u4ef6\u9009\u62e9\u65b9\u9762\u8fdb\u884c\u4ed4\u7ec6\u89c4\u5212\u3002\u4f8b\u5982\uff0c\u786e\u4fdd\u60a8\u5177\u6709 TPM \u548c\u82f1\u7279\u5c14 TXT \u652f\u6301\u3002\u7136\u540e\u9a8c\u8bc1\u8282\u70b9\u786c\u4ef6\u4f9b\u5e94\u5546\u5982\u4f55\u586b\u5145 PCR \u503c\u3002\u4f8b\u5982\uff0c\u54ea\u4e9b\u503c\u53ef\u7528\u4e8e\u9a8c\u8bc1\u3002\u901a\u5e38\uff0c\u4e0a\u8868\u4e2d\u8f6f\u4ef6\u4e0a\u4e0b\u6587\u4e0b\u5217\u51fa\u7684 PCR \u503c\u662f\u4e91\u67b6\u6784\u5e08\u53ef\u4ee5\u76f4\u63a5\u63a7\u5236\u7684\u503c\u3002\u4f46\u5373\u4f7f\u8fd9\u4e9b\u4e5f\u53ef\u80fd\u968f\u7740\u4e91\u4e2d\u8f6f\u4ef6\u7684\u5347\u7ea7\u800c\u6539\u53d8\u3002\u914d\u7f6e\u7ba1\u7406\u5e94\u94fe\u63a5\u5230 PCR \u7b56\u7565\u5f15\u64ce\uff0c\u4ee5\u786e\u4fdd\u9a8c\u8bc1\u59cb\u7ec8\u662f\u6700\u65b0\u7684\u3002 \u6bcf\u4e2a\u5236\u9020\u5546\u90fd\u5fc5\u987b\u4e3a\u5176\u670d\u52a1\u5668\u63d0\u4f9b BIOS \u548c\u56fa\u4ef6\u4ee3\u7801\u3002\u4e0d\u540c\u7684\u670d\u52a1\u5668\u3001\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u548c\u64cd\u4f5c\u7cfb\u7edf\u5c06\u9009\u62e9\u586b\u5145\u4e0d\u540c\u7684 PCR\u3002\u5728\u5927\u591a\u6570\u5b9e\u9645\u90e8\u7f72\u4e2d\uff0c\u4e0d\u53ef\u80fd\u6839\u636e\u5df2\u77e5\u7684\u826f\u597d\u6570\u91cf\uff08\u201c\u9ec4\u91d1\u6d4b\u91cf\u201d\uff09\u9a8c\u8bc1\u6bcf\u4e2aPCR\u3002\u7ecf\u9a8c\u8868\u660e\uff0c\u5373\u4f7f\u5728\u5355\u4e2a\u4f9b\u5e94\u5546\u7684\u4ea7\u54c1\u7ebf\u4e2d\uff0c\u7ed9\u5b9aPCR\u7684\u6d4b\u91cf\u8fc7\u7a0b\u4e5f\u53ef\u80fd\u4e0d\u4e00\u81f4\u3002\u5efa\u8bae\u4e3a\u6bcf\u4e2a\u670d\u52a1\u5668\u5efa\u7acb\u57fa\u7ebf\uff0c\u5e76\u76d1\u89c6 PCR \u503c\u4ee5\u67e5\u627e\u610f\u5916\u66f4\u6539\u3002\u7b2c\u4e09\u65b9\u8f6f\u4ef6\u53ef\u80fd\u53ef\u7528\u4e8e\u534f\u52a9 TPM \u9884\u914d\u548c\u76d1\u89c6\u8fc7\u7a0b\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u6240\u9009\u7684\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u89e3\u51b3\u65b9\u6848\u3002 \u521d\u59cb\u7a0b\u5e8f\u52a0\u8f7d\u7a0b\u5e8f \uff08IPL\uff09 \u4ee3\u7801\u5f88\u53ef\u80fd\u662f PXE \u56fa\u4ef6\uff0c\u5047\u8bbe\u91c7\u7528\u4e0a\u8ff0\u8282\u70b9\u90e8\u7f72\u7b56\u7565\u3002\u56e0\u6b64\uff0c\u5b89\u5168\u542f\u52a8\u6216\u542f\u52a8\u8bc1\u660e\u8fc7\u7a0b\u53ef\u4ee5\u6d4b\u91cf\u6240\u6709\u65e9\u671f\u542f\u52a8\u4ee3\u7801\uff0c\u4f8b\u5982 BIOS\u3001\u56fa\u4ef6\u3001PXE \u56fa\u4ef6\u548c\u5185\u6838\u6620\u50cf\u3002\u786e\u4fdd\u6bcf\u4e2a\u8282\u70b9\u90fd\u5b89\u88c5\u4e86\u8fd9\u4e9b\u90e8\u4ef6\u7684\u6b63\u786e\u7248\u672c\uff0c\u4e3a\u6784\u5efa\u8282\u70b9\u8f6f\u4ef6\u5806\u6808\u7684\u5176\u4f59\u90e8\u5206\u5960\u5b9a\u4e86\u575a\u5b9e\u7684\u57fa\u7840\u3002 \u6839\u636e\u6240\u9009\u7684\u7b56\u7565\uff0c\u5728\u53d1\u751f\u6545\u969c\u65f6\uff0c\u8282\u70b9\u5c06\u65e0\u6cd5\u542f\u52a8\uff0c\u6216\u8005\u5b83\u53ef\u4ee5\u5c06\u6545\u969c\u62a5\u544a\u7ed9\u4e91\u4e2d\u7684\u53e6\u4e00\u4e2a\u5b9e\u4f53\u3002\u4e3a\u4e86\u5b9e\u73b0\u5b89\u5168\u5f15\u5bfc\uff0c\u8282\u70b9\u5c06\u65e0\u6cd5\u5f15\u5bfc\uff0c\u7ba1\u7406\u5b89\u5168\u57df\u4e2d\u7684\u7f6e\u5907\u670d\u52a1\u5fc5\u987b\u8bc6\u522b\u8fd9\u4e00\u70b9\u5e76\u8bb0\u5f55\u4e8b\u4ef6\u3002\u5bf9\u4e8e\u542f\u52a8\u8bc1\u660e\uff0c\u5f53\u68c0\u6d4b\u5230\u6545\u969c\u65f6\uff0c\u8282\u70b9\u5c06\u5df2\u7ecf\u5728\u8fd0\u884c\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u5e94\u901a\u8fc7\u7981\u7528\u8282\u70b9\u7684\u7f51\u7edc\u8bbf\u95ee\u6765\u7acb\u5373\u9694\u79bb\u8282\u70b9\u3002\u7136\u540e\uff0c\u5e94\u5206\u6790\u4e8b\u4ef6\u7684\u6839\u672c\u539f\u56e0\u3002\u65e0\u8bba\u54ea\u79cd\u60c5\u51b5\uff0c\u7b56\u7565\u90fd\u5e94\u89c4\u5b9a\u5728\u5931\u8d25\u540e\u5982\u4f55\u7ee7\u7eed\u3002\u4e91\u53ef\u80fd\u4f1a\u81ea\u52a8\u5c1d\u8bd5\u91cd\u65b0\u914d\u7f6e\u8282\u70b9\u4e00\u5b9a\u6b21\u6570\u3002\u6216\u8005\uff0c\u5b83\u53ef\u80fd\u4f1a\u7acb\u5373\u901a\u77e5\u4e91\u7ba1\u7406\u5458\u8c03\u67e5\u95ee\u9898\u3002\u6b64\u5904\u7684\u6b63\u786e\u7b56\u7565\u662f\u7279\u5b9a\u4e8e\u90e8\u7f72\u548c\u6545\u969c\u6a21\u5f0f\u7684\u3002 \u8282\u70b9\u52a0\u56fa \u00b6 \u6b64\u65f6\uff0c\u6211\u4eec\u77e5\u9053\u8282\u70b9\u5df2\u4f7f\u7528\u6b63\u786e\u7684\u5185\u6838\u548c\u5e95\u5c42\u7ec4\u4ef6\u542f\u52a8\u3002\u4e0b\u4e00\u6b65\u662f\u5f3a\u5316\u64cd\u4f5c\u7cfb\u7edf\uff0c\u5b83\u4ece\u4e00\u7ec4\u884c\u4e1a\u516c\u8ba4\u7684\u5f3a\u5316\u63a7\u4ef6\u5f00\u59cb\u3002\u4ee5\u4e0b\u6307\u5357\u662f\u5f88\u597d\u7684\u793a\u4f8b\uff1a \u5b89\u5168\u6280\u672f\u5b9e\u65bd\u6307\u5357 \uff08STIG\uff09 \u56fd\u9632\u4fe1\u606f\u7cfb\u7edf\u5c40 \uff08DISA\uff09\uff08\u96b6\u5c5e\u4e8e\u7f8e\u56fd\u56fd\u9632\u90e8\uff09\u53d1\u5e03\u9002\u7528\u4e8e\u5404\u79cd\u64cd\u4f5c\u7cfb\u7edf\u3001\u5e94\u7528\u7a0b\u5e8f\u548c\u786c\u4ef6\u7684 STIG \u5185\u5bb9\u3002\u8fd9\u4e9b\u63a7\u4ef6\u5728\u672a\u9644\u52a0\u4efb\u4f55\u8bb8\u53ef\u8bc1\u7684\u60c5\u51b5\u4e0b\u53d1\u5e03\u3002 \u4e92\u8054\u7f51\u5b89\u5168\u4e2d\u5fc3 \uff08CIS\uff09 \u57fa\u51c6\u6d4b\u8bd5 CIS \u4f1a\u5b9a\u671f\u53d1\u5e03\u5b89\u5168\u57fa\u51c6\u4ee5\u53ca\u81ea\u52a8\u5e94\u7528\u8fd9\u4e9b\u5b89\u5168\u63a7\u5236\u7684\u81ea\u52a8\u5316\u5de5\u5177\u3002\u8fd9\u4e9b\u57fa\u51c6\u6d4b\u8bd5\u662f\u5728\u5177\u6709\u4e00\u4e9b\u9650\u5236\u7684\u77e5\u8bc6\u5171\u4eab\u8bb8\u53ef\u4e0b\u53d1\u5e03\u7684\u3002 \u8fd9\u4e9b\u5b89\u5168\u63a7\u5236\u6700\u597d\u901a\u8fc7\u81ea\u52a8\u5316\u65b9\u6cd5\u5e94\u7528\u3002\u81ea\u52a8\u5316\u786e\u4fdd\u6bcf\u6b21\u5bf9\u6bcf\u4e2a\u7cfb\u7edf\u90fd\u4ee5\u76f8\u540c\u7684\u65b9\u5f0f\u5e94\u7528\u63a7\u5236\uff0c\u5e76\u4e14\u5b83\u4eec\u8fd8\u63d0\u4f9b\u4e86\u4e00\u79cd\u7528\u4e8e\u5ba1\u6838\u73b0\u6709\u7cfb\u7edf\u7684\u5feb\u901f\u65b9\u6cd5\u3002\u81ea\u52a8\u5316\u6709\u591a\u79cd\u9009\u62e9\uff1a OpenSCAP OpenSCAP \u662f\u4e00\u4e2a\u5f00\u6e90\u5de5\u5177\uff0c\u5b83\u91c7\u7528 SCAP \u5185\u5bb9\uff08\u63cf\u8ff0\u5b89\u5168\u63a7\u5236\u7684 XML \u6587\u4ef6\uff09\u5e76\u5c06\u8be5\u5185\u5bb9\u5e94\u7528\u4e8e\u5404\u79cd\u7cfb\u7edf\u3002\u76ee\u524d\u53ef\u7528\u7684\u5927\u591a\u6570\u5185\u5bb9\u90fd\u9002\u7528\u4e8e Red Hat Enterprise Linux \u548c CentOS\uff0c\u4f46\u8fd9\u4e9b\u5de5\u5177\u9002\u7528\u4e8e\u4efb\u4f55 Linux \u6216 Windows \u7cfb\u7edf\u3002 ansible \u52a0\u56fa ansible-hardening \u9879\u76ee\u63d0\u4f9b\u4e86\u4e00\u4e2a Ansible \u89d2\u8272\uff0c\u53ef\u5c06\u5b89\u5168\u63a7\u5236\u5e94\u7528\u4e8e\u5404\u79cd Linux \u64cd\u4f5c\u7cfb\u7edf\u3002\u5b83\u8fd8\u53ef\u7528\u4e8e\u5ba1\u6838\u73b0\u6709\u7cfb\u7edf\u3002\u4ed4\u7ec6\u68c0\u67e5\u6bcf\u4e2a\u63a7\u5236\u63aa\u65bd\uff0c\u4ee5\u786e\u5b9a\u5b83\u662f\u5426\u53ef\u80fd\u5bf9\u751f\u4ea7\u7cfb\u7edf\u9020\u6210\u635f\u5bb3\u3002\u8fd9\u4e9b\u63a7\u4ef6\u57fa\u4e8e Red Hat Enterprise Linux 7 STIG\u3002 \u5b8c\u5168\u52a0\u56fa\u7684\u7cfb\u7edf\u662f\u4e00\u4e2a\u5177\u6709\u6311\u6218\u6027\u7684\u8fc7\u7a0b\uff0c\u53ef\u80fd\u9700\u8981\u5bf9\u67d0\u4e9b\u7cfb\u7edf\u8fdb\u884c\u5927\u91cf\u66f4\u6539\u3002\u5176\u4e2d\u4e00\u4e9b\u66f4\u6539\u53ef\u80fd\u4f1a\u5f71\u54cd\u751f\u4ea7\u5de5\u4f5c\u8d1f\u8f7d\u3002\u5982\u679c\u7cfb\u7edf\u65e0\u6cd5\u5b8c\u5168\u52a0\u56fa\uff0c\u5f3a\u70c8\u5efa\u8bae\u8fdb\u884c\u4ee5\u4e0b\u4e24\u9879\u66f4\u6539\uff0c\u4ee5\u4fbf\u5728\u4e0d\u9020\u6210\u91cd\u5927\u4e2d\u65ad\u7684\u60c5\u51b5\u4e0b\u63d0\u9ad8\u5b89\u5168\u6027\uff1a \u5f3a\u5236\u8bbf\u95ee\u63a7\u5236 \uff08MAC\uff09 \u00b6 \u5f3a\u5236\u8bbf\u95ee\u63a7\u5236\u4f1a\u5f71\u54cd\u7cfb\u7edf\u4e0a\u7684\u6240\u6709\u7528\u6237\uff0c\u5305\u62ec root\uff0c\u5185\u6838\u7684\u5de5\u4f5c\u662f\u6839\u636e\u5f53\u524d\u5b89\u5168\u7b56\u7565\u5ba1\u67e5\u6d3b\u52a8\u3002\u5982\u679c\u6d3b\u52a8\u4e0d\u5728\u5141\u8bb8\u7684\u7b56\u7565\u8303\u56f4\u5185\uff0c\u5219\u4f1a\u88ab\u963b\u6b62\uff0c\u5373\u4f7f\u5bf9\u4e8e root \u7528\u6237\u4e5f\u662f\u5982\u6b64\u3002\u6709\u5173\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u67e5\u770b\u4e0b\u9762\u5173\u4e8e sVirt\u3001SELinux \u548c AppArmor \u7684\u8ba8\u8bba\u3002 \u5220\u9664\u8f6f\u4ef6\u5305\u5e76\u505c\u6b62\u670d\u52a1 \u00b6 \u786e\u4fdd\u7cfb\u7edf\u5b89\u88c5\u7684\u8f6f\u4ef6\u5305\u6570\u91cf\u5c3d\u53ef\u80fd\u5c11\uff0c\u5e76\u4e14\u8fd0\u884c\u7684\u670d\u52a1\u6570\u91cf\u5c3d\u53ef\u80fd\u5c11\u3002\u5220\u9664\u4e0d\u9700\u8981\u7684\u8f6f\u4ef6\u5305\u53ef\u4ee5\u66f4\u8f7b\u677e\u5730\u8fdb\u884c\u4fee\u8865\uff0c\u5e76\u51cf\u5c11\u7cfb\u7edf\u4e0a\u53ef\u80fd\u5bfc\u81f4\u8fdd\u89c4\u7684\u9879\u76ee\u6570\u91cf\u3002\u505c\u6b62\u4e0d\u9700\u8981\u7684\u670d\u52a1\u4f1a\u7f29\u5c0f\u7cfb\u7edf\u4e0a\u7684\u653b\u51fb\u9762\uff0c\u5e76\u4f7f\u653b\u51fb\u66f4\u52a0\u56f0\u96be\u3002 \u6211\u4eec\u8fd8\u5efa\u8bae\u5bf9\u751f\u4ea7\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u9644\u52a0\u6b65\u9aa4\uff1a \u53ea\u8bfb\u6587\u4ef6\u7cfb\u7edf \u00b6 \u5c3d\u53ef\u80fd\u4f7f\u7528\u53ea\u8bfb\u6587\u4ef6\u7cfb\u7edf\u3002\u786e\u4fdd\u53ef\u5199\u6587\u4ef6\u7cfb\u7edf\u4e0d\u5141\u8bb8\u6267\u884c\u3002\u8fd9\u53ef\u4ee5\u4f7f\u7528 noexec \u4e2d\u7684 \u3001 nosuid \u548c nodev \u6302\u8f7d\u9009\u9879\u6765\u5904\u7406 /etc/fstab \u3002 \u7cfb\u7edf\u9a8c\u8bc1 \u00b6 \u6700\u540e\uff0c\u8282\u70b9\u5185\u6838\u5e94\u8be5\u6709\u4e00\u79cd\u673a\u5236\u6765\u9a8c\u8bc1\u8282\u70b9\u7684\u5176\u4f59\u90e8\u5206\u662f\u5426\u4ee5\u5df2\u77e5\u7684\u826f\u597d\u72b6\u6001\u542f\u52a8\u3002\u8fd9\u63d0\u4f9b\u4e86\u4ece\u5f15\u5bfc\u9a8c\u8bc1\u8fc7\u7a0b\u5230\u9a8c\u8bc1\u6574\u4e2a\u7cfb\u7edf\u7684\u5fc5\u8981\u94fe\u63a5\u3002\u6267\u884c\u6b64\u64cd\u4f5c\u7684\u6b65\u9aa4\u5c06\u7279\u5b9a\u4e8e\u90e8\u7f72\u3002\u4f8b\u5982\uff0c\u5185\u6838\u6a21\u5757\u53ef\u4ee5\u5728\u4f7f\u7528 dm-verity \u6302\u8f7d\u6587\u4ef6\u7cfb\u7edf\u4e4b\u524d\u9a8c\u8bc1\u7ec4\u6210\u6587\u4ef6\u7cfb\u7edf\u7684\u5757\u7684\u54c8\u5e0c\u503c\u3002 \u8fd0\u884c\u65f6\u9a8c\u8bc1 \u00b6 \u4e00\u65e6\u8282\u70b9\u8fd0\u884c\uff0c\u6211\u4eec\u9700\u8981\u786e\u4fdd\u5b83\u968f\u7740\u65f6\u95f4\u7684\u63a8\u79fb\u4fdd\u6301\u826f\u597d\u7684\u72b6\u6001\u3002\u4ece\u5e7f\u4e49\u4e0a\u8bb2\uff0c\u8fd9\u5305\u62ec\u914d\u7f6e\u7ba1\u7406\u548c\u5b89\u5168\u76d1\u63a7\u3002\u8fd9\u4e9b\u9886\u57df\u4e2d\u6bcf\u4e2a\u9886\u57df\u7684\u76ee\u6807\u90fd\u4e0d\u540c\u3002\u901a\u8fc7\u68c0\u67e5\u8fd9\u4e24\u8005\uff0c\u6211\u4eec\u53ef\u4ee5\u66f4\u597d\u5730\u786e\u4fdd\u7cfb\u7edf\u6309\u9884\u671f\u8fd0\u884c\u3002\u6211\u4eec\u5c06\u5728\u7ba1\u7406\u90e8\u5206\u8ba8\u8bba\u914d\u7f6e\u7ba1\u7406\uff0c\u5e76\u5728\u4e0b\u9762\u8ba8\u8bba\u5b89\u5168\u76d1\u63a7\u3002 \u5165\u4fb5\u68c0\u6d4b\u7cfb\u7edf \u00b6 \u57fa\u4e8e\u4e3b\u673a\u7684\u5165\u4fb5\u68c0\u6d4b\u5de5\u5177\u5bf9\u4e8e\u81ea\u52a8\u9a8c\u8bc1\u4e91\u5185\u90e8\u4e5f\u5f88\u6709\u7528\u3002\u6709\u5404\u79cd\u5404\u6837\u7684\u57fa\u4e8e\u4e3b\u673a\u7684\u5165\u4fb5\u68c0\u6d4b\u5de5\u5177\u53ef\u7528\u3002\u6709\u4e9b\u662f\u514d\u8d39\u63d0\u4f9b\u7684\u5f00\u6e90\u9879\u76ee\uff0c\u800c\u53e6\u4e00\u4e9b\u5219\u662f\u5546\u4e1a\u9879\u76ee\u3002\u901a\u5e38\uff0c\u8fd9\u4e9b\u5de5\u5177\u4f1a\u5206\u6790\u6765\u81ea\u5404\u79cd\u6765\u6e90\u7684\u6570\u636e\uff0c\u5e76\u6839\u636e\u89c4\u5219\u96c6\u548c/\u6216\u8bad\u7ec3\u751f\u6210\u5b89\u5168\u8b66\u62a5\u3002\u5178\u578b\u529f\u80fd\u5305\u62ec\u65e5\u5fd7\u5206\u6790\u3001\u6587\u4ef6\u5b8c\u6574\u6027\u68c0\u67e5\u3001\u7b56\u7565\u76d1\u63a7\u548c rootkit \u68c0\u6d4b\u3002\u66f4\u9ad8\u7ea7\uff08\u901a\u5e38\u662f\u81ea\u5b9a\u4e49\uff09\u5de5\u5177\u53ef\u4ee5\u9a8c\u8bc1\u5185\u5b58\u4e2d\u8fdb\u7a0b\u6620\u50cf\u662f\u5426\u4e0e\u78c1\u76d8\u4e0a\u7684\u53ef\u6267\u884c\u6587\u4ef6\u5339\u914d\uff0c\u5e76\u9a8c\u8bc1\u6b63\u5728\u8fd0\u884c\u7684\u8fdb\u7a0b\u7684\u6267\u884c\u72b6\u6001\u3002 \u5bf9\u4e8e\u4e91\u67b6\u6784\u5e08\u6765\u8bf4\uff0c\u4e00\u4e2a\u5173\u952e\u7684\u7b56\u7565\u51b3\u7b56\u662f\u5982\u4f55\u5904\u7406\u5b89\u5168\u76d1\u63a7\u5de5\u5177\u7684\u8f93\u51fa\u3002\u5b9e\u9645\u4e0a\u6709\u4e24\u79cd\u9009\u62e9\u3002\u9996\u5148\u662f\u63d0\u9192\u4eba\u7c7b\u8fdb\u884c\u8c03\u67e5\u548c/\u6216\u91c7\u53d6\u7ea0\u6b63\u63aa\u65bd\u3002\u8fd9\u53ef\u4ee5\u901a\u8fc7\u5728\u4e91\u7ba1\u7406\u5458\u7684\u65e5\u5fd7\u6216\u4e8b\u4ef6\u6e90\u4e2d\u5305\u542b\u5b89\u5168\u8b66\u62a5\u6765\u5b8c\u6210\u3002\u7b2c\u4e8c\u79cd\u9009\u62e9\u662f\u8ba9\u4e91\u81ea\u52a8\u91c7\u53d6\u67d0\u79cd\u5f62\u5f0f\u7684\u8865\u6551\u63aa\u65bd\uff0c\u4ee5\u53ca\u8bb0\u5f55\u4e8b\u4ef6\u3002\u8865\u6551\u63aa\u65bd\u53ef\u80fd\u5305\u62ec\u4ece\u91cd\u65b0\u5b89\u88c5\u8282\u70b9\u5230\u6267\u884c\u6b21\u8981\u670d\u52a1\u914d\u7f6e\u7684\u4efb\u4f55\u5185\u5bb9\u3002\u4f46\u662f\uff0c\u7531\u4e8e\u53ef\u80fd\u5b58\u5728\u8bef\u62a5\uff0c\u81ea\u52a8\u8865\u6551\u63aa\u65bd\u53ef\u80fd\u5177\u6709\u6311\u6218\u6027\u3002 \u5f53\u5b89\u5168\u76d1\u89c6\u5de5\u5177\u4e3a\u826f\u6027\u4e8b\u4ef6\u751f\u6210\u5b89\u5168\u8b66\u62a5\u65f6\uff0c\u4f1a\u53d1\u751f\u8bef\u62a5\u3002\u7531\u4e8e\u5b89\u5168\u76d1\u63a7\u5de5\u5177\u7684\u6027\u8d28\uff0c\u8bef\u62a5\u80af\u5b9a\u4f1a\u4e0d\u65f6\u53d1\u751f\u3002\u901a\u5e38\uff0c\u4e91\u7ba1\u7406\u5458\u53ef\u4ee5\u8c03\u6574\u5b89\u5168\u76d1\u63a7\u5de5\u5177\u4ee5\u51cf\u5c11\u8bef\u62a5\uff0c\u4f46\u8fd9\u4e5f\u53ef\u80fd\u540c\u65f6\u964d\u4f4e\u6574\u4f53\u68c0\u6d4b\u7387\u3002\u5728\u4e91\u4e2d\u8bbe\u7f6e\u5b89\u5168\u76d1\u63a7\u7cfb\u7edf\u65f6\uff0c\u5fc5\u987b\u4e86\u89e3\u5e76\u8003\u8651\u8fd9\u4e9b\u7ecf\u5178\u7684\u6743\u8861\u3002 \u57fa\u4e8e\u4e3b\u673a\u7684\u5165\u4fb5\u68c0\u6d4b\u5de5\u5177\u7684\u9009\u62e9\u548c\u914d\u7f6e\u5177\u6709\u9ad8\u5ea6\u7684\u90e8\u7f72\u7279\u5f02\u6027\u3002\u6211\u4eec\u5efa\u8bae\u4ece\u63a2\u7d22\u4ee5\u4e0b\u5f00\u6e90\u9879\u76ee\u5f00\u59cb\uff0c\u8fd9\u4e9b\u9879\u76ee\u5b9e\u73b0\u4e86\u5404\u79cd\u57fa\u4e8e\u4e3b\u673a\u7684\u5165\u4fb5\u68c0\u6d4b\u548c\u6587\u4ef6\u76d1\u63a7\u529f\u80fd\u3002 OSSEC Samhain Tripwire AIDE \u7f51\u7edc\u5165\u4fb5\u68c0\u6d4b\u5de5\u5177\u662f\u5bf9\u57fa\u4e8e\u4e3b\u673a\u7684\u5de5\u5177\u7684\u8865\u5145\u3002OpenStack \u6ca1\u6709\u5185\u7f6e\u7279\u5b9a\u7684\u7f51\u7edc IDS\uff0c\u4f46 OpenStack Networking \u63d0\u4f9b\u4e86\u4e00\u79cd\u63d2\u4ef6\u673a\u5236\uff0c\u53ef\u4ee5\u901a\u8fc7 Networking API \u542f\u7528\u4e0d\u540c\u7684\u6280\u672f\u3002\u6b64\u63d2\u4ef6\u4f53\u7cfb\u7ed3\u6784\u5c06\u5141\u8bb8\u79df\u6237\u5f00\u53d1 API \u6269\u5c55\uff0c\u4ee5\u63d2\u5165\u548c\u914d\u7f6e\u81ea\u5df1\u7684\u9ad8\u7ea7\u7f51\u7edc\u670d\u52a1\uff0c\u4f8b\u5982\u9632\u706b\u5899\u3001\u5165\u4fb5\u68c0\u6d4b\u7cfb\u7edf\u6216\u865a\u62df\u673a\u4e4b\u95f4\u7684 VPN\u3002 \u4e0e\u57fa\u4e8e\u4e3b\u673a\u7684\u5de5\u5177\u7c7b\u4f3c\uff0c\u57fa\u4e8e\u7f51\u7edc\u7684\u5165\u4fb5\u68c0\u6d4b\u5de5\u5177\u7684\u9009\u62e9\u548c\u914d\u7f6e\u662f\u7279\u5b9a\u4e8e\u90e8\u7f72\u7684\u3002Snort \u662f\u9886\u5148\u7684\u5f00\u6e90\u7f51\u7edc\u5165\u4fb5\u68c0\u6d4b\u5de5\u5177\uff0c\u4e5f\u662f\u4e86\u89e3\u66f4\u591a\u4fe1\u606f\u7684\u826f\u597d\u8d77\u70b9\u3002 \u5bf9\u4e8e\u57fa\u4e8e\u7f51\u7edc\u548c\u4e3b\u673a\u7684\u5165\u4fb5\u68c0\u6d4b\u7cfb\u7edf\uff0c\u6709\u4e00\u4e9b\u91cd\u8981\u7684\u5b89\u5168\u6ce8\u610f\u4e8b\u9879\u3002 \u91cd\u8981\u7684\u662f\u8981\u8003\u8651\u5c06\u7f51\u7edc IDS \u653e\u7f6e\u5728\u4e91\u4e0a\uff08\u4f8b\u5982\uff0c\u5c06\u5176\u6dfb\u52a0\u5230\u7f51\u7edc\u8fb9\u754c\u548c/\u6216\u654f\u611f\u7f51\u7edc\u5468\u56f4\uff09\u3002\u653e\u7f6e\u4f4d\u7f6e\u53d6\u51b3\u4e8e\u60a8\u7684\u7f51\u7edc\u73af\u5883\uff0c\u4f46\u8bf7\u786e\u4fdd\u76d1\u63a7 IDS \u53ef\u80fd\u5bf9\u60a8\u7684\u670d\u52a1\u4ea7\u751f\u7684\u5f71\u54cd\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u60a8\u9009\u62e9\u6dfb\u52a0\u7684\u4f4d\u7f6e\u3002\u7f51\u7edc IDS \u901a\u5e38\u65e0\u6cd5\u68c0\u67e5\u52a0\u5bc6\u6d41\u91cf\uff08\u5982 TLS\uff09\u7684\u5185\u5bb9\u3002\u4f46\u662f\uff0c\u7f51\u7edc IDS \u5728\u8bc6\u522b\u7f51\u7edc\u4e0a\u7684\u5f02\u5e38\u672a\u52a0\u5bc6\u6d41\u91cf\u65b9\u9762\u4ecd\u53ef\u80fd\u63d0\u4f9b\u4e00\u4e9b\u597d\u5904\u3002 \u5728\u67d0\u4e9b\u90e8\u7f72\u4e2d\uff0c\u53ef\u80fd\u9700\u8981\u5728\u5b89\u5168\u57df\u7f51\u6865\u4e0a\u7684\u654f\u611f\u7ec4\u4ef6\u4e0a\u6dfb\u52a0\u57fa\u4e8e\u4e3b\u673a\u7684 IDS\u3002\u57fa\u4e8e\u4e3b\u673a\u7684 IDS \u53ef\u80fd\u4f1a\u901a\u8fc7\u7ec4\u4ef6\u4e0a\u906d\u5230\u5165\u4fb5\u6216\u672a\u7ecf\u6388\u6743\u7684\u8fdb\u7a0b\u6765\u68c0\u6d4b\u5f02\u5e38\u6d3b\u52a8\u3002IDS \u5e94\u5728\u7ba1\u7406\u7f51\u7edc\u4e0a\u4f20\u8f93\u8b66\u62a5\u548c\u65e5\u5fd7\u4fe1\u606f\u3002 \u670d\u52a1\u5668\u52a0\u56fa \u00b6 \u4e91\u73af\u5883\u4e2d\u7684\u670d\u52a1\u5668\uff0c\u5305\u62ec undercloud \u548c overcloud \u57fa\u7840\u67b6\u6784\uff0c\u5e94\u5b9e\u65bd\u5f3a\u5316\u6700\u4f73\u5b9e\u8df5\u3002\u7531\u4e8e\u64cd\u4f5c\u7cfb\u7edf\u548c\u670d\u52a1\u5668\u5f3a\u5316\u5f88\u5e38\u89c1\uff0c\u56e0\u6b64\u6b64\u5904\u4e0d\u6db5\u76d6\u9002\u7528\u7684\u6700\u4f73\u5b9e\u8df5\uff0c\u5305\u62ec\u4f46\u4e0d\u9650\u4e8e\u65e5\u5fd7\u8bb0\u5f55\u3001\u7528\u6237\u5e10\u6237\u9650\u5236\u548c\u5b9a\u671f\u66f4\u65b0\uff0c\u4f46\u5e94\u5e94\u7528\u4e8e\u6240\u6709\u57fa\u7840\u7ed3\u6784\u3002 \u6587\u4ef6\u5b8c\u6574\u6027\u7ba1\u7406\uff08FIM\uff09 \u00b6 \u6587\u4ef6\u5b8c\u6574\u6027\u7ba1\u7406 \uff08FIM\uff09 \u662f\u786e\u4fdd\u654f\u611f\u7cfb\u7edf\u6216\u5e94\u7528\u7a0b\u5e8f\u914d\u7f6e\u6587\u4ef6\u7b49\u6587\u4ef6\u4e0d\u4f1a\u635f\u574f\u6216\u66f4\u6539\u4ee5\u5141\u8bb8\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u6216\u6076\u610f\u884c\u4e3a\u7684\u65b9\u6cd5\u3002\u8fd9\u53ef\u4ee5\u901a\u8fc7\u5b9e\u7528\u7a0b\u5e8f\uff08\u5982 Samhain\uff09\u6765\u5b8c\u6210\uff0c\u8be5\u5b9e\u7528\u7a0b\u5e8f\u5c06\u521b\u5efa\u6307\u5b9a\u8d44\u6e90\u7684\u6821\u9a8c\u548c\u54c8\u5e0c\uff0c\u7136\u540e\u5b9a\u671f\u9a8c\u8bc1\u8be5\u54c8\u5e0c\uff0c\u6216\u8005\u901a\u8fc7 DMVerity \u7b49\u5de5\u5177\u6765\u5b8c\u6210\uff0c\u8be5\u5de5\u5177\u53ef\u4ee5\u83b7\u53d6\u5757\u8bbe\u5907\u7684\u54c8\u5e0c\u503c\uff0c\u5e76\u5728\u7cfb\u7edf\u8bbf\u95ee\u8fd9\u4e9b\u54c8\u5e0c\u503c\u65f6\u5bf9\u5176\u8fdb\u884c\u9a8c\u8bc1\uff0c\u7136\u540e\u518d\u5c06\u5176\u5448\u73b0\u7ed9\u7528\u6237\u3002 \u8fd9\u4e9b\u5e94\u8be5\u653e\u5728\u9002\u5f53\u7684\u4f4d\u7f6e\uff0c\u4ee5\u76d1\u63a7\u548c\u62a5\u544a\u5bf9\u7cfb\u7edf\u3001\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u548c\u5e94\u7528\u7a0b\u5e8f\u914d\u7f6e\u6587\u4ef6\uff08\u5982 \u548c /etc/keystone/keystone.conf \uff09\u4ee5\u53ca\u5185\u6838\u6a21\u5757\uff08\u5982 /etc/pam.d/system-auth virtio\uff09\u7684\u66f4\u6539\u3002\u6700\u4f73\u505a\u6cd5\u662f\u4f7f\u7528 lsmod \u547d\u4ee4\u6765\u663e\u793a\u7cfb\u7edf\u4e0a\u5b9a\u671f\u52a0\u8f7d\u7684\u5185\u5bb9\uff0c\u4ee5\u5e2e\u52a9\u786e\u5b9a FIM \u68c0\u67e5\u4e2d\u5e94\u5305\u542b\u6216\u4e0d\u5e94\u5305\u542b\u7684\u5185\u5bb9\u3002 \u7ba1\u7406\u754c\u9762 \u00b6 \u7ba1\u7406\u5458\u9700\u8981\u5bf9\u4e91\u6267\u884c\u547d\u4ee4\u548c\u63a7\u5236\uff0c\u4ee5\u5b9e\u73b0\u5404\u79cd\u64cd\u4f5c\u529f\u80fd\u3002\u7406\u89e3\u548c\u4fdd\u62a4\u8fd9\u4e9b\u6307\u6325\u548c\u63a7\u5236\u8bbe\u65bd\u975e\u5e38\u91cd\u8981\u3002 OpenStack \u4e3a\u8fd0\u7ef4\u4eba\u5458\u548c\u79df\u6237\u63d0\u4f9b\u4e86\u591a\u79cd\u7ba1\u7406\u754c\u9762\uff1a OpenStack \u4eea\u8868\u677f \uff08horizon\uff09 OpenStack \u63a5\u53e3 \u5b89\u5168\u5916\u58f3 \uff08SSH\uff09 OpenStack \u7ba1\u7406\u5b9e\u7528\u7a0b\u5e8f\uff0c\u4f8b\u5982 nova-manage \u548c glance-manage \u5e26\u5916\u7ba1\u7406\u63a5\u53e3\uff0c\u5982 IPMI \u4eea\u8868\u677f \u00b6 OpenStack \u4eea\u8868\u677f \uff08horizon\uff09 \u4e3a\u7ba1\u7406\u5458\u548c\u79df\u6237\u63d0\u4f9b\u4e86\u4e00\u4e2a\u57fa\u4e8e Web \u7684\u56fe\u5f62\u754c\u9762\uff0c\u7528\u4e8e\u7f6e\u5907\u548c\u8bbf\u95ee\u57fa\u4e8e\u4e91\u7684\u8d44\u6e90\u3002\u4eea\u8868\u677f\u901a\u8fc7\u8c03\u7528 OpenStack API \u4e0e\u540e\u7aef\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\u3002 \u529f\u80fd \u00b6 \u4f5c\u4e3a\u4e91\u7ba1\u7406\u5458\uff0c\u4eea\u8868\u677f\u63d0\u4f9b\u4e91\u5927\u5c0f\u548c\u72b6\u6001\u7684\u6574\u4f53\u89c6\u56fe\u3002\u60a8\u53ef\u4ee5\u521b\u5efa\u7528\u6237\u548c\u79df\u6237/\u9879\u76ee\uff0c\u5c06\u7528\u6237\u5206\u914d\u7ed9\u79df\u6237/\u9879\u76ee\uff0c\u5e76\u5bf9\u53ef\u4f9b\u4ed6\u4eec\u4f7f\u7528\u7684\u8d44\u6e90\u8bbe\u7f6e\u9650\u5236\u3002 \u4eea\u8868\u677f\u4e3a\u79df\u6237\u7528\u6237\u63d0\u4f9b\u4e86\u4e00\u4e2a\u81ea\u52a9\u670d\u52a1\u95e8\u6237\uff0c\u7528\u4e8e\u5728\u7ba1\u7406\u5458\u8bbe\u7f6e\u7684\u9650\u5236\u8303\u56f4\u5185\u9884\u914d\u81ea\u5df1\u7684\u8d44\u6e90\u3002 \u4eea\u8868\u677f\u4e3a\u8def\u7531\u5668\u548c\u8d1f\u8f7d\u5e73\u8861\u5668\u63d0\u4f9b GUI \u652f\u6301\u3002\u4f8b\u5982\uff0c\u4eea\u8868\u677f\u73b0\u5728\u5b9e\u73b0\u4e86\u6240\u6709\u4e3b\u8981\u7684\u7f51\u7edc\u529f\u80fd\u3002 \u5b83\u662f\u4e00\u4e2a\u53ef\u6269\u5c55\u7684 Django Web \u5e94\u7528\u7a0b\u5e8f\uff0c\u5141\u8bb8\u8f7b\u677e\u63d2\u5165\u7b2c\u4e09\u65b9\u4ea7\u54c1\u548c\u670d\u52a1\uff0c\u4f8b\u5982\u8ba1\u8d39\u3001\u76d1\u63a7\u548c\u5176\u4ed6\u7ba1\u7406\u5de5\u5177\u3002 \u4eea\u8868\u677f\u8fd8\u53ef\u4ee5\u4e3a\u670d\u52a1\u63d0\u4f9b\u5546\u548c\u5176\u4ed6\u5546\u4e1a\u4f9b\u5e94\u5546\u6253\u9020\u54c1\u724c\u3002 \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u00b6 \u4eea\u8868\u677f\u8981\u6c42\u5728 Web \u6d4f\u89c8\u5668\u4e2d\u542f\u7528 Cookie \u548c JavaScript\u3002 \u6258\u7ba1\u4eea\u8868\u677f\u7684 Web \u670d\u52a1\u5668\u5e94\u914d\u7f6e\u4e3a\u4f7f\u7528 TLS\uff0c\u4ee5\u786e\u4fdd\u6570\u636e\u5df2\u52a0\u5bc6\u3002 Horizon Web Service \u53ca\u5176\u7528\u4e8e\u4e0e\u540e\u7aef\u901a\u4fe1\u7684 OpenStack API \u90fd\u5bb9\u6613\u53d7\u5230 Web \u653b\u51fb\u5a92\u4ecb\uff08\u5982\u62d2\u7edd\u670d\u52a1\uff09\u7684\u653b\u51fb\uff0c\u56e0\u6b64\u5fc5\u987b\u5bf9\u5176\u8fdb\u884c\u76d1\u63a7\u3002 \u73b0\u5728\u53ef\u4ee5\u901a\u8fc7\u4eea\u8868\u677f\u5c06\u955c\u50cf\u6587\u4ef6\u76f4\u63a5\u4ece\u7528\u6237\u7684\u786c\u76d8\u4e0a\u4f20\u5230 OpenStack \u955c\u50cf\u670d\u52a1\uff08\u5c3d\u7ba1\u5b58\u5728\u8bb8\u591a\u90e8\u7f72/\u5b89\u5168\u9690\u60a3\uff09\u3002\u5bf9\u4e8e\u591a GB \u7684\u6620\u50cf\uff0c\u4ecd\u5f3a\u70c8\u5efa\u8bae\u4f7f\u7528 glance CLI \u8fdb\u884c\u4e0a\u4f20\u3002 \u901a\u8fc7\u4eea\u8868\u76d8\u521b\u5efa\u548c\u7ba1\u7406\u5b89\u5168\u7ec4\u3002\u5b89\u5168\u7ec4\u5141\u8bb8\u5bf9\u5b89\u5168\u7b56\u7565\u8fdb\u884c L3-L4 \u6570\u636e\u5305\u7b5b\u9009\uff0c\u4ee5\u4fdd\u62a4\u865a\u62df\u673a\u3002 \u53c2\u8003\u4e66\u76ee \u00b6 OpenStack.org\uff0cReleaseNotes/Liberty\u30022015. OpenStack Liberty \u53d1\u884c\u8bf4\u660e OpenStack \u63a5\u53e3 \u00b6 OpenStack API \u662f\u4e00\u4e2a RESTful Web \u670d\u52a1\u7aef\u70b9\uff0c\u7528\u4e8e\u8bbf\u95ee\u3001\u914d\u7f6e\u548c\u81ea\u52a8\u5316\u57fa\u4e8e\u4e91\u7684\u8d44\u6e90\u3002\u64cd\u4f5c\u5458\u548c\u7528\u6237\u901a\u5e38\u901a\u8fc7\u547d\u4ee4\u884c\u5b9e\u7528\u7a0b\u5e8f\uff08\u4f8b\u5982\uff0c nova \u6216\uff09\u3001\u7279\u5b9a\u4e8e\u8bed\u8a00\u7684\u5e93\u6216 glance \u7b2c\u4e09\u65b9\u5de5\u5177\u8bbf\u95ee API\u3002 \u529f\u80fd \u00b6 To the cloud administrator, the API provides an overall view of the size and state of the cloud deployment and allows the creation of users, tenants/projects, assigning users to tenants/projects, and specifying resource quotas on a per tenant/project basis. \u5bf9\u4e8e\u4e91\u7ba1\u7406\u5458\u6765\u8bf4\uff0cAPI \u63d0\u4f9b\u4e86\u4e91\u90e8\u7f72\u5927\u5c0f\u548c\u72b6\u6001\u7684\u6574\u4f53\u89c6\u56fe\uff0c\u5e76\u5141\u8bb8\u521b\u5efa\u7528\u6237\u3001\u79df\u6237/\u9879\u76ee\u3001\u5c06\u7528\u6237\u5206\u914d\u7ed9\u79df\u6237/\u9879\u76ee\uff0c\u4ee5\u53ca\u4e3a\u6bcf\u4e2a\u79df\u6237/\u9879\u76ee\u6307\u5b9a\u8d44\u6e90\u914d\u989d\u3002 The API provides a tenant interface for provisioning, managing, and accessing their resources. API \u63d0\u4f9b\u4e86\u4e00\u4e2a\u79df\u6237\u63a5\u53e3\uff0c\u7528\u4e8e\u9884\u914d\u3001\u7ba1\u7406\u548c\u8bbf\u95ee\u5176\u8d44\u6e90\u3002 \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u00b6 \u5e94\u4e3a TLS \u914d\u7f6e API \u670d\u52a1\uff0c\u4ee5\u786e\u4fdd\u6570\u636e\u5df2\u52a0\u5bc6\u3002 \u4f5c\u4e3a Web \u670d\u52a1\uff0cOpenStack API \u5bb9\u6613\u53d7\u5230\u719f\u6089\u7684\u7f51\u7ad9\u653b\u51fb\u5a92\u4ecb\u7684\u5f71\u54cd\uff0c\u4f8b\u5982\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002 \u5b89\u5168\u5916\u58f3 \uff08SSH\uff09 \u00b6 \u4f7f\u7528\u5b89\u5168\u5916\u58f3 \uff08SSH\uff09 \u8bbf\u95ee\u6765\u7ba1\u7406 Linux \u548c Unix \u7cfb\u7edf\u5df2\u6210\u4e3a\u884c\u4e1a\u60ef\u4f8b\u3002SSH \u4f7f\u7528\u5b89\u5168\u7684\u52a0\u5bc6\u539f\u8bed\u8fdb\u884c\u901a\u4fe1\u3002\u9274\u4e8e SSH \u5728\u5178\u578b OpenStack \u90e8\u7f72\u4e2d\u7684\u8303\u56f4\u548c\u91cd\u8981\u6027\uff0c\u4e86\u89e3\u90e8\u7f72 SSH \u7684\u6700\u4f73\u5b9e\u8df5\u975e\u5e38\u91cd\u8981\u3002 \u4e3b\u673a\u5bc6\u94a5\u6307\u7eb9 \u00b6 \u7ecf\u5e38\u88ab\u5ffd\u89c6\u7684\u662f SSH \u4e3b\u673a\u7684\u5bc6\u94a5\u7ba1\u7406\u9700\u6c42\u3002\u7531\u4e8e OpenStack \u90e8\u7f72\u4e2d\u7684\u5927\u591a\u6570\u6216\u6240\u6709\u4e3b\u673a\u90fd\u5c06\u63d0\u4f9b SSH \u670d\u52a1\uff0c\u56e0\u6b64\u5bf9\u4e0e\u8fd9\u4e9b\u4e3b\u673a\u7684\u8fde\u63a5\u5145\u6ee1\u4fe1\u5fc3\u975e\u5e38\u91cd\u8981\u3002\u4e0d\u80fd\u4f4e\u4f30\u7684\u662f\uff0c\u672a\u80fd\u63d0\u4f9b\u5408\u7406\u5b89\u5168\u4e14\u53ef\u8bbf\u95ee\u7684\u65b9\u6cd5\u6765\u9a8c\u8bc1 SSH \u4e3b\u673a\u5bc6\u94a5\u6307\u7eb9\u662f\u6ee5\u7528\u548c\u5229\u7528\u7684\u6210\u719f\u65f6\u673a\u3002 \u6240\u6709 SSH \u5b88\u62a4\u7a0b\u5e8f\u90fd\u5177\u6709\u4e13\u7528\u4e3b\u673a\u5bc6\u94a5\uff0c\u5e76\u5728\u8fde\u63a5\u65f6\u63d0\u4f9b\u4e3b\u673a\u5bc6\u94a5\u6307\u7eb9\u3002\u6b64\u4e3b\u673a\u5bc6\u94a5\u6307\u7eb9\u662f\u672a\u7b7e\u540d\u516c\u94a5\u7684\u54c8\u5e0c\u503c\u3002\u5728\u4e0e\u8fd9\u4e9b\u4e3b\u673a\u5efa\u7acb SSH \u8fde\u63a5\u4e4b\u524d\uff0c\u5fc5\u987b\u77e5\u9053\u8fd9\u4e9b\u4e3b\u673a\u5bc6\u94a5\u6307\u7eb9\u3002\u9a8c\u8bc1\u4e3b\u673a\u5bc6\u94a5\u6307\u7eb9\u6709\u52a9\u4e8e\u68c0\u6d4b\u4e2d\u95f4\u4eba\u653b\u51fb\u3002 \u901a\u5e38\uff0c\u5728\u5b89\u88c5 SSH \u5b88\u62a4\u7a0b\u5e8f\u65f6\uff0c\u5c06\u751f\u6210\u4e3b\u673a\u5bc6\u94a5\u3002\u5728\u4e3b\u673a\u5bc6\u94a5\u751f\u6210\u8fc7\u7a0b\u4e2d\uff0c\u4e3b\u673a\u5fc5\u987b\u5177\u6709\u8db3\u591f\u7684\u71b5\u3002\u4e3b\u673a\u5bc6\u94a5\u751f\u6210\u671f\u95f4\u7684\u71b5\u4e0d\u8db3\u53ef\u80fd\u5bfc\u81f4\u7a83\u542c SSH \u4f1a\u8bdd\u3002 \u751f\u6210 SSH \u4e3b\u673a\u5bc6\u94a5\u540e\uff0c\u4e3b\u673a\u5bc6\u94a5\u6307\u7eb9\u5e94\u5b58\u50a8\u5728\u5b89\u5168\u4e14\u53ef\u67e5\u8be2\u7684\u4f4d\u7f6e\u3002\u4e00\u4e2a\u7279\u522b\u65b9\u4fbf\u7684\u89e3\u51b3\u65b9\u6848\u662f\u4f7f\u7528 RFC-4255 \u4e2d\u5b9a\u4e49\u7684 SSHFP \u8d44\u6e90\u8bb0\u5f55\u7684 DNS\u3002\u4e3a\u4e86\u5b89\u5168\u8d77\u89c1\uff0c\u6709\u5fc5\u8981\u90e8\u7f72 DNSSEC\u3002 \u7ba1\u7406\u5b9e\u7528\u7a0b\u5e8f \u00b6 OpenStack Management Utilities \u662f\u8fdb\u884c API \u8c03\u7528\u7684\u5f00\u6e90 Python \u547d\u4ee4\u884c\u5ba2\u6237\u7aef\u3002\u6bcf\u4e2a OpenStack \u670d\u52a1\u90fd\u6709\u4e00\u4e2a\u5ba2\u6237\u7aef\uff08\u4f8b\u5982\uff0cnova\u3001glance\uff09\u3002\u9664\u4e86\u6807\u51c6\u7684 CLI \u5ba2\u6237\u7aef\u4e4b\u5916\uff0c\u5927\u591a\u6570\u670d\u52a1\u90fd\u5177\u6709\u7ba1\u7406\u547d\u4ee4\u884c\u5b9e\u7528\u7a0b\u5e8f\uff0c\u7528\u4e8e\u76f4\u63a5\u8c03\u7528\u6570\u636e\u5e93\u3002\u8fd9\u4e9b\u4e13\u7528\u7ba1\u7406\u5b9e\u7528\u7a0b\u5e8f\u6b63\u5728\u6162\u6162\u88ab\u5f03\u7528\u3002 \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u00b6 \u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\uff0c\u4e13\u7528\u7ba1\u7406\u5b9e\u7528\u7a0b\u5e8f \uff08*-manage\uff09 \u4f7f\u7528\u76f4\u63a5\u6570\u636e\u5e93\u8fde\u63a5\u3002 \u786e\u4fdd\u5305\u542b\u51ed\u636e\u4fe1\u606f\u7684 .rc \u6587\u4ef6\u662f\u5b89\u5168\u7684\u3002 \u53c2\u8003\u4e66\u76ee \u00b6 OpenStack.org\uff0c\u201cOpenStack \u6700\u7ec8\u7528\u6237\u6307\u5357\u201d\u90e8\u5206\u30022016. OpenStack \u547d\u4ee4\u884c\u5ba2\u6237\u7aef\u6982\u8ff0\u3002 OpenStack.org\uff0c\u4f7f\u7528 OpenStack RC \u6587\u4ef6\u8bbe\u7f6e\u73af\u5883\u53d8\u91cf\u30022016. \u4e0b\u8f7d\u5e76\u83b7\u53d6 OpenStack RC \u6587\u4ef6\u3002 \u5e26\u5916\u7ba1\u7406\u63a5\u53e3 \u00b6 OpenStack \u7ba1\u7406\u4f9d\u8d56\u4e8e\u5e26\u5916\u7ba1\u7406\u63a5\u53e3\uff08\u5982 IPMI \u534f\u8bae\uff09\u6765\u8bbf\u95ee\u8fd0\u884c OpenStack \u7ec4\u4ef6\u7684\u8282\u70b9\u3002IPMI \u662f\u4e00\u79cd\u975e\u5e38\u6d41\u884c\u7684\u89c4\u8303\uff0c\u7528\u4e8e\u8fdc\u7a0b\u7ba1\u7406\u3001\u8bca\u65ad\u548c\u91cd\u65b0\u542f\u52a8\u670d\u52a1\u5668\uff0c\u65e0\u8bba\u64cd\u4f5c\u7cfb\u7edf\u6b63\u5728\u8fd0\u884c\u8fd8\u662f\u7cfb\u7edf\u5d29\u6e83\u3002 \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u00b6 \u4f7f\u7528\u5f3a\u5bc6\u7801\u5e76\u4fdd\u62a4\u5b83\u4eec\uff0c\u6216\u4f7f\u7528\u5ba2\u6237\u7aef TLS \u8eab\u4efd\u9a8c\u8bc1\u3002 \u786e\u4fdd\u7f51\u7edc\u63a5\u53e3\u4f4d\u4e8e\u5176\u81ea\u5df1\u7684\u4e13\u7528\uff08\u7ba1\u7406\u6216\u5355\u72ec\u7684\uff09\u7f51\u7edc\u4e0a\u3002\u4f7f\u7528\u9632\u706b\u5899\u6216\u5176\u4ed6\u7f51\u7edc\u8bbe\u5907\u9694\u79bb\u7ba1\u7406\u57df\u3002 \u5982\u679c\u60a8\u4f7f\u7528 Web \u754c\u9762\u4e0e BMC/IPMI \u4ea4\u4e92\uff0c\u8bf7\u59cb\u7ec8\u4f7f\u7528 TLS \u63a5\u53e3\uff0c\u4f8b\u5982 HTTPS \u6216\u7aef\u53e3 443\u3002\u6b64 TLS \u63a5\u53e3\u4e0d\u5e94\u4f7f\u7528\u81ea\u7b7e\u540d\u8bc1\u4e66\uff08\u901a\u5e38\u662f\u9ed8\u8ba4\u7684\uff09\uff0c\u4f46\u5e94\u5177\u6709\u4f7f\u7528\u6b63\u786e\u5b9a\u4e49\u7684\u5b8c\u5168\u9650\u5b9a\u57df\u540d \uff08FQDN\uff09 \u7684\u53d7\u4fe1\u4efb\u8bc1\u4e66\u3002 \u76d1\u63a7\u7ba1\u7406\u7f51\u7edc\u4e0a\u7684\u6d41\u91cf\u3002\u4e0e\u7e41\u5fd9\u7684\u8ba1\u7b97\u8282\u70b9\u76f8\u6bd4\uff0c\u5f02\u5e38\u53ef\u80fd\u66f4\u5bb9\u6613\u8ddf\u8e2a\u3002 \u5e26\u5916\u7ba1\u7406\u754c\u9762\u901a\u5e38\u8fd8\u5305\u62ec\u56fe\u5f62\u8ba1\u7b97\u673a\u63a7\u5236\u53f0\u8bbf\u95ee\u3002\u8fd9\u4e9b\u63a5\u53e3\u901a\u5e38\u53ef\u4ee5\u52a0\u5bc6\uff0c\u4f46\u4e0d\u4e00\u5b9a\u662f\u9ed8\u8ba4\u7684\u3002\u8bf7\u53c2\u9605\u7cfb\u7edf\u8f6f\u4ef6\u6587\u6863\u4ee5\u52a0\u5bc6\u8fd9\u4e9b\u63a5\u53e3\u3002 \u53c2\u8003\u4e66\u76ee \u00b6 SANS \u6280\u672f\u7814\u7a76\u6240\uff0cInfoSec Handlers \u65e5\u8bb0\u535a\u5ba2\u30022012. \u9ed1\u5ba2\u653b\u51fb\u5df2\u5173\u95ed\u7684\u670d\u52a1\u5668\u3002 \u5b89\u5168\u901a\u4fe1 \u00b6 \u8bbe\u5907\u95f4\u901a\u4fe1\u662f\u4e00\u4e2a\u4e25\u91cd\u7684\u5b89\u5168\u95ee\u9898\u3002\u5728\u5927\u578b\u9879\u76ee\u9519\u8bef\uff08\u5982 Heartbleed\uff09\u6216\u66f4\u9ad8\u7ea7\u7684\u653b\u51fb\uff08\u5982 BEAST \u548c CRIME\uff09\u4e4b\u95f4\uff0c\u901a\u8fc7\u7f51\u7edc\u8fdb\u884c\u5b89\u5168\u901a\u4fe1\u7684\u65b9\u6cd5\u53d8\u5f97\u8d8a\u6765\u8d8a\u91cd\u8981\u3002\u4f46\u662f\uff0c\u5e94\u8be5\u8bb0\u4f4f\uff0c\u52a0\u5bc6\u5e94\u8be5\u4f5c\u4e3a\u66f4\u5927\u7684\u5b89\u5168\u7b56\u7565\u7684\u4e00\u90e8\u5206\u6765\u5e94\u7528\u3002\u7aef\u70b9\u7684\u5165\u4fb5\u610f\u5473\u7740\u653b\u51fb\u8005\u4e0d\u518d\u9700\u8981\u7834\u574f\u6240\u4f7f\u7528\u7684\u52a0\u5bc6\uff0c\u800c\u662f\u80fd\u591f\u5728\u7cfb\u7edf\u5904\u7406\u6d88\u606f\u65f6\u67e5\u770b\u548c\u64cd\u7eb5\u6d88\u606f\u3002 \u672c\u7ae0\u5c06\u56de\u987e\u6709\u5173\u914d\u7f6e TLS \u4ee5\u4fdd\u62a4\u5185\u90e8\u548c\u5916\u90e8\u8d44\u6e90\u7684\u51e0\u4e2a\u529f\u80fd\uff0c\u5e76\u6307\u51fa\u5e94\u7279\u522b\u6ce8\u610f\u7684\u7279\u5b9a\u7c7b\u522b\u7684\u7cfb\u7edf\u3002 TLS \u548c SSL \u7b80\u4ecb \u8bc1\u4e66\u9881\u53d1\u673a\u6784 TLS \u5e93 \u52a0\u5bc6\u7b97\u6cd5\u3001\u5bc6\u7801\u6a21\u5f0f\u548c\u534f\u8bae \u603b\u7ed3 TLS \u4ee3\u7406\u548c HTTP \u670d\u52a1 \u4f8b\u5b50 HTTP \u4e25\u683c\u4f20\u8f93\u5b89\u5168\u6027 \u5b8c\u7f8e\u524d\u5411\u4fdd\u5bc6 \u5b89\u5168\u53c2\u8003\u67b6\u6784 SSL/TLS \u4ee3\u7406\u5728\u524d\u9762 SSL/TLS \u4e0e API \u7aef\u70b9\u4f4d\u4e8e\u540c\u4e00\u7269\u7406\u4e3b\u673a\u4e0a \u8d1f\u8f7d\u5747\u8861\u5668\u4e0a\u7684 SSL/TLS \u5916\u90e8\u548c\u5185\u90e8\u73af\u5883\u7684\u52a0\u5bc6\u5206\u79bb TLS \u548c SSL \u7b80\u4ecb \u00b6 \u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\uff0c\u9700\u8981\u5b89\u5168\u6765\u786e\u4fdd OpenStack \u90e8\u7f72\u4e2d\u7f51\u7edc\u6d41\u91cf\u7684\u673a\u5bc6\u6027\u6216\u5b8c\u6574\u6027\u3002\u8fd9\u901a\u5e38\u662f\u4f7f\u7528\u52a0\u5bc6\u63aa\u65bd\u5b9e\u73b0\u7684\uff0c\u4f8b\u5982\u4f20\u8f93\u5c42\u5b89\u5168\u6027 \uff08TLS\uff09 \u534f\u8bae\u3002 \u5728\u5178\u578b\u90e8\u7f72\u4e2d\uff0c\u901a\u8fc7\u516c\u5171\u7f51\u7edc\u4f20\u8f93\u7684\u6240\u6709\u6d41\u91cf\u90fd\u662f\u5b89\u5168\u7684\uff0c\u4f46\u5b89\u5168\u6700\u4f73\u5b9e\u8df5\u8981\u6c42\u5185\u90e8\u6d41\u91cf\u4e5f\u5fc5\u987b\u5f97\u5230\u4fdd\u62a4\u3002\u4ec5\u4ec5\u4f9d\u9760\u5b89\u5168\u57df\u5206\u79bb\u8fdb\u884c\u4fdd\u62a4\u662f\u4e0d\u591f\u7684\u3002\u5982\u679c\u653b\u51fb\u8005\u83b7\u5f97\u5bf9\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u6216\u4e3b\u673a\u8d44\u6e90\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u7834\u574f API \u7aef\u70b9\u6216\u4efb\u4f55\u5176\u4ed6\u670d\u52a1\uff0c\u5219\u4ed6\u4eec\u4e00\u5b9a\u65e0\u6cd5\u8f7b\u677e\u6ce8\u5165\u6216\u6355\u83b7\u6d88\u606f\u3001\u547d\u4ee4\u6216\u4ee5\u5176\u4ed6\u65b9\u5f0f\u5f71\u54cd\u4e91\u7684\u7ba1\u7406\u529f\u80fd\u3002 \u6240\u6709\u57df\u90fd\u5e94\u4f7f\u7528 TLS \u8fdb\u884c\u4fdd\u62a4\uff0c\u5305\u62ec\u7ba1\u7406\u57df\u670d\u52a1\u548c\u670d\u52a1\u5185\u901a\u4fe1\u3002TLS \u63d0\u4f9b\u4e86\u786e\u4fdd\u7528\u6237\u4e0e OpenStack \u670d\u52a1\u4e4b\u95f4\u4ee5\u53ca OpenStack \u670d\u52a1\u672c\u8eab\u4e4b\u95f4\u901a\u4fe1\u7684\u8eab\u4efd\u9a8c\u8bc1\u3001\u4e0d\u53ef\u5426\u8ba4\u6027\u3001\u673a\u5bc6\u6027\u548c\u5b8c\u6574\u6027\u7684\u673a\u5236\u3002 \u7531\u4e8e\u5b89\u5168\u5957\u63a5\u5b57\u5c42 \uff08SSL\uff09 \u534f\u8bae\u4e2d\u5df2\u53d1\u5e03\u7684\u6f0f\u6d1e\uff0c\u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\u4f18\u5148\u4f7f\u7528 TLS \u800c\u4e0d\u662f SSL\uff0c\u5e76\u4e14\u5728\u4efb\u4f55\u60c5\u51b5\u4e0b\u90fd\u7981\u7528 SSL\uff0c\u9664\u975e\u9700\u8981\u4e0e\u8fc7\u65f6\u7684\u6d4f\u89c8\u5668\u6216\u5e93\u517c\u5bb9\u3002 \u516c\u94a5\u57fa\u7840\u8bbe\u65bd \uff08PKI\uff09 \u662f\u7528\u4e8e\u4fdd\u62a4\u7f51\u7edc\u901a\u4fe1\u7684\u6846\u67b6\u3002\u5b83\u7531\u4e00\u7ec4\u7cfb\u7edf\u548c\u6d41\u7a0b\u7ec4\u6210\uff0c\u4ee5\u786e\u4fdd\u5728\u9a8c\u8bc1\u5404\u65b9\u8eab\u4efd\u7684\u540c\u65f6\u53ef\u4ee5\u5b89\u5168\u5730\u53d1\u9001\u6d41\u91cf\u3002\u6b64\u5904\u63cf\u8ff0\u7684 PKI \u914d\u7f6e\u6587\u4ef6\u662f\u7531 PKIX \u5de5\u4f5c\u7ec4\u5f00\u53d1\u7684 Internet \u5de5\u7a0b\u4efb\u52a1\u7ec4 \uff08IETF\uff09 \u516c\u94a5\u57fa\u7840\u7ed3\u6784 \uff08PKIX\uff09 \u914d\u7f6e\u6587\u4ef6\u3002PKI\u7684\u6838\u5fc3\u7ec4\u4ef6\u5305\u62ec\uff1a \u6570\u5b57\u8bc1\u4e66 \u7b7e\u540d\u516c\u94a5\u8bc1\u4e66\u662f\u5177\u6709\u5b9e\u4f53\u7684\u53ef\u9a8c\u8bc1\u6570\u636e\u3001\u5176\u516c\u94a5\u4ee5\u53ca\u5176\u4ed6\u4e00\u4e9b\u5c5e\u6027\u7684\u6570\u636e\u7ed3\u6784\u3002\u8fd9\u4e9b\u8bc1\u4e66\u7531\u8bc1\u4e66\u9881\u53d1\u673a\u6784 \uff08CA\uff09 \u9881\u53d1\u3002\u7531\u4e8e\u8bc1\u4e66\u7531\u53d7\u4fe1\u4efb\u7684 CA \u7b7e\u540d\uff0c\u56e0\u6b64\u4e00\u65e6\u9a8c\u8bc1\uff0c\u4e0e\u5b9e\u4f53\u5173\u8054\u7684\u516c\u94a5\u5c06\u4fdd\u8bc1\u4e0e\u6240\u8ff0\u5b9e\u4f53\u76f8\u5173\u8054\u3002\u7528\u4e8e\u5b9a\u4e49\u8fd9\u4e9b\u8bc1\u4e66\u7684\u6700\u5e38\u89c1\u6807\u51c6\u662f X.509 \u6807\u51c6\u3002X.509 v3 \u662f\u5f53\u524d\u7684\u6807\u51c6\uff0c\u5728 RFC5280 \u4e2d\u8fdb\u884c\u4e86\u8be6\u7ec6\u63cf\u8ff0\u3002\u8bc1\u4e66\u7531 CA \u9881\u53d1\uff0c\u4f5c\u4e3a\u8bc1\u660e\u5728\u7ebf\u5b9e\u4f53\u8eab\u4efd\u7684\u673a\u5236\u3002CA \u901a\u8fc7\u4ece\u8bc1\u4e66\u521b\u5efa\u6d88\u606f\u6458\u8981\u5e76\u4f7f\u7528\u5176\u79c1\u94a5\u5bf9\u6458\u8981\u8fdb\u884c\u52a0\u5bc6\uff0c\u5bf9\u8bc1\u4e66\u8fdb\u884c\u6570\u5b57\u7b7e\u540d\u3002 \u7ed3\u675f\u5b9e\u4f53 \u4f5c\u4e3a\u8bc1\u4e66\u4e3b\u9898\u7684\u7528\u6237\u3001\u8fdb\u7a0b\u6216\u7cfb\u7edf\u3002\u6700\u7ec8\u5b9e\u4f53\u5c06\u5176\u8bc1\u4e66\u8bf7\u6c42\u53d1\u9001\u5230\u6ce8\u518c\u673a\u6784 \uff08RA\uff09 \u8fdb\u884c\u5ba1\u6279\u3002\u5982\u679c\u83b7\u5f97\u6279\u51c6\uff0cRA \u4f1a\u5c06\u8bf7\u6c42\u8f6c\u53d1\u7ed9\u8bc1\u4e66\u9881\u53d1\u673a\u6784 \uff08CA\uff09\u3002\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u9a8c\u8bc1\u8bf7\u6c42\uff0c\u5982\u679c\u4fe1\u606f\u6b63\u786e\uff0c\u5219\u751f\u6210\u8bc1\u4e66\u5e76\u7b7e\u540d\u3002\u7136\u540e\uff0c\u6b64\u7b7e\u540d\u8bc1\u4e66\u5c06\u53d1\u9001\u5230\u8bc1\u4e66\u5b58\u50a8\u5e93\u3002 \u4fe1\u8d56\u65b9 \u63a5\u6536\u6570\u5b57\u7b7e\u540d\u8bc1\u4e66\u7684\u7ec8\u7ed3\u70b9\uff0c\u8be5\u8bc1\u4e66\u53ef\u53c2\u8003\u8bc1\u4e66\u4e0a\u5217\u51fa\u7684\u516c\u94a5\u8fdb\u884c\u9a8c\u8bc1\u3002\u4fe1\u8d56\u65b9\u5e94\u80fd\u591f\u9a8c\u8bc1\u8bc1\u4e66\u7684\u94fe\u4e0a\uff0c\u786e\u4fdd\u5b83\u4e0d\u5b58\u5728\u4e8e CRL \u4e2d\uff0c\u5e76\u4e14\u8fd8\u5fc5\u987b\u80fd\u591f\u9a8c\u8bc1\u8bc1\u4e66\u7684\u5230\u671f\u65e5\u671f\u3002 \u8bc1\u4e66\u9881\u53d1\u673a\u6784 \uff08CA\uff09 CA \u662f\u53d7\u4fe1\u4efb\u7684\u5b9e\u4f53\uff0c\u65e0\u8bba\u662f\u6700\u7ec8\u65b9\u8fd8\u662f\u4f9d\u8d56\u8bc1\u4e66\u8fdb\u884c\u8bc1\u4e66\u7b56\u7565\u3001\u7ba1\u7406\u5904\u7406\u548c\u8bc1\u4e66\u9881\u53d1\u7684\u4e00\u65b9\u3002 \u6ce8\u518c\u673a\u6784 \uff08RA\uff09 CA \u5c06\u67d0\u4e9b\u7ba1\u7406\u529f\u80fd\u59d4\u6d3e\u7ed9\u7684\u53ef\u9009\u7cfb\u7edf\uff0c\u8fd9\u5305\u62ec\u5728 CA \u9881\u53d1\u8bc1\u4e66\u4e4b\u524d\u5bf9\u7ec8\u7aef\u5b9e\u4f53\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u7b49\u529f\u80fd\u3002 \u8bc1\u4e66\u540a\u9500\u5217\u8868 \uff08CRL\uff09 \u8bc1\u4e66\u540a\u9500\u5217\u8868 \uff08CRL\uff09 \u662f\u5df2\u540a\u9500\u7684\u8bc1\u4e66\u5e8f\u5217\u53f7\u5217\u8868\u3002\u5728 PKI \u6a21\u578b\u4e2d\uff0c\u4e0d\u5e94\u4fe1\u4efb\u63d0\u4f9b\u8fd9\u4e9b\u8bc1\u4e66\u7684\u6700\u7ec8\u5b9e\u4f53\u3002\u540a\u9500\u53ef\u80fd\u7531\u4e8e\u591a\u79cd\u539f\u56e0\u800c\u53d1\u751f\uff0c\u4f8b\u5982\u5bc6\u94a5\u6cc4\u9732\u3001CA \u6cc4\u9732\u3002 CRL \u53d1\u884c\u4eba CA \u5c06\u8bc1\u4e66\u540a\u9500\u5217\u8868\u7684\u53d1\u5e03\u59d4\u6258\u7ed9\u7684\u53ef\u9009\u7cfb\u7edf\u3002 \u8bc1\u4e66\u5b58\u50a8\u5e93 \u5b58\u50a8\u548c\u67e5\u627e\u6700\u7ec8\u5b9e\u4f53\u8bc1\u4e66\u548c\u8bc1\u4e66\u540a\u9500\u5217\u8868\u7684\u4f4d\u7f6e - \u6709\u65f6\u79f0\u4e3a\u8bc1\u4e66\u6346\u7ed1\u5305\u3002 PKI \u6784\u5efa\u4e86\u4e00\u4e2a\u6846\u67b6\uff0c\u7528\u4e8e\u63d0\u4f9b\u52a0\u5bc6\u7b97\u6cd5\u3001\u5bc6\u7801\u6a21\u5f0f\u548c\u534f\u8bae\uff0c\u4ee5\u4fdd\u62a4\u6570\u636e\u548c\u8eab\u4efd\u9a8c\u8bc1\u3002\u5f3a\u70c8\u5efa\u8bae\u4f7f\u7528\u516c\u94a5\u57fa\u7840\u7ed3\u6784 \uff08PKI\uff09 \u4fdd\u62a4\u6240\u6709\u670d\u52a1\uff0c\u5305\u62ec\u5bf9 API \u7ec8\u7ed3\u70b9\u4f7f\u7528 TLS\u3002\u4ec5\u9760\u4f20\u8f93\u6216\u6d88\u606f\u7684\u52a0\u5bc6\u6216\u7b7e\u540d\u662f\u4e0d\u53ef\u80fd\u89e3\u51b3\u6240\u6709\u8fd9\u4e9b\u95ee\u9898\u7684\u3002\u4e3b\u673a\u672c\u8eab\u5fc5\u987b\u662f\u5b89\u5168\u7684\uff0c\u5e76\u5b9e\u65bd\u7b56\u7565\u3001\u547d\u540d\u7a7a\u95f4\u548c\u5176\u4ed6\u63a7\u5236\u63aa\u65bd\u6765\u4fdd\u62a4\u5176\u79c1\u6709\u51ed\u636e\u548c\u5bc6\u94a5\u3002\u4f46\u662f\uff0c\u5bc6\u94a5\u7ba1\u7406\u548c\u4fdd\u62a4\u7684\u6311\u6218\u5e76\u6ca1\u6709\u51cf\u5c11\u8fd9\u4e9b\u63a7\u5236\u7684\u5fc5\u8981\u6027\uff0c\u4e5f\u6ca1\u6709\u964d\u4f4e\u5b83\u4eec\u7684\u91cd\u8981\u6027\u3002 \u8bc1\u4e66\u9881\u53d1\u673a\u6784 \u00b6 \u8bb8\u591a\u7ec4\u7ec7\u90fd\u5efa\u7acb\u4e86\u516c\u94a5\u57fa\u7840\u8bbe\u65bd\uff0c\u5176\u4e2d\u5305\u542b\u81ea\u5df1\u7684\u8bc1\u4e66\u9881\u53d1\u673a\u6784 \uff08CA\uff09\u3001\u8bc1\u4e66\u7b56\u7565\u548c\u7ba1\u7406\uff0c\u4ed6\u4eec\u5e94\u8be5\u4f7f\u7528\u8fd9\u4e9b\u8bc1\u4e66\u4e3a\u5185\u90e8 OpenStack \u7528\u6237\u6216\u670d\u52a1\u9881\u53d1\u8bc1\u4e66\u3002\u516c\u5171\u5b89\u5168\u57df\u9762\u5411 Internet \u7684\u7ec4\u7ec7\u8fd8\u9700\u8981\u7531\u5e7f\u6cdb\u8ba4\u53ef\u7684\u516c\u5171 CA \u7b7e\u540d\u7684\u8bc1\u4e66\u3002\u5bf9\u4e8e\u901a\u8fc7\u7ba1\u7406\u7f51\u7edc\u8fdb\u884c\u7684\u52a0\u5bc6\u901a\u4fe1\uff0c\u5efa\u8bae\u4e0d\u8981\u4f7f\u7528\u516c\u5171 CA\u3002\u76f8\u53cd\uff0c\u6211\u4eec\u671f\u671b\u5e76\u5efa\u8bae\u5927\u591a\u6570\u90e8\u7f72\u90e8\u7f72\u81ea\u5df1\u7684\u5185\u90e8 CA\u3002 \u5efa\u8bae OpenStack \u4e91\u67b6\u6784\u5e08\u8003\u8651\u5bf9\u5185\u90e8\u7cfb\u7edf\u548c\u9762\u5411\u5ba2\u6237\u7684\u670d\u52a1\u4f7f\u7528\u5355\u72ec\u7684 PKI \u90e8\u7f72\u3002\u8fd9\u4f7f\u4e91\u90e8\u7f72\u4eba\u5458\u80fd\u591f\u4fdd\u6301\u5bf9\u5176 PKI \u57fa\u7840\u8bbe\u65bd\u7684\u63a7\u5236\uff0c\u5e76\u4e14\u4f7f\u5185\u90e8\u7cfb\u7edf\u7684\u8bc1\u4e66\u8bf7\u6c42\u3001\u7b7e\u540d\u548c\u90e8\u7f72\u53d8\u5f97\u66f4\u52a0\u5bb9\u6613\u3002\u9ad8\u7ea7\u914d\u7f6e\u53ef\u4ee5\u5bf9\u4e0d\u540c\u7684\u5b89\u5168\u57df\u4f7f\u7528\u5355\u72ec\u7684 PKI \u90e8\u7f72\u3002\u8fd9\u5141\u8bb8\u90e8\u7f72\u4eba\u5458\u4fdd\u6301\u73af\u5883\u7684\u52a0\u5bc6\u9694\u79bb\uff0c\u786e\u4fdd\u9881\u53d1\u7ed9\u4e00\u4e2a\u73af\u5883\u7684\u8bc1\u4e66\u4e0d\u88ab\u53e6\u4e00\u4e2a\u73af\u5883\u8bc6\u522b\u3002 \u7528\u4e8e\u5728\u9762\u5411 Internet \u7684\u4e91\u7aef\u70b9\uff08\u6216\u5ba2\u6237\u63a5\u53e3\uff0c\u5176\u4e2d\u5ba2\u6237\u9884\u8ba1\u4e0d\u4f1a\u5b89\u88c5\u9664\u6807\u51c6\u64cd\u4f5c\u7cfb\u7edf\u63d0\u4f9b\u7684\u8bc1\u4e66\u6346\u7ed1\u5305\u4ee5\u5916\u7684\u4efb\u4f55\u5185\u5bb9\uff09\u4e0a\u652f\u6301 TLS \u7684\u8bc1\u4e66\u5e94\u4f7f\u7528\u5b89\u88c5\u5728\u64cd\u4f5c\u7cfb\u7edf\u8bc1\u4e66\u6346\u7ed1\u5305\u4e2d\u7684\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u8fdb\u884c\u9884\u914d\u3002\u5178\u578b\u7684\u77e5\u540d\u4f9b\u5e94\u5546\u5305\u62ec Let's Encrypt\u3001Verisign \u548c Thawte\uff0c\u4f46\u8fd8\u6709\u8bb8\u591a\u5176\u4ed6\u4f9b\u5e94\u5546\u3002 \u5728\u521b\u5efa\u548c\u7b7e\u7f72\u8bc1\u4e66\u65b9\u9762\u5b58\u5728\u7ba1\u7406\u3001\u7b56\u7565\u548c\u6280\u672f\u65b9\u9762\u7684\u6311\u6218\u3002\u5728\u8fd9\u4e2a\u9886\u57df\uff0c\u4e91\u67b6\u6784\u5e08\u6216\u64cd\u4f5c\u5458\u53ef\u80fd\u5e0c\u671b\u5bfb\u6c42\u884c\u4e1a\u9886\u5bfc\u8005\u548c\u4f9b\u5e94\u5546\u7684\u5efa\u8bae\uff0c\u4ee5\u53ca\u6b64\u5904\u63a8\u8350\u7684\u6307\u5bfc\u3002 TLS \u5e93 \u00b6 OpenStack \u751f\u6001\u7cfb\u7edf\u4e2d\u7684\u7ec4\u4ef6\u3001\u670d\u52a1\u548c\u5e94\u7528\u7a0b\u5e8f\u6216 OpenStack \u7684\u4f9d\u8d56\u9879\u5df2\u5b9e\u73b0\u6216\u53ef\u4ee5\u914d\u7f6e\u4e3a\u4f7f\u7528 TLS \u5e93\u3002OpenStack \u4e2d\u7684 TLS \u548c HTTP \u670d\u52a1\u901a\u5e38\u4f7f\u7528 OpenSSL \u5b9e\u73b0\uff0cOpenSSL \u5177\u6709\u5df2\u9488\u5bf9 FIPS 140-2 \u9a8c\u8bc1\u7684\u6a21\u5757\u3002\u4f46\u662f\uff0c\u8bf7\u8bb0\u4f4f\uff0c\u6bcf\u4e2a\u5e94\u7528\u7a0b\u5e8f\u6216\u670d\u52a1\u5728\u4f7f\u7528 OpenSSL \u5e93\u7684\u65b9\u5f0f\u4e0a\u4ecd\u53ef\u80fd\u5f15\u5165\u5f31\u70b9\u3002 \u52a0\u5bc6\u7b97\u6cd5\u3001\u5bc6\u7801\u6a21\u5f0f\u548c\u534f\u8bae \u00b6 \u5efa\u8bae\u81f3\u5c11\u4f7f\u7528 TLS 1.2\u3002\u65e7\u7248\u672c\uff08\u5982 TLS 1.0\u30011.1 \u548c\u6240\u6709\u7248\u672c\u7684 SSL\uff08TLS \u7684\u524d\u8eab\uff09\u5bb9\u6613\u53d7\u5230\u591a\u79cd\u516c\u5f00\u5df2\u77e5\u7684\u653b\u51fb\uff0c\u56e0\u6b64\u4e0d\u5f97\u4f7f\u7528\u3002TLS 1.2 \u53ef\u7528\u4e8e\u5e7f\u6cdb\u7684\u5ba2\u6237\u7aef\u517c\u5bb9\u6027\uff0c\u4f46\u5728\u542f\u7528\u6b64\u534f\u8bae\u65f6\u8981\u5c0f\u5fc3\u3002\u4ec5\u5f53\u5b58\u5728\u5f3a\u5236\u6027\u517c\u5bb9\u6027\u8981\u6c42\u5e76\u4e14\u60a8\u4e86\u89e3\u6240\u6d89\u53ca\u7684\u98ce\u9669\u65f6\uff0c\u624d\u542f\u7528 TLS \u7248\u672c 1.1\u3002 \u4f7f\u7528 TLS 1.2 \u5e76\u540c\u65f6\u63a7\u5236\u5ba2\u6237\u7aef\u548c\u670d\u52a1\u5668\u65f6\uff0c\u5bc6\u7801\u5957\u4ef6\u5e94\u9650\u5236\u4e3a ECDHE-ECDSA-AES256-GCM-SHA384 .\u5728\u4e0d\u63a7\u5236\u8fd9\u4e24\u4e2a\u7ec8\u7ed3\u70b9\u5e76\u4f7f\u7528 TLS 1.1 \u6216 1.2 \u7684\u60c5\u51b5\u4e0b\uff0c\u66f4\u901a\u7528 HIGH:!aNULL:!eNULL:!DES:!3DES:!SSLv3:!TLSv1:!CAMELLIA \u7684\u662f\u5408\u7406\u7684\u5bc6\u7801\u9009\u62e9\u3002 \u4f46\u662f\uff0c\u7531\u4e8e\u672c\u4e66\u5e76\u4e0d\u6253\u7b97\u5168\u9762\u4ecb\u7ecd\u5bc6\u7801\u5b66\uff0c\u56e0\u6b64\u6211\u4eec\u4e0d\u5e0c\u671b\u89c4\u5b9a\u5728OpenStack\u670d\u52a1\u4e2d\u5e94\u8be5\u542f\u7528\u6216\u7981\u7528\u54ea\u4e9b\u7279\u5b9a\u7684\u7b97\u6cd5\u6216\u5bc6\u7801\u6a21\u5f0f\u3002\u6211\u4eec\u60f3\u63a8\u8350\u4e00\u4e9b\u6743\u5a01\u7684\u53c2\u8003\u8d44\u6599\uff0c\u4ee5\u63d0\u4f9b\u66f4\u591a\u4fe1\u606f\uff1a \u56fd\u5bb6\u5b89\u5168\u5c40\uff0cSuite B \u5bc6\u7801\u5b66 OWASP\u5bc6\u7801\u5b66\u6307\u5357 OWASP \u4f20\u8f93\u5c42\u4fdd\u62a4\u5907\u5fd8\u5355 SoK\uff1aSSL \u548c HTTPS\uff1a\u91cd\u6e29\u8fc7\u53bb\u7684\u6311\u6218\u5e76\u8bc4\u4f30\u8bc1\u4e66\u4fe1\u4efb\u6a21\u578b\u589e\u5f3a\u529f\u80fd \u4e16\u754c\u4e0a\u6700\u5371\u9669\u7684\u4ee3\u7801\uff1a\u5728\u975e\u6d4f\u89c8\u5668\u8f6f\u4ef6\u4e2d\u9a8c\u8bc1SSL\u8bc1\u4e66 OpenSSL \u548c FIPS 140-2 \u603b\u7ed3 \u00b6 \u9274\u4e8e OpenStack \u7ec4\u4ef6\u7684\u590d\u6742\u6027\u548c\u90e8\u7f72\u53ef\u80fd\u6027\u7684\u6570\u91cf\uff0c\u60a8\u5fc5\u987b\u6ce8\u610f\u786e\u4fdd\u6bcf\u4e2a\u7ec4\u4ef6\u90fd\u83b7\u5f97 TLS \u8bc1\u4e66\u3001\u5bc6\u94a5\u548c CA \u7684\u9002\u5f53\u914d\u7f6e\u3002\u540e\u7eed\u90e8\u5206\u5c06\u8ba8\u8bba\u4ee5\u4e0b\u670d\u52a1\uff1a \u8ba1\u7b97 API \u7aef\u70b9 \u8eab\u4efd API \u7aef\u70b9 \u7f51\u7edc API \u7aef\u70b9 \u5b58\u50a8 API \u7aef\u70b9 \u6d88\u606f\u670d\u52a1\u5668 \u6570\u636e\u5e93\u670d\u52a1\u5668 \u4eea\u8868\u677f TLS \u4ee3\u7406\u548c HTTP \u670d\u52a1 \u00b6 OpenStack\u7684\u7ec8\u7aef\u662f\u63d0\u4f9bAPI\u7ed9\u516c\u5171\u7f51\u7edc\u4e0a\u7684\u7ec8\u7aef\u7528\u6237\u548c\u7ba1\u7406\u7f51\u7edc\u4e0a\u7684\u5176\u4ed6OpenStack\u670d\u52a1\u7684HTTP\u670d\u52a1\u3002\u5f3a\u70c8\u5efa\u8bae\u6240\u6709\u8fd9\u4e9b\u8bf7\u6c42\uff0c\u65e0\u8bba\u662f\u5185\u90e8\u8fd8\u662f\u5916\u90e8\uff0c\u90fd\u4f7f\u7528TLS\u8fdb\u884c\u64cd\u4f5c\u3002\u4e3a\u4e86\u5b9e\u73b0\u8fd9\u4e2a\u76ee\u6807\uff0cAPI\u670d\u52a1\u5fc5\u987b\u90e8\u7f72\u5728TLS\u4ee3\u7406\u540e\u9762\uff0c\u8be5\u4ee3\u7406\u80fd\u591f\u5efa\u7acb\u548c\u7ec8\u6b62TLS\u4f1a\u8bdd\u3002\u4e0b\u8868\u63d0\u4f9b\u4e86\u53ef\u7528\u4e8e\u6b64\u76ee\u7684\u7684\u5f00\u6e90\u8f6f\u4ef6\u7684\u975e\u8be6\u5c3d\u5217\u8868\uff1a Pound Stud Nginx Apache httpd \u5728\u8f6f\u4ef6\u7ec8\u7aef\u6027\u80fd\u4e0d\u8db3\u7684\u60c5\u51b5\u4e0b\uff0c\u786c\u4ef6\u52a0\u901f\u5668\u53ef\u80fd\u503c\u5f97\u63a2\u7d22\u4f5c\u4e3a\u66ff\u4ee3\u9009\u9879\u3002\u8bf7\u52a1\u5fc5\u6ce8\u610f\u4efb\u4f55\u9009\u5b9a\u7684 TLS \u4ee3\u7406\u5c06\u5904\u7406\u7684\u8bf7\u6c42\u7684\u5927\u5c0f\u3002 \u793a\u4f8b \u00b6 \u4e0b\u9762\u6211\u4eec\u63d0\u4f9b\u4e86\u4e00\u4e9b\u66f4\u6d41\u884c\u7684 Web \u670d\u52a1\u5668/TLS \u7ec8\u7ed3\u5668\u4e2d\u542f\u7528 TLS \u7684\u63a8\u8350\u914d\u7f6e\u8bbe\u7f6e\u793a\u4f8b\u3002 \u5728\u6df1\u5165\u7814\u7a76\u914d\u7f6e\u4e4b\u524d\uff0c\u6211\u4eec\u7b80\u8981\u8ba8\u8bba\u5bc6\u7801\u7684\u914d\u7f6e\u5143\u7d20\u53ca\u5176\u683c\u5f0f\u3002\u6709\u5173\u53ef\u7528\u5bc6\u7801\u548c OpenSSL \u5bc6\u7801\u5217\u8868\u683c\u5f0f\u7684\u66f4\u8be6\u5c3d\u5904\u7406\uff0c\u8bf7\u53c2\u9605\uff1a\u5bc6\u7801\u3002 ciphers = \"HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM\" \u6216 ciphers = \"kEECDH:kEDH:kRSA:HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM\" \u5bc6\u7801\u5b57\u7b26\u4e32\u9009\u9879\u7531 \u201c\uff1a\u201d \u5206\u9694\uff0c\u800c \u201c\uff01\u201d \u63d0\u4f9b\u7d27\u63a5\u7740\u7684\u5143\u7d20\u7684\u5426\u5b9a\u3002\u5143\u7d20\u987a\u5e8f\u6307\u793a\u9996\u9009\u9879\uff0c\u9664\u975e\u88ab\u9650\u5b9a\u7b26\uff08\u5982 HIGH\uff09\u8986\u76d6\u3002\u8ba9\u6211\u4eec\u4ed4\u7ec6\u770b\u770b\u4e0a\u9762\u793a\u4f8b\u5b57\u7b26\u4e32\u4e2d\u7684\u5143\u7d20\u3002 kEECDH:kEDH \u4e34\u65f6\u692d\u5706\u66f2\u7ebf Diffie-Hellman\uff08\u7f29\u5199\u4e3a EECDH \u548c ECDHE\uff09\u3002 Ephemeral Diffie-Hellman\uff08\u7f29\u5199\u4e3a EDH \u6216 DHE\uff09\u4f7f\u7528\u7d20\u6570\u573a\u7fa4\u3002 \u8fd9\u4e24\u79cd\u65b9\u6cd5\u90fd\u63d0\u4f9b\u5b8c\u5168\u524d\u5411\u4fdd\u5bc6 \uff08PFS\uff09\u3002\u6709\u5173\u6b63\u786e\u914d\u7f6e PFS \u7684\u66f4\u591a\u8ba8\u8bba\uff0c\u8bf7\u53c2\u9605\u5b8c\u5168\u524d\u5411\u4fdd\u5bc6\u3002 \u4e34\u65f6\u692d\u5706\u66f2\u7ebf\u8981\u6c42\u670d\u52a1\u5668\u914d\u7f6e\u547d\u540d\u66f2\u7ebf\uff0c\u5e76\u63d0\u4f9b\u6bd4\u4e3b\u5b57\u6bb5\u7ec4\u66f4\u597d\u7684\u5b89\u5168\u6027\u548c\u66f4\u4f4e\u7684\u8ba1\u7b97\u6210\u672c\u3002\u4f46\u662f\uff0c\u4e3b\u8981\u5b57\u6bb5\u7ec4\u7684\u5b9e\u73b0\u8303\u56f4\u66f4\u5e7f\uff0c\u56e0\u6b64\u901a\u5e38\u4e24\u8005\u90fd\u5305\u542b\u5728\u5217\u8868\u4e2d\u3002 kRSA \u5206\u522b\u4f7f\u7528 RSA \u4ea4\u6362\u3001\u8eab\u4efd\u9a8c\u8bc1\u6216\u4e24\u8005\u4e4b\u4e00\u7684\u5bc6\u7801\u5957\u4ef6\u3002 HIGH \u5728\u534f\u5546\u9636\u6bb5\u9009\u62e9\u53ef\u80fd\u7684\u6700\u9ad8\u5b89\u5168\u5bc6\u7801\u3002\u8fd9\u4e9b\u5bc6\u94a5\u901a\u5e38\u5177\u6709\u957f\u5ea6\u4e3a 128 \u4f4d\u6216\u66f4\u957f\u7684\u5bc6\u94a5\u3002 !RC4 \u6ca1\u6709 RC4\u3002RC4 \u5728 TLS V3 \u7684\u4e0a\u4e0b\u6587\u4e2d\u5b58\u5728\u7f3a\u9677\u3002\u8bf7\u53c2\u9605 TLS \u548c WPA \u4e2d RC4 \u7684\u5b89\u5168\u6027\u3002 !MD5 \u6ca1\u6709 MD5\u3002MD5 \u4e0d\u5177\u6709\u9632\u51b2\u7a81\u529f\u80fd\uff0c\u56e0\u6b64\u4e0d\u63a5\u53d7\u6d88\u606f\u9a8c\u8bc1\u7801 \uff08MAC\uff09 \u6216\u7b7e\u540d\u3002 !aNULL:!eNULL Disallows clear text. \u4e0d\u5141\u8bb8\u660e\u6587\u3002 !EXP \u4e0d\u5141\u8bb8\u5bfc\u51fa\u52a0\u5bc6\u7b97\u6cd5\uff0c\u8fd9\u4e9b\u7b97\u6cd5\u5728\u8bbe\u8ba1\u4e0a\u5f80\u5f80\u5f88\u5f31\uff0c\u901a\u5e38\u4f7f\u7528 40 \u4f4d\u548c 56 \u4f4d\u5bc6\u94a5\u3002 \u7f8e\u56fd\u5bf9\u5bc6\u7801\u5b66\u7cfb\u7edf\u7684\u51fa\u53e3\u9650\u5236\u5df2\u88ab\u53d6\u6d88\uff0c\u4e0d\u518d\u9700\u8981\u652f\u6301\u3002 !LOW:!MEDIUM \u4e0d\u5141\u8bb8\u4f7f\u7528\u4f4e\uff0856 \u6216 64 \u4f4d\u957f\u5bc6\u94a5\uff09\u548c\u4e2d\u7b49\uff08128 \u4f4d\u957f\u5bc6\u94a5\uff09\u5bc6\u7801\uff0c\u56e0\u4e3a\u5b83\u4eec\u5bb9\u6613\u53d7\u5230\u66b4\u529b\u653b\u51fb\uff08\u793a\u4f8b 2-DES\uff09\u3002\u6b64\u89c4\u5219\u4ecd\u5141\u8bb8\u4e09\u91cd\u6570\u636e\u52a0\u5bc6\u6807\u51c6 \uff08Triple DES\uff09\uff0c\u4e5f\u79f0\u4e3a\u4e09\u91cd\u6570\u636e\u52a0\u5bc6\u7b97\u6cd5 \uff08TDEA\uff09 \u548c\u9ad8\u7ea7\u52a0\u5bc6\u6807\u51c6 \uff08AES\uff09\uff0c\u6bcf\u4e2a\u6807\u51c6\u90fd\u5177\u6709\u5927\u4e8e\u7b49\u4e8e 128 \u4f4d\u7684\u5bc6\u94a5\uff0c\u56e0\u6b64\u66f4\u5b89\u5168\u3002 Protocols \u534f\u8bae\u901a\u8fc7SSL_CTX_set_options\u542f\u7528/\u7981\u7528\u3002\u5efa\u8bae\u7981\u7528 SSLv2/v3 \u5e76\u542f\u7528 TLS\u3002 Pound \u00b6 \u6b64 Pound \u793a\u4f8b\u542f\u7528 AES-NI \u52a0\u901f\uff0c\u8fd9\u6709\u52a9\u4e8e\u63d0\u9ad8\u5177\u6709\u652f\u6301\u6b64\u529f\u80fd\u7684\u5904\u7406\u5668\u7684\u7cfb\u7edf\u7684\u6027\u80fd\u3002\u9ed8\u8ba4\u914d\u7f6e\u6587\u4ef6\u4f4d\u4e8e /etc/pound/pound.cfg Ubuntu\u3001RHEL\u3001CentOS\u3001 /etc/pound.cfg openSUSE \u548c SUSE Linux Enterprise \u4e0a\u3002 ## see pound(8) for details daemon 1 ###################################################################### ## global options: User \"swift\" Group \"swift\" #RootJail \"/chroot/pound\" ## Logging: (goes to syslog by default) ## 0 no logging ## 1 normal ## 2 extended ## 3 Apache-style (common log format) LogLevel 0 ## turn on dynamic scaling (off by default) # Dyn Scale 1 ## check backend every X secs: Alive 30 ## client timeout #Client 10 ## allow 10 second proxy connect time ConnTO 10 ## use hardware-acceleration card supported by openssl(1): SSLEngine \"aesni\" # poundctl control socket Control \"/var/run/pound/poundctl.socket\" ###################################################################### ## listen, redirect and ... to: ## redirect all swift requests on port 443 to local swift proxy ListenHTTPS Address 0.0.0.0 Port 443 Cert \"/etc/pound/cert.pem\" ## Certs to accept from clients ## CAlist \"CA_file\" ## Certs to use for client verification ## VerifyList \"Verify_file\" ## Request client cert - don't verify ## Ciphers \"AES256-SHA\" ## allow PUT and DELETE also (by default only GET, POST and HEAD)?: NoHTTPS11 0 ## allow PUT and DELETE also (by default only GET, POST and HEAD)?: xHTTP 1 Service BackEnd Address 127.0.0.1 Port 80 End End End Stud \u00b6 \u5bc6\u7801\u884c\u53ef\u4ee5\u6839\u636e\u60a8\u7684\u9700\u8981\u8fdb\u884c\u8c03\u6574\uff0c\u4f46\u8fd9\u662f\u4e00\u4e2a\u5408\u7406\u7684\u8d77\u70b9\u3002\u9ed8\u8ba4\u914d\u7f6e\u6587\u4ef6\u4f4d\u4e8e\u76ee\u5f55\u4e2d /etc/stud \u3002\u4f46\u662f\uff0c\u9ed8\u8ba4\u60c5\u51b5\u4e0b\u4e0d\u63d0\u4f9b\u5b83\u3002 # SSL x509 certificate file. pem-file = \" # SSL protocol. tls = on ssl = off # List of allowed SSL ciphers. # OpenSSL's high-strength ciphers which require authentication # NOTE: forbids clear text, use of RC4 or MD5 or LOW and MEDIUM strength ciphers ciphers = \"HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM\" # Enforce server cipher list order prefer-server-ciphers = on # Number of worker processes workers = 4 # Listen backlog size backlog = 1000 # TCP socket keepalive interval in seconds keepalive = 3600 # Chroot directory chroot = \"\" # Set uid after binding a socket user = \"www-data\" # Set gid after binding a socket group = \"www-data\" # Quiet execution, report only error messages quiet = off # Use syslog for logging syslog = on # Syslog facility to use syslog-facility = \"daemon\" # Run as daemon daemon = off # Report client address using SENDPROXY protocol for haproxy # Disabling this until we upgrade to HAProxy 1.5 write-proxy = off Nginx \u00b6 \u6b64 Nginx \u793a\u4f8b\u9700\u8981 TLS v1.1 \u6216 v1.2 \u624d\u80fd\u83b7\u5f97\u6700\u5927\u7684\u5b89\u5168\u6027\u3002\u53ef\u4ee5\u6839\u636e\u60a8\u7684\u9700\u8981\u8c03\u6574\u751f\u4ea7\u7ebf ssl_ciphers \uff0c\u4f46\u8fd9\u662f\u4e00\u4e2a\u5408\u7406\u7684\u8d77\u70b9\u3002\u7f3a\u7701\u914d\u7f6e\u6587\u4ef6\u4e3a /etc/nginx/nginx.conf \u3002 server { listen : ssl; ssl_certificate ; ssl_certificate_key ; ssl_protocols TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM ssl_session_tickets off; server_name _; keepalive_timeout 5; location / { } } Apache \u00b6 \u9ed8\u8ba4\u914d\u7f6e\u6587\u4ef6\u4f4d\u4e8e /etc/apache2/apache2.conf Ubuntu\u3001RHEL \u548c CentOS\u3001 /etc/httpd/conf/httpd.conf /etc/apache2/httpd.conf openSUSE \u548c SUSE Linux Enterprise \u4e0a\u3002 <VirtualHost <ip address>:80> ServerName <site FQDN> RedirectPermanent / https://<site FQDN>/ </VirtualHost> <VirtualHost <ip address>:443> ServerName <site FQDN> SSLEngine On SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2 SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM SSLCertificateFile /path/<site FQDN>.crt SSLCACertificateFile /path/<site FQDN>.crt SSLCertificateKeyFile /path/<site FQDN>.key WSGIScriptAlias / <WSGI script location> WSGIDaemonProcess horizon user=<user> group=<group> processes=3 threads=10 Alias /static <static files location> <Directory <WSGI dir>> # For http server 2.2 and earlier: Order allow,deny Allow from all # Or, in Apache http server 2.4 and later: # Require all granted </Directory> </VirtualHost> Apache \u4e2d\u7684\u8ba1\u7b97 API SSL \u7aef\u70b9\uff0c\u5fc5\u987b\u4e0e\u7b80\u77ed\u7684 WSGI \u811a\u672c\u914d\u5bf9\u3002 <VirtualHost <ip address>:8447> ServerName <site FQDN> SSLEngine On SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2 SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM SSLCertificateFile /path/<site FQDN>.crt SSLCACertificateFile /path/<site FQDN>.crt SSLCertificateKeyFile /path/<site FQDN>.key SSLSessionTickets Off WSGIScriptAlias / <WSGI script location> WSGIDaemonProcess osapi user=<user> group=<group> processes=3 threads=10 <Directory <WSGI dir>> # For http server 2.2 and earlier: Order allow,deny Allow from all # Or, in Apache http server 2.4 and later: # Require all granted </Directory> </VirtualHost> HTTP \u4e25\u683c\u4f20\u8f93\u5b89\u5168 \u00b6 \u5efa\u8bae\u6240\u6709\u751f\u4ea7\u90e8\u7f72\u90fd\u4f7f\u7528 HTTP \u4e25\u683c\u4f20\u8f93\u5b89\u5168\u6027 \uff08HSTS\uff09\u3002\u6b64\u6807\u5934\u53ef\u9632\u6b62\u6d4f\u89c8\u5668\u5728\u5efa\u7acb\u5355\u4e2a\u5b89\u5168\u8fde\u63a5\u540e\u5efa\u7acb\u4e0d\u5b89\u5168\u7684\u8fde\u63a5\u3002\u5982\u679c\u60a8\u5df2\u5c06 HTTP \u670d\u52a1\u90e8\u7f72\u5728\u516c\u5171\u57df\u6216\u4e0d\u53d7\u4fe1\u4efb\u7684\u57df\u4e0a\uff0c\u5219 HSTS \u5c24\u4e3a\u91cd\u8981\u3002\u8981\u542f\u7528 HSTS\uff0c\u8bf7\u5c06 Web \u670d\u52a1\u5668\u914d\u7f6e\u4e3a\u53d1\u9001\u5305\u542b\u6240\u6709\u8bf7\u6c42\u7684\u6807\u5934\uff0c\u5982\u4e0b\u6240\u793a\uff1a Strict-Transport-Security: max-age=31536000; includeSubDomains \u5728\u6d4b\u8bd5\u671f\u95f4\u4ece 1 \u5929\u7684\u77ed\u6682\u505c\u5f00\u59cb\uff0c\u5e76\u5728\u6d4b\u8bd5\u8868\u660e\u60a8\u6ca1\u6709\u7ed9\u7528\u6237\u5e26\u6765\u95ee\u9898\u540e\u5c06\u5176\u63d0\u9ad8\u5230\u4e00\u5e74\u3002\u8bf7\u6ce8\u610f\uff0c\u4e00\u65e6\u6b64\u6807\u5934\u8bbe\u7f6e\u4e3a\u8f83\u5927\u7684\u8d85\u65f6\uff0c\u5b83\uff08\u6839\u636e\u8bbe\u8ba1\uff09\u5c31\u5f88\u96be\u7981\u7528\u3002 \u5b8c\u5168\u524d\u5411\u4fdd\u5bc6 \u00b6 \u914d\u7f6e TLS \u670d\u52a1\u5668\u4ee5\u5b9e\u73b0\u5b8c\u7f8e\u7684\u524d\u5411\u4fdd\u5bc6\u9700\u8981\u56f4\u7ed5\u5bc6\u94a5\u5927\u5c0f\u3001\u4f1a\u8bdd ID \u548c\u4f1a\u8bdd\u7968\u8bc1\u8fdb\u884c\u4ed4\u7ec6\u89c4\u5212\u3002\u6b64\u5916\uff0c\u5bf9\u4e8e\u591a\u670d\u52a1\u5668\u90e8\u7f72\uff0c\u5171\u4eab\u72b6\u6001\u4e5f\u662f\u4e00\u4e2a\u91cd\u8981\u7684\u8003\u8651\u56e0\u7d20\u3002\u4e0a\u9762\u7684 Apache \u548c Nginx \u793a\u4f8b\u914d\u7f6e\u7981\u7528\u4e86\u4f1a\u8bdd\u7968\u8bc1\u9009\u9879\uff0c\u4ee5\u5e2e\u52a9\u7f13\u89e3\u5176\u4e2d\u4e00\u4e9b\u95ee\u9898\u3002\u5b9e\u9645\u90e8\u7f72\u53ef\u80fd\u5e0c\u671b\u542f\u7528\u6b64\u529f\u80fd\u4ee5\u63d0\u9ad8\u6027\u80fd\u3002\u8fd9\u53ef\u4ee5\u5b89\u5168\u5730\u5b8c\u6210\uff0c\u4f46\u9700\u8981\u7279\u522b\u8003\u8651\u5bc6\u94a5\u7ba1\u7406\u3002\u6b64\u7c7b\u914d\u7f6e\u8d85\u51fa\u4e86\u672c\u6307\u5357\u7684\u8303\u56f4\u3002\u6211\u4eec\u5efa\u8bae\u9605\u8bfb ImperialViolet \u7684 How to botch TLS forward secrecy \u4f5c\u4e3a\u7406\u89e3\u95ee\u9898\u7a7a\u95f4\u7684\u8d77\u70b9\u3002 \u5b89\u5168\u53c2\u8003\u67b6\u6784 \u00b6 \u5efa\u8bae\u5728 TLS \u4ee3\u7406\u548c HTTP \u670d\u52a1\u7684\u516c\u7528\u7f51\u7edc\u548c\u7ba1\u7406\u7f51\u7edc\u4e0a\u4f7f\u7528 SSL/TLS\u3002\u4f46\u662f\uff0c\u5982\u679c\u5b9e\u9645\u5728\u4efb\u4f55\u5730\u65b9\u90e8\u7f72 SSL/TLS \u592a\u56f0\u96be\uff0c\u6211\u4eec\u5efa\u8bae\u60a8\u8bc4\u4f30\u60a8\u7684 OpenStack SSL/TLS \u9700\u6c42\uff0c\u5e76\u9075\u5faa\u6b64\u5904\u8ba8\u8bba\u7684\u67b6\u6784\u4e4b\u4e00\u3002 \u5728\u8bc4\u4f30\u5176 OpenStack SSL/TLS \u9700\u6c42\u65f6\uff0c\u5e94\u8be5\u505a\u7684\u7b2c\u4e00\u4ef6\u4e8b\u662f\u8bc6\u522b\u5a01\u80c1\u3002\u60a8\u53ef\u4ee5\u5c06\u8fd9\u4e9b\u5a01\u80c1\u5206\u4e3a\u5916\u90e8\u653b\u51fb\u8005\u548c\u5185\u90e8\u653b\u51fb\u8005\u7c7b\u522b\uff0c\u4f46\u7531\u4e8e OpenStack \u7684\u67d0\u4e9b\u7ec4\u4ef6\u5728\u516c\u5171\u548c\u7ba1\u7406\u7f51\u7edc\u4e0a\u8fd0\u884c\uff0c\u56e0\u6b64\u754c\u9650\u5f80\u5f80\u4f1a\u53d8\u5f97\u6a21\u7cca\u3002 \u5bf9\u4e8e\u9762\u5411\u516c\u4f17\u7684\u670d\u52a1\uff0c\u5a01\u80c1\u975e\u5e38\u7b80\u5355\u3002\u7528\u6237\u5c06\u4f7f\u7528\u5176\u7528\u6237\u540d\u548c\u5bc6\u7801\u5bf9 Horizon \u548c Keystone \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u7528\u6237\u8fd8\u5c06\u4f7f\u7528\u5176 keystone \u4ee4\u724c\u8bbf\u95ee\u5176\u4ed6\u670d\u52a1\u7684 API \u7aef\u70b9\u3002\u5982\u679c\u6b64\u7f51\u7edc\u6d41\u91cf\u672a\u52a0\u5bc6\uff0c\u5219\u653b\u51fb\u8005\u53ef\u4ee5\u4f7f\u7528\u4e2d\u95f4\u4eba\u653b\u51fb\u622a\u83b7\u5bc6\u7801\u548c\u4ee4\u724c\u3002\u7136\u540e\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u4f7f\u7528\u8fd9\u4e9b\u6709\u6548\u51ed\u636e\u6267\u884c\u6076\u610f\u64cd\u4f5c\u3002\u6240\u6709\u5b9e\u9645\u90e8\u7f72\u90fd\u5e94\u4f7f\u7528 SSL/TLS \u6765\u4fdd\u62a4\u9762\u5411\u516c\u4f17\u7684\u670d\u52a1\u3002 \u5bf9\u4e8e\u90e8\u7f72\u5728\u7ba1\u7406\u7f51\u7edc\u4e0a\u7684\u670d\u52a1\uff0c\u7531\u4e8e\u5b89\u5168\u57df\u4e0e\u7f51\u7edc\u5b89\u5168\u7684\u6865\u63a5\uff0c\u5a01\u80c1\u5e76\u4e0d\u90a3\u4e48\u660e\u786e\u3002\u6709\u6743\u8bbf\u95ee\u7ba1\u7406\u7f51\u7edc\u7684\u7ba1\u7406\u5458\u603b\u662f\u6709\u53ef\u80fd\u51b3\u5b9a\u6267\u884c\u6076\u610f\u64cd\u4f5c\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u5982\u679c\u5141\u8bb8\u653b\u51fb\u8005\u8bbf\u95ee\u79c1\u94a5\uff0cSSL/TLS \u5c06\u65e0\u6d4e\u4e8e\u4e8b\u3002\u5f53\u7136\uff0c\u5e76\u4e0d\u662f\u7ba1\u7406\u7f51\u7edc\u4e0a\u7684\u6bcf\u4e2a\u4eba\u90fd\u88ab\u5141\u8bb8\u8bbf\u95ee\u79c1\u94a5\uff0c\u56e0\u6b64\u4f7f\u7528 SSL/TLS \u6765\u4fdd\u62a4\u81ea\u5df1\u514d\u53d7\u5185\u90e8\u653b\u51fb\u8005\u7684\u653b\u51fb\u4ecd\u7136\u5f88\u6709\u4ef7\u503c\u3002\u5373\u4f7f\u5141\u8bb8\u8bbf\u95ee\u60a8\u7684\u7ba1\u7406\u7f51\u7edc\u7684\u6bcf\u4e2a\u4eba\u90fd\u662f 100% \u53d7\u4fe1\u4efb\u7684\uff0c\u4ecd\u7136\u5b58\u5728\u672a\u7ecf\u6388\u6743\u7684\u7528\u6237\u901a\u8fc7\u5229\u7528\u9519\u8bef\u914d\u7f6e\u6216\u8f6f\u4ef6\u6f0f\u6d1e\u8bbf\u95ee\u60a8\u7684\u5185\u90e8\u7f51\u7edc\u7684\u5a01\u80c1\u3002\u5fc5\u987b\u8bb0\u4f4f\uff0c\u7528\u6237\u5728 OpenStack Compute \u8282\u70b9\u4e2d\u7684\u5b9e\u4f8b\u4e0a\u8fd0\u884c\u81ea\u5df1\u7684\u4ee3\u7801\uff0c\u8fd9\u4e9b\u8282\u70b9\u90e8\u7f72\u5728\u7ba1\u7406\u7f51\u7edc\u4e0a\u3002\u5982\u679c\u6f0f\u6d1e\u5141\u8bb8\u4ed6\u4eec\u7a81\u7834\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\uff0c\u4ed6\u4eec\u5c06\u53ef\u4ee5\u8bbf\u95ee\u60a8\u7684\u7ba1\u7406\u7f51\u7edc\u3002\u5728\u7ba1\u7406\u7f51\u7edc\u4e0a\u4f7f\u7528 SSL/TLS \u53ef\u4ee5\u6700\u5927\u7a0b\u5ea6\u5730\u51cf\u5c11\u653b\u51fb\u8005\u53ef\u80fd\u9020\u6210\u7684\u635f\u5bb3\u3002 SSL/TLS \u4ee3\u7406\u5728\u524d\u9762 \u00b6 \u4eba\u4eec\u666e\u904d\u8ba4\u4e3a\uff0c\u6700\u597d\u5c3d\u65e9\u52a0\u5bc6\u654f\u611f\u6570\u636e\uff0c\u5e76\u5c3d\u53ef\u80fd\u665a\u5730\u89e3\u5bc6\u3002\u5c3d\u7ba1\u6709\u8fd9\u79cd\u6700\u4f73\u5b9e\u8df5\uff0c\u4f46\u5728OpenStack\u670d\u52a1\u524d\u9762\u4f7f\u7528SSL / TLS\u4ee3\u7406\u5e76\u5728\u4e4b\u540e\u4f7f\u7528\u6e05\u6670\u7684\u901a\u4fe1\u4f3c\u4e4e\u662f\u5f88\u5e38\u89c1\u7684\uff0c\u5982\u4e0b\u6240\u793a\uff1a \u5982\u4e0a\u56fe\u6240\u793a\uff0c\u4f7f\u7528 SSL/TLS \u4ee3\u7406\u7684\u4e00\u4e9b\u95ee\u9898\uff1a OpenStack \u670d\u52a1\u4e2d\u7684\u539f\u751f SSL/TLS \u7684\u6027\u80fd/\u6269\u5c55\u6027\u4e0d\u5982 SSL \u4ee3\u7406\uff08\u7279\u522b\u662f\u5bf9\u4e8e\u50cf Eventlet \u8fd9\u6837\u7684 Python \u5b9e\u73b0\uff09\u3002 OpenStack \u670d\u52a1\u4e2d\u7684\u539f\u751f SSL/TLS \u6ca1\u6709\u50cf\u66f4\u6210\u719f\u7684\u89e3\u51b3\u65b9\u6848\u90a3\u6837\u7ecf\u8fc7\u4ed4\u7ec6\u5ba1\u67e5/\u5ba1\u8ba1\u3002 \u672c\u673a SSL/TLS \u914d\u7f6e\u5f88\u56f0\u96be\uff08\u6ca1\u6709\u5f88\u597d\u7684\u6587\u6863\u8bb0\u5f55\u3001\u6d4b\u8bd5\u6216\u8de8\u670d\u52a1\u4fdd\u6301\u4e00\u81f4\uff09\u3002 \u6743\u9650\u5206\u79bb\uff08OpenStack \u670d\u52a1\u8fdb\u7a0b\u4e0d\u5e94\u76f4\u63a5\u8bbf\u95ee\u7528\u4e8e SSL/TLS \u7684\u79c1\u94a5\uff09\u3002 \u6d41\u91cf\u68c0\u67e5\u9700\u8981\u8d1f\u8f7d\u5747\u8861\u3002 \u4ee5\u4e0a\u6240\u6709\u95ee\u9898\u90fd\u662f\u6709\u9053\u7406\u7684\uff0c\u4f46\u5b83\u4eec\u90fd\u4e0d\u80fd\u963b\u6b62\u5728\u7ba1\u7406\u7f51\u7edc\u4e0a\u4f7f\u7528 SSL/TLS\u3002\u8ba9\u6211\u4eec\u8003\u8651\u4e0b\u4e00\u4e2a\u90e8\u7f72\u6a21\u578b\u3002 \u4e0e API \u7aef\u70b9\u4f4d\u4e8e\u540c\u4e00\u7269\u7406\u4e3b\u673a\u4e0a\u7684 SSL/TLS \u00b6 \u8fd9\u4e0e\u524d\u9762\u7684 SSL/TLS \u4ee3\u7406\u975e\u5e38\u76f8\u4f3c\uff0c\u4f46 SSL/TLS \u4ee3\u7406\u4e0e API \u7aef\u70b9\u4f4d\u4e8e\u540c\u4e00\u7269\u7406\u7cfb\u7edf\u4e0a\u3002API \u7aef\u70b9\u5c06\u914d\u7f6e\u4e3a\u4ec5\u4fa6\u542c\u672c\u5730\u7f51\u7edc\u63a5\u53e3\u3002\u4e0e API \u7aef\u70b9\u7684\u6240\u6709\u8fdc\u7a0b\u901a\u4fe1\u90fd\u5c06\u901a\u8fc7 SSL/TLS \u4ee3\u7406\u8fdb\u884c\u3002\u901a\u8fc7\u6b64\u90e8\u7f72\u6a21\u578b\uff0c\u6211\u4eec\u5c06\u89e3\u51b3 SSL/TLS \u4ee3\u7406\u4e2d\u7684\u8bb8\u591a\u8981\u70b9\uff1a\u5c06\u4f7f\u7528\u6027\u80fd\u826f\u597d\u7684\u7ecf\u8fc7\u9a8c\u8bc1\u7684 SSL \u5b9e\u73b0\u3002\u6240\u6709\u670d\u52a1\u90fd\u5c06\u4f7f\u7528\u76f8\u540c\u7684 SSL \u4ee3\u7406\u8f6f\u4ef6\uff0c\u56e0\u6b64 API \u7aef\u70b9\u7684 SSL \u914d\u7f6e\u5c06\u662f\u4e00\u81f4\u7684\u3002OpenStack \u670d\u52a1\u8fdb\u7a0b\u5c06\u65e0\u6cd5\u76f4\u63a5\u8bbf\u95ee\u7528\u4e8e SSL/TLS \u7684\u79c1\u94a5\uff0c\u56e0\u4e3a\u60a8\u5c06\u4ee5\u4e0d\u540c\u7684\u7528\u6237\u8eab\u4efd\u8fd0\u884c SSL \u4ee3\u7406\uff0c\u5e76\u4f7f\u7528\u6743\u9650\u9650\u5236\u8bbf\u95ee\uff08\u4ee5\u53ca\u4f7f\u7528 SELinux \u4e4b\u7c7b\u7684\u989d\u5916\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236\uff09\u3002\u7406\u60f3\u60c5\u51b5\u4e0b\uff0c\u6211\u4eec\u4f1a\u8ba9 API \u7aef\u70b9\u5728 Unix \u5957\u63a5\u5b57\u4e0a\u76d1\u542c\uff0c\u8fd9\u6837\u6211\u4eec\u5c31\u53ef\u4ee5\u4f7f\u7528\u6743\u9650\u548c\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236\u6765\u9650\u5236\u5bf9\u5b83\u7684\u8bbf\u95ee\u3002\u4e0d\u5e78\u7684\u662f\uff0c\u6839\u636e\u6211\u4eec\u7684\u6d4b\u8bd5\uff0c\u8fd9\u5728 Eventlet \u4e2d\u76ee\u524d\u4f3c\u4e4e\u4e0d\u8d77\u4f5c\u7528\u3002\u8fd9\u662f\u4e00\u4e2a\u5f88\u597d\u7684\u672a\u6765\u53d1\u5c55\u76ee\u6807\u3002 SSL/TLS\u8d1f\u8f7d\u5e73\u8861\u5668 \u00b6 \u9700\u8981\u68c0\u67e5\u6d41\u91cf\u7684\u9ad8\u53ef\u7528\u6027\u6216\u8d1f\u8f7d\u5747\u8861\u90e8\u7f72\u4f1a\u600e\u6837\uff1f\u4ee5\u524d\u7684\u90e8\u7f72\u6a21\u578b\uff08\u4e0e API \u7aef\u70b9\u4f4d\u4e8e\u540c\u4e00\u7269\u7406\u4e3b\u673a\u4e0a\u7684 SSL/TLS\uff09\u4e0d\u5141\u8bb8\u8fdb\u884c\u6df1\u5ea6\u6570\u636e\u5305\u68c0\u6d4b\uff0c\u56e0\u4e3a\u6d41\u91cf\u662f\u52a0\u5bc6\u7684\u3002\u5982\u679c\u4ec5\u51fa\u4e8e\u57fa\u672c\u8def\u7531\u76ee\u7684\u800c\u9700\u8981\u68c0\u67e5\u6d41\u91cf\uff0c\u5219\u8d1f\u8f7d\u5747\u8861\u5668\u53ef\u80fd\u6ca1\u6709\u5fc5\u8981\u8bbf\u95ee\u672a\u52a0\u5bc6\u7684\u6d41\u91cf\u3002HAProxy \u80fd\u591f\u5728\u63e1\u624b\u671f\u95f4\u63d0\u53d6 SSL/TLS \u4f1a\u8bdd ID\uff0c\u7136\u540e\u53ef\u4ee5\u4f7f\u7528\u8be5 ID \u6765\u5b9e\u73b0\u4f1a\u8bdd\u4eb2\u548c\u6027\uff08\u4f1a\u8bdd ID \u914d\u7f6e\u8be6\u7ec6\u4fe1\u606f \u6b64\u5904 \uff09\u3002HAProxy\u8fd8\u53ef\u4ee5\u4f7f\u7528TLS\u670d\u52a1\u5668\u540d\u79f0\u6307\u793a\uff08SNI\uff09\u6269\u5c55\u6765\u786e\u5b9a\u5e94\u5c06\u6d41\u91cf\u8def\u7531\u5230\u7684\u4f4d\u7f6e\uff08SNI\u914d\u7f6e\u8be6\u7ec6\u4fe1\u606f\u8bf7\u5728\u6b64\u5904\uff09\u3002\u8fd9\u4e9b\u529f\u80fd\u53ef\u80fd\u6db5\u76d6\u4e86\u4e00\u4e9b\u6700\u5e38\u89c1\u7684\u8d1f\u8f7d\u5747\u8861\u5668\u9700\u6c42\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0cHAProxy \u5c06\u80fd\u591f\u5c06 HTTPS \u6d41\u91cf\u76f4\u63a5\u4f20\u9012\u5230 API \u7aef\u70b9\u7cfb\u7edf\uff1a \u5916\u90e8\u548c\u5185\u90e8\u73af\u5883\u7684\u52a0\u5bc6\u5206\u79bb \u00b6 \u5982\u679c\u60a8\u5e0c\u671b\u5bf9\u5916\u90e8\u548c\u5185\u90e8\u73af\u5883\u8fdb\u884c\u52a0\u5bc6\u5206\u79bb\uff0c\u8be5\u600e\u4e48\u529e\uff1f\u516c\u6709\u4e91\u63d0\u4f9b\u5546\u53ef\u80fd\u5e0c\u671b\u5176\u9762\u5411\u516c\u4f17\u7684\u670d\u52a1\uff08\u6216\u4ee3\u7406\uff09\u4f7f\u7528\u7531 CA \u9881\u53d1\u7684\u8bc1\u4e66\uff0c\u8be5\u8bc1\u4e66\u94fe\u63a5\u5230\u53d7\u4fe1\u4efb\u7684\u6839 CA\uff0c\u8be5\u6839 CA \u5206\u5e03\u5728\u6d41\u884c\u7684 SSL/TLS Web \u6d4f\u89c8\u5668\u8f6f\u4ef6\u4e2d\u3002\u5bf9\u4e8e\u5185\u90e8\u670d\u52a1\uff0c\u53ef\u80fd\u5e0c\u671b\u6539\u7528\u81ea\u5df1\u7684 PKI \u6765\u9881\u53d1 SSL/TLS \u8bc1\u4e66\u3002\u53ef\u4ee5\u901a\u8fc7\u5728\u7f51\u7edc\u8fb9\u754c\u7ec8\u6b62 SSL\uff0c\u7136\u540e\u4f7f\u7528\u5185\u90e8\u9881\u53d1\u7684\u8bc1\u4e66\u91cd\u65b0\u52a0\u5bc6\u6765\u5b9e\u73b0\u8fd9\u79cd\u52a0\u5bc6\u5206\u79bb\u3002\u6d41\u91cf\u5c06\u5728\u9762\u5411\u516c\u4f17\u7684 SSL/TLS \u4ee3\u7406\u4e0a\u77ed\u65f6\u95f4\u5185\u672a\u52a0\u5bc6\uff0c\u4f46\u6c38\u8fdc\u4e0d\u4f1a\u4ee5\u660e\u6587\u5f62\u5f0f\u901a\u8fc7\u7f51\u7edc\u4f20\u8f93\u3002\u5982\u679c\u8d1f\u8f7d\u5747\u8861\u5668\u4e0a\u786e\u5b9e\u9700\u8981\u6df1\u5ea6\u6570\u636e\u5305\u68c0\u6d4b\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u7528\u4e8e\u5b9e\u73b0\u52a0\u5bc6\u5206\u79bb\u7684\u76f8\u540c\u91cd\u65b0\u52a0\u5bc6\u65b9\u6cd5\u3002\u4e0b\u9762\u662f\u6b64\u90e8\u7f72\u6a21\u578b\u7684\u6837\u5b50\uff1a\u4e0b\u9762\u662f\u6b64\u90e8\u7f72\u6a21\u578b\u7684\u5916\u89c2: \u4e0e\u5927\u591a\u6570\u4e8b\u60c5\u4e00\u6837\uff0c\u9700\u8981\u6743\u8861\u53d6\u820d\u3002\u4e3b\u8981\u7684\u6743\u8861\u662f\u5728\u5b89\u5168\u6027\u548c\u6027\u80fd\u4e4b\u95f4\u3002\u52a0\u5bc6\u662f\u6709\u4ee3\u4ef7\u7684\uff0c\u4f46\u88ab\u9ed1\u5ba2\u5165\u4fb5\u4e5f\u662f\u6709\u4ee3\u4ef7\u7684\u3002\u6bcf\u4e2a\u90e8\u7f72\u7684\u5b89\u5168\u6027\u548c\u6027\u80fd\u8981\u6c42\u90fd\u4f1a\u6709\u6240\u4e0d\u540c\uff0c\u56e0\u6b64\u5982\u4f55\u4f7f\u7528 SSL/TLS \u6700\u7ec8\u5c06\u7531\u4e2a\u4eba\u51b3\u5b9a\u3002 API \u7aef\u70b9 \u00b6 \u4f7f\u7528 OpenStack \u4e91\u7684\u8fc7\u7a0b\u662f\u901a\u8fc7\u67e5\u8be2 API \u7aef\u70b9\u5f00\u59cb\u7684\u3002\u867d\u7136\u516c\u5171\u548c\u4e13\u7528\u7ec8\u7ed3\u70b9\u9762\u4e34\u4e0d\u540c\u7684\u6311\u6218\uff0c\u4f46\u8fd9\u4e9b\u662f\u9ad8\u4ef7\u503c\u8d44\u4ea7\uff0c\u5982\u679c\u906d\u5230\u5165\u4fb5\uff0c\u53ef\u80fd\u4f1a\u5e26\u6765\u91cd\u5927\u98ce\u9669\u3002 \u672c\u7ae0\u5efa\u8bae\u5bf9\u9762\u5411\u516c\u5171\u548c\u79c1\u6709\u7684 API \u7aef\u70b9\u8fdb\u884c\u5b89\u5168\u589e\u5f3a\u3002 API \u7aef\u70b9\u914d\u7f6e\u5efa\u8bae \u5185\u90e8 API \u901a\u4fe1 \u7c98\u8d34\u4ef6\u548c\u4e2d\u95f4\u4ef6 API \u7aef\u70b9\u8fdb\u7a0b\u9694\u79bb\u548c\u7b56\u7565 API \u7ec8\u7aef\u8282\u70b9\u901f\u7387\u9650\u5236 API \u7aef\u70b9\u914d\u7f6e\u5efa\u8bae \u00b6 \u5185\u90e8 API \u901a\u4fe1 \u00b6 OpenStack \u63d0\u4f9b\u9762\u5411\u516c\u4f17\u548c\u79c1\u6709\u7684 API \u7aef\u70b9\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0cOpenStack \u7ec4\u4ef6\u4f7f\u7528\u516c\u5f00\u5b9a\u4e49\u7684\u7aef\u70b9\u3002\u5efa\u8bae\u5c06\u8fd9\u4e9b\u7ec4\u4ef6\u914d\u7f6e\u4e3a\u5728\u9002\u5f53\u7684\u5b89\u5168\u57df\u4e2d\u4f7f\u7528 API \u7aef\u70b9\u3002 \u670d\u52a1\u6839\u636e OpenStack \u670d\u52a1\u76ee\u5f55\u9009\u62e9\u5404\u81ea\u7684 API \u7aef\u70b9\u3002\u8fd9\u4e9b\u670d\u52a1\u53ef\u80fd\u4e0d\u9075\u5b88\u5217\u51fa\u7684\u516c\u5171\u6216\u5185\u90e8 API \u7aef\u70b9\u503c\u3002\u8fd9\u53ef\u80fd\u4f1a\u5bfc\u81f4\u5185\u90e8\u7ba1\u7406\u6d41\u91cf\u8def\u7531\u5230\u5916\u90e8 API \u7ec8\u7ed3\u70b9\u3002 \u5728\u8eab\u4efd\u670d\u52a1\u76ee\u5f55\u4e2d\u914d\u7f6e\u5185\u90e8 URL \u00b6 Identity \u670d\u52a1\u76ee\u5f55\u5e94\u4e86\u89e3\u60a8\u7684\u5185\u90e8 URL\u3002\u867d\u7136\u9ed8\u8ba4\u60c5\u51b5\u4e0b\u4e0d\u4f7f\u7528\u6b64\u529f\u80fd\uff0c\u4f46\u53ef\u4ee5\u901a\u8fc7\u914d\u7f6e\u6765\u5229\u7528\u5b83\u3002\u6b64\u5916\uff0c\u4e00\u65e6\u6b64\u884c\u4e3a\u6210\u4e3a\u9ed8\u8ba4\u884c\u4e3a\uff0c\u5b83\u5e94\u8be5\u4e0e\u9884\u671f\u7684\u66f4\u6539\u5411\u524d\u517c\u5bb9\u3002 \u8981\u4e3a\u7ec8\u7ed3\u70b9\u6ce8\u518c\u5185\u90e8 URL\uff0c\u8bf7\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\uff1a $ openstack endpoint create identity \\ --region RegionOne internal \\ https://MANAGEMENT_IP:5000/v3 \u66ff\u6362\u4e3a MANAGEMENT_IP \u63a7\u5236\u5668\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\u3002 \u4e3a\u5185\u90e8 URL \u914d\u7f6e\u5e94\u7528\u7a0b\u5e8f \u00b6 \u60a8\u53ef\u4ee5\u5f3a\u5236\u67d0\u4e9b\u670d\u52a1\u4f7f\u7528\u7279\u5b9a\u7684 API \u7aef\u70b9\u3002\u56e0\u6b64\uff0c\u5efa\u8bae\u5fc5\u987b\u5c06\u6bcf\u4e2a\u4e0e\u53e6\u4e00\u4e2a\u670d\u52a1\u7684 API \u901a\u4fe1\u7684 OpenStack \u670d\u52a1\u663e\u5f0f\u914d\u7f6e\u4e3a\u8bbf\u95ee\u6b63\u786e\u7684\u5185\u90e8 API \u7aef\u70b9\u3002 \u6bcf\u4e2a\u9879\u76ee\u90fd\u53ef\u80fd\u5448\u73b0\u5b9a\u4e49\u76ee\u6807 API \u7aef\u70b9\u7684\u4e0d\u4e00\u81f4\u65b9\u5f0f\u3002OpenStack \u7684\u672a\u6765\u7248\u672c\u8bd5\u56fe\u901a\u8fc7\u4e00\u81f4\u5730\u4f7f\u7528\u8eab\u4efd\u670d\u52a1\u76ee\u5f55\u6765\u89e3\u51b3\u8fd9\u4e9b\u4e0d\u4e00\u81f4\u95ee\u9898\u3002 \u914d\u7f6e\u793a\u4f8b #1\uff1anova cinder_catalog_info='volume:cinder:internalURL' glance_protocol='https' neutron_url='https://neutron-host:9696' neutron_admin_auth_url='https://neutron-host:9696' s3_host='s3-host' s3_use_ssl=True \u914d\u7f6e\u793a\u4f8b #2\uff1acinder glance_host = 'https://glance-server' \u7c98\u8d34\u548c\u4e2d\u95f4\u4ef6 \u00b6 OpenStack \u4e2d\u7684\u5927\u591a\u6570 API \u7aef\u70b9\u548c\u5176\u4ed6 HTTP \u670d\u52a1\u90fd\u4f7f\u7528 Python Paste Deploy \u5e93\u3002\u4ece\u5b89\u5168\u89d2\u5ea6\u6765\u770b\uff0c\u6b64\u5e93\u5141\u8bb8\u901a\u8fc7\u5e94\u7528\u7a0b\u5e8f\u7684\u914d\u7f6e\u6765\u64cd\u4f5c\u8bf7\u6c42\u7b5b\u9009\u5668\u7ba1\u9053\u3002\u6b64\u94fe\u4e2d\u7684\u6bcf\u4e2a\u5143\u7d20\u90fd\u79f0\u4e3a\u4e2d\u95f4\u4ef6\u3002\u66f4\u6539\u7ba1\u9053\u4e2d\u7b5b\u9009\u5668\u7684\u987a\u5e8f\u6216\u6dfb\u52a0\u5176\u4ed6\u4e2d\u95f4\u4ef6\u53ef\u80fd\u4f1a\u4ea7\u751f\u4e0d\u53ef\u9884\u77e5\u7684\u5b89\u5168\u5f71\u54cd\u3002 \u901a\u5e38\uff0c\u5b9e\u73b0\u8005\u4f1a\u6dfb\u52a0\u4e2d\u95f4\u4ef6\u6765\u6269\u5c55 OpenStack \u7684\u57fa\u672c\u529f\u80fd\u3002\u6211\u4eec\u5efa\u8bae\u5b9e\u73b0\u8005\u4ed4\u7ec6\u8003\u8651\u5c06\u975e\u6807\u51c6\u8f6f\u4ef6\u7ec4\u4ef6\u6dfb\u52a0\u5230\u5176 HTTP \u8bf7\u6c42\u7ba1\u9053\u4e2d\u53ef\u80fd\u5e26\u6765\u7684\u98ce\u9669\u3002 \u6709\u5173\u7c98\u8d34\u90e8\u7f72\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 Python \u7c98\u8d34\u90e8\u7f72\u6587\u6863\u3002 API \u7aef\u70b9\u8fdb\u7a0b\u9694\u79bb\u548c\u7b56\u7565 \u00b6 \u60a8\u5e94\u8be5\u9694\u79bb API \u7aef\u70b9\u8fdb\u7a0b\uff0c\u5c24\u5176\u662f\u90a3\u4e9b\u4f4d\u4e8e\u516c\u5171\u5b89\u5168\u57df\u4e2d\u7684\u8fdb\u7a0b\uff0c\u5e94\u5c3d\u53ef\u80fd\u9694\u79bb\u3002\u5728\u90e8\u7f72\u5141\u8bb8\u7684\u60c5\u51b5\u4e0b\uff0cAPI \u7aef\u70b9\u5e94\u90e8\u7f72\u5728\u5355\u72ec\u7684\u4e3b\u673a\u4e0a\uff0c\u4ee5\u589e\u5f3a\u9694\u79bb\u6027\u3002 \u547d\u540d\u7a7a\u95f4 \u00b6 \u73b0\u5728\uff0c\u8bb8\u591a\u64cd\u4f5c\u7cfb\u7edf\u90fd\u63d0\u4f9b\u5206\u533a\u5316\u652f\u6301\u3002Linux \u652f\u6301\u547d\u540d\u7a7a\u95f4\u5c06\u8fdb\u7a0b\u5206\u914d\u5230\u72ec\u7acb\u7684\u57df\u4e2d\u3002\u672c\u6307\u5357\u7684\u5176\u4ed6\u90e8\u5206\u66f4\u8be6\u7ec6\u5730\u4ecb\u7ecd\u4e86\u7cfb\u7edf\u533a\u9694\u3002 \u7f51\u7edc\u7b56\u7565 \u00b6 \u7531\u4e8e API \u7aef\u70b9\u901a\u5e38\u6865\u63a5\u591a\u4e2a\u5b89\u5168\u57df\uff0c\u56e0\u6b64\u60a8\u5fc5\u987b\u7279\u522b\u6ce8\u610f API \u8fdb\u7a0b\u7684\u5212\u5206\u3002\u6709\u5173\u6b64\u533a\u57df\u7684\u5176\u4ed6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u6865\u63a5\u5b89\u5168\u57df\u3002 \u901a\u8fc7\u4ed4\u7ec6\u5efa\u6a21\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528\u7f51\u7edc ACL \u548c IDS \u6280\u672f\u5728\u7f51\u7edc\u670d\u52a1\u4e4b\u95f4\u5f3a\u5236\u5b9e\u65bd\u663e\u5f0f\u70b9\u5bf9\u70b9\u901a\u4fe1\u3002\u4f5c\u4e3a\u4e00\u9879\u5173\u952e\u7684\u8de8\u57df\u670d\u52a1\uff0c\u8fd9\u79cd\u663e\u5f0f\u5f3a\u5236\u6267\u884c\u5bf9 OpenStack \u7684\u6d88\u606f\u961f\u5217\u670d\u52a1\u975e\u5e38\u6709\u6548\u3002 \u8981\u5b9e\u65bd\u7b56\u7565\uff0c\u60a8\u53ef\u4ee5\u914d\u7f6e\u670d\u52a1\u3001\u57fa\u4e8e\u4e3b\u673a\u7684\u9632\u706b\u5899\uff08\u4f8b\u5982 iptables\uff09\u3001\u672c\u5730\u7b56\u7565\uff08SELinux \u6216 AppArmor\uff09\u4ee5\u53ca\u53ef\u9009\u7684\u5168\u5c40\u7f51\u7edc\u7b56\u7565\u3002 \u5f3a\u5236\u8bbf\u95ee\u63a7\u5236 \u00b6 \u60a8\u5e94\u8be5\u5c06 API \u7aef\u70b9\u8fdb\u7a0b\u5f7c\u6b64\u9694\u79bb\uff0c\u5e76\u9694\u79bb\u8ba1\u7b97\u673a\u4e0a\u7684\u5176\u4ed6\u8fdb\u7a0b\u3002\u8fd9\u4e9b\u8fdb\u7a0b\u7684\u914d\u7f6e\u4e0d\u4ec5\u5e94\u901a\u8fc7\u4efb\u610f\u8bbf\u95ee\u63a7\u5236\uff0c\u8fd8\u5e94\u901a\u8fc7\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236\u6765\u9650\u5236\u8fd9\u4e9b\u8fdb\u7a0b\u3002\u8fd9\u4e9b\u589e\u5f3a\u7684\u8bbf\u95ee\u63a7\u5236\u7684\u76ee\u6807\u662f\u5e2e\u52a9\u904f\u5236\u548c\u5347\u7ea7 API \u7aef\u70b9\u5b89\u5168\u6f0f\u6d1e\u3002\u901a\u8fc7\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236\uff0c\u6b64\u7c7b\u8fdd\u89c4\u884c\u4e3a\u4f1a\u4e25\u91cd\u9650\u5236\u5bf9\u8d44\u6e90\u7684\u8bbf\u95ee\uff0c\u5e76\u9488\u5bf9\u6b64\u7c7b\u4e8b\u4ef6\u63d0\u4f9b\u65e9\u671f\u8b66\u62a5\u3002 API \u7aef\u70b9\u901f\u7387\u9650\u5236 \u00b6 \u901f\u7387\u9650\u5236\u662f\u4e00\u79cd\u63a7\u5236\u57fa\u4e8e\u7f51\u7edc\u7684\u5e94\u7528\u7a0b\u5e8f\u63a5\u6536\u4e8b\u4ef6\u9891\u7387\u7684\u65b9\u6cd5\u3002\u5982\u679c\u4e0d\u5b58\u5728\u53ef\u9760\u7684\u901f\u7387\u9650\u5236\uff0c\u5219\u53ef\u80fd\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5bb9\u6613\u53d7\u5230\u5404\u79cd\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u5bf9\u4e8e API \u5c24\u5176\u5982\u6b64\uff0c\u56e0\u4e3a API \u7684\u672c\u8d28\u662f\u65e8\u5728\u63a5\u53d7\u9ad8\u9891\u7387\u7684\u7c7b\u4f3c\u8bf7\u6c42\u7c7b\u578b\u548c\u64cd\u4f5c\u3002 \u5728 OpenStack \u4e2d\uff0c\u5efa\u8bae\u901a\u8fc7\u901f\u7387\u9650\u5236\u4ee3\u7406\u6216 Web \u5e94\u7528\u7a0b\u5e8f\u9632\u706b\u5899\u4e3a\u6240\u6709\u7aef\u70b9\uff08\u5c24\u5176\u662f\u516c\u5171\u7aef\u70b9\uff09\u63d0\u4f9b\u989d\u5916\u7684\u4fdd\u62a4\u5c42\u3002 \u5728\u914d\u7f6e\u548c\u5b9e\u73b0\u4efb\u4f55\u901f\u7387\u9650\u5236\u529f\u80fd\u65f6\uff0c\u8fd0\u8425\u5546\u5fc5\u987b\u4ed4\u7ec6\u89c4\u5212\u5e76\u8003\u8651\u5176 OpenStack \u4e91\u4e2d\u7528\u6237\u548c\u670d\u52a1\u7684\u4e2a\u4eba\u6027\u80fd\u9700\u6c42\uff0c\u8fd9\u4e00\u70b9\u81f3\u5173\u91cd\u8981\u3002 \u63d0\u4f9b\u901f\u7387\u9650\u5236\u7684\u5e38\u89c1\u89e3\u51b3\u65b9\u6848\u662f Nginx\u3001HAProxy\u3001OpenPose \u6216 Apache \u6a21\u5757\uff0c\u4f8b\u5982 mod_ratelimit\u3001mod_qos \u6216 mod_security\u3002 \u8eab\u4efd\u9274\u522b \u00b6 Keystone\u8eab\u4efd\u670d\u52a1\u4e3aOpenStack\u7cfb\u5217\u670d\u52a1\u4e13\u95e8\u63d0\u4f9b\u8eab\u4efd\u3001\u4ee4\u724c\u3001\u76ee\u5f55\u548c\u7b56\u7565\u670d\u52a1\u3002\u8eab\u4efd\u670d\u52a1\u7ec4\u7ec7\u4e3a\u4e00\u7ec4\u5185\u90e8\u670d\u52a1\uff0c\u901a\u8fc7\u4e00\u4e2a\u6216\u591a\u4e2a\u7aef\u70b9\u66b4\u9732\u3002\u8fd9\u4e9b\u670d\u52a1\u4e2d\u7684\u8bb8\u591a\u662f\u7531\u524d\u7aef\u4ee5\u7ec4\u5408\u65b9\u5f0f\u4f7f\u7528\u7684\u3002\u4f8b\u5982\uff0c\u8eab\u4efd\u9a8c\u8bc1\u8c03\u7528\u901a\u8fc7\u8eab\u4efd\u670d\u52a1\u9a8c\u8bc1\u7528\u6237\u548c\u9879\u76ee\u51ed\u636e\u3002\u5982\u679c\u6210\u529f\uff0c\u5b83\u5c06\u4f7f\u7528\u4ee4\u724c\u670d\u52a1\u521b\u5efa\u5e76\u8fd4\u56de\u4ee4\u724c\u3002\u66f4\u591a\u4fe1\u606f\u53ef\u4ee5\u5728Keystone\u5f00\u53d1\u8005\u6587\u6863\u4e2d\u627e\u5230\u3002 \u8ba4\u8bc1 \u65e0\u6548\u7684\u767b\u5f55\u5c1d\u8bd5 \u591a\u56e0\u7d20\u8ba4\u8bc1 \u8ba4\u8bc1\u65b9\u6cd5 \u5185\u90e8\u5b9e\u65bd\u7684\u8ba4\u8bc1\u65b9\u6cd5 \u5916\u90e8\u8ba4\u8bc1\u65b9\u6cd5 \u6388\u6743 \u5efa\u7acb\u6b63\u5f0f\u7684\u8bbf\u95ee\u63a7\u5236\u7b56\u7565 \u670d\u52a1\u6388\u6743 \u7ba1\u7406\u539f\u7528\u6237 \u7ec8\u7aef\u7528\u6237 \u7b56\u7565 \u4ee4\u724c Fernet \u4ee4\u724c JWT \u4ee4\u724c \u57df \u8054\u5408 Keystone \u4e3a\u4ec0\u4e48\u8981\u4f7f\u7528\u8054\u5408\u9274\u522b \u68c0\u67e5\u8868 Check-Identity-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a keystone\uff1f Check-Identity-02\uff1a\u662f\u5426\u4e3a\u8eab\u4efd\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u6743\u9650 Check-Identity-03\uff1a\u662f\u5426\u4e3a Identity \u542f\u7528\u4e86 TLS\uff1f Check-Identity-04\uff1a\uff08\u5df2\u8fc7\u65f6\uff09 Check-Identity-05\uff1a\u662f\u5426 max_request_body_size \u8bbe\u7f6e\u4e3a\u9ed8\u8ba4\u503c \uff08114688\uff09\uff1f check-identity-06:\u7981\u7528/etc/keystone/keystone.conf\u4e2d\u7684\u7ba1\u7406\u4ee4\u724c check-identity-07:/etc/keystone/keystone.conf\u4e2d\u7684\u4e0d\u5b89\u5168_\u8c03\u8bd5\u4e3a\u5047 check-identity-08:\u4f7f\u7528/etc/keystone/keystone.conf\u4e2d\u7684Fernet\u4ee4\u724c \u8ba4\u8bc1 \u00b6 \u8eab\u4efd\u8ba4\u8bc1\u662f\u4efb\u4f55\u5b9e\u9645OpenStack\u90e8\u7f72\u4e2d\u4e0d\u53ef\u6216\u7f3a\u7684\u4e00\u90e8\u5206\uff0c\u56e0\u6b64\u5e94\u8be5\u4ed4\u7ec6\u8003\u8651\u7cfb\u7edf\u8bbe\u8ba1\u7684\u8fd9\u4e00\u65b9\u9762\u3002\u672c\u4e3b\u9898\u7684\u5b8c\u6574\u5904\u7406\u8d85\u51fa\u4e86\u672c\u6307\u5357\u7684\u8303\u56f4\uff0c\u4f46\u662f\u4ee5\u4e0b\u5404\u8282\u4ecb\u7ecd\u4e86\u4e00\u4e9b\u5173\u952e\u4e3b\u9898\u3002 \u4ece\u6839\u672c\u4e0a\u8bf4\uff0c\u8eab\u4efd\u8ba4\u8bc1\u662f\u786e\u8ba4\u8eab\u4efd\u7684\u8fc7\u7a0b - \u7528\u6237\u5b9e\u9645\u4e0a\u662f\u4ed6\u4eec\u58f0\u79f0\u7684\u8eab\u4efd\u3002\u4e00\u4e2a\u719f\u6089\u7684\u793a\u4f8b\u662f\u5728\u767b\u5f55\u7cfb\u7edf\u65f6\u63d0\u4f9b\u7528\u6237\u540d\u548c\u5bc6\u7801\u3002 OpenStack \u8eab\u4efd\u9274\u522b\u670d\u52a1\uff08keystone\uff09\u652f\u6301\u591a\u79cd\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\uff0c\u5305\u62ec\u7528\u6237\u540d\u548c\u5bc6\u7801\u3001LDAP \u548c\u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u3002\u8eab\u4efd\u8ba4\u8bc1\u6210\u529f\u540e\uff0c\u8eab\u4efd\u9274\u522b\u670d\u52a1\u4f1a\u5411\u7528\u6237\u63d0\u4f9b\u7528\u4e8e\u540e\u7eed\u670d\u52a1\u8bf7\u6c42\u7684\u6388\u6743\u4ee4\u724c\u3002 \u4f20\u8f93\u5c42\u5b89\u5168\u6027 \uff08TLS\uff09 \u4f7f\u7528 X.509 \u8bc1\u4e66\u5728\u670d\u52a1\u548c\u4eba\u5458\u4e4b\u95f4\u63d0\u4f9b\u8eab\u4efd\u9a8c\u8bc1\u3002\u5c3d\u7ba1 TLS \u7684\u9ed8\u8ba4\u6a21\u5f0f\u662f\u4ec5\u670d\u52a1\u5668\u7aef\u8eab\u4efd\u9a8c\u8bc1\uff0c\u4f46\u8bc1\u4e66\u4e5f\u53ef\u7528\u4e8e\u5ba2\u6237\u7aef\u8eab\u4efd\u9a8c\u8bc1\u3002 \u65e0\u6548\u7684\u767b\u5f55\u5c1d\u8bd5 \u00b6 \u4ece Newton \u7248\u672c\u5f00\u59cb\uff0c\u8eab\u4efd\u9274\u522b\u670d\u52a1\u53ef\u4ee5\u5728\u591a\u6b21\u767b\u5f55\u5c1d\u8bd5\u5931\u8d25\u540e\u9650\u5236\u5bf9\u5e10\u6237\u7684\u8bbf\u95ee\u3002\u91cd\u590d\u5931\u8d25\u767b\u5f55\u5c1d\u8bd5\u7684\u6a21\u5f0f\u901a\u5e38\u662f\u66b4\u529b\u653b\u51fb\u7684\u6307\u6807\uff08\u8bf7\u53c2\u9605\u653b\u51fb\u7c7b\u578b\uff09\u3002\u8fd9\u79cd\u7c7b\u578b\u7684\u653b\u51fb\u5728\u516c\u6709\u4e91\u90e8\u7f72\u4e2d\u66f4\u4e3a\u666e\u904d\u3002 \u5bf9\u4e8e\u9700\u8981\u6b64\u529f\u80fd\u7684\u65e7\u90e8\u7f72\uff0c\u53ef\u4ee5\u4f7f\u7528\u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1\u7cfb\u7edf\u8fdb\u884c\u9884\u9632\uff0c\u8be5\u7cfb\u7edf\u5728\u914d\u7f6e\u7684\u767b\u5f55\u5c1d\u8bd5\u5931\u8d25\u6b21\u6570\u540e\u9501\u5b9a\u5e10\u6237\u3002\u7136\u540e\uff0c\u53ea\u6709\u901a\u8fc7\u8fdb\u4e00\u6b65\u7684\u4fa7\u4fe1\u9053\u5e72\u9884\u624d\u80fd\u89e3\u9501\u8be5\u5e10\u6237\u3002 \u5982\u679c\u65e0\u6cd5\u9884\u9632\uff0c\u5219\u53ef\u4ee5\u4f7f\u7528\u68c0\u6d4b\u6765\u51cf\u8f7b\u635f\u5bb3\u3002\u68c0\u6d4b\u6d89\u53ca\u9891\u7e41\u67e5\u770b\u8bbf\u95ee\u63a7\u5236\u65e5\u5fd7\uff0c\u4ee5\u8bc6\u522b\u672a\u7ecf\u6388\u6743\u7684\u5e10\u6237\u8bbf\u95ee\u5c1d\u8bd5\u3002\u53ef\u80fd\u7684\u8865\u6551\u63aa\u65bd\u5305\u62ec\u68c0\u67e5\u7528\u6237\u5bc6\u7801\u7684\u5f3a\u5ea6\uff0c\u6216\u901a\u8fc7\u9632\u706b\u5899\u89c4\u5219\u963b\u6b62\u653b\u51fb\u7684\u7f51\u7edc\u6e90\u3002Keystone \u670d\u52a1\u5668\u4e0a\u9650\u5236\u8fde\u63a5\u6570\u7684\u9632\u706b\u5899\u89c4\u5219\u53ef\u7528\u4e8e\u964d\u4f4e\u653b\u51fb\u6548\u7387\uff0c\u4ece\u800c\u529d\u963b\u653b\u51fb\u8005\u3002 \u6b64\u5916\uff0c\u68c0\u67e5\u5e10\u6237\u6d3b\u52a8\u662f\u5426\u5b58\u5728\u5f02\u5e38\u767b\u5f55\u65f6\u95f4\u548c\u53ef\u7591\u64cd\u4f5c\uff0c\u5e76\u91c7\u53d6\u7ea0\u6b63\u63aa\u65bd\uff08\u5982\u7981\u7528\u5e10\u6237\uff09\u4e5f\u5f88\u6709\u7528\u3002\u901a\u5e38\uff0c\u4fe1\u7528\u5361\u63d0\u4f9b\u5546\u91c7\u7528\u8fd9\u79cd\u65b9\u6cd5\u8fdb\u884c\u6b3a\u8bc8\u68c0\u6d4b\u548c\u8b66\u62a5\u3002 \u591a\u56e0\u7d20\u8eab\u4efd\u9a8c\u8bc1 \u00b6 \u91c7\u7528\u591a\u91cd\u8eab\u4efd\u9a8c\u8bc1\u5bf9\u7279\u6743\u7528\u6237\u5e10\u6237\u8fdb\u884c\u7f51\u7edc\u8bbf\u95ee\u3002\u8eab\u4efd\u9274\u522b\u670d\u52a1\u901a\u8fc7\u53ef\u63d0\u4f9b\u6b64\u529f\u80fd\u7684 Apache Web \u670d\u52a1\u5668\u652f\u6301\u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u3002\u670d\u52a1\u5668\u8fd8\u53ef\u4ee5\u4f7f\u7528\u8bc1\u4e66\u5f3a\u5236\u6267\u884c\u5ba2\u6237\u7aef\u8eab\u4efd\u9a8c\u8bc1\u3002 \u6b64\u5efa\u8bae\u53ef\u9632\u6b62\u66b4\u529b\u7834\u89e3\u3001\u793e\u4f1a\u5de5\u7a0b\u4ee5\u53ca\u53ef\u80fd\u6cc4\u9732\u7ba1\u7406\u5458\u5bc6\u7801\u7684\u72d9\u51fb\u548c\u5927\u89c4\u6a21\u7f51\u7edc\u9493\u9c7c\u653b\u51fb\u3002 \u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5 \u00b6 \u5185\u90e8\u5b9e\u73b0\u7684\u8ba4\u8bc1\u65b9\u5f0f \u00b6 \u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u53ef\u4ee5\u5c06\u7528\u6237\u51ed\u636e\u5b58\u50a8\u5728 SQL \u6570\u636e\u5e93\u4e2d\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u7b26\u5408 LDAP \u7684\u76ee\u5f55\u670d\u52a1\u5668\u3002\u8eab\u4efd\u6570\u636e\u5e93\u53ef\u4ee5\u4e0e\u5176\u4ed6 OpenStack \u670d\u52a1\u4f7f\u7528\u7684\u6570\u636e\u5e93\u5206\u5f00\uff0c\u4ee5\u964d\u4f4e\u5b58\u50a8\u51ed\u636e\u6cc4\u9732\u7684\u98ce\u9669\u3002 \u5f53\u60a8\u4f7f\u7528\u7528\u6237\u540d\u548c\u5bc6\u7801\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u65f6\uff0c\u8eab\u4efd\u670d\u52a1\u4e0d\u4f1a\u5f3a\u5236\u6267\u884c NIST Special Publication 800-118\uff08\u8349\u6848\uff09\u4e2d\u63a8\u8350\u7684\u6709\u5173\u5bc6\u7801\u5f3a\u5ea6\u3001\u8fc7\u671f\u6216\u5931\u8d25\u8eab\u4efd\u9a8c\u8bc1\u5c1d\u8bd5\u7684\u7b56\u7565\u3002\u5e0c\u671b\u6267\u884c\u66f4\u4e25\u683c\u5bc6\u7801\u7b56\u7565\u7684\u7ec4\u7ec7\u5e94\u8003\u8651\u4f7f\u7528\u8eab\u4efd\u670d\u52a1\u7684\u6269\u5c55\u6216\u5916\u90e8\u8ba4\u8bc1\u670d\u52a1\u3002 LDAP \u7b80\u5316\u4e86\u8eab\u4efd\u8ba4\u8bc1\u4e0e\u7ec4\u7ec7\u73b0\u6709\u76ee\u5f55\u670d\u52a1\u548c\u7528\u6237\u5e10\u6237\u7ba1\u7406\u6d41\u7a0b\u7684\u96c6\u6210\u3002 OpenStack \u4e2d\u7684\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743\u7b56\u7565\u53ef\u4ee5\u59d4\u6258\u7ed9\u5176\u4ed6\u670d\u52a1\u3002\u4e00\u4e2a\u5178\u578b\u7684\u7528\u4f8b\u662f\u5bfb\u6c42\u90e8\u7f72\u79c1\u6709\u4e91\u7684\u7ec4\u7ec7\uff0c\u5e76\u4e14\u5df2\u7ecf\u5728 LDAP \u7cfb\u7edf\u4e2d\u62e5\u6709\u5458\u5de5\u548c\u7528\u6237\u7684\u6570\u636e\u5e93\u3002\u4f7f\u7528\u6b64\u8eab\u4efd\u9a8c\u8bc1\u673a\u6784\uff0c\u5c06\u5bf9\u8eab\u4efd\u670d\u52a1\u7684\u8bf7\u6c42\u59d4\u6258\u7ed9 LDAP \u7cfb\u7edf\uff0c\u7136\u540e LDAP \u7cfb\u7edf\u5c06\u6839\u636e\u5176\u7b56\u7565\u8fdb\u884c\u6388\u6743\u6216\u62d2\u7edd\u3002\u8eab\u4efd\u9a8c\u8bc1\u6210\u529f\u540e\uff0c\u8eab\u4efd\u9274\u522b\u670d\u52a1\u4f1a\u751f\u6210\u4e00\u4e2a\u4ee4\u724c\uff0c\u7528\u4e8e\u8bbf\u95ee\u6388\u6743\u670d\u52a1\u3002 \u8bf7\u6ce8\u610f\uff0c\u5982\u679c LDAP \u7cfb\u7edf\u5177\u6709\u4e3a\u7528\u6237\u5b9a\u4e49\u7684\u5c5e\u6027\uff0c\u4f8b\u5982 admin\u3001finance\u3001HR \u7b49\uff0c\u5219\u5fc5\u987b\u5c06\u8fd9\u4e9b\u5c5e\u6027\u6620\u5c04\u5230\u8eab\u4efd\u9274\u522b\u4e2d\u7684\u89d2\u8272\u548c\u7ec4\uff0c\u4ee5\u4f9b\u5404\u79cd OpenStack \u670d\u52a1\u4f7f\u7528\u3002\u8be5\u6587\u4ef6 /etc/keystone/keystone.conf \u5c06 LDAP \u5c5e\u6027\u6620\u5c04\u5230\u8eab\u4efd\u5c5e\u6027\u3002 \u4e0d\u5f97\u5141\u8bb8\u8eab\u4efd\u670d\u52a1\u5199\u5165\u7528\u4e8e OpenStack \u90e8\u7f72\u4e4b\u5916\u7684\u8eab\u4efd\u9a8c\u8bc1\u7684 LDAP \u670d\u52a1\uff0c\u56e0\u4e3a\u8fd9\u5c06\u5141\u8bb8\u5177\u6709\u8db3\u591f\u6743\u9650\u7684 keystone \u7528\u6237\u5bf9 LDAP \u76ee\u5f55\u8fdb\u884c\u66f4\u6539\u3002\u8fd9\u5c06\u5141\u8bb8\u5728\u66f4\u5e7f\u6cdb\u7684\u7ec4\u7ec7\u5185\u8fdb\u884c\u6743\u9650\u5347\u7ea7\uff0c\u6216\u4fc3\u8fdb\u5bf9\u5176\u4ed6\u4fe1\u606f\u548c\u8d44\u6e90\u7684\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002\u5728\u8fd9\u6837\u7684\u90e8\u7f72\u4e2d\uff0c\u7528\u6237\u914d\u7f6e\u5c06\u8d85\u51fa OpenStack \u90e8\u7f72\u7684\u8303\u56f4\u3002 \u6ce8\u610f \u6709\u4e00\u4e2a\u5173\u4e8e keystone.conf \u6743\u9650\u7684 OpenStack \u5b89\u5168\u8bf4\u660e \uff08OSSN\uff09\u3002 \u6709\u4e00\u4e2a\u5173\u4e8e\u6f5c\u5728 DoS \u653b\u51fb\u7684 OpenStack \u5b89\u5168\u8bf4\u660e \uff08OSSN\uff09\u3002 \u5916\u90e8\u8ba4\u8bc1\u65b9\u5f0f \u00b6 \u672c\u7ec4\u7ec7\u53ef\u80fd\u5e0c\u671b\u5b9e\u73b0\u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1\uff0c\u4ee5\u4fbf\u4e0e\u73b0\u6709\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u517c\u5bb9\uff0c\u6216\u5f3a\u5236\u5b9e\u65bd\u66f4\u5f3a\u7684\u8eab\u4efd\u9a8c\u8bc1\u7b56\u7565\u8981\u6c42\u3002\u5c3d\u7ba1\u5bc6\u7801\u662f\u6700\u5e38\u89c1\u7684\u8eab\u4efd\u9a8c\u8bc1\u5f62\u5f0f\uff0c\u4f46\u5b83\u4eec\u53ef\u4ee5\u901a\u8fc7\u591a\u79cd\u65b9\u6cd5\u6cc4\u9732\uff0c\u5305\u62ec\u51fb\u952e\u8bb0\u5f55\u548c\u5bc6\u7801\u6cc4\u9732\u3002\u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u53ef\u4ee5\u63d0\u4f9b\u66ff\u4ee3\u5f62\u5f0f\u7684\u8eab\u4efd\u9a8c\u8bc1\uff0c\u4ee5\u6700\u5927\u7a0b\u5ea6\u5730\u964d\u4f4e\u5f31\u5bc6\u7801\u5e26\u6765\u7684\u98ce\u9669\u3002 \u8fd9\u4e9b\u5305\u62ec\uff1a \u5bc6\u7801\u7b56\u7565\u5b9e\u65bd \u8981\u6c42\u7528\u6237\u5bc6\u7801\u7b26\u5408\u957f\u5ea6\u3001\u5b57\u7b26\u591a\u6837\u6027\u3001\u8fc7\u671f\u6216\u767b\u5f55\u5c1d\u8bd5\u5931\u8d25\u7684\u6700\u4f4e\u6807\u51c6\u3002\u5728\u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6848\u4e2d\uff0c\u8fd9\u5c06\u662f\u539f\u59cb\u8eab\u4efd\u5b58\u50a8\u4e0a\u7684\u5bc6\u7801\u7b56\u7565\u3002 \u591a\u56e0\u7d20\u8eab\u4efd\u9a8c\u8bc1 \u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u8981\u6c42\u7528\u6237\u6839\u636e\u4ed6\u4eec\u62e5\u6709\u7684\u5185\u5bb9\uff08\u5982\u4e00\u6b21\u6027\u5bc6\u7801\u4ee4\u724c\u6216 X.509 \u8bc1\u4e66\uff09\u548c\u4ed6\u4eec\u77e5\u9053\u7684\u5185\u5bb9\uff08\u5982\u5bc6\u7801\uff09\u63d0\u4f9b\u4fe1\u606f\u3002 Kerberos \u4e00\u79cd\u4f7f\u7528\u201c\u7968\u8bc1\u201d\u8fdb\u884c\u53cc\u5411\u8ba4\u8bc1\u7684\u7f51\u7edc\u534f\u8bae\uff0c\u7528\u4e8e\u4fdd\u62a4\u5ba2\u6237\u7aef\u548c\u670d\u52a1\u5668\u4e4b\u95f4\u7684\u901a\u4fe1\u3002Kerberos \u7968\u8bc1\u6388\u4e88\u7968\u8bc1\u53ef\u5b89\u5168\u5730\u4e3a\u7279\u5b9a\u670d\u52a1\u63d0\u4f9b\u7968\u8bc1\u3002 \u6388\u6743 \u00b6 \u8eab\u4efd\u670d\u52a1\u652f\u6301\u7ec4\u548c\u89d2\u8272\u7684\u6982\u5ff5\u3002\u7528\u6237\u5c5e\u4e8e\u7ec4\uff0c\u800c\u7ec4\u5177\u6709\u89d2\u8272\u5217\u8868\u3002OpenStack \u670d\u52a1\u5f15\u7528\u5c1d\u8bd5\u8bbf\u95ee\u8be5\u670d\u52a1\u7684\u7528\u6237\u7684\u89d2\u8272\u3002OpenStack \u7b56\u7565\u6267\u884c\u5668\u4e2d\u95f4\u4ef6\u4f1a\u8003\u8651\u4e0e\u6bcf\u4e2a\u8d44\u6e90\u5173\u8054\u7684\u7b56\u7565\u89c4\u5219\uff0c\u7136\u540e\u8003\u8651\u7528\u6237\u7684\u7ec4/\u89d2\u8272\u548c\u5173\u8054\uff0c\u4ee5\u786e\u5b9a\u662f\u5426\u5141\u8bb8\u8bbf\u95ee\u6240\u8bf7\u6c42\u7684\u8d44\u6e90\u3002 \u7b56\u7565\u5b9e\u65bd\u4e2d\u95f4\u4ef6\u652f\u6301\u5bf9 OpenStack \u8d44\u6e90\u8fdb\u884c\u7ec6\u7c92\u5ea6\u7684\u8bbf\u95ee\u63a7\u5236\u3002\u7b56\u7565\u4e2d\u6df1\u5165\u8ba8\u8bba\u4e86\u7b56\u7565\u7684\u884c\u4e3a\u3002 \u5efa\u7acb\u6b63\u5f0f\u7684\u8bbf\u95ee\u63a7\u5236\u7b56\u7565 \u00b6 \u5728\u914d\u7f6e\u89d2\u8272\u3001\u7ec4\u548c\u7528\u6237\u4e4b\u524d\uff0c\u8bf7\u8bb0\u5f55 OpenStack \u5b89\u88c5\u6240\u9700\u7684\u8bbf\u95ee\u63a7\u5236\u7b56\u7565\u3002\u8fd9\u4e9b\u7b56\u7565\u5e94\u4e0e\u7ec4\u7ec7\u7684\u4efb\u4f55\u6cd5\u89c4\u6216\u6cd5\u5f8b\u8981\u6c42\u4fdd\u6301\u4e00\u81f4\u3002\u5c06\u6765\u5bf9\u8bbf\u95ee\u63a7\u5236\u914d\u7f6e\u7684\u4fee\u6539\u5e94\u4e0e\u6b63\u5f0f\u7b56\u7565\u4fdd\u6301\u4e00\u81f4\u3002\u7b56\u7565\u5e94\u5305\u62ec\u521b\u5efa\u3001\u5220\u9664\u3001\u7981\u7528\u548c\u542f\u7528\u5e10\u6237\u4ee5\u53ca\u4e3a\u5e10\u6237\u5206\u914d\u6743\u9650\u7684\u6761\u4ef6\u548c\u8fc7\u7a0b\u3002\u5b9a\u671f\u67e5\u770b\u7b56\u7565\uff0c\u5e76\u786e\u4fdd\u914d\u7f6e\u7b26\u5408\u6279\u51c6\u7684\u7b56\u7565\u3002 \u670d\u52a1\u6388\u6743 \u00b6 \u4e91\u7ba1\u7406\u5458\u5fc5\u987b\u4e3a\u6bcf\u4e2a\u670d\u52a1\u5b9a\u4e49\u4e00\u4e2a\u5177\u6709\u7ba1\u7406\u5458\u89d2\u8272\u7684\u7528\u6237\uff0c\u5982\u300aOpenStack \u7ba1\u7406\u5458\u6307\u5357\u300b\u4e2d\u6240\u8ff0\u3002\u6b64\u670d\u52a1\u5e10\u6237\u4e3a\u670d\u52a1\u63d0\u4f9b\u5bf9\u7528\u6237\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u7684\u6388\u6743\u3002 \u53ef\u4ee5\u5c06\u8ba1\u7b97\u548c\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u914d\u7f6e\u4e3a\u4f7f\u7528\u8eab\u4efd\u670d\u52a1\u6765\u5b58\u50a8\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u3002\u5b58\u50a8\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u7684\u5176\u4ed6\u9009\u9879\u5305\u62ec\u4f7f\u7528\u201ctempAuth\u201d\u6587\u4ef6\uff0c\u4f46\u4e0d\u5e94\u5c06\u5176\u90e8\u7f72\u5728\u751f\u4ea7\u73af\u5883\u4e2d\uff0c\u56e0\u4e3a\u5bc6\u7801\u4ee5\u7eaf\u6587\u672c\u5f62\u5f0f\u663e\u793a\u3002 \u8eab\u4efd\u9274\u522b\u670d\u52a1\u652f\u6301\u5bf9 TLS \u8fdb\u884c\u5ba2\u6237\u7aef\u8eab\u4efd\u9a8c\u8bc1\uff0c\u8be5\u8eab\u4efd\u9a8c\u8bc1\u53ef\u80fd\u5df2\u542f\u7528\u3002\u9664\u4e86\u7528\u6237\u540d\u548c\u5bc6\u7801\u4e4b\u5916\uff0cTLS \u5ba2\u6237\u7aef\u8eab\u4efd\u9a8c\u8bc1\u8fd8\u63d0\u4f9b\u4e86\u989d\u5916\u7684\u8eab\u4efd\u9a8c\u8bc1\u56e0\u7d20\uff0c\u4ece\u800c\u63d0\u9ad8\u4e86\u7528\u6237\u6807\u8bc6\u7684\u53ef\u9760\u6027\u3002\u5f53\u7528\u6237\u540d\u548c\u5bc6\u7801\u53ef\u80fd\u88ab\u6cc4\u9732\u65f6\uff0c\u5b83\u964d\u4f4e\u4e86\u672a\u7ecf\u6388\u6743\u8bbf\u95ee\u7684\u98ce\u9669\u3002\u4f46\u662f\uff0c\u5411\u7528\u6237\u9881\u53d1\u8bc1\u4e66\u4f1a\u4ea7\u751f\u989d\u5916\u7684\u7ba1\u7406\u5f00\u9500\u548c\u6210\u672c\uff0c\u8fd9\u5728\u6bcf\u6b21\u90e8\u7f72\u4e2d\u90fd\u53ef\u80fd\u4e0d\u53ef\u884c\u3002 \u6ce8\u610f \u6211\u4eec\u5efa\u8bae\u60a8\u5c06\u5ba2\u6237\u7aef\u8eab\u4efd\u9a8c\u8bc1\u4e0e TLS \u7ed3\u5408\u4f7f\u7528\uff0c\u4ee5\u4fbf\u5bf9\u8eab\u4efd\u9274\u522b\u670d\u52a1\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002 \u4e91\u7ba1\u7406\u5458\u5e94\u4fdd\u62a4\u654f\u611f\u7684\u914d\u7f6e\u6587\u4ef6\u514d\u906d\u672a\u7ecf\u6388\u6743\u7684\u4fee\u6539\u3002\u8fd9\u53ef\u4ee5\u901a\u8fc7\u5f3a\u5236\u6027\u8bbf\u95ee\u63a7\u5236\u6846\u67b6\uff08\u5982 SELinux\uff09\u6765\u5b9e\u73b0\uff0c\u5305\u62ec /etc/keystone/keystone.conf X.509 \u8bc1\u4e66\u3002 \u4f7f\u7528 TLS \u7684\u5ba2\u6237\u7aef\u8eab\u4efd\u9a8c\u8bc1\u9700\u8981\u5411\u670d\u52a1\u9881\u53d1\u8bc1\u4e66\u3002\u8fd9\u4e9b\u8bc1\u4e66\u53ef\u4ee5\u7531\u5916\u90e8\u6216\u5185\u90e8\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u7b7e\u540d\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0cOpenStack \u670d\u52a1\u4f1a\u6839\u636e\u53d7\u4fe1\u4efb\u7684 CA \u68c0\u67e5\u8bc1\u4e66\u7b7e\u540d\u7684\u6709\u6548\u6027\uff0c\u5982\u679c\u7b7e\u540d\u65e0\u6548\u6216 CA \u4e0d\u53ef\u4fe1\uff0c\u8fde\u63a5\u5c06\u5931\u8d25\u3002\u4e91\u90e8\u7f72\u4eba\u5458\u53ef\u4ee5\u4f7f\u7528\u81ea\u7b7e\u540d\u8bc1\u4e66\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u5fc5\u987b\u7981\u7528\u6709\u6548\u6027\u68c0\u67e5\uff0c\u6216\u8005\u5e94\u5c06\u8bc1\u4e66\u6807\u8bb0\u4e3a\u53d7\u4fe1\u4efb\u3002\u82e5\u8981\u7981\u7528\u81ea\u7b7e\u540d\u8bc1\u4e66\u7684\u9a8c\u8bc1\uff0c\u8bf7\u5728 /etc/nova/api.paste.ini \u6587\u4ef6\u7684 [filter:authtoken] \u201c\u90e8\u5206\u201d\u4e2d\u8fdb\u884c\u8bbe\u7f6e insecure=False \u3002\u6b64\u8bbe\u7f6e\u8fd8\u4f1a\u7981\u7528\u5176\u4ed6\u7ec4\u4ef6\u7684\u8bc1\u4e66\u3002 \u7ba1\u7406\u5458\u7528\u6237 \u00b6 \u6211\u4eec\u5efa\u8bae\u7ba1\u7406\u5458\u7528\u6237\u4f7f\u7528\u8eab\u4efd\u670d\u52a1\u548c\u652f\u6301 2 \u56e0\u7d20\u8eab\u4efd\u9a8c\u8bc1\u7684\u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\uff08\u4f8b\u5982\u8bc1\u4e66\uff09\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u8fd9\u6837\u53ef\u4ee5\u964d\u4f4e\u5bc6\u7801\u53ef\u80fd\u88ab\u6cc4\u9732\u7684\u98ce\u9669\u3002\u6b64\u5efa\u8bae\u7b26\u5408 NIST 800-53 IA-2\uff081\uff09 \u6307\u5357\uff0c\u5373\u4f7f\u7528\u591a\u91cd\u8eab\u4efd\u9a8c\u8bc1\u5bf9\u7279\u6743\u5e10\u6237\u8fdb\u884c\u7f51\u7edc\u8bbf\u95ee\u3002 \u7ec8\u7aef\u7528\u6237 \u00b6 \u8eab\u4efd\u9274\u522b\u670d\u52a1\u53ef\u4ee5\u76f4\u63a5\u63d0\u4f9b\u6700\u7ec8\u7528\u6237\u8eab\u4efd\u9a8c\u8bc1\uff0c\u4e5f\u53ef\u4ee5\u914d\u7f6e\u4e3a\u4f7f\u7528\u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u4ee5\u7b26\u5408\u7ec4\u7ec7\u7684\u5b89\u5168\u7b56\u7565\u548c\u8981\u6c42\u3002 \u653f\u7b56 \u00b6 \u6bcf\u4e2a OpenStack \u670d\u52a1\u90fd\u5728\u5173\u8054\u7684\u7b56\u7565\u6587\u4ef6\u4e2d\u5b9a\u4e49\u5176\u8d44\u6e90\u7684\u8bbf\u95ee\u7b56\u7565\u3002\u4f8b\u5982\uff0c\u8d44\u6e90\u53ef\u4ee5\u662f API \u8bbf\u95ee\u3001\u9644\u52a0\u5230\u5377\u6216\u542f\u52a8\u5b9e\u4f8b\u7684\u80fd\u529b\u3002\u7b56\u7565\u89c4\u5219\u4ee5 JSON \u683c\u5f0f\u6307\u5b9a\uff0c\u6587\u4ef6\u79f0\u4e3a policy.json .\u6b64\u6587\u4ef6\u7684\u8bed\u6cd5\u548c\u683c\u5f0f\u5728\u914d\u7f6e\u53c2\u8003\u4e2d\u8fdb\u884c\u4e86\u8ba8\u8bba\u3002 \u4e91\u7ba1\u7406\u5458\u53ef\u4ee5\u4fee\u6539\u6216\u66f4\u65b0\u8fd9\u4e9b\u7b56\u7565\uff0c\u4ee5\u63a7\u5236\u5bf9\u5404\u79cd\u8d44\u6e90\u7684\u8bbf\u95ee\u3002\u786e\u4fdd\u5bf9\u8bbf\u95ee\u63a7\u5236\u7b56\u7565\u7684\u4efb\u4f55\u66f4\u6539\u90fd\u4e0d\u4f1a\u65e0\u610f\u4e2d\u524a\u5f31\u4efb\u4f55\u8d44\u6e90\u7684\u5b89\u5168\u6027\u3002\u53e6\u8bf7\u6ce8\u610f\uff0c\u5bf9 policy.json \u6587\u4ef6\u7684\u66f4\u6539\u4f1a\u7acb\u5373\u751f\u6548\uff0c\u5e76\u4e14\u4e0d\u9700\u8981\u91cd\u65b0\u542f\u52a8\u670d\u52a1\u3002 \u4ee5\u4e0b\u793a\u4f8b\u663e\u793a\u4e86\u8be5\u670d\u52a1\u5982\u4f55\u5c06\u521b\u5efa\u3001\u66f4\u65b0\u548c\u5220\u9664\u8d44\u6e90\u7684\u8bbf\u95ee\u6743\u9650\u9650\u5236\u4e3a\u4ec5\u5177\u6709\u89d2\u8272 cloud_admin \u7684\u7528\u6237\uff0c\u8be5\u89d2\u8272\u5df2\u5b9a\u4e49\u4e3a role = admin \u548c domain_id = admin_domain_id \u7684\u7ed3\u5408\uff0c\u800c get \u548c list \u8d44\u6e90\u53ef\u4f9b\u89d2\u8272\u4e3a cloud_admin \u6216 admin \u7684\u7528\u6237\u4f7f\u7528\u3002 { \"admin_required\": \"role:admin\", \"cloud_admin\": \"rule:admin_required and domain_id:admin_domain_id\", \"service_role\": \"role:service\", \"service_or_admin\": \"rule:admin_required or rule:service_role\", \"owner\" : \"user_id:%(user_id)s or user_id:%(target.token.user_id)s\", \"admin_or_owner\": \"(rule:admin_required and domain_id:%(target.token.user.domain.id)s) or rule:owner\", \"admin_or_cloud_admin\": \"rule:admin_required or rule:cloud_admin\", \"admin_and_matching_domain_id\": \"rule:admin_required and domain_id:%(domain_id)s\", \"service_admin_or_owner\": \"rule:service_or_admin or rule:owner\", \"default\": \"rule:admin_required\", \"identity:get_service\": \"rule:admin_or_cloud_admin\", \"identity:list_services\": \"rule:admin_or_cloud_admin\", \"identity:create_service\": \"rule:cloud_admin\", \"identity:update_service\": \"rule:cloud_admin\", \"identity:delete_service\": \"rule:cloud_admin\", \"identity:get_endpoint\": \"rule:admin_or_cloud_admin\", \"identity:list_endpoints\": \"rule:admin_or_cloud_admin\", \"identity:create_endpoint\": \"rule:cloud_admin\", \"identity:update_endpoint\": \"rule:cloud_admin\", \"identity:delete_endpoint\": \"rule:cloud_admin\", } \u4ee4\u724c \u00b6 \u7528\u6237\u901a\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u540e\uff0c\u5c06\u751f\u6210\u4e00\u4e2a\u4ee4\u724c\uff0c\u7528\u4e8e\u6388\u6743\u548c\u8bbf\u95ee OpenStack \u73af\u5883\u3002\u4ee3\u5e01\u53ef\u4ee5\u5177\u6709\u53ef\u53d8\u7684\u751f\u547d\u5468\u671f;\u4f46\u662f\uff0cexpiry \u7684\u9ed8\u8ba4\u503c\u4e3a 1 \u5c0f\u65f6\u3002\u5efa\u8bae\u7684\u8fc7\u671f\u503c\u5e94\u8bbe\u7f6e\u4e3a\u8f83\u4f4e\u7684\u503c\uff0c\u4ee5\u4fbf\u5185\u90e8\u670d\u52a1\u6709\u8db3\u591f\u7684\u65f6\u95f4\u5b8c\u6210\u4efb\u52a1\u3002\u5982\u679c\u4ee4\u724c\u5728\u4efb\u52a1\u5b8c\u6210\u4e4b\u524d\u8fc7\u671f\uff0c\u4e91\u53ef\u80fd\u4f1a\u53d8\u5f97\u65e0\u54cd\u5e94\u6216\u505c\u6b62\u63d0\u4f9b\u670d\u52a1\u3002\u4f8b\u5982\uff0c\u8ba1\u7b97\u670d\u52a1\u5c06\u78c1\u76d8\u6620\u50cf\u4f20\u8f93\u5230\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u4ee5\u8fdb\u884c\u672c\u5730\u7f13\u5b58\u6240\u9700\u7684\u65f6\u95f4\u3002\u5141\u8bb8\u5728\u4f7f\u7528\u6709\u6548\u7684\u670d\u52a1\u4ee4\u724c\u65f6\u63d0\u53d6\u8fc7\u671f\u7684\u4ee4\u724c\u3002 \u4ee4\u724c\u901a\u5e38\u5728 Identity \u670d\u52a1\u54cd\u5e94\u7684\u8f83\u5927\u4e0a\u4e0b\u6587\u7684\u7ed3\u6784\u4e2d\u4f20\u9012\u3002\u8fd9\u4e9b\u54cd\u5e94\u8fd8\u63d0\u4f9b\u4e86\u5404\u79cd OpenStack \u670d\u52a1\u7684\u76ee\u5f55\u3002\u5217\u51fa\u4e86\u6bcf\u4e2a\u670d\u52a1\u7684\u540d\u79f0\u3001\u5185\u90e8\u8bbf\u95ee\u3001\u7ba1\u7406\u5458\u8bbf\u95ee\u548c\u516c\u5171\u8bbf\u95ee\u7684\u8bbf\u95ee\u7ec8\u7ed3\u70b9\u3002 \u53ef\u4ee5\u4f7f\u7528\u6807\u8bc6 API \u540a\u9500\u4ee4\u724c\u3002 \u5728 Stein \u7248\u672c\u4e2d\uff0c\u6709\u4e24\u79cd\u53d7\u652f\u6301\u7684\u4ee4\u724c\u7c7b\u578b\uff1afernet \u548c JWT\u3002 fernet \u548c JWT \u4ee4\u724c\u90fd\u4e0d\u9700\u8981\u6301\u4e45\u6027\u3002Keystone \u4ee4\u724c\u6570\u636e\u5e93\u4e0d\u518d\u56e0\u8eab\u4efd\u9a8c\u8bc1\u7684\u526f\u4f5c\u7528\u800c\u906d\u53d7\u81a8\u80c0\u3002\u8fc7\u671f\u4ee4\u724c\u7684\u4fee\u526a\u4f1a\u81ea\u52a8\u8fdb\u884c\u3002\u4e5f\u4e0d\u518d\u9700\u8981\u8de8\u591a\u4e2a\u8282\u70b9\u8fdb\u884c\u590d\u5236\u3002\u53ea\u8981\u6bcf\u4e2a keystone \u8282\u70b9\u5171\u4eab\u76f8\u540c\u7684\u5b58\u50a8\u5e93\uff0c\u5c31\u53ef\u4ee5\u5728\u6240\u6709\u8282\u70b9\u4e0a\u7acb\u5373\u521b\u5efa\u548c\u9a8c\u8bc1\u4ee4\u724c\u3002 Fernet \u4ee4\u724c \u00b6 Fernet \u4ee4\u724c\u662f Stein \u652f\u6301\u7684\u4ee4\u724c\u63d0\u4f9b\u7a0b\u5e8f\uff08\u9ed8\u8ba4\uff09\u3002Fernet \u662f\u4e00\u79cd\u5b89\u5168\u7684\u6d88\u606f\u4f20\u9012\u683c\u5f0f\uff0c\u4e13\u95e8\u8bbe\u8ba1\u7528\u4e8e API \u4ee4\u724c\u3002\u5b83\u4eec\u662f\u8f7b\u91cf\u7ea7\u7684\uff08\u8303\u56f4\u5728 180 \u5230 240 \u5b57\u8282\u4e4b\u95f4\uff09\uff0c\u5e76\u51cf\u5c11\u4e86\u8fd0\u884c\u4e91\u6240\u9700\u7684\u8fd0\u8425\u5f00\u9500\u3002\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743\u5143\u6570\u636e\u88ab\u6574\u9f50\u5730\u6346\u7ed1\u5230\u6d88\u606f\u6253\u5305\u7684\u6709\u6548\u8d1f\u8f7d\u4e2d\uff0c\u7136\u540e\u5bf9\u5176\u8fdb\u884c\u52a0\u5bc6\u5e76\u4f5c\u4e3a fernet \u4ee4\u724c\u767b\u5f55\u3002 JWT \u4ee4\u724c \u00b6 JSON Web \u7b7e\u540d \uff08JWS\uff09 \u4ee4\u724c\u662f\u5728 Stein \u7248\u672c\u4e2d\u5f15\u5165\u7684\u3002\u4e0efernet\u76f8\u6bd4\uff0cJWS\u901a\u8fc7\u9650\u5236\u9700\u8981\u5171\u4eab\u5bf9\u79f0\u52a0\u5bc6\u5bc6\u94a5\u7684\u4e3b\u673a\u6570\u91cf\uff0c\u4e3a\u8fd0\u8425\u5546\u63d0\u4f9b\u4e86\u6f5c\u5728\u7684\u597d\u5904\u3002\u8fd9\u6709\u52a9\u4e8e\u9632\u6b62\u53ef\u80fd\u5df2\u5728\u90e8\u7f72\u4e2d\u7ad9\u7a33\u811a\u8ddf\u7684\u6076\u610f\u53c2\u4e0e\u8005\u6269\u6563\u5230\u5176\u4ed6\u8282\u70b9\u3002 \u6709\u5173\u8fd9\u4e9b\u4ee4\u724c\u63d0\u4f9b\u7a0b\u5e8f\u4e4b\u95f4\u5dee\u5f02\u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u6b64\u5904 https://docs.openstack.org/keystone/stein/admin/tokens-overview.html#token-providers \u57df \u00b6 \u57df\u662f\u9879\u76ee\u3001\u7528\u6237\u548c\u7ec4\u7684\u9ad8\u7ea7\u5bb9\u5668\u3002\u56e0\u6b64\uff0c\u5b83\u4eec\u53ef\u7528\u4e8e\u96c6\u4e2d\u7ba1\u7406\u6240\u6709\u57fa\u4e8e keystone \u7684\u8eab\u4efd\u7ec4\u4ef6\u3002\u968f\u7740\u5e10\u6237\u57df\u7684\u5f15\u5165\uff0c\u670d\u52a1\u5668\u3001\u5b58\u50a8\u548c\u5176\u4ed6\u8d44\u6e90\u73b0\u5728\u53ef\u4ee5\u5728\u903b\u8f91\u4e0a\u5206\u7ec4\u5230\u591a\u4e2a\u9879\u76ee\uff08\u4ee5\u524d\u79f0\u4e3a\u79df\u6237\uff09\u4e2d\uff0c\u8fd9\u4e9b\u9879\u76ee\u672c\u8eab\u53ef\u4ee5\u5206\u7ec4\u5230\u7c7b\u4f3c\u4e3b\u5e10\u6237\u7684\u5bb9\u5668\u4e0b\u3002\u6b64\u5916\uff0c\u53ef\u4ee5\u5728\u4e00\u4e2a\u5e10\u6237\u57df\u4e2d\u7ba1\u7406\u591a\u4e2a\u7528\u6237\uff0c\u5e76\u4e3a\u6bcf\u4e2a\u9879\u76ee\u5206\u914d\u4e0d\u540c\u7684\u89d2\u8272\u3002 Identity V3 API \u652f\u6301\u591a\u4e2a\u57df\u3002\u4e0d\u540c\u57df\u7684\u7528\u6237\u53ef\u80fd\u5728\u4e0d\u540c\u7684\u8eab\u4efd\u9a8c\u8bc1\u540e\u7aef\u4e2d\u8868\u793a\uff0c\u751a\u81f3\u5177\u6709\u4e0d\u540c\u7684\u5c5e\u6027\uff0c\u8fd9\u4e9b\u5c5e\u6027\u5fc5\u987b\u6620\u5c04\u5230\u4e00\u7ec4\u89d2\u8272\u548c\u6743\u9650\uff0c\u8fd9\u4e9b\u89d2\u8272\u548c\u6743\u9650\u5728\u7b56\u7565\u5b9a\u4e49\u4e2d\u7528\u4e8e\u8bbf\u95ee\u5404\u79cd\u670d\u52a1\u8d44\u6e90\u3002 \u5982\u679c\u89c4\u5219\u53ef\u4ee5\u4ec5\u6307\u5b9a\u5bf9\u7ba1\u7406\u5458\u7528\u6237\u548c\u5c5e\u4e8e\u79df\u6237\u7684\u7528\u6237\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u5219\u6620\u5c04\u53ef\u80fd\u5f88\u7b80\u5355\u3002\u5728\u5176\u4ed6\u60c5\u51b5\u4e0b\uff0c\u4e91\u7ba1\u7406\u5458\u53ef\u80fd\u9700\u8981\u6279\u51c6\u6bcf\u4e2a\u79df\u6237\u7684\u6620\u5c04\u4f8b\u7a0b\u3002 \u7279\u5b9a\u4e8e\u57df\u7684\u8eab\u4efd\u9a8c\u8bc1\u9a71\u52a8\u7a0b\u5e8f\u5141\u8bb8\u4f7f\u7528\u7279\u5b9a\u4e8e\u57df\u7684\u914d\u7f6e\u6587\u4ef6\u4e3a\u591a\u4e2a\u57df\u914d\u7f6e\u6807\u8bc6\u670d\u52a1\u3002\u542f\u7528\u9a71\u52a8\u7a0b\u5e8f\u5e76\u8bbe\u7f6e\u7279\u5b9a\u4e8e\u57df\u7684\u914d\u7f6e\u6587\u4ef6\u4f4d\u7f6e\u53d1\u751f\u5728 keystone.conf \u6587\u4ef6 [identity] \u90e8\u5206\u4e2d\uff1a [identity] domain_specific_drivers_enabled = True domain_config_dir = /etc/keystone/domains \u4efb\u4f55\u6ca1\u6709\u7279\u5b9a\u4e8e\u57df\u7684\u914d\u7f6e\u6587\u4ef6\u7684\u57df\u90fd\u5c06\u4f7f\u7528\u4e3b keystone.conf \u6587\u4ef6\u4e2d\u7684\u9009\u9879\u3002 \u8054\u5408\u9274\u6743 \u00b6 \u91cd\u8981\u5b9a\u4e49\uff1a \u670d\u52a1\u63d0\u4f9b\u5546 \uff08SP\uff09 \u5411\u59d4\u6258\u4eba\u6216\u5176\u4ed6\u7cfb\u7edf\u5b9e\u4f53\u63d0\u4f9b\u670d\u52a1\u7684\u7cfb\u7edf\u5b9e\u4f53\uff0c\u5728\u672c\u4f8b\u4e2d\uff0cOpenStack Identity \u662f\u670d\u52a1\u63d0\u4f9b\u8005\u3002 \u8eab\u4efd\u63d0\u4f9b\u5546 \uff08IdP\uff09 \u76ee\u5f55\u670d\u52a1\uff08\u5982 LDAP\u3001RADIUS \u548c Active Directory\uff09\u5141\u8bb8\u7528\u6237\u4f7f\u7528\u7528\u6237\u540d\u548c\u5bc6\u7801\u767b\u5f55\uff0c\u662f\u8eab\u4efd\u63d0\u4f9b\u5546\u5904\u8eab\u4efd\u9a8c\u8bc1\u4ee4\u724c\uff08\u4f8b\u5982\u5bc6\u7801\uff09\u7684\u5178\u578b\u6765\u6e90\u3002 \u8054\u5408\u9274\u6743\u662f\u4e00\u79cd\u5728 IdP \u548c SP \u4e4b\u95f4\u5efa\u7acb\u4fe1\u4efb\u7684\u673a\u5236\uff0c\u5728\u672c\u4f8b\u4e2d\uff0c\u662f\u5728\u8eab\u4efd\u63d0\u4f9b\u8005\u548c OpenStack Cloud \u63d0\u4f9b\u7684\u670d\u52a1\u4e4b\u95f4\u5efa\u7acb\u4fe1\u4efb\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u79cd\u5b89\u5168\u7684\u65b9\u6cd5\uff0c\u53ef\u4ee5\u4f7f\u7528\u73b0\u6709\u51ed\u636e\u8de8\u591a\u4e2a\u7aef\u70b9\u8bbf\u95ee\u4e91\u8d44\u6e90\uff0c\u4f8b\u5982\u670d\u52a1\u5668\u3001\u5377\u548c\u6570\u636e\u5e93\u3002\u51ed\u8bc1\u7531\u7528\u6237\u7684 IdP \u7ef4\u62a4\u3002 \u4e3a\u4ec0\u4e48\u8981\u4f7f\u7528\u8054\u5408\u8eab\u4efd\uff1f \u00b6 \u4e24\u4e2a\u6839\u672c\u539f\u56e0\uff1a \u964d\u4f4e\u590d\u6742\u6027\u4f7f\u90e8\u7f72\u66f4\u6613\u4e8e\u4fdd\u62a4\u3002 \u5b83\u4e3a\u60a8\u548c\u60a8\u7684\u7528\u6237\u8282\u7701\u4e86\u65f6\u95f4\u3002 \u96c6\u4e2d\u7ba1\u7406\u5e10\u6237\uff0c\u9632\u6b62 OpenStack \u57fa\u7840\u67b6\u6784\u5185\u90e8\u7684\u91cd\u590d\u5de5\u4f5c\u3002 \u51cf\u8f7b\u7528\u6237\u8d1f\u62c5\u3002\u5355\u70b9\u767b\u5f55\u5141\u8bb8\u4f7f\u7528\u5355\u4e00\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u6765\u8bbf\u95ee\u8bb8\u591a\u4e0d\u540c\u7684\u670d\u52a1\u548c\u73af\u5883\u3002 \u5c06\u5bc6\u7801\u6062\u590d\u8fc7\u7a0b\u7684\u8d23\u4efb\u8f6c\u79fb\u5230 IdP\u3002 \u8fdb\u4e00\u6b65\u7684\u7406\u7531\u548c\u7ec6\u8282\u53ef\u4ee5\u5728 Keystone \u5173\u4e8e\u8054\u5408\u7684\u6587\u6863\u4e2d\u627e\u5230\u3002 \u68c0\u67e5\u8868 \u00b6 Check-Identity-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a keystone\uff1f \u00b6 \u914d\u7f6e\u6587\u4ef6\u5305\u542b\u7ec4\u4ef6\u5e73\u7a33\u8fd0\u884c\u6240\u9700\u7684\u5173\u952e\u53c2\u6570\u548c\u4fe1\u606f\u3002\u5982\u679c\u975e\u7279\u6743\u7528\u6237\u6709\u610f\u6216\u65e0\u610f\u5730\u4fee\u6539\u6216\u5220\u9664\u4efb\u4f55\u53c2\u6570\u6216\u6587\u4ef6\u672c\u8eab\uff0c\u5219\u4f1a\u5bfc\u81f4\u4e25\u91cd\u7684\u53ef\u7528\u6027\u95ee\u9898\uff0c\u4ece\u800c\u5bfc\u81f4\u5bf9\u5176\u4ed6\u6700\u7ec8\u7528\u6237\u7684\u62d2\u7edd\u670d\u52a1\u3002\u56e0\u6b64\uff0c\u6b64\u7c7b\u5173\u952e\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a\u8be5\u7ec4\u4ef6\u6240\u6709\u8005\u3002\u6b64\u5916\uff0c\u5305\u542b\u76ee\u5f55\u5e94\u5177\u6709\u76f8\u540c\u7684\u6240\u6709\u6743\uff0c\u4ee5\u786e\u4fdd\u6b63\u786e\u62e5\u6709\u65b0\u6587\u4ef6\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%U %G\" /etc/keystone/keystone.conf | egrep \"keystone keystone\" $ stat -L -c \"%U %G\" /etc/keystone/keystone-paste.ini | egrep \"keystone keystone\" $ stat -L -c \"%U %G\" /etc/keystone/policy.json | egrep \"keystone keystone\" $ stat -L -c \"%U %G\" /etc/keystone/logging.conf | egrep \"keystone keystone\" $ stat -L -c \"%U %G\" /etc/keystone/ssl/certs/signing_cert.pem | egrep \"keystone keystone\" $ stat -L -c \"%U %G\" /etc/keystone/ssl/private/signing_key.pem | egrep \"keystone keystone\" $ stat -L -c \"%U %G\" /etc/keystone/ssl/certs/ca.pem | egrep \"keystone keystone\" $ stat -L -c \"%U %G\" /etc/keystone | egrep \"keystone keystone\" \u901a\u8fc7\uff1a \u5982\u679c\u6240\u6709\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u90fd\u8bbe\u7f6e\u4e3a keystone\u3002\u4e0a\u8ff0\u547d\u4ee4\u663e\u793a keystone keystone \u7684\u8f93\u51fa\u3002 \u5931\u8d25\uff1a \u5982\u679c\u4e0a\u8ff0\u547d\u4ee4\u672a\u8fd4\u56de\u4efb\u4f55\u8f93\u51fa\uff0c\u56e0\u4e3a\u7528\u6237\u6216\u7ec4\u6240\u6709\u6743\u53ef\u80fd\u5df2\u8bbe\u7f6e\u4e3a\u9664 keystone \u4ee5\u5916\u7684\u4efb\u4f55\u7528\u6237\u3002 \u63a8\u8350\u4e8e\uff1a\u5185\u90e8\u5b9e\u73b0\u7684\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u3002 Check-Identity-02\uff1a\u662f\u5426\u4e3a Identity \u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u6743\u9650\uff1f \u00b6 \u4e0e\u524d\u9762\u7684\u68c0\u67e5\u7c7b\u4f3c\uff0c\u5efa\u8bae\u5bf9\u6b64\u7c7b\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e25\u683c\u7684\u8bbf\u95ee\u6743\u9650\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%a\" /etc/keystone/keystone.conf $ stat -L -c \"%a\" /etc/keystone/keystone-paste.ini $ stat -L -c \"%a\" /etc/keystone/policy.json $ stat -L -c \"%a\" /etc/keystone/logging.conf $ stat -L -c \"%a\" /etc/keystone/ssl/certs/signing_cert.pem $ stat -L -c \"%a\" /etc/keystone/ssl/private/signing_key.pem $ stat -L -c \"%a\" /etc/keystone/ssl/certs/ca.pem $ stat -L -c \"%a\" /etc/keystone \u8fd8\u53ef\u4ee5\u8fdb\u884c\u66f4\u5e7f\u6cdb\u7684\u9650\u5236\uff1a\u5982\u679c\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\uff0c\u5219\u4fdd\u8bc1\u6b64\u76ee\u5f55\u4e2d\u65b0\u521b\u5efa\u7684\u6587\u4ef6\u5177\u6709\u6240\u9700\u7684\u6743\u9650\u3002 \u901a\u8fc7\uff1a \u5982\u679c\u6743\u9650\u8bbe\u7f6e\u4e3a 640 \u6216\u66f4\u4e25\u683c\uff0c\u6216\u8005\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\u3002 \u5931\u8d25\uff1a \u5982\u679c\u6743\u9650\u672a\u8bbe\u7f6e\u4e3a\u81f3\u5c11 640/750\u3002 \u63a8\u8350\u4e8e\uff1a\u5185\u90e8\u5b9e\u73b0\u7684\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u3002 Check-Identity-03\uff1a\u662f\u5426\u4e3a Identity \u542f\u7528\u4e86 TLS\uff1f \u00b6 OpenStack \u7ec4\u4ef6\u4f7f\u7528\u5404\u79cd\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\uff0c\u901a\u4fe1\u53ef\u80fd\u6d89\u53ca\u654f\u611f\u6216\u673a\u5bc6\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5c1d\u8bd5\u7a83\u542c\u9891\u9053\u4ee5\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u56e0\u6b64\uff0c\u6240\u6709\u7ec4\u4ef6\u90fd\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u901a\u4fe1\u534f\u8bae\uff08\u5982 HTTPS\uff09\u76f8\u4e92\u901a\u4fe1\u3002 \u5982\u679c\u5c06 HTTP/WSGI \u670d\u52a1\u5668\u7528\u4e8e\u6807\u8bc6\uff0c\u5219\u5e94\u5728 HTTP/WSGI \u670d\u52a1\u5668\u4e0a\u542f\u7528 TLS\u3002 \u901a\u8fc7\uff1a \u5982\u679c\u5728 HTTP \u670d\u52a1\u5668\u4e0a\u542f\u7528\u4e86 TLS\u3002 \u5931\u8d25\uff1a \u5982\u679c HTTP \u670d\u52a1\u5668\u4e0a\u672a\u542f\u7528 TLS\u3002 \u63a8\u8350\u4e8e\uff1a\u5b89\u5168\u901a\u4fe1\u3002 Check-Identity-04\uff1a\uff08\u5df2\u8fc7\u65f6\uff09 \u00b6 Check-Identity-05\uff1a\u662f\u5426 max_request_body_size \u8bbe\u7f6e\u4e3a\u9ed8\u8ba4\u503c \uff08114688\uff09\uff1f \u00b6 \u8be5\u53c2\u6570 max_request_body_size \u5b9a\u4e49\u6bcf\u4e2a\u8bf7\u6c42\u7684\u6700\u5927\u6b63\u6587\u5927\u5c0f\uff08\u4ee5\u5b57\u8282\u4e3a\u5355\u4f4d\uff09\u3002\u5982\u679c\u672a\u5b9a\u4e49\u6700\u5927\u5927\u5c0f\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u6784\u5efa\u4efb\u610f\u5927\u5bb9\u91cf\u8bf7\u6c42\uff0c\u5bfc\u81f4\u670d\u52a1\u5d29\u6e83\uff0c\u6700\u7ec8\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u5206\u914d\u6700\u5927\u503c\u53ef\u786e\u4fdd\u963b\u6b62\u4efb\u4f55\u6076\u610f\u7684\u8d85\u5927\u8bf7\u6c42\uff0c\u4ece\u800c\u786e\u4fdd\u7ec4\u4ef6\u7684\u6301\u7eed\u53ef\u7528\u6027\u3002 \u901a\u8fc7\uff1a \u5982\u679c\u53c2\u6570 max_request_body_size in /etc/keystone/keystone.conf \u7684\u503c\u8bbe\u7f6e\u4e3a\u9ed8\u8ba4\u503c \uff08114688\uff09 \u6216\u6839\u636e\u60a8\u7684\u73af\u5883\u8bbe\u7f6e\u7684\u67d0\u4e2a\u5408\u7406\u503c\u3002 \u5931\u8d25\uff1a \u5982\u679c\u672a\u8bbe\u7f6e\u53c2\u6570 max_request_body_size \u503c\u3002 check-identity-06:\u7981\u7528/etc/keystone/keystone.conf\u4e2d\u7684\u7ba1\u7406\u4ee4\u724c \u00b6 \u7ba1\u7406\u5458\u4ee4\u724c\u901a\u5e38\u7528\u4e8e\u5f15\u5bfc Identity\u3002\u6b64\u4ee4\u724c\u662f\u6700\u6709\u4ef7\u503c\u7684\u6807\u8bc6\u8d44\u4ea7\uff0c\u53ef\u7528\u4e8e\u83b7\u53d6\u4e91\u7ba1\u7406\u5458\u6743\u9650\u3002 \u901a\u8fc7\uff1a \u5982\u679c admin_token under [DEFAULT] section in /etc/keystone/keystone.conf \u88ab\u7981\u7528\u3002\u5e76\u4e14\uff0c AdminTokenAuthMiddleware under [filter:admin_token_auth] \u4ece /etc/keystone/keystone-paste.ini \u5931\u8d25\uff1a \u5982\u679c admin_token \u8bbe\u7f6e\u4e86 under [DEFAULT] \u90e8\u5206\u5e76 AdminTokenAuthMiddleware \u5b58\u5728\u4e8e keystone-paste.ini \u4e2d\u3002 \u5efa\u8bae \u7981\u7528 `admin_token` \u610f\u5473\u7740\u5b83\u7684\u503c\u4e3a `<none>` \u3002 check-identity-07:/etc/keystone/keystone.conf\u4e2d\u7684\u4e0d\u5b89\u5168_\u8c03\u8bd5\u4e3a\u5047 \u00b6 \u5982\u679c insecure_debug \u8bbe\u7f6e\u4e3a true\uff0c\u5219\u670d\u52a1\u5668\u5c06\u5728 HTTP \u54cd\u5e94\u4e2d\u8fd4\u56de\u4fe1\u606f\uff0c\u8fd9\u4e9b\u4fe1\u606f\u53ef\u80fd\u5141\u8bb8\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u6216\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u7528\u6237\u83b7\u53d6\u6bd4\u6b63\u5e38\u60c5\u51b5\u66f4\u591a\u7684\u4fe1\u606f\uff0c\u4f8b\u5982\u6709\u5173\u8eab\u4efd\u9a8c\u8bc1\u5931\u8d25\u539f\u56e0\u7684\u5176\u4ed6\u8be6\u7ec6\u4fe1\u606f\u3002 \u901a\u8fc7\uff1a \u5982\u679c insecure_debug under [DEFAULT] section in /etc/keystone/keystone.conf \u4e3a false\u3002 \u5931\u8d25\uff1a \u5982\u679c insecure_debug under [DEFAULT] section in /etc/keystone/keystone.conf \u4e3a true\u3002 check-identity-08:\u4f7f\u7528/etc/keystone/keystone.conf\u4e2d\u7684Fernet\u4ee4\u724c \u00b6 OpenStack Identity \u670d\u52a1\u63d0\u4f9b uuid \u548c fernet \u4f5c\u4e3a\u4ee4\u724c\u63d0\u4f9b\u8005\u3002 uuid \u4ee4\u724c\u5fc5\u987b\u6301\u4e45\u5316\uff0c\u5e76\u88ab\u89c6\u4e3a\u4e0d\u5b89\u5168\u3002 \u901a\u8fc7\uff1a \u5982\u679c section in /etc/keystone/keystone.conf \u4e0b\u7684 [token] \u53c2\u6570 provider \u503c\u8bbe\u7f6e\u4e3a fernet\u3002 \u5931\u8d25\uff1a \u5982\u679c section \u4e0b\u7684 [token] \u53c2\u6570 provider \u503c\u8bbe\u7f6e\u4e3a uuid\u3002 \u4eea\u8868\u677f \u00b6 Dashboard \uff08horizon\uff09 \u662f OpenStack \u4eea\u8868\u677f\uff0c\u5b83\u4e3a\u7528\u6237\u63d0\u4f9b\u4e86\u4e00\u4e2a\u81ea\u52a9\u670d\u52a1\u95e8\u6237\uff0c\u4ee5\u4fbf\u5728\u7ba1\u7406\u5458\u8bbe\u7f6e\u7684\u9650\u5236\u8303\u56f4\u5185\u914d\u7f6e\u81ea\u5df1\u7684\u8d44\u6e90\u3002\u5176\u4e2d\u5305\u62ec\u9884\u7f6e\u7528\u6237\u3001\u5b9a\u4e49\u5b9e\u4f8b\u53d8\u79cd\u3001\u4e0a\u4f20\u865a\u62df\u673a \uff08VM\uff09 \u6620\u50cf\u3001\u7ba1\u7406\u7f51\u7edc\u3001\u8bbe\u7f6e\u5b89\u5168\u7ec4\u3001\u542f\u52a8\u5b9e\u4f8b\u4ee5\u53ca\u901a\u8fc7\u63a7\u5236\u53f0\u8bbf\u95ee\u5b9e\u4f8b\u3002 \u4eea\u8868\u677f\u57fa\u4e8e Django Web \u6846\u67b6\uff0c\u786e\u4fdd Django \u7684\u5b89\u5168\u90e8\u7f72\u5b9e\u8df5\u76f4\u63a5\u5e94\u7528\u4e8e Horizon\u3002\u672c\u6307\u5357\u63d0\u4f9b\u4e86\u4e00\u7ec4 Django \u5b89\u5168\u5efa\u8bae\u3002\u66f4\u591a\u4fe1\u606f\u53ef\u4ee5\u901a\u8fc7\u9605\u8bfb Django \u6587\u6863\u627e\u5230\u3002 \u4eea\u8868\u677f\u9644\u5e26\u9ed8\u8ba4\u5b89\u5168\u8bbe\u7f6e\uff0c\u5e76\u5177\u6709\u90e8\u7f72\u548c\u914d\u7f6e\u6587\u6863\u3002 \u57df\u540d\u3001\u4eea\u8868\u677f\u5347\u7ea7\u548c\u57fa\u672c Web \u670d\u52a1\u5668\u914d\u7f6e \u57df\u540d \u57fa\u672c Web \u670d\u52a1\u5668\u914d\u7f6e \u5141\u8bb8\u7684\u4e3b\u673a \u6620\u50cf\u4e0a\u4f20 HTTPS\u3001HSTS\u3001XSS \u548c SSRF \u8de8\u7ad9\u70b9\u811a\u672c \uff08XSS\uff09 \u8de8\u7ad9\u70b9\u8bf7\u6c42\u4f2a\u9020 \uff08CSRF\uff09 \u8de8\u5e27\u811a\u672c \uff08XFS\uff09 HTTPS\u534f\u8bae HTTP \u4e25\u683c\u4f20\u8f93\u5b89\u5168 \uff08HSTS\uff09 \u524d\u7aef\u7f13\u5b58\u548c\u4f1a\u8bdd\u540e\u7aef \u524d\u7aef\u7f13\u5b58 \u4f1a\u8bdd\u540e\u7aef \u9759\u6001\u5a92\u4f53 \u5bc6\u7801 \u5bc6\u94a5 \u7f51\u7ad9\u6570\u636e \u8de8\u57df\u8d44\u6e90\u5171\u4eab \uff08CORS\uff09 \u8c03\u8bd5 \u68c0\u67e5\u8868 Check-Dashboard-01\uff1a\u7528\u6237/\u914d\u7f6e\u6587\u4ef6\u7ec4\u662f\u5426\u8bbe\u7f6e\u4e3a root/horizon\uff1f Check-Dashboard-02\uff1a\u662f\u5426\u4e3a Horizon \u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u6743\u9650\uff1f Check-Dashboard-03\uff1a\u53c2\u6570\u662f\u5426 DISALLOW_IFRAME_EMBED \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-04\uff1a\u53c2\u6570\u662f\u5426 CSRF_COOKIE_SECURE \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-05\uff1a\u53c2\u6570\u662f\u5426 SESSION_COOKIE_SECURE \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-06\uff1a\u53c2\u6570\u662f\u5426 SESSION_COOKIE_HTTPONLY \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-07\uff1a PASSWORD_AUTOCOMPLETE \u8bbe\u7f6e\u4e3a False \uff1f Check-Dashboard-08\uff1a DISABLE_PASSWORD_REVEAL \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-09\uff1a ENFORCE_PASSWORD_CHECK \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-10\uff1a\u662f\u5426 PASSWORD_VALIDATOR \u5df2\u914d\u7f6e\uff1f Check-Dashboard-11\uff1a\u662f\u5426 SECURE_PROXY_SSL_HEADER \u5df2\u914d\u7f6e\uff1f \u57df\u540d\u3001\u4eea\u8868\u677f\u5347\u7ea7\u548c\u57fa\u672c Web \u670d\u52a1\u5668\u914d\u7f6e \u00b6 \u57df\u540d \u00b6 \u8bb8\u591a\u7ec4\u7ec7\u901a\u5e38\u5728\u603b\u4f53\u7ec4\u7ec7\u57df\u7684\u5b50\u57df\u4e2d\u90e8\u7f72 Web \u5e94\u7528\u7a0b\u5e8f\u3002\u7528\u6237\u5f88\u81ea\u7136\u5730\u671f\u671b openstack.example.org .\u5728\u6b64\u4e0a\u4e0b\u6587\u4e2d\uff0c\u901a\u5e38\u5b58\u5728\u90e8\u7f72\u5728\u540c\u4e00\u4e2a\u4e8c\u7ea7\u547d\u540d\u7a7a\u95f4\u4e2d\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\u6b64\u540d\u79f0\u7ed3\u6784\u975e\u5e38\u65b9\u4fbf\uff0c\u5e76\u7b80\u5316\u4e86\u540d\u79f0\u670d\u52a1\u5668\u7684\u7ef4\u62a4\u3002 \u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\u5c06\u4eea\u8868\u677f\u90e8\u7f72\u5230\u4e8c\u7ea7\u57df\uff0c\u4f8b\u5982 \uff0c\u800c\u4e0d\u662f\u5728\u4efb\u4f55\u7ea7\u522b\u7684\u5171\u4eab\u5b50\u57df\u4e0a\u90e8\u7f72\u4eea\u8868\u677f\uff0c\u4f8b\u5982 https://example.com https://openstack.example.org \u6216 https://horizon.openstack.example.org \u3002\u6211\u4eec\u8fd8\u5efa\u8bae\u4e0d\u8981\u90e8\u7f72\u5230\u88f8\u5185\u90e8\u57df\uff0c\u4f8b\u5982 https://horizon/ .\u8fd9\u4e9b\u5efa\u8bae\u57fa\u4e8e\u6d4f\u89c8\u5668\u540c\u6e90\u7b56\u7565\u7684\u9650\u5236\u3002 \u5982\u679c\u5c06\u4eea\u8868\u677f\u90e8\u7f72\u5728\u8fd8\u6258\u7ba1\u7528\u6237\u751f\u6210\u5185\u5bb9\u7684\u57df\u4e2d\uff0c\u5219\u672c\u6307\u5357\u4e2d\u63d0\u4f9b\u7684\u5efa\u8bae\u65e0\u6cd5\u6709\u6548\u9632\u8303\u5df2\u77e5\u653b\u51fb\uff0c\u5373\u4f7f\u6b64\u5185\u5bb9\u9a7b\u7559\u5728\u5355\u72ec\u7684\u5b50\u57df\u4e2d\u4e5f\u662f\u5982\u6b64\u3002\u7528\u6237\u751f\u6210\u7684\u5185\u5bb9\u53ef\u4ee5\u5305\u542b\u4efb\u4f55\u7c7b\u578b\u7684\u811a\u672c\u3001\u56fe\u50cf\u6216\u4e0a\u4f20\u5185\u5bb9\u3002\u5927\u591a\u6570\u4e3b\u8981\u7684 Web \u5b58\u5728\uff08\u5305\u62ec googleusercontent.com\u3001fbcdn.com\u3001github.io \u548c twimg.co\uff09\u90fd\u4f7f\u7528\u8fd9\u79cd\u65b9\u6cd5\u5c06\u7528\u6237\u751f\u6210\u7684\u5185\u5bb9\u4e0e Cookie \u548c\u5b89\u5168\u4ee4\u724c\u9694\u79bb\u5f00\u6765\u3002 \u5982\u679c\u60a8\u4e0d\u9075\u5faa\u6709\u5173\u4e8c\u7ea7\u57df\u7684\u5efa\u8bae\uff0c\u8bf7\u907f\u514d\u4f7f\u7528 Cookie \u652f\u6301\u7684\u4f1a\u8bdd\u5b58\u50a8\uff0c\u5e76\u91c7\u7528 HTTP \u4e25\u683c\u4f20\u8f93\u5b89\u5168 \uff08HSTS\uff09\u3002\u5f53\u90e8\u7f72\u5728\u5b50\u57df\u4e0a\u65f6\uff0c\u4eea\u8868\u677f\u7684\u5b89\u5168\u6027\u7b49\u540c\u4e8e\u90e8\u7f72\u5728\u540c\u4e00\u4e8c\u7ea7\u57df\u4e0a\u7684\u5b89\u5168\u6027\u6700\u4f4e\u7684\u5e94\u7528\u7a0b\u5e8f\u3002 \u57fa\u672c\u7684 Web \u670d\u52a1\u5668\u914d\u7f6e \u00b6 \u4eea\u8868\u677f\u5e94\u90e8\u7f72\u4e3a HTTPS \u4ee3\u7406\uff08\u5982 Apache \u6216 Nginx\uff09\u540e\u9762\u7684 Web \u670d\u52a1\u7f51\u5173\u63a5\u53e3 \uff08WSGI\uff09 \u5e94\u7528\u7a0b\u5e8f\u3002\u5982\u679c Apache \u5c1a\u672a\u4f7f\u7528\uff0c\u6211\u4eec\u5efa\u8bae\u4f7f\u7528 Nginx\uff0c\u56e0\u4e3a\u5b83\u662f\u8f7b\u91cf\u7ea7\u7684\uff0c\u5e76\u4e14\u66f4\u5bb9\u6613\u6b63\u786e\u914d\u7f6e\u3002 \u4f7f\u7528 Nginx \u65f6\uff0c\u6211\u4eec\u5efa\u8bae gunicorn \u4f5c\u4e3a WSGI \u4e3b\u673a\uff0c\u5e76\u5177\u6709\u9002\u5f53\u6570\u91cf\u7684\u540c\u6b65\u5de5\u4f5c\u7ebf\u7a0b\u3002\u4f7f\u7528 Apache \u65f6\uff0c\u6211\u4eec\u5efa\u8bae mod_wsgi \u6258\u7ba1\u4eea\u8868\u677f\u3002 \u5141\u8bb8\u7684\u4e3b\u673a \u00b6 \u4f7f\u7528 OpenStack \u4eea\u8868\u677f\u63d0\u4f9b\u7684\u5b8c\u5168\u9650\u5b9a\u4e3b\u673a\u540d\u914d\u7f6e\u8bbe\u7f6e ALLOWED_HOSTS \u3002\u63d0\u4f9b\u6b64\u8bbe\u7f6e\u540e\uff0c\u5982\u679c\u4f20\u5165 HTTP \u8bf7\u6c42\u7684\u201cHost\uff1a\u201d\u6807\u5934\u4e2d\u7684\u503c\u4e0e\u6b64\u5217\u8868\u4e2d\u7684\u4efb\u4f55\u503c\u90fd\u4e0d\u5339\u914d\uff0c\u5219\u5c06\u5f15\u53d1\u9519\u8bef\uff0c\u5e76\u4e14\u8bf7\u6c42\u8005\u5c06\u65e0\u6cd5\u7ee7\u7eed\u3002\u5982\u679c\u672a\u80fd\u914d\u7f6e\u6b64\u9009\u9879\uff0c\u6216\u8005\u5728\u6307\u5b9a\u7684\u4e3b\u673a\u540d\u4e2d\u4f7f\u7528\u901a\u914d\u7b26\uff0c\u5c06\u5bfc\u81f4\u4eea\u8868\u677f\u5bb9\u6613\u53d7\u5230\u4e0e\u865a\u5047 HTTP \u4e3b\u673a\u6807\u5934\u5173\u8054\u7684\u5b89\u5168\u6f0f\u6d1e\u7684\u5f71\u54cd\u3002 \u6709\u5173\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 Django \u6587\u6863\u3002 Horizon \u955c\u50cf\u4e0a\u4f20 \u00b6 \u6211\u4eec\u5efa\u8bae\u5b9e\u65bd\u8005\u7981\u7528HORIZON_IMAGES_ALLOW_UPLOAD\uff0c\u9664\u975e\u4ed6\u4eec\u5df2\u5b9e\u65bd\u9632\u6b62\u8d44\u6e90\u8017\u5c3d\u548c\u62d2\u7edd\u670d\u52a1\u7684\u8ba1\u5212\u3002 HTTPS\u3001HSTS\u3001XSS \u548c SSRF \u00b6 \u8de8\u7ad9\u811a\u672c \uff08XSS\uff09 \u00b6 \u4e0e\u8bb8\u591a\u7c7b\u4f3c\u7684\u7cfb\u7edf\u4e0d\u540c\uff0cOpenStack \u4eea\u8868\u677f\u5141\u8bb8\u5728\u5927\u591a\u6570\u5b57\u6bb5\u4e2d\u4f7f\u7528\u6574\u4e2a Unicode \u5b57\u7b26\u96c6\u3002\u8fd9\u610f\u5473\u7740\u5f00\u53d1\u4eba\u5458\u72af\u9519\u8bef\u7684\u81ea\u7531\u5ea6\u8f83\u5c0f\uff0c\u8fd9\u4e9b\u9519\u8bef\u4e3a\u8de8\u7ad9\u70b9\u811a\u672c \uff08XSS\uff09 \u6253\u5f00\u4e86\u653b\u51fb\u5a92\u4ecb\u3002 Dashboard \u4e3a\u5f00\u53d1\u4eba\u5458\u63d0\u4f9b\u4e86\u907f\u514d\u521b\u5efa XSS \u6f0f\u6d1e\u7684\u5de5\u5177\uff0c\u4f46\u5b83\u4eec\u53ea\u6709\u5728\u5f00\u53d1\u4eba\u5458\u6b63\u786e\u4f7f\u7528\u5b83\u4eec\u65f6\u624d\u6709\u6548\u3002\u5ba1\u6838\u4efb\u4f55\u81ea\u5b9a\u4e49\u4eea\u8868\u677f\uff0c\u7279\u522b\u6ce8\u610f mark_safe \u51fd\u6570\u7684\u4f7f\u7528\u3001\u4e0e\u81ea\u5b9a\u4e49\u6a21\u677f\u6807\u8bb0\u7684\u4f7f\u7528 is_safe \u3001 safe \u6a21\u677f\u6807\u8bb0\u7684\u4f7f\u7528\u3001\u5173\u95ed\u81ea\u52a8\u8f6c\u4e49\u7684\u4efb\u4f55\u4f4d\u7f6e\uff0c\u4ee5\u53ca\u4efb\u4f55\u53ef\u80fd\u8bc4\u4f30\u4e0d\u5f53\u8f6c\u4e49\u6570\u636e\u7684 JavaScript\u3002 \u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020 \uff08CSRF\uff09 \u00b6 Django \u6709\u4e13\u95e8\u7684\u4e2d\u95f4\u4ef6\u7528\u4e8e\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020 \uff08CSRF\uff09\u3002\u6709\u5173\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 Django \u6587\u6863\u3002 OpenStack \u4eea\u8868\u677f\u65e8\u5728\u963b\u6b62\u5f00\u53d1\u4eba\u5458\u5728\u5f15\u5165\u7ebf\u7a0b\u65f6\u4f7f\u7528\u81ea\u5b9a\u4e49\u4eea\u8868\u677f\u5f15\u5165\u8de8\u7ad9\u70b9\u811a\u672c\u6f0f\u6d1e\u3002\u5e94\u5ba1\u6838\u4f7f\u7528\u591a\u4e2a JavaScript \u5b9e\u4f8b\u7684\u4eea\u8868\u677f\u662f\u5426\u5b58\u5728\u6f0f\u6d1e\uff0c\u4f8b\u5982\u4e0d\u5f53\u4f7f\u7528 @csrf_exempt \u88c5\u9970\u5668\u3002\u5728\u653e\u5bbd\u9650\u5236\u4e4b\u524d\uff0c\u5e94\u4ed4\u7ec6\u8bc4\u4f30\u4efb\u4f55\u4e0d\u9075\u5faa\u8fd9\u4e9b\u5efa\u8bae\u7684\u5b89\u5168\u8bbe\u7f6e\u7684\u4eea\u8868\u677f\u3002 \u8de8\u5e27\u811a\u672c \uff08XFS\uff09 \u00b6 \u4f20\u7edf\u6d4f\u89c8\u5668\u4ecd\u7136\u5bb9\u6613\u53d7\u5230\u8de8\u5e27\u811a\u672c \uff08XFS\uff09 \u6f0f\u6d1e\u7684\u653b\u51fb\uff0c\u56e0\u6b64 OpenStack \u4eea\u8868\u677f\u63d0\u4f9b\u4e86\u4e00\u4e2a\u9009\u9879 DISALLOW_IFRAME_EMBED \uff0c\u5141\u8bb8\u5728\u90e8\u7f72\u4e2d\u4e0d\u4f7f\u7528 iframe \u7684\u60c5\u51b5\u4e0b\u8fdb\u884c\u989d\u5916\u7684\u5b89\u5168\u5f3a\u5316\u3002 HTTPS \u51fd\u6570 \u00b6 \u4f7f\u7528\u6765\u81ea\u516c\u8ba4\u7684\u8bc1\u4e66\u9881\u53d1\u673a\u6784 \uff08CA\uff09 \u7684\u6709\u6548\u53d7\u4fe1\u4efb\u8bc1\u4e66\uff0c\u5c06\u4eea\u8868\u677f\u90e8\u7f72\u5728\u5b89\u5168 HTTPS \u670d\u52a1\u5668\u540e\u9762\u3002\u4ec5\u5f53\u4fe1\u4efb\u6839\u9884\u5b89\u88c5\u5728\u6240\u6709\u7528\u6237\u6d4f\u89c8\u5668\u4e2d\u65f6\uff0c\u79c1\u6709\u7ec4\u7ec7\u9881\u53d1\u7684\u8bc1\u4e66\u624d\u9002\u7528\u3002 \u914d\u7f6e\u5bf9\u4eea\u8868\u677f\u57df\u7684 HTTP \u8bf7\u6c42\uff0c\u4ee5\u91cd\u5b9a\u5411\u5230\u5b8c\u5168\u9650\u5b9a\u7684 HTTPS URL\u3002 HTTP \u4e25\u683c\u4f20\u8f93\u5b89\u5168 \uff08HSTS\uff09 \u00b6 \u5f3a\u70c8\u5efa\u8bae\u4f7f\u7528 HTTP \u4e25\u683c\u4f20\u8f93\u5b89\u5168 \uff08HSTS\uff09\u3002 \u6ce8\u610f \u5982\u679c\u60a8\u5728 Web \u670d\u52a1\u5668\u524d\u9762\u4f7f\u7528 HTTPS \u4ee3\u7406\uff0c\u800c\u4e0d\u662f\u4f7f\u7528\u5177\u6709 HTTPS \u529f\u80fd\u7684 HTTP \u670d\u52a1\u5668\uff0c\u8bf7\u4fee\u6539\u8be5 `SECURE_PROXY_SSL_HEADER` \u53d8\u91cf\u3002\u6709\u5173\u4fee\u6539 `SECURE_PROXY_SSL_HEADER` \u53d8\u91cf\u7684\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 Django \u6587\u6863\u3002 \u6709\u5173 HTTPS \u914d\u7f6e\uff08\u5305\u62ec HSTS \u914d\u7f6e\uff09\u7684\u66f4\u5177\u4f53\u5efa\u8bae\u548c\u670d\u52a1\u5668\u914d\u7f6e\uff0c\u8bf7\u53c2\u9605\u201c\u5b89\u5168\u901a\u4fe1\u201d\u4e00\u7ae0\u3002 \u524d\u7aef\u7f13\u5b58\u548c\u4f1a\u8bdd\u540e\u7aef \u00b6 \u524d\u7aef\u7f13\u5b58 \u00b6 \u6211\u4eec\u4e0d\u5efa\u8bae\u5728\u4eea\u8868\u677f\u4e2d\u4f7f\u7528\u524d\u7aef\u7f13\u5b58\u5de5\u5177\u3002\u4eea\u8868\u677f\u6b63\u5728\u6e32\u67d3\u76f4\u63a5\u7531 OpenStack API \u8bf7\u6c42\u751f\u6210\u7684\u52a8\u6001\u5185\u5bb9\uff0c\u524d\u7aef\u7f13\u5b58\u5c42\uff08\u5982 varnish\uff09\u53ef\u80fd\u4f1a\u963b\u6b62\u663e\u793a\u6b63\u786e\u7684\u5185\u5bb9\u3002\u5728 Django \u4e2d\uff0c\u9759\u6001\u5a92\u4f53\u76f4\u63a5\u4ece Apache \u6216 Nginx \u63d0\u4f9b\uff0c\u5e76\u4e14\u5df2\u7ecf\u53d7\u76ca\u4e8e Web \u4e3b\u673a\u7f13\u5b58\u3002 \u4f1a\u8bdd\u540e\u7aef \u00b6 Horizon \u7684\u9ed8\u8ba4\u4f1a\u8bdd\u540e\u7aef django.contrib.sessions.backends.signed_cookies \u5c06\u7528\u6237\u6570\u636e\u4fdd\u5b58\u5728\u6d4f\u89c8\u5668\u4e2d\u5b58\u50a8\u7684\u5df2\u7b7e\u540d\u4f46\u672a\u52a0\u5bc6\u7684 Cookie \u4e2d\u3002\u7531\u4e8e\u6bcf\u4e2a\u4eea\u8868\u677f\u5b9e\u4f8b\u90fd\u662f\u65e0\u72b6\u6001\u7684\uff0c\u56e0\u6b64\u524d\u9762\u63d0\u5230\u7684\u65b9\u6cd5\u63d0\u4f9b\u4e86\u5b9e\u73b0\u6700\u7b80\u5355\u7684\u4f1a\u8bdd\u540e\u7aef\u6269\u5c55\u7684\u80fd\u529b\u3002 \u5e94\u8be5\u6ce8\u610f\u7684\u662f\uff0c\u5728\u8fd9\u79cd\u7c7b\u578b\u7684\u5b9e\u73b0\u4e2d\uff0c\u654f\u611f\u7684\u8bbf\u95ee\u4ee4\u724c\u5c06\u5b58\u50a8\u5728\u6d4f\u89c8\u5668\u4e2d\uff0c\u5e76\u5c06\u968f\u7740\u6bcf\u4e2a\u8bf7\u6c42\u7684\u53d1\u51fa\u800c\u4f20\u8f93\u3002\u540e\u7aef\u786e\u4fdd\u4f1a\u8bdd\u6570\u636e\u7684\u5b8c\u6574\u6027\uff0c\u5373\u4f7f\u4f20\u8f93\u7684\u6570\u636e\u4ec5\u901a\u8fc7 HTTPS \u52a0\u5bc6\u3002 \u5982\u679c\u60a8\u7684\u67b6\u6784\u5141\u8bb8\u5171\u4eab\u5b58\u50a8\uff0c\u5e76\u4e14\u60a8\u6b63\u786e\u914d\u7f6e\u4e86\u7f13\u5b58\uff0c\u6211\u4eec\u5efa\u8bae\u60a8\u5c06\u5176\u8bbe\u7f6e\u4e3a SESSION_ENGINE django.contrib.sessions.backends.cache \u5e76\u7528\u4f5c\u57fa\u4e8e\u7f13\u5b58\u7684\u4f1a\u8bdd\u540e\u7aef\uff0c\u5e76\u5c06 memcached \u4f5c\u4e3a\u7f13\u5b58\u3002Memcached \u662f\u4e00\u79cd\u9ad8\u6548\u7684\u5185\u5b58\u952e\u503c\u5b58\u50a8\uff0c\u7528\u4e8e\u5b58\u50a8\u6570\u636e\u5757\uff0c\u53ef\u5728\u9ad8\u53ef\u7528\u6027\u548c\u5206\u5e03\u5f0f\u73af\u5883\u4e2d\u4f7f\u7528\uff0c\u5e76\u4e14\u6613\u4e8e\u914d\u7f6e\u3002\u4f46\u662f\uff0c\u60a8\u9700\u8981\u786e\u4fdd\u6ca1\u6709\u6570\u636e\u6cc4\u6f0f\u3002Memcached \u5229\u7528\u5907\u7528 RAM \u6765\u5b58\u50a8\u7ecf\u5e38\u8bbf\u95ee\u7684\u6570\u636e\u5757\uff0c\u5c31\u50cf\u91cd\u590d\u8bbf\u95ee\u4fe1\u606f\u7684\u5185\u5b58\u7f13\u5b58\u4e00\u6837\u3002\u7531\u4e8e memcached \u4f7f\u7528\u672c\u5730\u5185\u5b58\uff0c\u56e0\u6b64\u4e0d\u4f1a\u4ea7\u751f\u6570\u636e\u5e93\u548c\u6587\u4ef6\u7cfb\u7edf\u4f7f\u7528\u5f00\u9500\uff0c\u4ece\u800c\u5bfc\u81f4\u76f4\u63a5\u4ece RAM \u800c\u4e0d\u662f\u4ece\u78c1\u76d8\u8bbf\u95ee\u6570\u636e\u3002 \u6211\u4eec\u5efa\u8bae\u4f7f\u7528 memcached \u800c\u4e0d\u662f\u672c\u5730\u5185\u5b58\u7f13\u5b58\uff0c\u56e0\u4e3a\u5b83\u901f\u5ea6\u5feb\uff0c\u6570\u636e\u4fdd\u7559\u65f6\u95f4\u66f4\u957f\uff0c\u591a\u8fdb\u7a0b\u5b89\u5168\uff0c\u5e76\u4e14\u80fd\u591f\u5728\u591a\u4e2a\u670d\u52a1\u5668\u4e0a\u5171\u4eab\u7f13\u5b58\uff0c\u4f46\u4ecd\u5c06\u5176\u89c6\u4e3a\u5355\u4e2a\u7f13\u5b58\u3002 \u8981\u542f\u7528 memcached\uff0c\u8bf7\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache' } \u6709\u5173\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 Django \u6587\u6863\u3002 \u9759\u6001\u5a92\u4f53 \u00b6 \u4eea\u8868\u677f\u7684\u9759\u6001\u5a92\u4f53\u5e94\u90e8\u7f72\u5230\u4eea\u8868\u677f\u57df\u7684\u5b50\u57df\uff0c\u5e76\u7531 Web \u670d\u52a1\u5668\u63d0\u4f9b\u670d\u52a1\u3002\u4f7f\u7528\u5916\u90e8\u5185\u5bb9\u5206\u53d1\u7f51\u7edc \uff08CDN\uff09 \u4e5f\u662f\u53ef\u4ee5\u63a5\u53d7\u7684\u3002\u6b64\u5b50\u57df\u4e0d\u5e94\u8bbe\u7f6e Cookie \u6216\u63d0\u4f9b\u7528\u6237\u63d0\u4f9b\u7684\u5185\u5bb9\u3002\u5a92\u4f53\u4e5f\u5e94\u4f7f\u7528 HTTPS \u63d0\u4f9b\u3002 Django \u5a92\u4f53\u8bbe\u7f6e\u8bb0\u5f55\u5728 Django \u6587\u6863\u4e2d\u3002 Dashboard \u7684\u9ed8\u8ba4\u914d\u7f6e\u4f7f\u7528 django_compressor \u6765\u538b\u7f29\u548c\u7f29\u5c0f CSS \u548c JavaScript \u5185\u5bb9\uff0c\u7136\u540e\u518d\u63d0\u4f9b\u8fd9\u4e9b\u5185\u5bb9\u3002\u6b64\u8fc7\u7a0b\u5e94\u5728\u90e8\u7f72\u4eea\u8868\u677f\u4e4b\u524d\u9759\u6001\u5b8c\u6210\uff0c\u800c\u4e0d\u662f\u4f7f\u7528\u9ed8\u8ba4\u7684\u8bf7\u6c42\u5185\u52a8\u6001\u538b\u7f29\uff0c\u5e76\u5c06\u751f\u6210\u7684\u6587\u4ef6\u4e0e\u5df2\u90e8\u7f72\u7684\u4ee3\u7801\u4e00\u8d77\u590d\u5236\u5230 CDN \u670d\u52a1\u5668\u3002\u538b\u7f29\u5e94\u5728\u975e\u751f\u4ea7\u751f\u6210\u73af\u5883\u4e2d\u5b8c\u6210\u3002\u5982\u679c\u8fd9\u4e0d\u53ef\u884c\uff0c\u6211\u4eec\u5efa\u8bae\u5b8c\u5168\u7981\u7528\u8d44\u6e90\u538b\u7f29\u3002\u4e0d\u5e94\u5728\u751f\u4ea7\u8ba1\u7b97\u673a\u4e0a\u5b89\u88c5\u8054\u673a\u538b\u7f29\u4f9d\u8d56\u9879\uff08\u8f83\u5c11\uff0cNode.js\uff09\u3002 \u5bc6\u7801 \u00b6 \u5bc6\u7801\u7ba1\u7406\u5e94\u8be5\u662f\u4e91\u7ba1\u7406\u8ba1\u5212\u4e0d\u53ef\u6216\u7f3a\u7684\u4e00\u90e8\u5206\u3002\u5173\u4e8e\u5bc6\u7801\u7684\u6743\u5a01\u6559\u7a0b\u8d85\u51fa\u4e86\u672c\u4e66\u7684\u8303\u56f4;\u4f46\u662f\uff0c\u4e91\u7ba1\u7406\u5458\u5e94\u53c2\u8003 NIST \u4f01\u4e1a\u5bc6\u7801\u7ba1\u7406\u7279\u522b\u51fa\u7248\u7269\u6307\u5357\u7b2c 4 \u7ae0\u4e2d\u63a8\u8350\u7684\u6700\u4f73\u5b9e\u8df5\u3002 \u65e0\u8bba\u662f\u901a\u8fc7\u4eea\u8868\u677f\u8fd8\u662f\u5176\u4ed6\u5e94\u7528\u7a0b\u5e8f\uff0c\u57fa\u4e8e\u6d4f\u89c8\u5668\u7684 OpenStack \u4e91\u8bbf\u95ee\u90fd\u4f1a\u5f15\u5165\u989d\u5916\u7684\u6ce8\u610f\u4e8b\u9879\u3002\u73b0\u4ee3\u6d4f\u89c8\u5668\u90fd\u652f\u6301\u67d0\u79cd\u5f62\u5f0f\u7684\u5bc6\u7801\u5b58\u50a8\u548c\u81ea\u52a8\u586b\u5145\u8bb0\u4f4f\u7684\u7ad9\u70b9\u7684\u51ed\u636e\u3002\u8fd9\u5728\u4f7f\u7528\u4e0d\u5bb9\u6613\u8bb0\u4f4f\u6216\u952e\u5165\u7684\u5f3a\u5bc6\u7801\u65f6\u975e\u5e38\u6709\u7528\uff0c\u4f46\u5982\u679c\u5ba2\u6237\u7aef\u7684\u7269\u7406\u5b89\u5168\u6027\u53d7\u5230\u5a01\u80c1\uff0c\u53ef\u80fd\u4f1a\u5bfc\u81f4\u6d4f\u89c8\u5668\u6210\u4e3a\u8584\u5f31\u73af\u8282\u3002\u5982\u679c\u6d4f\u89c8\u5668\u7684\u5bc6\u7801\u5b58\u50a8\u672c\u8eab\u4e0d\u53d7\u5f3a\u5bc6\u7801\u4fdd\u62a4\uff0c\u6216\u8005\u5982\u679c\u5141\u8bb8\u5bc6\u7801\u5b58\u50a8\u5728\u4f1a\u8bdd\u671f\u95f4\u4fdd\u6301\u89e3\u9501\u72b6\u6001\uff0c\u5219\u5f88\u5bb9\u6613\u83b7\u5f97\u5bf9\u7cfb\u7edf\u7684\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002 KeePassX \u548c Password Safe \u7b49\u5bc6\u7801\u7ba1\u7406\u5e94\u7528\u7a0b\u5e8f\u975e\u5e38\u6709\u7528\uff0c\u56e0\u4e3a\u5927\u591a\u6570\u5e94\u7528\u7a0b\u5e8f\u90fd\u652f\u6301\u751f\u6210\u5f3a\u5bc6\u7801\u548c\u5b9a\u671f\u63d0\u9192\u751f\u6210\u65b0\u5bc6\u7801\u3002\u6700\u91cd\u8981\u7684\u662f\uff0c\u5bc6\u7801\u5b58\u50a8\u4ec5\u77ed\u6682\u4fdd\u6301\u89e3\u9501\u72b6\u6001\uff0c\u4ece\u800c\u964d\u4f4e\u4e86\u5bc6\u7801\u6cc4\u9732\u548c\u901a\u8fc7\u6d4f\u89c8\u5668\u6216\u7cfb\u7edf\u5165\u4fb5\u8fdb\u884c\u672a\u7ecf\u6388\u6743\u7684\u8d44\u6e90\u8bbf\u95ee\u7684\u98ce\u9669\u3002 \u5bc6\u94a5 \u00b6 \u4eea\u8868\u677f\u4f9d\u8d56\u4e8e\u67d0\u4e9b\u5b89\u5168\u529f\u80fd\u7684\u5171\u4eab SECRET_KEY \u8bbe\u7f6e\u3002\u5bc6\u94a5\u5e94\u4e3a\u968f\u673a\u751f\u6210\u7684\u5b57\u7b26\u4e32\uff0c\u957f\u5ea6\u81f3\u5c11\u4e3a 64 \u4e2a\u5b57\u7b26\uff0c\u5fc5\u987b\u5728\u6240\u6709\u6d3b\u52a8\u4eea\u8868\u677f\u5b9e\u4f8b\u4e4b\u95f4\u5171\u4eab\u3002\u6cc4\u9732\u6b64\u5bc6\u94a5\u53ef\u80fd\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u8f6e\u6362\u6b64\u5bc6\u94a5\u4f1a\u4f7f\u73b0\u6709\u7528\u6237\u4f1a\u8bdd\u548c\u7f13\u5b58\u5931\u6548\u3002\u8bf7\u52ff\u5c06\u6b64\u5bc6\u94a5\u63d0\u4ea4\u5230\u516c\u5171\u5b58\u50a8\u5e93\u3002 Cookies \u00b6 \u4f1a\u8bddCookies\u5e94\u8bbe\u7f6e\u4e3a HTTPONLY\uff1a SESSION_COOKIE_HTTPONLY = True \u5207\u52ff\u5c06 CSRF \u6216\u4f1a\u8bdd Cookie \u914d\u7f6e\u4e3a\u5177\u6709\u5e26\u524d\u5bfc\u70b9\u7684\u901a\u914d\u7b26\u57df\u3002\u4f7f\u7528 HTTPS \u90e8\u7f72\u65f6\uff0c\u5e94\u4fdd\u62a4 Horizon \u7684\u4f1a\u8bdd\u548c CSRF Cookie\uff1a CSRF_COOKIE_SECURE = True SESSION_COOKIE_SECURE = True \u8de8\u57df\u8d44\u6e90\u5171\u4eab \uff08CORS\uff09 \u00b6 \u5c06 Web \u670d\u52a1\u5668\u914d\u7f6e\u4e3a\u5728\u6bcf\u6b21\u54cd\u5e94\u65f6\u53d1\u9001\u9650\u5236\u6027 CORS \u6807\u5934\uff0c\u4ec5\u5141\u8bb8\u4eea\u8868\u677f\u57df\u548c\u534f\u8bae\uff1a Access-Control-Allow-Origin: https://example.com/ \u6c38\u8fdc\u4e0d\u5141\u8bb8\u901a\u914d\u7b26\u6765\u6e90\u3002 \u8c03\u8bd5 \u00b6 \u5efa\u8bae\u5728\u751f\u4ea7\u73af\u5883\u4e2d\u5c06 DEBUG \u8be5\u8bbe\u7f6e\u8bbe\u7f6e\u4e3a False \u3002\u5982\u679c DEBUG \u8bbe\u7f6e\u4e3a True\uff0c\u5219\u5f53\u629b\u51fa\u5f02\u5e38\u65f6\uff0cDjango \u5c06\u663e\u793a\u5806\u6808\u8ddf\u8e2a\u548c\u654f\u611f\u7684 Web \u670d\u52a1\u5668\u72b6\u6001\u4fe1\u606f\u3002 \u68c0\u67e5\u8868 \u00b6 Check-Dashboard-01\uff1a\u7528\u6237/\u914d\u7f6e\u6587\u4ef6\u7ec4\u662f\u5426\u8bbe\u7f6e\u4e3a root/horizon\uff1f \u00b6 \u914d\u7f6e\u6587\u4ef6\u5305\u542b\u7ec4\u4ef6\u5e73\u7a33\u8fd0\u884c\u6240\u9700\u7684\u5173\u952e\u53c2\u6570\u548c\u4fe1\u606f\u3002\u5982\u679c\u975e\u7279\u6743\u7528\u6237\u6709\u610f\u6216\u65e0\u610f\u5730\u4fee\u6539\u6216\u5220\u9664\u4efb\u4f55\u53c2\u6570\u6216\u6587\u4ef6\u672c\u8eab\uff0c\u5219\u4f1a\u5bfc\u81f4\u4e25\u91cd\u7684\u53ef\u7528\u6027\u95ee\u9898\uff0c\u4ece\u800c\u5bfc\u81f4\u5bf9\u5176\u4ed6\u6700\u7ec8\u7528\u6237\u7684\u62d2\u7edd\u670d\u52a1\u3002\u56e0\u6b64\uff0c\u6b64\u7c7b\u5173\u952e\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a root\uff0c\u7ec4\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a horizon\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%U %G\" /etc/openstack-dashboard/local_settings.py | egrep \"root horizon\" \u901a\u8fc7\uff1a\u5982\u679c\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u5206\u522b\u8bbe\u7f6e\u4e3a root \u548c horizon\u3002\u4e0a\u9762\u7684\u547d\u4ee4\u663e\u793a\u4e86\u6839\u5730\u5e73\u7ebf\u7684\u8f93\u51fa\u3002 \u5931\u8d25\uff1a\u5982\u679c\u4e0a\u8ff0\u547d\u4ee4\u672a\u8fd4\u56de\u4efb\u4f55\u8f93\u51fa\uff0c\u56e0\u4e3a\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u53ef\u80fd\u5df2\u8bbe\u7f6e\u4e3a\u9664 root \u4ee5\u5916\u7684\u4efb\u4f55\u7528\u6237\u6216\u9664 Horizon \u4ee5\u5916\u7684\u4efb\u4f55\u7ec4\u3002 Check-Dashboard-02\uff1a\u662f\u5426\u4e3a Horizon \u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u6743\u9650\uff1f \u00b6 \u4e0e\u524d\u9762\u7684\u68c0\u67e5\u7c7b\u4f3c\uff0c\u5efa\u8bae\u5bf9\u6b64\u7c7b\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e25\u683c\u7684\u8bbf\u95ee\u6743\u9650\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%a\" /etc/openstack-dashboard/local_settings.py \u901a\u8fc7\uff1a\u5982\u679c\u6743\u9650\u8bbe\u7f6e\u4e3a 640 \u6216\u66f4\u4e25\u683c\u3002640 \u7684\u6743\u9650\u8f6c\u6362\u4e3a\u6240\u6709\u8005 r/w\u3001\u7ec4 r\uff0c\u800c\u5bf9\u5176\u4ed6\u4eba\u6ca1\u6709\u6743\u9650\uff0c\u5373\u201cu=rw\uff0cg=r\uff0co=\u201d\u3002\u8bf7\u6ce8\u610f\uff0c\u4f7f\u7528 Check-Dashboard-01 \u65f6\uff1a\u7528\u6237/\u914d\u7f6e\u6587\u4ef6\u7ec4\u662f\u5426\u8bbe\u7f6e\u4e3a root/horizon\uff1f\u6743\u9650\u8bbe\u7f6e\u4e3a 640\uff0c\u5219 root \u7528\u6237\u5177\u6709\u8bfb/\u5199\u8bbf\u95ee\u6743\u9650\uff0cHorizon \u5177\u6709\u5bf9\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u8bfb\u53d6\u8bbf\u95ee\u6743\u9650\u3002\u4e5f\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u9a8c\u8bc1\u8bbf\u95ee\u6743\u9650\u3002\u4ec5\u5f53\u6b64\u547d\u4ee4\u652f\u6301 ACL \u65f6\uff0c\u5b83\u624d\u5728\u60a8\u7684\u7cfb\u7edf\u4e0a\u53ef\u7528\u3002 $ getfacl --tabular -a /etc/openstack-dashboard/local_settings.py getfacl: Removing leading '/' from absolute path names # file: etc/openstack-dashboard/local_settings.py USER root rw- GROUP horizon r-- mask r-- other --- \u5931\u8d25\uff1a\u5982\u679c\u6743\u9650\u672a\u8bbe\u7f6e\u4e3a\u81f3\u5c11 640\u3002 Check-Dashboard-03\uff1a\u53c2\u6570\u662f\u5426 DISALLOW_IFRAME_EMBED \u8bbe\u7f6e\u4e3a True \uff1f \u00b6 DISALLOW_IFRAME_EMBED \u53ef\u7528\u4e8e\u9632\u6b62 OpenStack Dashboard \u5d4c\u5165\u5230 iframe \u4e2d\u3002 \u65e7\u7248\u6d4f\u89c8\u5668\u4ecd\u7136\u5bb9\u6613\u53d7\u5230\u8de8\u5e27\u811a\u672c \uff08XFS\uff09 \u6f0f\u6d1e\u7684\u5f71\u54cd\uff0c\u56e0\u6b64\u6b64\u9009\u9879\u5141\u8bb8\u5728\u90e8\u7f72\u4e2d\u672a\u4f7f\u7528 iframe \u7684\u60c5\u51b5\u4e0b\u8fdb\u884c\u989d\u5916\u7684\u5b89\u5168\u5f3a\u5316\u3002 \u9ed8\u8ba4\u8bbe\u7f6e\u4e3a True\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 DISALLOW_IFRAME_EMBED in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a True \u3002 \u5931\u8d25\uff1a\u5982\u679c\u53c2\u6570 DISALLOW_IFRAME_EMBED in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a False \u3002 \u63a8\u8350\u7528\u4e8e\uff1aHTTPS\u3001HSTS\u3001XSS \u548c SSRF\u3002 Check-Dashboard-04\uff1a\u53c2\u6570\u662f\u5426 CSRF_COOKIE_SECURE \u8bbe\u7f6e\u4e3a True \uff1f \u00b6 CSRF\uff08\u8de8\u7ad9\u70b9\u8bf7\u6c42\u4f2a\u9020\uff09\u662f\u4e00\u79cd\u653b\u51fb\uff0c\u5b83\u8feb\u4f7f\u6700\u7ec8\u7528\u6237\u5728\u4ed6/\u5979\u5f53\u524d\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684 Web \u5e94\u7528\u7a0b\u5e8f\u4e0a\u6267\u884c\u672a\u7ecf\u6388\u6743\u7684\u547d\u4ee4\u3002\u6210\u529f\u7684 CSRF \u6f0f\u6d1e\u53ef\u80fd\u4f1a\u5371\u53ca\u6700\u7ec8\u7528\u6237\u7684\u6570\u636e\u548c\u64cd\u4f5c\u3002\u5982\u679c\u76ee\u6807\u6700\u7ec8\u7528\u6237\u5177\u6709\u7ba1\u7406\u5458\u6743\u9650\uff0c\u8fd9\u53ef\u80fd\u4f1a\u5371\u53ca\u6574\u4e2a Web \u5e94\u7528\u7a0b\u5e8f\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 CSRF_COOKIE_SECURE in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a True \u3002 \u5931\u8d25\uff1a\u5982\u679c\u53c2\u6570 CSRF_COOKIE_SECURE in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a False \u3002 \u63a8\u8350\u4e8e\uff1aCookies\u3002 Check-Dashboard-05\uff1a\u53c2\u6570\u662f\u5426 SESSION_COOKIE_SECURE \u8bbe\u7f6e\u4e3a True \uff1f \u00b6 \u201cSECURE\u201dcookie \u5c5e\u6027\u6307\u793a Web \u6d4f\u89c8\u5668\u4ec5\u901a\u8fc7\u52a0\u5bc6\u7684 HTTPS \uff08SSL/TLS\uff09 \u8fde\u63a5\u53d1\u9001 cookie\u3002\u6b64\u4f1a\u8bdd\u4fdd\u62a4\u673a\u5236\u662f\u5f3a\u5236\u6027\u7684\uff0c\u4ee5\u9632\u6b62\u901a\u8fc7 MitM\uff08\u4e2d\u95f4\u4eba\uff09\u653b\u51fb\u6cc4\u9732\u4f1a\u8bdd ID\u3002\u5b83\u786e\u4fdd\u653b\u51fb\u8005\u65e0\u6cd5\u7b80\u5355\u5730\u4ece Web \u6d4f\u89c8\u5668\u6d41\u91cf\u4e2d\u6355\u83b7\u4f1a\u8bdd ID\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 SESSION_COOKIE_SECURE in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a True \u3002 \u5931\u8d25\uff1a\u5982\u679c\u53c2\u6570 SESSION_COOKIE_SECURE in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a False \u3002 \u63a8\u8350\u4e8e\uff1aCookies\u3002 Check-Dashboard-06\uff1a\u53c2\u6570\u662f\u5426 SESSION_COOKIE_HTTPONLY \u8bbe\u7f6e\u4e3a True \uff1f \u00b6 \u201cHTTPONLY\u201dcookie \u5c5e\u6027\u6307\u793a Web \u6d4f\u89c8\u5668\u4e0d\u5141\u8bb8\u811a\u672c\uff08\u4f8b\u5982 JavaScript \u6216 VBscript\uff09\u901a\u8fc7 DOM document.cookie \u5bf9\u8c61\u8bbf\u95ee cookie\u3002\u6b64\u4f1a\u8bdd ID \u4fdd\u62a4\u662f\u5fc5\u9700\u7684\uff0c\u4ee5\u9632\u6b62\u901a\u8fc7 XSS \u653b\u51fb\u7a83\u53d6\u4f1a\u8bdd ID\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 SESSION_COOKIE_HTTPONLY in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a True \u3002 \u5931\u8d25\uff1a\u5982\u679c\u53c2\u6570 SESSION_COOKIE_HTTPONLY in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a False \u3002 \u63a8\u8350\u4e8e\uff1aCookies\u3002 Check-Dashboard-07\uff1a PASSWORD_AUTOCOMPLETE \u8bbe\u7f6e\u4e3a False \uff1f \u00b6 \u5e94\u7528\u7a0b\u5e8f\u7528\u4e8e\u4e3a\u7528\u6237\u63d0\u4f9b\u4fbf\u5229\u7684\u5e38\u89c1\u529f\u80fd\u662f\u5c06\u5bc6\u7801\u672c\u5730\u7f13\u5b58\u5728\u6d4f\u89c8\u5668\u4e2d\uff08\u5728\u5ba2\u6237\u7aef\u8ba1\u7b97\u673a\u4e0a\uff09\uff0c\u5e76\u5728\u6240\u6709\u540e\u7eed\u8bf7\u6c42\u4e2d\u201c\u9884\u5148\u952e\u5165\u201d\u3002\u867d\u7136\u6b64\u529f\u80fd\u5bf9\u666e\u901a\u7528\u6237\u6765\u8bf4\u975e\u5e38\u53cb\u597d\uff0c\u4f46\u540c\u65f6\uff0c\u5b83\u5f15\u5165\u4e86\u4e00\u4e2a\u7f3a\u9677\uff0c\u56e0\u4e3a\u5728\u5ba2\u6237\u7aef\u8ba1\u7b97\u673a\u4e0a\u4f7f\u7528\u76f8\u540c\u5e10\u6237\u7684\u4efb\u4f55\u4eba\u90fd\u53ef\u4ee5\u8f7b\u677e\u8bbf\u95ee\u7528\u6237\u5e10\u6237\uff0c\u4ece\u800c\u53ef\u80fd\u5bfc\u81f4\u7528\u6237\u5e10\u6237\u53d7\u635f\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 PASSWORD_AUTOCOMPLETE in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a off \u3002 \u5931\u8d25\uff1a\u5982\u679c\u53c2\u6570 PASSWORD_AUTOCOMPLETE in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a on \u3002 Check-Dashboard-08\uff1a DISABLE_PASSWORD_REVEAL \u8bbe\u7f6e\u4e3a True \uff1f \u00b6 \u4e0e\u4e4b\u524d\u7684\u68c0\u67e5\u7c7b\u4f3c\uff0c\u5efa\u8bae\u4e0d\u8981\u663e\u793a\u5bc6\u7801\u5b57\u6bb5\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 DISABLE_PASSWORD_REVEAL in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a True \u3002 \u5931\u8d25\uff1a\u5982\u679c\u53c2\u6570 DISABLE_PASSWORD_REVEAL in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a False \u3002 \u6ce8\u610f \u6b64\u9009\u9879\u662f\u5728 Kilo \u7248\u672c\u4e2d\u5f15\u5165\u7684\u3002 Check-Dashboard-09\uff1a ENFORCE_PASSWORD_CHECK \u8bbe\u7f6e\u4e3a True \uff1f \u00b6 \u8bbe\u7f6e\u4e3a ENFORCE_PASSWORD_CHECK True \u5c06\u5728\u201c\u66f4\u6539\u5bc6\u7801\u201d\u7a97\u4f53\u4e0a\u663e\u793a\u201c\u7ba1\u7406\u5458\u5bc6\u7801\u201d\u5b57\u6bb5\uff0c\u4ee5\u9a8c\u8bc1\u662f\u5426\u786e\u5b9e\u662f\u7ba1\u7406\u5458\u767b\u5f55\u7684\u8981\u66f4\u6539\u5bc6\u7801\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 ENFORCE_PASSWORD_CHECK in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a True \u3002 \u5931\u8d25\uff1a\u5982\u679c\u53c2\u6570 ENFORCE_PASSWORD_CHECK in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a False \u3002 Check-Dashboard-10\uff1a\u662f\u5426 PASSWORD_VALIDATOR \u5df2\u914d\u7f6e\uff1f \u00b6 \u5141\u8bb8\u6b63\u5219\u8868\u8fbe\u5f0f\u9a8c\u8bc1\u7528\u6237\u5bc6\u7801\u7684\u590d\u6742\u6027\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 PASSWORD_VALIDATOR in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a defaul \u4e4b\u5916\u7684\u4efb\u4f55\u503c\uff0c\u5219\u5141\u8bb8\u6240\u6709 \u201cregex\u201d\uff1a '.*'\uff0c \u5931\u8d25\uff1a\u5982\u679c\u53c2\u6570 PASSWORD_VALIDATOR in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a\u5141\u8bb8\u6240\u6709 \u201cregex\u201d\uff1a '.*' Check-Dashboard-11\uff1a\u662f\u5426 SECURE_PROXY_SSL_HEADER \u5df2\u914d\u7f6e\uff1f \u00b6 \u5982\u679c OpenStack Dashboard \u90e8\u7f72\u5728\u4ee3\u7406\u540e\u9762\uff0c\u5e76\u4e14\u4ee3\u7406\u4ece\u6240\u6709\u4f20\u5165\u8bf7\u6c42\u4e2d\u5265\u79bb X-Forwarded-Proto \u6807\u5934\uff0c\u6216\u8005\u8bbe\u7f6e\u6807\u5934 X-Forwarded-Proto \u5e76\u5c06\u5176\u53d1\u9001\u5230 Dashboard\uff0c\u4f46\u4ec5\u9002\u7528\u4e8e\u6700\u521d\u901a\u8fc7 HTTPS \u4f20\u5165\u7684\u8bf7\u6c42\uff0c\u90a3\u4e48\u60a8\u5e94\u8be5\u8003\u8651\u914d\u7f6e SECURE_PROXY_SSL_HEADER \u66f4\u591a\u4fe1\u606f\u53ef\u4ee5\u5728 Django \u6587\u6863\u4e2d\u627e\u5230\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 SECURE_PROXY_SSL_HEADER in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a 'HTTP_X_FORWARDED_PROTO', 'https' \u5931\u8d25\uff1a\u5982\u679c\u53c2\u6570 SECURE_PROXY_SSL_HEADER in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u672a\u8bbe\u7f6e\u4e3a 'HTTP_X_FORWARDED_PROTO', 'https' \u6216\u6ce8\u91ca\u6389\u3002 \u8ba1\u7b97 \u00b6 OpenStack \u8ba1\u7b97\u670d\u52a1 \uff08nova\uff09 \u5728\u6574\u4e2a\u4e91\u4e2d\u7684\u8bb8\u591a\u4f4d\u7f6e\u8fd0\u884c\uff0c\u5e76\u4e0e\u5404\u79cd\u5185\u90e8\u670d\u52a1\u8fdb\u884c\u4ea4\u4e92\u3002OpenStack \u8ba1\u7b97\u670d\u52a1\u63d0\u4f9b\u4e86\u591a\u79cd\u914d\u7f6e\u9009\u9879\uff0c\u8fd9\u4e9b\u9009\u9879\u53ef\u80fd\u662f\u7279\u5b9a\u4e8e\u90e8\u7f72\u7684\u3002 \u5728\u672c\u7ae0\u4e2d\uff0c\u6211\u4eec\u5c06\u4ecb\u7ecd\u6709\u5173\u8ba1\u7b97\u5b89\u5168\u6027\u7684\u4e00\u822c\u6700\u4f73\u5b9e\u8df5\uff0c\u4ee5\u53ca\u53ef\u80fd\u5bfc\u81f4\u5b89\u5168\u95ee\u9898\u7684\u7279\u5b9a\u5df2\u77e5\u914d\u7f6e\u3002 nova.conf \u6587\u4ef6\u548c /var/lib/nova \u4f4d\u7f6e\u5e94\u53d7\u5230\u4fdd\u62a4\u3002\u5e94\u5b9e\u65bd\u96c6\u4e2d\u5f0f\u65e5\u5fd7\u8bb0\u5f55\u3001 policy.json \u6587\u4ef6\u548c\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236\u6846\u67b6\u7b49\u63a7\u5236\u63aa\u65bd\u3002 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u9009\u62e9 OpenStack \u4e2d\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f \u7eb3\u5165\u6392\u9664\u6807\u51c6 \u56e2\u961f\u4e13\u957f \u4ea7\u54c1\u6216\u9879\u76ee\u6210\u719f\u5ea6 \u8ba4\u8bc1\u548c\u8bc1\u660e \u901a\u7528\u6807\u51c6 \u52a0\u5bc6\u6807\u51c6 FIPS 140-2 \u786c\u4ef6\u95ee\u9898 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e0e\u88f8\u673a \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5185\u5b58\u4f18\u5316 KVM \u5185\u6838 Samepage \u5408\u5e76 XEN\u900f\u660e\u9875\u9762\u5171\u4eab \u5185\u5b58\u4f18\u5316\u7684\u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u5176\u4ed6\u5b89\u5168\u529f\u80fd \u4e66\u76ee \u5f3a\u5316\u865a\u62df\u5316\u5c42 \u7269\u7406\u786c\u4ef6\uff08PCI \u76f4\u901a\uff09 \u865a\u62df\u786c\u4ef6 \uff08QEMU\uff09 \u6700\u5c0f\u5316 QEMU \u4ee3\u7801\u5e93 \u7f16\u8bd1\u5668\u5f3a\u5316 \u5b89\u5168\u52a0\u5bc6\u865a\u62df\u5316 \u5f3a\u5236\u8bbf\u95ee\u63a7\u5236 sVirt\uff1aSELinux \u548c\u865a\u62df\u5316 \u6807\u7b7e\u548c\u7c7b\u522b SELinux \u7528\u6237\u548c\u89d2\u8272 \u5e03\u5c14\u503c \u5f3a\u5316\u8ba1\u7b97\u90e8\u7f72 OpenStack \u6f0f\u6d1e\u7ba1\u7406\u56e2\u961f OpenStack \u5b89\u5168\u8bf4\u660e OpenStack-dev \u90ae\u4ef6\u5217\u8868 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u90ae\u4ef6\u5217\u8868 \u6f0f\u6d1e\u610f\u8bc6 OpenStack \u6f0f\u6d1e\u7ba1\u7406\u56e2\u961f OpenStack \u5b89\u5168\u8bf4\u660e OpenStack-\u8ba8\u8bba\u90ae\u4ef6\u5217\u8868 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u90ae\u4ef6\u5217\u8868 \u5982\u4f55\u9009\u62e9\u865a\u62df\u63a7\u5236\u53f0 \u865a\u62df\u7f51\u7edc\u8ba1\u7b97\u673a \uff08VNC\uff09 \u72ec\u7acb\u8ba1\u7b97\u73af\u5883\u7684\u7b80\u5355\u534f\u8bae \uff08SPICE\uff09 \u68c0\u67e5\u8868 Check-Compute-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/nova\uff1f Check-Compute-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Compute-03\uff1aKeystone \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Compute-04\uff1a\u662f\u5426\u4f7f\u7528\u5b89\u5168\u534f\u8bae\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Compute-05\uff1aNova \u4e0e Glance \u7684\u901a\u4fe1\u662f\u5426\u5b89\u5168\uff1f \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u9009\u62e9 \u00b6 OpenStack \u4e2d\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f \u00b6 \u65e0\u8bbaOpenStack\u662f\u90e8\u7f72\u5728\u79c1\u6709\u6570\u636e\u4e2d\u5fc3\u5185\uff0c\u8fd8\u662f\u4f5c\u4e3a\u516c\u5171\u4e91\u670d\u52a1\u90e8\u7f72\uff0c\u5e95\u5c42\u865a\u62df\u5316\u6280\u672f\u90fd\u80fd\u5728\u53ef\u6269\u5c55\u6027\u3001\u8d44\u6e90\u6548\u7387\u548c\u6b63\u5e38\u8fd0\u884c\u65f6\u95f4\u65b9\u9762\u63d0\u4f9b\u4f01\u4e1a\u7ea7\u529f\u80fd\u3002\u867d\u7136\u5728\u8bb8\u591a OpenStack \u652f\u6301\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u6280\u672f\u4e2d\u901a\u5e38\u90fd\u5177\u6709\u8fd9\u79cd\u9ad8\u7ea7\u4f18\u52bf\uff0c\u4f46\u6bcf\u4e2a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u7684\u5b89\u5168\u67b6\u6784\u548c\u529f\u80fd\u90fd\u5b58\u5728\u663e\u8457\u5dee\u5f02\uff0c\u5c24\u5176\u662f\u5728\u8003\u8651\u5f39\u6027 OpenStack \u73af\u5883\u7279\u6709\u7684\u5b89\u5168\u5a01\u80c1\u5411\u91cf\u65f6\u3002\u968f\u7740\u5e94\u7528\u7a0b\u5e8f\u6574\u5408\u5230\u5355\u4e2a\u57fa\u7840\u67b6\u6784\u5373\u670d\u52a1 \uff08IaaS\uff09 \u5e73\u53f0\u4e2d\uff0c\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u7ea7\u522b\u7684\u5b9e\u4f8b\u9694\u79bb\u53d8\u5f97\u81f3\u5173\u91cd\u8981\u3002\u5b89\u5168\u9694\u79bb\u7684\u8981\u6c42\u5728\u5546\u4e1a\u3001\u653f\u5e9c\u548c\u519b\u4e8b\u793e\u533a\u4e2d\u90fd\u9002\u7528\u3002 \u5728 OpenStack \u6846\u67b6\u4e2d\uff0c\u60a8\u53ef\u4ee5\u5728\u4f17\u591a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5e73\u53f0\u548c\u76f8\u5e94\u7684 OpenStack \u63d2\u4ef6\u4e2d\u8fdb\u884c\u9009\u62e9\uff0c\u4ee5\u4f18\u5316\u60a8\u7684\u4e91\u73af\u5883\u3002\u5728\u672c\u6307\u5357\u7684\u4e0a\u4e0b\u6587\u4e2d\uff0c\u91cd\u70b9\u4ecb\u7ecd\u4e86\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u9009\u62e9\u6ce8\u610f\u4e8b\u9879\uff0c\u56e0\u4e3a\u5b83\u4eec\u4e0e\u5bf9\u5b89\u5168\u6027\u81f3\u5173\u91cd\u8981\u7684\u529f\u80fd\u96c6\u6709\u5173\u3002\u4f46\u662f\uff0c\u8fd9\u4e9b\u6ce8\u610f\u4e8b\u9879\u5e76\u4e0d\u610f\u5473\u7740\u5bf9\u7279\u5b9a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u7684\u4f18\u7f3a\u70b9\u8fdb\u884c\u8be6\u5c3d\u7684\u8c03\u67e5\u3002NIST \u5728\u7279\u522b\u51fa\u7248\u7269 800-125\u201c\u5b8c\u6574\u865a\u62df\u5316\u6280\u672f\u5b89\u5168\u6307\u5357\u201d\u4e2d\u63d0\u4f9b\u4e86\u5176\u4ed6\u6307\u5bfc\u3002 \u9009\u62e9\u6807\u51c6 \u00b6 \u4f5c\u4e3a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u9009\u62e9\u8fc7\u7a0b\u7684\u4e00\u90e8\u5206\uff0c\u60a8\u5fc5\u987b\u8003\u8651\u8bb8\u591a\u91cd\u8981\u56e0\u7d20\uff0c\u4ee5\u5e2e\u52a9\u6539\u5584\u60a8\u7684\u5b89\u5168\u72b6\u51b5\u3002\u5177\u4f53\u6765\u8bf4\uff0c\u60a8\u5fc5\u987b\u719f\u6089\u4ee5\u4e0b\u65b9\u9762\uff1a \u56e2\u961f\u4e13\u957f \u4ea7\u54c1\u6216\u9879\u76ee\u6210\u719f\u5ea6 \u901a\u7528\u6807\u51c6 \u8ba4\u8bc1\u548c\u8bc1\u660e \u786c\u4ef6\u95ee\u9898 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e0e\u88f8\u673a \u5176\u4ed6\u5b89\u5168\u529f\u80fd \u6b64\u5916\uff0c\u5f3a\u70c8\u5efa\u8bae\u5728\u4e3a OpenStack \u90e8\u7f72\u9009\u62e9\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u65f6\u8bc4\u4f30\u4ee5\u4e0b\u4e0e\u5b89\u5168\u76f8\u5173\u7684\u6807\u51c6\uff1a * \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u662f\u5426\u7ecf\u8fc7\u901a\u7528\u6807\u51c6\u8ba4\u8bc1\uff1f\u5982\u679c\u662f\u8fd9\u6837\uff0c\u8fbe\u5230\u4ec0\u4e48\u6c34\u5e73\uff1f* \u5e95\u5c42\u5bc6\u7801\u5b66\u662f\u5426\u7ecf\u8fc7\u7b2c\u4e09\u65b9\u8ba4\u8bc1\uff1f \u56e2\u961f\u4e13\u957f \u00b6 \u6700\u6709\u53ef\u80fd\u7684\u662f\uff0c\u5728\u9009\u62e9\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u65f6\uff0c\u6700\u91cd\u8981\u7684\u65b9\u9762\u662f\u60a8\u7684\u5458\u5de5\u5728\u7ba1\u7406\u548c\u7ef4\u62a4\u7279\u5b9a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5e73\u53f0\u65b9\u9762\u7684\u4e13\u4e1a\u77e5\u8bc6\u3002\u60a8\u7684\u56e2\u961f\u5bf9\u7ed9\u5b9a\u4ea7\u54c1\u3001\u5176\u914d\u7f6e\u53ca\u5176\u602a\u7656\u8d8a\u719f\u6089\uff0c\u914d\u7f6e\u9519\u8bef\u5c31\u8d8a\u5c11\u3002\u6b64\u5916\uff0c\u5728\u7ed9\u5b9a\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e0a\u5c06\u5458\u5de5\u4e13\u4e1a\u77e5\u8bc6\u5206\u5e03\u5728\u6574\u4e2a\u7ec4\u7ec7\u4e2d\u53ef\u4ee5\u63d0\u9ad8\u7cfb\u7edf\u7684\u53ef\u7528\u6027\uff0c\u5141\u8bb8\u804c\u8d23\u5206\u79bb\uff0c\u5e76\u5728\u56e2\u961f\u6210\u5458\u4e0d\u53ef\u7528\u65f6\u7f13\u89e3\u95ee\u9898\u3002 \u4ea7\u54c1\u6216\u9879\u76ee\u6210\u719f\u5ea6 \u00b6 \u7ed9\u5b9a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4ea7\u54c1\u6216\u9879\u76ee\u7684\u6210\u719f\u5ea6\u5bf9\u60a8\u7684\u5b89\u5168\u72b6\u51b5\u4e5f\u81f3\u5173\u91cd\u8981\u3002\u90e8\u7f72\u4e91\u540e\uff0c\u4ea7\u54c1\u6210\u719f\u5ea6\u4f1a\u4ea7\u751f\u8bb8\u591a\u5f71\u54cd\uff1a\u7ed9\u5b9a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4ea7\u54c1\u6216\u9879\u76ee\u7684\u6210\u719f\u5ea6\u5bf9\u60a8\u7684\u5b89\u5168\u72b6\u51b5\u4e5f\u81f3\u5173\u91cd\u8981\u3002\u90e8\u7f72\u4e91\u540e\uff0c\u4ea7\u54c1\u6210\u719f\u5ea6\u4f1a\u4ea7\u751f\u8bb8\u591a\u5f71\u54cd\uff1a \u4e13\u4e1a\u77e5\u8bc6\u7684\u53ef\u7528\u6027 \u6d3b\u8dc3\u7684\u5f00\u53d1\u4eba\u5458\u548c\u7528\u6237\u793e\u533a \u66f4\u65b0\u7684\u53ca\u65f6\u6027\u548c\u53ef\u7528\u6027 \u53d1\u75c5\u7387\u54cd\u5e94 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u6210\u719f\u5ea6\u7684\u6700\u5927\u6307\u6807\u4e4b\u4e00\u662f\u56f4\u7ed5\u5b83\u7684\u793e\u533a\u7684\u89c4\u6a21\u548c\u6d3b\u529b\u3002\u7531\u4e8e\u8fd9\u6d89\u53ca\u5b89\u5168\u6027\uff0c\u56e0\u6b64\u5982\u679c\u60a8\u9700\u8981\u989d\u5916\u7684\u4e91\u64cd\u4f5c\u5458\uff0c\u793e\u533a\u7684\u8d28\u91cf\u4f1a\u5f71\u54cd\u4e13\u4e1a\u77e5\u8bc6\u7684\u53ef\u7528\u6027\u3002\u8fd9\u4e5f\u8868\u660e\u4e86\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u7684\u5e7f\u6cdb\u90e8\u7f72\uff0c\u8fdb\u800c\u5bfc\u81f4\u4efb\u4f55\u53c2\u8003\u67b6\u6784\u548c\u6700\u4f73\u5b9e\u8df5\u7684\u6218\u5907\u72b6\u6001\u3002 \u6b64\u5916\uff0c\u793e\u533a\u7684\u8d28\u91cf\uff0c\u56e0\u4e3a\u5b83\u56f4\u7ed5\u7740KVM\u6216Xen\u7b49\u5f00\u6e90\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\uff0c\u5bf9\u9519\u8bef\u4fee\u590d\u548c\u5b89\u5168\u66f4\u65b0\u7684\u53ca\u65f6\u6027\u6709\u76f4\u63a5\u5f71\u54cd\u3002\u5728\u8c03\u67e5\u5546\u4e1a\u548c\u5f00\u6e90\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u65f6\uff0c\u60a8\u5fc5\u987b\u67e5\u770b\u5b83\u4eec\u7684\u53d1\u5e03\u548c\u652f\u6301\u5468\u671f\uff0c\u4ee5\u53ca\u53d1\u5e03\u9519\u8bef\u6216\u5b89\u5168\u95ee\u9898\u4e0e\u8865\u4e01\u6216\u54cd\u5e94\u4e4b\u95f4\u7684\u65f6\u95f4\u5dee\u3002\u6700\u540e\uff0cOpenStack \u8ba1\u7b97\u652f\u6301\u7684\u529f\u80fd\u56e0\u6240\u9009\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u800c\u5f02\u3002\u8bf7\u53c2\u9605 OpenStack Hypervisor Support Matrix\uff0c\u4e86\u89e3 Hypervisor \u5bf9 OpenStack \u8ba1\u7b97\u529f\u80fd\u7684\u652f\u6301\u3002 \u8ba4\u8bc1\u548c\u8bc1\u660e \u00b6 \u9009\u62e9\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u65f6\uff0c\u53e6\u4e00\u4e2a\u8003\u8651\u56e0\u7d20\u662f\u5404\u79cd\u6b63\u5f0f\u8ba4\u8bc1\u548c\u8bc1\u660e\u7684\u53ef\u7528\u6027\u3002\u867d\u7136\u5b83\u4eec\u53ef\u80fd\u4e0d\u662f\u7279\u5b9a\u7ec4\u7ec7\u7684\u8981\u6c42\uff0c\u4f46\u8fd9\u4e9b\u8ba4\u8bc1\u548c\u8bc1\u660e\u8bf4\u660e\u4e86\u7279\u5b9a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5e73\u53f0\u6240\u7ecf\u8fc7\u7684\u6d4b\u8bd5\u7684\u6210\u719f\u5ea6\u3001\u751f\u4ea7\u51c6\u5907\u60c5\u51b5\u548c\u5f7b\u5e95\u6027\u3002 \u901a\u7528\u6807\u51c6 \u00b6 \u901a\u7528\u6807\u51c6\u662f\u4e00\u4e2a\u56fd\u9645\u6807\u51c6\u5316\u7684\u8f6f\u4ef6\u8bc4\u4f30\u8fc7\u7a0b\uff0c\u653f\u5e9c\u548c\u5546\u4e1a\u516c\u53f8\u4f7f\u7528\u5b83\u6765\u9a8c\u8bc1\u8f6f\u4ef6\u6280\u672f\u662f\u5426\u5982\u5ba3\u4f20\u7684\u90a3\u6837\u3002\u5728\u653f\u5e9c\u90e8\u95e8\uff0cNSTISSP \u7b2c 11 \u53f7\u89c4\u5b9a\u7f8e\u56fd\u653f\u5e9c\u673a\u6784\u53ea\u80fd\u91c7\u8d2d\u5df2\u901a\u8fc7\u901a\u7528\u6807\u51c6\u8ba4\u8bc1\u7684\u8f6f\u4ef6\uff0c\u8be5\u653f\u7b56\u81ea 2002 \u5e74 7 \u6708\u8d77\u5b9e\u65bd\u3002 \u6ce8\u610f OpenStack\u5c1a\u672a\u901a\u8fc7\u901a\u7528\u6807\u51c6\u8ba4\u8bc1\uff0c\u4f46\u8bb8\u591a\u53ef\u7528\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u90fd\u7ecf\u8fc7\u4e86\u8ba4\u8bc1\u3002 \u9664\u4e86\u9a8c\u8bc1\u6280\u672f\u80fd\u529b\u5916\uff0c\u901a\u7528\u6807\u51c6\u6d41\u7a0b\u8fd8\u8bc4\u4f30\u6280\u672f\u7684\u5f00\u53d1\u65b9\u5f0f\u3002 \u5982\u4f55\u8fdb\u884c\u6e90\u4ee3\u7801\u7ba1\u7406\uff1f \u5982\u4f55\u6388\u4e88\u7528\u6237\u5bf9\u6784\u5efa\u7cfb\u7edf\u7684\u8bbf\u95ee\u6743\u9650\uff1f \u8be5\u6280\u672f\u5728\u5206\u53d1\u524d\u662f\u5426\u7ecf\u8fc7\u52a0\u5bc6\u7b7e\u540d\uff1f KVM \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5df2\u901a\u8fc7\u7f8e\u56fd\u653f\u5e9c\u548c\u5546\u4e1a\u53d1\u884c\u7248\u7684\u901a\u7528\u6807\u51c6\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u5df2\u7ecf\u8fc7\u9a8c\u8bc1\uff0c\u53ef\u4ee5\u5c06\u865a\u62df\u673a\u7684\u8fd0\u884c\u65f6\u73af\u5883\u5f7c\u6b64\u5206\u79bb\uff0c\u4ece\u800c\u63d0\u4f9b\u57fa\u7840\u6280\u672f\u6765\u5b9e\u65bd\u5b9e\u4f8b\u9694\u79bb\u3002\u9664\u4e86\u865a\u62df\u673a\u9694\u79bb\u4e4b\u5916\uff0cKVM \u8fd8\u901a\u8fc7\u4e86\u901a\u7528\u6807\u51c6\u8ba4\u8bc1\uff1a \"...provide system-inherent separation mechanisms to the resources of virtual machines. This separation ensures that large software component used for virtualizing and simulating devices executing for each virtual machine cannot interfere with each other. Using the SELinux multi-category mechanism, the virtualization and simulation software instances are isolated. The virtual machine management framework configures SELinux multi-category settings transparently to the administrator.\" \u867d\u7136\u8bb8\u591a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4f9b\u5e94\u5546\uff08\u5982 Red Hat\u3001Microsoft \u548c VMware\uff09\u5df2\u83b7\u5f97\u901a\u7528\u6807\u51c6\u8ba4\u8bc1\uff0c\u4f46\u5176\u57fa\u7840\u8ba4\u8bc1\u529f\u80fd\u96c6\u6709\u6240\u4e0d\u540c\uff0c\u4f46\u6211\u4eec\u5efa\u8bae\u8bc4\u4f30\u4f9b\u5e94\u5546\u58f0\u660e\uff0c\u4ee5\u786e\u4fdd\u5b83\u4eec\u81f3\u5c11\u6ee1\u8db3\u4ee5\u4e0b\u8981\u6c42\uff1a \u5ba1\u8ba1 \u8be5\u7cfb\u7edf\u63d0\u4f9b\u4e86\u5ba1\u6838\u5927\u91cf\u4e8b\u4ef6\u7684\u529f\u80fd\uff0c\u5305\u62ec\u5355\u4e2a\u7cfb\u7edf\u8c03\u7528\u548c\u53d7\u4fe1\u4efb\u8fdb\u7a0b\u751f\u6210\u7684\u4e8b\u4ef6\u3002\u5ba1\u8ba1\u6570\u636e\u4ee5 ASCII \u683c\u5f0f\u6536\u96c6\u5728\u5e38\u89c4\u6587\u4ef6\u4e2d\u3002\u7cfb\u7edf\u63d0\u4f9b\u4e86\u4e00\u4e2a\u7528\u4e8e\u641c\u7d22\u5ba1\u8ba1\u8bb0\u5f55\u7684\u7a0b\u5e8f\u3002\u7cfb\u7edf\u7ba1\u7406\u5458\u53ef\u4ee5\u5b9a\u4e49\u4e00\u4e2a\u89c4\u5219\u5e93\uff0c\u4ee5\u5c06\u5ba1\u6838\u9650\u5236\u4e3a\u4ed6\u4eec\u611f\u5174\u8da3\u7684\u4e8b\u4ef6\u3002\u8fd9\u5305\u62ec\u5c06\u5ba1\u6838\u9650\u5236\u4e3a\u7279\u5b9a\u4e8b\u4ef6\u3001\u7279\u5b9a\u7528\u6237\u3001\u7279\u5b9a\u5bf9\u8c61\u6216\u6240\u6709\u8fd9\u4e9b\u7684\u7ec4\u5408\u7684\u80fd\u529b\u3002\u5ba1\u8ba1\u8bb0\u5f55\u53ef\u4ee5\u4f20\u8f93\u5230\u8fdc\u7a0b\u5ba1\u8ba1\u5b88\u62a4\u7a0b\u5e8f\u3002 \u81ea\u4e3b\u8bbf\u95ee\u63a7\u5236 \u81ea\u4e3b\u8bbf\u95ee\u63a7\u5236 \uff08DAC\uff09 \u9650\u5236\u5bf9\u57fa\u4e8e ACL \u7684\u6587\u4ef6\u7cfb\u7edf\u5bf9\u8c61\u7684\u8bbf\u95ee\uff0c\u8fd9\u4e9b\u5bf9\u8c61\u5305\u62ec\u7528\u6237\u3001\u7ec4\u548c\u5176\u4ed6\u4eba\u5458\u7684\u6807\u51c6 UNIX \u6743\u9650\u3002\u8bbf\u95ee\u63a7\u5236\u673a\u5236\u8fd8\u53ef\u4ee5\u4fdd\u62a4 IPC \u5bf9\u8c61\u514d\u53d7\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002\u8be5\u7cfb\u7edf\u5305\u62ec ext4 \u6587\u4ef6\u7cfb\u7edf\uff0c\u5b83\u652f\u6301 POSIX ACL\u3002\u8fd9\u5141\u8bb8\u5b9a\u4e49\u5bf9\u6b64\u7c7b\u6587\u4ef6\u7cfb\u7edf\u4e2d\u6587\u4ef6\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u7cbe\u786e\u5230\u5355\u4e2a\u7528\u6237\u7684\u7c92\u5ea6\u3002 \u5f3a\u5236\u8bbf\u95ee\u63a7\u5236 \u5f3a\u5236\u8bbf\u95ee\u63a7\u5236 \uff08MAC\uff09 \u6839\u636e\u5206\u914d\u7ed9\u4e3b\u4f53\u548c\u5bf9\u8c61\u7684\u6807\u7b7e\u6765\u9650\u5236\u5bf9\u5bf9\u8c61\u7684\u8bbf\u95ee\u3002\u654f\u611f\u5ea6\u6807\u7b7e\u4f1a\u81ea\u52a8\u9644\u52a0\u5230\u8fdb\u7a0b\u548c\u5bf9\u8c61\u3002\u4f7f\u7528\u8fd9\u4e9b\u6807\u7b7e\u5f3a\u5236\u5b9e\u65bd\u7684\u8bbf\u95ee\u63a7\u5236\u7b56\u7565\u6d3e\u751f\u81ea Bell-LaPadula \u6a21\u578b\u3002SELinux \u7c7b\u522b\u9644\u52a0\u5230\u865a\u62df\u673a\u53ca\u5176\u8d44\u6e90\u3002\u5982\u679c\u865a\u62df\u673a\u7684\u7c7b\u522b\u4e0e\u6240\u8bbf\u95ee\u8d44\u6e90\u7684\u7c7b\u522b\u76f8\u540c\uff0c\u5219\u4f7f\u7528\u8fd9\u4e9b\u7c7b\u522b\u5f3a\u5236\u5b9e\u65bd\u7684\u8bbf\u95ee\u63a7\u5236\u7b56\u7565\u5c06\u6388\u4e88\u865a\u62df\u673a\u5bf9\u8d44\u6e90\u7684\u8bbf\u95ee\u6743\u9650\u3002TOE \u5b9e\u73b0\u975e\u5206\u5c42\u7c7b\u522b\u6765\u63a7\u5236\u5bf9\u865a\u62df\u673a\u7684\u8bbf\u95ee\u3002 \u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236 \u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236 \uff08RBAC\uff09 \u5141\u8bb8\u89d2\u8272\u5206\u79bb\uff0c\u65e0\u9700\u5168\u80fd\u7684\u7cfb\u7edf\u7ba1\u7406\u5458\u3002 \u5bf9\u8c61\u91cd\u7528 \u6587\u4ef6\u7cfb\u7edf\u5bf9\u8c61\u3001\u5185\u5b58\u548c IPC \u5bf9\u8c61\u5728\u88ab\u5c5e\u4e8e\u5176\u4ed6\u7528\u6237\u7684\u8fdb\u7a0b\u91cd\u7528\u4e4b\u524d\u4f1a\u88ab\u6e05\u9664\u3002 \u5b89\u5168\u7ba1\u7406 \u7cfb\u7edf\u5b89\u5168\u5173\u952e\u53c2\u6570\u7684\u7ba1\u7406\u7531\u7ba1\u7406\u7528\u6237\u6267\u884c\u3002\u4e00\u7ec4\u9700\u8981 root \u6743\u9650\uff08\u6216\u4f7f\u7528 RBAC \u65f6\u9700\u8981\u7279\u5b9a\u89d2\u8272\uff09\u7684\u547d\u4ee4\u7528\u4e8e\u7cfb\u7edf\u7ba1\u7406\u3002\u5b89\u5168\u53c2\u6570\u5b58\u50a8\u5728\u7279\u5b9a\u6587\u4ef6\u4e2d\uff0c\u8fd9\u4e9b\u6587\u4ef6\u53d7\u7cfb\u7edf\u7684\u8bbf\u95ee\u63a7\u5236\u673a\u5236\u4fdd\u62a4\uff0c\u9632\u6b62\u975e\u7ba1\u7406\u7528\u6237\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002 \u5b89\u5168\u901a\u4fe1 \u7cfb\u7edf\u652f\u6301\u4f7f\u7528 SSH \u5b9a\u4e49\u53ef\u4fe1\u901a\u9053\u3002\u652f\u6301\u57fa\u4e8e\u5bc6\u7801\u7684\u8eab\u4efd\u9a8c\u8bc1\u3002\u5728\u8bc4\u4f30\u7684\u914d\u7f6e\u4e2d\uff0c\u8fd9\u4e9b\u534f\u8bae\u4ec5\u652f\u6301\u6709\u9650\u6570\u91cf\u7684\u5bc6\u7801\u5957\u4ef6\u3002 \u5b58\u50a8\u52a0\u5bc6 \u7cfb\u7edf\u652f\u6301\u52a0\u5bc6\u5757\u8bbe\u5907\uff0c\u901a\u8fc7 dm_crypt \u63d0\u4f9b\u5b58\u50a8\u673a\u5bc6\u6027\u3002 TSF \u4fdd\u62a4 \u5728\u8fd0\u884c\u65f6\uff0c\u5185\u6838\u8f6f\u4ef6\u548c\u6570\u636e\u53d7\u5230\u786c\u4ef6\u5185\u5b58\u4fdd\u62a4\u673a\u5236\u7684\u4fdd\u62a4\u3002\u5185\u6838\u7684\u5185\u5b58\u548c\u8fdb\u7a0b\u7ba1\u7406\u7ec4\u4ef6\u786e\u4fdd\u7528\u6237\u8fdb\u7a0b\u65e0\u6cd5\u8bbf\u95ee\u5185\u6838\u5b58\u50a8\u6216\u5c5e\u4e8e\u5176\u4ed6\u8fdb\u7a0b\u7684\u5b58\u50a8\u3002\u975e\u5185\u6838 TSF \u8f6f\u4ef6\u548c\u6570\u636e\u53d7 DAC \u548c\u8fdb\u7a0b\u9694\u79bb\u673a\u5236\u4fdd\u62a4\u3002\u5728\u8bc4\u4f30\u7684\u914d\u7f6e\u4e2d\uff0c\u4fdd\u7559\u7528\u6237 ID root \u62e5\u6709\u5b9a\u4e49 TSF \u914d\u7f6e\u7684\u76ee\u5f55\u548c\u6587\u4ef6\u3002\u901a\u5e38\uff0c\u5305\u542b\u5185\u90e8 TSF \u6570\u636e\u7684\u6587\u4ef6\u548c\u76ee\u5f55\uff08\u5982\u914d\u7f6e\u6587\u4ef6\u548c\u6279\u5904\u7406\u4f5c\u4e1a\u961f\u5217\uff09\u4e5f\u53d7\u5230 DAC \u6743\u9650\u7684\u4fdd\u62a4\uff0c\u4e0d\u4f1a\u88ab\u8bfb\u53d6\u3002\u7cfb\u7edf\u4ee5\u53ca\u786c\u4ef6\u548c\u56fa\u4ef6\u7ec4\u4ef6\u9700\u8981\u53d7\u5230\u7269\u7406\u4fdd\u62a4\uff0c\u4ee5\u9632\u6b62\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002\u7cfb\u7edf\u5185\u6838\u8c03\u89e3\u5bf9\u786c\u4ef6\u673a\u5236\u672c\u8eab\u7684\u6240\u6709\u8bbf\u95ee\uff0c\u4f46\u7a0b\u5e8f\u53ef\u89c1\u7684 CPU \u6307\u4ee4\u51fd\u6570\u9664\u5916\u3002\u6b64\u5916\uff0c\u8fd8\u63d0\u4f9b\u4e86\u9632\u6b62\u5806\u6808\u6ea2\u51fa\u653b\u51fb\u7684\u673a\u5236\u3002 \u5bc6\u7801\u5b66\u6807\u51c6 \u00b6 OpenStack \u4e2d\u63d0\u4f9b\u4e86\u591a\u79cd\u52a0\u5bc6\u7b97\u6cd5\uff0c\u7528\u4e8e\u8bc6\u522b\u548c\u6388\u6743\u3001\u6570\u636e\u4f20\u8f93\u548c\u9759\u6001\u6570\u636e\u4fdd\u62a4\u3002\u9009\u62e9\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u65f6\uff0c\u6211\u4eec\u5efa\u8bae\u91c7\u7528\u4ee5\u4e0b\u7b97\u6cd5\u548c\u5b9e\u73b0\u6807\u51c6\uff1a \u7b97\u6cd5 \u5bc6\u94a5\u957f\u5ea6 \u9884\u671f\u76ee\u7684 \u5b89\u5168\u529f\u80fd \u6267\u884c\u6807\u51c6 AES 128\u3001192 \u6216 256 \u4f4d \u52a0\u5bc6/\u89e3\u5bc6 \u53d7\u4fdd\u62a4\u7684\u6570\u636e\u4f20\u8f93\uff0c\u4fdd\u62a4\u9759\u6001\u6570\u636e RFC 4253 TDES 168 \u4f4d \u52a0\u5bc6/\u89e3\u5bc6 \u53d7\u4fdd\u62a4\u7684\u6570\u636e\u4f20\u8f93 RFC 4253 RSA 1024\u30012048 \u6216 3072 \u4f4d \u8eab\u4efd\u9a8c\u8bc1\u3001\u5bc6\u94a5\u4ea4\u6362 \u8bc6\u522b\u548c\u8eab\u4efd\u9a8c\u8bc1\uff0c\u53d7\u4fdd\u62a4\u7684\u6570\u636e\u4f20\u8f93 U.S. NIST FIPS PUB 186-3 DSA L=1024\uff0cN=160\u4f4d \u8eab\u4efd\u9a8c\u8bc1\u3001\u5bc6\u94a5\u4ea4\u6362 \u8bc6\u522b\u548c\u8eab\u4efd\u9a8c\u8bc1\uff0c\u53d7\u4fdd\u62a4\u7684\u6570\u636e\u4f20\u8f93 U.S. NIST FIPS PUB 186-3 Serpent 128\u3001192 \u6216 256 \u4f4d \u52a0\u5bc6/\u89e3\u5bc6 \u9759\u6001\u6570\u636e\u4fdd\u62a4 http://www.cl.cam.ac.uk/~rja14/Papers/serpent.pdf Twofish 128\u3001192 \u6216 256 \u4f4d \u52a0\u5bc6/\u89e3\u5bc6 \u9759\u6001\u6570\u636e\u4fdd\u62a4 https://www.schneier.com/paper-twofish-paper.html SHA-1 \u6d88\u606f\u6458\u8981 \u4fdd\u62a4\u9759\u6001\u6570\u636e\uff0c\u53d7\u4fdd\u62a4\u7684\u6570\u636e\u4f20\u8f93 U.S. NIST FIPS PUB 180-3 SHA-2\uff08224\u3001256\u3001384 \u6216 512 \u4f4d\uff09 \u6d88\u606f\u6458\u8981 Protection for data at rest, identification and authentication \u4fdd\u62a4\u9759\u6001\u6570\u636e\u3001\u8bc6\u522b\u548c\u8eab\u4efd\u9a8c\u8bc1 U.S. NIST FIPS PUB 180-3 FIPS 140-2 \u00b6 \u5728\u7f8e\u56fd\uff0c\u7f8e\u56fd\u56fd\u5bb6\u79d1\u5b66\u6280\u672f\u7814\u7a76\u9662 \uff08NIST\uff09 \u901a\u8fc7\u79f0\u4e3a\u52a0\u5bc6\u6a21\u5757\u9a8c\u8bc1\u8ba1\u5212\u7684\u8fc7\u7a0b\u5bf9\u52a0\u5bc6\u7b97\u6cd5\u8fdb\u884c\u8ba4\u8bc1\u3002NIST \u8ba4\u8bc1\u7b97\u6cd5\u7b26\u5408\u8054\u90a6\u4fe1\u606f\u5904\u7406\u6807\u51c6 140-2 \uff08FIPS 140-2\uff09\uff0c\u786e\u4fdd\uff1a \"... Products validated as conforming to FIPS 140-2 are accepted by the Federal agencies of both countries [United States and Canada] for the protection of sensitive information (United States) or Designated Information (Canada). The goal of the CMVP is to promote the use of validated cryptographic modules and provide Federal agencies with a security metric to use in procuring equipment containing validated cryptographic modules.\" \u5728\u8bc4\u4f30\u57fa\u672c\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u6280\u672f\u65f6\uff0c\u8bf7\u8003\u8651\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u662f\u5426\u5df2\u901a\u8fc7 FIPS 140-2 \u8ba4\u8bc1\u3002\u6839\u636e\u7f8e\u56fd\u653f\u5e9c\u653f\u7b56\uff0c\u4e0d\u4ec5\u5f3a\u5236\u8981\u6c42\u7b26\u5408 FIPS 140-2\uff0c\u800c\u4e14\u6b63\u5f0f\u8ba4\u8bc1\u8868\u660e\u5df2\u5bf9\u52a0\u5bc6\u7b97\u6cd5\u7684\u7ed9\u5b9a\u5b9e\u73b0\u8fdb\u884c\u4e86\u5ba1\u67e5\uff0c\u4ee5\u786e\u4fdd\u7b26\u5408\u6a21\u5757\u89c4\u8303\u3001\u52a0\u5bc6\u6a21\u5757\u7aef\u53e3\u548c\u63a5\u53e3;\u89d2\u8272\u3001\u670d\u52a1\u548c\u8eab\u4efd\u9a8c\u8bc1;\u6709\u9650\u72b6\u6001\u6a21\u578b;\u4eba\u8eab\u5b89\u5168;\u64cd\u4f5c\u73af\u5883;\u52a0\u5bc6\u5bc6\u94a5\u7ba1\u7406;\u7535\u78c1\u5e72\u6270/\u7535\u78c1\u517c\u5bb9\u6027\uff08EMI/EMC\uff09;\u81ea\u68c0;\u8bbe\u8ba1\u4fdd\u8bc1;\u4ee5\u53ca\u7f13\u89e3\u5176\u4ed6\u653b\u51fb\u3002 \u786c\u4ef6\u95ee\u9898 \u00b6 \u5728\u8bc4\u4f30\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5e73\u53f0\u65f6\uff0c\u8bf7\u8003\u8651\u8fd0\u884c\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u7684\u786c\u4ef6\u7684\u53ef\u652f\u6301\u6027\u3002\u6b64\u5916\uff0c\u8bf7\u8003\u8651\u786c\u4ef6\u4e2d\u53ef\u7528\u7684\u5176\u4ed6\u529f\u80fd\uff0c\u4ee5\u53ca\u60a8\u5728 OpenStack \u90e8\u7f72\u4e2d\u9009\u62e9\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5982\u4f55\u652f\u6301\u8fd9\u4e9b\u529f\u80fd\u3002\u4e3a\u6b64\uff0c\u6bcf\u4e2a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u90fd\u6709\u81ea\u5df1\u7684\u786c\u4ef6\u517c\u5bb9\u6027\u5217\u8868 \uff08HCL\uff09\u3002\u5728\u9009\u62e9\u517c\u5bb9\u7684\u786c\u4ef6\u65f6\uff0c\u4ece\u5b89\u5168\u89d2\u5ea6\u6765\u770b\uff0c\u63d0\u524d\u4e86\u89e3\u54ea\u4e9b\u57fa\u4e8e\u786c\u4ef6\u7684\u865a\u62df\u5316\u6280\u672f\u662f\u91cd\u8981\u7684\uff0c\u8fd9\u4e00\u70b9\u5f88\u91cd\u8981\u3002 \u63cf\u8ff0 \u79d1\u6280 \u89e3\u91ca I/O MMU VT-d / AMD-Vi \u4fdd\u62a4 PCI \u76f4\u901a\u6240\u5fc5\u9700\u7684 \u82f1\u7279\u5c14\u53ef\u4fe1\u6267\u884c\u6280\u672f Intel TXT / SEM \u52a8\u6001\u8bc1\u660e\u670d\u52a1\u662f\u5fc5\u9700\u7684 PCI-SIG I/O \u865a\u62df\u5316 SR-IOV, MR-IOV, ATS \u9700\u8981\u5141\u8bb8\u5b89\u5168\u5171\u4eab PCI Express \u8bbe\u5907 \u7f51\u7edc\u865a\u62df\u5316 VT-c \u63d0\u9ad8\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e0a\u7684\u7f51\u7edc I/O \u6027\u80fd \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e0e\u88f8\u673a \u00b6 \u91cd\u8981\u7684\u662f\u8981\u8ba4\u8bc6\u5230\u4f7f\u7528 Linux \u5bb9\u5668 \uff08LXC\uff09 \u6216\u88f8\u673a\u7cfb\u7edf\u4e0e\u4f7f\u7528 KVM \u7b49\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e4b\u95f4\u7684\u533a\u522b\u3002\u5177\u4f53\u6765\u8bf4\uff0c\u672c\u5b89\u5168\u6307\u5357\u7684\u91cd\u70b9\u4e3b\u8981\u57fa\u4e8e\u62e5\u6709\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u548c\u865a\u62df\u5316\u5e73\u53f0\u3002\u4f46\u662f\uff0c\u5982\u679c\u60a8\u7684\u5b9e\u73b0\u9700\u8981\u4f7f\u7528\u88f8\u673a\u6216 LXC \u73af\u5883\uff0c\u5219\u5fc5\u987b\u6ce8\u610f\u8be5\u73af\u5883\u90e8\u7f72\u65b9\u9762\u7684\u7279\u6b8a\u5dee\u5f02\u3002 \u5728\u91cd\u65b0\u9884\u914d\u4e4b\u524d\uff0c\u8bf7\u786e\u4fdd\u6700\u7ec8\u7528\u6237\u5df2\u6b63\u786e\u6e05\u7406\u8282\u70b9\u7684\u6570\u636e\u3002\u6b64\u5916\uff0c\u5728\u91cd\u7528\u8282\u70b9\u4e4b\u524d\uff0c\u5fc5\u987b\u4fdd\u8bc1\u786c\u4ef6\u672a\u88ab\u7be1\u6539\u6216\u4ee5\u5176\u4ed6\u65b9\u5f0f\u53d7\u5230\u635f\u5bb3\u3002 \u6ce8\u610f \u867d\u7136OpenStack\u6709\u4e00\u4e2a\u88f8\u673a\u9879\u76ee\uff0c\u4f46\u5bf9\u8fd0\u884c\u88f8\u673a\u7684\u7279\u6b8a\u5b89\u5168\u5f71\u54cd\u7684\u8ba8\u8bba\u8d85\u51fa\u4e86\u672c\u4e66\u7684\u8303\u56f4\u3002 \u7531\u4e8e\u4e66\u672c\u51b2\u523a\u7684\u65f6\u95f4\u9650\u5236\uff0c\u8be5\u56e2\u961f\u9009\u62e9\u5728\u6211\u4eec\u7684\u793a\u4f8b\u5b9e\u73b0\u548c\u67b6\u6784\u4e2d\u4f7f\u7528 KVM \u4f5c\u4e3a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002 \u6ce8\u610f \u6709\u4e00\u4e2a\u5173\u4e8e\u5728\u8ba1\u7b97\u4e2d\u4f7f\u7528 LXC \u7684 OpenStack \u5b89\u5168\u8bf4\u660e\u3002 Hypervisor \u5185\u5b58\u4f18\u5316 \u00b6 \u8bb8\u591a\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u4f7f\u7528\u5185\u5b58\u4f18\u5316\u6280\u672f\u5c06\u5185\u5b58\u8fc7\u91cf\u4f7f\u7528\u5230\u6765\u5bbe\u865a\u62df\u673a\u3002\u8fd9\u662f\u4e00\u9879\u6709\u7528\u7684\u529f\u80fd\uff0c\u53ef\u7528\u4e8e\u90e8\u7f72\u975e\u5e38\u5bc6\u96c6\u7684\u8ba1\u7b97\u7fa4\u96c6\u3002\u5b9e\u73b0\u6b64\u76ee\u7684\u7684\u4e00\u79cd\u65b9\u6cd5\u662f\u901a\u8fc7\u91cd\u590d\u6570\u636e\u6d88\u9664\u6216\u5171\u4eab\u5185\u5b58\u9875\u3002\u5f53\u4e24\u4e2a\u865a\u62df\u673a\u5728\u5185\u5b58\u4e2d\u5177\u6709\u76f8\u540c\u7684\u6570\u636e\u65f6\uff0c\u8ba9\u5b83\u4eec\u5f15\u7528\u76f8\u540c\u7684\u5185\u5b58\u662f\u6709\u597d\u5904\u7684\u3002 \u901a\u5e38\uff0c\u8fd9\u662f\u901a\u8fc7\u5199\u5165\u65f6\u590d\u5236 \uff08COW\uff09 \u673a\u5236\u5b9e\u73b0\u7684\u3002\u8fd9\u4e9b\u673a\u5236\u5df2\u88ab\u8bc1\u660e\u5bb9\u6613\u53d7\u5230\u4fa7\u4fe1\u9053\u653b\u51fb\uff0c\u5176\u4e2d\u4e00\u4e2a VM \u53ef\u4ee5\u63a8\u65ad\u51fa\u53e6\u4e00\u4e2a VM \u7684\u72b6\u6001\uff0c\u5e76\u4e14\u53ef\u80fd\u4e0d\u9002\u7528\u4e8e\u5e76\u975e\u6240\u6709\u79df\u6237\u90fd\u53d7\u4fe1\u4efb\u6216\u5171\u4eab\u76f8\u540c\u4fe1\u4efb\u7ea7\u522b\u7684\u591a\u79df\u6237\u73af\u5883\u3002 KVM \u5185\u6838\u540c\u9875\u5408\u5e76 \u00b6 \u5728\u7248\u672c 2.6.32 \u4e2d\u5f15\u5165\u5230 Linux \u5185\u6838\u4e2d\uff0c\u5185\u6838\u76f8\u540c\u9875\u5408\u5e76 \uff08KSM\uff09 \u5728 Linux \u8fdb\u7a0b\u4e4b\u95f4\u6574\u5408\u4e86\u76f8\u540c\u7684\u5185\u5b58\u9875\u3002\u7531\u4e8e KVM \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e0b\u7684\u6bcf\u4e2a\u5ba2\u6237\u673a\u865a\u62df\u673a\u90fd\u5728\u81ea\u5df1\u7684\u8fdb\u7a0b\u4e2d\u8fd0\u884c\uff0c\u56e0\u6b64 KSM \u53ef\u7528\u4e8e\u4f18\u5316\u865a\u62df\u673a\u4e4b\u95f4\u7684\u5185\u5b58\u4f7f\u7528\u3002 XEN \u900f\u660e\u9875\u9762\u5171\u4eab \u00b6 XenServer 5.6 \u5305\u542b\u4e00\u4e2a\u540d\u4e3a\u900f\u660e\u9875\u9762\u5171\u4eab \uff08TPS\uff09 \u7684\u5185\u5b58\u8fc7\u91cf\u4f7f\u7528\u529f\u80fd\u3002TPS \u626b\u63cf 4 KB \u533a\u5757\u4e2d\u7684\u5185\u5b58\u4ee5\u67e5\u627e\u4efb\u4f55\u91cd\u590d\u9879\u3002\u627e\u5230\u540e\uff0cXen \u865a\u62df\u673a\u76d1\u89c6\u5668 \uff08VMM\uff09 \u5c06\u4e22\u5f03\u5176\u4e2d\u4e00\u4e2a\u91cd\u590d\u9879\uff0c\u5e76\u8bb0\u5f55\u7b2c\u4e8c\u4e2a\u526f\u672c\u7684\u5f15\u7528\u3002 \u5185\u5b58\u4f18\u5316\u7684\u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u00b6 \u4f20\u7edf\u4e0a\uff0c\u5185\u5b58\u91cd\u590d\u6570\u636e\u6d88\u9664\u7cfb\u7edf\u5bb9\u6613\u53d7\u5230\u4fa7\u4fe1\u9053\u653b\u51fb\u3002KSM \u548c TPS \u90fd\u5df2\u88ab\u8bc1\u660e\u5bb9\u6613\u53d7\u5230\u67d0\u79cd\u5f62\u5f0f\u7684\u653b\u51fb\u3002\u5728\u5b66\u672f\u7814\u7a76\u4e2d\uff0c\u653b\u51fb\u8005\u80fd\u591f\u901a\u8fc7\u5206\u6790\u653b\u51fb\u8005\u865a\u62df\u673a\u4e0a\u7684\u5185\u5b58\u8bbf\u95ee\u65f6\u95f4\u6765\u8bc6\u522b\u76f8\u90bb\u865a\u62df\u673a\u4e0a\u8fd0\u884c\u7684\u8f6f\u4ef6\u5305\u548c\u7248\u672c\uff0c\u4ee5\u53ca\u8f6f\u4ef6\u4e0b\u8f7d\u548c\u5176\u4ed6\u654f\u611f\u4fe1\u606f\u3002 \u5982\u679c\u4e91\u90e8\u7f72\u9700\u8981\u5f3a\u79df\u6237\u5206\u79bb\uff08\u5982\u516c\u6709\u4e91\u548c\u67d0\u4e9b\u79c1\u6709\u4e91\u7684\u60c5\u51b5\uff09\uff0c\u90e8\u7f72\u4eba\u5458\u5e94\u8003\u8651\u7981\u7528 TPS \u548c KSM \u5185\u5b58\u4f18\u5316\u3002 \u5176\u4ed6\u5b89\u5168\u529f\u80fd \u00b6 \u9009\u62e9\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5e73\u53f0\u65f6\u8981\u8003\u8651\u7684\u53e6\u4e00\u4ef6\u4e8b\u662f\u7279\u5b9a\u5b89\u5168\u529f\u80fd\u7684\u53ef\u7528\u6027\u3002\u7279\u522b\u662f\u529f\u80fd\u3002\u4f8b\u5982\uff0cXen Server \u7684 XSM \u6216 Xen \u5b89\u5168\u6a21\u5757\u3001sVirt\u3001Intel TXT \u6216 AppArmor\u3002 \u4e0b\u8868\u6309\u5e38\u89c1\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5e73\u53f0\u5217\u51fa\u4e86\u8fd9\u4e9b\u529f\u80fd\u3002 XSM sVirt TXT AppArmor cgroups MAC \u7b56\u7565 KVM X X X X X Xen X X ESXi X Hyper-V \u6ce8\u610f \u6b64\u8868\u4e2d\u7684\u529f\u80fd\u53ef\u80fd\u4e0d\u9002\u7528\u4e8e\u6240\u6709\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\uff0c\u4e5f\u53ef\u80fd\u65e0\u6cd5\u5728\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e4b\u95f4\u76f4\u63a5\u6620\u5c04\u3002 \u53c2\u8003\u4e66\u76ee \u00b6 Sunar\u3001Eisenbarth\u3001Inci\u3001Gorka Irazoqui Apecechea\u3002\u5bf9 Xen \u548c VMware \u8fdb\u884c\u7ec6\u7c92\u5ea6\u8de8\u865a\u62df\u673a\u653b\u51fb\u662f\u53ef\u80fd\u7684\uff012014\u3002 https://eprint.iacr.org/2014/248.pfd Artho\u3001Yagi\u3001Iijima\u3001Kuniyasu Suzaki\u3002\u5185\u5b58\u91cd\u590d\u6570\u636e\u5220\u9664\u5bf9\u5ba2\u6237\u673a\u64cd\u4f5c\u7cfb\u7edf\u7684\u5a01\u80c1\u30022011 \u5e74\u3002https://staff.aist.go.jp/c.artho/papers/EuroSec2011-suzaki.pdf KVM\uff1a\u57fa\u4e8e\u5185\u6838\u7684\u865a\u62df\u673a\u3002\u5185\u6838\u76f8\u540c\u9875\u5408\u5e76\u30022010\u3002http://www.linux-kvm.org/page/KSM Xen \u9879\u76ee\uff0cXen \u5b89\u5168\u6a21\u5757\uff1aXSM-FLASK\u30022014\u3002 http://wiki.xen.org/wiki/Xen_Security_Modules_:_XSM-FLASK SELinux \u9879\u76ee\uff0cSVirt\u30022011\u3002 http://selinuxproject.org/page/SVirt Intel.com\uff0c\u91c7\u7528\u82f1\u7279\u5c14\u53ef\u4fe1\u6267\u884c\u6280\u672f \uff08Intel TXT\uff09 \u7684\u53ef\u4fe1\u8ba1\u7b97\u6c60\u3002http://www.intel.com/txt AppArmor.net\uff0cAppArmor \u4e3b\u9875\u30022011\u3002 http://wiki.apparmor.net/index.php/Main_Page Kernel.org\uff0cCGroups\u30022004\u3002https://www.kernel.org/doc/Documentation/cgroup-v1/cgroups.txt \u8ba1\u7b97\u673a\u5b89\u5168\u8d44\u6e90\u4e2d\u5fc3\u3002\u5b8c\u6574\u865a\u62df\u5316\u6280\u672f\u5b89\u5168\u6307\u5357\u30022011\u3002 http://csrc.nist.gov/publications/nistpubs/800-125/SP800-125-final.pdf \u56fd\u5bb6\u4fe1\u606f\u4fdd\u969c\u4f19\u4f34\u5173\u7cfb\uff0c\u56fd\u5bb6\u5b89\u5168\u7535\u4fe1\u548c\u4fe1\u606f\u7cfb\u7edf\u5b89\u5168\u653f\u7b56\u30022003\u3002http://www.niap-ccevs.org/cc-scheme/nstissp_11_revised_factsheet.pdf \u52a0\u56fa\u865a\u62df\u5316\u5c42 \u00b6 \u5728\u672c\u7ae0\u7684\u5f00\u5934\uff0c\u6211\u4eec\u5c06\u8ba8\u8bba\u5b9e\u4f8b\u5bf9\u7269\u7406\u548c\u865a\u62df\u786c\u4ef6\u7684\u4f7f\u7528\u3001\u76f8\u5173\u7684\u5b89\u5168\u98ce\u9669\u4ee5\u53ca\u7f13\u89e3\u8fd9\u4e9b\u98ce\u9669\u7684\u4e00\u4e9b\u5efa\u8bae\u3002\u7136\u540e\uff0c\u6211\u4eec\u5c06\u8ba8\u8bba\u5982\u4f55\u4f7f\u7528\u5b89\u5168\u52a0\u5bc6\u865a\u62df\u5316\u6280\u672f\u6765\u52a0\u5bc6\u652f\u6301\u8be5\u6280\u672f\u7684\u57fa\u4e8e AMD \u7684\u673a\u5668\u4e0a\u7684\u865a\u62df\u673a\u7684\u5185\u5b58\u3002\u5728\u672c\u7ae0\u7684\u6700\u540e\uff0c\u6211\u4eec\u5c06\u8ba8\u8bba sVirt\uff0c\u8fd9\u662f\u4e00\u4e2a\u5f00\u6e90\u9879\u76ee\uff0c\u7528\u4e8e\u5c06 SELinux \u5f3a\u5236\u8bbf\u95ee\u63a7\u5236\u4e0e\u865a\u62df\u5316\u7ec4\u4ef6\u96c6\u6210\u3002 \u7269\u7406\u786c\u4ef6\uff08PCI\u76f4\u901a\uff09 \u00b6 \u8bb8\u591a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u90fd\u63d0\u4f9b\u4e00\u79cd\u79f0\u4e3a PCI \u76f4\u901a\u7684\u529f\u80fd\u3002\u8fd9\u5141\u8bb8\u5b9e\u4f8b\u76f4\u63a5\u8bbf\u95ee\u8282\u70b9\u4e0a\u7684\u786c\u4ef6\u3002\u4f8b\u5982\uff0c\u8fd9\u53ef\u7528\u4e8e\u5141\u8bb8\u5b9e\u4f8b\u8bbf\u95ee\u63d0\u4f9b\u8ba1\u7b97\u7edf\u4e00\u8bbe\u5907\u67b6\u6784 \uff08CUDA\uff09 \u4ee5\u5b9e\u73b0\u9ad8\u6027\u80fd\u8ba1\u7b97\u7684\u89c6\u9891\u5361\u6216 GPU\u3002\u6b64\u529f\u80fd\u5b58\u5728\u4e24\u79cd\u7c7b\u578b\u7684\u5b89\u5168\u98ce\u9669\uff1a\u76f4\u63a5\u5185\u5b58\u8bbf\u95ee\u548c\u786c\u4ef6\u611f\u67d3\u3002 \u76f4\u63a5\u5185\u5b58\u8bbf\u95ee \uff08DMA\uff09 \u662f\u4e00\u79cd\u529f\u80fd\uff0c\u5b83\u5141\u8bb8\u67d0\u4e9b\u786c\u4ef6\u8bbe\u5907\u8bbf\u95ee\u4e3b\u673a\u4e2d\u7684\u4efb\u610f\u7269\u7406\u5185\u5b58\u5730\u5740\u3002\u89c6\u9891\u5361\u901a\u5e38\u5177\u6709\u6b64\u529f\u80fd\u3002\u4f46\u662f\uff0c\u4e0d\u5e94\u5411\u5b9e\u4f8b\u6388\u4e88\u4efb\u610f\u7269\u7406\u5185\u5b58\u8bbf\u95ee\u6743\u9650\uff0c\u56e0\u4e3a\u8fd9\u5c06\u4f7f\u5176\u80fd\u591f\u5168\u9762\u4e86\u89e3\u4e3b\u673a\u7cfb\u7edf\u548c\u5728\u540c\u4e00\u8282\u70b9\u4e0a\u8fd0\u884c\u7684\u5176\u4ed6\u5b9e\u4f8b\u3002\u5728\u8fd9\u4e9b\u60c5\u51b5\u4e0b\uff0c\u786c\u4ef6\u4f9b\u5e94\u5546\u4f7f\u7528\u8f93\u5165/\u8f93\u51fa\u5185\u5b58\u7ba1\u7406\u5355\u5143 \uff08IOMMU\uff09 \u6765\u7ba1\u7406 DMA \u8bbf\u95ee\u3002\u6211\u4eec\u5efa\u8bae\u4e91\u67b6\u6784\u5e08\u5e94\u786e\u4fdd\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u914d\u7f6e\u4e3a\u4f7f\u7528\u6b64\u786c\u4ef6\u529f\u80fd\u3002 KVM: KVM\uff1a \u5982\u4f55\u5728 KVM \u4e2d\u4f7f\u7528 VT-d \u5206\u914d\u8bbe\u5907 Xen: Xen\uff1a Xen VTd Howto Xen VTd \u8d34\u58eb\u6307\u5357 \u6ce8\u610f IOMMU \u529f\u80fd\u7531 Intel \u4f5c\u4e3a VT-d \u9500\u552e\uff0c\u7531 AMD \u4ee5 AMD-Vi \u9500\u552e\u3002 \u5f53\u5b9e\u4f8b\u5bf9\u56fa\u4ef6\u6216\u8bbe\u5907\u7684\u67d0\u4e9b\u5176\u4ed6\u90e8\u5206\u8fdb\u884c\u6076\u610f\u4fee\u6539\u65f6\uff0c\u5c31\u4f1a\u53d1\u751f\u786c\u4ef6\u611f\u67d3\u3002\u7531\u4e8e\u6b64\u8bbe\u5907\u7531\u5176\u4ed6\u5b9e\u4f8b\u6216\u4e3b\u673a\u64cd\u4f5c\u7cfb\u7edf\u4f7f\u7528\uff0c\u56e0\u6b64\u6076\u610f\u4ee3\u7801\u53ef\u80fd\u4f1a\u4f20\u64ad\u5230\u8fd9\u4e9b\u7cfb\u7edf\u4e2d\u3002\u6700\u7ec8\u7ed3\u679c\u662f\uff0c\u4e00\u4e2a\u5b9e\u4f8b\u53ef\u4ee5\u5728\u5176\u5b89\u5168\u57df\u4e4b\u5916\u8fd0\u884c\u4ee3\u7801\u3002\u8fd9\u662f\u4e00\u4e2a\u91cd\u5927\u7684\u6f0f\u6d1e\uff0c\u56e0\u4e3a\u91cd\u7f6e\u7269\u7406\u786c\u4ef6\u7684\u72b6\u6001\u6bd4\u91cd\u7f6e\u865a\u62df\u786c\u4ef6\u66f4\u96be\uff0c\u5e76\u4e14\u53ef\u80fd\u5bfc\u81f4\u989d\u5916\u7684\u66b4\u9732\uff0c\u4f8b\u5982\u8bbf\u95ee\u7ba1\u7406\u7f51\u7edc\u3002 \u786c\u4ef6\u611f\u67d3\u95ee\u9898\u7684\u89e3\u51b3\u65b9\u6848\u662f\u7279\u5b9a\u4e8e\u57df\u7684\u3002\u8be5\u7b56\u7565\u662f\u786e\u5b9a\u5b9e\u4f8b\u5982\u4f55\u4fee\u6539\u786c\u4ef6\u72b6\u6001\uff0c\u7136\u540e\u786e\u5b9a\u5728\u4f7f\u7528\u786c\u4ef6\u5b8c\u6210\u5b9e\u4f8b\u65f6\u5982\u4f55\u91cd\u7f6e\u4efb\u4f55\u4fee\u6539\u3002\u4f8b\u5982\uff0c\u4e00\u79cd\u9009\u62e9\u53ef\u80fd\u662f\u5728\u4f7f\u7528\u540e\u91cd\u65b0\u5237\u65b0\u56fa\u4ef6\u3002\u9700\u8981\u5e73\u8861\u786c\u4ef6\u5bff\u547d\u548c\u5b89\u5168\u6027\uff0c\u56e0\u4e3a\u67d0\u4e9b\u56fa\u4ef6\u5728\u5927\u91cf\u5199\u5165\u540e\u4f1a\u51fa\u73b0\u6545\u969c\u3002\u5b89\u5168\u5f15\u5bfc\u4e2d\u6240\u8ff0\u7684 TPM \u6280\u672f\u662f\u4e00\u79cd\u7528\u4e8e\u68c0\u6d4b\u672a\u7ecf\u6388\u6743\u7684\u56fa\u4ef6\u66f4\u6539\u7684\u89e3\u51b3\u65b9\u6848\u3002\u65e0\u8bba\u9009\u62e9\u54ea\u79cd\u7b56\u7565\uff0c\u90fd\u5fc5\u987b\u4e86\u89e3\u4e0e\u6b64\u7c7b\u786c\u4ef6\u5171\u4eab\u76f8\u5173\u7684\u98ce\u9669\uff0c\u4ee5\u4fbf\u9488\u5bf9\u7ed9\u5b9a\u7684\u90e8\u7f72\u65b9\u6848\u9002\u5f53\u7f13\u89e3\u8fd9\u4e9b\u98ce\u9669\u3002 \u7531\u4e8e\u4e0e PCI \u76f4\u901a\u76f8\u5173\u7684\u98ce\u9669\u548c\u590d\u6742\u6027\uff0c\u9ed8\u8ba4\u60c5\u51b5\u4e0b\u5e94\u7981\u7528\u5b83\u3002\u5982\u679c\u4e3a\u7279\u5b9a\u9700\u6c42\u542f\u7528\uff0c\u5219\u9700\u8981\u5236\u5b9a\u9002\u5f53\u7684\u6d41\u7a0b\uff0c\u4ee5\u786e\u4fdd\u786c\u4ef6\u5728\u91cd\u65b0\u53d1\u884c\u4e4b\u524d\u662f\u5e72\u51c0\u7684\u3002 \u865a\u62df\u786c\u4ef6 \uff08QEMU\uff09 \u00b6 \u8fd0\u884c\u865a\u62df\u673a\u65f6\uff0c\u865a\u62df\u786c\u4ef6\u662f\u4e3a\u865a\u62df\u673a\u63d0\u4f9b\u786c\u4ef6\u63a5\u53e3\u7684\u8f6f\u4ef6\u5c42\u3002\u5b9e\u4f8b\u4f7f\u7528\u6b64\u529f\u80fd\u63d0\u4f9b\u53ef\u80fd\u9700\u8981\u7684\u7f51\u7edc\u3001\u5b58\u50a8\u3001\u89c6\u9891\u548c\u5176\u4ed6\u8bbe\u5907\u3002\u8003\u8651\u5230\u8fd9\u4e00\u70b9\uff0c\u73af\u5883\u4e2d\u7684\u5927\u591a\u6570\u5b9e\u4f8b\u5c06\u4e13\u95e8\u4f7f\u7528\u865a\u62df\u786c\u4ef6\uff0c\u5c11\u6570\u5b9e\u4f8b\u9700\u8981\u76f4\u63a5\u786c\u4ef6\u8bbf\u95ee\u3002\u4e3b\u8981\u7684\u5f00\u6e90\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4f7f\u7528 QEMU \u6765\u5b9e\u73b0\u6b64\u529f\u80fd\u3002\u867d\u7136 QEMU \u6ee1\u8db3\u4e86\u5bf9\u865a\u62df\u5316\u5e73\u53f0\u7684\u91cd\u8981\u9700\u6c42\uff0c\u4f46\u5b83\u5df2\u88ab\u8bc1\u660e\u662f\u4e00\u4e2a\u975e\u5e38\u5177\u6709\u6311\u6218\u6027\u7684\u8f6f\u4ef6\u9879\u76ee\u3002QEMU \u4e2d\u7684\u8bb8\u591a\u529f\u80fd\u90fd\u662f\u901a\u8fc7\u5927\u591a\u6570\u5f00\u53d1\u4eba\u5458\u96be\u4ee5\u7406\u89e3\u7684\u4f4e\u7ea7\u4ee3\u7801\u5b9e\u73b0\u7684\u3002QEMU \u865a\u62df\u5316\u7684\u786c\u4ef6\u5305\u62ec\u8bb8\u591a\u4f20\u7edf\u8bbe\u5907\uff0c\u8fd9\u4e9b\u8bbe\u5907\u6709\u81ea\u5df1\u7684\u4e00\u5957\u602a\u7656\u3002\u7efc\u4e0a\u6240\u8ff0\uff0cQEMU \u4e00\u76f4\u662f\u8bb8\u591a\u5b89\u5168\u95ee\u9898\u7684\u6839\u6e90\uff0c\u5305\u62ec\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u7a81\u7834\u653b\u51fb\u3002 \u91c7\u53d6\u79ef\u6781\u4e3b\u52a8\u7684\u63aa\u65bd\u6765\u5f3a\u5316 QEMU \u975e\u5e38\u91cd\u8981\u3002\u6211\u4eec\u5efa\u8bae\u6267\u884c\u4e09\u4e2a\u5177\u4f53\u6b65\u9aa4\uff1a \u6700\u5c0f\u5316\u4ee3\u7801\u5e93\u3002 \u4f7f\u7528\u7f16\u8bd1\u5668\u5f3a\u5316\u3002 \u4f7f\u7528\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236\uff0c\u4f8b\u5982 sVirt\u3001SELinux \u6216 AppArmor\u3002 \u786e\u4fdd\u60a8\u7684 iptables \u5177\u6709\u8fc7\u6ee4\u7f51\u7edc\u6d41\u91cf\u7684\u9ed8\u8ba4\u7b56\u7565\uff0c\u5e76\u8003\u8651\u68c0\u67e5\u73b0\u6709\u89c4\u5219\u96c6\u4ee5\u4e86\u89e3\u6bcf\u4e2a\u89c4\u5219\u5e76\u786e\u5b9a\u662f\u5426\u9700\u8981\u6269\u5c55\u8be5\u7b56\u7565\u3002 \u6700\u5c0f\u5316 QEMU \u4ee3\u7801\u5e93 \u00b6 \u6211\u4eec\u5efa\u8bae\u901a\u8fc7\u4ece\u7cfb\u7edf\u4e2d\u5220\u9664\u672a\u4f7f\u7528\u7684\u7ec4\u4ef6\u6765\u6700\u5c0f\u5316 QEMU \u4ee3\u7801\u5e93\u3002QEMU \u4e3a\u8bb8\u591a\u4e0d\u540c\u7684\u865a\u62df\u786c\u4ef6\u8bbe\u5907\u63d0\u4f9b\u652f\u6301\uff0c\u4f46\u7ed9\u5b9a\u5b9e\u4f8b\u53ea\u9700\u8981\u5c11\u91cf\u8bbe\u5907\u3002\u6700\u5e38\u89c1\u7684\u786c\u4ef6\u8bbe\u5907\u662f virtio \u8bbe\u5907\u3002\u67d0\u4e9b\u65e7\u5b9e\u4f8b\u5c06\u9700\u8981\u8bbf\u95ee\u7279\u5b9a\u786c\u4ef6\uff0c\u8fd9\u4e9b\u786c\u4ef6\u53ef\u4ee5\u4f7f\u7528 glance \u5143\u6570\u636e\u6307\u5b9a\uff1a $ glance image-update \\ --property hw_disk_bus=ide \\ --property hw_cdrom_bus=ide \\ --property hw_vif_model=e1000 \\ f16-x86_64-openstack-sda \u4e91\u67b6\u6784\u5e08\u5e94\u51b3\u5b9a\u5411\u4e91\u7528\u6237\u63d0\u4f9b\u54ea\u4e9b\u8bbe\u5907\u3002\u4efb\u4f55\u4e0d\u9700\u8981\u7684\u4e1c\u897f\u90fd\u5e94\u8be5\u4ece QEMU \u4e2d\u5220\u9664\u3002\u6b64\u6b65\u9aa4\u9700\u8981\u5728\u4fee\u6539\u4f20\u9012\u7ed9 QEMU \u914d\u7f6e\u811a\u672c\u7684\u9009\u9879\u540e\u91cd\u65b0\u7f16\u8bd1 QEMU\u3002\u8981\u83b7\u5f97\u6700\u65b0\u9009\u9879\u7684\u5b8c\u6574\u5217\u8868\uff0c\u53ea\u9700\u4ece QEMU \u6e90\u76ee\u5f55\u4e2d\u8fd0\u884c ./configure --help\u3002\u786e\u5b9a\u90e8\u7f72\u6240\u9700\u7684\u5185\u5bb9\uff0c\u5e76\u7981\u7528\u5176\u4f59\u9009\u9879\u3002 \u7f16\u8bd1\u5668\u52a0\u56fa \u00b6 \u4f7f\u7528\u7f16\u8bd1\u5668\u5f3a\u5316\u9009\u9879\u5f3a\u5316 QEMU\u3002\u73b0\u4ee3\u7f16\u8bd1\u5668\u63d0\u4f9b\u4e86\u591a\u79cd\u7f16\u8bd1\u65f6\u9009\u9879\uff0c\u4ee5\u63d0\u9ad8\u751f\u6210\u7684\u4e8c\u8fdb\u5236\u6587\u4ef6\u7684\u5b89\u5168\u6027\u3002\u8fd9\u4e9b\u529f\u80fd\u5305\u62ec\u53ea\u8bfb\u91cd\u5b9a\u4f4d \uff08RELRO\uff09\u3001\u5806\u6808\u91d1\u4e1d\u96c0\u3001\u4ece\u4e0d\u6267\u884c \uff08NX\uff09\u3001\u4f4d\u7f6e\u65e0\u5173\u53ef\u6267\u884c\u6587\u4ef6 \uff08PIE\uff09 \u548c\u5730\u5740\u7a7a\u95f4\u5e03\u5c40\u968f\u673a\u5316 \uff08ASLR\uff09\u3002 \u8bb8\u591a\u73b0\u4ee3 Linux \u53d1\u884c\u7248\u5df2\u7ecf\u5728\u6784\u5efa\u542f\u7528\u7f16\u8bd1\u5668\u5f3a\u5316\u7684 QEMU\uff0c\u6211\u4eec\u5efa\u8bae\u5728\u7ee7\u7eed\u64cd\u4f5c\u4e4b\u524d\u9a8c\u8bc1\u73b0\u6709\u7684\u53ef\u6267\u884c\u6587\u4ef6\u3002\u53ef\u4ee5\u5e2e\u52a9\u60a8\u8fdb\u884c\u6b64\u9a8c\u8bc1\u7684\u4e00\u79cd\u5de5\u5177\u79f0\u4e3a checksec.sh RELocation \u53ea\u8bfb \uff08RELRO\uff09 \u5f3a\u5316\u53ef\u6267\u884c\u6587\u4ef6\u7684\u6570\u636e\u90e8\u5206\u3002gcc \u652f\u6301\u5b8c\u6574\u548c\u90e8\u5206 RELRO \u6a21\u5f0f\u3002\u5bf9\u4e8eQEMU\u6765\u8bf4\uff0c\u5b8c\u6574\u7684RELLO\u662f\u60a8\u7684\u6700\u4f73\u9009\u62e9\u3002\u8fd9\u5c06\u4f7f\u5168\u5c40\u504f\u79fb\u8868\u6210\u4e3a\u53ea\u8bfb\u7684\uff0c\u5e76\u5728\u751f\u6210\u7684\u53ef\u6267\u884c\u6587\u4ef6\u4e2d\u5c06\u5404\u79cd\u5185\u90e8\u6570\u636e\u90e8\u5206\u653e\u5728\u7a0b\u5e8f\u6570\u636e\u90e8\u5206\u4e4b\u524d\u3002 \u6808\u4fdd\u62a4 \u5c06\u503c\u653e\u5728\u5806\u6808\u4e0a\u5e76\u9a8c\u8bc1\u5176\u662f\u5426\u5b58\u5728\uff0c\u4ee5\u5e2e\u52a9\u9632\u6b62\u7f13\u51b2\u533a\u6ea2\u51fa\u653b\u51fb\u3002 \u4ece\u4e0d\u6267\u884c \uff08NX\uff09 \u4e5f\u79f0\u4e3a\u6570\u636e\u6267\u884c\u4fdd\u62a4 \uff08DEP\uff09\uff0c\u786e\u4fdd\u65e0\u6cd5\u6267\u884c\u53ef\u6267\u884c\u6587\u4ef6\u7684\u6570\u636e\u90e8\u5206\u3002 \u4f4d\u7f6e\u65e0\u5173\u53ef\u6267\u884c\u6587\u4ef6 \uff08PIE\uff09 \u751f\u6210\u4e00\u4e2a\u72ec\u7acb\u4e8e\u4f4d\u7f6e\u7684\u53ef\u6267\u884c\u6587\u4ef6\uff0c\u8fd9\u662f ASLR \u6240\u5fc5\u9700\u7684\u3002 \u5730\u5740\u7a7a\u95f4\u5e03\u5c40\u968f\u673a\u5316 \uff08ASLR\uff09 \u8fd9\u786e\u4fdd\u4e86\u4ee3\u7801\u548c\u6570\u636e\u533a\u57df\u7684\u653e\u7f6e\u90fd\u662f\u968f\u673a\u7684\u3002\u5f53\u4f7f\u7528 PIE \u6784\u5efa\u53ef\u6267\u884c\u6587\u4ef6\u65f6\uff0c\u7531\u5185\u6838\u542f\u7528\uff08\u6240\u6709\u73b0\u4ee3 Linux \u5185\u6838\u90fd\u652f\u6301 ASLR\uff09\u3002 \u7f16\u8bd1 QEMU \u65f6\uff0c\u5efa\u8bae\u5bf9 GCC \u4f7f\u7528\u4ee5\u4e0b\u7f16\u8bd1\u5668\u9009\u9879\uff1a CFLAGS=\"-arch x86_64 -fstack-protector-all -Wstack-protector \\ --param ssp-buffer-size=4 -pie -fPIE -ftrapv -D_FORTIFY_SOURCE=2 -O2 \\ -Wl,-z,relro,-z,now\" \u6211\u4eec\u5efa\u8bae\u5728\u7f16\u8bd1 QEMU \u53ef\u6267\u884c\u6587\u4ef6\u540e\u5bf9\u5176\u8fdb\u884c\u6d4b\u8bd5\uff0c\u4ee5\u786e\u4fdd\u7f16\u8bd1\u5668\u5f3a\u5316\u6b63\u5e38\u5de5\u4f5c\u3002 \u5927\u591a\u6570\u4e91\u90e8\u7f72\u4e0d\u4f1a\u624b\u52a8\u6784\u5efa\u8f6f\u4ef6\uff0c\u4f8b\u5982 QEMU\u3002\u6700\u597d\u4f7f\u7528\u6253\u5305\u6765\u786e\u4fdd\u8be5\u8fc7\u7a0b\u662f\u53ef\u91cd\u590d\u7684\uff0c\u5e76\u786e\u4fdd\u6700\u7ec8\u7ed3\u679c\u53ef\u4ee5\u8f7b\u677e\u5730\u90e8\u7f72\u5728\u6574\u4e2a\u4e91\u4e2d\u3002\u4e0b\u9762\u7684\u53c2\u8003\u8d44\u6599\u63d0\u4f9b\u4e86\u6709\u5173\u5c06\u7f16\u8bd1\u5668\u5f3a\u5316\u9009\u9879\u5e94\u7528\u4e8e\u73b0\u6709\u5305\u7684\u4e00\u4e9b\u5176\u4ed6\u8be6\u7ec6\u4fe1\u606f\u3002 DEB \u5c01\u88c5\uff1a \u786c\u5316\u6307\u5357 RPM \u5305\uff1a \u5982\u4f55\u521b\u5efa RPM \u5305 \u5b89\u5168\u52a0\u5bc6\u865a\u62df\u5316 \u00b6 \u5b89\u5168\u52a0\u5bc6\u865a\u62df\u5316 \uff08SEV\uff09 \u662f AMD \u7684\u4e00\u9879\u6280\u672f\uff0c\u5b83\u5141\u8bb8\u4f7f\u7528 VM \u552f\u4e00\u7684\u5bc6\u94a5\u5bf9 VM \u7684\u5185\u5b58\u8fdb\u884c\u52a0\u5bc6\u3002SEV \u5728 Train \u7248\u672c\u4e2d\u4f5c\u4e3a\u6280\u672f\u9884\u89c8\u7248\u63d0\u4f9b\uff0c\u5728\u67d0\u4e9b\u57fa\u4e8e AMD \u7684\u673a\u5668\u4e0a\u63d0\u4f9b KVM \u5ba2\u6237\u673a\uff0c\u7528\u4e8e\u8bc4\u4f30\u6280\u672f\u3002 nova \u914d\u7f6e\u6307\u5357\u7684 KVM \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u90e8\u5206\u5305\u542b\u914d\u7f6e\u8ba1\u7b97\u673a\u548c\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u6240\u9700\u7684\u4fe1\u606f\uff0c\u5e76\u5217\u51fa\u4e86 SEV \u7684\u51e0\u4e2a\u9650\u5236\u3002 SEV \u4e3a\u6b63\u5728\u8fd0\u884c\u7684 VM \u4f7f\u7528\u7684\u5185\u5b58\u4e2d\u7684\u6570\u636e\u63d0\u4f9b\u4fdd\u62a4\u3002\u4f46\u662f\uff0c\u867d\u7136 SEV \u4e0e OpenStack \u96c6\u6210\u7684\u7b2c\u4e00\u9636\u6bb5\u652f\u6301\u865a\u62df\u673a\u52a0\u5bc6\u5185\u5b58\uff0c\u4f46\u91cd\u8981\u7684\u662f\u5b83\u4e0d\u63d0\u4f9b SEV \u56fa\u4ef6\u63d0\u4f9b\u7684 LAUNCH_MEASURE or LAUNCH_SECRET \u529f\u80fd\u3002\u8fd9\u610f\u5473\u7740\u53d7 SEV \u4fdd\u62a4\u7684 VM \u4f7f\u7528\u7684\u6570\u636e\u53ef\u80fd\u4f1a\u53d7\u5230\u63a7\u5236\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u7684\u6709\u52a8\u673a\u7684\u5bf9\u624b\u7684\u653b\u51fb\u3002\u4f8b\u5982\uff0c\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u8ba1\u7b97\u673a\u4e0a\u7684\u6076\u610f\u7ba1\u7406\u5458\u53ef\u4ee5\u4e3a\u5177\u6709\u540e\u95e8\u548c\u95f4\u8c0d\u8f6f\u4ef6\u7684\u79df\u6237\u63d0\u4f9b VM \u6620\u50cf\uff0c\u8fd9\u4e9b\u540e\u95e8\u548c\u95f4\u8c0d\u8f6f\u4ef6\u80fd\u591f\u7a83\u53d6\u673a\u5bc6\uff0c\u6216\u8005\u66ff\u6362 VNC \u670d\u52a1\u5668\u8fdb\u7a0b\u4ee5\u7aa5\u63a2\u53d1\u9001\u5230 VM \u63a7\u5236\u53f0\u6216\u4ece VM \u63a7\u5236\u53f0\u53d1\u9001\u7684\u6570\u636e\uff0c\u5305\u62ec\u89e3\u9501\u5168\u78c1\u76d8\u52a0\u5bc6\u89e3\u51b3\u65b9\u6848\u7684\u5bc6\u7801\u3002 \u4e3a\u4e86\u51cf\u5c11\u6076\u610f\u7ba1\u7406\u5458\u672a\u7ecf\u6388\u6743\u8bbf\u95ee\u6570\u636e\u7684\u673a\u4f1a\uff0c\u4f7f\u7528 SEV \u65f6\u5e94\u9075\u5faa\u4ee5\u4e0b\u5b89\u5168\u505a\u6cd5\uff1a VM \u5e94\u4f7f\u7528\u5b8c\u6574\u78c1\u76d8\u52a0\u5bc6\u89e3\u51b3\u65b9\u6848\u3002 \u5e94\u5728 VM \u4e0a\u4f7f\u7528\u5f15\u5bfc\u52a0\u8f7d\u7a0b\u5e8f\u5bc6\u7801\u3002 \u6b64\u5916\uff0c\u5e94\u5c06\u6807\u51c6\u5b89\u5168\u6700\u4f73\u505a\u6cd5\u7528\u4e8e VM\uff0c\u5305\u62ec\u4ee5\u4e0b\u5185\u5bb9\uff1a VM \u5e94\u5f97\u5230\u826f\u597d\u7684\u7ef4\u62a4\uff0c\u5305\u62ec\u5b9a\u671f\u8fdb\u884c\u5b89\u5168\u626b\u63cf\u548c\u4fee\u8865\uff0c\u4ee5\u786e\u4fdd VM \u6301\u7eed\u4fdd\u6301\u5f3a\u5927\u7684\u5b89\u5168\u6001\u52bf\u3002 \u4e0e VM \u7684\u8fde\u63a5\u5e94\u4f7f\u7528\u52a0\u5bc6\u548c\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u534f\u8bae\uff0c\u4f8b\u5982 HTTPS \u548c SSH\u3002 \u5e94\u8003\u8651\u4f7f\u7528\u5176\u4ed6\u5b89\u5168\u5de5\u5177\u548c\u6d41\u7a0b\uff0c\u5e76\u5c06\u5176\u7528\u4e8e\u9002\u5408\u6570\u636e\u654f\u611f\u5ea6\u7ea7\u522b\u7684 VM\u3002 \u5f3a\u5236\u8bbf\u95ee\u63a7\u5236 \u00b6 \u7f16\u8bd1\u5668\u52a0\u56fa\u4f7f\u653b\u51fb QEMU \u8fdb\u7a0b\u53d8\u5f97\u66f4\u52a0\u56f0\u96be\u3002\u4f46\u662f\uff0c\u5982\u679c\u653b\u51fb\u8005\u5f97\u901e\uff0c\u5219\u9700\u8981\u9650\u5236\u653b\u51fb\u7684\u5f71\u54cd\u3002\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236\u901a\u8fc7\u5c06 QEMU \u8fdb\u7a0b\u4e0a\u7684\u6743\u9650\u9650\u5236\u4e3a\u4ec5\u9700\u8981\u7684\u6743\u9650\u6765\u5b9e\u73b0\u6b64\u76ee\u7684\u3002\u8fd9\u53ef\u4ee5\u901a\u8fc7\u4f7f\u7528 sVirt\u3001SELinux \u6216 AppArmor \u6765\u5b9e\u73b0\u3002\u4f7f\u7528 sVirt \u65f6\uff0cSELinux \u914d\u7f6e\u4e3a\u5728\u5355\u72ec\u7684\u5b89\u5168\u4e0a\u4e0b\u6587\u4e0b\u8fd0\u884c\u6bcf\u4e2a QEMU \u8fdb\u7a0b\u3002AppArmor \u53ef\u4ee5\u914d\u7f6e\u4e3a\u63d0\u4f9b\u7c7b\u4f3c\u7684\u529f\u80fd\u3002\u6211\u4eec\u5728\u4ee5\u4e0b sVirt \u548c\u5b9e\u4f8b\u9694\u79bb\u90e8\u5206\u4e2d\u63d0\u4f9b\u4e86\u6709\u5173 sVirt \u548c\u5b9e\u4f8b\u9694\u79bb\u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff1aSELinux \u548c\u865a\u62df\u5316\u3002 \u7279\u5b9a\u7684 SELinux \u7b56\u7565\u53ef\u7528\u4e8e\u8bb8\u591a OpenStack \u670d\u52a1\u3002CentOS \u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u5b89\u88c5 selinux-policy \u6e90\u7801\u5305\u6765\u67e5\u770b\u8fd9\u4e9b\u7b56\u7565\u3002\u6700\u65b0\u7684\u7b56\u7565\u51fa\u73b0\u5728 Fedora \u7684 selinux-policy \u5b58\u50a8\u5e93\u4e2d\u3002rawhide-contrib \u5206\u652f\u5305\u542b\u4ee5 .te \u7ed3\u5c3e\u7684\u6587\u4ef6\uff0c\u4f8b\u5982 cinder.te \uff0c\u8fd9\u4e9b\u6587\u4ef6\u53ef\u4ee5\u5728\u8fd0\u884c SELinux \u7684\u7cfb\u7edf\u4e0a\u4f7f\u7528\u3002 OpenStack \u670d\u52a1\u7684 AppArmor \u914d\u7f6e\u6587\u4ef6\u5f53\u524d\u4e0d\u5b58\u5728\uff0c\u4f46 OpenStack-Ansible \u9879\u76ee\u901a\u8fc7\u5c06 AppArmor \u914d\u7f6e\u6587\u4ef6\u5e94\u7528\u4e8e\u8fd0\u884c OpenStack \u670d\u52a1\u7684\u6bcf\u4e2a\u5bb9\u5668\u6765\u5904\u7406\u6b64\u95ee\u9898\u3002 sVirt\uff1aSELinux \u548c\u865a\u62df\u5316 \u00b6 \u51ed\u501f\u72ec\u7279\u7684\u5185\u6838\u7ea7\u67b6\u6784\u548c\u56fd\u5bb6\u5b89\u5168\u5c40 \uff08NSA\uff09 \u5f00\u53d1\u7684\u5b89\u5168\u673a\u5236\uff0cKVM \u4e3a\u591a\u79df\u6237\u63d0\u4f9b\u4e86\u57fa\u7840\u9694\u79bb\u6280\u672f\u3002\u5b89\u5168\u865a\u62df\u5316 \uff08sVirt\uff09 \u6280\u672f\u7684\u53d1\u5c55\u8d77\u6e90\u4e8e 2002 \u5e74\uff0c\u662f SELinux \u5bf9\u73b0\u4ee3\u865a\u62df\u5316\u7684\u5e94\u7528\u3002SELinux \u65e8\u5728\u5e94\u7528\u57fa\u4e8e\u6807\u7b7e\u7684\u5206\u79bb\u63a7\u5236\uff0c\u73b0\u5df2\u6269\u5c55\u4e3a\u5728\u865a\u62df\u673a\u8fdb\u7a0b\u3001\u8bbe\u5907\u3001\u6570\u636e\u6587\u4ef6\u548c\u4ee3\u8868\u5b83\u4eec\u6267\u884c\u64cd\u4f5c\u7684\u7cfb\u7edf\u8fdb\u7a0b\u4e4b\u95f4\u63d0\u4f9b\u9694\u79bb\u3002 OpenStack \u7684 sVirt \u5b9e\u73b0\u65e8\u5728\u4fdd\u62a4\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e3b\u673a\u548c\u865a\u62df\u673a\u514d\u53d7\u4e24\u4e2a\u4e3b\u8981\u5a01\u80c1\u5a92\u4ecb\u7684\u4fb5\u5bb3\uff1a \u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u5a01\u80c1 \u5728\u865a\u62df\u673a\u4e2d\u8fd0\u884c\u7684\u53d7\u635f\u5e94\u7528\u7a0b\u5e8f\u4f1a\u653b\u51fb\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u4ee5\u8bbf\u95ee\u5e95\u5c42\u8d44\u6e90\u3002\u4f8b\u5982\uff0c\u5f53\u865a\u62df\u673a\u80fd\u591f\u8bbf\u95ee\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u64cd\u4f5c\u7cfb\u7edf\u3001\u7269\u7406\u8bbe\u5907\u6216\u5176\u4ed6\u5e94\u7528\u7a0b\u5e8f\u65f6\u3002\u6b64\u5a01\u80c1\u5411\u91cf\u5b58\u5728\u76f8\u5f53\u5927\u7684\u98ce\u9669\uff0c\u56e0\u4e3a\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u4e0a\u7684\u5165\u4fb5\u53ef\u80fd\u4f1a\u611f\u67d3\u7269\u7406\u786c\u4ef6\u5e76\u66b4\u9732\u5176\u4ed6\u865a\u62df\u673a\u548c\u7f51\u6bb5\u3002 \u865a\u62df\u673a\uff08\u591a\u79df\u6237\uff09\u5a01\u80c1 \u5728 VM \u4e2d\u8fd0\u884c\u7684\u53d7\u635f\u5e94\u7528\u7a0b\u5e8f\u4f1a\u653b\u51fb\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\uff0c\u4ee5\u8bbf\u95ee\u6216\u63a7\u5236\u53e6\u4e00\u4e2a\u865a\u62df\u673a\u53ca\u5176\u8d44\u6e90\u3002\u8fd9\u662f\u865a\u62df\u5316\u7279\u6709\u7684\u5a01\u80c1\u5411\u91cf\uff0c\u5b58\u5728\u76f8\u5f53\u5927\u7684\u98ce\u9669\uff0c\u56e0\u4e3a\u5927\u91cf\u865a\u62df\u673a\u6587\u4ef6\u6620\u50cf\u53ef\u80fd\u56e0\u5355\u4e2a\u5e94\u7528\u7a0b\u5e8f\u4e2d\u7684\u6f0f\u6d1e\u800c\u53d7\u5230\u635f\u5bb3\u3002\u8fd9\u79cd\u865a\u62df\u7f51\u7edc\u653b\u51fb\u662f\u4e00\u4e2a\u4e3b\u8981\u95ee\u9898\uff0c\u56e0\u4e3a\u7528\u4e8e\u4fdd\u62a4\u771f\u5b9e\u7f51\u7edc\u7684\u7ba1\u7406\u6280\u672f\u5e76\u4e0d\u76f4\u63a5\u9002\u7528\u4e8e\u865a\u62df\u73af\u5883\u3002 \u6bcf\u4e2a\u57fa\u4e8e KVM \u7684\u865a\u62df\u673a\u90fd\u662f\u4e00\u4e2a\u7531 SELinux \u6807\u8bb0\u7684\u8fdb\u7a0b\uff0c\u4ece\u800c\u6709\u6548\u5730\u5728\u6bcf\u4e2a\u865a\u62df\u673a\u5468\u56f4\u5efa\u7acb\u5b89\u5168\u8fb9\u754c\u3002\u6b64\u5b89\u5168\u8fb9\u754c\u7531 Linux \u5185\u6838\u76d1\u89c6\u548c\u5f3a\u5236\u6267\u884c\uff0c\u4ece\u800c\u9650\u5236\u865a\u62df\u673a\u8bbf\u95ee\u5176\u8fb9\u754c\u4e4b\u5916\u7684\u8d44\u6e90\uff0c\u4f8b\u5982\u4e3b\u673a\u6570\u636e\u6587\u4ef6\u6216\u5176\u4ed6 VM\u3002 \u65e0\u8bba\u865a\u62df\u673a\u5185\u8fd0\u884c\u7684\u5ba2\u6237\u673a\u64cd\u4f5c\u7cfb\u7edf\u5982\u4f55\uff0c\u90fd\u4f1a\u63d0\u4f9b sVirt \u9694\u79bb\u3002\u53ef\u4ee5\u4f7f\u7528 Linux \u6216 Windows VM\u3002\u6b64\u5916\uff0c\u8bb8\u591a Linux \u53d1\u884c\u7248\u5728\u64cd\u4f5c\u7cfb\u7edf\u4e2d\u63d0\u4f9b SELinux\uff0c\u4f7f\u865a\u62df\u673a\u80fd\u591f\u4fdd\u62a4\u5185\u90e8\u865a\u62df\u8d44\u6e90\u514d\u53d7\u5a01\u80c1\u3002 \u6807\u7b7e\u548c\u7c7b\u522b \u00b6 \u57fa\u4e8e KVM \u7684\u865a\u62df\u673a\u5b9e\u4f8b\u4f7f\u7528\u5176\u81ea\u5df1\u7684 SELinux \u6570\u636e\u7c7b\u578b\u8fdb\u884c\u6807\u8bb0\uff0c\u79f0\u4e3a svirt_image_t \u3002\u5185\u6838\u7ea7\u4fdd\u62a4\u53ef\u9632\u6b62\u672a\u7ecf\u6388\u6743\u7684\u7cfb\u7edf\u8fdb\u7a0b\uff08\u5982\u6076\u610f\u8f6f\u4ef6\uff09\u64cd\u7eb5\u78c1\u76d8\u4e0a\u7684\u865a\u62df\u673a\u6620\u50cf\u6587\u4ef6\u3002\u5173\u95ed\u865a\u62df\u673a\u7535\u6e90\u540e\uff0c\u6620\u50cf\u7684\u5b58\u50a8 svirt_image_t \u65b9\u5f0f\u5982\u4e0b\u6240\u793a\uff1a system_u:object_r:svirt_image_t:SystemLow image1 system_u:object_r:svirt_image_t:SystemLow image2 system_u:object_r:svirt_image_t:SystemLow image3 system_u:object_r:svirt_image_t:SystemLow image4 \u8be5 svirt_image_t \u6807\u7b7e\u552f\u4e00\u6807\u8bc6\u78c1\u76d8\u4e0a\u7684\u56fe\u50cf\u6587\u4ef6\uff0c\u5141\u8bb8 SELinux \u7b56\u7565\u9650\u5236\u8bbf\u95ee\u3002\u5f53\u57fa\u4e8e KVM \u7684\u8ba1\u7b97\u6620\u50cf\u901a\u7535\u65f6\uff0csVirt \u4f1a\u5c06\u968f\u673a\u6570\u5b57\u6807\u8bc6\u7b26\u9644\u52a0\u5230\u6620\u50cf\u4e2d\u3002sVirt \u80fd\u591f\u4e3a\u6bcf\u4e2a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u8282\u70b9\u6700\u591a\u5206\u914d 524,288 \u4e2a\u865a\u62df\u673a\u7684\u6570\u5b57\u6807\u8bc6\u7b26\uff0c\u4f46\u5927\u591a\u6570 OpenStack \u90e8\u7f72\u6781\u4e0d\u53ef\u80fd\u9047\u5230\u6b64\u9650\u5236\u3002 \u6b64\u793a\u4f8b\u663e\u793a\u4e86 sVirt \u7c7b\u522b\u6807\u8bc6\u7b26\uff1a system_u:object_r:svirt_image_t:s0:c87,c520 image1 system_u:object_r:svirt_image_t:s0:419,c172 image2 SELinux \u7528\u6237\u548c\u89d2\u8272 \u00b6 SELinux \u7ba1\u7406\u7528\u6237\u89d2\u8272\u3002\u53ef\u4ee5\u901a\u8fc7 -Z \u6807\u5fd7\u6216\u4f7f\u7528 semanage \u547d\u4ee4\u67e5\u770b\u8fd9\u4e9b\u5185\u5bb9\u3002\u5728\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e0a\uff0c\u53ea\u6709\u7ba1\u7406\u5458\u624d\u80fd\u8bbf\u95ee\u7cfb\u7edf\uff0c\u5e76\u4e14\u5e94\u8be5\u56f4\u7ed5\u7ba1\u7406\u7528\u6237\u548c\u7cfb\u7edf\u4e0a\u7684\u4efb\u4f55\u5176\u4ed6\u7528\u6237\u5177\u6709\u9002\u5f53\u7684\u4e0a\u4e0b\u6587\u3002\u6709\u5173\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 SELinux \u7528\u6237\u6587\u6863\u3002 \u5e03\u5c14\u503c \u00b6 \u4e3a\u4e86\u51cf\u8f7b\u7ba1\u7406 SELinux \u7684\u7ba1\u7406\u8d1f\u62c5\uff0c\u8bb8\u591a\u4f01\u4e1a Linux \u5e73\u53f0\u5229\u7528 SELinux \u5e03\u5c14\u503c\u6765\u5feb\u901f\u6539\u53d8 sVirt \u7684\u5b89\u5168\u6001\u52bf\u3002 \u57fa\u4e8e Red Hat Enterprise Linux \u7684 KVM \u90e8\u7f72\u4f7f\u7528\u4ee5\u4e0b sVirt \u5e03\u5c14\u503c\uff1a sVirt SELinux \u5e03\u5c14\u503c \u63cf\u8ff0 virt_use_common \u5141\u8bb8 virt \u4f7f\u7528\u4e32\u884c\u6216\u5e76\u884c\u901a\u4fe1\u7aef\u53e3\u3002 virt_use_fusefs \u5141\u8bb8 virt \u8bfb\u53d6 FUSE \u6302\u8f7d\u7684\u6587\u4ef6\u3002 virt_use_nfs \u5141\u8bb8 virt \u7ba1\u7406 NFS \u6302\u8f7d\u7684\u6587\u4ef6\u3002 virt_use_samba \u5141\u8bb8 virt \u7ba1\u7406 CIFS \u6302\u8f7d\u7684\u6587\u4ef6\u3002 virt_use_sanlock \u5141\u8bb8\u53d7\u9650\u7684\u865a\u62df\u8bbf\u5ba2\u4e0e sanlock \u4ea4\u4e92\u3002 virt_use_sysfs \u5141\u8bb8 virt \u7ba1\u7406\u8bbe\u5907\u914d\u7f6e \uff08PCI\uff09\u3002 virt_use_usb \u5141\u8bb8 virt \u4f7f\u7528 USB \u8bbe\u5907\u3002 virt_use_xserver \u5141\u8bb8\u865a\u62df\u673a\u4e0e X Window \u7cfb\u7edf\u4ea4\u4e92\u3002 \u52a0\u56fa\u8ba1\u7b97\u90e8\u7f72 \u00b6 \u4efb\u4f55OpenStack\u90e8\u7f72\u7684\u4e3b\u8981\u5b89\u5168\u95ee\u9898\u4e4b\u4e00\u662f\u56f4\u7ed5\u654f\u611f\u6587\u4ef6\uff08\u5982 nova.conf \u6587\u4ef6\uff09\u7684\u5b89\u5168\u6027\u548c\u63a7\u5236\u3002\u6b64\u914d\u7f6e\u6587\u4ef6\u901a\u5e38\u5305\u542b\u5728 /etc \u76ee\u5f55\u4e2d\uff0c\u5305\u542b\u8bb8\u591a\u654f\u611f\u9009\u9879\uff0c\u5305\u62ec\u914d\u7f6e\u8be6\u7ec6\u4fe1\u606f\u548c\u670d\u52a1\u5bc6\u7801\u3002\u5e94\u4e3a\u6240\u6709\u6b64\u7c7b\u654f\u611f\u6587\u4ef6\u6388\u4e88\u4e25\u683c\u7684\u6587\u4ef6\u7ea7\u6743\u9650\uff0c\u5e76\u901a\u8fc7\u6587\u4ef6\u5b8c\u6574\u6027\u76d1\u89c6 \uff08FIM\uff09 \u5de5\u5177\uff08\u5982 iNotify \u6216 Samhain\uff09\u76d1\u89c6\u66f4\u6539\u3002\u8fd9\u4e9b\u5b9e\u7528\u7a0b\u5e8f\u5c06\u83b7\u53d6\u5904\u4e8e\u5df2\u77e5\u826f\u597d\u72b6\u6001\u7684\u76ee\u6807\u6587\u4ef6\u7684\u54c8\u5e0c\u503c\uff0c\u7136\u540e\u5b9a\u671f\u83b7\u53d6\u8be5\u6587\u4ef6\u7684\u65b0\u54c8\u5e0c\u503c\uff0c\u5e76\u5c06\u5176\u4e0e\u5df2\u77e5\u826f\u597d\u7684\u54c8\u5e0c\u503c\u8fdb\u884c\u6bd4\u8f83\u3002\u5982\u679c\u53d1\u73b0\u8b66\u62a5\u88ab\u610f\u5916\u4fee\u6539\uff0c\u5219\u53ef\u4ee5\u521b\u5efa\u8b66\u62a5\u3002 \u53ef\u4ee5\u68c0\u67e5\u6587\u4ef6\u7684\u6743\u9650\uff0c\u6211\u79fb\u52a8\u5230\u6587\u4ef6\u6240\u5728\u7684\u76ee\u5f55\u5e76\u8fd0\u884c ls -lh \u547d\u4ee4\u3002\u8fd9\u5c06\u663e\u793a\u6709\u6743\u8bbf\u95ee\u6587\u4ef6\u7684\u6743\u9650\u3001\u6240\u6709\u8005\u548c\u7ec4\uff0c\u4ee5\u53ca\u5176\u4ed6\u4fe1\u606f\uff0c\u4f8b\u5982\u4e0a\u6b21\u4fee\u6539\u6587\u4ef6\u7684\u65f6\u95f4\u548c\u521b\u5efa\u65f6\u95f4\u3002 \u8be5 /var/lib/nova \u76ee\u5f55\u7528\u4e8e\u4fdd\u5b58\u6709\u5173\u7ed9\u5b9a\u8ba1\u7b97\u4e3b\u673a\u4e0a\u7684\u5b9e\u4f8b\u7684\u8be6\u7ec6\u4fe1\u606f\u3002\u6b64\u76ee\u5f55\u4e5f\u5e94\u88ab\u89c6\u4e3a\u654f\u611f\u76ee\u5f55\uff0c\u5e76\u5177\u6709\u4e25\u683c\u5f3a\u5236\u6267\u884c\u7684\u6587\u4ef6\u6743\u9650\u3002\u6b64\u5916\uff0c\u5e94\u5b9a\u671f\u5907\u4efd\u5b83\uff0c\u56e0\u4e3a\u5b83\u5305\u542b\u4e0e\u8be5\u4e3b\u673a\u5173\u8054\u7684\u5b9e\u4f8b\u7684\u4fe1\u606f\u548c\u5143\u6570\u636e\u3002 \u5982\u679c\u90e8\u7f72\u4e0d\u9700\u8981\u5b8c\u6574\u7684\u865a\u62df\u673a\u5907\u4efd\uff0c\u5efa\u8bae\u6392\u9664\u8be5 /var/lib/nova/instances \u76ee\u5f55\uff0c\u56e0\u4e3a\u5b83\u7684\u5927\u5c0f\u5c06\u4e0e\u8be5\u8282\u70b9\u4e0a\u8fd0\u884c\u7684\u6bcf\u4e2a VM \u7684\u603b\u7a7a\u95f4\u4e00\u6837\u5927\u3002\u5982\u679c\u90e8\u7f72\u786e\u5b9e\u9700\u8981\u5b8c\u6574 VM \u5907\u4efd\uff0c\u5219\u9700\u8981\u786e\u4fdd\u6210\u529f\u5907\u4efd\u6b64\u76ee\u5f55\u3002 \u76d1\u89c6\u662f IT \u57fa\u7840\u7ed3\u6784\u7684\u5173\u952e\u7ec4\u4ef6\uff0c\u6211\u4eec\u5efa\u8bae\u76d1\u89c6\u548c\u5206\u6790\u8ba1\u7b97\u65e5\u5fd7\u6587\u4ef6\uff0c\u4ee5\u4fbf\u53ef\u4ee5\u521b\u5efa\u6709\u610f\u4e49\u7684\u8b66\u62a5\u3002 OpenStack \u6f0f\u6d1e\u7ba1\u7406\u56e2\u961f \u00b6 \u6211\u4eec\u5efa\u8bae\u5728\u53d1\u5e03\u5b89\u5168\u95ee\u9898\u548c\u5efa\u8bae\u65f6\u53ca\u65f6\u4e86\u89e3\u5b83\u4eec\u3002OpenStack \u5b89\u5168\u95e8\u6237\u662f\u4e00\u4e2a\u4e2d\u592e\u95e8\u6237\uff0c\u53ef\u4ee5\u5728\u8fd9\u91cc\u534f\u8c03\u5efa\u8bae\u3001\u901a\u77e5\u3001\u4f1a\u8bae\u548c\u6d41\u7a0b\u3002\u6b64\u5916\uff0cOpenStack \u6f0f\u6d1e\u7ba1\u7406\u56e2\u961f \uff08VMT\uff09 \u95e8\u6237\u901a\u8fc7\u5c06 Bug \u6807\u8bb0\u4e3a\u201c\u6b64 bug \u662f\u5b89\u5168\u6f0f\u6d1e\u201d\u6765\u534f\u8c03 OpenStack \u9879\u76ee\u5185\u7684\u8865\u6551\u63aa\u65bd\uff0c\u4ee5\u53ca\u8c03\u67e5\u8d1f\u8d23\u4efb\u5730\uff08\u79c1\u4e0b\uff09\u5411 VMT \u62ab\u9732\u7684\u62a5\u544a bug \u7684\u8fc7\u7a0b\u3002VMT \u6d41\u7a0b\u9875\u9762\u4e2d\u6982\u8ff0\u4e86\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u5e76\u751f\u6210\u4e86 OpenStack \u5b89\u5168\u516c\u544a \uff08OSSA\uff09\u3002\u6b64 OSSA \u6982\u8ff0\u4e86\u95ee\u9898\u548c\u4fee\u590d\u7a0b\u5e8f\uff0c\u5e76\u94fe\u63a5\u5230\u539f\u59cb\u9519\u8bef\u548c\u8865\u4e01\u6258\u7ba1\u4f4d\u7f6e\u3002 OpenStack \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u00b6 \u62a5\u544a\u7684\u5b89\u5168\u6f0f\u6d1e\u88ab\u53d1\u73b0\u662f\u914d\u7f6e\u9519\u8bef\u7684\u7ed3\u679c\uff0c\u6216\u8005\u4e0d\u662f\u4e25\u683c\u610f\u4e49\u4e0a\u7684 OpenStack \u7684\u4e00\u90e8\u5206\uff0c\u8fd9\u4e9b\u6f0f\u6d1e\u5c06\u88ab\u8d77\u8349\u5230 OpenStack \u5b89\u5168\u8bf4\u660e \uff08OSSN\uff09 \u4e2d\u3002\u8fd9\u4e9b\u95ee\u9898\u5305\u62ec\u914d\u7f6e\u95ee\u9898\uff0c\u4f8b\u5982\u786e\u4fdd\u8eab\u4efd\u63d0\u4f9b\u7a0b\u5e8f\u6620\u5c04\u4ee5\u53ca\u975e OpenStack\uff0c\u4f46\u5173\u952e\u95ee\u9898\uff08\u4f8b\u5982\u5f71\u54cd OpenStack \u4f7f\u7528\u7684\u5e73\u53f0\u7684 Bashbug/Ghost \u6216 Venom \u6f0f\u6d1e\uff09\u3002\u5f53\u524d\u7684 OSSN \u96c6\u4f4d\u4e8e\u5b89\u5168\u8bf4\u660e wiki \u4e2d\u3002 OpenStack-dev \u90ae\u4ef6\u5217\u8868 \u00b6 \u6240\u6709\u9519\u8bef\u3001OSSA \u548c OSSN \u90fd\u901a\u8fc7 openstack-discuss \u90ae\u4ef6\u5217\u8868\u516c\u5f00\u53d1\u5e03\uff0c\u4e3b\u9898\u884c\u4e2d\u5e26\u6709 [security] \u4e3b\u9898\u3002\u6211\u4eec\u5efa\u8bae\u8ba2\u9605\u6b64\u5217\u8868\u4ee5\u53ca\u90ae\u4ef6\u8fc7\u6ee4\u89c4\u5219\uff0c\u4ee5\u786e\u4fdd\u4e0d\u4f1a\u9057\u6f0f OSSN\u3001OSSA \u548c\u5176\u4ed6\u91cd\u8981\u516c\u544a\u3002openstack-discuss \u90ae\u4ef6\u5217\u8868\u901a\u8fc7 OpenStack Development Mailing List \u8fdb\u884c\u7ba1\u7406\u3002openstack-discuss \u4f7f\u7528\u300a\u9879\u76ee\u56e2\u961f\u6307\u5357\u300b\u4e2d\u5b9a\u4e49\u7684\u6807\u8bb0\u3002 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u90ae\u4ef6\u5217\u8868 \u00b6 \u5728\u5b9e\u65bdOpenStack\u65f6\uff0c\u6838\u5fc3\u51b3\u7b56\u4e4b\u4e00\u662f\u4f7f\u7528\u54ea\u4e2a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002\u6211\u4eec\u5efa\u8bae\u60a8\u4e86\u89e3\u4e0e\u60a8\u9009\u62e9\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u76f8\u5173\u7684\u516c\u544a\u3002\u4ee5\u4e0b\u662f\u51e0\u4e2a\u5e38\u89c1\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5b89\u5168\u5217\u8868\uff1a Xen\uff1a http://xenbits.xen.org/xsa/ VMWare\uff1a http://blogs.vmware.com/security/ \u5176\u4ed6\uff08KVM \u7b49\uff09\uff1a http://seclists.org/oss-sec \u6f0f\u6d1e\u610f\u8bc6 \u00b6 OpenStack \u6f0f\u6d1e\u7ba1\u7406\u56e2\u961f \u00b6 \u6211\u4eec\u5efa\u8bae\u5728\u53d1\u5e03\u5b89\u5168\u95ee\u9898\u548c\u5efa\u8bae\u65f6\u53ca\u65f6\u4e86\u89e3\u5b83\u4eec\u3002OpenStack \u5b89\u5168\u95e8\u6237\u662f\u4e00\u4e2a\u4e2d\u592e\u95e8\u6237\uff0c\u53ef\u4ee5\u5728\u8fd9\u91cc\u534f\u8c03\u5efa\u8bae\u3001\u901a\u77e5\u3001\u4f1a\u8bae\u548c\u6d41\u7a0b\u3002\u6b64\u5916\uff0cOpenStack \u6f0f\u6d1e\u7ba1\u7406\u56e2\u961f \uff08VMT\uff09 \u95e8\u6237\u534f\u8c03 OpenStack \u5185\u90e8\u7684\u8865\u6551\u63aa\u65bd\uff0c\u4ee5\u53ca\u8c03\u67e5\u8d1f\u8d23\u4efb\u5730\uff08\u79c1\u4e0b\uff09\u5411 VMT \u62ab\u9732\u7684\u62a5\u544a\u9519\u8bef\u7684\u8fc7\u7a0b\uff0c\u65b9\u6cd5\u662f\u5c06\u9519\u8bef\u6807\u8bb0\u4e3a\u201c\u6b64\u9519\u8bef\u662f\u5b89\u5168\u6f0f\u6d1e\u201d\u3002VMT \u6d41\u7a0b\u9875\u9762\u4e2d\u6982\u8ff0\u4e86\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u5e76\u751f\u6210\u4e86 OpenStack \u5b89\u5168\u516c\u544a \uff08OSSA\uff09\u3002\u6b64 OSSA \u6982\u8ff0\u4e86\u95ee\u9898\u548c\u4fee\u590d\u7a0b\u5e8f\uff0c\u5e76\u94fe\u63a5\u5230\u539f\u59cb\u9519\u8bef\u548c\u8865\u4e01\u6258\u7ba1\u4f4d\u7f6e\u3002 OpenStack \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u00b6 \u62a5\u544a\u7684\u5b89\u5168\u6f0f\u6d1e\u88ab\u53d1\u73b0\u662f\u914d\u7f6e\u9519\u8bef\u7684\u7ed3\u679c\uff0c\u6216\u8005\u4e0d\u662f\u4e25\u683c\u610f\u4e49\u4e0a\u7684 OpenStack \u7684\u4e00\u90e8\u5206\uff0c\u5c06\u88ab\u8d77\u8349\u5230 OpenStack \u5b89\u5168\u8bf4\u660e \uff08OSSN\uff09 \u4e2d\u3002\u8fd9\u4e9b\u95ee\u9898\u5305\u62ec\u914d\u7f6e\u95ee\u9898\uff0c\u4f8b\u5982\u786e\u4fdd\u8eab\u4efd\u63d0\u4f9b\u5546\u6620\u5c04\uff0c\u4ee5\u53ca\u975e OpenStack \u4f46\u5173\u952e\u7684\u95ee\u9898\uff0c\u4f8b\u5982\u5f71\u54cd OpenStack \u4f7f\u7528\u7684\u5e73\u53f0\u7684 Bashbug/Ghost \u6216 Venom \u6f0f\u6d1e\u3002\u5f53\u524d\u7684 OSSN \u96c6\u4f4d\u4e8e\u5b89\u5168\u8bf4\u660e wiki \u4e2d\u3002 OpenStack-discuss \u90ae\u4ef6\u5217\u8868 \u00b6 \u6240\u6709 bug\u3001OSSA \u548c OSSN \u90fd\u901a\u8fc7 openstack-discuss \u90ae\u4ef6\u5217\u8868\u516c\u5f00\u53d1\u5e03\uff0c\u4e3b\u9898\u884c\u4e2d\u5305\u542b [security] \u4e3b\u9898\u3002\u6211\u4eec\u5efa\u8bae\u8ba2\u9605\u6b64\u5217\u8868\u4ee5\u53ca\u90ae\u4ef6\u8fc7\u6ee4\u89c4\u5219\uff0c\u4ee5\u786e\u4fdd\u4e0d\u4f1a\u9057\u6f0f OSSN\u3001OSSA \u548c\u5176\u4ed6\u91cd\u8981\u516c\u544a\u3002openstack-discuss \u90ae\u4ef6\u5217\u8868\u901a\u8fc7 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-discuss \u8fdb\u884c\u7ba1\u7406\u3002openstack-discuss \u4f7f\u7528\u300a\u9879\u76ee\u56e2\u961f\u6307\u5357\u300b\u4e2d\u5b9a\u4e49\u7684\u6807\u8bb0\u3002 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u90ae\u4ef6\u5217\u8868 \u00b6 \u5728\u5b9e\u65bdOpenStack\u65f6\uff0c\u6838\u5fc3\u51b3\u7b56\u4e4b\u4e00\u662f\u4f7f\u7528\u54ea\u4e2a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002\u6211\u4eec\u5efa\u8bae\u60a8\u4e86\u89e3\u4e0e\u60a8\u9009\u62e9\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u76f8\u5173\u7684\u516c\u544a\u3002\u4ee5\u4e0b\u662f\u51e0\u4e2a\u5e38\u89c1\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5b89\u5168\u5217\u8868\uff1a Xen\uff1a http://xenbits.xen.org/xsa/ VMWare\uff1a http://blogs.vmware.com/security/ \u5176\u4ed6\uff08KVM \u7b49\uff09\uff1a http://seclists.org/oss-sec \u5982\u4f55\u9009\u62e9\u865a\u62df\u63a7\u5236\u53f0 \u00b6 \u4e91\u67b6\u6784\u5e08\u9700\u8981\u505a\u51fa\u7684\u6709\u5173\u8ba1\u7b97\u670d\u52a1\u914d\u7f6e\u7684\u4e00\u4e2a\u51b3\u5b9a\u662f\u4f7f\u7528 VNC \u8fd8\u662f SPICE\u3002 \u865a\u62df\u7f51\u7edc\u8ba1\u7b97\u673a \uff08VNC\uff09 \u00b6 OpenStack \u53ef\u4ee5\u914d\u7f6e\u4e3a\u4f7f\u7528\u865a\u62df\u7f51\u7edc\u8ba1\u7b97\u673a \uff08VNC\uff09 \u534f\u8bae\u4e3a\u79df\u6237\u548c\u7ba1\u7406\u5458\u63d0\u4f9b\u5bf9\u5b9e\u4f8b\u7684\u8fdc\u7a0b\u684c\u9762\u63a7\u5236\u53f0\u8bbf\u95ee\u3002 \u529f\u80fd \u00b6 OpenStack Dashboard \uff08horizon\uff09 \u53ef\u4ee5\u4f7f\u7528 HTML5 noVNC \u5ba2\u6237\u7aef\u76f4\u63a5\u5728\u7f51\u9875\u4e0a\u4e3a\u5b9e\u4f8b\u63d0\u4f9b VNC \u63a7\u5236\u53f0\u3002\u8fd9\u8981\u6c42 nova-novncproxy \u670d\u52a1\u4ece\u516c\u7528\u7f51\u7edc\u6865\u63a5\u5230\u7ba1\u7406\u7f51\u7edc\u3002 nova \u547d\u4ee4\u884c\u5b9e\u7528\u7a0b\u5e8f\u53ef\u4ee5\u8fd4\u56de VNC \u63a7\u5236\u53f0\u7684 URL\uff0c\u4ee5\u4f9b nova Java VNC \u5ba2\u6237\u7aef\u8bbf\u95ee\u3002\u8fd9\u8981\u6c42 nova-xvpvncproxy \u670d\u52a1\u4ece\u516c\u7528\u7f51\u7edc\u6865\u63a5\u5230\u7ba1\u7406\u7f51\u7edc\u3002 \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u00b6 \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c nova-novncproxy \u548c nova-xvpvncproxy \u670d\u52a1\u4f1a\u6253\u5f00\u7ecf\u8fc7\u4ee4\u724c\u8eab\u4efd\u9a8c\u8bc1\u7684\u9762\u5411\u516c\u4f17\u7684\u7aef\u53e3\u3002 \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u8fdc\u7a0b\u684c\u9762\u6d41\u91cf\u672a\u52a0\u5bc6\u3002\u53ef\u4ee5\u542f\u7528 TLS \u6765\u52a0\u5bc6 VNC \u6d41\u91cf\u3002\u8bf7\u53c2\u9605 TLS \u548c SSL \u7b80\u4ecb\u4ee5\u83b7\u53d6\u9002\u5f53\u7684\u5efa\u8bae\u3002 \u53c2\u8003\u4e66\u76ee \u00b6 blog.malchuk.ru, OpenStack VNC Security. 2013. Secure Connections to VNC ports blog.malchuk.ru\uff0cOpenStack VNC \u5b89\u5168\u6027\u30022013. \u4e0e VNC \u7aef\u53e3\u7684\u5b89\u5168\u8fde\u63a5 OpenStack Mailing List, [OpenStack] nova-novnc SSL configuration - Havana. 2014. OpenStack nova-novnc SSL Configuration OpenStack \u90ae\u4ef6\u5217\u8868\uff0c[OpenStack] nova-novnc SSL \u914d\u7f6e - \u54c8\u74e6\u90a3\u30022014. OpenStack nova-novnc SSL\u914d\u7f6e Redhat.com/solutions\uff0c\u5728 OpenStack \u4e2d\u4f7f\u7528 SSL \u52a0\u5bc6 nova-novacproxy\u30022014. OpenStack nova-novncproxy SSL\u52a0\u5bc6 \u72ec\u7acb\u8ba1\u7b97\u73af\u5883\u7684\u7b80\u5355\u534f\u8bae \uff08SPICE\uff09 \u00b6 \u4f5c\u4e3a VNC \u7684\u66ff\u4ee3\u65b9\u6848\uff0cOpenStack \u4f7f\u7528\u72ec\u7acb\u8ba1\u7b97\u73af\u5883\u7684\u7b80\u5355\u534f\u8bae \uff08SPICE\uff09 \u534f\u8bae\u63d0\u4f9b\u5bf9\u5ba2\u6237\u673a\u865a\u62df\u673a\u7684\u8fdc\u7a0b\u684c\u9762\u8bbf\u95ee\u3002 \u529f\u80fd \u00b6 OpenStack Dashboard \uff08horizon\uff09 \u76f4\u63a5\u5728\u5b9e\u4f8b\u7f51\u9875\u4e0a\u652f\u6301 SPICE\u3002\u8fd9\u9700\u8981\u670d\u52a1 nova-spicehtml5proxy \u3002 nova \u547d\u4ee4\u884c\u5b9e\u7528\u7a0b\u5e8f\u53ef\u4ee5\u8fd4\u56de SPICE \u63a7\u5236\u53f0\u7684 URL\uff0c\u4ee5\u4f9b SPICE-html \u5ba2\u6237\u7aef\u8bbf\u95ee\u3002 \u9650\u5236 \u00b6 \u5c3d\u7ba1 SPICE \u4e0e VNC \u76f8\u6bd4\u5177\u6709\u8bb8\u591a\u4f18\u52bf\uff0c\u4f46 spice-html5 \u6d4f\u89c8\u5668\u96c6\u6210\u76ee\u524d\u4e0d\u5141\u8bb8\u7ba1\u7406\u5458\u5229\u7528\u8fd9\u4e9b\u4f18\u52bf\u3002\u4e3a\u4e86\u5229\u7528 \u591a\u663e\u793a\u5668\u3001USB \u76f4\u901a\u7b49 SPICE \u529f\u80fd\uff0c\u6211\u4eec\u5efa\u8bae\u7ba1\u7406\u5458\u5728\u7ba1\u7406\u7f51\u7edc\u4e2d\u4f7f\u7528\u72ec\u7acb\u7684 SPICE \u5ba2\u6237\u7aef\u3002 \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u00b6 \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u8be5 nova-spicehtml5proxy \u670d\u52a1\u4f1a\u6253\u5f00\u7ecf\u8fc7\u4ee4\u724c\u8eab\u4efd\u9a8c\u8bc1\u7684\u9762\u5411\u516c\u4f17\u7684\u7aef\u53e3\u3002 \u529f\u80fd\u548c\u96c6\u6210\u4ecd\u5728\u4e0d\u65ad\u53d1\u5c55\u3002\u6211\u4eec\u5c06\u5728\u4e0b\u4e00\u4e2a\u7248\u672c\u4e2d\u8bbf\u95ee\u8fd9\u4e9b\u529f\u80fd\u5e76\u63d0\u51fa\u5efa\u8bae\u3002 \u4e0e VNC \u7684\u60c5\u51b5\u4e00\u6837\uff0c\u76ee\u524d\u6211\u4eec\u5efa\u8bae\u4ece\u7ba1\u7406\u7f51\u7edc\u4f7f\u7528 SPICE\uff0c\u6b64\u5916\u8fd8\u9650\u5236\u4f7f\u7528\u5c11\u6570\u4eba\u3002 \u53c2\u8003\u4e66\u76ee \u00b6 OpenStack \u7ba1\u7406\u5458\u6307\u5357\u3002SPICE\u63a7\u5236\u53f0\u3002SPICE\u63a7\u5236\u53f0\u3002 bugzilla.redhat.com\uff0c Bug 913607 - RFE\uff1a \u652f\u6301\u901a\u8fc7 websockets \u96a7\u9053\u4f20\u8f93 SPICE\u30022013. RedHat \u9519\u8bef913607\u3002 \u68c0\u67e5\u8868 \u00b6 Check-Compute-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/nova\uff1f \u00b6 \u914d\u7f6e\u6587\u4ef6\u5305\u542b\u7ec4\u4ef6\u5e73\u7a33\u8fd0\u884c\u6240\u9700\u7684\u5173\u952e\u53c2\u6570\u548c\u4fe1\u606f\u3002\u5982\u679c\u975e\u7279\u6743\u7528\u6237\u6709\u610f\u6216\u65e0\u610f\u5730\u4fee\u6539\u6216\u5220\u9664\u4efb\u4f55\u53c2\u6570\u6216\u6587\u4ef6\u672c\u8eab\uff0c\u5219\u4f1a\u5bfc\u81f4\u4e25\u91cd\u7684\u53ef\u7528\u6027\u95ee\u9898\uff0c\u4ece\u800c\u5bfc\u81f4\u62d2\u7edd\u5411\u5176\u4ed6\u6700\u7ec8\u7528\u6237\u63d0\u4f9b\u670d\u52a1\u3002\u6b64\u7c7b\u5173\u952e\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a nova \uff0c root \u5e76\u4e14\u7ec4\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a \u3002\u6b64\u5916\uff0c\u5305\u542b\u76ee\u5f55\u5e94\u5177\u6709\u76f8\u540c\u7684\u6240\u6709\u6743\uff0c\u4ee5\u786e\u4fdd\u6b63\u786e\u62e5\u6709\u65b0\u6587\u4ef6\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%U %G\" /etc/nova/nova.conf | egrep \"root nova\" $ stat -L -c \"%U %G\" /etc/nova/api-paste.ini | egrep \"root nova\" $ stat -L -c \"%U %G\" /etc/nova/policy.json | egrep \"root nova\" $ stat -L -c \"%U %G\" /etc/nova/rootwrap.conf | egrep \"root nova\" $ stat -L -c \"%U %G\" /etc/nova | egrep \"root nova\" \u901a\u8fc7\uff1a\u5982\u679c\u6240\u6709\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u5206\u522b\u8bbe\u7f6e\u4e3a root \u548c nova \u3002\u4e0a\u8ff0\u547d\u4ee4\u663e\u793a \u7684 root nova \u8f93\u51fa\u3002 \u5931\u8d25\uff1a\u5982\u679c\u4e0a\u8ff0\u547d\u4ee4\u672a\u8fd4\u56de\u4efb\u4f55\u8f93\u51fa\uff0c\u5219\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u53ef\u80fd\u5df2\u8bbe\u7f6e\u4e3a\u9664 \u4ee5\u5916\u7684\u4efb\u4f55\u7528\u6237\u6216\u9664 nova \u4ee5\u5916\u7684 root \u4efb\u4f55\u7ec4\u3002 \u63a8\u8350\u4e8e\uff1a\u8ba1\u7b97\u3002 Check-Compute-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f \u00b6 \u4e0e\u524d\u9762\u7684\u68c0\u67e5\u7c7b\u4f3c\uff0c\u6211\u4eec\u5efa\u8bae\u4e3a\u6b64\u7c7b\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e25\u683c\u7684\u8bbf\u95ee\u6743\u9650\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%a\" /etc/nova/nova.conf $ stat -L -c \"%a\" /etc/nova/api-paste.ini $ stat -L -c \"%a\" /etc/nova/policy.json $ stat -L -c \"%a\" /etc/nova/rootwrap.conf \u8fd8\u53ef\u4ee5\u8fdb\u884c\u66f4\u5e7f\u6cdb\u7684\u9650\u5236\uff1a\u5982\u679c\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\uff0c\u5219\u4fdd\u8bc1\u6b64\u76ee\u5f55\u4e2d\u65b0\u521b\u5efa\u7684\u6587\u4ef6\u5177\u6709\u6240\u9700\u7684\u6743\u9650\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u6743\u9650\u8bbe\u7f6e\u4e3a 640 \u6216\u66f4\u4e25\u683c\uff0c\u6216\u8005\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\u3002640/750 \u7684\u6743\u9650\u8f6c\u6362\u4e3a\u6240\u6709\u8005 r/w\u3001\u7ec4 r\uff0c\u800c\u5bf9\u5176\u4ed6\u4eba\u6ca1\u6709\u6743\u9650\u3002\u4f8b\u5982\uff0c\u201cu=rw\uff0cg=r\uff0co=\u201d\u3002 \u6ce8\u610f \u5982\u679c Check-Compute-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/nova\uff1f\u6743\u9650\u8bbe\u7f6e\u4e3a 640\uff0croot \u5177\u6709\u8bfb/\u5199\u8bbf\u95ee\u6743\u9650\uff0cnova \u5177\u6709\u5bf9\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u8bfb\u53d6\u8bbf\u95ee\u6743\u9650\u3002\u4e5f\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u9a8c\u8bc1\u8bbf\u95ee\u6743\u9650\u3002\u4ec5\u5f53\u6b64\u547d\u4ee4\u652f\u6301 ACL \u65f6\uff0c\u5b83\u624d\u5728\u60a8\u7684\u7cfb\u7edf\u4e0a\u53ef\u7528\u3002 $ getfacl --tabular -a /etc/nova/nova.conf getfacl: Removing leading '/' from absolute path names # file: etc/nova/nova.conf USER root rw- GROUP nova r-- mask r-- other --- \u5931\u8d25\uff1a\u5982\u679c\u6743\u9650\u672a\u8bbe\u7f6e\u4e3a\u81f3\u5c11 640/750\u3002 \u63a8\u8350\u4e8e\uff1a\u8ba1\u7b97\u3002 Check-Compute-03\uff1aKeystone \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f \u00b6 \u6ce8\u610f \u6b64\u9879\u4ec5\u9002\u7528\u4e8e OpenStack \u7248\u672c Rocky \u53ca\u4e4b\u524d\u7248\u672c\uff0c\u56e0\u4e3a `auth_strategy` Stein \u4e2d\u5df2\u5f03\u7528\u3002 OpenStack \u652f\u6301\u5404\u79cd\u8eab\u4efd\u9a8c\u8bc1\u7b56\u7565\uff0c\u5982 noauth \u548c keystone\u3002\u5982\u679c\u4f7f\u7528 noauth \u7b56\u7565\uff0c\u90a3\u4e48\u7528\u6237\u65e0\u9700\u4efb\u4f55\u8eab\u4efd\u9a8c\u8bc1\u5373\u53ef\u4e0e OpenStack \u670d\u52a1\u8fdb\u884c\u4ea4\u4e92\u3002\u8fd9\u53ef\u80fd\u662f\u4e00\u4e2a\u6f5c\u5728\u7684\u98ce\u9669\uff0c\u56e0\u4e3a\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u83b7\u5f97\u5bf9 OpenStack \u7ec4\u4ef6\u7684\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002\u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\u6240\u6709\u670d\u52a1\u90fd\u5fc5\u987b\u4f7f\u7528\u5176\u670d\u52a1\u5e10\u6237\u901a\u8fc7 keystone \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002 \u5728Ocata\u4e4b\u524d\uff1a \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 auth_strategy \u8bbe\u7f6e\u4e3a keystone \u3002 [DEFAULT] /etc/nova/nova.conf \u5931\u8d25\uff1a\u5982\u679c section \u4e0b\u7684 [DEFAULT] \u53c2\u6570 auth_strategy \u503c\u8bbe\u7f6e\u4e3a noauth \u6216 noauth2 \u3002 \u5728Ocata\u4e4b\u540e\uff1a \u901a\u8fc7\uff1a\u5982\u679c under [api] \u6216 [DEFAULT] section in /etc/nova/nova.conf \u7684\u53c2\u6570 auth_strategy \u503c\u8bbe\u7f6e\u4e3a keystone \u3002 \u5931\u8d25\uff1a\u5982\u679c or [DEFAULT] \u90e8\u5206\u4e0b\u7684 [api] \u53c2\u6570 auth_strategy \u503c\u8bbe\u7f6e\u4e3a noauth \u6216 noauth2 \u3002 Check-Compute-04\uff1a\u662f\u5426\u4f7f\u7528\u5b89\u5168\u534f\u8bae\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f \u00b6 OpenStack \u7ec4\u4ef6\u4f7f\u7528\u5404\u79cd\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\uff0c\u901a\u4fe1\u53ef\u80fd\u6d89\u53ca\u654f\u611f\u6216\u673a\u5bc6\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5c1d\u8bd5\u7a83\u542c\u9891\u9053\u4ee5\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u6240\u6709\u7ec4\u4ef6\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in /etc/nova/nova.conf \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a Identity API \u7aef\u70b9\u5f00\u5934\uff0c https:// \u5e76\u4e14 same /etc/nova/nova.conf \u4e2d\u540c\u4e00 [keystone_authtoken] \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri insecure \u503c\u8bbe\u7f6e\u4e3a False \u3002 \u5931\u8d25\uff1a\u5982\u679c in /etc/nova/nova.conf \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri \u503c\u672a\u8bbe\u7f6e\u4e3a\u4ee5 \u5f00\u5934\u7684\u8eab\u4efd API \u7aef\u70b9\uff0c https:// \u6216\u8005\u540c\u4e00 /etc/nova/nova.conf \u90e8\u5206\u4e2d\u7684\u53c2\u6570 insecure [keystone_authtoken] \u503c\u8bbe\u7f6e\u4e3a True \u3002 Check-Compute-05\uff1aNova \u4e0e Glance \u7684\u901a\u4fe1\u662f\u5426\u5b89\u5168\uff1f \u00b6 OpenStack \u7ec4\u4ef6\u4f7f\u7528\u5404\u79cd\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\uff0c\u901a\u4fe1\u53ef\u80fd\u6d89\u53ca\u654f\u611f\u6216\u673a\u5bc6\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5c1d\u8bd5\u7a83\u542c\u9891\u9053\u4ee5\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u6240\u6709\u7ec4\u4ef6\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a False \uff0c\u5e76\u4e14 section in /etc/nova/nova.conf /etc/nova/nova.conf \u4e0b\u7684 [glance] [glance] \u53c2\u6570 api_insecure api_servers \u503c\u8bbe\u7f6e\u4e3a\u4ee5 https:// \u5f00\u5934\u7684\u503c\u3002 \u5931\u8d25\uff1a\u5982\u679c in /etc/nova/nova.conf \u8282\u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a True \uff0c\u6216\u8005 in /etc/nova/nova.conf \u8282\u4e0b\u7684 [glance] [glance] \u53c2\u6570 api_insecure api_servers \u503c\u8bbe\u7f6e\u4e3a\u4e0d\u4ee5 https:// \u5f00\u5934\u7684\u503c\u3002 \u5757\u5b58\u50a8 \u00b6 OpenStack Block Storage \uff08cinder\uff09 \u662f\u4e00\u9879\u670d\u52a1\uff0c\u5b83\u63d0\u4f9b\u8f6f\u4ef6\uff08\u670d\u52a1\u548c\u5e93\uff09\u6765\u81ea\u52a9\u7ba1\u7406\u6301\u4e45\u6027\u5757\u7ea7\u5b58\u50a8\u8bbe\u5907\u3002\u8fd9\u5c06\u521b\u5efa\u5bf9\u5757\u5b58\u50a8\u8d44\u6e90\u7684\u6309\u9700\u8bbf\u95ee\uff0c\u4ee5\u4fbf\u4e0e OpenStack \u8ba1\u7b97 \uff08nova\uff09 \u5b9e\u4f8b\u4e00\u8d77\u4f7f\u7528\u3002\u901a\u8fc7\u5c06\u5757\u5b58\u50a8\u6c60\u865a\u62df\u5316\u5230\u5404\u79cd\u540e\u7aef\u5b58\u50a8\u8bbe\u5907\uff08\u53ef\u4ee5\u662f\u8f6f\u4ef6\u5b9e\u73b0\u6216\u4f20\u7edf\u786c\u4ef6\u5b58\u50a8\u4ea7\u54c1\uff09\uff0c\u901a\u8fc7\u62bd\u8c61\u521b\u5efa\u8f6f\u4ef6\u5b9a\u4e49\u5b58\u50a8\u3002\u5176\u4e3b\u8981\u529f\u80fd\u662f\u7ba1\u7406\u5757\u8bbe\u5907\u7684\u521b\u5efa\u3001\u9644\u52a0\u548c\u5206\u79bb\u3002\u6d88\u8d39\u8005\u4e0d\u9700\u8981\u77e5\u9053\u540e\u7aef\u5b58\u50a8\u8bbe\u5907\u7684\u7c7b\u578b\u6216\u5b83\u7684\u4f4d\u7f6e\u3002 \u8ba1\u7b97\u5b9e\u4f8b\u901a\u8fc7\u884c\u4e1a\u6807\u51c6\u5b58\u50a8\u534f\u8bae\uff08\u5982 iSCSI\u3001\u4ee5\u592a\u7f51 ATA \u6216\u5149\u7ea4\u901a\u9053\uff09\u5b58\u50a8\u548c\u68c0\u7d22\u5757\u5b58\u50a8\u3002\u8fd9\u4e9b\u8d44\u6e90\u901a\u8fc7 OpenStack \u539f\u751f\u6807\u51c6 HTTP RESTful API \u8fdb\u884c\u7ba1\u7406\u548c\u914d\u7f6e\u3002\u6709\u5173 API \u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 OpenStack \u5757\u5b58\u50a8\u6587\u6863\u3002 \u5377\u64e6\u9664 \u68c0\u67e5\u8868 Check-Block-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/cinder\uff1f Check-Block-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Block-03\uff1aKeystone \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Block-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Block-05\uff1acinder \u662f\u5426\u901a\u8fc7 TLS \u4e0e nova \u901a\u4fe1\uff1f Check-Block-06\uff1acinder \u662f\u5426\u901a\u8fc7 TLS \u4e0e glance \u901a\u4fe1\uff1f Check-Block-07\uff1a NAS \u662f\u5426\u5728\u5b89\u5168\u7684\u73af\u5883\u4e2d\u8fd0\u884c\uff1f Check-Block-08\uff1a\u8bf7\u6c42\u6b63\u6587\u7684\u6700\u5927\u5927\u5c0f\u662f\u5426\u8bbe\u7f6e\u4e3a\u9ed8\u8ba4\u503c \uff08114688\uff09\uff1f Check-Block-09\uff1a\u662f\u5426\u542f\u7528\u4e86\u5377\u52a0\u5bc6\u529f\u80fd\uff1f \u6ce8\u610f \u867d\u7136\u672c\u7ae0\u76ee\u524d\u5bf9\u5177\u4f53\u6307\u5357\u7684\u4ecb\u7ecd\u5f88\u5c11\uff0c\u4f46\u9884\u8ba1\u5c06\u9075\u5faa\u6807\u51c6\u7684\u5f3a\u5316\u5b9e\u8df5\u3002\u672c\u8282\u5c06\u6269\u5c55\u76f8\u5173\u4fe1\u606f\u3002 \u5377\u64e6\u9664 \u00b6 \u6709\u51e0\u79cd\u65b9\u6cd5\u53ef\u4ee5\u64e6\u9664\u5757\u5b58\u50a8\u8bbe\u5907\u3002\u4f20\u7edf\u7684\u65b9\u6cd5\u662f\u5c06 lvm_type \u8bbe\u7f6e\u4e3a thin \uff0c\u5982\u679c\u4f7f\u7528 LVM \u540e\u7aef\uff0c\u5219\u4f7f\u7528 volume_clear \u8be5\u53c2\u6570\u3002\u6216\u8005\uff0c\u5982\u679c\u4f7f\u7528\u5377\u52a0\u5bc6\u529f\u80fd\uff0c\u5219\u5728\u5220\u9664\u5377\u52a0\u5bc6\u5bc6\u94a5\u65f6\u4e0d\u9700\u8981\u5377\u64e6\u9664\u3002\u6709\u5173\u8bbe\u7f6e\u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u5377\u52a0\u5bc6\u90e8\u5206\u4e2d\u7684 OpenStack \u914d\u7f6e\u53c2\u8003\u6587\u6863\uff0c\u4ee5\u53ca\u6709\u5173\u5bc6\u94a5\u5220\u9664\u7684 Castellan \u4f7f\u7528\u6587\u6863 \u6ce8\u610f \u5728\u8f83\u65e7\u7684 OpenStack \u7248\u672c\u4e2d\uff0c `lvm_type=default` \u7528\u4e8e\u8868\u793a\u64e6\u9664\u3002\u867d\u7136\u6b64\u65b9\u6cd5\u4ecd\u7136\u6709\u6548\uff0c\u4f46 `lvm_type=default` \u4e0d\u5efa\u8bae\u7528\u4e8e\u8bbe\u7f6e\u5b89\u5168\u5220\u9664\u3002 \u8be5 volume_clear \u53c2\u6570\u53ef\u4ee5\u8bbe\u7f6e\u4e3a zero \u3002\u8be5 zero \u53c2\u6570\u5c06\u5411\u8bbe\u5907\u5199\u5165\u4e00\u6b21\u96f6\u4f20\u9012\u3002 \u6709\u5173\u8be5 lvm_type \u53c2\u6570\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 cinder \u9879\u76ee\u6587\u6863\u7684\u7cbe\u7b80\u7f6e\u5907\u4e2d\u7684 LVM \u548c\u8d85\u989d\u8ba2\u9605\u90e8\u5206\u3002 \u6709\u5173\u8be5 volume_clear \u53c2\u6570\u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 cinder \u9879\u76ee\u6587\u6863\u7684 Cinder \u914d\u7f6e\u9009\u9879\u90e8\u5206\u3002 \u68c0\u67e5\u8868 \u00b6 Check-Block-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/cinder\uff1f \u00b6 \u914d\u7f6e\u6587\u4ef6\u5305\u542b\u7ec4\u4ef6\u5e73\u7a33\u8fd0\u884c\u6240\u9700\u7684\u5173\u952e\u53c2\u6570\u548c\u4fe1\u606f\u3002\u5982\u679c\u975e\u7279\u6743\u7528\u6237\u6709\u610f\u6216\u65e0\u610f\u5730\u4fee\u6539\u6216\u5220\u9664\u4efb\u4f55\u53c2\u6570\u6216\u6587\u4ef6\u672c\u8eab\uff0c\u5219\u4f1a\u5bfc\u81f4\u4e25\u91cd\u7684\u53ef\u7528\u6027\u95ee\u9898\uff0c\u4ece\u800c\u5bfc\u81f4\u62d2\u7edd\u5411\u5176\u4ed6\u6700\u7ec8\u7528\u6237\u63d0\u4f9b\u670d\u52a1\u3002\u56e0\u6b64\uff0c\u6b64\u7c7b\u5173\u952e\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a root\uff0c\u7ec4\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a cinder\u3002\u6b64\u5916\uff0c\u5305\u542b\u76ee\u5f55\u5e94\u5177\u6709\u76f8\u540c\u7684\u6240\u6709\u6743\uff0c\u4ee5\u786e\u4fdd\u6b63\u786e\u62e5\u6709\u65b0\u6587\u4ef6\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%U %G\" /etc/cinder/cinder.conf | egrep \"root cinder\" $ stat -L -c \"%U %G\" /etc/cinder/api-paste.ini | egrep \"root cinder\" $ stat -L -c \"%U %G\" /etc/cinder/policy.json | egrep \"root cinder\" $ stat -L -c \"%U %G\" /etc/cinder/rootwrap.conf | egrep \"root cinder\" $ stat -L -c \"%U %G\" /etc/cinder | egrep \"root cinder\" \u901a\u8fc7\uff1a\u5982\u679c\u6240\u6709\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u5206\u522b\u8bbe\u7f6e\u4e3a root \u548c cinder\u3002\u4e0a\u9762\u7684\u547d\u4ee4\u663e\u793a\u4e86\u6839\u7164\u6e23\u7684\u8f93\u51fa\u3002 \u5931\u8d25\uff1a\u5982\u679c\u4e0a\u8ff0\u547d\u4ee4\u672a\u8fd4\u56de\u4efb\u4f55\u8f93\u51fa\uff0c\u56e0\u4e3a\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u53ef\u80fd\u5df2\u8bbe\u7f6e\u4e3a\u9664 root \u4ee5\u5916\u7684\u4efb\u4f55\u7528\u6237\u6216\u9664 cinder \u4ee5\u5916\u7684\u4efb\u4f55\u7ec4\u3002 Check-Block-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f \u00b6 \u4e0e\u524d\u9762\u7684\u68c0\u67e5\u7c7b\u4f3c\uff0c\u6211\u4eec\u5efa\u8bae\u4e3a\u6b64\u7c7b\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e25\u683c\u7684\u8bbf\u95ee\u6743\u9650\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%a\" /etc/cinder/cinder.conf $ stat -L -c \"%a\" /etc/cinder/api-paste.ini $ stat -L -c \"%a\" /etc/cinder/policy.json $ stat -L -c \"%a\" /etc/cinder/rootwrap.conf $ stat -L -c \"%a\" /etc/cinder \u8fd8\u53ef\u4ee5\u8fdb\u884c\u66f4\u5e7f\u6cdb\u7684\u9650\u5236\uff1a\u5982\u679c\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\uff0c\u5219\u4fdd\u8bc1\u6b64\u76ee\u5f55\u4e2d\u65b0\u521b\u5efa\u7684\u6587\u4ef6\u5177\u6709\u6240\u9700\u7684\u6743\u9650\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u6743\u9650\u8bbe\u7f6e\u4e3a 640 \u6216\u66f4\u4e25\u683c\uff0c\u6216\u8005\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\u3002640/750 \u7684\u6743\u9650\u8f6c\u6362\u4e3a\u6240\u6709\u8005 r/w\u3001\u7ec4 r\uff0c\u800c\u5bf9\u5176\u4ed6\u4eba\u6ca1\u6709\u6743\u9650\uff0c\u5373\u201cu=rw\uff0cg=r\uff0co=\u201d\u3002\u8bf7\u6ce8\u610f\uff0c\u4f7f\u7528 Check-Block-01 \u65f6\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/cinder\uff1f\u6743\u9650\u8bbe\u7f6e\u4e3a 640\uff0croot \u5177\u6709\u8bfb/\u5199\u8bbf\u95ee\u6743\u9650\uff0ccinder \u5177\u6709\u5bf9\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u8bfb\u53d6\u8bbf\u95ee\u6743\u9650\u3002\u4e5f\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u9a8c\u8bc1\u8bbf\u95ee\u6743\u9650\u3002\u4ec5\u5f53\u6b64\u547d\u4ee4\u652f\u6301 ACL \u65f6\uff0c\u5b83\u624d\u5728\u60a8\u7684\u7cfb\u7edf\u4e0a\u53ef\u7528\u3002 $ getfacl --tabular -a /etc/cinder/cinder.conf getfacl: Removing leading '/' from absolute path names # file: etc/cinder/cinder.conf USER root rw- GROUP cinder r-- mask r-- other --- \u5931\u8d25\uff1a\u5982\u679c\u6743\u9650\u672a\u8bbe\u7f6e\u4e3a\u81f3\u5c11 640\u3002 Check-Block-03\uff1aKeystone \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f \u00b6 \u6ce8\u610f \u6b64\u9879\u4ec5\u9002\u7528\u4e8e OpenStack \u7248\u672c Rocky \u53ca\u4e4b\u524d\u7248\u672c\uff0c\u56e0\u4e3a `auth_strategy` Stein \u4e2d\u5df2\u5f03\u7528\u3002 OpenStack \u652f\u6301\u5404\u79cd\u8eab\u4efd\u9a8c\u8bc1\u7b56\u7565\uff0c\u5982 noauth\u3001keystone \u7b49\u3002\u5982\u679c\u4f7f\u7528\u201cnoauth\u201d\u7b56\u7565\uff0c\u90a3\u4e48\u7528\u6237\u65e0\u9700\u4efb\u4f55\u8eab\u4efd\u9a8c\u8bc1\u5373\u53ef\u4e0eOpenStack\u670d\u52a1\u8fdb\u884c\u4ea4\u4e92\u3002\u8fd9\u53ef\u80fd\u662f\u4e00\u4e2a\u6f5c\u5728\u7684\u98ce\u9669\uff0c\u56e0\u4e3a\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u83b7\u5f97\u5bf9 OpenStack \u7ec4\u4ef6\u7684\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002\u56e0\u6b64\uff0c\u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\u6240\u6709\u670d\u52a1\u90fd\u5fc5\u987b\u4f7f\u7528\u5176\u670d\u52a1\u5e10\u6237\u901a\u8fc7 keystone \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 auth_strategy \u8bbe\u7f6e\u4e3a keystone \u3002 [DEFAULT] /etc/cinder/cinder.conf \u5931\u8d25\uff1a\u5982\u679c section \u4e0b\u7684 [DEFAULT] \u53c2\u6570 auth_strategy \u503c\u8bbe\u7f6e\u4e3a noauth \u3002 Check-Block-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f \u00b6 OpenStack \u7ec4\u4ef6\u4f7f\u7528\u5404\u79cd\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\uff0c\u901a\u4fe1\u53ef\u80fd\u6d89\u53ca\u654f\u611f/\u673a\u5bc6\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5c1d\u8bd5\u7a83\u542c\u9891\u9053\u4ee5\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u56e0\u6b64\uff0c\u6240\u6709\u7ec4\u4ef6\u90fd\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u7684\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in /etc/cinder/cinder.conf \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a Identity API \u7aef\u70b9\u5f00\u5934\uff0c https:// \u5e76\u4e14 same /etc/cinder/cinder.conf \u4e2d\u540c\u4e00 [keystone_authtoken] \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri insecure \u503c\u8bbe\u7f6e\u4e3a False \u3002 \u5931\u8d25\uff1a\u5982\u679c in /etc/cinder/cinder.conf \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri \u503c\u672a\u8bbe\u7f6e\u4e3a\u4ee5 \u5f00\u5934\u7684\u8eab\u4efd API \u7aef\u70b9\uff0c https:// \u6216\u8005\u540c\u4e00 /etc/cinder/cinder.conf \u90e8\u5206\u4e2d\u7684\u53c2\u6570 insecure [keystone_authtoken] \u503c\u8bbe\u7f6e\u4e3a True \u3002 Check-Block-05\uff1acinder \u662f\u5426\u901a\u8fc7 TLS \u4e0e nova \u901a\u4fe1\uff1f \u00b6 OpenStack \u7ec4\u4ef6\u4f7f\u7528\u5404\u79cd\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\uff0c\u901a\u4fe1\u53ef\u80fd\u6d89\u53ca\u654f\u611f/\u673a\u5bc6\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5c1d\u8bd5\u7a83\u542c\u9891\u9053\u4ee5\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u56e0\u6b64\uff0c\u6240\u6709\u7ec4\u4ef6\u90fd\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u7684\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 nova_api_insecure \u8bbe\u7f6e\u4e3a False \u3002 [DEFAULT] /etc/cinder/cinder.conf \u5931\u8d25\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 nova_api_insecure \u8bbe\u7f6e\u4e3a True \u3002 [DEFAULT] /etc/cinder/cinder.conf Check-Block-06\uff1acinder \u662f\u5426\u901a\u8fc7 TLS \u4e0e glance \u901a\u4fe1\uff1f \u00b6 \u4e0e\u4e4b\u524d\u7684\u68c0\u67e5\uff08Check-Block-05\uff1acinder \u662f\u5426\u901a\u8fc7 TLS \u4e0e nova \u901a\u4fe1\uff1f\uff09\u7c7b\u4f3c\uff0c\u6211\u4eec\u5efa\u8bae\u6240\u6709\u7ec4\u4ef6\u4f7f\u7528\u5b89\u5168\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c in \u90e8\u5206\u4e0b\u7684 [DEFAULT] \u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a False \u5e76\u4e14\u53c2\u6570 glance_api_servers glance_api_insecure \u503c\u8bbe\u7f6e\u4e3a\u4ee5 https:// \u5f00\u5934 /etc/cinder/cinder.conf \u7684\u503c\u3002 \u5931\u8d25\uff1a\u5982\u679c\u5c06 section in \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a True \u6216\u53c2\u6570 glance_api_servers glance_api_insecure \u503c\u8bbe\u7f6e\u4e3a\u4e0d\u4ee5 https:// \u5f00\u5934\u7684\u503c\u3002 [DEFAULT] /etc/cinder/cinder.conf Check-Block-07\uff1a NAS \u662f\u5426\u5728\u5b89\u5168\u7684\u73af\u5883\u4e2d\u8fd0\u884c\uff1f \u00b6 Cinder \u652f\u6301 NFS \u9a71\u52a8\u7a0b\u5e8f\uff0c\u5176\u5de5\u4f5c\u65b9\u5f0f\u4e0e\u4f20\u7edf\u7684\u5757\u5b58\u50a8\u9a71\u52a8\u7a0b\u5e8f\u4e0d\u540c\u3002NFS \u9a71\u52a8\u7a0b\u5e8f\u5b9e\u9645\u4e0a\u4e0d\u5141\u8bb8\u5b9e\u4f8b\u5728\u5757\u7ea7\u522b\u8bbf\u95ee\u5b58\u50a8\u8bbe\u5907\u3002\u76f8\u53cd\uff0c\u6587\u4ef6\u662f\u5728 NFS \u5171\u4eab\u4e0a\u521b\u5efa\u7684\uff0c\u5e76\u6620\u5c04\u5230\u6a21\u62df\u5757\u50a8\u5b58\u8bbe\u5907\u7684\u5b9e\u4f8b\u3002Cinder \u901a\u8fc7\u5728\u521b\u5efa Cinder \u5377\u65f6\u63a7\u5236\u6587\u4ef6\u6743\u9650\u6765\u652f\u6301\u6b64\u7c7b\u6587\u4ef6\u7684\u5b89\u5168\u914d\u7f6e\u3002Cinder \u914d\u7f6e\u8fd8\u53ef\u4ee5\u63a7\u5236\u662f\u4ee5 root \u7528\u6237\u8eab\u4efd\u8fd8\u662f\u5f53\u524d OpenStack \u8fdb\u7a0b\u7528\u6237\u8eab\u4efd\u8fd0\u884c\u6587\u4ef6\u64cd\u4f5c\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 nas_secure_file_permissions \u8bbe\u7f6e\u4e3a auto \u3002 [DEFAULT] /etc/cinder/cinder.conf \u5982\u679c\u8bbe\u7f6e\u4e3a auto \uff0c\u5219\u5728 cinder \u542f\u52a8\u671f\u95f4\u8fdb\u884c\u68c0\u67e5\u4ee5\u786e\u5b9a\u662f\u5426\u5b58\u5728\u73b0\u6709\u7684 cinder \u5377\uff0c\u4efb\u4f55\u5377\u90fd\u4e0d\u4f1a\u5c06\u9009\u9879\u8bbe\u7f6e\u4e3a True \uff0c\u5e76\u4f7f\u7528\u5b89\u5168\u6587\u4ef6\u6743\u9650\u3002\u68c0\u6d4b\u73b0\u6709\u5377\u4f1a\u5c06\u9009\u9879\u8bbe\u7f6e\u4e3a False \uff0c\u5e76\u4f7f\u7528\u5f53\u524d\u4e0d\u5b89\u5168\u7684\u65b9\u6cd5\u6765\u5904\u7406\u6587\u4ef6\u6743\u9650\u3002\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 nas_secure_file_operations \u8bbe\u7f6e\u4e3a auto \u3002 [DEFAULT] /etc/cinder/cinder.conf \u5f53\u8bbe\u7f6e\u4e3a\u201cauto\u201d\u65f6\uff0c\u5728 cinder \u542f\u52a8\u671f\u95f4\u8fdb\u884c\u68c0\u67e5\u4ee5\u786e\u5b9a\u662f\u5426\u5b58\u5728\u73b0\u6709\u7684 cinder \u5377\uff0c\u4efb\u4f55\u5377\u90fd\u4e0d\u4f1a\u5c06\u9009\u9879\u8bbe\u7f6e\u4e3a True \uff0c\u5b89\u5168\u4e14\u4e0d\u4ee5 root \u7528\u6237\u8eab\u4efd\u8fd0\u884c\u3002\u5bf9\u73b0\u6709\u5377\u7684\u68c0\u6d4b\u4f1a\u5c06\u9009\u9879\u8bbe\u7f6e\u4e3a False \uff0c\u5e76\u4f7f\u7528\u5f53\u524d\u65b9\u6cd5\u4ee5 root \u7528\u6237\u8eab\u4efd\u8fd0\u884c\u64cd\u4f5c\u3002\u5bf9\u4e8e\u65b0\u5b89\u88c5\uff0c\u4f1a\u7f16\u5199\u4e00\u4e2a\u201c\u6807\u8bb0\u6587\u4ef6\u201d\uff0c\u4ee5\u4fbf\u968f\u540e\u91cd\u65b0\u542f\u52a8 cinder \u5c06\u77e5\u9053\u539f\u59cb\u786e\u5b9a\u662f\u4ec0\u4e48\u3002 \u5931\u8d25\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a False \uff0c\u5e76\u4e14 section in /etc/cinder/cinder.conf /etc/cinder/cinder.conf \u4e0b\u7684 [DEFAULT] [DEFAULT] \u53c2\u6570 nas_secure_file_permissions nas_secure_file_operations \u503c\u8bbe\u7f6e\u4e3a False \u3002 Check-Block-08\uff1a\u8bf7\u6c42\u6b63\u6587\u7684\u6700\u5927\u5927\u5c0f\u662f\u5426\u8bbe\u7f6e\u4e3a\u9ed8\u8ba4\u503c \uff08114688\uff09\uff1f \u00b6 \u5982\u679c\u672a\u5b9a\u4e49\u6bcf\u4e2a\u8bf7\u6c42\u7684\u6700\u5927\u6b63\u6587\u5927\u5c0f\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u6784\u5efa\u4efb\u610f\u8f83\u5927\u7684osapi\u8bf7\u6c42\uff0c\u5bfc\u81f4\u670d\u52a1\u5d29\u6e83\uff0c\u6700\u7ec8\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u5206\u914d\u6700\u5927\u503c\u53ef\u786e\u4fdd\u963b\u6b62\u4efb\u4f55\u6076\u610f\u8d85\u5927\u8bf7\u6c42\uff0c\u4ece\u800c\u786e\u4fdd\u670d\u52a1\u7684\u6301\u7eed\u53ef\u7528\u6027\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a 114688 114688 \uff0c\u6216\u8005 section in /etc/cinder/cinder.conf /etc/cinder/cinder.conf \u4e0b\u7684 [oslo_middleware] [DEFAULT] \u53c2\u6570 osapi_max_request_body_size max_request_body_size \u503c\u8bbe\u7f6e\u4e3a \u3002 \u5931\u8d25\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570\u503c\u672a\u8bbe\u7f6e\u4e3a 114688 \uff0c 114688 \u6216\u8005 section in /etc/cinder/cinder.conf /etc/cinder/cinder.conf \u4e0b\u7684 [oslo_middleware] [DEFAULT] \u53c2\u6570 osapi_max_request_body_size max_request_body_size \u503c\u672a\u8bbe\u7f6e\u4e3a \u3002 Check-Block-09\uff1a\u662f\u5426\u542f\u7528\u4e86\u5377\u52a0\u5bc6\u529f\u80fd\uff1f \u00b6 \u672a\u52a0\u5bc6\u7684\u5377\u6570\u636e\u4f7f\u5377\u6258\u7ba1\u5e73\u53f0\u6210\u4e3a\u653b\u51fb\u8005\u7279\u522b\u9ad8\u4ef7\u503c\u7684\u76ee\u6807\uff0c\u56e0\u4e3a\u5b83\u5141\u8bb8\u653b\u51fb\u8005\u8bfb\u53d6\u8bb8\u591a\u4e0d\u540c VM \u7684\u6570\u636e\u3002\u6b64\u5916\uff0c\u7269\u7406\u5b58\u50a8\u4ecb\u8d28\u53ef\u80fd\u4f1a\u88ab\u7a83\u53d6\u3001\u91cd\u65b0\u88c5\u8f7d\u548c\u4ece\u53e6\u4e00\u53f0\u8ba1\u7b97\u673a\u8bbf\u95ee\u3002\u52a0\u5bc6\u5377\u6570\u636e\u53ef\u4ee5\u964d\u4f4e\u8fd9\u4e9b\u98ce\u9669\uff0c\u5e76\u4e3a\u5377\u6258\u7ba1\u5e73\u53f0\u63d0\u4f9b\u6df1\u5ea6\u9632\u5fa1\u3002\u5757\u5b58\u50a8 \uff08cinder\uff09 \u80fd\u591f\u5728\u5c06\u5377\u6570\u636e\u5199\u5165\u78c1\u76d8\u4e4b\u524d\u5bf9\u5176\u8fdb\u884c\u52a0\u5bc6\uff0c\u56e0\u6b64\u5efa\u8bae\u5f00\u542f\u5377\u52a0\u5bc6\u529f\u80fd\u3002\u6709\u5173\u8bf4\u660e\uff0c\u8bf7\u53c2\u9605 Openstack Cinder \u670d\u52a1\u914d\u7f6e\u6587\u6863\u7684\u5377\u52a0\u5bc6\u90e8\u5206\u3002 \u901a\u8fc7\uff1a\u5982\u679c 1\uff09 \u8bbe\u7f6e\u4e86 in [key_manager] \u90e8\u5206\u4e0b\u7684\u53c2\u6570\u503c\uff0c2\uff09 \u8bbe\u7f6e\u4e86 in \u4e0b\u7684 [key_manager] \u53c2\u6570 backend backend \u503c\uff0c\u4ee5\u53ca 3\uff09 \u5982\u679c\u6b63\u786e\u9075\u5faa\u4e86 /etc/cinder/cinder.conf /etc/nova/nova.conf \u4e0a\u8ff0\u6587\u6863\u4e2d\u7684\u8bf4\u660e\u3002 \u82e5\u8981\u8fdb\u4e00\u6b65\u9a8c\u8bc1\uff0c\u8bf7\u5728\u5b8c\u6210\u5377\u52a0\u5bc6\u8bbe\u7f6e\u5e76\u4e3a LUKS \u521b\u5efa\u5377\u7c7b\u578b\u540e\u6267\u884c\u8fd9\u4e9b\u6b65\u9aa4\uff0c\u5982\u4e0a\u8ff0\u6587\u6863\u4e2d\u6240\u8ff0\u3002 \u521b\u5efa VM\uff1a $ openstack server create --image cirros-0.3.1-x86_64-disk --flavor m1.tiny TESTVM \u521b\u5efa\u52a0\u5bc6\u5377\u5e76\u5c06\u5176\u9644\u52a0\u5230 VM\uff1a $ openstack volume create --size 1 --type LUKS 'encrypted volume' $ openstack volume list $ openstack server add volume --device /dev/vdb TESTVM 'encrypted volume' \u5728 VM \u4e0a\uff0c\u5c06\u4e00\u4e9b\u6587\u672c\u53d1\u9001\u5230\u65b0\u9644\u52a0\u7684\u5377\u5e76\u540c\u6b65\u5b83\uff1a # echo \"Hello, world (encrypted /dev/vdb)\" >> /dev/vdb # sync && sleep 2 \u5728\u6258\u7ba1 cinder \u5377\u670d\u52a1\u7684\u7cfb\u7edf\u4e0a\uff0c\u540c\u6b65\u4ee5\u5237\u65b0 I/O \u7f13\u5b58\uff0c\u7136\u540e\u6d4b\u8bd5\u662f\u5426\u53ef\u4ee5\u627e\u5230\u5b57\u7b26\u4e32\uff1a # sync && sleep 2 # strings /dev/stack-volumes/volume-* | grep \"Hello\" \u641c\u7d22\u4e0d\u5e94\u8fd4\u56de\u5199\u5165\u52a0\u5bc6\u5377\u7684\u5b57\u7b26\u4e32\u3002 \u5931\u8d25\uff1a\u5982\u679c\u672a\u8bbe\u7f6e in \u90e8\u5206\u4e0b\u7684\u53c2\u6570\u503c\uff0c\u6216\u8005\u672a\u8bbe\u7f6e in /etc/cinder/cinder.conf /etc/nova/nova.conf \u90e8\u5206\u4e0b\u7684 [key_manager] [key_manager] \u53c2\u6570 backend backend \u503c\uff0c\u6216\u8005\u672a\u6b63\u786e\u9075\u5faa\u4e0a\u8ff0\u6587\u6863\u4e2d\u7684\u8bf4\u660e\u3002 \u56fe\u50cf\u5b58\u50a8 \u00b6 OpenStack Image Storage \uff08glance\uff09 \u662f\u4e00\u9879\u670d\u52a1\uff0c\u7528\u6237\u53ef\u4ee5\u5728\u5176\u4e2d\u4e0a\u4f20\u548c\u53d1\u73b0\u65e8\u5728\u4e0e\u5176\u4ed6\u670d\u52a1\u4e00\u8d77\u4f7f\u7528\u7684\u6570\u636e\u8d44\u4ea7\u3002\u8fd9\u76ee\u524d\u5305\u62ec\u56fe\u50cf\u548c\u5143\u6570\u636e\u5b9a\u4e49\u3002 \u6620\u50cf\u670d\u52a1\u5305\u62ec\u53d1\u73b0\u3001\u6ce8\u518c\u548c\u68c0\u7d22\u865a\u62df\u673a\u6620\u50cf\u3002Glance \u6709\u4e00\u4e2a RESTful API\uff0c\u5141\u8bb8\u67e5\u8be2 VM \u6620\u50cf\u5143\u6570\u636e\u4ee5\u53ca\u68c0\u7d22\u5b9e\u9645\u6620\u50cf\u3002 \u6709\u5173\u8be5\u670d\u52a1\u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 OpenStack Glance \u6587\u6863\u3002 \u68c0\u67e5\u8868 Check-Image-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/glance\uff1f Check-Image-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Image-03\uff1aKeystone \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Image-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Image-05\uff1a\u662f\u5426\u963b\u6b62\u4e86\u5c4f\u853d\u7aef\u53e3\u626b\u63cf\uff1f \u6ce8\u610f \u867d\u7136\u672c\u7ae0\u76ee\u524d\u5bf9\u5177\u4f53\u6307\u5357\u7684\u4ecb\u7ecd\u5f88\u5c11\uff0c\u4f46\u9884\u8ba1\u5c06\u9075\u5faa\u6807\u51c6\u7684\u5f3a\u5316\u5b9e\u8df5\u3002\u672c\u8282\u5c06\u6269\u5c55\u76f8\u5173\u4fe1\u606f\u3002 \u68c0\u67e5\u8868 \u00b6 Check-Image-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/glance\uff1f \u00b6 \u914d\u7f6e\u6587\u4ef6\u5305\u542b\u7ec4\u4ef6\u5e73\u7a33\u8fd0\u884c\u6240\u9700\u7684\u5173\u952e\u53c2\u6570\u548c\u4fe1\u606f\u3002\u5982\u679c\u975e\u7279\u6743\u7528\u6237\u6709\u610f\u6216\u65e0\u610f\u5730\u4fee\u6539\u6216\u5220\u9664\u4efb\u4f55\u53c2\u6570\u6216\u6587\u4ef6\u672c\u8eab\uff0c\u5219\u4f1a\u5bfc\u81f4\u4e25\u91cd\u7684\u53ef\u7528\u6027\u95ee\u9898\uff0c\u4ece\u800c\u5bfc\u81f4\u62d2\u7edd\u5411\u5176\u4ed6\u6700\u7ec8\u7528\u6237\u63d0\u4f9b\u670d\u52a1\u3002\u56e0\u6b64\uff0c\u5fc5\u987b\u5c06\u6b64\u7c7b\u5173\u952e\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u6240\u6709\u6743\u8bbe\u7f6e\u4e3a glance \uff0c root \u5e76\u4e14\u5fc5\u987b\u5c06\u7ec4\u6240\u6709\u6743\u8bbe\u7f6e\u4e3a \u3002\u6b64\u5916\uff0c\u5305\u542b\u76ee\u5f55\u5e94\u5177\u6709\u76f8\u540c\u7684\u6240\u6709\u6743\uff0c\u4ee5\u786e\u4fdd\u6b63\u786e\u62e5\u6709\u65b0\u6587\u4ef6\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%U %G\" /etc/glance/glance-api-paste.ini | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance/glance-api.conf | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance/glance-cache.conf | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance/glance-manage.conf | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance/glance-registry-paste.ini | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance/glance-registry.conf | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance/glance-scrubber.conf | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance/glance-swift-store.conf | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance/policy.json | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance/schema-image.json | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance/schema.json | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance | egrep \"root glance\" \u901a\u8fc7\uff1a\u5982\u679c\u6240\u6709\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u5206\u522b\u8bbe\u7f6e\u4e3a root \u548c glance\u3002\u4e0a\u9762\u7684\u547d\u4ee4\u663e\u793a\u4e86 root glance \u7684\u8f93\u51fa\u3002 \u5931\u8d25\uff1a\u5982\u679c\u4e0a\u8ff0\u547d\u4ee4\u4e0d\u8fd4\u56de\u4efb\u4f55\u8f93\u51fa\u3002 Check-Image-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f \u00b6 \u4e0e\u524d\u9762\u7684\u68c0\u67e5\u7c7b\u4f3c\uff0c\u6211\u4eec\u5efa\u8bae\u60a8\u4e3a\u6b64\u7c7b\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e25\u683c\u7684\u8bbf\u95ee\u6743\u9650\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%a\" /etc/glance/glance-api-paste.ini $ stat -L -c \"%a\" /etc/glance/glance-api.conf $ stat -L -c \"%a\" /etc/glance/glance-cache.conf $ stat -L -c \"%a\" /etc/glance/glance-manage.conf $ stat -L -c \"%a\" /etc/glance/glance-registry-paste.ini $ stat -L -c \"%a\" /etc/glance/glance-registry.conf $ stat -L -c \"%a\" /etc/glance/glance-scrubber.conf $ stat -L -c \"%a\" /etc/glance/glance-swift-store.conf $ stat -L -c \"%a\" /etc/glance/policy.json $ stat -L -c \"%a\" /etc/glance/schema-image.json $ stat -L -c \"%a\" /etc/glance/schema.json $ stat -L -c \"%a\" /etc/glance \u8fd8\u53ef\u4ee5\u8fdb\u884c\u66f4\u5e7f\u6cdb\u7684\u9650\u5236\uff1a\u5982\u679c\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\uff0c\u5219\u4fdd\u8bc1\u6b64\u76ee\u5f55\u4e2d\u65b0\u521b\u5efa\u7684\u6587\u4ef6\u5177\u6709\u6240\u9700\u7684\u6743\u9650\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u6743\u9650\u8bbe\u7f6e\u4e3a 640 \u6216\u66f4\u4e25\u683c\uff0c\u6216\u8005\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\u3002640/750 \u7684\u6743\u9650\u8f6c\u6362\u4e3a\u6240\u6709\u8005 r/w\u3001\u7ec4 r\uff0c\u800c\u5bf9\u5176\u4ed6\u4eba\u6ca1\u6709\u6743\u9650\u3002\u4f8b\u5982\uff0c u=rw,g=r,o= . \u6ce8\u610f \u4f7f\u7528 Check-Image-01\uff1a Devices / Group Ownership of config files \u662f\u5426\u8bbe\u7f6e\u4e3a root/glance\uff1f\uff0c\u6743\u9650\u8bbe\u7f6e\u4e3a 640\uff0c\u5219 root \u5177\u6709\u8bfb/\u5199\u8bbf\u95ee\u6743\u9650\uff0cglance \u5177\u6709\u5bf9\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u8bfb\u53d6\u8bbf\u95ee\u6743\u9650\u3002\u4e5f\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u9a8c\u8bc1\u8bbf\u95ee\u6743\u9650\u3002\u4ec5\u5f53\u6b64\u547d\u4ee4\u652f\u6301 ACL \u65f6\uff0c\u5b83\u624d\u5728\u60a8\u7684\u7cfb\u7edf\u4e0a\u53ef\u7528\u3002 $ getfacl --tabular -a /etc/glance/glance-api.conf getfacl: Removing leading '/' from absolute path names # file: /etc/glance/glance-api.conf USER root rw- GROUP glance r-- mask r-- other --- \u5931\u8d25\uff1a\u5982\u679c\u6743\u9650\u672a\u8bbe\u7f6e\u4e3a\u81f3\u5c11 640\u3002 Check-Image-03\uff1aKeystone \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f \u00b6 \u6ce8\u610f \u6b64\u9879\u4ec5\u9002\u7528\u4e8e OpenStack \u7248\u672c Rocky \u53ca\u4e4b\u524d\u7248\u672c\uff0c\u56e0\u4e3a `auth_strategy` Stein \u4e2d\u5df2\u5f03\u7528\u3002 OpenStack \u652f\u6301\u5404\u79cd\u8eab\u4efd\u9a8c\u8bc1\u7b56\u7565\uff0c\u5305\u62ec noauth \u548c keystone\u3002\u5982\u679c\u4f7f\u7528\u8be5 noauth \u7b56\u7565\uff0c\u5219\u7528\u6237\u65e0\u9700\u4efb\u4f55\u8eab\u4efd\u9a8c\u8bc1\u5373\u53ef\u4e0e OpenStack \u670d\u52a1\u8fdb\u884c\u4ea4\u4e92\u3002\u8fd9\u53ef\u80fd\u662f\u4e00\u4e2a\u6f5c\u5728\u7684\u98ce\u9669\uff0c\u56e0\u4e3a\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u83b7\u5f97\u5bf9 OpenStack \u7ec4\u4ef6\u7684\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002\u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\u6240\u6709\u670d\u52a1\u90fd\u5fc5\u987b\u4f7f\u7528\u5176\u670d\u52a1\u5e10\u6237\u901a\u8fc7 keystone \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a \uff0c keystone \u5e76\u4e14 section in /etc/glance/glance-api.conf /etc/glance /glance-registry.conf \u4e0b\u7684 [DEFAULT] [DEFAULT] \u53c2\u6570 auth_strategy auth_strategy \u503c\u8bbe\u7f6e\u4e3a keystone \u3002 \u5931\u8d25\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a noauth \u6216 section in /etc/glance/glance-api.conf /etc/glance/glance- registry.conf \u4e0b\u7684 [DEFAULT] [DEFAULT] \u53c2\u6570 auth_strategy auth_strategy \u503c\u8bbe\u7f6e\u4e3a noauth \u3002 Check-Image-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f \u00b6 OpenStack \u7ec4\u4ef6\u4f7f\u7528\u5404\u79cd\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\uff0c\u901a\u4fe1\u53ef\u80fd\u6d89\u53ca\u654f\u611f\u6216\u673a\u5bc6\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5c1d\u8bd5\u7a83\u542c\u9891\u9053\u4ee5\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u6240\u6709\u7ec4\u4ef6\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u7684\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a\u4ee5 \u5f00\u5934\u7684 Identity API \u7aef\u70b9 https:// \uff0c\u5e76\u4e14\u8be5\u53c2\u6570 insecure www_authenticate_uri \u7684\u503c\u4f4d\u4e8e same /etc/glance/glance-registry.conf \u4e2d\u7684\u540c\u4e00 [keystone_authtoken] \u90e8\u5206\u4e0b\uff0c\u5219\u8bbe\u7f6e\u4e3a False \u3002 [keystone_authtoken] /etc/glance/glance-api.conf \u5931\u8d25\uff1a\u5982\u679c \u4e2d\u7684 /etc/glance/glance-api.conf \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri \u503c\u672a\u8bbe\u7f6e\u4e3a\u4ee5 https:// \u5f00\u5934\u7684\u6807\u8bc6 API \u7aef\u70b9\uff0c\u6216\u8005\u540c\u4e00 /etc/glance/glance-api.conf \u90e8\u5206\u4e2d\u7684\u53c2\u6570 insecure [keystone_authtoken] \u503c\u8bbe\u7f6e\u4e3a True \u3002 Check-Image-05\uff1a\u662f\u5426\u963b\u6b62\u4e86\u5c4f\u853d\u7aef\u53e3\u626b\u63cf\uff1f \u00b6 Glance \u63d0\u4f9b\u7684\u6620\u50cf\u670d\u52a1 API v1 \u4e2d\u7684 copy_from \u529f\u80fd\u53ef\u5141\u8bb8\u653b\u51fb\u8005\u6267\u884c\u5c4f\u853d\u7684\u7f51\u7edc\u7aef\u53e3\u626b\u63cf\u3002\u5982\u679c\u542f\u7528\u4e86 v1 API\uff0c\u5219\u5e94\u5c06\u6b64\u7b56\u7565\u8bbe\u7f6e\u4e3a\u53d7\u9650\u503c\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 copy_from in /etc/glance/policy.json \u7684\u503c\u8bbe\u7f6e\u4e3a\u53d7\u9650\u503c\uff0c\u4f8b\u5982 role:admin . \u5931\u8d25\uff1a\u672a\u8bbe\u7f6e\u53c2\u6570 copy_from in /etc/glance/policy.json \u7684\u503c\u3002 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf \u00b6 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\uff08manila\uff09\u63d0\u4f9b\u4e86\u4e00\u7ec4\u670d\u52a1\uff0c\u7528\u4e8e\u7ba1\u7406\u591a\u79df\u6237\u4e91\u73af\u5883\u4e2d\u7684\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u3002\u5b83\u7c7b\u4f3c\u4e8eOpenStack\u901a\u8fc7OpenStack\u5757\u5b58\u50a8\u670d\u52a1\uff08cinder\uff09\u9879\u76ee\u63d0\u4f9b\u57fa\u4e8e\u5757\u7684\u5b58\u50a8\u7ba1\u7406\u7684\u65b9\u5f0f\u3002\u4f7f\u7528\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\uff0c\u60a8\u53ef\u4ee5\u521b\u5efa\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u5e76\u7ba1\u7406\u5176\u5c5e\u6027\uff0c\u4f8b\u5982\u53ef\u89c1\u6027\u3001\u53ef\u8bbf\u95ee\u6027\u548c\u4f7f\u7528\u914d\u989d\u3002 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u9002\u7528\u4e8e\u4f7f\u7528\u4ee5\u4e0b\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\u7684\u5404\u79cd\u5b58\u50a8\u63d0\u4f9b\u7a0b\u5e8f\uff1aNFS\u3001CIFS\u3001GlusterFS \u548c HDFS\u3002 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u7684\u7528\u9014\u4e0e Amazon Elastic File System \uff08EFS\uff09 \u76f8\u540c\u3002 \u4ecb\u7ecd \u4e00\u822c\u5b89\u5168\u4fe1\u606f \u7f51\u7edc\u548c\u5b89\u5168\u6a21\u578b \u5171\u4eab\u540e\u7aef\u6a21\u5f0f \u6241\u5e73\u5316\u7f51\u7edc\u4e0e\u5206\u6bb5\u5316\u7f51\u7edc \u7f51\u7edc\u63d2\u4ef6 \u5b89\u5168\u670d\u52a1 \u5b89\u5168\u670d\u52a1\u7b80\u4ecb \u5b89\u5168\u670d\u52a1\u7ba1\u7406 \u5171\u4eab\u8bbf\u95ee\u63a7\u5236 \u5171\u4eab\u7c7b\u578b\u8bbf\u95ee\u63a7\u5236 \u653f\u7b56 \u68c0\u67e5\u8868 Check-Shared-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/manila\uff1f Check-Shared-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Shared-03\uff1aOpenStack Identity \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Shared-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Shared-05\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u8ba1\u7b97\u8054\u7cfb\uff1f Check-Shared-06\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u7f51\u7edc\u8054\u7cfb\uff1f Check-Shared-07\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u5757\u5b58\u50a8\u8054\u7cfb\uff1f Check-Shared-08\uff1a\u8bf7\u6c42\u6b63\u6587\u7684\u6700\u5927\u5927\u5c0f\u662f\u5426\u8bbe\u7f6e\u4e3a\u9ed8\u8ba4\u503c \uff08114688\uff09\uff1f \u4ecb\u7ecd \u00b6 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\uff08\u9a6c\u5c3c\u62c9\uff09\u65e8\u5728\u5728\u5355\u8282\u70b9\u6216\u8de8\u591a\u4e2a\u8282\u70b9\u8fd0\u884c\u3002\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u7531\u56db\u4e2a\u4e3b\u8981\u670d\u52a1\u7ec4\u6210\uff0c\u5b83\u4eec\u7c7b\u4f3c\u4e8e\u5757\u5b58\u50a8\u670d\u52a1\uff1a manila-api manila-scheduler manila-share manila-data manila-api \u63d0\u4f9b\u7a33\u5b9a RESTful API \u7684\u670d\u52a1\u3002\u8be5\u670d\u52a1\u5728\u6574\u4e2a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4e2d\u5bf9\u8bf7\u6c42\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u548c\u8def\u7531\u3002\u6709 python-manilaclient \u53ef\u4ee5\u4e0e API \u4ea4\u4e92\u3002\u6709\u5173\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf API \u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 OpenStack \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf API\u3002 manila-share \u8d1f\u8d23\u7ba1\u7406\u5171\u4eab\u6587\u4ef6\u670d\u52a1\u8bbe\u5907\uff0c\u7279\u522b\u662f\u540e\u7aef\u8bbe\u5907\u3002 manila-scheduler \u8d1f\u8d23\u5b89\u6392\u8bf7\u6c42\u5e76\u5c06\u5176\u8def\u7531\u5230\u76f8\u5e94\u7684 manila-share \u670d\u52a1\u3002\u5b83\u901a\u8fc7\u9009\u62e9\u4e00\u4e2a\u540e\u7aef\uff0c\u540c\u65f6\u8fc7\u6ee4\u9664\u4e00\u4e2a\u540e\u7aef\u4e4b\u5916\u7684\u6240\u6709\u540e\u7aef\u6765\u5b9e\u73b0\u8fd9\u4e00\u70b9\u3002 manila-data \u6b64\u670d\u52a1\u8d1f\u8d23\u7ba1\u7406\u6570\u636e\u64cd\u4f5c\uff0c\u5982\u679c\u4e0d\u5355\u72ec\u5904\u7406\uff0c\u53ef\u80fd\u9700\u8981\u5f88\u957f\u65f6\u95f4\u624d\u80fd\u5b8c\u6210\uff0c\u5e76\u963b\u6b62\u5176\u4ed6\u670d\u52a1\u3002 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4f7f\u7528\u57fa\u4e8e SQL \u7684\u4e2d\u592e\u6570\u636e\u5e93\uff0c\u8be5\u6570\u636e\u5e93\u7531\u7cfb\u7edf\u4e2d\u7684\u6240\u6709\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5171\u4eab\u3002\u5b83\u53ef\u4ee5\u4f7f\u7528 ORM SQLALcvery \u652f\u6301\u7684\u4efb\u4f55 SQL \u65b9\u8a00\uff0c\u4f46\u4ec5\u4f7f\u7528 MySQL \u548c PostgreSQL \u6570\u636e\u5e93\u8fdb\u884c\u6d4b\u8bd5\u3002 \u4f7f\u7528 SQL\uff0c\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u7c7b\u4f3c\u4e8e\u5176\u4ed6 OpenStack \u670d\u52a1\uff0c\u53ef\u4ee5\u4e0e\u4efb\u4f55 OpenStack \u90e8\u7f72\u4e00\u8d77\u4f7f\u7528\u3002\u6709\u5173 API \u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 OpenStack \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf API \u8bf4\u660e\u3002\u6709\u5173 CLI \u7528\u6cd5\u548c\u914d\u7f6e\u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u4e91\u7ba1\u7406\u6307\u5357\u3002 \u4e0b\u56fe\u4e2d\uff0c\u60a8\u53ef\u4ee5\u770b\u5230\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u7684\u4e0d\u540c\u90e8\u5206\u5982\u4f55\u76f8\u4e92\u4ea4\u4e92\u3002 \u9664\u4e86\u5df2\u7ecf\u63cf\u8ff0\u7684\u670d\u52a1\u4e4b\u5916\uff0c\u60a8\u8fd8\u53ef\u4ee5\u5728\u56fe\u50cf\u4e0a\u770b\u5230\u53e6\u5916\u4e24\u4e2a\u5b9e\u4f53\uff1a python-manilaclient \u548c storage controller \u3002 python-manilaclient \u547d\u4ee4\u884c\u754c\u9762\uff0c\u7528\u4e8e\u901a\u8fc7 manila-api \u4e0e\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u8fdb\u884c\u4ea4\u4e92\uff0c\u4ee5\u53ca\u7528\u4e8e\u4ee5\u7f16\u7a0b\u65b9\u5f0f\u4e0e\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4ea4\u4e92\u7684 Python \u6a21\u5757\u3002 Storage controller \u901a\u5e38\u662f\u4e00\u4e2a\u91d1\u5c5e\u76d2\uff0c\u5e26\u6709\u65cb\u8f6c\u78c1\u76d8\u3001\u4ee5\u592a\u7f51\u7aef\u53e3\u548c\u67d0\u79cd\u8f6f\u4ef6\uff0c\u5141\u8bb8\u7f51\u7edc\u5ba2\u6237\u7aef\u5728\u78c1\u76d8\u4e0a\u8bfb\u53d6\u548c\u5199\u5165\u6587\u4ef6\u3002\u8fd8\u6709\u4e00\u4e9b\u5728\u4efb\u610f\u786c\u4ef6\u4e0a\u8fd0\u884c\u7684\u7eaf\u8f6f\u4ef6\u5b58\u50a8\u63a7\u5236\u5668\uff0c\u7fa4\u96c6\u63a7\u5236\u5668\u53ef\u80fd\u5141\u8bb8\u591a\u4e2a\u7269\u7406\u8bbe\u5907\u663e\u793a\u4e3a\u5355\u4e2a\u5b58\u50a8\u63a7\u5236\u5668\uff0c\u6216\u7eaf\u865a\u62df\u5b58\u50a8\u63a7\u5236\u5668\u3002 \u5171\u4eab\u662f\u8fdc\u7a0b\u7684\u3001\u53ef\u88c5\u8f7d\u7684\u6587\u4ef6\u7cfb\u7edf\u3002\u60a8\u53ef\u4ee5\u4e00\u6b21\u5c06\u5171\u4eab\u88c5\u8f7d\u5230\u591a\u4e2a\u4e3b\u673a\uff0c\u4e5f\u53ef\u4ee5\u7531\u591a\u4e2a\u7528\u6237\u4ece\u591a\u4e2a\u4e3b\u673a\u8bbf\u95ee\u5171\u4eab\u3002 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u53ef\u4ee5\u4f7f\u7528\u4e0d\u540c\u7684\u7f51\u7edc\u7c7b\u578b\uff1a\u6241\u5e73\u7f51\u7edc\u3001VLAN\u3001VXLAN \u6216 GRE\uff0c\u5e76\u652f\u6301\u5206\u6bb5\u7f51\u7edc\u3002\u6b64\u5916\uff0c\u8fd8\u6709\u4e0d\u540c\u7684\u7f51\u7edc\u63d2\u4ef6\uff0c\u5b83\u4eec\u63d0\u4f9b\u4e86\u4e0e OpenStack \u63d0\u4f9b\u7684\u7f51\u7edc\u670d\u52a1\u7684\u5404\u79cd\u96c6\u6210\u65b9\u6cd5\u3002 \u4e0d\u540c\u4f9b\u5e94\u5546\u521b\u5efa\u4e86\u5927\u91cf\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\uff0c\u8fd9\u4e9b\u9a71\u52a8\u7a0b\u5e8f\u652f\u6301\u4e0d\u540c\u7684\u786c\u4ef6\u5b58\u50a8\u89e3\u51b3\u65b9\u6848\uff0c\u4f8b\u5982 NetApp \u96c6\u7fa4\u6a21\u5f0f Data ONTAP \uff08 cDOT \uff09\u9a71\u52a8\u7a0b\u5e8f\uff0c\u534e\u4e3a NAS \u9a71\u52a8\u7a0b\u5e8f\u6216 GlusterFS \u9a71\u52a8\u7a0b\u5e8f\u3002\u6bcf\u4e2a\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u90fd\u662f\u4e00\u4e2a Python \u7c7b\uff0c\u53ef\u4ee5\u4e3a\u540e\u7aef\u8bbe\u7f6e\u5e76\u5728\u540e\u7aef\u8fd0\u884c\u4ee5\u7ba1\u7406\u5171\u4eab\u64cd\u4f5c\uff0c\u5176\u4e2d\u4e00\u4e9b\u64cd\u4f5c\u53ef\u80fd\u662f\u7279\u5b9a\u4e8e\u4f9b\u5e94\u5546\u7684\u3002\u540e\u7aef\u662f manila-share \u670d\u52a1\u7684\u4e00\u4e2a\u5b9e\u4f8b\u3002 \u5ba2\u6237\u7aef\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743\u7684\u914d\u7f6e\u6570\u636e\u53ef\u4ee5\u7531\u5b89\u5168\u670d\u52a1\u5b58\u50a8\u3002\u53ef\u4ee5\u914d\u7f6e\u548c\u4f7f\u7528 LDAP\u3001Kerberos \u6216 Microsoft Active Directory \u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u7b49\u534f\u8bae\u3002 \u9664\u975e\u672a\u5728 policy.json \u4e2d\u663e\u5f0f\u66f4\u6539\uff0c\u5426\u5219\u7ba1\u7406\u5458\u6216\u62e5\u6709\u5171\u4eab\u7684\u79df\u6237\u90fd\u80fd\u591f\u7ba1\u7406\u5bf9\u5171\u4eab\u7684\u8bbf\u95ee\u3002\u8bbf\u95ee\u7ba1\u7406\u662f\u901a\u8fc7\u521b\u5efa\u8bbf\u95ee\u89c4\u5219\u6765\u5b8c\u6210\u7684\uff0c\u8be5\u89c4\u5219\u901a\u8fc7 IP \u5730\u5740\u3001\u7528\u6237\u3001\u7ec4\u6216 TLS \u8bc1\u4e66\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u53ef\u7528\u7684\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u53d6\u51b3\u4e8e\u60a8\u914d\u7f6e\u548c\u4f7f\u7528\u7684\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u548c\u5b89\u5168\u670d\u52a1\u3002 \u6ce8\u610f \u4e0d\u540c\u7684\u9a71\u52a8\u7a0b\u5e8f\u652f\u6301\u4e0d\u540c\u7684\u8bbf\u95ee\u9009\u9879\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u4f7f\u7528\u7684\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\u3002\u652f\u6301\u7684\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\u5305\u62ec NFS\u3001CIFS\u3001GlusterFS \u548c HDFS\u3002\u4f8b\u5982\uff0c\u901a\u7528\uff08\u5757\u5b58\u50a8\u4f5c\u4e3a\u540e\u7aef\uff09\u9a71\u52a8\u7a0b\u5e8f\u4e0d\u652f\u6301\u7528\u6237\u548c\u8bc1\u4e66\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u3002\u5b83\u8fd8\u4e0d\u652f\u6301\u4efb\u4f55\u5b89\u5168\u670d\u52a1\uff0c\u4f8b\u5982 LDAP\u3001Kerberos \u6216 Active Directory\u3002\u6709\u5173\u4e0d\u540c\u9a71\u52a8\u7a0b\u5e8f\u652f\u6301\u7684\u529f\u80fd\u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u9a6c\u5c3c\u62c9\u5171\u4eab\u529f\u80fd\u652f\u6301\u6620\u5c04\u3002 \u4f5c\u4e3a\u7ba1\u7406\u5458\uff0c\u60a8\u53ef\u4ee5\u521b\u5efa\u5171\u4eab\u7c7b\u578b\uff0c\u4f7f\u8ba1\u5212\u7a0b\u5e8f\u80fd\u591f\u5728\u521b\u5efa\u5171\u4eab\u4e4b\u524d\u7b5b\u9009\u540e\u7aef\u3002\u5171\u4eab\u7c7b\u578b\u5177\u6709\u989d\u5916\u7684\u89c4\u8303\uff0c\u60a8\u53ef\u4ee5\u4e3a\u8ba1\u5212\u7a0b\u5e8f\u8bbe\u7f6e\u8fd9\u4e9b\u89c4\u8303\uff0c\u4ee5\u7b5b\u9009\u548c\u6743\u8861\u540e\u7aef\uff0c\u4ee5\u4fbf\u4e3a\u8bf7\u6c42\u521b\u5efa\u5171\u4eab\u7684\u7528\u6237\u9009\u62e9\u9002\u5f53\u7684\u5171\u4eab\u7c7b\u578b\u3002\u5171\u4eab\u548c\u5171\u4eab\u7c7b\u578b\u53ef\u4ee5\u521b\u5efa\u4e3a\u516c\u5171\u6216\u79c1\u6709\u3002\u6b64\u53ef\u89c1\u6027\u7ea7\u522b\u5b9a\u4e49\u5176\u4ed6\u79df\u6237\u662f\u5426\u80fd\u591f\u770b\u5230\u8fd9\u4e9b\u5bf9\u8c61\u5e76\u5bf9\u5176\u8fdb\u884c\u64cd\u4f5c\u3002\u7ba1\u7406\u5458\u53ef\u4ee5\u4e3a\u8eab\u4efd\u670d\u52a1\u4e2d\u7684\u7279\u5b9a\u7528\u6237\u6216\u79df\u6237\u6dfb\u52a0\u5bf9\u4e13\u7528\u5171\u4eab\u7c7b\u578b\u7684\u8bbf\u95ee\u6743\u9650\u3002\u56e0\u6b64\uff0c\u60a8\u6388\u4e88\u8bbf\u95ee\u6743\u9650\u7684\u7528\u6237\u53ef\u4ee5\u770b\u5230\u53ef\u7528\u7684\u5171\u4eab\u7c7b\u578b\uff0c\u5e76\u4f7f\u7528\u5b83\u4eec\u521b\u5efa\u5171\u4eab\u3002 \u4e0d\u540c\u7528\u6237\u53ca\u5176\u89d2\u8272\u7684 API \u8c03\u7528\u6743\u9650\u7531\u7b56\u7565\u51b3\u5b9a\uff0c\u5c31\u50cf\u5728\u5176\u4ed6 OpenStack \u670d\u52a1\u4e2d\u4e00\u6837\u3002 \u6807\u8bc6\u670d\u52a1\u53ef\u7528\u4e8e\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4e2d\u7684\u8eab\u4efd\u9a8c\u8bc1\u3002\u8bf7\u53c2\u9605\u201c\u8eab\u4efd\u201d\u90e8\u5206\u4e2d\u7684\u8eab\u4efd\u670d\u52a1\u5b89\u5168\u6027\u7684\u8be6\u7ec6\u4fe1\u606f\u3002 \u4e00\u822c\u5b89\u5168\u4fe1\u606f \u00b6 \u4e0e\u5176\u4ed6 OpenStack \u9879\u76ee\u7c7b\u4f3c\uff0c\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5df2\u6ce8\u518c\u5230 Identity \u670d\u52a1\uff0c\u56e0\u6b64\u60a8\u53ef\u4ee5\u4f7f\u7528 manila endpoints \u547d\u4ee4\u67e5\u627e\u5171\u4eab\u670d\u52a1 v1 \u548c v2 \u7684 API \u7aef\u70b9\uff1a $ manila endpoints +-------------+-----------------------------------------+ | manila | Value | +-------------+-----------------------------------------+ | adminURL | http://172.18.198.55:8786/v1/20787a7b...| | region | RegionOne | | publicURL | http://172.18.198.55:8786/v1/20787a7b...| | internalURL | http://172.18.198.55:8786/v1/20787a7b...| | id | 82cc5535aa444632b64585f138cb9b61 | +-------------+-----------------------------------------+ +-------------+-----------------------------------------+ | manilav2 | Value | +-------------+-----------------------------------------+ | adminURL | http://172.18.198.55:8786/v2/20787a7b...| | region | RegionOne | | publicURL | http://172.18.198.55:8786/v2/20787a7b...| | internalURL | http://172.18.198.55:8786/v2/20787a7b...| | id | 2e8591bfcac4405fa7e5dc3fd61a2b85 | +-------------+-----------------------------------------+ \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf API \u670d\u52a1\u4ec5\u4fa6\u542c tcp6 \u7c7b\u578b\u540c\u65f6\u652f\u6301 IPv4 \u548c IPv6 \u7684\u7aef\u53e3 8786 \u3002 \u6ce8\u610f \u8be5\u7aef\u53e3\u662f\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u7684\u9ed8\u8ba4\u7aef\u53e3 8786 \u3002\u5b83\u53ef\u4ee5\u66f4\u6539\u4e3a\u4efb\u4f55\u5176\u4ed6\u7aef\u53e3\uff0c\u4f46\u6b64\u66f4\u6539\u4e5f\u5e94\u5728\u914d\u7f6e\u6587\u4ef6\u4e2d\u7684 \u9009\u9879\u4e2d\u8fdb\u884c\uff0c\u8be5\u9009\u9879 osapi_share_listen_port \u9ed8\u8ba4\u4e3a 8786 \u3002 \u5728 /etc/manila/ \u76ee\u5f55\u4e2d\uff0c\u60a8\u53ef\u4ee5\u627e\u5230\u51e0\u4e2a\u914d\u7f6e\u6587\u4ef6\uff1a api-paste.ini manila.conf policy.json rootwrap.conf rootwrap.d ./rootwrap.d: share.filters \u5efa\u8bae\u60a8\u5c06\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u914d\u7f6e\u4e3a\u5728\u975e root \u670d\u52a1\u5e10\u6237\u4e0b\u8fd0\u884c\uff0c\u5e76\u66f4\u6539\u6587\u4ef6\u6743\u9650\uff0c\u4ee5\u4fbf\u53ea\u6709\u7cfb\u7edf\u7ba1\u7406\u5458\u624d\u80fd\u4fee\u6539\u5b83\u4eec\u3002\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u8981\u6c42\u53ea\u6709\u7ba1\u7406\u5458\u624d\u80fd\u5199\u5165\u914d\u7f6e\u6587\u4ef6\uff0c\u800c\u670d\u52a1\u53ea\u80fd\u901a\u8fc7\u5176\u5728\u7ec4\u4e2d\u7684 manila \u7ec4\u6210\u5458\u8eab\u4efd\u8bfb\u53d6\u5b83\u4eec\u3002\u5176\u4ed6\u4eba\u4e00\u5b9a\u65e0\u6cd5\u8bfb\u53d6\u8fd9\u4e9b\u6587\u4ef6\uff0c\u56e0\u4e3a\u8fd9\u4e9b\u6587\u4ef6\u5305\u542b\u4e0d\u540c\u670d\u52a1\u7684\u7ba1\u7406\u5458\u5bc6\u7801\u3002 \u5e94\u7528\u68c0\u67e5 Check-Shared-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/manila\uff1f\u548c Check-Shared-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f\u4ece\u6e05\u5355\u4e2d\u9a8c\u8bc1\u6743\u9650\u8bbe\u7f6e\u662f\u5426\u6b63\u786e\u3002 \u6ce8\u610f \u6587\u4ef6\u4e2d\u7684 manila-rootwrap \u914d\u7f6e\u548c\u6587\u4ef6\u4e2d `rootwrap.conf` `rootwrap.d/share.filters` \u5171\u4eab\u8282\u70b9\u7684 manila-rootwrap \u547d\u4ee4\u8fc7\u6ee4\u5668\u5e94\u5f52 root \u7528\u6237\u6240\u6709\uff0c\u5e76\u4e14\u53ea\u80fd\u7531 root \u7528\u6237\u5199\u5165\u3002 \u5efa\u8bae manila \u914d\u7f6e\u6587\u4ef6 `manila.conf` \u53ef\u4ee5\u653e\u7f6e\u5728\u4efb\u4f55\u4f4d\u7f6e\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u8be5\u8def\u5f84 `/etc/manila/manila.conf` \u662f\u5fc5\u9700\u7684\u3002 \u7f51\u7edc\u548c\u5b89\u5168\u6a21\u578b \u00b6 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4e2d\u7684\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u662f\u4e00\u4e2a Python \u7c7b\uff0c\u53ef\u4ee5\u4e3a\u540e\u7aef\u8bbe\u7f6e\u5e76\u5728\u5176\u4e2d\u8fd0\u884c\u4ee5\u7ba1\u7406\u5171\u4eab\u64cd\u4f5c\uff0c\u5176\u4e2d\u4e00\u4e9b\u64cd\u4f5c\u662f\u7279\u5b9a\u4e8e\u4f9b\u5e94\u5546\u7684\u3002\u540e\u7aef\u662f manila-share \u670d\u52a1\u7684\u5b9e\u4f8b\u3002\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4e2d\u6709\u8bb8\u591a\u7531\u4e0d\u540c\u4f9b\u5e94\u5546\u521b\u5efa\u7684\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u3002\u6bcf\u4e2a\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u90fd\u652f\u6301\u4e00\u79cd\u6216\u591a\u79cd\u540e\u7aef\u6a21\u5f0f\uff1a\u5171\u4eab\u670d\u52a1\u5668\u548c\u65e0\u5171\u4eab\u670d\u52a1\u5668\u3002\u7ba1\u7406\u5458\u901a\u8fc7\u5728\u914d\u7f6e\u6587\u4ef6\u4e2d manila.conf \u6307\u5b9a\u6a21\u5f0f\u6765\u9009\u62e9\u4f7f\u7528\u54ea\u79cd\u6a21\u5f0f\u3002\u5b83\u4f7f\u7528\u4e86\u4e00\u4e2a\u9009\u9879 driver_handles_share_servers \u3002 \u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f\u53ef\u4ee5\u914d\u7f6e\u4e3a\u6241\u5e73\u7f51\u7edc\uff0c\u4e5f\u53ef\u4ee5\u914d\u7f6e\u5206\u6bb5\u7f51\u7edc\u3002\u8fd9\u53d6\u51b3\u4e8e\u7f51\u7edc\u63d0\u4f9b\u5546\u3002 \u5982\u679c\u60a8\u60f3\u4f7f\u7528\u4e0d\u540c\u7684\u914d\u7f6e\uff0c\u5219\u53ef\u4ee5\u4e3a\u4e0d\u540c\u7684\u6a21\u5f0f\u4f7f\u7528\u76f8\u540c\u7684\u786c\u4ef6\u4f7f\u7528\u5355\u72ec\u7684\u9a71\u52a8\u7a0b\u5e8f\u3002\u6839\u636e\u9009\u62e9\u7684\u6a21\u5f0f\uff0c\u7ba1\u7406\u5458\u53ef\u80fd\u9700\u8981\u901a\u8fc7\u914d\u7f6e\u6587\u4ef6\u63d0\u4f9b\u66f4\u591a\u914d\u7f6e\u8be6\u7ec6\u4fe1\u606f\u3002 \u5171\u4eab\u540e\u7aef\u6a21\u5f0f \u00b6 \u6bcf\u4e2a\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u81f3\u5c11\u652f\u6301\u4e00\u79cd\u53ef\u80fd\u7684\u9a71\u52a8\u7a0b\u5e8f\u6a21\u5f0f\uff1a \u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f \u65e0\u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f \u8bbe\u7f6e\u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f\u6216\u65e0\u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f\u7684 manila.conf \u914d\u7f6e\u9009\u9879\u662f driver_handles_share_servers \u9009\u9879\u3002\u5b83\u6307\u793a\u9a71\u52a8\u7a0b\u5e8f\u662f\u81ea\u884c\u5904\u7406\u5171\u4eab\u670d\u52a1\u5668\uff0c\u8fd8\u662f\u671f\u671b\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u6267\u884c\u6b64\u64cd\u4f5c\u3002 \u6a21\u5f0f \u914d\u7f6e\u9009\u9879 \u63cf\u8ff0 \u5171\u4eab\u670d\u52a1\u5668 driver_handles_share_servers =True \u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u521b\u5efa\u5171\u4eab\u670d\u52a1\u5668\u5e76\u7ba1\u7406\u6216\u5904\u7406\u5171\u4eab\u670d\u52a1\u5668\u751f\u547d\u5468\u671f\u3002 \u65e0\u5171\u4eab\u670d\u52a1\u5668 driver_handles_share_servers =False \u7ba1\u7406\u5458\uff08\u800c\u4e0d\u662f\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\uff09\u4f7f\u7528\u67d0\u4e9b\u7f51\u7edc\u63a5\u53e3\uff08\u800c\u4e0d\u662f\u5171\u4eab\u670d\u52a1\u5668\u7684\u5b58\u5728\uff09\u7ba1\u7406\u88f8\u673a\u5b58\u50a8\u3002 \u65e0\u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f \u5728\u8fd9\u79cd\u6a21\u5f0f\u4e0b\uff0c\u9a71\u52a8\u7a0b\u5e8f\u57fa\u672c\u4e0a\u6ca1\u6709\u4efb\u4f55\u7f51\u7edc\u8981\u6c42\u3002\u5047\u5b9a\u7531\u9a71\u52a8\u7a0b\u5e8f\u7ba1\u7406\u7684\u5b58\u50a8\u63a7\u5236\u5668\u5177\u6709\u6240\u9700\u7684\u6240\u6709\u7f51\u7edc\u63a5\u53e3\u3002\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5c06\u671f\u671b\u9a71\u52a8\u7a0b\u5e8f\u76f4\u63a5\u8bbe\u7f6e\u5171\u4eab\uff0c\u800c\u65e0\u9700\u4e8b\u5148\u521b\u5efa\u4efb\u4f55\u5171\u4eab\u670d\u52a1\u5668\u3002\u6b64\u6a21\u5f0f\u5bf9\u5e94\u4e8e\u67d0\u4e9b\u73b0\u6709\u9a71\u52a8\u7a0b\u5e8f\u5df2\u5728\u6267\u884c\u7684\u64cd\u4f5c\uff0c\u4f46\u5b83\u4f7f\u7ba1\u7406\u5458\u53ef\u4ee5\u660e\u786e\u9009\u62e9\u3002\u5728\u6b64\u6a21\u5f0f\u4e0b\uff0c\u5171\u4eab\u521b\u5efa\u65f6\u4e0d\u9700\u8981\u5171\u4eab\u7f51\u7edc\uff0c\u4e5f\u4e0d\u5f97\u63d0\u4f9b\u5171\u4eab\u7f51\u7edc\u3002 \u6ce8\u610f \u5728\u65e0\u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f\u4e0b\uff0c\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5c06\u5047\u5b9a\u6240\u6709\u79df\u6237\u90fd\u5df2\u53ef\u8bbf\u95ee\u7528\u4e8e\u5bfc\u51fa\u4efb\u4f55\u5171\u4eab\u7684\u7f51\u7edc\u63a5\u53e3\u3002 \u5728\u65e0\u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f\u4e0b\uff0c\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u4e0d\u5904\u7406\u5b58\u50a8\u751f\u547d\u5468\u671f\u3002\u7ba1\u7406\u5458\u5e94\u5904\u7406\u5b58\u50a8\u3001\u7f51\u7edc\u63a5\u53e3\u548c\u5176\u4ed6\u4e3b\u673a\u914d\u7f6e\u3002\u5728\u6b64\u6a21\u5f0f\u4e0b\uff0c\u7ba1\u7406\u5458\u53ef\u4ee5\u5c06\u5b58\u50a8\u8bbe\u7f6e\u4e3a\u5bfc\u51fa\u5171\u4eab\u7684\u4e3b\u673a\u3002\u6b64\u6a21\u5f0f\u7684\u4e3b\u8981\u7279\u5f81\u662f\u5b58\u50a8\u4e0d\u7531\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5904\u7406\u3002\u79df\u6237\u4e2d\u7684\u7528\u6237\u5171\u4eab\u516c\u5171\u7f51\u7edc\u3001\u4e3b\u673a\u3001\u5904\u7406\u5668\u548c\u7f51\u7edc\u7ba1\u9053\u3002\u5982\u679c\u7ba1\u7406\u5458\u6216\u4ee3\u7406\u4e4b\u524d\u914d\u7f6e\u7684\u5b58\u50a8\u6ca1\u6709\u6b63\u786e\u7684\u5e73\u8861\u8c03\u6574\uff0c\u5b83\u4eec\u53ef\u80fd\u4f1a\u76f8\u4e92\u963b\u788d\u3002\u5728\u516c\u6709\u4e91\u4e2d\uff0c\u6240\u6709\u7f51\u7edc\u5bb9\u91cf\u53ef\u80fd\u90fd\u7531\u4e00\u4e2a\u5ba2\u6237\u7aef\u4f7f\u7528\uff0c\u56e0\u6b64\u7ba1\u7406\u5458\u5e94\u6ce8\u610f\u4e0d\u8981\u53d1\u751f\u8fd9\u79cd\u60c5\u51b5\u3002\u5e73\u8861\u8c03\u6574\u53ef\u4ee5\u901a\u8fc7\u4efb\u4f55\u65b9\u5f0f\u5b8c\u6210\uff0c\u800c\u4e0d\u4e00\u5b9a\u662f\u4f7f\u7528 OpenStack \u5de5\u5177\u3002 \u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f \u5728\u6b64\u6a21\u5f0f\u4e0b\uff0c\u9a71\u52a8\u7a0b\u5e8f\u80fd\u591f\u521b\u5efa\u5171\u4eab\u670d\u52a1\u5668\u5e76\u5c06\u5176\u63d2\u5165\u73b0\u6709\u7f51\u7edc\u3002\u63d0\u4f9b\u65b0\u7684\u5171\u4eab\u670d\u52a1\u5668\u65f6\uff0c\u9a71\u52a8\u7a0b\u5e8f\u9700\u8981\u6765\u81ea\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u7684 IP \u5730\u5740\u548c\u5b50\u7f51\u3002 \u4e0e\u65e0\u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f\u4e0d\u540c\uff0c\u5728\u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f\u4e0b\uff0c\u7528\u6237\u5177\u6709\u4e00\u4e2a\u5171\u4eab\u7f51\u7edc\u548c\u4e00\u4e2a\u4e3a\u6bcf\u4e2a\u5171\u4eab\u7f51\u7edc\u521b\u5efa\u7684\u5171\u4eab\u670d\u52a1\u5668\u3002\u56e0\u6b64\uff0c\u6240\u6709\u7528\u6237\u90fd\u6709\u5355\u72ec\u7684 CPU\u3001CPU \u65f6\u95f4\u3001\u7f51\u7edc\u3001\u5bb9\u91cf\u548c\u541e\u5410\u91cf\u3002 \u60a8\u8fd8\u53ef\u4ee5\u5728\u5171\u4eab\u670d\u52a1\u5668\u548c\u65e0\u5171\u4eab\u670d\u52a1\u5668\u540e\u7aef\u6a21\u5f0f\u4e0b\u914d\u7f6e\u5b89\u5168\u670d\u52a1\u3002\u4f46\u662f\uff0c\u5982\u679c\u6ca1\u6709\u5171\u4eab\u670d\u52a1\u5668\u540e\u7aef\u6a21\u5f0f\uff0c\u7ba1\u7406\u5458\u5e94\u5728\u4e3b\u673a\u4e0a\u624b\u52a8\u8bbe\u7f6e\u6240\u9700\u7684\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u3002\u5728\u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f\u4e0b\uff0c\u53ef\u4ee5\u4f7f\u7528\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u652f\u6301\u7684\u4efb\u4f55\u73b0\u6709\u5b89\u5168\u670d\u52a1\u81ea\u52a8\u914d\u7f6e\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u3002 \u6241\u5e73\u5316\u4e0e\u5206\u6bb5\u5316\u7f51\u7edc \u00b6 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u4e0d\u540c\u7c7b\u578b\u7684\u7f51\u7edc\uff1a flat GRE VLAN VXLAN \u6ce8\u610f \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u53ea\u662f\u5c06\u6709\u5173\u7f51\u7edc\u7684\u4fe1\u606f\u4fdd\u5b58\u5728\u6570\u636e\u5e93\u4e2d\uff0c\u800c\u771f\u6b63\u7684\u7f51\u7edc\u5219\u7531\u7f51\u7edc\u63d0\u4f9b\u5546\u63d0\u4f9b\u3002\u5728OpenStack\u4e2d\uff0c\u5b83\u53ef\u4ee5\u662f\u4f20\u7edf\u7f51\u7edc\uff08nova-network\uff09\u6216\u7f51\u7edc\uff08neutron\uff09\u670d\u52a1\uff0c\u4f46\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u751a\u81f3\u53ef\u4ee5\u5728OpenStack\u4e4b\u5916\u5de5\u4f5c\u3002\u8fd9\u662f\u5141\u8bb8\u7684\uff0c `StandaloneNetworkPlugin` \u53ef\u4ee5\u4e0e\u4efb\u4f55\u7f51\u7edc\u5e73\u53f0\u4e00\u8d77\u4f7f\u7528\uff0c\u5e76\u4e14\u4e0d\u9700\u8981OpenStack\u4e2d\u7684\u67d0\u4e9b\u7279\u5b9a\u7f51\u7edc\u670d\u52a1\uff0c\u5982Networking\u6216Legacy\u7f51\u7edc\u670d\u52a1\u3002\u60a8\u53ef\u4ee5\u5728\u5176\u914d\u7f6e\u6587\u4ef6\u4e2d\u8bbe\u7f6e\u7f51\u7edc\u53c2\u6570\u3002 \u5728\u5171\u4eab\u670d\u52a1\u5668\u540e\u7aef\u6a21\u5f0f\u4e0b\uff0c\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u4e3a\u6bcf\u4e2a\u5171\u4eab\u7f51\u7edc\u521b\u5efa\u548c\u7ba1\u7406\u5171\u4eab\u670d\u52a1\u5668\u3002\u6b64\u6a21\u5f0f\u53ef\u5206\u4e3a\u4e24\u79cd\u53d8\u4f53\uff1a \u5171\u4eab\u670d\u52a1\u5668\u540e\u7aef\u6a21\u5f0f\u4e0b\u7684\u6241\u5e73\u7f51\u7edc \u5171\u4eab\u670d\u52a1\u5668\u540e\u7aef\u6a21\u5f0f\u4e0b\u7684\u5206\u6bb5\u7f51\u7edc \u6700\u521d\uff0c\u5728\u521b\u5efa\u5171\u4eab\u7f51\u7edc\u65f6\uff0c\u60a8\u53ef\u4ee5\u8bbe\u7f6e OpenStack Networking \uff08neutron\uff09 \u7684\u7f51\u7edc\u548c\u5b50\u7f51\uff0c\u4e5f\u53ef\u4ee5\u8bbe\u7f6e Legacy \u7f51\u7edc \uff08nova-network\uff09 \u670d\u52a1\u7f51\u7edc\u3002\u7b2c\u4e09\u79cd\u65b9\u6cd5\u662f\u5728\u6ca1\u6709\u65e7\u7248\u7f51\u7edc\u548c\u7f51\u7edc\u670d\u52a1\u7684\u60c5\u51b5\u4e0b\u914d\u7f6e\u7f51\u7edc\u3002 StandaloneNetworkPlugin \u53ef\u4e0e\u4efb\u4f55\u7f51\u7edc\u5e73\u53f0\u4e00\u8d77\u4f7f\u7528\u3002\u60a8\u53ef\u4ee5\u5728\u5176\u914d\u7f6e\u6587\u4ef6\u4e2d\u8bbe\u7f6e\u7f51\u7edc\u53c2\u6570\u3002 \u5efa\u8bae \u6240\u6709\u4f7f\u7528 OpenStack Compute \u670d\u52a1\u7684\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u90fd\u4e0d\u4f7f\u7528\u7f51\u7edc\u63d2\u4ef6\u3002\u5728 Mitaka \u7248\u672c\u4e2d\uff0c\u5b83\u662f Windows \u548c\u901a\u7528\u9a71\u52a8\u7a0b\u5e8f\u3002\u8fd9\u4e9b\u5171\u4eab\u9a71\u52a8\u5668\u5177\u6709\u5176\u4ed6\u9009\u9879\u5e76\u4f7f\u7528\u4e0d\u540c\u7684\u65b9\u6cd5\u3002 \u521b\u5efa\u5171\u4eab\u7f51\u7edc\u540e\uff0c\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5c06\u68c0\u7d22\u7531\u7f51\u7edc\u63d0\u4f9b\u5546\u786e\u5b9a\u7684\u7f51\u7edc\u4fe1\u606f\uff1a\u7f51\u7edc\u7c7b\u578b\u3001\u5206\u6bb5\u6807\u8bc6\u7b26\uff08\u5982\u679c\u7f51\u7edc\u4f7f\u7528\u5206\u6bb5\uff09\u548c CIDR \u8868\u793a\u6cd5\u4e2d\u7684 IP \u5757\uff0c\u4ee5\u4fbf\u4ece\u4e2d\u5206\u914d\u7f51\u7edc\u3002 \u5171\u4eab\u670d\u52a1\u5668\u540e\u7aef\u6a21\u5f0f\u4e0b\u7684\u6241\u5e73\u7f51\u7edc \u5728\u6b64\u6a21\u5f0f\u4e0b\uff0c\u67d0\u4e9b\u5b58\u50a8\u63a7\u5236\u5668\u53ef\u4ee5\u521b\u5efa\u5171\u4eab\u670d\u52a1\u5668\uff0c\u4f46\u7531\u4e8e\u7269\u7406\u6216\u903b\u8f91\u7f51\u7edc\u7684\u5404\u79cd\u9650\u5236\uff0c\u6240\u6709\u5171\u4eab\u670d\u52a1\u5668\u90fd\u5fc5\u987b\u4f4d\u4e8e\u6241\u5e73\u7f51\u7edc\u4e0a\u3002\u5728\u6b64\u6a21\u5f0f\u4e0b\uff0c\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u9700\u8981\u4e00\u4e9b\u4e1c\u897f\u6765\u4e3a\u5171\u4eab\u670d\u52a1\u5668\u9884\u914d IP \u5730\u5740\uff0c\u4f46 IP \u5c06\u5168\u90e8\u6765\u81ea\u540c\u4e00\u5b50\u7f51\uff0c\u5e76\u4e14\u5047\u5b9a\u6240\u6709\u79df\u6237\u90fd\u53ef\u4ee5\u8bbf\u95ee\u8be5\u5b50\u7f51\u672c\u8eab\u3002 \u5171\u4eab\u7f51\u7edc\u7684\u5b89\u5168\u670d\u52a1\u90e8\u5206\u6307\u5b9a\u5b89\u5168\u8981\u6c42\uff0c\u4f8b\u5982 AD \u6216 LDAP \u57df\u6216 Kerberos \u57df\u3002\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5047\u5b9a\u5b89\u5168\u670d\u52a1\u4e2d\u5f15\u7528\u7684\u4efb\u4f55\u4e3b\u673a\u90fd\u53ef\u4ee5\u4ece\u521b\u5efa\u5171\u4eab\u670d\u52a1\u5668\u7684\u5b50\u7f51\u8bbf\u95ee\uff0c\u8fd9\u9650\u5236\u4e86\u53ef\u4ee5\u4f7f\u7528\u6b64\u6a21\u5f0f\u7684\u60c5\u51b5\u6570\u3002 \u5171\u4eab\u670d\u52a1\u5668\u540e\u7aef\u6a21\u5f0f\u4e0b\u7684\u5206\u6bb5\u7f51\u7edc \u5728\u6b64\u6a21\u5f0f\u4e0b\uff0c\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u80fd\u591f\u521b\u5efa\u5171\u4eab\u670d\u52a1\u5668\u5e76\u5c06\u5176\u63d2\u5165\u5230\u73b0\u6709\u7684\u5206\u6bb5\u7f51\u7edc\u3002\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u671f\u671b\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4e3a\u6bcf\u4e2a\u65b0\u7684\u5171\u4eab\u670d\u52a1\u5668\u63d0\u4f9b\u5b50\u7f51\u5b9a\u4e49\u3002\u6b64\u5b9a\u4e49\u5e94\u5305\u62ec\u5206\u6bb5\u7c7b\u578b\u3001\u5206\u6bb5 ID \u4ee5\u53ca\u4e0e\u5206\u6bb5\u7c7b\u578b\u76f8\u5173\u7684\u4efb\u4f55\u5176\u4ed6\u4fe1\u606f\u3002 \u6ce8\u610f \u67d0\u4e9b\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u53ef\u80fd\u4e0d\u652f\u6301\u6240\u6709\u7c7b\u578b\u7684\u5206\u6bb5\uff0c\u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u6b63\u5728\u4f7f\u7528\u7684\u9a71\u52a8\u7a0b\u5e8f\u7684\u89c4\u8303\u3002 \u7f51\u7edc\u63d2\u4ef6 \u00b6 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4f53\u7cfb\u7ed3\u6784\u5b9a\u4e49\u4e86\u7528\u4e8e\u7f51\u7edc\u8d44\u6e90\u8c03\u914d\u7684\u62bd\u8c61\u5c42\u3002\u5b83\u5141\u8bb8\u7ba1\u7406\u5458\u4ece\u4e0d\u540c\u7684\u9009\u9879\u4e2d\u8fdb\u884c\u9009\u62e9\uff0c\u4ee5\u51b3\u5b9a\u5982\u4f55\u5c06\u7f51\u7edc\u8d44\u6e90\u5206\u914d\u7ed9\u5176\u79df\u6237\u7684\u7f51\u7edc\u5b58\u50a8\u3002\u6709\u51e0\u4e2a\u7f51\u7edc\u63d2\u4ef6\u63d0\u4f9b\u4e86\u4e0eOpenStack\u63d0\u4f9b\u7684\u7f51\u7edc\u670d\u52a1\u7684\u5404\u79cd\u96c6\u6210\u65b9\u6cd5\u3002 \u7f51\u7edc\u63d2\u4ef6\u5141\u8bb8\u4f7f\u7528 OpenStack Networking \u548c Legacy \u7f51\u7edc\u670d\u52a1\u7684\u4efb\u4f55\u529f\u80fd\u3001\u914d\u7f6e\u3002\u53ef\u4ee5\u4f7f\u7528\u7f51\u7edc\u670d\u52a1\u652f\u6301\u7684\u4efb\u4f55\u7f51\u7edc\u5206\u6bb5\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u4f20\u7edf\u7f51\u7edc \uff08nova-network\uff09 \u670d\u52a1\u7684\u6241\u5e73\u7f51\u7edc\u6216 VLAN \u5206\u6bb5\u7f51\u7edc\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u63d2\u4ef6\u6765\u72ec\u7acb\u4e8e OpenStack \u7f51\u7edc\u670d\u52a1\u6307\u5b9a\u7f51\u7edc\u3002\u6709\u5173\u5982\u4f55\u4f7f\u7528\u4e0d\u540c\u7f51\u7edc\u63d2\u4ef6\u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u7f51\u7edc\u63d2\u4ef6\u3002 \u5b89\u5168\u670d\u52a1 \u00b6 \u5bf9\u4e8e\u5ba2\u6237\u7aef\u7684\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743\uff0c\u53ef\u4ee5\u9009\u62e9\u4f7f\u7528\u4e0d\u540c\u7684\u7f51\u7edc\u8eab\u4efd\u9a8c\u8bc1\u534f\u8bae\u914d\u7f6e\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u670d\u52a1\u3002\u652f\u6301\u7684\u8eab\u4efd\u9a8c\u8bc1\u534f\u8bae\u5305\u62ec LDAP\u3001Kerberos \u548c Microsoft Active Directory \u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u3002 \u5b89\u5168\u670d\u52a1\u4ecb\u7ecd \u00b6 \u521b\u5efa\u5171\u4eab\u5e76\u83b7\u53d6\u5176\u5bfc\u51fa\u4f4d\u7f6e\u540e\uff0c\u7528\u6237\u65e0\u6743\u88c5\u8f7d\u8be5\u5171\u4eab\u5e76\u5904\u7406\u6587\u4ef6\u3002\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u9700\u8981\u663e\u5f0f\u6388\u4e88\u5bf9\u65b0\u5171\u4eab\u7684\u8bbf\u95ee\u6743\u9650\u3002 \u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743 \uff08AuthN/AuthZ\uff09 \u7684\u5ba2\u6237\u673a\u914d\u7f6e\u6570\u636e\u53ef\u4ee5\u901a\u8fc7 \u5b58\u50a8 security services \u3002\u5982\u679c\u4f7f\u7528\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u540e\u7aef\u652f\u6301 LDAP\u3001Kerberos \u6216 Microsoft Active Directory\uff0c\u5219\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u53ef\u4ee5\u4f7f\u7528\u5b83\u4eec\u3002\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u4e5f\u53ef\u4ee5\u5728\u6ca1\u6709\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u7684\u60c5\u51b5\u4e0b\u8fdb\u884c\u914d\u7f6e\u3002 \u6ce8\u610f \u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\uff0c\u9700\u8981\u663e\u5f0f\u6307\u5b9a\u5176\u4e2d\u4e00\u9879\u5b89\u5168\u670d\u52a1\uff0c\u4f8b\u5982\uff0cNetApp\u3001EMC \u548c Windows \u9a71\u52a8\u7a0b\u5e8f\u9700\u8981 Active Directory \u624d\u80fd\u521b\u5efa\u4e0e CIFS \u534f\u8bae\u7684\u5171\u4eab\u3002 \u5b89\u5168\u670d\u52a1\u7ba1\u7406 \u00b6 \u5b89\u5168\u670d\u52a1\u662f\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\uff08\u9a6c\u5c3c\u62c9\uff09\u5b9e\u4f53\uff0c\u5b83\u62bd\u8c61\u51fa\u4e00\u7ec4\u9009\u9879\uff0c\u8fd9\u4e9b\u9009\u9879\u4e3a\u7279\u5b9a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\uff08\u5982 Active Directory \u57df\u6216 Kerberos \u57df\uff09\u5b9a\u4e49\u5b89\u5168\u57df\u3002\u5b89\u5168\u670d\u52a1\u5305\u542b\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u521b\u5efa\u52a0\u5165\u7ed9\u5b9a\u57df\u7684\u670d\u52a1\u5668\u6240\u9700\u7684\u6240\u6709\u4fe1\u606f\u3002 \u4f7f\u7528 API\uff0c\u7528\u6237\u53ef\u4ee5\u521b\u5efa\u3001\u66f4\u65b0\u3001\u67e5\u770b\u548c\u5220\u9664\u5b89\u5168\u670d\u52a1\u3002\u5b89\u5168\u670d\u52a1\u7684\u8bbe\u8ba1\u57fa\u4e8e\u4ee5\u4e0b\u5047\u8bbe\uff1a \u79df\u6237\u63d0\u4f9b\u5b89\u5168\u670d\u52a1\u7684\u8be6\u7ec6\u4fe1\u606f\u3002 \u7ba1\u7406\u5458\u5173\u5fc3\u5b89\u5168\u670d\u52a1\uff1a\u4ed6\u4eec\u914d\u7f6e\u6b64\u7c7b\u5b89\u5168\u670d\u52a1\u7684\u670d\u52a1\u5668\u7aef\u3002 \u5728\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf API \u4e2d\uff0ca security_service \u4e0e share_networks \u5173\u8054\u3002 \u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u4f7f\u7528\u5b89\u5168\u670d\u52a1\u4e2d\u7684\u6570\u636e\u6765\u914d\u7f6e\u65b0\u521b\u5efa\u7684\u5171\u4eab\u670d\u52a1\u5668\u3002 \u521b\u5efa\u5b89\u5168\u670d\u52a1\u65f6\uff0c\u53ef\u4ee5\u9009\u62e9\u4ee5\u4e0b\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u4e4b\u4e00\uff1a \u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1 \u63cf\u8ff0 LDAP \u8f7b\u91cf\u7ea7\u76ee\u5f55\u8bbf\u95ee\u534f\u8bae\u3002\u7528\u4e8e\u901a\u8fc7 IP \u7f51\u7edc\u8bbf\u95ee\u548c\u7ef4\u62a4\u5206\u5e03\u5f0f\u76ee\u5f55\u4fe1\u606f\u670d\u52a1\u7684\u5e94\u7528\u7a0b\u5e8f\u534f\u8bae\u3002 Kerberos \u7f51\u7edc\u8eab\u4efd\u9a8c\u8bc1\u534f\u8bae\uff0c\u5b83\u57fa\u4e8e\u7968\u8bc1\u5de5\u4f5c\uff0c\u5141\u8bb8\u901a\u8fc7\u975e\u5b89\u5168\u7f51\u7edc\u8fdb\u884c\u901a\u4fe1\u7684\u8282\u70b9\u4ee5\u5b89\u5168\u7684\u65b9\u5f0f\u76f8\u4e92\u8bc1\u660e\u5176\u8eab\u4efd\u3002 \u6d3b\u52a8\u76ee\u5f55 Microsoft \u4e3a Windows \u57df\u7f51\u7edc\u5f00\u53d1\u7684\u76ee\u5f55\u670d\u52a1\u3002\u4f7f\u7528 LDAP\u3001Microsoft \u7684 Kerberos \u7248\u672c\u548c DNS\u3002 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5141\u8bb8\u60a8\u4f7f\u7528\u4ee5\u4e0b\u9009\u9879\u914d\u7f6e\u5b89\u5168\u670d\u52a1\uff1a \u79df\u6237\u7f51\u7edc\u5185\u90e8\u4f7f\u7528\u7684 DNS IP \u5730\u5740\u3002 \u5b89\u5168\u670d\u52a1\u7684 IP \u5730\u5740\u6216\u4e3b\u673a\u540d\u3002 \u5b89\u5168\u670d\u52a1\u7684\u57df\u3002 \u79df\u6237\u4f7f\u7528\u7684\u7528\u6237\u540d\u6216\u7ec4\u540d\u3002 \u5982\u679c\u6307\u5b9a\u7528\u6237\u540d\uff0c\u5219\u9700\u8981\u4e00\u4e2a\u7528\u6237\u5bc6\u7801\u3002 \u73b0\u6709\u5b89\u5168\u670d\u52a1\u5b9e\u4f53\u53ef\u4ee5\u4e0e\u5171\u4eab\u7f51\u7edc\u5b9e\u4f53\u76f8\u5173\u8054\uff0c\u8fd9\u4e9b\u5b9e\u4f53\u901a\u77e5\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4e00\u7ec4\u5171\u4eab\u7684\u5b89\u5168\u6027\u548c\u7f51\u7edc\u914d\u7f6e\u3002\u60a8\u8fd8\u53ef\u4ee5\u67e5\u770b\u6307\u5b9a\u5171\u4eab\u7f51\u7edc\u7684\u6240\u6709\u5b89\u5168\u670d\u52a1\u7684\u5217\u8868\uff0c\u5e76\u53d6\u6d88\u5b83\u4eec\u4e0e\u5171\u4eab\u7f51\u7edc\u7684\u5173\u8054\u3002 \u6709\u5173\u901a\u8fc7 API \u7ba1\u7406\u5b89\u5168\u670d\u52a1\u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u5b89\u5168\u670d\u52a1 API\u3002\u60a8\u8fd8\u53ef\u4ee5\u901a\u8fc7 python-manilaclient \u7ba1\u7406\u5b89\u5168\u670d\u52a1\uff0c\u8bf7\u53c2\u9605\u5b89\u5168\u670d\u52a1 CLI \u7ba1\u7406\u3002 \u7ba1\u7406\u5458\u548c\u4f5c\u4e3a\u5171\u4eab\u6240\u6709\u8005\u7684\u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u521b\u5efa\u8bbf\u95ee\u89c4\u5219\uff0c\u5e76\u901a\u8fc7 IP \u5730\u5740\u3001\u7528\u6237\u3001\u7ec4\u6216 TLS \u8bc1\u4e66\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u6765\u7ba1\u7406\u5bf9\u5171\u4eab\u7684\u8bbf\u95ee\u3002\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u53d6\u51b3\u4e8e\u60a8\u914d\u7f6e\u548c\u4f7f\u7528\u7684\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u548c\u5b89\u5168\u670d\u52a1\u3002 \u56e0\u6b64\uff0c\u4f5c\u4e3a\u7ba1\u7406\u5458\uff0c\u60a8\u53ef\u4ee5\u5c06\u540e\u7aef\u914d\u7f6e\u4e3a\u901a\u8fc7\u7f51\u7edc\u4f7f\u7528\u7279\u5b9a\u7684\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\uff0c\u5b83\u5c06\u5b58\u50a8\u7528\u6237\u3002\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u53ef\u4ee5\u5728\u6ca1\u6709\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u548c\u6807\u8bc6\u670d\u52a1\u7684\u5ba2\u6237\u7aef\u4e0a\u8fd0\u884c\u3002 \u6ce8\u610f \u4e0d\u540c\u7684\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u652f\u6301\u4e0d\u540c\u7684\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u3002\u6709\u5173\u4e0d\u540c\u9a71\u52a8\u7a0b\u5e8f\u652f\u6301\u529f\u80fd\u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u9a6c\u5c3c\u62c9\u5171\u4eab\u529f\u80fd\u652f\u6301\u6620\u5c04\u3002\u9a71\u52a8\u7a0b\u5e8f\u5bf9\u7279\u5b9a\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u7684\u652f\u6301\u5e76\u4e0d\u610f\u5473\u7740\u53ef\u4ee5\u4f7f\u7528\u4efb\u4f55\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\u5bf9\u5176\u8fdb\u884c\u914d\u7f6e\u3002\u652f\u6301\u7684\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\u5305\u62ec NFS\u3001CIFS\u3001GlusterFS \u548c HDFS\u3002\u6709\u5173\u7279\u5b9a\u9a71\u52a8\u7a0b\u5e8f\u53ca\u5176\u5b89\u5168\u670d\u52a1\u914d\u7f6e\u7684\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u9a71\u52a8\u7a0b\u5e8f\u4f9b\u5e94\u5546\u7684\u6587\u6863\u3002 \u67d0\u4e9b\u9a71\u52a8\u7a0b\u5e8f\u652f\u6301\u5b89\u5168\u670d\u52a1\uff0c\u800c\u5176\u4ed6\u9a71\u52a8\u7a0b\u5e8f\u4e0d\u652f\u6301\u4e0a\u8ff0\u4efb\u4f55\u5b89\u5168\u670d\u52a1\u3002\u4f8b\u5982\uff0c\u5177\u6709 NFS \u6216 CIFS \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\u7684\u901a\u7528\u9a71\u52a8\u7a0b\u5e8f\u4ec5\u652f\u6301\u901a\u8fc7 IP \u5730\u5740\u7684\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u3002 \u5efa\u8bae - \u5728\u5927\u591a\u6570\u60c5\u51b5\u4e0b\uff0c\u652f\u6301 CIFS \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\u7684\u9a71\u52a8\u7a0b\u5e8f\u53ef\u4ee5\u914d\u7f6e\u4e3a\u4f7f\u7528 Active Directory \u5e76\u901a\u8fc7\u7528\u6237\u8eab\u4efd\u9a8c\u8bc1\u7ba1\u7406\u8bbf\u95ee\u3002 - \u652f\u6301 GlusterFS \u534f\u8bae\u7684\u9a71\u52a8\u7a0b\u5e8f\u53ef\u4ee5\u901a\u8fc7 TLS \u8bc1\u4e66\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002 - \u4f7f\u7528\u652f\u6301 NFS \u534f\u8bae\u7684\u9a71\u52a8\u7a0b\u5e8f\uff0c\u901a\u8fc7 IP \u5730\u5740\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u662f\u552f\u4e00\u53d7\u652f\u6301\u7684\u9009\u9879\u3002 - \u7531\u4e8e HDFS \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\u4f7f\u7528 NFS \u8bbf\u95ee\uff0c\u56e0\u6b64\u4e5f\u53ef\u4ee5\u5c06\u5176\u914d\u7f6e\u4e3a\u901a\u8fc7 IP \u5730\u5740\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002 \u4f46\u8bf7\u6ce8\u610f\uff0c\u901a\u8fc7 IP \u8fdb\u884c\u7684\u8eab\u4efd\u9a8c\u8bc1\u662f\u6700\u4e0d\u5b89\u5168\u7684\u8eab\u4efd\u9a8c\u8bc1\u7c7b\u578b\u3002 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5b9e\u9645\u4f7f\u7528\u60c5\u51b5\u7684\u5efa\u8bae\u914d\u7f6e\u662f\u4f7f\u7528 CIFS \u5171\u4eab\u534f\u8bae\u521b\u5efa\u5171\u4eab\uff0c\u5e76\u5411\u5176\u6dfb\u52a0 Microsoft Active Directory \u76ee\u5f55\u670d\u52a1\u3002\u5728\u6b64\u914d\u7f6e\u4e2d\uff0c\u60a8\u5c06\u83b7\u5f97\u96c6\u4e2d\u5f0f\u6570\u636e\u5e93\u4ee5\u53ca\u5c06Kerberos\u548cLDAP\u65b9\u6cd5\u7ed3\u5408\u5728\u4e00\u8d77\u7684\u670d\u52a1\u3002\u8fd9\u662f\u4e00\u4e2a\u771f\u5b9e\u7684\u7528\u4f8b\uff0c\u5bf9\u4e8e\u751f\u4ea7\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u6765\u8bf4\u5f88\u65b9\u4fbf\u3002 \u5171\u4eab\u8bbf\u95ee\u63a7\u5236 \u00b6 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5141\u8bb8\u6388\u4e88\u6216\u62d2\u7edd\u5176\u4ed6\u5ba2\u6237\u7aef\u5bf9\u670d\u52a1\u7684\u4e0d\u540c\u5b9e\u4f53\u7684\u8bbf\u95ee\u3002 \u5c06\u5171\u4eab\u4f5c\u4e3a\u6587\u4ef6\u7cfb\u7edf\u7684\u53ef\u8fdc\u7a0b\u6302\u8f7d\u5b9e\u4f8b\uff0c\u53ef\u4ee5\u7ba1\u7406\u5bf9\u6307\u5b9a\u5171\u4eab\u7684\u8bbf\u95ee\uff0c\u5e76\u5217\u51fa\u6307\u5b9a\u5171\u4eab\u7684\u6743\u9650\u3002 \u5171\u4eab\u53ef\u4ee5\u662f\u516c\u5171\u7684\uff0c\u4e5f\u53ef\u4ee5\u662f\u79c1\u6709\u7684\u3002\u8fd9\u662f\u5171\u4eab\u7684\u53ef\u89c1\u6027\u7ea7\u522b\uff0c\u7528\u4e8e\u5b9a\u4e49\u5176\u4ed6\u79df\u6237\u662f\u5426\u53ef\u4ee5\u770b\u5230\u5171\u4eab\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u6240\u6709\u5171\u4eab\u90fd\u521b\u5efa\u4e3a\u4e13\u7528\u5171\u4eab\u3002\u521b\u5efa\u5171\u4eab\u65f6\uff0c\u8bf7\u4f7f\u7528\u5bc6\u94a5 --public \u5c06\u5171\u4eab\u516c\u5f00\uff0c\u4f9b\u5176\u4ed6\u79df\u6237\u67e5\u770b\u5171\u4eab\u5217\u8868\u5e76\u67e5\u770b\u5176\u8be6\u7ec6\u4fe1\u606f\u3002 \u6839\u636e policy.json \u6587\u4ef6\uff0c\u7ba1\u7406\u5458\u548c\u4f5c\u4e3a\u5171\u4eab\u6240\u6709\u8005\u7684\u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u521b\u5efa\u8bbf\u95ee\u89c4\u5219\u6765\u7ba1\u7406\u5bf9\u5171\u4eab\u7684\u8bbf\u95ee\u3002\u4f7f\u7528 manila access-allow\u3001manila access-deny \u548c manila access-list \u547d\u4ee4\uff0c\u60a8\u53ef\u4ee5\u76f8\u5e94\u5730\u6388\u4e88\u3001\u62d2\u7edd\u548c\u5217\u51fa\u5bf9\u6307\u5b9a\u5171\u4eab\u7684\u8bbf\u95ee\u6743\u9650\u3002 \u5efa\u8bae \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u5f53\u521b\u5efa\u5171\u4eab\u5e76\u5177\u6709\u5176\u5bfc\u51fa\u4f4d\u7f6e\u65f6\uff0c\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u671f\u671b\u4efb\u4f55\u4eba\u90fd\u65e0\u6cd5\u901a\u8fc7\u88c5\u8f7d\u5171\u4eab\u6765\u8bbf\u95ee\u8be5\u5171\u4eab\u3002\u8bf7\u6ce8\u610f\uff0c\u60a8\u4f7f\u7528\u7684\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u53ef\u4ee5\u66f4\u6539\u6b64\u914d\u7f6e\uff0c\u4e5f\u53ef\u4ee5\u76f4\u63a5\u5728\u5171\u4eab\u5b58\u50a8\u4e0a\u66f4\u6539\u3002\u8981\u786e\u4fdd\u8bbf\u95ee\u5171\u4eab\uff0c\u8bf7\u68c0\u67e5\u5bfc\u51fa\u534f\u8bae\u7684\u6302\u8f7d\u914d\u7f6e\u3002 \u521a\u521b\u5efa\u5171\u4eab\u65f6\uff0c\u6ca1\u6709\u4e0e\u4e4b\u5173\u8054\u7684\u9ed8\u8ba4\u8bbf\u95ee\u89c4\u5219\u548c\u88c5\u8f7d\u6743\u9650\u3002\u8fd9\u53ef\u4ee5\u5728\u6b63\u5728\u4f7f\u7528\u7684\u5bfc\u51fa\u534f\u8bae\u7684\u6302\u8f7d\u914d\u7f6e\u4e2d\u770b\u5230\u3002\u4f8b\u5982\uff0c\u5b58\u50a8\u4e0a\u6709\u4e00\u4e2a NFS \u547d\u4ee4 exportfs \u6216 /etc/exports \u6587\u4ef6\uff0c\u7528\u4e8e\u63a7\u5236\u6bcf\u4e2a\u8fdc\u7a0b\u5171\u4eab\u5e76\u5b9a\u4e49\u53ef\u4ee5\u8bbf\u95ee\u5b83\u7684\u4e3b\u673a\u3002\u5982\u679c\u6ca1\u6709\u4eba\u53ef\u4ee5\u6302\u8f7d\u5171\u4eab\uff0c\u5219\u4e3a\u7a7a\u3002\u5bf9\u4e8e\u8fdc\u7a0b CIFS \u670d\u52a1\u5668\uff0c\u6709\u4e00\u4e2a net conf list \u663e\u793a\u914d\u7f6e\u7684\u547d\u4ee4\u3002 hosts deny \u53c2\u6570\u5e94\u7531\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u8bbe\u7f6e 0.0.0.0/0 \uff0c\u8fd9\u610f\u5473\u7740\u4efb\u4f55\u4e3b\u673a\u90fd\u88ab\u62d2\u7edd\u6302\u8f7d\u5171\u4eab\u3002 \u4f7f\u7528\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\uff0c\u53ef\u4ee5\u901a\u8fc7\u6307\u5b9a\u4ee5\u4e0b\u652f\u6301\u7684\u5171\u4eab\u8bbf\u95ee\u7ea7\u522b\u4e4b\u4e00\u6765\u6388\u4e88\u6216\u62d2\u7edd\u5bf9\u5171\u4eab\u7684\u8bbf\u95ee\uff1a rw\u3002\u8bfb\u53d6\u548c\u5199\u5165 \uff08RW\uff09 \u8bbf\u95ee\u3002\u8fd9\u662f\u9ed8\u8ba4\u503c\u3002 ro\u3002\u53ea\u8bfb \uff08RO\uff09 \u8bbf\u95ee\u3002 \u5efa\u8bae \u5f53\u7ba1\u7406\u5458\u4e3a\u67d0\u4e9b\u7279\u5b9a\u7f16\u8f91\u8005\u6216\u8d21\u732e\u8005\u63d0\u4f9b\u8bfb\u5199 \uff08RW\uff09 \u8bbf\u95ee\u6743\u9650\u5e76\u4e3a\u5176\u4f59\u7528\u6237\uff08\u67e5\u770b\u8005\uff09\u63d0\u4f9b\u53ea\u8bfb \uff08RO\uff09 \u8bbf\u95ee\u6743\u9650\u65f6\uff0cRO \u8bbf\u95ee\u7ea7\u522b\u5728\u516c\u5171\u5171\u4eab\u4e2d\u4f1a\u5f88\u6709\u5e2e\u52a9\u3002 \u60a8\u8fd8\u5fc5\u987b\u6307\u5b9a\u4ee5\u4e0b\u53d7\u652f\u6301\u7684\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u4e4b\u4e00\uff1a ip\u3002\u901a\u8fc7\u5b9e\u4f8b\u7684 IP \u5730\u5740\u5bf9\u5b9e\u4f8b\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u6709\u6548\u683c\u5f0f\u4e3a XX.XX.XX.XX \u6216 XX.XX.XX.XX/XX\u3002\u4f8b\u5982\uff0c0.0.0.0/0\u3002 cert\u3002\u901a\u8fc7 TLS \u8bc1\u4e66\u5bf9\u5b9e\u4f8b\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u5c06 TLS \u6807\u8bc6\u6307\u5b9a\u4e3a IDENTKEY\u3002\u6709\u6548\u503c\u662f\u8bc1\u4e66\u516c\u7528\u540d \uff08CN\uff09 \u4e2d\u957f\u5ea6\u4e0d\u8d85\u8fc7 64 \u4e2a\u5b57\u7b26\u7684\u4efb\u4f55\u5b57\u7b26\u4e32\u3002 user\u3002\u6309\u6307\u5b9a\u7684\u7528\u6237\u540d\u6216\u7ec4\u540d\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u6709\u6548\u503c\u662f\u4e00\u4e2a\u5b57\u6bcd\u6570\u5b57\u5b57\u7b26\u4e32\uff0c\u53ef\u4ee5\u5305\u542b\u4e00\u4e9b\u7279\u6b8a\u5b57\u7b26\uff0c\u957f\u5ea6\u4e3a 4 \u5230 32 \u4e2a\u5b57\u7b26\u3002 \u6ce8\u610f \u652f\u6301\u7684\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u53d6\u51b3\u4e8e\u60a8\u914d\u7f6e\u548c\u4f7f\u7528\u7684\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u3001\u5b89\u5168\u670d\u52a1\u548c\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\u3002\u652f\u6301\u7684\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\u5305\u62ec NFS\u3001CIFS\u3001GlusterFS \u548c HDFS\u3002\u652f\u6301\u7684\u5b89\u5168\u670d\u52a1\u5305\u62ec LDAP\u3001Kerberos \u534f\u8bae\u6216 Microsoft Active Directory \u670d\u52a1\u3002\u6709\u5173\u4e0d\u540c\u9a71\u52a8\u7a0b\u5e8f\u652f\u6301\u529f\u80fd\u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u9a6c\u5c3c\u62c9\u5171\u4eab\u529f\u80fd\u652f\u6301\u6620\u5c04\u3002 \u4e0b\u9762\u662f\u4e0e\u901a\u7528\u9a71\u52a8\u7a0b\u5e8f\u5171\u4eab\u7684 NFS \u793a\u4f8b\u3002\u521b\u5efa\u5171\u4eab\u540e\uff0c\u5b83\u5177\u6709\u5bfc\u51fa\u4f4d\u7f6e 10.254.0.3:/shares/share-b2874f8d-d428-4a5c-b056-e6af80a995de \u3002\u5982\u679c\u60a8\u5c1d\u8bd5\u4f7f\u7528 10.254.0.4 IP \u5730\u5740\u5c06\u5176\u6302\u8f7d\u5230\u4e3b\u673a\u4e0a\uff0c\u60a8\u5c06\u6536\u5230\u201c\u6743\u9650\u88ab\u62d2\u7edd\u201d\u6d88\u606f\u3002 # mount.nfs -v 10.254.0.3:/shares/share-b2874f8d-d428-4a5c-b056-e6af80a995de /mnt mount.nfs: timeout set for Mon Oct 12 13:07:47 2015 mount.nfs: trying text-based options 'vers=4,addr=10.254.0.3,clientaddr=10.254.0.4' mount.nfs: mount(2): Permission denied mount.nfs: access denied by server while mounting 10.254.0.3:/shares/share-b2874f8d-... \u4f5c\u4e3a\u7ba1\u7406\u5458\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7 SSH \u8fde\u63a5\u5230\u5177\u6709 IP \u5730\u5740\u7684 10.254.0.3 \u4e3b\u673a\uff0c\u68c0\u67e5\u5176 /etc/exports \u4e0a\u7684\u6587\u4ef6\u5e76\u67e5\u770b\u5b83\u662f\u5426\u4e3a\u7a7a\uff1a # cat /etc/exports # \u6211\u4eec\u5728\u793a\u4f8b\u4e2d\u4f7f\u7528\u7684\u901a\u7528\u9a71\u52a8\u7a0b\u5e8f\u4e0d\u652f\u6301\u4efb\u4f55\u5b89\u5168\u670d\u52a1\uff0c\u56e0\u6b64\u4f7f\u7528 NFS \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\uff0c\u6211\u4eec\u53ea\u80fd\u901a\u8fc7 IP \u5730\u5740\u6388\u4e88\u8bbf\u95ee\u6743\u9650\uff1a $ manila access-allow Share_demo2 ip 10.254.0.4 +--------------+--------------------------------------+ | Property | Value | +--------------+--------------------------------------+ | share_id | e57c25a8-0392-444f-9ffc-5daadb9f756c | | access_type | ip | | access_to | 10.254.0.4 | | access_level | rw | | state | new | | id | 62b8e453-d712-4074-8410-eab6227ba267 | +--------------+--------------------------------------+ \u89c4\u5219\u8fdb\u5165\u72b6\u6001 active \u540e\uff0c\u6211\u4eec\u53ef\u4ee5\u518d\u6b21\u8fde\u63a5\u5230 10.254.0.3 \u4e3b\u673a\u5e76\u68c0\u67e5 /etc/exports \u6587\u4ef6\uff0c\u5e76\u67e5\u770b\u662f\u5426\u6dfb\u52a0\u4e86\u5e26\u6709\u89c4\u5219\u7684\u884c\uff1a # cat /etc/exports /shares/share-b2874f8d-d428-4a5c-b056-e6af80a995de 10.254.0.4(rw,sync,wdelay,hide,nocrossmnt,secure,root_squash,no_all_squash,no_subtree_check,secure_locks,acl,anonuid=65534,anongid=65534,sec=sys,rw,root_squash,no_all_squash) \u73b0\u5728\uff0c\u6211\u4eec\u53ef\u4ee5\u4f7f\u7528 IP \u5730\u5740 10.254.0.4 \u5728\u4e3b\u673a\u4e0a\u6302\u8f7d\u5171\u4eab\uff0c\u5e76\u62e5\u6709 rw \u5171\u4eab\u6743\u9650\uff1a # mount.nfs -v 10.254.0.3:/shares/share-b2874f8d-d428-4a5c-b056-e6af80a995de /mnt # ls -a /mnt . .. lost+found # echo \"Hello!\" > /mnt/1.txt # ls -a /mnt . .. 1.txt lost+found # \u5171\u4eab\u7c7b\u578b\u8bbf\u95ee\u63a7\u5236 \u00b6 \u5171\u4eab\u7c7b\u578b\u662f\u7ba1\u7406\u5458\u5b9a\u4e49\u7684\u201c\u670d\u52a1\u7c7b\u578b\u201d\uff0c\u7531\u79df\u6237\u53ef\u89c1\u63cf\u8ff0\u548c\u79df\u6237\u4e0d\u53ef\u89c1\u952e\u503c\u5bf9\u5217\u8868\uff08\u989d\u5916\u89c4\u8303\uff09\u7ec4\u6210\u3002manila-scheduler \u4f7f\u7528\u989d\u5916\u7684\u89c4\u8303\u6765\u505a\u51fa\u8c03\u5ea6\u51b3\u7b56\uff0c\u9a71\u52a8\u7a0b\u5e8f\u63a7\u5236\u5171\u4eab\u521b\u5efa\u3002 \u7ba1\u7406\u5458\u53ef\u4ee5\u521b\u5efa\u548c\u5220\u9664\u5171\u4eab\u7c7b\u578b\uff0c\u8fd8\u53ef\u4ee5\u7ba1\u7406\u5728\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4e2d\u8d4b\u4e88\u5b83\u4eec\u542b\u4e49\u7684\u989d\u5916\u89c4\u8303\u3002\u79df\u6237\u53ef\u4ee5\u5217\u51fa\u5171\u4eab\u7c7b\u578b\uff0c\u5e76\u53ef\u4ee5\u4f7f\u7528\u5b83\u4eec\u521b\u5efa\u65b0\u5171\u4eab\u3002\u6709\u5173\u7ba1\u7406\u5171\u4eab\u7c7b\u578b\u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf API \u548c\u5171\u4eab\u7c7b\u578b\u7ba1\u7406\u6587\u6863\u3002 \u5171\u4eab\u7c7b\u578b\u53ef\u4ee5\u521b\u5efa\u4e3a\u516c\u5171\u548c\u79c1\u6709\u3002\u8fd9\u662f\u5171\u4eab\u7c7b\u578b\u7684\u53ef\u89c1\u6027\u7ea7\u522b\uff0c\u7528\u4e8e\u5b9a\u4e49\u5176\u4ed6\u79df\u6237\u662f\u5426\u53ef\u4ee5\u5728\u5171\u4eab\u7c7b\u578b\u5217\u8868\u4e2d\u770b\u5230\u5b83\uff0c\u5e76\u4f7f\u7528\u5b83\u6765\u521b\u5efa\u65b0\u5171\u4eab\u3002 \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u5171\u4eab\u7c7b\u578b\u521b\u5efa\u4e3a\u516c\u5171\u7c7b\u578b\u3002\u521b\u5efa\u5171\u4eab\u7c7b\u578b\u65f6\uff0c\u8bf7\u4f7f\u7528 --is_public \u53c2\u6570\u96c6 \u8bbe\u7f6e\u4e3a False \u79c1\u6709\u5171\u4eab\u7c7b\u578b\uff0c\u8fd9\u5c06\u9632\u6b62\u5176\u4ed6\u79df\u6237\u5728\u5171\u4eab\u7c7b\u578b\u5217\u8868\u4e2d\u770b\u5230\u5b83\u5e76\u4f7f\u7528\u5b83\u521b\u5efa\u65b0\u5171\u4eab\u3002\u53e6\u4e00\u65b9\u9762\uff0c\u516c\u5171\u5171\u4eab\u7c7b\u578b\u53ef\u4f9b\u4e91\u4e2d\u7684\u6bcf\u4e2a\u79df\u6237\u4f7f\u7528\u3002 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5141\u8bb8\u7ba1\u7406\u5458\u6388\u4e88\u6216\u62d2\u7edd\u5bf9\u79df\u6237\u7684\u4e13\u7528\u5171\u4eab\u7c7b\u578b\u7684\u8bbf\u95ee\u6743\u9650\u3002\u8fd8\u53ef\u4ee5\u83b7\u53d6\u6709\u5173\u6307\u5b9a\u4e13\u7528\u5171\u4eab\u7c7b\u578b\u7684\u8bbf\u95ee\u6743\u9650\u7684\u4fe1\u606f\u3002 \u5efa\u8bae \u7531\u4e8e\u5171\u4eab\u7c7b\u578b\u7531\u4e8e\u5176\u989d\u5916\u7684\u89c4\u8303\u800c\u6709\u52a9\u4e8e\u5728\u7528\u6237\u521b\u5efa\u5171\u4eab\u4e4b\u524d\u7b5b\u9009\u6216\u9009\u62e9\u540e\u7aef\uff0c\u56e0\u6b64\u4f7f\u7528\u5bf9\u5171\u4eab\u7c7b\u578b\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u53ef\u4ee5\u9650\u5236\u5ba2\u6237\u7aef\u9009\u62e9\u7279\u5b9a\u7684\u540e\u7aef\u3002 \u4f8b\u5982\uff0c\u4f5c\u4e3a\u7ba1\u7406\u5458\u79df\u6237\u4e2d\u7684\u7ba1\u7406\u5458\u7528\u6237\uff0c\u53ef\u4ee5\u521b\u5efa\u540d\u4e3a my_type \u7684\u4e13\u7528\u5171\u4eab\u7c7b\u578b\uff0c\u5e76\u5728\u5217\u8868\u4e2d\u67e5\u770b\u5b83\u3002\u5728\u63a7\u5236\u53f0\u793a\u4f8b\u4e2d\uff0c\u7701\u7565\u4e86\u767b\u5f55\u548c\u6ce8\u9500\uff0c\u5e76\u63d0\u4f9b\u4e86\u73af\u5883\u53d8\u91cf\u4ee5\u663e\u793a\u5f53\u524d\u767b\u5f55\u7684\u7528\u6237\u3002 $ env | grep OS_ ... OS_USERNAME=admin OS_TENANT_NAME=admin ... $ manila type-list --all +----+--------+-----------+-----------+-----------------------------------+-----------------------+ | ID | Name | Visibility| is_default| required_extra_specs | optional_extra_specs | +----+--------+-----------+-----------+-----------------------------------+-----------------------+ | 4..| my_type| private | - | driver_handles_share_servers:False| snapshot_support:True | | 5..| default| public | YES | driver_handles_share_servers:True | snapshot_support:True | +----+--------+-----------+-----------+-----------------------------------+-----------------------+ demo \u79df\u6237\u4e2d\u7684 demo \u7528\u6237\u53ef\u4ee5\u5217\u51fa\u7c7b\u578b\uff0c\u5e76\u4e14\u547d\u540d my_type \u7684\u4e13\u7528\u5171\u4eab\u7c7b\u578b\u5bf9\u4ed6\u4e0d\u53ef\u89c1\u3002 $ env | grep OS_ ... OS_USERNAME=demo OS_TENANT_NAME=demo ... $ manila type-list --all +----+--------+-----------+-----------+----------------------------------+----------------------+ | ID | Name | Visibility| is_default| required_extra_specs | optional_extra_specs | +----+--------+-----------+-----------+----------------------------------+----------------------+ | 5..| default| public | YES | driver_handles_share_servers:True| snapshot_support:True| +----+--------+-----------+-----------+----------------------------------+----------------------+ \u7ba1\u7406\u5458\u53ef\u4ee5\u6388\u4e88\u5bf9\u79df\u6237 ID \u7b49\u4e8e df29a37db5ae48d19b349fe947fada46 \u7684\u6f14\u793a\u79df\u6237\u7684\u4e13\u7528\u5171\u4eab\u7c7b\u578b\u7684\u8bbf\u95ee\u6743\u9650\uff1a $ env | grep OS_ ... OS_USERNAME=admin OS_TENANT_NAME=admin ... $ openstack project list +----------------------------------+--------------------+ | ID | Name | +----------------------------------+--------------------+ | ... | ... | | df29a37db5ae48d19b349fe947fada46 | demo | +----------------------------------+--------------------+ $ manila type-access-add my_type df29a37db5ae48d19b349fe947fada46 \u56e0\u6b64\uff0c\u73b0\u5728\u6f14\u793a\u79df\u6237\u4e2d\u7684\u7528\u6237\u53ef\u4ee5\u770b\u5230\u4e13\u7528\u5171\u4eab\u7c7b\u578b\uff0c\u5e76\u5728\u5171\u4eab\u521b\u5efa\u4e2d\u4f7f\u7528\u5b83\uff1a $ env | grep OS_ ... OS_USERNAME=demo OS_TENANT_NAME=demo ... $ manila type-list --all +----+--------+-----------+-----------+-----------------------------------+-----------------------+ | ID | Name | Visibility| is_default| required_extra_specs | optional_extra_specs | +----+--------+-----------+-----------+-----------------------------------+-----------------------+ | 4..| my_type| private | - | driver_handles_share_servers:False| snapshot_support:True | | 5..| default| public | YES | driver_handles_share_servers:True | snapshot_support:True | +----+--------+-----------+-----------+-----------------------------------+- \u8981\u62d2\u7edd\u5bf9\u6307\u5b9a\u9879\u76ee\u7684\u8bbf\u95ee\uff0c\u8bf7\u4f7f\u7528 manila type-access-remove \u547d\u4ee4\u3002 \u5efa\u8bae \u4e00\u4e2a\u771f\u5b9e\u7684\u751f\u4ea7\u7528\u4f8b\u663e\u793a\u4e86\u5171\u4eab\u7c7b\u578b\u7684\u7528\u9014\u548c\u5bf9\u5b83\u4eec\u7684\u8bbf\u95ee\uff0c\u5f53\u4f60\u6709\u4e24\u4e2a\u540e\u7aef\u65f6\uff1a\u5ec9\u4ef7\u7684 LVM \u4f5c\u4e3a\u516c\u5171\u5b58\u50a8\uff0c\u6602\u8d35\u7684 Ceph \u4f5c\u4e3a\u79c1\u6709\u5b58\u50a8\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u53ef\u4ee5\u5411\u67d0\u4e9b\u79df\u6237\u6388\u4e88\u8bbf\u95ee\u6743\u9650\uff0c\u5e76\u4f7f\u7528 `user/group` \u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u8fdb\u884c\u8bbf\u95ee\u3002 \u653f\u7b56 \u00b6 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u6709\u81ea\u5df1\u7684\u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u7b56\u7565\u3002\u5b83\u4eec\u786e\u5b9a\u54ea\u4e2a\u7528\u6237\u53ef\u4ee5\u4ee5\u54ea\u79cd\u65b9\u5f0f\u8bbf\u95ee\u54ea\u4e9b\u5bf9\u8c61\uff0c\u5e76\u5728\u670d\u52a1\u7684 policy.json \u6587\u4ef6\u4e2d\u5b9a\u4e49\u3002 \u5efa\u8bae \u914d\u7f6e\u6587\u4ef6 `policy.json` \u53ef\u4ee5\u653e\u7f6e\u5728\u4efb\u4f55\u4f4d\u7f6e\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u8be5\u8def\u5f84 `/etc/manila/policy.json` \u662f\u5fc5\u9700\u7684\u3002 \u6bcf\u5f53\u5bf9\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u8fdb\u884c API \u8c03\u7528\u65f6\uff0c\u7b56\u7565\u5f15\u64ce\u90fd\u4f1a\u4f7f\u7528\u76f8\u5e94\u7684\u7b56\u7565\u5b9a\u4e49\u6765\u786e\u5b9a\u662f\u5426\u53ef\u4ee5\u63a5\u53d7\u8be5\u8c03\u7528\u3002 \u7b56\u7565\u89c4\u5219\u786e\u5b9a\u5728\u4ec0\u4e48\u60c5\u51b5\u4e0b\u5141\u8bb8 API \u8c03\u7528\u3002\u5f53 /etc/manila/policy.json \u89c4\u5219\u4e3a\u7a7a\u5b57\u7b26\u4e32\u65f6\uff0c\u8be5\u6587\u4ef6\u5177\u6709\u59cb\u7ec8\u5141\u8bb8\u64cd\u4f5c\u7684\u89c4\u5219\uff1a \"\" ;\u57fa\u4e8e\u7528\u6237\u89d2\u8272\u6216\u89c4\u5219\u7684\u89c4\u5219;\u5e26\u6709\u5e03\u5c14\u8868\u8fbe\u5f0f\u7684\u89c4\u5219\u3002\u4e0b\u9762\u662f\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1 policy.json \u7684\u6587\u4ef6\u7247\u6bb5\u3002\u4ece\u4e00\u4e2aOpenStack\u7248\u672c\u5230\u53e6\u4e00\u4e2aOpenStack\u7248\u672c\uff0c\u53ef\u4ee5\u5bf9\u5176\u8fdb\u884c\u66f4\u6539\u3002 { \"context_is_admin\": \"role:admin\", \"admin_or_owner\": \"is_admin:True or project_id:%(project_id)s\", \"default\": \"rule:admin_or_owner\", \"share_extension:quotas:show\": \"\", \"share_extension:quotas:update\": \"rule:admin_api\", \"share_extension:quotas:delete\": \"rule:admin_api\", \"share_extension:quota_classes\": \"\", } \u5fc5\u987b\u5c06\u7528\u6237\u5206\u914d\u5230\u7b56\u7565\u4e2d\u5f15\u7528\u7684\u7ec4\u548c\u89d2\u8272\u3002\u5f53\u4f7f\u7528\u7528\u6237\u7ba1\u7406\u547d\u4ee4\u65f6\uff0c\u670d\u52a1\u4f1a\u81ea\u52a8\u5b8c\u6210\u6b64\u64cd\u4f5c\u3002 \u6ce8\u610f \u4efb\u4f55\u66f4\u6539 `/etc/manila/policy.json` \u90fd\u4f1a\u7acb\u5373\u751f\u6548\uff0c\u8fd9\u5141\u8bb8\u5728\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u8fd0\u884c\u65f6\u5b9e\u65bd\u65b0\u7b56\u7565\u3002\u624b\u52a8\u4fee\u6539\u7b56\u7565\u53ef\u80fd\u4f1a\u4ea7\u751f\u610f\u60f3\u4e0d\u5230\u7684\u526f\u4f5c\u7528\uff0c\u56e0\u6b64\u4e0d\u9f13\u52b1\u8fd9\u6837\u505a\u3002\u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 policy.json \u6587\u4ef6\u3002 \u68c0\u67e5\u8868 \u00b6 Check-Shared-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/manila\uff1f \u00b6 \u914d\u7f6e\u6587\u4ef6\u5305\u542b\u7ec4\u4ef6\u5e73\u7a33\u8fd0\u884c\u6240\u9700\u7684\u5173\u952e\u53c2\u6570\u548c\u4fe1\u606f\u3002\u5982\u679c\u975e\u7279\u6743\u7528\u6237\u6709\u610f\u6216\u65e0\u610f\u5730\u4fee\u6539\u6216\u5220\u9664\u4efb\u4f55\u53c2\u6570\u6216\u6587\u4ef6\u672c\u8eab\uff0c\u5219\u4f1a\u5bfc\u81f4\u4e25\u91cd\u7684\u53ef\u7528\u6027\u95ee\u9898\uff0c\u4ece\u800c\u5bfc\u81f4\u62d2\u7edd\u5411\u5176\u4ed6\u6700\u7ec8\u7528\u6237\u63d0\u4f9b\u670d\u52a1\u3002\u56e0\u6b64\uff0c\u6b64\u7c7b\u5173\u952e\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a root\uff0c\u7ec4\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a manila\u3002\u6b64\u5916\uff0c\u5305\u542b\u76ee\u5f55\u5e94\u5177\u6709\u76f8\u540c\u7684\u6240\u6709\u6743\uff0c\u4ee5\u786e\u4fdd\u6b63\u786e\u62e5\u6709\u65b0\u6587\u4ef6\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%U %G\" /etc/manila/manila.conf | egrep \"root manila\" $ stat -L -c \"%U %G\" /etc/manila/api-paste.ini | egrep \"root manila\" $ stat -L -c \"%U %G\" /etc/manila/policy.json | egrep \"root manila\" $ stat -L -c \"%U %G\" /etc/manila/rootwrap.conf | egrep \"root manila\" $ stat -L -c \"%U %G\" /etc/manila | egrep \"root manila\" \u901a\u8fc7\uff1a\u5982\u679c\u6240\u6709\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u5206\u522b\u8bbe\u7f6e\u4e3a root \u548c manila\u3002\u4e0a\u9762\u7684\u547d\u4ee4\u663e\u793a\u4e86\u6839\u9a6c\u5c3c\u62c9\u7684\u8f93\u51fa\u3002 \u5931\u8d25\uff1a\u5982\u679c\u4e0a\u8ff0\u547d\u4ee4\u672a\u8fd4\u56de\u4efb\u4f55\u8f93\u51fa\uff0c\u56e0\u4e3a\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u53ef\u80fd\u5df2\u8bbe\u7f6e\u4e3a\u9664 root \u4ee5\u5916\u7684\u4efb\u4f55\u7528\u6237\u6216\u9a6c\u5c3c\u62c9\u4ee5\u5916\u7684\u4efb\u4f55\u7ec4\u3002 Check-Shared-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f \u00b6 \u4e0e\u524d\u9762\u7684\u68c0\u67e5\u7c7b\u4f3c\uff0c\u5efa\u8bae\u5bf9\u6b64\u7c7b\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e25\u683c\u7684\u8bbf\u95ee\u6743\u9650\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%a\" /etc/manila/manila.conf $ stat -L -c \"%a\" /etc/manila/api-paste.ini $ stat -L -c \"%a\" /etc/manila/policy.json $ stat -L -c \"%a\" /etc/manila/rootwrap.conf $ stat -L -c \"%a\" /etc/manila \u8fd8\u53ef\u4ee5\u8fdb\u884c\u66f4\u5e7f\u6cdb\u7684\u9650\u5236\uff1a\u5982\u679c\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\uff0c\u5219\u4fdd\u8bc1\u6b64\u76ee\u5f55\u4e2d\u65b0\u521b\u5efa\u7684\u6587\u4ef6\u5177\u6709\u6240\u9700\u7684\u6743\u9650\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u6743\u9650\u8bbe\u7f6e\u4e3a 640 \u6216\u66f4\u4e25\u683c\uff0c\u6216\u8005\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\u3002640 \u7684\u6743\u9650\u8f6c\u6362\u4e3a\u6240\u6709\u8005 r/w\u3001\u7ec4 r\uff0c\u800c\u5bf9\u5176\u4ed6\u4eba\u6ca1\u6709\u6743\u9650\uff0c\u5373\u201cu=rw\uff0cg=r\uff0co=\u201d\u3002\u8bf7\u6ce8\u610f\uff0c\u4f7f\u7528 Check-Shared-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/manila\uff1f\u6743\u9650\u8bbe\u7f6e\u4e3a 640\uff0croot \u5177\u6709\u8bfb/\u5199\u8bbf\u95ee\u6743\u9650\uff0cmanila \u5177\u6709\u5bf9\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u8bfb\u53d6\u8bbf\u95ee\u6743\u9650\u3002\u4e5f\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u9a8c\u8bc1\u8bbf\u95ee\u6743\u9650\u3002\u4ec5\u5f53\u6b64\u547d\u4ee4\u652f\u6301 ACL \u65f6\uff0c\u5b83\u624d\u5728\u60a8\u7684\u7cfb\u7edf\u4e0a\u53ef\u7528\u3002 $ getfacl --tabular -a /etc/manila/manila.conf getfacl: Removing leading '/' from absolute path names # file: etc/manila/manila.conf USER root rw- GROUP manila r-- mask r-- other --- \u5931\u8d25\uff1a\u5982\u679c\u6743\u9650\u672a\u8bbe\u7f6e\u4e3a\u81f3\u5c11 640\u3002 Check-Shared-03\uff1aOpenStack Identity \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f \u00b6 \u6ce8\u610f \u6b64\u9879\u4ec5\u9002\u7528\u4e8e OpenStack \u7248\u672c Rocky \u53ca\u4e4b\u524d\u7248\u672c\uff0c\u56e0\u4e3a `auth_strategy` Stein \u4e2d\u5df2\u5f03\u7528\u3002 OpenStack \u652f\u6301\u5404\u79cd\u8eab\u4efd\u9a8c\u8bc1\u7b56\u7565\uff0c\u5982 noauth \u548c keystone\u3002\u5982\u679c\u4f7f\u7528 ' noauth ' \u7b56\u7565\uff0c\u5219\u7528\u6237\u65e0\u9700\u4efb\u4f55\u8eab\u4efd\u9a8c\u8bc1\u5373\u53ef\u4e0e OpenStack \u670d\u52a1\u8fdb\u884c\u4ea4\u4e92\u3002\u8fd9\u53ef\u80fd\u662f\u4e00\u4e2a\u6f5c\u5728\u7684\u98ce\u9669\uff0c\u56e0\u4e3a\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u83b7\u5f97\u5bf9 OpenStack \u7ec4\u4ef6\u7684\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002\u56e0\u6b64\uff0c\u5f3a\u70c8\u5efa\u8bae\u6240\u6709\u670d\u52a1\u90fd\u5fc5\u987b\u4f7f\u7528\u5176\u670d\u52a1\u5e10\u6237\u901a\u8fc7 keystone \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 auth_strategy \u8bbe\u7f6e\u4e3a keystone \u3002 [DEFAULT] manila.conf \u5931\u8d25\uff1a\u5982\u679c section \u4e0b\u7684 [DEFAULT] \u53c2\u6570 auth_strategy \u503c\u8bbe\u7f6e\u4e3a noauth \u3002 Check-Shared-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f \u00b6 OpenStack \u7ec4\u4ef6\u4f7f\u7528\u5404\u79cd\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\uff0c\u901a\u4fe1\u53ef\u80fd\u6d89\u53ca\u654f\u611f\u6216\u673a\u5bc6\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5c1d\u8bd5\u7a83\u542c\u9891\u9053\u4ee5\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u6240\u6709\u7ec4\u4ef6\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in /etc/manila/manila.conf \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a Identity API \u7aef\u70b9\u5f00\u5934\uff0c https:// \u5e76\u4e14 same /etc/manila/manila.conf \u4e2d\u540c\u4e00 [keystone_authtoken] \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri insecure \u503c\u8bbe\u7f6e\u4e3a False \u3002 \u5931\u8d25\uff1a\u5982\u679c in /etc/manila/manila.conf \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri \u503c\u672a\u8bbe\u7f6e\u4e3a\u4ee5 \u5f00\u5934\u7684\u8eab\u4efd API \u7aef\u70b9\uff0c https:// \u6216\u8005\u540c\u4e00 /etc/manila/manila.conf \u90e8\u5206\u4e2d\u7684\u53c2\u6570 insecure [keystone_authtoken] \u503c\u8bbe\u7f6e\u4e3a True \u3002 Check-Shared-05\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u8ba1\u7b97\u8054\u7cfb\uff1f \u00b6 \u6ce8\u610f \u6b64\u9879\u4ec5\u9002\u7528\u4e8e OpenStack \u7248\u672c Train \u53ca\u4e4b\u524d\u7248\u672c\uff0c\u56e0\u4e3a `auth_strategy` Ussuri \u4e2d\u5df2\u5f03\u7528\u3002 OpenStack \u7ec4\u4ef6\u4f7f\u7528\u5404\u79cd\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\uff0c\u901a\u4fe1\u53ef\u80fd\u6d89\u53ca\u654f\u611f\u6216\u673a\u5bc6\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5c1d\u8bd5\u7a83\u542c\u9891\u9053\u4ee5\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u56e0\u6b64\uff0c\u6240\u6709\u7ec4\u4ef6\u90fd\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u7684\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 nova_api_insecure \u8bbe\u7f6e\u4e3a False \u3002 [DEFAULT] manila.conf \u5931\u8d25\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 nova_api_insecure \u8bbe\u7f6e\u4e3a True \u3002 [DEFAULT] manila.conf Check-Shared-06\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u7f51\u7edc\u8054\u7cfb\uff1f \u00b6 \u6ce8\u610f \u6b64\u9879\u4ec5\u9002\u7528\u4e8e OpenStack \u7248\u672c Train \u53ca\u4e4b\u524d\u7248\u672c\uff0c\u56e0\u4e3a `auth_strategy` Ussuri \u4e2d\u5df2\u5f03\u7528\u3002 \u4e0e\u4e4b\u524d\u7684\u68c0\u67e5\uff08Check-Shared-05\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u8ba1\u7b97\u8054\u7cfb\uff1f\uff09\u7c7b\u4f3c\uff0c\u5efa\u8bae\u6240\u6709\u7ec4\u4ef6\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 neutron_api_insecure \u8bbe\u7f6e\u4e3a False \u3002 [DEFAULT] manila.conf \u5931\u8d25\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 neutron_api_insecure \u8bbe\u7f6e\u4e3a True \u3002 [DEFAULT] manila.conf Check-Shared-07\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u5757\u5b58\u50a8\u8054\u7cfb\uff1f \u00b6 \u6ce8\u610f \u6b64\u9879\u4ec5\u9002\u7528\u4e8e OpenStack \u7248\u672c Train \u53ca\u4e4b\u524d\u7248\u672c\uff0c\u56e0\u4e3a `auth_strategy` Ussuri \u4e2d\u5df2\u5f03\u7528\u3002 \u4e0e\u4e4b\u524d\u7684\u68c0\u67e5\uff08Check-Shared-05\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u8ba1\u7b97\u8054\u7cfb\uff1f\uff09\u7c7b\u4f3c\uff0c\u5efa\u8bae\u6240\u6709\u7ec4\u4ef6\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 cinder_api_insecure \u8bbe\u7f6e\u4e3a False \u3002 [DEFAULT] manila.conf \u5931\u8d25\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 cinder_api_insecure \u8bbe\u7f6e\u4e3a True \u3002 [DEFAULT] manila.conf Check-Shared-08\uff1a\u8bf7\u6c42\u6b63\u6587\u7684\u6700\u5927\u5927\u5c0f\u662f\u5426\u8bbe\u7f6e\u4e3a\u9ed8\u8ba4\u503c \uff08114688\uff09\uff1f \u00b6 \u5982\u679c\u672a\u5b9a\u4e49\u6bcf\u4e2a\u8bf7\u6c42\u7684\u6700\u5927\u6b63\u6587\u5927\u5c0f\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u6784\u5efa\u4efb\u610f\u8f83\u5927\u7684OSAPI\u8bf7\u6c42\uff0c\u5bfc\u81f4\u670d\u52a1\u5d29\u6e83\uff0c\u6700\u7ec8\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u5206\u914d\u6700\u5927\u503c\u53ef\u786e\u4fdd\u963b\u6b62\u4efb\u4f55\u6076\u610f\u8d85\u5927\u8bf7\u6c42\uff0c\u4ece\u800c\u786e\u4fdd\u670d\u52a1\u7684\u6301\u7eed\u53ef\u7528\u6027\u3002 \u901a\u8fc7\uff1a\u5982\u679c in \u8282\u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a \uff0c\u6216\u8005 in manila.conf manila.conf \u8282\u4e0b\u7684 [oslo_middleware] [DEFAULT] \u53c2\u6570 max_request_body_size osapi_max_request_body_size \u503c\u8bbe\u7f6e\u4e3a 114688 \u3002 114688 \u4e0b\u9762\u7684 [DEFAULT] \u53c2\u6570 osapi_max_request_body_size \u5df2\u5f03\u7528\uff0c\u6700\u597d\u4f7f\u7528 [oslo_middleware]/ max_request_body_size \u3002 \u5931\u8d25\uff1a\u5982\u679c in manila.conf \u8282\u4e0b\u7684\u53c2\u6570\u503c\u672a\u8bbe\u7f6e\u4e3a 114688 \uff0c\u6216\u8005 in manila.conf \u8282\u4e0b\u7684 [DEFAULT] [oslo_middleware] \u53c2\u6570 max_request_body_size osapi_max_request_body_size \u503c\u672a\u8bbe\u7f6e\u4e3a 114688 \u3002 \u8054\u7f51 \u00b6 OpenStack \u7f51\u7edc\u670d\u52a1 \uff08neutron\uff09 \u4f7f\u6700\u7ec8\u7528\u6237\u6216\u79df\u6237\u80fd\u591f\u5b9a\u4e49\u3001\u5229\u7528\u548c\u4f7f\u7528\u7f51\u7edc\u8d44\u6e90\u3002OpenStack Networking \u63d0\u4f9b\u4e86\u4e00\u4e2a\u9762\u5411\u79df\u6237\u7684 API\uff0c\u7528\u4e8e\u5b9a\u4e49\u4e91\u4e2d\u5b9e\u4f8b\u7684\u7f51\u7edc\u8fde\u63a5\u548c IP \u5bfb\u5740\uff0c\u4ee5\u53ca\u7f16\u6392\u7f51\u7edc\u914d\u7f6e\u3002\u968f\u7740\u5411\u4ee5 API \u4e3a\u4e2d\u5fc3\u7684\u7f51\u7edc\u670d\u52a1\u7684\u8fc7\u6e21\uff0c\u4e91\u67b6\u6784\u5e08\u548c\u7ba1\u7406\u5458\u5e94\u8003\u8651\u6700\u4f73\u5b9e\u8df5\u6765\u4fdd\u62a4\u7269\u7406\u548c\u865a\u62df\u7f51\u7edc\u57fa\u7840\u67b6\u6784\u548c\u670d\u52a1\u3002 OpenStack Networking \u91c7\u7528\u63d2\u4ef6\u67b6\u6784\u8bbe\u8ba1\uff0c\u901a\u8fc7\u5f00\u6e90\u793e\u533a\u6216\u7b2c\u4e09\u65b9\u670d\u52a1\u63d0\u4f9b API \u7684\u53ef\u6269\u5c55\u6027\u3002\u5728\u8bc4\u4f30\u67b6\u6784\u8bbe\u8ba1\u8981\u6c42\u65f6\uff0c\u786e\u5b9a OpenStack Networking \u6838\u5fc3\u670d\u52a1\u4e2d\u6709\u54ea\u4e9b\u529f\u80fd\u3001\u7b2c\u4e09\u65b9\u4ea7\u54c1\u63d0\u4f9b\u7684\u4efb\u4f55\u5176\u4ed6\u670d\u52a1\u4ee5\u53ca\u9700\u8981\u5728\u7269\u7406\u57fa\u7840\u67b6\u6784\u4e2d\u5b9e\u73b0\u54ea\u4e9b\u8865\u5145\u670d\u52a1\u975e\u5e38\u91cd\u8981\u3002 \u672c\u8282\u7b80\u8981\u6982\u8ff0\u4e86\u5728\u5b9e\u73b0 OpenStack Networking \u65f6\u5e94\u8003\u8651\u54ea\u4e9b\u6d41\u7a0b\u548c\u6700\u4f73\u5b9e\u8df5\u3002 \u7f51\u7edc\u67b6\u6784 \u5728\u7269\u7406\u670d\u52a1\u5668\u4e0a\u653e\u7f6e OpenStack Networking \u670d\u52a1 \u7f51\u7edc\u670d\u52a1 \u4f7f\u7528 VLAN \u548c\u96a7\u9053\u7684 L2 \u9694\u79bb \u7f51\u7edc\u670d\u52a1 \u7f51\u7edc\u670d\u52a1\u6269\u5c55 \u7f51\u7edc\u670d\u52a1\u9650\u5236 \u7f51\u7edc\u670d\u52a1\u5b89\u5168\u6700\u4f73\u505a\u6cd5 OpenStack Networking \u670d\u52a1\u914d\u7f6e \u4fdd\u62a4 OpenStack \u7f51\u7edc\u670d\u52a1 \u9879\u76ee\u7f51\u7edc\u670d\u52a1\u5de5\u4f5c\u6d41\u7a0b \u7f51\u7edc\u8d44\u6e90\u7b56\u7565\u5f15\u64ce \u5b89\u5168\u7ec4 \u914d\u989d \u7f13\u89e3 ARP \u6b3a\u9a97 \u68c0\u67e5\u8868 Check-Neutron-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/neutron\uff1f Check-Neutron-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Neutron-03\uff1aKeystone\u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Neutron-04\uff1a\u662f\u5426\u4f7f\u7528\u5b89\u5168\u534f\u8bae\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Neutron-05\uff1aNeutron API \u670d\u52a1\u5668\u4e0a\u662f\u5426\u542f\u7528\u4e86 TLS\uff1f \u7f51\u7edc\u67b6\u6784 \u00b6 OpenStack Networking \u662f\u4e00\u4e2a\u72ec\u7acb\u7684\u670d\u52a1\uff0c\u901a\u5e38\u5728\u591a\u4e2a\u8282\u70b9\u4e0a\u90e8\u7f72\u591a\u4e2a\u8fdb\u7a0b\u3002\u8fd9\u4e9b\u8fdb\u7a0b\u5f7c\u6b64\u4ea4\u4e92\uff0c\u5e76\u4e0e\u5176\u4ed6 OpenStack \u670d\u52a1\u4ea4\u4e92\u3002OpenStack Networking \u670d\u52a1\u7684\u4e3b\u8981\u8fdb\u7a0b\u662f neutron-server\uff0c\u8fd9\u662f\u4e00\u4e2a Python \u5b88\u62a4\u8fdb\u7a0b\uff0c\u5b83\u516c\u5f00 OpenStack Networking API\uff0c\u5e76\u5c06\u79df\u6237\u8bf7\u6c42\u4f20\u9012\u7ed9\u4e00\u7ec4\u63d2\u4ef6\u8fdb\u884c\u989d\u5916\u5904\u7406\u3002 OpenStack Networking \u7ec4\u4ef6\u5305\u62ec\uff1a neutron \u670d\u52a1\u5668\uff08neutron-server \u548c neutron-*-plugin\uff09 \u6b64\u670d\u52a1\u5728\u7f51\u7edc\u8282\u70b9\u4e0a\u8fd0\u884c\uff0c\u4e3a\u7f51\u7edc API \u53ca\u5176\u6269\u5c55\u63d0\u4f9b\u670d\u52a1\u3002\u5b83\u8fd8\u5f3a\u5236\u6267\u884c\u6bcf\u4e2a\u7aef\u53e3\u7684\u7f51\u7edc\u6a21\u578b\u548c IP \u5bfb\u5740\u3002neutron-server \u9700\u8981\u95f4\u63a5\u8bbf\u95ee\u6301\u4e45\u6027\u6570\u636e\u5e93\u3002\u8fd9\u662f\u901a\u8fc7\u63d2\u4ef6\u5b9e\u73b0\u7684\uff0c\u63d2\u4ef6\u4f7f\u7528 AMQP\uff08\u9ad8\u7ea7\u6d88\u606f\u961f\u5217\u534f\u8bae\uff09\u4e0e\u6570\u636e\u5e93\u8fdb\u884c\u901a\u4fe1\u3002 \u63d2\u4ef6\u4ee3\u7406 \uff08neutron-*-agent\uff09 \u5728\u6bcf\u4e2a\u8ba1\u7b97\u8282\u70b9\u4e0a\u8fd0\u884c\uff0c\u4ee5\u7ba1\u7406\u672c\u5730\u865a\u62df\u4ea4\u6362\u673a \uff08vswitch\uff09 \u914d\u7f6e\u3002\u60a8\u4f7f\u7528\u7684\u63d2\u4ef6\u51b3\u5b9a\u4e86\u8fd0\u884c\u54ea\u4e9b\u4ee3\u7406\u3002\u6b64\u670d\u52a1\u9700\u8981\u6d88\u606f\u961f\u5217\u8bbf\u95ee\uff0c\u5e76\u53d6\u51b3\u4e8e\u6240\u4f7f\u7528\u7684\u63d2\u4ef6\u3002\u4e00\u4e9b\u63d2\u4ef6\uff0c\u5982 OpenDaylight\uff08ODL\uff09 \u548c\u5f00\u653e\u865a\u62df\u7f51\u7edc \uff08OVN\uff09\uff0c\u5728\u8ba1\u7b97\u8282\u70b9\u4e0a\u4e0d\u9700\u8981\u4efb\u4f55 python \u4ee3\u7406\u3002 DHCP \u4ee3\u7406 \uff08neutron-dhcp-agent\uff09 \u4e3a\u79df\u6237\u7f51\u7edc\u63d0\u4f9bDHCP\u670d\u52a1\u3002\u6b64\u4ee3\u7406\u5728\u6240\u6709\u63d2\u4ef6\u4e2d\u90fd\u662f\u76f8\u540c\u7684\uff0c\u5e76\u8d1f\u8d23\u7ef4\u62a4 DHCP \u914d\u7f6e\u3002neutron-dhcp-agent \u9700\u8981\u6d88\u606f\u961f\u5217\u8bbf\u95ee\u3002\u53ef\u9009\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u63d2\u4ef6\u3002 L3 \u4ee3\u7406\uff08neutron-L3-agent\uff09 \u4e3a\u79df\u6237\u7f51\u7edc\u4e0a\u7684\u865a\u62df\u673a\u63d0\u4f9b L3/NAT \u8f6c\u53d1\u3002\u9700\u8981\u6d88\u606f\u961f\u5217\u8bbf\u95ee\u6743\u9650\u3002\u53ef\u9009\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u63d2\u4ef6\u3002 \u7f51\u7edc\u63d0\u4f9b\u5546\u670d\u52a1\uff08SDN \u670d\u52a1\u5668/\u670d\u52a1\uff09 \u4e3a\u79df\u6237\u7f51\u7edc\u63d0\u4f9b\u5176\u4ed6\u7f51\u7edc\u670d\u52a1\u3002\u8fd9\u4e9b SDN \u670d\u52a1\u53ef\u4ee5\u901a\u8fc7 REST API \u7b49\u901a\u4fe1\u901a\u9053\u4e0e neutron-server\u3001neutron-plugin \u548c plugin-agents \u8fdb\u884c\u4ea4\u4e92\u3002 \u4e0b\u56fe\u663e\u793a\u4e86 OpenStack Networking \u7ec4\u4ef6\u7684\u67b6\u6784\u548c\u7f51\u7edc\u6d41\u7a0b\u56fe\uff1a OpenStack Networking \u670d\u52a1\u5728\u7269\u7406\u670d\u52a1\u5668\u4e0a\u7684\u653e\u7f6e \u00b6 \u672c\u6307\u5357\u91cd\u70b9\u4ecb\u7ecd\u4e00\u4e2a\u6807\u51c6\u67b6\u6784\uff0c\u5176\u4e2d\u5305\u62ec\u4e00\u4e2a\u4e91\u63a7\u5236\u5668\u4e3b\u673a\u3001\u4e00\u4e2a\u7f51\u7edc\u4e3b\u673a\u548c\u4e00\u7ec4\u7528\u4e8e\u8fd0\u884c VM \u7684\u8ba1\u7b97\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u3002 \u7269\u7406\u670d\u52a1\u5668\u7684\u7f51\u7edc\u8fde\u63a5 \u00b6 \u6807\u51c6\u7684 OpenStack Networking \u8bbe\u7f6e\u6700\u591a\u6709\u56db\u4e2a\u4e0d\u540c\u7684\u7269\u7406\u6570\u636e\u4e2d\u5fc3\u7f51\u7edc\uff1a \u7ba1\u7406\u7f51\u7edc \u7528\u4e8e OpenStack \u7ec4\u4ef6\u4e4b\u95f4\u7684\u5185\u90e8\u901a\u4fe1\u3002\u6b64\u7f51\u7edc\u4e0a\u7684 IP \u5730\u5740\u5e94\u53ea\u80fd\u5728\u6570\u636e\u4e2d\u5fc3\u5185\u8bbf\u95ee\uff0c\u5e76\u88ab\u89c6\u4e3a\u7ba1\u7406\u5b89\u5168\u57df\u3002 \u8bbf\u5ba2\u7f51\u7edc \u7528\u4e8e\u4e91\u90e8\u7f72\u4e2d\u7684 VM \u6570\u636e\u901a\u4fe1\u3002\u6b64\u7f51\u7edc\u7684 IP \u5bfb\u5740\u8981\u6c42\u53d6\u51b3\u4e8e\u6240\u4f7f\u7528\u7684 OpenStack Networking \u63d2\u4ef6\u4ee5\u53ca\u79df\u6237\u5bf9\u865a\u62df\u7f51\u7edc\u6240\u505a\u7684\u7f51\u7edc\u914d\u7f6e\u9009\u62e9\u3002\u6b64\u7f51\u7edc\u88ab\u89c6\u4e3a\u5ba2\u6237\u673a\u5b89\u5168\u57df\u3002 \u5916\u90e8\u7f51\u7edc \u7528\u4e8e\u5728\u67d0\u4e9b\u90e8\u7f72\u65b9\u6848\u4e2d\u4e3a VM \u63d0\u4f9b Internet \u8bbf\u95ee\u6743\u9650\u3002Internet \u4e0a\u7684\u4efb\u4f55\u4eba\u90fd\u53ef\u4ee5\u8bbf\u95ee\u6b64\u7f51\u7edc\u4e0a\u7684 IP \u5730\u5740\u3002\u6b64\u7f51\u7edc\u88ab\u89c6\u4e3a\u5c5e\u4e8e\u516c\u5171\u5b89\u5168\u57df\u3002 API\u7f51\u7edc \u5411\u79df\u6237\u516c\u5f00\u6240\u6709 OpenStack API\uff0c\u5305\u62ec OpenStack \u7f51\u7edc API\u3002Internet \u4e0a\u7684\u4efb\u4f55\u4eba\u90fd\u53ef\u4ee5\u8bbf\u95ee\u6b64\u7f51\u7edc\u4e0a\u7684 IP \u5730\u5740\u3002\u8fd9\u53ef\u80fd\u4e0e\u5916\u90e8\u7f51\u7edc\u662f\u540c\u4e00\u7f51\u7edc\uff0c\u56e0\u4e3a\u53ef\u4ee5\u4e3a\u4f7f\u7528 IP \u5206\u914d\u8303\u56f4\u7684\u5916\u90e8\u7f51\u7edc\u521b\u5efa\u4e00\u4e2a\u5b50\u7f51\uff0c\u4ee5\u4fbf\u4ec5\u4f7f\u7528 IP \u5757\u4e2d\u5c0f\u4e8e\u5168\u90e8\u8303\u56f4\u7684 IP \u5730\u5740\u3002\u6b64\u7f51\u7edc\u88ab\u89c6\u4e3a\u516c\u5171\u5b89\u5168\u57df\u3002 \u6709\u5173\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u300aOpenStack \u7ba1\u7406\u5458\u6307\u5357\u300b\u3002 \u7f51\u7edc\u670d\u52a1 \u00b6 \u5728\u8bbe\u8ba1 OpenStack \u7f51\u7edc\u57fa\u7840\u67b6\u6784\u7684\u521d\u59cb\u67b6\u6784\u9636\u6bb5\uff0c\u786e\u4fdd\u63d0\u4f9b\u9002\u5f53\u7684\u4e13\u4e1a\u77e5\u8bc6\u6765\u534f\u52a9\u8bbe\u8ba1\u7269\u7406\u7f51\u7edc\u57fa\u7840\u67b6\u6784\uff0c\u786e\u5b9a\u9002\u5f53\u7684\u5b89\u5168\u63a7\u5236\u548c\u5ba1\u8ba1\u673a\u5236\u975e\u5e38\u91cd\u8981\u3002 OpenStack Networking \u589e\u52a0\u4e86\u4e00\u5c42\u865a\u62df\u5316\u7f51\u7edc\u670d\u52a1\uff0c\u4f7f\u79df\u6237\u80fd\u591f\u6784\u5efa\u81ea\u5df1\u7684\u865a\u62df\u7f51\u7edc\u3002\u76ee\u524d\uff0c\u8fd9\u4e9b\u865a\u62df\u5316\u670d\u52a1\u8fd8\u6ca1\u6709\u4f20\u7edf\u7f51\u7edc\u7684\u6210\u719f\u3002\u5728\u91c7\u7528\u8fd9\u4e9b\u865a\u62df\u5316\u670d\u52a1\u4e4b\u524d\uff0c\u8bf7\u8003\u8651\u8fd9\u4e9b\u670d\u52a1\u7684\u5f53\u524d\u72b6\u6001\uff0c\u56e0\u4e3a\u5b83\u51b3\u5b9a\u4e86\u60a8\u53ef\u80fd\u9700\u8981\u5728\u865a\u62df\u5316\u548c\u4f20\u7edf\u7f51\u7edc\u8fb9\u754c\u4e0a\u5b9e\u73b0\u54ea\u4e9b\u63a7\u5236\u3002 \u4f7f\u7528 VLAN \u548c\u96a7\u9053\u7684 L2 \u9694\u79bb \u00b6 OpenStack Networking \u53ef\u4ee5\u91c7\u7528\u4e24\u79cd\u4e0d\u540c\u7684\u673a\u5236\u5bf9\u6bcf\u4e2a\u79df\u6237/\u7f51\u7edc\u7ec4\u5408\u8fdb\u884c\u6d41\u91cf\u9694\u79bb\uff1aVLAN\uff08IEEE 802.1Q \u6807\u8bb0\uff09\u6216\u4f7f\u7528 GRE \u5c01\u88c5\u7684 L2 \u96a7\u9053\u3002OpenStack \u90e8\u7f72\u7684\u8303\u56f4\u548c\u89c4\u6a21\u51b3\u5b9a\u4e86\u60a8\u5e94\u8be5\u4f7f\u7528\u54ea\u79cd\u65b9\u6cd5\u8fdb\u884c\u6d41\u91cf\u9694\u79bb\u6216\u9694\u79bb\u3002 VLANs \u00b6 VLAN \u5728\u7279\u5b9a\u7269\u7406\u7f51\u7edc\u4e0a\u5b9e\u73b0\u4e3a\u6570\u636e\u5305\uff0c\u5176\u4e2d\u5305\u542b\u5177\u6709\u7279\u5b9a VLAN ID \uff08VID\uff09 \u5b57\u6bb5\u503c\u7684 IEEE 802.1Q \u6807\u5934\u3002\u5171\u4eab\u540c\u4e00\u7269\u7406\u7f51\u7edc\u7684 VLAN \u7f51\u7edc\u5728 L2 \u4e0a\u5f7c\u6b64\u9694\u79bb\uff0c\u751a\u81f3\u53ef\u4ee5\u6709\u91cd\u53e0\u7684 IP \u5730\u5740\u7a7a\u95f4\u3002\u6bcf\u4e2a\u652f\u6301 VLAN \u7f51\u7edc\u7684\u4e0d\u540c\u7269\u7406\u7f51\u7edc\u90fd\u88ab\u89c6\u4e3a\u4e00\u4e2a\u5355\u72ec\u7684 VLAN \u4e2d\u7ee7\uff0c\u5177\u6709\u4e0d\u540c\u7684 VID \u503c\u7a7a\u95f4\u3002\u6709\u6548\u7684 VID \u503c\u4e3a 1 \u5230 4094\u3002 VLAN \u914d\u7f6e\u7684\u590d\u6742\u6027\u53d6\u51b3\u4e8e\u60a8\u7684 OpenStack \u8bbe\u8ba1\u8981\u6c42\u3002\u4e3a\u4e86\u8ba9 OpenStack Networking \u80fd\u591f\u6709\u6548\u5730\u4f7f\u7528 VLAN\uff0c\u60a8\u5fc5\u987b\u5206\u914d\u4e00\u4e2a VLAN \u8303\u56f4\uff08\u6bcf\u4e2a\u79df\u6237\u4e00\u4e2a\uff09\uff0c\u5e76\u5c06\u6bcf\u4e2a\u8ba1\u7b97\u8282\u70b9\u7269\u7406\u4ea4\u6362\u673a\u7aef\u53e3\u8f6c\u6362\u4e3a VLAN \u4e2d\u7ee7\u7aef\u53e3\u3002 \u6ce8\u610f \u5982\u679c\u60a8\u6253\u7b97\u8ba9\u60a8\u7684\u7f51\u7edc\u652f\u6301\u8d85\u8fc7 4094 \u4e2a\u79df\u6237\uff0c\u5219 VLAN \u53ef\u80fd\u4e0d\u662f\u60a8\u7684\u6b63\u786e\u9009\u62e9\uff0c\u56e0\u4e3a\u9700\u8981\u591a\u4e2a\u201c\u9ed1\u5ba2\u201d\u624d\u80fd\u5c06 VLAN \u6807\u8bb0\u6269\u5c55\u5230\u8d85\u8fc7 4094 \u4e2a\u79df\u6237\u3002 L2 \u96a7\u9053 \u00b6 \u7f51\u7edc\u96a7\u9053\u4f7f\u7528\u552f\u4e00\u7684\u201ctunnel-id\u201d\u5c01\u88c5\u6bcf\u4e2a\u79df\u6237/\u7f51\u7edc\u7ec4\u5408\uff0c\u8be5 ID \u7528\u4e8e\u6807\u8bc6\u5c5e\u4e8e\u8be5\u7ec4\u5408\u7684\u7f51\u7edc\u6d41\u91cf\u3002\u79df\u6237\u7684 L2 \u7f51\u7edc\u8fde\u63a5\u4e0e\u7269\u7406\u4f4d\u7f6e\u6216\u57fa\u7840\u7f51\u7edc\u8bbe\u8ba1\u65e0\u5173\u3002\u901a\u8fc7\u5c06\u6d41\u91cf\u5c01\u88c5\u5728 IP \u6570\u636e\u5305\u4e2d\uff0c\u8be5\u6d41\u91cf\u53ef\u4ee5\u8de8\u8d8a\u7b2c 3 \u5c42\u8fb9\u754c\uff0c\u65e0\u9700\u9884\u914d\u7f6e VLAN \u548c VLAN \u4e2d\u7ee7\u3002\u96a7\u9053\u4e3a\u7f51\u7edc\u6570\u636e\u6d41\u91cf\u589e\u52a0\u4e86\u4e00\u5c42\u6df7\u6dc6\uff0c\u4ece\u76d1\u63a7\u7684\u89d2\u5ea6\u964d\u4f4e\u4e86\u5355\u4e2a\u79df\u6237\u6d41\u91cf\u7684\u53ef\u89c1\u6027\u3002 OpenStack Networking \u76ee\u524d\u652f\u6301 GRE \u548c VXLAN \u5c01\u88c5\u3002 \u63d0\u4f9b L2 \u9694\u79bb\u7684\u6280\u672f\u9009\u62e9\u53d6\u51b3\u4e8e\u5c06\u5728\u90e8\u7f72\u4e2d\u521b\u5efa\u7684\u79df\u6237\u7f51\u7edc\u7684\u8303\u56f4\u548c\u5927\u5c0f\u3002\u5982\u679c\u60a8\u7684\u73af\u5883\u7684 VLAN ID \u53ef\u7528\u6027\u6709\u9650\u6216\u5c06\u5177\u6709\u5927\u91cf L2 \u7f51\u7edc\uff0c\u6211\u4eec\u5efa\u8bae\u60a8\u4f7f\u7528\u96a7\u9053\u3002 \u7f51\u7edc\u670d\u52a1 \u00b6 \u79df\u6237\u7f51\u7edc\u9694\u79bb\u7684\u9009\u62e9\u4f1a\u5f71\u54cd\u79df\u6237\u670d\u52a1\u7684\u7f51\u7edc\u5b89\u5168\u548c\u63a7\u5236\u8fb9\u754c\u7684\u5b9e\u73b0\u65b9\u5f0f\u3002\u4ee5\u4e0b\u9644\u52a0\u7f51\u7edc\u670d\u52a1\u5df2\u7ecf\u53ef\u7528\u6216\u76ee\u524d\u6b63\u5728\u5f00\u53d1\u4e2d\uff0c\u4ee5\u589e\u5f3a OpenStack \u7f51\u7edc\u67b6\u6784\u7684\u5b89\u5168\u6001\u52bf\u3002 \u8bbf\u95ee\u63a7\u5236\u5217\u8868 \u00b6 OpenStack \u8ba1\u7b97\u5728\u4e0e\u65e7\u7248 nova-network \u670d\u52a1\u4e00\u8d77\u90e8\u7f72\u65f6\u76f4\u63a5\u652f\u6301\u79df\u6237\u7f51\u7edc\u6d41\u91cf\u8bbf\u95ee\u63a7\u5236\uff0c\u6216\u8005\u53ef\u4ee5\u5c06\u8bbf\u95ee\u63a7\u5236\u63a8\u8fdf\u5230 OpenStack Networking \u670d\u52a1\u3002 \u8bf7\u6ce8\u610f\uff0c\u65e7\u7248 nova-network \u5b89\u5168\u7ec4\u4f7f\u7528 iptables \u5e94\u7528\u4e8e\u5b9e\u4f8b\u4e0a\u7684\u6240\u6709\u865a\u62df\u63a5\u53e3\u7aef\u53e3\u3002 \u5b89\u5168\u7ec4\u5141\u8bb8\u7ba1\u7406\u5458\u548c\u79df\u6237\u6307\u5b9a\u6d41\u91cf\u7c7b\u578b\u4ee5\u53ca\u5141\u8bb8\u901a\u8fc7\u865a\u62df\u63a5\u53e3\u7aef\u53e3\u7684\u65b9\u5411\uff08\u5165\u53e3/\u51fa\u53e3\uff09\u3002\u5b89\u5168\u7ec4\u89c4\u5219\u662f\u6709\u72b6\u6001\u7684 L2-L4 \u6d41\u91cf\u8fc7\u6ee4\u5668\u3002 \u4f7f\u7528\u7f51\u7edc\u670d\u52a1\u65f6\uff0c\u5efa\u8bae\u5728\u6b64\u670d\u52a1\u4e2d\u542f\u7528\u5b89\u5168\u7ec4\uff0c\u5e76\u5728\u8ba1\u7b97\u670d\u52a1\u4e2d\u7981\u7528\u5b89\u5168\u7ec4\u3002 L3 \u8def\u7531\u548c NAT \u00b6 OpenStack Networking \u8def\u7531\u5668\u53ef\u4ee5\u8fde\u63a5\u591a\u4e2a L2 \u7f51\u7edc\uff0c\u5e76\u4e14\u8fd8\u53ef\u4ee5\u63d0\u4f9b\u8fde\u63a5\u4e00\u4e2a\u6216\u591a\u4e2a\u79c1\u6709 L2 \u7f51\u7edc\u5230\u5171\u4eab\u5916\u90e8\u7f51\u7edc\uff08\u4f8b\u5982\u7528\u4e8e\u8bbf\u95ee\u4e92\u8054\u7f51\u7684\u516c\u5171\u7f51\u7edc\uff09\u7684\u7f51\u5173\u3002 L3 \u8def\u7531\u5668\u5728\u5c06\u8def\u7531\u5668\u4e0a\u884c\u94fe\u8def\u5230\u5916\u90e8\u7f51\u7edc\u7684\u7f51\u5173\u7aef\u53e3\u4e0a\u63d0\u4f9b\u57fa\u672c\u7684\u7f51\u7edc\u5730\u5740\u8f6c\u6362 \uff08NAT\uff09 \u529f\u80fd\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u6b64\u8def\u7531\u5668\u4f1a SNAT\uff08\u9759\u6001 NAT\uff09\u6240\u6709\u6d41\u91cf\uff0c\u5e76\u652f\u6301\u6d6e\u52a8 IP\uff0c\u8fd9\u4f1a\u521b\u5efa\u4ece\u5916\u90e8\u7f51\u7edc\u4e0a\u7684\u516c\u5171 IP \u5230\u8fde\u63a5\u5230\u8def\u7531\u5668\u7684\u5176\u4ed6\u5b50\u7f51\u4e0a\u7684\u4e13\u7528 IP \u7684\u9759\u6001\u4e00\u5bf9\u4e00\u6620\u5c04\u3002 \u6211\u4eec\u5efa\u8bae\u5229\u7528\u6bcf\u4e2a\u79df\u6237\u7684 L3 \u8def\u7531\u548c\u6d6e\u52a8 IP \u6765\u5b9e\u73b0\u79df\u6237 VM \u7684\u66f4\u7cbe\u7ec6\u8fde\u63a5\u3002 \u670d\u52a1\u8d28\u91cf \uff08QoS\uff09 \u00b6 \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u670d\u52a1\u8d28\u91cf \uff08QoS\uff09 \u7b56\u7565\u548c\u89c4\u5219\u7531\u4e91\u7ba1\u7406\u5458\u7ba1\u7406\uff0c\u8fd9\u4f1a\u5bfc\u81f4\u79df\u6237\u65e0\u6cd5\u521b\u5efa\u7279\u5b9a\u7684 QoS \u89c4\u5219\uff0c\u4e5f\u65e0\u6cd5\u5c06\u7279\u5b9a\u7aef\u53e3\u9644\u52a0\u5230\u7b56\u7565\u3002\u5728\u67d0\u4e9b\u7528\u4f8b\u4e2d\uff0c\u4f8b\u5982\u67d0\u4e9b\u7535\u4fe1\u5e94\u7528\u7a0b\u5e8f\uff0c\u7ba1\u7406\u5458\u53ef\u80fd\u4fe1\u4efb\u79df\u6237\uff0c\u56e0\u6b64\u5141\u8bb8\u4ed6\u4eec\u521b\u5efa\u81ea\u5df1\u7684\u7b56\u7565\u5e76\u5c06\u5176\u9644\u52a0\u5230\u7aef\u53e3\u3002\u8fd9\u53ef\u4ee5\u901a\u8fc7\u4fee\u6539 policy.json \u6587\u4ef6\u548c\u7279\u5b9a\u6587\u6863\u6765\u5b9e\u73b0\u3002\u5c06\u4e0e\u6269\u5c55\u4e00\u8d77\u53d1\u5e03\u3002 \u7f51\u7edc\u670d\u52a1 \uff08neutron\uff09 \u652f\u6301 Liberty \u53ca\u66f4\u9ad8\u7248\u672c\u4e2d\u7684\u5e26\u5bbd\u9650\u5236 QoS \u89c4\u5219\u3002\u6b64 QoS \u89c4\u5219\u5df2\u547d\u540d QosBandwidthLimitRule \uff0c\u5b83\u63a5\u53d7\u4e24\u4e2a\u975e\u8d1f\u6574\u6570\uff0c\u4ee5\u5343\u6bd4\u7279/\u79d2\u4e3a\u5355\u4f4d\uff1a max-kbps \uff1a\u5e26\u5bbd max-burst-kbps \uff1a\u7a81\u53d1\u7f13\u51b2\u533a \u5df2 QoSBandwidthLimitRule \u5728 neutron Open vSwitch\u3001Linux \u7f51\u6865\u548c\u5355\u6839\u8f93\u5165/\u8f93\u51fa\u865a\u62df\u5316 \uff08SR-IOV\uff09 \u9a71\u52a8\u7a0b\u5e8f\u4e2d\u5b9e\u73b0\u3002 \u5728 Newton \u4e2d\uff0c\u6dfb\u52a0\u4e86 QoS \u89c4\u5219 QosDscpMarkingRule \u3002\u6b64\u89c4\u5219\u5728 IPv4 \uff08RFC 2474\uff09 \u4e0a\u7684\u670d\u52a1\u6807\u5934\u7c7b\u578b\u548c IPv6 \u4e0a\u7684\u6d41\u91cf\u7c7b\u6807\u5934\u4e2d\u6807\u8bb0\u5dee\u5206\u670d\u52a1\u4ee3\u7801\u70b9 \uff08DSCP\uff09 \u503c\uff0c\u8fd9\u4e9b\u503c\u9002\u7528\u4e8e\u5e94\u7528\u89c4\u5219\u7684\u865a\u62df\u673a\u7684\u6240\u6709\u6d41\u91cf\u3002\u8fd9\u662f\u4e00\u4e2a 6 \u4f4d\u6807\u5934\uff0c\u5177\u6709 21 \u4e2a\u6709\u6548\u503c\uff0c\u8868\u793a\u6570\u636e\u5305\u5728\u9047\u5230\u62e5\u585e\u65f6\u7a7f\u8fc7\u7f51\u7edc\u65f6\u7684\u4e22\u5f03\u4f18\u5148\u7ea7\u3002\u9632\u706b\u5899\u8fd8\u53ef\u4ee5\u4f7f\u7528\u5b83\u6765\u5c06\u6709\u6548\u6216\u65e0\u6548\u6d41\u91cf\u4e0e\u5176\u8bbf\u95ee\u63a7\u5236\u5217\u8868\u8fdb\u884c\u5339\u914d\u3002 \u7aef\u53e3\u955c\u50cf\u670d\u52a1\u6d89\u53ca\u5c06\u8fdb\u5165\u6216\u79bb\u5f00\u4e00\u4e2a\u7aef\u53e3\u7684\u6570\u636e\u5305\u526f\u672c\u53d1\u9001\u5230\u53e6\u4e00\u4e2a\u7aef\u53e3\uff0c\u8be5\u7aef\u53e3\u901a\u5e38\u4e0e\u88ab\u955c\u50cf\u6570\u636e\u5305\u7684\u539f\u59cb\u76ee\u7684\u5730\u4e0d\u540c\u3002Tap-as-a-Service \uff08TaaS\uff09 \u662f OpenStack \u7f51\u7edc\u670d\u52a1 \uff08neutron\uff09 \u7684\u6269\u5c55\u3002\u5b83\u4e3a\u79df\u6237\u865a\u62df\u7f51\u7edc\u63d0\u4f9b\u8fdc\u7a0b\u7aef\u53e3\u955c\u50cf\u529f\u80fd\u3002\u6b64\u670d\u52a1\u4e3b\u8981\u65e8\u5728\u5e2e\u52a9\u79df\u6237\uff08\u6216\u4e91\u7ba1\u7406\u5458\uff09\u8c03\u8bd5\u590d\u6742\u7684\u865a\u62df\u7f51\u7edc\uff0c\u5e76\u901a\u8fc7\u76d1\u89c6\u4e0e\u5176\u5173\u8054\u7684\u7f51\u7edc\u6d41\u91cf\u6765\u4e86\u89e3\u5176 VM\u3002TaaS \u9075\u5faa\u79df\u6237\u8fb9\u754c\uff0c\u5176\u955c\u50cf\u4f1a\u8bdd\u80fd\u591f\u8de8\u8d8a\u591a\u4e2a\u8ba1\u7b97\u548c\u7f51\u7edc\u8282\u70b9\u3002\u5b83\u662f\u4e00\u4e2a\u5fc5\u4e0d\u53ef\u5c11\u7684\u57fa\u7840\u8bbe\u65bd\u7ec4\u4ef6\uff0c\u53ef\u7528\u4e8e\u5411\u5404\u79cd\u7f51\u7edc\u5206\u6790\u548c\u5b89\u5168\u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u6570\u636e\u3002 \u8d1f\u8f7d\u5747\u8861 \u00b6 OpenStack Networking \u7684\u53e6\u4e00\u4e2a\u7279\u6027\u662f\u8d1f\u8f7d\u5747\u8861\u5668\u5373\u670d\u52a1 \uff08LBaaS\uff09\u3002LBaaS \u53c2\u8003\u5b9e\u73b0\u57fa\u4e8e HA-Proxy\u3002OpenStack Networking \u4e2d\u7684\u6269\u5c55\u6b63\u5728\u5f00\u53d1\u7b2c\u4e09\u65b9\u63d2\u4ef6\uff0c\u4ee5\u4fbf\u4e3a\u865a\u62df\u63a5\u53e3\u7aef\u53e3\u63d0\u4f9b\u5e7f\u6cdb\u7684 L4-L7 \u529f\u80fd\u3002 \u9632\u706b\u5899 \u00b6 FW-as-a-Service\uff08FWaaS\uff09\u88ab\u8ba4\u4e3a\u662fOpenStack Networking\u7684Kilo\u7248\u672c\u7684\u5b9e\u9a8c\u6027\u529f\u80fd\u3002FWaaS \u6ee1\u8db3\u4e86\u7ba1\u7406\u548c\u5229\u7528\u5178\u578b\u9632\u706b\u5899\u4ea7\u54c1\u63d0\u4f9b\u7684\u4e30\u5bcc\u5b89\u5168\u529f\u80fd\u7684\u9700\u6c42\uff0c\u8fd9\u4e9b\u4ea7\u54c1\u901a\u5e38\u6bd4\u5f53\u524d\u5b89\u5168\u7ec4\u63d0\u4f9b\u7684\u8981\u5168\u9762\u5f97\u591a\u3002\u98de\u601d\u5361\u5c14\u548c\u82f1\u7279\u5c14\u90fd\u5f00\u53d1\u4e86\u7b2c\u4e09\u65b9\u63d2\u4ef6\u4f5c\u4e3aOpenStack Networking\u7684\u6269\u5c55\uff0c\u4ee5\u5728Kilo\u7248\u672c\u4e2d\u652f\u6301\u6b64\u7ec4\u4ef6\u3002\u6709\u5173 FWaaS \u7ba1\u7406\u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u300aOpenStack \u7ba1\u7406\u5458\u6307\u5357\u300b\u4e2d\u7684\u9632\u706b\u5899\u5373\u670d\u52a1 \uff08FWaaS\uff09 \u6982\u8ff0\u3002 \u5728\u8bbe\u8ba1 OpenStack Networking \u57fa\u7840\u67b6\u6784\u65f6\uff0c\u4e86\u89e3\u53ef\u7528\u7f51\u7edc\u670d\u52a1\u7684\u5f53\u524d\u7279\u6027\u548c\u5c40\u9650\u6027\u975e\u5e38\u91cd\u8981\u3002\u4e86\u89e3\u865a\u62df\u7f51\u7edc\u548c\u7269\u7406\u7f51\u7edc\u7684\u8fb9\u754c\u5c06\u6709\u52a9\u4e8e\u5728\u60a8\u7684\u73af\u5883\u4e2d\u6dfb\u52a0\u6240\u9700\u7684\u5b89\u5168\u63a7\u4ef6\u3002 \u7f51\u7edc\u670d\u52a1\u6269\u5c55 \u00b6 \u5f00\u6e90\u793e\u533a\u6216\u4f7f\u7528 OpenStack Networking \u7684 SDN \u516c\u53f8\u63d0\u4f9b\u7684\u5df2\u77e5\u63d2\u4ef6\u5217\u8868\u53ef\u5728 OpenStack neutron \u63d2\u4ef6\u548c\u9a71\u52a8\u7a0b\u5e8f wiki \u9875\u9762\u4e0a\u627e\u5230\u3002 \u7f51\u7edc\u670d\u52a1\u9650\u5236 \u00b6 OpenStack Networking \u5177\u6709\u4ee5\u4e0b\u5df2\u77e5\u9650\u5236\uff1a \u91cd\u53e0\u7684 IP \u5730\u5740 \u5982\u679c\u8fd0\u884c neutron-l3-agent \u6216 neutron-dhcp-agent \u7684\u8282\u70b9\u4f7f\u7528\u91cd\u53e0\u7684 IP \u5730\u5740\uff0c\u5219\u8fd9\u4e9b\u8282\u70b9\u5fc5\u987b\u4f7f\u7528 Linux \u7f51\u7edc\u547d\u540d\u7a7a\u95f4\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0cDHCP \u548c L3 \u4ee3\u7406\u4f7f\u7528 Linux \u7f51\u7edc\u547d\u540d\u7a7a\u95f4\uff0c\u5e76\u5728\u5404\u81ea\u7684\u547d\u540d\u7a7a\u95f4\u4e2d\u8fd0\u884c\u3002\u4f46\u662f\uff0c\u5982\u679c\u4e3b\u673a\u4e0d\u652f\u6301\u591a\u4e2a\u547d\u540d\u7a7a\u95f4\uff0c\u5219 DHCP \u548c L3 \u4ee3\u7406\u5e94\u5728\u4e0d\u540c\u7684\u4e3b\u673a\u4e0a\u8fd0\u884c\u3002\u8fd9\u662f\u56e0\u4e3a L3 \u4ee3\u7406\u548c DHCP \u4ee3\u7406\u521b\u5efa\u7684 IP \u5730\u5740\u4e4b\u95f4\u6ca1\u6709\u9694\u79bb\u3002 \u5982\u679c\u4e0d\u5b58\u5728\u7f51\u7edc\u547d\u540d\u7a7a\u95f4\u652f\u6301\uff0c\u5219 L3 \u4ee3\u7406\u7684\u53e6\u4e00\u4e2a\u9650\u5236\u662f\u4ec5\u652f\u6301\u5355\u4e2a\u903b\u8f91\u8def\u7531\u5668\u3002 \u591a\u4e3b\u673a DHCP \u4ee3\u7406 OpenStack Networking \u652f\u6301\u591a\u4e2a\u5177\u6709\u8d1f\u8f7d\u5747\u8861\u529f\u80fd\u7684 L3 \u548c DHCP \u4ee3\u7406\u3002\u4f46\u662f\uff0c\u4e0d\u652f\u6301\u865a\u62df\u673a\u4f4d\u7f6e\u7684\u7d27\u5bc6\u8026\u5408\u3002\u6362\u8a00\u4e4b\uff0c\u5728\u521b\u5efa\u865a\u62df\u673a\u65f6\uff0c\u9ed8\u8ba4\u865a\u62df\u673a\u8c03\u5ea6\u7a0b\u5e8f\u4e0d\u4f1a\u8003\u8651\u4ee3\u7406\u7684\u4f4d\u7f6e\u3002 L3 \u4ee3\u7406\u4e0d\u652f\u6301 IPv6 neutron-l3-agent \u88ab\u8bb8\u591a\u63d2\u4ef6\u7528\u4e8e\u5b9e\u73b0 L3 \u8f6c\u53d1\uff0c\u4ec5\u652f\u6301 IPv4 \u8f6c\u53d1\u3002 \u7f51\u7edc\u670d\u52a1\u5b89\u5168\u6700\u4f73\u505a\u6cd5 \u00b6 \u8981\u4fdd\u62a4 OpenStack Networking\uff0c\u60a8\u5fc5\u987b\u4e86\u89e3\u5982\u4f55\u5c06\u79df\u6237\u5b9e\u4f8b\u521b\u5efa\u7684\u5de5\u4f5c\u6d41\u8fc7\u7a0b\u6620\u5c04\u5230\u5b89\u5168\u57df\u3002 \u6709\u56db\u4e2a\u4e3b\u8981\u670d\u52a1\u4e0e OpenStack Networking \u4ea4\u4e92\u3002\u5728\u5178\u578b\u7684 OpenStack \u90e8\u7f72\u4e2d\uff0c\u8fd9\u4e9b\u670d\u52a1\u6620\u5c04\u5230\u4ee5\u4e0b\u5b89\u5168\u57df\uff1a OpenStack \u4eea\u8868\u677f\uff1a\u516c\u5171\u548c\u7ba1\u7406 OpenStack Identity\uff1a\u7ba1\u7406 OpenStack \u8ba1\u7b97\u8282\u70b9\uff1a\u7ba1\u7406\u548c\u5ba2\u6237\u7aef OpenStack \u7f51\u7edc\u8282\u70b9\uff1a\u7ba1\u7406\u3001\u5ba2\u6237\u7aef\uff0c\u4ee5\u53ca\u53ef\u80fd\u7684\u516c\u5171\u8282\u70b9\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u6b63\u5728\u4f7f\u7528\u7684 neutron-plugin\u3002 SDN \u670d\u52a1\u8282\u70b9\uff1a\u7ba1\u7406\u3001\u8bbf\u5ba2\u548c\u53ef\u80fd\u7684\u516c\u5171\u670d\u52a1\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u4f7f\u7528\u7684\u4ea7\u54c1\u3002 \u8981\u9694\u79bb OpenStack Networking \u670d\u52a1\u4e0e\u5176\u4ed6 OpenStack \u6838\u5fc3\u670d\u52a1\u4e4b\u95f4\u7684\u654f\u611f\u6570\u636e\u901a\u4fe1\uff0c\u8bf7\u5c06\u8fd9\u4e9b\u901a\u4fe1\u901a\u9053\u914d\u7f6e\u4e3a\u4ec5\u5141\u8bb8\u901a\u8fc7\u9694\u79bb\u7684\u7ba1\u7406\u7f51\u7edc\u8fdb\u884c\u901a\u4fe1\u3002 OpenStack Networking \u670d\u52a1\u914d\u7f6e \u00b6 \u9650\u5236 API \u670d\u52a1\u5668\u7684\u7ed1\u5b9a\u5730\u5740\uff1aneutron-server \u00b6 \u8981\u9650\u5236 OpenStack Networking API \u670d\u52a1\u4e3a\u4f20\u5165\u5ba2\u6237\u7aef\u8fde\u63a5\u7ed1\u5b9a\u7f51\u7edc\u5957\u63a5\u5b57\u7684\u63a5\u53e3\u6216 IP \u5730\u5740\uff0c\u8bf7\u5728 neutron.conf \u6587\u4ef6\u4e2d\u6307\u5b9a bind_host \u548c bind_port\uff0c\u5982\u4e0b\u6240\u793a\uff1a # Address to bind the API server bind_host = IP ADDRESS OF SERVER # Port the bind the API server to bind_port = 9696 \u9650\u5236 OpenStack Networking \u670d\u52a1\u7684 DB \u548c RPC \u901a\u4fe1 \u00b6 OpenStack Networking \u670d\u52a1\u7684\u5404\u79cd\u7ec4\u4ef6\u4f7f\u7528\u6d88\u606f\u961f\u5217\u6216\u6570\u636e\u5e93\u8fde\u63a5\u4e0e OpenStack Networking \u4e2d\u7684\u5176\u4ed6\u7ec4\u4ef6\u8fdb\u884c\u901a\u4fe1\u3002 \u5bf9\u4e8e\u9700\u8981\u76f4\u63a5\u6570\u636e\u5e93\u8fde\u63a5\u7684\u6240\u6709\u7ec4\u4ef6\uff0c\u5efa\u8bae\u60a8\u9075\u5faa\u6570\u636e\u5e93\u8eab\u4efd\u9a8c\u8bc1\u548c\u8bbf\u95ee\u63a7\u5236\u4e2d\u63d0\u4f9b\u7684\u51c6\u5219\u3002 \u5efa\u8bae\u60a8\u9075\u5faa\u961f\u5217\u8eab\u4efd\u9a8c\u8bc1\u548c\u8bbf\u95ee\u63a7\u5236\u4e2d\u63d0\u4f9b\u7684\u51c6\u5219\uff0c\u9002\u7528\u4e8e\u9700\u8981 RPC \u901a\u4fe1\u7684\u6240\u6709\u7ec4\u4ef6\u3002 \u4fdd\u62a4 OpenStack \u7f51\u7edc\u670d\u52a1 \u00b6 \u672c\u8282\u8ba8\u8bba OpenStack Networking \u914d\u7f6e\u6700\u4f73\u5b9e\u8df5\uff0c\u56e0\u4e3a\u5b83\u4eec\u9002\u7528\u4e8e OpenStack \u90e8\u7f72\u4e2d\u7684\u9879\u76ee\u7f51\u7edc\u5b89\u5168\u3002 \u9879\u76ee\u7f51\u7edc\u670d\u52a1\u5de5\u4f5c\u6d41 \u00b6 OpenStack Networking \u4e3a\u7528\u6237\u63d0\u4f9b\u7f51\u7edc\u8d44\u6e90\u548c\u914d\u7f6e\u7684\u81ea\u52a9\u670d\u52a1\u3002\u4e91\u67b6\u6784\u5e08\u548c\u8fd0\u7ef4\u4eba\u5458\u5fc5\u987b\u8bc4\u4f30\u5176\u8bbe\u8ba1\u7528\u4f8b\uff0c\u4ee5\u4fbf\u4e3a\u7528\u6237\u63d0\u4f9b\u521b\u5efa\u3001\u66f4\u65b0\u548c\u9500\u6bc1\u53ef\u7528\u7f51\u7edc\u8d44\u6e90\u7684\u80fd\u529b\u3002 \u7f51\u7edc\u8d44\u6e90\u7b56\u7565\u5f15\u64ce \u00b6 OpenStack Networking \u4e2d\u7684\u7b56\u7565\u5f15\u64ce\u53ca\u5176\u914d\u7f6e\u6587\u4ef6 policy.json \u63d0\u4f9b\u4e86\u4e00\u79cd\u65b9\u6cd5\uff0c\u53ef\u4ee5\u5bf9\u7528\u6237\u5728\u9879\u76ee\u7f51\u7edc\u65b9\u6cd5\u548c\u5bf9\u8c61\u4e0a\u63d0\u4f9b\u66f4\u7ec6\u7c92\u5ea6\u7684\u6388\u6743\u3002OpenStack Networking \u7b56\u7565\u5b9a\u4e49\u4f1a\u5f71\u54cd\u7f51\u7edc\u53ef\u7528\u6027\u3001\u7f51\u7edc\u5b89\u5168\u548c\u6574\u4f53 OpenStack \u5b89\u5168\u6027\u3002\u4e91\u67b6\u6784\u5e08\u548c\u8fd0\u7ef4\u4eba\u5458\u5e94\u4ed4\u7ec6\u8bc4\u4f30\u5176\u5bf9\u7528\u6237\u548c\u9879\u76ee\u8bbf\u95ee\u7f51\u7edc\u8d44\u6e90\u7ba1\u7406\u7684\u7b56\u7565\u3002\u6709\u5173 OpenStack Networking \u7b56\u7565\u5b9a\u4e49\u7684\u66f4\u8be6\u7ec6\u8bf4\u660e\uff0c\u8bf7\u53c2\u9605\u300aOpenStack \u7ba1\u7406\u5458\u6307\u5357\u300b\u4e2d\u7684\u201c\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743\u201d\u90e8\u5206\u3002 \u6ce8\u610f \u8bf7\u52a1\u5fc5\u67e5\u770b\u9ed8\u8ba4\u7f51\u7edc\u8d44\u6e90\u7b56\u7565\uff0c\u56e0\u4e3a\u53ef\u4ee5\u4fee\u6539\u6b64\u7b56\u7565\u4ee5\u9002\u5408\u60a8\u7684\u5b89\u5168\u72b6\u51b5\u3002 \u5982\u679c\u60a8\u7684 OpenStack \u90e8\u7f72\u4e3a\u4e0d\u540c\u7684\u5b89\u5168\u57df\u63d0\u4f9b\u4e86\u591a\u4e2a\u5916\u90e8\u8bbf\u95ee\u70b9\uff0c\u90a3\u4e48\u9650\u5236\u9879\u76ee\u5c06\u591a\u4e2a vNIC \u8fde\u63a5\u5230\u591a\u4e2a\u5916\u90e8\u8bbf\u95ee\u70b9\u7684\u80fd\u529b\u975e\u5e38\u91cd\u8981\uff0c\u8fd9\u5c06\u6865\u63a5\u8fd9\u4e9b\u5b89\u5168\u57df\uff0c\u5e76\u53ef\u80fd\u5bfc\u81f4\u4e0d\u53ef\u9884\u89c1\u7684\u5b89\u5168\u5371\u5bb3\u3002\u901a\u8fc7\u5229\u7528 OpenStack Compute \u63d0\u4f9b\u7684\u4e3b\u673a\u805a\u5408\u529f\u80fd\uff0c\u6216\u8005\u5c06\u9879\u76ee\u865a\u62df\u673a\u62c6\u5206\u4e3a\u5177\u6709\u4e0d\u540c\u865a\u62df\u7f51\u7edc\u914d\u7f6e\u7684\u591a\u4e2a\u9879\u76ee\u9879\u76ee\uff0c\u53ef\u4ee5\u964d\u4f4e\u8fd9\u79cd\u98ce\u9669\u3002 \u5b89\u5168\u7ec4 \u00b6 OpenStack Networking \u670d\u52a1\u4f7f\u7528\u6bd4 OpenStack Compute \u4e2d\u5185\u7f6e\u7684\u5b89\u5168\u7ec4\u529f\u80fd\u66f4\u7075\u6d3b\u3001\u66f4\u5f3a\u5927\u7684\u673a\u5236\u63d0\u4f9b\u5b89\u5168\u7ec4\u529f\u80fd\u3002\u56e0\u6b64\uff0c\u5728\u4f7f\u7528 OpenStack Network \u65f6\uff0c\u5e94\u59cb\u7ec8\u7981\u7528\u5185\u7f6e\u5b89\u5168\u7ec4\uff0c nova.conf \u5e76\u5c06\u6240\u6709\u5b89\u5168\u7ec4\u8c03\u7528\u4ee3\u7406\u5230 OpenStack Networking API\u3002\u5982\u679c\u4e0d\u8fd9\u6837\u505a\uff0c\u5c06\u5bfc\u81f4\u4e24\u4e2a\u670d\u52a1\u540c\u65f6\u5e94\u7528\u51b2\u7a81\u7684\u5b89\u5168\u7b56\u7565\u3002\u8981\u5c06\u5b89\u5168\u7ec4\u4ee3\u7406\u5230 OpenStack Networking\uff0c\u8bf7\u4f7f\u7528\u4ee5\u4e0b\u914d\u7f6e\u503c\uff1a firewall_driver \u5fc5\u987b\u8bbe\u7f6e\u4e3a nova.virt.firewall.NoopFirewallDriver \uff0c\u4ee5\u4fbf nova-compute \u672c\u8eab\u4e0d\u6267\u884c\u57fa\u4e8e iptables \u7684\u8fc7\u6ee4\u3002 security_group_api \u5fc5\u987b\u8bbe\u7f6e\u4e3a neutron \u4ee5\u4fbf\u5c06\u6240\u6709\u5b89\u5168\u7ec4\u8bf7\u6c42\u4ee3\u7406\u5230 OpenStack Networking \u670d\u52a1\u3002 \u5b89\u5168\u7ec4\u662f\u5b89\u5168\u7ec4\u89c4\u5219\u7684\u5bb9\u5668\u3002\u5b89\u5168\u7ec4\u53ca\u5176\u89c4\u5219\u5141\u8bb8\u7ba1\u7406\u5458\u548c\u9879\u76ee\u6307\u5b9a\u5141\u8bb8\u901a\u8fc7\u865a\u62df\u63a5\u53e3\u7aef\u53e3\u7684\u6d41\u91cf\u7c7b\u578b\u548c\u65b9\u5411\uff08\u5165\u53e3/\u51fa\u53e3\uff09\u3002\u5728 OpenStack Networking \u4e2d\u521b\u5efa\u865a\u62df\u63a5\u53e3\u7aef\u53e3\u65f6\uff0c\u8be5\u7aef\u53e3\u4e0e\u5b89\u5168\u7ec4\u76f8\u5173\u8054\u3002\u6709\u5173\u7aef\u53e3\u5b89\u5168\u7ec4\u9ed8\u8ba4\u884c\u4e3a\u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u7f51\u7edc\u5b89\u5168\u7ec4\u884c\u4e3a\u6587\u6863\u3002\u53ef\u4ee5\u5c06\u89c4\u5219\u6dfb\u52a0\u5230\u9ed8\u8ba4\u5b89\u5168\u7ec4\uff0c\u4ee5\u4fbf\u6839\u636e\u6bcf\u4e2a\u90e8\u7f72\u66f4\u6539\u884c\u4e3a\u3002 \u4f7f\u7528 OpenStack Compute API \u4fee\u6539\u5b89\u5168\u7ec4\u65f6\uff0c\u66f4\u65b0\u540e\u7684\u5b89\u5168\u7ec4\u5c06\u5e94\u7528\u4e8e\u5b9e\u4f8b\u4e0a\u7684\u6240\u6709\u865a\u62df\u63a5\u53e3\u7aef\u53e3\u3002\u8fd9\u662f\u56e0\u4e3a OpenStack Compute \u5b89\u5168\u7ec4 API \u662f\u57fa\u4e8e\u5b9e\u4f8b\u7684\uff0c\u800c\u4e0d\u662f\u57fa\u4e8e\u7aef\u53e3\u7684\uff0c\u5982 OpenStack Networking \u4e2d\u6240\u793a\u3002 \u914d\u989d \u00b6 \u914d\u989d\u63d0\u4f9b\u4e86\u9650\u5236\u9879\u76ee\u53ef\u7528\u7684\u7f51\u7edc\u8d44\u6e90\u6570\u91cf\u7684\u529f\u80fd\u3002\u60a8\u53ef\u4ee5\u5bf9\u6240\u6709\u9879\u76ee\u5f3a\u5236\u5b9e\u65bd\u9ed8\u8ba4\u914d\u989d\u3002\u5305\u62ec /etc/neutron/neutron.conf \u4ee5\u4e0b\u914d\u989d\u9009\u9879\uff1a [QUOTAS] # resource name(s) that are supported in quota features quota_items = network,subnet,port # default number of resource allowed per tenant, minus for unlimited #default_quota = -1 # number of networks allowed per tenant, and minus means unlimited quota_network = 10 # number of subnets allowed per tenant, and minus means unlimited quota_subnet = 10 # number of ports allowed per tenant, and minus means unlimited quota_port = 50 # number of security groups allowed per tenant, and minus means unlimited quota_security_group = 10 # number of security group rules allowed per tenant, and minus means unlimited quota_security_group_rule = 100 # default driver to use for quota checks quota_driver = neutron.quota.ConfDriver OpenStack Networking \u8fd8\u901a\u8fc7\u914d\u989d\u6269\u5c55 API \u652f\u6301\u6bcf\u4e2a\u9879\u76ee\u7684\u914d\u989d\u9650\u5236\u3002\u8981\u542f\u7528\u6bcf\u4e2a\u9879\u76ee\u7684\u914d\u989d\uff0c\u5fc5\u987b\u5728 \u4e2d\u8bbe\u7f6e\u9009\u9879 quota_driver neutron.conf \u3002 quota_driver = neutron.db.quota.driver.DbQuotaDriver \u7f13\u89e3 ARP \u6b3a\u9a97 \u00b6 \u4f7f\u7528\u6241\u5e73\u7f51\u7edc\u65f6\uff0c\u4e0d\u80fd\u5047\u5b9a\u5171\u4eab\u540c\u4e00\u7b2c 2 \u5c42\u7f51\u7edc\uff08\u6216\u5e7f\u64ad\u57df\uff09\u7684\u9879\u76ee\u5f7c\u6b64\u5b8c\u5168\u9694\u79bb\u3002\u8fd9\u4e9b\u9879\u76ee\u53ef\u80fd\u5bb9\u6613\u53d7\u5230 ARP \u6b3a\u9a97\u7684\u653b\u51fb\uff0c\u4ece\u800c\u6709\u53ef\u80fd\u906d\u53d7\u4e2d\u95f4\u4eba\u653b\u51fb\u3002 \u5982\u679c\u4f7f\u7528\u652f\u6301 ARP \u5b57\u6bb5\u5339\u914d\u7684 Open vSwitch \u7248\u672c\uff0c\u5219\u53ef\u4ee5\u901a\u8fc7\u542f\u7528 Open vSwitch \u4ee3\u7406 prevent_arp_spoofing \u9009\u9879\u6765\u5e2e\u52a9\u964d\u4f4e\u6b64\u98ce\u9669\u3002\u6b64\u9009\u9879\u53ef\u9632\u6b62\u5b9e\u4f8b\u6267\u884c\u6b3a\u9a97\u653b\u51fb;\u5b83\u4e0d\u80fd\u4fdd\u62a4\u4ed6\u4eec\u514d\u53d7\u6b3a\u9a97\u653b\u51fb\u3002\u8bf7\u6ce8\u610f\uff0c\u6b64\u8bbe\u7f6e\u9884\u8ba1\u5c06\u5728 Ocata \u4e2d\u5220\u9664\uff0c\u8be5\u884c\u4e3a\u5c06\u6c38\u4e45\u5904\u4e8e\u6d3b\u52a8\u72b6\u6001\u3002 \u4f8b\u5982\uff0c\u5728 /etc/neutron/plugins/ml2/openvswitch_agent.ini \uff1a prevent_arp_spoofing = True \u9664 Open vSwitch \u5916\uff0c\u5176\u4ed6\u63d2\u4ef6\u4e5f\u53ef\u80fd\u5305\u542b\u7c7b\u4f3c\u7684\u7f13\u89e3\u63aa\u65bd;\u5efa\u8bae\u60a8\u5728\u9002\u5f53\u7684\u60c5\u51b5\u4e0b\u542f\u7528\u6b64\u529f\u80fd\u3002 \u6ce8\u610f \u5373\u4f7f\u542f\u7528 `prevent_arp_spoofing` \u4e86\u6241\u5e73\u7f51\u7edc\uff0c\u4e5f\u65e0\u6cd5\u63d0\u4f9b\u5b8c\u6574\u7684\u9879\u76ee\u9694\u79bb\u7ea7\u522b\uff0c\u56e0\u4e3a\u6240\u6709\u9879\u76ee\u6d41\u91cf\u4ecd\u4f1a\u53d1\u9001\u5230\u540c\u4e00 VLAN\u3002 \u68c0\u67e5\u8868 \u00b6 Check-Neutron-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/neutron\uff1f \u00b6 \u914d\u7f6e\u6587\u4ef6\u5305\u542b\u7ec4\u4ef6\u5e73\u7a33\u8fd0\u884c\u6240\u9700\u7684\u5173\u952e\u53c2\u6570\u548c\u4fe1\u606f\u3002\u5982\u679c\u975e\u7279\u6743\u7528\u6237\u6709\u610f\u6216\u65e0\u610f\u5730\u4fee\u6539\u6216\u5220\u9664\u4efb\u4f55\u53c2\u6570\u6216\u6587\u4ef6\u672c\u8eab\uff0c\u5219\u4f1a\u5bfc\u81f4\u4e25\u91cd\u7684\u53ef\u7528\u6027\u95ee\u9898\uff0c\u4ece\u800c\u5bfc\u81f4\u5bf9\u5176\u4ed6\u6700\u7ec8\u7528\u6237\u7684\u62d2\u7edd\u670d\u52a1\u3002\u56e0\u6b64\uff0c\u6b64\u7c7b\u5173\u952e\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a root\uff0c\u7ec4\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a neutron\u3002\u6b64\u5916\uff0c\u5305\u542b\u76ee\u5f55\u5e94\u5177\u6709\u76f8\u540c\u7684\u6240\u6709\u6743\uff0c\u4ee5\u786e\u4fdd\u6b63\u786e\u62e5\u6709\u65b0\u6587\u4ef6\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%U %G\" /etc/neutron/neutron.conf | egrep \"root neutron\" $ stat -L -c \"%U %G\" /etc/neutron/api-paste.ini | egrep \"root neutron\" $ stat -L -c \"%U %G\" /etc/neutron/policy.json | egrep \"root neutron\" $ stat -L -c \"%U %G\" /etc/neutron/rootwrap.conf | egrep \"root neutron\" $ stat -L -c \"%U %G\" /etc/neutron | egrep \"root neutron\" \u901a\u8fc7\uff1a\u5982\u679c\u6240\u6709\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u5206\u522b\u8bbe\u7f6e\u4e3a root \u548c neutron\u3002\u4e0a\u9762\u7684\u547d\u4ee4\u663e\u793a\u4e86\u6839\u4e2d\u5b50\u7684\u8f93\u51fa\u3002 \u5931\u8d25\uff1a\u5982\u679c\u4e0a\u8ff0\u547d\u4ee4\u672a\u8fd4\u56de\u4efb\u4f55\u8f93\u51fa\uff0c\u56e0\u4e3a\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u53ef\u80fd\u5df2\u8bbe\u7f6e\u4e3a\u9664 root \u4ee5\u5916\u7684\u4efb\u4f55\u7528\u6237\u6216\u9664 neutron \u4ee5\u5916\u7684\u4efb\u4f55\u7ec4\u3002 Check-Neutron-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f \u00b6 \u4e0e\u524d\u9762\u7684\u68c0\u67e5\u7c7b\u4f3c\uff0c\u5efa\u8bae\u5bf9\u6b64\u7c7b\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e25\u683c\u7684\u8bbf\u95ee\u6743\u9650\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%a\" /etc/neutron/neutron.conf $ stat -L -c \"%a\" /etc/neutron/api-paste.ini $ stat -L -c \"%a\" /etc/neutron/policy.json $ stat -L -c \"%a\" /etc/neutron/rootwrap.conf $ stat -L -c \"%a\" /etc/neutron \u8fd8\u53ef\u4ee5\u8fdb\u884c\u66f4\u5e7f\u6cdb\u7684\u9650\u5236\uff1a\u5982\u679c\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\uff0c\u5219\u4fdd\u8bc1\u6b64\u76ee\u5f55\u4e2d\u65b0\u521b\u5efa\u7684\u6587\u4ef6\u5177\u6709\u6240\u9700\u7684\u6743\u9650\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u6743\u9650\u8bbe\u7f6e\u4e3a 640 \u6216\u66f4\u4e25\u683c\uff0c\u6216\u8005\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\u3002640 \u7684\u6743\u9650\u8f6c\u6362\u4e3a\u6240\u6709\u8005 r/w\u3001\u7ec4 r\uff0c\u800c\u5bf9\u5176\u4ed6\u4eba\u6ca1\u6709\u6743\u9650\uff0c\u5373\u201cu=rw\uff0cg=r\uff0co=\u201d\u3002 \u8bf7\u6ce8\u610f\uff0c\u4f7f\u7528 Check-Neutron-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/neutron\uff1f\u6743\u9650\u8bbe\u7f6e\u4e3a 640\uff0croot \u5177\u6709\u8bfb/\u5199\u8bbf\u95ee\u6743\u9650\uff0cneutron \u5177\u6709\u5bf9\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u8bfb\u53d6\u8bbf\u95ee\u6743\u9650\u3002\u4e5f\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u9a8c\u8bc1\u8bbf\u95ee\u6743\u9650\u3002\u4ec5\u5f53\u6b64\u547d\u4ee4\u652f\u6301 ACL \u65f6\uff0c\u5b83\u624d\u5728\u60a8\u7684\u7cfb\u7edf\u4e0a\u53ef\u7528\u3002 $ getfacl --tabular -a /etc/neutron/neutron.conf getfacl: Removing leading '/' from absolute path names # file: etc/neutron/neutron.conf USER root rw- GROUP neutron r-- mask r-- other --- \u5931\u8d25\uff1a\u5982\u679c\u6743\u9650\u6ca1\u6709\u8bbe\u7f6e\u81f3\u5c11\u4e3a640\u3002 Check-Neutron-03\uff1aKeystone\u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f \u00b6 \u6ce8\u610f \u6b64\u9879\u4ec5\u9002\u7528\u4e8e OpenStack \u7248\u672c Rocky \u53ca\u4e4b\u524d\u7248\u672c\uff0c\u56e0\u4e3a `auth_strategy` Stein \u4e2d\u5df2\u5f03\u7528\u3002 OpenStack \u652f\u6301\u5404\u79cd\u8eab\u4efd\u9a8c\u8bc1\u7b56\u7565\uff0c\u5982 noauth\u3001keystone \u7b49\u3002\u5982\u679c\u4f7f\u7528\u201cnoauth\u201d\u7b56\u7565\uff0c\u90a3\u4e48\u7528\u6237\u65e0\u9700\u4efb\u4f55\u8eab\u4efd\u9a8c\u8bc1\u5373\u53ef\u4e0eOpenStack\u670d\u52a1\u8fdb\u884c\u4ea4\u4e92\u3002\u8fd9\u53ef\u80fd\u662f\u4e00\u4e2a\u6f5c\u5728\u7684\u98ce\u9669\uff0c\u56e0\u4e3a\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u83b7\u5f97\u5bf9 OpenStack \u7ec4\u4ef6\u7684\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002\u56e0\u6b64\uff0c\u5f3a\u70c8\u5efa\u8bae\u6240\u6709\u670d\u52a1\u90fd\u5fc5\u987b\u4f7f\u7528\u5176\u670d\u52a1\u5e10\u6237\u901a\u8fc7 keystone \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 auth_strategy \u8bbe\u7f6e\u4e3a keystone \u3002 [DEFAULT] /etc/neutron/neutron.conf \u5931\u8d25\uff1a\u5982\u679c section \u4e0b\u7684 [DEFAULT] \u53c2\u6570 auth_strategy \u503c\u8bbe\u7f6e\u4e3a noauth \u6216 noauth2 \u3002 Check-Neutron-04\uff1a\u662f\u5426\u4f7f\u7528\u5b89\u5168\u534f\u8bae\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f \u00b6 OpenStack \u7ec4\u4ef6\u4f7f\u7528\u5404\u79cd\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\uff0c\u901a\u4fe1\u53ef\u80fd\u6d89\u53ca\u654f\u611f/\u673a\u5bc6\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5c1d\u8bd5\u7a83\u542c\u9891\u9053\u4ee5\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u56e0\u6b64\uff0c\u6240\u6709\u7ec4\u4ef6\u90fd\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u7684\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in /etc/neutron/neutron.conf \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a Identity API \u7aef\u70b9\u5f00\u5934\uff0c https:// \u5e76\u4e14 same /etc/neutron/neutron.conf \u4e2d\u540c\u4e00 [keystone_authtoken] \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri insecure \u503c\u8bbe\u7f6e\u4e3a False \u3002 \u5931\u8d25\uff1a\u5982\u679c in /etc/neutron/neutron.conf \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri \u503c\u672a\u8bbe\u7f6e\u4e3a\u4ee5 \u5f00\u5934\u7684\u8eab\u4efd API \u7aef\u70b9\uff0c https:// \u6216\u8005\u540c\u4e00 /etc/neutron/neutron.conf \u90e8\u5206\u4e2d\u7684\u53c2\u6570 insecure [keystone_authtoken] \u503c\u8bbe\u7f6e\u4e3a True \u3002 Check-Neutron-05\uff1aNeutron API \u670d\u52a1\u5668\u4e0a\u662f\u5426\u542f\u7528\u4e86 TLS\uff1f \u00b6 \u4e0e\u4e4b\u524d\u7684\u68c0\u67e5\u7c7b\u4f3c\uff0c\u5efa\u8bae\u5728 API \u670d\u52a1\u5668\u4e0a\u542f\u7528\u5b89\u5168\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 use_ssl \u8bbe\u7f6e\u4e3a True \u3002 [DEFAULT] /etc/neutron/neutron.conf \u5931\u8d25\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 use_ssl \u8bbe\u7f6e\u4e3a False \u3002 [DEFAULT] /etc/neutron/neutron.conf \u5bf9\u8c61\u5b58\u50a8 \u00b6 OpenStack \u5bf9\u8c61\u5b58\u50a8 \uff08swift\uff09 \u670d\u52a1\u63d0\u4f9b\u901a\u8fc7 HTTP \u5b58\u50a8\u548c\u68c0\u7d22\u6570\u636e\u7684\u8f6f\u4ef6\u3002\u5bf9\u8c61\uff08\u6570\u636e blob\uff09\u5b58\u50a8\u5728\u7ec4\u7ec7\u5c42\u6b21\u7ed3\u6784\u4e2d\uff0c\u8be5\u5c42\u6b21\u7ed3\u6784\u63d0\u4f9b\u533f\u540d\u53ea\u8bfb\u8bbf\u95ee\u3001ACL \u5b9a\u4e49\u7684\u8bbf\u95ee\uff0c\u751a\u81f3\u4e34\u65f6\u8bbf\u95ee\u3002\u5bf9\u8c61\u5b58\u50a8\u652f\u6301\u901a\u8fc7\u4e2d\u95f4\u4ef6\u5b9e\u73b0\u7684\u591a\u79cd\u57fa\u4e8e\u4ee4\u724c\u7684\u8eab\u4efd\u9a8c\u8bc1\u673a\u5236\u3002 \u5e94\u7528\u7a0b\u5e8f\u901a\u8fc7\u884c\u4e1a\u6807\u51c6\u7684 HTTP RESTful API \u5728\u5bf9\u8c61\u5b58\u50a8\u4e2d\u5b58\u50a8\u548c\u68c0\u7d22\u6570\u636e\u3002\u5bf9\u8c61\u5b58\u50a8\u7684\u540e\u7aef\u7ec4\u4ef6\u9075\u5faa\u76f8\u540c\u7684 RESTful \u6a21\u578b\uff0c\u5c3d\u7ba1\u67d0\u4e9b API\uff08\u4f8b\u5982\u7ba1\u7406\u6301\u4e45\u6027\u7684 API\uff09\u5bf9\u96c6\u7fa4\u662f\u79c1\u6709\u7684\u3002\u6709\u5173 API \u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 OpenStack Storage API\u3002 \u5bf9\u8c61\u5b58\u50a8\u7684\u7ec4\u4ef6\u5206\u4e3a\u4ee5\u4e0b\u4e3b\u8981\u7ec4\uff1a \u4ee3\u7406\u670d\u52a1 \u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1 \u5b58\u50a8\u670d\u52a1 \u8d26\u6237\u670d\u52a1 \u5bb9\u5668\u670d\u52a1 \u5bf9\u8c61\u670d\u52a1 OpenStack \u5bf9\u8c61\u5b58\u50a8\u7ba1\u7406\u6307\u5357 \uff082013\uff09 \u4e2d\u7684\u793a\u4f8b\u56fe \u6ce8\u610f \u5bf9\u8c61\u5b58\u50a8\u5b89\u88c5\u4e0d\u5fc5\u4f4d\u4e8e Internet \u4e0a\uff0c\u4e5f\u53ef\u4ee5\u662f\u79c1\u6709\u4e91\uff0c\u5176\u4e2d\u516c\u5171\u4ea4\u6362\u673a\u662f\u7ec4\u7ec7\u5185\u90e8\u7f51\u7edc\u57fa\u7840\u67b6\u6784\u7684\u4e00\u90e8\u5206\u3002 \u7f51\u7edc\u5b89\u5168 \u00b6 \u8981\u4fdd\u62a4\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9996\u5148\u8981\u4fdd\u62a4\u7f51\u7edc\u7ec4\u4ef6\u3002\u5982\u679c\u60a8\u8df3\u8fc7\u4e86\u7f51\u7edc\u7ae0\u8282\uff0c\u8bf7\u8fd4\u56de\u5230\u7f51\u7edc\u90e8\u5206\u3002 rsync \u534f\u8bae\u7528\u4e8e\u5728\u5b58\u50a8\u670d\u52a1\u8282\u70b9\u4e4b\u95f4\u590d\u5236\u6570\u636e\u4ee5\u5b9e\u73b0\u9ad8\u53ef\u7528\u6027\u3002\u6b64\u5916\uff0c\u5728\u5ba2\u6237\u7aef\u7aef\u70b9\u548c\u4e91\u73af\u5883\u4e4b\u95f4\u6765\u56de\u4e2d\u7ee7\u6570\u636e\u65f6\uff0c\u4ee3\u7406\u670d\u52a1\u4f1a\u4e0e\u5b58\u50a8\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\u3002 \u8b66\u544a \u5bf9\u8c61\u5b58\u50a8\u4e0d\u5bf9\u8282\u70b9\u95f4\u901a\u4fe1\u8fdb\u884c\u52a0\u5bc6\u6216\u8eab\u4efd\u9a8c\u8bc1\u3002\u8fd9\u5c31\u662f\u60a8\u5728\u4f53\u7cfb\u7ed3\u6784\u56fe\u4e2d\u770b\u5230\u4e13\u7528\u4ea4\u6362\u673a\u6216\u4e13\u7528\u7f51\u7edc \uff08[V]LAN\uff09 \u7684\u539f\u56e0\u3002\u8fd9\u4e2a\u6570\u636e\u57df\u4e5f\u5e94\u8be5\u4e0e\u5176\u4ed6OpenStack\u6570\u636e\u7f51\u7edc\u5206\u5f00\u3002\u6709\u5173\u5b89\u5168\u57df\u7684\u8fdb\u4e00\u6b65\u8ba8\u8bba\uff0c\u8bf7\u53c2\u9605\u5b89\u5168\u8fb9\u754c\u548c\u5a01\u80c1\u3002 \u5efa\u8bae \u5bf9\u6570\u636e\u57df\u4e2d\u7684\u5b58\u50a8\u8282\u70b9\u4f7f\u7528\u4e13\u7528 \uff08V\uff09LAN \u7f51\u6bb5\u3002 \u8fd9\u9700\u8981\u4ee3\u7406\u8282\u70b9\u5177\u6709\u53cc\u63a5\u53e3\uff08\u7269\u7406\u6216\u865a\u62df\uff09\uff1a \u4e00\u4e2a\u4f5c\u4e3a\u6d88\u8d39\u8005\u8bbf\u95ee\u7684\u516c\u5171\u754c\u9762\u3002 \u53e6\u4e00\u4e2a\u4f5c\u4e3a\u53ef\u4ee5\u8bbf\u95ee\u5b58\u50a8\u8282\u70b9\u7684\u4e13\u7528\u63a5\u53e3\u3002 \u4e0b\u56fe\u6f14\u793a\u4e86\u4e00\u79cd\u53ef\u80fd\u7684\u7f51\u7edc\u4f53\u7cfb\u7ed3\u6784\u3002 \u5177\u6709\u7ba1\u7406\u8282\u70b9\uff08OSAM\uff09\u7684\u5bf9\u8c61\u5b58\u50a8\u7f51\u7edc\u67b6\u6784 \u4e00\u822c\u670d\u52a1\u5b89\u5168 \u00b6 \u4ee5\u975e root \u7528\u6237\u8eab\u4efd\u8fd0\u884c\u670d\u52a1 \u00b6 \u6211\u4eec\u5efa\u8bae\u60a8\u5c06\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u914d\u7f6e\u4e3a\u5728\u975e root \uff08UID 0\uff09 \u670d\u52a1\u5e10\u6237\u4e0b\u8fd0\u884c\u3002\u4e00\u4e2a\u5efa\u8bae\u662f swift \u5177\u6709\u4e3b\u7ec4 swift \u7684\u7528\u6237\u540d\u3002\u4f8b\u5982\uff0c proxy-server \u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5305\u62ec\u3001\u3001 container-server account-server \u3002\u6709\u5173\u8bbe\u7f6e\u548c\u914d\u7f6e\u7684\u8be6\u7ec6\u6b65\u9aa4\uff0c\u8bf7\u53c2\u9605\u300a\u5b89\u88c5\u6307\u5357\u300b\u7684\u201c\u6dfb\u52a0\u5bf9\u8c61\u5b58\u50a8\u201d\u4e00\u7ae0\u7684 OpenStack \u6587\u6863\u7d22\u5f15\u3002 \u6ce8\u610f \u4e0a\u9762\u7684\u94fe\u63a5\u9ed8\u8ba4\u4e3aUbuntu\u7248\u672c\u3002 \u6587\u4ef6\u6743\u9650 \u00b6 \u8be5 /etc/swift \u76ee\u5f55\u5305\u542b\u6709\u5173\u73af\u5f62\u62d3\u6251\u548c\u73af\u5883\u914d\u7f6e\u7684\u4fe1\u606f\u3002\u5efa\u8bae\u4f7f\u7528\u4ee5\u4e0b\u6743\u9650\uff1a # chown -R root:swift /etc/swift/* # find /etc/swift/ -type f -exec chmod 640 {} \\; # find /etc/swift/ -type d -exec chmod 750 {} \\; \u8fd9\u5c06\u9650\u5236\u53ea\u6709 root \u7528\u6237\u80fd\u591f\u4fee\u6539\u914d\u7f6e\u6587\u4ef6\uff0c\u540c\u65f6\u5141\u8bb8\u670d\u52a1\u901a\u8fc7\u5176 swift \u5728\u7ec4\u4e2d\u7684\u7ec4\u6210\u5458\u8eab\u4efd\u8bfb\u53d6\u5b83\u4eec\u3002 \u4fdd\u62a4\u5b58\u50a8\u670d\u52a1 \u00b6 \u4ee5\u4e0b\u662f\u5404\u79cd\u5b58\u50a8\u670d\u52a1\u7684\u9ed8\u8ba4\u4fa6\u542c\u7aef\u53e3\uff1a \u670d\u52a1\u540d\u79f0 \u6e2f\u53e3 \u7c7b\u578b \u8d26\u6237\u670d\u52a1 6002 TCP \u5bb9\u5668\u670d\u52a1 6001 TCP \u5bf9\u8c61\u670d\u52a1 6000 TCP \u540c\u6b65 [1] 873 TCP \u5982\u679c\u4f7f\u7528 ssync \u800c\u4e0d\u662f rsync\uff0c\u5219\u4f7f\u7528\u5bf9\u8c61\u670d\u52a1\u7aef\u53e3\u6765\u7ef4\u62a4\u6301\u4e45\u6027\u3002 \u91cd\u8981 \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\u4e0d\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u5982\u679c\u80fd\u591f\u5728\u5176\u4e2d\u4e00\u4e2a\u7aef\u53e3\u4e0a\u8fde\u63a5\u5230\u5b58\u50a8\u8282\u70b9\uff0c\u5219\u65e0\u9700\u8eab\u4efd\u9a8c\u8bc1\u5373\u53ef\u8bbf\u95ee\u6216\u4fee\u6539\u6570\u636e\u3002\u4e3a\u4e86\u9632\u6b62\u6b64\u95ee\u9898\uff0c\u60a8\u5e94\u8be5\u9075\u5faa\u4e4b\u524d\u7ed9\u51fa\u7684\u6709\u5173\u4f7f\u7528\u4e13\u7528\u5b58\u50a8\u7f51\u7edc\u7684\u5efa\u8bae\u3002 \u5bf9\u8c61\u5b58\u50a8\u5e10\u6237\u672f\u8bed \u00b6 \u5bf9\u8c61\u5b58\u50a8\u5e10\u6237\u4e0d\u662f\u7528\u6237\u5e10\u6237\u6216\u51ed\u636e\u3002\u4e0b\u9762\u5bf9\u8fd9\u4e9b\u5173\u7cfb\u8fdb\u884c\u8bf4\u660e\uff1a \u5bf9\u8c61\u5b58\u50a8\u5e10\u6237 \u5bb9\u5668\u7684\u6536\u96c6;\u4e0d\u662f\u7528\u6237\u5e10\u6237\u6216\u8eab\u4efd\u9a8c\u8bc1\u3002\u54ea\u4e9b\u7528\u6237\u4e0e\u8be5\u5e10\u6237\u76f8\u5173\u8054\u4ee5\u53ca\u4ed6\u4eec\u5982\u4f55\u8bbf\u95ee\u8be5\u5e10\u6237\u53d6\u51b3\u4e8e\u6240\u4f7f\u7528\u7684\u8eab\u4efd\u9a8c\u8bc1\u7cfb\u7edf\u3002\u8bf7\u53c2\u9605\u5bf9\u8c61\u5b58\u50a8\u8eab\u4efd\u9a8c\u8bc1\u3002 \u5bf9\u8c61\u5b58\u50a8\u5bb9\u5668 \u5bf9\u8c61\u7684\u96c6\u5408\u3002\u5bb9\u5668\u4e0a\u7684\u5143\u6570\u636e\u53ef\u7528\u4e8e ACL\u3002ACL \u7684\u542b\u4e49\u53d6\u51b3\u4e8e\u6240\u4f7f\u7528\u7684\u8eab\u4efd\u9a8c\u8bc1\u7cfb\u7edf\u3002 \u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61 \u5b9e\u9645\u6570\u636e\u5bf9\u8c61\u3002\u5bf9\u8c61\u7ea7\u522b\u7684 ACL \u4e5f\u53ef\u4ee5\u4e0e\u5143\u6570\u636e\u4e00\u8d77\u4f7f\u7528\uff0c\u5e76\u4e14\u53d6\u51b3\u4e8e\u6240\u4f7f\u7528\u7684\u8eab\u4efd\u9a8c\u8bc1\u7cfb\u7edf\u3002 \u5728\u6bcf\u4e2a\u7ea7\u522b\uff0c\u60a8\u90fd\u6709 ACL\uff0c\u7528\u4e8e\u6307\u793a\u8c01\u62e5\u6709\u54ea\u79cd\u7c7b\u578b\u7684\u8bbf\u95ee\u6743\u9650\u3002ACL \u662f\u6839\u636e\u6b63\u5728\u4f7f\u7528\u7684\u8eab\u4efd\u9a8c\u8bc1\u7cfb\u7edf\u8fdb\u884c\u89e3\u91ca\u7684\u3002\u6700\u5e38\u7528\u7684\u4e24\u79cd\u8eab\u4efd\u9a8c\u8bc1\u63d0\u4f9b\u7a0b\u5e8f\u7c7b\u578b\u662f Identity service \uff08keystone\uff09 \u548c TempAuth\u3002\u81ea\u5b9a\u4e49\u8eab\u4efd\u9a8c\u8bc1\u63d0\u4f9b\u7a0b\u5e8f\u4e5f\u662f\u53ef\u80fd\u7684\u3002\u6709\u5173\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u5bf9\u8c61\u5b58\u50a8\u8eab\u4efd\u9a8c\u8bc1\u3002 \u4fdd\u62a4\u4ee3\u7406\u670d\u52a1 \u00b6 \u4ee3\u7406\u8282\u70b9\u5e94\u81f3\u5c11\u5177\u6709\u4e24\u4e2a\u63a5\u53e3\uff08\u7269\u7406\u6216\u865a\u62df\uff09\uff1a\u4e00\u4e2a\u516c\u5171\u63a5\u53e3\u548c\u4e00\u4e2a\u4e13\u7528\u63a5\u53e3\u3002\u9632\u706b\u5899\u6216\u670d\u52a1\u7ed1\u5b9a\u53ef\u80fd\u4f1a\u4fdd\u62a4\u516c\u5171\u63a5\u53e3\u3002\u9762\u5411\u516c\u4f17\u7684\u670d\u52a1\u662f\u4e00\u4e2a HTTP Web \u670d\u52a1\u5668\uff0c\u7528\u4e8e\u5904\u7406\u7aef\u70b9\u5ba2\u6237\u7aef\u8bf7\u6c42\u3001\u5bf9\u5176\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u5e76\u6267\u884c\u76f8\u5e94\u7684\u64cd\u4f5c\u3002\u4e13\u7528\u63a5\u53e3\u4e0d\u9700\u8981\u4efb\u4f55\u4fa6\u542c\u670d\u52a1\uff0c\u800c\u662f\u7528\u4e8e\u5efa\u7acb\u4e0e\u4e13\u7528\u5b58\u50a8\u7f51\u7edc\u4e0a\u7684\u5b58\u50a8\u8282\u70b9\u7684\u4f20\u51fa\u8fde\u63a5\u3002 HTTP \u76d1\u542c\u7aef\u53e3 \u00b6 \u5982\u524d\u6240\u8ff0\uff0c\u60a8\u5e94\u8be5\u5c06 Web \u670d\u52a1\u914d\u7f6e\u4e3a\u975e root\uff08\u65e0 UID 0\uff09\u7528\u6237 swift \u3002\u9700\u8981\u4f7f\u7528\u5927\u4e8e 1024 \u7684\u7aef\u53e3\u624d\u80fd\u8f7b\u677e\u5b8c\u6210\u6b64\u64cd\u4f5c\uff0c\u5e76\u907f\u514d\u4ee5 root \u8eab\u4efd\u8fd0\u884c Web \u5bb9\u5668\u7684\u4efb\u4f55\u90e8\u5206\u3002\u901a\u5e38\uff0c\u4f7f\u7528 HTTP REST API \u5e76\u6267\u884c\u8eab\u4efd\u9a8c\u8bc1\u7684\u5ba2\u6237\u7aef\u4f1a\u81ea\u52a8\u4ece\u8eab\u4efd\u9a8c\u8bc1\u54cd\u5e94\u4e2d\u68c0\u7d22\u6240\u9700\u7684\u5b8c\u6574 REST API URL\u3002OpenStack \u7684 REST API \u5141\u8bb8\u5ba2\u6237\u7aef\u5bf9\u4e00\u4e2a URL \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff0c\u7136\u540e\u88ab\u544a\u77e5\u5bf9\u5b9e\u9645\u670d\u52a1\u4f7f\u7528\u5b8c\u5168\u4e0d\u540c\u7684 URL\u3002\u4f8b\u5982\uff0c\u5ba2\u6237\u7aef\u5411 https://identity.cloud.example.org:55443/v1/auth \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff0c\u5e76\u83b7\u53d6\u5176\u8eab\u4efd\u9a8c\u8bc1\u5bc6\u94a5\u548c\u5b58\u50a8 URL\uff08\u4ee3\u7406\u8282\u70b9\u6216\u8d1f\u8f7d\u5747\u8861\u5668\u7684 URL\uff09https://swift.cloud.example.org:44443/v1/AUTH_8980 \u54cd\u5e94\u3002 \u5c06 Web \u670d\u52a1\u5668\u914d\u7f6e\u4e3a\u4ee5\u975e root \u7528\u6237\u8eab\u4efd\u542f\u52a8\u548c\u8fd0\u884c\u7684\u65b9\u6cd5\u56e0 Web \u670d\u52a1\u5668\u548c\u64cd\u4f5c\u7cfb\u7edf\u800c\u5f02\u3002 \u8d1f\u8f7d\u5747\u8861\u5668 \u00b6 \u5982\u679c\u4f7f\u7528 Apache \u7684\u9009\u9879\u4e0d\u53ef\u884c\uff0c\u6216\u8005\u4e3a\u4e86\u63d0\u9ad8\u6027\u80fd\uff0c\u60a8\u5e0c\u671b\u51cf\u8f7b TLS \u5de5\u4f5c\uff0c\u5219\u53ef\u4ee5\u4f7f\u7528\u4e13\u7528\u7684\u7f51\u7edc\u8bbe\u5907\u8d1f\u8f7d\u5e73\u8861\u5668\u3002\u8fd9\u662f\u5728\u4f7f\u7528\u591a\u4e2a\u4ee3\u7406\u8282\u70b9\u65f6\u63d0\u4f9b\u5197\u4f59\u548c\u8d1f\u8f7d\u5e73\u8861\u7684\u5e38\u7528\u65b9\u6cd5\u3002 \u5982\u679c\u9009\u62e9\u5378\u8f7d TLS\uff0c\u8bf7\u786e\u4fdd\u8d1f\u8f7d\u5747\u8861\u5668\u548c\u4ee3\u7406\u8282\u70b9\u4e4b\u95f4\u7684\u7f51\u7edc\u94fe\u8def\u4f4d\u4e8e\u4e13\u7528 \uff08V\uff09LAN \u7f51\u6bb5\u4e0a\uff0c\u4ee5\u4fbf\u7f51\u7edc\u4e0a\u7684\u5176\u4ed6\u8282\u70b9\uff08\u53ef\u80fd\u5df2\u6cc4\u9732\uff09\u65e0\u6cd5\u7a83\u542c\uff08\u55c5\u63a2\uff09\u672a\u52a0\u5bc6\u7684\u6d41\u91cf\u3002\u5982\u679c\u53d1\u751f\u6b64\u7c7b\u8fdd\u89c4\u884c\u4e3a\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u8bbf\u95ee\u7aef\u70b9\u5ba2\u6237\u7aef\u6216\u4e91\u7ba1\u7406\u5458\u51ed\u636e\u5e76\u8bbf\u95ee\u4e91\u6570\u636e\u3002 \u60a8\u4f7f\u7528\u7684\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\uff08\u4f8b\u5982\u8eab\u4efd\u670d\u52a1\uff08keystone\uff09\u6216TempAuth\uff09\u5c06\u51b3\u5b9a\u5982\u4f55\u5728\u5bf9\u7aef\u70b9\u5ba2\u6237\u7aef\u7684\u54cd\u5e94\u4e2d\u914d\u7f6e\u4e0d\u540c\u7684URL\uff0c\u4ee5\u4fbf\u5b83\u4eec\u4f7f\u7528\u8d1f\u8f7d\u5e73\u8861\u5668\u800c\u4e0d\u662f\u5355\u4e2a\u4ee3\u7406\u8282\u70b9\u3002 \u5bf9\u8c61\u5b58\u50a8\u8eab\u4efd\u9a8c\u8bc1 \u00b6 \u5bf9\u8c61\u5b58\u50a8\u4f7f\u7528 WSGI \u6a21\u578b\u6765\u63d0\u4f9b\u4e2d\u95f4\u4ef6\u529f\u80fd\uff0c\u8be5\u529f\u80fd\u4e0d\u4ec5\u63d0\u4f9b\u901a\u7528\u53ef\u6269\u5c55\u6027\uff0c\u8fd8\u7528\u4e8e\u7aef\u70b9\u5ba2\u6237\u7aef\u7684\u8eab\u4efd\u9a8c\u8bc1\u3002\u8eab\u4efd\u9a8c\u8bc1\u63d0\u4f9b\u7a0b\u5e8f\u5b9a\u4e49\u5b58\u5728\u7684\u89d2\u8272\u548c\u7528\u6237\u7c7b\u578b\u3002\u6709\u4e9b\u4f7f\u7528\u4f20\u7edf\u7684\u7528\u6237\u540d\u548c\u5bc6\u7801\u51ed\u636e\uff0c\u800c\u53e6\u4e00\u4e9b\u5219\u53ef\u80fd\u5229\u7528 API \u5bc6\u94a5\u4ee4\u724c\u751a\u81f3\u5ba2\u6237\u7aef x.509 \u8bc1\u4e66\u3002\u81ea\u5b9a\u4e49\u63d0\u4f9b\u7a0b\u5e8f\u53ef\u4ee5\u96c6\u6210\u5230\u4f7f\u7528\u81ea\u5b9a\u4e49\u4e2d\u95f4\u4ef6\u4e2d\u3002 \u5bf9\u8c61\u5b58\u50a8\u9ed8\u8ba4\u81ea\u5e26\u4e24\u4e2a\u8ba4\u8bc1\u4e2d\u95f4\u4ef6\u6a21\u5757\uff0c\u5176\u4e2d\u4efb\u4f55\u4e00\u4e2a\u6a21\u5757\u90fd\u53ef\u4ee5\u4f5c\u4e3a\u5f00\u53d1\u81ea\u5b9a\u4e49\u8ba4\u8bc1\u4e2d\u95f4\u4ef6\u7684\u793a\u4f8b\u4ee3\u7801\u3002 TempAuth \u51fd\u6570 \u00b6 TempAuth \u662f\u5bf9\u8c61\u5b58\u50a8\u7684\u9ed8\u8ba4\u8eab\u4efd\u9a8c\u8bc1\u3002\u4e0e Identity \u76f8\u6bd4\uff0c\u5b83\u5c06\u7528\u6237\u5e10\u6237\u3001\u51ed\u636e\u548c\u5143\u6570\u636e\u5b58\u50a8\u5728\u5bf9\u8c61\u5b58\u50a8\u672c\u8eab\u4e2d\u3002\u6709\u5173\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u5bf9\u8c61\u5b58\u50a8 \uff08swift\uff09 \u6587\u6863\u7684\u8eab\u4efd\u9a8c\u8bc1\u7cfb\u7edf\u90e8\u5206\u3002 Keystone \u00b6 Keystone \u662f OpenStack \u4e2d\u5e38\u7528\u7684\u8eab\u4efd\u63d0\u4f9b\u7a0b\u5e8f\u3002\u5b83\u8fd8\u53ef\u7528\u4e8e\u5bf9\u8c61\u5b58\u50a8\u4e2d\u7684\u8eab\u4efd\u9a8c\u8bc1\u3002Identity \u4e2d\u5df2\u63d0\u4f9b\u4fdd\u62a4 keystone \u7684\u8986\u76d6\u8303\u56f4\u3002 \u5176\u4ed6\u503c\u5f97\u6ce8\u610f\u7684\u4e8b\u9879 \u00b6 \u5728 \u4e2d /etc/swift \uff0c\u5728\u6bcf\u4e2a\u8282\u70b9\u4e0a\uff0c\u90fd\u6709\u4e00\u4e2a\u8bbe\u7f6e\u548c\u4e00\u4e2a swift_hash_path_prefix swift_hash_path_suffix \u8bbe\u7f6e\u3002\u63d0\u4f9b\u8fd9\u4e9b\u662f\u4e3a\u4e86\u51cf\u5c11\u5b58\u50a8\u5bf9\u8c61\u53d1\u751f\u54c8\u5e0c\u51b2\u7a81\u7684\u53ef\u80fd\u6027\uff0c\u5e76\u907f\u514d\u4e00\u4e2a\u7528\u6237\u8986\u76d6\u53e6\u4e00\u4e2a\u7528\u6237\u7684\u6570\u636e\u3002 \u6b64\u503c\u6700\u521d\u5e94\u4f7f\u7528\u52a0\u5bc6\u5b89\u5168\u7684\u968f\u673a\u6570\u751f\u6210\u5668\u8fdb\u884c\u8bbe\u7f6e\uff0c\u5e76\u5728\u6240\u6709\u8282\u70b9\u4e0a\u4fdd\u6301\u4e00\u81f4\u3002\u786e\u4fdd\u5b83\u53d7\u5230\u9002\u5f53\u7684 ACL \u4fdd\u62a4\uff0c\u5e76\u4e14\u60a8\u6709\u5907\u4efd\u526f\u672c\u4ee5\u907f\u514d\u6570\u636e\u4e22\u5931\u3002 \u673a\u5bc6\u7ba1\u7406 \u00b6 \u64cd\u4f5c\u5458\u901a\u8fc7\u4f7f\u7528\u5404\u79cd\u52a0\u5bc6\u5e94\u7528\u7a0b\u5e8f\u6765\u4fdd\u62a4\u4e91\u90e8\u7f72\u4e2d\u7684\u654f\u611f\u4fe1\u606f\u3002\u4f8b\u5982\uff0c\u5bf9\u9759\u6001\u6570\u636e\u8fdb\u884c\u52a0\u5bc6\u6216\u5bf9\u6620\u50cf\u8fdb\u884c\u7b7e\u540d\u4ee5\u8bc1\u660e\u5176\u672a\u88ab\u7be1\u6539\u3002\u5728\u6240\u6709\u60c5\u51b5\u4e0b\uff0c\u8fd9\u4e9b\u52a0\u5bc6\u529f\u80fd\u90fd\u9700\u8981\u67d0\u79cd\u5bc6\u94a5\u6750\u6599\u624d\u80fd\u8fd0\u884c\u3002 \u673a\u5bc6\u7ba1\u7406\u63cf\u8ff0\u4e86\u4e00\u7ec4\u65e8\u5728\u4fdd\u62a4\u8f6f\u4ef6\u7cfb\u7edf\u4e2d\u7684\u5173\u952e\u6750\u6599\u7684\u6280\u672f\u3002\u4f20\u7edf\u4e0a\uff0c\u5bc6\u94a5\u7ba1\u7406\u6d89\u53ca\u786c\u4ef6\u5b89\u5168\u6a21\u5757 \uff08HSM\uff09 \u7684\u90e8\u7f72\u3002\u8fd9\u4e9b\u8bbe\u5907\u5df2\u7ecf\u8fc7\u7269\u7406\u5f3a\u5316\uff0c\u53ef\u9632\u6b62\u7be1\u6539\u3002 \u968f\u7740\u6280\u672f\u7684\u8fdb\u6b65\uff0c\u9700\u8981\u4fdd\u62a4\u7684\u79d8\u5bc6\u7269\u54c1\u7684\u6570\u91cf\u5df2\u7ecf\u4ece\u5bc6\u94a5\u6750\u6599\u589e\u52a0\u5230\u5305\u62ec\u8bc1\u4e66\u5bf9\u3001API \u5bc6\u94a5\u3001\u7cfb\u7edf\u5bc6\u7801\u3001\u7b7e\u540d\u5bc6\u94a5\u7b49\u3002\u8fd9\u79cd\u589e\u957f\u4ea7\u751f\u4e86\u5bf9\u66f4\u5177\u53ef\u6269\u5c55\u6027\u7684\u5bc6\u94a5\u7ba1\u7406\u65b9\u6cd5\u7684\u9700\u6c42\uff0c\u5e76\u5bfc\u81f4\u521b\u5efa\u4e86\u8bb8\u591a\u63d0\u4f9b\u53ef\u6269\u5c55\u52a8\u6001\u5bc6\u94a5\u7ba1\u7406\u7684\u8f6f\u4ef6\u670d\u52a1\u3002\u672c\u7ae0\u4ecb\u7ecd\u4e86\u76ee\u524d\u5b58\u5728\u7684\u670d\u52a1\uff0c\u5e76\u91cd\u70b9\u4ecb\u7ecd\u4e86\u90a3\u4e9b\u80fd\u591f\u96c6\u6210\u5230OpenStack\u4e91\u4e2d\u7684\u670d\u52a1\u3002 \u73b0\u6709\u6280\u672f\u6458\u8981 \u76f8\u5173 Openstack \u9879\u76ee \u4f7f\u7528\u6848\u4f8b \u955c\u50cf\u7b7e\u540d\u9a8c\u8bc1 \u5377\u52a0\u5bc6 \u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6 Sahara Magnum Octavia/LBaaS Swift \u914d\u7f6e\u6587\u4ef6\u4e2d\u7684\u5bc6\u7801 Barbican \u6982\u8ff0 \u52a0\u5bc6\u63d2\u4ef6 \u7b80\u5355\u7684\u52a0\u5bc6\u63d2\u4ef6 PKCS#11\u52a0\u5bc6\u63d2\u4ef6 \u5bc6\u94a5\u5546\u5e97\u63d2\u4ef6 KMIP\u63d2\u4ef6 Dogtag \u63d2\u4ef6 Vault \u63d2\u4ef6 Castellan \u6982\u8ff0 \u5e38\u89c1\u95ee\u9898\u89e3\u7b54 \u68c0\u67e5\u8868 Check-Key-Manager-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/barbican\uff1f Check-Key-Manager-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Key-Manager-03\uff1aOpenStack Identity \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Key-Manager-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f \u73b0\u6709\u6280\u672f\u6458\u8981 \u00b6 \u5728OpenStack\u4e2d\uff0c\u6709\u4e24\u79cd\u63a8\u8350\u7528\u4e8e\u673a\u5bc6\u7ba1\u7406\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u5373Barbican\u548cCastellan\u3002\u672c\u7ae0\u5c06\u6982\u8ff0\u4e0d\u540c\u7684\u65b9\u6848\uff0c\u4ee5\u5e2e\u52a9\u64cd\u4f5c\u5458\u9009\u62e9\u4f7f\u7528\u54ea\u4e2a\u5bc6\u94a5\u7ba1\u7406\u5668\u3002 \u7b2c\u4e09\u79cd\u4e0d\u53d7\u652f\u6301\u7684\u65b9\u6cd5\u662f\u56fa\u5b9a/\u786c\u7f16\u7801\u5bc6\u94a5\u3002\u4f17\u6240\u5468\u77e5\uff0c\u67d0\u4e9b OpenStack \u670d\u52a1\u53ef\u4ee5\u9009\u62e9\u5728\u5176\u914d\u7f6e\u6587\u4ef6\u4e2d\u6307\u5b9a\u5bc6\u94a5\u3002\u8fd9\u662f\u6700\u4e0d\u5b89\u5168\u7684\u64cd\u4f5c\u65b9\u5f0f\uff0c\u6211\u4eec\u4e0d\u5efa\u8bae\u5728\u4efb\u4f55\u7c7b\u578b\u7684\u751f\u4ea7\u73af\u5883\u4e2d\u4f7f\u7528\u3002 \u5176\u4ed6\u89e3\u51b3\u65b9\u6848\u5305\u62ec KeyWhiz\u3001Confidant\u3001Conjur\u3001EJSON\u3001Knox \u548c Red October\uff0c\u4f46\u5728\u672c\u6587\u6863\u7684\u8ba8\u8bba\u8303\u56f4\u4e4b\u5916\uff0c\u65e0\u6cd5\u6db5\u76d6\u6240\u6709\u53ef\u7528\u7684 Key Manager\u3002 \u5bf9\u4e8e\u673a\u5bc6\u7684\u5b58\u50a8\uff0c\u5f3a\u70c8\u5efa\u8bae\u4f7f\u7528\u786c\u4ef6\u5b89\u5168\u6a21\u5757 \uff08HSM\uff09 \u3002HSM \u53ef\u4ee5\u6709\u591a\u79cd\u5f62\u5f0f\u3002\u4f20\u7edf\u8bbe\u5907\u662f\u673a\u67b6\u5f0f\u8bbe\u5907\uff0c\u5982\u4ee5\u4e0b\u535a\u5ba2\u6587\u7ae0\u4e2d\u6240\u793a\u3002 \u76f8\u5173 Openstack \u9879\u76ee \u00b6 Castellan \u662f\u4e00\u4e2a\u5e93\uff0c\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u7b80\u5355\u7684\u901a\u7528\u63a5\u53e3\u6765\u5b58\u50a8\u3001\u751f\u6210\u548c\u68c0\u7d22\u673a\u5bc6\u3002\u5927\u591a\u6570 Openstack \u670d\u52a1\u90fd\u4f7f\u7528\u5b83\u8fdb\u884c\u673a\u5bc6\u7ba1\u7406\u3002\u4f5c\u4e3a\u4e00\u4e2a\u56fe\u4e66\u9986\uff0cCastellan \u672c\u8eab\u5e76\u4e0d\u63d0\u4f9b\u79d8\u5bc6\u5b58\u50a8\u3002\u76f8\u53cd\uff0c\u9700\u8981\u90e8\u7f72\u540e\u7aef\u5b9e\u73b0\u3002 \u8bf7\u6ce8\u610f\uff0cCastellan \u4e0d\u63d0\u4f9b\u4efb\u4f55\u8eab\u4efd\u9a8c\u8bc1\u3002\u5b83\u53ea\u662f\u901a\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u51ed\u636e\uff08\u4f8b\u5982Keystone\u4ee4\u724c\uff09\u4f20\u9012\u5230\u540e\u7aef\u3002 Barbican \u662f\u4e00\u4e2a OpenStack \u670d\u52a1\uff0c\u4e3a Castellan \u63d0\u4f9b\u540e\u7aef\u3002Barbican \u9700\u8981\u5e76\u9a8c\u8bc1 keystone \u8eab\u4efd\u9a8c\u8bc1\u4ee4\u724c\uff0c\u4ee5\u8bc6\u522b\u8bbf\u95ee\u6216\u5b58\u50a8\u5bc6\u94a5\u7684\u7528\u6237\u548c\u9879\u76ee\u3002\u7136\u540e\uff0c\u5b83\u5e94\u7528\u7b56\u7565\u6765\u786e\u5b9a\u662f\u5426\u5141\u8bb8\u8bbf\u95ee\u3002\u5b83\u8fd8\u63d0\u4f9b\u4e86\u8bb8\u591a\u989d\u5916\u7684\u6709\u7528\u529f\u80fd\u6765\u6539\u8fdb\u5bc6\u94a5\u7ba1\u7406\uff0c\u5305\u62ec\u914d\u989d\u3001\u6bcf\u4e2a\u5bc6\u94a5\u7684 ACL\u3001\u8ddf\u8e2a\u5bc6\u94a5\u4f7f\u7528\u8005\u4ee5\u53ca\u5bc6\u94a5\u5bb9\u5668\u4e2d\u7684\u5bc6\u94a5\u5206\u7ec4\u3002\u4f8b\u5982\uff0c\u660e\u9510\u76f4\u63a5\u4e0e\u5df4\u6bd4\u80af\uff08\u800c\u4e0d\u662f\u5361\u65af\u7279\u62c9\u5170\uff09\u96c6\u6210\uff0c\u4ee5\u5229\u7528\u5176\u4e2d\u4e00\u4e9b\u529f\u80fd\u3002 Barbican \u6709\u8bb8\u591a\u540e\u7aef\u63d2\u4ef6\uff0c\u53ef\u7528\u4e8e\u5c06\u673a\u5bc6\u5b89\u5168\u5730\u5b58\u50a8\u5728\u672c\u5730\u6570\u636e\u5e93\u6216 HSM \u4e2d\u3002 \u76ee\u524d\uff0cBarbican \u662f Castellan \u552f\u4e00\u53ef\u7528\u7684\u540e\u7aef\u3002\u7136\u800c\uff0c\u6709\u51e0\u4e2a\u540e\u7aef\u6b63\u5728\u5f00\u53d1\u4e2d\uff0c\u5305\u62ec KMIP\u3001Dogtag\u3001Hashicorp Vault \u548c Custodia\u3002\u5bf9\u4e8e\u90a3\u4e9b\u4e0d\u5e0c\u671b\u90e8\u7f72 Barbican \u5e76\u4e14\u5bc6\u94a5\u7ba1\u7406\u9700\u6c42\u76f8\u5bf9\u7b80\u5355\u7684\u90e8\u7f72\u4eba\u5458\u6765\u8bf4\uff0c\u4f7f\u7528\u8fd9\u4e9b\u540e\u7aef\u4e4b\u4e00\u53ef\u80fd\u662f\u4e00\u4e2a\u53ef\u884c\u7684\u66ff\u4ee3\u65b9\u6848\u3002\u4f46\u662f\uff0c\u5728\u68c0\u7d22\u5bc6\u94a5\u65f6\uff0c\u7f3a\u5c11\u7684\u662f\u591a\u79df\u6237\u548c\u79df\u6237\u7b56\u7565\u7684\u5b9e\u65bd\uff0c\u4ee5\u53ca\u4e0a\u9762\u63d0\u5230\u7684\u4efb\u4f55\u989d\u5916\u529f\u80fd\u3002 \u4f7f\u7528\u6848\u4f8b \u00b6 \u955c\u50cf\u7b7e\u540d\u9a8c\u8bc1 \u00b6 \u9a8c\u8bc1\u955c\u50cf\u7b7e\u540d\u53ef\u786e\u4fdd\u955c\u50cf\u81ea\u539f\u59cb\u4e0a\u4f20\u4ee5\u6765\u4e0d\u4f1a\u88ab\u66ff\u6362\u6216\u66f4\u6539\u3002\u955c\u50cf\u7b7e\u540d\u9a8c\u8bc1\u529f\u80fd\u4f7f\u7528 Castellan \u4f5c\u4e3a\u5176\u5bc6\u94a5\u7ba1\u7406\u5668\u6765\u5b58\u50a8\u52a0\u5bc6\u7b7e\u540d\u3002\u955c\u50cf\u7b7e\u540d\u548c\u8bc1\u4e66 UUID \u5c06\u4e0e\u955c\u50cf\u4e00\u8d77\u4e0a\u4f20\u5230\u955c\u50cf \uff08glance\uff09 \u670d\u52a1\u3002Glance \u5728\u4ece\u5bc6\u94a5\u7ba1\u7406\u5668\u68c0\u7d22\u8bc1\u4e66\u540e\u9a8c\u8bc1\u7b7e\u540d\u3002\u542f\u52a8\u955c\u50cf\u65f6\uff0c\u8ba1\u7b97\u670d\u52a1 \uff08nova\uff09 \u5728\u4ece\u5bc6\u94a5\u7ba1\u7406\u5668\u68c0\u7d22\u8bc1\u4e66\u540e\u9a8c\u8bc1\u7b7e\u540d\u3002 \u6709\u5173\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u53ef\u4fe1\u6620\u50cf\u6587\u6863\u3002 \u5377\u52a0\u5bc6 \u00b6 \u5377\u52a0\u5bc6\u529f\u80fd\u4f7f\u7528 Castellan \u63d0\u4f9b\u9759\u6001\u6570\u636e\u52a0\u5bc6\u3002\u5f53\u7528\u6237\u521b\u5efa\u52a0\u5bc6\u5377\u7c7b\u578b\u5e76\u4f7f\u7528\u8be5\u7c7b\u578b\u521b\u5efa\u5377\u65f6\uff0c\u5757\u5b58\u50a8 \uff08cinder\uff09 \u670d\u52a1\u4f1a\u8bf7\u6c42\u5bc6\u94a5\u7ba1\u7406\u5668\u521b\u5efa\u8981\u4e0e\u8be5\u5377\u5173\u8054\u7684\u5bc6\u94a5\u3002\u5f53\u5377\u9644\u52a0\u5230\u5b9e\u4f8b\u65f6\uff0cnova \u4f1a\u68c0\u7d22\u5bc6\u94a5\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u6570\u636e\u52a0\u5bc6\u90e8\u5206\u3002\u548c\u5377\u52a0\u5bc6\u3002 \u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6 \u00b6 \u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\u529f\u80fd\u53ef\u89e3\u51b3\u6570\u636e\u9690\u79c1\u95ee\u9898\u3002\u4e34\u65f6\u78c1\u76d8\u662f\u865a\u62df\u4e3b\u673a\u64cd\u4f5c\u7cfb\u7edf\u4f7f\u7528\u7684\u4e34\u65f6\u5de5\u4f5c\u7a7a\u95f4\u3002\u5982\u679c\u4e0d\u52a0\u5bc6\uff0c\u53ef\u4ee5\u5728\u6b64\u78c1\u76d8\u4e0a\u8bbf\u95ee\u654f\u611f\u7684\u7528\u6237\u4fe1\u606f\uff0c\u5e76\u4e14\u5728\u5378\u8f7d\u78c1\u76d8\u540e\u53ef\u80fd\u4f1a\u4fdd\u7559\u6b8b\u7559\u4fe1\u606f\u3002 \u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\u529f\u80fd\u53ef\u4ee5\u901a\u8fc7\u5b89\u5168\u5305\u88c5\u5668\u4e0e\u5bc6\u94a5\u7ba1\u7406\u670d\u52a1\u4ea4\u4e92\uff0c\u5e76\u901a\u8fc7\u6309\u79df\u6237\u63d0\u4f9b\u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\u5bc6\u94a5\u6765\u652f\u6301\u6570\u636e\u9694\u79bb\u3002\u5efa\u8bae\u4f7f\u7528\u540e\u7aef\u5bc6\u94a5\u5b58\u50a8\u4ee5\u589e\u5f3a\u5b89\u5168\u6027\uff08\u4f8b\u5982\uff0cHSM \u6216 KMIP \u670d\u52a1\u5668\u53ef\u7528\u4f5c barbican \u540e\u7aef\u5bc6\u94a5\u5b58\u50a8\uff09\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\u6587\u6863\u3002 Sahara \u00b6 Sahara\u5728\u64cd\u4f5c\u8fc7\u7a0b\u4e2d\u751f\u6210\u5e76\u5b58\u50a8\u591a\u4e2a\u5bc6\u7801\u3002\u4e3a\u4e86\u52a0\u5f3aSahara\u5bf9\u5bc6\u7801\u7684\u4f7f\u7528\uff0c\u53ef\u4ee5\u6307\u793a\u5b83\u4f7f\u7528\u5916\u90e8\u5bc6\u94a5\u7ba1\u7406\u5668\u6765\u5b58\u50a8\u548c\u68c0\u7d22\u8fd9\u4e9b\u5bc6\u94a5\u3002\u8981\u542f\u7528\u6b64\u529f\u80fd\uff0c\u5fc5\u987b\u9996\u5148\u5728\u5806\u6808\u4e2d\u90e8\u7f72\u4e00\u4e2a OpenStack Key Manager \u670d\u52a1\u3002 \u5728\u5806\u6808\u4e0a\u90e8\u7f72\u5bc6\u94a5\u7ba1\u7406\u5668\u670d\u52a1\u540e\uff0c\u5fc5\u987b\u5c06 sahara \u914d\u7f6e\u4e3a\u542f\u7528\u5bc6\u94a5\u7684\u5916\u90e8\u5b58\u50a8\u3002Sahara \u4f7f\u7528 Castellan \u5e93\u4e0e OpenStack Key Manager \u670d\u52a1\u8fdb\u884c\u4ea4\u4e92\u3002\u6b64\u5e93\u63d0\u4f9b\u5bf9\u5bc6\u94a5\u7ba1\u7406\u5668\u7684\u53ef\u914d\u7f6e\u8bbf\u95ee\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 Sahara \u9ad8\u7ea7\u914d\u7f6e\u6307\u5357\u3002 Magnum \u00b6 \u4e3a\u4e86\u4f7f\u7528\u672c\u673a\u5ba2\u6237\u7aef\uff08 docker \u6216 kubectl \u5206\u522b\uff09\u63d0\u4f9b\u5bf9 Docker Swarm \u6216 Kubernetes \u7684\u8bbf\u95ee\uff0cmagnum \u4f7f\u7528 TLS \u8bc1\u4e66\u3002\u8981\u5b58\u50a8\u8bc1\u4e66\uff0c\u5efa\u8bae\u4f7f\u7528 Barbican \u6216 Magnum \u6570\u636e\u5e93 \uff08 x590keypair \uff09\u3002 \u4e5f\u53ef\u4ee5\u4f7f\u7528\u672c\u5730\u76ee\u5f55 \uff08 local \uff09\uff0c\u4f46\u88ab\u8ba4\u4e3a\u662f\u4e0d\u5b89\u5168\u7684\uff0c\u4e0d\u9002\u5408\u751f\u4ea7\u73af\u5883\u3002 \u6709\u5173\u4e3a Magnum \u8bbe\u7f6e\u8bc1\u4e66\u7ba1\u7406\u5668\u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u5bb9\u5668\u57fa\u7840\u67b6\u6784\u7ba1\u7406\u670d\u52a1\u6587\u6863\u3002 Octavia/LBaaS \u00b6 Neutron \u548c Octavia \u9879\u76ee\u7684 LBaaS\uff08\u8d1f\u8f7d\u5747\u8861\u5668\u5373\u670d\u52a1\uff09\u529f\u80fd\u9700\u8981\u8bc1\u4e66\u53ca\u5176\u79c1\u94a5\u6765\u4e3a TLS \u8fde\u63a5\u63d0\u4f9b\u8d1f\u8f7d\u5747\u8861\u3002Barbican \u53ef\u7528\u4e8e\u5b58\u50a8\u6b64\u654f\u611f\u4fe1\u606f\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u5982\u4f55\u521b\u5efa TLS \u8d1f\u8f7d\u5747\u8861\u5668\u548c\u90e8\u7f72\u4ee5 TLS \u7ed3\u5c3e\u7684 HTTPS \u8d1f\u8f7d\u5747\u8861\u5668\u3002 Swift \u00b6 \u5bf9\u79f0\u5bc6\u94a5\u53ef\u7528\u4e8e\u52a0\u5bc6 Swift \u5bb9\u5668\uff0c\u4ee5\u964d\u4f4e\u7528\u6237\u6570\u636e\u88ab\u8bfb\u53d6\u7684\u98ce\u9669\uff0c\u5982\u679c\u672a\u7ecf\u6388\u6743\u7684\u4e00\u65b9\u8981\u83b7\u5f97\u5bf9\u78c1\u76d8\u7684\u7269\u7406\u8bbf\u95ee\u6743\u9650\u3002 \u6709\u5173\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u5b98\u65b9 swift \u6587\u6863\u4e2d\u7684\u5bf9\u8c61\u52a0\u5bc6\u90e8\u5206\u3002 \u914d\u7f6e\u6587\u4ef6\u4e2d\u7684\u5bc6\u7801 \u00b6 OpenStack \u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u5305\u542b\u8bb8\u591a\u7eaf\u6587\u672c\u5bc6\u7801\u3002\u4f8b\u5982\uff0c\u8fd9\u4e9b\u5305\u62ec\u670d\u52a1\u7528\u6237\u7528\u4e8e\u5411 keystone \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u4ee5\u9a8c\u8bc1 keystone \u4ee4\u724c\u7684\u5bc6\u7801\u3002 \u76ee\u524d\u6ca1\u6709\u5bf9\u8fd9\u4e9b\u5bc6\u7801\u8fdb\u884c\u6a21\u7cca\u5904\u7406\u7684\u89e3\u51b3\u65b9\u6848\u3002\u5efa\u8bae\u901a\u8fc7\u6587\u4ef6\u6743\u9650\u9002\u5f53\u5730\u4fdd\u62a4\u8fd9\u4e9b\u6587\u4ef6\u3002 \u76ee\u524d\u6b63\u5728\u52aa\u529b\u5c06\u8fd9\u4e9b\u5bc6\u94a5\u5b58\u50a8\u5728 Castellan \u540e\u7aef\uff0c\u7136\u540e\u8ba9 oslo.config \u4f7f\u7528 Castellan \u6765\u68c0\u7d22\u8fd9\u4e9b\u5bc6\u94a5\u3002 Barbican \u00b6 \u6982\u8ff0 \u00b6 Barbican \u662f\u4e00\u4e2a REST API\uff0c\u65e8\u5728\u5b89\u5168\u5b58\u50a8\u3001\u914d\u7f6e\u548c\u7ba1\u7406\u5bc6\u7801\u3001\u52a0\u5bc6\u5bc6\u94a5\u548c X.509 \u8bc1\u4e66\u7b49\u673a\u5bc6\u3002\u5b83\u65e8\u5728\u5bf9\u6240\u6709\u73af\u5883\u90fd\u6709\u7528\uff0c\u5305\u62ec\u5927\u578b\u77ed\u6682\u4e91\u3002 Barbican \u4e0e\u591a\u4e2a OpenStack \u529f\u80fd\u96c6\u6210\uff0c\u53ef\u4ee5\u76f4\u63a5\u96c6\u6210\uff0c\u4e5f\u53ef\u4ee5\u4f5c\u4e3a Castellan \u7684\u540e\u7aef\u96c6\u6210\u3002 Barbican \u901a\u5e38\u7528\u4f5c\u5bc6\u94a5\u7ba1\u7406\u7cfb\u7edf\uff0c\u4ee5\u5b9e\u73b0\u56fe\u50cf\u7b7e\u540d\u9a8c\u8bc1\u3001\u5377\u52a0\u5bc6\u7b49\u7528\u4f8b\u3002\u8fd9\u4e9b\u7528\u4f8b\u5728\u7528\u4f8b\u4e2d\u8fdb\u884c\u4e86\u6982\u8ff0 Barbican \u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236 \u00b6 \u5f85\u5b9a \u673a\u5bc6\u5b58\u50a8\u540e\u7aef \u00b6 Key Manager \u670d\u52a1\u5177\u6709\u63d2\u4ef6\u67b6\u6784\uff0c\u5141\u8bb8\u90e8\u7f72\u7a0b\u5e8f\u5c06\u5bc6\u94a5\u5b58\u50a8\u5728\u4e00\u4e2a\u6216\u591a\u4e2a\u5bc6\u94a5\u5b58\u50a8\u4e2d\u3002\u673a\u5bc6\u5b58\u50a8\u53ef\u4ee5\u662f\u57fa\u4e8e\u8f6f\u4ef6\u7684\uff08\u5982\u8f6f\u4ef6\u4ee4\u724c\uff09\uff0c\u4e5f\u53ef\u4ee5\u662f\u57fa\u4e8e\u786c\u4ef6\u8bbe\u5907\uff08\u5982\u786c\u4ef6\u5b89\u5168\u6a21\u5757 \uff08HSM\uff09\uff09\u7684\u3002\u672c\u8282\u4ecb\u7ecd\u5f53\u524d\u53ef\u7528\u7684\u63d2\u4ef6\uff0c\u5e76\u8ba8\u8bba\u6bcf\u4e2a\u63d2\u4ef6\u7684\u5b89\u5168\u72b6\u51b5\u3002\u63d2\u4ef6\u5df2\u542f\u7528\u5e76\u4f7f\u7528\u914d\u7f6e\u6587\u4ef6\u4e2d\u7684 /etc/barbican/barbican.conf \u8bbe\u7f6e\u8fdb\u884c\u914d\u7f6e\u3002 \u6709\u4e24\u79cd\u7c7b\u578b\u7684\u63d2\u4ef6\uff1a\u52a0\u5bc6\u63d2\u4ef6\u548c\u673a\u5bc6\u5b58\u50a8\u63d2\u4ef6\u3002 \u52a0\u5bc6\u63d2\u4ef6 \u00b6 \u52a0\u5bc6\u63d2\u4ef6\u5c06\u673a\u5bc6\u5b58\u50a8\u4e3a Barbican \u6570\u636e\u5e93\u4e2d\u7684\u52a0\u5bc6 blob\u3002\u8c03\u7528\u8be5\u63d2\u4ef6\u6765\u52a0\u5bc6\u5bc6\u94a5\u5b58\u50a8\u4e0a\u7684\u5bc6\u94a5\uff0c\u5e76\u5728\u5bc6\u94a5\u68c0\u7d22\u65f6\u89e3\u5bc6\u5bc6\u94a5\u3002\u76ee\u524d\u6709\u4e24\u79cd\u7c7b\u578b\u7684\u5b58\u50a8\u63d2\u4ef6\u53ef\u7528\uff1aSimple Crypto \u63d2\u4ef6\u548c PKCS#11 \u52a0\u5bc6\u63d2\u4ef6\u3002 \u7b80\u5355\u7684\u52a0\u5bc6\u63d2\u4ef6 \u00b6 \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u5728 \u4e2d barbican.conf \u914d\u7f6e\u4e86\u7b80\u5355\u7684\u52a0\u5bc6\u63d2\u4ef6\u3002\u8be5\u63d2\u4ef6\u4f7f\u7528\u5355\u4e2a\u5bf9\u79f0\u5bc6\u94a5\uff08KEK - \u6216\u201c\u5bc6\u94a5\u52a0\u5bc6\u5bc6\u94a5\u201d\uff09\uff0c\u8be5\u5bc6\u94a5\u4ee5\u7eaf\u6587\u672c\u5f62\u5f0f\u5b58\u50a8\u5728 barbican.conf \u6587\u4ef6\u4e2d\uff0c\u4ee5\u52a0\u5bc6\u548c\u89e3\u5bc6\u6240\u6709\u673a\u5bc6\u3002\u6b64\u63d2\u4ef6\u88ab\u8ba4\u4e3a\u662f\u4e0d\u592a\u5b89\u5168\u7684\u9009\u9879\uff0c\u4ec5\u9002\u7528\u4e8e\u5f00\u53d1\u548c\u6d4b\u8bd5\uff0c\u56e0\u4e3a\u4e3b\u5bc6\u94a5\u4ee5\u7eaf\u6587\u672c\u5f62\u5f0f\u5b58\u50a8\u5728\u914d\u7f6e\u6587\u4ef6\u4e2d\uff0c\u56e0\u6b64\u4e0d\u5efa\u8bae\u5728\u751f\u4ea7\u90e8\u7f72\u4e2d\u4f7f\u7528\u3002 PKCS#11 \u52a0\u5bc6\u63d2\u4ef6 \u00b6 PKCS#11 \u52a0\u5bc6\u63d2\u4ef6\u53ef\u7528\u4e8e\u4e0e\u4f7f\u7528 PKCS#11 \u534f\u8bae\u7684\u786c\u4ef6\u5b89\u5168\u6a21\u5757 \uff08HSM\uff09 \u8fde\u63a5\u3002\u673a\u5bc6\u7531\u9879\u76ee\u7279\u5b9a\u7684\u5bc6\u94a5\u52a0\u5bc6\u5bc6\u94a5 \uff08KEK\uff09 \u52a0\u5bc6 \uff08\u5e76\u5728\u68c0\u7d22\u65f6\u89e3\u5bc6\uff09 \u3002KEK \u53d7\u4e3b KEK \uff08MKEK\uff09 \u4fdd\u62a4\uff08\u52a0\u5bc6\uff09\u3002MKEK \u4e0e HMAC \u4e00\u8d77\u9a7b\u7559\u5728 HSM \u4e2d\u3002\u7531\u4e8e\u6bcf\u4e2a\u9879\u76ee\u90fd\u4f7f\u7528\u4e0d\u540c\u7684 KEK\uff0c\u5e76\u4e14\u7531\u4e8e KEK \u4ee5\u52a0\u5bc6\u5f62\u5f0f\uff08\u800c\u4e0d\u662f\u914d\u7f6e\u6587\u4ef6\u4e2d\u7684\u660e\u6587\uff09\u5b58\u50a8\u5728\u6570\u636e\u5e93\u4e2d\uff0c\u56e0\u6b64 PKCS#11 \u63d2\u4ef6\u6bd4\u7b80\u5355\u7684\u52a0\u5bc6\u63d2\u4ef6\u5b89\u5168\u5f97\u591a\u3002\u5b83\u662f Barbican \u90e8\u7f72\u4e2d\u6700\u53d7\u6b22\u8fce\u7684\u540e\u7aef\u3002 \u673a\u5bc6\u5b58\u50a8\u63d2\u4ef6 \u00b6 \u5bc6\u94a5\u5b58\u50a8\u63d2\u4ef6\u4e0e\u5b89\u5168\u5b58\u50a8\u7cfb\u7edf\u63a5\u53e3\uff0c\u4ee5\u5c06\u5bc6\u94a5\u5b58\u50a8\u5728\u8fd9\u4e9b\u7cfb\u7edf\u4e2d\u3002\u5bc6\u94a5\u5b58\u50a8\u63d2\u4ef6\u6709\u4e09\u79cd\u7c7b\u578b\uff1aKMIP \u63d2\u4ef6\u3001Dogtag \u63d2\u4ef6\u548c Vault \u63d2\u4ef6\u3002 KMIP \u63d2\u4ef6 \u00b6 \u5bc6\u94a5\u7ba1\u7406\u4e92\u64cd\u4f5c\u6027\u534f\u8bae \uff08KMIP\uff09 \u5bc6\u94a5\u5b58\u50a8\u63d2\u4ef6\u7528\u4e8e\u4e0e\u542f\u7528\u4e86 KMIP \u7684\u8bbe\u5907\uff08\u5982\u786c\u4ef6\u5b89\u5168\u6a21\u5757 \uff08HSM\uff09\uff09\u8fdb\u884c\u901a\u4fe1\u3002\u5bc6\u94a5\u76f4\u63a5\u5b89\u5168\u5730\u5b58\u50a8\u5728\u542f\u7528\u4e86 KMIP \u7684\u8bbe\u5907\u4e2d\uff0c\u800c\u4e0d\u662f\u5b58\u50a8\u5728 Barbican \u6570\u636e\u5e93\u4e2d\u3002Barbican \u6570\u636e\u5e93\u7ef4\u62a4\u5bf9\u5bc6\u94a5\u4f4d\u7f6e\u7684\u5f15\u7528\uff0c\u4ee5\u4f9b\u4ee5\u540e\u68c0\u7d22\u3002\u8be5\u63d2\u4ef6\u53ef\u4ee5\u914d\u7f6e\u4e3a\u4f7f\u7528\u7528\u6237\u540d\u548c\u5bc6\u7801\u6216\u4f7f\u7528\u5ba2\u6237\u7aef\u8bc1\u4e66\u5411\u542f\u7528\u4e86 KMIP \u7684\u8bbe\u5907\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u6b64\u4fe1\u606f\u5b58\u50a8\u5728 Barbican \u914d\u7f6e\u6587\u4ef6\u4e2d\u3002 Dogtag \u63d2\u4ef6 \u00b6 Dogtag \u79d8\u5bc6\u5b58\u50a8\u63d2\u4ef6\u7528\u4e8e\u4e0e Dogtag \u901a\u4fe1\u3002Dogtag \u662f\u5bf9\u5e94\u4e8e Red Hat \u8bc1\u4e66\u7cfb\u7edf\u7684\u4e0a\u6e38\u9879\u76ee\uff0cRed Hat Certificate System \u662f\u4e00\u4e2a\u901a\u7528\u6807\u51c6/FIPS \u8ba4\u8bc1\u7684 PKI \u89e3\u51b3\u65b9\u6848\uff0c\u5305\u542b\u8bc1\u4e66\u7ba1\u7406\u5668 \uff08CA\uff09 \u548c\u5bc6\u94a5\u6062\u590d\u673a\u6784 \uff08KRA\uff09\uff0c\u7528\u4e8e\u5b89\u5168\u5b58\u50a8\u673a\u5bc6\u3002KRA \u5c06\u673a\u5bc6\u4f5c\u4e3a\u52a0\u5bc6\u7684 blob \u5b58\u50a8\u5728\u5176\u5185\u90e8\u6570\u636e\u5e93\u4e2d\uff0c\u4e3b\u52a0\u5bc6\u5bc6\u94a5\u5b58\u50a8\u5728\u57fa\u4e8e\u8f6f\u4ef6\u7684 NSS \u5b89\u5168\u6570\u636e\u5e93\u4e2d\uff0c\u6216\u5b58\u50a8\u5728\u786c\u4ef6\u5b89\u5168\u6a21\u5757 \uff08HSM\uff09 \u4e2d\u3002\u57fa\u4e8e\u8f6f\u4ef6\u7684 NSS \u6570\u636e\u5e93\u914d\u7f6e\u4e3a\u4e0d\u5e0c\u671b\u4f7f\u7528 HSM \u7684\u90e8\u7f72\u63d0\u4f9b\u4e86\u5b89\u5168\u9009\u9879\u3002KRA \u662f FreeIPA \u7684\u4e00\u4e2a\u7ec4\u4ef6\uff0c\u56e0\u6b64\u53ef\u4ee5\u4f7f\u7528 FreeIPA \u670d\u52a1\u5668\u914d\u7f6e\u63d2\u4ef6\u3002\u4ee5\u4e0b\u535a\u5ba2\u6587\u7ae0\u4e2d\u63d0\u4f9b\u4e86\u6709\u5173\u5982\u4f55\u4f7f\u7528 FreeIPA \u8bbe\u7f6e Barbican \u7684\u66f4\u8be6\u7ec6\u8bf4\u660e\u3002 Vault \u63d2\u4ef6 \u00b6 Vault \u662f Hashicorp \u5f00\u53d1\u7684\u79d8\u5bc6\u5b58\u50a8\uff0c\u7528\u4e8e\u5b89\u5168\u8bbf\u95ee\u673a\u5bc6\u548c\u5176\u4ed6\u5bf9\u8c61\uff0c\u4f8b\u5982 API \u5bc6\u94a5\u3001\u5bc6\u7801\u6216\u8bc1\u4e66\u3002\u4fdd\u9669\u67dc\u4e3a\u4efb\u4f55\u673a\u5bc6\u63d0\u4f9b\u7edf\u4e00\u7684\u754c\u9762\uff0c\u540c\u65f6\u63d0\u4f9b\u4e25\u683c\u7684\u8bbf\u95ee\u63a7\u5236\u5e76\u8bb0\u5f55\u8be6\u7ec6\u7684\u5ba1\u6838\u65e5\u5fd7\u3002Vault \u4f01\u4e1a\u7248\u8fd8\u5141\u8bb8\u4e0e HSM \u96c6\u6210\u4ee5\u8fdb\u884c\u81ea\u52a8\u89e3\u5c01\u3001\u63d0\u4f9b FIPS \u5bc6\u94a5\u5b58\u50a8\u548c\u71b5\u589e\u5f3a\u3002\u4f46\u662f\uff0cVault \u63d2\u4ef6\u7684\u7f3a\u70b9\u662f\u5b83\u4e0d\u652f\u6301\u591a\u79df\u6237\uff0c\u56e0\u6b64\u6240\u6709\u5bc6\u94a5\u90fd\u5c06\u5b58\u50a8\u5728\u540c\u4e00\u4e2a\u952e/\u503c\u5bc6\u94a5\u5f15\u64ce\u4e0b\u3002\u6302\u8f7d\u70b9\u3002 \u5a01\u80c1\u5206\u6790 \u00b6 Barbican \u56e2\u961f\u4e0e OpenStack \u5b89\u5168\u9879\u76ee\u5408\u4f5c\uff0c\u5bf9\u6700\u4f73\u5b9e\u8df5 Barbican \u90e8\u7f72\u8fdb\u884c\u4e86\u5b89\u5168\u5ba1\u67e5\u3002\u5b89\u5168\u5ba1\u67e5\u7684\u76ee\u7684\u662f\u8bc6\u522b\u670d\u52a1\u8bbe\u8ba1\u548c\u4f53\u7cfb\u7ed3\u6784\u4e2d\u7684\u5f31\u70b9\u548c\u7f3a\u9677\uff0c\u5e76\u63d0\u51fa\u89e3\u51b3\u8fd9\u4e9b\u95ee\u9898\u7684\u63a7\u5236\u6216\u4fee\u590d\u63aa\u65bd\u3002 \u5df4\u6bd4\u80af\u5a01\u80c1\u5206\u6790\u786e\u5b9a\u4e86\u516b\u9879\u5b89\u5168\u53d1\u73b0\u548c\u4e24\u9879\u5efa\u8bae\uff0c\u4ee5\u63d0\u9ad8\u5df4\u6bd4\u80af\u90e8\u7f72\u7684\u5b89\u5168\u6027\u3002\u8fd9\u4e9b\u7ed3\u679c\u53ef\u4ee5\u5728\u5b89\u5168\u5206\u6790\u5b58\u50a8\u5e93\u4e2d\u67e5\u770b\uff0c\u4ee5\u53ca Barbican \u4f53\u7cfb\u7ed3\u6784\u56fe\u548c\u4f53\u7cfb\u7ed3\u6784\u63cf\u8ff0\u9875\u3002 Castellan \u00b6 \u6982\u8ff0 \u00b6 Castellan \u662f\u7531 Barbican \u56e2\u961f\u5f00\u53d1\u7684\u901a\u7528\u5bc6\u94a5\u7ba1\u7406\u5668\u754c\u9762\u3002\u5b83\u4f7f\u9879\u76ee\u80fd\u591f\u4f7f\u7528\u53ef\u914d\u7f6e\u7684\u5bc6\u94a5\u7ba1\u7406\u5668\uff0c\u8be5\u7ba1\u7406\u5668\u53ef\u4ee5\u7279\u5b9a\u4e8e\u90e8\u7f72\u3002 \u5e38\u89c1\u95ee\u9898\u89e3\u7b54 \u00b6 \u200b 1.\u5728 OpenStack \u4e2d\u5b89\u5168\u5b58\u50a8\u5bc6\u94a5\u7684\u63a8\u8350\u65b9\u6cd5\u662f\u4ec0\u4e48\uff1f \u5728OpenStack\u4e2d\u5b89\u5168\u5730\u5b58\u50a8\u548c\u7ba1\u7406\u5bc6\u94a5\u7684\u63a8\u8350\u65b9\u6cd5\u662f\u4f7f\u7528Barbican\u3002 \u200b 2.\u6211\u4e3a\u4ec0\u4e48\u8981\u4f7f\u7528Barbican\uff1f Barbican \u662f\u4e00\u79cd OpenStack \u670d\u52a1\uff0c\u5b83\u652f\u6301\u591a\u79df\u6237\uff0c\u5e76\u4f7f\u7528 Keystone \u4ee4\u724c\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u8fd9\u610f\u5473\u7740\u5bf9\u5bc6\u94a5\u7684\u8bbf\u95ee\u662f\u901a\u8fc7\u79df\u6237\u548c RBAC \u89d2\u8272\u7684 OpenStack \u7b56\u7565\u6765\u63a7\u5236\u7684\u3002 Barbican \u5177\u6709\u591a\u4e2a\u53ef\u63d2\u62d4\u540e\u7aef\uff0c\u53ef\u4ee5\u4f7f\u7528 PKCS#11 \u6216 KMIP \u4e0e\u57fa\u4e8e\u8f6f\u4ef6\u548c\u786c\u4ef6\u7684\u5b89\u5168\u6a21\u5757\u8fdb\u884c\u901a\u4fe1\u3002 \u200b 3.\u5982\u679c\u6211\u4e0d\u60f3\u4f7f\u7528Barbican\u600e\u4e48\u529e\uff1f \u5728 Openstack \u4e0a\u4e0b\u6587\u4e2d\uff0c\u9700\u8981\u7ba1\u7406\u4e24\u79cd\u7c7b\u578b\u7684\u5bc6\u94a5 - \u9700\u8981\u5bc6\u94a5\u5931\u771f\u4ee4\u724c\u624d\u80fd\u8bbf\u95ee\u7684\u5bc6\u94a5\uff0c\u4ee5\u53ca\u4e0d\u9700\u8981\u5bc6\u94a5\u9a8c\u8bc1\u4ee4\u724c\u7684\u5bc6\u94a5\u3002 \u9700\u8981 keystone \u8eab\u4efd\u9a8c\u8bc1\u7684\u5bc6\u94a5\u7684\u4e00\u4e2a\u793a\u4f8b\u662f\u7279\u5b9a\u9879\u76ee\u62e5\u6709\u7684\u5bc6\u7801\u548c\u5bc6\u94a5\u3002\u4f8b\u5982\uff0c\u8fd9\u4e9b\u5305\u62ec\u9879\u76ee\u52a0\u5bc6\u7164\u6e23\u5377\u7684\u52a0\u5bc6\u5bc6\u94a5\u6216\u9879\u76ee\u6982\u89c8\u56fe\u50cf\u7684\u7b7e\u540d\u5bc6\u94a5\u3002 \u4e0d\u9700\u8981 keystone \u4ee4\u724c\u5373\u53ef\u8bbf\u95ee\u7684\u5bc6\u94a5\u793a\u4f8b\u5305\u62ec\u670d\u52a1\u914d\u7f6e\u6587\u4ef6\u4e2d\u670d\u52a1\u7528\u6237\u7684\u5bc6\u7801\u6216\u4e0d\u5c5e\u4e8e\u4efb\u4f55\u7279\u5b9a\u9879\u76ee\u7684\u52a0\u5bc6\u5bc6\u94a5\u3002 \u9700\u8981 keystone \u4ee4\u724c\u7684\u673a\u5bc6\u5e94\u4f7f\u7528 Barbican \u8fdb\u884c\u5b58\u50a8\u3002 \u4e0d\u9700\u8981 keystone \u8eab\u4efd\u9a8c\u8bc1\u7684\u5bc6\u94a5\u53ef\u4ee5\u5b58\u50a8\u5728\u4efb\u4f55\u5bc6\u94a5\u5b58\u50a8\u4e2d\uff0c\u8be5\u5bc6\u94a5\u5b58\u50a8\u5b9e\u73b0\u4e86\u901a\u8fc7 Castellan \u516c\u5f00\u7684\u7b80\u5355\u5bc6\u94a5\u5b58\u50a8 API\u3002\u8fd9\u4e5f\u5305\u62ec\u5df4\u6bd4\u80af\u3002 \u200b 4.\u5982\u4f55\u4f7f\u7528 Vault\u3001Keywhiz\u3001Custodia \u7b49...\uff1f \u5982\u679c\u5df2\u4e3a\u8be5\u5bc6\u94a5\u7ba1\u7406\u5668\u7f16\u5199\u4e86 Castellan \u63d2\u4ef6\uff0c\u5219\u60a8\u9009\u62e9\u7684\u5bc6\u94a5\u7ba1\u7406\u5668\u53ef\u4ee5\u4e0e\u8be5\u5bc6\u94a5\u7ba1\u7406\u5668\u4e00\u8d77\u4f7f\u7528\u3002\u4e00\u65e6\u8be5\u63d2\u4ef6\u88ab\u7f16\u5199\u51fa\u6765\uff0c\u76f4\u63a5\u4f7f\u7528\u8be5\u63d2\u4ef6\u6216\u5728 Barbican \u540e\u9762\u4f7f\u7528\u8be5\u63d2\u4ef6\u662f\u76f8\u5bf9\u5fae\u4e0d\u8db3\u9053\u7684\u3002 \u76ee\u524d\uff0cVault \u548c Custodia \u63d2\u4ef6\u6b63\u5728\u4e3a Queens \u5468\u671f\u5f00\u53d1\u3002 \u68c0\u67e5\u8868 \u00b6 Check-Key-Manager-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/barbican\uff1f \u00b6 \u914d\u7f6e\u6587\u4ef6\u5305\u542b\u7ec4\u4ef6\u5e73\u7a33\u8fd0\u884c\u6240\u9700\u7684\u5173\u952e\u53c2\u6570\u548c\u4fe1\u606f\u3002\u5982\u679c\u975e\u7279\u6743\u7528\u6237\u6709\u610f\u6216\u65e0\u610f\u5730\u4fee\u6539\u6216\u5220\u9664\u4efb\u4f55\u53c2\u6570\u6216\u6587\u4ef6\u672c\u8eab\uff0c\u5219\u4f1a\u5bfc\u81f4\u4e25\u91cd\u7684\u53ef\u7528\u6027\u95ee\u9898\uff0c\u4ece\u800c\u5bfc\u81f4\u62d2\u7edd\u5411\u5176\u4ed6\u6700\u7ec8\u7528\u6237\u63d0\u4f9b\u670d\u52a1\u3002\u6b64\u7c7b\u5173\u952e\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a root\uff0c\u7ec4\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a barbican\u3002\u6b64\u5916\uff0c\u5305\u542b\u76ee\u5f55\u5e94\u5177\u6709\u76f8\u540c\u7684\u6240\u6709\u6743\uff0c\u4ee5\u786e\u4fdd\u6b63\u786e\u62e5\u6709\u65b0\u6587\u4ef6\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%U %G\" /etc/barbican/barbican.conf | egrep \"root barbican\" $ stat -L -c \"%U %G\" /etc/barbican/barbican-api-paste.ini | egrep \"root barbican\" $ stat -L -c \"%U %G\" /etc/barbican/policy.json | egrep \"root barbican\" $ stat -L -c \"%U %G\" /etc/barbican | egrep \"root barbican\" \u901a\u8fc7\uff1a\u5982\u679c\u6240\u6709\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u5206\u522b\u8bbe\u7f6e\u4e3a root \u548c barbican\u3002\u4e0a\u9762\u7684\u547d\u4ee4\u663e\u793a\u4e86 root / barbican \u7684\u8f93\u51fa\u3002 \u5931\u8d25\uff1a\u5982\u679c\u4e0a\u8ff0\u547d\u4ee4\u672a\u8fd4\u56de\u4efb\u4f55\u8f93\u51fa\uff0c\u5219\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u53ef\u80fd\u5df2\u8bbe\u7f6e\u4e3a\u9664 root \u4ee5\u5916\u7684\u4efb\u4f55\u7528\u6237\u6216\u9664 barbican \u4ee5\u5916\u7684\u4efb\u4f55\u7ec4\u3002 Check-Key-Manager-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f \u00b6 \u4e0e\u524d\u9762\u7684\u68c0\u67e5\u7c7b\u4f3c\uff0c\u6211\u4eec\u5efa\u8bae\u4e3a\u6b64\u7c7b\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e25\u683c\u7684\u8bbf\u95ee\u6743\u9650\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%a\" /etc/barbican/barbican.conf $ stat -L -c \"%a\" /etc/barbican/barbican-api-paste.ini $ stat -L -c \"%a\" /etc/barbican/policy.json $ stat -L -c \"%a\" /etc/barbican \u8fd8\u53ef\u4ee5\u8fdb\u884c\u66f4\u5e7f\u6cdb\u7684\u9650\u5236\uff1a\u5982\u679c\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\uff0c\u5219\u4fdd\u8bc1\u6b64\u76ee\u5f55\u4e2d\u65b0\u521b\u5efa\u7684\u6587\u4ef6\u5177\u6709\u6240\u9700\u7684\u6743\u9650\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u6743\u9650\u8bbe\u7f6e\u4e3a 640 \u6216\u66f4\u4e25\u683c\uff0c\u6216\u8005\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\u3002640 \u7684\u6743\u9650\u8f6c\u6362\u4e3a\u6240\u6709\u8005 r/w\u3001\u7ec4 r\uff0c\u800c\u5bf9\u5176\u4ed6\u4eba\u6ca1\u6709\u6743\u9650\uff0c\u4f8b\u5982\u201cu=rw\uff0cg=r\uff0co=\u201d\u3002 \u6ce8\u610f \u4f7f\u7528 Check-Key-Manager-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/barbican\uff1f\u6743\u9650\u8bbe\u7f6e\u4e3a 640\uff0croot \u5177\u6709\u8bfb/\u5199\u8bbf\u95ee\u6743\u9650\uff0cBarbican \u5177\u6709\u5bf9\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u8bfb\u53d6\u8bbf\u95ee\u6743\u9650\u3002\u4e5f\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u9a8c\u8bc1\u8bbf\u95ee\u6743\u9650\u3002\u4ec5\u5f53\u6b64\u547d\u4ee4\u652f\u6301 ACL \u65f6\uff0c\u5b83\u624d\u5728\u60a8\u7684\u7cfb\u7edf\u4e0a\u53ef\u7528\u3002 $ getfacl --tabular -a /etc/barbican/barbican.conf getfacl: Removing leading '/' from absolute path names # file: etc/barbican/barbican.conf USER root rw- GROUP barbican r-- mask r-- other --- \u5931\u8d25\uff1a\u5982\u679c\u6743\u9650\u8bbe\u7f6e\u5927\u4e8e 640\u3002 Check-Key-Manager-03\uff1aOpenStack Identity \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f \u00b6 OpenStack \u652f\u6301\u5404\u79cd\u8eab\u4efd\u9a8c\u8bc1\u7b56\u7565\uff0c\u5982 noauth \u548c keystone \u3002\u5982\u679c\u4f7f\u7528\u8be5 noauth \u7b56\u7565\uff0c\u5219\u7528\u6237\u65e0\u9700\u4efb\u4f55\u8eab\u4efd\u9a8c\u8bc1\u5373\u53ef\u4e0e OpenStack \u670d\u52a1\u8fdb\u884c\u4ea4\u4e92\u3002\u8fd9\u53ef\u80fd\u662f\u4e00\u4e2a\u6f5c\u5728\u7684\u98ce\u9669\uff0c\u56e0\u4e3a\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u83b7\u5f97\u5bf9 OpenStack \u7ec4\u4ef6\u7684\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002\u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\u6240\u6709\u670d\u52a1\u90fd\u5fc5\u987b\u4f7f\u7528\u5176\u670d\u52a1\u5e10\u6237\u901a\u8fc7 keystone \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 authtoken \u5217\u5728 \u4e2d\u7684 pipeline:barbican-api-keystone barbican-api-paste.ini \u90e8\u5206\u4e0b\u3002 \u5931\u8d25\uff1a\u5982\u679c \u4e2d\u7684 pipeline:barbican-api-keystone barbican-api-paste.ini \u90e8\u5206\u4e0b\u7f3a\u5c11\u8be5\u53c2\u6570 authtoken \u3002 Check-Key-Manager-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f \u00b6 OpenStack \u7ec4\u4ef6\u4f7f\u7528\u5404\u79cd\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\uff0c\u901a\u4fe1\u53ef\u80fd\u6d89\u53ca\u654f\u611f\u6216\u673a\u5bc6\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5c1d\u8bd5\u7a83\u542c\u9891\u9053\u4ee5\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u6240\u6709\u7ec4\u4ef6\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in /etc/barbican/barbican.conf \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a Identity API \u7aef\u70b9\u5f00\u5934\uff0c https:// \u5e76\u4e14 same /etc/barbican/barbican.conf \u4e2d\u540c\u4e00 [keystone_authtoken] \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri insecure \u503c\u8bbe\u7f6e\u4e3a False \u3002 \u5931\u8d25\uff1a\u5982\u679c in /etc/barbican/barbican.conf \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri \u503c\u672a\u8bbe\u7f6e\u4e3a\u4ee5 \u5f00\u5934\u7684\u8eab\u4efd API \u7aef\u70b9\uff0c https:// \u6216\u8005\u540c\u4e00 /etc/barbican/barbican.conf \u90e8\u5206\u4e2d\u7684\u53c2\u6570 insecure [keystone_authtoken] \u503c\u8bbe\u7f6e\u4e3a True \u3002 \u6d88\u606f\u961f\u5217 \u00b6 \u6d88\u606f\u961f\u5217\u670d\u52a1\u4fc3\u8fdb\u4e86 OpenStack \u4e2d\u7684\u8fdb\u7a0b\u95f4\u901a\u4fe1\u3002OpenStack \u652f\u6301\u4ee5\u4e0b\u6d88\u606f\u961f\u5217\u670d\u52a1\u540e\u7aef\uff1a RabbitMQ Qpid ZeroMQ \u6216 0MQ RabbitMQ \u548c Qpid \u90fd\u662f\u9ad8\u7ea7\u6d88\u606f\u961f\u5217\u534f\u8bae \uff08AMQP\uff09 \u6846\u67b6\uff0c\u5b83\u4eec\u4e3a\u70b9\u5bf9\u70b9\u901a\u4fe1\u63d0\u4f9b\u6d88\u606f\u961f\u5217\u3002\u961f\u5217\u5b9e\u73b0\u901a\u5e38\u90e8\u7f72\u4e3a\u96c6\u4e2d\u5f0f\u6216\u5206\u6563\u5f0f\u961f\u5217\u670d\u52a1\u5668\u6c60\u3002ZeroMQ \u901a\u8fc7 TCP \u5957\u63a5\u5b57\u63d0\u4f9b\u76f4\u63a5\u7684\u70b9\u5bf9\u70b9\u901a\u4fe1\u3002 \u6d88\u606f\u961f\u5217\u6709\u6548\u5730\u4fc3\u8fdb\u4e86\u8de8 OpenStack \u90e8\u7f72\u7684\u547d\u4ee4\u548c\u63a7\u5236\u529f\u80fd\u3002\u4e00\u65e6\u5141\u8bb8\u8bbf\u95ee\u961f\u5217\uff0c\u5c31\u4e0d\u4f1a\u6267\u884c\u8fdb\u4e00\u6b65\u7684\u6388\u6743\u68c0\u67e5\u3002\u53ef\u901a\u8fc7\u961f\u5217\u8bbf\u95ee\u7684\u670d\u52a1\u4f1a\u9a8c\u8bc1\u5b9e\u9645\u6d88\u606f\u8d1f\u8f7d\u4e2d\u7684\u4e0a\u4e0b\u6587\u548c\u4ee4\u724c\u3002\u4f46\u662f\uff0c\u60a8\u5fc5\u987b\u6ce8\u610f\u4ee4\u724c\u7684\u5230\u671f\u65e5\u671f\uff0c\u56e0\u4e3a\u4ee4\u724c\u53ef\u80fd\u53ef\u91cd\u64ad\uff0c\u5e76\u4e14\u53ef\u4ee5\u6388\u6743\u57fa\u7840\u7ed3\u6784\u4e2d\u7684\u5176\u4ed6\u670d\u52a1\u3002 OpenStack \u4e0d\u652f\u6301\u6d88\u606f\u7ea7\u522b\u7684\u5b89\u5168\u6027\uff0c\u4f8b\u5982\u6d88\u606f\u7b7e\u540d\u3002\u56e0\u6b64\uff0c\u60a8\u5fc5\u987b\u5bf9\u6d88\u606f\u4f20\u8f93\u672c\u8eab\u8fdb\u884c\u5b89\u5168\u548c\u8eab\u4efd\u9a8c\u8bc1\u3002\u5bf9\u4e8e\u9ad8\u53ef\u7528\u6027 \uff08HA\uff09 \u914d\u7f6e\uff0c\u60a8\u5fc5\u987b\u6267\u884c\u961f\u5217\u5bf9\u961f\u5217\u7684\u8eab\u4efd\u9a8c\u8bc1\u548c\u52a0\u5bc6\u3002 \u901a\u8fc7 ZeroMQ \u6d88\u606f\u4f20\u9012\uff0cIPC \u5957\u63a5\u5b57\u5728\u5355\u4e2a\u673a\u5668\u4e0a\u4f7f\u7528\u3002\u7531\u4e8e\u8fd9\u4e9b\u5957\u63a5\u5b57\u5bb9\u6613\u53d7\u5230\u653b\u51fb\uff0c\u56e0\u6b64\u8bf7\u786e\u4fdd\u4e91\u8fd0\u8425\u5546\u5df2\u4fdd\u62a4\u5b83\u4eec\u3002 \u6d88\u606f\u5b89\u5168 \u6d88\u606f\u4f20\u8f93\u5b89\u5168 \u961f\u5217\u8eab\u4efd\u9a8c\u8bc1\u548c\u8bbf\u95ee\u63a7\u5236 \u6d88\u606f\u961f\u5217\u8fdb\u7a0b\u9694\u79bb\u548c\u7b56\u7565 \u6d88\u606f\u5b89\u5168 \u00b6 \u672c\u8282\u8ba8\u8bba OpenStack \u4e2d\u4f7f\u7528\u7684\u4e09\u79cd\u6700\u5e38\u89c1\u7684\u6d88\u606f\u961f\u5217\u89e3\u51b3\u65b9\u6848\u7684\u5b89\u5168\u5f3a\u5316\u65b9\u6cd5\uff1aRabbitMQ\u3001Qpid \u548c ZeroMQ\u3002 \u6d88\u606f\u4f20\u8f93\u5b89\u5168 \u00b6 \u57fa\u4e8e AMQP \u7684\u89e3\u51b3\u65b9\u6848\uff08Qpid \u548c RabbitMQ\uff09\u652f\u6301\u4f7f\u7528 TLS \u7684\u4f20\u8f93\u7ea7\u5b89\u5168\u6027\u3002ZeroMQ \u6d88\u606f\u4f20\u9012\u672c\u8eab\u4e0d\u652f\u6301 TLS\uff0c\u4f46\u4f7f\u7528\u6807\u8bb0\u7684 IPsec \u6216 CIPSO \u7f51\u7edc\u6807\u7b7e\u53ef\u4ee5\u5b9e\u73b0\u4f20\u8f93\u7ea7\u5b89\u5168\u6027\u3002 \u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\u4e3a\u60a8\u7684\u6d88\u606f\u961f\u5217\u542f\u7528\u4f20\u8f93\u7ea7\u52a0\u5bc6\u3002\u5c06 TLS \u7528\u4e8e\u6d88\u606f\u4f20\u9012\u5ba2\u6237\u7aef\u8fde\u63a5\u53ef\u4ee5\u4fdd\u62a4\u901a\u4fe1\u5728\u4f20\u8f93\u5230\u6d88\u606f\u4f20\u9012\u670d\u52a1\u5668\u7684\u8fc7\u7a0b\u4e2d\u4e0d\u88ab\u7be1\u6539\u548c\u7a83\u542c\u3002\u4ee5\u4e0b\u662f\u6709\u5173\u5982\u4f55\u4e3a\u4e24\u4e2a\u5e38\u7528\u6d88\u606f\u4f20\u9012\u670d\u52a1\u5668 Qpid \u548c RabbitMQ \u914d\u7f6e TLS \u7684\u6307\u5357\u3002\u5728\u914d\u7f6e\u6d88\u606f\u4f20\u9012\u670d\u52a1\u5668\u7528\u4e8e\u9a8c\u8bc1\u5ba2\u6237\u673a\u8fde\u63a5\u7684\u53ef\u4fe1\u8bc1\u4e66\u9881\u53d1\u673a\u6784 \uff08CA\uff09 \u6346\u7ed1\u8f6f\u4ef6\u65f6\uff0c\u5efa\u8bae\u4ec5\u5c06\u5176\u9650\u5236\u4e3a\u7528\u4e8e\u8282\u70b9\u7684 CA\uff0c\u6700\u597d\u662f\u5185\u90e8\u7ba1\u7406\u7684 CA\u3002\u53d7\u4fe1\u4efb\u7684 CA \u6346\u7ed1\u5305\u5c06\u786e\u5b9a\u54ea\u4e9b\u5ba2\u6237\u7aef\u8bc1\u4e66\u5c06\u83b7\u5f97\u6388\u6743\uff0c\u5e76\u901a\u8fc7\u8bbe\u7f6e TLS \u8fde\u63a5\u7684\u5ba2\u6237\u7aef-\u670d\u52a1\u5668\u9a8c\u8bc1\u6b65\u9aa4\u3002\u8bf7\u6ce8\u610f\uff0c\u5728\u5b89\u88c5\u8bc1\u4e66\u548c\u5bc6\u94a5\u6587\u4ef6\u65f6\uff0c\u8bf7\u786e\u4fdd\u6587\u4ef6\u6743\u9650\u53d7\u5230\u9650\u5236\uff0c\u4f8b\u5982\u4f7f\u7528 chmod 0600 \uff0c\u5e76\u4e14\u6240\u6709\u6743\u9650\u5236\u4e3a\u6d88\u606f\u4f20\u9012\u670d\u52a1\u5668\u5b88\u62a4\u7a0b\u5e8f\u7528\u6237\uff0c\u4ee5\u9632\u6b62\u6d88\u606f\u4f20\u9012\u670d\u52a1\u5668\u4e0a\u7684\u5176\u4ed6\u8fdb\u7a0b\u548c\u7528\u6237\u8fdb\u884c\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002 RabbitMQ \u670d\u52a1\u5668 SSL \u914d\u7f6e \u00b6 \u5e94\u5c06\u4ee5\u4e0b\u884c\u6dfb\u52a0\u5230\u7cfb\u7edf\u8303\u56f4\u7684 RabbitMQ \u914d\u7f6e\u6587\u4ef6\u4e2d\uff0c\u901a\u5e38 /etc/rabbitmq/rabbitmq.config \uff1a [ {rabbit, [ {tcp_listeners, [] }, {ssl_listeners, [{\"<IP address or hostname of management network interface>\", 5671}] }, {ssl_options, [{cacertfile,\"/etc/ssl/cacert.pem\"}, {certfile,\"/etc/ssl/rabbit-server-cert.pem\"}, {keyfile,\"/etc/ssl/rabbit-server-key.pem\"}, {verify,verify_peer}, {fail_if_no_peer_cert,true}]} ]} ]. \u8bf7\u6ce8\u610f\uff0c\u8be5 tcp_listeners \u9009\u9879\u8bbe\u7f6e\u4e3a [] \u963b\u6b62\u5b83\u4fa6\u542c\u975e SSL \u7aef\u53e3\u3002\u5e94\u5c06\u8be5 ssl_listeners \u9009\u9879\u9650\u5236\u4e3a\u4ec5\u5728\u7ba1\u7406\u7f51\u7edc\u4e0a\u4fa6\u542c\u670d\u52a1\u3002 \u6709\u5173 RabbitMQ SSL \u914d\u7f6e\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\uff1a RabbitMQ \u914d\u7f6e RabbitMQ SSL\u534f\u8bae Qpid \u670d\u52a1\u5668 SSL \u914d\u7f6e \u00b6 Apache \u57fa\u91d1\u4f1a\u4e3a Qpid \u63d0\u4f9b\u4e86\u6d88\u606f\u4f20\u9012\u5b89\u5168\u6307\u5357\u3002\u8bf7\u53c2\u9605\uff1a Apache Qpid SSL \u961f\u5217\u8ba4\u8bc1\u548c\u8bbf\u95ee\u63a7\u5236 \u00b6 RabbitMQ \u548c Qpid \u63d0\u4f9b\u8eab\u4efd\u9a8c\u8bc1\u548c\u8bbf\u95ee\u63a7\u5236\u673a\u5236\uff0c\u7528\u4e8e\u63a7\u5236\u5bf9\u961f\u5217\u7684\u8bbf\u95ee\u3002ZeroMQ \u4e0d\u63d0\u4f9b\u6b64\u7c7b\u673a\u5236\u3002 \u7b80\u5355\u8eab\u4efd\u9a8c\u8bc1\u548c\u5b89\u5168\u5c42 \uff08SASL\uff09 \u662f Internet \u534f\u8bae\u4e2d\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\u548c\u6570\u636e\u5b89\u5168\u7684\u6846\u67b6\u3002RabbitMQ \u548c Qpid \u90fd\u63d0\u4f9b SASL \u548c\u5176\u4ed6\u53ef\u63d2\u5165\u7684\u8eab\u4efd\u9a8c\u8bc1\u673a\u5236\uff0c\u800c\u4e0d\u4ec5\u4ec5\u662f\u7b80\u5355\u7684\u7528\u6237\u540d\u548c\u5bc6\u7801\uff0c\u4ece\u800c\u53ef\u4ee5\u63d0\u9ad8\u8eab\u4efd\u9a8c\u8bc1\u5b89\u5168\u6027\u3002\u867d\u7136 RabbitMQ \u652f\u6301 SASL\uff0c\u4f46 OpenStack \u4e2d\u7684\u652f\u6301\u76ee\u524d\u4e0d\u5141\u8bb8\u8bf7\u6c42\u7279\u5b9a\u7684 SASL \u8eab\u4efd\u9a8c\u8bc1\u673a\u5236\u3002OpenStack \u4e2d\u7684 RabbitMQ \u652f\u6301\u5141\u8bb8\u901a\u8fc7\u672a\u52a0\u5bc6\u7684\u8fde\u63a5\u8fdb\u884c\u7528\u6237\u540d\u548c\u5bc6\u7801\u8eab\u4efd\u9a8c\u8bc1\uff0c\u6216\u8005\u5c06\u7528\u6237\u540d\u548c\u5bc6\u7801\u4e0e X.509 \u5ba2\u6237\u7aef\u8bc1\u4e66\u7ed3\u5408\u4f7f\u7528\uff0c\u4ee5\u5efa\u7acb\u5b89\u5168\u7684 TLS \u8fde\u63a5\u3002 \u6211\u4eec\u5efa\u8bae\u5728\u6240\u6709 OpenStack \u670d\u52a1\u8282\u70b9\u4e0a\u914d\u7f6e X.509 \u5ba2\u6237\u7aef\u8bc1\u4e66\uff0c\u4ee5\u4fbf\u5ba2\u6237\u7aef\u8fde\u63a5\u5230\u6d88\u606f\u4f20\u9012\u961f\u5217\uff0c\u5e76\u5728\u53ef\u80fd\u7684\u60c5\u51b5\u4e0b\uff08\u76ee\u524d\u4ec5 Qpid\uff09\u4f7f\u7528 X.509 \u5ba2\u6237\u7aef\u8bc1\u4e66\u6267\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u4f7f\u7528\u7528\u6237\u540d\u548c\u5bc6\u7801\u65f6\uff0c\u5e94\u6309\u670d\u52a1\u548c\u8282\u70b9\u521b\u5efa\u5e10\u6237\uff0c\u4ee5\u4fbf\u5bf9\u961f\u5217\u7684\u8bbf\u95ee\u8fdb\u884c\u66f4\u7cbe\u7ec6\u7684\u53ef\u5ba1\u6838\u6027\u3002 \u5728\u90e8\u7f72\u4e4b\u524d\uff0c\u8bf7\u8003\u8651\u6392\u961f\u670d\u52a1\u5668\u4f7f\u7528\u7684 TLS \u5e93\u3002Qpid \u4f7f\u7528 Mozilla \u7684 NSS \u5e93\uff0c\u800c RabbitMQ \u4f7f\u7528 Erlang \u7684 TLS \u6a21\u5757\uff0c\u8be5\u6a21\u5757\u4f7f\u7528 OpenSSL\u3002 \u8eab\u4efd\u9a8c\u8bc1\u914d\u7f6e\u793a\u4f8b\uff1aRabbitMQ \u00b6 \u5728 RabbitMQ \u670d\u52a1\u5668\u4e0a\uff0c\u5220\u9664\u9ed8\u8ba4 guest \u7528\u6237\uff1a # rabbitmqctl delete_user guest \u5728 RabbitMQ \u670d\u52a1\u5668\u4e0a\uff0c\u5bf9\u4e8e\u4e0e\u6d88\u606f\u961f\u5217\u901a\u4fe1\u7684\u6bcf\u4e2a OpenStack \u670d\u52a1\u6216\u8282\u70b9\uff0c\u8bf7\u8bbe\u7f6e\u7528\u6237\u5e10\u6237\u548c\u6743\u9650\uff1a # rabbitmqctl add_user compute01 RABBIT_PASS # rabbitmqctl set_permissions compute01 \".*\" \".*\" \".*\" \u5c06RABBIT_PASS\u66ff\u6362\u4e3a\u5408\u9002\u7684\u5bc6\u7801\u3002 \u6709\u5173\u5176\u4ed6\u914d\u7f6e\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\uff1a RabbitMQ \u8bbf\u95ee\u63a7\u5236 RabbitMQ \u8eab\u4efd\u9a8c\u8bc1 RabbitMQ \u63d2\u4ef6 RabbitMQ SASL \u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1 OpenStack \u670d\u52a1\u914d\u7f6e\uff1aRabbitMQ \u00b6 [DEFAULT] rpc_backend = nova.openstack.common.rpc.impl_kombu rabbit_use_ssl = True rabbit_host = RABBIT_HOST rabbit_port = 5671 rabbit_user = compute01 rabbit_password = RABBIT_PASS kombu_ssl_keyfile = /etc/ssl/node-key.pem kombu_ssl_certfile = /etc/ssl/node-cert.pem kombu_ssl_ca_certs = /etc/ssl/cacert.pem \u8eab\u4efd\u9a8c\u8bc1\u914d\u7f6e\u793a\u4f8b\uff1aQpid \u00b6 \u6709\u5173\u914d\u7f6e\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\uff1a Apache Qpid \u8eab\u4efd\u9a8c\u8bc1 Apache Qpid \u6388\u6743 OpenStack \u670d\u52a1\u914d\u7f6e\uff1aQpid \u00b6 [DEFAULT] rpc_backend = nova.openstack.common.rpc.impl_qpid qpid_protocol = ssl qpid_hostname = <IP or hostname of management network interface of messaging server> qpid_port = 5671 qpid_username = compute01 qpid_password = QPID_PASS \uff08\u53ef\u9009\uff09\u5982\u679c\u5c06 SASL \u4e0e Qpid \u4e00\u8d77\u4f7f\u7528\uff0c\u8bf7\u901a\u8fc7\u6dfb\u52a0\u4ee5\u4e0b\u5185\u5bb9\u6765\u6307\u5b9a\u6b63\u5728\u4f7f\u7528\u7684 SASL \u673a\u5236\uff1a qpid_sasl_mechanisms = <space separated list of SASL mechanisms to use for auth> \u6d88\u606f\u961f\u5217\u8fdb\u7a0b\u9694\u79bb\u548c\u7b56\u7565 \u00b6 \u6bcf\u4e2a\u9879\u76ee\u90fd\u63d0\u4f9b\u4e86\u8bb8\u591a\u53d1\u9001\u548c\u4f7f\u7528\u6d88\u606f\u7684\u670d\u52a1\u3002\u6bcf\u4e2a\u53d1\u9001\u6d88\u606f\u7684\u4e8c\u8fdb\u5236\u6587\u4ef6\u90fd\u5e94\u8be5\u4f7f\u7528\u961f\u5217\u4e2d\u7684\u6d88\u606f\uff0c\u5982\u679c\u53ea\u662f\u56de\u590d\u7684\u8bdd\u3002 \u6d88\u606f\u961f\u5217\u670d\u52a1\u8fdb\u7a0b\u5e94\u5f7c\u6b64\u9694\u79bb\uff0c\u5e76\u5e94\u4e0e\u8ba1\u7b97\u673a\u4e0a\u7684\u5176\u4ed6\u8fdb\u7a0b\u9694\u79bb\u3002 \u547d\u540d\u7a7a\u95f4 \u00b6 \u5f3a\u70c8\u5efa\u8bae\u5728 OpenStack Compute Hypervisor \u4e0a\u8fd0\u884c\u7684\u6240\u6709\u670d\u52a1\u4f7f\u7528\u7f51\u7edc\u547d\u540d\u7a7a\u95f4\u3002\u8fd9\u5c06\u6709\u52a9\u4e8e\u9632\u6b62 VM \u6765\u5bbe\u548c\u7ba1\u7406\u7f51\u7edc\u4e4b\u95f4\u7684\u7f51\u7edc\u6d41\u91cf\u6865\u63a5\u3002 \u4f7f\u7528 ZeroMQ \u6d88\u606f\u4f20\u9012\u65f6\uff0c\u6bcf\u4e2a\u4e3b\u673a\u5fc5\u987b\u81f3\u5c11\u8fd0\u884c\u4e00\u4e2a ZeroMQ \u6d88\u606f\u63a5\u6536\u5668\uff0c\u4ee5\u63a5\u6536\u6765\u81ea\u7f51\u7edc\u7684\u6d88\u606f\u5e76\u901a\u8fc7 IPC \u5c06\u6d88\u606f\u8f6c\u53d1\u5230\u672c\u5730\u8fdb\u7a0b\u3002\u5728 IPC \u547d\u540d\u7a7a\u95f4\u4e2d\u4e3a\u6bcf\u4e2a\u9879\u76ee\u8fd0\u884c\u4e00\u4e2a\u72ec\u7acb\u7684\u6d88\u606f\u63a5\u6536\u5668\u662f\u53ef\u80fd\u7684\uff0c\u4e5f\u662f\u53ef\u53d6\u7684\uff0c\u4ee5\u53ca\u540c\u4e00\u9879\u76ee\u4e2d\u7684\u5176\u4ed6\u670d\u52a1\u3002 \u7f51\u7edc\u7b56\u7565 \u00b6 \u961f\u5217\u670d\u52a1\u5668\u5e94\u4ec5\u63a5\u53d7\u6765\u81ea\u7ba1\u7406\u7f51\u7edc\u7684\u8fde\u63a5\u3002\u8fd9\u9002\u7528\u4e8e\u6240\u6709\u5b9e\u73b0\u3002\u8fd9\u5e94\u901a\u8fc7\u670d\u52a1\u914d\u7f6e\u6765\u5b9e\u73b0\uff0c\u5e76\u53ef\u9009\u62e9\u901a\u8fc7\u5168\u5c40\u7f51\u7edc\u7b56\u7565\u5f3a\u5236\u5b9e\u65bd\u3002 \u4f7f\u7528 ZeroMQ \u6d88\u606f\u4f20\u9012\u65f6\uff0c\u6bcf\u4e2a\u9879\u76ee\u90fd\u5e94\u5728\u4e13\u7528\u4e8e\u5c5e\u4e8e\u8be5\u9879\u76ee\u7684\u670d\u52a1\u7684\u7aef\u53e3\u4e0a\u8fd0\u884c\u5355\u72ec\u7684 ZeroMQ \u63a5\u6536\u65b9\u8fdb\u7a0b\u3002\u8fd9\u76f8\u5f53\u4e8e AMQP \u7684\u63a7\u5236\u4ea4\u6362\u6982\u5ff5\u3002 \u5f3a\u5236\u8bbf\u95ee\u63a7\u5236 \u00b6 \u4f7f\u7528\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236 \uff08MAC\uff09 \u548c\u81ea\u7531\u8bbf\u95ee\u63a7\u5236 \uff08DAC\uff09 \u5c06\u8fdb\u7a0b\u7684\u914d\u7f6e\u9650\u5236\u4e3a\u4ec5\u8fd9\u4e9b\u8fdb\u7a0b\u3002\u6b64\u9650\u5236\u53ef\u9632\u6b62\u8fd9\u4e9b\u8fdb\u7a0b\u4e0e\u5728\u540c\u4e00\u53f0\u8ba1\u7b97\u673a\u4e0a\u8fd0\u884c\u7684\u5176\u4ed6\u8fdb\u7a0b\u9694\u79bb\u3002 \u6570\u636e\u5904\u7406 \u00b6 \u6570\u636e\u5904\u7406\u670d\u52a1\uff08sahara\uff09\u63d0\u4f9b\u4e86\u4e00\u4e2a\u5e73\u53f0\uff0c\u7528\u4e8e\u4f7f\u7528Hadoop\u548cSpark\u7b49\u5904\u7406\u6846\u67b6\u6765\u914d\u7f6e\u548c\u7ba1\u7406\u5b9e\u4f8b\u96c6\u7fa4\u3002\u901a\u8fc7 OpenStack Dashboard \u6216 REST API\uff0c\u7528\u6237\u80fd\u591f\u4e0a\u4f20\u548c\u6267\u884c\u6846\u67b6\u5e94\u7528\u7a0b\u5e8f\uff0c\u8fd9\u4e9b\u5e94\u7528\u7a0b\u5e8f\u53ef\u4ee5\u8bbf\u95ee\u5bf9\u8c61\u5b58\u50a8\u6216\u5916\u90e8\u63d0\u4f9b\u7a0b\u5e8f\u4e2d\u7684\u6570\u636e\u3002\u6570\u636e\u5904\u7406\u63a7\u5236\u5668\u4f7f\u7528\u7f16\u6392\u670d\u52a1 \uff08heat\uff09 \u521b\u5efa\u5b9e\u4f8b\u96c6\u7fa4\uff0c\u8fd9\u4e9b\u96c6\u7fa4\u53ef\u4ee5\u4f5c\u4e3a\u957f\u671f\u8fd0\u884c\u7684\u7ec4\u5b58\u5728\uff0c\u8fd9\u4e9b\u7ec4\u53ef\u4ee5\u6839\u636e\u8bf7\u6c42\u8fdb\u884c\u6269\u5c55\u548c\u6536\u7f29\uff0c\u4e5f\u53ef\u4ee5\u4f5c\u4e3a\u4e3a\u5355\u4e2a\u5de5\u4f5c\u8d1f\u8f7d\u521b\u5efa\u7684\u77ac\u6001\u7ec4\u5b58\u5728\u3002 \u6570\u636e\u5904\u7406\u7b80\u4ecb \u67b6\u6784 \u6d89\u53ca\u7684\u6280\u672f \u7528\u6237\u5bf9\u8d44\u6e90\u7684\u8bbf\u95ee\u6743\u9650 \u90e8\u7f72 \u63a7\u5236\u5668\u5bf9\u96c6\u7fa4\u7684\u7f51\u7edc\u8bbf\u95ee \u914d\u7f6e\u548c\u5f3a\u5316 TLS \u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236\u7b56\u7565 \u5b89\u5168\u7ec4 \u4ee3\u7406\u57df \u81ea\u5b9a\u4e49\u7f51\u7edc\u62d3\u6251 \u95f4\u63a5\u8bbf\u95ee \u6839\u5305\u88c5 \u65e5\u5fd7\u8bb0\u5f55 \u53c2\u8003\u4e66\u76ee \u6570\u636e\u5904\u7406\u7b80\u4ecb \u00b6 \u6570\u636e\u5904\u7406\u670d\u52a1\u63a7\u5236\u5668\u5c06\u8d1f\u8d23\u521b\u5efa\u3001\u7ef4\u62a4\u548c\u9500\u6bc1\u4e3a\u5176\u96c6\u7fa4\u521b\u5efa\u7684\u4efb\u4f55\u5b9e\u4f8b\u3002\u63a7\u5236\u5668\u5c06\u4f7f\u7528\u7f51\u7edc\u670d\u52a1\u5728\u81ea\u8eab\u548c\u96c6\u7fa4\u5b9e\u4f8b\u4e4b\u95f4\u5efa\u7acb\u7f51\u7edc\u8def\u5f84\u3002\u5b83\u8fd8\u5c06\u7ba1\u7406\u8981\u5728\u96c6\u7fa4\u4e0a\u8fd0\u884c\u7684\u7528\u6237\u5e94\u7528\u7a0b\u5e8f\u7684\u90e8\u7f72\u548c\u751f\u547d\u5468\u671f\u3002\u96c6\u7fa4\u4e2d\u7684\u5b9e\u4f8b\u5305\u542b\u6846\u67b6\u5904\u7406\u5f15\u64ce\u7684\u6838\u5fc3\uff0c\u6570\u636e\u5904\u7406\u670d\u52a1\u63d0\u4f9b\u4e86\u591a\u4e2a\u9009\u9879\u6765\u521b\u5efa\u548c\u7ba1\u7406\u4e0e\u8fd9\u4e9b\u5b9e\u4f8b\u7684\u8fde\u63a5\u3002 \u6570\u636e\u5904\u7406\u8d44\u6e90\uff08\u7fa4\u96c6\u3001\u4f5c\u4e1a\u548c\u6570\u636e\u6e90\uff09\u6309\u8eab\u4efd\u670d\u52a1\u4e2d\u5b9a\u4e49\u7684\u9879\u76ee\u8fdb\u884c\u5206\u9694\u3002\u8fd9\u4e9b\u8d44\u6e90\u5728\u9879\u76ee\u4e2d\u5171\u4eab\uff0c\u4e86\u89e3\u4f7f\u7528\u8be5\u670d\u52a1\u7684\u4eba\u5458\u7684\u8bbf\u95ee\u9700\u6c42\u975e\u5e38\u91cd\u8981\u3002\u901a\u8fc7\u4f7f\u7528\u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236\uff0c\u53ef\u4ee5\u8fdb\u4e00\u6b65\u9650\u5236\u9879\u76ee\u4e2d\u7684\u6d3b\u52a8\uff08\u4f8b\u5982\u542f\u52a8\u96c6\u7fa4\u3001\u4e0a\u4f20\u4f5c\u4e1a\u7b49\uff09\u3002 \u5728\u672c\u7ae0\u4e2d\uff0c\u6211\u4eec\u5c06\u8ba8\u8bba\u5982\u4f55\u8bc4\u4f30\u6570\u636e\u5904\u7406\u7528\u6237\u5bf9\u5176\u5e94\u7528\u7a0b\u5e8f\u3001\u4ed6\u4eec\u4f7f\u7528\u7684\u6570\u636e\u4ee5\u53ca\u4ed6\u4eec\u5728\u9879\u76ee\u4e2d\u7684\u9884\u671f\u529f\u80fd\u7684\u9700\u6c42\u3002\u6211\u4eec\u8fd8\u5c06\u6f14\u793a\u670d\u52a1\u63a7\u5236\u5668\u53ca\u5176\u96c6\u7fa4\u7684\u4e00\u4e9b\u5f3a\u5316\u6280\u672f\uff0c\u5e76\u63d0\u4f9b\u5404\u79cd\u63a7\u5236\u5668\u914d\u7f6e\u548c\u7528\u6237\u7ba1\u7406\u65b9\u6cd5\u7684\u793a\u4f8b\uff0c\u4ee5\u786e\u4fdd\u8db3\u591f\u7684\u5b89\u5168\u548c\u9690\u79c1\u7ea7\u522b\u3002 \u67b6\u6784 \u00b6 \u4e0b\u56fe\u663e\u793a\u4e86\u6570\u636e\u5904\u7406\u670d\u52a1\u5982\u4f55\u9002\u5e94\u66f4\u5927\u7684 OpenStack \u751f\u6001\u7cfb\u7edf\u7684\u6982\u5ff5\u89c6\u56fe\u3002 \u6570\u636e\u5904\u7406\u670d\u52a1\u5728\u96c6\u7fa4\u914d\u7f6e\u8fc7\u7a0b\u4e2d\u5927\u91cf\u4f7f\u7528\u8ba1\u7b97\u3001\u7f16\u6392\u3001\u955c\u50cf\u548c\u5757\u5b58\u50a8\u670d\u52a1\u3002\u5b83\u8fd8\u5c06\u4f7f\u7528\u5728\u7fa4\u96c6\u521b\u5efa\u671f\u95f4\u63d0\u4f9b\u7684\u7531\u7f51\u7edc\u670d\u52a1\u521b\u5efa\u7684\u4e00\u4e2a\u6216\u591a\u4e2a\u7f51\u7edc\u6765\u7ba1\u7406\u5b9e\u4f8b\u3002\u5f53\u7528\u6237\u8fd0\u884c\u6846\u67b6\u5e94\u7528\u7a0b\u5e8f\u65f6\uff0c\u63a7\u5236\u5668\u548c\u96c6\u7fa4\u5c06\u8bbf\u95ee\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u3002\u9274\u4e8e\u8fd9\u4e9b\u670d\u52a1\u7528\u6cd5\uff0c\u6211\u4eec\u5efa\u8bae\u6309\u7167\u7cfb\u7edf\u6587\u6863\u4e2d\u6982\u8ff0\u7684\u8bf4\u660e\u5bf9\u5b89\u88c5\u7684\u6240\u6709\u7ec4\u4ef6\u8fdb\u884c\u7f16\u76ee\u3002 \u6d89\u53ca\u7684\u6280\u672f \u00b6 \u6570\u636e\u5904\u7406\u670d\u52a1\u8d1f\u8d23\u90e8\u7f72\u548c\u7ba1\u7406\u591a\u4e2a\u5e94\u7528\u7a0b\u5e8f\u3002\u4e3a\u4e86\u5168\u9762\u4e86\u89e3\u6240\u63d0\u4f9b\u7684\u5b89\u5168\u9009\u9879\uff0c\u6211\u4eec\u5efa\u8bae\u64cd\u4f5c\u5458\u5927\u81f4\u719f\u6089\u8fd9\u4e9b\u5e94\u7528\u7a0b\u5e8f\u3002\u7a81\u51fa\u663e\u793a\u7684\u6280\u672f\u5217\u8868\u5206\u4e3a\u4e24\u90e8\u5206\uff1a\u7b2c\u4e00\u90e8\u5206\uff0c\u5bf9\u5b89\u5168\u6027\u5f71\u54cd\u8f83\u5927\u7684\u9ad8\u4f18\u5148\u7ea7\u5e94\u7528\u7a0b\u5e8f\uff0c\u7b2c\u4e8c\u90e8\u5206\uff0c\u652f\u6301\u5f71\u54cd\u8f83\u5c0f\u7684\u5e94\u7528\u7a0b\u5e8f\u3002 \u66f4\u9ad8\u7684\u5f71\u54cd Hadoop Hadoop\u5b89\u5168\u6a21\u5f0f\u6587\u6863 HDFS Spark Spark \u5b89\u5168 Storm Zookeeper \u8f83\u4f4e\u7684\u5f71\u54cd Oozie Hive Pig \u8fd9\u4e9b\u6280\u672f\u6784\u6210\u4e86\u4e0e\u6570\u636e\u5904\u7406\u670d\u52a1\u4e00\u8d77\u90e8\u7f72\u7684\u6846\u67b6\u7684\u6838\u5fc3\u3002\u9664\u4e86\u8fd9\u4e9b\u6280\u672f\u4e4b\u5916\uff0c\u8be5\u670d\u52a1\u8fd8\u5305\u62ec\u7b2c\u4e09\u65b9\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u6346\u7ed1\u6846\u67b6\u3002\u8fd9\u4e9b\u6346\u7ed1\u6846\u67b6\u662f\u4f7f\u7528\u4e0a\u8ff0\u76f8\u540c\u6838\u5fc3\u90e8\u5206\u4ee5\u53ca\u4f9b\u5e94\u5546\u5305\u542b\u7684\u914d\u7f6e\u548c\u5e94\u7528\u7a0b\u5e8f\u6784\u5efa\u7684\u3002\u6709\u5173\u7b2c\u4e09\u65b9\u6846\u67b6\u6346\u7ed1\u5305\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u4ee5\u4e0b\u94fe\u63a5\uff1a Cloudera CDH Hortonworks Data Platform MapR \u7528\u6237\u8bbf\u95ee\u8d44\u6e90 \u00b6 \u6570\u636e\u5904\u7406\u670d\u52a1\u7684\u8d44\u6e90\uff08\u96c6\u7fa4\u3001\u4f5c\u4e1a\u548c\u6570\u636e\u6e90\uff09\u5728\u9879\u76ee\u8303\u56f4\u5185\u5171\u4eab\u3002\u5c3d\u7ba1\u5355\u4e2a\u63a7\u5236\u5668\u5b89\u88c5\u53ef\u4ee5\u7ba1\u7406\u591a\u7ec4\u8d44\u6e90\uff0c\u4f46\u8fd9\u4e9b\u8d44\u6e90\u7684\u8303\u56f4\u5c06\u9650\u5b9a\u4e3a\u5355\u4e2a\u9879\u76ee\u3002\u9274\u4e8e\u6b64\u9650\u5236\uff0c\u6211\u4eec\u5efa\u8bae\u5bc6\u5207\u76d1\u89c6\u9879\u76ee\u4e2d\u7684\u7528\u6237\u6210\u5458\u8eab\u4efd\uff0c\u4ee5\u4fdd\u6301\u8d44\u6e90\u7684\u9002\u5f53\u9694\u79bb\u3002 \u7531\u4e8e\u90e8\u7f72\u6b64\u670d\u52a1\u7684\u7ec4\u7ec7\u7684\u5b89\u5168\u8981\u6c42\u4f1a\u6839\u636e\u5176\u7279\u5b9a\u9700\u6c42\u800c\u6709\u6240\u4e0d\u540c\uff0c\u56e0\u6b64\u6211\u4eec\u5efa\u8bae\u8fd0\u8425\u5546\u5c06\u91cd\u70b9\u653e\u5728\u6570\u636e\u9690\u79c1\u3001\u96c6\u7fa4\u7ba1\u7406\u548c\u6700\u7ec8\u7528\u6237\u5e94\u7528\u7a0b\u5e8f\u4e0a\uff0c\u4f5c\u4e3a\u8bc4\u4f30\u7528\u6237\u9700\u6c42\u7684\u8d77\u70b9\u3002\u8fd9\u4e9b\u51b3\u7b56\u5c06\u6709\u52a9\u4e8e\u6307\u5bfc\u914d\u7f6e\u7528\u6237\u5bf9\u670d\u52a1\u7684\u8bbf\u95ee\u7684\u8fc7\u7a0b\u3002\u6709\u5173\u6570\u636e\u9690\u79c1\u7684\u6269\u5c55\u8ba8\u8bba\uff0c\u8bf7\u53c2\u9605\u79df\u6237\u6570\u636e\u9690\u79c1\u3002 \u6570\u636e\u5904\u7406\u5b89\u88c5\u7684\u9ed8\u8ba4\u5047\u8bbe\u662f\u7528\u6237\u5c06\u6709\u6743\u8bbf\u95ee\u5176\u9879\u76ee\u4e2d\u7684\u6240\u6709\u529f\u80fd\u3002\u5982\u679c\u9700\u8981\u66f4\u7cbe\u7ec6\u7684\u63a7\u5236\uff0c\u6570\u636e\u5904\u7406\u670d\u52a1\u4f1a\u63d0\u4f9b\u7b56\u7565\u6587\u4ef6\uff08\u5982\u7b56\u7565\u4e2d\u6240\u8ff0\uff09\u3002\u8fd9\u4e9b\u914d\u7f6e\u5c06\u9ad8\u5ea6\u4f9d\u8d56\u4e8e\u5b89\u88c5\u7ec4\u7ec7\u7684\u9700\u6c42\uff0c\u56e0\u6b64\u6ca1\u6709\u5173\u4e8e\u5176\u4f7f\u7528\u7684\u4e00\u822c\u5efa\u8bae\uff1a\u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236\u7b56\u7565\u3002 \u90e8\u7f72 \u00b6 \u4e0e\u8bb8\u591a\u5176\u4ed6 OpenStack \u670d\u52a1\u4e00\u6837\uff0c\u6570\u636e\u5904\u7406\u670d\u52a1\u88ab\u90e8\u7f72\u4e3a\u5728\u8fde\u63a5\u5230\u5806\u6808\u7684\u4e3b\u673a\u4e0a\u8fd0\u884c\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\u4ece Kilo \u7248\u672c\u5f00\u59cb\uff0c\u5b83\u80fd\u591f\u4ee5\u5206\u5e03\u5f0f\u65b9\u5f0f\u90e8\u7f72\u591a\u4e2a\u5197\u4f59\u63a7\u5236\u5668\u3002\u4e0e\u5176\u4ed6\u670d\u52a1\u4e00\u6837\uff0c\u5b83\u4e5f\u9700\u8981\u4e00\u4e2a\u6570\u636e\u5e93\u6765\u5b58\u50a8\u6709\u5173\u5176\u8d44\u6e90\u7684\u4fe1\u606f\u3002\u8bf7\u53c2\u9605\u6570\u636e\u5e93\u3002\u8bf7\u52a1\u5fc5\u6ce8\u610f\uff0c\u6570\u636e\u5904\u7406\u670d\u52a1\u5c06\u9700\u8981\u7ba1\u7406\u591a\u4e2a\u6807\u8bc6\u670d\u52a1\u4fe1\u4efb\uff0c\u76f4\u63a5\u4e0e\u4e1a\u52a1\u6d41\u7a0b\u548c\u7f51\u7edc\u670d\u52a1\u901a\u4fe1\uff0c\u5e76\u53ef\u80fd\u5728\u4ee3\u7406\u57df\u4e2d\u521b\u5efa\u7528\u6237\u3002\u7531\u4e8e\u8fd9\u4e9b\u539f\u56e0\uff0c\u63a7\u5236\u5668\u5c06\u9700\u8981\u8bbf\u95ee\u63a7\u5236\u5e73\u9762\uff0c\u56e0\u6b64\u6211\u4eec\u5efa\u8bae\u5c06\u5176\u4e0e\u5176\u4ed6\u670d\u52a1\u63a7\u5236\u5668\u4e00\u8d77\u5b89\u88c5\u3002 \u6570\u636e\u5904\u7406\u76f4\u63a5\u4e0e\u591a\u4e2a OpenStack \u670d\u52a1\u4ea4\u4e92\uff1a \u8ba1\u7b97 \u8eab\u4efd\u9a8c\u8bc1 \u8054\u7f51 \u5bf9\u8c61\u5b58\u50a8 \u914d\u5668 \u5757\u5b58\u50a8\uff08\u53ef\u9009\uff09 \u5efa\u8bae\u8bb0\u5f55\u8fd9\u4e9b\u670d\u52a1\u4e0e\u6570\u636e\u5904\u7406\u63a7\u5236\u5668\u4e4b\u95f4\u7684\u6240\u6709\u6570\u636e\u6d41\u548c\u6865\u63a5\u70b9\u3002\u8bf7\u53c2\u9605\u7cfb\u7edf\u6587\u6863\u3002 \u6570\u636e\u5904\u7406\u670d\u52a1\u4f7f\u7528\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u6765\u5b58\u50a8\u4f5c\u4e1a\u4e8c\u8fdb\u5236\u6587\u4ef6\u548c\u6570\u636e\u6e90\u3002\u5e0c\u671b\u8bbf\u95ee\u5b8c\u6574\u6570\u636e\u5904\u7406\u670d\u52a1\u529f\u80fd\u7684\u7528\u6237\u5c06\u9700\u8981\u5728\u4ed6\u4eec\u6b63\u5728\u4f7f\u7528\u7684\u9879\u76ee\u4e2d\u5b58\u50a8\u5bf9\u8c61\u3002 \u7f51\u7edc\u670d\u52a1\u5728\u7fa4\u96c6\u7684\u914d\u7f6e\u4e2d\u8d77\u7740\u91cd\u8981\u4f5c\u7528\u3002\u5728\u9884\u914d\u4e4b\u524d\uff0c\u7528\u6237\u5e94\u4e3a\u7fa4\u96c6\u5b9e\u4f8b\u63d0\u4f9b\u4e00\u4e2a\u6216\u591a\u4e2a\u7f51\u7edc\u3002\u5173\u8054\u7f51\u7edc\u7684\u64cd\u4f5c\u7c7b\u4f3c\u4e8e\u901a\u8fc7\u4eea\u8868\u677f\u542f\u52a8\u5b9e\u4f8b\u65f6\u5206\u914d\u7f51\u7edc\u7684\u8fc7\u7a0b\u3002\u63a7\u5236\u5668\u4f7f\u7528\u8fd9\u4e9b\u7f51\u7edc\u5bf9\u5176\u96c6\u7fa4\u7684\u5b9e\u4f8b\u548c\u6846\u67b6\u8fdb\u884c\u7ba1\u7406\u8bbf\u95ee\u3002 \u53e6\u5916\u503c\u5f97\u6ce8\u610f\u7684\u662f\u8eab\u4efd\u670d\u52a1\u3002\u6570\u636e\u5904\u7406\u670d\u52a1\u7684\u7528\u6237\u9700\u8981\u5728\u5176\u9879\u76ee\u4e2d\u5177\u6709\u9002\u5f53\u7684\u89d2\u8272\uff0c\u4ee5\u5141\u8bb8\u4e3a\u5176\u96c6\u7fa4\u9884\u7f6e\u5b9e\u4f8b\u3002\u4f7f\u7528\u4ee3\u7406\u57df\u914d\u7f6e\u7684\u5b89\u88c5\u9700\u8981\u7279\u522b\u6ce8\u610f\u3002\u8bf7\u53c2\u9605\u4ee3\u7406\u57df\u3002\u5177\u4f53\u800c\u8a00\uff0c\u6570\u636e\u5904\u7406\u670d\u52a1\u5c06\u9700\u8981\u80fd\u591f\u5728\u4ee3\u7406\u57df\u4e2d\u521b\u5efa\u7528\u6237\u3002 \u63a7\u5236\u5668\u5bf9\u96c6\u7fa4\u7684\u7f51\u7edc\u8bbf\u95ee \u00b6 \u6570\u636e\u5904\u7406\u63a7\u5236\u5668\u7684\u4e3b\u8981\u4efb\u52a1\u4e4b\u4e00\u662f\u4e0e\u5176\u751f\u6210\u7684\u5b9e\u4f8b\u8fdb\u884c\u901a\u4fe1\u3002\u8fd9\u4e9b\u5b9e\u4f8b\u662f\u9884\u7f6e\u7684\uff0c\u7136\u540e\u6839\u636e\u6240\u4f7f\u7528\u7684\u6846\u67b6\u8fdb\u884c\u914d\u7f6e\u3002\u63a7\u5236\u5668\u548c\u5b9e\u4f8b\u4e4b\u95f4\u7684\u901a\u4fe1\u4f7f\u7528\u5b89\u5168\u5916\u58f3 \uff08SSH\uff09 \u548c HTTP \u534f\u8bae\u3002 \u5728\u9884\u914d\u96c6\u7fa4\u65f6\uff0c\u5c06\u5728\u7528\u6237\u63d0\u4f9b\u7684\u7f51\u7edc\u4e2d\u4e3a\u6bcf\u4e2a\u5b9e\u4f8b\u63d0\u4f9b\u4e00\u4e2a IP \u5730\u5740\u3002\u7b2c\u4e00\u4e2a\u7f51\u7edc\u901a\u5e38\u79f0\u4e3a\u6570\u636e\u5904\u7406\u7ba1\u7406\u7f51\u7edc\uff0c\u5b9e\u4f8b\u53ef\u4ee5\u4f7f\u7528\u7f51\u7edc\u670d\u52a1\u4e3a\u6b64\u7f51\u7edc\u5206\u914d\u7684\u56fa\u5b9a IP \u5730\u5740\u3002\u63a7\u5236\u5668\u8fd8\u53ef\u4ee5\u914d\u7f6e\u4e3a\u9664\u4e86\u56fa\u5b9a\u5730\u5740\u4e4b\u5916\uff0c\u8fd8\u5bf9\u5b9e\u4f8b\u4f7f\u7528\u6d6e\u52a8 IP \u5730\u5740\u3002\u4e0e\u5b9e\u4f8b\u901a\u4fe1\u65f6\uff0c\u63a7\u5236\u5668\u5c06\u9996\u9009\u6d6e\u52a8\u5730\u5740\uff08\u5982\u679c\u542f\u7528\uff09\u3002 \u5bf9\u4e8e\u56fa\u5b9a\u548c\u6d6e\u52a8 IP \u5730\u5740\u65e0\u6cd5\u63d0\u4f9b\u6240\u9700\u529f\u80fd\u7684\u60c5\u51b5\uff0c\u63a7\u5236\u5668\u53ef\u4ee5\u901a\u8fc7\u4e24\u79cd\u66ff\u4ee3\u65b9\u6cd5\u63d0\u4f9b\u8bbf\u95ee\uff1a\u81ea\u5b9a\u4e49\u7f51\u7edc\u62d3\u6251\u548c\u95f4\u63a5\u8bbf\u95ee\u3002\u81ea\u5b9a\u4e49\u7f51\u7edc\u62d3\u6251\u529f\u80fd\u5141\u8bb8\u63a7\u5236\u5668\u901a\u8fc7\u914d\u7f6e\u6587\u4ef6\u4e2d\u63d0\u4f9b\u7684 shell \u547d\u4ee4\u8bbf\u95ee\u5b9e\u4f8b\u3002\u95f4\u63a5\u8bbf\u95ee\u7528\u4e8e\u6307\u5b9a\u7528\u6237\u5728\u96c6\u7fa4\u7f6e\u5907\u671f\u95f4\u53ef\u7528\u4f5c\u4ee3\u7406\u7f51\u5173\u7684\u5b9e\u4f8b\u3002\u8fd9\u4e9b\u9009\u9879\u901a\u8fc7\u914d\u7f6e\u548c\u5f3a\u5316\u4e2d\u7684\u7528\u6cd5\u793a\u4f8b\u8fdb\u884c\u8ba8\u8bba\u3002 \u914d\u7f6e\u548c\u5f3a\u5316 \u00b6 \u6709\u591a\u4e2a\u914d\u7f6e\u9009\u9879\u548c\u90e8\u7f72\u7b56\u7565\u53ef\u4ee5\u63d0\u9ad8\u6570\u636e\u5904\u7406\u670d\u52a1\u7684\u5b89\u5168\u6027\u3002\u670d\u52a1\u63a7\u5236\u5668\u901a\u8fc7\u4e3b\u914d\u7f6e\u6587\u4ef6\u548c\u4e00\u4e2a\u6216\u591a\u4e2a\u7b56\u7565\u6587\u4ef6\u8fdb\u884c\u914d\u7f6e\u3002\u4f7f\u7528\u6570\u636e\u5c40\u90e8\u6027\u529f\u80fd\u7684\u5b89\u88c5\u8fd8\u5c06\u5177\u6709\u4e24\u4e2a\u9644\u52a0\u6587\u4ef6\uff0c\u7528\u4e8e\u6307\u5b9a\u8ba1\u7b97\u8282\u70b9\u548c\u5bf9\u8c61\u5b58\u50a8\u8282\u70b9\u7684\u7269\u7406\u4f4d\u7f6e\u3002 TLS\u7cfb\u7edf \u00b6 \u4e0e\u8bb8\u591a\u5176\u4ed6 OpenStack \u63a7\u5236\u5668\u4e00\u6837\uff0c\u6570\u636e\u5904\u7406\u670d\u52a1\u63a7\u5236\u5668\u53ef\u4ee5\u914d\u7f6e\u4e3a\u9700\u8981 TLS \u8fde\u63a5\u3002 Pre-Kilo \u7248\u672c\u5c06\u9700\u8981 TLS \u4ee3\u7406\uff0c\u56e0\u4e3a\u63a7\u5236\u5668\u4e0d\u5141\u8bb8\u76f4\u63a5 TLS \u8fde\u63a5\u3002TLS \u4ee3\u7406\u548c HTTP \u670d\u52a1\u4e2d\u4ecb\u7ecd\u4e86\u5982\u4f55\u914d\u7f6e TLS \u4ee3\u7406\uff0c\u6211\u4eec\u5efa\u8bae\u6309\u7167\u5176\u4e2d\u7684\u5efa\u8bae\u521b\u5efa\u6b64\u7c7b\u5b89\u88c5\u3002 \u4ece Kilo \u7248\u672c\u5f00\u59cb\uff0c\u6570\u636e\u5904\u7406\u63a7\u5236\u5668\u5141\u8bb8\u76f4\u63a5 TLS \u8fde\u63a5\uff0c\u6211\u4eec\u5efa\u8bae\u8fd9\u6837\u505a\u3002\u542f\u7528\u6b64\u884c\u4e3a\u9700\u8981\u5bf9\u63a7\u5236\u5668\u914d\u7f6e\u6587\u4ef6\u8fdb\u884c\u4e00\u4e9b\u5c0f\u7684\u8c03\u6574\u3002 \u4f8b\u3002\u914d\u7f6e\u5bf9\u63a7\u5236\u5668\u7684 TLS \u8bbf\u95ee [ssl] ca_file = cafile.pem cert_file = certfile.crt key_file = keyfile.key \u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236\u7b56\u7565 \u00b6 \u6570\u636e\u5904\u7406\u670d\u52a1\u4f7f\u7528\u7b56\u7565\u6587\u4ef6\uff08\u5982\u7b56\u7565\u4e2d\u6240\u8ff0\uff09\u6765\u914d\u7f6e\u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236\u3002\u4f7f\u7528\u7b56\u7565\u6587\u4ef6\uff0c\u64cd\u4f5c\u5458\u53ef\u4ee5\u9650\u5236\u7ec4\u5bf9\u7279\u5b9a\u6570\u636e\u5904\u7406\u529f\u80fd\u7684\u8bbf\u95ee\u3002 \u6267\u884c\u6b64\u64cd\u4f5c\u7684\u539f\u56e0\u5c06\u6839\u636e\u5b89\u88c5\u7684\u7ec4\u7ec7\u8981\u6c42\u800c\u66f4\u6539\u3002\u901a\u5e38\uff0c\u8fd9\u4e9b\u7ec6\u7c92\u5ea6\u63a7\u4ef6\u7528\u4e8e\u64cd\u4f5c\u5458\u9700\u8981\u9650\u5236\u6570\u636e\u5904\u7406\u670d\u52a1\u8d44\u6e90\u7684\u521b\u5efa\u3001\u5220\u9664\u548c\u68c0\u7d22\u7684\u60c5\u51b5\u3002\u9700\u8981\u9650\u5236\u9879\u76ee\u5185\u8bbf\u95ee\u7684\u64cd\u4f5c\u5458\u5e94\u5145\u5206\u610f\u8bc6\u5230\uff0c\u9700\u8981\u6709\u5176\u4ed6\u65b9\u6cd5\u8ba9\u7528\u6237\u8bbf\u95ee\u670d\u52a1\u7684\u6838\u5fc3\u529f\u80fd\uff08\u4f8b\u5982\uff0c\u914d\u7f6e\u96c6\u7fa4\uff09\u3002 \u4f8b\u3002\u5141\u8bb8\u6240\u6709\u7528\u6237\u4f7f\u7528\u6240\u6709\u65b9\u6cd5\uff08\u9ed8\u8ba4\u7b56\u7565\uff09 { \"default\": \"\" } \u4f8b\u3002\u7981\u6b62\u5bf9\u975e\u7ba1\u7406\u5458\u7528\u6237\u8fdb\u884c\u6620\u50cf\u6ce8\u518c\u8868\u64cd\u4f5c { \"default\": \"\", \"data-processing:images:register\": \"role:admin\", \"data-processing:images:unregister\": \"role:admin\", \"data-processing:images:add_tags\": \"role:admin\", \"data-processing:images:remove_tags\": \"role:admin\" } \u5b89\u5168\u7ec4 \u00b6 \u6570\u636e\u5904\u7406\u670d\u52a1\u5141\u8bb8\u5c06\u5b89\u5168\u7ec4\u4e0e\u4e3a\u5176\u96c6\u7fa4\u9884\u7f6e\u7684\u5b9e\u4f8b\u76f8\u5173\u8054\u3002\u65e0\u9700\u5176\u4ed6\u914d\u7f6e\uff0c\u8be5\u670d\u52a1\u5c06\u5bf9\u9884\u7f6e\u96c6\u7fa4\u7684\u4efb\u4f55\u9879\u76ee\u4f7f\u7528\u9ed8\u8ba4\u5b89\u5168\u7ec4\u3002\u5982\u679c\u8bf7\u6c42\uff0c\u53ef\u4ee5\u4f7f\u7528\u4e0d\u540c\u7684\u5b89\u5168\u7ec4\uff0c\u6216\u8005\u5b58\u5728\u4e00\u4e2a\u81ea\u52a8\u9009\u9879\uff0c\u8be5\u9009\u9879\u6307\u793a\u670d\u52a1\u6839\u636e\u6240\u8bbf\u95ee\u6846\u67b6\u6307\u5b9a\u7684\u7aef\u53e3\u521b\u5efa\u5b89\u5168\u7ec4\u3002 \u5bf9\u4e8e\u751f\u4ea7\u73af\u5883\uff0c\u6211\u4eec\u5efa\u8bae\u624b\u52a8\u63a7\u5236\u5b89\u5168\u7ec4\uff0c\u5e76\u521b\u5efa\u4e00\u7ec4\u9002\u5408\u5b89\u88c5\u7684\u7ec4\u89c4\u5219\u3002\u901a\u8fc7\u8fd9\u79cd\u65b9\u5f0f\uff0c\u64cd\u4f5c\u5458\u53ef\u4ee5\u786e\u4fdd\u9ed8\u8ba4\u5b89\u5168\u7ec4\u5c06\u5305\u542b\u6240\u6709\u9002\u5f53\u7684\u89c4\u5219\u3002\u6709\u5173\u5b89\u5168\u7ec4\u7684\u6269\u5c55\u8ba8\u8bba\uff0c\u8bf7\u53c2\u9605\u5b89\u5168\u7ec4\u3002 \u4ee3\u7406\u57df \u00b6 \u5c06\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u4e0e\u6570\u636e\u5904\u7406\u7ed3\u5408\u4f7f\u7528\u65f6\uff0c\u9700\u8981\u6dfb\u52a0\u5b58\u50a8\u8bbf\u95ee\u51ed\u636e\u3002\u4f7f\u7528\u4ee3\u7406\u57df\uff0c\u6570\u636e\u5904\u7406\u670d\u52a1\u53ef\u4ee5\u6539\u7528\u6765\u81ea\u6807\u8bc6\u670d\u52a1\u7684\u59d4\u6d3e\u4fe1\u4efb\uff0c\u4ee5\u5141\u8bb8\u901a\u8fc7\u57df\u4e2d\u521b\u5efa\u7684\u4e34\u65f6\u7528\u6237\u8fdb\u884c\u5b58\u50a8\u8bbf\u95ee\u3002\u8981\u4f7f\u6b64\u59d4\u6d3e\u673a\u5236\u8d77\u4f5c\u7528\uff0c\u5fc5\u987b\u5c06\u6570\u636e\u5904\u7406\u670d\u52a1\u914d\u7f6e\u4e3a\u4f7f\u7528\u4ee3\u7406\u57df\uff0c\u5e76\u4e14\u64cd\u4f5c\u5458\u5fc5\u987b\u4e3a\u4ee3\u7406\u7528\u6237\u914d\u7f6e\u8eab\u4efd\u57df\u3002 \u6570\u636e\u5904\u7406\u63a7\u5236\u5668\u4fdd\u7559\u4e3a\u5bf9\u8c61\u5b58\u50a8\u8bbf\u95ee\u63d0\u4f9b\u7684\u7528\u6237\u540d\u548c\u5bc6\u7801\u7684\u4e34\u65f6\u5b58\u50a8\u3002\u4f7f\u7528\u4ee3\u7406\u57df\u65f6\uff0c\u63a7\u5236\u5668\u5c06\u4e3a\u4ee3\u7406\u7528\u6237\u751f\u6210\u6b64\u5bf9\uff0c\u5e76\u4e14\u6b64\u7528\u6237\u7684\u8bbf\u95ee\u5c06\u4ec5\u9650\u4e8e\u8eab\u4efd\u4fe1\u4efb\u7684\u8bbf\u95ee\u3002\u6211\u4eec\u5efa\u8bae\u5728\u63a7\u5236\u5668\u6216\u5176\u6570\u636e\u5e93\u5177\u6709\u4e0e\u516c\u5171\u7f51\u7edc\u4e4b\u95f4\u7684\u8def\u7531\u7684\u4efb\u4f55\u5b89\u88c5\u4e2d\u4f7f\u7528\u4ee3\u7406\u57df\u3002 \u793a\u4f8b\uff1a\u4e3a\u540d\u4e3a\u201cdp_proxy\u201d\u7684\u4ee3\u7406\u57df\u8fdb\u884c\u914d\u7f6e [DEFAULT] use_domain_for_proxy_users = true proxy_user_domain_name = dp_proxy proxy_user_role_names = Member \u81ea\u5b9a\u4e49\u7f51\u7edc\u62d3\u6251 \u00b6 \u6570\u636e\u5904\u7406\u63a7\u5236\u5668\u53ef\u4ee5\u914d\u7f6e\u4e3a\u4f7f\u7528\u4ee3\u7406\u547d\u4ee4\u6765\u8bbf\u95ee\u5176\u96c6\u7fa4\u5b9e\u4f8b\u3002\u901a\u8fc7\u8fd9\u79cd\u65b9\u5f0f\uff0c\u53ef\u4ee5\u4e3a\u4e0d\u4f7f\u7528\u7f51\u7edc\u670d\u52a1\u76f4\u63a5\u63d0\u4f9b\u7684\u7f51\u7edc\u7684\u5b89\u88c5\u521b\u5efa\u81ea\u5b9a\u4e49\u7f51\u7edc\u62d3\u6251\u3002\u5bf9\u4e8e\u9700\u8981\u9650\u5236\u63a7\u5236\u5668\u548c\u5b9e\u4f8b\u4e4b\u95f4\u8bbf\u95ee\u7684\u5b89\u88c5\uff0c\u6211\u4eec\u5efa\u8bae\u4f7f\u7528\u6b64\u9009\u9879\u3002 \u793a\u4f8b\uff1a\u901a\u8fc7\u6307\u5b9a\u7684\u4e2d\u7ee7\u673a\u8bbf\u95ee\u5b9e\u4f8b [DEFAULT] proxy_command='ssh relay-machine-{tenant_id} nc {host} {port}' \u793a\u4f8b\uff1a\u901a\u8fc7\u81ea\u5b9a\u4e49\u7f51\u7edc\u547d\u540d\u7a7a\u95f4\u8bbf\u95ee\u5b9e\u4f8b [DEFAULT] proxy_command='ip netns exec ns_for_{network_id} nc {host} {port}' \u95f4\u63a5\u8bbf\u95ee \u00b6 \u5bf9\u4e8e\u63a7\u5236\u5668\u5bf9\u96c6\u7fa4\u6240\u6709\u5b9e\u4f8b\u7684\u8bbf\u95ee\u6743\u9650\u6709\u9650\u7684\u5b89\u88c5\uff0c\u7531\u4e8e\u5bf9\u6d6e\u52a8 IP \u5730\u5740\u6216\u5b89\u5168\u89c4\u5219\u7684\u9650\u5236\uff0c\u53ef\u4ee5\u914d\u7f6e\u95f4\u63a5\u8bbf\u95ee\u3002\u8fd9\u5141\u8bb8\u5c06\u67d0\u4e9b\u5b9e\u4f8b\u6307\u5b9a\u4e3a\u96c6\u7fa4\u5176\u4ed6\u5b9e\u4f8b\u7684\u4ee3\u7406\u7f51\u5173\u3002 \u53ea\u6709\u5728\u5b9a\u4e49\u5c06\u6784\u6210\u6570\u636e\u5904\u7406\u96c6\u7fa4\u7684\u8282\u70b9\u7ec4\u6a21\u677f\u65f6\uff0c\u624d\u80fd\u542f\u7528\u6b64\u914d\u7f6e\u3002\u5b83\u4f5c\u4e3a\u8fd0\u884c\u65f6\u9009\u9879\u63d0\u4f9b\uff0c\u53ef\u5728\u7fa4\u96c6\u7f6e\u5907\u8fc7\u7a0b\u4e2d\u542f\u7528\u3002 Rootwrap \u00b6 \u5728\u4e3a\u7f51\u7edc\u8bbf\u95ee\u521b\u5efa\u81ea\u5b9a\u4e49\u62d3\u6251\u65f6\uff0c\u53ef\u80fd\u9700\u8981\u5141\u8bb8\u975e root \u7528\u6237\u8fd0\u884c\u4ee3\u7406\u547d\u4ee4\u3002\u5bf9\u4e8e\u8fd9\u4e9b\u60c5\u51b5\uff0coslo rootwrap \u8f6f\u4ef6\u5305\u7528\u4e8e\u4e3a\u975e root \u7528\u6237\u63d0\u4f9b\u8fd0\u884c\u7279\u6743\u547d\u4ee4\u7684\u5de5\u5177\u3002\u6b64\u914d\u7f6e\u8981\u6c42\u4e0e\u6570\u636e\u5904\u7406\u63a7\u5236\u5668\u5e94\u7528\u7a0b\u5e8f\u5173\u8054\u7684\u7528\u6237\u4f4d\u4e8e sudoers \u5217\u8868\u4e2d\uff0c\u5e76\u5728\u914d\u7f6e\u6587\u4ef6\u4e2d\u542f\u7528\u8be5\u9009\u9879\u3002\u6216\u8005\uff0c\u53ef\u4ee5\u63d0\u4f9b\u5907\u7528 rootwrap \u547d\u4ee4\u3002 \u793a\u4f8b\uff1a\u542f\u7528 rootwrap \u7528\u6cd5\u5e76\u663e\u793a\u9ed8\u8ba4\u547d\u4ee4 [DEFAULT] use_rootwrap=True rootwrap_command=\u2019sudo sahara-rootwrap /etc/sahara/rootwrap.conf\u2019 \u5173\u4e8e rootwrap \u9879\u76ee\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u8003\u5b98\u65b9\u6587\u6863\uff1ahttps://wiki.openstack.org/wiki/Rootwrap \u65e5\u5fd7 \u00b6 \u76d1\u89c6\u670d\u52a1\u63a7\u5236\u5668\u7684\u8f93\u51fa\u662f\u4e00\u4e2a\u5f3a\u5927\u7684\u53d6\u8bc1\u5de5\u5177\uff0c\u5982\u76d1\u89c6\u548c\u65e5\u5fd7\u8bb0\u5f55\u4e2d\u66f4\u8be6\u7ec6\u5730\u63cf\u8ff0\u7684\u90a3\u6837\u3002\u6570\u636e\u5904\u7406\u670d\u52a1\u63a7\u5236\u5668\u63d0\u4f9b\u4e86\u51e0\u4e2a\u9009\u9879\u6765\u8bbe\u7f6e\u65e5\u5fd7\u8bb0\u5f55\u7684\u4f4d\u7f6e\u548c\u7ea7\u522b\u3002 \u793a\u4f8b\uff1a\u5c06\u65e5\u5fd7\u7ea7\u522b\u8bbe\u7f6e\u4e3a\u9ad8\u4e8e\u8b66\u544a\u5e76\u6307\u5b9a\u8f93\u51fa\u6587\u4ef6\u3002 [DEFAULT] verbose = true log_file = /var/log/data-processing.log \u53c2\u8003\u4e66\u76ee \u00b6 OpenStack.org\uff0c\u6b22\u8fce\u6765\u5230Sahara\uff012016.Sahara\u9879\u76ee\u6587\u6863 Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0c\u6b22\u8fce\u6765\u5230 Apache Hadoop\uff012016. Apache Hadoop \u9879\u76ee Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0c\u5b89\u5168\u6a21\u5f0f\u4e0b\u7684 Hadoop\u30022016. Hadoop \u5b89\u5168\u6a21\u5f0f\u6587\u6863 Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0cHDFS \u7528\u6237\u6307\u5357\u30022016. Hadoop HDFS \u6587\u6863 Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0cSpark\u30022016. Spark\u9879\u76ee Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0cSpark Security\u30022016. Spark \u5b89\u5168\u6587\u6863 Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0cApache Storm\u30022016. Storm \u9879\u76ee Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0cApache Zookeeper\u30022016. Zookeeper \u9879\u76ee Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0cApache Oozie Workflow Scheduler for Hadoop\u30022016. Oozie\u9879\u76ee Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0cApache Hive\u30022016. Hive Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0c\u6b22\u8fce\u6765\u5230 Apache Pig\u30022016.Pig Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0cCloudera \u4ea7\u54c1\u6587\u6863\u30022016. Cloudera CDH \u6587\u6863 Hortonworks\uff0cHortonworks\u30022016. Hortonworks \u6570\u636e\u5e73\u53f0\u6587\u6863 MapR Technologies\uff0c\u7528\u4e8e MapR \u878d\u5408\u6570\u636e\u5e73\u53f0\u7684 Apache Hadoop\u30022016. MapR \u9879\u76ee \u6570\u636e\u5e93 \u00b6 \u6570\u636e\u5e93\u670d\u52a1\u5668\u7684\u9009\u62e9\u662f OpenStack \u90e8\u7f72\u5b89\u5168\u6027\u7684\u4e00\u4e2a\u91cd\u8981\u8003\u8651\u56e0\u7d20\u3002\u5728\u51b3\u5b9a\u4f7f\u7528\u6570\u636e\u5e93\u670d\u52a1\u5668\u65f6\uff0c\u5e94\u8003\u8651\u591a\u79cd\u56e0\u7d20\uff0c\u4f46\u5728\u672c\u672c\u4e66\u7684\u8303\u56f4\u5185\uff0c\u5c06\u53ea\u8ba8\u8bba\u5b89\u5168\u6ce8\u610f\u4e8b\u9879\u3002OpenStack \u652f\u6301\u591a\u79cd\u6570\u636e\u5e93\u7c7b\u578b\u3002\u6709\u5173\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u300aOpenStack \u7ba1\u7406\u5458\u6307\u5357\u300b\u3002 \u300a\u5b89\u5168\u6307\u5357\u300b\u76ee\u524d\u4e3b\u8981\u9488\u5bf9 PostgreSQL \u548c MySQL\u3002 \u6570\u636e\u5e93\u540e\u7aef\u6ce8\u610f\u4e8b\u9879 \u6570\u636e\u5e93\u540e\u7aef\u7684\u5b89\u5168\u53c2\u8003 \u6570\u636e\u5e93\u8bbf\u95ee\u63a7\u5236 OpenStack \u6570\u636e\u5e93\u8bbf\u95ee\u6a21\u578b \u6570\u636e\u5e93\u8eab\u4efd\u9a8c\u8bc1\u548c\u8bbf\u95ee\u63a7\u5236 \u8981\u6c42\u7528\u6237\u5e10\u6237\u9700\u8981 SSL \u4f20\u8f93 \u4f7f\u7528 X.509 \u8bc1\u4e66\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1 OpenStack \u670d\u52a1\u6570\u636e\u5e93\u914d\u7f6e Nova-conductor \u6570\u636e\u5e93\u4f20\u8f93\u5b89\u5168\u6027 \u6570\u636e\u5e93\u670d\u52a1\u5668 IP \u5730\u5740\u7ed1\u5b9a \u6570\u636e\u5e93\u4f20\u8f93 MySQL SSL\u914d\u7f6e PostgreSQL SSL \u914d\u7f6e \u6570\u636e\u5e93\u540e\u7aef\u6ce8\u610f\u4e8b\u9879 \u00b6 PostgreSQL \u5177\u6709\u8bb8\u591a\u7406\u60f3\u7684\u5b89\u5168\u529f\u80fd\uff0c\u4f8b\u5982 Kerberos \u8eab\u4efd\u9a8c\u8bc1\u3001\u5bf9\u8c61\u7ea7\u5b89\u5168\u6027\u548c\u52a0\u5bc6\u652f\u6301\u3002PostgreSQL \u793e\u533a\u5728\u63d0\u4f9b\u53ef\u9760\u7684\u6307\u5bfc\u3001\u6587\u6863\u548c\u5de5\u5177\u4ee5\u4fc3\u8fdb\u79ef\u6781\u7684\u5b89\u5168\u5b9e\u8df5\u65b9\u9762\u505a\u5f97\u5f88\u597d\u3002 MySQL\u62e5\u6709\u5e9e\u5927\u7684\u793e\u533a\uff0c\u88ab\u5e7f\u6cdb\u91c7\u7528\uff0c\u5e76\u63d0\u4f9b\u9ad8\u53ef\u7528\u6027\u9009\u9879\u3002MySQL\u8fd8\u80fd\u591f\u901a\u8fc7\u63d2\u4ef6\u8eab\u4efd\u9a8c\u8bc1\u673a\u5236\u63d0\u4f9b\u589e\u5f3a\u7684\u5ba2\u6237\u7aef\u8eab\u4efd\u9a8c\u8bc1\u3002MySQL\u793e\u533a\u4e2d\u7684\u5206\u53c9\u53d1\u884c\u7248\u63d0\u4f9b\u4e86\u8bb8\u591a\u53ef\u4f9b\u8003\u8651\u7684\u9009\u9879\u3002\u6839\u636e\u5bf9\u5b89\u5168\u6001\u52bf\u7684\u5168\u9762\u8bc4\u4f30\u548c\u4e3a\u7ed9\u5b9a\u53d1\u884c\u7248\u63d0\u4f9b\u7684\u652f\u6301\u7ea7\u522b\uff0c\u9009\u62e9MySQL\u7684\u7279\u5b9a\u5b9e\u73b0\u975e\u5e38\u91cd\u8981\u3002 \u6570\u636e\u5e93\u540e\u7aef\u7684\u5b89\u5168\u53c2\u8003 \u00b6 \u5efa\u8bae\u90e8\u7f72 MySQL \u6216 PostgreSQL \u7684\u7528\u6237\u53c2\u8003\u73b0\u6709\u7684\u5b89\u5168\u6307\u5357\u3002\u4e0b\u9762\u5217\u51fa\u4e86\u4e00\u4e9b\u53c2\u8003\u8d44\u6599\uff1a MySQL\u6570\u636e\u5e93\uff1a OWASP MySQL\u5f3a\u5316 MySQL \u53ef\u63d2\u5165\u8eab\u4efd\u9a8c\u8bc1 MySQL\u4e2d\u7684\u5b89\u5168\u6027 PostgreSQL\u683c\u5f0f\uff1a OWASP PostgreSQL \u5f3a\u5316 PostgreSQL \u6570\u636e\u5e93\u4e2d\u7684\u603b\u4f53\u5b89\u5168\u6027 \u6570\u636e\u5e93\u8bbf\u95ee\u63a7\u5236 \u00b6 \u6bcf\u4e2a\u6838\u5fc3 OpenStack \u670d\u52a1\uff08\u8ba1\u7b97\u3001\u8eab\u4efd\u3001\u7f51\u7edc\u3001\u5757\u5b58\u50a8\uff09\u90fd\u5c06\u72b6\u6001\u548c\u914d\u7f6e\u4fe1\u606f\u5b58\u50a8\u5728\u6570\u636e\u5e93\u4e2d\u3002\u5728\u672c\u7ae0\u4e2d\uff0c\u6211\u4eec\u5c06\u8ba8\u8bba\u5f53\u524d\u5728OpenStack\u4e2d\u4f7f\u7528\u6570\u636e\u5e93\u7684\u65b9\u5f0f\u3002\u6211\u4eec\u8fd8\u63a2\u8ba8\u4e86\u5b89\u5168\u95ee\u9898\uff0c\u4ee5\u53ca\u6570\u636e\u5e93\u540e\u7aef\u9009\u62e9\u7684\u5b89\u5168\u540e\u679c\u3002 OpenStack \u6570\u636e\u5e93\u8bbf\u95ee\u6a21\u578b \u00b6 OpenStack \u9879\u76ee\u4e2d\u7684\u6240\u6709\u670d\u52a1\u90fd\u8bbf\u95ee\u5355\u4e2a\u6570\u636e\u5e93\u3002\u76ee\u524d\u6ca1\u6709\u7528\u4e8e\u521b\u5efa\u57fa\u4e8e\u8868\u6216\u884c\u7684\u6570\u636e\u5e93\u8bbf\u95ee\u9650\u5236\u7684\u53c2\u8003\u7b56\u7565\u3002 \u5728OpenStack\u4e2d\uff0c\u6ca1\u6709\u5bf9\u6570\u636e\u5e93\u64cd\u4f5c\u8fdb\u884c\u7cbe\u7ec6\u63a7\u5236\u7684\u4e00\u822c\u89c4\u5b9a\u3002\u8bbf\u95ee\u6743\u9650\u548c\u7279\u6743\u7684\u6388\u4e88\u4ec5\u57fa\u4e8e\u8282\u70b9\u662f\u5426\u6709\u6743\u8bbf\u95ee\u6570\u636e\u5e93\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u6709\u6743\u8bbf\u95ee\u6570\u636e\u5e93\u7684\u8282\u70b9\u53ef\u80fd\u5177\u6709 DROP\u3001INSERT \u6216 UPDATE \u51fd\u6570\u7684\u5b8c\u5168\u6743\u9650\u3002 \u7cbe\u7ec6\u8bbf\u95ee\u63a7\u5236 \u00b6 \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u6bcf\u4e2a OpenStack \u670d\u52a1\u53ca\u5176\u8fdb\u7a0b\u90fd\u4f7f\u7528\u4e00\u7ec4\u5171\u4eab\u51ed\u636e\u8bbf\u95ee\u6570\u636e\u5e93\u3002\u8fd9\u4f7f\u5f97\u5ba1\u6838\u6570\u636e\u5e93\u64cd\u4f5c\u548c\u64a4\u6d88\u670d\u52a1\u53ca\u5176\u8fdb\u7a0b\u5bf9\u6570\u636e\u5e93\u7684\u8bbf\u95ee\u6743\u9650\u53d8\u5f97\u7279\u522b\u56f0\u96be\u3002 Nova-conductor \u00b6 \u8ba1\u7b97\u8282\u70b9\u662f OpenStack \u4e2d\u6700\u4e0d\u53d7\u4fe1\u4efb\u7684\u670d\u52a1\uff0c\u56e0\u4e3a\u5b83\u4eec\u6258\u7ba1\u79df\u6237\u5b9e\u4f8b\u3002\u5f15\u5165\u8be5 nova-conductor \u670d\u52a1\u4f5c\u4e3a\u6570\u636e\u5e93\u4ee3\u7406\uff0c\u5145\u5f53\u8ba1\u7b97\u8282\u70b9\u548c\u6570\u636e\u5e93\u4e4b\u95f4\u7684\u4e2d\u4ecb\u3002\u6211\u4eec\u5c06\u5728\u672c\u7ae0\u540e\u9762\u8ba8\u8bba\u5176\u540e\u679c\u3002 \u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\uff1a \u6240\u6709\u6570\u636e\u5e93\u901a\u4fe1\u90fd\u4e0e\u7ba1\u7406\u7f51\u7edc\u9694\u79bb \u4f7f\u7528 TLS \u4fdd\u62a4\u901a\u4fe1 \u4e3a\u6bcf\u4e2a OpenStack \u670d\u52a1\u7aef\u70b9\u521b\u5efa\u552f\u4e00\u7684\u6570\u636e\u5e93\u7528\u6237\u5e10\u6237\uff08\u5982\u4e0b\u56fe\u6240\u793a\uff09 \u6570\u636e\u5e93\u8ba4\u8bc1\u548c\u8bbf\u95ee\u63a7\u5236 \u00b6 \u8003\u8651\u5230\u8bbf\u95ee\u6570\u636e\u5e93\u7684\u98ce\u9669\uff0c\u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\u4e3a\u6bcf\u4e2a\u9700\u8981\u8bbf\u95ee\u6570\u636e\u5e93\u7684\u8282\u70b9\u521b\u5efa\u552f\u4e00\u7684\u6570\u636e\u5e93\u7528\u6237\u5e10\u6237\u3002\u8fd9\u6837\u505a\u6709\u52a9\u4e8e\u66f4\u597d\u5730\u8fdb\u884c\u5206\u6790\u548c\u5ba1\u6838\uff0c\u4ee5\u786e\u4fdd\u5408\u89c4\u6027\uff0c\u6216\u8005\u5728\u8282\u70b9\u906d\u5230\u5165\u4fb5\u65f6\uff0c\u901a\u8fc7\u5728\u68c0\u6d4b\u5230\u8be5\u8282\u70b9\u65f6\u5220\u9664\u8be5\u8282\u70b9\u5bf9\u6570\u636e\u5e93\u7684\u8bbf\u95ee\u6765\u9694\u79bb\u53d7\u611f\u67d3\u7684\u4e3b\u673a\u3002\u521b\u5efa\u8fd9\u4e9b\u6bcf\u4e2a\u670d\u52a1\u7ec8\u7ed3\u70b9\u6570\u636e\u5e93\u7528\u6237\u5e10\u6237\u65f6\uff0c\u5e94\u6ce8\u610f\u786e\u4fdd\u5c06\u5176\u914d\u7f6e\u4e3a\u9700\u8981 TLS\u3002\u6216\u8005\uff0c\u4e3a\u4e86\u63d0\u9ad8\u5b89\u5168\u6027\uff0c\u5efa\u8bae\u9664\u4e86\u7528\u6237\u540d\u548c\u5bc6\u7801\u5916\uff0c\u8fd8\u4f7f\u7528 X.509 \u8bc1\u4e66\u8eab\u4efd\u9a8c\u8bc1\u6765\u914d\u7f6e\u6570\u636e\u5e93\u5e10\u6237\u3002 \u6743\u9650 \u00b6 \u5e94\u521b\u5efa\u5e76\u4fdd\u62a4\u4e00\u4e2a\u5355\u72ec\u7684\u6570\u636e\u5e93\u7ba1\u7406\u5458 \uff08DBA\uff09 \u5e10\u6237\uff0c\u8be5\u5e10\u6237\u5177\u6709\u521b\u5efa/\u5220\u9664\u6570\u636e\u5e93\u3001\u521b\u5efa\u7528\u6237\u5e10\u6237\u548c\u66f4\u65b0\u7528\u6237\u6743\u9650\u7684\u5b8c\u5168\u6743\u9650\u3002\u8fd9\u79cd\u7b80\u5355\u7684\u8d23\u4efb\u5206\u79bb\u65b9\u6cd5\u6709\u52a9\u4e8e\u9632\u6b62\u610f\u5916\u914d\u7f6e\u9519\u8bef\uff0c\u964d\u4f4e\u98ce\u9669\u5e76\u7f29\u5c0f\u5371\u5bb3\u8303\u56f4\u3002 \u4e3a OpenStack \u670d\u52a1\u548c\u6bcf\u4e2a\u8282\u70b9\u521b\u5efa\u7684\u6570\u636e\u5e93\u7528\u6237\u5e10\u6237\u7684\u6743\u9650\u5e94\u4ec5\u9650\u4e8e\u4e0e\u8be5\u8282\u70b9\u6240\u5c5e\u7684\u670d\u52a1\u76f8\u5173\u7684\u6570\u636e\u5e93\u3002 \u8981\u6c42\u7528\u6237\u5e10\u6237\u9700\u8981 SSL \u4f20\u8f93 \u00b6 \u914d\u7f6e\u793a\u4f8b #1\uff1a\uff08MySQL\uff09 \u00b6 GRANT ALL ON dbname.* to 'compute01'@'hostname' IDENTIFIED BY 'NOVA_DBPASS' REQUIRE SSL; \u914d\u7f6e\u793a\u4f8b #2\uff1a\uff08PostgreSQL\uff09 \u00b6 \u5728\u6587\u4ef6\u4e2d pg_hba.conf \uff1a hostssl dbname compute01 hostname md5 \u8bf7\u6ce8\u610f\uff0c\u6b64\u547d\u4ee4\u4ec5\u6dfb\u52a0\u901a\u8fc7 SSL \u8fdb\u884c\u901a\u4fe1\u7684\u529f\u80fd\uff0c\u5e76\u4e14\u662f\u975e\u72ec\u5360\u7684\u3002\u5e94\u7981\u7528\u53ef\u80fd\u5141\u8bb8\u672a\u52a0\u5bc6\u4f20\u8f93\u7684\u5176\u4ed6\u8bbf\u95ee\u65b9\u6cd5\uff0c\u4ee5\u4fbf SSL \u662f\u552f\u4e00\u7684\u8bbf\u95ee\u65b9\u6cd5\u3002 \u8be5 md5 \u53c2\u6570\u5c06\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u5b9a\u4e49\u4e3a\u54c8\u5e0c\u5bc6\u7801\u3002\u6211\u4eec\u5728\u4ee5\u4e0b\u90e8\u5206\u4e2d\u63d0\u4f9b\u4e86\u4e00\u4e2a\u5b89\u5168\u8eab\u4efd\u9a8c\u8bc1\u793a\u4f8b\u3002 OpenStack \u670d\u52a1\u6570\u636e\u5e93\u914d\u7f6e \u00b6 \u5982\u679c\u6570\u636e\u5e93\u670d\u52a1\u5668\u914d\u7f6e\u4e3a\u4f7f\u7528 TLS \u4f20\u8f93\uff0c\u5219\u9700\u8981\u6307\u5b9a\u7528\u4e8e SQLAlchemy \u67e5\u8be2\u4e2d\u7684\u521d\u59cb\u8fde\u63a5\u5b57\u7b26\u4e32\u7684\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u4fe1\u606f\u3002 MySQL :sql_connection \u7684\u5b57\u7b26\u4e32\u793a\u4f8b\uff1a \u00b6 sql_connection = mysql://compute01:NOVA_DBPASS@localhost/nova?charset=utf8&ssl_ca=/etc/mysql/cacert.pem \u4f7f\u7528 X.509 \u8bc1\u4e66\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1 \u00b6 \u901a\u8fc7\u8981\u6c42\u4f7f\u7528 X.509 \u5ba2\u6237\u7aef\u8bc1\u4e66\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff0c\u53ef\u4ee5\u589e\u5f3a\u5b89\u5168\u6027\u3002\u4ee5\u8fd9\u79cd\u65b9\u5f0f\u5bf9\u6570\u636e\u5e93\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u53ef\u4ee5\u4e3a\u4e0e\u6570\u636e\u5e93\u5efa\u7acb\u8fde\u63a5\u7684\u5ba2\u6237\u7aef\u63d0\u4f9b\u66f4\u597d\u7684\u8eab\u4efd\u4fdd\u8bc1\uff0c\u5e76\u786e\u4fdd\u901a\u4fe1\u662f\u52a0\u5bc6\u7684\u3002 \u914d\u7f6e\u793a\u4f8b #1\uff1a\uff08MySQL\uff09 \u00b6 GRANT ALL on dbname.* to 'compute01'@'hostname' IDENTIFIED BY 'NOVA_DBPASS' REQUIRE SUBJECT '/C=XX/ST=YYY/L=ZZZZ/O=cloudycloud/CN=compute01' AND ISSUER '/C=XX/ST=YYY/L=ZZZZ/O=cloudycloud/CN=cloud-ca'; \u914d\u7f6e\u793a\u4f8b #2\uff1a\uff08PostgreSQL\uff09 \u00b6 hostssl dbname compute01 hostname cert OpenStack \u670d\u52a1\u6570\u636e\u5e93\u914d\u7f6e \u00b6 \u5982\u679c\u6570\u636e\u5e93\u670d\u52a1\u5668\u914d\u7f6e\u4e3a\u9700\u8981 X.509 \u8bc1\u4e66\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff0c\u5219\u9700\u8981\u4e3a\u6570\u636e\u5e93\u540e\u7aef\u6307\u5b9a\u76f8\u5e94\u7684 SQLAlchemy \u67e5\u8be2\u53c2\u6570\u3002\u8fd9\u4e9b\u53c2\u6570\u6307\u5b9a\u7528\u4e8e\u521d\u59cb\u8fde\u63a5\u5b57\u7b26\u4e32\u7684\u8bc1\u4e66\u3001\u79c1\u94a5\u548c\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u4fe1\u606f\u3002 MySQL \u7684 X.509 \u8bc1\u4e66\u8eab\u4efd\u9a8c\u8bc1 :sql_connection \u5b57\u7b26\u4e32\u793a\u4f8b\uff1a sql_connection = mysql://compute01:NOVA_DBPASS@localhost/nova? charset=utf8&ssl_ca = /etc/mysql/cacert.pem&ssl_cert=/etc/mysql/server-cert.pem&ssl_key=/etc/mysql/server-key.pem Nova-conductor \u00b6 OpenStack Compute \u63d0\u4f9b\u4e86\u4e00\u4e2a\u79f0\u4e3a nova-conductor \u7684\u5b50\u670d\u52a1\uff0c\u7528\u4e8e\u4ee3\u7406\u6570\u636e\u5e93\u8fde\u63a5\uff0c\u5176\u4e3b\u8981\u76ee\u7684\u662f\u8ba9 nova \u8ba1\u7b97\u8282\u70b9\u4e0e nova-conductor \u8fde\u63a5\u4ee5\u6ee1\u8db3\u6570\u636e\u6301\u4e45\u6027\u9700\u6c42\uff0c\u800c\u4e0d\u662f\u76f4\u63a5\u4e0e\u6570\u636e\u5e93\u901a\u4fe1\u3002 Nova-conductor \u901a\u8fc7 RPC \u63a5\u6536\u8bf7\u6c42\u5e76\u4ee3\u8868\u8c03\u7528\u670d\u52a1\u6267\u884c\u64cd\u4f5c\uff0c\u800c\u65e0\u9700\u6388\u4e88\u5bf9\u6570\u636e\u5e93\u3001\u5176\u8868\u6216\u5176\u4e2d\u6570\u636e\u7684\u7cbe\u7ec6\u8bbf\u95ee\u6743\u9650\u3002Nova-conductor \u5b9e\u8d28\u4e0a\u5c06\u76f4\u63a5\u6570\u636e\u5e93\u8bbf\u95ee\u4ece\u8ba1\u7b97\u8282\u70b9\u4e2d\u62bd\u8c61\u51fa\u6765\u3002 \u8fd9\u79cd\u62bd\u8c61\u7684\u4f18\u70b9\u662f\u5c06\u670d\u52a1\u9650\u5236\u4e3a\u4f7f\u7528\u53c2\u6570\u6267\u884c\u65b9\u6cd5\uff0c\u7c7b\u4f3c\u4e8e\u5b58\u50a8\u8fc7\u7a0b\uff0c\u4ece\u800c\u9632\u6b62\u5927\u91cf\u7cfb\u7edf\u76f4\u63a5\u8bbf\u95ee\u6216\u4fee\u6539\u6570\u636e\u5e93\u6570\u636e\u3002\u8fd9\u662f\u5728\u4e0d\u5728\u6570\u636e\u5e93\u672c\u8eab\u7684\u4e0a\u4e0b\u6587\u6216\u8303\u56f4\u5185\u5b58\u50a8\u6216\u6267\u884c\u8fd9\u4e9b\u8fc7\u7a0b\u7684\u60c5\u51b5\u4e0b\u5b8c\u6210\u7684\uff0c\u8fd9\u662f\u5bf9\u5178\u578b\u5b58\u50a8\u8fc7\u7a0b\u7684\u5e38\u89c1\u6279\u8bc4\u3002 \u9057\u61be\u7684\u662f\uff0c\u6b64\u89e3\u51b3\u65b9\u6848\u4f7f\u66f4\u7ec6\u7c92\u5ea6\u7684\u8bbf\u95ee\u63a7\u5236\u548c\u5ba1\u6838\u6570\u636e\u8bbf\u95ee\u7684\u80fd\u529b\u7684\u4efb\u52a1\u590d\u6742\u5316\u3002\u7531\u4e8e nova-conductor \u670d\u52a1\u901a\u8fc7 RPC \u63a5\u6536\u8bf7\u6c42\uff0c\u56e0\u6b64\u5b83\u7a81\u51fa\u4e86\u63d0\u9ad8\u6d88\u606f\u4f20\u9012\u5b89\u5168\u6027\u7684\u91cd\u8981\u6027\u3002\u4efb\u4f55\u6709\u6743\u8bbf\u95ee\u6d88\u606f\u961f\u5217\u7684\u8282\u70b9\u90fd\u53ef\u4ee5\u6267\u884c nova-conductor \u63d0\u4f9b\u7684\u8fd9\u4e9b\u65b9\u6cd5\uff0c\u5e76\u6709\u6548\u5730\u4fee\u6539\u6570\u636e\u5e93\u3002 \u8bf7\u6ce8\u610f\uff0c\u7531\u4e8e nova-conductor \u4ec5\u9002\u7528\u4e8e OpenStack Compute\uff0c\u56e0\u6b64\u5bf9\u4e8e\u5176\u4ed6 OpenStack \u7ec4\u4ef6\uff08\u5982 Telemetry\uff08\u4e91\u9ad8\u8ba1\uff09\u3001\u7f51\u7edc\u548c\u5757\u5b58\u50a8\uff09\u7684\u8fd0\u884c\uff0c\u53ef\u80fd\u4ecd\u7136\u9700\u8981\u4ece\u8ba1\u7b97\u4e3b\u673a\u76f4\u63a5\u8bbf\u95ee\u6570\u636e\u5e93\u3002 \u82e5\u8981\u7981\u7528 nova-conductor\uff0c\u8bf7\u5c06\u4ee5\u4e0b\u5185\u5bb9\u653e\u5165 nova.conf \u6587\u4ef6\u4e2d\uff08\u5728\u8ba1\u7b97\u4e3b\u673a\u4e0a\uff09\uff1a [conductor] use_local = true \u6570\u636e\u5e93\u4f20\u8f93\u5b89\u5168\u6027 \u00b6 \u672c\u7ae0\u4ecb\u7ecd\u4e0e\u6570\u636e\u5e93\u670d\u52a1\u5668\u4e4b\u95f4\u7684\u7f51\u7edc\u901a\u4fe1\u76f8\u5173\u7684\u95ee\u9898\u3002\u8fd9\u5305\u62ec IP \u5730\u5740\u7ed1\u5b9a\u548c\u4f7f\u7528 TLS \u52a0\u5bc6\u7f51\u7edc\u6d41\u91cf\u3002 \u6570\u636e\u5e93\u670d\u52a1\u5668 IP \u5730\u5740\u7ed1\u5b9a \u00b6 \u82e5\u8981\u9694\u79bb\u670d\u52a1\u548c\u6570\u636e\u5e93\u4e4b\u95f4\u7684\u654f\u611f\u6570\u636e\u5e93\u901a\u4fe1\uff0c\u5f3a\u70c8\u5efa\u8bae\u5c06\u6570\u636e\u5e93\u670d\u52a1\u5668\u914d\u7f6e\u4e3a\u4ec5\u5141\u8bb8\u901a\u8fc7\u9694\u79bb\u7684\u7ba1\u7406\u7f51\u7edc\u4e0e\u6570\u636e\u5e93\u8fdb\u884c\u901a\u4fe1\u3002\u8fd9\u662f\u901a\u8fc7\u9650\u5236\u6570\u636e\u5e93\u670d\u52a1\u5668\u4e3a\u4f20\u5165\u5ba2\u6237\u7aef\u8fde\u63a5\u7ed1\u5b9a\u7f51\u7edc\u5957\u63a5\u5b57\u7684\u63a5\u53e3\u6216 IP \u5730\u5740\u6765\u5b9e\u73b0\u7684\u3002 \u9650\u5236 MySQL \u7684\u7ed1\u5b9a\u5730\u5740 \u00b6 \u5728 my.cnf \uff1a [mysqld] ... bind-address <ip address or hostname of management network interface> \u9650\u5236 PostgreSQL \u7684\u76d1\u542c\u5730\u5740 \u00b6 \u5728 postgresql.conf \uff1a listen_addresses = <ip address or hostname of management network interface> \u6570\u636e\u5e93\u4f20\u8f93 \u00b6 \u9664\u4e86\u5c06\u6570\u636e\u5e93\u901a\u4fe1\u9650\u5236\u4e3a\u7ba1\u7406\u7f51\u7edc\u5916\uff0c\u6211\u4eec\u8fd8\u5f3a\u70c8\u5efa\u8bae\u4e91\u7ba1\u7406\u5458\u5c06\u5176\u6570\u636e\u5e93\u540e\u7aef\u914d\u7f6e\u4e3a\u9700\u8981 TLS\u3002\u5c06 TLS \u7528\u4e8e\u6570\u636e\u5e93\u5ba2\u6237\u7aef\u8fde\u63a5\u53ef\u4fdd\u62a4\u901a\u4fe1\u4e0d\u88ab\u7be1\u6539\u548c\u7a83\u542c\u3002\u6b63\u5982\u4e0b\u4e00\u8282\u5c06\u8ba8\u8bba\u7684\u90a3\u6837\uff0c\u4f7f\u7528 TLS \u8fd8\u63d0\u4f9b\u4e86\u901a\u8fc7 X.509 \u8bc1\u4e66\uff08\u901a\u5e38\u79f0\u4e3a PKI\uff09\u6267\u884c\u6570\u636e\u5e93\u7528\u6237\u8eab\u4efd\u9a8c\u8bc1\u7684\u6846\u67b6\u3002\u4ee5\u4e0b\u662f\u6709\u5173\u5982\u4f55\u4e3a\u4e24\u4e2a\u6d41\u884c\u7684\u6570\u636e\u5e93\u540e\u7aef MySQL \u548c PostgreSQL \u914d\u7f6e TLS \u7684\u6307\u5357\u3002 \u6ce8\u610f \u5b89\u88c5\u8bc1\u4e66\u548c\u5bc6\u94a5\u6587\u4ef6\u65f6\uff0c\u8bf7\u786e\u4fdd\u6587\u4ef6\u6743\u9650\u53d7\u5230\u9650\u5236\uff0c\u4f8b\u5982 `chmod 0600` \uff0c\u6240\u6709\u6743\u9650\u5236\u4e3a\u6570\u636e\u5e93\u5b88\u62a4\u7a0b\u5e8f\u7528\u6237\uff0c\u4ee5\u9632\u6b62\u6570\u636e\u5e93\u670d\u52a1\u5668\u4e0a\u7684\u5176\u4ed6\u8fdb\u7a0b\u548c\u7528\u6237\u8fdb\u884c\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002 MySQL SSL\u914d\u7f6e \u00b6 \u5e94\u5728\u7cfb\u7edf\u8303\u56f4\u7684MySQL\u914d\u7f6e\u6587\u4ef6\u4e2d\u6dfb\u52a0\u4ee5\u4e0b\u884c\uff1a \u5728 my.cnf \uff1a [[mysqld]] ... ssl-ca = /path/to/ssl/cacert.pem ssl-cert = /path/to/ssl/server-cert.pem ssl-key = /path/to/ssl/server-key.pem \uff08\u53ef\u9009\uff09\u5982\u679c\u60a8\u5e0c\u671b\u9650\u5236\u7528\u4e8e\u52a0\u5bc6\u8fde\u63a5\u7684 SSL \u5bc6\u7801\u96c6\u3002\u6709\u5173\u5bc6\u7801\u5217\u8868\u548c\u7528\u4e8e\u6307\u5b9a\u5bc6\u7801\u5b57\u7b26\u4e32\u7684\u8bed\u6cd5\uff0c\u8bf7\u53c2\u9605\u5bc6\u7801\uff1a ssl-cipher = 'cipher:list' PostgreSQL SSL \u914d\u7f6e \u00b6 \u5e94\u5728\u7cfb\u7edf\u8303\u56f4\u7684 PostgreSQL \u914d\u7f6e\u6587\u4ef6\u4e2d\u6dfb\u52a0\u4ee5\u4e0b\u884c\u3002 postgresql.conf ssl = true \uff08\u53ef\u9009\uff09\u5982\u679c\u60a8\u5e0c\u671b\u9650\u5236\u7528\u4e8e\u52a0\u5bc6\u8fde\u63a5\u7684 SSL \u5bc6\u7801\u96c6\u3002\u6709\u5173\u5bc6\u7801\u5217\u8868\u548c\u7528\u4e8e\u6307\u5b9a\u5bc6\u7801\u5b57\u7b26\u4e32\u7684\u8bed\u6cd5\uff0c\u8bf7\u53c2\u9605\u5bc6\u7801\uff1a ssl-ciphers = 'cipher:list' \u670d\u52a1\u5668\u8bc1\u4e66\u3001\u5bc6\u94a5\u548c\u8bc1\u4e66\u9881\u53d1\u673a\u6784 \uff08CA\uff09 \u6587\u4ef6\u5e94\u653e\u5728\u4ee5\u4e0b\u6587\u4ef6\u7684 $PGDATA \u76ee\u5f55\u4e2d\uff1a $PGDATA/server.crt - \u670d\u52a1\u5668\u8bc1\u4e66 $PGDATA/server.key - \u79c1\u94a5\u5bf9\u5e94\u4e8e server.crt $PGDATA/root.crt - \u53ef\u4fe1\u8bc1\u4e66\u9881\u53d1\u673a\u6784 $PGDATA/root.crl - \u8bc1\u4e66\u64a4\u9500\u5217\u8868 \u79df\u6237\u6570\u636e\u9690\u79c1 \u00b6 OpenStack\u65e8\u5728\u652f\u6301\u591a\u79df\u6237\uff0c\u8fd9\u4e9b\u79df\u6237\u5f88\u53ef\u80fd\u6709\u4e0d\u540c\u7684\u6570\u636e\u8981\u6c42\u3002\u4f5c\u4e3a\u4e91\u6784\u5efa\u8005\u6216\u8fd0\u8425\u5546\uff0c\u60a8\u5fc5\u987b\u786e\u4fdd\u60a8\u7684 OpenStack \u73af\u5883\u80fd\u591f\u89e3\u51b3\u6570\u636e\u9690\u79c1\u95ee\u9898\u548c\u6cd5\u89c4\u3002\u5728\u672c\u7ae0\u4e2d\uff0c\u6211\u4eec\u5c06\u8ba8\u8bba\u4e0e OpenStack \u5b9e\u73b0\u76f8\u5173\u7684\u6570\u636e\u9a7b\u7559\u548c\u5904\u7f6e\u3002 \u6570\u636e\u9690\u79c1\u95ee\u9898 \u6570\u636e\u9a7b\u7559 \u6570\u636e\u5904\u7f6e \u6570\u636e\u52a0\u5bc6 \u5377\u52a0\u5bc6 \u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6 \u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61 \u5757\u5b58\u50a8\u6027\u80fd\u548c\u540e\u7aef \u7f51\u7edc\u6570\u636e \u5bc6\u94a5\u7ba1\u7406 \u53c2\u8003\u4e66\u76ee: \u6570\u636e\u9690\u79c1\u95ee\u9898 \u00b6 \u6570\u636e\u9a7b\u7559 \u00b6 \u5728\u8fc7\u53bb\u51e0\u5e74\u4e2d\uff0c\u6570\u636e\u7684\u9690\u79c1\u548c\u9694\u79bb\u4e00\u76f4\u88ab\u8ba4\u4e3a\u662f\u91c7\u7528\u4e91\u7684\u4e3b\u8981\u969c\u788d\u3002\u8fc7\u53bb\uff0c\u5bf9\u8c01\u62e5\u6709\u4e91\u4e2d\u6570\u636e\u4ee5\u53ca\u4e91\u8fd0\u8425\u5546\u662f\u5426\u53ef\u4ee5\u6700\u7ec8\u4fe1\u4efb\u8fd9\u4e9b\u6570\u636e\u7684\u4fdd\u7ba1\u4eba\u7684\u62c5\u5fe7\u4e00\u76f4\u662f\u91cd\u5927\u95ee\u9898\u3002 \u8bb8\u591a OpenStack \u670d\u52a1\u7ef4\u62a4\u5c5e\u4e8e\u79df\u6237\u7684\u6570\u636e\u548c\u5143\u6570\u636e\u6216\u53c2\u8003\u79df\u6237\u4fe1\u606f\u3002 \u5b58\u50a8\u5728 OpenStack \u4e91\u4e2d\u7684\u79df\u6237\u6570\u636e\u53ef\u80fd\u5305\u62ec\u4ee5\u4e0b\u9879\u76ee\uff1a \u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61 \u8ba1\u7b97\u5b9e\u4f8b\u4e34\u65f6\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8 \u8ba1\u7b97\u5b9e\u4f8b\u5185\u5b58 \u5757\u5b58\u50a8\u5377\u6570\u636e \u7528\u4e8e\u8ba1\u7b97\u8bbf\u95ee\u7684\u516c\u94a5 \u6620\u50cf\u670d\u52a1\u4e2d\u7684\u865a\u62df\u673a\u6620\u50cf \u8ba1\u7b97\u673a\u5feb\u7167 \u4f20\u9012\u7ed9 OpenStack Compute \u7684\u914d\u7f6e\u9a71\u52a8\u5668\u6269\u5c55\u7684\u6570\u636e OpenStack \u4e91\u5b58\u50a8\u7684\u5143\u6570\u636e\u5305\u62ec\u4ee5\u4e0b\u975e\u8be6\u5c3d\u9879\u76ee\uff1a \u7ec4\u7ec7\u540d\u79f0 \u7528\u6237\u7684\u201c\u771f\u5b9e\u59d3\u540d\u201d \u6b63\u5728\u8fd0\u884c\u7684\u5b9e\u4f8b\u3001\u5b58\u50a8\u6876\u3001\u5bf9\u8c61\u3001\u5377\u548c\u5176\u4ed6\u914d\u989d\u76f8\u5173\u9879\u76ee\u7684\u6570\u91cf\u6216\u5927\u5c0f \u8fd0\u884c\u5b9e\u4f8b\u6216\u5b58\u50a8\u6570\u636e\u7684\u5c0f\u65f6\u6570 \u7528\u6237\u7684 IP \u5730\u5740 \u5185\u90e8\u751f\u6210\u7684\u7528\u4e8e\u8ba1\u7b97\u6620\u50cf\u6346\u7ed1\u7684\u79c1\u94a5 \u6570\u636e\u5904\u7f6e \u00b6 OpenStack\u8fd0\u8425\u5546\u5e94\u52aa\u529b\u63d0\u4f9b\u4e00\u5b9a\u7a0b\u5ea6\u7684\u79df\u6237\u6570\u636e\u5904\u7f6e\u4fdd\u8bc1\u3002\u6700\u4f73\u5b9e\u8df5\u5efa\u8bae\u64cd\u4f5c\u5458\u5728\u5904\u7f6e\u3001\u91ca\u653e\u7ec4\u7ec7\u63a7\u5236\u6216\u91ca\u653e\u4ee5\u4f9b\u91cd\u590d\u4f7f\u7528\u4e4b\u524d\u5bf9\u4e91\u7cfb\u7edf\u4ecb\u8d28\uff08\u6570\u5b57\u548c\u975e\u6570\u5b57\uff09\u8fdb\u884c\u6e05\u7406\u3002\u9274\u4e8e\u4fe1\u606f\u7684\u7279\u5b9a\u5b89\u5168\u57df\u548c\u654f\u611f\u6027\uff0c\u6e05\u7406\u65b9\u6cd5\u5e94\u5b9e\u73b0\u9002\u5f53\u7ea7\u522b\u7684\u5f3a\u5ea6\u548c\u5b8c\u6574\u6027\u3002 \u201c\u6e05\u7406\u8fc7\u7a0b\u4f1a\u4ece\u4ecb\u8d28\u4e2d\u5220\u9664\u4fe1\u606f\uff0c\u56e0\u6b64\u65e0\u6cd5\u68c0\u7d22\u6216\u91cd\u5efa\u4fe1\u606f\u3002\u6e05\u7406\u6280\u672f\uff0c\u5305\u62ec\u6e05\u9664\u3001\u6e05\u9664\u3001\u52a0\u5bc6\u64e6\u9664\u548c\u9500\u6bc1\uff0c\u53ef\u9632\u6b62\u5728\u91cd\u590d\u4f7f\u7528\u6216\u91ca\u653e\u5904\u7f6e\u6b64\u7c7b\u4ecb\u8d28\u65f6\u5411\u672a\u7ecf\u6388\u6743\u7684\u4e2a\u4eba\u62ab\u9732\u4fe1\u606f\u3002NIST \u7279\u522b\u51fa\u7248\u7269 800-53 \u4fee\u8ba2\u7248 4 NIST\u5efa\u8bae\u7684\u5b89\u5168\u63a7\u5236\u63aa\u65bd\u4e2d\u91c7\u7528\u7684\u4e00\u822c\u6570\u636e\u5904\u7f6e\u548c\u6e05\u7406\u6307\u5357\u3002\u4e91\u8fd0\u8425\u5546\u5e94\uff1a \u8ddf\u8e2a\u3001\u8bb0\u5f55\u548c\u9a8c\u8bc1\u4ecb\u8d28\u6e05\u7406\u548c\u5904\u7f6e\u64cd\u4f5c\u3002 \u6d4b\u8bd5\u6e05\u7406\u8bbe\u5907\u548c\u7a0b\u5e8f\u4ee5\u9a8c\u8bc1\u5176\u6027\u80fd\u662f\u5426\u6b63\u5e38\u3002 \u5728\u5c06\u4fbf\u643a\u5f0f\u53ef\u79fb\u52a8\u5b58\u50a8\u8bbe\u5907\u8fde\u63a5\u5230\u4e91\u57fa\u7840\u67b6\u6784\u4e4b\u524d\uff0c\u5148\u5bf9\u5176\u8fdb\u884c\u6e05\u7406\u3002 \u9500\u6bc1\u65e0\u6cd5\u6e05\u7406\u7684\u4e91\u7cfb\u7edf\u4ecb\u8d28\u3002 \u5728 OpenStack \u90e8\u7f72\u4e2d\uff0c\u60a8\u9700\u8981\u89e3\u51b3\u4ee5\u4e0b\u95ee\u9898\uff1a \u5b89\u5168\u6570\u636e\u64e6\u9664 \u5b9e\u4f8b\u5185\u5b58\u6e05\u7406 \u5757\u5b58\u50a8\u5377\u6570\u636e \u8ba1\u7b97\u5b9e\u4f8b\u4e34\u65f6\u5b58\u50a8 \u88f8\u673a\u670d\u52a1\u5668\u6e05\u7406 \u6570\u636e\u672a\u5b89\u5168\u5220\u9664 \u00b6 \u5728OpenStack\u4e2d\uff0c\u67d0\u4e9b\u6570\u636e\u53ef\u80fd\u4f1a\u88ab\u5220\u9664\uff0c\u4f46\u5728\u4e0a\u8ff0NIST\u6807\u51c6\u7684\u4e0a\u4e0b\u6587\u4e2d\u4e0d\u4f1a\u88ab\u5b89\u5168\u5220\u9664\u3002\u8fd9\u901a\u5e38\u9002\u7528\u4e8e\u5b58\u50a8\u5728\u6570\u636e\u5e93\u4e2d\u7684\u5927\u591a\u6570\u6216\u5168\u90e8\u4e0a\u8ff0\u5b9a\u4e49\u7684\u5143\u6570\u636e\u548c\u4fe1\u606f\u3002\u8fd9\u53ef\u4ee5\u901a\u8fc7\u6570\u636e\u5e93\u548c/\u6216\u7cfb\u7edf\u914d\u7f6e\u8fdb\u884c\u81ea\u52a8\u5438\u5c18\u548c\u5b9a\u671f\u53ef\u7528\u7a7a\u95f4\u64e6\u9664\u6765\u4fee\u590d\u3002 \u5b9e\u4f8b\u5185\u5b58\u6e05\u7406 \u00b6 \u7279\u5b9a\u4e8e\u5404\u79cd\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u7684\u662f\u5b9e\u4f8b\u5185\u5b58\u7684\u5904\u7406\u3002OpenStack Compute \u4e2d\u6ca1\u6709\u5b9a\u4e49\u6b64\u884c\u4e3a\uff0c\u5c3d\u7ba1\u901a\u5e38\u671f\u671b hypervisor \u5728\u5220\u9664\u5b9e\u4f8b\u548c/\u6216\u521b\u5efa\u5b9e\u4f8b\u65f6\u5c3d\u6700\u5927\u52aa\u529b\u6e05\u7406\u5185\u5b58\u3002 Xen \u663e\u5f0f\u5730\u4e3a\u5b9e\u4f8b\u5206\u914d\u4e13\u7528\u5185\u5b58\u533a\u57df\uff0c\u5e76\u5728\u5b9e\u4f8b\uff08\u6216 Xen \u672f\u8bed\u4e2d\u7684\u57df\uff09\u9500\u6bc1\u65f6\u6e05\u7406\u6570\u636e\u3002KVM \u5728\u5f88\u5927\u7a0b\u5ea6\u4e0a\u4f9d\u8d56\u4e8e Linux \u9875\u9762\u7ba1\u7406;KVM \u6587\u6863\u4e2d\u5b9a\u4e49\u4e86\u4e00\u7ec4\u4e0e KVM \u5206\u9875\u76f8\u5173\u7684\u590d\u6742\u89c4\u5219\u3002 \u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u4f7f\u7528 Xen \u5185\u5b58\u6c14\u7403\u529f\u80fd\u53ef\u80fd\u4f1a\u5bfc\u81f4\u4fe1\u606f\u6cc4\u9732\u3002\u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\u907f\u514d\u4f7f\u7528\u6b64\u529f\u80fd\u3002 \u5bf9\u4e8e\u8fd9\u4e9b\u548c\u5176\u4ed6\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\uff0c\u6211\u4eec\u5efa\u8bae\u53c2\u8003\u7279\u5b9a\u4e8e\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u7684\u6587\u6863\u3002 Cinder \u5377\u6570\u636e \u00b6 \u5f3a\u70c8\u5efa\u8bae\u4f7f\u7528 OpenStack \u5377\u52a0\u5bc6\u529f\u80fd\u3002\u4e0b\u9762\u201c\u5377\u52a0\u5bc6\u201d\u4e0b\u7684\u201c\u6570\u636e\u52a0\u5bc6\u201d\u90e8\u5206\u5bf9\u6b64\u8fdb\u884c\u4e86\u8ba8\u8bba\u3002\u4f7f\u7528\u6b64\u529f\u80fd\u65f6\uff0c\u901a\u8fc7\u5b89\u5168\u5730\u5220\u9664\u52a0\u5bc6\u5bc6\u94a5\u6765\u5b8c\u6210\u6570\u636e\u9500\u6bc1\u3002\u6700\u7ec8\u7528\u6237\u53ef\u4ee5\u5728\u521b\u5efa\u5377\u65f6\u9009\u62e9\u6b64\u529f\u80fd\uff0c\u4f46\u8bf7\u6ce8\u610f\uff0c\u7ba1\u7406\u5458\u5fc5\u987b\u5148\u6267\u884c\u5377\u52a0\u5bc6\u529f\u80fd\u7684\u4e00\u6b21\u6027\u8bbe\u7f6e\u3002\u6709\u5173\u6b64\u8bbe\u7f6e\u7684\u8bf4\u660e\uff0c\u8bf7\u53c2\u9605\u201c\u914d\u7f6e\u53c2\u8003\u201d\u7684\u201c\u5757\u5b58\u50a8\u201d\u90e8\u5206\u7684\u201c\u5377\u52a0\u5bc6\u201d\u4e0b\u3002 \u5982\u679c\u4e0d\u4f7f\u7528 OpenStack \u5377\u52a0\u5bc6\u529f\u80fd\uff0c\u90a3\u4e48\u5176\u4ed6\u65b9\u6cd5\u901a\u5e38\u66f4\u96be\u542f\u7528\u3002\u5982\u679c\u4f7f\u7528\u540e\u7aef\u63d2\u4ef6\uff0c\u5219\u53ef\u80fd\u5b58\u5728\u72ec\u7acb\u7684\u52a0\u5bc6\u65b9\u6cd5\u6216\u975e\u6807\u51c6\u8986\u76d6\u89e3\u51b3\u65b9\u6848\u3002OpenStack Block Storage \u7684\u63d2\u4ef6\u5c06\u4ee5\u591a\u79cd\u65b9\u5f0f\u5b58\u50a8\u6570\u636e\u3002\u8bb8\u591a\u63d2\u4ef6\u7279\u5b9a\u4e8e\u4f9b\u5e94\u5546\u6216\u6280\u672f\uff0c\u800c\u5176\u4ed6\u63d2\u4ef6\u5219\u66f4\u591a\u5730\u662f\u56f4\u7ed5\u6587\u4ef6\u7cfb\u7edf\uff08\u5982 LVM \u6216 ZFS\uff09\u7684 DIY \u89e3\u51b3\u65b9\u6848\u3002\u5b89\u5168\u9500\u6bc1\u6570\u636e\u7684\u65b9\u6cd5\u56e0\u63d2\u4ef6\u800c\u5f02\uff0c\u56e0\u4f9b\u5e94\u5546\u7684\u89e3\u51b3\u65b9\u6848\u800c\u5f02\uff0c\u4e5f\u56e0\u6587\u4ef6\u7cfb\u7edf\u800c\u5f02\u3002 \u4e00\u4e9b\u540e\u7aef\uff08\u5982 ZFS\uff09\u5c06\u652f\u6301\u5199\u5165\u65f6\u590d\u5236\uff0c\u4ee5\u9632\u6b62\u6570\u636e\u6cc4\u9732\u3002\u5728\u8fd9\u4e9b\u60c5\u51b5\u4e0b\uff0c\u4ece\u672a\u5199\u5165\u5757\u4e2d\u8bfb\u53d6\u5c06\u59cb\u7ec8\u8fd4\u56de\u96f6\u3002\u5176\u4ed6\u540e\u7aef\uff08\u5982 LVM\uff09\u53ef\u80fd\u672c\u8eab\u4e0d\u652f\u6301\u6b64\u529f\u80fd\uff0c\u56e0\u6b64\u5757\u5b58\u50a8\u63d2\u4ef6\u8d1f\u8d23\u5728\u5c06\u4e4b\u524d\u5199\u5165\u7684\u5757\u4ea4\u7ed9\u7528\u6237\u4e4b\u524d\u8986\u76d6\u5b83\u4eec\u3002\u8bf7\u52a1\u5fc5\u67e5\u770b\u6240\u9009\u5377\u540e\u7aef\u63d0\u4f9b\u54ea\u4e9b\u4fdd\u8bc1\uff0c\u5e76\u67e5\u770b\u54ea\u4e9b\u4e2d\u4ecb\u53ef\u7528\u4e8e\u672a\u63d0\u4f9b\u7684\u4fdd\u8bc1\u3002 \u955c\u50cf\u670d\u52a1\u5ef6\u65f6\u5220\u9664\u529f\u80fd \u00b6 OpenStack \u955c\u50cf\u670d\u52a1\u5177\u6709\u5ef6\u8fdf\u5220\u9664\u529f\u80fd\uff0c\u8be5\u529f\u80fd\u5c06\u5728\u5b9a\u4e49\u7684\u65f6\u95f4\u6bb5\u5185\u7b49\u5f85\u955c\u50cf\u7684\u5220\u9664\u3002\u5982\u679c\u5b58\u5728\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u901a\u8fc7\u7f16\u8f91 etc/glance/glance-api.conf \u6587\u4ef6\u5e76\u5c06 delayed_delete \u9009\u9879\u8bbe\u7f6e\u4e3a False \u6765\u7981\u7528\u6b64\u529f\u80fd\u3002 \u8ba1\u7b97\u8f6f\u5220\u9664\u529f\u80fd \u00b6 OpenStack Compute \u5177\u6709\u8f6f\u5220\u9664\u529f\u80fd\uff0c\u8be5\u529f\u80fd\u4f7f\u88ab\u5220\u9664\u7684\u5b9e\u4f8b\u5728\u5b9a\u4e49\u7684\u65f6\u95f4\u6bb5\u5185\u5904\u4e8e\u8f6f\u5220\u9664\u72b6\u6001\u3002\u5b9e\u4f8b\u53ef\u4ee5\u5728\u6b64\u65f6\u95f4\u6bb5\u5185\u6062\u590d\u3002\u82e5\u8981\u7981\u7528\u8f6f\u5220\u9664\u529f\u80fd\uff0c\u8bf7\u7f16\u8f91 etc/nova/nova.conf \u6587\u4ef6\u5e76\u5c06\u8be5 reclaim_instance_interval \u9009\u9879\u7559\u7a7a\u3002 \u8ba1\u7b97\u5b9e\u4f8b\u4e34\u65f6\u5b58\u50a8 \u00b6 \u8bf7\u6ce8\u610f\uff0cOpenStack \u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\u529f\u80fd\u63d0\u4f9b\u4e86\u4e00\u79cd\u6539\u8fdb\u4e34\u65f6\u5b58\u50a8\u9690\u79c1\u548c\u9694\u79bb\u7684\u65b9\u6cd5\uff0c\u65e0\u8bba\u662f\u5728\u4e3b\u52a8\u4f7f\u7528\u671f\u95f4\u8fd8\u662f\u5728\u9500\u6bc1\u6570\u636e\u65f6\u3002\u4e0e\u52a0\u5bc6\u5757\u5b58\u50a8\u4e00\u6837\uff0c\u53ea\u9700\u5220\u9664\u52a0\u5bc6\u5bc6\u94a5\u5373\u53ef\u6709\u6548\u5730\u9500\u6bc1\u6570\u636e\u3002 \u5728\u521b\u5efa\u548c\u9500\u6bc1\u4e34\u65f6\u5b58\u50a8\u65f6\uff0c\u63d0\u4f9b\u6570\u636e\u9690\u79c1\u7684\u66ff\u4ee3\u63aa\u65bd\u5c06\u5728\u4e00\u5b9a\u7a0b\u5ea6\u4e0a\u53d6\u51b3\u4e8e\u6240\u9009\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u548c OpenStack \u8ba1\u7b97\u63d2\u4ef6\u3002 \u7528\u4e8e\u8ba1\u7b97\u7684 libvirt \u63d2\u4ef6\u53ef\u4ee5\u76f4\u63a5\u5728\u6587\u4ef6\u7cfb\u7edf\u4e0a\u6216 LVM \u4e2d\u7ef4\u62a4\u4e34\u65f6\u5b58\u50a8\u3002\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u901a\u5e38\u4e0d\u4f1a\u5728\u5220\u9664\u6570\u636e\u65f6\u8986\u76d6\u6570\u636e\uff0c\u4f46\u53ef\u4ee5\u4fdd\u8bc1\u4e0d\u4f1a\u5411\u7528\u6237\u63d0\u4f9b\u810f\u76d8\u533a\u3002 \u5f53\u4f7f\u7528 LVM \u652f\u6301\u7684\u57fa\u4e8e\u5757\u7684\u4e34\u65f6\u5b58\u50a8\u65f6\uff0cOpenStack \u8ba1\u7b97\u8f6f\u4ef6\u5fc5\u987b\u5b89\u5168\u5730\u64e6\u9664\u5757\u4ee5\u9632\u6b62\u4fe1\u606f\u6cc4\u9732\u3002\u8fc7\u53bb\u66fe\u5b58\u5728\u4e0e\u4e0d\u5f53\u64e6\u9664\u7684\u4e34\u65f6\u5757\u5b58\u50a8\u8bbe\u5907\u76f8\u5173\u7684\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002 \u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u5bf9\u4e8e\u4e34\u65f6\u5757\u5b58\u50a8\u8bbe\u5907\u6765\u8bf4\u662f\u4e00\u79cd\u6bd4 LVM \u66f4\u5b89\u5168\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u56e0\u4e3a\u65e0\u6cd5\u4e3a\u7528\u6237\u63d0\u4f9b\u810f\u76d8\u533a\u3002\u4f46\u662f\uff0c\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u7528\u6237\u6570\u636e\u4e0d\u4f1a\u88ab\u7834\u574f\uff0c\u56e0\u6b64\u5efa\u8bae\u5bf9\u540e\u5907\u6587\u4ef6\u7cfb\u7edf\u8fdb\u884c\u52a0\u5bc6\u3002 \u88f8\u673a\u670d\u52a1\u5668\u6e05\u7406 \u00b6 \u7528\u4e8e\u8ba1\u7b97\u7684\u88f8\u673a\u670d\u52a1\u5668\u9a71\u52a8\u7a0b\u5e8f\u6b63\u5728\u5f00\u53d1\u4e2d\uff0c\u6b64\u540e\u5df2\u8f6c\u79fb\u5230\u4e00\u4e2a\u540d\u4e3a ironic \u7684\u5355\u72ec\u9879\u76ee\u4e2d\u3002\u5728\u64b0\u5199\u672c\u6587\u65f6\uff0c\u5177\u6709\u8bbd\u523a\u610f\u5473\u7684\u662f\uff0c\u4f3c\u4e4e\u6ca1\u6709\u89e3\u51b3\u9a7b\u7559\u5728\u7269\u7406\u786c\u4ef6\u4e2d\u7684\u79df\u6237\u6570\u636e\u7684\u6e05\u7406\u95ee\u9898\u3002 \u6b64\u5916\uff0c\u88f8\u673a\u7cfb\u7edf\u7684\u79df\u6237\u53ef\u4ee5\u4fee\u6539\u7cfb\u7edf\u56fa\u4ef6\u3002\u5b89\u5168\u5f15\u5bfc\u4e2d\u6240\u8ff0\u7684 TPM \u6280\u672f\u63d0\u4f9b\u4e86\u4e00\u79cd\u7528\u4e8e\u68c0\u6d4b\u672a\u7ecf\u6388\u6743\u7684\u56fa\u4ef6\u66f4\u6539\u7684\u89e3\u51b3\u65b9\u6848\u3002 \u6570\u636e\u52a0\u5bc6 \u00b6 \u8be5\u9009\u9879\u53ef\u4f9b\u5b9e\u65bd\u8005\u52a0\u5bc6\u79df\u6237\u6570\u636e\uff0c\u65e0\u8bba\u8fd9\u4e9b\u6570\u636e\u5b58\u50a8\u5728\u78c1\u76d8\u4e0a\u6216\u901a\u8fc7\u7f51\u7edc\u4f20\u8f93\uff0c\u4f8b\u5982\u4e0b\u9762\u63cf\u8ff0\u7684 OpenStack \u5377\u52a0\u5bc6\u529f\u80fd\u3002\u8fd9\u8d85\u51fa\u4e86\u7528\u6237\u5728\u5c06\u81ea\u5df1\u7684\u6570\u636e\u53d1\u9001\u7ed9\u63d0\u4f9b\u5546\u4e4b\u524d\u52a0\u5bc6\u81ea\u5df1\u7684\u6570\u636e\u7684\u4e00\u822c\u5efa\u8bae\u3002 \u4ee3\u8868\u79df\u6237\u52a0\u5bc6\u6570\u636e\u7684\u91cd\u8981\u6027\u5f88\u5927\u7a0b\u5ea6\u4e0a\u4e0e\u63d0\u4f9b\u5546\u627f\u62c5\u7684\u653b\u51fb\u8005\u53ef\u80fd\u8bbf\u95ee\u79df\u6237\u6570\u636e\u7684\u98ce\u9669\u6709\u5173\u3002\u653f\u5e9c\u53ef\u80fd\u6709\u8981\u6c42\uff0c\u4e5f\u6709\u6bcf\u4e2a\u7b56\u7565\u7684\u8981\u6c42\uff0c\u79c1\u6709\u5408\u540c\uff0c\u751a\u81f3\u4e0e\u516c\u5171\u4e91\u63d0\u4f9b\u5546\u7684\u79c1\u6709\u5408\u540c\u6709\u5173\u7684\u5224\u4f8b\u6cd5\u3002\u5efa\u8bae\u5728\u9009\u62e9\u79df\u6237\u52a0\u5bc6\u7b56\u7565\u4e4b\u524d\u8fdb\u884c\u98ce\u9669\u8bc4\u4f30\u548c\u6cd5\u5f8b\u987e\u95ee\u3002 \u6309\u5b9e\u4f8b\u6216\u6309\u5bf9\u8c61\u52a0\u5bc6\u6bd4\u6309\u9879\u76ee\u3001\u6309\u79df\u6237\u3001\u6309\u4e3b\u673a\u548c\u6309\u4e91\u805a\u5408\u964d\u5e8f\u8fdb\u884c\u52a0\u5bc6\u66f4\u53ef\u53d6\u3002\u8fd9\u9879\u5efa\u8bae\u4e0e\u5b9e\u65bd\u7684\u590d\u6742\u6027\u548c\u96be\u5ea6\u76f8\u53cd\u3002\u76ee\u524d\uff0c\u5728\u67d0\u4e9b\u9879\u76ee\u4e2d\uff0c\u5f88\u96be\u6216\u4e0d\u53ef\u80fd\u5b9e\u73b0\u50cf\u6bcf\u4e2a\u79df\u6237\u4e00\u6837\u677e\u6563\u7684\u52a0\u5bc6\u3002\u6211\u4eec\u5efa\u8bae\u5b9e\u73b0\u8005\u5c3d\u6700\u5927\u52aa\u529b\u52a0\u5bc6\u79df\u6237\u6570\u636e\u3002 \u901a\u5e38\uff0c\u6570\u636e\u52a0\u5bc6\u4e0e\u53ef\u9760\u5730\u9500\u6bc1\u79df\u6237\u548c\u6bcf\u4e2a\u5b9e\u4f8b\u6570\u636e\u7684\u80fd\u529b\u5448\u6b63\u76f8\u5173\uff0c\u53ea\u9700\u4e22\u5f03\u5bc6\u94a5\u5373\u53ef\u3002\u5e94\u8be5\u6307\u51fa\u7684\u662f\uff0c\u5728\u8fd9\u6837\u505a\u65f6\uff0c\u4ee5\u53ef\u9760\u548c\u5b89\u5168\u7684\u65b9\u5f0f\u9500\u6bc1\u8fd9\u4e9b\u5bc6\u94a5\u53d8\u5f97\u975e\u5e38\u91cd\u8981\u3002 Opportunities to encrypt data for users are present: \u5b58\u5728\u4e3a\u7528\u6237\u52a0\u5bc6\u6570\u636e\u7684\u673a\u4f1a\uff1a \u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61 \u7f51\u7edc\u6570\u636e \u5377\u52a0\u5bc6 \u00b6 OpenStack \u4e2d\u7684\u5377\u52a0\u5bc6\u529f\u80fd\u652f\u6301\u57fa\u4e8e\u6bcf\u4e2a\u79df\u6237\u7684\u9690\u79c1\u4fdd\u62a4\u3002\u4ece Kilo \u7248\u672c\u5f00\u59cb\uff0c\u652f\u6301\u4ee5\u4e0b\u529f\u80fd\uff1a \u521b\u5efa\u548c\u4f7f\u7528\u52a0\u5bc6\u5377\u7c7b\u578b\uff0c\u901a\u8fc7\u4eea\u8868\u677f\u6216\u547d\u4ee4\u884c\u754c\u9762\u542f\u52a8 \u542f\u7528\u52a0\u5bc6\u5e76\u9009\u62e9\u52a0\u5bc6\u7b97\u6cd5\u548c\u5bc6\u94a5\u5927\u5c0f\u7b49\u53c2\u6570 iSCSI \u6570\u636e\u5305\u4e2d\u5305\u542b\u7684\u5377\u6570\u636e\u5df2\u52a0\u5bc6 \u5982\u679c\u539f\u59cb\u5377\u5df2\u52a0\u5bc6\uff0c\u5219\u652f\u6301\u52a0\u5bc6\u5907\u4efd \u4eea\u8868\u677f\u6307\u793a\u5377\u52a0\u5bc6\u72b6\u6001\u3002\u5305\u62ec\u5377\u5df2\u52a0\u5bc6\u7684\u6307\u793a\uff0c\u5e76\u5305\u62ec\u7b97\u6cd5\u548c\u5bc6\u94a5\u5927\u5c0f\u7b49\u52a0\u5bc6\u53c2\u6570 \u901a\u8fc7\u5b89\u5168\u5305\u88c5\u5668\u4e0e\u5bc6\u94a5\u7ba1\u7406\u670d\u52a1\u4ea4\u4e92 \u540e\u7aef\u5bc6\u94a5\u5b58\u50a8\u652f\u6301\u5377\u52a0\u5bc6\uff0c\u4ee5\u589e\u5f3a\u5b89\u5168\u6027\uff08\u4f8b\u5982\uff0c\u786c\u4ef6\u5b89\u5168\u6a21\u5757 \uff08HSM\uff09 \u6216 KMIP \u670d\u52a1\u5668\u53ef\u7528\u4f5c barbican \u540e\u7aef\u5bc6\u94a5\u5b58\u50a8\uff09 \u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6 \u00b6 \u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\u529f\u80fd\u53ef\u89e3\u51b3\u6570\u636e\u9690\u79c1\u95ee\u9898\u3002\u4e34\u65f6\u78c1\u76d8\u662f\u865a\u62df\u4e3b\u673a\u64cd\u4f5c\u7cfb\u7edf\u4f7f\u7528\u7684\u4e34\u65f6\u5de5\u4f5c\u7a7a\u95f4\u3002\u5982\u679c\u4e0d\u52a0\u5bc6\uff0c\u53ef\u4ee5\u5728\u6b64\u78c1\u76d8\u4e0a\u8bbf\u95ee\u654f\u611f\u7684\u7528\u6237\u4fe1\u606f\uff0c\u5e76\u4e14\u5728\u5378\u8f7d\u78c1\u76d8\u540e\u53ef\u80fd\u4f1a\u4fdd\u7559\u6b8b\u7559\u4fe1\u606f\u3002\u4ece Kilo \u7248\u672c\u5f00\u59cb\uff0c\u652f\u6301\u4ee5\u4e0b\u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\u529f\u80fd\uff1a \u521b\u5efa\u548c\u4f7f\u7528\u52a0\u5bc6\u7684 LVM \u4e34\u65f6\u78c1\u76d8\uff08\u6ce8\u610f\uff1a\u76ee\u524d OpenStack \u8ba1\u7b97\u670d\u52a1\u4ec5\u652f\u6301 LVM \u683c\u5f0f\u7684\u52a0\u5bc6\u4e34\u65f6\u78c1\u76d8\uff09 \u8ba1\u7b97\u914d\u7f6e \uff0c nova.conf \u5728\u201c[ephemeral_storage_encryption]\u201d\u90e8\u5206\u4e2d\u5177\u6709\u4ee5\u4e0b\u9ed8\u8ba4\u53c2\u6570 \u9009\u9879\uff1a\u201c\u5bc6\u7801 = AES-XTS-plain64\u201d \u6b64\u5b57\u6bb5\u8bbe\u7f6e\u7528\u4e8e\u52a0\u5bc6\u4e34\u65f6\u5b58\u50a8\u7684\u5bc6\u7801\u548c\u6a21\u5f0f\u3002NIST\u5efa\u8bae\u5c06AES-XTS\u4e13\u95e8\u7528\u4e8e\u78c1\u76d8\u5b58\u50a8\uff0c\u8be5\u540d\u79f0\u662f\u4f7f\u7528XTS\u52a0\u5bc6\u6a21\u5f0f\u7684AES\u52a0\u5bc6\u7684\u7b80\u5199\u3002\u53ef\u7528\u7684\u5bc6\u7801\u53d6\u51b3\u4e8e\u5185\u6838\u652f\u6301\u3002\u5728\u547d\u4ee4\u884c\u4e2d\uff0c\u8f93\u5165\u201ccryptsetup benchmark\u201d\u4ee5\u786e\u5b9a\u53ef\u7528\u9009\u9879\uff08\u5e76\u67e5\u770b\u57fa\u51c6\u6d4b\u8bd5\u7ed3\u679c\uff09\uff0c\u6216\u8f6c\u5230 /proc/crypto \u9009\u9879\uff1a 'enabled = false' \u8981\u4f7f\u7528\u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\uff0c\u8bf7\u8bbe\u7f6e\u9009\u9879\uff1a\u201cenabled = true\u201d \u9009\u9879\uff1a\u201ckey_size = 512\u201d \u8bf7\u6ce8\u610f\uff0c\u540e\u7aef\u5bc6\u94a5\u7ba1\u7406\u5668\u53ef\u80fd\u5b58\u5728\u5bc6\u94a5\u5927\u5c0f\u9650\u5236\uff0c\u53ef\u80fd\u9700\u8981\u4f7f\u7528\u201ckey_size = 256\u201d\uff0c\u8fd9\u4ec5\u63d0\u4f9b 128 \u4f4d\u7684 AES \u5bc6\u94a5\u5927\u5c0f\u3002\u9664\u4e86 AES \u6240\u9700\u7684\u52a0\u5bc6\u5bc6\u94a5\u5916\uff0cXTS \u8fd8\u9700\u8981\u81ea\u5df1\u7684\u201c\u8c03\u6574\u5bc6\u94a5\u201d\u3002\u8fd9\u901a\u5e38\u8868\u793a\u4e3a\u5355\u4e2a\u5927\u952e\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u4f7f\u7528 512 \u4f4d\u8bbe\u7f6e\uff0cAES \u5c06\u4f7f\u7528 256 \u4f4d\uff0cXTS \u5c06\u4f7f\u7528 256 \u4f4d\u3002\uff08\u89c1NIST\uff09 \u901a\u8fc7\u5b89\u5168\u5305\u88c5\u5668\u4e0e\u5bc6\u94a5\u7ba1\u7406\u670d\u52a1\u4ea4\u4e92 \u5bc6\u94a5\u7ba1\u7406\u670d\u52a1\u5c06\u901a\u8fc7\u4e3a\u6bcf\u4e2a\u79df\u6237\u63d0\u4f9b\u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\u5bc6\u94a5\u6765\u652f\u6301\u6570\u636e\u9694\u79bb \u540e\u7aef\u5bc6\u94a5\u5b58\u50a8\u652f\u6301\u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\uff0c\u4ee5\u589e\u5f3a\u5b89\u5168\u6027\uff08\u4f8b\u5982\uff0cHSM \u6216 KMIP \u670d\u52a1\u5668\u53ef\u7528\u4f5c barbican \u540e\u7aef\u5bc6\u94a5\u5b58\u50a8\uff09 \u4f7f\u7528\u5bc6\u94a5\u7ba1\u7406\u670d\u52a1\u65f6\uff0c\u5f53\u4e0d\u518d\u9700\u8981\u4e34\u65f6\u78c1\u76d8\u65f6\uff0c\u53ea\u9700\u5220\u9664\u5bc6\u94a5\u5373\u53ef\u53d6\u4ee3\u8986\u76d6\u4e34\u65f6\u78c1\u76d8\u5b58\u50a8\u533a\u57df \u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61 \u00b6 \u5bf9\u8c61\u5b58\u50a8 \uff08swift\uff09 \u652f\u6301\u5bf9\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u9759\u6001\u5bf9\u8c61\u6570\u636e\u8fdb\u884c\u53ef\u9009\u52a0\u5bc6\u3002\u5bf9\u8c61\u6570\u636e\u7684\u52a0\u5bc6\u65e8\u5728\u964d\u4f4e\u5728\u672a\u7ecf\u6388\u6743\u7684\u4e00\u65b9\u83b7\u5f97\u5bf9\u78c1\u76d8\u7684\u7269\u7406\u8bbf\u95ee\u6743\u9650\u65f6\u8bfb\u53d6\u7528\u6237\u6570\u636e\u7684\u98ce\u9669\u3002 \u9759\u6001\u6570\u636e\u52a0\u5bc6\u7531\u4e2d\u95f4\u4ef6\u5b9e\u73b0\uff0c\u4e2d\u95f4\u4ef6\u53ef\u80fd\u5305\u542b\u5728\u4ee3\u7406\u670d\u52a1\u5668 WSGI \u7ba1\u9053\u4e2d\u3002\u8be5\u529f\u80fd\u662f swift \u96c6\u7fa4\u5185\u90e8\u7684\uff0c\u4e0d\u901a\u8fc7 API \u516c\u5f00\u3002\u5ba2\u6237\u7aef\u4e0d\u77e5\u9053 swift \u670d\u52a1\u5185\u90e8\u7684\u6b64\u529f\u80fd\u5bf9\u6570\u636e\u8fdb\u884c\u4e86\u52a0\u5bc6;\u5185\u90e8\u52a0\u5bc6\u7684\u6570\u636e\u4e0d\u5e94\u901a\u8fc7 swift API \u8fd4\u56de\u7ed9\u5ba2\u6237\u7aef\u3002 \u4ee5\u4e0b\u6570\u636e\u5728 swift \u4e2d\u9759\u6001\u65f6\u88ab\u52a0\u5bc6\uff1a \u5bf9\u8c61\u5185\u5bb9\u3002\u4f8b\u5982\uff0c\u5bf9\u8c61 PUT \u8bf7\u6c42\u6b63\u6587\u7684\u5185\u5bb9 \u5177\u6709\u975e\u96f6\u5185\u5bb9\u7684\u5bf9\u8c61\u7684\u5b9e\u4f53\u6807\u8bb0 \uff08ETag\uff09 \u6240\u6709\u81ea\u5b9a\u4e49\u7528\u6237\u5bf9\u8c61\u5143\u6570\u636e\u503c\u3002\u4f8b\u5982\uff0c\u4f7f\u7528 X-Object-Meta- \u5e26\u6709 PUT \u6216 POST \u8bf7\u6c42\u7684\u524d\u7f00\u6807\u5934\u53d1\u9001\u7684\u5143\u6570\u636e \u4e0a\u8ff0\u5217\u8868\u4e2d\u672a\u5305\u542b\u7684\u4efb\u4f55\u6570\u636e\u6216\u5143\u6570\u636e\u5747\u672a\u52a0\u5bc6\uff0c\u5305\u62ec\uff1a \u5e10\u6237\u3001\u5bb9\u5668\u548c\u5bf9\u8c61\u540d\u79f0 \u5e10\u6237\u548c\u5bb9\u5668\u81ea\u5b9a\u4e49\u7528\u6237\u5143\u6570\u636e\u503c \u6240\u6709\u81ea\u5b9a\u4e49\u7528\u6237\u5143\u6570\u636e\u540d\u79f0 \u5bf9\u8c61\u5185\u5bb9\u7c7b\u578b\u503c \u5bf9\u8c61\u5927\u5c0f \u7cfb\u7edf\u5143\u6570\u636e \u6709\u5173\u5bf9\u8c61\u5b58\u50a8\u52a0\u5bc6\u7684\u90e8\u7f72\u3001\u64cd\u4f5c\u6216\u5b9e\u65bd\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u6709\u5173\u5bf9\u8c61\u52a0\u5bc6\u7684 swift \u5f00\u53d1\u4eba\u5458\u6587\u6863\u3002 \u5757\u5b58\u50a8\u6027\u80fd\u548c\u540e\u7aef \u00b6 \u542f\u7528\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u53ef\u4ee5\u4f7f\u7528 Intel \u548c AMD \u5904\u7406\u5668\u4e2d\u5f53\u524d\u53ef\u7528\u7684\u786c\u4ef6\u52a0\u901f\u529f\u80fd\u6765\u589e\u5f3a OpenStack Volume Encryption \u6027\u80fd\u3002OpenStack \u5377\u52a0\u5bc6\u529f\u80fd\u548c OpenStack \u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\u529f\u80fd\u90fd\u7528\u4e8e dm-crypt \u4fdd\u62a4\u5377\u6570\u636e\u3002 dm-crypt \u662f Linux \u5185\u6838\u7248\u672c 2.6 \u53ca\u66f4\u9ad8\u7248\u672c\u4e2d\u7684\u900f\u660e\u78c1\u76d8\u52a0\u5bc6\u529f\u80fd\u3002\u542f\u7528\u5377\u52a0\u5bc6\u540e\uff0c\u52a0\u5bc6\u6570\u636e\u5c06\u901a\u8fc7 iSCSI \u53d1\u9001\u5230\u5757\u5b58\u50a8\uff0c\u4ece\u800c\u540c\u65f6\u4fdd\u62a4\u4f20\u8f93\u4e2d\u7684\u6570\u636e\u548c\u9759\u6001\u6570\u636e\u3002\u4f7f\u7528\u786c\u4ef6\u52a0\u901f\u65f6\uff0c\u8fd9\u4e24\u79cd\u52a0\u5bc6\u529f\u80fd\u5bf9\u6027\u80fd\u7684\u5f71\u54cd\u90fd\u4f1a\u964d\u5230\u6700\u4f4e\u3002 \u867d\u7136\u6211\u4eec\u5efa\u8bae\u4f7f\u7528 OpenStack \u5377\u52a0\u5bc6\u529f\u80fd\uff0c\u4f46\u5757\u5b58\u50a8\u652f\u6301\u591a\u79cd\u66ff\u4ee3\u540e\u7aef\u6765\u63d0\u4f9b\u53ef\u6302\u8f7d\u5377\uff0c\u5176\u4e2d\u4e00\u4e9b\u8fd8\u53ef\u80fd\u63d0\u4f9b\u5377\u52a0\u5bc6\u3002\u7531\u4e8e\u540e\u7aef\u5982\u6b64\u4e4b\u591a\uff0c\u5e76\u4e14\u5fc5\u987b\u4ece\u6bcf\u4e2a\u4f9b\u5e94\u5546\u5904\u83b7\u53d6\u4fe1\u606f\uff0c\u56e0\u6b64\u6307\u5b9a\u5728\u4efb\u4f55\u4e00\u4e2a\u4f9b\u5e94\u5546\u4e2d\u5b9e\u65bd\u52a0\u5bc6\u7684\u5efa\u8bae\u8d85\u51fa\u4e86\u672c\u6307\u5357\u7684\u8303\u56f4\u3002 \u7f51\u7edc\u6570\u636e \u00b6 \u8ba1\u7b97\u7684\u79df\u6237\u6570\u636e\u53ef\u4ee5\u901a\u8fc7 IPsec \u6216\u5176\u4ed6\u96a7\u9053\u8fdb\u884c\u52a0\u5bc6\u3002\u8fd9\u5728OpenStack\u4e2d\u5e76\u4e0d\u5e38\u89c1\u6216\u6807\u51c6\uff0c\u4f46\u5bf9\u4e8e\u6709\u52a8\u529b\u548c\u611f\u5174\u8da3\u7684\u5b9e\u73b0\u8005\u6765\u8bf4\uff0c\u8fd9\u662f\u4e00\u4e2a\u9009\u9879\u3002 \u540c\u6837\uff0c\u52a0\u5bc6\u6570\u636e\u5728\u901a\u8fc7\u7f51\u7edc\u4f20\u8f93\u65f6\u5c06\u4fdd\u6301\u52a0\u5bc6\u72b6\u6001\u3002 \u5bc6\u94a5\u7ba1\u7406 \u00b6 \u4e3a\u4e86\u89e3\u51b3\u7ecf\u5e38\u63d0\u5230\u7684\u79df\u6237\u6570\u636e\u9690\u79c1\u548c\u9650\u5236\u4e91\u63d0\u4f9b\u5546\u8d23\u4efb\u7684\u95ee\u9898\uff0cOpenStack\u793e\u533a\u5bf9\u4f7f\u6570\u636e\u52a0\u5bc6\u66f4\u52a0\u666e\u904d\u7684\u5174\u8da3\u8d8a\u6765\u8d8a\u5927\u3002\u5bf9\u4e8e\u6700\u7ec8\u7528\u6237\u6765\u8bf4\uff0c\u5728\u5c06\u6570\u636e\u4fdd\u5b58\u5230\u4e91\u4e4b\u524d\u5bf9\u5176\u8fdb\u884c\u52a0\u5bc6\u76f8\u5bf9\u5bb9\u6613\uff0c\u8fd9\u662f\u79df\u6237\u5bf9\u8c61\uff08\u5982\u5a92\u4f53\u6587\u4ef6\u3001\u6570\u636e\u5e93\u5b58\u6863\u7b49\uff09\u7684\u53ef\u884c\u8def\u5f84\u3002\u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\uff0c\u5ba2\u6237\u7aef\u52a0\u5bc6\u7528\u4e8e\u52a0\u5bc6\u865a\u62df\u5316\u6280\u672f\u4fdd\u5b58\u7684\u6570\u636e\uff0c\u8fd9\u9700\u8981\u5ba2\u6237\u7aef\u4ea4\u4e92\uff08\u4f8b\u5982\u63d0\u4f9b\u5bc6\u94a5\uff09\u6765\u89e3\u5bc6\u6570\u636e\u4ee5\u4f9b\u5c06\u6765\u4f7f\u7528\u3002\u4e3a\u4e86\u65e0\u7f1d\u5730\u4fdd\u62a4\u6570\u636e\u5e76\u4f7f\u5176\u53ef\u8bbf\u95ee\uff0c\u800c\u65e0\u9700\u7ed9\u5ba2\u6237\u5e26\u6765\u7ba1\u7406\u5176\u5bc6\u94a5\u7684\u8d1f\u62c5\uff0c\u5e76\u4ee5\u4ea4\u4e92\u65b9\u5f0f\u5411\u4ed6\u4eec\u63d0\u4f9b OpenStack \u4e2d\u7684\u5bc6\u94a5\u7ba1\u7406\u670d\u52a1\u3002\u4f5c\u4e3aOpenStack\u7684\u4e00\u90e8\u5206\uff0c\u63d0\u4f9b\u52a0\u5bc6\u548c\u5bc6\u94a5\u7ba1\u7406\u670d\u52a1\u53ef\u4ee5\u7b80\u5316\u9759\u6001\u6570\u636e\u5b89\u5168\u91c7\u7528\uff0c\u5e76\u89e3\u51b3\u5ba2\u6237\u5bf9\u9690\u79c1\u6216\u6570\u636e\u6ee5\u7528\u7684\u62c5\u5fe7\uff0c\u540c\u65f6\u4e5f\u9650\u5236\u4e86\u4e91\u63d0\u4f9b\u5546\u7684\u8d23\u4efb\u3002\u8fd9\u6709\u52a9\u4e8e\u51cf\u5c11\u63d0\u4f9b\u5546\u5728\u591a\u79df\u6237\u516c\u6709\u4e91\u4e2d\u7684\u4e8b\u4ef6\u8c03\u67e5\u671f\u95f4\u5904\u7406\u79df\u6237\u6570\u636e\u65f6\u7684\u8d23\u4efb\u3002 \u5377\u52a0\u5bc6\u548c\u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\u529f\u80fd\u4f9d\u8d56\u4e8e\u5bc6\u94a5\u7ba1\u7406\u670d\u52a1\uff08\u4f8b\u5982\uff0cbarbican\uff09\u6765\u521b\u5efa\u548c\u5b89\u5168\u5b58\u50a8\u5bc6\u94a5\u3002\u5bc6\u94a5\u7ba1\u7406\u5668\u662f\u53ef\u63d2\u5165\u7684\uff0c\u4ee5\u65b9\u4fbf\u9700\u8981\u7b2c\u4e09\u65b9\u786c\u4ef6\u5b89\u5168\u6a21\u5757 \uff08HSM\uff09 \u6216\u4f7f\u7528\u5bc6\u94a5\u7ba1\u7406\u4ea4\u6362\u534f\u8bae \uff08KMIP\uff09 \u7684\u90e8\u7f72\uff0c\u8be5\u534f\u8bae\u7531\u540d\u4e3a PyKMIP \u7684\u5f00\u6e90\u9879\u76ee\u652f\u6301\u3002 \u53c2\u8003\u4e66\u76ee\uff1a \u00b6 OpenStack.org\uff0c\u6b22\u8fce\u6765\u5230 barbican \u7684\u5f00\u53d1\u8005\u6587\u6863\uff012014\u3002Barbican \u5f00\u53d1\u8005\u6587\u6863 oasis-open.org\uff0cOASIS \u5bc6\u94a5\u7ba1\u7406\u4e92\u64cd\u4f5c\u6027\u534f\u8bae \uff08KMIP\uff09\u30022014\u5e74\u3002KMIP PyKMIP \u5e93 \u673a\u5bc6\u7ba1\u7406 \u673a\u5bc6\u7ba1\u7406 \u5b9e\u4f8b\u5b89\u5168\u7ba1\u7406 \u00b6 \u5728\u865a\u62df\u5316\u73af\u5883\u4e2d\u8fd0\u884c\u5b9e\u4f8b\u7684\u4f18\u70b9\u4e4b\u4e00\u662f\uff0c\u5b83\u4e3a\u5b89\u5168\u63a7\u5236\u5f00\u8f9f\u4e86\u65b0\u7684\u673a\u4f1a\uff0c\u800c\u8fd9\u4e9b\u63a7\u5236\u5728\u90e8\u7f72\u5230\u88f8\u673a\u4e0a\u65f6\u901a\u5e38\u4e0d\u53ef\u7528\u3002\u6709\u51e0\u79cd\u6280\u672f\u53ef\u4ee5\u5e94\u7528\u4e8e\u865a\u62df\u5316\u5806\u6808\uff0c\u4e3a\u4e91\u79df\u6237\u5e26\u6765\u66f4\u597d\u7684\u4fe1\u606f\u4fdd\u969c\u3002 \u5177\u6709\u5f3a\u70c8\u5b89\u5168\u8981\u6c42\u7684 OpenStack \u90e8\u7f72\u4eba\u5458\u6216\u7528\u6237\u53ef\u80fd\u9700\u8981\u8003\u8651\u90e8\u7f72\u8fd9\u4e9b\u6280\u672f\u3002\u5e76\u975e\u6240\u6709\u60c5\u51b5\u90fd\u9002\u7528\u3002\u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\uff0c\u7531\u4e8e\u89c4\u8303\u6027\u4e1a\u52a1\u9700\u6c42\uff0c\u53ef\u80fd\u4f1a\u6392\u9664\u5728\u4e91\u4e2d\u4f7f\u7528\u6280\u672f\u3002\u540c\u6837\uff0c\u67d0\u4e9b\u6280\u672f\u4f1a\u68c0\u67e5\u5b9e\u4f8b\u6570\u636e\uff0c\u4f8b\u5982\u8fd0\u884c\u72b6\u6001\uff0c\u8fd9\u5bf9\u7cfb\u7edf\u7528\u6237\u6765\u8bf4\u53ef\u80fd\u662f\u4e0d\u5e0c\u671b\u7684\u3002 \u5728\u672c\u7ae0\u4e2d\uff0c\u6211\u4eec\u5c06\u63a2\u8ba8\u8fd9\u4e9b\u6280\u672f\uff0c\u5e76\u63cf\u8ff0\u5b83\u4eec\u53ef\u7528\u4e8e\u589e\u5f3a\u5b9e\u4f8b\u6216\u5e95\u5c42\u5b9e\u4f8b\u5b89\u5168\u6027\u7684\u60c5\u51b5\u3002\u6211\u4eec\u8fd8\u8bd5\u56fe\u5f3a\u8c03\u53ef\u80fd\u5b58\u5728\u9690\u79c1\u95ee\u9898\u7684\u5730\u65b9\u3002\u8fd9\u4e9b\u5305\u62ec\u6570\u636e\u4f20\u9012\u3001\u5185\u7701\u6216\u63d0\u4f9b\u71b5\u6e90\u3002\u5728\u672c\u8282\u4e2d\uff0c\u6211\u4eec\u5c06\u91cd\u70b9\u4ecb\u7ecd\u4ee5\u4e0b\u9644\u52a0\u5b89\u5168\u670d\u52a1\uff1a \u5b9e\u4f8b\u7684\u71b5 \u5c06\u5b9e\u4f8b\u8c03\u5ea6\u5230\u8282\u70b9 \u53d7\u4fe1\u4efb\u7684\u6620\u50cf \u5b9e\u4f8b\u8fc1\u79fb \u76d1\u63a7\u3001\u8b66\u62a5\u548c\u62a5\u544a \u66f4\u65b0\u548c\u8865\u4e01 \u9632\u706b\u5899\u548c\u5176\u4ed6\u57fa\u4e8e\u4e3b\u673a\u7684\u5b89\u5168\u63a7\u5236 \u5b9e\u4f8b\u7684\u5b89\u5168\u670d\u52a1 \u5b9e\u4f8b\u7684\u71b5 \u5c06\u5b9e\u4f8b\u8c03\u5ea6\u5230\u8282\u70b9 \u53d7\u4fe1\u4efb\u7684\u6620\u50cf \u5b9e\u4f8b\u8fc1\u79fb \u76d1\u63a7\u3001\u8b66\u62a5\u548c\u62a5\u544a \u66f4\u65b0\u548c\u8865\u4e01 \u9632\u706b\u5899\u548c\u5176\u4ed6\u57fa\u4e8e\u4e3b\u673a\u7684\u5b89\u5168\u63a7\u5236 \u5b9e\u4f8b\u7684\u5b89\u5168\u670d\u52a1 \u00b6 \u5b9e\u4f8b\u7684\u71b5 \u00b6 \u6211\u4eec\u8ba4\u4e3a\u71b5\u662f\u6307\u5b9e\u4f8b\u53ef\u7528\u7684\u968f\u673a\u6570\u636e\u7684\u8d28\u91cf\u548c\u6765\u6e90\u3002\u52a0\u5bc6\u6280\u672f\u901a\u5e38\u4e25\u91cd\u4f9d\u8d56\u968f\u673a\u6027\uff0c\u9700\u8981\u9ad8\u8d28\u91cf\u7684\u71b5\u6c60\u624d\u80fd\u4ece\u4e2d\u6c72\u53d6\u3002\u865a\u62df\u673a\u901a\u5e38\u5f88\u96be\u83b7\u5f97\u8db3\u591f\u7684\u71b5\u6765\u652f\u6301\u8fd9\u4e9b\u64cd\u4f5c\uff0c\u8fd9\u79f0\u4e3a\u71b5\u9965\u997f\u3002\u71b5\u9965\u997f\u53ef\u4ee5\u8868\u73b0\u4e3a\u770b\u4f3c\u65e0\u5173\u7684\u4e8b\u60c5\u3002\u4f8b\u5982\uff0c\u542f\u52a8\u65f6\u95f4\u6162\u53ef\u80fd\u662f\u7531\u4e8e\u5b9e\u4f8b\u7b49\u5f85 ssh \u5bc6\u94a5\u751f\u6210\u9020\u6210\u7684\u3002\u71b5\u9965\u997f\u8fd8\u53ef\u80fd\u4fc3\u4f7f\u7528\u6237\u5728\u5b9e\u4f8b\u4e2d\u4f7f\u7528\u8d28\u91cf\u8f83\u5dee\u7684\u71b5\u6e90\uff0c\u4ece\u800c\u4f7f\u5728\u4e91\u4e2d\u8fd0\u884c\u7684\u5e94\u7528\u7a0b\u5e8f\u6574\u4f53\u5b89\u5168\u6027\u964d\u4f4e\u3002 \u5e78\u8fd0\u7684\u662f\uff0c\u4e91\u67b6\u6784\u5e08\u53ef\u4ee5\u901a\u8fc7\u4e3a\u4e91\u5b9e\u4f8b\u63d0\u4f9b\u9ad8\u8d28\u91cf\u7684\u71b5\u6e90\u6765\u89e3\u51b3\u8fd9\u4e9b\u95ee\u9898\u3002\u8fd9\u53ef\u4ee5\u901a\u8fc7\u5728\u4e91\u4e2d\u62e5\u6709\u8db3\u591f\u7684\u786c\u4ef6\u968f\u673a\u6570\u751f\u6210\u5668 \uff08HRNG\uff09 \u6765\u652f\u6301\u5b9e\u4f8b\u6765\u5b9e\u73b0\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u201c\u8db3\u591f\u201d\u5728\u67d0\u79cd\u7a0b\u5ea6\u4e0a\u662f\u7279\u5b9a\u4e8e\u57df\u7684\u3002\u5bf9\u4e8e\u65e5\u5e38\u64cd\u4f5c\uff0c\u73b0\u4ee3 HRNG \u53ef\u80fd\u4f1a\u4ea7\u751f\u8db3\u591f\u7684\u71b5\u6765\u652f\u6301 50-100 \u4e2a\u8ba1\u7b97\u8282\u70b9\u3002\u9ad8\u5e26\u5bbd HRNG\uff08\u4f8b\u5982\u82f1\u7279\u5c14 Ivy Bridge \u548c\u66f4\u65b0\u7684\u5904\u7406\u5668\u63d0\u4f9b\u7684 RdRand \u6307\u4ee4\uff09\u53ef\u80fd\u4f1a\u5904\u7406\u66f4\u591a\u8282\u70b9\u3002\u5bf9\u4e8e\u7ed9\u5b9a\u7684\u4e91\uff0c\u67b6\u6784\u5e08\u9700\u8981\u4e86\u89e3\u5e94\u7528\u7a0b\u5e8f\u8981\u6c42\uff0c\u4ee5\u786e\u4fdd\u6709\u8db3\u591f\u7684\u71b5\u53ef\u7528\u3002 Virtio RNG \u662f\u4e00\u4e2a\u968f\u673a\u6570\u751f\u6210\u5668\uff0c\u9ed8\u8ba4\u60c5\u51b5\u4e0b\u7528\u4f5c /dev/random \u71b5\u6e90\uff0c\u4f46\u53ef\u4ee5\u914d\u7f6e\u4e3a\u4f7f\u7528\u786c\u4ef6 RNG \u6216\u71b5\u6536\u96c6\u5b88\u62a4\u7a0b\u5e8f \uff08EGD\uff09 \u7b49\u5de5\u5177\uff0c\u4ee5\u63d0\u4f9b\u4e00\u79cd\u901a\u8fc7\u5206\u5e03\u5f0f\u7cfb\u7edf\u516c\u5e73\u5b89\u5168\u5730\u5206\u914d\u71b5\u7684\u65b9\u6cd5\u3002Virtio RNG \u662f\u4f7f\u7528\u7528\u4e8e\u521b\u5efa\u5b9e\u4f8b\u7684\u5143\u6570\u636e\u7684 hw_rng \u5c5e\u6027\u542f\u7528\u7684\u3002 \u5c06\u5b9e\u4f8b\u8c03\u5ea6\u5230\u8282\u70b9 \u00b6 \u5728\u521b\u5efa\u5b9e\u4f8b\u4e4b\u524d\uff0c\u5fc5\u987b\u9009\u62e9\u7528\u4e8e\u955c\u50cf\u5b9e\u4f8b\u5316\u7684\u4e3b\u673a\u3002\u6b64\u9009\u62e9\u7531 nova-scheduler \u786e\u5b9a\u5982\u4f55\u5206\u6d3e\u8ba1\u7b97\u548c\u5377\u8bf7\u6c42\u7684 \u6267\u884c\u3002 \u8fd9\u662f FilterScheduler OpenStack Compute\u7684\u9ed8\u8ba4\u8c03\u5ea6\u7a0b\u5e8f\uff0c\u5c3d\u7ba1\u5b58\u5728\u5176\u4ed6\u8c03\u5ea6\u7a0b\u5e8f\uff08\u8bf7\u53c2\u9605 OpenStack Configuration Reference \u4e2d\u7684 Scheduling \u90e8\u5206\uff09\u3002\u8fd9\u4e0e\u201c\u8fc7\u6ee4\u5668\u63d0\u793a\u201d\u534f\u540c\u5de5\u4f5c\uff0c\u4ee5\u51b3\u5b9a\u5b9e\u4f8b\u7684\u542f\u52a8\u4f4d\u7f6e\u3002\u6b64\u4e3b\u673a\u9009\u62e9\u8fc7\u7a0b\u5141\u8bb8\u7ba1\u7406\u5458\u6ee1\u8db3\u8bb8\u591a\u4e0d\u540c\u7684\u5b89\u5168\u6027\u548c\u5408\u89c4\u6027\u8981\u6c42\u3002\u4f8b\u5982\uff0c\u6839\u636e\u4e91\u90e8\u7f72\u7c7b\u578b\uff0c\u5982\u679c\u6570\u636e\u9694\u79bb\u662f\u4e3b\u8981\u95ee\u9898\uff0c\u5219\u53ef\u4ee5\u9009\u62e9\u5c3d\u53ef\u80fd\u8ba9\u79df\u6237\u5b9e\u4f8b\u9a7b\u7559\u5728\u76f8\u540c\u7684\u4e3b\u673a\u4e0a\u3002\u76f8\u53cd\uff0c\u51fa\u4e8e\u53ef\u7528\u6027\u6216\u5bb9\u9519\u539f\u56e0\uff0c\u53ef\u4ee5\u5c1d\u8bd5\u5c06\u79df\u6237\u7684\u5b9e\u4f8b\u9a7b\u7559\u5728\u5c3d\u53ef\u80fd\u591a\u7684\u4e0d\u540c\u4e3b\u673a\u4e0a\u3002 \u7b5b\u9009\u5668\u8ba1\u5212\u7a0b\u5e8f\u5206\u4e3a\u56db\u5927\u7c7b\uff1a \u57fa\u4e8e\u8d44\u6e90\u7684\u7b5b\u9009\u5668 \u8fd9\u4e9b\u7b5b\u9009\u5668\u5c06\u6839\u636e\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u4e3b\u673a\u96c6\u7684\u5229\u7528\u7387\u521b\u5efa\u5b9e\u4f8b\uff0c\u5e76\u53ef\u4ee5\u5728\u53ef\u7528\u6216\u4f7f\u7528\u7684\u5c5e\u6027\uff08\u5982 RAM\u3001IO \u6216 CPU \u5229\u7528\u7387\uff09\u4e0a\u89e6\u53d1\u3002 \u57fa\u4e8e\u6620\u50cf\u7684\u8fc7\u6ee4\u5668 \u8fd9\u5c06\u6839\u636e\u4f7f\u7528\u7684\u6620\u50cf\uff08\u4f8b\u5982 VM \u7684\u64cd\u4f5c\u7cfb\u7edf\u6216\u4f7f\u7528\u7684\u6620\u50cf\u7c7b\u578b\uff09\u59d4\u6d3e\u5b9e\u4f8b\u521b\u5efa\u3002 \u57fa\u4e8e\u73af\u5883\u7684\u8fc7\u6ee4\u5668 \u6b64\u7b5b\u9009\u5668\u5c06\u57fa\u4e8e\u5916\u90e8\u8be6\u7ec6\u4fe1\u606f\u521b\u5efa\u5b9e\u4f8b\uff0c\u4f8b\u5982\u5728\u7279\u5b9a IP \u8303\u56f4\u5185\u3001\u8de8\u53ef\u7528\u533a\u6216\u4e0e\u5176\u4ed6\u5b9e\u4f8b\u4f4d\u4e8e\u540c\u4e00\u4e3b\u673a\u4e0a\u3002 \u81ea\u5b9a\u4e49\u6761\u4ef6 \u6b64\u7b5b\u9009\u5668\u5c06\u6839\u636e\u7528\u6237\u6216\u7ba1\u7406\u5458\u63d0\u4f9b\u7684\u6761\u4ef6\uff08\u5982\u4fe1\u4efb\u6216\u5143\u6570\u636e\u5206\u6790\uff09\u59d4\u6d3e\u5b9e\u4f8b\u521b\u5efa\u3002 \u53ef\u4ee5\u540c\u65f6\u5e94\u7528\u591a\u4e2a\u7b5b\u9009\u5668\uff0c\u4f8b\u5982\uff0c\u7b5b\u9009\u5668\u7528\u4e8e\u786e\u4fdd\u5728\u4e00\u7ec4\u7279\u5b9a\u4e3b\u673a\u7684\u6210\u5458\u4e0a\u521b\u5efa\u5b9e\u4f8b\uff0c\u4ee5\u53ca ServerGroupAntiAffinity \u7528\u4e8e\u786e\u4fdd\u4e0d\u4f1a\u5728\u53e6\u4e00\u7ec4\u7279\u5b9a\u4e3b\u673a\u4e0a\u521b\u5efa\u540c\u4e00\u5b9e\u4f8b\u7684\u7b5b\u9009\u5668 ServerGroupAffinity \u3002\u5e94\u4ed4\u7ec6\u5206\u6790\u8fd9\u4e9b\u7b5b\u9009\u5668\uff0c\u4ee5\u786e\u4fdd\u5b83\u4eec\u4e0d\u4f1a\u76f8\u4e92\u51b2\u7a81\uff0c\u5e76\u5bfc\u81f4\u963b\u6b62\u521b\u5efa\u5b9e\u4f8b\u7684\u89c4\u5219\u3002 GroupAffinity \u548c GroupAntiAffinity \u7b5b\u9009\u5668\u51b2\u7a81\uff0c\u4e0d\u5e94\u540c\u65f6\u542f\u7528\u3002 \u7b5b\u9009\u5668 DiskFilter \u80fd\u591f\u8d85\u989d\u8ba2\u9605\u78c1\u76d8\u7a7a\u95f4\u3002\u867d\u7136\u901a\u5e38\u4e0d\u662f\u95ee\u9898\uff0c\u4f46\u5bf9\u4e8e\u7cbe\u7b80\u9884\u914d\u7684\u5b58\u50a8\u8bbe\u5907\u6765\u8bf4\uff0c\u8fd9\u53ef\u80fd\u662f\u4e00\u4e2a\u95ee\u9898\uff0c\u5e76\u4e14\u6b64\u7b5b\u9009\u5668\u5e94\u4e0e\u5e94\u7528\u7ecf\u8fc7\u5145\u5206\u6d4b\u8bd5\u7684\u914d\u989d\u4e00\u8d77\u4f7f\u7528\u3002 \u6211\u4eec\u5efa\u8bae\u60a8\u7981\u7528\u8fc7\u6ee4\u5668\uff0c\u8fd9\u4e9b\u8fc7\u6ee4\u5668\u53ef\u4ee5\u5206\u6790\u7528\u6237\u63d0\u4f9b\u7684\u5185\u5bb9\u6216\u53ef\u64cd\u4f5c\u7684\u5185\u5bb9\uff0c\u4f8b\u5982\u5143\u6570\u636e\u3002 \u53ef\u4fe1\u955c\u50cf \u00b6 \u5728\u4e91\u73af\u5883\u4e2d\uff0c\u7528\u6237\u4f7f\u7528\u9884\u5b89\u88c5\u7684\u6620\u50cf\u6216\u4ed6\u4eec\u81ea\u5df1\u4e0a\u4f20\u7684\u6620\u50cf\u3002\u5728\u8fd9\u4e24\u79cd\u60c5\u51b5\u4e0b\uff0c\u7528\u6237\u90fd\u5e94\u8be5\u80fd\u591f\u786e\u4fdd\u4ed6\u4eec\u6b63\u5728\u4f7f\u7528\u7684\u56fe\u50cf\u6ca1\u6709\u88ab\u7be1\u6539\u3002\u9a8c\u8bc1\u56fe\u50cf\u7684\u80fd\u529b\u662f\u5b89\u5168\u6027\u7684\u57fa\u672c\u8981\u6c42\u3002\u4ece\u6620\u50cf\u6e90\u5230\u4f7f\u7528\u6620\u50cf\u7684\u76ee\u6807\u9700\u8981\u4fe1\u4efb\u94fe\u3002\u8fd9\u53ef\u4ee5\u901a\u8fc7\u5bf9\u4ece\u53d7\u4fe1\u4efb\u6765\u6e90\u83b7\u53d6\u7684\u6620\u50cf\u8fdb\u884c\u7b7e\u540d\u5e76\u5728\u4f7f\u7528\u524d\u9a8c\u8bc1\u7b7e\u540d\u6765\u5b9e\u73b0\u3002\u4e0b\u9762\u5c06\u8ba8\u8bba\u83b7\u53d6\u548c\u521b\u5efa\u5df2\u9a8c\u8bc1\u56fe\u50cf\u7684\u5404\u79cd\u65b9\u6cd5\uff0c\u7136\u540e\u4ecb\u7ecd\u56fe\u50cf\u7b7e\u540d\u9a8c\u8bc1\u529f\u80fd\u3002 \u955c\u50cf\u521b\u5efa\u8fc7\u7a0b \u00b6 OpenStack \u6587\u6863\u63d0\u4f9b\u4e86\u6709\u5173\u5982\u4f55\u521b\u5efa\u6620\u50cf\u5e76\u5c06\u5176\u4e0a\u4f20\u5230\u6620\u50cf\u670d\u52a1\u7684\u6307\u5bfc\u3002\u6b64\u5916\uff0c\u5047\u5b9a\u60a8\u6709\u4e00\u4e2a\u5b89\u88c5\u548c\u5f3a\u5316\u64cd\u4f5c\u7cfb\u7edf\u7684\u8fc7\u7a0b\u3002\u56e0\u6b64\uff0c\u4ee5\u4e0b\u5404\u9879\u5c06\u63d0\u4f9b\u6709\u5173\u5982\u4f55\u786e\u4fdd\u5c06\u6620\u50cf\u5b89\u5168\u5730\u4f20\u8f93\u5230 OpenStack \u4e2d\u7684\u989d\u5916\u6307\u5bfc\u3002\u6709\u591a\u79cd\u9009\u9879\u53ef\u7528\u4e8e\u83b7\u53d6\u56fe\u50cf\u3002\u6bcf\u4e2a\u6b65\u9aa4\u90fd\u6709\u7279\u5b9a\u7684\u6b65\u9aa4\uff0c\u6709\u52a9\u4e8e\u9a8c\u8bc1\u56fe\u50cf\u7684\u51fa\u5904\u3002 \u7b2c\u4e00\u4e2a\u9009\u9879\u662f\u4ece\u53d7\u4fe1\u4efb\u7684\u6765\u6e90\u83b7\u53d6\u542f\u52a8\u5a92\u4f53\u3002 $ mkdir -p /tmp/download_directorycd /tmp/download_directory $ wget http://mirror.anl.gov/pub/ubuntu-iso/CDs/precise/ubuntu-12.04.2-server-amd64.iso $ wget http://mirror.anl.gov/pub/ubuntu-iso/CDs/precise/SHA256SUMS $ wget http://mirror.anl.gov/pub/ubuntu-iso/CDs/precise/SHA256SUMS.gpg $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xFBB75451 $ gpg --verify SHA256SUMS.gpg SHA256SUMSsha256sum -c SHA256SUMS 2>&1 | grep OK \u7b2c\u4e8c\u79cd\u9009\u62e9\u662f\u4f7f\u7528 OpenStack \u865a\u62df\u673a\u6620\u50cf\u6307\u5357\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u60a8\u9700\u8981\u9075\u5faa\u7ec4\u7ec7\u7684\u64cd\u4f5c\u7cfb\u7edf\u5f3a\u5316\u51c6\u5219\u6216\u53d7\u4fe1\u4efb\u7684\u7b2c\u4e09\u65b9\uff08\u5982 Linux STIG\uff09\u63d0\u4f9b\u7684\u51c6\u5219\u3002 \u6700\u540e\u4e00\u79cd\u9009\u62e9\u662f\u4f7f\u7528\u81ea\u52a8\u6620\u50cf\u751f\u6210\u5668\u3002\u4ee5\u4e0b\u793a\u4f8b\u4f7f\u7528 Oz \u6620\u50cf\u751f\u6210\u5668\u3002OpenStack \u793e\u533a\u6700\u8fd1\u521b\u5efa\u4e86\u4e00\u4e2a\u503c\u5f97\u7814\u7a76\u7684\u65b0\u5de5\u5177\uff1adisk-image-builder\u3002\u6211\u4eec\u5c1a\u672a\u4ece\u5b89\u5168\u89d2\u5ea6\u8bc4\u4f30\u6b64\u5de5\u5177\u3002 RHEL 6 CCE-26976-1 \u793a\u4f8b\uff0c\u8fd9\u5c06\u6709\u52a9\u4e8e\u5728 OZ \u4e2d\u5b9e\u65bd NIST 800-53 \u7b2c AC-19\uff08d\uff09\u8282\u3002 <template> <name>centos64</name> <os> <name>RHEL-6</name> <version>4</version> <arch>x86_64</arch> <install type='iso'> <iso>http://trusted_local_iso_mirror/isos/x86_64/RHEL-6.4-x86_64-bin-DVD1.iso</iso> </install> <rootpw>CHANGE THIS TO YOUR ROOT PASSWORD</rootpw> </os> <description>RHEL 6.4 x86_64</description> <repositories> <repository name='epel-6'> <url>http://download.fedoraproject.org/pub/epel/6/$basearch</url> <signed>no</signed> </repository> </repositories> <packages> <package name='epel-release'/> <package name='cloud-utils'/> <package name='cloud-init'/> </packages> <commands> <command name='update'> yum update yum clean all rm -rf /var/log/yum sed -i '/^HWADDR/d' /etc/sysconfig/network-scripts/ifcfg-eth0 echo -n > /etc/udev/rules.d/70-persistent-net.rules echo -n > /lib/udev/rules.d/75-persistent-net-generator.rules chkconfig --level 0123456 autofs off service autofs stop </command> </commands> </template> \u5efa\u8bae\u907f\u514d\u624b\u52a8\u6620\u50cf\u6784\u5efa\u8fc7\u7a0b\uff0c\u56e0\u4e3a\u5b83\u5f88\u590d\u6742\u4e14\u5bb9\u6613\u51fa\u9519\u3002\u6b64\u5916\uff0c\u4f7f\u7528 Oz \u7b49\u81ea\u52a8\u5316\u7cfb\u7edf\u8fdb\u884c\u6620\u50cf\u6784\u5efa\uff0c\u6216\u4f7f\u7528 Chef \u6216 Puppet \u7b49\u914d\u7f6e\u7ba1\u7406\u5b9e\u7528\u7a0b\u5e8f\u8fdb\u884c\u542f\u52a8\u540e\u6620\u50cf\u5f3a\u5316\uff0c\u4f7f\u60a8\u80fd\u591f\u751f\u6210\u4e00\u81f4\u7684\u6620\u50cf\uff0c\u5e76\u8ddf\u8e2a\u57fa\u7840\u6620\u50cf\u5728\u4e00\u6bb5\u65f6\u95f4\u5185\u662f\u5426\u7b26\u5408\u5176\u5404\u81ea\u7684\u5f3a\u5316\u51c6\u5219\u3002 \u5982\u679c\u8ba2\u9605\u516c\u6709\u4e91\u670d\u52a1\uff0c\u5219\u5e94\u4e0e\u4e91\u63d0\u4f9b\u5546\u8054\u7cfb\uff0c\u4e86\u89e3\u7528\u4e8e\u751f\u6210\u5176\u9ed8\u8ba4\u6620\u50cf\u7684\u8fc7\u7a0b\u7684\u6982\u8ff0\u3002\u5982\u679c\u63d0\u4f9b\u5546\u5141\u8bb8\u60a8\u4e0a\u4f20\u81ea\u5df1\u7684\u6620\u50cf\uff0c\u5219\u9700\u8981\u786e\u4fdd\u5728\u4f7f\u7528\u6620\u50cf\u521b\u5efa\u5b9e\u4f8b\u4e4b\u524d\u80fd\u591f\u9a8c\u8bc1\u6620\u50cf\u662f\u5426\u672a\u88ab\u4fee\u6539\u3002\u4e3a\u6b64\uff0c\u8bf7\u53c2\u9605\u4ee5\u4e0b\u6709\u5173\u56fe\u50cf\u7b7e\u540d\u9a8c\u8bc1\u7684\u90e8\u5206\uff0c\u5982\u679c\u65e0\u6cd5\u4f7f\u7528\u7b7e\u540d\uff0c\u8bf7\u53c2\u9605\u4ee5\u4e0b\u6bb5\u843d\u3002 \u6620\u50cf\u4ece\u8282\u70b9\u4e0a\u7684\u6620\u50cf\u670d\u52a1\u4f20\u8f93\u5230\u8ba1\u7b97\u670d\u52a1\u3002\u5e94\u901a\u8fc7\u901a\u8fc7 TLS \u8fd0\u884c\u6765\u4fdd\u62a4\u6b64\u4f20\u8f93\u3002\u6620\u50cf\u4f4d\u4e8e\u8282\u70b9\u4e0a\u540e\uff0c\u5c06\u4f7f\u7528\u57fa\u672c\u6821\u9a8c\u548c\u5bf9\u5176\u8fdb\u884c\u9a8c\u8bc1\uff0c\u7136\u540e\u6839\u636e\u8981\u542f\u52a8\u7684\u5b9e\u4f8b\u7684\u5927\u5c0f\u6269\u5c55\u5176\u78c1\u76d8\u3002\u5982\u679c\u7a0d\u540e\u5728\u6b64\u8282\u70b9\u4e0a\u4ee5\u76f8\u540c\u7684\u5b9e\u4f8b\u5927\u5c0f\u542f\u52a8\u540c\u4e00\u6620\u50cf\uff0c\u5219\u4f1a\u4ece\u540c\u4e00\u6269\u5c55\u6620\u50cf\u542f\u52a8\u8be5\u6620\u50cf\u3002\u7531\u4e8e\u6b64\u6269\u5c55\u6620\u50cf\u5728\u542f\u52a8\u524d\u9ed8\u8ba4\u4e0d\u4f1a\u91cd\u65b0\u9a8c\u8bc1\uff0c\u56e0\u6b64\u5b83\u53ef\u80fd\u5df2\u88ab\u7be1\u6539\u3002\u9664\u975e\u5728\u751f\u6210\u7684\u6620\u50cf\u4e2d\u5bf9\u6587\u4ef6\u6267\u884c\u624b\u52a8\u68c0\u67e5\uff0c\u5426\u5219\u7528\u6237\u4e0d\u4f1a\u610f\u8bc6\u5230\u7be1\u6539\u3002 \u6620\u50cf\u7b7e\u540d\u9a8c\u8bc1 \u00b6 OpenStack \u4e2d\u73b0\u5728\u63d0\u4f9b\u4e86\u4e00\u4e9b\u4e0e\u6620\u50cf\u7b7e\u540d\u76f8\u5173\u7684\u529f\u80fd\u3002\u4ece Mitaka \u7248\u672c\u5f00\u59cb\uff0c\u6620\u50cf\u670d\u52a1\u53ef\u4ee5\u9a8c\u8bc1\u8fd9\u4e9b\u5df2\u7b7e\u540d\u7684\u6620\u50cf\uff0c\u5e76\u4e14\u4e3a\u4e86\u63d0\u4f9b\u5b8c\u6574\u7684\u4fe1\u4efb\u94fe\uff0c\u8ba1\u7b97\u670d\u52a1\u53ef\u4ee5\u9009\u62e9\u5728\u6620\u50cf\u542f\u52a8\u4e4b\u524d\u6267\u884c\u6620\u50cf\u7b7e\u540d\u9a8c\u8bc1\u3002\u5728\u6620\u50cf\u542f\u52a8\u4e4b\u524d\u6210\u529f\u8fdb\u884c\u7b7e\u540d\u9a8c\u8bc1\u53ef\u786e\u4fdd\u5df2\u7b7e\u540d\u7684\u6620\u50cf\u672a\u66f4\u6539\u3002\u542f\u7528\u6b64\u529f\u80fd\u540e\uff0c\u53ef\u4ee5\u68c0\u6d4b\u5230\u672a\u7ecf\u6388\u6743\u7684\u6620\u50cf\u4fee\u6539\uff08\u4f8b\u5982\uff0c\u4fee\u6539\u6620\u50cf\u4ee5\u5305\u542b\u6076\u610f\u8f6f\u4ef6\u6216 rootkit\uff09\u3002 \u7ba1\u7406\u5458\u53ef\u4ee5\u901a\u8fc7\u5728\u6587\u4ef6\u4e2d\u5c06 verify_glance_signatures \u6807\u5fd7\u8bbe\u7f6e\u4e3a\u6765 True \u542f\u7528\u5b9e\u4f8b\u7b7e\u540d /etc/nova/nova.conf \u9a8c\u8bc1\u3002\u542f\u7528\u540e\uff0c\u8ba1\u7b97\u670d\u52a1\u4f1a\u5728\u4ece\u5f71\u50cf\u670d\u52a1\u68c0\u7d22\u7b7e\u540d\u5b9e\u4f8b\u65f6\u81ea\u52a8\u5bf9\u5176\u8fdb\u884c\u9a8c\u8bc1\u3002\u5982\u679c\u6b64\u9a8c\u8bc1\u5931\u8d25\uff0c\u5219\u4e0d\u4f1a\u542f\u52a8\u3002\u300aOpenStack \u64cd\u4f5c\u6307\u5357\u300b\u63d0\u4f9b\u4e86\u6709\u5173\u5982\u4f55\u521b\u5efa\u548c\u4e0a\u4f20\u7b7e\u540d\u6620\u50cf\u4ee5\u53ca\u5982\u4f55\u4f7f\u7528\u6b64\u529f\u80fd\u7684\u6307\u5bfc\u3002\u6709\u5173\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u300a\u64cd\u4f5c\u6307\u5357\u300b\u4e2d\u7684\u6dfb\u52a0\u7b7e\u540d\u6620\u50cf\u3002 \u5b9e\u4f8b\u8fc1\u79fb \u00b6 OpenStack \u548c\u5e95\u5c42\u865a\u62df\u5316\u5c42\u63d0\u4f9b\u5728 OpenStack \u8282\u70b9\u4e4b\u95f4\u5b9e\u65f6\u8fc1\u79fb\u6620\u50cf\uff0c\u4f7f\u60a8\u80fd\u591f\u65e0\u7f1d\u5730\u6267\u884c OpenStack \u8ba1\u7b97\u8282\u70b9\u7684\u6eda\u52a8\u5347\u7ea7\uff0c\u800c\u65e0\u9700\u5b9e\u4f8b\u505c\u673a\u3002\u4f46\u662f\uff0c\u5b9e\u65f6\u8fc1\u79fb\u4e5f\u5b58\u5728\u91cd\u5927\u98ce\u9669\u3002\u82e5\u8981\u4e86\u89e3\u6240\u6d89\u53ca\u7684\u98ce\u9669\uff0c\u4ee5\u4e0b\u662f\u5728\u5b9e\u65f6\u8fc1\u79fb\u671f\u95f4\u6267\u884c\u7684\u9ad8\u7ea7\u6b65\u9aa4\uff1a \u5728\u76ee\u6807\u4e3b\u673a\u4e0a\u542f\u52a8\u5b9e\u4f8b \u4f20\u8f93\u5185\u5b58 \u505c\u6b62\u5ba2\u6237\u673a\u548c\u540c\u6b65\u78c1\u76d8 \u4f20\u8f93\u72b6\u6001 \u542f\u52a8\u5ba2\u6237\u673a \u5b9e\u65f6\u8fc1\u79fb\u98ce\u9669 \u00b6 \u5728\u5b9e\u65f6\u8fc1\u79fb\u8fc7\u7a0b\u7684\u5404\u4e2a\u9636\u6bb5\uff0c\u5b9e\u4f8b\u8fd0\u884c\u65f6\u3001\u5185\u5b58\u548c\u78c1\u76d8\u7684\u5185\u5bb9\u4ee5\u7eaf\u6587\u672c\u5f62\u5f0f\u901a\u8fc7\u7f51\u7edc\u4f20\u8f93\u3002\u56e0\u6b64\uff0c\u5728\u4f7f\u7528\u5b9e\u65f6\u8fc1\u79fb\u65f6\u9700\u8981\u89e3\u51b3\u4e00\u4e9b\u98ce\u9669\u3002\u4ee5\u4e0b\u8be6\u5c3d\u5217\u8868\u8be6\u7ec6\u4ecb\u7ecd\u4e86\u5176\u4e2d\u7684\u4e00\u4e9b\u98ce\u9669\uff1a \u62d2\u7edd\u670d\u52a1 \uff08DoS\uff09\uff1a\u5982\u679c\u5728\u8fc1\u79fb\u8fc7\u7a0b\u4e2d\u51fa\u73b0\u6545\u969c\uff0c\u5b9e\u4f8b\u53ef\u80fd\u4f1a\u4e22\u5931\u3002 \u6570\u636e\u6cc4\u9732\uff1a\u5fc5\u987b\u5b89\u5168\u5730\u5904\u7406\u5185\u5b58\u6216\u78c1\u76d8\u4f20\u8f93\u3002 \u6570\u636e\u64cd\u7eb5\uff1a\u5982\u679c\u5185\u5b58\u6216\u78c1\u76d8\u4f20\u8f93\u672a\u5f97\u5230\u5b89\u5168\u5904\u7406\uff0c\u5219\u653b\u51fb\u8005\u53ef\u4ee5\u5728\u8fc1\u79fb\u8fc7\u7a0b\u4e2d\u64cd\u7eb5\u7528\u6237\u6570\u636e\u3002 \u4ee3\u7801\u6ce8\u5165\uff1a\u5982\u679c\u5185\u5b58\u6216\u78c1\u76d8\u4f20\u8f93\u672a\u5f97\u5230\u5b89\u5168\u5904\u7406\uff0c\u5219\u653b\u51fb\u8005\u53ef\u4ee5\u5728\u8fc1\u79fb\u671f\u95f4\u64cd\u7eb5\u78c1\u76d8\u6216\u5185\u5b58\u4e2d\u7684\u53ef\u6267\u884c\u6587\u4ef6\u3002 \u5b9e\u65f6\u8fc1\u79fb\u7f13\u89e3\u63aa\u65bd \u00b6 \u6709\u51e0\u79cd\u65b9\u6cd5\u53ef\u4ee5\u7f13\u89e3\u4e0e\u5b9e\u65f6\u8fc1\u79fb\u76f8\u5173\u7684\u4e00\u4e9b\u98ce\u9669\uff0c\u4ee5\u4e0b\u5217\u8868\u8be6\u7ec6\u4ecb\u7ecd\u4e86\u5176\u4e2d\u7684\u4e00\u4e9b\u65b9\u6cd5\uff1a \u7981\u7528\u5b9e\u65f6\u8fc1\u79fb I\u9694\u79bb\u7684\u8fc1\u79fb\u7f51\u7edc \u52a0\u5bc6\u5b9e\u65f6\u8fc1\u79fb \u7981\u7528\u5b9e\u65f6\u8fc1\u79fb \u00b6 \u76ee\u524d\uff0cOpenStack \u4e2d\u9ed8\u8ba4\u542f\u7528\u5b9e\u65f6\u8fc1\u79fb\u3002\u53ef\u4ee5\u901a\u8fc7\u5411 nova policy.json \u6587\u4ef6\u6dfb\u52a0\u4ee5\u4e0b\u884c\u6765\u7981\u7528\u5b9e\u65f6\u8fc1\u79fb\uff1a { \"compute_extension:admin_actions:migrate\": \"!\", \"compute_extension:admin_actions:migrateLive\": \"!\", } \u8fc1\u79fb\u7f51\u7edc \u00b6 \u4e00\u822c\u505a\u6cd5\u662f\uff0c\u5b9e\u65f6\u8fc1\u79fb\u6d41\u91cf\u5e94\u9650\u5236\u5728\u7ba1\u7406\u5b89\u5168\u57df\u5185\uff0c\u8bf7\u53c2\u9605\u5b89\u5168\u8fb9\u754c\u548c\u5a01\u80c1\u3002\u5bf9\u4e8e\u5b9e\u65f6\u8fc1\u79fb\u6d41\u91cf\uff0c\u7531\u4e8e\u5176\u7eaf\u6587\u672c\u6027\u8d28\u4ee5\u53ca\u60a8\u6b63\u5728\u4f20\u8f93\u6b63\u5728\u8fd0\u884c\u7684\u5b9e\u4f8b\u7684\u78c1\u76d8\u548c\u5185\u5b58\u5185\u5bb9\uff0c\u56e0\u6b64\u5efa\u8bae\u60a8\u8fdb\u4e00\u6b65\u5c06\u5b9e\u65f6\u8fc1\u79fb\u6d41\u91cf\u5206\u79bb\u5230\u4e13\u7528\u7f51\u7edc\u4e0a\u3002\u5c06\u6d41\u91cf\u9694\u79bb\u5230\u4e13\u7528\u7f51\u7edc\u53ef\u4ee5\u964d\u4f4e\u66b4\u9732\u98ce\u9669\u3002 \u52a0\u5bc6\u5b9e\u65f6\u8fc1\u79fb \u00b6 \u5982\u679c\u6709\u8db3\u591f\u7684\u4e1a\u52a1\u6848\u4f8b\u6765\u4fdd\u6301\u5b9e\u65f6\u8fc1\u79fb\u7684\u542f\u7528\u72b6\u6001\uff0c\u5219 libvirtd \u53ef\u4ee5\u4e3a\u5b9e\u65f6\u8fc1\u79fb\u63d0\u4f9b\u52a0\u5bc6\u96a7\u9053\u3002\u4f46\u662f\uff0c\u6b64\u529f\u80fd\u76ee\u524d\u5c1a\u672a\u5728 OpenStack Dashboard \u6216 nova-client \u547d\u4ee4\u4e2d\u516c\u5f00\uff0c\u53ea\u80fd\u901a\u8fc7\u624b\u52a8\u914d\u7f6e libvirtd \u6765\u8bbf\u95ee\u3002\u7136\u540e\uff0c\u5b9e\u65f6\u8fc1\u79fb\u8fc7\u7a0b\u5c06\u66f4\u6539\u4e3a\u4ee5\u4e0b\u9ad8\u7ea7\u6b65\u9aa4\uff1a \u5b9e\u4f8b\u6570\u636e\u4ece\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u590d\u5236\u5230 libvirtd\u3002 \u5728\u6e90\u4e3b\u673a\u548c\u76ee\u6807\u4e3b\u673a\u4e0a\u7684 libvirtd \u8fdb\u7a0b\u4e4b\u95f4\u521b\u5efa\u52a0\u5bc6\u96a7\u9053\u3002 \u76ee\u6807 libvirtd \u4e3b\u673a\u5c06\u5b9e\u4f8b\u590d\u5236\u56de\u5e95\u5c42\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002 \u76d1\u63a7\u3001\u544a\u8b66\u548c\u62a5\u544a \u00b6 \u7531\u4e8e OpenStack \u865a\u62df\u673a\u662f\u80fd\u591f\u8de8\u4e3b\u673a\u590d\u5236\u7684\u670d\u52a1\u5668\u6620\u50cf\uff0c\u56e0\u6b64\u65e5\u5fd7\u8bb0\u5f55\u7684\u6700\u4f73\u5b9e\u8df5\u540c\u6837\u9002\u7528\u4e8e\u7269\u7406\u4e3b\u673a\u548c\u865a\u62df\u4e3b\u673a\u3002\u5e94\u8bb0\u5f55\u64cd\u4f5c\u7cfb\u7edf\u7ea7\u548c\u5e94\u7528\u7a0b\u5e8f\u7ea7\u4e8b\u4ef6\uff0c\u5305\u62ec\u5bf9\u4e3b\u673a\u548c\u6570\u636e\u7684\u8bbf\u95ee\u4e8b\u4ef6\u3001\u7528\u6237\u6dfb\u52a0\u548c\u5220\u9664\u3001\u6743\u9650\u66f4\u6539\u4ee5\u53ca\u73af\u5883\u89c4\u5b9a\u7684\u5176\u4ed6\u4e8b\u4ef6\u3002\u7406\u60f3\u60c5\u51b5\u4e0b\uff0c\u60a8\u53ef\u4ee5\u5c06\u8fd9\u4e9b\u65e5\u5fd7\u914d\u7f6e\u4e3a\u5bfc\u51fa\u5230\u65e5\u5fd7\u805a\u5408\u5668\uff0c\u8be5\u805a\u5408\u5668\u6536\u96c6\u65e5\u5fd7\u4e8b\u4ef6\uff0c\u5c06\u5b83\u4eec\u5173\u8054\u8d77\u6765\u8fdb\u884c\u5206\u6790\uff0c\u5e76\u5b58\u50a8\u5b83\u4eec\u4ee5\u4f9b\u53c2\u8003\u6216\u8fdb\u4e00\u6b65\u64cd\u4f5c\u3002\u5b9e\u73b0\u6b64\u76ee\u7684\u7684\u4e00\u4e2a\u5e38\u89c1\u5de5\u5177\u662f ELK \u5806\u6808\uff0c\u5373 Elasticsearch\u3001Logstash \u548c Kibana\u3002 \u5e94\u5b9a\u671f\u67e5\u770b\u8fd9\u4e9b\u65e5\u5fd7\uff0c\u4f8b\u5982\u7531\u7f51\u7edc\u8fd0\u8425\u4e2d\u5fc3 \uff08NOC\uff09 \u5b9e\u65f6\u67e5\u770b\uff0c\u6216\u8005\u5982\u679c\u73af\u5883\u4e0d\u591f\u5927\u800c\u4e0d\u9700\u8981 NOC\uff0c\u5219\u65e5\u5fd7\u5e94\u5b9a\u671f\u8fdb\u884c\u65e5\u5fd7\u5ba1\u67e5\u8fc7\u7a0b\u3002 \u5f88\u591a\u65f6\u5019\uff0c\u6709\u8da3\u7684\u4e8b\u4ef6\u4f1a\u89e6\u53d1\u8b66\u62a5\uff0c\u8be5\u8b66\u62a5\u5c06\u53d1\u9001\u7ed9\u54cd\u5e94\u65b9\u4ee5\u91c7\u53d6\u884c\u52a8\u3002\u901a\u5e38\uff0c\u6b64\u8b66\u62a5\u91c7\u7528\u5305\u542b\u76f8\u5173\u6d88\u606f\u7684\u7535\u5b50\u90ae\u4ef6\u5f62\u5f0f\u3002\u4e00\u4e2a\u6709\u8da3\u7684\u4e8b\u4ef6\u53ef\u80fd\u662f\u91cd\u5927\u6545\u969c\uff0c\u4e5f\u53ef\u80fd\u662f\u6302\u8d77\u6545\u969c\u7684\u5df2\u77e5\u8fd0\u884c\u72b6\u51b5\u6307\u793a\u5668\u3002\u7528\u4e8e\u7ba1\u7406\u544a\u8b66\u7684\u4e24\u4e2a\u5e38\u89c1\u5b9e\u7528\u7a0b\u5e8f\u662f Nagios \u548c Zabbix\u3002 \u66f4\u65b0\u548c\u8865\u4e01 \u00b6 \u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u8fd0\u884c\u72ec\u7acb\u7684\u865a\u62df\u673a\u3002\u6b64\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u53ef\u4ee5\u5728\u64cd\u4f5c\u7cfb\u7edf\u4e2d\u8fd0\u884c\uff0c\u4e5f\u53ef\u4ee5\u76f4\u63a5\u5728\u786c\u4ef6\u4e0a\u8fd0\u884c\uff08\u79f0\u4e3a\u88f8\u673a\uff09\u3002\u5bf9\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u7684\u66f4\u65b0\u4e0d\u4f1a\u5411\u4e0b\u4f20\u64ad\u5230\u865a\u62df\u673a\u3002\u4f8b\u5982\uff0c\u5982\u679c\u90e8\u7f72\u4f7f\u7528\u7684\u662f XenServer\uff0c\u5e76\u4e14\u5177\u6709\u4e00\u7ec4 Debian \u865a\u62df\u673a\uff0c\u5219\u5bf9 XenServer \u7684\u66f4\u65b0\u4e0d\u4f1a\u66f4\u65b0 Debian \u865a\u62df\u673a\u4e0a\u8fd0\u884c\u7684\u4efb\u4f55\u5185\u5bb9\u3002 \u56e0\u6b64\uff0c\u6211\u4eec\u5efa\u8bae\u5206\u914d\u865a\u62df\u673a\u7684\u660e\u786e\u6240\u6709\u6743\uff0c\u5e76\u7531\u8fd9\u4e9b\u6240\u6709\u8005\u8d1f\u8d23\u865a\u62df\u673a\u7684\u5f3a\u5316\u3001\u90e8\u7f72\u548c\u6301\u7eed\u529f\u80fd\u3002\u6211\u4eec\u8fd8\u5efa\u8bae\u5b9a\u671f\u90e8\u7f72\u66f4\u65b0\u3002\u8fd9\u4e9b\u8865\u4e01\u5e94\u5728\u5c3d\u53ef\u80fd\u63a5\u8fd1\u751f\u4ea7\u73af\u5883\u7684\u73af\u5883\u4e2d\u8fdb\u884c\u6d4b\u8bd5\uff0c\u4ee5\u786e\u4fdd\u8865\u4e01\u80cc\u540e\u7684\u95ee\u9898\u7684\u7a33\u5b9a\u6027\u548c\u89e3\u51b3\u65b9\u6848\u3002 \u9632\u706b\u5899\u548c\u5176\u4ed6\u57fa\u4e8e\u4e3b\u673a\u7684\u5b89\u5168\u63a7\u5236 \u00b6 \u6700\u5e38\u89c1\u7684\u64cd\u4f5c\u7cfb\u7edf\u5305\u62ec\u57fa\u4e8e\u4e3b\u673a\u7684\u9632\u706b\u5899\uff0c\u4ee5\u63d0\u9ad8\u5b89\u5168\u6027\u3002\u867d\u7136\u6211\u4eec\u5efa\u8bae\u865a\u62df\u673a\u8fd0\u884c\u5c3d\u53ef\u80fd\u5c11\u7684\u5e94\u7528\u7a0b\u5e8f\uff08\u5982\u679c\u53ef\u80fd\u7684\u8bdd\uff0c\u8fbe\u5230\u5355\u4e00\u7528\u9014\u5b9e\u4f8b\u7684\u7a0b\u5ea6\uff09\uff0c\u4f46\u5e94\u5206\u6790\u865a\u62df\u673a\u4e0a\u8fd0\u884c\u7684\u6240\u6709\u5e94\u7528\u7a0b\u5e8f\uff0c\u4ee5\u786e\u5b9a\u5e94\u7528\u7a0b\u5e8f\u9700\u8981\u8bbf\u95ee\u54ea\u4e9b\u7cfb\u7edf\u8d44\u6e90\u3001\u8fd0\u884c\u6240\u9700\u7684\u6700\u4f4e\u7279\u6743\u7ea7\u522b\uff0c\u4ee5\u53ca\u5c06\u8fdb\u51fa\u865a\u62df\u673a\u7684\u9884\u671f\u7f51\u7edc\u6d41\u91cf\u3002\u6b64\u9884\u671f\u6d41\u91cf\u5e94\u4f5c\u4e3a\u5141\u8bb8\u7684\u6d41\u91cf\uff08\u6216\u5217\u5165\u767d\u540d\u5355\uff09\u6dfb\u52a0\u5230\u57fa\u4e8e\u4e3b\u673a\u7684\u9632\u706b\u5899\u4e2d\uff0c\u4ee5\u53ca\u4efb\u4f55\u5fc5\u8981\u7684\u65e5\u5fd7\u8bb0\u5f55\u548c\u7ba1\u7406\u901a\u4fe1\uff0c\u4f8b\u5982 SSH \u6216 RDP\u3002\u5e94\u5728\u9632\u706b\u5899\u914d\u7f6e\u4e2d\u660e\u786e\u62d2\u7edd\u6240\u6709\u5176\u4ed6\u6d41\u91cf\u3002 \u5728 Linux \u865a\u62df\u673a\u4e0a\uff0c\u4e0a\u8ff0\u5e94\u7528\u7a0b\u5e8f\u914d\u7f6e\u6587\u4ef6\u53ef\u4ee5\u4e0e audit2allow \u7b49\u5de5\u5177\u7ed3\u5408\u4f7f\u7528\uff0c\u4ee5\u6784\u5efa SELinux \u7b56\u7565\uff0c\u4ee5\u8fdb\u4e00\u6b65\u4fdd\u62a4\u5927\u591a\u6570 Linux \u53d1\u884c\u7248\u4e0a\u7684\u654f\u611f\u7cfb\u7edf\u4fe1\u606f\u3002SELinux \u4f7f\u7528\u7528\u6237\u3001\u7b56\u7565\u548c\u5b89\u5168\u4e0a\u4e0b\u6587\u7684\u7ec4\u5408\u6765\u5212\u5206\u5e94\u7528\u7a0b\u5e8f\u8fd0\u884c\u6240\u9700\u7684\u8d44\u6e90\uff0c\u5e76\u5c06\u5176\u4e0e\u5176\u4ed6\u4e0d\u9700\u8981\u7684\u7cfb\u7edf\u8d44\u6e90\u533a\u5206\u5f00\u6765\u3002 OpenStack \u4e3a\u4e3b\u673a\u548c\u7f51\u7edc\u63d0\u4f9b\u5b89\u5168\u7ec4\uff0c\u4ee5\u589e\u52a0\u5bf9\u7ed9\u5b9a\u9879\u76ee\u4e2d\u865a\u62df\u673a\u7684\u6df1\u5ea6\u9632\u5fa1\u3002\u8fd9\u4e9b\u89c4\u5219\u7c7b\u4f3c\u4e8e\u57fa\u4e8e\u4e3b\u673a\u7684\u9632\u706b\u5899\uff0c\u56e0\u4e3a\u5b83\u4eec\u6839\u636e\u7aef\u53e3\u3001\u534f\u8bae\u548c\u5730\u5740\u5141\u8bb8\u6216\u62d2\u7edd\u4f20\u5165\u6d41\u91cf\uff0c\u4f46\u5b89\u5168\u7ec4\u89c4\u5219\u4ec5\u9002\u7528\u4e8e\u4f20\u5165\u6d41\u91cf\uff0c\u800c\u57fa\u4e8e\u4e3b\u673a\u7684\u9632\u706b\u5899\u89c4\u5219\u80fd\u591f\u5e94\u7528\u4e8e\u4f20\u5165\u548c\u4f20\u51fa\u6d41\u91cf\u3002\u4e3b\u673a\u548c\u7f51\u7edc\u5b89\u5168\u7ec4\u89c4\u5219\u4e5f\u53ef\u80fd\u53d1\u751f\u51b2\u7a81\u5e76\u62d2\u7edd\u5408\u6cd5\u6d41\u91cf\u3002\u6211\u4eec\u5efa\u8bae\u786e\u4fdd\u4e3a\u6b63\u5728\u4f7f\u7528\u7684\u7f51\u7edc\u6b63\u786e\u914d\u7f6e\u5b89\u5168\u7ec4\u3002\u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u672c\u6307\u5357\u4e2d\u7684\u5b89\u5168\u7ec4\u3002 \u76d1\u89c6\u548c\u65e5\u5fd7\u8bb0\u5f55 \u00b6 \u5728\u4e91\u73af\u5883\u4e2d\uff0c\u786c\u4ef6\u3001\u64cd\u4f5c\u7cfb\u7edf\u3001\u865a\u62df\u673a\u7ba1\u7406\u5668\u3001OpenStack \u670d\u52a1\u3001\u4e91\u7528\u6237\u6d3b\u52a8\uff08\u4f8b\u5982\u521b\u5efa\u5b9e\u4f8b\u548c\u9644\u52a0\u5b58\u50a8\uff09\u3001\u7f51\u7edc\u4ee5\u53ca\u4f7f\u7528\u5728\u5404\u79cd\u5b9e\u4f8b\u4e0a\u8fd0\u884c\u7684\u5e94\u7528\u7a0b\u5e8f\u7684\u6700\u7ec8\u7528\u6237\u6df7\u5408\u5728\u4e00\u8d77\u3002 \u65e5\u5fd7\u8bb0\u5f55\u7684\u57fa\u7840\u77e5\u8bc6\uff1a\u914d\u7f6e\u3001\u8bbe\u7f6e\u65e5\u5fd7\u7ea7\u522b\u3001\u65e5\u5fd7\u6587\u4ef6\u7684\u4f4d\u7f6e\u3001\u5982\u4f55\u4f7f\u7528\u548c\u81ea\u5b9a\u4e49\u65e5\u5fd7\uff0c\u4ee5\u53ca\u5982\u4f55\u96c6\u4e2d\u6536\u96c6\u65e5\u5fd7\uff0c\u8fd9\u4e9b\u5728 OpenStack \u64cd\u4f5c\u6307\u5357\u4e2d\u90fd\u6709\u5f88\u597d\u7684\u4ecb\u7ecd\u3002 \u53d6\u8bc1\u548c\u4e8b\u4ef6\u54cd\u5e94 \u76d1\u63a7\u7528\u4f8b \u53c2\u8003\u4e66\u76ee \u53d6\u8bc1\u548c\u4e8b\u4ef6\u54cd\u5e94 \u00b6 \u65e5\u5fd7\u7684\u751f\u6210\u548c\u6536\u96c6\u662f\u5b89\u5168\u76d1\u63a7 OpenStack \u57fa\u7840\u67b6\u6784\u7684\u91cd\u8981\u7ec4\u6210\u90e8\u5206\u3002\u65e5\u5fd7\u63d0\u4f9b\u5bf9\u7ba1\u7406\u5458\u3001\u79df\u6237\u548c\u6765\u5bbe\u65e5\u5e38\u64cd\u4f5c\u7684\u53ef\u89c1\u6027\uff0c\u4ee5\u53ca\u8ba1\u7b97\u3001\u7f51\u7edc\u548c\u5b58\u50a8\u4ee5\u53ca\u6784\u6210 OpenStack \u90e8\u7f72\u7684\u5176\u4ed6\u7ec4\u4ef6\u4e2d\u7684\u6d3b\u52a8\u3002 \u65e5\u5fd7\u4e0d\u4ec5\u5bf9\u4e3b\u52a8\u5b89\u5168\u548c\u6301\u7eed\u5408\u89c4\u6027\u6d3b\u52a8\u5f88\u6709\u4ef7\u503c\uff0c\u800c\u4e14\u4e5f\u662f\u8c03\u67e5\u548c\u54cd\u5e94\u4e8b\u4ef6\u7684\u5b9d\u8d35\u4fe1\u606f\u6e90\u3002 \u4f8b\u5982\uff0c\u5206\u6790\u8eab\u4efd\u670d\u52a1\u6216\u5176\u66ff\u4ee3\u8eab\u4efd\u9a8c\u8bc1\u7cfb\u7edf\u7684\u8bbf\u95ee\u65e5\u5fd7\u4f1a\u63d0\u9192\u6211\u4eec\u767b\u5f55\u5931\u8d25\u3001\u9891\u7387\u3001\u6e90 IP\u3001\u4e8b\u4ef6\u662f\u5426\u4ec5\u9650\u4e8e\u9009\u62e9\u5e10\u6237\u548c\u5176\u4ed6\u76f8\u5173\u4fe1\u606f\u3002\u65e5\u5fd7\u5206\u6790\u652f\u6301\u68c0\u6d4b\u3002 \u53ef\u4ee5\u91c7\u53d6\u63aa\u65bd\u6765\u7f13\u89e3\u6f5c\u5728\u7684\u6076\u610f\u6d3b\u52a8\uff0c\u4f8b\u5982\u5c06 IP \u5730\u5740\u5217\u5165\u9ed1\u540d\u5355\u3001\u5efa\u8bae\u52a0\u5f3a\u7528\u6237\u5bc6\u7801\u6216\u505c\u7528\u88ab\u89c6\u4e3a\u4f11\u7720\u7684\u7528\u6237\u5e10\u6237\u3002 \u76d1\u63a7\u7528\u4f8b \u00b6 \u4e8b\u4ef6\u76d1\u63a7\u662f\u4e00\u79cd\u66f4\u4e3b\u52a8\u7684\u65b9\u6cd5\uff0c\u53ef\u4ee5\u4fdd\u62a4\u73af\u5883\uff0c\u63d0\u4f9b\u5b9e\u65f6\u68c0\u6d4b\u548c\u54cd\u5e94\u3002\u6709\u51e0\u79cd\u5de5\u5177\u53ef\u4ee5\u5e2e\u52a9\u8fdb\u884c\u76d1\u63a7\u3002 \u5bf9\u4e8eOpenStack\u4e91\u5b9e\u4f8b\uff0c\u6211\u4eec\u9700\u8981\u76d1\u63a7\u786c\u4ef6\u3001OpenStack\u670d\u52a1\u548c\u4e91\u8d44\u6e90\u4f7f\u7528\u60c5\u51b5\u3002\u540e\u8005\u6e90\u4e8e\u5e0c\u671b\u5177\u6709\u5f39\u6027\uff0c\u4ee5\u9002\u5e94\u7528\u6237\u7684\u52a8\u6001\u9700\u6c42\u3002 \u4ee5\u4e0b\u662f\u5728\u5b9e\u65bd\u65e5\u5fd7\u805a\u5408\u3001\u5206\u6790\u548c\u76d1\u63a7\u65f6\u9700\u8981\u8003\u8651\u7684\u51e0\u4e2a\u91cd\u8981\u7528\u4f8b\u3002\u8fd9\u4e9b\u7528\u4f8b\u53ef\u4ee5\u901a\u8fc7\u5404\u79cd\u5e94\u7528\u7a0b\u5e8f\u3001\u5de5\u5177\u6216\u811a\u672c\u6765\u5b9e\u73b0\u548c\u76d1\u63a7\u3002\u6709\u5f00\u6e90\u548c\u5546\u4e1a\u89e3\u51b3\u65b9\u6848\uff0c\u4e00\u4e9b\u8fd0\u8425\u5546\u5f00\u53d1\u81ea\u5df1\u7684\u5185\u90e8\u89e3\u51b3\u65b9\u6848\u3002\u8fd9\u4e9b\u5de5\u5177\u548c\u811a\u672c\u53ef\u4ee5\u751f\u6210\u4e8b\u4ef6\uff0c\u8fd9\u4e9b\u4e8b\u4ef6\u53ef\u4ee5\u901a\u8fc7\u7535\u5b50\u90ae\u4ef6\u53d1\u9001\u7ed9\u7ba1\u7406\u5458\u6216\u5728\u96c6\u6210\u4eea\u8868\u677f\u4e2d\u67e5\u770b\u3002\u8bf7\u52a1\u5fc5\u8003\u8651\u53ef\u80fd\u9002\u7528\u4e8e\u60a8\u7684\u7279\u5b9a\u7f51\u7edc\u7684\u5176\u4ed6\u7528\u4f8b\uff0c\u4ee5\u53ca\u60a8\u53ef\u80fd\u8ba4\u4e3a\u7684\u5f02\u5e38\u884c\u4e3a\u3002 \u68c0\u6d4b\u65e5\u5fd7\u751f\u6210\u7f3a\u5931\u662f\u4e00\u4e2a\u5177\u6709\u5f88\u9ad8\u4ef7\u503c\u7684\u4e8b\u4ef6\u3002\u6b64\u7c7b\u4e8b\u4ef6\u5c06\u8868\u660e\u670d\u52a1\u5931\u8d25\uff0c\u751a\u81f3\u8868\u793a\u5165\u4fb5\u8005\u6682\u65f6\u5173\u95ed\u4e86\u65e5\u5fd7\u8bb0\u5f55\u6216\u4fee\u6539\u4e86\u65e5\u5fd7\u7ea7\u522b\u4ee5\u9690\u85cf\u5176\u8e2a\u8ff9\u3002 \u5e94\u7528\u7a0b\u5e8f\u4e8b\u4ef6\uff08\u5982\u8ba1\u5212\u5916\u7684\u542f\u52a8\u6216\u505c\u6b62\u4e8b\u4ef6\uff09\u4e5f\u662f\u8981\u76d1\u89c6\u548c\u68c0\u67e5\u53ef\u80fd\u7684\u5b89\u5168\u9690\u60a3\u7684\u4e8b\u4ef6\u3002 OpenStack \u670d\u52a1\u673a\u5668\u4e0a\u7684\u64cd\u4f5c\u7cfb\u7edf\u4e8b\u4ef6\uff08\u5982\u7528\u6237\u767b\u5f55\u6216\u91cd\u65b0\u542f\u52a8\uff09\u4e5f\u4e3a\u7cfb\u7edf\u7684\u6b63\u786e\u548c\u4e0d\u5f53\u4f7f\u7528\u63d0\u4f9b\u4e86\u6709\u4ef7\u503c\u7684\u89c1\u89e3\u3002 \u80fd\u591f\u68c0\u6d4bOpenStack\u670d\u52a1\u5668\u4e0a\u7684\u8d1f\u8f7d\u8fd8\u53ef\u4ee5\u901a\u8fc7\u5f15\u5165\u5176\u4ed6\u670d\u52a1\u5668\u8fdb\u884c\u8d1f\u8f7d\u5e73\u8861\u6765\u505a\u51fa\u54cd\u5e94\uff0c\u4ee5\u786e\u4fdd\u9ad8\u53ef\u7528\u6027\u3002 \u5176\u4ed6\u53ef\u64cd\u4f5c\u7684\u4e8b\u4ef6\u5305\u62ec\u7f51\u7edc\u7f51\u6865\u5173\u95ed\u3001\u8ba1\u7b97\u8282\u70b9\u4e0a\u7684 IP \u8868\u88ab\u5237\u65b0\uff0c\u4ee5\u53ca\u968f\u4e4b\u800c\u6765\u7684\u5bf9\u5b9e\u4f8b\u7684\u8bbf\u95ee\u4e22\u5931\uff0c\u5bfc\u81f4\u5ba2\u6237\u4e0d\u6ee1\u610f\u3002 \u4e3a\u4e86\u964d\u4f4e\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u5220\u9664\u7528\u6237\u3001\u79df\u6237\u6216\u57df\u65f6\u5b64\u7acb\u5b9e\u4f8b\u7684\u5b89\u5168\u98ce\u9669\uff0c\u6211\u4eec\u8ba8\u8bba\u4e86\u5728\u7cfb\u7edf\u4e2d\u751f\u6210\u901a\u77e5\uff0c\u5e76\u8ba9 OpenStack \u7ec4\u4ef6\u9002\u5f53\u5730\u54cd\u5e94\u8fd9\u4e9b\u4e8b\u4ef6\uff0c\u4f8b\u5982\u7ec8\u6b62\u5b9e\u4f8b\u3001\u65ad\u5f00\u8fde\u63a5\u7684\u5377\u3001\u56de\u6536 CPU \u548c\u5b58\u50a8\u8d44\u6e90\u7b49\u3002 \u4e91\u5c06\u6258\u7ba1\u8bb8\u591a\u865a\u62df\u5b9e\u4f8b\uff0c\u5e76\u4e14\u76d1\u89c6\u8fd9\u4e9b\u5b9e\u4f8b\u8d85\u51fa\u4e86\u53ef\u80fd\u4ec5\u5305\u542b CRUD \u4e8b\u4ef6\u7684\u786c\u4ef6\u76d1\u89c6\u548c\u65e5\u5fd7\u6587\u4ef6\u3002 \u5b89\u5168\u76d1\u63a7\u63a7\u5236\uff08\u5982\u5165\u4fb5\u68c0\u6d4b\u8f6f\u4ef6\u3001\u9632\u75c5\u6bd2\u8f6f\u4ef6\u4ee5\u53ca\u95f4\u8c0d\u8f6f\u4ef6\u68c0\u6d4b\u548c\u5220\u9664\u5b9e\u7528\u7a0b\u5e8f\uff09\u53ef\u4ee5\u751f\u6210\u65e5\u5fd7\uff0c\u663e\u793a\u653b\u51fb\u6216\u5165\u4fb5\u53d1\u751f\u7684\u65f6\u95f4\u548c\u65b9\u5f0f\u3002\u5728\u4e91\u8ba1\u7b97\u673a\u4e0a\u90e8\u7f72\u8fd9\u4e9b\u5de5\u5177\u53ef\u63d0\u4f9b\u4ef7\u503c\u548c\u4fdd\u62a4\u3002\u4e91\u7528\u6237\uff0c\u5373\u5728\u4e91\u4e0a\u8fd0\u884c\u5b9e\u4f8b\u7684\u7528\u6237\uff0c\u53ef\u80fd\u4e5f\u5e0c\u671b\u5728\u5176\u5b9e\u4f8b\u4e0a\u8fd0\u884c\u6b64\u7c7b\u5de5\u5177\u3002 \u53c2\u8003\u4e66\u76ee \u00b6 Siwczak, Piotr\uff0c\u5728 OpenStack \u4e91\u4e2d\u8fdb\u884c\u76d1\u63a7\u7684\u4e00\u4e9b\u5b9e\u9645\u6ce8\u610f\u4e8b\u9879\u30022012. blog.sflow.com\uff0c sflow\uff1a\u4e3b\u673a sFlow \u5206\u5e03\u5f0f\u4ee3\u7406\u30022012. blog.sflow.com\uff0csflow\uff1aLAN \u548c WAN\u30022009. blog.sflow.com\u3001sflow\uff1a\u5feb\u901f\u68c0\u6d4b\u5927\u6d41\u91cf sFlow \u4e0e NetFlow/IPFIX\u30022013. \u5408\u89c4 \u00b6 OpenStack \u90e8\u7f72\u53ef\u80fd\u9700\u8981\u51fa\u4e8e\u591a\u79cd\u76ee\u7684\u8fdb\u884c\u5408\u89c4\u6027\u6d3b\u52a8\uff0c\u4f8b\u5982\u6cd5\u89c4\u548c\u6cd5\u5f8b\u8981\u6c42\u3001\u5ba2\u6237\u9700\u6c42\u3001\u9690\u79c1\u6ce8\u610f\u4e8b\u9879\u548c\u5b89\u5168\u6700\u4f73\u5b9e\u8df5\u3002\u5408\u89c4\u529f\u80fd\u5bf9\u4f01\u4e1a\u53ca\u5176\u5ba2\u6237\u5f88\u91cd\u8981\u3002\u5408\u89c4\u610f\u5473\u7740\u9075\u5b88\u6cd5\u89c4\u3001\u89c4\u8303\u3001\u6807\u51c6\u548c\u6cd5\u5f8b\u3002\u5b83\u8fd8\u7528\u4e8e\u63cf\u8ff0\u6709\u5173\u8bc4\u4f30\u3001\u5ba1\u6838\u548c\u8ba4\u8bc1\u7684\u7ec4\u7ec7\u72b6\u6001\u3002\u5982\u679c\u64cd\u4f5c\u5f97\u5f53\uff0c\u5408\u89c4\u6027\u53ef\u4ee5\u7edf\u4e00\u548c\u52a0\u5f3a\u672c\u6307\u5357\u4e2d\u8ba8\u8bba\u7684\u5176\u4ed6\u5b89\u5168\u4e3b\u9898\u3002 \u672c\u7ae0\u6709\u51e0\u4e2a\u76ee\u6807\uff1a \u67e5\u770b\u5e38\u89c1\u7684\u5b89\u5168\u539f\u5219\u3002 \u8ba8\u8bba\u5e38\u89c1\u7684\u63a7\u5236\u6846\u67b6\u548c\u8ba4\u8bc1\u8d44\u6e90\uff0c\u4ee5\u5b9e\u73b0\u884c\u4e1a\u8ba4\u8bc1\u6216\u76d1\u7ba1\u673a\u6784\u8ba4\u8bc1\u3002 \u5728\u8bc4\u4f30 OpenStack \u90e8\u7f72\u65f6\uff0c\u53ef\u4f5c\u4e3a\u5ba1\u8ba1\u4eba\u5458\u7684\u53c2\u8003\u3002 \u4ecb\u7ecd\u7279\u5b9a\u4e8e OpenStack \u548c\u4e91\u73af\u5883\u7684\u9690\u79c1\u6ce8\u610f\u4e8b\u9879\u3002 \u5408\u89c4\u6027\u6982\u8ff0 \u5b89\u5168\u539f\u5219 \u5e38\u89c1\u63a7\u5236\u6846\u67b6 \u5ba1\u6838\u53c2\u8003 \u4e86\u89e3\u5ba1\u6838\u6d41\u7a0b \u786e\u5b9a\u5ba1\u8ba1\u8303\u56f4 \u5ba1\u8ba1\u9636\u6bb5 \u5185\u90e8\u5ba1\u8ba1 \u51c6\u5907\u5916\u90e8\u5ba1\u8ba1 \u5916\u90e8\u5ba1\u8ba1 \u5408\u89c4\u6027\u7ef4\u62a4 \u5408\u89c4\u6d3b\u52a8 \u4fe1\u606f\u5b89\u5168\u7ba1\u7406\u7cfb\u7edf\uff08ISMS\uff09 \u98ce\u9669\u8bc4\u4f30 \u8bbf\u95ee\u548c\u65e5\u5fd7\u5ba1\u67e5 \u5907\u4efd\u548c\u707e\u96be\u6062\u590d \u5b89\u5168\u57f9\u8bad \u5b89\u5168\u5ba1\u67e5 \u6f0f\u6d1e\u7ba1\u7406 \u6570\u636e\u5206\u7c7b \u5f02\u5e38\u8fc7\u7a0b \u8ba4\u8bc1\u548c\u5408\u89c4\u58f0\u660e \u5546\u4e1a\u6807\u51c6 \u653f\u5e9c\u6807\u51c6 \u9690\u79c1 \u5408\u89c4\u6027\u6982\u8ff0 \u00b6 \u5b89\u5168\u539f\u5219 \u00b6 \u884c\u4e1a\u6807\u51c6\u5b89\u5168\u539f\u5219\u4e3a\u5408\u89c4\u6027\u8ba4\u8bc1\u548c\u8bc1\u660e\u63d0\u4f9b\u4e86\u57fa\u51c6\u3002\u5982\u679c\u5728\u6574\u4e2a OpenStack \u90e8\u7f72\u8fc7\u7a0b\u4e2d\u8003\u8651\u548c\u5f15\u7528\u8fd9\u4e9b\u539f\u5219\uff0c\u5219\u53ef\u4ee5\u7b80\u5316\u8ba4\u8bc1\u6d3b\u52a8\u3002 \u5206\u5c42\u9632\u5fa1 \u00b6 \u786e\u5b9a\u4e91\u67b6\u6784\u4e2d\u5b58\u5728\u98ce\u9669\u7684\u4f4d\u7f6e\uff0c\u5e76\u5e94\u7528\u63a7\u5236\u63aa\u65bd\u6765\u964d\u4f4e\u98ce\u9669\u3002\u5728\u91cd\u5927\u5173\u6ce8\u9886\u57df\uff0c\u5206\u5c42\u9632\u5fa1\u63d0\u4f9b\u591a\u79cd\u4e92\u8865\u63a7\u5236\uff0c\u5c06\u98ce\u9669\u7ba1\u7406\u5230\u53ef\u63a5\u53d7\u7684\u6c34\u5e73\u3002\u4f8b\u5982\uff0c\u4e3a\u4e86\u786e\u4fdd\u4e91\u79df\u6237\u4e4b\u95f4\u7684\u5145\u5206\u9694\u79bb\uff0c\u6211\u4eec\u5efa\u8bae\u5f3a\u5316 QEMU\uff0c\u4f7f\u7528\u652f\u6301 SELinux \u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\uff0c\u5b9e\u65bd\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236\u7b56\u7565\uff0c\u5e76\u51cf\u5c11\u6574\u4f53\u653b\u51fb\u9762\u3002\u57fa\u672c\u539f\u5219\u662f\u7528\u591a\u5c42\u9632\u5fa1\u6765\u5f3a\u5316\u5173\u6ce8\u533a\u57df\uff0c\u8fd9\u6837\uff0c\u5982\u679c\u4efb\u4f55\u4e00\u5c42\u53d7\u5230\u635f\u5bb3\uff0c\u5176\u4ed6\u5c42\u5c06\u5b58\u5728\u4ee5\u63d0\u4f9b\u4fdd\u62a4\u5e76\u6700\u5927\u9650\u5ea6\u5730\u51cf\u5c11\u66b4\u9732\u3002 \u5b89\u5168\u5931\u8d25 \u00b6 \u5728\u53d1\u751f\u6545\u969c\u7684\u60c5\u51b5\u4e0b\uff0c\u7cfb\u7edf\u5e94\u914d\u7f6e\u4e3a\u5728\u5173\u95ed\u7684\u5b89\u5168\u72b6\u6001\u4e2d\u5931\u8d25\u3002\u4f8b\u5982\uff0c\u5982\u679cTLS\u8bc1\u4e66\u9a8c\u8bc1\u672a\u901a\u8fc7\uff0c\u5373CNAME\u4e0e\u670d\u52a1\u5668\u7684DNS\u540d\u79f0\u4e0d\u5339\u914d\uff0c\u5e94\u901a\u8fc7\u5207\u65ad\u7f51\u7edc\u8fde\u63a5\u6765\u5b89\u5168\u5931\u8d25\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u8f6f\u4ef6\u901a\u5e38\u4f1a\u4ee5\u5f00\u653e\u65b9\u5f0f\u5931\u8d25\uff0c\u5141\u8bb8\u8fde\u63a5\u5728\u6ca1\u6709CNAME\u5339\u914d\u7684\u60c5\u51b5\u4e0b\u7ee7\u7eed\u8fdb\u884c\uff0c\u8fd9\u6837\u4e0d\u591f\u5b89\u5168\uff0c\u4e5f\u4e0d\u5efa\u8bae\u3002 \u6700\u5c0f\u6743\u9650 \u00b6 \u4ec5\u6388\u4e88\u7528\u6237\u548c\u7cfb\u7edf\u670d\u52a1\u7684\u6700\u4f4e\u8bbf\u95ee\u7ea7\u522b\u3002\u8fd9\u79cd\u8bbf\u95ee\u57fa\u4e8e\u89d2\u8272\u3001\u804c\u8d23\u548c\u5de5\u4f5c\u804c\u80fd\u3002\u8fd9\u79cd\u6700\u5c0f\u7279\u6743\u5b89\u5168\u539f\u5219\u5df2\u5199\u5165\u591a\u4e2a\u56fd\u9645\u653f\u5e9c\u5b89\u5168\u7b56\u7565\u4e2d\uff0c\u4f8b\u5982\u7f8e\u56fd\u5883\u5185\u7684 NIST 800-53 \u7b2c AC-6 \u8282\u3002 \u5206\u9694 \u00b6 \u7cfb\u7edf\u5e94\u4ee5\u8fd9\u6837\u4e00\u79cd\u65b9\u5f0f\u9694\u79bb\uff0c\u5373\u5982\u679c\u4e00\u53f0\u8ba1\u7b97\u673a\u6216\u7cfb\u7edf\u7ea7\u670d\u52a1\u53d7\u5230\u635f\u5bb3\uff0c\u5176\u4ed6\u7cfb\u7edf\u7684\u5b89\u5168\u6027\u5c06\u4fdd\u6301\u4e0d\u53d8\u3002\u5b9e\u9645\u4e0a\uff0cSELinux \u7684\u542f\u7528\u548c\u6b63\u786e\u4f7f\u7528\u6709\u52a9\u4e8e\u5b9e\u73b0\u8fd9\u4e00\u76ee\u6807\u3002 \u4fc3\u8fdb\u9690\u79c1 \u00b6 \u5e94\u5c3d\u91cf\u51cf\u5c11\u53ef\u4ee5\u6536\u96c6\u7684\u6709\u5173\u7cfb\u7edf\u53ca\u5176\u7528\u6237\u7684\u4fe1\u606f\u91cf\u3002 \u65e5\u5fd7\u8bb0\u5f55\u80fd\u529b \u00b6 \u5b9e\u65bd\u9002\u5f53\u7684\u65e5\u5fd7\u8bb0\u5f55\u4ee5\u76d1\u63a7\u672a\u7ecf\u6388\u6743\u7684\u4f7f\u7528\u3001\u4e8b\u4ef6\u54cd\u5e94\u548c\u53d6\u8bc1\u3002\u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\u9009\u5b9a\u7684\u5ba1\u8ba1\u5b50\u7cfb\u7edf\u901a\u8fc7\u901a\u7528\u6807\u51c6\u8ba4\u8bc1\uff0c\u8be5\u6807\u51c6\u5728\u5927\u591a\u6570\u56fd\u5bb6/\u5730\u533a\u63d0\u4f9b\u4e0d\u53ef\u8bc1\u660e\u7684\u4e8b\u4ef6\u8bb0\u5f55\u3002 \u5e38\u7528\u63a7\u5236\u6846\u67b6 \u00b6 \u4ee5\u4e0b\u662f\u7ec4\u7ec7\u53ef\u7528\u4e8e\u6784\u5efa\u5176\u5b89\u5168\u63a7\u5236\u7684\u63a7\u5236\u6846\u67b6\u5217\u8868\u3002 \u4e91\u5b89\u5168\u8054\u76df \uff08CSA\uff09 \u901a\u7528\u63a7\u5236\u77e9\u9635 \uff08CCM\uff09 CSA CCM \u4e13\u95e8\u7528\u4e8e\u63d0\u4f9b\u57fa\u672c\u7684\u5b89\u5168\u539f\u5219\uff0c\u4ee5\u6307\u5bfc\u4e91\u4f9b\u5e94\u5546\u5e76\u5e2e\u52a9\u6f5c\u5728\u7684\u4e91\u5ba2\u6237\u8bc4\u4f30\u4e91\u63d0\u4f9b\u5546\u7684\u6574\u4f53\u5b89\u5168\u98ce\u9669\u3002CSA CCM \u63d0\u4f9b\u4e86\u4e00\u4e2a\u8de8 16 \u4e2a\u5b89\u5168\u57df\u4fdd\u6301\u4e00\u81f4\u7684\u63a7\u5236\u6846\u67b6\u3002\u4e91\u63a7\u5236\u77e9\u9635\u7684\u57fa\u7840\u5728\u4e8e\u5176\u4e0e\u5176\u4ed6\u884c\u4e1a\u6807\u51c6\u3001\u6cd5\u89c4\u548c\u63a7\u5236\u6846\u67b6\u7684\u5b9a\u5236\u5173\u7cfb\uff0c\u4f8b\u5982\uff1aISO 27001\uff1a2013\u3001COBIT 5.0\u3001PCI\uff1aDSS v3\u3001AICPA 2014 \u4fe1\u4efb\u670d\u52a1\u539f\u5219\u548c\u6807\u51c6\uff0c\u5e76\u589e\u5f3a\u4e86\u670d\u52a1\u7ec4\u7ec7\u63a7\u5236\u62a5\u544a\u8bc1\u660e\u7684\u5185\u90e8\u63a7\u5236\u65b9\u5411\u3002 CSA CCM \u901a\u8fc7\u51cf\u5c11\u4e91\u4e2d\u7684\u5b89\u5168\u5a01\u80c1\u548c\u6f0f\u6d1e\u6765\u52a0\u5f3a\u73b0\u6709\u7684\u4fe1\u606f\u5b89\u5168\u63a7\u5236\u73af\u5883\uff0c\u63d0\u4f9b\u6807\u51c6\u5316\u7684\u5b89\u5168\u548c\u8fd0\u8425\u98ce\u9669\u7ba1\u7406\uff0c\u5e76\u5bfb\u6c42\u89c4\u8303\u5316\u5b89\u5168\u671f\u671b\u3001\u4e91\u5206\u7c7b\u548c\u672f\u8bed\u4ee5\u53ca\u5728\u4e91\u4e2d\u5b9e\u65bd\u7684\u5b89\u5168\u63aa\u65bd\u3002 ISO 27001/2:2013 ISO 27001/2\uff1a2013 \u8ba4\u8bc1 ISO 27001 \u4fe1\u606f\u5b89\u5168\u6807\u51c6\u548c\u8ba4\u8bc1\u591a\u5e74\u6765\u4e00\u76f4\u7528\u4e8e\u8bc4\u4f30\u548c\u533a\u5206\u7ec4\u7ec7\u662f\u5426\u7b26\u5408\u4fe1\u606f\u5b89\u5168\u6700\u4f73\u5b9e\u8df5\u3002\u8be5\u6807\u51c6\u7531\u4e24\u90e8\u5206\u7ec4\u6210\uff1a\u5b9a\u4e49\u4fe1\u606f\u5b89\u5168\u7ba1\u7406\u7cfb\u7edf \uff08ISMS\uff09 \u7684\u5f3a\u5236\u6027\u6761\u6b3e\u548c\u5305\u542b\u6309\u9886\u57df\u7ec4\u7ec7\u7684\u63a7\u5236\u5217\u8868\u7684\u9644\u5f55 A\u3002 \u4fe1\u606f\u5b89\u5168\u7ba1\u7406\u7cfb\u7edf\u901a\u8fc7\u5e94\u7528\u98ce\u9669\u7ba1\u7406\u6d41\u7a0b\u6765\u4fdd\u6301\u4fe1\u606f\u7684\u673a\u5bc6\u6027\u3001\u5b8c\u6574\u6027\u548c\u53ef\u7528\u6027\uff0c\u5e76\u4f7f\u76f8\u5173\u65b9\u76f8\u4fe1\u98ce\u9669\u5f97\u5230\u5145\u5206\u7ba1\u7406\u3002 \u53ef\u4fe1\u5b89\u5168\u539f\u5219 \u4fe1\u6258\u670d\u52a1\u662f\u4e00\u5957\u57fa\u4e8e\u4e00\u5957\u6838\u5fc3\u539f\u5219\u548c\u6807\u51c6\u7684\u4e13\u4e1a\u8ba4\u8bc1\u548c\u54a8\u8be2\u670d\u52a1\uff0c\u7528\u4e8e\u89e3\u51b3 IT \u7cfb\u7edf\u548c\u9690\u79c1\u8ba1\u5212\u7684\u98ce\u9669\u548c\u673a\u9047\u3002\u901a\u5e38\u79f0\u4e3a SOC \u5ba1\u8ba1\uff0c\u8fd9\u4e9b\u539f\u5219\u5b9a\u4e49\u4e86\u8981\u6c42\u662f\u4ec0\u4e48\uff0c\u7ec4\u7ec7\u6709\u8d23\u4efb\u5b9a\u4e49\u6ee1\u8db3\u8981\u6c42\u7684\u63a7\u5236\u63aa\u65bd\u3002 \u5ba1\u8ba1\u53c2\u8003 \u00b6 OpenStack\u5728\u8bb8\u591a\u65b9\u9762\u90fd\u662f\u521b\u65b0\u7684\uff0c\u4f46\u662f\u7528\u4e8e\u5ba1\u8ba1OpenStack\u90e8\u7f72\u7684\u8fc7\u7a0b\u76f8\u5f53\u666e\u904d\u3002\u5ba1\u6838\u5458\u5c06\u6839\u636e\u4e24\u4e2a\u6807\u51c6\u8bc4\u4f30\u6d41\u7a0b\uff1a\u63a7\u5236\u662f\u5426\u6709\u6548\u8bbe\u8ba1\u4ee5\u53ca\u63a7\u5236\u662f\u5426\u6709\u6548\u8fd0\u884c\u3002\u4e86\u89e3\u5ba1\u8ba1\u5e08\u5982\u4f55\u8bc4\u4f30\u63a7\u5236\u63aa\u65bd\u662f\u5426\u6709\u6548\u8bbe\u8ba1\u548c\u8fd0\u884c\uff0c\u5c06\u5728\u201c\u4e86\u89e3\u5ba1\u8ba1\u8fc7\u7a0b\u201d\u4e00\u8282\u4e2d\u8ba8\u8bba\u3002 \u7528\u4e8e\u5ba1\u6838\u548c\u8bc4\u4f30\u4e91\u90e8\u7f72\u7684\u6700\u5e38\u89c1\u6846\u67b6\u5305\u62ec\u524d\u9762\u63d0\u5230\u7684 ISO 27001/2 \u4fe1\u606f\u5b89\u5168\u6807\u51c6\u3001ISACA \u7684\u4fe1\u606f\u548c\u76f8\u5173\u6280\u672f\u63a7\u5236\u76ee\u6807 \uff08COBIT\uff09 \u6846\u67b6\u3001\u7279\u96f7\u5fb7\u97e6\u59d4\u5458\u4f1a\u8d5e\u52a9\u7ec4\u7ec7\u59d4\u5458\u4f1a \uff08COSO\uff09 \u548c\u4fe1\u606f\u6280\u672f\u57fa\u7840\u8bbe\u65bd\u5e93 \uff08ITIL\uff09\u3002\u5ba1\u8ba1\u901a\u5e38\u5305\u62ec\u4e00\u4e2a\u6216\u591a\u4e2a\u8fd9\u4e9b\u6846\u67b6\u4e2d\u7684\u91cd\u70b9\u9886\u57df\u3002\u5e78\u8fd0\u7684\u662f\uff0c\u8fd9\u4e9b\u6846\u67b6\u4e4b\u95f4\u6709\u5f88\u591a\u91cd\u53e0\uff0c\u56e0\u6b64\u91c7\u7528\u6846\u67b6\u7684\u7ec4\u7ec7\u5c06\u5728\u5ba1\u8ba1\u65f6\u5904\u4e8e\u6709\u5229\u5730\u4f4d\u3002 \u4e86\u89e3\u5ba1\u6838\u6d41\u7a0b \u00b6 \u4fe1\u606f\u7cfb\u7edf\u5b89\u5168\u5408\u89c4\u6027\u4f9d\u8d56\u4e8e\u4e24\u4e2a\u57fa\u672c\u6d41\u7a0b\u7684\u5b8c\u6210\uff1a \u5b89\u5168\u63a7\u5236\u7684\u5b9e\u65bd\u548c\u64cd\u4f5c \u4f7f\u4fe1\u606f\u7cfb\u7edf\u4e0e\u8303\u56f4\u5185\u7684\u6807\u51c6\u548c\u6cd5\u89c4\u4fdd\u6301\u4e00\u81f4\u6d89\u53ca\u5185\u90e8\u4efb\u52a1\uff0c\u8fd9\u4e9b\u4efb\u52a1\u5fc5\u987b\u5728\u6b63\u5f0f\u8bc4\u4f30\u4e4b\u524d\u8fdb\u884c\u3002\u5ba1\u6838\u5458\u53ef\u80fd\u4f1a\u53c2\u4e0e\u6b64\u72b6\u6001\uff0c\u4ee5\u8fdb\u884c\u5dee\u8ddd\u5206\u6790\uff0c\u63d0\u4f9b\u6307\u5bfc\uff0c\u5e76\u589e\u52a0\u6210\u529f\u8ba4\u8bc1\u7684\u53ef\u80fd\u6027\u3002 \u72ec\u7acb\u9a8c\u8bc1\u548c\u786e\u8ba4 \u5728\u8bb8\u591a\u4fe1\u606f\u7cfb\u7edf\u83b7\u5f97\u8ba4\u8bc1\u72b6\u6001\u4e4b\u524d\uff0c\u9700\u8981\u5411\u4e2d\u7acb\u7684\u7b2c\u4e09\u65b9\u8bc1\u660e\u7cfb\u7edf\u5b89\u5168\u63a7\u5236\u5df2\u5b9e\u65bd\u5e76\u6709\u6548\u8fd0\u884c\uff0c\u7b26\u5408\u8303\u56f4\u5185\u7684\u6807\u51c6\u548c\u6cd5\u89c4\u3002\u8bb8\u591a\u8ba4\u8bc1\u9700\u8981\u5b9a\u671f\u5ba1\u6838\uff0c\u4ee5\u786e\u4fdd\u6301\u7eed\u8ba4\u8bc1\uff0c\u8fd9\u88ab\u8ba4\u4e3a\u662f\u603b\u4f53\u6301\u7eed\u76d1\u63a7\u5b9e\u8df5\u7684\u4e00\u90e8\u5206\u3002 \u786e\u5b9a\u5ba1\u8ba1\u8303\u56f4 \u00b6 \u786e\u5b9a\u5ba1\u8ba1\u8303\u56f4\uff0c\u7279\u522b\u662f\u9700\u8981\u54ea\u4e9b\u63a7\u5236\u63aa\u65bd\uff0c\u4ee5\u53ca\u5982\u4f55\u8bbe\u8ba1\u6216\u4fee\u6539OpenStack\u90e8\u7f72\u4ee5\u6ee1\u8db3\u8fd9\u4e9b\u63a7\u5236\u63aa\u65bd\uff0c\u5e94\u8be5\u662f\u6700\u521d\u7684\u89c4\u5212\u6b65\u9aa4\u3002 \u5728\u51fa\u4e8e\u5408\u89c4\u6027\u76ee\u7684\u786e\u5b9a OpenStack \u90e8\u7f72\u8303\u56f4\u65f6\uff0c\u5e94\u4f18\u5148\u8003\u8651\u5bf9\u654f\u611f\u670d\u52a1\u7684\u63a7\u5236\uff0c\u4f8b\u5982\u547d\u4ee4\u548c\u63a7\u5236\u529f\u80fd\u4ee5\u53ca\u57fa\u672c\u865a\u62df\u5316\u6280\u672f\u3002\u8fd9\u4e9b\u8bbe\u65bd\u7684\u59a5\u534f\u53ef\u80fd\u4f1a\u5f71\u54cd\u6574\u4e2a OpenStack \u73af\u5883\u3002 \u7f29\u5c0f\u8303\u56f4\u6709\u52a9\u4e8e\u786e\u4fdd OpenStack \u67b6\u6784\u5e08\u5efa\u7acb\u9488\u5bf9\u7279\u5b9a\u90e8\u7f72\u91cf\u8eab\u5b9a\u5236\u7684\u9ad8\u8d28\u91cf\u5b89\u5168\u63a7\u5236\uff0c\u4f46\u6700\u91cd\u8981\u7684\u662f\u786e\u4fdd\u8fd9\u4e9b\u5b9e\u8df5\u4e0d\u4f1a\u9057\u6f0f\u5b89\u5168\u5f3a\u5316\u4e2d\u7684\u533a\u57df\u6216\u529f\u80fd\u3002\u4e00\u4e2a\u5e38\u89c1\u7684\u4f8b\u5b50\u662fPCI-DSS\u51c6\u5219\uff0c\u5176\u4e2d\u4e0e\u652f\u4ed8\u76f8\u5173\u7684\u57fa\u7840\u8bbe\u65bd\u53ef\u80fd\u4f1a\u53d7\u5230\u5b89\u5168\u95ee\u9898\u7684\u5ba1\u67e5\uff0c\u4f46\u652f\u6301\u670d\u52a1\u88ab\u5ffd\u89c6\uff0c\u5e76\u4e14\u5bb9\u6613\u53d7\u5230\u653b\u51fb\u3002 \u5728\u89e3\u51b3\u5408\u89c4\u6027\u95ee\u9898\u65f6\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u786e\u5b9a\u9002\u7528\u4e8e\u591a\u4e2a\u8ba4\u8bc1\u7684\u5e38\u89c1\u9886\u57df\u548c\u6807\u51c6\u6765\u63d0\u9ad8\u6548\u7387\u5e76\u51cf\u5c11\u5de5\u4f5c\u91cf\u3002\u672c\u4e66\u4e2d\u8ba8\u8bba\u7684\u8bb8\u591a\u5ba1\u8ba1\u539f\u5219\u548c\u51c6\u5219\u5c06\u6709\u52a9\u4e8e\u786e\u5b9a\u8fd9\u4e9b\u63a7\u5236\u63aa\u65bd\uff0c\u6b64\u5916\uff0c\u4e00\u4e9b\u5916\u90e8\u5b9e\u4f53\u63d0\u4f9b\u4e86\u5168\u9762\u7684\u6e05\u5355\u3002\u4ee5\u4e0b\u662f\u4e00\u4e9b\u793a\u4f8b\uff1a \u4e91\u5b89\u5168\u8054\u76df\u4e91\u63a7\u5236\u77e9\u9635 \uff08CCM\uff09 \u53ef\u5e2e\u52a9\u4e91\u63d0\u4f9b\u5546\u548c\u6d88\u8d39\u8005\u8bc4\u4f30\u4e91\u63d0\u4f9b\u5546\u7684\u6574\u4f53\u5b89\u5168\u6027\u3002CSA CMM \u63d0\u4f9b\u4e86\u4e00\u4e2a\u63a7\u5236\u6846\u67b6\uff0c\u8be5\u6846\u67b6\u6620\u5c04\u5230\u8bb8\u591a\u884c\u4e1a\u516c\u8ba4\u7684\u6807\u51c6\u548c\u6cd5\u89c4\uff0c\u5305\u62ec ISO 27001/2\u3001ISACA\u3001COBIT\u3001PCI\u3001NIST\u3001Jericho Forum \u548c NERC CIP\u3002 \u300aSCAP \u5b89\u5168\u6307\u5357\u300b\u662f\u53e6\u4e00\u4e2a\u6709\u7528\u7684\u53c2\u8003\u3002\u8fd9\u4ecd\u7136\u662f\u4e00\u4e2a\u65b0\u5174\u7684\u6765\u6e90\uff0c\u4f46\u6211\u4eec\u9884\u8ba1\u8fd9\u5c06\u53d1\u5c55\u6210\u4e3a\u4e00\u4e2a\u5de5\u5177\uff0c\u5176\u63a7\u4ef6\u6620\u5c04\u66f4\u4fa7\u91cd\u4e8e\u7f8e\u56fd\u8054\u90a6\u653f\u5e9c\u7684\u8ba4\u8bc1\u548c\u5efa\u8bae\u3002\u4f8b\u5982\uff0cSCAP \u5b89\u5168\u6307\u5357\u76ee\u524d\u5305\u542b\u5b89\u5168\u6280\u672f\u5b9e\u65bd\u6307\u5357 \uff08STIG\uff09 \u548c NIST-800-53 \u7684\u4e00\u4e9b\u6620\u5c04\u3002 \u8fd9\u4e9b\u63a7\u5236\u6620\u5c04\u5c06\u6709\u52a9\u4e8e\u8bc6\u522b\u8de8\u8ba4\u8bc1\u7684\u901a\u7528\u63a7\u5236\u6807\u51c6\uff0c\u5e76\u4e3a\u5ba1\u6838\u5458\u548c\u88ab\u5ba1\u6838\u65b9\u63d0\u4f9b\u5bf9\u7279\u5b9a\u5408\u89c4\u6027\u8ba4\u8bc1\u548c\u8bc1\u660e\u7684\u63a7\u5236\u96c6\u4e2d\u95ee\u9898\u533a\u57df\u7684\u53ef\u89c1\u6027\u3002 \u5ba1\u8ba1\u7684\u9636\u6bb5 \u00b6 \u5ba1\u8ba1\u6709\u56db\u4e2a\u4e0d\u540c\u7684\u9636\u6bb5\uff0c\u5c3d\u7ba1\u5927\u591a\u6570\u5229\u76ca\u76f8\u5173\u8005\u548c\u63a7\u5236\u6240\u6709\u8005\u53ea\u4f1a\u53c2\u4e0e\u4e00\u4e24\u4e2a\u9636\u6bb5\u3002\u56db\u4e2a\u9636\u6bb5\u662f\u89c4\u5212\u3001\u5b9e\u5730\u8003\u5bdf\u3001\u62a5\u544a\u548c\u603b\u7ed3\u3002\u4e0b\u9762\u5c06\u8ba8\u8bba\u8fd9\u4e9b\u9636\u6bb5\u4e2d\u7684\u6bcf\u4e00\u4e2a\u3002 \u89c4\u5212\u9636\u6bb5\u901a\u5e38\u5728\u5b9e\u5730\u5de5\u4f5c\u5f00\u59cb\u524d\u4e24\u5468\u5230\u516d\u4e2a\u6708\u8fdb\u884c\u3002\u5728\u6b64\u9636\u6bb5\uff0c\u5c06\u8ba8\u8bba\u5e76\u6700\u7ec8\u786e\u5b9a\u65f6\u95f4\u8303\u56f4\u3001\u65f6\u95f4\u8868\u3001\u8981\u8bc4\u4f30\u7684\u63a7\u5236\u63aa\u65bd\u548c\u63a7\u5236\u6240\u6709\u8005\u7b49\u5ba1\u8ba1\u9879\u76ee\u3002\u5bf9\u8d44\u6e90\u53ef\u7528\u6027\u3001\u516c\u6b63\u6027\u548c\u6210\u672c\u7684\u62c5\u5fe7\u4e5f\u5f97\u5230\u4e86\u89e3\u51b3\u3002 \u5b9e\u5730\u8003\u5bdf\u9636\u6bb5\u662f\u5ba1\u8ba1\u4e2d\u6700\u660e\u663e\u7684\u90e8\u5206\u3002\u8fd9\u662f\u5ba1\u8ba1\u5458\u5728\u73b0\u573a\u7684\u5730\u65b9\uff0c\u4e0e\u63a7\u5236\u6240\u6709\u8005\u9762\u8c08\uff0c\u8bb0\u5f55\u73b0\u6709\u7684\u63a7\u5236\u63aa\u65bd\uff0c\u5e76\u786e\u5b9a\u4efb\u4f55\u95ee\u9898\u3002\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u5ba1\u8ba1\u5e08\u5c06\u4f7f\u7528\u4e24\u90e8\u5206\u6d41\u7a0b\u6765\u8bc4\u4f30\u73b0\u6709\u7684\u63a7\u5236\u63aa\u65bd\u3002\u7b2c\u4e00\u90e8\u5206\u662f\u8bc4\u4f30\u63a7\u5236\u7684\u8bbe\u8ba1\u6709\u6548\u6027\u3002\u5728\u8fd9\u91cc\uff0c\u5ba1\u8ba1\u5458\u5c06\u8bc4\u4f30\u63a7\u5236\u662f\u5426\u80fd\u591f\u6709\u6548\u5730\u9884\u9632\u6216\u68c0\u6d4b\u548c\u7ea0\u6b63\u5f31\u70b9\u548c\u7f3a\u9677\u3002\u63a7\u4ef6\u5fc5\u987b\u901a\u8fc7\u6b64\u6d4b\u8bd5\u624d\u80fd\u5728\u7b2c\u4e8c\u9636\u6bb5\u8fdb\u884c\u8bc4\u4f30\u3002\u8fd9\u662f\u56e0\u4e3a\u5bf9\u4e8e\u8bbe\u8ba1\u65e0\u6548\u7684\u63a7\u4ef6\uff0c\u6ca1\u6709\u5fc5\u8981\u8003\u8651\u5b83\u662f\u5426\u6709\u6548\u8fd0\u884c\u3002\u7b2c\u4e8c\u90e8\u5206\u662f\u8fd0\u8425\u6548\u7387\u3002\u64cd\u4f5c\u6709\u6548\u6027\u6d4b\u8bd5\u5c06\u786e\u5b9a\u5982\u4f55\u5e94\u7528\u63a7\u5236\u63aa\u65bd\uff0c\u5e94\u7528\u63a7\u5236\u63aa\u65bd\u7684\u4e00\u81f4\u6027\u4ee5\u53ca\u7531\u8c01\u6216\u4ee5\u4f55\u79cd\u65b9\u5f0f\u5e94\u7528\u63a7\u5236\u63aa\u65bd\u3002\u4e00\u9879\u63a7\u5236\u53ef\u80fd\u4f9d\u8d56\u4e8e\u5176\u4ed6\u63a7\u5236\uff08\u95f4\u63a5\u63a7\u5236\uff09\uff0c\u5982\u679c\u5b83\u4eec\u4f9d\u8d56\u4e8e\u5176\u4ed6\u63a7\u5236\uff0c\u5219\u5ba1\u8ba1\u5e08\u53ef\u80fd\u9700\u8981\u989d\u5916\u7684\u8bc1\u636e\u6765\u8bc1\u660e\u8fd9\u4e9b\u95f4\u63a5\u63a7\u5236\u7684\u8fd0\u4f5c\u6709\u6548\u6027\uff0c\u4ee5\u786e\u5b9a\u63a7\u5236\u7684\u6574\u4f53\u8fd0\u4f5c\u6709\u6548\u6027\u3002 \u5728\u62a5\u544a\u9636\u6bb5\uff0c\u7ba1\u7406\u5c42\u5c06\u5bf9\u5728\u5b9e\u5730\u5de5\u4f5c\u9636\u6bb5\u53d1\u73b0\u7684\u4efb\u4f55\u95ee\u9898\u8fdb\u884c\u9a8c\u8bc1\u3002\u51fa\u4e8e\u540e\u52e4\u76ee\u7684\uff0c\u4e00\u4e9b\u6d3b\u52a8\uff08\u4f8b\u5982\u95ee\u9898\u9a8c\u8bc1\uff09\u53ef\u80fd\u4f1a\u5728\u5b9e\u5730\u5de5\u4f5c\u9636\u6bb5\u6267\u884c\u3002\u7ba1\u7406\u5c42\u8fd8\u9700\u8981\u63d0\u4f9b\u8865\u6551\u8ba1\u5212\u6765\u89e3\u51b3\u95ee\u9898\uff0c\u5e76\u786e\u4fdd\u5b83\u4eec\u4e0d\u4f1a\u518d\u6b21\u53d1\u751f\u3002\u5c06\u5411\u5229\u76ca\u6538\u5173\u65b9\u548c\u7ba1\u7406\u5c42\u5206\u53d1\u4e00\u4efd\u603b\u4f53\u62a5\u544a\u8349\u7a3f\uff0c\u4f9b\u5176\u5ba1\u67e5\u3002\u5546\u5b9a\u7684\u4fee\u6539\u88ab\u7eb3\u5165\uff0c\u66f4\u65b0\u540e\u7684\u8349\u6848\u5c06\u9001\u4ea4\u9ad8\u7ea7\u7ba1\u7406\u5c42\u5ba1\u67e5\u548c\u6279\u51c6\u3002\u4e00\u65e6\u9ad8\u7ea7\u7ba1\u7406\u5c42\u6279\u51c6\u62a5\u544a\uff0c\u8be5\u62a5\u544a\u5c31\u4f1a\u5b9a\u7a3f\u5e76\u5206\u53d1\u7ed9\u6267\u884c\u7ba1\u7406\u5c42\u3002\u4efb\u4f55\u95ee\u9898\u90fd\u4f1a\u8f93\u5165\u5230\u7ec4\u7ec7\u4f7f\u7528\u7684\u95ee\u9898\u8ddf\u8e2a\u6216\u98ce\u9669\u8ddf\u8e2a\u673a\u5236\u4e2d\u3002 \u603b\u7ed3\u9636\u6bb5\u662f\u5ba1\u8ba1\u6b63\u5f0f\u7ec8\u6b62\u7684\u5730\u65b9\u3002\u6b64\u65f6\uff0c\u7ba1\u7406\u5c42\u5c06\u5f00\u59cb\u6574\u6539\u6d3b\u52a8\u3002\u4f7f\u7528\u8fc7\u7a0b\u548c\u901a\u77e5\u786e\u4fdd\u5c06\u4efb\u4f55\u4e0e\u5ba1\u8ba1\u76f8\u5173\u7684\u4fe1\u606f\u90fd\u88ab\u79fb\u81f3\u5b89\u5168\u5b58\u50a8\u5e930\u3002 \u5185\u90e8\u5ba1\u8ba1 \u00b6 \u90e8\u7f72\u4e91\u540e\uff0c\u5c31\u8be5\u8fdb\u884c\u5185\u90e8\u5ba1\u8ba1\u4e86\u3002\u73b0\u5728\u662f\u65f6\u5019\u5c06\u4e0a\u9762\u786e\u5b9a\u7684\u63a7\u4ef6\u4e0e\u4e91\u4e2d\u4f7f\u7528\u7684\u8bbe\u8ba1\u3001\u529f\u80fd\u548c\u90e8\u7f72\u7b56\u7565\u8fdb\u884c\u6bd4\u8f83\u4e86\u3002\u76ee\u6807\u662f\u4e86\u89e3\u6bcf\u4e2a\u63a7\u4ef6\u7684\u5904\u7406\u65b9\u5f0f\u4ee5\u53ca\u5b58\u5728\u5dee\u8ddd\u7684\u4f4d\u7f6e\u3002\u8bb0\u5f55\u6240\u6709\u53d1\u73b0\u4ee5\u5907\u5c06\u6765\u53c2\u8003\u3002 \u5728\u5ba1\u8ba1OpenStack\u4e91\u65f6\uff0c\u4e86\u89e3OpenStack\u67b6\u6784\u56fa\u6709\u7684\u591a\u79df\u6237\u73af\u5883\u662f\u5f88\u91cd\u8981\u7684\u3002\u9700\u8981\u5173\u6ce8\u7684\u4e00\u4e9b\u5173\u952e\u9886\u57df\u5305\u62ec\u6570\u636e\u5904\u7f6e\u3001\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5b89\u5168\u6027\u3001\u8282\u70b9\u5f3a\u5316\u548c\u8eab\u4efd\u9a8c\u8bc1\u673a\u5236\u3002 \u51c6\u5907\u5916\u90e8\u5ba1\u8ba1 \u00b6 \u4e00\u65e6\u5185\u90e8\u5ba1\u8ba1\u7ed3\u679c\u770b\u8d77\u6765\u4e0d\u9519\uff0c\u5c31\u8be5\u4e3a\u5916\u90e8\u5ba1\u8ba1\u505a\u51c6\u5907\u4e86\u3002\u5728\u6b64\u9636\u6bb5\u9700\u8981\u91c7\u53d6\u51e0\u9879\u5173\u952e\u884c\u52a8\uff0c\u8fd9\u4e9b\u884c\u52a8\u6982\u8ff0\u5982\u4e0b\uff1a \u4fdd\u6301\u5185\u90e8\u5ba1\u8ba1\u7684\u826f\u597d\u8bb0\u5f55\u3002\u8fd9\u4e9b\u5c06\u5728\u5916\u90e8\u5ba1\u8ba1\u671f\u95f4\u8bc1\u660e\u5f88\u6709\u7528\uff0c\u56e0\u6b64\u60a8\u53ef\u4ee5\u51c6\u5907\u597d\u56de\u7b54\u6709\u5173\u5c06\u5408\u89c4\u6027\u63a7\u5236\u6620\u5c04\u5230\u7279\u5b9a\u90e8\u7f72\u7684\u95ee\u9898\u3002 \u90e8\u7f72\u81ea\u52a8\u5316\u6d4b\u8bd5\u5de5\u5177\uff0c\u786e\u4fdd\u4e91\u957f\u671f\u4fdd\u6301\u5408\u89c4\u3002 \u9009\u62e9\u5ba1\u8ba1\u5458\u3002 \u9009\u62e9\u5ba1\u8ba1\u5e08\u53ef\u80fd\u5177\u6709\u6311\u6218\u6027\u3002\u7406\u60f3\u60c5\u51b5\u4e0b\uff0c\u60a8\u6b63\u5728\u5bfb\u627e\u5177\u6709\u4e91\u5408\u89c4\u6027\u5ba1\u6838\u7ecf\u9a8c\u7684\u4eba\u3002OpenStack\u7ecf\u9a8c\u662f\u53e6\u4e00\u5927\u4f18\u52bf\u3002\u901a\u5e38\uff0c\u6700\u597d\u54a8\u8be2\u7ecf\u5386\u8fc7\u6b64\u8fc7\u7a0b\u7684\u4eba\u8fdb\u884c\u8f6c\u8bca\u3002\u6210\u672c\u53ef\u80fd\u4f1a\u56e0\u53c2\u4e0e\u8303\u56f4\u548c\u6240\u8003\u8651\u7684\u5ba1\u8ba1\u516c\u53f8\u800c\u6709\u5f88\u5927\u5dee\u5f02\u3002 \u5916\u90e8\u5ba1\u8ba1 \u00b6 \u8fd9\u662f\u6b63\u5f0f\u7684\u5ba1\u8ba1\u8fc7\u7a0b\u3002\u5ba1\u8ba1\u5458\u5c06\u6d4b\u8bd5\u7279\u5b9a\u8ba4\u8bc1\u8303\u56f4\u5185\u7684\u5b89\u5168\u63a7\u5236\u63aa\u65bd\uff0c\u5e76\u8981\u6c42\u63d0\u4f9b\u8bc1\u636e\u8981\u6c42\uff0c\u4ee5\u8bc1\u660e\u8fd9\u4e9b\u63a7\u5236\u63aa\u65bd\u5728\u5ba1\u8ba1\u7a97\u53e3\u5185\u4e5f\u5df2\u5230\u4f4d\uff08\u4f8b\u5982\uff0cSOC 2 \u5ba1\u8ba1\u901a\u5e38\u5728 6-12 \u4e2a\u6708\u5185\u8bc4\u4f30\u5b89\u5168\u63a7\u5236\u63aa\u65bd\uff09\u3002\u4efb\u4f55\u63a7\u5236\u5931\u8d25\u90fd\u4f1a\u88ab\u8bb0\u5f55\u4e0b\u6765\uff0c\u5e76\u5c06\u8bb0\u5f55\u5728\u5916\u90e8\u5ba1\u8ba1\u5e08\u7684\u6700\u7ec8\u62a5\u544a\u4e2d\u3002\u6839\u636e OpenStack \u90e8\u7f72\u7684\u7c7b\u578b\uff0c\u5ba2\u6237\u53ef\u80fd\u4f1a\u67e5\u770b\u8fd9\u4e9b\u62a5\u544a\uff0c\u56e0\u6b64\u907f\u514d\u63a7\u5236\u5931\u8d25\u975e\u5e38\u91cd\u8981\u3002\u8fd9\u5c31\u662f\u4e3a\u4ec0\u4e48\u5ba1\u8ba1\u51c6\u5907\u5982\u6b64\u91cd\u8981\u7684\u539f\u56e0\u3002 \u5408\u89c4\u6027\u7ef4\u62a4 \u00b6 \u8be5\u8fc7\u7a0b\u4e0d\u4f1a\u56e0\u5355\u4e00\u7684\u5916\u90e8\u5ba1\u8ba1\u800c\u7ed3\u675f\u3002\u5927\u591a\u6570\u8ba4\u8bc1\u90fd\u9700\u8981\u6301\u7eed\u7684\u5408\u89c4\u6d3b\u52a8\uff0c\u8fd9\u610f\u5473\u7740\u8981\u5b9a\u671f\u91cd\u590d\u5ba1\u6838\u8fc7\u7a0b\u3002\u6211\u4eec\u5efa\u8bae\u5c06\u81ea\u52a8\u5408\u89c4\u6027\u9a8c\u8bc1\u5de5\u5177\u96c6\u6210\u5230\u4e91\u4e2d\uff0c\u4ee5\u786e\u4fdd\u5176\u59cb\u7ec8\u5408\u89c4\u3002\u9664\u4e86\u5176\u4ed6\u5b89\u5168\u76d1\u63a7\u5de5\u5177\u4e4b\u5916\uff0c\u8fd8\u5e94\u8be5\u8fd9\u6837\u505a\u3002\u8bf7\u8bb0\u4f4f\uff0c\u76ee\u6807\u65e2\u662f\u5b89\u5168\u6027\uff0c\u4e5f\u662f\u5408\u89c4\u6027\u3002\u5982\u679c\u5728\u4e0a\u8ff0\u4efb\u4f55\u4e00\u9879\u65b9\u9762\u90fd\u5931\u8d25\uff0c\u5c06\u4f7f\u672a\u6765\u7684\u5ba1\u8ba1\u53d8\u5f97\u975e\u5e38\u590d\u6742\u3002 \u5408\u89c4\u6d3b\u52a8 \u00b6 \u6709\u8bb8\u591a\u6807\u51c6\u6d3b\u52a8\u5c06\u6781\u5927\u5730\u5e2e\u52a9\u5408\u89c4\u8fc7\u7a0b\u3002\u672c\u7ae0\u6982\u8ff0\u4e86\u4e00\u4e9b\u6700\u5e38\u89c1\u7684\u5408\u89c4\u6027\u6d3b\u52a8\u3002\u8fd9\u4e9b\u5e76\u4e0d\u662fOpenStack\u6240\u7279\u6709\u7684\uff0c\u4f46\u662f\u672c\u4e66\u4e2d\u63d0\u4f9b\u4e86\u76f8\u5173\u7ae0\u8282\u7684\u53c2\u8003\u8d44\u6599\uff0c\u4f5c\u4e3a\u6709\u7528\u7684\u4e0a\u4e0b\u6587\u3002 \u4fe1\u606f\u5b89\u5168\u7ba1\u7406\u7cfb\u7edf \uff08ISMS\uff09 \u00b6 \u4fe1\u606f\u5b89\u5168\u7ba1\u7406\u7cfb\u7edf \uff08ISMS\uff09 \u662f\u7ec4\u7ec7\u521b\u5efa\u548c\u7ef4\u62a4\u7684\u4e00\u5957\u5168\u9762\u7684\u7b56\u7565\u548c\u6d41\u7a0b\uff0c\u7528\u4e8e\u7ba1\u7406\u4fe1\u606f\u8d44\u4ea7\u7684\u98ce\u9669\u3002\u4e91\u90e8\u7f72\u6700\u5e38\u89c1\u7684 ISMS \u662f ISO/IEC 27001/2\uff0c\u5b83\u4e3a\u5b89\u5168\u63a7\u5236\u548c\u5b9e\u8df5\u5960\u5b9a\u4e86\u575a\u5b9e\u7684\u57fa\u7840\uff0c\u4ee5\u5b9e\u73b0\u66f4\u4e25\u683c\u7684\u5408\u89c4\u6027\u8ba4\u8bc1\u3002\u8be5\u6807\u51c6\u4e8e 2013 \u5e74\u8fdb\u884c\u4e86\u66f4\u65b0\uff0c\u4ee5\u53cd\u6620\u4e91\u670d\u52a1\u7684\u65e5\u76ca\u4f7f\u7528\uff0c\u5e76\u66f4\u52a0\u5f3a\u8c03\u8861\u91cf\u548c\u8bc4\u4f30\u7ec4\u7ec7\u7684 ISMS \u6027\u80fd\u3002 \u98ce\u9669\u8bc4\u4f30 \u00b6 \u98ce\u9669\u8bc4\u4f30\u6846\u67b6\u53ef\u8bc6\u522b\u7ec4\u7ec7\u6216\u670d\u52a1\u4e2d\u7684\u98ce\u9669\uff0c\u5e76\u6307\u5b9a\u8fd9\u4e9b\u98ce\u9669\u7684\u6240\u6709\u6743\uff0c\u4ee5\u53ca\u5b9e\u65bd\u548c\u7f13\u89e3\u7b56\u7565\u3002\u98ce\u9669\u9002\u7528\u4e8e\u670d\u52a1\u7684\u6240\u6709\u9886\u57df\uff0c\u4ece\u6280\u672f\u63a7\u5236\u5230\u73af\u5883\u707e\u96be\u573a\u666f\u548c\u4eba\u4e3a\u56e0\u7d20\u3002\u4f8b\u5982\uff0c\u6076\u610f\u5185\u90e8\u4eba\u5458\u3002\u53ef\u4ee5\u4f7f\u7528\u591a\u79cd\u673a\u5236\u5bf9\u98ce\u9669\u8fdb\u884c\u8bc4\u7ea7\u3002\u4f8b\u5982\uff0c\u53ef\u80fd\u6027\u4e0e\u5f71\u54cd\u3002OpenStack \u90e8\u7f72\u98ce\u9669\u8bc4\u4f30\u53ef\u4ee5\u5305\u62ec\u63a7\u5236\u5dee\u8ddd\u3002 \u8bbf\u95ee\u548c\u65e5\u5fd7\u5ba1\u67e5 \u00b6 \u9700\u8981\u5b9a\u671f\u8bbf\u95ee\u548c\u65e5\u5fd7\u5ba1\u67e5\uff0c\u4ee5\u786e\u4fdd\u670d\u52a1\u90e8\u7f72\u4e2d\u7684\u8eab\u4efd\u9a8c\u8bc1\u3001\u6388\u6743\u548c\u95ee\u8d23\u5236\u3002\u6709\u5173\u8fd9\u4e9b\u4e3b\u9898\u7684 OpenStack \u7684\u5177\u4f53\u6307\u5357\u5728\u76d1\u63a7\u548c\u65e5\u5fd7\u8bb0\u5f55\u4e2d\u8fdb\u884c\u4e86\u6df1\u5165\u8ba8\u8bba\u3002 OpenStack Identity \u670d\u52a1\u652f\u6301\u4e91\u5ba1\u8ba1\u6570\u636e\u8054\u5408 \uff08CADF\uff09 \u901a\u77e5\uff0c\u63d0\u4f9b\u5ba1\u8ba1\u6570\u636e\u4ee5\u7b26\u5408\u5b89\u5168\u6027\u3001\u64cd\u4f5c\u548c\u4e1a\u52a1\u6d41\u7a0b\u3002\u6709\u5173\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 Keystone \u5f00\u53d1\u4eba\u5458\u6587\u6863\u3002 \u5907\u4efd\u548c\u707e\u96be\u6062\u590d \u00b6 \u707e\u96be\u6062\u590d \uff08DR\uff09 \u548c\u4e1a\u52a1\u8fde\u7eed\u6027\u89c4\u5212 \uff08BCP\uff09 \u8ba1\u5212\u662f ISMS \u548c\u5408\u89c4\u6027\u6d3b\u52a8\u7684\u5e38\u89c1\u8981\u6c42\u3002\u8fd9\u4e9b\u8ba1\u5212\u5fc5\u987b\u5b9a\u671f\u6d4b\u8bd5\u5e76\u8bb0\u5f55\u5728\u6848\u3002\u5728 OpenStack \u4e2d\uff0c\u5173\u952e\u533a\u57df\u4f4d\u4e8e\u7ba1\u7406\u5b89\u5168\u57df\u4e2d\uff0c\u4ee5\u53ca\u4efb\u4f55\u53ef\u4ee5\u8bc6\u522b\u5355\u70b9\u6545\u969c \uff08SPOF\uff09 \u7684\u5730\u65b9\u3002 \u5b89\u5168\u57f9\u8bad \u00b6 \u9488\u5bf9\u7279\u5b9a\u89d2\u8272\u7684\u5e74\u5ea6\u5b89\u5168\u57f9\u8bad\u662f\u51e0\u4e4e\u6240\u6709\u5408\u89c4\u6027\u8ba4\u8bc1\u548c\u8bc1\u660e\u7684\u5f3a\u5236\u6027\u8981\u6c42\u3002\u4e3a\u4e86\u4f18\u5316\u5b89\u5168\u57f9\u8bad\u7684\u6709\u6548\u6027\uff0c\u4e00\u79cd\u5e38\u89c1\u7684\u65b9\u6cd5\u662f\u63d0\u4f9b\u7279\u5b9a\u4e8e\u89d2\u8272\u7684\u57f9\u8bad\uff0c\u4f8b\u5982\u5411\u5f00\u53d1\u4eba\u5458\u3001\u64cd\u4f5c\u4eba\u5458\u548c\u975e\u6280\u672f\u4eba\u5458\u63d0\u4f9b\u57f9\u8bad\u3002\u57fa\u4e8e\u6b64\u5f3a\u5316\u6307\u5357\u7684\u5176\u4ed6\u4e91\u5b89\u5168\u6216 OpenStack \u5b89\u5168\u57f9\u8bad\u5c06\u662f\u7406\u60f3\u7684\u9009\u62e9\u3002 \u5b89\u5168\u5ba1\u67e5 \u00b6 \u7531\u4e8eOpenStack\u662f\u4e00\u4e2a\u6d41\u884c\u7684\u5f00\u6e90\u9879\u76ee\uff0c\u56e0\u6b64\u8bb8\u591a\u4ee3\u7801\u5e93\u548c\u67b6\u6784\u5df2\u7ecf\u8fc7\u4e2a\u4eba\u8d21\u732e\u8005\u3001\u7ec4\u7ec7\u548c\u4f01\u4e1a\u7684\u5ba1\u67e5\u3002\u4ece\u5b89\u5168\u89d2\u5ea6\u6765\u770b\uff0c\u8fd9\u53ef\u80fd\u662f\u6709\u5229\u7684\uff0c\u4f46\u662f\u5bf9\u4e8e\u670d\u52a1\u63d0\u4f9b\u5546\u6765\u8bf4\uff0c\u5b89\u5168\u5ba1\u67e5\u7684\u9700\u6c42\u4ecd\u7136\u662f\u4e00\u4e2a\u5173\u952e\u7684\u8003\u8651\u56e0\u7d20\uff0c\u56e0\u4e3a\u90e8\u7f72\u5404\u4e0d\u76f8\u540c\uff0c\u800c\u4e14\u5b89\u5168\u6027\u5e76\u4e0d\u603b\u662f\u8d21\u732e\u8005\u7684\u4e3b\u8981\u5173\u6ce8\u70b9\u3002\u5168\u9762\u7684\u5b89\u5168\u5ba1\u67e5\u8fc7\u7a0b\u53ef\u80fd\u5305\u62ec\u67b6\u6784\u5ba1\u67e5\u3001\u5a01\u80c1\u5efa\u6a21\u3001\u6e90\u4ee3\u7801\u5206\u6790\u548c\u6e17\u900f\u6d4b\u8bd5\u3002\u6709\u8bb8\u591a\u7528\u4e8e\u8fdb\u884c\u5b89\u5168\u5ba1\u67e5\u7684\u6280\u672f\u548c\u5efa\u8bae\uff0c\u53ef\u4ee5\u5728\u516c\u5f00\u53d1\u5e03\u4e2d\u627e\u5230\u3002\u4e00\u4e2a\u7ecf\u8fc7\u5145\u5206\u6d4b\u8bd5\u7684\u4f8b\u5b50\u662f Microsoft SDL\uff0c\u5b83\u662f\u4f5c\u4e3a Microsoft \u53ef\u4fe1\u8ba1\u7b97\u8ba1\u5212\u7684\u4e00\u90e8\u5206\u521b\u5efa\u7684\u3002 \u6f0f\u6d1e\u7ba1\u7406 \u00b6 \u5b89\u5168\u66f4\u65b0\u5bf9\u4e8e\u4efb\u4f55 IaaS \u90e8\u7f72\uff08\u65e0\u8bba\u662f\u79c1\u6709\u90e8\u7f72\u8fd8\u662f\u516c\u5171\u90e8\u7f72\uff09\u90fd\u81f3\u5173\u91cd\u8981\u3002\u6613\u53d7\u653b\u51fb\u7684\u7cfb\u7edf\u6269\u5927\u4e86\u653b\u51fb\u9762\uff0c\u662f\u653b\u51fb\u8005\u7684\u660e\u663e\u76ee\u6807\u3002\u5e38\u89c1\u7684\u626b\u63cf\u6280\u672f\u548c\u6f0f\u6d1e\u901a\u77e5\u670d\u52a1\u53ef\u4ee5\u5e2e\u52a9\u7f13\u89e3\u8fd9\u79cd\u5a01\u80c1\u3002\u91cd\u8981\u7684\u662f\uff0c\u626b\u63cf\u8981\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\uff0c\u5e76\u4e14\u7f13\u89e3\u7b56\u7565\u8981\u8d85\u8d8a\u7b80\u5355\u7684\u5916\u56f4\u5f3a\u5316\u3002OpenStack \u7b49\u591a\u79df\u6237\u67b6\u6784\u7279\u522b\u5bb9\u6613\u53d7\u5230\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u6f0f\u6d1e\u7684\u5f71\u54cd\uff0c\u56e0\u6b64\u8fd9\u662f\u6f0f\u6d1e\u7ba1\u7406\u7cfb\u7edf\u7684\u5173\u952e\u90e8\u5206\u3002 \u6570\u636e\u5206\u7c7b \u00b6 \u6570\u636e\u5206\u7c7b\u5b9a\u4e49\u4e86\u4e00\u79cd\u5bf9\u4fe1\u606f\u8fdb\u884c\u5206\u7c7b\u548c\u5904\u7406\u7684\u65b9\u6cd5\uff0c\u901a\u5e38\u7528\u4e8e\u4fdd\u62a4\u5ba2\u6237\u4fe1\u606f\u514d\u906d\u610f\u5916\u6216\u6545\u610f\u76d7\u7a83\u3001\u4e22\u5931\u6216\u4e0d\u5f53\u62ab\u9732\u3002\u6700\u5e38\u89c1\u7684\u60c5\u51b5\u662f\uff0c\u8fd9\u6d89\u53ca\u5c06\u4fe1\u606f\u5206\u7c7b\u4e3a\u654f\u611f\u6216\u975e\u654f\u611f\u4fe1\u606f\uff0c\u6216\u4e2a\u4eba\u8eab\u4efd\u4fe1\u606f \uff08PII\uff09\u3002\u6839\u636e\u90e8\u7f72\u7684\u4e0a\u4e0b\u6587\uff0c\u53ef\u4ee5\u4f7f\u7528\u5404\u79cd\u5176\u4ed6\u5206\u7c7b\u6807\u51c6\uff08\u653f\u5e9c\u3001\u533b\u7597\u4fdd\u5065\uff09\u3002\u57fa\u672c\u539f\u5219\u662f\u660e\u786e\u5b9a\u4e49\u548c\u4f7f\u7528\u6570\u636e\u5206\u7c7b\u3002\u6700\u5e38\u89c1\u7684\u4fdd\u62a4\u673a\u5236\u5305\u62ec\u884c\u4e1a\u6807\u51c6\u52a0\u5bc6\u6280\u672f\u3002 \u5f02\u5e38\u8fc7\u7a0b \u00b6 \u5f02\u5e38\u8fc7\u7a0b\u662f ISMS \u7684\u91cd\u8981\u7ec4\u6210\u90e8\u5206\u3002\u5f53\u67d0\u4e9b\u64cd\u4f5c\u4e0d\u7b26\u5408\u7ec4\u7ec7\u5b9a\u4e49\u7684\u5b89\u5168\u7b56\u7565\u65f6\uff0c\u5fc5\u987b\u8bb0\u5f55\u8fd9\u4e9b\u64cd\u4f5c\u3002\u9700\u8981\u5305\u62ec\u9002\u5f53\u7684\u7406\u7531\u3001\u63cf\u8ff0\u548c\u7f13\u89e3\u7ec6\u8282\uff0c\u5e76\u7531\u6709\u5173\u5f53\u5c40\u7b7e\u7f72\u3002OpenStack \u9ed8\u8ba4\u914d\u7f6e\u5728\u6ee1\u8db3\u5404\u79cd\u5408\u89c4\u6027\u6807\u51c6\u65b9\u9762\u53ef\u80fd\u4f1a\u6709\u6240\u4e0d\u540c\uff0c\u5e94\u8bb0\u5f55\u4e0d\u7b26\u5408\u5408\u89c4\u6027\u8981\u6c42\u7684\u533a\u57df\uff0c\u5e76\u8003\u8651\u6f5c\u5728\u7684\u4fee\u590d\u7a0b\u5e8f\u4ee5\u5bf9\u793e\u533a\u505a\u51fa\u8d21\u732e\u3002 \u8ba4\u8bc1\u548c\u5408\u89c4\u58f0\u660e \u00b6 \u5408\u89c4\u6027\u548c\u5b89\u5168\u6027\u4e0d\u662f\u6392\u4ed6\u6027\u7684\uff0c\u5fc5\u987b\u4e00\u8d77\u89e3\u51b3\u3002\u5982\u679c\u4e0d\u8fdb\u884c\u5b89\u5168\u5f3a\u5316\uff0cOpenStack \u90e8\u7f72\u4e0d\u592a\u53ef\u80fd\u6ee1\u8db3\u5408\u89c4\u6027\u8981\u6c42\u3002\u4e0b\u9762\u7684\u5217\u8868\u63d0\u4f9b\u4e86 OpenStack \u67b6\u6784\u5e08\u7684\u57fa\u7840\u77e5\u8bc6\u548c\u6307\u5bfc\uff0c\u4ee5\u5b9e\u73b0\u5bf9\u5546\u4e1a\u548c\u653f\u5e9c\u8ba4\u8bc1\u548c\u6807\u51c6\u7684\u5408\u89c4\u6027\u3002 \u5546\u4e1a\u6807\u51c6 \u00b6 \u5bf9\u4e8eOpenStack\u7684\u5546\u4e1a\u90e8\u7f72\uff0c\u6211\u4eec\u5efa\u8bae\u5c06SOC 1/2\u4e0eISO 2700 1/2\u76f8\u7ed3\u5408\uff0c\u4f5c\u4e3aOpenStack\u8ba4\u8bc1\u6d3b\u52a8\u7684\u8d77\u70b9\u3002\u8fd9\u4e9b\u8ba4\u8bc1\u89c4\u5b9a\u7684\u6240\u9700\u5b89\u5168\u6d3b\u52a8\u6709\u52a9\u4e8e\u4e3a\u5b89\u5168\u6700\u4f73\u5b9e\u8df5\u548c\u901a\u7528\u63a7\u5236\u6807\u51c6\u5960\u5b9a\u57fa\u7840\uff0c\u4ece\u800c\u6709\u52a9\u4e8e\u5b9e\u73b0\u66f4\u4e25\u683c\u7684\u5408\u89c4\u6027\u6d3b\u52a8\uff0c\u5305\u62ec\u653f\u5e9c\u8bc1\u660e\u548c\u8ba4\u8bc1\u3002 \u5b8c\u6210\u8fd9\u4e9b\u521d\u59cb\u8ba4\u8bc1\u540e\uff0c\u5176\u4f59\u8ba4\u8bc1\u5c06\u66f4\u52a0\u7279\u5b9a\u4e8e\u90e8\u7f72\u3002\u4f8b\u5982\uff0c\u5904\u7406\u4fe1\u7528\u5361\u4ea4\u6613\u7684\u4e91\u9700\u8981 PCI-DSS\uff0c\u5b58\u50a8\u533b\u7597\u4fdd\u5065\u4fe1\u606f\u7684\u4e91\u9700\u8981 HIPAA\uff0c\u8054\u90a6\u653f\u5e9c\u5185\u90e8\u7684\u4e91\u53ef\u80fd\u9700\u8981 FedRAMP/FISMA \u548c ITAR \u8ba4\u8bc1\u3002 SOC 1 \uff08SSAE 16\uff09 / ISAE 3402 \u00b6 \u670d\u52a1\u7ec4\u7ec7\u63a7\u5236 \uff08SOC\uff09 \u6807\u51c6\u7531\u7f8e\u56fd\u6ce8\u518c\u4f1a\u8ba1\u5e08\u534f\u4f1a \uff08AICPA\uff09 \u5b9a\u4e49\u3002SOC \u63a7\u5236\u8bc4\u4f30\u670d\u52a1\u63d0\u4f9b\u5546\u7684\u76f8\u5173\u8d22\u52a1\u62a5\u8868\u548c\u65ad\u8a00\uff0c\u4f8b\u5982\u662f\u5426\u9075\u5b88\u300a\u8428\u73ed\u65af-\u5965\u514b\u65af\u5229\u6cd5\u6848\u300b\u3002 SOC 1 \u53d6\u4ee3\u4e86\u5ba1\u8ba1\u51c6\u5219\u7b2c 70 \u53f7\u58f0\u660e \uff08SAS 70\uff09 II \u7c7b\u62a5\u544a\u3002\u8fd9\u4e9b\u63a7\u5236\u63aa\u65bd\u901a\u5e38\u5305\u62ec\u8303\u56f4\u5185\u7684\u7269\u7406\u6570\u636e\u4e2d\u5fc3\u3002 \u6709\u4e24\u79cd\u7c7b\u578b\u7684 SOC 1 \u62a5\u544a\uff1a \u7c7b\u578b 1 - \u62a5\u544a\u7ba1\u7406\u5c42\u5bf9\u670d\u52a1\u7ec4\u7ec7\u7cfb\u7edf\u7684\u63cf\u8ff0\u7684\u516c\u5141\u6027\uff0c\u4ee5\u53ca\u63a7\u5236\u8bbe\u8ba1\u662f\u5426\u9002\u5408\u5b9e\u73b0\u622a\u81f3\u6307\u5b9a\u65e5\u671f\u7684\u63cf\u8ff0\u4e2d\u5305\u542b\u7684\u76f8\u5173\u63a7\u5236\u76ee\u6807\u3002 \u7c7b\u578b 2 - \u62a5\u544a\u7ba1\u7406\u5c42\u5bf9\u670d\u52a1\u7ec4\u7ec7\u7cfb\u7edf\u7684\u63cf\u8ff0\u7684\u516c\u5141\u6027\uff0c\u4ee5\u53ca\u63a7\u5236\u63aa\u65bd\u7684\u8bbe\u8ba1\u548c\u8fd0\u8425\u6709\u6548\u6027\u662f\u5426\u9002\u5408\u5728\u7279\u5b9a\u65f6\u671f\u5185\u5b9e\u73b0\u63cf\u8ff0\u4e2d\u5305\u542b\u7684\u76f8\u5173\u63a7\u5236\u76ee\u6807 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605AICPA\u5173\u4e8e\u4e0e\u7528\u6237\u5b9e\u4f53\u8d22\u52a1\u62a5\u544a\u5185\u90e8\u63a7\u5236\u76f8\u5173\u7684\u670d\u52a1\u7ec4\u7ec7\u63a7\u5236\u7684\u62a5\u544a\u3002 SOC 2 \u51fd\u6570 \u00b6 \u670d\u52a1\u7ec4\u7ec7\u63a7\u5236 \uff08SOC\uff09 2 \u662f\u5bf9\u5f71\u54cd\u670d\u52a1\u7ec4\u7ec7\u7528\u4e8e\u5904\u7406\u7528\u6237\u6570\u636e\u7684\u7cfb\u7edf\u7684\u5b89\u5168\u6027\u3001\u53ef\u7528\u6027\u548c\u5904\u7406\u5b8c\u6574\u6027\u4ee5\u53ca\u8fd9\u4e9b\u7cfb\u7edf\u5904\u7406\u7684\u4fe1\u606f\u7684\u673a\u5bc6\u6027\u548c\u9690\u79c1\u6027\u7684\u63a7\u5236\u7684\u81ea\u6211\u8bc1\u660e\u3002\u7528\u6237\u793a\u4f8b\u5305\u62ec\u8d1f\u8d23\u670d\u52a1\u7ec4\u7ec7\u6cbb\u7406\u7684\u4eba\u5458\u3001\u670d\u52a1\u7ec4\u7ec7\u7684\u5ba2\u6237\u3001\u76d1\u7ba1\u673a\u6784\u3001\u4e1a\u52a1\u5408\u4f5c\u4f19\u4f34\u3001\u4f9b\u5e94\u5546\u4ee5\u53ca\u4e86\u89e3\u670d\u52a1\u7ec4\u7ec7\u53ca\u5176\u63a7\u5236\u63aa\u65bd\u7684\u5176\u4ed6\u4eba\u5458\u3002 \u6709\u4e24\u79cd\u7c7b\u578b\u7684 SOC 2 \u62a5\u544a\uff1a \u7c7b\u578b 1 - \u62a5\u544a\u7ba1\u7406\u5c42\u5bf9\u670d\u52a1\u7ec4\u7ec7\u7cfb\u7edf\u7684\u63cf\u8ff0\u7684\u516c\u5141\u6027\uff0c\u4ee5\u53ca\u63a7\u5236\u8bbe\u8ba1\u662f\u5426\u9002\u5408\u5b9e\u73b0\u622a\u81f3\u6307\u5b9a\u65e5\u671f\u7684\u63cf\u8ff0\u4e2d\u5305\u542b\u7684\u76f8\u5173\u63a7\u5236\u76ee\u6807\u3002 \u7c7b\u578b 2 - \u62a5\u544a\u7ba1\u7406\u5c42\u5bf9\u670d\u52a1\u7ec4\u7ec7\u7cfb\u7edf\u7684\u63cf\u8ff0\u7684\u516c\u5141\u6027\uff0c\u4ee5\u53ca\u63a7\u5236\u7684\u8bbe\u8ba1\u548c\u8fd0\u8425\u6709\u6548\u6027\u7684\u9002\u7528\u6027\uff0c\u4ee5\u5728\u7279\u5b9a\u65f6\u671f\u5185\u5b9e\u73b0\u63cf\u8ff0\u4e2d\u5305\u542b\u7684\u76f8\u5173\u63a7\u5236\u76ee\u6807\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 AICPA \u5173\u4e8e\u670d\u52a1\u7ec4\u7ec7\u4e2d\u4e0e\u5b89\u5168\u6027\u3001\u53ef\u7528\u6027\u3001\u5904\u7406\u5b8c\u6574\u6027\u3001\u673a\u5bc6\u6027\u6216\u9690\u79c1\u76f8\u5173\u7684\u63a7\u5236\u7684\u62a5\u544a\u3002 SOC 3 \u51fd\u6570 \u00b6 \u670d\u52a1\u7ec4\u7ec7\u63a7\u5236 \uff08SOC\uff09 3 \u662f\u670d\u52a1\u7ec4\u7ec7\u7684\u4fe1\u4efb\u670d\u52a1\u62a5\u544a\u3002\u8fd9\u4e9b\u62a5\u544a\u65e8\u5728\u6ee1\u8db3\u4ee5\u4e0b\u7528\u6237\u7684\u9700\u6c42\uff1a\u8fd9\u4e9b\u7528\u6237\u5e0c\u671b\u786e\u4fdd\u670d\u52a1\u7ec4\u7ec7\u4e2d\u4e0e\u5b89\u5168\u6027\u3001\u53ef\u7528\u6027\u3001\u5904\u7406\u5b8c\u6574\u6027\u3001\u673a\u5bc6\u6027\u6216\u9690\u79c1\u76f8\u5173\u7684\u63a7\u5236\u63aa\u65bd\uff0c\u4f46\u6ca1\u6709\u6709\u6548\u4f7f\u7528 SOC 2 \u62a5\u544a\u6240\u9700\u7684\u77e5\u8bc6\u3002\u8fd9\u4e9b\u62a5\u544a\u662f\u6839\u636e AICPA/\u52a0\u62ff\u5927\u7279\u8bb8\u4f1a\u8ba1\u5e08\u534f\u4f1a \uff08CICA\uff09 \u5173\u4e8e\u5b89\u5168\u6027\u3001\u53ef\u7528\u6027\u3001\u5904\u7406\u5b8c\u6574\u6027\u3001\u673a\u5bc6\u6027\u548c\u9690\u79c1\u7684\u4fe1\u6258\u670d\u52a1\u539f\u5219\u3001\u6807\u51c6\u548c\u63d2\u56fe\u7f16\u5199\u7684\u3002\u7531\u4e8e SOC 3 \u62a5\u544a\u662f\u901a\u7528\u62a5\u544a\uff0c\u56e0\u6b64\u53ef\u4ee5\u4f5c\u4e3a\u5370\u7ae0\u81ea\u7531\u5206\u53d1\u6216\u53d1\u5e03\u5728\u7f51\u7ad9\u4e0a\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u670d\u52a1\u7ec4\u7ec7\u7684 AICPA \u4fe1\u4efb\u670d\u52a1\u62a5\u544a\u3002 ISO 27001/2 \u8ba4\u8bc1 \u00b6 ISO/IEC 27001/2 \u6807\u51c6\u53d6\u4ee3\u4e86 BS7799-2\uff0c\u662f\u4fe1\u606f\u5b89\u5168\u7ba1\u7406\u4f53\u7cfb \uff08ISMS\uff09 \u7684\u89c4\u8303\u3002ISMS \u662f\u7ec4\u7ec7\u4e3a\u7ba1\u7406\u4fe1\u606f\u8d44\u4ea7\u98ce\u9669\u800c\u521b\u5efa\u548c\u7ef4\u62a4\u7684\u4e00\u6574\u5957\u7b56\u7565\u548c\u8fc7\u7a0b\u3002\u8fd9\u4e9b\u98ce\u9669\u57fa\u4e8e\u7528\u6237\u4fe1\u606f\u7684\u673a\u5bc6\u6027\u3001\u5b8c\u6574\u6027\u548c\u53ef\u7528\u6027 \uff08CIA\uff09\u3002\u4e2d\u592e\u60c5\u62a5\u5c40\u7684\u5b89\u5168\u4e09\u5408\u4f1a\u5df2\u88ab\u7528\u4f5c\u672c\u4e66\u5927\u90e8\u5206\u7ae0\u8282\u7684\u57fa\u7840\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 ISO 27001\u3002 HIPAA / HITECH \u00b6 \u5065\u5eb7\u4fdd\u9669\u6d41\u901a\u4e0e\u8d23\u4efb\u6cd5\u6848 \uff08HIPAA\uff09 \u662f\u7f8e\u56fd\u56fd\u4f1a\u7684\u4e00\u9879\u6cd5\u6848\uff0c\u7528\u4e8e\u7ba1\u7406\u60a3\u8005\u5065\u5eb7\u8bb0\u5f55\u7684\u6536\u96c6\u3001\u5b58\u50a8\u3001\u4f7f\u7528\u548c\u9500\u6bc1\u3002\u8be5\u6cd5\u6848\u89c4\u5b9a\uff0c\u53d7\u4fdd\u62a4\u7684\u5065\u5eb7\u4fe1\u606f\uff08PHI\uff09\u5fc5\u987b\u5bf9\u672a\u7ecf\u6388\u6743\u7684\u4eba\u5458\u201c\u4e0d\u53ef\u7528\u3001\u4e0d\u53ef\u8bfb\u6216\u65e0\u6cd5\u7834\u8bd1\u201d\uff0c\u5e76\u4e14\u5e94\u89e3\u51b3\u201c\u9759\u6001\u201d\u548c\u201c\u52a8\u6001\u201d\u6570\u636e\u7684\u52a0\u5bc6\u95ee\u9898\u3002 HIPAA \u4e0d\u662f\u8ba4\u8bc1\uff0c\u800c\u662f\u4fdd\u62a4\u533b\u7597\u4fdd\u5065\u6570\u636e\u7684\u6307\u5357\u3002\u4e0e PCI-DSS \u7c7b\u4f3c\uff0cPCI \u548c HIPPA \u6700\u91cd\u8981\u7684\u95ee\u9898\u662f\u4e0d\u4f1a\u53d1\u751f\u4fe1\u7528\u5361\u4fe1\u606f\u548c\u5065\u5eb7\u6570\u636e\u6cc4\u9732\u7684\u60c5\u51b5\u3002\u5728\u53d1\u751f\u8fdd\u89c4\u884c\u4e3a\u65f6\uff0c\u5c06\u4ed4\u7ec6\u5ba1\u67e5\u4e91\u63d0\u4f9b\u5546\u662f\u5426\u7b26\u5408 PCI \u548c HIPPA \u63a7\u5236\u63aa\u65bd\u3002\u5982\u679c\u8bc1\u660e\u5408\u89c4\uff0c\u63d0\u4f9b\u5546\u5c06\u7acb\u5373\u5b9e\u65bd\u8865\u6551\u63a7\u5236\u3001\u8fdd\u89c4\u901a\u77e5\u8d23\u4efb\u4ee5\u53ca\u7528\u4e8e\u989d\u5916\u5408\u89c4\u6d3b\u52a8\u7684\u5927\u91cf\u652f\u51fa\u3002\u5982\u679c\u4e0d\u5408\u89c4\uff0c\u4e91\u63d0\u4f9b\u5546\u53ef\u80fd\u4f1a\u9762\u4e34\u73b0\u573a\u5ba1\u8ba1\u56e2\u961f\u3001\u7f5a\u6b3e\u3001\u6f5c\u5728\u7684\u5546\u5bb6 ID \uff08PCI\uff09 \u4e22\u5931\u4ee5\u53ca\u5de8\u5927\u7684\u58f0\u8a89\u5f71\u54cd\u3002 \u62e5\u6709 PHI \u7684\u7528\u6237\u6216\u7ec4\u7ec7\u5fc5\u987b\u652f\u6301 HIPAA \u8981\u6c42\uff0c\u5e76\u4e14\u662f HIPAA \u6db5\u76d6\u7684\u5b9e\u4f53\u3002\u5982\u679c\u5b9e\u4f53\u6253\u7b97\u4f7f\u7528\u67d0\u9879\u670d\u52a1\uff0c\u6216\u8005\u5728\u672c\u4f8b\u4e2d\uff0c\u4f7f\u7528\u53ef\u80fd\u4f7f\u7528\u3001\u5b58\u50a8\u6216\u8bbf\u95ee\u8be5 PHI \u7684 OpenStack \u4e91\uff0c\u5219\u5fc5\u987b\u7b7e\u7f72\u4e1a\u52a1\u4f19\u4f34\u534f\u8bae \uff08BAA\uff09\u3002BAA \u662f HIPAA \u6db5\u76d6\u7684\u5b9e\u4f53\u4e0e OpenStack \u670d\u52a1\u63d0\u4f9b\u5546\u4e4b\u95f4\u7684\u5408\u540c\uff0c\u8981\u6c42\u63d0\u4f9b\u5546\u6839\u636e HIPAA \u8981\u6c42\u5904\u7406\u8be5 PHI\u3002\u5982\u679c\u670d\u52a1\u63d0\u4f9b\u5546\u4e0d\u5904\u7406 PHI\uff0c\u4f8b\u5982\u5b89\u5168\u63a7\u5236\u548c\u5f3a\u5316\uff0c\u90a3\u4e48\u4ed6\u4eec\u5c06\u53d7\u5230 HIPAA \u7684\u7f5a\u6b3e\u548c\u5904\u7f5a\u3002 OpenStack \u67b6\u6784\u5e08\u89e3\u91ca\u548c\u54cd\u5e94 HIPAA \u58f0\u660e\uff0c\u6570\u636e\u52a0\u5bc6\u4ecd\u7136\u662f\u6838\u5fc3\u5b9e\u8df5\u3002\u76ee\u524d\uff0c\u8fd9\u5c06\u8981\u6c42\u4f7f\u7528\u884c\u4e1a\u6807\u51c6\u52a0\u5bc6\u7b97\u6cd5\u5bf9 OpenStack \u90e8\u7f72\u4e2d\u5305\u542b\u7684\u4efb\u4f55\u53d7\u4fdd\u62a4\u7684\u5065\u5eb7\u4fe1\u606f\u8fdb\u884c\u52a0\u5bc6\u3002\u672a\u6765\u6f5c\u5728\u7684OpenStack\u9879\u76ee\uff0c\u5982\u5bf9\u8c61\u52a0\u5bc6\uff0c\u5c06\u4fc3\u8fdbHIPAA\u51c6\u5219\u7684\u9075\u5b88\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u300a\u5065\u5eb7\u4fdd\u9669\u6d41\u901a\u4e0e\u8d23\u4efb\u6cd5\u6848\u300b\u3002 PCI-DSS \u00b6 \u652f\u4ed8\u5361\u884c\u4e1a\u6570\u636e\u5b89\u5168\u6807\u51c6 \uff08PCI DSS\uff09 \u7531\u652f\u4ed8\u5361\u884c\u4e1a\u6807\u51c6\u59d4\u5458\u4f1a\u5b9a\u4e49\uff0c\u65e8\u5728\u52a0\u5f3a\u5bf9\u6301\u5361\u4eba\u6570\u636e\u7684\u63a7\u5236\uff0c\u4ee5\u51cf\u5c11\u4fe1\u7528\u5361\u6b3a\u8bc8\u3002\u5e74\u5ea6\u5408\u89c4\u6027\u9a8c\u8bc1\u7531\u5916\u90e8\u5408\u683c\u5b89\u5168\u8bc4\u4f30\u673a\u6784 \uff08QSA\uff09 \u8fdb\u884c\u8bc4\u4f30\uff0c\u8be5\u8bc4\u4f30\u673a\u6784\u4f1a\u6839\u636e\u6301\u5361\u4eba\u7684\u4ea4\u6613\u91cf\u521b\u5efa\u5408\u89c4\u62a5\u544a \uff08ROC\uff09\uff0c\u6216\u901a\u8fc7\u81ea\u6211\u8bc4\u4f30\u95ee\u5377 \uff08SAQ\uff09 \u8fdb\u884c\u8bc4\u4f30\u3002 \u5b58\u50a8\u3001\u5904\u7406\u6216\u4f20\u8f93\u652f\u4ed8\u5361\u8be6\u7ec6\u4fe1\u606f\u7684 OpenStack \u90e8\u7f72\u5728 PCI-DSS \u7684\u8303\u56f4\u5185\u3002\u6240\u6709\u672a\u4ece\u5904\u7406\u652f\u4ed8\u6570\u636e\u7684\u7cfb\u7edf\u6216\u7f51\u7edc\u4e2d\u6b63\u786e\u5206\u5272\u7684 OpenStack \u7ec4\u4ef6\u90fd\u5c5e\u4e8e PCI-DSS \u7684\u51c6\u5219\u3002PCI-DSS \u4e0a\u4e0b\u6587\u4e2d\u7684\u5206\u6bb5\u4e0d\u652f\u6301\u591a\u79df\u6237\uff0c\u800c\u662f\u7269\u7406\u5206\u79bb\uff08\u4e3b\u673a/\u7f51\u7edc\uff09\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 PCI \u5b89\u5168\u6807\u51c6\u3002 \u653f\u5e9c\u6807\u51c6 \u00b6 FedRAMP \u00b6 \u201c\u8054\u90a6\u98ce\u9669\u548c\u6388\u6743\u7ba1\u7406\u8ba1\u5212 \uff08FedRAMP\uff09 \u662f\u4e00\u9879\u653f\u5e9c\u8303\u56f4\u7684\u8ba1\u5212\uff0c\u5b83\u4e3a\u4e91\u4ea7\u54c1\u548c\u670d\u52a1\u7684\u5b89\u5168\u8bc4\u4f30\u3001\u6388\u6743\u548c\u6301\u7eed\u76d1\u63a7\u63d0\u4f9b\u4e86\u4e00\u79cd\u6807\u51c6\u5316\u65b9\u6cd5\u201d\u3002NIST 800-53 \u662f FISMA \u548c FedRAMP \u7684\u57fa\u7840\uff0c\u540e\u8005\u8981\u6c42\u4e13\u95e8\u9009\u62e9\u5b89\u5168\u63a7\u5236\u4ee5\u5728\u4e91\u73af\u5883\u4e2d\u63d0\u4f9b\u4fdd\u62a4\u3002\u7531\u4e8e\u5b89\u5168\u63a7\u5236\u7684\u7279\u6b8a\u6027\u4ee5\u53ca\u6ee1\u8db3\u653f\u5e9c\u6807\u51c6\u6240\u9700\u7684\u6587\u6863\u91cf\uff0cFedRAMP \u53ef\u80fd\u975e\u5e38\u5bc6\u96c6\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 FedRAMP\u3002 ITAR \u00b6 \u300a\u56fd\u9645\u6b66\u5668\u8d38\u6613\u6761\u4f8b\u300b\uff08ITAR\uff09 \u662f\u4e00\u5957\u7f8e\u56fd\u653f\u5e9c\u6cd5\u89c4\uff0c\u7528\u4e8e\u63a7\u5236\u7f8e\u56fd\u519b\u9700\u54c1\u6e05\u5355 \uff08USML\uff09 \u548c\u76f8\u5173\u6280\u672f\u6570\u636e\u4e2d\u4e0e\u56fd\u9632\u76f8\u5173\u7684\u7269\u54c1\u548c\u670d\u52a1\u7684\u8fdb\u51fa\u53e3\u3002ITAR\u901a\u5e38\u88ab\u4e91\u63d0\u4f9b\u5546\u89c6\u4e3a\u201c\u64cd\u4f5c\u4e00\u81f4\u6027\u201d\uff0c\u800c\u4e0d\u662f\u6b63\u5f0f\u8ba4\u8bc1\u3002\u8fd9\u901a\u5e38\u6d89\u53ca\u6309\u7167 FISMA \u8981\u6c42\uff0c\u9075\u5faa\u57fa\u4e8e NIST 800-53 \u6846\u67b6\u7684\u505a\u6cd5\u5b9e\u65bd\u9694\u79bb\u7684\u4e91\u73af\u5883\uff0c\u5e76\u8f85\u4ee5\u9650\u5236\u4ec5\u8bbf\u95ee\u201c\u7f8e\u56fd\u4eba\u201d\u548c\u80cc\u666f\u7b5b\u9009\u7684\u989d\u5916\u63a7\u5236\u63aa\u65bd\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u300a\u56fd\u9645\u6b66\u5668\u8d38\u6613\u6761\u4f8b\u300b\uff08ITAR\uff09\u3002 FISMA \u00b6 \u300a\u8054\u90a6\u4fe1\u606f\u5b89\u5168\u7ba1\u7406\u6cd5\u300b\u8981\u6c42\u653f\u5e9c\u673a\u6784\u5236\u5b9a\u4e00\u9879\u5168\u9762\u7684\u8ba1\u5212\uff0c\u4ee5\u5b9e\u65bd\u4f17\u591a\u653f\u5e9c\u5b89\u5168\u6807\u51c6\uff0c\u5e76\u5728 2002 \u5e74\u7684\u300a\u7535\u5b50\u653f\u52a1\u6cd5\u300b\u4e2d\u9881\u5e03\u3002FISMA\u6982\u8ff0\u4e86\u4e00\u4e2a\u8fc7\u7a0b\uff0c\u8be5\u8fc7\u7a0b\u5229\u7528\u591a\u4e2aNIST\u51fa\u7248\u7269\uff0c\u51c6\u5907\u4e86\u4e00\u4e2a\u4fe1\u606f\u7cfb\u7edf\u6765\u5b58\u50a8\u548c\u5904\u7406\u653f\u5e9c\u6570\u636e\u3002 \u6b64\u8fc7\u7a0b\u5206\u4e3a\u4e09\u4e2a\u4e3b\u8981\u7c7b\u522b\uff1a \u7cfb\u7edf\u5206\u7c7b\uff1a \u4fe1\u606f\u7cfb\u7edf\u5c06\u6536\u5230\u8054\u90a6\u4fe1\u606f\u5904\u7406\u6807\u51c6\u51fa\u7248\u7269 199 \uff08FIPS 199\uff09 \u4e2d\u5b9a\u4e49\u7684\u5b89\u5168\u7c7b\u522b\u3002\u8fd9\u4e9b\u7c7b\u522b\u53cd\u6620\u4e86\u7cfb\u7edf\u5165\u4fb5\u7684\u6f5c\u5728\u5f71\u54cd\u3002 \u63a7\u4ef6\u9009\u62e9\uff1a \u6839\u636e FIPS 199 \u4e2d\u5b9a\u4e49\u7684\u7cfb\u7edf\u5b89\u5168\u7c7b\u522b\uff0c\u7ec4\u7ec7\u5229\u7528 FIPS 200 \u6765\u786e\u5b9a\u4fe1\u606f\u7cfb\u7edf\u7684\u7279\u5b9a\u5b89\u5168\u63a7\u5236\u8981\u6c42\u3002\u4f8b\u5982\uff0c\u5982\u679c\u7cfb\u7edf\u88ab\u5f52\u7c7b\u4e3a\u201c\u4e2d\u7b49\u201d\uff0c\u5219\u53ef\u80fd\u4f1a\u5f15\u5165\u5f3a\u5236\u8981\u6c42\u201c\u5b89\u5168\u5bc6\u7801\u201d\u7684\u8981\u6c42\u3002 \u63a7\u5236\u5b9a\u5236\uff1a \u4e00\u65e6\u786e\u5b9a\u4e86\u7cfb\u7edf\u5b89\u5168\u63a7\u5236\u63aa\u65bd\uff0cOpenStack \u67b6\u6784\u5e08\u5c06\u5229\u7528 NIST 800-53 \u6765\u63d0\u53d6\u91cf\u8eab\u5b9a\u5236\u7684\u63a7\u5236\u63aa\u65bd\u9009\u62e9\u3002\u4f8b\u5982\uff0c\u89c4\u8303\u4ec0\u4e48\u662f\u201c\u5b89\u5168\u5bc6\u7801\u201d\u3002 \u9690\u79c1 \u00b6 \u9690\u79c1\u662f\u5408\u89c4\u8ba1\u5212\u4e2d\u8d8a\u6765\u8d8a\u91cd\u8981\u7684\u5143\u7d20\u3002\u5ba2\u6237\u5bf9\u4f01\u4e1a\u7684\u8981\u6c42\u8d8a\u6765\u8d8a\u9ad8\uff0c\u4ed6\u4eec\u8d8a\u6765\u8d8a\u6709\u5174\u8da3\u4ece\u9690\u79c1\u7684\u89d2\u5ea6\u4e86\u89e3\u4ed6\u4eec\u7684\u6570\u636e\u662f\u5982\u4f55\u88ab\u5904\u7406\u7684\u3002 OpenStack\u90e8\u7f72\u53ef\u80fd\u9700\u8981\u8bc1\u660e\u7b26\u5408\u7ec4\u7ec7\u7684\u9690\u79c1\u653f\u7b56\uff0c\u4ee5\u53ca\u7f8e\u56fd-\u6b27\u76df\u3002\u5b89\u5168\u6e2f\u6846\u67b6\u3001ISO/IEC 29100\uff1a2011 \u9690\u79c1\u6846\u67b6\u6216\u5176\u4ed6\u7279\u5b9a\u4e8e\u9690\u79c1\u7684\u51c6\u5219\u3002\u5728\u7f8e\u56fd\uff0c\u7f8e\u56fd\u6ce8\u518c\u4f1a\u8ba1\u5e08\u534f\u4f1a\uff08AICPA\uff09\u5df2\u7ecf\u5b9a\u4e49\u4e8610\u4e2a\u9690\u79c1\u91cd\u70b9\u9886\u57df\uff0c\u5728\u5546\u4e1a\u73af\u5883\u4e2d\u90e8\u7f72OpenStack\u53ef\u80fd\u5e0c\u671b\u8bc1\u660e\u5176\u4e2d\u7684\u90e8\u5206\u6216\u5168\u90e8\u539f\u5219\u3002 \u4e3a\u4e86\u5e2e\u52a9 OpenStack \u67b6\u6784\u5e08\u4fdd\u62a4\u4e2a\u4eba\u6570\u636e\uff0c\u6211\u4eec\u5efa\u8bae OpenStack \u67b6\u6784\u5e08\u67e5\u770b NIST \u51fa\u7248\u7269 800-122\uff0c\u6807\u9898\u4e3a\u201c\u4fdd\u62a4\u4e2a\u4eba\u8eab\u4efd\u4fe1\u606f \uff08PII\uff09 \u673a\u5bc6\u6027\u6307\u5357\u201d\u3002\u672c\u6307\u5357\u9010\u6b65\u5b8c\u6210\u4fdd\u62a4\u8fc7\u7a0b\uff1a \"...\u7531\u673a\u6784\u7ef4\u62a4\u7684\u6709\u5173\u4e2a\u4eba\u7684\u4efb\u4f55\u4fe1\u606f\uff0c\u5305\u62ec \uff081\uff09 \u53ef\u7528\u4e8e\u533a\u5206\u6216\u8ffd\u8e2a\u4e2a\u4eba\u8eab\u4efd\u7684\u4efb\u4f55\u4fe1\u606f\uff0c\u4f8b\u5982\u59d3\u540d\u3001\u793e\u4f1a\u5b89\u5168\u53f7\u7801\u3001\u51fa\u751f\u65e5\u671f\u548c\u5730\u70b9\u3001\u6bcd\u4eb2\u7684\u5a5a\u524d\u59d3\u6c0f\u6216\u751f\u7269\u8bc6\u522b\u8bb0\u5f55;\uff082\uff09\u4e0e\u4e2a\u4eba\u6709\u8054\u7cfb\u6216\u53ef\u8054\u7cfb\u7684\u4efb\u4f55\u5176\u4ed6\u4fe1\u606f\uff0c\u5982\u533b\u7597\u3001\u6559\u80b2\u3001\u8d22\u52a1\u548c\u5c31\u4e1a\u4fe1\u606f......\u201d \u5168\u9762\u7684\u9690\u79c1\u7ba1\u7406\u9700\u8981\u5927\u91cf\u7684\u51c6\u5907\u3001\u601d\u8003\u548c\u6295\u8d44\u3002\u5728\u6784\u5efa\u5168\u7403OpenStack\u4e91\u65f6\uff0c\u8fd8\u5f15\u5165\u4e86\u989d\u5916\u7684\u590d\u6742\u6027\uff0c\u4f8b\u5982\uff0c\u5728\u7f8e\u56fd\u548c\u66f4\u4e25\u683c\u7684\u6b27\u76df\u9690\u79c1\u6cd5\u4e4b\u95f4\u7684\u5dee\u5f02\u4e2d\u5bfc\u822a\u3002\u6b64\u5916\uff0c\u5728\u5904\u7406\u654f\u611f\u7684 PII \u65f6\u9700\u8981\u683c\u5916\u5c0f\u5fc3\uff0c\u5176\u4e2d\u53ef\u80fd\u5305\u62ec\u4fe1\u7528\u5361\u53f7\u6216\u533b\u7597\u8bb0\u5f55\u7b49\u4fe1\u606f\u3002\u8fd9\u4e9b\u654f\u611f\u6570\u636e\u4e0d\u4ec5\u53d7\u9690\u79c1\u6cd5\u7684\u7ea6\u675f\uff0c\u8fd8\u53d7\u76d1\u7ba1\u548c\u653f\u5e9c\u6cd5\u89c4\u7684\u7ea6\u675f\u3002\u901a\u8fc7\u9075\u5faa\u65e2\u5b9a\u7684\u6700\u4f73\u5b9e\u8df5\uff0c\u5305\u62ec\u653f\u5e9c\u53d1\u5e03\u7684\u6700\u4f73\u5b9e\u8df5\uff0c\u53ef\u4ee5\u4e3aOpenStack\u90e8\u7f72\u521b\u5efa\u548c\u5b9e\u8df5\u4e00\u4e2a\u5168\u9762\u7684\u9690\u79c1\u7ba1\u7406\u653f\u7b56\u3002 \u5b89\u5168\u5ba1\u67e5 \u00b6 OpenStack\u793e\u533a\u5b89\u5168\u5ba1\u67e5\u7684\u76ee\u6807\u662f\u8bc6\u522bOpenStack\u9879\u76ee\u8bbe\u8ba1\u6216\u5b9e\u73b0\u4e2d\u7684\u5f31\u70b9\u3002\u867d\u7136\u8fd9\u4e9b\u5f31\u70b9\u5f88\u5c11\u89c1\uff0c\u4f46\u53ef\u80fd\u4f1a\u5bf9OpenStack\u90e8\u7f72\u7684\u5b89\u5168\u6027\u4ea7\u751f\u707e\u96be\u6027\u7684\u5f71\u54cd\uff0c\u56e0\u6b64\u5e94\u8be5\u52aa\u529b\u5c06\u8fd9\u4e9b\u7f3a\u9677\u5728\u5df2\u53d1\u5e03\u9879\u76ee\u4e2d\u7684\u53ef\u80fd\u6027\u964d\u5230\u6700\u4f4e\u3002\u5728\u5b89\u5168\u5ba1\u67e5\u8fc7\u7a0b\u4e2d\uff0c\u5e94\u4e86\u89e3\u5e76\u8bb0\u5f55\u4ee5\u4e0b\u5185\u5bb9\uff1a \u7cfb\u7edf\u7684\u6240\u6709\u5165\u53e3\u70b9 \u98ce\u9669\u8d44\u4ea7 \u6570\u636e\u6301\u4e45\u5316\u7684\u4f4d\u7f6e \u6570\u636e\u5982\u4f55\u5728\u7cfb\u7edf\u7ec4\u4ef6\u4e4b\u95f4\u4f20\u8f93 \u6570\u636e\u683c\u5f0f\u548c\u8f6c\u6362 \u9879\u76ee\u7684\u5916\u90e8\u4f9d\u8d56\u9879 \u4e00\u7ec4\u5546\u5b9a\u7684\u8c03\u67e5\u7ed3\u679c\u548c/\u6216\u7f3a\u9677 \u9879\u76ee\u5982\u4f55\u4e0e\u5916\u90e8\u4f9d\u8d56\u9879\u4ea4\u4e92 \u5bf9 OpenStack \u53ef\u4ea4\u4ed8\u5b58\u50a8\u5e93\u6267\u884c\u5b89\u5168\u5ba1\u67e5\u7684\u4e00\u4e2a\u5e38\u89c1\u539f\u56e0\u662f\u534f\u52a9\u6f0f\u6d1e\u7ba1\u7406\u56e2\u961f \uff08VMT\uff09 \u76d1\u7763\u3002OpenStack VMT \u5217\u51fa\u4e86\u53d7\u76d1\u7763\u7684\u5b58\u50a8\u5e93\uff0c\u5176\u4e2d\u6f0f\u6d1e\u7684\u62a5\u544a\u63a5\u6536\u548c\u62ab\u9732\u7531 VMT \u7ba1\u7406\u3002\u867d\u7136\u4e0d\u662f\u4e25\u683c\u7684\u8981\u6c42\uff0c\u4f46\u67d0\u79cd\u5f62\u5f0f\u7684\u5b89\u5168\u5ba1\u67e5\u3001\u5ba1\u8ba1\u6216\u5a01\u80c1\u5206\u6790\u53ef\u4ee5\u5e2e\u52a9\u6bcf\u4e2a\u4eba\u66f4\u8f7b\u677e\u5730\u67e5\u660e\u7cfb\u7edf\u66f4\u5bb9\u6613\u51fa\u73b0\u6f0f\u6d1e\u7684\u533a\u57df\uff0c\u5e76\u5728\u5b83\u4eec\u6210\u4e3a\u7528\u6237\u95ee\u9898\u4e4b\u524d\u89e3\u51b3\u5b83\u4eec\u3002 OpenStack VMT \u5efa\u8bae\uff0c\u5bf9\u9879\u76ee\u63a8\u8350\u7684\u90e8\u7f72\u8fdb\u884c\u67b6\u6784\u5ba1\u67e5\u662f\u4e00\u79cd\u9002\u5f53\u7684\u5b89\u5168\u5ba1\u67e5\u5f62\u5f0f\uff0c\u5728\u5ba1\u67e5\u9700\u6c42\u4e0e OpenStack \u89c4\u6a21\u7684\u9879\u76ee\u8d44\u6e90\u9700\u6c42\u4e4b\u95f4\u53d6\u5f97\u5e73\u8861\u3002\u5b89\u5168\u67b6\u6784\u5ba1\u67e5\u901a\u5e38\u4e5f\u79f0\u4e3a\u5a01\u80c1\u5206\u6790\u3001\u5b89\u5168\u5206\u6790\u6216\u5a01\u80c1\u5efa\u6a21\u3002\u5728OpenStack\u5b89\u5168\u5ba1\u67e5\u7684\u80cc\u666f\u4e0b\uff0c\u8fd9\u4e9b\u672f\u8bed\u662f\u67b6\u6784\u5b89\u5168\u5ba1\u67e5\u7684\u540c\u4e49\u8bcd\uff0c\u5b83\u53ef\u4ee5\u8bc6\u522b\u9879\u76ee\u6216\u53c2\u8003\u67b6\u6784\u8bbe\u8ba1\u4e2d\u7684\u7f3a\u9677\uff0c\u5e76\u53ef\u80fd\u5bfc\u81f4\u8fdb\u4e00\u6b65\u7684\u8c03\u67e5\u5de5\u4f5c\u6765\u9a8c\u8bc1\u90e8\u5206\u5b9e\u73b0\u3002 \u5bf9\u4e8e\u65b0\u9879\u76ee\u4ee5\u53ca\u7b2c\u4e09\u65b9\u672a\u8fdb\u884c\u5b89\u5168\u5ba1\u67e5\u6216\u65e0\u6cd5\u5171\u4eab\u5176\u7ed3\u679c\u7684\u60c5\u51b5\uff0c\u9884\u8ba1\u5b89\u5168\u5ba1\u67e5\u5c06\u662f\u6b63\u5e38\u9014\u5f84\u3002\u9700\u8981\u5b89\u5168\u5ba1\u67e5\u7684\u9879\u76ee\u7684\u4fe1\u606f\u5c06\u5728\u5373\u5c06\u5230\u6765\u7684\u5b89\u5168\u5ba1\u67e5\u8fc7\u7a0b\u4e2d\u63d0\u4f9b\u3002 \u5982\u679c\u7b2c\u4e09\u65b9\u5df2\u7ecf\u6267\u884c\u4e86\u5b89\u5168\u5ba1\u67e5\uff0c\u6216\u8005\u9879\u76ee\u66f4\u559c\u6b22\u4f7f\u7528\u7b2c\u4e09\u65b9\u6765\u6267\u884c\u5ba1\u67e5\uff0c\u5219\u5728\u5373\u5c06\u5230\u6765\u7684\u7b2c\u4e09\u65b9\u5b89\u5168\u5ba1\u67e5\u8fc7\u7a0b\u4e2d\u5c06\u63d0\u4f9b\u6709\u5173\u5982\u4f55\u83b7\u53d6\u8be5\u7b2c\u4e09\u65b9\u5ba1\u67e5\u7684\u8f93\u51fa\u5e76\u5c06\u5176\u63d0\u4ea4\u9a8c\u8bc1\u7684\u4fe1\u606f\u3002 \u65e0\u8bba\u54ea\u79cd\u60c5\u51b5\uff0c\u5bf9\u6587\u6863\u5de5\u4ef6\u7684\u8981\u6c42\u90fd\u662f\u76f8\u4f3c\u7684 - \u9879\u76ee\u5fc5\u987b\u63d0\u4f9b\u6700\u4f73\u5b9e\u8df5\u90e8\u7f72\u7684\u67b6\u6784\u56fe\u3002\u867d\u7136\u5f3a\u70c8\u5efa\u8bae\u4f5c\u4e3a\u6240\u6709\u56e2\u961f\u5f00\u53d1\u5468\u671f\u7684\u4e00\u90e8\u5206\uff0c\u4f46\u6f0f\u6d1e\u626b\u63cf\u548c\u9759\u6001\u5206\u6790\u626b\u63cf\u4e0d\u8db3\u4ee5\u4f5c\u4e3a\u7b2c\u4e09\u65b9\u5ba1\u67e5\u7684\u8bc1\u636e\u3002 \u67b6\u6784\u9875\u9762\u6307\u5357 \u6807\u9898\u3001\u7248\u672c\u4fe1\u606f\u3001\u8054\u7cfb\u65b9\u5f0f \u9879\u76ee\u63cf\u8ff0\u548c\u76ee\u7684 \u4e3b\u8981\u7528\u6237\u548c\u7528\u4f8b \u5916\u90e8\u4f9d\u8d56\u5173\u7cfb\u548c\u5173\u8054\u7684\u5b89\u5168\u5047\u8bbe \u7ec4\u4ef6 \u670d\u52a1\u67b6\u6784\u56fe \u6570\u636e\u8d44\u4ea7 \u6570\u636e\u8d44\u4ea7\u5f71\u54cd\u5206\u6790 \u63a5\u53e3 \u8d44\u6e90 \u67b6\u6784\u9875\u9762\u6307\u5357 \u00b6 \u67b6\u6784\u9875\u9762\u7684\u76ee\u7684\u662f\u8bb0\u5f55\u670d\u52a1\u6216\u9879\u76ee\u7684\u4f53\u7cfb\u7ed3\u6784\u3001\u7528\u9014\u548c\u5b89\u5168\u63a7\u5236\u3002\u5b83\u5e94\u8be5\u8bb0\u5f55\u8be5\u9879\u76ee\u7684\u6700\u4f73\u5b9e\u8df5\u90e8\u7f72\u3002 \u67b6\u6784\u9875\u9762\u6709\u4e00\u4e9b\u5173\u952e\u90e8\u5206\uff0c\u4e0b\u9762\u5c06\u66f4\u8be6\u7ec6\u5730\u89e3\u91ca\u8fd9\u4e9b\u90e8\u5206\uff1a \u6807\u9898\u3001\u7248\u672c\u4fe1\u606f\u3001\u8054\u7cfb\u65b9\u5f0f \u9879\u76ee\u63cf\u8ff0\u548c\u76ee\u7684 \u4e3b\u8981\u7528\u6237\u548c\u7528\u4f8b \u5916\u90e8\u4f9d\u8d56\u5173\u7cfb\u548c\u5173\u8054\u7684\u5b89\u5168\u5047\u8bbe \u7ec4\u4ef6 \u67b6\u6784\u56fe \u6570\u636e\u8d44\u4ea7 \u6570\u636e\u8d44\u4ea7\u5f71\u54cd\u5206\u6790 \u63a5\u53e3 \u6807\u9898\u3001\u7248\u672c\u4fe1\u606f\u3001\u8054\u7cfb\u65b9\u5f0f \u00b6 \u672c\u90e8\u5206\u4e3a\u67b6\u6784\u9875\u9762\u6dfb\u52a0\u6807\u9898\uff0c\u63d0\u4f9b\u8bc4\u5ba1\u72b6\u6001\uff08\u8349\u7a3f\u3001\u51c6\u5907\u8bc4\u5ba1\u3001\u5df2\u5ba1\u6838\uff09\uff0c\u5e76\u6355\u83b7\u9879\u76ee\u7684\u53d1\u5e03\u548c\u7248\u672c\uff08\u5982\u679c\u76f8\u5173\uff09\u3002\u5b83\u8fd8\u8bb0\u5f55\u4e86\u9879\u76ee\u7684 PTL\u3001\u8d1f\u8d23\u751f\u6210\u67b6\u6784\u9875\u9762\u3001\u56fe\u8868\u548c\u5b8c\u6210\u8bc4\u5ba1\u7684\u9879\u76ee\u67b6\u6784\u5e08\uff08\u8fd9\u53ef\u80fd\u662f\u4e5f\u53ef\u80fd\u4e0d\u662f PTL\uff09\u548c\u5b89\u5168\u8bc4\u5ba1\u5458\u3002 \u9879\u76ee\u63cf\u8ff0\u548c\u76ee\u7684 \u00b6 \u672c\u8282\u5c06\u5305\u542b\u9879\u76ee\u7684\u7b80\u8981\u8bf4\u660e\uff0c\u4ee5\u5411\u7b2c\u4e09\u65b9\u4ecb\u7ecd\u8be5\u670d\u52a1\u3002\u8fd9\u5e94\u8be5\u662f\u4e00\u4e24\u4e2a\u6bb5\u843d\uff0c\u53ef\u4ee5\u4ece wiki \u6216\u5176\u4ed6\u6587\u6863\u4e2d\u526a\u5207/\u7c98\u8d34\u3002\u5305\u62ec\u76f8\u5173\u6f14\u793a\u6587\u7a3f\u548c\u66f4\u591a\u6587\u6863\u7684\u94fe\u63a5\uff08\u5982\u679c\u6709\uff09\u3002 \u4f8b\u5982\uff1a \u201cAnchor \u662f\u4e00\u79cd\u516c\u94a5\u57fa\u7840\u8bbe\u65bd \uff08PKI\uff09 \u670d\u52a1\uff0c\u5b83\u4f7f\u7528\u81ea\u52a8\u8bc1\u4e66\u8bf7\u6c42\u9a8c\u8bc1\u6765\u81ea\u52a8\u505a\u51fa\u9881\u53d1\u51b3\u7b56\u3002\u8bc1\u4e66\u7684\u9881\u53d1\u65f6\u95f4\u5f88\u77ed\uff08\u901a\u5e38\u4e3a 12-48 \u5c0f\u65f6\uff09\uff0c\u4ee5\u907f\u514d\u4e0e CRL \u548c OCSP \u76f8\u5173\u7684\u6709\u7f3a\u9677\u7684\u540a\u9500\u95ee\u9898\u3002 \u4e3b\u8981\u7528\u6237\u548c\u7528\u4f8b \u00b6 \u5df2\u5b9e\u73b0\u67b6\u6784\u7684\u9884\u671f\u4e3b\u8981\u7528\u6237\u53ca\u5176\u7528\u4f8b\u7684\u5217\u8868\u3002\u201c\u7528\u6237\u201d\u53ef\u4ee5\u662f OpenStack \u4e2d\u7684\u53c2\u4e0e\u8005\u6216\u5176\u4ed6\u670d\u52a1\u3002 \u4f8b\u5982\uff1a \u6700\u7ec8\u7528\u6237\u5c06\u4f7f\u7528\u7cfb\u7edf\u6765\u5b58\u50a8\u654f\u611f\u6570\u636e\uff0c\u4f8b\u5982\u5bc6\u7801\u3001\u52a0\u5bc6\u5bc6\u94a5\u7b49\u3002 \u4e91\u7ba1\u7406\u5458\u5c06\u4f7f\u7528\u7ba1\u7406 API \u6765\u7ba1\u7406\u8d44\u6e90\u914d\u989d\u3002 \u5916\u90e8\u4f9d\u8d56\u548c\u76f8\u5173\u7684\u5b89\u5168\u5047\u8bbe \u00b6 \u5916\u90e8\u4f9d\u8d56\u9879\u662f\u670d\u52a1\u64cd\u4f5c\u6240\u9700\u7684\u4e0d\u53d7\u63a7\u5236\u7684\u9879\uff0c\u5982\u679c\u5b83\u4eec\u53d7\u5230\u5a01\u80c1\u6216\u53d8\u5f97\u4e0d\u53ef\u7528\uff0c\u53ef\u80fd\u4f1a\u5f71\u54cd\u670d\u52a1\u3002\u8fd9\u4e9b\u9879\u76ee\u901a\u5e38\u4e0d\u5728\u5f00\u53d1\u4eba\u5458\u7684\u63a7\u5236\u8303\u56f4\u5185\uff0c\u4f46\u5728\u90e8\u7f72\u8005\u7684\u63a7\u5236\u8303\u56f4\u5185\uff0c\u6216\u8005\u5b83\u4eec\u53ef\u80fd\u7531\u7b2c\u4e09\u65b9\u64cd\u4f5c\u3002\u8bbe\u5907\u5e94\u88ab\u89c6\u4e3a\u5916\u90e8\u4f9d\u8d56\u9879\u3002 \u4f8b\u5982\uff1a Nova \u8ba1\u7b97\u670d\u52a1\u4f9d\u8d56\u4e8e\u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743\u670d\u52a1\u3002\u5728\u5178\u578b\u90e8\u7f72\u4e2d\uff0c\u6b64\u4f9d\u8d56\u5173\u7cfb\u5c06\u7531 keystone \u670d\u52a1\u5b9e\u73b0\u3002 Barbican \u4f9d\u8d56\u4e8e\u786c\u4ef6\u5b89\u5168\u6a21\u5757 \uff08HSM\uff09 \u8bbe\u5907\u7684\u4f7f\u7528\u3002 \u7ec4\u4ef6 \u00b6 \u5df2\u90e8\u7f72\u9879\u76ee\u7684\u7ec4\u4ef6\u5217\u8868\uff0c\u4e0d\u5305\u62ec\u5916\u90e8\u5b9e\u4f53\u3002\u6bcf\u4e2a\u7ec4\u4ef6\u90fd\u5e94\u547d\u540d\u5e76\u7b80\u8981\u63cf\u8ff0\u5176\u7528\u9014\uff0c\u5e76\u4f7f\u7528\u4f7f\u7528\u7684\u4e3b\u8981\u6280\u672f\uff08\u4f8b\u5982 Python\u3001MySQL\u3001RabbitMQ\uff09\u8fdb\u884c\u6807\u8bb0\u3002 \u4f8b\u5982\uff1a keystone \u76d1\u542c\u5668\u8fdb\u7a0b \uff08Python\uff09\uff1a\u4f7f\u7528 keystone \u670d\u52a1\u53d1\u5e03\u7684 keystone \u4e8b\u4ef6\u7684 Python \u8fdb\u7a0b\u3002 \u6570\u636e\u5e93 \uff08MySQL\uff09\uff1aMySQL \u6570\u636e\u5e93\uff0c\u7528\u4e8e\u5b58\u50a8\u4e0e\u5176\u6258\u7ba1\u5b9e\u4f53\u53ca\u5176\u5143\u6570\u636e\u76f8\u5173\u7684\u5df4\u6bd4\u80af\u72b6\u6001\u6570\u636e\u3002 \u670d\u52a1\u67b6\u6784\u56fe \u00b6 \u67b6\u6784\u56fe\u663e\u793a\u4e86\u7cfb\u7edf\u7684\u903b\u8f91\u5e03\u5c40\uff0c\u4ee5\u4fbf\u5b89\u5168\u5ba1\u9605\u8005\u53ef\u4ee5\u4e0e\u9879\u76ee\u56e2\u961f\u4e00\u8d77\u9010\u6b65\u5b8c\u6210\u67b6\u6784\u3002\u5b83\u662f\u4e00\u4e2a\u903b\u8f91\u56fe\uff0c\u663e\u793a\u7ec4\u4ef6\u5982\u4f55\u4ea4\u4e92\u3001\u5b83\u4eec\u5982\u4f55\u8fde\u63a5\u5230\u5916\u90e8\u5b9e\u4f53\u4ee5\u53ca\u901a\u4fe1\u8de8\u8d8a\u4fe1\u4efb\u8fb9\u754c\u7684\u4f4d\u7f6e\u3002\u6709\u5173\u67b6\u6784\u56fe\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u5305\u62ec\u7b26\u53f7\u952e\uff0c\u5c06\u5728\u5373\u5c06\u53d1\u5e03\u7684\u67b6\u6784\u56fe\u6307\u5357\u4e2d\u7ed9\u51fa\u3002\u53ef\u4ee5\u5728\u4efb\u4f55\u53ef\u4ee5\u751f\u6210\u4f7f\u7528\u952e\u4e2d\u7b26\u53f7\u7684\u56fe\u8868\u7684\u5de5\u5177\u4e2d\u7ed8\u5236\u56fe\u8868\uff0c\u4f46\u5f3a\u70c8\u5efa\u8bae draw.io\u3002 \u6b64\u793a\u4f8b\u663e\u793a\u4e86 barbican \u67b6\u6784\u56fe\uff1a \u6570\u636e\u8d44\u4ea7 \u00b6 \u6570\u636e\u8d44\u4ea7\u662f\u653b\u51fb\u8005\u53ef\u80fd\u9488\u5bf9\u7684\u7528\u6237\u6570\u636e\u3001\u9ad8\u4ef7\u503c\u6570\u636e\u3001\u914d\u7f6e\u9879\u3001\u6388\u6743\u4ee4\u724c\u6216\u5176\u4ed6\u9879\u3002\u6570\u636e\u9879\u96c6\u56e0\u9879\u76ee\u800c\u5f02\uff0c\u4f46\u4e00\u822c\u800c\u8a00\uff0c\u5e94\u5c06\u5176\u89c6\u4e3a\u5bf9\u9879\u76ee\u9884\u671f\u64cd\u4f5c\u81f3\u5173\u91cd\u8981\u7684\u7c7b\u522b\u3002\u6240\u9700\u7684\u8be6\u7ec6\u7a0b\u5ea6\u5728\u67d0\u79cd\u7a0b\u5ea6\u4e0a\u53d6\u51b3\u4e8e\u4e0a\u4e0b\u6587\u3002\u6570\u636e\u901a\u5e38\u53ef\u4ee5\u5206\u7ec4\uff0c\u4f8b\u5982\u201c\u7528\u6237\u6570\u636e\u201d\u3001\u201c\u673a\u5bc6\u6570\u636e\u201d\u6216\u201c\u914d\u7f6e\u6587\u4ef6\u201d\uff0c\u4f46\u4e5f\u53ef\u4ee5\u662f\u5355\u6570\uff0c\u4f8b\u5982\u201c\u7ba1\u7406\u5458\u8eab\u4efd\u4ee4\u724c\u201d\u6216\u201c\u7528\u6237\u8eab\u4efd\u4ee4\u724c\u201d\u6216\u201c\u6570\u636e\u5e93\u914d\u7f6e\u6587\u4ef6\u201d\u3002 \u6570\u636e\u8d44\u4ea7\u5e94\u5305\u62ec\u8be5\u8d44\u4ea7\u6301\u4e45\u5316\u4f4d\u7f6e\u7684\u58f0\u660e\u3002 \u4f8b\u5982\uff1a \u673a\u5bc6\u6570\u636e - \u5bc6\u7801\u3001\u52a0\u5bc6\u5bc6\u94a5\u3001RSA \u5bc6\u94a5 - \u4fdd\u7559\u5728\u6570\u636e\u5e93 [PKCS#11] \u6216 HSM [KMIP] \u6216 [KMIP\u3001Dogtag] \u4e2d RBAC \u89c4\u5219\u96c6 - \u4fdd\u7559\u5728 policy.json \u4e2d RabbitMQ \u51ed\u8bc1 - \u4fdd\u7559\u5728 barbican.conf \u4e2d keystone \u4e8b\u4ef6\u961f\u5217\u51ed\u636e - \u4fdd\u7559\u5728 barbican.conf \u4e2d \u4e2d\u95f4\u4ef6\u914d\u7f6e - \u4fdd\u7559\u5728\u7c98\u8d34 .ini \u4e2d \u6570\u636e\u8d44\u4ea7\u5f71\u54cd\u5206\u6790 \u00b6 \u6570\u636e\u8d44\u4ea7\u5f71\u54cd\u5206\u6790\u5206\u89e3\u4e86\u6bcf\u4e2a\u6570\u636e\u8d44\u4ea7\u7684\u673a\u5bc6\u6027\u3001\u5b8c\u6574\u6027\u6216\u53ef\u7528\u6027\u635f\u5931\u7684\u5f71\u54cd\u3002\u9879\u76ee\u67b6\u6784\u5e08\u5e94\u8be5\u5c1d\u8bd5\u5b8c\u6210\u8fd9\u9879\u5de5\u4f5c\uff0c\u56e0\u4e3a\u4ed6\u4eec\u6700\u8be6\u7ec6\u5730\u4e86\u89e3\u4ed6\u4eec\u7684\u9879\u76ee\uff0c\u4f46 OpenStack \u5b89\u5168\u9879\u76ee \uff08OSSP\uff09 \u5c06\u5728\u5b89\u5168\u5ba1\u67e5\u671f\u95f4\u4e0e\u9879\u76ee\u4e00\u8d77\u89e3\u51b3\u8fd9 \u4e2a\u95ee\u9898\uff0c\u5e76\u53ef\u80fd\u6dfb\u52a0\u6216\u66f4\u65b0\u5f71\u54cd\u7ec6\u8282\u3002 \u4f8b\u5982\uff1a RabbitMQ \u51ed\u636e\uff1a \u5b8c\u6574\u6027\u6545\u969c\u5f71\u54cd\uff1abarbican \u548c Workers \u65e0\u6cd5\u518d\u8bbf\u95ee\u961f\u5217\u3002\u62d2\u7edd\u670d\u52a1\u3002 \u673a\u5bc6\u6027\u6545\u969c\u5f71\u54cd\uff1a\u653b\u51fb\u8005\u53ef\u4ee5\u5c06\u65b0\u4efb\u52a1\u6dfb\u52a0\u5230\u961f\u5217\u4e2d\uff0c\u8fd9\u4e9b\u4efb\u52a1\u5c06\u7531\u5de5\u4f5c\u4eba\u5458\u6267\u884c\u3002\u653b\u51fb\u8005\u53ef\u80fd\u8017\u5c3d\u7528\u6237\u914d\u989d\u3002\u62d2\u7edd\u670d\u52a1\u3002\u7528\u6237\u5c06\u65e0\u6cd5\u521b\u5efa\u771f\u6b63\u7684\u673a\u5bc6\u3002 \u53ef\u7528\u6027\u6545\u969c\u5f71\u54cd\uff1a\u5982\u679c\u6ca1\u6709\u5bf9\u961f\u5217\u7684\u8bbf\u95ee\u6743\u9650\uff0cbarbican \u65e0\u6cd5\u518d\u521b\u5efa\u65b0\u5bc6\u94a5\u3002 Keystone \u51ed\u636e\uff1a \u5b8c\u6574\u6027\u6545\u969c\u5f71\u54cd\uff1abarbican \u5c06\u65e0\u6cd5\u9a8c\u8bc1\u7528\u6237\u51ed\u636e\u5e76\u5931\u8d25\u3002\u62d2\u7edd\u670d\u52a1\u3002 \u673a\u5bc6\u6027\u6545\u969c\u5f71\u54cd\uff1a\u6076\u610f\u7528\u6237\u53ef\u80fd\u4f1a\u6ee5\u7528\u5176\u4ed6 OpenStack \u670d\u52a1\uff08\u53d6\u51b3\u4e8e keystone \u89d2\u8272\u914d\u7f6e\uff09\uff0c\u4f46 barbican \u4e0d\u53d7\u5f71\u54cd\u3002\u5982\u679c\u7528\u4e8e\u4ee4\u724c\u9a8c\u8bc1\u7684\u670d\u52a1\u5e10\u6237\u4e5f\u5177\u6709 barbican \u7ba1\u7406\u5458\u6743\u9650\uff0c\u5219\u6076\u610f\u7528\u6237\u53ef\u4ee5\u64cd\u7eb5 barbican \u7ba1\u7406\u5458\u529f\u80fd\u3002 \u53ef\u7528\u6027\u6545\u969c\u5f71\u54cd\uff1abarbican \u5c06\u65e0\u6cd5\u9a8c\u8bc1\u7528\u6237\u51ed\u636e\u5e76\u5931\u8d25\u3002\u62d2\u7edd\u670d\u52a1\u3002 \u63a5\u53e3 \u00b6 \u63a5\u53e3\u5217\u8868\u6355\u83b7\u4e86\u5ba1\u67e5\u8303\u56f4\u5185\u7684\u63a5\u53e3\u3002\u8fd9\u5305\u62ec\u67b6\u6784\u56fe\u4e0a\u8de8\u8d8a\u4fe1\u4efb\u8fb9\u754c\u6216\u4e0d\u4f7f\u7528\u884c\u4e1a\u6807\u51c6\u52a0\u5bc6\u534f\u8bae\uff08\u5982 TLS \u6216 SSH\uff09\u7684\u6a21\u5757\u4e4b\u95f4\u7684\u8fde\u63a5\u3002\u5bf9\u4e8e\u6bcf\u4e2a\u63a5\u53e3\uff0c\u5c06\u6355\u83b7\u4ee5\u4e0b\u4fe1\u606f\uff1a \u4f7f\u7528\u7684\u534f\u8bae \u901a\u8fc7\u8be5\u63a5\u53e3\u4f20\u8f93\u7684\u4efb\u4f55\u6570\u636e\u8d44\u4ea7 \u6709\u5173\u7528\u4e8e\u8fde\u63a5\u5230\u8be5\u63a5\u53e3\u7684\u8eab\u4efd\u9a8c\u8bc1\u7684\u4fe1\u606f \u63a5\u53e3\u7528\u9014\u7684\u7b80\u8981\u8bf4\u660e\u3002 \u8bb0\u5f55\u683c\u5f0f\u5982\u4e0b\uff1a \u4ece>\u5230[\u4f20\u8f93\u65b9\u5f0f]\uff1a \u52a8\u6001\u8d44\u4ea7 \u8eab\u4efd\u8ba4\u8bc1\uff1f \u63cf\u8ff0 \u4f8b\u5982\uff1a \u5ba2\u6237\u7aef>API \u8fdb\u7a0b [TLS]\uff1a \u4f20\u8f93\u4e2d\u7684\u8d44\u4ea7\uff1a\u7528\u6237\u5bc6\u94a5\u5931\u771f\u51ed\u636e\u3001\u660e\u6587\u5bc6\u94a5\u3001HTTP \u8c13\u8bcd\u3001\u5bc6\u94a5 ID\u3001\u8def\u5f84 \u5bf9 keystone \u51ed\u636e\u6216\u660e\u6587\u673a\u5bc6\u7684\u8bbf\u95ee\u88ab\u89c6\u4e3a\u7cfb\u7edf\u7684\u5b8c\u5168\u5b89\u5168\u6545\u969c - \u6b64\u63a5\u53e3\u5fc5\u987b\u5177\u6709\u5f3a\u5927\u7684\u673a\u5bc6\u6027\u548c\u5b8c\u6574\u6027\u63a7\u5236\u3002 \u8d44\u6e90 \u00b6 \u5217\u51fa\u4e0e\u9879\u76ee\u76f8\u5173\u7684\u8d44\u6e90\uff0c\u4f8b\u5982\u63cf\u8ff0\u5176\u90e8\u7f72\u548c\u7528\u6cd5\u7684 Wiki \u9875\u9762\uff0c\u4ee5\u53ca\u6307\u5411\u4ee3\u7801\u5b58\u50a8\u5e93\u548c\u76f8\u5173\u6f14\u793a\u6587\u7a3f\u7684\u94fe\u63a5\u3002 \u5b89\u5168\u68c0\u67e5\u8868 \u00b6 \u8eab\u4efd\u670d\u52a1\u68c0\u67e5\u8868 \u4eea\u8868\u677f\u68c0\u67e5\u8868 \u8ba1\u7b97\u670d\u52a1\u68c0\u67e5\u8868 \u5757\u5b58\u50a8\u670d\u52a1\u68c0\u67e5\u8868 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u68c0\u67e5\u8868 \u7f51\u7edc\u670d\u52a1\u68c0\u67e5\u8868 \u9644\u5f55 \u00b6 \u793e\u533a\u652f\u6301 \u8bcd\u6c47\u8868 \u793e\u533a\u652f\u6301 \u00b6 \u4ee5\u4e0b\u8d44\u6e90\u53ef\u5e2e\u52a9\u60a8\u8fd0\u884c\u548c\u4f7f\u7528 OpenStack\u3002OpenStack\u793e\u533a\u4e0d\u65ad\u6539\u8fdb\u548c\u589e\u52a0OpenStack\u7684\u4e3b\u8981\u529f\u80fd\uff0c\u4f46\u5982\u679c\u60a8\u6709\u4efb\u4f55\u95ee\u9898\uff0c\u8bf7\u968f\u65f6\u63d0\u95ee\u3002\u4f7f\u7528\u4ee5\u4e0b\u8d44\u6e90\u83b7\u53d6 OpenStack \u652f\u6301\u5e76\u5bf9\u5b89\u88c5\u8fdb\u884c\u6545\u969c\u6392\u9664\u3002 \u6587\u6863 \u00b6 \u6709\u5173\u53ef\u7528\u7684 OpenStack \u6587\u6863\uff0c\u8bf7\u53c2\u9605 docs.openstack.org\u3002 \u4ee5\u4e0b\u6307\u5357\u89e3\u91ca\u4e86\u5982\u4f55\u5b89\u88c5\u6982\u5ff5\u9a8c\u8bc1 OpenStack \u4e91\u53ca\u5176\u76f8\u5173\u7ec4\u4ef6\uff1a Rocky \u5b89\u88c5\u6307\u5357 \u4ee5\u4e0b\u4e66\u7c4d\u4ecb\u7ecd\u4e86\u5982\u4f55\u914d\u7f6e\u548c\u8fd0\u884c OpenStack \u4e91\uff1a \u67b6\u6784\u8bbe\u8ba1\u6307\u5357 Rocky \u7ba1\u7406\u5458\u6307\u5357 Rocky \u914d\u7f6e\u6307\u5357 Rocky \u7f51\u7edc\u6307\u5357 \u9ad8\u53ef\u7528\u6027\u6307\u5357 \u5b89\u5168\u6307\u5357 \u865a\u62df\u673a\u6620\u50cf\u6307\u5357 \u4ee5\u4e0b\u4e66\u7c4d\u4ecb\u7ecd\u4e86\u5982\u4f55\u4f7f\u7528\u547d\u4ee4\u884c\u5ba2\u6237\u7aef\uff1a Rocky API \u7ed1\u5b9a \u4ee5\u4e0b\u6587\u6863\u63d0\u4f9b\u4e86 OpenStack API \u7684\u53c2\u8003\u548c\u6307\u5bfc\u4fe1\u606f\uff1a API \u6587\u6863 \u4ee5\u4e0b\u6307\u5357\u63d0\u4f9b\u4e86\u6709\u5173\u5982\u4f55\u4e3a OpenStack \u6587\u6863\u505a\u51fa\u8d21\u732e\u7684\u4fe1\u606f\uff1a \u6587\u6863\u8d21\u732e\u8005\u6307\u5357 OpenStack wiki \u00b6 OpenStack wiki \u5305\u542b\u5e7f\u6cdb\u7684\u4e3b\u9898\uff0c\u4f46\u6709\u4e9b\u4fe1\u606f\u53ef\u80fd\u5f88\u96be\u627e\u5230\u6216\u53ea\u6709\u51e0\u9875\u6df1\u3002\u5e78\u8fd0\u7684\u662f\uff0cWiki \u641c\u7d22\u529f\u80fd\u4f7f\u60a8\u80fd\u591f\u6309\u6807\u9898\u6216\u5185\u5bb9\u8fdb\u884c\u641c\u7d22\u3002\u5982\u679c\u60a8\u641c\u7d22\u7279\u5b9a\u4fe1\u606f\uff0c\u4f8b\u5982\u6709\u5173\u7f51\u7edc\u6216 OpenStack \u8ba1\u7b97\u7684\u4fe1\u606f\uff0c\u60a8\u53ef\u4ee5\u627e\u5230\u5927\u91cf\u76f8\u5173\u6750\u6599\u3002\u66f4\u591a\u5185\u5bb9\u4e00\u76f4\u5728\u6dfb\u52a0\uff0c\u56e0\u6b64\u8bf7\u52a1\u5fc5\u7ecf\u5e38\u56de\u6765\u67e5\u770b\u3002\u60a8\u53ef\u4ee5\u5728\u4efb\u4f55 OpenStack wiki \u9875\u9762\u7684\u53f3\u4e0a\u89d2\u627e\u5230\u641c\u7d22\u6846\u3002 Launchpad bug \u533a\u57df \u00b6 OpenStack \u793e\u533a\u91cd\u89c6\u60a8\u7684\u8bbe\u7f6e\u548c\u6d4b\u8bd5\u5de5\u4f5c\uff0c\u5e76\u5e0c\u671b\u5f97\u5230\u60a8\u7684\u53cd\u9988\u3002\u8981\u8bb0\u5f55bug\uff0c\u60a8\u5fc5\u987b\u6ce8\u518c\u4e00\u4e2a Launchpad \u5e10\u6237\u3002\u60a8\u53ef\u4ee5\u5728 Launchpad bug \u533a\u57df\u4e2d\u67e5\u770b\u73b0\u6709bug\u5e76\u62a5\u544abug\u3002\u4f7f\u7528\u641c\u7d22\u529f\u80fd\u786e\u5b9abug\u662f\u5426\u5df2\u62a5\u544a\u6216\u5df2\u4fee\u590d\u3002\u5982\u679c\u60a8\u7684bug\u4f3c\u4e4e\u4ecd\u672a\u62a5\u544a\uff0c\u8bf7\u586b\u5199bug\u62a5\u544a\u3002 \u4e00\u4e9b\u63d0\u793a\uff1a \u7ed9\u51fa\u4e00\u4e2a\u6e05\u6670\u3001\u7b80\u6d01\u7684\u603b\u7ed3\u3002 \u5728\u63cf\u8ff0\u4e2d\u63d0\u4f9b\u5c3d\u53ef\u80fd\u591a\u7684\u8be6\u7ec6\u4fe1\u606f\u3002\u7c98\u8d34\u547d\u4ee4\u8f93\u51fa\u6216\u5806\u6808\u8ddf\u8e2a\u3001\u5c4f\u5e55\u622a\u56fe\u94fe\u63a5\u4ee5\u53ca\u53ef\u80fd\u6709\u7528\u7684\u4efb\u4f55\u5176\u4ed6\u4fe1\u606f\u3002 \u8bf7\u52a1\u5fc5\u5305\u62ec\u60a8\u6b63\u5728\u4f7f\u7528\u7684\u8f6f\u4ef6\u548c\u8f6f\u4ef6\u5305\u7248\u672c\uff0c\u5c24\u5176\u662f\u5728\u4f7f\u7528\u5f00\u53d1\u5206\u652f\uff08\u5982 \"Kilo release\" vs git commit bc79c3ecc55929bac585d04a03475b72e06a3208 . \u4efb\u4f55\u7279\u5b9a\u4e8e\u90e8\u7f72\u7684\u4fe1\u606f\u90fd\u5f88\u6709\u7528\uff0c\u4f8b\u5982\u60a8\u4f7f\u7528\u7684\u662f Ubuntu 14.04 \u8fd8\u662f\u6b63\u5728\u6267\u884c\u591a\u8282\u70b9\u5b89\u88c5\u3002 \u4ee5\u4e0b Launchpad Bug \u533a\u57df\u53ef\u7528\uff1a Bugs\uff1aOpenStack \u5757\u5b58\u50a8 \uff08cinder\uff09 Bugs\uff1aOpenStack \u8ba1\u7b97\uff08nova\uff09 Bugs\uff1aOpenStack \u4eea\u8868\u677f\uff08horizon\uff09 Bugs\uff1aOpenStack \u8eab\u4efd\u8ba4\u8bc1\uff08keystone\uff09 Bugs\uff1aOpenStack \u955c\u50cf\u670d\u52a1 \uff08glance\uff09 Bugs\uff1aOpenStack \u7f51\u7edc\uff08neutron\uff09 Bugs\uff1aOpenStack \u5bf9\u8c61\u5b58\u50a8 \uff08swift\uff09 Bugs\uff1a\u5e94\u7528\u7a0b\u5e8f\u76ee\u5f55 \uff08murano\uff09 Bugs\uff1a\u88f8\u673a\u670d\u52a1\uff08ironic\uff09 Bugs\uff1a\u96c6\u7fa4\u670d\u52a1\uff08senlin\uff09 Bugs\uff1a\u5bb9\u5668\u57fa\u7840\u67b6\u6784\u7ba1\u7406\u670d\u52a1\uff08magnum\uff09 Bugs\uff1a\u6570\u636e\u5904\u7406\u670d\u52a1\uff08sahara\uff09 Bugs\uff1a\u6570\u636e\u5e93\u670d\u52a1 \uff08trove\uff09 Bugs\uff1aDNS\u670d\u52a1\uff08designate\uff09 Bugs\uff1a\u5bc6\u94a5\u7ba1\u7406\u670d\u52a1\uff08barbican\uff09 Bugs\uff1a\u76d1\u63a7 \uff08monasca\uff09 Bugs\uff1a\u7f16\u6392 \uff08heat\uff09 Bugs\uff1a\u8bc4\u7ea7 \uff08cloudkitty\uff09 Bugs\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf \uff08manila\uff09 Bugs\uff1a\u9065\u6d4b\uff08ceilometer\uff09 Bugs\uff1a\u9065\u6d4bv3 \uff08gnocchi\uff09 Bugs\uff1a\u5de5\u4f5c\u6d41\u670d\u52a1 \uff08mistral\uff09 Bugs\uff1a\u6d88\u606f\u4f20\u9012\u670d\u52a1 \uff08zaqar\uff09 Bugs\uff1a\u5bb9\u5668\u670d\u52a1 \uff08zun\uff09 Bugs\uff1aOpenStack API \u6587\u6863 \uff08developer.openstack.org\uff09 Bugs\uff1aOpenStack \u6587\u6863 \uff08docs.openstack.org\uff09 \u6587\u6863\u53cd\u9988 \u00b6 \u8981\u63d0\u4f9b\u6709\u5173\u6587\u6863\u7684\u53cd\u9988\uff0c\u8bf7\u52a0\u5165\u6211\u4eec\u5728 OFTC IRC \u7f51\u7edc\u4e0a\u7684 IRC \u9891\u9053 #openstack-doc \uff0c\u6216\u5728 Launchpad \u4e2d\u62a5\u544a\u9519\u8bef\u5e76\u9009\u62e9\u6587\u6863\u6240\u5c5e\u7684\u7279\u5b9a\u9879\u76ee\u3002 OpenStack IRC \u9891\u9053 \u00b6 OpenStack \u793e\u533a\u4f4d\u4e8e OFTC \u7f51\u7edc\u4e0a\u7684 #openstack IRC \u9891\u9053\u4e2d\u3002\u60a8\u53ef\u4ee5\u5728\u8fd9\u91cc\u63d0\u95ee\uff0c\u83b7\u53d6\u5373\u65f6\u53cd\u9988\uff0c\u89e3\u51b3\u7d27\u6025\u95ee\u9898\u3002\u8981\u5b89\u88c5 IRC \u5ba2\u6237\u7aef\u6216\u4f7f\u7528\u57fa\u4e8e\u6d4f\u89c8\u5668\u7684\u5ba2\u6237\u7aef\uff0c\u8bf7\u8bbf\u95ee https://webchat.oftc.net/\u3002\u60a8\u8fd8\u53ef\u4ee5\u4f7f\u7528Colloquy \uff08Mac OS X\uff09\u3001mIRC \uff08Windows\uff09 \u6216 XChat \uff08Linux\uff09\u3002\u5f53\u60a8\u5728 IRC \u9891\u9053\u4e2d\u5e76\u4e14\u60f3\u8981\u5171\u4eab\u4ee3\u7801\u6216\u547d\u4ee4\u8f93\u51fa\u65f6\uff0c\u901a\u5e38\u63a5\u53d7\u7684\u65b9\u6cd5\u662f\u4f7f\u7528 Paste Bin\u3002OpenStack \u9879\u76ee\u6709\u4e00\u4e2aPaste\u7f51\u7ad9\u3002\u53ea\u9700\u5c06\u8f83\u957f\u7684\u6587\u672c\u6216\u65e5\u5fd7\u7c98\u8d34\u5230 Web \u8868\u5355\u4e2d\uff0c\u5373\u53ef\u83b7\u5f97\u4e00\u4e2aURL\uff0c\u53ef\u4ee5\u5c06\u5176\u7c98\u8d34\u5230\u9891\u9053\u4e2d\u3002OpenStack IRC \u9891\u9053\u5904\u4e8e #openstack . irc.oftc.net \u60a8\u53ef\u4ee5\u5728 wiki \u7684 IRC \u9875\u9762\u4e0a\u627e\u5230\u6240\u6709 OpenStack IRC \u9891\u9053\u7684\u5217\u8868\u3002 OpenStack \u90ae\u4ef6\u5217\u8868 \u00b6 \u83b7\u5f97\u7b54\u6848\u548c\u89c1\u89e3\u7684\u4e00\u4e2a\u597d\u65b9\u6cd5\u662f\u5c06\u60a8\u7684\u95ee\u9898\u6216\u6709\u95ee\u9898\u7684\u573a\u666f\u53d1\u5e03\u5230 OpenStack \u90ae\u4ef6\u5217\u8868\u4e2d\u3002\u60a8\u53ef\u4ee5\u5411\u53ef\u80fd\u9047\u5230\u7c7b\u4f3c\u95ee\u9898\u7684\u5176\u4ed6\u4eba\u5b66\u4e60\u548c\u63d0\u4f9b\u5e2e\u52a9\u3002\u8981\u8ba2\u9605\u6216\u67e5\u770b\u5b58\u6863\uff0c\u8bf7\u8bbf\u95ee\u4e00\u822c\u7684 OpenStack \u90ae\u4ef6\u5217\u8868\u3002\u5982\u679c\u60a8\u5bf9\u7279\u5b9a\u9879\u76ee\u6216\u5f00\u53d1\u7684\u5176\u4ed6\u90ae\u4ef6\u5217\u8868\u611f\u5174\u8da3\uff0c\u8bf7\u53c2\u9605\u90ae\u4ef6\u5217\u8868\u3002 OpenStack \u53d1\u884c\u5305 \u00b6 \u4ee5\u4e0b Linux \u53d1\u884c\u7248\u4e3a OpenStack \u63d0\u4f9b\u793e\u533a\u652f\u6301\u7684\u8f6f\u4ef6\u5305\uff1a CentOS, Fedora, and Red Hat Enterprise Linux: https://www.rdoproject.org/ openSUSE and SUSE Linux Enterprise Server: https://en.opensuse.org/Portal:OpenStack Ubuntu: https://wiki.ubuntu.com/OpenStack/CloudArchive \u8bcd\u6c47\u8868 \u00b6 \u672c\u8bcd\u6c47\u8868\u63d0\u4f9b\u4e86\u4e00\u7cfb\u5217\u672f\u8bed\u548c\u5b9a\u4e49\uff0c\u7528\u4e8e\u5b9a\u4e49 OpenStack \u76f8\u5173\u6982\u5ff5\u7684\u8bcd\u6c47\u8868\u3002 \u8981\u6dfb\u52a0\u5230 OpenStack \u672f\u8bed\u8868\uff0c\u8bf7\u514b\u9686 openstack/openstack-manuals \u5b58\u50a8\u5e93\uff0c\u5e76\u901a\u8fc7 OpenStack \u8d21\u732e\u8fc7\u7a0b\u66f4\u65b0\u6e90\u6587\u4ef6 doc/common/glossary.rst \u3002 0-9 \u00b6 2023.1 Antelope OpenStack \u7b2c 27 \u7248\u7684\u4ee3\u53f7\u3002\u6b64\u7248\u672c\u662f\u57fa\u4e8e\u201c\u5e74\u201d\u4e4b\u540e\u5f62\u6210\u7684\u65b0\u7248\u672c\u6807\u8bc6\u8fc7\u7a0b\u7684\u7b2c\u4e00\u4e2a\u7248\u672c\u3002\u5e74\u5185\u91ca\u653e\u8ba1\u6570\u201c\uff0cAntelope\u662f\u4e00\u79cd\u654f\u6377\u800c\u4eb2\u5207\u7684\u52a8\u7269\uff0c\u4e5f\u662f\u4e00\u79cd\u84b8\u6c7d\u673a\u8f66\u7684\u7c7b\u578b\u3002 2023.2 Bobcat OpenStack \u7b2c 28 \u7248\u7684\u4ee3\u53f7\u3002 2024.1 Caracal OpenStack \u7b2c 29 \u7248\u7684\u4ee3\u53f7\u3002 6to4 \u4e00\u79cd\u5141\u8bb8 IPv6 \u6570\u636e\u5305\u901a\u8fc7 IPv4 \u7f51\u7edc\u4f20\u8f93\u7684\u673a\u5236\uff0c\u63d0\u4f9b\u8fc1\u79fb\u5230 IPv6 \u7684\u7b56\u7565\u3002 A \u00b6 \u7edd\u5bf9\u9650\u5236 \u5ba2\u6237\u673a\u865a\u62df\u673a\u7684\u4e0d\u53ef\u903e\u8d8a\u9650\u5236\u3002 \u8bbe\u7f6e\u5305\u62ec\u603b RAM \u5927\u5c0f\u3001\u6700\u5927 vCPU \u6570\u548c\u6700\u5927\u78c1\u76d8\u5927\u5c0f\u3002 \u8bbf\u95ee\u63a7\u5236\u5217\u8868\uff08ACL\uff09 \u9644\u52a0\u5230\u5bf9\u8c61\u7684\u6743\u9650\u5217\u8868\u3002ACL \u6307\u5b9a\u54ea\u4e9b\u7528\u6237\u6216\u7cfb\u7edf\u8fdb\u7a0b\u6709\u6743\u8bbf\u95ee\u5bf9\u8c61\u3002\u5b83\u8fd8\u5b9a\u4e49\u53ef\u4ee5\u5bf9\u6307\u5b9a\u5bf9\u8c61\u6267\u884c\u54ea\u4e9b\u64cd\u4f5c\u3002\u5178\u578b ACL \u4e2d\u7684\u6bcf\u4e2a\u6761\u76ee\u90fd\u6307\u5b9a\u4e00\u4e2a\u4e3b\u9898\u548c\u4e00\u4e2a\u64cd\u4f5c\u3002\u4f8b\u5982\uff0c\u6587\u4ef6\u7684 ACL \u6761\u76ee (Alice, delete) \u6388\u4e88 Alice \u5220\u9664\u8be5\u6587\u4ef6\u7684\u6743\u9650\u3002 \u8bbf\u95ee\u5bc6\u94a5 Amazon EC2 \u8bbf\u95ee\u5bc6\u94a5\u7684\u66ff\u4ee3\u672f\u8bed\u3002\u8bf7\u53c2\u9605 EC2 \u8bbf\u95ee\u5bc6\u94a5\u3002 \u8d26\u6237 \u5bf9\u8c61\u5b58\u50a8\u4e2d\u8d26\u6237\u7684\u4e0a\u4e0b\u6587\u3002\u4e0d\u8981\u4e0e\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u4e2d\u7684\u7528\u6237\u5e10\u6237\u6df7\u6dc6\uff0c\u4f8b\u5982 Active Directory\u3001/etc/passwd\u3001OpenLDAP\u3001OpenStack Identity \u7b49\u3002 \u8d26\u6237\u5ba1\u6838\u5458 \u901a\u8fc7\u5bf9\u540e\u7aef SQLite \u6570\u636e\u5e93\u8fd0\u884c\u67e5\u8be2\uff0c\u68c0\u67e5\u6307\u5b9a\u5bf9\u8c61\u5b58\u50a8\u5e10\u6237\u4e2d\u7f3a\u5c11\u7684\u526f\u672c\u4ee5\u53ca\u4e0d\u6b63\u786e\u6216\u635f\u574f\u7684\u5bf9\u8c61\u3002 \u8d26\u6237\u6570\u636e\u5e93 \u4e00\u4e2a SQLite \u6570\u636e\u5e93\uff0c\u5176\u4e2d\u5305\u542b\u5bf9\u8c61\u5b58\u50a8\u5e10\u6237\u548c\u76f8\u5173\u5143\u6570\u636e\uff0c\u5e76\u4e14\u5e10\u6237\u670d\u52a1\u5668\u53ef\u4ee5\u8bbf\u95ee\u8be5\u6570\u636e\u5e93\u3002 \u8d26\u6237\u56de\u6536\u5668 \u4e00\u4e2a\u5bf9\u8c61\u5b58\u50a8\u5de5\u4f5c\u7ebf\u7a0b\uff0c\u7528\u4e8e\u626b\u63cf\u548c\u5220\u9664\u5e10\u6237\u6570\u636e\u5e93\uff0c\u5e76\u4e14\u5e10\u6237\u670d\u52a1\u5668\u5df2\u6807\u8bb0\u4e3a\u5220\u9664\u3002 \u8d26\u6237\u670d\u52a1\u5668 \u5217\u51fa\u5bf9\u8c61\u5b58\u50a8\u4e2d\u7684\u5bb9\u5668\uff0c\u5e76\u5c06\u5bb9\u5668\u4fe1\u606f\u5b58\u50a8\u5728\u5e10\u6237\u6570\u636e\u5e93\u4e2d\u3002 \u8d26\u6237\u670d\u52a1 \u5bf9\u8c61\u5b58\u50a8\u7ec4\u4ef6\uff0c\u63d0\u4f9b\u5217\u8868\u3001\u521b\u5efa\u3001\u4fee\u6539\u3001\u5ba1\u8ba1\u7b49\u8d26\u53f7\u670d\u52a1\u3002\u4e0d\u8981\u4e0e OpenStack Identity \u670d\u52a1\u3001OpenLDAP \u6216\u7c7b\u4f3c\u7684\u7528\u6237\u5e10\u6237\u670d\u52a1\u6df7\u6dc6\u3002 \u4f1a\u8ba1 \u8ba1\u7b97\u670d\u52a1\u901a\u8fc7\u4e8b\u4ef6\u901a\u77e5\u548c\u7cfb\u7edf\u4f7f\u7528\u60c5\u51b5\u6570\u636e\u5de5\u5177\u63d0\u4f9b\u4f1a\u8ba1\u4fe1\u606f\u3002 \u6d3b\u52a8\u76ee\u5f55 Microsoft \u57fa\u4e8e LDAP \u7684\u8eab\u4efd\u9a8c\u8bc1\u548c\u8eab\u4efd\u670d\u52a1\u3002\u5728 OpenStack \u4e2d\u53d7\u652f\u6301\u3002 \u4e3b/\u4e3b\u914d\u7f6e \u5728\u5177\u6709\u4e3b/\u4e3b\u914d\u7f6e\u7684\u9ad8\u53ef\u7528\u6027\u8bbe\u7f6e\u4e2d\uff0c\u591a\u4e2a\u7cfb\u7edf\u4e00\u8d77\u5206\u62c5\u8d1f\u8f7d\uff0c\u5982\u679c\u5176\u4e2d\u4e00\u4e2a\u7cfb\u7edf\u53d1\u751f\u6545\u969c\uff0c\u5219\u8d1f\u8f7d\u5c06\u5206\u914d\u7ed9\u5176\u4f59\u7cfb\u7edf\u3002 \u4e3b/\u5907\u914d\u7f6e \u5728\u5177\u6709\u4e3b/\u5907\u914d\u7f6e\u7684\u9ad8\u53ef\u7528\u6027\u8bbe\u7f6e\u4e2d\uff0c\u7cfb\u7edf\u8bbe\u7f6e\u4e3a\u4f7f\u5176\u4ed6\u8d44\u6e90\u8054\u673a\u4ee5\u66ff\u6362\u90a3\u4e9b\u51fa\u73b0\u6545\u969c\u7684\u8d44\u6e90\u3002 \u5730\u5740\u6c60 \u5206\u914d\u7ed9\u9879\u76ee\u7684\u4e00\u7ec4\u56fa\u5b9a\u548c/\u6216\u6d6e\u52a8 IP \u5730\u5740\uff0c\u53ef\u7531\u9879\u76ee\u4e2d\u7684 VM \u5b9e\u4f8b\u4f7f\u7528\u6216\u5206\u914d\u7ed9\u9879\u76ee\u3002 \u5730\u5740\u89e3\u6790\u534f\u8bae \uff08ARP\uff09 \u5c06\u4e09\u5c42IP\u5730\u5740\u89e3\u6790\u4e3a\u4e8c\u5c42\u94fe\u8def\u672c\u5730\u5730\u5740\u7684\u534f\u8bae\u3002 \u7ba1\u7406\u5458 API \u6388\u6743\u7ba1\u7406\u5458\u53ef\u8bbf\u95ee\u7684 API \u8c03\u7528\u5b50\u96c6\uff0c\u6700\u7ec8\u7528\u6237\u6216\u516c\u5171 Internet \u901a\u5e38\u65e0\u6cd5\u8bbf\u95ee\u8fd9\u4e9b\u8c03\u7528\u3002\u5b83\u4eec\u53ef\u4ee5\u4f5c\u4e3a\u5355\u72ec\u7684\u670d\u52a1 \uff08keystone\uff09 \u5b58\u5728\uff0c\u4e5f\u53ef\u4ee5\u662f\u53e6\u4e00\u4e2a API \uff08nova\uff09 \u7684\u5b50\u96c6\u3002 \u7ba1\u7406\u5458\u670d\u52a1\u5668 \u5728 Identity \u670d\u52a1\u7684\u4e0a\u4e0b\u6587\u4e2d\uff0c\u63d0\u4f9b\u5bf9\u7ba1\u7406 API \u7684\u8bbf\u95ee\u7684\u5de5\u4f5c\u8fdb\u7a0b\u3002 \u7ba1\u7406\u5458 \u8d1f\u8d23\u5b89\u88c5\u3001\u914d\u7f6e\u548c\u7ba1\u7406 OpenStack \u4e91\u7684\u4eba\u5458\u3002 \u9ad8\u7ea7\u6d88\u606f\u961f\u5217\u534f\u8bae \uff08AMQP\uff09 OpenStack \u7ec4\u4ef6\u7528\u4e8e\u670d\u52a1\u5185\u90e8\u901a\u4fe1\u7684\u5f00\u653e\u6807\u51c6\u6d88\u606f\u4f20\u9012\u534f\u8bae\uff0c\u7531 RabbitMQ\u3001Qpid \u6216 ZeroMQ \u63d0\u4f9b\u3002 \u9ad8\u7ea7 RISC \u673a\u5668 \uff08ARM\uff09 \u4f4e\u529f\u8017 CPU \u5e38\u89c1\u4e8e\u79fb\u52a8\u548c\u5d4c\u5165\u5f0f\u8bbe\u5907\u4e2d\u3002\u7531 OpenStack \u652f\u6301\u3002 \u8b66\u62a5 \u8ba1\u7b97\u670d\u52a1\u53ef\u4ee5\u901a\u8fc7\u5176\u901a\u77e5\u7cfb\u7edf\u53d1\u9001\u8b66\u62a5\uff0c\u8be5\u7cfb\u7edf\u5305\u62ec\u7528\u4e8e\u521b\u5efa\u81ea\u5b9a\u4e49\u901a\u77e5\u9a71\u52a8\u7a0b\u5e8f\u7684\u5de5\u5177\u3002\u8b66\u62a5\u53ef\u4ee5\u53d1\u9001\u5230\u5e76\u5728\u4eea\u8868\u677f\u4e0a\u663e\u793a\u3002 \u5206\u914d \u4ece\u5730\u5740\u6c60\u4e2d\u83b7\u53d6\u6d6e\u52a8 IP \u5730\u5740\uff0c\u4ee5\u4fbf\u5c06\u5176\u4e0e\u6765\u5bbe VM \u5b9e\u4f8b\u4e0a\u7684\u56fa\u5b9a IP \u76f8\u5173\u8054\u7684\u8fc7\u7a0b\u3002 Amazon \u5185\u6838\u6620\u50cf \uff08AKI\uff09 VM \u5bb9\u5668\u683c\u5f0f\u548c\u78c1\u76d8\u683c\u5f0f\u3002\u53d7Image\u670d\u52a1\u652f\u6301\u3002 Amazon \u7cfb\u7edf\u6620\u50cf \uff08AMI\uff09 VM \u5bb9\u5668\u683c\u5f0f\u548c\u78c1\u76d8\u683c\u5f0f\u3002\u53d7Image\u670d\u52a1\u652f\u6301\u3002 Amazon Ramdisk \u6620\u50cf \uff08ARI\uff09 VM \u5bb9\u5668\u683c\u5f0f\u548c\u78c1\u76d8\u683c\u5f0f\u3002\u53d7Image\u670d\u52a1\u652f\u6301\u3002 Anvil \u5c06\u540d\u4e3a DevStack \u7684\u57fa\u4e8e shell \u811a\u672c\u7684\u9879\u76ee\u79fb\u690d\u5230 Python \u7684\u9879\u76ee\u3002 AODH OpenStack \u9065\u6d4b\u670d\u52a1\u7684\u4e00\u90e8\u5206;\u63d0\u4f9b\u62a5\u8b66\u529f\u80fd\u3002 Apache Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\u652f\u6301 Apache \u5f00\u6e90\u8f6f\u4ef6\u9879\u76ee\u7684 Apache \u793e\u533a\u3002\u8fd9\u4e9b\u9879\u76ee\u4e3a\u516c\u5171\u5229\u76ca\u63d0\u4f9b\u8f6f\u4ef6\u4ea7\u54c1\u3002 Apache \u8bb8\u53ef\u8bc1 2.0 \u6240\u6709 OpenStack \u6838\u5fc3\u9879\u76ee\u90fd\u662f\u6839\u636e Apache License 2.0 \u8bb8\u53ef\u8bc1\u7684\u6761\u6b3e\u63d0\u4f9b\u7684\u3002 Apache Web \u670d\u52a1\u5668 \u76ee\u524d\u5728 Internet \u4e0a\u4f7f\u7528\u7684\u6700\u5e38\u7528\u7684 Web \u670d\u52a1\u5668\u8f6f\u4ef6\u3002 API \u7aef\u70b9 \u5ba2\u6237\u7aef\u4e3a\u8bbf\u95ee API \u800c\u4e0e\u4e4b\u901a\u4fe1\u7684\u5b88\u62a4\u7a0b\u5e8f\u3001\u5de5\u4f5c\u7a0b\u5e8f\u6216\u670d\u52a1\u3002API \u7ec8\u7ed3\u70b9\u53ef\u4ee5\u63d0\u4f9b\u4efb\u610f\u6570\u91cf\u7684\u670d\u52a1\uff0c\u4f8b\u5982\u8eab\u4efd\u9a8c\u8bc1\u3001\u9500\u552e\u6570\u636e\u3001\u6027\u80fd\u6307\u6807\u3001\u8ba1\u7b97 VM \u547d\u4ee4\u3001\u4eba\u53e3\u666e\u67e5\u6570\u636e\u7b49\u3002 API \u6269\u5c55 \u6269\u5c55\u67d0\u4e9b OpenStack \u6838\u5fc3 API \u7684\u81ea\u5b9a\u4e49\u6a21\u5757\u3002 API \u6269\u5c55\u63d2\u4ef6 \u7f51\u7edc\u63d2\u4ef6\u6216\u7f51\u7edc API \u6269\u5c55\u7684\u66ff\u4ee3\u672f\u8bed\u3002 API \u5bc6\u94a5 API \u4ee4\u724c\u7684\u66ff\u4ee3\u672f\u8bed\u3002 API \u670d\u52a1\u5668 \u8fd0\u884c\u63d0\u4f9b API \u7aef\u70b9\u7684\u5b88\u62a4\u7a0b\u5e8f\u6216\u5de5\u4f5c\u7ebf\u7a0b\u7684\u4efb\u4f55\u8282\u70b9\u3002 API \u4ee4\u724c \u4f20\u9012\u7ed9 API \u8bf7\u6c42\u5e76\u7531 OpenStack \u7528\u4e8e\u9a8c\u8bc1\u5ba2\u6237\u7aef\u662f\u5426\u6709\u6743\u8fd0\u884c\u8bf7\u6c42\u7684\u64cd\u4f5c\u3002 API \u7248\u672c \u5728 OpenStack \u4e2d\uff0c\u9879\u76ee\u7684 API \u7248\u672c\u662f URL \u7684\u4e00\u90e8\u5206\u3002\u4f8b\u5982\uff0c example.com/nova/v1/foobar . \u5c0f\u5e94\u7528\u7a0b\u5e8f \u53ef\u4ee5\u5d4c\u5165\u5230\u7f51\u9875\u4e2d\u7684 Java \u7a0b\u5e8f\u3002 \u5e94\u7528\u7a0b\u5e8f\u76ee\u5f55\u670d\u52a1\uff08murano\uff09 \u63d0\u4f9b\u5e94\u7528\u7a0b\u5e8f\u76ee\u5f55\u670d\u52a1\u7684\u9879\u76ee\uff0c\u4ee5\u4fbf\u7528\u6237\u53ef\u4ee5\u5728\u7ba1\u7406\u5e94\u7528\u7a0b\u5e8f\u751f\u547d\u5468\u671f\u7684\u540c\u65f6\uff0c\u5728\u5e94\u7528\u7a0b\u5e8f\u62bd\u8c61\u7ea7\u522b\u4e0a\u7f16\u5199\u548c\u90e8\u7f72\u590d\u5408\u73af\u5883\u3002 \u5e94\u7528\u7a0b\u5e8f\u7f16\u7a0b\u63a5\u53e3\uff08API\uff09 \u7528\u4e8e\u8bbf\u95ee\u670d\u52a1\u3001\u5e94\u7528\u7a0b\u5e8f\u6216\u7a0b\u5e8f\u7684\u89c4\u8303\u96c6\u5408\u3002\u5305\u62ec\u670d\u52a1\u8c03\u7528\u3001\u6bcf\u4e2a\u8c03\u7528\u7684\u5fc5\u9700\u53c2\u6570\u4ee5\u53ca\u9884\u671f\u7684\u8fd4\u56de\u503c\u3002 \u5e94\u7528\u670d\u52a1\u5668 \u4e00\u79cd\u8f6f\u4ef6\uff0c\u5b83\u4f7f\u53e6\u4e00\u79cd\u8f6f\u4ef6\u5728\u7f51\u7edc\u4e0a\u53ef\u7528\u3002 \u5e94\u7528\u670d\u52a1\u63d0\u4f9b\u8005\u5546\uff08ASP\uff09 \u79df\u7528\u4e13\u7528\u5e94\u7528\u7a0b\u5e8f\u7684\u516c\u53f8\uff0c\u8fd9\u4e9b\u5e94\u7528\u7a0b\u5e8f\u53ef\u5e2e\u52a9\u4f01\u4e1a\u548c\u7ec4\u7ec7\u4ee5\u66f4\u4f4e\u7684\u6210\u672c\u63d0\u4f9b\u9644\u52a0\u670d\u52a1\u3002 \u53ef\u5206\u914d \u7528\u4e8e\u7ef4\u62a4 Linux \u5185\u6838\u9632\u706b\u5899\u6a21\u5757\u4e2d\u7684\u5730\u5740\u89e3\u6790\u534f\u8bae\u6570\u636e\u5305\u8fc7\u6ee4\u89c4\u5219\u7684\u5de5\u5177\u3002\u5728\u8ba1\u7b97\u4e2d\u4e0e iptables\u3001ebtables \u548c ip6tables \u4e00\u8d77\u4f7f\u7528\uff0c\u4e3a VM \u63d0\u4f9b\u9632\u706b\u5899\u670d\u52a1\u3002 \u5173\u8054 \u5c06\u8ba1\u7b97\u6d6e\u52a8 IP \u5730\u5740\u4e0e\u56fa\u5b9a IP \u5730\u5740\u5173\u8054\u7684\u8fc7\u7a0b\u3002 \u5f02\u6b65 JavaScript \u548c XML \uff08AJAX\uff09 \u4e00\u7ec4\u76f8\u4e92\u5173\u8054\u7684 Web \u5f00\u53d1\u6280\u672f\uff0c\u7528\u4e8e\u5728\u5ba2\u6237\u7aef\u521b\u5efa\u5f02\u6b65 Web \u5e94\u7528\u7a0b\u5e8f\u3002\u5728\u5730\u5e73\u7ebf\u4e2d\u5e7f\u6cdb\u4f7f\u7528\u3002 \u4ee5\u592a\u7f51 ATA \uff08AoE\uff09 \u5728\u4ee5\u592a\u7f51\u4e2d\u5efa\u7acb\u96a7\u9053\u7684\u78c1\u76d8\u5b58\u50a8\u534f\u8bae\u3002 \u9644\u52a0 \u5728\u7f51\u7edc\u4e2d\u5c06 VIF \u6216 vNIC \u8fde\u63a5\u5230 L2 \u7f51\u7edc\u7684\u8fc7\u7a0b\u3002\u5728\u8ba1\u7b97\u4e0a\u4e0b\u6587\u4e2d\uff0c\u6b64\u8fc7\u7a0b\u5c06\u5b58\u50a8\u5377\u8fde\u63a5\u5230\u5b9e\u4f8b\u3002 \u9644\u4ef6\uff08\u7f51\u7edc\uff09 \u63a5\u53e3 ID \u4e0e\u903b\u8f91\u7aef\u53e3\u7684\u5173\u8054\u3002\u5c06\u63a5\u53e3\u63d2\u5165\u7aef\u53e3\u3002 \u5ba1\u8ba1 \u901a\u8fc7\u7cfb\u7edf\u4f7f\u7528\u60c5\u51b5\u6570\u636e\u5de5\u5177\u5728\u8ba1\u7b97\u4e2d\u63d0\u4f9b\u3002 \u5ba1\u8ba1\u5458 \u9a8c\u8bc1\u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61\u3001\u5bb9\u5668\u548c\u5e10\u6237\u5b8c\u6574\u6027\u7684\u5de5\u4f5c\u8fdb\u7a0b\u3002\u5ba1\u6838\u5458\u662f\u5bf9\u8c61\u5b58\u50a8\u5e10\u6237\u5ba1\u8ba1\u5458\u3001\u5bb9\u5668\u5ba1\u8ba1\u5458\u548c\u5bf9\u8c61\u5ba1\u8ba1\u5458\u7684\u7edf\u79f0\u3002 Austin OpenStack \u521d\u59cb\u7248\u672c\u7684\u4ee3\u53f7\u3002\u9996\u5c4a\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u7f8e\u56fd\u5fb7\u514b\u8428\u65af\u5dde\u5965\u65af\u6c40\u4e3e\u884c\u3002 auth \u8282\u70b9 \u5bf9\u8c61\u5b58\u50a8\u6388\u6743\u8282\u70b9\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u8eab\u4efd\u9a8c\u8bc1 \u901a\u8fc7\u79c1\u94a5\u3001\u79d8\u5bc6\u4ee4\u724c\u3001\u5bc6\u7801\u3001\u6307\u7eb9\u6216\u7c7b\u4f3c\u65b9\u6cd5\u786e\u8ba4\u7528\u6237\u3001\u8fdb\u7a0b\u6216\u5ba2\u6237\u7aef\u786e\u5b9e\u662f\u4ed6\u4eec\u6240\u8bf4\u7684\u4eba\u7684\u8fc7\u7a0b\u3002 \u8eab\u4efd\u9a8c\u8bc1\u4ee4\u724c \u8eab\u4efd\u9a8c\u8bc1\u540e\u63d0\u4f9b\u7ed9\u5ba2\u6237\u7aef\u7684\u6587\u672c\u5b57\u7b26\u4e32\u3002\u5fc5\u987b\u7531\u7528\u6237\u6216\u8fdb\u7a0b\u5728\u5bf9 API \u7aef\u70b9\u7684\u540e\u7eed\u8bf7\u6c42\u4e2d\u63d0\u4f9b\u3002 AuthN \u63d0\u4f9b\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u7684\u6807\u8bc6\u670d\u52a1\u7ec4\u4ef6\u3002 \u6388\u6743 \u9a8c\u8bc1\u7528\u6237\u3001\u8fdb\u7a0b\u6216\u5ba2\u6237\u7aef\u662f\u5426\u6709\u6743\u6267\u884c\u64cd\u4f5c\u7684\u884c\u4e3a\u3002 \u6388\u6743\u8282\u70b9 \u63d0\u4f9b\u6388\u6743\u670d\u52a1\u7684\u5bf9\u8c61\u5b58\u50a8\u8282\u70b9\u3002 AuthZ \u63d0\u4f9b\u9ad8\u7ea7\u6388\u6743\u670d\u52a1\u7684\u8eab\u4efd\u7ec4\u4ef6\u3002 \u81ea\u52a8\u786e\u8ba4 RabbitMQ \u4e2d\u7684\u914d\u7f6e\u8bbe\u7f6e\uff0c\u7528\u4e8e\u542f\u7528\u6216\u7981\u7528\u6d88\u606f\u786e\u8ba4\u3002\u9ed8\u8ba4\u542f\u7528\u3002 \u81ea\u52a8\u58f0\u660e \u4e00\u4e2a Compute RabbitMQ \u8bbe\u7f6e\uff0c\u7528\u4e8e\u786e\u5b9a\u5728\u7a0b\u5e8f\u542f\u52a8\u65f6\u662f\u5426\u81ea\u52a8\u521b\u5efa\u6d88\u606f\u4ea4\u6362\u3002 \u53ef\u7528\u533a \u7528\u4e8e\u5bb9\u9519\u7684\u9694\u79bb\u533a\u57df\u7684 Amazon EC2 \u6982\u5ff5\u3002\u4e0d\u8981\u4e0e OpenStack Compute \u533a\u57df\u6216\u5355\u5143\u6df7\u6dc6\u3002 AWS CloudFormation \u6a21\u677f AWS CloudFormation \u5141\u8bb8 Amazon Web Services \uff08AWS\uff09 \u7528\u6237\u521b\u5efa\u548c\u7ba1\u7406\u76f8\u5173\u8d44\u6e90\u7684\u96c6\u5408\u3002\u7f16\u6392\u670d\u52a1\u652f\u6301\u4e0e CloudFormation \u517c\u5bb9\u7684\u683c\u5f0f \uff08CFN\uff09\u3002 B \u00b6 \u540e\u7aef \u5bf9\u7528\u6237\u8fdb\u884c\u6a21\u7cca\u5904\u7406\u7684\u4ea4\u4e92\u548c\u8fdb\u7a0b\uff0c\u4f8b\u5982\u8ba1\u7b97\u5377\u6302\u8f7d\u3001\u5b88\u62a4\u7a0b\u5e8f\u5411 iSCSI \u76ee\u6807\u4f20\u8f93\u6570\u636e\u6216\u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61\u5b8c\u6574\u6027\u68c0\u67e5\u3002 \u540e\u7aef\u76ee\u5f55 \u8eab\u4efd\u670d\u52a1\u76ee\u5f55\u670d\u52a1\u7528\u4e8e\u5b58\u50a8\u548c\u68c0\u7d22\u6709\u5173\u5ba2\u6237\u7aef\u53ef\u7528\u7684 API \u7aef\u70b9\u7684\u4fe1\u606f\u7684\u5b58\u50a8\u65b9\u6cd5\u3002\u793a\u4f8b\u5305\u62ec SQL \u6570\u636e\u5e93\u3001LDAP \u6570\u636e\u5e93\u6216 KVS \u540e\u7aef\u3002 \u540e\u7aef\u5b58\u50a8 \u7528\u4e8e\u4fdd\u5b58\u548c\u68c0\u7d22\u670d\u52a1\u4fe1\u606f\u7684\u6301\u4e45\u6027\u6570\u636e\u5b58\u50a8\uff0c\u4f8b\u5982\u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61\u5217\u8868\u3001\u5ba2\u6237\u673a\u865a\u62df\u673a\u7684\u5f53\u524d\u72b6\u6001\u3001\u7528\u6237\u540d\u5217\u8868\u7b49\u3002\u6b64\u5916\uff0c\u6620\u50cf\u670d\u52a1\u7528\u4e8e\u83b7\u53d6\u548c\u5b58\u50a8 VM \u6620\u50cf\u7684\u65b9\u6cd5\u3002\u9009\u9879\u5305\u62ec\u5bf9\u8c61\u5b58\u50a8\u3001\u672c\u5730\u6302\u8f7d\u7684\u6587\u4ef6\u7cfb\u7edf\u3001RADOS \u5757\u8bbe\u5907\u3001VMware \u6570\u636e\u5b58\u50a8\u548c HTTP\u3002 \u5907\u4efd\u3001\u6062\u590d\u548c\u707e\u96be\u6062\u590d\u670d\u52a1\uff08freezer\uff09 \u63d0\u4f9b\u7528\u4e8e\u5907\u4efd\u3001\u8fd8\u539f\u548c\u6062\u590d\u6587\u4ef6\u7cfb\u7edf\u3001\u5b9e\u4f8b\u6216\u6570\u636e\u5e93\u5907\u4efd\u7684\u96c6\u6210\u5de5\u5177\u7684\u9879\u76ee\u3002 \u5e26\u5bbd \u901a\u4fe1\u8d44\u6e90\uff08\u5982 Internet\uff09\u4f7f\u7528\u7684\u53ef\u7528\u6570\u636e\u91cf\u3002\u8868\u793a\u7528\u4e8e\u4e0b\u8f7d\u5185\u5bb9\u7684\u6570\u636e\u91cf\u6216\u53ef\u4f9b\u4e0b\u8f7d\u7684\u6570\u636e\u91cf\u3002 barbican Key Manager \u670d\u52a1\u7684\u4ee3\u53f7\u3002 \u88f8\u673a \u6620\u50cf\u670d\u52a1\u5bb9\u5668\u683c\u5f0f\uff0c\u6307\u793a VM \u6620\u50cf\u4e0d\u5b58\u5728\u5bb9\u5668\u3002 \u88f8\u673a\u670d\u52a1\uff08ironic\uff09 OpenStack \u670d\u52a1\uff0c\u5b83\u63d0\u4f9b\u670d\u52a1\u548c\u5173\u8054\u7684\u5e93\uff0c\u80fd\u591f\u4ee5\u5b89\u5168\u611f\u77e5\u548c\u5bb9\u9519\u7684\u65b9\u5f0f\u7ba1\u7406\u548c\u914d\u7f6e\u7269\u7406\u673a\u3002 \u57fa\u7840\u6620\u50cf OpenStack \u63d0\u4f9b\u7684\u6620\u50cf\u3002 Bell-LaPadula \u6a21\u578b \u4e00\u79cd\u5b89\u5168\u6a21\u578b\uff0c\u4fa7\u91cd\u4e8e\u6570\u636e\u673a\u5bc6\u6027\u548c\u5bf9\u673a\u5bc6\u4fe1\u606f\u7684\u53d7\u63a7\u8bbf\u95ee\u3002\u8be5\u6a21\u578b\u5c06\u5b9e\u4f53\u5206\u4e3a\u4e3b\u4f53\u548c\u5ba2\u4f53\u3002\u5c06\u4e3b\u4f53\u7684\u8bb8\u53ef\u4e0e\u4e3b\u4f53\u7684\u5206\u7c7b\u8fdb\u884c\u6bd4\u8f83\uff0c\u4ee5\u786e\u5b9a\u4e3b\u4f53\u662f\u5426\u88ab\u6388\u6743\u7528\u4e8e\u7279\u5b9a\u7684\u8bbf\u95ee\u6a21\u5f0f\u3002\u95f4\u9699\u6216\u5206\u7c7b\u65b9\u6848\u7528\u6676\u683c\u8868\u793a\u3002 \u57fa\u51c6\u670d\u52a1\uff08\u53cd\u5f39\uff09 OpenStack\u9879\u76ee\uff0c\u4e3a\u5355\u4e2aOpenStack\u7ec4\u4ef6\u7684\u6027\u80fd\u5206\u6790\u548c\u57fa\u51c6\u6d4b\u8bd5\u4ee5\u53ca\u5b8c\u6574\u7684\u751f\u4ea7OpenStack\u4e91\u90e8\u7f72\u63d0\u4f9b\u4e86\u4e00\u4e2a\u6846\u67b6\u3002 Bexar 2011 \u5e74 2 \u6708\u53d1\u5e03\u7684\u4e0e OpenStack \u76f8\u5173\u7684\u9879\u76ee\u7684\u5206\u7ec4\u7248\u672c\u3002\u5b83\u4ec5\u5305\u62ec\u8ba1\u7b97 \uff08nova\uff09 \u548c\u5bf9\u8c61\u5b58\u50a8 \uff08swift\uff09\u3002Bexar \u662f OpenStack \u7b2c\u4e8c\u4e2a\u7248\u672c\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u7f8e\u56fd\u5fb7\u514b\u8428\u65af\u5dde\u5723\u5b89\u4e1c\u5c3c\u5965\u4e3e\u884c\uff0c\u8fd9\u91cc\u662f\u8d1d\u514b\u8428\u5c14\u53bf\u7684\u53bf\u57ce\u3002 \u4e8c\u8fdb\u5236 \u4ec5\u7531 1 \u548c 0 \u7ec4\u6210\u7684\u4fe1\u606f\uff0c\u8fd9\u662f\u8ba1\u7b97\u673a\u7684\u8bed\u8a00\u3002 \u4f4d \u4f4d\u662f\u4ee5 2 \u4e3a\u57fa\u6570\u7684\u4e2a\u4f4d\u6570\uff080 \u6216 1\uff09\u3002\u5e26\u5bbd\u4f7f\u7528\u91cf\u4ee5\u6bcf\u79d2\u4f4d\u6570\u4e3a\u5355\u4f4d\u3002 \u6bcf\u79d2\u6bd4\u7279\u6570 \uff08BPS\uff09 \u901a\u7528\u6d4b\u91cf\u6570\u636e\u4ece\u4e00\u4e2a\u5730\u65b9\u4f20\u8f93\u5230\u53e6\u4e00\u4e2a\u5730\u65b9\u7684\u901f\u5ea6\u3002 \u5757\u8bbe\u5907 \u4e00\u79cd\u4ee5\u5757\u7684\u5f62\u5f0f\u79fb\u52a8\u6570\u636e\u7684\u8bbe\u5907\u3002\u8fd9\u4e9b\u8bbe\u5907\u8282\u70b9\u8fde\u63a5\u8bbe\u5907\uff0c\u4f8b\u5982\u786c\u76d8\u3001CD-ROM \u9a71\u52a8\u5668\u3001\u95ea\u5b58\u9a71\u52a8\u5668\u548c\u5176\u4ed6\u53ef\u5bfb\u5740\u5185\u5b58\u533a\u57df\u3002 \u533a\u5757\u8fc1\u79fb KVM \u4f7f\u7528\u7684\u4e00\u79cd\u865a\u62df\u673a\u5b9e\u65f6\u8fc1\u79fb\u65b9\u6cd5\uff0c\u7528\u4e8e\u5728\u7528\u6237\u542f\u52a8\u7684\u5207\u6362\u671f\u95f4\u5c06\u5b9e\u4f8b\u4ece\u4e00\u53f0\u4e3b\u673a\u64a4\u79bb\u5230\u53e6\u4e00\u53f0\u4e3b\u673a\uff0c\u505c\u673a\u65f6\u95f4\u975e\u5e38\u77ed\u3002\u4e0d\u9700\u8981\u5171\u4eab\u5b58\u50a8\u3002\u7531\u8ba1\u7b97\u652f\u6301\u3002 \u5757\u5b58\u50a8 API \u5355\u72ec\u7ec8\u7ed3\u70b9\u4e0a\u7684 API\uff0c\u7528\u4e8e\u4e3a\u8ba1\u7b97 VM \u9644\u52a0\u3001\u5206\u79bb\u548c\u521b\u5efa\u5757\u5b58\u50a8\u3002 \u5757\u5b58\u50a8\u670d\u52a1\uff08cinder\uff09 OpenStack \u670d\u52a1\uff0c\u5b83\u5b9e\u73b0\u4e86\u670d\u52a1\u548c\u5e93\uff0c\u901a\u8fc7\u5728\u5176\u4ed6\u5757\u5b58\u50a8\u8bbe\u5907\u4e4b\u4e0a\u7684\u62bd\u8c61\u548c\u81ea\u52a8\u5316\uff0c\u63d0\u4f9b\u5bf9\u5757\u5b58\u50a8\u8d44\u6e90\u7684\u6309\u9700\u81ea\u52a9\u8bbf\u95ee\u3002 BMC\uff08\u57fa\u677f\u7ba1\u7406\u63a7\u5236\u5668\uff09 IPMI\u67b6\u6784\u4e2d\u7684\u667a\u80fd\uff0c\u5b83\u662f\u4e00\u79cd\u4e13\u7528\u7684\u5fae\u63a7\u5236\u5668\uff0c\u5d4c\u5165\u5728\u8ba1\u7b97\u673a\u4e3b\u677f\u4e0a\u5e76\u5145\u5f53\u670d\u52a1\u5668\u3002\u7ba1\u7406\u7cfb\u7edf\u7ba1\u7406\u8f6f\u4ef6\u548c\u5e73\u53f0\u786c\u4ef6\u4e4b\u95f4\u7684\u63a5\u53e3\u3002 \u53ef\u542f\u52a8\u78c1\u76d8\u6620\u50cf \u4e00\u79cd VM \u6620\u50cf\u7c7b\u578b\uff0c\u4ee5\u5355\u4e2a\u53ef\u542f\u52a8\u6587\u4ef6\u7684\u5f62\u5f0f\u5b58\u5728\u3002 Bootstrap \u534f\u8bae \uff08BOOTP\uff09 \u7f51\u7edc\u5ba2\u6237\u7aef\u7528\u4e8e\u4ece\u914d\u7f6e\u670d\u52a1\u5668\u83b7\u53d6 IP \u5730\u5740\u7684\u7f51\u7edc\u534f\u8bae\u3002\u5728\u4f7f\u7528 FlatDHCP \u7ba1\u7406\u5668\u6216 VLAN \u7ba1\u7406\u5668\u7f51\u7edc\u7ba1\u7406\u5668\u65f6\uff0c\u901a\u8fc7 dnsmasq \u5b88\u62a4\u7a0b\u5e8f\u8fdb\u884c\u8ba1\u7b97\u4e2d\u63d0\u4f9b\u3002 \u8fb9\u754c\u7f51\u5173\u534f\u8bae \uff08BGP\uff09 \u8fb9\u754c\u7f51\u5173\u534f\u8bae\u662f\u4e00\u79cd\u8fde\u63a5\u81ea\u6cbb\u7cfb\u7edf\u7684\u52a8\u6001\u8def\u7531\u534f\u8bae\u3002\u8be5\u534f\u8bae\u88ab\u8ba4\u4e3a\u662f\u4e92\u8054\u7f51\u7684\u9aa8\u5e72\uff0c\u5c06\u4e0d\u540c\u7684\u7f51\u7edc\u8fde\u63a5\u8d77\u6765\uff0c\u5f62\u6210\u4e00\u4e2a\u66f4\u5927\u7684\u7f51\u7edc\u3002 \u6d4f\u89c8\u5668 \u4f7f\u8ba1\u7b97\u673a\u6216\u8bbe\u5907\u80fd\u591f\u8bbf\u95ee Internet \u7684\u4efb\u4f55\u5ba2\u6237\u7aef\u8f6f\u4ef6\u3002 \u6784\u5efa\u5668\u6587\u4ef6 \u5305\u542b\u5bf9\u8c61\u5b58\u50a8\u7528\u4e8e\u91cd\u65b0\u914d\u7f6e\u73af\u6216\u5728\u53d1\u751f\u4e25\u91cd\u6545\u969c\u540e\u4ece\u5934\u5f00\u59cb\u91cd\u65b0\u521b\u5efa\u73af\u7684\u914d\u7f6e\u4fe1\u606f\u3002 \u6269\u5c55 \u5728\u4e3b\u73af\u5883\u8d44\u6e90\u53d7\u9650\u65f6\uff0c\u5229\u7528\u8f85\u52a9\u73af\u5883\u6309\u9700\u5f39\u6027\u6784\u5efa\u5b9e\u4f8b\u7684\u505a\u6cd5\u3002 \u6309\u94ae\u7c7b \u5730\u5e73\u7ebf\u4e2d\u7684\u4e00\u7ec4\u76f8\u5173\u6309\u94ae\u7c7b\u578b\u3002\u7528\u4e8e\u542f\u52a8\u3001\u505c\u6b62\u548c\u6302\u8d77 VM \u7684\u6309\u94ae\u4f4d\u4e8e\u4e00\u4e2a\u7c7b\u4e2d\u3002\u7528\u4e8e\u5173\u8054\u548c\u53d6\u6d88\u5173\u8054\u6d6e\u52a8 IP \u5730\u5740\u7684\u6309\u94ae\u4f4d\u4e8e\u53e6\u4e00\u4e2a\u7c7b\u4e2d\uff0c\u4f9d\u6b64\u7c7b\u63a8\u3002 \u5b57\u8282 \u6784\u6210\u5355\u4e2a\u5b57\u7b26\u7684\u4f4d\u96c6;\u4e00\u4e2a\u5b57\u8282\u901a\u5e38\u6709 8 \u4f4d\u3002 C \u00b6 \u7f13\u5b58\u4fee\u526a\u5668 \u5c06\u6620\u50cf\u670d\u52a1\u865a\u62df\u673a\u6620\u50cf\u7f13\u5b58\u4fdd\u6301\u5728\u6216\u4f4e\u4e8e\u5176\u914d\u7f6e\u7684\u6700\u5927\u5927\u5c0f\u7684\u7a0b\u5e8f\u3002 Cactus 2011 \u5e74\u6625\u5b63\u53d1\u5e03\u7684 OpenStack \u9879\u76ee\u5206\u7ec4\u7248\u672c\u3002\u5b83\u5305\u62ec\u8ba1\u7b97 \uff08nova\uff09\u3001\u5bf9\u8c61\u5b58\u50a8 \uff08swift\uff09 \u548c\u56fe\u50cf\u670d\u52a1 \uff08glance\uff09\u3002Cactus \u662f\u7f8e\u56fd\u5fb7\u514b\u8428\u65af\u5dde\u7684\u4e00\u4e2a\u57ce\u5e02\uff0c\u662f OpenStack \u7b2c\u4e09\u4e2a\u7248\u672c\u7684\u4ee3\u53f7\u3002\u5f53OpenStack\u7248\u672c\u4ece3\u4e2a\u6708\u5ef6\u957f\u52306\u4e2a\u6708\u65f6\uff0c\u8be5\u7248\u672c\u7684\u4ee3\u53f7\u53d1\u751f\u4e86\u53d8\u5316\uff0c\u4ee5\u5339\u914d\u6700\u63a5\u8fd1\u4e0a\u4e00\u6b21\u5cf0\u4f1a\u7684\u5730\u7406\u4f4d\u7f6e\u3002 \u8c03\u7528 OpenStack \u6d88\u606f\u961f\u5217\u8f6f\u4ef6\u4f7f\u7528\u7684 RPC \u539f\u8bed\u4e4b\u4e00\u3002\u53d1\u9001\u6d88\u606f\u5e76\u7b49\u5f85\u54cd\u5e94\u3002 \u80fd\u529b \u5b9a\u4e49\u5355\u5143\u7684\u8d44\u6e90\uff0c\u5305\u62ec CPU\u3001\u5b58\u50a8\u548c\u7f51\u7edc\u3002\u53ef\u4ee5\u5e94\u7528\u4e8e\u4e00\u4e2a\u5355\u5143\u6216\u6574\u4e2a\u5355\u5143\u5185\u7684\u7279\u5b9a\u670d\u52a1\u3002 \u5bb9\u91cf\u7f13\u5b58 \u8ba1\u7b97\u540e\u7aef\u6570\u636e\u5e93\u8868\uff0c\u5176\u4e2d\u5305\u542b\u5f53\u524d\u5de5\u4f5c\u8d1f\u8f7d\u3001\u53ef\u7528 RAM \u91cf\u4ee5\u53ca\u6bcf\u4e2a\u4e3b\u673a\u4e0a\u8fd0\u884c\u7684 VM \u6570\u3002\u7528\u4e8e\u786e\u5b9a VM \u5728\u54ea\u4e2a\u4e3b\u673a\u4e0a\u542f\u52a8\u3002 \u5bb9\u91cf\u66f4\u65b0\u7a0b\u5e8f \u76d1\u89c6 VM \u5b9e\u4f8b\u5e76\u6839\u636e\u9700\u8981\u66f4\u65b0\u5bb9\u91cf\u7f13\u5b58\u7684\u901a\u77e5\u9a71\u52a8\u7a0b\u5e8f\u3002 \u6295\u5c04 OpenStack \u6d88\u606f\u961f\u5217\u8f6f\u4ef6\u4f7f\u7528\u7684 RPC \u539f\u8bed\u4e4b\u4e00\u3002\u53d1\u9001\u6d88\u606f\uff0c\u4e0d\u7b49\u5f85\u54cd\u5e94\u3002 \u76ee\u5f55 \u7528\u6237\u5728\u4f7f\u7528 Identity \u670d\u52a1\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u540e\u53ef\u7528\u7684 API \u7aef\u70b9\u5217\u8868\u3002 \u76ee\u5f55\u670d\u52a1 \u4e00\u79cd\u8eab\u4efd\u670d\u52a1\uff0c\u5217\u51fa\u7528\u6237\u5728\u4f7f\u7528 Identity \u670d\u52a1\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u540e\u53ef\u7528\u7684 API \u7aef\u70b9\u3002 \u6d4b\u9ad8\u4eea OpenStack Telemetry \u670d\u52a1\u7684\u4e00\u90e8\u5206;\u6536\u96c6\u548c\u5b58\u50a8\u6765\u81ea\u5176\u4ed6 OpenStack \u670d\u52a1\u7684\u6307\u6807\u3002 \u5355\u5143\u683c \u5728\u5b50\u5173\u7cfb\u548c\u7236\u5173\u7cfb\u4e2d\u63d0\u4f9b\u8ba1\u7b97\u8d44\u6e90\u7684\u903b\u8f91\u5206\u533a\u3002\u5982\u679c\u7236\u5355\u5143\u65e0\u6cd5\u63d0\u4f9b\u8bf7\u6c42\u7684\u8d44\u6e90\uff0c\u5219\u8bf7\u6c42\u5c06\u4ece\u7236\u5355\u5143\u4f20\u9012\u5230\u5b50\u5355\u5143\u3002 \u5355\u5143\u683c\u8f6c\u53d1 \u4e00\u4e2a\u201c\u8ba1\u7b97\u201d\u9009\u9879\uff0c\u8be5\u9009\u9879\u4f7f\u7236\u5355\u5143\u80fd\u591f\u5728\u7236\u5355\u5143\u65e0\u6cd5\u63d0\u4f9b\u6240\u8bf7\u6c42\u7684\u8d44\u6e90\u65f6\u5c06\u8d44\u6e90\u8bf7\u6c42\u4f20\u9012\u7ed9\u5b50\u5355\u5143\u3002 \u5355\u5143\u683c\u7ba1\u7406\u5668 \u8ba1\u7b97\u7ec4\u4ef6\uff0c\u5176\u4e2d\u5305\u542b\u5355\u5143\u4e2d\u6bcf\u4e2a\u4e3b\u673a\u7684\u5f53\u524d\u529f\u80fd\u5217\u8868\uff0c\u5e76\u6839\u636e\u9700\u8981\u8def\u7531\u8bf7\u6c42\u3002 CentOS \u64cd\u4f5c\u7cfb\u7edf \u4e0e OpenStack \u517c\u5bb9\u7684 Linux \u53d1\u884c\u7248\u3002 Ceph \u51fd\u6570 \u53ef\u5927\u89c4\u6a21\u6269\u5c55\u7684\u5206\u5e03\u5f0f\u5b58\u50a8\u7cfb\u7edf\uff0c\u7531\u5bf9\u8c61\u5b58\u50a8\u3001\u5757\u5b58\u50a8\u548c\u517c\u5bb9 POSIX \u7684\u5206\u5e03\u5f0f\u6587\u4ef6\u7cfb\u7edf\u7ec4\u6210\u3002\u4e0eOpenStack\u517c\u5bb9\u3002 CephFS Ceph \u63d0\u4f9b\u7684\u7b26\u5408 POSIX \u6807\u51c6\u7684\u6587\u4ef6\u7cfb\u7edf\u3002 \u8bc1\u4e66\u9881\u53d1\u673a\u6784 \uff08CA\uff09 \u5728\u5bc6\u7801\u5b66\u4e2d\uff0c\u9881\u53d1\u6570\u5b57\u8bc1\u4e66\u7684\u5b9e\u4f53\u3002\u6570\u5b57\u8bc1\u4e66\u901a\u8fc7\u8bc1\u4e66\u7684\u6307\u5b9a\u4e3b\u4f53\u8bc1\u660e\u516c\u94a5\u7684\u6240\u6709\u6743\u3002\u8fd9\u4f7f\u5176\u4ed6\u4eba\uff08\u4f9d\u8d56\u65b9\uff09\u80fd\u591f\u4f9d\u8d56\u4e0e\u8ba4\u8bc1\u516c\u94a5\u76f8\u5bf9\u5e94\u7684\u79c1\u94a5\u6240\u505a\u7684\u7b7e\u540d\u6216\u65ad\u8a00\u3002\u5728\u8fd9\u79cd\u4fe1\u4efb\u5173\u7cfb\u6a21\u578b\u4e2d\uff0cCA \u662f\u8bc1\u4e66\u4e3b\u4f53\uff08\u6240\u6709\u8005\uff09\u548c\u4f9d\u8d56\u8bc1\u4e66\u7684\u4e00\u65b9\u7684\u53d7\u4fe1\u4efb\u7b2c\u4e09\u65b9\u3002CA \u662f\u8bb8\u591a\u516c\u94a5\u57fa\u7840\u7ed3\u6784 \uff08PKI\uff09 \u65b9\u6848\u7684\u7279\u5f81\u3002\u5728 OpenStack \u4e2d\uff0cCompute \u4e3a cloudpipe VPN \u548c VM \u6620\u50cf\u89e3\u5bc6\u63d0\u4f9b\u4e86\u4e00\u4e2a\u7b80\u5355\u7684\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u3002 \u6311\u6218\u63e1\u624b\u8eab\u4efd\u9a8c\u8bc1\u534f\u8bae \uff08CHAP\uff09 \u8ba1\u7b97\u652f\u6301\u7684 iSCSI \u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u3002 \u673a\u4f1a\u8c03\u5ea6\u5668 \u8ba1\u7b97\u4f7f\u7528\u7684\u4e00\u79cd\u8ba1\u5212\u65b9\u6cd5\uff0c\u7528\u4e8e\u4ece\u6c60\u4e2d\u968f\u673a\u9009\u62e9\u53ef\u7528\u4e3b\u673a\u3002 \u81ea\u4e0a\u6b21\u66f4\u6539\u4ee5\u6765 \u4e00\u4e2a\u8ba1\u7b97 API \u53c2\u6570\uff0c\u8be5\u53c2\u6570\u5141\u8bb8\u4e0b\u8f7d\u81ea\u4e0a\u6b21\u8bf7\u6c42\u4ee5\u6765\u5bf9\u6240\u8bf7\u6c42\u9879\u7684\u66f4\u6539\uff0c\u800c\u4e0d\u662f\u4e0b\u8f7d\u4e00\u7ec4\u65b0\u7684\u6570\u636e\u5e76\u5c06\u5176\u4e0e\u65e7\u6570\u636e\u8fdb\u884c\u6bd4\u8f83\u3002 Chef \u652f\u6301 OpenStack \u90e8\u7f72\u7684\u64cd\u4f5c\u7cfb\u7edf\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\u3002 \u5b50\u5355\u5143\u683c \u5982\u679c\u8bf7\u6c42\u7684\u8d44\u6e90\uff08\u5982 CPU \u65f6\u95f4\u3001\u78c1\u76d8\u5b58\u50a8\u6216\u5185\u5b58\uff09\u5728\u7236\u5355\u5143\u4e2d\u4e0d\u53ef\u7528\uff0c\u5219\u8be5\u8bf7\u6c42\u5c06\u8f6c\u53d1\u5230\u5176\u5173\u8054\u7684\u5b50\u5355\u5143\u3002\u5982\u679c\u5b50\u5355\u5143\u53ef\u4ee5\u6ee1\u8db3\u8bf7\u6c42\uff0c\u5219\u5b83\u786e\u5b9e\u53ef\u4ee5\u3002\u5426\u5219\uff0c\u5b83\u4f1a\u5c1d\u8bd5\u5c06\u8bf7\u6c42\u4f20\u9012\u7ed9\u5176\u4efb\u4f55\u5b50\u7ea7\u3002 cinder \u5757\u5b58\u50a8\u670d\u52a1\u7684\u4ee3\u53f7\u3002 CirrOS \u4e00\u4e2a\u6700\u5c0f\u7684 Linux \u53d1\u884c\u7248\uff0c\u8bbe\u8ba1\u7528\u4f5c\u4e91\uff08\u5982 OpenStack\uff09\u4e0a\u7684\u6d4b\u8bd5\u6620\u50cf\u3002 Cisco neutron \u63d2\u4ef6 \u9002\u7528\u4e8e Cisco \u8bbe\u5907\u548c\u6280\u672f\uff08\u5305\u62ec UCS \u548c Nexus\uff09\u7684\u7f51\u7edc\u63d2\u4ef6\u3002 \u4e91\u67b6\u6784\u5e08 \u8ba1\u5212\u3001\u8bbe\u8ba1\u548c\u76d1\u7763\u4e91\u521b\u5efa\u7684\u4eba\u3002 \u4e91\u5ba1\u8ba1\u6570\u636e\u8054\u90a6 \uff08CADF\uff09 Cloud Auditing Data Federation \uff08CADF\uff09 \u662f\u7528\u4e8e\u5ba1\u6838\u4e8b\u4ef6\u6570\u636e\u7684\u89c4\u8303\u3002CADF \u53d7 OpenStack Identity \u652f\u6301\u3002 \u4e91\u8ba1\u7b97 \u4e00\u79cd\u6a21\u578b\uff0c\u652f\u6301\u8bbf\u95ee\u53ef\u914d\u7f6e\u8ba1\u7b97\u8d44\u6e90\uff08\u5982\u7f51\u7edc\u3001\u670d\u52a1\u5668\u3001\u5b58\u50a8\u3001\u5e94\u7528\u7a0b\u5e8f\u548c\u670d\u52a1\uff09\u7684\u5171\u4eab\u6c60\uff0c\u8fd9\u4e9b\u8d44\u6e90\u53ef\u4ee5\u5feb\u901f\u914d\u7f6e\u548c\u53d1\u5e03\uff0c\u53ea\u9700\u6700\u5c11\u7684\u7ba1\u7406\u5de5\u4f5c\u6216\u670d\u52a1\u63d0\u4f9b\u5546\u4ea4\u4e92\u3002 \u4e91\u8ba1\u7b97\u57fa\u7840\u8bbe\u65bd \u652f\u6301\u4e91\u8ba1\u7b97\u6a21\u578b\u7684\u8ba1\u7b97\u8981\u6c42\u6240\u9700\u7684\u786c\u4ef6\u548c\u8f6f\u4ef6\u7ec4\u4ef6\uff0c\u4f8b\u5982\u670d\u52a1\u5668\u3001\u5b58\u50a8\u3001\u7f51\u7edc\u548c\u865a\u62df\u5316\u8f6f\u4ef6\u3002 \u4e91\u8ba1\u7b97\u5e73\u53f0\u8f6f\u4ef6 \u901a\u8fc7\u4e92\u8054\u7f51\u63d0\u4f9b\u4e0d\u540c\u7684\u670d\u52a1\u3002\u8fd9\u4e9b\u8d44\u6e90\u5305\u62ec\u6570\u636e\u5b58\u50a8\u3001\u670d\u52a1\u5668\u3001\u6570\u636e\u5e93\u3001\u7f51\u7edc\u548c\u8f6f\u4ef6\u7b49\u5de5\u5177\u548c\u5e94\u7528\u7a0b\u5e8f\u3002\u53ea\u8981\u7535\u5b50\u8bbe\u5907\u53ef\u4ee5\u8bbf\u95ee\u7f51\u7edc\uff0c\u5b83\u5c31\u53ef\u4ee5\u8bbf\u95ee\u6570\u636e\u548c\u8fd0\u884c\u5b83\u7684\u8f6f\u4ef6\u7a0b\u5e8f\u3002 \u4e91\u8ba1\u7b97\u670d\u52a1\u67b6\u6784 \u4e91\u670d\u52a1\u4f53\u7cfb\u7ed3\u6784\u5b9a\u4e49\u4e86\u5728\u4f01\u4e1a\u4e1a\u52a1\u7f51\u7edc\u8fb9\u754c\u5185\u548c\u8de8\u4f01\u4e1a\u4e1a\u52a1\u7f51\u7edc\u8fb9\u754c\u5b9e\u65bd\u7684\u6574\u4f53\u4e91\u8ba1\u7b97\u670d\u52a1\u548c\u89e3\u51b3\u65b9\u6848\u3002\u8003\u8651\u6838\u5fc3\u4e1a\u52a1\u9700\u6c42\uff0c\u5e76\u5c06\u5176\u4e0e\u53ef\u80fd\u7684\u4e91\u89e3\u51b3\u65b9\u6848\u76f8\u5339\u914d\u3002 \u4e91\u63a7\u5236\u5668 \u8868\u793a\u4e91\u5168\u5c40\u72b6\u6001\u7684\u8ba1\u7b97\u7ec4\u4ef6\u7684\u96c6\u5408;\u901a\u8fc7\u961f\u5217\u4e0e\u670d\u52a1\uff08\u4f8b\u5982\u8eab\u4efd\u8ba4\u8bc1\u3001\u5bf9\u8c61\u5b58\u50a8\u548c\u8282\u70b9/\u5b58\u50a8\u5de5\u4f5c\u7ebf\u7a0b\uff09\u8fdb\u884c\u901a\u4fe1\u3002 \u4e91\u63a7\u5236\u5668\u8282\u70b9 \u8fd0\u884c\u7f51\u7edc\u3001\u5377\u3001API\u3001\u8c03\u5ea6\u7a0b\u5e8f\u548c\u6620\u50cf\u670d\u52a1\u7684\u8282\u70b9\u3002\u6bcf\u4e2a\u670d\u52a1\u90fd\u53ef\u4ee5\u5206\u89e3\u4e3a\u5355\u72ec\u7684\u8282\u70b9\uff0c\u4ee5\u5b9e\u73b0\u53ef\u4f38\u7f29\u6027\u6216\u53ef\u7528\u6027\u3002 \u4e91\u6570\u636e\u7ba1\u7406\u63a5\u53e3\uff08CDMI\uff09 SINA\u6807\u51c6\u5b9a\u4e49\u4e86\u4e00\u4e2aRESTful API\uff0c\u7528\u4e8e\u7ba1\u7406\u4e91\u4e2d\u7684\u5bf9\u8c61\uff0c\u76ee\u524d\u5728OpenStack\u4e2d\u4e0d\u53d7\u652f\u6301\u3002 \u4e91\u57fa\u7840\u8bbe\u65bd\u7ba1\u7406\u63a5\u53e3\uff08CIMI\uff09 \u6b63\u5728\u8fdb\u884c\u7684\u4e91\u7ba1\u7406\u89c4\u8303\u3002\u76ee\u524d\u5728 OpenStack \u4e2d\u4e0d\u53d7\u652f\u6301\u3002 \u4e91\u6280\u672f \u4e91\u662f\u7531\u7ba1\u7406\u548c\u81ea\u52a8\u5316\u8f6f\u4ef6\u7f16\u6392\u7684\u865a\u62df\u6e90\u5de5\u5177\u3002\u8fd9\u5305\u62ec\u539f\u59cb\u5904\u7406\u80fd\u529b\u3001\u5185\u5b58\u3001\u7f51\u7edc\u3001\u57fa\u4e8e\u4e91\u7684\u5e94\u7528\u7a0b\u5e8f\u7684\u5b58\u50a8\u3002 cloud-init \u51fd\u6570 \u901a\u5e38\u5b89\u88c5\u5728 VM \u6620\u50cf\u4e2d\u7684\u5305\uff0c\u7528\u4e8e\u5728\u542f\u52a8\u540e\u4f7f\u7528\u4ece\u5143\u6570\u636e\u670d\u52a1\u68c0\u7d22\u5230\u7684\u4fe1\u606f\uff08\u5982 SSH \u516c\u94a5\u548c\u7528\u6237\u6570\u636e\uff09\u6267\u884c\u5b9e\u4f8b\u7684\u521d\u59cb\u5316\u3002 cloudadmin \u8ba1\u7b97 RBAC \u7cfb\u7edf\u4e2d\u7684\u9ed8\u8ba4\u89d2\u8272\u4e4b\u4e00\u3002\u6388\u4e88\u5b8c\u6574\u7684\u7cfb\u7edf\u8bbf\u95ee\u6743\u9650\u3002 Cloudbase-\u521d\u59cb\u5316 \u63d0\u4f9b\u6765\u5bbe\u521d\u59cb\u5316\u529f\u80fd\u7684 Windows \u9879\u76ee\uff0c\u7c7b\u4f3c\u4e8e cloud-init\u3002 cloudpipe \u4e00\u79cd\u57fa\u4e8e\u6bcf\u4e2a\u9879\u76ee\u521b\u5efa VPN \u7684\u8ba1\u7b97\u670d\u52a1\u3002 CloudPipe \u955c\u50cf \u4f5c\u4e3a cloudpipe \u670d\u52a1\u5668\u7684\u9884\u5236 VM \u955c\u50cf\u3002\u4ece\u672c\u8d28\u4e0a\u8bb2\uff0cOpenVPN\u8fd0\u884c\u5728Linux\u4e0a\u3002 \u96c6\u7fa4\u670d\u52a1\uff08senlin\uff09 \u5b9e\u73b0\u96c6\u7fa4\u670d\u52a1\u548c\u5e93\u7684\u9879\u76ee\uff0c\u7528\u4e8e\u7ba1\u7406\u7531\u5176\u4ed6 OpenStack \u670d\u52a1\u516c\u5f00\u7684\u540c\u6784\u5bf9\u8c61\u7ec4\u3002 \u547d\u4ee4\u8fc7\u6ee4\u5668 \u5217\u51fa\u8ba1\u7b97 rootwrap \u5de5\u5177\u4e2d\u5141\u8bb8\u7684\u547d\u4ee4\u3002 \u547d\u4ee4\u884c\u754c\u9762 \uff08CLI\uff09 \u4e00\u4e2a\u57fa\u4e8e\u6587\u672c\u7684\u5ba2\u6237\u7aef\uff0c\u53ef\u5e2e\u52a9\u60a8\u521b\u5efa\u811a\u672c\u4ee5\u4e0e OpenStack \u4e91\u8fdb\u884c\u4ea4\u4e92\u3002 \u901a\u7528 Internet \u6587\u4ef6\u7cfb\u7edf \uff08CIFS\uff09 \u6587\u4ef6\u5171\u4eab\u534f\u8bae\u3002\u5b83\u662f Microsoft \u5f00\u53d1\u548c\u4f7f\u7528\u7684\u539f\u59cb\u670d\u52a1\u5668\u6d88\u606f\u5757 \uff08SMB\uff09 \u534f\u8bae\u7684\u516c\u5171\u6216\u5f00\u653e\u53d8\u4f53\u3002\u4e0e SMB \u534f\u8bae\u4e00\u6837\uff0c CIFS \u5728\u66f4\u9ad8\u7ea7\u522b\u8fd0\u884c\u5e76\u4f7f\u7528 TCP/IP \u534f\u8bae\u3002 \u516c\u5171\u5e93 \uff08oslo\uff09 \u751f\u6210\u4e00\u7ec4 python \u5e93\u7684\u9879\u76ee\uff0c\u5176\u4e2d\u5305\u542b OpenStack \u9879\u76ee\u5171\u4eab\u7684\u4ee3\u7801\u3002\u8fd9\u4e9b\u5e93\u63d0\u4f9b\u7684 API \u5e94\u8be5\u662f\u9ad8\u8d28\u91cf\u3001\u7a33\u5b9a\u3001\u4e00\u81f4\u3001\u6709\u6587\u6863\u8bb0\u5f55\u7684\u548c\u666e\u904d\u9002\u7528\u7684\u3002 \u793e\u533a\u9879\u76ee \u4e00\u4e2a\u6ca1\u6709\u5f97\u5230OpenStack\u6280\u672f\u59d4\u5458\u4f1a\u6b63\u5f0f\u8ba4\u53ef\u7684\u9879\u76ee\u3002\u5982\u679c\u9879\u76ee\u8db3\u591f\u6210\u529f\uff0c\u5b83\u53ef\u80fd\u4f1a\u88ab\u63d0\u5347\u4e3a\u5b75\u5316\u9879\u76ee\uff0c\u7136\u540e\u88ab\u63d0\u5347\u4e3a\u6838\u5fc3\u9879\u76ee\uff0c\u6216\u8005\u5b83\u53ef\u80fd\u4e0e\u4e3b\u4ee3\u7801\u4e3b\u5e72\u5408\u5e76\u3002 \u538b\u7f29 \u901a\u8fc7\u7279\u6b8a\u7f16\u7801\u51cf\u5c0f\u6587\u4ef6\u5927\u5c0f\uff0c\u6587\u4ef6\u53ef\u4ee5\u518d\u6b21\u89e3\u538b\u7f29\u4e3a\u539f\u59cb\u5185\u5bb9\u3002OpenStack \u652f\u6301 Linux \u6587\u4ef6\u7cfb\u7edf\u7ea7\u522b\u7684\u538b\u7f29\uff0c\u4f46\u4e0d\u652f\u6301\u5bf9\u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61\u6216\u955c\u50cf\u670d\u52a1\u865a\u62df\u673a\u6620\u50cf\u7b49\u5185\u5bb9\u8fdb\u884c\u538b\u7f29\u3002 \u8ba1\u7b97 API \uff08nova API\uff09 nova-api \u5b88\u62a4\u7a0b\u5e8f\u63d0\u4f9b\u5bf9 nova \u670d\u52a1\u7684\u8bbf\u95ee\u3002\u53ef\u4ee5\u4e0e\u5176\u4ed6 API \u901a\u4fe1\uff0c\u4f8b\u5982 Amazon EC2 API\u3002 \u8ba1\u7b97\u63a7\u5236\u5668 \u8ba1\u7b97\u7ec4\u4ef6\uff0c\u7528\u4e8e\u9009\u62e9\u8981\u5728\u5176\u4e0a\u542f\u52a8 VM \u5b9e\u4f8b\u7684\u5408\u9002\u4e3b\u673a\u3002 \u8ba1\u7b97\u4e3b\u673a \u4e13\u7528\u4e8e\u8fd0\u884c\u8ba1\u7b97\u8282\u70b9\u7684\u7269\u7406\u4e3b\u673a\u3002 \u8ba1\u7b97\u8282\u70b9 \u8fd0\u884c nova-compute \u5b88\u62a4\u7a0b\u5e8f\u7684\u8282\u70b9\uff0c\u8be5\u5b88\u62a4\u7a0b\u5e8f\u7ba1\u7406\u63d0\u4f9b\u5404\u79cd\u670d\u52a1\uff08\u5982 Web \u5e94\u7528\u7a0b\u5e8f\u548c\u5206\u6790\uff09\u7684 VM \u5b9e\u4f8b\u3002 \u8ba1\u7b97\u670d\u52a1 \uff08nova\uff09 OpenStack \u6838\u5fc3\u9879\u76ee\uff0c\u7528\u4e8e\u5b9e\u73b0\u670d\u52a1\u548c\u76f8\u5173\u5e93\uff0c\u4ee5\u63d0\u4f9b\u5bf9\u8ba1\u7b97\u8d44\u6e90\uff08\u5305\u62ec\u88f8\u673a\u3001\u865a\u62df\u673a\u548c\u5bb9\u5668\uff09\u7684\u5927\u89c4\u6a21\u53ef\u6269\u5c55\u3001\u6309\u9700\u3001\u81ea\u52a9\u8bbf\u95ee\u3002 \u8ba1\u7b97\u5de5\u4f5c\u8fdb\u7a0b \u5728\u6bcf\u4e2a\u8ba1\u7b97\u8282\u70b9\u4e0a\u8fd0\u884c\u5e76\u7ba1\u7406 VM \u5b9e\u4f8b\u751f\u547d\u5468\u671f\u7684\u8ba1\u7b97\u7ec4\u4ef6\uff0c\u5305\u62ec\u8fd0\u884c\u3001\u91cd\u65b0\u542f\u52a8\u3001\u7ec8\u6b62\u3001\u9644\u52a0/\u5206\u79bb\u5377\u7b49\u3002\u7531 nova-compute \u5b88\u62a4\u7a0b\u5e8f\u63d0\u4f9b\u3002 \u4e32\u8054\u5bf9\u8c61 \u5bf9\u8c61\u5b58\u50a8\u7ec4\u5408\u5e76\u53d1\u9001\u5230\u5ba2\u6237\u7aef\u7684\u4e00\u7ec4\u5206\u6bb5\u5bf9\u8c61\u3002 \u5bfc\u4f53 \u5728\u8ba1\u7b97\u4e2d\uff0cconductor \u662f\u4ee3\u7406\u6765\u81ea\u8ba1\u7b97\u8fdb\u7a0b\u7684\u6570\u636e\u5e93\u8bf7\u6c42\u7684\u8fdb\u7a0b\u3002\u4f7f\u7528 conductor \u53ef\u4ee5\u63d0\u9ad8\u5b89\u5168\u6027\uff0c\u56e0\u4e3a\u8ba1\u7b97\u8282\u70b9\u4e0d\u9700\u8981\u76f4\u63a5\u8bbf\u95ee\u6570\u636e\u5e93\u3002 congress \u6cbb\u7406\u670d\u52a1\u7684\u4ee3\u7801\u540d\u79f0\u3002 \u4e00\u81f4\u6027\u7a97\u53e3 \u6240\u6709\u5ba2\u6237\u7aef\u90fd\u53ef\u4ee5\u8bbf\u95ee\u65b0\u7684\u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61\u6240\u9700\u7684\u65f6\u95f4\u3002 \u63a7\u5236\u53f0\u65e5\u5fd7 \u5305\u542b\u8ba1\u7b97\u4e2d Linux VM \u63a7\u5236\u53f0\u7684\u8f93\u51fa\u3002 \u5bb9\u5668 \u5728\u5bf9\u8c61\u5b58\u50a8\u4e2d\u7ec4\u7ec7\u548c\u5b58\u50a8\u5bf9\u8c61\u3002\u7c7b\u4f3c\u4e8e Linux \u76ee\u5f55\u7684\u6982\u5ff5\uff0c\u4f46\u4e0d\u80fd\u5d4c\u5957\u3002\u5f71\u50cf\u670d\u52a1\u5bb9\u5668\u683c\u5f0f\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u5bb9\u5668\u5ba1\u6838\u5458 \u901a\u8fc7\u5bf9 SQLite \u540e\u7aef\u6570\u636e\u5e93\u7684\u67e5\u8be2\uff0c\u68c0\u67e5\u6307\u5b9a\u5bf9\u8c61\u5b58\u50a8\u5bb9\u5668\u4e2d\u7f3a\u5c11\u526f\u672c\u6216\u4e0d\u6b63\u786e\u7684\u5bf9\u8c61\u3002 \u5bb9\u5668\u6570\u636e\u5e93 \u5b58\u50a8\u5bf9\u8c61\u5b58\u50a8\u5bb9\u5668\u548c\u5bb9\u5668\u5143\u6570\u636e\u7684 SQLite \u6570\u636e\u5e93\u3002\u5bb9\u5668\u670d\u52a1\u5668\u8bbf\u95ee\u6b64\u6570\u636e\u5e93\u3002 \u5bb9\u5668\u683c\u5f0f \u6620\u50cf\u670d\u52a1\u4f7f\u7528\u7684\u5305\u88c5\u5668\uff0c\u5176\u4e2d\u5305\u542b VM \u6620\u50cf\u53ca\u5176\u5173\u8054\u7684\u5143\u6570\u636e\uff0c\u4f8b\u5982\u8ba1\u7b97\u673a\u72b6\u6001\u3001OS \u78c1\u76d8\u5927\u5c0f\u7b49\u3002 \u5bb9\u5668\u57fa\u7840\u8bbe\u65bd\u7ba1\u7406\u670d\u52a1\uff08magnum\uff09 \u8be5\u9879\u76ee\u63d0\u4f9b\u4e00\u7ec4\u7528\u4e8e\u9884\u914d\u3001\u6269\u5c55\u548c\u7ba1\u7406\u5bb9\u5668\u7f16\u6392\u5f15\u64ce\u7684\u670d\u52a1\u3002 \u5bb9\u5668\u670d\u52a1\u5668 \u7ba1\u7406\u5bb9\u5668\u7684\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5668\u3002 \u5bb9\u5668\u670d\u52a1 \u63d0\u4f9b\u521b\u5efa\u3001\u5220\u9664\u3001\u5217\u8868\u7b49\u5bb9\u5668\u670d\u52a1\u7684\u5bf9\u8c61\u5b58\u50a8\u7ec4\u4ef6\u3002 \u5185\u5bb9\u5206\u53d1\u7f51\u7edc \uff08CDN\uff09 \u5185\u5bb9\u5206\u53d1\u7f51\u7edc\u662f\u7528\u4e8e\u5c06\u5185\u5bb9\u5206\u53d1\u5230\u5ba2\u6237\u7aef\u7684\u4e13\u7528\u7f51\u7edc\uff0c\u901a\u5e38\u4f4d\u4e8e\u5ba2\u6237\u7aef\u9644\u8fd1\u4ee5\u63d0\u9ad8\u6027\u80fd\u3002 \u6301\u7eed\u4ea4\u4ed8 \u4e00\u79cd\u8f6f\u4ef6\u5de5\u7a0b\u65b9\u6cd5\uff0c\u56e2\u961f\u5728\u77ed\u5468\u671f\u5185\u751f\u4ea7\u8f6f\u4ef6\uff0c\u786e\u4fdd\u8f6f\u4ef6\u53ef\u4ee5\u968f\u65f6\u53ef\u9760\u5730\u53d1\u5e03\uff0c\u5e76\u4e14\u5728\u53d1\u5e03\u8f6f\u4ef6\u65f6\u624b\u52a8\u53d1\u5e03\u3002 \u6301\u7eed\u90e8\u7f72 \u4e00\u79cd\u8f6f\u4ef6\u53d1\u5e03\u8fc7\u7a0b\uff0c\u8be5\u8fc7\u7a0b\u4f7f\u7528\u81ea\u52a8\u5316\u6d4b\u8bd5\u6765\u9a8c\u8bc1\u5bf9\u4ee3\u7801\u5e93\u7684\u66f4\u6539\u662f\u5426\u6b63\u786e\u4e14\u7a33\u5b9a\uff0c\u4ee5\u4fbf\u7acb\u5373\u81ea\u4e3b\u90e8\u7f72\u5230\u751f\u4ea7\u73af\u5883\u3002 \u6301\u7eed\u96c6\u6210 \u6bcf\u5929\u591a\u6b21\u5c06\u6240\u6709\u5f00\u53d1\u4eba\u5458\u7684\u5de5\u4f5c\u526f\u672c\u5408\u5e76\u5230\u5171\u4eab\u4e3b\u7ebf\u7684\u505a\u6cd5\u3002 \u63a7\u5236\u5668\u8282\u70b9 \u4e91\u63a7\u5236\u5668\u8282\u70b9\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u6838\u5fc3 API \u6839\u636e\u4e0a\u4e0b\u6587\uff0c\u6838\u5fc3 API \u53ef\u4ee5\u662f OpenStack API \u6216\u7279\u5b9a\u6838\u5fc3\u9879\u76ee\u7684\u4e3b API\uff0c\u4f8b\u5982\u8ba1\u7b97\u3001\u7f51\u7edc\u3001\u6620\u50cf\u670d\u52a1\u7b49\u3002 \u6838\u5fc3\u670d\u52a1 \u7531 Interop \u5de5\u4f5c\u7ec4\u5b9a\u4e49\u4e3a\u6838\u5fc3\u7684\u5b98\u65b9 OpenStack \u670d\u52a1\u3002\u76ee\u524d\u7531\u5757\u5b58\u50a8\u670d\u52a1\uff08cinder\uff09\u3001\u8ba1\u7b97\u670d\u52a1\uff08nova\uff09\u3001\u8eab\u4efd\u670d\u52a1\uff08keystone\uff09\u3001\u955c\u50cf\u670d\u52a1\uff08glance\uff09\u3001\u7f51\u7edc\u670d\u52a1\uff08neutron\uff09\u548c\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff08swift\uff09\u7ec4\u6210\u3002 \u6210\u672c \u5728\u8ba1\u7b97\u5206\u5e03\u5f0f\u8ba1\u5212\u7a0b\u5e8f\u4e0b\uff0c\u8fd9\u662f\u901a\u8fc7\u67e5\u770b\u6bcf\u4e2a\u4e3b\u673a\u76f8\u5bf9\u4e8e\u6240\u8bf7\u6c42\u7684 VM \u5b9e\u4f8b\u7684\u98ce\u683c\u7684\u529f\u80fd\u6765\u8ba1\u7b97\u7684\u3002 \u51ed\u8bc1 \u53ea\u6709\u7528\u6237\u77e5\u9053\u6216\u53ef\u8bbf\u95ee\u7684\u6570\u636e\uff0c\u7528\u4e8e\u9a8c\u8bc1\u7528\u6237\u662f\u5426\u662f\u4ed6\u6240\u8bf4\u7684\u4eba\u3002\u5728\u8eab\u4efd\u9a8c\u8bc1\u671f\u95f4\uff0c\u5c06\u51ed\u636e\u63d0\u4f9b\u7ed9\u670d\u52a1\u5668\u3002\u793a\u4f8b\u5305\u62ec\u5bc6\u7801\u3001\u5bc6\u94a5\u3001\u6570\u5b57\u8bc1\u4e66\u548c\u6307\u7eb9\u3002 CRL \u51fd\u6570 PKI \u6a21\u578b\u4e2d\u7684\u8bc1\u4e66\u540a\u9500\u5217\u8868 \uff08CRL\uff09 \u662f\u5df2\u540a\u9500\u7684\u8bc1\u4e66\u5217\u8868\u3002\u4e0d\u5e94\u4fe1\u4efb\u63d0\u4f9b\u8fd9\u4e9b\u8bc1\u4e66\u7684\u6700\u7ec8\u5b9e\u4f53\u3002 \u8de8\u57df\u8d44\u6e90\u5171\u4eab \uff08CORS\uff09 \u4e00\u79cd\u673a\u5236\uff0c\u5141\u8bb8\u4ece\u8d44\u6e90\u6765\u6e90\u57df\u4e4b\u5916\u7684\u53e6\u4e00\u4e2a\u57df\u8bf7\u6c42\u7f51\u9875\u4e0a\u7684\u8bb8\u591a\u8d44\u6e90\uff08\u4f8b\u5982\uff0c\u5b57\u4f53\u3001JavaScript\uff09\u3002\u7279\u522b\u662f\uff0cJavaScript \u7684 AJAX \u8c03\u7528\u53ef\u4ee5\u4f7f\u7528 XMLHttpRequest \u673a\u5236\u3002 Crowbar SUSE \u7684\u5f00\u6e90\u793e\u533a\u9879\u76ee\uff0c\u65e8\u5728\u63d0\u4f9b\u6240\u6709\u5fc5\u8981\u7684\u670d\u52a1\uff0c\u4ee5\u5feb\u901f\u90e8\u7f72\u548c\u7ba1\u7406\u4e91\u3002 \u5f53\u524d\u5de5\u4f5c\u8d1f\u8f7d \u8ba1\u7b97\u5bb9\u91cf\u7f13\u5b58\u7684\u4e00\u4e2a\u5143\u7d20\uff0c\u6839\u636e\u7ed9\u5b9a\u4e3b\u673a\u4e0a\u5f53\u524d\u6b63\u5728\u8fdb\u884c\u7684\u751f\u6210\u3001\u5feb\u7167\u3001\u8fc1\u79fb\u548c\u8c03\u6574\u5927\u5c0f\u64cd\u4f5c\u7684\u6570\u91cf\u8fdb\u884c\u8ba1\u7b97\u3002 \u5ba2\u6237 \u9879\u76ee\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u81ea\u5b9a\u4e49\u6a21\u5757 \u7528\u6237\u521b\u5efa\u7684 Python \u6a21\u5757\uff0c\u7531 horizon \u52a0\u8f7d\uff0c\u7528\u4e8e\u66f4\u6539\u4eea\u8868\u677f\u7684\u5916\u89c2\u3002 D \u00b6 \u5b88\u62a4\u8fdb\u7a0b \u5728\u540e\u53f0\u8fd0\u884c\u5e76\u7b49\u5f85\u8bf7\u6c42\u7684\u8fdb\u7a0b\u3002\u53ef\u80fd\u4fa6\u542c\u4e5f\u53ef\u80fd\u4e0d\u4fa6\u542c TCP \u6216 UDP \u7aef\u53e3\u3002\u4e0d\u8981\u4e0e\u5de5\u4eba\u6df7\u6dc6\u3002 \u4eea\u8868\u677f\uff08horizon\uff09 OpenStack \u9879\u76ee\uff0c\u4e3a\u6240\u6709 OpenStack \u670d\u52a1\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7edf\u4e00\u7684\u3001\u57fa\u4e8e Web \u7684\u7528\u6237\u754c\u9762\u3002 \u6570\u636e\u52a0\u5bc6 \u955c\u50cf\u670d\u52a1\u548c\u8ba1\u7b97\u90fd\u652f\u6301\u52a0\u5bc6\u7684\u865a\u62df\u673a \uff08VM\uff09 \u955c\u50cf\uff08\u4f46\u4e0d\u652f\u6301\u5b9e\u4f8b\uff09\u3002OpenStack \u652f\u6301\u4f7f\u7528 HTTPS\u3001SSL\u3001TLS \u548c SSH \u7b49\u6280\u672f\u8fdb\u884c\u4f20\u8f93\u4e2d\u6570\u636e\u52a0\u5bc6\u3002\u5bf9\u8c61\u5b58\u50a8\u4e0d\u652f\u6301\u5e94\u7528\u7a0b\u5e8f\u7ea7\u522b\u7684\u5bf9\u8c61\u52a0\u5bc6\uff0c\u4f46\u53ef\u80fd\u652f\u6301\u4f7f\u7528\u78c1\u76d8\u52a0\u5bc6\u7684\u5b58\u50a8\u3002 \u6570\u636e\u4e22\u5931\u9632\u62a4\uff08DLP\uff09 \u8f6f\u4ef6 \u7528\u4e8e\u4fdd\u62a4\u654f\u611f\u4fe1\u606f\u5e76\u901a\u8fc7\u68c0\u6d4b\u548c\u62d2\u7edd\u6570\u636e\u4f20\u8f93\u6765\u9632\u6b62\u5176\u6cc4\u6f0f\u5230\u7f51\u7edc\u8fb9\u754c\u4e4b\u5916\u7684\u8f6f\u4ef6\u7a0b\u5e8f\u3002 \u6570\u636e\u5904\u7406\u670d\u52a1\uff08sahara\uff09 OpenStack \u9879\u76ee\uff0c\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u6570\u636e\u5904\u7406\u5806\u6808\u548c\u5173\u8054\u7684\u7ba1\u7406\u63a5\u53e3\u3002 \u6570\u636e\u5b58\u50a8 \u6570\u636e\u5e93\u670d\u52a1\u652f\u6301\u7684\u6570\u636e\u5e93\u5f15\u64ce\u3002 \u6570\u636e\u5e93 ID \u4e3a\u5bf9\u8c61\u5b58\u50a8\u6570\u636e\u5e93\u7684\u6bcf\u4e2a\u526f\u672c\u6307\u5b9a\u7684\u552f\u4e00 ID\u3002 \u6570\u636e\u5e93\u590d\u5236\u5668 \u4e00\u4e2a\u5bf9\u8c61\u5b58\u50a8\u7ec4\u4ef6\uff0c\u7528\u4e8e\u5c06\u5e10\u6237\u3001\u5bb9\u5668\u548c\u5bf9\u8c61\u6570\u636e\u5e93\u4e2d\u7684\u66f4\u6539\u590d\u5236\u5230\u5176\u4ed6\u8282\u70b9\u3002 \u6570\u636e\u5e93\u670d\u52a1\uff08trove\uff09 \u4e00\u4e2a\u96c6\u6210\u9879\u76ee\uff0c\u4e3a\u5173\u7cfb\u548c\u975e\u5173\u7cfb\u6570\u636e\u5e93\u5f15\u64ce\u63d0\u4f9b\u53ef\u6269\u5c55\u4e14\u53ef\u9760\u7684\u4e91\u6570\u636e\u5e93\u5373\u670d\u52a1\u529f\u80fd\u3002 \u89e3\u9664\u5206\u914d \u5220\u9664\u6d6e\u52a8 IP \u5730\u5740\u548c\u56fa\u5b9a IP \u5730\u5740\u4e4b\u95f4\u7684\u5173\u8054\u7684\u8fc7\u7a0b\u3002\u5220\u9664\u6b64\u5173\u8054\u540e\uff0c\u6d6e\u52a8 IP \u5c06\u8fd4\u56de\u5230\u5730\u5740\u6c60\u3002 Debian \u4e0e OpenStack \u517c\u5bb9\u7684 Linux \u53d1\u884c\u7248\u3002 \u91cd\u590d\u6570\u636e\u5220\u9664 \u5728\u78c1\u76d8\u5757\u3001\u6587\u4ef6\u548c/\u6216\u5bf9\u8c61\u7ea7\u522b\u67e5\u627e\u91cd\u590d\u6570\u636e\u4ee5\u6700\u5927\u7a0b\u5ea6\u5730\u51cf\u5c11\u5b58\u50a8\u4f7f\u7528\u7684\u8fc7\u7a0b - \u76ee\u524d\u5728 OpenStack \u4e2d\u4e0d\u53d7\u652f\u6301\u3002 \u9ed8\u8ba4\u9762\u677f \u7528\u6237\u8bbf\u95ee\u4eea\u8868\u677f\u65f6\u663e\u793a\u7684\u9ed8\u8ba4\u9762\u677f\u3002 \u9ed8\u8ba4\u9879\u76ee \u5982\u679c\u5728\u521b\u5efa\u7528\u6237\u65f6\u672a\u6307\u5b9a\u4efb\u4f55\u9879\u76ee\uff0c\u5219\u4f1a\u5c06\u65b0\u7528\u6237\u5206\u914d\u7ed9\u6b64\u9879\u76ee\u3002 \u9ed8\u8ba4\u4ee4\u724c \u4e00\u4e2a\u6807\u8bc6\u670d\u52a1\u4ee4\u724c\uff0c\u8be5\u4ee4\u724c\u4e0d\u4e0e\u7279\u5b9a\u9879\u76ee\u5173\u8054\uff0c\u5e76\u4ea4\u6362\u4e3a\u4f5c\u7528\u57df\u5185\u4ee4\u724c\u3002 \u5ef6\u8fdf\u5220\u9664 \u5f71\u50cf\u670d\u52a1\u4e2d\u7684\u4e00\u4e2a\u9009\u9879\uff0c\u7528\u4e8e\u5728\u9884\u5b9a\u4e49\u7684\u79d2\u6570\u540e\u5220\u9664\u5f71\u50cf\uff0c\u800c\u4e0d\u662f\u7acb\u5373\u5220\u9664\u5f71\u50cf\u3002 \u4ea4\u4ed8\u65b9\u5f0f Compute RabbitMQ\u6d88\u606f\u6295\u9012\u6a21\u5f0f\u7684\u8bbe\u7f6e;\u53ef\u4ee5\u8bbe\u7f6e\u4e3a\u77ac\u6001\u6216\u6301\u4e45\u6027\u3002 \u62d2\u7edd\u670d\u52a1 \uff08DoS\uff09 \u62d2\u7edd\u670d\u52a1 \uff08DoS\uff09 \u662f\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u7684\u7b80\u79f0\u3002\u8fd9\u662f\u963b\u6b62\u5408\u6cd5\u7528\u6237\u4f7f\u7528\u670d\u52a1\u7684\u6076\u610f\u5c1d\u8bd5\u3002 \u5df2\u5f03\u7528\u7684\u8eab\u4efd\u9a8c\u8bc1 \u8ba1\u7b97\u4e2d\u7684\u4e00\u4e2a\u9009\u9879\uff0c\u4f7f\u7ba1\u7406\u5458\u80fd\u591f\u901a\u8fc7 nova-manage \u547d\u4ee4\u521b\u5efa\u548c\u7ba1\u7406\u7528\u6237\uff0c\u800c\u4e0d\u662f\u4f7f\u7528\u6807\u8bc6\u670d\u52a1\u3002 \u6307\u5b9a DNS \u670d\u52a1\u7684\u4ee3\u53f7\u3002 \u684c\u9762\u5373\u670d\u52a1 \u4e00\u4e2a\u5e73\u53f0\uff0c\u5b83\u63d0\u4f9b\u4e86\u4e00\u5957\u684c\u9762\u73af\u5883\uff0c\u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95ee\u8fd9\u4e9b\u73af\u5883\u4ece\u4efb\u4f55\u4f4d\u7f6e\u63a5\u6536\u684c\u9762\u4f53\u9a8c\u3002\u8fd9\u53ef\u4ee5\u63d0\u4f9b\u901a\u7528\u3001\u5f00\u53d1\u751a\u81f3\u540c\u6784\u6d4b\u8bd5\u73af\u5883\u3002 \u5f00\u53d1\u8005 \u8ba1\u7b97 RBAC \u7cfb\u7edf\u4e2d\u7684\u9ed8\u8ba4\u89d2\u8272\u4e4b\u4e00\uff0c\u4e5f\u662f\u5206\u914d\u7ed9\u65b0\u7528\u6237\u7684\u9ed8\u8ba4\u89d2\u8272\u3002 \u8bbe\u5907 ID \u5c06\u5bf9\u8c61\u5b58\u50a8\u5206\u533a\u6620\u5c04\u5230\u7269\u7406\u5b58\u50a8\u8bbe\u5907\u3002 \u8bbe\u5907\u6743\u91cd \u6839\u636e\u6bcf\u4e2a\u8bbe\u5907\u7684\u5b58\u50a8\u5bb9\u91cf\uff0c\u5728\u5bf9\u8c61\u5b58\u50a8\u8bbe\u5907\u4e4b\u95f4\u6309\u6bd4\u4f8b\u5206\u914d\u5206\u533a\u3002 \u5f00\u53d1\u5806\u6808 \u4f7f\u7528 shell \u811a\u672c\u5feb\u901f\u6784\u5efa\u5b8c\u6574 OpenStack \u5f00\u53d1\u73af\u5883\u7684\u793e\u533a\u9879\u76ee\u3002 DHCP\u4ee3\u7406 \u4e3a\u865a\u62df\u7f51\u7edc\u63d0\u4f9b DHCP \u670d\u52a1\u7684 OpenStack Networking \u4ee3\u7406\u3002 Diablo 2011 \u5e74\u79cb\u5b63\u53d1\u5e03\u7684\u4e0e OpenStack \u76f8\u5173\u7684\u9879\u76ee\u7684\u5206\u7ec4\u7248\u672c\uff0c\u662f OpenStack \u7684\u7b2c\u56db\u4e2a\u7248\u672c\u3002\u5b83\u5305\u62ec\u8ba1\u7b97 \uff08nova 2011.3\uff09\u3001\u5bf9\u8c61\u5b58\u50a8 \uff08swift 1.4.3\uff09 \u548c\u955c\u50cf\u670d\u52a1 \uff08glance\uff09\u3002Diablo\u662fOpenStack\u7b2c\u56db\u4e2a\u7248\u672c\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u7f8e\u56fd\u52a0\u5229\u798f\u5c3c\u4e9a\u5dde\u5723\u514b\u62c9\u62c9\u9644\u8fd1\u7684\u6e7e\u533a\u4e3e\u884c\uff0cDiablo\u662f\u9644\u8fd1\u7684\u57ce\u5e02\u3002 \u76f4\u63a5\u6d88\u8d39\u8005 Compute RabbitMQ \u7684\u4e00\u4e2a\u5143\u7d20\uff0c\u5728\u6267\u884c RPC \u8c03\u7528\u65f6\u751f\u6548\u3002\u5b83\u901a\u8fc7\u552f\u4e00\u7684\u72ec\u5360\u961f\u5217\u8fde\u63a5\u5230\u76f4\u63a5\u4ea4\u6362\uff0c\u53d1\u9001\u6d88\u606f\uff0c\u7136\u540e\u7ec8\u6b62\u3002 \u76f4\u63a5\u4ea4\u6362 RPC \u8c03\u7528\u671f\u95f4\u5728 Compute RabbitMQ \u4e2d\u521b\u5efa\u7684\u8def\u7531\u8868;\u4e3a\u6bcf\u4e2a\u8c03\u7528\u7684 RPC \u8c03\u7528\u521b\u5efa\u4e00\u4e2a\u3002 \u76f4\u63a5\u53d1\u5e03\u8005 RabbitMQ \u7684\u5143\u7d20\uff0c\u7528\u4e8e\u63d0\u4f9b\u5bf9\u4f20\u5165 MQ \u6d88\u606f\u7684\u54cd\u5e94\u3002 \u89e3\u9664\u5173\u8054 \u5220\u9664\u6d6e\u52a8 IP \u5730\u5740\u548c\u56fa\u5b9a IP \u4e4b\u95f4\u7684\u5173\u8054\uff0c\u4ece\u800c\u5c06\u6d6e\u52a8 IP \u5730\u5740\u8fd4\u56de\u5230\u5730\u5740\u6c60\u7684\u8fc7\u7a0b\u3002 \u81ea\u4e3b\u8bbf\u95ee\u63a7\u5236 \uff08DAC\uff09 \u63a7\u5236\u4f7f\u7528\u8005\u8bbf\u95ee\u5bf9\u8c61\u7684\u80fd\u529b\uff0c\u540c\u65f6\u4f7f\u7528\u6237\u80fd\u591f\u505a\u51fa\u7b56\u7565\u51b3\u7b56\u5e76\u5206\u914d\u5b89\u5168\u5c5e\u6027\u3002\u4f20\u7edf\u7684\u7528\u6237\u3001\u7ec4\u548c\u8bfb-\u5199-\u6267\u884c\u6743\u9650\u7684 UNIX \u7cfb\u7edf\u5c31\u662f DAC \u7684\u4e00\u4e2a\u793a\u4f8b\u3002 \u78c1\u76d8\u52a0\u5bc6 \u80fd\u591f\u5728\u6587\u4ef6\u7cfb\u7edf\u3001\u78c1\u76d8\u5206\u533a\u6216\u6574\u4e2a\u78c1\u76d8\u7ea7\u522b\u52a0\u5bc6\u6570\u636e\u3002\u5728\u8ba1\u7b97 VM \u4e2d\u53d7\u652f\u6301\u3002 \u78c1\u76d8\u683c\u5f0f VM \u7684\u78c1\u76d8\u6620\u50cf\u5728\u6620\u50cf\u670d\u52a1\u540e\u7aef\u5b58\u50a8\u4e2d\u5b58\u50a8\u7684\u57fa\u7840\u683c\u5f0f\u3002\u4f8b\u5982\uff0cAMI\u3001ISO\u3001QCOW2\u3001VMDK \u7b49\u3002 \u5206\u6563 \u5728\u5bf9\u8c61\u5b58\u50a8\u4e2d\uff0c\u7528\u4e8e\u6d4b\u8bd5\u548c\u786e\u4fdd\u5bf9\u8c61\u548c\u5bb9\u5668\u5206\u6563\u4ee5\u786e\u4fdd\u5bb9\u9519\u7684\u5de5\u5177\u3002 \u5206\u5e03\u5f0f\u865a\u62df\u8def\u7531\u5668 \uff08DVR\uff09 \u4f7f\u7528 OpenStack Networking \uff08neutron\uff09 \u65f6\u5b9e\u73b0\u9ad8\u53ef\u7528\u6027\u591a\u4e3b\u673a\u8def\u7531\u7684\u673a\u5236\u3002 Django \u5728\u5730\u5e73\u7ebf\u4e2d\u5e7f\u6cdb\u4f7f\u7528\u7684 Web \u6846\u67b6\u3002 DNS \u8bb0\u5f55 \u6307\u5b9a\u6709\u5173\u7279\u5b9a\u57df\u5e76\u5c5e\u4e8e\u8be5\u57df\u7684\u4fe1\u606f\u7684\u8bb0\u5f55\u3002 DNS\u670d\u52a1\uff08\u6307\u5b9a\uff09 OpenStack \u9879\u76ee\uff0c\u4ee5\u4e0e\u6280\u672f\u65e0\u5173\u7684\u65b9\u5f0f\u63d0\u4f9b\u5bf9\u6743\u5a01 DNS \u670d\u52a1\u7684\u53ef\u6269\u5c55\u3001\u6309\u9700\u3001\u81ea\u52a9\u8bbf\u95ee\u3002 dnsmasq \u4e3a\u865a\u62df\u7f51\u7edc\u63d0\u4f9b DNS\u3001DHCP\u3001BOOTP \u548c TFTP \u670d\u52a1\u7684\u5b88\u62a4\u7a0b\u5e8f\u3002 \u57df \u6807\u8bc6 API v3 \u5b9e\u4f53\u3002\u8868\u793a\u9879\u76ee\u3001\u7ec4\u548c\u7528\u6237\u7684\u96c6\u5408\uff0c\u7528\u4e8e\u5b9a\u4e49\u7528\u4e8e\u7ba1\u7406 OpenStack Identity \u5b9e\u4f53\u7684\u7ba1\u7406\u8fb9\u754c\u3002\u5728 Internet \u4e0a\uff0c\u5c06\u7f51\u7ad9\u4e0e\u5176\u4ed6\u7f51\u7ad9\u5206\u5f00\u3002\u901a\u5e38\uff0c\u57df\u540d\u6709\u4e24\u4e2a\u6216\u591a\u4e2a\u90e8\u5206\uff0c\u7528\u70b9\u5206\u9694\u3002\u4f8b\u5982\uff0cyahoo.com\u3001usa.gov\u3001harvard.edu \u6216 mail.yahoo.com\u3002\u6b64\u5916\uff0c\u57df\u662f\u5305\u542b\u4e00\u6761\u6216\u591a\u6761\u8bb0\u5f55\u7684\u6240\u6709 DNS \u76f8\u5173\u4fe1\u606f\u7684\u5b9e\u4f53\u6216\u5bb9\u5668\u3002 \u57df\u540d\u7cfb\u7edf\uff08DNS\uff09 \u7528\u4e8e\u786e\u5b9a Internet \u57df\u540d\u5230\u5730\u5740\u548c\u5730\u5740\u5230\u540d\u79f0\u89e3\u6790\u7684\u7cfb\u7edf\u3002DNS \u901a\u8fc7\u5c06 IP \u5730\u5740\u8f6c\u6362\u4e3a\u66f4\u6613\u4e8e\u8bb0\u5fc6\u7684\u5730\u5740\u6765\u5e2e\u52a9\u6d4f\u89c8 Internet\u3002\u4f8b\u5982\uff0c\u5c06 111.111.111.1 \u8f6c\u6362\u4e3a www.yahoo.com\u3002\u6240\u6709\u57df\u53ca\u5176\u7ec4\u4ef6\uff08\u5982\u90ae\u4ef6\u670d\u52a1\u5668\uff09\u90fd\u5229\u7528 DNS \u89e3\u6790\u5230\u9002\u5f53\u7684\u4f4d\u7f6e\u3002DNS\u670d\u52a1\u5668\u901a\u5e38\u8bbe\u7f6e\u5728\u4e3b\u4ece\u5173\u7cfb\u4e2d\uff0c\u4ee5\u4fbf\u4e3b\u670d\u52a1\u5668\u6545\u969c\u8c03\u7528\u4ece\u670d\u52a1\u5668\u3002\u8fd8\u53ef\u4ee5\u5bf9 DNS \u670d\u52a1\u5668\u8fdb\u884c\u7fa4\u96c6\u6216\u590d\u5236\uff0c\u4ee5\u4fbf\u5bf9\u4e00\u4e2a DNS \u670d\u52a1\u5668\u6240\u505a\u7684\u66f4\u6539\u81ea\u52a8\u4f20\u64ad\u5230\u5176\u4ed6\u6d3b\u52a8\u670d\u52a1\u5668\u3002\u5728\u8ba1\u7b97\u4e2d\uff0c\u652f\u6301\u5c06 DNS \u6761\u76ee\u4e0e\u6d6e\u52a8 IP \u5730\u5740\u3001\u8282\u70b9\u6216\u5355\u5143\u76f8\u5173\u8054\uff0c\u4ee5\u4fbf\u4e3b\u673a\u540d\u5728\u91cd\u65b0\u542f\u52a8\u65f6\u4fdd\u6301\u4e00\u81f4\u3002 \u4e0b\u8f7d \u5c06\u6570\u636e\uff08\u901a\u5e38\u4ee5\u6587\u4ef6\u7684\u5f62\u5f0f\uff09\u4ece\u4e00\u53f0\u8ba1\u7b97\u673a\u4f20\u8f93\u5230\u53e6\u4e00\u53f0\u8ba1\u7b97\u673a\u3002 \u6301\u4e45\u4ea4\u6362 \u670d\u52a1\u5668\u91cd\u65b0\u542f\u52a8\u65f6\u4fdd\u6301\u6d3b\u52a8\u72b6\u6001\u7684 Compute RabbitMQ \u6d88\u606f\u4ea4\u6362\u3002 \u6301\u4e45\u961f\u5217 \u4e00\u4e2a Compute RabbitMQ \u6d88\u606f\u961f\u5217\uff0c\u5728\u670d\u52a1\u5668\u91cd\u65b0\u542f\u52a8\u65f6\u4fdd\u6301\u6d3b\u52a8\u72b6\u6001\u3002 \u52a8\u6001\u4e3b\u673a\u914d\u7f6e\u534f\u8bae \uff08DHCP\uff09 \u4e00\u79cd\u7f51\u7edc\u534f\u8bae\uff0c\u7528\u4e8e\u914d\u7f6e\u8fde\u63a5\u5230\u7f51\u7edc\u7684\u8bbe\u5907\uff0c\u4ee5\u4fbf\u5b83\u4eec\u53ef\u4ee5\u4f7f\u7528 Internet \u534f\u8bae \uff08IP\uff09 \u5728\u8be5\u7f51\u7edc\u4e0a\u8fdb\u884c\u901a\u4fe1\u3002\u8be5\u534f\u8bae\u5728\u5ba2\u6237\u7aef-\u670d\u52a1\u5668\u6a21\u578b\u4e2d\u5b9e\u73b0\uff0c\u5176\u4e2d DHCP \u5ba2\u6237\u7aef\u4ece DHCP \u670d\u52a1\u5668\u8bf7\u6c42\u914d\u7f6e\u6570\u636e\uff0c\u4f8b\u5982 IP \u5730\u5740\u3001\u9ed8\u8ba4\u8def\u7531\u4ee5\u53ca\u4e00\u4e2a\u6216\u591a\u4e2a DNS \u670d\u52a1\u5668\u5730\u5740\u3002\u4e00\u79cd\u5728\u5f15\u5bfc\u65f6\u81ea\u52a8\u4e3a\u4e3b\u673a\u914d\u7f6e\u7f51\u7edc\u7684\u65b9\u6cd5\u3002\u7531\u7f51\u7edc\u548c\u8ba1\u7b97\u63d0\u4f9b\u3002 \u52a8\u6001\u8d85\u6587\u672c\u6807\u8bb0\u8bed\u8a00 \uff08DHTML\uff09 \u4f7f\u7528 HTML\u3001JavaScript \u548c\u7ea7\u8054\u6837\u5f0f\u8868\u4f7f\u7528\u6237\u80fd\u591f\u4e0e\u7f51\u9875\u4ea4\u4e92\u6216\u663e\u793a\u7b80\u5355\u52a8\u753b\u7684\u9875\u9762\u3002 E \u00b6 \u4e1c\u897f\u5411\u6d41\u91cf \u540c\u4e00\u4e91\u6216\u6570\u636e\u4e2d\u5fc3\u4e2d\u7684\u670d\u52a1\u5668\u4e4b\u95f4\u7684\u7f51\u7edc\u6d41\u91cf\u3002\u53e6\u8bf7\u53c2\u9605\u5357\u5317\u5411\u6d41\u91cf\u3002 EBS \u542f\u52a8\u5377 \u5305\u542b\u53ef\u542f\u52a8 VM \u6620\u50cf\u7684 Amazon EBS \u5b58\u50a8\u5377\uff0cOpenStack \u76ee\u524d\u4e0d\u652f\u6301\u8be5\u6620\u50cf\u3002 ebtables \u7528\u4e8e Linux \u6865\u63a5\u9632\u706b\u5899\u7684\u8fc7\u6ee4\u5de5\u5177\uff0c\u652f\u6301\u8fc7\u6ee4\u901a\u8fc7 Linux \u6865\u63a5\u7684\u7f51\u7edc\u6d41\u91cf\u3002\u5728\u8ba1\u7b97\u4e2d\u4e0e arptables\u3001iptables \u548c ip6tables \u4e00\u8d77\u4f7f\u7528\uff0c\u4ee5\u786e\u4fdd\u7f51\u7edc\u901a\u4fe1\u7684\u9694\u79bb\u3002 EC2 \u51fd\u6570 Amazon \u5546\u4e1a\u8ba1\u7b97\u4ea7\u54c1\uff0c\u7c7b\u4f3c\u4e8e\u8ba1\u7b97\u3002 EC2 \u8bbf\u95ee\u5bc6\u94a5 \u4e0e EC2 \u79c1\u6709\u5bc6\u94a5\u4e00\u8d77\u4f7f\u7528\u4ee5\u8bbf\u95ee\u8ba1\u7b97 EC2 API\u3002 EC2 API OpenStack \u652f\u6301\u901a\u8fc7\u8ba1\u7b97\u8bbf\u95ee Amazon EC2 API\u3002 EC2 \u517c\u5bb9\u6027 API \u4f7f OpenStack \u80fd\u591f\u4e0e Amazon EC2 \u901a\u4fe1\u7684\u8ba1\u7b97\u7ec4\u4ef6\u3002 EC2 \u79c1\u6709\u5bc6\u94a5 \u4e0e\u8ba1\u7b97 EC2 API \u901a\u4fe1\u65f6\u4e0e EC2 \u8bbf\u95ee\u5bc6\u94a5\u4e00\u8d77\u4f7f\u7528;\u7528\u4e8e\u5bf9\u6bcf\u4e2a\u8bf7\u6c42\u8fdb\u884c\u6570\u5b57\u7b7e\u540d\u3002 \u8fb9\u7f18\u8ba1\u7b97 \u5728\u4e91\u4e2d\u8fd0\u884c\u66f4\u5c11\u7684\u8fdb\u7a0b\uff0c\u5e76\u5c06\u8fd9\u4e9b\u8fdb\u7a0b\u79fb\u52a8\u5230\u672c\u5730\u3002 \u5f39\u6027\u5757\u5b58\u50a8 \uff08EBS\uff09 Amazon \u5546\u4e1a\u5757\u5b58\u50a8\u4ea7\u54c1\u3002 \u5c01\u88c5 \u5c06\u4e00\u79cd\u6570\u636e\u5305\u7c7b\u578b\u7f6e\u4e8e\u53e6\u4e00\u79cd\u6570\u636e\u5305\u7c7b\u578b\u4e2d\uff0c\u4ee5\u63d0\u53d6\u6216\u4fdd\u62a4\u6570\u636e\u3002\u793a\u4f8b\u5305\u62ec GRE\u3001MPLS \u6216 IPsec\u3002 \u52a0\u5bc6 OpenStack\u652f\u6301HTTPS\u3001SSH\u3001SSL\u3001TLS\u3001\u6570\u5b57\u8bc1\u4e66\u3001\u6570\u636e\u52a0\u5bc6\u7b49\u52a0\u5bc6\u6280\u672f\u3002 \u7aef\u70b9 \u8bf7\u53c2\u9605 API \u7aef\u70b9\u3002 \u7aef\u70b9\u6ce8\u518c\u8868 \u8eab\u4efd\u670d\u52a1\u76ee\u5f55\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u7aef\u70b9\u6a21\u677f URL \u548c\u7aef\u53e3\u53f7\u7aef\u70b9\u5217\u8868\uff0c\u6307\u793a\u53ef\u4ee5\u8bbf\u95ee\u670d\u52a1\uff08\u5982\u5bf9\u8c61\u5b58\u50a8\u3001\u8ba1\u7b97\u3001\u6807\u8bc6\u7b49\uff09\u7684\u4f4d\u7f6e\u3002 \u4f01\u4e1a\u4e91\u8ba1\u7b97 \u4f4d\u4e8e\u9632\u706b\u5899\u540e\u9762\u7684\u8ba1\u7b97\u73af\u5883\uff0c\u4e3a\u4f01\u4e1a\u63d0\u4f9b\u8f6f\u4ef6\u3001\u57fa\u7840\u8bbe\u65bd\u548c\u5e73\u53f0\u670d\u52a1\u3002 \u5b9e\u4f53 \u4efb\u4f55\u60f3\u8981\u8fde\u63a5\u5230\u7f51\u7edc\uff08\u7f51\u7edc\u8fde\u63a5\u670d\u52a1\uff09\u63d0\u4f9b\u7684\u7f51\u7edc\u670d\u52a1\u7684\u786c\u4ef6\u6216\u8f6f\u4ef6\u3002\u5b9e\u4f53\u53ef\u4ee5\u901a\u8fc7\u5b9e\u73b0 VIF \u6765\u5229\u7528\u7f51\u7edc\u3002 \u4e34\u65f6\u6620\u50cf \u4e0d\u4fdd\u5b58\u5bf9\u5176\u5377\u6240\u505a\u7684\u66f4\u6539\u5e76\u5728\u5b9e\u4f8b\u7ec8\u6b62\u540e\u5c06\u5176\u6062\u590d\u5230\u539f\u59cb\u72b6\u6001\u7684 VM \u6620\u50cf\u3002 \u4e34\u65f6\u5377 \u4e0d\u4fdd\u5b58\u5bf9\u5176\u6240\u505a\u7684\u66f4\u6539\u5e76\u5728\u5f53\u524d\u7528\u6237\u653e\u5f03\u63a7\u5236\u6743\u65f6\u6062\u590d\u5230\u5176\u539f\u59cb\u72b6\u6001\u7684\u5377\u3002 Essex 2012 \u5e74 4 \u6708\u53d1\u5e03\u7684\u4e0e OpenStack \u76f8\u5173\u7684\u9879\u76ee\u7684\u5206\u7ec4\u7248\u672c\uff0c\u662f OpenStack \u7684\u7b2c\u4e94\u4e2a\u7248\u672c\u3002\u5b83\u5305\u62ec\u8ba1\u7b97\uff08nova 2012.1\uff09\u3001\u5bf9\u8c61\u5b58\u50a8\uff08swift 1.4.8\uff09\u3001\u56fe\u50cf\uff08glance\uff09\u3001\u8eab\u4efd\uff08keystone\uff09\u548c\u4eea\u8868\u677f\uff08horizon\uff09\u3002Essex \u662f OpenStack \u7b2c\u4e94\u4e2a\u7248\u672c\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u7f8e\u56fd\u9a6c\u8428\u8bf8\u585e\u5dde\u6ce2\u58eb\u987f\u4e3e\u884c\uff0cEssex\u662f\u9644\u8fd1\u7684\u57ce\u5e02\u3002 ESXi \u652f\u6301 OpenStack \u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002 ETag \u51fd\u6570 \u5bf9\u8c61\u5b58\u50a8\u4e2d\u5bf9\u8c61\u7684 MD5 \u54c8\u5e0c\u503c\uff0c\u7528\u4e8e\u786e\u4fdd\u6570\u636e\u5b8c\u6574\u6027\u3002 euca2ools \u7528\u4e8e\u7ba1\u7406 VM \u7684\u547d\u4ee4\u884c\u5de5\u5177\u96c6\u5408;\u5927\u591a\u6570\u90fd\u4e0eOpenStack\u517c\u5bb9\u3002 Eucalyptus Kernel Image \uff08EKI\uff09 \u4e0e ERI \u4e00\u8d77\u4f7f\u7528\u4ee5\u521b\u5efa EMI\u3002 Eucalyptus\u673a\u5668\u6620\u50cf \uff08EMI\uff09 \u6620\u50cf\u670d\u52a1\u652f\u6301\u7684\u865a\u62df\u673a\u955c\u50cf\u5bb9\u5668\u683c\u5f0f\u3002 Eucalyptus Ramdisk \u955c\u50cf \uff08ERI\uff09 \u4e0e EKI \u4e00\u8d77\u4f7f\u7528\u4ee5\u521b\u5efa EMI\u3002 \u64a4\u79bb \u5c06\u4e00\u4e2a\u6216\u6240\u6709\u865a\u62df\u673a \uff08VM\uff09 \u5b9e\u4f8b\u4ece\u4e00\u53f0\u4e3b\u673a\u8fc1\u79fb\u5230\u53e6\u4e00\u53f0\u4e3b\u673a\u7684\u8fc7\u7a0b\uff0c\u4e0e\u5171\u4eab\u5b58\u50a8\u5b9e\u65f6\u8fc1\u79fb\u548c\u5757\u8fc1\u79fb\u517c\u5bb9\u3002 \u4ea4\u6362 RabbitMQ \u6d88\u606f\u4ea4\u6362\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u4ea4\u6362\u7c7b\u578b Compute RabbitMQ \u4e2d\u7684\u8def\u7531\u7b97\u6cd5\u3002 \u72ec\u5360\u961f\u5217 \u7531 RabbitMQ \u4e2d\u7684\u76f4\u63a5\u4f7f\u7528\u8005\u8fde\u63a5\u5230 - \u8ba1\u7b97\uff0c\u6d88\u606f\u53ea\u80fd\u7531\u5f53\u524d\u8fde\u63a5\u4f7f\u7528\u3002 \u6269\u5c55\u5c5e\u6027 \uff08xattr\uff09 \u6587\u4ef6\u7cfb\u7edf\u9009\u9879\uff0c\u7528\u4e8e\u5b58\u50a8\u6240\u6709\u8005\u3001\u7ec4\u3001\u6743\u9650\u3001\u4fee\u6539\u65f6\u95f4\u7b49\u4ee5\u5916\u7684\u5176\u4ed6\u4fe1\u606f\u3002\u5e95\u5c42\u5bf9\u8c61\u5b58\u50a8\u6587\u4ef6\u7cfb\u7edf\u5fc5\u987b\u652f\u6301\u6269\u5c55\u5c5e\u6027\u3002 \u6269\u5c55 API \u6269\u5c55\u6216\u63d2\u4ef6\u7684\u66ff\u4ee3\u672f\u8bed\u3002\u5728 Identity \u670d\u52a1\u7684\u4e0a\u4e0b\u6587\u4e2d\uff0c\u8fd9\u662f\u7279\u5b9a\u4e8e\u5b9e\u73b0\u7684\u8c03\u7528\uff0c\u4f8b\u5982\u6dfb\u52a0\u5bf9 OpenID \u7684\u652f\u6301\u3002 \u5916\u90e8\u7f51\u7edc \u901a\u5e38\u7528\u4e8e Internet \u8bbf\u95ee\u7684\u7f51\u6bb5\u3002 \u989d\u5916\u89c4\u683c \u6307\u5b9a\u8ba1\u7b97\u786e\u5b9a\u4ece\u4f55\u5904\u5f00\u59cb\u65b0\u5b9e\u4f8b\u65f6\u7684\u5176\u4ed6\u8981\u6c42\u3002\u793a\u4f8b\u5305\u62ec\u6700\u5c0f\u7f51\u7edc\u5e26\u5bbd\u6216 GPU \u91cf\u3002 F \u00b6 FakeLDAP \u521b\u5efa\u7528\u4e8e\u6d4b\u8bd5\u8eab\u4efd\u548c\u8ba1\u7b97\u7684\u672c\u5730 LDAP \u76ee\u5f55\u7684\u7b80\u5355\u65b9\u6cd5\u3002\u9700\u8981 Redis\u3002 fan-out\u4ea4\u6362 \u5728 RabbitMQ \u548c Compute \u4e2d\uff0c\u8c03\u5ea6\u7a0b\u5e8f\u670d\u52a1\u4f7f\u7528\u6d88\u606f\u4f20\u9012\u63a5\u53e3\u4ece\u8ba1\u7b97\u3001\u5377\u548c\u7f51\u7edc\u8282\u70b9\u63a5\u6536\u529f\u80fd\u6d88\u606f\u3002 \u8054\u5408\u8eab\u4efd \u4e00\u79cd\u5728\u8eab\u4efd\u63d0\u4f9b\u5546\u548c OpenStack \u4e91\u4e4b\u95f4\u5efa\u7acb\u4fe1\u4efb\u7684\u65b9\u6cd5\u3002 Fedora \u4e0e OpenStack \u517c\u5bb9\u7684 Linux \u53d1\u884c\u7248\u3002 \u5149\u7ea4\u901a\u9053 \u5b58\u50a8\u534f\u8bae\u5728\u6982\u5ff5\u4e0a\u7c7b\u4f3c\u4e8e TCP/IP;\u5c01\u88c5 SCSI \u547d\u4ee4\u548c\u6570\u636e\u3002 \u4ee5\u592a\u7f51\u5149\u7ea4\u901a\u9053 \uff08FCoE\uff09 \u5149\u7ea4\u901a\u9053\u534f\u8bae\u5728\u4ee5\u592a\u7f51\u5185\u901a\u8fc7\u96a7\u9053\u4f20\u8f93\u3002 \u586b\u5145\u4f18\u5148\u8c03\u5ea6\u5668 \u8ba1\u7b97\u8ba1\u5212\u65b9\u6cd5\uff0c\u5c1d\u8bd5\u7528 VM \u586b\u5145\u4e3b\u673a\uff0c\u800c\u4e0d\u662f\u5728\u5404\u79cd\u4e3b\u673a\u4e0a\u542f\u52a8\u65b0 VM\u3002 \u8fc7\u6ee4\u5668 \u8ba1\u7b97\u8ba1\u5212\u8fc7\u7a0b\u4e2d\u7684\u6b65\u9aa4\uff0c\u5f53\u65e0\u6cd5\u8fd0\u884c VM \u7684\u4e3b\u673a\u88ab\u6dd8\u6c70\u4e14\u672a\u88ab\u9009\u4e2d\u65f6\u3002 \u9632\u706b\u5899 \u7528\u4e8e\u9650\u5236\u4e3b\u673a\u548c/\u6216\u8282\u70b9\u4e4b\u95f4\u7684\u901a\u4fe1\uff0c\u5728\u8ba1\u7b97\u4e2d\u4f7f\u7528 iptables\u3001arptables\u3001ip6tables \u548c ebtables \u5b9e\u73b0\u3002 \u9632\u706b\u5899\u5373\u670d\u52a1 \uff08FWaaS\uff09 \u63d0\u4f9b\u5916\u56f4\u9632\u706b\u5899\u529f\u80fd\u7684\u7f51\u7edc\u6269\u5c55\u3002 \u56fa\u5b9a IP \u5730\u5740 \u6bcf\u6b21\u542f\u52a8\u5b9e\u4f8b\u65f6\u90fd\u4e0e\u540c\u4e00\u5b9e\u4f8b\u5173\u8054\u7684 IP \u5730\u5740\u901a\u5e38\u4e0d\u5bf9\u6700\u7ec8\u7528\u6237\u6216\u516c\u5171 Internet \u8bbf\u95ee\uff0c\u5e76\u7528\u4e8e\u7ba1\u7406\u5b9e\u4f8b\u3002 \u5e73\u9762\u7ba1\u7406\u5668 \u8ba1\u7b97\u7ec4\u4ef6\u4e3a\u6388\u6743\u8282\u70b9\u63d0\u4f9b IP \u5730\u5740\uff0c\u5e76\u5047\u5b9a DHCP\u3001DNS \u4ee5\u53ca\u8def\u7531\u914d\u7f6e\u548c\u670d\u52a1\u7531\u5176\u4ed6\u8bbe\u5907\u63d0\u4f9b\u3002 \u5e73\u9762\u6a21\u5f0f\u6ce8\u5165 \u4e00\u79cd\u8ba1\u7b97\u7f51\u7edc\u65b9\u6cd5\uff0c\u5728\u5b9e\u4f8b\u542f\u52a8\u4e4b\u524d\u5c06\u64cd\u4f5c\u7cfb\u7edf\u7f51\u7edc\u914d\u7f6e\u4fe1\u606f\u6ce8\u5165\u5230 VM \u6620\u50cf\u4e2d\u3002 \u5e73\u9762\u7f51\u7edc \u865a\u62df\u7f51\u7edc\u7c7b\u578b\uff0c\u4e0d\u4f7f\u7528VLAN\u6216\u96a7\u9053\u6765\u5206\u9694\u9879\u76ee\u6d41\u91cf\u3002\u6bcf\u4e2a\u5e73\u9762\u7f51\u7edc\u901a\u5e38\u9700\u8981\u5b9a\u4e49\u7531\u6865\u63a5\u6620\u5c04\u5b9a\u4e49\u7684\u5355\u72ec\u7684\u5e95\u5c42\u7269\u7406\u63a5\u53e3\u3002\u4f46\u662f\uff0c\u5e73\u9762\u7f51\u7edc\u53ef\u4ee5\u5305\u542b\u591a\u4e2a\u5b50\u7f51\u3002FlatDHCP \u7ba1\u7406\u5668 \u63d0\u4f9b dnsmasq\uff08DHCP\u3001DNS\u3001BOOTP\u3001TFTP\uff09\u548c radvd\uff08\u8def\u7531\uff09\u670d\u52a1\u7684\u8ba1\u7b97\u7ec4\u4ef6\u3002 \u89c4\u683c VM \u5b9e\u4f8b\u7c7b\u578b\u7684\u66ff\u4ee3\u672f\u8bed \u89c4\u683cID \u6bcf\u79cd\u8ba1\u7b97\u6216\u6620\u50cf\u670d\u52a1\u865a\u62df\u673a\u89c4\u683c\u6216\u5b9e\u4f8b\u7c7b\u578b\u7684 UUID\u3002 \u6d6e\u52a8 IP \u5730\u5740 \u9879\u76ee\u53ef\u4ee5\u4e0e VM \u5173\u8054\u7684 IP \u5730\u5740\uff0c\u4ee5\u4fbf\u5b9e\u4f8b\u5728\u6bcf\u6b21\u542f\u52a8\u65f6\u90fd\u5177\u6709\u76f8\u540c\u7684\u516c\u6709 IP \u5730\u5740\u3002\u60a8\u53ef\u4ee5\u521b\u5efa\u4e00\u4e2a\u6d6e\u52a8 IP \u5730\u5740\u6c60\uff0c\u5e76\u5728\u5b9e\u4f8b\u542f\u52a8\u65f6\u5c06\u5176\u5206\u914d\u7ed9\u5b9e\u4f8b\uff0c\u4ee5\u4fdd\u6301\u4e00\u81f4\u7684 IP \u5730\u5740\u4ee5\u7ef4\u62a4 DNS \u5206\u914d\u3002 Folsom 2012 \u5e74\u79cb\u5b63\u53d1\u5e03\u7684\u4e0e OpenStack \u76f8\u5173\u7684\u9879\u76ee\u7684\u5206\u7ec4\u7248\u672c\uff0c\u662f OpenStack \u7684\u7b2c\u516d\u4e2a\u7248\u672c\u3002\u5b83\u5305\u62ec\u8ba1\u7b97 \uff08nova\uff09\u3001\u5bf9\u8c61\u5b58\u50a8 \uff08swift\uff09\u3001\u8eab\u4efd \uff08keystone\uff09\u3001\u7f51\u7edc \uff08neutron\uff09\u3001\u6620\u50cf\u670d\u52a1 \uff08glance\uff09 \u4ee5\u53ca\u5377\u6216\u5757\u5b58\u50a8 \uff08cinder\uff09\u3002Folsom \u662f OpenStack \u7b2c\u516d\u4e2a\u7248\u672c\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u7f8e\u56fd\u52a0\u5229\u798f\u5c3c\u4e9a\u5dde\u65e7\u91d1\u5c71\u4e3e\u884c\uff0c\u798f\u5c14\u745f\u59c6\u662f\u9644\u8fd1\u7684\u57ce\u5e02\u3002 FormPost \u5bf9\u8c61\u5b58\u50a8\u4e2d\u95f4\u4ef6\uff0c\u901a\u8fc7\u7f51\u9875\u4e0a\u7684\u8868\u5355\u4e0a\u4f20\uff08\u53d1\u5e03\uff09\u56fe\u50cf\u3002 freezer \u5907\u4efd\u3001\u8fd8\u539f\u548c\u707e\u96be\u6062\u590d\u670d\u52a1\u7684\u4ee3\u53f7\u3002 \u524d\u7aef \u7528\u6237\u4e0e\u670d\u52a1\u4ea4\u4e92\u7684\u70b9;\u53ef\u4ee5\u662f API \u7aef\u70b9\u3001\u4eea\u8868\u677f\u6216\u547d\u4ee4\u884c\u5de5\u5177\u3002 G \u00b6 \u7f51\u5173 \u901a\u5e38\u5206\u914d\u7ed9\u8def\u7531\u5668\u7684 IP \u5730\u5740\uff0c\u7528\u4e8e\u5728\u4e0d\u540c\u7f51\u7edc\u4e4b\u95f4\u4f20\u9012\u7f51\u7edc\u6d41\u91cf\u3002 \u901a\u7528\u63a5\u6536\u5378\u8f7d \uff08GRO\uff09 \u67d0\u4e9b\u7f51\u7edc\u63a5\u53e3\u9a71\u52a8\u7a0b\u5e8f\u7684\u529f\u80fd\uff0c\u5728\u4f20\u9001\u5230\u5185\u6838 IP \u5806\u6808\u4e4b\u524d\uff0c\u5c06\u8bb8\u591a\u8f83\u5c0f\u7684\u63a5\u6536\u6570\u636e\u5305\u5408\u5e76\u4e3a\u4e00\u4e2a\u5927\u6570\u636e\u5305\u3002 \u901a\u7528\u8def\u7531\u5c01\u88c5 \uff08GRE\uff09 \u5728\u865a\u62df\u70b9\u5bf9\u70b9\u94fe\u8def\u4e2d\u5c01\u88c5\u5404\u79cd\u7f51\u7edc\u5c42\u534f\u8bae\u7684\u534f\u8bae\u3002 glance \u5f71\u50cf\u670d\u52a1\u7684\u4ee3\u53f7\u3002 glance API \u670d\u52a1\u5668 \u56fe\u50cf API \u7684\u66ff\u4ee3\u540d\u79f0\u3002 glance \u6ce8\u518c\u8868 \u6620\u50cf\u670d\u52a1\u6620\u50cf\u6ce8\u518c\u8868\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u5168\u5c40\u7aef\u70b9\u6a21\u677f \u5305\u542b\u53ef\u7528\u4e8e\u6240\u6709\u9879\u76ee\u7684\u670d\u52a1\u7684\u6807\u8bc6\u670d\u52a1\u7ec8\u7ed3\u70b9\u6a21\u677f\u3002 GlusterFS \u4e00\u4e2a\u65e8\u5728\u805a\u5408 NAS \u4e3b\u673a\u7684\u6587\u4ef6\u7cfb\u7edf\uff0c\u4e0e OpenStack \u517c\u5bb9\u3002 gnocchi OpenStack Telemetry \u670d\u52a1\u7684\u4e00\u90e8\u5206;\u63d0\u4f9b\u7d22\u5f15\u5668\u548c\u65f6\u5e8f\u6570\u636e\u5e93\u3002 golden\u6620\u50cf \u4e00\u79cd\u64cd\u4f5c\u7cfb\u7edf\u5b89\u88c5\u65b9\u6cd5\uff0c\u5176\u4e2d\u521b\u5efa\u6700\u7ec8\u7684\u78c1\u76d8\u6620\u50cf\uff0c\u7136\u540e\u7531\u6240\u6709\u8282\u70b9\u4f7f\u7528\uff0c\u65e0\u9700\u4fee\u6539\u3002 \u6cbb\u7406\u670d\u52a1\uff08\u5927\u4f1a\uff09 \u8be5\u9879\u76ee\u5728\u4efb\u4f55\u4e91\u670d\u52a1\u96c6\u5408\u4e2d\u63d0\u4f9b\u6cbb\u7406\u5373\u670d\u52a1\uff0c\u4ee5\u4fbf\u76d1\u89c6\u3001\u5b9e\u65bd\u548c\u5ba1\u6838\u52a8\u6001\u57fa\u7840\u7ed3\u6784\u4e0a\u7684\u7b56\u7565\u3002 \u56fe\u5f62\u4ea4\u6362\u683c\u5f0f \uff08GIF\uff09 \u4e00\u79cd\u901a\u5e38\u7528\u4e8e\u7f51\u9875\u4e0a\u7684\u52a8\u753b\u56fe\u50cf\u7684\u56fe\u50cf\u6587\u4ef6\u3002 \u56fe\u5f62\u5904\u7406\u5355\u5143 \uff08GPU\uff09 OpenStack \u76ee\u524d\u4e0d\u652f\u6301\u6839\u636e GPU \u7684\u5b58\u5728\u6765\u9009\u62e9\u4e3b\u673a\u3002 \u7eff\u8272\u7ebf\u7a0b Python \u4f7f\u7528\u7684\u534f\u4f5c\u7ebf\u7a0b\u6a21\u578b;\u51cf\u5c11\u4e89\u7528\u6761\u4ef6\uff0c\u5e76\u4e14\u4ec5\u5728\u8fdb\u884c\u7279\u5b9a\u5e93\u8c03\u7528\u65f6\u8fdb\u884c\u4e0a\u4e0b\u6587\u5207\u6362\u3002\u6bcf\u4e2a OpenStack \u670d\u52a1\u90fd\u662f\u5b83\u81ea\u5df1\u7684\u7ebf\u7a0b\u3002 Grizzly OpenStack \u7b2c\u4e03\u4e2a\u7248\u672c\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u7f8e\u56fd\u52a0\u5229\u798f\u5c3c\u4e9a\u5dde\u5723\u5730\u4e9a\u54e5\u4e3e\u884c\uff0cGrizzly\u662f\u52a0\u5229\u798f\u5c3c\u4e9a\u5dde\u5dde\u65d7\u7684\u4e00\u4e2a\u5143\u7d20\u3002 \u5206\u7ec4 Identity v3 API \u5b9e\u4f53\u3002\u8868\u793a\u7279\u5b9a\u57df\u6240\u62e5\u6709\u7684\u7528\u6237\u96c6\u5408\u3002 \u5ba2\u6237\u673a\u64cd\u4f5c\u7cfb\u7edf \u5728\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u7684\u63a7\u5236\u4e0b\u8fd0\u884c\u7684\u64cd\u4f5c\u7cfb\u7edf\u5b9e\u4f8b\u3002 H \u00b6 Hadoop Apache Hadoop \u662f\u4e00\u4e2a\u5f00\u6e90\u8f6f\u4ef6\u6846\u67b6\uff0c\u652f\u6301\u6570\u636e\u5bc6\u96c6\u578b\u5206\u5e03\u5f0f\u5e94\u7528\u7a0b\u5e8f\u3002 Hadoop \u5206\u5e03\u5f0f\u6587\u4ef6\u7cfb\u7edf \uff08HDFS\uff09 \u4e00\u79cd\u5206\u5e03\u5f0f\u3001\u9ad8\u5ea6\u5bb9\u9519\u7684\u6587\u4ef6\u7cfb\u7edf\uff0c\u8bbe\u8ba1\u7528\u4e8e\u5728\u4f4e\u6210\u672c\u5546\u7528\u786c\u4ef6\u4e0a\u8fd0\u884c\u3002 \u4ea4\u63a5 \u5bf9\u8c61\u5b58\u50a8\u4e2d\u7684\u4e00\u79cd\u5bf9\u8c61\u72b6\u6001\uff0c\u5176\u4e2d\u7531\u4e8e\u9a71\u52a8\u5668\u6545\u969c\u800c\u81ea\u52a8\u521b\u5efa\u5bf9\u8c61\u7684\u65b0\u526f\u672c\u3002 HAProxy \u51fd\u6570 \u4e3a\u57fa\u4e8e TCP \u548c HTTP \u7684\u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u8d1f\u8f7d\u5e73\u8861\u5668\uff0c\u5c06\u8bf7\u6c42\u5206\u6563\u5230\u591a\u4e2a\u670d\u52a1\u5668\u3002 \u786c\u91cd\u542f \u4e00\u79cd\u91cd\u65b0\u542f\u52a8\u7c7b\u578b\uff0c\u5176\u4e2d\u6309\u4e0b\u7269\u7406\u6216\u865a\u62df\u7535\u6e90\u6309\u94ae\uff0c\u800c\u4e0d\u662f\u6b63\u5e38\u3001\u6b63\u786e\u5730\u5173\u95ed\u64cd\u4f5c\u7cfb\u7edf\u3002 Havana OpenStack \u7b2c\u516b\u7248\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u7f8e\u56fd\u4fc4\u52d2\u5188\u5dde\u6ce2\u7279\u5170\u5e02\u4e3e\u884c\uff0cHavana\u662f\u4fc4\u52d2\u5188\u5dde\u7684\u4e00\u4e2a\u975e\u6cd5\u4eba\u793e\u533a\u3002 \u5065\u5eb7\u76d1\u89c6\u5668 \u786e\u5b9a VIP \u6c60\u7684\u540e\u7aef\u6210\u5458\u662f\u5426\u53ef\u4ee5\u5904\u7406\u8bf7\u6c42\u3002\u4e00\u4e2a\u6c60\u53ef\u4ee5\u6709\u591a\u4e2a\u4e0e\u4e4b\u5173\u8054\u7684\u8fd0\u884c\u72b6\u51b5\u76d1\u89c6\u5668\u3002\u5f53\u6c60\u6709\u591a\u4e2a\u4e0e\u4e4b\u5173\u8054\u7684\u76d1\u89c6\u5668\u65f6\uff0c\u6240\u6709\u76d1\u89c6\u5668\u90fd\u4f1a\u68c0\u67e5\u6c60\u7684\u6bcf\u4e2a\u6210\u5458\u3002\u6240\u6709\u76d1\u89c6\u5668\u90fd\u5fc5\u987b\u58f0\u660e\u6210\u5458\u8fd0\u884c\u72b6\u51b5\u826f\u597d\uff0c\u624d\u80fd\u4fdd\u6301\u6d3b\u52a8\u72b6\u6001\u3002 heat \u4e1a\u52a1\u6d41\u7a0b\u670d\u52a1\u7684\u4ee3\u53f7\u3002 Heat \u7f16\u6392\u6a21\u677f \uff08HOT\uff09 \u4ee5 OpenStack \u539f\u751f\u683c\u5f0f\u7684 Heat \u8f93\u5165\u3002 \u9ad8\u53ef\u7528\u6027 \uff08HA\uff09 \u9ad8\u53ef\u7528\u6027\u7cfb\u7edf\u8bbe\u8ba1\u65b9\u6cd5\u548c\u76f8\u5173\u670d\u52a1\u5b9e\u65bd\u53ef\u786e\u4fdd\u5728\u5408\u540c\u6d4b\u91cf\u671f\u95f4\u8fbe\u5230\u9884\u5148\u5b89\u6392\u7684\u8fd0\u8425\u7ee9\u6548\u6c34\u5e73\u3002\u9ad8\u53ef\u7528\u6027\u7cfb\u7edf\u529b\u6c42\u6700\u5927\u9650\u5ea6\u5730\u51cf\u5c11\u7cfb\u7edf\u505c\u673a\u65f6\u95f4\u548c\u6570\u636e\u4e22\u5931\u3002 horizon \u4eea\u8868\u677f\u7684\u4ee3\u53f7\u3002 Horizon \u63d2\u4ef6 OpenStack Dashboard \uff08horizon\uff09 \u7684\u63d2\u4ef6\u3002 \u4e3b\u673a \u7269\u7406\u8ba1\u7b97\u673a\uff0c\u800c\u4e0d\u662f VM \u5b9e\u4f8b\uff08\u8282\u70b9\uff09\u3002 \u4e3b\u673a\u805a\u5408 \u4e00\u79cd\u5c06\u53ef\u7528\u6027\u533a\u57df\u8fdb\u4e00\u6b65\u7ec6\u5206\u4e3a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u6c60\uff08\u516c\u5171\u4e3b\u673a\u7684\u96c6\u5408\uff09\u7684\u65b9\u6cd5\u3002 \u4e3b\u673a\u603b\u7ebf\u9002\u914d\u5668 \uff08HBA\uff09 \u63d2\u5165 PCI \u63d2\u69fd\uff08\u5982\u5149\u7ea4\u901a\u9053\u6216\u7f51\u5361\uff09\u7684\u8bbe\u5907\u3002 \u6df7\u5408\u4e91 \u6df7\u5408\u4e91\u662f\u7531\u4e24\u4e2a\u6216\u591a\u4e2a\u4e91\uff08\u79c1\u6709\u4e91\u3001\u793e\u533a\u4e91\u6216\u516c\u6709\u4e91\uff09\u7ec4\u6210\u7684\uff0c\u8fd9\u4e9b\u4e91\u4ecd\u7136\u662f\u4e0d\u540c\u7684\u5b9e\u4f53\uff0c\u4f46\u7ed1\u5b9a\u5728\u4e00\u8d77\uff0c\u63d0\u4f9b\u591a\u79cd\u90e8\u7f72\u6a21\u578b\u7684\u4f18\u52bf\u3002\u6df7\u5408\u4e91\u8fd8\u610f\u5473\u7740\u80fd\u591f\u5c06\u4e3b\u673a\u6258\u7ba1\u3001\u6258\u7ba1\u548c/\u6216\u4e13\u7528\u670d\u52a1\u4e0e\u4e91\u8d44\u6e90\u8fde\u63a5\u8d77\u6765\u3002 \u6df7\u5408\u4e91\u8ba1\u7b97 \u6df7\u5408\u4e86\u672c\u5730\u3001\u79c1\u6709\u4e91\u548c\u7b2c\u4e09\u65b9\u516c\u6709\u4e91\u670d\u52a1\uff0c\u5e76\u5728\u4e24\u4e2a\u5e73\u53f0\u4e4b\u95f4\u8fdb\u884c\u7f16\u6392\u3002 Hyper-V OpenStack \u652f\u6301\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e4b\u4e00\u3002 \u8d85\u94fe\u63a5 \u5305\u542b\u6307\u5411\u5176\u4ed6\u7f51\u7ad9\u7684\u94fe\u63a5\u7684\u4efb\u4f55\u7c7b\u578b\u7684\u6587\u672c\uff0c\u5e38\u89c1\u4e8e\u5355\u51fb\u4e00\u4e2a\u6216\u591a\u4e2a\u5355\u8bcd\u4f1a\u6253\u5f00\u5176\u4ed6\u7f51\u7ad9\u7684\u6587\u6863\u4e2d\u3002 \u8d85\u6587\u672c\u4f20\u8f93\u534f\u8bae \uff08HTTP\uff09 \u7528\u4e8e\u5206\u5e03\u5f0f\u3001\u534f\u4f5c\u5f0f\u3001\u8d85\u5a92\u4f53\u4fe1\u606f\u7cfb\u7edf\u7684\u5e94\u7528\u534f\u8bae\u3002\u5b83\u662f\u4e07\u7ef4\u7f51\u6570\u636e\u901a\u4fe1\u7684\u57fa\u7840\u3002\u8d85\u6587\u672c\u662f\u5728\u5305\u542b\u6587\u672c\u7684\u8282\u70b9\u4e4b\u95f4\u4f7f\u7528\u903b\u8f91\u94fe\u63a5\uff08\u8d85\u94fe\u63a5\uff09\u7684\u7ed3\u6784\u5316\u6587\u672c\u3002HTTP\u662f\u4ea4\u6362\u6216\u4f20\u8f93\u8d85\u6587\u672c\u7684\u534f\u8bae\u3002 \u5b89\u5168\u8d85\u6587\u672c\u4f20\u8f93\u534f\u8bae \uff08HTTPS\uff09\u4e00\u79cd\u52a0\u5bc6\u901a\u4fe1\u534f\u8bae\uff0c\u7528\u4e8e\u901a\u8fc7\u8ba1\u7b97\u673a\u7f51\u7edc\u8fdb\u884c\u5b89\u5168\u901a\u4fe1\uff0c\u5728 Internet \u4e0a\u7684\u90e8\u7f72\u7279\u522b\u5e7f\u6cdb\u3002\u4ece\u6280\u672f\u4e0a\u8bb2\uff0c\u5b83\u672c\u8eab\u4e0d\u662f\u4e00\u4e2a\u534f\u8bae;\u76f8\u53cd\uff0c\u5b83\u662f\u7b80\u5355\u5730\u5c06\u8d85\u6587\u672c\u4f20\u8f93\u534f\u8bae \uff08HTTP\uff09 \u5206\u5c42\u5728 TLS \u6216 SSL \u534f\u8bae\u4e4b\u4e0a\u7684\u7ed3\u679c\uff0c\u4ece\u800c\u5c06 TLS \u6216 SSL \u7684\u5b89\u5168\u529f\u80fd\u6dfb\u52a0\u5230\u6807\u51c6 HTTP \u901a\u4fe1\u4e2d\u3002\u5927\u591a\u6570 OpenStack API \u7aef\u70b9\u548c\u8bb8\u591a\u7ec4\u4ef6\u95f4\u901a\u4fe1\u90fd\u652f\u6301 HTTPS \u901a\u4fe1\u3002 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f \u4ef2\u88c1\u548c\u63a7\u5236 VM \u5bf9\u5b9e\u9645\u5e95\u5c42\u786c\u4ef6\u7684\u8bbf\u95ee\u7684\u8f6f\u4ef6\u3002 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u6c60 \u901a\u8fc7\u4e3b\u673a\u805a\u5408\u7ec4\u5408\u5728\u4e00\u8d77\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u7684\u96c6\u5408\u3002 I \u00b6 Icehouse OpenStack \u7b2c\u4e5d\u4e2a\u7248\u672c\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u9999\u6e2f\u4e3e\u884c\uff0cIce House\u662f\u8be5\u5e02\u7684\u4e00\u6761\u8857\u9053\u7684\u540d\u5b57\u3002 \u8eab\u4efd\u8bc1\u53f7\u7801 \u4e0e\u8eab\u4efd\u4e2d\u7684\u6bcf\u4e2a\u7528\u6237\u5173\u8054\u7684\u552f\u4e00\u6570\u5b57 ID\uff0c\u5728\u6982\u5ff5\u4e0a\u7c7b\u4f3c\u4e8e Linux \u6216 LDAP UID\u3002 \u8eab\u4efd\u9a8c\u8bc1 API Identity \u670d\u52a1 API \u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u8eab\u4efd\u9a8c\u8bc1\u540e\u7aef Identity \u670d\u52a1\u7528\u4e8e\u68c0\u7d22\u7528\u6237\u4fe1\u606f\u7684\u6e90;\u4f8b\u5982\uff0cOpenLDAP \u670d\u52a1\u5668\u3002 \u8eab\u4efd\u63d0\u4f9b\u8005 \u4e00\u79cd\u76ee\u5f55\u670d\u52a1\uff0c\u5141\u8bb8\u7528\u6237\u4f7f\u7528\u7528\u6237\u540d\u548c\u5bc6\u7801\u767b\u5f55\u3002\u5b83\u662f\u8eab\u4efd\u9a8c\u8bc1\u4ee4\u724c\u7684\u5178\u578b\u6765\u6e90\u3002 \u8eab\u4efd\u670d\u52a1\uff08keystone\uff09 \u4fc3\u8fdb API \u5ba2\u6237\u7aef\u8eab\u4efd\u9a8c\u8bc1\u3001\u670d\u52a1\u53d1\u73b0\u3001\u5206\u5e03\u5f0f\u591a\u9879\u76ee\u6388\u6743\u548c\u5ba1\u8ba1\u7684\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u7528\u6237\u6620\u5c04\u5230\u4ed6\u4eec\u53ef\u4ee5\u8bbf\u95ee\u7684 OpenStack \u670d\u52a1\u7684\u4e2d\u592e\u76ee\u5f55\u3002\u5b83\u8fd8\u4e3a OpenStack \u670d\u52a1\u6ce8\u518c\u7aef\u70b9\uff0c\u5e76\u5145\u5f53\u901a\u7528\u8eab\u4efd\u9a8c\u8bc1\u7cfb\u7edf\u3002 \u8eab\u4efd\u670d\u52a1 API \u7528\u4e8e\u8bbf\u95ee\u901a\u8fc7 keystone \u63d0\u4f9b\u7684 OpenStack Identity \u670d\u52a1\u7684 API\u3002 IETF \uff08\u82f1\u8bed\uff09 Internet \u5de5\u7a0b\u4efb\u52a1\u7ec4 \uff08IETF\uff09 \u662f\u4e00\u4e2a\u5f00\u653e\u6807\u51c6\u7ec4\u7ec7\uff0c\u8d1f\u8d23\u5236\u5b9a Internet \u6807\u51c6\uff0c\u5c24\u5176\u662f\u4e0e TCP/IP \u76f8\u5173\u7684\u6807\u51c6\u3002 \u6620\u50cf \u7528\u4e8e\u521b\u5efa\u6216\u91cd\u5efa\u670d\u52a1\u5668\u7684\u7279\u5b9a\u64cd\u4f5c\u7cfb\u7edf \uff08OS\uff09 \u7684\u6587\u4ef6\u96c6\u5408\u3002OpenStack \u63d0\u4f9b\u9884\u6784\u5efa\u7684\u6620\u50cf\u3002\u60a8\u8fd8\u53ef\u4ee5\u4ece\u5df2\u542f\u52a8\u7684\u670d\u52a1\u5668\u521b\u5efa\u81ea\u5b9a\u4e49\u6620\u50cf\u6216\u5feb\u7167\u3002\u81ea\u5b9a\u4e49\u6620\u50cf\u53ef\u7528\u4e8e\u6570\u636e\u5907\u4efd\uff0c\u6216\u7528\u4f5c\u5176\u4ed6\u670d\u52a1\u5668\u7684\u201c\u9ec4\u91d1\u201d\u6620\u50cf\u3002 \u6620\u50cfAPI \u7528\u4e8e\u7ba1\u7406 VM \u6620\u50cf\u7684\u6620\u50cf\u670d\u52a1 API \u7ec8\u7ed3\u70b9\u3002\u5904\u7406\u5ba2\u6237\u7aef\u5bf9 VM \u7684\u8bf7\u6c42\uff0c\u66f4\u65b0\u6ce8\u518c\u8868\u670d\u52a1\u5668\u4e0a\u7684\u6620\u50cf\u670d\u52a1\u5143\u6570\u636e\uff0c\u5e76\u4e0e\u5b58\u50a8\u9002\u914d\u5668\u901a\u4fe1\u4ee5\u4ece\u540e\u7aef\u5b58\u50a8\u4e0a\u4f20 VM \u6620\u50cf\u3002 \u6620\u50cf\u7f13\u5b58 \u7531\u56fe\u50cf\u670d\u52a1\u7528\u4e8e\u83b7\u53d6\u672c\u5730\u4e3b\u673a\u4e0a\u7684\u56fe\u50cf\uff0c\u800c\u4e0d\u662f\u5728\u6bcf\u6b21\u8bf7\u6c42\u56fe\u50cf\u65f6\u4ece\u56fe\u50cf\u670d\u52a1\u5668\u91cd\u65b0\u4e0b\u8f7d\u56fe\u50cf\u3002 \u6620\u50cf ID URI \u548c UUID \u7684\u7ec4\u5408\uff0c\u7528\u4e8e\u901a\u8fc7\u955c\u50cf API \u8bbf\u95ee\u955c\u50cf\u670d\u52a1\u865a\u62df\u673a\u955c\u50cf\u3002 \u6620\u50cf\u6210\u5458 \u53ef\u4ee5\u5728\u6620\u50cf\u670d\u52a1\u4e2d\u8bbf\u95ee\u7ed9\u5b9a VM \u6620\u50cf\u7684\u9879\u76ee\u5217\u8868\u3002 \u6620\u50cf\u6240\u6709\u8005 \u62e5\u6709\u955c\u50cf\u670d\u52a1\u865a\u62df\u673a\u955c\u50cf\u7684\u9879\u76ee\u3002 \u6620\u50cf\u6ce8\u518c\u8868 \u53ef\u901a\u8fc7\u6620\u50cf\u670d\u52a1\u83b7\u53d6\u7684 VM \u6620\u50cf\u7684\u5217\u8868\u3002 \u6620\u50cf\u670d\u52a1\uff08glance\uff09 OpenStack \u670d\u52a1\uff0c\u5b83\u63d0\u4f9b\u670d\u52a1\u548c\u5173\u8054\u7684\u5e93\u6765\u5b58\u50a8\u3001\u6d4f\u89c8\u3001\u5171\u4eab\u3001\u5206\u53d1\u548c\u7ba1\u7406\u53ef\u542f\u52a8\u78c1\u76d8\u6620\u50cf\u3001\u4e0e\u521d\u59cb\u5316\u8ba1\u7b97\u8d44\u6e90\u5bc6\u5207\u76f8\u5173\u7684\u5176\u4ed6\u6570\u636e\u4ee5\u53ca\u5143\u6570\u636e\u5b9a\u4e49\u3002 \u6620\u50cf\u72b6\u6001 \u955c\u50cf\u670d\u52a1\u4e2d\u865a\u62df\u673a\u955c\u50cf\u7684\u5f53\u524d\u72b6\u6001\uff0c\u4e0d\u8981\u4e0e\u6b63\u5728\u8fd0\u884c\u7684\u5b9e\u4f8b\u7684\u72b6\u6001\u6df7\u6dc6\u3002 \u6620\u50cf\u5b58\u50a8 \u6620\u50cf\u670d\u52a1\u7528\u4e8e\u5b58\u50a8\u865a\u62df\u673a\u6620\u50cf\u7684\u540e\u7aef\u5b58\u50a8\uff0c\u9009\u9879\u5305\u62ec\u5bf9\u8c61\u5b58\u50a8\u3001\u672c\u5730\u6302\u8f7d\u7684\u6587\u4ef6\u7cfb\u7edf\u3001RADOS \u5757\u8bbe\u5907\u3001VMware \u6570\u636e\u5b58\u50a8\u6216 HTTP\u3002 \u6620\u50cf UUID \u6620\u50cf\u670d\u52a1\u7528\u4e8e\u552f\u4e00\u6807\u8bc6\u6bcf\u4e2a VM \u6620\u50cf\u7684 UUID\u3002 \u5b75\u5316\u9879\u76ee \u793e\u533a\u9879\u76ee\u53ef\u4ee5\u63d0\u5347\u5230\u6b64\u72b6\u6001\uff0c\u7136\u540e\u63d0\u5347\u4e3a\u6838\u5fc3\u9879\u76ee \u57fa\u7840\u8bbe\u65bd\u4f18\u5316\u670d\u52a1\uff08\u89c2\u5bdf\u8005\uff09 OpenStack\u9879\u76ee\uff0c\u65e8\u5728\u4e3a\u57fa\u4e8eOpenStack\u7684\u591a\u9879\u76ee\u4e91\u63d0\u4f9b\u7075\u6d3b\u4e14\u53ef\u6269\u5c55\u7684\u8d44\u6e90\u4f18\u5316\u670d\u52a1\u3002 \u57fa\u7840\u67b6\u6784\u5373\u670d\u52a1 \uff08IaaS\uff09 IaaS \u662f\u4e00\u79cd\u914d\u7f6e\u6a21\u578b\uff0c\u5728\u8fd9\u79cd\u6a21\u578b\u4e2d\uff0c\u7ec4\u7ec7\u5916\u5305\u6570\u636e\u4e2d\u5fc3\u7684\u7269\u7406\u7ec4\u4ef6\uff0c\u4f8b\u5982\u5b58\u50a8\u3001\u786c\u4ef6\u3001\u670d\u52a1\u5668\u548c\u7f51\u7edc\u7ec4\u4ef6\u3002\u670d\u52a1\u63d0\u4f9b\u5546\u62e5\u6709\u8bbe\u5907\uff0c\u5e76\u8d1f\u8d23\u8bbe\u5907\u7684\u5b89\u88c5\u3001\u64cd\u4f5c\u548c\u7ef4\u62a4\u3002\u5ba2\u6237\u901a\u5e38\u6309\u4f7f\u7528\u91cf\u4ed8\u8d39\u3002IaaS \u662f\u4e00\u79cd\u63d0\u4f9b\u4e91\u670d\u52a1\u7684\u6a21\u578b\u3002 Ingress \u8fc7\u6ee4 \u7b5b\u9009\u4f20\u5165\u7f51\u7edc\u6d41\u91cf\u7684\u8fc7\u7a0b\u3002\u7531\u8ba1\u7b97\u652f\u6301\u3002 INI \u683c\u5f0f OpenStack \u914d\u7f6e\u6587\u4ef6\u4f7f\u7528 INI \u683c\u5f0f\u6765\u63cf\u8ff0\u9009\u9879\u53ca\u5176\u503c\u3002\u5b83\u7531\u90e8\u5206\u548c\u952e\u503c\u5bf9\u7ec4\u6210\u3002 \u6ce8\u5165 \u5728\u542f\u52a8\u5b9e\u4f8b\u4e4b\u524d\u5c06\u6587\u4ef6\u653e\u5165\u865a\u62df\u673a\u6620\u50cf\u7684\u8fc7\u7a0b\u3002 \u6bcf\u79d2\u8f93\u5165/\u8f93\u51fa\u64cd\u4f5c\u6570 \uff08IOPS\uff09 IOPS \u662f\u4e00\u79cd\u5e38\u89c1\u7684\u6027\u80fd\u5ea6\u91cf\uff0c\u7528\u4e8e\u5bf9\u8ba1\u7b97\u673a\u5b58\u50a8\u8bbe\u5907\uff08\u5982\u786c\u76d8\u9a71\u52a8\u5668\u3001\u56fa\u6001\u9a71\u52a8\u5668\u548c\u5b58\u50a8\u533a\u57df\u7f51\u7edc\uff09\u8fdb\u884c\u57fa\u51c6\u6d4b\u8bd5\u3002 \u5b9e\u4f8b \u6b63\u5728\u8fd0\u884c\u7684 VM \u6216\u5904\u4e8e\u5df2\u77e5\u72b6\u6001\uff08\u5982\u6302\u8d77\uff09\u7684 VM\uff0c\u53ef\u4ee5\u50cf\u786c\u4ef6\u670d\u52a1\u5668\u4e00\u6837\u4f7f\u7528\u3002 \u5b9e\u4f8bID \u4f8b\u5982UUID\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u5b9e\u4f8b\u72b6\u6001 \u6765\u5bbe\u865a\u62df\u673a\u6620\u50cf\u7684\u5f53\u524d\u72b6\u6001\u3002 \u5b9e\u4f8b\u96a7\u9053\u7f51\u7edc \u7528\u4e8e\u8ba1\u7b97\u8282\u70b9\u548c\u7f51\u7edc\u8282\u70b9\u4e4b\u95f4\u7684\u5b9e\u4f8b\u6d41\u91cf\u96a7\u9053\u7684\u7f51\u6bb5\u3002 \u5b9e\u4f8b\u7c7b\u578b \u63cf\u8ff0\u53ef\u4f9b\u7528\u6237\u4f7f\u7528\u7684\u5404\u79cd\u865a\u62df\u673a\u6620\u50cf\u7684\u53c2\u6570;\u5305\u62ec CPU\u3001\u5b58\u50a8\u548c\u5185\u5b58\u7b49\u53c2\u6570\u3002\u98ce\u5473\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u5b9e\u4f8b\u7c7b\u578b ID \u7279\u5b9a\u5b9e\u4f8b ID \u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u5b9e\u4f8b UUID \u5206\u914d\u7ed9\u6bcf\u4e2a\u6765\u5bbe VM \u5b9e\u4f8b\u7684\u552f\u4e00 ID\u3002 \u667a\u80fd\u5e73\u53f0\u7ba1\u7406\u63a5\u53e3\uff08IPMI\uff09 IPMI \u662f\u7cfb\u7edf\u7ba1\u7406\u5458\u7528\u4e8e\u8ba1\u7b97\u673a\u7cfb\u7edf\u5e26\u5916\u7ba1\u7406\u548c\u76d1\u63a7\u5176\u64cd\u4f5c\u7684\u6807\u51c6\u5316\u8ba1\u7b97\u673a\u7cfb\u7edf\u63a5\u53e3\u3002\u901a\u4fd7\u5730\u8bf4\uff0c\u5b83\u662f\u4e00\u79cd\u4f7f\u7528\u76f4\u63a5\u7f51\u7edc\u8fde\u63a5\u7ba1\u7406\u8ba1\u7b97\u673a\u7684\u65b9\u6cd5\uff0c\u65e0\u8bba\u5b83\u662f\u5426\u6253\u5f00;\u8fde\u63a5\u5230\u786c\u4ef6\uff0c\u800c\u4e0d\u662f\u64cd\u4f5c\u7cfb\u7edf\u6216\u767b\u5f55 shell\u3002 \u63a5\u53e3 \u63d0\u4f9b\u4e0e\u5176\u4ed6\u8bbe\u5907\u6216\u4ecb\u8d28\u7684\u8fde\u63a5\u7684\u7269\u7406\u6216\u865a\u62df\u8bbe\u5907\u3002 \u63a5\u53e3 ID UUID \u5f62\u5f0f\u7684\u7f51\u7edc VIF \u6216 vNIC \u7684\u552f\u4e00 ID\u3002 \u4e92\u8054\u7f51\u63a7\u5236\u6d88\u606f\u534f\u8bae \uff08ICMP\uff09 \u7f51\u7edc\u8bbe\u5907\u7528\u4e8e\u63a7\u5236\u6d88\u606f\u7684\u7f51\u7edc\u534f\u8bae\u3002\u4f8b\u5982\uff0cping \u4f7f\u7528 ICMP \u6765\u6d4b\u8bd5\u8fde\u63a5\u3002 \u4e92\u8054\u7f51\u534f\u8bae \uff08IP\uff09 Internet \u534f\u8bae\u5957\u4ef6\u4e2d\u7684\u4e3b\u8981\u901a\u4fe1\u534f\u8bae\uff0c\u7528\u4e8e\u8de8\u7f51\u7edc\u8fb9\u754c\u4e2d\u7ee7\u6570\u636e\u62a5\u3002 \u4e92\u8054\u7f51\u670d\u52a1\u63d0\u4f9b\u5546 \uff08ISP\uff09 \u4efb\u4f55\u5411\u4e2a\u4eba\u6216\u4f01\u4e1a\u63d0\u4f9b\u4e92\u8054\u7f51\u8bbf\u95ee\u7684\u4f01\u4e1a\u3002 \u4e92\u8054\u7f51\u5c0f\u578b\u8ba1\u7b97\u673a\u7cfb\u7edf\u63a5\u53e3\uff08iSCSI\uff09 \u5c01\u88c5 SCSI \u5e27\u4ee5\u901a\u8fc7 IP \u7f51\u7edc\u4f20\u8f93\u7684\u5b58\u50a8\u534f\u8bae\u3002\u53d7\u8ba1\u7b97\u3001\u5bf9\u8c61\u5b58\u50a8\u548c\u955c\u50cf\u670d\u52a1\u652f\u6301\u3002 IO \u8f93\u5165\u548c\u8f93\u51fa\u7684\u7f29\u5199\u3002 IP \u5730\u5740 Internet \u4e0a\u6bcf\u4e2a\u8ba1\u7b97\u673a\u7cfb\u7edf\u552f\u4e00\u7684\u7f16\u53f7\u3002\u5730\u5740\u4f7f\u7528\u4e86\u4e24\u4e2a\u7248\u672c\u7684 Internet \u534f\u8bae \uff08IP\uff09\uff1aIPv4 \u548c IPv6\u3002 IP \u5730\u5740\u7ba1\u7406 \uff08IPAM\uff09 \u81ea\u52a8\u6267\u884c IP \u5730\u5740\u5206\u914d\u3001\u89e3\u9664\u5206\u914d\u548c\u7ba1\u7406\u7684\u8fc7\u7a0b\u3002\u76ee\u524d\u7531 Compute\u3001melange \u548c Networking \u63d0\u4f9b\u3002 ip6tables \u7528\u4e8e\u5728 Linux \u5185\u6838\u4e2d\u8bbe\u7f6e\u3001\u7ef4\u62a4\u548c\u68c0\u67e5 IPv6 \u6570\u636e\u5305\u8fc7\u6ee4\u89c4\u5219\u8868\u7684\u5de5\u5177\u3002\u5728 OpenStack \u8ba1\u7b97\u4e2d\uff0cip6tables \u4e0e arptables\u3001ebtables \u548c iptables \u4e00\u8d77\u4f7f\u7528\uff0c\u4e3a\u8282\u70b9\u548c\u865a\u62df\u673a\u521b\u5efa\u9632\u706b\u5899\u3002 ipset \u5bf9 iptables \u7684\u6269\u5c55\uff0c\u5141\u8bb8\u521b\u5efa\u540c\u65f6\u5339\u914d\u6574\u4e2a IP \u5730\u5740\u201c\u96c6\u201d\u7684\u9632\u706b\u5899\u89c4\u5219\u3002\u8fd9\u4e9b\u96c6\u9a7b\u7559\u5728\u7d22\u5f15\u6570\u636e\u7ed3\u6784\u4e2d\u4ee5\u63d0\u9ad8\u6548\u7387\uff0c\u5c24\u5176\u662f\u5728\u5177\u6709\u5927\u91cf\u89c4\u5219\u7684\u7cfb\u7edf\u4e0a\u3002 iptables iptables \u4e0e arptables \u548c ebtables \u4e00\u8d77\u4f7f\u7528\uff0c\u53ef\u5728 Compute \u4e2d\u521b\u5efa\u9632\u706b\u5899\u3002iptables \u662f Linux \u5185\u6838\u9632\u706b\u5899\uff08\u4f5c\u4e3a\u4e0d\u540c\u7684 Netfilter \u6a21\u5757\u5b9e\u73b0\uff09\u63d0\u4f9b\u7684\u8868\u53ca\u5176\u5b58\u50a8\u7684\u94fe\u548c\u89c4\u5219\u3002\u76ee\u524d\u4e0d\u540c\u7684\u5185\u6838\u6a21\u5757\u548c\u7a0b\u5e8f\u7528\u4e8e\u4e0d\u540c\u7684\u534f\u8bae\uff1aiptables \u9002\u7528\u4e8e IPv4\uff0cip6tables \u9002\u7528\u4e8e IPv6\uff0carptables \u9002\u7528\u4e8e ARP\uff0cebtables \u7528\u4e8e\u4ee5\u592a\u7f51\u5e27\u3002\u9700\u8981 root \u6743\u9650\u624d\u80fd\u64cd\u4f5c\u3002 ironic \u88f8\u673a\u670d\u52a1\u7684\u4ee3\u53f7\u3002 iSCSI \u9650\u5b9a\u540d\u79f0 \uff08IQN\uff09 IQN \u662f\u6700\u5e38\u7528\u7684 iSCSI \u540d\u79f0\u683c\u5f0f\uff0c\u7528\u4e8e\u552f\u4e00\u6807\u8bc6 iSCSI \u7f51\u7edc\u4e2d\u7684\u8282\u70b9\u3002\u6240\u6709 IQN \u90fd\u9075\u5faa iqn.yyyy-mm.domain\uff1aidentifier \u6a21\u5f0f\uff0c\u5176\u4e2d\u201cyyyy-mm\u201d\u662f\u57df\u540d\u6ce8\u518c\u7684\u5e74\u4efd\u548c\u6708\u4efd\uff0c\u201cdomain\u201d\u662f\u9881\u53d1\u7ec4\u7ec7\u7684\u53cd\u5411\u57df\u540d\uff0c\u201cidentifier\u201d\u662f\u4e00\u4e2a\u53ef\u9009\u5b57\u7b26\u4e32\uff0c\u4f7f\u540c\u4e00\u57df\u540d\u4e0b\u7684\u6bcf\u4e2a IQN \u90fd\u662f\u552f\u4e00\u7684\u3002\u4f8b\u5982\uff0c\u201ciqn.2015-10.org.openstack.408ae959bce1\u201d\u3002 ISO9660 \u955c\u50cf\u670d\u52a1\u652f\u6301\u7684\u865a\u62df\u673a\u955c\u50cf\u78c1\u76d8\u683c\u5f0f\u4e4b\u4e00\u3002 ITSEC \u51fd\u6570 \u8ba1\u7b97 RBAC \u7cfb\u7edf\u4e2d\u7684\u9ed8\u8ba4\u89d2\u8272\uff0c\u53ef\u4ee5\u9694\u79bb\u4efb\u4f55\u9879\u76ee\u4e2d\u7684\u5b9e\u4f8b\u3002 J \u00b6 Java \u4e00\u79cd\u7f16\u7a0b\u8bed\u8a00\uff0c\u7528\u4e8e\u521b\u5efa\u901a\u8fc7\u7f51\u7edc\u6d89\u53ca\u591a\u53f0\u8ba1\u7b97\u673a\u7684\u7cfb\u7edf\u3002 JavaScript \u4e00\u79cd\u7528\u4e8e\u751f\u6210\u7f51\u9875\u7684\u811a\u672c\u8bed\u8a00\u3002 JavaScript \u5bf9\u8c61\u8868\u793a\u6cd5 \uff08JSON\uff09 OpenStack \u4e2d\u652f\u6301\u7684\u54cd\u5e94\u683c\u5f0f\u4e4b\u4e00\u3002 \u6846\u67b6\u7684\u5f62\u72b6 \u73b0\u4ee3\u4ee5\u592a\u7f51\u7f51\u7edc\u4e2d\u7684\u529f\u80fd\uff0c\u652f\u6301\u9ad8\u8fbe\u7ea6 9000 \u5b57\u8282\u7684\u5e27\u3002 Juno OpenStack \u7b2c\u5341\u7248\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u7f8e\u56fd\u4f50\u6cbb\u4e9a\u5dde\u4e9a\u7279\u5170\u5927\u4e3e\u884c\uff0cJuno\u662f\u4f50\u6cbb\u4e9a\u5dde\u7684\u4e00\u4e2a\u975e\u6cd5\u4eba\u793e\u533a\u3002 K \u00b6 Kerberos \u4e00\u79cd\u57fa\u4e8e\u7968\u8bc1\u7684\u7f51\u7edc\u8eab\u4efd\u9a8c\u8bc1\u534f\u8bae\u3002Kerberos \u5141\u8bb8\u8282\u70b9\u901a\u8fc7\u975e\u5b89\u5168\u7f51\u7edc\u8fdb\u884c\u901a\u4fe1\uff0c\u5e76\u5141\u8bb8\u8282\u70b9\u4ee5\u5b89\u5168\u7684\u65b9\u5f0f\u76f8\u4e92\u8bc1\u660e\u5176\u8eab\u4efd\u3002 \u57fa\u4e8e\u5185\u6838\u7684\u865a\u62df\u673a \uff08KVM\uff09 \u652f\u6301 OpenStack \u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002KVM \u662f\u9002\u7528\u4e8e Linux on x86 \u786c\u4ef6\u7684\u5b8c\u6574\u865a\u62df\u5316\u89e3\u51b3\u65b9\u6848\uff0c\u5305\u542b\u865a\u62df\u5316\u6269\u5c55\uff08Intel VT \u6216 AMD-V\uff09\u3001ARM\u3001IBM Power \u548c IBM zSeries\u3002\u5b83\u7531\u4e00\u4e2a\u53ef\u52a0\u8f7d\u7684\u5185\u6838\u6a21\u5757\u7ec4\u6210\uff0c\u8be5\u6a21\u5757\u63d0\u4f9b\u6838\u5fc3\u865a\u62df\u5316\u57fa\u7840\u67b6\u6784\u548c\u7279\u5b9a\u4e8e\u5904\u7406\u5668\u7684\u6a21\u5757\u3002 \u5bc6\u94a5\u7ba1\u7406\u5668\u670d\u52a1\uff08barbican\uff09 \u8be5\u9879\u76ee\u4ea7\u751f\u4e00\u4e2a\u79d8\u5bc6\u5b58\u50a8\u548c\u751f\u6210\u7cfb\u7edf\uff0c\u80fd\u591f\u4e3a\u5e0c\u671b\u542f\u7528\u52a0\u5bc6\u529f\u80fd\u7684\u670d\u52a1\u63d0\u4f9b\u5bc6\u94a5\u7ba1\u7406\u3002 keystone Identity \u670d\u52a1\u7684\u4ee3\u53f7\u3002 \u5feb\u901f\u542f\u52a8 \u7528\u4e8e\u5728\u57fa\u4e8e Red Hat\u3001Fedora \u548c CentOS \u7684 Linux \u53d1\u884c\u7248\u4e0a\u81ea\u52a8\u8fdb\u884c\u7cfb\u7edf\u914d\u7f6e\u548c\u5b89\u88c5\u7684\u5de5\u5177\u3002 Kilo OpenStack \u7b2c 11 \u7248\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u6cd5\u56fd\u5df4\u9ece\u4e3e\u884c\u3002\u7531\u4e8e\u540d\u79f0\u9009\u62e9\u7684\u5ef6\u8fdf\uff0c\u8be5\u7248\u672c\u4ec5\u88ab\u79f0\u4e3a K\u3002\u7531\u4e8e k kilo \u662f\u5355\u4f4d\u7b26\u53f7\uff0c\u800c kilogram \u53c2\u8003\u5de5\u4ef6\u5b58\u653e\u5728\u5df4\u9ece\u9644\u8fd1\u7684\u585e\u592b\u5c14 Pavillon de Breteuil \u4e2d\uff0c\u56e0\u6b64\u793e\u533a\u9009\u62e9\u4e86 Kilo \u4f5c\u4e3a\u7248\u672c\u540d\u79f0\u3002 L \u5927\u5bf9\u8c61 Object Storage \u4e2d\u5927\u4e8e 5 GB \u7684\u5bf9\u8c61\u3002 \u542f\u52a8\u677f OpenStack \u7684\u534f\u4f5c\u7ad9\u70b9\u3002 \u4e8c\u5c42\uff08L2\uff09\u4ee3\u7406 \u4e3a\u865a\u62df\u7f51\u7edc\u63d0\u4f9b\u7b2c 2 \u5c42\u8fde\u63a5\u7684 OpenStack Networking \u4ee3\u7406\u3002 \u4e8c\u5c42\u7f51\u7edc OSI \u7f51\u7edc\u4f53\u7cfb\u7ed3\u6784\u4e2d\u7528\u4e8e\u6570\u636e\u94fe\u8def\u5c42\u7684\u672f\u8bed\u3002\u6570\u636e\u94fe\u8def\u5c42\u8d1f\u8d23\u5a92\u4f53\u8bbf\u95ee\u63a7\u5236\u3001\u6d41\u91cf\u63a7\u5236\u4ee5\u53ca\u68c0\u6d4b\u548c\u7ea0\u6b63\u7269\u7406\u5c42\u4e2d\u53ef\u80fd\u53d1\u751f\u7684\u9519\u8bef\u3002 \u4e09\u5c42 \uff08L3\uff09 \u4ee3\u7406 OpenStack Networking \u4ee3\u7406\uff0c\u4e3a\u865a\u62df\u7f51\u7edc\u63d0\u4f9b\u7b2c 3 \u5c42\uff08\u8def\u7531\uff09\u670d\u52a1\u3002 \u4e09\u5c42\u7f51\u7edc \u5728 OSI \u7f51\u7edc\u4f53\u7cfb\u7ed3\u6784\u4e2d\u7528\u4e8e\u7f51\u7edc\u5c42\u7684\u672f\u8bed\u3002\u7f51\u7edc\u5c42\u8d1f\u8d23\u6570\u636e\u5305\u8f6c\u53d1\uff0c\u5305\u62ec\u4ece\u4e00\u4e2a\u8282\u70b9\u5230\u53e6\u4e00\u4e2a\u8282\u70b9\u7684\u8def\u7531\u3002 Liberty OpenStack \u7b2c 12 \u7248\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u52a0\u62ff\u5927\u6e29\u54e5\u534e\u4e3e\u884c\uff0cLiberty\u662f\u52a0\u62ff\u5927\u8428\u65af\u5580\u5f7b\u6e29\u7701\u4e00\u4e2a\u6751\u5e84\u7684\u540d\u5b57\u3002 libvirt OpenStack \u7528\u6765\u4e0e\u8bb8\u591a\u53d7\u652f\u6301\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u8fdb\u884c\u4ea4\u4e92\u7684\u865a\u62df\u5316 API \u5e93\u3002 \u8f7b\u91cf\u7ea7\u76ee\u5f55\u8bbf\u95ee\u534f\u8bae \uff08LDAP\uff09 \u7528\u4e8e\u901a\u8fc7 IP \u7f51\u7edc\u8bbf\u95ee\u548c\u7ef4\u62a4\u5206\u5e03\u5f0f\u76ee\u5f55\u4fe1\u606f\u670d\u52a1\u7684\u5e94\u7528\u7a0b\u5e8f\u534f\u8bae\u3002 Linux \u64cd\u4f5c\u7cfb\u7edf \u7c7bUnix\u8ba1\u7b97\u673a\u64cd\u4f5c\u7cfb\u7edf\uff0c\u5728\u81ea\u7531\u548c\u5f00\u6e90\u8f6f\u4ef6\u5f00\u53d1\u548c\u5206\u53d1\u7684\u6a21\u5f0f\u4e0b\u7ec4\u88c5\u3002 Linux\u6865\u63a5 \u4f7f\u591a\u4e2a VM \u80fd\u591f\u5728\u8ba1\u7b97\u4e2d\u5171\u4eab\u5355\u4e2a\u7269\u7406 NIC \u7684\u8f6f\u4ef6\u3002 Linux Bridge neutron \u63d2\u4ef6 \u4f7f Linux \u7f51\u6865\u80fd\u591f\u7406\u89e3\u7f51\u7edc\u7aef\u53e3\u3001\u63a5\u53e3\u8fde\u63a5\u548c\u5176\u4ed6\u62bd\u8c61\u3002 Linux \u5bb9\u5668 \uff08LXC\uff09 \u652f\u6301 OpenStack \u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002 \u5b9e\u65f6\u8fc1\u79fb \u8ba1\u7b97\u4e2d\u80fd\u591f\u5c06\u6b63\u5728\u8fd0\u884c\u7684\u865a\u62df\u673a\u5b9e\u4f8b\u4ece\u4e00\u53f0\u4e3b\u673a\u79fb\u52a8\u5230\u53e6\u4e00\u53f0\u4e3b\u673a\uff0c\u5728\u5207\u6362\u671f\u95f4\u4ec5\u53d1\u751f\u5c11\u91cf\u670d\u52a1\u4e2d\u65ad\u3002 \u8d1f\u8f7d\u5747\u8861\u5668 \u8d1f\u8f7d\u5747\u8861\u5668\u662f\u5c5e\u4e8e\u4e91\u5e10\u6237\u7684\u903b\u8f91\u8bbe\u5907\u3002\u5b83\u7528\u4e8e\u6839\u636e\u5b9a\u4e49\u4e3a\u5176\u914d\u7f6e\u4e00\u90e8\u5206\u7684\u6761\u4ef6\u5728\u591a\u4e2a\u540e\u7aef\u7cfb\u7edf\u6216\u670d\u52a1\u4e4b\u95f4\u5206\u914d\u5de5\u4f5c\u8d1f\u8f7d\u3002 \u8d1f\u8f7d\u5747\u8861 \u5728\u4e24\u4e2a\u6216\u591a\u4e2a\u8282\u70b9\u4e4b\u95f4\u5206\u6563\u5ba2\u6237\u7aef\u8bf7\u6c42\u4ee5\u63d0\u9ad8\u6027\u80fd\u548c\u53ef\u7528\u6027\u7684\u8fc7\u7a0b\u3002 \u8d1f\u8f7d\u5747\u8861\u5668\u5373\u670d\u52a1\uff08LBaaS\uff09 \u4f7f\u7f51\u7edc\u80fd\u591f\u5728\u6307\u5b9a\u5b9e\u4f8b\u4e4b\u95f4\u5747\u5300\u5206\u914d\u4f20\u5165\u8bf7\u6c42\u3002 \u8d1f\u8f7d\u5747\u8861\u670d\u52a1\uff08octavia\uff09 \u8be5\u9879\u76ee\u65e8\u5728\u4ee5\u4e0e\u6280\u672f\u65e0\u5173\u7684\u65b9\u5f0f\u63d0\u4f9b\u5bf9\u8d1f\u8f7d\u5747\u8861\u5668\u670d\u52a1\u7684\u53ef\u6269\u5c55\u3001\u6309\u9700\u3001\u81ea\u52a9\u670d\u52a1\u8bbf\u95ee\u3002 \u903b\u8f91\u5377\u7ba1\u7406\u5668 \uff08LVM\uff09 \u63d0\u4f9b\u4e00\u79cd\u5728\u5927\u5bb9\u91cf\u5b58\u50a8\u8bbe\u5907\u4e0a\u5206\u914d\u7a7a\u95f4\u7684\u65b9\u6cd5\uff0c\u8be5\u65b9\u6cd5\u6bd4\u4f20\u7edf\u7684\u5206\u533a\u65b9\u6848\u66f4\u7075\u6d3b\u3002 M \u00b6 magnum \u5bb9\u5668\u57fa\u7840\u7ed3\u6784\u7ba1\u7406\u670d\u52a1\u7684\u4ee3\u53f7\u3002 \u7ba1\u7406 API \u7ba1\u7406 API \u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u7ba1\u7406\u7f51\u7edc \u7528\u4e8e\u7ba1\u7406\u7684\u7f51\u6bb5\uff0c\u516c\u5171 Internet \u65e0\u6cd5\u8bbf\u95ee\u3002 \u7ba1\u7406\u5668 \u76f8\u5173\u4ee3\u7801\u7684\u903b\u8f91\u5206\u7ec4\uff0c\u4f8b\u5982\u5757\u5b58\u50a8\u5377\u7ba1\u7406\u5668\u6216\u7f51\u7edc\u7ba1\u7406\u5668\u3002 \u6e05\u5355 \u7528\u4e8e\u8ddf\u8e2a\u5bf9\u8c61\u5b58\u50a8\u4e2d\u5927\u578b\u5bf9\u8c61\u7684\u6bb5\u3002 manifest \u5bf9\u8c61 \u4e00\u4e2a\u7279\u6b8a\u7684\u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61\uff0c\u5176\u4e2d\u5305\u542b\u5927\u578b\u5bf9\u8c61\u7684\u6e05\u5355\u3002 manila OpenStack \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u7684\u4ee3\u53f7\u3002 manila\u5206\u4eab \u8d1f\u8d23\u7ba1\u7406\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u8bbe\u5907\uff0c\u7279\u522b\u662f\u540e\u7aef\u8bbe\u5907\u3002 \u6700\u5927\u4f20\u8f93\u5355\u5143 \uff08MTU\uff09 \u7279\u5b9a\u7f51\u7edc\u4ecb\u8d28\u7684\u6700\u5927\u5e27\u6216\u6570\u636e\u5305\u5927\u5c0f\u3002\u4ee5\u592a\u7f51\u901a\u5e38\u4e3a 1500 \u5b57\u8282\u3002 \u673a\u5236\u9a71\u52a8 \u7a0b\u5e8f \u6a21\u5757\u5316\u7b2c 2 \u5c42 \uff08ML2\uff09 neutron \u63d2\u4ef6\u7684\u9a71\u52a8\u7a0b\u5e8f\uff0c\u4e3a\u865a\u62df\u5b9e\u4f8b\u63d0\u4f9b\u7b2c 2 \u5c42\u8fde\u63a5\u3002\u5355\u4e2a OpenStack \u5b89\u88c5\u53ef\u4ee5\u4f7f\u7528\u591a\u4e2a\u673a\u5236\u9a71\u52a8\u7a0b\u5e8f\u3002 melange OpenStack Network Information Service \u7684\u9879\u76ee\u540d\u79f0\u3002\u5c06\u4e0e\u7f51\u7edc\u5408\u5e76\u3002 \u6210\u5458\u5173\u7cfb \u955c\u50cf\u670d\u52a1\u865a\u62df\u673a\u955c\u50cf\u4e0e\u9879\u76ee\u4e4b\u95f4\u7684\u5173\u8054\u3002\u5141\u8bb8\u4e0e\u6307\u5b9a\u9879\u76ee\u5171\u4eab\u56fe\u50cf\u3002 \u6210\u5458\u5217\u8868 \u53ef\u4ee5\u5728\u6620\u50cf\u670d\u52a1\u4e2d\u8bbf\u95ee\u7ed9\u5b9a VM \u6620\u50cf\u7684\u9879\u76ee\u5217\u8868\u3002 \u5185\u5b58\u7f13\u5b58 \u5bf9\u8c61\u5b58\u50a8\u7528\u4e8e\u7f13\u5b58\u7684\u5206\u5e03\u5f0f\u5185\u5b58\u5bf9\u8c61\u7f13\u5b58\u7cfb\u7edf\u3002 \u5185\u5b58\u8fc7\u91cf\u5206\u914d \u80fd\u591f\u6839\u636e\u4e3b\u673a\u7684\u5b9e\u9645\u5185\u5b58\u4f7f\u7528\u60c5\u51b5\u542f\u52a8\u65b0\u7684 VM \u5b9e\u4f8b\uff0c\u800c\u4e0d\u662f\u6839\u636e\u6bcf\u4e2a\u6b63\u5728\u8fd0\u884c\u7684\u5b9e\u4f8b\u8ba4\u4e3a\u5176\u53ef\u7528\u7684 RAM \u91cf\u6765\u505a\u51fa\u51b3\u5b9a\u3002\u4e5f\u79f0\u4e3a RAM \u8fc7\u91cf\u4f7f\u7528\u3002 \u6d88\u606f\u4ee3\u7406 \u7528\u4e8e\u5728\u8ba1\u7b97\u4e2d\u63d0\u4f9b AMQP \u6d88\u606f\u4f20\u9012\u529f\u80fd\u7684\u8f6f\u4ef6\u5305\u3002\u9ed8\u8ba4\u5305\u4e3a RabbitMQ\u3002 \u6d88\u606f\u603b\u7ebf \u6240\u6709 AMQP \u6d88\u606f\u7528\u4e8e\u8ba1\u7b97\u4e2d\u7684\u4e91\u95f4\u901a\u4fe1\u7684\u4e3b\u8981\u865a\u62df\u901a\u4fe1\u7ebf\u8def\u3002 \u6d88\u606f\u961f\u5217 \u5c06\u6765\u81ea\u5ba2\u6237\u7aef\u7684\u8bf7\u6c42\u4f20\u9012\u7ed9\u76f8\u5e94\u7684\u5de5\u4f5c\u7ebf\u7a0b\uff0c\u5e76\u5728\u4f5c\u4e1a\u5b8c\u6210\u540e\u5c06\u8f93\u51fa\u8fd4\u56de\u7ed9\u5ba2\u6237\u7aef\u3002 \u6d88\u606f\u670d\u52a1 \uff08zaqar\uff09 \u8be5\u9879\u76ee\u63d0\u4f9b\u6d88\u606f\u4f20\u9012\u670d\u52a1\uff0c\u8be5\u670d\u52a1\u4ee5\u9ad8\u6548\u3001\u53ef\u6269\u5c55\u548c\u9ad8\u5ea6\u53ef\u7528\u7684\u65b9\u5f0f\u63d0\u4f9b\u5404\u79cd\u5206\u5e03\u5f0f\u5e94\u7528\u7a0b\u5e8f\u6a21\u5f0f\uff0c\u5e76\u521b\u5efa\u548c\u7ef4\u62a4\u5173\u8054\u7684 Python \u5e93\u548c\u6587\u6863\u3002 \u5143\u6570\u636e\u670d\u52a1\u5668 \uff08MDS\uff09 \u5b58\u50a8 CephFS \u5143\u6570\u636e\u3002 \u5143\u6570\u636e\u4ee3\u7406 \u4e3a\u5b9e\u4f8b\u63d0\u4f9b\u5143\u6570\u636e\u670d\u52a1\u7684 OpenStack Networking \u4ee3\u7406\u3002 \u8fc1\u79fb \u5c06 VM \u5b9e\u4f8b\u4ece\u4e00\u53f0\u4e3b\u673a\u79fb\u52a8\u5230\u53e6\u4e00\u53f0\u4e3b\u673a\u7684\u8fc7\u7a0b\u3002 mistral \u5de5\u4f5c\u6d41\u670d\u52a1\u7684\u4ee3\u53f7\u3002 Mitaka OpenStack \u7b2c 13 \u7248\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u65e5\u672c\u4e1c\u4eac\u4e3e\u884c\u3002Mitaka\u662f\u4e1c\u4eac\u7684\u4e00\u5ea7\u57ce\u5e02\u3002 \u6a21\u5757\u5316\u7b2c 2 \u5c42 \uff08ML2\uff09neutron\u63d2\u4ef6 \u53ef\u4ee5\u5728\u7f51\u7edc\u4e2d\u540c\u65f6\u4f7f\u7528\u591a\u79cd\u4e8c\u5c42\u7f51\u7edc\u6280\u672f\uff0c\u5982802.1Q\u548cVXLAN\u3002 monasca OpenStack \u76d1\u63a7\u7684\u4ee3\u53f7\u3002 \u76d1\u63a7 \uff08LBaaS\uff09 LBaaS \u529f\u80fd\uff0c\u4f7f\u7528 ping \u547d\u4ee4\u3001TCP \u548c HTTP/HTTPS GET \u63d0\u4f9b\u53ef\u7528\u6027\u76d1\u63a7\u3002 \u76d1\u89c6\u5668 \uff08Mon\uff09 \u4e00\u4e2a Ceph \u7ec4\u4ef6\uff0c\u7528\u4e8e\u4e0e\u5916\u90e8\u5ba2\u6237\u7aef\u901a\u4fe1\u3001\u68c0\u67e5\u6570\u636e\u72b6\u6001\u548c\u4e00\u81f4\u6027\u4ee5\u53ca\u6267\u884c\u4ef2\u88c1\u529f\u80fd\u3002 \u76d1\u63a7 \uff08monasca\uff09 OpenStack \u670d\u52a1\uff0c\u4e3a\u6307\u6807\u3001\u590d\u6742\u4e8b\u4ef6\u5904\u7406\u548c\u65e5\u5fd7\u8bb0\u5f55\u63d0\u4f9b\u591a\u9879\u76ee\u3001\u9ad8\u5ea6\u53ef\u6269\u5c55\u3001\u9ad8\u6027\u80fd\u3001\u5bb9\u9519\u7684\u76d1\u63a7\u5373\u670d\u52a1\u89e3\u51b3\u65b9\u6848\u3002\u4e3a\u9ad8\u7ea7\u76d1\u63a7\u670d\u52a1\u6784\u5efa\u4e00\u4e2a\u53ef\u6269\u5c55\u7684\u5e73\u53f0\uff0c\u8fd0\u8425\u5546\u548c\u9879\u76ee\u90fd\u53ef\u4ee5\u4f7f\u7528\u8be5\u5e73\u53f0\u6765\u83b7\u5f97\u8fd0\u8425\u6d1e\u5bdf\u529b\u548c\u53ef\u89c1\u6027\uff0c\u786e\u4fdd\u53ef\u7528\u6027\u548c\u7a33\u5b9a\u6027\u3002 \u591a\u4e91\u8ba1\u7b97 \u5728\u5355\u4e2a\u7f51\u7edc\u67b6\u6784\u4e2d\u4f7f\u7528\u591a\u79cd\u4e91\u8ba1\u7b97\u548c\u5b58\u50a8\u670d\u52a1\u3002 \u591a\u4e91 SDK \u63d0\u4f9b\u591a\u4e91\u62bd\u8c61\u5c42\u5e76\u5305\u542b\u5bf9 OpenStack \u7684\u652f\u6301\u7684 SDK\u3002\u8fd9\u4e9b SDK \u975e\u5e38\u9002\u5408\u7f16\u5199\u9700\u8981\u4f7f\u7528\u591a\u79cd\u7c7b\u578b\u7684\u4e91\u63d0\u4f9b\u5546\u7684\u5e94\u7528\u7a0b\u5e8f\uff0c\u4f46\u53ef\u80fd\u4f1a\u516c\u5f00\u4e00\u7ec4\u66f4\u6709\u9650\u7684\u529f\u80fd\u3002 \u591a\u56e0\u7d20\u8eab\u4efd\u9a8c\u8bc1 \u4f7f\u7528\u4e24\u4e2a\u6216\u591a\u4e2a\u51ed\u636e\uff08\u5982\u5bc6\u7801\u548c\u79c1\u94a5\uff09\u7684\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u3002\u76ee\u524d\u5728 Identity \u4e2d\u4e0d\u53d7\u652f\u6301\u3002 \u591a\u4e3b\u673a \u4f20\u7edf \uff08nova\uff09 \u7f51\u7edc\u7684\u9ad8\u53ef\u7528\u6027\u6a21\u5f0f\u3002\u6bcf\u4e2a\u8ba1\u7b97\u8282\u70b9\u5904\u7406 NAT \u548c DHCP\uff0c\u5e76\u5145\u5f53\u5176\u4e0a\u6240\u6709 VM \u7684\u7f51\u5173\u3002\u4e00\u4e2a\u8ba1\u7b97\u8282\u70b9\u4e0a\u7684\u7f51\u7edc\u6545\u969c\u4e0d\u4f1a\u5f71\u54cd\u5176\u4ed6\u8ba1\u7b97\u8282\u70b9\u4e0a\u7684 VM\u3002 multinic \u51fd\u6570 \u8ba1\u7b97\u4e2d\u7684\u5de5\u5177\uff0c\u5141\u8bb8\u6bcf\u4e2a\u865a\u62df\u673a\u5b9e\u4f8b\u8fde\u63a5\u591a\u4e2a VIF\u3002 murano \u5e94\u7528\u7a0b\u5e8f\u76ee\u5f55\u670d\u52a1\u7684\u4ee3\u53f7\u3002 N \u00b6 Nebula NASA \u4e8e 2010 \u5e74\u4ee5\u5f00\u6e90\u5f62\u5f0f\u53d1\u5e03\uff0c\u662f Compute \u7684\u57fa\u7840\u3002 \u7f51\u7edc\u7ba1\u7406\u5458 \u8ba1\u7b97 RBAC \u7cfb\u7edf\u4e2d\u7684\u9ed8\u8ba4\u89d2\u8272\u4e4b\u4e00\u3002\u5141\u8bb8\u7528\u6237\u4e3a\u5b9e\u4f8b\u5206\u914d\u53ef\u516c\u5f00\u8bbf\u95ee\u7684 IP \u5730\u5740\u5e76\u66f4\u6539\u9632\u706b\u5899\u89c4\u5219\u3002 NetApp \u5377\u9a71\u52a8\u7a0b\u5e8f \u4f7f\u8ba1\u7b97\u80fd\u591f\u901a\u8fc7 NetApp OnCommand \u914d\u7f6e\u7ba1\u7406\u5668\u4e0e NetApp \u5b58\u50a8\u8bbe\u5907\u8fdb\u884c\u901a\u4fe1\u3002 \u7f51\u7edc \u5728\u5b9e\u4f53\u4e4b\u95f4\u63d0\u4f9b\u8fde\u63a5\u7684\u865a\u62df\u7f51\u7edc\u3002\u4f8b\u5982\uff0c\u5171\u4eab\u7f51\u7edc\u8fde\u63a5\u7684\u865a\u62df\u7aef\u53e3\u7684\u96c6\u5408\u3002\u5728\u7f51\u7edc\u672f\u8bed\u4e2d\uff0c\u7f51\u7edc\u59cb\u7ec8\u662f\u7b2c 2 \u5c42\u7f51\u7edc\u3002 \u7f51\u7edc\u5730\u5740\u8f6c\u6362 \uff08NAT\uff09 \u5728\u4f20\u8f93\u8fc7\u7a0b\u4e2d\u4fee\u6539 IP \u5730\u5740\u4fe1\u606f\u7684\u8fc7\u7a0b\u3002\u7531\u8ba1\u7b97\u548c\u7f51\u7edc\u652f\u6301\u3002 \u7f51\u7edc\u63a7\u5236\u5668 \u4e00\u4e2a\u8ba1\u7b97\u5b88\u62a4\u7a0b\u5e8f\uff0c\u7528\u4e8e\u534f\u8c03\u8282\u70b9\u7684\u7f51\u7edc\u914d\u7f6e\uff0c\u5305\u62ec IP \u5730\u5740\u3001VLAN \u548c\u6865\u63a5\u3002\u8fd8\u7ba1\u7406\u516c\u5171\u7f51\u7edc\u548c\u4e13\u7528\u7f51\u7edc\u7684\u8def\u7531\u3002 \u7f51\u7edc\u6587\u4ef6\u7cfb\u7edf \uff08NFS\uff09 \u4e00\u79cd\u4f7f\u6587\u4ef6\u7cfb\u7edf\u5728\u7f51\u7edc\u4e0a\u53ef\u7528\u7684\u65b9\u6cd5\u3002\u7531 OpenStack \u652f\u6301\u3002 \u7f51\u7edc ID \u5206\u914d\u7ed9\u7f51\u7edc\u4e2d\u6bcf\u4e2a\u7f51\u6bb5\u7684\u552f\u4e00 ID\u3002\u4e0e\u7f51\u7edc UUID \u76f8\u540c\u3002 \u7f51\u7edc\u7ba1\u7406\u5668 \u7528\u4e8e\u7ba1\u7406\u5404\u79cd\u7f51\u7edc\u7ec4\u4ef6\uff08\u5982\u9632\u706b\u5899\u89c4\u5219\u3001IP \u5730\u5740\u5206\u914d\u7b49\uff09\u7684\u8ba1\u7b97\u7ec4\u4ef6\u3002 \u7f51\u7edc\u547d\u540d\u7a7a\u95f4 Linux \u5185\u6838\u529f\u80fd\uff0c\u5728\u5355\u4e2a\u4e3b\u673a\u4e0a\u63d0\u4f9b\u72ec\u7acb\u7684\u865a\u62df\u7f51\u7edc\u5b9e\u4f8b\uff0c\u5177\u6709\u5355\u72ec\u7684\u8def\u7531\u8868\u548c\u63a5\u53e3\u3002\u7c7b\u4f3c\u4e8e\u7269\u7406\u7f51\u7edc\u8bbe\u5907\u4e0a\u7684\u865a\u62df\u8def\u7531\u548c\u8f6c\u53d1 \uff08VRF\uff09 \u670d\u52a1\u3002 \u7f51\u7edc\u8282\u70b9 \u8fd0\u884c Network Worker \u5b88\u62a4\u7a0b\u5e8f\u7684\u4efb\u4f55\u8ba1\u7b97\u8282\u70b9\u3002 \u7f51\u7edc\u6bb5 \u8868\u793a\u7f51\u7edc\u4e2d\u865a\u62df\u7684\u9694\u79bb OSI \u7b2c 2 \u5c42\u5b50\u7f51\u3002 \u7f51\u7edc\u670d\u52a1\u6807\u5934 \uff08NSH\uff09 \u63d0\u4f9b\u6cbf\u5b9e\u4f8b\u5316\u670d\u52a1\u8def\u5f84\u8fdb\u884c\u5143\u6570\u636e\u4ea4\u6362\u7684\u673a\u5236\u3002 \u7f51\u7edc\u65f6\u95f4\u534f\u8bae \uff08NTP\uff09 \u901a\u8fc7\u4e0e\u53ef\u4fe1\u3001\u51c6\u786e\u7684\u65f6\u95f4\u6e90\u901a\u4fe1\u6765\u4fdd\u6301\u4e3b\u673a\u6216\u8282\u70b9\u65f6\u949f\u6b63\u786e\u7684\u65b9\u6cd5\u3002 \u7f51\u7edc UUID \u7f51\u7edc\u7f51\u6bb5\u7684\u552f\u4e00 ID\u3002 \u7f51\u7edc\u5de5\u4f5c\u8fdb\u7a0b nova-network worker \u5b88\u62a4\u8fdb\u7a0b;\u63d0\u4f9b\u8bf8\u5982\u4e3a\u542f\u52a8\u7684 nova \u5b9e\u4f8b\u63d0\u4f9b IP \u5730\u5740\u7b49\u670d\u52a1\u3002 \u7f51\u7edc API\uff08Neutron API\uff09 \u7528\u4e8e\u8bbf\u95ee OpenStack Networking \u7684 API\u3002\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u4f53\u7cfb\u7ed3\u6784\u4ee5\u542f\u7528\u81ea\u5b9a\u4e49\u63d2\u4ef6\u521b\u5efa\u3002 \u7f51\u7edc\u670d\u52a1\uff08neutron\uff09 OpenStack \u9879\u76ee\uff0c\u5b83\u5b9e\u73b0\u4e86\u670d\u52a1\u548c\u76f8\u5173\u5e93\uff0c\u4ee5\u63d0\u4f9b\u6309\u9700\u3001\u53ef\u6269\u5c55\u4e14\u4e0e\u6280\u672f\u65e0\u5173\u7684\u7f51\u7edc\u62bd\u8c61\u3002 neutron OpenStack Networking \u670d\u52a1\u7684\u4ee3\u53f7\u3002 neutron API \u7f51\u7edc API \u7684\u66ff\u4ee3\u540d\u79f0\u3002 Neutron \u7ba1\u7406\u5668 \u542f\u7528\u8ba1\u7b97\u548c\u7f51\u7edc\u96c6\u6210\uff0c\u4f7f\u7f51\u7edc\u80fd\u591f\u5bf9\u6765\u5bbe VM \u6267\u884c\u7f51\u7edc\u7ba1\u7406\u3002 Neutron \u63d2\u4ef6 \u7f51\u7edc\u4e2d\u7684\u63a5\u53e3\uff0c\u4f7f\u7ec4\u7ec7\u80fd\u591f\u4e3a\u9ad8\u7ea7\u529f\u80fd\uff08\u5982 QoS\u3001ACL \u6216 IDS\uff09\u521b\u5efa\u81ea\u5b9a\u4e49\u63d2\u4ef6\u3002 Newton OpenStack \u7b2c 14 \u7248\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u7f8e\u56fd\u5fb7\u514b\u8428\u65af\u5dde\u5965\u65af\u6c40\u4e3e\u884c\u3002\u8be5\u7248\u672c\u4ee5\u4f4d\u4e8e\u5fb7\u514b\u8428\u65af\u5dde\u5965\u65af\u6c40\u5e02\u7b2c\u4e5d\u8857 1013 \u53f7\u7684\u201cNewton House\u201d\u547d\u540d\u3002\u88ab\u5217\u5165\u56fd\u5bb6\u53f2\u8ff9\u540d\u5f55\u3002 Nexenta \u5377\u9a71\u52a8\u7a0b\u5e8f \u4e3a\u8ba1\u7b97\u4e2d\u7684 NexentaStor \u8bbe\u5907\u63d0\u4f9b\u652f\u6301\u3002 NFV \u7f16\u6392\u670d\u52a1\uff08tacker\uff09 OpenStack \u670d\u52a1\uff0c\u65e8\u5728\u5b9e\u73b0\u7f51\u7edc\u529f\u80fd\u865a\u62df\u5316 \uff08NFV\uff09 \u7f16\u6392\u670d\u52a1\u548c\u5e93\uff0c\u7528\u4e8e\u7f51\u7edc\u670d\u52a1\u548c\u865a\u62df\u7f51\u7edc\u529f\u80fd \uff08VNF\uff09 \u7684\u7aef\u5230\u7aef\u751f\u547d\u5468\u671f\u7ba1\u7406\u3002 Nginx \u51fd\u6570 HTTP \u548c\u53cd\u5411\u4ee3\u7406\u670d\u52a1\u5668\u3001\u90ae\u4ef6\u4ee3\u7406\u670d\u52a1\u5668\u548c\u901a\u7528 TCP/UDP \u4ee3\u7406\u670d\u52a1\u5668\u3002 \u65e0 ACK \u5728 Compute RabbitMQ \u4e2d\u7981\u7528\u670d\u52a1\u5668\u7aef\u6d88\u606f\u786e\u8ba4\u3002\u63d0\u9ad8\u6027\u80fd\u4f46\u964d\u4f4e\u53ef\u9760\u6027\u3002 \u8282\u70b9 \u5728\u4e3b\u673a\u4e0a\u8fd0\u884c\u7684 VM \u5b9e\u4f8b\u3002 \u975e\u6301\u4e45\u4ea4\u6362 \u670d\u52a1\u91cd\u65b0\u542f\u52a8\u65f6\u6e05\u9664\u7684\u6d88\u606f\u4ea4\u6362\u3002\u5176\u6570\u636e\u4e0d\u4f1a\u5199\u5165\u6301\u4e45\u6027\u5b58\u50a8\u3002 \u975e\u6301\u4e45\u961f\u5217 \u670d\u52a1\u91cd\u65b0\u542f\u52a8\u65f6\u6e05\u9664\u7684\u6d88\u606f\u961f\u5217\u3002\u5176\u6570\u636e\u4e0d\u4f1a\u5199\u5165\u6301\u4e45\u6027\u5b58\u50a8\u3002 \u975e\u6301\u4e45\u5316\u5377 \u4e34\u65f6\u5377\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u5357\u5317\u5411\u6d41\u91cf \u7528\u6237\u6216\u5ba2\u6237\u7aef\uff08\u5317\uff09\u4e0e\u670d\u52a1\u5668\uff08\u5357\uff09\u4e4b\u95f4\u7684\u7f51\u7edc\u6d41\u91cf\uff0c\u6216\u8fdb\u5165\u4e91\uff08\u5357\uff09\u548c\u4e91\u5916\uff08\u5317\uff09\u7684\u6d41\u91cf\u3002\u53e6\u8bf7\u53c2\u9605\u4e1c\u897f\u5411\u6d41\u91cf\u3002 nova OpenStack \u8ba1\u7b97\u670d\u52a1\u7684\u4ee3\u53f7\u3002 Nova API \u63a5\u53e3 \u8ba1\u7b97 API \u7684\u66ff\u4ee3\u672f\u8bed\u3002 nova-network \uff08\u65b0\u661f\u7f51\u7edc\uff09 \u4e00\u4e2a\u8ba1\u7b97\u7ec4\u4ef6\uff0c\u7528\u4e8e\u7ba1\u7406 IP \u5730\u5740\u5206\u914d\u3001\u9632\u706b\u5899\u548c\u5176\u4ed6\u4e0e\u7f51\u7edc\u76f8\u5173\u7684\u4efb\u52a1\u3002\u8fd9\u662f\u65e7\u7248\u7f51\u7edc\u9009\u9879\uff0c\u4e5f\u662f\u7f51\u7edc\u7684\u66ff\u4ee3\u65b9\u6cd5\u3002 O \u00b6 \u5bf9\u8c61 \u5bf9\u8c61\u5b58\u50a8\u4fdd\u5b58\u7684\u6570\u636e\u7684 BLOB;\u53ef\u4ee5\u662f\u4efb\u4f55\u683c\u5f0f\u3002 \u5bf9\u8c61\u5ba1\u8ba1\u5668 \u6253\u5f00\u5bf9\u8c61\u670d\u52a1\u5668\u7684\u6240\u6709\u5bf9\u8c61\uff0c\u5e76\u9a8c\u8bc1\u6bcf\u4e2a\u5bf9\u8c61\u7684 MD5 \u54c8\u5e0c\u3001\u5927\u5c0f\u548c\u5143\u6570\u636e\u3002 \u5bf9\u8c61\u8fc7\u671f Object Storage \u4e2d\u7684\u4e00\u4e2a\u53ef\u914d\u7f6e\u9009\u9879\uff0c\u7528\u4e8e\u5728\u7ecf\u8fc7\u6307\u5b9a\u65f6\u95f4\u6216\u8fbe\u5230\u7279\u5b9a\u65e5\u671f\u540e\u81ea\u52a8\u5220\u9664\u5bf9\u8c61\u3002 \u5bf9\u8c61\u54c8\u5e0c \u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61\u7684\u552f\u4e00 ID\u3002 \u5bf9\u8c61\u8def\u5f84\u54c8\u5e0c \u5bf9\u8c61\u5b58\u50a8\u7528\u4e8e\u786e\u5b9a\u5bf9\u8c61\u5728\u73af\u4e2d\u7684\u4f4d\u7f6e\u3002\u5c06\u5bf9\u8c61\u6620\u5c04\u5230\u5206\u533a\u3002 \u5bf9\u8c61\u590d\u5236\u5668 \u4e00\u4e2a\u5bf9\u8c61\u5b58\u50a8\u7ec4\u4ef6\uff0c\u7528\u4e8e\u5c06\u5bf9\u8c61\u590d\u5236\u5230\u8fdc\u7a0b\u5206\u533a\u4ee5\u5b9e\u73b0\u5bb9\u9519\u3002 \u5bf9\u8c61\u670d\u52a1\u5668 \u8d1f\u8d23\u7ba1\u7406\u5bf9\u8c61\u7684\u5bf9\u8c61\u5b58\u50a8\u7ec4\u4ef6\u3002 \u5bf9\u8c61\u5b58\u50a8 API \u7528\u4e8e\u8bbf\u95ee OpenStack \u5bf9\u8c61\u5b58\u50a8\u7684 API\u3002 \u5bf9\u8c61\u5b58\u50a8\u8bbe\u5907 \uff08OSD\uff09 Ceph \u5b58\u50a8\u5b88\u62a4\u8fdb\u7a0b\u3002 \u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff08swift\uff09 OpenStack \u6838\u5fc3\u9879\u76ee\uff0c\u4e3a\u56fa\u5b9a\u6570\u5b57\u5185\u5bb9\u63d0\u4f9b\u6700\u7ec8\u4e00\u81f4\u6027\u548c\u5197\u4f59\u7684\u5b58\u50a8\u548c\u68c0\u7d22\u3002 \u5bf9\u8c61\u7248\u672c\u63a7\u5236 \u5141\u8bb8\u7528\u6237\u5728\u5bf9\u8c61\u5b58\u50a8\u5bb9\u5668\u4e0a\u8bbe\u7f6e\u6807\u5fd7\uff0c\u4ee5\u4fbf\u5bf9\u5bb9\u5668\u5185\u7684\u6240\u6709\u5bf9\u8c61\u8fdb\u884c\u7248\u672c\u63a7\u5236\u3002 Ocata OpenStack \u7b2c 15 \u7248\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u897f\u73ed\u7259\u5df4\u585e\u7f57\u90a3\u4e3e\u884c\u3002Ocata\u662f\u5df4\u585e\u7f57\u90a3\u5317\u90e8\u7684\u4e00\u4e2a\u6d77\u6ee9\u3002 Octavia \u8d1f\u8f7d\u5e73\u8861\u670d\u52a1\u7684\u4ee3\u53f7\u3002 Oldie \u957f\u65f6\u95f4\u8fd0\u884c\u7684\u5bf9\u8c61\u5b58\u50a8\u8fdb\u7a0b\u7684\u672f\u8bed\u3002\u53ef\u4ee5\u6307\u793a\u6302\u8d77\u7684\u8fdb\u7a0b\u3002 \u5f00\u653e\u4e91\u8ba1\u7b97\u63a5\u53e3\uff08OCCI\uff09 \u7528\u4e8e\u7ba1\u7406\u8ba1\u7b97\u3001\u6570\u636e\u548c\u7f51\u7edc\u8d44\u6e90\u7684\u6807\u51c6\u5316\u63a5\u53e3\uff0c\u76ee\u524d\u5728 OpenStack \u4e2d\u4e0d\u53d7\u652f\u6301\u3002 \u5f00\u653e\u865a\u62df\u5316\u683c\u5f0f \uff08OVF\uff09 \u6253\u5305 VM \u6620\u50cf\u7684\u6807\u51c6\u3002\u5728 OpenStack \u4e2d\u53d7\u652f\u6301\u3002 \u6253\u5f00 vSwitch Open vSwitch \u662f\u5728\u5f00\u6e90 Apache 2.0 \u8bb8\u53ef\u8bc1\u4e0b\u83b7\u5f97\u8bb8\u53ef\u7684\u751f\u4ea7\u8d28\u91cf\u7684\u591a\u5c42\u865a\u62df\u4ea4\u6362\u673a\u3002\u5b83\u65e8\u5728\u901a\u8fc7\u7f16\u7a0b\u6269\u5c55\u5b9e\u73b0\u5927\u89c4\u6a21\u7f51\u7edc\u81ea\u52a8\u5316\uff0c\u540c\u65f6\u4ecd\u652f\u6301\u6807\u51c6\u7ba1\u7406\u63a5\u53e3\u548c\u534f\u8bae\uff08\u4f8b\u5982 NetFlow\u3001sFlow\u3001SPAN\u3001RSPAN\u3001CLI\u3001LACP\u3001802.1ag\uff09\u3002 Open vSwitch\uff08OVS\uff09\u4ee3\u7406 \u4e3a\u7f51\u7edc\u63d2\u4ef6\u63d0\u4f9b\u5e95\u5c42 Open vSwitch \u670d\u52a1\u7684\u63a5\u53e3\u3002 \u6253\u5f00 vSwitch neutron \u63d2\u4ef6 \u5728\u7f51\u7edc\u4e2d\u63d0\u4f9b\u5bf9 Open vSwitch \u7684\u652f\u6301\u3002 OpenDev OpenDev \u662f\u4e00\u4e2a\u534f\u4f5c\u5f00\u6e90\u8f6f\u4ef6\u5f00\u53d1\u7684\u7a7a\u95f4\u3002 OpenDev \u7684\u4f7f\u547d\u662f\u4e3a\u5f00\u6e90\u8f6f\u4ef6\u9879\u76ee\u63d0\u4f9b\u9879\u76ee\u6258\u7ba1\u3001\u6301\u7eed\u96c6\u6210\u5de5\u5177\u548c\u865a\u62df\u534f\u4f5c\u7a7a\u95f4\u3002OpenDev \u672c\u8eab\u662f\u81ea\u6258\u7ba1\u5728\u8fd9\u5957\u5de5\u5177\u4e0a\uff0c\u5305\u62ec\u4ee3\u7801\u5ba1\u67e5\u3001\u6301\u7eed\u96c6\u6210\u3001etherpad\u3001wiki\u3001\u4ee3\u7801\u6d4f\u89c8\u7b49\u3002\u8fd9\u610f\u5473\u7740 OpenDev \u672c\u8eab\u5c31\u50cf\u4e00\u4e2a\u5f00\u6e90\u9879\u76ee\u4e00\u6837\u8fd0\u884c\uff0c\u60a8\u53ef\u4ee5\u52a0\u5165\u6211\u4eec\u5e76\u5e2e\u52a9\u8fd0\u884c\u7cfb\u7edf\u3002\u6b64\u5916\uff0c\u8fd0\u884c\u7684\u6240\u6709\u670d\u52a1\u672c\u8eab\u90fd\u662f\u5f00\u6e90\u8f6f\u4ef6\u3002 OpenStack \u9879\u76ee\u662f\u4f7f\u7528 OpenDev \u7684\u6700\u5927\u9879\u76ee\u3002 OpenLDAP \u5f00\u6e90 LDAP \u670d\u52a1\u5668\u3002\u53d7\u8ba1\u7b97\u548c\u6807\u8bc6\u652f\u6301\u3002 OpenStack OpenStack \u662f\u4e00\u4e2a\u4e91\u64cd\u4f5c\u7cfb\u7edf\uff0c\u53ef\u63a7\u5236\u6574\u4e2a\u6570\u636e\u4e2d\u5fc3\u7684\u5927\u578b\u8ba1\u7b97\u3001\u5b58\u50a8\u548c\u7f51\u7edc\u8d44\u6e90\u6c60\uff0c\u6240\u6709\u8fd9\u4e9b\u8d44\u6e90\u90fd\u901a\u8fc7\u4eea\u8868\u677f\u8fdb\u884c\u7ba1\u7406\uff0c\u8be5\u4eea\u8868\u677f\u4f7f\u7ba1\u7406\u5458\u80fd\u591f\u8fdb\u884c\u63a7\u5236\uff0c\u540c\u65f6\u6388\u6743\u7528\u6237\u901a\u8fc7 Web \u754c\u9762\u914d\u7f6e\u8d44\u6e90\u3002OpenStack \u662f\u4e00\u4e2a\u6839\u636e Apache License 2.0 \u8bb8\u53ef\u7684\u5f00\u6e90\u9879\u76ee\u3002 OpenStack \u4ee3\u7801\u540d\u79f0 \u6bcf\u4e2a OpenStack \u7248\u672c\u90fd\u6709\u4e00\u4e2a\u4ee3\u53f7\u3002\u4ee3\u53f7\u6309\u5b57\u6bcd\u987a\u5e8f\u6392\u5217\uff1aAustin, Bexar, Cactus, Diablo, Essex, Folsom, Grizzly, Havana, Icehouse, Juno, Kilo, Liberty, Mitaka, Newton, Ocata, Pike, Queens, Rocky, Stein, Train, Ussuri, Victoria, Wallaby, Xena, Yoga, Zed\u3002 Wallaby \u662f\u65b0\u7b56\u7565\u9009\u62e9\u7684\u7b2c\u4e00\u4e2a\u4ee3\u53f7\uff1a\u4ee3\u53f7\u7531\u793e\u533a\u6309\u7167\u5b57\u6bcd\u987a\u5e8f\u9009\u62e9\uff0c\u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u53d1\u5e03\u540d\u79f0\u6807\u51c6\u3002 \u7ef4\u591a\u5229\u4e9a\u7684\u540d\u5b57\u662f\u59d3\u6c0f\uff0c\u5176\u4e2d\u4ee3\u53f7\u662f\u9760\u8fd1\u76f8\u5e94OpenStack\u8bbe\u8ba1\u5cf0\u4f1a\u4e3e\u529e\u5730\u7684\u57ce\u5e02\u6216\u53bf\u3002\u4e00\u4e2a\u4f8b\u5916\uff0c\u79f0\u4e3a\u6c83\u5c14\u767b\u4f8b\u5916\uff0c\u88ab\u6388\u4e88\u5dde\u65d7\u4e2d\u542c\u8d77\u6765\u7279\u522b\u9177\u7684\u5143\u7d20\u3002\u4ee3\u53f7\u7531\u5927\u4f17\u6295\u7968\u9009\u51fa\u3002 \u4e0e\u6b64\u540c\u65f6\uff0c\u968f\u7740OpenStack\u53d1\u884c\u7248\u7684\u5b57\u6bcd\u8868\u7528\u5b8c\uff0c\u6280\u672f\u59d4\u5458\u4f1a\u6539\u53d8\u4e86\u547d\u540d\u8fc7\u7a0b\uff0c\u5c06\u53d1\u884c\u53f7\u548c\u53d1\u884c\u7248\u540d\u79f0\u4f5c\u4e3a\u8bc6\u522b\u7801\u3002\u7248\u672c\u53f7\u5c06\u662f\u4e3b\u8981\u6807\u8bc6\u7b26\uff1a\u201cyear\u201d\u3002\u5e74\u5185\u53d1\u5e03\u8ba1\u6570\u201c\uff0c\u8be5\u540d\u79f0\u5c06\u4e3b\u8981\u7528\u4e8e\u8425\u9500\u76ee\u7684\u3002\u7b2c\u4e00\u4e2a\u8fd9\u6837\u7684\u7248\u672c\u662f 2023.1 Antelope\u3002\u7d27\u968f\u5176\u540e\u7684\u662f 2023.2 Bobcat\u30012024.1 Caracal\u3002 openSUSE \u4e0e OpenStack \u517c\u5bb9\u7684 Linux \u53d1\u884c\u7248\u3002 \u64cd\u4f5c\u5458 \u8d1f\u8d23\u89c4\u5212\u548c\u7ef4\u62a4 OpenStack \u5b89\u88c5\u7684\u4eba\u5458\u3002 \u53ef\u9009\u670d\u52a1 \u7531 Interop \u5de5\u4f5c\u7ec4\u5b9a\u4e49\u4e3a\u53ef\u9009\u7684\u5b98\u65b9 OpenStack \u670d\u52a1\u3002\u76ee\u524d\uff0c\u7531 Dashboard \uff08horizon\uff09\u3001Telemetry \u670d\u52a1 \uff08Telemetry\uff09\u3001Orchestration \u670d\u52a1 \uff08heat\uff09\u3001Database \u670d\u52a1 \uff08trove\uff09\u3001Bare Metal \u670d\u52a1 \uff08ironic\uff09 \u7b49\u7ec4\u6210\u3002 \u7f16\u6392\u670d\u52a1\uff08heat\uff09 OpenStack \u670d\u52a1\uff0c\u5b83\u901a\u8fc7 OpenStack \u539f\u751f REST API \u4f7f\u7528\u58f0\u660e\u6027\u6a21\u677f\u683c\u5f0f\u7f16\u6392\u590d\u5408\u4e91\u5e94\u7528\u7a0b\u5e8f\u3002 orphan \u5728\u5bf9\u8c61\u5b58\u50a8\u7684\u4e0a\u4e0b\u6587\u4e2d\uff0c\u8fd9\u662f\u4e00\u4e2a\u5728\u5347\u7ea7\u3001\u91cd\u65b0\u542f\u52a8\u6216\u91cd\u65b0\u52a0\u8f7d\u670d\u52a1\u540e\u4e0d\u4f1a\u7ec8\u6b62\u7684\u8fc7\u7a0b\u3002 Oslo Common Libraries \u9879\u76ee\u7684\u4ee3\u53f7\u3002 P \u00b6 panko OpenStack Telemetry \u670d\u52a1\u7684\u4e00\u90e8\u5206;\u63d0\u4f9b\u4e8b\u4ef6\u5b58\u50a8\u3002 \u7236\u5355\u5143\u683c \u5982\u679c\u8bf7\u6c42\u7684\u8d44\u6e90\uff08\u5982 CPU \u65f6\u95f4\u3001\u78c1\u76d8\u5b58\u50a8\u6216\u5185\u5b58\uff09\u5728\u7236\u5355\u5143\u4e2d\u4e0d\u53ef\u7528\uff0c\u5219\u8be5\u8bf7\u6c42\u5c06\u8f6c\u53d1\u5230\u5173\u8054\u7684\u5b50\u5355\u5143\u3002 \u5206\u533a \u5bf9\u8c61\u5b58\u50a8\u4e2d\u7528\u4e8e\u5b58\u50a8\u5bf9\u8c61\u7684\u5b58\u50a8\u5355\u5143\u3002\u5b83\u5b58\u5728\u4e8e\u8bbe\u5907\u4e4b\u4e0a\uff0c\u5e76\u88ab\u590d\u5236\u4ee5\u5b9e\u73b0\u5bb9\u9519\u3002. \u5206\u533a\u7d22\u5f15 \u5305\u542b\u73af\u5185\u6240\u6709\u5bf9\u8c61\u5b58\u50a8\u5206\u533a\u7684\u4f4d\u7f6e\u3002 \u5206\u533a\u504f\u79fb\u503c \u5bf9\u8c61\u5b58\u50a8\u7528\u4e8e\u786e\u5b9a\u6570\u636e\u5e94\u9a7b\u7559\u5728\u54ea\u4e2a\u5206\u533a\u4e0a\u3002 \u8def\u5f84 MTU \u53d1\u73b0 \uff08PMTUD\uff09 IP \u7f51\u7edc\u4e2d\u7528\u4e8e\u68c0\u6d4b\u7aef\u5230\u7aef MTU \u5e76\u76f8\u5e94\u5730\u8c03\u6574\u6570\u636e\u5305\u5927\u5c0f\u7684\u673a\u5236\u3002 \u6682\u505c \u672a\u53d1\u751f\u4efb\u4f55\u66f4\u6539\uff08\u5185\u5b58\u672a\u66f4\u6539\u3001\u7f51\u7edc\u901a\u4fe1\u505c\u6b62\u7b49\uff09\u7684 VM \u72b6\u6001;VM \u5df2\u51bb\u7ed3\uff0c\u4f46\u672a\u5173\u95ed\u3002 PCI\u76f4\u901a \u4e3a\u5ba2\u6237\u673a\u865a\u62df\u673a\u63d0\u4f9b\u5bf9 PCI \u8bbe\u5907\u7684\u72ec\u5360\u8bbf\u95ee\u6743\u9650\u3002\u76ee\u524d\u5728 OpenStack Havana \u53ca\u66f4\u9ad8\u7248\u672c\u4e2d\u53d7\u652f\u6301\u3002 \u6301\u4e45\u6d88\u606f \u5b58\u50a8\u5728\u5185\u5b58\u548c\u78c1\u76d8\u4e0a\u7684\u6d88\u606f\u3002\u5931\u8d25\u6216\u91cd\u65b0\u542f\u52a8\u540e\uff0c\u6d88\u606f\u4e0d\u4f1a\u4e22\u5931\u3002 \u6301\u4e45\u5377 \u5c06\u4fdd\u5b58\u5bf9\u8fd9\u4e9b\u7c7b\u578b\u7684\u78c1\u76d8\u5377\u6240\u505a\u7684\u66f4\u6539\u3002 \u4e2a\u6027\u6587\u4ef6 \u7528\u4e8e\u81ea\u5b9a\u4e49 Compute \u5b9e\u4f8b\u7684\u6587\u4ef6\u3002\u5b83\u53ef\u7528\u4e8e\u6ce8\u5165 SSH \u5bc6\u94a5\u6216\u7279\u5b9a\u7684\u7f51\u7edc\u914d\u7f6e\u3002 Pike OpenStack \u7b2c 16 \u7248\u7684\u4ee3\u53f7\u3002OpenStack\u5cf0\u4f1a\u5728\u7f8e\u56fd\u9a6c\u8428\u8bf8\u585e\u5dde\u6ce2\u58eb\u987f\u4e3e\u884c\u3002\u8be5\u7248\u672c\u4ee5\u9a6c\u8428\u8bf8\u585e\u5dde\u6536\u8d39\u516c\u8def\u547d\u540d\uff0c\u901a\u5e38\u7f29\u5199\u4e3a\u9a6c\u8428\u8bf8\u585e\u5dde\u6536\u8d39\u516c\u8def\uff0c\u8fd9\u662f 90 \u53f7\u5dde\u9645\u516c\u8def\u6700\u4e1c\u7aef\u7684\u8def\u6bb5\u3002 \u5e73\u53f0\u5373\u670d\u52a1\uff08PaaS\uff09 \u4e3a\u4f7f\u7528\u8005\u63d0\u4f9b\u64cd\u4f5c\u7cfb\u7edf\uff0c\u901a\u5e38\u8fd8\u4e3a\u8bed\u8a00\u8fd0\u884c\u65f6\u548c\u5e93\uff08\u7edf\u79f0\u4e3a\u201c\u5e73\u53f0\u201d\uff09\u63d0\u4f9b\uff0c\u6d88\u8d39\u8005\u53ef\u4ee5\u5728\u5176\u4e0a\u8fd0\u884c\u81ea\u5df1\u7684\u5e94\u7528\u7a0b\u5e8f\u4ee3\u7801\uff0c\u800c\u65e0\u9700\u63d0\u4f9b\u5bf9\u5e95\u5c42\u57fa\u7840\u7ed3\u6784\u7684\u4efb\u4f55\u63a7\u5236\u3002\u5e73\u53f0\u5373\u670d\u52a1\u63d0\u4f9b\u5546\u7684\u793a\u4f8b\u5305\u62ec Cloud Foundry \u548c OpenShift\u3002 \u63d2\u4ef6 \u4e3a\u7f51\u7edc API \u6216\u8ba1\u7b97 API \u63d0\u4f9b\u5b9e\u9645\u5b9e\u73b0\u7684\u8f6f\u4ef6\u7ec4\u4ef6\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u4e0a\u4e0b\u6587\u3002 \u7b56\u7565\u670d\u52a1 \u6807\u8bc6\u7ec4\u4ef6\uff0c\u63d0\u4f9b\u89c4\u5219\u7ba1\u7406\u63a5\u53e3\u548c\u57fa\u4e8e\u89c4\u5219\u7684\u6388\u6743\u5f15\u64ce\u3002 \u57fa\u4e8e\u7b56\u7565\u7684\u8def\u7531 \uff08PBR\uff09 \u63d0\u4f9b\u4e00\u79cd\u673a\u5236\uff0c\u7528\u4e8e\u6839\u636e\u7f51\u7edc\u7ba1\u7406\u5458\u5b9a\u4e49\u7684\u7b56\u7565\u5b9e\u73b0\u6570\u636e\u5305\u8f6c\u53d1\u548c\u8def\u7531\u3002 \u6c60 \u4e00\u7ec4\u903b\u8f91\u8bbe\u5907\uff0c\u4f8b\u5982 Web \u670d\u52a1\u5668\uff0c\u60a8\u53ef\u4ee5\u5c06\u5176\u7ec4\u5408\u5728\u4e00\u8d77\u4ee5\u63a5\u6536\u548c\u5904\u7406\u6d41\u91cf\u3002\u8d1f\u8f7d\u5e73\u8861\u529f\u80fd\u9009\u62e9\u6c60\u4e2d\u7684\u54ea\u4e2a\u6210\u5458\u5904\u7406\u5728 VIP \u5730\u5740\u4e0a\u6536\u5230\u7684\u65b0\u8bf7\u6c42\u6216\u8fde\u63a5\u3002\u6bcf\u4e2aVIP\u90fd\u6709\u4e00\u4e2a\u6e38\u6cf3\u6c60\u3002 \u6c60\u6210\u5458 \u5728\u8d1f\u8f7d\u5e73\u8861\u7cfb\u7edf\u4e2d\u7684\u540e\u7aef\u670d\u52a1\u5668\u4e0a\u8fd0\u884c\u7684\u5e94\u7528\u7a0b\u5e8f\u3002 \u7aef\u53e3 \u7f51\u7edc\u4e2d\u7684\u865a\u62df\u7f51\u7edc\u7aef\u53e3;VIF / vNIC \u8fde\u63a5\u5230\u7aef\u53e3\u3002 \u7aef\u53e3 UUID \u7f51\u7edc\u7aef\u53e3\u7684\u552f\u4e00 ID\u3002 \u9884\u7f6e \u5728\u57fa\u4e8e Debian \u7684 Linux \u53d1\u884c\u7248\u4e0a\u81ea\u52a8\u8fdb\u884c\u7cfb\u7edf\u914d\u7f6e\u548c\u5b89\u88c5\u7684\u5de5\u5177\u3002 \u79c1\u6709\u4e91 \u4e00\u4e2a\u4f01\u4e1a\u6216\u7ec4\u7ec7\u72ec\u5360\u4f7f\u7528\u7684\u8ba1\u7b97\u8d44\u6e90\u3002 \u79c1\u6709\u6620\u50cf \u4ec5\u5bf9\u6307\u5b9a\u9879\u76ee\u53ef\u7528\u7684\u6620\u50cf\u670d\u52a1\u865a\u62df\u673a\u6620\u50cf\u3002 \u79c1\u6709 IP \u5730\u5740 \u7528\u4e8e\u7ba1\u7406\u548c\u7ba1\u7406\u7684 IP \u5730\u5740\uff0c\u4e0d\u53ef\u7528\u4e8e\u516c\u5171 Internet\u3002 \u4e13\u7528\u7f51\u7edc \u7f51\u7edc\u63a7\u5236\u5668\u63d0\u4f9b\u865a\u62df\u7f51\u7edc\uff0c\u4f7f\u8ba1\u7b97\u670d\u52a1\u5668\u80fd\u591f\u76f8\u4e92\u4ea4\u4e92\u4ee5\u53ca\u4e0e\u516c\u7528\u7f51\u7edc\u4ea4\u4e92\u3002\u6240\u6709\u8ba1\u7b97\u673a\u90fd\u5fc5\u987b\u5177\u6709\u516c\u5171\u548c\u4e13\u7528\u7f51\u7edc\u63a5\u53e3\u3002\u4e13\u7528\u7f51\u7edc\u63a5\u53e3\u53ef\u4ee5\u662f\u5e73\u9762\u7f51\u7edc\u63a5\u53e3\uff0c\u4e5f\u53ef\u4ee5\u662f VLAN \u7f51\u7edc\u63a5\u53e3\u3002\u6241\u5e73\u5316\u7f51\u7edc\u63a5\u53e3\u7531\u5177\u6709\u6241\u5e73\u5316\u7ba1\u7406\u5668\u7684flat_interface\u63a7\u5236\u3002VLAN \u7f51\u7edc\u63a5\u53e3\u7531\u5e26\u6709 VLAN \u7ba1\u7406\u5668\u7684 vlan_interface \u9009\u4ef6\u63a7\u5236\u3002 \u9879\u76ee \u9879\u76ee\u4ee3\u8868\u4e86OpenStack\u4e2d\u201c\u6240\u6709\u6743\u201d\u7684\u57fa\u672c\u5355\u4f4d\uff0c\u56e0\u4e3aOpenStack\u4e2d\u7684\u6240\u6709\u8d44\u6e90\u90fd\u5e94\u8be5\u7531\u7279\u5b9a\u9879\u76ee\u62e5\u6709\u3002\u5728 OpenStack Identity \u4e2d\uff0c\u9879\u76ee\u5fc5\u987b\u7531\u7279\u5b9a\u57df\u62e5\u6709\u3002 \u9879\u76ee ID Identity \u670d\u52a1\u5206\u914d\u7ed9\u6bcf\u4e2a\u9879\u76ee\u7684\u552f\u4e00 ID\u3002 \u9879\u76ee VPN cloudpipe \u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u6df7\u6742\u6a21\u5f0f \u4f7f\u7f51\u7edc\u63a5\u53e3\u5c06\u5176\u63a5\u6536\u7684\u6240\u6709\u6d41\u91cf\u4f20\u9012\u5230\u4e3b\u673a\uff0c\u800c\u4e0d\u662f\u4ec5\u4f20\u9012\u5bfb\u5740\u5230\u5b83\u7684\u5e27\u3002 \u53d7\u4fdd\u62a4\u7684\u5c5e\u6027 \u901a\u5e38\uff0c\u53ea\u6709\u4e91\u7ba1\u7406\u5458\u624d\u80fd\u8bbf\u95ee\u7684\u6620\u50cf\u670d\u52a1\u6620\u50cf\u4e0a\u7684\u989d\u5916\u5c5e\u6027\u3002\u9650\u5236\u54ea\u4e9b\u7528\u6237\u89d2\u8272\u53ef\u4ee5\u5bf9\u8be5\u5c5e\u6027\u6267\u884c CRUD \u64cd\u4f5c\u3002\u4e91\u7ba1\u7406\u5458\u53ef\u4ee5\u5c06\u4efb\u4f55\u6620\u50cf\u5c5e\u6027\u914d\u7f6e\u4e3a\u53d7\u4fdd\u62a4\u3002 \u63d0\u4f9b\u8005 \u6709\u6743\u8bbf\u95ee\u6240\u6709\u4e3b\u673a\u548c\u5b9e\u4f8b\u7684\u7ba1\u7406\u5458\u3002 \u4ee3\u7406\u8282\u70b9 \u63d0\u4f9bObject Storage\u4ee3\u7406\u670d\u52a1\u7684\u8282\u70b9\u3002 \u4ee3\u7406\u670d\u52a1\u5668 \u5bf9\u8c61\u5b58\u50a8\u7684\u7528\u6237\u901a\u8fc7\u4ee3\u7406\u670d\u52a1\u5668\u4e0e\u670d\u52a1\u8fdb\u884c\u4ea4\u4e92\uff0c\u4ee3\u7406\u670d\u52a1\u5668\u53c8\u5728\u73af\u5185\u67e5\u627e\u6240\u8bf7\u6c42\u6570\u636e\u7684\u4f4d\u7f6e\uff0c\u5e76\u5c06\u7ed3\u679c\u8fd4\u56de\u7ed9\u7528\u6237\u3002 \u516c\u5171 API \u7528\u4e8e\u670d\u52a1\u5230\u670d\u52a1\u901a\u4fe1\u548c\u6700\u7ec8\u7528\u6237\u4ea4\u4e92\u7684 API \u7ec8\u7ed3\u70b9\u3002 \u516c\u6709\u4e91 \u8bb8\u591a\u7528\u6237\u53ef\u901a\u8fc7 Internet \u8bbf\u95ee\u7684\u6570\u636e\u4e2d\u5fc3\u3002 \u516c\u5171\u955c\u50cf \u53ef\u4f9b\u6240\u6709\u9879\u76ee\u4f7f\u7528\u7684\u955c\u50cf\u670d\u52a1\u865a\u62df\u673a\u955c\u50cf\u3002 \u516c\u7f51 IP \u5730\u5740 \u6700\u7ec8\u7528\u6237\u53ef\u8bbf\u95ee\u7684 IP \u5730\u5740\u3002 \u516c\u94a5\u8ba4\u8bc1 \u4f7f\u7528\u5bc6\u94a5\u800c\u4e0d\u662f\u5bc6\u7801\u7684\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u3002 \u516c\u7f51 \u7f51\u7edc\u63a7\u5236\u5668\u63d0\u4f9b\u865a\u62df\u7f51\u7edc\uff0c\u4f7f\u8ba1\u7b97\u670d\u52a1\u5668\u80fd\u591f\u76f8\u4e92\u4ea4\u4e92\u4ee5\u53ca\u4e0e\u516c\u7528\u7f51\u7edc\u4ea4\u4e92\u3002\u6240\u6709\u8ba1\u7b97\u673a\u90fd\u5fc5\u987b\u5177\u6709\u516c\u5171\u548c\u4e13\u7528\u7f51\u7edc\u63a5\u53e3\u3002\u516c\u7528\u7f51\u7edc\u63a5\u53e3\u7531\u8be5 public_interface \u9009\u9879\u63a7\u5236\u3002 Puppet OpenStack\u652f\u6301\u7684\u64cd\u4f5c\u7cfb\u7edf\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\u3002 Python \u6a21\u578b OpenStack\u4e2d\u5e7f\u6cdb\u4f7f\u7528\u7684\u7f16\u7a0b\u8bed\u8a00\u3002 Q \u00b6 QEMU \u5199\u5165\u65f6\u590d\u5236 2 \uff08QCOW2\uff09 \u955c\u50cf\u670d\u52a1\u652f\u6301\u7684\u865a\u62df\u673a\u955c\u50cf\u78c1\u76d8\u683c\u5f0f\u4e4b\u4e00\u3002 Qpid penStack\u652f\u6301\u7684\u6d88\u606f\u961f\u5217\u8f6f\u4ef6;RabbitMQ \u7684\u66ff\u4ee3\u54c1\u3002 \u670d\u52a1\u8d28\u91cf \uff08QoS\uff09 \u4fdd\u8bc1\u67d0\u4e9b\u7f51\u7edc\u6216\u5b58\u50a8\u8981\u6c42\u4ee5\u6ee1\u8db3\u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u5546\u548c\u6700\u7ec8\u7528\u6237\u4e4b\u95f4\u7684\u670d\u52a1\u7ea7\u522b\u534f\u8bae \uff08SLA\uff09 \u7684\u80fd\u529b\u3002\u901a\u5e38\u5305\u62ec\u7f51\u7edc\u5e26\u5bbd\u3001\u5ef6\u8fdf\u3001\u6296\u52a8\u6821\u6b63\u548c\u53ef\u9760\u6027\u7b49\u6027\u80fd\u8981\u6c42\uff0c\u4ee5\u53ca\u6bcf\u79d2\u8f93\u5165/\u8f93\u51fa\u64cd\u4f5c\u6570 \uff08IOPS\uff09 \u4e2d\u7684\u5b58\u50a8\u6027\u80fd\u3001\u9650\u5236\u534f\u8bae\u548c\u5cf0\u503c\u8d1f\u8f7d\u4e0b\u7684\u6027\u80fd\u9884\u671f\u3002 \u9694\u79bb \u5982\u679c\u5bf9\u8c61\u5b58\u50a8\u53d1\u73b0\u5bf9\u8c61\u3001\u5bb9\u5668\u6216\u5e10\u6237\u5df2\u635f\u574f\uff0c\u5219\u4f1a\u5c06\u5176\u7f6e\u4e8e\u6b64\u72b6\u6001\uff0c\u4e0d\u4f1a\u88ab\u590d\u5236\uff0c\u5ba2\u6237\u7aef\u65e0\u6cd5\u8bfb\u53d6\uff0c\u5e76\u4e14\u4f1a\u91cd\u65b0\u590d\u5236\u6b63\u786e\u7684\u526f\u672c\u3002 Queens OpenStack \u7b2c 17 \u7248\u7684\u4ee3\u53f7\u3002OpenStack\u5cf0\u4f1a\u5728\u6fb3\u5927\u5229\u4e9a\u6089\u5c3c\u4e3e\u884c\u3002\u8be5\u7248\u672c\u4ee5\u65b0\u5357\u5a01\u5c14\u58eb\u5dde\u5357\u6d77\u5cb8\u5730\u533a\u7684\u7687\u540e\u5e9e\u5fb7\u6cb3\u547d\u540d\u3002 Quick EMUlator \uff08QEMU\uff09 \uff08\u5feb\u901f EMUlator\uff09 QEMU \u662f\u4e00\u4e2a\u901a\u7528\u7684\u5f00\u6e90\u673a\u5668\u4eff\u771f\u5668\u548c\u865a\u62df\u5316\u5668\u3002OpenStack \u652f\u6301\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e4b\u4e00\uff0c\u901a\u5e38\u7528\u4e8e\u5f00\u53d1\u76ee\u7684\u3002 \u914d\u989d \u5728\u8ba1\u7b97\u548c\u5757\u5b58\u50a8\u4e2d\uff0c\u80fd\u591f\u57fa\u4e8e\u6bcf\u4e2a\u9879\u76ee\u8bbe\u7f6e\u8d44\u6e90\u9650\u5236\u3002 R \u00b6 RabbitMQ \u6a21\u578b OpenStack \u4f7f\u7528\u7684\u9ed8\u8ba4\u6d88\u606f\u961f\u5217\u8f6f\u4ef6\u3002 Rackspace \u4e91\u6587\u4ef6 2010 \u5e74\u7531 Rackspace \u5f00\u6e90\u53d1\u5e03;\u5bf9\u8c61\u5b58\u50a8\u7684\u57fa\u7840\u3002 RADOS \u5757\u8bbe\u5907 \uff08RBD\uff09 Ceph \u7ec4\u4ef6\uff0c\u4f7f Linux \u5757\u8bbe\u5907\u80fd\u591f\u5728\u591a\u4e2a\u5206\u5e03\u5f0f\u6570\u636e\u5b58\u50a8\u4e0a\u8fdb\u884c\u6761\u5e26\u5316\u3002 radvd \u8def\u7531\u5668\u901a\u544a\u5b88\u62a4\u7a0b\u5e8f\uff0c\u7531\u8ba1\u7b97 VLAN \u7ba1\u7406\u5668\u548c FlatDHCP \u7ba1\u7406\u5668\u7528\u4e8e\u4e3a VM \u5b9e\u4f8b\u63d0\u4f9b\u8def\u7531\u670d\u52a1\u3002 rally Benchmark \u670d\u52a1\u7684\u4ee3\u53f7\u3002 RAM\u8fc7\u6ee4\u5668 \u542f\u7528\u6216\u7981\u7528 RAM \u8fc7\u91cf\u5206\u914d\u7684\u8ba1\u7b97\u8bbe\u7f6e\u3002 RAM \u8fc7\u91cf\u5206\u914d \u80fd\u591f\u6839\u636e\u4e3b\u673a\u7684\u5b9e\u9645\u5185\u5b58\u4f7f\u7528\u60c5\u51b5\u542f\u52a8\u65b0\u7684 VM \u5b9e\u4f8b\uff0c\u800c\u4e0d\u662f\u6839\u636e\u6bcf\u4e2a\u6b63\u5728\u8fd0\u884c\u7684\u5b9e\u4f8b\u8ba4\u4e3a\u5176\u53ef\u7528\u7684 RAM \u91cf\u6765\u505a\u51fa\u51b3\u5b9a\u3002\u4e5f\u79f0\u4e3a\u5185\u5b58\u8fc7\u91cf\u4f7f\u7528\u3002 \u901f\u7387\u9650\u5236 \u5bf9\u8c61\u5b58\u50a8\u4e2d\u7684\u53ef\u914d\u7f6e\u9009\u9879\uff0c\u7528\u4e8e\u9650\u5236\u6bcf\u4e2a\u5e10\u6237\u548c/\u6216\u6bcf\u4e2a\u5bb9\u5668\u7684\u6570\u636e\u5e93\u5199\u5165\u3002 \u539f\u59cb \u6620\u50cf\u670d\u52a1\u652f\u6301\u7684\u865a\u62df\u673a\u6620\u50cf\u78c1\u76d8\u683c\u5f0f\u4e4b\u4e00;\u975e\u7ed3\u6784\u5316\u78c1\u76d8\u6620\u50cf\u3002 \u91cd\u65b0\u5e73\u8861 \u5728\u73af\u4e2d\u7684\u6240\u6709\u9a71\u52a8\u5668\u4e4b\u95f4\u5206\u914d\u5bf9\u8c61\u5b58\u50a8\u5206\u533a\u7684\u8fc7\u7a0b;\u5728\u521d\u59cb\u73af\u521b\u5efa\u671f\u95f4\u548c\u73af\u91cd\u65b0\u914d\u7f6e\u540e\u4f7f\u7528\u3002 \u91cd\u542f \u5bf9\u670d\u52a1\u5668\u8fdb\u884c\u8f6f\u91cd\u542f\u6216\u786c\u91cd\u542f\u3002\u901a\u8fc7\u8f6f\u91cd\u542f\uff0c\u64cd\u4f5c\u7cfb\u7edf\u4f1a\u53d1\u51fa\u91cd\u65b0\u542f\u52a8\u4fe1\u53f7\uff0c\u4ece\u800c\u53ef\u4ee5\u6b63\u5e38\u5173\u95ed\u6240\u6709\u8fdb\u7a0b\u3002\u786c\u91cd\u542f\u76f8\u5f53\u4e8e\u91cd\u542f\u670d\u52a1\u5668\u3002\u865a\u62df\u5316\u5e73\u53f0\u5e94\u786e\u4fdd\u91cd\u65b0\u542f\u52a8\u64cd\u4f5c\u5df2\u6210\u529f\u5b8c\u6210\uff0c\u5373\u4f7f\u5728\u57fa\u7840\u57df/VM \u6682\u505c\u6216\u505c\u6b62/\u505c\u6b62\u7684\u60c5\u51b5\u4e0b\u4e5f\u662f\u5982\u6b64\u3002 \u91cd\u5efa \u5220\u9664\u670d\u52a1\u5668\u4e0a\u7684\u6240\u6709\u6570\u636e\uff0c\u5e76\u5c06\u5176\u66ff\u6362\u4e3a\u6307\u5b9a\u7684\u6620\u50cf\u3002\u670d\u52a1\u5668 ID \u548c IP \u5730\u5740\u4fdd\u6301\u4e0d\u53d8\u3002 \u4fa6\u5bdf \u7528\u4e8e\u6536\u96c6\u8ba1\u91cf\u7684\u5bf9\u8c61\u5b58\u50a8\u7ec4\u4ef6\u3002 \u8bb0\u5f55 \u5c5e\u4e8e\u7279\u5b9a\u57df\uff0c\u7528\u4e8e\u6307\u5b9a\u6709\u5173\u8be5\u57df\u7684\u4fe1\u606f\u3002\u6709\u51e0\u79cd\u7c7b\u578b\u7684 DNS \u8bb0\u5f55\u3002\u6bcf\u79cd\u8bb0\u5f55\u7c7b\u578b\u90fd\u5305\u542b\u7528\u4e8e\u63cf\u8ff0\u8be5\u8bb0\u5f55\u7528\u9014\u7684\u7279\u5b9a\u4fe1\u606f\u3002\u793a\u4f8b\u5305\u62ec\u90ae\u4ef6\u4ea4\u6362 \uff08MX\uff09 \u8bb0\u5f55\uff0c\u5b83\u6307\u5b9a\u7279\u5b9a\u57df\u7684\u90ae\u4ef6\u670d\u52a1\u5668;\u548c\u540d\u79f0\u670d\u52a1\u5668 \uff08NS\uff09 \u8bb0\u5f55\uff0c\u7528\u4e8e\u6307\u5b9a\u57df\u7684\u6743\u5a01\u540d\u79f0\u670d\u52a1\u5668\u3002 \u8bb0\u5f55 ID \u6570\u636e\u5e93\u4e2d\u7684\u4e00\u4e2a\u6570\u5b57\uff0c\u6bcf\u6b21\u8fdb\u884c\u66f4\u6539\u65f6\u90fd\u4f1a\u9012\u589e\u3002\u5bf9\u8c61\u5b58\u50a8\u5728\u590d\u5236\u65f6\u4f7f\u7528\u3002 Red Hat Enterprise Linux \uff08RHEL\uff09 \uff08\u82f1\u8bed\uff09 \u4e0e OpenStack \u517c\u5bb9\u7684 Linux \u53d1\u884c\u7248\u3002 \u53c2\u8003\u67b6\u6784 OpenStack \u4e91\u7684\u63a8\u8350\u67b6\u6784\u3002 \u533a\u57df \u5177\u6709\u4e13\u7528 API \u7aef\u70b9\u7684\u79bb\u6563 OpenStack \u73af\u5883\uff0c\u901a\u5e38\u4ec5\u4e0e\u5176\u4ed6\u533a\u57df\u5171\u4eab\u8eab\u4efd \uff08keystone\uff09\u3002 \u6ce8\u518c\u8868 \u5f71\u50cf\u670d\u52a1\u6ce8\u518c\u8868\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u6ce8\u518c\u8868\u670d\u52a1\u5668 \u5411\u5ba2\u6237\u7aef\u63d0\u4f9b\u865a\u62df\u673a\u955c\u50cf\u5143\u6570\u636e\u4fe1\u606f\u7684\u955c\u50cf\u670d\u52a1\u3002 \u53ef\u9760\u3001\u81ea\u4e3b\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8 \uff08\u96f7\u8fbe\uff09 \u5728 Ceph \u4e2d\u63d0\u4f9b\u5bf9\u8c61\u5b58\u50a8\u7684\u7ec4\u4ef6\u96c6\u5408\u3002\u7c7b\u4f3c\u4e8e OpenStack Object Storage\u3002 \u8fdc\u7a0b\u8fc7\u7a0b\u8c03\u7528 \uff08RPC\uff09 \u8ba1\u7b97RabbitMQ \u7528\u4e8e\u670d\u52a1\u5185\u901a\u4fe1\u7684\u65b9\u6cd5\u3002 \u526f\u672c \u901a\u8fc7\u521b\u5efa\u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61\u3001\u5e10\u6237\u548c\u5bb9\u5668\u7684\u526f\u672c\u6765\u63d0\u4f9b\u6570\u636e\u5197\u4f59\u548c\u5bb9\u9519\uff0c\u4ee5\u4fbf\u5728\u5e95\u5c42\u5b58\u50a8\u53d1\u751f\u6545\u969c\u65f6\u4e0d\u4f1a\u4e22\u5931\u5b83\u4eec\u3002 \u526f\u672c\u6570\u91cf \u5bf9\u8c61\u5b58\u50a8\u73af\u4e2d\u6570\u636e\u7684\u526f\u672c\u6570\u3002 \u590d\u5236 \u5c06\u6570\u636e\u590d\u5236\u5230\u5355\u72ec\u7684\u7269\u7406\u8bbe\u5907\u4ee5\u5b9e\u73b0\u5bb9\u9519\u548c\u6027\u80fd\u7684\u8fc7\u7a0b\u3002 \u590d\u5236\u5668 \u5bf9\u8c61\u5b58\u50a8\u540e\u7aef\u8fdb\u7a0b\uff0c\u7528\u4e8e\u521b\u5efa\u548c\u7ba1\u7406\u5bf9\u8c61\u526f\u672c\u3002 \u8bf7\u6c42 ID \u5206\u914d\u7ed9\u53d1\u9001\u5230\u8ba1\u7b97\u7684\u6bcf\u4e2a\u8bf7\u6c42\u7684\u552f\u4e00 ID\u3002 \u6551\u63f4\u6620\u50cf \u4e00\u79cd\u7279\u6b8a\u7c7b\u578b\u7684 VM \u6620\u50cf\uff0c\u5728\u5c06\u5b9e\u4f8b\u7f6e\u4e8e\u6551\u63f4\u6a21\u5f0f\u65f6\u542f\u52a8\u3002\u5141\u8bb8\u7ba1\u7406\u5458\u6302\u8f7d\u5b9e\u4f8b\u7684\u6587\u4ef6\u7cfb\u7edf\u4ee5\u66f4\u6b63\u95ee\u9898\u3002 \u8c03\u6574\u5927\u5c0f \u5c06\u73b0\u6709\u670d\u52a1\u5668\u8f6c\u6362\u4e3a\u5176\u4ed6\u98ce\u683c\uff0c\u4ece\u800c\u6269\u5c55\u6216\u7f29\u51cf\u670d\u52a1\u5668\u3002\u4fdd\u5b58\u539f\u59cb\u670d\u52a1\u5668\u4ee5\u5728\u51fa\u73b0\u95ee\u9898\u65f6\u542f\u7528\u56de\u6eda\u3002\u5fc5\u987b\u6d4b\u8bd5\u5e76\u660e\u786e\u786e\u8ba4\u6240\u6709\u8c03\u6574\u5927\u5c0f\uff0c\u6b64\u65f6\u5c06\u5220\u9664\u539f\u59cb\u670d\u52a1\u5668\u3002 RESTful \u4e00\u79cd\u4f7f\u7528 REST \u6216\u5177\u8c61\u72b6\u6001\u4f20\u8f93\u7684 Web \u670d\u52a1 API\u3002REST\u662f\u7528\u4e8e\u4e07\u7ef4\u7f51\u7684\u8d85\u5a92\u4f53\u7cfb\u7edf\u7684\u67b6\u6784\u98ce\u683c \u73af \u5c06\u5bf9\u8c61\u5b58\u50a8\u6570\u636e\u6620\u5c04\u5230\u5206\u533a\u7684\u5b9e\u4f53\u3002\u6bcf\u4e2a\u670d\u52a1\uff08\u4f8b\u5982\u5e10\u6237\u3001\u5bf9\u8c61\u548c\u5bb9\u5668\uff09\u90fd\u5b58\u5728\u4e00\u4e2a\u5355\u72ec\u7684\u73af\u3002 \u73af\u6784\u5efa\u5668 \u5728\u5bf9\u8c61\u5b58\u50a8\u4e2d\u6784\u5efa\u548c\u7ba1\u7406\u73af\uff0c\u4e3a\u8bbe\u5907\u5206\u914d\u5206\u533a\uff0c\u5e76\u5c06\u914d\u7f6e\u63a8\u9001\u5230\u5176\u4ed6\u5b58\u50a8\u8282\u70b9\u3002 Rocky OpenStack \u7b2c 18 \u7248\u7684\u4ee3\u53f7\u3002OpenStack\u5cf0\u4f1a\u5728\u52a0\u62ff\u5927\u6e29\u54e5\u534e\u4e3e\u884c\u3002\u8be5\u7248\u672c\u4ee5\u843d\u57fa\u5c71\u8109\u547d\u540d\u3002 \u89d2\u8272 \u7528\u6237\u4e3a\u6267\u884c\u4e00\u7ec4\u7279\u5b9a\u64cd\u4f5c\u800c\u5047\u5b9a\u7684\u4e2a\u6027\u3002\u89d2\u8272\u5305\u62ec\u4e00\u7ec4\u6743\u9650\u548c\u7279\u6743\u3002\u62c5\u4efb\u8be5\u89d2\u8272\u7684\u7528\u6237\u5c06\u7ee7\u627f\u8fd9\u4e9b\u6743\u5229\u548c\u7279\u6743\u3002 \u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236 \uff08RBAC\uff09 \u63d0\u4f9b\u7528\u6237\u53ef\u4ee5\u6267\u884c\u7684\u64cd\u4f5c\u7684\u9884\u5b9a\u4e49\u5217\u8868\uff0c\u4f8b\u5982\u542f\u52a8\u6216\u505c\u6b62 VM\u3001\u91cd\u7f6e\u5bc6\u7801\u7b49\u3002\u5728\u6807\u8bc6\u548c\u8ba1\u7b97\u4e2d\u5747\u53d7\u652f\u6301\uff0c\u53ef\u4ee5\u4f7f\u7528\u4eea\u8868\u677f\u8fdb\u884c\u914d\u7f6e\u3002 \u89d2\u8272 ID \u5206\u914d\u7ed9\u6bcf\u4e2a\u8eab\u4efd\u670d\u52a1\u89d2\u8272\u7684\u5b57\u6bcd\u6570\u5b57 ID\u3002 \u6839\u672c\u539f\u56e0\u5206\u6790\uff08RCA\uff09\u670d\u52a1\uff08Vitrage\uff09 OpenStack\u9879\u76ee\u65e8\u5728\u7ec4\u7ec7\u3001\u5206\u6790\u548c\u53ef\u89c6\u5316OpenStack\u8b66\u62a5\u548c\u4e8b\u4ef6\uff0c\u6df1\u5165\u4e86\u89e3\u95ee\u9898\u7684\u6839\u672c\u539f\u56e0\uff0c\u5e76\u5728\u76f4\u63a5\u68c0\u6d4b\u5230\u95ee\u9898\u4e4b\u524d\u63a8\u65ad\u51fa\u5b83\u4eec\u7684\u5b58\u5728\u3002 rootwrap \u8ba1\u7b97\u7684\u4e00\u9879\u529f\u80fd\uff0c\u5141\u8bb8\u975e\u7279\u6743\u201cnova\u201d\u7528\u6237\u4ee5 Linux root \u7528\u6237\u8eab\u4efd\u8fd0\u884c\u6307\u5b9a\u7684\u547d\u4ee4\u5217\u8868\u3002 \u5faa\u73af\u8c03\u5ea6\u5668 \u5728\u53ef\u7528\u4e3b\u673a\u4e4b\u95f4\u5747\u5300\u5206\u914d\u5b9e\u4f8b\u7684\u8ba1\u7b97\u8ba1\u5212\u7a0b\u5e8f\u7684\u7c7b\u578b\u3002 \u8def\u7531\u5668 \u5728\u4e0d\u540c\u7f51\u7edc\u4e4b\u95f4\u4f20\u9012\u7f51\u7edc\u6d41\u91cf\u7684\u7269\u7406\u6216\u865a\u62df\u7f51\u7edc\u8bbe\u5907\u3002 \u8def\u7531\u5bc6\u94a5 \u8ba1\u7b97\u76f4\u63a5\u4ea4\u6362\u3001\u6247\u51fa\u4ea4\u6362\u548c\u4e3b\u9898\u4ea4\u6362\u4f7f\u7528\u6b64\u5bc6\u94a5\u6765\u786e\u5b9a\u5982\u4f55\u5904\u7406\u6d88\u606f;\u5904\u7406\u65b9\u5f0f\u56e0 Exchange \u7c7b\u578b\u800c\u5f02\u3002 RPC \u9a71\u52a8\u7a0b\u5e8f \u6a21\u5757\u5316\u7cfb\u7edf\uff0c\u5141\u8bb8\u66f4\u6539 Compute \u7684\u5e95\u5c42\u6d88\u606f\u961f\u5217\u8f6f\u4ef6\u3002\u4f8b\u5982\uff0c\u4ece RabbitMQ \u5230 ZeroMQ \u6216 Qpid\u3002 rsync \u7531\u5bf9\u8c61\u5b58\u50a8\u7528\u4e8e\u63a8\u9001\u5bf9\u8c61\u526f\u672c\u3002 RXTX \u9650 \u5236 \u8ba1\u7b97 VM \u5b9e\u4f8b\u53ef\u4ee5\u53d1\u9001\u548c\u63a5\u6536\u7684\u7f51\u7edc\u6d41\u91cf\u7684\u7edd\u5bf9\u9650\u5236\u3002 RXTX \u914d\u989d \u5bf9\u8ba1\u7b97 VM \u5b9e\u4f8b\u53ef\u4ee5\u53d1\u9001\u548c\u63a5\u6536\u7684\u7f51\u7edc\u6d41\u91cf\u7684\u8f6f\u9650\u5236\u3002 S \u00b6 sahara \u6570\u636e\u5904\u7406\u670d\u52a1\u7684\u4ee3\u53f7\u3002 SAML \u65ad\u8a00 \u5305\u542b\u6807\u8bc6\u63d0\u4f9b\u8005\u63d0\u4f9b\u7684\u6709\u5173\u7528\u6237\u7684\u4fe1\u606f\u3002\u8fd9\u8868\u793a\u7528\u6237\u5df2\u901a\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u3002 \u6c99\u76d2 \u4e00\u4e2a\u865a\u62df\u7a7a\u95f4\uff0c\u53ef\u4ee5\u5728\u5176\u4e2d\u5b89\u5168\u5730\u8fd0\u884c\u65b0\u7684\u6216\u672a\u7ecf\u6d4b\u8bd5\u7684\u8f6f\u4ef6\u3002 \u8c03\u5ea6\u5668\u7ba1\u7406\u5668 \u4e00\u4e2a\u8ba1\u7b97\u7ec4\u4ef6\uff0c\u7528\u4e8e\u786e\u5b9a VM \u5b9e\u4f8b\u7684\u542f\u52a8\u4f4d\u7f6e\u3002\u91c7\u7528\u6a21\u5757\u5316\u8bbe\u8ba1\uff0c\u652f\u6301\u591a\u79cd\u8c03\u5ea6\u7a0b\u5e8f\u7c7b\u578b\u3002 \u4f5c\u7528\u57df\u4ee4\u724c \u4e0e\u7279\u5b9a\u9879\u76ee\u5173\u8054\u7684\u8eab\u4efd\u670d\u52a1 API \u8bbf\u95ee\u4ee4\u724c\u3002 \u6d17\u6da4\u5668 \u68c0\u67e5\u5e76\u5220\u9664\u672a\u4f7f\u7528\u7684\u865a\u62df\u673a;\u5b9e\u73b0\u5ef6\u8fdf\u5220\u9664\u7684\u5f71\u50cf\u670d\u52a1\u7ec4\u4ef6\u3002 \u5bc6\u94a5 \u53ea\u6709\u7528\u6237\u77e5\u9053\u7684\u6587\u672c\u5b57\u7b26\u4e32;\u4e0e\u8bbf\u95ee\u5bc6\u94a5\u4e00\u8d77\u4f7f\u7528\uff0c\u4ee5\u5411\u8ba1\u7b97 API \u53d1\u51fa\u8bf7\u6c42\u3002 \u5b89\u5168\u542f\u52a8 \u7cfb\u7edf\u56fa\u4ef6\u9a8c\u8bc1\u542f\u52a8\u8fc7\u7a0b\u4e2d\u6d89\u53ca\u7684\u4ee3\u7801\u7684\u771f\u5b9e\u6027\u7684\u8fc7\u7a0b\u3002 \u5b89\u5168\u5916\u58f3 \uff08SSH\uff09 \u7528\u4e8e\u901a\u8fc7\u52a0\u5bc6\u901a\u4fe1\u901a\u9053\u8bbf\u95ee\u8fdc\u7a0b\u4e3b\u673a\u7684\u5f00\u6e90\u5de5\u5177\uff0c\u8ba1\u7b97\u652f\u6301 SSH \u5bc6\u94a5\u6ce8\u5165\u3002 \u5b89\u5168\u7ec4 \u5e94\u7528\u4e8e\u8ba1\u7b97\u5b9e\u4f8b\u7684\u4e00\u7ec4\u7f51\u7edc\u6d41\u91cf\u7b5b\u9009\u89c4\u5219\u3002 \u5206\u6bb5\u5bf9\u8c61 \u5df2\u5206\u89e3\u4e3a\u591a\u4e2a\u90e8\u5206\u7684\u5bf9\u8c61\u5b58\u50a8\u5927\u578b\u5bf9\u8c61\u3002\u91cd\u65b0\u7ec4\u5408\u7684\u5bf9\u8c61\u79f0\u4e3a\u4e32\u8054\u5bf9\u8c61\u3002 \u81ea\u52a9\u670d\u52a1 \u5bf9\u4e8e IaaS\uff0c\u5e38\u89c4\uff08\u975e\u7279\u6743\uff09\u5e10\u6237\u80fd\u591f\u5728\u4e0d\u6d89\u53ca\u7ba1\u7406\u5458\u7684\u60c5\u51b5\u4e0b\u7ba1\u7406\u865a\u62df\u57fa\u7840\u67b6\u6784\u7ec4\u4ef6\uff08\u5982\u7f51\u7edc\uff09\u3002 SELinux \u51fd\u6570 Linux \u5185\u6838\u5b89\u5168\u6a21\u5757\uff0c\u63d0\u4f9b\u7528\u4e8e\u652f\u6301\u8bbf\u95ee\u63a7\u5236\u7b56\u7565\u7684\u673a\u5236\u3002 senlin \u7fa4\u96c6\u670d\u52a1\u7684\u4ee3\u7801\u540d\u79f0\u3002 \u670d\u52a1\u5668 \u4e3a\u8be5\u7cfb\u7edf\u4e0a\u8fd0\u884c\u7684\u5ba2\u6237\u7aef\u8f6f\u4ef6\u63d0\u4f9b\u663e\u5f0f\u670d\u52a1\u7684\u8ba1\u7b97\u673a\uff0c\u901a\u5e38\u7ba1\u7406\u5404\u79cd\u8ba1\u7b97\u673a\u64cd\u4f5c\u3002\u670d\u52a1\u5668\u662f\u8ba1\u7b97\u7cfb\u7edf\u4e2d\u7684 VM \u5b9e\u4f8b\u3002\u98ce\u683c\u548c\u56fe\u50cf\u662f\u521b\u5efa\u670d\u52a1\u5668\u65f6\u7684\u5fc5\u8981\u5143\u7d20\u3002 \u670d\u52a1\u5668\u6620\u50cf VM \u6620\u50cf\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u670d\u52a1\u5668 UUID \u5206\u914d\u7ed9\u6bcf\u4e2a\u6765\u5bbe VM \u5b9e\u4f8b\u7684\u552f\u4e00 ID\u3002 \u670d\u52a1 OpenStack \u670d\u52a1\uff0c\u4f8b\u5982\u8ba1\u7b97\u3001\u5bf9\u8c61\u5b58\u50a8\u6216\u6620\u50cf\u670d\u52a1\u3002\u63d0\u4f9b\u4e00\u4e2a\u6216\u591a\u4e2a\u7aef\u70b9\uff0c\u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u8fd9\u4e9b\u7aef\u70b9\u8bbf\u95ee\u8d44\u6e90\u548c\u6267\u884c\u64cd\u4f5c\u3002 \u670d\u52a1\u76ee\u5f55 Identity \u670d\u52a1\u76ee\u5f55\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u670d\u52a1\u529f\u80fd\u94fe \uff08SFC\uff09 \u5bf9\u4e8e\u7ed9\u5b9a\u7684\u670d\u52a1\uff0cSFC \u662f\u6240\u9700\u670d\u52a1\u529f\u80fd\u53ca\u5176\u5e94\u7528\u987a\u5e8f\u7684\u62bd\u8c61\u89c6\u56fe\u3002 \u670d\u52a1 ID \u5206\u914d\u7ed9 Identity \u670d\u52a1\u76ee\u5f55\u4e2d\u53ef\u7528\u7684\u6bcf\u4e2a\u670d\u52a1\u7684\u552f\u4e00 ID\u3002 \u670d\u52a1\u6c34\u5e73\u534f\u8bae \uff08SLA\uff09 \u786e\u4fdd\u670d\u52a1\u53ef\u7528\u6027\u7684\u5408\u540c\u4e49\u52a1\u3002 \u670d\u52a1\u9879\u76ee \u5305\u542b\u76ee\u5f55\u4e2d\u5217\u51fa\u7684\u6240\u6709\u670d\u52a1\u7684\u7279\u6b8a\u9879\u76ee\u3002 \u670d\u52a1\u63d0\u4f9b\u8005 \u5411\u5176\u4ed6\u7cfb\u7edf\u5b9e\u4f53\u63d0\u4f9b\u670d\u52a1\u7684\u7cfb\u7edf\u3002\u5728\u8054\u5408\u8eab\u4efd\u7684\u60c5\u51b5\u4e0b\uff0cOpenStack \u8eab\u4efd\u662f\u670d\u52a1\u63d0\u4f9b\u8005\u3002 \u670d\u52a1\u6ce8\u518c \u4e00\u79cd\u8eab\u4efd\u670d\u52a1\u529f\u80fd\uff0c\u4f7f\u670d\u52a1\uff08\u5982\u8ba1\u7b97\uff09\u80fd\u591f\u81ea\u52a8\u6ce8\u518c\u5230\u76ee\u5f55\u3002 \u670d\u52a1\u4ee4\u724c \u7ba1\u7406\u5458\u5b9a\u4e49\u7684\u4ee4\u724c\uff0c\u7531\u8ba1\u7b97\u7528\u4e8e\u4e0e\u8eab\u4efd\u670d\u52a1\u8fdb\u884c\u5b89\u5168\u901a\u4fe1\u3002 \u4f1a\u8bdd\u540e\u7aef Horizon \u7528\u4e8e\u8ddf\u8e2a\u5ba2\u6237\u7aef\u4f1a\u8bdd\u7684\u5b58\u50a8\u65b9\u6cd5\uff0c\u4f8b\u5982\u672c\u5730\u5185\u5b58\u3001Cookie\u3001\u6570\u636e\u5e93\u6216 memcached\u3002 \u4f1a\u8bdd\u6301\u4e45\u5316 \u8d1f\u8f7d\u5e73\u8861\u670d\u52a1\u7684\u4e00\u9879\u529f\u80fd\u3002\u53ea\u8981\u67d0\u4e2a\u670d\u52a1\u5904\u4e8e\u8054\u673a\u72b6\u6001\uff0c\u5b83\u5c31\u4f1a\u5c1d\u8bd5\u5f3a\u5236\u5c06\u670d\u52a1\u7684\u540e\u7eed\u8fde\u63a5\u91cd\u5b9a\u5411\u5230\u540c\u4e00\u8282\u70b9\u3002 \u4f1a\u8bdd\u5b58\u50a8 \u7528\u4e8e\u5b58\u50a8\u548c\u8ddf\u8e2a\u5ba2\u6237\u7aef\u4f1a\u8bdd\u4fe1\u606f\u7684 Horizon \u7ec4\u4ef6\u3002\u901a\u8fc7 Django \u4f1a\u8bdd\u6846\u67b6\u5b9e\u73b0\u3002 \u5171\u4eab \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4e0a\u4e0b\u6587\u4e2d\u7684\u8fdc\u7a0b\u53ef\u6302\u8f7d\u6587\u4ef6\u7cfb\u7edf\u3002\u60a8\u53ef\u4ee5\u4e00\u6b21\u5c06\u5171\u4eab\u88c5\u8f7d\u5230\u591a\u4e2a\u4e3b\u673a\uff0c\u4e5f\u53ef\u4ee5\u7531\u591a\u4e2a\u7528\u6237\u4ece\u591a\u4e2a\u4e3b\u673a\u8bbf\u95ee\u5171\u4eab\u3002 \u5171\u4eab\u7f51\u7edc \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4e0a\u4e0b\u6587\u4e2d\u7684\u5b9e\u4f53\uff0c\u7528\u4e8e\u5c01\u88c5\u4e0e\u7f51\u7edc\u670d\u52a1\u7684\u4ea4\u4e92\u3002\u5982\u679c\u6240\u9009\u9a71\u52a8\u7a0b\u5e8f\u5728\u9700\u8981\u6b64\u7c7b\u4ea4\u4e92\u7684\u6a21\u5f0f\u4e0b\u8fd0\u884c\uff0c\u5219\u9700\u8981\u6307\u5b9a\u5171\u4eab\u7f51\u7edc\u4ee5\u521b\u5efa\u5171\u4eab\u3002 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf API \u63d0\u4f9b\u7a33\u5b9a RESTful API \u7684\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u3002\u8be5\u670d\u52a1\u5728\u6574\u4e2a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4e2d\u5bf9\u8bf7\u6c42\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u548c\u8def\u7531\u3002\u6709 python-manilaclient \u53ef\u4ee5\u4e0e API \u4ea4\u4e92\u3002 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\uff08manila\uff09 \u8be5\u670d\u52a1\u63d0\u4f9b\u4e00\u7ec4\u670d\u52a1\uff0c\u7528\u4e8e\u7ba1\u7406\u591a\u9879\u76ee\u4e91\u73af\u5883\u4e2d\u7684\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\uff0c\u7c7b\u4f3c\u4e8e OpenStack \u901a\u8fc7 OpenStack Block Storage \u670d\u52a1\u9879\u76ee\u63d0\u4f9b\u57fa\u4e8e\u5757\u7684\u5b58\u50a8\u7ba1\u7406\u3002\u4f7f\u7528\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\uff0c\u60a8\u53ef\u4ee5\u521b\u5efa\u8fdc\u7a0b\u6587\u4ef6\u7cfb\u7edf\u5e76\u5c06\u6587\u4ef6\u7cfb\u7edf\u6302\u8f7d\u5230\u60a8\u7684\u5b9e\u4f8b\u4e0a\u3002\u60a8\u8fd8\u53ef\u4ee5\u5728\u6587\u4ef6\u7cfb\u7edf\u4e2d\u8bfb\u53d6\u548c\u5199\u5165\u5b9e\u4f8b\u4e2d\u7684\u6570\u636e\u3002 \u5171\u4eab IP \u5730\u5740 \u53ef\u5206\u914d\u7ed9\u5171\u4eab IP \u7ec4\u4e2d\u7684 VM \u5b9e\u4f8b\u7684 IP \u5730\u5740\u3002\u516c\u5171 IP \u5730\u5740\u53ef\u4ee5\u5728\u591a\u4e2a\u670d\u52a1\u5668\u4e4b\u95f4\u5171\u4eab\uff0c\u4ee5\u4fbf\u5728\u5404\u79cd\u9ad8\u53ef\u7528\u6027\u65b9\u6848\u4e2d\u4f7f\u7528\u3002\u5f53 IP \u5730\u5740\u5171\u4eab\u5230\u53e6\u4e00\u53f0\u670d\u52a1\u5668\u65f6\uff0c\u5c06\u4fee\u6539\u4e91\u7f51\u7edc\u9650\u5236\uff0c\u4f7f\u6bcf\u4e2a\u670d\u52a1\u5668\u90fd\u80fd\u4fa6\u542c\u548c\u54cd\u5e94\u8be5 IP \u5730\u5740\u3002\u60a8\u53ef\u4ee5\u9009\u62e9\u6307\u5b9a\u4fee\u6539\u76ee\u6807\u670d\u52a1\u5668\u7f51\u7edc\u914d\u7f6e\u3002\u5171\u4eab IP \u5730\u5740\u53ef\u4ee5\u4e0e\u8bb8\u591a\u6807\u51c6\u68c0\u6d4b\u4fe1\u53f7\u5de5\u5177\uff08\u5982 keepalive\uff09\u4e00\u8d77\u4f7f\u7528\uff0c\u8fd9\u4e9b\u5de5\u5177\u53ef\u76d1\u89c6\u6545\u969c\u5e76\u7ba1\u7406 IP \u6545\u969c\u8f6c\u79fb\u3002 \u5171\u4eab IP \u7ec4 \u53ef\u4ee5\u4e0e\u7ec4\u7684\u5176\u4ed6\u6210\u5458\u5171\u4eab IP \u7684\u670d\u52a1\u5668\u96c6\u5408\u3002\u7ec4\u4e2d\u7684\u4efb\u4f55\u670d\u52a1\u5668\u90fd\u53ef\u4ee5\u4e0e\u7ec4\u4e2d\u7684\u4efb\u4f55\u5176\u4ed6\u670d\u52a1\u5668\u5171\u4eab\u4e00\u4e2a\u6216\u591a\u4e2a\u516c\u5171 IP\u3002\u9664\u4e86\u5171\u4eab IP \u7ec4\u4e2d\u7684\u7b2c\u4e00\u53f0\u670d\u52a1\u5668\u5916\uff0c\u670d\u52a1\u5668\u5fc5\u987b\u542f\u52a8\u5230\u5171\u4eab IP \u7ec4\u4e2d\u3002\u4e00\u53f0\u670d\u52a1\u5668\u53ea\u80fd\u662f\u4e00\u4e2a\u5171\u4eab IP \u7ec4\u7684\u6210\u5458\u3002 \u5171\u4eab\u5b58\u50a8 \u53ef\u7531\u591a\u4e2a\u5ba2\u6237\u7aef\u540c\u65f6\u8bbf\u95ee\u7684\u5757\u5b58\u50a8\uff0c\u4f8b\u5982 NFS\u3002 Sheepdog \u9762\u5411 QEMU \u7684\u5206\u5e03\u5f0f\u5757\u5b58\u50a8\u7cfb\u7edf\uff0c\u7531 OpenStack \u63d0\u4f9b\u652f\u6301\u3002 \u7b80\u5355\u4e91\u8eab\u4efd\u7ba1\u7406 \uff08SCIM\uff09 \u7528\u4e8e\u5728\u4e91\u4e2d\u7ba1\u7406\u8eab\u4efd\u7684\u89c4\u8303\uff0c\u76ee\u524d\u4e0d\u53d7 OpenStack \u652f\u6301\u3002 \u72ec\u7acb\u8ba1\u7b97\u73af\u5883\u7684\u7b80\u5355\u534f\u8bae \uff08SPICE\uff09 SPICE \u63d0\u4f9b\u5bf9\u5ba2\u6237\u673a\u865a\u62df\u673a\u7684\u8fdc\u7a0b\u684c\u9762\u8bbf\u95ee\u3002\u5b83\u662f VNC \u7684\u66ff\u4ee3\u54c1\u3002OpenStack\u652f\u6301SPICE\u3002 \u5355\u6839 I/O \u865a\u62df\u5316 \uff08SR-IOV\uff09 \u5f53\u7531\u7269\u7406 PCIe \u8bbe\u5907\u5b9e\u73b0\u65f6\uff0c\u8be5\u89c4\u8303\u4f7f\u5176\u80fd\u591f\u663e\u793a\u4e3a\u591a\u4e2a\u5355\u72ec\u7684 PCIe \u8bbe\u5907\u3002\u8fd9\u4f7f\u591a\u4e2a\u865a\u62df\u5316\u5ba2\u6237\u673a\u80fd\u591f\u5171\u4eab\u5bf9\u7269\u7406\u8bbe\u5907\u7684\u76f4\u63a5\u8bbf\u95ee\uff0c\u4ece\u800c\u63d0\u4f9b\u6bd4\u7b49\u6548\u865a\u62df\u8bbe\u5907\u66f4\u9ad8\u7684\u6027\u80fd\u3002\u76ee\u524d\u5728 OpenStack Havana \u53ca\u66f4\u9ad8\u7248\u672c\u4e2d\u53d7\u652f\u6301\u3002 SmokeStack \u9488\u5bf9\u6838\u5fc3 OpenStack API \u8fd0\u884c\u81ea\u52a8\u5316\u6d4b\u8bd5;\u7528 Rails \u7f16\u5199\u3002 \u5feb\u7167 OpenStack \u5b58\u50a8\u5377\u6216\u6620\u50cf\u7684\u65f6\u95f4\u70b9\u526f\u672c\u3002\u4f7f\u7528\u5b58\u50a8\u5377\u5feb\u7167\u5907\u4efd\u5377\u3002\u4f7f\u7528\u6620\u50cf\u5feb\u7167\u6765\u5907\u4efd\u6570\u636e\uff0c\u6216\u4f5c\u4e3a\u5176\u4ed6\u670d\u52a1\u5668\u7684\u201c\u9ec4\u91d1\u201d\u6620\u50cf\u3002 \u8f6f\u91cd\u542f \u901a\u8fc7\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6b63\u786e\u91cd\u542f VM \u5b9e\u4f8b\u7684\u53d7\u63a7\u91cd\u542f\u3002 \u8f6f\u4ef6\u5f00\u53d1\u5de5\u5177\u5305 \uff08SDK\uff09 \u5305\u542b\u4ee3\u7801\u3001\u793a\u4f8b\u548c\u6587\u6863\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528\u8fd9\u4e9b\u4ee3\u7801\u3001\u793a\u4f8b\u548c\u6587\u6863\u4ee5\u6240\u9009\u8bed\u8a00\u521b\u5efa\u5e94\u7528\u7a0b\u5e8f\u3002 \u8f6f\u4ef6\u5f00\u53d1\u751f\u547d\u5468\u671f\u81ea\u52a8\u5316\u670d\u52a1\uff08solum\uff09 OpenStack\u9879\u76ee\uff0c\u65e8\u5728\u901a\u8fc7\u81ea\u52a8\u5316\u4ece\u6e90\u5230\u6620\u50cf\u7684\u8fc7\u7a0b\uff0c\u5e76\u7b80\u5316\u4ee5\u5e94\u7528\u7a0b\u5e8f\u4e3a\u4e2d\u5fc3\u7684\u90e8\u7f72\uff0c\u4f7f\u4e91\u670d\u52a1\u66f4\u6613\u4e8e\u4f7f\u7528\u5e76\u4e0e\u5e94\u7528\u7a0b\u5e8f\u5f00\u53d1\u8fc7\u7a0b\u96c6\u6210\u3002 \u8f6f\u4ef6\u5b9a\u4e49\u7f51\u7edc \uff08SDN\uff09 \u4e3a\u7f51\u7edc\u7ba1\u7406\u5458\u63d0\u4f9b\u4e00\u79cd\u65b9\u6cd5\uff0c\u901a\u8fc7\u62bd\u8c61\u8f83\u4f4e\u7ea7\u522b\u7684\u529f\u80fd\u6765\u7ba1\u7406\u8ba1\u7b97\u673a\u7f51\u7edc\u670d\u52a1\u3002 SolidFire \u5377\u9a71\u52a8\u7a0b\u5e8f SolidFire iSCSI \u5b58\u50a8\u8bbe\u5907\u7684\u5757\u5b58\u50a8\u9a71\u52a8\u7a0b\u5e8f\u3002 solum \u8f6f\u4ef6\u5f00\u53d1\u751f\u547d\u5468\u671f\u81ea\u52a8\u5316\u670d\u52a1\u7684\u4ee3\u53f7\u3002 \u70b9\u5dee\u4f18\u5148\u8c03\u5ea6\u5668 \u8ba1\u7b97 VM \u8ba1\u5212\u7b97\u6cd5\uff0c\u5c1d\u8bd5\u4ee5\u6700\u5c0f\u7684\u8d1f\u8f7d\u5728\u4e3b\u673a\u4e0a\u542f\u52a8\u65b0 VM\u3002 SQLAlchemy \u7528\u4e8e Python \u7684\u5f00\u6e90 SQL \u5de5\u5177\u5305\uff0c\u7528\u4e8e OpenStack\u3002 SQLite \u4e00\u4e2a\u8f7b\u91cf\u7ea7\u7684 SQL \u6570\u636e\u5e93\uff0c\u5728\u8bb8\u591a OpenStack \u670d\u52a1\u4e2d\u7528\u4f5c\u9ed8\u8ba4\u7684\u6301\u4e45\u5316\u5b58\u50a8\u65b9\u6cd5\u3002 \u5806\u6808 \u7531\u7f16\u6392\u670d\u52a1\u6839\u636e\u7ed9\u5b9a\u6a21\u677f\uff08AWS CloudFormation \u6a21\u677f\u6216 Heat \u7f16\u6392\u6a21\u677f \uff08HOT\uff09\uff09\u521b\u5efa\u548c\u7ba1\u7406\u7684\u4e00\u7ec4 OpenStack \u8d44\u6e90\u3002 StackTach \u6355\u83b7\u8ba1\u7b97 AMQP \u901a\u4fe1\u7684\u793e\u533a\u9879\u76ee;\u5bf9\u8c03\u8bd5\u5f88\u6709\u7528\u3002 \u9759\u6001 IP \u5730\u5740 \u56fa\u5b9a IP \u5730\u5740\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u9759\u6001\u7f51\u9875 \u5bf9\u8c61\u5b58\u50a8\u7684 WSGI \u4e2d\u95f4\u4ef6\u7ec4\u4ef6\uff0c\u5c06\u5bb9\u5668\u6570\u636e\u4f5c\u4e3a\u9759\u6001\u7f51\u9875\u63d0\u4f9b\u3002 Stein OpenStack \u7b2c 19 \u7248\u7684\u4ee3\u53f7\u3002OpenStack\u5cf0\u4f1a\u5728\u5fb7\u56fd\u67cf\u6797\u4e3e\u884c\u3002\u8be5\u7248\u672c\u4ee5\u67cf\u6797\u7684 Steinstra\u00dfe \u8857\u547d\u540d\u3002 \u5b58\u50a8\u540e\u7aef \u670d\u52a1\u7528\u4e8e\u6301\u4e45\u6027\u5b58\u50a8\u7684\u65b9\u6cd5\uff0c\u4f8b\u5982 iSCSI\u3001NFS \u6216\u672c\u5730\u78c1\u76d8\u3002 \u5b58\u50a8\u7ba1\u7406\u5668 \u4e00\u4e2a XenAPI \u7ec4\u4ef6\uff0c\u5b83\u63d0\u4f9b\u53ef\u63d2\u5165\u63a5\u53e3\u4ee5\u652f\u6301\u5404\u79cd\u6301\u4e45\u6027\u5b58\u50a8\u540e\u7aef\u3002 \u5b58\u50a8\u7ba1\u7406\u5668\u540e\u7aef XenAPI \u652f\u6301\u7684\u6301\u4e45\u6027\u5b58\u50a8\u65b9\u6cd5\uff0c\u4f8b\u5982 iSCSI \u6216 NFS\u3002 \u5b58\u50a8\u8282\u70b9 \u63d0\u4f9b\u5bb9\u5668\u670d\u52a1\u3001\u8d26\u6237\u670d\u52a1\u548c\u5bf9\u8c61\u670d\u52a1\u7684\u5bf9\u8c61\u5b58\u50a8\u8282\u70b9;\u63a7\u5236\u5e10\u6237\u6570\u636e\u5e93\u3001\u5bb9\u5668\u6570\u636e\u5e93\u548c\u5bf9\u8c61\u5b58\u50a8\u3002 \u5b58\u50a8\u670d\u52a1 \u63d0\u4f9b\u5bb9\u5668\u670d\u52a1\u3001\u8d26\u6237\u670d\u52a1\u548c\u5bf9\u8c61\u670d\u52a1\u7684\u5bf9\u8c61\u5b58\u50a8\u8282\u70b9;\u63a7\u5236\u5e10\u6237\u6570\u636e\u5e93\u3001\u5bb9\u5668\u6570\u636e\u5e93\u548c\u5bf9\u8c61\u5b58\u50a8\u3002 \u5b58\u50a8\u670d\u52a1 \u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61\u670d\u52a1\u3001\u5bb9\u5668\u670d\u52a1\u548c\u5e10\u6237\u670d\u52a1\u7684\u96c6\u5408\u540d\u79f0\u3002 \u7b56\u7565 \u6307\u5b9a\u955c\u50cf\u670d\u52a1\u6216\u8eab\u4efd\u4f7f\u7528\u7684\u8ba4\u8bc1\u6e90\u3002\u5728\u6570\u636e\u5e93\u670d\u52a1\u4e2d\uff0c\u5b83\u662f\u6307\u4e3a\u6570\u636e\u5b58\u50a8\u5b9e\u73b0\u7684\u6269\u5c55\u3002 \u5b50\u57df \u7236\u57df\u4e2d\u7684\u57df\u3002\u65e0\u6cd5\u6ce8\u518c\u5b50\u57df\u3002\u5b50\u57df\u4f7f\u60a8\u80fd\u591f\u59d4\u6d3e\u57df\u3002\u5b50\u57df\u672c\u8eab\u53ef\u4ee5\u6709\u5b50\u57df\uff0c\u56e0\u6b64\u53ef\u4ee5\u8fdb\u884c\u4e09\u7ea7\u3001\u56db\u7ea7\u3001\u4e94\u7ea7\u548c\u66f4\u6df1\u7ea7\u522b\u7684\u5d4c\u5957\u3002 \u5b50\u7f51 IP \u7f51\u7edc\u7684\u903b\u8f91\u7ec6\u5206\u3002 SUSE Linux Enterprise Server \uff08SLES\uff09 \uff08\u82f1\u8bed\uff09 \u4e0e OpenStack \u517c\u5bb9\u7684 Linux \u53d1\u884c\u7248\u3002 \u6302\u8d77 \u865a\u62df\u673a\u5b9e\u4f8b\u5c06\u6682\u505c\uff0c\u5176\u72b6\u6001\u5c06\u4fdd\u5b58\u5230\u4e3b\u673a\u7684\u78c1\u76d8\u4e2d\u3002 \u4ea4\u6362 \u64cd\u4f5c\u7cfb\u7edf\u4f7f\u7528\u7684\u57fa\u4e8e\u78c1\u76d8\u7684\u865a\u62df\u5185\u5b58\uff0c\u7528\u4e8e\u63d0\u4f9b\u6bd4\u7cfb\u7edf\u4e0a\u5b9e\u9645\u53ef\u7528\u7684\u5185\u5b58\u66f4\u591a\u7684\u5185\u5b58\u3002 swift OpenStack \u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u7684\u4ee3\u53f7\u3002 swift \u591a\u5408\u4e00 \uff08SAIO\uff09 Swift \u4e2d\u95f4\u4ef6 \u63d0\u4f9b\u9644\u52a0\u529f\u80fd\u7684\u5bf9\u8c61\u5b58\u50a8\u7ec4\u4ef6\u7684\u7edf\u79f0\u3002 Swift \u4ee3\u7406\u670d\u52a1\u5668 \u5145\u5f53\u5bf9\u8c61\u5b58\u50a8\u7684\u7f51\u5b88\uff0c\u5e76\u8d1f\u8d23\u5bf9\u7528\u6237\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002 Swift \u5b58\u50a8\u8282\u70b9 \u8fd0\u884c\u5bf9\u8c61\u5b58\u50a8\u5e10\u6237\u3001\u5bb9\u5668\u548c\u5bf9\u8c61\u670d\u52a1\u7684\u8282\u70b9\u3002 \u540c\u6b65\u70b9 \u81ea\u4e0a\u6b21\u5bb9\u5668\u548c\u5e10\u6237\u6570\u636e\u5e93\u5728\u5bf9\u8c61\u5b58\u50a8\u4e2d\u7684\u8282\u70b9\u4e4b\u95f4\u540c\u6b65\u4ee5\u6765\u7684\u65f6\u95f4\u70b9\u3002 \u7cfb\u7edf\u7ba1\u7406\u5458 \u8ba1\u7b97 RBAC \u7cfb\u7edf\u4e2d\u7684\u9ed8\u8ba4\u89d2\u8272\u4e4b\u4e00\u3002\u4f7f\u7528\u6237\u80fd\u591f\u5c06\u5176\u4ed6\u7528\u6237\u6dfb\u52a0\u5230\u9879\u76ee\u4e2d\uff0c\u4e0e\u4e0e\u9879\u76ee\u5173\u8054\u7684 VM \u6620\u50cf\u8fdb\u884c\u4ea4\u4e92\uff0c\u4ee5\u53ca\u542f\u52a8\u548c\u505c\u6b62 VM \u5b9e\u4f8b\u3002 \u7cfb\u7edf\u4f7f\u7528\u60c5\u51b5 \u4e00\u4e2a\u8ba1\u7b97\u7ec4\u4ef6\uff0c\u5b83\u4e0e\u901a\u77e5\u7cfb\u7edf\u4e00\u8d77\u6536\u96c6\u8ba1\u91cf\u548c\u4f7f\u7528\u60c5\u51b5\u4fe1\u606f\u3002\u6b64\u4fe1\u606f\u53ef\u7528\u4e8e\u8ba1\u8d39\u3002 T \u00b6 Tacker NFV \u7f16\u6392\u670d\u52a1\u7684\u4ee3\u7801\u540d\u79f0 \u9065\u6d4b\u670d\u52a1\uff08telemetry\uff09 OpenStack\u9879\u76ee\u6536\u96c6\u5305\u542b\u5df2\u90e8\u7f72\u4e91\u7684\u7269\u7406\u548c\u865a\u62df\u8d44\u6e90\u5229\u7528\u7387\u7684\u6d4b\u91cf\u503c\uff0c\u4fdd\u7559\u6b64\u6570\u636e\u4ee5\u4f9b\u540e\u7eed\u68c0\u7d22\u548c\u5206\u6790\uff0c\u5e76\u5728\u6ee1\u8db3\u5b9a\u4e49\u7684\u6761\u4ef6\u65f6\u89e6\u53d1\u64cd\u4f5c\u3002 TempAuth \u51fd\u6570 Object Storage\u4e2d\u7684\u4e00\u79cd\u8eab\u4efd\u9a8c\u8bc1\u5de5\u5177\uff0c\u4f7fObject Storage\u672c\u8eab\u80fd\u591f\u6267\u884c\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743\u3002\u7ecf\u5e38\u7528\u4e8e\u6d4b\u8bd5\u548c\u5f00\u53d1\u3002 Tempest \u81ea\u52a8\u5316\u8f6f\u4ef6\u6d4b\u8bd5\u5957\u4ef6\uff0c\u65e8\u5728\u9488\u5bf9 OpenStack \u6838\u5fc3\u9879\u76ee\u7684\u4e3b\u5e72\u8fd0\u884c\u3002 TempURL \u4e00\u4e2a\u5bf9\u8c61\u5b58\u50a8\u4e2d\u95f4\u4ef6\u7ec4\u4ef6\uff0c\u7528\u4e8e\u521b\u5efa\u7528\u4e8e\u4e34\u65f6\u5bf9\u8c61\u8bbf\u95ee\u7684 URL\u3002 \u79df\u6237 \u4e00\u7ec4\u7528\u6237;\u7528\u4e8e\u9694\u79bb\u5bf9\u8ba1\u7b97\u8d44\u6e90\u7684\u8bbf\u95ee\u3002\u9879\u76ee\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u79df\u6237 API \u9879\u76ee\u53ef\u8bbf\u95ee\u7684 API\u3002 \u79df\u6237\u7aef\u70b9 \u4e0e\u4e00\u4e2a\u6216\u591a\u4e2a\u9879\u76ee\u5173\u8054\u7684\u8eab\u4efd\u670d\u52a1 API \u7aef\u70b9\u3002 \u79df\u6237 ID \u9879\u76ee ID \u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u4ee4\u724c \u7528\u4e8e\u8bbf\u95ee OpenStack API \u548c\u8d44\u6e90\u7684\u5b57\u6bcd\u6570\u5b57\u6587\u672c\u5b57\u7b26\u4e32\u3002 \u4ee4\u724c\u670d\u52a1 \u4e00\u4e2a\u8eab\u4efd\u670d\u52a1\u7ec4\u4ef6\uff0c\u7528\u4e8e\u5728\u7528\u6237\u6216\u9879\u76ee\u901a\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u540e\u7ba1\u7406\u548c\u9a8c\u8bc1\u4ee4\u724c\u3002 \u903b\u8f91\u5220\u9664 \u7528\u4e8e\u6807\u8bb0\u5df2\u5220\u9664\u7684\u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61;\u786e\u4fdd\u5bf9\u8c61\u5728\u5220\u9664\u540e\u4e0d\u4f1a\u5728\u53e6\u4e00\u4e2a\u8282\u70b9\u4e0a\u66f4\u65b0\u3002 \u4e3b\u9898\u53d1\u5e03\u8005 \u6267\u884c RPC \u8c03\u7528\u65f6\u521b\u5efa\u7684\u8fdb\u7a0b;\u7528\u4e8e\u5c06\u6d88\u606f\u63a8\u9001\u5230\u4e3b\u9898\u4ea4\u6362\u3002 Torpedo \u7528\u4e8e\u9488\u5bf9 OpenStack API \u8fd0\u884c\u81ea\u52a8\u5316\u6d4b\u8bd5\u7684\u793e\u533a\u9879\u76ee\u3002 Train OpenStack \u7b2c 20 \u7248\u7684\u4ee3\u53f7\u3002OpenStack \u57fa\u7840\u67b6\u6784\u5cf0\u4f1a\u5728\u7f8e\u56fd\u79d1\u7f57\u62c9\u591a\u5dde\u4e39\u4f5b\u5e02\u4e3e\u884c\u3002 \u4e39\u4f5b\u7684\u4e24\u6b21\u9879\u76ee\u56e2\u961f\u805a\u4f1a\u4f1a\u8bae\u5728\u4ece\u5e02\u4e2d\u5fc3\u5230\u673a\u573a\u7684\u706b\u8f66\u7ebf\u65c1\u8fb9\u7684\u4e00\u5bb6\u9152\u5e97\u4e3e\u884c\u3002\u90a3\u91cc\u7684\u4ea4\u53c9\u4fe1\u53f7\u706f\u8fc7\u53bb\u66fe\u51fa\u73b0\u8fc7\u67d0\u79cd\u6545\u969c\uff0c\u5bfc\u81f4\u5b83\u4eec\u5728\u706b\u8f66\u6b63\u5e38\u9a76\u6765\u65f6\u6ca1\u6709\u505c\u4e0b\u8f66\u53a2\u3002\u56e0\u6b64\uff0c\u706b\u8f66\u5728\u7ecf\u8fc7\u8be5\u5730\u533a\u65f6\u5fc5\u987b\u9e23\u5587\u53ed\u3002\u663e\u7136\uff0c\u4f4f\u5728\u9152\u5e97\u91cc\uff0c\u4e58\u5750\u706b\u8f6624/7\u5439\u5587\u53ed\uff0c\u4e0d\u592a\u7406\u60f3\u3002\u7ed3\u679c\uff0c\u51fa\u73b0\u4e86\u8bb8\u591a\u5173\u4e8e\u4e39\u4f5b\u548c\u706b\u8f66\u7684\u7b11\u8bdd\u2014\u2014\u56e0\u6b64\u8fd9\u4e2a\u7248\u672c\u88ab\u79f0\u4e3a\u706b\u8f66\u3002 \u4ea4\u6613 ID \u5206\u914d\u7ed9\u6bcf\u4e2a\u5bf9\u8c61\u5b58\u50a8\u8bf7\u6c42\u7684\u552f\u4e00 ID;\u7528\u4e8e\u8c03\u8bd5\u548c\u8ddf\u8e2a\u3002 \u77ac\u6001 \u975e\u8010\u7528\u54c1\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u77ac\u6001\u4ea4\u6362 \u975e\u6301\u4e45\u4ea4\u6362\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u77ac\u6001\u6d88\u606f \u5b58\u50a8\u5728\u5185\u5b58\u4e2d\u5e76\u5728\u670d\u52a1\u5668\u91cd\u65b0\u542f\u52a8\u540e\u4e22\u5931\u7684\u6d88\u606f\u3002 \u77ac\u6001\u961f\u5217 \u975e\u6301\u4e45\u961f\u5217\u7684\u66ff\u4ee3\u672f\u8bed\u3002 TripleO OpenStack-on-OpenStack \u7a0b\u5e8f\u3002OpenStack Deployment \u7a0b\u5e8f\u7684\u4ee3\u53f7\u3002 Trove OpenStack \u6570\u636e\u5e93\u670d\u52a1\u7684\u4ee3\u53f7\u3002 \u53ef\u4fe1\u5e73\u53f0\u6a21\u5757\uff08TPM\uff09 \u4e13\u7528\u5fae\u5904\u7406\u5668\uff0c\u7528\u4e8e\u5c06\u52a0\u5bc6\u5bc6\u94a5\u6574\u5408\u5230\u8bbe\u5907\u4e2d\uff0c\u4ee5\u9a8c\u8bc1\u548c\u4fdd\u62a4\u786c\u4ef6\u5e73\u53f0\u3002 U \u00b6 Ubuntu \u57fa\u4e8e Debian \u7684 Linux \u53d1\u884c\u7248\u3002 \u65e0\u4f5c\u7528\u57df\u4ee4\u724c Identity \u670d\u52a1\u9ed8\u8ba4\u4ee4\u724c\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u66f4\u65b0\u5668 \u4e00\u7ec4\u5bf9\u8c61\u5b58\u50a8\u7ec4\u4ef6\u7684\u7edf\u79f0\uff0c\u7528\u4e8e\u5904\u7406\u5bb9\u5668\u548c\u5bf9\u8c61\u7684\u6392\u961f\u548c\u5931\u8d25\u7684\u66f4\u65b0\u3002 \u7528\u6237 \u5728 OpenStack Identity \u4e2d\uff0c\u5b9e\u4f53\u4ee3\u8868\u5355\u4e2a API \u4f7f\u7528\u8005\uff0c\u5e76\u7531\u7279\u5b9a\u57df\u62e5\u6709\u3002\u5728 OpenStack \u8ba1\u7b97\u4e2d\uff0c\u7528\u6237\u53ef\u4ee5\u4e0e\u89d2\u8272\u548c/\u6216\u9879\u76ee\u76f8\u5173\u8054\u3002 \u7528\u6237\u6570\u636e \u7528\u6237\u5728\u542f\u52a8\u5b9e\u4f8b\u65f6\u53ef\u4ee5\u6307\u5b9a\u7684\u6570\u636e Blob\u3002\u5b9e\u4f8b\u53ef\u4ee5\u901a\u8fc7\u5143\u6570\u636e\u670d\u52a1\u6216\u914d\u7f6e\u9a71\u52a8\u5668\u8bbf\u95ee\u6b64\u6570\u636e\u3002\u901a\u5e38\u7528\u4e8e\u4f20\u9012\u5b9e\u4f8b\u5728\u542f\u52a8\u65f6\u8fd0\u884c\u7684 shell \u811a\u672c\u3002 \u7528\u6237\u6a21\u5f0f Linux \uff08UML\uff09 \u652f\u6301 OpenStack \u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002 Ussuri OpenStack \u7b2c 21 \u7248\u7684\u4ee3\u53f7\u3002OpenStack\u57fa\u7840\u8bbe\u65bd\u5cf0\u4f1a\u5728\u4e2d\u534e\u4eba\u6c11\u5171\u548c\u56fd\u4e0a\u6d77\u4e3e\u884c\u3002\u8be5\u7248\u672c\u4ee5\u4e4c\u82cf\u91cc\u6cb3\u547d\u540d\u3002 V \u00b6 Victoria OpenStack \u7b2c 22 \u7248\u7684\u4ee3\u53f7\u3002OpenDev + PTG \u8ba1\u5212\u5728\u52a0\u62ff\u5927\u4e0d\u5217\u98a0\u54e5\u4f26\u6bd4\u4e9a\u7701\u6e29\u54e5\u534e\u4e3e\u884c\u3002\u8be5\u7248\u672c\u4ee5\u4e0d\u5217\u98a0\u54e5\u4f26\u6bd4\u4e9a\u7701\u9996\u5e9c\u7ef4\u591a\u5229\u4e9a\u547d\u540d\u3002 \u7531\u4e8e COVID-19\uff0c\u73b0\u573a\u6d3b\u52a8\u88ab\u53d6\u6d88\u3002\u8be5\u4e8b\u4ef6\u6b63\u5728\u865a\u62df\u5316\u3002 VIF UUID \u5206\u914d\u7ed9\u6bcf\u4e2a\u7f51\u7edc VIF \u7684\u552f\u4e00 ID\u3002 \u865a\u62df\u4e2d\u592e\u5904\u7406\u5668 \uff08vCPU\uff09 \u7ec6\u5206\u7269\u7406 CPU\u3002\u7136\u540e\uff0c\u5b9e\u4f8b\u53ef\u4ee5\u4f7f\u7528\u8fd9\u4e9b\u5206\u533a\u3002 \u865a\u62df\u78c1\u76d8\u6620\u50cf \uff08VDI\uff09 \u6620\u50cf\u670d\u52a1\u652f\u6301\u7684\u865a\u62df\u673a\u6620\u50cf\u78c1\u76d8\u683c\u5f0f\u4e4b\u4e00\u3002 \u865a\u62df\u53ef\u6269\u5c55\u5c40\u57df\u7f51 \uff08VXLAN\uff09 \u4e00\u79cd\u7f51\u7edc\u865a\u62df\u5316\u6280\u672f\uff0c\u8bd5\u56fe\u51cf\u5c11\u4e0e\u5927\u578b\u4e91\u8ba1\u7b97\u90e8\u7f72\u76f8\u5173\u7684\u53ef\u4f38\u7f29\u6027\u95ee\u9898\u3002\u5b83\u4f7f\u7528\u7c7b\u4f3c VLAN \u7684\u5c01\u88c5\u6280\u672f\u5c06\u4ee5\u592a\u7f51\u5e27\u5c01\u88c5\u5728 UDP \u6570\u636e\u5305\u4e2d\u3002 \u865a\u62df\u786c\u76d8 \uff08VHD\uff09 \u955c\u50cf\u670d\u52a1\u652f\u6301\u7684\u865a\u62df\u673a\u955c\u50cf\u78c1\u76d8\u683c\u5f0f\u4e4b\u4e00\u3002 \u865a\u62df IP \u5730\u5740 \uff08VIP\uff09 \u5728\u8d1f\u8f7d\u5e73\u8861\u5668\u4e0a\u914d\u7f6e\u7684 Internet \u534f\u8bae \uff08IP\uff09 \u5730\u5740\uff0c\u4f9b\u8fde\u63a5\u5230\u8d1f\u8f7d\u5e73\u8861\u670d\u52a1\u7684\u5ba2\u6237\u7aef\u4f7f\u7528\u3002\u4f20\u5165\u8fde\u63a5\u5c06\u6839\u636e\u8d1f\u8f7d\u5747\u8861\u5668\u7684\u914d\u7f6e\u5206\u53d1\u5230\u540e\u7aef\u8282\u70b9\u3002 \u865a\u62df\u673a \uff08VM\uff09 \u5728\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u4e0a\u8fd0\u884c\u7684\u64cd\u4f5c\u7cfb\u7edf\u5b9e\u4f8b\u3002\u591a\u4e2a VM \u53ef\u4ee5\u5728\u540c\u4e00\u7269\u7406\u4e3b\u673a\u4e0a\u540c\u65f6\u8fd0\u884c\u3002 \u865a\u62df\u7f51\u7edc \u7f51\u7edc\u4e2d\u7684 L2 \u7f51\u6bb5\u3002 \u865a\u62df\u7f51\u7edc\u8ba1\u7b97 \uff08VNC\uff09 \u7528\u4e8e\u8fdc\u7a0b\u63a7\u5236\u53f0\u8bbf\u95ee VM \u7684\u5f00\u6e90 GUI \u548c CLI \u5de5\u5177\u3002 \u865a\u62df\u7f51\u7edc\u63a5\u53e3 \uff08VIF\uff09 \u63d2\u5165\u7f51\u7edc\u7f51\u7edc\u4e2d\u7684\u7aef\u53e3\u7684\u63a5\u53e3\u3002\u901a\u5e38\u5c5e\u4e8e VM \u7684\u865a\u62df\u7f51\u7edc\u63a5\u53e3\u3002 \u865a\u62df\u7f51\u7edc \u4f7f\u7528\u7269\u7406\u7f51\u7edc\u57fa\u7840\u67b6\u6784\u4e0a\u7684\u865a\u62df\u673a\u548c\u8986\u76d6\u7f51\u7edc\u7ec4\u5408\u5b9e\u73b0\u7f51\u7edc\u529f\u80fd\u865a\u62df\u5316\uff08\u5982\u4ea4\u6362\u3001\u8def\u7531\u3001\u8d1f\u8f7d\u5e73\u8861\u548c\u5b89\u5168\u6027\uff09\u7684\u901a\u7528\u672f\u8bed\u3002 \u865a\u62df\u7aef\u53e3 \u865a\u62df\u63a5\u53e3\u8fde\u63a5\u5230\u865a\u62df\u7f51\u7edc\u7684\u8fde\u63a5\u70b9\u3002 \u865a\u62df\u4e13\u7528\u7f51\u7edc \uff08VPN\uff09 \u7531 Compute \u4ee5 cloudpipes \u7684\u5f62\u5f0f\u63d0\u4f9b\uff0c\u8fd9\u4e9b\u4e13\u7528\u5b9e\u4f8b\u7528\u4e8e\u6309\u9879\u76ee\u521b\u5efa VPN\u3002 \u865a\u62df\u670d\u52a1\u5668 VM \u6216\u6765\u5bbe\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u865a\u62df\u4ea4\u6362\u673a \uff08vSwitch\uff09 \u5728\u4e3b\u673a\u6216\u8282\u70b9\u4e0a\u8fd0\u884c\u5e76\u63d0\u4f9b\u57fa\u4e8e\u786c\u4ef6\u7684\u7f51\u7edc\u4ea4\u6362\u673a\u7684\u7279\u6027\u548c\u529f\u80fd\u7684\u8f6f\u4ef6\u3002 \u865a\u62df VLAN \u865a\u62df\u7f51\u7edc\u7684\u66ff\u4ee3\u672f\u8bed\u3002 VirtualBox \u652f\u6301 OpenStack \u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002 Vitrage Root Cause Analysis\u670d\u52a1\u7684\u4ee3\u7801\u540d\u79f0\u3002 VLAN \u7ba1\u7406\u5668 \u4e00\u4e2a Compute \u7ec4\u4ef6\uff0c\u5b83\u63d0\u4f9b dnsmasq \u548c radvd\uff0c\u5e76\u8bbe\u7f6e\u4e0e cloudpipe \u5b9e\u4f8b\u4e4b\u95f4\u7684\u8f6c\u53d1\u3002 VLAN \u7f51\u7edc \u7f51\u7edc\u63a7\u5236\u5668\u63d0\u4f9b\u865a\u62df\u7f51\u7edc\uff0c\u4f7f\u8ba1\u7b97\u670d\u52a1\u5668\u80fd\u591f\u76f8\u4e92\u4ea4\u4e92\u4ee5\u53ca\u4e0e\u516c\u7528\u7f51\u7edc\u4ea4\u4e92\u3002\u6240\u6709\u8ba1\u7b97\u673a\u90fd\u5fc5\u987b\u5177\u6709\u516c\u5171\u548c\u4e13\u7528\u7f51\u7edc\u63a5\u53e3\u3002VLAN \u7f51\u7edc\u662f\u4e00\u4e2a\u4e13\u7528\u7f51\u7edc\u63a5\u53e3\uff0c\u7531 VLAN \u7ba1\u7406\u5668 vlan_interface \u9009\u9879\u63a7\u5236\u3002 \u865a\u62df\u673a\u78c1\u76d8\uff08VMDK\uff09 \u955c\u50cf\u670d\u52a1\u652f\u6301\u7684\u865a\u62df\u673a\u955c\u50cf\u78c1\u76d8\u683c\u5f0f\u4e4b\u4e00\u3002 \u865a\u62df\u673a\u6620\u50cf \u6620\u50cf\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u865a\u62df\u673a\u8fdc\u7a0b\u63a7\u5236 \uff08VMRC\uff09 \u4f7f\u7528 Web \u6d4f\u89c8\u5668\u8bbf\u95ee VM \u5b9e\u4f8b\u63a7\u5236\u53f0\u7684\u65b9\u6cd5\u3002\u7531\u8ba1\u7b97\u652f\u6301\u3002 VMware API \u63a5\u53e3 \u652f\u6301\u5728\u8ba1\u7b97\u4e2d\u4e0e VMware \u4ea7\u54c1\u8fdb\u884c\u4ea4\u4e92\u3002 VMware NSX Neutron \u63d2\u4ef6 \u5728 Neutron \u4e2d\u63d0\u4f9b\u5bf9 VMware NSX \u7684\u652f\u6301\u3002 VNC \u4ee3\u7406 \u4e00\u4e2a\u8ba1\u7b97\u7ec4\u4ef6\uff0c\u5141\u8bb8\u7528\u6237\u901a\u8fc7 VNC \u6216 VMRC \u8bbf\u95ee\u5176 VM \u5b9e\u4f8b\u7684\u63a7\u5236\u53f0\u3002 \u5377 \u57fa\u4e8e\u78c1\u76d8\u7684\u6570\u636e\u5b58\u50a8\u901a\u5e38\u8868\u793a\u4e3a\u5177\u6709\u652f\u6301\u6269\u5c55\u5c5e\u6027\u7684\u6587\u4ef6\u7cfb\u7edf\u7684 iSCSI \u76ee\u6807;\u53ef\u4ee5\u662f\u6301\u4e45\u7684\uff0c\u4e5f\u53ef\u4ee5\u662f\u77ed\u6682\u7684\u3002 \u5377 API \u5757\u5b58\u50a8 API \u7684\u66ff\u4ee3\u540d\u79f0\u3002 \u5377\u63a7\u5236\u5668 \u4e00\u4e2a\u5757\u5b58\u50a8\u7ec4\u4ef6\uff0c\u7528\u4e8e\u76d1\u7763\u548c\u534f\u8c03\u5b58\u50a8\u5377\u64cd\u4f5c\u3002 \u5377\u9a71\u52a8\u7a0b\u5e8f \u5377\u63d2\u4ef6\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u5377 ID \u5e94\u7528\u4e8e\u5757\u5b58\u50a8\u63a7\u5236\u4e0b\u6bcf\u4e2a\u5b58\u50a8\u5377\u7684\u552f\u4e00 ID\u3002 \u5377\u7ba1\u7406\u5668 \u7528\u4e8e\u521b\u5efa\u3001\u9644\u52a0\u548c\u5206\u79bb\u6301\u4e45\u6027\u5b58\u50a8\u5377\u7684\u5757\u5b58\u50a8\u7ec4\u4ef6\u3002 \u5377\u8282\u70b9 \u8fd0\u884c cinder-volume \u5b88\u62a4\u7a0b\u5e8f\u7684\u5757\u5b58\u50a8\u8282\u70b9\u3002 \u5377\u63d2\u4ef6 \u4e3a\u5757\u5b58\u50a8\u5377\u7ba1\u7406\u5668\u63d0\u4f9b\u5bf9\u65b0\u578b\u548c\u4e13\u7528\u540e\u7aef\u5b58\u50a8\u7c7b\u578b\u7684\u652f\u6301\u3002 \u5377\u5de5\u4f5c\u5668 \u4e00\u4e2a cinder \u7ec4\u4ef6\uff0c\u5b83\u4e0e\u540e\u7aef\u5b58\u50a8\u4ea4\u4e92\uff0c\u4ee5\u7ba1\u7406\u5377\u7684\u521b\u5efa\u548c\u5220\u9664\u4ee5\u53ca\u8ba1\u7b97\u5377\u7684\u521b\u5efa\uff0c\u7531 cinder-volume \u5b88\u62a4\u7a0b\u5e8f\u63d0\u4f9b\u3002 vSphere \u652f\u6301 OpenStack \u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002 W \u00b6 Wallaby OpenStack \u7b2c 23 \u7248\u7684\u4ee3\u53f7\u3002\u5c0f\u888b\u9f20\u539f\u4ea7\u4e8e\u6fb3\u5927\u5229\u4e9a\uff0c\u5728\u8fd9\u4e2a\u547d\u540d\u671f\u5f00\u59cb\u65f6\uff0c\u6fb3\u5927\u5229\u4e9a\u6b63\u5728\u7ecf\u5386\u524d\u6240\u672a\u6709\u7684\u91ce\u706b\u3002 Watcher \u57fa\u7840\u7ed3\u6784\u4f18\u5316\u670d\u52a1\u7684\u4ee3\u53f7\u3002 \u6743\u91cd \u5bf9\u8c61\u5b58\u50a8\u8bbe\u5907\u7528\u4e8e\u786e\u5b9a\u54ea\u4e9b\u5b58\u50a8\u8bbe\u5907\u9002\u5408\u4f5c\u4e1a\u3002\u8bbe\u5907\u6309\u5927\u5c0f\u52a0\u6743\u3002 \u52a0\u6743\u6210\u672c \u51b3\u5b9a\u5728\u8ba1\u7b97\u4e2d\u542f\u52a8\u65b0 VM \u5b9e\u4f8b\u7684\u4f4d\u7f6e\u65f6\u6240\u4f7f\u7528\u7684\u6bcf\u4e2a\u6210\u672c\u7684\u603b\u548c\u3002 \u52a0\u6743 \u4e00\u4e2a\u8ba1\u7b97\u8fc7\u7a0b\uff0c\u7528\u4e8e\u786e\u5b9a VM \u5b9e\u4f8b\u662f\u5426\u9002\u5408\u7279\u5b9a\u4e3b\u673a\u7684\u4f5c\u4e1a\u3002\u4f8b\u5982\uff0c\u4e3b\u673a\u4e0a\u7684 RAM \u4e0d\u8db3\u3001\u4e3b\u673a\u4e0a\u7684 CPU \u8fc7\u591a\u7b49\u3002 \u5de5\u4f5c\u8005 \u4fa6\u542c\u961f\u5217\u5e76\u6267\u884c\u4efb\u52a1\u4ee5\u54cd\u5e94\u6d88\u606f\u7684\u5b88\u62a4\u7a0b\u5e8f\u3002\u4f8b\u5982\uff0c cinder-volume worker \u7ba1\u7406\u5b58\u50a8\u9635\u5217\u4e0a\u7684\u5377\u521b\u5efa\u548c\u5220\u9664\u3002 \u5de5\u4f5c\u6d41\u670d\u52a1 \uff08mistral\uff09 OpenStack\u670d\u52a1\u63d0\u4f9b\u4e86\u4e00\u79cd\u57fa\u4e8eYAML\u7684\u7b80\u5355\u8bed\u8a00\u6765\u7f16\u5199\u5de5\u4f5c\u6d41\uff08\u4efb\u52a1\u548c\u8f6c\u6362\u89c4\u5219\uff09\uff0c\u4ee5\u53ca\u4e00\u79cd\u5141\u8bb8\u4e0a\u4f20\u3001\u4fee\u6539\u3001\u5927\u89c4\u6a21\u548c\u9ad8\u5ea6\u53ef\u7528\u7684\u65b9\u5f0f\u8fd0\u884c\u5b83\u4eec\u3001\u7ba1\u7406\u548c\u76d1\u63a7\u5de5\u4f5c\u6d41\u6267\u884c\u72b6\u6001\u548c\u5355\u4e2a\u4efb\u52a1\u72b6\u6001\u7684\u670d\u52a1\u3002 X \u00b6 X.509 X.509 \u662f\u5b9a\u4e49\u6570\u5b57\u8bc1\u4e66\u7684\u6700\u5e7f\u6cdb\u4f7f\u7528\u7684\u6807\u51c6\u3002\u5b83\u662f\u4e00\u79cd\u6570\u636e\u7ed3\u6784\uff0c\u5305\u542b\u4e3b\u9898\uff08\u5b9e\u4f53\uff09\u53ef\u8bc6\u522b\u4fe1\u606f\uff0c\u4f8b\u5982\u5176\u540d\u79f0\u53ca\u5176\u516c\u94a5\u3002\u8bc1\u4e66\u8fd8\u53ef\u4ee5\u5305\u542b\u4e00\u4e9b\u5176\u4ed6\u5c5e\u6027\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u7248\u672c\u3002X.509 \u7684\u6700\u65b0\u6807\u51c6\u7248\u672c\u662f v3\u3002 Xen Xen \u662f\u4e00\u4e2a\u4f7f\u7528\u5fae\u5185\u6838\u8bbe\u8ba1\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\uff0c\u5b83\u63d0\u4f9b\u7684\u670d\u52a1\u5141\u8bb8\u591a\u4e2a\u8ba1\u7b97\u673a\u64cd\u4f5c\u7cfb\u7edf\u5728\u540c\u4e00\u8ba1\u7b97\u673a\u786c\u4ef6\u4e0a\u540c\u65f6\u6267\u884c\u3002 Xen API Xen \u7ba1\u7406 API\uff0c\u53d7 Compute \u652f\u6301\u3002 Xen \u4e91\u5e73\u53f0 \uff08XCP\uff09 \u652f\u6301 OpenStack \u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002 Xen Storage Manager \u5377\u9a71\u52a8\u7a0b\u5e8f \u652f\u6301\u4e0e Xen Storage Manager API \u8fdb\u884c\u901a\u4fe1\u7684\u5757\u5b58\u50a8\u5377\u63d2\u4ef6\u3002 Xena OpenStack \u7b2c 24 \u7248\u7684\u4ee3\u53f7\u3002\u8be5\u7248\u672c\u4ee5\u865a\u6784\u7684\u6218\u58eb\u516c\u4e3b\u547d\u540d\u3002 XenServer An OpenStack-supported hypervisor. \u652f\u6301 OpenStack \u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002 XFS \u51fd\u6570 \u7531 Silicon Graphics \u521b\u5efa\u7684\u9ad8\u6027\u80fd 64 \u4f4d\u6587\u4ef6\u7cfb\u7edf\u3002\u5728\u5e76\u884c I/O \u64cd\u4f5c\u548c\u6570\u636e\u4e00\u81f4\u6027\u65b9\u9762\u8868\u73b0\u51fa\u8272\u3002 Y \u00b6 Yoga OpenStack \u7b2c 25 \u7248\u7684\u4ee3\u53f7\u3002\u8be5\u7248\u672c\u4ee5\u6765\u81ea\u5370\u5ea6\u7684\u4e00\u6240\u54f2\u5b66\u5b66\u6821\u547d\u540d\uff0c\u8be5\u5b66\u6821\u5177\u6709\u5fc3\u7406\u548c\u8eab\u4f53\u5b9e\u8df5\u3002 Z \u00b6 Yoga \u6d88\u606f\u670d\u52a1\u7684\u4ee3\u53f7\u3002 Zed OpenStack \u7b2c 26 \u7248\u7684\u4ee3\u53f7\u3002\u8be5\u7248\u672c\u4ee5\u5b57\u6bcd Z \u7684\u53d1\u97f3\u547d\u540d\u3002 ZeroMQ OpenStack \u652f\u6301\u7684\u6d88\u606f\u961f\u5217\u8f6f\u4ef6\u3002RabbitMQ \u7684\u66ff\u4ee3\u54c1\u3002\u4e5f\u62fc\u5199\u4e3a 0MQ\u3002 Zuul Zuul \u662f\u4e00\u4e2a\u5f00\u6e90 CI/CD \u5e73\u53f0\uff0c\u4e13\u95e8\u7528\u4e8e\u5728\u767b\u9646\u5355\u4e2a\u8865\u4e01\u4e4b\u524d\u8de8\u591a\u4e2a\u7cfb\u7edf\u548c\u5e94\u7528\u7a0b\u5e8f\u8fdb\u884c\u95e8\u63a7\u66f4\u6539\u3002 Zuul \u7528\u4e8e OpenStack \u5f00\u53d1\uff0c\u4ee5\u786e\u4fdd\u53ea\u6709\u7ecf\u8fc7\u6d4b\u8bd5\u7684\u4ee3\u7801\u624d\u4f1a\u88ab\u5408\u5e76\u3002","title":"\u5b89\u5168\u6307\u5357"},{"location":"security/security-guide/#openstack","text":"\u672c\u6587\u7ffb\u8bd1\u81ea \u4e0a\u6e38\u5b89\u5168\u6307\u5357 OpenStack\u5b89\u5168\u6307\u5357 \u6458\u8981 \u5185\u5bb9 \u7ea6\u5b9a \u6ce8\u610f\u4e8b\u9879 \u547d\u4ee4\u63d0\u793a\u7b26 \u4ecb\u7ecd \u81f4\u8c22 \u6211\u4eec\u4e3a\u4ec0\u4e48\u4ee5\u53ca\u5982\u4f55\u5199\u8fd9\u672c\u4e66 \u76ee\u6807 \u5199\u4f5c\u8bb0\u5f55 \u5982\u4f55\u4e3a\u672c\u4e66\u505a\u8d21\u732e OpenStack \u7b80\u4ecb \u4e91\u7c7b\u578b \u516c\u6709\u4e91 \u79c1\u6709\u4e91 \u793e\u533a\u4e91 \u6df7\u5408\u4e91 OpenStack \u670d\u52a1\u6982\u8ff0 \u8ba1\u7b97 \u5bf9\u8c61\u5b58\u50a8 \u5757\u5b58\u50a8 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf \u7f51\u7edc \u4eea\u8868\u677f \u8eab\u4efd\u9274\u522b\u670d\u52a1 \u955c\u50cf\u670d\u52a1 \u6570\u636e\u5904\u7406\u670d\u52a1 \u5176\u4ed6\u914d\u5957\u6280\u672f \u5b89\u5168\u8fb9\u754c\u548c\u5a01\u80c1 \u5b89\u5168\u57df \u516c\u5171 \u8bbf\u5ba2 \u7ba1\u7406 \u6570\u636e \u6865\u63a5\u5b89\u5168\u57df \u5a01\u80c1\u5206\u7c7b\u3001\u53c2\u4e0e\u8005\u548c\u653b\u51fb\u5411\u91cf \u5a01\u80c1\u53c2\u4e0e\u8005 \u60c5\u62a5\u673a\u6784 \u4e25\u91cd\u6709\u7ec4\u7ec7\u72af\u7f6a \u9ad8\u80fd\u529b\u7684\u56e2\u961f \u6709\u52a8\u673a\u7684\u4e2a\u4eba \u811a\u672c\u653b\u51fb\u8005 \u516c\u6709\u4e91\u548c\u79c1\u6709\u4e91\u6ce8\u610f\u4e8b\u9879 \u51fa\u7ad9\u653b\u51fb\u548c\u58f0\u8a89\u98ce\u9669 \u653b\u51fb\u7c7b\u578b \u9009\u62e9\u652f\u6301\u8f6f\u4ef6 \u56e2\u961f\u4e13\u4e1a\u77e5\u8bc6 \u4ea7\u54c1\u6216\u9879\u76ee\u6210\u719f\u5ea6 \u901a\u7528\u6807\u51c6 \u786c\u4ef6\u95ee\u9898 \u7cfb\u7edf\u6587\u6863 \u7cfb\u7edf\u6587\u6863\u8981\u6c42 \u7cfb\u7edf\u89d2\u8272\u548c\u7c7b\u578b \u57fa\u7840\u8bbe\u65bd\u8282\u70b9 \u8ba1\u7b97\u3001\u5b58\u50a8\u6216\u5176\u4ed6\u8d44\u6e90\u8282\u70b9 \u7cfb\u7edf\u6e05\u5355 \u786c\u4ef6\u6e05\u5355 \u8f6f\u4ef6\u6e05\u5355 \u7f51\u7edc\u62d3\u6251 \u670d\u52a1\u3001\u534f\u8bae\u548c\u7aef\u53e3 \u7ba1\u7406 \u6301\u7eed\u7684\u7cfb\u7edf\u7ba1\u7406 \u6f0f\u6d1e\u7ba1\u7406 \u5206\u7c7b \u6d4b\u8bd5\u66f4\u65b0 \u90e8\u7f72\u66f4\u65b0 \u914d\u7f6e\u7ba1\u7406 \u7b56\u7565\u66f4\u6539 \u5b89\u5168\u5907\u4efd\u548c\u6062\u590d \u5b89\u5168\u5ba1\u8ba1\u5de5\u5177 \u5b8c\u6574\u6027\u751f\u547d\u5468\u671f \u5b89\u5168\u5f15\u5bfc \u8282\u70b9\u914d\u7f6e \u9a8c\u8bc1\u542f\u52a8 \u8282\u70b9\u52a0\u56fa \u5f3a\u5236\u8bbf\u95ee\u63a7\u5236 \uff08MAC\uff09 \u5220\u9664\u8f6f\u4ef6\u5305\u5e76\u505c\u6b62\u670d\u52a1 \u53ea\u8bfb\u6587\u4ef6\u7cfb\u7edf \u7cfb\u7edf\u9a8c\u8bc1 \u8fd0\u884c\u65f6\u9a8c\u8bc1 \u5165\u4fb5\u68c0\u6d4b\u7cfb\u7edf \u670d\u52a1\u5668\u52a0\u56fa \u6587\u4ef6\u5b8c\u6574\u6027\u7ba1\u7406\uff08FIM\uff09 \u7ba1\u7406\u754c\u9762 \u4eea\u8868\u677f \u529f\u80fd \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u53c2\u8003\u4e66\u76ee OpenStack \u63a5\u53e3 \u529f\u80fd \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u5b89\u5168\u5916\u58f3 \uff08SSH\uff09 \u4e3b\u673a\u5bc6\u94a5\u6307\u7eb9 \u7ba1\u7406\u5b9e\u7528\u7a0b\u5e8f \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u53c2\u8003\u4e66\u76ee \u5e26\u5916\u7ba1\u7406\u63a5\u53e3 \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u53c2\u8003\u4e66\u76ee \u5b89\u5168\u901a\u4fe1 TLS \u548c SSL \u7b80\u4ecb \u8bc1\u4e66\u9881\u53d1\u673a\u6784 TLS \u5e93 \u52a0\u5bc6\u7b97\u6cd5\u3001\u5bc6\u7801\u6a21\u5f0f\u548c\u534f\u8bae \u603b\u7ed3 TLS \u4ee3\u7406\u548c HTTP \u670d\u52a1 \u793a\u4f8b Pound Stud Nginx Apache HTTP \u4e25\u683c\u4f20\u8f93\u5b89\u5168 \u5b8c\u5168\u524d\u5411\u4fdd\u5bc6 \u5b89\u5168\u53c2\u8003\u67b6\u6784 SSL/TLS \u4ee3\u7406\u5728\u524d\u9762 \u4e0e API \u7aef\u70b9\u4f4d\u4e8e\u540c\u4e00\u7269\u7406\u4e3b\u673a\u4e0a\u7684 SSL/TLS SSL/TLS\u8d1f\u8f7d\u5e73\u8861\u5668 \u5916\u90e8\u548c\u5185\u90e8\u73af\u5883\u7684\u52a0\u5bc6\u5206\u79bb API \u7aef\u70b9 API \u7aef\u70b9\u914d\u7f6e\u5efa\u8bae \u5185\u90e8 API \u901a\u4fe1 \u5728\u8eab\u4efd\u670d\u52a1\u76ee\u5f55\u4e2d\u914d\u7f6e\u5185\u90e8 URL \u4e3a\u5185\u90e8 URL \u914d\u7f6e\u5e94\u7528\u7a0b\u5e8f \u7c98\u8d34\u548c\u4e2d\u95f4\u4ef6 API \u7aef\u70b9\u8fdb\u7a0b\u9694\u79bb\u548c\u7b56\u7565 \u547d\u540d\u7a7a\u95f4 \u7f51\u7edc\u7b56\u7565 \u5f3a\u5236\u8bbf\u95ee\u63a7\u5236 API \u7aef\u70b9\u901f\u7387\u9650\u5236 \u8eab\u4efd\u9274\u522b \u8ba4\u8bc1 \u65e0\u6548\u7684\u767b\u5f55\u5c1d\u8bd5 \u591a\u56e0\u7d20\u8eab\u4efd\u9a8c\u8bc1 \u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5 \u5185\u90e8\u5b9e\u73b0\u7684\u8ba4\u8bc1\u65b9\u5f0f \u5916\u90e8\u8ba4\u8bc1\u65b9\u5f0f \u6388\u6743 \u5efa\u7acb\u6b63\u5f0f\u7684\u8bbf\u95ee\u63a7\u5236\u7b56\u7565 \u670d\u52a1\u6388\u6743 \u7ba1\u7406\u5458\u7528\u6237 \u7ec8\u7aef\u7528\u6237 \u653f\u7b56 \u4ee4\u724c Fernet \u4ee4\u724c JWT \u4ee4\u724c \u57df \u8054\u5408\u9274\u6743 \u4e3a\u4ec0\u4e48\u8981\u4f7f\u7528\u8054\u5408\u8eab\u4efd\uff1f \u68c0\u67e5\u8868 Check-Identity-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a keystone\uff1f Check-Identity-02\uff1a\u662f\u5426\u4e3a Identity \u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u6743\u9650\uff1f Check-Identity-03\uff1a\u662f\u5426\u4e3a Identity \u542f\u7528\u4e86 TLS\uff1f Check-Identity-04\uff1a\uff08\u5df2\u8fc7\u65f6\uff09 Check-Identity-05\uff1a\u662f\u5426 max_request_body_size \u8bbe\u7f6e\u4e3a\u9ed8\u8ba4\u503c \uff08114688\uff09\uff1f check-identity-06:\u7981\u7528/etc/keystone/keystone.conf\u4e2d\u7684\u7ba1\u7406\u4ee4\u724c check-identity-07:/etc/keystone/keystone.conf\u4e2d\u7684\u4e0d\u5b89\u5168_\u8c03\u8bd5\u4e3a\u5047 check-identity-08:\u4f7f\u7528/etc/keystone/keystone.conf\u4e2d\u7684Fernet\u4ee4\u724c \u4eea\u8868\u677f \u57df\u540d\u3001\u4eea\u8868\u677f\u5347\u7ea7\u548c\u57fa\u672c Web \u670d\u52a1\u5668\u914d\u7f6e \u57df\u540d \u57fa\u672c\u7684 Web \u670d\u52a1\u5668\u914d\u7f6e \u5141\u8bb8\u7684\u4e3b\u673a Horizon \u955c\u50cf\u4e0a\u4f20 HTTPS\u3001HSTS\u3001XSS \u548c SSRF \u8de8\u7ad9\u811a\u672c \uff08XSS\uff09 \u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020 \uff08CSRF\uff09 \u8de8\u5e27\u811a\u672c \uff08XFS\uff09 HTTPS \u51fd\u6570 HTTP \u4e25\u683c\u4f20\u8f93\u5b89\u5168 \uff08HSTS\uff09 \u524d\u7aef\u7f13\u5b58\u548c\u4f1a\u8bdd\u540e\u7aef \u524d\u7aef\u7f13\u5b58 \u4f1a\u8bdd\u540e\u7aef \u9759\u6001\u5a92\u4f53 \u5bc6\u7801 \u5bc6\u94a5 Cookies \u8de8\u57df\u8d44\u6e90\u5171\u4eab \uff08CORS\uff09 \u8c03\u8bd5 \u68c0\u67e5\u8868 Check-Dashboard-01\uff1a\u7528\u6237/\u914d\u7f6e\u6587\u4ef6\u7ec4\u662f\u5426\u8bbe\u7f6e\u4e3a root/horizon\uff1f Check-Dashboard-02\uff1a\u662f\u5426\u4e3a Horizon \u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u6743\u9650\uff1f Check-Dashboard-03\uff1a\u53c2\u6570\u662f\u5426 DISALLOW_IFRAME_EMBED \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-04\uff1a\u53c2\u6570\u662f\u5426 CSRF_COOKIE_SECURE \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-05\uff1a\u53c2\u6570\u662f\u5426 SESSION_COOKIE_SECURE \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-06\uff1a\u53c2\u6570\u662f\u5426 SESSION_COOKIE_HTTPONLY \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-07\uff1a PASSWORD_AUTOCOMPLETE \u8bbe\u7f6e\u4e3a False \uff1f Check-Dashboard-08\uff1a DISABLE_PASSWORD_REVEAL \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-09\uff1a ENFORCE_PASSWORD_CHECK \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-10\uff1a\u662f\u5426 PASSWORD_VALIDATOR \u5df2\u914d\u7f6e\uff1f Check-Dashboard-11\uff1a\u662f\u5426 SECURE_PROXY_SSL_HEADER \u5df2\u914d\u7f6e\uff1f \u8ba1\u7b97 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u9009\u62e9 OpenStack \u4e2d\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f \u9009\u62e9\u6807\u51c6 \u56e2\u961f\u4e13\u957f \u4ea7\u54c1\u6216\u9879\u76ee\u6210\u719f\u5ea6 \u8ba4\u8bc1\u548c\u8bc1\u660e \u901a\u7528\u6807\u51c6 \u5bc6\u7801\u5b66\u6807\u51c6 FIPS 140-2 \u786c\u4ef6\u95ee\u9898 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e0e\u88f8\u673a Hypervisor \u5185\u5b58\u4f18\u5316 KVM \u5185\u6838\u540c\u9875\u5408\u5e76 XEN \u900f\u660e\u9875\u9762\u5171\u4eab \u5185\u5b58\u4f18\u5316\u7684\u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u5176\u4ed6\u5b89\u5168\u529f\u80fd \u53c2\u8003\u4e66\u76ee \u52a0\u56fa\u865a\u62df\u5316\u5c42 \u7269\u7406\u786c\u4ef6\uff08PCI\u76f4\u901a\uff09 \u865a\u62df\u786c\u4ef6 \uff08QEMU\uff09 \u6700\u5c0f\u5316 QEMU \u4ee3\u7801\u5e93 \u7f16\u8bd1\u5668\u52a0\u56fa \u5b89\u5168\u52a0\u5bc6\u865a\u62df\u5316 \u5f3a\u5236\u8bbf\u95ee\u63a7\u5236 sVirt\uff1aSELinux \u548c\u865a\u62df\u5316 \u6807\u7b7e\u548c\u7c7b\u522b SELinux \u7528\u6237\u548c\u89d2\u8272 \u5e03\u5c14\u503c \u52a0\u56fa\u8ba1\u7b97\u90e8\u7f72 OpenStack \u6f0f\u6d1e\u7ba1\u7406\u56e2\u961f OpenStack \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 OpenStack-dev \u90ae\u4ef6\u5217\u8868 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u90ae\u4ef6\u5217\u8868 \u6f0f\u6d1e\u610f\u8bc6 OpenStack \u6f0f\u6d1e\u7ba1\u7406\u56e2\u961f OpenStack \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 OpenStack-discuss \u90ae\u4ef6\u5217\u8868 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u90ae\u4ef6\u5217\u8868 \u5982\u4f55\u9009\u62e9\u865a\u62df\u63a7\u5236\u53f0 \u865a\u62df\u7f51\u7edc\u8ba1\u7b97\u673a \uff08VNC\uff09 \u529f\u80fd \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u53c2\u8003\u4e66\u76ee \u72ec\u7acb\u8ba1\u7b97\u73af\u5883\u7684\u7b80\u5355\u534f\u8bae \uff08SPICE\uff09 \u529f\u80fd \u9650\u5236 \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u53c2\u8003\u4e66\u76ee \u68c0\u67e5\u8868 Check-Compute-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/nova\uff1f Check-Compute-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Compute-03\uff1aKeystone \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Compute-04\uff1a\u662f\u5426\u4f7f\u7528\u5b89\u5168\u534f\u8bae\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Compute-05\uff1aNova \u4e0e Glance \u7684\u901a\u4fe1\u662f\u5426\u5b89\u5168\uff1f \u5757\u5b58\u50a8 \u5377\u64e6\u9664 \u68c0\u67e5\u8868 Check-Block-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/cinder\uff1f Check-Block-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Block-03\uff1aKeystone \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Block-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Block-05\uff1acinder \u662f\u5426\u901a\u8fc7 TLS \u4e0e nova \u901a\u4fe1\uff1f Check-Block-06\uff1acinder \u662f\u5426\u901a\u8fc7 TLS \u4e0e glance \u901a\u4fe1\uff1f Check-Block-07\uff1a NAS \u662f\u5426\u5728\u5b89\u5168\u7684\u73af\u5883\u4e2d\u8fd0\u884c\uff1f Check-Block-08\uff1a\u8bf7\u6c42\u6b63\u6587\u7684\u6700\u5927\u5927\u5c0f\u662f\u5426\u8bbe\u7f6e\u4e3a\u9ed8\u8ba4\u503c \uff08114688\uff09\uff1f Check-Block-09\uff1a\u662f\u5426\u542f\u7528\u4e86\u5377\u52a0\u5bc6\u529f\u80fd\uff1f \u56fe\u50cf\u5b58\u50a8 \u68c0\u67e5\u8868 Check-Image-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/glance\uff1f Check-Image-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Image-03\uff1aKeystone \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Image-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Image-05\uff1a\u662f\u5426\u963b\u6b62\u4e86\u5c4f\u853d\u7aef\u53e3\u626b\u63cf\uff1f \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf \u4ecb\u7ecd \u4e00\u822c\u5b89\u5168\u4fe1\u606f \u7f51\u7edc\u548c\u5b89\u5168\u6a21\u578b \u5171\u4eab\u540e\u7aef\u6a21\u5f0f \u6241\u5e73\u5316\u4e0e\u5206\u6bb5\u5316\u7f51\u7edc \u7f51\u7edc\u63d2\u4ef6 \u5b89\u5168\u670d\u52a1 \u5b89\u5168\u670d\u52a1\u4ecb\u7ecd \u5b89\u5168\u670d\u52a1\u7ba1\u7406 \u5171\u4eab\u8bbf\u95ee\u63a7\u5236 \u5171\u4eab\u7c7b\u578b\u8bbf\u95ee\u63a7\u5236 \u653f\u7b56 \u68c0\u67e5\u8868 Check-Shared-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/manila\uff1f Check-Shared-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Shared-03\uff1aOpenStack Identity \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Shared-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Shared-05\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u8ba1\u7b97\u8054\u7cfb\uff1f Check-Shared-06\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u7f51\u7edc\u8054\u7cfb\uff1f Check-Shared-07\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u5757\u5b58\u50a8\u8054\u7cfb\uff1f Check-Shared-08\uff1a\u8bf7\u6c42\u6b63\u6587\u7684\u6700\u5927\u5927\u5c0f\u662f\u5426\u8bbe\u7f6e\u4e3a\u9ed8\u8ba4\u503c \uff08114688\uff09\uff1f \u8054\u7f51 \u7f51\u7edc\u67b6\u6784 OpenStack Networking \u670d\u52a1\u5728\u7269\u7406\u670d\u52a1\u5668\u4e0a\u7684\u653e\u7f6e \u7269\u7406\u670d\u52a1\u5668\u7684\u7f51\u7edc\u8fde\u63a5 \u7f51\u7edc\u670d\u52a1 \u4f7f\u7528 VLAN \u548c\u96a7\u9053\u7684 L2 \u9694\u79bb VLANs L2 \u96a7\u9053 \u7f51\u7edc\u670d\u52a1 \u8bbf\u95ee\u63a7\u5236\u5217\u8868 L3 \u8def\u7531\u548c NAT \u670d\u52a1\u8d28\u91cf \uff08QoS\uff09 \u8d1f\u8f7d\u5747\u8861 \u9632\u706b\u5899 \u7f51\u7edc\u670d\u52a1\u6269\u5c55 \u7f51\u7edc\u670d\u52a1\u9650\u5236 \u7f51\u7edc\u670d\u52a1\u5b89\u5168\u6700\u4f73\u505a\u6cd5 OpenStack Networking \u670d\u52a1\u914d\u7f6e \u9650\u5236 API \u670d\u52a1\u5668\u7684\u7ed1\u5b9a\u5730\u5740\uff1aneutron-server \u9650\u5236 OpenStack Networking \u670d\u52a1\u7684 DB \u548c RPC \u901a\u4fe1 \u4fdd\u62a4 OpenStack \u7f51\u7edc\u670d\u52a1 \u9879\u76ee\u7f51\u7edc\u670d\u52a1\u5de5\u4f5c\u6d41 \u7f51\u7edc\u8d44\u6e90\u7b56\u7565\u5f15\u64ce \u5b89\u5168\u7ec4 \u914d\u989d \u7f13\u89e3 ARP \u6b3a\u9a97 \u68c0\u67e5\u8868 Check-Neutron-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/neutron\uff1f Check-Neutron-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Neutron-03\uff1aKeystone\u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Neutron-04\uff1a\u662f\u5426\u4f7f\u7528\u5b89\u5168\u534f\u8bae\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Neutron-05\uff1aNeutron API \u670d\u52a1\u5668\u4e0a\u662f\u5426\u542f\u7528\u4e86 TLS\uff1f \u5bf9\u8c61\u5b58\u50a8 \u7f51\u7edc\u5b89\u5168 \u4e00\u822c\u670d\u52a1\u5b89\u5168 \u4ee5\u975e root \u7528\u6237\u8eab\u4efd\u8fd0\u884c\u670d\u52a1 \u6587\u4ef6\u6743\u9650 \u4fdd\u62a4\u5b58\u50a8\u670d\u52a1 \u5bf9\u8c61\u5b58\u50a8\u5e10\u6237\u672f\u8bed \u4fdd\u62a4\u4ee3\u7406\u670d\u52a1 HTTP \u76d1\u542c\u7aef\u53e3 \u8d1f\u8f7d\u5747\u8861\u5668 \u5bf9\u8c61\u5b58\u50a8\u8eab\u4efd\u9a8c\u8bc1 TempAuth \u51fd\u6570 Keystone \u5176\u4ed6\u503c\u5f97\u6ce8\u610f\u7684\u4e8b\u9879 \u673a\u5bc6\u7ba1\u7406 \u73b0\u6709\u6280\u672f\u6458\u8981 \u76f8\u5173 Openstack \u9879\u76ee \u4f7f\u7528\u6848\u4f8b \u955c\u50cf\u7b7e\u540d\u9a8c\u8bc1 \u5377\u52a0\u5bc6 \u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6 Sahara Magnum Octavia/LBaaS Swift \u914d\u7f6e\u6587\u4ef6\u4e2d\u7684\u5bc6\u7801 Barbican \u6982\u8ff0 Barbican \u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236 \u673a\u5bc6\u5b58\u50a8\u540e\u7aef \u52a0\u5bc6\u63d2\u4ef6 \u7b80\u5355\u7684\u52a0\u5bc6\u63d2\u4ef6 PKCS#11 \u52a0\u5bc6\u63d2\u4ef6 \u673a\u5bc6\u5b58\u50a8\u63d2\u4ef6 KMIP \u63d2\u4ef6 Dogtag \u63d2\u4ef6 Vault \u63d2\u4ef6 \u5a01\u80c1\u5206\u6790 Castellan \u6982\u8ff0 \u5e38\u89c1\u95ee\u9898\u89e3\u7b54 \u68c0\u67e5\u8868 Check-Key-Manager-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/barbican\uff1f Check-Key-Manager-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Key-Manager-03\uff1aOpenStack Identity \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Key-Manager-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f \u6d88\u606f\u961f\u5217 \u6d88\u606f\u5b89\u5168 \u6d88\u606f\u4f20\u8f93\u5b89\u5168 RabbitMQ \u670d\u52a1\u5668 SSL \u914d\u7f6e Qpid \u670d\u52a1\u5668 SSL \u914d\u7f6e \u961f\u5217\u8ba4\u8bc1\u548c\u8bbf\u95ee\u63a7\u5236 \u8eab\u4efd\u9a8c\u8bc1\u914d\u7f6e\u793a\u4f8b\uff1aRabbitMQ OpenStack \u670d\u52a1\u914d\u7f6e\uff1aRabbitMQ \u8eab\u4efd\u9a8c\u8bc1\u914d\u7f6e\u793a\u4f8b\uff1aQpid OpenStack \u670d\u52a1\u914d\u7f6e\uff1aQpid \u6d88\u606f\u961f\u5217\u8fdb\u7a0b\u9694\u79bb\u548c\u7b56\u7565 \u547d\u540d\u7a7a\u95f4 \u7f51\u7edc\u7b56\u7565 \u5f3a\u5236\u8bbf\u95ee\u63a7\u5236 \u6570\u636e\u5904\u7406 \u6570\u636e\u5904\u7406\u7b80\u4ecb \u67b6\u6784 \u6d89\u53ca\u7684\u6280\u672f \u7528\u6237\u8bbf\u95ee\u8d44\u6e90 \u90e8\u7f72 \u63a7\u5236\u5668\u5bf9\u96c6\u7fa4\u7684\u7f51\u7edc\u8bbf\u95ee \u914d\u7f6e\u548c\u5f3a\u5316 TLS\u7cfb\u7edf \u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236\u7b56\u7565 \u5b89\u5168\u7ec4 \u4ee3\u7406\u57df \u81ea\u5b9a\u4e49\u7f51\u7edc\u62d3\u6251 \u95f4\u63a5\u8bbf\u95ee Rootwrap \u65e5\u5fd7 \u53c2\u8003\u4e66\u76ee \u6570\u636e\u5e93 \u6570\u636e\u5e93\u540e\u7aef\u6ce8\u610f\u4e8b\u9879 \u6570\u636e\u5e93\u540e\u7aef\u7684\u5b89\u5168\u53c2\u8003 \u6570\u636e\u5e93\u8bbf\u95ee\u63a7\u5236 OpenStack \u6570\u636e\u5e93\u8bbf\u95ee\u6a21\u578b \u7cbe\u7ec6\u8bbf\u95ee\u63a7\u5236 Nova-conductor \u6570\u636e\u5e93\u8ba4\u8bc1\u548c\u8bbf\u95ee\u63a7\u5236 \u6743\u9650 \u8981\u6c42\u7528\u6237\u5e10\u6237\u9700\u8981 SSL \u4f20\u8f93 \u914d\u7f6e\u793a\u4f8b #1\uff1a\uff08MySQL\uff09 \u914d\u7f6e\u793a\u4f8b #2\uff1a\uff08PostgreSQL\uff09 OpenStack \u670d\u52a1\u6570\u636e\u5e93\u914d\u7f6e MySQL :sql_connection \u7684\u5b57\u7b26\u4e32\u793a\u4f8b\uff1a \u4f7f\u7528 X.509 \u8bc1\u4e66\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1 \u914d\u7f6e\u793a\u4f8b #1\uff1a\uff08MySQL\uff09 \u914d\u7f6e\u793a\u4f8b #2\uff1a\uff08PostgreSQL\uff09 OpenStack \u670d\u52a1\u6570\u636e\u5e93\u914d\u7f6e Nova-conductor \u6570\u636e\u5e93\u4f20\u8f93\u5b89\u5168\u6027 \u6570\u636e\u5e93\u670d\u52a1\u5668 IP \u5730\u5740\u7ed1\u5b9a \u9650\u5236 MySQL \u7684\u7ed1\u5b9a\u5730\u5740 \u9650\u5236 PostgreSQL \u7684\u76d1\u542c\u5730\u5740 \u6570\u636e\u5e93\u4f20\u8f93 MySQL SSL\u914d\u7f6e PostgreSQL SSL \u914d\u7f6e \u79df\u6237\u6570\u636e\u9690\u79c1 \u6570\u636e\u9690\u79c1\u95ee\u9898 \u6570\u636e\u9a7b\u7559 \u6570\u636e\u5904\u7f6e \u6570\u636e\u672a\u5b89\u5168\u5220\u9664 \u5b9e\u4f8b\u5185\u5b58\u6e05\u7406 Cinder \u5377\u6570\u636e \u955c\u50cf\u670d\u52a1\u5ef6\u65f6\u5220\u9664\u529f\u80fd \u8ba1\u7b97\u8f6f\u5220\u9664\u529f\u80fd \u8ba1\u7b97\u5b9e\u4f8b\u4e34\u65f6\u5b58\u50a8 \u88f8\u673a\u670d\u52a1\u5668\u6e05\u7406 \u6570\u636e\u52a0\u5bc6 \u5377\u52a0\u5bc6 \u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6 \u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61 \u5757\u5b58\u50a8\u6027\u80fd\u548c\u540e\u7aef \u7f51\u7edc\u6570\u636e \u5bc6\u94a5\u7ba1\u7406 \u53c2\u8003\u4e66\u76ee\uff1a \u5b9e\u4f8b\u5b89\u5168\u7ba1\u7406 \u5b9e\u4f8b\u7684\u5b89\u5168\u670d\u52a1 \u5b9e\u4f8b\u7684\u71b5 \u5c06\u5b9e\u4f8b\u8c03\u5ea6\u5230\u8282\u70b9 \u53ef\u4fe1\u955c\u50cf \u955c\u50cf\u521b\u5efa\u8fc7\u7a0b \u6620\u50cf\u7b7e\u540d\u9a8c\u8bc1 \u5b9e\u4f8b\u8fc1\u79fb \u5b9e\u65f6\u8fc1\u79fb\u98ce\u9669 \u5b9e\u65f6\u8fc1\u79fb\u7f13\u89e3\u63aa\u65bd \u7981\u7528\u5b9e\u65f6\u8fc1\u79fb \u8fc1\u79fb\u7f51\u7edc \u52a0\u5bc6\u5b9e\u65f6\u8fc1\u79fb \u76d1\u63a7\u3001\u544a\u8b66\u548c\u62a5\u544a \u66f4\u65b0\u548c\u8865\u4e01 \u9632\u706b\u5899\u548c\u5176\u4ed6\u57fa\u4e8e\u4e3b\u673a\u7684\u5b89\u5168\u63a7\u5236 \u76d1\u89c6\u548c\u65e5\u5fd7\u8bb0\u5f55 \u53d6\u8bc1\u548c\u4e8b\u4ef6\u54cd\u5e94 \u76d1\u63a7\u7528\u4f8b \u53c2\u8003\u4e66\u76ee \u5408\u89c4 \u5408\u89c4\u6027\u6982\u8ff0 \u5b89\u5168\u539f\u5219 \u5206\u5c42\u9632\u5fa1 \u5b89\u5168\u5931\u8d25 \u6700\u5c0f\u6743\u9650 \u5206\u9694 \u4fc3\u8fdb\u9690\u79c1 \u65e5\u5fd7\u8bb0\u5f55\u80fd\u529b \u5e38\u7528\u63a7\u5236\u6846\u67b6 \u5ba1\u8ba1\u53c2\u8003 \u4e86\u89e3\u5ba1\u6838\u6d41\u7a0b \u786e\u5b9a\u5ba1\u8ba1\u8303\u56f4 \u5ba1\u8ba1\u7684\u9636\u6bb5 \u5185\u90e8\u5ba1\u8ba1 \u51c6\u5907\u5916\u90e8\u5ba1\u8ba1 \u5916\u90e8\u5ba1\u8ba1 \u5408\u89c4\u6027\u7ef4\u62a4 \u5408\u89c4\u6d3b\u52a8 \u4fe1\u606f\u5b89\u5168\u7ba1\u7406\u7cfb\u7edf \uff08ISMS\uff09 \u98ce\u9669\u8bc4\u4f30 \u8bbf\u95ee\u548c\u65e5\u5fd7\u5ba1\u67e5 \u5907\u4efd\u548c\u707e\u96be\u6062\u590d \u5b89\u5168\u57f9\u8bad \u5b89\u5168\u5ba1\u67e5 \u6f0f\u6d1e\u7ba1\u7406 \u6570\u636e\u5206\u7c7b \u5f02\u5e38\u8fc7\u7a0b \u8ba4\u8bc1\u548c\u5408\u89c4\u58f0\u660e \u5546\u4e1a\u6807\u51c6 SOC 1 \uff08SSAE 16\uff09 / ISAE 3402 SOC 2 \u51fd\u6570 SOC 3 \u51fd\u6570 ISO 27001/2 \u8ba4\u8bc1 HIPAA / HITECH PCI-DSS \u653f\u5e9c\u6807\u51c6 FedRAMP ITAR FISMA \u9690\u79c1 \u5b89\u5168\u5ba1\u67e5 \u67b6\u6784\u9875\u9762\u6307\u5357 \u6807\u9898\u3001\u7248\u672c\u4fe1\u606f\u3001\u8054\u7cfb\u65b9\u5f0f \u9879\u76ee\u63cf\u8ff0\u548c\u76ee\u7684 \u4e3b\u8981\u7528\u6237\u548c\u7528\u4f8b \u5916\u90e8\u4f9d\u8d56\u548c\u76f8\u5173\u7684\u5b89\u5168\u5047\u8bbe \u7ec4\u4ef6 \u670d\u52a1\u67b6\u6784\u56fe \u6570\u636e\u8d44\u4ea7 \u6570\u636e\u8d44\u4ea7\u5f71\u54cd\u5206\u6790 \u63a5\u53e3 \u8d44\u6e90 \u5b89\u5168\u68c0\u67e5\u8868 \u9644\u5f55 \u793e\u533a\u652f\u6301 \u6587\u6863 OpenStack wiki Launchpad bug \u533a\u57df \u6587\u6863\u53cd\u9988 OpenStack IRC \u9891\u9053 OpenStack \u90ae\u4ef6\u5217\u8868 OpenStack \u53d1\u884c\u5305 \u8bcd\u6c47\u8868 0-9 A B C D E F G H I J K M N O P Q R S T U V W X Y Z","title":"OpenStack\u5b89\u5168\u6307\u5357"},{"location":"security/security-guide/#_1","text":"\u672c\u4e66\u63d0\u4f9b\u4e86\u6709\u5173\u4fdd\u62a4OpenStack\u4e91\u7684\u6700\u4f73\u5b9e\u8df5\u548c\u6982\u5ff5\u4fe1\u606f\u3002 \u672c\u6307\u5357\u6700\u540e\u4e00\u6b21\u66f4\u65b0\u662f\u5728Train\u53d1\u5e03\u671f\u95f4\uff0c\u8bb0\u5f55\u4e86OpenStack Train\u3001Stein\u548cRocky\u7248\u672c\u3002\u5b83\u53ef\u80fd\u4e0d\u9002\u7528\u4e8eEOL\u7248\u672c\uff08\u4f8b\u5982Newton\uff09\u3002\u6211\u4eec\u5efa\u8bae\u60a8\u5728\u8ba1\u5212\u4e3a\u60a8\u7684OpenStack\u4e91\u5b9e\u65bd\u5b89\u5168\u63aa\u65bd\u65f6\uff0c\u81ea\u884c\u9605\u8bfb\u672c\u6587\u3002\u672c\u6307\u5357\u4ec5\u4f9b\u53c2\u8003\u3002OpenStack\u5b89\u5168\u56e2\u961f\u57fa\u4e8eOpenStack\u793e\u533a\u7684\u81ea\u613f\u8d21\u732e\u3002\u60a8\u53ef\u4ee5\u5728OFTC IRC\u4e0a\u7684#OpenStack-Security\u9891\u9053\u4e2d\u76f4\u63a5\u8054\u7cfb\u5b89\u5168\u793e\u533a\uff0c\u6216\u8005\u901a\u8fc7\u5411OpenStack-Discussion\u90ae\u4ef6\u5217\u8868\u53d1\u9001\u4e3b\u9898\u6807\u9898\u4e2d\u5e26\u6709[Security]\u524d\u7f00\u7684\u90ae\u4ef6\u6765\u8054\u7cfb\u3002","title":"\u6458\u8981"},{"location":"security/security-guide/#_2","text":"\u7ea6\u5b9a \u901a\u77e5 \u547d\u4ee4\u63d0\u793a\u7b26 \u4ecb\u7ecd \u786e\u5b9a \u6211\u4eec\u4e3a\u4ec0\u4e48\u4ee5\u53ca\u5982\u4f55\u5199\u8fd9\u672c\u4e66 OpenStack\u7b80\u4ecb \u5b89\u5168\u8fb9\u754c\u548c\u5a01\u80c1 \u9009\u62e9\u652f\u6301\u8f6f\u4ef6 \u7cfb\u7edf\u6587\u6863 \u7cfb\u7edf\u6587\u6863\u8981\u6c42 \u7ba1\u7406 \u6301\u7eed\u7684\u7cfb\u7edf\u7ba1\u7406 \u5b8c\u6574\u6027\u751f\u547d\u5468\u671f \u7ba1\u7406\u754c\u9762 \u5b89\u5168\u901a\u4fe1 TLS\u548cSSL\u7b80\u4ecb TLS\u4ee3\u7406\u548cHTTP\u670d\u52a1 \u5b89\u5168\u53c2\u8003\u67b6\u6784 \u7aef\u70b9 APL\u7aef\u70b9\u914d\u7f6e\u5efa\u8bae \u8eab\u4efd \u8ba4\u8bc1 \u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5 \u6388\u6743 \u653f\u7b56 \u4ee4\u724c \u57df \u8054\u5408\u68af\u5f62\u5931\u771f \u6e05\u5355 \u4eea\u8868\u677f \u57df\u540d\u3001\u4eea\u8868\u677f\u5347\u7ea7\u548c\u57fa\u672cWeb\u670d\u52a1\u5668\u914d\u7f6e HTTPS\u3001HSTS\u3001XSS\u548cSSRF \u524d\u7aef\u7f13\u5b58\u548c\u4f1a\u8bdd\u540e\u7aef \u9759\u6001\u5a92\u4f53 \u5bc6\u7801 \u5bc6\u94a5 \u7f51\u7ad9\u6570\u636e \u8de8\u57df\u8d44\u6e90\u5171\u4eab \uff08CORS\uff09 \u8c03\u8bd5 \u68c0\u67e5\u8868 \u8ba1\u7b97 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u9009\u62e9 \u5f3a\u5316\u865a\u62df\u5316\u5c42 \u5f3a\u5316\u8ba1\u7b97\u90e8\u7f72 \u6f0f\u6d1e\u610f\u8bc6 \u5982\u4f55\u9009\u62e9\u865a\u62df\u63a7\u5236\u53f0 \u68c0\u67e5\u8868 \u5757\u5b58\u50a8 \u97f3\u91cf\u64e6\u9664 \u68c0\u67e5\u8868 \u56fe\u50cf\u5b58\u50a8 \u68c0\u67e5\u8868 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf \u4ecb\u7ecd \u7f51\u7edc\u548c\u5b89\u5168\u6a21\u578b \u5b89\u5168\u670d\u52a1 \u5171\u4eab\u8bbf\u95ee\u63a7\u5236 \u5171\u4eab\u7c7b\u578b\u8bbf\u95ee\u63a7\u5236 \u653f\u7b56 \u68c0\u67e5\u8868 \u8054\u7f51 \u7f51\u7edc\u67b6\u6784 \u7f51\u7edc\u670d\u52a1 \u7f51\u7edc\u670d\u52a1\u5b89\u5168\u6700\u4f73\u505a\u6cd5 \u4fdd\u62a4 OpenStack \u7f51\u7edc\u670d\u52a1 \u68c0\u67e5\u8868 \u5bf9\u8c61\u5b58\u50a8 \u7f51\u7edc\u5b89\u5168 \u4e00\u822c\u4e8b\u52a1\u5b89\u5168 \u4fdd\u62a4\u5b58\u50a8\u670d\u52a1 \u4fdd\u62a4\u4ee3\u7406\u670d\u52a1 \u5bf9\u8c61\u5b58\u50a8\u8eab\u4efd\u9a8c\u8bc1 \u5176\u4ed6\u503c\u5f97\u6ce8\u610f\u7684\u9879\u76ee \u673a\u5bc6\u7ba1\u7406 \u73b0\u6709\u6280\u672f\u6458\u8981 \u76f8\u5173 Openstack \u9879\u76ee \u4f7f\u7528\u6848\u4f8b \u5bc6\u94a5\u7ba1\u7406\u670d\u52a1 \u5bc6\u94a5\u7ba1\u7406\u63a5\u53e3 \u5e38\u89c1\u95ee\u9898\u89e3\u7b54 \u68c0\u67e5\u8868 \u6d88\u606f\u961f\u5217 \u90ae\u4ef6\u5b89\u5168 \u6570\u636e\u5904\u7406 \u6570\u636e\u5904\u7406\u7b80\u4ecb \u90e8\u7f72 \u914d\u7f6e\u548c\u5f3a\u5316 \u6570\u636e\u5e93 \u6570\u636e\u5e93\u540e\u7aef\u6ce8\u610f\u4e8b\u9879 \u6570\u636e\u5e93\u8bbf\u95ee\u63a7\u5236 \u6570\u636e\u5e93\u4f20\u8f93\u5b89\u5168\u6027 \u79df\u6237\u6570\u636e\u9690\u79c1 \u6570\u636e\u9690\u79c1\u95ee\u9898 \u6570\u636e\u52a0\u5bc6 \u5bc6\u94a5\u7ba1\u7406 \u5b9e\u4f8b\u5b89\u5168\u7ba1\u7406 \u5b9e\u4f8b\u7684\u5b89\u5168\u670d\u52a1 \u76d1\u89c6\u548c\u65e5\u5fd7\u8bb0\u5f55 \u53d6\u8bc1\u548c\u4e8b\u4ef6\u54cd\u5e94 \u5408\u89c4 \u5408\u89c4\u6027\u6982\u8ff0 \u4e86\u89e3\u5ba1\u6838\u6d41\u7a0b \u5408\u89c4\u6d3b\u52a8 \u8ba4\u8bc1\u548c\u5408\u89c4\u58f0\u660e \u9690\u79c1 \u5b89\u5168\u5ba1\u67e5 \u4f53\u7cfb\u7ed3\u6784\u9875\u9762\u6307\u5357 \u5b89\u5168\u68c0\u67e5\u8868 \u9644\u5f55 \u793e\u533a\u652f\u6301 \u8bcd\u6c47\u8868","title":"\u5185\u5bb9"},{"location":"security/security-guide/#_3","text":"OpenStack \u6587\u6863\u4f7f\u7528\u4e86\u51e0\u79cd\u6392\u7248\u7ea6\u5b9a\u3002","title":"\u7ea6\u5b9a"},{"location":"security/security-guide/#_4","text":"\u6ce8\u610f \u5e26\u6709\u9644\u52a0\u4fe1\u606f\u7684\u6ce8\u91ca\uff0c\u7528\u4e8e\u89e3\u91ca\u6587\u672c\u7684\u67d0\u4e00\u90e8\u5206\u3002 \u91cd\u8981 \u5728\u7ee7\u7eed\u4e4b\u524d\uff0c\u60a8\u5fc5\u987b\u6ce8\u610f\u8fd9\u4e00\u70b9\u3002 \u63d0\u793a \u4e00\u4e2a\u989d\u5916\u4f46\u6709\u7528\u7684\u5b9e\u7528\u5efa\u8bae\u3002 \u8b66\u793a \u9632\u6b62\u7528\u6237\u72af\u9519\u8bef\u7684\u6709\u7528\u4fe1\u606f\u3002 \u8b66\u544a \u6709\u5173\u6570\u636e\u4e22\u5931\u98ce\u9669\u6216\u5b89\u5168\u95ee\u9898\u7684\u5173\u952e\u4fe1\u606f\u3002","title":"\u6ce8\u610f\u4e8b\u9879"},{"location":"security/security-guide/#_5","text":"$ command \u4efb\u4f55\u7528\u6237\uff08\u5305\u62ecroot\u7528\u6237\uff09\u90fd\u53ef\u4ee5\u8fd0\u884c\u4ee5$\u63d0\u793a\u7b26\u4e3a\u524d\u7f00\u7684\u547d\u4ee4\u3002 # command root\u7528\u6237\u5fc5\u987b\u8fd0\u884c\u524d\u7f00\u4e3a#\u63d0\u793a\u7b26\u7684\u547d\u4ee4\u3002\u60a8\u8fd8\u53ef\u4ee5\u5728\u8fd9\u4e9b\u547d\u4ee4\u524d\u9762\u52a0\u4e0asudo\u547d\u4ee4\uff08\u5982\u679c\u53ef\u7528\uff09\uff0c\u4ee5\u8fd0\u884c\u8fd9\u4e9b\u547d\u4ee4\u3002","title":"\u547d\u4ee4\u63d0\u793a\u7b26"},{"location":"security/security-guide/#_6","text":"\u300aOpenStack \u5b89\u5168\u6307\u5357\u300b\u662f\u8bb8\u591a\u4eba\u7ecf\u8fc7\u4e94\u5929\u534f\u4f5c\u7684\u6210\u679c\u3002\u672c\u6587\u6863\u65e8\u5728\u63d0\u4f9b\u90e8\u7f72\u5b89\u5168 OpenStack \u4e91\u7684\u6700\u4f73\u5b9e\u8df5\u6307\u5357\u3002\u5b83\u65e8\u5728\u53cd\u6620OpenStack\u793e\u533a\u7684\u5f53\u524d\u5b89\u5168\u72b6\u6001\uff0c\u5e76\u4e3a\u7531\u4e8e\u590d\u6742\u6027\u6216\u5176\u4ed6\u7279\u5b9a\u4e8e\u73af\u5883\u7684\u7ec6\u8282\u800c\u65e0\u6cd5\u5217\u51fa\u7279\u5b9a\u5b89\u5168\u63a7\u5236\u63aa\u65bd\u7684\u51b3\u7b56\u63d0\u4f9b\u6846\u67b6\u3002 \u81f4\u8c22 \u6211\u4eec\u4e3a\u4ec0\u4e48\u4ee5\u53ca\u5982\u4f55\u5199\u8fd9\u672c\u4e66 \u76ee\u6807 \u5982\u4f55 OpenStack \u7b80\u4ecb \u4e91\u7c7b\u578b OpenStack \u670d\u52a1\u6982\u8ff0 \u5b89\u5168\u8fb9\u754c\u548c\u5a01\u80c1 \u5b89\u5168\u57df \u6865\u63a5\u5b89\u5168\u57df \u5a01\u80c1\u5206\u7c7b\u3001\u53c2\u4e0e\u8005\u548c\u653b\u51fb\u5a92\u4ecb \u9009\u62e9\u652f\u6301\u8f6f\u4ef6 \u56e2\u961f\u4e13\u957f \u4ea7\u54c1\u6216\u9879\u76ee\u6210\u719f\u5ea6 \u901a\u7528\u6807\u51c6 \u786c\u4ef6\u95ee\u9898","title":"\u4ecb\u7ecd"},{"location":"security/security-guide/#_7","text":"OpenStack \u5b89\u5168\u7ec4\u8981\u611f\u8c22\u4ee5\u4e0b\u7ec4\u7ec7\u7684\u8d21\u732e\uff0c\u4ed6\u4eec\u4e3a\u672c\u4e66\u7684\u51fa\u7248\u505a\u51fa\u4e86\u8d21\u732e\u3002\u8fd9\u4e9b\u7ec4\u7ec7\u662f\uff1a","title":"\u81f4\u8c22"},{"location":"security/security-guide/#_8","text":"\u968f\u7740 OpenStack \u7684\u666e\u53ca\u548c\u4ea7\u54c1\u6210\u719f\uff0c\u5b89\u5168\u6027\u5df2\u6210\u4e3a\u91cd\u4e2d\u4e4b\u91cd\u3002OpenStack \u5b89\u5168\u7ec4\u5df2\u7ecf\u8ba4\u8bc6\u5230\u9700\u8981\u4e00\u4e2a\u5168\u9762\u800c\u6743\u5a01\u7684\u5b89\u5168\u6307\u5357\u3002\u300aOpenStack \u5b89\u5168\u6307\u5357\u300b\u65e8\u5728\u6982\u8ff0\u63d0\u9ad8 OpenStack \u90e8\u7f72\u5b89\u5168\u6027\u7684\u5b89\u5168\u6700\u4f73\u5b9e\u8df5\u3001\u6307\u5357\u548c\u5efa\u8bae\u3002\u4f5c\u8005\u5e26\u6765\u4e86\u4ed6\u4eec\u5728\u5404\u79cd\u73af\u5883\u4e2d\u90e8\u7f72\u548c\u4fdd\u62a4 OpenStack \u7684\u4e13\u4e1a\u77e5\u8bc6\u3002 \u672c\u6307\u5357\u662f\u5bf9\u300aOpenStack \u64cd\u4f5c\u6307\u5357\u300b\u7684\u8865\u5145\uff0c\u53ef\u7528\u4e8e\u5f3a\u5316\u73b0\u6709\u7684 OpenStack \u90e8\u7f72\u6216\u8bc4\u4f30 OpenStack \u4e91\u63d0\u4f9b\u5546\u7684\u5b89\u5168\u63a7\u5236\u3002","title":"\u6211\u4eec\u4e3a\u4ec0\u4e48\u4ee5\u53ca\u5982\u4f55\u5199\u8fd9\u672c\u4e66"},{"location":"security/security-guide/#_9","text":"\u8bc6\u522b OpenStack \u4e2d\u7684\u5b89\u5168\u57df \u63d0\u4f9b\u4fdd\u62a4 OpenStack \u90e8\u7f72\u7684\u6307\u5bfc \u5f3a\u8c03\u5f53\u4eca OpenStack \u4e2d\u7684\u5b89\u5168\u95ee\u9898\u548c\u6f5c\u5728\u7684\u7f13\u89e3\u63aa\u65bd \u8ba8\u8bba\u5373\u5c06\u63a8\u51fa\u7684\u5b89\u5168\u529f\u80fd \u4e3a\u77e5\u8bc6\u83b7\u53d6\u548c\u4f20\u64ad\u63d0\u4f9b\u793e\u533a\u9a71\u52a8\u7684\u8bbe\u65bd","title":"\u76ee\u6807"},{"location":"security/security-guide/#_10","text":"\u4e0e\u300aOpenStack \u64cd\u4f5c\u6307\u5357\u300b\u4e00\u6837\uff0c\u6211\u4eec\u9075\u5faa\u4e86\u672c\u4e66\u7684\u51b2\u523a\u65b9\u6cd5\u3002\u4e66\u7c4d\u51b2\u523a\u8fc7\u7a0b\u5141\u8bb8\u5feb\u901f\u5f00\u53d1\u548c\u5236\u4f5c\u5927\u91cf\u4e66\u9762\u4f5c\u54c1\u3002OpenStack \u5b89\u5168\u7ec4\u7684\u534f\u8c03\u5458\u91cd\u65b0\u9080\u8bf7\u4e86 Adam Hyde \u4f5c\u4e3a\u534f\u8c03\u4eba\u3002\u8be5\u9879\u76ee\u5728\u4fc4\u52d2\u5188\u5dde\u6ce2\u7279\u5170\u5e02\u7684OpenStack\u5cf0\u4f1a\u4e0a\u6b63\u5f0f\u5ba3\u5e03\u3002 \u7531\u4e8e\u8be5\u5c0f\u7ec4\u7684\u4e00\u4e9b\u5173\u952e\u6210\u5458\u79bb\u5f97\u5f88\u8fd1\uff0c\u8be5\u56e2\u961f\u805a\u96c6\u5728\u9a6c\u91cc\u5170\u5dde\u5b89\u7eb3\u6ce2\u5229\u65af\u3002\u8fd9\u662f\u516c\u5171\u90e8\u95e8\u60c5\u62a5\u754c\u6210\u5458\u3001\u7845\u8c37\u521d\u521b\u516c\u53f8\u548c\u4e00\u4e9b\u5927\u578b\u77e5\u540d\u79d1\u6280\u516c\u53f8\u4e4b\u95f4\u7684\u975e\u51e1\u5408\u4f5c\u3002\u8be5\u4e66\u7684\u51b2\u523a\u57282013\u5e746\u6708\u7684\u6700\u540e\u4e00\u5468\u8fdb\u884c\uff0c\u7b2c\u4e00\u7248\u5728\u4e94\u5929\u5185\u5b8c\u6210\u3002 \u8be5\u56e2\u961f\u5305\u62ec\uff1a Bryan D. Payne\uff0c\u661f\u4e91 Bryan D. Payne \u535a\u58eb\u662f Nebula \u7684\u5b89\u5168\u7814\u7a76\u603b\u76d1\uff0c\u4e5f\u662f OpenStack \u5b89\u5168\u7ec4\u7ec7 \uff08OSSG\uff09 \u7684\u8054\u5408\u521b\u59cb\u4eba\u3002\u5728\u52a0\u5165 Nebula \u4e4b\u524d\uff0c\u4ed6\u66fe\u5728\u6851\u8fea\u4e9a\u56fd\u5bb6\u5b9e\u9a8c\u5ba4\u3001\u56fd\u5bb6\u5b89\u5168\u5c40\u3001BAE Systems \u548c IBM \u7814\u7a76\u9662\u5de5\u4f5c\u3002\u4ed6\u6bd5\u4e1a\u4e8e\u4f50\u6cbb\u4e9a\u7406\u5de5\u5b66\u9662\u8ba1\u7b97\u673a\u5b66\u9662\uff0c\u83b7\u5f97\u8ba1\u7b97\u673a\u79d1\u5b66\u535a\u58eb\u5b66\u4f4d\uff0c\u4e13\u653b\u7cfb\u7edf\u5b89\u5168\u3002Bryan \u662f\u300aOpenStack \u5b89\u5168\u6307\u5357\u300b\u7684\u7f16\u8f91\u548c\u8d1f\u8d23\u4eba\uff0c\u8d1f\u8d23\u8be5\u6307\u5357\u5728\u7f16\u5199\u540e\u7684\u4e24\u5e74\u4e2d\u6301\u7eed\u589e\u957f\u3002 Robert Clark\uff0c\u60e0\u666e Robert Clark \u662f\u60e0\u666e\u4e91\u670d\u52a1\u7684\u9996\u5e2d\u5b89\u5168\u67b6\u6784\u5e08\uff0c\u4e5f\u662f OpenStack \u5b89\u5168\u7ec4\u7ec7 \uff08OSSG\uff09 \u7684\u8054\u5408\u521b\u59cb\u4eba\u3002\u5728\u88ab\u60e0\u666e\u62db\u52df\u4e4b\u524d\uff0c\u4ed6\u66fe\u5728\u82f1\u56fd\u60c5\u62a5\u754c\u5de5\u4f5c\u3002Robert \u5728\u5a01\u80c1\u5efa\u6a21\u3001\u5b89\u5168\u67b6\u6784\u548c\u865a\u62df\u5316\u6280\u672f\u65b9\u9762\u62e5\u6709\u6df1\u539a\u7684\u80cc\u666f\u3002Robert \u62e5\u6709\u5a01\u5c14\u58eb\u5927\u5b66\u7684\u8f6f\u4ef6\u5de5\u7a0b\u7855\u58eb\u5b66\u4f4d\u3002 Keith Basil \uff0c\u7ea2\u5e3d Keith Basil \u662f\u7ea2\u5e3d OpenStack \u7684\u9996\u5e2d\u4ea7\u54c1\u7ecf\u7406\uff0c\u4e13\u6ce8\u4e8e\u7ea2\u5e3d\u7684 OpenStack \u4ea7\u54c1\u7ba1\u7406\u3001\u5f00\u53d1\u548c\u6218\u7565\u3002\u5728\u7f8e\u56fd\u516c\u5171\u90e8\u95e8\uff0cBasil \u5e26\u6765\u4e86\u4e3a\u8054\u90a6\u6c11\u7528\u673a\u6784\u548c\u627f\u5305\u5546\u8bbe\u8ba1\u6388\u6743\u3001\u5b89\u5168\u3001\u9ad8\u6027\u80fd\u4e91\u67b6\u6784\u7684\u7ecf\u9a8c\u3002 Cody Bunch\uff0c\u62c9\u514b\u7a7a\u95f4 Cody Bunch \u662f Rackspace \u7684\u79c1\u6709\u4e91\u67b6\u6784\u5e08\u3002Cody \u4e0e\u4eba\u5408\u8457\u4e86\u300aThe OpenStack Cookbook\u300b\u7684\u66f4\u65b0\u4ee5\u53ca\u6709\u5173 VMware \u81ea\u52a8\u5316\u7684\u4e66\u7c4d\u3002 Malini Bhandaru\uff0c\u82f1\u7279\u5c14 Malini Bhandaru \u662f\u82f1\u7279\u5c14\u7684\u4e00\u540d\u5b89\u5168\u67b6\u6784\u5e08\u3002\u5979\u62e5\u6709\u591a\u5143\u5316\u7684\u80cc\u666f\uff0c\u66fe\u5728\u82f1\u7279\u5c14\u4ece\u4e8b\u5e73\u53f0\u529f\u80fd\u548c\u6027\u80fd\u65b9\u9762\u7684\u5de5\u4f5c\uff0c\u5728 Nuance \u4ece\u4e8b\u8bed\u97f3\u4ea7\u54c1\u65b9\u9762\u7684\u5de5\u4f5c\uff0c\u5728 ComBrio \u4ece\u4e8b\u8fdc\u7a0b\u76d1\u63a7\u548c\u7ba1\u7406\u5de5\u4f5c\uff0c\u5728 Verizon \u4ece\u4e8b\u7f51\u7edc\u5546\u52a1\u5de5\u4f5c\u3002\u5979\u62e5\u6709\u9a6c\u8428\u8bf8\u585e\u5927\u5b66\u963f\u9ed8\u65af\u7279\u5206\u6821\u7684\u4eba\u5de5\u667a\u80fd\u535a\u58eb\u5b66\u4f4d\u3002 Gregg Tally\uff0c\u7ea6\u7ff0\u970d\u666e\u91d1\u65af\u5927\u5b66\u5e94\u7528\u7269\u7406\u5b9e\u9a8c\u5ba4 Gregg Tally \u662f JHU/APL \u7f51\u7edc\u7cfb\u7edf\u90e8\u95e8\u975e\u5bf9\u79f0\u8fd0\u8425\u90e8\u7684\u603b\u5de5\u7a0b\u5e08\u3002\u4ed6\u4e3b\u8981\u4ece\u4e8b\u7cfb\u7edf\u5b89\u5168\u5de5\u7a0b\u65b9\u9762\u7684\u5de5\u4f5c\u3002\u6b64\u524d\uff0c\u4ed6\u66fe\u5728\u65af\u5df4\u8fbe\u3001\u8fc8\u514b\u83f2\u548c\u53ef\u4fe1\u4fe1\u606f\u7cfb\u7edf\u516c\u53f8\u5de5\u4f5c\uff0c\u53c2\u4e0e\u7f51\u7edc\u5b89\u5168\u7814\u7a76\u9879\u76ee\u3002 Eric Lopez, \u5a01\u777f Eric Lopez \u662f VMware \u7f51\u7edc\u548c\u5b89\u5168\u4e1a\u52a1\u90e8\u95e8\u7684\u9ad8\u7ea7\u89e3\u51b3\u65b9\u6848\u67b6\u6784\u5e08\uff0c\u4ed6\u5e2e\u52a9\u5ba2\u6237\u5b9e\u65bd OpenStack \u548c VMware NSX\uff08\u4ee5\u524d\u79f0\u4e3a Nicira \u7684\u7f51\u7edc\u865a\u62df\u5316\u5e73\u53f0\uff09\u3002\u5728\u52a0\u5165 VMware\uff08\u901a\u8fc7\u516c\u53f8\u6536\u8d2d Nicira\uff09\u4e4b\u524d\uff0c\u4ed6\u66fe\u5728 Q1 Labs\u3001Symantec\u3001Vontu \u548c Brightmail \u5de5\u4f5c\u3002\u4ed6\u62e5\u6709\u52a0\u5dde\u5927\u5b66\u4f2f\u514b\u5229\u5206\u6821\u7684\u7535\u6c14\u5de5\u7a0b/\u8ba1\u7b97\u673a\u79d1\u5b66\u548c\u6838\u5de5\u7a0b\u5b66\u58eb\u5b66\u4f4d\u548c\u65e7\u91d1\u5c71\u5927\u5b66\u7684\u5de5\u5546\u7ba1\u7406\u7855\u58eb\u5b66\u4f4d\u3002 Shawn Wells\uff0c\u7ea2\u5e3d Shawn Wells \u662f\u7ea2\u5e3d\u521b\u65b0\u9879\u76ee\u603b\u76d1\uff0c\u4e13\u6ce8\u4e8e\u6539\u8fdb\u7f8e\u56fd\u653f\u5e9c\u5185\u90e8\u91c7\u7528\u3001\u4fc3\u8fdb\u548c\u7ba1\u7406\u5f00\u6e90\u6280\u672f\u7684\u6d41\u7a0b\u3002\u6b64\u5916\uff0cShawn \u8fd8\u662f SCAP \u5b89\u5168\u6307\u5357\u9879\u76ee\u7684\u4e0a\u6e38\u7ef4\u62a4\u8005\uff0c\u8be5\u9879\u76ee\u4e0e\u7f8e\u56fd\u519b\u65b9\u3001NSA \u548c DISA \u4e00\u8d77\u5236\u5b9a\u865a\u62df\u5316\u548c\u64cd\u4f5c\u7cfb\u7edf\u5f3a\u5316\u7b56\u7565\u3002Shawn\u66fe\u662fNSA\u7684\u5e73\u6c11\uff0c\u5229\u7528\u5927\u578b\u5206\u5e03\u5f0f\u8ba1\u7b97\u57fa\u7840\u8bbe\u65bd\u5f00\u53d1\u4e86SIGINT\u6536\u96c6\u7cfb\u7edf\u3002 Ben de Bont\uff0c\u60e0\u666e Ben de Bont \u662f\u60e0\u666e\u4e91\u670d\u52a1\u7684\u9996\u5e2d\u6218\u7565\u5b98\u3002\u5728\u62c5\u4efb\u73b0\u804c\u4e4b\u524d\uff0cBen \u9886\u5bfc MySpace \u7684\u4fe1\u606f\u5b89\u5168\u5c0f\u7ec4\u548c MSN Security \u7684\u4e8b\u4ef6\u54cd\u5e94\u56e2\u961f\u3002Ben \u62e5\u6709\u6606\u58eb\u5170\u79d1\u6280\u5927\u5b66\u7684\u8ba1\u7b97\u673a\u79d1\u5b66\u7855\u58eb\u5b66\u4f4d\u3002 Nathanael Burton\uff0c\u56fd\u5bb6\u5b89\u5168\u5c40 \u7eb3\u5854\u5185\u5c14\u00b7\u4f2f\u987f\uff08Nathanael Burton\uff09\u662f\u7f8e\u56fd\u56fd\u5bb6\u5b89\u5168\u5c40\uff08National Security Agency\uff09\u7684\u8ba1\u7b97\u673a\u79d1\u5b66\u5bb6\u3002\u4ed6\u5728\u8be5\u673a\u6784\u5de5\u4f5c\u4e86 10 \u591a\u5e74\uff0c\u4ece\u4e8b\u5206\u5e03\u5f0f\u7cfb\u7edf\u3001\u5927\u89c4\u6a21\u6258\u7ba1\u3001\u5f00\u6e90\u8ba1\u5212\u3001\u64cd\u4f5c\u7cfb\u7edf\u3001\u5b89\u5168\u3001\u5b58\u50a8\u548c\u865a\u62df\u5316\u6280\u672f\u65b9\u9762\u7684\u5de5\u4f5c\u3002\u4ed6\u62e5\u6709\u5f17\u5409\u5c3c\u4e9a\u7406\u5de5\u5927\u5b66\u7684\u8ba1\u7b97\u673a\u79d1\u5b66\u5b66\u58eb\u5b66\u4f4d\u3002 Vibha Fauver Vibha Fauver\uff0cGWEB\uff0cCISSP\uff0cPMP\uff0c\u5728\u4fe1\u606f\u6280\u672f\u9886\u57df\u62e5\u6709\u8d85\u8fc715\u5e74\u7684\u7ecf\u9a8c\u3002\u5979\u7684\u4e13\u4e1a\u9886\u57df\u5305\u62ec\u8f6f\u4ef6\u5de5\u7a0b\u3001\u9879\u76ee\u7ba1\u7406\u548c\u4fe1\u606f\u5b89\u5168\u3002\u5979\u62e5\u6709\u8ba1\u7b97\u673a\u4e0e\u4fe1\u606f\u79d1\u5b66\u5b66\u58eb\u5b66\u4f4d\u548c\u5de5\u7a0b\u7ba1\u7406\u7855\u58eb\u5b66\u4f4d\uff0c\u4e13\u4e1a\u548c\u7cfb\u7edf\u5de5\u7a0b\u8bc1\u4e66\u3002 Eric Windisch\uff0c\u4e91\u7f29\u653e Eric Windisch \u662f Cloudscaling \u7684\u9996\u5e2d\u5de5\u7a0b\u5e08\uff0c\u4ed6\u4e3a OpenStack \u8d21\u732e\u4e86\u4e24\u5e74\u591a\u3002\u57c3\u91cc\u514b\uff08Eric\uff09\u5728\u7f51\u7edc\u6258\u7ba1\u884c\u4e1a\u62e5\u6709\u5341\u591a\u5e74\u7684\u7ecf\u9a8c\uff0c\u4e00\u76f4\u5728\u654c\u5bf9\u73af\u5883\u7684\u6218\u58d5\u4e2d\uff0c\u5efa\u7acb\u4e86\u79df\u6237\u9694\u79bb\u548c\u57fa\u7840\u8bbe\u65bd\u5b89\u5168\u6027\u3002\u81ea 2007 \u5e74\u4ee5\u6765\uff0c\u4ed6\u4e00\u76f4\u5728\u6784\u5efa\u4e91\u8ba1\u7b97\u57fa\u7840\u8bbe\u65bd\u548c\u81ea\u52a8\u5316\u3002 Andrew Hay\uff0c\u4e91\u9053 Andrew Hay \u662f CloudPassage\uff0c Inc. \u7684\u5e94\u7528\u5b89\u5168\u7814\u7a76\u603b\u76d1\uff0c\u8d1f\u8d23\u9886\u5bfc\u8be5\u516c\u53f8\u53ca\u5176\u4e13\u4e3a\u52a8\u6001\u516c\u6709\u4e91\u3001\u79c1\u6709\u4e91\u548c\u6df7\u5408\u4e91\u6258\u7ba1\u73af\u5883\u6784\u5efa\u7684\u670d\u52a1\u5668\u5b89\u5168\u4ea7\u54c1\u7684\u5b89\u5168\u7814\u7a76\u5de5\u4f5c\u3002 Adam Hyde \u4e9a\u5f53\u4fc3\u6210\u4e86\u8fd9\u4e2a Book Sprint\u3002\u4ed6\u8fd8\u521b\u7acb\u4e86 Book Sprint \u65b9\u6cd5\u8bba\uff0c\u5e76\u4e14\u662f\u6700\u6709\u7ecf\u9a8c\u7684 Book Sprint \u4fc3\u8fdb\u8005\u3002Adam \u521b\u7acb\u4e86 FLOSS Manuals\uff0c\u8fd9\u662f\u4e00\u4e2a\u7531 3,000 \u4eba\u7ec4\u6210\u7684\u793e\u533a\uff0c\u81f4\u529b\u4e8e\u5f00\u53d1\u5173\u4e8e\u81ea\u7531\u8f6f\u4ef6\u7684\u81ea\u7531\u624b\u518c\u3002\u4ed6\u8fd8\u662f Booktype \u7684\u521b\u59cb\u4eba\u548c\u9879\u76ee\u7ecf\u7406\uff0cBooktype \u662f\u4e00\u4e2a\u7528\u4e8e\u5728\u7ebf\u548c\u5370\u5237\u4e66\u7c4d\u7f16\u5199\u3001\u7f16\u8f91\u548c\u51fa\u7248\u7684\u5f00\u6e90\u9879\u76ee\u3002 \u5728\u51b2\u523a\u671f\u95f4\uff0c\u6211\u4eec\u8fd8\u5f97\u5230\u4e86 Anne Gentle\u3001Warren Wang\u3001Paul McMillan\u3001Brian Schott \u548c Lorin Hochstein \u7684\u5e2e\u52a9\u3002 \u8fd9\u672c\u4e66\u662f\u5728\u4e3a\u671f 5 \u5929\u7684\u56fe\u4e66\u51b2\u523a\u4e2d\u5236\u4f5c\u7684\u3002\u56fe\u4e66\u51b2\u523a\u662f\u4e00\u4e2a\u9ad8\u5ea6\u534f\u4f5c\u3001\u4fc3\u8fdb\u7684\u8fc7\u7a0b\uff0c\u5b83\u5c06\u4e00\u4e2a\u5c0f\u7ec4\u805a\u96c6\u5728\u4e00\u8d77\uff0c\u5728 3-5 \u5929\u5185\u5236\u4f5c\u4e00\u672c\u4e66\u3002\u8fd9\u662f\u4e00\u4e2a\u7531\u4e9a\u5f53\u00b7\u6d77\u5fb7\uff08Adam Hyde\uff09\u521b\u7acb\u548c\u53d1\u5c55\u7684\u7279\u5b9a\u65b9\u6cd5\u7684\u6709\u529b\u4fc3\u8fdb\u8fc7\u7a0b\u3002\u6709\u5173\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u8bbf\u95eeBookSprints\u7684Book Sprint\u7f51\u9875\u3002","title":"\u5199\u4f5c\u8bb0\u5f55"},{"location":"security/security-guide/#_11","text":"\u672c\u4e66\u7684\u6700\u521d\u5de5\u4f5c\u662f\u5728\u4e00\u95f4\u7a7a\u8c03\u8fc7\u9ad8\u7684\u623f\u95f4\u91cc\u8fdb\u884c\u7684\uff0c\u8be5\u623f\u95f4\u662f\u6574\u4e2a\u6587\u6863\u51b2\u523a\u671f\u95f4\u7684\u5c0f\u7ec4\u529e\u516c\u5ba4\u3002 \u8981\u4e86\u89e3\u6709\u5173\u5982\u4f55\u4e3a OpenStack \u6587\u6863\u505a\u51fa\u8d21\u732e\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 OpenStack \u6587\u6863\u8d21\u732e\u8005\u6307\u5357\u3002","title":"\u5982\u4f55\u4e3a\u672c\u4e66\u505a\u8d21\u732e"},{"location":"security/security-guide/#openstack_1","text":"\u672c\u6307\u5357\u63d0\u4f9b\u4e86\u5bf9 OpenStack \u90e8\u7f72\u7684\u5b89\u5168\u89c1\u89e3\u3002\u76ee\u6807\u53d7\u4f17\u662f\u4e91\u67b6\u6784\u5e08\u3001\u90e8\u7f72\u4eba\u5458\u548c\u7ba1\u7406\u5458\u3002\u6b64\u5916\uff0c\u4e91\u7528\u6237\u4f1a\u53d1\u73b0\u8be5\u6307\u5357\u5728\u63d0\u4f9b\u5546\u9009\u62e9\u65b9\u9762\u65e2\u6709\u6559\u80b2\u610f\u4e49\u53c8\u6709\u5e2e\u52a9\uff0c\u800c\u5ba1\u8ba1\u4eba\u5458\u4f1a\u53d1\u73b0\u5b83\u4f5c\u4e3a\u53c2\u8003\u6587\u6863\u5f88\u6709\u7528\uff0c\u53ef\u4ee5\u652f\u6301\u4ed6\u4eec\u7684\u5408\u89c4\u6027\u8ba4\u8bc1\u5de5\u4f5c\u3002\u672c\u6307\u5357\u4e5f\u63a8\u8350\u7ed9\u4efb\u4f55\u5bf9\u4e91\u5b89\u5168\u611f\u5174\u8da3\u7684\u4eba\u3002 \u6bcf\u4e2a OpenStack \u90e8\u7f72\u90fd\u5305\u542b\u5404\u79cd\u5404\u6837\u7684\u6280\u672f\uff0c\u5305\u62ec Linux \u53d1\u884c\u7248\u3001\u6570\u636e\u5e93\u7cfb\u7edf\u3001\u6d88\u606f\u961f\u5217\u3001OpenStack \u7ec4\u4ef6\u672c\u8eab\u3001\u8bbf\u95ee\u63a7\u5236\u7b56\u7565\u3001\u65e5\u5fd7\u8bb0\u5f55\u670d\u52a1\u3001\u5b89\u5168\u76d1\u63a7\u5de5\u5177\u7b49\u7b49\u3002\u6240\u6d89\u53ca\u7684\u5b89\u5168\u95ee\u9898\u540c\u6837\u591a\u79cd\u591a\u6837\u4e5f\u5c31\u4e0d\u8db3\u4e3a\u5947\u4e86\uff0c\u5bf9\u8fd9\u4e9b\u95ee\u9898\u7684\u6df1\u5165\u5206\u6790\u9700\u8981\u4e00\u4e9b\u6307\u5357\u3002\u6211\u4eec\u52aa\u529b\u5bfb\u627e\u5e73\u8861\u70b9\uff0c\u63d0\u4f9b\u8db3\u591f\u7684\u80cc\u666f\u4fe1\u606f\u6765\u7406\u89e3OpenStack\u5b89\u5168\u95ee\u9898\u53ca\u5176\u5904\u7406\uff0c\u5e76\u4e3a\u8fdb\u4e00\u6b65\u7684\u4fe1\u606f\u63d0\u4f9b\u5916\u90e8\u53c2\u8003\u3002\u8be5\u6307\u5357\u53ef\u4ee5\u4ece\u5934\u5230\u5c3e\u9605\u8bfb\uff0c\u4e5f\u53ef\u4ee5\u50cf\u53c2\u8003\u4e00\u6837\u4f7f\u7528\u3002 \u6211\u4eec\u7b80\u8981\u4ecb\u7ecd\u4e86\u4e91\u7684\u79cd\u7c7b\uff08\u79c1\u6709\u4e91\u3001\u516c\u6709\u4e91\u548c\u6df7\u5408\u4e91\uff09\uff0c\u7136\u540e\u5728\u672c\u7ae0\u7684\u5176\u4f59\u90e8\u5206\u6982\u8ff0\u4e86 OpenStack \u7ec4\u4ef6\u53ca\u5176\u76f8\u5173\u7684\u5b89\u5168\u95ee\u9898\u3002 \u5728\u6574\u672c\u4e66\u4e2d\uff0c\u6211\u4eec\u63d0\u5230\u4e86\u51e0\u79cd\u7c7b\u578b\u7684OpenStack\u4e91\u7528\u6237\uff1a\u7ba1\u7406\u5458\u3001\u64cd\u4f5c\u5458\u548c\u7528\u6237\u3002\u6211\u4eec\u4f7f\u7528\u8fd9\u4e9b\u672f\u8bed\u6765\u6807\u8bc6\u6bcf\u4e2a\u89d2\u8272\u5177\u6709\u7684\u5b89\u5168\u8bbf\u95ee\u7ea7\u522b\uff0c\u5c3d\u7ba1\u5b9e\u9645\u4e0a\uff0c\u6211\u4eec\u77e5\u9053\u4e0d\u540c\u7684\u89d2\u8272\u901a\u5e38\u7531\u540c\u4e00\u4e2a\u4eba\u62c5\u4efb\u3002","title":"OpenStack \u7b80\u4ecb"},{"location":"security/security-guide/#_12","text":"OpenStack\u662f\u91c7\u7528\u4e91\u6280\u672f\u7684\u5173\u952e\u63a8\u52a8\u56e0\u7d20\uff0c\u5e76\u5177\u6709\u51e0\u4e2a\u5e38\u89c1\u7684\u90e8\u7f72\u7528\u4f8b\u3002\u8fd9\u4e9b\u6a21\u578b\u901a\u5e38\u79f0\u4e3a\u516c\u5171\u6a21\u578b\u3001\u4e13\u7528\u6a21\u578b\u548c\u6df7\u5408\u6a21\u578b\u3002\u4ee5\u4e0b\u5404\u8282\u4f7f\u7528\u7f8e\u56fd\u56fd\u5bb6\u6807\u51c6\u4e0e\u6280\u672f\u7814\u7a76\u9662 \uff08NIST\uff09 \u5bf9\u4e91\u7684\u5b9a\u4e49\u6765\u4ecb\u7ecd\u8fd9\u4e9b\u9002\u7528\u4e8e OpenStack \u7684\u4e0d\u540c\u7c7b\u578b\u7684\u4e91\u3002","title":"\u4e91\u7c7b\u578b"},{"location":"security/security-guide/#_13","text":"\u6839\u636eNIST\u7684\u8bf4\u6cd5\uff0c\u516c\u5171\u4e91\u662f\u57fa\u7840\u8bbe\u65bd\u5411\u516c\u4f17\u5f00\u653e\u4f9b\u6d88\u8d39\u7684\u4e91\u3002OpenStack\u516c\u6709\u4e91\u901a\u5e38\u7531\u670d\u52a1\u63d0\u4f9b\u5546\u8fd0\u884c\uff0c\u53ef\u4f9b\u4e2a\u4eba\u3001\u516c\u53f8\u6216\u4efb\u4f55\u4ed8\u8d39\u5ba2\u6237\u4f7f\u7528\u3002\u9664\u4e86\u591a\u79cd\u5b9e\u4f8b\u7c7b\u578b\u5916\uff0c\u516c\u6709\u4e91\u63d0\u4f9b\u5546\u8fd8\u53ef\u80fd\u516c\u5f00\u4e00\u6574\u5957\u529f\u80fd\uff0c\u4f8b\u5982\u8f6f\u4ef6\u5b9a\u4e49\u7f51\u7edc\u6216\u5757\u5b58\u50a8\u3002 \u5c31\u5176\u6027\u8d28\u800c\u8a00\uff0c\u516c\u6709\u4e91\u9762\u4e34\u66f4\u9ad8\u7684\u98ce\u9669\u3002\u4f5c\u4e3a\u516c\u6709\u4e91\u7684\u4f7f\u7528\u8005\uff0c\u60a8\u5e94\u8be5\u9a8c\u8bc1\u6240\u9009\u63d0\u4f9b\u5546\u662f\u5426\u5177\u6709\u5fc5\u8981\u7684\u8ba4\u8bc1\u3001\u8bc1\u660e\u548c\u5176\u4ed6\u6cd5\u89c4\u6ce8\u610f\u4e8b\u9879\u3002\u4f5c\u4e3a\u516c\u6709\u4e91\u63d0\u4f9b\u5546\uff0c\u6839\u636e\u60a8\u7684\u76ee\u6807\u5ba2\u6237\uff0c\u60a8\u53ef\u80fd\u9700\u8981\u9075\u5b88\u4e00\u9879\u6216\u591a\u9879\u6cd5\u89c4\u3002\u6b64\u5916\uff0c\u5373\u4f7f\u4e0d\u9700\u8981\u6ee1\u8db3\u6cd5\u89c4\u8981\u6c42\uff0c\u63d0\u4f9b\u5546\u4e5f\u5e94\u786e\u4fdd\u79df\u6237\u9694\u79bb\uff0c\u5e76\u4fdd\u62a4\u7ba1\u7406\u57fa\u7840\u7ed3\u6784\u514d\u53d7\u5916\u90e8\u653b\u51fb\u3002","title":"\u516c\u6709\u4e91"},{"location":"security/security-guide/#_14","text":"\u5728\u9891\u8c31\u7684\u53e6\u4e00\u7aef\u662f\u79c1\u6709\u4e91\u3002\u6b63\u5982NIST\u6240\u5b9a\u4e49\u7684\u90a3\u6837\uff0c\u79c1\u6709\u4e91\u88ab\u914d\u7f6e\u4e3a\u7531\u591a\u4e2a\u6d88\u8d39\u8005\uff08\u5982\u4e1a\u52a1\u90e8\u95e8\uff09\u7ec4\u6210\u7684\u5355\u4e2a\u7ec4\u7ec7\u72ec\u5360\u4f7f\u7528\u3002\u4e91\u53ef\u80fd\u7531\u7ec4\u7ec7\u3001\u7b2c\u4e09\u65b9\u6216\u5b83\u4eec\u7684\u67d0\u79cd\u7ec4\u5408\u62e5\u6709\u3001\u7ba1\u7406\u548c\u8fd0\u8425\uff0c\u5e76\u4e14\u53ef\u80fd\u5b58\u5728\u4e8e\u672c\u5730\u6216\u5916\u90e8\u3002\u79c1\u6709\u4e91\u7528\u4f8b\u591a\u79cd\u591a\u6837\uff0c\u56e0\u6b64\uff0c\u5b83\u4eec\u5404\u81ea\u7684\u5b89\u5168\u95ee\u9898\u5404\u4e0d\u76f8\u540c\u3002","title":"\u79c1\u6709\u4e91"},{"location":"security/security-guide/#_15","text":"NIST \u5c06\u793e\u533a\u4e91\u5b9a\u4e49\u4e3a\u5176\u57fa\u7840\u7ed3\u6784\u4ec5\u4f9b\u5177\u6709\u5171\u540c\u5173\u6ce8\u70b9\uff08\u4f8b\u5982\uff0c\u4efb\u52a1\u3001\u5b89\u5168\u8981\u6c42\u3001\u7b56\u7565\u6216\u5408\u89c4\u6027\u6ce8\u610f\u4e8b\u9879\uff09\u7684\u7ec4\u7ec7\u7684\u7279\u5b9a\u6d88\u8d39\u8005\u793e\u533a\u4f7f\u7528\u3002\u4e91\u53ef\u80fd\u7531\u793e\u533a\u4e2d\u7684\u4e00\u4e2a\u6216\u591a\u4e2a\u7ec4\u7ec7\u3001\u7b2c\u4e09\u65b9\u6216\u5b83\u4eec\u7684\u67d0\u79cd\u7ec4\u5408\u62e5\u6709\u3001\u7ba1\u7406\u548c\u8fd0\u8425\uff0c\u5e76\u4e14\u5b83\u53ef\u80fd\u5b58\u5728\u4e8e\u672c\u5730\u6216\u5916\u90e8\u3002","title":"\u793e\u533a\u4e91"},{"location":"security/security-guide/#_16","text":"NIST\u5c06\u6df7\u5408\u4e91\u5b9a\u4e49\u4e3a\u4e24\u4e2a\u6216\u591a\u4e2a\u4e0d\u540c\u7684\u4e91\u57fa\u7840\u8bbe\u65bd\uff08\u5982\u79c1\u6709\u4e91\u3001\u793e\u533a\u4e91\u6216\u516c\u5171\u4e91\uff09\u7684\u7ec4\u5408\uff0c\u8fd9\u4e9b\u4e91\u57fa\u7840\u8bbe\u65bd\u4ecd\u7136\u662f\u552f\u4e00\u7684\u5b9e\u4f53\uff0c\u4f46\u901a\u8fc7\u6807\u51c6\u5316\u6216\u4e13\u6709\u6280\u672f\u7ed1\u5b9a\u5728\u4e00\u8d77\uff0c\u4ece\u800c\u5b9e\u73b0\u6570\u636e\u548c\u5e94\u7528\u7a0b\u5e8f\u7684\u53ef\u79fb\u690d\u6027\uff0c\u4f8b\u5982\u7528\u4e8e\u4e91\u4e4b\u95f4\u8d1f\u8f7d\u5e73\u8861\u7684\u4e91\u7206\u53d1\u3002\u4f8b\u5982\uff0c\u5728\u7ebf\u96f6\u552e\u5546\u53ef\u80fd\u4f1a\u5728\u5141\u8bb8\u5f39\u6027\u914d\u7f6e\u7684\u516c\u6709\u4e91\u4e0a\u5c55\u793a\u5176\u5e7f\u544a\u548c\u76ee\u5f55\u3002\u8fd9\u5c06\u4f7f\u4ed6\u4eec\u80fd\u591f\u4ee5\u7075\u6d3b\u3001\u5177\u6709\u6210\u672c\u6548\u76ca\u7684\u65b9\u5f0f\u5904\u7406\u5b63\u8282\u6027\u8d1f\u8f7d\u3002\u4e00\u65e6\u5ba2\u6237\u5f00\u59cb\u5904\u7406\u4ed6\u4eec\u7684\u8ba2\u5355\uff0c\u4ed6\u4eec\u5c31\u4f1a\u88ab\u8f6c\u79fb\u5230\u4e00\u4e2a\u66f4\u5b89\u5168\u7684\u79c1\u6709\u4e91\u4e2d\uff0c\u8be5\u79c1\u6709\u4e91\u7b26\u5408PCI\u6807\u51c6\u3002 \u5728\u672c\u6587\u6863\u4e2d\uff0c\u6211\u4eec\u4ee5\u7c7b\u4f3c\u7684\u65b9\u5f0f\u5bf9\u5f85\u793e\u533a\u548c\u6df7\u5408\u4e91\uff0c\u4ec5\u4ece\u5b89\u5168\u89d2\u5ea6\u660e\u786e\u5904\u7406\u516c\u6709\u4e91\u548c\u79c1\u6709\u4e91\u7684\u6781\u7aef\u60c5\u51b5\u3002\u5b89\u5168\u63aa\u65bd\u53d6\u51b3\u4e8e\u90e8\u7f72\u5728\u79c1\u6709\u516c\u5171\u8fde\u7eed\u4f53\u4e0a\u7684\u4f4d\u7f6e\u3002","title":"\u6df7\u5408\u4e91"},{"location":"security/security-guide/#openstack_2","text":"OpenStack \u91c7\u7528\u6a21\u5757\u5316\u67b6\u6784\uff0c\u63d0\u4f9b\u4e00\u7ec4\u6838\u5fc3\u670d\u52a1\uff0c\u4ee5\u4fc3\u8fdb\u53ef\u6269\u5c55\u6027\u548c\u5f39\u6027\u4f5c\u4e3a\u6838\u5fc3\u8bbe\u8ba1\u539f\u5219\u3002\u672c\u7ae0\u7b80\u8981\u56de\u987e\u4e86 OpenStack \u7ec4\u4ef6\u3001\u5b83\u4eec\u7684\u7528\u4f8b\u548c\u5b89\u5168\u6ce8\u610f\u4e8b\u9879\u3002","title":"OpenStack \u670d\u52a1\u6982\u8ff0"},{"location":"security/security-guide/#_17","text":"OpenStack Compute \u670d\u52a1 \uff08nova\uff09 \u63d0\u4f9b\u7684\u670d\u52a1\u652f\u6301\u5927\u89c4\u6a21\u7ba1\u7406\u865a\u62df\u673a\u5b9e\u4f8b\u3001\u6258\u7ba1\u591a\u5c42\u5e94\u7528\u7a0b\u5e8f\u7684\u5b9e\u4f8b\u3001\u5f00\u53d1\u6216\u6d4b\u8bd5\u73af\u5883\u3001\u5904\u7406 Hadoop \u96c6\u7fa4\u7684\u201c\u5927\u6570\u636e\u201d\u6216\u9ad8\u6027\u80fd\u8ba1\u7b97\u3002 \u8ba1\u7b97\u670d\u52a1\u901a\u8fc7\u4e0e\u652f\u6301\u7684\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u4ea4\u4e92\u7684\u62bd\u8c61\u5c42\u6765\u4fc3\u8fdb\u8fd9\u79cd\u7ba1\u7406\uff08\u6211\u4eec\u7a0d\u540e\u4f1a\u66f4\u8be6\u7ec6\u5730\u8ba8\u8bba\u8fd9\u4e2a\u95ee\u9898\uff09\u3002 \u5728\u672c\u6307\u5357\u7684\u540e\u9762\u90e8\u5206\uff0c\u6211\u4eec\u5c06\u91cd\u70b9\u4ecb\u7ecd\u865a\u62df\u5316\u5806\u6808\uff0c\u56e0\u4e3a\u5b83\u4e0e\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u76f8\u5173\u3002 \u6709\u5173\u529f\u80fd\u652f\u6301\u7684\u5f53\u524d\u72b6\u6001\u7684\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 OpenStack Hypervisor \u652f\u6301\u77e9\u9635\u3002 \u8ba1\u7b97\u5b89\u5168\u6027\u5bf9\u4e8eOpenStack\u90e8\u7f72\u81f3\u5173\u91cd\u8981\u3002\u5f3a\u5316\u6280\u672f\u5e94\u5305\u62ec\u5bf9\u5f3a\u5b9e\u4f8b\u9694\u79bb\u7684\u652f\u6301\u3001\u8ba1\u7b97\u5b50\u7ec4\u4ef6\u4e4b\u95f4\u7684\u5b89\u5168\u901a\u4fe1\u4ee5\u53ca\u9762\u5411\u516c\u4f17\u7684 API \u7ec8\u7ed3\u70b9\u7684\u590d\u539f\u80fd\u529b\u3002","title":"\u8ba1\u7b97"},{"location":"security/security-guide/#_18","text":"OpenStack \u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 \uff08swift\uff09 \u652f\u6301\u5728\u4e91\u4e2d\u5b58\u50a8\u548c\u68c0\u7d22\u4efb\u610f\u6570\u636e\u3002\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u63d0\u4f9b\u672c\u673a API \u548c\u4e9a\u9a6c\u900a\u4e91\u79d1\u6280 S3 \u517c\u5bb9 API\u3002\u8be5\u670d\u52a1\u901a\u8fc7\u6570\u636e\u590d\u5236\u63d0\u4f9b\u9ad8\u5ea6\u7684\u590d\u539f\u80fd\u529b\uff0c\u5e76\u4e14\u53ef\u4ee5\u5904\u7406 PB \u7ea7\u7684\u6570\u636e\u3002 \u8bf7\u52a1\u5fc5\u4e86\u89e3\u5bf9\u8c61\u5b58\u50a8\u4e0d\u540c\u4e8e\u4f20\u7edf\u7684\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u3002\u5bf9\u8c61\u5b58\u50a8\u6700\u9002\u5408\u7528\u4e8e\u9759\u6001\u6570\u636e\uff0c\u4f8b\u5982\u5a92\u4f53\u6587\u4ef6\uff08MP3\u3001\u56fe\u50cf\u6216\u89c6\u9891\uff09\u3001\u865a\u62df\u673a\u6620\u50cf\u548c\u5907\u4efd\u6587\u4ef6\u3002 \u5bf9\u8c61\u5b89\u5168\u5e94\u4fa7\u91cd\u4e8e\u4f20\u8f93\u4e2d\u548c\u9759\u6001\u6570\u636e\u7684\u8bbf\u95ee\u63a7\u5236\u548c\u52a0\u5bc6\u3002\u5176\u4ed6\u95ee\u9898\u53ef\u80fd\u4e0e\u7cfb\u7edf\u6ee5\u7528\u3001\u975e\u6cd5\u6216\u6076\u610f\u5185\u5bb9\u5b58\u50a8\u4ee5\u53ca\u4ea4\u53c9\u8eab\u4efd\u9a8c\u8bc1\u653b\u51fb\u5a92\u4ecb\u6709\u5173\u3002","title":"\u5bf9\u8c61\u5b58\u50a8"},{"location":"security/security-guide/#_19","text":"OpenStack \u5757\u5b58\u50a8\u670d\u52a1 \uff08cinder\uff09 \u4e3a\u8ba1\u7b97\u5b9e\u4f8b\u63d0\u4f9b\u6301\u4e45\u6027\u5757\u5b58\u50a8\u3002\u5757\u5b58\u50a8\u670d\u52a1\u8d1f\u8d23\u7ba1\u7406\u5757\u8bbe\u5907\u7684\u751f\u547d\u5468\u671f\uff0c\u4ece\u521b\u5efa\u5377\u548c\u9644\u52a0\u5230\u5b9e\u4f8b\uff0c\u518d\u5230\u91ca\u653e\u3002 \u5757\u5b58\u50a8\u7684\u5b89\u5168\u6ce8\u610f\u4e8b\u9879\u4e0e\u5bf9\u8c61\u5b58\u50a8\u7684\u5b89\u5168\u6ce8\u610f\u4e8b\u9879\u7c7b\u4f3c\u3002","title":"\u5757\u5b58\u50a8"},{"location":"security/security-guide/#_20","text":"\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\uff08\u9a6c\u5c3c\u62c9\uff09\u63d0\u4f9b\u4e86\u4e00\u7ec4\u7528\u4e8e\u7ba1\u7406\u591a\u79df\u6237\u4e91\u73af\u5883\u4e2d\u7684\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u7684\u670d\u52a1\uff0c\u7c7b\u4f3c\u4e8e OpenStack \u901a\u8fc7 OpenStack \u5757\u5b58\u50a8\u670d\u52a1\u9879\u76ee\u63d0\u4f9b\u57fa\u4e8e\u5757\u7684\u5b58\u50a8\u7ba1\u7406\u7684\u65b9\u5f0f\u3002\u4f7f\u7528\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\uff0c\u60a8\u53ef\u4ee5\u521b\u5efa\u8fdc\u7a0b\u6587\u4ef6\u7cfb\u7edf\uff0c\u5c06\u6587\u4ef6\u7cfb\u7edf\u6302\u8f7d\u5230\u5b9e\u4f8b\u4e0a\uff0c\u7136\u540e\u4ece\u5b9e\u4f8b\u8bfb\u53d6\u548c\u5199\u5165\u6587\u4ef6\u7cfb\u7edf\u4e2d\u7684\u6570\u636e\u3002","title":"\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf"},{"location":"security/security-guide/#_21","text":"OpenStack \u7f51\u7edc\u670d\u52a1\uff08neutron\uff0c\u4ee5\u524d\u79f0\u4e3a\u91cf\u5b50\uff09\u4e3a\u4e91\u7528\u6237\uff08\u79df\u6237\uff09\u63d0\u4f9b\u5404\u79cd\u7f51\u7edc\u670d\u52a1\uff0c\u4f8b\u5982 IP \u5730\u5740\u7ba1\u7406\u3001DNS\u3001DHCP\u3001\u8d1f\u8f7d\u5747\u8861\u548c\u5b89\u5168\u7ec4\uff08\u7f51\u7edc\u8bbf\u95ee\u89c4\u5219\uff0c\u5982\u9632\u706b\u5899\u7b56\u7565\uff09\u3002\u6b64\u670d\u52a1\u4e3a\u8f6f\u4ef6\u5b9a\u4e49\u7f51\u7edc \uff08SDN\uff09 \u63d0\u4f9b\u4e86\u4e00\u4e2a\u6846\u67b6\uff0c\u5141\u8bb8\u4e0e\u5404\u79cd\u7f51\u7edc\u89e3\u51b3\u65b9\u6848\u8fdb\u884c\u53ef\u63d2\u62d4\u96c6\u6210\u3002 OpenStack Networking \u5141\u8bb8\u4e91\u79df\u6237\u7ba1\u7406\u5176\u8bbf\u5ba2\u7f51\u7edc\u914d\u7f6e\u3002\u7f51\u7edc\u670d\u52a1\u7684\u5b89\u5168\u95ee\u9898\u5305\u62ec\u7f51\u7edc\u6d41\u91cf\u9694\u79bb\u3001\u53ef\u7528\u6027\u3001\u5b8c\u6574\u6027\u548c\u673a\u5bc6\u6027\u3002","title":"\u7f51\u7edc"},{"location":"security/security-guide/#_22","text":"OpenStack \u4eea\u8868\u677f \uff08horizon\uff09 \u4e3a\u4e91\u7ba1\u7406\u5458\u548c\u4e91\u79df\u6237\u63d0\u4f9b\u4e86\u4e00\u4e2a\u57fa\u4e8e Web \u7684\u754c\u9762\u3002\u4f7f\u7528\u6b64\u754c\u9762\uff0c\u7ba1\u7406\u5458\u548c\u79df\u6237\u53ef\u4ee5\u9884\u914d\u3001\u7ba1\u7406\u548c\u76d1\u89c6\u4e91\u8d44\u6e90\u3002\u4eea\u8868\u677f\u901a\u5e38\u4ee5\u9762\u5411\u516c\u4f17\u7684\u65b9\u5f0f\u90e8\u7f72\uff0c\u5177\u6709\u516c\u5171 Web \u95e8\u6237\u7684\u6240\u6709\u5e38\u89c1\u5b89\u5168\u95ee\u9898\u3002","title":"\u4eea\u8868\u677f"},{"location":"security/security-guide/#_23","text":"OpenStack Identity \u670d\u52a1 \uff08keystone\uff09 \u662f\u4e00\u9879\u5171\u4eab\u670d\u52a1\uff0c\u53ef\u5728\u6574\u4e2a\u4e91\u57fa\u7840\u67b6\u6784\u4e2d\u63d0\u4f9b\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743\u670d\u52a1\u3002Identity \u670d\u52a1\u5177\u6709\u5bf9\u591a\u79cd\u8eab\u4efd\u9a8c\u8bc1\u5f62\u5f0f\u7684\u53ef\u63d2\u5165\u652f\u6301\u3002 Identity \u670d\u52a1\u7684\u5b89\u5168\u95ee\u9898\u5305\u62ec\u5bf9\u8eab\u4efd\u9a8c\u8bc1\u7684\u4fe1\u4efb\u3001\u6388\u6743\u4ee4\u724c\u7684\u7ba1\u7406\u4ee5\u53ca\u5b89\u5168\u901a\u4fe1\u3002","title":"\u8eab\u4efd\u9274\u522b\u670d\u52a1"},{"location":"security/security-guide/#_24","text":"OpenStack \u955c\u50cf\u670d\u52a1\uff08glance\uff09\u63d0\u4f9b\u78c1\u76d8\u955c\u50cf\u7ba1\u7406\u670d\u52a1\uff0c\u5305\u62ec\u955c\u50cf\u53d1\u73b0\u3001\u6ce8\u518c\u548c\u6839\u636e\u9700\u8981\u5411\u8ba1\u7b97\u670d\u52a1\u4ea4\u4ed8\u670d\u52a1\u3002 \u9700\u8981\u53d7\u4fe1\u4efb\u7684\u8fdb\u7a0b\u6765\u7ba1\u7406\u78c1\u76d8\u6620\u50cf\u7684\u751f\u547d\u5468\u671f\uff0c\u4ee5\u53ca\u524d\u9762\u63d0\u5230\u7684\u4e0e\u6570\u636e\u5b89\u5168\u6709\u5173\u7684\u6240\u6709\u95ee\u9898\u3002","title":"\u955c\u50cf\u670d\u52a1"},{"location":"security/security-guide/#_25","text":"\u6570\u636e\u5904\u7406\u670d\u52a1 \uff08sahara\uff09 \u63d0\u4f9b\u4e86\u4e00\u4e2a\u5e73\u53f0\uff0c\u7528\u4e8e\u914d\u7f6e\u3001\u7ba1\u7406\u548c\u4f7f\u7528\u8fd0\u884c\u5e38\u7528\u5904\u7406\u6846\u67b6\u7684\u7fa4\u96c6\u3002 \u6570\u636e\u5904\u7406\u7684\u5b89\u5168\u6ce8\u610f\u4e8b\u9879\u5e94\u4fa7\u91cd\u4e8e\u6570\u636e\u9690\u79c1\u548c\u4e0e\u9884\u7f6e\u96c6\u7fa4\u7684\u5b89\u5168\u901a\u4fe1\u3002","title":"\u6570\u636e\u5904\u7406\u670d\u52a1"},{"location":"security/security-guide/#_26","text":"\u6d88\u606f\u4f20\u9012\u7528\u4e8e\u591a\u4e2a OpenStack \u670d\u52a1\u4e4b\u95f4\u7684\u5185\u90e8\u901a\u4fe1\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0cOpenStack \u4f7f\u7528\u57fa\u4e8e AMQP \u7684\u6d88\u606f\u961f\u5217\u3002\u4e0e\u5927\u591a\u6570 OpenStack \u670d\u52a1\u4e00\u6837\uff0cAMQP \u652f\u6301\u53ef\u63d2\u62d4\u7ec4\u4ef6\u3002\u73b0\u5728\uff0c\u5b9e\u73b0\u540e\u7aef\u53ef\u4ee5\u662f RabbitMQ\u3001Qpid \u6216 ZeroMQ\u3002 \u7531\u4e8e\u5927\u591a\u6570\u7ba1\u7406\u547d\u4ee4\u90fd\u6d41\u7ecf\u6d88\u606f\u961f\u5217\u7cfb\u7edf\uff0c\u56e0\u6b64\u6d88\u606f\u961f\u5217\u5b89\u5168\u6027\u662f\u4efb\u4f55 OpenStack \u90e8\u7f72\u7684\u4e3b\u8981\u5b89\u5168\u95ee\u9898\uff0c\u672c\u6307\u5357\u7a0d\u540e\u5c06\u5bf9\u6b64\u8fdb\u884c\u8be6\u7ec6\u8ba8\u8bba\u3002 \u6709\u51e0\u4e2a\u7ec4\u4ef6\u4f7f\u7528\u6570\u636e\u5e93\uff0c\u5c3d\u7ba1\u5b83\u6ca1\u6709\u663e\u5f0f\u8c03\u7528\u3002\u4fdd\u62a4\u6570\u636e\u5e93\u8bbf\u95ee\u662f\u53e6\u4e00\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u56e0\u6b64\u5728\u672c\u6307\u5357\u540e\u9762\u5c06\u66f4\u8be6\u7ec6\u5730\u8ba8\u8bba\u3002","title":"\u5176\u4ed6\u914d\u5957\u6280\u672f"},{"location":"security/security-guide/#_27","text":"\u4e91\u53ef\u4ee5\u62bd\u8c61\u4e3a\u903b\u8f91\u7ec4\u4ef6\u7684\u96c6\u5408\uff0c\u56e0\u4e3a\u5b83\u4eec\u7684\u529f\u80fd\u3001\u7528\u6237\u548c\u5171\u4eab\u7684\u5b89\u5168\u95ee\u9898\uff0c\u6211\u4eec\u79f0\u4e4b\u4e3a\u5b89\u5168\u57df\u3002\u5a01\u80c1\u53c2\u4e0e\u8005\u548c\u5411\u91cf\u6839\u636e\u5176\u52a8\u673a\u548c\u5bf9\u8d44\u6e90\u7684\u8bbf\u95ee\u8fdb\u884c\u5206\u7c7b\u3002\u6211\u4eec\u7684\u76ee\u6807\u662f\u6839\u636e\u60a8\u7684\u98ce\u9669/\u6f0f\u6d1e\u4fdd\u62a4\u76ee\u6807\uff0c\u8ba9\u60a8\u4e86\u89e3\u6bcf\u4e2a\u57df\u7684\u5b89\u5168\u95ee\u9898\u3002","title":"\u5b89\u5168\u8fb9\u754c\u548c\u5a01\u80c1"},{"location":"security/security-guide/#_28","text":"\u5b89\u5168\u57df\u5305\u62ec\u7528\u6237\u3001\u5e94\u7528\u7a0b\u5e8f\u3001\u670d\u52a1\u5668\u6216\u7f51\u7edc\uff0c\u5b83\u4eec\u5728\u7cfb\u7edf\u4e2d\u5177\u6709\u5171\u540c\u7684\u4fe1\u4efb\u8981\u6c42\u548c\u671f\u671b\u3002\u901a\u5e38\uff0c\u5b83\u4eec\u5177\u6709\u76f8\u540c\u7684\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743 \uff08AuthN/Z\uff09 \u8981\u6c42\u548c\u7528\u6237\u3002 \u5c3d\u7ba1\u60a8\u53ef\u80fd\u5e0c\u671b\u8fdb\u4e00\u6b65\u7ec6\u5206\u8fd9\u4e9b\u57df\uff08\u6211\u4eec\u7a0d\u540e\u5c06\u8ba8\u8bba\u5728\u54ea\u4e9b\u65b9\u9762\u53ef\u80fd\u5408\u9002\uff09\uff0c\u4f46\u6211\u4eec\u901a\u5e38\u6307\u7684\u662f\u56db\u4e2a\u4e0d\u540c\u7684\u5b89\u5168\u57df\uff0c\u5b83\u4eec\u6784\u6210\u4e86\u5b89\u5168\u90e8\u7f72\u4efb\u4f55 OpenStack \u4e91\u6240\u9700\u7684\u6700\u4f4e\u9650\u5ea6\u3002\u8fd9\u4e9b\u5b89\u5168\u57df\u5305\u62ec\uff1a \u516c\u5171\u57df \u8bbf\u5ba2\u57df \u7ba1\u7406\u57df \u6570\u636e\u57df \u6211\u4eec\u4e4b\u6240\u4ee5\u9009\u62e9\u8fd9\u4e9b\u5b89\u5168\u57df\uff0c\u662f\u56e0\u4e3a\u5b83\u4eec\u53ef\u4ee5\u72ec\u7acb\u6620\u5c04\uff0c\u4e5f\u53ef\u4ee5\u7ec4\u5408\u8d77\u6765\uff0c\u4ee5\u8868\u793a\u7ed9\u5b9a OpenStack \u90e8\u7f72\u4e2d\u5927\u591a\u6570\u53ef\u80fd\u7684\u4fe1\u4efb\u533a\u57df\u3002\u4f8b\u5982\uff0c\u67d0\u4e9b\u90e8\u7f72\u62d3\u6251\u53ef\u80fd\u7531\u4e00\u4e2a\u7269\u7406\u7f51\u7edc\u4e0a\u7684\u6765\u5bbe\u57df\u548c\u6570\u636e\u57df\u7684\u7ec4\u5408\u7ec4\u6210\uff0c\u800c\u5176\u4ed6\u62d3\u6251\u5219\u5c06\u8fd9\u4e9b\u57df\u5206\u5f00\u3002\u5728\u6bcf\u79cd\u60c5\u51b5\u4e0b\uff0c\u4e91\u64cd\u4f5c\u5458\u90fd\u5e94\u6ce8\u610f\u9002\u5f53\u7684\u5b89\u5168\u95ee\u9898\u3002\u5b89\u5168\u57df\u5e94\u9488\u5bf9\u7279\u5b9a\u7684 OpenStack \u90e8\u7f72\u62d3\u6251\u8fdb\u884c\u6620\u5c04\u3002\u57df\u53ca\u5176\u4fe1\u4efb\u8981\u6c42\u53d6\u51b3\u4e8e\u4e91\u5b9e\u4f8b\u662f\u516c\u6709\u4e91\u5b9e\u4f8b\u3001\u79c1\u6709\u4e91\u5b9e\u4f8b\u8fd8\u662f\u6df7\u5408\u4e91\u5b9e\u4f8b\u3002","title":"\u5b89\u5168\u57df"},{"location":"security/security-guide/#_29","text":"\u516c\u5171\u5b89\u5168\u57df\u662f\u4e91\u57fa\u7840\u67b6\u6784\u4e2d\u5b8c\u5168\u4e0d\u53d7\u4fe1\u4efb\u7684\u533a\u57df\u3002\u5b83\u53ef\u4ee5\u6307\u6574\u4e2a\u4e92\u8054\u7f51\uff0c\u4e5f\u53ef\u4ee5\u7b80\u5355\u5730\u6307\u60a8\u65e0\u6743\u8bbf\u95ee\u7684\u7f51\u7edc\u3002\u4efb\u4f55\u5177\u6709\u673a\u5bc6\u6027\u6216\u5b8c\u6574\u6027\u8981\u6c42\u4f20\u8f93\u6b64\u57df\u7684\u6570\u636e\u90fd\u5e94\u4f7f\u7528\u8865\u507f\u63a7\u5236\u8fdb\u884c\u4fdd\u62a4\u3002 \u6b64\u57df\u5e94\u59cb\u7ec8\u88ab\u89c6\u4e3a\u4e0d\u53d7\u4fe1\u4efb\u3002","title":"\u516c\u5171"},{"location":"security/security-guide/#_30","text":"\u8bbf\u5ba2\u5b89\u5168\u57df\u901a\u5e38\u7528\u4e8e\u8ba1\u7b97\u5b9e\u4f8b\u5230\u5b9e\u4f8b\u7684\u6d41\u91cf\uff0c\u5b83\u5904\u7406\u7531\u4e91\u4e0a\u7684\u5b9e\u4f8b\u751f\u6210\u7684\u8ba1\u7b97\u6570\u636e\uff0c\u4f46\u4e0d\u5904\u7406\u652f\u6301\u4e91\u64cd\u4f5c\u7684\u670d\u52a1\uff0c\u4f8b\u5982 API \u8c03\u7528\u3002 \u5982\u679c\u516c\u6709\u4e91\u548c\u79c1\u6709\u4e91\u63d0\u4f9b\u5546\u5bf9\u5b9e\u4f8b\u4f7f\u7528\u6ca1\u6709\u4e25\u683c\u63a7\u5236\uff0c\u4e5f\u4e0d\u5141\u8bb8\u5bf9\u865a\u62df\u673a\u8fdb\u884c\u4e0d\u53d7\u9650\u5236\u7684 Internet \u8bbf\u95ee\uff0c\u5219\u5e94\u5c06\u6b64\u57df\u89c6\u4e3a\u4e0d\u53d7\u4fe1\u4efb\u7684\u57df\u3002\u79c1\u6709\u4e91\u63d0\u4f9b\u5546\u53ef\u80fd\u5e0c\u671b\u5c06\u6b64\u7f51\u7edc\u89c6\u4e3a\u5185\u90e8\u7f51\u7edc\uff0c\u5e76\u4e14\u53ea\u6709\u5728\u5b9e\u65bd\u9002\u5f53\u7684\u63a7\u5236\u4ee5\u65ad\u8a00\u5b9e\u4f8b\u548c\u6240\u6709\u5173\u8054\u79df\u6237\u90fd\u662f\u53ef\u4fe1\u7684\u65f6\u3002","title":"\u8bbf\u5ba2"},{"location":"security/security-guide/#_31","text":"\u7ba1\u7406\u5b89\u5168\u57df\u662f\u670d\u52a1\u4ea4\u4e92\u7684\u5730\u65b9\u3002\u6709\u65f6\u79f0\u4e3a\u201c\u63a7\u5236\u5e73\u9762\u201d\uff0c\u6b64\u57df\u4e2d\u7684\u7f51\u7edc\u4f20\u8f93\u673a\u5bc6\u6570\u636e\uff0c\u4f8b\u5982\u914d\u7f6e\u53c2\u6570\u3001\u7528\u6237\u540d\u548c\u5bc6\u7801\u3002\u547d\u4ee4\u548c\u63a7\u5236\u6d41\u91cf\u901a\u5e38\u9a7b\u7559\u5728\u6b64\u57df\u4e2d\uff0c\u8fd9\u9700\u8981\u5f3a\u5927\u7684\u5b8c\u6574\u6027\u8981\u6c42\u3002\u5bf9\u6b64\u57df\u7684\u8bbf\u95ee\u5e94\u53d7\u5230\u9ad8\u5ea6\u9650\u5236\u548c\u76d1\u89c6\u3002\u540c\u65f6\uff0c\u6b64\u57df\u4ecd\u5e94\u91c7\u7528\u672c\u6307\u5357\u4e2d\u63cf\u8ff0\u7684\u6240\u6709\u5b89\u5168\u6700\u4f73\u505a\u6cd5\u3002 \u5728\u5927\u591a\u6570\u90e8\u7f72\u4e2d\uff0c\u6b64\u57df\u88ab\u89c6\u4e3a\u53d7\u4fe1\u4efb\u7684\u57df\u3002\u4f46\u662f\uff0c\u5728\u8003\u8651 OpenStack \u90e8\u7f72\u65f6\uff0c\u6709\u8bb8\u591a\u7cfb\u7edf\u5c06\u6b64\u57df\u4e0e\u5176\u4ed6\u57df\u6865\u63a5\u8d77\u6765\uff0c\u8fd9\u53ef\u80fd\u4f1a\u964d\u4f4e\u60a8\u53ef\u4ee5\u5bf9\u8be5\u57df\u7684\u4fe1\u4efb\u7ea7\u522b\u3002\u6709\u5173\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u6865\u63a5\u5b89\u5168\u57df\u3002","title":"\u7ba1\u7406"},{"location":"security/security-guide/#_32","text":"\u6570\u636e\u5b89\u5168\u57df\u4e3b\u8981\u5173\u6ce8\u4e0eOpenStack\u4e2d\u7684\u5b58\u50a8\u670d\u52a1\u6709\u5173\u7684\u4fe1\u606f\u3002\u901a\u8fc7\u8be5\u7f51\u7edc\u4f20\u8f93\u7684\u5927\u591a\u6570\u6570\u636e\u90fd\u9700\u8981\u9ad8\u5ea6\u7684\u5b8c\u6574\u6027\u548c\u673a\u5bc6\u6027\u3002\u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\uff0c\u6839\u636e\u90e8\u7f72\u7c7b\u578b\uff0c\u53ef\u80fd\u8fd8\u4f1a\u6709\u5f88\u5f3a\u7684\u53ef\u7528\u6027\u8981\u6c42\u3002 \u6b64\u7f51\u7edc\u7684\u4fe1\u4efb\u7ea7\u522b\u5f88\u5927\u7a0b\u5ea6\u4e0a\u53d6\u51b3\u4e8e\u90e8\u7f72\u51b3\u7b56\uff0c\u56e0\u6b64\u6211\u4eec\u4e0d\u4f1a\u4e3a\u5176\u5206\u914d\u4efb\u4f55\u9ed8\u8ba4\u7684\u4fe1\u4efb\u7ea7\u522b\u3002","title":"\u6570\u636e"},{"location":"security/security-guide/#_33","text":"\u7f51\u6865\u662f\u5b58\u5728\u4e8e\u591a\u4e2a\u5b89\u5168\u57df\u4e2d\u7684\u7ec4\u4ef6\u3002\u5fc5\u987b\u4ed4\u7ec6\u914d\u7f6e\u6865\u63a5\u5177\u6709\u4e0d\u540c\u4fe1\u4efb\u7ea7\u522b\u6216\u8eab\u4efd\u9a8c\u8bc1\u8981\u6c42\u7684\u5b89\u5168\u57df\u7684\u4efb\u4f55\u7ec4\u4ef6\u3002\u8fd9\u4e9b\u7f51\u6865\u901a\u5e38\u662f\u7f51\u7edc\u67b6\u6784\u4e2d\u7684\u8584\u5f31\u73af\u8282\u3002\u6865\u63a5\u5e94\u59cb\u7ec8\u914d\u7f6e\u4e3a\u6ee1\u8db3\u5b83\u6240\u6865\u63a5\u7684\u4efb\u4f55\u57df\u7684\u6700\u9ad8\u4fe1\u4efb\u7ea7\u522b\u7684\u5b89\u5168\u8981\u6c42\u3002\u5728\u8bb8\u591a\u60c5\u51b5\u4e0b\uff0c\u7531\u4e8e\u653b\u51fb\u7684\u53ef\u80fd\u6027\uff0c\u6865\u63a5\u5668\u7684\u5b89\u5168\u63a7\u5236\u5e94\u8be5\u662f\u4e3b\u8981\u5173\u6ce8\u70b9\u3002 \u4e0a\u56fe\u663e\u793a\u4e86\u6865\u63a5\u6570\u636e\u548c\u7ba1\u7406\u57df\u7684\u8ba1\u7b97\u8282\u70b9;\u56e0\u6b64\uff0c\u5e94\u5c06\u8ba1\u7b97\u8282\u70b9\u914d\u7f6e\u4e3a\u6ee1\u8db3\u7ba1\u7406\u57df\u7684\u5b89\u5168\u8981\u6c42\u3002\u540c\u6837\uff0c\u6b64\u56fe\u4e2d\u7684 API \u7aef\u70b9\u6b63\u5728\u6865\u63a5\u4e0d\u53d7\u4fe1\u4efb\u7684\u516c\u5171\u57df\u548c\u7ba1\u7406\u57df\uff0c\u5e94\u5c06\u5176\u914d\u7f6e\u4e3a\u9632\u6b62\u4ece\u516c\u5171\u57df\u4f20\u64ad\u5230\u7ba1\u7406\u57df\u7684\u653b\u51fb\u3002 \u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\uff0c\u90e8\u7f72\u4eba\u5458\u53ef\u80fd\u5e0c\u671b\u8003\u8651\u5c06\u7f51\u6865\u4fdd\u62a4\u5230\u6bd4\u5b83\u6240\u5728\u7684\u4efb\u4f55\u57df\u66f4\u9ad8\u7684\u6807\u51c6\u3002\u9274\u4e8e\u4e0a\u8ff0 API \u7aef\u70b9\u793a\u4f8b\uff0c\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u4ece\u516c\u5171\u57df\u4ee5 API \u7aef\u70b9\u4e3a\u76ee\u6807\uff0c\u5229\u7528\u5b83\u6765\u5165\u4fb5\u6216\u8bbf\u95ee\u7ba1\u7406\u57df\u3002 OpenStack\u7684\u8bbe\u8ba1\u4f7f\u5f97\u5b89\u5168\u57df\u7684\u5206\u79bb\u662f\u5f88\u56f0\u96be\u7684\u3002\u7531\u4e8e\u6838\u5fc3\u670d\u52a1\u901a\u5e38\u81f3\u5c11\u6865\u63a5\u4e24\u4e2a\u57df\uff0c\u56e0\u6b64\u5728\u5bf9\u5b83\u4eec\u5e94\u7528\u5b89\u5168\u63a7\u5236\u65f6\u5fc5\u987b\u7279\u522b\u8003\u8651\u3002","title":"\u6865\u63a5\u5b89\u5168\u57df"},{"location":"security/security-guide/#_34","text":"\u5927\u591a\u6570\u7c7b\u578b\u7684\u4e91\u90e8\u7f72\uff08\u516c\u6709\u4e91\u6216\u79c1\u6709\u4e91\uff09\u90fd\u4f1a\u53d7\u5230\u67d0\u79cd\u5f62\u5f0f\u7684\u653b\u51fb\u3002\u5728\u672c\u7ae0\u4e2d\uff0c\u6211\u4eec\u5c06\u5bf9\u653b\u51fb\u8005\u8fdb\u884c\u5206\u7c7b\uff0c\u5e76\u603b\u7ed3\u6bcf\u4e2a\u5b89\u5168\u57df\u4e2d\u7684\u6f5c\u5728\u653b\u51fb\u7c7b\u578b\u3002","title":"\u5a01\u80c1\u5206\u7c7b\u3001\u53c2\u4e0e\u8005\u548c\u653b\u51fb\u5411\u91cf"},{"location":"security/security-guide/#_35","text":"\u5a01\u80c1\u53c2\u4e0e\u8005\u662f\u4e00\u79cd\u62bd\u8c61\u7684\u65b9\u5f0f\uff0c\u7528\u4e8e\u6307\u4ee3\u60a8\u53ef\u80fd\u5c1d\u8bd5\u9632\u5fa1\u7684\u4e00\u7c7b\u5bf9\u624b\u3002\u53c2\u4e0e\u8005\u7684\u80fd\u529b\u8d8a\u5f3a\uff0c\u6210\u529f\u7f13\u89e3\u548c\u9884\u9632\u653b\u51fb\u6240\u9700\u7684\u5b89\u5168\u63a7\u5236\u5c31\u8d8a\u6602\u8d35\u3002\u5b89\u5168\u6027\u662f\u6210\u672c\u3001\u53ef\u7528\u6027\u548c\u9632\u5fa1\u4e4b\u95f4\u7684\u6743\u8861\u3002\u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\uff0c\u4e0d\u53ef\u80fd\u9488\u5bf9\u6211\u4eec\u5728\u6b64\u5904\u63cf\u8ff0\u7684\u6240\u6709\u5a01\u80c1\u53c2\u4e0e\u8005\u4fdd\u62a4\u4e91\u90e8\u7f72\u3002\u90a3\u4e9b\u90e8\u7f72OpenStack\u4e91\u7684\u4eba\u5c06\u4e0d\u5f97\u4e0d\u51b3\u5b9a\u5176\u90e8\u7f72/\u4f7f\u7528\u7684\u5e73\u8861\u70b9\u5728\u54ea\u91cc\u3002","title":"\u5a01\u80c1\u53c2\u4e0e\u8005"},{"location":"security/security-guide/#_36","text":"\u672c\u6307\u5357\u8ba4\u4e3a\u662f\u6700\u6709\u80fd\u529b\u7684\u5bf9\u624b\u3002\u60c5\u62a5\u90e8\u95e8\u548c\u5176\u4ed6\u56fd\u5bb6\u884c\u4e3a\u8005\u53ef\u4ee5\u4e3a\u76ee\u6807\u5e26\u6765\u5de8\u5927\u7684\u8d44\u6e90\u3002\u4ed6\u4eec\u62e5\u6709\u8d85\u8d8a\u4efb\u4f55\u5176\u4ed6\u53c2\u4e0e\u8005\u7684\u80fd\u529b\u3002\u5982\u679c\u6ca1\u6709\u6781\u5176\u4e25\u683c\u7684\u63a7\u5236\u63aa\u65bd\uff0c\u65e0\u8bba\u662f\u4eba\u529b\u8fd8\u662f\u6280\u672f\uff0c\u90fd\u5f88\u96be\u9632\u5fa1\u8fd9\u4e9b\u884c\u4e3a\u8005\u3002","title":"\u60c5\u62a5\u673a\u6784"},{"location":"security/security-guide/#_37","text":"\u80fd\u529b\u5f3a\u4e14\u53d7\u7ecf\u6d4e\u9a71\u52a8\u7684\u653b\u51fb\u8005\u7fa4\u4f53\u3002\u80fd\u591f\u8d44\u52a9\u5185\u90e8\u6f0f\u6d1e\u5f00\u53d1\u548c\u76ee\u6807\u7814\u7a76\u3002\u8fd1\u5e74\u6765\uff0c\u4fc4\u7f57\u65af\u5546\u4e1a\u7f51\u7edc\uff08Russian Business Network\uff09\u7b49\u7ec4\u7ec7\u7684\u5d1b\u8d77\uff0c\u4e00\u4e2a\u5e9e\u5927\u7684\u7f51\u7edc\u72af\u7f6a\u4f01\u4e1a\uff0c\u5df2\u7ecf\u8bc1\u660e\u4e86\u7f51\u7edc\u653b\u51fb\u5982\u4f55\u6210\u4e3a\u4e00\u79cd\u5546\u54c1\u3002\u5de5\u4e1a\u95f4\u8c0d\u6d3b\u52a8\u5c5e\u4e8e\u4e25\u91cd\u7684\u6709\u7ec4\u7ec7\u72af\u7f6a\u96c6\u56e2\u3002","title":"\u4e25\u91cd\u6709\u7ec4\u7ec7\u72af\u7f6a"},{"location":"security/security-guide/#_38","text":"\u8fd9\u662f\u6307\u201c\u9ed1\u5ba2\u884c\u52a8\u4e3b\u4e49\u8005\u201d\u7c7b\u578b\u7684\u7ec4\u7ec7\uff0c\u4ed6\u4eec\u901a\u5e38\u6ca1\u6709\u5546\u4e1a\u8d44\u52a9\uff0c\u4f46\u53ef\u80fd\u5bf9\u670d\u52a1\u63d0\u4f9b\u5546\u548c\u4e91\u8fd0\u8425\u5546\u6784\u6210\u4e25\u91cd\u5a01\u80c1\u3002","title":"\u9ad8\u80fd\u529b\u7684\u56e2\u961f"},{"location":"security/security-guide/#_39","text":"\u8fd9\u4e9b\u653b\u51fb\u8005\u5355\u72ec\u884c\u52a8\uff0c\u4ee5\u591a\u79cd\u5f62\u5f0f\u51fa\u73b0\uff0c\u4f8b\u5982\u6d41\u6c13\u6216\u6076\u610f\u5458\u5de5\u3001\u5fc3\u6000\u4e0d\u6ee1\u7684\u5ba2\u6237\u6216\u5c0f\u89c4\u6a21\u7684\u5de5\u4e1a\u95f4\u8c0d\u6d3b\u52a8\u3002","title":"\u6709\u52a8\u673a\u7684\u4e2a\u4eba"},{"location":"security/security-guide/#_40","text":"\u81ea\u52a8\u6f0f\u6d1e\u626b\u63cf/\u5229\u7528\u3002\u975e\u9488\u5bf9\u6027\u653b\u51fb\u3002\u901a\u5e38\uff0c\u53ea\u6709\u8fd9\u4e9b\u884c\u4e3a\u8005\u4e4b\u4e00\u7684\u6ecb\u6270\u3001\u59a5\u534f\u624d\u4f1a\u5bf9\u7ec4\u7ec7\u7684\u58f0\u8a89\u6784\u6210\u91cd\u5927\u98ce\u9669\u3002","title":"\u811a\u672c\u653b\u51fb\u8005"},{"location":"security/security-guide/#_41","text":"\u79c1\u6709\u4e91\u901a\u5e38\u7531\u4f01\u4e1a\u6216\u673a\u6784\u5728\u5176\u7f51\u7edc\u5185\u90e8\u548c\u9632\u706b\u5899\u540e\u9762\u90e8\u7f72\u3002\u4f01\u4e1a\u5c06\u5bf9\u5141\u8bb8\u54ea\u4e9b\u6570\u636e\u9000\u51fa\u5176\u7f51\u7edc\u6709\u4e25\u683c\u7684\u653f\u7b56\uff0c\u751a\u81f3\u53ef\u80fd\u4e3a\u7279\u5b9a\u76ee\u7684\u4f7f\u7528\u4e0d\u540c\u7684\u4e91\u3002\u79c1\u6709\u4e91\u7684\u7528\u6237\u901a\u5e38\u662f\u62e5\u6709\u4e91\u7684\u7ec4\u7ec7\u7684\u5458\u5de5\uff0c\u5e76\u4e14\u80fd\u591f\u5bf9\u5176\u884c\u4e3a\u8d1f\u8d23\u3002\u5458\u5de5\u901a\u5e38\u4f1a\u5728\u8bbf\u95ee\u4e91\u4e4b\u524d\u53c2\u52a0\u57f9\u8bad\u8bfe\u7a0b\uff0c\u5e76\u4e14\u53ef\u80fd\u4f1a\u53c2\u52a0\u5b9a\u671f\u5b89\u6392\u7684\u5b89\u5168\u610f\u8bc6\u57f9\u8bad\u3002\u76f8\u6bd4\u4e4b\u4e0b\uff0c\u516c\u6709\u4e91\u4e0d\u80fd\u5bf9\u5176\u7528\u6237\u3001\u4e91\u7528\u4f8b\u6216\u7528\u6237\u52a8\u673a\u505a\u51fa\u4efb\u4f55\u65ad\u8a00\u3002\u5bf9\u4e8e\u516c\u6709\u4e91\u63d0\u4f9b\u5546\u6765\u8bf4\uff0c\u8fd9\u4f1a\u7acb\u5373\u5c06\u5ba2\u6237\u673a\u5b89\u5168\u57df\u63a8\u5165\u5b8c\u5168\u4e0d\u53d7\u4fe1\u4efb\u7684\u72b6\u6001\u3002 \u516c\u6709\u4e91\u653b\u51fb\u9762\u7684\u4e00\u4e2a\u663e\u7740\u533a\u522b\u662f\uff0c\u5b83\u4eec\u5fc5\u987b\u63d0\u4f9b\u5bf9\u5176\u670d\u52a1\u7684\u4e92\u8054\u7f51\u8bbf\u95ee\u3002\u5b9e\u4f8b\u8fde\u63a5\u3001\u901a\u8fc7 Internet \u8bbf\u95ee\u6587\u4ef6\u4ee5\u53ca\u4e0e\u4e91\u63a7\u5236\u7ed3\u6784\uff08\u5982 API \u7aef\u70b9\u548c\u4eea\u8868\u677f\uff09\u4ea4\u4e92\u7684\u80fd\u529b\u662f\u516c\u6709\u4e91\u7684\u5fc5\u5907\u6761\u4ef6\u3002 \u516c\u6709\u4e91\u548c\u79c1\u6709\u4e91\u7528\u6237\u7684\u9690\u79c1\u95ee\u9898\u901a\u5e38\u662f\u622a\u7136\u76f8\u53cd\u7684\u3002\u5728\u79c1\u6709\u4e91\u4e2d\u751f\u6210\u548c\u5b58\u50a8\u7684\u6570\u636e\u901a\u5e38\u7531\u4e91\u8fd0\u8425\u5546\u62e5\u6709\uff0c\u4ed6\u4eec\u80fd\u591f\u90e8\u7f72\u6570\u636e\u4e22\u5931\u9632\u62a4 \uff08DLP\uff09 \u4fdd\u62a4\u3001\u6587\u4ef6\u68c0\u67e5\u3001\u6df1\u5ea6\u6570\u636e\u5305\u68c0\u67e5\u548c\u89c4\u8303\u6027\u9632\u706b\u5899\u7b49\u6280\u672f\u3002\u76f8\u6bd4\u4e4b\u4e0b\uff0c\u9690\u79c1\u662f\u91c7\u7528\u516c\u6709\u4e91\u57fa\u7840\u8bbe\u65bd\u7684\u4e3b\u8981\u969c\u788d\u4e4b\u4e00\uff0c\u56e0\u4e3a\u524d\u9762\u63d0\u5230\u7684\u8bb8\u591a\u63a7\u5236\u63aa\u65bd\u5e76\u4e0d\u5b58\u5728\u3002","title":"\u516c\u6709\u4e91\u548c\u79c1\u6709\u4e91\u6ce8\u610f\u4e8b\u9879"},{"location":"security/security-guide/#_42","text":"\u5e94\u4ed4\u7ec6\u8003\u8651\u4e91\u90e8\u7f72\u4e2d\u6f5c\u5728\u7684\u51fa\u7ad9\u6ee5\u7528\u3002\u65e0\u8bba\u662f\u516c\u6709\u4e91\u8fd8\u662f\u79c1\u6709\u4e91\uff0c\u4e91\u5f80\u5f80\u90fd\u6709\u5927\u91cf\u53ef\u7528\u8d44\u6e90\u3002\u901a\u8fc7\u9ed1\u5ba2\u653b\u51fb\u6216\u6388\u6743\u8bbf\u95ee\u5728\u4e91\u4e2d\u5efa\u7acb\u5b58\u5728\u70b9\u7684\u653b\u51fb\u8005\uff08\u4f8b\u5982\u6d41\u6c13\u5458\u5de5\uff09\u53ef\u4ee5\u4f7f\u8fd9\u4e9b\u8d44\u6e90\u5bf9\u6574\u4e2a\u4e92\u8054\u7f51\u4ea7\u751f\u5f71\u54cd\u3002\u5177\u6709\u8ba1\u7b97\u670d\u52a1\u7684\u4e91\u662f\u7406\u60f3\u7684 DDoS \u548c\u66b4\u529b\u5f15\u64ce\u3002\u5bf9\u4e8e\u516c\u6709\u4e91\u6765\u8bf4\uff0c\u8fd9\u4e2a\u95ee\u9898\u66f4\u4e3a\u7d27\u8feb\uff0c\u56e0\u4e3a\u5b83\u4eec\u7684\u7528\u6237\u5728\u5f88\u5927\u7a0b\u5ea6\u4e0a\u662f\u4e0d\u8d1f\u8d23\u4efb\u7684\uff0c\u5e76\u4e14\u53ef\u4ee5\u8fc5\u901f\u542f\u52a8\u5927\u91cf\u4e00\u6b21\u6027\u5b9e\u4f8b\u8fdb\u884c\u51fa\u7ad9\u653b\u51fb\u3002\u5982\u679c\u4e00\u5bb6\u516c\u53f8\u56e0\u6258\u7ba1\u6076\u610f\u8f6f\u4ef6\u6216\u5bf9\u5176\u4ed6\u7f51\u7edc\u53d1\u8d77\u653b\u51fb\u800c\u95fb\u540d\uff0c\u53ef\u80fd\u4f1a\u5bf9\u516c\u53f8\u7684\u58f0\u8a89\u9020\u6210\u91cd\u5927\u635f\u5bb3\u3002\u9884\u9632\u65b9\u6cd5\u5305\u62ec\u51fa\u53e3\u5b89\u5168\u7ec4\u3001\u51fa\u7ad9\u6d41\u91cf\u68c0\u67e5\u3001\u5ba2\u6237\u6559\u80b2\u548c\u610f\u8bc6\uff0c\u4ee5\u53ca\u6b3a\u8bc8\u548c\u6ee5\u7528\u7f13\u89e3\u7b56\u7565\u3002","title":"\u51fa\u7ad9\u653b\u51fb\u548c\u58f0\u8a89\u98ce\u9669"},{"location":"security/security-guide/#_43","text":"\u8be5\u56fe\u663e\u793a\u4e86\u4e0a\u4e00\u8282\u4e2d\u63cf\u8ff0\u7684\u53c2\u4e0e\u8005\u53ef\u80fd\u9884\u671f\u7684\u5178\u578b\u653b\u51fb\u7c7b\u578b\u3002\u8bf7\u6ce8\u610f\uff0c\u6b64\u56fe\u4e0d\u6392\u9664\u6709\u4e0d\u53ef\u9884\u671f\u7684\u653b\u51fb\u7c7b\u578b\u3002 \u653b\u51fb\u7c7b\u578b \u6bcf\u79cd\u653b\u51fb\u5f62\u5f0f\u7684\u89c4\u8303\u6027\u9632\u5fa1\u8d85\u51fa\u4e86\u672c\u6587\u6863\u7684\u8303\u56f4\u3002\u4e0a\u56fe\u53ef\u4ee5\u5e2e\u52a9\u60a8\u5c31\u5e94\u9632\u8303\u54ea\u4e9b\u7c7b\u578b\u7684\u5a01\u80c1\u548c\u5a01\u80c1\u53c2\u4e0e\u8005\u505a\u51fa\u660e\u667a\u7684\u51b3\u5b9a\u3002\u5bf9\u4e8e\u5546\u4e1a\u516c\u6709\u4e91\u90e8\u7f72\uff0c\u8fd9\u53ef\u80fd\u5305\u62ec\u9884\u9632\u4e25\u91cd\u72af\u7f6a\u3002\u5bf9\u4e8e\u90a3\u4e9b\u4e3a\u653f\u5e9c\u4f7f\u7528\u90e8\u7f72\u79c1\u6709\u4e91\u7684\u4eba\u6765\u8bf4\uff0c\u5e94\u8be5\u5efa\u7acb\u66f4\u4e25\u683c\u7684\u4fdd\u62a4\u673a\u5236\uff0c\u5305\u62ec\u7cbe\u5fc3\u4fdd\u62a4\u7684\u8bbe\u65bd\u548c\u4f9b\u5e94\u94fe\u3002\u76f8\u6bd4\u4e4b\u4e0b\uff0c\u90a3\u4e9b\u5efa\u7acb\u57fa\u672c\u5f00\u53d1\u6216\u6d4b\u8bd5\u73af\u5883\u7684\u4eba\u53ef\u80fd\u9700\u8981\u9650\u5236\u8f83\u5c11\u7684\u63a7\u5236\uff08\u4e2d\u95f4\uff09\u3002","title":"\u653b\u51fb\u7c7b\u578b"},{"location":"security/security-guide/#_44","text":"\u60a8\u9009\u62e9\u7684\u652f\u6301\u8f6f\u4ef6\uff08\u5982\u6d88\u606f\u4f20\u9012\u548c\u8d1f\u8f7d\u5e73\u8861\uff09\u53ef\u80fd\u4f1a\u5bf9\u4e91\u4ea7\u751f\u4e25\u91cd\u7684\u5b89\u5168\u5f71\u54cd\u3002\u4e3a\u7ec4\u7ec7\u505a\u51fa\u6b63\u786e\u7684\u9009\u62e9\u975e\u5e38\u91cd\u8981\u3002\u672c\u8282\u63d0\u4f9b\u4e86\u9009\u62e9\u652f\u6301\u8f6f\u4ef6\u7684\u4e00\u4e9b\u4e00\u822c\u51c6\u5219\u3002 \u4e3a\u4e86\u9009\u62e9\u6700\u4f73\u652f\u6301\u8f6f\u4ef6\uff0c\u8bf7\u8003\u8651\u4ee5\u4e0b\u56e0\u7d20\uff1a \u56e2\u961f\u4e13\u4e1a\u77e5\u8bc6 \u4ea7\u54c1\u6216\u9879\u76ee\u6210\u719f\u5ea6 \u901a\u7528\u6807\u51c6 \u786c\u4ef6\u95ee\u9898","title":"\u9009\u62e9\u652f\u6301\u8f6f\u4ef6"},{"location":"security/security-guide/#_45","text":"\u56e2\u961f\u8d8a\u719f\u6089\u7279\u5b9a\u4ea7\u54c1\u3001\u5176\u914d\u7f6e\u548c\u7279\u6b8a\u6027\uff0c\u5c31\u8d8a\u5c11\u4f1a\u51fa\u73b0\u914d\u7f6e\u9519\u8bef\u3002\u6b64\u5916\uff0c\u5c06\u5458\u5de5\u7684\u4e13\u4e1a\u77e5\u8bc6\u5206\u6563\u5230\u6574\u4e2a\u7ec4\u7ec7\u4e2d\u53ef\u4ee5\u589e\u52a0\u7cfb\u7edf\u7684\u53ef\u7528\u6027\uff0c\u5141\u8bb8\u5206\u5de5\uff0c\u5e76\u5728\u56e2\u961f\u6210\u5458\u4e0d\u53ef\u7528\u65f6\u51cf\u8f7b\u95ee\u9898\u3002","title":"\u56e2\u961f\u4e13\u4e1a\u77e5\u8bc6"},{"location":"security/security-guide/#_46","text":"\u7ed9\u5b9a\u4ea7\u54c1\u6216\u9879\u76ee\u7684\u6210\u719f\u5ea6\u5bf9\u60a8\u7684\u5b89\u5168\u72b6\u51b5\u81f3\u5173\u91cd\u8981\u3002\u90e8\u7f72\u4e91\u540e\uff0c\u4ea7\u54c1\u6210\u719f\u5ea6\u4f1a\u4ea7\u751f\u8bb8\u591a\u5f71\u54cd\uff1a \u4e13\u4e1a\u77e5\u8bc6\u7684\u53ef\u7528\u6027 \u6d3b\u8dc3\u7684\u5f00\u53d1\u4eba\u5458\u548c\u7528\u6237\u793e\u533a \u66f4\u65b0\u7684\u53ca\u65f6\u6027\u548c\u53ef\u7528\u6027 \u4e8b\u4ef6\u54cd\u5e94","title":"\u4ea7\u54c1\u6216\u9879\u76ee\u6210\u719f\u5ea6"},{"location":"security/security-guide/#_47","text":"\u901a\u7528\u6807\u51c6\u662f\u4e00\u4e2a\u56fd\u9645\u6807\u51c6\u5316\u7684\u8f6f\u4ef6\u8bc4\u4f30\u8fc7\u7a0b\uff0c\u653f\u5e9c\u548c\u5546\u4e1a\u516c\u53f8\u4f7f\u7528\u5b83\u6765\u9a8c\u8bc1\u8f6f\u4ef6\u6280\u672f\u7684\u6027\u80fd\u662f\u5426\u5982\u5ba3\u4f20\u7684\u90a3\u6837\u3002","title":"\u901a\u7528\u6807\u51c6"},{"location":"security/security-guide/#_48","text":"\u8003\u8651\u8fd0\u884c\u8f6f\u4ef6\u7684\u786c\u4ef6\u7684\u53ef\u652f\u6301\u6027\u3002\u6b64\u5916\uff0c\u8bf7\u8003\u8651\u786c\u4ef6\u4e2d\u53ef\u7528\u7684\u5176\u4ed6\u529f\u80fd\uff0c\u4ee5\u53ca\u60a8\u9009\u62e9\u7684\u8f6f\u4ef6\u5982\u4f55\u652f\u6301\u8fd9\u4e9b\u529f\u80fd\u3002","title":"\u786c\u4ef6\u95ee\u9898"},{"location":"security/security-guide/#_49","text":"OpenStack \u4e91\u90e8\u7f72\u7684\u7cfb\u7edf\u6587\u6863\u5e94\u9075\u5faa\u7ec4\u7ec7\u4e2d\u4f01\u4e1a\u4fe1\u606f\u6280\u672f\u7cfb\u7edf\u7684\u6a21\u677f\u548c\u6700\u4f73\u5b9e\u8df5\u3002\u7ec4\u7ec7\u901a\u5e38\u6709\u5408\u89c4\u6027\u8981\u6c42\uff0c\u8fd9\u53ef\u80fd\u9700\u8981\u4e00\u4e2a\u6574\u4f53\u7684\u7cfb\u7edf\u5b89\u5168\u8ba1\u5212\u6765\u6e05\u70b9\u548c\u8bb0\u5f55\u7ed9\u5b9a\u7cfb\u7edf\u7684\u67b6\u6784\u3002\u6574\u4e2a\u884c\u4e1a\u90fd\u9762\u4e34\u7740\u4e0e\u8bb0\u5f55\u52a8\u6001\u4e91\u57fa\u7840\u67b6\u6784\u548c\u4fdd\u6301\u4fe1\u606f\u6700\u65b0\u76f8\u5173\u7684\u5171\u540c\u6311\u6218\u3002 \u7cfb\u7edf\u6587\u6863\u8981\u6c42 \u7cfb\u7edf\u89d2\u8272\u548c\u7c7b\u578b \u7cfb\u7edf\u6e05\u5355 \u7f51\u7edc\u62d3\u6251 \u670d\u52a1\u3001\u534f\u8bae\u548c\u7aef\u53e3","title":"\u7cfb\u7edf\u6587\u6863"},{"location":"security/security-guide/#_50","text":"","title":"\u7cfb\u7edf\u6587\u6863\u8981\u6c42"},{"location":"security/security-guide/#_51","text":"\u901a\u5e38\u6784\u6210 OpenStack \u5b89\u88c5\u7684\u4e24\u79cd\u5e7f\u4e49\u8282\u70b9\u7c7b\u578b\u662f\uff1a","title":"\u7cfb\u7edf\u89d2\u8272\u548c\u7c7b\u578b"},{"location":"security/security-guide/#_52","text":"\u8fd0\u884c\u4e0e\u4e91\u76f8\u5173\u7684\u670d\u52a1\uff0c\u4f8b\u5982 OpenStack Identity \u670d\u52a1\u3001\u6d88\u606f\u961f\u5217\u670d\u52a1\u3001\u5b58\u50a8\u3001\u7f51\u7edc\u4ee5\u53ca\u652f\u6301\u4e91\u8fd0\u884c\u6240\u9700\u7684\u5176\u4ed6\u670d\u52a1\u3002","title":"\u57fa\u7840\u8bbe\u65bd\u8282\u70b9"},{"location":"security/security-guide/#_53","text":"\u4e3a\u4e91\u63d0\u4f9b\u5b58\u50a8\u5bb9\u91cf\u6216\u865a\u62df\u673a\u3002","title":"\u8ba1\u7b97\u3001\u5b58\u50a8\u6216\u5176\u4ed6\u8d44\u6e90\u8282\u70b9"},{"location":"security/security-guide/#_54","text":"\u6587\u6863\u5e94\u63d0\u4f9bOpenStack\u73af\u5883\u7684\u4e00\u822c\u63cf\u8ff0\uff0c\u5e76\u6db5\u76d6\u4f7f\u7528\u7684\u6240\u6709\u7cfb\u7edf\uff08\u4f8b\u5982\uff0c\u751f\u4ea7\u3001\u5f00\u53d1\u6216\u6d4b\u8bd5\uff09\u3002\u8bb0\u5f55\u7cfb\u7edf\u7ec4\u4ef6\u3001\u7f51\u7edc\u3001\u670d\u52a1\u548c\u8f6f\u4ef6\u901a\u5e38\u63d0\u4f9b\u5168\u9762\u8986\u76d6\u548c\u8003\u8651\u5b89\u5168\u95ee\u9898\u3001\u653b\u51fb\u5a92\u4ecb\u548c\u53ef\u80fd\u7684\u5b89\u5168\u57df\u6865\u63a5\u70b9\u6240\u9700\u7684\u9e1f\u77b0\u56fe\u3002\u7cfb\u7edf\u6e05\u5355\u53ef\u80fd\u9700\u8981\u6355\u83b7\u4e34\u65f6\u8d44\u6e90\uff0c\u4f8b\u5982\u865a\u62df\u673a\u6216\u865a\u62df\u78c1\u76d8\u5377\uff0c\u5426\u5219\u8fd9\u4e9b\u8d44\u6e90\u5c06\u6210\u4e3a\u4f20\u7edf IT \u7cfb\u7edf\u4e2d\u7684\u6301\u4e45\u6027\u8d44\u6e90\u3002","title":"\u7cfb\u7edf\u6e05\u5355"},{"location":"security/security-guide/#_55","text":"\u5bf9\u4e66\u9762\u6587\u6863\u6ca1\u6709\u4e25\u683c\u5408\u89c4\u6027\u8981\u6c42\u7684\u4e91\u53ef\u80fd\u4f1a\u53d7\u76ca\u4e8e\u914d\u7f6e\u7ba1\u7406\u6570\u636e\u5e93 \uff08CMDB\uff09\u3002CMDB\u901a\u5e38\u7528\u4e8e\u786c\u4ef6\u8d44\u4ea7\u8ddf\u8e2a\u548c\u6574\u4f53\u751f\u547d\u5468\u671f\u7ba1\u7406\u3002\u901a\u8fc7\u5229\u7528 CMDB\uff0c\u7ec4\u7ec7\u53ef\u4ee5\u5feb\u901f\u8bc6\u522b\u4e91\u57fa\u7840\u8bbe\u65bd\u786c\u4ef6\uff0c\u4f8b\u5982\u8ba1\u7b97\u8282\u70b9\u3001\u5b58\u50a8\u8282\u70b9\u6216\u7f51\u7edc\u8bbe\u5907\u3002CMDB\u53ef\u4ee5\u5e2e\u52a9\u8bc6\u522b\u7f51\u7edc\u4e0a\u5b58\u5728\u7684\u8d44\u4ea7\uff0c\u8fd9\u4e9b\u8d44\u4ea7\u53ef\u80fd\u7531\u4e8e\u7ef4\u62a4\u4e0d\u8db3\u3001\u4fdd\u62a4\u4e0d\u8db3\u6216\u88ab\u53d6\u4ee3\u548c\u9057\u5fd8\u800c\u5b58\u5728\u6f0f\u6d1e\u3002\u5982\u679c\u5e95\u5c42\u786c\u4ef6\u652f\u6301\u5fc5\u8981\u7684\u81ea\u52a8\u53d1\u73b0\u529f\u80fd\uff0c\u5219 OpenStack \u7f6e\u5907\u7cfb\u7edf\u53ef\u4ee5\u63d0\u4f9b\u4e00\u4e9b\u57fa\u672c\u7684 CMDB \u529f\u80fd\u3002","title":"\u786c\u4ef6\u6e05\u5355"},{"location":"security/security-guide/#_56","text":"\u4e0e\u786c\u4ef6\u4e00\u6837\uff0cOpenStack \u90e8\u7f72\u4e2d\u7684\u6240\u6709\u8f6f\u4ef6\u7ec4\u4ef6\u90fd\u5e94\u8bb0\u5f55\u5728\u6848\u3002\u793a\u4f8b\u5305\u62ec\uff1a \u7cfb\u7edf\u6570\u636e\u5e93\uff0c\u4f8b\u5982 MySQL \u6216 mongoDB OpenStack \u8f6f\u4ef6\u7ec4\u4ef6\uff0c\u4f8b\u5982 Identity \u6216 Compute \u652f\u6301\u7ec4\u4ef6\uff0c\u4f8b\u5982\u8d1f\u8f7d\u5747\u8861\u5668\u3001\u53cd\u5411\u4ee3\u7406\u3001DNS \u6216 DHCP \u670d\u52a1 \u5728\u8bc4\u4f30\u5e93\u3001\u5e94\u7528\u7a0b\u5e8f\u6216\u8f6f\u4ef6\u7c7b\u522b\u4e2d\u6cc4\u9732\u6216\u6f0f\u6d1e\u7684\u5f71\u54cd\u65f6\uff0c\u8f6f\u4ef6\u7ec4\u4ef6\u7684\u6743\u5a01\u5217\u8868\u53ef\u80fd\u81f3\u5173\u91cd\u8981\u3002","title":"\u8f6f\u4ef6\u6e05\u5355"},{"location":"security/security-guide/#_57","text":"\u5e94\u63d0\u4f9b\u7f51\u7edc\u62d3\u6251\uff0c\u5e76\u7a81\u51fa\u663e\u793a\u5b89\u5168\u57df\u4e4b\u95f4\u7684\u6570\u636e\u6d41\u548c\u6865\u63a5\u70b9\u3002\u7f51\u7edc\u5165\u53e3\u548c\u51fa\u53e3\u70b9\u5e94\u4e0e\u4efb\u4f55 OpenStack \u903b\u8f91\u7cfb\u7edf\u8fb9\u754c\u4e00\u8d77\u6807\u8bc6\u3002\u53ef\u80fd\u9700\u8981\u591a\u4e2a\u56fe\u8868\u6765\u63d0\u4f9b\u7cfb\u7edf\u7684\u5b8c\u6574\u89c6\u89c9\u8986\u76d6\u3002\u7f51\u7edc\u62d3\u6251\u6587\u6863\u5e94\u5305\u62ec\u7cfb\u7edf\u4ee3\u8868\u79df\u6237\u521b\u5efa\u7684\u865a\u62df\u7f51\u7edc\uff0c\u4ee5\u53ca OpenStack \u521b\u5efa\u7684\u865a\u62df\u673a\u5b9e\u4f8b\u548c\u7f51\u5173\u3002","title":"\u7f51\u7edc\u62d3\u6251"},{"location":"security/security-guide/#_58","text":"\u4e86\u89e3\u6709\u5173\u7ec4\u7ec7\u8d44\u4ea7\u7684\u4fe1\u606f\u901a\u5e38\u662f\u6700\u4f73\u505a\u6cd5\u3002\u8d44\u4ea7\u8868\u53ef\u4ee5\u5e2e\u52a9\u9a8c\u8bc1\u5b89\u5168\u8981\u6c42\uff0c\u5e76\u5e2e\u52a9\u7ef4\u62a4\u6807\u51c6\u5b89\u5168\u7ec4\u4ef6\uff0c\u4f8b\u5982\u9632\u706b\u5899\u914d\u7f6e\u3001\u670d\u52a1\u7aef\u53e3\u51b2\u7a81\u3001\u5b89\u5168\u4fee\u6b63\u533a\u57df\u548c\u5408\u89c4\u6027\u3002\u6b64\u5916\uff0c\u8be5\u8868\u8fd8\u6709\u52a9\u4e8e\u7406\u89e3 OpenStack \u7ec4\u4ef6\u4e4b\u95f4\u7684\u5173\u7cfb\u3002\u8be5\u8868\u53ef\u80fd\u5305\u62ec\uff1a OpenStack \u90e8\u7f72\u4e2d\u4f7f\u7528\u7684\u670d\u52a1\u3001\u534f\u8bae\u548c\u7aef\u53e3\u3002 \u4e91\u57fa\u7840\u67b6\u6784\u4e2d\u8fd0\u884c\u7684\u6240\u6709\u670d\u52a1\u7684\u6982\u8ff0\u3002 \u5f3a\u70c8\u5efa\u8bae OpenStack \u90e8\u7f72\u8bb0\u5f55\u4e0e\u6b64\u7c7b\u4f3c\u7684\u4fe1\u606f\u3002\u8be5\u8868\u53ef\u4ee5\u6839\u636e\u4ece CMDB \u6d3e\u751f\u7684\u4fe1\u606f\u521b\u5efa\uff0c\u4e5f\u53ef\u4ee5\u624b\u52a8\u6784\u5efa\u3002 \u4e0b\u9762\u63d0\u4f9b\u4e86\u4e00\u4e2a\u8868\u683c\u793a\u4f8b\uff1a \u670d\u52a1 \u534f\u8bae \u7aef\u53e3 \u76ee\u7684 \u4f7f\u7528\u8005 \u5b89\u5168\u57df beam.smp AMQP 5672/tcp AMQP \u6d88\u606f\u670d\u52a1 RabbitMQ \u7ba1\u7406\u57df tgtd iSCSI 3260/tcp iSCSI \u53d1\u8d77\u7a0b\u5e8f\u670d\u52a1 iSCSI \u79c1\u6709\uff08\u6570\u636e\u7f51\u7edc\uff09 sshd ssh 22/tcp \u5141\u8bb8\u5b89\u5168\u767b\u5f55\u5230\u8282\u70b9\u548c\u6765\u5bbe\u865a\u62df\u673a Various \u6309\u9700\u914d\u7f6e\u4f5c\u7528\u4e8e\u7ba1\u7406\u57df\u3001\u516c\u5171\u57df\u548c\u8bbf\u5ba2\u57df mysqld mysql 3306/tcp \u6570\u636e\u5e93\u670d\u52a1 Various \u7ba1\u7406\u57df apache2 http 443/tcp \u4eea\u8868\u677f Tenants \u516c\u5171\u57df dnsmasq dns 53/tcp DNS \u670d\u52a1 Guest VMs \u8bbf\u5ba2\u57df","title":"\u670d\u52a1\u3001\u534f\u8bae\u548c\u7aef\u53e3"},{"location":"security/security-guide/#_59","text":"\u4e91\u90e8\u7f72\u662f\u4e00\u4e2a\u4e0d\u65ad\u53d8\u5316\u7684\u7cfb\u7edf\u3002\u673a\u5668\u8001\u5316\u548c\u6545\u969c\uff0c\u8f6f\u4ef6\u8fc7\u65f6\uff0c\u6f0f\u6d1e\u88ab\u53d1\u73b0\u3002\u5f53\u914d\u7f6e\u4e2d\u51fa\u73b0\u9519\u8bef\u6216\u9057\u6f0f\u65f6\uff0c\u6216\u8005\u5fc5\u987b\u5e94\u7528\u8f6f\u4ef6\u4fee\u590d\u65f6\uff0c\u5fc5\u987b\u4ee5\u5b89\u5168\u4f46\u65b9\u4fbf\u7684\u65b9\u5f0f\u8fdb\u884c\u8fd9\u4e9b\u66f4\u6539\u3002\u8fd9\u4e9b\u66f4\u6539\u901a\u5e38\u901a\u8fc7\u914d\u7f6e\u7ba1\u7406\u6765\u89e3\u51b3\u3002 \u4fdd\u62a4\u4e91\u90e8\u7f72\u4e0d\u88ab\u6076\u610f\u5b9e\u4f53\u914d\u7f6e\u6216\u64cd\u7eb5\u975e\u5e38\u91cd\u8981\u3002\u7531\u4e8e\u4e91\u4e2d\u7684\u8bb8\u591a\u7cfb\u7edf\u90fd\u91c7\u7528\u8ba1\u7b97\u548c\u7f51\u7edc\u865a\u62df\u5316\uff0c\u56e0\u6b64 OpenStack \u9762\u4e34\u7740\u660e\u663e\u7684\u6311\u6218\uff0c\u5fc5\u987b\u901a\u8fc7\u5b8c\u6574\u6027\u751f\u547d\u5468\u671f\u7ba1\u7406\u6765\u89e3\u51b3\u8fd9\u4e9b\u6311\u6218\u3002 \u7ba1\u7406\u5458\u5fc5\u987b\u5bf9\u4e91\u6267\u884c\u547d\u4ee4\u548c\u63a7\u5236\uff0c\u4ee5\u5b9e\u73b0\u5404\u79cd\u64cd\u4f5c\u529f\u80fd\u3002\u7406\u89e3\u548c\u4fdd\u62a4\u8fd9\u4e9b\u6307\u6325\u548c\u63a7\u5236\u8bbe\u65bd\u975e\u5e38\u91cd\u8981\u3002 \u6301\u7eed\u7684\u7cfb\u7edf\u7ba1\u7406 \u6f0f\u6d1e\u7ba1\u7406 \u914d\u7f6e\u7ba1\u7406 \u5b89\u5168\u5907\u4efd\u548c\u6062\u590d \u5b89\u5168\u5ba1\u8ba1\u5de5\u5177 \u5b8c\u6574\u6027\u751f\u547d\u5468\u671f \u5b89\u5168\u5f15\u5bfc \u8fd0\u884c\u65f6\u9a8c\u8bc1 \u670d\u52a1\u5668\u52a0\u56fa \u7ba1\u7406\u754c\u9762 \u4eea\u8868\u677f OpenStack \u63a5\u53e3 \u5b89\u5168\u5916\u58f3 \uff08SSH\uff09 \u7ba1\u7406\u5b9e\u7528\u7a0b\u5e8f \u5e26\u5916\u7ba1\u7406\u63a5\u53e3","title":"\u7ba1\u7406"},{"location":"security/security-guide/#_60","text":"\u4e91\u7cfb\u7edf\u603b\u4f1a\u5b58\u5728\u6f0f\u6d1e\uff0c\u5176\u4e2d\u4e00\u4e9b\u53ef\u80fd\u662f\u5b89\u5168\u95ee\u9898\u3002\u56e0\u6b64\uff0c\u51c6\u5907\u597d\u5e94\u7528\u5b89\u5168\u66f4\u65b0\u548c\u5e38\u89c4\u8f6f\u4ef6\u66f4\u65b0\u81f3\u5173\u91cd\u8981\u3002\u8fd9\u6d89\u53ca\u5230\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\u7684\u667a\u80fd\u4f7f\u7528\uff0c\u4e0b\u9762\u5c06\u5bf9\u6b64\u8fdb\u884c\u8ba8\u8bba\u3002\u8fd9\u8fd8\u6d89\u53ca\u4e86\u89e3\u4f55\u65f6\u9700\u8981\u5347\u7ea7\u3002","title":"\u6301\u7eed\u7684\u7cfb\u7edf\u7ba1\u7406"},{"location":"security/security-guide/#_61","text":"\u6709\u5173\u5b89\u5168\u76f8\u5173\u66f4\u6539\u7684\u516c\u544a\uff0c\u8bf7\u8ba2\u9605 OpenStack Announce \u90ae\u4ef6\u5217\u8868\u3002\u5b89\u5168\u901a\u77e5\u8fd8\u4f1a\u901a\u8fc7\u4e0b\u6e38\u8f6f\u4ef6\u5305\u53d1\u5e03\uff0c\u4f8b\u5982\uff0c\u901a\u8fc7\u60a8\u53ef\u80fd\u4f5c\u4e3a\u8f6f\u4ef6\u5305\u66f4\u65b0\u7684\u4e00\u90e8\u5206\u8ba2\u9605\u7684 Linux \u53d1\u884c\u7248\u3002 OpenStack\u7ec4\u4ef6\u53ea\u662f\u4e91\u4e2d\u8f6f\u4ef6\u7684\u4e00\u5c0f\u90e8\u5206\u3002\u4e0e\u6240\u6709\u8fd9\u4e9b\u5176\u4ed6\u7ec4\u4ef6\u4fdd\u6301\u540c\u6b65\u4e5f\u5f88\u91cd\u8981\u3002\u867d\u7136\u67d0\u4e9b\u6570\u636e\u6e90\u662f\u7279\u5b9a\u4e8e\u90e8\u7f72\u7684\uff0c\u4f46\u4e91\u7ba1\u7406\u5458\u5fc5\u987b\u8ba2\u9605\u5fc5\u8981\u7684\u90ae\u4ef6\u5217\u8868\uff0c\u4ee5\u4fbf\u63a5\u6536\u9002\u7528\u4e8e\u7ec4\u7ec7\u73af\u5883\u7684\u4efb\u4f55\u5b89\u5168\u66f4\u65b0\u7684\u901a\u77e5\u3002\u901a\u5e38\uff0c\u8fd9\u5c31\u50cf\u8ddf\u8e2a\u4e0a\u6e38 Linux \u53d1\u884c\u7248\u4e00\u6837\u7b80\u5355\u3002 \u6ce8\u610f OpenStack \u901a\u8fc7\u4e24\u4e2a\u6e20\u9053\u53d1\u5e03\u5b89\u5168\u4fe1\u606f\u3002 - OpenStack \u5b89\u5168\u516c\u544a \uff08OSSA\uff09 \u7531 OpenStack \u6f0f\u6d1e\u7ba1\u7406\u56e2\u961f \uff08VMT\uff09 \u521b\u5efa\u3002\u5b83\u4eec\u4e0e\u6838\u5fc3OpenStack\u670d\u52a1\u4e2d\u7684\u5b89\u5168\u6f0f\u6d1e\u6709\u5173\u3002\u6709\u5173 VMT \u7684\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u6f0f\u6d1e\u7ba1\u7406\u6d41\u7a0b\u3002 - OpenStack \u5b89\u5168\u8bf4\u660e \uff08OSSN\uff09 \u7531 OpenStack \u5b89\u5168\u7ec4 \uff08OSSG\uff09 \u521b\u5efa\uff0c\u4ee5\u652f\u6301 VMT \u7684\u5de5\u4f5c\u3002OSSN\u89e3\u51b3\u4e86\u652f\u6301\u8f6f\u4ef6\u548c\u5e38\u89c1\u90e8\u7f72\u914d\u7f6e\u4e2d\u7684\u95ee\u9898\u3002\u672c\u6307\u5357\u4e2d\u5f15\u7528\u4e86\u5b83\u4eec\u3002\u5b89\u5168\u8bf4\u660e\u5b58\u6863\u5728OSSN\u4e0a\u3002","title":"\u6f0f\u6d1e\u7ba1\u7406"},{"location":"security/security-guide/#_62","text":"\u6536\u5230\u5b89\u5168\u66f4\u65b0\u901a\u77e5\u540e\uff0c\u4e0b\u4e00\u6b65\u662f\u786e\u5b9a\u6b64\u66f4\u65b0\u5bf9\u7ed9\u5b9a\u4e91\u90e8\u7f72\u7684\u91cd\u8981\u6027\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u62e5\u6709\u9884\u5b9a\u4e49\u7684\u7b56\u7565\u5f88\u6709\u7528\u3002\u73b0\u6709\u7684\u6f0f\u6d1e\u8bc4\u7ea7\u7cfb\u7edf\uff08\u5982\u901a\u7528\u6f0f\u6d1e\u8bc4\u5206\u7cfb\u7edf \uff08CVSS\uff09\uff09\u65e0\u6cd5\u6b63\u786e\u8003\u8651\u4e91\u90e8\u7f72\u3002 \u5728\u6b64\u793a\u4f8b\u4e2d\uff0c\u6211\u4eec\u5f15\u5165\u4e86\u4e00\u4e2a\u8bc4\u5206\u77e9\u9635\uff0c\u8be5\u77e9\u9635\u5c06\u6f0f\u6d1e\u5206\u4e3a\u4e09\u7c7b\uff1a\u6743\u9650\u63d0\u5347\u3001\u62d2\u7edd\u670d\u52a1\u548c\u4fe1\u606f\u6cc4\u9732\u3002\u4e86\u89e3\u6f0f\u6d1e\u7684\u7c7b\u578b\u53ca\u5176\u5728\u57fa\u7840\u67b6\u6784\u4e2d\u53d1\u751f\u7684\u4f4d\u7f6e\u5c06\u4f7f\u60a8\u80fd\u591f\u505a\u51fa\u5408\u7406\u7684\u54cd\u5e94\u51b3\u7b56\u3002 \u6743\u9650\u63d0\u5347\u63cf\u8ff0\u4e86\u7528\u6237\u4f7f\u7528\u7cfb\u7edf\u4e2d\u5176\u4ed6\u7528\u6237\u7684\u6743\u9650\u8fdb\u884c\u64cd\u4f5c\u7684\u80fd\u529b\uff0c\u7ed5\u8fc7\u9002\u5f53\u7684\u6388\u6743\u68c0\u67e5\u3002\u6765\u5bbe\u7528\u6237\u6267\u884c\u7684\u64cd\u4f5c\u5141\u8bb8\u4ed6\u4eec\u4ee5\u7ba1\u7406\u5458\u6743\u9650\u6267\u884c\u672a\u7ecf\u6388\u6743\u7684\u64cd\u4f5c\uff0c\u8fd9\u662f\u6b64\u7c7b\u6f0f\u6d1e\u7684\u4e00\u4e2a\u793a\u4f8b\u3002 \u62d2\u7edd\u670d\u52a1\u662f\u6307\u88ab\u5229\u7528\u7684\u6f0f\u6d1e\uff0c\u53ef\u80fd\u5bfc\u81f4\u670d\u52a1\u6216\u7cfb\u7edf\u4e2d\u65ad\u3002\u8fd9\u65e2\u5305\u62ec\u4f7f\u7f51\u7edc\u8d44\u6e90\u4e0d\u582a\u91cd\u8d1f\u7684\u5206\u5e03\u5f0f\u653b\u51fb\uff0c\u4e5f\u5305\u62ec\u901a\u5e38\u7531\u8d44\u6e90\u5206\u914d\u9519\u8bef\u6216\u8f93\u5165\u5f15\u8d77\u7684\u7cfb\u7edf\u6545\u969c\u7f3a\u9677\u5f15\u8d77\u7684\u5355\u7528\u6237\u653b\u51fb\u3002 \u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u4f1a\u6cc4\u9732\u6709\u5173\u60a8\u7684\u7cfb\u7edf\u6216\u64cd\u4f5c\u7684\u4fe1\u606f\u3002\u8fd9\u4e9b\u6f0f\u6d1e\u7684\u8303\u56f4\u4ece\u8c03\u8bd5\u4fe1\u606f\u6cc4\u9732\u5230\u5173\u952e\u5b89\u5168\u6570\u636e\uff08\u5982\u8eab\u4efd\u9a8c\u8bc1\u51ed\u636e\u548c\u5bc6\u7801\uff09\u7684\u66b4\u9732\u3002 \u653b\u51fb\u8005\u4f4d\u7f6e/\u6743\u9650\u7ea7\u522b \u5916\u90e8 \u4e91\u7528\u6237 \u4e91\u7ba1\u7406\u5458 \u63a7\u5236\u5e73\u9762 \u6743\u9650\u63d0\u5347\uff083 \u7ea7\uff09 \u7d27\u6025 n/a n/a n/a \u6743\u9650\u63d0\u5347\uff082 \u4e2a\u7ea7\u522b\uff09 \u7d27\u6025 \u7d27\u6025 n/a n/a \u7279\u6743\u63d0\u5347\uff081 \u7ea7\uff09 \u7d27\u6025 \u7d27\u6025 \u7d27\u6025 n/a \u62d2\u7edd\u670d\u52a1 \u9ad8 \u4e2d \u4f4e \u4f4e \u4fe1\u606f\u62ab\u9732 \u7d27\u6025/\u9ad8 \u7d27\u6025/\u9ad8 \u4e2d/\u4f4e \u4f4e \u8be5\u8868\u8bf4\u660e\u4e86\u4e00\u79cd\u901a\u7528\u65b9\u6cd5\uff0c\u8be5\u65b9\u6cd5\u6839\u636e\u6f0f\u6d1e\u5728\u90e8\u7f72\u4e2d\u53d1\u751f\u7684\u4f4d\u7f6e\u548c\u5f71\u54cd\u6765\u8861\u91cf\u6f0f\u6d1e\u7684\u5f71\u54cd\u3002\u4f8b\u5982\uff0c\u8ba1\u7b97 API \u8282\u70b9\u4e0a\u7684\u5355\u7ea7\u6743\u9650\u63d0\u5347\u53ef\u80fd\u5141\u8bb8 API \u7684\u6807\u51c6\u7528\u6237\u5347\u7ea7\u4e3a\u5177\u6709\u4e0e\u8282\u70b9\u4e0a\u7684 root \u7528\u6237\u76f8\u540c\u7684\u6743\u9650\u3002 \u6211\u4eec\u5efa\u8bae\u4e91\u7ba1\u7406\u5458\u4f7f\u7528\u6b64\u8868\u4f5c\u4e3a\u6a21\u578b\uff0c\u4ee5\u5e2e\u52a9\u5b9a\u4e49\u8981\u9488\u5bf9\u5404\u79cd\u5b89\u5168\u7ea7\u522b\u6267\u884c\u7684\u64cd\u4f5c\u3002\u4f8b\u5982\uff0c\u5173\u952e\u7ea7\u522b\u7684\u5b89\u5168\u66f4\u65b0\u53ef\u80fd\u9700\u8981\u5feb\u901f\u5347\u7ea7\u4e91\uff0c\u800c\u4f4e\u7ea7\u522b\u7684\u66f4\u65b0\u53ef\u80fd\u9700\u8981\u66f4\u957f\u7684\u65f6\u95f4\u624d\u80fd\u5b8c\u6210\u3002","title":"\u5206\u7c7b"},{"location":"security/security-guide/#_63","text":"\u5728\u751f\u4ea7\u73af\u5883\u4e2d\u90e8\u7f72\u4efb\u4f55\u66f4\u65b0\u4e4b\u524d\uff0c\u5e94\u5bf9\u5176\u8fdb\u884c\u6d4b\u8bd5\u3002\u901a\u5e38\uff0c\u8fd9\u9700\u8981\u6709\u4e00\u4e2a\u5355\u72ec\u7684\u6d4b\u8bd5\u4e91\u8bbe\u7f6e\uff0c\u8be5\u8bbe\u7f6e\u9996\u5148\u63a5\u6536\u66f4\u65b0\u3002\u5728\u8f6f\u4ef6\u548c\u786c\u4ef6\u65b9\u9762\uff0c\u6b64\u4e91\u5e94\u5c3d\u53ef\u80fd\u63a5\u8fd1\u751f\u4ea7\u4e91\u3002\u5e94\u5728\u6027\u80fd\u5f71\u54cd\u3001\u7a33\u5b9a\u6027\u3001\u5e94\u7528\u7a0b\u5e8f\u5f71\u54cd\u7b49\u65b9\u9762\u5bf9\u66f4\u65b0\u8fdb\u884c\u5168\u9762\u6d4b\u8bd5\u3002\u7279\u522b\u91cd\u8981\u7684\u662f\u9a8c\u8bc1\u66f4\u65b0\u7406\u8bba\u4e0a\u89e3\u51b3\u7684\u95ee\u9898\uff08\u4f8b\u5982\u7279\u5b9a\u6f0f\u6d1e\uff09\u662f\u5426\u5df2\u5b9e\u9645\u4fee\u590d\u3002","title":"\u6d4b\u8bd5\u66f4\u65b0"},{"location":"security/security-guide/#_64","text":"\u5b8c\u5168\u6d4b\u8bd5\u66f4\u65b0\u540e\uff0c\u53ef\u4ee5\u5c06\u5176\u90e8\u7f72\u5230\u751f\u4ea7\u73af\u5883\u3002\u5e94\u4f7f\u7528\u4e0b\u9762\u6240\u8ff0\u7684\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\u5b8c\u5168\u81ea\u52a8\u5316\u6b64\u90e8\u7f72\u3002","title":"\u90e8\u7f72\u66f4\u65b0"},{"location":"security/security-guide/#_65","text":"\u751f\u4ea7\u8d28\u91cf\u7684\u4e91\u5e94\u59cb\u7ec8\u4f7f\u7528\u5de5\u5177\u6765\u81ea\u52a8\u6267\u884c\u914d\u7f6e\u548c\u90e8\u7f72\u3002\u8fd9\u6d88\u9664\u4e86\u4eba\u4e3a\u9519\u8bef\uff0c\u5e76\u5141\u8bb8\u4e91\u66f4\u5feb\u5730\u6269\u5c55\u3002\u81ea\u52a8\u5316\u8fd8\u6709\u52a9\u4e8e\u6301\u7eed\u96c6\u6210\u548c\u6d4b\u8bd5\u3002 \u5728\u6784\u5efa OpenStack \u4e91\u65f6\uff0c\u5f3a\u70c8\u5efa\u8bae\u5728\u8bbe\u8ba1\u548c\u5b9e\u73b0\u65f6\u8003\u8651\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\u6216\u6846\u67b6\u3002\u901a\u8fc7\u914d\u7f6e\u7ba1\u7406\uff0c\u60a8\u53ef\u4ee5\u907f\u514d\u5728\u6784\u5efa\u3001\u7ba1\u7406\u548c\u7ef4\u62a4\u50cf OpenStack \u8fd9\u6837\u590d\u6742\u7684\u57fa\u7840\u67b6\u6784\u65f6\u56fa\u6709\u7684\u8bb8\u591a\u9677\u9631\u3002\u901a\u8fc7\u751f\u6210\u914d\u7f6e\u7ba1\u7406\u5b9e\u7528\u7a0b\u5e8f\u6240\u9700\u7684\u6e05\u5355\u3001\u8bf4\u660e\u4e66\u6216\u6a21\u677f\uff0c\u60a8\u53ef\u4ee5\u6ee1\u8db3\u8bb8\u591a\u6587\u6863\u548c\u6cd5\u89c4\u62a5\u544a\u8981\u6c42\u3002\u6b64\u5916\uff0c\u914d\u7f6e\u7ba1\u7406\u8fd8\u53ef\u4ee5\u4f5c\u4e3a\u4e1a\u52a1\u8fde\u7eed\u6027\u8ba1\u5212 \uff08BCP\uff09 \u548c\u6570\u636e\u6062\u590d \uff08DR\uff09 \u8ba1\u5212\u7684\u4e00\u90e8\u5206\uff0c\u60a8\u53ef\u4ee5\u5728\u5176\u4e2d\u5c06\u8282\u70b9\u6216\u670d\u52a1\u91cd\u5efa\u56de DR \u4e8b\u4ef6\u4e2d\u7684\u5df2\u77e5\u72b6\u6001\u6216\u7ed9\u5b9a\u7684\u59a5\u534f\u72b6\u6001\u3002 \u6b64\u5916\uff0c\u5f53\u4e0e Git \u6216 SVN \u7b49\u7248\u672c\u63a7\u5236\u7cfb\u7edf\u7ed3\u5408\u4f7f\u7528\u65f6\uff0c\u60a8\u53ef\u4ee5\u8ddf\u8e2a\u73af\u5883\u968f\u65f6\u95f4\u63a8\u79fb\u800c\u53d1\u751f\u7684\u66f4\u6539\uff0c\u5e76\u91cd\u65b0\u8c03\u89e3\u53ef\u80fd\u53d1\u751f\u7684\u672a\u7ecf\u6388\u6743\u7684\u66f4\u6539\u3002\u4f8b\u5982\uff0c\u6587\u4ef6 nova.conf \u6216\u5176\u4ed6\u914d\u7f6e\u6587\u4ef6\u4e0d\u7b26\u5408\u60a8\u7684\u6807\u51c6\uff0c\u60a8\u7684\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\u53ef\u4ee5\u8fd8\u539f\u6216\u66ff\u6362\u8be5\u6587\u4ef6\uff0c\u5e76\u5c06\u60a8\u7684\u914d\u7f6e\u6062\u590d\u5230\u5df2\u77e5\u72b6\u6001\u3002\u6700\u540e\uff0c\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\u4e5f\u53ef\u7528\u4e8e\u90e8\u7f72\u66f4\u65b0;\u7b80\u5316\u5b89\u5168\u8865\u4e01\u6d41\u7a0b\u3002\u8fd9\u4e9b\u5de5\u5177\u5177\u6709\u5e7f\u6cdb\u7684\u529f\u80fd\uff0c\u5728\u8be5\u9886\u57df\u975e\u5e38\u6709\u7528\u3002\u4fdd\u62a4\u4e91\u7684\u5173\u952e\u70b9\u662f\u9009\u62e9\u4e00\u79cd\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\u5e76\u4f7f\u7528\u5b83\u3002 \u6709\u8bb8\u591a\u914d\u7f6e\u7ba1\u7406\u89e3\u51b3\u65b9\u6848;\u5728\u64b0\u5199\u672c\u6587\u65f6\uff0c\u5e02\u573a\u4e0a\u6709\u4e24\u4e2a\u5728\u652f\u6301 OpenStack \u73af\u5883\u65b9\u9762\u975e\u5e38\u5f3a\u5927\u7684\u516c\u53f8\uff1aChef \u548c Puppet\u3002\u4e0b\u9762\u63d0\u4f9b\u4e86\u6b64\u7a7a\u95f4\u4e2d\u7684\u5de5\u5177\u7684\u975e\u8be6\u5c3d\u5217\u8868\uff1a Chef Puppet Salt Stack Ansible","title":"\u914d\u7f6e\u7ba1\u7406"},{"location":"security/security-guide/#_66","text":"\u6bcf\u5f53\u66f4\u6539\u7b56\u7565\u6216\u914d\u7f6e\u7ba1\u7406\u65f6\uff0c\u6700\u597d\u8bb0\u5f55\u6d3b\u52a8\u5e76\u5907\u4efd\u65b0\u96c6\u7684\u526f\u672c\u3002\u901a\u5e38\uff0c\u6b64\u7c7b\u7b56\u7565\u548c\u914d\u7f6e\u5b58\u50a8\u5728\u53d7\u7248\u672c\u63a7\u5236\u7684\u5b58\u50a8\u5e93\uff08\u5982 Git\uff09\u4e2d\u3002","title":"\u7b56\u7565\u66f4\u6539"},{"location":"security/security-guide/#_67","text":"\u5728\u6574\u4e2a\u7cfb\u7edf\u5b89\u5168\u8ba1\u5212\u4e2d\u5305\u62ec\u5907\u4efd\u8fc7\u7a0b\u548c\u7b56\u7565\u975e\u5e38\u91cd\u8981\u3002\u6709\u5173 OpenStack \u5907\u4efd\u548c\u6062\u590d\u529f\u80fd\u548c\u8fc7\u7a0b\u7684\u6982\u8ff0\uff0c\u8bf7\u53c2\u9605\u6709\u5173\u5907\u4efd\u548c\u6062\u590d\u7684 OpenStack \u64cd\u4f5c\u6307\u5357\u3002 \u786e\u4fdd\u53ea\u6709\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u7528\u6237\u548c\u5907\u4efd\u5ba2\u6237\u7aef\u624d\u80fd\u8bbf\u95ee\u5907\u4efd\u670d\u52a1\u5668\u3002 \u4f7f\u7528\u6570\u636e\u52a0\u5bc6\u9009\u9879\u6765\u5b58\u50a8\u548c\u4f20\u8f93\u5907\u4efd\u3002 \u4f7f\u7528\u4e13\u7528\u4e14\u5f3a\u5316\u7684\u5907\u4efd\u670d\u52a1\u5668\u3002\u5907\u4efd\u670d\u52a1\u5668\u7684\u65e5\u5fd7\u5fc5\u987b\u6bcf\u5929\u8fdb\u884c\u76d1\u89c6\uff0c\u5e76\u4e14\u53ea\u6709\u5c11\u6570\u4eba\u53ef\u4ee5\u8bbf\u95ee\u3002 \u5b9a\u671f\u6d4b\u8bd5\u6570\u636e\u6062\u590d\u9009\u9879\uff0c\u5305\u62ec\u5b58\u50a8\u5728\u5b89\u5168\u5907\u4efd\u4e2d\u7684\u955c\u50cf\uff0c\u662f\u786e\u4fdd\u707e\u96be\u6062\u590d\u51c6\u5907\u7684\u5173\u952e\u90e8\u5206\u3002\u5728\u53d1\u751f\u5b89\u5168\u6f0f\u6d1e\u6216\u53d7\u635f\u65f6\uff0c\u7ec8\u6b62\u8fd0\u884c\u4e2d\u7684\u5b9e\u4f8b\u5e76\u4ece\u5df2\u77e5\u7684\u5b89\u5168\u955c\u50cf\u5907\u4efd\u4e2d\u91cd\u65b0\u542f\u52a8\u5b9e\u4f8b\u786e\u5b9e\u662f\u6700\u4f73\u505a\u6cd5\u3002\u8fd9\u6709\u52a9\u4e8e\u786e\u4fdd\u53d7\u635f\u7684\u5b9e\u4f8b\u88ab\u6d88\u9664\uff0c\u5e76\u4e14\u53ef\u4ee5\u8fc5\u901f\u4ece\u5907\u4efd\u7684\u955c\u50cf\u4e2d\u91cd\u65b0\u90e8\u7f72\u5e72\u51c0\u3001\u53ef\u4fe1\u8d56\u7684\u7248\u672c\u3002","title":"\u5b89\u5168\u5907\u4efd\u548c\u6062\u590d"},{"location":"security/security-guide/#_68","text":"\u5b89\u5168\u5ba1\u6838\u5de5\u5177\u53ef\u4ee5\u8865\u5145\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\u3002\u5b89\u5168\u5ba1\u6838\u5de5\u5177\u53ef\u81ea\u52a8\u6267\u884c\u9a8c\u8bc1\u7ed9\u5b9a\u7cfb\u7edf\u914d\u7f6e\u662f\u5426\u6ee1\u8db3\u5927\u91cf\u5b89\u5168\u63a7\u5236\u7684\u8fc7\u7a0b\u3002\u8fd9\u4e9b\u5de5\u5177\u6709\u52a9\u4e8e\u5f25\u5408\u4ece\u5b89\u5168\u914d\u7f6e\u6307\u5357\u6587\u6863\uff08\u4f8b\u5982\uff0cSTIG \u548c NSA \u6307\u5357\uff09\u5230\u7279\u5b9a\u7cfb\u7edf\u5b89\u88c5\u7684\u5dee\u8ddd\u3002\u4f8b\u5982\uff0cSCAP \u53ef\u4ee5\u5c06\u6b63\u5728\u8fd0\u884c\u7684\u7cfb\u7edf\u4e0e\u9884\u5b9a\u4e49\u7684\u914d\u7f6e\u6587\u4ef6\u8fdb\u884c\u6bd4\u8f83\u3002SCAP \u8f93\u51fa\u4e00\u4efd\u62a5\u544a\uff0c\u8be6\u7ec6\u8bf4\u660e\u914d\u7f6e\u6587\u4ef6\u4e2d\u7684\u54ea\u4e9b\u63a7\u4ef6\u5df2\u6ee1\u8db3\uff0c\u54ea\u4e9b\u63a7\u4ef6\u672a\u901a\u8fc7\uff0c\u54ea\u4e9b\u63a7\u4ef6\u672a\u9009\u4e2d\u3002 \u5c06\u914d\u7f6e\u7ba1\u7406\u548c\u5b89\u5168\u5ba1\u8ba1\u5de5\u5177\u76f8\u7ed3\u5408\uff0c\u5f62\u6210\u4e86\u4e00\u4e2a\u5f3a\u5927\u7684\u7ec4\u5408\u3002\u5ba1\u6838\u5de5\u5177\u5c06\u7a81\u51fa\u663e\u793a\u90e8\u7f72\u95ee\u9898\u3002\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\u7b80\u5316\u4e86\u66f4\u6539\u6bcf\u4e2a\u7cfb\u7edf\u7684\u8fc7\u7a0b\uff0c\u4ee5\u89e3\u51b3\u5ba1\u8ba1\u95ee\u9898\u3002\u4ee5\u8fd9\u79cd\u65b9\u5f0f\u4e00\u8d77\u4f7f\u7528\uff0c\u8fd9\u4e9b\u5de5\u5177\u6709\u52a9\u4e8e\u7ef4\u62a4\u6ee1\u8db3\u4ece\u57fa\u672c\u5f3a\u5316\u5230\u5408\u89c4\u6027\u9a8c\u8bc1\u7b49\u5b89\u5168\u8981\u6c42\u7684\u4e91\u73af\u5883\u3002 \u914d\u7f6e\u7ba1\u7406\u548c\u5b89\u5168\u5ba1\u8ba1\u5de5\u5177\u5c06\u7ed9\u4e91\u5e26\u6765\u53e6\u4e00\u5c42\u590d\u6742\u6027\u3002\u8fd9\u79cd\u590d\u6742\u6027\u5e26\u6765\u4e86\u989d\u5916\u7684\u5b89\u5168\u95ee\u9898\u3002\u8003\u8651\u5230\u5176\u5b89\u5168\u4f18\u52bf\uff0c\u6211\u4eec\u8ba4\u4e3a\u8fd9\u662f\u4e00\u79cd\u53ef\u63a5\u53d7\u7684\u98ce\u9669\u6743\u8861\u3002\u5bf9\u4e8e\u8fd9\u4e9b\u5de5\u5177\u7684\u64cd\u4f5c\u5b89\u5168\u6027\u4fdd\u969c\u8d85\u51fa\u4e86\u672c\u6307\u5357\u7684\u8303\u56f4\u3002","title":"\u5b89\u5168\u5ba1\u8ba1\u5de5\u5177"},{"location":"security/security-guide/#_69","text":"\u6211\u4eec\u5c06\u5b8c\u6574\u6027\u751f\u547d\u5468\u671f\u5b9a\u4e49\u4e3a\u4e00\u4e2a\u6df1\u601d\u719f\u8651\u7684\u8fc7\u7a0b\uff0c\u5b83\u786e\u4fdd\u6211\u4eec\u59cb\u7ec8\u5728\u6574\u4e2a\u4e91\u4e2d\u4ee5\u9884\u671f\u7684\u914d\u7f6e\u8fd0\u884c\u9884\u671f\u7684\u8f6f\u4ef6\u3002\u6b64\u8fc7\u7a0b\u4ece\u5b89\u5168\u5f15\u5bfc\u5f00\u59cb\uff0c\u5e76\u901a\u8fc7\u914d\u7f6e\u7ba1\u7406\u548c\u5b89\u5168\u76d1\u63a7\u8fdb\u884c\u7ef4\u62a4\u3002\u672c\u7ae0\u5c31\u5982\u4f55\u5904\u7406\u5b8c\u6574\u6027\u751f\u547d\u5468\u671f\u8fc7\u7a0b\u63d0\u4f9b\u4e86\u5efa\u8bae\u3002","title":"\u5b8c\u6574\u6027\u751f\u547d\u5468\u671f"},{"location":"security/security-guide/#_70","text":"\u4e91\u4e2d\u7684\u8282\u70b9\uff0c\u5305\u62ec\u8ba1\u7b97\u3001\u5b58\u50a8\u3001\u7f51\u7edc\u3001\u670d\u52a1\u548c\u6df7\u5408\u8282\u70b9\uff0c\u5e94\u8be5\u6709\u4e00\u4e2a\u81ea\u52a8\u5316\u7684\u914d\u7f6e\u8fc7\u7a0b\u3002\u8fd9\u786e\u4fdd\u4e86\u8282\u70b9\u7684\u4e00\u81f4\u548c\u6b63\u786e\u914d\u7f6e\u3002\u8fd9\u4e5f\u4fbf\u4e8e\u5b89\u5168\u8865\u4e01\u3001\u5347\u7ea7\u3001\u6545\u969c\u4fee\u590d\u548c\u5176\u4ed6\u5173\u952e\u53d8\u66f4\u3002\u7531\u4e8e\u8fd9\u4e2a\u8fc7\u7a0b\u5b89\u88c5\u4e86\u5728\u4e91\u4e2d\u5177\u6709\u6700\u9ad8\u7279\u6743\u7ea7\u522b\u7684\u65b0\u8f6f\u4ef6\uff0c\u56e0\u6b64\u9a8c\u8bc1\u5b89\u88c5\u6b63\u786e\u7684\u8f6f\u4ef6\u975e\u5e38\u91cd\u8981\uff0c\u5305\u62ec\u542f\u52a8\u8fc7\u7a0b\u7684\u6700\u65e9\u9636\u6bb5\u3002 \u6709\u591a\u79cd\u6280\u672f\u53ef\u4ee5\u9a8c\u8bc1\u8fd9\u4e9b\u65e9\u671f\u542f\u52a8\u9636\u6bb5\u3002\u8fd9\u4e9b\u901a\u5e38\u9700\u8981\u786c\u4ef6\u652f\u6301\uff0c\u4f8b\u5982\u53ef\u4fe1\u5e73\u53f0\u6a21\u5757 \uff08TPM\uff09\u3001\u82f1\u7279\u5c14\u53ef\u4fe1\u6267\u884c\u6280\u672f \uff08TXT\uff09\u3001\u52a8\u6001\u4fe1\u4efb\u6839\u6d4b\u91cf \uff08DRTM\uff09 \u548c\u7edf\u4e00\u53ef\u6269\u5c55\u56fa\u4ef6\u63a5\u53e3 \uff08UEFI\uff09 \u5b89\u5168\u542f\u52a8\u3002\u5728\u672c\u4e66\u4e2d\uff0c\u6211\u4eec\u5c06\u6240\u6709\u8fd9\u4e9b\u7edf\u79f0\u4e3a\u5b89\u5168\u542f\u52a8\u6280\u672f\u3002\u6211\u4eec\u5efa\u8bae\u4f7f\u7528\u5b89\u5168\u542f\u52a8\uff0c\u540c\u65f6\u627f\u8ba4\u90e8\u7f72\u6b64\u542f\u52a8\u6240\u9700\u7684\u8bb8\u591a\u90e8\u5206\u9700\u8981\u9ad8\u7ea7\u6280\u672f\u6280\u80fd\u624d\u80fd\u4e3a\u6bcf\u4e2a\u73af\u5883\u81ea\u5b9a\u4e49\u5de5\u5177\u3002\u4e0e\u672c\u6307\u5357\u4e2d\u7684\u8bb8\u591a\u5176\u4ed6\u5efa\u8bae\u76f8\u6bd4\uff0c\u4f7f\u7528\u5b89\u5168\u542f\u52a8\u9700\u8981\u66f4\u6df1\u5165\u7684\u96c6\u6210\u548c\u81ea\u5b9a\u4e49\u3002TPM \u6280\u672f\u867d\u7136\u5728\u5927\u591a\u6570\u5546\u52a1\u7ea7\u7b14\u8bb0\u672c\u7535\u8111\u548c\u53f0\u5f0f\u673a\u4e2d\u5f88\u5e38\u89c1\u6570\u5e74\uff0c\u4f46\u73b0\u5728\u5df2\u4e0e\u652f\u6301\u7684 BIOS \u4e00\u8d77\u5728\u670d\u52a1\u5668\u4e2d\u53ef\u7528\u3002\u6b63\u786e\u7684\u89c4\u5212\u5bf9\u4e8e\u6210\u529f\u7684\u5b89\u5168\u542f\u52a8\u90e8\u7f72\u81f3\u5173\u91cd\u8981\u3002 \u6709\u5173\u5b89\u5168\u542f\u52a8\u90e8\u7f72\u7684\u5b8c\u6574\u6559\u7a0b\u8d85\u51fa\u4e86\u672c\u4e66\u7684\u8303\u56f4\u3002\u76f8\u53cd\uff0c\u6211\u4eec\u5728\u8fd9\u91cc\u63d0\u4f9b\u4e86\u4e00\u4e2a\u6846\u67b6\uff0c\u7528\u4e8e\u5c06\u5b89\u5168\u542f\u52a8\u6280\u672f\u4e0e\u5178\u578b\u7684\u8282\u70b9\u9884\u914d\u8fc7\u7a0b\u96c6\u6210\u3002\u6709\u5173\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u4e91\u67b6\u6784\u5e08\u5e94\u53c2\u8003\u76f8\u5173\u89c4\u8303\u548c\u8f6f\u4ef6\u914d\u7f6e\u624b\u518c\u3002","title":"\u5b89\u5168\u5f15\u5bfc"},{"location":"security/security-guide/#_71","text":"\u8282\u70b9\u5e94\u4f7f\u7528\u9884\u5f15\u5bfc\u6267\u884c\u73af\u5883\uff08PXE\uff09\u8fdb\u884c\u914d\u7f6e\u3002\u8fd9\u5927\u5927\u51cf\u5c11\u4e86\u91cd\u65b0\u90e8\u7f72\u8282\u70b9\u6240\u9700\u7684\u5de5\u4f5c\u91cf\u3002\u5178\u578b\u7684\u8fc7\u7a0b\u6d89\u53ca\u8282\u70b9\u4ece\u670d\u52a1\u5668\u63a5\u6536\u5404\u79cd\u5f15\u5bfc\u9636\u6bb5\uff08\u5373\u6267\u884c\u7684\u8f6f\u4ef6\u9010\u6e10\u590d\u6742\uff09\u3002 \u6211\u4eec\u5efa\u8bae\u5728\u7ba1\u7406\u5b89\u5168\u57df\u4e2d\u4f7f\u7528\u5355\u72ec\u7684\u9694\u79bb\u7f51\u7edc\u8fdb\u884c\u7f6e\u5907\u3002\u6b64\u7f51\u7edc\u5c06\u5904\u7406\u6240\u6709 PXE \u6d41\u91cf\uff0c\u4ee5\u53ca\u4e0a\u9762\u63cf\u8ff0\u7684\u540e\u7eed\u542f\u52a8\u9636\u6bb5\u4e0b\u8f7d\u3002\u8bf7\u6ce8\u610f\uff0c\u8282\u70b9\u5f15\u5bfc\u8fc7\u7a0b\u4ece\u4e24\u4e2a\u4e0d\u5b89\u5168\u7684\u64cd\u4f5c\u5f00\u59cb\uff1aDHCP \u548c TFTP\u3002\u7136\u540e\uff0c\u5f15\u5bfc\u8fc7\u7a0b\u4f7f\u7528 TLS \u4e0b\u8f7d\u90e8\u7f72\u8282\u70b9\u6240\u9700\u7684\u5176\u4f59\u4fe1\u606f\u3002\u8fd9\u53ef\u80fd\u662f\u64cd\u4f5c\u7cfb\u7edf\u5b89\u88c5\u7a0b\u5e8f\u3001\u7531 Chef \u6216 Puppet \u7ba1\u7406\u7684\u57fa\u672c\u5b89\u88c5\uff0c\u751a\u81f3\u662f\u76f4\u63a5\u5199\u5165\u78c1\u76d8\u7684\u5b8c\u6574\u6587\u4ef6\u7cfb\u7edf\u6620\u50cf\u3002 \u867d\u7136\u5728 PXE \u542f\u52a8\u8fc7\u7a0b\u4e2d\u4f7f\u7528 TLS \u66f4\u5177\u6311\u6218\u6027\uff0c\u4f46\u5e38\u89c1\u7684 PXE \u56fa\u4ef6\u9879\u76ee\uff08\u5982 iPXE\uff09\u63d0\u4f9b\u4e86\u8fd9\u79cd\u652f\u6301\u3002\u901a\u5e38\uff0c\u8fd9\u6d89\u53ca\u5728\u4e86\u89e3\u5141\u8bb8\u7684 TLS \u8bc1\u4e66\u94fe\u7684\u60c5\u51b5\u4e0b\u6784\u5efa PXE \u56fa\u4ef6\uff0c\u4ee5\u4fbf\u5b83\u53ef\u4ee5\u6b63\u786e\u9a8c\u8bc1\u670d\u52a1\u5668\u8bc1\u4e66\u3002\u8fd9\u901a\u8fc7\u9650\u5236\u4e0d\u5b89\u5168\u7684\u7eaf\u6587\u672c\u7f51\u7edc\u64cd\u4f5c\u7684\u6570\u91cf\u6765\u63d0\u9ad8\u653b\u51fb\u8005\u7684\u95e8\u69db\u3002","title":"\u8282\u70b9\u914d\u7f6e"},{"location":"security/security-guide/#_72","text":"\u901a\u5e38\uff0c\u6709\u4e24\u79cd\u4e0d\u540c\u7684\u7b56\u7565\u6765\u9a8c\u8bc1\u542f\u52a8\u8fc7\u7a0b\u3002\u4f20\u7edf\u7684\u5b89\u5168\u542f\u52a8\u5c06\u9a8c\u8bc1\u5728\u8fc7\u7a0b\u4e2d\u7684\u6bcf\u4e2a\u6b65\u9aa4\u8fd0\u884c\u7684\u4ee3\u7801\uff0c\u5e76\u5728\u4ee3\u7801\u4e0d\u6b63\u786e\u65f6\u505c\u6b62\u542f\u52a8\u3002\u542f\u52a8\u8bc1\u660e\u5c06\u8bb0\u5f55\u5728\u6bcf\u4e2a\u6b65\u9aa4\u4e2d\u8fd0\u884c\u7684\u4ee3\u7801\uff0c\u5e76\u5c06\u6b64\u4fe1\u606f\u63d0\u4f9b\u7ed9\u53e6\u4e00\u53f0\u8ba1\u7b97\u673a\uff0c\u4ee5\u8bc1\u660e\u542f\u52a8\u8fc7\u7a0b\u6309\u9884\u671f\u5b8c\u6210\u3002\u5728\u8fd9\u4e24\u79cd\u60c5\u51b5\u4e0b\uff0c\u7b2c\u4e00\u6b65\u90fd\u662f\u5728\u8fd0\u884c\u4e4b\u524d\u6d4b\u91cf\u6bcf\u6bb5\u4ee3\u7801\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u6d4b\u91cf\u5b9e\u9645\u4e0a\u662f\u4ee3\u7801\u7684 SHA-1 \u54c8\u5e0c\u503c\uff0c\u5728\u6267\u884c\u4e4b\u524d\u83b7\u53d6\u3002\u54c8\u5e0c\u5b58\u50a8\u5728 TPM \u7684\u5e73\u53f0\u914d\u7f6e\u5bc4\u5b58\u5668 \uff08PCR\uff09 \u4e2d\u3002 \u6ce8\u610f \u6b64\u5904\u4f7f\u7528 SHA-1\uff0c\u56e0\u4e3a\u8fd9\u662f TPM \u82af\u7247\u652f\u6301\u7684\u5185\u5bb9\u3002 \u6bcf\u4e2a TPM \u81f3\u5c11\u6709 24 \u4e2a PCR\u30022005 \u5e74 3 \u6708\u7684 TCG \u901a\u7528\u670d\u52a1\u5668\u89c4\u8303 v1.0 \u5b9a\u4e49\u4e86\u542f\u52a8\u65f6\u5b8c\u6574\u6027\u6d4b\u91cf\u7684 PCR \u5206\u914d\u3002\u4e0b\u8868\u663e\u793a\u4e86\u5178\u578b\u7684PCR\u914d\u7f6e\u3002\u4e0a\u4e0b\u6587\u6307\u793a\u8fd9\u4e9b\u503c\u662f\u6839\u636e\u8282\u70b9\u786c\u4ef6\uff08\u56fa\u4ef6\uff09\u8fd8\u662f\u6839\u636e\u8282\u70b9\u4e0a\u7f6e\u5907\u7684\u8f6f\u4ef6\u786e\u5b9a\u7684\u3002\u67d0\u4e9b\u503c\u53d7\u56fa\u4ef6\u7248\u672c\u3001\u78c1\u76d8\u5927\u5c0f\u548c\u5176\u4ed6\u4f4e\u7ea7\u4fe1\u606f\u7684\u5f71\u54cd\u3002\u56e0\u6b64\uff0c\u5728\u914d\u7f6e\u7ba1\u7406\u65b9\u9762\u91c7\u53d6\u826f\u597d\u7684\u505a\u6cd5\u975e\u5e38\u91cd\u8981\uff0c\u4ee5\u786e\u4fdd\u90e8\u7f72\u7684\u6bcf\u4e2a\u7cfb\u7edf\u90fd\u5b8c\u5168\u6309\u7167\u9884\u671f\u8fdb\u884c\u914d\u7f6e\u3002 \u6ce8\u518c \u6d4b\u91cf\u5185\u5bb9 \u4e0a\u4e0b\u6587 PCR-00 \u6838\u5fc3\u4fe1\u4efb\u6839\u6d4b\u91cf \uff08CRTM\uff09\u3001BIOS \u4ee3\u7801\u3001\u4e3b\u673a\u5e73\u53f0\u6269\u5c55 \u786c\u4ef6 PCR-01 \u4e3b\u673a\u5e73\u53f0\u914d\u7f6e \u786c\u4ef6 PCR-02 \u9009\u9879 ROM \u4ee3\u7801 \u786c\u4ef6 PCR-03 \u9009\u9879 ROM \u914d\u7f6e\u548c\u6570\u636e \u786c\u4ef6 PCR-04 \u521d\u59cb\u7a0b\u5e8f\u52a0\u8f7d\u7a0b\u5e8f \uff08IPL\uff09 \u4ee3\u7801\u3002\u4f8b\u5982\uff0c\u4e3b\u5f15\u5bfc\u8bb0\u5f55\u3002 \u8f6f\u4ef6 PCR-05 IPL \u4ee3\u7801\u914d\u7f6e\u548c\u6570\u636e \u8f6f\u4ef6 PCR-06 \u72b6\u6001\u8f6c\u6362\u548c\u5524\u9192\u4e8b\u4ef6 \u8f6f\u4ef6 PCR-07 \u4e3b\u673a\u5e73\u53f0\u5236\u9020\u5546\u63a7\u5236 \u8f6f\u4ef6 PCR-08 \u7279\u5b9a\u4e8e\u5e73\u53f0\uff0c\u901a\u5e38\u662f\u5185\u6838\u3001\u5185\u6838\u6269\u5c55\u548c\u9a71\u52a8\u7a0b\u5e8f \u8f6f\u4ef6 PCR-09 \u7279\u5b9a\u4e8e\u5e73\u53f0\uff0c\u901a\u5e38\u662f Initramfs \u8f6f\u4ef6 PCR-10 \u81f3 PCR-23 \u7279\u5b9a\u4e8e\u5e73\u53f0 \u8f6f\u4ef6 \u5b89\u5168\u542f\u52a8\u53ef\u80fd\u662f\u6784\u5efa\u4e91\u7684\u4e00\u4e2a\u9009\u9879\uff0c\u4f46\u9700\u8981\u5728\u786c\u4ef6\u9009\u62e9\u65b9\u9762\u8fdb\u884c\u4ed4\u7ec6\u89c4\u5212\u3002\u4f8b\u5982\uff0c\u786e\u4fdd\u60a8\u5177\u6709 TPM \u548c\u82f1\u7279\u5c14 TXT \u652f\u6301\u3002\u7136\u540e\u9a8c\u8bc1\u8282\u70b9\u786c\u4ef6\u4f9b\u5e94\u5546\u5982\u4f55\u586b\u5145 PCR \u503c\u3002\u4f8b\u5982\uff0c\u54ea\u4e9b\u503c\u53ef\u7528\u4e8e\u9a8c\u8bc1\u3002\u901a\u5e38\uff0c\u4e0a\u8868\u4e2d\u8f6f\u4ef6\u4e0a\u4e0b\u6587\u4e0b\u5217\u51fa\u7684 PCR \u503c\u662f\u4e91\u67b6\u6784\u5e08\u53ef\u4ee5\u76f4\u63a5\u63a7\u5236\u7684\u503c\u3002\u4f46\u5373\u4f7f\u8fd9\u4e9b\u4e5f\u53ef\u80fd\u968f\u7740\u4e91\u4e2d\u8f6f\u4ef6\u7684\u5347\u7ea7\u800c\u6539\u53d8\u3002\u914d\u7f6e\u7ba1\u7406\u5e94\u94fe\u63a5\u5230 PCR \u7b56\u7565\u5f15\u64ce\uff0c\u4ee5\u786e\u4fdd\u9a8c\u8bc1\u59cb\u7ec8\u662f\u6700\u65b0\u7684\u3002 \u6bcf\u4e2a\u5236\u9020\u5546\u90fd\u5fc5\u987b\u4e3a\u5176\u670d\u52a1\u5668\u63d0\u4f9b BIOS \u548c\u56fa\u4ef6\u4ee3\u7801\u3002\u4e0d\u540c\u7684\u670d\u52a1\u5668\u3001\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u548c\u64cd\u4f5c\u7cfb\u7edf\u5c06\u9009\u62e9\u586b\u5145\u4e0d\u540c\u7684 PCR\u3002\u5728\u5927\u591a\u6570\u5b9e\u9645\u90e8\u7f72\u4e2d\uff0c\u4e0d\u53ef\u80fd\u6839\u636e\u5df2\u77e5\u7684\u826f\u597d\u6570\u91cf\uff08\u201c\u9ec4\u91d1\u6d4b\u91cf\u201d\uff09\u9a8c\u8bc1\u6bcf\u4e2aPCR\u3002\u7ecf\u9a8c\u8868\u660e\uff0c\u5373\u4f7f\u5728\u5355\u4e2a\u4f9b\u5e94\u5546\u7684\u4ea7\u54c1\u7ebf\u4e2d\uff0c\u7ed9\u5b9aPCR\u7684\u6d4b\u91cf\u8fc7\u7a0b\u4e5f\u53ef\u80fd\u4e0d\u4e00\u81f4\u3002\u5efa\u8bae\u4e3a\u6bcf\u4e2a\u670d\u52a1\u5668\u5efa\u7acb\u57fa\u7ebf\uff0c\u5e76\u76d1\u89c6 PCR \u503c\u4ee5\u67e5\u627e\u610f\u5916\u66f4\u6539\u3002\u7b2c\u4e09\u65b9\u8f6f\u4ef6\u53ef\u80fd\u53ef\u7528\u4e8e\u534f\u52a9 TPM \u9884\u914d\u548c\u76d1\u89c6\u8fc7\u7a0b\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u6240\u9009\u7684\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u89e3\u51b3\u65b9\u6848\u3002 \u521d\u59cb\u7a0b\u5e8f\u52a0\u8f7d\u7a0b\u5e8f \uff08IPL\uff09 \u4ee3\u7801\u5f88\u53ef\u80fd\u662f PXE \u56fa\u4ef6\uff0c\u5047\u8bbe\u91c7\u7528\u4e0a\u8ff0\u8282\u70b9\u90e8\u7f72\u7b56\u7565\u3002\u56e0\u6b64\uff0c\u5b89\u5168\u542f\u52a8\u6216\u542f\u52a8\u8bc1\u660e\u8fc7\u7a0b\u53ef\u4ee5\u6d4b\u91cf\u6240\u6709\u65e9\u671f\u542f\u52a8\u4ee3\u7801\uff0c\u4f8b\u5982 BIOS\u3001\u56fa\u4ef6\u3001PXE \u56fa\u4ef6\u548c\u5185\u6838\u6620\u50cf\u3002\u786e\u4fdd\u6bcf\u4e2a\u8282\u70b9\u90fd\u5b89\u88c5\u4e86\u8fd9\u4e9b\u90e8\u4ef6\u7684\u6b63\u786e\u7248\u672c\uff0c\u4e3a\u6784\u5efa\u8282\u70b9\u8f6f\u4ef6\u5806\u6808\u7684\u5176\u4f59\u90e8\u5206\u5960\u5b9a\u4e86\u575a\u5b9e\u7684\u57fa\u7840\u3002 \u6839\u636e\u6240\u9009\u7684\u7b56\u7565\uff0c\u5728\u53d1\u751f\u6545\u969c\u65f6\uff0c\u8282\u70b9\u5c06\u65e0\u6cd5\u542f\u52a8\uff0c\u6216\u8005\u5b83\u53ef\u4ee5\u5c06\u6545\u969c\u62a5\u544a\u7ed9\u4e91\u4e2d\u7684\u53e6\u4e00\u4e2a\u5b9e\u4f53\u3002\u4e3a\u4e86\u5b9e\u73b0\u5b89\u5168\u5f15\u5bfc\uff0c\u8282\u70b9\u5c06\u65e0\u6cd5\u5f15\u5bfc\uff0c\u7ba1\u7406\u5b89\u5168\u57df\u4e2d\u7684\u7f6e\u5907\u670d\u52a1\u5fc5\u987b\u8bc6\u522b\u8fd9\u4e00\u70b9\u5e76\u8bb0\u5f55\u4e8b\u4ef6\u3002\u5bf9\u4e8e\u542f\u52a8\u8bc1\u660e\uff0c\u5f53\u68c0\u6d4b\u5230\u6545\u969c\u65f6\uff0c\u8282\u70b9\u5c06\u5df2\u7ecf\u5728\u8fd0\u884c\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u5e94\u901a\u8fc7\u7981\u7528\u8282\u70b9\u7684\u7f51\u7edc\u8bbf\u95ee\u6765\u7acb\u5373\u9694\u79bb\u8282\u70b9\u3002\u7136\u540e\uff0c\u5e94\u5206\u6790\u4e8b\u4ef6\u7684\u6839\u672c\u539f\u56e0\u3002\u65e0\u8bba\u54ea\u79cd\u60c5\u51b5\uff0c\u7b56\u7565\u90fd\u5e94\u89c4\u5b9a\u5728\u5931\u8d25\u540e\u5982\u4f55\u7ee7\u7eed\u3002\u4e91\u53ef\u80fd\u4f1a\u81ea\u52a8\u5c1d\u8bd5\u91cd\u65b0\u914d\u7f6e\u8282\u70b9\u4e00\u5b9a\u6b21\u6570\u3002\u6216\u8005\uff0c\u5b83\u53ef\u80fd\u4f1a\u7acb\u5373\u901a\u77e5\u4e91\u7ba1\u7406\u5458\u8c03\u67e5\u95ee\u9898\u3002\u6b64\u5904\u7684\u6b63\u786e\u7b56\u7565\u662f\u7279\u5b9a\u4e8e\u90e8\u7f72\u548c\u6545\u969c\u6a21\u5f0f\u7684\u3002","title":"\u9a8c\u8bc1\u542f\u52a8"},{"location":"security/security-guide/#_73","text":"\u6b64\u65f6\uff0c\u6211\u4eec\u77e5\u9053\u8282\u70b9\u5df2\u4f7f\u7528\u6b63\u786e\u7684\u5185\u6838\u548c\u5e95\u5c42\u7ec4\u4ef6\u542f\u52a8\u3002\u4e0b\u4e00\u6b65\u662f\u5f3a\u5316\u64cd\u4f5c\u7cfb\u7edf\uff0c\u5b83\u4ece\u4e00\u7ec4\u884c\u4e1a\u516c\u8ba4\u7684\u5f3a\u5316\u63a7\u4ef6\u5f00\u59cb\u3002\u4ee5\u4e0b\u6307\u5357\u662f\u5f88\u597d\u7684\u793a\u4f8b\uff1a \u5b89\u5168\u6280\u672f\u5b9e\u65bd\u6307\u5357 \uff08STIG\uff09 \u56fd\u9632\u4fe1\u606f\u7cfb\u7edf\u5c40 \uff08DISA\uff09\uff08\u96b6\u5c5e\u4e8e\u7f8e\u56fd\u56fd\u9632\u90e8\uff09\u53d1\u5e03\u9002\u7528\u4e8e\u5404\u79cd\u64cd\u4f5c\u7cfb\u7edf\u3001\u5e94\u7528\u7a0b\u5e8f\u548c\u786c\u4ef6\u7684 STIG \u5185\u5bb9\u3002\u8fd9\u4e9b\u63a7\u4ef6\u5728\u672a\u9644\u52a0\u4efb\u4f55\u8bb8\u53ef\u8bc1\u7684\u60c5\u51b5\u4e0b\u53d1\u5e03\u3002 \u4e92\u8054\u7f51\u5b89\u5168\u4e2d\u5fc3 \uff08CIS\uff09 \u57fa\u51c6\u6d4b\u8bd5 CIS \u4f1a\u5b9a\u671f\u53d1\u5e03\u5b89\u5168\u57fa\u51c6\u4ee5\u53ca\u81ea\u52a8\u5e94\u7528\u8fd9\u4e9b\u5b89\u5168\u63a7\u5236\u7684\u81ea\u52a8\u5316\u5de5\u5177\u3002\u8fd9\u4e9b\u57fa\u51c6\u6d4b\u8bd5\u662f\u5728\u5177\u6709\u4e00\u4e9b\u9650\u5236\u7684\u77e5\u8bc6\u5171\u4eab\u8bb8\u53ef\u4e0b\u53d1\u5e03\u7684\u3002 \u8fd9\u4e9b\u5b89\u5168\u63a7\u5236\u6700\u597d\u901a\u8fc7\u81ea\u52a8\u5316\u65b9\u6cd5\u5e94\u7528\u3002\u81ea\u52a8\u5316\u786e\u4fdd\u6bcf\u6b21\u5bf9\u6bcf\u4e2a\u7cfb\u7edf\u90fd\u4ee5\u76f8\u540c\u7684\u65b9\u5f0f\u5e94\u7528\u63a7\u5236\uff0c\u5e76\u4e14\u5b83\u4eec\u8fd8\u63d0\u4f9b\u4e86\u4e00\u79cd\u7528\u4e8e\u5ba1\u6838\u73b0\u6709\u7cfb\u7edf\u7684\u5feb\u901f\u65b9\u6cd5\u3002\u81ea\u52a8\u5316\u6709\u591a\u79cd\u9009\u62e9\uff1a OpenSCAP OpenSCAP \u662f\u4e00\u4e2a\u5f00\u6e90\u5de5\u5177\uff0c\u5b83\u91c7\u7528 SCAP \u5185\u5bb9\uff08\u63cf\u8ff0\u5b89\u5168\u63a7\u5236\u7684 XML \u6587\u4ef6\uff09\u5e76\u5c06\u8be5\u5185\u5bb9\u5e94\u7528\u4e8e\u5404\u79cd\u7cfb\u7edf\u3002\u76ee\u524d\u53ef\u7528\u7684\u5927\u591a\u6570\u5185\u5bb9\u90fd\u9002\u7528\u4e8e Red Hat Enterprise Linux \u548c CentOS\uff0c\u4f46\u8fd9\u4e9b\u5de5\u5177\u9002\u7528\u4e8e\u4efb\u4f55 Linux \u6216 Windows \u7cfb\u7edf\u3002 ansible \u52a0\u56fa ansible-hardening \u9879\u76ee\u63d0\u4f9b\u4e86\u4e00\u4e2a Ansible \u89d2\u8272\uff0c\u53ef\u5c06\u5b89\u5168\u63a7\u5236\u5e94\u7528\u4e8e\u5404\u79cd Linux \u64cd\u4f5c\u7cfb\u7edf\u3002\u5b83\u8fd8\u53ef\u7528\u4e8e\u5ba1\u6838\u73b0\u6709\u7cfb\u7edf\u3002\u4ed4\u7ec6\u68c0\u67e5\u6bcf\u4e2a\u63a7\u5236\u63aa\u65bd\uff0c\u4ee5\u786e\u5b9a\u5b83\u662f\u5426\u53ef\u80fd\u5bf9\u751f\u4ea7\u7cfb\u7edf\u9020\u6210\u635f\u5bb3\u3002\u8fd9\u4e9b\u63a7\u4ef6\u57fa\u4e8e Red Hat Enterprise Linux 7 STIG\u3002 \u5b8c\u5168\u52a0\u56fa\u7684\u7cfb\u7edf\u662f\u4e00\u4e2a\u5177\u6709\u6311\u6218\u6027\u7684\u8fc7\u7a0b\uff0c\u53ef\u80fd\u9700\u8981\u5bf9\u67d0\u4e9b\u7cfb\u7edf\u8fdb\u884c\u5927\u91cf\u66f4\u6539\u3002\u5176\u4e2d\u4e00\u4e9b\u66f4\u6539\u53ef\u80fd\u4f1a\u5f71\u54cd\u751f\u4ea7\u5de5\u4f5c\u8d1f\u8f7d\u3002\u5982\u679c\u7cfb\u7edf\u65e0\u6cd5\u5b8c\u5168\u52a0\u56fa\uff0c\u5f3a\u70c8\u5efa\u8bae\u8fdb\u884c\u4ee5\u4e0b\u4e24\u9879\u66f4\u6539\uff0c\u4ee5\u4fbf\u5728\u4e0d\u9020\u6210\u91cd\u5927\u4e2d\u65ad\u7684\u60c5\u51b5\u4e0b\u63d0\u9ad8\u5b89\u5168\u6027\uff1a","title":"\u8282\u70b9\u52a0\u56fa"},{"location":"security/security-guide/#mac","text":"\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236\u4f1a\u5f71\u54cd\u7cfb\u7edf\u4e0a\u7684\u6240\u6709\u7528\u6237\uff0c\u5305\u62ec root\uff0c\u5185\u6838\u7684\u5de5\u4f5c\u662f\u6839\u636e\u5f53\u524d\u5b89\u5168\u7b56\u7565\u5ba1\u67e5\u6d3b\u52a8\u3002\u5982\u679c\u6d3b\u52a8\u4e0d\u5728\u5141\u8bb8\u7684\u7b56\u7565\u8303\u56f4\u5185\uff0c\u5219\u4f1a\u88ab\u963b\u6b62\uff0c\u5373\u4f7f\u5bf9\u4e8e root \u7528\u6237\u4e5f\u662f\u5982\u6b64\u3002\u6709\u5173\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u67e5\u770b\u4e0b\u9762\u5173\u4e8e sVirt\u3001SELinux \u548c AppArmor \u7684\u8ba8\u8bba\u3002","title":"\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236 \uff08MAC\uff09"},{"location":"security/security-guide/#_74","text":"\u786e\u4fdd\u7cfb\u7edf\u5b89\u88c5\u7684\u8f6f\u4ef6\u5305\u6570\u91cf\u5c3d\u53ef\u80fd\u5c11\uff0c\u5e76\u4e14\u8fd0\u884c\u7684\u670d\u52a1\u6570\u91cf\u5c3d\u53ef\u80fd\u5c11\u3002\u5220\u9664\u4e0d\u9700\u8981\u7684\u8f6f\u4ef6\u5305\u53ef\u4ee5\u66f4\u8f7b\u677e\u5730\u8fdb\u884c\u4fee\u8865\uff0c\u5e76\u51cf\u5c11\u7cfb\u7edf\u4e0a\u53ef\u80fd\u5bfc\u81f4\u8fdd\u89c4\u7684\u9879\u76ee\u6570\u91cf\u3002\u505c\u6b62\u4e0d\u9700\u8981\u7684\u670d\u52a1\u4f1a\u7f29\u5c0f\u7cfb\u7edf\u4e0a\u7684\u653b\u51fb\u9762\uff0c\u5e76\u4f7f\u653b\u51fb\u66f4\u52a0\u56f0\u96be\u3002 \u6211\u4eec\u8fd8\u5efa\u8bae\u5bf9\u751f\u4ea7\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u9644\u52a0\u6b65\u9aa4\uff1a","title":"\u5220\u9664\u8f6f\u4ef6\u5305\u5e76\u505c\u6b62\u670d\u52a1"},{"location":"security/security-guide/#_75","text":"\u5c3d\u53ef\u80fd\u4f7f\u7528\u53ea\u8bfb\u6587\u4ef6\u7cfb\u7edf\u3002\u786e\u4fdd\u53ef\u5199\u6587\u4ef6\u7cfb\u7edf\u4e0d\u5141\u8bb8\u6267\u884c\u3002\u8fd9\u53ef\u4ee5\u4f7f\u7528 noexec \u4e2d\u7684 \u3001 nosuid \u548c nodev \u6302\u8f7d\u9009\u9879\u6765\u5904\u7406 /etc/fstab \u3002","title":"\u53ea\u8bfb\u6587\u4ef6\u7cfb\u7edf"},{"location":"security/security-guide/#_76","text":"\u6700\u540e\uff0c\u8282\u70b9\u5185\u6838\u5e94\u8be5\u6709\u4e00\u79cd\u673a\u5236\u6765\u9a8c\u8bc1\u8282\u70b9\u7684\u5176\u4f59\u90e8\u5206\u662f\u5426\u4ee5\u5df2\u77e5\u7684\u826f\u597d\u72b6\u6001\u542f\u52a8\u3002\u8fd9\u63d0\u4f9b\u4e86\u4ece\u5f15\u5bfc\u9a8c\u8bc1\u8fc7\u7a0b\u5230\u9a8c\u8bc1\u6574\u4e2a\u7cfb\u7edf\u7684\u5fc5\u8981\u94fe\u63a5\u3002\u6267\u884c\u6b64\u64cd\u4f5c\u7684\u6b65\u9aa4\u5c06\u7279\u5b9a\u4e8e\u90e8\u7f72\u3002\u4f8b\u5982\uff0c\u5185\u6838\u6a21\u5757\u53ef\u4ee5\u5728\u4f7f\u7528 dm-verity \u6302\u8f7d\u6587\u4ef6\u7cfb\u7edf\u4e4b\u524d\u9a8c\u8bc1\u7ec4\u6210\u6587\u4ef6\u7cfb\u7edf\u7684\u5757\u7684\u54c8\u5e0c\u503c\u3002","title":"\u7cfb\u7edf\u9a8c\u8bc1"},{"location":"security/security-guide/#_77","text":"\u4e00\u65e6\u8282\u70b9\u8fd0\u884c\uff0c\u6211\u4eec\u9700\u8981\u786e\u4fdd\u5b83\u968f\u7740\u65f6\u95f4\u7684\u63a8\u79fb\u4fdd\u6301\u826f\u597d\u7684\u72b6\u6001\u3002\u4ece\u5e7f\u4e49\u4e0a\u8bb2\uff0c\u8fd9\u5305\u62ec\u914d\u7f6e\u7ba1\u7406\u548c\u5b89\u5168\u76d1\u63a7\u3002\u8fd9\u4e9b\u9886\u57df\u4e2d\u6bcf\u4e2a\u9886\u57df\u7684\u76ee\u6807\u90fd\u4e0d\u540c\u3002\u901a\u8fc7\u68c0\u67e5\u8fd9\u4e24\u8005\uff0c\u6211\u4eec\u53ef\u4ee5\u66f4\u597d\u5730\u786e\u4fdd\u7cfb\u7edf\u6309\u9884\u671f\u8fd0\u884c\u3002\u6211\u4eec\u5c06\u5728\u7ba1\u7406\u90e8\u5206\u8ba8\u8bba\u914d\u7f6e\u7ba1\u7406\uff0c\u5e76\u5728\u4e0b\u9762\u8ba8\u8bba\u5b89\u5168\u76d1\u63a7\u3002","title":"\u8fd0\u884c\u65f6\u9a8c\u8bc1"},{"location":"security/security-guide/#_78","text":"\u57fa\u4e8e\u4e3b\u673a\u7684\u5165\u4fb5\u68c0\u6d4b\u5de5\u5177\u5bf9\u4e8e\u81ea\u52a8\u9a8c\u8bc1\u4e91\u5185\u90e8\u4e5f\u5f88\u6709\u7528\u3002\u6709\u5404\u79cd\u5404\u6837\u7684\u57fa\u4e8e\u4e3b\u673a\u7684\u5165\u4fb5\u68c0\u6d4b\u5de5\u5177\u53ef\u7528\u3002\u6709\u4e9b\u662f\u514d\u8d39\u63d0\u4f9b\u7684\u5f00\u6e90\u9879\u76ee\uff0c\u800c\u53e6\u4e00\u4e9b\u5219\u662f\u5546\u4e1a\u9879\u76ee\u3002\u901a\u5e38\uff0c\u8fd9\u4e9b\u5de5\u5177\u4f1a\u5206\u6790\u6765\u81ea\u5404\u79cd\u6765\u6e90\u7684\u6570\u636e\uff0c\u5e76\u6839\u636e\u89c4\u5219\u96c6\u548c/\u6216\u8bad\u7ec3\u751f\u6210\u5b89\u5168\u8b66\u62a5\u3002\u5178\u578b\u529f\u80fd\u5305\u62ec\u65e5\u5fd7\u5206\u6790\u3001\u6587\u4ef6\u5b8c\u6574\u6027\u68c0\u67e5\u3001\u7b56\u7565\u76d1\u63a7\u548c rootkit \u68c0\u6d4b\u3002\u66f4\u9ad8\u7ea7\uff08\u901a\u5e38\u662f\u81ea\u5b9a\u4e49\uff09\u5de5\u5177\u53ef\u4ee5\u9a8c\u8bc1\u5185\u5b58\u4e2d\u8fdb\u7a0b\u6620\u50cf\u662f\u5426\u4e0e\u78c1\u76d8\u4e0a\u7684\u53ef\u6267\u884c\u6587\u4ef6\u5339\u914d\uff0c\u5e76\u9a8c\u8bc1\u6b63\u5728\u8fd0\u884c\u7684\u8fdb\u7a0b\u7684\u6267\u884c\u72b6\u6001\u3002 \u5bf9\u4e8e\u4e91\u67b6\u6784\u5e08\u6765\u8bf4\uff0c\u4e00\u4e2a\u5173\u952e\u7684\u7b56\u7565\u51b3\u7b56\u662f\u5982\u4f55\u5904\u7406\u5b89\u5168\u76d1\u63a7\u5de5\u5177\u7684\u8f93\u51fa\u3002\u5b9e\u9645\u4e0a\u6709\u4e24\u79cd\u9009\u62e9\u3002\u9996\u5148\u662f\u63d0\u9192\u4eba\u7c7b\u8fdb\u884c\u8c03\u67e5\u548c/\u6216\u91c7\u53d6\u7ea0\u6b63\u63aa\u65bd\u3002\u8fd9\u53ef\u4ee5\u901a\u8fc7\u5728\u4e91\u7ba1\u7406\u5458\u7684\u65e5\u5fd7\u6216\u4e8b\u4ef6\u6e90\u4e2d\u5305\u542b\u5b89\u5168\u8b66\u62a5\u6765\u5b8c\u6210\u3002\u7b2c\u4e8c\u79cd\u9009\u62e9\u662f\u8ba9\u4e91\u81ea\u52a8\u91c7\u53d6\u67d0\u79cd\u5f62\u5f0f\u7684\u8865\u6551\u63aa\u65bd\uff0c\u4ee5\u53ca\u8bb0\u5f55\u4e8b\u4ef6\u3002\u8865\u6551\u63aa\u65bd\u53ef\u80fd\u5305\u62ec\u4ece\u91cd\u65b0\u5b89\u88c5\u8282\u70b9\u5230\u6267\u884c\u6b21\u8981\u670d\u52a1\u914d\u7f6e\u7684\u4efb\u4f55\u5185\u5bb9\u3002\u4f46\u662f\uff0c\u7531\u4e8e\u53ef\u80fd\u5b58\u5728\u8bef\u62a5\uff0c\u81ea\u52a8\u8865\u6551\u63aa\u65bd\u53ef\u80fd\u5177\u6709\u6311\u6218\u6027\u3002 \u5f53\u5b89\u5168\u76d1\u89c6\u5de5\u5177\u4e3a\u826f\u6027\u4e8b\u4ef6\u751f\u6210\u5b89\u5168\u8b66\u62a5\u65f6\uff0c\u4f1a\u53d1\u751f\u8bef\u62a5\u3002\u7531\u4e8e\u5b89\u5168\u76d1\u63a7\u5de5\u5177\u7684\u6027\u8d28\uff0c\u8bef\u62a5\u80af\u5b9a\u4f1a\u4e0d\u65f6\u53d1\u751f\u3002\u901a\u5e38\uff0c\u4e91\u7ba1\u7406\u5458\u53ef\u4ee5\u8c03\u6574\u5b89\u5168\u76d1\u63a7\u5de5\u5177\u4ee5\u51cf\u5c11\u8bef\u62a5\uff0c\u4f46\u8fd9\u4e5f\u53ef\u80fd\u540c\u65f6\u964d\u4f4e\u6574\u4f53\u68c0\u6d4b\u7387\u3002\u5728\u4e91\u4e2d\u8bbe\u7f6e\u5b89\u5168\u76d1\u63a7\u7cfb\u7edf\u65f6\uff0c\u5fc5\u987b\u4e86\u89e3\u5e76\u8003\u8651\u8fd9\u4e9b\u7ecf\u5178\u7684\u6743\u8861\u3002 \u57fa\u4e8e\u4e3b\u673a\u7684\u5165\u4fb5\u68c0\u6d4b\u5de5\u5177\u7684\u9009\u62e9\u548c\u914d\u7f6e\u5177\u6709\u9ad8\u5ea6\u7684\u90e8\u7f72\u7279\u5f02\u6027\u3002\u6211\u4eec\u5efa\u8bae\u4ece\u63a2\u7d22\u4ee5\u4e0b\u5f00\u6e90\u9879\u76ee\u5f00\u59cb\uff0c\u8fd9\u4e9b\u9879\u76ee\u5b9e\u73b0\u4e86\u5404\u79cd\u57fa\u4e8e\u4e3b\u673a\u7684\u5165\u4fb5\u68c0\u6d4b\u548c\u6587\u4ef6\u76d1\u63a7\u529f\u80fd\u3002 OSSEC Samhain Tripwire AIDE \u7f51\u7edc\u5165\u4fb5\u68c0\u6d4b\u5de5\u5177\u662f\u5bf9\u57fa\u4e8e\u4e3b\u673a\u7684\u5de5\u5177\u7684\u8865\u5145\u3002OpenStack \u6ca1\u6709\u5185\u7f6e\u7279\u5b9a\u7684\u7f51\u7edc IDS\uff0c\u4f46 OpenStack Networking \u63d0\u4f9b\u4e86\u4e00\u79cd\u63d2\u4ef6\u673a\u5236\uff0c\u53ef\u4ee5\u901a\u8fc7 Networking API \u542f\u7528\u4e0d\u540c\u7684\u6280\u672f\u3002\u6b64\u63d2\u4ef6\u4f53\u7cfb\u7ed3\u6784\u5c06\u5141\u8bb8\u79df\u6237\u5f00\u53d1 API \u6269\u5c55\uff0c\u4ee5\u63d2\u5165\u548c\u914d\u7f6e\u81ea\u5df1\u7684\u9ad8\u7ea7\u7f51\u7edc\u670d\u52a1\uff0c\u4f8b\u5982\u9632\u706b\u5899\u3001\u5165\u4fb5\u68c0\u6d4b\u7cfb\u7edf\u6216\u865a\u62df\u673a\u4e4b\u95f4\u7684 VPN\u3002 \u4e0e\u57fa\u4e8e\u4e3b\u673a\u7684\u5de5\u5177\u7c7b\u4f3c\uff0c\u57fa\u4e8e\u7f51\u7edc\u7684\u5165\u4fb5\u68c0\u6d4b\u5de5\u5177\u7684\u9009\u62e9\u548c\u914d\u7f6e\u662f\u7279\u5b9a\u4e8e\u90e8\u7f72\u7684\u3002Snort \u662f\u9886\u5148\u7684\u5f00\u6e90\u7f51\u7edc\u5165\u4fb5\u68c0\u6d4b\u5de5\u5177\uff0c\u4e5f\u662f\u4e86\u89e3\u66f4\u591a\u4fe1\u606f\u7684\u826f\u597d\u8d77\u70b9\u3002 \u5bf9\u4e8e\u57fa\u4e8e\u7f51\u7edc\u548c\u4e3b\u673a\u7684\u5165\u4fb5\u68c0\u6d4b\u7cfb\u7edf\uff0c\u6709\u4e00\u4e9b\u91cd\u8981\u7684\u5b89\u5168\u6ce8\u610f\u4e8b\u9879\u3002 \u91cd\u8981\u7684\u662f\u8981\u8003\u8651\u5c06\u7f51\u7edc IDS \u653e\u7f6e\u5728\u4e91\u4e0a\uff08\u4f8b\u5982\uff0c\u5c06\u5176\u6dfb\u52a0\u5230\u7f51\u7edc\u8fb9\u754c\u548c/\u6216\u654f\u611f\u7f51\u7edc\u5468\u56f4\uff09\u3002\u653e\u7f6e\u4f4d\u7f6e\u53d6\u51b3\u4e8e\u60a8\u7684\u7f51\u7edc\u73af\u5883\uff0c\u4f46\u8bf7\u786e\u4fdd\u76d1\u63a7 IDS \u53ef\u80fd\u5bf9\u60a8\u7684\u670d\u52a1\u4ea7\u751f\u7684\u5f71\u54cd\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u60a8\u9009\u62e9\u6dfb\u52a0\u7684\u4f4d\u7f6e\u3002\u7f51\u7edc IDS \u901a\u5e38\u65e0\u6cd5\u68c0\u67e5\u52a0\u5bc6\u6d41\u91cf\uff08\u5982 TLS\uff09\u7684\u5185\u5bb9\u3002\u4f46\u662f\uff0c\u7f51\u7edc IDS \u5728\u8bc6\u522b\u7f51\u7edc\u4e0a\u7684\u5f02\u5e38\u672a\u52a0\u5bc6\u6d41\u91cf\u65b9\u9762\u4ecd\u53ef\u80fd\u63d0\u4f9b\u4e00\u4e9b\u597d\u5904\u3002 \u5728\u67d0\u4e9b\u90e8\u7f72\u4e2d\uff0c\u53ef\u80fd\u9700\u8981\u5728\u5b89\u5168\u57df\u7f51\u6865\u4e0a\u7684\u654f\u611f\u7ec4\u4ef6\u4e0a\u6dfb\u52a0\u57fa\u4e8e\u4e3b\u673a\u7684 IDS\u3002\u57fa\u4e8e\u4e3b\u673a\u7684 IDS \u53ef\u80fd\u4f1a\u901a\u8fc7\u7ec4\u4ef6\u4e0a\u906d\u5230\u5165\u4fb5\u6216\u672a\u7ecf\u6388\u6743\u7684\u8fdb\u7a0b\u6765\u68c0\u6d4b\u5f02\u5e38\u6d3b\u52a8\u3002IDS \u5e94\u5728\u7ba1\u7406\u7f51\u7edc\u4e0a\u4f20\u8f93\u8b66\u62a5\u548c\u65e5\u5fd7\u4fe1\u606f\u3002","title":"\u5165\u4fb5\u68c0\u6d4b\u7cfb\u7edf"},{"location":"security/security-guide/#_79","text":"\u4e91\u73af\u5883\u4e2d\u7684\u670d\u52a1\u5668\uff0c\u5305\u62ec undercloud \u548c overcloud \u57fa\u7840\u67b6\u6784\uff0c\u5e94\u5b9e\u65bd\u5f3a\u5316\u6700\u4f73\u5b9e\u8df5\u3002\u7531\u4e8e\u64cd\u4f5c\u7cfb\u7edf\u548c\u670d\u52a1\u5668\u5f3a\u5316\u5f88\u5e38\u89c1\uff0c\u56e0\u6b64\u6b64\u5904\u4e0d\u6db5\u76d6\u9002\u7528\u7684\u6700\u4f73\u5b9e\u8df5\uff0c\u5305\u62ec\u4f46\u4e0d\u9650\u4e8e\u65e5\u5fd7\u8bb0\u5f55\u3001\u7528\u6237\u5e10\u6237\u9650\u5236\u548c\u5b9a\u671f\u66f4\u65b0\uff0c\u4f46\u5e94\u5e94\u7528\u4e8e\u6240\u6709\u57fa\u7840\u7ed3\u6784\u3002","title":"\u670d\u52a1\u5668\u52a0\u56fa"},{"location":"security/security-guide/#fim","text":"\u6587\u4ef6\u5b8c\u6574\u6027\u7ba1\u7406 \uff08FIM\uff09 \u662f\u786e\u4fdd\u654f\u611f\u7cfb\u7edf\u6216\u5e94\u7528\u7a0b\u5e8f\u914d\u7f6e\u6587\u4ef6\u7b49\u6587\u4ef6\u4e0d\u4f1a\u635f\u574f\u6216\u66f4\u6539\u4ee5\u5141\u8bb8\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u6216\u6076\u610f\u884c\u4e3a\u7684\u65b9\u6cd5\u3002\u8fd9\u53ef\u4ee5\u901a\u8fc7\u5b9e\u7528\u7a0b\u5e8f\uff08\u5982 Samhain\uff09\u6765\u5b8c\u6210\uff0c\u8be5\u5b9e\u7528\u7a0b\u5e8f\u5c06\u521b\u5efa\u6307\u5b9a\u8d44\u6e90\u7684\u6821\u9a8c\u548c\u54c8\u5e0c\uff0c\u7136\u540e\u5b9a\u671f\u9a8c\u8bc1\u8be5\u54c8\u5e0c\uff0c\u6216\u8005\u901a\u8fc7 DMVerity \u7b49\u5de5\u5177\u6765\u5b8c\u6210\uff0c\u8be5\u5de5\u5177\u53ef\u4ee5\u83b7\u53d6\u5757\u8bbe\u5907\u7684\u54c8\u5e0c\u503c\uff0c\u5e76\u5728\u7cfb\u7edf\u8bbf\u95ee\u8fd9\u4e9b\u54c8\u5e0c\u503c\u65f6\u5bf9\u5176\u8fdb\u884c\u9a8c\u8bc1\uff0c\u7136\u540e\u518d\u5c06\u5176\u5448\u73b0\u7ed9\u7528\u6237\u3002 \u8fd9\u4e9b\u5e94\u8be5\u653e\u5728\u9002\u5f53\u7684\u4f4d\u7f6e\uff0c\u4ee5\u76d1\u63a7\u548c\u62a5\u544a\u5bf9\u7cfb\u7edf\u3001\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u548c\u5e94\u7528\u7a0b\u5e8f\u914d\u7f6e\u6587\u4ef6\uff08\u5982 \u548c /etc/keystone/keystone.conf \uff09\u4ee5\u53ca\u5185\u6838\u6a21\u5757\uff08\u5982 /etc/pam.d/system-auth virtio\uff09\u7684\u66f4\u6539\u3002\u6700\u4f73\u505a\u6cd5\u662f\u4f7f\u7528 lsmod \u547d\u4ee4\u6765\u663e\u793a\u7cfb\u7edf\u4e0a\u5b9a\u671f\u52a0\u8f7d\u7684\u5185\u5bb9\uff0c\u4ee5\u5e2e\u52a9\u786e\u5b9a FIM \u68c0\u67e5\u4e2d\u5e94\u5305\u542b\u6216\u4e0d\u5e94\u5305\u542b\u7684\u5185\u5bb9\u3002","title":"\u6587\u4ef6\u5b8c\u6574\u6027\u7ba1\u7406\uff08FIM\uff09"},{"location":"security/security-guide/#_80","text":"\u7ba1\u7406\u5458\u9700\u8981\u5bf9\u4e91\u6267\u884c\u547d\u4ee4\u548c\u63a7\u5236\uff0c\u4ee5\u5b9e\u73b0\u5404\u79cd\u64cd\u4f5c\u529f\u80fd\u3002\u7406\u89e3\u548c\u4fdd\u62a4\u8fd9\u4e9b\u6307\u6325\u548c\u63a7\u5236\u8bbe\u65bd\u975e\u5e38\u91cd\u8981\u3002 OpenStack \u4e3a\u8fd0\u7ef4\u4eba\u5458\u548c\u79df\u6237\u63d0\u4f9b\u4e86\u591a\u79cd\u7ba1\u7406\u754c\u9762\uff1a OpenStack \u4eea\u8868\u677f \uff08horizon\uff09 OpenStack \u63a5\u53e3 \u5b89\u5168\u5916\u58f3 \uff08SSH\uff09 OpenStack \u7ba1\u7406\u5b9e\u7528\u7a0b\u5e8f\uff0c\u4f8b\u5982 nova-manage \u548c glance-manage \u5e26\u5916\u7ba1\u7406\u63a5\u53e3\uff0c\u5982 IPMI","title":"\u7ba1\u7406\u754c\u9762"},{"location":"security/security-guide/#_81","text":"OpenStack \u4eea\u8868\u677f \uff08horizon\uff09 \u4e3a\u7ba1\u7406\u5458\u548c\u79df\u6237\u63d0\u4f9b\u4e86\u4e00\u4e2a\u57fa\u4e8e Web \u7684\u56fe\u5f62\u754c\u9762\uff0c\u7528\u4e8e\u7f6e\u5907\u548c\u8bbf\u95ee\u57fa\u4e8e\u4e91\u7684\u8d44\u6e90\u3002\u4eea\u8868\u677f\u901a\u8fc7\u8c03\u7528 OpenStack API \u4e0e\u540e\u7aef\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\u3002","title":"\u4eea\u8868\u677f"},{"location":"security/security-guide/#_82","text":"\u4f5c\u4e3a\u4e91\u7ba1\u7406\u5458\uff0c\u4eea\u8868\u677f\u63d0\u4f9b\u4e91\u5927\u5c0f\u548c\u72b6\u6001\u7684\u6574\u4f53\u89c6\u56fe\u3002\u60a8\u53ef\u4ee5\u521b\u5efa\u7528\u6237\u548c\u79df\u6237/\u9879\u76ee\uff0c\u5c06\u7528\u6237\u5206\u914d\u7ed9\u79df\u6237/\u9879\u76ee\uff0c\u5e76\u5bf9\u53ef\u4f9b\u4ed6\u4eec\u4f7f\u7528\u7684\u8d44\u6e90\u8bbe\u7f6e\u9650\u5236\u3002 \u4eea\u8868\u677f\u4e3a\u79df\u6237\u7528\u6237\u63d0\u4f9b\u4e86\u4e00\u4e2a\u81ea\u52a9\u670d\u52a1\u95e8\u6237\uff0c\u7528\u4e8e\u5728\u7ba1\u7406\u5458\u8bbe\u7f6e\u7684\u9650\u5236\u8303\u56f4\u5185\u9884\u914d\u81ea\u5df1\u7684\u8d44\u6e90\u3002 \u4eea\u8868\u677f\u4e3a\u8def\u7531\u5668\u548c\u8d1f\u8f7d\u5e73\u8861\u5668\u63d0\u4f9b GUI \u652f\u6301\u3002\u4f8b\u5982\uff0c\u4eea\u8868\u677f\u73b0\u5728\u5b9e\u73b0\u4e86\u6240\u6709\u4e3b\u8981\u7684\u7f51\u7edc\u529f\u80fd\u3002 \u5b83\u662f\u4e00\u4e2a\u53ef\u6269\u5c55\u7684 Django Web \u5e94\u7528\u7a0b\u5e8f\uff0c\u5141\u8bb8\u8f7b\u677e\u63d2\u5165\u7b2c\u4e09\u65b9\u4ea7\u54c1\u548c\u670d\u52a1\uff0c\u4f8b\u5982\u8ba1\u8d39\u3001\u76d1\u63a7\u548c\u5176\u4ed6\u7ba1\u7406\u5de5\u5177\u3002 \u4eea\u8868\u677f\u8fd8\u53ef\u4ee5\u4e3a\u670d\u52a1\u63d0\u4f9b\u5546\u548c\u5176\u4ed6\u5546\u4e1a\u4f9b\u5e94\u5546\u6253\u9020\u54c1\u724c\u3002","title":"\u529f\u80fd"},{"location":"security/security-guide/#_83","text":"\u4eea\u8868\u677f\u8981\u6c42\u5728 Web \u6d4f\u89c8\u5668\u4e2d\u542f\u7528 Cookie \u548c JavaScript\u3002 \u6258\u7ba1\u4eea\u8868\u677f\u7684 Web \u670d\u52a1\u5668\u5e94\u914d\u7f6e\u4e3a\u4f7f\u7528 TLS\uff0c\u4ee5\u786e\u4fdd\u6570\u636e\u5df2\u52a0\u5bc6\u3002 Horizon Web Service \u53ca\u5176\u7528\u4e8e\u4e0e\u540e\u7aef\u901a\u4fe1\u7684 OpenStack API \u90fd\u5bb9\u6613\u53d7\u5230 Web \u653b\u51fb\u5a92\u4ecb\uff08\u5982\u62d2\u7edd\u670d\u52a1\uff09\u7684\u653b\u51fb\uff0c\u56e0\u6b64\u5fc5\u987b\u5bf9\u5176\u8fdb\u884c\u76d1\u63a7\u3002 \u73b0\u5728\u53ef\u4ee5\u901a\u8fc7\u4eea\u8868\u677f\u5c06\u955c\u50cf\u6587\u4ef6\u76f4\u63a5\u4ece\u7528\u6237\u7684\u786c\u76d8\u4e0a\u4f20\u5230 OpenStack \u955c\u50cf\u670d\u52a1\uff08\u5c3d\u7ba1\u5b58\u5728\u8bb8\u591a\u90e8\u7f72/\u5b89\u5168\u9690\u60a3\uff09\u3002\u5bf9\u4e8e\u591a GB \u7684\u6620\u50cf\uff0c\u4ecd\u5f3a\u70c8\u5efa\u8bae\u4f7f\u7528 glance CLI \u8fdb\u884c\u4e0a\u4f20\u3002 \u901a\u8fc7\u4eea\u8868\u76d8\u521b\u5efa\u548c\u7ba1\u7406\u5b89\u5168\u7ec4\u3002\u5b89\u5168\u7ec4\u5141\u8bb8\u5bf9\u5b89\u5168\u7b56\u7565\u8fdb\u884c L3-L4 \u6570\u636e\u5305\u7b5b\u9009\uff0c\u4ee5\u4fdd\u62a4\u865a\u62df\u673a\u3002","title":"\u5b89\u5168\u6ce8\u610f\u4e8b\u9879"},{"location":"security/security-guide/#_84","text":"OpenStack.org\uff0cReleaseNotes/Liberty\u30022015. OpenStack Liberty \u53d1\u884c\u8bf4\u660e","title":"\u53c2\u8003\u4e66\u76ee"},{"location":"security/security-guide/#openstack_3","text":"OpenStack API \u662f\u4e00\u4e2a RESTful Web \u670d\u52a1\u7aef\u70b9\uff0c\u7528\u4e8e\u8bbf\u95ee\u3001\u914d\u7f6e\u548c\u81ea\u52a8\u5316\u57fa\u4e8e\u4e91\u7684\u8d44\u6e90\u3002\u64cd\u4f5c\u5458\u548c\u7528\u6237\u901a\u5e38\u901a\u8fc7\u547d\u4ee4\u884c\u5b9e\u7528\u7a0b\u5e8f\uff08\u4f8b\u5982\uff0c nova \u6216\uff09\u3001\u7279\u5b9a\u4e8e\u8bed\u8a00\u7684\u5e93\u6216 glance \u7b2c\u4e09\u65b9\u5de5\u5177\u8bbf\u95ee API\u3002","title":"OpenStack \u63a5\u53e3"},{"location":"security/security-guide/#_85","text":"To the cloud administrator, the API provides an overall view of the size and state of the cloud deployment and allows the creation of users, tenants/projects, assigning users to tenants/projects, and specifying resource quotas on a per tenant/project basis. \u5bf9\u4e8e\u4e91\u7ba1\u7406\u5458\u6765\u8bf4\uff0cAPI \u63d0\u4f9b\u4e86\u4e91\u90e8\u7f72\u5927\u5c0f\u548c\u72b6\u6001\u7684\u6574\u4f53\u89c6\u56fe\uff0c\u5e76\u5141\u8bb8\u521b\u5efa\u7528\u6237\u3001\u79df\u6237/\u9879\u76ee\u3001\u5c06\u7528\u6237\u5206\u914d\u7ed9\u79df\u6237/\u9879\u76ee\uff0c\u4ee5\u53ca\u4e3a\u6bcf\u4e2a\u79df\u6237/\u9879\u76ee\u6307\u5b9a\u8d44\u6e90\u914d\u989d\u3002 The API provides a tenant interface for provisioning, managing, and accessing their resources. API \u63d0\u4f9b\u4e86\u4e00\u4e2a\u79df\u6237\u63a5\u53e3\uff0c\u7528\u4e8e\u9884\u914d\u3001\u7ba1\u7406\u548c\u8bbf\u95ee\u5176\u8d44\u6e90\u3002","title":"\u529f\u80fd"},{"location":"security/security-guide/#_86","text":"\u5e94\u4e3a TLS \u914d\u7f6e API \u670d\u52a1\uff0c\u4ee5\u786e\u4fdd\u6570\u636e\u5df2\u52a0\u5bc6\u3002 \u4f5c\u4e3a Web \u670d\u52a1\uff0cOpenStack API \u5bb9\u6613\u53d7\u5230\u719f\u6089\u7684\u7f51\u7ad9\u653b\u51fb\u5a92\u4ecb\u7684\u5f71\u54cd\uff0c\u4f8b\u5982\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002","title":"\u5b89\u5168\u6ce8\u610f\u4e8b\u9879"},{"location":"security/security-guide/#ssh","text":"\u4f7f\u7528\u5b89\u5168\u5916\u58f3 \uff08SSH\uff09 \u8bbf\u95ee\u6765\u7ba1\u7406 Linux \u548c Unix \u7cfb\u7edf\u5df2\u6210\u4e3a\u884c\u4e1a\u60ef\u4f8b\u3002SSH \u4f7f\u7528\u5b89\u5168\u7684\u52a0\u5bc6\u539f\u8bed\u8fdb\u884c\u901a\u4fe1\u3002\u9274\u4e8e SSH \u5728\u5178\u578b OpenStack \u90e8\u7f72\u4e2d\u7684\u8303\u56f4\u548c\u91cd\u8981\u6027\uff0c\u4e86\u89e3\u90e8\u7f72 SSH \u7684\u6700\u4f73\u5b9e\u8df5\u975e\u5e38\u91cd\u8981\u3002","title":"\u5b89\u5168\u5916\u58f3 \uff08SSH\uff09"},{"location":"security/security-guide/#_87","text":"\u7ecf\u5e38\u88ab\u5ffd\u89c6\u7684\u662f SSH \u4e3b\u673a\u7684\u5bc6\u94a5\u7ba1\u7406\u9700\u6c42\u3002\u7531\u4e8e OpenStack \u90e8\u7f72\u4e2d\u7684\u5927\u591a\u6570\u6216\u6240\u6709\u4e3b\u673a\u90fd\u5c06\u63d0\u4f9b SSH \u670d\u52a1\uff0c\u56e0\u6b64\u5bf9\u4e0e\u8fd9\u4e9b\u4e3b\u673a\u7684\u8fde\u63a5\u5145\u6ee1\u4fe1\u5fc3\u975e\u5e38\u91cd\u8981\u3002\u4e0d\u80fd\u4f4e\u4f30\u7684\u662f\uff0c\u672a\u80fd\u63d0\u4f9b\u5408\u7406\u5b89\u5168\u4e14\u53ef\u8bbf\u95ee\u7684\u65b9\u6cd5\u6765\u9a8c\u8bc1 SSH \u4e3b\u673a\u5bc6\u94a5\u6307\u7eb9\u662f\u6ee5\u7528\u548c\u5229\u7528\u7684\u6210\u719f\u65f6\u673a\u3002 \u6240\u6709 SSH \u5b88\u62a4\u7a0b\u5e8f\u90fd\u5177\u6709\u4e13\u7528\u4e3b\u673a\u5bc6\u94a5\uff0c\u5e76\u5728\u8fde\u63a5\u65f6\u63d0\u4f9b\u4e3b\u673a\u5bc6\u94a5\u6307\u7eb9\u3002\u6b64\u4e3b\u673a\u5bc6\u94a5\u6307\u7eb9\u662f\u672a\u7b7e\u540d\u516c\u94a5\u7684\u54c8\u5e0c\u503c\u3002\u5728\u4e0e\u8fd9\u4e9b\u4e3b\u673a\u5efa\u7acb SSH \u8fde\u63a5\u4e4b\u524d\uff0c\u5fc5\u987b\u77e5\u9053\u8fd9\u4e9b\u4e3b\u673a\u5bc6\u94a5\u6307\u7eb9\u3002\u9a8c\u8bc1\u4e3b\u673a\u5bc6\u94a5\u6307\u7eb9\u6709\u52a9\u4e8e\u68c0\u6d4b\u4e2d\u95f4\u4eba\u653b\u51fb\u3002 \u901a\u5e38\uff0c\u5728\u5b89\u88c5 SSH \u5b88\u62a4\u7a0b\u5e8f\u65f6\uff0c\u5c06\u751f\u6210\u4e3b\u673a\u5bc6\u94a5\u3002\u5728\u4e3b\u673a\u5bc6\u94a5\u751f\u6210\u8fc7\u7a0b\u4e2d\uff0c\u4e3b\u673a\u5fc5\u987b\u5177\u6709\u8db3\u591f\u7684\u71b5\u3002\u4e3b\u673a\u5bc6\u94a5\u751f\u6210\u671f\u95f4\u7684\u71b5\u4e0d\u8db3\u53ef\u80fd\u5bfc\u81f4\u7a83\u542c SSH \u4f1a\u8bdd\u3002 \u751f\u6210 SSH \u4e3b\u673a\u5bc6\u94a5\u540e\uff0c\u4e3b\u673a\u5bc6\u94a5\u6307\u7eb9\u5e94\u5b58\u50a8\u5728\u5b89\u5168\u4e14\u53ef\u67e5\u8be2\u7684\u4f4d\u7f6e\u3002\u4e00\u4e2a\u7279\u522b\u65b9\u4fbf\u7684\u89e3\u51b3\u65b9\u6848\u662f\u4f7f\u7528 RFC-4255 \u4e2d\u5b9a\u4e49\u7684 SSHFP \u8d44\u6e90\u8bb0\u5f55\u7684 DNS\u3002\u4e3a\u4e86\u5b89\u5168\u8d77\u89c1\uff0c\u6709\u5fc5\u8981\u90e8\u7f72 DNSSEC\u3002","title":"\u4e3b\u673a\u5bc6\u94a5\u6307\u7eb9"},{"location":"security/security-guide/#_88","text":"OpenStack Management Utilities \u662f\u8fdb\u884c API \u8c03\u7528\u7684\u5f00\u6e90 Python \u547d\u4ee4\u884c\u5ba2\u6237\u7aef\u3002\u6bcf\u4e2a OpenStack \u670d\u52a1\u90fd\u6709\u4e00\u4e2a\u5ba2\u6237\u7aef\uff08\u4f8b\u5982\uff0cnova\u3001glance\uff09\u3002\u9664\u4e86\u6807\u51c6\u7684 CLI \u5ba2\u6237\u7aef\u4e4b\u5916\uff0c\u5927\u591a\u6570\u670d\u52a1\u90fd\u5177\u6709\u7ba1\u7406\u547d\u4ee4\u884c\u5b9e\u7528\u7a0b\u5e8f\uff0c\u7528\u4e8e\u76f4\u63a5\u8c03\u7528\u6570\u636e\u5e93\u3002\u8fd9\u4e9b\u4e13\u7528\u7ba1\u7406\u5b9e\u7528\u7a0b\u5e8f\u6b63\u5728\u6162\u6162\u88ab\u5f03\u7528\u3002","title":"\u7ba1\u7406\u5b9e\u7528\u7a0b\u5e8f"},{"location":"security/security-guide/#_89","text":"\u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\uff0c\u4e13\u7528\u7ba1\u7406\u5b9e\u7528\u7a0b\u5e8f \uff08*-manage\uff09 \u4f7f\u7528\u76f4\u63a5\u6570\u636e\u5e93\u8fde\u63a5\u3002 \u786e\u4fdd\u5305\u542b\u51ed\u636e\u4fe1\u606f\u7684 .rc \u6587\u4ef6\u662f\u5b89\u5168\u7684\u3002","title":"\u5b89\u5168\u6ce8\u610f\u4e8b\u9879"},{"location":"security/security-guide/#_90","text":"OpenStack.org\uff0c\u201cOpenStack \u6700\u7ec8\u7528\u6237\u6307\u5357\u201d\u90e8\u5206\u30022016. OpenStack \u547d\u4ee4\u884c\u5ba2\u6237\u7aef\u6982\u8ff0\u3002 OpenStack.org\uff0c\u4f7f\u7528 OpenStack RC \u6587\u4ef6\u8bbe\u7f6e\u73af\u5883\u53d8\u91cf\u30022016. \u4e0b\u8f7d\u5e76\u83b7\u53d6 OpenStack RC \u6587\u4ef6\u3002","title":"\u53c2\u8003\u4e66\u76ee"},{"location":"security/security-guide/#_91","text":"OpenStack \u7ba1\u7406\u4f9d\u8d56\u4e8e\u5e26\u5916\u7ba1\u7406\u63a5\u53e3\uff08\u5982 IPMI \u534f\u8bae\uff09\u6765\u8bbf\u95ee\u8fd0\u884c OpenStack \u7ec4\u4ef6\u7684\u8282\u70b9\u3002IPMI \u662f\u4e00\u79cd\u975e\u5e38\u6d41\u884c\u7684\u89c4\u8303\uff0c\u7528\u4e8e\u8fdc\u7a0b\u7ba1\u7406\u3001\u8bca\u65ad\u548c\u91cd\u65b0\u542f\u52a8\u670d\u52a1\u5668\uff0c\u65e0\u8bba\u64cd\u4f5c\u7cfb\u7edf\u6b63\u5728\u8fd0\u884c\u8fd8\u662f\u7cfb\u7edf\u5d29\u6e83\u3002","title":"\u5e26\u5916\u7ba1\u7406\u63a5\u53e3"},{"location":"security/security-guide/#_92","text":"\u4f7f\u7528\u5f3a\u5bc6\u7801\u5e76\u4fdd\u62a4\u5b83\u4eec\uff0c\u6216\u4f7f\u7528\u5ba2\u6237\u7aef TLS \u8eab\u4efd\u9a8c\u8bc1\u3002 \u786e\u4fdd\u7f51\u7edc\u63a5\u53e3\u4f4d\u4e8e\u5176\u81ea\u5df1\u7684\u4e13\u7528\uff08\u7ba1\u7406\u6216\u5355\u72ec\u7684\uff09\u7f51\u7edc\u4e0a\u3002\u4f7f\u7528\u9632\u706b\u5899\u6216\u5176\u4ed6\u7f51\u7edc\u8bbe\u5907\u9694\u79bb\u7ba1\u7406\u57df\u3002 \u5982\u679c\u60a8\u4f7f\u7528 Web \u754c\u9762\u4e0e BMC/IPMI \u4ea4\u4e92\uff0c\u8bf7\u59cb\u7ec8\u4f7f\u7528 TLS \u63a5\u53e3\uff0c\u4f8b\u5982 HTTPS \u6216\u7aef\u53e3 443\u3002\u6b64 TLS \u63a5\u53e3\u4e0d\u5e94\u4f7f\u7528\u81ea\u7b7e\u540d\u8bc1\u4e66\uff08\u901a\u5e38\u662f\u9ed8\u8ba4\u7684\uff09\uff0c\u4f46\u5e94\u5177\u6709\u4f7f\u7528\u6b63\u786e\u5b9a\u4e49\u7684\u5b8c\u5168\u9650\u5b9a\u57df\u540d \uff08FQDN\uff09 \u7684\u53d7\u4fe1\u4efb\u8bc1\u4e66\u3002 \u76d1\u63a7\u7ba1\u7406\u7f51\u7edc\u4e0a\u7684\u6d41\u91cf\u3002\u4e0e\u7e41\u5fd9\u7684\u8ba1\u7b97\u8282\u70b9\u76f8\u6bd4\uff0c\u5f02\u5e38\u53ef\u80fd\u66f4\u5bb9\u6613\u8ddf\u8e2a\u3002 \u5e26\u5916\u7ba1\u7406\u754c\u9762\u901a\u5e38\u8fd8\u5305\u62ec\u56fe\u5f62\u8ba1\u7b97\u673a\u63a7\u5236\u53f0\u8bbf\u95ee\u3002\u8fd9\u4e9b\u63a5\u53e3\u901a\u5e38\u53ef\u4ee5\u52a0\u5bc6\uff0c\u4f46\u4e0d\u4e00\u5b9a\u662f\u9ed8\u8ba4\u7684\u3002\u8bf7\u53c2\u9605\u7cfb\u7edf\u8f6f\u4ef6\u6587\u6863\u4ee5\u52a0\u5bc6\u8fd9\u4e9b\u63a5\u53e3\u3002","title":"\u5b89\u5168\u6ce8\u610f\u4e8b\u9879"},{"location":"security/security-guide/#_93","text":"SANS \u6280\u672f\u7814\u7a76\u6240\uff0cInfoSec Handlers \u65e5\u8bb0\u535a\u5ba2\u30022012. \u9ed1\u5ba2\u653b\u51fb\u5df2\u5173\u95ed\u7684\u670d\u52a1\u5668\u3002","title":"\u53c2\u8003\u4e66\u76ee"},{"location":"security/security-guide/#_94","text":"\u8bbe\u5907\u95f4\u901a\u4fe1\u662f\u4e00\u4e2a\u4e25\u91cd\u7684\u5b89\u5168\u95ee\u9898\u3002\u5728\u5927\u578b\u9879\u76ee\u9519\u8bef\uff08\u5982 Heartbleed\uff09\u6216\u66f4\u9ad8\u7ea7\u7684\u653b\u51fb\uff08\u5982 BEAST \u548c CRIME\uff09\u4e4b\u95f4\uff0c\u901a\u8fc7\u7f51\u7edc\u8fdb\u884c\u5b89\u5168\u901a\u4fe1\u7684\u65b9\u6cd5\u53d8\u5f97\u8d8a\u6765\u8d8a\u91cd\u8981\u3002\u4f46\u662f\uff0c\u5e94\u8be5\u8bb0\u4f4f\uff0c\u52a0\u5bc6\u5e94\u8be5\u4f5c\u4e3a\u66f4\u5927\u7684\u5b89\u5168\u7b56\u7565\u7684\u4e00\u90e8\u5206\u6765\u5e94\u7528\u3002\u7aef\u70b9\u7684\u5165\u4fb5\u610f\u5473\u7740\u653b\u51fb\u8005\u4e0d\u518d\u9700\u8981\u7834\u574f\u6240\u4f7f\u7528\u7684\u52a0\u5bc6\uff0c\u800c\u662f\u80fd\u591f\u5728\u7cfb\u7edf\u5904\u7406\u6d88\u606f\u65f6\u67e5\u770b\u548c\u64cd\u7eb5\u6d88\u606f\u3002 \u672c\u7ae0\u5c06\u56de\u987e\u6709\u5173\u914d\u7f6e TLS \u4ee5\u4fdd\u62a4\u5185\u90e8\u548c\u5916\u90e8\u8d44\u6e90\u7684\u51e0\u4e2a\u529f\u80fd\uff0c\u5e76\u6307\u51fa\u5e94\u7279\u522b\u6ce8\u610f\u7684\u7279\u5b9a\u7c7b\u522b\u7684\u7cfb\u7edf\u3002 TLS \u548c SSL \u7b80\u4ecb \u8bc1\u4e66\u9881\u53d1\u673a\u6784 TLS \u5e93 \u52a0\u5bc6\u7b97\u6cd5\u3001\u5bc6\u7801\u6a21\u5f0f\u548c\u534f\u8bae \u603b\u7ed3 TLS \u4ee3\u7406\u548c HTTP \u670d\u52a1 \u4f8b\u5b50 HTTP \u4e25\u683c\u4f20\u8f93\u5b89\u5168\u6027 \u5b8c\u7f8e\u524d\u5411\u4fdd\u5bc6 \u5b89\u5168\u53c2\u8003\u67b6\u6784 SSL/TLS \u4ee3\u7406\u5728\u524d\u9762 SSL/TLS \u4e0e API \u7aef\u70b9\u4f4d\u4e8e\u540c\u4e00\u7269\u7406\u4e3b\u673a\u4e0a \u8d1f\u8f7d\u5747\u8861\u5668\u4e0a\u7684 SSL/TLS \u5916\u90e8\u548c\u5185\u90e8\u73af\u5883\u7684\u52a0\u5bc6\u5206\u79bb","title":"\u5b89\u5168\u901a\u4fe1"},{"location":"security/security-guide/#tls-ssl","text":"\u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\uff0c\u9700\u8981\u5b89\u5168\u6765\u786e\u4fdd OpenStack \u90e8\u7f72\u4e2d\u7f51\u7edc\u6d41\u91cf\u7684\u673a\u5bc6\u6027\u6216\u5b8c\u6574\u6027\u3002\u8fd9\u901a\u5e38\u662f\u4f7f\u7528\u52a0\u5bc6\u63aa\u65bd\u5b9e\u73b0\u7684\uff0c\u4f8b\u5982\u4f20\u8f93\u5c42\u5b89\u5168\u6027 \uff08TLS\uff09 \u534f\u8bae\u3002 \u5728\u5178\u578b\u90e8\u7f72\u4e2d\uff0c\u901a\u8fc7\u516c\u5171\u7f51\u7edc\u4f20\u8f93\u7684\u6240\u6709\u6d41\u91cf\u90fd\u662f\u5b89\u5168\u7684\uff0c\u4f46\u5b89\u5168\u6700\u4f73\u5b9e\u8df5\u8981\u6c42\u5185\u90e8\u6d41\u91cf\u4e5f\u5fc5\u987b\u5f97\u5230\u4fdd\u62a4\u3002\u4ec5\u4ec5\u4f9d\u9760\u5b89\u5168\u57df\u5206\u79bb\u8fdb\u884c\u4fdd\u62a4\u662f\u4e0d\u591f\u7684\u3002\u5982\u679c\u653b\u51fb\u8005\u83b7\u5f97\u5bf9\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u6216\u4e3b\u673a\u8d44\u6e90\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u7834\u574f API \u7aef\u70b9\u6216\u4efb\u4f55\u5176\u4ed6\u670d\u52a1\uff0c\u5219\u4ed6\u4eec\u4e00\u5b9a\u65e0\u6cd5\u8f7b\u677e\u6ce8\u5165\u6216\u6355\u83b7\u6d88\u606f\u3001\u547d\u4ee4\u6216\u4ee5\u5176\u4ed6\u65b9\u5f0f\u5f71\u54cd\u4e91\u7684\u7ba1\u7406\u529f\u80fd\u3002 \u6240\u6709\u57df\u90fd\u5e94\u4f7f\u7528 TLS \u8fdb\u884c\u4fdd\u62a4\uff0c\u5305\u62ec\u7ba1\u7406\u57df\u670d\u52a1\u548c\u670d\u52a1\u5185\u901a\u4fe1\u3002TLS \u63d0\u4f9b\u4e86\u786e\u4fdd\u7528\u6237\u4e0e OpenStack \u670d\u52a1\u4e4b\u95f4\u4ee5\u53ca OpenStack \u670d\u52a1\u672c\u8eab\u4e4b\u95f4\u901a\u4fe1\u7684\u8eab\u4efd\u9a8c\u8bc1\u3001\u4e0d\u53ef\u5426\u8ba4\u6027\u3001\u673a\u5bc6\u6027\u548c\u5b8c\u6574\u6027\u7684\u673a\u5236\u3002 \u7531\u4e8e\u5b89\u5168\u5957\u63a5\u5b57\u5c42 \uff08SSL\uff09 \u534f\u8bae\u4e2d\u5df2\u53d1\u5e03\u7684\u6f0f\u6d1e\uff0c\u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\u4f18\u5148\u4f7f\u7528 TLS \u800c\u4e0d\u662f SSL\uff0c\u5e76\u4e14\u5728\u4efb\u4f55\u60c5\u51b5\u4e0b\u90fd\u7981\u7528 SSL\uff0c\u9664\u975e\u9700\u8981\u4e0e\u8fc7\u65f6\u7684\u6d4f\u89c8\u5668\u6216\u5e93\u517c\u5bb9\u3002 \u516c\u94a5\u57fa\u7840\u8bbe\u65bd \uff08PKI\uff09 \u662f\u7528\u4e8e\u4fdd\u62a4\u7f51\u7edc\u901a\u4fe1\u7684\u6846\u67b6\u3002\u5b83\u7531\u4e00\u7ec4\u7cfb\u7edf\u548c\u6d41\u7a0b\u7ec4\u6210\uff0c\u4ee5\u786e\u4fdd\u5728\u9a8c\u8bc1\u5404\u65b9\u8eab\u4efd\u7684\u540c\u65f6\u53ef\u4ee5\u5b89\u5168\u5730\u53d1\u9001\u6d41\u91cf\u3002\u6b64\u5904\u63cf\u8ff0\u7684 PKI \u914d\u7f6e\u6587\u4ef6\u662f\u7531 PKIX \u5de5\u4f5c\u7ec4\u5f00\u53d1\u7684 Internet \u5de5\u7a0b\u4efb\u52a1\u7ec4 \uff08IETF\uff09 \u516c\u94a5\u57fa\u7840\u7ed3\u6784 \uff08PKIX\uff09 \u914d\u7f6e\u6587\u4ef6\u3002PKI\u7684\u6838\u5fc3\u7ec4\u4ef6\u5305\u62ec\uff1a \u6570\u5b57\u8bc1\u4e66 \u7b7e\u540d\u516c\u94a5\u8bc1\u4e66\u662f\u5177\u6709\u5b9e\u4f53\u7684\u53ef\u9a8c\u8bc1\u6570\u636e\u3001\u5176\u516c\u94a5\u4ee5\u53ca\u5176\u4ed6\u4e00\u4e9b\u5c5e\u6027\u7684\u6570\u636e\u7ed3\u6784\u3002\u8fd9\u4e9b\u8bc1\u4e66\u7531\u8bc1\u4e66\u9881\u53d1\u673a\u6784 \uff08CA\uff09 \u9881\u53d1\u3002\u7531\u4e8e\u8bc1\u4e66\u7531\u53d7\u4fe1\u4efb\u7684 CA \u7b7e\u540d\uff0c\u56e0\u6b64\u4e00\u65e6\u9a8c\u8bc1\uff0c\u4e0e\u5b9e\u4f53\u5173\u8054\u7684\u516c\u94a5\u5c06\u4fdd\u8bc1\u4e0e\u6240\u8ff0\u5b9e\u4f53\u76f8\u5173\u8054\u3002\u7528\u4e8e\u5b9a\u4e49\u8fd9\u4e9b\u8bc1\u4e66\u7684\u6700\u5e38\u89c1\u6807\u51c6\u662f X.509 \u6807\u51c6\u3002X.509 v3 \u662f\u5f53\u524d\u7684\u6807\u51c6\uff0c\u5728 RFC5280 \u4e2d\u8fdb\u884c\u4e86\u8be6\u7ec6\u63cf\u8ff0\u3002\u8bc1\u4e66\u7531 CA \u9881\u53d1\uff0c\u4f5c\u4e3a\u8bc1\u660e\u5728\u7ebf\u5b9e\u4f53\u8eab\u4efd\u7684\u673a\u5236\u3002CA \u901a\u8fc7\u4ece\u8bc1\u4e66\u521b\u5efa\u6d88\u606f\u6458\u8981\u5e76\u4f7f\u7528\u5176\u79c1\u94a5\u5bf9\u6458\u8981\u8fdb\u884c\u52a0\u5bc6\uff0c\u5bf9\u8bc1\u4e66\u8fdb\u884c\u6570\u5b57\u7b7e\u540d\u3002 \u7ed3\u675f\u5b9e\u4f53 \u4f5c\u4e3a\u8bc1\u4e66\u4e3b\u9898\u7684\u7528\u6237\u3001\u8fdb\u7a0b\u6216\u7cfb\u7edf\u3002\u6700\u7ec8\u5b9e\u4f53\u5c06\u5176\u8bc1\u4e66\u8bf7\u6c42\u53d1\u9001\u5230\u6ce8\u518c\u673a\u6784 \uff08RA\uff09 \u8fdb\u884c\u5ba1\u6279\u3002\u5982\u679c\u83b7\u5f97\u6279\u51c6\uff0cRA \u4f1a\u5c06\u8bf7\u6c42\u8f6c\u53d1\u7ed9\u8bc1\u4e66\u9881\u53d1\u673a\u6784 \uff08CA\uff09\u3002\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u9a8c\u8bc1\u8bf7\u6c42\uff0c\u5982\u679c\u4fe1\u606f\u6b63\u786e\uff0c\u5219\u751f\u6210\u8bc1\u4e66\u5e76\u7b7e\u540d\u3002\u7136\u540e\uff0c\u6b64\u7b7e\u540d\u8bc1\u4e66\u5c06\u53d1\u9001\u5230\u8bc1\u4e66\u5b58\u50a8\u5e93\u3002 \u4fe1\u8d56\u65b9 \u63a5\u6536\u6570\u5b57\u7b7e\u540d\u8bc1\u4e66\u7684\u7ec8\u7ed3\u70b9\uff0c\u8be5\u8bc1\u4e66\u53ef\u53c2\u8003\u8bc1\u4e66\u4e0a\u5217\u51fa\u7684\u516c\u94a5\u8fdb\u884c\u9a8c\u8bc1\u3002\u4fe1\u8d56\u65b9\u5e94\u80fd\u591f\u9a8c\u8bc1\u8bc1\u4e66\u7684\u94fe\u4e0a\uff0c\u786e\u4fdd\u5b83\u4e0d\u5b58\u5728\u4e8e CRL \u4e2d\uff0c\u5e76\u4e14\u8fd8\u5fc5\u987b\u80fd\u591f\u9a8c\u8bc1\u8bc1\u4e66\u7684\u5230\u671f\u65e5\u671f\u3002 \u8bc1\u4e66\u9881\u53d1\u673a\u6784 \uff08CA\uff09 CA \u662f\u53d7\u4fe1\u4efb\u7684\u5b9e\u4f53\uff0c\u65e0\u8bba\u662f\u6700\u7ec8\u65b9\u8fd8\u662f\u4f9d\u8d56\u8bc1\u4e66\u8fdb\u884c\u8bc1\u4e66\u7b56\u7565\u3001\u7ba1\u7406\u5904\u7406\u548c\u8bc1\u4e66\u9881\u53d1\u7684\u4e00\u65b9\u3002 \u6ce8\u518c\u673a\u6784 \uff08RA\uff09 CA \u5c06\u67d0\u4e9b\u7ba1\u7406\u529f\u80fd\u59d4\u6d3e\u7ed9\u7684\u53ef\u9009\u7cfb\u7edf\uff0c\u8fd9\u5305\u62ec\u5728 CA \u9881\u53d1\u8bc1\u4e66\u4e4b\u524d\u5bf9\u7ec8\u7aef\u5b9e\u4f53\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u7b49\u529f\u80fd\u3002 \u8bc1\u4e66\u540a\u9500\u5217\u8868 \uff08CRL\uff09 \u8bc1\u4e66\u540a\u9500\u5217\u8868 \uff08CRL\uff09 \u662f\u5df2\u540a\u9500\u7684\u8bc1\u4e66\u5e8f\u5217\u53f7\u5217\u8868\u3002\u5728 PKI \u6a21\u578b\u4e2d\uff0c\u4e0d\u5e94\u4fe1\u4efb\u63d0\u4f9b\u8fd9\u4e9b\u8bc1\u4e66\u7684\u6700\u7ec8\u5b9e\u4f53\u3002\u540a\u9500\u53ef\u80fd\u7531\u4e8e\u591a\u79cd\u539f\u56e0\u800c\u53d1\u751f\uff0c\u4f8b\u5982\u5bc6\u94a5\u6cc4\u9732\u3001CA \u6cc4\u9732\u3002 CRL \u53d1\u884c\u4eba CA \u5c06\u8bc1\u4e66\u540a\u9500\u5217\u8868\u7684\u53d1\u5e03\u59d4\u6258\u7ed9\u7684\u53ef\u9009\u7cfb\u7edf\u3002 \u8bc1\u4e66\u5b58\u50a8\u5e93 \u5b58\u50a8\u548c\u67e5\u627e\u6700\u7ec8\u5b9e\u4f53\u8bc1\u4e66\u548c\u8bc1\u4e66\u540a\u9500\u5217\u8868\u7684\u4f4d\u7f6e - \u6709\u65f6\u79f0\u4e3a\u8bc1\u4e66\u6346\u7ed1\u5305\u3002 PKI \u6784\u5efa\u4e86\u4e00\u4e2a\u6846\u67b6\uff0c\u7528\u4e8e\u63d0\u4f9b\u52a0\u5bc6\u7b97\u6cd5\u3001\u5bc6\u7801\u6a21\u5f0f\u548c\u534f\u8bae\uff0c\u4ee5\u4fdd\u62a4\u6570\u636e\u548c\u8eab\u4efd\u9a8c\u8bc1\u3002\u5f3a\u70c8\u5efa\u8bae\u4f7f\u7528\u516c\u94a5\u57fa\u7840\u7ed3\u6784 \uff08PKI\uff09 \u4fdd\u62a4\u6240\u6709\u670d\u52a1\uff0c\u5305\u62ec\u5bf9 API \u7ec8\u7ed3\u70b9\u4f7f\u7528 TLS\u3002\u4ec5\u9760\u4f20\u8f93\u6216\u6d88\u606f\u7684\u52a0\u5bc6\u6216\u7b7e\u540d\u662f\u4e0d\u53ef\u80fd\u89e3\u51b3\u6240\u6709\u8fd9\u4e9b\u95ee\u9898\u7684\u3002\u4e3b\u673a\u672c\u8eab\u5fc5\u987b\u662f\u5b89\u5168\u7684\uff0c\u5e76\u5b9e\u65bd\u7b56\u7565\u3001\u547d\u540d\u7a7a\u95f4\u548c\u5176\u4ed6\u63a7\u5236\u63aa\u65bd\u6765\u4fdd\u62a4\u5176\u79c1\u6709\u51ed\u636e\u548c\u5bc6\u94a5\u3002\u4f46\u662f\uff0c\u5bc6\u94a5\u7ba1\u7406\u548c\u4fdd\u62a4\u7684\u6311\u6218\u5e76\u6ca1\u6709\u51cf\u5c11\u8fd9\u4e9b\u63a7\u5236\u7684\u5fc5\u8981\u6027\uff0c\u4e5f\u6ca1\u6709\u964d\u4f4e\u5b83\u4eec\u7684\u91cd\u8981\u6027\u3002","title":"TLS \u548c SSL \u7b80\u4ecb"},{"location":"security/security-guide/#_95","text":"\u8bb8\u591a\u7ec4\u7ec7\u90fd\u5efa\u7acb\u4e86\u516c\u94a5\u57fa\u7840\u8bbe\u65bd\uff0c\u5176\u4e2d\u5305\u542b\u81ea\u5df1\u7684\u8bc1\u4e66\u9881\u53d1\u673a\u6784 \uff08CA\uff09\u3001\u8bc1\u4e66\u7b56\u7565\u548c\u7ba1\u7406\uff0c\u4ed6\u4eec\u5e94\u8be5\u4f7f\u7528\u8fd9\u4e9b\u8bc1\u4e66\u4e3a\u5185\u90e8 OpenStack \u7528\u6237\u6216\u670d\u52a1\u9881\u53d1\u8bc1\u4e66\u3002\u516c\u5171\u5b89\u5168\u57df\u9762\u5411 Internet \u7684\u7ec4\u7ec7\u8fd8\u9700\u8981\u7531\u5e7f\u6cdb\u8ba4\u53ef\u7684\u516c\u5171 CA \u7b7e\u540d\u7684\u8bc1\u4e66\u3002\u5bf9\u4e8e\u901a\u8fc7\u7ba1\u7406\u7f51\u7edc\u8fdb\u884c\u7684\u52a0\u5bc6\u901a\u4fe1\uff0c\u5efa\u8bae\u4e0d\u8981\u4f7f\u7528\u516c\u5171 CA\u3002\u76f8\u53cd\uff0c\u6211\u4eec\u671f\u671b\u5e76\u5efa\u8bae\u5927\u591a\u6570\u90e8\u7f72\u90e8\u7f72\u81ea\u5df1\u7684\u5185\u90e8 CA\u3002 \u5efa\u8bae OpenStack \u4e91\u67b6\u6784\u5e08\u8003\u8651\u5bf9\u5185\u90e8\u7cfb\u7edf\u548c\u9762\u5411\u5ba2\u6237\u7684\u670d\u52a1\u4f7f\u7528\u5355\u72ec\u7684 PKI \u90e8\u7f72\u3002\u8fd9\u4f7f\u4e91\u90e8\u7f72\u4eba\u5458\u80fd\u591f\u4fdd\u6301\u5bf9\u5176 PKI \u57fa\u7840\u8bbe\u65bd\u7684\u63a7\u5236\uff0c\u5e76\u4e14\u4f7f\u5185\u90e8\u7cfb\u7edf\u7684\u8bc1\u4e66\u8bf7\u6c42\u3001\u7b7e\u540d\u548c\u90e8\u7f72\u53d8\u5f97\u66f4\u52a0\u5bb9\u6613\u3002\u9ad8\u7ea7\u914d\u7f6e\u53ef\u4ee5\u5bf9\u4e0d\u540c\u7684\u5b89\u5168\u57df\u4f7f\u7528\u5355\u72ec\u7684 PKI \u90e8\u7f72\u3002\u8fd9\u5141\u8bb8\u90e8\u7f72\u4eba\u5458\u4fdd\u6301\u73af\u5883\u7684\u52a0\u5bc6\u9694\u79bb\uff0c\u786e\u4fdd\u9881\u53d1\u7ed9\u4e00\u4e2a\u73af\u5883\u7684\u8bc1\u4e66\u4e0d\u88ab\u53e6\u4e00\u4e2a\u73af\u5883\u8bc6\u522b\u3002 \u7528\u4e8e\u5728\u9762\u5411 Internet \u7684\u4e91\u7aef\u70b9\uff08\u6216\u5ba2\u6237\u63a5\u53e3\uff0c\u5176\u4e2d\u5ba2\u6237\u9884\u8ba1\u4e0d\u4f1a\u5b89\u88c5\u9664\u6807\u51c6\u64cd\u4f5c\u7cfb\u7edf\u63d0\u4f9b\u7684\u8bc1\u4e66\u6346\u7ed1\u5305\u4ee5\u5916\u7684\u4efb\u4f55\u5185\u5bb9\uff09\u4e0a\u652f\u6301 TLS \u7684\u8bc1\u4e66\u5e94\u4f7f\u7528\u5b89\u88c5\u5728\u64cd\u4f5c\u7cfb\u7edf\u8bc1\u4e66\u6346\u7ed1\u5305\u4e2d\u7684\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u8fdb\u884c\u9884\u914d\u3002\u5178\u578b\u7684\u77e5\u540d\u4f9b\u5e94\u5546\u5305\u62ec Let's Encrypt\u3001Verisign \u548c Thawte\uff0c\u4f46\u8fd8\u6709\u8bb8\u591a\u5176\u4ed6\u4f9b\u5e94\u5546\u3002 \u5728\u521b\u5efa\u548c\u7b7e\u7f72\u8bc1\u4e66\u65b9\u9762\u5b58\u5728\u7ba1\u7406\u3001\u7b56\u7565\u548c\u6280\u672f\u65b9\u9762\u7684\u6311\u6218\u3002\u5728\u8fd9\u4e2a\u9886\u57df\uff0c\u4e91\u67b6\u6784\u5e08\u6216\u64cd\u4f5c\u5458\u53ef\u80fd\u5e0c\u671b\u5bfb\u6c42\u884c\u4e1a\u9886\u5bfc\u8005\u548c\u4f9b\u5e94\u5546\u7684\u5efa\u8bae\uff0c\u4ee5\u53ca\u6b64\u5904\u63a8\u8350\u7684\u6307\u5bfc\u3002","title":"\u8bc1\u4e66\u9881\u53d1\u673a\u6784"},{"location":"security/security-guide/#tls","text":"OpenStack \u751f\u6001\u7cfb\u7edf\u4e2d\u7684\u7ec4\u4ef6\u3001\u670d\u52a1\u548c\u5e94\u7528\u7a0b\u5e8f\u6216 OpenStack \u7684\u4f9d\u8d56\u9879\u5df2\u5b9e\u73b0\u6216\u53ef\u4ee5\u914d\u7f6e\u4e3a\u4f7f\u7528 TLS \u5e93\u3002OpenStack \u4e2d\u7684 TLS \u548c HTTP \u670d\u52a1\u901a\u5e38\u4f7f\u7528 OpenSSL \u5b9e\u73b0\uff0cOpenSSL \u5177\u6709\u5df2\u9488\u5bf9 FIPS 140-2 \u9a8c\u8bc1\u7684\u6a21\u5757\u3002\u4f46\u662f\uff0c\u8bf7\u8bb0\u4f4f\uff0c\u6bcf\u4e2a\u5e94\u7528\u7a0b\u5e8f\u6216\u670d\u52a1\u5728\u4f7f\u7528 OpenSSL \u5e93\u7684\u65b9\u5f0f\u4e0a\u4ecd\u53ef\u80fd\u5f15\u5165\u5f31\u70b9\u3002","title":"TLS \u5e93"},{"location":"security/security-guide/#_96","text":"\u5efa\u8bae\u81f3\u5c11\u4f7f\u7528 TLS 1.2\u3002\u65e7\u7248\u672c\uff08\u5982 TLS 1.0\u30011.1 \u548c\u6240\u6709\u7248\u672c\u7684 SSL\uff08TLS \u7684\u524d\u8eab\uff09\u5bb9\u6613\u53d7\u5230\u591a\u79cd\u516c\u5f00\u5df2\u77e5\u7684\u653b\u51fb\uff0c\u56e0\u6b64\u4e0d\u5f97\u4f7f\u7528\u3002TLS 1.2 \u53ef\u7528\u4e8e\u5e7f\u6cdb\u7684\u5ba2\u6237\u7aef\u517c\u5bb9\u6027\uff0c\u4f46\u5728\u542f\u7528\u6b64\u534f\u8bae\u65f6\u8981\u5c0f\u5fc3\u3002\u4ec5\u5f53\u5b58\u5728\u5f3a\u5236\u6027\u517c\u5bb9\u6027\u8981\u6c42\u5e76\u4e14\u60a8\u4e86\u89e3\u6240\u6d89\u53ca\u7684\u98ce\u9669\u65f6\uff0c\u624d\u542f\u7528 TLS \u7248\u672c 1.1\u3002 \u4f7f\u7528 TLS 1.2 \u5e76\u540c\u65f6\u63a7\u5236\u5ba2\u6237\u7aef\u548c\u670d\u52a1\u5668\u65f6\uff0c\u5bc6\u7801\u5957\u4ef6\u5e94\u9650\u5236\u4e3a ECDHE-ECDSA-AES256-GCM-SHA384 .\u5728\u4e0d\u63a7\u5236\u8fd9\u4e24\u4e2a\u7ec8\u7ed3\u70b9\u5e76\u4f7f\u7528 TLS 1.1 \u6216 1.2 \u7684\u60c5\u51b5\u4e0b\uff0c\u66f4\u901a\u7528 HIGH:!aNULL:!eNULL:!DES:!3DES:!SSLv3:!TLSv1:!CAMELLIA \u7684\u662f\u5408\u7406\u7684\u5bc6\u7801\u9009\u62e9\u3002 \u4f46\u662f\uff0c\u7531\u4e8e\u672c\u4e66\u5e76\u4e0d\u6253\u7b97\u5168\u9762\u4ecb\u7ecd\u5bc6\u7801\u5b66\uff0c\u56e0\u6b64\u6211\u4eec\u4e0d\u5e0c\u671b\u89c4\u5b9a\u5728OpenStack\u670d\u52a1\u4e2d\u5e94\u8be5\u542f\u7528\u6216\u7981\u7528\u54ea\u4e9b\u7279\u5b9a\u7684\u7b97\u6cd5\u6216\u5bc6\u7801\u6a21\u5f0f\u3002\u6211\u4eec\u60f3\u63a8\u8350\u4e00\u4e9b\u6743\u5a01\u7684\u53c2\u8003\u8d44\u6599\uff0c\u4ee5\u63d0\u4f9b\u66f4\u591a\u4fe1\u606f\uff1a \u56fd\u5bb6\u5b89\u5168\u5c40\uff0cSuite B \u5bc6\u7801\u5b66 OWASP\u5bc6\u7801\u5b66\u6307\u5357 OWASP \u4f20\u8f93\u5c42\u4fdd\u62a4\u5907\u5fd8\u5355 SoK\uff1aSSL \u548c HTTPS\uff1a\u91cd\u6e29\u8fc7\u53bb\u7684\u6311\u6218\u5e76\u8bc4\u4f30\u8bc1\u4e66\u4fe1\u4efb\u6a21\u578b\u589e\u5f3a\u529f\u80fd \u4e16\u754c\u4e0a\u6700\u5371\u9669\u7684\u4ee3\u7801\uff1a\u5728\u975e\u6d4f\u89c8\u5668\u8f6f\u4ef6\u4e2d\u9a8c\u8bc1SSL\u8bc1\u4e66 OpenSSL \u548c FIPS 140-2","title":"\u52a0\u5bc6\u7b97\u6cd5\u3001\u5bc6\u7801\u6a21\u5f0f\u548c\u534f\u8bae"},{"location":"security/security-guide/#_97","text":"\u9274\u4e8e OpenStack \u7ec4\u4ef6\u7684\u590d\u6742\u6027\u548c\u90e8\u7f72\u53ef\u80fd\u6027\u7684\u6570\u91cf\uff0c\u60a8\u5fc5\u987b\u6ce8\u610f\u786e\u4fdd\u6bcf\u4e2a\u7ec4\u4ef6\u90fd\u83b7\u5f97 TLS \u8bc1\u4e66\u3001\u5bc6\u94a5\u548c CA \u7684\u9002\u5f53\u914d\u7f6e\u3002\u540e\u7eed\u90e8\u5206\u5c06\u8ba8\u8bba\u4ee5\u4e0b\u670d\u52a1\uff1a \u8ba1\u7b97 API \u7aef\u70b9 \u8eab\u4efd API \u7aef\u70b9 \u7f51\u7edc API \u7aef\u70b9 \u5b58\u50a8 API \u7aef\u70b9 \u6d88\u606f\u670d\u52a1\u5668 \u6570\u636e\u5e93\u670d\u52a1\u5668 \u4eea\u8868\u677f","title":"\u603b\u7ed3"},{"location":"security/security-guide/#tls-http","text":"OpenStack\u7684\u7ec8\u7aef\u662f\u63d0\u4f9bAPI\u7ed9\u516c\u5171\u7f51\u7edc\u4e0a\u7684\u7ec8\u7aef\u7528\u6237\u548c\u7ba1\u7406\u7f51\u7edc\u4e0a\u7684\u5176\u4ed6OpenStack\u670d\u52a1\u7684HTTP\u670d\u52a1\u3002\u5f3a\u70c8\u5efa\u8bae\u6240\u6709\u8fd9\u4e9b\u8bf7\u6c42\uff0c\u65e0\u8bba\u662f\u5185\u90e8\u8fd8\u662f\u5916\u90e8\uff0c\u90fd\u4f7f\u7528TLS\u8fdb\u884c\u64cd\u4f5c\u3002\u4e3a\u4e86\u5b9e\u73b0\u8fd9\u4e2a\u76ee\u6807\uff0cAPI\u670d\u52a1\u5fc5\u987b\u90e8\u7f72\u5728TLS\u4ee3\u7406\u540e\u9762\uff0c\u8be5\u4ee3\u7406\u80fd\u591f\u5efa\u7acb\u548c\u7ec8\u6b62TLS\u4f1a\u8bdd\u3002\u4e0b\u8868\u63d0\u4f9b\u4e86\u53ef\u7528\u4e8e\u6b64\u76ee\u7684\u7684\u5f00\u6e90\u8f6f\u4ef6\u7684\u975e\u8be6\u5c3d\u5217\u8868\uff1a Pound Stud Nginx Apache httpd \u5728\u8f6f\u4ef6\u7ec8\u7aef\u6027\u80fd\u4e0d\u8db3\u7684\u60c5\u51b5\u4e0b\uff0c\u786c\u4ef6\u52a0\u901f\u5668\u53ef\u80fd\u503c\u5f97\u63a2\u7d22\u4f5c\u4e3a\u66ff\u4ee3\u9009\u9879\u3002\u8bf7\u52a1\u5fc5\u6ce8\u610f\u4efb\u4f55\u9009\u5b9a\u7684 TLS \u4ee3\u7406\u5c06\u5904\u7406\u7684\u8bf7\u6c42\u7684\u5927\u5c0f\u3002","title":"TLS \u4ee3\u7406\u548c HTTP \u670d\u52a1"},{"location":"security/security-guide/#_98","text":"\u4e0b\u9762\u6211\u4eec\u63d0\u4f9b\u4e86\u4e00\u4e9b\u66f4\u6d41\u884c\u7684 Web \u670d\u52a1\u5668/TLS \u7ec8\u7ed3\u5668\u4e2d\u542f\u7528 TLS \u7684\u63a8\u8350\u914d\u7f6e\u8bbe\u7f6e\u793a\u4f8b\u3002 \u5728\u6df1\u5165\u7814\u7a76\u914d\u7f6e\u4e4b\u524d\uff0c\u6211\u4eec\u7b80\u8981\u8ba8\u8bba\u5bc6\u7801\u7684\u914d\u7f6e\u5143\u7d20\u53ca\u5176\u683c\u5f0f\u3002\u6709\u5173\u53ef\u7528\u5bc6\u7801\u548c OpenSSL \u5bc6\u7801\u5217\u8868\u683c\u5f0f\u7684\u66f4\u8be6\u5c3d\u5904\u7406\uff0c\u8bf7\u53c2\u9605\uff1a\u5bc6\u7801\u3002 ciphers = \"HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM\" \u6216 ciphers = \"kEECDH:kEDH:kRSA:HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM\" \u5bc6\u7801\u5b57\u7b26\u4e32\u9009\u9879\u7531 \u201c\uff1a\u201d \u5206\u9694\uff0c\u800c \u201c\uff01\u201d \u63d0\u4f9b\u7d27\u63a5\u7740\u7684\u5143\u7d20\u7684\u5426\u5b9a\u3002\u5143\u7d20\u987a\u5e8f\u6307\u793a\u9996\u9009\u9879\uff0c\u9664\u975e\u88ab\u9650\u5b9a\u7b26\uff08\u5982 HIGH\uff09\u8986\u76d6\u3002\u8ba9\u6211\u4eec\u4ed4\u7ec6\u770b\u770b\u4e0a\u9762\u793a\u4f8b\u5b57\u7b26\u4e32\u4e2d\u7684\u5143\u7d20\u3002 kEECDH:kEDH \u4e34\u65f6\u692d\u5706\u66f2\u7ebf Diffie-Hellman\uff08\u7f29\u5199\u4e3a EECDH \u548c ECDHE\uff09\u3002 Ephemeral Diffie-Hellman\uff08\u7f29\u5199\u4e3a EDH \u6216 DHE\uff09\u4f7f\u7528\u7d20\u6570\u573a\u7fa4\u3002 \u8fd9\u4e24\u79cd\u65b9\u6cd5\u90fd\u63d0\u4f9b\u5b8c\u5168\u524d\u5411\u4fdd\u5bc6 \uff08PFS\uff09\u3002\u6709\u5173\u6b63\u786e\u914d\u7f6e PFS \u7684\u66f4\u591a\u8ba8\u8bba\uff0c\u8bf7\u53c2\u9605\u5b8c\u5168\u524d\u5411\u4fdd\u5bc6\u3002 \u4e34\u65f6\u692d\u5706\u66f2\u7ebf\u8981\u6c42\u670d\u52a1\u5668\u914d\u7f6e\u547d\u540d\u66f2\u7ebf\uff0c\u5e76\u63d0\u4f9b\u6bd4\u4e3b\u5b57\u6bb5\u7ec4\u66f4\u597d\u7684\u5b89\u5168\u6027\u548c\u66f4\u4f4e\u7684\u8ba1\u7b97\u6210\u672c\u3002\u4f46\u662f\uff0c\u4e3b\u8981\u5b57\u6bb5\u7ec4\u7684\u5b9e\u73b0\u8303\u56f4\u66f4\u5e7f\uff0c\u56e0\u6b64\u901a\u5e38\u4e24\u8005\u90fd\u5305\u542b\u5728\u5217\u8868\u4e2d\u3002 kRSA \u5206\u522b\u4f7f\u7528 RSA \u4ea4\u6362\u3001\u8eab\u4efd\u9a8c\u8bc1\u6216\u4e24\u8005\u4e4b\u4e00\u7684\u5bc6\u7801\u5957\u4ef6\u3002 HIGH \u5728\u534f\u5546\u9636\u6bb5\u9009\u62e9\u53ef\u80fd\u7684\u6700\u9ad8\u5b89\u5168\u5bc6\u7801\u3002\u8fd9\u4e9b\u5bc6\u94a5\u901a\u5e38\u5177\u6709\u957f\u5ea6\u4e3a 128 \u4f4d\u6216\u66f4\u957f\u7684\u5bc6\u94a5\u3002 !RC4 \u6ca1\u6709 RC4\u3002RC4 \u5728 TLS V3 \u7684\u4e0a\u4e0b\u6587\u4e2d\u5b58\u5728\u7f3a\u9677\u3002\u8bf7\u53c2\u9605 TLS \u548c WPA \u4e2d RC4 \u7684\u5b89\u5168\u6027\u3002 !MD5 \u6ca1\u6709 MD5\u3002MD5 \u4e0d\u5177\u6709\u9632\u51b2\u7a81\u529f\u80fd\uff0c\u56e0\u6b64\u4e0d\u63a5\u53d7\u6d88\u606f\u9a8c\u8bc1\u7801 \uff08MAC\uff09 \u6216\u7b7e\u540d\u3002 !aNULL:!eNULL Disallows clear text. \u4e0d\u5141\u8bb8\u660e\u6587\u3002 !EXP \u4e0d\u5141\u8bb8\u5bfc\u51fa\u52a0\u5bc6\u7b97\u6cd5\uff0c\u8fd9\u4e9b\u7b97\u6cd5\u5728\u8bbe\u8ba1\u4e0a\u5f80\u5f80\u5f88\u5f31\uff0c\u901a\u5e38\u4f7f\u7528 40 \u4f4d\u548c 56 \u4f4d\u5bc6\u94a5\u3002 \u7f8e\u56fd\u5bf9\u5bc6\u7801\u5b66\u7cfb\u7edf\u7684\u51fa\u53e3\u9650\u5236\u5df2\u88ab\u53d6\u6d88\uff0c\u4e0d\u518d\u9700\u8981\u652f\u6301\u3002 !LOW:!MEDIUM \u4e0d\u5141\u8bb8\u4f7f\u7528\u4f4e\uff0856 \u6216 64 \u4f4d\u957f\u5bc6\u94a5\uff09\u548c\u4e2d\u7b49\uff08128 \u4f4d\u957f\u5bc6\u94a5\uff09\u5bc6\u7801\uff0c\u56e0\u4e3a\u5b83\u4eec\u5bb9\u6613\u53d7\u5230\u66b4\u529b\u653b\u51fb\uff08\u793a\u4f8b 2-DES\uff09\u3002\u6b64\u89c4\u5219\u4ecd\u5141\u8bb8\u4e09\u91cd\u6570\u636e\u52a0\u5bc6\u6807\u51c6 \uff08Triple DES\uff09\uff0c\u4e5f\u79f0\u4e3a\u4e09\u91cd\u6570\u636e\u52a0\u5bc6\u7b97\u6cd5 \uff08TDEA\uff09 \u548c\u9ad8\u7ea7\u52a0\u5bc6\u6807\u51c6 \uff08AES\uff09\uff0c\u6bcf\u4e2a\u6807\u51c6\u90fd\u5177\u6709\u5927\u4e8e\u7b49\u4e8e 128 \u4f4d\u7684\u5bc6\u94a5\uff0c\u56e0\u6b64\u66f4\u5b89\u5168\u3002 Protocols \u534f\u8bae\u901a\u8fc7SSL_CTX_set_options\u542f\u7528/\u7981\u7528\u3002\u5efa\u8bae\u7981\u7528 SSLv2/v3 \u5e76\u542f\u7528 TLS\u3002","title":"\u793a\u4f8b"},{"location":"security/security-guide/#pound","text":"\u6b64 Pound \u793a\u4f8b\u542f\u7528 AES-NI \u52a0\u901f\uff0c\u8fd9\u6709\u52a9\u4e8e\u63d0\u9ad8\u5177\u6709\u652f\u6301\u6b64\u529f\u80fd\u7684\u5904\u7406\u5668\u7684\u7cfb\u7edf\u7684\u6027\u80fd\u3002\u9ed8\u8ba4\u914d\u7f6e\u6587\u4ef6\u4f4d\u4e8e /etc/pound/pound.cfg Ubuntu\u3001RHEL\u3001CentOS\u3001 /etc/pound.cfg openSUSE \u548c SUSE Linux Enterprise \u4e0a\u3002 ## see pound(8) for details daemon 1 ###################################################################### ## global options: User \"swift\" Group \"swift\" #RootJail \"/chroot/pound\" ## Logging: (goes to syslog by default) ## 0 no logging ## 1 normal ## 2 extended ## 3 Apache-style (common log format) LogLevel 0 ## turn on dynamic scaling (off by default) # Dyn Scale 1 ## check backend every X secs: Alive 30 ## client timeout #Client 10 ## allow 10 second proxy connect time ConnTO 10 ## use hardware-acceleration card supported by openssl(1): SSLEngine \"aesni\" # poundctl control socket Control \"/var/run/pound/poundctl.socket\" ###################################################################### ## listen, redirect and ... to: ## redirect all swift requests on port 443 to local swift proxy ListenHTTPS Address 0.0.0.0 Port 443 Cert \"/etc/pound/cert.pem\" ## Certs to accept from clients ## CAlist \"CA_file\" ## Certs to use for client verification ## VerifyList \"Verify_file\" ## Request client cert - don't verify ## Ciphers \"AES256-SHA\" ## allow PUT and DELETE also (by default only GET, POST and HEAD)?: NoHTTPS11 0 ## allow PUT and DELETE also (by default only GET, POST and HEAD)?: xHTTP 1 Service BackEnd Address 127.0.0.1 Port 80 End End End","title":"Pound"},{"location":"security/security-guide/#stud","text":"\u5bc6\u7801\u884c\u53ef\u4ee5\u6839\u636e\u60a8\u7684\u9700\u8981\u8fdb\u884c\u8c03\u6574\uff0c\u4f46\u8fd9\u662f\u4e00\u4e2a\u5408\u7406\u7684\u8d77\u70b9\u3002\u9ed8\u8ba4\u914d\u7f6e\u6587\u4ef6\u4f4d\u4e8e\u76ee\u5f55\u4e2d /etc/stud \u3002\u4f46\u662f\uff0c\u9ed8\u8ba4\u60c5\u51b5\u4e0b\u4e0d\u63d0\u4f9b\u5b83\u3002 # SSL x509 certificate file. pem-file = \" # SSL protocol. tls = on ssl = off # List of allowed SSL ciphers. # OpenSSL's high-strength ciphers which require authentication # NOTE: forbids clear text, use of RC4 or MD5 or LOW and MEDIUM strength ciphers ciphers = \"HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM\" # Enforce server cipher list order prefer-server-ciphers = on # Number of worker processes workers = 4 # Listen backlog size backlog = 1000 # TCP socket keepalive interval in seconds keepalive = 3600 # Chroot directory chroot = \"\" # Set uid after binding a socket user = \"www-data\" # Set gid after binding a socket group = \"www-data\" # Quiet execution, report only error messages quiet = off # Use syslog for logging syslog = on # Syslog facility to use syslog-facility = \"daemon\" # Run as daemon daemon = off # Report client address using SENDPROXY protocol for haproxy # Disabling this until we upgrade to HAProxy 1.5 write-proxy = off","title":"Stud"},{"location":"security/security-guide/#nginx","text":"\u6b64 Nginx \u793a\u4f8b\u9700\u8981 TLS v1.1 \u6216 v1.2 \u624d\u80fd\u83b7\u5f97\u6700\u5927\u7684\u5b89\u5168\u6027\u3002\u53ef\u4ee5\u6839\u636e\u60a8\u7684\u9700\u8981\u8c03\u6574\u751f\u4ea7\u7ebf ssl_ciphers \uff0c\u4f46\u8fd9\u662f\u4e00\u4e2a\u5408\u7406\u7684\u8d77\u70b9\u3002\u7f3a\u7701\u914d\u7f6e\u6587\u4ef6\u4e3a /etc/nginx/nginx.conf \u3002 server { listen : ssl; ssl_certificate ; ssl_certificate_key ; ssl_protocols TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM ssl_session_tickets off; server_name _; keepalive_timeout 5; location / { } }","title":"Nginx"},{"location":"security/security-guide/#apache","text":"\u9ed8\u8ba4\u914d\u7f6e\u6587\u4ef6\u4f4d\u4e8e /etc/apache2/apache2.conf Ubuntu\u3001RHEL \u548c CentOS\u3001 /etc/httpd/conf/httpd.conf /etc/apache2/httpd.conf openSUSE \u548c SUSE Linux Enterprise \u4e0a\u3002 <VirtualHost <ip address>:80> ServerName <site FQDN> RedirectPermanent / https://<site FQDN>/ </VirtualHost> <VirtualHost <ip address>:443> ServerName <site FQDN> SSLEngine On SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2 SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM SSLCertificateFile /path/<site FQDN>.crt SSLCACertificateFile /path/<site FQDN>.crt SSLCertificateKeyFile /path/<site FQDN>.key WSGIScriptAlias / <WSGI script location> WSGIDaemonProcess horizon user=<user> group=<group> processes=3 threads=10 Alias /static <static files location> <Directory <WSGI dir>> # For http server 2.2 and earlier: Order allow,deny Allow from all # Or, in Apache http server 2.4 and later: # Require all granted </Directory> </VirtualHost> Apache \u4e2d\u7684\u8ba1\u7b97 API SSL \u7aef\u70b9\uff0c\u5fc5\u987b\u4e0e\u7b80\u77ed\u7684 WSGI \u811a\u672c\u914d\u5bf9\u3002 <VirtualHost <ip address>:8447> ServerName <site FQDN> SSLEngine On SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2 SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM SSLCertificateFile /path/<site FQDN>.crt SSLCACertificateFile /path/<site FQDN>.crt SSLCertificateKeyFile /path/<site FQDN>.key SSLSessionTickets Off WSGIScriptAlias / <WSGI script location> WSGIDaemonProcess osapi user=<user> group=<group> processes=3 threads=10 <Directory <WSGI dir>> # For http server 2.2 and earlier: Order allow,deny Allow from all # Or, in Apache http server 2.4 and later: # Require all granted </Directory> </VirtualHost>","title":"Apache"},{"location":"security/security-guide/#http","text":"\u5efa\u8bae\u6240\u6709\u751f\u4ea7\u90e8\u7f72\u90fd\u4f7f\u7528 HTTP \u4e25\u683c\u4f20\u8f93\u5b89\u5168\u6027 \uff08HSTS\uff09\u3002\u6b64\u6807\u5934\u53ef\u9632\u6b62\u6d4f\u89c8\u5668\u5728\u5efa\u7acb\u5355\u4e2a\u5b89\u5168\u8fde\u63a5\u540e\u5efa\u7acb\u4e0d\u5b89\u5168\u7684\u8fde\u63a5\u3002\u5982\u679c\u60a8\u5df2\u5c06 HTTP \u670d\u52a1\u90e8\u7f72\u5728\u516c\u5171\u57df\u6216\u4e0d\u53d7\u4fe1\u4efb\u7684\u57df\u4e0a\uff0c\u5219 HSTS \u5c24\u4e3a\u91cd\u8981\u3002\u8981\u542f\u7528 HSTS\uff0c\u8bf7\u5c06 Web \u670d\u52a1\u5668\u914d\u7f6e\u4e3a\u53d1\u9001\u5305\u542b\u6240\u6709\u8bf7\u6c42\u7684\u6807\u5934\uff0c\u5982\u4e0b\u6240\u793a\uff1a Strict-Transport-Security: max-age=31536000; includeSubDomains \u5728\u6d4b\u8bd5\u671f\u95f4\u4ece 1 \u5929\u7684\u77ed\u6682\u505c\u5f00\u59cb\uff0c\u5e76\u5728\u6d4b\u8bd5\u8868\u660e\u60a8\u6ca1\u6709\u7ed9\u7528\u6237\u5e26\u6765\u95ee\u9898\u540e\u5c06\u5176\u63d0\u9ad8\u5230\u4e00\u5e74\u3002\u8bf7\u6ce8\u610f\uff0c\u4e00\u65e6\u6b64\u6807\u5934\u8bbe\u7f6e\u4e3a\u8f83\u5927\u7684\u8d85\u65f6\uff0c\u5b83\uff08\u6839\u636e\u8bbe\u8ba1\uff09\u5c31\u5f88\u96be\u7981\u7528\u3002","title":"HTTP \u4e25\u683c\u4f20\u8f93\u5b89\u5168"},{"location":"security/security-guide/#_99","text":"\u914d\u7f6e TLS \u670d\u52a1\u5668\u4ee5\u5b9e\u73b0\u5b8c\u7f8e\u7684\u524d\u5411\u4fdd\u5bc6\u9700\u8981\u56f4\u7ed5\u5bc6\u94a5\u5927\u5c0f\u3001\u4f1a\u8bdd ID \u548c\u4f1a\u8bdd\u7968\u8bc1\u8fdb\u884c\u4ed4\u7ec6\u89c4\u5212\u3002\u6b64\u5916\uff0c\u5bf9\u4e8e\u591a\u670d\u52a1\u5668\u90e8\u7f72\uff0c\u5171\u4eab\u72b6\u6001\u4e5f\u662f\u4e00\u4e2a\u91cd\u8981\u7684\u8003\u8651\u56e0\u7d20\u3002\u4e0a\u9762\u7684 Apache \u548c Nginx \u793a\u4f8b\u914d\u7f6e\u7981\u7528\u4e86\u4f1a\u8bdd\u7968\u8bc1\u9009\u9879\uff0c\u4ee5\u5e2e\u52a9\u7f13\u89e3\u5176\u4e2d\u4e00\u4e9b\u95ee\u9898\u3002\u5b9e\u9645\u90e8\u7f72\u53ef\u80fd\u5e0c\u671b\u542f\u7528\u6b64\u529f\u80fd\u4ee5\u63d0\u9ad8\u6027\u80fd\u3002\u8fd9\u53ef\u4ee5\u5b89\u5168\u5730\u5b8c\u6210\uff0c\u4f46\u9700\u8981\u7279\u522b\u8003\u8651\u5bc6\u94a5\u7ba1\u7406\u3002\u6b64\u7c7b\u914d\u7f6e\u8d85\u51fa\u4e86\u672c\u6307\u5357\u7684\u8303\u56f4\u3002\u6211\u4eec\u5efa\u8bae\u9605\u8bfb ImperialViolet \u7684 How to botch TLS forward secrecy \u4f5c\u4e3a\u7406\u89e3\u95ee\u9898\u7a7a\u95f4\u7684\u8d77\u70b9\u3002","title":"\u5b8c\u5168\u524d\u5411\u4fdd\u5bc6"},{"location":"security/security-guide/#_100","text":"\u5efa\u8bae\u5728 TLS \u4ee3\u7406\u548c HTTP \u670d\u52a1\u7684\u516c\u7528\u7f51\u7edc\u548c\u7ba1\u7406\u7f51\u7edc\u4e0a\u4f7f\u7528 SSL/TLS\u3002\u4f46\u662f\uff0c\u5982\u679c\u5b9e\u9645\u5728\u4efb\u4f55\u5730\u65b9\u90e8\u7f72 SSL/TLS \u592a\u56f0\u96be\uff0c\u6211\u4eec\u5efa\u8bae\u60a8\u8bc4\u4f30\u60a8\u7684 OpenStack SSL/TLS \u9700\u6c42\uff0c\u5e76\u9075\u5faa\u6b64\u5904\u8ba8\u8bba\u7684\u67b6\u6784\u4e4b\u4e00\u3002 \u5728\u8bc4\u4f30\u5176 OpenStack SSL/TLS \u9700\u6c42\u65f6\uff0c\u5e94\u8be5\u505a\u7684\u7b2c\u4e00\u4ef6\u4e8b\u662f\u8bc6\u522b\u5a01\u80c1\u3002\u60a8\u53ef\u4ee5\u5c06\u8fd9\u4e9b\u5a01\u80c1\u5206\u4e3a\u5916\u90e8\u653b\u51fb\u8005\u548c\u5185\u90e8\u653b\u51fb\u8005\u7c7b\u522b\uff0c\u4f46\u7531\u4e8e OpenStack \u7684\u67d0\u4e9b\u7ec4\u4ef6\u5728\u516c\u5171\u548c\u7ba1\u7406\u7f51\u7edc\u4e0a\u8fd0\u884c\uff0c\u56e0\u6b64\u754c\u9650\u5f80\u5f80\u4f1a\u53d8\u5f97\u6a21\u7cca\u3002 \u5bf9\u4e8e\u9762\u5411\u516c\u4f17\u7684\u670d\u52a1\uff0c\u5a01\u80c1\u975e\u5e38\u7b80\u5355\u3002\u7528\u6237\u5c06\u4f7f\u7528\u5176\u7528\u6237\u540d\u548c\u5bc6\u7801\u5bf9 Horizon \u548c Keystone \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u7528\u6237\u8fd8\u5c06\u4f7f\u7528\u5176 keystone \u4ee4\u724c\u8bbf\u95ee\u5176\u4ed6\u670d\u52a1\u7684 API \u7aef\u70b9\u3002\u5982\u679c\u6b64\u7f51\u7edc\u6d41\u91cf\u672a\u52a0\u5bc6\uff0c\u5219\u653b\u51fb\u8005\u53ef\u4ee5\u4f7f\u7528\u4e2d\u95f4\u4eba\u653b\u51fb\u622a\u83b7\u5bc6\u7801\u548c\u4ee4\u724c\u3002\u7136\u540e\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u4f7f\u7528\u8fd9\u4e9b\u6709\u6548\u51ed\u636e\u6267\u884c\u6076\u610f\u64cd\u4f5c\u3002\u6240\u6709\u5b9e\u9645\u90e8\u7f72\u90fd\u5e94\u4f7f\u7528 SSL/TLS \u6765\u4fdd\u62a4\u9762\u5411\u516c\u4f17\u7684\u670d\u52a1\u3002 \u5bf9\u4e8e\u90e8\u7f72\u5728\u7ba1\u7406\u7f51\u7edc\u4e0a\u7684\u670d\u52a1\uff0c\u7531\u4e8e\u5b89\u5168\u57df\u4e0e\u7f51\u7edc\u5b89\u5168\u7684\u6865\u63a5\uff0c\u5a01\u80c1\u5e76\u4e0d\u90a3\u4e48\u660e\u786e\u3002\u6709\u6743\u8bbf\u95ee\u7ba1\u7406\u7f51\u7edc\u7684\u7ba1\u7406\u5458\u603b\u662f\u6709\u53ef\u80fd\u51b3\u5b9a\u6267\u884c\u6076\u610f\u64cd\u4f5c\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u5982\u679c\u5141\u8bb8\u653b\u51fb\u8005\u8bbf\u95ee\u79c1\u94a5\uff0cSSL/TLS \u5c06\u65e0\u6d4e\u4e8e\u4e8b\u3002\u5f53\u7136\uff0c\u5e76\u4e0d\u662f\u7ba1\u7406\u7f51\u7edc\u4e0a\u7684\u6bcf\u4e2a\u4eba\u90fd\u88ab\u5141\u8bb8\u8bbf\u95ee\u79c1\u94a5\uff0c\u56e0\u6b64\u4f7f\u7528 SSL/TLS \u6765\u4fdd\u62a4\u81ea\u5df1\u514d\u53d7\u5185\u90e8\u653b\u51fb\u8005\u7684\u653b\u51fb\u4ecd\u7136\u5f88\u6709\u4ef7\u503c\u3002\u5373\u4f7f\u5141\u8bb8\u8bbf\u95ee\u60a8\u7684\u7ba1\u7406\u7f51\u7edc\u7684\u6bcf\u4e2a\u4eba\u90fd\u662f 100% \u53d7\u4fe1\u4efb\u7684\uff0c\u4ecd\u7136\u5b58\u5728\u672a\u7ecf\u6388\u6743\u7684\u7528\u6237\u901a\u8fc7\u5229\u7528\u9519\u8bef\u914d\u7f6e\u6216\u8f6f\u4ef6\u6f0f\u6d1e\u8bbf\u95ee\u60a8\u7684\u5185\u90e8\u7f51\u7edc\u7684\u5a01\u80c1\u3002\u5fc5\u987b\u8bb0\u4f4f\uff0c\u7528\u6237\u5728 OpenStack Compute \u8282\u70b9\u4e2d\u7684\u5b9e\u4f8b\u4e0a\u8fd0\u884c\u81ea\u5df1\u7684\u4ee3\u7801\uff0c\u8fd9\u4e9b\u8282\u70b9\u90e8\u7f72\u5728\u7ba1\u7406\u7f51\u7edc\u4e0a\u3002\u5982\u679c\u6f0f\u6d1e\u5141\u8bb8\u4ed6\u4eec\u7a81\u7834\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\uff0c\u4ed6\u4eec\u5c06\u53ef\u4ee5\u8bbf\u95ee\u60a8\u7684\u7ba1\u7406\u7f51\u7edc\u3002\u5728\u7ba1\u7406\u7f51\u7edc\u4e0a\u4f7f\u7528 SSL/TLS \u53ef\u4ee5\u6700\u5927\u7a0b\u5ea6\u5730\u51cf\u5c11\u653b\u51fb\u8005\u53ef\u80fd\u9020\u6210\u7684\u635f\u5bb3\u3002","title":"\u5b89\u5168\u53c2\u8003\u67b6\u6784"},{"location":"security/security-guide/#ssltls","text":"\u4eba\u4eec\u666e\u904d\u8ba4\u4e3a\uff0c\u6700\u597d\u5c3d\u65e9\u52a0\u5bc6\u654f\u611f\u6570\u636e\uff0c\u5e76\u5c3d\u53ef\u80fd\u665a\u5730\u89e3\u5bc6\u3002\u5c3d\u7ba1\u6709\u8fd9\u79cd\u6700\u4f73\u5b9e\u8df5\uff0c\u4f46\u5728OpenStack\u670d\u52a1\u524d\u9762\u4f7f\u7528SSL / TLS\u4ee3\u7406\u5e76\u5728\u4e4b\u540e\u4f7f\u7528\u6e05\u6670\u7684\u901a\u4fe1\u4f3c\u4e4e\u662f\u5f88\u5e38\u89c1\u7684\uff0c\u5982\u4e0b\u6240\u793a\uff1a \u5982\u4e0a\u56fe\u6240\u793a\uff0c\u4f7f\u7528 SSL/TLS \u4ee3\u7406\u7684\u4e00\u4e9b\u95ee\u9898\uff1a OpenStack \u670d\u52a1\u4e2d\u7684\u539f\u751f SSL/TLS \u7684\u6027\u80fd/\u6269\u5c55\u6027\u4e0d\u5982 SSL \u4ee3\u7406\uff08\u7279\u522b\u662f\u5bf9\u4e8e\u50cf Eventlet \u8fd9\u6837\u7684 Python \u5b9e\u73b0\uff09\u3002 OpenStack \u670d\u52a1\u4e2d\u7684\u539f\u751f SSL/TLS \u6ca1\u6709\u50cf\u66f4\u6210\u719f\u7684\u89e3\u51b3\u65b9\u6848\u90a3\u6837\u7ecf\u8fc7\u4ed4\u7ec6\u5ba1\u67e5/\u5ba1\u8ba1\u3002 \u672c\u673a SSL/TLS \u914d\u7f6e\u5f88\u56f0\u96be\uff08\u6ca1\u6709\u5f88\u597d\u7684\u6587\u6863\u8bb0\u5f55\u3001\u6d4b\u8bd5\u6216\u8de8\u670d\u52a1\u4fdd\u6301\u4e00\u81f4\uff09\u3002 \u6743\u9650\u5206\u79bb\uff08OpenStack \u670d\u52a1\u8fdb\u7a0b\u4e0d\u5e94\u76f4\u63a5\u8bbf\u95ee\u7528\u4e8e SSL/TLS \u7684\u79c1\u94a5\uff09\u3002 \u6d41\u91cf\u68c0\u67e5\u9700\u8981\u8d1f\u8f7d\u5747\u8861\u3002 \u4ee5\u4e0a\u6240\u6709\u95ee\u9898\u90fd\u662f\u6709\u9053\u7406\u7684\uff0c\u4f46\u5b83\u4eec\u90fd\u4e0d\u80fd\u963b\u6b62\u5728\u7ba1\u7406\u7f51\u7edc\u4e0a\u4f7f\u7528 SSL/TLS\u3002\u8ba9\u6211\u4eec\u8003\u8651\u4e0b\u4e00\u4e2a\u90e8\u7f72\u6a21\u578b\u3002","title":"SSL/TLS \u4ee3\u7406\u5728\u524d\u9762"},{"location":"security/security-guide/#api-ssltls","text":"\u8fd9\u4e0e\u524d\u9762\u7684 SSL/TLS \u4ee3\u7406\u975e\u5e38\u76f8\u4f3c\uff0c\u4f46 SSL/TLS \u4ee3\u7406\u4e0e API \u7aef\u70b9\u4f4d\u4e8e\u540c\u4e00\u7269\u7406\u7cfb\u7edf\u4e0a\u3002API \u7aef\u70b9\u5c06\u914d\u7f6e\u4e3a\u4ec5\u4fa6\u542c\u672c\u5730\u7f51\u7edc\u63a5\u53e3\u3002\u4e0e API \u7aef\u70b9\u7684\u6240\u6709\u8fdc\u7a0b\u901a\u4fe1\u90fd\u5c06\u901a\u8fc7 SSL/TLS \u4ee3\u7406\u8fdb\u884c\u3002\u901a\u8fc7\u6b64\u90e8\u7f72\u6a21\u578b\uff0c\u6211\u4eec\u5c06\u89e3\u51b3 SSL/TLS \u4ee3\u7406\u4e2d\u7684\u8bb8\u591a\u8981\u70b9\uff1a\u5c06\u4f7f\u7528\u6027\u80fd\u826f\u597d\u7684\u7ecf\u8fc7\u9a8c\u8bc1\u7684 SSL \u5b9e\u73b0\u3002\u6240\u6709\u670d\u52a1\u90fd\u5c06\u4f7f\u7528\u76f8\u540c\u7684 SSL \u4ee3\u7406\u8f6f\u4ef6\uff0c\u56e0\u6b64 API \u7aef\u70b9\u7684 SSL \u914d\u7f6e\u5c06\u662f\u4e00\u81f4\u7684\u3002OpenStack \u670d\u52a1\u8fdb\u7a0b\u5c06\u65e0\u6cd5\u76f4\u63a5\u8bbf\u95ee\u7528\u4e8e SSL/TLS \u7684\u79c1\u94a5\uff0c\u56e0\u4e3a\u60a8\u5c06\u4ee5\u4e0d\u540c\u7684\u7528\u6237\u8eab\u4efd\u8fd0\u884c SSL \u4ee3\u7406\uff0c\u5e76\u4f7f\u7528\u6743\u9650\u9650\u5236\u8bbf\u95ee\uff08\u4ee5\u53ca\u4f7f\u7528 SELinux \u4e4b\u7c7b\u7684\u989d\u5916\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236\uff09\u3002\u7406\u60f3\u60c5\u51b5\u4e0b\uff0c\u6211\u4eec\u4f1a\u8ba9 API \u7aef\u70b9\u5728 Unix \u5957\u63a5\u5b57\u4e0a\u76d1\u542c\uff0c\u8fd9\u6837\u6211\u4eec\u5c31\u53ef\u4ee5\u4f7f\u7528\u6743\u9650\u548c\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236\u6765\u9650\u5236\u5bf9\u5b83\u7684\u8bbf\u95ee\u3002\u4e0d\u5e78\u7684\u662f\uff0c\u6839\u636e\u6211\u4eec\u7684\u6d4b\u8bd5\uff0c\u8fd9\u5728 Eventlet \u4e2d\u76ee\u524d\u4f3c\u4e4e\u4e0d\u8d77\u4f5c\u7528\u3002\u8fd9\u662f\u4e00\u4e2a\u5f88\u597d\u7684\u672a\u6765\u53d1\u5c55\u76ee\u6807\u3002","title":"\u4e0e API \u7aef\u70b9\u4f4d\u4e8e\u540c\u4e00\u7269\u7406\u4e3b\u673a\u4e0a\u7684 SSL/TLS"},{"location":"security/security-guide/#ssltls_1","text":"\u9700\u8981\u68c0\u67e5\u6d41\u91cf\u7684\u9ad8\u53ef\u7528\u6027\u6216\u8d1f\u8f7d\u5747\u8861\u90e8\u7f72\u4f1a\u600e\u6837\uff1f\u4ee5\u524d\u7684\u90e8\u7f72\u6a21\u578b\uff08\u4e0e API \u7aef\u70b9\u4f4d\u4e8e\u540c\u4e00\u7269\u7406\u4e3b\u673a\u4e0a\u7684 SSL/TLS\uff09\u4e0d\u5141\u8bb8\u8fdb\u884c\u6df1\u5ea6\u6570\u636e\u5305\u68c0\u6d4b\uff0c\u56e0\u4e3a\u6d41\u91cf\u662f\u52a0\u5bc6\u7684\u3002\u5982\u679c\u4ec5\u51fa\u4e8e\u57fa\u672c\u8def\u7531\u76ee\u7684\u800c\u9700\u8981\u68c0\u67e5\u6d41\u91cf\uff0c\u5219\u8d1f\u8f7d\u5747\u8861\u5668\u53ef\u80fd\u6ca1\u6709\u5fc5\u8981\u8bbf\u95ee\u672a\u52a0\u5bc6\u7684\u6d41\u91cf\u3002HAProxy \u80fd\u591f\u5728\u63e1\u624b\u671f\u95f4\u63d0\u53d6 SSL/TLS \u4f1a\u8bdd ID\uff0c\u7136\u540e\u53ef\u4ee5\u4f7f\u7528\u8be5 ID \u6765\u5b9e\u73b0\u4f1a\u8bdd\u4eb2\u548c\u6027\uff08\u4f1a\u8bdd ID \u914d\u7f6e\u8be6\u7ec6\u4fe1\u606f \u6b64\u5904 \uff09\u3002HAProxy\u8fd8\u53ef\u4ee5\u4f7f\u7528TLS\u670d\u52a1\u5668\u540d\u79f0\u6307\u793a\uff08SNI\uff09\u6269\u5c55\u6765\u786e\u5b9a\u5e94\u5c06\u6d41\u91cf\u8def\u7531\u5230\u7684\u4f4d\u7f6e\uff08SNI\u914d\u7f6e\u8be6\u7ec6\u4fe1\u606f\u8bf7\u5728\u6b64\u5904\uff09\u3002\u8fd9\u4e9b\u529f\u80fd\u53ef\u80fd\u6db5\u76d6\u4e86\u4e00\u4e9b\u6700\u5e38\u89c1\u7684\u8d1f\u8f7d\u5747\u8861\u5668\u9700\u6c42\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0cHAProxy \u5c06\u80fd\u591f\u5c06 HTTPS \u6d41\u91cf\u76f4\u63a5\u4f20\u9012\u5230 API \u7aef\u70b9\u7cfb\u7edf\uff1a","title":"SSL/TLS\u8d1f\u8f7d\u5e73\u8861\u5668"},{"location":"security/security-guide/#_101","text":"\u5982\u679c\u60a8\u5e0c\u671b\u5bf9\u5916\u90e8\u548c\u5185\u90e8\u73af\u5883\u8fdb\u884c\u52a0\u5bc6\u5206\u79bb\uff0c\u8be5\u600e\u4e48\u529e\uff1f\u516c\u6709\u4e91\u63d0\u4f9b\u5546\u53ef\u80fd\u5e0c\u671b\u5176\u9762\u5411\u516c\u4f17\u7684\u670d\u52a1\uff08\u6216\u4ee3\u7406\uff09\u4f7f\u7528\u7531 CA \u9881\u53d1\u7684\u8bc1\u4e66\uff0c\u8be5\u8bc1\u4e66\u94fe\u63a5\u5230\u53d7\u4fe1\u4efb\u7684\u6839 CA\uff0c\u8be5\u6839 CA \u5206\u5e03\u5728\u6d41\u884c\u7684 SSL/TLS Web \u6d4f\u89c8\u5668\u8f6f\u4ef6\u4e2d\u3002\u5bf9\u4e8e\u5185\u90e8\u670d\u52a1\uff0c\u53ef\u80fd\u5e0c\u671b\u6539\u7528\u81ea\u5df1\u7684 PKI \u6765\u9881\u53d1 SSL/TLS \u8bc1\u4e66\u3002\u53ef\u4ee5\u901a\u8fc7\u5728\u7f51\u7edc\u8fb9\u754c\u7ec8\u6b62 SSL\uff0c\u7136\u540e\u4f7f\u7528\u5185\u90e8\u9881\u53d1\u7684\u8bc1\u4e66\u91cd\u65b0\u52a0\u5bc6\u6765\u5b9e\u73b0\u8fd9\u79cd\u52a0\u5bc6\u5206\u79bb\u3002\u6d41\u91cf\u5c06\u5728\u9762\u5411\u516c\u4f17\u7684 SSL/TLS \u4ee3\u7406\u4e0a\u77ed\u65f6\u95f4\u5185\u672a\u52a0\u5bc6\uff0c\u4f46\u6c38\u8fdc\u4e0d\u4f1a\u4ee5\u660e\u6587\u5f62\u5f0f\u901a\u8fc7\u7f51\u7edc\u4f20\u8f93\u3002\u5982\u679c\u8d1f\u8f7d\u5747\u8861\u5668\u4e0a\u786e\u5b9e\u9700\u8981\u6df1\u5ea6\u6570\u636e\u5305\u68c0\u6d4b\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u7528\u4e8e\u5b9e\u73b0\u52a0\u5bc6\u5206\u79bb\u7684\u76f8\u540c\u91cd\u65b0\u52a0\u5bc6\u65b9\u6cd5\u3002\u4e0b\u9762\u662f\u6b64\u90e8\u7f72\u6a21\u578b\u7684\u6837\u5b50\uff1a\u4e0b\u9762\u662f\u6b64\u90e8\u7f72\u6a21\u578b\u7684\u5916\u89c2: \u4e0e\u5927\u591a\u6570\u4e8b\u60c5\u4e00\u6837\uff0c\u9700\u8981\u6743\u8861\u53d6\u820d\u3002\u4e3b\u8981\u7684\u6743\u8861\u662f\u5728\u5b89\u5168\u6027\u548c\u6027\u80fd\u4e4b\u95f4\u3002\u52a0\u5bc6\u662f\u6709\u4ee3\u4ef7\u7684\uff0c\u4f46\u88ab\u9ed1\u5ba2\u5165\u4fb5\u4e5f\u662f\u6709\u4ee3\u4ef7\u7684\u3002\u6bcf\u4e2a\u90e8\u7f72\u7684\u5b89\u5168\u6027\u548c\u6027\u80fd\u8981\u6c42\u90fd\u4f1a\u6709\u6240\u4e0d\u540c\uff0c\u56e0\u6b64\u5982\u4f55\u4f7f\u7528 SSL/TLS \u6700\u7ec8\u5c06\u7531\u4e2a\u4eba\u51b3\u5b9a\u3002","title":"\u5916\u90e8\u548c\u5185\u90e8\u73af\u5883\u7684\u52a0\u5bc6\u5206\u79bb"},{"location":"security/security-guide/#api","text":"\u4f7f\u7528 OpenStack \u4e91\u7684\u8fc7\u7a0b\u662f\u901a\u8fc7\u67e5\u8be2 API \u7aef\u70b9\u5f00\u59cb\u7684\u3002\u867d\u7136\u516c\u5171\u548c\u4e13\u7528\u7ec8\u7ed3\u70b9\u9762\u4e34\u4e0d\u540c\u7684\u6311\u6218\uff0c\u4f46\u8fd9\u4e9b\u662f\u9ad8\u4ef7\u503c\u8d44\u4ea7\uff0c\u5982\u679c\u906d\u5230\u5165\u4fb5\uff0c\u53ef\u80fd\u4f1a\u5e26\u6765\u91cd\u5927\u98ce\u9669\u3002 \u672c\u7ae0\u5efa\u8bae\u5bf9\u9762\u5411\u516c\u5171\u548c\u79c1\u6709\u7684 API \u7aef\u70b9\u8fdb\u884c\u5b89\u5168\u589e\u5f3a\u3002 API \u7aef\u70b9\u914d\u7f6e\u5efa\u8bae \u5185\u90e8 API \u901a\u4fe1 \u7c98\u8d34\u4ef6\u548c\u4e2d\u95f4\u4ef6 API \u7aef\u70b9\u8fdb\u7a0b\u9694\u79bb\u548c\u7b56\u7565 API \u7ec8\u7aef\u8282\u70b9\u901f\u7387\u9650\u5236","title":"API \u7aef\u70b9"},{"location":"security/security-guide/#api_1","text":"","title":"API \u7aef\u70b9\u914d\u7f6e\u5efa\u8bae"},{"location":"security/security-guide/#api_2","text":"OpenStack \u63d0\u4f9b\u9762\u5411\u516c\u4f17\u548c\u79c1\u6709\u7684 API \u7aef\u70b9\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0cOpenStack \u7ec4\u4ef6\u4f7f\u7528\u516c\u5f00\u5b9a\u4e49\u7684\u7aef\u70b9\u3002\u5efa\u8bae\u5c06\u8fd9\u4e9b\u7ec4\u4ef6\u914d\u7f6e\u4e3a\u5728\u9002\u5f53\u7684\u5b89\u5168\u57df\u4e2d\u4f7f\u7528 API \u7aef\u70b9\u3002 \u670d\u52a1\u6839\u636e OpenStack \u670d\u52a1\u76ee\u5f55\u9009\u62e9\u5404\u81ea\u7684 API \u7aef\u70b9\u3002\u8fd9\u4e9b\u670d\u52a1\u53ef\u80fd\u4e0d\u9075\u5b88\u5217\u51fa\u7684\u516c\u5171\u6216\u5185\u90e8 API \u7aef\u70b9\u503c\u3002\u8fd9\u53ef\u80fd\u4f1a\u5bfc\u81f4\u5185\u90e8\u7ba1\u7406\u6d41\u91cf\u8def\u7531\u5230\u5916\u90e8 API \u7ec8\u7ed3\u70b9\u3002","title":"\u5185\u90e8 API \u901a\u4fe1"},{"location":"security/security-guide/#url","text":"Identity \u670d\u52a1\u76ee\u5f55\u5e94\u4e86\u89e3\u60a8\u7684\u5185\u90e8 URL\u3002\u867d\u7136\u9ed8\u8ba4\u60c5\u51b5\u4e0b\u4e0d\u4f7f\u7528\u6b64\u529f\u80fd\uff0c\u4f46\u53ef\u4ee5\u901a\u8fc7\u914d\u7f6e\u6765\u5229\u7528\u5b83\u3002\u6b64\u5916\uff0c\u4e00\u65e6\u6b64\u884c\u4e3a\u6210\u4e3a\u9ed8\u8ba4\u884c\u4e3a\uff0c\u5b83\u5e94\u8be5\u4e0e\u9884\u671f\u7684\u66f4\u6539\u5411\u524d\u517c\u5bb9\u3002 \u8981\u4e3a\u7ec8\u7ed3\u70b9\u6ce8\u518c\u5185\u90e8 URL\uff0c\u8bf7\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\uff1a $ openstack endpoint create identity \\ --region RegionOne internal \\ https://MANAGEMENT_IP:5000/v3 \u66ff\u6362\u4e3a MANAGEMENT_IP \u63a7\u5236\u5668\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\u3002","title":"\u5728\u8eab\u4efd\u670d\u52a1\u76ee\u5f55\u4e2d\u914d\u7f6e\u5185\u90e8 URL"},{"location":"security/security-guide/#url_1","text":"\u60a8\u53ef\u4ee5\u5f3a\u5236\u67d0\u4e9b\u670d\u52a1\u4f7f\u7528\u7279\u5b9a\u7684 API \u7aef\u70b9\u3002\u56e0\u6b64\uff0c\u5efa\u8bae\u5fc5\u987b\u5c06\u6bcf\u4e2a\u4e0e\u53e6\u4e00\u4e2a\u670d\u52a1\u7684 API \u901a\u4fe1\u7684 OpenStack \u670d\u52a1\u663e\u5f0f\u914d\u7f6e\u4e3a\u8bbf\u95ee\u6b63\u786e\u7684\u5185\u90e8 API \u7aef\u70b9\u3002 \u6bcf\u4e2a\u9879\u76ee\u90fd\u53ef\u80fd\u5448\u73b0\u5b9a\u4e49\u76ee\u6807 API \u7aef\u70b9\u7684\u4e0d\u4e00\u81f4\u65b9\u5f0f\u3002OpenStack \u7684\u672a\u6765\u7248\u672c\u8bd5\u56fe\u901a\u8fc7\u4e00\u81f4\u5730\u4f7f\u7528\u8eab\u4efd\u670d\u52a1\u76ee\u5f55\u6765\u89e3\u51b3\u8fd9\u4e9b\u4e0d\u4e00\u81f4\u95ee\u9898\u3002 \u914d\u7f6e\u793a\u4f8b #1\uff1anova cinder_catalog_info='volume:cinder:internalURL' glance_protocol='https' neutron_url='https://neutron-host:9696' neutron_admin_auth_url='https://neutron-host:9696' s3_host='s3-host' s3_use_ssl=True \u914d\u7f6e\u793a\u4f8b #2\uff1acinder glance_host = 'https://glance-server'","title":"\u4e3a\u5185\u90e8 URL \u914d\u7f6e\u5e94\u7528\u7a0b\u5e8f"},{"location":"security/security-guide/#_102","text":"OpenStack \u4e2d\u7684\u5927\u591a\u6570 API \u7aef\u70b9\u548c\u5176\u4ed6 HTTP \u670d\u52a1\u90fd\u4f7f\u7528 Python Paste Deploy \u5e93\u3002\u4ece\u5b89\u5168\u89d2\u5ea6\u6765\u770b\uff0c\u6b64\u5e93\u5141\u8bb8\u901a\u8fc7\u5e94\u7528\u7a0b\u5e8f\u7684\u914d\u7f6e\u6765\u64cd\u4f5c\u8bf7\u6c42\u7b5b\u9009\u5668\u7ba1\u9053\u3002\u6b64\u94fe\u4e2d\u7684\u6bcf\u4e2a\u5143\u7d20\u90fd\u79f0\u4e3a\u4e2d\u95f4\u4ef6\u3002\u66f4\u6539\u7ba1\u9053\u4e2d\u7b5b\u9009\u5668\u7684\u987a\u5e8f\u6216\u6dfb\u52a0\u5176\u4ed6\u4e2d\u95f4\u4ef6\u53ef\u80fd\u4f1a\u4ea7\u751f\u4e0d\u53ef\u9884\u77e5\u7684\u5b89\u5168\u5f71\u54cd\u3002 \u901a\u5e38\uff0c\u5b9e\u73b0\u8005\u4f1a\u6dfb\u52a0\u4e2d\u95f4\u4ef6\u6765\u6269\u5c55 OpenStack \u7684\u57fa\u672c\u529f\u80fd\u3002\u6211\u4eec\u5efa\u8bae\u5b9e\u73b0\u8005\u4ed4\u7ec6\u8003\u8651\u5c06\u975e\u6807\u51c6\u8f6f\u4ef6\u7ec4\u4ef6\u6dfb\u52a0\u5230\u5176 HTTP \u8bf7\u6c42\u7ba1\u9053\u4e2d\u53ef\u80fd\u5e26\u6765\u7684\u98ce\u9669\u3002 \u6709\u5173\u7c98\u8d34\u90e8\u7f72\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 Python \u7c98\u8d34\u90e8\u7f72\u6587\u6863\u3002","title":"\u7c98\u8d34\u548c\u4e2d\u95f4\u4ef6"},{"location":"security/security-guide/#api_3","text":"\u60a8\u5e94\u8be5\u9694\u79bb API \u7aef\u70b9\u8fdb\u7a0b\uff0c\u5c24\u5176\u662f\u90a3\u4e9b\u4f4d\u4e8e\u516c\u5171\u5b89\u5168\u57df\u4e2d\u7684\u8fdb\u7a0b\uff0c\u5e94\u5c3d\u53ef\u80fd\u9694\u79bb\u3002\u5728\u90e8\u7f72\u5141\u8bb8\u7684\u60c5\u51b5\u4e0b\uff0cAPI \u7aef\u70b9\u5e94\u90e8\u7f72\u5728\u5355\u72ec\u7684\u4e3b\u673a\u4e0a\uff0c\u4ee5\u589e\u5f3a\u9694\u79bb\u6027\u3002","title":"API \u7aef\u70b9\u8fdb\u7a0b\u9694\u79bb\u548c\u7b56\u7565"},{"location":"security/security-guide/#_103","text":"\u73b0\u5728\uff0c\u8bb8\u591a\u64cd\u4f5c\u7cfb\u7edf\u90fd\u63d0\u4f9b\u5206\u533a\u5316\u652f\u6301\u3002Linux \u652f\u6301\u547d\u540d\u7a7a\u95f4\u5c06\u8fdb\u7a0b\u5206\u914d\u5230\u72ec\u7acb\u7684\u57df\u4e2d\u3002\u672c\u6307\u5357\u7684\u5176\u4ed6\u90e8\u5206\u66f4\u8be6\u7ec6\u5730\u4ecb\u7ecd\u4e86\u7cfb\u7edf\u533a\u9694\u3002","title":"\u547d\u540d\u7a7a\u95f4"},{"location":"security/security-guide/#_104","text":"\u7531\u4e8e API \u7aef\u70b9\u901a\u5e38\u6865\u63a5\u591a\u4e2a\u5b89\u5168\u57df\uff0c\u56e0\u6b64\u60a8\u5fc5\u987b\u7279\u522b\u6ce8\u610f API \u8fdb\u7a0b\u7684\u5212\u5206\u3002\u6709\u5173\u6b64\u533a\u57df\u7684\u5176\u4ed6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u6865\u63a5\u5b89\u5168\u57df\u3002 \u901a\u8fc7\u4ed4\u7ec6\u5efa\u6a21\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528\u7f51\u7edc ACL \u548c IDS \u6280\u672f\u5728\u7f51\u7edc\u670d\u52a1\u4e4b\u95f4\u5f3a\u5236\u5b9e\u65bd\u663e\u5f0f\u70b9\u5bf9\u70b9\u901a\u4fe1\u3002\u4f5c\u4e3a\u4e00\u9879\u5173\u952e\u7684\u8de8\u57df\u670d\u52a1\uff0c\u8fd9\u79cd\u663e\u5f0f\u5f3a\u5236\u6267\u884c\u5bf9 OpenStack \u7684\u6d88\u606f\u961f\u5217\u670d\u52a1\u975e\u5e38\u6709\u6548\u3002 \u8981\u5b9e\u65bd\u7b56\u7565\uff0c\u60a8\u53ef\u4ee5\u914d\u7f6e\u670d\u52a1\u3001\u57fa\u4e8e\u4e3b\u673a\u7684\u9632\u706b\u5899\uff08\u4f8b\u5982 iptables\uff09\u3001\u672c\u5730\u7b56\u7565\uff08SELinux \u6216 AppArmor\uff09\u4ee5\u53ca\u53ef\u9009\u7684\u5168\u5c40\u7f51\u7edc\u7b56\u7565\u3002","title":"\u7f51\u7edc\u7b56\u7565"},{"location":"security/security-guide/#_105","text":"\u60a8\u5e94\u8be5\u5c06 API \u7aef\u70b9\u8fdb\u7a0b\u5f7c\u6b64\u9694\u79bb\uff0c\u5e76\u9694\u79bb\u8ba1\u7b97\u673a\u4e0a\u7684\u5176\u4ed6\u8fdb\u7a0b\u3002\u8fd9\u4e9b\u8fdb\u7a0b\u7684\u914d\u7f6e\u4e0d\u4ec5\u5e94\u901a\u8fc7\u4efb\u610f\u8bbf\u95ee\u63a7\u5236\uff0c\u8fd8\u5e94\u901a\u8fc7\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236\u6765\u9650\u5236\u8fd9\u4e9b\u8fdb\u7a0b\u3002\u8fd9\u4e9b\u589e\u5f3a\u7684\u8bbf\u95ee\u63a7\u5236\u7684\u76ee\u6807\u662f\u5e2e\u52a9\u904f\u5236\u548c\u5347\u7ea7 API \u7aef\u70b9\u5b89\u5168\u6f0f\u6d1e\u3002\u901a\u8fc7\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236\uff0c\u6b64\u7c7b\u8fdd\u89c4\u884c\u4e3a\u4f1a\u4e25\u91cd\u9650\u5236\u5bf9\u8d44\u6e90\u7684\u8bbf\u95ee\uff0c\u5e76\u9488\u5bf9\u6b64\u7c7b\u4e8b\u4ef6\u63d0\u4f9b\u65e9\u671f\u8b66\u62a5\u3002","title":"\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236"},{"location":"security/security-guide/#api_4","text":"\u901f\u7387\u9650\u5236\u662f\u4e00\u79cd\u63a7\u5236\u57fa\u4e8e\u7f51\u7edc\u7684\u5e94\u7528\u7a0b\u5e8f\u63a5\u6536\u4e8b\u4ef6\u9891\u7387\u7684\u65b9\u6cd5\u3002\u5982\u679c\u4e0d\u5b58\u5728\u53ef\u9760\u7684\u901f\u7387\u9650\u5236\uff0c\u5219\u53ef\u80fd\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5bb9\u6613\u53d7\u5230\u5404\u79cd\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u5bf9\u4e8e API \u5c24\u5176\u5982\u6b64\uff0c\u56e0\u4e3a API \u7684\u672c\u8d28\u662f\u65e8\u5728\u63a5\u53d7\u9ad8\u9891\u7387\u7684\u7c7b\u4f3c\u8bf7\u6c42\u7c7b\u578b\u548c\u64cd\u4f5c\u3002 \u5728 OpenStack \u4e2d\uff0c\u5efa\u8bae\u901a\u8fc7\u901f\u7387\u9650\u5236\u4ee3\u7406\u6216 Web \u5e94\u7528\u7a0b\u5e8f\u9632\u706b\u5899\u4e3a\u6240\u6709\u7aef\u70b9\uff08\u5c24\u5176\u662f\u516c\u5171\u7aef\u70b9\uff09\u63d0\u4f9b\u989d\u5916\u7684\u4fdd\u62a4\u5c42\u3002 \u5728\u914d\u7f6e\u548c\u5b9e\u73b0\u4efb\u4f55\u901f\u7387\u9650\u5236\u529f\u80fd\u65f6\uff0c\u8fd0\u8425\u5546\u5fc5\u987b\u4ed4\u7ec6\u89c4\u5212\u5e76\u8003\u8651\u5176 OpenStack \u4e91\u4e2d\u7528\u6237\u548c\u670d\u52a1\u7684\u4e2a\u4eba\u6027\u80fd\u9700\u6c42\uff0c\u8fd9\u4e00\u70b9\u81f3\u5173\u91cd\u8981\u3002 \u63d0\u4f9b\u901f\u7387\u9650\u5236\u7684\u5e38\u89c1\u89e3\u51b3\u65b9\u6848\u662f Nginx\u3001HAProxy\u3001OpenPose \u6216 Apache \u6a21\u5757\uff0c\u4f8b\u5982 mod_ratelimit\u3001mod_qos \u6216 mod_security\u3002","title":"API \u7aef\u70b9\u901f\u7387\u9650\u5236"},{"location":"security/security-guide/#_106","text":"Keystone\u8eab\u4efd\u670d\u52a1\u4e3aOpenStack\u7cfb\u5217\u670d\u52a1\u4e13\u95e8\u63d0\u4f9b\u8eab\u4efd\u3001\u4ee4\u724c\u3001\u76ee\u5f55\u548c\u7b56\u7565\u670d\u52a1\u3002\u8eab\u4efd\u670d\u52a1\u7ec4\u7ec7\u4e3a\u4e00\u7ec4\u5185\u90e8\u670d\u52a1\uff0c\u901a\u8fc7\u4e00\u4e2a\u6216\u591a\u4e2a\u7aef\u70b9\u66b4\u9732\u3002\u8fd9\u4e9b\u670d\u52a1\u4e2d\u7684\u8bb8\u591a\u662f\u7531\u524d\u7aef\u4ee5\u7ec4\u5408\u65b9\u5f0f\u4f7f\u7528\u7684\u3002\u4f8b\u5982\uff0c\u8eab\u4efd\u9a8c\u8bc1\u8c03\u7528\u901a\u8fc7\u8eab\u4efd\u670d\u52a1\u9a8c\u8bc1\u7528\u6237\u548c\u9879\u76ee\u51ed\u636e\u3002\u5982\u679c\u6210\u529f\uff0c\u5b83\u5c06\u4f7f\u7528\u4ee4\u724c\u670d\u52a1\u521b\u5efa\u5e76\u8fd4\u56de\u4ee4\u724c\u3002\u66f4\u591a\u4fe1\u606f\u53ef\u4ee5\u5728Keystone\u5f00\u53d1\u8005\u6587\u6863\u4e2d\u627e\u5230\u3002 \u8ba4\u8bc1 \u65e0\u6548\u7684\u767b\u5f55\u5c1d\u8bd5 \u591a\u56e0\u7d20\u8ba4\u8bc1 \u8ba4\u8bc1\u65b9\u6cd5 \u5185\u90e8\u5b9e\u65bd\u7684\u8ba4\u8bc1\u65b9\u6cd5 \u5916\u90e8\u8ba4\u8bc1\u65b9\u6cd5 \u6388\u6743 \u5efa\u7acb\u6b63\u5f0f\u7684\u8bbf\u95ee\u63a7\u5236\u7b56\u7565 \u670d\u52a1\u6388\u6743 \u7ba1\u7406\u539f\u7528\u6237 \u7ec8\u7aef\u7528\u6237 \u7b56\u7565 \u4ee4\u724c Fernet \u4ee4\u724c JWT \u4ee4\u724c \u57df \u8054\u5408 Keystone \u4e3a\u4ec0\u4e48\u8981\u4f7f\u7528\u8054\u5408\u9274\u522b \u68c0\u67e5\u8868 Check-Identity-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a keystone\uff1f Check-Identity-02\uff1a\u662f\u5426\u4e3a\u8eab\u4efd\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u6743\u9650 Check-Identity-03\uff1a\u662f\u5426\u4e3a Identity \u542f\u7528\u4e86 TLS\uff1f Check-Identity-04\uff1a\uff08\u5df2\u8fc7\u65f6\uff09 Check-Identity-05\uff1a\u662f\u5426 max_request_body_size \u8bbe\u7f6e\u4e3a\u9ed8\u8ba4\u503c \uff08114688\uff09\uff1f check-identity-06:\u7981\u7528/etc/keystone/keystone.conf\u4e2d\u7684\u7ba1\u7406\u4ee4\u724c check-identity-07:/etc/keystone/keystone.conf\u4e2d\u7684\u4e0d\u5b89\u5168_\u8c03\u8bd5\u4e3a\u5047 check-identity-08:\u4f7f\u7528/etc/keystone/keystone.conf\u4e2d\u7684Fernet\u4ee4\u724c","title":"\u8eab\u4efd\u9274\u522b"},{"location":"security/security-guide/#_107","text":"\u8eab\u4efd\u8ba4\u8bc1\u662f\u4efb\u4f55\u5b9e\u9645OpenStack\u90e8\u7f72\u4e2d\u4e0d\u53ef\u6216\u7f3a\u7684\u4e00\u90e8\u5206\uff0c\u56e0\u6b64\u5e94\u8be5\u4ed4\u7ec6\u8003\u8651\u7cfb\u7edf\u8bbe\u8ba1\u7684\u8fd9\u4e00\u65b9\u9762\u3002\u672c\u4e3b\u9898\u7684\u5b8c\u6574\u5904\u7406\u8d85\u51fa\u4e86\u672c\u6307\u5357\u7684\u8303\u56f4\uff0c\u4f46\u662f\u4ee5\u4e0b\u5404\u8282\u4ecb\u7ecd\u4e86\u4e00\u4e9b\u5173\u952e\u4e3b\u9898\u3002 \u4ece\u6839\u672c\u4e0a\u8bf4\uff0c\u8eab\u4efd\u8ba4\u8bc1\u662f\u786e\u8ba4\u8eab\u4efd\u7684\u8fc7\u7a0b - \u7528\u6237\u5b9e\u9645\u4e0a\u662f\u4ed6\u4eec\u58f0\u79f0\u7684\u8eab\u4efd\u3002\u4e00\u4e2a\u719f\u6089\u7684\u793a\u4f8b\u662f\u5728\u767b\u5f55\u7cfb\u7edf\u65f6\u63d0\u4f9b\u7528\u6237\u540d\u548c\u5bc6\u7801\u3002 OpenStack \u8eab\u4efd\u9274\u522b\u670d\u52a1\uff08keystone\uff09\u652f\u6301\u591a\u79cd\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\uff0c\u5305\u62ec\u7528\u6237\u540d\u548c\u5bc6\u7801\u3001LDAP \u548c\u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u3002\u8eab\u4efd\u8ba4\u8bc1\u6210\u529f\u540e\uff0c\u8eab\u4efd\u9274\u522b\u670d\u52a1\u4f1a\u5411\u7528\u6237\u63d0\u4f9b\u7528\u4e8e\u540e\u7eed\u670d\u52a1\u8bf7\u6c42\u7684\u6388\u6743\u4ee4\u724c\u3002 \u4f20\u8f93\u5c42\u5b89\u5168\u6027 \uff08TLS\uff09 \u4f7f\u7528 X.509 \u8bc1\u4e66\u5728\u670d\u52a1\u548c\u4eba\u5458\u4e4b\u95f4\u63d0\u4f9b\u8eab\u4efd\u9a8c\u8bc1\u3002\u5c3d\u7ba1 TLS \u7684\u9ed8\u8ba4\u6a21\u5f0f\u662f\u4ec5\u670d\u52a1\u5668\u7aef\u8eab\u4efd\u9a8c\u8bc1\uff0c\u4f46\u8bc1\u4e66\u4e5f\u53ef\u7528\u4e8e\u5ba2\u6237\u7aef\u8eab\u4efd\u9a8c\u8bc1\u3002","title":"\u8ba4\u8bc1"},{"location":"security/security-guide/#_108","text":"\u4ece Newton \u7248\u672c\u5f00\u59cb\uff0c\u8eab\u4efd\u9274\u522b\u670d\u52a1\u53ef\u4ee5\u5728\u591a\u6b21\u767b\u5f55\u5c1d\u8bd5\u5931\u8d25\u540e\u9650\u5236\u5bf9\u5e10\u6237\u7684\u8bbf\u95ee\u3002\u91cd\u590d\u5931\u8d25\u767b\u5f55\u5c1d\u8bd5\u7684\u6a21\u5f0f\u901a\u5e38\u662f\u66b4\u529b\u653b\u51fb\u7684\u6307\u6807\uff08\u8bf7\u53c2\u9605\u653b\u51fb\u7c7b\u578b\uff09\u3002\u8fd9\u79cd\u7c7b\u578b\u7684\u653b\u51fb\u5728\u516c\u6709\u4e91\u90e8\u7f72\u4e2d\u66f4\u4e3a\u666e\u904d\u3002 \u5bf9\u4e8e\u9700\u8981\u6b64\u529f\u80fd\u7684\u65e7\u90e8\u7f72\uff0c\u53ef\u4ee5\u4f7f\u7528\u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1\u7cfb\u7edf\u8fdb\u884c\u9884\u9632\uff0c\u8be5\u7cfb\u7edf\u5728\u914d\u7f6e\u7684\u767b\u5f55\u5c1d\u8bd5\u5931\u8d25\u6b21\u6570\u540e\u9501\u5b9a\u5e10\u6237\u3002\u7136\u540e\uff0c\u53ea\u6709\u901a\u8fc7\u8fdb\u4e00\u6b65\u7684\u4fa7\u4fe1\u9053\u5e72\u9884\u624d\u80fd\u89e3\u9501\u8be5\u5e10\u6237\u3002 \u5982\u679c\u65e0\u6cd5\u9884\u9632\uff0c\u5219\u53ef\u4ee5\u4f7f\u7528\u68c0\u6d4b\u6765\u51cf\u8f7b\u635f\u5bb3\u3002\u68c0\u6d4b\u6d89\u53ca\u9891\u7e41\u67e5\u770b\u8bbf\u95ee\u63a7\u5236\u65e5\u5fd7\uff0c\u4ee5\u8bc6\u522b\u672a\u7ecf\u6388\u6743\u7684\u5e10\u6237\u8bbf\u95ee\u5c1d\u8bd5\u3002\u53ef\u80fd\u7684\u8865\u6551\u63aa\u65bd\u5305\u62ec\u68c0\u67e5\u7528\u6237\u5bc6\u7801\u7684\u5f3a\u5ea6\uff0c\u6216\u901a\u8fc7\u9632\u706b\u5899\u89c4\u5219\u963b\u6b62\u653b\u51fb\u7684\u7f51\u7edc\u6e90\u3002Keystone \u670d\u52a1\u5668\u4e0a\u9650\u5236\u8fde\u63a5\u6570\u7684\u9632\u706b\u5899\u89c4\u5219\u53ef\u7528\u4e8e\u964d\u4f4e\u653b\u51fb\u6548\u7387\uff0c\u4ece\u800c\u529d\u963b\u653b\u51fb\u8005\u3002 \u6b64\u5916\uff0c\u68c0\u67e5\u5e10\u6237\u6d3b\u52a8\u662f\u5426\u5b58\u5728\u5f02\u5e38\u767b\u5f55\u65f6\u95f4\u548c\u53ef\u7591\u64cd\u4f5c\uff0c\u5e76\u91c7\u53d6\u7ea0\u6b63\u63aa\u65bd\uff08\u5982\u7981\u7528\u5e10\u6237\uff09\u4e5f\u5f88\u6709\u7528\u3002\u901a\u5e38\uff0c\u4fe1\u7528\u5361\u63d0\u4f9b\u5546\u91c7\u7528\u8fd9\u79cd\u65b9\u6cd5\u8fdb\u884c\u6b3a\u8bc8\u68c0\u6d4b\u548c\u8b66\u62a5\u3002","title":"\u65e0\u6548\u7684\u767b\u5f55\u5c1d\u8bd5"},{"location":"security/security-guide/#_109","text":"\u91c7\u7528\u591a\u91cd\u8eab\u4efd\u9a8c\u8bc1\u5bf9\u7279\u6743\u7528\u6237\u5e10\u6237\u8fdb\u884c\u7f51\u7edc\u8bbf\u95ee\u3002\u8eab\u4efd\u9274\u522b\u670d\u52a1\u901a\u8fc7\u53ef\u63d0\u4f9b\u6b64\u529f\u80fd\u7684 Apache Web \u670d\u52a1\u5668\u652f\u6301\u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u3002\u670d\u52a1\u5668\u8fd8\u53ef\u4ee5\u4f7f\u7528\u8bc1\u4e66\u5f3a\u5236\u6267\u884c\u5ba2\u6237\u7aef\u8eab\u4efd\u9a8c\u8bc1\u3002 \u6b64\u5efa\u8bae\u53ef\u9632\u6b62\u66b4\u529b\u7834\u89e3\u3001\u793e\u4f1a\u5de5\u7a0b\u4ee5\u53ca\u53ef\u80fd\u6cc4\u9732\u7ba1\u7406\u5458\u5bc6\u7801\u7684\u72d9\u51fb\u548c\u5927\u89c4\u6a21\u7f51\u7edc\u9493\u9c7c\u653b\u51fb\u3002","title":"\u591a\u56e0\u7d20\u8eab\u4efd\u9a8c\u8bc1"},{"location":"security/security-guide/#_110","text":"","title":"\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5"},{"location":"security/security-guide/#_111","text":"\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u53ef\u4ee5\u5c06\u7528\u6237\u51ed\u636e\u5b58\u50a8\u5728 SQL \u6570\u636e\u5e93\u4e2d\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u7b26\u5408 LDAP \u7684\u76ee\u5f55\u670d\u52a1\u5668\u3002\u8eab\u4efd\u6570\u636e\u5e93\u53ef\u4ee5\u4e0e\u5176\u4ed6 OpenStack \u670d\u52a1\u4f7f\u7528\u7684\u6570\u636e\u5e93\u5206\u5f00\uff0c\u4ee5\u964d\u4f4e\u5b58\u50a8\u51ed\u636e\u6cc4\u9732\u7684\u98ce\u9669\u3002 \u5f53\u60a8\u4f7f\u7528\u7528\u6237\u540d\u548c\u5bc6\u7801\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u65f6\uff0c\u8eab\u4efd\u670d\u52a1\u4e0d\u4f1a\u5f3a\u5236\u6267\u884c NIST Special Publication 800-118\uff08\u8349\u6848\uff09\u4e2d\u63a8\u8350\u7684\u6709\u5173\u5bc6\u7801\u5f3a\u5ea6\u3001\u8fc7\u671f\u6216\u5931\u8d25\u8eab\u4efd\u9a8c\u8bc1\u5c1d\u8bd5\u7684\u7b56\u7565\u3002\u5e0c\u671b\u6267\u884c\u66f4\u4e25\u683c\u5bc6\u7801\u7b56\u7565\u7684\u7ec4\u7ec7\u5e94\u8003\u8651\u4f7f\u7528\u8eab\u4efd\u670d\u52a1\u7684\u6269\u5c55\u6216\u5916\u90e8\u8ba4\u8bc1\u670d\u52a1\u3002 LDAP \u7b80\u5316\u4e86\u8eab\u4efd\u8ba4\u8bc1\u4e0e\u7ec4\u7ec7\u73b0\u6709\u76ee\u5f55\u670d\u52a1\u548c\u7528\u6237\u5e10\u6237\u7ba1\u7406\u6d41\u7a0b\u7684\u96c6\u6210\u3002 OpenStack \u4e2d\u7684\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743\u7b56\u7565\u53ef\u4ee5\u59d4\u6258\u7ed9\u5176\u4ed6\u670d\u52a1\u3002\u4e00\u4e2a\u5178\u578b\u7684\u7528\u4f8b\u662f\u5bfb\u6c42\u90e8\u7f72\u79c1\u6709\u4e91\u7684\u7ec4\u7ec7\uff0c\u5e76\u4e14\u5df2\u7ecf\u5728 LDAP \u7cfb\u7edf\u4e2d\u62e5\u6709\u5458\u5de5\u548c\u7528\u6237\u7684\u6570\u636e\u5e93\u3002\u4f7f\u7528\u6b64\u8eab\u4efd\u9a8c\u8bc1\u673a\u6784\uff0c\u5c06\u5bf9\u8eab\u4efd\u670d\u52a1\u7684\u8bf7\u6c42\u59d4\u6258\u7ed9 LDAP \u7cfb\u7edf\uff0c\u7136\u540e LDAP \u7cfb\u7edf\u5c06\u6839\u636e\u5176\u7b56\u7565\u8fdb\u884c\u6388\u6743\u6216\u62d2\u7edd\u3002\u8eab\u4efd\u9a8c\u8bc1\u6210\u529f\u540e\uff0c\u8eab\u4efd\u9274\u522b\u670d\u52a1\u4f1a\u751f\u6210\u4e00\u4e2a\u4ee4\u724c\uff0c\u7528\u4e8e\u8bbf\u95ee\u6388\u6743\u670d\u52a1\u3002 \u8bf7\u6ce8\u610f\uff0c\u5982\u679c LDAP \u7cfb\u7edf\u5177\u6709\u4e3a\u7528\u6237\u5b9a\u4e49\u7684\u5c5e\u6027\uff0c\u4f8b\u5982 admin\u3001finance\u3001HR \u7b49\uff0c\u5219\u5fc5\u987b\u5c06\u8fd9\u4e9b\u5c5e\u6027\u6620\u5c04\u5230\u8eab\u4efd\u9274\u522b\u4e2d\u7684\u89d2\u8272\u548c\u7ec4\uff0c\u4ee5\u4f9b\u5404\u79cd OpenStack \u670d\u52a1\u4f7f\u7528\u3002\u8be5\u6587\u4ef6 /etc/keystone/keystone.conf \u5c06 LDAP \u5c5e\u6027\u6620\u5c04\u5230\u8eab\u4efd\u5c5e\u6027\u3002 \u4e0d\u5f97\u5141\u8bb8\u8eab\u4efd\u670d\u52a1\u5199\u5165\u7528\u4e8e OpenStack \u90e8\u7f72\u4e4b\u5916\u7684\u8eab\u4efd\u9a8c\u8bc1\u7684 LDAP \u670d\u52a1\uff0c\u56e0\u4e3a\u8fd9\u5c06\u5141\u8bb8\u5177\u6709\u8db3\u591f\u6743\u9650\u7684 keystone \u7528\u6237\u5bf9 LDAP \u76ee\u5f55\u8fdb\u884c\u66f4\u6539\u3002\u8fd9\u5c06\u5141\u8bb8\u5728\u66f4\u5e7f\u6cdb\u7684\u7ec4\u7ec7\u5185\u8fdb\u884c\u6743\u9650\u5347\u7ea7\uff0c\u6216\u4fc3\u8fdb\u5bf9\u5176\u4ed6\u4fe1\u606f\u548c\u8d44\u6e90\u7684\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002\u5728\u8fd9\u6837\u7684\u90e8\u7f72\u4e2d\uff0c\u7528\u6237\u914d\u7f6e\u5c06\u8d85\u51fa OpenStack \u90e8\u7f72\u7684\u8303\u56f4\u3002 \u6ce8\u610f \u6709\u4e00\u4e2a\u5173\u4e8e keystone.conf \u6743\u9650\u7684 OpenStack \u5b89\u5168\u8bf4\u660e \uff08OSSN\uff09\u3002 \u6709\u4e00\u4e2a\u5173\u4e8e\u6f5c\u5728 DoS \u653b\u51fb\u7684 OpenStack \u5b89\u5168\u8bf4\u660e \uff08OSSN\uff09\u3002","title":"\u5185\u90e8\u5b9e\u73b0\u7684\u8ba4\u8bc1\u65b9\u5f0f"},{"location":"security/security-guide/#_112","text":"\u672c\u7ec4\u7ec7\u53ef\u80fd\u5e0c\u671b\u5b9e\u73b0\u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1\uff0c\u4ee5\u4fbf\u4e0e\u73b0\u6709\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u517c\u5bb9\uff0c\u6216\u5f3a\u5236\u5b9e\u65bd\u66f4\u5f3a\u7684\u8eab\u4efd\u9a8c\u8bc1\u7b56\u7565\u8981\u6c42\u3002\u5c3d\u7ba1\u5bc6\u7801\u662f\u6700\u5e38\u89c1\u7684\u8eab\u4efd\u9a8c\u8bc1\u5f62\u5f0f\uff0c\u4f46\u5b83\u4eec\u53ef\u4ee5\u901a\u8fc7\u591a\u79cd\u65b9\u6cd5\u6cc4\u9732\uff0c\u5305\u62ec\u51fb\u952e\u8bb0\u5f55\u548c\u5bc6\u7801\u6cc4\u9732\u3002\u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u53ef\u4ee5\u63d0\u4f9b\u66ff\u4ee3\u5f62\u5f0f\u7684\u8eab\u4efd\u9a8c\u8bc1\uff0c\u4ee5\u6700\u5927\u7a0b\u5ea6\u5730\u964d\u4f4e\u5f31\u5bc6\u7801\u5e26\u6765\u7684\u98ce\u9669\u3002 \u8fd9\u4e9b\u5305\u62ec\uff1a \u5bc6\u7801\u7b56\u7565\u5b9e\u65bd \u8981\u6c42\u7528\u6237\u5bc6\u7801\u7b26\u5408\u957f\u5ea6\u3001\u5b57\u7b26\u591a\u6837\u6027\u3001\u8fc7\u671f\u6216\u767b\u5f55\u5c1d\u8bd5\u5931\u8d25\u7684\u6700\u4f4e\u6807\u51c6\u3002\u5728\u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6848\u4e2d\uff0c\u8fd9\u5c06\u662f\u539f\u59cb\u8eab\u4efd\u5b58\u50a8\u4e0a\u7684\u5bc6\u7801\u7b56\u7565\u3002 \u591a\u56e0\u7d20\u8eab\u4efd\u9a8c\u8bc1 \u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u8981\u6c42\u7528\u6237\u6839\u636e\u4ed6\u4eec\u62e5\u6709\u7684\u5185\u5bb9\uff08\u5982\u4e00\u6b21\u6027\u5bc6\u7801\u4ee4\u724c\u6216 X.509 \u8bc1\u4e66\uff09\u548c\u4ed6\u4eec\u77e5\u9053\u7684\u5185\u5bb9\uff08\u5982\u5bc6\u7801\uff09\u63d0\u4f9b\u4fe1\u606f\u3002 Kerberos \u4e00\u79cd\u4f7f\u7528\u201c\u7968\u8bc1\u201d\u8fdb\u884c\u53cc\u5411\u8ba4\u8bc1\u7684\u7f51\u7edc\u534f\u8bae\uff0c\u7528\u4e8e\u4fdd\u62a4\u5ba2\u6237\u7aef\u548c\u670d\u52a1\u5668\u4e4b\u95f4\u7684\u901a\u4fe1\u3002Kerberos \u7968\u8bc1\u6388\u4e88\u7968\u8bc1\u53ef\u5b89\u5168\u5730\u4e3a\u7279\u5b9a\u670d\u52a1\u63d0\u4f9b\u7968\u8bc1\u3002","title":"\u5916\u90e8\u8ba4\u8bc1\u65b9\u5f0f"},{"location":"security/security-guide/#_113","text":"\u8eab\u4efd\u670d\u52a1\u652f\u6301\u7ec4\u548c\u89d2\u8272\u7684\u6982\u5ff5\u3002\u7528\u6237\u5c5e\u4e8e\u7ec4\uff0c\u800c\u7ec4\u5177\u6709\u89d2\u8272\u5217\u8868\u3002OpenStack \u670d\u52a1\u5f15\u7528\u5c1d\u8bd5\u8bbf\u95ee\u8be5\u670d\u52a1\u7684\u7528\u6237\u7684\u89d2\u8272\u3002OpenStack \u7b56\u7565\u6267\u884c\u5668\u4e2d\u95f4\u4ef6\u4f1a\u8003\u8651\u4e0e\u6bcf\u4e2a\u8d44\u6e90\u5173\u8054\u7684\u7b56\u7565\u89c4\u5219\uff0c\u7136\u540e\u8003\u8651\u7528\u6237\u7684\u7ec4/\u89d2\u8272\u548c\u5173\u8054\uff0c\u4ee5\u786e\u5b9a\u662f\u5426\u5141\u8bb8\u8bbf\u95ee\u6240\u8bf7\u6c42\u7684\u8d44\u6e90\u3002 \u7b56\u7565\u5b9e\u65bd\u4e2d\u95f4\u4ef6\u652f\u6301\u5bf9 OpenStack \u8d44\u6e90\u8fdb\u884c\u7ec6\u7c92\u5ea6\u7684\u8bbf\u95ee\u63a7\u5236\u3002\u7b56\u7565\u4e2d\u6df1\u5165\u8ba8\u8bba\u4e86\u7b56\u7565\u7684\u884c\u4e3a\u3002","title":"\u6388\u6743"},{"location":"security/security-guide/#_114","text":"\u5728\u914d\u7f6e\u89d2\u8272\u3001\u7ec4\u548c\u7528\u6237\u4e4b\u524d\uff0c\u8bf7\u8bb0\u5f55 OpenStack \u5b89\u88c5\u6240\u9700\u7684\u8bbf\u95ee\u63a7\u5236\u7b56\u7565\u3002\u8fd9\u4e9b\u7b56\u7565\u5e94\u4e0e\u7ec4\u7ec7\u7684\u4efb\u4f55\u6cd5\u89c4\u6216\u6cd5\u5f8b\u8981\u6c42\u4fdd\u6301\u4e00\u81f4\u3002\u5c06\u6765\u5bf9\u8bbf\u95ee\u63a7\u5236\u914d\u7f6e\u7684\u4fee\u6539\u5e94\u4e0e\u6b63\u5f0f\u7b56\u7565\u4fdd\u6301\u4e00\u81f4\u3002\u7b56\u7565\u5e94\u5305\u62ec\u521b\u5efa\u3001\u5220\u9664\u3001\u7981\u7528\u548c\u542f\u7528\u5e10\u6237\u4ee5\u53ca\u4e3a\u5e10\u6237\u5206\u914d\u6743\u9650\u7684\u6761\u4ef6\u548c\u8fc7\u7a0b\u3002\u5b9a\u671f\u67e5\u770b\u7b56\u7565\uff0c\u5e76\u786e\u4fdd\u914d\u7f6e\u7b26\u5408\u6279\u51c6\u7684\u7b56\u7565\u3002","title":"\u5efa\u7acb\u6b63\u5f0f\u7684\u8bbf\u95ee\u63a7\u5236\u7b56\u7565"},{"location":"security/security-guide/#_115","text":"\u4e91\u7ba1\u7406\u5458\u5fc5\u987b\u4e3a\u6bcf\u4e2a\u670d\u52a1\u5b9a\u4e49\u4e00\u4e2a\u5177\u6709\u7ba1\u7406\u5458\u89d2\u8272\u7684\u7528\u6237\uff0c\u5982\u300aOpenStack \u7ba1\u7406\u5458\u6307\u5357\u300b\u4e2d\u6240\u8ff0\u3002\u6b64\u670d\u52a1\u5e10\u6237\u4e3a\u670d\u52a1\u63d0\u4f9b\u5bf9\u7528\u6237\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u7684\u6388\u6743\u3002 \u53ef\u4ee5\u5c06\u8ba1\u7b97\u548c\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u914d\u7f6e\u4e3a\u4f7f\u7528\u8eab\u4efd\u670d\u52a1\u6765\u5b58\u50a8\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u3002\u5b58\u50a8\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u7684\u5176\u4ed6\u9009\u9879\u5305\u62ec\u4f7f\u7528\u201ctempAuth\u201d\u6587\u4ef6\uff0c\u4f46\u4e0d\u5e94\u5c06\u5176\u90e8\u7f72\u5728\u751f\u4ea7\u73af\u5883\u4e2d\uff0c\u56e0\u4e3a\u5bc6\u7801\u4ee5\u7eaf\u6587\u672c\u5f62\u5f0f\u663e\u793a\u3002 \u8eab\u4efd\u9274\u522b\u670d\u52a1\u652f\u6301\u5bf9 TLS \u8fdb\u884c\u5ba2\u6237\u7aef\u8eab\u4efd\u9a8c\u8bc1\uff0c\u8be5\u8eab\u4efd\u9a8c\u8bc1\u53ef\u80fd\u5df2\u542f\u7528\u3002\u9664\u4e86\u7528\u6237\u540d\u548c\u5bc6\u7801\u4e4b\u5916\uff0cTLS \u5ba2\u6237\u7aef\u8eab\u4efd\u9a8c\u8bc1\u8fd8\u63d0\u4f9b\u4e86\u989d\u5916\u7684\u8eab\u4efd\u9a8c\u8bc1\u56e0\u7d20\uff0c\u4ece\u800c\u63d0\u9ad8\u4e86\u7528\u6237\u6807\u8bc6\u7684\u53ef\u9760\u6027\u3002\u5f53\u7528\u6237\u540d\u548c\u5bc6\u7801\u53ef\u80fd\u88ab\u6cc4\u9732\u65f6\uff0c\u5b83\u964d\u4f4e\u4e86\u672a\u7ecf\u6388\u6743\u8bbf\u95ee\u7684\u98ce\u9669\u3002\u4f46\u662f\uff0c\u5411\u7528\u6237\u9881\u53d1\u8bc1\u4e66\u4f1a\u4ea7\u751f\u989d\u5916\u7684\u7ba1\u7406\u5f00\u9500\u548c\u6210\u672c\uff0c\u8fd9\u5728\u6bcf\u6b21\u90e8\u7f72\u4e2d\u90fd\u53ef\u80fd\u4e0d\u53ef\u884c\u3002 \u6ce8\u610f \u6211\u4eec\u5efa\u8bae\u60a8\u5c06\u5ba2\u6237\u7aef\u8eab\u4efd\u9a8c\u8bc1\u4e0e TLS \u7ed3\u5408\u4f7f\u7528\uff0c\u4ee5\u4fbf\u5bf9\u8eab\u4efd\u9274\u522b\u670d\u52a1\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002 \u4e91\u7ba1\u7406\u5458\u5e94\u4fdd\u62a4\u654f\u611f\u7684\u914d\u7f6e\u6587\u4ef6\u514d\u906d\u672a\u7ecf\u6388\u6743\u7684\u4fee\u6539\u3002\u8fd9\u53ef\u4ee5\u901a\u8fc7\u5f3a\u5236\u6027\u8bbf\u95ee\u63a7\u5236\u6846\u67b6\uff08\u5982 SELinux\uff09\u6765\u5b9e\u73b0\uff0c\u5305\u62ec /etc/keystone/keystone.conf X.509 \u8bc1\u4e66\u3002 \u4f7f\u7528 TLS \u7684\u5ba2\u6237\u7aef\u8eab\u4efd\u9a8c\u8bc1\u9700\u8981\u5411\u670d\u52a1\u9881\u53d1\u8bc1\u4e66\u3002\u8fd9\u4e9b\u8bc1\u4e66\u53ef\u4ee5\u7531\u5916\u90e8\u6216\u5185\u90e8\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u7b7e\u540d\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0cOpenStack \u670d\u52a1\u4f1a\u6839\u636e\u53d7\u4fe1\u4efb\u7684 CA \u68c0\u67e5\u8bc1\u4e66\u7b7e\u540d\u7684\u6709\u6548\u6027\uff0c\u5982\u679c\u7b7e\u540d\u65e0\u6548\u6216 CA \u4e0d\u53ef\u4fe1\uff0c\u8fde\u63a5\u5c06\u5931\u8d25\u3002\u4e91\u90e8\u7f72\u4eba\u5458\u53ef\u4ee5\u4f7f\u7528\u81ea\u7b7e\u540d\u8bc1\u4e66\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u5fc5\u987b\u7981\u7528\u6709\u6548\u6027\u68c0\u67e5\uff0c\u6216\u8005\u5e94\u5c06\u8bc1\u4e66\u6807\u8bb0\u4e3a\u53d7\u4fe1\u4efb\u3002\u82e5\u8981\u7981\u7528\u81ea\u7b7e\u540d\u8bc1\u4e66\u7684\u9a8c\u8bc1\uff0c\u8bf7\u5728 /etc/nova/api.paste.ini \u6587\u4ef6\u7684 [filter:authtoken] \u201c\u90e8\u5206\u201d\u4e2d\u8fdb\u884c\u8bbe\u7f6e insecure=False \u3002\u6b64\u8bbe\u7f6e\u8fd8\u4f1a\u7981\u7528\u5176\u4ed6\u7ec4\u4ef6\u7684\u8bc1\u4e66\u3002","title":"\u670d\u52a1\u6388\u6743"},{"location":"security/security-guide/#_116","text":"\u6211\u4eec\u5efa\u8bae\u7ba1\u7406\u5458\u7528\u6237\u4f7f\u7528\u8eab\u4efd\u670d\u52a1\u548c\u652f\u6301 2 \u56e0\u7d20\u8eab\u4efd\u9a8c\u8bc1\u7684\u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\uff08\u4f8b\u5982\u8bc1\u4e66\uff09\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u8fd9\u6837\u53ef\u4ee5\u964d\u4f4e\u5bc6\u7801\u53ef\u80fd\u88ab\u6cc4\u9732\u7684\u98ce\u9669\u3002\u6b64\u5efa\u8bae\u7b26\u5408 NIST 800-53 IA-2\uff081\uff09 \u6307\u5357\uff0c\u5373\u4f7f\u7528\u591a\u91cd\u8eab\u4efd\u9a8c\u8bc1\u5bf9\u7279\u6743\u5e10\u6237\u8fdb\u884c\u7f51\u7edc\u8bbf\u95ee\u3002","title":"\u7ba1\u7406\u5458\u7528\u6237"},{"location":"security/security-guide/#_117","text":"\u8eab\u4efd\u9274\u522b\u670d\u52a1\u53ef\u4ee5\u76f4\u63a5\u63d0\u4f9b\u6700\u7ec8\u7528\u6237\u8eab\u4efd\u9a8c\u8bc1\uff0c\u4e5f\u53ef\u4ee5\u914d\u7f6e\u4e3a\u4f7f\u7528\u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u4ee5\u7b26\u5408\u7ec4\u7ec7\u7684\u5b89\u5168\u7b56\u7565\u548c\u8981\u6c42\u3002","title":"\u7ec8\u7aef\u7528\u6237"},{"location":"security/security-guide/#_118","text":"\u6bcf\u4e2a OpenStack \u670d\u52a1\u90fd\u5728\u5173\u8054\u7684\u7b56\u7565\u6587\u4ef6\u4e2d\u5b9a\u4e49\u5176\u8d44\u6e90\u7684\u8bbf\u95ee\u7b56\u7565\u3002\u4f8b\u5982\uff0c\u8d44\u6e90\u53ef\u4ee5\u662f API \u8bbf\u95ee\u3001\u9644\u52a0\u5230\u5377\u6216\u542f\u52a8\u5b9e\u4f8b\u7684\u80fd\u529b\u3002\u7b56\u7565\u89c4\u5219\u4ee5 JSON \u683c\u5f0f\u6307\u5b9a\uff0c\u6587\u4ef6\u79f0\u4e3a policy.json .\u6b64\u6587\u4ef6\u7684\u8bed\u6cd5\u548c\u683c\u5f0f\u5728\u914d\u7f6e\u53c2\u8003\u4e2d\u8fdb\u884c\u4e86\u8ba8\u8bba\u3002 \u4e91\u7ba1\u7406\u5458\u53ef\u4ee5\u4fee\u6539\u6216\u66f4\u65b0\u8fd9\u4e9b\u7b56\u7565\uff0c\u4ee5\u63a7\u5236\u5bf9\u5404\u79cd\u8d44\u6e90\u7684\u8bbf\u95ee\u3002\u786e\u4fdd\u5bf9\u8bbf\u95ee\u63a7\u5236\u7b56\u7565\u7684\u4efb\u4f55\u66f4\u6539\u90fd\u4e0d\u4f1a\u65e0\u610f\u4e2d\u524a\u5f31\u4efb\u4f55\u8d44\u6e90\u7684\u5b89\u5168\u6027\u3002\u53e6\u8bf7\u6ce8\u610f\uff0c\u5bf9 policy.json \u6587\u4ef6\u7684\u66f4\u6539\u4f1a\u7acb\u5373\u751f\u6548\uff0c\u5e76\u4e14\u4e0d\u9700\u8981\u91cd\u65b0\u542f\u52a8\u670d\u52a1\u3002 \u4ee5\u4e0b\u793a\u4f8b\u663e\u793a\u4e86\u8be5\u670d\u52a1\u5982\u4f55\u5c06\u521b\u5efa\u3001\u66f4\u65b0\u548c\u5220\u9664\u8d44\u6e90\u7684\u8bbf\u95ee\u6743\u9650\u9650\u5236\u4e3a\u4ec5\u5177\u6709\u89d2\u8272 cloud_admin \u7684\u7528\u6237\uff0c\u8be5\u89d2\u8272\u5df2\u5b9a\u4e49\u4e3a role = admin \u548c domain_id = admin_domain_id \u7684\u7ed3\u5408\uff0c\u800c get \u548c list \u8d44\u6e90\u53ef\u4f9b\u89d2\u8272\u4e3a cloud_admin \u6216 admin \u7684\u7528\u6237\u4f7f\u7528\u3002 { \"admin_required\": \"role:admin\", \"cloud_admin\": \"rule:admin_required and domain_id:admin_domain_id\", \"service_role\": \"role:service\", \"service_or_admin\": \"rule:admin_required or rule:service_role\", \"owner\" : \"user_id:%(user_id)s or user_id:%(target.token.user_id)s\", \"admin_or_owner\": \"(rule:admin_required and domain_id:%(target.token.user.domain.id)s) or rule:owner\", \"admin_or_cloud_admin\": \"rule:admin_required or rule:cloud_admin\", \"admin_and_matching_domain_id\": \"rule:admin_required and domain_id:%(domain_id)s\", \"service_admin_or_owner\": \"rule:service_or_admin or rule:owner\", \"default\": \"rule:admin_required\", \"identity:get_service\": \"rule:admin_or_cloud_admin\", \"identity:list_services\": \"rule:admin_or_cloud_admin\", \"identity:create_service\": \"rule:cloud_admin\", \"identity:update_service\": \"rule:cloud_admin\", \"identity:delete_service\": \"rule:cloud_admin\", \"identity:get_endpoint\": \"rule:admin_or_cloud_admin\", \"identity:list_endpoints\": \"rule:admin_or_cloud_admin\", \"identity:create_endpoint\": \"rule:cloud_admin\", \"identity:update_endpoint\": \"rule:cloud_admin\", \"identity:delete_endpoint\": \"rule:cloud_admin\", }","title":"\u653f\u7b56"},{"location":"security/security-guide/#_119","text":"\u7528\u6237\u901a\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u540e\uff0c\u5c06\u751f\u6210\u4e00\u4e2a\u4ee4\u724c\uff0c\u7528\u4e8e\u6388\u6743\u548c\u8bbf\u95ee OpenStack \u73af\u5883\u3002\u4ee3\u5e01\u53ef\u4ee5\u5177\u6709\u53ef\u53d8\u7684\u751f\u547d\u5468\u671f;\u4f46\u662f\uff0cexpiry \u7684\u9ed8\u8ba4\u503c\u4e3a 1 \u5c0f\u65f6\u3002\u5efa\u8bae\u7684\u8fc7\u671f\u503c\u5e94\u8bbe\u7f6e\u4e3a\u8f83\u4f4e\u7684\u503c\uff0c\u4ee5\u4fbf\u5185\u90e8\u670d\u52a1\u6709\u8db3\u591f\u7684\u65f6\u95f4\u5b8c\u6210\u4efb\u52a1\u3002\u5982\u679c\u4ee4\u724c\u5728\u4efb\u52a1\u5b8c\u6210\u4e4b\u524d\u8fc7\u671f\uff0c\u4e91\u53ef\u80fd\u4f1a\u53d8\u5f97\u65e0\u54cd\u5e94\u6216\u505c\u6b62\u63d0\u4f9b\u670d\u52a1\u3002\u4f8b\u5982\uff0c\u8ba1\u7b97\u670d\u52a1\u5c06\u78c1\u76d8\u6620\u50cf\u4f20\u8f93\u5230\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u4ee5\u8fdb\u884c\u672c\u5730\u7f13\u5b58\u6240\u9700\u7684\u65f6\u95f4\u3002\u5141\u8bb8\u5728\u4f7f\u7528\u6709\u6548\u7684\u670d\u52a1\u4ee4\u724c\u65f6\u63d0\u53d6\u8fc7\u671f\u7684\u4ee4\u724c\u3002 \u4ee4\u724c\u901a\u5e38\u5728 Identity \u670d\u52a1\u54cd\u5e94\u7684\u8f83\u5927\u4e0a\u4e0b\u6587\u7684\u7ed3\u6784\u4e2d\u4f20\u9012\u3002\u8fd9\u4e9b\u54cd\u5e94\u8fd8\u63d0\u4f9b\u4e86\u5404\u79cd OpenStack \u670d\u52a1\u7684\u76ee\u5f55\u3002\u5217\u51fa\u4e86\u6bcf\u4e2a\u670d\u52a1\u7684\u540d\u79f0\u3001\u5185\u90e8\u8bbf\u95ee\u3001\u7ba1\u7406\u5458\u8bbf\u95ee\u548c\u516c\u5171\u8bbf\u95ee\u7684\u8bbf\u95ee\u7ec8\u7ed3\u70b9\u3002 \u53ef\u4ee5\u4f7f\u7528\u6807\u8bc6 API \u540a\u9500\u4ee4\u724c\u3002 \u5728 Stein \u7248\u672c\u4e2d\uff0c\u6709\u4e24\u79cd\u53d7\u652f\u6301\u7684\u4ee4\u724c\u7c7b\u578b\uff1afernet \u548c JWT\u3002 fernet \u548c JWT \u4ee4\u724c\u90fd\u4e0d\u9700\u8981\u6301\u4e45\u6027\u3002Keystone \u4ee4\u724c\u6570\u636e\u5e93\u4e0d\u518d\u56e0\u8eab\u4efd\u9a8c\u8bc1\u7684\u526f\u4f5c\u7528\u800c\u906d\u53d7\u81a8\u80c0\u3002\u8fc7\u671f\u4ee4\u724c\u7684\u4fee\u526a\u4f1a\u81ea\u52a8\u8fdb\u884c\u3002\u4e5f\u4e0d\u518d\u9700\u8981\u8de8\u591a\u4e2a\u8282\u70b9\u8fdb\u884c\u590d\u5236\u3002\u53ea\u8981\u6bcf\u4e2a keystone \u8282\u70b9\u5171\u4eab\u76f8\u540c\u7684\u5b58\u50a8\u5e93\uff0c\u5c31\u53ef\u4ee5\u5728\u6240\u6709\u8282\u70b9\u4e0a\u7acb\u5373\u521b\u5efa\u548c\u9a8c\u8bc1\u4ee4\u724c\u3002","title":"\u4ee4\u724c"},{"location":"security/security-guide/#fernet","text":"Fernet \u4ee4\u724c\u662f Stein \u652f\u6301\u7684\u4ee4\u724c\u63d0\u4f9b\u7a0b\u5e8f\uff08\u9ed8\u8ba4\uff09\u3002Fernet \u662f\u4e00\u79cd\u5b89\u5168\u7684\u6d88\u606f\u4f20\u9012\u683c\u5f0f\uff0c\u4e13\u95e8\u8bbe\u8ba1\u7528\u4e8e API \u4ee4\u724c\u3002\u5b83\u4eec\u662f\u8f7b\u91cf\u7ea7\u7684\uff08\u8303\u56f4\u5728 180 \u5230 240 \u5b57\u8282\u4e4b\u95f4\uff09\uff0c\u5e76\u51cf\u5c11\u4e86\u8fd0\u884c\u4e91\u6240\u9700\u7684\u8fd0\u8425\u5f00\u9500\u3002\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743\u5143\u6570\u636e\u88ab\u6574\u9f50\u5730\u6346\u7ed1\u5230\u6d88\u606f\u6253\u5305\u7684\u6709\u6548\u8d1f\u8f7d\u4e2d\uff0c\u7136\u540e\u5bf9\u5176\u8fdb\u884c\u52a0\u5bc6\u5e76\u4f5c\u4e3a fernet \u4ee4\u724c\u767b\u5f55\u3002","title":"Fernet \u4ee4\u724c"},{"location":"security/security-guide/#jwt","text":"JSON Web \u7b7e\u540d \uff08JWS\uff09 \u4ee4\u724c\u662f\u5728 Stein \u7248\u672c\u4e2d\u5f15\u5165\u7684\u3002\u4e0efernet\u76f8\u6bd4\uff0cJWS\u901a\u8fc7\u9650\u5236\u9700\u8981\u5171\u4eab\u5bf9\u79f0\u52a0\u5bc6\u5bc6\u94a5\u7684\u4e3b\u673a\u6570\u91cf\uff0c\u4e3a\u8fd0\u8425\u5546\u63d0\u4f9b\u4e86\u6f5c\u5728\u7684\u597d\u5904\u3002\u8fd9\u6709\u52a9\u4e8e\u9632\u6b62\u53ef\u80fd\u5df2\u5728\u90e8\u7f72\u4e2d\u7ad9\u7a33\u811a\u8ddf\u7684\u6076\u610f\u53c2\u4e0e\u8005\u6269\u6563\u5230\u5176\u4ed6\u8282\u70b9\u3002 \u6709\u5173\u8fd9\u4e9b\u4ee4\u724c\u63d0\u4f9b\u7a0b\u5e8f\u4e4b\u95f4\u5dee\u5f02\u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u6b64\u5904 https://docs.openstack.org/keystone/stein/admin/tokens-overview.html#token-providers","title":"JWT \u4ee4\u724c"},{"location":"security/security-guide/#_120","text":"\u57df\u662f\u9879\u76ee\u3001\u7528\u6237\u548c\u7ec4\u7684\u9ad8\u7ea7\u5bb9\u5668\u3002\u56e0\u6b64\uff0c\u5b83\u4eec\u53ef\u7528\u4e8e\u96c6\u4e2d\u7ba1\u7406\u6240\u6709\u57fa\u4e8e keystone \u7684\u8eab\u4efd\u7ec4\u4ef6\u3002\u968f\u7740\u5e10\u6237\u57df\u7684\u5f15\u5165\uff0c\u670d\u52a1\u5668\u3001\u5b58\u50a8\u548c\u5176\u4ed6\u8d44\u6e90\u73b0\u5728\u53ef\u4ee5\u5728\u903b\u8f91\u4e0a\u5206\u7ec4\u5230\u591a\u4e2a\u9879\u76ee\uff08\u4ee5\u524d\u79f0\u4e3a\u79df\u6237\uff09\u4e2d\uff0c\u8fd9\u4e9b\u9879\u76ee\u672c\u8eab\u53ef\u4ee5\u5206\u7ec4\u5230\u7c7b\u4f3c\u4e3b\u5e10\u6237\u7684\u5bb9\u5668\u4e0b\u3002\u6b64\u5916\uff0c\u53ef\u4ee5\u5728\u4e00\u4e2a\u5e10\u6237\u57df\u4e2d\u7ba1\u7406\u591a\u4e2a\u7528\u6237\uff0c\u5e76\u4e3a\u6bcf\u4e2a\u9879\u76ee\u5206\u914d\u4e0d\u540c\u7684\u89d2\u8272\u3002 Identity V3 API \u652f\u6301\u591a\u4e2a\u57df\u3002\u4e0d\u540c\u57df\u7684\u7528\u6237\u53ef\u80fd\u5728\u4e0d\u540c\u7684\u8eab\u4efd\u9a8c\u8bc1\u540e\u7aef\u4e2d\u8868\u793a\uff0c\u751a\u81f3\u5177\u6709\u4e0d\u540c\u7684\u5c5e\u6027\uff0c\u8fd9\u4e9b\u5c5e\u6027\u5fc5\u987b\u6620\u5c04\u5230\u4e00\u7ec4\u89d2\u8272\u548c\u6743\u9650\uff0c\u8fd9\u4e9b\u89d2\u8272\u548c\u6743\u9650\u5728\u7b56\u7565\u5b9a\u4e49\u4e2d\u7528\u4e8e\u8bbf\u95ee\u5404\u79cd\u670d\u52a1\u8d44\u6e90\u3002 \u5982\u679c\u89c4\u5219\u53ef\u4ee5\u4ec5\u6307\u5b9a\u5bf9\u7ba1\u7406\u5458\u7528\u6237\u548c\u5c5e\u4e8e\u79df\u6237\u7684\u7528\u6237\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u5219\u6620\u5c04\u53ef\u80fd\u5f88\u7b80\u5355\u3002\u5728\u5176\u4ed6\u60c5\u51b5\u4e0b\uff0c\u4e91\u7ba1\u7406\u5458\u53ef\u80fd\u9700\u8981\u6279\u51c6\u6bcf\u4e2a\u79df\u6237\u7684\u6620\u5c04\u4f8b\u7a0b\u3002 \u7279\u5b9a\u4e8e\u57df\u7684\u8eab\u4efd\u9a8c\u8bc1\u9a71\u52a8\u7a0b\u5e8f\u5141\u8bb8\u4f7f\u7528\u7279\u5b9a\u4e8e\u57df\u7684\u914d\u7f6e\u6587\u4ef6\u4e3a\u591a\u4e2a\u57df\u914d\u7f6e\u6807\u8bc6\u670d\u52a1\u3002\u542f\u7528\u9a71\u52a8\u7a0b\u5e8f\u5e76\u8bbe\u7f6e\u7279\u5b9a\u4e8e\u57df\u7684\u914d\u7f6e\u6587\u4ef6\u4f4d\u7f6e\u53d1\u751f\u5728 keystone.conf \u6587\u4ef6 [identity] \u90e8\u5206\u4e2d\uff1a [identity] domain_specific_drivers_enabled = True domain_config_dir = /etc/keystone/domains \u4efb\u4f55\u6ca1\u6709\u7279\u5b9a\u4e8e\u57df\u7684\u914d\u7f6e\u6587\u4ef6\u7684\u57df\u90fd\u5c06\u4f7f\u7528\u4e3b keystone.conf \u6587\u4ef6\u4e2d\u7684\u9009\u9879\u3002","title":"\u57df"},{"location":"security/security-guide/#_121","text":"\u91cd\u8981\u5b9a\u4e49\uff1a \u670d\u52a1\u63d0\u4f9b\u5546 \uff08SP\uff09 \u5411\u59d4\u6258\u4eba\u6216\u5176\u4ed6\u7cfb\u7edf\u5b9e\u4f53\u63d0\u4f9b\u670d\u52a1\u7684\u7cfb\u7edf\u5b9e\u4f53\uff0c\u5728\u672c\u4f8b\u4e2d\uff0cOpenStack Identity \u662f\u670d\u52a1\u63d0\u4f9b\u8005\u3002 \u8eab\u4efd\u63d0\u4f9b\u5546 \uff08IdP\uff09 \u76ee\u5f55\u670d\u52a1\uff08\u5982 LDAP\u3001RADIUS \u548c Active Directory\uff09\u5141\u8bb8\u7528\u6237\u4f7f\u7528\u7528\u6237\u540d\u548c\u5bc6\u7801\u767b\u5f55\uff0c\u662f\u8eab\u4efd\u63d0\u4f9b\u5546\u5904\u8eab\u4efd\u9a8c\u8bc1\u4ee4\u724c\uff08\u4f8b\u5982\u5bc6\u7801\uff09\u7684\u5178\u578b\u6765\u6e90\u3002 \u8054\u5408\u9274\u6743\u662f\u4e00\u79cd\u5728 IdP \u548c SP \u4e4b\u95f4\u5efa\u7acb\u4fe1\u4efb\u7684\u673a\u5236\uff0c\u5728\u672c\u4f8b\u4e2d\uff0c\u662f\u5728\u8eab\u4efd\u63d0\u4f9b\u8005\u548c OpenStack Cloud \u63d0\u4f9b\u7684\u670d\u52a1\u4e4b\u95f4\u5efa\u7acb\u4fe1\u4efb\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u79cd\u5b89\u5168\u7684\u65b9\u6cd5\uff0c\u53ef\u4ee5\u4f7f\u7528\u73b0\u6709\u51ed\u636e\u8de8\u591a\u4e2a\u7aef\u70b9\u8bbf\u95ee\u4e91\u8d44\u6e90\uff0c\u4f8b\u5982\u670d\u52a1\u5668\u3001\u5377\u548c\u6570\u636e\u5e93\u3002\u51ed\u8bc1\u7531\u7528\u6237\u7684 IdP \u7ef4\u62a4\u3002","title":"\u8054\u5408\u9274\u6743"},{"location":"security/security-guide/#_122","text":"\u4e24\u4e2a\u6839\u672c\u539f\u56e0\uff1a \u964d\u4f4e\u590d\u6742\u6027\u4f7f\u90e8\u7f72\u66f4\u6613\u4e8e\u4fdd\u62a4\u3002 \u5b83\u4e3a\u60a8\u548c\u60a8\u7684\u7528\u6237\u8282\u7701\u4e86\u65f6\u95f4\u3002 \u96c6\u4e2d\u7ba1\u7406\u5e10\u6237\uff0c\u9632\u6b62 OpenStack \u57fa\u7840\u67b6\u6784\u5185\u90e8\u7684\u91cd\u590d\u5de5\u4f5c\u3002 \u51cf\u8f7b\u7528\u6237\u8d1f\u62c5\u3002\u5355\u70b9\u767b\u5f55\u5141\u8bb8\u4f7f\u7528\u5355\u4e00\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u6765\u8bbf\u95ee\u8bb8\u591a\u4e0d\u540c\u7684\u670d\u52a1\u548c\u73af\u5883\u3002 \u5c06\u5bc6\u7801\u6062\u590d\u8fc7\u7a0b\u7684\u8d23\u4efb\u8f6c\u79fb\u5230 IdP\u3002 \u8fdb\u4e00\u6b65\u7684\u7406\u7531\u548c\u7ec6\u8282\u53ef\u4ee5\u5728 Keystone \u5173\u4e8e\u8054\u5408\u7684\u6587\u6863\u4e2d\u627e\u5230\u3002","title":"\u4e3a\u4ec0\u4e48\u8981\u4f7f\u7528\u8054\u5408\u8eab\u4efd\uff1f"},{"location":"security/security-guide/#_123","text":"","title":"\u68c0\u67e5\u8868"},{"location":"security/security-guide/#check-identity-01-keystone","text":"\u914d\u7f6e\u6587\u4ef6\u5305\u542b\u7ec4\u4ef6\u5e73\u7a33\u8fd0\u884c\u6240\u9700\u7684\u5173\u952e\u53c2\u6570\u548c\u4fe1\u606f\u3002\u5982\u679c\u975e\u7279\u6743\u7528\u6237\u6709\u610f\u6216\u65e0\u610f\u5730\u4fee\u6539\u6216\u5220\u9664\u4efb\u4f55\u53c2\u6570\u6216\u6587\u4ef6\u672c\u8eab\uff0c\u5219\u4f1a\u5bfc\u81f4\u4e25\u91cd\u7684\u53ef\u7528\u6027\u95ee\u9898\uff0c\u4ece\u800c\u5bfc\u81f4\u5bf9\u5176\u4ed6\u6700\u7ec8\u7528\u6237\u7684\u62d2\u7edd\u670d\u52a1\u3002\u56e0\u6b64\uff0c\u6b64\u7c7b\u5173\u952e\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a\u8be5\u7ec4\u4ef6\u6240\u6709\u8005\u3002\u6b64\u5916\uff0c\u5305\u542b\u76ee\u5f55\u5e94\u5177\u6709\u76f8\u540c\u7684\u6240\u6709\u6743\uff0c\u4ee5\u786e\u4fdd\u6b63\u786e\u62e5\u6709\u65b0\u6587\u4ef6\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%U %G\" /etc/keystone/keystone.conf | egrep \"keystone keystone\" $ stat -L -c \"%U %G\" /etc/keystone/keystone-paste.ini | egrep \"keystone keystone\" $ stat -L -c \"%U %G\" /etc/keystone/policy.json | egrep \"keystone keystone\" $ stat -L -c \"%U %G\" /etc/keystone/logging.conf | egrep \"keystone keystone\" $ stat -L -c \"%U %G\" /etc/keystone/ssl/certs/signing_cert.pem | egrep \"keystone keystone\" $ stat -L -c \"%U %G\" /etc/keystone/ssl/private/signing_key.pem | egrep \"keystone keystone\" $ stat -L -c \"%U %G\" /etc/keystone/ssl/certs/ca.pem | egrep \"keystone keystone\" $ stat -L -c \"%U %G\" /etc/keystone | egrep \"keystone keystone\" \u901a\u8fc7\uff1a \u5982\u679c\u6240\u6709\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u90fd\u8bbe\u7f6e\u4e3a keystone\u3002\u4e0a\u8ff0\u547d\u4ee4\u663e\u793a keystone keystone \u7684\u8f93\u51fa\u3002 \u5931\u8d25\uff1a \u5982\u679c\u4e0a\u8ff0\u547d\u4ee4\u672a\u8fd4\u56de\u4efb\u4f55\u8f93\u51fa\uff0c\u56e0\u4e3a\u7528\u6237\u6216\u7ec4\u6240\u6709\u6743\u53ef\u80fd\u5df2\u8bbe\u7f6e\u4e3a\u9664 keystone \u4ee5\u5916\u7684\u4efb\u4f55\u7528\u6237\u3002 \u63a8\u8350\u4e8e\uff1a\u5185\u90e8\u5b9e\u73b0\u7684\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u3002","title":"Check-Identity-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a keystone\uff1f"},{"location":"security/security-guide/#check-identity-02-identity","text":"\u4e0e\u524d\u9762\u7684\u68c0\u67e5\u7c7b\u4f3c\uff0c\u5efa\u8bae\u5bf9\u6b64\u7c7b\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e25\u683c\u7684\u8bbf\u95ee\u6743\u9650\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%a\" /etc/keystone/keystone.conf $ stat -L -c \"%a\" /etc/keystone/keystone-paste.ini $ stat -L -c \"%a\" /etc/keystone/policy.json $ stat -L -c \"%a\" /etc/keystone/logging.conf $ stat -L -c \"%a\" /etc/keystone/ssl/certs/signing_cert.pem $ stat -L -c \"%a\" /etc/keystone/ssl/private/signing_key.pem $ stat -L -c \"%a\" /etc/keystone/ssl/certs/ca.pem $ stat -L -c \"%a\" /etc/keystone \u8fd8\u53ef\u4ee5\u8fdb\u884c\u66f4\u5e7f\u6cdb\u7684\u9650\u5236\uff1a\u5982\u679c\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\uff0c\u5219\u4fdd\u8bc1\u6b64\u76ee\u5f55\u4e2d\u65b0\u521b\u5efa\u7684\u6587\u4ef6\u5177\u6709\u6240\u9700\u7684\u6743\u9650\u3002 \u901a\u8fc7\uff1a \u5982\u679c\u6743\u9650\u8bbe\u7f6e\u4e3a 640 \u6216\u66f4\u4e25\u683c\uff0c\u6216\u8005\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\u3002 \u5931\u8d25\uff1a \u5982\u679c\u6743\u9650\u672a\u8bbe\u7f6e\u4e3a\u81f3\u5c11 640/750\u3002 \u63a8\u8350\u4e8e\uff1a\u5185\u90e8\u5b9e\u73b0\u7684\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u3002","title":"Check-Identity-02\uff1a\u662f\u5426\u4e3a Identity \u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u6743\u9650\uff1f"},{"location":"security/security-guide/#check-identity-03-identity-tls","text":"OpenStack \u7ec4\u4ef6\u4f7f\u7528\u5404\u79cd\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\uff0c\u901a\u4fe1\u53ef\u80fd\u6d89\u53ca\u654f\u611f\u6216\u673a\u5bc6\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5c1d\u8bd5\u7a83\u542c\u9891\u9053\u4ee5\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u56e0\u6b64\uff0c\u6240\u6709\u7ec4\u4ef6\u90fd\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u901a\u4fe1\u534f\u8bae\uff08\u5982 HTTPS\uff09\u76f8\u4e92\u901a\u4fe1\u3002 \u5982\u679c\u5c06 HTTP/WSGI \u670d\u52a1\u5668\u7528\u4e8e\u6807\u8bc6\uff0c\u5219\u5e94\u5728 HTTP/WSGI \u670d\u52a1\u5668\u4e0a\u542f\u7528 TLS\u3002 \u901a\u8fc7\uff1a \u5982\u679c\u5728 HTTP \u670d\u52a1\u5668\u4e0a\u542f\u7528\u4e86 TLS\u3002 \u5931\u8d25\uff1a \u5982\u679c HTTP \u670d\u52a1\u5668\u4e0a\u672a\u542f\u7528 TLS\u3002 \u63a8\u8350\u4e8e\uff1a\u5b89\u5168\u901a\u4fe1\u3002","title":"Check-Identity-03\uff1a\u662f\u5426\u4e3a Identity \u542f\u7528\u4e86 TLS\uff1f"},{"location":"security/security-guide/#check-identity-04","text":"","title":"Check-Identity-04\uff1a\uff08\u5df2\u8fc7\u65f6\uff09"},{"location":"security/security-guide/#check-identity-05-max_request_body_size-114688","text":"\u8be5\u53c2\u6570 max_request_body_size \u5b9a\u4e49\u6bcf\u4e2a\u8bf7\u6c42\u7684\u6700\u5927\u6b63\u6587\u5927\u5c0f\uff08\u4ee5\u5b57\u8282\u4e3a\u5355\u4f4d\uff09\u3002\u5982\u679c\u672a\u5b9a\u4e49\u6700\u5927\u5927\u5c0f\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u6784\u5efa\u4efb\u610f\u5927\u5bb9\u91cf\u8bf7\u6c42\uff0c\u5bfc\u81f4\u670d\u52a1\u5d29\u6e83\uff0c\u6700\u7ec8\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u5206\u914d\u6700\u5927\u503c\u53ef\u786e\u4fdd\u963b\u6b62\u4efb\u4f55\u6076\u610f\u7684\u8d85\u5927\u8bf7\u6c42\uff0c\u4ece\u800c\u786e\u4fdd\u7ec4\u4ef6\u7684\u6301\u7eed\u53ef\u7528\u6027\u3002 \u901a\u8fc7\uff1a \u5982\u679c\u53c2\u6570 max_request_body_size in /etc/keystone/keystone.conf \u7684\u503c\u8bbe\u7f6e\u4e3a\u9ed8\u8ba4\u503c \uff08114688\uff09 \u6216\u6839\u636e\u60a8\u7684\u73af\u5883\u8bbe\u7f6e\u7684\u67d0\u4e2a\u5408\u7406\u503c\u3002 \u5931\u8d25\uff1a \u5982\u679c\u672a\u8bbe\u7f6e\u53c2\u6570 max_request_body_size \u503c\u3002","title":"Check-Identity-05\uff1a\u662f\u5426 max_request_body_size \u8bbe\u7f6e\u4e3a\u9ed8\u8ba4\u503c \uff08114688\uff09\uff1f"},{"location":"security/security-guide/#check-identity-06etckeystonekeystoneconf","text":"\u7ba1\u7406\u5458\u4ee4\u724c\u901a\u5e38\u7528\u4e8e\u5f15\u5bfc Identity\u3002\u6b64\u4ee4\u724c\u662f\u6700\u6709\u4ef7\u503c\u7684\u6807\u8bc6\u8d44\u4ea7\uff0c\u53ef\u7528\u4e8e\u83b7\u53d6\u4e91\u7ba1\u7406\u5458\u6743\u9650\u3002 \u901a\u8fc7\uff1a \u5982\u679c admin_token under [DEFAULT] section in /etc/keystone/keystone.conf \u88ab\u7981\u7528\u3002\u5e76\u4e14\uff0c AdminTokenAuthMiddleware under [filter:admin_token_auth] \u4ece /etc/keystone/keystone-paste.ini \u5931\u8d25\uff1a \u5982\u679c admin_token \u8bbe\u7f6e\u4e86 under [DEFAULT] \u90e8\u5206\u5e76 AdminTokenAuthMiddleware \u5b58\u5728\u4e8e keystone-paste.ini \u4e2d\u3002 \u5efa\u8bae \u7981\u7528 `admin_token` \u610f\u5473\u7740\u5b83\u7684\u503c\u4e3a `<none>` \u3002","title":"check-identity-06:\u7981\u7528/etc/keystone/keystone.conf\u4e2d\u7684\u7ba1\u7406\u4ee4\u724c"},{"location":"security/security-guide/#check-identity-07etckeystonekeystoneconf_","text":"\u5982\u679c insecure_debug \u8bbe\u7f6e\u4e3a true\uff0c\u5219\u670d\u52a1\u5668\u5c06\u5728 HTTP \u54cd\u5e94\u4e2d\u8fd4\u56de\u4fe1\u606f\uff0c\u8fd9\u4e9b\u4fe1\u606f\u53ef\u80fd\u5141\u8bb8\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u6216\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u7528\u6237\u83b7\u53d6\u6bd4\u6b63\u5e38\u60c5\u51b5\u66f4\u591a\u7684\u4fe1\u606f\uff0c\u4f8b\u5982\u6709\u5173\u8eab\u4efd\u9a8c\u8bc1\u5931\u8d25\u539f\u56e0\u7684\u5176\u4ed6\u8be6\u7ec6\u4fe1\u606f\u3002 \u901a\u8fc7\uff1a \u5982\u679c insecure_debug under [DEFAULT] section in /etc/keystone/keystone.conf \u4e3a false\u3002 \u5931\u8d25\uff1a \u5982\u679c insecure_debug under [DEFAULT] section in /etc/keystone/keystone.conf \u4e3a true\u3002","title":"check-identity-07:/etc/keystone/keystone.conf\u4e2d\u7684\u4e0d\u5b89\u5168_\u8c03\u8bd5\u4e3a\u5047"},{"location":"security/security-guide/#check-identity-08etckeystonekeystoneconffernet","text":"OpenStack Identity \u670d\u52a1\u63d0\u4f9b uuid \u548c fernet \u4f5c\u4e3a\u4ee4\u724c\u63d0\u4f9b\u8005\u3002 uuid \u4ee4\u724c\u5fc5\u987b\u6301\u4e45\u5316\uff0c\u5e76\u88ab\u89c6\u4e3a\u4e0d\u5b89\u5168\u3002 \u901a\u8fc7\uff1a \u5982\u679c section in /etc/keystone/keystone.conf \u4e0b\u7684 [token] \u53c2\u6570 provider \u503c\u8bbe\u7f6e\u4e3a fernet\u3002 \u5931\u8d25\uff1a \u5982\u679c section \u4e0b\u7684 [token] \u53c2\u6570 provider \u503c\u8bbe\u7f6e\u4e3a uuid\u3002","title":"check-identity-08:\u4f7f\u7528/etc/keystone/keystone.conf\u4e2d\u7684Fernet\u4ee4\u724c"},{"location":"security/security-guide/#_124","text":"Dashboard \uff08horizon\uff09 \u662f OpenStack \u4eea\u8868\u677f\uff0c\u5b83\u4e3a\u7528\u6237\u63d0\u4f9b\u4e86\u4e00\u4e2a\u81ea\u52a9\u670d\u52a1\u95e8\u6237\uff0c\u4ee5\u4fbf\u5728\u7ba1\u7406\u5458\u8bbe\u7f6e\u7684\u9650\u5236\u8303\u56f4\u5185\u914d\u7f6e\u81ea\u5df1\u7684\u8d44\u6e90\u3002\u5176\u4e2d\u5305\u62ec\u9884\u7f6e\u7528\u6237\u3001\u5b9a\u4e49\u5b9e\u4f8b\u53d8\u79cd\u3001\u4e0a\u4f20\u865a\u62df\u673a \uff08VM\uff09 \u6620\u50cf\u3001\u7ba1\u7406\u7f51\u7edc\u3001\u8bbe\u7f6e\u5b89\u5168\u7ec4\u3001\u542f\u52a8\u5b9e\u4f8b\u4ee5\u53ca\u901a\u8fc7\u63a7\u5236\u53f0\u8bbf\u95ee\u5b9e\u4f8b\u3002 \u4eea\u8868\u677f\u57fa\u4e8e Django Web \u6846\u67b6\uff0c\u786e\u4fdd Django \u7684\u5b89\u5168\u90e8\u7f72\u5b9e\u8df5\u76f4\u63a5\u5e94\u7528\u4e8e Horizon\u3002\u672c\u6307\u5357\u63d0\u4f9b\u4e86\u4e00\u7ec4 Django \u5b89\u5168\u5efa\u8bae\u3002\u66f4\u591a\u4fe1\u606f\u53ef\u4ee5\u901a\u8fc7\u9605\u8bfb Django \u6587\u6863\u627e\u5230\u3002 \u4eea\u8868\u677f\u9644\u5e26\u9ed8\u8ba4\u5b89\u5168\u8bbe\u7f6e\uff0c\u5e76\u5177\u6709\u90e8\u7f72\u548c\u914d\u7f6e\u6587\u6863\u3002 \u57df\u540d\u3001\u4eea\u8868\u677f\u5347\u7ea7\u548c\u57fa\u672c Web \u670d\u52a1\u5668\u914d\u7f6e \u57df\u540d \u57fa\u672c Web \u670d\u52a1\u5668\u914d\u7f6e \u5141\u8bb8\u7684\u4e3b\u673a \u6620\u50cf\u4e0a\u4f20 HTTPS\u3001HSTS\u3001XSS \u548c SSRF \u8de8\u7ad9\u70b9\u811a\u672c \uff08XSS\uff09 \u8de8\u7ad9\u70b9\u8bf7\u6c42\u4f2a\u9020 \uff08CSRF\uff09 \u8de8\u5e27\u811a\u672c \uff08XFS\uff09 HTTPS\u534f\u8bae HTTP \u4e25\u683c\u4f20\u8f93\u5b89\u5168 \uff08HSTS\uff09 \u524d\u7aef\u7f13\u5b58\u548c\u4f1a\u8bdd\u540e\u7aef \u524d\u7aef\u7f13\u5b58 \u4f1a\u8bdd\u540e\u7aef \u9759\u6001\u5a92\u4f53 \u5bc6\u7801 \u5bc6\u94a5 \u7f51\u7ad9\u6570\u636e \u8de8\u57df\u8d44\u6e90\u5171\u4eab \uff08CORS\uff09 \u8c03\u8bd5 \u68c0\u67e5\u8868 Check-Dashboard-01\uff1a\u7528\u6237/\u914d\u7f6e\u6587\u4ef6\u7ec4\u662f\u5426\u8bbe\u7f6e\u4e3a root/horizon\uff1f Check-Dashboard-02\uff1a\u662f\u5426\u4e3a Horizon \u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u6743\u9650\uff1f Check-Dashboard-03\uff1a\u53c2\u6570\u662f\u5426 DISALLOW_IFRAME_EMBED \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-04\uff1a\u53c2\u6570\u662f\u5426 CSRF_COOKIE_SECURE \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-05\uff1a\u53c2\u6570\u662f\u5426 SESSION_COOKIE_SECURE \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-06\uff1a\u53c2\u6570\u662f\u5426 SESSION_COOKIE_HTTPONLY \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-07\uff1a PASSWORD_AUTOCOMPLETE \u8bbe\u7f6e\u4e3a False \uff1f Check-Dashboard-08\uff1a DISABLE_PASSWORD_REVEAL \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-09\uff1a ENFORCE_PASSWORD_CHECK \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-10\uff1a\u662f\u5426 PASSWORD_VALIDATOR \u5df2\u914d\u7f6e\uff1f Check-Dashboard-11\uff1a\u662f\u5426 SECURE_PROXY_SSL_HEADER \u5df2\u914d\u7f6e\uff1f","title":"\u4eea\u8868\u677f"},{"location":"security/security-guide/#web","text":"","title":"\u57df\u540d\u3001\u4eea\u8868\u677f\u5347\u7ea7\u548c\u57fa\u672c Web \u670d\u52a1\u5668\u914d\u7f6e"},{"location":"security/security-guide/#_125","text":"\u8bb8\u591a\u7ec4\u7ec7\u901a\u5e38\u5728\u603b\u4f53\u7ec4\u7ec7\u57df\u7684\u5b50\u57df\u4e2d\u90e8\u7f72 Web \u5e94\u7528\u7a0b\u5e8f\u3002\u7528\u6237\u5f88\u81ea\u7136\u5730\u671f\u671b openstack.example.org .\u5728\u6b64\u4e0a\u4e0b\u6587\u4e2d\uff0c\u901a\u5e38\u5b58\u5728\u90e8\u7f72\u5728\u540c\u4e00\u4e2a\u4e8c\u7ea7\u547d\u540d\u7a7a\u95f4\u4e2d\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\u6b64\u540d\u79f0\u7ed3\u6784\u975e\u5e38\u65b9\u4fbf\uff0c\u5e76\u7b80\u5316\u4e86\u540d\u79f0\u670d\u52a1\u5668\u7684\u7ef4\u62a4\u3002 \u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\u5c06\u4eea\u8868\u677f\u90e8\u7f72\u5230\u4e8c\u7ea7\u57df\uff0c\u4f8b\u5982 \uff0c\u800c\u4e0d\u662f\u5728\u4efb\u4f55\u7ea7\u522b\u7684\u5171\u4eab\u5b50\u57df\u4e0a\u90e8\u7f72\u4eea\u8868\u677f\uff0c\u4f8b\u5982 https://example.com https://openstack.example.org \u6216 https://horizon.openstack.example.org \u3002\u6211\u4eec\u8fd8\u5efa\u8bae\u4e0d\u8981\u90e8\u7f72\u5230\u88f8\u5185\u90e8\u57df\uff0c\u4f8b\u5982 https://horizon/ .\u8fd9\u4e9b\u5efa\u8bae\u57fa\u4e8e\u6d4f\u89c8\u5668\u540c\u6e90\u7b56\u7565\u7684\u9650\u5236\u3002 \u5982\u679c\u5c06\u4eea\u8868\u677f\u90e8\u7f72\u5728\u8fd8\u6258\u7ba1\u7528\u6237\u751f\u6210\u5185\u5bb9\u7684\u57df\u4e2d\uff0c\u5219\u672c\u6307\u5357\u4e2d\u63d0\u4f9b\u7684\u5efa\u8bae\u65e0\u6cd5\u6709\u6548\u9632\u8303\u5df2\u77e5\u653b\u51fb\uff0c\u5373\u4f7f\u6b64\u5185\u5bb9\u9a7b\u7559\u5728\u5355\u72ec\u7684\u5b50\u57df\u4e2d\u4e5f\u662f\u5982\u6b64\u3002\u7528\u6237\u751f\u6210\u7684\u5185\u5bb9\u53ef\u4ee5\u5305\u542b\u4efb\u4f55\u7c7b\u578b\u7684\u811a\u672c\u3001\u56fe\u50cf\u6216\u4e0a\u4f20\u5185\u5bb9\u3002\u5927\u591a\u6570\u4e3b\u8981\u7684 Web \u5b58\u5728\uff08\u5305\u62ec googleusercontent.com\u3001fbcdn.com\u3001github.io \u548c twimg.co\uff09\u90fd\u4f7f\u7528\u8fd9\u79cd\u65b9\u6cd5\u5c06\u7528\u6237\u751f\u6210\u7684\u5185\u5bb9\u4e0e Cookie \u548c\u5b89\u5168\u4ee4\u724c\u9694\u79bb\u5f00\u6765\u3002 \u5982\u679c\u60a8\u4e0d\u9075\u5faa\u6709\u5173\u4e8c\u7ea7\u57df\u7684\u5efa\u8bae\uff0c\u8bf7\u907f\u514d\u4f7f\u7528 Cookie \u652f\u6301\u7684\u4f1a\u8bdd\u5b58\u50a8\uff0c\u5e76\u91c7\u7528 HTTP \u4e25\u683c\u4f20\u8f93\u5b89\u5168 \uff08HSTS\uff09\u3002\u5f53\u90e8\u7f72\u5728\u5b50\u57df\u4e0a\u65f6\uff0c\u4eea\u8868\u677f\u7684\u5b89\u5168\u6027\u7b49\u540c\u4e8e\u90e8\u7f72\u5728\u540c\u4e00\u4e8c\u7ea7\u57df\u4e0a\u7684\u5b89\u5168\u6027\u6700\u4f4e\u7684\u5e94\u7528\u7a0b\u5e8f\u3002","title":"\u57df\u540d"},{"location":"security/security-guide/#web_1","text":"\u4eea\u8868\u677f\u5e94\u90e8\u7f72\u4e3a HTTPS \u4ee3\u7406\uff08\u5982 Apache \u6216 Nginx\uff09\u540e\u9762\u7684 Web \u670d\u52a1\u7f51\u5173\u63a5\u53e3 \uff08WSGI\uff09 \u5e94\u7528\u7a0b\u5e8f\u3002\u5982\u679c Apache \u5c1a\u672a\u4f7f\u7528\uff0c\u6211\u4eec\u5efa\u8bae\u4f7f\u7528 Nginx\uff0c\u56e0\u4e3a\u5b83\u662f\u8f7b\u91cf\u7ea7\u7684\uff0c\u5e76\u4e14\u66f4\u5bb9\u6613\u6b63\u786e\u914d\u7f6e\u3002 \u4f7f\u7528 Nginx \u65f6\uff0c\u6211\u4eec\u5efa\u8bae gunicorn \u4f5c\u4e3a WSGI \u4e3b\u673a\uff0c\u5e76\u5177\u6709\u9002\u5f53\u6570\u91cf\u7684\u540c\u6b65\u5de5\u4f5c\u7ebf\u7a0b\u3002\u4f7f\u7528 Apache \u65f6\uff0c\u6211\u4eec\u5efa\u8bae mod_wsgi \u6258\u7ba1\u4eea\u8868\u677f\u3002","title":"\u57fa\u672c\u7684 Web \u670d\u52a1\u5668\u914d\u7f6e"},{"location":"security/security-guide/#_126","text":"\u4f7f\u7528 OpenStack \u4eea\u8868\u677f\u63d0\u4f9b\u7684\u5b8c\u5168\u9650\u5b9a\u4e3b\u673a\u540d\u914d\u7f6e\u8bbe\u7f6e ALLOWED_HOSTS \u3002\u63d0\u4f9b\u6b64\u8bbe\u7f6e\u540e\uff0c\u5982\u679c\u4f20\u5165 HTTP \u8bf7\u6c42\u7684\u201cHost\uff1a\u201d\u6807\u5934\u4e2d\u7684\u503c\u4e0e\u6b64\u5217\u8868\u4e2d\u7684\u4efb\u4f55\u503c\u90fd\u4e0d\u5339\u914d\uff0c\u5219\u5c06\u5f15\u53d1\u9519\u8bef\uff0c\u5e76\u4e14\u8bf7\u6c42\u8005\u5c06\u65e0\u6cd5\u7ee7\u7eed\u3002\u5982\u679c\u672a\u80fd\u914d\u7f6e\u6b64\u9009\u9879\uff0c\u6216\u8005\u5728\u6307\u5b9a\u7684\u4e3b\u673a\u540d\u4e2d\u4f7f\u7528\u901a\u914d\u7b26\uff0c\u5c06\u5bfc\u81f4\u4eea\u8868\u677f\u5bb9\u6613\u53d7\u5230\u4e0e\u865a\u5047 HTTP \u4e3b\u673a\u6807\u5934\u5173\u8054\u7684\u5b89\u5168\u6f0f\u6d1e\u7684\u5f71\u54cd\u3002 \u6709\u5173\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 Django \u6587\u6863\u3002","title":"\u5141\u8bb8\u7684\u4e3b\u673a"},{"location":"security/security-guide/#horizon","text":"\u6211\u4eec\u5efa\u8bae\u5b9e\u65bd\u8005\u7981\u7528HORIZON_IMAGES_ALLOW_UPLOAD\uff0c\u9664\u975e\u4ed6\u4eec\u5df2\u5b9e\u65bd\u9632\u6b62\u8d44\u6e90\u8017\u5c3d\u548c\u62d2\u7edd\u670d\u52a1\u7684\u8ba1\u5212\u3002","title":"Horizon \u955c\u50cf\u4e0a\u4f20"},{"location":"security/security-guide/#httpshstsxss-ssrf","text":"","title":"HTTPS\u3001HSTS\u3001XSS \u548c SSRF"},{"location":"security/security-guide/#xss","text":"\u4e0e\u8bb8\u591a\u7c7b\u4f3c\u7684\u7cfb\u7edf\u4e0d\u540c\uff0cOpenStack \u4eea\u8868\u677f\u5141\u8bb8\u5728\u5927\u591a\u6570\u5b57\u6bb5\u4e2d\u4f7f\u7528\u6574\u4e2a Unicode \u5b57\u7b26\u96c6\u3002\u8fd9\u610f\u5473\u7740\u5f00\u53d1\u4eba\u5458\u72af\u9519\u8bef\u7684\u81ea\u7531\u5ea6\u8f83\u5c0f\uff0c\u8fd9\u4e9b\u9519\u8bef\u4e3a\u8de8\u7ad9\u70b9\u811a\u672c \uff08XSS\uff09 \u6253\u5f00\u4e86\u653b\u51fb\u5a92\u4ecb\u3002 Dashboard \u4e3a\u5f00\u53d1\u4eba\u5458\u63d0\u4f9b\u4e86\u907f\u514d\u521b\u5efa XSS \u6f0f\u6d1e\u7684\u5de5\u5177\uff0c\u4f46\u5b83\u4eec\u53ea\u6709\u5728\u5f00\u53d1\u4eba\u5458\u6b63\u786e\u4f7f\u7528\u5b83\u4eec\u65f6\u624d\u6709\u6548\u3002\u5ba1\u6838\u4efb\u4f55\u81ea\u5b9a\u4e49\u4eea\u8868\u677f\uff0c\u7279\u522b\u6ce8\u610f mark_safe \u51fd\u6570\u7684\u4f7f\u7528\u3001\u4e0e\u81ea\u5b9a\u4e49\u6a21\u677f\u6807\u8bb0\u7684\u4f7f\u7528 is_safe \u3001 safe \u6a21\u677f\u6807\u8bb0\u7684\u4f7f\u7528\u3001\u5173\u95ed\u81ea\u52a8\u8f6c\u4e49\u7684\u4efb\u4f55\u4f4d\u7f6e\uff0c\u4ee5\u53ca\u4efb\u4f55\u53ef\u80fd\u8bc4\u4f30\u4e0d\u5f53\u8f6c\u4e49\u6570\u636e\u7684 JavaScript\u3002","title":"\u8de8\u7ad9\u811a\u672c \uff08XSS\uff09"},{"location":"security/security-guide/#csrf","text":"Django \u6709\u4e13\u95e8\u7684\u4e2d\u95f4\u4ef6\u7528\u4e8e\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020 \uff08CSRF\uff09\u3002\u6709\u5173\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 Django \u6587\u6863\u3002 OpenStack \u4eea\u8868\u677f\u65e8\u5728\u963b\u6b62\u5f00\u53d1\u4eba\u5458\u5728\u5f15\u5165\u7ebf\u7a0b\u65f6\u4f7f\u7528\u81ea\u5b9a\u4e49\u4eea\u8868\u677f\u5f15\u5165\u8de8\u7ad9\u70b9\u811a\u672c\u6f0f\u6d1e\u3002\u5e94\u5ba1\u6838\u4f7f\u7528\u591a\u4e2a JavaScript \u5b9e\u4f8b\u7684\u4eea\u8868\u677f\u662f\u5426\u5b58\u5728\u6f0f\u6d1e\uff0c\u4f8b\u5982\u4e0d\u5f53\u4f7f\u7528 @csrf_exempt \u88c5\u9970\u5668\u3002\u5728\u653e\u5bbd\u9650\u5236\u4e4b\u524d\uff0c\u5e94\u4ed4\u7ec6\u8bc4\u4f30\u4efb\u4f55\u4e0d\u9075\u5faa\u8fd9\u4e9b\u5efa\u8bae\u7684\u5b89\u5168\u8bbe\u7f6e\u7684\u4eea\u8868\u677f\u3002","title":"\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020 \uff08CSRF\uff09"},{"location":"security/security-guide/#xfs","text":"\u4f20\u7edf\u6d4f\u89c8\u5668\u4ecd\u7136\u5bb9\u6613\u53d7\u5230\u8de8\u5e27\u811a\u672c \uff08XFS\uff09 \u6f0f\u6d1e\u7684\u653b\u51fb\uff0c\u56e0\u6b64 OpenStack \u4eea\u8868\u677f\u63d0\u4f9b\u4e86\u4e00\u4e2a\u9009\u9879 DISALLOW_IFRAME_EMBED \uff0c\u5141\u8bb8\u5728\u90e8\u7f72\u4e2d\u4e0d\u4f7f\u7528 iframe \u7684\u60c5\u51b5\u4e0b\u8fdb\u884c\u989d\u5916\u7684\u5b89\u5168\u5f3a\u5316\u3002","title":"\u8de8\u5e27\u811a\u672c \uff08XFS\uff09"},{"location":"security/security-guide/#https","text":"\u4f7f\u7528\u6765\u81ea\u516c\u8ba4\u7684\u8bc1\u4e66\u9881\u53d1\u673a\u6784 \uff08CA\uff09 \u7684\u6709\u6548\u53d7\u4fe1\u4efb\u8bc1\u4e66\uff0c\u5c06\u4eea\u8868\u677f\u90e8\u7f72\u5728\u5b89\u5168 HTTPS \u670d\u52a1\u5668\u540e\u9762\u3002\u4ec5\u5f53\u4fe1\u4efb\u6839\u9884\u5b89\u88c5\u5728\u6240\u6709\u7528\u6237\u6d4f\u89c8\u5668\u4e2d\u65f6\uff0c\u79c1\u6709\u7ec4\u7ec7\u9881\u53d1\u7684\u8bc1\u4e66\u624d\u9002\u7528\u3002 \u914d\u7f6e\u5bf9\u4eea\u8868\u677f\u57df\u7684 HTTP \u8bf7\u6c42\uff0c\u4ee5\u91cd\u5b9a\u5411\u5230\u5b8c\u5168\u9650\u5b9a\u7684 HTTPS URL\u3002","title":"HTTPS \u51fd\u6570"},{"location":"security/security-guide/#http-hsts","text":"\u5f3a\u70c8\u5efa\u8bae\u4f7f\u7528 HTTP \u4e25\u683c\u4f20\u8f93\u5b89\u5168 \uff08HSTS\uff09\u3002 \u6ce8\u610f \u5982\u679c\u60a8\u5728 Web \u670d\u52a1\u5668\u524d\u9762\u4f7f\u7528 HTTPS \u4ee3\u7406\uff0c\u800c\u4e0d\u662f\u4f7f\u7528\u5177\u6709 HTTPS \u529f\u80fd\u7684 HTTP \u670d\u52a1\u5668\uff0c\u8bf7\u4fee\u6539\u8be5 `SECURE_PROXY_SSL_HEADER` \u53d8\u91cf\u3002\u6709\u5173\u4fee\u6539 `SECURE_PROXY_SSL_HEADER` \u53d8\u91cf\u7684\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 Django \u6587\u6863\u3002 \u6709\u5173 HTTPS \u914d\u7f6e\uff08\u5305\u62ec HSTS \u914d\u7f6e\uff09\u7684\u66f4\u5177\u4f53\u5efa\u8bae\u548c\u670d\u52a1\u5668\u914d\u7f6e\uff0c\u8bf7\u53c2\u9605\u201c\u5b89\u5168\u901a\u4fe1\u201d\u4e00\u7ae0\u3002","title":"HTTP \u4e25\u683c\u4f20\u8f93\u5b89\u5168 \uff08HSTS\uff09"},{"location":"security/security-guide/#_127","text":"","title":"\u524d\u7aef\u7f13\u5b58\u548c\u4f1a\u8bdd\u540e\u7aef"},{"location":"security/security-guide/#_128","text":"\u6211\u4eec\u4e0d\u5efa\u8bae\u5728\u4eea\u8868\u677f\u4e2d\u4f7f\u7528\u524d\u7aef\u7f13\u5b58\u5de5\u5177\u3002\u4eea\u8868\u677f\u6b63\u5728\u6e32\u67d3\u76f4\u63a5\u7531 OpenStack API \u8bf7\u6c42\u751f\u6210\u7684\u52a8\u6001\u5185\u5bb9\uff0c\u524d\u7aef\u7f13\u5b58\u5c42\uff08\u5982 varnish\uff09\u53ef\u80fd\u4f1a\u963b\u6b62\u663e\u793a\u6b63\u786e\u7684\u5185\u5bb9\u3002\u5728 Django \u4e2d\uff0c\u9759\u6001\u5a92\u4f53\u76f4\u63a5\u4ece Apache \u6216 Nginx \u63d0\u4f9b\uff0c\u5e76\u4e14\u5df2\u7ecf\u53d7\u76ca\u4e8e Web \u4e3b\u673a\u7f13\u5b58\u3002","title":"\u524d\u7aef\u7f13\u5b58"},{"location":"security/security-guide/#_129","text":"Horizon \u7684\u9ed8\u8ba4\u4f1a\u8bdd\u540e\u7aef django.contrib.sessions.backends.signed_cookies \u5c06\u7528\u6237\u6570\u636e\u4fdd\u5b58\u5728\u6d4f\u89c8\u5668\u4e2d\u5b58\u50a8\u7684\u5df2\u7b7e\u540d\u4f46\u672a\u52a0\u5bc6\u7684 Cookie \u4e2d\u3002\u7531\u4e8e\u6bcf\u4e2a\u4eea\u8868\u677f\u5b9e\u4f8b\u90fd\u662f\u65e0\u72b6\u6001\u7684\uff0c\u56e0\u6b64\u524d\u9762\u63d0\u5230\u7684\u65b9\u6cd5\u63d0\u4f9b\u4e86\u5b9e\u73b0\u6700\u7b80\u5355\u7684\u4f1a\u8bdd\u540e\u7aef\u6269\u5c55\u7684\u80fd\u529b\u3002 \u5e94\u8be5\u6ce8\u610f\u7684\u662f\uff0c\u5728\u8fd9\u79cd\u7c7b\u578b\u7684\u5b9e\u73b0\u4e2d\uff0c\u654f\u611f\u7684\u8bbf\u95ee\u4ee4\u724c\u5c06\u5b58\u50a8\u5728\u6d4f\u89c8\u5668\u4e2d\uff0c\u5e76\u5c06\u968f\u7740\u6bcf\u4e2a\u8bf7\u6c42\u7684\u53d1\u51fa\u800c\u4f20\u8f93\u3002\u540e\u7aef\u786e\u4fdd\u4f1a\u8bdd\u6570\u636e\u7684\u5b8c\u6574\u6027\uff0c\u5373\u4f7f\u4f20\u8f93\u7684\u6570\u636e\u4ec5\u901a\u8fc7 HTTPS \u52a0\u5bc6\u3002 \u5982\u679c\u60a8\u7684\u67b6\u6784\u5141\u8bb8\u5171\u4eab\u5b58\u50a8\uff0c\u5e76\u4e14\u60a8\u6b63\u786e\u914d\u7f6e\u4e86\u7f13\u5b58\uff0c\u6211\u4eec\u5efa\u8bae\u60a8\u5c06\u5176\u8bbe\u7f6e\u4e3a SESSION_ENGINE django.contrib.sessions.backends.cache \u5e76\u7528\u4f5c\u57fa\u4e8e\u7f13\u5b58\u7684\u4f1a\u8bdd\u540e\u7aef\uff0c\u5e76\u5c06 memcached \u4f5c\u4e3a\u7f13\u5b58\u3002Memcached \u662f\u4e00\u79cd\u9ad8\u6548\u7684\u5185\u5b58\u952e\u503c\u5b58\u50a8\uff0c\u7528\u4e8e\u5b58\u50a8\u6570\u636e\u5757\uff0c\u53ef\u5728\u9ad8\u53ef\u7528\u6027\u548c\u5206\u5e03\u5f0f\u73af\u5883\u4e2d\u4f7f\u7528\uff0c\u5e76\u4e14\u6613\u4e8e\u914d\u7f6e\u3002\u4f46\u662f\uff0c\u60a8\u9700\u8981\u786e\u4fdd\u6ca1\u6709\u6570\u636e\u6cc4\u6f0f\u3002Memcached \u5229\u7528\u5907\u7528 RAM \u6765\u5b58\u50a8\u7ecf\u5e38\u8bbf\u95ee\u7684\u6570\u636e\u5757\uff0c\u5c31\u50cf\u91cd\u590d\u8bbf\u95ee\u4fe1\u606f\u7684\u5185\u5b58\u7f13\u5b58\u4e00\u6837\u3002\u7531\u4e8e memcached \u4f7f\u7528\u672c\u5730\u5185\u5b58\uff0c\u56e0\u6b64\u4e0d\u4f1a\u4ea7\u751f\u6570\u636e\u5e93\u548c\u6587\u4ef6\u7cfb\u7edf\u4f7f\u7528\u5f00\u9500\uff0c\u4ece\u800c\u5bfc\u81f4\u76f4\u63a5\u4ece RAM \u800c\u4e0d\u662f\u4ece\u78c1\u76d8\u8bbf\u95ee\u6570\u636e\u3002 \u6211\u4eec\u5efa\u8bae\u4f7f\u7528 memcached \u800c\u4e0d\u662f\u672c\u5730\u5185\u5b58\u7f13\u5b58\uff0c\u56e0\u4e3a\u5b83\u901f\u5ea6\u5feb\uff0c\u6570\u636e\u4fdd\u7559\u65f6\u95f4\u66f4\u957f\uff0c\u591a\u8fdb\u7a0b\u5b89\u5168\uff0c\u5e76\u4e14\u80fd\u591f\u5728\u591a\u4e2a\u670d\u52a1\u5668\u4e0a\u5171\u4eab\u7f13\u5b58\uff0c\u4f46\u4ecd\u5c06\u5176\u89c6\u4e3a\u5355\u4e2a\u7f13\u5b58\u3002 \u8981\u542f\u7528 memcached\uff0c\u8bf7\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache' } \u6709\u5173\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 Django \u6587\u6863\u3002","title":"\u4f1a\u8bdd\u540e\u7aef"},{"location":"security/security-guide/#_130","text":"\u4eea\u8868\u677f\u7684\u9759\u6001\u5a92\u4f53\u5e94\u90e8\u7f72\u5230\u4eea\u8868\u677f\u57df\u7684\u5b50\u57df\uff0c\u5e76\u7531 Web \u670d\u52a1\u5668\u63d0\u4f9b\u670d\u52a1\u3002\u4f7f\u7528\u5916\u90e8\u5185\u5bb9\u5206\u53d1\u7f51\u7edc \uff08CDN\uff09 \u4e5f\u662f\u53ef\u4ee5\u63a5\u53d7\u7684\u3002\u6b64\u5b50\u57df\u4e0d\u5e94\u8bbe\u7f6e Cookie \u6216\u63d0\u4f9b\u7528\u6237\u63d0\u4f9b\u7684\u5185\u5bb9\u3002\u5a92\u4f53\u4e5f\u5e94\u4f7f\u7528 HTTPS \u63d0\u4f9b\u3002 Django \u5a92\u4f53\u8bbe\u7f6e\u8bb0\u5f55\u5728 Django \u6587\u6863\u4e2d\u3002 Dashboard \u7684\u9ed8\u8ba4\u914d\u7f6e\u4f7f\u7528 django_compressor \u6765\u538b\u7f29\u548c\u7f29\u5c0f CSS \u548c JavaScript \u5185\u5bb9\uff0c\u7136\u540e\u518d\u63d0\u4f9b\u8fd9\u4e9b\u5185\u5bb9\u3002\u6b64\u8fc7\u7a0b\u5e94\u5728\u90e8\u7f72\u4eea\u8868\u677f\u4e4b\u524d\u9759\u6001\u5b8c\u6210\uff0c\u800c\u4e0d\u662f\u4f7f\u7528\u9ed8\u8ba4\u7684\u8bf7\u6c42\u5185\u52a8\u6001\u538b\u7f29\uff0c\u5e76\u5c06\u751f\u6210\u7684\u6587\u4ef6\u4e0e\u5df2\u90e8\u7f72\u7684\u4ee3\u7801\u4e00\u8d77\u590d\u5236\u5230 CDN \u670d\u52a1\u5668\u3002\u538b\u7f29\u5e94\u5728\u975e\u751f\u4ea7\u751f\u6210\u73af\u5883\u4e2d\u5b8c\u6210\u3002\u5982\u679c\u8fd9\u4e0d\u53ef\u884c\uff0c\u6211\u4eec\u5efa\u8bae\u5b8c\u5168\u7981\u7528\u8d44\u6e90\u538b\u7f29\u3002\u4e0d\u5e94\u5728\u751f\u4ea7\u8ba1\u7b97\u673a\u4e0a\u5b89\u88c5\u8054\u673a\u538b\u7f29\u4f9d\u8d56\u9879\uff08\u8f83\u5c11\uff0cNode.js\uff09\u3002","title":"\u9759\u6001\u5a92\u4f53"},{"location":"security/security-guide/#_131","text":"\u5bc6\u7801\u7ba1\u7406\u5e94\u8be5\u662f\u4e91\u7ba1\u7406\u8ba1\u5212\u4e0d\u53ef\u6216\u7f3a\u7684\u4e00\u90e8\u5206\u3002\u5173\u4e8e\u5bc6\u7801\u7684\u6743\u5a01\u6559\u7a0b\u8d85\u51fa\u4e86\u672c\u4e66\u7684\u8303\u56f4;\u4f46\u662f\uff0c\u4e91\u7ba1\u7406\u5458\u5e94\u53c2\u8003 NIST \u4f01\u4e1a\u5bc6\u7801\u7ba1\u7406\u7279\u522b\u51fa\u7248\u7269\u6307\u5357\u7b2c 4 \u7ae0\u4e2d\u63a8\u8350\u7684\u6700\u4f73\u5b9e\u8df5\u3002 \u65e0\u8bba\u662f\u901a\u8fc7\u4eea\u8868\u677f\u8fd8\u662f\u5176\u4ed6\u5e94\u7528\u7a0b\u5e8f\uff0c\u57fa\u4e8e\u6d4f\u89c8\u5668\u7684 OpenStack \u4e91\u8bbf\u95ee\u90fd\u4f1a\u5f15\u5165\u989d\u5916\u7684\u6ce8\u610f\u4e8b\u9879\u3002\u73b0\u4ee3\u6d4f\u89c8\u5668\u90fd\u652f\u6301\u67d0\u79cd\u5f62\u5f0f\u7684\u5bc6\u7801\u5b58\u50a8\u548c\u81ea\u52a8\u586b\u5145\u8bb0\u4f4f\u7684\u7ad9\u70b9\u7684\u51ed\u636e\u3002\u8fd9\u5728\u4f7f\u7528\u4e0d\u5bb9\u6613\u8bb0\u4f4f\u6216\u952e\u5165\u7684\u5f3a\u5bc6\u7801\u65f6\u975e\u5e38\u6709\u7528\uff0c\u4f46\u5982\u679c\u5ba2\u6237\u7aef\u7684\u7269\u7406\u5b89\u5168\u6027\u53d7\u5230\u5a01\u80c1\uff0c\u53ef\u80fd\u4f1a\u5bfc\u81f4\u6d4f\u89c8\u5668\u6210\u4e3a\u8584\u5f31\u73af\u8282\u3002\u5982\u679c\u6d4f\u89c8\u5668\u7684\u5bc6\u7801\u5b58\u50a8\u672c\u8eab\u4e0d\u53d7\u5f3a\u5bc6\u7801\u4fdd\u62a4\uff0c\u6216\u8005\u5982\u679c\u5141\u8bb8\u5bc6\u7801\u5b58\u50a8\u5728\u4f1a\u8bdd\u671f\u95f4\u4fdd\u6301\u89e3\u9501\u72b6\u6001\uff0c\u5219\u5f88\u5bb9\u6613\u83b7\u5f97\u5bf9\u7cfb\u7edf\u7684\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002 KeePassX \u548c Password Safe \u7b49\u5bc6\u7801\u7ba1\u7406\u5e94\u7528\u7a0b\u5e8f\u975e\u5e38\u6709\u7528\uff0c\u56e0\u4e3a\u5927\u591a\u6570\u5e94\u7528\u7a0b\u5e8f\u90fd\u652f\u6301\u751f\u6210\u5f3a\u5bc6\u7801\u548c\u5b9a\u671f\u63d0\u9192\u751f\u6210\u65b0\u5bc6\u7801\u3002\u6700\u91cd\u8981\u7684\u662f\uff0c\u5bc6\u7801\u5b58\u50a8\u4ec5\u77ed\u6682\u4fdd\u6301\u89e3\u9501\u72b6\u6001\uff0c\u4ece\u800c\u964d\u4f4e\u4e86\u5bc6\u7801\u6cc4\u9732\u548c\u901a\u8fc7\u6d4f\u89c8\u5668\u6216\u7cfb\u7edf\u5165\u4fb5\u8fdb\u884c\u672a\u7ecf\u6388\u6743\u7684\u8d44\u6e90\u8bbf\u95ee\u7684\u98ce\u9669\u3002","title":"\u5bc6\u7801"},{"location":"security/security-guide/#_132","text":"\u4eea\u8868\u677f\u4f9d\u8d56\u4e8e\u67d0\u4e9b\u5b89\u5168\u529f\u80fd\u7684\u5171\u4eab SECRET_KEY \u8bbe\u7f6e\u3002\u5bc6\u94a5\u5e94\u4e3a\u968f\u673a\u751f\u6210\u7684\u5b57\u7b26\u4e32\uff0c\u957f\u5ea6\u81f3\u5c11\u4e3a 64 \u4e2a\u5b57\u7b26\uff0c\u5fc5\u987b\u5728\u6240\u6709\u6d3b\u52a8\u4eea\u8868\u677f\u5b9e\u4f8b\u4e4b\u95f4\u5171\u4eab\u3002\u6cc4\u9732\u6b64\u5bc6\u94a5\u53ef\u80fd\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u8f6e\u6362\u6b64\u5bc6\u94a5\u4f1a\u4f7f\u73b0\u6709\u7528\u6237\u4f1a\u8bdd\u548c\u7f13\u5b58\u5931\u6548\u3002\u8bf7\u52ff\u5c06\u6b64\u5bc6\u94a5\u63d0\u4ea4\u5230\u516c\u5171\u5b58\u50a8\u5e93\u3002","title":"\u5bc6\u94a5"},{"location":"security/security-guide/#cookies","text":"\u4f1a\u8bddCookies\u5e94\u8bbe\u7f6e\u4e3a HTTPONLY\uff1a SESSION_COOKIE_HTTPONLY = True \u5207\u52ff\u5c06 CSRF \u6216\u4f1a\u8bdd Cookie \u914d\u7f6e\u4e3a\u5177\u6709\u5e26\u524d\u5bfc\u70b9\u7684\u901a\u914d\u7b26\u57df\u3002\u4f7f\u7528 HTTPS \u90e8\u7f72\u65f6\uff0c\u5e94\u4fdd\u62a4 Horizon \u7684\u4f1a\u8bdd\u548c CSRF Cookie\uff1a CSRF_COOKIE_SECURE = True SESSION_COOKIE_SECURE = True","title":"Cookies"},{"location":"security/security-guide/#cors","text":"\u5c06 Web \u670d\u52a1\u5668\u914d\u7f6e\u4e3a\u5728\u6bcf\u6b21\u54cd\u5e94\u65f6\u53d1\u9001\u9650\u5236\u6027 CORS \u6807\u5934\uff0c\u4ec5\u5141\u8bb8\u4eea\u8868\u677f\u57df\u548c\u534f\u8bae\uff1a Access-Control-Allow-Origin: https://example.com/ \u6c38\u8fdc\u4e0d\u5141\u8bb8\u901a\u914d\u7b26\u6765\u6e90\u3002","title":"\u8de8\u57df\u8d44\u6e90\u5171\u4eab \uff08CORS\uff09"},{"location":"security/security-guide/#_133","text":"\u5efa\u8bae\u5728\u751f\u4ea7\u73af\u5883\u4e2d\u5c06 DEBUG \u8be5\u8bbe\u7f6e\u8bbe\u7f6e\u4e3a False \u3002\u5982\u679c DEBUG \u8bbe\u7f6e\u4e3a True\uff0c\u5219\u5f53\u629b\u51fa\u5f02\u5e38\u65f6\uff0cDjango \u5c06\u663e\u793a\u5806\u6808\u8ddf\u8e2a\u548c\u654f\u611f\u7684 Web \u670d\u52a1\u5668\u72b6\u6001\u4fe1\u606f\u3002","title":"\u8c03\u8bd5"},{"location":"security/security-guide/#_134","text":"","title":"\u68c0\u67e5\u8868"},{"location":"security/security-guide/#check-dashboard-01-roothorizon","text":"\u914d\u7f6e\u6587\u4ef6\u5305\u542b\u7ec4\u4ef6\u5e73\u7a33\u8fd0\u884c\u6240\u9700\u7684\u5173\u952e\u53c2\u6570\u548c\u4fe1\u606f\u3002\u5982\u679c\u975e\u7279\u6743\u7528\u6237\u6709\u610f\u6216\u65e0\u610f\u5730\u4fee\u6539\u6216\u5220\u9664\u4efb\u4f55\u53c2\u6570\u6216\u6587\u4ef6\u672c\u8eab\uff0c\u5219\u4f1a\u5bfc\u81f4\u4e25\u91cd\u7684\u53ef\u7528\u6027\u95ee\u9898\uff0c\u4ece\u800c\u5bfc\u81f4\u5bf9\u5176\u4ed6\u6700\u7ec8\u7528\u6237\u7684\u62d2\u7edd\u670d\u52a1\u3002\u56e0\u6b64\uff0c\u6b64\u7c7b\u5173\u952e\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a root\uff0c\u7ec4\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a horizon\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%U %G\" /etc/openstack-dashboard/local_settings.py | egrep \"root horizon\" \u901a\u8fc7\uff1a\u5982\u679c\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u5206\u522b\u8bbe\u7f6e\u4e3a root \u548c horizon\u3002\u4e0a\u9762\u7684\u547d\u4ee4\u663e\u793a\u4e86\u6839\u5730\u5e73\u7ebf\u7684\u8f93\u51fa\u3002 \u5931\u8d25\uff1a\u5982\u679c\u4e0a\u8ff0\u547d\u4ee4\u672a\u8fd4\u56de\u4efb\u4f55\u8f93\u51fa\uff0c\u56e0\u4e3a\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u53ef\u80fd\u5df2\u8bbe\u7f6e\u4e3a\u9664 root \u4ee5\u5916\u7684\u4efb\u4f55\u7528\u6237\u6216\u9664 Horizon \u4ee5\u5916\u7684\u4efb\u4f55\u7ec4\u3002","title":"Check-Dashboard-01\uff1a\u7528\u6237/\u914d\u7f6e\u6587\u4ef6\u7ec4\u662f\u5426\u8bbe\u7f6e\u4e3a root/horizon\uff1f"},{"location":"security/security-guide/#check-dashboard-02-horizon","text":"\u4e0e\u524d\u9762\u7684\u68c0\u67e5\u7c7b\u4f3c\uff0c\u5efa\u8bae\u5bf9\u6b64\u7c7b\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e25\u683c\u7684\u8bbf\u95ee\u6743\u9650\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%a\" /etc/openstack-dashboard/local_settings.py \u901a\u8fc7\uff1a\u5982\u679c\u6743\u9650\u8bbe\u7f6e\u4e3a 640 \u6216\u66f4\u4e25\u683c\u3002640 \u7684\u6743\u9650\u8f6c\u6362\u4e3a\u6240\u6709\u8005 r/w\u3001\u7ec4 r\uff0c\u800c\u5bf9\u5176\u4ed6\u4eba\u6ca1\u6709\u6743\u9650\uff0c\u5373\u201cu=rw\uff0cg=r\uff0co=\u201d\u3002\u8bf7\u6ce8\u610f\uff0c\u4f7f\u7528 Check-Dashboard-01 \u65f6\uff1a\u7528\u6237/\u914d\u7f6e\u6587\u4ef6\u7ec4\u662f\u5426\u8bbe\u7f6e\u4e3a root/horizon\uff1f\u6743\u9650\u8bbe\u7f6e\u4e3a 640\uff0c\u5219 root \u7528\u6237\u5177\u6709\u8bfb/\u5199\u8bbf\u95ee\u6743\u9650\uff0cHorizon \u5177\u6709\u5bf9\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u8bfb\u53d6\u8bbf\u95ee\u6743\u9650\u3002\u4e5f\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u9a8c\u8bc1\u8bbf\u95ee\u6743\u9650\u3002\u4ec5\u5f53\u6b64\u547d\u4ee4\u652f\u6301 ACL \u65f6\uff0c\u5b83\u624d\u5728\u60a8\u7684\u7cfb\u7edf\u4e0a\u53ef\u7528\u3002 $ getfacl --tabular -a /etc/openstack-dashboard/local_settings.py getfacl: Removing leading '/' from absolute path names # file: etc/openstack-dashboard/local_settings.py USER root rw- GROUP horizon r-- mask r-- other --- \u5931\u8d25\uff1a\u5982\u679c\u6743\u9650\u672a\u8bbe\u7f6e\u4e3a\u81f3\u5c11 640\u3002","title":"Check-Dashboard-02\uff1a\u662f\u5426\u4e3a Horizon \u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u6743\u9650\uff1f"},{"location":"security/security-guide/#check-dashboard-03-disallow_iframe_embed-true","text":"DISALLOW_IFRAME_EMBED \u53ef\u7528\u4e8e\u9632\u6b62 OpenStack Dashboard \u5d4c\u5165\u5230 iframe \u4e2d\u3002 \u65e7\u7248\u6d4f\u89c8\u5668\u4ecd\u7136\u5bb9\u6613\u53d7\u5230\u8de8\u5e27\u811a\u672c \uff08XFS\uff09 \u6f0f\u6d1e\u7684\u5f71\u54cd\uff0c\u56e0\u6b64\u6b64\u9009\u9879\u5141\u8bb8\u5728\u90e8\u7f72\u4e2d\u672a\u4f7f\u7528 iframe \u7684\u60c5\u51b5\u4e0b\u8fdb\u884c\u989d\u5916\u7684\u5b89\u5168\u5f3a\u5316\u3002 \u9ed8\u8ba4\u8bbe\u7f6e\u4e3a True\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 DISALLOW_IFRAME_EMBED in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a True \u3002 \u5931\u8d25\uff1a\u5982\u679c\u53c2\u6570 DISALLOW_IFRAME_EMBED in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a False \u3002 \u63a8\u8350\u7528\u4e8e\uff1aHTTPS\u3001HSTS\u3001XSS \u548c SSRF\u3002","title":"Check-Dashboard-03\uff1a\u53c2\u6570\u662f\u5426 DISALLOW_IFRAME_EMBED \u8bbe\u7f6e\u4e3a True \uff1f"},{"location":"security/security-guide/#check-dashboard-04-csrf_cookie_secure-true","text":"CSRF\uff08\u8de8\u7ad9\u70b9\u8bf7\u6c42\u4f2a\u9020\uff09\u662f\u4e00\u79cd\u653b\u51fb\uff0c\u5b83\u8feb\u4f7f\u6700\u7ec8\u7528\u6237\u5728\u4ed6/\u5979\u5f53\u524d\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684 Web \u5e94\u7528\u7a0b\u5e8f\u4e0a\u6267\u884c\u672a\u7ecf\u6388\u6743\u7684\u547d\u4ee4\u3002\u6210\u529f\u7684 CSRF \u6f0f\u6d1e\u53ef\u80fd\u4f1a\u5371\u53ca\u6700\u7ec8\u7528\u6237\u7684\u6570\u636e\u548c\u64cd\u4f5c\u3002\u5982\u679c\u76ee\u6807\u6700\u7ec8\u7528\u6237\u5177\u6709\u7ba1\u7406\u5458\u6743\u9650\uff0c\u8fd9\u53ef\u80fd\u4f1a\u5371\u53ca\u6574\u4e2a Web \u5e94\u7528\u7a0b\u5e8f\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 CSRF_COOKIE_SECURE in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a True \u3002 \u5931\u8d25\uff1a\u5982\u679c\u53c2\u6570 CSRF_COOKIE_SECURE in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a False \u3002 \u63a8\u8350\u4e8e\uff1aCookies\u3002","title":"Check-Dashboard-04\uff1a\u53c2\u6570\u662f\u5426 CSRF_COOKIE_SECURE \u8bbe\u7f6e\u4e3a True \uff1f"},{"location":"security/security-guide/#check-dashboard-05-session_cookie_secure-true","text":"\u201cSECURE\u201dcookie \u5c5e\u6027\u6307\u793a Web \u6d4f\u89c8\u5668\u4ec5\u901a\u8fc7\u52a0\u5bc6\u7684 HTTPS \uff08SSL/TLS\uff09 \u8fde\u63a5\u53d1\u9001 cookie\u3002\u6b64\u4f1a\u8bdd\u4fdd\u62a4\u673a\u5236\u662f\u5f3a\u5236\u6027\u7684\uff0c\u4ee5\u9632\u6b62\u901a\u8fc7 MitM\uff08\u4e2d\u95f4\u4eba\uff09\u653b\u51fb\u6cc4\u9732\u4f1a\u8bdd ID\u3002\u5b83\u786e\u4fdd\u653b\u51fb\u8005\u65e0\u6cd5\u7b80\u5355\u5730\u4ece Web \u6d4f\u89c8\u5668\u6d41\u91cf\u4e2d\u6355\u83b7\u4f1a\u8bdd ID\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 SESSION_COOKIE_SECURE in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a True \u3002 \u5931\u8d25\uff1a\u5982\u679c\u53c2\u6570 SESSION_COOKIE_SECURE in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a False \u3002 \u63a8\u8350\u4e8e\uff1aCookies\u3002","title":"Check-Dashboard-05\uff1a\u53c2\u6570\u662f\u5426 SESSION_COOKIE_SECURE \u8bbe\u7f6e\u4e3a True \uff1f"},{"location":"security/security-guide/#check-dashboard-06-session_cookie_httponly-true","text":"\u201cHTTPONLY\u201dcookie \u5c5e\u6027\u6307\u793a Web \u6d4f\u89c8\u5668\u4e0d\u5141\u8bb8\u811a\u672c\uff08\u4f8b\u5982 JavaScript \u6216 VBscript\uff09\u901a\u8fc7 DOM document.cookie \u5bf9\u8c61\u8bbf\u95ee cookie\u3002\u6b64\u4f1a\u8bdd ID \u4fdd\u62a4\u662f\u5fc5\u9700\u7684\uff0c\u4ee5\u9632\u6b62\u901a\u8fc7 XSS \u653b\u51fb\u7a83\u53d6\u4f1a\u8bdd ID\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 SESSION_COOKIE_HTTPONLY in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a True \u3002 \u5931\u8d25\uff1a\u5982\u679c\u53c2\u6570 SESSION_COOKIE_HTTPONLY in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a False \u3002 \u63a8\u8350\u4e8e\uff1aCookies\u3002","title":"Check-Dashboard-06\uff1a\u53c2\u6570\u662f\u5426 SESSION_COOKIE_HTTPONLY \u8bbe\u7f6e\u4e3a True \uff1f"},{"location":"security/security-guide/#check-dashboard-07-password_autocomplete-false","text":"\u5e94\u7528\u7a0b\u5e8f\u7528\u4e8e\u4e3a\u7528\u6237\u63d0\u4f9b\u4fbf\u5229\u7684\u5e38\u89c1\u529f\u80fd\u662f\u5c06\u5bc6\u7801\u672c\u5730\u7f13\u5b58\u5728\u6d4f\u89c8\u5668\u4e2d\uff08\u5728\u5ba2\u6237\u7aef\u8ba1\u7b97\u673a\u4e0a\uff09\uff0c\u5e76\u5728\u6240\u6709\u540e\u7eed\u8bf7\u6c42\u4e2d\u201c\u9884\u5148\u952e\u5165\u201d\u3002\u867d\u7136\u6b64\u529f\u80fd\u5bf9\u666e\u901a\u7528\u6237\u6765\u8bf4\u975e\u5e38\u53cb\u597d\uff0c\u4f46\u540c\u65f6\uff0c\u5b83\u5f15\u5165\u4e86\u4e00\u4e2a\u7f3a\u9677\uff0c\u56e0\u4e3a\u5728\u5ba2\u6237\u7aef\u8ba1\u7b97\u673a\u4e0a\u4f7f\u7528\u76f8\u540c\u5e10\u6237\u7684\u4efb\u4f55\u4eba\u90fd\u53ef\u4ee5\u8f7b\u677e\u8bbf\u95ee\u7528\u6237\u5e10\u6237\uff0c\u4ece\u800c\u53ef\u80fd\u5bfc\u81f4\u7528\u6237\u5e10\u6237\u53d7\u635f\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 PASSWORD_AUTOCOMPLETE in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a off \u3002 \u5931\u8d25\uff1a\u5982\u679c\u53c2\u6570 PASSWORD_AUTOCOMPLETE in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a on \u3002","title":"Check-Dashboard-07\uff1a PASSWORD_AUTOCOMPLETE \u8bbe\u7f6e\u4e3a False \uff1f"},{"location":"security/security-guide/#check-dashboard-08-disable_password_reveal-true","text":"\u4e0e\u4e4b\u524d\u7684\u68c0\u67e5\u7c7b\u4f3c\uff0c\u5efa\u8bae\u4e0d\u8981\u663e\u793a\u5bc6\u7801\u5b57\u6bb5\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 DISABLE_PASSWORD_REVEAL in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a True \u3002 \u5931\u8d25\uff1a\u5982\u679c\u53c2\u6570 DISABLE_PASSWORD_REVEAL in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a False \u3002 \u6ce8\u610f \u6b64\u9009\u9879\u662f\u5728 Kilo \u7248\u672c\u4e2d\u5f15\u5165\u7684\u3002","title":"Check-Dashboard-08\uff1a DISABLE_PASSWORD_REVEAL \u8bbe\u7f6e\u4e3a True \uff1f"},{"location":"security/security-guide/#check-dashboard-09-enforce_password_check-true","text":"\u8bbe\u7f6e\u4e3a ENFORCE_PASSWORD_CHECK True \u5c06\u5728\u201c\u66f4\u6539\u5bc6\u7801\u201d\u7a97\u4f53\u4e0a\u663e\u793a\u201c\u7ba1\u7406\u5458\u5bc6\u7801\u201d\u5b57\u6bb5\uff0c\u4ee5\u9a8c\u8bc1\u662f\u5426\u786e\u5b9e\u662f\u7ba1\u7406\u5458\u767b\u5f55\u7684\u8981\u66f4\u6539\u5bc6\u7801\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 ENFORCE_PASSWORD_CHECK in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a True \u3002 \u5931\u8d25\uff1a\u5982\u679c\u53c2\u6570 ENFORCE_PASSWORD_CHECK in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a False \u3002","title":"Check-Dashboard-09\uff1a ENFORCE_PASSWORD_CHECK \u8bbe\u7f6e\u4e3a True \uff1f"},{"location":"security/security-guide/#check-dashboard-10-password_validator","text":"\u5141\u8bb8\u6b63\u5219\u8868\u8fbe\u5f0f\u9a8c\u8bc1\u7528\u6237\u5bc6\u7801\u7684\u590d\u6742\u6027\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 PASSWORD_VALIDATOR in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a defaul \u4e4b\u5916\u7684\u4efb\u4f55\u503c\uff0c\u5219\u5141\u8bb8\u6240\u6709 \u201cregex\u201d\uff1a '.*'\uff0c \u5931\u8d25\uff1a\u5982\u679c\u53c2\u6570 PASSWORD_VALIDATOR in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a\u5141\u8bb8\u6240\u6709 \u201cregex\u201d\uff1a '.*'","title":"Check-Dashboard-10\uff1a\u662f\u5426 PASSWORD_VALIDATOR \u5df2\u914d\u7f6e\uff1f"},{"location":"security/security-guide/#check-dashboard-11-secure_proxy_ssl_header","text":"\u5982\u679c OpenStack Dashboard \u90e8\u7f72\u5728\u4ee3\u7406\u540e\u9762\uff0c\u5e76\u4e14\u4ee3\u7406\u4ece\u6240\u6709\u4f20\u5165\u8bf7\u6c42\u4e2d\u5265\u79bb X-Forwarded-Proto \u6807\u5934\uff0c\u6216\u8005\u8bbe\u7f6e\u6807\u5934 X-Forwarded-Proto \u5e76\u5c06\u5176\u53d1\u9001\u5230 Dashboard\uff0c\u4f46\u4ec5\u9002\u7528\u4e8e\u6700\u521d\u901a\u8fc7 HTTPS \u4f20\u5165\u7684\u8bf7\u6c42\uff0c\u90a3\u4e48\u60a8\u5e94\u8be5\u8003\u8651\u914d\u7f6e SECURE_PROXY_SSL_HEADER \u66f4\u591a\u4fe1\u606f\u53ef\u4ee5\u5728 Django \u6587\u6863\u4e2d\u627e\u5230\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 SECURE_PROXY_SSL_HEADER in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a 'HTTP_X_FORWARDED_PROTO', 'https' \u5931\u8d25\uff1a\u5982\u679c\u53c2\u6570 SECURE_PROXY_SSL_HEADER in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u672a\u8bbe\u7f6e\u4e3a 'HTTP_X_FORWARDED_PROTO', 'https' \u6216\u6ce8\u91ca\u6389\u3002","title":"Check-Dashboard-11\uff1a\u662f\u5426 SECURE_PROXY_SSL_HEADER \u5df2\u914d\u7f6e\uff1f"},{"location":"security/security-guide/#_135","text":"OpenStack \u8ba1\u7b97\u670d\u52a1 \uff08nova\uff09 \u5728\u6574\u4e2a\u4e91\u4e2d\u7684\u8bb8\u591a\u4f4d\u7f6e\u8fd0\u884c\uff0c\u5e76\u4e0e\u5404\u79cd\u5185\u90e8\u670d\u52a1\u8fdb\u884c\u4ea4\u4e92\u3002OpenStack \u8ba1\u7b97\u670d\u52a1\u63d0\u4f9b\u4e86\u591a\u79cd\u914d\u7f6e\u9009\u9879\uff0c\u8fd9\u4e9b\u9009\u9879\u53ef\u80fd\u662f\u7279\u5b9a\u4e8e\u90e8\u7f72\u7684\u3002 \u5728\u672c\u7ae0\u4e2d\uff0c\u6211\u4eec\u5c06\u4ecb\u7ecd\u6709\u5173\u8ba1\u7b97\u5b89\u5168\u6027\u7684\u4e00\u822c\u6700\u4f73\u5b9e\u8df5\uff0c\u4ee5\u53ca\u53ef\u80fd\u5bfc\u81f4\u5b89\u5168\u95ee\u9898\u7684\u7279\u5b9a\u5df2\u77e5\u914d\u7f6e\u3002 nova.conf \u6587\u4ef6\u548c /var/lib/nova \u4f4d\u7f6e\u5e94\u53d7\u5230\u4fdd\u62a4\u3002\u5e94\u5b9e\u65bd\u96c6\u4e2d\u5f0f\u65e5\u5fd7\u8bb0\u5f55\u3001 policy.json \u6587\u4ef6\u548c\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236\u6846\u67b6\u7b49\u63a7\u5236\u63aa\u65bd\u3002 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u9009\u62e9 OpenStack \u4e2d\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f \u7eb3\u5165\u6392\u9664\u6807\u51c6 \u56e2\u961f\u4e13\u957f \u4ea7\u54c1\u6216\u9879\u76ee\u6210\u719f\u5ea6 \u8ba4\u8bc1\u548c\u8bc1\u660e \u901a\u7528\u6807\u51c6 \u52a0\u5bc6\u6807\u51c6 FIPS 140-2 \u786c\u4ef6\u95ee\u9898 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e0e\u88f8\u673a \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5185\u5b58\u4f18\u5316 KVM \u5185\u6838 Samepage \u5408\u5e76 XEN\u900f\u660e\u9875\u9762\u5171\u4eab \u5185\u5b58\u4f18\u5316\u7684\u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u5176\u4ed6\u5b89\u5168\u529f\u80fd \u4e66\u76ee \u5f3a\u5316\u865a\u62df\u5316\u5c42 \u7269\u7406\u786c\u4ef6\uff08PCI \u76f4\u901a\uff09 \u865a\u62df\u786c\u4ef6 \uff08QEMU\uff09 \u6700\u5c0f\u5316 QEMU \u4ee3\u7801\u5e93 \u7f16\u8bd1\u5668\u5f3a\u5316 \u5b89\u5168\u52a0\u5bc6\u865a\u62df\u5316 \u5f3a\u5236\u8bbf\u95ee\u63a7\u5236 sVirt\uff1aSELinux \u548c\u865a\u62df\u5316 \u6807\u7b7e\u548c\u7c7b\u522b SELinux \u7528\u6237\u548c\u89d2\u8272 \u5e03\u5c14\u503c \u5f3a\u5316\u8ba1\u7b97\u90e8\u7f72 OpenStack \u6f0f\u6d1e\u7ba1\u7406\u56e2\u961f OpenStack \u5b89\u5168\u8bf4\u660e OpenStack-dev \u90ae\u4ef6\u5217\u8868 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u90ae\u4ef6\u5217\u8868 \u6f0f\u6d1e\u610f\u8bc6 OpenStack \u6f0f\u6d1e\u7ba1\u7406\u56e2\u961f OpenStack \u5b89\u5168\u8bf4\u660e OpenStack-\u8ba8\u8bba\u90ae\u4ef6\u5217\u8868 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u90ae\u4ef6\u5217\u8868 \u5982\u4f55\u9009\u62e9\u865a\u62df\u63a7\u5236\u53f0 \u865a\u62df\u7f51\u7edc\u8ba1\u7b97\u673a \uff08VNC\uff09 \u72ec\u7acb\u8ba1\u7b97\u73af\u5883\u7684\u7b80\u5355\u534f\u8bae \uff08SPICE\uff09 \u68c0\u67e5\u8868 Check-Compute-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/nova\uff1f Check-Compute-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Compute-03\uff1aKeystone \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Compute-04\uff1a\u662f\u5426\u4f7f\u7528\u5b89\u5168\u534f\u8bae\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Compute-05\uff1aNova \u4e0e Glance \u7684\u901a\u4fe1\u662f\u5426\u5b89\u5168\uff1f","title":"\u8ba1\u7b97"},{"location":"security/security-guide/#_136","text":"","title":"\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u9009\u62e9"},{"location":"security/security-guide/#openstack_4","text":"\u65e0\u8bbaOpenStack\u662f\u90e8\u7f72\u5728\u79c1\u6709\u6570\u636e\u4e2d\u5fc3\u5185\uff0c\u8fd8\u662f\u4f5c\u4e3a\u516c\u5171\u4e91\u670d\u52a1\u90e8\u7f72\uff0c\u5e95\u5c42\u865a\u62df\u5316\u6280\u672f\u90fd\u80fd\u5728\u53ef\u6269\u5c55\u6027\u3001\u8d44\u6e90\u6548\u7387\u548c\u6b63\u5e38\u8fd0\u884c\u65f6\u95f4\u65b9\u9762\u63d0\u4f9b\u4f01\u4e1a\u7ea7\u529f\u80fd\u3002\u867d\u7136\u5728\u8bb8\u591a OpenStack \u652f\u6301\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u6280\u672f\u4e2d\u901a\u5e38\u90fd\u5177\u6709\u8fd9\u79cd\u9ad8\u7ea7\u4f18\u52bf\uff0c\u4f46\u6bcf\u4e2a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u7684\u5b89\u5168\u67b6\u6784\u548c\u529f\u80fd\u90fd\u5b58\u5728\u663e\u8457\u5dee\u5f02\uff0c\u5c24\u5176\u662f\u5728\u8003\u8651\u5f39\u6027 OpenStack \u73af\u5883\u7279\u6709\u7684\u5b89\u5168\u5a01\u80c1\u5411\u91cf\u65f6\u3002\u968f\u7740\u5e94\u7528\u7a0b\u5e8f\u6574\u5408\u5230\u5355\u4e2a\u57fa\u7840\u67b6\u6784\u5373\u670d\u52a1 \uff08IaaS\uff09 \u5e73\u53f0\u4e2d\uff0c\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u7ea7\u522b\u7684\u5b9e\u4f8b\u9694\u79bb\u53d8\u5f97\u81f3\u5173\u91cd\u8981\u3002\u5b89\u5168\u9694\u79bb\u7684\u8981\u6c42\u5728\u5546\u4e1a\u3001\u653f\u5e9c\u548c\u519b\u4e8b\u793e\u533a\u4e2d\u90fd\u9002\u7528\u3002 \u5728 OpenStack \u6846\u67b6\u4e2d\uff0c\u60a8\u53ef\u4ee5\u5728\u4f17\u591a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5e73\u53f0\u548c\u76f8\u5e94\u7684 OpenStack \u63d2\u4ef6\u4e2d\u8fdb\u884c\u9009\u62e9\uff0c\u4ee5\u4f18\u5316\u60a8\u7684\u4e91\u73af\u5883\u3002\u5728\u672c\u6307\u5357\u7684\u4e0a\u4e0b\u6587\u4e2d\uff0c\u91cd\u70b9\u4ecb\u7ecd\u4e86\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u9009\u62e9\u6ce8\u610f\u4e8b\u9879\uff0c\u56e0\u4e3a\u5b83\u4eec\u4e0e\u5bf9\u5b89\u5168\u6027\u81f3\u5173\u91cd\u8981\u7684\u529f\u80fd\u96c6\u6709\u5173\u3002\u4f46\u662f\uff0c\u8fd9\u4e9b\u6ce8\u610f\u4e8b\u9879\u5e76\u4e0d\u610f\u5473\u7740\u5bf9\u7279\u5b9a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u7684\u4f18\u7f3a\u70b9\u8fdb\u884c\u8be6\u5c3d\u7684\u8c03\u67e5\u3002NIST \u5728\u7279\u522b\u51fa\u7248\u7269 800-125\u201c\u5b8c\u6574\u865a\u62df\u5316\u6280\u672f\u5b89\u5168\u6307\u5357\u201d\u4e2d\u63d0\u4f9b\u4e86\u5176\u4ed6\u6307\u5bfc\u3002","title":"OpenStack \u4e2d\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f"},{"location":"security/security-guide/#_137","text":"\u4f5c\u4e3a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u9009\u62e9\u8fc7\u7a0b\u7684\u4e00\u90e8\u5206\uff0c\u60a8\u5fc5\u987b\u8003\u8651\u8bb8\u591a\u91cd\u8981\u56e0\u7d20\uff0c\u4ee5\u5e2e\u52a9\u6539\u5584\u60a8\u7684\u5b89\u5168\u72b6\u51b5\u3002\u5177\u4f53\u6765\u8bf4\uff0c\u60a8\u5fc5\u987b\u719f\u6089\u4ee5\u4e0b\u65b9\u9762\uff1a \u56e2\u961f\u4e13\u957f \u4ea7\u54c1\u6216\u9879\u76ee\u6210\u719f\u5ea6 \u901a\u7528\u6807\u51c6 \u8ba4\u8bc1\u548c\u8bc1\u660e \u786c\u4ef6\u95ee\u9898 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e0e\u88f8\u673a \u5176\u4ed6\u5b89\u5168\u529f\u80fd \u6b64\u5916\uff0c\u5f3a\u70c8\u5efa\u8bae\u5728\u4e3a OpenStack \u90e8\u7f72\u9009\u62e9\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u65f6\u8bc4\u4f30\u4ee5\u4e0b\u4e0e\u5b89\u5168\u76f8\u5173\u7684\u6807\u51c6\uff1a * \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u662f\u5426\u7ecf\u8fc7\u901a\u7528\u6807\u51c6\u8ba4\u8bc1\uff1f\u5982\u679c\u662f\u8fd9\u6837\uff0c\u8fbe\u5230\u4ec0\u4e48\u6c34\u5e73\uff1f* \u5e95\u5c42\u5bc6\u7801\u5b66\u662f\u5426\u7ecf\u8fc7\u7b2c\u4e09\u65b9\u8ba4\u8bc1\uff1f","title":"\u9009\u62e9\u6807\u51c6"},{"location":"security/security-guide/#_138","text":"\u6700\u6709\u53ef\u80fd\u7684\u662f\uff0c\u5728\u9009\u62e9\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u65f6\uff0c\u6700\u91cd\u8981\u7684\u65b9\u9762\u662f\u60a8\u7684\u5458\u5de5\u5728\u7ba1\u7406\u548c\u7ef4\u62a4\u7279\u5b9a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5e73\u53f0\u65b9\u9762\u7684\u4e13\u4e1a\u77e5\u8bc6\u3002\u60a8\u7684\u56e2\u961f\u5bf9\u7ed9\u5b9a\u4ea7\u54c1\u3001\u5176\u914d\u7f6e\u53ca\u5176\u602a\u7656\u8d8a\u719f\u6089\uff0c\u914d\u7f6e\u9519\u8bef\u5c31\u8d8a\u5c11\u3002\u6b64\u5916\uff0c\u5728\u7ed9\u5b9a\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e0a\u5c06\u5458\u5de5\u4e13\u4e1a\u77e5\u8bc6\u5206\u5e03\u5728\u6574\u4e2a\u7ec4\u7ec7\u4e2d\u53ef\u4ee5\u63d0\u9ad8\u7cfb\u7edf\u7684\u53ef\u7528\u6027\uff0c\u5141\u8bb8\u804c\u8d23\u5206\u79bb\uff0c\u5e76\u5728\u56e2\u961f\u6210\u5458\u4e0d\u53ef\u7528\u65f6\u7f13\u89e3\u95ee\u9898\u3002","title":"\u56e2\u961f\u4e13\u957f"},{"location":"security/security-guide/#_139","text":"\u7ed9\u5b9a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4ea7\u54c1\u6216\u9879\u76ee\u7684\u6210\u719f\u5ea6\u5bf9\u60a8\u7684\u5b89\u5168\u72b6\u51b5\u4e5f\u81f3\u5173\u91cd\u8981\u3002\u90e8\u7f72\u4e91\u540e\uff0c\u4ea7\u54c1\u6210\u719f\u5ea6\u4f1a\u4ea7\u751f\u8bb8\u591a\u5f71\u54cd\uff1a\u7ed9\u5b9a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4ea7\u54c1\u6216\u9879\u76ee\u7684\u6210\u719f\u5ea6\u5bf9\u60a8\u7684\u5b89\u5168\u72b6\u51b5\u4e5f\u81f3\u5173\u91cd\u8981\u3002\u90e8\u7f72\u4e91\u540e\uff0c\u4ea7\u54c1\u6210\u719f\u5ea6\u4f1a\u4ea7\u751f\u8bb8\u591a\u5f71\u54cd\uff1a \u4e13\u4e1a\u77e5\u8bc6\u7684\u53ef\u7528\u6027 \u6d3b\u8dc3\u7684\u5f00\u53d1\u4eba\u5458\u548c\u7528\u6237\u793e\u533a \u66f4\u65b0\u7684\u53ca\u65f6\u6027\u548c\u53ef\u7528\u6027 \u53d1\u75c5\u7387\u54cd\u5e94 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u6210\u719f\u5ea6\u7684\u6700\u5927\u6307\u6807\u4e4b\u4e00\u662f\u56f4\u7ed5\u5b83\u7684\u793e\u533a\u7684\u89c4\u6a21\u548c\u6d3b\u529b\u3002\u7531\u4e8e\u8fd9\u6d89\u53ca\u5b89\u5168\u6027\uff0c\u56e0\u6b64\u5982\u679c\u60a8\u9700\u8981\u989d\u5916\u7684\u4e91\u64cd\u4f5c\u5458\uff0c\u793e\u533a\u7684\u8d28\u91cf\u4f1a\u5f71\u54cd\u4e13\u4e1a\u77e5\u8bc6\u7684\u53ef\u7528\u6027\u3002\u8fd9\u4e5f\u8868\u660e\u4e86\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u7684\u5e7f\u6cdb\u90e8\u7f72\uff0c\u8fdb\u800c\u5bfc\u81f4\u4efb\u4f55\u53c2\u8003\u67b6\u6784\u548c\u6700\u4f73\u5b9e\u8df5\u7684\u6218\u5907\u72b6\u6001\u3002 \u6b64\u5916\uff0c\u793e\u533a\u7684\u8d28\u91cf\uff0c\u56e0\u4e3a\u5b83\u56f4\u7ed5\u7740KVM\u6216Xen\u7b49\u5f00\u6e90\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\uff0c\u5bf9\u9519\u8bef\u4fee\u590d\u548c\u5b89\u5168\u66f4\u65b0\u7684\u53ca\u65f6\u6027\u6709\u76f4\u63a5\u5f71\u54cd\u3002\u5728\u8c03\u67e5\u5546\u4e1a\u548c\u5f00\u6e90\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u65f6\uff0c\u60a8\u5fc5\u987b\u67e5\u770b\u5b83\u4eec\u7684\u53d1\u5e03\u548c\u652f\u6301\u5468\u671f\uff0c\u4ee5\u53ca\u53d1\u5e03\u9519\u8bef\u6216\u5b89\u5168\u95ee\u9898\u4e0e\u8865\u4e01\u6216\u54cd\u5e94\u4e4b\u95f4\u7684\u65f6\u95f4\u5dee\u3002\u6700\u540e\uff0cOpenStack \u8ba1\u7b97\u652f\u6301\u7684\u529f\u80fd\u56e0\u6240\u9009\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u800c\u5f02\u3002\u8bf7\u53c2\u9605 OpenStack Hypervisor Support Matrix\uff0c\u4e86\u89e3 Hypervisor \u5bf9 OpenStack \u8ba1\u7b97\u529f\u80fd\u7684\u652f\u6301\u3002","title":"\u4ea7\u54c1\u6216\u9879\u76ee\u6210\u719f\u5ea6"},{"location":"security/security-guide/#_140","text":"\u9009\u62e9\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u65f6\uff0c\u53e6\u4e00\u4e2a\u8003\u8651\u56e0\u7d20\u662f\u5404\u79cd\u6b63\u5f0f\u8ba4\u8bc1\u548c\u8bc1\u660e\u7684\u53ef\u7528\u6027\u3002\u867d\u7136\u5b83\u4eec\u53ef\u80fd\u4e0d\u662f\u7279\u5b9a\u7ec4\u7ec7\u7684\u8981\u6c42\uff0c\u4f46\u8fd9\u4e9b\u8ba4\u8bc1\u548c\u8bc1\u660e\u8bf4\u660e\u4e86\u7279\u5b9a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5e73\u53f0\u6240\u7ecf\u8fc7\u7684\u6d4b\u8bd5\u7684\u6210\u719f\u5ea6\u3001\u751f\u4ea7\u51c6\u5907\u60c5\u51b5\u548c\u5f7b\u5e95\u6027\u3002","title":"\u8ba4\u8bc1\u548c\u8bc1\u660e"},{"location":"security/security-guide/#_141","text":"\u901a\u7528\u6807\u51c6\u662f\u4e00\u4e2a\u56fd\u9645\u6807\u51c6\u5316\u7684\u8f6f\u4ef6\u8bc4\u4f30\u8fc7\u7a0b\uff0c\u653f\u5e9c\u548c\u5546\u4e1a\u516c\u53f8\u4f7f\u7528\u5b83\u6765\u9a8c\u8bc1\u8f6f\u4ef6\u6280\u672f\u662f\u5426\u5982\u5ba3\u4f20\u7684\u90a3\u6837\u3002\u5728\u653f\u5e9c\u90e8\u95e8\uff0cNSTISSP \u7b2c 11 \u53f7\u89c4\u5b9a\u7f8e\u56fd\u653f\u5e9c\u673a\u6784\u53ea\u80fd\u91c7\u8d2d\u5df2\u901a\u8fc7\u901a\u7528\u6807\u51c6\u8ba4\u8bc1\u7684\u8f6f\u4ef6\uff0c\u8be5\u653f\u7b56\u81ea 2002 \u5e74 7 \u6708\u8d77\u5b9e\u65bd\u3002 \u6ce8\u610f OpenStack\u5c1a\u672a\u901a\u8fc7\u901a\u7528\u6807\u51c6\u8ba4\u8bc1\uff0c\u4f46\u8bb8\u591a\u53ef\u7528\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u90fd\u7ecf\u8fc7\u4e86\u8ba4\u8bc1\u3002 \u9664\u4e86\u9a8c\u8bc1\u6280\u672f\u80fd\u529b\u5916\uff0c\u901a\u7528\u6807\u51c6\u6d41\u7a0b\u8fd8\u8bc4\u4f30\u6280\u672f\u7684\u5f00\u53d1\u65b9\u5f0f\u3002 \u5982\u4f55\u8fdb\u884c\u6e90\u4ee3\u7801\u7ba1\u7406\uff1f \u5982\u4f55\u6388\u4e88\u7528\u6237\u5bf9\u6784\u5efa\u7cfb\u7edf\u7684\u8bbf\u95ee\u6743\u9650\uff1f \u8be5\u6280\u672f\u5728\u5206\u53d1\u524d\u662f\u5426\u7ecf\u8fc7\u52a0\u5bc6\u7b7e\u540d\uff1f KVM \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5df2\u901a\u8fc7\u7f8e\u56fd\u653f\u5e9c\u548c\u5546\u4e1a\u53d1\u884c\u7248\u7684\u901a\u7528\u6807\u51c6\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u5df2\u7ecf\u8fc7\u9a8c\u8bc1\uff0c\u53ef\u4ee5\u5c06\u865a\u62df\u673a\u7684\u8fd0\u884c\u65f6\u73af\u5883\u5f7c\u6b64\u5206\u79bb\uff0c\u4ece\u800c\u63d0\u4f9b\u57fa\u7840\u6280\u672f\u6765\u5b9e\u65bd\u5b9e\u4f8b\u9694\u79bb\u3002\u9664\u4e86\u865a\u62df\u673a\u9694\u79bb\u4e4b\u5916\uff0cKVM \u8fd8\u901a\u8fc7\u4e86\u901a\u7528\u6807\u51c6\u8ba4\u8bc1\uff1a \"...provide system-inherent separation mechanisms to the resources of virtual machines. This separation ensures that large software component used for virtualizing and simulating devices executing for each virtual machine cannot interfere with each other. Using the SELinux multi-category mechanism, the virtualization and simulation software instances are isolated. The virtual machine management framework configures SELinux multi-category settings transparently to the administrator.\" \u867d\u7136\u8bb8\u591a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4f9b\u5e94\u5546\uff08\u5982 Red Hat\u3001Microsoft \u548c VMware\uff09\u5df2\u83b7\u5f97\u901a\u7528\u6807\u51c6\u8ba4\u8bc1\uff0c\u4f46\u5176\u57fa\u7840\u8ba4\u8bc1\u529f\u80fd\u96c6\u6709\u6240\u4e0d\u540c\uff0c\u4f46\u6211\u4eec\u5efa\u8bae\u8bc4\u4f30\u4f9b\u5e94\u5546\u58f0\u660e\uff0c\u4ee5\u786e\u4fdd\u5b83\u4eec\u81f3\u5c11\u6ee1\u8db3\u4ee5\u4e0b\u8981\u6c42\uff1a \u5ba1\u8ba1 \u8be5\u7cfb\u7edf\u63d0\u4f9b\u4e86\u5ba1\u6838\u5927\u91cf\u4e8b\u4ef6\u7684\u529f\u80fd\uff0c\u5305\u62ec\u5355\u4e2a\u7cfb\u7edf\u8c03\u7528\u548c\u53d7\u4fe1\u4efb\u8fdb\u7a0b\u751f\u6210\u7684\u4e8b\u4ef6\u3002\u5ba1\u8ba1\u6570\u636e\u4ee5 ASCII \u683c\u5f0f\u6536\u96c6\u5728\u5e38\u89c4\u6587\u4ef6\u4e2d\u3002\u7cfb\u7edf\u63d0\u4f9b\u4e86\u4e00\u4e2a\u7528\u4e8e\u641c\u7d22\u5ba1\u8ba1\u8bb0\u5f55\u7684\u7a0b\u5e8f\u3002\u7cfb\u7edf\u7ba1\u7406\u5458\u53ef\u4ee5\u5b9a\u4e49\u4e00\u4e2a\u89c4\u5219\u5e93\uff0c\u4ee5\u5c06\u5ba1\u6838\u9650\u5236\u4e3a\u4ed6\u4eec\u611f\u5174\u8da3\u7684\u4e8b\u4ef6\u3002\u8fd9\u5305\u62ec\u5c06\u5ba1\u6838\u9650\u5236\u4e3a\u7279\u5b9a\u4e8b\u4ef6\u3001\u7279\u5b9a\u7528\u6237\u3001\u7279\u5b9a\u5bf9\u8c61\u6216\u6240\u6709\u8fd9\u4e9b\u7684\u7ec4\u5408\u7684\u80fd\u529b\u3002\u5ba1\u8ba1\u8bb0\u5f55\u53ef\u4ee5\u4f20\u8f93\u5230\u8fdc\u7a0b\u5ba1\u8ba1\u5b88\u62a4\u7a0b\u5e8f\u3002 \u81ea\u4e3b\u8bbf\u95ee\u63a7\u5236 \u81ea\u4e3b\u8bbf\u95ee\u63a7\u5236 \uff08DAC\uff09 \u9650\u5236\u5bf9\u57fa\u4e8e ACL \u7684\u6587\u4ef6\u7cfb\u7edf\u5bf9\u8c61\u7684\u8bbf\u95ee\uff0c\u8fd9\u4e9b\u5bf9\u8c61\u5305\u62ec\u7528\u6237\u3001\u7ec4\u548c\u5176\u4ed6\u4eba\u5458\u7684\u6807\u51c6 UNIX \u6743\u9650\u3002\u8bbf\u95ee\u63a7\u5236\u673a\u5236\u8fd8\u53ef\u4ee5\u4fdd\u62a4 IPC \u5bf9\u8c61\u514d\u53d7\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002\u8be5\u7cfb\u7edf\u5305\u62ec ext4 \u6587\u4ef6\u7cfb\u7edf\uff0c\u5b83\u652f\u6301 POSIX ACL\u3002\u8fd9\u5141\u8bb8\u5b9a\u4e49\u5bf9\u6b64\u7c7b\u6587\u4ef6\u7cfb\u7edf\u4e2d\u6587\u4ef6\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u7cbe\u786e\u5230\u5355\u4e2a\u7528\u6237\u7684\u7c92\u5ea6\u3002 \u5f3a\u5236\u8bbf\u95ee\u63a7\u5236 \u5f3a\u5236\u8bbf\u95ee\u63a7\u5236 \uff08MAC\uff09 \u6839\u636e\u5206\u914d\u7ed9\u4e3b\u4f53\u548c\u5bf9\u8c61\u7684\u6807\u7b7e\u6765\u9650\u5236\u5bf9\u5bf9\u8c61\u7684\u8bbf\u95ee\u3002\u654f\u611f\u5ea6\u6807\u7b7e\u4f1a\u81ea\u52a8\u9644\u52a0\u5230\u8fdb\u7a0b\u548c\u5bf9\u8c61\u3002\u4f7f\u7528\u8fd9\u4e9b\u6807\u7b7e\u5f3a\u5236\u5b9e\u65bd\u7684\u8bbf\u95ee\u63a7\u5236\u7b56\u7565\u6d3e\u751f\u81ea Bell-LaPadula \u6a21\u578b\u3002SELinux \u7c7b\u522b\u9644\u52a0\u5230\u865a\u62df\u673a\u53ca\u5176\u8d44\u6e90\u3002\u5982\u679c\u865a\u62df\u673a\u7684\u7c7b\u522b\u4e0e\u6240\u8bbf\u95ee\u8d44\u6e90\u7684\u7c7b\u522b\u76f8\u540c\uff0c\u5219\u4f7f\u7528\u8fd9\u4e9b\u7c7b\u522b\u5f3a\u5236\u5b9e\u65bd\u7684\u8bbf\u95ee\u63a7\u5236\u7b56\u7565\u5c06\u6388\u4e88\u865a\u62df\u673a\u5bf9\u8d44\u6e90\u7684\u8bbf\u95ee\u6743\u9650\u3002TOE \u5b9e\u73b0\u975e\u5206\u5c42\u7c7b\u522b\u6765\u63a7\u5236\u5bf9\u865a\u62df\u673a\u7684\u8bbf\u95ee\u3002 \u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236 \u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236 \uff08RBAC\uff09 \u5141\u8bb8\u89d2\u8272\u5206\u79bb\uff0c\u65e0\u9700\u5168\u80fd\u7684\u7cfb\u7edf\u7ba1\u7406\u5458\u3002 \u5bf9\u8c61\u91cd\u7528 \u6587\u4ef6\u7cfb\u7edf\u5bf9\u8c61\u3001\u5185\u5b58\u548c IPC \u5bf9\u8c61\u5728\u88ab\u5c5e\u4e8e\u5176\u4ed6\u7528\u6237\u7684\u8fdb\u7a0b\u91cd\u7528\u4e4b\u524d\u4f1a\u88ab\u6e05\u9664\u3002 \u5b89\u5168\u7ba1\u7406 \u7cfb\u7edf\u5b89\u5168\u5173\u952e\u53c2\u6570\u7684\u7ba1\u7406\u7531\u7ba1\u7406\u7528\u6237\u6267\u884c\u3002\u4e00\u7ec4\u9700\u8981 root \u6743\u9650\uff08\u6216\u4f7f\u7528 RBAC \u65f6\u9700\u8981\u7279\u5b9a\u89d2\u8272\uff09\u7684\u547d\u4ee4\u7528\u4e8e\u7cfb\u7edf\u7ba1\u7406\u3002\u5b89\u5168\u53c2\u6570\u5b58\u50a8\u5728\u7279\u5b9a\u6587\u4ef6\u4e2d\uff0c\u8fd9\u4e9b\u6587\u4ef6\u53d7\u7cfb\u7edf\u7684\u8bbf\u95ee\u63a7\u5236\u673a\u5236\u4fdd\u62a4\uff0c\u9632\u6b62\u975e\u7ba1\u7406\u7528\u6237\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002 \u5b89\u5168\u901a\u4fe1 \u7cfb\u7edf\u652f\u6301\u4f7f\u7528 SSH \u5b9a\u4e49\u53ef\u4fe1\u901a\u9053\u3002\u652f\u6301\u57fa\u4e8e\u5bc6\u7801\u7684\u8eab\u4efd\u9a8c\u8bc1\u3002\u5728\u8bc4\u4f30\u7684\u914d\u7f6e\u4e2d\uff0c\u8fd9\u4e9b\u534f\u8bae\u4ec5\u652f\u6301\u6709\u9650\u6570\u91cf\u7684\u5bc6\u7801\u5957\u4ef6\u3002 \u5b58\u50a8\u52a0\u5bc6 \u7cfb\u7edf\u652f\u6301\u52a0\u5bc6\u5757\u8bbe\u5907\uff0c\u901a\u8fc7 dm_crypt \u63d0\u4f9b\u5b58\u50a8\u673a\u5bc6\u6027\u3002 TSF \u4fdd\u62a4 \u5728\u8fd0\u884c\u65f6\uff0c\u5185\u6838\u8f6f\u4ef6\u548c\u6570\u636e\u53d7\u5230\u786c\u4ef6\u5185\u5b58\u4fdd\u62a4\u673a\u5236\u7684\u4fdd\u62a4\u3002\u5185\u6838\u7684\u5185\u5b58\u548c\u8fdb\u7a0b\u7ba1\u7406\u7ec4\u4ef6\u786e\u4fdd\u7528\u6237\u8fdb\u7a0b\u65e0\u6cd5\u8bbf\u95ee\u5185\u6838\u5b58\u50a8\u6216\u5c5e\u4e8e\u5176\u4ed6\u8fdb\u7a0b\u7684\u5b58\u50a8\u3002\u975e\u5185\u6838 TSF \u8f6f\u4ef6\u548c\u6570\u636e\u53d7 DAC \u548c\u8fdb\u7a0b\u9694\u79bb\u673a\u5236\u4fdd\u62a4\u3002\u5728\u8bc4\u4f30\u7684\u914d\u7f6e\u4e2d\uff0c\u4fdd\u7559\u7528\u6237 ID root \u62e5\u6709\u5b9a\u4e49 TSF \u914d\u7f6e\u7684\u76ee\u5f55\u548c\u6587\u4ef6\u3002\u901a\u5e38\uff0c\u5305\u542b\u5185\u90e8 TSF \u6570\u636e\u7684\u6587\u4ef6\u548c\u76ee\u5f55\uff08\u5982\u914d\u7f6e\u6587\u4ef6\u548c\u6279\u5904\u7406\u4f5c\u4e1a\u961f\u5217\uff09\u4e5f\u53d7\u5230 DAC \u6743\u9650\u7684\u4fdd\u62a4\uff0c\u4e0d\u4f1a\u88ab\u8bfb\u53d6\u3002\u7cfb\u7edf\u4ee5\u53ca\u786c\u4ef6\u548c\u56fa\u4ef6\u7ec4\u4ef6\u9700\u8981\u53d7\u5230\u7269\u7406\u4fdd\u62a4\uff0c\u4ee5\u9632\u6b62\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002\u7cfb\u7edf\u5185\u6838\u8c03\u89e3\u5bf9\u786c\u4ef6\u673a\u5236\u672c\u8eab\u7684\u6240\u6709\u8bbf\u95ee\uff0c\u4f46\u7a0b\u5e8f\u53ef\u89c1\u7684 CPU \u6307\u4ee4\u51fd\u6570\u9664\u5916\u3002\u6b64\u5916\uff0c\u8fd8\u63d0\u4f9b\u4e86\u9632\u6b62\u5806\u6808\u6ea2\u51fa\u653b\u51fb\u7684\u673a\u5236\u3002","title":"\u901a\u7528\u6807\u51c6"},{"location":"security/security-guide/#_142","text":"OpenStack \u4e2d\u63d0\u4f9b\u4e86\u591a\u79cd\u52a0\u5bc6\u7b97\u6cd5\uff0c\u7528\u4e8e\u8bc6\u522b\u548c\u6388\u6743\u3001\u6570\u636e\u4f20\u8f93\u548c\u9759\u6001\u6570\u636e\u4fdd\u62a4\u3002\u9009\u62e9\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u65f6\uff0c\u6211\u4eec\u5efa\u8bae\u91c7\u7528\u4ee5\u4e0b\u7b97\u6cd5\u548c\u5b9e\u73b0\u6807\u51c6\uff1a \u7b97\u6cd5 \u5bc6\u94a5\u957f\u5ea6 \u9884\u671f\u76ee\u7684 \u5b89\u5168\u529f\u80fd \u6267\u884c\u6807\u51c6 AES 128\u3001192 \u6216 256 \u4f4d \u52a0\u5bc6/\u89e3\u5bc6 \u53d7\u4fdd\u62a4\u7684\u6570\u636e\u4f20\u8f93\uff0c\u4fdd\u62a4\u9759\u6001\u6570\u636e RFC 4253 TDES 168 \u4f4d \u52a0\u5bc6/\u89e3\u5bc6 \u53d7\u4fdd\u62a4\u7684\u6570\u636e\u4f20\u8f93 RFC 4253 RSA 1024\u30012048 \u6216 3072 \u4f4d \u8eab\u4efd\u9a8c\u8bc1\u3001\u5bc6\u94a5\u4ea4\u6362 \u8bc6\u522b\u548c\u8eab\u4efd\u9a8c\u8bc1\uff0c\u53d7\u4fdd\u62a4\u7684\u6570\u636e\u4f20\u8f93 U.S. NIST FIPS PUB 186-3 DSA L=1024\uff0cN=160\u4f4d \u8eab\u4efd\u9a8c\u8bc1\u3001\u5bc6\u94a5\u4ea4\u6362 \u8bc6\u522b\u548c\u8eab\u4efd\u9a8c\u8bc1\uff0c\u53d7\u4fdd\u62a4\u7684\u6570\u636e\u4f20\u8f93 U.S. NIST FIPS PUB 186-3 Serpent 128\u3001192 \u6216 256 \u4f4d \u52a0\u5bc6/\u89e3\u5bc6 \u9759\u6001\u6570\u636e\u4fdd\u62a4 http://www.cl.cam.ac.uk/~rja14/Papers/serpent.pdf Twofish 128\u3001192 \u6216 256 \u4f4d \u52a0\u5bc6/\u89e3\u5bc6 \u9759\u6001\u6570\u636e\u4fdd\u62a4 https://www.schneier.com/paper-twofish-paper.html SHA-1 \u6d88\u606f\u6458\u8981 \u4fdd\u62a4\u9759\u6001\u6570\u636e\uff0c\u53d7\u4fdd\u62a4\u7684\u6570\u636e\u4f20\u8f93 U.S. NIST FIPS PUB 180-3 SHA-2\uff08224\u3001256\u3001384 \u6216 512 \u4f4d\uff09 \u6d88\u606f\u6458\u8981 Protection for data at rest, identification and authentication \u4fdd\u62a4\u9759\u6001\u6570\u636e\u3001\u8bc6\u522b\u548c\u8eab\u4efd\u9a8c\u8bc1 U.S. NIST FIPS PUB 180-3","title":"\u5bc6\u7801\u5b66\u6807\u51c6"},{"location":"security/security-guide/#fips-140-2","text":"\u5728\u7f8e\u56fd\uff0c\u7f8e\u56fd\u56fd\u5bb6\u79d1\u5b66\u6280\u672f\u7814\u7a76\u9662 \uff08NIST\uff09 \u901a\u8fc7\u79f0\u4e3a\u52a0\u5bc6\u6a21\u5757\u9a8c\u8bc1\u8ba1\u5212\u7684\u8fc7\u7a0b\u5bf9\u52a0\u5bc6\u7b97\u6cd5\u8fdb\u884c\u8ba4\u8bc1\u3002NIST \u8ba4\u8bc1\u7b97\u6cd5\u7b26\u5408\u8054\u90a6\u4fe1\u606f\u5904\u7406\u6807\u51c6 140-2 \uff08FIPS 140-2\uff09\uff0c\u786e\u4fdd\uff1a \"... Products validated as conforming to FIPS 140-2 are accepted by the Federal agencies of both countries [United States and Canada] for the protection of sensitive information (United States) or Designated Information (Canada). The goal of the CMVP is to promote the use of validated cryptographic modules and provide Federal agencies with a security metric to use in procuring equipment containing validated cryptographic modules.\" \u5728\u8bc4\u4f30\u57fa\u672c\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u6280\u672f\u65f6\uff0c\u8bf7\u8003\u8651\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u662f\u5426\u5df2\u901a\u8fc7 FIPS 140-2 \u8ba4\u8bc1\u3002\u6839\u636e\u7f8e\u56fd\u653f\u5e9c\u653f\u7b56\uff0c\u4e0d\u4ec5\u5f3a\u5236\u8981\u6c42\u7b26\u5408 FIPS 140-2\uff0c\u800c\u4e14\u6b63\u5f0f\u8ba4\u8bc1\u8868\u660e\u5df2\u5bf9\u52a0\u5bc6\u7b97\u6cd5\u7684\u7ed9\u5b9a\u5b9e\u73b0\u8fdb\u884c\u4e86\u5ba1\u67e5\uff0c\u4ee5\u786e\u4fdd\u7b26\u5408\u6a21\u5757\u89c4\u8303\u3001\u52a0\u5bc6\u6a21\u5757\u7aef\u53e3\u548c\u63a5\u53e3;\u89d2\u8272\u3001\u670d\u52a1\u548c\u8eab\u4efd\u9a8c\u8bc1;\u6709\u9650\u72b6\u6001\u6a21\u578b;\u4eba\u8eab\u5b89\u5168;\u64cd\u4f5c\u73af\u5883;\u52a0\u5bc6\u5bc6\u94a5\u7ba1\u7406;\u7535\u78c1\u5e72\u6270/\u7535\u78c1\u517c\u5bb9\u6027\uff08EMI/EMC\uff09;\u81ea\u68c0;\u8bbe\u8ba1\u4fdd\u8bc1;\u4ee5\u53ca\u7f13\u89e3\u5176\u4ed6\u653b\u51fb\u3002","title":"FIPS 140-2"},{"location":"security/security-guide/#_143","text":"\u5728\u8bc4\u4f30\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5e73\u53f0\u65f6\uff0c\u8bf7\u8003\u8651\u8fd0\u884c\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u7684\u786c\u4ef6\u7684\u53ef\u652f\u6301\u6027\u3002\u6b64\u5916\uff0c\u8bf7\u8003\u8651\u786c\u4ef6\u4e2d\u53ef\u7528\u7684\u5176\u4ed6\u529f\u80fd\uff0c\u4ee5\u53ca\u60a8\u5728 OpenStack \u90e8\u7f72\u4e2d\u9009\u62e9\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5982\u4f55\u652f\u6301\u8fd9\u4e9b\u529f\u80fd\u3002\u4e3a\u6b64\uff0c\u6bcf\u4e2a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u90fd\u6709\u81ea\u5df1\u7684\u786c\u4ef6\u517c\u5bb9\u6027\u5217\u8868 \uff08HCL\uff09\u3002\u5728\u9009\u62e9\u517c\u5bb9\u7684\u786c\u4ef6\u65f6\uff0c\u4ece\u5b89\u5168\u89d2\u5ea6\u6765\u770b\uff0c\u63d0\u524d\u4e86\u89e3\u54ea\u4e9b\u57fa\u4e8e\u786c\u4ef6\u7684\u865a\u62df\u5316\u6280\u672f\u662f\u91cd\u8981\u7684\uff0c\u8fd9\u4e00\u70b9\u5f88\u91cd\u8981\u3002 \u63cf\u8ff0 \u79d1\u6280 \u89e3\u91ca I/O MMU VT-d / AMD-Vi \u4fdd\u62a4 PCI \u76f4\u901a\u6240\u5fc5\u9700\u7684 \u82f1\u7279\u5c14\u53ef\u4fe1\u6267\u884c\u6280\u672f Intel TXT / SEM \u52a8\u6001\u8bc1\u660e\u670d\u52a1\u662f\u5fc5\u9700\u7684 PCI-SIG I/O \u865a\u62df\u5316 SR-IOV, MR-IOV, ATS \u9700\u8981\u5141\u8bb8\u5b89\u5168\u5171\u4eab PCI Express \u8bbe\u5907 \u7f51\u7edc\u865a\u62df\u5316 VT-c \u63d0\u9ad8\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e0a\u7684\u7f51\u7edc I/O \u6027\u80fd","title":"\u786c\u4ef6\u95ee\u9898"},{"location":"security/security-guide/#_144","text":"\u91cd\u8981\u7684\u662f\u8981\u8ba4\u8bc6\u5230\u4f7f\u7528 Linux \u5bb9\u5668 \uff08LXC\uff09 \u6216\u88f8\u673a\u7cfb\u7edf\u4e0e\u4f7f\u7528 KVM \u7b49\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e4b\u95f4\u7684\u533a\u522b\u3002\u5177\u4f53\u6765\u8bf4\uff0c\u672c\u5b89\u5168\u6307\u5357\u7684\u91cd\u70b9\u4e3b\u8981\u57fa\u4e8e\u62e5\u6709\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u548c\u865a\u62df\u5316\u5e73\u53f0\u3002\u4f46\u662f\uff0c\u5982\u679c\u60a8\u7684\u5b9e\u73b0\u9700\u8981\u4f7f\u7528\u88f8\u673a\u6216 LXC \u73af\u5883\uff0c\u5219\u5fc5\u987b\u6ce8\u610f\u8be5\u73af\u5883\u90e8\u7f72\u65b9\u9762\u7684\u7279\u6b8a\u5dee\u5f02\u3002 \u5728\u91cd\u65b0\u9884\u914d\u4e4b\u524d\uff0c\u8bf7\u786e\u4fdd\u6700\u7ec8\u7528\u6237\u5df2\u6b63\u786e\u6e05\u7406\u8282\u70b9\u7684\u6570\u636e\u3002\u6b64\u5916\uff0c\u5728\u91cd\u7528\u8282\u70b9\u4e4b\u524d\uff0c\u5fc5\u987b\u4fdd\u8bc1\u786c\u4ef6\u672a\u88ab\u7be1\u6539\u6216\u4ee5\u5176\u4ed6\u65b9\u5f0f\u53d7\u5230\u635f\u5bb3\u3002 \u6ce8\u610f \u867d\u7136OpenStack\u6709\u4e00\u4e2a\u88f8\u673a\u9879\u76ee\uff0c\u4f46\u5bf9\u8fd0\u884c\u88f8\u673a\u7684\u7279\u6b8a\u5b89\u5168\u5f71\u54cd\u7684\u8ba8\u8bba\u8d85\u51fa\u4e86\u672c\u4e66\u7684\u8303\u56f4\u3002 \u7531\u4e8e\u4e66\u672c\u51b2\u523a\u7684\u65f6\u95f4\u9650\u5236\uff0c\u8be5\u56e2\u961f\u9009\u62e9\u5728\u6211\u4eec\u7684\u793a\u4f8b\u5b9e\u73b0\u548c\u67b6\u6784\u4e2d\u4f7f\u7528 KVM \u4f5c\u4e3a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002 \u6ce8\u610f \u6709\u4e00\u4e2a\u5173\u4e8e\u5728\u8ba1\u7b97\u4e2d\u4f7f\u7528 LXC \u7684 OpenStack \u5b89\u5168\u8bf4\u660e\u3002","title":"\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e0e\u88f8\u673a"},{"location":"security/security-guide/#hypervisor","text":"\u8bb8\u591a\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u4f7f\u7528\u5185\u5b58\u4f18\u5316\u6280\u672f\u5c06\u5185\u5b58\u8fc7\u91cf\u4f7f\u7528\u5230\u6765\u5bbe\u865a\u62df\u673a\u3002\u8fd9\u662f\u4e00\u9879\u6709\u7528\u7684\u529f\u80fd\uff0c\u53ef\u7528\u4e8e\u90e8\u7f72\u975e\u5e38\u5bc6\u96c6\u7684\u8ba1\u7b97\u7fa4\u96c6\u3002\u5b9e\u73b0\u6b64\u76ee\u7684\u7684\u4e00\u79cd\u65b9\u6cd5\u662f\u901a\u8fc7\u91cd\u590d\u6570\u636e\u6d88\u9664\u6216\u5171\u4eab\u5185\u5b58\u9875\u3002\u5f53\u4e24\u4e2a\u865a\u62df\u673a\u5728\u5185\u5b58\u4e2d\u5177\u6709\u76f8\u540c\u7684\u6570\u636e\u65f6\uff0c\u8ba9\u5b83\u4eec\u5f15\u7528\u76f8\u540c\u7684\u5185\u5b58\u662f\u6709\u597d\u5904\u7684\u3002 \u901a\u5e38\uff0c\u8fd9\u662f\u901a\u8fc7\u5199\u5165\u65f6\u590d\u5236 \uff08COW\uff09 \u673a\u5236\u5b9e\u73b0\u7684\u3002\u8fd9\u4e9b\u673a\u5236\u5df2\u88ab\u8bc1\u660e\u5bb9\u6613\u53d7\u5230\u4fa7\u4fe1\u9053\u653b\u51fb\uff0c\u5176\u4e2d\u4e00\u4e2a VM \u53ef\u4ee5\u63a8\u65ad\u51fa\u53e6\u4e00\u4e2a VM \u7684\u72b6\u6001\uff0c\u5e76\u4e14\u53ef\u80fd\u4e0d\u9002\u7528\u4e8e\u5e76\u975e\u6240\u6709\u79df\u6237\u90fd\u53d7\u4fe1\u4efb\u6216\u5171\u4eab\u76f8\u540c\u4fe1\u4efb\u7ea7\u522b\u7684\u591a\u79df\u6237\u73af\u5883\u3002","title":"Hypervisor \u5185\u5b58\u4f18\u5316"},{"location":"security/security-guide/#kvm","text":"\u5728\u7248\u672c 2.6.32 \u4e2d\u5f15\u5165\u5230 Linux \u5185\u6838\u4e2d\uff0c\u5185\u6838\u76f8\u540c\u9875\u5408\u5e76 \uff08KSM\uff09 \u5728 Linux \u8fdb\u7a0b\u4e4b\u95f4\u6574\u5408\u4e86\u76f8\u540c\u7684\u5185\u5b58\u9875\u3002\u7531\u4e8e KVM \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e0b\u7684\u6bcf\u4e2a\u5ba2\u6237\u673a\u865a\u62df\u673a\u90fd\u5728\u81ea\u5df1\u7684\u8fdb\u7a0b\u4e2d\u8fd0\u884c\uff0c\u56e0\u6b64 KSM \u53ef\u7528\u4e8e\u4f18\u5316\u865a\u62df\u673a\u4e4b\u95f4\u7684\u5185\u5b58\u4f7f\u7528\u3002","title":"KVM \u5185\u6838\u540c\u9875\u5408\u5e76"},{"location":"security/security-guide/#xen","text":"XenServer 5.6 \u5305\u542b\u4e00\u4e2a\u540d\u4e3a\u900f\u660e\u9875\u9762\u5171\u4eab \uff08TPS\uff09 \u7684\u5185\u5b58\u8fc7\u91cf\u4f7f\u7528\u529f\u80fd\u3002TPS \u626b\u63cf 4 KB \u533a\u5757\u4e2d\u7684\u5185\u5b58\u4ee5\u67e5\u627e\u4efb\u4f55\u91cd\u590d\u9879\u3002\u627e\u5230\u540e\uff0cXen \u865a\u62df\u673a\u76d1\u89c6\u5668 \uff08VMM\uff09 \u5c06\u4e22\u5f03\u5176\u4e2d\u4e00\u4e2a\u91cd\u590d\u9879\uff0c\u5e76\u8bb0\u5f55\u7b2c\u4e8c\u4e2a\u526f\u672c\u7684\u5f15\u7528\u3002","title":"XEN \u900f\u660e\u9875\u9762\u5171\u4eab"},{"location":"security/security-guide/#_145","text":"\u4f20\u7edf\u4e0a\uff0c\u5185\u5b58\u91cd\u590d\u6570\u636e\u6d88\u9664\u7cfb\u7edf\u5bb9\u6613\u53d7\u5230\u4fa7\u4fe1\u9053\u653b\u51fb\u3002KSM \u548c TPS \u90fd\u5df2\u88ab\u8bc1\u660e\u5bb9\u6613\u53d7\u5230\u67d0\u79cd\u5f62\u5f0f\u7684\u653b\u51fb\u3002\u5728\u5b66\u672f\u7814\u7a76\u4e2d\uff0c\u653b\u51fb\u8005\u80fd\u591f\u901a\u8fc7\u5206\u6790\u653b\u51fb\u8005\u865a\u62df\u673a\u4e0a\u7684\u5185\u5b58\u8bbf\u95ee\u65f6\u95f4\u6765\u8bc6\u522b\u76f8\u90bb\u865a\u62df\u673a\u4e0a\u8fd0\u884c\u7684\u8f6f\u4ef6\u5305\u548c\u7248\u672c\uff0c\u4ee5\u53ca\u8f6f\u4ef6\u4e0b\u8f7d\u548c\u5176\u4ed6\u654f\u611f\u4fe1\u606f\u3002 \u5982\u679c\u4e91\u90e8\u7f72\u9700\u8981\u5f3a\u79df\u6237\u5206\u79bb\uff08\u5982\u516c\u6709\u4e91\u548c\u67d0\u4e9b\u79c1\u6709\u4e91\u7684\u60c5\u51b5\uff09\uff0c\u90e8\u7f72\u4eba\u5458\u5e94\u8003\u8651\u7981\u7528 TPS \u548c KSM \u5185\u5b58\u4f18\u5316\u3002","title":"\u5185\u5b58\u4f18\u5316\u7684\u5b89\u5168\u6ce8\u610f\u4e8b\u9879"},{"location":"security/security-guide/#_146","text":"\u9009\u62e9\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5e73\u53f0\u65f6\u8981\u8003\u8651\u7684\u53e6\u4e00\u4ef6\u4e8b\u662f\u7279\u5b9a\u5b89\u5168\u529f\u80fd\u7684\u53ef\u7528\u6027\u3002\u7279\u522b\u662f\u529f\u80fd\u3002\u4f8b\u5982\uff0cXen Server \u7684 XSM \u6216 Xen \u5b89\u5168\u6a21\u5757\u3001sVirt\u3001Intel TXT \u6216 AppArmor\u3002 \u4e0b\u8868\u6309\u5e38\u89c1\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5e73\u53f0\u5217\u51fa\u4e86\u8fd9\u4e9b\u529f\u80fd\u3002 XSM sVirt TXT AppArmor cgroups MAC \u7b56\u7565 KVM X X X X X Xen X X ESXi X Hyper-V \u6ce8\u610f \u6b64\u8868\u4e2d\u7684\u529f\u80fd\u53ef\u80fd\u4e0d\u9002\u7528\u4e8e\u6240\u6709\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\uff0c\u4e5f\u53ef\u80fd\u65e0\u6cd5\u5728\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e4b\u95f4\u76f4\u63a5\u6620\u5c04\u3002","title":"\u5176\u4ed6\u5b89\u5168\u529f\u80fd"},{"location":"security/security-guide/#_147","text":"Sunar\u3001Eisenbarth\u3001Inci\u3001Gorka Irazoqui Apecechea\u3002\u5bf9 Xen \u548c VMware \u8fdb\u884c\u7ec6\u7c92\u5ea6\u8de8\u865a\u62df\u673a\u653b\u51fb\u662f\u53ef\u80fd\u7684\uff012014\u3002 https://eprint.iacr.org/2014/248.pfd Artho\u3001Yagi\u3001Iijima\u3001Kuniyasu Suzaki\u3002\u5185\u5b58\u91cd\u590d\u6570\u636e\u5220\u9664\u5bf9\u5ba2\u6237\u673a\u64cd\u4f5c\u7cfb\u7edf\u7684\u5a01\u80c1\u30022011 \u5e74\u3002https://staff.aist.go.jp/c.artho/papers/EuroSec2011-suzaki.pdf KVM\uff1a\u57fa\u4e8e\u5185\u6838\u7684\u865a\u62df\u673a\u3002\u5185\u6838\u76f8\u540c\u9875\u5408\u5e76\u30022010\u3002http://www.linux-kvm.org/page/KSM Xen \u9879\u76ee\uff0cXen \u5b89\u5168\u6a21\u5757\uff1aXSM-FLASK\u30022014\u3002 http://wiki.xen.org/wiki/Xen_Security_Modules_:_XSM-FLASK SELinux \u9879\u76ee\uff0cSVirt\u30022011\u3002 http://selinuxproject.org/page/SVirt Intel.com\uff0c\u91c7\u7528\u82f1\u7279\u5c14\u53ef\u4fe1\u6267\u884c\u6280\u672f \uff08Intel TXT\uff09 \u7684\u53ef\u4fe1\u8ba1\u7b97\u6c60\u3002http://www.intel.com/txt AppArmor.net\uff0cAppArmor \u4e3b\u9875\u30022011\u3002 http://wiki.apparmor.net/index.php/Main_Page Kernel.org\uff0cCGroups\u30022004\u3002https://www.kernel.org/doc/Documentation/cgroup-v1/cgroups.txt \u8ba1\u7b97\u673a\u5b89\u5168\u8d44\u6e90\u4e2d\u5fc3\u3002\u5b8c\u6574\u865a\u62df\u5316\u6280\u672f\u5b89\u5168\u6307\u5357\u30022011\u3002 http://csrc.nist.gov/publications/nistpubs/800-125/SP800-125-final.pdf \u56fd\u5bb6\u4fe1\u606f\u4fdd\u969c\u4f19\u4f34\u5173\u7cfb\uff0c\u56fd\u5bb6\u5b89\u5168\u7535\u4fe1\u548c\u4fe1\u606f\u7cfb\u7edf\u5b89\u5168\u653f\u7b56\u30022003\u3002http://www.niap-ccevs.org/cc-scheme/nstissp_11_revised_factsheet.pdf","title":"\u53c2\u8003\u4e66\u76ee"},{"location":"security/security-guide/#_148","text":"\u5728\u672c\u7ae0\u7684\u5f00\u5934\uff0c\u6211\u4eec\u5c06\u8ba8\u8bba\u5b9e\u4f8b\u5bf9\u7269\u7406\u548c\u865a\u62df\u786c\u4ef6\u7684\u4f7f\u7528\u3001\u76f8\u5173\u7684\u5b89\u5168\u98ce\u9669\u4ee5\u53ca\u7f13\u89e3\u8fd9\u4e9b\u98ce\u9669\u7684\u4e00\u4e9b\u5efa\u8bae\u3002\u7136\u540e\uff0c\u6211\u4eec\u5c06\u8ba8\u8bba\u5982\u4f55\u4f7f\u7528\u5b89\u5168\u52a0\u5bc6\u865a\u62df\u5316\u6280\u672f\u6765\u52a0\u5bc6\u652f\u6301\u8be5\u6280\u672f\u7684\u57fa\u4e8e AMD \u7684\u673a\u5668\u4e0a\u7684\u865a\u62df\u673a\u7684\u5185\u5b58\u3002\u5728\u672c\u7ae0\u7684\u6700\u540e\uff0c\u6211\u4eec\u5c06\u8ba8\u8bba sVirt\uff0c\u8fd9\u662f\u4e00\u4e2a\u5f00\u6e90\u9879\u76ee\uff0c\u7528\u4e8e\u5c06 SELinux \u5f3a\u5236\u8bbf\u95ee\u63a7\u5236\u4e0e\u865a\u62df\u5316\u7ec4\u4ef6\u96c6\u6210\u3002","title":"\u52a0\u56fa\u865a\u62df\u5316\u5c42"},{"location":"security/security-guide/#pci","text":"\u8bb8\u591a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u90fd\u63d0\u4f9b\u4e00\u79cd\u79f0\u4e3a PCI \u76f4\u901a\u7684\u529f\u80fd\u3002\u8fd9\u5141\u8bb8\u5b9e\u4f8b\u76f4\u63a5\u8bbf\u95ee\u8282\u70b9\u4e0a\u7684\u786c\u4ef6\u3002\u4f8b\u5982\uff0c\u8fd9\u53ef\u7528\u4e8e\u5141\u8bb8\u5b9e\u4f8b\u8bbf\u95ee\u63d0\u4f9b\u8ba1\u7b97\u7edf\u4e00\u8bbe\u5907\u67b6\u6784 \uff08CUDA\uff09 \u4ee5\u5b9e\u73b0\u9ad8\u6027\u80fd\u8ba1\u7b97\u7684\u89c6\u9891\u5361\u6216 GPU\u3002\u6b64\u529f\u80fd\u5b58\u5728\u4e24\u79cd\u7c7b\u578b\u7684\u5b89\u5168\u98ce\u9669\uff1a\u76f4\u63a5\u5185\u5b58\u8bbf\u95ee\u548c\u786c\u4ef6\u611f\u67d3\u3002 \u76f4\u63a5\u5185\u5b58\u8bbf\u95ee \uff08DMA\uff09 \u662f\u4e00\u79cd\u529f\u80fd\uff0c\u5b83\u5141\u8bb8\u67d0\u4e9b\u786c\u4ef6\u8bbe\u5907\u8bbf\u95ee\u4e3b\u673a\u4e2d\u7684\u4efb\u610f\u7269\u7406\u5185\u5b58\u5730\u5740\u3002\u89c6\u9891\u5361\u901a\u5e38\u5177\u6709\u6b64\u529f\u80fd\u3002\u4f46\u662f\uff0c\u4e0d\u5e94\u5411\u5b9e\u4f8b\u6388\u4e88\u4efb\u610f\u7269\u7406\u5185\u5b58\u8bbf\u95ee\u6743\u9650\uff0c\u56e0\u4e3a\u8fd9\u5c06\u4f7f\u5176\u80fd\u591f\u5168\u9762\u4e86\u89e3\u4e3b\u673a\u7cfb\u7edf\u548c\u5728\u540c\u4e00\u8282\u70b9\u4e0a\u8fd0\u884c\u7684\u5176\u4ed6\u5b9e\u4f8b\u3002\u5728\u8fd9\u4e9b\u60c5\u51b5\u4e0b\uff0c\u786c\u4ef6\u4f9b\u5e94\u5546\u4f7f\u7528\u8f93\u5165/\u8f93\u51fa\u5185\u5b58\u7ba1\u7406\u5355\u5143 \uff08IOMMU\uff09 \u6765\u7ba1\u7406 DMA \u8bbf\u95ee\u3002\u6211\u4eec\u5efa\u8bae\u4e91\u67b6\u6784\u5e08\u5e94\u786e\u4fdd\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u914d\u7f6e\u4e3a\u4f7f\u7528\u6b64\u786c\u4ef6\u529f\u80fd\u3002 KVM: KVM\uff1a \u5982\u4f55\u5728 KVM \u4e2d\u4f7f\u7528 VT-d \u5206\u914d\u8bbe\u5907 Xen: Xen\uff1a Xen VTd Howto Xen VTd \u8d34\u58eb\u6307\u5357 \u6ce8\u610f IOMMU \u529f\u80fd\u7531 Intel \u4f5c\u4e3a VT-d \u9500\u552e\uff0c\u7531 AMD \u4ee5 AMD-Vi \u9500\u552e\u3002 \u5f53\u5b9e\u4f8b\u5bf9\u56fa\u4ef6\u6216\u8bbe\u5907\u7684\u67d0\u4e9b\u5176\u4ed6\u90e8\u5206\u8fdb\u884c\u6076\u610f\u4fee\u6539\u65f6\uff0c\u5c31\u4f1a\u53d1\u751f\u786c\u4ef6\u611f\u67d3\u3002\u7531\u4e8e\u6b64\u8bbe\u5907\u7531\u5176\u4ed6\u5b9e\u4f8b\u6216\u4e3b\u673a\u64cd\u4f5c\u7cfb\u7edf\u4f7f\u7528\uff0c\u56e0\u6b64\u6076\u610f\u4ee3\u7801\u53ef\u80fd\u4f1a\u4f20\u64ad\u5230\u8fd9\u4e9b\u7cfb\u7edf\u4e2d\u3002\u6700\u7ec8\u7ed3\u679c\u662f\uff0c\u4e00\u4e2a\u5b9e\u4f8b\u53ef\u4ee5\u5728\u5176\u5b89\u5168\u57df\u4e4b\u5916\u8fd0\u884c\u4ee3\u7801\u3002\u8fd9\u662f\u4e00\u4e2a\u91cd\u5927\u7684\u6f0f\u6d1e\uff0c\u56e0\u4e3a\u91cd\u7f6e\u7269\u7406\u786c\u4ef6\u7684\u72b6\u6001\u6bd4\u91cd\u7f6e\u865a\u62df\u786c\u4ef6\u66f4\u96be\uff0c\u5e76\u4e14\u53ef\u80fd\u5bfc\u81f4\u989d\u5916\u7684\u66b4\u9732\uff0c\u4f8b\u5982\u8bbf\u95ee\u7ba1\u7406\u7f51\u7edc\u3002 \u786c\u4ef6\u611f\u67d3\u95ee\u9898\u7684\u89e3\u51b3\u65b9\u6848\u662f\u7279\u5b9a\u4e8e\u57df\u7684\u3002\u8be5\u7b56\u7565\u662f\u786e\u5b9a\u5b9e\u4f8b\u5982\u4f55\u4fee\u6539\u786c\u4ef6\u72b6\u6001\uff0c\u7136\u540e\u786e\u5b9a\u5728\u4f7f\u7528\u786c\u4ef6\u5b8c\u6210\u5b9e\u4f8b\u65f6\u5982\u4f55\u91cd\u7f6e\u4efb\u4f55\u4fee\u6539\u3002\u4f8b\u5982\uff0c\u4e00\u79cd\u9009\u62e9\u53ef\u80fd\u662f\u5728\u4f7f\u7528\u540e\u91cd\u65b0\u5237\u65b0\u56fa\u4ef6\u3002\u9700\u8981\u5e73\u8861\u786c\u4ef6\u5bff\u547d\u548c\u5b89\u5168\u6027\uff0c\u56e0\u4e3a\u67d0\u4e9b\u56fa\u4ef6\u5728\u5927\u91cf\u5199\u5165\u540e\u4f1a\u51fa\u73b0\u6545\u969c\u3002\u5b89\u5168\u5f15\u5bfc\u4e2d\u6240\u8ff0\u7684 TPM \u6280\u672f\u662f\u4e00\u79cd\u7528\u4e8e\u68c0\u6d4b\u672a\u7ecf\u6388\u6743\u7684\u56fa\u4ef6\u66f4\u6539\u7684\u89e3\u51b3\u65b9\u6848\u3002\u65e0\u8bba\u9009\u62e9\u54ea\u79cd\u7b56\u7565\uff0c\u90fd\u5fc5\u987b\u4e86\u89e3\u4e0e\u6b64\u7c7b\u786c\u4ef6\u5171\u4eab\u76f8\u5173\u7684\u98ce\u9669\uff0c\u4ee5\u4fbf\u9488\u5bf9\u7ed9\u5b9a\u7684\u90e8\u7f72\u65b9\u6848\u9002\u5f53\u7f13\u89e3\u8fd9\u4e9b\u98ce\u9669\u3002 \u7531\u4e8e\u4e0e PCI \u76f4\u901a\u76f8\u5173\u7684\u98ce\u9669\u548c\u590d\u6742\u6027\uff0c\u9ed8\u8ba4\u60c5\u51b5\u4e0b\u5e94\u7981\u7528\u5b83\u3002\u5982\u679c\u4e3a\u7279\u5b9a\u9700\u6c42\u542f\u7528\uff0c\u5219\u9700\u8981\u5236\u5b9a\u9002\u5f53\u7684\u6d41\u7a0b\uff0c\u4ee5\u786e\u4fdd\u786c\u4ef6\u5728\u91cd\u65b0\u53d1\u884c\u4e4b\u524d\u662f\u5e72\u51c0\u7684\u3002","title":"\u7269\u7406\u786c\u4ef6\uff08PCI\u76f4\u901a\uff09"},{"location":"security/security-guide/#qemu","text":"\u8fd0\u884c\u865a\u62df\u673a\u65f6\uff0c\u865a\u62df\u786c\u4ef6\u662f\u4e3a\u865a\u62df\u673a\u63d0\u4f9b\u786c\u4ef6\u63a5\u53e3\u7684\u8f6f\u4ef6\u5c42\u3002\u5b9e\u4f8b\u4f7f\u7528\u6b64\u529f\u80fd\u63d0\u4f9b\u53ef\u80fd\u9700\u8981\u7684\u7f51\u7edc\u3001\u5b58\u50a8\u3001\u89c6\u9891\u548c\u5176\u4ed6\u8bbe\u5907\u3002\u8003\u8651\u5230\u8fd9\u4e00\u70b9\uff0c\u73af\u5883\u4e2d\u7684\u5927\u591a\u6570\u5b9e\u4f8b\u5c06\u4e13\u95e8\u4f7f\u7528\u865a\u62df\u786c\u4ef6\uff0c\u5c11\u6570\u5b9e\u4f8b\u9700\u8981\u76f4\u63a5\u786c\u4ef6\u8bbf\u95ee\u3002\u4e3b\u8981\u7684\u5f00\u6e90\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4f7f\u7528 QEMU \u6765\u5b9e\u73b0\u6b64\u529f\u80fd\u3002\u867d\u7136 QEMU \u6ee1\u8db3\u4e86\u5bf9\u865a\u62df\u5316\u5e73\u53f0\u7684\u91cd\u8981\u9700\u6c42\uff0c\u4f46\u5b83\u5df2\u88ab\u8bc1\u660e\u662f\u4e00\u4e2a\u975e\u5e38\u5177\u6709\u6311\u6218\u6027\u7684\u8f6f\u4ef6\u9879\u76ee\u3002QEMU \u4e2d\u7684\u8bb8\u591a\u529f\u80fd\u90fd\u662f\u901a\u8fc7\u5927\u591a\u6570\u5f00\u53d1\u4eba\u5458\u96be\u4ee5\u7406\u89e3\u7684\u4f4e\u7ea7\u4ee3\u7801\u5b9e\u73b0\u7684\u3002QEMU \u865a\u62df\u5316\u7684\u786c\u4ef6\u5305\u62ec\u8bb8\u591a\u4f20\u7edf\u8bbe\u5907\uff0c\u8fd9\u4e9b\u8bbe\u5907\u6709\u81ea\u5df1\u7684\u4e00\u5957\u602a\u7656\u3002\u7efc\u4e0a\u6240\u8ff0\uff0cQEMU \u4e00\u76f4\u662f\u8bb8\u591a\u5b89\u5168\u95ee\u9898\u7684\u6839\u6e90\uff0c\u5305\u62ec\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u7a81\u7834\u653b\u51fb\u3002 \u91c7\u53d6\u79ef\u6781\u4e3b\u52a8\u7684\u63aa\u65bd\u6765\u5f3a\u5316 QEMU \u975e\u5e38\u91cd\u8981\u3002\u6211\u4eec\u5efa\u8bae\u6267\u884c\u4e09\u4e2a\u5177\u4f53\u6b65\u9aa4\uff1a \u6700\u5c0f\u5316\u4ee3\u7801\u5e93\u3002 \u4f7f\u7528\u7f16\u8bd1\u5668\u5f3a\u5316\u3002 \u4f7f\u7528\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236\uff0c\u4f8b\u5982 sVirt\u3001SELinux \u6216 AppArmor\u3002 \u786e\u4fdd\u60a8\u7684 iptables \u5177\u6709\u8fc7\u6ee4\u7f51\u7edc\u6d41\u91cf\u7684\u9ed8\u8ba4\u7b56\u7565\uff0c\u5e76\u8003\u8651\u68c0\u67e5\u73b0\u6709\u89c4\u5219\u96c6\u4ee5\u4e86\u89e3\u6bcf\u4e2a\u89c4\u5219\u5e76\u786e\u5b9a\u662f\u5426\u9700\u8981\u6269\u5c55\u8be5\u7b56\u7565\u3002","title":"\u865a\u62df\u786c\u4ef6 \uff08QEMU\uff09"},{"location":"security/security-guide/#qemu_1","text":"\u6211\u4eec\u5efa\u8bae\u901a\u8fc7\u4ece\u7cfb\u7edf\u4e2d\u5220\u9664\u672a\u4f7f\u7528\u7684\u7ec4\u4ef6\u6765\u6700\u5c0f\u5316 QEMU \u4ee3\u7801\u5e93\u3002QEMU \u4e3a\u8bb8\u591a\u4e0d\u540c\u7684\u865a\u62df\u786c\u4ef6\u8bbe\u5907\u63d0\u4f9b\u652f\u6301\uff0c\u4f46\u7ed9\u5b9a\u5b9e\u4f8b\u53ea\u9700\u8981\u5c11\u91cf\u8bbe\u5907\u3002\u6700\u5e38\u89c1\u7684\u786c\u4ef6\u8bbe\u5907\u662f virtio \u8bbe\u5907\u3002\u67d0\u4e9b\u65e7\u5b9e\u4f8b\u5c06\u9700\u8981\u8bbf\u95ee\u7279\u5b9a\u786c\u4ef6\uff0c\u8fd9\u4e9b\u786c\u4ef6\u53ef\u4ee5\u4f7f\u7528 glance \u5143\u6570\u636e\u6307\u5b9a\uff1a $ glance image-update \\ --property hw_disk_bus=ide \\ --property hw_cdrom_bus=ide \\ --property hw_vif_model=e1000 \\ f16-x86_64-openstack-sda \u4e91\u67b6\u6784\u5e08\u5e94\u51b3\u5b9a\u5411\u4e91\u7528\u6237\u63d0\u4f9b\u54ea\u4e9b\u8bbe\u5907\u3002\u4efb\u4f55\u4e0d\u9700\u8981\u7684\u4e1c\u897f\u90fd\u5e94\u8be5\u4ece QEMU \u4e2d\u5220\u9664\u3002\u6b64\u6b65\u9aa4\u9700\u8981\u5728\u4fee\u6539\u4f20\u9012\u7ed9 QEMU \u914d\u7f6e\u811a\u672c\u7684\u9009\u9879\u540e\u91cd\u65b0\u7f16\u8bd1 QEMU\u3002\u8981\u83b7\u5f97\u6700\u65b0\u9009\u9879\u7684\u5b8c\u6574\u5217\u8868\uff0c\u53ea\u9700\u4ece QEMU \u6e90\u76ee\u5f55\u4e2d\u8fd0\u884c ./configure --help\u3002\u786e\u5b9a\u90e8\u7f72\u6240\u9700\u7684\u5185\u5bb9\uff0c\u5e76\u7981\u7528\u5176\u4f59\u9009\u9879\u3002","title":"\u6700\u5c0f\u5316 QEMU \u4ee3\u7801\u5e93"},{"location":"security/security-guide/#_149","text":"\u4f7f\u7528\u7f16\u8bd1\u5668\u5f3a\u5316\u9009\u9879\u5f3a\u5316 QEMU\u3002\u73b0\u4ee3\u7f16\u8bd1\u5668\u63d0\u4f9b\u4e86\u591a\u79cd\u7f16\u8bd1\u65f6\u9009\u9879\uff0c\u4ee5\u63d0\u9ad8\u751f\u6210\u7684\u4e8c\u8fdb\u5236\u6587\u4ef6\u7684\u5b89\u5168\u6027\u3002\u8fd9\u4e9b\u529f\u80fd\u5305\u62ec\u53ea\u8bfb\u91cd\u5b9a\u4f4d \uff08RELRO\uff09\u3001\u5806\u6808\u91d1\u4e1d\u96c0\u3001\u4ece\u4e0d\u6267\u884c \uff08NX\uff09\u3001\u4f4d\u7f6e\u65e0\u5173\u53ef\u6267\u884c\u6587\u4ef6 \uff08PIE\uff09 \u548c\u5730\u5740\u7a7a\u95f4\u5e03\u5c40\u968f\u673a\u5316 \uff08ASLR\uff09\u3002 \u8bb8\u591a\u73b0\u4ee3 Linux \u53d1\u884c\u7248\u5df2\u7ecf\u5728\u6784\u5efa\u542f\u7528\u7f16\u8bd1\u5668\u5f3a\u5316\u7684 QEMU\uff0c\u6211\u4eec\u5efa\u8bae\u5728\u7ee7\u7eed\u64cd\u4f5c\u4e4b\u524d\u9a8c\u8bc1\u73b0\u6709\u7684\u53ef\u6267\u884c\u6587\u4ef6\u3002\u53ef\u4ee5\u5e2e\u52a9\u60a8\u8fdb\u884c\u6b64\u9a8c\u8bc1\u7684\u4e00\u79cd\u5de5\u5177\u79f0\u4e3a checksec.sh RELocation \u53ea\u8bfb \uff08RELRO\uff09 \u5f3a\u5316\u53ef\u6267\u884c\u6587\u4ef6\u7684\u6570\u636e\u90e8\u5206\u3002gcc \u652f\u6301\u5b8c\u6574\u548c\u90e8\u5206 RELRO \u6a21\u5f0f\u3002\u5bf9\u4e8eQEMU\u6765\u8bf4\uff0c\u5b8c\u6574\u7684RELLO\u662f\u60a8\u7684\u6700\u4f73\u9009\u62e9\u3002\u8fd9\u5c06\u4f7f\u5168\u5c40\u504f\u79fb\u8868\u6210\u4e3a\u53ea\u8bfb\u7684\uff0c\u5e76\u5728\u751f\u6210\u7684\u53ef\u6267\u884c\u6587\u4ef6\u4e2d\u5c06\u5404\u79cd\u5185\u90e8\u6570\u636e\u90e8\u5206\u653e\u5728\u7a0b\u5e8f\u6570\u636e\u90e8\u5206\u4e4b\u524d\u3002 \u6808\u4fdd\u62a4 \u5c06\u503c\u653e\u5728\u5806\u6808\u4e0a\u5e76\u9a8c\u8bc1\u5176\u662f\u5426\u5b58\u5728\uff0c\u4ee5\u5e2e\u52a9\u9632\u6b62\u7f13\u51b2\u533a\u6ea2\u51fa\u653b\u51fb\u3002 \u4ece\u4e0d\u6267\u884c \uff08NX\uff09 \u4e5f\u79f0\u4e3a\u6570\u636e\u6267\u884c\u4fdd\u62a4 \uff08DEP\uff09\uff0c\u786e\u4fdd\u65e0\u6cd5\u6267\u884c\u53ef\u6267\u884c\u6587\u4ef6\u7684\u6570\u636e\u90e8\u5206\u3002 \u4f4d\u7f6e\u65e0\u5173\u53ef\u6267\u884c\u6587\u4ef6 \uff08PIE\uff09 \u751f\u6210\u4e00\u4e2a\u72ec\u7acb\u4e8e\u4f4d\u7f6e\u7684\u53ef\u6267\u884c\u6587\u4ef6\uff0c\u8fd9\u662f ASLR \u6240\u5fc5\u9700\u7684\u3002 \u5730\u5740\u7a7a\u95f4\u5e03\u5c40\u968f\u673a\u5316 \uff08ASLR\uff09 \u8fd9\u786e\u4fdd\u4e86\u4ee3\u7801\u548c\u6570\u636e\u533a\u57df\u7684\u653e\u7f6e\u90fd\u662f\u968f\u673a\u7684\u3002\u5f53\u4f7f\u7528 PIE \u6784\u5efa\u53ef\u6267\u884c\u6587\u4ef6\u65f6\uff0c\u7531\u5185\u6838\u542f\u7528\uff08\u6240\u6709\u73b0\u4ee3 Linux \u5185\u6838\u90fd\u652f\u6301 ASLR\uff09\u3002 \u7f16\u8bd1 QEMU \u65f6\uff0c\u5efa\u8bae\u5bf9 GCC \u4f7f\u7528\u4ee5\u4e0b\u7f16\u8bd1\u5668\u9009\u9879\uff1a CFLAGS=\"-arch x86_64 -fstack-protector-all -Wstack-protector \\ --param ssp-buffer-size=4 -pie -fPIE -ftrapv -D_FORTIFY_SOURCE=2 -O2 \\ -Wl,-z,relro,-z,now\" \u6211\u4eec\u5efa\u8bae\u5728\u7f16\u8bd1 QEMU \u53ef\u6267\u884c\u6587\u4ef6\u540e\u5bf9\u5176\u8fdb\u884c\u6d4b\u8bd5\uff0c\u4ee5\u786e\u4fdd\u7f16\u8bd1\u5668\u5f3a\u5316\u6b63\u5e38\u5de5\u4f5c\u3002 \u5927\u591a\u6570\u4e91\u90e8\u7f72\u4e0d\u4f1a\u624b\u52a8\u6784\u5efa\u8f6f\u4ef6\uff0c\u4f8b\u5982 QEMU\u3002\u6700\u597d\u4f7f\u7528\u6253\u5305\u6765\u786e\u4fdd\u8be5\u8fc7\u7a0b\u662f\u53ef\u91cd\u590d\u7684\uff0c\u5e76\u786e\u4fdd\u6700\u7ec8\u7ed3\u679c\u53ef\u4ee5\u8f7b\u677e\u5730\u90e8\u7f72\u5728\u6574\u4e2a\u4e91\u4e2d\u3002\u4e0b\u9762\u7684\u53c2\u8003\u8d44\u6599\u63d0\u4f9b\u4e86\u6709\u5173\u5c06\u7f16\u8bd1\u5668\u5f3a\u5316\u9009\u9879\u5e94\u7528\u4e8e\u73b0\u6709\u5305\u7684\u4e00\u4e9b\u5176\u4ed6\u8be6\u7ec6\u4fe1\u606f\u3002 DEB \u5c01\u88c5\uff1a \u786c\u5316\u6307\u5357 RPM \u5305\uff1a \u5982\u4f55\u521b\u5efa RPM \u5305","title":"\u7f16\u8bd1\u5668\u52a0\u56fa"},{"location":"security/security-guide/#_150","text":"\u5b89\u5168\u52a0\u5bc6\u865a\u62df\u5316 \uff08SEV\uff09 \u662f AMD \u7684\u4e00\u9879\u6280\u672f\uff0c\u5b83\u5141\u8bb8\u4f7f\u7528 VM \u552f\u4e00\u7684\u5bc6\u94a5\u5bf9 VM \u7684\u5185\u5b58\u8fdb\u884c\u52a0\u5bc6\u3002SEV \u5728 Train \u7248\u672c\u4e2d\u4f5c\u4e3a\u6280\u672f\u9884\u89c8\u7248\u63d0\u4f9b\uff0c\u5728\u67d0\u4e9b\u57fa\u4e8e AMD \u7684\u673a\u5668\u4e0a\u63d0\u4f9b KVM \u5ba2\u6237\u673a\uff0c\u7528\u4e8e\u8bc4\u4f30\u6280\u672f\u3002 nova \u914d\u7f6e\u6307\u5357\u7684 KVM \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u90e8\u5206\u5305\u542b\u914d\u7f6e\u8ba1\u7b97\u673a\u548c\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u6240\u9700\u7684\u4fe1\u606f\uff0c\u5e76\u5217\u51fa\u4e86 SEV \u7684\u51e0\u4e2a\u9650\u5236\u3002 SEV \u4e3a\u6b63\u5728\u8fd0\u884c\u7684 VM \u4f7f\u7528\u7684\u5185\u5b58\u4e2d\u7684\u6570\u636e\u63d0\u4f9b\u4fdd\u62a4\u3002\u4f46\u662f\uff0c\u867d\u7136 SEV \u4e0e OpenStack \u96c6\u6210\u7684\u7b2c\u4e00\u9636\u6bb5\u652f\u6301\u865a\u62df\u673a\u52a0\u5bc6\u5185\u5b58\uff0c\u4f46\u91cd\u8981\u7684\u662f\u5b83\u4e0d\u63d0\u4f9b SEV \u56fa\u4ef6\u63d0\u4f9b\u7684 LAUNCH_MEASURE or LAUNCH_SECRET \u529f\u80fd\u3002\u8fd9\u610f\u5473\u7740\u53d7 SEV \u4fdd\u62a4\u7684 VM \u4f7f\u7528\u7684\u6570\u636e\u53ef\u80fd\u4f1a\u53d7\u5230\u63a7\u5236\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u7684\u6709\u52a8\u673a\u7684\u5bf9\u624b\u7684\u653b\u51fb\u3002\u4f8b\u5982\uff0c\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u8ba1\u7b97\u673a\u4e0a\u7684\u6076\u610f\u7ba1\u7406\u5458\u53ef\u4ee5\u4e3a\u5177\u6709\u540e\u95e8\u548c\u95f4\u8c0d\u8f6f\u4ef6\u7684\u79df\u6237\u63d0\u4f9b VM \u6620\u50cf\uff0c\u8fd9\u4e9b\u540e\u95e8\u548c\u95f4\u8c0d\u8f6f\u4ef6\u80fd\u591f\u7a83\u53d6\u673a\u5bc6\uff0c\u6216\u8005\u66ff\u6362 VNC \u670d\u52a1\u5668\u8fdb\u7a0b\u4ee5\u7aa5\u63a2\u53d1\u9001\u5230 VM \u63a7\u5236\u53f0\u6216\u4ece VM \u63a7\u5236\u53f0\u53d1\u9001\u7684\u6570\u636e\uff0c\u5305\u62ec\u89e3\u9501\u5168\u78c1\u76d8\u52a0\u5bc6\u89e3\u51b3\u65b9\u6848\u7684\u5bc6\u7801\u3002 \u4e3a\u4e86\u51cf\u5c11\u6076\u610f\u7ba1\u7406\u5458\u672a\u7ecf\u6388\u6743\u8bbf\u95ee\u6570\u636e\u7684\u673a\u4f1a\uff0c\u4f7f\u7528 SEV \u65f6\u5e94\u9075\u5faa\u4ee5\u4e0b\u5b89\u5168\u505a\u6cd5\uff1a VM \u5e94\u4f7f\u7528\u5b8c\u6574\u78c1\u76d8\u52a0\u5bc6\u89e3\u51b3\u65b9\u6848\u3002 \u5e94\u5728 VM \u4e0a\u4f7f\u7528\u5f15\u5bfc\u52a0\u8f7d\u7a0b\u5e8f\u5bc6\u7801\u3002 \u6b64\u5916\uff0c\u5e94\u5c06\u6807\u51c6\u5b89\u5168\u6700\u4f73\u505a\u6cd5\u7528\u4e8e VM\uff0c\u5305\u62ec\u4ee5\u4e0b\u5185\u5bb9\uff1a VM \u5e94\u5f97\u5230\u826f\u597d\u7684\u7ef4\u62a4\uff0c\u5305\u62ec\u5b9a\u671f\u8fdb\u884c\u5b89\u5168\u626b\u63cf\u548c\u4fee\u8865\uff0c\u4ee5\u786e\u4fdd VM \u6301\u7eed\u4fdd\u6301\u5f3a\u5927\u7684\u5b89\u5168\u6001\u52bf\u3002 \u4e0e VM \u7684\u8fde\u63a5\u5e94\u4f7f\u7528\u52a0\u5bc6\u548c\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u534f\u8bae\uff0c\u4f8b\u5982 HTTPS \u548c SSH\u3002 \u5e94\u8003\u8651\u4f7f\u7528\u5176\u4ed6\u5b89\u5168\u5de5\u5177\u548c\u6d41\u7a0b\uff0c\u5e76\u5c06\u5176\u7528\u4e8e\u9002\u5408\u6570\u636e\u654f\u611f\u5ea6\u7ea7\u522b\u7684 VM\u3002","title":"\u5b89\u5168\u52a0\u5bc6\u865a\u62df\u5316"},{"location":"security/security-guide/#_151","text":"\u7f16\u8bd1\u5668\u52a0\u56fa\u4f7f\u653b\u51fb QEMU \u8fdb\u7a0b\u53d8\u5f97\u66f4\u52a0\u56f0\u96be\u3002\u4f46\u662f\uff0c\u5982\u679c\u653b\u51fb\u8005\u5f97\u901e\uff0c\u5219\u9700\u8981\u9650\u5236\u653b\u51fb\u7684\u5f71\u54cd\u3002\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236\u901a\u8fc7\u5c06 QEMU \u8fdb\u7a0b\u4e0a\u7684\u6743\u9650\u9650\u5236\u4e3a\u4ec5\u9700\u8981\u7684\u6743\u9650\u6765\u5b9e\u73b0\u6b64\u76ee\u7684\u3002\u8fd9\u53ef\u4ee5\u901a\u8fc7\u4f7f\u7528 sVirt\u3001SELinux \u6216 AppArmor \u6765\u5b9e\u73b0\u3002\u4f7f\u7528 sVirt \u65f6\uff0cSELinux \u914d\u7f6e\u4e3a\u5728\u5355\u72ec\u7684\u5b89\u5168\u4e0a\u4e0b\u6587\u4e0b\u8fd0\u884c\u6bcf\u4e2a QEMU \u8fdb\u7a0b\u3002AppArmor \u53ef\u4ee5\u914d\u7f6e\u4e3a\u63d0\u4f9b\u7c7b\u4f3c\u7684\u529f\u80fd\u3002\u6211\u4eec\u5728\u4ee5\u4e0b sVirt \u548c\u5b9e\u4f8b\u9694\u79bb\u90e8\u5206\u4e2d\u63d0\u4f9b\u4e86\u6709\u5173 sVirt \u548c\u5b9e\u4f8b\u9694\u79bb\u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff1aSELinux \u548c\u865a\u62df\u5316\u3002 \u7279\u5b9a\u7684 SELinux \u7b56\u7565\u53ef\u7528\u4e8e\u8bb8\u591a OpenStack \u670d\u52a1\u3002CentOS \u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u5b89\u88c5 selinux-policy \u6e90\u7801\u5305\u6765\u67e5\u770b\u8fd9\u4e9b\u7b56\u7565\u3002\u6700\u65b0\u7684\u7b56\u7565\u51fa\u73b0\u5728 Fedora \u7684 selinux-policy \u5b58\u50a8\u5e93\u4e2d\u3002rawhide-contrib \u5206\u652f\u5305\u542b\u4ee5 .te \u7ed3\u5c3e\u7684\u6587\u4ef6\uff0c\u4f8b\u5982 cinder.te \uff0c\u8fd9\u4e9b\u6587\u4ef6\u53ef\u4ee5\u5728\u8fd0\u884c SELinux \u7684\u7cfb\u7edf\u4e0a\u4f7f\u7528\u3002 OpenStack \u670d\u52a1\u7684 AppArmor \u914d\u7f6e\u6587\u4ef6\u5f53\u524d\u4e0d\u5b58\u5728\uff0c\u4f46 OpenStack-Ansible \u9879\u76ee\u901a\u8fc7\u5c06 AppArmor \u914d\u7f6e\u6587\u4ef6\u5e94\u7528\u4e8e\u8fd0\u884c OpenStack \u670d\u52a1\u7684\u6bcf\u4e2a\u5bb9\u5668\u6765\u5904\u7406\u6b64\u95ee\u9898\u3002","title":"\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236"},{"location":"security/security-guide/#svirtselinux","text":"\u51ed\u501f\u72ec\u7279\u7684\u5185\u6838\u7ea7\u67b6\u6784\u548c\u56fd\u5bb6\u5b89\u5168\u5c40 \uff08NSA\uff09 \u5f00\u53d1\u7684\u5b89\u5168\u673a\u5236\uff0cKVM \u4e3a\u591a\u79df\u6237\u63d0\u4f9b\u4e86\u57fa\u7840\u9694\u79bb\u6280\u672f\u3002\u5b89\u5168\u865a\u62df\u5316 \uff08sVirt\uff09 \u6280\u672f\u7684\u53d1\u5c55\u8d77\u6e90\u4e8e 2002 \u5e74\uff0c\u662f SELinux \u5bf9\u73b0\u4ee3\u865a\u62df\u5316\u7684\u5e94\u7528\u3002SELinux \u65e8\u5728\u5e94\u7528\u57fa\u4e8e\u6807\u7b7e\u7684\u5206\u79bb\u63a7\u5236\uff0c\u73b0\u5df2\u6269\u5c55\u4e3a\u5728\u865a\u62df\u673a\u8fdb\u7a0b\u3001\u8bbe\u5907\u3001\u6570\u636e\u6587\u4ef6\u548c\u4ee3\u8868\u5b83\u4eec\u6267\u884c\u64cd\u4f5c\u7684\u7cfb\u7edf\u8fdb\u7a0b\u4e4b\u95f4\u63d0\u4f9b\u9694\u79bb\u3002 OpenStack \u7684 sVirt \u5b9e\u73b0\u65e8\u5728\u4fdd\u62a4\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e3b\u673a\u548c\u865a\u62df\u673a\u514d\u53d7\u4e24\u4e2a\u4e3b\u8981\u5a01\u80c1\u5a92\u4ecb\u7684\u4fb5\u5bb3\uff1a \u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u5a01\u80c1 \u5728\u865a\u62df\u673a\u4e2d\u8fd0\u884c\u7684\u53d7\u635f\u5e94\u7528\u7a0b\u5e8f\u4f1a\u653b\u51fb\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u4ee5\u8bbf\u95ee\u5e95\u5c42\u8d44\u6e90\u3002\u4f8b\u5982\uff0c\u5f53\u865a\u62df\u673a\u80fd\u591f\u8bbf\u95ee\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u64cd\u4f5c\u7cfb\u7edf\u3001\u7269\u7406\u8bbe\u5907\u6216\u5176\u4ed6\u5e94\u7528\u7a0b\u5e8f\u65f6\u3002\u6b64\u5a01\u80c1\u5411\u91cf\u5b58\u5728\u76f8\u5f53\u5927\u7684\u98ce\u9669\uff0c\u56e0\u4e3a\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u4e0a\u7684\u5165\u4fb5\u53ef\u80fd\u4f1a\u611f\u67d3\u7269\u7406\u786c\u4ef6\u5e76\u66b4\u9732\u5176\u4ed6\u865a\u62df\u673a\u548c\u7f51\u6bb5\u3002 \u865a\u62df\u673a\uff08\u591a\u79df\u6237\uff09\u5a01\u80c1 \u5728 VM \u4e2d\u8fd0\u884c\u7684\u53d7\u635f\u5e94\u7528\u7a0b\u5e8f\u4f1a\u653b\u51fb\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\uff0c\u4ee5\u8bbf\u95ee\u6216\u63a7\u5236\u53e6\u4e00\u4e2a\u865a\u62df\u673a\u53ca\u5176\u8d44\u6e90\u3002\u8fd9\u662f\u865a\u62df\u5316\u7279\u6709\u7684\u5a01\u80c1\u5411\u91cf\uff0c\u5b58\u5728\u76f8\u5f53\u5927\u7684\u98ce\u9669\uff0c\u56e0\u4e3a\u5927\u91cf\u865a\u62df\u673a\u6587\u4ef6\u6620\u50cf\u53ef\u80fd\u56e0\u5355\u4e2a\u5e94\u7528\u7a0b\u5e8f\u4e2d\u7684\u6f0f\u6d1e\u800c\u53d7\u5230\u635f\u5bb3\u3002\u8fd9\u79cd\u865a\u62df\u7f51\u7edc\u653b\u51fb\u662f\u4e00\u4e2a\u4e3b\u8981\u95ee\u9898\uff0c\u56e0\u4e3a\u7528\u4e8e\u4fdd\u62a4\u771f\u5b9e\u7f51\u7edc\u7684\u7ba1\u7406\u6280\u672f\u5e76\u4e0d\u76f4\u63a5\u9002\u7528\u4e8e\u865a\u62df\u73af\u5883\u3002 \u6bcf\u4e2a\u57fa\u4e8e KVM \u7684\u865a\u62df\u673a\u90fd\u662f\u4e00\u4e2a\u7531 SELinux \u6807\u8bb0\u7684\u8fdb\u7a0b\uff0c\u4ece\u800c\u6709\u6548\u5730\u5728\u6bcf\u4e2a\u865a\u62df\u673a\u5468\u56f4\u5efa\u7acb\u5b89\u5168\u8fb9\u754c\u3002\u6b64\u5b89\u5168\u8fb9\u754c\u7531 Linux \u5185\u6838\u76d1\u89c6\u548c\u5f3a\u5236\u6267\u884c\uff0c\u4ece\u800c\u9650\u5236\u865a\u62df\u673a\u8bbf\u95ee\u5176\u8fb9\u754c\u4e4b\u5916\u7684\u8d44\u6e90\uff0c\u4f8b\u5982\u4e3b\u673a\u6570\u636e\u6587\u4ef6\u6216\u5176\u4ed6 VM\u3002 \u65e0\u8bba\u865a\u62df\u673a\u5185\u8fd0\u884c\u7684\u5ba2\u6237\u673a\u64cd\u4f5c\u7cfb\u7edf\u5982\u4f55\uff0c\u90fd\u4f1a\u63d0\u4f9b sVirt \u9694\u79bb\u3002\u53ef\u4ee5\u4f7f\u7528 Linux \u6216 Windows VM\u3002\u6b64\u5916\uff0c\u8bb8\u591a Linux \u53d1\u884c\u7248\u5728\u64cd\u4f5c\u7cfb\u7edf\u4e2d\u63d0\u4f9b SELinux\uff0c\u4f7f\u865a\u62df\u673a\u80fd\u591f\u4fdd\u62a4\u5185\u90e8\u865a\u62df\u8d44\u6e90\u514d\u53d7\u5a01\u80c1\u3002","title":"sVirt\uff1aSELinux \u548c\u865a\u62df\u5316"},{"location":"security/security-guide/#_152","text":"\u57fa\u4e8e KVM \u7684\u865a\u62df\u673a\u5b9e\u4f8b\u4f7f\u7528\u5176\u81ea\u5df1\u7684 SELinux \u6570\u636e\u7c7b\u578b\u8fdb\u884c\u6807\u8bb0\uff0c\u79f0\u4e3a svirt_image_t \u3002\u5185\u6838\u7ea7\u4fdd\u62a4\u53ef\u9632\u6b62\u672a\u7ecf\u6388\u6743\u7684\u7cfb\u7edf\u8fdb\u7a0b\uff08\u5982\u6076\u610f\u8f6f\u4ef6\uff09\u64cd\u7eb5\u78c1\u76d8\u4e0a\u7684\u865a\u62df\u673a\u6620\u50cf\u6587\u4ef6\u3002\u5173\u95ed\u865a\u62df\u673a\u7535\u6e90\u540e\uff0c\u6620\u50cf\u7684\u5b58\u50a8 svirt_image_t \u65b9\u5f0f\u5982\u4e0b\u6240\u793a\uff1a system_u:object_r:svirt_image_t:SystemLow image1 system_u:object_r:svirt_image_t:SystemLow image2 system_u:object_r:svirt_image_t:SystemLow image3 system_u:object_r:svirt_image_t:SystemLow image4 \u8be5 svirt_image_t \u6807\u7b7e\u552f\u4e00\u6807\u8bc6\u78c1\u76d8\u4e0a\u7684\u56fe\u50cf\u6587\u4ef6\uff0c\u5141\u8bb8 SELinux \u7b56\u7565\u9650\u5236\u8bbf\u95ee\u3002\u5f53\u57fa\u4e8e KVM \u7684\u8ba1\u7b97\u6620\u50cf\u901a\u7535\u65f6\uff0csVirt \u4f1a\u5c06\u968f\u673a\u6570\u5b57\u6807\u8bc6\u7b26\u9644\u52a0\u5230\u6620\u50cf\u4e2d\u3002sVirt \u80fd\u591f\u4e3a\u6bcf\u4e2a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u8282\u70b9\u6700\u591a\u5206\u914d 524,288 \u4e2a\u865a\u62df\u673a\u7684\u6570\u5b57\u6807\u8bc6\u7b26\uff0c\u4f46\u5927\u591a\u6570 OpenStack \u90e8\u7f72\u6781\u4e0d\u53ef\u80fd\u9047\u5230\u6b64\u9650\u5236\u3002 \u6b64\u793a\u4f8b\u663e\u793a\u4e86 sVirt \u7c7b\u522b\u6807\u8bc6\u7b26\uff1a system_u:object_r:svirt_image_t:s0:c87,c520 image1 system_u:object_r:svirt_image_t:s0:419,c172 image2","title":"\u6807\u7b7e\u548c\u7c7b\u522b"},{"location":"security/security-guide/#selinux","text":"SELinux \u7ba1\u7406\u7528\u6237\u89d2\u8272\u3002\u53ef\u4ee5\u901a\u8fc7 -Z \u6807\u5fd7\u6216\u4f7f\u7528 semanage \u547d\u4ee4\u67e5\u770b\u8fd9\u4e9b\u5185\u5bb9\u3002\u5728\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e0a\uff0c\u53ea\u6709\u7ba1\u7406\u5458\u624d\u80fd\u8bbf\u95ee\u7cfb\u7edf\uff0c\u5e76\u4e14\u5e94\u8be5\u56f4\u7ed5\u7ba1\u7406\u7528\u6237\u548c\u7cfb\u7edf\u4e0a\u7684\u4efb\u4f55\u5176\u4ed6\u7528\u6237\u5177\u6709\u9002\u5f53\u7684\u4e0a\u4e0b\u6587\u3002\u6709\u5173\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 SELinux \u7528\u6237\u6587\u6863\u3002","title":"SELinux \u7528\u6237\u548c\u89d2\u8272"},{"location":"security/security-guide/#_153","text":"\u4e3a\u4e86\u51cf\u8f7b\u7ba1\u7406 SELinux \u7684\u7ba1\u7406\u8d1f\u62c5\uff0c\u8bb8\u591a\u4f01\u4e1a Linux \u5e73\u53f0\u5229\u7528 SELinux \u5e03\u5c14\u503c\u6765\u5feb\u901f\u6539\u53d8 sVirt \u7684\u5b89\u5168\u6001\u52bf\u3002 \u57fa\u4e8e Red Hat Enterprise Linux \u7684 KVM \u90e8\u7f72\u4f7f\u7528\u4ee5\u4e0b sVirt \u5e03\u5c14\u503c\uff1a sVirt SELinux \u5e03\u5c14\u503c \u63cf\u8ff0 virt_use_common \u5141\u8bb8 virt \u4f7f\u7528\u4e32\u884c\u6216\u5e76\u884c\u901a\u4fe1\u7aef\u53e3\u3002 virt_use_fusefs \u5141\u8bb8 virt \u8bfb\u53d6 FUSE \u6302\u8f7d\u7684\u6587\u4ef6\u3002 virt_use_nfs \u5141\u8bb8 virt \u7ba1\u7406 NFS \u6302\u8f7d\u7684\u6587\u4ef6\u3002 virt_use_samba \u5141\u8bb8 virt \u7ba1\u7406 CIFS \u6302\u8f7d\u7684\u6587\u4ef6\u3002 virt_use_sanlock \u5141\u8bb8\u53d7\u9650\u7684\u865a\u62df\u8bbf\u5ba2\u4e0e sanlock \u4ea4\u4e92\u3002 virt_use_sysfs \u5141\u8bb8 virt \u7ba1\u7406\u8bbe\u5907\u914d\u7f6e \uff08PCI\uff09\u3002 virt_use_usb \u5141\u8bb8 virt \u4f7f\u7528 USB \u8bbe\u5907\u3002 virt_use_xserver \u5141\u8bb8\u865a\u62df\u673a\u4e0e X Window \u7cfb\u7edf\u4ea4\u4e92\u3002","title":"\u5e03\u5c14\u503c"},{"location":"security/security-guide/#_154","text":"\u4efb\u4f55OpenStack\u90e8\u7f72\u7684\u4e3b\u8981\u5b89\u5168\u95ee\u9898\u4e4b\u4e00\u662f\u56f4\u7ed5\u654f\u611f\u6587\u4ef6\uff08\u5982 nova.conf \u6587\u4ef6\uff09\u7684\u5b89\u5168\u6027\u548c\u63a7\u5236\u3002\u6b64\u914d\u7f6e\u6587\u4ef6\u901a\u5e38\u5305\u542b\u5728 /etc \u76ee\u5f55\u4e2d\uff0c\u5305\u542b\u8bb8\u591a\u654f\u611f\u9009\u9879\uff0c\u5305\u62ec\u914d\u7f6e\u8be6\u7ec6\u4fe1\u606f\u548c\u670d\u52a1\u5bc6\u7801\u3002\u5e94\u4e3a\u6240\u6709\u6b64\u7c7b\u654f\u611f\u6587\u4ef6\u6388\u4e88\u4e25\u683c\u7684\u6587\u4ef6\u7ea7\u6743\u9650\uff0c\u5e76\u901a\u8fc7\u6587\u4ef6\u5b8c\u6574\u6027\u76d1\u89c6 \uff08FIM\uff09 \u5de5\u5177\uff08\u5982 iNotify \u6216 Samhain\uff09\u76d1\u89c6\u66f4\u6539\u3002\u8fd9\u4e9b\u5b9e\u7528\u7a0b\u5e8f\u5c06\u83b7\u53d6\u5904\u4e8e\u5df2\u77e5\u826f\u597d\u72b6\u6001\u7684\u76ee\u6807\u6587\u4ef6\u7684\u54c8\u5e0c\u503c\uff0c\u7136\u540e\u5b9a\u671f\u83b7\u53d6\u8be5\u6587\u4ef6\u7684\u65b0\u54c8\u5e0c\u503c\uff0c\u5e76\u5c06\u5176\u4e0e\u5df2\u77e5\u826f\u597d\u7684\u54c8\u5e0c\u503c\u8fdb\u884c\u6bd4\u8f83\u3002\u5982\u679c\u53d1\u73b0\u8b66\u62a5\u88ab\u610f\u5916\u4fee\u6539\uff0c\u5219\u53ef\u4ee5\u521b\u5efa\u8b66\u62a5\u3002 \u53ef\u4ee5\u68c0\u67e5\u6587\u4ef6\u7684\u6743\u9650\uff0c\u6211\u79fb\u52a8\u5230\u6587\u4ef6\u6240\u5728\u7684\u76ee\u5f55\u5e76\u8fd0\u884c ls -lh \u547d\u4ee4\u3002\u8fd9\u5c06\u663e\u793a\u6709\u6743\u8bbf\u95ee\u6587\u4ef6\u7684\u6743\u9650\u3001\u6240\u6709\u8005\u548c\u7ec4\uff0c\u4ee5\u53ca\u5176\u4ed6\u4fe1\u606f\uff0c\u4f8b\u5982\u4e0a\u6b21\u4fee\u6539\u6587\u4ef6\u7684\u65f6\u95f4\u548c\u521b\u5efa\u65f6\u95f4\u3002 \u8be5 /var/lib/nova \u76ee\u5f55\u7528\u4e8e\u4fdd\u5b58\u6709\u5173\u7ed9\u5b9a\u8ba1\u7b97\u4e3b\u673a\u4e0a\u7684\u5b9e\u4f8b\u7684\u8be6\u7ec6\u4fe1\u606f\u3002\u6b64\u76ee\u5f55\u4e5f\u5e94\u88ab\u89c6\u4e3a\u654f\u611f\u76ee\u5f55\uff0c\u5e76\u5177\u6709\u4e25\u683c\u5f3a\u5236\u6267\u884c\u7684\u6587\u4ef6\u6743\u9650\u3002\u6b64\u5916\uff0c\u5e94\u5b9a\u671f\u5907\u4efd\u5b83\uff0c\u56e0\u4e3a\u5b83\u5305\u542b\u4e0e\u8be5\u4e3b\u673a\u5173\u8054\u7684\u5b9e\u4f8b\u7684\u4fe1\u606f\u548c\u5143\u6570\u636e\u3002 \u5982\u679c\u90e8\u7f72\u4e0d\u9700\u8981\u5b8c\u6574\u7684\u865a\u62df\u673a\u5907\u4efd\uff0c\u5efa\u8bae\u6392\u9664\u8be5 /var/lib/nova/instances \u76ee\u5f55\uff0c\u56e0\u4e3a\u5b83\u7684\u5927\u5c0f\u5c06\u4e0e\u8be5\u8282\u70b9\u4e0a\u8fd0\u884c\u7684\u6bcf\u4e2a VM \u7684\u603b\u7a7a\u95f4\u4e00\u6837\u5927\u3002\u5982\u679c\u90e8\u7f72\u786e\u5b9e\u9700\u8981\u5b8c\u6574 VM \u5907\u4efd\uff0c\u5219\u9700\u8981\u786e\u4fdd\u6210\u529f\u5907\u4efd\u6b64\u76ee\u5f55\u3002 \u76d1\u89c6\u662f IT \u57fa\u7840\u7ed3\u6784\u7684\u5173\u952e\u7ec4\u4ef6\uff0c\u6211\u4eec\u5efa\u8bae\u76d1\u89c6\u548c\u5206\u6790\u8ba1\u7b97\u65e5\u5fd7\u6587\u4ef6\uff0c\u4ee5\u4fbf\u53ef\u4ee5\u521b\u5efa\u6709\u610f\u4e49\u7684\u8b66\u62a5\u3002","title":"\u52a0\u56fa\u8ba1\u7b97\u90e8\u7f72"},{"location":"security/security-guide/#openstack_5","text":"\u6211\u4eec\u5efa\u8bae\u5728\u53d1\u5e03\u5b89\u5168\u95ee\u9898\u548c\u5efa\u8bae\u65f6\u53ca\u65f6\u4e86\u89e3\u5b83\u4eec\u3002OpenStack \u5b89\u5168\u95e8\u6237\u662f\u4e00\u4e2a\u4e2d\u592e\u95e8\u6237\uff0c\u53ef\u4ee5\u5728\u8fd9\u91cc\u534f\u8c03\u5efa\u8bae\u3001\u901a\u77e5\u3001\u4f1a\u8bae\u548c\u6d41\u7a0b\u3002\u6b64\u5916\uff0cOpenStack \u6f0f\u6d1e\u7ba1\u7406\u56e2\u961f \uff08VMT\uff09 \u95e8\u6237\u901a\u8fc7\u5c06 Bug \u6807\u8bb0\u4e3a\u201c\u6b64 bug \u662f\u5b89\u5168\u6f0f\u6d1e\u201d\u6765\u534f\u8c03 OpenStack \u9879\u76ee\u5185\u7684\u8865\u6551\u63aa\u65bd\uff0c\u4ee5\u53ca\u8c03\u67e5\u8d1f\u8d23\u4efb\u5730\uff08\u79c1\u4e0b\uff09\u5411 VMT \u62ab\u9732\u7684\u62a5\u544a bug \u7684\u8fc7\u7a0b\u3002VMT \u6d41\u7a0b\u9875\u9762\u4e2d\u6982\u8ff0\u4e86\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u5e76\u751f\u6210\u4e86 OpenStack \u5b89\u5168\u516c\u544a \uff08OSSA\uff09\u3002\u6b64 OSSA \u6982\u8ff0\u4e86\u95ee\u9898\u548c\u4fee\u590d\u7a0b\u5e8f\uff0c\u5e76\u94fe\u63a5\u5230\u539f\u59cb\u9519\u8bef\u548c\u8865\u4e01\u6258\u7ba1\u4f4d\u7f6e\u3002","title":"OpenStack \u6f0f\u6d1e\u7ba1\u7406\u56e2\u961f"},{"location":"security/security-guide/#openstack_6","text":"\u62a5\u544a\u7684\u5b89\u5168\u6f0f\u6d1e\u88ab\u53d1\u73b0\u662f\u914d\u7f6e\u9519\u8bef\u7684\u7ed3\u679c\uff0c\u6216\u8005\u4e0d\u662f\u4e25\u683c\u610f\u4e49\u4e0a\u7684 OpenStack \u7684\u4e00\u90e8\u5206\uff0c\u8fd9\u4e9b\u6f0f\u6d1e\u5c06\u88ab\u8d77\u8349\u5230 OpenStack \u5b89\u5168\u8bf4\u660e \uff08OSSN\uff09 \u4e2d\u3002\u8fd9\u4e9b\u95ee\u9898\u5305\u62ec\u914d\u7f6e\u95ee\u9898\uff0c\u4f8b\u5982\u786e\u4fdd\u8eab\u4efd\u63d0\u4f9b\u7a0b\u5e8f\u6620\u5c04\u4ee5\u53ca\u975e OpenStack\uff0c\u4f46\u5173\u952e\u95ee\u9898\uff08\u4f8b\u5982\u5f71\u54cd OpenStack \u4f7f\u7528\u7684\u5e73\u53f0\u7684 Bashbug/Ghost \u6216 Venom \u6f0f\u6d1e\uff09\u3002\u5f53\u524d\u7684 OSSN \u96c6\u4f4d\u4e8e\u5b89\u5168\u8bf4\u660e wiki \u4e2d\u3002","title":"OpenStack \u5b89\u5168\u6ce8\u610f\u4e8b\u9879"},{"location":"security/security-guide/#openstack-dev","text":"\u6240\u6709\u9519\u8bef\u3001OSSA \u548c OSSN \u90fd\u901a\u8fc7 openstack-discuss \u90ae\u4ef6\u5217\u8868\u516c\u5f00\u53d1\u5e03\uff0c\u4e3b\u9898\u884c\u4e2d\u5e26\u6709 [security] \u4e3b\u9898\u3002\u6211\u4eec\u5efa\u8bae\u8ba2\u9605\u6b64\u5217\u8868\u4ee5\u53ca\u90ae\u4ef6\u8fc7\u6ee4\u89c4\u5219\uff0c\u4ee5\u786e\u4fdd\u4e0d\u4f1a\u9057\u6f0f OSSN\u3001OSSA \u548c\u5176\u4ed6\u91cd\u8981\u516c\u544a\u3002openstack-discuss \u90ae\u4ef6\u5217\u8868\u901a\u8fc7 OpenStack Development Mailing List \u8fdb\u884c\u7ba1\u7406\u3002openstack-discuss \u4f7f\u7528\u300a\u9879\u76ee\u56e2\u961f\u6307\u5357\u300b\u4e2d\u5b9a\u4e49\u7684\u6807\u8bb0\u3002","title":"OpenStack-dev \u90ae\u4ef6\u5217\u8868"},{"location":"security/security-guide/#_155","text":"\u5728\u5b9e\u65bdOpenStack\u65f6\uff0c\u6838\u5fc3\u51b3\u7b56\u4e4b\u4e00\u662f\u4f7f\u7528\u54ea\u4e2a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002\u6211\u4eec\u5efa\u8bae\u60a8\u4e86\u89e3\u4e0e\u60a8\u9009\u62e9\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u76f8\u5173\u7684\u516c\u544a\u3002\u4ee5\u4e0b\u662f\u51e0\u4e2a\u5e38\u89c1\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5b89\u5168\u5217\u8868\uff1a Xen\uff1a http://xenbits.xen.org/xsa/ VMWare\uff1a http://blogs.vmware.com/security/ \u5176\u4ed6\uff08KVM \u7b49\uff09\uff1a http://seclists.org/oss-sec","title":"\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u90ae\u4ef6\u5217\u8868"},{"location":"security/security-guide/#_156","text":"","title":"\u6f0f\u6d1e\u610f\u8bc6"},{"location":"security/security-guide/#openstack_7","text":"\u6211\u4eec\u5efa\u8bae\u5728\u53d1\u5e03\u5b89\u5168\u95ee\u9898\u548c\u5efa\u8bae\u65f6\u53ca\u65f6\u4e86\u89e3\u5b83\u4eec\u3002OpenStack \u5b89\u5168\u95e8\u6237\u662f\u4e00\u4e2a\u4e2d\u592e\u95e8\u6237\uff0c\u53ef\u4ee5\u5728\u8fd9\u91cc\u534f\u8c03\u5efa\u8bae\u3001\u901a\u77e5\u3001\u4f1a\u8bae\u548c\u6d41\u7a0b\u3002\u6b64\u5916\uff0cOpenStack \u6f0f\u6d1e\u7ba1\u7406\u56e2\u961f \uff08VMT\uff09 \u95e8\u6237\u534f\u8c03 OpenStack \u5185\u90e8\u7684\u8865\u6551\u63aa\u65bd\uff0c\u4ee5\u53ca\u8c03\u67e5\u8d1f\u8d23\u4efb\u5730\uff08\u79c1\u4e0b\uff09\u5411 VMT \u62ab\u9732\u7684\u62a5\u544a\u9519\u8bef\u7684\u8fc7\u7a0b\uff0c\u65b9\u6cd5\u662f\u5c06\u9519\u8bef\u6807\u8bb0\u4e3a\u201c\u6b64\u9519\u8bef\u662f\u5b89\u5168\u6f0f\u6d1e\u201d\u3002VMT \u6d41\u7a0b\u9875\u9762\u4e2d\u6982\u8ff0\u4e86\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u5e76\u751f\u6210\u4e86 OpenStack \u5b89\u5168\u516c\u544a \uff08OSSA\uff09\u3002\u6b64 OSSA \u6982\u8ff0\u4e86\u95ee\u9898\u548c\u4fee\u590d\u7a0b\u5e8f\uff0c\u5e76\u94fe\u63a5\u5230\u539f\u59cb\u9519\u8bef\u548c\u8865\u4e01\u6258\u7ba1\u4f4d\u7f6e\u3002","title":"OpenStack \u6f0f\u6d1e\u7ba1\u7406\u56e2\u961f"},{"location":"security/security-guide/#openstack_8","text":"\u62a5\u544a\u7684\u5b89\u5168\u6f0f\u6d1e\u88ab\u53d1\u73b0\u662f\u914d\u7f6e\u9519\u8bef\u7684\u7ed3\u679c\uff0c\u6216\u8005\u4e0d\u662f\u4e25\u683c\u610f\u4e49\u4e0a\u7684 OpenStack \u7684\u4e00\u90e8\u5206\uff0c\u5c06\u88ab\u8d77\u8349\u5230 OpenStack \u5b89\u5168\u8bf4\u660e \uff08OSSN\uff09 \u4e2d\u3002\u8fd9\u4e9b\u95ee\u9898\u5305\u62ec\u914d\u7f6e\u95ee\u9898\uff0c\u4f8b\u5982\u786e\u4fdd\u8eab\u4efd\u63d0\u4f9b\u5546\u6620\u5c04\uff0c\u4ee5\u53ca\u975e OpenStack \u4f46\u5173\u952e\u7684\u95ee\u9898\uff0c\u4f8b\u5982\u5f71\u54cd OpenStack \u4f7f\u7528\u7684\u5e73\u53f0\u7684 Bashbug/Ghost \u6216 Venom \u6f0f\u6d1e\u3002\u5f53\u524d\u7684 OSSN \u96c6\u4f4d\u4e8e\u5b89\u5168\u8bf4\u660e wiki \u4e2d\u3002","title":"OpenStack \u5b89\u5168\u6ce8\u610f\u4e8b\u9879"},{"location":"security/security-guide/#openstack-discuss","text":"\u6240\u6709 bug\u3001OSSA \u548c OSSN \u90fd\u901a\u8fc7 openstack-discuss \u90ae\u4ef6\u5217\u8868\u516c\u5f00\u53d1\u5e03\uff0c\u4e3b\u9898\u884c\u4e2d\u5305\u542b [security] \u4e3b\u9898\u3002\u6211\u4eec\u5efa\u8bae\u8ba2\u9605\u6b64\u5217\u8868\u4ee5\u53ca\u90ae\u4ef6\u8fc7\u6ee4\u89c4\u5219\uff0c\u4ee5\u786e\u4fdd\u4e0d\u4f1a\u9057\u6f0f OSSN\u3001OSSA \u548c\u5176\u4ed6\u91cd\u8981\u516c\u544a\u3002openstack-discuss \u90ae\u4ef6\u5217\u8868\u901a\u8fc7 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-discuss \u8fdb\u884c\u7ba1\u7406\u3002openstack-discuss \u4f7f\u7528\u300a\u9879\u76ee\u56e2\u961f\u6307\u5357\u300b\u4e2d\u5b9a\u4e49\u7684\u6807\u8bb0\u3002","title":"OpenStack-discuss \u90ae\u4ef6\u5217\u8868"},{"location":"security/security-guide/#_157","text":"\u5728\u5b9e\u65bdOpenStack\u65f6\uff0c\u6838\u5fc3\u51b3\u7b56\u4e4b\u4e00\u662f\u4f7f\u7528\u54ea\u4e2a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002\u6211\u4eec\u5efa\u8bae\u60a8\u4e86\u89e3\u4e0e\u60a8\u9009\u62e9\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u76f8\u5173\u7684\u516c\u544a\u3002\u4ee5\u4e0b\u662f\u51e0\u4e2a\u5e38\u89c1\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5b89\u5168\u5217\u8868\uff1a Xen\uff1a http://xenbits.xen.org/xsa/ VMWare\uff1a http://blogs.vmware.com/security/ \u5176\u4ed6\uff08KVM \u7b49\uff09\uff1a http://seclists.org/oss-sec","title":"\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u90ae\u4ef6\u5217\u8868"},{"location":"security/security-guide/#_158","text":"\u4e91\u67b6\u6784\u5e08\u9700\u8981\u505a\u51fa\u7684\u6709\u5173\u8ba1\u7b97\u670d\u52a1\u914d\u7f6e\u7684\u4e00\u4e2a\u51b3\u5b9a\u662f\u4f7f\u7528 VNC \u8fd8\u662f SPICE\u3002","title":"\u5982\u4f55\u9009\u62e9\u865a\u62df\u63a7\u5236\u53f0"},{"location":"security/security-guide/#vnc","text":"OpenStack \u53ef\u4ee5\u914d\u7f6e\u4e3a\u4f7f\u7528\u865a\u62df\u7f51\u7edc\u8ba1\u7b97\u673a \uff08VNC\uff09 \u534f\u8bae\u4e3a\u79df\u6237\u548c\u7ba1\u7406\u5458\u63d0\u4f9b\u5bf9\u5b9e\u4f8b\u7684\u8fdc\u7a0b\u684c\u9762\u63a7\u5236\u53f0\u8bbf\u95ee\u3002","title":"\u865a\u62df\u7f51\u7edc\u8ba1\u7b97\u673a \uff08VNC\uff09"},{"location":"security/security-guide/#_159","text":"OpenStack Dashboard \uff08horizon\uff09 \u53ef\u4ee5\u4f7f\u7528 HTML5 noVNC \u5ba2\u6237\u7aef\u76f4\u63a5\u5728\u7f51\u9875\u4e0a\u4e3a\u5b9e\u4f8b\u63d0\u4f9b VNC \u63a7\u5236\u53f0\u3002\u8fd9\u8981\u6c42 nova-novncproxy \u670d\u52a1\u4ece\u516c\u7528\u7f51\u7edc\u6865\u63a5\u5230\u7ba1\u7406\u7f51\u7edc\u3002 nova \u547d\u4ee4\u884c\u5b9e\u7528\u7a0b\u5e8f\u53ef\u4ee5\u8fd4\u56de VNC \u63a7\u5236\u53f0\u7684 URL\uff0c\u4ee5\u4f9b nova Java VNC \u5ba2\u6237\u7aef\u8bbf\u95ee\u3002\u8fd9\u8981\u6c42 nova-xvpvncproxy \u670d\u52a1\u4ece\u516c\u7528\u7f51\u7edc\u6865\u63a5\u5230\u7ba1\u7406\u7f51\u7edc\u3002","title":"\u529f\u80fd"},{"location":"security/security-guide/#_160","text":"\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c nova-novncproxy \u548c nova-xvpvncproxy \u670d\u52a1\u4f1a\u6253\u5f00\u7ecf\u8fc7\u4ee4\u724c\u8eab\u4efd\u9a8c\u8bc1\u7684\u9762\u5411\u516c\u4f17\u7684\u7aef\u53e3\u3002 \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u8fdc\u7a0b\u684c\u9762\u6d41\u91cf\u672a\u52a0\u5bc6\u3002\u53ef\u4ee5\u542f\u7528 TLS \u6765\u52a0\u5bc6 VNC \u6d41\u91cf\u3002\u8bf7\u53c2\u9605 TLS \u548c SSL \u7b80\u4ecb\u4ee5\u83b7\u53d6\u9002\u5f53\u7684\u5efa\u8bae\u3002","title":"\u5b89\u5168\u6ce8\u610f\u4e8b\u9879"},{"location":"security/security-guide/#_161","text":"blog.malchuk.ru, OpenStack VNC Security. 2013. Secure Connections to VNC ports blog.malchuk.ru\uff0cOpenStack VNC \u5b89\u5168\u6027\u30022013. \u4e0e VNC \u7aef\u53e3\u7684\u5b89\u5168\u8fde\u63a5 OpenStack Mailing List, [OpenStack] nova-novnc SSL configuration - Havana. 2014. OpenStack nova-novnc SSL Configuration OpenStack \u90ae\u4ef6\u5217\u8868\uff0c[OpenStack] nova-novnc SSL \u914d\u7f6e - \u54c8\u74e6\u90a3\u30022014. OpenStack nova-novnc SSL\u914d\u7f6e Redhat.com/solutions\uff0c\u5728 OpenStack \u4e2d\u4f7f\u7528 SSL \u52a0\u5bc6 nova-novacproxy\u30022014. OpenStack nova-novncproxy SSL\u52a0\u5bc6","title":"\u53c2\u8003\u4e66\u76ee"},{"location":"security/security-guide/#spice","text":"\u4f5c\u4e3a VNC \u7684\u66ff\u4ee3\u65b9\u6848\uff0cOpenStack \u4f7f\u7528\u72ec\u7acb\u8ba1\u7b97\u73af\u5883\u7684\u7b80\u5355\u534f\u8bae \uff08SPICE\uff09 \u534f\u8bae\u63d0\u4f9b\u5bf9\u5ba2\u6237\u673a\u865a\u62df\u673a\u7684\u8fdc\u7a0b\u684c\u9762\u8bbf\u95ee\u3002","title":"\u72ec\u7acb\u8ba1\u7b97\u73af\u5883\u7684\u7b80\u5355\u534f\u8bae \uff08SPICE\uff09"},{"location":"security/security-guide/#_162","text":"OpenStack Dashboard \uff08horizon\uff09 \u76f4\u63a5\u5728\u5b9e\u4f8b\u7f51\u9875\u4e0a\u652f\u6301 SPICE\u3002\u8fd9\u9700\u8981\u670d\u52a1 nova-spicehtml5proxy \u3002 nova \u547d\u4ee4\u884c\u5b9e\u7528\u7a0b\u5e8f\u53ef\u4ee5\u8fd4\u56de SPICE \u63a7\u5236\u53f0\u7684 URL\uff0c\u4ee5\u4f9b SPICE-html \u5ba2\u6237\u7aef\u8bbf\u95ee\u3002","title":"\u529f\u80fd"},{"location":"security/security-guide/#_163","text":"\u5c3d\u7ba1 SPICE \u4e0e VNC \u76f8\u6bd4\u5177\u6709\u8bb8\u591a\u4f18\u52bf\uff0c\u4f46 spice-html5 \u6d4f\u89c8\u5668\u96c6\u6210\u76ee\u524d\u4e0d\u5141\u8bb8\u7ba1\u7406\u5458\u5229\u7528\u8fd9\u4e9b\u4f18\u52bf\u3002\u4e3a\u4e86\u5229\u7528 \u591a\u663e\u793a\u5668\u3001USB \u76f4\u901a\u7b49 SPICE \u529f\u80fd\uff0c\u6211\u4eec\u5efa\u8bae\u7ba1\u7406\u5458\u5728\u7ba1\u7406\u7f51\u7edc\u4e2d\u4f7f\u7528\u72ec\u7acb\u7684 SPICE \u5ba2\u6237\u7aef\u3002","title":"\u9650\u5236"},{"location":"security/security-guide/#_164","text":"\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u8be5 nova-spicehtml5proxy \u670d\u52a1\u4f1a\u6253\u5f00\u7ecf\u8fc7\u4ee4\u724c\u8eab\u4efd\u9a8c\u8bc1\u7684\u9762\u5411\u516c\u4f17\u7684\u7aef\u53e3\u3002 \u529f\u80fd\u548c\u96c6\u6210\u4ecd\u5728\u4e0d\u65ad\u53d1\u5c55\u3002\u6211\u4eec\u5c06\u5728\u4e0b\u4e00\u4e2a\u7248\u672c\u4e2d\u8bbf\u95ee\u8fd9\u4e9b\u529f\u80fd\u5e76\u63d0\u51fa\u5efa\u8bae\u3002 \u4e0e VNC \u7684\u60c5\u51b5\u4e00\u6837\uff0c\u76ee\u524d\u6211\u4eec\u5efa\u8bae\u4ece\u7ba1\u7406\u7f51\u7edc\u4f7f\u7528 SPICE\uff0c\u6b64\u5916\u8fd8\u9650\u5236\u4f7f\u7528\u5c11\u6570\u4eba\u3002","title":"\u5b89\u5168\u6ce8\u610f\u4e8b\u9879"},{"location":"security/security-guide/#_165","text":"OpenStack \u7ba1\u7406\u5458\u6307\u5357\u3002SPICE\u63a7\u5236\u53f0\u3002SPICE\u63a7\u5236\u53f0\u3002 bugzilla.redhat.com\uff0c Bug 913607 - RFE\uff1a \u652f\u6301\u901a\u8fc7 websockets \u96a7\u9053\u4f20\u8f93 SPICE\u30022013. RedHat \u9519\u8bef913607\u3002","title":"\u53c2\u8003\u4e66\u76ee"},{"location":"security/security-guide/#_166","text":"","title":"\u68c0\u67e5\u8868"},{"location":"security/security-guide/#check-compute-01-rootnova","text":"\u914d\u7f6e\u6587\u4ef6\u5305\u542b\u7ec4\u4ef6\u5e73\u7a33\u8fd0\u884c\u6240\u9700\u7684\u5173\u952e\u53c2\u6570\u548c\u4fe1\u606f\u3002\u5982\u679c\u975e\u7279\u6743\u7528\u6237\u6709\u610f\u6216\u65e0\u610f\u5730\u4fee\u6539\u6216\u5220\u9664\u4efb\u4f55\u53c2\u6570\u6216\u6587\u4ef6\u672c\u8eab\uff0c\u5219\u4f1a\u5bfc\u81f4\u4e25\u91cd\u7684\u53ef\u7528\u6027\u95ee\u9898\uff0c\u4ece\u800c\u5bfc\u81f4\u62d2\u7edd\u5411\u5176\u4ed6\u6700\u7ec8\u7528\u6237\u63d0\u4f9b\u670d\u52a1\u3002\u6b64\u7c7b\u5173\u952e\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a nova \uff0c root \u5e76\u4e14\u7ec4\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a \u3002\u6b64\u5916\uff0c\u5305\u542b\u76ee\u5f55\u5e94\u5177\u6709\u76f8\u540c\u7684\u6240\u6709\u6743\uff0c\u4ee5\u786e\u4fdd\u6b63\u786e\u62e5\u6709\u65b0\u6587\u4ef6\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%U %G\" /etc/nova/nova.conf | egrep \"root nova\" $ stat -L -c \"%U %G\" /etc/nova/api-paste.ini | egrep \"root nova\" $ stat -L -c \"%U %G\" /etc/nova/policy.json | egrep \"root nova\" $ stat -L -c \"%U %G\" /etc/nova/rootwrap.conf | egrep \"root nova\" $ stat -L -c \"%U %G\" /etc/nova | egrep \"root nova\" \u901a\u8fc7\uff1a\u5982\u679c\u6240\u6709\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u5206\u522b\u8bbe\u7f6e\u4e3a root \u548c nova \u3002\u4e0a\u8ff0\u547d\u4ee4\u663e\u793a \u7684 root nova \u8f93\u51fa\u3002 \u5931\u8d25\uff1a\u5982\u679c\u4e0a\u8ff0\u547d\u4ee4\u672a\u8fd4\u56de\u4efb\u4f55\u8f93\u51fa\uff0c\u5219\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u53ef\u80fd\u5df2\u8bbe\u7f6e\u4e3a\u9664 \u4ee5\u5916\u7684\u4efb\u4f55\u7528\u6237\u6216\u9664 nova \u4ee5\u5916\u7684 root \u4efb\u4f55\u7ec4\u3002 \u63a8\u8350\u4e8e\uff1a\u8ba1\u7b97\u3002","title":"Check-Compute-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/nova\uff1f"},{"location":"security/security-guide/#check-compute-02","text":"\u4e0e\u524d\u9762\u7684\u68c0\u67e5\u7c7b\u4f3c\uff0c\u6211\u4eec\u5efa\u8bae\u4e3a\u6b64\u7c7b\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e25\u683c\u7684\u8bbf\u95ee\u6743\u9650\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%a\" /etc/nova/nova.conf $ stat -L -c \"%a\" /etc/nova/api-paste.ini $ stat -L -c \"%a\" /etc/nova/policy.json $ stat -L -c \"%a\" /etc/nova/rootwrap.conf \u8fd8\u53ef\u4ee5\u8fdb\u884c\u66f4\u5e7f\u6cdb\u7684\u9650\u5236\uff1a\u5982\u679c\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\uff0c\u5219\u4fdd\u8bc1\u6b64\u76ee\u5f55\u4e2d\u65b0\u521b\u5efa\u7684\u6587\u4ef6\u5177\u6709\u6240\u9700\u7684\u6743\u9650\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u6743\u9650\u8bbe\u7f6e\u4e3a 640 \u6216\u66f4\u4e25\u683c\uff0c\u6216\u8005\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\u3002640/750 \u7684\u6743\u9650\u8f6c\u6362\u4e3a\u6240\u6709\u8005 r/w\u3001\u7ec4 r\uff0c\u800c\u5bf9\u5176\u4ed6\u4eba\u6ca1\u6709\u6743\u9650\u3002\u4f8b\u5982\uff0c\u201cu=rw\uff0cg=r\uff0co=\u201d\u3002 \u6ce8\u610f \u5982\u679c Check-Compute-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/nova\uff1f\u6743\u9650\u8bbe\u7f6e\u4e3a 640\uff0croot \u5177\u6709\u8bfb/\u5199\u8bbf\u95ee\u6743\u9650\uff0cnova \u5177\u6709\u5bf9\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u8bfb\u53d6\u8bbf\u95ee\u6743\u9650\u3002\u4e5f\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u9a8c\u8bc1\u8bbf\u95ee\u6743\u9650\u3002\u4ec5\u5f53\u6b64\u547d\u4ee4\u652f\u6301 ACL \u65f6\uff0c\u5b83\u624d\u5728\u60a8\u7684\u7cfb\u7edf\u4e0a\u53ef\u7528\u3002 $ getfacl --tabular -a /etc/nova/nova.conf getfacl: Removing leading '/' from absolute path names # file: etc/nova/nova.conf USER root rw- GROUP nova r-- mask r-- other --- \u5931\u8d25\uff1a\u5982\u679c\u6743\u9650\u672a\u8bbe\u7f6e\u4e3a\u81f3\u5c11 640/750\u3002 \u63a8\u8350\u4e8e\uff1a\u8ba1\u7b97\u3002","title":"Check-Compute-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f"},{"location":"security/security-guide/#check-compute-03keystone","text":"\u6ce8\u610f \u6b64\u9879\u4ec5\u9002\u7528\u4e8e OpenStack \u7248\u672c Rocky \u53ca\u4e4b\u524d\u7248\u672c\uff0c\u56e0\u4e3a `auth_strategy` Stein \u4e2d\u5df2\u5f03\u7528\u3002 OpenStack \u652f\u6301\u5404\u79cd\u8eab\u4efd\u9a8c\u8bc1\u7b56\u7565\uff0c\u5982 noauth \u548c keystone\u3002\u5982\u679c\u4f7f\u7528 noauth \u7b56\u7565\uff0c\u90a3\u4e48\u7528\u6237\u65e0\u9700\u4efb\u4f55\u8eab\u4efd\u9a8c\u8bc1\u5373\u53ef\u4e0e OpenStack \u670d\u52a1\u8fdb\u884c\u4ea4\u4e92\u3002\u8fd9\u53ef\u80fd\u662f\u4e00\u4e2a\u6f5c\u5728\u7684\u98ce\u9669\uff0c\u56e0\u4e3a\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u83b7\u5f97\u5bf9 OpenStack \u7ec4\u4ef6\u7684\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002\u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\u6240\u6709\u670d\u52a1\u90fd\u5fc5\u987b\u4f7f\u7528\u5176\u670d\u52a1\u5e10\u6237\u901a\u8fc7 keystone \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002 \u5728Ocata\u4e4b\u524d\uff1a \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 auth_strategy \u8bbe\u7f6e\u4e3a keystone \u3002 [DEFAULT] /etc/nova/nova.conf \u5931\u8d25\uff1a\u5982\u679c section \u4e0b\u7684 [DEFAULT] \u53c2\u6570 auth_strategy \u503c\u8bbe\u7f6e\u4e3a noauth \u6216 noauth2 \u3002 \u5728Ocata\u4e4b\u540e\uff1a \u901a\u8fc7\uff1a\u5982\u679c under [api] \u6216 [DEFAULT] section in /etc/nova/nova.conf \u7684\u53c2\u6570 auth_strategy \u503c\u8bbe\u7f6e\u4e3a keystone \u3002 \u5931\u8d25\uff1a\u5982\u679c or [DEFAULT] \u90e8\u5206\u4e0b\u7684 [api] \u53c2\u6570 auth_strategy \u503c\u8bbe\u7f6e\u4e3a noauth \u6216 noauth2 \u3002","title":"Check-Compute-03\uff1aKeystone \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f"},{"location":"security/security-guide/#check-compute-04","text":"OpenStack \u7ec4\u4ef6\u4f7f\u7528\u5404\u79cd\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\uff0c\u901a\u4fe1\u53ef\u80fd\u6d89\u53ca\u654f\u611f\u6216\u673a\u5bc6\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5c1d\u8bd5\u7a83\u542c\u9891\u9053\u4ee5\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u6240\u6709\u7ec4\u4ef6\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in /etc/nova/nova.conf \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a Identity API \u7aef\u70b9\u5f00\u5934\uff0c https:// \u5e76\u4e14 same /etc/nova/nova.conf \u4e2d\u540c\u4e00 [keystone_authtoken] \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri insecure \u503c\u8bbe\u7f6e\u4e3a False \u3002 \u5931\u8d25\uff1a\u5982\u679c in /etc/nova/nova.conf \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri \u503c\u672a\u8bbe\u7f6e\u4e3a\u4ee5 \u5f00\u5934\u7684\u8eab\u4efd API \u7aef\u70b9\uff0c https:// \u6216\u8005\u540c\u4e00 /etc/nova/nova.conf \u90e8\u5206\u4e2d\u7684\u53c2\u6570 insecure [keystone_authtoken] \u503c\u8bbe\u7f6e\u4e3a True \u3002","title":"Check-Compute-04\uff1a\u662f\u5426\u4f7f\u7528\u5b89\u5168\u534f\u8bae\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f"},{"location":"security/security-guide/#check-compute-05nova-glance","text":"OpenStack \u7ec4\u4ef6\u4f7f\u7528\u5404\u79cd\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\uff0c\u901a\u4fe1\u53ef\u80fd\u6d89\u53ca\u654f\u611f\u6216\u673a\u5bc6\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5c1d\u8bd5\u7a83\u542c\u9891\u9053\u4ee5\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u6240\u6709\u7ec4\u4ef6\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a False \uff0c\u5e76\u4e14 section in /etc/nova/nova.conf /etc/nova/nova.conf \u4e0b\u7684 [glance] [glance] \u53c2\u6570 api_insecure api_servers \u503c\u8bbe\u7f6e\u4e3a\u4ee5 https:// \u5f00\u5934\u7684\u503c\u3002 \u5931\u8d25\uff1a\u5982\u679c in /etc/nova/nova.conf \u8282\u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a True \uff0c\u6216\u8005 in /etc/nova/nova.conf \u8282\u4e0b\u7684 [glance] [glance] \u53c2\u6570 api_insecure api_servers \u503c\u8bbe\u7f6e\u4e3a\u4e0d\u4ee5 https:// \u5f00\u5934\u7684\u503c\u3002","title":"Check-Compute-05\uff1aNova \u4e0e Glance \u7684\u901a\u4fe1\u662f\u5426\u5b89\u5168\uff1f"},{"location":"security/security-guide/#_167","text":"OpenStack Block Storage \uff08cinder\uff09 \u662f\u4e00\u9879\u670d\u52a1\uff0c\u5b83\u63d0\u4f9b\u8f6f\u4ef6\uff08\u670d\u52a1\u548c\u5e93\uff09\u6765\u81ea\u52a9\u7ba1\u7406\u6301\u4e45\u6027\u5757\u7ea7\u5b58\u50a8\u8bbe\u5907\u3002\u8fd9\u5c06\u521b\u5efa\u5bf9\u5757\u5b58\u50a8\u8d44\u6e90\u7684\u6309\u9700\u8bbf\u95ee\uff0c\u4ee5\u4fbf\u4e0e OpenStack \u8ba1\u7b97 \uff08nova\uff09 \u5b9e\u4f8b\u4e00\u8d77\u4f7f\u7528\u3002\u901a\u8fc7\u5c06\u5757\u5b58\u50a8\u6c60\u865a\u62df\u5316\u5230\u5404\u79cd\u540e\u7aef\u5b58\u50a8\u8bbe\u5907\uff08\u53ef\u4ee5\u662f\u8f6f\u4ef6\u5b9e\u73b0\u6216\u4f20\u7edf\u786c\u4ef6\u5b58\u50a8\u4ea7\u54c1\uff09\uff0c\u901a\u8fc7\u62bd\u8c61\u521b\u5efa\u8f6f\u4ef6\u5b9a\u4e49\u5b58\u50a8\u3002\u5176\u4e3b\u8981\u529f\u80fd\u662f\u7ba1\u7406\u5757\u8bbe\u5907\u7684\u521b\u5efa\u3001\u9644\u52a0\u548c\u5206\u79bb\u3002\u6d88\u8d39\u8005\u4e0d\u9700\u8981\u77e5\u9053\u540e\u7aef\u5b58\u50a8\u8bbe\u5907\u7684\u7c7b\u578b\u6216\u5b83\u7684\u4f4d\u7f6e\u3002 \u8ba1\u7b97\u5b9e\u4f8b\u901a\u8fc7\u884c\u4e1a\u6807\u51c6\u5b58\u50a8\u534f\u8bae\uff08\u5982 iSCSI\u3001\u4ee5\u592a\u7f51 ATA \u6216\u5149\u7ea4\u901a\u9053\uff09\u5b58\u50a8\u548c\u68c0\u7d22\u5757\u5b58\u50a8\u3002\u8fd9\u4e9b\u8d44\u6e90\u901a\u8fc7 OpenStack \u539f\u751f\u6807\u51c6 HTTP RESTful API \u8fdb\u884c\u7ba1\u7406\u548c\u914d\u7f6e\u3002\u6709\u5173 API \u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 OpenStack \u5757\u5b58\u50a8\u6587\u6863\u3002 \u5377\u64e6\u9664 \u68c0\u67e5\u8868 Check-Block-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/cinder\uff1f Check-Block-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Block-03\uff1aKeystone \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Block-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Block-05\uff1acinder \u662f\u5426\u901a\u8fc7 TLS \u4e0e nova \u901a\u4fe1\uff1f Check-Block-06\uff1acinder \u662f\u5426\u901a\u8fc7 TLS \u4e0e glance \u901a\u4fe1\uff1f Check-Block-07\uff1a NAS \u662f\u5426\u5728\u5b89\u5168\u7684\u73af\u5883\u4e2d\u8fd0\u884c\uff1f Check-Block-08\uff1a\u8bf7\u6c42\u6b63\u6587\u7684\u6700\u5927\u5927\u5c0f\u662f\u5426\u8bbe\u7f6e\u4e3a\u9ed8\u8ba4\u503c \uff08114688\uff09\uff1f Check-Block-09\uff1a\u662f\u5426\u542f\u7528\u4e86\u5377\u52a0\u5bc6\u529f\u80fd\uff1f \u6ce8\u610f \u867d\u7136\u672c\u7ae0\u76ee\u524d\u5bf9\u5177\u4f53\u6307\u5357\u7684\u4ecb\u7ecd\u5f88\u5c11\uff0c\u4f46\u9884\u8ba1\u5c06\u9075\u5faa\u6807\u51c6\u7684\u5f3a\u5316\u5b9e\u8df5\u3002\u672c\u8282\u5c06\u6269\u5c55\u76f8\u5173\u4fe1\u606f\u3002","title":"\u5757\u5b58\u50a8"},{"location":"security/security-guide/#_168","text":"\u6709\u51e0\u79cd\u65b9\u6cd5\u53ef\u4ee5\u64e6\u9664\u5757\u5b58\u50a8\u8bbe\u5907\u3002\u4f20\u7edf\u7684\u65b9\u6cd5\u662f\u5c06 lvm_type \u8bbe\u7f6e\u4e3a thin \uff0c\u5982\u679c\u4f7f\u7528 LVM \u540e\u7aef\uff0c\u5219\u4f7f\u7528 volume_clear \u8be5\u53c2\u6570\u3002\u6216\u8005\uff0c\u5982\u679c\u4f7f\u7528\u5377\u52a0\u5bc6\u529f\u80fd\uff0c\u5219\u5728\u5220\u9664\u5377\u52a0\u5bc6\u5bc6\u94a5\u65f6\u4e0d\u9700\u8981\u5377\u64e6\u9664\u3002\u6709\u5173\u8bbe\u7f6e\u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u5377\u52a0\u5bc6\u90e8\u5206\u4e2d\u7684 OpenStack \u914d\u7f6e\u53c2\u8003\u6587\u6863\uff0c\u4ee5\u53ca\u6709\u5173\u5bc6\u94a5\u5220\u9664\u7684 Castellan \u4f7f\u7528\u6587\u6863 \u6ce8\u610f \u5728\u8f83\u65e7\u7684 OpenStack \u7248\u672c\u4e2d\uff0c `lvm_type=default` \u7528\u4e8e\u8868\u793a\u64e6\u9664\u3002\u867d\u7136\u6b64\u65b9\u6cd5\u4ecd\u7136\u6709\u6548\uff0c\u4f46 `lvm_type=default` \u4e0d\u5efa\u8bae\u7528\u4e8e\u8bbe\u7f6e\u5b89\u5168\u5220\u9664\u3002 \u8be5 volume_clear \u53c2\u6570\u53ef\u4ee5\u8bbe\u7f6e\u4e3a zero \u3002\u8be5 zero \u53c2\u6570\u5c06\u5411\u8bbe\u5907\u5199\u5165\u4e00\u6b21\u96f6\u4f20\u9012\u3002 \u6709\u5173\u8be5 lvm_type \u53c2\u6570\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 cinder \u9879\u76ee\u6587\u6863\u7684\u7cbe\u7b80\u7f6e\u5907\u4e2d\u7684 LVM \u548c\u8d85\u989d\u8ba2\u9605\u90e8\u5206\u3002 \u6709\u5173\u8be5 volume_clear \u53c2\u6570\u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 cinder \u9879\u76ee\u6587\u6863\u7684 Cinder \u914d\u7f6e\u9009\u9879\u90e8\u5206\u3002","title":"\u5377\u64e6\u9664"},{"location":"security/security-guide/#_169","text":"","title":"\u68c0\u67e5\u8868"},{"location":"security/security-guide/#check-block-01-rootcinder","text":"\u914d\u7f6e\u6587\u4ef6\u5305\u542b\u7ec4\u4ef6\u5e73\u7a33\u8fd0\u884c\u6240\u9700\u7684\u5173\u952e\u53c2\u6570\u548c\u4fe1\u606f\u3002\u5982\u679c\u975e\u7279\u6743\u7528\u6237\u6709\u610f\u6216\u65e0\u610f\u5730\u4fee\u6539\u6216\u5220\u9664\u4efb\u4f55\u53c2\u6570\u6216\u6587\u4ef6\u672c\u8eab\uff0c\u5219\u4f1a\u5bfc\u81f4\u4e25\u91cd\u7684\u53ef\u7528\u6027\u95ee\u9898\uff0c\u4ece\u800c\u5bfc\u81f4\u62d2\u7edd\u5411\u5176\u4ed6\u6700\u7ec8\u7528\u6237\u63d0\u4f9b\u670d\u52a1\u3002\u56e0\u6b64\uff0c\u6b64\u7c7b\u5173\u952e\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a root\uff0c\u7ec4\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a cinder\u3002\u6b64\u5916\uff0c\u5305\u542b\u76ee\u5f55\u5e94\u5177\u6709\u76f8\u540c\u7684\u6240\u6709\u6743\uff0c\u4ee5\u786e\u4fdd\u6b63\u786e\u62e5\u6709\u65b0\u6587\u4ef6\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%U %G\" /etc/cinder/cinder.conf | egrep \"root cinder\" $ stat -L -c \"%U %G\" /etc/cinder/api-paste.ini | egrep \"root cinder\" $ stat -L -c \"%U %G\" /etc/cinder/policy.json | egrep \"root cinder\" $ stat -L -c \"%U %G\" /etc/cinder/rootwrap.conf | egrep \"root cinder\" $ stat -L -c \"%U %G\" /etc/cinder | egrep \"root cinder\" \u901a\u8fc7\uff1a\u5982\u679c\u6240\u6709\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u5206\u522b\u8bbe\u7f6e\u4e3a root \u548c cinder\u3002\u4e0a\u9762\u7684\u547d\u4ee4\u663e\u793a\u4e86\u6839\u7164\u6e23\u7684\u8f93\u51fa\u3002 \u5931\u8d25\uff1a\u5982\u679c\u4e0a\u8ff0\u547d\u4ee4\u672a\u8fd4\u56de\u4efb\u4f55\u8f93\u51fa\uff0c\u56e0\u4e3a\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u53ef\u80fd\u5df2\u8bbe\u7f6e\u4e3a\u9664 root \u4ee5\u5916\u7684\u4efb\u4f55\u7528\u6237\u6216\u9664 cinder \u4ee5\u5916\u7684\u4efb\u4f55\u7ec4\u3002","title":"Check-Block-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/cinder\uff1f"},{"location":"security/security-guide/#check-block-02","text":"\u4e0e\u524d\u9762\u7684\u68c0\u67e5\u7c7b\u4f3c\uff0c\u6211\u4eec\u5efa\u8bae\u4e3a\u6b64\u7c7b\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e25\u683c\u7684\u8bbf\u95ee\u6743\u9650\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%a\" /etc/cinder/cinder.conf $ stat -L -c \"%a\" /etc/cinder/api-paste.ini $ stat -L -c \"%a\" /etc/cinder/policy.json $ stat -L -c \"%a\" /etc/cinder/rootwrap.conf $ stat -L -c \"%a\" /etc/cinder \u8fd8\u53ef\u4ee5\u8fdb\u884c\u66f4\u5e7f\u6cdb\u7684\u9650\u5236\uff1a\u5982\u679c\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\uff0c\u5219\u4fdd\u8bc1\u6b64\u76ee\u5f55\u4e2d\u65b0\u521b\u5efa\u7684\u6587\u4ef6\u5177\u6709\u6240\u9700\u7684\u6743\u9650\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u6743\u9650\u8bbe\u7f6e\u4e3a 640 \u6216\u66f4\u4e25\u683c\uff0c\u6216\u8005\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\u3002640/750 \u7684\u6743\u9650\u8f6c\u6362\u4e3a\u6240\u6709\u8005 r/w\u3001\u7ec4 r\uff0c\u800c\u5bf9\u5176\u4ed6\u4eba\u6ca1\u6709\u6743\u9650\uff0c\u5373\u201cu=rw\uff0cg=r\uff0co=\u201d\u3002\u8bf7\u6ce8\u610f\uff0c\u4f7f\u7528 Check-Block-01 \u65f6\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/cinder\uff1f\u6743\u9650\u8bbe\u7f6e\u4e3a 640\uff0croot \u5177\u6709\u8bfb/\u5199\u8bbf\u95ee\u6743\u9650\uff0ccinder \u5177\u6709\u5bf9\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u8bfb\u53d6\u8bbf\u95ee\u6743\u9650\u3002\u4e5f\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u9a8c\u8bc1\u8bbf\u95ee\u6743\u9650\u3002\u4ec5\u5f53\u6b64\u547d\u4ee4\u652f\u6301 ACL \u65f6\uff0c\u5b83\u624d\u5728\u60a8\u7684\u7cfb\u7edf\u4e0a\u53ef\u7528\u3002 $ getfacl --tabular -a /etc/cinder/cinder.conf getfacl: Removing leading '/' from absolute path names # file: etc/cinder/cinder.conf USER root rw- GROUP cinder r-- mask r-- other --- \u5931\u8d25\uff1a\u5982\u679c\u6743\u9650\u672a\u8bbe\u7f6e\u4e3a\u81f3\u5c11 640\u3002","title":"Check-Block-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f"},{"location":"security/security-guide/#check-block-03keystone","text":"\u6ce8\u610f \u6b64\u9879\u4ec5\u9002\u7528\u4e8e OpenStack \u7248\u672c Rocky \u53ca\u4e4b\u524d\u7248\u672c\uff0c\u56e0\u4e3a `auth_strategy` Stein \u4e2d\u5df2\u5f03\u7528\u3002 OpenStack \u652f\u6301\u5404\u79cd\u8eab\u4efd\u9a8c\u8bc1\u7b56\u7565\uff0c\u5982 noauth\u3001keystone \u7b49\u3002\u5982\u679c\u4f7f\u7528\u201cnoauth\u201d\u7b56\u7565\uff0c\u90a3\u4e48\u7528\u6237\u65e0\u9700\u4efb\u4f55\u8eab\u4efd\u9a8c\u8bc1\u5373\u53ef\u4e0eOpenStack\u670d\u52a1\u8fdb\u884c\u4ea4\u4e92\u3002\u8fd9\u53ef\u80fd\u662f\u4e00\u4e2a\u6f5c\u5728\u7684\u98ce\u9669\uff0c\u56e0\u4e3a\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u83b7\u5f97\u5bf9 OpenStack \u7ec4\u4ef6\u7684\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002\u56e0\u6b64\uff0c\u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\u6240\u6709\u670d\u52a1\u90fd\u5fc5\u987b\u4f7f\u7528\u5176\u670d\u52a1\u5e10\u6237\u901a\u8fc7 keystone \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 auth_strategy \u8bbe\u7f6e\u4e3a keystone \u3002 [DEFAULT] /etc/cinder/cinder.conf \u5931\u8d25\uff1a\u5982\u679c section \u4e0b\u7684 [DEFAULT] \u53c2\u6570 auth_strategy \u503c\u8bbe\u7f6e\u4e3a noauth \u3002","title":"Check-Block-03\uff1aKeystone \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f"},{"location":"security/security-guide/#check-block-04-tls","text":"OpenStack \u7ec4\u4ef6\u4f7f\u7528\u5404\u79cd\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\uff0c\u901a\u4fe1\u53ef\u80fd\u6d89\u53ca\u654f\u611f/\u673a\u5bc6\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5c1d\u8bd5\u7a83\u542c\u9891\u9053\u4ee5\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u56e0\u6b64\uff0c\u6240\u6709\u7ec4\u4ef6\u90fd\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u7684\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in /etc/cinder/cinder.conf \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a Identity API \u7aef\u70b9\u5f00\u5934\uff0c https:// \u5e76\u4e14 same /etc/cinder/cinder.conf \u4e2d\u540c\u4e00 [keystone_authtoken] \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri insecure \u503c\u8bbe\u7f6e\u4e3a False \u3002 \u5931\u8d25\uff1a\u5982\u679c in /etc/cinder/cinder.conf \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri \u503c\u672a\u8bbe\u7f6e\u4e3a\u4ee5 \u5f00\u5934\u7684\u8eab\u4efd API \u7aef\u70b9\uff0c https:// \u6216\u8005\u540c\u4e00 /etc/cinder/cinder.conf \u90e8\u5206\u4e2d\u7684\u53c2\u6570 insecure [keystone_authtoken] \u503c\u8bbe\u7f6e\u4e3a True \u3002","title":"Check-Block-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f"},{"location":"security/security-guide/#check-block-05cinder-tls-nova","text":"OpenStack \u7ec4\u4ef6\u4f7f\u7528\u5404\u79cd\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\uff0c\u901a\u4fe1\u53ef\u80fd\u6d89\u53ca\u654f\u611f/\u673a\u5bc6\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5c1d\u8bd5\u7a83\u542c\u9891\u9053\u4ee5\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u56e0\u6b64\uff0c\u6240\u6709\u7ec4\u4ef6\u90fd\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u7684\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 nova_api_insecure \u8bbe\u7f6e\u4e3a False \u3002 [DEFAULT] /etc/cinder/cinder.conf \u5931\u8d25\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 nova_api_insecure \u8bbe\u7f6e\u4e3a True \u3002 [DEFAULT] /etc/cinder/cinder.conf","title":"Check-Block-05\uff1acinder \u662f\u5426\u901a\u8fc7 TLS \u4e0e nova \u901a\u4fe1\uff1f"},{"location":"security/security-guide/#check-block-06cinder-tls-glance","text":"\u4e0e\u4e4b\u524d\u7684\u68c0\u67e5\uff08Check-Block-05\uff1acinder \u662f\u5426\u901a\u8fc7 TLS \u4e0e nova \u901a\u4fe1\uff1f\uff09\u7c7b\u4f3c\uff0c\u6211\u4eec\u5efa\u8bae\u6240\u6709\u7ec4\u4ef6\u4f7f\u7528\u5b89\u5168\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c in \u90e8\u5206\u4e0b\u7684 [DEFAULT] \u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a False \u5e76\u4e14\u53c2\u6570 glance_api_servers glance_api_insecure \u503c\u8bbe\u7f6e\u4e3a\u4ee5 https:// \u5f00\u5934 /etc/cinder/cinder.conf \u7684\u503c\u3002 \u5931\u8d25\uff1a\u5982\u679c\u5c06 section in \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a True \u6216\u53c2\u6570 glance_api_servers glance_api_insecure \u503c\u8bbe\u7f6e\u4e3a\u4e0d\u4ee5 https:// \u5f00\u5934\u7684\u503c\u3002 [DEFAULT] /etc/cinder/cinder.conf","title":"Check-Block-06\uff1acinder \u662f\u5426\u901a\u8fc7 TLS \u4e0e glance \u901a\u4fe1\uff1f"},{"location":"security/security-guide/#check-block-07-nas","text":"Cinder \u652f\u6301 NFS \u9a71\u52a8\u7a0b\u5e8f\uff0c\u5176\u5de5\u4f5c\u65b9\u5f0f\u4e0e\u4f20\u7edf\u7684\u5757\u5b58\u50a8\u9a71\u52a8\u7a0b\u5e8f\u4e0d\u540c\u3002NFS \u9a71\u52a8\u7a0b\u5e8f\u5b9e\u9645\u4e0a\u4e0d\u5141\u8bb8\u5b9e\u4f8b\u5728\u5757\u7ea7\u522b\u8bbf\u95ee\u5b58\u50a8\u8bbe\u5907\u3002\u76f8\u53cd\uff0c\u6587\u4ef6\u662f\u5728 NFS \u5171\u4eab\u4e0a\u521b\u5efa\u7684\uff0c\u5e76\u6620\u5c04\u5230\u6a21\u62df\u5757\u50a8\u5b58\u8bbe\u5907\u7684\u5b9e\u4f8b\u3002Cinder \u901a\u8fc7\u5728\u521b\u5efa Cinder \u5377\u65f6\u63a7\u5236\u6587\u4ef6\u6743\u9650\u6765\u652f\u6301\u6b64\u7c7b\u6587\u4ef6\u7684\u5b89\u5168\u914d\u7f6e\u3002Cinder \u914d\u7f6e\u8fd8\u53ef\u4ee5\u63a7\u5236\u662f\u4ee5 root \u7528\u6237\u8eab\u4efd\u8fd8\u662f\u5f53\u524d OpenStack \u8fdb\u7a0b\u7528\u6237\u8eab\u4efd\u8fd0\u884c\u6587\u4ef6\u64cd\u4f5c\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 nas_secure_file_permissions \u8bbe\u7f6e\u4e3a auto \u3002 [DEFAULT] /etc/cinder/cinder.conf \u5982\u679c\u8bbe\u7f6e\u4e3a auto \uff0c\u5219\u5728 cinder \u542f\u52a8\u671f\u95f4\u8fdb\u884c\u68c0\u67e5\u4ee5\u786e\u5b9a\u662f\u5426\u5b58\u5728\u73b0\u6709\u7684 cinder \u5377\uff0c\u4efb\u4f55\u5377\u90fd\u4e0d\u4f1a\u5c06\u9009\u9879\u8bbe\u7f6e\u4e3a True \uff0c\u5e76\u4f7f\u7528\u5b89\u5168\u6587\u4ef6\u6743\u9650\u3002\u68c0\u6d4b\u73b0\u6709\u5377\u4f1a\u5c06\u9009\u9879\u8bbe\u7f6e\u4e3a False \uff0c\u5e76\u4f7f\u7528\u5f53\u524d\u4e0d\u5b89\u5168\u7684\u65b9\u6cd5\u6765\u5904\u7406\u6587\u4ef6\u6743\u9650\u3002\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 nas_secure_file_operations \u8bbe\u7f6e\u4e3a auto \u3002 [DEFAULT] /etc/cinder/cinder.conf \u5f53\u8bbe\u7f6e\u4e3a\u201cauto\u201d\u65f6\uff0c\u5728 cinder \u542f\u52a8\u671f\u95f4\u8fdb\u884c\u68c0\u67e5\u4ee5\u786e\u5b9a\u662f\u5426\u5b58\u5728\u73b0\u6709\u7684 cinder \u5377\uff0c\u4efb\u4f55\u5377\u90fd\u4e0d\u4f1a\u5c06\u9009\u9879\u8bbe\u7f6e\u4e3a True \uff0c\u5b89\u5168\u4e14\u4e0d\u4ee5 root \u7528\u6237\u8eab\u4efd\u8fd0\u884c\u3002\u5bf9\u73b0\u6709\u5377\u7684\u68c0\u6d4b\u4f1a\u5c06\u9009\u9879\u8bbe\u7f6e\u4e3a False \uff0c\u5e76\u4f7f\u7528\u5f53\u524d\u65b9\u6cd5\u4ee5 root \u7528\u6237\u8eab\u4efd\u8fd0\u884c\u64cd\u4f5c\u3002\u5bf9\u4e8e\u65b0\u5b89\u88c5\uff0c\u4f1a\u7f16\u5199\u4e00\u4e2a\u201c\u6807\u8bb0\u6587\u4ef6\u201d\uff0c\u4ee5\u4fbf\u968f\u540e\u91cd\u65b0\u542f\u52a8 cinder \u5c06\u77e5\u9053\u539f\u59cb\u786e\u5b9a\u662f\u4ec0\u4e48\u3002 \u5931\u8d25\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a False \uff0c\u5e76\u4e14 section in /etc/cinder/cinder.conf /etc/cinder/cinder.conf \u4e0b\u7684 [DEFAULT] [DEFAULT] \u53c2\u6570 nas_secure_file_permissions nas_secure_file_operations \u503c\u8bbe\u7f6e\u4e3a False \u3002","title":"Check-Block-07\uff1a NAS \u662f\u5426\u5728\u5b89\u5168\u7684\u73af\u5883\u4e2d\u8fd0\u884c\uff1f"},{"location":"security/security-guide/#check-block-08-114688","text":"\u5982\u679c\u672a\u5b9a\u4e49\u6bcf\u4e2a\u8bf7\u6c42\u7684\u6700\u5927\u6b63\u6587\u5927\u5c0f\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u6784\u5efa\u4efb\u610f\u8f83\u5927\u7684osapi\u8bf7\u6c42\uff0c\u5bfc\u81f4\u670d\u52a1\u5d29\u6e83\uff0c\u6700\u7ec8\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u5206\u914d\u6700\u5927\u503c\u53ef\u786e\u4fdd\u963b\u6b62\u4efb\u4f55\u6076\u610f\u8d85\u5927\u8bf7\u6c42\uff0c\u4ece\u800c\u786e\u4fdd\u670d\u52a1\u7684\u6301\u7eed\u53ef\u7528\u6027\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a 114688 114688 \uff0c\u6216\u8005 section in /etc/cinder/cinder.conf /etc/cinder/cinder.conf \u4e0b\u7684 [oslo_middleware] [DEFAULT] \u53c2\u6570 osapi_max_request_body_size max_request_body_size \u503c\u8bbe\u7f6e\u4e3a \u3002 \u5931\u8d25\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570\u503c\u672a\u8bbe\u7f6e\u4e3a 114688 \uff0c 114688 \u6216\u8005 section in /etc/cinder/cinder.conf /etc/cinder/cinder.conf \u4e0b\u7684 [oslo_middleware] [DEFAULT] \u53c2\u6570 osapi_max_request_body_size max_request_body_size \u503c\u672a\u8bbe\u7f6e\u4e3a \u3002","title":"Check-Block-08\uff1a\u8bf7\u6c42\u6b63\u6587\u7684\u6700\u5927\u5927\u5c0f\u662f\u5426\u8bbe\u7f6e\u4e3a\u9ed8\u8ba4\u503c \uff08114688\uff09\uff1f"},{"location":"security/security-guide/#check-block-09","text":"\u672a\u52a0\u5bc6\u7684\u5377\u6570\u636e\u4f7f\u5377\u6258\u7ba1\u5e73\u53f0\u6210\u4e3a\u653b\u51fb\u8005\u7279\u522b\u9ad8\u4ef7\u503c\u7684\u76ee\u6807\uff0c\u56e0\u4e3a\u5b83\u5141\u8bb8\u653b\u51fb\u8005\u8bfb\u53d6\u8bb8\u591a\u4e0d\u540c VM \u7684\u6570\u636e\u3002\u6b64\u5916\uff0c\u7269\u7406\u5b58\u50a8\u4ecb\u8d28\u53ef\u80fd\u4f1a\u88ab\u7a83\u53d6\u3001\u91cd\u65b0\u88c5\u8f7d\u548c\u4ece\u53e6\u4e00\u53f0\u8ba1\u7b97\u673a\u8bbf\u95ee\u3002\u52a0\u5bc6\u5377\u6570\u636e\u53ef\u4ee5\u964d\u4f4e\u8fd9\u4e9b\u98ce\u9669\uff0c\u5e76\u4e3a\u5377\u6258\u7ba1\u5e73\u53f0\u63d0\u4f9b\u6df1\u5ea6\u9632\u5fa1\u3002\u5757\u5b58\u50a8 \uff08cinder\uff09 \u80fd\u591f\u5728\u5c06\u5377\u6570\u636e\u5199\u5165\u78c1\u76d8\u4e4b\u524d\u5bf9\u5176\u8fdb\u884c\u52a0\u5bc6\uff0c\u56e0\u6b64\u5efa\u8bae\u5f00\u542f\u5377\u52a0\u5bc6\u529f\u80fd\u3002\u6709\u5173\u8bf4\u660e\uff0c\u8bf7\u53c2\u9605 Openstack Cinder \u670d\u52a1\u914d\u7f6e\u6587\u6863\u7684\u5377\u52a0\u5bc6\u90e8\u5206\u3002 \u901a\u8fc7\uff1a\u5982\u679c 1\uff09 \u8bbe\u7f6e\u4e86 in [key_manager] \u90e8\u5206\u4e0b\u7684\u53c2\u6570\u503c\uff0c2\uff09 \u8bbe\u7f6e\u4e86 in \u4e0b\u7684 [key_manager] \u53c2\u6570 backend backend \u503c\uff0c\u4ee5\u53ca 3\uff09 \u5982\u679c\u6b63\u786e\u9075\u5faa\u4e86 /etc/cinder/cinder.conf /etc/nova/nova.conf \u4e0a\u8ff0\u6587\u6863\u4e2d\u7684\u8bf4\u660e\u3002 \u82e5\u8981\u8fdb\u4e00\u6b65\u9a8c\u8bc1\uff0c\u8bf7\u5728\u5b8c\u6210\u5377\u52a0\u5bc6\u8bbe\u7f6e\u5e76\u4e3a LUKS \u521b\u5efa\u5377\u7c7b\u578b\u540e\u6267\u884c\u8fd9\u4e9b\u6b65\u9aa4\uff0c\u5982\u4e0a\u8ff0\u6587\u6863\u4e2d\u6240\u8ff0\u3002 \u521b\u5efa VM\uff1a $ openstack server create --image cirros-0.3.1-x86_64-disk --flavor m1.tiny TESTVM \u521b\u5efa\u52a0\u5bc6\u5377\u5e76\u5c06\u5176\u9644\u52a0\u5230 VM\uff1a $ openstack volume create --size 1 --type LUKS 'encrypted volume' $ openstack volume list $ openstack server add volume --device /dev/vdb TESTVM 'encrypted volume' \u5728 VM \u4e0a\uff0c\u5c06\u4e00\u4e9b\u6587\u672c\u53d1\u9001\u5230\u65b0\u9644\u52a0\u7684\u5377\u5e76\u540c\u6b65\u5b83\uff1a # echo \"Hello, world (encrypted /dev/vdb)\" >> /dev/vdb # sync && sleep 2 \u5728\u6258\u7ba1 cinder \u5377\u670d\u52a1\u7684\u7cfb\u7edf\u4e0a\uff0c\u540c\u6b65\u4ee5\u5237\u65b0 I/O \u7f13\u5b58\uff0c\u7136\u540e\u6d4b\u8bd5\u662f\u5426\u53ef\u4ee5\u627e\u5230\u5b57\u7b26\u4e32\uff1a # sync && sleep 2 # strings /dev/stack-volumes/volume-* | grep \"Hello\" \u641c\u7d22\u4e0d\u5e94\u8fd4\u56de\u5199\u5165\u52a0\u5bc6\u5377\u7684\u5b57\u7b26\u4e32\u3002 \u5931\u8d25\uff1a\u5982\u679c\u672a\u8bbe\u7f6e in \u90e8\u5206\u4e0b\u7684\u53c2\u6570\u503c\uff0c\u6216\u8005\u672a\u8bbe\u7f6e in /etc/cinder/cinder.conf /etc/nova/nova.conf \u90e8\u5206\u4e0b\u7684 [key_manager] [key_manager] \u53c2\u6570 backend backend \u503c\uff0c\u6216\u8005\u672a\u6b63\u786e\u9075\u5faa\u4e0a\u8ff0\u6587\u6863\u4e2d\u7684\u8bf4\u660e\u3002","title":"Check-Block-09\uff1a\u662f\u5426\u542f\u7528\u4e86\u5377\u52a0\u5bc6\u529f\u80fd\uff1f"},{"location":"security/security-guide/#_170","text":"OpenStack Image Storage \uff08glance\uff09 \u662f\u4e00\u9879\u670d\u52a1\uff0c\u7528\u6237\u53ef\u4ee5\u5728\u5176\u4e2d\u4e0a\u4f20\u548c\u53d1\u73b0\u65e8\u5728\u4e0e\u5176\u4ed6\u670d\u52a1\u4e00\u8d77\u4f7f\u7528\u7684\u6570\u636e\u8d44\u4ea7\u3002\u8fd9\u76ee\u524d\u5305\u62ec\u56fe\u50cf\u548c\u5143\u6570\u636e\u5b9a\u4e49\u3002 \u6620\u50cf\u670d\u52a1\u5305\u62ec\u53d1\u73b0\u3001\u6ce8\u518c\u548c\u68c0\u7d22\u865a\u62df\u673a\u6620\u50cf\u3002Glance \u6709\u4e00\u4e2a RESTful API\uff0c\u5141\u8bb8\u67e5\u8be2 VM \u6620\u50cf\u5143\u6570\u636e\u4ee5\u53ca\u68c0\u7d22\u5b9e\u9645\u6620\u50cf\u3002 \u6709\u5173\u8be5\u670d\u52a1\u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 OpenStack Glance \u6587\u6863\u3002 \u68c0\u67e5\u8868 Check-Image-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/glance\uff1f Check-Image-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Image-03\uff1aKeystone \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Image-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Image-05\uff1a\u662f\u5426\u963b\u6b62\u4e86\u5c4f\u853d\u7aef\u53e3\u626b\u63cf\uff1f \u6ce8\u610f \u867d\u7136\u672c\u7ae0\u76ee\u524d\u5bf9\u5177\u4f53\u6307\u5357\u7684\u4ecb\u7ecd\u5f88\u5c11\uff0c\u4f46\u9884\u8ba1\u5c06\u9075\u5faa\u6807\u51c6\u7684\u5f3a\u5316\u5b9e\u8df5\u3002\u672c\u8282\u5c06\u6269\u5c55\u76f8\u5173\u4fe1\u606f\u3002","title":"\u56fe\u50cf\u5b58\u50a8"},{"location":"security/security-guide/#_171","text":"","title":"\u68c0\u67e5\u8868"},{"location":"security/security-guide/#check-image-01-rootglance","text":"\u914d\u7f6e\u6587\u4ef6\u5305\u542b\u7ec4\u4ef6\u5e73\u7a33\u8fd0\u884c\u6240\u9700\u7684\u5173\u952e\u53c2\u6570\u548c\u4fe1\u606f\u3002\u5982\u679c\u975e\u7279\u6743\u7528\u6237\u6709\u610f\u6216\u65e0\u610f\u5730\u4fee\u6539\u6216\u5220\u9664\u4efb\u4f55\u53c2\u6570\u6216\u6587\u4ef6\u672c\u8eab\uff0c\u5219\u4f1a\u5bfc\u81f4\u4e25\u91cd\u7684\u53ef\u7528\u6027\u95ee\u9898\uff0c\u4ece\u800c\u5bfc\u81f4\u62d2\u7edd\u5411\u5176\u4ed6\u6700\u7ec8\u7528\u6237\u63d0\u4f9b\u670d\u52a1\u3002\u56e0\u6b64\uff0c\u5fc5\u987b\u5c06\u6b64\u7c7b\u5173\u952e\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u6240\u6709\u6743\u8bbe\u7f6e\u4e3a glance \uff0c root \u5e76\u4e14\u5fc5\u987b\u5c06\u7ec4\u6240\u6709\u6743\u8bbe\u7f6e\u4e3a \u3002\u6b64\u5916\uff0c\u5305\u542b\u76ee\u5f55\u5e94\u5177\u6709\u76f8\u540c\u7684\u6240\u6709\u6743\uff0c\u4ee5\u786e\u4fdd\u6b63\u786e\u62e5\u6709\u65b0\u6587\u4ef6\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%U %G\" /etc/glance/glance-api-paste.ini | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance/glance-api.conf | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance/glance-cache.conf | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance/glance-manage.conf | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance/glance-registry-paste.ini | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance/glance-registry.conf | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance/glance-scrubber.conf | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance/glance-swift-store.conf | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance/policy.json | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance/schema-image.json | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance/schema.json | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance | egrep \"root glance\" \u901a\u8fc7\uff1a\u5982\u679c\u6240\u6709\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u5206\u522b\u8bbe\u7f6e\u4e3a root \u548c glance\u3002\u4e0a\u9762\u7684\u547d\u4ee4\u663e\u793a\u4e86 root glance \u7684\u8f93\u51fa\u3002 \u5931\u8d25\uff1a\u5982\u679c\u4e0a\u8ff0\u547d\u4ee4\u4e0d\u8fd4\u56de\u4efb\u4f55\u8f93\u51fa\u3002","title":"Check-Image-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/glance\uff1f"},{"location":"security/security-guide/#check-image-02","text":"\u4e0e\u524d\u9762\u7684\u68c0\u67e5\u7c7b\u4f3c\uff0c\u6211\u4eec\u5efa\u8bae\u60a8\u4e3a\u6b64\u7c7b\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e25\u683c\u7684\u8bbf\u95ee\u6743\u9650\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%a\" /etc/glance/glance-api-paste.ini $ stat -L -c \"%a\" /etc/glance/glance-api.conf $ stat -L -c \"%a\" /etc/glance/glance-cache.conf $ stat -L -c \"%a\" /etc/glance/glance-manage.conf $ stat -L -c \"%a\" /etc/glance/glance-registry-paste.ini $ stat -L -c \"%a\" /etc/glance/glance-registry.conf $ stat -L -c \"%a\" /etc/glance/glance-scrubber.conf $ stat -L -c \"%a\" /etc/glance/glance-swift-store.conf $ stat -L -c \"%a\" /etc/glance/policy.json $ stat -L -c \"%a\" /etc/glance/schema-image.json $ stat -L -c \"%a\" /etc/glance/schema.json $ stat -L -c \"%a\" /etc/glance \u8fd8\u53ef\u4ee5\u8fdb\u884c\u66f4\u5e7f\u6cdb\u7684\u9650\u5236\uff1a\u5982\u679c\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\uff0c\u5219\u4fdd\u8bc1\u6b64\u76ee\u5f55\u4e2d\u65b0\u521b\u5efa\u7684\u6587\u4ef6\u5177\u6709\u6240\u9700\u7684\u6743\u9650\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u6743\u9650\u8bbe\u7f6e\u4e3a 640 \u6216\u66f4\u4e25\u683c\uff0c\u6216\u8005\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\u3002640/750 \u7684\u6743\u9650\u8f6c\u6362\u4e3a\u6240\u6709\u8005 r/w\u3001\u7ec4 r\uff0c\u800c\u5bf9\u5176\u4ed6\u4eba\u6ca1\u6709\u6743\u9650\u3002\u4f8b\u5982\uff0c u=rw,g=r,o= . \u6ce8\u610f \u4f7f\u7528 Check-Image-01\uff1a Devices / Group Ownership of config files \u662f\u5426\u8bbe\u7f6e\u4e3a root/glance\uff1f\uff0c\u6743\u9650\u8bbe\u7f6e\u4e3a 640\uff0c\u5219 root \u5177\u6709\u8bfb/\u5199\u8bbf\u95ee\u6743\u9650\uff0cglance \u5177\u6709\u5bf9\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u8bfb\u53d6\u8bbf\u95ee\u6743\u9650\u3002\u4e5f\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u9a8c\u8bc1\u8bbf\u95ee\u6743\u9650\u3002\u4ec5\u5f53\u6b64\u547d\u4ee4\u652f\u6301 ACL \u65f6\uff0c\u5b83\u624d\u5728\u60a8\u7684\u7cfb\u7edf\u4e0a\u53ef\u7528\u3002 $ getfacl --tabular -a /etc/glance/glance-api.conf getfacl: Removing leading '/' from absolute path names # file: /etc/glance/glance-api.conf USER root rw- GROUP glance r-- mask r-- other --- \u5931\u8d25\uff1a\u5982\u679c\u6743\u9650\u672a\u8bbe\u7f6e\u4e3a\u81f3\u5c11 640\u3002","title":"Check-Image-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f"},{"location":"security/security-guide/#check-image-03keystone","text":"\u6ce8\u610f \u6b64\u9879\u4ec5\u9002\u7528\u4e8e OpenStack \u7248\u672c Rocky \u53ca\u4e4b\u524d\u7248\u672c\uff0c\u56e0\u4e3a `auth_strategy` Stein \u4e2d\u5df2\u5f03\u7528\u3002 OpenStack \u652f\u6301\u5404\u79cd\u8eab\u4efd\u9a8c\u8bc1\u7b56\u7565\uff0c\u5305\u62ec noauth \u548c keystone\u3002\u5982\u679c\u4f7f\u7528\u8be5 noauth \u7b56\u7565\uff0c\u5219\u7528\u6237\u65e0\u9700\u4efb\u4f55\u8eab\u4efd\u9a8c\u8bc1\u5373\u53ef\u4e0e OpenStack \u670d\u52a1\u8fdb\u884c\u4ea4\u4e92\u3002\u8fd9\u53ef\u80fd\u662f\u4e00\u4e2a\u6f5c\u5728\u7684\u98ce\u9669\uff0c\u56e0\u4e3a\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u83b7\u5f97\u5bf9 OpenStack \u7ec4\u4ef6\u7684\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002\u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\u6240\u6709\u670d\u52a1\u90fd\u5fc5\u987b\u4f7f\u7528\u5176\u670d\u52a1\u5e10\u6237\u901a\u8fc7 keystone \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a \uff0c keystone \u5e76\u4e14 section in /etc/glance/glance-api.conf /etc/glance /glance-registry.conf \u4e0b\u7684 [DEFAULT] [DEFAULT] \u53c2\u6570 auth_strategy auth_strategy \u503c\u8bbe\u7f6e\u4e3a keystone \u3002 \u5931\u8d25\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a noauth \u6216 section in /etc/glance/glance-api.conf /etc/glance/glance- registry.conf \u4e0b\u7684 [DEFAULT] [DEFAULT] \u53c2\u6570 auth_strategy auth_strategy \u503c\u8bbe\u7f6e\u4e3a noauth \u3002","title":"Check-Image-03\uff1aKeystone \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f"},{"location":"security/security-guide/#check-image-04-tls","text":"OpenStack \u7ec4\u4ef6\u4f7f\u7528\u5404\u79cd\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\uff0c\u901a\u4fe1\u53ef\u80fd\u6d89\u53ca\u654f\u611f\u6216\u673a\u5bc6\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5c1d\u8bd5\u7a83\u542c\u9891\u9053\u4ee5\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u6240\u6709\u7ec4\u4ef6\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u7684\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a\u4ee5 \u5f00\u5934\u7684 Identity API \u7aef\u70b9 https:// \uff0c\u5e76\u4e14\u8be5\u53c2\u6570 insecure www_authenticate_uri \u7684\u503c\u4f4d\u4e8e same /etc/glance/glance-registry.conf \u4e2d\u7684\u540c\u4e00 [keystone_authtoken] \u90e8\u5206\u4e0b\uff0c\u5219\u8bbe\u7f6e\u4e3a False \u3002 [keystone_authtoken] /etc/glance/glance-api.conf \u5931\u8d25\uff1a\u5982\u679c \u4e2d\u7684 /etc/glance/glance-api.conf \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri \u503c\u672a\u8bbe\u7f6e\u4e3a\u4ee5 https:// \u5f00\u5934\u7684\u6807\u8bc6 API \u7aef\u70b9\uff0c\u6216\u8005\u540c\u4e00 /etc/glance/glance-api.conf \u90e8\u5206\u4e2d\u7684\u53c2\u6570 insecure [keystone_authtoken] \u503c\u8bbe\u7f6e\u4e3a True \u3002","title":"Check-Image-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f"},{"location":"security/security-guide/#check-image-05","text":"Glance \u63d0\u4f9b\u7684\u6620\u50cf\u670d\u52a1 API v1 \u4e2d\u7684 copy_from \u529f\u80fd\u53ef\u5141\u8bb8\u653b\u51fb\u8005\u6267\u884c\u5c4f\u853d\u7684\u7f51\u7edc\u7aef\u53e3\u626b\u63cf\u3002\u5982\u679c\u542f\u7528\u4e86 v1 API\uff0c\u5219\u5e94\u5c06\u6b64\u7b56\u7565\u8bbe\u7f6e\u4e3a\u53d7\u9650\u503c\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 copy_from in /etc/glance/policy.json \u7684\u503c\u8bbe\u7f6e\u4e3a\u53d7\u9650\u503c\uff0c\u4f8b\u5982 role:admin . \u5931\u8d25\uff1a\u672a\u8bbe\u7f6e\u53c2\u6570 copy_from in /etc/glance/policy.json \u7684\u503c\u3002","title":"Check-Image-05\uff1a\u662f\u5426\u963b\u6b62\u4e86\u5c4f\u853d\u7aef\u53e3\u626b\u63cf\uff1f"},{"location":"security/security-guide/#_172","text":"\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\uff08manila\uff09\u63d0\u4f9b\u4e86\u4e00\u7ec4\u670d\u52a1\uff0c\u7528\u4e8e\u7ba1\u7406\u591a\u79df\u6237\u4e91\u73af\u5883\u4e2d\u7684\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u3002\u5b83\u7c7b\u4f3c\u4e8eOpenStack\u901a\u8fc7OpenStack\u5757\u5b58\u50a8\u670d\u52a1\uff08cinder\uff09\u9879\u76ee\u63d0\u4f9b\u57fa\u4e8e\u5757\u7684\u5b58\u50a8\u7ba1\u7406\u7684\u65b9\u5f0f\u3002\u4f7f\u7528\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\uff0c\u60a8\u53ef\u4ee5\u521b\u5efa\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u5e76\u7ba1\u7406\u5176\u5c5e\u6027\uff0c\u4f8b\u5982\u53ef\u89c1\u6027\u3001\u53ef\u8bbf\u95ee\u6027\u548c\u4f7f\u7528\u914d\u989d\u3002 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u9002\u7528\u4e8e\u4f7f\u7528\u4ee5\u4e0b\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\u7684\u5404\u79cd\u5b58\u50a8\u63d0\u4f9b\u7a0b\u5e8f\uff1aNFS\u3001CIFS\u3001GlusterFS \u548c HDFS\u3002 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u7684\u7528\u9014\u4e0e Amazon Elastic File System \uff08EFS\uff09 \u76f8\u540c\u3002 \u4ecb\u7ecd \u4e00\u822c\u5b89\u5168\u4fe1\u606f \u7f51\u7edc\u548c\u5b89\u5168\u6a21\u578b \u5171\u4eab\u540e\u7aef\u6a21\u5f0f \u6241\u5e73\u5316\u7f51\u7edc\u4e0e\u5206\u6bb5\u5316\u7f51\u7edc \u7f51\u7edc\u63d2\u4ef6 \u5b89\u5168\u670d\u52a1 \u5b89\u5168\u670d\u52a1\u7b80\u4ecb \u5b89\u5168\u670d\u52a1\u7ba1\u7406 \u5171\u4eab\u8bbf\u95ee\u63a7\u5236 \u5171\u4eab\u7c7b\u578b\u8bbf\u95ee\u63a7\u5236 \u653f\u7b56 \u68c0\u67e5\u8868 Check-Shared-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/manila\uff1f Check-Shared-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Shared-03\uff1aOpenStack Identity \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Shared-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Shared-05\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u8ba1\u7b97\u8054\u7cfb\uff1f Check-Shared-06\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u7f51\u7edc\u8054\u7cfb\uff1f Check-Shared-07\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u5757\u5b58\u50a8\u8054\u7cfb\uff1f Check-Shared-08\uff1a\u8bf7\u6c42\u6b63\u6587\u7684\u6700\u5927\u5927\u5c0f\u662f\u5426\u8bbe\u7f6e\u4e3a\u9ed8\u8ba4\u503c \uff08114688\uff09\uff1f","title":"\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf"},{"location":"security/security-guide/#_173","text":"\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\uff08\u9a6c\u5c3c\u62c9\uff09\u65e8\u5728\u5728\u5355\u8282\u70b9\u6216\u8de8\u591a\u4e2a\u8282\u70b9\u8fd0\u884c\u3002\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u7531\u56db\u4e2a\u4e3b\u8981\u670d\u52a1\u7ec4\u6210\uff0c\u5b83\u4eec\u7c7b\u4f3c\u4e8e\u5757\u5b58\u50a8\u670d\u52a1\uff1a manila-api manila-scheduler manila-share manila-data manila-api \u63d0\u4f9b\u7a33\u5b9a RESTful API \u7684\u670d\u52a1\u3002\u8be5\u670d\u52a1\u5728\u6574\u4e2a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4e2d\u5bf9\u8bf7\u6c42\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u548c\u8def\u7531\u3002\u6709 python-manilaclient \u53ef\u4ee5\u4e0e API \u4ea4\u4e92\u3002\u6709\u5173\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf API \u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 OpenStack \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf API\u3002 manila-share \u8d1f\u8d23\u7ba1\u7406\u5171\u4eab\u6587\u4ef6\u670d\u52a1\u8bbe\u5907\uff0c\u7279\u522b\u662f\u540e\u7aef\u8bbe\u5907\u3002 manila-scheduler \u8d1f\u8d23\u5b89\u6392\u8bf7\u6c42\u5e76\u5c06\u5176\u8def\u7531\u5230\u76f8\u5e94\u7684 manila-share \u670d\u52a1\u3002\u5b83\u901a\u8fc7\u9009\u62e9\u4e00\u4e2a\u540e\u7aef\uff0c\u540c\u65f6\u8fc7\u6ee4\u9664\u4e00\u4e2a\u540e\u7aef\u4e4b\u5916\u7684\u6240\u6709\u540e\u7aef\u6765\u5b9e\u73b0\u8fd9\u4e00\u70b9\u3002 manila-data \u6b64\u670d\u52a1\u8d1f\u8d23\u7ba1\u7406\u6570\u636e\u64cd\u4f5c\uff0c\u5982\u679c\u4e0d\u5355\u72ec\u5904\u7406\uff0c\u53ef\u80fd\u9700\u8981\u5f88\u957f\u65f6\u95f4\u624d\u80fd\u5b8c\u6210\uff0c\u5e76\u963b\u6b62\u5176\u4ed6\u670d\u52a1\u3002 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4f7f\u7528\u57fa\u4e8e SQL \u7684\u4e2d\u592e\u6570\u636e\u5e93\uff0c\u8be5\u6570\u636e\u5e93\u7531\u7cfb\u7edf\u4e2d\u7684\u6240\u6709\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5171\u4eab\u3002\u5b83\u53ef\u4ee5\u4f7f\u7528 ORM SQLALcvery \u652f\u6301\u7684\u4efb\u4f55 SQL \u65b9\u8a00\uff0c\u4f46\u4ec5\u4f7f\u7528 MySQL \u548c PostgreSQL \u6570\u636e\u5e93\u8fdb\u884c\u6d4b\u8bd5\u3002 \u4f7f\u7528 SQL\uff0c\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u7c7b\u4f3c\u4e8e\u5176\u4ed6 OpenStack \u670d\u52a1\uff0c\u53ef\u4ee5\u4e0e\u4efb\u4f55 OpenStack \u90e8\u7f72\u4e00\u8d77\u4f7f\u7528\u3002\u6709\u5173 API \u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 OpenStack \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf API \u8bf4\u660e\u3002\u6709\u5173 CLI \u7528\u6cd5\u548c\u914d\u7f6e\u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u4e91\u7ba1\u7406\u6307\u5357\u3002 \u4e0b\u56fe\u4e2d\uff0c\u60a8\u53ef\u4ee5\u770b\u5230\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u7684\u4e0d\u540c\u90e8\u5206\u5982\u4f55\u76f8\u4e92\u4ea4\u4e92\u3002 \u9664\u4e86\u5df2\u7ecf\u63cf\u8ff0\u7684\u670d\u52a1\u4e4b\u5916\uff0c\u60a8\u8fd8\u53ef\u4ee5\u5728\u56fe\u50cf\u4e0a\u770b\u5230\u53e6\u5916\u4e24\u4e2a\u5b9e\u4f53\uff1a python-manilaclient \u548c storage controller \u3002 python-manilaclient \u547d\u4ee4\u884c\u754c\u9762\uff0c\u7528\u4e8e\u901a\u8fc7 manila-api \u4e0e\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u8fdb\u884c\u4ea4\u4e92\uff0c\u4ee5\u53ca\u7528\u4e8e\u4ee5\u7f16\u7a0b\u65b9\u5f0f\u4e0e\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4ea4\u4e92\u7684 Python \u6a21\u5757\u3002 Storage controller \u901a\u5e38\u662f\u4e00\u4e2a\u91d1\u5c5e\u76d2\uff0c\u5e26\u6709\u65cb\u8f6c\u78c1\u76d8\u3001\u4ee5\u592a\u7f51\u7aef\u53e3\u548c\u67d0\u79cd\u8f6f\u4ef6\uff0c\u5141\u8bb8\u7f51\u7edc\u5ba2\u6237\u7aef\u5728\u78c1\u76d8\u4e0a\u8bfb\u53d6\u548c\u5199\u5165\u6587\u4ef6\u3002\u8fd8\u6709\u4e00\u4e9b\u5728\u4efb\u610f\u786c\u4ef6\u4e0a\u8fd0\u884c\u7684\u7eaf\u8f6f\u4ef6\u5b58\u50a8\u63a7\u5236\u5668\uff0c\u7fa4\u96c6\u63a7\u5236\u5668\u53ef\u80fd\u5141\u8bb8\u591a\u4e2a\u7269\u7406\u8bbe\u5907\u663e\u793a\u4e3a\u5355\u4e2a\u5b58\u50a8\u63a7\u5236\u5668\uff0c\u6216\u7eaf\u865a\u62df\u5b58\u50a8\u63a7\u5236\u5668\u3002 \u5171\u4eab\u662f\u8fdc\u7a0b\u7684\u3001\u53ef\u88c5\u8f7d\u7684\u6587\u4ef6\u7cfb\u7edf\u3002\u60a8\u53ef\u4ee5\u4e00\u6b21\u5c06\u5171\u4eab\u88c5\u8f7d\u5230\u591a\u4e2a\u4e3b\u673a\uff0c\u4e5f\u53ef\u4ee5\u7531\u591a\u4e2a\u7528\u6237\u4ece\u591a\u4e2a\u4e3b\u673a\u8bbf\u95ee\u5171\u4eab\u3002 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u53ef\u4ee5\u4f7f\u7528\u4e0d\u540c\u7684\u7f51\u7edc\u7c7b\u578b\uff1a\u6241\u5e73\u7f51\u7edc\u3001VLAN\u3001VXLAN \u6216 GRE\uff0c\u5e76\u652f\u6301\u5206\u6bb5\u7f51\u7edc\u3002\u6b64\u5916\uff0c\u8fd8\u6709\u4e0d\u540c\u7684\u7f51\u7edc\u63d2\u4ef6\uff0c\u5b83\u4eec\u63d0\u4f9b\u4e86\u4e0e OpenStack \u63d0\u4f9b\u7684\u7f51\u7edc\u670d\u52a1\u7684\u5404\u79cd\u96c6\u6210\u65b9\u6cd5\u3002 \u4e0d\u540c\u4f9b\u5e94\u5546\u521b\u5efa\u4e86\u5927\u91cf\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\uff0c\u8fd9\u4e9b\u9a71\u52a8\u7a0b\u5e8f\u652f\u6301\u4e0d\u540c\u7684\u786c\u4ef6\u5b58\u50a8\u89e3\u51b3\u65b9\u6848\uff0c\u4f8b\u5982 NetApp \u96c6\u7fa4\u6a21\u5f0f Data ONTAP \uff08 cDOT \uff09\u9a71\u52a8\u7a0b\u5e8f\uff0c\u534e\u4e3a NAS \u9a71\u52a8\u7a0b\u5e8f\u6216 GlusterFS \u9a71\u52a8\u7a0b\u5e8f\u3002\u6bcf\u4e2a\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u90fd\u662f\u4e00\u4e2a Python \u7c7b\uff0c\u53ef\u4ee5\u4e3a\u540e\u7aef\u8bbe\u7f6e\u5e76\u5728\u540e\u7aef\u8fd0\u884c\u4ee5\u7ba1\u7406\u5171\u4eab\u64cd\u4f5c\uff0c\u5176\u4e2d\u4e00\u4e9b\u64cd\u4f5c\u53ef\u80fd\u662f\u7279\u5b9a\u4e8e\u4f9b\u5e94\u5546\u7684\u3002\u540e\u7aef\u662f manila-share \u670d\u52a1\u7684\u4e00\u4e2a\u5b9e\u4f8b\u3002 \u5ba2\u6237\u7aef\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743\u7684\u914d\u7f6e\u6570\u636e\u53ef\u4ee5\u7531\u5b89\u5168\u670d\u52a1\u5b58\u50a8\u3002\u53ef\u4ee5\u914d\u7f6e\u548c\u4f7f\u7528 LDAP\u3001Kerberos \u6216 Microsoft Active Directory \u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u7b49\u534f\u8bae\u3002 \u9664\u975e\u672a\u5728 policy.json \u4e2d\u663e\u5f0f\u66f4\u6539\uff0c\u5426\u5219\u7ba1\u7406\u5458\u6216\u62e5\u6709\u5171\u4eab\u7684\u79df\u6237\u90fd\u80fd\u591f\u7ba1\u7406\u5bf9\u5171\u4eab\u7684\u8bbf\u95ee\u3002\u8bbf\u95ee\u7ba1\u7406\u662f\u901a\u8fc7\u521b\u5efa\u8bbf\u95ee\u89c4\u5219\u6765\u5b8c\u6210\u7684\uff0c\u8be5\u89c4\u5219\u901a\u8fc7 IP \u5730\u5740\u3001\u7528\u6237\u3001\u7ec4\u6216 TLS \u8bc1\u4e66\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u53ef\u7528\u7684\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u53d6\u51b3\u4e8e\u60a8\u914d\u7f6e\u548c\u4f7f\u7528\u7684\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u548c\u5b89\u5168\u670d\u52a1\u3002 \u6ce8\u610f \u4e0d\u540c\u7684\u9a71\u52a8\u7a0b\u5e8f\u652f\u6301\u4e0d\u540c\u7684\u8bbf\u95ee\u9009\u9879\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u4f7f\u7528\u7684\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\u3002\u652f\u6301\u7684\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\u5305\u62ec NFS\u3001CIFS\u3001GlusterFS \u548c HDFS\u3002\u4f8b\u5982\uff0c\u901a\u7528\uff08\u5757\u5b58\u50a8\u4f5c\u4e3a\u540e\u7aef\uff09\u9a71\u52a8\u7a0b\u5e8f\u4e0d\u652f\u6301\u7528\u6237\u548c\u8bc1\u4e66\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u3002\u5b83\u8fd8\u4e0d\u652f\u6301\u4efb\u4f55\u5b89\u5168\u670d\u52a1\uff0c\u4f8b\u5982 LDAP\u3001Kerberos \u6216 Active Directory\u3002\u6709\u5173\u4e0d\u540c\u9a71\u52a8\u7a0b\u5e8f\u652f\u6301\u7684\u529f\u80fd\u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u9a6c\u5c3c\u62c9\u5171\u4eab\u529f\u80fd\u652f\u6301\u6620\u5c04\u3002 \u4f5c\u4e3a\u7ba1\u7406\u5458\uff0c\u60a8\u53ef\u4ee5\u521b\u5efa\u5171\u4eab\u7c7b\u578b\uff0c\u4f7f\u8ba1\u5212\u7a0b\u5e8f\u80fd\u591f\u5728\u521b\u5efa\u5171\u4eab\u4e4b\u524d\u7b5b\u9009\u540e\u7aef\u3002\u5171\u4eab\u7c7b\u578b\u5177\u6709\u989d\u5916\u7684\u89c4\u8303\uff0c\u60a8\u53ef\u4ee5\u4e3a\u8ba1\u5212\u7a0b\u5e8f\u8bbe\u7f6e\u8fd9\u4e9b\u89c4\u8303\uff0c\u4ee5\u7b5b\u9009\u548c\u6743\u8861\u540e\u7aef\uff0c\u4ee5\u4fbf\u4e3a\u8bf7\u6c42\u521b\u5efa\u5171\u4eab\u7684\u7528\u6237\u9009\u62e9\u9002\u5f53\u7684\u5171\u4eab\u7c7b\u578b\u3002\u5171\u4eab\u548c\u5171\u4eab\u7c7b\u578b\u53ef\u4ee5\u521b\u5efa\u4e3a\u516c\u5171\u6216\u79c1\u6709\u3002\u6b64\u53ef\u89c1\u6027\u7ea7\u522b\u5b9a\u4e49\u5176\u4ed6\u79df\u6237\u662f\u5426\u80fd\u591f\u770b\u5230\u8fd9\u4e9b\u5bf9\u8c61\u5e76\u5bf9\u5176\u8fdb\u884c\u64cd\u4f5c\u3002\u7ba1\u7406\u5458\u53ef\u4ee5\u4e3a\u8eab\u4efd\u670d\u52a1\u4e2d\u7684\u7279\u5b9a\u7528\u6237\u6216\u79df\u6237\u6dfb\u52a0\u5bf9\u4e13\u7528\u5171\u4eab\u7c7b\u578b\u7684\u8bbf\u95ee\u6743\u9650\u3002\u56e0\u6b64\uff0c\u60a8\u6388\u4e88\u8bbf\u95ee\u6743\u9650\u7684\u7528\u6237\u53ef\u4ee5\u770b\u5230\u53ef\u7528\u7684\u5171\u4eab\u7c7b\u578b\uff0c\u5e76\u4f7f\u7528\u5b83\u4eec\u521b\u5efa\u5171\u4eab\u3002 \u4e0d\u540c\u7528\u6237\u53ca\u5176\u89d2\u8272\u7684 API \u8c03\u7528\u6743\u9650\u7531\u7b56\u7565\u51b3\u5b9a\uff0c\u5c31\u50cf\u5728\u5176\u4ed6 OpenStack \u670d\u52a1\u4e2d\u4e00\u6837\u3002 \u6807\u8bc6\u670d\u52a1\u53ef\u7528\u4e8e\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4e2d\u7684\u8eab\u4efd\u9a8c\u8bc1\u3002\u8bf7\u53c2\u9605\u201c\u8eab\u4efd\u201d\u90e8\u5206\u4e2d\u7684\u8eab\u4efd\u670d\u52a1\u5b89\u5168\u6027\u7684\u8be6\u7ec6\u4fe1\u606f\u3002","title":"\u4ecb\u7ecd"},{"location":"security/security-guide/#_174","text":"\u4e0e\u5176\u4ed6 OpenStack \u9879\u76ee\u7c7b\u4f3c\uff0c\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5df2\u6ce8\u518c\u5230 Identity \u670d\u52a1\uff0c\u56e0\u6b64\u60a8\u53ef\u4ee5\u4f7f\u7528 manila endpoints \u547d\u4ee4\u67e5\u627e\u5171\u4eab\u670d\u52a1 v1 \u548c v2 \u7684 API \u7aef\u70b9\uff1a $ manila endpoints +-------------+-----------------------------------------+ | manila | Value | +-------------+-----------------------------------------+ | adminURL | http://172.18.198.55:8786/v1/20787a7b...| | region | RegionOne | | publicURL | http://172.18.198.55:8786/v1/20787a7b...| | internalURL | http://172.18.198.55:8786/v1/20787a7b...| | id | 82cc5535aa444632b64585f138cb9b61 | +-------------+-----------------------------------------+ +-------------+-----------------------------------------+ | manilav2 | Value | +-------------+-----------------------------------------+ | adminURL | http://172.18.198.55:8786/v2/20787a7b...| | region | RegionOne | | publicURL | http://172.18.198.55:8786/v2/20787a7b...| | internalURL | http://172.18.198.55:8786/v2/20787a7b...| | id | 2e8591bfcac4405fa7e5dc3fd61a2b85 | +-------------+-----------------------------------------+ \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf API \u670d\u52a1\u4ec5\u4fa6\u542c tcp6 \u7c7b\u578b\u540c\u65f6\u652f\u6301 IPv4 \u548c IPv6 \u7684\u7aef\u53e3 8786 \u3002 \u6ce8\u610f \u8be5\u7aef\u53e3\u662f\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u7684\u9ed8\u8ba4\u7aef\u53e3 8786 \u3002\u5b83\u53ef\u4ee5\u66f4\u6539\u4e3a\u4efb\u4f55\u5176\u4ed6\u7aef\u53e3\uff0c\u4f46\u6b64\u66f4\u6539\u4e5f\u5e94\u5728\u914d\u7f6e\u6587\u4ef6\u4e2d\u7684 \u9009\u9879\u4e2d\u8fdb\u884c\uff0c\u8be5\u9009\u9879 osapi_share_listen_port \u9ed8\u8ba4\u4e3a 8786 \u3002 \u5728 /etc/manila/ \u76ee\u5f55\u4e2d\uff0c\u60a8\u53ef\u4ee5\u627e\u5230\u51e0\u4e2a\u914d\u7f6e\u6587\u4ef6\uff1a api-paste.ini manila.conf policy.json rootwrap.conf rootwrap.d ./rootwrap.d: share.filters \u5efa\u8bae\u60a8\u5c06\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u914d\u7f6e\u4e3a\u5728\u975e root \u670d\u52a1\u5e10\u6237\u4e0b\u8fd0\u884c\uff0c\u5e76\u66f4\u6539\u6587\u4ef6\u6743\u9650\uff0c\u4ee5\u4fbf\u53ea\u6709\u7cfb\u7edf\u7ba1\u7406\u5458\u624d\u80fd\u4fee\u6539\u5b83\u4eec\u3002\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u8981\u6c42\u53ea\u6709\u7ba1\u7406\u5458\u624d\u80fd\u5199\u5165\u914d\u7f6e\u6587\u4ef6\uff0c\u800c\u670d\u52a1\u53ea\u80fd\u901a\u8fc7\u5176\u5728\u7ec4\u4e2d\u7684 manila \u7ec4\u6210\u5458\u8eab\u4efd\u8bfb\u53d6\u5b83\u4eec\u3002\u5176\u4ed6\u4eba\u4e00\u5b9a\u65e0\u6cd5\u8bfb\u53d6\u8fd9\u4e9b\u6587\u4ef6\uff0c\u56e0\u4e3a\u8fd9\u4e9b\u6587\u4ef6\u5305\u542b\u4e0d\u540c\u670d\u52a1\u7684\u7ba1\u7406\u5458\u5bc6\u7801\u3002 \u5e94\u7528\u68c0\u67e5 Check-Shared-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/manila\uff1f\u548c Check-Shared-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f\u4ece\u6e05\u5355\u4e2d\u9a8c\u8bc1\u6743\u9650\u8bbe\u7f6e\u662f\u5426\u6b63\u786e\u3002 \u6ce8\u610f \u6587\u4ef6\u4e2d\u7684 manila-rootwrap \u914d\u7f6e\u548c\u6587\u4ef6\u4e2d `rootwrap.conf` `rootwrap.d/share.filters` \u5171\u4eab\u8282\u70b9\u7684 manila-rootwrap \u547d\u4ee4\u8fc7\u6ee4\u5668\u5e94\u5f52 root \u7528\u6237\u6240\u6709\uff0c\u5e76\u4e14\u53ea\u80fd\u7531 root \u7528\u6237\u5199\u5165\u3002 \u5efa\u8bae manila \u914d\u7f6e\u6587\u4ef6 `manila.conf` \u53ef\u4ee5\u653e\u7f6e\u5728\u4efb\u4f55\u4f4d\u7f6e\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u8be5\u8def\u5f84 `/etc/manila/manila.conf` \u662f\u5fc5\u9700\u7684\u3002","title":"\u4e00\u822c\u5b89\u5168\u4fe1\u606f"},{"location":"security/security-guide/#_175","text":"\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4e2d\u7684\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u662f\u4e00\u4e2a Python \u7c7b\uff0c\u53ef\u4ee5\u4e3a\u540e\u7aef\u8bbe\u7f6e\u5e76\u5728\u5176\u4e2d\u8fd0\u884c\u4ee5\u7ba1\u7406\u5171\u4eab\u64cd\u4f5c\uff0c\u5176\u4e2d\u4e00\u4e9b\u64cd\u4f5c\u662f\u7279\u5b9a\u4e8e\u4f9b\u5e94\u5546\u7684\u3002\u540e\u7aef\u662f manila-share \u670d\u52a1\u7684\u5b9e\u4f8b\u3002\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4e2d\u6709\u8bb8\u591a\u7531\u4e0d\u540c\u4f9b\u5e94\u5546\u521b\u5efa\u7684\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u3002\u6bcf\u4e2a\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u90fd\u652f\u6301\u4e00\u79cd\u6216\u591a\u79cd\u540e\u7aef\u6a21\u5f0f\uff1a\u5171\u4eab\u670d\u52a1\u5668\u548c\u65e0\u5171\u4eab\u670d\u52a1\u5668\u3002\u7ba1\u7406\u5458\u901a\u8fc7\u5728\u914d\u7f6e\u6587\u4ef6\u4e2d manila.conf \u6307\u5b9a\u6a21\u5f0f\u6765\u9009\u62e9\u4f7f\u7528\u54ea\u79cd\u6a21\u5f0f\u3002\u5b83\u4f7f\u7528\u4e86\u4e00\u4e2a\u9009\u9879 driver_handles_share_servers \u3002 \u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f\u53ef\u4ee5\u914d\u7f6e\u4e3a\u6241\u5e73\u7f51\u7edc\uff0c\u4e5f\u53ef\u4ee5\u914d\u7f6e\u5206\u6bb5\u7f51\u7edc\u3002\u8fd9\u53d6\u51b3\u4e8e\u7f51\u7edc\u63d0\u4f9b\u5546\u3002 \u5982\u679c\u60a8\u60f3\u4f7f\u7528\u4e0d\u540c\u7684\u914d\u7f6e\uff0c\u5219\u53ef\u4ee5\u4e3a\u4e0d\u540c\u7684\u6a21\u5f0f\u4f7f\u7528\u76f8\u540c\u7684\u786c\u4ef6\u4f7f\u7528\u5355\u72ec\u7684\u9a71\u52a8\u7a0b\u5e8f\u3002\u6839\u636e\u9009\u62e9\u7684\u6a21\u5f0f\uff0c\u7ba1\u7406\u5458\u53ef\u80fd\u9700\u8981\u901a\u8fc7\u914d\u7f6e\u6587\u4ef6\u63d0\u4f9b\u66f4\u591a\u914d\u7f6e\u8be6\u7ec6\u4fe1\u606f\u3002","title":"\u7f51\u7edc\u548c\u5b89\u5168\u6a21\u578b"},{"location":"security/security-guide/#_176","text":"\u6bcf\u4e2a\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u81f3\u5c11\u652f\u6301\u4e00\u79cd\u53ef\u80fd\u7684\u9a71\u52a8\u7a0b\u5e8f\u6a21\u5f0f\uff1a \u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f \u65e0\u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f \u8bbe\u7f6e\u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f\u6216\u65e0\u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f\u7684 manila.conf \u914d\u7f6e\u9009\u9879\u662f driver_handles_share_servers \u9009\u9879\u3002\u5b83\u6307\u793a\u9a71\u52a8\u7a0b\u5e8f\u662f\u81ea\u884c\u5904\u7406\u5171\u4eab\u670d\u52a1\u5668\uff0c\u8fd8\u662f\u671f\u671b\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u6267\u884c\u6b64\u64cd\u4f5c\u3002 \u6a21\u5f0f \u914d\u7f6e\u9009\u9879 \u63cf\u8ff0 \u5171\u4eab\u670d\u52a1\u5668 driver_handles_share_servers =True \u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u521b\u5efa\u5171\u4eab\u670d\u52a1\u5668\u5e76\u7ba1\u7406\u6216\u5904\u7406\u5171\u4eab\u670d\u52a1\u5668\u751f\u547d\u5468\u671f\u3002 \u65e0\u5171\u4eab\u670d\u52a1\u5668 driver_handles_share_servers =False \u7ba1\u7406\u5458\uff08\u800c\u4e0d\u662f\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\uff09\u4f7f\u7528\u67d0\u4e9b\u7f51\u7edc\u63a5\u53e3\uff08\u800c\u4e0d\u662f\u5171\u4eab\u670d\u52a1\u5668\u7684\u5b58\u5728\uff09\u7ba1\u7406\u88f8\u673a\u5b58\u50a8\u3002 \u65e0\u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f \u5728\u8fd9\u79cd\u6a21\u5f0f\u4e0b\uff0c\u9a71\u52a8\u7a0b\u5e8f\u57fa\u672c\u4e0a\u6ca1\u6709\u4efb\u4f55\u7f51\u7edc\u8981\u6c42\u3002\u5047\u5b9a\u7531\u9a71\u52a8\u7a0b\u5e8f\u7ba1\u7406\u7684\u5b58\u50a8\u63a7\u5236\u5668\u5177\u6709\u6240\u9700\u7684\u6240\u6709\u7f51\u7edc\u63a5\u53e3\u3002\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5c06\u671f\u671b\u9a71\u52a8\u7a0b\u5e8f\u76f4\u63a5\u8bbe\u7f6e\u5171\u4eab\uff0c\u800c\u65e0\u9700\u4e8b\u5148\u521b\u5efa\u4efb\u4f55\u5171\u4eab\u670d\u52a1\u5668\u3002\u6b64\u6a21\u5f0f\u5bf9\u5e94\u4e8e\u67d0\u4e9b\u73b0\u6709\u9a71\u52a8\u7a0b\u5e8f\u5df2\u5728\u6267\u884c\u7684\u64cd\u4f5c\uff0c\u4f46\u5b83\u4f7f\u7ba1\u7406\u5458\u53ef\u4ee5\u660e\u786e\u9009\u62e9\u3002\u5728\u6b64\u6a21\u5f0f\u4e0b\uff0c\u5171\u4eab\u521b\u5efa\u65f6\u4e0d\u9700\u8981\u5171\u4eab\u7f51\u7edc\uff0c\u4e5f\u4e0d\u5f97\u63d0\u4f9b\u5171\u4eab\u7f51\u7edc\u3002 \u6ce8\u610f \u5728\u65e0\u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f\u4e0b\uff0c\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5c06\u5047\u5b9a\u6240\u6709\u79df\u6237\u90fd\u5df2\u53ef\u8bbf\u95ee\u7528\u4e8e\u5bfc\u51fa\u4efb\u4f55\u5171\u4eab\u7684\u7f51\u7edc\u63a5\u53e3\u3002 \u5728\u65e0\u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f\u4e0b\uff0c\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u4e0d\u5904\u7406\u5b58\u50a8\u751f\u547d\u5468\u671f\u3002\u7ba1\u7406\u5458\u5e94\u5904\u7406\u5b58\u50a8\u3001\u7f51\u7edc\u63a5\u53e3\u548c\u5176\u4ed6\u4e3b\u673a\u914d\u7f6e\u3002\u5728\u6b64\u6a21\u5f0f\u4e0b\uff0c\u7ba1\u7406\u5458\u53ef\u4ee5\u5c06\u5b58\u50a8\u8bbe\u7f6e\u4e3a\u5bfc\u51fa\u5171\u4eab\u7684\u4e3b\u673a\u3002\u6b64\u6a21\u5f0f\u7684\u4e3b\u8981\u7279\u5f81\u662f\u5b58\u50a8\u4e0d\u7531\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5904\u7406\u3002\u79df\u6237\u4e2d\u7684\u7528\u6237\u5171\u4eab\u516c\u5171\u7f51\u7edc\u3001\u4e3b\u673a\u3001\u5904\u7406\u5668\u548c\u7f51\u7edc\u7ba1\u9053\u3002\u5982\u679c\u7ba1\u7406\u5458\u6216\u4ee3\u7406\u4e4b\u524d\u914d\u7f6e\u7684\u5b58\u50a8\u6ca1\u6709\u6b63\u786e\u7684\u5e73\u8861\u8c03\u6574\uff0c\u5b83\u4eec\u53ef\u80fd\u4f1a\u76f8\u4e92\u963b\u788d\u3002\u5728\u516c\u6709\u4e91\u4e2d\uff0c\u6240\u6709\u7f51\u7edc\u5bb9\u91cf\u53ef\u80fd\u90fd\u7531\u4e00\u4e2a\u5ba2\u6237\u7aef\u4f7f\u7528\uff0c\u56e0\u6b64\u7ba1\u7406\u5458\u5e94\u6ce8\u610f\u4e0d\u8981\u53d1\u751f\u8fd9\u79cd\u60c5\u51b5\u3002\u5e73\u8861\u8c03\u6574\u53ef\u4ee5\u901a\u8fc7\u4efb\u4f55\u65b9\u5f0f\u5b8c\u6210\uff0c\u800c\u4e0d\u4e00\u5b9a\u662f\u4f7f\u7528 OpenStack \u5de5\u5177\u3002 \u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f \u5728\u6b64\u6a21\u5f0f\u4e0b\uff0c\u9a71\u52a8\u7a0b\u5e8f\u80fd\u591f\u521b\u5efa\u5171\u4eab\u670d\u52a1\u5668\u5e76\u5c06\u5176\u63d2\u5165\u73b0\u6709\u7f51\u7edc\u3002\u63d0\u4f9b\u65b0\u7684\u5171\u4eab\u670d\u52a1\u5668\u65f6\uff0c\u9a71\u52a8\u7a0b\u5e8f\u9700\u8981\u6765\u81ea\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u7684 IP \u5730\u5740\u548c\u5b50\u7f51\u3002 \u4e0e\u65e0\u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f\u4e0d\u540c\uff0c\u5728\u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f\u4e0b\uff0c\u7528\u6237\u5177\u6709\u4e00\u4e2a\u5171\u4eab\u7f51\u7edc\u548c\u4e00\u4e2a\u4e3a\u6bcf\u4e2a\u5171\u4eab\u7f51\u7edc\u521b\u5efa\u7684\u5171\u4eab\u670d\u52a1\u5668\u3002\u56e0\u6b64\uff0c\u6240\u6709\u7528\u6237\u90fd\u6709\u5355\u72ec\u7684 CPU\u3001CPU \u65f6\u95f4\u3001\u7f51\u7edc\u3001\u5bb9\u91cf\u548c\u541e\u5410\u91cf\u3002 \u60a8\u8fd8\u53ef\u4ee5\u5728\u5171\u4eab\u670d\u52a1\u5668\u548c\u65e0\u5171\u4eab\u670d\u52a1\u5668\u540e\u7aef\u6a21\u5f0f\u4e0b\u914d\u7f6e\u5b89\u5168\u670d\u52a1\u3002\u4f46\u662f\uff0c\u5982\u679c\u6ca1\u6709\u5171\u4eab\u670d\u52a1\u5668\u540e\u7aef\u6a21\u5f0f\uff0c\u7ba1\u7406\u5458\u5e94\u5728\u4e3b\u673a\u4e0a\u624b\u52a8\u8bbe\u7f6e\u6240\u9700\u7684\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u3002\u5728\u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f\u4e0b\uff0c\u53ef\u4ee5\u4f7f\u7528\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u652f\u6301\u7684\u4efb\u4f55\u73b0\u6709\u5b89\u5168\u670d\u52a1\u81ea\u52a8\u914d\u7f6e\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u3002","title":"\u5171\u4eab\u540e\u7aef\u6a21\u5f0f"},{"location":"security/security-guide/#_177","text":"\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u4e0d\u540c\u7c7b\u578b\u7684\u7f51\u7edc\uff1a flat GRE VLAN VXLAN \u6ce8\u610f \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u53ea\u662f\u5c06\u6709\u5173\u7f51\u7edc\u7684\u4fe1\u606f\u4fdd\u5b58\u5728\u6570\u636e\u5e93\u4e2d\uff0c\u800c\u771f\u6b63\u7684\u7f51\u7edc\u5219\u7531\u7f51\u7edc\u63d0\u4f9b\u5546\u63d0\u4f9b\u3002\u5728OpenStack\u4e2d\uff0c\u5b83\u53ef\u4ee5\u662f\u4f20\u7edf\u7f51\u7edc\uff08nova-network\uff09\u6216\u7f51\u7edc\uff08neutron\uff09\u670d\u52a1\uff0c\u4f46\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u751a\u81f3\u53ef\u4ee5\u5728OpenStack\u4e4b\u5916\u5de5\u4f5c\u3002\u8fd9\u662f\u5141\u8bb8\u7684\uff0c `StandaloneNetworkPlugin` \u53ef\u4ee5\u4e0e\u4efb\u4f55\u7f51\u7edc\u5e73\u53f0\u4e00\u8d77\u4f7f\u7528\uff0c\u5e76\u4e14\u4e0d\u9700\u8981OpenStack\u4e2d\u7684\u67d0\u4e9b\u7279\u5b9a\u7f51\u7edc\u670d\u52a1\uff0c\u5982Networking\u6216Legacy\u7f51\u7edc\u670d\u52a1\u3002\u60a8\u53ef\u4ee5\u5728\u5176\u914d\u7f6e\u6587\u4ef6\u4e2d\u8bbe\u7f6e\u7f51\u7edc\u53c2\u6570\u3002 \u5728\u5171\u4eab\u670d\u52a1\u5668\u540e\u7aef\u6a21\u5f0f\u4e0b\uff0c\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u4e3a\u6bcf\u4e2a\u5171\u4eab\u7f51\u7edc\u521b\u5efa\u548c\u7ba1\u7406\u5171\u4eab\u670d\u52a1\u5668\u3002\u6b64\u6a21\u5f0f\u53ef\u5206\u4e3a\u4e24\u79cd\u53d8\u4f53\uff1a \u5171\u4eab\u670d\u52a1\u5668\u540e\u7aef\u6a21\u5f0f\u4e0b\u7684\u6241\u5e73\u7f51\u7edc \u5171\u4eab\u670d\u52a1\u5668\u540e\u7aef\u6a21\u5f0f\u4e0b\u7684\u5206\u6bb5\u7f51\u7edc \u6700\u521d\uff0c\u5728\u521b\u5efa\u5171\u4eab\u7f51\u7edc\u65f6\uff0c\u60a8\u53ef\u4ee5\u8bbe\u7f6e OpenStack Networking \uff08neutron\uff09 \u7684\u7f51\u7edc\u548c\u5b50\u7f51\uff0c\u4e5f\u53ef\u4ee5\u8bbe\u7f6e Legacy \u7f51\u7edc \uff08nova-network\uff09 \u670d\u52a1\u7f51\u7edc\u3002\u7b2c\u4e09\u79cd\u65b9\u6cd5\u662f\u5728\u6ca1\u6709\u65e7\u7248\u7f51\u7edc\u548c\u7f51\u7edc\u670d\u52a1\u7684\u60c5\u51b5\u4e0b\u914d\u7f6e\u7f51\u7edc\u3002 StandaloneNetworkPlugin \u53ef\u4e0e\u4efb\u4f55\u7f51\u7edc\u5e73\u53f0\u4e00\u8d77\u4f7f\u7528\u3002\u60a8\u53ef\u4ee5\u5728\u5176\u914d\u7f6e\u6587\u4ef6\u4e2d\u8bbe\u7f6e\u7f51\u7edc\u53c2\u6570\u3002 \u5efa\u8bae \u6240\u6709\u4f7f\u7528 OpenStack Compute \u670d\u52a1\u7684\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u90fd\u4e0d\u4f7f\u7528\u7f51\u7edc\u63d2\u4ef6\u3002\u5728 Mitaka \u7248\u672c\u4e2d\uff0c\u5b83\u662f Windows \u548c\u901a\u7528\u9a71\u52a8\u7a0b\u5e8f\u3002\u8fd9\u4e9b\u5171\u4eab\u9a71\u52a8\u5668\u5177\u6709\u5176\u4ed6\u9009\u9879\u5e76\u4f7f\u7528\u4e0d\u540c\u7684\u65b9\u6cd5\u3002 \u521b\u5efa\u5171\u4eab\u7f51\u7edc\u540e\uff0c\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5c06\u68c0\u7d22\u7531\u7f51\u7edc\u63d0\u4f9b\u5546\u786e\u5b9a\u7684\u7f51\u7edc\u4fe1\u606f\uff1a\u7f51\u7edc\u7c7b\u578b\u3001\u5206\u6bb5\u6807\u8bc6\u7b26\uff08\u5982\u679c\u7f51\u7edc\u4f7f\u7528\u5206\u6bb5\uff09\u548c CIDR \u8868\u793a\u6cd5\u4e2d\u7684 IP \u5757\uff0c\u4ee5\u4fbf\u4ece\u4e2d\u5206\u914d\u7f51\u7edc\u3002 \u5171\u4eab\u670d\u52a1\u5668\u540e\u7aef\u6a21\u5f0f\u4e0b\u7684\u6241\u5e73\u7f51\u7edc \u5728\u6b64\u6a21\u5f0f\u4e0b\uff0c\u67d0\u4e9b\u5b58\u50a8\u63a7\u5236\u5668\u53ef\u4ee5\u521b\u5efa\u5171\u4eab\u670d\u52a1\u5668\uff0c\u4f46\u7531\u4e8e\u7269\u7406\u6216\u903b\u8f91\u7f51\u7edc\u7684\u5404\u79cd\u9650\u5236\uff0c\u6240\u6709\u5171\u4eab\u670d\u52a1\u5668\u90fd\u5fc5\u987b\u4f4d\u4e8e\u6241\u5e73\u7f51\u7edc\u4e0a\u3002\u5728\u6b64\u6a21\u5f0f\u4e0b\uff0c\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u9700\u8981\u4e00\u4e9b\u4e1c\u897f\u6765\u4e3a\u5171\u4eab\u670d\u52a1\u5668\u9884\u914d IP \u5730\u5740\uff0c\u4f46 IP \u5c06\u5168\u90e8\u6765\u81ea\u540c\u4e00\u5b50\u7f51\uff0c\u5e76\u4e14\u5047\u5b9a\u6240\u6709\u79df\u6237\u90fd\u53ef\u4ee5\u8bbf\u95ee\u8be5\u5b50\u7f51\u672c\u8eab\u3002 \u5171\u4eab\u7f51\u7edc\u7684\u5b89\u5168\u670d\u52a1\u90e8\u5206\u6307\u5b9a\u5b89\u5168\u8981\u6c42\uff0c\u4f8b\u5982 AD \u6216 LDAP \u57df\u6216 Kerberos \u57df\u3002\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5047\u5b9a\u5b89\u5168\u670d\u52a1\u4e2d\u5f15\u7528\u7684\u4efb\u4f55\u4e3b\u673a\u90fd\u53ef\u4ee5\u4ece\u521b\u5efa\u5171\u4eab\u670d\u52a1\u5668\u7684\u5b50\u7f51\u8bbf\u95ee\uff0c\u8fd9\u9650\u5236\u4e86\u53ef\u4ee5\u4f7f\u7528\u6b64\u6a21\u5f0f\u7684\u60c5\u51b5\u6570\u3002 \u5171\u4eab\u670d\u52a1\u5668\u540e\u7aef\u6a21\u5f0f\u4e0b\u7684\u5206\u6bb5\u7f51\u7edc \u5728\u6b64\u6a21\u5f0f\u4e0b\uff0c\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u80fd\u591f\u521b\u5efa\u5171\u4eab\u670d\u52a1\u5668\u5e76\u5c06\u5176\u63d2\u5165\u5230\u73b0\u6709\u7684\u5206\u6bb5\u7f51\u7edc\u3002\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u671f\u671b\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4e3a\u6bcf\u4e2a\u65b0\u7684\u5171\u4eab\u670d\u52a1\u5668\u63d0\u4f9b\u5b50\u7f51\u5b9a\u4e49\u3002\u6b64\u5b9a\u4e49\u5e94\u5305\u62ec\u5206\u6bb5\u7c7b\u578b\u3001\u5206\u6bb5 ID \u4ee5\u53ca\u4e0e\u5206\u6bb5\u7c7b\u578b\u76f8\u5173\u7684\u4efb\u4f55\u5176\u4ed6\u4fe1\u606f\u3002 \u6ce8\u610f \u67d0\u4e9b\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u53ef\u80fd\u4e0d\u652f\u6301\u6240\u6709\u7c7b\u578b\u7684\u5206\u6bb5\uff0c\u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u6b63\u5728\u4f7f\u7528\u7684\u9a71\u52a8\u7a0b\u5e8f\u7684\u89c4\u8303\u3002","title":"\u6241\u5e73\u5316\u4e0e\u5206\u6bb5\u5316\u7f51\u7edc"},{"location":"security/security-guide/#_178","text":"\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4f53\u7cfb\u7ed3\u6784\u5b9a\u4e49\u4e86\u7528\u4e8e\u7f51\u7edc\u8d44\u6e90\u8c03\u914d\u7684\u62bd\u8c61\u5c42\u3002\u5b83\u5141\u8bb8\u7ba1\u7406\u5458\u4ece\u4e0d\u540c\u7684\u9009\u9879\u4e2d\u8fdb\u884c\u9009\u62e9\uff0c\u4ee5\u51b3\u5b9a\u5982\u4f55\u5c06\u7f51\u7edc\u8d44\u6e90\u5206\u914d\u7ed9\u5176\u79df\u6237\u7684\u7f51\u7edc\u5b58\u50a8\u3002\u6709\u51e0\u4e2a\u7f51\u7edc\u63d2\u4ef6\u63d0\u4f9b\u4e86\u4e0eOpenStack\u63d0\u4f9b\u7684\u7f51\u7edc\u670d\u52a1\u7684\u5404\u79cd\u96c6\u6210\u65b9\u6cd5\u3002 \u7f51\u7edc\u63d2\u4ef6\u5141\u8bb8\u4f7f\u7528 OpenStack Networking \u548c Legacy \u7f51\u7edc\u670d\u52a1\u7684\u4efb\u4f55\u529f\u80fd\u3001\u914d\u7f6e\u3002\u53ef\u4ee5\u4f7f\u7528\u7f51\u7edc\u670d\u52a1\u652f\u6301\u7684\u4efb\u4f55\u7f51\u7edc\u5206\u6bb5\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u4f20\u7edf\u7f51\u7edc \uff08nova-network\uff09 \u670d\u52a1\u7684\u6241\u5e73\u7f51\u7edc\u6216 VLAN \u5206\u6bb5\u7f51\u7edc\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u63d2\u4ef6\u6765\u72ec\u7acb\u4e8e OpenStack \u7f51\u7edc\u670d\u52a1\u6307\u5b9a\u7f51\u7edc\u3002\u6709\u5173\u5982\u4f55\u4f7f\u7528\u4e0d\u540c\u7f51\u7edc\u63d2\u4ef6\u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u7f51\u7edc\u63d2\u4ef6\u3002","title":"\u7f51\u7edc\u63d2\u4ef6"},{"location":"security/security-guide/#_179","text":"\u5bf9\u4e8e\u5ba2\u6237\u7aef\u7684\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743\uff0c\u53ef\u4ee5\u9009\u62e9\u4f7f\u7528\u4e0d\u540c\u7684\u7f51\u7edc\u8eab\u4efd\u9a8c\u8bc1\u534f\u8bae\u914d\u7f6e\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u670d\u52a1\u3002\u652f\u6301\u7684\u8eab\u4efd\u9a8c\u8bc1\u534f\u8bae\u5305\u62ec LDAP\u3001Kerberos \u548c Microsoft Active Directory \u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u3002","title":"\u5b89\u5168\u670d\u52a1"},{"location":"security/security-guide/#_180","text":"\u521b\u5efa\u5171\u4eab\u5e76\u83b7\u53d6\u5176\u5bfc\u51fa\u4f4d\u7f6e\u540e\uff0c\u7528\u6237\u65e0\u6743\u88c5\u8f7d\u8be5\u5171\u4eab\u5e76\u5904\u7406\u6587\u4ef6\u3002\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u9700\u8981\u663e\u5f0f\u6388\u4e88\u5bf9\u65b0\u5171\u4eab\u7684\u8bbf\u95ee\u6743\u9650\u3002 \u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743 \uff08AuthN/AuthZ\uff09 \u7684\u5ba2\u6237\u673a\u914d\u7f6e\u6570\u636e\u53ef\u4ee5\u901a\u8fc7 \u5b58\u50a8 security services \u3002\u5982\u679c\u4f7f\u7528\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u540e\u7aef\u652f\u6301 LDAP\u3001Kerberos \u6216 Microsoft Active Directory\uff0c\u5219\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u53ef\u4ee5\u4f7f\u7528\u5b83\u4eec\u3002\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u4e5f\u53ef\u4ee5\u5728\u6ca1\u6709\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u7684\u60c5\u51b5\u4e0b\u8fdb\u884c\u914d\u7f6e\u3002 \u6ce8\u610f \u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\uff0c\u9700\u8981\u663e\u5f0f\u6307\u5b9a\u5176\u4e2d\u4e00\u9879\u5b89\u5168\u670d\u52a1\uff0c\u4f8b\u5982\uff0cNetApp\u3001EMC \u548c Windows \u9a71\u52a8\u7a0b\u5e8f\u9700\u8981 Active Directory \u624d\u80fd\u521b\u5efa\u4e0e CIFS \u534f\u8bae\u7684\u5171\u4eab\u3002","title":"\u5b89\u5168\u670d\u52a1\u4ecb\u7ecd"},{"location":"security/security-guide/#_181","text":"\u5b89\u5168\u670d\u52a1\u662f\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\uff08\u9a6c\u5c3c\u62c9\uff09\u5b9e\u4f53\uff0c\u5b83\u62bd\u8c61\u51fa\u4e00\u7ec4\u9009\u9879\uff0c\u8fd9\u4e9b\u9009\u9879\u4e3a\u7279\u5b9a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\uff08\u5982 Active Directory \u57df\u6216 Kerberos \u57df\uff09\u5b9a\u4e49\u5b89\u5168\u57df\u3002\u5b89\u5168\u670d\u52a1\u5305\u542b\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u521b\u5efa\u52a0\u5165\u7ed9\u5b9a\u57df\u7684\u670d\u52a1\u5668\u6240\u9700\u7684\u6240\u6709\u4fe1\u606f\u3002 \u4f7f\u7528 API\uff0c\u7528\u6237\u53ef\u4ee5\u521b\u5efa\u3001\u66f4\u65b0\u3001\u67e5\u770b\u548c\u5220\u9664\u5b89\u5168\u670d\u52a1\u3002\u5b89\u5168\u670d\u52a1\u7684\u8bbe\u8ba1\u57fa\u4e8e\u4ee5\u4e0b\u5047\u8bbe\uff1a \u79df\u6237\u63d0\u4f9b\u5b89\u5168\u670d\u52a1\u7684\u8be6\u7ec6\u4fe1\u606f\u3002 \u7ba1\u7406\u5458\u5173\u5fc3\u5b89\u5168\u670d\u52a1\uff1a\u4ed6\u4eec\u914d\u7f6e\u6b64\u7c7b\u5b89\u5168\u670d\u52a1\u7684\u670d\u52a1\u5668\u7aef\u3002 \u5728\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf API \u4e2d\uff0ca security_service \u4e0e share_networks \u5173\u8054\u3002 \u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u4f7f\u7528\u5b89\u5168\u670d\u52a1\u4e2d\u7684\u6570\u636e\u6765\u914d\u7f6e\u65b0\u521b\u5efa\u7684\u5171\u4eab\u670d\u52a1\u5668\u3002 \u521b\u5efa\u5b89\u5168\u670d\u52a1\u65f6\uff0c\u53ef\u4ee5\u9009\u62e9\u4ee5\u4e0b\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u4e4b\u4e00\uff1a \u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1 \u63cf\u8ff0 LDAP \u8f7b\u91cf\u7ea7\u76ee\u5f55\u8bbf\u95ee\u534f\u8bae\u3002\u7528\u4e8e\u901a\u8fc7 IP \u7f51\u7edc\u8bbf\u95ee\u548c\u7ef4\u62a4\u5206\u5e03\u5f0f\u76ee\u5f55\u4fe1\u606f\u670d\u52a1\u7684\u5e94\u7528\u7a0b\u5e8f\u534f\u8bae\u3002 Kerberos \u7f51\u7edc\u8eab\u4efd\u9a8c\u8bc1\u534f\u8bae\uff0c\u5b83\u57fa\u4e8e\u7968\u8bc1\u5de5\u4f5c\uff0c\u5141\u8bb8\u901a\u8fc7\u975e\u5b89\u5168\u7f51\u7edc\u8fdb\u884c\u901a\u4fe1\u7684\u8282\u70b9\u4ee5\u5b89\u5168\u7684\u65b9\u5f0f\u76f8\u4e92\u8bc1\u660e\u5176\u8eab\u4efd\u3002 \u6d3b\u52a8\u76ee\u5f55 Microsoft \u4e3a Windows \u57df\u7f51\u7edc\u5f00\u53d1\u7684\u76ee\u5f55\u670d\u52a1\u3002\u4f7f\u7528 LDAP\u3001Microsoft \u7684 Kerberos \u7248\u672c\u548c DNS\u3002 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5141\u8bb8\u60a8\u4f7f\u7528\u4ee5\u4e0b\u9009\u9879\u914d\u7f6e\u5b89\u5168\u670d\u52a1\uff1a \u79df\u6237\u7f51\u7edc\u5185\u90e8\u4f7f\u7528\u7684 DNS IP \u5730\u5740\u3002 \u5b89\u5168\u670d\u52a1\u7684 IP \u5730\u5740\u6216\u4e3b\u673a\u540d\u3002 \u5b89\u5168\u670d\u52a1\u7684\u57df\u3002 \u79df\u6237\u4f7f\u7528\u7684\u7528\u6237\u540d\u6216\u7ec4\u540d\u3002 \u5982\u679c\u6307\u5b9a\u7528\u6237\u540d\uff0c\u5219\u9700\u8981\u4e00\u4e2a\u7528\u6237\u5bc6\u7801\u3002 \u73b0\u6709\u5b89\u5168\u670d\u52a1\u5b9e\u4f53\u53ef\u4ee5\u4e0e\u5171\u4eab\u7f51\u7edc\u5b9e\u4f53\u76f8\u5173\u8054\uff0c\u8fd9\u4e9b\u5b9e\u4f53\u901a\u77e5\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4e00\u7ec4\u5171\u4eab\u7684\u5b89\u5168\u6027\u548c\u7f51\u7edc\u914d\u7f6e\u3002\u60a8\u8fd8\u53ef\u4ee5\u67e5\u770b\u6307\u5b9a\u5171\u4eab\u7f51\u7edc\u7684\u6240\u6709\u5b89\u5168\u670d\u52a1\u7684\u5217\u8868\uff0c\u5e76\u53d6\u6d88\u5b83\u4eec\u4e0e\u5171\u4eab\u7f51\u7edc\u7684\u5173\u8054\u3002 \u6709\u5173\u901a\u8fc7 API \u7ba1\u7406\u5b89\u5168\u670d\u52a1\u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u5b89\u5168\u670d\u52a1 API\u3002\u60a8\u8fd8\u53ef\u4ee5\u901a\u8fc7 python-manilaclient \u7ba1\u7406\u5b89\u5168\u670d\u52a1\uff0c\u8bf7\u53c2\u9605\u5b89\u5168\u670d\u52a1 CLI \u7ba1\u7406\u3002 \u7ba1\u7406\u5458\u548c\u4f5c\u4e3a\u5171\u4eab\u6240\u6709\u8005\u7684\u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u521b\u5efa\u8bbf\u95ee\u89c4\u5219\uff0c\u5e76\u901a\u8fc7 IP \u5730\u5740\u3001\u7528\u6237\u3001\u7ec4\u6216 TLS \u8bc1\u4e66\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u6765\u7ba1\u7406\u5bf9\u5171\u4eab\u7684\u8bbf\u95ee\u3002\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u53d6\u51b3\u4e8e\u60a8\u914d\u7f6e\u548c\u4f7f\u7528\u7684\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u548c\u5b89\u5168\u670d\u52a1\u3002 \u56e0\u6b64\uff0c\u4f5c\u4e3a\u7ba1\u7406\u5458\uff0c\u60a8\u53ef\u4ee5\u5c06\u540e\u7aef\u914d\u7f6e\u4e3a\u901a\u8fc7\u7f51\u7edc\u4f7f\u7528\u7279\u5b9a\u7684\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\uff0c\u5b83\u5c06\u5b58\u50a8\u7528\u6237\u3002\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u53ef\u4ee5\u5728\u6ca1\u6709\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u548c\u6807\u8bc6\u670d\u52a1\u7684\u5ba2\u6237\u7aef\u4e0a\u8fd0\u884c\u3002 \u6ce8\u610f \u4e0d\u540c\u7684\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u652f\u6301\u4e0d\u540c\u7684\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u3002\u6709\u5173\u4e0d\u540c\u9a71\u52a8\u7a0b\u5e8f\u652f\u6301\u529f\u80fd\u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u9a6c\u5c3c\u62c9\u5171\u4eab\u529f\u80fd\u652f\u6301\u6620\u5c04\u3002\u9a71\u52a8\u7a0b\u5e8f\u5bf9\u7279\u5b9a\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u7684\u652f\u6301\u5e76\u4e0d\u610f\u5473\u7740\u53ef\u4ee5\u4f7f\u7528\u4efb\u4f55\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\u5bf9\u5176\u8fdb\u884c\u914d\u7f6e\u3002\u652f\u6301\u7684\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\u5305\u62ec NFS\u3001CIFS\u3001GlusterFS \u548c HDFS\u3002\u6709\u5173\u7279\u5b9a\u9a71\u52a8\u7a0b\u5e8f\u53ca\u5176\u5b89\u5168\u670d\u52a1\u914d\u7f6e\u7684\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u9a71\u52a8\u7a0b\u5e8f\u4f9b\u5e94\u5546\u7684\u6587\u6863\u3002 \u67d0\u4e9b\u9a71\u52a8\u7a0b\u5e8f\u652f\u6301\u5b89\u5168\u670d\u52a1\uff0c\u800c\u5176\u4ed6\u9a71\u52a8\u7a0b\u5e8f\u4e0d\u652f\u6301\u4e0a\u8ff0\u4efb\u4f55\u5b89\u5168\u670d\u52a1\u3002\u4f8b\u5982\uff0c\u5177\u6709 NFS \u6216 CIFS \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\u7684\u901a\u7528\u9a71\u52a8\u7a0b\u5e8f\u4ec5\u652f\u6301\u901a\u8fc7 IP \u5730\u5740\u7684\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u3002 \u5efa\u8bae - \u5728\u5927\u591a\u6570\u60c5\u51b5\u4e0b\uff0c\u652f\u6301 CIFS \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\u7684\u9a71\u52a8\u7a0b\u5e8f\u53ef\u4ee5\u914d\u7f6e\u4e3a\u4f7f\u7528 Active Directory \u5e76\u901a\u8fc7\u7528\u6237\u8eab\u4efd\u9a8c\u8bc1\u7ba1\u7406\u8bbf\u95ee\u3002 - \u652f\u6301 GlusterFS \u534f\u8bae\u7684\u9a71\u52a8\u7a0b\u5e8f\u53ef\u4ee5\u901a\u8fc7 TLS \u8bc1\u4e66\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002 - \u4f7f\u7528\u652f\u6301 NFS \u534f\u8bae\u7684\u9a71\u52a8\u7a0b\u5e8f\uff0c\u901a\u8fc7 IP \u5730\u5740\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u662f\u552f\u4e00\u53d7\u652f\u6301\u7684\u9009\u9879\u3002 - \u7531\u4e8e HDFS \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\u4f7f\u7528 NFS \u8bbf\u95ee\uff0c\u56e0\u6b64\u4e5f\u53ef\u4ee5\u5c06\u5176\u914d\u7f6e\u4e3a\u901a\u8fc7 IP \u5730\u5740\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002 \u4f46\u8bf7\u6ce8\u610f\uff0c\u901a\u8fc7 IP \u8fdb\u884c\u7684\u8eab\u4efd\u9a8c\u8bc1\u662f\u6700\u4e0d\u5b89\u5168\u7684\u8eab\u4efd\u9a8c\u8bc1\u7c7b\u578b\u3002 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5b9e\u9645\u4f7f\u7528\u60c5\u51b5\u7684\u5efa\u8bae\u914d\u7f6e\u662f\u4f7f\u7528 CIFS \u5171\u4eab\u534f\u8bae\u521b\u5efa\u5171\u4eab\uff0c\u5e76\u5411\u5176\u6dfb\u52a0 Microsoft Active Directory \u76ee\u5f55\u670d\u52a1\u3002\u5728\u6b64\u914d\u7f6e\u4e2d\uff0c\u60a8\u5c06\u83b7\u5f97\u96c6\u4e2d\u5f0f\u6570\u636e\u5e93\u4ee5\u53ca\u5c06Kerberos\u548cLDAP\u65b9\u6cd5\u7ed3\u5408\u5728\u4e00\u8d77\u7684\u670d\u52a1\u3002\u8fd9\u662f\u4e00\u4e2a\u771f\u5b9e\u7684\u7528\u4f8b\uff0c\u5bf9\u4e8e\u751f\u4ea7\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u6765\u8bf4\u5f88\u65b9\u4fbf\u3002","title":"\u5b89\u5168\u670d\u52a1\u7ba1\u7406"},{"location":"security/security-guide/#_182","text":"\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5141\u8bb8\u6388\u4e88\u6216\u62d2\u7edd\u5176\u4ed6\u5ba2\u6237\u7aef\u5bf9\u670d\u52a1\u7684\u4e0d\u540c\u5b9e\u4f53\u7684\u8bbf\u95ee\u3002 \u5c06\u5171\u4eab\u4f5c\u4e3a\u6587\u4ef6\u7cfb\u7edf\u7684\u53ef\u8fdc\u7a0b\u6302\u8f7d\u5b9e\u4f8b\uff0c\u53ef\u4ee5\u7ba1\u7406\u5bf9\u6307\u5b9a\u5171\u4eab\u7684\u8bbf\u95ee\uff0c\u5e76\u5217\u51fa\u6307\u5b9a\u5171\u4eab\u7684\u6743\u9650\u3002 \u5171\u4eab\u53ef\u4ee5\u662f\u516c\u5171\u7684\uff0c\u4e5f\u53ef\u4ee5\u662f\u79c1\u6709\u7684\u3002\u8fd9\u662f\u5171\u4eab\u7684\u53ef\u89c1\u6027\u7ea7\u522b\uff0c\u7528\u4e8e\u5b9a\u4e49\u5176\u4ed6\u79df\u6237\u662f\u5426\u53ef\u4ee5\u770b\u5230\u5171\u4eab\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u6240\u6709\u5171\u4eab\u90fd\u521b\u5efa\u4e3a\u4e13\u7528\u5171\u4eab\u3002\u521b\u5efa\u5171\u4eab\u65f6\uff0c\u8bf7\u4f7f\u7528\u5bc6\u94a5 --public \u5c06\u5171\u4eab\u516c\u5f00\uff0c\u4f9b\u5176\u4ed6\u79df\u6237\u67e5\u770b\u5171\u4eab\u5217\u8868\u5e76\u67e5\u770b\u5176\u8be6\u7ec6\u4fe1\u606f\u3002 \u6839\u636e policy.json \u6587\u4ef6\uff0c\u7ba1\u7406\u5458\u548c\u4f5c\u4e3a\u5171\u4eab\u6240\u6709\u8005\u7684\u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u521b\u5efa\u8bbf\u95ee\u89c4\u5219\u6765\u7ba1\u7406\u5bf9\u5171\u4eab\u7684\u8bbf\u95ee\u3002\u4f7f\u7528 manila access-allow\u3001manila access-deny \u548c manila access-list \u547d\u4ee4\uff0c\u60a8\u53ef\u4ee5\u76f8\u5e94\u5730\u6388\u4e88\u3001\u62d2\u7edd\u548c\u5217\u51fa\u5bf9\u6307\u5b9a\u5171\u4eab\u7684\u8bbf\u95ee\u6743\u9650\u3002 \u5efa\u8bae \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u5f53\u521b\u5efa\u5171\u4eab\u5e76\u5177\u6709\u5176\u5bfc\u51fa\u4f4d\u7f6e\u65f6\uff0c\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u671f\u671b\u4efb\u4f55\u4eba\u90fd\u65e0\u6cd5\u901a\u8fc7\u88c5\u8f7d\u5171\u4eab\u6765\u8bbf\u95ee\u8be5\u5171\u4eab\u3002\u8bf7\u6ce8\u610f\uff0c\u60a8\u4f7f\u7528\u7684\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u53ef\u4ee5\u66f4\u6539\u6b64\u914d\u7f6e\uff0c\u4e5f\u53ef\u4ee5\u76f4\u63a5\u5728\u5171\u4eab\u5b58\u50a8\u4e0a\u66f4\u6539\u3002\u8981\u786e\u4fdd\u8bbf\u95ee\u5171\u4eab\uff0c\u8bf7\u68c0\u67e5\u5bfc\u51fa\u534f\u8bae\u7684\u6302\u8f7d\u914d\u7f6e\u3002 \u521a\u521b\u5efa\u5171\u4eab\u65f6\uff0c\u6ca1\u6709\u4e0e\u4e4b\u5173\u8054\u7684\u9ed8\u8ba4\u8bbf\u95ee\u89c4\u5219\u548c\u88c5\u8f7d\u6743\u9650\u3002\u8fd9\u53ef\u4ee5\u5728\u6b63\u5728\u4f7f\u7528\u7684\u5bfc\u51fa\u534f\u8bae\u7684\u6302\u8f7d\u914d\u7f6e\u4e2d\u770b\u5230\u3002\u4f8b\u5982\uff0c\u5b58\u50a8\u4e0a\u6709\u4e00\u4e2a NFS \u547d\u4ee4 exportfs \u6216 /etc/exports \u6587\u4ef6\uff0c\u7528\u4e8e\u63a7\u5236\u6bcf\u4e2a\u8fdc\u7a0b\u5171\u4eab\u5e76\u5b9a\u4e49\u53ef\u4ee5\u8bbf\u95ee\u5b83\u7684\u4e3b\u673a\u3002\u5982\u679c\u6ca1\u6709\u4eba\u53ef\u4ee5\u6302\u8f7d\u5171\u4eab\uff0c\u5219\u4e3a\u7a7a\u3002\u5bf9\u4e8e\u8fdc\u7a0b CIFS \u670d\u52a1\u5668\uff0c\u6709\u4e00\u4e2a net conf list \u663e\u793a\u914d\u7f6e\u7684\u547d\u4ee4\u3002 hosts deny \u53c2\u6570\u5e94\u7531\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u8bbe\u7f6e 0.0.0.0/0 \uff0c\u8fd9\u610f\u5473\u7740\u4efb\u4f55\u4e3b\u673a\u90fd\u88ab\u62d2\u7edd\u6302\u8f7d\u5171\u4eab\u3002 \u4f7f\u7528\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\uff0c\u53ef\u4ee5\u901a\u8fc7\u6307\u5b9a\u4ee5\u4e0b\u652f\u6301\u7684\u5171\u4eab\u8bbf\u95ee\u7ea7\u522b\u4e4b\u4e00\u6765\u6388\u4e88\u6216\u62d2\u7edd\u5bf9\u5171\u4eab\u7684\u8bbf\u95ee\uff1a rw\u3002\u8bfb\u53d6\u548c\u5199\u5165 \uff08RW\uff09 \u8bbf\u95ee\u3002\u8fd9\u662f\u9ed8\u8ba4\u503c\u3002 ro\u3002\u53ea\u8bfb \uff08RO\uff09 \u8bbf\u95ee\u3002 \u5efa\u8bae \u5f53\u7ba1\u7406\u5458\u4e3a\u67d0\u4e9b\u7279\u5b9a\u7f16\u8f91\u8005\u6216\u8d21\u732e\u8005\u63d0\u4f9b\u8bfb\u5199 \uff08RW\uff09 \u8bbf\u95ee\u6743\u9650\u5e76\u4e3a\u5176\u4f59\u7528\u6237\uff08\u67e5\u770b\u8005\uff09\u63d0\u4f9b\u53ea\u8bfb \uff08RO\uff09 \u8bbf\u95ee\u6743\u9650\u65f6\uff0cRO \u8bbf\u95ee\u7ea7\u522b\u5728\u516c\u5171\u5171\u4eab\u4e2d\u4f1a\u5f88\u6709\u5e2e\u52a9\u3002 \u60a8\u8fd8\u5fc5\u987b\u6307\u5b9a\u4ee5\u4e0b\u53d7\u652f\u6301\u7684\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u4e4b\u4e00\uff1a ip\u3002\u901a\u8fc7\u5b9e\u4f8b\u7684 IP \u5730\u5740\u5bf9\u5b9e\u4f8b\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u6709\u6548\u683c\u5f0f\u4e3a XX.XX.XX.XX \u6216 XX.XX.XX.XX/XX\u3002\u4f8b\u5982\uff0c0.0.0.0/0\u3002 cert\u3002\u901a\u8fc7 TLS \u8bc1\u4e66\u5bf9\u5b9e\u4f8b\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u5c06 TLS \u6807\u8bc6\u6307\u5b9a\u4e3a IDENTKEY\u3002\u6709\u6548\u503c\u662f\u8bc1\u4e66\u516c\u7528\u540d \uff08CN\uff09 \u4e2d\u957f\u5ea6\u4e0d\u8d85\u8fc7 64 \u4e2a\u5b57\u7b26\u7684\u4efb\u4f55\u5b57\u7b26\u4e32\u3002 user\u3002\u6309\u6307\u5b9a\u7684\u7528\u6237\u540d\u6216\u7ec4\u540d\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u6709\u6548\u503c\u662f\u4e00\u4e2a\u5b57\u6bcd\u6570\u5b57\u5b57\u7b26\u4e32\uff0c\u53ef\u4ee5\u5305\u542b\u4e00\u4e9b\u7279\u6b8a\u5b57\u7b26\uff0c\u957f\u5ea6\u4e3a 4 \u5230 32 \u4e2a\u5b57\u7b26\u3002 \u6ce8\u610f \u652f\u6301\u7684\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u53d6\u51b3\u4e8e\u60a8\u914d\u7f6e\u548c\u4f7f\u7528\u7684\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u3001\u5b89\u5168\u670d\u52a1\u548c\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\u3002\u652f\u6301\u7684\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\u5305\u62ec NFS\u3001CIFS\u3001GlusterFS \u548c HDFS\u3002\u652f\u6301\u7684\u5b89\u5168\u670d\u52a1\u5305\u62ec LDAP\u3001Kerberos \u534f\u8bae\u6216 Microsoft Active Directory \u670d\u52a1\u3002\u6709\u5173\u4e0d\u540c\u9a71\u52a8\u7a0b\u5e8f\u652f\u6301\u529f\u80fd\u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u9a6c\u5c3c\u62c9\u5171\u4eab\u529f\u80fd\u652f\u6301\u6620\u5c04\u3002 \u4e0b\u9762\u662f\u4e0e\u901a\u7528\u9a71\u52a8\u7a0b\u5e8f\u5171\u4eab\u7684 NFS \u793a\u4f8b\u3002\u521b\u5efa\u5171\u4eab\u540e\uff0c\u5b83\u5177\u6709\u5bfc\u51fa\u4f4d\u7f6e 10.254.0.3:/shares/share-b2874f8d-d428-4a5c-b056-e6af80a995de \u3002\u5982\u679c\u60a8\u5c1d\u8bd5\u4f7f\u7528 10.254.0.4 IP \u5730\u5740\u5c06\u5176\u6302\u8f7d\u5230\u4e3b\u673a\u4e0a\uff0c\u60a8\u5c06\u6536\u5230\u201c\u6743\u9650\u88ab\u62d2\u7edd\u201d\u6d88\u606f\u3002 # mount.nfs -v 10.254.0.3:/shares/share-b2874f8d-d428-4a5c-b056-e6af80a995de /mnt mount.nfs: timeout set for Mon Oct 12 13:07:47 2015 mount.nfs: trying text-based options 'vers=4,addr=10.254.0.3,clientaddr=10.254.0.4' mount.nfs: mount(2): Permission denied mount.nfs: access denied by server while mounting 10.254.0.3:/shares/share-b2874f8d-... \u4f5c\u4e3a\u7ba1\u7406\u5458\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7 SSH \u8fde\u63a5\u5230\u5177\u6709 IP \u5730\u5740\u7684 10.254.0.3 \u4e3b\u673a\uff0c\u68c0\u67e5\u5176 /etc/exports \u4e0a\u7684\u6587\u4ef6\u5e76\u67e5\u770b\u5b83\u662f\u5426\u4e3a\u7a7a\uff1a # cat /etc/exports # \u6211\u4eec\u5728\u793a\u4f8b\u4e2d\u4f7f\u7528\u7684\u901a\u7528\u9a71\u52a8\u7a0b\u5e8f\u4e0d\u652f\u6301\u4efb\u4f55\u5b89\u5168\u670d\u52a1\uff0c\u56e0\u6b64\u4f7f\u7528 NFS \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\uff0c\u6211\u4eec\u53ea\u80fd\u901a\u8fc7 IP \u5730\u5740\u6388\u4e88\u8bbf\u95ee\u6743\u9650\uff1a $ manila access-allow Share_demo2 ip 10.254.0.4 +--------------+--------------------------------------+ | Property | Value | +--------------+--------------------------------------+ | share_id | e57c25a8-0392-444f-9ffc-5daadb9f756c | | access_type | ip | | access_to | 10.254.0.4 | | access_level | rw | | state | new | | id | 62b8e453-d712-4074-8410-eab6227ba267 | +--------------+--------------------------------------+ \u89c4\u5219\u8fdb\u5165\u72b6\u6001 active \u540e\uff0c\u6211\u4eec\u53ef\u4ee5\u518d\u6b21\u8fde\u63a5\u5230 10.254.0.3 \u4e3b\u673a\u5e76\u68c0\u67e5 /etc/exports \u6587\u4ef6\uff0c\u5e76\u67e5\u770b\u662f\u5426\u6dfb\u52a0\u4e86\u5e26\u6709\u89c4\u5219\u7684\u884c\uff1a # cat /etc/exports /shares/share-b2874f8d-d428-4a5c-b056-e6af80a995de 10.254.0.4(rw,sync,wdelay,hide,nocrossmnt,secure,root_squash,no_all_squash,no_subtree_check,secure_locks,acl,anonuid=65534,anongid=65534,sec=sys,rw,root_squash,no_all_squash) \u73b0\u5728\uff0c\u6211\u4eec\u53ef\u4ee5\u4f7f\u7528 IP \u5730\u5740 10.254.0.4 \u5728\u4e3b\u673a\u4e0a\u6302\u8f7d\u5171\u4eab\uff0c\u5e76\u62e5\u6709 rw \u5171\u4eab\u6743\u9650\uff1a # mount.nfs -v 10.254.0.3:/shares/share-b2874f8d-d428-4a5c-b056-e6af80a995de /mnt # ls -a /mnt . .. lost+found # echo \"Hello!\" > /mnt/1.txt # ls -a /mnt . .. 1.txt lost+found #","title":"\u5171\u4eab\u8bbf\u95ee\u63a7\u5236"},{"location":"security/security-guide/#_183","text":"\u5171\u4eab\u7c7b\u578b\u662f\u7ba1\u7406\u5458\u5b9a\u4e49\u7684\u201c\u670d\u52a1\u7c7b\u578b\u201d\uff0c\u7531\u79df\u6237\u53ef\u89c1\u63cf\u8ff0\u548c\u79df\u6237\u4e0d\u53ef\u89c1\u952e\u503c\u5bf9\u5217\u8868\uff08\u989d\u5916\u89c4\u8303\uff09\u7ec4\u6210\u3002manila-scheduler \u4f7f\u7528\u989d\u5916\u7684\u89c4\u8303\u6765\u505a\u51fa\u8c03\u5ea6\u51b3\u7b56\uff0c\u9a71\u52a8\u7a0b\u5e8f\u63a7\u5236\u5171\u4eab\u521b\u5efa\u3002 \u7ba1\u7406\u5458\u53ef\u4ee5\u521b\u5efa\u548c\u5220\u9664\u5171\u4eab\u7c7b\u578b\uff0c\u8fd8\u53ef\u4ee5\u7ba1\u7406\u5728\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4e2d\u8d4b\u4e88\u5b83\u4eec\u542b\u4e49\u7684\u989d\u5916\u89c4\u8303\u3002\u79df\u6237\u53ef\u4ee5\u5217\u51fa\u5171\u4eab\u7c7b\u578b\uff0c\u5e76\u53ef\u4ee5\u4f7f\u7528\u5b83\u4eec\u521b\u5efa\u65b0\u5171\u4eab\u3002\u6709\u5173\u7ba1\u7406\u5171\u4eab\u7c7b\u578b\u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf API \u548c\u5171\u4eab\u7c7b\u578b\u7ba1\u7406\u6587\u6863\u3002 \u5171\u4eab\u7c7b\u578b\u53ef\u4ee5\u521b\u5efa\u4e3a\u516c\u5171\u548c\u79c1\u6709\u3002\u8fd9\u662f\u5171\u4eab\u7c7b\u578b\u7684\u53ef\u89c1\u6027\u7ea7\u522b\uff0c\u7528\u4e8e\u5b9a\u4e49\u5176\u4ed6\u79df\u6237\u662f\u5426\u53ef\u4ee5\u5728\u5171\u4eab\u7c7b\u578b\u5217\u8868\u4e2d\u770b\u5230\u5b83\uff0c\u5e76\u4f7f\u7528\u5b83\u6765\u521b\u5efa\u65b0\u5171\u4eab\u3002 \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u5171\u4eab\u7c7b\u578b\u521b\u5efa\u4e3a\u516c\u5171\u7c7b\u578b\u3002\u521b\u5efa\u5171\u4eab\u7c7b\u578b\u65f6\uff0c\u8bf7\u4f7f\u7528 --is_public \u53c2\u6570\u96c6 \u8bbe\u7f6e\u4e3a False \u79c1\u6709\u5171\u4eab\u7c7b\u578b\uff0c\u8fd9\u5c06\u9632\u6b62\u5176\u4ed6\u79df\u6237\u5728\u5171\u4eab\u7c7b\u578b\u5217\u8868\u4e2d\u770b\u5230\u5b83\u5e76\u4f7f\u7528\u5b83\u521b\u5efa\u65b0\u5171\u4eab\u3002\u53e6\u4e00\u65b9\u9762\uff0c\u516c\u5171\u5171\u4eab\u7c7b\u578b\u53ef\u4f9b\u4e91\u4e2d\u7684\u6bcf\u4e2a\u79df\u6237\u4f7f\u7528\u3002 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5141\u8bb8\u7ba1\u7406\u5458\u6388\u4e88\u6216\u62d2\u7edd\u5bf9\u79df\u6237\u7684\u4e13\u7528\u5171\u4eab\u7c7b\u578b\u7684\u8bbf\u95ee\u6743\u9650\u3002\u8fd8\u53ef\u4ee5\u83b7\u53d6\u6709\u5173\u6307\u5b9a\u4e13\u7528\u5171\u4eab\u7c7b\u578b\u7684\u8bbf\u95ee\u6743\u9650\u7684\u4fe1\u606f\u3002 \u5efa\u8bae \u7531\u4e8e\u5171\u4eab\u7c7b\u578b\u7531\u4e8e\u5176\u989d\u5916\u7684\u89c4\u8303\u800c\u6709\u52a9\u4e8e\u5728\u7528\u6237\u521b\u5efa\u5171\u4eab\u4e4b\u524d\u7b5b\u9009\u6216\u9009\u62e9\u540e\u7aef\uff0c\u56e0\u6b64\u4f7f\u7528\u5bf9\u5171\u4eab\u7c7b\u578b\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u53ef\u4ee5\u9650\u5236\u5ba2\u6237\u7aef\u9009\u62e9\u7279\u5b9a\u7684\u540e\u7aef\u3002 \u4f8b\u5982\uff0c\u4f5c\u4e3a\u7ba1\u7406\u5458\u79df\u6237\u4e2d\u7684\u7ba1\u7406\u5458\u7528\u6237\uff0c\u53ef\u4ee5\u521b\u5efa\u540d\u4e3a my_type \u7684\u4e13\u7528\u5171\u4eab\u7c7b\u578b\uff0c\u5e76\u5728\u5217\u8868\u4e2d\u67e5\u770b\u5b83\u3002\u5728\u63a7\u5236\u53f0\u793a\u4f8b\u4e2d\uff0c\u7701\u7565\u4e86\u767b\u5f55\u548c\u6ce8\u9500\uff0c\u5e76\u63d0\u4f9b\u4e86\u73af\u5883\u53d8\u91cf\u4ee5\u663e\u793a\u5f53\u524d\u767b\u5f55\u7684\u7528\u6237\u3002 $ env | grep OS_ ... OS_USERNAME=admin OS_TENANT_NAME=admin ... $ manila type-list --all +----+--------+-----------+-----------+-----------------------------------+-----------------------+ | ID | Name | Visibility| is_default| required_extra_specs | optional_extra_specs | +----+--------+-----------+-----------+-----------------------------------+-----------------------+ | 4..| my_type| private | - | driver_handles_share_servers:False| snapshot_support:True | | 5..| default| public | YES | driver_handles_share_servers:True | snapshot_support:True | +----+--------+-----------+-----------+-----------------------------------+-----------------------+ demo \u79df\u6237\u4e2d\u7684 demo \u7528\u6237\u53ef\u4ee5\u5217\u51fa\u7c7b\u578b\uff0c\u5e76\u4e14\u547d\u540d my_type \u7684\u4e13\u7528\u5171\u4eab\u7c7b\u578b\u5bf9\u4ed6\u4e0d\u53ef\u89c1\u3002 $ env | grep OS_ ... OS_USERNAME=demo OS_TENANT_NAME=demo ... $ manila type-list --all +----+--------+-----------+-----------+----------------------------------+----------------------+ | ID | Name | Visibility| is_default| required_extra_specs | optional_extra_specs | +----+--------+-----------+-----------+----------------------------------+----------------------+ | 5..| default| public | YES | driver_handles_share_servers:True| snapshot_support:True| +----+--------+-----------+-----------+----------------------------------+----------------------+ \u7ba1\u7406\u5458\u53ef\u4ee5\u6388\u4e88\u5bf9\u79df\u6237 ID \u7b49\u4e8e df29a37db5ae48d19b349fe947fada46 \u7684\u6f14\u793a\u79df\u6237\u7684\u4e13\u7528\u5171\u4eab\u7c7b\u578b\u7684\u8bbf\u95ee\u6743\u9650\uff1a $ env | grep OS_ ... OS_USERNAME=admin OS_TENANT_NAME=admin ... $ openstack project list +----------------------------------+--------------------+ | ID | Name | +----------------------------------+--------------------+ | ... | ... | | df29a37db5ae48d19b349fe947fada46 | demo | +----------------------------------+--------------------+ $ manila type-access-add my_type df29a37db5ae48d19b349fe947fada46 \u56e0\u6b64\uff0c\u73b0\u5728\u6f14\u793a\u79df\u6237\u4e2d\u7684\u7528\u6237\u53ef\u4ee5\u770b\u5230\u4e13\u7528\u5171\u4eab\u7c7b\u578b\uff0c\u5e76\u5728\u5171\u4eab\u521b\u5efa\u4e2d\u4f7f\u7528\u5b83\uff1a $ env | grep OS_ ... OS_USERNAME=demo OS_TENANT_NAME=demo ... $ manila type-list --all +----+--------+-----------+-----------+-----------------------------------+-----------------------+ | ID | Name | Visibility| is_default| required_extra_specs | optional_extra_specs | +----+--------+-----------+-----------+-----------------------------------+-----------------------+ | 4..| my_type| private | - | driver_handles_share_servers:False| snapshot_support:True | | 5..| default| public | YES | driver_handles_share_servers:True | snapshot_support:True | +----+--------+-----------+-----------+-----------------------------------+- \u8981\u62d2\u7edd\u5bf9\u6307\u5b9a\u9879\u76ee\u7684\u8bbf\u95ee\uff0c\u8bf7\u4f7f\u7528 manila type-access-remove \u547d\u4ee4\u3002 \u5efa\u8bae \u4e00\u4e2a\u771f\u5b9e\u7684\u751f\u4ea7\u7528\u4f8b\u663e\u793a\u4e86\u5171\u4eab\u7c7b\u578b\u7684\u7528\u9014\u548c\u5bf9\u5b83\u4eec\u7684\u8bbf\u95ee\uff0c\u5f53\u4f60\u6709\u4e24\u4e2a\u540e\u7aef\u65f6\uff1a\u5ec9\u4ef7\u7684 LVM \u4f5c\u4e3a\u516c\u5171\u5b58\u50a8\uff0c\u6602\u8d35\u7684 Ceph \u4f5c\u4e3a\u79c1\u6709\u5b58\u50a8\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u53ef\u4ee5\u5411\u67d0\u4e9b\u79df\u6237\u6388\u4e88\u8bbf\u95ee\u6743\u9650\uff0c\u5e76\u4f7f\u7528 `user/group` \u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u8fdb\u884c\u8bbf\u95ee\u3002","title":"\u5171\u4eab\u7c7b\u578b\u8bbf\u95ee\u63a7\u5236"},{"location":"security/security-guide/#_184","text":"\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u6709\u81ea\u5df1\u7684\u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u7b56\u7565\u3002\u5b83\u4eec\u786e\u5b9a\u54ea\u4e2a\u7528\u6237\u53ef\u4ee5\u4ee5\u54ea\u79cd\u65b9\u5f0f\u8bbf\u95ee\u54ea\u4e9b\u5bf9\u8c61\uff0c\u5e76\u5728\u670d\u52a1\u7684 policy.json \u6587\u4ef6\u4e2d\u5b9a\u4e49\u3002 \u5efa\u8bae \u914d\u7f6e\u6587\u4ef6 `policy.json` \u53ef\u4ee5\u653e\u7f6e\u5728\u4efb\u4f55\u4f4d\u7f6e\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u8be5\u8def\u5f84 `/etc/manila/policy.json` \u662f\u5fc5\u9700\u7684\u3002 \u6bcf\u5f53\u5bf9\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u8fdb\u884c API \u8c03\u7528\u65f6\uff0c\u7b56\u7565\u5f15\u64ce\u90fd\u4f1a\u4f7f\u7528\u76f8\u5e94\u7684\u7b56\u7565\u5b9a\u4e49\u6765\u786e\u5b9a\u662f\u5426\u53ef\u4ee5\u63a5\u53d7\u8be5\u8c03\u7528\u3002 \u7b56\u7565\u89c4\u5219\u786e\u5b9a\u5728\u4ec0\u4e48\u60c5\u51b5\u4e0b\u5141\u8bb8 API \u8c03\u7528\u3002\u5f53 /etc/manila/policy.json \u89c4\u5219\u4e3a\u7a7a\u5b57\u7b26\u4e32\u65f6\uff0c\u8be5\u6587\u4ef6\u5177\u6709\u59cb\u7ec8\u5141\u8bb8\u64cd\u4f5c\u7684\u89c4\u5219\uff1a \"\" ;\u57fa\u4e8e\u7528\u6237\u89d2\u8272\u6216\u89c4\u5219\u7684\u89c4\u5219;\u5e26\u6709\u5e03\u5c14\u8868\u8fbe\u5f0f\u7684\u89c4\u5219\u3002\u4e0b\u9762\u662f\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1 policy.json \u7684\u6587\u4ef6\u7247\u6bb5\u3002\u4ece\u4e00\u4e2aOpenStack\u7248\u672c\u5230\u53e6\u4e00\u4e2aOpenStack\u7248\u672c\uff0c\u53ef\u4ee5\u5bf9\u5176\u8fdb\u884c\u66f4\u6539\u3002 { \"context_is_admin\": \"role:admin\", \"admin_or_owner\": \"is_admin:True or project_id:%(project_id)s\", \"default\": \"rule:admin_or_owner\", \"share_extension:quotas:show\": \"\", \"share_extension:quotas:update\": \"rule:admin_api\", \"share_extension:quotas:delete\": \"rule:admin_api\", \"share_extension:quota_classes\": \"\", } \u5fc5\u987b\u5c06\u7528\u6237\u5206\u914d\u5230\u7b56\u7565\u4e2d\u5f15\u7528\u7684\u7ec4\u548c\u89d2\u8272\u3002\u5f53\u4f7f\u7528\u7528\u6237\u7ba1\u7406\u547d\u4ee4\u65f6\uff0c\u670d\u52a1\u4f1a\u81ea\u52a8\u5b8c\u6210\u6b64\u64cd\u4f5c\u3002 \u6ce8\u610f \u4efb\u4f55\u66f4\u6539 `/etc/manila/policy.json` \u90fd\u4f1a\u7acb\u5373\u751f\u6548\uff0c\u8fd9\u5141\u8bb8\u5728\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u8fd0\u884c\u65f6\u5b9e\u65bd\u65b0\u7b56\u7565\u3002\u624b\u52a8\u4fee\u6539\u7b56\u7565\u53ef\u80fd\u4f1a\u4ea7\u751f\u610f\u60f3\u4e0d\u5230\u7684\u526f\u4f5c\u7528\uff0c\u56e0\u6b64\u4e0d\u9f13\u52b1\u8fd9\u6837\u505a\u3002\u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 policy.json \u6587\u4ef6\u3002","title":"\u653f\u7b56"},{"location":"security/security-guide/#_185","text":"","title":"\u68c0\u67e5\u8868"},{"location":"security/security-guide/#check-shared-01-rootmanila","text":"\u914d\u7f6e\u6587\u4ef6\u5305\u542b\u7ec4\u4ef6\u5e73\u7a33\u8fd0\u884c\u6240\u9700\u7684\u5173\u952e\u53c2\u6570\u548c\u4fe1\u606f\u3002\u5982\u679c\u975e\u7279\u6743\u7528\u6237\u6709\u610f\u6216\u65e0\u610f\u5730\u4fee\u6539\u6216\u5220\u9664\u4efb\u4f55\u53c2\u6570\u6216\u6587\u4ef6\u672c\u8eab\uff0c\u5219\u4f1a\u5bfc\u81f4\u4e25\u91cd\u7684\u53ef\u7528\u6027\u95ee\u9898\uff0c\u4ece\u800c\u5bfc\u81f4\u62d2\u7edd\u5411\u5176\u4ed6\u6700\u7ec8\u7528\u6237\u63d0\u4f9b\u670d\u52a1\u3002\u56e0\u6b64\uff0c\u6b64\u7c7b\u5173\u952e\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a root\uff0c\u7ec4\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a manila\u3002\u6b64\u5916\uff0c\u5305\u542b\u76ee\u5f55\u5e94\u5177\u6709\u76f8\u540c\u7684\u6240\u6709\u6743\uff0c\u4ee5\u786e\u4fdd\u6b63\u786e\u62e5\u6709\u65b0\u6587\u4ef6\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%U %G\" /etc/manila/manila.conf | egrep \"root manila\" $ stat -L -c \"%U %G\" /etc/manila/api-paste.ini | egrep \"root manila\" $ stat -L -c \"%U %G\" /etc/manila/policy.json | egrep \"root manila\" $ stat -L -c \"%U %G\" /etc/manila/rootwrap.conf | egrep \"root manila\" $ stat -L -c \"%U %G\" /etc/manila | egrep \"root manila\" \u901a\u8fc7\uff1a\u5982\u679c\u6240\u6709\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u5206\u522b\u8bbe\u7f6e\u4e3a root \u548c manila\u3002\u4e0a\u9762\u7684\u547d\u4ee4\u663e\u793a\u4e86\u6839\u9a6c\u5c3c\u62c9\u7684\u8f93\u51fa\u3002 \u5931\u8d25\uff1a\u5982\u679c\u4e0a\u8ff0\u547d\u4ee4\u672a\u8fd4\u56de\u4efb\u4f55\u8f93\u51fa\uff0c\u56e0\u4e3a\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u53ef\u80fd\u5df2\u8bbe\u7f6e\u4e3a\u9664 root \u4ee5\u5916\u7684\u4efb\u4f55\u7528\u6237\u6216\u9a6c\u5c3c\u62c9\u4ee5\u5916\u7684\u4efb\u4f55\u7ec4\u3002","title":"Check-Shared-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/manila\uff1f"},{"location":"security/security-guide/#check-shared-02","text":"\u4e0e\u524d\u9762\u7684\u68c0\u67e5\u7c7b\u4f3c\uff0c\u5efa\u8bae\u5bf9\u6b64\u7c7b\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e25\u683c\u7684\u8bbf\u95ee\u6743\u9650\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%a\" /etc/manila/manila.conf $ stat -L -c \"%a\" /etc/manila/api-paste.ini $ stat -L -c \"%a\" /etc/manila/policy.json $ stat -L -c \"%a\" /etc/manila/rootwrap.conf $ stat -L -c \"%a\" /etc/manila \u8fd8\u53ef\u4ee5\u8fdb\u884c\u66f4\u5e7f\u6cdb\u7684\u9650\u5236\uff1a\u5982\u679c\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\uff0c\u5219\u4fdd\u8bc1\u6b64\u76ee\u5f55\u4e2d\u65b0\u521b\u5efa\u7684\u6587\u4ef6\u5177\u6709\u6240\u9700\u7684\u6743\u9650\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u6743\u9650\u8bbe\u7f6e\u4e3a 640 \u6216\u66f4\u4e25\u683c\uff0c\u6216\u8005\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\u3002640 \u7684\u6743\u9650\u8f6c\u6362\u4e3a\u6240\u6709\u8005 r/w\u3001\u7ec4 r\uff0c\u800c\u5bf9\u5176\u4ed6\u4eba\u6ca1\u6709\u6743\u9650\uff0c\u5373\u201cu=rw\uff0cg=r\uff0co=\u201d\u3002\u8bf7\u6ce8\u610f\uff0c\u4f7f\u7528 Check-Shared-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/manila\uff1f\u6743\u9650\u8bbe\u7f6e\u4e3a 640\uff0croot \u5177\u6709\u8bfb/\u5199\u8bbf\u95ee\u6743\u9650\uff0cmanila \u5177\u6709\u5bf9\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u8bfb\u53d6\u8bbf\u95ee\u6743\u9650\u3002\u4e5f\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u9a8c\u8bc1\u8bbf\u95ee\u6743\u9650\u3002\u4ec5\u5f53\u6b64\u547d\u4ee4\u652f\u6301 ACL \u65f6\uff0c\u5b83\u624d\u5728\u60a8\u7684\u7cfb\u7edf\u4e0a\u53ef\u7528\u3002 $ getfacl --tabular -a /etc/manila/manila.conf getfacl: Removing leading '/' from absolute path names # file: etc/manila/manila.conf USER root rw- GROUP manila r-- mask r-- other --- \u5931\u8d25\uff1a\u5982\u679c\u6743\u9650\u672a\u8bbe\u7f6e\u4e3a\u81f3\u5c11 640\u3002","title":"Check-Shared-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f"},{"location":"security/security-guide/#check-shared-03openstack-identity","text":"\u6ce8\u610f \u6b64\u9879\u4ec5\u9002\u7528\u4e8e OpenStack \u7248\u672c Rocky \u53ca\u4e4b\u524d\u7248\u672c\uff0c\u56e0\u4e3a `auth_strategy` Stein \u4e2d\u5df2\u5f03\u7528\u3002 OpenStack \u652f\u6301\u5404\u79cd\u8eab\u4efd\u9a8c\u8bc1\u7b56\u7565\uff0c\u5982 noauth \u548c keystone\u3002\u5982\u679c\u4f7f\u7528 ' noauth ' \u7b56\u7565\uff0c\u5219\u7528\u6237\u65e0\u9700\u4efb\u4f55\u8eab\u4efd\u9a8c\u8bc1\u5373\u53ef\u4e0e OpenStack \u670d\u52a1\u8fdb\u884c\u4ea4\u4e92\u3002\u8fd9\u53ef\u80fd\u662f\u4e00\u4e2a\u6f5c\u5728\u7684\u98ce\u9669\uff0c\u56e0\u4e3a\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u83b7\u5f97\u5bf9 OpenStack \u7ec4\u4ef6\u7684\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002\u56e0\u6b64\uff0c\u5f3a\u70c8\u5efa\u8bae\u6240\u6709\u670d\u52a1\u90fd\u5fc5\u987b\u4f7f\u7528\u5176\u670d\u52a1\u5e10\u6237\u901a\u8fc7 keystone \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 auth_strategy \u8bbe\u7f6e\u4e3a keystone \u3002 [DEFAULT] manila.conf \u5931\u8d25\uff1a\u5982\u679c section \u4e0b\u7684 [DEFAULT] \u53c2\u6570 auth_strategy \u503c\u8bbe\u7f6e\u4e3a noauth \u3002","title":"Check-Shared-03\uff1aOpenStack Identity \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f"},{"location":"security/security-guide/#check-shared-04-tls","text":"OpenStack \u7ec4\u4ef6\u4f7f\u7528\u5404\u79cd\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\uff0c\u901a\u4fe1\u53ef\u80fd\u6d89\u53ca\u654f\u611f\u6216\u673a\u5bc6\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5c1d\u8bd5\u7a83\u542c\u9891\u9053\u4ee5\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u6240\u6709\u7ec4\u4ef6\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in /etc/manila/manila.conf \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a Identity API \u7aef\u70b9\u5f00\u5934\uff0c https:// \u5e76\u4e14 same /etc/manila/manila.conf \u4e2d\u540c\u4e00 [keystone_authtoken] \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri insecure \u503c\u8bbe\u7f6e\u4e3a False \u3002 \u5931\u8d25\uff1a\u5982\u679c in /etc/manila/manila.conf \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri \u503c\u672a\u8bbe\u7f6e\u4e3a\u4ee5 \u5f00\u5934\u7684\u8eab\u4efd API \u7aef\u70b9\uff0c https:// \u6216\u8005\u540c\u4e00 /etc/manila/manila.conf \u90e8\u5206\u4e2d\u7684\u53c2\u6570 insecure [keystone_authtoken] \u503c\u8bbe\u7f6e\u4e3a True \u3002","title":"Check-Shared-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f"},{"location":"security/security-guide/#check-shared-05-tls","text":"\u6ce8\u610f \u6b64\u9879\u4ec5\u9002\u7528\u4e8e OpenStack \u7248\u672c Train \u53ca\u4e4b\u524d\u7248\u672c\uff0c\u56e0\u4e3a `auth_strategy` Ussuri \u4e2d\u5df2\u5f03\u7528\u3002 OpenStack \u7ec4\u4ef6\u4f7f\u7528\u5404\u79cd\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\uff0c\u901a\u4fe1\u53ef\u80fd\u6d89\u53ca\u654f\u611f\u6216\u673a\u5bc6\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5c1d\u8bd5\u7a83\u542c\u9891\u9053\u4ee5\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u56e0\u6b64\uff0c\u6240\u6709\u7ec4\u4ef6\u90fd\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u7684\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 nova_api_insecure \u8bbe\u7f6e\u4e3a False \u3002 [DEFAULT] manila.conf \u5931\u8d25\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 nova_api_insecure \u8bbe\u7f6e\u4e3a True \u3002 [DEFAULT] manila.conf","title":"Check-Shared-05\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u8ba1\u7b97\u8054\u7cfb\uff1f"},{"location":"security/security-guide/#check-shared-06-tls","text":"\u6ce8\u610f \u6b64\u9879\u4ec5\u9002\u7528\u4e8e OpenStack \u7248\u672c Train \u53ca\u4e4b\u524d\u7248\u672c\uff0c\u56e0\u4e3a `auth_strategy` Ussuri \u4e2d\u5df2\u5f03\u7528\u3002 \u4e0e\u4e4b\u524d\u7684\u68c0\u67e5\uff08Check-Shared-05\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u8ba1\u7b97\u8054\u7cfb\uff1f\uff09\u7c7b\u4f3c\uff0c\u5efa\u8bae\u6240\u6709\u7ec4\u4ef6\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 neutron_api_insecure \u8bbe\u7f6e\u4e3a False \u3002 [DEFAULT] manila.conf \u5931\u8d25\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 neutron_api_insecure \u8bbe\u7f6e\u4e3a True \u3002 [DEFAULT] manila.conf","title":"Check-Shared-06\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u7f51\u7edc\u8054\u7cfb\uff1f"},{"location":"security/security-guide/#check-shared-07-tls","text":"\u6ce8\u610f \u6b64\u9879\u4ec5\u9002\u7528\u4e8e OpenStack \u7248\u672c Train \u53ca\u4e4b\u524d\u7248\u672c\uff0c\u56e0\u4e3a `auth_strategy` Ussuri \u4e2d\u5df2\u5f03\u7528\u3002 \u4e0e\u4e4b\u524d\u7684\u68c0\u67e5\uff08Check-Shared-05\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u8ba1\u7b97\u8054\u7cfb\uff1f\uff09\u7c7b\u4f3c\uff0c\u5efa\u8bae\u6240\u6709\u7ec4\u4ef6\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 cinder_api_insecure \u8bbe\u7f6e\u4e3a False \u3002 [DEFAULT] manila.conf \u5931\u8d25\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 cinder_api_insecure \u8bbe\u7f6e\u4e3a True \u3002 [DEFAULT] manila.conf","title":"Check-Shared-07\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u5757\u5b58\u50a8\u8054\u7cfb\uff1f"},{"location":"security/security-guide/#check-shared-08-114688","text":"\u5982\u679c\u672a\u5b9a\u4e49\u6bcf\u4e2a\u8bf7\u6c42\u7684\u6700\u5927\u6b63\u6587\u5927\u5c0f\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u6784\u5efa\u4efb\u610f\u8f83\u5927\u7684OSAPI\u8bf7\u6c42\uff0c\u5bfc\u81f4\u670d\u52a1\u5d29\u6e83\uff0c\u6700\u7ec8\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u5206\u914d\u6700\u5927\u503c\u53ef\u786e\u4fdd\u963b\u6b62\u4efb\u4f55\u6076\u610f\u8d85\u5927\u8bf7\u6c42\uff0c\u4ece\u800c\u786e\u4fdd\u670d\u52a1\u7684\u6301\u7eed\u53ef\u7528\u6027\u3002 \u901a\u8fc7\uff1a\u5982\u679c in \u8282\u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a \uff0c\u6216\u8005 in manila.conf manila.conf \u8282\u4e0b\u7684 [oslo_middleware] [DEFAULT] \u53c2\u6570 max_request_body_size osapi_max_request_body_size \u503c\u8bbe\u7f6e\u4e3a 114688 \u3002 114688 \u4e0b\u9762\u7684 [DEFAULT] \u53c2\u6570 osapi_max_request_body_size \u5df2\u5f03\u7528\uff0c\u6700\u597d\u4f7f\u7528 [oslo_middleware]/ max_request_body_size \u3002 \u5931\u8d25\uff1a\u5982\u679c in manila.conf \u8282\u4e0b\u7684\u53c2\u6570\u503c\u672a\u8bbe\u7f6e\u4e3a 114688 \uff0c\u6216\u8005 in manila.conf \u8282\u4e0b\u7684 [DEFAULT] [oslo_middleware] \u53c2\u6570 max_request_body_size osapi_max_request_body_size \u503c\u672a\u8bbe\u7f6e\u4e3a 114688 \u3002","title":"Check-Shared-08\uff1a\u8bf7\u6c42\u6b63\u6587\u7684\u6700\u5927\u5927\u5c0f\u662f\u5426\u8bbe\u7f6e\u4e3a\u9ed8\u8ba4\u503c \uff08114688\uff09\uff1f"},{"location":"security/security-guide/#_186","text":"OpenStack \u7f51\u7edc\u670d\u52a1 \uff08neutron\uff09 \u4f7f\u6700\u7ec8\u7528\u6237\u6216\u79df\u6237\u80fd\u591f\u5b9a\u4e49\u3001\u5229\u7528\u548c\u4f7f\u7528\u7f51\u7edc\u8d44\u6e90\u3002OpenStack Networking \u63d0\u4f9b\u4e86\u4e00\u4e2a\u9762\u5411\u79df\u6237\u7684 API\uff0c\u7528\u4e8e\u5b9a\u4e49\u4e91\u4e2d\u5b9e\u4f8b\u7684\u7f51\u7edc\u8fde\u63a5\u548c IP \u5bfb\u5740\uff0c\u4ee5\u53ca\u7f16\u6392\u7f51\u7edc\u914d\u7f6e\u3002\u968f\u7740\u5411\u4ee5 API \u4e3a\u4e2d\u5fc3\u7684\u7f51\u7edc\u670d\u52a1\u7684\u8fc7\u6e21\uff0c\u4e91\u67b6\u6784\u5e08\u548c\u7ba1\u7406\u5458\u5e94\u8003\u8651\u6700\u4f73\u5b9e\u8df5\u6765\u4fdd\u62a4\u7269\u7406\u548c\u865a\u62df\u7f51\u7edc\u57fa\u7840\u67b6\u6784\u548c\u670d\u52a1\u3002 OpenStack Networking \u91c7\u7528\u63d2\u4ef6\u67b6\u6784\u8bbe\u8ba1\uff0c\u901a\u8fc7\u5f00\u6e90\u793e\u533a\u6216\u7b2c\u4e09\u65b9\u670d\u52a1\u63d0\u4f9b API \u7684\u53ef\u6269\u5c55\u6027\u3002\u5728\u8bc4\u4f30\u67b6\u6784\u8bbe\u8ba1\u8981\u6c42\u65f6\uff0c\u786e\u5b9a OpenStack Networking \u6838\u5fc3\u670d\u52a1\u4e2d\u6709\u54ea\u4e9b\u529f\u80fd\u3001\u7b2c\u4e09\u65b9\u4ea7\u54c1\u63d0\u4f9b\u7684\u4efb\u4f55\u5176\u4ed6\u670d\u52a1\u4ee5\u53ca\u9700\u8981\u5728\u7269\u7406\u57fa\u7840\u67b6\u6784\u4e2d\u5b9e\u73b0\u54ea\u4e9b\u8865\u5145\u670d\u52a1\u975e\u5e38\u91cd\u8981\u3002 \u672c\u8282\u7b80\u8981\u6982\u8ff0\u4e86\u5728\u5b9e\u73b0 OpenStack Networking \u65f6\u5e94\u8003\u8651\u54ea\u4e9b\u6d41\u7a0b\u548c\u6700\u4f73\u5b9e\u8df5\u3002 \u7f51\u7edc\u67b6\u6784 \u5728\u7269\u7406\u670d\u52a1\u5668\u4e0a\u653e\u7f6e OpenStack Networking \u670d\u52a1 \u7f51\u7edc\u670d\u52a1 \u4f7f\u7528 VLAN \u548c\u96a7\u9053\u7684 L2 \u9694\u79bb \u7f51\u7edc\u670d\u52a1 \u7f51\u7edc\u670d\u52a1\u6269\u5c55 \u7f51\u7edc\u670d\u52a1\u9650\u5236 \u7f51\u7edc\u670d\u52a1\u5b89\u5168\u6700\u4f73\u505a\u6cd5 OpenStack Networking \u670d\u52a1\u914d\u7f6e \u4fdd\u62a4 OpenStack \u7f51\u7edc\u670d\u52a1 \u9879\u76ee\u7f51\u7edc\u670d\u52a1\u5de5\u4f5c\u6d41\u7a0b \u7f51\u7edc\u8d44\u6e90\u7b56\u7565\u5f15\u64ce \u5b89\u5168\u7ec4 \u914d\u989d \u7f13\u89e3 ARP \u6b3a\u9a97 \u68c0\u67e5\u8868 Check-Neutron-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/neutron\uff1f Check-Neutron-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Neutron-03\uff1aKeystone\u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Neutron-04\uff1a\u662f\u5426\u4f7f\u7528\u5b89\u5168\u534f\u8bae\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Neutron-05\uff1aNeutron API \u670d\u52a1\u5668\u4e0a\u662f\u5426\u542f\u7528\u4e86 TLS\uff1f","title":"\u8054\u7f51"},{"location":"security/security-guide/#_187","text":"OpenStack Networking \u662f\u4e00\u4e2a\u72ec\u7acb\u7684\u670d\u52a1\uff0c\u901a\u5e38\u5728\u591a\u4e2a\u8282\u70b9\u4e0a\u90e8\u7f72\u591a\u4e2a\u8fdb\u7a0b\u3002\u8fd9\u4e9b\u8fdb\u7a0b\u5f7c\u6b64\u4ea4\u4e92\uff0c\u5e76\u4e0e\u5176\u4ed6 OpenStack \u670d\u52a1\u4ea4\u4e92\u3002OpenStack Networking \u670d\u52a1\u7684\u4e3b\u8981\u8fdb\u7a0b\u662f neutron-server\uff0c\u8fd9\u662f\u4e00\u4e2a Python \u5b88\u62a4\u8fdb\u7a0b\uff0c\u5b83\u516c\u5f00 OpenStack Networking API\uff0c\u5e76\u5c06\u79df\u6237\u8bf7\u6c42\u4f20\u9012\u7ed9\u4e00\u7ec4\u63d2\u4ef6\u8fdb\u884c\u989d\u5916\u5904\u7406\u3002 OpenStack Networking \u7ec4\u4ef6\u5305\u62ec\uff1a neutron \u670d\u52a1\u5668\uff08neutron-server \u548c neutron-*-plugin\uff09 \u6b64\u670d\u52a1\u5728\u7f51\u7edc\u8282\u70b9\u4e0a\u8fd0\u884c\uff0c\u4e3a\u7f51\u7edc API \u53ca\u5176\u6269\u5c55\u63d0\u4f9b\u670d\u52a1\u3002\u5b83\u8fd8\u5f3a\u5236\u6267\u884c\u6bcf\u4e2a\u7aef\u53e3\u7684\u7f51\u7edc\u6a21\u578b\u548c IP \u5bfb\u5740\u3002neutron-server \u9700\u8981\u95f4\u63a5\u8bbf\u95ee\u6301\u4e45\u6027\u6570\u636e\u5e93\u3002\u8fd9\u662f\u901a\u8fc7\u63d2\u4ef6\u5b9e\u73b0\u7684\uff0c\u63d2\u4ef6\u4f7f\u7528 AMQP\uff08\u9ad8\u7ea7\u6d88\u606f\u961f\u5217\u534f\u8bae\uff09\u4e0e\u6570\u636e\u5e93\u8fdb\u884c\u901a\u4fe1\u3002 \u63d2\u4ef6\u4ee3\u7406 \uff08neutron-*-agent\uff09 \u5728\u6bcf\u4e2a\u8ba1\u7b97\u8282\u70b9\u4e0a\u8fd0\u884c\uff0c\u4ee5\u7ba1\u7406\u672c\u5730\u865a\u62df\u4ea4\u6362\u673a \uff08vswitch\uff09 \u914d\u7f6e\u3002\u60a8\u4f7f\u7528\u7684\u63d2\u4ef6\u51b3\u5b9a\u4e86\u8fd0\u884c\u54ea\u4e9b\u4ee3\u7406\u3002\u6b64\u670d\u52a1\u9700\u8981\u6d88\u606f\u961f\u5217\u8bbf\u95ee\uff0c\u5e76\u53d6\u51b3\u4e8e\u6240\u4f7f\u7528\u7684\u63d2\u4ef6\u3002\u4e00\u4e9b\u63d2\u4ef6\uff0c\u5982 OpenDaylight\uff08ODL\uff09 \u548c\u5f00\u653e\u865a\u62df\u7f51\u7edc \uff08OVN\uff09\uff0c\u5728\u8ba1\u7b97\u8282\u70b9\u4e0a\u4e0d\u9700\u8981\u4efb\u4f55 python \u4ee3\u7406\u3002 DHCP \u4ee3\u7406 \uff08neutron-dhcp-agent\uff09 \u4e3a\u79df\u6237\u7f51\u7edc\u63d0\u4f9bDHCP\u670d\u52a1\u3002\u6b64\u4ee3\u7406\u5728\u6240\u6709\u63d2\u4ef6\u4e2d\u90fd\u662f\u76f8\u540c\u7684\uff0c\u5e76\u8d1f\u8d23\u7ef4\u62a4 DHCP \u914d\u7f6e\u3002neutron-dhcp-agent \u9700\u8981\u6d88\u606f\u961f\u5217\u8bbf\u95ee\u3002\u53ef\u9009\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u63d2\u4ef6\u3002 L3 \u4ee3\u7406\uff08neutron-L3-agent\uff09 \u4e3a\u79df\u6237\u7f51\u7edc\u4e0a\u7684\u865a\u62df\u673a\u63d0\u4f9b L3/NAT \u8f6c\u53d1\u3002\u9700\u8981\u6d88\u606f\u961f\u5217\u8bbf\u95ee\u6743\u9650\u3002\u53ef\u9009\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u63d2\u4ef6\u3002 \u7f51\u7edc\u63d0\u4f9b\u5546\u670d\u52a1\uff08SDN \u670d\u52a1\u5668/\u670d\u52a1\uff09 \u4e3a\u79df\u6237\u7f51\u7edc\u63d0\u4f9b\u5176\u4ed6\u7f51\u7edc\u670d\u52a1\u3002\u8fd9\u4e9b SDN \u670d\u52a1\u53ef\u4ee5\u901a\u8fc7 REST API \u7b49\u901a\u4fe1\u901a\u9053\u4e0e neutron-server\u3001neutron-plugin \u548c plugin-agents \u8fdb\u884c\u4ea4\u4e92\u3002 \u4e0b\u56fe\u663e\u793a\u4e86 OpenStack Networking \u7ec4\u4ef6\u7684\u67b6\u6784\u548c\u7f51\u7edc\u6d41\u7a0b\u56fe\uff1a","title":"\u7f51\u7edc\u67b6\u6784"},{"location":"security/security-guide/#openstack-networking","text":"\u672c\u6307\u5357\u91cd\u70b9\u4ecb\u7ecd\u4e00\u4e2a\u6807\u51c6\u67b6\u6784\uff0c\u5176\u4e2d\u5305\u62ec\u4e00\u4e2a\u4e91\u63a7\u5236\u5668\u4e3b\u673a\u3001\u4e00\u4e2a\u7f51\u7edc\u4e3b\u673a\u548c\u4e00\u7ec4\u7528\u4e8e\u8fd0\u884c VM \u7684\u8ba1\u7b97\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u3002","title":"OpenStack Networking \u670d\u52a1\u5728\u7269\u7406\u670d\u52a1\u5668\u4e0a\u7684\u653e\u7f6e"},{"location":"security/security-guide/#_188","text":"\u6807\u51c6\u7684 OpenStack Networking \u8bbe\u7f6e\u6700\u591a\u6709\u56db\u4e2a\u4e0d\u540c\u7684\u7269\u7406\u6570\u636e\u4e2d\u5fc3\u7f51\u7edc\uff1a \u7ba1\u7406\u7f51\u7edc \u7528\u4e8e OpenStack \u7ec4\u4ef6\u4e4b\u95f4\u7684\u5185\u90e8\u901a\u4fe1\u3002\u6b64\u7f51\u7edc\u4e0a\u7684 IP \u5730\u5740\u5e94\u53ea\u80fd\u5728\u6570\u636e\u4e2d\u5fc3\u5185\u8bbf\u95ee\uff0c\u5e76\u88ab\u89c6\u4e3a\u7ba1\u7406\u5b89\u5168\u57df\u3002 \u8bbf\u5ba2\u7f51\u7edc \u7528\u4e8e\u4e91\u90e8\u7f72\u4e2d\u7684 VM \u6570\u636e\u901a\u4fe1\u3002\u6b64\u7f51\u7edc\u7684 IP \u5bfb\u5740\u8981\u6c42\u53d6\u51b3\u4e8e\u6240\u4f7f\u7528\u7684 OpenStack Networking \u63d2\u4ef6\u4ee5\u53ca\u79df\u6237\u5bf9\u865a\u62df\u7f51\u7edc\u6240\u505a\u7684\u7f51\u7edc\u914d\u7f6e\u9009\u62e9\u3002\u6b64\u7f51\u7edc\u88ab\u89c6\u4e3a\u5ba2\u6237\u673a\u5b89\u5168\u57df\u3002 \u5916\u90e8\u7f51\u7edc \u7528\u4e8e\u5728\u67d0\u4e9b\u90e8\u7f72\u65b9\u6848\u4e2d\u4e3a VM \u63d0\u4f9b Internet \u8bbf\u95ee\u6743\u9650\u3002Internet \u4e0a\u7684\u4efb\u4f55\u4eba\u90fd\u53ef\u4ee5\u8bbf\u95ee\u6b64\u7f51\u7edc\u4e0a\u7684 IP \u5730\u5740\u3002\u6b64\u7f51\u7edc\u88ab\u89c6\u4e3a\u5c5e\u4e8e\u516c\u5171\u5b89\u5168\u57df\u3002 API\u7f51\u7edc \u5411\u79df\u6237\u516c\u5f00\u6240\u6709 OpenStack API\uff0c\u5305\u62ec OpenStack \u7f51\u7edc API\u3002Internet \u4e0a\u7684\u4efb\u4f55\u4eba\u90fd\u53ef\u4ee5\u8bbf\u95ee\u6b64\u7f51\u7edc\u4e0a\u7684 IP \u5730\u5740\u3002\u8fd9\u53ef\u80fd\u4e0e\u5916\u90e8\u7f51\u7edc\u662f\u540c\u4e00\u7f51\u7edc\uff0c\u56e0\u4e3a\u53ef\u4ee5\u4e3a\u4f7f\u7528 IP \u5206\u914d\u8303\u56f4\u7684\u5916\u90e8\u7f51\u7edc\u521b\u5efa\u4e00\u4e2a\u5b50\u7f51\uff0c\u4ee5\u4fbf\u4ec5\u4f7f\u7528 IP \u5757\u4e2d\u5c0f\u4e8e\u5168\u90e8\u8303\u56f4\u7684 IP \u5730\u5740\u3002\u6b64\u7f51\u7edc\u88ab\u89c6\u4e3a\u516c\u5171\u5b89\u5168\u57df\u3002 \u6709\u5173\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u300aOpenStack \u7ba1\u7406\u5458\u6307\u5357\u300b\u3002","title":"\u7269\u7406\u670d\u52a1\u5668\u7684\u7f51\u7edc\u8fde\u63a5"},{"location":"security/security-guide/#_189","text":"\u5728\u8bbe\u8ba1 OpenStack \u7f51\u7edc\u57fa\u7840\u67b6\u6784\u7684\u521d\u59cb\u67b6\u6784\u9636\u6bb5\uff0c\u786e\u4fdd\u63d0\u4f9b\u9002\u5f53\u7684\u4e13\u4e1a\u77e5\u8bc6\u6765\u534f\u52a9\u8bbe\u8ba1\u7269\u7406\u7f51\u7edc\u57fa\u7840\u67b6\u6784\uff0c\u786e\u5b9a\u9002\u5f53\u7684\u5b89\u5168\u63a7\u5236\u548c\u5ba1\u8ba1\u673a\u5236\u975e\u5e38\u91cd\u8981\u3002 OpenStack Networking \u589e\u52a0\u4e86\u4e00\u5c42\u865a\u62df\u5316\u7f51\u7edc\u670d\u52a1\uff0c\u4f7f\u79df\u6237\u80fd\u591f\u6784\u5efa\u81ea\u5df1\u7684\u865a\u62df\u7f51\u7edc\u3002\u76ee\u524d\uff0c\u8fd9\u4e9b\u865a\u62df\u5316\u670d\u52a1\u8fd8\u6ca1\u6709\u4f20\u7edf\u7f51\u7edc\u7684\u6210\u719f\u3002\u5728\u91c7\u7528\u8fd9\u4e9b\u865a\u62df\u5316\u670d\u52a1\u4e4b\u524d\uff0c\u8bf7\u8003\u8651\u8fd9\u4e9b\u670d\u52a1\u7684\u5f53\u524d\u72b6\u6001\uff0c\u56e0\u4e3a\u5b83\u51b3\u5b9a\u4e86\u60a8\u53ef\u80fd\u9700\u8981\u5728\u865a\u62df\u5316\u548c\u4f20\u7edf\u7f51\u7edc\u8fb9\u754c\u4e0a\u5b9e\u73b0\u54ea\u4e9b\u63a7\u5236\u3002","title":"\u7f51\u7edc\u670d\u52a1"},{"location":"security/security-guide/#vlan-l2","text":"OpenStack Networking \u53ef\u4ee5\u91c7\u7528\u4e24\u79cd\u4e0d\u540c\u7684\u673a\u5236\u5bf9\u6bcf\u4e2a\u79df\u6237/\u7f51\u7edc\u7ec4\u5408\u8fdb\u884c\u6d41\u91cf\u9694\u79bb\uff1aVLAN\uff08IEEE 802.1Q \u6807\u8bb0\uff09\u6216\u4f7f\u7528 GRE \u5c01\u88c5\u7684 L2 \u96a7\u9053\u3002OpenStack \u90e8\u7f72\u7684\u8303\u56f4\u548c\u89c4\u6a21\u51b3\u5b9a\u4e86\u60a8\u5e94\u8be5\u4f7f\u7528\u54ea\u79cd\u65b9\u6cd5\u8fdb\u884c\u6d41\u91cf\u9694\u79bb\u6216\u9694\u79bb\u3002","title":"\u4f7f\u7528 VLAN \u548c\u96a7\u9053\u7684 L2 \u9694\u79bb"},{"location":"security/security-guide/#vlans","text":"VLAN \u5728\u7279\u5b9a\u7269\u7406\u7f51\u7edc\u4e0a\u5b9e\u73b0\u4e3a\u6570\u636e\u5305\uff0c\u5176\u4e2d\u5305\u542b\u5177\u6709\u7279\u5b9a VLAN ID \uff08VID\uff09 \u5b57\u6bb5\u503c\u7684 IEEE 802.1Q \u6807\u5934\u3002\u5171\u4eab\u540c\u4e00\u7269\u7406\u7f51\u7edc\u7684 VLAN \u7f51\u7edc\u5728 L2 \u4e0a\u5f7c\u6b64\u9694\u79bb\uff0c\u751a\u81f3\u53ef\u4ee5\u6709\u91cd\u53e0\u7684 IP \u5730\u5740\u7a7a\u95f4\u3002\u6bcf\u4e2a\u652f\u6301 VLAN \u7f51\u7edc\u7684\u4e0d\u540c\u7269\u7406\u7f51\u7edc\u90fd\u88ab\u89c6\u4e3a\u4e00\u4e2a\u5355\u72ec\u7684 VLAN \u4e2d\u7ee7\uff0c\u5177\u6709\u4e0d\u540c\u7684 VID \u503c\u7a7a\u95f4\u3002\u6709\u6548\u7684 VID \u503c\u4e3a 1 \u5230 4094\u3002 VLAN \u914d\u7f6e\u7684\u590d\u6742\u6027\u53d6\u51b3\u4e8e\u60a8\u7684 OpenStack \u8bbe\u8ba1\u8981\u6c42\u3002\u4e3a\u4e86\u8ba9 OpenStack Networking \u80fd\u591f\u6709\u6548\u5730\u4f7f\u7528 VLAN\uff0c\u60a8\u5fc5\u987b\u5206\u914d\u4e00\u4e2a VLAN \u8303\u56f4\uff08\u6bcf\u4e2a\u79df\u6237\u4e00\u4e2a\uff09\uff0c\u5e76\u5c06\u6bcf\u4e2a\u8ba1\u7b97\u8282\u70b9\u7269\u7406\u4ea4\u6362\u673a\u7aef\u53e3\u8f6c\u6362\u4e3a VLAN \u4e2d\u7ee7\u7aef\u53e3\u3002 \u6ce8\u610f \u5982\u679c\u60a8\u6253\u7b97\u8ba9\u60a8\u7684\u7f51\u7edc\u652f\u6301\u8d85\u8fc7 4094 \u4e2a\u79df\u6237\uff0c\u5219 VLAN \u53ef\u80fd\u4e0d\u662f\u60a8\u7684\u6b63\u786e\u9009\u62e9\uff0c\u56e0\u4e3a\u9700\u8981\u591a\u4e2a\u201c\u9ed1\u5ba2\u201d\u624d\u80fd\u5c06 VLAN \u6807\u8bb0\u6269\u5c55\u5230\u8d85\u8fc7 4094 \u4e2a\u79df\u6237\u3002","title":"VLANs"},{"location":"security/security-guide/#l2","text":"\u7f51\u7edc\u96a7\u9053\u4f7f\u7528\u552f\u4e00\u7684\u201ctunnel-id\u201d\u5c01\u88c5\u6bcf\u4e2a\u79df\u6237/\u7f51\u7edc\u7ec4\u5408\uff0c\u8be5 ID \u7528\u4e8e\u6807\u8bc6\u5c5e\u4e8e\u8be5\u7ec4\u5408\u7684\u7f51\u7edc\u6d41\u91cf\u3002\u79df\u6237\u7684 L2 \u7f51\u7edc\u8fde\u63a5\u4e0e\u7269\u7406\u4f4d\u7f6e\u6216\u57fa\u7840\u7f51\u7edc\u8bbe\u8ba1\u65e0\u5173\u3002\u901a\u8fc7\u5c06\u6d41\u91cf\u5c01\u88c5\u5728 IP \u6570\u636e\u5305\u4e2d\uff0c\u8be5\u6d41\u91cf\u53ef\u4ee5\u8de8\u8d8a\u7b2c 3 \u5c42\u8fb9\u754c\uff0c\u65e0\u9700\u9884\u914d\u7f6e VLAN \u548c VLAN \u4e2d\u7ee7\u3002\u96a7\u9053\u4e3a\u7f51\u7edc\u6570\u636e\u6d41\u91cf\u589e\u52a0\u4e86\u4e00\u5c42\u6df7\u6dc6\uff0c\u4ece\u76d1\u63a7\u7684\u89d2\u5ea6\u964d\u4f4e\u4e86\u5355\u4e2a\u79df\u6237\u6d41\u91cf\u7684\u53ef\u89c1\u6027\u3002 OpenStack Networking \u76ee\u524d\u652f\u6301 GRE \u548c VXLAN \u5c01\u88c5\u3002 \u63d0\u4f9b L2 \u9694\u79bb\u7684\u6280\u672f\u9009\u62e9\u53d6\u51b3\u4e8e\u5c06\u5728\u90e8\u7f72\u4e2d\u521b\u5efa\u7684\u79df\u6237\u7f51\u7edc\u7684\u8303\u56f4\u548c\u5927\u5c0f\u3002\u5982\u679c\u60a8\u7684\u73af\u5883\u7684 VLAN ID \u53ef\u7528\u6027\u6709\u9650\u6216\u5c06\u5177\u6709\u5927\u91cf L2 \u7f51\u7edc\uff0c\u6211\u4eec\u5efa\u8bae\u60a8\u4f7f\u7528\u96a7\u9053\u3002","title":"L2 \u96a7\u9053"},{"location":"security/security-guide/#_190","text":"\u79df\u6237\u7f51\u7edc\u9694\u79bb\u7684\u9009\u62e9\u4f1a\u5f71\u54cd\u79df\u6237\u670d\u52a1\u7684\u7f51\u7edc\u5b89\u5168\u548c\u63a7\u5236\u8fb9\u754c\u7684\u5b9e\u73b0\u65b9\u5f0f\u3002\u4ee5\u4e0b\u9644\u52a0\u7f51\u7edc\u670d\u52a1\u5df2\u7ecf\u53ef\u7528\u6216\u76ee\u524d\u6b63\u5728\u5f00\u53d1\u4e2d\uff0c\u4ee5\u589e\u5f3a OpenStack \u7f51\u7edc\u67b6\u6784\u7684\u5b89\u5168\u6001\u52bf\u3002","title":"\u7f51\u7edc\u670d\u52a1"},{"location":"security/security-guide/#_191","text":"OpenStack \u8ba1\u7b97\u5728\u4e0e\u65e7\u7248 nova-network \u670d\u52a1\u4e00\u8d77\u90e8\u7f72\u65f6\u76f4\u63a5\u652f\u6301\u79df\u6237\u7f51\u7edc\u6d41\u91cf\u8bbf\u95ee\u63a7\u5236\uff0c\u6216\u8005\u53ef\u4ee5\u5c06\u8bbf\u95ee\u63a7\u5236\u63a8\u8fdf\u5230 OpenStack Networking \u670d\u52a1\u3002 \u8bf7\u6ce8\u610f\uff0c\u65e7\u7248 nova-network \u5b89\u5168\u7ec4\u4f7f\u7528 iptables \u5e94\u7528\u4e8e\u5b9e\u4f8b\u4e0a\u7684\u6240\u6709\u865a\u62df\u63a5\u53e3\u7aef\u53e3\u3002 \u5b89\u5168\u7ec4\u5141\u8bb8\u7ba1\u7406\u5458\u548c\u79df\u6237\u6307\u5b9a\u6d41\u91cf\u7c7b\u578b\u4ee5\u53ca\u5141\u8bb8\u901a\u8fc7\u865a\u62df\u63a5\u53e3\u7aef\u53e3\u7684\u65b9\u5411\uff08\u5165\u53e3/\u51fa\u53e3\uff09\u3002\u5b89\u5168\u7ec4\u89c4\u5219\u662f\u6709\u72b6\u6001\u7684 L2-L4 \u6d41\u91cf\u8fc7\u6ee4\u5668\u3002 \u4f7f\u7528\u7f51\u7edc\u670d\u52a1\u65f6\uff0c\u5efa\u8bae\u5728\u6b64\u670d\u52a1\u4e2d\u542f\u7528\u5b89\u5168\u7ec4\uff0c\u5e76\u5728\u8ba1\u7b97\u670d\u52a1\u4e2d\u7981\u7528\u5b89\u5168\u7ec4\u3002","title":"\u8bbf\u95ee\u63a7\u5236\u5217\u8868"},{"location":"security/security-guide/#l3-nat","text":"OpenStack Networking \u8def\u7531\u5668\u53ef\u4ee5\u8fde\u63a5\u591a\u4e2a L2 \u7f51\u7edc\uff0c\u5e76\u4e14\u8fd8\u53ef\u4ee5\u63d0\u4f9b\u8fde\u63a5\u4e00\u4e2a\u6216\u591a\u4e2a\u79c1\u6709 L2 \u7f51\u7edc\u5230\u5171\u4eab\u5916\u90e8\u7f51\u7edc\uff08\u4f8b\u5982\u7528\u4e8e\u8bbf\u95ee\u4e92\u8054\u7f51\u7684\u516c\u5171\u7f51\u7edc\uff09\u7684\u7f51\u5173\u3002 L3 \u8def\u7531\u5668\u5728\u5c06\u8def\u7531\u5668\u4e0a\u884c\u94fe\u8def\u5230\u5916\u90e8\u7f51\u7edc\u7684\u7f51\u5173\u7aef\u53e3\u4e0a\u63d0\u4f9b\u57fa\u672c\u7684\u7f51\u7edc\u5730\u5740\u8f6c\u6362 \uff08NAT\uff09 \u529f\u80fd\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u6b64\u8def\u7531\u5668\u4f1a SNAT\uff08\u9759\u6001 NAT\uff09\u6240\u6709\u6d41\u91cf\uff0c\u5e76\u652f\u6301\u6d6e\u52a8 IP\uff0c\u8fd9\u4f1a\u521b\u5efa\u4ece\u5916\u90e8\u7f51\u7edc\u4e0a\u7684\u516c\u5171 IP \u5230\u8fde\u63a5\u5230\u8def\u7531\u5668\u7684\u5176\u4ed6\u5b50\u7f51\u4e0a\u7684\u4e13\u7528 IP \u7684\u9759\u6001\u4e00\u5bf9\u4e00\u6620\u5c04\u3002 \u6211\u4eec\u5efa\u8bae\u5229\u7528\u6bcf\u4e2a\u79df\u6237\u7684 L3 \u8def\u7531\u548c\u6d6e\u52a8 IP \u6765\u5b9e\u73b0\u79df\u6237 VM \u7684\u66f4\u7cbe\u7ec6\u8fde\u63a5\u3002","title":"L3 \u8def\u7531\u548c NAT"},{"location":"security/security-guide/#qos","text":"\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u670d\u52a1\u8d28\u91cf \uff08QoS\uff09 \u7b56\u7565\u548c\u89c4\u5219\u7531\u4e91\u7ba1\u7406\u5458\u7ba1\u7406\uff0c\u8fd9\u4f1a\u5bfc\u81f4\u79df\u6237\u65e0\u6cd5\u521b\u5efa\u7279\u5b9a\u7684 QoS \u89c4\u5219\uff0c\u4e5f\u65e0\u6cd5\u5c06\u7279\u5b9a\u7aef\u53e3\u9644\u52a0\u5230\u7b56\u7565\u3002\u5728\u67d0\u4e9b\u7528\u4f8b\u4e2d\uff0c\u4f8b\u5982\u67d0\u4e9b\u7535\u4fe1\u5e94\u7528\u7a0b\u5e8f\uff0c\u7ba1\u7406\u5458\u53ef\u80fd\u4fe1\u4efb\u79df\u6237\uff0c\u56e0\u6b64\u5141\u8bb8\u4ed6\u4eec\u521b\u5efa\u81ea\u5df1\u7684\u7b56\u7565\u5e76\u5c06\u5176\u9644\u52a0\u5230\u7aef\u53e3\u3002\u8fd9\u53ef\u4ee5\u901a\u8fc7\u4fee\u6539 policy.json \u6587\u4ef6\u548c\u7279\u5b9a\u6587\u6863\u6765\u5b9e\u73b0\u3002\u5c06\u4e0e\u6269\u5c55\u4e00\u8d77\u53d1\u5e03\u3002 \u7f51\u7edc\u670d\u52a1 \uff08neutron\uff09 \u652f\u6301 Liberty \u53ca\u66f4\u9ad8\u7248\u672c\u4e2d\u7684\u5e26\u5bbd\u9650\u5236 QoS \u89c4\u5219\u3002\u6b64 QoS \u89c4\u5219\u5df2\u547d\u540d QosBandwidthLimitRule \uff0c\u5b83\u63a5\u53d7\u4e24\u4e2a\u975e\u8d1f\u6574\u6570\uff0c\u4ee5\u5343\u6bd4\u7279/\u79d2\u4e3a\u5355\u4f4d\uff1a max-kbps \uff1a\u5e26\u5bbd max-burst-kbps \uff1a\u7a81\u53d1\u7f13\u51b2\u533a \u5df2 QoSBandwidthLimitRule \u5728 neutron Open vSwitch\u3001Linux \u7f51\u6865\u548c\u5355\u6839\u8f93\u5165/\u8f93\u51fa\u865a\u62df\u5316 \uff08SR-IOV\uff09 \u9a71\u52a8\u7a0b\u5e8f\u4e2d\u5b9e\u73b0\u3002 \u5728 Newton \u4e2d\uff0c\u6dfb\u52a0\u4e86 QoS \u89c4\u5219 QosDscpMarkingRule \u3002\u6b64\u89c4\u5219\u5728 IPv4 \uff08RFC 2474\uff09 \u4e0a\u7684\u670d\u52a1\u6807\u5934\u7c7b\u578b\u548c IPv6 \u4e0a\u7684\u6d41\u91cf\u7c7b\u6807\u5934\u4e2d\u6807\u8bb0\u5dee\u5206\u670d\u52a1\u4ee3\u7801\u70b9 \uff08DSCP\uff09 \u503c\uff0c\u8fd9\u4e9b\u503c\u9002\u7528\u4e8e\u5e94\u7528\u89c4\u5219\u7684\u865a\u62df\u673a\u7684\u6240\u6709\u6d41\u91cf\u3002\u8fd9\u662f\u4e00\u4e2a 6 \u4f4d\u6807\u5934\uff0c\u5177\u6709 21 \u4e2a\u6709\u6548\u503c\uff0c\u8868\u793a\u6570\u636e\u5305\u5728\u9047\u5230\u62e5\u585e\u65f6\u7a7f\u8fc7\u7f51\u7edc\u65f6\u7684\u4e22\u5f03\u4f18\u5148\u7ea7\u3002\u9632\u706b\u5899\u8fd8\u53ef\u4ee5\u4f7f\u7528\u5b83\u6765\u5c06\u6709\u6548\u6216\u65e0\u6548\u6d41\u91cf\u4e0e\u5176\u8bbf\u95ee\u63a7\u5236\u5217\u8868\u8fdb\u884c\u5339\u914d\u3002 \u7aef\u53e3\u955c\u50cf\u670d\u52a1\u6d89\u53ca\u5c06\u8fdb\u5165\u6216\u79bb\u5f00\u4e00\u4e2a\u7aef\u53e3\u7684\u6570\u636e\u5305\u526f\u672c\u53d1\u9001\u5230\u53e6\u4e00\u4e2a\u7aef\u53e3\uff0c\u8be5\u7aef\u53e3\u901a\u5e38\u4e0e\u88ab\u955c\u50cf\u6570\u636e\u5305\u7684\u539f\u59cb\u76ee\u7684\u5730\u4e0d\u540c\u3002Tap-as-a-Service \uff08TaaS\uff09 \u662f OpenStack \u7f51\u7edc\u670d\u52a1 \uff08neutron\uff09 \u7684\u6269\u5c55\u3002\u5b83\u4e3a\u79df\u6237\u865a\u62df\u7f51\u7edc\u63d0\u4f9b\u8fdc\u7a0b\u7aef\u53e3\u955c\u50cf\u529f\u80fd\u3002\u6b64\u670d\u52a1\u4e3b\u8981\u65e8\u5728\u5e2e\u52a9\u79df\u6237\uff08\u6216\u4e91\u7ba1\u7406\u5458\uff09\u8c03\u8bd5\u590d\u6742\u7684\u865a\u62df\u7f51\u7edc\uff0c\u5e76\u901a\u8fc7\u76d1\u89c6\u4e0e\u5176\u5173\u8054\u7684\u7f51\u7edc\u6d41\u91cf\u6765\u4e86\u89e3\u5176 VM\u3002TaaS \u9075\u5faa\u79df\u6237\u8fb9\u754c\uff0c\u5176\u955c\u50cf\u4f1a\u8bdd\u80fd\u591f\u8de8\u8d8a\u591a\u4e2a\u8ba1\u7b97\u548c\u7f51\u7edc\u8282\u70b9\u3002\u5b83\u662f\u4e00\u4e2a\u5fc5\u4e0d\u53ef\u5c11\u7684\u57fa\u7840\u8bbe\u65bd\u7ec4\u4ef6\uff0c\u53ef\u7528\u4e8e\u5411\u5404\u79cd\u7f51\u7edc\u5206\u6790\u548c\u5b89\u5168\u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u6570\u636e\u3002","title":"\u670d\u52a1\u8d28\u91cf \uff08QoS\uff09"},{"location":"security/security-guide/#_192","text":"OpenStack Networking \u7684\u53e6\u4e00\u4e2a\u7279\u6027\u662f\u8d1f\u8f7d\u5747\u8861\u5668\u5373\u670d\u52a1 \uff08LBaaS\uff09\u3002LBaaS \u53c2\u8003\u5b9e\u73b0\u57fa\u4e8e HA-Proxy\u3002OpenStack Networking \u4e2d\u7684\u6269\u5c55\u6b63\u5728\u5f00\u53d1\u7b2c\u4e09\u65b9\u63d2\u4ef6\uff0c\u4ee5\u4fbf\u4e3a\u865a\u62df\u63a5\u53e3\u7aef\u53e3\u63d0\u4f9b\u5e7f\u6cdb\u7684 L4-L7 \u529f\u80fd\u3002","title":"\u8d1f\u8f7d\u5747\u8861"},{"location":"security/security-guide/#_193","text":"FW-as-a-Service\uff08FWaaS\uff09\u88ab\u8ba4\u4e3a\u662fOpenStack Networking\u7684Kilo\u7248\u672c\u7684\u5b9e\u9a8c\u6027\u529f\u80fd\u3002FWaaS \u6ee1\u8db3\u4e86\u7ba1\u7406\u548c\u5229\u7528\u5178\u578b\u9632\u706b\u5899\u4ea7\u54c1\u63d0\u4f9b\u7684\u4e30\u5bcc\u5b89\u5168\u529f\u80fd\u7684\u9700\u6c42\uff0c\u8fd9\u4e9b\u4ea7\u54c1\u901a\u5e38\u6bd4\u5f53\u524d\u5b89\u5168\u7ec4\u63d0\u4f9b\u7684\u8981\u5168\u9762\u5f97\u591a\u3002\u98de\u601d\u5361\u5c14\u548c\u82f1\u7279\u5c14\u90fd\u5f00\u53d1\u4e86\u7b2c\u4e09\u65b9\u63d2\u4ef6\u4f5c\u4e3aOpenStack Networking\u7684\u6269\u5c55\uff0c\u4ee5\u5728Kilo\u7248\u672c\u4e2d\u652f\u6301\u6b64\u7ec4\u4ef6\u3002\u6709\u5173 FWaaS \u7ba1\u7406\u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u300aOpenStack \u7ba1\u7406\u5458\u6307\u5357\u300b\u4e2d\u7684\u9632\u706b\u5899\u5373\u670d\u52a1 \uff08FWaaS\uff09 \u6982\u8ff0\u3002 \u5728\u8bbe\u8ba1 OpenStack Networking \u57fa\u7840\u67b6\u6784\u65f6\uff0c\u4e86\u89e3\u53ef\u7528\u7f51\u7edc\u670d\u52a1\u7684\u5f53\u524d\u7279\u6027\u548c\u5c40\u9650\u6027\u975e\u5e38\u91cd\u8981\u3002\u4e86\u89e3\u865a\u62df\u7f51\u7edc\u548c\u7269\u7406\u7f51\u7edc\u7684\u8fb9\u754c\u5c06\u6709\u52a9\u4e8e\u5728\u60a8\u7684\u73af\u5883\u4e2d\u6dfb\u52a0\u6240\u9700\u7684\u5b89\u5168\u63a7\u4ef6\u3002","title":"\u9632\u706b\u5899"},{"location":"security/security-guide/#_194","text":"\u5f00\u6e90\u793e\u533a\u6216\u4f7f\u7528 OpenStack Networking \u7684 SDN \u516c\u53f8\u63d0\u4f9b\u7684\u5df2\u77e5\u63d2\u4ef6\u5217\u8868\u53ef\u5728 OpenStack neutron \u63d2\u4ef6\u548c\u9a71\u52a8\u7a0b\u5e8f wiki \u9875\u9762\u4e0a\u627e\u5230\u3002","title":"\u7f51\u7edc\u670d\u52a1\u6269\u5c55"},{"location":"security/security-guide/#_195","text":"OpenStack Networking \u5177\u6709\u4ee5\u4e0b\u5df2\u77e5\u9650\u5236\uff1a \u91cd\u53e0\u7684 IP \u5730\u5740 \u5982\u679c\u8fd0\u884c neutron-l3-agent \u6216 neutron-dhcp-agent \u7684\u8282\u70b9\u4f7f\u7528\u91cd\u53e0\u7684 IP \u5730\u5740\uff0c\u5219\u8fd9\u4e9b\u8282\u70b9\u5fc5\u987b\u4f7f\u7528 Linux \u7f51\u7edc\u547d\u540d\u7a7a\u95f4\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0cDHCP \u548c L3 \u4ee3\u7406\u4f7f\u7528 Linux \u7f51\u7edc\u547d\u540d\u7a7a\u95f4\uff0c\u5e76\u5728\u5404\u81ea\u7684\u547d\u540d\u7a7a\u95f4\u4e2d\u8fd0\u884c\u3002\u4f46\u662f\uff0c\u5982\u679c\u4e3b\u673a\u4e0d\u652f\u6301\u591a\u4e2a\u547d\u540d\u7a7a\u95f4\uff0c\u5219 DHCP \u548c L3 \u4ee3\u7406\u5e94\u5728\u4e0d\u540c\u7684\u4e3b\u673a\u4e0a\u8fd0\u884c\u3002\u8fd9\u662f\u56e0\u4e3a L3 \u4ee3\u7406\u548c DHCP \u4ee3\u7406\u521b\u5efa\u7684 IP \u5730\u5740\u4e4b\u95f4\u6ca1\u6709\u9694\u79bb\u3002 \u5982\u679c\u4e0d\u5b58\u5728\u7f51\u7edc\u547d\u540d\u7a7a\u95f4\u652f\u6301\uff0c\u5219 L3 \u4ee3\u7406\u7684\u53e6\u4e00\u4e2a\u9650\u5236\u662f\u4ec5\u652f\u6301\u5355\u4e2a\u903b\u8f91\u8def\u7531\u5668\u3002 \u591a\u4e3b\u673a DHCP \u4ee3\u7406 OpenStack Networking \u652f\u6301\u591a\u4e2a\u5177\u6709\u8d1f\u8f7d\u5747\u8861\u529f\u80fd\u7684 L3 \u548c DHCP \u4ee3\u7406\u3002\u4f46\u662f\uff0c\u4e0d\u652f\u6301\u865a\u62df\u673a\u4f4d\u7f6e\u7684\u7d27\u5bc6\u8026\u5408\u3002\u6362\u8a00\u4e4b\uff0c\u5728\u521b\u5efa\u865a\u62df\u673a\u65f6\uff0c\u9ed8\u8ba4\u865a\u62df\u673a\u8c03\u5ea6\u7a0b\u5e8f\u4e0d\u4f1a\u8003\u8651\u4ee3\u7406\u7684\u4f4d\u7f6e\u3002 L3 \u4ee3\u7406\u4e0d\u652f\u6301 IPv6 neutron-l3-agent \u88ab\u8bb8\u591a\u63d2\u4ef6\u7528\u4e8e\u5b9e\u73b0 L3 \u8f6c\u53d1\uff0c\u4ec5\u652f\u6301 IPv4 \u8f6c\u53d1\u3002","title":"\u7f51\u7edc\u670d\u52a1\u9650\u5236"},{"location":"security/security-guide/#_196","text":"\u8981\u4fdd\u62a4 OpenStack Networking\uff0c\u60a8\u5fc5\u987b\u4e86\u89e3\u5982\u4f55\u5c06\u79df\u6237\u5b9e\u4f8b\u521b\u5efa\u7684\u5de5\u4f5c\u6d41\u8fc7\u7a0b\u6620\u5c04\u5230\u5b89\u5168\u57df\u3002 \u6709\u56db\u4e2a\u4e3b\u8981\u670d\u52a1\u4e0e OpenStack Networking \u4ea4\u4e92\u3002\u5728\u5178\u578b\u7684 OpenStack \u90e8\u7f72\u4e2d\uff0c\u8fd9\u4e9b\u670d\u52a1\u6620\u5c04\u5230\u4ee5\u4e0b\u5b89\u5168\u57df\uff1a OpenStack \u4eea\u8868\u677f\uff1a\u516c\u5171\u548c\u7ba1\u7406 OpenStack Identity\uff1a\u7ba1\u7406 OpenStack \u8ba1\u7b97\u8282\u70b9\uff1a\u7ba1\u7406\u548c\u5ba2\u6237\u7aef OpenStack \u7f51\u7edc\u8282\u70b9\uff1a\u7ba1\u7406\u3001\u5ba2\u6237\u7aef\uff0c\u4ee5\u53ca\u53ef\u80fd\u7684\u516c\u5171\u8282\u70b9\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u6b63\u5728\u4f7f\u7528\u7684 neutron-plugin\u3002 SDN \u670d\u52a1\u8282\u70b9\uff1a\u7ba1\u7406\u3001\u8bbf\u5ba2\u548c\u53ef\u80fd\u7684\u516c\u5171\u670d\u52a1\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u4f7f\u7528\u7684\u4ea7\u54c1\u3002 \u8981\u9694\u79bb OpenStack Networking \u670d\u52a1\u4e0e\u5176\u4ed6 OpenStack \u6838\u5fc3\u670d\u52a1\u4e4b\u95f4\u7684\u654f\u611f\u6570\u636e\u901a\u4fe1\uff0c\u8bf7\u5c06\u8fd9\u4e9b\u901a\u4fe1\u901a\u9053\u914d\u7f6e\u4e3a\u4ec5\u5141\u8bb8\u901a\u8fc7\u9694\u79bb\u7684\u7ba1\u7406\u7f51\u7edc\u8fdb\u884c\u901a\u4fe1\u3002","title":"\u7f51\u7edc\u670d\u52a1\u5b89\u5168\u6700\u4f73\u505a\u6cd5"},{"location":"security/security-guide/#openstack-networking_1","text":"","title":"OpenStack Networking \u670d\u52a1\u914d\u7f6e"},{"location":"security/security-guide/#api-neutron-server","text":"\u8981\u9650\u5236 OpenStack Networking API \u670d\u52a1\u4e3a\u4f20\u5165\u5ba2\u6237\u7aef\u8fde\u63a5\u7ed1\u5b9a\u7f51\u7edc\u5957\u63a5\u5b57\u7684\u63a5\u53e3\u6216 IP \u5730\u5740\uff0c\u8bf7\u5728 neutron.conf \u6587\u4ef6\u4e2d\u6307\u5b9a bind_host \u548c bind_port\uff0c\u5982\u4e0b\u6240\u793a\uff1a # Address to bind the API server bind_host = IP ADDRESS OF SERVER # Port the bind the API server to bind_port = 9696","title":"\u9650\u5236 API \u670d\u52a1\u5668\u7684\u7ed1\u5b9a\u5730\u5740\uff1aneutron-server"},{"location":"security/security-guide/#openstack-networking-db-rpc","text":"OpenStack Networking \u670d\u52a1\u7684\u5404\u79cd\u7ec4\u4ef6\u4f7f\u7528\u6d88\u606f\u961f\u5217\u6216\u6570\u636e\u5e93\u8fde\u63a5\u4e0e OpenStack Networking \u4e2d\u7684\u5176\u4ed6\u7ec4\u4ef6\u8fdb\u884c\u901a\u4fe1\u3002 \u5bf9\u4e8e\u9700\u8981\u76f4\u63a5\u6570\u636e\u5e93\u8fde\u63a5\u7684\u6240\u6709\u7ec4\u4ef6\uff0c\u5efa\u8bae\u60a8\u9075\u5faa\u6570\u636e\u5e93\u8eab\u4efd\u9a8c\u8bc1\u548c\u8bbf\u95ee\u63a7\u5236\u4e2d\u63d0\u4f9b\u7684\u51c6\u5219\u3002 \u5efa\u8bae\u60a8\u9075\u5faa\u961f\u5217\u8eab\u4efd\u9a8c\u8bc1\u548c\u8bbf\u95ee\u63a7\u5236\u4e2d\u63d0\u4f9b\u7684\u51c6\u5219\uff0c\u9002\u7528\u4e8e\u9700\u8981 RPC \u901a\u4fe1\u7684\u6240\u6709\u7ec4\u4ef6\u3002","title":"\u9650\u5236 OpenStack Networking \u670d\u52a1\u7684 DB \u548c RPC \u901a\u4fe1"},{"location":"security/security-guide/#openstack_9","text":"\u672c\u8282\u8ba8\u8bba OpenStack Networking \u914d\u7f6e\u6700\u4f73\u5b9e\u8df5\uff0c\u56e0\u4e3a\u5b83\u4eec\u9002\u7528\u4e8e OpenStack \u90e8\u7f72\u4e2d\u7684\u9879\u76ee\u7f51\u7edc\u5b89\u5168\u3002","title":"\u4fdd\u62a4 OpenStack \u7f51\u7edc\u670d\u52a1"},{"location":"security/security-guide/#_197","text":"OpenStack Networking \u4e3a\u7528\u6237\u63d0\u4f9b\u7f51\u7edc\u8d44\u6e90\u548c\u914d\u7f6e\u7684\u81ea\u52a9\u670d\u52a1\u3002\u4e91\u67b6\u6784\u5e08\u548c\u8fd0\u7ef4\u4eba\u5458\u5fc5\u987b\u8bc4\u4f30\u5176\u8bbe\u8ba1\u7528\u4f8b\uff0c\u4ee5\u4fbf\u4e3a\u7528\u6237\u63d0\u4f9b\u521b\u5efa\u3001\u66f4\u65b0\u548c\u9500\u6bc1\u53ef\u7528\u7f51\u7edc\u8d44\u6e90\u7684\u80fd\u529b\u3002","title":"\u9879\u76ee\u7f51\u7edc\u670d\u52a1\u5de5\u4f5c\u6d41"},{"location":"security/security-guide/#_198","text":"OpenStack Networking \u4e2d\u7684\u7b56\u7565\u5f15\u64ce\u53ca\u5176\u914d\u7f6e\u6587\u4ef6 policy.json \u63d0\u4f9b\u4e86\u4e00\u79cd\u65b9\u6cd5\uff0c\u53ef\u4ee5\u5bf9\u7528\u6237\u5728\u9879\u76ee\u7f51\u7edc\u65b9\u6cd5\u548c\u5bf9\u8c61\u4e0a\u63d0\u4f9b\u66f4\u7ec6\u7c92\u5ea6\u7684\u6388\u6743\u3002OpenStack Networking \u7b56\u7565\u5b9a\u4e49\u4f1a\u5f71\u54cd\u7f51\u7edc\u53ef\u7528\u6027\u3001\u7f51\u7edc\u5b89\u5168\u548c\u6574\u4f53 OpenStack \u5b89\u5168\u6027\u3002\u4e91\u67b6\u6784\u5e08\u548c\u8fd0\u7ef4\u4eba\u5458\u5e94\u4ed4\u7ec6\u8bc4\u4f30\u5176\u5bf9\u7528\u6237\u548c\u9879\u76ee\u8bbf\u95ee\u7f51\u7edc\u8d44\u6e90\u7ba1\u7406\u7684\u7b56\u7565\u3002\u6709\u5173 OpenStack Networking \u7b56\u7565\u5b9a\u4e49\u7684\u66f4\u8be6\u7ec6\u8bf4\u660e\uff0c\u8bf7\u53c2\u9605\u300aOpenStack \u7ba1\u7406\u5458\u6307\u5357\u300b\u4e2d\u7684\u201c\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743\u201d\u90e8\u5206\u3002 \u6ce8\u610f \u8bf7\u52a1\u5fc5\u67e5\u770b\u9ed8\u8ba4\u7f51\u7edc\u8d44\u6e90\u7b56\u7565\uff0c\u56e0\u4e3a\u53ef\u4ee5\u4fee\u6539\u6b64\u7b56\u7565\u4ee5\u9002\u5408\u60a8\u7684\u5b89\u5168\u72b6\u51b5\u3002 \u5982\u679c\u60a8\u7684 OpenStack \u90e8\u7f72\u4e3a\u4e0d\u540c\u7684\u5b89\u5168\u57df\u63d0\u4f9b\u4e86\u591a\u4e2a\u5916\u90e8\u8bbf\u95ee\u70b9\uff0c\u90a3\u4e48\u9650\u5236\u9879\u76ee\u5c06\u591a\u4e2a vNIC \u8fde\u63a5\u5230\u591a\u4e2a\u5916\u90e8\u8bbf\u95ee\u70b9\u7684\u80fd\u529b\u975e\u5e38\u91cd\u8981\uff0c\u8fd9\u5c06\u6865\u63a5\u8fd9\u4e9b\u5b89\u5168\u57df\uff0c\u5e76\u53ef\u80fd\u5bfc\u81f4\u4e0d\u53ef\u9884\u89c1\u7684\u5b89\u5168\u5371\u5bb3\u3002\u901a\u8fc7\u5229\u7528 OpenStack Compute \u63d0\u4f9b\u7684\u4e3b\u673a\u805a\u5408\u529f\u80fd\uff0c\u6216\u8005\u5c06\u9879\u76ee\u865a\u62df\u673a\u62c6\u5206\u4e3a\u5177\u6709\u4e0d\u540c\u865a\u62df\u7f51\u7edc\u914d\u7f6e\u7684\u591a\u4e2a\u9879\u76ee\u9879\u76ee\uff0c\u53ef\u4ee5\u964d\u4f4e\u8fd9\u79cd\u98ce\u9669\u3002","title":"\u7f51\u7edc\u8d44\u6e90\u7b56\u7565\u5f15\u64ce"},{"location":"security/security-guide/#_199","text":"OpenStack Networking \u670d\u52a1\u4f7f\u7528\u6bd4 OpenStack Compute \u4e2d\u5185\u7f6e\u7684\u5b89\u5168\u7ec4\u529f\u80fd\u66f4\u7075\u6d3b\u3001\u66f4\u5f3a\u5927\u7684\u673a\u5236\u63d0\u4f9b\u5b89\u5168\u7ec4\u529f\u80fd\u3002\u56e0\u6b64\uff0c\u5728\u4f7f\u7528 OpenStack Network \u65f6\uff0c\u5e94\u59cb\u7ec8\u7981\u7528\u5185\u7f6e\u5b89\u5168\u7ec4\uff0c nova.conf \u5e76\u5c06\u6240\u6709\u5b89\u5168\u7ec4\u8c03\u7528\u4ee3\u7406\u5230 OpenStack Networking API\u3002\u5982\u679c\u4e0d\u8fd9\u6837\u505a\uff0c\u5c06\u5bfc\u81f4\u4e24\u4e2a\u670d\u52a1\u540c\u65f6\u5e94\u7528\u51b2\u7a81\u7684\u5b89\u5168\u7b56\u7565\u3002\u8981\u5c06\u5b89\u5168\u7ec4\u4ee3\u7406\u5230 OpenStack Networking\uff0c\u8bf7\u4f7f\u7528\u4ee5\u4e0b\u914d\u7f6e\u503c\uff1a firewall_driver \u5fc5\u987b\u8bbe\u7f6e\u4e3a nova.virt.firewall.NoopFirewallDriver \uff0c\u4ee5\u4fbf nova-compute \u672c\u8eab\u4e0d\u6267\u884c\u57fa\u4e8e iptables \u7684\u8fc7\u6ee4\u3002 security_group_api \u5fc5\u987b\u8bbe\u7f6e\u4e3a neutron \u4ee5\u4fbf\u5c06\u6240\u6709\u5b89\u5168\u7ec4\u8bf7\u6c42\u4ee3\u7406\u5230 OpenStack Networking \u670d\u52a1\u3002 \u5b89\u5168\u7ec4\u662f\u5b89\u5168\u7ec4\u89c4\u5219\u7684\u5bb9\u5668\u3002\u5b89\u5168\u7ec4\u53ca\u5176\u89c4\u5219\u5141\u8bb8\u7ba1\u7406\u5458\u548c\u9879\u76ee\u6307\u5b9a\u5141\u8bb8\u901a\u8fc7\u865a\u62df\u63a5\u53e3\u7aef\u53e3\u7684\u6d41\u91cf\u7c7b\u578b\u548c\u65b9\u5411\uff08\u5165\u53e3/\u51fa\u53e3\uff09\u3002\u5728 OpenStack Networking \u4e2d\u521b\u5efa\u865a\u62df\u63a5\u53e3\u7aef\u53e3\u65f6\uff0c\u8be5\u7aef\u53e3\u4e0e\u5b89\u5168\u7ec4\u76f8\u5173\u8054\u3002\u6709\u5173\u7aef\u53e3\u5b89\u5168\u7ec4\u9ed8\u8ba4\u884c\u4e3a\u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u7f51\u7edc\u5b89\u5168\u7ec4\u884c\u4e3a\u6587\u6863\u3002\u53ef\u4ee5\u5c06\u89c4\u5219\u6dfb\u52a0\u5230\u9ed8\u8ba4\u5b89\u5168\u7ec4\uff0c\u4ee5\u4fbf\u6839\u636e\u6bcf\u4e2a\u90e8\u7f72\u66f4\u6539\u884c\u4e3a\u3002 \u4f7f\u7528 OpenStack Compute API \u4fee\u6539\u5b89\u5168\u7ec4\u65f6\uff0c\u66f4\u65b0\u540e\u7684\u5b89\u5168\u7ec4\u5c06\u5e94\u7528\u4e8e\u5b9e\u4f8b\u4e0a\u7684\u6240\u6709\u865a\u62df\u63a5\u53e3\u7aef\u53e3\u3002\u8fd9\u662f\u56e0\u4e3a OpenStack Compute \u5b89\u5168\u7ec4 API \u662f\u57fa\u4e8e\u5b9e\u4f8b\u7684\uff0c\u800c\u4e0d\u662f\u57fa\u4e8e\u7aef\u53e3\u7684\uff0c\u5982 OpenStack Networking \u4e2d\u6240\u793a\u3002","title":"\u5b89\u5168\u7ec4"},{"location":"security/security-guide/#_200","text":"\u914d\u989d\u63d0\u4f9b\u4e86\u9650\u5236\u9879\u76ee\u53ef\u7528\u7684\u7f51\u7edc\u8d44\u6e90\u6570\u91cf\u7684\u529f\u80fd\u3002\u60a8\u53ef\u4ee5\u5bf9\u6240\u6709\u9879\u76ee\u5f3a\u5236\u5b9e\u65bd\u9ed8\u8ba4\u914d\u989d\u3002\u5305\u62ec /etc/neutron/neutron.conf \u4ee5\u4e0b\u914d\u989d\u9009\u9879\uff1a [QUOTAS] # resource name(s) that are supported in quota features quota_items = network,subnet,port # default number of resource allowed per tenant, minus for unlimited #default_quota = -1 # number of networks allowed per tenant, and minus means unlimited quota_network = 10 # number of subnets allowed per tenant, and minus means unlimited quota_subnet = 10 # number of ports allowed per tenant, and minus means unlimited quota_port = 50 # number of security groups allowed per tenant, and minus means unlimited quota_security_group = 10 # number of security group rules allowed per tenant, and minus means unlimited quota_security_group_rule = 100 # default driver to use for quota checks quota_driver = neutron.quota.ConfDriver OpenStack Networking \u8fd8\u901a\u8fc7\u914d\u989d\u6269\u5c55 API \u652f\u6301\u6bcf\u4e2a\u9879\u76ee\u7684\u914d\u989d\u9650\u5236\u3002\u8981\u542f\u7528\u6bcf\u4e2a\u9879\u76ee\u7684\u914d\u989d\uff0c\u5fc5\u987b\u5728 \u4e2d\u8bbe\u7f6e\u9009\u9879 quota_driver neutron.conf \u3002 quota_driver = neutron.db.quota.driver.DbQuotaDriver","title":"\u914d\u989d"},{"location":"security/security-guide/#arp","text":"\u4f7f\u7528\u6241\u5e73\u7f51\u7edc\u65f6\uff0c\u4e0d\u80fd\u5047\u5b9a\u5171\u4eab\u540c\u4e00\u7b2c 2 \u5c42\u7f51\u7edc\uff08\u6216\u5e7f\u64ad\u57df\uff09\u7684\u9879\u76ee\u5f7c\u6b64\u5b8c\u5168\u9694\u79bb\u3002\u8fd9\u4e9b\u9879\u76ee\u53ef\u80fd\u5bb9\u6613\u53d7\u5230 ARP \u6b3a\u9a97\u7684\u653b\u51fb\uff0c\u4ece\u800c\u6709\u53ef\u80fd\u906d\u53d7\u4e2d\u95f4\u4eba\u653b\u51fb\u3002 \u5982\u679c\u4f7f\u7528\u652f\u6301 ARP \u5b57\u6bb5\u5339\u914d\u7684 Open vSwitch \u7248\u672c\uff0c\u5219\u53ef\u4ee5\u901a\u8fc7\u542f\u7528 Open vSwitch \u4ee3\u7406 prevent_arp_spoofing \u9009\u9879\u6765\u5e2e\u52a9\u964d\u4f4e\u6b64\u98ce\u9669\u3002\u6b64\u9009\u9879\u53ef\u9632\u6b62\u5b9e\u4f8b\u6267\u884c\u6b3a\u9a97\u653b\u51fb;\u5b83\u4e0d\u80fd\u4fdd\u62a4\u4ed6\u4eec\u514d\u53d7\u6b3a\u9a97\u653b\u51fb\u3002\u8bf7\u6ce8\u610f\uff0c\u6b64\u8bbe\u7f6e\u9884\u8ba1\u5c06\u5728 Ocata \u4e2d\u5220\u9664\uff0c\u8be5\u884c\u4e3a\u5c06\u6c38\u4e45\u5904\u4e8e\u6d3b\u52a8\u72b6\u6001\u3002 \u4f8b\u5982\uff0c\u5728 /etc/neutron/plugins/ml2/openvswitch_agent.ini \uff1a prevent_arp_spoofing = True \u9664 Open vSwitch \u5916\uff0c\u5176\u4ed6\u63d2\u4ef6\u4e5f\u53ef\u80fd\u5305\u542b\u7c7b\u4f3c\u7684\u7f13\u89e3\u63aa\u65bd;\u5efa\u8bae\u60a8\u5728\u9002\u5f53\u7684\u60c5\u51b5\u4e0b\u542f\u7528\u6b64\u529f\u80fd\u3002 \u6ce8\u610f \u5373\u4f7f\u542f\u7528 `prevent_arp_spoofing` \u4e86\u6241\u5e73\u7f51\u7edc\uff0c\u4e5f\u65e0\u6cd5\u63d0\u4f9b\u5b8c\u6574\u7684\u9879\u76ee\u9694\u79bb\u7ea7\u522b\uff0c\u56e0\u4e3a\u6240\u6709\u9879\u76ee\u6d41\u91cf\u4ecd\u4f1a\u53d1\u9001\u5230\u540c\u4e00 VLAN\u3002","title":"\u7f13\u89e3 ARP \u6b3a\u9a97"},{"location":"security/security-guide/#_201","text":"","title":"\u68c0\u67e5\u8868"},{"location":"security/security-guide/#check-neutron-01-rootneutron","text":"\u914d\u7f6e\u6587\u4ef6\u5305\u542b\u7ec4\u4ef6\u5e73\u7a33\u8fd0\u884c\u6240\u9700\u7684\u5173\u952e\u53c2\u6570\u548c\u4fe1\u606f\u3002\u5982\u679c\u975e\u7279\u6743\u7528\u6237\u6709\u610f\u6216\u65e0\u610f\u5730\u4fee\u6539\u6216\u5220\u9664\u4efb\u4f55\u53c2\u6570\u6216\u6587\u4ef6\u672c\u8eab\uff0c\u5219\u4f1a\u5bfc\u81f4\u4e25\u91cd\u7684\u53ef\u7528\u6027\u95ee\u9898\uff0c\u4ece\u800c\u5bfc\u81f4\u5bf9\u5176\u4ed6\u6700\u7ec8\u7528\u6237\u7684\u62d2\u7edd\u670d\u52a1\u3002\u56e0\u6b64\uff0c\u6b64\u7c7b\u5173\u952e\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a root\uff0c\u7ec4\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a neutron\u3002\u6b64\u5916\uff0c\u5305\u542b\u76ee\u5f55\u5e94\u5177\u6709\u76f8\u540c\u7684\u6240\u6709\u6743\uff0c\u4ee5\u786e\u4fdd\u6b63\u786e\u62e5\u6709\u65b0\u6587\u4ef6\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%U %G\" /etc/neutron/neutron.conf | egrep \"root neutron\" $ stat -L -c \"%U %G\" /etc/neutron/api-paste.ini | egrep \"root neutron\" $ stat -L -c \"%U %G\" /etc/neutron/policy.json | egrep \"root neutron\" $ stat -L -c \"%U %G\" /etc/neutron/rootwrap.conf | egrep \"root neutron\" $ stat -L -c \"%U %G\" /etc/neutron | egrep \"root neutron\" \u901a\u8fc7\uff1a\u5982\u679c\u6240\u6709\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u5206\u522b\u8bbe\u7f6e\u4e3a root \u548c neutron\u3002\u4e0a\u9762\u7684\u547d\u4ee4\u663e\u793a\u4e86\u6839\u4e2d\u5b50\u7684\u8f93\u51fa\u3002 \u5931\u8d25\uff1a\u5982\u679c\u4e0a\u8ff0\u547d\u4ee4\u672a\u8fd4\u56de\u4efb\u4f55\u8f93\u51fa\uff0c\u56e0\u4e3a\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u53ef\u80fd\u5df2\u8bbe\u7f6e\u4e3a\u9664 root \u4ee5\u5916\u7684\u4efb\u4f55\u7528\u6237\u6216\u9664 neutron \u4ee5\u5916\u7684\u4efb\u4f55\u7ec4\u3002","title":"Check-Neutron-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/neutron\uff1f"},{"location":"security/security-guide/#check-neutron-02","text":"\u4e0e\u524d\u9762\u7684\u68c0\u67e5\u7c7b\u4f3c\uff0c\u5efa\u8bae\u5bf9\u6b64\u7c7b\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e25\u683c\u7684\u8bbf\u95ee\u6743\u9650\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%a\" /etc/neutron/neutron.conf $ stat -L -c \"%a\" /etc/neutron/api-paste.ini $ stat -L -c \"%a\" /etc/neutron/policy.json $ stat -L -c \"%a\" /etc/neutron/rootwrap.conf $ stat -L -c \"%a\" /etc/neutron \u8fd8\u53ef\u4ee5\u8fdb\u884c\u66f4\u5e7f\u6cdb\u7684\u9650\u5236\uff1a\u5982\u679c\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\uff0c\u5219\u4fdd\u8bc1\u6b64\u76ee\u5f55\u4e2d\u65b0\u521b\u5efa\u7684\u6587\u4ef6\u5177\u6709\u6240\u9700\u7684\u6743\u9650\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u6743\u9650\u8bbe\u7f6e\u4e3a 640 \u6216\u66f4\u4e25\u683c\uff0c\u6216\u8005\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\u3002640 \u7684\u6743\u9650\u8f6c\u6362\u4e3a\u6240\u6709\u8005 r/w\u3001\u7ec4 r\uff0c\u800c\u5bf9\u5176\u4ed6\u4eba\u6ca1\u6709\u6743\u9650\uff0c\u5373\u201cu=rw\uff0cg=r\uff0co=\u201d\u3002 \u8bf7\u6ce8\u610f\uff0c\u4f7f\u7528 Check-Neutron-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/neutron\uff1f\u6743\u9650\u8bbe\u7f6e\u4e3a 640\uff0croot \u5177\u6709\u8bfb/\u5199\u8bbf\u95ee\u6743\u9650\uff0cneutron \u5177\u6709\u5bf9\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u8bfb\u53d6\u8bbf\u95ee\u6743\u9650\u3002\u4e5f\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u9a8c\u8bc1\u8bbf\u95ee\u6743\u9650\u3002\u4ec5\u5f53\u6b64\u547d\u4ee4\u652f\u6301 ACL \u65f6\uff0c\u5b83\u624d\u5728\u60a8\u7684\u7cfb\u7edf\u4e0a\u53ef\u7528\u3002 $ getfacl --tabular -a /etc/neutron/neutron.conf getfacl: Removing leading '/' from absolute path names # file: etc/neutron/neutron.conf USER root rw- GROUP neutron r-- mask r-- other --- \u5931\u8d25\uff1a\u5982\u679c\u6743\u9650\u6ca1\u6709\u8bbe\u7f6e\u81f3\u5c11\u4e3a640\u3002","title":"Check-Neutron-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f"},{"location":"security/security-guide/#check-neutron-03keystone","text":"\u6ce8\u610f \u6b64\u9879\u4ec5\u9002\u7528\u4e8e OpenStack \u7248\u672c Rocky \u53ca\u4e4b\u524d\u7248\u672c\uff0c\u56e0\u4e3a `auth_strategy` Stein \u4e2d\u5df2\u5f03\u7528\u3002 OpenStack \u652f\u6301\u5404\u79cd\u8eab\u4efd\u9a8c\u8bc1\u7b56\u7565\uff0c\u5982 noauth\u3001keystone \u7b49\u3002\u5982\u679c\u4f7f\u7528\u201cnoauth\u201d\u7b56\u7565\uff0c\u90a3\u4e48\u7528\u6237\u65e0\u9700\u4efb\u4f55\u8eab\u4efd\u9a8c\u8bc1\u5373\u53ef\u4e0eOpenStack\u670d\u52a1\u8fdb\u884c\u4ea4\u4e92\u3002\u8fd9\u53ef\u80fd\u662f\u4e00\u4e2a\u6f5c\u5728\u7684\u98ce\u9669\uff0c\u56e0\u4e3a\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u83b7\u5f97\u5bf9 OpenStack \u7ec4\u4ef6\u7684\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002\u56e0\u6b64\uff0c\u5f3a\u70c8\u5efa\u8bae\u6240\u6709\u670d\u52a1\u90fd\u5fc5\u987b\u4f7f\u7528\u5176\u670d\u52a1\u5e10\u6237\u901a\u8fc7 keystone \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 auth_strategy \u8bbe\u7f6e\u4e3a keystone \u3002 [DEFAULT] /etc/neutron/neutron.conf \u5931\u8d25\uff1a\u5982\u679c section \u4e0b\u7684 [DEFAULT] \u53c2\u6570 auth_strategy \u503c\u8bbe\u7f6e\u4e3a noauth \u6216 noauth2 \u3002","title":"Check-Neutron-03\uff1aKeystone\u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f"},{"location":"security/security-guide/#check-neutron-04","text":"OpenStack \u7ec4\u4ef6\u4f7f\u7528\u5404\u79cd\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\uff0c\u901a\u4fe1\u53ef\u80fd\u6d89\u53ca\u654f\u611f/\u673a\u5bc6\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5c1d\u8bd5\u7a83\u542c\u9891\u9053\u4ee5\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u56e0\u6b64\uff0c\u6240\u6709\u7ec4\u4ef6\u90fd\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u7684\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in /etc/neutron/neutron.conf \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a Identity API \u7aef\u70b9\u5f00\u5934\uff0c https:// \u5e76\u4e14 same /etc/neutron/neutron.conf \u4e2d\u540c\u4e00 [keystone_authtoken] \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri insecure \u503c\u8bbe\u7f6e\u4e3a False \u3002 \u5931\u8d25\uff1a\u5982\u679c in /etc/neutron/neutron.conf \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri \u503c\u672a\u8bbe\u7f6e\u4e3a\u4ee5 \u5f00\u5934\u7684\u8eab\u4efd API \u7aef\u70b9\uff0c https:// \u6216\u8005\u540c\u4e00 /etc/neutron/neutron.conf \u90e8\u5206\u4e2d\u7684\u53c2\u6570 insecure [keystone_authtoken] \u503c\u8bbe\u7f6e\u4e3a True \u3002","title":"Check-Neutron-04\uff1a\u662f\u5426\u4f7f\u7528\u5b89\u5168\u534f\u8bae\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f"},{"location":"security/security-guide/#check-neutron-05neutron-api-tls","text":"\u4e0e\u4e4b\u524d\u7684\u68c0\u67e5\u7c7b\u4f3c\uff0c\u5efa\u8bae\u5728 API \u670d\u52a1\u5668\u4e0a\u542f\u7528\u5b89\u5168\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 use_ssl \u8bbe\u7f6e\u4e3a True \u3002 [DEFAULT] /etc/neutron/neutron.conf \u5931\u8d25\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 use_ssl \u8bbe\u7f6e\u4e3a False \u3002 [DEFAULT] /etc/neutron/neutron.conf","title":"Check-Neutron-05\uff1aNeutron API \u670d\u52a1\u5668\u4e0a\u662f\u5426\u542f\u7528\u4e86 TLS\uff1f"},{"location":"security/security-guide/#_202","text":"OpenStack \u5bf9\u8c61\u5b58\u50a8 \uff08swift\uff09 \u670d\u52a1\u63d0\u4f9b\u901a\u8fc7 HTTP \u5b58\u50a8\u548c\u68c0\u7d22\u6570\u636e\u7684\u8f6f\u4ef6\u3002\u5bf9\u8c61\uff08\u6570\u636e blob\uff09\u5b58\u50a8\u5728\u7ec4\u7ec7\u5c42\u6b21\u7ed3\u6784\u4e2d\uff0c\u8be5\u5c42\u6b21\u7ed3\u6784\u63d0\u4f9b\u533f\u540d\u53ea\u8bfb\u8bbf\u95ee\u3001ACL \u5b9a\u4e49\u7684\u8bbf\u95ee\uff0c\u751a\u81f3\u4e34\u65f6\u8bbf\u95ee\u3002\u5bf9\u8c61\u5b58\u50a8\u652f\u6301\u901a\u8fc7\u4e2d\u95f4\u4ef6\u5b9e\u73b0\u7684\u591a\u79cd\u57fa\u4e8e\u4ee4\u724c\u7684\u8eab\u4efd\u9a8c\u8bc1\u673a\u5236\u3002 \u5e94\u7528\u7a0b\u5e8f\u901a\u8fc7\u884c\u4e1a\u6807\u51c6\u7684 HTTP RESTful API \u5728\u5bf9\u8c61\u5b58\u50a8\u4e2d\u5b58\u50a8\u548c\u68c0\u7d22\u6570\u636e\u3002\u5bf9\u8c61\u5b58\u50a8\u7684\u540e\u7aef\u7ec4\u4ef6\u9075\u5faa\u76f8\u540c\u7684 RESTful \u6a21\u578b\uff0c\u5c3d\u7ba1\u67d0\u4e9b API\uff08\u4f8b\u5982\u7ba1\u7406\u6301\u4e45\u6027\u7684 API\uff09\u5bf9\u96c6\u7fa4\u662f\u79c1\u6709\u7684\u3002\u6709\u5173 API \u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 OpenStack Storage API\u3002 \u5bf9\u8c61\u5b58\u50a8\u7684\u7ec4\u4ef6\u5206\u4e3a\u4ee5\u4e0b\u4e3b\u8981\u7ec4\uff1a \u4ee3\u7406\u670d\u52a1 \u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1 \u5b58\u50a8\u670d\u52a1 \u8d26\u6237\u670d\u52a1 \u5bb9\u5668\u670d\u52a1 \u5bf9\u8c61\u670d\u52a1 OpenStack \u5bf9\u8c61\u5b58\u50a8\u7ba1\u7406\u6307\u5357 \uff082013\uff09 \u4e2d\u7684\u793a\u4f8b\u56fe \u6ce8\u610f \u5bf9\u8c61\u5b58\u50a8\u5b89\u88c5\u4e0d\u5fc5\u4f4d\u4e8e Internet \u4e0a\uff0c\u4e5f\u53ef\u4ee5\u662f\u79c1\u6709\u4e91\uff0c\u5176\u4e2d\u516c\u5171\u4ea4\u6362\u673a\u662f\u7ec4\u7ec7\u5185\u90e8\u7f51\u7edc\u57fa\u7840\u67b6\u6784\u7684\u4e00\u90e8\u5206\u3002","title":"\u5bf9\u8c61\u5b58\u50a8"},{"location":"security/security-guide/#_203","text":"\u8981\u4fdd\u62a4\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9996\u5148\u8981\u4fdd\u62a4\u7f51\u7edc\u7ec4\u4ef6\u3002\u5982\u679c\u60a8\u8df3\u8fc7\u4e86\u7f51\u7edc\u7ae0\u8282\uff0c\u8bf7\u8fd4\u56de\u5230\u7f51\u7edc\u90e8\u5206\u3002 rsync \u534f\u8bae\u7528\u4e8e\u5728\u5b58\u50a8\u670d\u52a1\u8282\u70b9\u4e4b\u95f4\u590d\u5236\u6570\u636e\u4ee5\u5b9e\u73b0\u9ad8\u53ef\u7528\u6027\u3002\u6b64\u5916\uff0c\u5728\u5ba2\u6237\u7aef\u7aef\u70b9\u548c\u4e91\u73af\u5883\u4e4b\u95f4\u6765\u56de\u4e2d\u7ee7\u6570\u636e\u65f6\uff0c\u4ee3\u7406\u670d\u52a1\u4f1a\u4e0e\u5b58\u50a8\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\u3002 \u8b66\u544a \u5bf9\u8c61\u5b58\u50a8\u4e0d\u5bf9\u8282\u70b9\u95f4\u901a\u4fe1\u8fdb\u884c\u52a0\u5bc6\u6216\u8eab\u4efd\u9a8c\u8bc1\u3002\u8fd9\u5c31\u662f\u60a8\u5728\u4f53\u7cfb\u7ed3\u6784\u56fe\u4e2d\u770b\u5230\u4e13\u7528\u4ea4\u6362\u673a\u6216\u4e13\u7528\u7f51\u7edc \uff08[V]LAN\uff09 \u7684\u539f\u56e0\u3002\u8fd9\u4e2a\u6570\u636e\u57df\u4e5f\u5e94\u8be5\u4e0e\u5176\u4ed6OpenStack\u6570\u636e\u7f51\u7edc\u5206\u5f00\u3002\u6709\u5173\u5b89\u5168\u57df\u7684\u8fdb\u4e00\u6b65\u8ba8\u8bba\uff0c\u8bf7\u53c2\u9605\u5b89\u5168\u8fb9\u754c\u548c\u5a01\u80c1\u3002 \u5efa\u8bae \u5bf9\u6570\u636e\u57df\u4e2d\u7684\u5b58\u50a8\u8282\u70b9\u4f7f\u7528\u4e13\u7528 \uff08V\uff09LAN \u7f51\u6bb5\u3002 \u8fd9\u9700\u8981\u4ee3\u7406\u8282\u70b9\u5177\u6709\u53cc\u63a5\u53e3\uff08\u7269\u7406\u6216\u865a\u62df\uff09\uff1a \u4e00\u4e2a\u4f5c\u4e3a\u6d88\u8d39\u8005\u8bbf\u95ee\u7684\u516c\u5171\u754c\u9762\u3002 \u53e6\u4e00\u4e2a\u4f5c\u4e3a\u53ef\u4ee5\u8bbf\u95ee\u5b58\u50a8\u8282\u70b9\u7684\u4e13\u7528\u63a5\u53e3\u3002 \u4e0b\u56fe\u6f14\u793a\u4e86\u4e00\u79cd\u53ef\u80fd\u7684\u7f51\u7edc\u4f53\u7cfb\u7ed3\u6784\u3002 \u5177\u6709\u7ba1\u7406\u8282\u70b9\uff08OSAM\uff09\u7684\u5bf9\u8c61\u5b58\u50a8\u7f51\u7edc\u67b6\u6784","title":"\u7f51\u7edc\u5b89\u5168"},{"location":"security/security-guide/#_204","text":"","title":"\u4e00\u822c\u670d\u52a1\u5b89\u5168"},{"location":"security/security-guide/#root","text":"\u6211\u4eec\u5efa\u8bae\u60a8\u5c06\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u914d\u7f6e\u4e3a\u5728\u975e root \uff08UID 0\uff09 \u670d\u52a1\u5e10\u6237\u4e0b\u8fd0\u884c\u3002\u4e00\u4e2a\u5efa\u8bae\u662f swift \u5177\u6709\u4e3b\u7ec4 swift \u7684\u7528\u6237\u540d\u3002\u4f8b\u5982\uff0c proxy-server \u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5305\u62ec\u3001\u3001 container-server account-server \u3002\u6709\u5173\u8bbe\u7f6e\u548c\u914d\u7f6e\u7684\u8be6\u7ec6\u6b65\u9aa4\uff0c\u8bf7\u53c2\u9605\u300a\u5b89\u88c5\u6307\u5357\u300b\u7684\u201c\u6dfb\u52a0\u5bf9\u8c61\u5b58\u50a8\u201d\u4e00\u7ae0\u7684 OpenStack \u6587\u6863\u7d22\u5f15\u3002 \u6ce8\u610f \u4e0a\u9762\u7684\u94fe\u63a5\u9ed8\u8ba4\u4e3aUbuntu\u7248\u672c\u3002","title":"\u4ee5\u975e root \u7528\u6237\u8eab\u4efd\u8fd0\u884c\u670d\u52a1"},{"location":"security/security-guide/#_205","text":"\u8be5 /etc/swift \u76ee\u5f55\u5305\u542b\u6709\u5173\u73af\u5f62\u62d3\u6251\u548c\u73af\u5883\u914d\u7f6e\u7684\u4fe1\u606f\u3002\u5efa\u8bae\u4f7f\u7528\u4ee5\u4e0b\u6743\u9650\uff1a # chown -R root:swift /etc/swift/* # find /etc/swift/ -type f -exec chmod 640 {} \\; # find /etc/swift/ -type d -exec chmod 750 {} \\; \u8fd9\u5c06\u9650\u5236\u53ea\u6709 root \u7528\u6237\u80fd\u591f\u4fee\u6539\u914d\u7f6e\u6587\u4ef6\uff0c\u540c\u65f6\u5141\u8bb8\u670d\u52a1\u901a\u8fc7\u5176 swift \u5728\u7ec4\u4e2d\u7684\u7ec4\u6210\u5458\u8eab\u4efd\u8bfb\u53d6\u5b83\u4eec\u3002","title":"\u6587\u4ef6\u6743\u9650"},{"location":"security/security-guide/#_206","text":"\u4ee5\u4e0b\u662f\u5404\u79cd\u5b58\u50a8\u670d\u52a1\u7684\u9ed8\u8ba4\u4fa6\u542c\u7aef\u53e3\uff1a \u670d\u52a1\u540d\u79f0 \u6e2f\u53e3 \u7c7b\u578b \u8d26\u6237\u670d\u52a1 6002 TCP \u5bb9\u5668\u670d\u52a1 6001 TCP \u5bf9\u8c61\u670d\u52a1 6000 TCP \u540c\u6b65 [1] 873 TCP \u5982\u679c\u4f7f\u7528 ssync \u800c\u4e0d\u662f rsync\uff0c\u5219\u4f7f\u7528\u5bf9\u8c61\u670d\u52a1\u7aef\u53e3\u6765\u7ef4\u62a4\u6301\u4e45\u6027\u3002 \u91cd\u8981 \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\u4e0d\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u5982\u679c\u80fd\u591f\u5728\u5176\u4e2d\u4e00\u4e2a\u7aef\u53e3\u4e0a\u8fde\u63a5\u5230\u5b58\u50a8\u8282\u70b9\uff0c\u5219\u65e0\u9700\u8eab\u4efd\u9a8c\u8bc1\u5373\u53ef\u8bbf\u95ee\u6216\u4fee\u6539\u6570\u636e\u3002\u4e3a\u4e86\u9632\u6b62\u6b64\u95ee\u9898\uff0c\u60a8\u5e94\u8be5\u9075\u5faa\u4e4b\u524d\u7ed9\u51fa\u7684\u6709\u5173\u4f7f\u7528\u4e13\u7528\u5b58\u50a8\u7f51\u7edc\u7684\u5efa\u8bae\u3002","title":"\u4fdd\u62a4\u5b58\u50a8\u670d\u52a1"},{"location":"security/security-guide/#_207","text":"\u5bf9\u8c61\u5b58\u50a8\u5e10\u6237\u4e0d\u662f\u7528\u6237\u5e10\u6237\u6216\u51ed\u636e\u3002\u4e0b\u9762\u5bf9\u8fd9\u4e9b\u5173\u7cfb\u8fdb\u884c\u8bf4\u660e\uff1a \u5bf9\u8c61\u5b58\u50a8\u5e10\u6237 \u5bb9\u5668\u7684\u6536\u96c6;\u4e0d\u662f\u7528\u6237\u5e10\u6237\u6216\u8eab\u4efd\u9a8c\u8bc1\u3002\u54ea\u4e9b\u7528\u6237\u4e0e\u8be5\u5e10\u6237\u76f8\u5173\u8054\u4ee5\u53ca\u4ed6\u4eec\u5982\u4f55\u8bbf\u95ee\u8be5\u5e10\u6237\u53d6\u51b3\u4e8e\u6240\u4f7f\u7528\u7684\u8eab\u4efd\u9a8c\u8bc1\u7cfb\u7edf\u3002\u8bf7\u53c2\u9605\u5bf9\u8c61\u5b58\u50a8\u8eab\u4efd\u9a8c\u8bc1\u3002 \u5bf9\u8c61\u5b58\u50a8\u5bb9\u5668 \u5bf9\u8c61\u7684\u96c6\u5408\u3002\u5bb9\u5668\u4e0a\u7684\u5143\u6570\u636e\u53ef\u7528\u4e8e ACL\u3002ACL \u7684\u542b\u4e49\u53d6\u51b3\u4e8e\u6240\u4f7f\u7528\u7684\u8eab\u4efd\u9a8c\u8bc1\u7cfb\u7edf\u3002 \u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61 \u5b9e\u9645\u6570\u636e\u5bf9\u8c61\u3002\u5bf9\u8c61\u7ea7\u522b\u7684 ACL \u4e5f\u53ef\u4ee5\u4e0e\u5143\u6570\u636e\u4e00\u8d77\u4f7f\u7528\uff0c\u5e76\u4e14\u53d6\u51b3\u4e8e\u6240\u4f7f\u7528\u7684\u8eab\u4efd\u9a8c\u8bc1\u7cfb\u7edf\u3002 \u5728\u6bcf\u4e2a\u7ea7\u522b\uff0c\u60a8\u90fd\u6709 ACL\uff0c\u7528\u4e8e\u6307\u793a\u8c01\u62e5\u6709\u54ea\u79cd\u7c7b\u578b\u7684\u8bbf\u95ee\u6743\u9650\u3002ACL \u662f\u6839\u636e\u6b63\u5728\u4f7f\u7528\u7684\u8eab\u4efd\u9a8c\u8bc1\u7cfb\u7edf\u8fdb\u884c\u89e3\u91ca\u7684\u3002\u6700\u5e38\u7528\u7684\u4e24\u79cd\u8eab\u4efd\u9a8c\u8bc1\u63d0\u4f9b\u7a0b\u5e8f\u7c7b\u578b\u662f Identity service \uff08keystone\uff09 \u548c TempAuth\u3002\u81ea\u5b9a\u4e49\u8eab\u4efd\u9a8c\u8bc1\u63d0\u4f9b\u7a0b\u5e8f\u4e5f\u662f\u53ef\u80fd\u7684\u3002\u6709\u5173\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u5bf9\u8c61\u5b58\u50a8\u8eab\u4efd\u9a8c\u8bc1\u3002","title":"\u5bf9\u8c61\u5b58\u50a8\u5e10\u6237\u672f\u8bed"},{"location":"security/security-guide/#_208","text":"\u4ee3\u7406\u8282\u70b9\u5e94\u81f3\u5c11\u5177\u6709\u4e24\u4e2a\u63a5\u53e3\uff08\u7269\u7406\u6216\u865a\u62df\uff09\uff1a\u4e00\u4e2a\u516c\u5171\u63a5\u53e3\u548c\u4e00\u4e2a\u4e13\u7528\u63a5\u53e3\u3002\u9632\u706b\u5899\u6216\u670d\u52a1\u7ed1\u5b9a\u53ef\u80fd\u4f1a\u4fdd\u62a4\u516c\u5171\u63a5\u53e3\u3002\u9762\u5411\u516c\u4f17\u7684\u670d\u52a1\u662f\u4e00\u4e2a HTTP Web \u670d\u52a1\u5668\uff0c\u7528\u4e8e\u5904\u7406\u7aef\u70b9\u5ba2\u6237\u7aef\u8bf7\u6c42\u3001\u5bf9\u5176\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u5e76\u6267\u884c\u76f8\u5e94\u7684\u64cd\u4f5c\u3002\u4e13\u7528\u63a5\u53e3\u4e0d\u9700\u8981\u4efb\u4f55\u4fa6\u542c\u670d\u52a1\uff0c\u800c\u662f\u7528\u4e8e\u5efa\u7acb\u4e0e\u4e13\u7528\u5b58\u50a8\u7f51\u7edc\u4e0a\u7684\u5b58\u50a8\u8282\u70b9\u7684\u4f20\u51fa\u8fde\u63a5\u3002","title":"\u4fdd\u62a4\u4ee3\u7406\u670d\u52a1"},{"location":"security/security-guide/#http_1","text":"\u5982\u524d\u6240\u8ff0\uff0c\u60a8\u5e94\u8be5\u5c06 Web \u670d\u52a1\u914d\u7f6e\u4e3a\u975e root\uff08\u65e0 UID 0\uff09\u7528\u6237 swift \u3002\u9700\u8981\u4f7f\u7528\u5927\u4e8e 1024 \u7684\u7aef\u53e3\u624d\u80fd\u8f7b\u677e\u5b8c\u6210\u6b64\u64cd\u4f5c\uff0c\u5e76\u907f\u514d\u4ee5 root \u8eab\u4efd\u8fd0\u884c Web \u5bb9\u5668\u7684\u4efb\u4f55\u90e8\u5206\u3002\u901a\u5e38\uff0c\u4f7f\u7528 HTTP REST API \u5e76\u6267\u884c\u8eab\u4efd\u9a8c\u8bc1\u7684\u5ba2\u6237\u7aef\u4f1a\u81ea\u52a8\u4ece\u8eab\u4efd\u9a8c\u8bc1\u54cd\u5e94\u4e2d\u68c0\u7d22\u6240\u9700\u7684\u5b8c\u6574 REST API URL\u3002OpenStack \u7684 REST API \u5141\u8bb8\u5ba2\u6237\u7aef\u5bf9\u4e00\u4e2a URL \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff0c\u7136\u540e\u88ab\u544a\u77e5\u5bf9\u5b9e\u9645\u670d\u52a1\u4f7f\u7528\u5b8c\u5168\u4e0d\u540c\u7684 URL\u3002\u4f8b\u5982\uff0c\u5ba2\u6237\u7aef\u5411 https://identity.cloud.example.org:55443/v1/auth \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff0c\u5e76\u83b7\u53d6\u5176\u8eab\u4efd\u9a8c\u8bc1\u5bc6\u94a5\u548c\u5b58\u50a8 URL\uff08\u4ee3\u7406\u8282\u70b9\u6216\u8d1f\u8f7d\u5747\u8861\u5668\u7684 URL\uff09https://swift.cloud.example.org:44443/v1/AUTH_8980 \u54cd\u5e94\u3002 \u5c06 Web \u670d\u52a1\u5668\u914d\u7f6e\u4e3a\u4ee5\u975e root \u7528\u6237\u8eab\u4efd\u542f\u52a8\u548c\u8fd0\u884c\u7684\u65b9\u6cd5\u56e0 Web \u670d\u52a1\u5668\u548c\u64cd\u4f5c\u7cfb\u7edf\u800c\u5f02\u3002","title":"HTTP \u76d1\u542c\u7aef\u53e3"},{"location":"security/security-guide/#_209","text":"\u5982\u679c\u4f7f\u7528 Apache \u7684\u9009\u9879\u4e0d\u53ef\u884c\uff0c\u6216\u8005\u4e3a\u4e86\u63d0\u9ad8\u6027\u80fd\uff0c\u60a8\u5e0c\u671b\u51cf\u8f7b TLS \u5de5\u4f5c\uff0c\u5219\u53ef\u4ee5\u4f7f\u7528\u4e13\u7528\u7684\u7f51\u7edc\u8bbe\u5907\u8d1f\u8f7d\u5e73\u8861\u5668\u3002\u8fd9\u662f\u5728\u4f7f\u7528\u591a\u4e2a\u4ee3\u7406\u8282\u70b9\u65f6\u63d0\u4f9b\u5197\u4f59\u548c\u8d1f\u8f7d\u5e73\u8861\u7684\u5e38\u7528\u65b9\u6cd5\u3002 \u5982\u679c\u9009\u62e9\u5378\u8f7d TLS\uff0c\u8bf7\u786e\u4fdd\u8d1f\u8f7d\u5747\u8861\u5668\u548c\u4ee3\u7406\u8282\u70b9\u4e4b\u95f4\u7684\u7f51\u7edc\u94fe\u8def\u4f4d\u4e8e\u4e13\u7528 \uff08V\uff09LAN \u7f51\u6bb5\u4e0a\uff0c\u4ee5\u4fbf\u7f51\u7edc\u4e0a\u7684\u5176\u4ed6\u8282\u70b9\uff08\u53ef\u80fd\u5df2\u6cc4\u9732\uff09\u65e0\u6cd5\u7a83\u542c\uff08\u55c5\u63a2\uff09\u672a\u52a0\u5bc6\u7684\u6d41\u91cf\u3002\u5982\u679c\u53d1\u751f\u6b64\u7c7b\u8fdd\u89c4\u884c\u4e3a\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u8bbf\u95ee\u7aef\u70b9\u5ba2\u6237\u7aef\u6216\u4e91\u7ba1\u7406\u5458\u51ed\u636e\u5e76\u8bbf\u95ee\u4e91\u6570\u636e\u3002 \u60a8\u4f7f\u7528\u7684\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\uff08\u4f8b\u5982\u8eab\u4efd\u670d\u52a1\uff08keystone\uff09\u6216TempAuth\uff09\u5c06\u51b3\u5b9a\u5982\u4f55\u5728\u5bf9\u7aef\u70b9\u5ba2\u6237\u7aef\u7684\u54cd\u5e94\u4e2d\u914d\u7f6e\u4e0d\u540c\u7684URL\uff0c\u4ee5\u4fbf\u5b83\u4eec\u4f7f\u7528\u8d1f\u8f7d\u5e73\u8861\u5668\u800c\u4e0d\u662f\u5355\u4e2a\u4ee3\u7406\u8282\u70b9\u3002","title":"\u8d1f\u8f7d\u5747\u8861\u5668"},{"location":"security/security-guide/#_210","text":"\u5bf9\u8c61\u5b58\u50a8\u4f7f\u7528 WSGI \u6a21\u578b\u6765\u63d0\u4f9b\u4e2d\u95f4\u4ef6\u529f\u80fd\uff0c\u8be5\u529f\u80fd\u4e0d\u4ec5\u63d0\u4f9b\u901a\u7528\u53ef\u6269\u5c55\u6027\uff0c\u8fd8\u7528\u4e8e\u7aef\u70b9\u5ba2\u6237\u7aef\u7684\u8eab\u4efd\u9a8c\u8bc1\u3002\u8eab\u4efd\u9a8c\u8bc1\u63d0\u4f9b\u7a0b\u5e8f\u5b9a\u4e49\u5b58\u5728\u7684\u89d2\u8272\u548c\u7528\u6237\u7c7b\u578b\u3002\u6709\u4e9b\u4f7f\u7528\u4f20\u7edf\u7684\u7528\u6237\u540d\u548c\u5bc6\u7801\u51ed\u636e\uff0c\u800c\u53e6\u4e00\u4e9b\u5219\u53ef\u80fd\u5229\u7528 API \u5bc6\u94a5\u4ee4\u724c\u751a\u81f3\u5ba2\u6237\u7aef x.509 \u8bc1\u4e66\u3002\u81ea\u5b9a\u4e49\u63d0\u4f9b\u7a0b\u5e8f\u53ef\u4ee5\u96c6\u6210\u5230\u4f7f\u7528\u81ea\u5b9a\u4e49\u4e2d\u95f4\u4ef6\u4e2d\u3002 \u5bf9\u8c61\u5b58\u50a8\u9ed8\u8ba4\u81ea\u5e26\u4e24\u4e2a\u8ba4\u8bc1\u4e2d\u95f4\u4ef6\u6a21\u5757\uff0c\u5176\u4e2d\u4efb\u4f55\u4e00\u4e2a\u6a21\u5757\u90fd\u53ef\u4ee5\u4f5c\u4e3a\u5f00\u53d1\u81ea\u5b9a\u4e49\u8ba4\u8bc1\u4e2d\u95f4\u4ef6\u7684\u793a\u4f8b\u4ee3\u7801\u3002","title":"\u5bf9\u8c61\u5b58\u50a8\u8eab\u4efd\u9a8c\u8bc1"},{"location":"security/security-guide/#tempauth","text":"TempAuth \u662f\u5bf9\u8c61\u5b58\u50a8\u7684\u9ed8\u8ba4\u8eab\u4efd\u9a8c\u8bc1\u3002\u4e0e Identity \u76f8\u6bd4\uff0c\u5b83\u5c06\u7528\u6237\u5e10\u6237\u3001\u51ed\u636e\u548c\u5143\u6570\u636e\u5b58\u50a8\u5728\u5bf9\u8c61\u5b58\u50a8\u672c\u8eab\u4e2d\u3002\u6709\u5173\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u5bf9\u8c61\u5b58\u50a8 \uff08swift\uff09 \u6587\u6863\u7684\u8eab\u4efd\u9a8c\u8bc1\u7cfb\u7edf\u90e8\u5206\u3002","title":"TempAuth \u51fd\u6570"},{"location":"security/security-guide/#keystone","text":"Keystone \u662f OpenStack \u4e2d\u5e38\u7528\u7684\u8eab\u4efd\u63d0\u4f9b\u7a0b\u5e8f\u3002\u5b83\u8fd8\u53ef\u7528\u4e8e\u5bf9\u8c61\u5b58\u50a8\u4e2d\u7684\u8eab\u4efd\u9a8c\u8bc1\u3002Identity \u4e2d\u5df2\u63d0\u4f9b\u4fdd\u62a4 keystone \u7684\u8986\u76d6\u8303\u56f4\u3002","title":"Keystone"},{"location":"security/security-guide/#_211","text":"\u5728 \u4e2d /etc/swift \uff0c\u5728\u6bcf\u4e2a\u8282\u70b9\u4e0a\uff0c\u90fd\u6709\u4e00\u4e2a\u8bbe\u7f6e\u548c\u4e00\u4e2a swift_hash_path_prefix swift_hash_path_suffix \u8bbe\u7f6e\u3002\u63d0\u4f9b\u8fd9\u4e9b\u662f\u4e3a\u4e86\u51cf\u5c11\u5b58\u50a8\u5bf9\u8c61\u53d1\u751f\u54c8\u5e0c\u51b2\u7a81\u7684\u53ef\u80fd\u6027\uff0c\u5e76\u907f\u514d\u4e00\u4e2a\u7528\u6237\u8986\u76d6\u53e6\u4e00\u4e2a\u7528\u6237\u7684\u6570\u636e\u3002 \u6b64\u503c\u6700\u521d\u5e94\u4f7f\u7528\u52a0\u5bc6\u5b89\u5168\u7684\u968f\u673a\u6570\u751f\u6210\u5668\u8fdb\u884c\u8bbe\u7f6e\uff0c\u5e76\u5728\u6240\u6709\u8282\u70b9\u4e0a\u4fdd\u6301\u4e00\u81f4\u3002\u786e\u4fdd\u5b83\u53d7\u5230\u9002\u5f53\u7684 ACL \u4fdd\u62a4\uff0c\u5e76\u4e14\u60a8\u6709\u5907\u4efd\u526f\u672c\u4ee5\u907f\u514d\u6570\u636e\u4e22\u5931\u3002","title":"\u5176\u4ed6\u503c\u5f97\u6ce8\u610f\u7684\u4e8b\u9879"},{"location":"security/security-guide/#_212","text":"\u64cd\u4f5c\u5458\u901a\u8fc7\u4f7f\u7528\u5404\u79cd\u52a0\u5bc6\u5e94\u7528\u7a0b\u5e8f\u6765\u4fdd\u62a4\u4e91\u90e8\u7f72\u4e2d\u7684\u654f\u611f\u4fe1\u606f\u3002\u4f8b\u5982\uff0c\u5bf9\u9759\u6001\u6570\u636e\u8fdb\u884c\u52a0\u5bc6\u6216\u5bf9\u6620\u50cf\u8fdb\u884c\u7b7e\u540d\u4ee5\u8bc1\u660e\u5176\u672a\u88ab\u7be1\u6539\u3002\u5728\u6240\u6709\u60c5\u51b5\u4e0b\uff0c\u8fd9\u4e9b\u52a0\u5bc6\u529f\u80fd\u90fd\u9700\u8981\u67d0\u79cd\u5bc6\u94a5\u6750\u6599\u624d\u80fd\u8fd0\u884c\u3002 \u673a\u5bc6\u7ba1\u7406\u63cf\u8ff0\u4e86\u4e00\u7ec4\u65e8\u5728\u4fdd\u62a4\u8f6f\u4ef6\u7cfb\u7edf\u4e2d\u7684\u5173\u952e\u6750\u6599\u7684\u6280\u672f\u3002\u4f20\u7edf\u4e0a\uff0c\u5bc6\u94a5\u7ba1\u7406\u6d89\u53ca\u786c\u4ef6\u5b89\u5168\u6a21\u5757 \uff08HSM\uff09 \u7684\u90e8\u7f72\u3002\u8fd9\u4e9b\u8bbe\u5907\u5df2\u7ecf\u8fc7\u7269\u7406\u5f3a\u5316\uff0c\u53ef\u9632\u6b62\u7be1\u6539\u3002 \u968f\u7740\u6280\u672f\u7684\u8fdb\u6b65\uff0c\u9700\u8981\u4fdd\u62a4\u7684\u79d8\u5bc6\u7269\u54c1\u7684\u6570\u91cf\u5df2\u7ecf\u4ece\u5bc6\u94a5\u6750\u6599\u589e\u52a0\u5230\u5305\u62ec\u8bc1\u4e66\u5bf9\u3001API \u5bc6\u94a5\u3001\u7cfb\u7edf\u5bc6\u7801\u3001\u7b7e\u540d\u5bc6\u94a5\u7b49\u3002\u8fd9\u79cd\u589e\u957f\u4ea7\u751f\u4e86\u5bf9\u66f4\u5177\u53ef\u6269\u5c55\u6027\u7684\u5bc6\u94a5\u7ba1\u7406\u65b9\u6cd5\u7684\u9700\u6c42\uff0c\u5e76\u5bfc\u81f4\u521b\u5efa\u4e86\u8bb8\u591a\u63d0\u4f9b\u53ef\u6269\u5c55\u52a8\u6001\u5bc6\u94a5\u7ba1\u7406\u7684\u8f6f\u4ef6\u670d\u52a1\u3002\u672c\u7ae0\u4ecb\u7ecd\u4e86\u76ee\u524d\u5b58\u5728\u7684\u670d\u52a1\uff0c\u5e76\u91cd\u70b9\u4ecb\u7ecd\u4e86\u90a3\u4e9b\u80fd\u591f\u96c6\u6210\u5230OpenStack\u4e91\u4e2d\u7684\u670d\u52a1\u3002 \u73b0\u6709\u6280\u672f\u6458\u8981 \u76f8\u5173 Openstack \u9879\u76ee \u4f7f\u7528\u6848\u4f8b \u955c\u50cf\u7b7e\u540d\u9a8c\u8bc1 \u5377\u52a0\u5bc6 \u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6 Sahara Magnum Octavia/LBaaS Swift \u914d\u7f6e\u6587\u4ef6\u4e2d\u7684\u5bc6\u7801 Barbican \u6982\u8ff0 \u52a0\u5bc6\u63d2\u4ef6 \u7b80\u5355\u7684\u52a0\u5bc6\u63d2\u4ef6 PKCS#11\u52a0\u5bc6\u63d2\u4ef6 \u5bc6\u94a5\u5546\u5e97\u63d2\u4ef6 KMIP\u63d2\u4ef6 Dogtag \u63d2\u4ef6 Vault \u63d2\u4ef6 Castellan \u6982\u8ff0 \u5e38\u89c1\u95ee\u9898\u89e3\u7b54 \u68c0\u67e5\u8868 Check-Key-Manager-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/barbican\uff1f Check-Key-Manager-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Key-Manager-03\uff1aOpenStack Identity \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Key-Manager-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f","title":"\u673a\u5bc6\u7ba1\u7406"},{"location":"security/security-guide/#_213","text":"\u5728OpenStack\u4e2d\uff0c\u6709\u4e24\u79cd\u63a8\u8350\u7528\u4e8e\u673a\u5bc6\u7ba1\u7406\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u5373Barbican\u548cCastellan\u3002\u672c\u7ae0\u5c06\u6982\u8ff0\u4e0d\u540c\u7684\u65b9\u6848\uff0c\u4ee5\u5e2e\u52a9\u64cd\u4f5c\u5458\u9009\u62e9\u4f7f\u7528\u54ea\u4e2a\u5bc6\u94a5\u7ba1\u7406\u5668\u3002 \u7b2c\u4e09\u79cd\u4e0d\u53d7\u652f\u6301\u7684\u65b9\u6cd5\u662f\u56fa\u5b9a/\u786c\u7f16\u7801\u5bc6\u94a5\u3002\u4f17\u6240\u5468\u77e5\uff0c\u67d0\u4e9b OpenStack \u670d\u52a1\u53ef\u4ee5\u9009\u62e9\u5728\u5176\u914d\u7f6e\u6587\u4ef6\u4e2d\u6307\u5b9a\u5bc6\u94a5\u3002\u8fd9\u662f\u6700\u4e0d\u5b89\u5168\u7684\u64cd\u4f5c\u65b9\u5f0f\uff0c\u6211\u4eec\u4e0d\u5efa\u8bae\u5728\u4efb\u4f55\u7c7b\u578b\u7684\u751f\u4ea7\u73af\u5883\u4e2d\u4f7f\u7528\u3002 \u5176\u4ed6\u89e3\u51b3\u65b9\u6848\u5305\u62ec KeyWhiz\u3001Confidant\u3001Conjur\u3001EJSON\u3001Knox \u548c Red October\uff0c\u4f46\u5728\u672c\u6587\u6863\u7684\u8ba8\u8bba\u8303\u56f4\u4e4b\u5916\uff0c\u65e0\u6cd5\u6db5\u76d6\u6240\u6709\u53ef\u7528\u7684 Key Manager\u3002 \u5bf9\u4e8e\u673a\u5bc6\u7684\u5b58\u50a8\uff0c\u5f3a\u70c8\u5efa\u8bae\u4f7f\u7528\u786c\u4ef6\u5b89\u5168\u6a21\u5757 \uff08HSM\uff09 \u3002HSM \u53ef\u4ee5\u6709\u591a\u79cd\u5f62\u5f0f\u3002\u4f20\u7edf\u8bbe\u5907\u662f\u673a\u67b6\u5f0f\u8bbe\u5907\uff0c\u5982\u4ee5\u4e0b\u535a\u5ba2\u6587\u7ae0\u4e2d\u6240\u793a\u3002","title":"\u73b0\u6709\u6280\u672f\u6458\u8981"},{"location":"security/security-guide/#openstack_10","text":"Castellan \u662f\u4e00\u4e2a\u5e93\uff0c\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u7b80\u5355\u7684\u901a\u7528\u63a5\u53e3\u6765\u5b58\u50a8\u3001\u751f\u6210\u548c\u68c0\u7d22\u673a\u5bc6\u3002\u5927\u591a\u6570 Openstack \u670d\u52a1\u90fd\u4f7f\u7528\u5b83\u8fdb\u884c\u673a\u5bc6\u7ba1\u7406\u3002\u4f5c\u4e3a\u4e00\u4e2a\u56fe\u4e66\u9986\uff0cCastellan \u672c\u8eab\u5e76\u4e0d\u63d0\u4f9b\u79d8\u5bc6\u5b58\u50a8\u3002\u76f8\u53cd\uff0c\u9700\u8981\u90e8\u7f72\u540e\u7aef\u5b9e\u73b0\u3002 \u8bf7\u6ce8\u610f\uff0cCastellan \u4e0d\u63d0\u4f9b\u4efb\u4f55\u8eab\u4efd\u9a8c\u8bc1\u3002\u5b83\u53ea\u662f\u901a\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u51ed\u636e\uff08\u4f8b\u5982Keystone\u4ee4\u724c\uff09\u4f20\u9012\u5230\u540e\u7aef\u3002 Barbican \u662f\u4e00\u4e2a OpenStack \u670d\u52a1\uff0c\u4e3a Castellan \u63d0\u4f9b\u540e\u7aef\u3002Barbican \u9700\u8981\u5e76\u9a8c\u8bc1 keystone \u8eab\u4efd\u9a8c\u8bc1\u4ee4\u724c\uff0c\u4ee5\u8bc6\u522b\u8bbf\u95ee\u6216\u5b58\u50a8\u5bc6\u94a5\u7684\u7528\u6237\u548c\u9879\u76ee\u3002\u7136\u540e\uff0c\u5b83\u5e94\u7528\u7b56\u7565\u6765\u786e\u5b9a\u662f\u5426\u5141\u8bb8\u8bbf\u95ee\u3002\u5b83\u8fd8\u63d0\u4f9b\u4e86\u8bb8\u591a\u989d\u5916\u7684\u6709\u7528\u529f\u80fd\u6765\u6539\u8fdb\u5bc6\u94a5\u7ba1\u7406\uff0c\u5305\u62ec\u914d\u989d\u3001\u6bcf\u4e2a\u5bc6\u94a5\u7684 ACL\u3001\u8ddf\u8e2a\u5bc6\u94a5\u4f7f\u7528\u8005\u4ee5\u53ca\u5bc6\u94a5\u5bb9\u5668\u4e2d\u7684\u5bc6\u94a5\u5206\u7ec4\u3002\u4f8b\u5982\uff0c\u660e\u9510\u76f4\u63a5\u4e0e\u5df4\u6bd4\u80af\uff08\u800c\u4e0d\u662f\u5361\u65af\u7279\u62c9\u5170\uff09\u96c6\u6210\uff0c\u4ee5\u5229\u7528\u5176\u4e2d\u4e00\u4e9b\u529f\u80fd\u3002 Barbican \u6709\u8bb8\u591a\u540e\u7aef\u63d2\u4ef6\uff0c\u53ef\u7528\u4e8e\u5c06\u673a\u5bc6\u5b89\u5168\u5730\u5b58\u50a8\u5728\u672c\u5730\u6570\u636e\u5e93\u6216 HSM \u4e2d\u3002 \u76ee\u524d\uff0cBarbican \u662f Castellan \u552f\u4e00\u53ef\u7528\u7684\u540e\u7aef\u3002\u7136\u800c\uff0c\u6709\u51e0\u4e2a\u540e\u7aef\u6b63\u5728\u5f00\u53d1\u4e2d\uff0c\u5305\u62ec KMIP\u3001Dogtag\u3001Hashicorp Vault \u548c Custodia\u3002\u5bf9\u4e8e\u90a3\u4e9b\u4e0d\u5e0c\u671b\u90e8\u7f72 Barbican \u5e76\u4e14\u5bc6\u94a5\u7ba1\u7406\u9700\u6c42\u76f8\u5bf9\u7b80\u5355\u7684\u90e8\u7f72\u4eba\u5458\u6765\u8bf4\uff0c\u4f7f\u7528\u8fd9\u4e9b\u540e\u7aef\u4e4b\u4e00\u53ef\u80fd\u662f\u4e00\u4e2a\u53ef\u884c\u7684\u66ff\u4ee3\u65b9\u6848\u3002\u4f46\u662f\uff0c\u5728\u68c0\u7d22\u5bc6\u94a5\u65f6\uff0c\u7f3a\u5c11\u7684\u662f\u591a\u79df\u6237\u548c\u79df\u6237\u7b56\u7565\u7684\u5b9e\u65bd\uff0c\u4ee5\u53ca\u4e0a\u9762\u63d0\u5230\u7684\u4efb\u4f55\u989d\u5916\u529f\u80fd\u3002","title":"\u76f8\u5173 Openstack \u9879\u76ee"},{"location":"security/security-guide/#_214","text":"","title":"\u4f7f\u7528\u6848\u4f8b"},{"location":"security/security-guide/#_215","text":"\u9a8c\u8bc1\u955c\u50cf\u7b7e\u540d\u53ef\u786e\u4fdd\u955c\u50cf\u81ea\u539f\u59cb\u4e0a\u4f20\u4ee5\u6765\u4e0d\u4f1a\u88ab\u66ff\u6362\u6216\u66f4\u6539\u3002\u955c\u50cf\u7b7e\u540d\u9a8c\u8bc1\u529f\u80fd\u4f7f\u7528 Castellan \u4f5c\u4e3a\u5176\u5bc6\u94a5\u7ba1\u7406\u5668\u6765\u5b58\u50a8\u52a0\u5bc6\u7b7e\u540d\u3002\u955c\u50cf\u7b7e\u540d\u548c\u8bc1\u4e66 UUID \u5c06\u4e0e\u955c\u50cf\u4e00\u8d77\u4e0a\u4f20\u5230\u955c\u50cf \uff08glance\uff09 \u670d\u52a1\u3002Glance \u5728\u4ece\u5bc6\u94a5\u7ba1\u7406\u5668\u68c0\u7d22\u8bc1\u4e66\u540e\u9a8c\u8bc1\u7b7e\u540d\u3002\u542f\u52a8\u955c\u50cf\u65f6\uff0c\u8ba1\u7b97\u670d\u52a1 \uff08nova\uff09 \u5728\u4ece\u5bc6\u94a5\u7ba1\u7406\u5668\u68c0\u7d22\u8bc1\u4e66\u540e\u9a8c\u8bc1\u7b7e\u540d\u3002 \u6709\u5173\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u53ef\u4fe1\u6620\u50cf\u6587\u6863\u3002","title":"\u955c\u50cf\u7b7e\u540d\u9a8c\u8bc1"},{"location":"security/security-guide/#_216","text":"\u5377\u52a0\u5bc6\u529f\u80fd\u4f7f\u7528 Castellan \u63d0\u4f9b\u9759\u6001\u6570\u636e\u52a0\u5bc6\u3002\u5f53\u7528\u6237\u521b\u5efa\u52a0\u5bc6\u5377\u7c7b\u578b\u5e76\u4f7f\u7528\u8be5\u7c7b\u578b\u521b\u5efa\u5377\u65f6\uff0c\u5757\u5b58\u50a8 \uff08cinder\uff09 \u670d\u52a1\u4f1a\u8bf7\u6c42\u5bc6\u94a5\u7ba1\u7406\u5668\u521b\u5efa\u8981\u4e0e\u8be5\u5377\u5173\u8054\u7684\u5bc6\u94a5\u3002\u5f53\u5377\u9644\u52a0\u5230\u5b9e\u4f8b\u65f6\uff0cnova \u4f1a\u68c0\u7d22\u5bc6\u94a5\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u6570\u636e\u52a0\u5bc6\u90e8\u5206\u3002\u548c\u5377\u52a0\u5bc6\u3002","title":"\u5377\u52a0\u5bc6"},{"location":"security/security-guide/#_217","text":"\u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\u529f\u80fd\u53ef\u89e3\u51b3\u6570\u636e\u9690\u79c1\u95ee\u9898\u3002\u4e34\u65f6\u78c1\u76d8\u662f\u865a\u62df\u4e3b\u673a\u64cd\u4f5c\u7cfb\u7edf\u4f7f\u7528\u7684\u4e34\u65f6\u5de5\u4f5c\u7a7a\u95f4\u3002\u5982\u679c\u4e0d\u52a0\u5bc6\uff0c\u53ef\u4ee5\u5728\u6b64\u78c1\u76d8\u4e0a\u8bbf\u95ee\u654f\u611f\u7684\u7528\u6237\u4fe1\u606f\uff0c\u5e76\u4e14\u5728\u5378\u8f7d\u78c1\u76d8\u540e\u53ef\u80fd\u4f1a\u4fdd\u7559\u6b8b\u7559\u4fe1\u606f\u3002 \u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\u529f\u80fd\u53ef\u4ee5\u901a\u8fc7\u5b89\u5168\u5305\u88c5\u5668\u4e0e\u5bc6\u94a5\u7ba1\u7406\u670d\u52a1\u4ea4\u4e92\uff0c\u5e76\u901a\u8fc7\u6309\u79df\u6237\u63d0\u4f9b\u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\u5bc6\u94a5\u6765\u652f\u6301\u6570\u636e\u9694\u79bb\u3002\u5efa\u8bae\u4f7f\u7528\u540e\u7aef\u5bc6\u94a5\u5b58\u50a8\u4ee5\u589e\u5f3a\u5b89\u5168\u6027\uff08\u4f8b\u5982\uff0cHSM \u6216 KMIP \u670d\u52a1\u5668\u53ef\u7528\u4f5c barbican \u540e\u7aef\u5bc6\u94a5\u5b58\u50a8\uff09\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\u6587\u6863\u3002","title":"\u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6"},{"location":"security/security-guide/#sahara","text":"Sahara\u5728\u64cd\u4f5c\u8fc7\u7a0b\u4e2d\u751f\u6210\u5e76\u5b58\u50a8\u591a\u4e2a\u5bc6\u7801\u3002\u4e3a\u4e86\u52a0\u5f3aSahara\u5bf9\u5bc6\u7801\u7684\u4f7f\u7528\uff0c\u53ef\u4ee5\u6307\u793a\u5b83\u4f7f\u7528\u5916\u90e8\u5bc6\u94a5\u7ba1\u7406\u5668\u6765\u5b58\u50a8\u548c\u68c0\u7d22\u8fd9\u4e9b\u5bc6\u94a5\u3002\u8981\u542f\u7528\u6b64\u529f\u80fd\uff0c\u5fc5\u987b\u9996\u5148\u5728\u5806\u6808\u4e2d\u90e8\u7f72\u4e00\u4e2a OpenStack Key Manager \u670d\u52a1\u3002 \u5728\u5806\u6808\u4e0a\u90e8\u7f72\u5bc6\u94a5\u7ba1\u7406\u5668\u670d\u52a1\u540e\uff0c\u5fc5\u987b\u5c06 sahara \u914d\u7f6e\u4e3a\u542f\u7528\u5bc6\u94a5\u7684\u5916\u90e8\u5b58\u50a8\u3002Sahara \u4f7f\u7528 Castellan \u5e93\u4e0e OpenStack Key Manager \u670d\u52a1\u8fdb\u884c\u4ea4\u4e92\u3002\u6b64\u5e93\u63d0\u4f9b\u5bf9\u5bc6\u94a5\u7ba1\u7406\u5668\u7684\u53ef\u914d\u7f6e\u8bbf\u95ee\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 Sahara \u9ad8\u7ea7\u914d\u7f6e\u6307\u5357\u3002","title":"Sahara"},{"location":"security/security-guide/#magnum","text":"\u4e3a\u4e86\u4f7f\u7528\u672c\u673a\u5ba2\u6237\u7aef\uff08 docker \u6216 kubectl \u5206\u522b\uff09\u63d0\u4f9b\u5bf9 Docker Swarm \u6216 Kubernetes \u7684\u8bbf\u95ee\uff0cmagnum \u4f7f\u7528 TLS \u8bc1\u4e66\u3002\u8981\u5b58\u50a8\u8bc1\u4e66\uff0c\u5efa\u8bae\u4f7f\u7528 Barbican \u6216 Magnum \u6570\u636e\u5e93 \uff08 x590keypair \uff09\u3002 \u4e5f\u53ef\u4ee5\u4f7f\u7528\u672c\u5730\u76ee\u5f55 \uff08 local \uff09\uff0c\u4f46\u88ab\u8ba4\u4e3a\u662f\u4e0d\u5b89\u5168\u7684\uff0c\u4e0d\u9002\u5408\u751f\u4ea7\u73af\u5883\u3002 \u6709\u5173\u4e3a Magnum \u8bbe\u7f6e\u8bc1\u4e66\u7ba1\u7406\u5668\u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u5bb9\u5668\u57fa\u7840\u67b6\u6784\u7ba1\u7406\u670d\u52a1\u6587\u6863\u3002","title":"Magnum"},{"location":"security/security-guide/#octavialbaas","text":"Neutron \u548c Octavia \u9879\u76ee\u7684 LBaaS\uff08\u8d1f\u8f7d\u5747\u8861\u5668\u5373\u670d\u52a1\uff09\u529f\u80fd\u9700\u8981\u8bc1\u4e66\u53ca\u5176\u79c1\u94a5\u6765\u4e3a TLS \u8fde\u63a5\u63d0\u4f9b\u8d1f\u8f7d\u5747\u8861\u3002Barbican \u53ef\u7528\u4e8e\u5b58\u50a8\u6b64\u654f\u611f\u4fe1\u606f\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u5982\u4f55\u521b\u5efa TLS \u8d1f\u8f7d\u5747\u8861\u5668\u548c\u90e8\u7f72\u4ee5 TLS \u7ed3\u5c3e\u7684 HTTPS \u8d1f\u8f7d\u5747\u8861\u5668\u3002","title":"Octavia/LBaaS"},{"location":"security/security-guide/#swift","text":"\u5bf9\u79f0\u5bc6\u94a5\u53ef\u7528\u4e8e\u52a0\u5bc6 Swift \u5bb9\u5668\uff0c\u4ee5\u964d\u4f4e\u7528\u6237\u6570\u636e\u88ab\u8bfb\u53d6\u7684\u98ce\u9669\uff0c\u5982\u679c\u672a\u7ecf\u6388\u6743\u7684\u4e00\u65b9\u8981\u83b7\u5f97\u5bf9\u78c1\u76d8\u7684\u7269\u7406\u8bbf\u95ee\u6743\u9650\u3002 \u6709\u5173\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u5b98\u65b9 swift \u6587\u6863\u4e2d\u7684\u5bf9\u8c61\u52a0\u5bc6\u90e8\u5206\u3002","title":"Swift"},{"location":"security/security-guide/#_218","text":"OpenStack \u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u5305\u542b\u8bb8\u591a\u7eaf\u6587\u672c\u5bc6\u7801\u3002\u4f8b\u5982\uff0c\u8fd9\u4e9b\u5305\u62ec\u670d\u52a1\u7528\u6237\u7528\u4e8e\u5411 keystone \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u4ee5\u9a8c\u8bc1 keystone \u4ee4\u724c\u7684\u5bc6\u7801\u3002 \u76ee\u524d\u6ca1\u6709\u5bf9\u8fd9\u4e9b\u5bc6\u7801\u8fdb\u884c\u6a21\u7cca\u5904\u7406\u7684\u89e3\u51b3\u65b9\u6848\u3002\u5efa\u8bae\u901a\u8fc7\u6587\u4ef6\u6743\u9650\u9002\u5f53\u5730\u4fdd\u62a4\u8fd9\u4e9b\u6587\u4ef6\u3002 \u76ee\u524d\u6b63\u5728\u52aa\u529b\u5c06\u8fd9\u4e9b\u5bc6\u94a5\u5b58\u50a8\u5728 Castellan \u540e\u7aef\uff0c\u7136\u540e\u8ba9 oslo.config \u4f7f\u7528 Castellan \u6765\u68c0\u7d22\u8fd9\u4e9b\u5bc6\u94a5\u3002","title":"\u914d\u7f6e\u6587\u4ef6\u4e2d\u7684\u5bc6\u7801"},{"location":"security/security-guide/#barbican","text":"","title":"Barbican"},{"location":"security/security-guide/#_219","text":"Barbican \u662f\u4e00\u4e2a REST API\uff0c\u65e8\u5728\u5b89\u5168\u5b58\u50a8\u3001\u914d\u7f6e\u548c\u7ba1\u7406\u5bc6\u7801\u3001\u52a0\u5bc6\u5bc6\u94a5\u548c X.509 \u8bc1\u4e66\u7b49\u673a\u5bc6\u3002\u5b83\u65e8\u5728\u5bf9\u6240\u6709\u73af\u5883\u90fd\u6709\u7528\uff0c\u5305\u62ec\u5927\u578b\u77ed\u6682\u4e91\u3002 Barbican \u4e0e\u591a\u4e2a OpenStack \u529f\u80fd\u96c6\u6210\uff0c\u53ef\u4ee5\u76f4\u63a5\u96c6\u6210\uff0c\u4e5f\u53ef\u4ee5\u4f5c\u4e3a Castellan \u7684\u540e\u7aef\u96c6\u6210\u3002 Barbican \u901a\u5e38\u7528\u4f5c\u5bc6\u94a5\u7ba1\u7406\u7cfb\u7edf\uff0c\u4ee5\u5b9e\u73b0\u56fe\u50cf\u7b7e\u540d\u9a8c\u8bc1\u3001\u5377\u52a0\u5bc6\u7b49\u7528\u4f8b\u3002\u8fd9\u4e9b\u7528\u4f8b\u5728\u7528\u4f8b\u4e2d\u8fdb\u884c\u4e86\u6982\u8ff0","title":"\u6982\u8ff0"},{"location":"security/security-guide/#barbican_1","text":"\u5f85\u5b9a","title":"Barbican \u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236"},{"location":"security/security-guide/#_220","text":"Key Manager \u670d\u52a1\u5177\u6709\u63d2\u4ef6\u67b6\u6784\uff0c\u5141\u8bb8\u90e8\u7f72\u7a0b\u5e8f\u5c06\u5bc6\u94a5\u5b58\u50a8\u5728\u4e00\u4e2a\u6216\u591a\u4e2a\u5bc6\u94a5\u5b58\u50a8\u4e2d\u3002\u673a\u5bc6\u5b58\u50a8\u53ef\u4ee5\u662f\u57fa\u4e8e\u8f6f\u4ef6\u7684\uff08\u5982\u8f6f\u4ef6\u4ee4\u724c\uff09\uff0c\u4e5f\u53ef\u4ee5\u662f\u57fa\u4e8e\u786c\u4ef6\u8bbe\u5907\uff08\u5982\u786c\u4ef6\u5b89\u5168\u6a21\u5757 \uff08HSM\uff09\uff09\u7684\u3002\u672c\u8282\u4ecb\u7ecd\u5f53\u524d\u53ef\u7528\u7684\u63d2\u4ef6\uff0c\u5e76\u8ba8\u8bba\u6bcf\u4e2a\u63d2\u4ef6\u7684\u5b89\u5168\u72b6\u51b5\u3002\u63d2\u4ef6\u5df2\u542f\u7528\u5e76\u4f7f\u7528\u914d\u7f6e\u6587\u4ef6\u4e2d\u7684 /etc/barbican/barbican.conf \u8bbe\u7f6e\u8fdb\u884c\u914d\u7f6e\u3002 \u6709\u4e24\u79cd\u7c7b\u578b\u7684\u63d2\u4ef6\uff1a\u52a0\u5bc6\u63d2\u4ef6\u548c\u673a\u5bc6\u5b58\u50a8\u63d2\u4ef6\u3002","title":"\u673a\u5bc6\u5b58\u50a8\u540e\u7aef"},{"location":"security/security-guide/#_221","text":"\u52a0\u5bc6\u63d2\u4ef6\u5c06\u673a\u5bc6\u5b58\u50a8\u4e3a Barbican \u6570\u636e\u5e93\u4e2d\u7684\u52a0\u5bc6 blob\u3002\u8c03\u7528\u8be5\u63d2\u4ef6\u6765\u52a0\u5bc6\u5bc6\u94a5\u5b58\u50a8\u4e0a\u7684\u5bc6\u94a5\uff0c\u5e76\u5728\u5bc6\u94a5\u68c0\u7d22\u65f6\u89e3\u5bc6\u5bc6\u94a5\u3002\u76ee\u524d\u6709\u4e24\u79cd\u7c7b\u578b\u7684\u5b58\u50a8\u63d2\u4ef6\u53ef\u7528\uff1aSimple Crypto \u63d2\u4ef6\u548c PKCS#11 \u52a0\u5bc6\u63d2\u4ef6\u3002","title":"\u52a0\u5bc6\u63d2\u4ef6"},{"location":"security/security-guide/#_222","text":"\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u5728 \u4e2d barbican.conf \u914d\u7f6e\u4e86\u7b80\u5355\u7684\u52a0\u5bc6\u63d2\u4ef6\u3002\u8be5\u63d2\u4ef6\u4f7f\u7528\u5355\u4e2a\u5bf9\u79f0\u5bc6\u94a5\uff08KEK - \u6216\u201c\u5bc6\u94a5\u52a0\u5bc6\u5bc6\u94a5\u201d\uff09\uff0c\u8be5\u5bc6\u94a5\u4ee5\u7eaf\u6587\u672c\u5f62\u5f0f\u5b58\u50a8\u5728 barbican.conf \u6587\u4ef6\u4e2d\uff0c\u4ee5\u52a0\u5bc6\u548c\u89e3\u5bc6\u6240\u6709\u673a\u5bc6\u3002\u6b64\u63d2\u4ef6\u88ab\u8ba4\u4e3a\u662f\u4e0d\u592a\u5b89\u5168\u7684\u9009\u9879\uff0c\u4ec5\u9002\u7528\u4e8e\u5f00\u53d1\u548c\u6d4b\u8bd5\uff0c\u56e0\u4e3a\u4e3b\u5bc6\u94a5\u4ee5\u7eaf\u6587\u672c\u5f62\u5f0f\u5b58\u50a8\u5728\u914d\u7f6e\u6587\u4ef6\u4e2d\uff0c\u56e0\u6b64\u4e0d\u5efa\u8bae\u5728\u751f\u4ea7\u90e8\u7f72\u4e2d\u4f7f\u7528\u3002","title":"\u7b80\u5355\u7684\u52a0\u5bc6\u63d2\u4ef6"},{"location":"security/security-guide/#pkcs11","text":"PKCS#11 \u52a0\u5bc6\u63d2\u4ef6\u53ef\u7528\u4e8e\u4e0e\u4f7f\u7528 PKCS#11 \u534f\u8bae\u7684\u786c\u4ef6\u5b89\u5168\u6a21\u5757 \uff08HSM\uff09 \u8fde\u63a5\u3002\u673a\u5bc6\u7531\u9879\u76ee\u7279\u5b9a\u7684\u5bc6\u94a5\u52a0\u5bc6\u5bc6\u94a5 \uff08KEK\uff09 \u52a0\u5bc6 \uff08\u5e76\u5728\u68c0\u7d22\u65f6\u89e3\u5bc6\uff09 \u3002KEK \u53d7\u4e3b KEK \uff08MKEK\uff09 \u4fdd\u62a4\uff08\u52a0\u5bc6\uff09\u3002MKEK \u4e0e HMAC \u4e00\u8d77\u9a7b\u7559\u5728 HSM \u4e2d\u3002\u7531\u4e8e\u6bcf\u4e2a\u9879\u76ee\u90fd\u4f7f\u7528\u4e0d\u540c\u7684 KEK\uff0c\u5e76\u4e14\u7531\u4e8e KEK \u4ee5\u52a0\u5bc6\u5f62\u5f0f\uff08\u800c\u4e0d\u662f\u914d\u7f6e\u6587\u4ef6\u4e2d\u7684\u660e\u6587\uff09\u5b58\u50a8\u5728\u6570\u636e\u5e93\u4e2d\uff0c\u56e0\u6b64 PKCS#11 \u63d2\u4ef6\u6bd4\u7b80\u5355\u7684\u52a0\u5bc6\u63d2\u4ef6\u5b89\u5168\u5f97\u591a\u3002\u5b83\u662f Barbican \u90e8\u7f72\u4e2d\u6700\u53d7\u6b22\u8fce\u7684\u540e\u7aef\u3002","title":"PKCS#11 \u52a0\u5bc6\u63d2\u4ef6"},{"location":"security/security-guide/#_223","text":"\u5bc6\u94a5\u5b58\u50a8\u63d2\u4ef6\u4e0e\u5b89\u5168\u5b58\u50a8\u7cfb\u7edf\u63a5\u53e3\uff0c\u4ee5\u5c06\u5bc6\u94a5\u5b58\u50a8\u5728\u8fd9\u4e9b\u7cfb\u7edf\u4e2d\u3002\u5bc6\u94a5\u5b58\u50a8\u63d2\u4ef6\u6709\u4e09\u79cd\u7c7b\u578b\uff1aKMIP \u63d2\u4ef6\u3001Dogtag \u63d2\u4ef6\u548c Vault \u63d2\u4ef6\u3002","title":"\u673a\u5bc6\u5b58\u50a8\u63d2\u4ef6"},{"location":"security/security-guide/#kmip","text":"\u5bc6\u94a5\u7ba1\u7406\u4e92\u64cd\u4f5c\u6027\u534f\u8bae \uff08KMIP\uff09 \u5bc6\u94a5\u5b58\u50a8\u63d2\u4ef6\u7528\u4e8e\u4e0e\u542f\u7528\u4e86 KMIP \u7684\u8bbe\u5907\uff08\u5982\u786c\u4ef6\u5b89\u5168\u6a21\u5757 \uff08HSM\uff09\uff09\u8fdb\u884c\u901a\u4fe1\u3002\u5bc6\u94a5\u76f4\u63a5\u5b89\u5168\u5730\u5b58\u50a8\u5728\u542f\u7528\u4e86 KMIP \u7684\u8bbe\u5907\u4e2d\uff0c\u800c\u4e0d\u662f\u5b58\u50a8\u5728 Barbican \u6570\u636e\u5e93\u4e2d\u3002Barbican \u6570\u636e\u5e93\u7ef4\u62a4\u5bf9\u5bc6\u94a5\u4f4d\u7f6e\u7684\u5f15\u7528\uff0c\u4ee5\u4f9b\u4ee5\u540e\u68c0\u7d22\u3002\u8be5\u63d2\u4ef6\u53ef\u4ee5\u914d\u7f6e\u4e3a\u4f7f\u7528\u7528\u6237\u540d\u548c\u5bc6\u7801\u6216\u4f7f\u7528\u5ba2\u6237\u7aef\u8bc1\u4e66\u5411\u542f\u7528\u4e86 KMIP \u7684\u8bbe\u5907\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u6b64\u4fe1\u606f\u5b58\u50a8\u5728 Barbican \u914d\u7f6e\u6587\u4ef6\u4e2d\u3002","title":"KMIP \u63d2\u4ef6"},{"location":"security/security-guide/#dogtag","text":"Dogtag \u79d8\u5bc6\u5b58\u50a8\u63d2\u4ef6\u7528\u4e8e\u4e0e Dogtag \u901a\u4fe1\u3002Dogtag \u662f\u5bf9\u5e94\u4e8e Red Hat \u8bc1\u4e66\u7cfb\u7edf\u7684\u4e0a\u6e38\u9879\u76ee\uff0cRed Hat Certificate System \u662f\u4e00\u4e2a\u901a\u7528\u6807\u51c6/FIPS \u8ba4\u8bc1\u7684 PKI \u89e3\u51b3\u65b9\u6848\uff0c\u5305\u542b\u8bc1\u4e66\u7ba1\u7406\u5668 \uff08CA\uff09 \u548c\u5bc6\u94a5\u6062\u590d\u673a\u6784 \uff08KRA\uff09\uff0c\u7528\u4e8e\u5b89\u5168\u5b58\u50a8\u673a\u5bc6\u3002KRA \u5c06\u673a\u5bc6\u4f5c\u4e3a\u52a0\u5bc6\u7684 blob \u5b58\u50a8\u5728\u5176\u5185\u90e8\u6570\u636e\u5e93\u4e2d\uff0c\u4e3b\u52a0\u5bc6\u5bc6\u94a5\u5b58\u50a8\u5728\u57fa\u4e8e\u8f6f\u4ef6\u7684 NSS \u5b89\u5168\u6570\u636e\u5e93\u4e2d\uff0c\u6216\u5b58\u50a8\u5728\u786c\u4ef6\u5b89\u5168\u6a21\u5757 \uff08HSM\uff09 \u4e2d\u3002\u57fa\u4e8e\u8f6f\u4ef6\u7684 NSS \u6570\u636e\u5e93\u914d\u7f6e\u4e3a\u4e0d\u5e0c\u671b\u4f7f\u7528 HSM \u7684\u90e8\u7f72\u63d0\u4f9b\u4e86\u5b89\u5168\u9009\u9879\u3002KRA \u662f FreeIPA \u7684\u4e00\u4e2a\u7ec4\u4ef6\uff0c\u56e0\u6b64\u53ef\u4ee5\u4f7f\u7528 FreeIPA \u670d\u52a1\u5668\u914d\u7f6e\u63d2\u4ef6\u3002\u4ee5\u4e0b\u535a\u5ba2\u6587\u7ae0\u4e2d\u63d0\u4f9b\u4e86\u6709\u5173\u5982\u4f55\u4f7f\u7528 FreeIPA \u8bbe\u7f6e Barbican \u7684\u66f4\u8be6\u7ec6\u8bf4\u660e\u3002","title":"Dogtag \u63d2\u4ef6"},{"location":"security/security-guide/#vault","text":"Vault \u662f Hashicorp \u5f00\u53d1\u7684\u79d8\u5bc6\u5b58\u50a8\uff0c\u7528\u4e8e\u5b89\u5168\u8bbf\u95ee\u673a\u5bc6\u548c\u5176\u4ed6\u5bf9\u8c61\uff0c\u4f8b\u5982 API \u5bc6\u94a5\u3001\u5bc6\u7801\u6216\u8bc1\u4e66\u3002\u4fdd\u9669\u67dc\u4e3a\u4efb\u4f55\u673a\u5bc6\u63d0\u4f9b\u7edf\u4e00\u7684\u754c\u9762\uff0c\u540c\u65f6\u63d0\u4f9b\u4e25\u683c\u7684\u8bbf\u95ee\u63a7\u5236\u5e76\u8bb0\u5f55\u8be6\u7ec6\u7684\u5ba1\u6838\u65e5\u5fd7\u3002Vault \u4f01\u4e1a\u7248\u8fd8\u5141\u8bb8\u4e0e HSM \u96c6\u6210\u4ee5\u8fdb\u884c\u81ea\u52a8\u89e3\u5c01\u3001\u63d0\u4f9b FIPS \u5bc6\u94a5\u5b58\u50a8\u548c\u71b5\u589e\u5f3a\u3002\u4f46\u662f\uff0cVault \u63d2\u4ef6\u7684\u7f3a\u70b9\u662f\u5b83\u4e0d\u652f\u6301\u591a\u79df\u6237\uff0c\u56e0\u6b64\u6240\u6709\u5bc6\u94a5\u90fd\u5c06\u5b58\u50a8\u5728\u540c\u4e00\u4e2a\u952e/\u503c\u5bc6\u94a5\u5f15\u64ce\u4e0b\u3002\u6302\u8f7d\u70b9\u3002","title":"Vault \u63d2\u4ef6"},{"location":"security/security-guide/#_224","text":"Barbican \u56e2\u961f\u4e0e OpenStack \u5b89\u5168\u9879\u76ee\u5408\u4f5c\uff0c\u5bf9\u6700\u4f73\u5b9e\u8df5 Barbican \u90e8\u7f72\u8fdb\u884c\u4e86\u5b89\u5168\u5ba1\u67e5\u3002\u5b89\u5168\u5ba1\u67e5\u7684\u76ee\u7684\u662f\u8bc6\u522b\u670d\u52a1\u8bbe\u8ba1\u548c\u4f53\u7cfb\u7ed3\u6784\u4e2d\u7684\u5f31\u70b9\u548c\u7f3a\u9677\uff0c\u5e76\u63d0\u51fa\u89e3\u51b3\u8fd9\u4e9b\u95ee\u9898\u7684\u63a7\u5236\u6216\u4fee\u590d\u63aa\u65bd\u3002 \u5df4\u6bd4\u80af\u5a01\u80c1\u5206\u6790\u786e\u5b9a\u4e86\u516b\u9879\u5b89\u5168\u53d1\u73b0\u548c\u4e24\u9879\u5efa\u8bae\uff0c\u4ee5\u63d0\u9ad8\u5df4\u6bd4\u80af\u90e8\u7f72\u7684\u5b89\u5168\u6027\u3002\u8fd9\u4e9b\u7ed3\u679c\u53ef\u4ee5\u5728\u5b89\u5168\u5206\u6790\u5b58\u50a8\u5e93\u4e2d\u67e5\u770b\uff0c\u4ee5\u53ca Barbican \u4f53\u7cfb\u7ed3\u6784\u56fe\u548c\u4f53\u7cfb\u7ed3\u6784\u63cf\u8ff0\u9875\u3002","title":"\u5a01\u80c1\u5206\u6790"},{"location":"security/security-guide/#castellan","text":"","title":"Castellan"},{"location":"security/security-guide/#_225","text":"Castellan \u662f\u7531 Barbican \u56e2\u961f\u5f00\u53d1\u7684\u901a\u7528\u5bc6\u94a5\u7ba1\u7406\u5668\u754c\u9762\u3002\u5b83\u4f7f\u9879\u76ee\u80fd\u591f\u4f7f\u7528\u53ef\u914d\u7f6e\u7684\u5bc6\u94a5\u7ba1\u7406\u5668\uff0c\u8be5\u7ba1\u7406\u5668\u53ef\u4ee5\u7279\u5b9a\u4e8e\u90e8\u7f72\u3002","title":"\u6982\u8ff0"},{"location":"security/security-guide/#_226","text":"\u200b 1.\u5728 OpenStack \u4e2d\u5b89\u5168\u5b58\u50a8\u5bc6\u94a5\u7684\u63a8\u8350\u65b9\u6cd5\u662f\u4ec0\u4e48\uff1f \u5728OpenStack\u4e2d\u5b89\u5168\u5730\u5b58\u50a8\u548c\u7ba1\u7406\u5bc6\u94a5\u7684\u63a8\u8350\u65b9\u6cd5\u662f\u4f7f\u7528Barbican\u3002 \u200b 2.\u6211\u4e3a\u4ec0\u4e48\u8981\u4f7f\u7528Barbican\uff1f Barbican \u662f\u4e00\u79cd OpenStack \u670d\u52a1\uff0c\u5b83\u652f\u6301\u591a\u79df\u6237\uff0c\u5e76\u4f7f\u7528 Keystone \u4ee4\u724c\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u8fd9\u610f\u5473\u7740\u5bf9\u5bc6\u94a5\u7684\u8bbf\u95ee\u662f\u901a\u8fc7\u79df\u6237\u548c RBAC \u89d2\u8272\u7684 OpenStack \u7b56\u7565\u6765\u63a7\u5236\u7684\u3002 Barbican \u5177\u6709\u591a\u4e2a\u53ef\u63d2\u62d4\u540e\u7aef\uff0c\u53ef\u4ee5\u4f7f\u7528 PKCS#11 \u6216 KMIP \u4e0e\u57fa\u4e8e\u8f6f\u4ef6\u548c\u786c\u4ef6\u7684\u5b89\u5168\u6a21\u5757\u8fdb\u884c\u901a\u4fe1\u3002 \u200b 3.\u5982\u679c\u6211\u4e0d\u60f3\u4f7f\u7528Barbican\u600e\u4e48\u529e\uff1f \u5728 Openstack \u4e0a\u4e0b\u6587\u4e2d\uff0c\u9700\u8981\u7ba1\u7406\u4e24\u79cd\u7c7b\u578b\u7684\u5bc6\u94a5 - \u9700\u8981\u5bc6\u94a5\u5931\u771f\u4ee4\u724c\u624d\u80fd\u8bbf\u95ee\u7684\u5bc6\u94a5\uff0c\u4ee5\u53ca\u4e0d\u9700\u8981\u5bc6\u94a5\u9a8c\u8bc1\u4ee4\u724c\u7684\u5bc6\u94a5\u3002 \u9700\u8981 keystone \u8eab\u4efd\u9a8c\u8bc1\u7684\u5bc6\u94a5\u7684\u4e00\u4e2a\u793a\u4f8b\u662f\u7279\u5b9a\u9879\u76ee\u62e5\u6709\u7684\u5bc6\u7801\u548c\u5bc6\u94a5\u3002\u4f8b\u5982\uff0c\u8fd9\u4e9b\u5305\u62ec\u9879\u76ee\u52a0\u5bc6\u7164\u6e23\u5377\u7684\u52a0\u5bc6\u5bc6\u94a5\u6216\u9879\u76ee\u6982\u89c8\u56fe\u50cf\u7684\u7b7e\u540d\u5bc6\u94a5\u3002 \u4e0d\u9700\u8981 keystone \u4ee4\u724c\u5373\u53ef\u8bbf\u95ee\u7684\u5bc6\u94a5\u793a\u4f8b\u5305\u62ec\u670d\u52a1\u914d\u7f6e\u6587\u4ef6\u4e2d\u670d\u52a1\u7528\u6237\u7684\u5bc6\u7801\u6216\u4e0d\u5c5e\u4e8e\u4efb\u4f55\u7279\u5b9a\u9879\u76ee\u7684\u52a0\u5bc6\u5bc6\u94a5\u3002 \u9700\u8981 keystone \u4ee4\u724c\u7684\u673a\u5bc6\u5e94\u4f7f\u7528 Barbican \u8fdb\u884c\u5b58\u50a8\u3002 \u4e0d\u9700\u8981 keystone \u8eab\u4efd\u9a8c\u8bc1\u7684\u5bc6\u94a5\u53ef\u4ee5\u5b58\u50a8\u5728\u4efb\u4f55\u5bc6\u94a5\u5b58\u50a8\u4e2d\uff0c\u8be5\u5bc6\u94a5\u5b58\u50a8\u5b9e\u73b0\u4e86\u901a\u8fc7 Castellan \u516c\u5f00\u7684\u7b80\u5355\u5bc6\u94a5\u5b58\u50a8 API\u3002\u8fd9\u4e5f\u5305\u62ec\u5df4\u6bd4\u80af\u3002 \u200b 4.\u5982\u4f55\u4f7f\u7528 Vault\u3001Keywhiz\u3001Custodia \u7b49...\uff1f \u5982\u679c\u5df2\u4e3a\u8be5\u5bc6\u94a5\u7ba1\u7406\u5668\u7f16\u5199\u4e86 Castellan \u63d2\u4ef6\uff0c\u5219\u60a8\u9009\u62e9\u7684\u5bc6\u94a5\u7ba1\u7406\u5668\u53ef\u4ee5\u4e0e\u8be5\u5bc6\u94a5\u7ba1\u7406\u5668\u4e00\u8d77\u4f7f\u7528\u3002\u4e00\u65e6\u8be5\u63d2\u4ef6\u88ab\u7f16\u5199\u51fa\u6765\uff0c\u76f4\u63a5\u4f7f\u7528\u8be5\u63d2\u4ef6\u6216\u5728 Barbican \u540e\u9762\u4f7f\u7528\u8be5\u63d2\u4ef6\u662f\u76f8\u5bf9\u5fae\u4e0d\u8db3\u9053\u7684\u3002 \u76ee\u524d\uff0cVault \u548c Custodia \u63d2\u4ef6\u6b63\u5728\u4e3a Queens \u5468\u671f\u5f00\u53d1\u3002","title":"\u5e38\u89c1\u95ee\u9898\u89e3\u7b54"},{"location":"security/security-guide/#_227","text":"","title":"\u68c0\u67e5\u8868"},{"location":"security/security-guide/#check-key-manager-01-rootbarbican","text":"\u914d\u7f6e\u6587\u4ef6\u5305\u542b\u7ec4\u4ef6\u5e73\u7a33\u8fd0\u884c\u6240\u9700\u7684\u5173\u952e\u53c2\u6570\u548c\u4fe1\u606f\u3002\u5982\u679c\u975e\u7279\u6743\u7528\u6237\u6709\u610f\u6216\u65e0\u610f\u5730\u4fee\u6539\u6216\u5220\u9664\u4efb\u4f55\u53c2\u6570\u6216\u6587\u4ef6\u672c\u8eab\uff0c\u5219\u4f1a\u5bfc\u81f4\u4e25\u91cd\u7684\u53ef\u7528\u6027\u95ee\u9898\uff0c\u4ece\u800c\u5bfc\u81f4\u62d2\u7edd\u5411\u5176\u4ed6\u6700\u7ec8\u7528\u6237\u63d0\u4f9b\u670d\u52a1\u3002\u6b64\u7c7b\u5173\u952e\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a root\uff0c\u7ec4\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a barbican\u3002\u6b64\u5916\uff0c\u5305\u542b\u76ee\u5f55\u5e94\u5177\u6709\u76f8\u540c\u7684\u6240\u6709\u6743\uff0c\u4ee5\u786e\u4fdd\u6b63\u786e\u62e5\u6709\u65b0\u6587\u4ef6\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%U %G\" /etc/barbican/barbican.conf | egrep \"root barbican\" $ stat -L -c \"%U %G\" /etc/barbican/barbican-api-paste.ini | egrep \"root barbican\" $ stat -L -c \"%U %G\" /etc/barbican/policy.json | egrep \"root barbican\" $ stat -L -c \"%U %G\" /etc/barbican | egrep \"root barbican\" \u901a\u8fc7\uff1a\u5982\u679c\u6240\u6709\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u5206\u522b\u8bbe\u7f6e\u4e3a root \u548c barbican\u3002\u4e0a\u9762\u7684\u547d\u4ee4\u663e\u793a\u4e86 root / barbican \u7684\u8f93\u51fa\u3002 \u5931\u8d25\uff1a\u5982\u679c\u4e0a\u8ff0\u547d\u4ee4\u672a\u8fd4\u56de\u4efb\u4f55\u8f93\u51fa\uff0c\u5219\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u53ef\u80fd\u5df2\u8bbe\u7f6e\u4e3a\u9664 root \u4ee5\u5916\u7684\u4efb\u4f55\u7528\u6237\u6216\u9664 barbican \u4ee5\u5916\u7684\u4efb\u4f55\u7ec4\u3002","title":"Check-Key-Manager-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/barbican\uff1f"},{"location":"security/security-guide/#check-key-manager-02","text":"\u4e0e\u524d\u9762\u7684\u68c0\u67e5\u7c7b\u4f3c\uff0c\u6211\u4eec\u5efa\u8bae\u4e3a\u6b64\u7c7b\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e25\u683c\u7684\u8bbf\u95ee\u6743\u9650\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%a\" /etc/barbican/barbican.conf $ stat -L -c \"%a\" /etc/barbican/barbican-api-paste.ini $ stat -L -c \"%a\" /etc/barbican/policy.json $ stat -L -c \"%a\" /etc/barbican \u8fd8\u53ef\u4ee5\u8fdb\u884c\u66f4\u5e7f\u6cdb\u7684\u9650\u5236\uff1a\u5982\u679c\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\uff0c\u5219\u4fdd\u8bc1\u6b64\u76ee\u5f55\u4e2d\u65b0\u521b\u5efa\u7684\u6587\u4ef6\u5177\u6709\u6240\u9700\u7684\u6743\u9650\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u6743\u9650\u8bbe\u7f6e\u4e3a 640 \u6216\u66f4\u4e25\u683c\uff0c\u6216\u8005\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\u3002640 \u7684\u6743\u9650\u8f6c\u6362\u4e3a\u6240\u6709\u8005 r/w\u3001\u7ec4 r\uff0c\u800c\u5bf9\u5176\u4ed6\u4eba\u6ca1\u6709\u6743\u9650\uff0c\u4f8b\u5982\u201cu=rw\uff0cg=r\uff0co=\u201d\u3002 \u6ce8\u610f \u4f7f\u7528 Check-Key-Manager-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/barbican\uff1f\u6743\u9650\u8bbe\u7f6e\u4e3a 640\uff0croot \u5177\u6709\u8bfb/\u5199\u8bbf\u95ee\u6743\u9650\uff0cBarbican \u5177\u6709\u5bf9\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u8bfb\u53d6\u8bbf\u95ee\u6743\u9650\u3002\u4e5f\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u9a8c\u8bc1\u8bbf\u95ee\u6743\u9650\u3002\u4ec5\u5f53\u6b64\u547d\u4ee4\u652f\u6301 ACL \u65f6\uff0c\u5b83\u624d\u5728\u60a8\u7684\u7cfb\u7edf\u4e0a\u53ef\u7528\u3002 $ getfacl --tabular -a /etc/barbican/barbican.conf getfacl: Removing leading '/' from absolute path names # file: etc/barbican/barbican.conf USER root rw- GROUP barbican r-- mask r-- other --- \u5931\u8d25\uff1a\u5982\u679c\u6743\u9650\u8bbe\u7f6e\u5927\u4e8e 640\u3002","title":"Check-Key-Manager-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f"},{"location":"security/security-guide/#check-key-manager-03openstack-identity","text":"OpenStack \u652f\u6301\u5404\u79cd\u8eab\u4efd\u9a8c\u8bc1\u7b56\u7565\uff0c\u5982 noauth \u548c keystone \u3002\u5982\u679c\u4f7f\u7528\u8be5 noauth \u7b56\u7565\uff0c\u5219\u7528\u6237\u65e0\u9700\u4efb\u4f55\u8eab\u4efd\u9a8c\u8bc1\u5373\u53ef\u4e0e OpenStack \u670d\u52a1\u8fdb\u884c\u4ea4\u4e92\u3002\u8fd9\u53ef\u80fd\u662f\u4e00\u4e2a\u6f5c\u5728\u7684\u98ce\u9669\uff0c\u56e0\u4e3a\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u83b7\u5f97\u5bf9 OpenStack \u7ec4\u4ef6\u7684\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002\u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\u6240\u6709\u670d\u52a1\u90fd\u5fc5\u987b\u4f7f\u7528\u5176\u670d\u52a1\u5e10\u6237\u901a\u8fc7 keystone \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 authtoken \u5217\u5728 \u4e2d\u7684 pipeline:barbican-api-keystone barbican-api-paste.ini \u90e8\u5206\u4e0b\u3002 \u5931\u8d25\uff1a\u5982\u679c \u4e2d\u7684 pipeline:barbican-api-keystone barbican-api-paste.ini \u90e8\u5206\u4e0b\u7f3a\u5c11\u8be5\u53c2\u6570 authtoken \u3002","title":"Check-Key-Manager-03\uff1aOpenStack Identity \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f"},{"location":"security/security-guide/#check-key-manager-04-tls","text":"OpenStack \u7ec4\u4ef6\u4f7f\u7528\u5404\u79cd\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\uff0c\u901a\u4fe1\u53ef\u80fd\u6d89\u53ca\u654f\u611f\u6216\u673a\u5bc6\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5c1d\u8bd5\u7a83\u542c\u9891\u9053\u4ee5\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u6240\u6709\u7ec4\u4ef6\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in /etc/barbican/barbican.conf \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a Identity API \u7aef\u70b9\u5f00\u5934\uff0c https:// \u5e76\u4e14 same /etc/barbican/barbican.conf \u4e2d\u540c\u4e00 [keystone_authtoken] \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri insecure \u503c\u8bbe\u7f6e\u4e3a False \u3002 \u5931\u8d25\uff1a\u5982\u679c in /etc/barbican/barbican.conf \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri \u503c\u672a\u8bbe\u7f6e\u4e3a\u4ee5 \u5f00\u5934\u7684\u8eab\u4efd API \u7aef\u70b9\uff0c https:// \u6216\u8005\u540c\u4e00 /etc/barbican/barbican.conf \u90e8\u5206\u4e2d\u7684\u53c2\u6570 insecure [keystone_authtoken] \u503c\u8bbe\u7f6e\u4e3a True \u3002","title":"Check-Key-Manager-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f"},{"location":"security/security-guide/#_228","text":"\u6d88\u606f\u961f\u5217\u670d\u52a1\u4fc3\u8fdb\u4e86 OpenStack \u4e2d\u7684\u8fdb\u7a0b\u95f4\u901a\u4fe1\u3002OpenStack \u652f\u6301\u4ee5\u4e0b\u6d88\u606f\u961f\u5217\u670d\u52a1\u540e\u7aef\uff1a RabbitMQ Qpid ZeroMQ \u6216 0MQ RabbitMQ \u548c Qpid \u90fd\u662f\u9ad8\u7ea7\u6d88\u606f\u961f\u5217\u534f\u8bae \uff08AMQP\uff09 \u6846\u67b6\uff0c\u5b83\u4eec\u4e3a\u70b9\u5bf9\u70b9\u901a\u4fe1\u63d0\u4f9b\u6d88\u606f\u961f\u5217\u3002\u961f\u5217\u5b9e\u73b0\u901a\u5e38\u90e8\u7f72\u4e3a\u96c6\u4e2d\u5f0f\u6216\u5206\u6563\u5f0f\u961f\u5217\u670d\u52a1\u5668\u6c60\u3002ZeroMQ \u901a\u8fc7 TCP \u5957\u63a5\u5b57\u63d0\u4f9b\u76f4\u63a5\u7684\u70b9\u5bf9\u70b9\u901a\u4fe1\u3002 \u6d88\u606f\u961f\u5217\u6709\u6548\u5730\u4fc3\u8fdb\u4e86\u8de8 OpenStack \u90e8\u7f72\u7684\u547d\u4ee4\u548c\u63a7\u5236\u529f\u80fd\u3002\u4e00\u65e6\u5141\u8bb8\u8bbf\u95ee\u961f\u5217\uff0c\u5c31\u4e0d\u4f1a\u6267\u884c\u8fdb\u4e00\u6b65\u7684\u6388\u6743\u68c0\u67e5\u3002\u53ef\u901a\u8fc7\u961f\u5217\u8bbf\u95ee\u7684\u670d\u52a1\u4f1a\u9a8c\u8bc1\u5b9e\u9645\u6d88\u606f\u8d1f\u8f7d\u4e2d\u7684\u4e0a\u4e0b\u6587\u548c\u4ee4\u724c\u3002\u4f46\u662f\uff0c\u60a8\u5fc5\u987b\u6ce8\u610f\u4ee4\u724c\u7684\u5230\u671f\u65e5\u671f\uff0c\u56e0\u4e3a\u4ee4\u724c\u53ef\u80fd\u53ef\u91cd\u64ad\uff0c\u5e76\u4e14\u53ef\u4ee5\u6388\u6743\u57fa\u7840\u7ed3\u6784\u4e2d\u7684\u5176\u4ed6\u670d\u52a1\u3002 OpenStack \u4e0d\u652f\u6301\u6d88\u606f\u7ea7\u522b\u7684\u5b89\u5168\u6027\uff0c\u4f8b\u5982\u6d88\u606f\u7b7e\u540d\u3002\u56e0\u6b64\uff0c\u60a8\u5fc5\u987b\u5bf9\u6d88\u606f\u4f20\u8f93\u672c\u8eab\u8fdb\u884c\u5b89\u5168\u548c\u8eab\u4efd\u9a8c\u8bc1\u3002\u5bf9\u4e8e\u9ad8\u53ef\u7528\u6027 \uff08HA\uff09 \u914d\u7f6e\uff0c\u60a8\u5fc5\u987b\u6267\u884c\u961f\u5217\u5bf9\u961f\u5217\u7684\u8eab\u4efd\u9a8c\u8bc1\u548c\u52a0\u5bc6\u3002 \u901a\u8fc7 ZeroMQ \u6d88\u606f\u4f20\u9012\uff0cIPC \u5957\u63a5\u5b57\u5728\u5355\u4e2a\u673a\u5668\u4e0a\u4f7f\u7528\u3002\u7531\u4e8e\u8fd9\u4e9b\u5957\u63a5\u5b57\u5bb9\u6613\u53d7\u5230\u653b\u51fb\uff0c\u56e0\u6b64\u8bf7\u786e\u4fdd\u4e91\u8fd0\u8425\u5546\u5df2\u4fdd\u62a4\u5b83\u4eec\u3002 \u6d88\u606f\u5b89\u5168 \u6d88\u606f\u4f20\u8f93\u5b89\u5168 \u961f\u5217\u8eab\u4efd\u9a8c\u8bc1\u548c\u8bbf\u95ee\u63a7\u5236 \u6d88\u606f\u961f\u5217\u8fdb\u7a0b\u9694\u79bb\u548c\u7b56\u7565","title":"\u6d88\u606f\u961f\u5217"},{"location":"security/security-guide/#_229","text":"\u672c\u8282\u8ba8\u8bba OpenStack \u4e2d\u4f7f\u7528\u7684\u4e09\u79cd\u6700\u5e38\u89c1\u7684\u6d88\u606f\u961f\u5217\u89e3\u51b3\u65b9\u6848\u7684\u5b89\u5168\u5f3a\u5316\u65b9\u6cd5\uff1aRabbitMQ\u3001Qpid \u548c ZeroMQ\u3002","title":"\u6d88\u606f\u5b89\u5168"},{"location":"security/security-guide/#_230","text":"\u57fa\u4e8e AMQP \u7684\u89e3\u51b3\u65b9\u6848\uff08Qpid \u548c RabbitMQ\uff09\u652f\u6301\u4f7f\u7528 TLS \u7684\u4f20\u8f93\u7ea7\u5b89\u5168\u6027\u3002ZeroMQ \u6d88\u606f\u4f20\u9012\u672c\u8eab\u4e0d\u652f\u6301 TLS\uff0c\u4f46\u4f7f\u7528\u6807\u8bb0\u7684 IPsec \u6216 CIPSO \u7f51\u7edc\u6807\u7b7e\u53ef\u4ee5\u5b9e\u73b0\u4f20\u8f93\u7ea7\u5b89\u5168\u6027\u3002 \u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\u4e3a\u60a8\u7684\u6d88\u606f\u961f\u5217\u542f\u7528\u4f20\u8f93\u7ea7\u52a0\u5bc6\u3002\u5c06 TLS \u7528\u4e8e\u6d88\u606f\u4f20\u9012\u5ba2\u6237\u7aef\u8fde\u63a5\u53ef\u4ee5\u4fdd\u62a4\u901a\u4fe1\u5728\u4f20\u8f93\u5230\u6d88\u606f\u4f20\u9012\u670d\u52a1\u5668\u7684\u8fc7\u7a0b\u4e2d\u4e0d\u88ab\u7be1\u6539\u548c\u7a83\u542c\u3002\u4ee5\u4e0b\u662f\u6709\u5173\u5982\u4f55\u4e3a\u4e24\u4e2a\u5e38\u7528\u6d88\u606f\u4f20\u9012\u670d\u52a1\u5668 Qpid \u548c RabbitMQ \u914d\u7f6e TLS \u7684\u6307\u5357\u3002\u5728\u914d\u7f6e\u6d88\u606f\u4f20\u9012\u670d\u52a1\u5668\u7528\u4e8e\u9a8c\u8bc1\u5ba2\u6237\u673a\u8fde\u63a5\u7684\u53ef\u4fe1\u8bc1\u4e66\u9881\u53d1\u673a\u6784 \uff08CA\uff09 \u6346\u7ed1\u8f6f\u4ef6\u65f6\uff0c\u5efa\u8bae\u4ec5\u5c06\u5176\u9650\u5236\u4e3a\u7528\u4e8e\u8282\u70b9\u7684 CA\uff0c\u6700\u597d\u662f\u5185\u90e8\u7ba1\u7406\u7684 CA\u3002\u53d7\u4fe1\u4efb\u7684 CA \u6346\u7ed1\u5305\u5c06\u786e\u5b9a\u54ea\u4e9b\u5ba2\u6237\u7aef\u8bc1\u4e66\u5c06\u83b7\u5f97\u6388\u6743\uff0c\u5e76\u901a\u8fc7\u8bbe\u7f6e TLS \u8fde\u63a5\u7684\u5ba2\u6237\u7aef-\u670d\u52a1\u5668\u9a8c\u8bc1\u6b65\u9aa4\u3002\u8bf7\u6ce8\u610f\uff0c\u5728\u5b89\u88c5\u8bc1\u4e66\u548c\u5bc6\u94a5\u6587\u4ef6\u65f6\uff0c\u8bf7\u786e\u4fdd\u6587\u4ef6\u6743\u9650\u53d7\u5230\u9650\u5236\uff0c\u4f8b\u5982\u4f7f\u7528 chmod 0600 \uff0c\u5e76\u4e14\u6240\u6709\u6743\u9650\u5236\u4e3a\u6d88\u606f\u4f20\u9012\u670d\u52a1\u5668\u5b88\u62a4\u7a0b\u5e8f\u7528\u6237\uff0c\u4ee5\u9632\u6b62\u6d88\u606f\u4f20\u9012\u670d\u52a1\u5668\u4e0a\u7684\u5176\u4ed6\u8fdb\u7a0b\u548c\u7528\u6237\u8fdb\u884c\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002","title":"\u6d88\u606f\u4f20\u8f93\u5b89\u5168"},{"location":"security/security-guide/#rabbitmq-ssl","text":"\u5e94\u5c06\u4ee5\u4e0b\u884c\u6dfb\u52a0\u5230\u7cfb\u7edf\u8303\u56f4\u7684 RabbitMQ \u914d\u7f6e\u6587\u4ef6\u4e2d\uff0c\u901a\u5e38 /etc/rabbitmq/rabbitmq.config \uff1a [ {rabbit, [ {tcp_listeners, [] }, {ssl_listeners, [{\"<IP address or hostname of management network interface>\", 5671}] }, {ssl_options, [{cacertfile,\"/etc/ssl/cacert.pem\"}, {certfile,\"/etc/ssl/rabbit-server-cert.pem\"}, {keyfile,\"/etc/ssl/rabbit-server-key.pem\"}, {verify,verify_peer}, {fail_if_no_peer_cert,true}]} ]} ]. \u8bf7\u6ce8\u610f\uff0c\u8be5 tcp_listeners \u9009\u9879\u8bbe\u7f6e\u4e3a [] \u963b\u6b62\u5b83\u4fa6\u542c\u975e SSL \u7aef\u53e3\u3002\u5e94\u5c06\u8be5 ssl_listeners \u9009\u9879\u9650\u5236\u4e3a\u4ec5\u5728\u7ba1\u7406\u7f51\u7edc\u4e0a\u4fa6\u542c\u670d\u52a1\u3002 \u6709\u5173 RabbitMQ SSL \u914d\u7f6e\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\uff1a RabbitMQ \u914d\u7f6e RabbitMQ SSL\u534f\u8bae","title":"RabbitMQ \u670d\u52a1\u5668 SSL \u914d\u7f6e"},{"location":"security/security-guide/#qpid-ssl","text":"Apache \u57fa\u91d1\u4f1a\u4e3a Qpid \u63d0\u4f9b\u4e86\u6d88\u606f\u4f20\u9012\u5b89\u5168\u6307\u5357\u3002\u8bf7\u53c2\u9605\uff1a Apache Qpid SSL","title":"Qpid \u670d\u52a1\u5668 SSL \u914d\u7f6e"},{"location":"security/security-guide/#_231","text":"RabbitMQ \u548c Qpid \u63d0\u4f9b\u8eab\u4efd\u9a8c\u8bc1\u548c\u8bbf\u95ee\u63a7\u5236\u673a\u5236\uff0c\u7528\u4e8e\u63a7\u5236\u5bf9\u961f\u5217\u7684\u8bbf\u95ee\u3002ZeroMQ \u4e0d\u63d0\u4f9b\u6b64\u7c7b\u673a\u5236\u3002 \u7b80\u5355\u8eab\u4efd\u9a8c\u8bc1\u548c\u5b89\u5168\u5c42 \uff08SASL\uff09 \u662f Internet \u534f\u8bae\u4e2d\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\u548c\u6570\u636e\u5b89\u5168\u7684\u6846\u67b6\u3002RabbitMQ \u548c Qpid \u90fd\u63d0\u4f9b SASL \u548c\u5176\u4ed6\u53ef\u63d2\u5165\u7684\u8eab\u4efd\u9a8c\u8bc1\u673a\u5236\uff0c\u800c\u4e0d\u4ec5\u4ec5\u662f\u7b80\u5355\u7684\u7528\u6237\u540d\u548c\u5bc6\u7801\uff0c\u4ece\u800c\u53ef\u4ee5\u63d0\u9ad8\u8eab\u4efd\u9a8c\u8bc1\u5b89\u5168\u6027\u3002\u867d\u7136 RabbitMQ \u652f\u6301 SASL\uff0c\u4f46 OpenStack \u4e2d\u7684\u652f\u6301\u76ee\u524d\u4e0d\u5141\u8bb8\u8bf7\u6c42\u7279\u5b9a\u7684 SASL \u8eab\u4efd\u9a8c\u8bc1\u673a\u5236\u3002OpenStack \u4e2d\u7684 RabbitMQ \u652f\u6301\u5141\u8bb8\u901a\u8fc7\u672a\u52a0\u5bc6\u7684\u8fde\u63a5\u8fdb\u884c\u7528\u6237\u540d\u548c\u5bc6\u7801\u8eab\u4efd\u9a8c\u8bc1\uff0c\u6216\u8005\u5c06\u7528\u6237\u540d\u548c\u5bc6\u7801\u4e0e X.509 \u5ba2\u6237\u7aef\u8bc1\u4e66\u7ed3\u5408\u4f7f\u7528\uff0c\u4ee5\u5efa\u7acb\u5b89\u5168\u7684 TLS \u8fde\u63a5\u3002 \u6211\u4eec\u5efa\u8bae\u5728\u6240\u6709 OpenStack \u670d\u52a1\u8282\u70b9\u4e0a\u914d\u7f6e X.509 \u5ba2\u6237\u7aef\u8bc1\u4e66\uff0c\u4ee5\u4fbf\u5ba2\u6237\u7aef\u8fde\u63a5\u5230\u6d88\u606f\u4f20\u9012\u961f\u5217\uff0c\u5e76\u5728\u53ef\u80fd\u7684\u60c5\u51b5\u4e0b\uff08\u76ee\u524d\u4ec5 Qpid\uff09\u4f7f\u7528 X.509 \u5ba2\u6237\u7aef\u8bc1\u4e66\u6267\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u4f7f\u7528\u7528\u6237\u540d\u548c\u5bc6\u7801\u65f6\uff0c\u5e94\u6309\u670d\u52a1\u548c\u8282\u70b9\u521b\u5efa\u5e10\u6237\uff0c\u4ee5\u4fbf\u5bf9\u961f\u5217\u7684\u8bbf\u95ee\u8fdb\u884c\u66f4\u7cbe\u7ec6\u7684\u53ef\u5ba1\u6838\u6027\u3002 \u5728\u90e8\u7f72\u4e4b\u524d\uff0c\u8bf7\u8003\u8651\u6392\u961f\u670d\u52a1\u5668\u4f7f\u7528\u7684 TLS \u5e93\u3002Qpid \u4f7f\u7528 Mozilla \u7684 NSS \u5e93\uff0c\u800c RabbitMQ \u4f7f\u7528 Erlang \u7684 TLS \u6a21\u5757\uff0c\u8be5\u6a21\u5757\u4f7f\u7528 OpenSSL\u3002","title":"\u961f\u5217\u8ba4\u8bc1\u548c\u8bbf\u95ee\u63a7\u5236"},{"location":"security/security-guide/#rabbitmq","text":"\u5728 RabbitMQ \u670d\u52a1\u5668\u4e0a\uff0c\u5220\u9664\u9ed8\u8ba4 guest \u7528\u6237\uff1a # rabbitmqctl delete_user guest \u5728 RabbitMQ \u670d\u52a1\u5668\u4e0a\uff0c\u5bf9\u4e8e\u4e0e\u6d88\u606f\u961f\u5217\u901a\u4fe1\u7684\u6bcf\u4e2a OpenStack \u670d\u52a1\u6216\u8282\u70b9\uff0c\u8bf7\u8bbe\u7f6e\u7528\u6237\u5e10\u6237\u548c\u6743\u9650\uff1a # rabbitmqctl add_user compute01 RABBIT_PASS # rabbitmqctl set_permissions compute01 \".*\" \".*\" \".*\" \u5c06RABBIT_PASS\u66ff\u6362\u4e3a\u5408\u9002\u7684\u5bc6\u7801\u3002 \u6709\u5173\u5176\u4ed6\u914d\u7f6e\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\uff1a RabbitMQ \u8bbf\u95ee\u63a7\u5236 RabbitMQ \u8eab\u4efd\u9a8c\u8bc1 RabbitMQ \u63d2\u4ef6 RabbitMQ SASL \u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1","title":"\u8eab\u4efd\u9a8c\u8bc1\u914d\u7f6e\u793a\u4f8b\uff1aRabbitMQ"},{"location":"security/security-guide/#openstack-rabbitmq","text":"[DEFAULT] rpc_backend = nova.openstack.common.rpc.impl_kombu rabbit_use_ssl = True rabbit_host = RABBIT_HOST rabbit_port = 5671 rabbit_user = compute01 rabbit_password = RABBIT_PASS kombu_ssl_keyfile = /etc/ssl/node-key.pem kombu_ssl_certfile = /etc/ssl/node-cert.pem kombu_ssl_ca_certs = /etc/ssl/cacert.pem","title":"OpenStack \u670d\u52a1\u914d\u7f6e\uff1aRabbitMQ"},{"location":"security/security-guide/#qpid","text":"\u6709\u5173\u914d\u7f6e\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\uff1a Apache Qpid \u8eab\u4efd\u9a8c\u8bc1 Apache Qpid \u6388\u6743","title":"\u8eab\u4efd\u9a8c\u8bc1\u914d\u7f6e\u793a\u4f8b\uff1aQpid"},{"location":"security/security-guide/#openstack-qpid","text":"[DEFAULT] rpc_backend = nova.openstack.common.rpc.impl_qpid qpid_protocol = ssl qpid_hostname = <IP or hostname of management network interface of messaging server> qpid_port = 5671 qpid_username = compute01 qpid_password = QPID_PASS \uff08\u53ef\u9009\uff09\u5982\u679c\u5c06 SASL \u4e0e Qpid \u4e00\u8d77\u4f7f\u7528\uff0c\u8bf7\u901a\u8fc7\u6dfb\u52a0\u4ee5\u4e0b\u5185\u5bb9\u6765\u6307\u5b9a\u6b63\u5728\u4f7f\u7528\u7684 SASL \u673a\u5236\uff1a qpid_sasl_mechanisms = <space separated list of SASL mechanisms to use for auth>","title":"OpenStack \u670d\u52a1\u914d\u7f6e\uff1aQpid"},{"location":"security/security-guide/#_232","text":"\u6bcf\u4e2a\u9879\u76ee\u90fd\u63d0\u4f9b\u4e86\u8bb8\u591a\u53d1\u9001\u548c\u4f7f\u7528\u6d88\u606f\u7684\u670d\u52a1\u3002\u6bcf\u4e2a\u53d1\u9001\u6d88\u606f\u7684\u4e8c\u8fdb\u5236\u6587\u4ef6\u90fd\u5e94\u8be5\u4f7f\u7528\u961f\u5217\u4e2d\u7684\u6d88\u606f\uff0c\u5982\u679c\u53ea\u662f\u56de\u590d\u7684\u8bdd\u3002 \u6d88\u606f\u961f\u5217\u670d\u52a1\u8fdb\u7a0b\u5e94\u5f7c\u6b64\u9694\u79bb\uff0c\u5e76\u5e94\u4e0e\u8ba1\u7b97\u673a\u4e0a\u7684\u5176\u4ed6\u8fdb\u7a0b\u9694\u79bb\u3002","title":"\u6d88\u606f\u961f\u5217\u8fdb\u7a0b\u9694\u79bb\u548c\u7b56\u7565"},{"location":"security/security-guide/#_233","text":"\u5f3a\u70c8\u5efa\u8bae\u5728 OpenStack Compute Hypervisor \u4e0a\u8fd0\u884c\u7684\u6240\u6709\u670d\u52a1\u4f7f\u7528\u7f51\u7edc\u547d\u540d\u7a7a\u95f4\u3002\u8fd9\u5c06\u6709\u52a9\u4e8e\u9632\u6b62 VM \u6765\u5bbe\u548c\u7ba1\u7406\u7f51\u7edc\u4e4b\u95f4\u7684\u7f51\u7edc\u6d41\u91cf\u6865\u63a5\u3002 \u4f7f\u7528 ZeroMQ \u6d88\u606f\u4f20\u9012\u65f6\uff0c\u6bcf\u4e2a\u4e3b\u673a\u5fc5\u987b\u81f3\u5c11\u8fd0\u884c\u4e00\u4e2a ZeroMQ \u6d88\u606f\u63a5\u6536\u5668\uff0c\u4ee5\u63a5\u6536\u6765\u81ea\u7f51\u7edc\u7684\u6d88\u606f\u5e76\u901a\u8fc7 IPC \u5c06\u6d88\u606f\u8f6c\u53d1\u5230\u672c\u5730\u8fdb\u7a0b\u3002\u5728 IPC \u547d\u540d\u7a7a\u95f4\u4e2d\u4e3a\u6bcf\u4e2a\u9879\u76ee\u8fd0\u884c\u4e00\u4e2a\u72ec\u7acb\u7684\u6d88\u606f\u63a5\u6536\u5668\u662f\u53ef\u80fd\u7684\uff0c\u4e5f\u662f\u53ef\u53d6\u7684\uff0c\u4ee5\u53ca\u540c\u4e00\u9879\u76ee\u4e2d\u7684\u5176\u4ed6\u670d\u52a1\u3002","title":"\u547d\u540d\u7a7a\u95f4"},{"location":"security/security-guide/#_234","text":"\u961f\u5217\u670d\u52a1\u5668\u5e94\u4ec5\u63a5\u53d7\u6765\u81ea\u7ba1\u7406\u7f51\u7edc\u7684\u8fde\u63a5\u3002\u8fd9\u9002\u7528\u4e8e\u6240\u6709\u5b9e\u73b0\u3002\u8fd9\u5e94\u901a\u8fc7\u670d\u52a1\u914d\u7f6e\u6765\u5b9e\u73b0\uff0c\u5e76\u53ef\u9009\u62e9\u901a\u8fc7\u5168\u5c40\u7f51\u7edc\u7b56\u7565\u5f3a\u5236\u5b9e\u65bd\u3002 \u4f7f\u7528 ZeroMQ \u6d88\u606f\u4f20\u9012\u65f6\uff0c\u6bcf\u4e2a\u9879\u76ee\u90fd\u5e94\u5728\u4e13\u7528\u4e8e\u5c5e\u4e8e\u8be5\u9879\u76ee\u7684\u670d\u52a1\u7684\u7aef\u53e3\u4e0a\u8fd0\u884c\u5355\u72ec\u7684 ZeroMQ \u63a5\u6536\u65b9\u8fdb\u7a0b\u3002\u8fd9\u76f8\u5f53\u4e8e AMQP \u7684\u63a7\u5236\u4ea4\u6362\u6982\u5ff5\u3002","title":"\u7f51\u7edc\u7b56\u7565"},{"location":"security/security-guide/#_235","text":"\u4f7f\u7528\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236 \uff08MAC\uff09 \u548c\u81ea\u7531\u8bbf\u95ee\u63a7\u5236 \uff08DAC\uff09 \u5c06\u8fdb\u7a0b\u7684\u914d\u7f6e\u9650\u5236\u4e3a\u4ec5\u8fd9\u4e9b\u8fdb\u7a0b\u3002\u6b64\u9650\u5236\u53ef\u9632\u6b62\u8fd9\u4e9b\u8fdb\u7a0b\u4e0e\u5728\u540c\u4e00\u53f0\u8ba1\u7b97\u673a\u4e0a\u8fd0\u884c\u7684\u5176\u4ed6\u8fdb\u7a0b\u9694\u79bb\u3002","title":"\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236"},{"location":"security/security-guide/#_236","text":"\u6570\u636e\u5904\u7406\u670d\u52a1\uff08sahara\uff09\u63d0\u4f9b\u4e86\u4e00\u4e2a\u5e73\u53f0\uff0c\u7528\u4e8e\u4f7f\u7528Hadoop\u548cSpark\u7b49\u5904\u7406\u6846\u67b6\u6765\u914d\u7f6e\u548c\u7ba1\u7406\u5b9e\u4f8b\u96c6\u7fa4\u3002\u901a\u8fc7 OpenStack Dashboard \u6216 REST API\uff0c\u7528\u6237\u80fd\u591f\u4e0a\u4f20\u548c\u6267\u884c\u6846\u67b6\u5e94\u7528\u7a0b\u5e8f\uff0c\u8fd9\u4e9b\u5e94\u7528\u7a0b\u5e8f\u53ef\u4ee5\u8bbf\u95ee\u5bf9\u8c61\u5b58\u50a8\u6216\u5916\u90e8\u63d0\u4f9b\u7a0b\u5e8f\u4e2d\u7684\u6570\u636e\u3002\u6570\u636e\u5904\u7406\u63a7\u5236\u5668\u4f7f\u7528\u7f16\u6392\u670d\u52a1 \uff08heat\uff09 \u521b\u5efa\u5b9e\u4f8b\u96c6\u7fa4\uff0c\u8fd9\u4e9b\u96c6\u7fa4\u53ef\u4ee5\u4f5c\u4e3a\u957f\u671f\u8fd0\u884c\u7684\u7ec4\u5b58\u5728\uff0c\u8fd9\u4e9b\u7ec4\u53ef\u4ee5\u6839\u636e\u8bf7\u6c42\u8fdb\u884c\u6269\u5c55\u548c\u6536\u7f29\uff0c\u4e5f\u53ef\u4ee5\u4f5c\u4e3a\u4e3a\u5355\u4e2a\u5de5\u4f5c\u8d1f\u8f7d\u521b\u5efa\u7684\u77ac\u6001\u7ec4\u5b58\u5728\u3002 \u6570\u636e\u5904\u7406\u7b80\u4ecb \u67b6\u6784 \u6d89\u53ca\u7684\u6280\u672f \u7528\u6237\u5bf9\u8d44\u6e90\u7684\u8bbf\u95ee\u6743\u9650 \u90e8\u7f72 \u63a7\u5236\u5668\u5bf9\u96c6\u7fa4\u7684\u7f51\u7edc\u8bbf\u95ee \u914d\u7f6e\u548c\u5f3a\u5316 TLS \u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236\u7b56\u7565 \u5b89\u5168\u7ec4 \u4ee3\u7406\u57df \u81ea\u5b9a\u4e49\u7f51\u7edc\u62d3\u6251 \u95f4\u63a5\u8bbf\u95ee \u6839\u5305\u88c5 \u65e5\u5fd7\u8bb0\u5f55 \u53c2\u8003\u4e66\u76ee","title":"\u6570\u636e\u5904\u7406"},{"location":"security/security-guide/#_237","text":"\u6570\u636e\u5904\u7406\u670d\u52a1\u63a7\u5236\u5668\u5c06\u8d1f\u8d23\u521b\u5efa\u3001\u7ef4\u62a4\u548c\u9500\u6bc1\u4e3a\u5176\u96c6\u7fa4\u521b\u5efa\u7684\u4efb\u4f55\u5b9e\u4f8b\u3002\u63a7\u5236\u5668\u5c06\u4f7f\u7528\u7f51\u7edc\u670d\u52a1\u5728\u81ea\u8eab\u548c\u96c6\u7fa4\u5b9e\u4f8b\u4e4b\u95f4\u5efa\u7acb\u7f51\u7edc\u8def\u5f84\u3002\u5b83\u8fd8\u5c06\u7ba1\u7406\u8981\u5728\u96c6\u7fa4\u4e0a\u8fd0\u884c\u7684\u7528\u6237\u5e94\u7528\u7a0b\u5e8f\u7684\u90e8\u7f72\u548c\u751f\u547d\u5468\u671f\u3002\u96c6\u7fa4\u4e2d\u7684\u5b9e\u4f8b\u5305\u542b\u6846\u67b6\u5904\u7406\u5f15\u64ce\u7684\u6838\u5fc3\uff0c\u6570\u636e\u5904\u7406\u670d\u52a1\u63d0\u4f9b\u4e86\u591a\u4e2a\u9009\u9879\u6765\u521b\u5efa\u548c\u7ba1\u7406\u4e0e\u8fd9\u4e9b\u5b9e\u4f8b\u7684\u8fde\u63a5\u3002 \u6570\u636e\u5904\u7406\u8d44\u6e90\uff08\u7fa4\u96c6\u3001\u4f5c\u4e1a\u548c\u6570\u636e\u6e90\uff09\u6309\u8eab\u4efd\u670d\u52a1\u4e2d\u5b9a\u4e49\u7684\u9879\u76ee\u8fdb\u884c\u5206\u9694\u3002\u8fd9\u4e9b\u8d44\u6e90\u5728\u9879\u76ee\u4e2d\u5171\u4eab\uff0c\u4e86\u89e3\u4f7f\u7528\u8be5\u670d\u52a1\u7684\u4eba\u5458\u7684\u8bbf\u95ee\u9700\u6c42\u975e\u5e38\u91cd\u8981\u3002\u901a\u8fc7\u4f7f\u7528\u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236\uff0c\u53ef\u4ee5\u8fdb\u4e00\u6b65\u9650\u5236\u9879\u76ee\u4e2d\u7684\u6d3b\u52a8\uff08\u4f8b\u5982\u542f\u52a8\u96c6\u7fa4\u3001\u4e0a\u4f20\u4f5c\u4e1a\u7b49\uff09\u3002 \u5728\u672c\u7ae0\u4e2d\uff0c\u6211\u4eec\u5c06\u8ba8\u8bba\u5982\u4f55\u8bc4\u4f30\u6570\u636e\u5904\u7406\u7528\u6237\u5bf9\u5176\u5e94\u7528\u7a0b\u5e8f\u3001\u4ed6\u4eec\u4f7f\u7528\u7684\u6570\u636e\u4ee5\u53ca\u4ed6\u4eec\u5728\u9879\u76ee\u4e2d\u7684\u9884\u671f\u529f\u80fd\u7684\u9700\u6c42\u3002\u6211\u4eec\u8fd8\u5c06\u6f14\u793a\u670d\u52a1\u63a7\u5236\u5668\u53ca\u5176\u96c6\u7fa4\u7684\u4e00\u4e9b\u5f3a\u5316\u6280\u672f\uff0c\u5e76\u63d0\u4f9b\u5404\u79cd\u63a7\u5236\u5668\u914d\u7f6e\u548c\u7528\u6237\u7ba1\u7406\u65b9\u6cd5\u7684\u793a\u4f8b\uff0c\u4ee5\u786e\u4fdd\u8db3\u591f\u7684\u5b89\u5168\u548c\u9690\u79c1\u7ea7\u522b\u3002","title":"\u6570\u636e\u5904\u7406\u7b80\u4ecb"},{"location":"security/security-guide/#_238","text":"\u4e0b\u56fe\u663e\u793a\u4e86\u6570\u636e\u5904\u7406\u670d\u52a1\u5982\u4f55\u9002\u5e94\u66f4\u5927\u7684 OpenStack \u751f\u6001\u7cfb\u7edf\u7684\u6982\u5ff5\u89c6\u56fe\u3002 \u6570\u636e\u5904\u7406\u670d\u52a1\u5728\u96c6\u7fa4\u914d\u7f6e\u8fc7\u7a0b\u4e2d\u5927\u91cf\u4f7f\u7528\u8ba1\u7b97\u3001\u7f16\u6392\u3001\u955c\u50cf\u548c\u5757\u5b58\u50a8\u670d\u52a1\u3002\u5b83\u8fd8\u5c06\u4f7f\u7528\u5728\u7fa4\u96c6\u521b\u5efa\u671f\u95f4\u63d0\u4f9b\u7684\u7531\u7f51\u7edc\u670d\u52a1\u521b\u5efa\u7684\u4e00\u4e2a\u6216\u591a\u4e2a\u7f51\u7edc\u6765\u7ba1\u7406\u5b9e\u4f8b\u3002\u5f53\u7528\u6237\u8fd0\u884c\u6846\u67b6\u5e94\u7528\u7a0b\u5e8f\u65f6\uff0c\u63a7\u5236\u5668\u548c\u96c6\u7fa4\u5c06\u8bbf\u95ee\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u3002\u9274\u4e8e\u8fd9\u4e9b\u670d\u52a1\u7528\u6cd5\uff0c\u6211\u4eec\u5efa\u8bae\u6309\u7167\u7cfb\u7edf\u6587\u6863\u4e2d\u6982\u8ff0\u7684\u8bf4\u660e\u5bf9\u5b89\u88c5\u7684\u6240\u6709\u7ec4\u4ef6\u8fdb\u884c\u7f16\u76ee\u3002","title":"\u67b6\u6784"},{"location":"security/security-guide/#_239","text":"\u6570\u636e\u5904\u7406\u670d\u52a1\u8d1f\u8d23\u90e8\u7f72\u548c\u7ba1\u7406\u591a\u4e2a\u5e94\u7528\u7a0b\u5e8f\u3002\u4e3a\u4e86\u5168\u9762\u4e86\u89e3\u6240\u63d0\u4f9b\u7684\u5b89\u5168\u9009\u9879\uff0c\u6211\u4eec\u5efa\u8bae\u64cd\u4f5c\u5458\u5927\u81f4\u719f\u6089\u8fd9\u4e9b\u5e94\u7528\u7a0b\u5e8f\u3002\u7a81\u51fa\u663e\u793a\u7684\u6280\u672f\u5217\u8868\u5206\u4e3a\u4e24\u90e8\u5206\uff1a\u7b2c\u4e00\u90e8\u5206\uff0c\u5bf9\u5b89\u5168\u6027\u5f71\u54cd\u8f83\u5927\u7684\u9ad8\u4f18\u5148\u7ea7\u5e94\u7528\u7a0b\u5e8f\uff0c\u7b2c\u4e8c\u90e8\u5206\uff0c\u652f\u6301\u5f71\u54cd\u8f83\u5c0f\u7684\u5e94\u7528\u7a0b\u5e8f\u3002 \u66f4\u9ad8\u7684\u5f71\u54cd Hadoop Hadoop\u5b89\u5168\u6a21\u5f0f\u6587\u6863 HDFS Spark Spark \u5b89\u5168 Storm Zookeeper \u8f83\u4f4e\u7684\u5f71\u54cd Oozie Hive Pig \u8fd9\u4e9b\u6280\u672f\u6784\u6210\u4e86\u4e0e\u6570\u636e\u5904\u7406\u670d\u52a1\u4e00\u8d77\u90e8\u7f72\u7684\u6846\u67b6\u7684\u6838\u5fc3\u3002\u9664\u4e86\u8fd9\u4e9b\u6280\u672f\u4e4b\u5916\uff0c\u8be5\u670d\u52a1\u8fd8\u5305\u62ec\u7b2c\u4e09\u65b9\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u6346\u7ed1\u6846\u67b6\u3002\u8fd9\u4e9b\u6346\u7ed1\u6846\u67b6\u662f\u4f7f\u7528\u4e0a\u8ff0\u76f8\u540c\u6838\u5fc3\u90e8\u5206\u4ee5\u53ca\u4f9b\u5e94\u5546\u5305\u542b\u7684\u914d\u7f6e\u548c\u5e94\u7528\u7a0b\u5e8f\u6784\u5efa\u7684\u3002\u6709\u5173\u7b2c\u4e09\u65b9\u6846\u67b6\u6346\u7ed1\u5305\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u4ee5\u4e0b\u94fe\u63a5\uff1a Cloudera CDH Hortonworks Data Platform MapR","title":"\u6d89\u53ca\u7684\u6280\u672f"},{"location":"security/security-guide/#_240","text":"\u6570\u636e\u5904\u7406\u670d\u52a1\u7684\u8d44\u6e90\uff08\u96c6\u7fa4\u3001\u4f5c\u4e1a\u548c\u6570\u636e\u6e90\uff09\u5728\u9879\u76ee\u8303\u56f4\u5185\u5171\u4eab\u3002\u5c3d\u7ba1\u5355\u4e2a\u63a7\u5236\u5668\u5b89\u88c5\u53ef\u4ee5\u7ba1\u7406\u591a\u7ec4\u8d44\u6e90\uff0c\u4f46\u8fd9\u4e9b\u8d44\u6e90\u7684\u8303\u56f4\u5c06\u9650\u5b9a\u4e3a\u5355\u4e2a\u9879\u76ee\u3002\u9274\u4e8e\u6b64\u9650\u5236\uff0c\u6211\u4eec\u5efa\u8bae\u5bc6\u5207\u76d1\u89c6\u9879\u76ee\u4e2d\u7684\u7528\u6237\u6210\u5458\u8eab\u4efd\uff0c\u4ee5\u4fdd\u6301\u8d44\u6e90\u7684\u9002\u5f53\u9694\u79bb\u3002 \u7531\u4e8e\u90e8\u7f72\u6b64\u670d\u52a1\u7684\u7ec4\u7ec7\u7684\u5b89\u5168\u8981\u6c42\u4f1a\u6839\u636e\u5176\u7279\u5b9a\u9700\u6c42\u800c\u6709\u6240\u4e0d\u540c\uff0c\u56e0\u6b64\u6211\u4eec\u5efa\u8bae\u8fd0\u8425\u5546\u5c06\u91cd\u70b9\u653e\u5728\u6570\u636e\u9690\u79c1\u3001\u96c6\u7fa4\u7ba1\u7406\u548c\u6700\u7ec8\u7528\u6237\u5e94\u7528\u7a0b\u5e8f\u4e0a\uff0c\u4f5c\u4e3a\u8bc4\u4f30\u7528\u6237\u9700\u6c42\u7684\u8d77\u70b9\u3002\u8fd9\u4e9b\u51b3\u7b56\u5c06\u6709\u52a9\u4e8e\u6307\u5bfc\u914d\u7f6e\u7528\u6237\u5bf9\u670d\u52a1\u7684\u8bbf\u95ee\u7684\u8fc7\u7a0b\u3002\u6709\u5173\u6570\u636e\u9690\u79c1\u7684\u6269\u5c55\u8ba8\u8bba\uff0c\u8bf7\u53c2\u9605\u79df\u6237\u6570\u636e\u9690\u79c1\u3002 \u6570\u636e\u5904\u7406\u5b89\u88c5\u7684\u9ed8\u8ba4\u5047\u8bbe\u662f\u7528\u6237\u5c06\u6709\u6743\u8bbf\u95ee\u5176\u9879\u76ee\u4e2d\u7684\u6240\u6709\u529f\u80fd\u3002\u5982\u679c\u9700\u8981\u66f4\u7cbe\u7ec6\u7684\u63a7\u5236\uff0c\u6570\u636e\u5904\u7406\u670d\u52a1\u4f1a\u63d0\u4f9b\u7b56\u7565\u6587\u4ef6\uff08\u5982\u7b56\u7565\u4e2d\u6240\u8ff0\uff09\u3002\u8fd9\u4e9b\u914d\u7f6e\u5c06\u9ad8\u5ea6\u4f9d\u8d56\u4e8e\u5b89\u88c5\u7ec4\u7ec7\u7684\u9700\u6c42\uff0c\u56e0\u6b64\u6ca1\u6709\u5173\u4e8e\u5176\u4f7f\u7528\u7684\u4e00\u822c\u5efa\u8bae\uff1a\u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236\u7b56\u7565\u3002","title":"\u7528\u6237\u8bbf\u95ee\u8d44\u6e90"},{"location":"security/security-guide/#_241","text":"\u4e0e\u8bb8\u591a\u5176\u4ed6 OpenStack \u670d\u52a1\u4e00\u6837\uff0c\u6570\u636e\u5904\u7406\u670d\u52a1\u88ab\u90e8\u7f72\u4e3a\u5728\u8fde\u63a5\u5230\u5806\u6808\u7684\u4e3b\u673a\u4e0a\u8fd0\u884c\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\u4ece Kilo \u7248\u672c\u5f00\u59cb\uff0c\u5b83\u80fd\u591f\u4ee5\u5206\u5e03\u5f0f\u65b9\u5f0f\u90e8\u7f72\u591a\u4e2a\u5197\u4f59\u63a7\u5236\u5668\u3002\u4e0e\u5176\u4ed6\u670d\u52a1\u4e00\u6837\uff0c\u5b83\u4e5f\u9700\u8981\u4e00\u4e2a\u6570\u636e\u5e93\u6765\u5b58\u50a8\u6709\u5173\u5176\u8d44\u6e90\u7684\u4fe1\u606f\u3002\u8bf7\u53c2\u9605\u6570\u636e\u5e93\u3002\u8bf7\u52a1\u5fc5\u6ce8\u610f\uff0c\u6570\u636e\u5904\u7406\u670d\u52a1\u5c06\u9700\u8981\u7ba1\u7406\u591a\u4e2a\u6807\u8bc6\u670d\u52a1\u4fe1\u4efb\uff0c\u76f4\u63a5\u4e0e\u4e1a\u52a1\u6d41\u7a0b\u548c\u7f51\u7edc\u670d\u52a1\u901a\u4fe1\uff0c\u5e76\u53ef\u80fd\u5728\u4ee3\u7406\u57df\u4e2d\u521b\u5efa\u7528\u6237\u3002\u7531\u4e8e\u8fd9\u4e9b\u539f\u56e0\uff0c\u63a7\u5236\u5668\u5c06\u9700\u8981\u8bbf\u95ee\u63a7\u5236\u5e73\u9762\uff0c\u56e0\u6b64\u6211\u4eec\u5efa\u8bae\u5c06\u5176\u4e0e\u5176\u4ed6\u670d\u52a1\u63a7\u5236\u5668\u4e00\u8d77\u5b89\u88c5\u3002 \u6570\u636e\u5904\u7406\u76f4\u63a5\u4e0e\u591a\u4e2a OpenStack \u670d\u52a1\u4ea4\u4e92\uff1a \u8ba1\u7b97 \u8eab\u4efd\u9a8c\u8bc1 \u8054\u7f51 \u5bf9\u8c61\u5b58\u50a8 \u914d\u5668 \u5757\u5b58\u50a8\uff08\u53ef\u9009\uff09 \u5efa\u8bae\u8bb0\u5f55\u8fd9\u4e9b\u670d\u52a1\u4e0e\u6570\u636e\u5904\u7406\u63a7\u5236\u5668\u4e4b\u95f4\u7684\u6240\u6709\u6570\u636e\u6d41\u548c\u6865\u63a5\u70b9\u3002\u8bf7\u53c2\u9605\u7cfb\u7edf\u6587\u6863\u3002 \u6570\u636e\u5904\u7406\u670d\u52a1\u4f7f\u7528\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u6765\u5b58\u50a8\u4f5c\u4e1a\u4e8c\u8fdb\u5236\u6587\u4ef6\u548c\u6570\u636e\u6e90\u3002\u5e0c\u671b\u8bbf\u95ee\u5b8c\u6574\u6570\u636e\u5904\u7406\u670d\u52a1\u529f\u80fd\u7684\u7528\u6237\u5c06\u9700\u8981\u5728\u4ed6\u4eec\u6b63\u5728\u4f7f\u7528\u7684\u9879\u76ee\u4e2d\u5b58\u50a8\u5bf9\u8c61\u3002 \u7f51\u7edc\u670d\u52a1\u5728\u7fa4\u96c6\u7684\u914d\u7f6e\u4e2d\u8d77\u7740\u91cd\u8981\u4f5c\u7528\u3002\u5728\u9884\u914d\u4e4b\u524d\uff0c\u7528\u6237\u5e94\u4e3a\u7fa4\u96c6\u5b9e\u4f8b\u63d0\u4f9b\u4e00\u4e2a\u6216\u591a\u4e2a\u7f51\u7edc\u3002\u5173\u8054\u7f51\u7edc\u7684\u64cd\u4f5c\u7c7b\u4f3c\u4e8e\u901a\u8fc7\u4eea\u8868\u677f\u542f\u52a8\u5b9e\u4f8b\u65f6\u5206\u914d\u7f51\u7edc\u7684\u8fc7\u7a0b\u3002\u63a7\u5236\u5668\u4f7f\u7528\u8fd9\u4e9b\u7f51\u7edc\u5bf9\u5176\u96c6\u7fa4\u7684\u5b9e\u4f8b\u548c\u6846\u67b6\u8fdb\u884c\u7ba1\u7406\u8bbf\u95ee\u3002 \u53e6\u5916\u503c\u5f97\u6ce8\u610f\u7684\u662f\u8eab\u4efd\u670d\u52a1\u3002\u6570\u636e\u5904\u7406\u670d\u52a1\u7684\u7528\u6237\u9700\u8981\u5728\u5176\u9879\u76ee\u4e2d\u5177\u6709\u9002\u5f53\u7684\u89d2\u8272\uff0c\u4ee5\u5141\u8bb8\u4e3a\u5176\u96c6\u7fa4\u9884\u7f6e\u5b9e\u4f8b\u3002\u4f7f\u7528\u4ee3\u7406\u57df\u914d\u7f6e\u7684\u5b89\u88c5\u9700\u8981\u7279\u522b\u6ce8\u610f\u3002\u8bf7\u53c2\u9605\u4ee3\u7406\u57df\u3002\u5177\u4f53\u800c\u8a00\uff0c\u6570\u636e\u5904\u7406\u670d\u52a1\u5c06\u9700\u8981\u80fd\u591f\u5728\u4ee3\u7406\u57df\u4e2d\u521b\u5efa\u7528\u6237\u3002","title":"\u90e8\u7f72"},{"location":"security/security-guide/#_242","text":"\u6570\u636e\u5904\u7406\u63a7\u5236\u5668\u7684\u4e3b\u8981\u4efb\u52a1\u4e4b\u4e00\u662f\u4e0e\u5176\u751f\u6210\u7684\u5b9e\u4f8b\u8fdb\u884c\u901a\u4fe1\u3002\u8fd9\u4e9b\u5b9e\u4f8b\u662f\u9884\u7f6e\u7684\uff0c\u7136\u540e\u6839\u636e\u6240\u4f7f\u7528\u7684\u6846\u67b6\u8fdb\u884c\u914d\u7f6e\u3002\u63a7\u5236\u5668\u548c\u5b9e\u4f8b\u4e4b\u95f4\u7684\u901a\u4fe1\u4f7f\u7528\u5b89\u5168\u5916\u58f3 \uff08SSH\uff09 \u548c HTTP \u534f\u8bae\u3002 \u5728\u9884\u914d\u96c6\u7fa4\u65f6\uff0c\u5c06\u5728\u7528\u6237\u63d0\u4f9b\u7684\u7f51\u7edc\u4e2d\u4e3a\u6bcf\u4e2a\u5b9e\u4f8b\u63d0\u4f9b\u4e00\u4e2a IP \u5730\u5740\u3002\u7b2c\u4e00\u4e2a\u7f51\u7edc\u901a\u5e38\u79f0\u4e3a\u6570\u636e\u5904\u7406\u7ba1\u7406\u7f51\u7edc\uff0c\u5b9e\u4f8b\u53ef\u4ee5\u4f7f\u7528\u7f51\u7edc\u670d\u52a1\u4e3a\u6b64\u7f51\u7edc\u5206\u914d\u7684\u56fa\u5b9a IP \u5730\u5740\u3002\u63a7\u5236\u5668\u8fd8\u53ef\u4ee5\u914d\u7f6e\u4e3a\u9664\u4e86\u56fa\u5b9a\u5730\u5740\u4e4b\u5916\uff0c\u8fd8\u5bf9\u5b9e\u4f8b\u4f7f\u7528\u6d6e\u52a8 IP \u5730\u5740\u3002\u4e0e\u5b9e\u4f8b\u901a\u4fe1\u65f6\uff0c\u63a7\u5236\u5668\u5c06\u9996\u9009\u6d6e\u52a8\u5730\u5740\uff08\u5982\u679c\u542f\u7528\uff09\u3002 \u5bf9\u4e8e\u56fa\u5b9a\u548c\u6d6e\u52a8 IP \u5730\u5740\u65e0\u6cd5\u63d0\u4f9b\u6240\u9700\u529f\u80fd\u7684\u60c5\u51b5\uff0c\u63a7\u5236\u5668\u53ef\u4ee5\u901a\u8fc7\u4e24\u79cd\u66ff\u4ee3\u65b9\u6cd5\u63d0\u4f9b\u8bbf\u95ee\uff1a\u81ea\u5b9a\u4e49\u7f51\u7edc\u62d3\u6251\u548c\u95f4\u63a5\u8bbf\u95ee\u3002\u81ea\u5b9a\u4e49\u7f51\u7edc\u62d3\u6251\u529f\u80fd\u5141\u8bb8\u63a7\u5236\u5668\u901a\u8fc7\u914d\u7f6e\u6587\u4ef6\u4e2d\u63d0\u4f9b\u7684 shell \u547d\u4ee4\u8bbf\u95ee\u5b9e\u4f8b\u3002\u95f4\u63a5\u8bbf\u95ee\u7528\u4e8e\u6307\u5b9a\u7528\u6237\u5728\u96c6\u7fa4\u7f6e\u5907\u671f\u95f4\u53ef\u7528\u4f5c\u4ee3\u7406\u7f51\u5173\u7684\u5b9e\u4f8b\u3002\u8fd9\u4e9b\u9009\u9879\u901a\u8fc7\u914d\u7f6e\u548c\u5f3a\u5316\u4e2d\u7684\u7528\u6cd5\u793a\u4f8b\u8fdb\u884c\u8ba8\u8bba\u3002","title":"\u63a7\u5236\u5668\u5bf9\u96c6\u7fa4\u7684\u7f51\u7edc\u8bbf\u95ee"},{"location":"security/security-guide/#_243","text":"\u6709\u591a\u4e2a\u914d\u7f6e\u9009\u9879\u548c\u90e8\u7f72\u7b56\u7565\u53ef\u4ee5\u63d0\u9ad8\u6570\u636e\u5904\u7406\u670d\u52a1\u7684\u5b89\u5168\u6027\u3002\u670d\u52a1\u63a7\u5236\u5668\u901a\u8fc7\u4e3b\u914d\u7f6e\u6587\u4ef6\u548c\u4e00\u4e2a\u6216\u591a\u4e2a\u7b56\u7565\u6587\u4ef6\u8fdb\u884c\u914d\u7f6e\u3002\u4f7f\u7528\u6570\u636e\u5c40\u90e8\u6027\u529f\u80fd\u7684\u5b89\u88c5\u8fd8\u5c06\u5177\u6709\u4e24\u4e2a\u9644\u52a0\u6587\u4ef6\uff0c\u7528\u4e8e\u6307\u5b9a\u8ba1\u7b97\u8282\u70b9\u548c\u5bf9\u8c61\u5b58\u50a8\u8282\u70b9\u7684\u7269\u7406\u4f4d\u7f6e\u3002","title":"\u914d\u7f6e\u548c\u5f3a\u5316"},{"location":"security/security-guide/#tls_1","text":"\u4e0e\u8bb8\u591a\u5176\u4ed6 OpenStack \u63a7\u5236\u5668\u4e00\u6837\uff0c\u6570\u636e\u5904\u7406\u670d\u52a1\u63a7\u5236\u5668\u53ef\u4ee5\u914d\u7f6e\u4e3a\u9700\u8981 TLS \u8fde\u63a5\u3002 Pre-Kilo \u7248\u672c\u5c06\u9700\u8981 TLS \u4ee3\u7406\uff0c\u56e0\u4e3a\u63a7\u5236\u5668\u4e0d\u5141\u8bb8\u76f4\u63a5 TLS \u8fde\u63a5\u3002TLS \u4ee3\u7406\u548c HTTP \u670d\u52a1\u4e2d\u4ecb\u7ecd\u4e86\u5982\u4f55\u914d\u7f6e TLS \u4ee3\u7406\uff0c\u6211\u4eec\u5efa\u8bae\u6309\u7167\u5176\u4e2d\u7684\u5efa\u8bae\u521b\u5efa\u6b64\u7c7b\u5b89\u88c5\u3002 \u4ece Kilo \u7248\u672c\u5f00\u59cb\uff0c\u6570\u636e\u5904\u7406\u63a7\u5236\u5668\u5141\u8bb8\u76f4\u63a5 TLS \u8fde\u63a5\uff0c\u6211\u4eec\u5efa\u8bae\u8fd9\u6837\u505a\u3002\u542f\u7528\u6b64\u884c\u4e3a\u9700\u8981\u5bf9\u63a7\u5236\u5668\u914d\u7f6e\u6587\u4ef6\u8fdb\u884c\u4e00\u4e9b\u5c0f\u7684\u8c03\u6574\u3002 \u4f8b\u3002\u914d\u7f6e\u5bf9\u63a7\u5236\u5668\u7684 TLS \u8bbf\u95ee [ssl] ca_file = cafile.pem cert_file = certfile.crt key_file = keyfile.key","title":"TLS\u7cfb\u7edf"},{"location":"security/security-guide/#_244","text":"\u6570\u636e\u5904\u7406\u670d\u52a1\u4f7f\u7528\u7b56\u7565\u6587\u4ef6\uff08\u5982\u7b56\u7565\u4e2d\u6240\u8ff0\uff09\u6765\u914d\u7f6e\u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236\u3002\u4f7f\u7528\u7b56\u7565\u6587\u4ef6\uff0c\u64cd\u4f5c\u5458\u53ef\u4ee5\u9650\u5236\u7ec4\u5bf9\u7279\u5b9a\u6570\u636e\u5904\u7406\u529f\u80fd\u7684\u8bbf\u95ee\u3002 \u6267\u884c\u6b64\u64cd\u4f5c\u7684\u539f\u56e0\u5c06\u6839\u636e\u5b89\u88c5\u7684\u7ec4\u7ec7\u8981\u6c42\u800c\u66f4\u6539\u3002\u901a\u5e38\uff0c\u8fd9\u4e9b\u7ec6\u7c92\u5ea6\u63a7\u4ef6\u7528\u4e8e\u64cd\u4f5c\u5458\u9700\u8981\u9650\u5236\u6570\u636e\u5904\u7406\u670d\u52a1\u8d44\u6e90\u7684\u521b\u5efa\u3001\u5220\u9664\u548c\u68c0\u7d22\u7684\u60c5\u51b5\u3002\u9700\u8981\u9650\u5236\u9879\u76ee\u5185\u8bbf\u95ee\u7684\u64cd\u4f5c\u5458\u5e94\u5145\u5206\u610f\u8bc6\u5230\uff0c\u9700\u8981\u6709\u5176\u4ed6\u65b9\u6cd5\u8ba9\u7528\u6237\u8bbf\u95ee\u670d\u52a1\u7684\u6838\u5fc3\u529f\u80fd\uff08\u4f8b\u5982\uff0c\u914d\u7f6e\u96c6\u7fa4\uff09\u3002 \u4f8b\u3002\u5141\u8bb8\u6240\u6709\u7528\u6237\u4f7f\u7528\u6240\u6709\u65b9\u6cd5\uff08\u9ed8\u8ba4\u7b56\u7565\uff09 { \"default\": \"\" } \u4f8b\u3002\u7981\u6b62\u5bf9\u975e\u7ba1\u7406\u5458\u7528\u6237\u8fdb\u884c\u6620\u50cf\u6ce8\u518c\u8868\u64cd\u4f5c { \"default\": \"\", \"data-processing:images:register\": \"role:admin\", \"data-processing:images:unregister\": \"role:admin\", \"data-processing:images:add_tags\": \"role:admin\", \"data-processing:images:remove_tags\": \"role:admin\" }","title":"\u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236\u7b56\u7565"},{"location":"security/security-guide/#_245","text":"\u6570\u636e\u5904\u7406\u670d\u52a1\u5141\u8bb8\u5c06\u5b89\u5168\u7ec4\u4e0e\u4e3a\u5176\u96c6\u7fa4\u9884\u7f6e\u7684\u5b9e\u4f8b\u76f8\u5173\u8054\u3002\u65e0\u9700\u5176\u4ed6\u914d\u7f6e\uff0c\u8be5\u670d\u52a1\u5c06\u5bf9\u9884\u7f6e\u96c6\u7fa4\u7684\u4efb\u4f55\u9879\u76ee\u4f7f\u7528\u9ed8\u8ba4\u5b89\u5168\u7ec4\u3002\u5982\u679c\u8bf7\u6c42\uff0c\u53ef\u4ee5\u4f7f\u7528\u4e0d\u540c\u7684\u5b89\u5168\u7ec4\uff0c\u6216\u8005\u5b58\u5728\u4e00\u4e2a\u81ea\u52a8\u9009\u9879\uff0c\u8be5\u9009\u9879\u6307\u793a\u670d\u52a1\u6839\u636e\u6240\u8bbf\u95ee\u6846\u67b6\u6307\u5b9a\u7684\u7aef\u53e3\u521b\u5efa\u5b89\u5168\u7ec4\u3002 \u5bf9\u4e8e\u751f\u4ea7\u73af\u5883\uff0c\u6211\u4eec\u5efa\u8bae\u624b\u52a8\u63a7\u5236\u5b89\u5168\u7ec4\uff0c\u5e76\u521b\u5efa\u4e00\u7ec4\u9002\u5408\u5b89\u88c5\u7684\u7ec4\u89c4\u5219\u3002\u901a\u8fc7\u8fd9\u79cd\u65b9\u5f0f\uff0c\u64cd\u4f5c\u5458\u53ef\u4ee5\u786e\u4fdd\u9ed8\u8ba4\u5b89\u5168\u7ec4\u5c06\u5305\u542b\u6240\u6709\u9002\u5f53\u7684\u89c4\u5219\u3002\u6709\u5173\u5b89\u5168\u7ec4\u7684\u6269\u5c55\u8ba8\u8bba\uff0c\u8bf7\u53c2\u9605\u5b89\u5168\u7ec4\u3002","title":"\u5b89\u5168\u7ec4"},{"location":"security/security-guide/#_246","text":"\u5c06\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u4e0e\u6570\u636e\u5904\u7406\u7ed3\u5408\u4f7f\u7528\u65f6\uff0c\u9700\u8981\u6dfb\u52a0\u5b58\u50a8\u8bbf\u95ee\u51ed\u636e\u3002\u4f7f\u7528\u4ee3\u7406\u57df\uff0c\u6570\u636e\u5904\u7406\u670d\u52a1\u53ef\u4ee5\u6539\u7528\u6765\u81ea\u6807\u8bc6\u670d\u52a1\u7684\u59d4\u6d3e\u4fe1\u4efb\uff0c\u4ee5\u5141\u8bb8\u901a\u8fc7\u57df\u4e2d\u521b\u5efa\u7684\u4e34\u65f6\u7528\u6237\u8fdb\u884c\u5b58\u50a8\u8bbf\u95ee\u3002\u8981\u4f7f\u6b64\u59d4\u6d3e\u673a\u5236\u8d77\u4f5c\u7528\uff0c\u5fc5\u987b\u5c06\u6570\u636e\u5904\u7406\u670d\u52a1\u914d\u7f6e\u4e3a\u4f7f\u7528\u4ee3\u7406\u57df\uff0c\u5e76\u4e14\u64cd\u4f5c\u5458\u5fc5\u987b\u4e3a\u4ee3\u7406\u7528\u6237\u914d\u7f6e\u8eab\u4efd\u57df\u3002 \u6570\u636e\u5904\u7406\u63a7\u5236\u5668\u4fdd\u7559\u4e3a\u5bf9\u8c61\u5b58\u50a8\u8bbf\u95ee\u63d0\u4f9b\u7684\u7528\u6237\u540d\u548c\u5bc6\u7801\u7684\u4e34\u65f6\u5b58\u50a8\u3002\u4f7f\u7528\u4ee3\u7406\u57df\u65f6\uff0c\u63a7\u5236\u5668\u5c06\u4e3a\u4ee3\u7406\u7528\u6237\u751f\u6210\u6b64\u5bf9\uff0c\u5e76\u4e14\u6b64\u7528\u6237\u7684\u8bbf\u95ee\u5c06\u4ec5\u9650\u4e8e\u8eab\u4efd\u4fe1\u4efb\u7684\u8bbf\u95ee\u3002\u6211\u4eec\u5efa\u8bae\u5728\u63a7\u5236\u5668\u6216\u5176\u6570\u636e\u5e93\u5177\u6709\u4e0e\u516c\u5171\u7f51\u7edc\u4e4b\u95f4\u7684\u8def\u7531\u7684\u4efb\u4f55\u5b89\u88c5\u4e2d\u4f7f\u7528\u4ee3\u7406\u57df\u3002 \u793a\u4f8b\uff1a\u4e3a\u540d\u4e3a\u201cdp_proxy\u201d\u7684\u4ee3\u7406\u57df\u8fdb\u884c\u914d\u7f6e [DEFAULT] use_domain_for_proxy_users = true proxy_user_domain_name = dp_proxy proxy_user_role_names = Member","title":"\u4ee3\u7406\u57df"},{"location":"security/security-guide/#_247","text":"\u6570\u636e\u5904\u7406\u63a7\u5236\u5668\u53ef\u4ee5\u914d\u7f6e\u4e3a\u4f7f\u7528\u4ee3\u7406\u547d\u4ee4\u6765\u8bbf\u95ee\u5176\u96c6\u7fa4\u5b9e\u4f8b\u3002\u901a\u8fc7\u8fd9\u79cd\u65b9\u5f0f\uff0c\u53ef\u4ee5\u4e3a\u4e0d\u4f7f\u7528\u7f51\u7edc\u670d\u52a1\u76f4\u63a5\u63d0\u4f9b\u7684\u7f51\u7edc\u7684\u5b89\u88c5\u521b\u5efa\u81ea\u5b9a\u4e49\u7f51\u7edc\u62d3\u6251\u3002\u5bf9\u4e8e\u9700\u8981\u9650\u5236\u63a7\u5236\u5668\u548c\u5b9e\u4f8b\u4e4b\u95f4\u8bbf\u95ee\u7684\u5b89\u88c5\uff0c\u6211\u4eec\u5efa\u8bae\u4f7f\u7528\u6b64\u9009\u9879\u3002 \u793a\u4f8b\uff1a\u901a\u8fc7\u6307\u5b9a\u7684\u4e2d\u7ee7\u673a\u8bbf\u95ee\u5b9e\u4f8b [DEFAULT] proxy_command='ssh relay-machine-{tenant_id} nc {host} {port}' \u793a\u4f8b\uff1a\u901a\u8fc7\u81ea\u5b9a\u4e49\u7f51\u7edc\u547d\u540d\u7a7a\u95f4\u8bbf\u95ee\u5b9e\u4f8b [DEFAULT] proxy_command='ip netns exec ns_for_{network_id} nc {host} {port}'","title":"\u81ea\u5b9a\u4e49\u7f51\u7edc\u62d3\u6251"},{"location":"security/security-guide/#_248","text":"\u5bf9\u4e8e\u63a7\u5236\u5668\u5bf9\u96c6\u7fa4\u6240\u6709\u5b9e\u4f8b\u7684\u8bbf\u95ee\u6743\u9650\u6709\u9650\u7684\u5b89\u88c5\uff0c\u7531\u4e8e\u5bf9\u6d6e\u52a8 IP \u5730\u5740\u6216\u5b89\u5168\u89c4\u5219\u7684\u9650\u5236\uff0c\u53ef\u4ee5\u914d\u7f6e\u95f4\u63a5\u8bbf\u95ee\u3002\u8fd9\u5141\u8bb8\u5c06\u67d0\u4e9b\u5b9e\u4f8b\u6307\u5b9a\u4e3a\u96c6\u7fa4\u5176\u4ed6\u5b9e\u4f8b\u7684\u4ee3\u7406\u7f51\u5173\u3002 \u53ea\u6709\u5728\u5b9a\u4e49\u5c06\u6784\u6210\u6570\u636e\u5904\u7406\u96c6\u7fa4\u7684\u8282\u70b9\u7ec4\u6a21\u677f\u65f6\uff0c\u624d\u80fd\u542f\u7528\u6b64\u914d\u7f6e\u3002\u5b83\u4f5c\u4e3a\u8fd0\u884c\u65f6\u9009\u9879\u63d0\u4f9b\uff0c\u53ef\u5728\u7fa4\u96c6\u7f6e\u5907\u8fc7\u7a0b\u4e2d\u542f\u7528\u3002","title":"\u95f4\u63a5\u8bbf\u95ee"},{"location":"security/security-guide/#rootwrap","text":"\u5728\u4e3a\u7f51\u7edc\u8bbf\u95ee\u521b\u5efa\u81ea\u5b9a\u4e49\u62d3\u6251\u65f6\uff0c\u53ef\u80fd\u9700\u8981\u5141\u8bb8\u975e root \u7528\u6237\u8fd0\u884c\u4ee3\u7406\u547d\u4ee4\u3002\u5bf9\u4e8e\u8fd9\u4e9b\u60c5\u51b5\uff0coslo rootwrap \u8f6f\u4ef6\u5305\u7528\u4e8e\u4e3a\u975e root \u7528\u6237\u63d0\u4f9b\u8fd0\u884c\u7279\u6743\u547d\u4ee4\u7684\u5de5\u5177\u3002\u6b64\u914d\u7f6e\u8981\u6c42\u4e0e\u6570\u636e\u5904\u7406\u63a7\u5236\u5668\u5e94\u7528\u7a0b\u5e8f\u5173\u8054\u7684\u7528\u6237\u4f4d\u4e8e sudoers \u5217\u8868\u4e2d\uff0c\u5e76\u5728\u914d\u7f6e\u6587\u4ef6\u4e2d\u542f\u7528\u8be5\u9009\u9879\u3002\u6216\u8005\uff0c\u53ef\u4ee5\u63d0\u4f9b\u5907\u7528 rootwrap \u547d\u4ee4\u3002 \u793a\u4f8b\uff1a\u542f\u7528 rootwrap \u7528\u6cd5\u5e76\u663e\u793a\u9ed8\u8ba4\u547d\u4ee4 [DEFAULT] use_rootwrap=True rootwrap_command=\u2019sudo sahara-rootwrap /etc/sahara/rootwrap.conf\u2019 \u5173\u4e8e rootwrap \u9879\u76ee\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u8003\u5b98\u65b9\u6587\u6863\uff1ahttps://wiki.openstack.org/wiki/Rootwrap","title":"Rootwrap"},{"location":"security/security-guide/#_249","text":"\u76d1\u89c6\u670d\u52a1\u63a7\u5236\u5668\u7684\u8f93\u51fa\u662f\u4e00\u4e2a\u5f3a\u5927\u7684\u53d6\u8bc1\u5de5\u5177\uff0c\u5982\u76d1\u89c6\u548c\u65e5\u5fd7\u8bb0\u5f55\u4e2d\u66f4\u8be6\u7ec6\u5730\u63cf\u8ff0\u7684\u90a3\u6837\u3002\u6570\u636e\u5904\u7406\u670d\u52a1\u63a7\u5236\u5668\u63d0\u4f9b\u4e86\u51e0\u4e2a\u9009\u9879\u6765\u8bbe\u7f6e\u65e5\u5fd7\u8bb0\u5f55\u7684\u4f4d\u7f6e\u548c\u7ea7\u522b\u3002 \u793a\u4f8b\uff1a\u5c06\u65e5\u5fd7\u7ea7\u522b\u8bbe\u7f6e\u4e3a\u9ad8\u4e8e\u8b66\u544a\u5e76\u6307\u5b9a\u8f93\u51fa\u6587\u4ef6\u3002 [DEFAULT] verbose = true log_file = /var/log/data-processing.log","title":"\u65e5\u5fd7"},{"location":"security/security-guide/#_250","text":"OpenStack.org\uff0c\u6b22\u8fce\u6765\u5230Sahara\uff012016.Sahara\u9879\u76ee\u6587\u6863 Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0c\u6b22\u8fce\u6765\u5230 Apache Hadoop\uff012016. Apache Hadoop \u9879\u76ee Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0c\u5b89\u5168\u6a21\u5f0f\u4e0b\u7684 Hadoop\u30022016. Hadoop \u5b89\u5168\u6a21\u5f0f\u6587\u6863 Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0cHDFS \u7528\u6237\u6307\u5357\u30022016. Hadoop HDFS \u6587\u6863 Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0cSpark\u30022016. Spark\u9879\u76ee Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0cSpark Security\u30022016. Spark \u5b89\u5168\u6587\u6863 Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0cApache Storm\u30022016. Storm \u9879\u76ee Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0cApache Zookeeper\u30022016. Zookeeper \u9879\u76ee Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0cApache Oozie Workflow Scheduler for Hadoop\u30022016. Oozie\u9879\u76ee Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0cApache Hive\u30022016. Hive Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0c\u6b22\u8fce\u6765\u5230 Apache Pig\u30022016.Pig Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0cCloudera \u4ea7\u54c1\u6587\u6863\u30022016. Cloudera CDH \u6587\u6863 Hortonworks\uff0cHortonworks\u30022016. Hortonworks \u6570\u636e\u5e73\u53f0\u6587\u6863 MapR Technologies\uff0c\u7528\u4e8e MapR \u878d\u5408\u6570\u636e\u5e73\u53f0\u7684 Apache Hadoop\u30022016. MapR \u9879\u76ee","title":"\u53c2\u8003\u4e66\u76ee"},{"location":"security/security-guide/#_251","text":"\u6570\u636e\u5e93\u670d\u52a1\u5668\u7684\u9009\u62e9\u662f OpenStack \u90e8\u7f72\u5b89\u5168\u6027\u7684\u4e00\u4e2a\u91cd\u8981\u8003\u8651\u56e0\u7d20\u3002\u5728\u51b3\u5b9a\u4f7f\u7528\u6570\u636e\u5e93\u670d\u52a1\u5668\u65f6\uff0c\u5e94\u8003\u8651\u591a\u79cd\u56e0\u7d20\uff0c\u4f46\u5728\u672c\u672c\u4e66\u7684\u8303\u56f4\u5185\uff0c\u5c06\u53ea\u8ba8\u8bba\u5b89\u5168\u6ce8\u610f\u4e8b\u9879\u3002OpenStack \u652f\u6301\u591a\u79cd\u6570\u636e\u5e93\u7c7b\u578b\u3002\u6709\u5173\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u300aOpenStack \u7ba1\u7406\u5458\u6307\u5357\u300b\u3002 \u300a\u5b89\u5168\u6307\u5357\u300b\u76ee\u524d\u4e3b\u8981\u9488\u5bf9 PostgreSQL \u548c MySQL\u3002 \u6570\u636e\u5e93\u540e\u7aef\u6ce8\u610f\u4e8b\u9879 \u6570\u636e\u5e93\u540e\u7aef\u7684\u5b89\u5168\u53c2\u8003 \u6570\u636e\u5e93\u8bbf\u95ee\u63a7\u5236 OpenStack \u6570\u636e\u5e93\u8bbf\u95ee\u6a21\u578b \u6570\u636e\u5e93\u8eab\u4efd\u9a8c\u8bc1\u548c\u8bbf\u95ee\u63a7\u5236 \u8981\u6c42\u7528\u6237\u5e10\u6237\u9700\u8981 SSL \u4f20\u8f93 \u4f7f\u7528 X.509 \u8bc1\u4e66\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1 OpenStack \u670d\u52a1\u6570\u636e\u5e93\u914d\u7f6e Nova-conductor \u6570\u636e\u5e93\u4f20\u8f93\u5b89\u5168\u6027 \u6570\u636e\u5e93\u670d\u52a1\u5668 IP \u5730\u5740\u7ed1\u5b9a \u6570\u636e\u5e93\u4f20\u8f93 MySQL SSL\u914d\u7f6e PostgreSQL SSL \u914d\u7f6e","title":"\u6570\u636e\u5e93"},{"location":"security/security-guide/#_252","text":"PostgreSQL \u5177\u6709\u8bb8\u591a\u7406\u60f3\u7684\u5b89\u5168\u529f\u80fd\uff0c\u4f8b\u5982 Kerberos \u8eab\u4efd\u9a8c\u8bc1\u3001\u5bf9\u8c61\u7ea7\u5b89\u5168\u6027\u548c\u52a0\u5bc6\u652f\u6301\u3002PostgreSQL \u793e\u533a\u5728\u63d0\u4f9b\u53ef\u9760\u7684\u6307\u5bfc\u3001\u6587\u6863\u548c\u5de5\u5177\u4ee5\u4fc3\u8fdb\u79ef\u6781\u7684\u5b89\u5168\u5b9e\u8df5\u65b9\u9762\u505a\u5f97\u5f88\u597d\u3002 MySQL\u62e5\u6709\u5e9e\u5927\u7684\u793e\u533a\uff0c\u88ab\u5e7f\u6cdb\u91c7\u7528\uff0c\u5e76\u63d0\u4f9b\u9ad8\u53ef\u7528\u6027\u9009\u9879\u3002MySQL\u8fd8\u80fd\u591f\u901a\u8fc7\u63d2\u4ef6\u8eab\u4efd\u9a8c\u8bc1\u673a\u5236\u63d0\u4f9b\u589e\u5f3a\u7684\u5ba2\u6237\u7aef\u8eab\u4efd\u9a8c\u8bc1\u3002MySQL\u793e\u533a\u4e2d\u7684\u5206\u53c9\u53d1\u884c\u7248\u63d0\u4f9b\u4e86\u8bb8\u591a\u53ef\u4f9b\u8003\u8651\u7684\u9009\u9879\u3002\u6839\u636e\u5bf9\u5b89\u5168\u6001\u52bf\u7684\u5168\u9762\u8bc4\u4f30\u548c\u4e3a\u7ed9\u5b9a\u53d1\u884c\u7248\u63d0\u4f9b\u7684\u652f\u6301\u7ea7\u522b\uff0c\u9009\u62e9MySQL\u7684\u7279\u5b9a\u5b9e\u73b0\u975e\u5e38\u91cd\u8981\u3002","title":"\u6570\u636e\u5e93\u540e\u7aef\u6ce8\u610f\u4e8b\u9879"},{"location":"security/security-guide/#_253","text":"\u5efa\u8bae\u90e8\u7f72 MySQL \u6216 PostgreSQL \u7684\u7528\u6237\u53c2\u8003\u73b0\u6709\u7684\u5b89\u5168\u6307\u5357\u3002\u4e0b\u9762\u5217\u51fa\u4e86\u4e00\u4e9b\u53c2\u8003\u8d44\u6599\uff1a MySQL\u6570\u636e\u5e93\uff1a OWASP MySQL\u5f3a\u5316 MySQL \u53ef\u63d2\u5165\u8eab\u4efd\u9a8c\u8bc1 MySQL\u4e2d\u7684\u5b89\u5168\u6027 PostgreSQL\u683c\u5f0f\uff1a OWASP PostgreSQL \u5f3a\u5316 PostgreSQL \u6570\u636e\u5e93\u4e2d\u7684\u603b\u4f53\u5b89\u5168\u6027","title":"\u6570\u636e\u5e93\u540e\u7aef\u7684\u5b89\u5168\u53c2\u8003"},{"location":"security/security-guide/#_254","text":"\u6bcf\u4e2a\u6838\u5fc3 OpenStack \u670d\u52a1\uff08\u8ba1\u7b97\u3001\u8eab\u4efd\u3001\u7f51\u7edc\u3001\u5757\u5b58\u50a8\uff09\u90fd\u5c06\u72b6\u6001\u548c\u914d\u7f6e\u4fe1\u606f\u5b58\u50a8\u5728\u6570\u636e\u5e93\u4e2d\u3002\u5728\u672c\u7ae0\u4e2d\uff0c\u6211\u4eec\u5c06\u8ba8\u8bba\u5f53\u524d\u5728OpenStack\u4e2d\u4f7f\u7528\u6570\u636e\u5e93\u7684\u65b9\u5f0f\u3002\u6211\u4eec\u8fd8\u63a2\u8ba8\u4e86\u5b89\u5168\u95ee\u9898\uff0c\u4ee5\u53ca\u6570\u636e\u5e93\u540e\u7aef\u9009\u62e9\u7684\u5b89\u5168\u540e\u679c\u3002","title":"\u6570\u636e\u5e93\u8bbf\u95ee\u63a7\u5236"},{"location":"security/security-guide/#openstack_11","text":"OpenStack \u9879\u76ee\u4e2d\u7684\u6240\u6709\u670d\u52a1\u90fd\u8bbf\u95ee\u5355\u4e2a\u6570\u636e\u5e93\u3002\u76ee\u524d\u6ca1\u6709\u7528\u4e8e\u521b\u5efa\u57fa\u4e8e\u8868\u6216\u884c\u7684\u6570\u636e\u5e93\u8bbf\u95ee\u9650\u5236\u7684\u53c2\u8003\u7b56\u7565\u3002 \u5728OpenStack\u4e2d\uff0c\u6ca1\u6709\u5bf9\u6570\u636e\u5e93\u64cd\u4f5c\u8fdb\u884c\u7cbe\u7ec6\u63a7\u5236\u7684\u4e00\u822c\u89c4\u5b9a\u3002\u8bbf\u95ee\u6743\u9650\u548c\u7279\u6743\u7684\u6388\u4e88\u4ec5\u57fa\u4e8e\u8282\u70b9\u662f\u5426\u6709\u6743\u8bbf\u95ee\u6570\u636e\u5e93\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u6709\u6743\u8bbf\u95ee\u6570\u636e\u5e93\u7684\u8282\u70b9\u53ef\u80fd\u5177\u6709 DROP\u3001INSERT \u6216 UPDATE \u51fd\u6570\u7684\u5b8c\u5168\u6743\u9650\u3002","title":"OpenStack \u6570\u636e\u5e93\u8bbf\u95ee\u6a21\u578b"},{"location":"security/security-guide/#_255","text":"\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u6bcf\u4e2a OpenStack \u670d\u52a1\u53ca\u5176\u8fdb\u7a0b\u90fd\u4f7f\u7528\u4e00\u7ec4\u5171\u4eab\u51ed\u636e\u8bbf\u95ee\u6570\u636e\u5e93\u3002\u8fd9\u4f7f\u5f97\u5ba1\u6838\u6570\u636e\u5e93\u64cd\u4f5c\u548c\u64a4\u6d88\u670d\u52a1\u53ca\u5176\u8fdb\u7a0b\u5bf9\u6570\u636e\u5e93\u7684\u8bbf\u95ee\u6743\u9650\u53d8\u5f97\u7279\u522b\u56f0\u96be\u3002","title":"\u7cbe\u7ec6\u8bbf\u95ee\u63a7\u5236"},{"location":"security/security-guide/#nova-conductor","text":"\u8ba1\u7b97\u8282\u70b9\u662f OpenStack \u4e2d\u6700\u4e0d\u53d7\u4fe1\u4efb\u7684\u670d\u52a1\uff0c\u56e0\u4e3a\u5b83\u4eec\u6258\u7ba1\u79df\u6237\u5b9e\u4f8b\u3002\u5f15\u5165\u8be5 nova-conductor \u670d\u52a1\u4f5c\u4e3a\u6570\u636e\u5e93\u4ee3\u7406\uff0c\u5145\u5f53\u8ba1\u7b97\u8282\u70b9\u548c\u6570\u636e\u5e93\u4e4b\u95f4\u7684\u4e2d\u4ecb\u3002\u6211\u4eec\u5c06\u5728\u672c\u7ae0\u540e\u9762\u8ba8\u8bba\u5176\u540e\u679c\u3002 \u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\uff1a \u6240\u6709\u6570\u636e\u5e93\u901a\u4fe1\u90fd\u4e0e\u7ba1\u7406\u7f51\u7edc\u9694\u79bb \u4f7f\u7528 TLS \u4fdd\u62a4\u901a\u4fe1 \u4e3a\u6bcf\u4e2a OpenStack \u670d\u52a1\u7aef\u70b9\u521b\u5efa\u552f\u4e00\u7684\u6570\u636e\u5e93\u7528\u6237\u5e10\u6237\uff08\u5982\u4e0b\u56fe\u6240\u793a\uff09","title":"Nova-conductor"},{"location":"security/security-guide/#_256","text":"\u8003\u8651\u5230\u8bbf\u95ee\u6570\u636e\u5e93\u7684\u98ce\u9669\uff0c\u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\u4e3a\u6bcf\u4e2a\u9700\u8981\u8bbf\u95ee\u6570\u636e\u5e93\u7684\u8282\u70b9\u521b\u5efa\u552f\u4e00\u7684\u6570\u636e\u5e93\u7528\u6237\u5e10\u6237\u3002\u8fd9\u6837\u505a\u6709\u52a9\u4e8e\u66f4\u597d\u5730\u8fdb\u884c\u5206\u6790\u548c\u5ba1\u6838\uff0c\u4ee5\u786e\u4fdd\u5408\u89c4\u6027\uff0c\u6216\u8005\u5728\u8282\u70b9\u906d\u5230\u5165\u4fb5\u65f6\uff0c\u901a\u8fc7\u5728\u68c0\u6d4b\u5230\u8be5\u8282\u70b9\u65f6\u5220\u9664\u8be5\u8282\u70b9\u5bf9\u6570\u636e\u5e93\u7684\u8bbf\u95ee\u6765\u9694\u79bb\u53d7\u611f\u67d3\u7684\u4e3b\u673a\u3002\u521b\u5efa\u8fd9\u4e9b\u6bcf\u4e2a\u670d\u52a1\u7ec8\u7ed3\u70b9\u6570\u636e\u5e93\u7528\u6237\u5e10\u6237\u65f6\uff0c\u5e94\u6ce8\u610f\u786e\u4fdd\u5c06\u5176\u914d\u7f6e\u4e3a\u9700\u8981 TLS\u3002\u6216\u8005\uff0c\u4e3a\u4e86\u63d0\u9ad8\u5b89\u5168\u6027\uff0c\u5efa\u8bae\u9664\u4e86\u7528\u6237\u540d\u548c\u5bc6\u7801\u5916\uff0c\u8fd8\u4f7f\u7528 X.509 \u8bc1\u4e66\u8eab\u4efd\u9a8c\u8bc1\u6765\u914d\u7f6e\u6570\u636e\u5e93\u5e10\u6237\u3002","title":"\u6570\u636e\u5e93\u8ba4\u8bc1\u548c\u8bbf\u95ee\u63a7\u5236"},{"location":"security/security-guide/#_257","text":"\u5e94\u521b\u5efa\u5e76\u4fdd\u62a4\u4e00\u4e2a\u5355\u72ec\u7684\u6570\u636e\u5e93\u7ba1\u7406\u5458 \uff08DBA\uff09 \u5e10\u6237\uff0c\u8be5\u5e10\u6237\u5177\u6709\u521b\u5efa/\u5220\u9664\u6570\u636e\u5e93\u3001\u521b\u5efa\u7528\u6237\u5e10\u6237\u548c\u66f4\u65b0\u7528\u6237\u6743\u9650\u7684\u5b8c\u5168\u6743\u9650\u3002\u8fd9\u79cd\u7b80\u5355\u7684\u8d23\u4efb\u5206\u79bb\u65b9\u6cd5\u6709\u52a9\u4e8e\u9632\u6b62\u610f\u5916\u914d\u7f6e\u9519\u8bef\uff0c\u964d\u4f4e\u98ce\u9669\u5e76\u7f29\u5c0f\u5371\u5bb3\u8303\u56f4\u3002 \u4e3a OpenStack \u670d\u52a1\u548c\u6bcf\u4e2a\u8282\u70b9\u521b\u5efa\u7684\u6570\u636e\u5e93\u7528\u6237\u5e10\u6237\u7684\u6743\u9650\u5e94\u4ec5\u9650\u4e8e\u4e0e\u8be5\u8282\u70b9\u6240\u5c5e\u7684\u670d\u52a1\u76f8\u5173\u7684\u6570\u636e\u5e93\u3002","title":"\u6743\u9650"},{"location":"security/security-guide/#ssl","text":"","title":"\u8981\u6c42\u7528\u6237\u5e10\u6237\u9700\u8981 SSL \u4f20\u8f93"},{"location":"security/security-guide/#1mysql","text":"GRANT ALL ON dbname.* to 'compute01'@'hostname' IDENTIFIED BY 'NOVA_DBPASS' REQUIRE SSL;","title":"\u914d\u7f6e\u793a\u4f8b #1\uff1a\uff08MySQL\uff09"},{"location":"security/security-guide/#2postgresql","text":"\u5728\u6587\u4ef6\u4e2d pg_hba.conf \uff1a hostssl dbname compute01 hostname md5 \u8bf7\u6ce8\u610f\uff0c\u6b64\u547d\u4ee4\u4ec5\u6dfb\u52a0\u901a\u8fc7 SSL \u8fdb\u884c\u901a\u4fe1\u7684\u529f\u80fd\uff0c\u5e76\u4e14\u662f\u975e\u72ec\u5360\u7684\u3002\u5e94\u7981\u7528\u53ef\u80fd\u5141\u8bb8\u672a\u52a0\u5bc6\u4f20\u8f93\u7684\u5176\u4ed6\u8bbf\u95ee\u65b9\u6cd5\uff0c\u4ee5\u4fbf SSL \u662f\u552f\u4e00\u7684\u8bbf\u95ee\u65b9\u6cd5\u3002 \u8be5 md5 \u53c2\u6570\u5c06\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u5b9a\u4e49\u4e3a\u54c8\u5e0c\u5bc6\u7801\u3002\u6211\u4eec\u5728\u4ee5\u4e0b\u90e8\u5206\u4e2d\u63d0\u4f9b\u4e86\u4e00\u4e2a\u5b89\u5168\u8eab\u4efd\u9a8c\u8bc1\u793a\u4f8b\u3002","title":"\u914d\u7f6e\u793a\u4f8b #2\uff1a\uff08PostgreSQL\uff09"},{"location":"security/security-guide/#openstack_12","text":"\u5982\u679c\u6570\u636e\u5e93\u670d\u52a1\u5668\u914d\u7f6e\u4e3a\u4f7f\u7528 TLS \u4f20\u8f93\uff0c\u5219\u9700\u8981\u6307\u5b9a\u7528\u4e8e SQLAlchemy \u67e5\u8be2\u4e2d\u7684\u521d\u59cb\u8fde\u63a5\u5b57\u7b26\u4e32\u7684\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u4fe1\u606f\u3002","title":"OpenStack \u670d\u52a1\u6570\u636e\u5e93\u914d\u7f6e"},{"location":"security/security-guide/#mysql-sql_connection","text":"sql_connection = mysql://compute01:NOVA_DBPASS@localhost/nova?charset=utf8&ssl_ca=/etc/mysql/cacert.pem","title":"MySQL :sql_connection \u7684\u5b57\u7b26\u4e32\u793a\u4f8b\uff1a"},{"location":"security/security-guide/#x509","text":"\u901a\u8fc7\u8981\u6c42\u4f7f\u7528 X.509 \u5ba2\u6237\u7aef\u8bc1\u4e66\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff0c\u53ef\u4ee5\u589e\u5f3a\u5b89\u5168\u6027\u3002\u4ee5\u8fd9\u79cd\u65b9\u5f0f\u5bf9\u6570\u636e\u5e93\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u53ef\u4ee5\u4e3a\u4e0e\u6570\u636e\u5e93\u5efa\u7acb\u8fde\u63a5\u7684\u5ba2\u6237\u7aef\u63d0\u4f9b\u66f4\u597d\u7684\u8eab\u4efd\u4fdd\u8bc1\uff0c\u5e76\u786e\u4fdd\u901a\u4fe1\u662f\u52a0\u5bc6\u7684\u3002","title":"\u4f7f\u7528 X.509 \u8bc1\u4e66\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1"},{"location":"security/security-guide/#1mysql_1","text":"GRANT ALL on dbname.* to 'compute01'@'hostname' IDENTIFIED BY 'NOVA_DBPASS' REQUIRE SUBJECT '/C=XX/ST=YYY/L=ZZZZ/O=cloudycloud/CN=compute01' AND ISSUER '/C=XX/ST=YYY/L=ZZZZ/O=cloudycloud/CN=cloud-ca';","title":"\u914d\u7f6e\u793a\u4f8b #1\uff1a\uff08MySQL\uff09"},{"location":"security/security-guide/#2postgresql_1","text":"hostssl dbname compute01 hostname cert","title":"\u914d\u7f6e\u793a\u4f8b #2\uff1a\uff08PostgreSQL\uff09"},{"location":"security/security-guide/#openstack_13","text":"\u5982\u679c\u6570\u636e\u5e93\u670d\u52a1\u5668\u914d\u7f6e\u4e3a\u9700\u8981 X.509 \u8bc1\u4e66\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff0c\u5219\u9700\u8981\u4e3a\u6570\u636e\u5e93\u540e\u7aef\u6307\u5b9a\u76f8\u5e94\u7684 SQLAlchemy \u67e5\u8be2\u53c2\u6570\u3002\u8fd9\u4e9b\u53c2\u6570\u6307\u5b9a\u7528\u4e8e\u521d\u59cb\u8fde\u63a5\u5b57\u7b26\u4e32\u7684\u8bc1\u4e66\u3001\u79c1\u94a5\u548c\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u4fe1\u606f\u3002 MySQL \u7684 X.509 \u8bc1\u4e66\u8eab\u4efd\u9a8c\u8bc1 :sql_connection \u5b57\u7b26\u4e32\u793a\u4f8b\uff1a sql_connection = mysql://compute01:NOVA_DBPASS@localhost/nova? charset=utf8&ssl_ca = /etc/mysql/cacert.pem&ssl_cert=/etc/mysql/server-cert.pem&ssl_key=/etc/mysql/server-key.pem","title":"OpenStack \u670d\u52a1\u6570\u636e\u5e93\u914d\u7f6e"},{"location":"security/security-guide/#nova-conductor_1","text":"OpenStack Compute \u63d0\u4f9b\u4e86\u4e00\u4e2a\u79f0\u4e3a nova-conductor \u7684\u5b50\u670d\u52a1\uff0c\u7528\u4e8e\u4ee3\u7406\u6570\u636e\u5e93\u8fde\u63a5\uff0c\u5176\u4e3b\u8981\u76ee\u7684\u662f\u8ba9 nova \u8ba1\u7b97\u8282\u70b9\u4e0e nova-conductor \u8fde\u63a5\u4ee5\u6ee1\u8db3\u6570\u636e\u6301\u4e45\u6027\u9700\u6c42\uff0c\u800c\u4e0d\u662f\u76f4\u63a5\u4e0e\u6570\u636e\u5e93\u901a\u4fe1\u3002 Nova-conductor \u901a\u8fc7 RPC \u63a5\u6536\u8bf7\u6c42\u5e76\u4ee3\u8868\u8c03\u7528\u670d\u52a1\u6267\u884c\u64cd\u4f5c\uff0c\u800c\u65e0\u9700\u6388\u4e88\u5bf9\u6570\u636e\u5e93\u3001\u5176\u8868\u6216\u5176\u4e2d\u6570\u636e\u7684\u7cbe\u7ec6\u8bbf\u95ee\u6743\u9650\u3002Nova-conductor \u5b9e\u8d28\u4e0a\u5c06\u76f4\u63a5\u6570\u636e\u5e93\u8bbf\u95ee\u4ece\u8ba1\u7b97\u8282\u70b9\u4e2d\u62bd\u8c61\u51fa\u6765\u3002 \u8fd9\u79cd\u62bd\u8c61\u7684\u4f18\u70b9\u662f\u5c06\u670d\u52a1\u9650\u5236\u4e3a\u4f7f\u7528\u53c2\u6570\u6267\u884c\u65b9\u6cd5\uff0c\u7c7b\u4f3c\u4e8e\u5b58\u50a8\u8fc7\u7a0b\uff0c\u4ece\u800c\u9632\u6b62\u5927\u91cf\u7cfb\u7edf\u76f4\u63a5\u8bbf\u95ee\u6216\u4fee\u6539\u6570\u636e\u5e93\u6570\u636e\u3002\u8fd9\u662f\u5728\u4e0d\u5728\u6570\u636e\u5e93\u672c\u8eab\u7684\u4e0a\u4e0b\u6587\u6216\u8303\u56f4\u5185\u5b58\u50a8\u6216\u6267\u884c\u8fd9\u4e9b\u8fc7\u7a0b\u7684\u60c5\u51b5\u4e0b\u5b8c\u6210\u7684\uff0c\u8fd9\u662f\u5bf9\u5178\u578b\u5b58\u50a8\u8fc7\u7a0b\u7684\u5e38\u89c1\u6279\u8bc4\u3002 \u9057\u61be\u7684\u662f\uff0c\u6b64\u89e3\u51b3\u65b9\u6848\u4f7f\u66f4\u7ec6\u7c92\u5ea6\u7684\u8bbf\u95ee\u63a7\u5236\u548c\u5ba1\u6838\u6570\u636e\u8bbf\u95ee\u7684\u80fd\u529b\u7684\u4efb\u52a1\u590d\u6742\u5316\u3002\u7531\u4e8e nova-conductor \u670d\u52a1\u901a\u8fc7 RPC \u63a5\u6536\u8bf7\u6c42\uff0c\u56e0\u6b64\u5b83\u7a81\u51fa\u4e86\u63d0\u9ad8\u6d88\u606f\u4f20\u9012\u5b89\u5168\u6027\u7684\u91cd\u8981\u6027\u3002\u4efb\u4f55\u6709\u6743\u8bbf\u95ee\u6d88\u606f\u961f\u5217\u7684\u8282\u70b9\u90fd\u53ef\u4ee5\u6267\u884c nova-conductor \u63d0\u4f9b\u7684\u8fd9\u4e9b\u65b9\u6cd5\uff0c\u5e76\u6709\u6548\u5730\u4fee\u6539\u6570\u636e\u5e93\u3002 \u8bf7\u6ce8\u610f\uff0c\u7531\u4e8e nova-conductor \u4ec5\u9002\u7528\u4e8e OpenStack Compute\uff0c\u56e0\u6b64\u5bf9\u4e8e\u5176\u4ed6 OpenStack \u7ec4\u4ef6\uff08\u5982 Telemetry\uff08\u4e91\u9ad8\u8ba1\uff09\u3001\u7f51\u7edc\u548c\u5757\u5b58\u50a8\uff09\u7684\u8fd0\u884c\uff0c\u53ef\u80fd\u4ecd\u7136\u9700\u8981\u4ece\u8ba1\u7b97\u4e3b\u673a\u76f4\u63a5\u8bbf\u95ee\u6570\u636e\u5e93\u3002 \u82e5\u8981\u7981\u7528 nova-conductor\uff0c\u8bf7\u5c06\u4ee5\u4e0b\u5185\u5bb9\u653e\u5165 nova.conf \u6587\u4ef6\u4e2d\uff08\u5728\u8ba1\u7b97\u4e3b\u673a\u4e0a\uff09\uff1a [conductor] use_local = true","title":"Nova-conductor"},{"location":"security/security-guide/#_258","text":"\u672c\u7ae0\u4ecb\u7ecd\u4e0e\u6570\u636e\u5e93\u670d\u52a1\u5668\u4e4b\u95f4\u7684\u7f51\u7edc\u901a\u4fe1\u76f8\u5173\u7684\u95ee\u9898\u3002\u8fd9\u5305\u62ec IP \u5730\u5740\u7ed1\u5b9a\u548c\u4f7f\u7528 TLS \u52a0\u5bc6\u7f51\u7edc\u6d41\u91cf\u3002","title":"\u6570\u636e\u5e93\u4f20\u8f93\u5b89\u5168\u6027"},{"location":"security/security-guide/#ip","text":"\u82e5\u8981\u9694\u79bb\u670d\u52a1\u548c\u6570\u636e\u5e93\u4e4b\u95f4\u7684\u654f\u611f\u6570\u636e\u5e93\u901a\u4fe1\uff0c\u5f3a\u70c8\u5efa\u8bae\u5c06\u6570\u636e\u5e93\u670d\u52a1\u5668\u914d\u7f6e\u4e3a\u4ec5\u5141\u8bb8\u901a\u8fc7\u9694\u79bb\u7684\u7ba1\u7406\u7f51\u7edc\u4e0e\u6570\u636e\u5e93\u8fdb\u884c\u901a\u4fe1\u3002\u8fd9\u662f\u901a\u8fc7\u9650\u5236\u6570\u636e\u5e93\u670d\u52a1\u5668\u4e3a\u4f20\u5165\u5ba2\u6237\u7aef\u8fde\u63a5\u7ed1\u5b9a\u7f51\u7edc\u5957\u63a5\u5b57\u7684\u63a5\u53e3\u6216 IP \u5730\u5740\u6765\u5b9e\u73b0\u7684\u3002","title":"\u6570\u636e\u5e93\u670d\u52a1\u5668 IP \u5730\u5740\u7ed1\u5b9a"},{"location":"security/security-guide/#mysql","text":"\u5728 my.cnf \uff1a [mysqld] ... bind-address <ip address or hostname of management network interface>","title":"\u9650\u5236 MySQL \u7684\u7ed1\u5b9a\u5730\u5740"},{"location":"security/security-guide/#postgresql","text":"\u5728 postgresql.conf \uff1a listen_addresses = <ip address or hostname of management network interface>","title":"\u9650\u5236 PostgreSQL \u7684\u76d1\u542c\u5730\u5740"},{"location":"security/security-guide/#_259","text":"\u9664\u4e86\u5c06\u6570\u636e\u5e93\u901a\u4fe1\u9650\u5236\u4e3a\u7ba1\u7406\u7f51\u7edc\u5916\uff0c\u6211\u4eec\u8fd8\u5f3a\u70c8\u5efa\u8bae\u4e91\u7ba1\u7406\u5458\u5c06\u5176\u6570\u636e\u5e93\u540e\u7aef\u914d\u7f6e\u4e3a\u9700\u8981 TLS\u3002\u5c06 TLS \u7528\u4e8e\u6570\u636e\u5e93\u5ba2\u6237\u7aef\u8fde\u63a5\u53ef\u4fdd\u62a4\u901a\u4fe1\u4e0d\u88ab\u7be1\u6539\u548c\u7a83\u542c\u3002\u6b63\u5982\u4e0b\u4e00\u8282\u5c06\u8ba8\u8bba\u7684\u90a3\u6837\uff0c\u4f7f\u7528 TLS \u8fd8\u63d0\u4f9b\u4e86\u901a\u8fc7 X.509 \u8bc1\u4e66\uff08\u901a\u5e38\u79f0\u4e3a PKI\uff09\u6267\u884c\u6570\u636e\u5e93\u7528\u6237\u8eab\u4efd\u9a8c\u8bc1\u7684\u6846\u67b6\u3002\u4ee5\u4e0b\u662f\u6709\u5173\u5982\u4f55\u4e3a\u4e24\u4e2a\u6d41\u884c\u7684\u6570\u636e\u5e93\u540e\u7aef MySQL \u548c PostgreSQL \u914d\u7f6e TLS \u7684\u6307\u5357\u3002 \u6ce8\u610f \u5b89\u88c5\u8bc1\u4e66\u548c\u5bc6\u94a5\u6587\u4ef6\u65f6\uff0c\u8bf7\u786e\u4fdd\u6587\u4ef6\u6743\u9650\u53d7\u5230\u9650\u5236\uff0c\u4f8b\u5982 `chmod 0600` \uff0c\u6240\u6709\u6743\u9650\u5236\u4e3a\u6570\u636e\u5e93\u5b88\u62a4\u7a0b\u5e8f\u7528\u6237\uff0c\u4ee5\u9632\u6b62\u6570\u636e\u5e93\u670d\u52a1\u5668\u4e0a\u7684\u5176\u4ed6\u8fdb\u7a0b\u548c\u7528\u6237\u8fdb\u884c\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002","title":"\u6570\u636e\u5e93\u4f20\u8f93"},{"location":"security/security-guide/#mysql-ssl","text":"\u5e94\u5728\u7cfb\u7edf\u8303\u56f4\u7684MySQL\u914d\u7f6e\u6587\u4ef6\u4e2d\u6dfb\u52a0\u4ee5\u4e0b\u884c\uff1a \u5728 my.cnf \uff1a [[mysqld]] ... ssl-ca = /path/to/ssl/cacert.pem ssl-cert = /path/to/ssl/server-cert.pem ssl-key = /path/to/ssl/server-key.pem \uff08\u53ef\u9009\uff09\u5982\u679c\u60a8\u5e0c\u671b\u9650\u5236\u7528\u4e8e\u52a0\u5bc6\u8fde\u63a5\u7684 SSL \u5bc6\u7801\u96c6\u3002\u6709\u5173\u5bc6\u7801\u5217\u8868\u548c\u7528\u4e8e\u6307\u5b9a\u5bc6\u7801\u5b57\u7b26\u4e32\u7684\u8bed\u6cd5\uff0c\u8bf7\u53c2\u9605\u5bc6\u7801\uff1a ssl-cipher = 'cipher:list'","title":"MySQL SSL\u914d\u7f6e"},{"location":"security/security-guide/#postgresql-ssl","text":"\u5e94\u5728\u7cfb\u7edf\u8303\u56f4\u7684 PostgreSQL \u914d\u7f6e\u6587\u4ef6\u4e2d\u6dfb\u52a0\u4ee5\u4e0b\u884c\u3002 postgresql.conf ssl = true \uff08\u53ef\u9009\uff09\u5982\u679c\u60a8\u5e0c\u671b\u9650\u5236\u7528\u4e8e\u52a0\u5bc6\u8fde\u63a5\u7684 SSL \u5bc6\u7801\u96c6\u3002\u6709\u5173\u5bc6\u7801\u5217\u8868\u548c\u7528\u4e8e\u6307\u5b9a\u5bc6\u7801\u5b57\u7b26\u4e32\u7684\u8bed\u6cd5\uff0c\u8bf7\u53c2\u9605\u5bc6\u7801\uff1a ssl-ciphers = 'cipher:list' \u670d\u52a1\u5668\u8bc1\u4e66\u3001\u5bc6\u94a5\u548c\u8bc1\u4e66\u9881\u53d1\u673a\u6784 \uff08CA\uff09 \u6587\u4ef6\u5e94\u653e\u5728\u4ee5\u4e0b\u6587\u4ef6\u7684 $PGDATA \u76ee\u5f55\u4e2d\uff1a $PGDATA/server.crt - \u670d\u52a1\u5668\u8bc1\u4e66 $PGDATA/server.key - \u79c1\u94a5\u5bf9\u5e94\u4e8e server.crt $PGDATA/root.crt - \u53ef\u4fe1\u8bc1\u4e66\u9881\u53d1\u673a\u6784 $PGDATA/root.crl - \u8bc1\u4e66\u64a4\u9500\u5217\u8868","title":"PostgreSQL SSL \u914d\u7f6e"},{"location":"security/security-guide/#_260","text":"OpenStack\u65e8\u5728\u652f\u6301\u591a\u79df\u6237\uff0c\u8fd9\u4e9b\u79df\u6237\u5f88\u53ef\u80fd\u6709\u4e0d\u540c\u7684\u6570\u636e\u8981\u6c42\u3002\u4f5c\u4e3a\u4e91\u6784\u5efa\u8005\u6216\u8fd0\u8425\u5546\uff0c\u60a8\u5fc5\u987b\u786e\u4fdd\u60a8\u7684 OpenStack \u73af\u5883\u80fd\u591f\u89e3\u51b3\u6570\u636e\u9690\u79c1\u95ee\u9898\u548c\u6cd5\u89c4\u3002\u5728\u672c\u7ae0\u4e2d\uff0c\u6211\u4eec\u5c06\u8ba8\u8bba\u4e0e OpenStack \u5b9e\u73b0\u76f8\u5173\u7684\u6570\u636e\u9a7b\u7559\u548c\u5904\u7f6e\u3002 \u6570\u636e\u9690\u79c1\u95ee\u9898 \u6570\u636e\u9a7b\u7559 \u6570\u636e\u5904\u7f6e \u6570\u636e\u52a0\u5bc6 \u5377\u52a0\u5bc6 \u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6 \u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61 \u5757\u5b58\u50a8\u6027\u80fd\u548c\u540e\u7aef \u7f51\u7edc\u6570\u636e \u5bc6\u94a5\u7ba1\u7406 \u53c2\u8003\u4e66\u76ee:","title":"\u79df\u6237\u6570\u636e\u9690\u79c1"},{"location":"security/security-guide/#_261","text":"","title":"\u6570\u636e\u9690\u79c1\u95ee\u9898"},{"location":"security/security-guide/#_262","text":"\u5728\u8fc7\u53bb\u51e0\u5e74\u4e2d\uff0c\u6570\u636e\u7684\u9690\u79c1\u548c\u9694\u79bb\u4e00\u76f4\u88ab\u8ba4\u4e3a\u662f\u91c7\u7528\u4e91\u7684\u4e3b\u8981\u969c\u788d\u3002\u8fc7\u53bb\uff0c\u5bf9\u8c01\u62e5\u6709\u4e91\u4e2d\u6570\u636e\u4ee5\u53ca\u4e91\u8fd0\u8425\u5546\u662f\u5426\u53ef\u4ee5\u6700\u7ec8\u4fe1\u4efb\u8fd9\u4e9b\u6570\u636e\u7684\u4fdd\u7ba1\u4eba\u7684\u62c5\u5fe7\u4e00\u76f4\u662f\u91cd\u5927\u95ee\u9898\u3002 \u8bb8\u591a OpenStack \u670d\u52a1\u7ef4\u62a4\u5c5e\u4e8e\u79df\u6237\u7684\u6570\u636e\u548c\u5143\u6570\u636e\u6216\u53c2\u8003\u79df\u6237\u4fe1\u606f\u3002 \u5b58\u50a8\u5728 OpenStack \u4e91\u4e2d\u7684\u79df\u6237\u6570\u636e\u53ef\u80fd\u5305\u62ec\u4ee5\u4e0b\u9879\u76ee\uff1a \u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61 \u8ba1\u7b97\u5b9e\u4f8b\u4e34\u65f6\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8 \u8ba1\u7b97\u5b9e\u4f8b\u5185\u5b58 \u5757\u5b58\u50a8\u5377\u6570\u636e \u7528\u4e8e\u8ba1\u7b97\u8bbf\u95ee\u7684\u516c\u94a5 \u6620\u50cf\u670d\u52a1\u4e2d\u7684\u865a\u62df\u673a\u6620\u50cf \u8ba1\u7b97\u673a\u5feb\u7167 \u4f20\u9012\u7ed9 OpenStack Compute \u7684\u914d\u7f6e\u9a71\u52a8\u5668\u6269\u5c55\u7684\u6570\u636e OpenStack \u4e91\u5b58\u50a8\u7684\u5143\u6570\u636e\u5305\u62ec\u4ee5\u4e0b\u975e\u8be6\u5c3d\u9879\u76ee\uff1a \u7ec4\u7ec7\u540d\u79f0 \u7528\u6237\u7684\u201c\u771f\u5b9e\u59d3\u540d\u201d \u6b63\u5728\u8fd0\u884c\u7684\u5b9e\u4f8b\u3001\u5b58\u50a8\u6876\u3001\u5bf9\u8c61\u3001\u5377\u548c\u5176\u4ed6\u914d\u989d\u76f8\u5173\u9879\u76ee\u7684\u6570\u91cf\u6216\u5927\u5c0f \u8fd0\u884c\u5b9e\u4f8b\u6216\u5b58\u50a8\u6570\u636e\u7684\u5c0f\u65f6\u6570 \u7528\u6237\u7684 IP \u5730\u5740 \u5185\u90e8\u751f\u6210\u7684\u7528\u4e8e\u8ba1\u7b97\u6620\u50cf\u6346\u7ed1\u7684\u79c1\u94a5","title":"\u6570\u636e\u9a7b\u7559"},{"location":"security/security-guide/#_263","text":"OpenStack\u8fd0\u8425\u5546\u5e94\u52aa\u529b\u63d0\u4f9b\u4e00\u5b9a\u7a0b\u5ea6\u7684\u79df\u6237\u6570\u636e\u5904\u7f6e\u4fdd\u8bc1\u3002\u6700\u4f73\u5b9e\u8df5\u5efa\u8bae\u64cd\u4f5c\u5458\u5728\u5904\u7f6e\u3001\u91ca\u653e\u7ec4\u7ec7\u63a7\u5236\u6216\u91ca\u653e\u4ee5\u4f9b\u91cd\u590d\u4f7f\u7528\u4e4b\u524d\u5bf9\u4e91\u7cfb\u7edf\u4ecb\u8d28\uff08\u6570\u5b57\u548c\u975e\u6570\u5b57\uff09\u8fdb\u884c\u6e05\u7406\u3002\u9274\u4e8e\u4fe1\u606f\u7684\u7279\u5b9a\u5b89\u5168\u57df\u548c\u654f\u611f\u6027\uff0c\u6e05\u7406\u65b9\u6cd5\u5e94\u5b9e\u73b0\u9002\u5f53\u7ea7\u522b\u7684\u5f3a\u5ea6\u548c\u5b8c\u6574\u6027\u3002 \u201c\u6e05\u7406\u8fc7\u7a0b\u4f1a\u4ece\u4ecb\u8d28\u4e2d\u5220\u9664\u4fe1\u606f\uff0c\u56e0\u6b64\u65e0\u6cd5\u68c0\u7d22\u6216\u91cd\u5efa\u4fe1\u606f\u3002\u6e05\u7406\u6280\u672f\uff0c\u5305\u62ec\u6e05\u9664\u3001\u6e05\u9664\u3001\u52a0\u5bc6\u64e6\u9664\u548c\u9500\u6bc1\uff0c\u53ef\u9632\u6b62\u5728\u91cd\u590d\u4f7f\u7528\u6216\u91ca\u653e\u5904\u7f6e\u6b64\u7c7b\u4ecb\u8d28\u65f6\u5411\u672a\u7ecf\u6388\u6743\u7684\u4e2a\u4eba\u62ab\u9732\u4fe1\u606f\u3002NIST \u7279\u522b\u51fa\u7248\u7269 800-53 \u4fee\u8ba2\u7248 4 NIST\u5efa\u8bae\u7684\u5b89\u5168\u63a7\u5236\u63aa\u65bd\u4e2d\u91c7\u7528\u7684\u4e00\u822c\u6570\u636e\u5904\u7f6e\u548c\u6e05\u7406\u6307\u5357\u3002\u4e91\u8fd0\u8425\u5546\u5e94\uff1a \u8ddf\u8e2a\u3001\u8bb0\u5f55\u548c\u9a8c\u8bc1\u4ecb\u8d28\u6e05\u7406\u548c\u5904\u7f6e\u64cd\u4f5c\u3002 \u6d4b\u8bd5\u6e05\u7406\u8bbe\u5907\u548c\u7a0b\u5e8f\u4ee5\u9a8c\u8bc1\u5176\u6027\u80fd\u662f\u5426\u6b63\u5e38\u3002 \u5728\u5c06\u4fbf\u643a\u5f0f\u53ef\u79fb\u52a8\u5b58\u50a8\u8bbe\u5907\u8fde\u63a5\u5230\u4e91\u57fa\u7840\u67b6\u6784\u4e4b\u524d\uff0c\u5148\u5bf9\u5176\u8fdb\u884c\u6e05\u7406\u3002 \u9500\u6bc1\u65e0\u6cd5\u6e05\u7406\u7684\u4e91\u7cfb\u7edf\u4ecb\u8d28\u3002 \u5728 OpenStack \u90e8\u7f72\u4e2d\uff0c\u60a8\u9700\u8981\u89e3\u51b3\u4ee5\u4e0b\u95ee\u9898\uff1a \u5b89\u5168\u6570\u636e\u64e6\u9664 \u5b9e\u4f8b\u5185\u5b58\u6e05\u7406 \u5757\u5b58\u50a8\u5377\u6570\u636e \u8ba1\u7b97\u5b9e\u4f8b\u4e34\u65f6\u5b58\u50a8 \u88f8\u673a\u670d\u52a1\u5668\u6e05\u7406","title":"\u6570\u636e\u5904\u7f6e"},{"location":"security/security-guide/#_264","text":"\u5728OpenStack\u4e2d\uff0c\u67d0\u4e9b\u6570\u636e\u53ef\u80fd\u4f1a\u88ab\u5220\u9664\uff0c\u4f46\u5728\u4e0a\u8ff0NIST\u6807\u51c6\u7684\u4e0a\u4e0b\u6587\u4e2d\u4e0d\u4f1a\u88ab\u5b89\u5168\u5220\u9664\u3002\u8fd9\u901a\u5e38\u9002\u7528\u4e8e\u5b58\u50a8\u5728\u6570\u636e\u5e93\u4e2d\u7684\u5927\u591a\u6570\u6216\u5168\u90e8\u4e0a\u8ff0\u5b9a\u4e49\u7684\u5143\u6570\u636e\u548c\u4fe1\u606f\u3002\u8fd9\u53ef\u4ee5\u901a\u8fc7\u6570\u636e\u5e93\u548c/\u6216\u7cfb\u7edf\u914d\u7f6e\u8fdb\u884c\u81ea\u52a8\u5438\u5c18\u548c\u5b9a\u671f\u53ef\u7528\u7a7a\u95f4\u64e6\u9664\u6765\u4fee\u590d\u3002","title":"\u6570\u636e\u672a\u5b89\u5168\u5220\u9664"},{"location":"security/security-guide/#_265","text":"\u7279\u5b9a\u4e8e\u5404\u79cd\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u7684\u662f\u5b9e\u4f8b\u5185\u5b58\u7684\u5904\u7406\u3002OpenStack Compute \u4e2d\u6ca1\u6709\u5b9a\u4e49\u6b64\u884c\u4e3a\uff0c\u5c3d\u7ba1\u901a\u5e38\u671f\u671b hypervisor \u5728\u5220\u9664\u5b9e\u4f8b\u548c/\u6216\u521b\u5efa\u5b9e\u4f8b\u65f6\u5c3d\u6700\u5927\u52aa\u529b\u6e05\u7406\u5185\u5b58\u3002 Xen \u663e\u5f0f\u5730\u4e3a\u5b9e\u4f8b\u5206\u914d\u4e13\u7528\u5185\u5b58\u533a\u57df\uff0c\u5e76\u5728\u5b9e\u4f8b\uff08\u6216 Xen \u672f\u8bed\u4e2d\u7684\u57df\uff09\u9500\u6bc1\u65f6\u6e05\u7406\u6570\u636e\u3002KVM \u5728\u5f88\u5927\u7a0b\u5ea6\u4e0a\u4f9d\u8d56\u4e8e Linux \u9875\u9762\u7ba1\u7406;KVM \u6587\u6863\u4e2d\u5b9a\u4e49\u4e86\u4e00\u7ec4\u4e0e KVM \u5206\u9875\u76f8\u5173\u7684\u590d\u6742\u89c4\u5219\u3002 \u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u4f7f\u7528 Xen \u5185\u5b58\u6c14\u7403\u529f\u80fd\u53ef\u80fd\u4f1a\u5bfc\u81f4\u4fe1\u606f\u6cc4\u9732\u3002\u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\u907f\u514d\u4f7f\u7528\u6b64\u529f\u80fd\u3002 \u5bf9\u4e8e\u8fd9\u4e9b\u548c\u5176\u4ed6\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\uff0c\u6211\u4eec\u5efa\u8bae\u53c2\u8003\u7279\u5b9a\u4e8e\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u7684\u6587\u6863\u3002","title":"\u5b9e\u4f8b\u5185\u5b58\u6e05\u7406"},{"location":"security/security-guide/#cinder","text":"\u5f3a\u70c8\u5efa\u8bae\u4f7f\u7528 OpenStack \u5377\u52a0\u5bc6\u529f\u80fd\u3002\u4e0b\u9762\u201c\u5377\u52a0\u5bc6\u201d\u4e0b\u7684\u201c\u6570\u636e\u52a0\u5bc6\u201d\u90e8\u5206\u5bf9\u6b64\u8fdb\u884c\u4e86\u8ba8\u8bba\u3002\u4f7f\u7528\u6b64\u529f\u80fd\u65f6\uff0c\u901a\u8fc7\u5b89\u5168\u5730\u5220\u9664\u52a0\u5bc6\u5bc6\u94a5\u6765\u5b8c\u6210\u6570\u636e\u9500\u6bc1\u3002\u6700\u7ec8\u7528\u6237\u53ef\u4ee5\u5728\u521b\u5efa\u5377\u65f6\u9009\u62e9\u6b64\u529f\u80fd\uff0c\u4f46\u8bf7\u6ce8\u610f\uff0c\u7ba1\u7406\u5458\u5fc5\u987b\u5148\u6267\u884c\u5377\u52a0\u5bc6\u529f\u80fd\u7684\u4e00\u6b21\u6027\u8bbe\u7f6e\u3002\u6709\u5173\u6b64\u8bbe\u7f6e\u7684\u8bf4\u660e\uff0c\u8bf7\u53c2\u9605\u201c\u914d\u7f6e\u53c2\u8003\u201d\u7684\u201c\u5757\u5b58\u50a8\u201d\u90e8\u5206\u7684\u201c\u5377\u52a0\u5bc6\u201d\u4e0b\u3002 \u5982\u679c\u4e0d\u4f7f\u7528 OpenStack \u5377\u52a0\u5bc6\u529f\u80fd\uff0c\u90a3\u4e48\u5176\u4ed6\u65b9\u6cd5\u901a\u5e38\u66f4\u96be\u542f\u7528\u3002\u5982\u679c\u4f7f\u7528\u540e\u7aef\u63d2\u4ef6\uff0c\u5219\u53ef\u80fd\u5b58\u5728\u72ec\u7acb\u7684\u52a0\u5bc6\u65b9\u6cd5\u6216\u975e\u6807\u51c6\u8986\u76d6\u89e3\u51b3\u65b9\u6848\u3002OpenStack Block Storage \u7684\u63d2\u4ef6\u5c06\u4ee5\u591a\u79cd\u65b9\u5f0f\u5b58\u50a8\u6570\u636e\u3002\u8bb8\u591a\u63d2\u4ef6\u7279\u5b9a\u4e8e\u4f9b\u5e94\u5546\u6216\u6280\u672f\uff0c\u800c\u5176\u4ed6\u63d2\u4ef6\u5219\u66f4\u591a\u5730\u662f\u56f4\u7ed5\u6587\u4ef6\u7cfb\u7edf\uff08\u5982 LVM \u6216 ZFS\uff09\u7684 DIY \u89e3\u51b3\u65b9\u6848\u3002\u5b89\u5168\u9500\u6bc1\u6570\u636e\u7684\u65b9\u6cd5\u56e0\u63d2\u4ef6\u800c\u5f02\uff0c\u56e0\u4f9b\u5e94\u5546\u7684\u89e3\u51b3\u65b9\u6848\u800c\u5f02\uff0c\u4e5f\u56e0\u6587\u4ef6\u7cfb\u7edf\u800c\u5f02\u3002 \u4e00\u4e9b\u540e\u7aef\uff08\u5982 ZFS\uff09\u5c06\u652f\u6301\u5199\u5165\u65f6\u590d\u5236\uff0c\u4ee5\u9632\u6b62\u6570\u636e\u6cc4\u9732\u3002\u5728\u8fd9\u4e9b\u60c5\u51b5\u4e0b\uff0c\u4ece\u672a\u5199\u5165\u5757\u4e2d\u8bfb\u53d6\u5c06\u59cb\u7ec8\u8fd4\u56de\u96f6\u3002\u5176\u4ed6\u540e\u7aef\uff08\u5982 LVM\uff09\u53ef\u80fd\u672c\u8eab\u4e0d\u652f\u6301\u6b64\u529f\u80fd\uff0c\u56e0\u6b64\u5757\u5b58\u50a8\u63d2\u4ef6\u8d1f\u8d23\u5728\u5c06\u4e4b\u524d\u5199\u5165\u7684\u5757\u4ea4\u7ed9\u7528\u6237\u4e4b\u524d\u8986\u76d6\u5b83\u4eec\u3002\u8bf7\u52a1\u5fc5\u67e5\u770b\u6240\u9009\u5377\u540e\u7aef\u63d0\u4f9b\u54ea\u4e9b\u4fdd\u8bc1\uff0c\u5e76\u67e5\u770b\u54ea\u4e9b\u4e2d\u4ecb\u53ef\u7528\u4e8e\u672a\u63d0\u4f9b\u7684\u4fdd\u8bc1\u3002","title":"Cinder \u5377\u6570\u636e"},{"location":"security/security-guide/#_266","text":"OpenStack \u955c\u50cf\u670d\u52a1\u5177\u6709\u5ef6\u8fdf\u5220\u9664\u529f\u80fd\uff0c\u8be5\u529f\u80fd\u5c06\u5728\u5b9a\u4e49\u7684\u65f6\u95f4\u6bb5\u5185\u7b49\u5f85\u955c\u50cf\u7684\u5220\u9664\u3002\u5982\u679c\u5b58\u5728\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u901a\u8fc7\u7f16\u8f91 etc/glance/glance-api.conf \u6587\u4ef6\u5e76\u5c06 delayed_delete \u9009\u9879\u8bbe\u7f6e\u4e3a False \u6765\u7981\u7528\u6b64\u529f\u80fd\u3002","title":"\u955c\u50cf\u670d\u52a1\u5ef6\u65f6\u5220\u9664\u529f\u80fd"},{"location":"security/security-guide/#_267","text":"OpenStack Compute \u5177\u6709\u8f6f\u5220\u9664\u529f\u80fd\uff0c\u8be5\u529f\u80fd\u4f7f\u88ab\u5220\u9664\u7684\u5b9e\u4f8b\u5728\u5b9a\u4e49\u7684\u65f6\u95f4\u6bb5\u5185\u5904\u4e8e\u8f6f\u5220\u9664\u72b6\u6001\u3002\u5b9e\u4f8b\u53ef\u4ee5\u5728\u6b64\u65f6\u95f4\u6bb5\u5185\u6062\u590d\u3002\u82e5\u8981\u7981\u7528\u8f6f\u5220\u9664\u529f\u80fd\uff0c\u8bf7\u7f16\u8f91 etc/nova/nova.conf \u6587\u4ef6\u5e76\u5c06\u8be5 reclaim_instance_interval \u9009\u9879\u7559\u7a7a\u3002","title":"\u8ba1\u7b97\u8f6f\u5220\u9664\u529f\u80fd"},{"location":"security/security-guide/#_268","text":"\u8bf7\u6ce8\u610f\uff0cOpenStack \u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\u529f\u80fd\u63d0\u4f9b\u4e86\u4e00\u79cd\u6539\u8fdb\u4e34\u65f6\u5b58\u50a8\u9690\u79c1\u548c\u9694\u79bb\u7684\u65b9\u6cd5\uff0c\u65e0\u8bba\u662f\u5728\u4e3b\u52a8\u4f7f\u7528\u671f\u95f4\u8fd8\u662f\u5728\u9500\u6bc1\u6570\u636e\u65f6\u3002\u4e0e\u52a0\u5bc6\u5757\u5b58\u50a8\u4e00\u6837\uff0c\u53ea\u9700\u5220\u9664\u52a0\u5bc6\u5bc6\u94a5\u5373\u53ef\u6709\u6548\u5730\u9500\u6bc1\u6570\u636e\u3002 \u5728\u521b\u5efa\u548c\u9500\u6bc1\u4e34\u65f6\u5b58\u50a8\u65f6\uff0c\u63d0\u4f9b\u6570\u636e\u9690\u79c1\u7684\u66ff\u4ee3\u63aa\u65bd\u5c06\u5728\u4e00\u5b9a\u7a0b\u5ea6\u4e0a\u53d6\u51b3\u4e8e\u6240\u9009\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u548c OpenStack \u8ba1\u7b97\u63d2\u4ef6\u3002 \u7528\u4e8e\u8ba1\u7b97\u7684 libvirt \u63d2\u4ef6\u53ef\u4ee5\u76f4\u63a5\u5728\u6587\u4ef6\u7cfb\u7edf\u4e0a\u6216 LVM \u4e2d\u7ef4\u62a4\u4e34\u65f6\u5b58\u50a8\u3002\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u901a\u5e38\u4e0d\u4f1a\u5728\u5220\u9664\u6570\u636e\u65f6\u8986\u76d6\u6570\u636e\uff0c\u4f46\u53ef\u4ee5\u4fdd\u8bc1\u4e0d\u4f1a\u5411\u7528\u6237\u63d0\u4f9b\u810f\u76d8\u533a\u3002 \u5f53\u4f7f\u7528 LVM \u652f\u6301\u7684\u57fa\u4e8e\u5757\u7684\u4e34\u65f6\u5b58\u50a8\u65f6\uff0cOpenStack \u8ba1\u7b97\u8f6f\u4ef6\u5fc5\u987b\u5b89\u5168\u5730\u64e6\u9664\u5757\u4ee5\u9632\u6b62\u4fe1\u606f\u6cc4\u9732\u3002\u8fc7\u53bb\u66fe\u5b58\u5728\u4e0e\u4e0d\u5f53\u64e6\u9664\u7684\u4e34\u65f6\u5757\u5b58\u50a8\u8bbe\u5907\u76f8\u5173\u7684\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002 \u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u5bf9\u4e8e\u4e34\u65f6\u5757\u5b58\u50a8\u8bbe\u5907\u6765\u8bf4\u662f\u4e00\u79cd\u6bd4 LVM \u66f4\u5b89\u5168\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u56e0\u4e3a\u65e0\u6cd5\u4e3a\u7528\u6237\u63d0\u4f9b\u810f\u76d8\u533a\u3002\u4f46\u662f\uff0c\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u7528\u6237\u6570\u636e\u4e0d\u4f1a\u88ab\u7834\u574f\uff0c\u56e0\u6b64\u5efa\u8bae\u5bf9\u540e\u5907\u6587\u4ef6\u7cfb\u7edf\u8fdb\u884c\u52a0\u5bc6\u3002","title":"\u8ba1\u7b97\u5b9e\u4f8b\u4e34\u65f6\u5b58\u50a8"},{"location":"security/security-guide/#_269","text":"\u7528\u4e8e\u8ba1\u7b97\u7684\u88f8\u673a\u670d\u52a1\u5668\u9a71\u52a8\u7a0b\u5e8f\u6b63\u5728\u5f00\u53d1\u4e2d\uff0c\u6b64\u540e\u5df2\u8f6c\u79fb\u5230\u4e00\u4e2a\u540d\u4e3a ironic \u7684\u5355\u72ec\u9879\u76ee\u4e2d\u3002\u5728\u64b0\u5199\u672c\u6587\u65f6\uff0c\u5177\u6709\u8bbd\u523a\u610f\u5473\u7684\u662f\uff0c\u4f3c\u4e4e\u6ca1\u6709\u89e3\u51b3\u9a7b\u7559\u5728\u7269\u7406\u786c\u4ef6\u4e2d\u7684\u79df\u6237\u6570\u636e\u7684\u6e05\u7406\u95ee\u9898\u3002 \u6b64\u5916\uff0c\u88f8\u673a\u7cfb\u7edf\u7684\u79df\u6237\u53ef\u4ee5\u4fee\u6539\u7cfb\u7edf\u56fa\u4ef6\u3002\u5b89\u5168\u5f15\u5bfc\u4e2d\u6240\u8ff0\u7684 TPM \u6280\u672f\u63d0\u4f9b\u4e86\u4e00\u79cd\u7528\u4e8e\u68c0\u6d4b\u672a\u7ecf\u6388\u6743\u7684\u56fa\u4ef6\u66f4\u6539\u7684\u89e3\u51b3\u65b9\u6848\u3002","title":"\u88f8\u673a\u670d\u52a1\u5668\u6e05\u7406"},{"location":"security/security-guide/#_270","text":"\u8be5\u9009\u9879\u53ef\u4f9b\u5b9e\u65bd\u8005\u52a0\u5bc6\u79df\u6237\u6570\u636e\uff0c\u65e0\u8bba\u8fd9\u4e9b\u6570\u636e\u5b58\u50a8\u5728\u78c1\u76d8\u4e0a\u6216\u901a\u8fc7\u7f51\u7edc\u4f20\u8f93\uff0c\u4f8b\u5982\u4e0b\u9762\u63cf\u8ff0\u7684 OpenStack \u5377\u52a0\u5bc6\u529f\u80fd\u3002\u8fd9\u8d85\u51fa\u4e86\u7528\u6237\u5728\u5c06\u81ea\u5df1\u7684\u6570\u636e\u53d1\u9001\u7ed9\u63d0\u4f9b\u5546\u4e4b\u524d\u52a0\u5bc6\u81ea\u5df1\u7684\u6570\u636e\u7684\u4e00\u822c\u5efa\u8bae\u3002 \u4ee3\u8868\u79df\u6237\u52a0\u5bc6\u6570\u636e\u7684\u91cd\u8981\u6027\u5f88\u5927\u7a0b\u5ea6\u4e0a\u4e0e\u63d0\u4f9b\u5546\u627f\u62c5\u7684\u653b\u51fb\u8005\u53ef\u80fd\u8bbf\u95ee\u79df\u6237\u6570\u636e\u7684\u98ce\u9669\u6709\u5173\u3002\u653f\u5e9c\u53ef\u80fd\u6709\u8981\u6c42\uff0c\u4e5f\u6709\u6bcf\u4e2a\u7b56\u7565\u7684\u8981\u6c42\uff0c\u79c1\u6709\u5408\u540c\uff0c\u751a\u81f3\u4e0e\u516c\u5171\u4e91\u63d0\u4f9b\u5546\u7684\u79c1\u6709\u5408\u540c\u6709\u5173\u7684\u5224\u4f8b\u6cd5\u3002\u5efa\u8bae\u5728\u9009\u62e9\u79df\u6237\u52a0\u5bc6\u7b56\u7565\u4e4b\u524d\u8fdb\u884c\u98ce\u9669\u8bc4\u4f30\u548c\u6cd5\u5f8b\u987e\u95ee\u3002 \u6309\u5b9e\u4f8b\u6216\u6309\u5bf9\u8c61\u52a0\u5bc6\u6bd4\u6309\u9879\u76ee\u3001\u6309\u79df\u6237\u3001\u6309\u4e3b\u673a\u548c\u6309\u4e91\u805a\u5408\u964d\u5e8f\u8fdb\u884c\u52a0\u5bc6\u66f4\u53ef\u53d6\u3002\u8fd9\u9879\u5efa\u8bae\u4e0e\u5b9e\u65bd\u7684\u590d\u6742\u6027\u548c\u96be\u5ea6\u76f8\u53cd\u3002\u76ee\u524d\uff0c\u5728\u67d0\u4e9b\u9879\u76ee\u4e2d\uff0c\u5f88\u96be\u6216\u4e0d\u53ef\u80fd\u5b9e\u73b0\u50cf\u6bcf\u4e2a\u79df\u6237\u4e00\u6837\u677e\u6563\u7684\u52a0\u5bc6\u3002\u6211\u4eec\u5efa\u8bae\u5b9e\u73b0\u8005\u5c3d\u6700\u5927\u52aa\u529b\u52a0\u5bc6\u79df\u6237\u6570\u636e\u3002 \u901a\u5e38\uff0c\u6570\u636e\u52a0\u5bc6\u4e0e\u53ef\u9760\u5730\u9500\u6bc1\u79df\u6237\u548c\u6bcf\u4e2a\u5b9e\u4f8b\u6570\u636e\u7684\u80fd\u529b\u5448\u6b63\u76f8\u5173\uff0c\u53ea\u9700\u4e22\u5f03\u5bc6\u94a5\u5373\u53ef\u3002\u5e94\u8be5\u6307\u51fa\u7684\u662f\uff0c\u5728\u8fd9\u6837\u505a\u65f6\uff0c\u4ee5\u53ef\u9760\u548c\u5b89\u5168\u7684\u65b9\u5f0f\u9500\u6bc1\u8fd9\u4e9b\u5bc6\u94a5\u53d8\u5f97\u975e\u5e38\u91cd\u8981\u3002 Opportunities to encrypt data for users are present: \u5b58\u5728\u4e3a\u7528\u6237\u52a0\u5bc6\u6570\u636e\u7684\u673a\u4f1a\uff1a \u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61 \u7f51\u7edc\u6570\u636e","title":"\u6570\u636e\u52a0\u5bc6"},{"location":"security/security-guide/#_271","text":"OpenStack \u4e2d\u7684\u5377\u52a0\u5bc6\u529f\u80fd\u652f\u6301\u57fa\u4e8e\u6bcf\u4e2a\u79df\u6237\u7684\u9690\u79c1\u4fdd\u62a4\u3002\u4ece Kilo \u7248\u672c\u5f00\u59cb\uff0c\u652f\u6301\u4ee5\u4e0b\u529f\u80fd\uff1a \u521b\u5efa\u548c\u4f7f\u7528\u52a0\u5bc6\u5377\u7c7b\u578b\uff0c\u901a\u8fc7\u4eea\u8868\u677f\u6216\u547d\u4ee4\u884c\u754c\u9762\u542f\u52a8 \u542f\u7528\u52a0\u5bc6\u5e76\u9009\u62e9\u52a0\u5bc6\u7b97\u6cd5\u548c\u5bc6\u94a5\u5927\u5c0f\u7b49\u53c2\u6570 iSCSI \u6570\u636e\u5305\u4e2d\u5305\u542b\u7684\u5377\u6570\u636e\u5df2\u52a0\u5bc6 \u5982\u679c\u539f\u59cb\u5377\u5df2\u52a0\u5bc6\uff0c\u5219\u652f\u6301\u52a0\u5bc6\u5907\u4efd \u4eea\u8868\u677f\u6307\u793a\u5377\u52a0\u5bc6\u72b6\u6001\u3002\u5305\u62ec\u5377\u5df2\u52a0\u5bc6\u7684\u6307\u793a\uff0c\u5e76\u5305\u62ec\u7b97\u6cd5\u548c\u5bc6\u94a5\u5927\u5c0f\u7b49\u52a0\u5bc6\u53c2\u6570 \u901a\u8fc7\u5b89\u5168\u5305\u88c5\u5668\u4e0e\u5bc6\u94a5\u7ba1\u7406\u670d\u52a1\u4ea4\u4e92 \u540e\u7aef\u5bc6\u94a5\u5b58\u50a8\u652f\u6301\u5377\u52a0\u5bc6\uff0c\u4ee5\u589e\u5f3a\u5b89\u5168\u6027\uff08\u4f8b\u5982\uff0c\u786c\u4ef6\u5b89\u5168\u6a21\u5757 \uff08HSM\uff09 \u6216 KMIP \u670d\u52a1\u5668\u53ef\u7528\u4f5c barbican \u540e\u7aef\u5bc6\u94a5\u5b58\u50a8\uff09","title":"\u5377\u52a0\u5bc6"},{"location":"security/security-guide/#_272","text":"\u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\u529f\u80fd\u53ef\u89e3\u51b3\u6570\u636e\u9690\u79c1\u95ee\u9898\u3002\u4e34\u65f6\u78c1\u76d8\u662f\u865a\u62df\u4e3b\u673a\u64cd\u4f5c\u7cfb\u7edf\u4f7f\u7528\u7684\u4e34\u65f6\u5de5\u4f5c\u7a7a\u95f4\u3002\u5982\u679c\u4e0d\u52a0\u5bc6\uff0c\u53ef\u4ee5\u5728\u6b64\u78c1\u76d8\u4e0a\u8bbf\u95ee\u654f\u611f\u7684\u7528\u6237\u4fe1\u606f\uff0c\u5e76\u4e14\u5728\u5378\u8f7d\u78c1\u76d8\u540e\u53ef\u80fd\u4f1a\u4fdd\u7559\u6b8b\u7559\u4fe1\u606f\u3002\u4ece Kilo \u7248\u672c\u5f00\u59cb\uff0c\u652f\u6301\u4ee5\u4e0b\u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\u529f\u80fd\uff1a \u521b\u5efa\u548c\u4f7f\u7528\u52a0\u5bc6\u7684 LVM \u4e34\u65f6\u78c1\u76d8\uff08\u6ce8\u610f\uff1a\u76ee\u524d OpenStack \u8ba1\u7b97\u670d\u52a1\u4ec5\u652f\u6301 LVM \u683c\u5f0f\u7684\u52a0\u5bc6\u4e34\u65f6\u78c1\u76d8\uff09 \u8ba1\u7b97\u914d\u7f6e \uff0c nova.conf \u5728\u201c[ephemeral_storage_encryption]\u201d\u90e8\u5206\u4e2d\u5177\u6709\u4ee5\u4e0b\u9ed8\u8ba4\u53c2\u6570 \u9009\u9879\uff1a\u201c\u5bc6\u7801 = AES-XTS-plain64\u201d \u6b64\u5b57\u6bb5\u8bbe\u7f6e\u7528\u4e8e\u52a0\u5bc6\u4e34\u65f6\u5b58\u50a8\u7684\u5bc6\u7801\u548c\u6a21\u5f0f\u3002NIST\u5efa\u8bae\u5c06AES-XTS\u4e13\u95e8\u7528\u4e8e\u78c1\u76d8\u5b58\u50a8\uff0c\u8be5\u540d\u79f0\u662f\u4f7f\u7528XTS\u52a0\u5bc6\u6a21\u5f0f\u7684AES\u52a0\u5bc6\u7684\u7b80\u5199\u3002\u53ef\u7528\u7684\u5bc6\u7801\u53d6\u51b3\u4e8e\u5185\u6838\u652f\u6301\u3002\u5728\u547d\u4ee4\u884c\u4e2d\uff0c\u8f93\u5165\u201ccryptsetup benchmark\u201d\u4ee5\u786e\u5b9a\u53ef\u7528\u9009\u9879\uff08\u5e76\u67e5\u770b\u57fa\u51c6\u6d4b\u8bd5\u7ed3\u679c\uff09\uff0c\u6216\u8f6c\u5230 /proc/crypto \u9009\u9879\uff1a 'enabled = false' \u8981\u4f7f\u7528\u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\uff0c\u8bf7\u8bbe\u7f6e\u9009\u9879\uff1a\u201cenabled = true\u201d \u9009\u9879\uff1a\u201ckey_size = 512\u201d \u8bf7\u6ce8\u610f\uff0c\u540e\u7aef\u5bc6\u94a5\u7ba1\u7406\u5668\u53ef\u80fd\u5b58\u5728\u5bc6\u94a5\u5927\u5c0f\u9650\u5236\uff0c\u53ef\u80fd\u9700\u8981\u4f7f\u7528\u201ckey_size = 256\u201d\uff0c\u8fd9\u4ec5\u63d0\u4f9b 128 \u4f4d\u7684 AES \u5bc6\u94a5\u5927\u5c0f\u3002\u9664\u4e86 AES \u6240\u9700\u7684\u52a0\u5bc6\u5bc6\u94a5\u5916\uff0cXTS \u8fd8\u9700\u8981\u81ea\u5df1\u7684\u201c\u8c03\u6574\u5bc6\u94a5\u201d\u3002\u8fd9\u901a\u5e38\u8868\u793a\u4e3a\u5355\u4e2a\u5927\u952e\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u4f7f\u7528 512 \u4f4d\u8bbe\u7f6e\uff0cAES \u5c06\u4f7f\u7528 256 \u4f4d\uff0cXTS \u5c06\u4f7f\u7528 256 \u4f4d\u3002\uff08\u89c1NIST\uff09 \u901a\u8fc7\u5b89\u5168\u5305\u88c5\u5668\u4e0e\u5bc6\u94a5\u7ba1\u7406\u670d\u52a1\u4ea4\u4e92 \u5bc6\u94a5\u7ba1\u7406\u670d\u52a1\u5c06\u901a\u8fc7\u4e3a\u6bcf\u4e2a\u79df\u6237\u63d0\u4f9b\u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\u5bc6\u94a5\u6765\u652f\u6301\u6570\u636e\u9694\u79bb \u540e\u7aef\u5bc6\u94a5\u5b58\u50a8\u652f\u6301\u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\uff0c\u4ee5\u589e\u5f3a\u5b89\u5168\u6027\uff08\u4f8b\u5982\uff0cHSM \u6216 KMIP \u670d\u52a1\u5668\u53ef\u7528\u4f5c barbican \u540e\u7aef\u5bc6\u94a5\u5b58\u50a8\uff09 \u4f7f\u7528\u5bc6\u94a5\u7ba1\u7406\u670d\u52a1\u65f6\uff0c\u5f53\u4e0d\u518d\u9700\u8981\u4e34\u65f6\u78c1\u76d8\u65f6\uff0c\u53ea\u9700\u5220\u9664\u5bc6\u94a5\u5373\u53ef\u53d6\u4ee3\u8986\u76d6\u4e34\u65f6\u78c1\u76d8\u5b58\u50a8\u533a\u57df","title":"\u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6"},{"location":"security/security-guide/#_273","text":"\u5bf9\u8c61\u5b58\u50a8 \uff08swift\uff09 \u652f\u6301\u5bf9\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u9759\u6001\u5bf9\u8c61\u6570\u636e\u8fdb\u884c\u53ef\u9009\u52a0\u5bc6\u3002\u5bf9\u8c61\u6570\u636e\u7684\u52a0\u5bc6\u65e8\u5728\u964d\u4f4e\u5728\u672a\u7ecf\u6388\u6743\u7684\u4e00\u65b9\u83b7\u5f97\u5bf9\u78c1\u76d8\u7684\u7269\u7406\u8bbf\u95ee\u6743\u9650\u65f6\u8bfb\u53d6\u7528\u6237\u6570\u636e\u7684\u98ce\u9669\u3002 \u9759\u6001\u6570\u636e\u52a0\u5bc6\u7531\u4e2d\u95f4\u4ef6\u5b9e\u73b0\uff0c\u4e2d\u95f4\u4ef6\u53ef\u80fd\u5305\u542b\u5728\u4ee3\u7406\u670d\u52a1\u5668 WSGI \u7ba1\u9053\u4e2d\u3002\u8be5\u529f\u80fd\u662f swift \u96c6\u7fa4\u5185\u90e8\u7684\uff0c\u4e0d\u901a\u8fc7 API \u516c\u5f00\u3002\u5ba2\u6237\u7aef\u4e0d\u77e5\u9053 swift \u670d\u52a1\u5185\u90e8\u7684\u6b64\u529f\u80fd\u5bf9\u6570\u636e\u8fdb\u884c\u4e86\u52a0\u5bc6;\u5185\u90e8\u52a0\u5bc6\u7684\u6570\u636e\u4e0d\u5e94\u901a\u8fc7 swift API \u8fd4\u56de\u7ed9\u5ba2\u6237\u7aef\u3002 \u4ee5\u4e0b\u6570\u636e\u5728 swift \u4e2d\u9759\u6001\u65f6\u88ab\u52a0\u5bc6\uff1a \u5bf9\u8c61\u5185\u5bb9\u3002\u4f8b\u5982\uff0c\u5bf9\u8c61 PUT \u8bf7\u6c42\u6b63\u6587\u7684\u5185\u5bb9 \u5177\u6709\u975e\u96f6\u5185\u5bb9\u7684\u5bf9\u8c61\u7684\u5b9e\u4f53\u6807\u8bb0 \uff08ETag\uff09 \u6240\u6709\u81ea\u5b9a\u4e49\u7528\u6237\u5bf9\u8c61\u5143\u6570\u636e\u503c\u3002\u4f8b\u5982\uff0c\u4f7f\u7528 X-Object-Meta- \u5e26\u6709 PUT \u6216 POST \u8bf7\u6c42\u7684\u524d\u7f00\u6807\u5934\u53d1\u9001\u7684\u5143\u6570\u636e \u4e0a\u8ff0\u5217\u8868\u4e2d\u672a\u5305\u542b\u7684\u4efb\u4f55\u6570\u636e\u6216\u5143\u6570\u636e\u5747\u672a\u52a0\u5bc6\uff0c\u5305\u62ec\uff1a \u5e10\u6237\u3001\u5bb9\u5668\u548c\u5bf9\u8c61\u540d\u79f0 \u5e10\u6237\u548c\u5bb9\u5668\u81ea\u5b9a\u4e49\u7528\u6237\u5143\u6570\u636e\u503c \u6240\u6709\u81ea\u5b9a\u4e49\u7528\u6237\u5143\u6570\u636e\u540d\u79f0 \u5bf9\u8c61\u5185\u5bb9\u7c7b\u578b\u503c \u5bf9\u8c61\u5927\u5c0f \u7cfb\u7edf\u5143\u6570\u636e \u6709\u5173\u5bf9\u8c61\u5b58\u50a8\u52a0\u5bc6\u7684\u90e8\u7f72\u3001\u64cd\u4f5c\u6216\u5b9e\u65bd\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u6709\u5173\u5bf9\u8c61\u52a0\u5bc6\u7684 swift \u5f00\u53d1\u4eba\u5458\u6587\u6863\u3002","title":"\u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61"},{"location":"security/security-guide/#_274","text":"\u542f\u7528\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u53ef\u4ee5\u4f7f\u7528 Intel \u548c AMD \u5904\u7406\u5668\u4e2d\u5f53\u524d\u53ef\u7528\u7684\u786c\u4ef6\u52a0\u901f\u529f\u80fd\u6765\u589e\u5f3a OpenStack Volume Encryption \u6027\u80fd\u3002OpenStack \u5377\u52a0\u5bc6\u529f\u80fd\u548c OpenStack \u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\u529f\u80fd\u90fd\u7528\u4e8e dm-crypt \u4fdd\u62a4\u5377\u6570\u636e\u3002 dm-crypt \u662f Linux \u5185\u6838\u7248\u672c 2.6 \u53ca\u66f4\u9ad8\u7248\u672c\u4e2d\u7684\u900f\u660e\u78c1\u76d8\u52a0\u5bc6\u529f\u80fd\u3002\u542f\u7528\u5377\u52a0\u5bc6\u540e\uff0c\u52a0\u5bc6\u6570\u636e\u5c06\u901a\u8fc7 iSCSI \u53d1\u9001\u5230\u5757\u5b58\u50a8\uff0c\u4ece\u800c\u540c\u65f6\u4fdd\u62a4\u4f20\u8f93\u4e2d\u7684\u6570\u636e\u548c\u9759\u6001\u6570\u636e\u3002\u4f7f\u7528\u786c\u4ef6\u52a0\u901f\u65f6\uff0c\u8fd9\u4e24\u79cd\u52a0\u5bc6\u529f\u80fd\u5bf9\u6027\u80fd\u7684\u5f71\u54cd\u90fd\u4f1a\u964d\u5230\u6700\u4f4e\u3002 \u867d\u7136\u6211\u4eec\u5efa\u8bae\u4f7f\u7528 OpenStack \u5377\u52a0\u5bc6\u529f\u80fd\uff0c\u4f46\u5757\u5b58\u50a8\u652f\u6301\u591a\u79cd\u66ff\u4ee3\u540e\u7aef\u6765\u63d0\u4f9b\u53ef\u6302\u8f7d\u5377\uff0c\u5176\u4e2d\u4e00\u4e9b\u8fd8\u53ef\u80fd\u63d0\u4f9b\u5377\u52a0\u5bc6\u3002\u7531\u4e8e\u540e\u7aef\u5982\u6b64\u4e4b\u591a\uff0c\u5e76\u4e14\u5fc5\u987b\u4ece\u6bcf\u4e2a\u4f9b\u5e94\u5546\u5904\u83b7\u53d6\u4fe1\u606f\uff0c\u56e0\u6b64\u6307\u5b9a\u5728\u4efb\u4f55\u4e00\u4e2a\u4f9b\u5e94\u5546\u4e2d\u5b9e\u65bd\u52a0\u5bc6\u7684\u5efa\u8bae\u8d85\u51fa\u4e86\u672c\u6307\u5357\u7684\u8303\u56f4\u3002","title":"\u5757\u5b58\u50a8\u6027\u80fd\u548c\u540e\u7aef"},{"location":"security/security-guide/#_275","text":"\u8ba1\u7b97\u7684\u79df\u6237\u6570\u636e\u53ef\u4ee5\u901a\u8fc7 IPsec \u6216\u5176\u4ed6\u96a7\u9053\u8fdb\u884c\u52a0\u5bc6\u3002\u8fd9\u5728OpenStack\u4e2d\u5e76\u4e0d\u5e38\u89c1\u6216\u6807\u51c6\uff0c\u4f46\u5bf9\u4e8e\u6709\u52a8\u529b\u548c\u611f\u5174\u8da3\u7684\u5b9e\u73b0\u8005\u6765\u8bf4\uff0c\u8fd9\u662f\u4e00\u4e2a\u9009\u9879\u3002 \u540c\u6837\uff0c\u52a0\u5bc6\u6570\u636e\u5728\u901a\u8fc7\u7f51\u7edc\u4f20\u8f93\u65f6\u5c06\u4fdd\u6301\u52a0\u5bc6\u72b6\u6001\u3002","title":"\u7f51\u7edc\u6570\u636e"},{"location":"security/security-guide/#_276","text":"\u4e3a\u4e86\u89e3\u51b3\u7ecf\u5e38\u63d0\u5230\u7684\u79df\u6237\u6570\u636e\u9690\u79c1\u548c\u9650\u5236\u4e91\u63d0\u4f9b\u5546\u8d23\u4efb\u7684\u95ee\u9898\uff0cOpenStack\u793e\u533a\u5bf9\u4f7f\u6570\u636e\u52a0\u5bc6\u66f4\u52a0\u666e\u904d\u7684\u5174\u8da3\u8d8a\u6765\u8d8a\u5927\u3002\u5bf9\u4e8e\u6700\u7ec8\u7528\u6237\u6765\u8bf4\uff0c\u5728\u5c06\u6570\u636e\u4fdd\u5b58\u5230\u4e91\u4e4b\u524d\u5bf9\u5176\u8fdb\u884c\u52a0\u5bc6\u76f8\u5bf9\u5bb9\u6613\uff0c\u8fd9\u662f\u79df\u6237\u5bf9\u8c61\uff08\u5982\u5a92\u4f53\u6587\u4ef6\u3001\u6570\u636e\u5e93\u5b58\u6863\u7b49\uff09\u7684\u53ef\u884c\u8def\u5f84\u3002\u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\uff0c\u5ba2\u6237\u7aef\u52a0\u5bc6\u7528\u4e8e\u52a0\u5bc6\u865a\u62df\u5316\u6280\u672f\u4fdd\u5b58\u7684\u6570\u636e\uff0c\u8fd9\u9700\u8981\u5ba2\u6237\u7aef\u4ea4\u4e92\uff08\u4f8b\u5982\u63d0\u4f9b\u5bc6\u94a5\uff09\u6765\u89e3\u5bc6\u6570\u636e\u4ee5\u4f9b\u5c06\u6765\u4f7f\u7528\u3002\u4e3a\u4e86\u65e0\u7f1d\u5730\u4fdd\u62a4\u6570\u636e\u5e76\u4f7f\u5176\u53ef\u8bbf\u95ee\uff0c\u800c\u65e0\u9700\u7ed9\u5ba2\u6237\u5e26\u6765\u7ba1\u7406\u5176\u5bc6\u94a5\u7684\u8d1f\u62c5\uff0c\u5e76\u4ee5\u4ea4\u4e92\u65b9\u5f0f\u5411\u4ed6\u4eec\u63d0\u4f9b OpenStack \u4e2d\u7684\u5bc6\u94a5\u7ba1\u7406\u670d\u52a1\u3002\u4f5c\u4e3aOpenStack\u7684\u4e00\u90e8\u5206\uff0c\u63d0\u4f9b\u52a0\u5bc6\u548c\u5bc6\u94a5\u7ba1\u7406\u670d\u52a1\u53ef\u4ee5\u7b80\u5316\u9759\u6001\u6570\u636e\u5b89\u5168\u91c7\u7528\uff0c\u5e76\u89e3\u51b3\u5ba2\u6237\u5bf9\u9690\u79c1\u6216\u6570\u636e\u6ee5\u7528\u7684\u62c5\u5fe7\uff0c\u540c\u65f6\u4e5f\u9650\u5236\u4e86\u4e91\u63d0\u4f9b\u5546\u7684\u8d23\u4efb\u3002\u8fd9\u6709\u52a9\u4e8e\u51cf\u5c11\u63d0\u4f9b\u5546\u5728\u591a\u79df\u6237\u516c\u6709\u4e91\u4e2d\u7684\u4e8b\u4ef6\u8c03\u67e5\u671f\u95f4\u5904\u7406\u79df\u6237\u6570\u636e\u65f6\u7684\u8d23\u4efb\u3002 \u5377\u52a0\u5bc6\u548c\u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\u529f\u80fd\u4f9d\u8d56\u4e8e\u5bc6\u94a5\u7ba1\u7406\u670d\u52a1\uff08\u4f8b\u5982\uff0cbarbican\uff09\u6765\u521b\u5efa\u548c\u5b89\u5168\u5b58\u50a8\u5bc6\u94a5\u3002\u5bc6\u94a5\u7ba1\u7406\u5668\u662f\u53ef\u63d2\u5165\u7684\uff0c\u4ee5\u65b9\u4fbf\u9700\u8981\u7b2c\u4e09\u65b9\u786c\u4ef6\u5b89\u5168\u6a21\u5757 \uff08HSM\uff09 \u6216\u4f7f\u7528\u5bc6\u94a5\u7ba1\u7406\u4ea4\u6362\u534f\u8bae \uff08KMIP\uff09 \u7684\u90e8\u7f72\uff0c\u8be5\u534f\u8bae\u7531\u540d\u4e3a PyKMIP \u7684\u5f00\u6e90\u9879\u76ee\u652f\u6301\u3002","title":"\u5bc6\u94a5\u7ba1\u7406"},{"location":"security/security-guide/#_277","text":"OpenStack.org\uff0c\u6b22\u8fce\u6765\u5230 barbican \u7684\u5f00\u53d1\u8005\u6587\u6863\uff012014\u3002Barbican \u5f00\u53d1\u8005\u6587\u6863 oasis-open.org\uff0cOASIS \u5bc6\u94a5\u7ba1\u7406\u4e92\u64cd\u4f5c\u6027\u534f\u8bae \uff08KMIP\uff09\u30022014\u5e74\u3002KMIP PyKMIP \u5e93 \u673a\u5bc6\u7ba1\u7406 \u673a\u5bc6\u7ba1\u7406","title":"\u53c2\u8003\u4e66\u76ee\uff1a"},{"location":"security/security-guide/#_278","text":"\u5728\u865a\u62df\u5316\u73af\u5883\u4e2d\u8fd0\u884c\u5b9e\u4f8b\u7684\u4f18\u70b9\u4e4b\u4e00\u662f\uff0c\u5b83\u4e3a\u5b89\u5168\u63a7\u5236\u5f00\u8f9f\u4e86\u65b0\u7684\u673a\u4f1a\uff0c\u800c\u8fd9\u4e9b\u63a7\u5236\u5728\u90e8\u7f72\u5230\u88f8\u673a\u4e0a\u65f6\u901a\u5e38\u4e0d\u53ef\u7528\u3002\u6709\u51e0\u79cd\u6280\u672f\u53ef\u4ee5\u5e94\u7528\u4e8e\u865a\u62df\u5316\u5806\u6808\uff0c\u4e3a\u4e91\u79df\u6237\u5e26\u6765\u66f4\u597d\u7684\u4fe1\u606f\u4fdd\u969c\u3002 \u5177\u6709\u5f3a\u70c8\u5b89\u5168\u8981\u6c42\u7684 OpenStack \u90e8\u7f72\u4eba\u5458\u6216\u7528\u6237\u53ef\u80fd\u9700\u8981\u8003\u8651\u90e8\u7f72\u8fd9\u4e9b\u6280\u672f\u3002\u5e76\u975e\u6240\u6709\u60c5\u51b5\u90fd\u9002\u7528\u3002\u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\uff0c\u7531\u4e8e\u89c4\u8303\u6027\u4e1a\u52a1\u9700\u6c42\uff0c\u53ef\u80fd\u4f1a\u6392\u9664\u5728\u4e91\u4e2d\u4f7f\u7528\u6280\u672f\u3002\u540c\u6837\uff0c\u67d0\u4e9b\u6280\u672f\u4f1a\u68c0\u67e5\u5b9e\u4f8b\u6570\u636e\uff0c\u4f8b\u5982\u8fd0\u884c\u72b6\u6001\uff0c\u8fd9\u5bf9\u7cfb\u7edf\u7528\u6237\u6765\u8bf4\u53ef\u80fd\u662f\u4e0d\u5e0c\u671b\u7684\u3002 \u5728\u672c\u7ae0\u4e2d\uff0c\u6211\u4eec\u5c06\u63a2\u8ba8\u8fd9\u4e9b\u6280\u672f\uff0c\u5e76\u63cf\u8ff0\u5b83\u4eec\u53ef\u7528\u4e8e\u589e\u5f3a\u5b9e\u4f8b\u6216\u5e95\u5c42\u5b9e\u4f8b\u5b89\u5168\u6027\u7684\u60c5\u51b5\u3002\u6211\u4eec\u8fd8\u8bd5\u56fe\u5f3a\u8c03\u53ef\u80fd\u5b58\u5728\u9690\u79c1\u95ee\u9898\u7684\u5730\u65b9\u3002\u8fd9\u4e9b\u5305\u62ec\u6570\u636e\u4f20\u9012\u3001\u5185\u7701\u6216\u63d0\u4f9b\u71b5\u6e90\u3002\u5728\u672c\u8282\u4e2d\uff0c\u6211\u4eec\u5c06\u91cd\u70b9\u4ecb\u7ecd\u4ee5\u4e0b\u9644\u52a0\u5b89\u5168\u670d\u52a1\uff1a \u5b9e\u4f8b\u7684\u71b5 \u5c06\u5b9e\u4f8b\u8c03\u5ea6\u5230\u8282\u70b9 \u53d7\u4fe1\u4efb\u7684\u6620\u50cf \u5b9e\u4f8b\u8fc1\u79fb \u76d1\u63a7\u3001\u8b66\u62a5\u548c\u62a5\u544a \u66f4\u65b0\u548c\u8865\u4e01 \u9632\u706b\u5899\u548c\u5176\u4ed6\u57fa\u4e8e\u4e3b\u673a\u7684\u5b89\u5168\u63a7\u5236 \u5b9e\u4f8b\u7684\u5b89\u5168\u670d\u52a1 \u5b9e\u4f8b\u7684\u71b5 \u5c06\u5b9e\u4f8b\u8c03\u5ea6\u5230\u8282\u70b9 \u53d7\u4fe1\u4efb\u7684\u6620\u50cf \u5b9e\u4f8b\u8fc1\u79fb \u76d1\u63a7\u3001\u8b66\u62a5\u548c\u62a5\u544a \u66f4\u65b0\u548c\u8865\u4e01 \u9632\u706b\u5899\u548c\u5176\u4ed6\u57fa\u4e8e\u4e3b\u673a\u7684\u5b89\u5168\u63a7\u5236","title":"\u5b9e\u4f8b\u5b89\u5168\u7ba1\u7406"},{"location":"security/security-guide/#_279","text":"","title":"\u5b9e\u4f8b\u7684\u5b89\u5168\u670d\u52a1"},{"location":"security/security-guide/#_280","text":"\u6211\u4eec\u8ba4\u4e3a\u71b5\u662f\u6307\u5b9e\u4f8b\u53ef\u7528\u7684\u968f\u673a\u6570\u636e\u7684\u8d28\u91cf\u548c\u6765\u6e90\u3002\u52a0\u5bc6\u6280\u672f\u901a\u5e38\u4e25\u91cd\u4f9d\u8d56\u968f\u673a\u6027\uff0c\u9700\u8981\u9ad8\u8d28\u91cf\u7684\u71b5\u6c60\u624d\u80fd\u4ece\u4e2d\u6c72\u53d6\u3002\u865a\u62df\u673a\u901a\u5e38\u5f88\u96be\u83b7\u5f97\u8db3\u591f\u7684\u71b5\u6765\u652f\u6301\u8fd9\u4e9b\u64cd\u4f5c\uff0c\u8fd9\u79f0\u4e3a\u71b5\u9965\u997f\u3002\u71b5\u9965\u997f\u53ef\u4ee5\u8868\u73b0\u4e3a\u770b\u4f3c\u65e0\u5173\u7684\u4e8b\u60c5\u3002\u4f8b\u5982\uff0c\u542f\u52a8\u65f6\u95f4\u6162\u53ef\u80fd\u662f\u7531\u4e8e\u5b9e\u4f8b\u7b49\u5f85 ssh \u5bc6\u94a5\u751f\u6210\u9020\u6210\u7684\u3002\u71b5\u9965\u997f\u8fd8\u53ef\u80fd\u4fc3\u4f7f\u7528\u6237\u5728\u5b9e\u4f8b\u4e2d\u4f7f\u7528\u8d28\u91cf\u8f83\u5dee\u7684\u71b5\u6e90\uff0c\u4ece\u800c\u4f7f\u5728\u4e91\u4e2d\u8fd0\u884c\u7684\u5e94\u7528\u7a0b\u5e8f\u6574\u4f53\u5b89\u5168\u6027\u964d\u4f4e\u3002 \u5e78\u8fd0\u7684\u662f\uff0c\u4e91\u67b6\u6784\u5e08\u53ef\u4ee5\u901a\u8fc7\u4e3a\u4e91\u5b9e\u4f8b\u63d0\u4f9b\u9ad8\u8d28\u91cf\u7684\u71b5\u6e90\u6765\u89e3\u51b3\u8fd9\u4e9b\u95ee\u9898\u3002\u8fd9\u53ef\u4ee5\u901a\u8fc7\u5728\u4e91\u4e2d\u62e5\u6709\u8db3\u591f\u7684\u786c\u4ef6\u968f\u673a\u6570\u751f\u6210\u5668 \uff08HRNG\uff09 \u6765\u652f\u6301\u5b9e\u4f8b\u6765\u5b9e\u73b0\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u201c\u8db3\u591f\u201d\u5728\u67d0\u79cd\u7a0b\u5ea6\u4e0a\u662f\u7279\u5b9a\u4e8e\u57df\u7684\u3002\u5bf9\u4e8e\u65e5\u5e38\u64cd\u4f5c\uff0c\u73b0\u4ee3 HRNG \u53ef\u80fd\u4f1a\u4ea7\u751f\u8db3\u591f\u7684\u71b5\u6765\u652f\u6301 50-100 \u4e2a\u8ba1\u7b97\u8282\u70b9\u3002\u9ad8\u5e26\u5bbd HRNG\uff08\u4f8b\u5982\u82f1\u7279\u5c14 Ivy Bridge \u548c\u66f4\u65b0\u7684\u5904\u7406\u5668\u63d0\u4f9b\u7684 RdRand \u6307\u4ee4\uff09\u53ef\u80fd\u4f1a\u5904\u7406\u66f4\u591a\u8282\u70b9\u3002\u5bf9\u4e8e\u7ed9\u5b9a\u7684\u4e91\uff0c\u67b6\u6784\u5e08\u9700\u8981\u4e86\u89e3\u5e94\u7528\u7a0b\u5e8f\u8981\u6c42\uff0c\u4ee5\u786e\u4fdd\u6709\u8db3\u591f\u7684\u71b5\u53ef\u7528\u3002 Virtio RNG \u662f\u4e00\u4e2a\u968f\u673a\u6570\u751f\u6210\u5668\uff0c\u9ed8\u8ba4\u60c5\u51b5\u4e0b\u7528\u4f5c /dev/random \u71b5\u6e90\uff0c\u4f46\u53ef\u4ee5\u914d\u7f6e\u4e3a\u4f7f\u7528\u786c\u4ef6 RNG \u6216\u71b5\u6536\u96c6\u5b88\u62a4\u7a0b\u5e8f \uff08EGD\uff09 \u7b49\u5de5\u5177\uff0c\u4ee5\u63d0\u4f9b\u4e00\u79cd\u901a\u8fc7\u5206\u5e03\u5f0f\u7cfb\u7edf\u516c\u5e73\u5b89\u5168\u5730\u5206\u914d\u71b5\u7684\u65b9\u6cd5\u3002Virtio RNG \u662f\u4f7f\u7528\u7528\u4e8e\u521b\u5efa\u5b9e\u4f8b\u7684\u5143\u6570\u636e\u7684 hw_rng \u5c5e\u6027\u542f\u7528\u7684\u3002","title":"\u5b9e\u4f8b\u7684\u71b5"},{"location":"security/security-guide/#_281","text":"\u5728\u521b\u5efa\u5b9e\u4f8b\u4e4b\u524d\uff0c\u5fc5\u987b\u9009\u62e9\u7528\u4e8e\u955c\u50cf\u5b9e\u4f8b\u5316\u7684\u4e3b\u673a\u3002\u6b64\u9009\u62e9\u7531 nova-scheduler \u786e\u5b9a\u5982\u4f55\u5206\u6d3e\u8ba1\u7b97\u548c\u5377\u8bf7\u6c42\u7684 \u6267\u884c\u3002 \u8fd9\u662f FilterScheduler OpenStack Compute\u7684\u9ed8\u8ba4\u8c03\u5ea6\u7a0b\u5e8f\uff0c\u5c3d\u7ba1\u5b58\u5728\u5176\u4ed6\u8c03\u5ea6\u7a0b\u5e8f\uff08\u8bf7\u53c2\u9605 OpenStack Configuration Reference \u4e2d\u7684 Scheduling \u90e8\u5206\uff09\u3002\u8fd9\u4e0e\u201c\u8fc7\u6ee4\u5668\u63d0\u793a\u201d\u534f\u540c\u5de5\u4f5c\uff0c\u4ee5\u51b3\u5b9a\u5b9e\u4f8b\u7684\u542f\u52a8\u4f4d\u7f6e\u3002\u6b64\u4e3b\u673a\u9009\u62e9\u8fc7\u7a0b\u5141\u8bb8\u7ba1\u7406\u5458\u6ee1\u8db3\u8bb8\u591a\u4e0d\u540c\u7684\u5b89\u5168\u6027\u548c\u5408\u89c4\u6027\u8981\u6c42\u3002\u4f8b\u5982\uff0c\u6839\u636e\u4e91\u90e8\u7f72\u7c7b\u578b\uff0c\u5982\u679c\u6570\u636e\u9694\u79bb\u662f\u4e3b\u8981\u95ee\u9898\uff0c\u5219\u53ef\u4ee5\u9009\u62e9\u5c3d\u53ef\u80fd\u8ba9\u79df\u6237\u5b9e\u4f8b\u9a7b\u7559\u5728\u76f8\u540c\u7684\u4e3b\u673a\u4e0a\u3002\u76f8\u53cd\uff0c\u51fa\u4e8e\u53ef\u7528\u6027\u6216\u5bb9\u9519\u539f\u56e0\uff0c\u53ef\u4ee5\u5c1d\u8bd5\u5c06\u79df\u6237\u7684\u5b9e\u4f8b\u9a7b\u7559\u5728\u5c3d\u53ef\u80fd\u591a\u7684\u4e0d\u540c\u4e3b\u673a\u4e0a\u3002 \u7b5b\u9009\u5668\u8ba1\u5212\u7a0b\u5e8f\u5206\u4e3a\u56db\u5927\u7c7b\uff1a \u57fa\u4e8e\u8d44\u6e90\u7684\u7b5b\u9009\u5668 \u8fd9\u4e9b\u7b5b\u9009\u5668\u5c06\u6839\u636e\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u4e3b\u673a\u96c6\u7684\u5229\u7528\u7387\u521b\u5efa\u5b9e\u4f8b\uff0c\u5e76\u53ef\u4ee5\u5728\u53ef\u7528\u6216\u4f7f\u7528\u7684\u5c5e\u6027\uff08\u5982 RAM\u3001IO \u6216 CPU \u5229\u7528\u7387\uff09\u4e0a\u89e6\u53d1\u3002 \u57fa\u4e8e\u6620\u50cf\u7684\u8fc7\u6ee4\u5668 \u8fd9\u5c06\u6839\u636e\u4f7f\u7528\u7684\u6620\u50cf\uff08\u4f8b\u5982 VM \u7684\u64cd\u4f5c\u7cfb\u7edf\u6216\u4f7f\u7528\u7684\u6620\u50cf\u7c7b\u578b\uff09\u59d4\u6d3e\u5b9e\u4f8b\u521b\u5efa\u3002 \u57fa\u4e8e\u73af\u5883\u7684\u8fc7\u6ee4\u5668 \u6b64\u7b5b\u9009\u5668\u5c06\u57fa\u4e8e\u5916\u90e8\u8be6\u7ec6\u4fe1\u606f\u521b\u5efa\u5b9e\u4f8b\uff0c\u4f8b\u5982\u5728\u7279\u5b9a IP \u8303\u56f4\u5185\u3001\u8de8\u53ef\u7528\u533a\u6216\u4e0e\u5176\u4ed6\u5b9e\u4f8b\u4f4d\u4e8e\u540c\u4e00\u4e3b\u673a\u4e0a\u3002 \u81ea\u5b9a\u4e49\u6761\u4ef6 \u6b64\u7b5b\u9009\u5668\u5c06\u6839\u636e\u7528\u6237\u6216\u7ba1\u7406\u5458\u63d0\u4f9b\u7684\u6761\u4ef6\uff08\u5982\u4fe1\u4efb\u6216\u5143\u6570\u636e\u5206\u6790\uff09\u59d4\u6d3e\u5b9e\u4f8b\u521b\u5efa\u3002 \u53ef\u4ee5\u540c\u65f6\u5e94\u7528\u591a\u4e2a\u7b5b\u9009\u5668\uff0c\u4f8b\u5982\uff0c\u7b5b\u9009\u5668\u7528\u4e8e\u786e\u4fdd\u5728\u4e00\u7ec4\u7279\u5b9a\u4e3b\u673a\u7684\u6210\u5458\u4e0a\u521b\u5efa\u5b9e\u4f8b\uff0c\u4ee5\u53ca ServerGroupAntiAffinity \u7528\u4e8e\u786e\u4fdd\u4e0d\u4f1a\u5728\u53e6\u4e00\u7ec4\u7279\u5b9a\u4e3b\u673a\u4e0a\u521b\u5efa\u540c\u4e00\u5b9e\u4f8b\u7684\u7b5b\u9009\u5668 ServerGroupAffinity \u3002\u5e94\u4ed4\u7ec6\u5206\u6790\u8fd9\u4e9b\u7b5b\u9009\u5668\uff0c\u4ee5\u786e\u4fdd\u5b83\u4eec\u4e0d\u4f1a\u76f8\u4e92\u51b2\u7a81\uff0c\u5e76\u5bfc\u81f4\u963b\u6b62\u521b\u5efa\u5b9e\u4f8b\u7684\u89c4\u5219\u3002 GroupAffinity \u548c GroupAntiAffinity \u7b5b\u9009\u5668\u51b2\u7a81\uff0c\u4e0d\u5e94\u540c\u65f6\u542f\u7528\u3002 \u7b5b\u9009\u5668 DiskFilter \u80fd\u591f\u8d85\u989d\u8ba2\u9605\u78c1\u76d8\u7a7a\u95f4\u3002\u867d\u7136\u901a\u5e38\u4e0d\u662f\u95ee\u9898\uff0c\u4f46\u5bf9\u4e8e\u7cbe\u7b80\u9884\u914d\u7684\u5b58\u50a8\u8bbe\u5907\u6765\u8bf4\uff0c\u8fd9\u53ef\u80fd\u662f\u4e00\u4e2a\u95ee\u9898\uff0c\u5e76\u4e14\u6b64\u7b5b\u9009\u5668\u5e94\u4e0e\u5e94\u7528\u7ecf\u8fc7\u5145\u5206\u6d4b\u8bd5\u7684\u914d\u989d\u4e00\u8d77\u4f7f\u7528\u3002 \u6211\u4eec\u5efa\u8bae\u60a8\u7981\u7528\u8fc7\u6ee4\u5668\uff0c\u8fd9\u4e9b\u8fc7\u6ee4\u5668\u53ef\u4ee5\u5206\u6790\u7528\u6237\u63d0\u4f9b\u7684\u5185\u5bb9\u6216\u53ef\u64cd\u4f5c\u7684\u5185\u5bb9\uff0c\u4f8b\u5982\u5143\u6570\u636e\u3002","title":"\u5c06\u5b9e\u4f8b\u8c03\u5ea6\u5230\u8282\u70b9"},{"location":"security/security-guide/#_282","text":"\u5728\u4e91\u73af\u5883\u4e2d\uff0c\u7528\u6237\u4f7f\u7528\u9884\u5b89\u88c5\u7684\u6620\u50cf\u6216\u4ed6\u4eec\u81ea\u5df1\u4e0a\u4f20\u7684\u6620\u50cf\u3002\u5728\u8fd9\u4e24\u79cd\u60c5\u51b5\u4e0b\uff0c\u7528\u6237\u90fd\u5e94\u8be5\u80fd\u591f\u786e\u4fdd\u4ed6\u4eec\u6b63\u5728\u4f7f\u7528\u7684\u56fe\u50cf\u6ca1\u6709\u88ab\u7be1\u6539\u3002\u9a8c\u8bc1\u56fe\u50cf\u7684\u80fd\u529b\u662f\u5b89\u5168\u6027\u7684\u57fa\u672c\u8981\u6c42\u3002\u4ece\u6620\u50cf\u6e90\u5230\u4f7f\u7528\u6620\u50cf\u7684\u76ee\u6807\u9700\u8981\u4fe1\u4efb\u94fe\u3002\u8fd9\u53ef\u4ee5\u901a\u8fc7\u5bf9\u4ece\u53d7\u4fe1\u4efb\u6765\u6e90\u83b7\u53d6\u7684\u6620\u50cf\u8fdb\u884c\u7b7e\u540d\u5e76\u5728\u4f7f\u7528\u524d\u9a8c\u8bc1\u7b7e\u540d\u6765\u5b9e\u73b0\u3002\u4e0b\u9762\u5c06\u8ba8\u8bba\u83b7\u53d6\u548c\u521b\u5efa\u5df2\u9a8c\u8bc1\u56fe\u50cf\u7684\u5404\u79cd\u65b9\u6cd5\uff0c\u7136\u540e\u4ecb\u7ecd\u56fe\u50cf\u7b7e\u540d\u9a8c\u8bc1\u529f\u80fd\u3002","title":"\u53ef\u4fe1\u955c\u50cf"},{"location":"security/security-guide/#_283","text":"OpenStack \u6587\u6863\u63d0\u4f9b\u4e86\u6709\u5173\u5982\u4f55\u521b\u5efa\u6620\u50cf\u5e76\u5c06\u5176\u4e0a\u4f20\u5230\u6620\u50cf\u670d\u52a1\u7684\u6307\u5bfc\u3002\u6b64\u5916\uff0c\u5047\u5b9a\u60a8\u6709\u4e00\u4e2a\u5b89\u88c5\u548c\u5f3a\u5316\u64cd\u4f5c\u7cfb\u7edf\u7684\u8fc7\u7a0b\u3002\u56e0\u6b64\uff0c\u4ee5\u4e0b\u5404\u9879\u5c06\u63d0\u4f9b\u6709\u5173\u5982\u4f55\u786e\u4fdd\u5c06\u6620\u50cf\u5b89\u5168\u5730\u4f20\u8f93\u5230 OpenStack \u4e2d\u7684\u989d\u5916\u6307\u5bfc\u3002\u6709\u591a\u79cd\u9009\u9879\u53ef\u7528\u4e8e\u83b7\u53d6\u56fe\u50cf\u3002\u6bcf\u4e2a\u6b65\u9aa4\u90fd\u6709\u7279\u5b9a\u7684\u6b65\u9aa4\uff0c\u6709\u52a9\u4e8e\u9a8c\u8bc1\u56fe\u50cf\u7684\u51fa\u5904\u3002 \u7b2c\u4e00\u4e2a\u9009\u9879\u662f\u4ece\u53d7\u4fe1\u4efb\u7684\u6765\u6e90\u83b7\u53d6\u542f\u52a8\u5a92\u4f53\u3002 $ mkdir -p /tmp/download_directorycd /tmp/download_directory $ wget http://mirror.anl.gov/pub/ubuntu-iso/CDs/precise/ubuntu-12.04.2-server-amd64.iso $ wget http://mirror.anl.gov/pub/ubuntu-iso/CDs/precise/SHA256SUMS $ wget http://mirror.anl.gov/pub/ubuntu-iso/CDs/precise/SHA256SUMS.gpg $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xFBB75451 $ gpg --verify SHA256SUMS.gpg SHA256SUMSsha256sum -c SHA256SUMS 2>&1 | grep OK \u7b2c\u4e8c\u79cd\u9009\u62e9\u662f\u4f7f\u7528 OpenStack \u865a\u62df\u673a\u6620\u50cf\u6307\u5357\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u60a8\u9700\u8981\u9075\u5faa\u7ec4\u7ec7\u7684\u64cd\u4f5c\u7cfb\u7edf\u5f3a\u5316\u51c6\u5219\u6216\u53d7\u4fe1\u4efb\u7684\u7b2c\u4e09\u65b9\uff08\u5982 Linux STIG\uff09\u63d0\u4f9b\u7684\u51c6\u5219\u3002 \u6700\u540e\u4e00\u79cd\u9009\u62e9\u662f\u4f7f\u7528\u81ea\u52a8\u6620\u50cf\u751f\u6210\u5668\u3002\u4ee5\u4e0b\u793a\u4f8b\u4f7f\u7528 Oz \u6620\u50cf\u751f\u6210\u5668\u3002OpenStack \u793e\u533a\u6700\u8fd1\u521b\u5efa\u4e86\u4e00\u4e2a\u503c\u5f97\u7814\u7a76\u7684\u65b0\u5de5\u5177\uff1adisk-image-builder\u3002\u6211\u4eec\u5c1a\u672a\u4ece\u5b89\u5168\u89d2\u5ea6\u8bc4\u4f30\u6b64\u5de5\u5177\u3002 RHEL 6 CCE-26976-1 \u793a\u4f8b\uff0c\u8fd9\u5c06\u6709\u52a9\u4e8e\u5728 OZ \u4e2d\u5b9e\u65bd NIST 800-53 \u7b2c AC-19\uff08d\uff09\u8282\u3002 <template> <name>centos64</name> <os> <name>RHEL-6</name> <version>4</version> <arch>x86_64</arch> <install type='iso'> <iso>http://trusted_local_iso_mirror/isos/x86_64/RHEL-6.4-x86_64-bin-DVD1.iso</iso> </install> <rootpw>CHANGE THIS TO YOUR ROOT PASSWORD</rootpw> </os> <description>RHEL 6.4 x86_64</description> <repositories> <repository name='epel-6'> <url>http://download.fedoraproject.org/pub/epel/6/$basearch</url> <signed>no</signed> </repository> </repositories> <packages> <package name='epel-release'/> <package name='cloud-utils'/> <package name='cloud-init'/> </packages> <commands> <command name='update'> yum update yum clean all rm -rf /var/log/yum sed -i '/^HWADDR/d' /etc/sysconfig/network-scripts/ifcfg-eth0 echo -n > /etc/udev/rules.d/70-persistent-net.rules echo -n > /lib/udev/rules.d/75-persistent-net-generator.rules chkconfig --level 0123456 autofs off service autofs stop </command> </commands> </template> \u5efa\u8bae\u907f\u514d\u624b\u52a8\u6620\u50cf\u6784\u5efa\u8fc7\u7a0b\uff0c\u56e0\u4e3a\u5b83\u5f88\u590d\u6742\u4e14\u5bb9\u6613\u51fa\u9519\u3002\u6b64\u5916\uff0c\u4f7f\u7528 Oz \u7b49\u81ea\u52a8\u5316\u7cfb\u7edf\u8fdb\u884c\u6620\u50cf\u6784\u5efa\uff0c\u6216\u4f7f\u7528 Chef \u6216 Puppet \u7b49\u914d\u7f6e\u7ba1\u7406\u5b9e\u7528\u7a0b\u5e8f\u8fdb\u884c\u542f\u52a8\u540e\u6620\u50cf\u5f3a\u5316\uff0c\u4f7f\u60a8\u80fd\u591f\u751f\u6210\u4e00\u81f4\u7684\u6620\u50cf\uff0c\u5e76\u8ddf\u8e2a\u57fa\u7840\u6620\u50cf\u5728\u4e00\u6bb5\u65f6\u95f4\u5185\u662f\u5426\u7b26\u5408\u5176\u5404\u81ea\u7684\u5f3a\u5316\u51c6\u5219\u3002 \u5982\u679c\u8ba2\u9605\u516c\u6709\u4e91\u670d\u52a1\uff0c\u5219\u5e94\u4e0e\u4e91\u63d0\u4f9b\u5546\u8054\u7cfb\uff0c\u4e86\u89e3\u7528\u4e8e\u751f\u6210\u5176\u9ed8\u8ba4\u6620\u50cf\u7684\u8fc7\u7a0b\u7684\u6982\u8ff0\u3002\u5982\u679c\u63d0\u4f9b\u5546\u5141\u8bb8\u60a8\u4e0a\u4f20\u81ea\u5df1\u7684\u6620\u50cf\uff0c\u5219\u9700\u8981\u786e\u4fdd\u5728\u4f7f\u7528\u6620\u50cf\u521b\u5efa\u5b9e\u4f8b\u4e4b\u524d\u80fd\u591f\u9a8c\u8bc1\u6620\u50cf\u662f\u5426\u672a\u88ab\u4fee\u6539\u3002\u4e3a\u6b64\uff0c\u8bf7\u53c2\u9605\u4ee5\u4e0b\u6709\u5173\u56fe\u50cf\u7b7e\u540d\u9a8c\u8bc1\u7684\u90e8\u5206\uff0c\u5982\u679c\u65e0\u6cd5\u4f7f\u7528\u7b7e\u540d\uff0c\u8bf7\u53c2\u9605\u4ee5\u4e0b\u6bb5\u843d\u3002 \u6620\u50cf\u4ece\u8282\u70b9\u4e0a\u7684\u6620\u50cf\u670d\u52a1\u4f20\u8f93\u5230\u8ba1\u7b97\u670d\u52a1\u3002\u5e94\u901a\u8fc7\u901a\u8fc7 TLS \u8fd0\u884c\u6765\u4fdd\u62a4\u6b64\u4f20\u8f93\u3002\u6620\u50cf\u4f4d\u4e8e\u8282\u70b9\u4e0a\u540e\uff0c\u5c06\u4f7f\u7528\u57fa\u672c\u6821\u9a8c\u548c\u5bf9\u5176\u8fdb\u884c\u9a8c\u8bc1\uff0c\u7136\u540e\u6839\u636e\u8981\u542f\u52a8\u7684\u5b9e\u4f8b\u7684\u5927\u5c0f\u6269\u5c55\u5176\u78c1\u76d8\u3002\u5982\u679c\u7a0d\u540e\u5728\u6b64\u8282\u70b9\u4e0a\u4ee5\u76f8\u540c\u7684\u5b9e\u4f8b\u5927\u5c0f\u542f\u52a8\u540c\u4e00\u6620\u50cf\uff0c\u5219\u4f1a\u4ece\u540c\u4e00\u6269\u5c55\u6620\u50cf\u542f\u52a8\u8be5\u6620\u50cf\u3002\u7531\u4e8e\u6b64\u6269\u5c55\u6620\u50cf\u5728\u542f\u52a8\u524d\u9ed8\u8ba4\u4e0d\u4f1a\u91cd\u65b0\u9a8c\u8bc1\uff0c\u56e0\u6b64\u5b83\u53ef\u80fd\u5df2\u88ab\u7be1\u6539\u3002\u9664\u975e\u5728\u751f\u6210\u7684\u6620\u50cf\u4e2d\u5bf9\u6587\u4ef6\u6267\u884c\u624b\u52a8\u68c0\u67e5\uff0c\u5426\u5219\u7528\u6237\u4e0d\u4f1a\u610f\u8bc6\u5230\u7be1\u6539\u3002","title":"\u955c\u50cf\u521b\u5efa\u8fc7\u7a0b"},{"location":"security/security-guide/#_284","text":"OpenStack \u4e2d\u73b0\u5728\u63d0\u4f9b\u4e86\u4e00\u4e9b\u4e0e\u6620\u50cf\u7b7e\u540d\u76f8\u5173\u7684\u529f\u80fd\u3002\u4ece Mitaka \u7248\u672c\u5f00\u59cb\uff0c\u6620\u50cf\u670d\u52a1\u53ef\u4ee5\u9a8c\u8bc1\u8fd9\u4e9b\u5df2\u7b7e\u540d\u7684\u6620\u50cf\uff0c\u5e76\u4e14\u4e3a\u4e86\u63d0\u4f9b\u5b8c\u6574\u7684\u4fe1\u4efb\u94fe\uff0c\u8ba1\u7b97\u670d\u52a1\u53ef\u4ee5\u9009\u62e9\u5728\u6620\u50cf\u542f\u52a8\u4e4b\u524d\u6267\u884c\u6620\u50cf\u7b7e\u540d\u9a8c\u8bc1\u3002\u5728\u6620\u50cf\u542f\u52a8\u4e4b\u524d\u6210\u529f\u8fdb\u884c\u7b7e\u540d\u9a8c\u8bc1\u53ef\u786e\u4fdd\u5df2\u7b7e\u540d\u7684\u6620\u50cf\u672a\u66f4\u6539\u3002\u542f\u7528\u6b64\u529f\u80fd\u540e\uff0c\u53ef\u4ee5\u68c0\u6d4b\u5230\u672a\u7ecf\u6388\u6743\u7684\u6620\u50cf\u4fee\u6539\uff08\u4f8b\u5982\uff0c\u4fee\u6539\u6620\u50cf\u4ee5\u5305\u542b\u6076\u610f\u8f6f\u4ef6\u6216 rootkit\uff09\u3002 \u7ba1\u7406\u5458\u53ef\u4ee5\u901a\u8fc7\u5728\u6587\u4ef6\u4e2d\u5c06 verify_glance_signatures \u6807\u5fd7\u8bbe\u7f6e\u4e3a\u6765 True \u542f\u7528\u5b9e\u4f8b\u7b7e\u540d /etc/nova/nova.conf \u9a8c\u8bc1\u3002\u542f\u7528\u540e\uff0c\u8ba1\u7b97\u670d\u52a1\u4f1a\u5728\u4ece\u5f71\u50cf\u670d\u52a1\u68c0\u7d22\u7b7e\u540d\u5b9e\u4f8b\u65f6\u81ea\u52a8\u5bf9\u5176\u8fdb\u884c\u9a8c\u8bc1\u3002\u5982\u679c\u6b64\u9a8c\u8bc1\u5931\u8d25\uff0c\u5219\u4e0d\u4f1a\u542f\u52a8\u3002\u300aOpenStack \u64cd\u4f5c\u6307\u5357\u300b\u63d0\u4f9b\u4e86\u6709\u5173\u5982\u4f55\u521b\u5efa\u548c\u4e0a\u4f20\u7b7e\u540d\u6620\u50cf\u4ee5\u53ca\u5982\u4f55\u4f7f\u7528\u6b64\u529f\u80fd\u7684\u6307\u5bfc\u3002\u6709\u5173\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u300a\u64cd\u4f5c\u6307\u5357\u300b\u4e2d\u7684\u6dfb\u52a0\u7b7e\u540d\u6620\u50cf\u3002","title":"\u6620\u50cf\u7b7e\u540d\u9a8c\u8bc1"},{"location":"security/security-guide/#_285","text":"OpenStack \u548c\u5e95\u5c42\u865a\u62df\u5316\u5c42\u63d0\u4f9b\u5728 OpenStack \u8282\u70b9\u4e4b\u95f4\u5b9e\u65f6\u8fc1\u79fb\u6620\u50cf\uff0c\u4f7f\u60a8\u80fd\u591f\u65e0\u7f1d\u5730\u6267\u884c OpenStack \u8ba1\u7b97\u8282\u70b9\u7684\u6eda\u52a8\u5347\u7ea7\uff0c\u800c\u65e0\u9700\u5b9e\u4f8b\u505c\u673a\u3002\u4f46\u662f\uff0c\u5b9e\u65f6\u8fc1\u79fb\u4e5f\u5b58\u5728\u91cd\u5927\u98ce\u9669\u3002\u82e5\u8981\u4e86\u89e3\u6240\u6d89\u53ca\u7684\u98ce\u9669\uff0c\u4ee5\u4e0b\u662f\u5728\u5b9e\u65f6\u8fc1\u79fb\u671f\u95f4\u6267\u884c\u7684\u9ad8\u7ea7\u6b65\u9aa4\uff1a \u5728\u76ee\u6807\u4e3b\u673a\u4e0a\u542f\u52a8\u5b9e\u4f8b \u4f20\u8f93\u5185\u5b58 \u505c\u6b62\u5ba2\u6237\u673a\u548c\u540c\u6b65\u78c1\u76d8 \u4f20\u8f93\u72b6\u6001 \u542f\u52a8\u5ba2\u6237\u673a","title":"\u5b9e\u4f8b\u8fc1\u79fb"},{"location":"security/security-guide/#_286","text":"\u5728\u5b9e\u65f6\u8fc1\u79fb\u8fc7\u7a0b\u7684\u5404\u4e2a\u9636\u6bb5\uff0c\u5b9e\u4f8b\u8fd0\u884c\u65f6\u3001\u5185\u5b58\u548c\u78c1\u76d8\u7684\u5185\u5bb9\u4ee5\u7eaf\u6587\u672c\u5f62\u5f0f\u901a\u8fc7\u7f51\u7edc\u4f20\u8f93\u3002\u56e0\u6b64\uff0c\u5728\u4f7f\u7528\u5b9e\u65f6\u8fc1\u79fb\u65f6\u9700\u8981\u89e3\u51b3\u4e00\u4e9b\u98ce\u9669\u3002\u4ee5\u4e0b\u8be6\u5c3d\u5217\u8868\u8be6\u7ec6\u4ecb\u7ecd\u4e86\u5176\u4e2d\u7684\u4e00\u4e9b\u98ce\u9669\uff1a \u62d2\u7edd\u670d\u52a1 \uff08DoS\uff09\uff1a\u5982\u679c\u5728\u8fc1\u79fb\u8fc7\u7a0b\u4e2d\u51fa\u73b0\u6545\u969c\uff0c\u5b9e\u4f8b\u53ef\u80fd\u4f1a\u4e22\u5931\u3002 \u6570\u636e\u6cc4\u9732\uff1a\u5fc5\u987b\u5b89\u5168\u5730\u5904\u7406\u5185\u5b58\u6216\u78c1\u76d8\u4f20\u8f93\u3002 \u6570\u636e\u64cd\u7eb5\uff1a\u5982\u679c\u5185\u5b58\u6216\u78c1\u76d8\u4f20\u8f93\u672a\u5f97\u5230\u5b89\u5168\u5904\u7406\uff0c\u5219\u653b\u51fb\u8005\u53ef\u4ee5\u5728\u8fc1\u79fb\u8fc7\u7a0b\u4e2d\u64cd\u7eb5\u7528\u6237\u6570\u636e\u3002 \u4ee3\u7801\u6ce8\u5165\uff1a\u5982\u679c\u5185\u5b58\u6216\u78c1\u76d8\u4f20\u8f93\u672a\u5f97\u5230\u5b89\u5168\u5904\u7406\uff0c\u5219\u653b\u51fb\u8005\u53ef\u4ee5\u5728\u8fc1\u79fb\u671f\u95f4\u64cd\u7eb5\u78c1\u76d8\u6216\u5185\u5b58\u4e2d\u7684\u53ef\u6267\u884c\u6587\u4ef6\u3002","title":"\u5b9e\u65f6\u8fc1\u79fb\u98ce\u9669"},{"location":"security/security-guide/#_287","text":"\u6709\u51e0\u79cd\u65b9\u6cd5\u53ef\u4ee5\u7f13\u89e3\u4e0e\u5b9e\u65f6\u8fc1\u79fb\u76f8\u5173\u7684\u4e00\u4e9b\u98ce\u9669\uff0c\u4ee5\u4e0b\u5217\u8868\u8be6\u7ec6\u4ecb\u7ecd\u4e86\u5176\u4e2d\u7684\u4e00\u4e9b\u65b9\u6cd5\uff1a \u7981\u7528\u5b9e\u65f6\u8fc1\u79fb I\u9694\u79bb\u7684\u8fc1\u79fb\u7f51\u7edc \u52a0\u5bc6\u5b9e\u65f6\u8fc1\u79fb","title":"\u5b9e\u65f6\u8fc1\u79fb\u7f13\u89e3\u63aa\u65bd"},{"location":"security/security-guide/#_288","text":"\u76ee\u524d\uff0cOpenStack \u4e2d\u9ed8\u8ba4\u542f\u7528\u5b9e\u65f6\u8fc1\u79fb\u3002\u53ef\u4ee5\u901a\u8fc7\u5411 nova policy.json \u6587\u4ef6\u6dfb\u52a0\u4ee5\u4e0b\u884c\u6765\u7981\u7528\u5b9e\u65f6\u8fc1\u79fb\uff1a { \"compute_extension:admin_actions:migrate\": \"!\", \"compute_extension:admin_actions:migrateLive\": \"!\", }","title":"\u7981\u7528\u5b9e\u65f6\u8fc1\u79fb"},{"location":"security/security-guide/#_289","text":"\u4e00\u822c\u505a\u6cd5\u662f\uff0c\u5b9e\u65f6\u8fc1\u79fb\u6d41\u91cf\u5e94\u9650\u5236\u5728\u7ba1\u7406\u5b89\u5168\u57df\u5185\uff0c\u8bf7\u53c2\u9605\u5b89\u5168\u8fb9\u754c\u548c\u5a01\u80c1\u3002\u5bf9\u4e8e\u5b9e\u65f6\u8fc1\u79fb\u6d41\u91cf\uff0c\u7531\u4e8e\u5176\u7eaf\u6587\u672c\u6027\u8d28\u4ee5\u53ca\u60a8\u6b63\u5728\u4f20\u8f93\u6b63\u5728\u8fd0\u884c\u7684\u5b9e\u4f8b\u7684\u78c1\u76d8\u548c\u5185\u5b58\u5185\u5bb9\uff0c\u56e0\u6b64\u5efa\u8bae\u60a8\u8fdb\u4e00\u6b65\u5c06\u5b9e\u65f6\u8fc1\u79fb\u6d41\u91cf\u5206\u79bb\u5230\u4e13\u7528\u7f51\u7edc\u4e0a\u3002\u5c06\u6d41\u91cf\u9694\u79bb\u5230\u4e13\u7528\u7f51\u7edc\u53ef\u4ee5\u964d\u4f4e\u66b4\u9732\u98ce\u9669\u3002","title":"\u8fc1\u79fb\u7f51\u7edc"},{"location":"security/security-guide/#_290","text":"\u5982\u679c\u6709\u8db3\u591f\u7684\u4e1a\u52a1\u6848\u4f8b\u6765\u4fdd\u6301\u5b9e\u65f6\u8fc1\u79fb\u7684\u542f\u7528\u72b6\u6001\uff0c\u5219 libvirtd \u53ef\u4ee5\u4e3a\u5b9e\u65f6\u8fc1\u79fb\u63d0\u4f9b\u52a0\u5bc6\u96a7\u9053\u3002\u4f46\u662f\uff0c\u6b64\u529f\u80fd\u76ee\u524d\u5c1a\u672a\u5728 OpenStack Dashboard \u6216 nova-client \u547d\u4ee4\u4e2d\u516c\u5f00\uff0c\u53ea\u80fd\u901a\u8fc7\u624b\u52a8\u914d\u7f6e libvirtd \u6765\u8bbf\u95ee\u3002\u7136\u540e\uff0c\u5b9e\u65f6\u8fc1\u79fb\u8fc7\u7a0b\u5c06\u66f4\u6539\u4e3a\u4ee5\u4e0b\u9ad8\u7ea7\u6b65\u9aa4\uff1a \u5b9e\u4f8b\u6570\u636e\u4ece\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u590d\u5236\u5230 libvirtd\u3002 \u5728\u6e90\u4e3b\u673a\u548c\u76ee\u6807\u4e3b\u673a\u4e0a\u7684 libvirtd \u8fdb\u7a0b\u4e4b\u95f4\u521b\u5efa\u52a0\u5bc6\u96a7\u9053\u3002 \u76ee\u6807 libvirtd \u4e3b\u673a\u5c06\u5b9e\u4f8b\u590d\u5236\u56de\u5e95\u5c42\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002","title":"\u52a0\u5bc6\u5b9e\u65f6\u8fc1\u79fb"},{"location":"security/security-guide/#_291","text":"\u7531\u4e8e OpenStack \u865a\u62df\u673a\u662f\u80fd\u591f\u8de8\u4e3b\u673a\u590d\u5236\u7684\u670d\u52a1\u5668\u6620\u50cf\uff0c\u56e0\u6b64\u65e5\u5fd7\u8bb0\u5f55\u7684\u6700\u4f73\u5b9e\u8df5\u540c\u6837\u9002\u7528\u4e8e\u7269\u7406\u4e3b\u673a\u548c\u865a\u62df\u4e3b\u673a\u3002\u5e94\u8bb0\u5f55\u64cd\u4f5c\u7cfb\u7edf\u7ea7\u548c\u5e94\u7528\u7a0b\u5e8f\u7ea7\u4e8b\u4ef6\uff0c\u5305\u62ec\u5bf9\u4e3b\u673a\u548c\u6570\u636e\u7684\u8bbf\u95ee\u4e8b\u4ef6\u3001\u7528\u6237\u6dfb\u52a0\u548c\u5220\u9664\u3001\u6743\u9650\u66f4\u6539\u4ee5\u53ca\u73af\u5883\u89c4\u5b9a\u7684\u5176\u4ed6\u4e8b\u4ef6\u3002\u7406\u60f3\u60c5\u51b5\u4e0b\uff0c\u60a8\u53ef\u4ee5\u5c06\u8fd9\u4e9b\u65e5\u5fd7\u914d\u7f6e\u4e3a\u5bfc\u51fa\u5230\u65e5\u5fd7\u805a\u5408\u5668\uff0c\u8be5\u805a\u5408\u5668\u6536\u96c6\u65e5\u5fd7\u4e8b\u4ef6\uff0c\u5c06\u5b83\u4eec\u5173\u8054\u8d77\u6765\u8fdb\u884c\u5206\u6790\uff0c\u5e76\u5b58\u50a8\u5b83\u4eec\u4ee5\u4f9b\u53c2\u8003\u6216\u8fdb\u4e00\u6b65\u64cd\u4f5c\u3002\u5b9e\u73b0\u6b64\u76ee\u7684\u7684\u4e00\u4e2a\u5e38\u89c1\u5de5\u5177\u662f ELK \u5806\u6808\uff0c\u5373 Elasticsearch\u3001Logstash \u548c Kibana\u3002 \u5e94\u5b9a\u671f\u67e5\u770b\u8fd9\u4e9b\u65e5\u5fd7\uff0c\u4f8b\u5982\u7531\u7f51\u7edc\u8fd0\u8425\u4e2d\u5fc3 \uff08NOC\uff09 \u5b9e\u65f6\u67e5\u770b\uff0c\u6216\u8005\u5982\u679c\u73af\u5883\u4e0d\u591f\u5927\u800c\u4e0d\u9700\u8981 NOC\uff0c\u5219\u65e5\u5fd7\u5e94\u5b9a\u671f\u8fdb\u884c\u65e5\u5fd7\u5ba1\u67e5\u8fc7\u7a0b\u3002 \u5f88\u591a\u65f6\u5019\uff0c\u6709\u8da3\u7684\u4e8b\u4ef6\u4f1a\u89e6\u53d1\u8b66\u62a5\uff0c\u8be5\u8b66\u62a5\u5c06\u53d1\u9001\u7ed9\u54cd\u5e94\u65b9\u4ee5\u91c7\u53d6\u884c\u52a8\u3002\u901a\u5e38\uff0c\u6b64\u8b66\u62a5\u91c7\u7528\u5305\u542b\u76f8\u5173\u6d88\u606f\u7684\u7535\u5b50\u90ae\u4ef6\u5f62\u5f0f\u3002\u4e00\u4e2a\u6709\u8da3\u7684\u4e8b\u4ef6\u53ef\u80fd\u662f\u91cd\u5927\u6545\u969c\uff0c\u4e5f\u53ef\u80fd\u662f\u6302\u8d77\u6545\u969c\u7684\u5df2\u77e5\u8fd0\u884c\u72b6\u51b5\u6307\u793a\u5668\u3002\u7528\u4e8e\u7ba1\u7406\u544a\u8b66\u7684\u4e24\u4e2a\u5e38\u89c1\u5b9e\u7528\u7a0b\u5e8f\u662f Nagios \u548c Zabbix\u3002","title":"\u76d1\u63a7\u3001\u544a\u8b66\u548c\u62a5\u544a"},{"location":"security/security-guide/#_292","text":"\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u8fd0\u884c\u72ec\u7acb\u7684\u865a\u62df\u673a\u3002\u6b64\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u53ef\u4ee5\u5728\u64cd\u4f5c\u7cfb\u7edf\u4e2d\u8fd0\u884c\uff0c\u4e5f\u53ef\u4ee5\u76f4\u63a5\u5728\u786c\u4ef6\u4e0a\u8fd0\u884c\uff08\u79f0\u4e3a\u88f8\u673a\uff09\u3002\u5bf9\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u7684\u66f4\u65b0\u4e0d\u4f1a\u5411\u4e0b\u4f20\u64ad\u5230\u865a\u62df\u673a\u3002\u4f8b\u5982\uff0c\u5982\u679c\u90e8\u7f72\u4f7f\u7528\u7684\u662f XenServer\uff0c\u5e76\u4e14\u5177\u6709\u4e00\u7ec4 Debian \u865a\u62df\u673a\uff0c\u5219\u5bf9 XenServer \u7684\u66f4\u65b0\u4e0d\u4f1a\u66f4\u65b0 Debian \u865a\u62df\u673a\u4e0a\u8fd0\u884c\u7684\u4efb\u4f55\u5185\u5bb9\u3002 \u56e0\u6b64\uff0c\u6211\u4eec\u5efa\u8bae\u5206\u914d\u865a\u62df\u673a\u7684\u660e\u786e\u6240\u6709\u6743\uff0c\u5e76\u7531\u8fd9\u4e9b\u6240\u6709\u8005\u8d1f\u8d23\u865a\u62df\u673a\u7684\u5f3a\u5316\u3001\u90e8\u7f72\u548c\u6301\u7eed\u529f\u80fd\u3002\u6211\u4eec\u8fd8\u5efa\u8bae\u5b9a\u671f\u90e8\u7f72\u66f4\u65b0\u3002\u8fd9\u4e9b\u8865\u4e01\u5e94\u5728\u5c3d\u53ef\u80fd\u63a5\u8fd1\u751f\u4ea7\u73af\u5883\u7684\u73af\u5883\u4e2d\u8fdb\u884c\u6d4b\u8bd5\uff0c\u4ee5\u786e\u4fdd\u8865\u4e01\u80cc\u540e\u7684\u95ee\u9898\u7684\u7a33\u5b9a\u6027\u548c\u89e3\u51b3\u65b9\u6848\u3002","title":"\u66f4\u65b0\u548c\u8865\u4e01"},{"location":"security/security-guide/#_293","text":"\u6700\u5e38\u89c1\u7684\u64cd\u4f5c\u7cfb\u7edf\u5305\u62ec\u57fa\u4e8e\u4e3b\u673a\u7684\u9632\u706b\u5899\uff0c\u4ee5\u63d0\u9ad8\u5b89\u5168\u6027\u3002\u867d\u7136\u6211\u4eec\u5efa\u8bae\u865a\u62df\u673a\u8fd0\u884c\u5c3d\u53ef\u80fd\u5c11\u7684\u5e94\u7528\u7a0b\u5e8f\uff08\u5982\u679c\u53ef\u80fd\u7684\u8bdd\uff0c\u8fbe\u5230\u5355\u4e00\u7528\u9014\u5b9e\u4f8b\u7684\u7a0b\u5ea6\uff09\uff0c\u4f46\u5e94\u5206\u6790\u865a\u62df\u673a\u4e0a\u8fd0\u884c\u7684\u6240\u6709\u5e94\u7528\u7a0b\u5e8f\uff0c\u4ee5\u786e\u5b9a\u5e94\u7528\u7a0b\u5e8f\u9700\u8981\u8bbf\u95ee\u54ea\u4e9b\u7cfb\u7edf\u8d44\u6e90\u3001\u8fd0\u884c\u6240\u9700\u7684\u6700\u4f4e\u7279\u6743\u7ea7\u522b\uff0c\u4ee5\u53ca\u5c06\u8fdb\u51fa\u865a\u62df\u673a\u7684\u9884\u671f\u7f51\u7edc\u6d41\u91cf\u3002\u6b64\u9884\u671f\u6d41\u91cf\u5e94\u4f5c\u4e3a\u5141\u8bb8\u7684\u6d41\u91cf\uff08\u6216\u5217\u5165\u767d\u540d\u5355\uff09\u6dfb\u52a0\u5230\u57fa\u4e8e\u4e3b\u673a\u7684\u9632\u706b\u5899\u4e2d\uff0c\u4ee5\u53ca\u4efb\u4f55\u5fc5\u8981\u7684\u65e5\u5fd7\u8bb0\u5f55\u548c\u7ba1\u7406\u901a\u4fe1\uff0c\u4f8b\u5982 SSH \u6216 RDP\u3002\u5e94\u5728\u9632\u706b\u5899\u914d\u7f6e\u4e2d\u660e\u786e\u62d2\u7edd\u6240\u6709\u5176\u4ed6\u6d41\u91cf\u3002 \u5728 Linux \u865a\u62df\u673a\u4e0a\uff0c\u4e0a\u8ff0\u5e94\u7528\u7a0b\u5e8f\u914d\u7f6e\u6587\u4ef6\u53ef\u4ee5\u4e0e audit2allow \u7b49\u5de5\u5177\u7ed3\u5408\u4f7f\u7528\uff0c\u4ee5\u6784\u5efa SELinux \u7b56\u7565\uff0c\u4ee5\u8fdb\u4e00\u6b65\u4fdd\u62a4\u5927\u591a\u6570 Linux \u53d1\u884c\u7248\u4e0a\u7684\u654f\u611f\u7cfb\u7edf\u4fe1\u606f\u3002SELinux \u4f7f\u7528\u7528\u6237\u3001\u7b56\u7565\u548c\u5b89\u5168\u4e0a\u4e0b\u6587\u7684\u7ec4\u5408\u6765\u5212\u5206\u5e94\u7528\u7a0b\u5e8f\u8fd0\u884c\u6240\u9700\u7684\u8d44\u6e90\uff0c\u5e76\u5c06\u5176\u4e0e\u5176\u4ed6\u4e0d\u9700\u8981\u7684\u7cfb\u7edf\u8d44\u6e90\u533a\u5206\u5f00\u6765\u3002 OpenStack \u4e3a\u4e3b\u673a\u548c\u7f51\u7edc\u63d0\u4f9b\u5b89\u5168\u7ec4\uff0c\u4ee5\u589e\u52a0\u5bf9\u7ed9\u5b9a\u9879\u76ee\u4e2d\u865a\u62df\u673a\u7684\u6df1\u5ea6\u9632\u5fa1\u3002\u8fd9\u4e9b\u89c4\u5219\u7c7b\u4f3c\u4e8e\u57fa\u4e8e\u4e3b\u673a\u7684\u9632\u706b\u5899\uff0c\u56e0\u4e3a\u5b83\u4eec\u6839\u636e\u7aef\u53e3\u3001\u534f\u8bae\u548c\u5730\u5740\u5141\u8bb8\u6216\u62d2\u7edd\u4f20\u5165\u6d41\u91cf\uff0c\u4f46\u5b89\u5168\u7ec4\u89c4\u5219\u4ec5\u9002\u7528\u4e8e\u4f20\u5165\u6d41\u91cf\uff0c\u800c\u57fa\u4e8e\u4e3b\u673a\u7684\u9632\u706b\u5899\u89c4\u5219\u80fd\u591f\u5e94\u7528\u4e8e\u4f20\u5165\u548c\u4f20\u51fa\u6d41\u91cf\u3002\u4e3b\u673a\u548c\u7f51\u7edc\u5b89\u5168\u7ec4\u89c4\u5219\u4e5f\u53ef\u80fd\u53d1\u751f\u51b2\u7a81\u5e76\u62d2\u7edd\u5408\u6cd5\u6d41\u91cf\u3002\u6211\u4eec\u5efa\u8bae\u786e\u4fdd\u4e3a\u6b63\u5728\u4f7f\u7528\u7684\u7f51\u7edc\u6b63\u786e\u914d\u7f6e\u5b89\u5168\u7ec4\u3002\u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u672c\u6307\u5357\u4e2d\u7684\u5b89\u5168\u7ec4\u3002","title":"\u9632\u706b\u5899\u548c\u5176\u4ed6\u57fa\u4e8e\u4e3b\u673a\u7684\u5b89\u5168\u63a7\u5236"},{"location":"security/security-guide/#_294","text":"\u5728\u4e91\u73af\u5883\u4e2d\uff0c\u786c\u4ef6\u3001\u64cd\u4f5c\u7cfb\u7edf\u3001\u865a\u62df\u673a\u7ba1\u7406\u5668\u3001OpenStack \u670d\u52a1\u3001\u4e91\u7528\u6237\u6d3b\u52a8\uff08\u4f8b\u5982\u521b\u5efa\u5b9e\u4f8b\u548c\u9644\u52a0\u5b58\u50a8\uff09\u3001\u7f51\u7edc\u4ee5\u53ca\u4f7f\u7528\u5728\u5404\u79cd\u5b9e\u4f8b\u4e0a\u8fd0\u884c\u7684\u5e94\u7528\u7a0b\u5e8f\u7684\u6700\u7ec8\u7528\u6237\u6df7\u5408\u5728\u4e00\u8d77\u3002 \u65e5\u5fd7\u8bb0\u5f55\u7684\u57fa\u7840\u77e5\u8bc6\uff1a\u914d\u7f6e\u3001\u8bbe\u7f6e\u65e5\u5fd7\u7ea7\u522b\u3001\u65e5\u5fd7\u6587\u4ef6\u7684\u4f4d\u7f6e\u3001\u5982\u4f55\u4f7f\u7528\u548c\u81ea\u5b9a\u4e49\u65e5\u5fd7\uff0c\u4ee5\u53ca\u5982\u4f55\u96c6\u4e2d\u6536\u96c6\u65e5\u5fd7\uff0c\u8fd9\u4e9b\u5728 OpenStack \u64cd\u4f5c\u6307\u5357\u4e2d\u90fd\u6709\u5f88\u597d\u7684\u4ecb\u7ecd\u3002 \u53d6\u8bc1\u548c\u4e8b\u4ef6\u54cd\u5e94 \u76d1\u63a7\u7528\u4f8b \u53c2\u8003\u4e66\u76ee","title":"\u76d1\u89c6\u548c\u65e5\u5fd7\u8bb0\u5f55"},{"location":"security/security-guide/#_295","text":"\u65e5\u5fd7\u7684\u751f\u6210\u548c\u6536\u96c6\u662f\u5b89\u5168\u76d1\u63a7 OpenStack \u57fa\u7840\u67b6\u6784\u7684\u91cd\u8981\u7ec4\u6210\u90e8\u5206\u3002\u65e5\u5fd7\u63d0\u4f9b\u5bf9\u7ba1\u7406\u5458\u3001\u79df\u6237\u548c\u6765\u5bbe\u65e5\u5e38\u64cd\u4f5c\u7684\u53ef\u89c1\u6027\uff0c\u4ee5\u53ca\u8ba1\u7b97\u3001\u7f51\u7edc\u548c\u5b58\u50a8\u4ee5\u53ca\u6784\u6210 OpenStack \u90e8\u7f72\u7684\u5176\u4ed6\u7ec4\u4ef6\u4e2d\u7684\u6d3b\u52a8\u3002 \u65e5\u5fd7\u4e0d\u4ec5\u5bf9\u4e3b\u52a8\u5b89\u5168\u548c\u6301\u7eed\u5408\u89c4\u6027\u6d3b\u52a8\u5f88\u6709\u4ef7\u503c\uff0c\u800c\u4e14\u4e5f\u662f\u8c03\u67e5\u548c\u54cd\u5e94\u4e8b\u4ef6\u7684\u5b9d\u8d35\u4fe1\u606f\u6e90\u3002 \u4f8b\u5982\uff0c\u5206\u6790\u8eab\u4efd\u670d\u52a1\u6216\u5176\u66ff\u4ee3\u8eab\u4efd\u9a8c\u8bc1\u7cfb\u7edf\u7684\u8bbf\u95ee\u65e5\u5fd7\u4f1a\u63d0\u9192\u6211\u4eec\u767b\u5f55\u5931\u8d25\u3001\u9891\u7387\u3001\u6e90 IP\u3001\u4e8b\u4ef6\u662f\u5426\u4ec5\u9650\u4e8e\u9009\u62e9\u5e10\u6237\u548c\u5176\u4ed6\u76f8\u5173\u4fe1\u606f\u3002\u65e5\u5fd7\u5206\u6790\u652f\u6301\u68c0\u6d4b\u3002 \u53ef\u4ee5\u91c7\u53d6\u63aa\u65bd\u6765\u7f13\u89e3\u6f5c\u5728\u7684\u6076\u610f\u6d3b\u52a8\uff0c\u4f8b\u5982\u5c06 IP \u5730\u5740\u5217\u5165\u9ed1\u540d\u5355\u3001\u5efa\u8bae\u52a0\u5f3a\u7528\u6237\u5bc6\u7801\u6216\u505c\u7528\u88ab\u89c6\u4e3a\u4f11\u7720\u7684\u7528\u6237\u5e10\u6237\u3002","title":"\u53d6\u8bc1\u548c\u4e8b\u4ef6\u54cd\u5e94"},{"location":"security/security-guide/#_296","text":"\u4e8b\u4ef6\u76d1\u63a7\u662f\u4e00\u79cd\u66f4\u4e3b\u52a8\u7684\u65b9\u6cd5\uff0c\u53ef\u4ee5\u4fdd\u62a4\u73af\u5883\uff0c\u63d0\u4f9b\u5b9e\u65f6\u68c0\u6d4b\u548c\u54cd\u5e94\u3002\u6709\u51e0\u79cd\u5de5\u5177\u53ef\u4ee5\u5e2e\u52a9\u8fdb\u884c\u76d1\u63a7\u3002 \u5bf9\u4e8eOpenStack\u4e91\u5b9e\u4f8b\uff0c\u6211\u4eec\u9700\u8981\u76d1\u63a7\u786c\u4ef6\u3001OpenStack\u670d\u52a1\u548c\u4e91\u8d44\u6e90\u4f7f\u7528\u60c5\u51b5\u3002\u540e\u8005\u6e90\u4e8e\u5e0c\u671b\u5177\u6709\u5f39\u6027\uff0c\u4ee5\u9002\u5e94\u7528\u6237\u7684\u52a8\u6001\u9700\u6c42\u3002 \u4ee5\u4e0b\u662f\u5728\u5b9e\u65bd\u65e5\u5fd7\u805a\u5408\u3001\u5206\u6790\u548c\u76d1\u63a7\u65f6\u9700\u8981\u8003\u8651\u7684\u51e0\u4e2a\u91cd\u8981\u7528\u4f8b\u3002\u8fd9\u4e9b\u7528\u4f8b\u53ef\u4ee5\u901a\u8fc7\u5404\u79cd\u5e94\u7528\u7a0b\u5e8f\u3001\u5de5\u5177\u6216\u811a\u672c\u6765\u5b9e\u73b0\u548c\u76d1\u63a7\u3002\u6709\u5f00\u6e90\u548c\u5546\u4e1a\u89e3\u51b3\u65b9\u6848\uff0c\u4e00\u4e9b\u8fd0\u8425\u5546\u5f00\u53d1\u81ea\u5df1\u7684\u5185\u90e8\u89e3\u51b3\u65b9\u6848\u3002\u8fd9\u4e9b\u5de5\u5177\u548c\u811a\u672c\u53ef\u4ee5\u751f\u6210\u4e8b\u4ef6\uff0c\u8fd9\u4e9b\u4e8b\u4ef6\u53ef\u4ee5\u901a\u8fc7\u7535\u5b50\u90ae\u4ef6\u53d1\u9001\u7ed9\u7ba1\u7406\u5458\u6216\u5728\u96c6\u6210\u4eea\u8868\u677f\u4e2d\u67e5\u770b\u3002\u8bf7\u52a1\u5fc5\u8003\u8651\u53ef\u80fd\u9002\u7528\u4e8e\u60a8\u7684\u7279\u5b9a\u7f51\u7edc\u7684\u5176\u4ed6\u7528\u4f8b\uff0c\u4ee5\u53ca\u60a8\u53ef\u80fd\u8ba4\u4e3a\u7684\u5f02\u5e38\u884c\u4e3a\u3002 \u68c0\u6d4b\u65e5\u5fd7\u751f\u6210\u7f3a\u5931\u662f\u4e00\u4e2a\u5177\u6709\u5f88\u9ad8\u4ef7\u503c\u7684\u4e8b\u4ef6\u3002\u6b64\u7c7b\u4e8b\u4ef6\u5c06\u8868\u660e\u670d\u52a1\u5931\u8d25\uff0c\u751a\u81f3\u8868\u793a\u5165\u4fb5\u8005\u6682\u65f6\u5173\u95ed\u4e86\u65e5\u5fd7\u8bb0\u5f55\u6216\u4fee\u6539\u4e86\u65e5\u5fd7\u7ea7\u522b\u4ee5\u9690\u85cf\u5176\u8e2a\u8ff9\u3002 \u5e94\u7528\u7a0b\u5e8f\u4e8b\u4ef6\uff08\u5982\u8ba1\u5212\u5916\u7684\u542f\u52a8\u6216\u505c\u6b62\u4e8b\u4ef6\uff09\u4e5f\u662f\u8981\u76d1\u89c6\u548c\u68c0\u67e5\u53ef\u80fd\u7684\u5b89\u5168\u9690\u60a3\u7684\u4e8b\u4ef6\u3002 OpenStack \u670d\u52a1\u673a\u5668\u4e0a\u7684\u64cd\u4f5c\u7cfb\u7edf\u4e8b\u4ef6\uff08\u5982\u7528\u6237\u767b\u5f55\u6216\u91cd\u65b0\u542f\u52a8\uff09\u4e5f\u4e3a\u7cfb\u7edf\u7684\u6b63\u786e\u548c\u4e0d\u5f53\u4f7f\u7528\u63d0\u4f9b\u4e86\u6709\u4ef7\u503c\u7684\u89c1\u89e3\u3002 \u80fd\u591f\u68c0\u6d4bOpenStack\u670d\u52a1\u5668\u4e0a\u7684\u8d1f\u8f7d\u8fd8\u53ef\u4ee5\u901a\u8fc7\u5f15\u5165\u5176\u4ed6\u670d\u52a1\u5668\u8fdb\u884c\u8d1f\u8f7d\u5e73\u8861\u6765\u505a\u51fa\u54cd\u5e94\uff0c\u4ee5\u786e\u4fdd\u9ad8\u53ef\u7528\u6027\u3002 \u5176\u4ed6\u53ef\u64cd\u4f5c\u7684\u4e8b\u4ef6\u5305\u62ec\u7f51\u7edc\u7f51\u6865\u5173\u95ed\u3001\u8ba1\u7b97\u8282\u70b9\u4e0a\u7684 IP \u8868\u88ab\u5237\u65b0\uff0c\u4ee5\u53ca\u968f\u4e4b\u800c\u6765\u7684\u5bf9\u5b9e\u4f8b\u7684\u8bbf\u95ee\u4e22\u5931\uff0c\u5bfc\u81f4\u5ba2\u6237\u4e0d\u6ee1\u610f\u3002 \u4e3a\u4e86\u964d\u4f4e\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u5220\u9664\u7528\u6237\u3001\u79df\u6237\u6216\u57df\u65f6\u5b64\u7acb\u5b9e\u4f8b\u7684\u5b89\u5168\u98ce\u9669\uff0c\u6211\u4eec\u8ba8\u8bba\u4e86\u5728\u7cfb\u7edf\u4e2d\u751f\u6210\u901a\u77e5\uff0c\u5e76\u8ba9 OpenStack \u7ec4\u4ef6\u9002\u5f53\u5730\u54cd\u5e94\u8fd9\u4e9b\u4e8b\u4ef6\uff0c\u4f8b\u5982\u7ec8\u6b62\u5b9e\u4f8b\u3001\u65ad\u5f00\u8fde\u63a5\u7684\u5377\u3001\u56de\u6536 CPU \u548c\u5b58\u50a8\u8d44\u6e90\u7b49\u3002 \u4e91\u5c06\u6258\u7ba1\u8bb8\u591a\u865a\u62df\u5b9e\u4f8b\uff0c\u5e76\u4e14\u76d1\u89c6\u8fd9\u4e9b\u5b9e\u4f8b\u8d85\u51fa\u4e86\u53ef\u80fd\u4ec5\u5305\u542b CRUD \u4e8b\u4ef6\u7684\u786c\u4ef6\u76d1\u89c6\u548c\u65e5\u5fd7\u6587\u4ef6\u3002 \u5b89\u5168\u76d1\u63a7\u63a7\u5236\uff08\u5982\u5165\u4fb5\u68c0\u6d4b\u8f6f\u4ef6\u3001\u9632\u75c5\u6bd2\u8f6f\u4ef6\u4ee5\u53ca\u95f4\u8c0d\u8f6f\u4ef6\u68c0\u6d4b\u548c\u5220\u9664\u5b9e\u7528\u7a0b\u5e8f\uff09\u53ef\u4ee5\u751f\u6210\u65e5\u5fd7\uff0c\u663e\u793a\u653b\u51fb\u6216\u5165\u4fb5\u53d1\u751f\u7684\u65f6\u95f4\u548c\u65b9\u5f0f\u3002\u5728\u4e91\u8ba1\u7b97\u673a\u4e0a\u90e8\u7f72\u8fd9\u4e9b\u5de5\u5177\u53ef\u63d0\u4f9b\u4ef7\u503c\u548c\u4fdd\u62a4\u3002\u4e91\u7528\u6237\uff0c\u5373\u5728\u4e91\u4e0a\u8fd0\u884c\u5b9e\u4f8b\u7684\u7528\u6237\uff0c\u53ef\u80fd\u4e5f\u5e0c\u671b\u5728\u5176\u5b9e\u4f8b\u4e0a\u8fd0\u884c\u6b64\u7c7b\u5de5\u5177\u3002","title":"\u76d1\u63a7\u7528\u4f8b"},{"location":"security/security-guide/#_297","text":"Siwczak, Piotr\uff0c\u5728 OpenStack \u4e91\u4e2d\u8fdb\u884c\u76d1\u63a7\u7684\u4e00\u4e9b\u5b9e\u9645\u6ce8\u610f\u4e8b\u9879\u30022012. blog.sflow.com\uff0c sflow\uff1a\u4e3b\u673a sFlow \u5206\u5e03\u5f0f\u4ee3\u7406\u30022012. blog.sflow.com\uff0csflow\uff1aLAN \u548c WAN\u30022009. blog.sflow.com\u3001sflow\uff1a\u5feb\u901f\u68c0\u6d4b\u5927\u6d41\u91cf sFlow \u4e0e NetFlow/IPFIX\u30022013.","title":"\u53c2\u8003\u4e66\u76ee"},{"location":"security/security-guide/#_298","text":"OpenStack \u90e8\u7f72\u53ef\u80fd\u9700\u8981\u51fa\u4e8e\u591a\u79cd\u76ee\u7684\u8fdb\u884c\u5408\u89c4\u6027\u6d3b\u52a8\uff0c\u4f8b\u5982\u6cd5\u89c4\u548c\u6cd5\u5f8b\u8981\u6c42\u3001\u5ba2\u6237\u9700\u6c42\u3001\u9690\u79c1\u6ce8\u610f\u4e8b\u9879\u548c\u5b89\u5168\u6700\u4f73\u5b9e\u8df5\u3002\u5408\u89c4\u529f\u80fd\u5bf9\u4f01\u4e1a\u53ca\u5176\u5ba2\u6237\u5f88\u91cd\u8981\u3002\u5408\u89c4\u610f\u5473\u7740\u9075\u5b88\u6cd5\u89c4\u3001\u89c4\u8303\u3001\u6807\u51c6\u548c\u6cd5\u5f8b\u3002\u5b83\u8fd8\u7528\u4e8e\u63cf\u8ff0\u6709\u5173\u8bc4\u4f30\u3001\u5ba1\u6838\u548c\u8ba4\u8bc1\u7684\u7ec4\u7ec7\u72b6\u6001\u3002\u5982\u679c\u64cd\u4f5c\u5f97\u5f53\uff0c\u5408\u89c4\u6027\u53ef\u4ee5\u7edf\u4e00\u548c\u52a0\u5f3a\u672c\u6307\u5357\u4e2d\u8ba8\u8bba\u7684\u5176\u4ed6\u5b89\u5168\u4e3b\u9898\u3002 \u672c\u7ae0\u6709\u51e0\u4e2a\u76ee\u6807\uff1a \u67e5\u770b\u5e38\u89c1\u7684\u5b89\u5168\u539f\u5219\u3002 \u8ba8\u8bba\u5e38\u89c1\u7684\u63a7\u5236\u6846\u67b6\u548c\u8ba4\u8bc1\u8d44\u6e90\uff0c\u4ee5\u5b9e\u73b0\u884c\u4e1a\u8ba4\u8bc1\u6216\u76d1\u7ba1\u673a\u6784\u8ba4\u8bc1\u3002 \u5728\u8bc4\u4f30 OpenStack \u90e8\u7f72\u65f6\uff0c\u53ef\u4f5c\u4e3a\u5ba1\u8ba1\u4eba\u5458\u7684\u53c2\u8003\u3002 \u4ecb\u7ecd\u7279\u5b9a\u4e8e OpenStack \u548c\u4e91\u73af\u5883\u7684\u9690\u79c1\u6ce8\u610f\u4e8b\u9879\u3002 \u5408\u89c4\u6027\u6982\u8ff0 \u5b89\u5168\u539f\u5219 \u5e38\u89c1\u63a7\u5236\u6846\u67b6 \u5ba1\u6838\u53c2\u8003 \u4e86\u89e3\u5ba1\u6838\u6d41\u7a0b \u786e\u5b9a\u5ba1\u8ba1\u8303\u56f4 \u5ba1\u8ba1\u9636\u6bb5 \u5185\u90e8\u5ba1\u8ba1 \u51c6\u5907\u5916\u90e8\u5ba1\u8ba1 \u5916\u90e8\u5ba1\u8ba1 \u5408\u89c4\u6027\u7ef4\u62a4 \u5408\u89c4\u6d3b\u52a8 \u4fe1\u606f\u5b89\u5168\u7ba1\u7406\u7cfb\u7edf\uff08ISMS\uff09 \u98ce\u9669\u8bc4\u4f30 \u8bbf\u95ee\u548c\u65e5\u5fd7\u5ba1\u67e5 \u5907\u4efd\u548c\u707e\u96be\u6062\u590d \u5b89\u5168\u57f9\u8bad \u5b89\u5168\u5ba1\u67e5 \u6f0f\u6d1e\u7ba1\u7406 \u6570\u636e\u5206\u7c7b \u5f02\u5e38\u8fc7\u7a0b \u8ba4\u8bc1\u548c\u5408\u89c4\u58f0\u660e \u5546\u4e1a\u6807\u51c6 \u653f\u5e9c\u6807\u51c6 \u9690\u79c1","title":"\u5408\u89c4"},{"location":"security/security-guide/#_299","text":"","title":"\u5408\u89c4\u6027\u6982\u8ff0"},{"location":"security/security-guide/#_300","text":"\u884c\u4e1a\u6807\u51c6\u5b89\u5168\u539f\u5219\u4e3a\u5408\u89c4\u6027\u8ba4\u8bc1\u548c\u8bc1\u660e\u63d0\u4f9b\u4e86\u57fa\u51c6\u3002\u5982\u679c\u5728\u6574\u4e2a OpenStack \u90e8\u7f72\u8fc7\u7a0b\u4e2d\u8003\u8651\u548c\u5f15\u7528\u8fd9\u4e9b\u539f\u5219\uff0c\u5219\u53ef\u4ee5\u7b80\u5316\u8ba4\u8bc1\u6d3b\u52a8\u3002","title":"\u5b89\u5168\u539f\u5219"},{"location":"security/security-guide/#_301","text":"\u786e\u5b9a\u4e91\u67b6\u6784\u4e2d\u5b58\u5728\u98ce\u9669\u7684\u4f4d\u7f6e\uff0c\u5e76\u5e94\u7528\u63a7\u5236\u63aa\u65bd\u6765\u964d\u4f4e\u98ce\u9669\u3002\u5728\u91cd\u5927\u5173\u6ce8\u9886\u57df\uff0c\u5206\u5c42\u9632\u5fa1\u63d0\u4f9b\u591a\u79cd\u4e92\u8865\u63a7\u5236\uff0c\u5c06\u98ce\u9669\u7ba1\u7406\u5230\u53ef\u63a5\u53d7\u7684\u6c34\u5e73\u3002\u4f8b\u5982\uff0c\u4e3a\u4e86\u786e\u4fdd\u4e91\u79df\u6237\u4e4b\u95f4\u7684\u5145\u5206\u9694\u79bb\uff0c\u6211\u4eec\u5efa\u8bae\u5f3a\u5316 QEMU\uff0c\u4f7f\u7528\u652f\u6301 SELinux \u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\uff0c\u5b9e\u65bd\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236\u7b56\u7565\uff0c\u5e76\u51cf\u5c11\u6574\u4f53\u653b\u51fb\u9762\u3002\u57fa\u672c\u539f\u5219\u662f\u7528\u591a\u5c42\u9632\u5fa1\u6765\u5f3a\u5316\u5173\u6ce8\u533a\u57df\uff0c\u8fd9\u6837\uff0c\u5982\u679c\u4efb\u4f55\u4e00\u5c42\u53d7\u5230\u635f\u5bb3\uff0c\u5176\u4ed6\u5c42\u5c06\u5b58\u5728\u4ee5\u63d0\u4f9b\u4fdd\u62a4\u5e76\u6700\u5927\u9650\u5ea6\u5730\u51cf\u5c11\u66b4\u9732\u3002","title":"\u5206\u5c42\u9632\u5fa1"},{"location":"security/security-guide/#_302","text":"\u5728\u53d1\u751f\u6545\u969c\u7684\u60c5\u51b5\u4e0b\uff0c\u7cfb\u7edf\u5e94\u914d\u7f6e\u4e3a\u5728\u5173\u95ed\u7684\u5b89\u5168\u72b6\u6001\u4e2d\u5931\u8d25\u3002\u4f8b\u5982\uff0c\u5982\u679cTLS\u8bc1\u4e66\u9a8c\u8bc1\u672a\u901a\u8fc7\uff0c\u5373CNAME\u4e0e\u670d\u52a1\u5668\u7684DNS\u540d\u79f0\u4e0d\u5339\u914d\uff0c\u5e94\u901a\u8fc7\u5207\u65ad\u7f51\u7edc\u8fde\u63a5\u6765\u5b89\u5168\u5931\u8d25\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u8f6f\u4ef6\u901a\u5e38\u4f1a\u4ee5\u5f00\u653e\u65b9\u5f0f\u5931\u8d25\uff0c\u5141\u8bb8\u8fde\u63a5\u5728\u6ca1\u6709CNAME\u5339\u914d\u7684\u60c5\u51b5\u4e0b\u7ee7\u7eed\u8fdb\u884c\uff0c\u8fd9\u6837\u4e0d\u591f\u5b89\u5168\uff0c\u4e5f\u4e0d\u5efa\u8bae\u3002","title":"\u5b89\u5168\u5931\u8d25"},{"location":"security/security-guide/#_303","text":"\u4ec5\u6388\u4e88\u7528\u6237\u548c\u7cfb\u7edf\u670d\u52a1\u7684\u6700\u4f4e\u8bbf\u95ee\u7ea7\u522b\u3002\u8fd9\u79cd\u8bbf\u95ee\u57fa\u4e8e\u89d2\u8272\u3001\u804c\u8d23\u548c\u5de5\u4f5c\u804c\u80fd\u3002\u8fd9\u79cd\u6700\u5c0f\u7279\u6743\u5b89\u5168\u539f\u5219\u5df2\u5199\u5165\u591a\u4e2a\u56fd\u9645\u653f\u5e9c\u5b89\u5168\u7b56\u7565\u4e2d\uff0c\u4f8b\u5982\u7f8e\u56fd\u5883\u5185\u7684 NIST 800-53 \u7b2c AC-6 \u8282\u3002","title":"\u6700\u5c0f\u6743\u9650"},{"location":"security/security-guide/#_304","text":"\u7cfb\u7edf\u5e94\u4ee5\u8fd9\u6837\u4e00\u79cd\u65b9\u5f0f\u9694\u79bb\uff0c\u5373\u5982\u679c\u4e00\u53f0\u8ba1\u7b97\u673a\u6216\u7cfb\u7edf\u7ea7\u670d\u52a1\u53d7\u5230\u635f\u5bb3\uff0c\u5176\u4ed6\u7cfb\u7edf\u7684\u5b89\u5168\u6027\u5c06\u4fdd\u6301\u4e0d\u53d8\u3002\u5b9e\u9645\u4e0a\uff0cSELinux \u7684\u542f\u7528\u548c\u6b63\u786e\u4f7f\u7528\u6709\u52a9\u4e8e\u5b9e\u73b0\u8fd9\u4e00\u76ee\u6807\u3002","title":"\u5206\u9694"},{"location":"security/security-guide/#_305","text":"\u5e94\u5c3d\u91cf\u51cf\u5c11\u53ef\u4ee5\u6536\u96c6\u7684\u6709\u5173\u7cfb\u7edf\u53ca\u5176\u7528\u6237\u7684\u4fe1\u606f\u91cf\u3002","title":"\u4fc3\u8fdb\u9690\u79c1"},{"location":"security/security-guide/#_306","text":"\u5b9e\u65bd\u9002\u5f53\u7684\u65e5\u5fd7\u8bb0\u5f55\u4ee5\u76d1\u63a7\u672a\u7ecf\u6388\u6743\u7684\u4f7f\u7528\u3001\u4e8b\u4ef6\u54cd\u5e94\u548c\u53d6\u8bc1\u3002\u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\u9009\u5b9a\u7684\u5ba1\u8ba1\u5b50\u7cfb\u7edf\u901a\u8fc7\u901a\u7528\u6807\u51c6\u8ba4\u8bc1\uff0c\u8be5\u6807\u51c6\u5728\u5927\u591a\u6570\u56fd\u5bb6/\u5730\u533a\u63d0\u4f9b\u4e0d\u53ef\u8bc1\u660e\u7684\u4e8b\u4ef6\u8bb0\u5f55\u3002","title":"\u65e5\u5fd7\u8bb0\u5f55\u80fd\u529b"},{"location":"security/security-guide/#_307","text":"\u4ee5\u4e0b\u662f\u7ec4\u7ec7\u53ef\u7528\u4e8e\u6784\u5efa\u5176\u5b89\u5168\u63a7\u5236\u7684\u63a7\u5236\u6846\u67b6\u5217\u8868\u3002 \u4e91\u5b89\u5168\u8054\u76df \uff08CSA\uff09 \u901a\u7528\u63a7\u5236\u77e9\u9635 \uff08CCM\uff09 CSA CCM \u4e13\u95e8\u7528\u4e8e\u63d0\u4f9b\u57fa\u672c\u7684\u5b89\u5168\u539f\u5219\uff0c\u4ee5\u6307\u5bfc\u4e91\u4f9b\u5e94\u5546\u5e76\u5e2e\u52a9\u6f5c\u5728\u7684\u4e91\u5ba2\u6237\u8bc4\u4f30\u4e91\u63d0\u4f9b\u5546\u7684\u6574\u4f53\u5b89\u5168\u98ce\u9669\u3002CSA CCM \u63d0\u4f9b\u4e86\u4e00\u4e2a\u8de8 16 \u4e2a\u5b89\u5168\u57df\u4fdd\u6301\u4e00\u81f4\u7684\u63a7\u5236\u6846\u67b6\u3002\u4e91\u63a7\u5236\u77e9\u9635\u7684\u57fa\u7840\u5728\u4e8e\u5176\u4e0e\u5176\u4ed6\u884c\u4e1a\u6807\u51c6\u3001\u6cd5\u89c4\u548c\u63a7\u5236\u6846\u67b6\u7684\u5b9a\u5236\u5173\u7cfb\uff0c\u4f8b\u5982\uff1aISO 27001\uff1a2013\u3001COBIT 5.0\u3001PCI\uff1aDSS v3\u3001AICPA 2014 \u4fe1\u4efb\u670d\u52a1\u539f\u5219\u548c\u6807\u51c6\uff0c\u5e76\u589e\u5f3a\u4e86\u670d\u52a1\u7ec4\u7ec7\u63a7\u5236\u62a5\u544a\u8bc1\u660e\u7684\u5185\u90e8\u63a7\u5236\u65b9\u5411\u3002 CSA CCM \u901a\u8fc7\u51cf\u5c11\u4e91\u4e2d\u7684\u5b89\u5168\u5a01\u80c1\u548c\u6f0f\u6d1e\u6765\u52a0\u5f3a\u73b0\u6709\u7684\u4fe1\u606f\u5b89\u5168\u63a7\u5236\u73af\u5883\uff0c\u63d0\u4f9b\u6807\u51c6\u5316\u7684\u5b89\u5168\u548c\u8fd0\u8425\u98ce\u9669\u7ba1\u7406\uff0c\u5e76\u5bfb\u6c42\u89c4\u8303\u5316\u5b89\u5168\u671f\u671b\u3001\u4e91\u5206\u7c7b\u548c\u672f\u8bed\u4ee5\u53ca\u5728\u4e91\u4e2d\u5b9e\u65bd\u7684\u5b89\u5168\u63aa\u65bd\u3002 ISO 27001/2:2013 ISO 27001/2\uff1a2013 \u8ba4\u8bc1 ISO 27001 \u4fe1\u606f\u5b89\u5168\u6807\u51c6\u548c\u8ba4\u8bc1\u591a\u5e74\u6765\u4e00\u76f4\u7528\u4e8e\u8bc4\u4f30\u548c\u533a\u5206\u7ec4\u7ec7\u662f\u5426\u7b26\u5408\u4fe1\u606f\u5b89\u5168\u6700\u4f73\u5b9e\u8df5\u3002\u8be5\u6807\u51c6\u7531\u4e24\u90e8\u5206\u7ec4\u6210\uff1a\u5b9a\u4e49\u4fe1\u606f\u5b89\u5168\u7ba1\u7406\u7cfb\u7edf \uff08ISMS\uff09 \u7684\u5f3a\u5236\u6027\u6761\u6b3e\u548c\u5305\u542b\u6309\u9886\u57df\u7ec4\u7ec7\u7684\u63a7\u5236\u5217\u8868\u7684\u9644\u5f55 A\u3002 \u4fe1\u606f\u5b89\u5168\u7ba1\u7406\u7cfb\u7edf\u901a\u8fc7\u5e94\u7528\u98ce\u9669\u7ba1\u7406\u6d41\u7a0b\u6765\u4fdd\u6301\u4fe1\u606f\u7684\u673a\u5bc6\u6027\u3001\u5b8c\u6574\u6027\u548c\u53ef\u7528\u6027\uff0c\u5e76\u4f7f\u76f8\u5173\u65b9\u76f8\u4fe1\u98ce\u9669\u5f97\u5230\u5145\u5206\u7ba1\u7406\u3002 \u53ef\u4fe1\u5b89\u5168\u539f\u5219 \u4fe1\u6258\u670d\u52a1\u662f\u4e00\u5957\u57fa\u4e8e\u4e00\u5957\u6838\u5fc3\u539f\u5219\u548c\u6807\u51c6\u7684\u4e13\u4e1a\u8ba4\u8bc1\u548c\u54a8\u8be2\u670d\u52a1\uff0c\u7528\u4e8e\u89e3\u51b3 IT \u7cfb\u7edf\u548c\u9690\u79c1\u8ba1\u5212\u7684\u98ce\u9669\u548c\u673a\u9047\u3002\u901a\u5e38\u79f0\u4e3a SOC \u5ba1\u8ba1\uff0c\u8fd9\u4e9b\u539f\u5219\u5b9a\u4e49\u4e86\u8981\u6c42\u662f\u4ec0\u4e48\uff0c\u7ec4\u7ec7\u6709\u8d23\u4efb\u5b9a\u4e49\u6ee1\u8db3\u8981\u6c42\u7684\u63a7\u5236\u63aa\u65bd\u3002","title":"\u5e38\u7528\u63a7\u5236\u6846\u67b6"},{"location":"security/security-guide/#_308","text":"OpenStack\u5728\u8bb8\u591a\u65b9\u9762\u90fd\u662f\u521b\u65b0\u7684\uff0c\u4f46\u662f\u7528\u4e8e\u5ba1\u8ba1OpenStack\u90e8\u7f72\u7684\u8fc7\u7a0b\u76f8\u5f53\u666e\u904d\u3002\u5ba1\u6838\u5458\u5c06\u6839\u636e\u4e24\u4e2a\u6807\u51c6\u8bc4\u4f30\u6d41\u7a0b\uff1a\u63a7\u5236\u662f\u5426\u6709\u6548\u8bbe\u8ba1\u4ee5\u53ca\u63a7\u5236\u662f\u5426\u6709\u6548\u8fd0\u884c\u3002\u4e86\u89e3\u5ba1\u8ba1\u5e08\u5982\u4f55\u8bc4\u4f30\u63a7\u5236\u63aa\u65bd\u662f\u5426\u6709\u6548\u8bbe\u8ba1\u548c\u8fd0\u884c\uff0c\u5c06\u5728\u201c\u4e86\u89e3\u5ba1\u8ba1\u8fc7\u7a0b\u201d\u4e00\u8282\u4e2d\u8ba8\u8bba\u3002 \u7528\u4e8e\u5ba1\u6838\u548c\u8bc4\u4f30\u4e91\u90e8\u7f72\u7684\u6700\u5e38\u89c1\u6846\u67b6\u5305\u62ec\u524d\u9762\u63d0\u5230\u7684 ISO 27001/2 \u4fe1\u606f\u5b89\u5168\u6807\u51c6\u3001ISACA \u7684\u4fe1\u606f\u548c\u76f8\u5173\u6280\u672f\u63a7\u5236\u76ee\u6807 \uff08COBIT\uff09 \u6846\u67b6\u3001\u7279\u96f7\u5fb7\u97e6\u59d4\u5458\u4f1a\u8d5e\u52a9\u7ec4\u7ec7\u59d4\u5458\u4f1a \uff08COSO\uff09 \u548c\u4fe1\u606f\u6280\u672f\u57fa\u7840\u8bbe\u65bd\u5e93 \uff08ITIL\uff09\u3002\u5ba1\u8ba1\u901a\u5e38\u5305\u62ec\u4e00\u4e2a\u6216\u591a\u4e2a\u8fd9\u4e9b\u6846\u67b6\u4e2d\u7684\u91cd\u70b9\u9886\u57df\u3002\u5e78\u8fd0\u7684\u662f\uff0c\u8fd9\u4e9b\u6846\u67b6\u4e4b\u95f4\u6709\u5f88\u591a\u91cd\u53e0\uff0c\u56e0\u6b64\u91c7\u7528\u6846\u67b6\u7684\u7ec4\u7ec7\u5c06\u5728\u5ba1\u8ba1\u65f6\u5904\u4e8e\u6709\u5229\u5730\u4f4d\u3002","title":"\u5ba1\u8ba1\u53c2\u8003"},{"location":"security/security-guide/#_309","text":"\u4fe1\u606f\u7cfb\u7edf\u5b89\u5168\u5408\u89c4\u6027\u4f9d\u8d56\u4e8e\u4e24\u4e2a\u57fa\u672c\u6d41\u7a0b\u7684\u5b8c\u6210\uff1a \u5b89\u5168\u63a7\u5236\u7684\u5b9e\u65bd\u548c\u64cd\u4f5c \u4f7f\u4fe1\u606f\u7cfb\u7edf\u4e0e\u8303\u56f4\u5185\u7684\u6807\u51c6\u548c\u6cd5\u89c4\u4fdd\u6301\u4e00\u81f4\u6d89\u53ca\u5185\u90e8\u4efb\u52a1\uff0c\u8fd9\u4e9b\u4efb\u52a1\u5fc5\u987b\u5728\u6b63\u5f0f\u8bc4\u4f30\u4e4b\u524d\u8fdb\u884c\u3002\u5ba1\u6838\u5458\u53ef\u80fd\u4f1a\u53c2\u4e0e\u6b64\u72b6\u6001\uff0c\u4ee5\u8fdb\u884c\u5dee\u8ddd\u5206\u6790\uff0c\u63d0\u4f9b\u6307\u5bfc\uff0c\u5e76\u589e\u52a0\u6210\u529f\u8ba4\u8bc1\u7684\u53ef\u80fd\u6027\u3002 \u72ec\u7acb\u9a8c\u8bc1\u548c\u786e\u8ba4 \u5728\u8bb8\u591a\u4fe1\u606f\u7cfb\u7edf\u83b7\u5f97\u8ba4\u8bc1\u72b6\u6001\u4e4b\u524d\uff0c\u9700\u8981\u5411\u4e2d\u7acb\u7684\u7b2c\u4e09\u65b9\u8bc1\u660e\u7cfb\u7edf\u5b89\u5168\u63a7\u5236\u5df2\u5b9e\u65bd\u5e76\u6709\u6548\u8fd0\u884c\uff0c\u7b26\u5408\u8303\u56f4\u5185\u7684\u6807\u51c6\u548c\u6cd5\u89c4\u3002\u8bb8\u591a\u8ba4\u8bc1\u9700\u8981\u5b9a\u671f\u5ba1\u6838\uff0c\u4ee5\u786e\u4fdd\u6301\u7eed\u8ba4\u8bc1\uff0c\u8fd9\u88ab\u8ba4\u4e3a\u662f\u603b\u4f53\u6301\u7eed\u76d1\u63a7\u5b9e\u8df5\u7684\u4e00\u90e8\u5206\u3002","title":"\u4e86\u89e3\u5ba1\u6838\u6d41\u7a0b"},{"location":"security/security-guide/#_310","text":"\u786e\u5b9a\u5ba1\u8ba1\u8303\u56f4\uff0c\u7279\u522b\u662f\u9700\u8981\u54ea\u4e9b\u63a7\u5236\u63aa\u65bd\uff0c\u4ee5\u53ca\u5982\u4f55\u8bbe\u8ba1\u6216\u4fee\u6539OpenStack\u90e8\u7f72\u4ee5\u6ee1\u8db3\u8fd9\u4e9b\u63a7\u5236\u63aa\u65bd\uff0c\u5e94\u8be5\u662f\u6700\u521d\u7684\u89c4\u5212\u6b65\u9aa4\u3002 \u5728\u51fa\u4e8e\u5408\u89c4\u6027\u76ee\u7684\u786e\u5b9a OpenStack \u90e8\u7f72\u8303\u56f4\u65f6\uff0c\u5e94\u4f18\u5148\u8003\u8651\u5bf9\u654f\u611f\u670d\u52a1\u7684\u63a7\u5236\uff0c\u4f8b\u5982\u547d\u4ee4\u548c\u63a7\u5236\u529f\u80fd\u4ee5\u53ca\u57fa\u672c\u865a\u62df\u5316\u6280\u672f\u3002\u8fd9\u4e9b\u8bbe\u65bd\u7684\u59a5\u534f\u53ef\u80fd\u4f1a\u5f71\u54cd\u6574\u4e2a OpenStack \u73af\u5883\u3002 \u7f29\u5c0f\u8303\u56f4\u6709\u52a9\u4e8e\u786e\u4fdd OpenStack \u67b6\u6784\u5e08\u5efa\u7acb\u9488\u5bf9\u7279\u5b9a\u90e8\u7f72\u91cf\u8eab\u5b9a\u5236\u7684\u9ad8\u8d28\u91cf\u5b89\u5168\u63a7\u5236\uff0c\u4f46\u6700\u91cd\u8981\u7684\u662f\u786e\u4fdd\u8fd9\u4e9b\u5b9e\u8df5\u4e0d\u4f1a\u9057\u6f0f\u5b89\u5168\u5f3a\u5316\u4e2d\u7684\u533a\u57df\u6216\u529f\u80fd\u3002\u4e00\u4e2a\u5e38\u89c1\u7684\u4f8b\u5b50\u662fPCI-DSS\u51c6\u5219\uff0c\u5176\u4e2d\u4e0e\u652f\u4ed8\u76f8\u5173\u7684\u57fa\u7840\u8bbe\u65bd\u53ef\u80fd\u4f1a\u53d7\u5230\u5b89\u5168\u95ee\u9898\u7684\u5ba1\u67e5\uff0c\u4f46\u652f\u6301\u670d\u52a1\u88ab\u5ffd\u89c6\uff0c\u5e76\u4e14\u5bb9\u6613\u53d7\u5230\u653b\u51fb\u3002 \u5728\u89e3\u51b3\u5408\u89c4\u6027\u95ee\u9898\u65f6\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u786e\u5b9a\u9002\u7528\u4e8e\u591a\u4e2a\u8ba4\u8bc1\u7684\u5e38\u89c1\u9886\u57df\u548c\u6807\u51c6\u6765\u63d0\u9ad8\u6548\u7387\u5e76\u51cf\u5c11\u5de5\u4f5c\u91cf\u3002\u672c\u4e66\u4e2d\u8ba8\u8bba\u7684\u8bb8\u591a\u5ba1\u8ba1\u539f\u5219\u548c\u51c6\u5219\u5c06\u6709\u52a9\u4e8e\u786e\u5b9a\u8fd9\u4e9b\u63a7\u5236\u63aa\u65bd\uff0c\u6b64\u5916\uff0c\u4e00\u4e9b\u5916\u90e8\u5b9e\u4f53\u63d0\u4f9b\u4e86\u5168\u9762\u7684\u6e05\u5355\u3002\u4ee5\u4e0b\u662f\u4e00\u4e9b\u793a\u4f8b\uff1a \u4e91\u5b89\u5168\u8054\u76df\u4e91\u63a7\u5236\u77e9\u9635 \uff08CCM\uff09 \u53ef\u5e2e\u52a9\u4e91\u63d0\u4f9b\u5546\u548c\u6d88\u8d39\u8005\u8bc4\u4f30\u4e91\u63d0\u4f9b\u5546\u7684\u6574\u4f53\u5b89\u5168\u6027\u3002CSA CMM \u63d0\u4f9b\u4e86\u4e00\u4e2a\u63a7\u5236\u6846\u67b6\uff0c\u8be5\u6846\u67b6\u6620\u5c04\u5230\u8bb8\u591a\u884c\u4e1a\u516c\u8ba4\u7684\u6807\u51c6\u548c\u6cd5\u89c4\uff0c\u5305\u62ec ISO 27001/2\u3001ISACA\u3001COBIT\u3001PCI\u3001NIST\u3001Jericho Forum \u548c NERC CIP\u3002 \u300aSCAP \u5b89\u5168\u6307\u5357\u300b\u662f\u53e6\u4e00\u4e2a\u6709\u7528\u7684\u53c2\u8003\u3002\u8fd9\u4ecd\u7136\u662f\u4e00\u4e2a\u65b0\u5174\u7684\u6765\u6e90\uff0c\u4f46\u6211\u4eec\u9884\u8ba1\u8fd9\u5c06\u53d1\u5c55\u6210\u4e3a\u4e00\u4e2a\u5de5\u5177\uff0c\u5176\u63a7\u4ef6\u6620\u5c04\u66f4\u4fa7\u91cd\u4e8e\u7f8e\u56fd\u8054\u90a6\u653f\u5e9c\u7684\u8ba4\u8bc1\u548c\u5efa\u8bae\u3002\u4f8b\u5982\uff0cSCAP \u5b89\u5168\u6307\u5357\u76ee\u524d\u5305\u542b\u5b89\u5168\u6280\u672f\u5b9e\u65bd\u6307\u5357 \uff08STIG\uff09 \u548c NIST-800-53 \u7684\u4e00\u4e9b\u6620\u5c04\u3002 \u8fd9\u4e9b\u63a7\u5236\u6620\u5c04\u5c06\u6709\u52a9\u4e8e\u8bc6\u522b\u8de8\u8ba4\u8bc1\u7684\u901a\u7528\u63a7\u5236\u6807\u51c6\uff0c\u5e76\u4e3a\u5ba1\u6838\u5458\u548c\u88ab\u5ba1\u6838\u65b9\u63d0\u4f9b\u5bf9\u7279\u5b9a\u5408\u89c4\u6027\u8ba4\u8bc1\u548c\u8bc1\u660e\u7684\u63a7\u5236\u96c6\u4e2d\u95ee\u9898\u533a\u57df\u7684\u53ef\u89c1\u6027\u3002","title":"\u786e\u5b9a\u5ba1\u8ba1\u8303\u56f4"},{"location":"security/security-guide/#_311","text":"\u5ba1\u8ba1\u6709\u56db\u4e2a\u4e0d\u540c\u7684\u9636\u6bb5\uff0c\u5c3d\u7ba1\u5927\u591a\u6570\u5229\u76ca\u76f8\u5173\u8005\u548c\u63a7\u5236\u6240\u6709\u8005\u53ea\u4f1a\u53c2\u4e0e\u4e00\u4e24\u4e2a\u9636\u6bb5\u3002\u56db\u4e2a\u9636\u6bb5\u662f\u89c4\u5212\u3001\u5b9e\u5730\u8003\u5bdf\u3001\u62a5\u544a\u548c\u603b\u7ed3\u3002\u4e0b\u9762\u5c06\u8ba8\u8bba\u8fd9\u4e9b\u9636\u6bb5\u4e2d\u7684\u6bcf\u4e00\u4e2a\u3002 \u89c4\u5212\u9636\u6bb5\u901a\u5e38\u5728\u5b9e\u5730\u5de5\u4f5c\u5f00\u59cb\u524d\u4e24\u5468\u5230\u516d\u4e2a\u6708\u8fdb\u884c\u3002\u5728\u6b64\u9636\u6bb5\uff0c\u5c06\u8ba8\u8bba\u5e76\u6700\u7ec8\u786e\u5b9a\u65f6\u95f4\u8303\u56f4\u3001\u65f6\u95f4\u8868\u3001\u8981\u8bc4\u4f30\u7684\u63a7\u5236\u63aa\u65bd\u548c\u63a7\u5236\u6240\u6709\u8005\u7b49\u5ba1\u8ba1\u9879\u76ee\u3002\u5bf9\u8d44\u6e90\u53ef\u7528\u6027\u3001\u516c\u6b63\u6027\u548c\u6210\u672c\u7684\u62c5\u5fe7\u4e5f\u5f97\u5230\u4e86\u89e3\u51b3\u3002 \u5b9e\u5730\u8003\u5bdf\u9636\u6bb5\u662f\u5ba1\u8ba1\u4e2d\u6700\u660e\u663e\u7684\u90e8\u5206\u3002\u8fd9\u662f\u5ba1\u8ba1\u5458\u5728\u73b0\u573a\u7684\u5730\u65b9\uff0c\u4e0e\u63a7\u5236\u6240\u6709\u8005\u9762\u8c08\uff0c\u8bb0\u5f55\u73b0\u6709\u7684\u63a7\u5236\u63aa\u65bd\uff0c\u5e76\u786e\u5b9a\u4efb\u4f55\u95ee\u9898\u3002\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u5ba1\u8ba1\u5e08\u5c06\u4f7f\u7528\u4e24\u90e8\u5206\u6d41\u7a0b\u6765\u8bc4\u4f30\u73b0\u6709\u7684\u63a7\u5236\u63aa\u65bd\u3002\u7b2c\u4e00\u90e8\u5206\u662f\u8bc4\u4f30\u63a7\u5236\u7684\u8bbe\u8ba1\u6709\u6548\u6027\u3002\u5728\u8fd9\u91cc\uff0c\u5ba1\u8ba1\u5458\u5c06\u8bc4\u4f30\u63a7\u5236\u662f\u5426\u80fd\u591f\u6709\u6548\u5730\u9884\u9632\u6216\u68c0\u6d4b\u548c\u7ea0\u6b63\u5f31\u70b9\u548c\u7f3a\u9677\u3002\u63a7\u4ef6\u5fc5\u987b\u901a\u8fc7\u6b64\u6d4b\u8bd5\u624d\u80fd\u5728\u7b2c\u4e8c\u9636\u6bb5\u8fdb\u884c\u8bc4\u4f30\u3002\u8fd9\u662f\u56e0\u4e3a\u5bf9\u4e8e\u8bbe\u8ba1\u65e0\u6548\u7684\u63a7\u4ef6\uff0c\u6ca1\u6709\u5fc5\u8981\u8003\u8651\u5b83\u662f\u5426\u6709\u6548\u8fd0\u884c\u3002\u7b2c\u4e8c\u90e8\u5206\u662f\u8fd0\u8425\u6548\u7387\u3002\u64cd\u4f5c\u6709\u6548\u6027\u6d4b\u8bd5\u5c06\u786e\u5b9a\u5982\u4f55\u5e94\u7528\u63a7\u5236\u63aa\u65bd\uff0c\u5e94\u7528\u63a7\u5236\u63aa\u65bd\u7684\u4e00\u81f4\u6027\u4ee5\u53ca\u7531\u8c01\u6216\u4ee5\u4f55\u79cd\u65b9\u5f0f\u5e94\u7528\u63a7\u5236\u63aa\u65bd\u3002\u4e00\u9879\u63a7\u5236\u53ef\u80fd\u4f9d\u8d56\u4e8e\u5176\u4ed6\u63a7\u5236\uff08\u95f4\u63a5\u63a7\u5236\uff09\uff0c\u5982\u679c\u5b83\u4eec\u4f9d\u8d56\u4e8e\u5176\u4ed6\u63a7\u5236\uff0c\u5219\u5ba1\u8ba1\u5e08\u53ef\u80fd\u9700\u8981\u989d\u5916\u7684\u8bc1\u636e\u6765\u8bc1\u660e\u8fd9\u4e9b\u95f4\u63a5\u63a7\u5236\u7684\u8fd0\u4f5c\u6709\u6548\u6027\uff0c\u4ee5\u786e\u5b9a\u63a7\u5236\u7684\u6574\u4f53\u8fd0\u4f5c\u6709\u6548\u6027\u3002 \u5728\u62a5\u544a\u9636\u6bb5\uff0c\u7ba1\u7406\u5c42\u5c06\u5bf9\u5728\u5b9e\u5730\u5de5\u4f5c\u9636\u6bb5\u53d1\u73b0\u7684\u4efb\u4f55\u95ee\u9898\u8fdb\u884c\u9a8c\u8bc1\u3002\u51fa\u4e8e\u540e\u52e4\u76ee\u7684\uff0c\u4e00\u4e9b\u6d3b\u52a8\uff08\u4f8b\u5982\u95ee\u9898\u9a8c\u8bc1\uff09\u53ef\u80fd\u4f1a\u5728\u5b9e\u5730\u5de5\u4f5c\u9636\u6bb5\u6267\u884c\u3002\u7ba1\u7406\u5c42\u8fd8\u9700\u8981\u63d0\u4f9b\u8865\u6551\u8ba1\u5212\u6765\u89e3\u51b3\u95ee\u9898\uff0c\u5e76\u786e\u4fdd\u5b83\u4eec\u4e0d\u4f1a\u518d\u6b21\u53d1\u751f\u3002\u5c06\u5411\u5229\u76ca\u6538\u5173\u65b9\u548c\u7ba1\u7406\u5c42\u5206\u53d1\u4e00\u4efd\u603b\u4f53\u62a5\u544a\u8349\u7a3f\uff0c\u4f9b\u5176\u5ba1\u67e5\u3002\u5546\u5b9a\u7684\u4fee\u6539\u88ab\u7eb3\u5165\uff0c\u66f4\u65b0\u540e\u7684\u8349\u6848\u5c06\u9001\u4ea4\u9ad8\u7ea7\u7ba1\u7406\u5c42\u5ba1\u67e5\u548c\u6279\u51c6\u3002\u4e00\u65e6\u9ad8\u7ea7\u7ba1\u7406\u5c42\u6279\u51c6\u62a5\u544a\uff0c\u8be5\u62a5\u544a\u5c31\u4f1a\u5b9a\u7a3f\u5e76\u5206\u53d1\u7ed9\u6267\u884c\u7ba1\u7406\u5c42\u3002\u4efb\u4f55\u95ee\u9898\u90fd\u4f1a\u8f93\u5165\u5230\u7ec4\u7ec7\u4f7f\u7528\u7684\u95ee\u9898\u8ddf\u8e2a\u6216\u98ce\u9669\u8ddf\u8e2a\u673a\u5236\u4e2d\u3002 \u603b\u7ed3\u9636\u6bb5\u662f\u5ba1\u8ba1\u6b63\u5f0f\u7ec8\u6b62\u7684\u5730\u65b9\u3002\u6b64\u65f6\uff0c\u7ba1\u7406\u5c42\u5c06\u5f00\u59cb\u6574\u6539\u6d3b\u52a8\u3002\u4f7f\u7528\u8fc7\u7a0b\u548c\u901a\u77e5\u786e\u4fdd\u5c06\u4efb\u4f55\u4e0e\u5ba1\u8ba1\u76f8\u5173\u7684\u4fe1\u606f\u90fd\u88ab\u79fb\u81f3\u5b89\u5168\u5b58\u50a8\u5e930\u3002","title":"\u5ba1\u8ba1\u7684\u9636\u6bb5"},{"location":"security/security-guide/#_312","text":"\u90e8\u7f72\u4e91\u540e\uff0c\u5c31\u8be5\u8fdb\u884c\u5185\u90e8\u5ba1\u8ba1\u4e86\u3002\u73b0\u5728\u662f\u65f6\u5019\u5c06\u4e0a\u9762\u786e\u5b9a\u7684\u63a7\u4ef6\u4e0e\u4e91\u4e2d\u4f7f\u7528\u7684\u8bbe\u8ba1\u3001\u529f\u80fd\u548c\u90e8\u7f72\u7b56\u7565\u8fdb\u884c\u6bd4\u8f83\u4e86\u3002\u76ee\u6807\u662f\u4e86\u89e3\u6bcf\u4e2a\u63a7\u4ef6\u7684\u5904\u7406\u65b9\u5f0f\u4ee5\u53ca\u5b58\u5728\u5dee\u8ddd\u7684\u4f4d\u7f6e\u3002\u8bb0\u5f55\u6240\u6709\u53d1\u73b0\u4ee5\u5907\u5c06\u6765\u53c2\u8003\u3002 \u5728\u5ba1\u8ba1OpenStack\u4e91\u65f6\uff0c\u4e86\u89e3OpenStack\u67b6\u6784\u56fa\u6709\u7684\u591a\u79df\u6237\u73af\u5883\u662f\u5f88\u91cd\u8981\u7684\u3002\u9700\u8981\u5173\u6ce8\u7684\u4e00\u4e9b\u5173\u952e\u9886\u57df\u5305\u62ec\u6570\u636e\u5904\u7f6e\u3001\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5b89\u5168\u6027\u3001\u8282\u70b9\u5f3a\u5316\u548c\u8eab\u4efd\u9a8c\u8bc1\u673a\u5236\u3002","title":"\u5185\u90e8\u5ba1\u8ba1"},{"location":"security/security-guide/#_313","text":"\u4e00\u65e6\u5185\u90e8\u5ba1\u8ba1\u7ed3\u679c\u770b\u8d77\u6765\u4e0d\u9519\uff0c\u5c31\u8be5\u4e3a\u5916\u90e8\u5ba1\u8ba1\u505a\u51c6\u5907\u4e86\u3002\u5728\u6b64\u9636\u6bb5\u9700\u8981\u91c7\u53d6\u51e0\u9879\u5173\u952e\u884c\u52a8\uff0c\u8fd9\u4e9b\u884c\u52a8\u6982\u8ff0\u5982\u4e0b\uff1a \u4fdd\u6301\u5185\u90e8\u5ba1\u8ba1\u7684\u826f\u597d\u8bb0\u5f55\u3002\u8fd9\u4e9b\u5c06\u5728\u5916\u90e8\u5ba1\u8ba1\u671f\u95f4\u8bc1\u660e\u5f88\u6709\u7528\uff0c\u56e0\u6b64\u60a8\u53ef\u4ee5\u51c6\u5907\u597d\u56de\u7b54\u6709\u5173\u5c06\u5408\u89c4\u6027\u63a7\u5236\u6620\u5c04\u5230\u7279\u5b9a\u90e8\u7f72\u7684\u95ee\u9898\u3002 \u90e8\u7f72\u81ea\u52a8\u5316\u6d4b\u8bd5\u5de5\u5177\uff0c\u786e\u4fdd\u4e91\u957f\u671f\u4fdd\u6301\u5408\u89c4\u3002 \u9009\u62e9\u5ba1\u8ba1\u5458\u3002 \u9009\u62e9\u5ba1\u8ba1\u5e08\u53ef\u80fd\u5177\u6709\u6311\u6218\u6027\u3002\u7406\u60f3\u60c5\u51b5\u4e0b\uff0c\u60a8\u6b63\u5728\u5bfb\u627e\u5177\u6709\u4e91\u5408\u89c4\u6027\u5ba1\u6838\u7ecf\u9a8c\u7684\u4eba\u3002OpenStack\u7ecf\u9a8c\u662f\u53e6\u4e00\u5927\u4f18\u52bf\u3002\u901a\u5e38\uff0c\u6700\u597d\u54a8\u8be2\u7ecf\u5386\u8fc7\u6b64\u8fc7\u7a0b\u7684\u4eba\u8fdb\u884c\u8f6c\u8bca\u3002\u6210\u672c\u53ef\u80fd\u4f1a\u56e0\u53c2\u4e0e\u8303\u56f4\u548c\u6240\u8003\u8651\u7684\u5ba1\u8ba1\u516c\u53f8\u800c\u6709\u5f88\u5927\u5dee\u5f02\u3002","title":"\u51c6\u5907\u5916\u90e8\u5ba1\u8ba1"},{"location":"security/security-guide/#_314","text":"\u8fd9\u662f\u6b63\u5f0f\u7684\u5ba1\u8ba1\u8fc7\u7a0b\u3002\u5ba1\u8ba1\u5458\u5c06\u6d4b\u8bd5\u7279\u5b9a\u8ba4\u8bc1\u8303\u56f4\u5185\u7684\u5b89\u5168\u63a7\u5236\u63aa\u65bd\uff0c\u5e76\u8981\u6c42\u63d0\u4f9b\u8bc1\u636e\u8981\u6c42\uff0c\u4ee5\u8bc1\u660e\u8fd9\u4e9b\u63a7\u5236\u63aa\u65bd\u5728\u5ba1\u8ba1\u7a97\u53e3\u5185\u4e5f\u5df2\u5230\u4f4d\uff08\u4f8b\u5982\uff0cSOC 2 \u5ba1\u8ba1\u901a\u5e38\u5728 6-12 \u4e2a\u6708\u5185\u8bc4\u4f30\u5b89\u5168\u63a7\u5236\u63aa\u65bd\uff09\u3002\u4efb\u4f55\u63a7\u5236\u5931\u8d25\u90fd\u4f1a\u88ab\u8bb0\u5f55\u4e0b\u6765\uff0c\u5e76\u5c06\u8bb0\u5f55\u5728\u5916\u90e8\u5ba1\u8ba1\u5e08\u7684\u6700\u7ec8\u62a5\u544a\u4e2d\u3002\u6839\u636e OpenStack \u90e8\u7f72\u7684\u7c7b\u578b\uff0c\u5ba2\u6237\u53ef\u80fd\u4f1a\u67e5\u770b\u8fd9\u4e9b\u62a5\u544a\uff0c\u56e0\u6b64\u907f\u514d\u63a7\u5236\u5931\u8d25\u975e\u5e38\u91cd\u8981\u3002\u8fd9\u5c31\u662f\u4e3a\u4ec0\u4e48\u5ba1\u8ba1\u51c6\u5907\u5982\u6b64\u91cd\u8981\u7684\u539f\u56e0\u3002","title":"\u5916\u90e8\u5ba1\u8ba1"},{"location":"security/security-guide/#_315","text":"\u8be5\u8fc7\u7a0b\u4e0d\u4f1a\u56e0\u5355\u4e00\u7684\u5916\u90e8\u5ba1\u8ba1\u800c\u7ed3\u675f\u3002\u5927\u591a\u6570\u8ba4\u8bc1\u90fd\u9700\u8981\u6301\u7eed\u7684\u5408\u89c4\u6d3b\u52a8\uff0c\u8fd9\u610f\u5473\u7740\u8981\u5b9a\u671f\u91cd\u590d\u5ba1\u6838\u8fc7\u7a0b\u3002\u6211\u4eec\u5efa\u8bae\u5c06\u81ea\u52a8\u5408\u89c4\u6027\u9a8c\u8bc1\u5de5\u5177\u96c6\u6210\u5230\u4e91\u4e2d\uff0c\u4ee5\u786e\u4fdd\u5176\u59cb\u7ec8\u5408\u89c4\u3002\u9664\u4e86\u5176\u4ed6\u5b89\u5168\u76d1\u63a7\u5de5\u5177\u4e4b\u5916\uff0c\u8fd8\u5e94\u8be5\u8fd9\u6837\u505a\u3002\u8bf7\u8bb0\u4f4f\uff0c\u76ee\u6807\u65e2\u662f\u5b89\u5168\u6027\uff0c\u4e5f\u662f\u5408\u89c4\u6027\u3002\u5982\u679c\u5728\u4e0a\u8ff0\u4efb\u4f55\u4e00\u9879\u65b9\u9762\u90fd\u5931\u8d25\uff0c\u5c06\u4f7f\u672a\u6765\u7684\u5ba1\u8ba1\u53d8\u5f97\u975e\u5e38\u590d\u6742\u3002","title":"\u5408\u89c4\u6027\u7ef4\u62a4"},{"location":"security/security-guide/#_316","text":"\u6709\u8bb8\u591a\u6807\u51c6\u6d3b\u52a8\u5c06\u6781\u5927\u5730\u5e2e\u52a9\u5408\u89c4\u8fc7\u7a0b\u3002\u672c\u7ae0\u6982\u8ff0\u4e86\u4e00\u4e9b\u6700\u5e38\u89c1\u7684\u5408\u89c4\u6027\u6d3b\u52a8\u3002\u8fd9\u4e9b\u5e76\u4e0d\u662fOpenStack\u6240\u7279\u6709\u7684\uff0c\u4f46\u662f\u672c\u4e66\u4e2d\u63d0\u4f9b\u4e86\u76f8\u5173\u7ae0\u8282\u7684\u53c2\u8003\u8d44\u6599\uff0c\u4f5c\u4e3a\u6709\u7528\u7684\u4e0a\u4e0b\u6587\u3002","title":"\u5408\u89c4\u6d3b\u52a8"},{"location":"security/security-guide/#isms","text":"\u4fe1\u606f\u5b89\u5168\u7ba1\u7406\u7cfb\u7edf \uff08ISMS\uff09 \u662f\u7ec4\u7ec7\u521b\u5efa\u548c\u7ef4\u62a4\u7684\u4e00\u5957\u5168\u9762\u7684\u7b56\u7565\u548c\u6d41\u7a0b\uff0c\u7528\u4e8e\u7ba1\u7406\u4fe1\u606f\u8d44\u4ea7\u7684\u98ce\u9669\u3002\u4e91\u90e8\u7f72\u6700\u5e38\u89c1\u7684 ISMS \u662f ISO/IEC 27001/2\uff0c\u5b83\u4e3a\u5b89\u5168\u63a7\u5236\u548c\u5b9e\u8df5\u5960\u5b9a\u4e86\u575a\u5b9e\u7684\u57fa\u7840\uff0c\u4ee5\u5b9e\u73b0\u66f4\u4e25\u683c\u7684\u5408\u89c4\u6027\u8ba4\u8bc1\u3002\u8be5\u6807\u51c6\u4e8e 2013 \u5e74\u8fdb\u884c\u4e86\u66f4\u65b0\uff0c\u4ee5\u53cd\u6620\u4e91\u670d\u52a1\u7684\u65e5\u76ca\u4f7f\u7528\uff0c\u5e76\u66f4\u52a0\u5f3a\u8c03\u8861\u91cf\u548c\u8bc4\u4f30\u7ec4\u7ec7\u7684 ISMS \u6027\u80fd\u3002","title":"\u4fe1\u606f\u5b89\u5168\u7ba1\u7406\u7cfb\u7edf \uff08ISMS\uff09"},{"location":"security/security-guide/#_317","text":"\u98ce\u9669\u8bc4\u4f30\u6846\u67b6\u53ef\u8bc6\u522b\u7ec4\u7ec7\u6216\u670d\u52a1\u4e2d\u7684\u98ce\u9669\uff0c\u5e76\u6307\u5b9a\u8fd9\u4e9b\u98ce\u9669\u7684\u6240\u6709\u6743\uff0c\u4ee5\u53ca\u5b9e\u65bd\u548c\u7f13\u89e3\u7b56\u7565\u3002\u98ce\u9669\u9002\u7528\u4e8e\u670d\u52a1\u7684\u6240\u6709\u9886\u57df\uff0c\u4ece\u6280\u672f\u63a7\u5236\u5230\u73af\u5883\u707e\u96be\u573a\u666f\u548c\u4eba\u4e3a\u56e0\u7d20\u3002\u4f8b\u5982\uff0c\u6076\u610f\u5185\u90e8\u4eba\u5458\u3002\u53ef\u4ee5\u4f7f\u7528\u591a\u79cd\u673a\u5236\u5bf9\u98ce\u9669\u8fdb\u884c\u8bc4\u7ea7\u3002\u4f8b\u5982\uff0c\u53ef\u80fd\u6027\u4e0e\u5f71\u54cd\u3002OpenStack \u90e8\u7f72\u98ce\u9669\u8bc4\u4f30\u53ef\u4ee5\u5305\u62ec\u63a7\u5236\u5dee\u8ddd\u3002","title":"\u98ce\u9669\u8bc4\u4f30"},{"location":"security/security-guide/#_318","text":"\u9700\u8981\u5b9a\u671f\u8bbf\u95ee\u548c\u65e5\u5fd7\u5ba1\u67e5\uff0c\u4ee5\u786e\u4fdd\u670d\u52a1\u90e8\u7f72\u4e2d\u7684\u8eab\u4efd\u9a8c\u8bc1\u3001\u6388\u6743\u548c\u95ee\u8d23\u5236\u3002\u6709\u5173\u8fd9\u4e9b\u4e3b\u9898\u7684 OpenStack \u7684\u5177\u4f53\u6307\u5357\u5728\u76d1\u63a7\u548c\u65e5\u5fd7\u8bb0\u5f55\u4e2d\u8fdb\u884c\u4e86\u6df1\u5165\u8ba8\u8bba\u3002 OpenStack Identity \u670d\u52a1\u652f\u6301\u4e91\u5ba1\u8ba1\u6570\u636e\u8054\u5408 \uff08CADF\uff09 \u901a\u77e5\uff0c\u63d0\u4f9b\u5ba1\u8ba1\u6570\u636e\u4ee5\u7b26\u5408\u5b89\u5168\u6027\u3001\u64cd\u4f5c\u548c\u4e1a\u52a1\u6d41\u7a0b\u3002\u6709\u5173\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 Keystone \u5f00\u53d1\u4eba\u5458\u6587\u6863\u3002","title":"\u8bbf\u95ee\u548c\u65e5\u5fd7\u5ba1\u67e5"},{"location":"security/security-guide/#_319","text":"\u707e\u96be\u6062\u590d \uff08DR\uff09 \u548c\u4e1a\u52a1\u8fde\u7eed\u6027\u89c4\u5212 \uff08BCP\uff09 \u8ba1\u5212\u662f ISMS \u548c\u5408\u89c4\u6027\u6d3b\u52a8\u7684\u5e38\u89c1\u8981\u6c42\u3002\u8fd9\u4e9b\u8ba1\u5212\u5fc5\u987b\u5b9a\u671f\u6d4b\u8bd5\u5e76\u8bb0\u5f55\u5728\u6848\u3002\u5728 OpenStack \u4e2d\uff0c\u5173\u952e\u533a\u57df\u4f4d\u4e8e\u7ba1\u7406\u5b89\u5168\u57df\u4e2d\uff0c\u4ee5\u53ca\u4efb\u4f55\u53ef\u4ee5\u8bc6\u522b\u5355\u70b9\u6545\u969c \uff08SPOF\uff09 \u7684\u5730\u65b9\u3002","title":"\u5907\u4efd\u548c\u707e\u96be\u6062\u590d"},{"location":"security/security-guide/#_320","text":"\u9488\u5bf9\u7279\u5b9a\u89d2\u8272\u7684\u5e74\u5ea6\u5b89\u5168\u57f9\u8bad\u662f\u51e0\u4e4e\u6240\u6709\u5408\u89c4\u6027\u8ba4\u8bc1\u548c\u8bc1\u660e\u7684\u5f3a\u5236\u6027\u8981\u6c42\u3002\u4e3a\u4e86\u4f18\u5316\u5b89\u5168\u57f9\u8bad\u7684\u6709\u6548\u6027\uff0c\u4e00\u79cd\u5e38\u89c1\u7684\u65b9\u6cd5\u662f\u63d0\u4f9b\u7279\u5b9a\u4e8e\u89d2\u8272\u7684\u57f9\u8bad\uff0c\u4f8b\u5982\u5411\u5f00\u53d1\u4eba\u5458\u3001\u64cd\u4f5c\u4eba\u5458\u548c\u975e\u6280\u672f\u4eba\u5458\u63d0\u4f9b\u57f9\u8bad\u3002\u57fa\u4e8e\u6b64\u5f3a\u5316\u6307\u5357\u7684\u5176\u4ed6\u4e91\u5b89\u5168\u6216 OpenStack \u5b89\u5168\u57f9\u8bad\u5c06\u662f\u7406\u60f3\u7684\u9009\u62e9\u3002","title":"\u5b89\u5168\u57f9\u8bad"},{"location":"security/security-guide/#_321","text":"\u7531\u4e8eOpenStack\u662f\u4e00\u4e2a\u6d41\u884c\u7684\u5f00\u6e90\u9879\u76ee\uff0c\u56e0\u6b64\u8bb8\u591a\u4ee3\u7801\u5e93\u548c\u67b6\u6784\u5df2\u7ecf\u8fc7\u4e2a\u4eba\u8d21\u732e\u8005\u3001\u7ec4\u7ec7\u548c\u4f01\u4e1a\u7684\u5ba1\u67e5\u3002\u4ece\u5b89\u5168\u89d2\u5ea6\u6765\u770b\uff0c\u8fd9\u53ef\u80fd\u662f\u6709\u5229\u7684\uff0c\u4f46\u662f\u5bf9\u4e8e\u670d\u52a1\u63d0\u4f9b\u5546\u6765\u8bf4\uff0c\u5b89\u5168\u5ba1\u67e5\u7684\u9700\u6c42\u4ecd\u7136\u662f\u4e00\u4e2a\u5173\u952e\u7684\u8003\u8651\u56e0\u7d20\uff0c\u56e0\u4e3a\u90e8\u7f72\u5404\u4e0d\u76f8\u540c\uff0c\u800c\u4e14\u5b89\u5168\u6027\u5e76\u4e0d\u603b\u662f\u8d21\u732e\u8005\u7684\u4e3b\u8981\u5173\u6ce8\u70b9\u3002\u5168\u9762\u7684\u5b89\u5168\u5ba1\u67e5\u8fc7\u7a0b\u53ef\u80fd\u5305\u62ec\u67b6\u6784\u5ba1\u67e5\u3001\u5a01\u80c1\u5efa\u6a21\u3001\u6e90\u4ee3\u7801\u5206\u6790\u548c\u6e17\u900f\u6d4b\u8bd5\u3002\u6709\u8bb8\u591a\u7528\u4e8e\u8fdb\u884c\u5b89\u5168\u5ba1\u67e5\u7684\u6280\u672f\u548c\u5efa\u8bae\uff0c\u53ef\u4ee5\u5728\u516c\u5f00\u53d1\u5e03\u4e2d\u627e\u5230\u3002\u4e00\u4e2a\u7ecf\u8fc7\u5145\u5206\u6d4b\u8bd5\u7684\u4f8b\u5b50\u662f Microsoft SDL\uff0c\u5b83\u662f\u4f5c\u4e3a Microsoft \u53ef\u4fe1\u8ba1\u7b97\u8ba1\u5212\u7684\u4e00\u90e8\u5206\u521b\u5efa\u7684\u3002","title":"\u5b89\u5168\u5ba1\u67e5"},{"location":"security/security-guide/#_322","text":"\u5b89\u5168\u66f4\u65b0\u5bf9\u4e8e\u4efb\u4f55 IaaS \u90e8\u7f72\uff08\u65e0\u8bba\u662f\u79c1\u6709\u90e8\u7f72\u8fd8\u662f\u516c\u5171\u90e8\u7f72\uff09\u90fd\u81f3\u5173\u91cd\u8981\u3002\u6613\u53d7\u653b\u51fb\u7684\u7cfb\u7edf\u6269\u5927\u4e86\u653b\u51fb\u9762\uff0c\u662f\u653b\u51fb\u8005\u7684\u660e\u663e\u76ee\u6807\u3002\u5e38\u89c1\u7684\u626b\u63cf\u6280\u672f\u548c\u6f0f\u6d1e\u901a\u77e5\u670d\u52a1\u53ef\u4ee5\u5e2e\u52a9\u7f13\u89e3\u8fd9\u79cd\u5a01\u80c1\u3002\u91cd\u8981\u7684\u662f\uff0c\u626b\u63cf\u8981\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\uff0c\u5e76\u4e14\u7f13\u89e3\u7b56\u7565\u8981\u8d85\u8d8a\u7b80\u5355\u7684\u5916\u56f4\u5f3a\u5316\u3002OpenStack \u7b49\u591a\u79df\u6237\u67b6\u6784\u7279\u522b\u5bb9\u6613\u53d7\u5230\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u6f0f\u6d1e\u7684\u5f71\u54cd\uff0c\u56e0\u6b64\u8fd9\u662f\u6f0f\u6d1e\u7ba1\u7406\u7cfb\u7edf\u7684\u5173\u952e\u90e8\u5206\u3002","title":"\u6f0f\u6d1e\u7ba1\u7406"},{"location":"security/security-guide/#_323","text":"\u6570\u636e\u5206\u7c7b\u5b9a\u4e49\u4e86\u4e00\u79cd\u5bf9\u4fe1\u606f\u8fdb\u884c\u5206\u7c7b\u548c\u5904\u7406\u7684\u65b9\u6cd5\uff0c\u901a\u5e38\u7528\u4e8e\u4fdd\u62a4\u5ba2\u6237\u4fe1\u606f\u514d\u906d\u610f\u5916\u6216\u6545\u610f\u76d7\u7a83\u3001\u4e22\u5931\u6216\u4e0d\u5f53\u62ab\u9732\u3002\u6700\u5e38\u89c1\u7684\u60c5\u51b5\u662f\uff0c\u8fd9\u6d89\u53ca\u5c06\u4fe1\u606f\u5206\u7c7b\u4e3a\u654f\u611f\u6216\u975e\u654f\u611f\u4fe1\u606f\uff0c\u6216\u4e2a\u4eba\u8eab\u4efd\u4fe1\u606f \uff08PII\uff09\u3002\u6839\u636e\u90e8\u7f72\u7684\u4e0a\u4e0b\u6587\uff0c\u53ef\u4ee5\u4f7f\u7528\u5404\u79cd\u5176\u4ed6\u5206\u7c7b\u6807\u51c6\uff08\u653f\u5e9c\u3001\u533b\u7597\u4fdd\u5065\uff09\u3002\u57fa\u672c\u539f\u5219\u662f\u660e\u786e\u5b9a\u4e49\u548c\u4f7f\u7528\u6570\u636e\u5206\u7c7b\u3002\u6700\u5e38\u89c1\u7684\u4fdd\u62a4\u673a\u5236\u5305\u62ec\u884c\u4e1a\u6807\u51c6\u52a0\u5bc6\u6280\u672f\u3002","title":"\u6570\u636e\u5206\u7c7b"},{"location":"security/security-guide/#_324","text":"\u5f02\u5e38\u8fc7\u7a0b\u662f ISMS \u7684\u91cd\u8981\u7ec4\u6210\u90e8\u5206\u3002\u5f53\u67d0\u4e9b\u64cd\u4f5c\u4e0d\u7b26\u5408\u7ec4\u7ec7\u5b9a\u4e49\u7684\u5b89\u5168\u7b56\u7565\u65f6\uff0c\u5fc5\u987b\u8bb0\u5f55\u8fd9\u4e9b\u64cd\u4f5c\u3002\u9700\u8981\u5305\u62ec\u9002\u5f53\u7684\u7406\u7531\u3001\u63cf\u8ff0\u548c\u7f13\u89e3\u7ec6\u8282\uff0c\u5e76\u7531\u6709\u5173\u5f53\u5c40\u7b7e\u7f72\u3002OpenStack \u9ed8\u8ba4\u914d\u7f6e\u5728\u6ee1\u8db3\u5404\u79cd\u5408\u89c4\u6027\u6807\u51c6\u65b9\u9762\u53ef\u80fd\u4f1a\u6709\u6240\u4e0d\u540c\uff0c\u5e94\u8bb0\u5f55\u4e0d\u7b26\u5408\u5408\u89c4\u6027\u8981\u6c42\u7684\u533a\u57df\uff0c\u5e76\u8003\u8651\u6f5c\u5728\u7684\u4fee\u590d\u7a0b\u5e8f\u4ee5\u5bf9\u793e\u533a\u505a\u51fa\u8d21\u732e\u3002","title":"\u5f02\u5e38\u8fc7\u7a0b"},{"location":"security/security-guide/#_325","text":"\u5408\u89c4\u6027\u548c\u5b89\u5168\u6027\u4e0d\u662f\u6392\u4ed6\u6027\u7684\uff0c\u5fc5\u987b\u4e00\u8d77\u89e3\u51b3\u3002\u5982\u679c\u4e0d\u8fdb\u884c\u5b89\u5168\u5f3a\u5316\uff0cOpenStack \u90e8\u7f72\u4e0d\u592a\u53ef\u80fd\u6ee1\u8db3\u5408\u89c4\u6027\u8981\u6c42\u3002\u4e0b\u9762\u7684\u5217\u8868\u63d0\u4f9b\u4e86 OpenStack \u67b6\u6784\u5e08\u7684\u57fa\u7840\u77e5\u8bc6\u548c\u6307\u5bfc\uff0c\u4ee5\u5b9e\u73b0\u5bf9\u5546\u4e1a\u548c\u653f\u5e9c\u8ba4\u8bc1\u548c\u6807\u51c6\u7684\u5408\u89c4\u6027\u3002","title":"\u8ba4\u8bc1\u548c\u5408\u89c4\u58f0\u660e"},{"location":"security/security-guide/#_326","text":"\u5bf9\u4e8eOpenStack\u7684\u5546\u4e1a\u90e8\u7f72\uff0c\u6211\u4eec\u5efa\u8bae\u5c06SOC 1/2\u4e0eISO 2700 1/2\u76f8\u7ed3\u5408\uff0c\u4f5c\u4e3aOpenStack\u8ba4\u8bc1\u6d3b\u52a8\u7684\u8d77\u70b9\u3002\u8fd9\u4e9b\u8ba4\u8bc1\u89c4\u5b9a\u7684\u6240\u9700\u5b89\u5168\u6d3b\u52a8\u6709\u52a9\u4e8e\u4e3a\u5b89\u5168\u6700\u4f73\u5b9e\u8df5\u548c\u901a\u7528\u63a7\u5236\u6807\u51c6\u5960\u5b9a\u57fa\u7840\uff0c\u4ece\u800c\u6709\u52a9\u4e8e\u5b9e\u73b0\u66f4\u4e25\u683c\u7684\u5408\u89c4\u6027\u6d3b\u52a8\uff0c\u5305\u62ec\u653f\u5e9c\u8bc1\u660e\u548c\u8ba4\u8bc1\u3002 \u5b8c\u6210\u8fd9\u4e9b\u521d\u59cb\u8ba4\u8bc1\u540e\uff0c\u5176\u4f59\u8ba4\u8bc1\u5c06\u66f4\u52a0\u7279\u5b9a\u4e8e\u90e8\u7f72\u3002\u4f8b\u5982\uff0c\u5904\u7406\u4fe1\u7528\u5361\u4ea4\u6613\u7684\u4e91\u9700\u8981 PCI-DSS\uff0c\u5b58\u50a8\u533b\u7597\u4fdd\u5065\u4fe1\u606f\u7684\u4e91\u9700\u8981 HIPAA\uff0c\u8054\u90a6\u653f\u5e9c\u5185\u90e8\u7684\u4e91\u53ef\u80fd\u9700\u8981 FedRAMP/FISMA \u548c ITAR \u8ba4\u8bc1\u3002","title":"\u5546\u4e1a\u6807\u51c6"},{"location":"security/security-guide/#soc-1-ssae-16-isae-3402","text":"\u670d\u52a1\u7ec4\u7ec7\u63a7\u5236 \uff08SOC\uff09 \u6807\u51c6\u7531\u7f8e\u56fd\u6ce8\u518c\u4f1a\u8ba1\u5e08\u534f\u4f1a \uff08AICPA\uff09 \u5b9a\u4e49\u3002SOC \u63a7\u5236\u8bc4\u4f30\u670d\u52a1\u63d0\u4f9b\u5546\u7684\u76f8\u5173\u8d22\u52a1\u62a5\u8868\u548c\u65ad\u8a00\uff0c\u4f8b\u5982\u662f\u5426\u9075\u5b88\u300a\u8428\u73ed\u65af-\u5965\u514b\u65af\u5229\u6cd5\u6848\u300b\u3002 SOC 1 \u53d6\u4ee3\u4e86\u5ba1\u8ba1\u51c6\u5219\u7b2c 70 \u53f7\u58f0\u660e \uff08SAS 70\uff09 II \u7c7b\u62a5\u544a\u3002\u8fd9\u4e9b\u63a7\u5236\u63aa\u65bd\u901a\u5e38\u5305\u62ec\u8303\u56f4\u5185\u7684\u7269\u7406\u6570\u636e\u4e2d\u5fc3\u3002 \u6709\u4e24\u79cd\u7c7b\u578b\u7684 SOC 1 \u62a5\u544a\uff1a \u7c7b\u578b 1 - \u62a5\u544a\u7ba1\u7406\u5c42\u5bf9\u670d\u52a1\u7ec4\u7ec7\u7cfb\u7edf\u7684\u63cf\u8ff0\u7684\u516c\u5141\u6027\uff0c\u4ee5\u53ca\u63a7\u5236\u8bbe\u8ba1\u662f\u5426\u9002\u5408\u5b9e\u73b0\u622a\u81f3\u6307\u5b9a\u65e5\u671f\u7684\u63cf\u8ff0\u4e2d\u5305\u542b\u7684\u76f8\u5173\u63a7\u5236\u76ee\u6807\u3002 \u7c7b\u578b 2 - \u62a5\u544a\u7ba1\u7406\u5c42\u5bf9\u670d\u52a1\u7ec4\u7ec7\u7cfb\u7edf\u7684\u63cf\u8ff0\u7684\u516c\u5141\u6027\uff0c\u4ee5\u53ca\u63a7\u5236\u63aa\u65bd\u7684\u8bbe\u8ba1\u548c\u8fd0\u8425\u6709\u6548\u6027\u662f\u5426\u9002\u5408\u5728\u7279\u5b9a\u65f6\u671f\u5185\u5b9e\u73b0\u63cf\u8ff0\u4e2d\u5305\u542b\u7684\u76f8\u5173\u63a7\u5236\u76ee\u6807 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605AICPA\u5173\u4e8e\u4e0e\u7528\u6237\u5b9e\u4f53\u8d22\u52a1\u62a5\u544a\u5185\u90e8\u63a7\u5236\u76f8\u5173\u7684\u670d\u52a1\u7ec4\u7ec7\u63a7\u5236\u7684\u62a5\u544a\u3002","title":"SOC 1 \uff08SSAE 16\uff09 / ISAE 3402"},{"location":"security/security-guide/#soc-2","text":"\u670d\u52a1\u7ec4\u7ec7\u63a7\u5236 \uff08SOC\uff09 2 \u662f\u5bf9\u5f71\u54cd\u670d\u52a1\u7ec4\u7ec7\u7528\u4e8e\u5904\u7406\u7528\u6237\u6570\u636e\u7684\u7cfb\u7edf\u7684\u5b89\u5168\u6027\u3001\u53ef\u7528\u6027\u548c\u5904\u7406\u5b8c\u6574\u6027\u4ee5\u53ca\u8fd9\u4e9b\u7cfb\u7edf\u5904\u7406\u7684\u4fe1\u606f\u7684\u673a\u5bc6\u6027\u548c\u9690\u79c1\u6027\u7684\u63a7\u5236\u7684\u81ea\u6211\u8bc1\u660e\u3002\u7528\u6237\u793a\u4f8b\u5305\u62ec\u8d1f\u8d23\u670d\u52a1\u7ec4\u7ec7\u6cbb\u7406\u7684\u4eba\u5458\u3001\u670d\u52a1\u7ec4\u7ec7\u7684\u5ba2\u6237\u3001\u76d1\u7ba1\u673a\u6784\u3001\u4e1a\u52a1\u5408\u4f5c\u4f19\u4f34\u3001\u4f9b\u5e94\u5546\u4ee5\u53ca\u4e86\u89e3\u670d\u52a1\u7ec4\u7ec7\u53ca\u5176\u63a7\u5236\u63aa\u65bd\u7684\u5176\u4ed6\u4eba\u5458\u3002 \u6709\u4e24\u79cd\u7c7b\u578b\u7684 SOC 2 \u62a5\u544a\uff1a \u7c7b\u578b 1 - \u62a5\u544a\u7ba1\u7406\u5c42\u5bf9\u670d\u52a1\u7ec4\u7ec7\u7cfb\u7edf\u7684\u63cf\u8ff0\u7684\u516c\u5141\u6027\uff0c\u4ee5\u53ca\u63a7\u5236\u8bbe\u8ba1\u662f\u5426\u9002\u5408\u5b9e\u73b0\u622a\u81f3\u6307\u5b9a\u65e5\u671f\u7684\u63cf\u8ff0\u4e2d\u5305\u542b\u7684\u76f8\u5173\u63a7\u5236\u76ee\u6807\u3002 \u7c7b\u578b 2 - \u62a5\u544a\u7ba1\u7406\u5c42\u5bf9\u670d\u52a1\u7ec4\u7ec7\u7cfb\u7edf\u7684\u63cf\u8ff0\u7684\u516c\u5141\u6027\uff0c\u4ee5\u53ca\u63a7\u5236\u7684\u8bbe\u8ba1\u548c\u8fd0\u8425\u6709\u6548\u6027\u7684\u9002\u7528\u6027\uff0c\u4ee5\u5728\u7279\u5b9a\u65f6\u671f\u5185\u5b9e\u73b0\u63cf\u8ff0\u4e2d\u5305\u542b\u7684\u76f8\u5173\u63a7\u5236\u76ee\u6807\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 AICPA \u5173\u4e8e\u670d\u52a1\u7ec4\u7ec7\u4e2d\u4e0e\u5b89\u5168\u6027\u3001\u53ef\u7528\u6027\u3001\u5904\u7406\u5b8c\u6574\u6027\u3001\u673a\u5bc6\u6027\u6216\u9690\u79c1\u76f8\u5173\u7684\u63a7\u5236\u7684\u62a5\u544a\u3002","title":"SOC 2 \u51fd\u6570"},{"location":"security/security-guide/#soc-3","text":"\u670d\u52a1\u7ec4\u7ec7\u63a7\u5236 \uff08SOC\uff09 3 \u662f\u670d\u52a1\u7ec4\u7ec7\u7684\u4fe1\u4efb\u670d\u52a1\u62a5\u544a\u3002\u8fd9\u4e9b\u62a5\u544a\u65e8\u5728\u6ee1\u8db3\u4ee5\u4e0b\u7528\u6237\u7684\u9700\u6c42\uff1a\u8fd9\u4e9b\u7528\u6237\u5e0c\u671b\u786e\u4fdd\u670d\u52a1\u7ec4\u7ec7\u4e2d\u4e0e\u5b89\u5168\u6027\u3001\u53ef\u7528\u6027\u3001\u5904\u7406\u5b8c\u6574\u6027\u3001\u673a\u5bc6\u6027\u6216\u9690\u79c1\u76f8\u5173\u7684\u63a7\u5236\u63aa\u65bd\uff0c\u4f46\u6ca1\u6709\u6709\u6548\u4f7f\u7528 SOC 2 \u62a5\u544a\u6240\u9700\u7684\u77e5\u8bc6\u3002\u8fd9\u4e9b\u62a5\u544a\u662f\u6839\u636e AICPA/\u52a0\u62ff\u5927\u7279\u8bb8\u4f1a\u8ba1\u5e08\u534f\u4f1a \uff08CICA\uff09 \u5173\u4e8e\u5b89\u5168\u6027\u3001\u53ef\u7528\u6027\u3001\u5904\u7406\u5b8c\u6574\u6027\u3001\u673a\u5bc6\u6027\u548c\u9690\u79c1\u7684\u4fe1\u6258\u670d\u52a1\u539f\u5219\u3001\u6807\u51c6\u548c\u63d2\u56fe\u7f16\u5199\u7684\u3002\u7531\u4e8e SOC 3 \u62a5\u544a\u662f\u901a\u7528\u62a5\u544a\uff0c\u56e0\u6b64\u53ef\u4ee5\u4f5c\u4e3a\u5370\u7ae0\u81ea\u7531\u5206\u53d1\u6216\u53d1\u5e03\u5728\u7f51\u7ad9\u4e0a\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u670d\u52a1\u7ec4\u7ec7\u7684 AICPA \u4fe1\u4efb\u670d\u52a1\u62a5\u544a\u3002","title":"SOC 3 \u51fd\u6570"},{"location":"security/security-guide/#iso-270012","text":"ISO/IEC 27001/2 \u6807\u51c6\u53d6\u4ee3\u4e86 BS7799-2\uff0c\u662f\u4fe1\u606f\u5b89\u5168\u7ba1\u7406\u4f53\u7cfb \uff08ISMS\uff09 \u7684\u89c4\u8303\u3002ISMS \u662f\u7ec4\u7ec7\u4e3a\u7ba1\u7406\u4fe1\u606f\u8d44\u4ea7\u98ce\u9669\u800c\u521b\u5efa\u548c\u7ef4\u62a4\u7684\u4e00\u6574\u5957\u7b56\u7565\u548c\u8fc7\u7a0b\u3002\u8fd9\u4e9b\u98ce\u9669\u57fa\u4e8e\u7528\u6237\u4fe1\u606f\u7684\u673a\u5bc6\u6027\u3001\u5b8c\u6574\u6027\u548c\u53ef\u7528\u6027 \uff08CIA\uff09\u3002\u4e2d\u592e\u60c5\u62a5\u5c40\u7684\u5b89\u5168\u4e09\u5408\u4f1a\u5df2\u88ab\u7528\u4f5c\u672c\u4e66\u5927\u90e8\u5206\u7ae0\u8282\u7684\u57fa\u7840\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 ISO 27001\u3002","title":"ISO 27001/2 \u8ba4\u8bc1"},{"location":"security/security-guide/#hipaa-hitech","text":"\u5065\u5eb7\u4fdd\u9669\u6d41\u901a\u4e0e\u8d23\u4efb\u6cd5\u6848 \uff08HIPAA\uff09 \u662f\u7f8e\u56fd\u56fd\u4f1a\u7684\u4e00\u9879\u6cd5\u6848\uff0c\u7528\u4e8e\u7ba1\u7406\u60a3\u8005\u5065\u5eb7\u8bb0\u5f55\u7684\u6536\u96c6\u3001\u5b58\u50a8\u3001\u4f7f\u7528\u548c\u9500\u6bc1\u3002\u8be5\u6cd5\u6848\u89c4\u5b9a\uff0c\u53d7\u4fdd\u62a4\u7684\u5065\u5eb7\u4fe1\u606f\uff08PHI\uff09\u5fc5\u987b\u5bf9\u672a\u7ecf\u6388\u6743\u7684\u4eba\u5458\u201c\u4e0d\u53ef\u7528\u3001\u4e0d\u53ef\u8bfb\u6216\u65e0\u6cd5\u7834\u8bd1\u201d\uff0c\u5e76\u4e14\u5e94\u89e3\u51b3\u201c\u9759\u6001\u201d\u548c\u201c\u52a8\u6001\u201d\u6570\u636e\u7684\u52a0\u5bc6\u95ee\u9898\u3002 HIPAA \u4e0d\u662f\u8ba4\u8bc1\uff0c\u800c\u662f\u4fdd\u62a4\u533b\u7597\u4fdd\u5065\u6570\u636e\u7684\u6307\u5357\u3002\u4e0e PCI-DSS \u7c7b\u4f3c\uff0cPCI \u548c HIPPA \u6700\u91cd\u8981\u7684\u95ee\u9898\u662f\u4e0d\u4f1a\u53d1\u751f\u4fe1\u7528\u5361\u4fe1\u606f\u548c\u5065\u5eb7\u6570\u636e\u6cc4\u9732\u7684\u60c5\u51b5\u3002\u5728\u53d1\u751f\u8fdd\u89c4\u884c\u4e3a\u65f6\uff0c\u5c06\u4ed4\u7ec6\u5ba1\u67e5\u4e91\u63d0\u4f9b\u5546\u662f\u5426\u7b26\u5408 PCI \u548c HIPPA \u63a7\u5236\u63aa\u65bd\u3002\u5982\u679c\u8bc1\u660e\u5408\u89c4\uff0c\u63d0\u4f9b\u5546\u5c06\u7acb\u5373\u5b9e\u65bd\u8865\u6551\u63a7\u5236\u3001\u8fdd\u89c4\u901a\u77e5\u8d23\u4efb\u4ee5\u53ca\u7528\u4e8e\u989d\u5916\u5408\u89c4\u6d3b\u52a8\u7684\u5927\u91cf\u652f\u51fa\u3002\u5982\u679c\u4e0d\u5408\u89c4\uff0c\u4e91\u63d0\u4f9b\u5546\u53ef\u80fd\u4f1a\u9762\u4e34\u73b0\u573a\u5ba1\u8ba1\u56e2\u961f\u3001\u7f5a\u6b3e\u3001\u6f5c\u5728\u7684\u5546\u5bb6 ID \uff08PCI\uff09 \u4e22\u5931\u4ee5\u53ca\u5de8\u5927\u7684\u58f0\u8a89\u5f71\u54cd\u3002 \u62e5\u6709 PHI \u7684\u7528\u6237\u6216\u7ec4\u7ec7\u5fc5\u987b\u652f\u6301 HIPAA \u8981\u6c42\uff0c\u5e76\u4e14\u662f HIPAA \u6db5\u76d6\u7684\u5b9e\u4f53\u3002\u5982\u679c\u5b9e\u4f53\u6253\u7b97\u4f7f\u7528\u67d0\u9879\u670d\u52a1\uff0c\u6216\u8005\u5728\u672c\u4f8b\u4e2d\uff0c\u4f7f\u7528\u53ef\u80fd\u4f7f\u7528\u3001\u5b58\u50a8\u6216\u8bbf\u95ee\u8be5 PHI \u7684 OpenStack \u4e91\uff0c\u5219\u5fc5\u987b\u7b7e\u7f72\u4e1a\u52a1\u4f19\u4f34\u534f\u8bae \uff08BAA\uff09\u3002BAA \u662f HIPAA \u6db5\u76d6\u7684\u5b9e\u4f53\u4e0e OpenStack \u670d\u52a1\u63d0\u4f9b\u5546\u4e4b\u95f4\u7684\u5408\u540c\uff0c\u8981\u6c42\u63d0\u4f9b\u5546\u6839\u636e HIPAA \u8981\u6c42\u5904\u7406\u8be5 PHI\u3002\u5982\u679c\u670d\u52a1\u63d0\u4f9b\u5546\u4e0d\u5904\u7406 PHI\uff0c\u4f8b\u5982\u5b89\u5168\u63a7\u5236\u548c\u5f3a\u5316\uff0c\u90a3\u4e48\u4ed6\u4eec\u5c06\u53d7\u5230 HIPAA \u7684\u7f5a\u6b3e\u548c\u5904\u7f5a\u3002 OpenStack \u67b6\u6784\u5e08\u89e3\u91ca\u548c\u54cd\u5e94 HIPAA \u58f0\u660e\uff0c\u6570\u636e\u52a0\u5bc6\u4ecd\u7136\u662f\u6838\u5fc3\u5b9e\u8df5\u3002\u76ee\u524d\uff0c\u8fd9\u5c06\u8981\u6c42\u4f7f\u7528\u884c\u4e1a\u6807\u51c6\u52a0\u5bc6\u7b97\u6cd5\u5bf9 OpenStack \u90e8\u7f72\u4e2d\u5305\u542b\u7684\u4efb\u4f55\u53d7\u4fdd\u62a4\u7684\u5065\u5eb7\u4fe1\u606f\u8fdb\u884c\u52a0\u5bc6\u3002\u672a\u6765\u6f5c\u5728\u7684OpenStack\u9879\u76ee\uff0c\u5982\u5bf9\u8c61\u52a0\u5bc6\uff0c\u5c06\u4fc3\u8fdbHIPAA\u51c6\u5219\u7684\u9075\u5b88\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u300a\u5065\u5eb7\u4fdd\u9669\u6d41\u901a\u4e0e\u8d23\u4efb\u6cd5\u6848\u300b\u3002","title":"HIPAA / HITECH"},{"location":"security/security-guide/#pci-dss","text":"\u652f\u4ed8\u5361\u884c\u4e1a\u6570\u636e\u5b89\u5168\u6807\u51c6 \uff08PCI DSS\uff09 \u7531\u652f\u4ed8\u5361\u884c\u4e1a\u6807\u51c6\u59d4\u5458\u4f1a\u5b9a\u4e49\uff0c\u65e8\u5728\u52a0\u5f3a\u5bf9\u6301\u5361\u4eba\u6570\u636e\u7684\u63a7\u5236\uff0c\u4ee5\u51cf\u5c11\u4fe1\u7528\u5361\u6b3a\u8bc8\u3002\u5e74\u5ea6\u5408\u89c4\u6027\u9a8c\u8bc1\u7531\u5916\u90e8\u5408\u683c\u5b89\u5168\u8bc4\u4f30\u673a\u6784 \uff08QSA\uff09 \u8fdb\u884c\u8bc4\u4f30\uff0c\u8be5\u8bc4\u4f30\u673a\u6784\u4f1a\u6839\u636e\u6301\u5361\u4eba\u7684\u4ea4\u6613\u91cf\u521b\u5efa\u5408\u89c4\u62a5\u544a \uff08ROC\uff09\uff0c\u6216\u901a\u8fc7\u81ea\u6211\u8bc4\u4f30\u95ee\u5377 \uff08SAQ\uff09 \u8fdb\u884c\u8bc4\u4f30\u3002 \u5b58\u50a8\u3001\u5904\u7406\u6216\u4f20\u8f93\u652f\u4ed8\u5361\u8be6\u7ec6\u4fe1\u606f\u7684 OpenStack \u90e8\u7f72\u5728 PCI-DSS \u7684\u8303\u56f4\u5185\u3002\u6240\u6709\u672a\u4ece\u5904\u7406\u652f\u4ed8\u6570\u636e\u7684\u7cfb\u7edf\u6216\u7f51\u7edc\u4e2d\u6b63\u786e\u5206\u5272\u7684 OpenStack \u7ec4\u4ef6\u90fd\u5c5e\u4e8e PCI-DSS \u7684\u51c6\u5219\u3002PCI-DSS \u4e0a\u4e0b\u6587\u4e2d\u7684\u5206\u6bb5\u4e0d\u652f\u6301\u591a\u79df\u6237\uff0c\u800c\u662f\u7269\u7406\u5206\u79bb\uff08\u4e3b\u673a/\u7f51\u7edc\uff09\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 PCI \u5b89\u5168\u6807\u51c6\u3002","title":"PCI-DSS"},{"location":"security/security-guide/#_327","text":"","title":"\u653f\u5e9c\u6807\u51c6"},{"location":"security/security-guide/#fedramp","text":"\u201c\u8054\u90a6\u98ce\u9669\u548c\u6388\u6743\u7ba1\u7406\u8ba1\u5212 \uff08FedRAMP\uff09 \u662f\u4e00\u9879\u653f\u5e9c\u8303\u56f4\u7684\u8ba1\u5212\uff0c\u5b83\u4e3a\u4e91\u4ea7\u54c1\u548c\u670d\u52a1\u7684\u5b89\u5168\u8bc4\u4f30\u3001\u6388\u6743\u548c\u6301\u7eed\u76d1\u63a7\u63d0\u4f9b\u4e86\u4e00\u79cd\u6807\u51c6\u5316\u65b9\u6cd5\u201d\u3002NIST 800-53 \u662f FISMA \u548c FedRAMP \u7684\u57fa\u7840\uff0c\u540e\u8005\u8981\u6c42\u4e13\u95e8\u9009\u62e9\u5b89\u5168\u63a7\u5236\u4ee5\u5728\u4e91\u73af\u5883\u4e2d\u63d0\u4f9b\u4fdd\u62a4\u3002\u7531\u4e8e\u5b89\u5168\u63a7\u5236\u7684\u7279\u6b8a\u6027\u4ee5\u53ca\u6ee1\u8db3\u653f\u5e9c\u6807\u51c6\u6240\u9700\u7684\u6587\u6863\u91cf\uff0cFedRAMP \u53ef\u80fd\u975e\u5e38\u5bc6\u96c6\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 FedRAMP\u3002","title":"FedRAMP"},{"location":"security/security-guide/#itar","text":"\u300a\u56fd\u9645\u6b66\u5668\u8d38\u6613\u6761\u4f8b\u300b\uff08ITAR\uff09 \u662f\u4e00\u5957\u7f8e\u56fd\u653f\u5e9c\u6cd5\u89c4\uff0c\u7528\u4e8e\u63a7\u5236\u7f8e\u56fd\u519b\u9700\u54c1\u6e05\u5355 \uff08USML\uff09 \u548c\u76f8\u5173\u6280\u672f\u6570\u636e\u4e2d\u4e0e\u56fd\u9632\u76f8\u5173\u7684\u7269\u54c1\u548c\u670d\u52a1\u7684\u8fdb\u51fa\u53e3\u3002ITAR\u901a\u5e38\u88ab\u4e91\u63d0\u4f9b\u5546\u89c6\u4e3a\u201c\u64cd\u4f5c\u4e00\u81f4\u6027\u201d\uff0c\u800c\u4e0d\u662f\u6b63\u5f0f\u8ba4\u8bc1\u3002\u8fd9\u901a\u5e38\u6d89\u53ca\u6309\u7167 FISMA \u8981\u6c42\uff0c\u9075\u5faa\u57fa\u4e8e NIST 800-53 \u6846\u67b6\u7684\u505a\u6cd5\u5b9e\u65bd\u9694\u79bb\u7684\u4e91\u73af\u5883\uff0c\u5e76\u8f85\u4ee5\u9650\u5236\u4ec5\u8bbf\u95ee\u201c\u7f8e\u56fd\u4eba\u201d\u548c\u80cc\u666f\u7b5b\u9009\u7684\u989d\u5916\u63a7\u5236\u63aa\u65bd\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u300a\u56fd\u9645\u6b66\u5668\u8d38\u6613\u6761\u4f8b\u300b\uff08ITAR\uff09\u3002","title":"ITAR"},{"location":"security/security-guide/#fisma","text":"\u300a\u8054\u90a6\u4fe1\u606f\u5b89\u5168\u7ba1\u7406\u6cd5\u300b\u8981\u6c42\u653f\u5e9c\u673a\u6784\u5236\u5b9a\u4e00\u9879\u5168\u9762\u7684\u8ba1\u5212\uff0c\u4ee5\u5b9e\u65bd\u4f17\u591a\u653f\u5e9c\u5b89\u5168\u6807\u51c6\uff0c\u5e76\u5728 2002 \u5e74\u7684\u300a\u7535\u5b50\u653f\u52a1\u6cd5\u300b\u4e2d\u9881\u5e03\u3002FISMA\u6982\u8ff0\u4e86\u4e00\u4e2a\u8fc7\u7a0b\uff0c\u8be5\u8fc7\u7a0b\u5229\u7528\u591a\u4e2aNIST\u51fa\u7248\u7269\uff0c\u51c6\u5907\u4e86\u4e00\u4e2a\u4fe1\u606f\u7cfb\u7edf\u6765\u5b58\u50a8\u548c\u5904\u7406\u653f\u5e9c\u6570\u636e\u3002 \u6b64\u8fc7\u7a0b\u5206\u4e3a\u4e09\u4e2a\u4e3b\u8981\u7c7b\u522b\uff1a \u7cfb\u7edf\u5206\u7c7b\uff1a \u4fe1\u606f\u7cfb\u7edf\u5c06\u6536\u5230\u8054\u90a6\u4fe1\u606f\u5904\u7406\u6807\u51c6\u51fa\u7248\u7269 199 \uff08FIPS 199\uff09 \u4e2d\u5b9a\u4e49\u7684\u5b89\u5168\u7c7b\u522b\u3002\u8fd9\u4e9b\u7c7b\u522b\u53cd\u6620\u4e86\u7cfb\u7edf\u5165\u4fb5\u7684\u6f5c\u5728\u5f71\u54cd\u3002 \u63a7\u4ef6\u9009\u62e9\uff1a \u6839\u636e FIPS 199 \u4e2d\u5b9a\u4e49\u7684\u7cfb\u7edf\u5b89\u5168\u7c7b\u522b\uff0c\u7ec4\u7ec7\u5229\u7528 FIPS 200 \u6765\u786e\u5b9a\u4fe1\u606f\u7cfb\u7edf\u7684\u7279\u5b9a\u5b89\u5168\u63a7\u5236\u8981\u6c42\u3002\u4f8b\u5982\uff0c\u5982\u679c\u7cfb\u7edf\u88ab\u5f52\u7c7b\u4e3a\u201c\u4e2d\u7b49\u201d\uff0c\u5219\u53ef\u80fd\u4f1a\u5f15\u5165\u5f3a\u5236\u8981\u6c42\u201c\u5b89\u5168\u5bc6\u7801\u201d\u7684\u8981\u6c42\u3002 \u63a7\u5236\u5b9a\u5236\uff1a \u4e00\u65e6\u786e\u5b9a\u4e86\u7cfb\u7edf\u5b89\u5168\u63a7\u5236\u63aa\u65bd\uff0cOpenStack \u67b6\u6784\u5e08\u5c06\u5229\u7528 NIST 800-53 \u6765\u63d0\u53d6\u91cf\u8eab\u5b9a\u5236\u7684\u63a7\u5236\u63aa\u65bd\u9009\u62e9\u3002\u4f8b\u5982\uff0c\u89c4\u8303\u4ec0\u4e48\u662f\u201c\u5b89\u5168\u5bc6\u7801\u201d\u3002","title":"FISMA"},{"location":"security/security-guide/#_328","text":"\u9690\u79c1\u662f\u5408\u89c4\u8ba1\u5212\u4e2d\u8d8a\u6765\u8d8a\u91cd\u8981\u7684\u5143\u7d20\u3002\u5ba2\u6237\u5bf9\u4f01\u4e1a\u7684\u8981\u6c42\u8d8a\u6765\u8d8a\u9ad8\uff0c\u4ed6\u4eec\u8d8a\u6765\u8d8a\u6709\u5174\u8da3\u4ece\u9690\u79c1\u7684\u89d2\u5ea6\u4e86\u89e3\u4ed6\u4eec\u7684\u6570\u636e\u662f\u5982\u4f55\u88ab\u5904\u7406\u7684\u3002 OpenStack\u90e8\u7f72\u53ef\u80fd\u9700\u8981\u8bc1\u660e\u7b26\u5408\u7ec4\u7ec7\u7684\u9690\u79c1\u653f\u7b56\uff0c\u4ee5\u53ca\u7f8e\u56fd-\u6b27\u76df\u3002\u5b89\u5168\u6e2f\u6846\u67b6\u3001ISO/IEC 29100\uff1a2011 \u9690\u79c1\u6846\u67b6\u6216\u5176\u4ed6\u7279\u5b9a\u4e8e\u9690\u79c1\u7684\u51c6\u5219\u3002\u5728\u7f8e\u56fd\uff0c\u7f8e\u56fd\u6ce8\u518c\u4f1a\u8ba1\u5e08\u534f\u4f1a\uff08AICPA\uff09\u5df2\u7ecf\u5b9a\u4e49\u4e8610\u4e2a\u9690\u79c1\u91cd\u70b9\u9886\u57df\uff0c\u5728\u5546\u4e1a\u73af\u5883\u4e2d\u90e8\u7f72OpenStack\u53ef\u80fd\u5e0c\u671b\u8bc1\u660e\u5176\u4e2d\u7684\u90e8\u5206\u6216\u5168\u90e8\u539f\u5219\u3002 \u4e3a\u4e86\u5e2e\u52a9 OpenStack \u67b6\u6784\u5e08\u4fdd\u62a4\u4e2a\u4eba\u6570\u636e\uff0c\u6211\u4eec\u5efa\u8bae OpenStack \u67b6\u6784\u5e08\u67e5\u770b NIST \u51fa\u7248\u7269 800-122\uff0c\u6807\u9898\u4e3a\u201c\u4fdd\u62a4\u4e2a\u4eba\u8eab\u4efd\u4fe1\u606f \uff08PII\uff09 \u673a\u5bc6\u6027\u6307\u5357\u201d\u3002\u672c\u6307\u5357\u9010\u6b65\u5b8c\u6210\u4fdd\u62a4\u8fc7\u7a0b\uff1a \"...\u7531\u673a\u6784\u7ef4\u62a4\u7684\u6709\u5173\u4e2a\u4eba\u7684\u4efb\u4f55\u4fe1\u606f\uff0c\u5305\u62ec \uff081\uff09 \u53ef\u7528\u4e8e\u533a\u5206\u6216\u8ffd\u8e2a\u4e2a\u4eba\u8eab\u4efd\u7684\u4efb\u4f55\u4fe1\u606f\uff0c\u4f8b\u5982\u59d3\u540d\u3001\u793e\u4f1a\u5b89\u5168\u53f7\u7801\u3001\u51fa\u751f\u65e5\u671f\u548c\u5730\u70b9\u3001\u6bcd\u4eb2\u7684\u5a5a\u524d\u59d3\u6c0f\u6216\u751f\u7269\u8bc6\u522b\u8bb0\u5f55;\uff082\uff09\u4e0e\u4e2a\u4eba\u6709\u8054\u7cfb\u6216\u53ef\u8054\u7cfb\u7684\u4efb\u4f55\u5176\u4ed6\u4fe1\u606f\uff0c\u5982\u533b\u7597\u3001\u6559\u80b2\u3001\u8d22\u52a1\u548c\u5c31\u4e1a\u4fe1\u606f......\u201d \u5168\u9762\u7684\u9690\u79c1\u7ba1\u7406\u9700\u8981\u5927\u91cf\u7684\u51c6\u5907\u3001\u601d\u8003\u548c\u6295\u8d44\u3002\u5728\u6784\u5efa\u5168\u7403OpenStack\u4e91\u65f6\uff0c\u8fd8\u5f15\u5165\u4e86\u989d\u5916\u7684\u590d\u6742\u6027\uff0c\u4f8b\u5982\uff0c\u5728\u7f8e\u56fd\u548c\u66f4\u4e25\u683c\u7684\u6b27\u76df\u9690\u79c1\u6cd5\u4e4b\u95f4\u7684\u5dee\u5f02\u4e2d\u5bfc\u822a\u3002\u6b64\u5916\uff0c\u5728\u5904\u7406\u654f\u611f\u7684 PII \u65f6\u9700\u8981\u683c\u5916\u5c0f\u5fc3\uff0c\u5176\u4e2d\u53ef\u80fd\u5305\u62ec\u4fe1\u7528\u5361\u53f7\u6216\u533b\u7597\u8bb0\u5f55\u7b49\u4fe1\u606f\u3002\u8fd9\u4e9b\u654f\u611f\u6570\u636e\u4e0d\u4ec5\u53d7\u9690\u79c1\u6cd5\u7684\u7ea6\u675f\uff0c\u8fd8\u53d7\u76d1\u7ba1\u548c\u653f\u5e9c\u6cd5\u89c4\u7684\u7ea6\u675f\u3002\u901a\u8fc7\u9075\u5faa\u65e2\u5b9a\u7684\u6700\u4f73\u5b9e\u8df5\uff0c\u5305\u62ec\u653f\u5e9c\u53d1\u5e03\u7684\u6700\u4f73\u5b9e\u8df5\uff0c\u53ef\u4ee5\u4e3aOpenStack\u90e8\u7f72\u521b\u5efa\u548c\u5b9e\u8df5\u4e00\u4e2a\u5168\u9762\u7684\u9690\u79c1\u7ba1\u7406\u653f\u7b56\u3002","title":"\u9690\u79c1"},{"location":"security/security-guide/#_329","text":"OpenStack\u793e\u533a\u5b89\u5168\u5ba1\u67e5\u7684\u76ee\u6807\u662f\u8bc6\u522bOpenStack\u9879\u76ee\u8bbe\u8ba1\u6216\u5b9e\u73b0\u4e2d\u7684\u5f31\u70b9\u3002\u867d\u7136\u8fd9\u4e9b\u5f31\u70b9\u5f88\u5c11\u89c1\uff0c\u4f46\u53ef\u80fd\u4f1a\u5bf9OpenStack\u90e8\u7f72\u7684\u5b89\u5168\u6027\u4ea7\u751f\u707e\u96be\u6027\u7684\u5f71\u54cd\uff0c\u56e0\u6b64\u5e94\u8be5\u52aa\u529b\u5c06\u8fd9\u4e9b\u7f3a\u9677\u5728\u5df2\u53d1\u5e03\u9879\u76ee\u4e2d\u7684\u53ef\u80fd\u6027\u964d\u5230\u6700\u4f4e\u3002\u5728\u5b89\u5168\u5ba1\u67e5\u8fc7\u7a0b\u4e2d\uff0c\u5e94\u4e86\u89e3\u5e76\u8bb0\u5f55\u4ee5\u4e0b\u5185\u5bb9\uff1a \u7cfb\u7edf\u7684\u6240\u6709\u5165\u53e3\u70b9 \u98ce\u9669\u8d44\u4ea7 \u6570\u636e\u6301\u4e45\u5316\u7684\u4f4d\u7f6e \u6570\u636e\u5982\u4f55\u5728\u7cfb\u7edf\u7ec4\u4ef6\u4e4b\u95f4\u4f20\u8f93 \u6570\u636e\u683c\u5f0f\u548c\u8f6c\u6362 \u9879\u76ee\u7684\u5916\u90e8\u4f9d\u8d56\u9879 \u4e00\u7ec4\u5546\u5b9a\u7684\u8c03\u67e5\u7ed3\u679c\u548c/\u6216\u7f3a\u9677 \u9879\u76ee\u5982\u4f55\u4e0e\u5916\u90e8\u4f9d\u8d56\u9879\u4ea4\u4e92 \u5bf9 OpenStack \u53ef\u4ea4\u4ed8\u5b58\u50a8\u5e93\u6267\u884c\u5b89\u5168\u5ba1\u67e5\u7684\u4e00\u4e2a\u5e38\u89c1\u539f\u56e0\u662f\u534f\u52a9\u6f0f\u6d1e\u7ba1\u7406\u56e2\u961f \uff08VMT\uff09 \u76d1\u7763\u3002OpenStack VMT \u5217\u51fa\u4e86\u53d7\u76d1\u7763\u7684\u5b58\u50a8\u5e93\uff0c\u5176\u4e2d\u6f0f\u6d1e\u7684\u62a5\u544a\u63a5\u6536\u548c\u62ab\u9732\u7531 VMT \u7ba1\u7406\u3002\u867d\u7136\u4e0d\u662f\u4e25\u683c\u7684\u8981\u6c42\uff0c\u4f46\u67d0\u79cd\u5f62\u5f0f\u7684\u5b89\u5168\u5ba1\u67e5\u3001\u5ba1\u8ba1\u6216\u5a01\u80c1\u5206\u6790\u53ef\u4ee5\u5e2e\u52a9\u6bcf\u4e2a\u4eba\u66f4\u8f7b\u677e\u5730\u67e5\u660e\u7cfb\u7edf\u66f4\u5bb9\u6613\u51fa\u73b0\u6f0f\u6d1e\u7684\u533a\u57df\uff0c\u5e76\u5728\u5b83\u4eec\u6210\u4e3a\u7528\u6237\u95ee\u9898\u4e4b\u524d\u89e3\u51b3\u5b83\u4eec\u3002 OpenStack VMT \u5efa\u8bae\uff0c\u5bf9\u9879\u76ee\u63a8\u8350\u7684\u90e8\u7f72\u8fdb\u884c\u67b6\u6784\u5ba1\u67e5\u662f\u4e00\u79cd\u9002\u5f53\u7684\u5b89\u5168\u5ba1\u67e5\u5f62\u5f0f\uff0c\u5728\u5ba1\u67e5\u9700\u6c42\u4e0e OpenStack \u89c4\u6a21\u7684\u9879\u76ee\u8d44\u6e90\u9700\u6c42\u4e4b\u95f4\u53d6\u5f97\u5e73\u8861\u3002\u5b89\u5168\u67b6\u6784\u5ba1\u67e5\u901a\u5e38\u4e5f\u79f0\u4e3a\u5a01\u80c1\u5206\u6790\u3001\u5b89\u5168\u5206\u6790\u6216\u5a01\u80c1\u5efa\u6a21\u3002\u5728OpenStack\u5b89\u5168\u5ba1\u67e5\u7684\u80cc\u666f\u4e0b\uff0c\u8fd9\u4e9b\u672f\u8bed\u662f\u67b6\u6784\u5b89\u5168\u5ba1\u67e5\u7684\u540c\u4e49\u8bcd\uff0c\u5b83\u53ef\u4ee5\u8bc6\u522b\u9879\u76ee\u6216\u53c2\u8003\u67b6\u6784\u8bbe\u8ba1\u4e2d\u7684\u7f3a\u9677\uff0c\u5e76\u53ef\u80fd\u5bfc\u81f4\u8fdb\u4e00\u6b65\u7684\u8c03\u67e5\u5de5\u4f5c\u6765\u9a8c\u8bc1\u90e8\u5206\u5b9e\u73b0\u3002 \u5bf9\u4e8e\u65b0\u9879\u76ee\u4ee5\u53ca\u7b2c\u4e09\u65b9\u672a\u8fdb\u884c\u5b89\u5168\u5ba1\u67e5\u6216\u65e0\u6cd5\u5171\u4eab\u5176\u7ed3\u679c\u7684\u60c5\u51b5\uff0c\u9884\u8ba1\u5b89\u5168\u5ba1\u67e5\u5c06\u662f\u6b63\u5e38\u9014\u5f84\u3002\u9700\u8981\u5b89\u5168\u5ba1\u67e5\u7684\u9879\u76ee\u7684\u4fe1\u606f\u5c06\u5728\u5373\u5c06\u5230\u6765\u7684\u5b89\u5168\u5ba1\u67e5\u8fc7\u7a0b\u4e2d\u63d0\u4f9b\u3002 \u5982\u679c\u7b2c\u4e09\u65b9\u5df2\u7ecf\u6267\u884c\u4e86\u5b89\u5168\u5ba1\u67e5\uff0c\u6216\u8005\u9879\u76ee\u66f4\u559c\u6b22\u4f7f\u7528\u7b2c\u4e09\u65b9\u6765\u6267\u884c\u5ba1\u67e5\uff0c\u5219\u5728\u5373\u5c06\u5230\u6765\u7684\u7b2c\u4e09\u65b9\u5b89\u5168\u5ba1\u67e5\u8fc7\u7a0b\u4e2d\u5c06\u63d0\u4f9b\u6709\u5173\u5982\u4f55\u83b7\u53d6\u8be5\u7b2c\u4e09\u65b9\u5ba1\u67e5\u7684\u8f93\u51fa\u5e76\u5c06\u5176\u63d0\u4ea4\u9a8c\u8bc1\u7684\u4fe1\u606f\u3002 \u65e0\u8bba\u54ea\u79cd\u60c5\u51b5\uff0c\u5bf9\u6587\u6863\u5de5\u4ef6\u7684\u8981\u6c42\u90fd\u662f\u76f8\u4f3c\u7684 - \u9879\u76ee\u5fc5\u987b\u63d0\u4f9b\u6700\u4f73\u5b9e\u8df5\u90e8\u7f72\u7684\u67b6\u6784\u56fe\u3002\u867d\u7136\u5f3a\u70c8\u5efa\u8bae\u4f5c\u4e3a\u6240\u6709\u56e2\u961f\u5f00\u53d1\u5468\u671f\u7684\u4e00\u90e8\u5206\uff0c\u4f46\u6f0f\u6d1e\u626b\u63cf\u548c\u9759\u6001\u5206\u6790\u626b\u63cf\u4e0d\u8db3\u4ee5\u4f5c\u4e3a\u7b2c\u4e09\u65b9\u5ba1\u67e5\u7684\u8bc1\u636e\u3002 \u67b6\u6784\u9875\u9762\u6307\u5357 \u6807\u9898\u3001\u7248\u672c\u4fe1\u606f\u3001\u8054\u7cfb\u65b9\u5f0f \u9879\u76ee\u63cf\u8ff0\u548c\u76ee\u7684 \u4e3b\u8981\u7528\u6237\u548c\u7528\u4f8b \u5916\u90e8\u4f9d\u8d56\u5173\u7cfb\u548c\u5173\u8054\u7684\u5b89\u5168\u5047\u8bbe \u7ec4\u4ef6 \u670d\u52a1\u67b6\u6784\u56fe \u6570\u636e\u8d44\u4ea7 \u6570\u636e\u8d44\u4ea7\u5f71\u54cd\u5206\u6790 \u63a5\u53e3 \u8d44\u6e90","title":"\u5b89\u5168\u5ba1\u67e5"},{"location":"security/security-guide/#_330","text":"\u67b6\u6784\u9875\u9762\u7684\u76ee\u7684\u662f\u8bb0\u5f55\u670d\u52a1\u6216\u9879\u76ee\u7684\u4f53\u7cfb\u7ed3\u6784\u3001\u7528\u9014\u548c\u5b89\u5168\u63a7\u5236\u3002\u5b83\u5e94\u8be5\u8bb0\u5f55\u8be5\u9879\u76ee\u7684\u6700\u4f73\u5b9e\u8df5\u90e8\u7f72\u3002 \u67b6\u6784\u9875\u9762\u6709\u4e00\u4e9b\u5173\u952e\u90e8\u5206\uff0c\u4e0b\u9762\u5c06\u66f4\u8be6\u7ec6\u5730\u89e3\u91ca\u8fd9\u4e9b\u90e8\u5206\uff1a \u6807\u9898\u3001\u7248\u672c\u4fe1\u606f\u3001\u8054\u7cfb\u65b9\u5f0f \u9879\u76ee\u63cf\u8ff0\u548c\u76ee\u7684 \u4e3b\u8981\u7528\u6237\u548c\u7528\u4f8b \u5916\u90e8\u4f9d\u8d56\u5173\u7cfb\u548c\u5173\u8054\u7684\u5b89\u5168\u5047\u8bbe \u7ec4\u4ef6 \u67b6\u6784\u56fe \u6570\u636e\u8d44\u4ea7 \u6570\u636e\u8d44\u4ea7\u5f71\u54cd\u5206\u6790 \u63a5\u53e3","title":"\u67b6\u6784\u9875\u9762\u6307\u5357"},{"location":"security/security-guide/#_331","text":"\u672c\u90e8\u5206\u4e3a\u67b6\u6784\u9875\u9762\u6dfb\u52a0\u6807\u9898\uff0c\u63d0\u4f9b\u8bc4\u5ba1\u72b6\u6001\uff08\u8349\u7a3f\u3001\u51c6\u5907\u8bc4\u5ba1\u3001\u5df2\u5ba1\u6838\uff09\uff0c\u5e76\u6355\u83b7\u9879\u76ee\u7684\u53d1\u5e03\u548c\u7248\u672c\uff08\u5982\u679c\u76f8\u5173\uff09\u3002\u5b83\u8fd8\u8bb0\u5f55\u4e86\u9879\u76ee\u7684 PTL\u3001\u8d1f\u8d23\u751f\u6210\u67b6\u6784\u9875\u9762\u3001\u56fe\u8868\u548c\u5b8c\u6210\u8bc4\u5ba1\u7684\u9879\u76ee\u67b6\u6784\u5e08\uff08\u8fd9\u53ef\u80fd\u662f\u4e5f\u53ef\u80fd\u4e0d\u662f PTL\uff09\u548c\u5b89\u5168\u8bc4\u5ba1\u5458\u3002","title":"\u6807\u9898\u3001\u7248\u672c\u4fe1\u606f\u3001\u8054\u7cfb\u65b9\u5f0f"},{"location":"security/security-guide/#_332","text":"\u672c\u8282\u5c06\u5305\u542b\u9879\u76ee\u7684\u7b80\u8981\u8bf4\u660e\uff0c\u4ee5\u5411\u7b2c\u4e09\u65b9\u4ecb\u7ecd\u8be5\u670d\u52a1\u3002\u8fd9\u5e94\u8be5\u662f\u4e00\u4e24\u4e2a\u6bb5\u843d\uff0c\u53ef\u4ee5\u4ece wiki \u6216\u5176\u4ed6\u6587\u6863\u4e2d\u526a\u5207/\u7c98\u8d34\u3002\u5305\u62ec\u76f8\u5173\u6f14\u793a\u6587\u7a3f\u548c\u66f4\u591a\u6587\u6863\u7684\u94fe\u63a5\uff08\u5982\u679c\u6709\uff09\u3002 \u4f8b\u5982\uff1a \u201cAnchor \u662f\u4e00\u79cd\u516c\u94a5\u57fa\u7840\u8bbe\u65bd \uff08PKI\uff09 \u670d\u52a1\uff0c\u5b83\u4f7f\u7528\u81ea\u52a8\u8bc1\u4e66\u8bf7\u6c42\u9a8c\u8bc1\u6765\u81ea\u52a8\u505a\u51fa\u9881\u53d1\u51b3\u7b56\u3002\u8bc1\u4e66\u7684\u9881\u53d1\u65f6\u95f4\u5f88\u77ed\uff08\u901a\u5e38\u4e3a 12-48 \u5c0f\u65f6\uff09\uff0c\u4ee5\u907f\u514d\u4e0e CRL \u548c OCSP \u76f8\u5173\u7684\u6709\u7f3a\u9677\u7684\u540a\u9500\u95ee\u9898\u3002","title":"\u9879\u76ee\u63cf\u8ff0\u548c\u76ee\u7684"},{"location":"security/security-guide/#_333","text":"\u5df2\u5b9e\u73b0\u67b6\u6784\u7684\u9884\u671f\u4e3b\u8981\u7528\u6237\u53ca\u5176\u7528\u4f8b\u7684\u5217\u8868\u3002\u201c\u7528\u6237\u201d\u53ef\u4ee5\u662f OpenStack \u4e2d\u7684\u53c2\u4e0e\u8005\u6216\u5176\u4ed6\u670d\u52a1\u3002 \u4f8b\u5982\uff1a \u6700\u7ec8\u7528\u6237\u5c06\u4f7f\u7528\u7cfb\u7edf\u6765\u5b58\u50a8\u654f\u611f\u6570\u636e\uff0c\u4f8b\u5982\u5bc6\u7801\u3001\u52a0\u5bc6\u5bc6\u94a5\u7b49\u3002 \u4e91\u7ba1\u7406\u5458\u5c06\u4f7f\u7528\u7ba1\u7406 API \u6765\u7ba1\u7406\u8d44\u6e90\u914d\u989d\u3002","title":"\u4e3b\u8981\u7528\u6237\u548c\u7528\u4f8b"},{"location":"security/security-guide/#_334","text":"\u5916\u90e8\u4f9d\u8d56\u9879\u662f\u670d\u52a1\u64cd\u4f5c\u6240\u9700\u7684\u4e0d\u53d7\u63a7\u5236\u7684\u9879\uff0c\u5982\u679c\u5b83\u4eec\u53d7\u5230\u5a01\u80c1\u6216\u53d8\u5f97\u4e0d\u53ef\u7528\uff0c\u53ef\u80fd\u4f1a\u5f71\u54cd\u670d\u52a1\u3002\u8fd9\u4e9b\u9879\u76ee\u901a\u5e38\u4e0d\u5728\u5f00\u53d1\u4eba\u5458\u7684\u63a7\u5236\u8303\u56f4\u5185\uff0c\u4f46\u5728\u90e8\u7f72\u8005\u7684\u63a7\u5236\u8303\u56f4\u5185\uff0c\u6216\u8005\u5b83\u4eec\u53ef\u80fd\u7531\u7b2c\u4e09\u65b9\u64cd\u4f5c\u3002\u8bbe\u5907\u5e94\u88ab\u89c6\u4e3a\u5916\u90e8\u4f9d\u8d56\u9879\u3002 \u4f8b\u5982\uff1a Nova \u8ba1\u7b97\u670d\u52a1\u4f9d\u8d56\u4e8e\u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743\u670d\u52a1\u3002\u5728\u5178\u578b\u90e8\u7f72\u4e2d\uff0c\u6b64\u4f9d\u8d56\u5173\u7cfb\u5c06\u7531 keystone \u670d\u52a1\u5b9e\u73b0\u3002 Barbican \u4f9d\u8d56\u4e8e\u786c\u4ef6\u5b89\u5168\u6a21\u5757 \uff08HSM\uff09 \u8bbe\u5907\u7684\u4f7f\u7528\u3002","title":"\u5916\u90e8\u4f9d\u8d56\u548c\u76f8\u5173\u7684\u5b89\u5168\u5047\u8bbe"},{"location":"security/security-guide/#_335","text":"\u5df2\u90e8\u7f72\u9879\u76ee\u7684\u7ec4\u4ef6\u5217\u8868\uff0c\u4e0d\u5305\u62ec\u5916\u90e8\u5b9e\u4f53\u3002\u6bcf\u4e2a\u7ec4\u4ef6\u90fd\u5e94\u547d\u540d\u5e76\u7b80\u8981\u63cf\u8ff0\u5176\u7528\u9014\uff0c\u5e76\u4f7f\u7528\u4f7f\u7528\u7684\u4e3b\u8981\u6280\u672f\uff08\u4f8b\u5982 Python\u3001MySQL\u3001RabbitMQ\uff09\u8fdb\u884c\u6807\u8bb0\u3002 \u4f8b\u5982\uff1a keystone \u76d1\u542c\u5668\u8fdb\u7a0b \uff08Python\uff09\uff1a\u4f7f\u7528 keystone \u670d\u52a1\u53d1\u5e03\u7684 keystone \u4e8b\u4ef6\u7684 Python \u8fdb\u7a0b\u3002 \u6570\u636e\u5e93 \uff08MySQL\uff09\uff1aMySQL \u6570\u636e\u5e93\uff0c\u7528\u4e8e\u5b58\u50a8\u4e0e\u5176\u6258\u7ba1\u5b9e\u4f53\u53ca\u5176\u5143\u6570\u636e\u76f8\u5173\u7684\u5df4\u6bd4\u80af\u72b6\u6001\u6570\u636e\u3002","title":"\u7ec4\u4ef6"},{"location":"security/security-guide/#_336","text":"\u67b6\u6784\u56fe\u663e\u793a\u4e86\u7cfb\u7edf\u7684\u903b\u8f91\u5e03\u5c40\uff0c\u4ee5\u4fbf\u5b89\u5168\u5ba1\u9605\u8005\u53ef\u4ee5\u4e0e\u9879\u76ee\u56e2\u961f\u4e00\u8d77\u9010\u6b65\u5b8c\u6210\u67b6\u6784\u3002\u5b83\u662f\u4e00\u4e2a\u903b\u8f91\u56fe\uff0c\u663e\u793a\u7ec4\u4ef6\u5982\u4f55\u4ea4\u4e92\u3001\u5b83\u4eec\u5982\u4f55\u8fde\u63a5\u5230\u5916\u90e8\u5b9e\u4f53\u4ee5\u53ca\u901a\u4fe1\u8de8\u8d8a\u4fe1\u4efb\u8fb9\u754c\u7684\u4f4d\u7f6e\u3002\u6709\u5173\u67b6\u6784\u56fe\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u5305\u62ec\u7b26\u53f7\u952e\uff0c\u5c06\u5728\u5373\u5c06\u53d1\u5e03\u7684\u67b6\u6784\u56fe\u6307\u5357\u4e2d\u7ed9\u51fa\u3002\u53ef\u4ee5\u5728\u4efb\u4f55\u53ef\u4ee5\u751f\u6210\u4f7f\u7528\u952e\u4e2d\u7b26\u53f7\u7684\u56fe\u8868\u7684\u5de5\u5177\u4e2d\u7ed8\u5236\u56fe\u8868\uff0c\u4f46\u5f3a\u70c8\u5efa\u8bae draw.io\u3002 \u6b64\u793a\u4f8b\u663e\u793a\u4e86 barbican \u67b6\u6784\u56fe\uff1a","title":"\u670d\u52a1\u67b6\u6784\u56fe"},{"location":"security/security-guide/#_337","text":"\u6570\u636e\u8d44\u4ea7\u662f\u653b\u51fb\u8005\u53ef\u80fd\u9488\u5bf9\u7684\u7528\u6237\u6570\u636e\u3001\u9ad8\u4ef7\u503c\u6570\u636e\u3001\u914d\u7f6e\u9879\u3001\u6388\u6743\u4ee4\u724c\u6216\u5176\u4ed6\u9879\u3002\u6570\u636e\u9879\u96c6\u56e0\u9879\u76ee\u800c\u5f02\uff0c\u4f46\u4e00\u822c\u800c\u8a00\uff0c\u5e94\u5c06\u5176\u89c6\u4e3a\u5bf9\u9879\u76ee\u9884\u671f\u64cd\u4f5c\u81f3\u5173\u91cd\u8981\u7684\u7c7b\u522b\u3002\u6240\u9700\u7684\u8be6\u7ec6\u7a0b\u5ea6\u5728\u67d0\u79cd\u7a0b\u5ea6\u4e0a\u53d6\u51b3\u4e8e\u4e0a\u4e0b\u6587\u3002\u6570\u636e\u901a\u5e38\u53ef\u4ee5\u5206\u7ec4\uff0c\u4f8b\u5982\u201c\u7528\u6237\u6570\u636e\u201d\u3001\u201c\u673a\u5bc6\u6570\u636e\u201d\u6216\u201c\u914d\u7f6e\u6587\u4ef6\u201d\uff0c\u4f46\u4e5f\u53ef\u4ee5\u662f\u5355\u6570\uff0c\u4f8b\u5982\u201c\u7ba1\u7406\u5458\u8eab\u4efd\u4ee4\u724c\u201d\u6216\u201c\u7528\u6237\u8eab\u4efd\u4ee4\u724c\u201d\u6216\u201c\u6570\u636e\u5e93\u914d\u7f6e\u6587\u4ef6\u201d\u3002 \u6570\u636e\u8d44\u4ea7\u5e94\u5305\u62ec\u8be5\u8d44\u4ea7\u6301\u4e45\u5316\u4f4d\u7f6e\u7684\u58f0\u660e\u3002 \u4f8b\u5982\uff1a \u673a\u5bc6\u6570\u636e - \u5bc6\u7801\u3001\u52a0\u5bc6\u5bc6\u94a5\u3001RSA \u5bc6\u94a5 - \u4fdd\u7559\u5728\u6570\u636e\u5e93 [PKCS#11] \u6216 HSM [KMIP] \u6216 [KMIP\u3001Dogtag] \u4e2d RBAC \u89c4\u5219\u96c6 - \u4fdd\u7559\u5728 policy.json \u4e2d RabbitMQ \u51ed\u8bc1 - \u4fdd\u7559\u5728 barbican.conf \u4e2d keystone \u4e8b\u4ef6\u961f\u5217\u51ed\u636e - \u4fdd\u7559\u5728 barbican.conf \u4e2d \u4e2d\u95f4\u4ef6\u914d\u7f6e - \u4fdd\u7559\u5728\u7c98\u8d34 .ini \u4e2d","title":"\u6570\u636e\u8d44\u4ea7"},{"location":"security/security-guide/#_338","text":"\u6570\u636e\u8d44\u4ea7\u5f71\u54cd\u5206\u6790\u5206\u89e3\u4e86\u6bcf\u4e2a\u6570\u636e\u8d44\u4ea7\u7684\u673a\u5bc6\u6027\u3001\u5b8c\u6574\u6027\u6216\u53ef\u7528\u6027\u635f\u5931\u7684\u5f71\u54cd\u3002\u9879\u76ee\u67b6\u6784\u5e08\u5e94\u8be5\u5c1d\u8bd5\u5b8c\u6210\u8fd9\u9879\u5de5\u4f5c\uff0c\u56e0\u4e3a\u4ed6\u4eec\u6700\u8be6\u7ec6\u5730\u4e86\u89e3\u4ed6\u4eec\u7684\u9879\u76ee\uff0c\u4f46 OpenStack \u5b89\u5168\u9879\u76ee \uff08OSSP\uff09 \u5c06\u5728\u5b89\u5168\u5ba1\u67e5\u671f\u95f4\u4e0e\u9879\u76ee\u4e00\u8d77\u89e3\u51b3\u8fd9 \u4e2a\u95ee\u9898\uff0c\u5e76\u53ef\u80fd\u6dfb\u52a0\u6216\u66f4\u65b0\u5f71\u54cd\u7ec6\u8282\u3002 \u4f8b\u5982\uff1a RabbitMQ \u51ed\u636e\uff1a \u5b8c\u6574\u6027\u6545\u969c\u5f71\u54cd\uff1abarbican \u548c Workers \u65e0\u6cd5\u518d\u8bbf\u95ee\u961f\u5217\u3002\u62d2\u7edd\u670d\u52a1\u3002 \u673a\u5bc6\u6027\u6545\u969c\u5f71\u54cd\uff1a\u653b\u51fb\u8005\u53ef\u4ee5\u5c06\u65b0\u4efb\u52a1\u6dfb\u52a0\u5230\u961f\u5217\u4e2d\uff0c\u8fd9\u4e9b\u4efb\u52a1\u5c06\u7531\u5de5\u4f5c\u4eba\u5458\u6267\u884c\u3002\u653b\u51fb\u8005\u53ef\u80fd\u8017\u5c3d\u7528\u6237\u914d\u989d\u3002\u62d2\u7edd\u670d\u52a1\u3002\u7528\u6237\u5c06\u65e0\u6cd5\u521b\u5efa\u771f\u6b63\u7684\u673a\u5bc6\u3002 \u53ef\u7528\u6027\u6545\u969c\u5f71\u54cd\uff1a\u5982\u679c\u6ca1\u6709\u5bf9\u961f\u5217\u7684\u8bbf\u95ee\u6743\u9650\uff0cbarbican \u65e0\u6cd5\u518d\u521b\u5efa\u65b0\u5bc6\u94a5\u3002 Keystone \u51ed\u636e\uff1a \u5b8c\u6574\u6027\u6545\u969c\u5f71\u54cd\uff1abarbican \u5c06\u65e0\u6cd5\u9a8c\u8bc1\u7528\u6237\u51ed\u636e\u5e76\u5931\u8d25\u3002\u62d2\u7edd\u670d\u52a1\u3002 \u673a\u5bc6\u6027\u6545\u969c\u5f71\u54cd\uff1a\u6076\u610f\u7528\u6237\u53ef\u80fd\u4f1a\u6ee5\u7528\u5176\u4ed6 OpenStack \u670d\u52a1\uff08\u53d6\u51b3\u4e8e keystone \u89d2\u8272\u914d\u7f6e\uff09\uff0c\u4f46 barbican \u4e0d\u53d7\u5f71\u54cd\u3002\u5982\u679c\u7528\u4e8e\u4ee4\u724c\u9a8c\u8bc1\u7684\u670d\u52a1\u5e10\u6237\u4e5f\u5177\u6709 barbican \u7ba1\u7406\u5458\u6743\u9650\uff0c\u5219\u6076\u610f\u7528\u6237\u53ef\u4ee5\u64cd\u7eb5 barbican \u7ba1\u7406\u5458\u529f\u80fd\u3002 \u53ef\u7528\u6027\u6545\u969c\u5f71\u54cd\uff1abarbican \u5c06\u65e0\u6cd5\u9a8c\u8bc1\u7528\u6237\u51ed\u636e\u5e76\u5931\u8d25\u3002\u62d2\u7edd\u670d\u52a1\u3002","title":"\u6570\u636e\u8d44\u4ea7\u5f71\u54cd\u5206\u6790"},{"location":"security/security-guide/#_339","text":"\u63a5\u53e3\u5217\u8868\u6355\u83b7\u4e86\u5ba1\u67e5\u8303\u56f4\u5185\u7684\u63a5\u53e3\u3002\u8fd9\u5305\u62ec\u67b6\u6784\u56fe\u4e0a\u8de8\u8d8a\u4fe1\u4efb\u8fb9\u754c\u6216\u4e0d\u4f7f\u7528\u884c\u4e1a\u6807\u51c6\u52a0\u5bc6\u534f\u8bae\uff08\u5982 TLS \u6216 SSH\uff09\u7684\u6a21\u5757\u4e4b\u95f4\u7684\u8fde\u63a5\u3002\u5bf9\u4e8e\u6bcf\u4e2a\u63a5\u53e3\uff0c\u5c06\u6355\u83b7\u4ee5\u4e0b\u4fe1\u606f\uff1a \u4f7f\u7528\u7684\u534f\u8bae \u901a\u8fc7\u8be5\u63a5\u53e3\u4f20\u8f93\u7684\u4efb\u4f55\u6570\u636e\u8d44\u4ea7 \u6709\u5173\u7528\u4e8e\u8fde\u63a5\u5230\u8be5\u63a5\u53e3\u7684\u8eab\u4efd\u9a8c\u8bc1\u7684\u4fe1\u606f \u63a5\u53e3\u7528\u9014\u7684\u7b80\u8981\u8bf4\u660e\u3002 \u8bb0\u5f55\u683c\u5f0f\u5982\u4e0b\uff1a \u4ece>\u5230[\u4f20\u8f93\u65b9\u5f0f]\uff1a \u52a8\u6001\u8d44\u4ea7 \u8eab\u4efd\u8ba4\u8bc1\uff1f \u63cf\u8ff0 \u4f8b\u5982\uff1a \u5ba2\u6237\u7aef>API \u8fdb\u7a0b [TLS]\uff1a \u4f20\u8f93\u4e2d\u7684\u8d44\u4ea7\uff1a\u7528\u6237\u5bc6\u94a5\u5931\u771f\u51ed\u636e\u3001\u660e\u6587\u5bc6\u94a5\u3001HTTP \u8c13\u8bcd\u3001\u5bc6\u94a5 ID\u3001\u8def\u5f84 \u5bf9 keystone \u51ed\u636e\u6216\u660e\u6587\u673a\u5bc6\u7684\u8bbf\u95ee\u88ab\u89c6\u4e3a\u7cfb\u7edf\u7684\u5b8c\u5168\u5b89\u5168\u6545\u969c - \u6b64\u63a5\u53e3\u5fc5\u987b\u5177\u6709\u5f3a\u5927\u7684\u673a\u5bc6\u6027\u548c\u5b8c\u6574\u6027\u63a7\u5236\u3002","title":"\u63a5\u53e3"},{"location":"security/security-guide/#_340","text":"\u5217\u51fa\u4e0e\u9879\u76ee\u76f8\u5173\u7684\u8d44\u6e90\uff0c\u4f8b\u5982\u63cf\u8ff0\u5176\u90e8\u7f72\u548c\u7528\u6cd5\u7684 Wiki \u9875\u9762\uff0c\u4ee5\u53ca\u6307\u5411\u4ee3\u7801\u5b58\u50a8\u5e93\u548c\u76f8\u5173\u6f14\u793a\u6587\u7a3f\u7684\u94fe\u63a5\u3002","title":"\u8d44\u6e90"},{"location":"security/security-guide/#_341","text":"\u8eab\u4efd\u670d\u52a1\u68c0\u67e5\u8868 \u4eea\u8868\u677f\u68c0\u67e5\u8868 \u8ba1\u7b97\u670d\u52a1\u68c0\u67e5\u8868 \u5757\u5b58\u50a8\u670d\u52a1\u68c0\u67e5\u8868 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u68c0\u67e5\u8868 \u7f51\u7edc\u670d\u52a1\u68c0\u67e5\u8868","title":"\u5b89\u5168\u68c0\u67e5\u8868"},{"location":"security/security-guide/#_342","text":"\u793e\u533a\u652f\u6301 \u8bcd\u6c47\u8868","title":"\u9644\u5f55"},{"location":"security/security-guide/#_343","text":"\u4ee5\u4e0b\u8d44\u6e90\u53ef\u5e2e\u52a9\u60a8\u8fd0\u884c\u548c\u4f7f\u7528 OpenStack\u3002OpenStack\u793e\u533a\u4e0d\u65ad\u6539\u8fdb\u548c\u589e\u52a0OpenStack\u7684\u4e3b\u8981\u529f\u80fd\uff0c\u4f46\u5982\u679c\u60a8\u6709\u4efb\u4f55\u95ee\u9898\uff0c\u8bf7\u968f\u65f6\u63d0\u95ee\u3002\u4f7f\u7528\u4ee5\u4e0b\u8d44\u6e90\u83b7\u53d6 OpenStack \u652f\u6301\u5e76\u5bf9\u5b89\u88c5\u8fdb\u884c\u6545\u969c\u6392\u9664\u3002","title":"\u793e\u533a\u652f\u6301"},{"location":"security/security-guide/#_344","text":"\u6709\u5173\u53ef\u7528\u7684 OpenStack \u6587\u6863\uff0c\u8bf7\u53c2\u9605 docs.openstack.org\u3002 \u4ee5\u4e0b\u6307\u5357\u89e3\u91ca\u4e86\u5982\u4f55\u5b89\u88c5\u6982\u5ff5\u9a8c\u8bc1 OpenStack \u4e91\u53ca\u5176\u76f8\u5173\u7ec4\u4ef6\uff1a Rocky \u5b89\u88c5\u6307\u5357 \u4ee5\u4e0b\u4e66\u7c4d\u4ecb\u7ecd\u4e86\u5982\u4f55\u914d\u7f6e\u548c\u8fd0\u884c OpenStack \u4e91\uff1a \u67b6\u6784\u8bbe\u8ba1\u6307\u5357 Rocky \u7ba1\u7406\u5458\u6307\u5357 Rocky \u914d\u7f6e\u6307\u5357 Rocky \u7f51\u7edc\u6307\u5357 \u9ad8\u53ef\u7528\u6027\u6307\u5357 \u5b89\u5168\u6307\u5357 \u865a\u62df\u673a\u6620\u50cf\u6307\u5357 \u4ee5\u4e0b\u4e66\u7c4d\u4ecb\u7ecd\u4e86\u5982\u4f55\u4f7f\u7528\u547d\u4ee4\u884c\u5ba2\u6237\u7aef\uff1a Rocky API \u7ed1\u5b9a \u4ee5\u4e0b\u6587\u6863\u63d0\u4f9b\u4e86 OpenStack API \u7684\u53c2\u8003\u548c\u6307\u5bfc\u4fe1\u606f\uff1a API \u6587\u6863 \u4ee5\u4e0b\u6307\u5357\u63d0\u4f9b\u4e86\u6709\u5173\u5982\u4f55\u4e3a OpenStack \u6587\u6863\u505a\u51fa\u8d21\u732e\u7684\u4fe1\u606f\uff1a \u6587\u6863\u8d21\u732e\u8005\u6307\u5357","title":"\u6587\u6863"},{"location":"security/security-guide/#openstack-wiki","text":"OpenStack wiki \u5305\u542b\u5e7f\u6cdb\u7684\u4e3b\u9898\uff0c\u4f46\u6709\u4e9b\u4fe1\u606f\u53ef\u80fd\u5f88\u96be\u627e\u5230\u6216\u53ea\u6709\u51e0\u9875\u6df1\u3002\u5e78\u8fd0\u7684\u662f\uff0cWiki \u641c\u7d22\u529f\u80fd\u4f7f\u60a8\u80fd\u591f\u6309\u6807\u9898\u6216\u5185\u5bb9\u8fdb\u884c\u641c\u7d22\u3002\u5982\u679c\u60a8\u641c\u7d22\u7279\u5b9a\u4fe1\u606f\uff0c\u4f8b\u5982\u6709\u5173\u7f51\u7edc\u6216 OpenStack \u8ba1\u7b97\u7684\u4fe1\u606f\uff0c\u60a8\u53ef\u4ee5\u627e\u5230\u5927\u91cf\u76f8\u5173\u6750\u6599\u3002\u66f4\u591a\u5185\u5bb9\u4e00\u76f4\u5728\u6dfb\u52a0\uff0c\u56e0\u6b64\u8bf7\u52a1\u5fc5\u7ecf\u5e38\u56de\u6765\u67e5\u770b\u3002\u60a8\u53ef\u4ee5\u5728\u4efb\u4f55 OpenStack wiki \u9875\u9762\u7684\u53f3\u4e0a\u89d2\u627e\u5230\u641c\u7d22\u6846\u3002","title":"OpenStack wiki"},{"location":"security/security-guide/#launchpad-bug","text":"OpenStack \u793e\u533a\u91cd\u89c6\u60a8\u7684\u8bbe\u7f6e\u548c\u6d4b\u8bd5\u5de5\u4f5c\uff0c\u5e76\u5e0c\u671b\u5f97\u5230\u60a8\u7684\u53cd\u9988\u3002\u8981\u8bb0\u5f55bug\uff0c\u60a8\u5fc5\u987b\u6ce8\u518c\u4e00\u4e2a Launchpad \u5e10\u6237\u3002\u60a8\u53ef\u4ee5\u5728 Launchpad bug \u533a\u57df\u4e2d\u67e5\u770b\u73b0\u6709bug\u5e76\u62a5\u544abug\u3002\u4f7f\u7528\u641c\u7d22\u529f\u80fd\u786e\u5b9abug\u662f\u5426\u5df2\u62a5\u544a\u6216\u5df2\u4fee\u590d\u3002\u5982\u679c\u60a8\u7684bug\u4f3c\u4e4e\u4ecd\u672a\u62a5\u544a\uff0c\u8bf7\u586b\u5199bug\u62a5\u544a\u3002 \u4e00\u4e9b\u63d0\u793a\uff1a \u7ed9\u51fa\u4e00\u4e2a\u6e05\u6670\u3001\u7b80\u6d01\u7684\u603b\u7ed3\u3002 \u5728\u63cf\u8ff0\u4e2d\u63d0\u4f9b\u5c3d\u53ef\u80fd\u591a\u7684\u8be6\u7ec6\u4fe1\u606f\u3002\u7c98\u8d34\u547d\u4ee4\u8f93\u51fa\u6216\u5806\u6808\u8ddf\u8e2a\u3001\u5c4f\u5e55\u622a\u56fe\u94fe\u63a5\u4ee5\u53ca\u53ef\u80fd\u6709\u7528\u7684\u4efb\u4f55\u5176\u4ed6\u4fe1\u606f\u3002 \u8bf7\u52a1\u5fc5\u5305\u62ec\u60a8\u6b63\u5728\u4f7f\u7528\u7684\u8f6f\u4ef6\u548c\u8f6f\u4ef6\u5305\u7248\u672c\uff0c\u5c24\u5176\u662f\u5728\u4f7f\u7528\u5f00\u53d1\u5206\u652f\uff08\u5982 \"Kilo release\" vs git commit bc79c3ecc55929bac585d04a03475b72e06a3208 . \u4efb\u4f55\u7279\u5b9a\u4e8e\u90e8\u7f72\u7684\u4fe1\u606f\u90fd\u5f88\u6709\u7528\uff0c\u4f8b\u5982\u60a8\u4f7f\u7528\u7684\u662f Ubuntu 14.04 \u8fd8\u662f\u6b63\u5728\u6267\u884c\u591a\u8282\u70b9\u5b89\u88c5\u3002 \u4ee5\u4e0b Launchpad Bug \u533a\u57df\u53ef\u7528\uff1a Bugs\uff1aOpenStack \u5757\u5b58\u50a8 \uff08cinder\uff09 Bugs\uff1aOpenStack \u8ba1\u7b97\uff08nova\uff09 Bugs\uff1aOpenStack \u4eea\u8868\u677f\uff08horizon\uff09 Bugs\uff1aOpenStack \u8eab\u4efd\u8ba4\u8bc1\uff08keystone\uff09 Bugs\uff1aOpenStack \u955c\u50cf\u670d\u52a1 \uff08glance\uff09 Bugs\uff1aOpenStack \u7f51\u7edc\uff08neutron\uff09 Bugs\uff1aOpenStack \u5bf9\u8c61\u5b58\u50a8 \uff08swift\uff09 Bugs\uff1a\u5e94\u7528\u7a0b\u5e8f\u76ee\u5f55 \uff08murano\uff09 Bugs\uff1a\u88f8\u673a\u670d\u52a1\uff08ironic\uff09 Bugs\uff1a\u96c6\u7fa4\u670d\u52a1\uff08senlin\uff09 Bugs\uff1a\u5bb9\u5668\u57fa\u7840\u67b6\u6784\u7ba1\u7406\u670d\u52a1\uff08magnum\uff09 Bugs\uff1a\u6570\u636e\u5904\u7406\u670d\u52a1\uff08sahara\uff09 Bugs\uff1a\u6570\u636e\u5e93\u670d\u52a1 \uff08trove\uff09 Bugs\uff1aDNS\u670d\u52a1\uff08designate\uff09 Bugs\uff1a\u5bc6\u94a5\u7ba1\u7406\u670d\u52a1\uff08barbican\uff09 Bugs\uff1a\u76d1\u63a7 \uff08monasca\uff09 Bugs\uff1a\u7f16\u6392 \uff08heat\uff09 Bugs\uff1a\u8bc4\u7ea7 \uff08cloudkitty\uff09 Bugs\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf \uff08manila\uff09 Bugs\uff1a\u9065\u6d4b\uff08ceilometer\uff09 Bugs\uff1a\u9065\u6d4bv3 \uff08gnocchi\uff09 Bugs\uff1a\u5de5\u4f5c\u6d41\u670d\u52a1 \uff08mistral\uff09 Bugs\uff1a\u6d88\u606f\u4f20\u9012\u670d\u52a1 \uff08zaqar\uff09 Bugs\uff1a\u5bb9\u5668\u670d\u52a1 \uff08zun\uff09 Bugs\uff1aOpenStack API \u6587\u6863 \uff08developer.openstack.org\uff09 Bugs\uff1aOpenStack \u6587\u6863 \uff08docs.openstack.org\uff09","title":"Launchpad bug \u533a\u57df"},{"location":"security/security-guide/#_345","text":"\u8981\u63d0\u4f9b\u6709\u5173\u6587\u6863\u7684\u53cd\u9988\uff0c\u8bf7\u52a0\u5165\u6211\u4eec\u5728 OFTC IRC \u7f51\u7edc\u4e0a\u7684 IRC \u9891\u9053 #openstack-doc \uff0c\u6216\u5728 Launchpad \u4e2d\u62a5\u544a\u9519\u8bef\u5e76\u9009\u62e9\u6587\u6863\u6240\u5c5e\u7684\u7279\u5b9a\u9879\u76ee\u3002","title":"\u6587\u6863\u53cd\u9988"},{"location":"security/security-guide/#openstack-irc","text":"OpenStack \u793e\u533a\u4f4d\u4e8e OFTC \u7f51\u7edc\u4e0a\u7684 #openstack IRC \u9891\u9053\u4e2d\u3002\u60a8\u53ef\u4ee5\u5728\u8fd9\u91cc\u63d0\u95ee\uff0c\u83b7\u53d6\u5373\u65f6\u53cd\u9988\uff0c\u89e3\u51b3\u7d27\u6025\u95ee\u9898\u3002\u8981\u5b89\u88c5 IRC \u5ba2\u6237\u7aef\u6216\u4f7f\u7528\u57fa\u4e8e\u6d4f\u89c8\u5668\u7684\u5ba2\u6237\u7aef\uff0c\u8bf7\u8bbf\u95ee https://webchat.oftc.net/\u3002\u60a8\u8fd8\u53ef\u4ee5\u4f7f\u7528Colloquy \uff08Mac OS X\uff09\u3001mIRC \uff08Windows\uff09 \u6216 XChat \uff08Linux\uff09\u3002\u5f53\u60a8\u5728 IRC \u9891\u9053\u4e2d\u5e76\u4e14\u60f3\u8981\u5171\u4eab\u4ee3\u7801\u6216\u547d\u4ee4\u8f93\u51fa\u65f6\uff0c\u901a\u5e38\u63a5\u53d7\u7684\u65b9\u6cd5\u662f\u4f7f\u7528 Paste Bin\u3002OpenStack \u9879\u76ee\u6709\u4e00\u4e2aPaste\u7f51\u7ad9\u3002\u53ea\u9700\u5c06\u8f83\u957f\u7684\u6587\u672c\u6216\u65e5\u5fd7\u7c98\u8d34\u5230 Web \u8868\u5355\u4e2d\uff0c\u5373\u53ef\u83b7\u5f97\u4e00\u4e2aURL\uff0c\u53ef\u4ee5\u5c06\u5176\u7c98\u8d34\u5230\u9891\u9053\u4e2d\u3002OpenStack IRC \u9891\u9053\u5904\u4e8e #openstack . irc.oftc.net \u60a8\u53ef\u4ee5\u5728 wiki \u7684 IRC \u9875\u9762\u4e0a\u627e\u5230\u6240\u6709 OpenStack IRC \u9891\u9053\u7684\u5217\u8868\u3002","title":"OpenStack IRC \u9891\u9053"},{"location":"security/security-guide/#openstack_14","text":"\u83b7\u5f97\u7b54\u6848\u548c\u89c1\u89e3\u7684\u4e00\u4e2a\u597d\u65b9\u6cd5\u662f\u5c06\u60a8\u7684\u95ee\u9898\u6216\u6709\u95ee\u9898\u7684\u573a\u666f\u53d1\u5e03\u5230 OpenStack \u90ae\u4ef6\u5217\u8868\u4e2d\u3002\u60a8\u53ef\u4ee5\u5411\u53ef\u80fd\u9047\u5230\u7c7b\u4f3c\u95ee\u9898\u7684\u5176\u4ed6\u4eba\u5b66\u4e60\u548c\u63d0\u4f9b\u5e2e\u52a9\u3002\u8981\u8ba2\u9605\u6216\u67e5\u770b\u5b58\u6863\uff0c\u8bf7\u8bbf\u95ee\u4e00\u822c\u7684 OpenStack \u90ae\u4ef6\u5217\u8868\u3002\u5982\u679c\u60a8\u5bf9\u7279\u5b9a\u9879\u76ee\u6216\u5f00\u53d1\u7684\u5176\u4ed6\u90ae\u4ef6\u5217\u8868\u611f\u5174\u8da3\uff0c\u8bf7\u53c2\u9605\u90ae\u4ef6\u5217\u8868\u3002","title":"OpenStack \u90ae\u4ef6\u5217\u8868"},{"location":"security/security-guide/#openstack_15","text":"\u4ee5\u4e0b Linux \u53d1\u884c\u7248\u4e3a OpenStack \u63d0\u4f9b\u793e\u533a\u652f\u6301\u7684\u8f6f\u4ef6\u5305\uff1a CentOS, Fedora, and Red Hat Enterprise Linux: https://www.rdoproject.org/ openSUSE and SUSE Linux Enterprise Server: https://en.opensuse.org/Portal:OpenStack Ubuntu: https://wiki.ubuntu.com/OpenStack/CloudArchive","title":"OpenStack \u53d1\u884c\u5305"},{"location":"security/security-guide/#_346","text":"\u672c\u8bcd\u6c47\u8868\u63d0\u4f9b\u4e86\u4e00\u7cfb\u5217\u672f\u8bed\u548c\u5b9a\u4e49\uff0c\u7528\u4e8e\u5b9a\u4e49 OpenStack \u76f8\u5173\u6982\u5ff5\u7684\u8bcd\u6c47\u8868\u3002 \u8981\u6dfb\u52a0\u5230 OpenStack \u672f\u8bed\u8868\uff0c\u8bf7\u514b\u9686 openstack/openstack-manuals \u5b58\u50a8\u5e93\uff0c\u5e76\u901a\u8fc7 OpenStack \u8d21\u732e\u8fc7\u7a0b\u66f4\u65b0\u6e90\u6587\u4ef6 doc/common/glossary.rst \u3002","title":"\u8bcd\u6c47\u8868"},{"location":"security/security-guide/#0-9","text":"2023.1 Antelope OpenStack \u7b2c 27 \u7248\u7684\u4ee3\u53f7\u3002\u6b64\u7248\u672c\u662f\u57fa\u4e8e\u201c\u5e74\u201d\u4e4b\u540e\u5f62\u6210\u7684\u65b0\u7248\u672c\u6807\u8bc6\u8fc7\u7a0b\u7684\u7b2c\u4e00\u4e2a\u7248\u672c\u3002\u5e74\u5185\u91ca\u653e\u8ba1\u6570\u201c\uff0cAntelope\u662f\u4e00\u79cd\u654f\u6377\u800c\u4eb2\u5207\u7684\u52a8\u7269\uff0c\u4e5f\u662f\u4e00\u79cd\u84b8\u6c7d\u673a\u8f66\u7684\u7c7b\u578b\u3002 2023.2 Bobcat OpenStack \u7b2c 28 \u7248\u7684\u4ee3\u53f7\u3002 2024.1 Caracal OpenStack \u7b2c 29 \u7248\u7684\u4ee3\u53f7\u3002 6to4 \u4e00\u79cd\u5141\u8bb8 IPv6 \u6570\u636e\u5305\u901a\u8fc7 IPv4 \u7f51\u7edc\u4f20\u8f93\u7684\u673a\u5236\uff0c\u63d0\u4f9b\u8fc1\u79fb\u5230 IPv6 \u7684\u7b56\u7565\u3002","title":"0-9"},{"location":"security/security-guide/#a","text":"\u7edd\u5bf9\u9650\u5236 \u5ba2\u6237\u673a\u865a\u62df\u673a\u7684\u4e0d\u53ef\u903e\u8d8a\u9650\u5236\u3002 \u8bbe\u7f6e\u5305\u62ec\u603b RAM \u5927\u5c0f\u3001\u6700\u5927 vCPU \u6570\u548c\u6700\u5927\u78c1\u76d8\u5927\u5c0f\u3002 \u8bbf\u95ee\u63a7\u5236\u5217\u8868\uff08ACL\uff09 \u9644\u52a0\u5230\u5bf9\u8c61\u7684\u6743\u9650\u5217\u8868\u3002ACL \u6307\u5b9a\u54ea\u4e9b\u7528\u6237\u6216\u7cfb\u7edf\u8fdb\u7a0b\u6709\u6743\u8bbf\u95ee\u5bf9\u8c61\u3002\u5b83\u8fd8\u5b9a\u4e49\u53ef\u4ee5\u5bf9\u6307\u5b9a\u5bf9\u8c61\u6267\u884c\u54ea\u4e9b\u64cd\u4f5c\u3002\u5178\u578b ACL \u4e2d\u7684\u6bcf\u4e2a\u6761\u76ee\u90fd\u6307\u5b9a\u4e00\u4e2a\u4e3b\u9898\u548c\u4e00\u4e2a\u64cd\u4f5c\u3002\u4f8b\u5982\uff0c\u6587\u4ef6\u7684 ACL \u6761\u76ee (Alice, delete) \u6388\u4e88 Alice \u5220\u9664\u8be5\u6587\u4ef6\u7684\u6743\u9650\u3002 \u8bbf\u95ee\u5bc6\u94a5 Amazon EC2 \u8bbf\u95ee\u5bc6\u94a5\u7684\u66ff\u4ee3\u672f\u8bed\u3002\u8bf7\u53c2\u9605 EC2 \u8bbf\u95ee\u5bc6\u94a5\u3002 \u8d26\u6237 \u5bf9\u8c61\u5b58\u50a8\u4e2d\u8d26\u6237\u7684\u4e0a\u4e0b\u6587\u3002\u4e0d\u8981\u4e0e\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u4e2d\u7684\u7528\u6237\u5e10\u6237\u6df7\u6dc6\uff0c\u4f8b\u5982 Active Directory\u3001/etc/passwd\u3001OpenLDAP\u3001OpenStack Identity \u7b49\u3002 \u8d26\u6237\u5ba1\u6838\u5458 \u901a\u8fc7\u5bf9\u540e\u7aef SQLite \u6570\u636e\u5e93\u8fd0\u884c\u67e5\u8be2\uff0c\u68c0\u67e5\u6307\u5b9a\u5bf9\u8c61\u5b58\u50a8\u5e10\u6237\u4e2d\u7f3a\u5c11\u7684\u526f\u672c\u4ee5\u53ca\u4e0d\u6b63\u786e\u6216\u635f\u574f\u7684\u5bf9\u8c61\u3002 \u8d26\u6237\u6570\u636e\u5e93 \u4e00\u4e2a SQLite \u6570\u636e\u5e93\uff0c\u5176\u4e2d\u5305\u542b\u5bf9\u8c61\u5b58\u50a8\u5e10\u6237\u548c\u76f8\u5173\u5143\u6570\u636e\uff0c\u5e76\u4e14\u5e10\u6237\u670d\u52a1\u5668\u53ef\u4ee5\u8bbf\u95ee\u8be5\u6570\u636e\u5e93\u3002 \u8d26\u6237\u56de\u6536\u5668 \u4e00\u4e2a\u5bf9\u8c61\u5b58\u50a8\u5de5\u4f5c\u7ebf\u7a0b\uff0c\u7528\u4e8e\u626b\u63cf\u548c\u5220\u9664\u5e10\u6237\u6570\u636e\u5e93\uff0c\u5e76\u4e14\u5e10\u6237\u670d\u52a1\u5668\u5df2\u6807\u8bb0\u4e3a\u5220\u9664\u3002 \u8d26\u6237\u670d\u52a1\u5668 \u5217\u51fa\u5bf9\u8c61\u5b58\u50a8\u4e2d\u7684\u5bb9\u5668\uff0c\u5e76\u5c06\u5bb9\u5668\u4fe1\u606f\u5b58\u50a8\u5728\u5e10\u6237\u6570\u636e\u5e93\u4e2d\u3002 \u8d26\u6237\u670d\u52a1 \u5bf9\u8c61\u5b58\u50a8\u7ec4\u4ef6\uff0c\u63d0\u4f9b\u5217\u8868\u3001\u521b\u5efa\u3001\u4fee\u6539\u3001\u5ba1\u8ba1\u7b49\u8d26\u53f7\u670d\u52a1\u3002\u4e0d\u8981\u4e0e OpenStack Identity \u670d\u52a1\u3001OpenLDAP \u6216\u7c7b\u4f3c\u7684\u7528\u6237\u5e10\u6237\u670d\u52a1\u6df7\u6dc6\u3002 \u4f1a\u8ba1 \u8ba1\u7b97\u670d\u52a1\u901a\u8fc7\u4e8b\u4ef6\u901a\u77e5\u548c\u7cfb\u7edf\u4f7f\u7528\u60c5\u51b5\u6570\u636e\u5de5\u5177\u63d0\u4f9b\u4f1a\u8ba1\u4fe1\u606f\u3002 \u6d3b\u52a8\u76ee\u5f55 Microsoft \u57fa\u4e8e LDAP \u7684\u8eab\u4efd\u9a8c\u8bc1\u548c\u8eab\u4efd\u670d\u52a1\u3002\u5728 OpenStack \u4e2d\u53d7\u652f\u6301\u3002 \u4e3b/\u4e3b\u914d\u7f6e \u5728\u5177\u6709\u4e3b/\u4e3b\u914d\u7f6e\u7684\u9ad8\u53ef\u7528\u6027\u8bbe\u7f6e\u4e2d\uff0c\u591a\u4e2a\u7cfb\u7edf\u4e00\u8d77\u5206\u62c5\u8d1f\u8f7d\uff0c\u5982\u679c\u5176\u4e2d\u4e00\u4e2a\u7cfb\u7edf\u53d1\u751f\u6545\u969c\uff0c\u5219\u8d1f\u8f7d\u5c06\u5206\u914d\u7ed9\u5176\u4f59\u7cfb\u7edf\u3002 \u4e3b/\u5907\u914d\u7f6e \u5728\u5177\u6709\u4e3b/\u5907\u914d\u7f6e\u7684\u9ad8\u53ef\u7528\u6027\u8bbe\u7f6e\u4e2d\uff0c\u7cfb\u7edf\u8bbe\u7f6e\u4e3a\u4f7f\u5176\u4ed6\u8d44\u6e90\u8054\u673a\u4ee5\u66ff\u6362\u90a3\u4e9b\u51fa\u73b0\u6545\u969c\u7684\u8d44\u6e90\u3002 \u5730\u5740\u6c60 \u5206\u914d\u7ed9\u9879\u76ee\u7684\u4e00\u7ec4\u56fa\u5b9a\u548c/\u6216\u6d6e\u52a8 IP \u5730\u5740\uff0c\u53ef\u7531\u9879\u76ee\u4e2d\u7684 VM \u5b9e\u4f8b\u4f7f\u7528\u6216\u5206\u914d\u7ed9\u9879\u76ee\u3002 \u5730\u5740\u89e3\u6790\u534f\u8bae \uff08ARP\uff09 \u5c06\u4e09\u5c42IP\u5730\u5740\u89e3\u6790\u4e3a\u4e8c\u5c42\u94fe\u8def\u672c\u5730\u5730\u5740\u7684\u534f\u8bae\u3002 \u7ba1\u7406\u5458 API \u6388\u6743\u7ba1\u7406\u5458\u53ef\u8bbf\u95ee\u7684 API \u8c03\u7528\u5b50\u96c6\uff0c\u6700\u7ec8\u7528\u6237\u6216\u516c\u5171 Internet \u901a\u5e38\u65e0\u6cd5\u8bbf\u95ee\u8fd9\u4e9b\u8c03\u7528\u3002\u5b83\u4eec\u53ef\u4ee5\u4f5c\u4e3a\u5355\u72ec\u7684\u670d\u52a1 \uff08keystone\uff09 \u5b58\u5728\uff0c\u4e5f\u53ef\u4ee5\u662f\u53e6\u4e00\u4e2a API \uff08nova\uff09 \u7684\u5b50\u96c6\u3002 \u7ba1\u7406\u5458\u670d\u52a1\u5668 \u5728 Identity \u670d\u52a1\u7684\u4e0a\u4e0b\u6587\u4e2d\uff0c\u63d0\u4f9b\u5bf9\u7ba1\u7406 API \u7684\u8bbf\u95ee\u7684\u5de5\u4f5c\u8fdb\u7a0b\u3002 \u7ba1\u7406\u5458 \u8d1f\u8d23\u5b89\u88c5\u3001\u914d\u7f6e\u548c\u7ba1\u7406 OpenStack \u4e91\u7684\u4eba\u5458\u3002 \u9ad8\u7ea7\u6d88\u606f\u961f\u5217\u534f\u8bae \uff08AMQP\uff09 OpenStack \u7ec4\u4ef6\u7528\u4e8e\u670d\u52a1\u5185\u90e8\u901a\u4fe1\u7684\u5f00\u653e\u6807\u51c6\u6d88\u606f\u4f20\u9012\u534f\u8bae\uff0c\u7531 RabbitMQ\u3001Qpid \u6216 ZeroMQ \u63d0\u4f9b\u3002 \u9ad8\u7ea7 RISC \u673a\u5668 \uff08ARM\uff09 \u4f4e\u529f\u8017 CPU \u5e38\u89c1\u4e8e\u79fb\u52a8\u548c\u5d4c\u5165\u5f0f\u8bbe\u5907\u4e2d\u3002\u7531 OpenStack \u652f\u6301\u3002 \u8b66\u62a5 \u8ba1\u7b97\u670d\u52a1\u53ef\u4ee5\u901a\u8fc7\u5176\u901a\u77e5\u7cfb\u7edf\u53d1\u9001\u8b66\u62a5\uff0c\u8be5\u7cfb\u7edf\u5305\u62ec\u7528\u4e8e\u521b\u5efa\u81ea\u5b9a\u4e49\u901a\u77e5\u9a71\u52a8\u7a0b\u5e8f\u7684\u5de5\u5177\u3002\u8b66\u62a5\u53ef\u4ee5\u53d1\u9001\u5230\u5e76\u5728\u4eea\u8868\u677f\u4e0a\u663e\u793a\u3002 \u5206\u914d \u4ece\u5730\u5740\u6c60\u4e2d\u83b7\u53d6\u6d6e\u52a8 IP \u5730\u5740\uff0c\u4ee5\u4fbf\u5c06\u5176\u4e0e\u6765\u5bbe VM \u5b9e\u4f8b\u4e0a\u7684\u56fa\u5b9a IP \u76f8\u5173\u8054\u7684\u8fc7\u7a0b\u3002 Amazon \u5185\u6838\u6620\u50cf \uff08AKI\uff09 VM \u5bb9\u5668\u683c\u5f0f\u548c\u78c1\u76d8\u683c\u5f0f\u3002\u53d7Image\u670d\u52a1\u652f\u6301\u3002 Amazon \u7cfb\u7edf\u6620\u50cf \uff08AMI\uff09 VM \u5bb9\u5668\u683c\u5f0f\u548c\u78c1\u76d8\u683c\u5f0f\u3002\u53d7Image\u670d\u52a1\u652f\u6301\u3002 Amazon Ramdisk \u6620\u50cf \uff08ARI\uff09 VM \u5bb9\u5668\u683c\u5f0f\u548c\u78c1\u76d8\u683c\u5f0f\u3002\u53d7Image\u670d\u52a1\u652f\u6301\u3002 Anvil \u5c06\u540d\u4e3a DevStack \u7684\u57fa\u4e8e shell \u811a\u672c\u7684\u9879\u76ee\u79fb\u690d\u5230 Python \u7684\u9879\u76ee\u3002 AODH OpenStack \u9065\u6d4b\u670d\u52a1\u7684\u4e00\u90e8\u5206;\u63d0\u4f9b\u62a5\u8b66\u529f\u80fd\u3002 Apache Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\u652f\u6301 Apache \u5f00\u6e90\u8f6f\u4ef6\u9879\u76ee\u7684 Apache \u793e\u533a\u3002\u8fd9\u4e9b\u9879\u76ee\u4e3a\u516c\u5171\u5229\u76ca\u63d0\u4f9b\u8f6f\u4ef6\u4ea7\u54c1\u3002 Apache \u8bb8\u53ef\u8bc1 2.0 \u6240\u6709 OpenStack \u6838\u5fc3\u9879\u76ee\u90fd\u662f\u6839\u636e Apache License 2.0 \u8bb8\u53ef\u8bc1\u7684\u6761\u6b3e\u63d0\u4f9b\u7684\u3002 Apache Web \u670d\u52a1\u5668 \u76ee\u524d\u5728 Internet \u4e0a\u4f7f\u7528\u7684\u6700\u5e38\u7528\u7684 Web \u670d\u52a1\u5668\u8f6f\u4ef6\u3002 API \u7aef\u70b9 \u5ba2\u6237\u7aef\u4e3a\u8bbf\u95ee API \u800c\u4e0e\u4e4b\u901a\u4fe1\u7684\u5b88\u62a4\u7a0b\u5e8f\u3001\u5de5\u4f5c\u7a0b\u5e8f\u6216\u670d\u52a1\u3002API \u7ec8\u7ed3\u70b9\u53ef\u4ee5\u63d0\u4f9b\u4efb\u610f\u6570\u91cf\u7684\u670d\u52a1\uff0c\u4f8b\u5982\u8eab\u4efd\u9a8c\u8bc1\u3001\u9500\u552e\u6570\u636e\u3001\u6027\u80fd\u6307\u6807\u3001\u8ba1\u7b97 VM \u547d\u4ee4\u3001\u4eba\u53e3\u666e\u67e5\u6570\u636e\u7b49\u3002 API \u6269\u5c55 \u6269\u5c55\u67d0\u4e9b OpenStack \u6838\u5fc3 API \u7684\u81ea\u5b9a\u4e49\u6a21\u5757\u3002 API \u6269\u5c55\u63d2\u4ef6 \u7f51\u7edc\u63d2\u4ef6\u6216\u7f51\u7edc API \u6269\u5c55\u7684\u66ff\u4ee3\u672f\u8bed\u3002 API \u5bc6\u94a5 API \u4ee4\u724c\u7684\u66ff\u4ee3\u672f\u8bed\u3002 API \u670d\u52a1\u5668 \u8fd0\u884c\u63d0\u4f9b API \u7aef\u70b9\u7684\u5b88\u62a4\u7a0b\u5e8f\u6216\u5de5\u4f5c\u7ebf\u7a0b\u7684\u4efb\u4f55\u8282\u70b9\u3002 API \u4ee4\u724c \u4f20\u9012\u7ed9 API \u8bf7\u6c42\u5e76\u7531 OpenStack \u7528\u4e8e\u9a8c\u8bc1\u5ba2\u6237\u7aef\u662f\u5426\u6709\u6743\u8fd0\u884c\u8bf7\u6c42\u7684\u64cd\u4f5c\u3002 API \u7248\u672c \u5728 OpenStack \u4e2d\uff0c\u9879\u76ee\u7684 API \u7248\u672c\u662f URL \u7684\u4e00\u90e8\u5206\u3002\u4f8b\u5982\uff0c example.com/nova/v1/foobar . \u5c0f\u5e94\u7528\u7a0b\u5e8f \u53ef\u4ee5\u5d4c\u5165\u5230\u7f51\u9875\u4e2d\u7684 Java \u7a0b\u5e8f\u3002 \u5e94\u7528\u7a0b\u5e8f\u76ee\u5f55\u670d\u52a1\uff08murano\uff09 \u63d0\u4f9b\u5e94\u7528\u7a0b\u5e8f\u76ee\u5f55\u670d\u52a1\u7684\u9879\u76ee\uff0c\u4ee5\u4fbf\u7528\u6237\u53ef\u4ee5\u5728\u7ba1\u7406\u5e94\u7528\u7a0b\u5e8f\u751f\u547d\u5468\u671f\u7684\u540c\u65f6\uff0c\u5728\u5e94\u7528\u7a0b\u5e8f\u62bd\u8c61\u7ea7\u522b\u4e0a\u7f16\u5199\u548c\u90e8\u7f72\u590d\u5408\u73af\u5883\u3002 \u5e94\u7528\u7a0b\u5e8f\u7f16\u7a0b\u63a5\u53e3\uff08API\uff09 \u7528\u4e8e\u8bbf\u95ee\u670d\u52a1\u3001\u5e94\u7528\u7a0b\u5e8f\u6216\u7a0b\u5e8f\u7684\u89c4\u8303\u96c6\u5408\u3002\u5305\u62ec\u670d\u52a1\u8c03\u7528\u3001\u6bcf\u4e2a\u8c03\u7528\u7684\u5fc5\u9700\u53c2\u6570\u4ee5\u53ca\u9884\u671f\u7684\u8fd4\u56de\u503c\u3002 \u5e94\u7528\u670d\u52a1\u5668 \u4e00\u79cd\u8f6f\u4ef6\uff0c\u5b83\u4f7f\u53e6\u4e00\u79cd\u8f6f\u4ef6\u5728\u7f51\u7edc\u4e0a\u53ef\u7528\u3002 \u5e94\u7528\u670d\u52a1\u63d0\u4f9b\u8005\u5546\uff08ASP\uff09 \u79df\u7528\u4e13\u7528\u5e94\u7528\u7a0b\u5e8f\u7684\u516c\u53f8\uff0c\u8fd9\u4e9b\u5e94\u7528\u7a0b\u5e8f\u53ef\u5e2e\u52a9\u4f01\u4e1a\u548c\u7ec4\u7ec7\u4ee5\u66f4\u4f4e\u7684\u6210\u672c\u63d0\u4f9b\u9644\u52a0\u670d\u52a1\u3002 \u53ef\u5206\u914d \u7528\u4e8e\u7ef4\u62a4 Linux \u5185\u6838\u9632\u706b\u5899\u6a21\u5757\u4e2d\u7684\u5730\u5740\u89e3\u6790\u534f\u8bae\u6570\u636e\u5305\u8fc7\u6ee4\u89c4\u5219\u7684\u5de5\u5177\u3002\u5728\u8ba1\u7b97\u4e2d\u4e0e iptables\u3001ebtables \u548c ip6tables \u4e00\u8d77\u4f7f\u7528\uff0c\u4e3a VM \u63d0\u4f9b\u9632\u706b\u5899\u670d\u52a1\u3002 \u5173\u8054 \u5c06\u8ba1\u7b97\u6d6e\u52a8 IP \u5730\u5740\u4e0e\u56fa\u5b9a IP \u5730\u5740\u5173\u8054\u7684\u8fc7\u7a0b\u3002 \u5f02\u6b65 JavaScript \u548c XML \uff08AJAX\uff09 \u4e00\u7ec4\u76f8\u4e92\u5173\u8054\u7684 Web \u5f00\u53d1\u6280\u672f\uff0c\u7528\u4e8e\u5728\u5ba2\u6237\u7aef\u521b\u5efa\u5f02\u6b65 Web \u5e94\u7528\u7a0b\u5e8f\u3002\u5728\u5730\u5e73\u7ebf\u4e2d\u5e7f\u6cdb\u4f7f\u7528\u3002 \u4ee5\u592a\u7f51 ATA \uff08AoE\uff09 \u5728\u4ee5\u592a\u7f51\u4e2d\u5efa\u7acb\u96a7\u9053\u7684\u78c1\u76d8\u5b58\u50a8\u534f\u8bae\u3002 \u9644\u52a0 \u5728\u7f51\u7edc\u4e2d\u5c06 VIF \u6216 vNIC \u8fde\u63a5\u5230 L2 \u7f51\u7edc\u7684\u8fc7\u7a0b\u3002\u5728\u8ba1\u7b97\u4e0a\u4e0b\u6587\u4e2d\uff0c\u6b64\u8fc7\u7a0b\u5c06\u5b58\u50a8\u5377\u8fde\u63a5\u5230\u5b9e\u4f8b\u3002 \u9644\u4ef6\uff08\u7f51\u7edc\uff09 \u63a5\u53e3 ID \u4e0e\u903b\u8f91\u7aef\u53e3\u7684\u5173\u8054\u3002\u5c06\u63a5\u53e3\u63d2\u5165\u7aef\u53e3\u3002 \u5ba1\u8ba1 \u901a\u8fc7\u7cfb\u7edf\u4f7f\u7528\u60c5\u51b5\u6570\u636e\u5de5\u5177\u5728\u8ba1\u7b97\u4e2d\u63d0\u4f9b\u3002 \u5ba1\u8ba1\u5458 \u9a8c\u8bc1\u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61\u3001\u5bb9\u5668\u548c\u5e10\u6237\u5b8c\u6574\u6027\u7684\u5de5\u4f5c\u8fdb\u7a0b\u3002\u5ba1\u6838\u5458\u662f\u5bf9\u8c61\u5b58\u50a8\u5e10\u6237\u5ba1\u8ba1\u5458\u3001\u5bb9\u5668\u5ba1\u8ba1\u5458\u548c\u5bf9\u8c61\u5ba1\u8ba1\u5458\u7684\u7edf\u79f0\u3002 Austin OpenStack \u521d\u59cb\u7248\u672c\u7684\u4ee3\u53f7\u3002\u9996\u5c4a\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u7f8e\u56fd\u5fb7\u514b\u8428\u65af\u5dde\u5965\u65af\u6c40\u4e3e\u884c\u3002 auth \u8282\u70b9 \u5bf9\u8c61\u5b58\u50a8\u6388\u6743\u8282\u70b9\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u8eab\u4efd\u9a8c\u8bc1 \u901a\u8fc7\u79c1\u94a5\u3001\u79d8\u5bc6\u4ee4\u724c\u3001\u5bc6\u7801\u3001\u6307\u7eb9\u6216\u7c7b\u4f3c\u65b9\u6cd5\u786e\u8ba4\u7528\u6237\u3001\u8fdb\u7a0b\u6216\u5ba2\u6237\u7aef\u786e\u5b9e\u662f\u4ed6\u4eec\u6240\u8bf4\u7684\u4eba\u7684\u8fc7\u7a0b\u3002 \u8eab\u4efd\u9a8c\u8bc1\u4ee4\u724c \u8eab\u4efd\u9a8c\u8bc1\u540e\u63d0\u4f9b\u7ed9\u5ba2\u6237\u7aef\u7684\u6587\u672c\u5b57\u7b26\u4e32\u3002\u5fc5\u987b\u7531\u7528\u6237\u6216\u8fdb\u7a0b\u5728\u5bf9 API \u7aef\u70b9\u7684\u540e\u7eed\u8bf7\u6c42\u4e2d\u63d0\u4f9b\u3002 AuthN \u63d0\u4f9b\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u7684\u6807\u8bc6\u670d\u52a1\u7ec4\u4ef6\u3002 \u6388\u6743 \u9a8c\u8bc1\u7528\u6237\u3001\u8fdb\u7a0b\u6216\u5ba2\u6237\u7aef\u662f\u5426\u6709\u6743\u6267\u884c\u64cd\u4f5c\u7684\u884c\u4e3a\u3002 \u6388\u6743\u8282\u70b9 \u63d0\u4f9b\u6388\u6743\u670d\u52a1\u7684\u5bf9\u8c61\u5b58\u50a8\u8282\u70b9\u3002 AuthZ \u63d0\u4f9b\u9ad8\u7ea7\u6388\u6743\u670d\u52a1\u7684\u8eab\u4efd\u7ec4\u4ef6\u3002 \u81ea\u52a8\u786e\u8ba4 RabbitMQ \u4e2d\u7684\u914d\u7f6e\u8bbe\u7f6e\uff0c\u7528\u4e8e\u542f\u7528\u6216\u7981\u7528\u6d88\u606f\u786e\u8ba4\u3002\u9ed8\u8ba4\u542f\u7528\u3002 \u81ea\u52a8\u58f0\u660e \u4e00\u4e2a Compute RabbitMQ \u8bbe\u7f6e\uff0c\u7528\u4e8e\u786e\u5b9a\u5728\u7a0b\u5e8f\u542f\u52a8\u65f6\u662f\u5426\u81ea\u52a8\u521b\u5efa\u6d88\u606f\u4ea4\u6362\u3002 \u53ef\u7528\u533a \u7528\u4e8e\u5bb9\u9519\u7684\u9694\u79bb\u533a\u57df\u7684 Amazon EC2 \u6982\u5ff5\u3002\u4e0d\u8981\u4e0e OpenStack Compute \u533a\u57df\u6216\u5355\u5143\u6df7\u6dc6\u3002 AWS CloudFormation \u6a21\u677f AWS CloudFormation \u5141\u8bb8 Amazon Web Services \uff08AWS\uff09 \u7528\u6237\u521b\u5efa\u548c\u7ba1\u7406\u76f8\u5173\u8d44\u6e90\u7684\u96c6\u5408\u3002\u7f16\u6392\u670d\u52a1\u652f\u6301\u4e0e CloudFormation \u517c\u5bb9\u7684\u683c\u5f0f \uff08CFN\uff09\u3002","title":"A"},{"location":"security/security-guide/#b","text":"\u540e\u7aef \u5bf9\u7528\u6237\u8fdb\u884c\u6a21\u7cca\u5904\u7406\u7684\u4ea4\u4e92\u548c\u8fdb\u7a0b\uff0c\u4f8b\u5982\u8ba1\u7b97\u5377\u6302\u8f7d\u3001\u5b88\u62a4\u7a0b\u5e8f\u5411 iSCSI \u76ee\u6807\u4f20\u8f93\u6570\u636e\u6216\u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61\u5b8c\u6574\u6027\u68c0\u67e5\u3002 \u540e\u7aef\u76ee\u5f55 \u8eab\u4efd\u670d\u52a1\u76ee\u5f55\u670d\u52a1\u7528\u4e8e\u5b58\u50a8\u548c\u68c0\u7d22\u6709\u5173\u5ba2\u6237\u7aef\u53ef\u7528\u7684 API \u7aef\u70b9\u7684\u4fe1\u606f\u7684\u5b58\u50a8\u65b9\u6cd5\u3002\u793a\u4f8b\u5305\u62ec SQL \u6570\u636e\u5e93\u3001LDAP \u6570\u636e\u5e93\u6216 KVS \u540e\u7aef\u3002 \u540e\u7aef\u5b58\u50a8 \u7528\u4e8e\u4fdd\u5b58\u548c\u68c0\u7d22\u670d\u52a1\u4fe1\u606f\u7684\u6301\u4e45\u6027\u6570\u636e\u5b58\u50a8\uff0c\u4f8b\u5982\u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61\u5217\u8868\u3001\u5ba2\u6237\u673a\u865a\u62df\u673a\u7684\u5f53\u524d\u72b6\u6001\u3001\u7528\u6237\u540d\u5217\u8868\u7b49\u3002\u6b64\u5916\uff0c\u6620\u50cf\u670d\u52a1\u7528\u4e8e\u83b7\u53d6\u548c\u5b58\u50a8 VM \u6620\u50cf\u7684\u65b9\u6cd5\u3002\u9009\u9879\u5305\u62ec\u5bf9\u8c61\u5b58\u50a8\u3001\u672c\u5730\u6302\u8f7d\u7684\u6587\u4ef6\u7cfb\u7edf\u3001RADOS \u5757\u8bbe\u5907\u3001VMware \u6570\u636e\u5b58\u50a8\u548c HTTP\u3002 \u5907\u4efd\u3001\u6062\u590d\u548c\u707e\u96be\u6062\u590d\u670d\u52a1\uff08freezer\uff09 \u63d0\u4f9b\u7528\u4e8e\u5907\u4efd\u3001\u8fd8\u539f\u548c\u6062\u590d\u6587\u4ef6\u7cfb\u7edf\u3001\u5b9e\u4f8b\u6216\u6570\u636e\u5e93\u5907\u4efd\u7684\u96c6\u6210\u5de5\u5177\u7684\u9879\u76ee\u3002 \u5e26\u5bbd \u901a\u4fe1\u8d44\u6e90\uff08\u5982 Internet\uff09\u4f7f\u7528\u7684\u53ef\u7528\u6570\u636e\u91cf\u3002\u8868\u793a\u7528\u4e8e\u4e0b\u8f7d\u5185\u5bb9\u7684\u6570\u636e\u91cf\u6216\u53ef\u4f9b\u4e0b\u8f7d\u7684\u6570\u636e\u91cf\u3002 barbican Key Manager \u670d\u52a1\u7684\u4ee3\u53f7\u3002 \u88f8\u673a \u6620\u50cf\u670d\u52a1\u5bb9\u5668\u683c\u5f0f\uff0c\u6307\u793a VM \u6620\u50cf\u4e0d\u5b58\u5728\u5bb9\u5668\u3002 \u88f8\u673a\u670d\u52a1\uff08ironic\uff09 OpenStack \u670d\u52a1\uff0c\u5b83\u63d0\u4f9b\u670d\u52a1\u548c\u5173\u8054\u7684\u5e93\uff0c\u80fd\u591f\u4ee5\u5b89\u5168\u611f\u77e5\u548c\u5bb9\u9519\u7684\u65b9\u5f0f\u7ba1\u7406\u548c\u914d\u7f6e\u7269\u7406\u673a\u3002 \u57fa\u7840\u6620\u50cf OpenStack \u63d0\u4f9b\u7684\u6620\u50cf\u3002 Bell-LaPadula \u6a21\u578b \u4e00\u79cd\u5b89\u5168\u6a21\u578b\uff0c\u4fa7\u91cd\u4e8e\u6570\u636e\u673a\u5bc6\u6027\u548c\u5bf9\u673a\u5bc6\u4fe1\u606f\u7684\u53d7\u63a7\u8bbf\u95ee\u3002\u8be5\u6a21\u578b\u5c06\u5b9e\u4f53\u5206\u4e3a\u4e3b\u4f53\u548c\u5ba2\u4f53\u3002\u5c06\u4e3b\u4f53\u7684\u8bb8\u53ef\u4e0e\u4e3b\u4f53\u7684\u5206\u7c7b\u8fdb\u884c\u6bd4\u8f83\uff0c\u4ee5\u786e\u5b9a\u4e3b\u4f53\u662f\u5426\u88ab\u6388\u6743\u7528\u4e8e\u7279\u5b9a\u7684\u8bbf\u95ee\u6a21\u5f0f\u3002\u95f4\u9699\u6216\u5206\u7c7b\u65b9\u6848\u7528\u6676\u683c\u8868\u793a\u3002 \u57fa\u51c6\u670d\u52a1\uff08\u53cd\u5f39\uff09 OpenStack\u9879\u76ee\uff0c\u4e3a\u5355\u4e2aOpenStack\u7ec4\u4ef6\u7684\u6027\u80fd\u5206\u6790\u548c\u57fa\u51c6\u6d4b\u8bd5\u4ee5\u53ca\u5b8c\u6574\u7684\u751f\u4ea7OpenStack\u4e91\u90e8\u7f72\u63d0\u4f9b\u4e86\u4e00\u4e2a\u6846\u67b6\u3002 Bexar 2011 \u5e74 2 \u6708\u53d1\u5e03\u7684\u4e0e OpenStack \u76f8\u5173\u7684\u9879\u76ee\u7684\u5206\u7ec4\u7248\u672c\u3002\u5b83\u4ec5\u5305\u62ec\u8ba1\u7b97 \uff08nova\uff09 \u548c\u5bf9\u8c61\u5b58\u50a8 \uff08swift\uff09\u3002Bexar \u662f OpenStack \u7b2c\u4e8c\u4e2a\u7248\u672c\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u7f8e\u56fd\u5fb7\u514b\u8428\u65af\u5dde\u5723\u5b89\u4e1c\u5c3c\u5965\u4e3e\u884c\uff0c\u8fd9\u91cc\u662f\u8d1d\u514b\u8428\u5c14\u53bf\u7684\u53bf\u57ce\u3002 \u4e8c\u8fdb\u5236 \u4ec5\u7531 1 \u548c 0 \u7ec4\u6210\u7684\u4fe1\u606f\uff0c\u8fd9\u662f\u8ba1\u7b97\u673a\u7684\u8bed\u8a00\u3002 \u4f4d \u4f4d\u662f\u4ee5 2 \u4e3a\u57fa\u6570\u7684\u4e2a\u4f4d\u6570\uff080 \u6216 1\uff09\u3002\u5e26\u5bbd\u4f7f\u7528\u91cf\u4ee5\u6bcf\u79d2\u4f4d\u6570\u4e3a\u5355\u4f4d\u3002 \u6bcf\u79d2\u6bd4\u7279\u6570 \uff08BPS\uff09 \u901a\u7528\u6d4b\u91cf\u6570\u636e\u4ece\u4e00\u4e2a\u5730\u65b9\u4f20\u8f93\u5230\u53e6\u4e00\u4e2a\u5730\u65b9\u7684\u901f\u5ea6\u3002 \u5757\u8bbe\u5907 \u4e00\u79cd\u4ee5\u5757\u7684\u5f62\u5f0f\u79fb\u52a8\u6570\u636e\u7684\u8bbe\u5907\u3002\u8fd9\u4e9b\u8bbe\u5907\u8282\u70b9\u8fde\u63a5\u8bbe\u5907\uff0c\u4f8b\u5982\u786c\u76d8\u3001CD-ROM \u9a71\u52a8\u5668\u3001\u95ea\u5b58\u9a71\u52a8\u5668\u548c\u5176\u4ed6\u53ef\u5bfb\u5740\u5185\u5b58\u533a\u57df\u3002 \u533a\u5757\u8fc1\u79fb KVM \u4f7f\u7528\u7684\u4e00\u79cd\u865a\u62df\u673a\u5b9e\u65f6\u8fc1\u79fb\u65b9\u6cd5\uff0c\u7528\u4e8e\u5728\u7528\u6237\u542f\u52a8\u7684\u5207\u6362\u671f\u95f4\u5c06\u5b9e\u4f8b\u4ece\u4e00\u53f0\u4e3b\u673a\u64a4\u79bb\u5230\u53e6\u4e00\u53f0\u4e3b\u673a\uff0c\u505c\u673a\u65f6\u95f4\u975e\u5e38\u77ed\u3002\u4e0d\u9700\u8981\u5171\u4eab\u5b58\u50a8\u3002\u7531\u8ba1\u7b97\u652f\u6301\u3002 \u5757\u5b58\u50a8 API \u5355\u72ec\u7ec8\u7ed3\u70b9\u4e0a\u7684 API\uff0c\u7528\u4e8e\u4e3a\u8ba1\u7b97 VM \u9644\u52a0\u3001\u5206\u79bb\u548c\u521b\u5efa\u5757\u5b58\u50a8\u3002 \u5757\u5b58\u50a8\u670d\u52a1\uff08cinder\uff09 OpenStack \u670d\u52a1\uff0c\u5b83\u5b9e\u73b0\u4e86\u670d\u52a1\u548c\u5e93\uff0c\u901a\u8fc7\u5728\u5176\u4ed6\u5757\u5b58\u50a8\u8bbe\u5907\u4e4b\u4e0a\u7684\u62bd\u8c61\u548c\u81ea\u52a8\u5316\uff0c\u63d0\u4f9b\u5bf9\u5757\u5b58\u50a8\u8d44\u6e90\u7684\u6309\u9700\u81ea\u52a9\u8bbf\u95ee\u3002 BMC\uff08\u57fa\u677f\u7ba1\u7406\u63a7\u5236\u5668\uff09 IPMI\u67b6\u6784\u4e2d\u7684\u667a\u80fd\uff0c\u5b83\u662f\u4e00\u79cd\u4e13\u7528\u7684\u5fae\u63a7\u5236\u5668\uff0c\u5d4c\u5165\u5728\u8ba1\u7b97\u673a\u4e3b\u677f\u4e0a\u5e76\u5145\u5f53\u670d\u52a1\u5668\u3002\u7ba1\u7406\u7cfb\u7edf\u7ba1\u7406\u8f6f\u4ef6\u548c\u5e73\u53f0\u786c\u4ef6\u4e4b\u95f4\u7684\u63a5\u53e3\u3002 \u53ef\u542f\u52a8\u78c1\u76d8\u6620\u50cf \u4e00\u79cd VM \u6620\u50cf\u7c7b\u578b\uff0c\u4ee5\u5355\u4e2a\u53ef\u542f\u52a8\u6587\u4ef6\u7684\u5f62\u5f0f\u5b58\u5728\u3002 Bootstrap \u534f\u8bae \uff08BOOTP\uff09 \u7f51\u7edc\u5ba2\u6237\u7aef\u7528\u4e8e\u4ece\u914d\u7f6e\u670d\u52a1\u5668\u83b7\u53d6 IP \u5730\u5740\u7684\u7f51\u7edc\u534f\u8bae\u3002\u5728\u4f7f\u7528 FlatDHCP \u7ba1\u7406\u5668\u6216 VLAN \u7ba1\u7406\u5668\u7f51\u7edc\u7ba1\u7406\u5668\u65f6\uff0c\u901a\u8fc7 dnsmasq \u5b88\u62a4\u7a0b\u5e8f\u8fdb\u884c\u8ba1\u7b97\u4e2d\u63d0\u4f9b\u3002 \u8fb9\u754c\u7f51\u5173\u534f\u8bae \uff08BGP\uff09 \u8fb9\u754c\u7f51\u5173\u534f\u8bae\u662f\u4e00\u79cd\u8fde\u63a5\u81ea\u6cbb\u7cfb\u7edf\u7684\u52a8\u6001\u8def\u7531\u534f\u8bae\u3002\u8be5\u534f\u8bae\u88ab\u8ba4\u4e3a\u662f\u4e92\u8054\u7f51\u7684\u9aa8\u5e72\uff0c\u5c06\u4e0d\u540c\u7684\u7f51\u7edc\u8fde\u63a5\u8d77\u6765\uff0c\u5f62\u6210\u4e00\u4e2a\u66f4\u5927\u7684\u7f51\u7edc\u3002 \u6d4f\u89c8\u5668 \u4f7f\u8ba1\u7b97\u673a\u6216\u8bbe\u5907\u80fd\u591f\u8bbf\u95ee Internet \u7684\u4efb\u4f55\u5ba2\u6237\u7aef\u8f6f\u4ef6\u3002 \u6784\u5efa\u5668\u6587\u4ef6 \u5305\u542b\u5bf9\u8c61\u5b58\u50a8\u7528\u4e8e\u91cd\u65b0\u914d\u7f6e\u73af\u6216\u5728\u53d1\u751f\u4e25\u91cd\u6545\u969c\u540e\u4ece\u5934\u5f00\u59cb\u91cd\u65b0\u521b\u5efa\u73af\u7684\u914d\u7f6e\u4fe1\u606f\u3002 \u6269\u5c55 \u5728\u4e3b\u73af\u5883\u8d44\u6e90\u53d7\u9650\u65f6\uff0c\u5229\u7528\u8f85\u52a9\u73af\u5883\u6309\u9700\u5f39\u6027\u6784\u5efa\u5b9e\u4f8b\u7684\u505a\u6cd5\u3002 \u6309\u94ae\u7c7b \u5730\u5e73\u7ebf\u4e2d\u7684\u4e00\u7ec4\u76f8\u5173\u6309\u94ae\u7c7b\u578b\u3002\u7528\u4e8e\u542f\u52a8\u3001\u505c\u6b62\u548c\u6302\u8d77 VM \u7684\u6309\u94ae\u4f4d\u4e8e\u4e00\u4e2a\u7c7b\u4e2d\u3002\u7528\u4e8e\u5173\u8054\u548c\u53d6\u6d88\u5173\u8054\u6d6e\u52a8 IP \u5730\u5740\u7684\u6309\u94ae\u4f4d\u4e8e\u53e6\u4e00\u4e2a\u7c7b\u4e2d\uff0c\u4f9d\u6b64\u7c7b\u63a8\u3002 \u5b57\u8282 \u6784\u6210\u5355\u4e2a\u5b57\u7b26\u7684\u4f4d\u96c6;\u4e00\u4e2a\u5b57\u8282\u901a\u5e38\u6709 8 \u4f4d\u3002","title":"B"},{"location":"security/security-guide/#c","text":"\u7f13\u5b58\u4fee\u526a\u5668 \u5c06\u6620\u50cf\u670d\u52a1\u865a\u62df\u673a\u6620\u50cf\u7f13\u5b58\u4fdd\u6301\u5728\u6216\u4f4e\u4e8e\u5176\u914d\u7f6e\u7684\u6700\u5927\u5927\u5c0f\u7684\u7a0b\u5e8f\u3002 Cactus 2011 \u5e74\u6625\u5b63\u53d1\u5e03\u7684 OpenStack \u9879\u76ee\u5206\u7ec4\u7248\u672c\u3002\u5b83\u5305\u62ec\u8ba1\u7b97 \uff08nova\uff09\u3001\u5bf9\u8c61\u5b58\u50a8 \uff08swift\uff09 \u548c\u56fe\u50cf\u670d\u52a1 \uff08glance\uff09\u3002Cactus \u662f\u7f8e\u56fd\u5fb7\u514b\u8428\u65af\u5dde\u7684\u4e00\u4e2a\u57ce\u5e02\uff0c\u662f OpenStack \u7b2c\u4e09\u4e2a\u7248\u672c\u7684\u4ee3\u53f7\u3002\u5f53OpenStack\u7248\u672c\u4ece3\u4e2a\u6708\u5ef6\u957f\u52306\u4e2a\u6708\u65f6\uff0c\u8be5\u7248\u672c\u7684\u4ee3\u53f7\u53d1\u751f\u4e86\u53d8\u5316\uff0c\u4ee5\u5339\u914d\u6700\u63a5\u8fd1\u4e0a\u4e00\u6b21\u5cf0\u4f1a\u7684\u5730\u7406\u4f4d\u7f6e\u3002 \u8c03\u7528 OpenStack \u6d88\u606f\u961f\u5217\u8f6f\u4ef6\u4f7f\u7528\u7684 RPC \u539f\u8bed\u4e4b\u4e00\u3002\u53d1\u9001\u6d88\u606f\u5e76\u7b49\u5f85\u54cd\u5e94\u3002 \u80fd\u529b \u5b9a\u4e49\u5355\u5143\u7684\u8d44\u6e90\uff0c\u5305\u62ec CPU\u3001\u5b58\u50a8\u548c\u7f51\u7edc\u3002\u53ef\u4ee5\u5e94\u7528\u4e8e\u4e00\u4e2a\u5355\u5143\u6216\u6574\u4e2a\u5355\u5143\u5185\u7684\u7279\u5b9a\u670d\u52a1\u3002 \u5bb9\u91cf\u7f13\u5b58 \u8ba1\u7b97\u540e\u7aef\u6570\u636e\u5e93\u8868\uff0c\u5176\u4e2d\u5305\u542b\u5f53\u524d\u5de5\u4f5c\u8d1f\u8f7d\u3001\u53ef\u7528 RAM \u91cf\u4ee5\u53ca\u6bcf\u4e2a\u4e3b\u673a\u4e0a\u8fd0\u884c\u7684 VM \u6570\u3002\u7528\u4e8e\u786e\u5b9a VM \u5728\u54ea\u4e2a\u4e3b\u673a\u4e0a\u542f\u52a8\u3002 \u5bb9\u91cf\u66f4\u65b0\u7a0b\u5e8f \u76d1\u89c6 VM \u5b9e\u4f8b\u5e76\u6839\u636e\u9700\u8981\u66f4\u65b0\u5bb9\u91cf\u7f13\u5b58\u7684\u901a\u77e5\u9a71\u52a8\u7a0b\u5e8f\u3002 \u6295\u5c04 OpenStack \u6d88\u606f\u961f\u5217\u8f6f\u4ef6\u4f7f\u7528\u7684 RPC \u539f\u8bed\u4e4b\u4e00\u3002\u53d1\u9001\u6d88\u606f\uff0c\u4e0d\u7b49\u5f85\u54cd\u5e94\u3002 \u76ee\u5f55 \u7528\u6237\u5728\u4f7f\u7528 Identity \u670d\u52a1\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u540e\u53ef\u7528\u7684 API \u7aef\u70b9\u5217\u8868\u3002 \u76ee\u5f55\u670d\u52a1 \u4e00\u79cd\u8eab\u4efd\u670d\u52a1\uff0c\u5217\u51fa\u7528\u6237\u5728\u4f7f\u7528 Identity \u670d\u52a1\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u540e\u53ef\u7528\u7684 API \u7aef\u70b9\u3002 \u6d4b\u9ad8\u4eea OpenStack Telemetry \u670d\u52a1\u7684\u4e00\u90e8\u5206;\u6536\u96c6\u548c\u5b58\u50a8\u6765\u81ea\u5176\u4ed6 OpenStack \u670d\u52a1\u7684\u6307\u6807\u3002 \u5355\u5143\u683c \u5728\u5b50\u5173\u7cfb\u548c\u7236\u5173\u7cfb\u4e2d\u63d0\u4f9b\u8ba1\u7b97\u8d44\u6e90\u7684\u903b\u8f91\u5206\u533a\u3002\u5982\u679c\u7236\u5355\u5143\u65e0\u6cd5\u63d0\u4f9b\u8bf7\u6c42\u7684\u8d44\u6e90\uff0c\u5219\u8bf7\u6c42\u5c06\u4ece\u7236\u5355\u5143\u4f20\u9012\u5230\u5b50\u5355\u5143\u3002 \u5355\u5143\u683c\u8f6c\u53d1 \u4e00\u4e2a\u201c\u8ba1\u7b97\u201d\u9009\u9879\uff0c\u8be5\u9009\u9879\u4f7f\u7236\u5355\u5143\u80fd\u591f\u5728\u7236\u5355\u5143\u65e0\u6cd5\u63d0\u4f9b\u6240\u8bf7\u6c42\u7684\u8d44\u6e90\u65f6\u5c06\u8d44\u6e90\u8bf7\u6c42\u4f20\u9012\u7ed9\u5b50\u5355\u5143\u3002 \u5355\u5143\u683c\u7ba1\u7406\u5668 \u8ba1\u7b97\u7ec4\u4ef6\uff0c\u5176\u4e2d\u5305\u542b\u5355\u5143\u4e2d\u6bcf\u4e2a\u4e3b\u673a\u7684\u5f53\u524d\u529f\u80fd\u5217\u8868\uff0c\u5e76\u6839\u636e\u9700\u8981\u8def\u7531\u8bf7\u6c42\u3002 CentOS \u64cd\u4f5c\u7cfb\u7edf \u4e0e OpenStack \u517c\u5bb9\u7684 Linux \u53d1\u884c\u7248\u3002 Ceph \u51fd\u6570 \u53ef\u5927\u89c4\u6a21\u6269\u5c55\u7684\u5206\u5e03\u5f0f\u5b58\u50a8\u7cfb\u7edf\uff0c\u7531\u5bf9\u8c61\u5b58\u50a8\u3001\u5757\u5b58\u50a8\u548c\u517c\u5bb9 POSIX \u7684\u5206\u5e03\u5f0f\u6587\u4ef6\u7cfb\u7edf\u7ec4\u6210\u3002\u4e0eOpenStack\u517c\u5bb9\u3002 CephFS Ceph \u63d0\u4f9b\u7684\u7b26\u5408 POSIX \u6807\u51c6\u7684\u6587\u4ef6\u7cfb\u7edf\u3002 \u8bc1\u4e66\u9881\u53d1\u673a\u6784 \uff08CA\uff09 \u5728\u5bc6\u7801\u5b66\u4e2d\uff0c\u9881\u53d1\u6570\u5b57\u8bc1\u4e66\u7684\u5b9e\u4f53\u3002\u6570\u5b57\u8bc1\u4e66\u901a\u8fc7\u8bc1\u4e66\u7684\u6307\u5b9a\u4e3b\u4f53\u8bc1\u660e\u516c\u94a5\u7684\u6240\u6709\u6743\u3002\u8fd9\u4f7f\u5176\u4ed6\u4eba\uff08\u4f9d\u8d56\u65b9\uff09\u80fd\u591f\u4f9d\u8d56\u4e0e\u8ba4\u8bc1\u516c\u94a5\u76f8\u5bf9\u5e94\u7684\u79c1\u94a5\u6240\u505a\u7684\u7b7e\u540d\u6216\u65ad\u8a00\u3002\u5728\u8fd9\u79cd\u4fe1\u4efb\u5173\u7cfb\u6a21\u578b\u4e2d\uff0cCA \u662f\u8bc1\u4e66\u4e3b\u4f53\uff08\u6240\u6709\u8005\uff09\u548c\u4f9d\u8d56\u8bc1\u4e66\u7684\u4e00\u65b9\u7684\u53d7\u4fe1\u4efb\u7b2c\u4e09\u65b9\u3002CA \u662f\u8bb8\u591a\u516c\u94a5\u57fa\u7840\u7ed3\u6784 \uff08PKI\uff09 \u65b9\u6848\u7684\u7279\u5f81\u3002\u5728 OpenStack \u4e2d\uff0cCompute \u4e3a cloudpipe VPN \u548c VM \u6620\u50cf\u89e3\u5bc6\u63d0\u4f9b\u4e86\u4e00\u4e2a\u7b80\u5355\u7684\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u3002 \u6311\u6218\u63e1\u624b\u8eab\u4efd\u9a8c\u8bc1\u534f\u8bae \uff08CHAP\uff09 \u8ba1\u7b97\u652f\u6301\u7684 iSCSI \u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u3002 \u673a\u4f1a\u8c03\u5ea6\u5668 \u8ba1\u7b97\u4f7f\u7528\u7684\u4e00\u79cd\u8ba1\u5212\u65b9\u6cd5\uff0c\u7528\u4e8e\u4ece\u6c60\u4e2d\u968f\u673a\u9009\u62e9\u53ef\u7528\u4e3b\u673a\u3002 \u81ea\u4e0a\u6b21\u66f4\u6539\u4ee5\u6765 \u4e00\u4e2a\u8ba1\u7b97 API \u53c2\u6570\uff0c\u8be5\u53c2\u6570\u5141\u8bb8\u4e0b\u8f7d\u81ea\u4e0a\u6b21\u8bf7\u6c42\u4ee5\u6765\u5bf9\u6240\u8bf7\u6c42\u9879\u7684\u66f4\u6539\uff0c\u800c\u4e0d\u662f\u4e0b\u8f7d\u4e00\u7ec4\u65b0\u7684\u6570\u636e\u5e76\u5c06\u5176\u4e0e\u65e7\u6570\u636e\u8fdb\u884c\u6bd4\u8f83\u3002 Chef \u652f\u6301 OpenStack \u90e8\u7f72\u7684\u64cd\u4f5c\u7cfb\u7edf\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\u3002 \u5b50\u5355\u5143\u683c \u5982\u679c\u8bf7\u6c42\u7684\u8d44\u6e90\uff08\u5982 CPU \u65f6\u95f4\u3001\u78c1\u76d8\u5b58\u50a8\u6216\u5185\u5b58\uff09\u5728\u7236\u5355\u5143\u4e2d\u4e0d\u53ef\u7528\uff0c\u5219\u8be5\u8bf7\u6c42\u5c06\u8f6c\u53d1\u5230\u5176\u5173\u8054\u7684\u5b50\u5355\u5143\u3002\u5982\u679c\u5b50\u5355\u5143\u53ef\u4ee5\u6ee1\u8db3\u8bf7\u6c42\uff0c\u5219\u5b83\u786e\u5b9e\u53ef\u4ee5\u3002\u5426\u5219\uff0c\u5b83\u4f1a\u5c1d\u8bd5\u5c06\u8bf7\u6c42\u4f20\u9012\u7ed9\u5176\u4efb\u4f55\u5b50\u7ea7\u3002 cinder \u5757\u5b58\u50a8\u670d\u52a1\u7684\u4ee3\u53f7\u3002 CirrOS \u4e00\u4e2a\u6700\u5c0f\u7684 Linux \u53d1\u884c\u7248\uff0c\u8bbe\u8ba1\u7528\u4f5c\u4e91\uff08\u5982 OpenStack\uff09\u4e0a\u7684\u6d4b\u8bd5\u6620\u50cf\u3002 Cisco neutron \u63d2\u4ef6 \u9002\u7528\u4e8e Cisco \u8bbe\u5907\u548c\u6280\u672f\uff08\u5305\u62ec UCS \u548c Nexus\uff09\u7684\u7f51\u7edc\u63d2\u4ef6\u3002 \u4e91\u67b6\u6784\u5e08 \u8ba1\u5212\u3001\u8bbe\u8ba1\u548c\u76d1\u7763\u4e91\u521b\u5efa\u7684\u4eba\u3002 \u4e91\u5ba1\u8ba1\u6570\u636e\u8054\u90a6 \uff08CADF\uff09 Cloud Auditing Data Federation \uff08CADF\uff09 \u662f\u7528\u4e8e\u5ba1\u6838\u4e8b\u4ef6\u6570\u636e\u7684\u89c4\u8303\u3002CADF \u53d7 OpenStack Identity \u652f\u6301\u3002 \u4e91\u8ba1\u7b97 \u4e00\u79cd\u6a21\u578b\uff0c\u652f\u6301\u8bbf\u95ee\u53ef\u914d\u7f6e\u8ba1\u7b97\u8d44\u6e90\uff08\u5982\u7f51\u7edc\u3001\u670d\u52a1\u5668\u3001\u5b58\u50a8\u3001\u5e94\u7528\u7a0b\u5e8f\u548c\u670d\u52a1\uff09\u7684\u5171\u4eab\u6c60\uff0c\u8fd9\u4e9b\u8d44\u6e90\u53ef\u4ee5\u5feb\u901f\u914d\u7f6e\u548c\u53d1\u5e03\uff0c\u53ea\u9700\u6700\u5c11\u7684\u7ba1\u7406\u5de5\u4f5c\u6216\u670d\u52a1\u63d0\u4f9b\u5546\u4ea4\u4e92\u3002 \u4e91\u8ba1\u7b97\u57fa\u7840\u8bbe\u65bd \u652f\u6301\u4e91\u8ba1\u7b97\u6a21\u578b\u7684\u8ba1\u7b97\u8981\u6c42\u6240\u9700\u7684\u786c\u4ef6\u548c\u8f6f\u4ef6\u7ec4\u4ef6\uff0c\u4f8b\u5982\u670d\u52a1\u5668\u3001\u5b58\u50a8\u3001\u7f51\u7edc\u548c\u865a\u62df\u5316\u8f6f\u4ef6\u3002 \u4e91\u8ba1\u7b97\u5e73\u53f0\u8f6f\u4ef6 \u901a\u8fc7\u4e92\u8054\u7f51\u63d0\u4f9b\u4e0d\u540c\u7684\u670d\u52a1\u3002\u8fd9\u4e9b\u8d44\u6e90\u5305\u62ec\u6570\u636e\u5b58\u50a8\u3001\u670d\u52a1\u5668\u3001\u6570\u636e\u5e93\u3001\u7f51\u7edc\u548c\u8f6f\u4ef6\u7b49\u5de5\u5177\u548c\u5e94\u7528\u7a0b\u5e8f\u3002\u53ea\u8981\u7535\u5b50\u8bbe\u5907\u53ef\u4ee5\u8bbf\u95ee\u7f51\u7edc\uff0c\u5b83\u5c31\u53ef\u4ee5\u8bbf\u95ee\u6570\u636e\u548c\u8fd0\u884c\u5b83\u7684\u8f6f\u4ef6\u7a0b\u5e8f\u3002 \u4e91\u8ba1\u7b97\u670d\u52a1\u67b6\u6784 \u4e91\u670d\u52a1\u4f53\u7cfb\u7ed3\u6784\u5b9a\u4e49\u4e86\u5728\u4f01\u4e1a\u4e1a\u52a1\u7f51\u7edc\u8fb9\u754c\u5185\u548c\u8de8\u4f01\u4e1a\u4e1a\u52a1\u7f51\u7edc\u8fb9\u754c\u5b9e\u65bd\u7684\u6574\u4f53\u4e91\u8ba1\u7b97\u670d\u52a1\u548c\u89e3\u51b3\u65b9\u6848\u3002\u8003\u8651\u6838\u5fc3\u4e1a\u52a1\u9700\u6c42\uff0c\u5e76\u5c06\u5176\u4e0e\u53ef\u80fd\u7684\u4e91\u89e3\u51b3\u65b9\u6848\u76f8\u5339\u914d\u3002 \u4e91\u63a7\u5236\u5668 \u8868\u793a\u4e91\u5168\u5c40\u72b6\u6001\u7684\u8ba1\u7b97\u7ec4\u4ef6\u7684\u96c6\u5408;\u901a\u8fc7\u961f\u5217\u4e0e\u670d\u52a1\uff08\u4f8b\u5982\u8eab\u4efd\u8ba4\u8bc1\u3001\u5bf9\u8c61\u5b58\u50a8\u548c\u8282\u70b9/\u5b58\u50a8\u5de5\u4f5c\u7ebf\u7a0b\uff09\u8fdb\u884c\u901a\u4fe1\u3002 \u4e91\u63a7\u5236\u5668\u8282\u70b9 \u8fd0\u884c\u7f51\u7edc\u3001\u5377\u3001API\u3001\u8c03\u5ea6\u7a0b\u5e8f\u548c\u6620\u50cf\u670d\u52a1\u7684\u8282\u70b9\u3002\u6bcf\u4e2a\u670d\u52a1\u90fd\u53ef\u4ee5\u5206\u89e3\u4e3a\u5355\u72ec\u7684\u8282\u70b9\uff0c\u4ee5\u5b9e\u73b0\u53ef\u4f38\u7f29\u6027\u6216\u53ef\u7528\u6027\u3002 \u4e91\u6570\u636e\u7ba1\u7406\u63a5\u53e3\uff08CDMI\uff09 SINA\u6807\u51c6\u5b9a\u4e49\u4e86\u4e00\u4e2aRESTful API\uff0c\u7528\u4e8e\u7ba1\u7406\u4e91\u4e2d\u7684\u5bf9\u8c61\uff0c\u76ee\u524d\u5728OpenStack\u4e2d\u4e0d\u53d7\u652f\u6301\u3002 \u4e91\u57fa\u7840\u8bbe\u65bd\u7ba1\u7406\u63a5\u53e3\uff08CIMI\uff09 \u6b63\u5728\u8fdb\u884c\u7684\u4e91\u7ba1\u7406\u89c4\u8303\u3002\u76ee\u524d\u5728 OpenStack \u4e2d\u4e0d\u53d7\u652f\u6301\u3002 \u4e91\u6280\u672f \u4e91\u662f\u7531\u7ba1\u7406\u548c\u81ea\u52a8\u5316\u8f6f\u4ef6\u7f16\u6392\u7684\u865a\u62df\u6e90\u5de5\u5177\u3002\u8fd9\u5305\u62ec\u539f\u59cb\u5904\u7406\u80fd\u529b\u3001\u5185\u5b58\u3001\u7f51\u7edc\u3001\u57fa\u4e8e\u4e91\u7684\u5e94\u7528\u7a0b\u5e8f\u7684\u5b58\u50a8\u3002 cloud-init \u51fd\u6570 \u901a\u5e38\u5b89\u88c5\u5728 VM \u6620\u50cf\u4e2d\u7684\u5305\uff0c\u7528\u4e8e\u5728\u542f\u52a8\u540e\u4f7f\u7528\u4ece\u5143\u6570\u636e\u670d\u52a1\u68c0\u7d22\u5230\u7684\u4fe1\u606f\uff08\u5982 SSH \u516c\u94a5\u548c\u7528\u6237\u6570\u636e\uff09\u6267\u884c\u5b9e\u4f8b\u7684\u521d\u59cb\u5316\u3002 cloudadmin \u8ba1\u7b97 RBAC \u7cfb\u7edf\u4e2d\u7684\u9ed8\u8ba4\u89d2\u8272\u4e4b\u4e00\u3002\u6388\u4e88\u5b8c\u6574\u7684\u7cfb\u7edf\u8bbf\u95ee\u6743\u9650\u3002 Cloudbase-\u521d\u59cb\u5316 \u63d0\u4f9b\u6765\u5bbe\u521d\u59cb\u5316\u529f\u80fd\u7684 Windows \u9879\u76ee\uff0c\u7c7b\u4f3c\u4e8e cloud-init\u3002 cloudpipe \u4e00\u79cd\u57fa\u4e8e\u6bcf\u4e2a\u9879\u76ee\u521b\u5efa VPN \u7684\u8ba1\u7b97\u670d\u52a1\u3002 CloudPipe \u955c\u50cf \u4f5c\u4e3a cloudpipe \u670d\u52a1\u5668\u7684\u9884\u5236 VM \u955c\u50cf\u3002\u4ece\u672c\u8d28\u4e0a\u8bb2\uff0cOpenVPN\u8fd0\u884c\u5728Linux\u4e0a\u3002 \u96c6\u7fa4\u670d\u52a1\uff08senlin\uff09 \u5b9e\u73b0\u96c6\u7fa4\u670d\u52a1\u548c\u5e93\u7684\u9879\u76ee\uff0c\u7528\u4e8e\u7ba1\u7406\u7531\u5176\u4ed6 OpenStack \u670d\u52a1\u516c\u5f00\u7684\u540c\u6784\u5bf9\u8c61\u7ec4\u3002 \u547d\u4ee4\u8fc7\u6ee4\u5668 \u5217\u51fa\u8ba1\u7b97 rootwrap \u5de5\u5177\u4e2d\u5141\u8bb8\u7684\u547d\u4ee4\u3002 \u547d\u4ee4\u884c\u754c\u9762 \uff08CLI\uff09 \u4e00\u4e2a\u57fa\u4e8e\u6587\u672c\u7684\u5ba2\u6237\u7aef\uff0c\u53ef\u5e2e\u52a9\u60a8\u521b\u5efa\u811a\u672c\u4ee5\u4e0e OpenStack \u4e91\u8fdb\u884c\u4ea4\u4e92\u3002 \u901a\u7528 Internet \u6587\u4ef6\u7cfb\u7edf \uff08CIFS\uff09 \u6587\u4ef6\u5171\u4eab\u534f\u8bae\u3002\u5b83\u662f Microsoft \u5f00\u53d1\u548c\u4f7f\u7528\u7684\u539f\u59cb\u670d\u52a1\u5668\u6d88\u606f\u5757 \uff08SMB\uff09 \u534f\u8bae\u7684\u516c\u5171\u6216\u5f00\u653e\u53d8\u4f53\u3002\u4e0e SMB \u534f\u8bae\u4e00\u6837\uff0c CIFS \u5728\u66f4\u9ad8\u7ea7\u522b\u8fd0\u884c\u5e76\u4f7f\u7528 TCP/IP \u534f\u8bae\u3002 \u516c\u5171\u5e93 \uff08oslo\uff09 \u751f\u6210\u4e00\u7ec4 python \u5e93\u7684\u9879\u76ee\uff0c\u5176\u4e2d\u5305\u542b OpenStack \u9879\u76ee\u5171\u4eab\u7684\u4ee3\u7801\u3002\u8fd9\u4e9b\u5e93\u63d0\u4f9b\u7684 API \u5e94\u8be5\u662f\u9ad8\u8d28\u91cf\u3001\u7a33\u5b9a\u3001\u4e00\u81f4\u3001\u6709\u6587\u6863\u8bb0\u5f55\u7684\u548c\u666e\u904d\u9002\u7528\u7684\u3002 \u793e\u533a\u9879\u76ee \u4e00\u4e2a\u6ca1\u6709\u5f97\u5230OpenStack\u6280\u672f\u59d4\u5458\u4f1a\u6b63\u5f0f\u8ba4\u53ef\u7684\u9879\u76ee\u3002\u5982\u679c\u9879\u76ee\u8db3\u591f\u6210\u529f\uff0c\u5b83\u53ef\u80fd\u4f1a\u88ab\u63d0\u5347\u4e3a\u5b75\u5316\u9879\u76ee\uff0c\u7136\u540e\u88ab\u63d0\u5347\u4e3a\u6838\u5fc3\u9879\u76ee\uff0c\u6216\u8005\u5b83\u53ef\u80fd\u4e0e\u4e3b\u4ee3\u7801\u4e3b\u5e72\u5408\u5e76\u3002 \u538b\u7f29 \u901a\u8fc7\u7279\u6b8a\u7f16\u7801\u51cf\u5c0f\u6587\u4ef6\u5927\u5c0f\uff0c\u6587\u4ef6\u53ef\u4ee5\u518d\u6b21\u89e3\u538b\u7f29\u4e3a\u539f\u59cb\u5185\u5bb9\u3002OpenStack \u652f\u6301 Linux \u6587\u4ef6\u7cfb\u7edf\u7ea7\u522b\u7684\u538b\u7f29\uff0c\u4f46\u4e0d\u652f\u6301\u5bf9\u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61\u6216\u955c\u50cf\u670d\u52a1\u865a\u62df\u673a\u6620\u50cf\u7b49\u5185\u5bb9\u8fdb\u884c\u538b\u7f29\u3002 \u8ba1\u7b97 API \uff08nova API\uff09 nova-api \u5b88\u62a4\u7a0b\u5e8f\u63d0\u4f9b\u5bf9 nova \u670d\u52a1\u7684\u8bbf\u95ee\u3002\u53ef\u4ee5\u4e0e\u5176\u4ed6 API \u901a\u4fe1\uff0c\u4f8b\u5982 Amazon EC2 API\u3002 \u8ba1\u7b97\u63a7\u5236\u5668 \u8ba1\u7b97\u7ec4\u4ef6\uff0c\u7528\u4e8e\u9009\u62e9\u8981\u5728\u5176\u4e0a\u542f\u52a8 VM \u5b9e\u4f8b\u7684\u5408\u9002\u4e3b\u673a\u3002 \u8ba1\u7b97\u4e3b\u673a \u4e13\u7528\u4e8e\u8fd0\u884c\u8ba1\u7b97\u8282\u70b9\u7684\u7269\u7406\u4e3b\u673a\u3002 \u8ba1\u7b97\u8282\u70b9 \u8fd0\u884c nova-compute \u5b88\u62a4\u7a0b\u5e8f\u7684\u8282\u70b9\uff0c\u8be5\u5b88\u62a4\u7a0b\u5e8f\u7ba1\u7406\u63d0\u4f9b\u5404\u79cd\u670d\u52a1\uff08\u5982 Web \u5e94\u7528\u7a0b\u5e8f\u548c\u5206\u6790\uff09\u7684 VM \u5b9e\u4f8b\u3002 \u8ba1\u7b97\u670d\u52a1 \uff08nova\uff09 OpenStack \u6838\u5fc3\u9879\u76ee\uff0c\u7528\u4e8e\u5b9e\u73b0\u670d\u52a1\u548c\u76f8\u5173\u5e93\uff0c\u4ee5\u63d0\u4f9b\u5bf9\u8ba1\u7b97\u8d44\u6e90\uff08\u5305\u62ec\u88f8\u673a\u3001\u865a\u62df\u673a\u548c\u5bb9\u5668\uff09\u7684\u5927\u89c4\u6a21\u53ef\u6269\u5c55\u3001\u6309\u9700\u3001\u81ea\u52a9\u8bbf\u95ee\u3002 \u8ba1\u7b97\u5de5\u4f5c\u8fdb\u7a0b \u5728\u6bcf\u4e2a\u8ba1\u7b97\u8282\u70b9\u4e0a\u8fd0\u884c\u5e76\u7ba1\u7406 VM \u5b9e\u4f8b\u751f\u547d\u5468\u671f\u7684\u8ba1\u7b97\u7ec4\u4ef6\uff0c\u5305\u62ec\u8fd0\u884c\u3001\u91cd\u65b0\u542f\u52a8\u3001\u7ec8\u6b62\u3001\u9644\u52a0/\u5206\u79bb\u5377\u7b49\u3002\u7531 nova-compute \u5b88\u62a4\u7a0b\u5e8f\u63d0\u4f9b\u3002 \u4e32\u8054\u5bf9\u8c61 \u5bf9\u8c61\u5b58\u50a8\u7ec4\u5408\u5e76\u53d1\u9001\u5230\u5ba2\u6237\u7aef\u7684\u4e00\u7ec4\u5206\u6bb5\u5bf9\u8c61\u3002 \u5bfc\u4f53 \u5728\u8ba1\u7b97\u4e2d\uff0cconductor \u662f\u4ee3\u7406\u6765\u81ea\u8ba1\u7b97\u8fdb\u7a0b\u7684\u6570\u636e\u5e93\u8bf7\u6c42\u7684\u8fdb\u7a0b\u3002\u4f7f\u7528 conductor \u53ef\u4ee5\u63d0\u9ad8\u5b89\u5168\u6027\uff0c\u56e0\u4e3a\u8ba1\u7b97\u8282\u70b9\u4e0d\u9700\u8981\u76f4\u63a5\u8bbf\u95ee\u6570\u636e\u5e93\u3002 congress \u6cbb\u7406\u670d\u52a1\u7684\u4ee3\u7801\u540d\u79f0\u3002 \u4e00\u81f4\u6027\u7a97\u53e3 \u6240\u6709\u5ba2\u6237\u7aef\u90fd\u53ef\u4ee5\u8bbf\u95ee\u65b0\u7684\u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61\u6240\u9700\u7684\u65f6\u95f4\u3002 \u63a7\u5236\u53f0\u65e5\u5fd7 \u5305\u542b\u8ba1\u7b97\u4e2d Linux VM \u63a7\u5236\u53f0\u7684\u8f93\u51fa\u3002 \u5bb9\u5668 \u5728\u5bf9\u8c61\u5b58\u50a8\u4e2d\u7ec4\u7ec7\u548c\u5b58\u50a8\u5bf9\u8c61\u3002\u7c7b\u4f3c\u4e8e Linux \u76ee\u5f55\u7684\u6982\u5ff5\uff0c\u4f46\u4e0d\u80fd\u5d4c\u5957\u3002\u5f71\u50cf\u670d\u52a1\u5bb9\u5668\u683c\u5f0f\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u5bb9\u5668\u5ba1\u6838\u5458 \u901a\u8fc7\u5bf9 SQLite \u540e\u7aef\u6570\u636e\u5e93\u7684\u67e5\u8be2\uff0c\u68c0\u67e5\u6307\u5b9a\u5bf9\u8c61\u5b58\u50a8\u5bb9\u5668\u4e2d\u7f3a\u5c11\u526f\u672c\u6216\u4e0d\u6b63\u786e\u7684\u5bf9\u8c61\u3002 \u5bb9\u5668\u6570\u636e\u5e93 \u5b58\u50a8\u5bf9\u8c61\u5b58\u50a8\u5bb9\u5668\u548c\u5bb9\u5668\u5143\u6570\u636e\u7684 SQLite \u6570\u636e\u5e93\u3002\u5bb9\u5668\u670d\u52a1\u5668\u8bbf\u95ee\u6b64\u6570\u636e\u5e93\u3002 \u5bb9\u5668\u683c\u5f0f \u6620\u50cf\u670d\u52a1\u4f7f\u7528\u7684\u5305\u88c5\u5668\uff0c\u5176\u4e2d\u5305\u542b VM \u6620\u50cf\u53ca\u5176\u5173\u8054\u7684\u5143\u6570\u636e\uff0c\u4f8b\u5982\u8ba1\u7b97\u673a\u72b6\u6001\u3001OS \u78c1\u76d8\u5927\u5c0f\u7b49\u3002 \u5bb9\u5668\u57fa\u7840\u8bbe\u65bd\u7ba1\u7406\u670d\u52a1\uff08magnum\uff09 \u8be5\u9879\u76ee\u63d0\u4f9b\u4e00\u7ec4\u7528\u4e8e\u9884\u914d\u3001\u6269\u5c55\u548c\u7ba1\u7406\u5bb9\u5668\u7f16\u6392\u5f15\u64ce\u7684\u670d\u52a1\u3002 \u5bb9\u5668\u670d\u52a1\u5668 \u7ba1\u7406\u5bb9\u5668\u7684\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5668\u3002 \u5bb9\u5668\u670d\u52a1 \u63d0\u4f9b\u521b\u5efa\u3001\u5220\u9664\u3001\u5217\u8868\u7b49\u5bb9\u5668\u670d\u52a1\u7684\u5bf9\u8c61\u5b58\u50a8\u7ec4\u4ef6\u3002 \u5185\u5bb9\u5206\u53d1\u7f51\u7edc \uff08CDN\uff09 \u5185\u5bb9\u5206\u53d1\u7f51\u7edc\u662f\u7528\u4e8e\u5c06\u5185\u5bb9\u5206\u53d1\u5230\u5ba2\u6237\u7aef\u7684\u4e13\u7528\u7f51\u7edc\uff0c\u901a\u5e38\u4f4d\u4e8e\u5ba2\u6237\u7aef\u9644\u8fd1\u4ee5\u63d0\u9ad8\u6027\u80fd\u3002 \u6301\u7eed\u4ea4\u4ed8 \u4e00\u79cd\u8f6f\u4ef6\u5de5\u7a0b\u65b9\u6cd5\uff0c\u56e2\u961f\u5728\u77ed\u5468\u671f\u5185\u751f\u4ea7\u8f6f\u4ef6\uff0c\u786e\u4fdd\u8f6f\u4ef6\u53ef\u4ee5\u968f\u65f6\u53ef\u9760\u5730\u53d1\u5e03\uff0c\u5e76\u4e14\u5728\u53d1\u5e03\u8f6f\u4ef6\u65f6\u624b\u52a8\u53d1\u5e03\u3002 \u6301\u7eed\u90e8\u7f72 \u4e00\u79cd\u8f6f\u4ef6\u53d1\u5e03\u8fc7\u7a0b\uff0c\u8be5\u8fc7\u7a0b\u4f7f\u7528\u81ea\u52a8\u5316\u6d4b\u8bd5\u6765\u9a8c\u8bc1\u5bf9\u4ee3\u7801\u5e93\u7684\u66f4\u6539\u662f\u5426\u6b63\u786e\u4e14\u7a33\u5b9a\uff0c\u4ee5\u4fbf\u7acb\u5373\u81ea\u4e3b\u90e8\u7f72\u5230\u751f\u4ea7\u73af\u5883\u3002 \u6301\u7eed\u96c6\u6210 \u6bcf\u5929\u591a\u6b21\u5c06\u6240\u6709\u5f00\u53d1\u4eba\u5458\u7684\u5de5\u4f5c\u526f\u672c\u5408\u5e76\u5230\u5171\u4eab\u4e3b\u7ebf\u7684\u505a\u6cd5\u3002 \u63a7\u5236\u5668\u8282\u70b9 \u4e91\u63a7\u5236\u5668\u8282\u70b9\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u6838\u5fc3 API \u6839\u636e\u4e0a\u4e0b\u6587\uff0c\u6838\u5fc3 API \u53ef\u4ee5\u662f OpenStack API \u6216\u7279\u5b9a\u6838\u5fc3\u9879\u76ee\u7684\u4e3b API\uff0c\u4f8b\u5982\u8ba1\u7b97\u3001\u7f51\u7edc\u3001\u6620\u50cf\u670d\u52a1\u7b49\u3002 \u6838\u5fc3\u670d\u52a1 \u7531 Interop \u5de5\u4f5c\u7ec4\u5b9a\u4e49\u4e3a\u6838\u5fc3\u7684\u5b98\u65b9 OpenStack \u670d\u52a1\u3002\u76ee\u524d\u7531\u5757\u5b58\u50a8\u670d\u52a1\uff08cinder\uff09\u3001\u8ba1\u7b97\u670d\u52a1\uff08nova\uff09\u3001\u8eab\u4efd\u670d\u52a1\uff08keystone\uff09\u3001\u955c\u50cf\u670d\u52a1\uff08glance\uff09\u3001\u7f51\u7edc\u670d\u52a1\uff08neutron\uff09\u548c\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff08swift\uff09\u7ec4\u6210\u3002 \u6210\u672c \u5728\u8ba1\u7b97\u5206\u5e03\u5f0f\u8ba1\u5212\u7a0b\u5e8f\u4e0b\uff0c\u8fd9\u662f\u901a\u8fc7\u67e5\u770b\u6bcf\u4e2a\u4e3b\u673a\u76f8\u5bf9\u4e8e\u6240\u8bf7\u6c42\u7684 VM \u5b9e\u4f8b\u7684\u98ce\u683c\u7684\u529f\u80fd\u6765\u8ba1\u7b97\u7684\u3002 \u51ed\u8bc1 \u53ea\u6709\u7528\u6237\u77e5\u9053\u6216\u53ef\u8bbf\u95ee\u7684\u6570\u636e\uff0c\u7528\u4e8e\u9a8c\u8bc1\u7528\u6237\u662f\u5426\u662f\u4ed6\u6240\u8bf4\u7684\u4eba\u3002\u5728\u8eab\u4efd\u9a8c\u8bc1\u671f\u95f4\uff0c\u5c06\u51ed\u636e\u63d0\u4f9b\u7ed9\u670d\u52a1\u5668\u3002\u793a\u4f8b\u5305\u62ec\u5bc6\u7801\u3001\u5bc6\u94a5\u3001\u6570\u5b57\u8bc1\u4e66\u548c\u6307\u7eb9\u3002 CRL \u51fd\u6570 PKI \u6a21\u578b\u4e2d\u7684\u8bc1\u4e66\u540a\u9500\u5217\u8868 \uff08CRL\uff09 \u662f\u5df2\u540a\u9500\u7684\u8bc1\u4e66\u5217\u8868\u3002\u4e0d\u5e94\u4fe1\u4efb\u63d0\u4f9b\u8fd9\u4e9b\u8bc1\u4e66\u7684\u6700\u7ec8\u5b9e\u4f53\u3002 \u8de8\u57df\u8d44\u6e90\u5171\u4eab \uff08CORS\uff09 \u4e00\u79cd\u673a\u5236\uff0c\u5141\u8bb8\u4ece\u8d44\u6e90\u6765\u6e90\u57df\u4e4b\u5916\u7684\u53e6\u4e00\u4e2a\u57df\u8bf7\u6c42\u7f51\u9875\u4e0a\u7684\u8bb8\u591a\u8d44\u6e90\uff08\u4f8b\u5982\uff0c\u5b57\u4f53\u3001JavaScript\uff09\u3002\u7279\u522b\u662f\uff0cJavaScript \u7684 AJAX \u8c03\u7528\u53ef\u4ee5\u4f7f\u7528 XMLHttpRequest \u673a\u5236\u3002 Crowbar SUSE \u7684\u5f00\u6e90\u793e\u533a\u9879\u76ee\uff0c\u65e8\u5728\u63d0\u4f9b\u6240\u6709\u5fc5\u8981\u7684\u670d\u52a1\uff0c\u4ee5\u5feb\u901f\u90e8\u7f72\u548c\u7ba1\u7406\u4e91\u3002 \u5f53\u524d\u5de5\u4f5c\u8d1f\u8f7d \u8ba1\u7b97\u5bb9\u91cf\u7f13\u5b58\u7684\u4e00\u4e2a\u5143\u7d20\uff0c\u6839\u636e\u7ed9\u5b9a\u4e3b\u673a\u4e0a\u5f53\u524d\u6b63\u5728\u8fdb\u884c\u7684\u751f\u6210\u3001\u5feb\u7167\u3001\u8fc1\u79fb\u548c\u8c03\u6574\u5927\u5c0f\u64cd\u4f5c\u7684\u6570\u91cf\u8fdb\u884c\u8ba1\u7b97\u3002 \u5ba2\u6237 \u9879\u76ee\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u81ea\u5b9a\u4e49\u6a21\u5757 \u7528\u6237\u521b\u5efa\u7684 Python \u6a21\u5757\uff0c\u7531 horizon \u52a0\u8f7d\uff0c\u7528\u4e8e\u66f4\u6539\u4eea\u8868\u677f\u7684\u5916\u89c2\u3002","title":"C"},{"location":"security/security-guide/#d","text":"\u5b88\u62a4\u8fdb\u7a0b \u5728\u540e\u53f0\u8fd0\u884c\u5e76\u7b49\u5f85\u8bf7\u6c42\u7684\u8fdb\u7a0b\u3002\u53ef\u80fd\u4fa6\u542c\u4e5f\u53ef\u80fd\u4e0d\u4fa6\u542c TCP \u6216 UDP \u7aef\u53e3\u3002\u4e0d\u8981\u4e0e\u5de5\u4eba\u6df7\u6dc6\u3002 \u4eea\u8868\u677f\uff08horizon\uff09 OpenStack \u9879\u76ee\uff0c\u4e3a\u6240\u6709 OpenStack \u670d\u52a1\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7edf\u4e00\u7684\u3001\u57fa\u4e8e Web \u7684\u7528\u6237\u754c\u9762\u3002 \u6570\u636e\u52a0\u5bc6 \u955c\u50cf\u670d\u52a1\u548c\u8ba1\u7b97\u90fd\u652f\u6301\u52a0\u5bc6\u7684\u865a\u62df\u673a \uff08VM\uff09 \u955c\u50cf\uff08\u4f46\u4e0d\u652f\u6301\u5b9e\u4f8b\uff09\u3002OpenStack \u652f\u6301\u4f7f\u7528 HTTPS\u3001SSL\u3001TLS \u548c SSH \u7b49\u6280\u672f\u8fdb\u884c\u4f20\u8f93\u4e2d\u6570\u636e\u52a0\u5bc6\u3002\u5bf9\u8c61\u5b58\u50a8\u4e0d\u652f\u6301\u5e94\u7528\u7a0b\u5e8f\u7ea7\u522b\u7684\u5bf9\u8c61\u52a0\u5bc6\uff0c\u4f46\u53ef\u80fd\u652f\u6301\u4f7f\u7528\u78c1\u76d8\u52a0\u5bc6\u7684\u5b58\u50a8\u3002 \u6570\u636e\u4e22\u5931\u9632\u62a4\uff08DLP\uff09 \u8f6f\u4ef6 \u7528\u4e8e\u4fdd\u62a4\u654f\u611f\u4fe1\u606f\u5e76\u901a\u8fc7\u68c0\u6d4b\u548c\u62d2\u7edd\u6570\u636e\u4f20\u8f93\u6765\u9632\u6b62\u5176\u6cc4\u6f0f\u5230\u7f51\u7edc\u8fb9\u754c\u4e4b\u5916\u7684\u8f6f\u4ef6\u7a0b\u5e8f\u3002 \u6570\u636e\u5904\u7406\u670d\u52a1\uff08sahara\uff09 OpenStack \u9879\u76ee\uff0c\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u6570\u636e\u5904\u7406\u5806\u6808\u548c\u5173\u8054\u7684\u7ba1\u7406\u63a5\u53e3\u3002 \u6570\u636e\u5b58\u50a8 \u6570\u636e\u5e93\u670d\u52a1\u652f\u6301\u7684\u6570\u636e\u5e93\u5f15\u64ce\u3002 \u6570\u636e\u5e93 ID \u4e3a\u5bf9\u8c61\u5b58\u50a8\u6570\u636e\u5e93\u7684\u6bcf\u4e2a\u526f\u672c\u6307\u5b9a\u7684\u552f\u4e00 ID\u3002 \u6570\u636e\u5e93\u590d\u5236\u5668 \u4e00\u4e2a\u5bf9\u8c61\u5b58\u50a8\u7ec4\u4ef6\uff0c\u7528\u4e8e\u5c06\u5e10\u6237\u3001\u5bb9\u5668\u548c\u5bf9\u8c61\u6570\u636e\u5e93\u4e2d\u7684\u66f4\u6539\u590d\u5236\u5230\u5176\u4ed6\u8282\u70b9\u3002 \u6570\u636e\u5e93\u670d\u52a1\uff08trove\uff09 \u4e00\u4e2a\u96c6\u6210\u9879\u76ee\uff0c\u4e3a\u5173\u7cfb\u548c\u975e\u5173\u7cfb\u6570\u636e\u5e93\u5f15\u64ce\u63d0\u4f9b\u53ef\u6269\u5c55\u4e14\u53ef\u9760\u7684\u4e91\u6570\u636e\u5e93\u5373\u670d\u52a1\u529f\u80fd\u3002 \u89e3\u9664\u5206\u914d \u5220\u9664\u6d6e\u52a8 IP \u5730\u5740\u548c\u56fa\u5b9a IP \u5730\u5740\u4e4b\u95f4\u7684\u5173\u8054\u7684\u8fc7\u7a0b\u3002\u5220\u9664\u6b64\u5173\u8054\u540e\uff0c\u6d6e\u52a8 IP \u5c06\u8fd4\u56de\u5230\u5730\u5740\u6c60\u3002 Debian \u4e0e OpenStack \u517c\u5bb9\u7684 Linux \u53d1\u884c\u7248\u3002 \u91cd\u590d\u6570\u636e\u5220\u9664 \u5728\u78c1\u76d8\u5757\u3001\u6587\u4ef6\u548c/\u6216\u5bf9\u8c61\u7ea7\u522b\u67e5\u627e\u91cd\u590d\u6570\u636e\u4ee5\u6700\u5927\u7a0b\u5ea6\u5730\u51cf\u5c11\u5b58\u50a8\u4f7f\u7528\u7684\u8fc7\u7a0b - \u76ee\u524d\u5728 OpenStack \u4e2d\u4e0d\u53d7\u652f\u6301\u3002 \u9ed8\u8ba4\u9762\u677f \u7528\u6237\u8bbf\u95ee\u4eea\u8868\u677f\u65f6\u663e\u793a\u7684\u9ed8\u8ba4\u9762\u677f\u3002 \u9ed8\u8ba4\u9879\u76ee \u5982\u679c\u5728\u521b\u5efa\u7528\u6237\u65f6\u672a\u6307\u5b9a\u4efb\u4f55\u9879\u76ee\uff0c\u5219\u4f1a\u5c06\u65b0\u7528\u6237\u5206\u914d\u7ed9\u6b64\u9879\u76ee\u3002 \u9ed8\u8ba4\u4ee4\u724c \u4e00\u4e2a\u6807\u8bc6\u670d\u52a1\u4ee4\u724c\uff0c\u8be5\u4ee4\u724c\u4e0d\u4e0e\u7279\u5b9a\u9879\u76ee\u5173\u8054\uff0c\u5e76\u4ea4\u6362\u4e3a\u4f5c\u7528\u57df\u5185\u4ee4\u724c\u3002 \u5ef6\u8fdf\u5220\u9664 \u5f71\u50cf\u670d\u52a1\u4e2d\u7684\u4e00\u4e2a\u9009\u9879\uff0c\u7528\u4e8e\u5728\u9884\u5b9a\u4e49\u7684\u79d2\u6570\u540e\u5220\u9664\u5f71\u50cf\uff0c\u800c\u4e0d\u662f\u7acb\u5373\u5220\u9664\u5f71\u50cf\u3002 \u4ea4\u4ed8\u65b9\u5f0f Compute RabbitMQ\u6d88\u606f\u6295\u9012\u6a21\u5f0f\u7684\u8bbe\u7f6e;\u53ef\u4ee5\u8bbe\u7f6e\u4e3a\u77ac\u6001\u6216\u6301\u4e45\u6027\u3002 \u62d2\u7edd\u670d\u52a1 \uff08DoS\uff09 \u62d2\u7edd\u670d\u52a1 \uff08DoS\uff09 \u662f\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u7684\u7b80\u79f0\u3002\u8fd9\u662f\u963b\u6b62\u5408\u6cd5\u7528\u6237\u4f7f\u7528\u670d\u52a1\u7684\u6076\u610f\u5c1d\u8bd5\u3002 \u5df2\u5f03\u7528\u7684\u8eab\u4efd\u9a8c\u8bc1 \u8ba1\u7b97\u4e2d\u7684\u4e00\u4e2a\u9009\u9879\uff0c\u4f7f\u7ba1\u7406\u5458\u80fd\u591f\u901a\u8fc7 nova-manage \u547d\u4ee4\u521b\u5efa\u548c\u7ba1\u7406\u7528\u6237\uff0c\u800c\u4e0d\u662f\u4f7f\u7528\u6807\u8bc6\u670d\u52a1\u3002 \u6307\u5b9a DNS \u670d\u52a1\u7684\u4ee3\u53f7\u3002 \u684c\u9762\u5373\u670d\u52a1 \u4e00\u4e2a\u5e73\u53f0\uff0c\u5b83\u63d0\u4f9b\u4e86\u4e00\u5957\u684c\u9762\u73af\u5883\uff0c\u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95ee\u8fd9\u4e9b\u73af\u5883\u4ece\u4efb\u4f55\u4f4d\u7f6e\u63a5\u6536\u684c\u9762\u4f53\u9a8c\u3002\u8fd9\u53ef\u4ee5\u63d0\u4f9b\u901a\u7528\u3001\u5f00\u53d1\u751a\u81f3\u540c\u6784\u6d4b\u8bd5\u73af\u5883\u3002 \u5f00\u53d1\u8005 \u8ba1\u7b97 RBAC \u7cfb\u7edf\u4e2d\u7684\u9ed8\u8ba4\u89d2\u8272\u4e4b\u4e00\uff0c\u4e5f\u662f\u5206\u914d\u7ed9\u65b0\u7528\u6237\u7684\u9ed8\u8ba4\u89d2\u8272\u3002 \u8bbe\u5907 ID \u5c06\u5bf9\u8c61\u5b58\u50a8\u5206\u533a\u6620\u5c04\u5230\u7269\u7406\u5b58\u50a8\u8bbe\u5907\u3002 \u8bbe\u5907\u6743\u91cd \u6839\u636e\u6bcf\u4e2a\u8bbe\u5907\u7684\u5b58\u50a8\u5bb9\u91cf\uff0c\u5728\u5bf9\u8c61\u5b58\u50a8\u8bbe\u5907\u4e4b\u95f4\u6309\u6bd4\u4f8b\u5206\u914d\u5206\u533a\u3002 \u5f00\u53d1\u5806\u6808 \u4f7f\u7528 shell \u811a\u672c\u5feb\u901f\u6784\u5efa\u5b8c\u6574 OpenStack \u5f00\u53d1\u73af\u5883\u7684\u793e\u533a\u9879\u76ee\u3002 DHCP\u4ee3\u7406 \u4e3a\u865a\u62df\u7f51\u7edc\u63d0\u4f9b DHCP \u670d\u52a1\u7684 OpenStack Networking \u4ee3\u7406\u3002 Diablo 2011 \u5e74\u79cb\u5b63\u53d1\u5e03\u7684\u4e0e OpenStack \u76f8\u5173\u7684\u9879\u76ee\u7684\u5206\u7ec4\u7248\u672c\uff0c\u662f OpenStack \u7684\u7b2c\u56db\u4e2a\u7248\u672c\u3002\u5b83\u5305\u62ec\u8ba1\u7b97 \uff08nova 2011.3\uff09\u3001\u5bf9\u8c61\u5b58\u50a8 \uff08swift 1.4.3\uff09 \u548c\u955c\u50cf\u670d\u52a1 \uff08glance\uff09\u3002Diablo\u662fOpenStack\u7b2c\u56db\u4e2a\u7248\u672c\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u7f8e\u56fd\u52a0\u5229\u798f\u5c3c\u4e9a\u5dde\u5723\u514b\u62c9\u62c9\u9644\u8fd1\u7684\u6e7e\u533a\u4e3e\u884c\uff0cDiablo\u662f\u9644\u8fd1\u7684\u57ce\u5e02\u3002 \u76f4\u63a5\u6d88\u8d39\u8005 Compute RabbitMQ \u7684\u4e00\u4e2a\u5143\u7d20\uff0c\u5728\u6267\u884c RPC \u8c03\u7528\u65f6\u751f\u6548\u3002\u5b83\u901a\u8fc7\u552f\u4e00\u7684\u72ec\u5360\u961f\u5217\u8fde\u63a5\u5230\u76f4\u63a5\u4ea4\u6362\uff0c\u53d1\u9001\u6d88\u606f\uff0c\u7136\u540e\u7ec8\u6b62\u3002 \u76f4\u63a5\u4ea4\u6362 RPC \u8c03\u7528\u671f\u95f4\u5728 Compute RabbitMQ \u4e2d\u521b\u5efa\u7684\u8def\u7531\u8868;\u4e3a\u6bcf\u4e2a\u8c03\u7528\u7684 RPC \u8c03\u7528\u521b\u5efa\u4e00\u4e2a\u3002 \u76f4\u63a5\u53d1\u5e03\u8005 RabbitMQ \u7684\u5143\u7d20\uff0c\u7528\u4e8e\u63d0\u4f9b\u5bf9\u4f20\u5165 MQ \u6d88\u606f\u7684\u54cd\u5e94\u3002 \u89e3\u9664\u5173\u8054 \u5220\u9664\u6d6e\u52a8 IP \u5730\u5740\u548c\u56fa\u5b9a IP \u4e4b\u95f4\u7684\u5173\u8054\uff0c\u4ece\u800c\u5c06\u6d6e\u52a8 IP \u5730\u5740\u8fd4\u56de\u5230\u5730\u5740\u6c60\u7684\u8fc7\u7a0b\u3002 \u81ea\u4e3b\u8bbf\u95ee\u63a7\u5236 \uff08DAC\uff09 \u63a7\u5236\u4f7f\u7528\u8005\u8bbf\u95ee\u5bf9\u8c61\u7684\u80fd\u529b\uff0c\u540c\u65f6\u4f7f\u7528\u6237\u80fd\u591f\u505a\u51fa\u7b56\u7565\u51b3\u7b56\u5e76\u5206\u914d\u5b89\u5168\u5c5e\u6027\u3002\u4f20\u7edf\u7684\u7528\u6237\u3001\u7ec4\u548c\u8bfb-\u5199-\u6267\u884c\u6743\u9650\u7684 UNIX \u7cfb\u7edf\u5c31\u662f DAC \u7684\u4e00\u4e2a\u793a\u4f8b\u3002 \u78c1\u76d8\u52a0\u5bc6 \u80fd\u591f\u5728\u6587\u4ef6\u7cfb\u7edf\u3001\u78c1\u76d8\u5206\u533a\u6216\u6574\u4e2a\u78c1\u76d8\u7ea7\u522b\u52a0\u5bc6\u6570\u636e\u3002\u5728\u8ba1\u7b97 VM \u4e2d\u53d7\u652f\u6301\u3002 \u78c1\u76d8\u683c\u5f0f VM \u7684\u78c1\u76d8\u6620\u50cf\u5728\u6620\u50cf\u670d\u52a1\u540e\u7aef\u5b58\u50a8\u4e2d\u5b58\u50a8\u7684\u57fa\u7840\u683c\u5f0f\u3002\u4f8b\u5982\uff0cAMI\u3001ISO\u3001QCOW2\u3001VMDK \u7b49\u3002 \u5206\u6563 \u5728\u5bf9\u8c61\u5b58\u50a8\u4e2d\uff0c\u7528\u4e8e\u6d4b\u8bd5\u548c\u786e\u4fdd\u5bf9\u8c61\u548c\u5bb9\u5668\u5206\u6563\u4ee5\u786e\u4fdd\u5bb9\u9519\u7684\u5de5\u5177\u3002 \u5206\u5e03\u5f0f\u865a\u62df\u8def\u7531\u5668 \uff08DVR\uff09 \u4f7f\u7528 OpenStack Networking \uff08neutron\uff09 \u65f6\u5b9e\u73b0\u9ad8\u53ef\u7528\u6027\u591a\u4e3b\u673a\u8def\u7531\u7684\u673a\u5236\u3002 Django \u5728\u5730\u5e73\u7ebf\u4e2d\u5e7f\u6cdb\u4f7f\u7528\u7684 Web \u6846\u67b6\u3002 DNS \u8bb0\u5f55 \u6307\u5b9a\u6709\u5173\u7279\u5b9a\u57df\u5e76\u5c5e\u4e8e\u8be5\u57df\u7684\u4fe1\u606f\u7684\u8bb0\u5f55\u3002 DNS\u670d\u52a1\uff08\u6307\u5b9a\uff09 OpenStack \u9879\u76ee\uff0c\u4ee5\u4e0e\u6280\u672f\u65e0\u5173\u7684\u65b9\u5f0f\u63d0\u4f9b\u5bf9\u6743\u5a01 DNS \u670d\u52a1\u7684\u53ef\u6269\u5c55\u3001\u6309\u9700\u3001\u81ea\u52a9\u8bbf\u95ee\u3002 dnsmasq \u4e3a\u865a\u62df\u7f51\u7edc\u63d0\u4f9b DNS\u3001DHCP\u3001BOOTP \u548c TFTP \u670d\u52a1\u7684\u5b88\u62a4\u7a0b\u5e8f\u3002 \u57df \u6807\u8bc6 API v3 \u5b9e\u4f53\u3002\u8868\u793a\u9879\u76ee\u3001\u7ec4\u548c\u7528\u6237\u7684\u96c6\u5408\uff0c\u7528\u4e8e\u5b9a\u4e49\u7528\u4e8e\u7ba1\u7406 OpenStack Identity \u5b9e\u4f53\u7684\u7ba1\u7406\u8fb9\u754c\u3002\u5728 Internet \u4e0a\uff0c\u5c06\u7f51\u7ad9\u4e0e\u5176\u4ed6\u7f51\u7ad9\u5206\u5f00\u3002\u901a\u5e38\uff0c\u57df\u540d\u6709\u4e24\u4e2a\u6216\u591a\u4e2a\u90e8\u5206\uff0c\u7528\u70b9\u5206\u9694\u3002\u4f8b\u5982\uff0cyahoo.com\u3001usa.gov\u3001harvard.edu \u6216 mail.yahoo.com\u3002\u6b64\u5916\uff0c\u57df\u662f\u5305\u542b\u4e00\u6761\u6216\u591a\u6761\u8bb0\u5f55\u7684\u6240\u6709 DNS \u76f8\u5173\u4fe1\u606f\u7684\u5b9e\u4f53\u6216\u5bb9\u5668\u3002 \u57df\u540d\u7cfb\u7edf\uff08DNS\uff09 \u7528\u4e8e\u786e\u5b9a Internet \u57df\u540d\u5230\u5730\u5740\u548c\u5730\u5740\u5230\u540d\u79f0\u89e3\u6790\u7684\u7cfb\u7edf\u3002DNS \u901a\u8fc7\u5c06 IP \u5730\u5740\u8f6c\u6362\u4e3a\u66f4\u6613\u4e8e\u8bb0\u5fc6\u7684\u5730\u5740\u6765\u5e2e\u52a9\u6d4f\u89c8 Internet\u3002\u4f8b\u5982\uff0c\u5c06 111.111.111.1 \u8f6c\u6362\u4e3a www.yahoo.com\u3002\u6240\u6709\u57df\u53ca\u5176\u7ec4\u4ef6\uff08\u5982\u90ae\u4ef6\u670d\u52a1\u5668\uff09\u90fd\u5229\u7528 DNS \u89e3\u6790\u5230\u9002\u5f53\u7684\u4f4d\u7f6e\u3002DNS\u670d\u52a1\u5668\u901a\u5e38\u8bbe\u7f6e\u5728\u4e3b\u4ece\u5173\u7cfb\u4e2d\uff0c\u4ee5\u4fbf\u4e3b\u670d\u52a1\u5668\u6545\u969c\u8c03\u7528\u4ece\u670d\u52a1\u5668\u3002\u8fd8\u53ef\u4ee5\u5bf9 DNS \u670d\u52a1\u5668\u8fdb\u884c\u7fa4\u96c6\u6216\u590d\u5236\uff0c\u4ee5\u4fbf\u5bf9\u4e00\u4e2a DNS \u670d\u52a1\u5668\u6240\u505a\u7684\u66f4\u6539\u81ea\u52a8\u4f20\u64ad\u5230\u5176\u4ed6\u6d3b\u52a8\u670d\u52a1\u5668\u3002\u5728\u8ba1\u7b97\u4e2d\uff0c\u652f\u6301\u5c06 DNS \u6761\u76ee\u4e0e\u6d6e\u52a8 IP \u5730\u5740\u3001\u8282\u70b9\u6216\u5355\u5143\u76f8\u5173\u8054\uff0c\u4ee5\u4fbf\u4e3b\u673a\u540d\u5728\u91cd\u65b0\u542f\u52a8\u65f6\u4fdd\u6301\u4e00\u81f4\u3002 \u4e0b\u8f7d \u5c06\u6570\u636e\uff08\u901a\u5e38\u4ee5\u6587\u4ef6\u7684\u5f62\u5f0f\uff09\u4ece\u4e00\u53f0\u8ba1\u7b97\u673a\u4f20\u8f93\u5230\u53e6\u4e00\u53f0\u8ba1\u7b97\u673a\u3002 \u6301\u4e45\u4ea4\u6362 \u670d\u52a1\u5668\u91cd\u65b0\u542f\u52a8\u65f6\u4fdd\u6301\u6d3b\u52a8\u72b6\u6001\u7684 Compute RabbitMQ \u6d88\u606f\u4ea4\u6362\u3002 \u6301\u4e45\u961f\u5217 \u4e00\u4e2a Compute RabbitMQ \u6d88\u606f\u961f\u5217\uff0c\u5728\u670d\u52a1\u5668\u91cd\u65b0\u542f\u52a8\u65f6\u4fdd\u6301\u6d3b\u52a8\u72b6\u6001\u3002 \u52a8\u6001\u4e3b\u673a\u914d\u7f6e\u534f\u8bae \uff08DHCP\uff09 \u4e00\u79cd\u7f51\u7edc\u534f\u8bae\uff0c\u7528\u4e8e\u914d\u7f6e\u8fde\u63a5\u5230\u7f51\u7edc\u7684\u8bbe\u5907\uff0c\u4ee5\u4fbf\u5b83\u4eec\u53ef\u4ee5\u4f7f\u7528 Internet \u534f\u8bae \uff08IP\uff09 \u5728\u8be5\u7f51\u7edc\u4e0a\u8fdb\u884c\u901a\u4fe1\u3002\u8be5\u534f\u8bae\u5728\u5ba2\u6237\u7aef-\u670d\u52a1\u5668\u6a21\u578b\u4e2d\u5b9e\u73b0\uff0c\u5176\u4e2d DHCP \u5ba2\u6237\u7aef\u4ece DHCP \u670d\u52a1\u5668\u8bf7\u6c42\u914d\u7f6e\u6570\u636e\uff0c\u4f8b\u5982 IP \u5730\u5740\u3001\u9ed8\u8ba4\u8def\u7531\u4ee5\u53ca\u4e00\u4e2a\u6216\u591a\u4e2a DNS \u670d\u52a1\u5668\u5730\u5740\u3002\u4e00\u79cd\u5728\u5f15\u5bfc\u65f6\u81ea\u52a8\u4e3a\u4e3b\u673a\u914d\u7f6e\u7f51\u7edc\u7684\u65b9\u6cd5\u3002\u7531\u7f51\u7edc\u548c\u8ba1\u7b97\u63d0\u4f9b\u3002 \u52a8\u6001\u8d85\u6587\u672c\u6807\u8bb0\u8bed\u8a00 \uff08DHTML\uff09 \u4f7f\u7528 HTML\u3001JavaScript \u548c\u7ea7\u8054\u6837\u5f0f\u8868\u4f7f\u7528\u6237\u80fd\u591f\u4e0e\u7f51\u9875\u4ea4\u4e92\u6216\u663e\u793a\u7b80\u5355\u52a8\u753b\u7684\u9875\u9762\u3002","title":"D"},{"location":"security/security-guide/#e","text":"\u4e1c\u897f\u5411\u6d41\u91cf \u540c\u4e00\u4e91\u6216\u6570\u636e\u4e2d\u5fc3\u4e2d\u7684\u670d\u52a1\u5668\u4e4b\u95f4\u7684\u7f51\u7edc\u6d41\u91cf\u3002\u53e6\u8bf7\u53c2\u9605\u5357\u5317\u5411\u6d41\u91cf\u3002 EBS \u542f\u52a8\u5377 \u5305\u542b\u53ef\u542f\u52a8 VM \u6620\u50cf\u7684 Amazon EBS \u5b58\u50a8\u5377\uff0cOpenStack \u76ee\u524d\u4e0d\u652f\u6301\u8be5\u6620\u50cf\u3002 ebtables \u7528\u4e8e Linux \u6865\u63a5\u9632\u706b\u5899\u7684\u8fc7\u6ee4\u5de5\u5177\uff0c\u652f\u6301\u8fc7\u6ee4\u901a\u8fc7 Linux \u6865\u63a5\u7684\u7f51\u7edc\u6d41\u91cf\u3002\u5728\u8ba1\u7b97\u4e2d\u4e0e arptables\u3001iptables \u548c ip6tables \u4e00\u8d77\u4f7f\u7528\uff0c\u4ee5\u786e\u4fdd\u7f51\u7edc\u901a\u4fe1\u7684\u9694\u79bb\u3002 EC2 \u51fd\u6570 Amazon \u5546\u4e1a\u8ba1\u7b97\u4ea7\u54c1\uff0c\u7c7b\u4f3c\u4e8e\u8ba1\u7b97\u3002 EC2 \u8bbf\u95ee\u5bc6\u94a5 \u4e0e EC2 \u79c1\u6709\u5bc6\u94a5\u4e00\u8d77\u4f7f\u7528\u4ee5\u8bbf\u95ee\u8ba1\u7b97 EC2 API\u3002 EC2 API OpenStack \u652f\u6301\u901a\u8fc7\u8ba1\u7b97\u8bbf\u95ee Amazon EC2 API\u3002 EC2 \u517c\u5bb9\u6027 API \u4f7f OpenStack \u80fd\u591f\u4e0e Amazon EC2 \u901a\u4fe1\u7684\u8ba1\u7b97\u7ec4\u4ef6\u3002 EC2 \u79c1\u6709\u5bc6\u94a5 \u4e0e\u8ba1\u7b97 EC2 API \u901a\u4fe1\u65f6\u4e0e EC2 \u8bbf\u95ee\u5bc6\u94a5\u4e00\u8d77\u4f7f\u7528;\u7528\u4e8e\u5bf9\u6bcf\u4e2a\u8bf7\u6c42\u8fdb\u884c\u6570\u5b57\u7b7e\u540d\u3002 \u8fb9\u7f18\u8ba1\u7b97 \u5728\u4e91\u4e2d\u8fd0\u884c\u66f4\u5c11\u7684\u8fdb\u7a0b\uff0c\u5e76\u5c06\u8fd9\u4e9b\u8fdb\u7a0b\u79fb\u52a8\u5230\u672c\u5730\u3002 \u5f39\u6027\u5757\u5b58\u50a8 \uff08EBS\uff09 Amazon \u5546\u4e1a\u5757\u5b58\u50a8\u4ea7\u54c1\u3002 \u5c01\u88c5 \u5c06\u4e00\u79cd\u6570\u636e\u5305\u7c7b\u578b\u7f6e\u4e8e\u53e6\u4e00\u79cd\u6570\u636e\u5305\u7c7b\u578b\u4e2d\uff0c\u4ee5\u63d0\u53d6\u6216\u4fdd\u62a4\u6570\u636e\u3002\u793a\u4f8b\u5305\u62ec GRE\u3001MPLS \u6216 IPsec\u3002 \u52a0\u5bc6 OpenStack\u652f\u6301HTTPS\u3001SSH\u3001SSL\u3001TLS\u3001\u6570\u5b57\u8bc1\u4e66\u3001\u6570\u636e\u52a0\u5bc6\u7b49\u52a0\u5bc6\u6280\u672f\u3002 \u7aef\u70b9 \u8bf7\u53c2\u9605 API \u7aef\u70b9\u3002 \u7aef\u70b9\u6ce8\u518c\u8868 \u8eab\u4efd\u670d\u52a1\u76ee\u5f55\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u7aef\u70b9\u6a21\u677f URL \u548c\u7aef\u53e3\u53f7\u7aef\u70b9\u5217\u8868\uff0c\u6307\u793a\u53ef\u4ee5\u8bbf\u95ee\u670d\u52a1\uff08\u5982\u5bf9\u8c61\u5b58\u50a8\u3001\u8ba1\u7b97\u3001\u6807\u8bc6\u7b49\uff09\u7684\u4f4d\u7f6e\u3002 \u4f01\u4e1a\u4e91\u8ba1\u7b97 \u4f4d\u4e8e\u9632\u706b\u5899\u540e\u9762\u7684\u8ba1\u7b97\u73af\u5883\uff0c\u4e3a\u4f01\u4e1a\u63d0\u4f9b\u8f6f\u4ef6\u3001\u57fa\u7840\u8bbe\u65bd\u548c\u5e73\u53f0\u670d\u52a1\u3002 \u5b9e\u4f53 \u4efb\u4f55\u60f3\u8981\u8fde\u63a5\u5230\u7f51\u7edc\uff08\u7f51\u7edc\u8fde\u63a5\u670d\u52a1\uff09\u63d0\u4f9b\u7684\u7f51\u7edc\u670d\u52a1\u7684\u786c\u4ef6\u6216\u8f6f\u4ef6\u3002\u5b9e\u4f53\u53ef\u4ee5\u901a\u8fc7\u5b9e\u73b0 VIF \u6765\u5229\u7528\u7f51\u7edc\u3002 \u4e34\u65f6\u6620\u50cf \u4e0d\u4fdd\u5b58\u5bf9\u5176\u5377\u6240\u505a\u7684\u66f4\u6539\u5e76\u5728\u5b9e\u4f8b\u7ec8\u6b62\u540e\u5c06\u5176\u6062\u590d\u5230\u539f\u59cb\u72b6\u6001\u7684 VM \u6620\u50cf\u3002 \u4e34\u65f6\u5377 \u4e0d\u4fdd\u5b58\u5bf9\u5176\u6240\u505a\u7684\u66f4\u6539\u5e76\u5728\u5f53\u524d\u7528\u6237\u653e\u5f03\u63a7\u5236\u6743\u65f6\u6062\u590d\u5230\u5176\u539f\u59cb\u72b6\u6001\u7684\u5377\u3002 Essex 2012 \u5e74 4 \u6708\u53d1\u5e03\u7684\u4e0e OpenStack \u76f8\u5173\u7684\u9879\u76ee\u7684\u5206\u7ec4\u7248\u672c\uff0c\u662f OpenStack \u7684\u7b2c\u4e94\u4e2a\u7248\u672c\u3002\u5b83\u5305\u62ec\u8ba1\u7b97\uff08nova 2012.1\uff09\u3001\u5bf9\u8c61\u5b58\u50a8\uff08swift 1.4.8\uff09\u3001\u56fe\u50cf\uff08glance\uff09\u3001\u8eab\u4efd\uff08keystone\uff09\u548c\u4eea\u8868\u677f\uff08horizon\uff09\u3002Essex \u662f OpenStack \u7b2c\u4e94\u4e2a\u7248\u672c\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u7f8e\u56fd\u9a6c\u8428\u8bf8\u585e\u5dde\u6ce2\u58eb\u987f\u4e3e\u884c\uff0cEssex\u662f\u9644\u8fd1\u7684\u57ce\u5e02\u3002 ESXi \u652f\u6301 OpenStack \u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002 ETag \u51fd\u6570 \u5bf9\u8c61\u5b58\u50a8\u4e2d\u5bf9\u8c61\u7684 MD5 \u54c8\u5e0c\u503c\uff0c\u7528\u4e8e\u786e\u4fdd\u6570\u636e\u5b8c\u6574\u6027\u3002 euca2ools \u7528\u4e8e\u7ba1\u7406 VM \u7684\u547d\u4ee4\u884c\u5de5\u5177\u96c6\u5408;\u5927\u591a\u6570\u90fd\u4e0eOpenStack\u517c\u5bb9\u3002 Eucalyptus Kernel Image \uff08EKI\uff09 \u4e0e ERI \u4e00\u8d77\u4f7f\u7528\u4ee5\u521b\u5efa EMI\u3002 Eucalyptus\u673a\u5668\u6620\u50cf \uff08EMI\uff09 \u6620\u50cf\u670d\u52a1\u652f\u6301\u7684\u865a\u62df\u673a\u955c\u50cf\u5bb9\u5668\u683c\u5f0f\u3002 Eucalyptus Ramdisk \u955c\u50cf \uff08ERI\uff09 \u4e0e EKI \u4e00\u8d77\u4f7f\u7528\u4ee5\u521b\u5efa EMI\u3002 \u64a4\u79bb \u5c06\u4e00\u4e2a\u6216\u6240\u6709\u865a\u62df\u673a \uff08VM\uff09 \u5b9e\u4f8b\u4ece\u4e00\u53f0\u4e3b\u673a\u8fc1\u79fb\u5230\u53e6\u4e00\u53f0\u4e3b\u673a\u7684\u8fc7\u7a0b\uff0c\u4e0e\u5171\u4eab\u5b58\u50a8\u5b9e\u65f6\u8fc1\u79fb\u548c\u5757\u8fc1\u79fb\u517c\u5bb9\u3002 \u4ea4\u6362 RabbitMQ \u6d88\u606f\u4ea4\u6362\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u4ea4\u6362\u7c7b\u578b Compute RabbitMQ \u4e2d\u7684\u8def\u7531\u7b97\u6cd5\u3002 \u72ec\u5360\u961f\u5217 \u7531 RabbitMQ \u4e2d\u7684\u76f4\u63a5\u4f7f\u7528\u8005\u8fde\u63a5\u5230 - \u8ba1\u7b97\uff0c\u6d88\u606f\u53ea\u80fd\u7531\u5f53\u524d\u8fde\u63a5\u4f7f\u7528\u3002 \u6269\u5c55\u5c5e\u6027 \uff08xattr\uff09 \u6587\u4ef6\u7cfb\u7edf\u9009\u9879\uff0c\u7528\u4e8e\u5b58\u50a8\u6240\u6709\u8005\u3001\u7ec4\u3001\u6743\u9650\u3001\u4fee\u6539\u65f6\u95f4\u7b49\u4ee5\u5916\u7684\u5176\u4ed6\u4fe1\u606f\u3002\u5e95\u5c42\u5bf9\u8c61\u5b58\u50a8\u6587\u4ef6\u7cfb\u7edf\u5fc5\u987b\u652f\u6301\u6269\u5c55\u5c5e\u6027\u3002 \u6269\u5c55 API \u6269\u5c55\u6216\u63d2\u4ef6\u7684\u66ff\u4ee3\u672f\u8bed\u3002\u5728 Identity \u670d\u52a1\u7684\u4e0a\u4e0b\u6587\u4e2d\uff0c\u8fd9\u662f\u7279\u5b9a\u4e8e\u5b9e\u73b0\u7684\u8c03\u7528\uff0c\u4f8b\u5982\u6dfb\u52a0\u5bf9 OpenID \u7684\u652f\u6301\u3002 \u5916\u90e8\u7f51\u7edc \u901a\u5e38\u7528\u4e8e Internet \u8bbf\u95ee\u7684\u7f51\u6bb5\u3002 \u989d\u5916\u89c4\u683c \u6307\u5b9a\u8ba1\u7b97\u786e\u5b9a\u4ece\u4f55\u5904\u5f00\u59cb\u65b0\u5b9e\u4f8b\u65f6\u7684\u5176\u4ed6\u8981\u6c42\u3002\u793a\u4f8b\u5305\u62ec\u6700\u5c0f\u7f51\u7edc\u5e26\u5bbd\u6216 GPU \u91cf\u3002","title":"E"},{"location":"security/security-guide/#f","text":"FakeLDAP \u521b\u5efa\u7528\u4e8e\u6d4b\u8bd5\u8eab\u4efd\u548c\u8ba1\u7b97\u7684\u672c\u5730 LDAP \u76ee\u5f55\u7684\u7b80\u5355\u65b9\u6cd5\u3002\u9700\u8981 Redis\u3002 fan-out\u4ea4\u6362 \u5728 RabbitMQ \u548c Compute \u4e2d\uff0c\u8c03\u5ea6\u7a0b\u5e8f\u670d\u52a1\u4f7f\u7528\u6d88\u606f\u4f20\u9012\u63a5\u53e3\u4ece\u8ba1\u7b97\u3001\u5377\u548c\u7f51\u7edc\u8282\u70b9\u63a5\u6536\u529f\u80fd\u6d88\u606f\u3002 \u8054\u5408\u8eab\u4efd \u4e00\u79cd\u5728\u8eab\u4efd\u63d0\u4f9b\u5546\u548c OpenStack \u4e91\u4e4b\u95f4\u5efa\u7acb\u4fe1\u4efb\u7684\u65b9\u6cd5\u3002 Fedora \u4e0e OpenStack \u517c\u5bb9\u7684 Linux \u53d1\u884c\u7248\u3002 \u5149\u7ea4\u901a\u9053 \u5b58\u50a8\u534f\u8bae\u5728\u6982\u5ff5\u4e0a\u7c7b\u4f3c\u4e8e TCP/IP;\u5c01\u88c5 SCSI \u547d\u4ee4\u548c\u6570\u636e\u3002 \u4ee5\u592a\u7f51\u5149\u7ea4\u901a\u9053 \uff08FCoE\uff09 \u5149\u7ea4\u901a\u9053\u534f\u8bae\u5728\u4ee5\u592a\u7f51\u5185\u901a\u8fc7\u96a7\u9053\u4f20\u8f93\u3002 \u586b\u5145\u4f18\u5148\u8c03\u5ea6\u5668 \u8ba1\u7b97\u8ba1\u5212\u65b9\u6cd5\uff0c\u5c1d\u8bd5\u7528 VM \u586b\u5145\u4e3b\u673a\uff0c\u800c\u4e0d\u662f\u5728\u5404\u79cd\u4e3b\u673a\u4e0a\u542f\u52a8\u65b0 VM\u3002 \u8fc7\u6ee4\u5668 \u8ba1\u7b97\u8ba1\u5212\u8fc7\u7a0b\u4e2d\u7684\u6b65\u9aa4\uff0c\u5f53\u65e0\u6cd5\u8fd0\u884c VM \u7684\u4e3b\u673a\u88ab\u6dd8\u6c70\u4e14\u672a\u88ab\u9009\u4e2d\u65f6\u3002 \u9632\u706b\u5899 \u7528\u4e8e\u9650\u5236\u4e3b\u673a\u548c/\u6216\u8282\u70b9\u4e4b\u95f4\u7684\u901a\u4fe1\uff0c\u5728\u8ba1\u7b97\u4e2d\u4f7f\u7528 iptables\u3001arptables\u3001ip6tables \u548c ebtables \u5b9e\u73b0\u3002 \u9632\u706b\u5899\u5373\u670d\u52a1 \uff08FWaaS\uff09 \u63d0\u4f9b\u5916\u56f4\u9632\u706b\u5899\u529f\u80fd\u7684\u7f51\u7edc\u6269\u5c55\u3002 \u56fa\u5b9a IP \u5730\u5740 \u6bcf\u6b21\u542f\u52a8\u5b9e\u4f8b\u65f6\u90fd\u4e0e\u540c\u4e00\u5b9e\u4f8b\u5173\u8054\u7684 IP \u5730\u5740\u901a\u5e38\u4e0d\u5bf9\u6700\u7ec8\u7528\u6237\u6216\u516c\u5171 Internet \u8bbf\u95ee\uff0c\u5e76\u7528\u4e8e\u7ba1\u7406\u5b9e\u4f8b\u3002 \u5e73\u9762\u7ba1\u7406\u5668 \u8ba1\u7b97\u7ec4\u4ef6\u4e3a\u6388\u6743\u8282\u70b9\u63d0\u4f9b IP \u5730\u5740\uff0c\u5e76\u5047\u5b9a DHCP\u3001DNS \u4ee5\u53ca\u8def\u7531\u914d\u7f6e\u548c\u670d\u52a1\u7531\u5176\u4ed6\u8bbe\u5907\u63d0\u4f9b\u3002 \u5e73\u9762\u6a21\u5f0f\u6ce8\u5165 \u4e00\u79cd\u8ba1\u7b97\u7f51\u7edc\u65b9\u6cd5\uff0c\u5728\u5b9e\u4f8b\u542f\u52a8\u4e4b\u524d\u5c06\u64cd\u4f5c\u7cfb\u7edf\u7f51\u7edc\u914d\u7f6e\u4fe1\u606f\u6ce8\u5165\u5230 VM \u6620\u50cf\u4e2d\u3002 \u5e73\u9762\u7f51\u7edc \u865a\u62df\u7f51\u7edc\u7c7b\u578b\uff0c\u4e0d\u4f7f\u7528VLAN\u6216\u96a7\u9053\u6765\u5206\u9694\u9879\u76ee\u6d41\u91cf\u3002\u6bcf\u4e2a\u5e73\u9762\u7f51\u7edc\u901a\u5e38\u9700\u8981\u5b9a\u4e49\u7531\u6865\u63a5\u6620\u5c04\u5b9a\u4e49\u7684\u5355\u72ec\u7684\u5e95\u5c42\u7269\u7406\u63a5\u53e3\u3002\u4f46\u662f\uff0c\u5e73\u9762\u7f51\u7edc\u53ef\u4ee5\u5305\u542b\u591a\u4e2a\u5b50\u7f51\u3002FlatDHCP \u7ba1\u7406\u5668 \u63d0\u4f9b dnsmasq\uff08DHCP\u3001DNS\u3001BOOTP\u3001TFTP\uff09\u548c radvd\uff08\u8def\u7531\uff09\u670d\u52a1\u7684\u8ba1\u7b97\u7ec4\u4ef6\u3002 \u89c4\u683c VM \u5b9e\u4f8b\u7c7b\u578b\u7684\u66ff\u4ee3\u672f\u8bed \u89c4\u683cID \u6bcf\u79cd\u8ba1\u7b97\u6216\u6620\u50cf\u670d\u52a1\u865a\u62df\u673a\u89c4\u683c\u6216\u5b9e\u4f8b\u7c7b\u578b\u7684 UUID\u3002 \u6d6e\u52a8 IP \u5730\u5740 \u9879\u76ee\u53ef\u4ee5\u4e0e VM \u5173\u8054\u7684 IP \u5730\u5740\uff0c\u4ee5\u4fbf\u5b9e\u4f8b\u5728\u6bcf\u6b21\u542f\u52a8\u65f6\u90fd\u5177\u6709\u76f8\u540c\u7684\u516c\u6709 IP \u5730\u5740\u3002\u60a8\u53ef\u4ee5\u521b\u5efa\u4e00\u4e2a\u6d6e\u52a8 IP \u5730\u5740\u6c60\uff0c\u5e76\u5728\u5b9e\u4f8b\u542f\u52a8\u65f6\u5c06\u5176\u5206\u914d\u7ed9\u5b9e\u4f8b\uff0c\u4ee5\u4fdd\u6301\u4e00\u81f4\u7684 IP \u5730\u5740\u4ee5\u7ef4\u62a4 DNS \u5206\u914d\u3002 Folsom 2012 \u5e74\u79cb\u5b63\u53d1\u5e03\u7684\u4e0e OpenStack \u76f8\u5173\u7684\u9879\u76ee\u7684\u5206\u7ec4\u7248\u672c\uff0c\u662f OpenStack \u7684\u7b2c\u516d\u4e2a\u7248\u672c\u3002\u5b83\u5305\u62ec\u8ba1\u7b97 \uff08nova\uff09\u3001\u5bf9\u8c61\u5b58\u50a8 \uff08swift\uff09\u3001\u8eab\u4efd \uff08keystone\uff09\u3001\u7f51\u7edc \uff08neutron\uff09\u3001\u6620\u50cf\u670d\u52a1 \uff08glance\uff09 \u4ee5\u53ca\u5377\u6216\u5757\u5b58\u50a8 \uff08cinder\uff09\u3002Folsom \u662f OpenStack \u7b2c\u516d\u4e2a\u7248\u672c\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u7f8e\u56fd\u52a0\u5229\u798f\u5c3c\u4e9a\u5dde\u65e7\u91d1\u5c71\u4e3e\u884c\uff0c\u798f\u5c14\u745f\u59c6\u662f\u9644\u8fd1\u7684\u57ce\u5e02\u3002 FormPost \u5bf9\u8c61\u5b58\u50a8\u4e2d\u95f4\u4ef6\uff0c\u901a\u8fc7\u7f51\u9875\u4e0a\u7684\u8868\u5355\u4e0a\u4f20\uff08\u53d1\u5e03\uff09\u56fe\u50cf\u3002 freezer \u5907\u4efd\u3001\u8fd8\u539f\u548c\u707e\u96be\u6062\u590d\u670d\u52a1\u7684\u4ee3\u53f7\u3002 \u524d\u7aef \u7528\u6237\u4e0e\u670d\u52a1\u4ea4\u4e92\u7684\u70b9;\u53ef\u4ee5\u662f API \u7aef\u70b9\u3001\u4eea\u8868\u677f\u6216\u547d\u4ee4\u884c\u5de5\u5177\u3002","title":"F"},{"location":"security/security-guide/#g","text":"\u7f51\u5173 \u901a\u5e38\u5206\u914d\u7ed9\u8def\u7531\u5668\u7684 IP \u5730\u5740\uff0c\u7528\u4e8e\u5728\u4e0d\u540c\u7f51\u7edc\u4e4b\u95f4\u4f20\u9012\u7f51\u7edc\u6d41\u91cf\u3002 \u901a\u7528\u63a5\u6536\u5378\u8f7d \uff08GRO\uff09 \u67d0\u4e9b\u7f51\u7edc\u63a5\u53e3\u9a71\u52a8\u7a0b\u5e8f\u7684\u529f\u80fd\uff0c\u5728\u4f20\u9001\u5230\u5185\u6838 IP \u5806\u6808\u4e4b\u524d\uff0c\u5c06\u8bb8\u591a\u8f83\u5c0f\u7684\u63a5\u6536\u6570\u636e\u5305\u5408\u5e76\u4e3a\u4e00\u4e2a\u5927\u6570\u636e\u5305\u3002 \u901a\u7528\u8def\u7531\u5c01\u88c5 \uff08GRE\uff09 \u5728\u865a\u62df\u70b9\u5bf9\u70b9\u94fe\u8def\u4e2d\u5c01\u88c5\u5404\u79cd\u7f51\u7edc\u5c42\u534f\u8bae\u7684\u534f\u8bae\u3002 glance \u5f71\u50cf\u670d\u52a1\u7684\u4ee3\u53f7\u3002 glance API \u670d\u52a1\u5668 \u56fe\u50cf API \u7684\u66ff\u4ee3\u540d\u79f0\u3002 glance \u6ce8\u518c\u8868 \u6620\u50cf\u670d\u52a1\u6620\u50cf\u6ce8\u518c\u8868\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u5168\u5c40\u7aef\u70b9\u6a21\u677f \u5305\u542b\u53ef\u7528\u4e8e\u6240\u6709\u9879\u76ee\u7684\u670d\u52a1\u7684\u6807\u8bc6\u670d\u52a1\u7ec8\u7ed3\u70b9\u6a21\u677f\u3002 GlusterFS \u4e00\u4e2a\u65e8\u5728\u805a\u5408 NAS \u4e3b\u673a\u7684\u6587\u4ef6\u7cfb\u7edf\uff0c\u4e0e OpenStack \u517c\u5bb9\u3002 gnocchi OpenStack Telemetry \u670d\u52a1\u7684\u4e00\u90e8\u5206;\u63d0\u4f9b\u7d22\u5f15\u5668\u548c\u65f6\u5e8f\u6570\u636e\u5e93\u3002 golden\u6620\u50cf \u4e00\u79cd\u64cd\u4f5c\u7cfb\u7edf\u5b89\u88c5\u65b9\u6cd5\uff0c\u5176\u4e2d\u521b\u5efa\u6700\u7ec8\u7684\u78c1\u76d8\u6620\u50cf\uff0c\u7136\u540e\u7531\u6240\u6709\u8282\u70b9\u4f7f\u7528\uff0c\u65e0\u9700\u4fee\u6539\u3002 \u6cbb\u7406\u670d\u52a1\uff08\u5927\u4f1a\uff09 \u8be5\u9879\u76ee\u5728\u4efb\u4f55\u4e91\u670d\u52a1\u96c6\u5408\u4e2d\u63d0\u4f9b\u6cbb\u7406\u5373\u670d\u52a1\uff0c\u4ee5\u4fbf\u76d1\u89c6\u3001\u5b9e\u65bd\u548c\u5ba1\u6838\u52a8\u6001\u57fa\u7840\u7ed3\u6784\u4e0a\u7684\u7b56\u7565\u3002 \u56fe\u5f62\u4ea4\u6362\u683c\u5f0f \uff08GIF\uff09 \u4e00\u79cd\u901a\u5e38\u7528\u4e8e\u7f51\u9875\u4e0a\u7684\u52a8\u753b\u56fe\u50cf\u7684\u56fe\u50cf\u6587\u4ef6\u3002 \u56fe\u5f62\u5904\u7406\u5355\u5143 \uff08GPU\uff09 OpenStack \u76ee\u524d\u4e0d\u652f\u6301\u6839\u636e GPU \u7684\u5b58\u5728\u6765\u9009\u62e9\u4e3b\u673a\u3002 \u7eff\u8272\u7ebf\u7a0b Python \u4f7f\u7528\u7684\u534f\u4f5c\u7ebf\u7a0b\u6a21\u578b;\u51cf\u5c11\u4e89\u7528\u6761\u4ef6\uff0c\u5e76\u4e14\u4ec5\u5728\u8fdb\u884c\u7279\u5b9a\u5e93\u8c03\u7528\u65f6\u8fdb\u884c\u4e0a\u4e0b\u6587\u5207\u6362\u3002\u6bcf\u4e2a OpenStack \u670d\u52a1\u90fd\u662f\u5b83\u81ea\u5df1\u7684\u7ebf\u7a0b\u3002 Grizzly OpenStack \u7b2c\u4e03\u4e2a\u7248\u672c\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u7f8e\u56fd\u52a0\u5229\u798f\u5c3c\u4e9a\u5dde\u5723\u5730\u4e9a\u54e5\u4e3e\u884c\uff0cGrizzly\u662f\u52a0\u5229\u798f\u5c3c\u4e9a\u5dde\u5dde\u65d7\u7684\u4e00\u4e2a\u5143\u7d20\u3002 \u5206\u7ec4 Identity v3 API \u5b9e\u4f53\u3002\u8868\u793a\u7279\u5b9a\u57df\u6240\u62e5\u6709\u7684\u7528\u6237\u96c6\u5408\u3002 \u5ba2\u6237\u673a\u64cd\u4f5c\u7cfb\u7edf \u5728\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u7684\u63a7\u5236\u4e0b\u8fd0\u884c\u7684\u64cd\u4f5c\u7cfb\u7edf\u5b9e\u4f8b\u3002","title":"G"},{"location":"security/security-guide/#h","text":"Hadoop Apache Hadoop \u662f\u4e00\u4e2a\u5f00\u6e90\u8f6f\u4ef6\u6846\u67b6\uff0c\u652f\u6301\u6570\u636e\u5bc6\u96c6\u578b\u5206\u5e03\u5f0f\u5e94\u7528\u7a0b\u5e8f\u3002 Hadoop \u5206\u5e03\u5f0f\u6587\u4ef6\u7cfb\u7edf \uff08HDFS\uff09 \u4e00\u79cd\u5206\u5e03\u5f0f\u3001\u9ad8\u5ea6\u5bb9\u9519\u7684\u6587\u4ef6\u7cfb\u7edf\uff0c\u8bbe\u8ba1\u7528\u4e8e\u5728\u4f4e\u6210\u672c\u5546\u7528\u786c\u4ef6\u4e0a\u8fd0\u884c\u3002 \u4ea4\u63a5 \u5bf9\u8c61\u5b58\u50a8\u4e2d\u7684\u4e00\u79cd\u5bf9\u8c61\u72b6\u6001\uff0c\u5176\u4e2d\u7531\u4e8e\u9a71\u52a8\u5668\u6545\u969c\u800c\u81ea\u52a8\u521b\u5efa\u5bf9\u8c61\u7684\u65b0\u526f\u672c\u3002 HAProxy \u51fd\u6570 \u4e3a\u57fa\u4e8e TCP \u548c HTTP \u7684\u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u8d1f\u8f7d\u5e73\u8861\u5668\uff0c\u5c06\u8bf7\u6c42\u5206\u6563\u5230\u591a\u4e2a\u670d\u52a1\u5668\u3002 \u786c\u91cd\u542f \u4e00\u79cd\u91cd\u65b0\u542f\u52a8\u7c7b\u578b\uff0c\u5176\u4e2d\u6309\u4e0b\u7269\u7406\u6216\u865a\u62df\u7535\u6e90\u6309\u94ae\uff0c\u800c\u4e0d\u662f\u6b63\u5e38\u3001\u6b63\u786e\u5730\u5173\u95ed\u64cd\u4f5c\u7cfb\u7edf\u3002 Havana OpenStack \u7b2c\u516b\u7248\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u7f8e\u56fd\u4fc4\u52d2\u5188\u5dde\u6ce2\u7279\u5170\u5e02\u4e3e\u884c\uff0cHavana\u662f\u4fc4\u52d2\u5188\u5dde\u7684\u4e00\u4e2a\u975e\u6cd5\u4eba\u793e\u533a\u3002 \u5065\u5eb7\u76d1\u89c6\u5668 \u786e\u5b9a VIP \u6c60\u7684\u540e\u7aef\u6210\u5458\u662f\u5426\u53ef\u4ee5\u5904\u7406\u8bf7\u6c42\u3002\u4e00\u4e2a\u6c60\u53ef\u4ee5\u6709\u591a\u4e2a\u4e0e\u4e4b\u5173\u8054\u7684\u8fd0\u884c\u72b6\u51b5\u76d1\u89c6\u5668\u3002\u5f53\u6c60\u6709\u591a\u4e2a\u4e0e\u4e4b\u5173\u8054\u7684\u76d1\u89c6\u5668\u65f6\uff0c\u6240\u6709\u76d1\u89c6\u5668\u90fd\u4f1a\u68c0\u67e5\u6c60\u7684\u6bcf\u4e2a\u6210\u5458\u3002\u6240\u6709\u76d1\u89c6\u5668\u90fd\u5fc5\u987b\u58f0\u660e\u6210\u5458\u8fd0\u884c\u72b6\u51b5\u826f\u597d\uff0c\u624d\u80fd\u4fdd\u6301\u6d3b\u52a8\u72b6\u6001\u3002 heat \u4e1a\u52a1\u6d41\u7a0b\u670d\u52a1\u7684\u4ee3\u53f7\u3002 Heat \u7f16\u6392\u6a21\u677f \uff08HOT\uff09 \u4ee5 OpenStack \u539f\u751f\u683c\u5f0f\u7684 Heat \u8f93\u5165\u3002 \u9ad8\u53ef\u7528\u6027 \uff08HA\uff09 \u9ad8\u53ef\u7528\u6027\u7cfb\u7edf\u8bbe\u8ba1\u65b9\u6cd5\u548c\u76f8\u5173\u670d\u52a1\u5b9e\u65bd\u53ef\u786e\u4fdd\u5728\u5408\u540c\u6d4b\u91cf\u671f\u95f4\u8fbe\u5230\u9884\u5148\u5b89\u6392\u7684\u8fd0\u8425\u7ee9\u6548\u6c34\u5e73\u3002\u9ad8\u53ef\u7528\u6027\u7cfb\u7edf\u529b\u6c42\u6700\u5927\u9650\u5ea6\u5730\u51cf\u5c11\u7cfb\u7edf\u505c\u673a\u65f6\u95f4\u548c\u6570\u636e\u4e22\u5931\u3002 horizon \u4eea\u8868\u677f\u7684\u4ee3\u53f7\u3002 Horizon \u63d2\u4ef6 OpenStack Dashboard \uff08horizon\uff09 \u7684\u63d2\u4ef6\u3002 \u4e3b\u673a \u7269\u7406\u8ba1\u7b97\u673a\uff0c\u800c\u4e0d\u662f VM \u5b9e\u4f8b\uff08\u8282\u70b9\uff09\u3002 \u4e3b\u673a\u805a\u5408 \u4e00\u79cd\u5c06\u53ef\u7528\u6027\u533a\u57df\u8fdb\u4e00\u6b65\u7ec6\u5206\u4e3a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u6c60\uff08\u516c\u5171\u4e3b\u673a\u7684\u96c6\u5408\uff09\u7684\u65b9\u6cd5\u3002 \u4e3b\u673a\u603b\u7ebf\u9002\u914d\u5668 \uff08HBA\uff09 \u63d2\u5165 PCI \u63d2\u69fd\uff08\u5982\u5149\u7ea4\u901a\u9053\u6216\u7f51\u5361\uff09\u7684\u8bbe\u5907\u3002 \u6df7\u5408\u4e91 \u6df7\u5408\u4e91\u662f\u7531\u4e24\u4e2a\u6216\u591a\u4e2a\u4e91\uff08\u79c1\u6709\u4e91\u3001\u793e\u533a\u4e91\u6216\u516c\u6709\u4e91\uff09\u7ec4\u6210\u7684\uff0c\u8fd9\u4e9b\u4e91\u4ecd\u7136\u662f\u4e0d\u540c\u7684\u5b9e\u4f53\uff0c\u4f46\u7ed1\u5b9a\u5728\u4e00\u8d77\uff0c\u63d0\u4f9b\u591a\u79cd\u90e8\u7f72\u6a21\u578b\u7684\u4f18\u52bf\u3002\u6df7\u5408\u4e91\u8fd8\u610f\u5473\u7740\u80fd\u591f\u5c06\u4e3b\u673a\u6258\u7ba1\u3001\u6258\u7ba1\u548c/\u6216\u4e13\u7528\u670d\u52a1\u4e0e\u4e91\u8d44\u6e90\u8fde\u63a5\u8d77\u6765\u3002 \u6df7\u5408\u4e91\u8ba1\u7b97 \u6df7\u5408\u4e86\u672c\u5730\u3001\u79c1\u6709\u4e91\u548c\u7b2c\u4e09\u65b9\u516c\u6709\u4e91\u670d\u52a1\uff0c\u5e76\u5728\u4e24\u4e2a\u5e73\u53f0\u4e4b\u95f4\u8fdb\u884c\u7f16\u6392\u3002 Hyper-V OpenStack \u652f\u6301\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e4b\u4e00\u3002 \u8d85\u94fe\u63a5 \u5305\u542b\u6307\u5411\u5176\u4ed6\u7f51\u7ad9\u7684\u94fe\u63a5\u7684\u4efb\u4f55\u7c7b\u578b\u7684\u6587\u672c\uff0c\u5e38\u89c1\u4e8e\u5355\u51fb\u4e00\u4e2a\u6216\u591a\u4e2a\u5355\u8bcd\u4f1a\u6253\u5f00\u5176\u4ed6\u7f51\u7ad9\u7684\u6587\u6863\u4e2d\u3002 \u8d85\u6587\u672c\u4f20\u8f93\u534f\u8bae \uff08HTTP\uff09 \u7528\u4e8e\u5206\u5e03\u5f0f\u3001\u534f\u4f5c\u5f0f\u3001\u8d85\u5a92\u4f53\u4fe1\u606f\u7cfb\u7edf\u7684\u5e94\u7528\u534f\u8bae\u3002\u5b83\u662f\u4e07\u7ef4\u7f51\u6570\u636e\u901a\u4fe1\u7684\u57fa\u7840\u3002\u8d85\u6587\u672c\u662f\u5728\u5305\u542b\u6587\u672c\u7684\u8282\u70b9\u4e4b\u95f4\u4f7f\u7528\u903b\u8f91\u94fe\u63a5\uff08\u8d85\u94fe\u63a5\uff09\u7684\u7ed3\u6784\u5316\u6587\u672c\u3002HTTP\u662f\u4ea4\u6362\u6216\u4f20\u8f93\u8d85\u6587\u672c\u7684\u534f\u8bae\u3002 \u5b89\u5168\u8d85\u6587\u672c\u4f20\u8f93\u534f\u8bae \uff08HTTPS\uff09\u4e00\u79cd\u52a0\u5bc6\u901a\u4fe1\u534f\u8bae\uff0c\u7528\u4e8e\u901a\u8fc7\u8ba1\u7b97\u673a\u7f51\u7edc\u8fdb\u884c\u5b89\u5168\u901a\u4fe1\uff0c\u5728 Internet \u4e0a\u7684\u90e8\u7f72\u7279\u522b\u5e7f\u6cdb\u3002\u4ece\u6280\u672f\u4e0a\u8bb2\uff0c\u5b83\u672c\u8eab\u4e0d\u662f\u4e00\u4e2a\u534f\u8bae;\u76f8\u53cd\uff0c\u5b83\u662f\u7b80\u5355\u5730\u5c06\u8d85\u6587\u672c\u4f20\u8f93\u534f\u8bae \uff08HTTP\uff09 \u5206\u5c42\u5728 TLS \u6216 SSL \u534f\u8bae\u4e4b\u4e0a\u7684\u7ed3\u679c\uff0c\u4ece\u800c\u5c06 TLS \u6216 SSL \u7684\u5b89\u5168\u529f\u80fd\u6dfb\u52a0\u5230\u6807\u51c6 HTTP \u901a\u4fe1\u4e2d\u3002\u5927\u591a\u6570 OpenStack API \u7aef\u70b9\u548c\u8bb8\u591a\u7ec4\u4ef6\u95f4\u901a\u4fe1\u90fd\u652f\u6301 HTTPS \u901a\u4fe1\u3002 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f \u4ef2\u88c1\u548c\u63a7\u5236 VM \u5bf9\u5b9e\u9645\u5e95\u5c42\u786c\u4ef6\u7684\u8bbf\u95ee\u7684\u8f6f\u4ef6\u3002 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u6c60 \u901a\u8fc7\u4e3b\u673a\u805a\u5408\u7ec4\u5408\u5728\u4e00\u8d77\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u7684\u96c6\u5408\u3002","title":"H"},{"location":"security/security-guide/#i","text":"Icehouse OpenStack \u7b2c\u4e5d\u4e2a\u7248\u672c\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u9999\u6e2f\u4e3e\u884c\uff0cIce House\u662f\u8be5\u5e02\u7684\u4e00\u6761\u8857\u9053\u7684\u540d\u5b57\u3002 \u8eab\u4efd\u8bc1\u53f7\u7801 \u4e0e\u8eab\u4efd\u4e2d\u7684\u6bcf\u4e2a\u7528\u6237\u5173\u8054\u7684\u552f\u4e00\u6570\u5b57 ID\uff0c\u5728\u6982\u5ff5\u4e0a\u7c7b\u4f3c\u4e8e Linux \u6216 LDAP UID\u3002 \u8eab\u4efd\u9a8c\u8bc1 API Identity \u670d\u52a1 API \u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u8eab\u4efd\u9a8c\u8bc1\u540e\u7aef Identity \u670d\u52a1\u7528\u4e8e\u68c0\u7d22\u7528\u6237\u4fe1\u606f\u7684\u6e90;\u4f8b\u5982\uff0cOpenLDAP \u670d\u52a1\u5668\u3002 \u8eab\u4efd\u63d0\u4f9b\u8005 \u4e00\u79cd\u76ee\u5f55\u670d\u52a1\uff0c\u5141\u8bb8\u7528\u6237\u4f7f\u7528\u7528\u6237\u540d\u548c\u5bc6\u7801\u767b\u5f55\u3002\u5b83\u662f\u8eab\u4efd\u9a8c\u8bc1\u4ee4\u724c\u7684\u5178\u578b\u6765\u6e90\u3002 \u8eab\u4efd\u670d\u52a1\uff08keystone\uff09 \u4fc3\u8fdb API \u5ba2\u6237\u7aef\u8eab\u4efd\u9a8c\u8bc1\u3001\u670d\u52a1\u53d1\u73b0\u3001\u5206\u5e03\u5f0f\u591a\u9879\u76ee\u6388\u6743\u548c\u5ba1\u8ba1\u7684\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u7528\u6237\u6620\u5c04\u5230\u4ed6\u4eec\u53ef\u4ee5\u8bbf\u95ee\u7684 OpenStack \u670d\u52a1\u7684\u4e2d\u592e\u76ee\u5f55\u3002\u5b83\u8fd8\u4e3a OpenStack \u670d\u52a1\u6ce8\u518c\u7aef\u70b9\uff0c\u5e76\u5145\u5f53\u901a\u7528\u8eab\u4efd\u9a8c\u8bc1\u7cfb\u7edf\u3002 \u8eab\u4efd\u670d\u52a1 API \u7528\u4e8e\u8bbf\u95ee\u901a\u8fc7 keystone \u63d0\u4f9b\u7684 OpenStack Identity \u670d\u52a1\u7684 API\u3002 IETF \uff08\u82f1\u8bed\uff09 Internet \u5de5\u7a0b\u4efb\u52a1\u7ec4 \uff08IETF\uff09 \u662f\u4e00\u4e2a\u5f00\u653e\u6807\u51c6\u7ec4\u7ec7\uff0c\u8d1f\u8d23\u5236\u5b9a Internet \u6807\u51c6\uff0c\u5c24\u5176\u662f\u4e0e TCP/IP \u76f8\u5173\u7684\u6807\u51c6\u3002 \u6620\u50cf \u7528\u4e8e\u521b\u5efa\u6216\u91cd\u5efa\u670d\u52a1\u5668\u7684\u7279\u5b9a\u64cd\u4f5c\u7cfb\u7edf \uff08OS\uff09 \u7684\u6587\u4ef6\u96c6\u5408\u3002OpenStack \u63d0\u4f9b\u9884\u6784\u5efa\u7684\u6620\u50cf\u3002\u60a8\u8fd8\u53ef\u4ee5\u4ece\u5df2\u542f\u52a8\u7684\u670d\u52a1\u5668\u521b\u5efa\u81ea\u5b9a\u4e49\u6620\u50cf\u6216\u5feb\u7167\u3002\u81ea\u5b9a\u4e49\u6620\u50cf\u53ef\u7528\u4e8e\u6570\u636e\u5907\u4efd\uff0c\u6216\u7528\u4f5c\u5176\u4ed6\u670d\u52a1\u5668\u7684\u201c\u9ec4\u91d1\u201d\u6620\u50cf\u3002 \u6620\u50cfAPI \u7528\u4e8e\u7ba1\u7406 VM \u6620\u50cf\u7684\u6620\u50cf\u670d\u52a1 API \u7ec8\u7ed3\u70b9\u3002\u5904\u7406\u5ba2\u6237\u7aef\u5bf9 VM \u7684\u8bf7\u6c42\uff0c\u66f4\u65b0\u6ce8\u518c\u8868\u670d\u52a1\u5668\u4e0a\u7684\u6620\u50cf\u670d\u52a1\u5143\u6570\u636e\uff0c\u5e76\u4e0e\u5b58\u50a8\u9002\u914d\u5668\u901a\u4fe1\u4ee5\u4ece\u540e\u7aef\u5b58\u50a8\u4e0a\u4f20 VM \u6620\u50cf\u3002 \u6620\u50cf\u7f13\u5b58 \u7531\u56fe\u50cf\u670d\u52a1\u7528\u4e8e\u83b7\u53d6\u672c\u5730\u4e3b\u673a\u4e0a\u7684\u56fe\u50cf\uff0c\u800c\u4e0d\u662f\u5728\u6bcf\u6b21\u8bf7\u6c42\u56fe\u50cf\u65f6\u4ece\u56fe\u50cf\u670d\u52a1\u5668\u91cd\u65b0\u4e0b\u8f7d\u56fe\u50cf\u3002 \u6620\u50cf ID URI \u548c UUID \u7684\u7ec4\u5408\uff0c\u7528\u4e8e\u901a\u8fc7\u955c\u50cf API \u8bbf\u95ee\u955c\u50cf\u670d\u52a1\u865a\u62df\u673a\u955c\u50cf\u3002 \u6620\u50cf\u6210\u5458 \u53ef\u4ee5\u5728\u6620\u50cf\u670d\u52a1\u4e2d\u8bbf\u95ee\u7ed9\u5b9a VM \u6620\u50cf\u7684\u9879\u76ee\u5217\u8868\u3002 \u6620\u50cf\u6240\u6709\u8005 \u62e5\u6709\u955c\u50cf\u670d\u52a1\u865a\u62df\u673a\u955c\u50cf\u7684\u9879\u76ee\u3002 \u6620\u50cf\u6ce8\u518c\u8868 \u53ef\u901a\u8fc7\u6620\u50cf\u670d\u52a1\u83b7\u53d6\u7684 VM \u6620\u50cf\u7684\u5217\u8868\u3002 \u6620\u50cf\u670d\u52a1\uff08glance\uff09 OpenStack \u670d\u52a1\uff0c\u5b83\u63d0\u4f9b\u670d\u52a1\u548c\u5173\u8054\u7684\u5e93\u6765\u5b58\u50a8\u3001\u6d4f\u89c8\u3001\u5171\u4eab\u3001\u5206\u53d1\u548c\u7ba1\u7406\u53ef\u542f\u52a8\u78c1\u76d8\u6620\u50cf\u3001\u4e0e\u521d\u59cb\u5316\u8ba1\u7b97\u8d44\u6e90\u5bc6\u5207\u76f8\u5173\u7684\u5176\u4ed6\u6570\u636e\u4ee5\u53ca\u5143\u6570\u636e\u5b9a\u4e49\u3002 \u6620\u50cf\u72b6\u6001 \u955c\u50cf\u670d\u52a1\u4e2d\u865a\u62df\u673a\u955c\u50cf\u7684\u5f53\u524d\u72b6\u6001\uff0c\u4e0d\u8981\u4e0e\u6b63\u5728\u8fd0\u884c\u7684\u5b9e\u4f8b\u7684\u72b6\u6001\u6df7\u6dc6\u3002 \u6620\u50cf\u5b58\u50a8 \u6620\u50cf\u670d\u52a1\u7528\u4e8e\u5b58\u50a8\u865a\u62df\u673a\u6620\u50cf\u7684\u540e\u7aef\u5b58\u50a8\uff0c\u9009\u9879\u5305\u62ec\u5bf9\u8c61\u5b58\u50a8\u3001\u672c\u5730\u6302\u8f7d\u7684\u6587\u4ef6\u7cfb\u7edf\u3001RADOS \u5757\u8bbe\u5907\u3001VMware \u6570\u636e\u5b58\u50a8\u6216 HTTP\u3002 \u6620\u50cf UUID \u6620\u50cf\u670d\u52a1\u7528\u4e8e\u552f\u4e00\u6807\u8bc6\u6bcf\u4e2a VM \u6620\u50cf\u7684 UUID\u3002 \u5b75\u5316\u9879\u76ee \u793e\u533a\u9879\u76ee\u53ef\u4ee5\u63d0\u5347\u5230\u6b64\u72b6\u6001\uff0c\u7136\u540e\u63d0\u5347\u4e3a\u6838\u5fc3\u9879\u76ee \u57fa\u7840\u8bbe\u65bd\u4f18\u5316\u670d\u52a1\uff08\u89c2\u5bdf\u8005\uff09 OpenStack\u9879\u76ee\uff0c\u65e8\u5728\u4e3a\u57fa\u4e8eOpenStack\u7684\u591a\u9879\u76ee\u4e91\u63d0\u4f9b\u7075\u6d3b\u4e14\u53ef\u6269\u5c55\u7684\u8d44\u6e90\u4f18\u5316\u670d\u52a1\u3002 \u57fa\u7840\u67b6\u6784\u5373\u670d\u52a1 \uff08IaaS\uff09 IaaS \u662f\u4e00\u79cd\u914d\u7f6e\u6a21\u578b\uff0c\u5728\u8fd9\u79cd\u6a21\u578b\u4e2d\uff0c\u7ec4\u7ec7\u5916\u5305\u6570\u636e\u4e2d\u5fc3\u7684\u7269\u7406\u7ec4\u4ef6\uff0c\u4f8b\u5982\u5b58\u50a8\u3001\u786c\u4ef6\u3001\u670d\u52a1\u5668\u548c\u7f51\u7edc\u7ec4\u4ef6\u3002\u670d\u52a1\u63d0\u4f9b\u5546\u62e5\u6709\u8bbe\u5907\uff0c\u5e76\u8d1f\u8d23\u8bbe\u5907\u7684\u5b89\u88c5\u3001\u64cd\u4f5c\u548c\u7ef4\u62a4\u3002\u5ba2\u6237\u901a\u5e38\u6309\u4f7f\u7528\u91cf\u4ed8\u8d39\u3002IaaS \u662f\u4e00\u79cd\u63d0\u4f9b\u4e91\u670d\u52a1\u7684\u6a21\u578b\u3002 Ingress \u8fc7\u6ee4 \u7b5b\u9009\u4f20\u5165\u7f51\u7edc\u6d41\u91cf\u7684\u8fc7\u7a0b\u3002\u7531\u8ba1\u7b97\u652f\u6301\u3002 INI \u683c\u5f0f OpenStack \u914d\u7f6e\u6587\u4ef6\u4f7f\u7528 INI \u683c\u5f0f\u6765\u63cf\u8ff0\u9009\u9879\u53ca\u5176\u503c\u3002\u5b83\u7531\u90e8\u5206\u548c\u952e\u503c\u5bf9\u7ec4\u6210\u3002 \u6ce8\u5165 \u5728\u542f\u52a8\u5b9e\u4f8b\u4e4b\u524d\u5c06\u6587\u4ef6\u653e\u5165\u865a\u62df\u673a\u6620\u50cf\u7684\u8fc7\u7a0b\u3002 \u6bcf\u79d2\u8f93\u5165/\u8f93\u51fa\u64cd\u4f5c\u6570 \uff08IOPS\uff09 IOPS \u662f\u4e00\u79cd\u5e38\u89c1\u7684\u6027\u80fd\u5ea6\u91cf\uff0c\u7528\u4e8e\u5bf9\u8ba1\u7b97\u673a\u5b58\u50a8\u8bbe\u5907\uff08\u5982\u786c\u76d8\u9a71\u52a8\u5668\u3001\u56fa\u6001\u9a71\u52a8\u5668\u548c\u5b58\u50a8\u533a\u57df\u7f51\u7edc\uff09\u8fdb\u884c\u57fa\u51c6\u6d4b\u8bd5\u3002 \u5b9e\u4f8b \u6b63\u5728\u8fd0\u884c\u7684 VM \u6216\u5904\u4e8e\u5df2\u77e5\u72b6\u6001\uff08\u5982\u6302\u8d77\uff09\u7684 VM\uff0c\u53ef\u4ee5\u50cf\u786c\u4ef6\u670d\u52a1\u5668\u4e00\u6837\u4f7f\u7528\u3002 \u5b9e\u4f8bID \u4f8b\u5982UUID\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u5b9e\u4f8b\u72b6\u6001 \u6765\u5bbe\u865a\u62df\u673a\u6620\u50cf\u7684\u5f53\u524d\u72b6\u6001\u3002 \u5b9e\u4f8b\u96a7\u9053\u7f51\u7edc \u7528\u4e8e\u8ba1\u7b97\u8282\u70b9\u548c\u7f51\u7edc\u8282\u70b9\u4e4b\u95f4\u7684\u5b9e\u4f8b\u6d41\u91cf\u96a7\u9053\u7684\u7f51\u6bb5\u3002 \u5b9e\u4f8b\u7c7b\u578b \u63cf\u8ff0\u53ef\u4f9b\u7528\u6237\u4f7f\u7528\u7684\u5404\u79cd\u865a\u62df\u673a\u6620\u50cf\u7684\u53c2\u6570;\u5305\u62ec CPU\u3001\u5b58\u50a8\u548c\u5185\u5b58\u7b49\u53c2\u6570\u3002\u98ce\u5473\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u5b9e\u4f8b\u7c7b\u578b ID \u7279\u5b9a\u5b9e\u4f8b ID \u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u5b9e\u4f8b UUID \u5206\u914d\u7ed9\u6bcf\u4e2a\u6765\u5bbe VM \u5b9e\u4f8b\u7684\u552f\u4e00 ID\u3002 \u667a\u80fd\u5e73\u53f0\u7ba1\u7406\u63a5\u53e3\uff08IPMI\uff09 IPMI \u662f\u7cfb\u7edf\u7ba1\u7406\u5458\u7528\u4e8e\u8ba1\u7b97\u673a\u7cfb\u7edf\u5e26\u5916\u7ba1\u7406\u548c\u76d1\u63a7\u5176\u64cd\u4f5c\u7684\u6807\u51c6\u5316\u8ba1\u7b97\u673a\u7cfb\u7edf\u63a5\u53e3\u3002\u901a\u4fd7\u5730\u8bf4\uff0c\u5b83\u662f\u4e00\u79cd\u4f7f\u7528\u76f4\u63a5\u7f51\u7edc\u8fde\u63a5\u7ba1\u7406\u8ba1\u7b97\u673a\u7684\u65b9\u6cd5\uff0c\u65e0\u8bba\u5b83\u662f\u5426\u6253\u5f00;\u8fde\u63a5\u5230\u786c\u4ef6\uff0c\u800c\u4e0d\u662f\u64cd\u4f5c\u7cfb\u7edf\u6216\u767b\u5f55 shell\u3002 \u63a5\u53e3 \u63d0\u4f9b\u4e0e\u5176\u4ed6\u8bbe\u5907\u6216\u4ecb\u8d28\u7684\u8fde\u63a5\u7684\u7269\u7406\u6216\u865a\u62df\u8bbe\u5907\u3002 \u63a5\u53e3 ID UUID \u5f62\u5f0f\u7684\u7f51\u7edc VIF \u6216 vNIC \u7684\u552f\u4e00 ID\u3002 \u4e92\u8054\u7f51\u63a7\u5236\u6d88\u606f\u534f\u8bae \uff08ICMP\uff09 \u7f51\u7edc\u8bbe\u5907\u7528\u4e8e\u63a7\u5236\u6d88\u606f\u7684\u7f51\u7edc\u534f\u8bae\u3002\u4f8b\u5982\uff0cping \u4f7f\u7528 ICMP \u6765\u6d4b\u8bd5\u8fde\u63a5\u3002 \u4e92\u8054\u7f51\u534f\u8bae \uff08IP\uff09 Internet \u534f\u8bae\u5957\u4ef6\u4e2d\u7684\u4e3b\u8981\u901a\u4fe1\u534f\u8bae\uff0c\u7528\u4e8e\u8de8\u7f51\u7edc\u8fb9\u754c\u4e2d\u7ee7\u6570\u636e\u62a5\u3002 \u4e92\u8054\u7f51\u670d\u52a1\u63d0\u4f9b\u5546 \uff08ISP\uff09 \u4efb\u4f55\u5411\u4e2a\u4eba\u6216\u4f01\u4e1a\u63d0\u4f9b\u4e92\u8054\u7f51\u8bbf\u95ee\u7684\u4f01\u4e1a\u3002 \u4e92\u8054\u7f51\u5c0f\u578b\u8ba1\u7b97\u673a\u7cfb\u7edf\u63a5\u53e3\uff08iSCSI\uff09 \u5c01\u88c5 SCSI \u5e27\u4ee5\u901a\u8fc7 IP \u7f51\u7edc\u4f20\u8f93\u7684\u5b58\u50a8\u534f\u8bae\u3002\u53d7\u8ba1\u7b97\u3001\u5bf9\u8c61\u5b58\u50a8\u548c\u955c\u50cf\u670d\u52a1\u652f\u6301\u3002 IO \u8f93\u5165\u548c\u8f93\u51fa\u7684\u7f29\u5199\u3002 IP \u5730\u5740 Internet \u4e0a\u6bcf\u4e2a\u8ba1\u7b97\u673a\u7cfb\u7edf\u552f\u4e00\u7684\u7f16\u53f7\u3002\u5730\u5740\u4f7f\u7528\u4e86\u4e24\u4e2a\u7248\u672c\u7684 Internet \u534f\u8bae \uff08IP\uff09\uff1aIPv4 \u548c IPv6\u3002 IP \u5730\u5740\u7ba1\u7406 \uff08IPAM\uff09 \u81ea\u52a8\u6267\u884c IP \u5730\u5740\u5206\u914d\u3001\u89e3\u9664\u5206\u914d\u548c\u7ba1\u7406\u7684\u8fc7\u7a0b\u3002\u76ee\u524d\u7531 Compute\u3001melange \u548c Networking \u63d0\u4f9b\u3002 ip6tables \u7528\u4e8e\u5728 Linux \u5185\u6838\u4e2d\u8bbe\u7f6e\u3001\u7ef4\u62a4\u548c\u68c0\u67e5 IPv6 \u6570\u636e\u5305\u8fc7\u6ee4\u89c4\u5219\u8868\u7684\u5de5\u5177\u3002\u5728 OpenStack \u8ba1\u7b97\u4e2d\uff0cip6tables \u4e0e arptables\u3001ebtables \u548c iptables \u4e00\u8d77\u4f7f\u7528\uff0c\u4e3a\u8282\u70b9\u548c\u865a\u62df\u673a\u521b\u5efa\u9632\u706b\u5899\u3002 ipset \u5bf9 iptables \u7684\u6269\u5c55\uff0c\u5141\u8bb8\u521b\u5efa\u540c\u65f6\u5339\u914d\u6574\u4e2a IP \u5730\u5740\u201c\u96c6\u201d\u7684\u9632\u706b\u5899\u89c4\u5219\u3002\u8fd9\u4e9b\u96c6\u9a7b\u7559\u5728\u7d22\u5f15\u6570\u636e\u7ed3\u6784\u4e2d\u4ee5\u63d0\u9ad8\u6548\u7387\uff0c\u5c24\u5176\u662f\u5728\u5177\u6709\u5927\u91cf\u89c4\u5219\u7684\u7cfb\u7edf\u4e0a\u3002 iptables iptables \u4e0e arptables \u548c ebtables \u4e00\u8d77\u4f7f\u7528\uff0c\u53ef\u5728 Compute \u4e2d\u521b\u5efa\u9632\u706b\u5899\u3002iptables \u662f Linux \u5185\u6838\u9632\u706b\u5899\uff08\u4f5c\u4e3a\u4e0d\u540c\u7684 Netfilter \u6a21\u5757\u5b9e\u73b0\uff09\u63d0\u4f9b\u7684\u8868\u53ca\u5176\u5b58\u50a8\u7684\u94fe\u548c\u89c4\u5219\u3002\u76ee\u524d\u4e0d\u540c\u7684\u5185\u6838\u6a21\u5757\u548c\u7a0b\u5e8f\u7528\u4e8e\u4e0d\u540c\u7684\u534f\u8bae\uff1aiptables \u9002\u7528\u4e8e IPv4\uff0cip6tables \u9002\u7528\u4e8e IPv6\uff0carptables \u9002\u7528\u4e8e ARP\uff0cebtables \u7528\u4e8e\u4ee5\u592a\u7f51\u5e27\u3002\u9700\u8981 root \u6743\u9650\u624d\u80fd\u64cd\u4f5c\u3002 ironic \u88f8\u673a\u670d\u52a1\u7684\u4ee3\u53f7\u3002 iSCSI \u9650\u5b9a\u540d\u79f0 \uff08IQN\uff09 IQN \u662f\u6700\u5e38\u7528\u7684 iSCSI \u540d\u79f0\u683c\u5f0f\uff0c\u7528\u4e8e\u552f\u4e00\u6807\u8bc6 iSCSI \u7f51\u7edc\u4e2d\u7684\u8282\u70b9\u3002\u6240\u6709 IQN \u90fd\u9075\u5faa iqn.yyyy-mm.domain\uff1aidentifier \u6a21\u5f0f\uff0c\u5176\u4e2d\u201cyyyy-mm\u201d\u662f\u57df\u540d\u6ce8\u518c\u7684\u5e74\u4efd\u548c\u6708\u4efd\uff0c\u201cdomain\u201d\u662f\u9881\u53d1\u7ec4\u7ec7\u7684\u53cd\u5411\u57df\u540d\uff0c\u201cidentifier\u201d\u662f\u4e00\u4e2a\u53ef\u9009\u5b57\u7b26\u4e32\uff0c\u4f7f\u540c\u4e00\u57df\u540d\u4e0b\u7684\u6bcf\u4e2a IQN \u90fd\u662f\u552f\u4e00\u7684\u3002\u4f8b\u5982\uff0c\u201ciqn.2015-10.org.openstack.408ae959bce1\u201d\u3002 ISO9660 \u955c\u50cf\u670d\u52a1\u652f\u6301\u7684\u865a\u62df\u673a\u955c\u50cf\u78c1\u76d8\u683c\u5f0f\u4e4b\u4e00\u3002 ITSEC \u51fd\u6570 \u8ba1\u7b97 RBAC \u7cfb\u7edf\u4e2d\u7684\u9ed8\u8ba4\u89d2\u8272\uff0c\u53ef\u4ee5\u9694\u79bb\u4efb\u4f55\u9879\u76ee\u4e2d\u7684\u5b9e\u4f8b\u3002","title":"I"},{"location":"security/security-guide/#j","text":"Java \u4e00\u79cd\u7f16\u7a0b\u8bed\u8a00\uff0c\u7528\u4e8e\u521b\u5efa\u901a\u8fc7\u7f51\u7edc\u6d89\u53ca\u591a\u53f0\u8ba1\u7b97\u673a\u7684\u7cfb\u7edf\u3002 JavaScript \u4e00\u79cd\u7528\u4e8e\u751f\u6210\u7f51\u9875\u7684\u811a\u672c\u8bed\u8a00\u3002 JavaScript \u5bf9\u8c61\u8868\u793a\u6cd5 \uff08JSON\uff09 OpenStack \u4e2d\u652f\u6301\u7684\u54cd\u5e94\u683c\u5f0f\u4e4b\u4e00\u3002 \u6846\u67b6\u7684\u5f62\u72b6 \u73b0\u4ee3\u4ee5\u592a\u7f51\u7f51\u7edc\u4e2d\u7684\u529f\u80fd\uff0c\u652f\u6301\u9ad8\u8fbe\u7ea6 9000 \u5b57\u8282\u7684\u5e27\u3002 Juno OpenStack \u7b2c\u5341\u7248\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u7f8e\u56fd\u4f50\u6cbb\u4e9a\u5dde\u4e9a\u7279\u5170\u5927\u4e3e\u884c\uff0cJuno\u662f\u4f50\u6cbb\u4e9a\u5dde\u7684\u4e00\u4e2a\u975e\u6cd5\u4eba\u793e\u533a\u3002","title":"J"},{"location":"security/security-guide/#k","text":"Kerberos \u4e00\u79cd\u57fa\u4e8e\u7968\u8bc1\u7684\u7f51\u7edc\u8eab\u4efd\u9a8c\u8bc1\u534f\u8bae\u3002Kerberos \u5141\u8bb8\u8282\u70b9\u901a\u8fc7\u975e\u5b89\u5168\u7f51\u7edc\u8fdb\u884c\u901a\u4fe1\uff0c\u5e76\u5141\u8bb8\u8282\u70b9\u4ee5\u5b89\u5168\u7684\u65b9\u5f0f\u76f8\u4e92\u8bc1\u660e\u5176\u8eab\u4efd\u3002 \u57fa\u4e8e\u5185\u6838\u7684\u865a\u62df\u673a \uff08KVM\uff09 \u652f\u6301 OpenStack \u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002KVM \u662f\u9002\u7528\u4e8e Linux on x86 \u786c\u4ef6\u7684\u5b8c\u6574\u865a\u62df\u5316\u89e3\u51b3\u65b9\u6848\uff0c\u5305\u542b\u865a\u62df\u5316\u6269\u5c55\uff08Intel VT \u6216 AMD-V\uff09\u3001ARM\u3001IBM Power \u548c IBM zSeries\u3002\u5b83\u7531\u4e00\u4e2a\u53ef\u52a0\u8f7d\u7684\u5185\u6838\u6a21\u5757\u7ec4\u6210\uff0c\u8be5\u6a21\u5757\u63d0\u4f9b\u6838\u5fc3\u865a\u62df\u5316\u57fa\u7840\u67b6\u6784\u548c\u7279\u5b9a\u4e8e\u5904\u7406\u5668\u7684\u6a21\u5757\u3002 \u5bc6\u94a5\u7ba1\u7406\u5668\u670d\u52a1\uff08barbican\uff09 \u8be5\u9879\u76ee\u4ea7\u751f\u4e00\u4e2a\u79d8\u5bc6\u5b58\u50a8\u548c\u751f\u6210\u7cfb\u7edf\uff0c\u80fd\u591f\u4e3a\u5e0c\u671b\u542f\u7528\u52a0\u5bc6\u529f\u80fd\u7684\u670d\u52a1\u63d0\u4f9b\u5bc6\u94a5\u7ba1\u7406\u3002 keystone Identity \u670d\u52a1\u7684\u4ee3\u53f7\u3002 \u5feb\u901f\u542f\u52a8 \u7528\u4e8e\u5728\u57fa\u4e8e Red Hat\u3001Fedora \u548c CentOS \u7684 Linux \u53d1\u884c\u7248\u4e0a\u81ea\u52a8\u8fdb\u884c\u7cfb\u7edf\u914d\u7f6e\u548c\u5b89\u88c5\u7684\u5de5\u5177\u3002 Kilo OpenStack \u7b2c 11 \u7248\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u6cd5\u56fd\u5df4\u9ece\u4e3e\u884c\u3002\u7531\u4e8e\u540d\u79f0\u9009\u62e9\u7684\u5ef6\u8fdf\uff0c\u8be5\u7248\u672c\u4ec5\u88ab\u79f0\u4e3a K\u3002\u7531\u4e8e k kilo \u662f\u5355\u4f4d\u7b26\u53f7\uff0c\u800c kilogram \u53c2\u8003\u5de5\u4ef6\u5b58\u653e\u5728\u5df4\u9ece\u9644\u8fd1\u7684\u585e\u592b\u5c14 Pavillon de Breteuil \u4e2d\uff0c\u56e0\u6b64\u793e\u533a\u9009\u62e9\u4e86 Kilo \u4f5c\u4e3a\u7248\u672c\u540d\u79f0\u3002 L \u5927\u5bf9\u8c61 Object Storage \u4e2d\u5927\u4e8e 5 GB \u7684\u5bf9\u8c61\u3002 \u542f\u52a8\u677f OpenStack \u7684\u534f\u4f5c\u7ad9\u70b9\u3002 \u4e8c\u5c42\uff08L2\uff09\u4ee3\u7406 \u4e3a\u865a\u62df\u7f51\u7edc\u63d0\u4f9b\u7b2c 2 \u5c42\u8fde\u63a5\u7684 OpenStack Networking \u4ee3\u7406\u3002 \u4e8c\u5c42\u7f51\u7edc OSI \u7f51\u7edc\u4f53\u7cfb\u7ed3\u6784\u4e2d\u7528\u4e8e\u6570\u636e\u94fe\u8def\u5c42\u7684\u672f\u8bed\u3002\u6570\u636e\u94fe\u8def\u5c42\u8d1f\u8d23\u5a92\u4f53\u8bbf\u95ee\u63a7\u5236\u3001\u6d41\u91cf\u63a7\u5236\u4ee5\u53ca\u68c0\u6d4b\u548c\u7ea0\u6b63\u7269\u7406\u5c42\u4e2d\u53ef\u80fd\u53d1\u751f\u7684\u9519\u8bef\u3002 \u4e09\u5c42 \uff08L3\uff09 \u4ee3\u7406 OpenStack Networking \u4ee3\u7406\uff0c\u4e3a\u865a\u62df\u7f51\u7edc\u63d0\u4f9b\u7b2c 3 \u5c42\uff08\u8def\u7531\uff09\u670d\u52a1\u3002 \u4e09\u5c42\u7f51\u7edc \u5728 OSI \u7f51\u7edc\u4f53\u7cfb\u7ed3\u6784\u4e2d\u7528\u4e8e\u7f51\u7edc\u5c42\u7684\u672f\u8bed\u3002\u7f51\u7edc\u5c42\u8d1f\u8d23\u6570\u636e\u5305\u8f6c\u53d1\uff0c\u5305\u62ec\u4ece\u4e00\u4e2a\u8282\u70b9\u5230\u53e6\u4e00\u4e2a\u8282\u70b9\u7684\u8def\u7531\u3002 Liberty OpenStack \u7b2c 12 \u7248\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u52a0\u62ff\u5927\u6e29\u54e5\u534e\u4e3e\u884c\uff0cLiberty\u662f\u52a0\u62ff\u5927\u8428\u65af\u5580\u5f7b\u6e29\u7701\u4e00\u4e2a\u6751\u5e84\u7684\u540d\u5b57\u3002 libvirt OpenStack \u7528\u6765\u4e0e\u8bb8\u591a\u53d7\u652f\u6301\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u8fdb\u884c\u4ea4\u4e92\u7684\u865a\u62df\u5316 API \u5e93\u3002 \u8f7b\u91cf\u7ea7\u76ee\u5f55\u8bbf\u95ee\u534f\u8bae \uff08LDAP\uff09 \u7528\u4e8e\u901a\u8fc7 IP \u7f51\u7edc\u8bbf\u95ee\u548c\u7ef4\u62a4\u5206\u5e03\u5f0f\u76ee\u5f55\u4fe1\u606f\u670d\u52a1\u7684\u5e94\u7528\u7a0b\u5e8f\u534f\u8bae\u3002 Linux \u64cd\u4f5c\u7cfb\u7edf \u7c7bUnix\u8ba1\u7b97\u673a\u64cd\u4f5c\u7cfb\u7edf\uff0c\u5728\u81ea\u7531\u548c\u5f00\u6e90\u8f6f\u4ef6\u5f00\u53d1\u548c\u5206\u53d1\u7684\u6a21\u5f0f\u4e0b\u7ec4\u88c5\u3002 Linux\u6865\u63a5 \u4f7f\u591a\u4e2a VM \u80fd\u591f\u5728\u8ba1\u7b97\u4e2d\u5171\u4eab\u5355\u4e2a\u7269\u7406 NIC \u7684\u8f6f\u4ef6\u3002 Linux Bridge neutron \u63d2\u4ef6 \u4f7f Linux \u7f51\u6865\u80fd\u591f\u7406\u89e3\u7f51\u7edc\u7aef\u53e3\u3001\u63a5\u53e3\u8fde\u63a5\u548c\u5176\u4ed6\u62bd\u8c61\u3002 Linux \u5bb9\u5668 \uff08LXC\uff09 \u652f\u6301 OpenStack \u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002 \u5b9e\u65f6\u8fc1\u79fb \u8ba1\u7b97\u4e2d\u80fd\u591f\u5c06\u6b63\u5728\u8fd0\u884c\u7684\u865a\u62df\u673a\u5b9e\u4f8b\u4ece\u4e00\u53f0\u4e3b\u673a\u79fb\u52a8\u5230\u53e6\u4e00\u53f0\u4e3b\u673a\uff0c\u5728\u5207\u6362\u671f\u95f4\u4ec5\u53d1\u751f\u5c11\u91cf\u670d\u52a1\u4e2d\u65ad\u3002 \u8d1f\u8f7d\u5747\u8861\u5668 \u8d1f\u8f7d\u5747\u8861\u5668\u662f\u5c5e\u4e8e\u4e91\u5e10\u6237\u7684\u903b\u8f91\u8bbe\u5907\u3002\u5b83\u7528\u4e8e\u6839\u636e\u5b9a\u4e49\u4e3a\u5176\u914d\u7f6e\u4e00\u90e8\u5206\u7684\u6761\u4ef6\u5728\u591a\u4e2a\u540e\u7aef\u7cfb\u7edf\u6216\u670d\u52a1\u4e4b\u95f4\u5206\u914d\u5de5\u4f5c\u8d1f\u8f7d\u3002 \u8d1f\u8f7d\u5747\u8861 \u5728\u4e24\u4e2a\u6216\u591a\u4e2a\u8282\u70b9\u4e4b\u95f4\u5206\u6563\u5ba2\u6237\u7aef\u8bf7\u6c42\u4ee5\u63d0\u9ad8\u6027\u80fd\u548c\u53ef\u7528\u6027\u7684\u8fc7\u7a0b\u3002 \u8d1f\u8f7d\u5747\u8861\u5668\u5373\u670d\u52a1\uff08LBaaS\uff09 \u4f7f\u7f51\u7edc\u80fd\u591f\u5728\u6307\u5b9a\u5b9e\u4f8b\u4e4b\u95f4\u5747\u5300\u5206\u914d\u4f20\u5165\u8bf7\u6c42\u3002 \u8d1f\u8f7d\u5747\u8861\u670d\u52a1\uff08octavia\uff09 \u8be5\u9879\u76ee\u65e8\u5728\u4ee5\u4e0e\u6280\u672f\u65e0\u5173\u7684\u65b9\u5f0f\u63d0\u4f9b\u5bf9\u8d1f\u8f7d\u5747\u8861\u5668\u670d\u52a1\u7684\u53ef\u6269\u5c55\u3001\u6309\u9700\u3001\u81ea\u52a9\u670d\u52a1\u8bbf\u95ee\u3002 \u903b\u8f91\u5377\u7ba1\u7406\u5668 \uff08LVM\uff09 \u63d0\u4f9b\u4e00\u79cd\u5728\u5927\u5bb9\u91cf\u5b58\u50a8\u8bbe\u5907\u4e0a\u5206\u914d\u7a7a\u95f4\u7684\u65b9\u6cd5\uff0c\u8be5\u65b9\u6cd5\u6bd4\u4f20\u7edf\u7684\u5206\u533a\u65b9\u6848\u66f4\u7075\u6d3b\u3002","title":"K"},{"location":"security/security-guide/#m","text":"magnum \u5bb9\u5668\u57fa\u7840\u7ed3\u6784\u7ba1\u7406\u670d\u52a1\u7684\u4ee3\u53f7\u3002 \u7ba1\u7406 API \u7ba1\u7406 API \u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u7ba1\u7406\u7f51\u7edc \u7528\u4e8e\u7ba1\u7406\u7684\u7f51\u6bb5\uff0c\u516c\u5171 Internet \u65e0\u6cd5\u8bbf\u95ee\u3002 \u7ba1\u7406\u5668 \u76f8\u5173\u4ee3\u7801\u7684\u903b\u8f91\u5206\u7ec4\uff0c\u4f8b\u5982\u5757\u5b58\u50a8\u5377\u7ba1\u7406\u5668\u6216\u7f51\u7edc\u7ba1\u7406\u5668\u3002 \u6e05\u5355 \u7528\u4e8e\u8ddf\u8e2a\u5bf9\u8c61\u5b58\u50a8\u4e2d\u5927\u578b\u5bf9\u8c61\u7684\u6bb5\u3002 manifest \u5bf9\u8c61 \u4e00\u4e2a\u7279\u6b8a\u7684\u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61\uff0c\u5176\u4e2d\u5305\u542b\u5927\u578b\u5bf9\u8c61\u7684\u6e05\u5355\u3002 manila OpenStack \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u7684\u4ee3\u53f7\u3002 manila\u5206\u4eab \u8d1f\u8d23\u7ba1\u7406\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u8bbe\u5907\uff0c\u7279\u522b\u662f\u540e\u7aef\u8bbe\u5907\u3002 \u6700\u5927\u4f20\u8f93\u5355\u5143 \uff08MTU\uff09 \u7279\u5b9a\u7f51\u7edc\u4ecb\u8d28\u7684\u6700\u5927\u5e27\u6216\u6570\u636e\u5305\u5927\u5c0f\u3002\u4ee5\u592a\u7f51\u901a\u5e38\u4e3a 1500 \u5b57\u8282\u3002 \u673a\u5236\u9a71\u52a8 \u7a0b\u5e8f \u6a21\u5757\u5316\u7b2c 2 \u5c42 \uff08ML2\uff09 neutron \u63d2\u4ef6\u7684\u9a71\u52a8\u7a0b\u5e8f\uff0c\u4e3a\u865a\u62df\u5b9e\u4f8b\u63d0\u4f9b\u7b2c 2 \u5c42\u8fde\u63a5\u3002\u5355\u4e2a OpenStack \u5b89\u88c5\u53ef\u4ee5\u4f7f\u7528\u591a\u4e2a\u673a\u5236\u9a71\u52a8\u7a0b\u5e8f\u3002 melange OpenStack Network Information Service \u7684\u9879\u76ee\u540d\u79f0\u3002\u5c06\u4e0e\u7f51\u7edc\u5408\u5e76\u3002 \u6210\u5458\u5173\u7cfb \u955c\u50cf\u670d\u52a1\u865a\u62df\u673a\u955c\u50cf\u4e0e\u9879\u76ee\u4e4b\u95f4\u7684\u5173\u8054\u3002\u5141\u8bb8\u4e0e\u6307\u5b9a\u9879\u76ee\u5171\u4eab\u56fe\u50cf\u3002 \u6210\u5458\u5217\u8868 \u53ef\u4ee5\u5728\u6620\u50cf\u670d\u52a1\u4e2d\u8bbf\u95ee\u7ed9\u5b9a VM \u6620\u50cf\u7684\u9879\u76ee\u5217\u8868\u3002 \u5185\u5b58\u7f13\u5b58 \u5bf9\u8c61\u5b58\u50a8\u7528\u4e8e\u7f13\u5b58\u7684\u5206\u5e03\u5f0f\u5185\u5b58\u5bf9\u8c61\u7f13\u5b58\u7cfb\u7edf\u3002 \u5185\u5b58\u8fc7\u91cf\u5206\u914d \u80fd\u591f\u6839\u636e\u4e3b\u673a\u7684\u5b9e\u9645\u5185\u5b58\u4f7f\u7528\u60c5\u51b5\u542f\u52a8\u65b0\u7684 VM \u5b9e\u4f8b\uff0c\u800c\u4e0d\u662f\u6839\u636e\u6bcf\u4e2a\u6b63\u5728\u8fd0\u884c\u7684\u5b9e\u4f8b\u8ba4\u4e3a\u5176\u53ef\u7528\u7684 RAM \u91cf\u6765\u505a\u51fa\u51b3\u5b9a\u3002\u4e5f\u79f0\u4e3a RAM \u8fc7\u91cf\u4f7f\u7528\u3002 \u6d88\u606f\u4ee3\u7406 \u7528\u4e8e\u5728\u8ba1\u7b97\u4e2d\u63d0\u4f9b AMQP \u6d88\u606f\u4f20\u9012\u529f\u80fd\u7684\u8f6f\u4ef6\u5305\u3002\u9ed8\u8ba4\u5305\u4e3a RabbitMQ\u3002 \u6d88\u606f\u603b\u7ebf \u6240\u6709 AMQP \u6d88\u606f\u7528\u4e8e\u8ba1\u7b97\u4e2d\u7684\u4e91\u95f4\u901a\u4fe1\u7684\u4e3b\u8981\u865a\u62df\u901a\u4fe1\u7ebf\u8def\u3002 \u6d88\u606f\u961f\u5217 \u5c06\u6765\u81ea\u5ba2\u6237\u7aef\u7684\u8bf7\u6c42\u4f20\u9012\u7ed9\u76f8\u5e94\u7684\u5de5\u4f5c\u7ebf\u7a0b\uff0c\u5e76\u5728\u4f5c\u4e1a\u5b8c\u6210\u540e\u5c06\u8f93\u51fa\u8fd4\u56de\u7ed9\u5ba2\u6237\u7aef\u3002 \u6d88\u606f\u670d\u52a1 \uff08zaqar\uff09 \u8be5\u9879\u76ee\u63d0\u4f9b\u6d88\u606f\u4f20\u9012\u670d\u52a1\uff0c\u8be5\u670d\u52a1\u4ee5\u9ad8\u6548\u3001\u53ef\u6269\u5c55\u548c\u9ad8\u5ea6\u53ef\u7528\u7684\u65b9\u5f0f\u63d0\u4f9b\u5404\u79cd\u5206\u5e03\u5f0f\u5e94\u7528\u7a0b\u5e8f\u6a21\u5f0f\uff0c\u5e76\u521b\u5efa\u548c\u7ef4\u62a4\u5173\u8054\u7684 Python \u5e93\u548c\u6587\u6863\u3002 \u5143\u6570\u636e\u670d\u52a1\u5668 \uff08MDS\uff09 \u5b58\u50a8 CephFS \u5143\u6570\u636e\u3002 \u5143\u6570\u636e\u4ee3\u7406 \u4e3a\u5b9e\u4f8b\u63d0\u4f9b\u5143\u6570\u636e\u670d\u52a1\u7684 OpenStack Networking \u4ee3\u7406\u3002 \u8fc1\u79fb \u5c06 VM \u5b9e\u4f8b\u4ece\u4e00\u53f0\u4e3b\u673a\u79fb\u52a8\u5230\u53e6\u4e00\u53f0\u4e3b\u673a\u7684\u8fc7\u7a0b\u3002 mistral \u5de5\u4f5c\u6d41\u670d\u52a1\u7684\u4ee3\u53f7\u3002 Mitaka OpenStack \u7b2c 13 \u7248\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u65e5\u672c\u4e1c\u4eac\u4e3e\u884c\u3002Mitaka\u662f\u4e1c\u4eac\u7684\u4e00\u5ea7\u57ce\u5e02\u3002 \u6a21\u5757\u5316\u7b2c 2 \u5c42 \uff08ML2\uff09neutron\u63d2\u4ef6 \u53ef\u4ee5\u5728\u7f51\u7edc\u4e2d\u540c\u65f6\u4f7f\u7528\u591a\u79cd\u4e8c\u5c42\u7f51\u7edc\u6280\u672f\uff0c\u5982802.1Q\u548cVXLAN\u3002 monasca OpenStack \u76d1\u63a7\u7684\u4ee3\u53f7\u3002 \u76d1\u63a7 \uff08LBaaS\uff09 LBaaS \u529f\u80fd\uff0c\u4f7f\u7528 ping \u547d\u4ee4\u3001TCP \u548c HTTP/HTTPS GET \u63d0\u4f9b\u53ef\u7528\u6027\u76d1\u63a7\u3002 \u76d1\u89c6\u5668 \uff08Mon\uff09 \u4e00\u4e2a Ceph \u7ec4\u4ef6\uff0c\u7528\u4e8e\u4e0e\u5916\u90e8\u5ba2\u6237\u7aef\u901a\u4fe1\u3001\u68c0\u67e5\u6570\u636e\u72b6\u6001\u548c\u4e00\u81f4\u6027\u4ee5\u53ca\u6267\u884c\u4ef2\u88c1\u529f\u80fd\u3002 \u76d1\u63a7 \uff08monasca\uff09 OpenStack \u670d\u52a1\uff0c\u4e3a\u6307\u6807\u3001\u590d\u6742\u4e8b\u4ef6\u5904\u7406\u548c\u65e5\u5fd7\u8bb0\u5f55\u63d0\u4f9b\u591a\u9879\u76ee\u3001\u9ad8\u5ea6\u53ef\u6269\u5c55\u3001\u9ad8\u6027\u80fd\u3001\u5bb9\u9519\u7684\u76d1\u63a7\u5373\u670d\u52a1\u89e3\u51b3\u65b9\u6848\u3002\u4e3a\u9ad8\u7ea7\u76d1\u63a7\u670d\u52a1\u6784\u5efa\u4e00\u4e2a\u53ef\u6269\u5c55\u7684\u5e73\u53f0\uff0c\u8fd0\u8425\u5546\u548c\u9879\u76ee\u90fd\u53ef\u4ee5\u4f7f\u7528\u8be5\u5e73\u53f0\u6765\u83b7\u5f97\u8fd0\u8425\u6d1e\u5bdf\u529b\u548c\u53ef\u89c1\u6027\uff0c\u786e\u4fdd\u53ef\u7528\u6027\u548c\u7a33\u5b9a\u6027\u3002 \u591a\u4e91\u8ba1\u7b97 \u5728\u5355\u4e2a\u7f51\u7edc\u67b6\u6784\u4e2d\u4f7f\u7528\u591a\u79cd\u4e91\u8ba1\u7b97\u548c\u5b58\u50a8\u670d\u52a1\u3002 \u591a\u4e91 SDK \u63d0\u4f9b\u591a\u4e91\u62bd\u8c61\u5c42\u5e76\u5305\u542b\u5bf9 OpenStack \u7684\u652f\u6301\u7684 SDK\u3002\u8fd9\u4e9b SDK \u975e\u5e38\u9002\u5408\u7f16\u5199\u9700\u8981\u4f7f\u7528\u591a\u79cd\u7c7b\u578b\u7684\u4e91\u63d0\u4f9b\u5546\u7684\u5e94\u7528\u7a0b\u5e8f\uff0c\u4f46\u53ef\u80fd\u4f1a\u516c\u5f00\u4e00\u7ec4\u66f4\u6709\u9650\u7684\u529f\u80fd\u3002 \u591a\u56e0\u7d20\u8eab\u4efd\u9a8c\u8bc1 \u4f7f\u7528\u4e24\u4e2a\u6216\u591a\u4e2a\u51ed\u636e\uff08\u5982\u5bc6\u7801\u548c\u79c1\u94a5\uff09\u7684\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u3002\u76ee\u524d\u5728 Identity \u4e2d\u4e0d\u53d7\u652f\u6301\u3002 \u591a\u4e3b\u673a \u4f20\u7edf \uff08nova\uff09 \u7f51\u7edc\u7684\u9ad8\u53ef\u7528\u6027\u6a21\u5f0f\u3002\u6bcf\u4e2a\u8ba1\u7b97\u8282\u70b9\u5904\u7406 NAT \u548c DHCP\uff0c\u5e76\u5145\u5f53\u5176\u4e0a\u6240\u6709 VM \u7684\u7f51\u5173\u3002\u4e00\u4e2a\u8ba1\u7b97\u8282\u70b9\u4e0a\u7684\u7f51\u7edc\u6545\u969c\u4e0d\u4f1a\u5f71\u54cd\u5176\u4ed6\u8ba1\u7b97\u8282\u70b9\u4e0a\u7684 VM\u3002 multinic \u51fd\u6570 \u8ba1\u7b97\u4e2d\u7684\u5de5\u5177\uff0c\u5141\u8bb8\u6bcf\u4e2a\u865a\u62df\u673a\u5b9e\u4f8b\u8fde\u63a5\u591a\u4e2a VIF\u3002 murano \u5e94\u7528\u7a0b\u5e8f\u76ee\u5f55\u670d\u52a1\u7684\u4ee3\u53f7\u3002","title":"M"},{"location":"security/security-guide/#n","text":"Nebula NASA \u4e8e 2010 \u5e74\u4ee5\u5f00\u6e90\u5f62\u5f0f\u53d1\u5e03\uff0c\u662f Compute \u7684\u57fa\u7840\u3002 \u7f51\u7edc\u7ba1\u7406\u5458 \u8ba1\u7b97 RBAC \u7cfb\u7edf\u4e2d\u7684\u9ed8\u8ba4\u89d2\u8272\u4e4b\u4e00\u3002\u5141\u8bb8\u7528\u6237\u4e3a\u5b9e\u4f8b\u5206\u914d\u53ef\u516c\u5f00\u8bbf\u95ee\u7684 IP \u5730\u5740\u5e76\u66f4\u6539\u9632\u706b\u5899\u89c4\u5219\u3002 NetApp \u5377\u9a71\u52a8\u7a0b\u5e8f \u4f7f\u8ba1\u7b97\u80fd\u591f\u901a\u8fc7 NetApp OnCommand \u914d\u7f6e\u7ba1\u7406\u5668\u4e0e NetApp \u5b58\u50a8\u8bbe\u5907\u8fdb\u884c\u901a\u4fe1\u3002 \u7f51\u7edc \u5728\u5b9e\u4f53\u4e4b\u95f4\u63d0\u4f9b\u8fde\u63a5\u7684\u865a\u62df\u7f51\u7edc\u3002\u4f8b\u5982\uff0c\u5171\u4eab\u7f51\u7edc\u8fde\u63a5\u7684\u865a\u62df\u7aef\u53e3\u7684\u96c6\u5408\u3002\u5728\u7f51\u7edc\u672f\u8bed\u4e2d\uff0c\u7f51\u7edc\u59cb\u7ec8\u662f\u7b2c 2 \u5c42\u7f51\u7edc\u3002 \u7f51\u7edc\u5730\u5740\u8f6c\u6362 \uff08NAT\uff09 \u5728\u4f20\u8f93\u8fc7\u7a0b\u4e2d\u4fee\u6539 IP \u5730\u5740\u4fe1\u606f\u7684\u8fc7\u7a0b\u3002\u7531\u8ba1\u7b97\u548c\u7f51\u7edc\u652f\u6301\u3002 \u7f51\u7edc\u63a7\u5236\u5668 \u4e00\u4e2a\u8ba1\u7b97\u5b88\u62a4\u7a0b\u5e8f\uff0c\u7528\u4e8e\u534f\u8c03\u8282\u70b9\u7684\u7f51\u7edc\u914d\u7f6e\uff0c\u5305\u62ec IP \u5730\u5740\u3001VLAN \u548c\u6865\u63a5\u3002\u8fd8\u7ba1\u7406\u516c\u5171\u7f51\u7edc\u548c\u4e13\u7528\u7f51\u7edc\u7684\u8def\u7531\u3002 \u7f51\u7edc\u6587\u4ef6\u7cfb\u7edf \uff08NFS\uff09 \u4e00\u79cd\u4f7f\u6587\u4ef6\u7cfb\u7edf\u5728\u7f51\u7edc\u4e0a\u53ef\u7528\u7684\u65b9\u6cd5\u3002\u7531 OpenStack \u652f\u6301\u3002 \u7f51\u7edc ID \u5206\u914d\u7ed9\u7f51\u7edc\u4e2d\u6bcf\u4e2a\u7f51\u6bb5\u7684\u552f\u4e00 ID\u3002\u4e0e\u7f51\u7edc UUID \u76f8\u540c\u3002 \u7f51\u7edc\u7ba1\u7406\u5668 \u7528\u4e8e\u7ba1\u7406\u5404\u79cd\u7f51\u7edc\u7ec4\u4ef6\uff08\u5982\u9632\u706b\u5899\u89c4\u5219\u3001IP \u5730\u5740\u5206\u914d\u7b49\uff09\u7684\u8ba1\u7b97\u7ec4\u4ef6\u3002 \u7f51\u7edc\u547d\u540d\u7a7a\u95f4 Linux \u5185\u6838\u529f\u80fd\uff0c\u5728\u5355\u4e2a\u4e3b\u673a\u4e0a\u63d0\u4f9b\u72ec\u7acb\u7684\u865a\u62df\u7f51\u7edc\u5b9e\u4f8b\uff0c\u5177\u6709\u5355\u72ec\u7684\u8def\u7531\u8868\u548c\u63a5\u53e3\u3002\u7c7b\u4f3c\u4e8e\u7269\u7406\u7f51\u7edc\u8bbe\u5907\u4e0a\u7684\u865a\u62df\u8def\u7531\u548c\u8f6c\u53d1 \uff08VRF\uff09 \u670d\u52a1\u3002 \u7f51\u7edc\u8282\u70b9 \u8fd0\u884c Network Worker \u5b88\u62a4\u7a0b\u5e8f\u7684\u4efb\u4f55\u8ba1\u7b97\u8282\u70b9\u3002 \u7f51\u7edc\u6bb5 \u8868\u793a\u7f51\u7edc\u4e2d\u865a\u62df\u7684\u9694\u79bb OSI \u7b2c 2 \u5c42\u5b50\u7f51\u3002 \u7f51\u7edc\u670d\u52a1\u6807\u5934 \uff08NSH\uff09 \u63d0\u4f9b\u6cbf\u5b9e\u4f8b\u5316\u670d\u52a1\u8def\u5f84\u8fdb\u884c\u5143\u6570\u636e\u4ea4\u6362\u7684\u673a\u5236\u3002 \u7f51\u7edc\u65f6\u95f4\u534f\u8bae \uff08NTP\uff09 \u901a\u8fc7\u4e0e\u53ef\u4fe1\u3001\u51c6\u786e\u7684\u65f6\u95f4\u6e90\u901a\u4fe1\u6765\u4fdd\u6301\u4e3b\u673a\u6216\u8282\u70b9\u65f6\u949f\u6b63\u786e\u7684\u65b9\u6cd5\u3002 \u7f51\u7edc UUID \u7f51\u7edc\u7f51\u6bb5\u7684\u552f\u4e00 ID\u3002 \u7f51\u7edc\u5de5\u4f5c\u8fdb\u7a0b nova-network worker \u5b88\u62a4\u8fdb\u7a0b;\u63d0\u4f9b\u8bf8\u5982\u4e3a\u542f\u52a8\u7684 nova \u5b9e\u4f8b\u63d0\u4f9b IP \u5730\u5740\u7b49\u670d\u52a1\u3002 \u7f51\u7edc API\uff08Neutron API\uff09 \u7528\u4e8e\u8bbf\u95ee OpenStack Networking \u7684 API\u3002\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u4f53\u7cfb\u7ed3\u6784\u4ee5\u542f\u7528\u81ea\u5b9a\u4e49\u63d2\u4ef6\u521b\u5efa\u3002 \u7f51\u7edc\u670d\u52a1\uff08neutron\uff09 OpenStack \u9879\u76ee\uff0c\u5b83\u5b9e\u73b0\u4e86\u670d\u52a1\u548c\u76f8\u5173\u5e93\uff0c\u4ee5\u63d0\u4f9b\u6309\u9700\u3001\u53ef\u6269\u5c55\u4e14\u4e0e\u6280\u672f\u65e0\u5173\u7684\u7f51\u7edc\u62bd\u8c61\u3002 neutron OpenStack Networking \u670d\u52a1\u7684\u4ee3\u53f7\u3002 neutron API \u7f51\u7edc API \u7684\u66ff\u4ee3\u540d\u79f0\u3002 Neutron \u7ba1\u7406\u5668 \u542f\u7528\u8ba1\u7b97\u548c\u7f51\u7edc\u96c6\u6210\uff0c\u4f7f\u7f51\u7edc\u80fd\u591f\u5bf9\u6765\u5bbe VM \u6267\u884c\u7f51\u7edc\u7ba1\u7406\u3002 Neutron \u63d2\u4ef6 \u7f51\u7edc\u4e2d\u7684\u63a5\u53e3\uff0c\u4f7f\u7ec4\u7ec7\u80fd\u591f\u4e3a\u9ad8\u7ea7\u529f\u80fd\uff08\u5982 QoS\u3001ACL \u6216 IDS\uff09\u521b\u5efa\u81ea\u5b9a\u4e49\u63d2\u4ef6\u3002 Newton OpenStack \u7b2c 14 \u7248\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u7f8e\u56fd\u5fb7\u514b\u8428\u65af\u5dde\u5965\u65af\u6c40\u4e3e\u884c\u3002\u8be5\u7248\u672c\u4ee5\u4f4d\u4e8e\u5fb7\u514b\u8428\u65af\u5dde\u5965\u65af\u6c40\u5e02\u7b2c\u4e5d\u8857 1013 \u53f7\u7684\u201cNewton House\u201d\u547d\u540d\u3002\u88ab\u5217\u5165\u56fd\u5bb6\u53f2\u8ff9\u540d\u5f55\u3002 Nexenta \u5377\u9a71\u52a8\u7a0b\u5e8f \u4e3a\u8ba1\u7b97\u4e2d\u7684 NexentaStor \u8bbe\u5907\u63d0\u4f9b\u652f\u6301\u3002 NFV \u7f16\u6392\u670d\u52a1\uff08tacker\uff09 OpenStack \u670d\u52a1\uff0c\u65e8\u5728\u5b9e\u73b0\u7f51\u7edc\u529f\u80fd\u865a\u62df\u5316 \uff08NFV\uff09 \u7f16\u6392\u670d\u52a1\u548c\u5e93\uff0c\u7528\u4e8e\u7f51\u7edc\u670d\u52a1\u548c\u865a\u62df\u7f51\u7edc\u529f\u80fd \uff08VNF\uff09 \u7684\u7aef\u5230\u7aef\u751f\u547d\u5468\u671f\u7ba1\u7406\u3002 Nginx \u51fd\u6570 HTTP \u548c\u53cd\u5411\u4ee3\u7406\u670d\u52a1\u5668\u3001\u90ae\u4ef6\u4ee3\u7406\u670d\u52a1\u5668\u548c\u901a\u7528 TCP/UDP \u4ee3\u7406\u670d\u52a1\u5668\u3002 \u65e0 ACK \u5728 Compute RabbitMQ \u4e2d\u7981\u7528\u670d\u52a1\u5668\u7aef\u6d88\u606f\u786e\u8ba4\u3002\u63d0\u9ad8\u6027\u80fd\u4f46\u964d\u4f4e\u53ef\u9760\u6027\u3002 \u8282\u70b9 \u5728\u4e3b\u673a\u4e0a\u8fd0\u884c\u7684 VM \u5b9e\u4f8b\u3002 \u975e\u6301\u4e45\u4ea4\u6362 \u670d\u52a1\u91cd\u65b0\u542f\u52a8\u65f6\u6e05\u9664\u7684\u6d88\u606f\u4ea4\u6362\u3002\u5176\u6570\u636e\u4e0d\u4f1a\u5199\u5165\u6301\u4e45\u6027\u5b58\u50a8\u3002 \u975e\u6301\u4e45\u961f\u5217 \u670d\u52a1\u91cd\u65b0\u542f\u52a8\u65f6\u6e05\u9664\u7684\u6d88\u606f\u961f\u5217\u3002\u5176\u6570\u636e\u4e0d\u4f1a\u5199\u5165\u6301\u4e45\u6027\u5b58\u50a8\u3002 \u975e\u6301\u4e45\u5316\u5377 \u4e34\u65f6\u5377\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u5357\u5317\u5411\u6d41\u91cf \u7528\u6237\u6216\u5ba2\u6237\u7aef\uff08\u5317\uff09\u4e0e\u670d\u52a1\u5668\uff08\u5357\uff09\u4e4b\u95f4\u7684\u7f51\u7edc\u6d41\u91cf\uff0c\u6216\u8fdb\u5165\u4e91\uff08\u5357\uff09\u548c\u4e91\u5916\uff08\u5317\uff09\u7684\u6d41\u91cf\u3002\u53e6\u8bf7\u53c2\u9605\u4e1c\u897f\u5411\u6d41\u91cf\u3002 nova OpenStack \u8ba1\u7b97\u670d\u52a1\u7684\u4ee3\u53f7\u3002 Nova API \u63a5\u53e3 \u8ba1\u7b97 API \u7684\u66ff\u4ee3\u672f\u8bed\u3002 nova-network \uff08\u65b0\u661f\u7f51\u7edc\uff09 \u4e00\u4e2a\u8ba1\u7b97\u7ec4\u4ef6\uff0c\u7528\u4e8e\u7ba1\u7406 IP \u5730\u5740\u5206\u914d\u3001\u9632\u706b\u5899\u548c\u5176\u4ed6\u4e0e\u7f51\u7edc\u76f8\u5173\u7684\u4efb\u52a1\u3002\u8fd9\u662f\u65e7\u7248\u7f51\u7edc\u9009\u9879\uff0c\u4e5f\u662f\u7f51\u7edc\u7684\u66ff\u4ee3\u65b9\u6cd5\u3002","title":"N"},{"location":"security/security-guide/#o","text":"\u5bf9\u8c61 \u5bf9\u8c61\u5b58\u50a8\u4fdd\u5b58\u7684\u6570\u636e\u7684 BLOB;\u53ef\u4ee5\u662f\u4efb\u4f55\u683c\u5f0f\u3002 \u5bf9\u8c61\u5ba1\u8ba1\u5668 \u6253\u5f00\u5bf9\u8c61\u670d\u52a1\u5668\u7684\u6240\u6709\u5bf9\u8c61\uff0c\u5e76\u9a8c\u8bc1\u6bcf\u4e2a\u5bf9\u8c61\u7684 MD5 \u54c8\u5e0c\u3001\u5927\u5c0f\u548c\u5143\u6570\u636e\u3002 \u5bf9\u8c61\u8fc7\u671f Object Storage \u4e2d\u7684\u4e00\u4e2a\u53ef\u914d\u7f6e\u9009\u9879\uff0c\u7528\u4e8e\u5728\u7ecf\u8fc7\u6307\u5b9a\u65f6\u95f4\u6216\u8fbe\u5230\u7279\u5b9a\u65e5\u671f\u540e\u81ea\u52a8\u5220\u9664\u5bf9\u8c61\u3002 \u5bf9\u8c61\u54c8\u5e0c \u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61\u7684\u552f\u4e00 ID\u3002 \u5bf9\u8c61\u8def\u5f84\u54c8\u5e0c \u5bf9\u8c61\u5b58\u50a8\u7528\u4e8e\u786e\u5b9a\u5bf9\u8c61\u5728\u73af\u4e2d\u7684\u4f4d\u7f6e\u3002\u5c06\u5bf9\u8c61\u6620\u5c04\u5230\u5206\u533a\u3002 \u5bf9\u8c61\u590d\u5236\u5668 \u4e00\u4e2a\u5bf9\u8c61\u5b58\u50a8\u7ec4\u4ef6\uff0c\u7528\u4e8e\u5c06\u5bf9\u8c61\u590d\u5236\u5230\u8fdc\u7a0b\u5206\u533a\u4ee5\u5b9e\u73b0\u5bb9\u9519\u3002 \u5bf9\u8c61\u670d\u52a1\u5668 \u8d1f\u8d23\u7ba1\u7406\u5bf9\u8c61\u7684\u5bf9\u8c61\u5b58\u50a8\u7ec4\u4ef6\u3002 \u5bf9\u8c61\u5b58\u50a8 API \u7528\u4e8e\u8bbf\u95ee OpenStack \u5bf9\u8c61\u5b58\u50a8\u7684 API\u3002 \u5bf9\u8c61\u5b58\u50a8\u8bbe\u5907 \uff08OSD\uff09 Ceph \u5b58\u50a8\u5b88\u62a4\u8fdb\u7a0b\u3002 \u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff08swift\uff09 OpenStack \u6838\u5fc3\u9879\u76ee\uff0c\u4e3a\u56fa\u5b9a\u6570\u5b57\u5185\u5bb9\u63d0\u4f9b\u6700\u7ec8\u4e00\u81f4\u6027\u548c\u5197\u4f59\u7684\u5b58\u50a8\u548c\u68c0\u7d22\u3002 \u5bf9\u8c61\u7248\u672c\u63a7\u5236 \u5141\u8bb8\u7528\u6237\u5728\u5bf9\u8c61\u5b58\u50a8\u5bb9\u5668\u4e0a\u8bbe\u7f6e\u6807\u5fd7\uff0c\u4ee5\u4fbf\u5bf9\u5bb9\u5668\u5185\u7684\u6240\u6709\u5bf9\u8c61\u8fdb\u884c\u7248\u672c\u63a7\u5236\u3002 Ocata OpenStack \u7b2c 15 \u7248\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u897f\u73ed\u7259\u5df4\u585e\u7f57\u90a3\u4e3e\u884c\u3002Ocata\u662f\u5df4\u585e\u7f57\u90a3\u5317\u90e8\u7684\u4e00\u4e2a\u6d77\u6ee9\u3002 Octavia \u8d1f\u8f7d\u5e73\u8861\u670d\u52a1\u7684\u4ee3\u53f7\u3002 Oldie \u957f\u65f6\u95f4\u8fd0\u884c\u7684\u5bf9\u8c61\u5b58\u50a8\u8fdb\u7a0b\u7684\u672f\u8bed\u3002\u53ef\u4ee5\u6307\u793a\u6302\u8d77\u7684\u8fdb\u7a0b\u3002 \u5f00\u653e\u4e91\u8ba1\u7b97\u63a5\u53e3\uff08OCCI\uff09 \u7528\u4e8e\u7ba1\u7406\u8ba1\u7b97\u3001\u6570\u636e\u548c\u7f51\u7edc\u8d44\u6e90\u7684\u6807\u51c6\u5316\u63a5\u53e3\uff0c\u76ee\u524d\u5728 OpenStack \u4e2d\u4e0d\u53d7\u652f\u6301\u3002 \u5f00\u653e\u865a\u62df\u5316\u683c\u5f0f \uff08OVF\uff09 \u6253\u5305 VM \u6620\u50cf\u7684\u6807\u51c6\u3002\u5728 OpenStack \u4e2d\u53d7\u652f\u6301\u3002 \u6253\u5f00 vSwitch Open vSwitch \u662f\u5728\u5f00\u6e90 Apache 2.0 \u8bb8\u53ef\u8bc1\u4e0b\u83b7\u5f97\u8bb8\u53ef\u7684\u751f\u4ea7\u8d28\u91cf\u7684\u591a\u5c42\u865a\u62df\u4ea4\u6362\u673a\u3002\u5b83\u65e8\u5728\u901a\u8fc7\u7f16\u7a0b\u6269\u5c55\u5b9e\u73b0\u5927\u89c4\u6a21\u7f51\u7edc\u81ea\u52a8\u5316\uff0c\u540c\u65f6\u4ecd\u652f\u6301\u6807\u51c6\u7ba1\u7406\u63a5\u53e3\u548c\u534f\u8bae\uff08\u4f8b\u5982 NetFlow\u3001sFlow\u3001SPAN\u3001RSPAN\u3001CLI\u3001LACP\u3001802.1ag\uff09\u3002 Open vSwitch\uff08OVS\uff09\u4ee3\u7406 \u4e3a\u7f51\u7edc\u63d2\u4ef6\u63d0\u4f9b\u5e95\u5c42 Open vSwitch \u670d\u52a1\u7684\u63a5\u53e3\u3002 \u6253\u5f00 vSwitch neutron \u63d2\u4ef6 \u5728\u7f51\u7edc\u4e2d\u63d0\u4f9b\u5bf9 Open vSwitch \u7684\u652f\u6301\u3002 OpenDev OpenDev \u662f\u4e00\u4e2a\u534f\u4f5c\u5f00\u6e90\u8f6f\u4ef6\u5f00\u53d1\u7684\u7a7a\u95f4\u3002 OpenDev \u7684\u4f7f\u547d\u662f\u4e3a\u5f00\u6e90\u8f6f\u4ef6\u9879\u76ee\u63d0\u4f9b\u9879\u76ee\u6258\u7ba1\u3001\u6301\u7eed\u96c6\u6210\u5de5\u5177\u548c\u865a\u62df\u534f\u4f5c\u7a7a\u95f4\u3002OpenDev \u672c\u8eab\u662f\u81ea\u6258\u7ba1\u5728\u8fd9\u5957\u5de5\u5177\u4e0a\uff0c\u5305\u62ec\u4ee3\u7801\u5ba1\u67e5\u3001\u6301\u7eed\u96c6\u6210\u3001etherpad\u3001wiki\u3001\u4ee3\u7801\u6d4f\u89c8\u7b49\u3002\u8fd9\u610f\u5473\u7740 OpenDev \u672c\u8eab\u5c31\u50cf\u4e00\u4e2a\u5f00\u6e90\u9879\u76ee\u4e00\u6837\u8fd0\u884c\uff0c\u60a8\u53ef\u4ee5\u52a0\u5165\u6211\u4eec\u5e76\u5e2e\u52a9\u8fd0\u884c\u7cfb\u7edf\u3002\u6b64\u5916\uff0c\u8fd0\u884c\u7684\u6240\u6709\u670d\u52a1\u672c\u8eab\u90fd\u662f\u5f00\u6e90\u8f6f\u4ef6\u3002 OpenStack \u9879\u76ee\u662f\u4f7f\u7528 OpenDev \u7684\u6700\u5927\u9879\u76ee\u3002 OpenLDAP \u5f00\u6e90 LDAP \u670d\u52a1\u5668\u3002\u53d7\u8ba1\u7b97\u548c\u6807\u8bc6\u652f\u6301\u3002 OpenStack OpenStack \u662f\u4e00\u4e2a\u4e91\u64cd\u4f5c\u7cfb\u7edf\uff0c\u53ef\u63a7\u5236\u6574\u4e2a\u6570\u636e\u4e2d\u5fc3\u7684\u5927\u578b\u8ba1\u7b97\u3001\u5b58\u50a8\u548c\u7f51\u7edc\u8d44\u6e90\u6c60\uff0c\u6240\u6709\u8fd9\u4e9b\u8d44\u6e90\u90fd\u901a\u8fc7\u4eea\u8868\u677f\u8fdb\u884c\u7ba1\u7406\uff0c\u8be5\u4eea\u8868\u677f\u4f7f\u7ba1\u7406\u5458\u80fd\u591f\u8fdb\u884c\u63a7\u5236\uff0c\u540c\u65f6\u6388\u6743\u7528\u6237\u901a\u8fc7 Web \u754c\u9762\u914d\u7f6e\u8d44\u6e90\u3002OpenStack \u662f\u4e00\u4e2a\u6839\u636e Apache License 2.0 \u8bb8\u53ef\u7684\u5f00\u6e90\u9879\u76ee\u3002 OpenStack \u4ee3\u7801\u540d\u79f0 \u6bcf\u4e2a OpenStack \u7248\u672c\u90fd\u6709\u4e00\u4e2a\u4ee3\u53f7\u3002\u4ee3\u53f7\u6309\u5b57\u6bcd\u987a\u5e8f\u6392\u5217\uff1aAustin, Bexar, Cactus, Diablo, Essex, Folsom, Grizzly, Havana, Icehouse, Juno, Kilo, Liberty, Mitaka, Newton, Ocata, Pike, Queens, Rocky, Stein, Train, Ussuri, Victoria, Wallaby, Xena, Yoga, Zed\u3002 Wallaby \u662f\u65b0\u7b56\u7565\u9009\u62e9\u7684\u7b2c\u4e00\u4e2a\u4ee3\u53f7\uff1a\u4ee3\u53f7\u7531\u793e\u533a\u6309\u7167\u5b57\u6bcd\u987a\u5e8f\u9009\u62e9\uff0c\u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u53d1\u5e03\u540d\u79f0\u6807\u51c6\u3002 \u7ef4\u591a\u5229\u4e9a\u7684\u540d\u5b57\u662f\u59d3\u6c0f\uff0c\u5176\u4e2d\u4ee3\u53f7\u662f\u9760\u8fd1\u76f8\u5e94OpenStack\u8bbe\u8ba1\u5cf0\u4f1a\u4e3e\u529e\u5730\u7684\u57ce\u5e02\u6216\u53bf\u3002\u4e00\u4e2a\u4f8b\u5916\uff0c\u79f0\u4e3a\u6c83\u5c14\u767b\u4f8b\u5916\uff0c\u88ab\u6388\u4e88\u5dde\u65d7\u4e2d\u542c\u8d77\u6765\u7279\u522b\u9177\u7684\u5143\u7d20\u3002\u4ee3\u53f7\u7531\u5927\u4f17\u6295\u7968\u9009\u51fa\u3002 \u4e0e\u6b64\u540c\u65f6\uff0c\u968f\u7740OpenStack\u53d1\u884c\u7248\u7684\u5b57\u6bcd\u8868\u7528\u5b8c\uff0c\u6280\u672f\u59d4\u5458\u4f1a\u6539\u53d8\u4e86\u547d\u540d\u8fc7\u7a0b\uff0c\u5c06\u53d1\u884c\u53f7\u548c\u53d1\u884c\u7248\u540d\u79f0\u4f5c\u4e3a\u8bc6\u522b\u7801\u3002\u7248\u672c\u53f7\u5c06\u662f\u4e3b\u8981\u6807\u8bc6\u7b26\uff1a\u201cyear\u201d\u3002\u5e74\u5185\u53d1\u5e03\u8ba1\u6570\u201c\uff0c\u8be5\u540d\u79f0\u5c06\u4e3b\u8981\u7528\u4e8e\u8425\u9500\u76ee\u7684\u3002\u7b2c\u4e00\u4e2a\u8fd9\u6837\u7684\u7248\u672c\u662f 2023.1 Antelope\u3002\u7d27\u968f\u5176\u540e\u7684\u662f 2023.2 Bobcat\u30012024.1 Caracal\u3002 openSUSE \u4e0e OpenStack \u517c\u5bb9\u7684 Linux \u53d1\u884c\u7248\u3002 \u64cd\u4f5c\u5458 \u8d1f\u8d23\u89c4\u5212\u548c\u7ef4\u62a4 OpenStack \u5b89\u88c5\u7684\u4eba\u5458\u3002 \u53ef\u9009\u670d\u52a1 \u7531 Interop \u5de5\u4f5c\u7ec4\u5b9a\u4e49\u4e3a\u53ef\u9009\u7684\u5b98\u65b9 OpenStack \u670d\u52a1\u3002\u76ee\u524d\uff0c\u7531 Dashboard \uff08horizon\uff09\u3001Telemetry \u670d\u52a1 \uff08Telemetry\uff09\u3001Orchestration \u670d\u52a1 \uff08heat\uff09\u3001Database \u670d\u52a1 \uff08trove\uff09\u3001Bare Metal \u670d\u52a1 \uff08ironic\uff09 \u7b49\u7ec4\u6210\u3002 \u7f16\u6392\u670d\u52a1\uff08heat\uff09 OpenStack \u670d\u52a1\uff0c\u5b83\u901a\u8fc7 OpenStack \u539f\u751f REST API \u4f7f\u7528\u58f0\u660e\u6027\u6a21\u677f\u683c\u5f0f\u7f16\u6392\u590d\u5408\u4e91\u5e94\u7528\u7a0b\u5e8f\u3002 orphan \u5728\u5bf9\u8c61\u5b58\u50a8\u7684\u4e0a\u4e0b\u6587\u4e2d\uff0c\u8fd9\u662f\u4e00\u4e2a\u5728\u5347\u7ea7\u3001\u91cd\u65b0\u542f\u52a8\u6216\u91cd\u65b0\u52a0\u8f7d\u670d\u52a1\u540e\u4e0d\u4f1a\u7ec8\u6b62\u7684\u8fc7\u7a0b\u3002 Oslo Common Libraries \u9879\u76ee\u7684\u4ee3\u53f7\u3002","title":"O"},{"location":"security/security-guide/#p","text":"panko OpenStack Telemetry \u670d\u52a1\u7684\u4e00\u90e8\u5206;\u63d0\u4f9b\u4e8b\u4ef6\u5b58\u50a8\u3002 \u7236\u5355\u5143\u683c \u5982\u679c\u8bf7\u6c42\u7684\u8d44\u6e90\uff08\u5982 CPU \u65f6\u95f4\u3001\u78c1\u76d8\u5b58\u50a8\u6216\u5185\u5b58\uff09\u5728\u7236\u5355\u5143\u4e2d\u4e0d\u53ef\u7528\uff0c\u5219\u8be5\u8bf7\u6c42\u5c06\u8f6c\u53d1\u5230\u5173\u8054\u7684\u5b50\u5355\u5143\u3002 \u5206\u533a \u5bf9\u8c61\u5b58\u50a8\u4e2d\u7528\u4e8e\u5b58\u50a8\u5bf9\u8c61\u7684\u5b58\u50a8\u5355\u5143\u3002\u5b83\u5b58\u5728\u4e8e\u8bbe\u5907\u4e4b\u4e0a\uff0c\u5e76\u88ab\u590d\u5236\u4ee5\u5b9e\u73b0\u5bb9\u9519\u3002. \u5206\u533a\u7d22\u5f15 \u5305\u542b\u73af\u5185\u6240\u6709\u5bf9\u8c61\u5b58\u50a8\u5206\u533a\u7684\u4f4d\u7f6e\u3002 \u5206\u533a\u504f\u79fb\u503c \u5bf9\u8c61\u5b58\u50a8\u7528\u4e8e\u786e\u5b9a\u6570\u636e\u5e94\u9a7b\u7559\u5728\u54ea\u4e2a\u5206\u533a\u4e0a\u3002 \u8def\u5f84 MTU \u53d1\u73b0 \uff08PMTUD\uff09 IP \u7f51\u7edc\u4e2d\u7528\u4e8e\u68c0\u6d4b\u7aef\u5230\u7aef MTU \u5e76\u76f8\u5e94\u5730\u8c03\u6574\u6570\u636e\u5305\u5927\u5c0f\u7684\u673a\u5236\u3002 \u6682\u505c \u672a\u53d1\u751f\u4efb\u4f55\u66f4\u6539\uff08\u5185\u5b58\u672a\u66f4\u6539\u3001\u7f51\u7edc\u901a\u4fe1\u505c\u6b62\u7b49\uff09\u7684 VM \u72b6\u6001;VM \u5df2\u51bb\u7ed3\uff0c\u4f46\u672a\u5173\u95ed\u3002 PCI\u76f4\u901a \u4e3a\u5ba2\u6237\u673a\u865a\u62df\u673a\u63d0\u4f9b\u5bf9 PCI \u8bbe\u5907\u7684\u72ec\u5360\u8bbf\u95ee\u6743\u9650\u3002\u76ee\u524d\u5728 OpenStack Havana \u53ca\u66f4\u9ad8\u7248\u672c\u4e2d\u53d7\u652f\u6301\u3002 \u6301\u4e45\u6d88\u606f \u5b58\u50a8\u5728\u5185\u5b58\u548c\u78c1\u76d8\u4e0a\u7684\u6d88\u606f\u3002\u5931\u8d25\u6216\u91cd\u65b0\u542f\u52a8\u540e\uff0c\u6d88\u606f\u4e0d\u4f1a\u4e22\u5931\u3002 \u6301\u4e45\u5377 \u5c06\u4fdd\u5b58\u5bf9\u8fd9\u4e9b\u7c7b\u578b\u7684\u78c1\u76d8\u5377\u6240\u505a\u7684\u66f4\u6539\u3002 \u4e2a\u6027\u6587\u4ef6 \u7528\u4e8e\u81ea\u5b9a\u4e49 Compute \u5b9e\u4f8b\u7684\u6587\u4ef6\u3002\u5b83\u53ef\u7528\u4e8e\u6ce8\u5165 SSH \u5bc6\u94a5\u6216\u7279\u5b9a\u7684\u7f51\u7edc\u914d\u7f6e\u3002 Pike OpenStack \u7b2c 16 \u7248\u7684\u4ee3\u53f7\u3002OpenStack\u5cf0\u4f1a\u5728\u7f8e\u56fd\u9a6c\u8428\u8bf8\u585e\u5dde\u6ce2\u58eb\u987f\u4e3e\u884c\u3002\u8be5\u7248\u672c\u4ee5\u9a6c\u8428\u8bf8\u585e\u5dde\u6536\u8d39\u516c\u8def\u547d\u540d\uff0c\u901a\u5e38\u7f29\u5199\u4e3a\u9a6c\u8428\u8bf8\u585e\u5dde\u6536\u8d39\u516c\u8def\uff0c\u8fd9\u662f 90 \u53f7\u5dde\u9645\u516c\u8def\u6700\u4e1c\u7aef\u7684\u8def\u6bb5\u3002 \u5e73\u53f0\u5373\u670d\u52a1\uff08PaaS\uff09 \u4e3a\u4f7f\u7528\u8005\u63d0\u4f9b\u64cd\u4f5c\u7cfb\u7edf\uff0c\u901a\u5e38\u8fd8\u4e3a\u8bed\u8a00\u8fd0\u884c\u65f6\u548c\u5e93\uff08\u7edf\u79f0\u4e3a\u201c\u5e73\u53f0\u201d\uff09\u63d0\u4f9b\uff0c\u6d88\u8d39\u8005\u53ef\u4ee5\u5728\u5176\u4e0a\u8fd0\u884c\u81ea\u5df1\u7684\u5e94\u7528\u7a0b\u5e8f\u4ee3\u7801\uff0c\u800c\u65e0\u9700\u63d0\u4f9b\u5bf9\u5e95\u5c42\u57fa\u7840\u7ed3\u6784\u7684\u4efb\u4f55\u63a7\u5236\u3002\u5e73\u53f0\u5373\u670d\u52a1\u63d0\u4f9b\u5546\u7684\u793a\u4f8b\u5305\u62ec Cloud Foundry \u548c OpenShift\u3002 \u63d2\u4ef6 \u4e3a\u7f51\u7edc API \u6216\u8ba1\u7b97 API \u63d0\u4f9b\u5b9e\u9645\u5b9e\u73b0\u7684\u8f6f\u4ef6\u7ec4\u4ef6\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u4e0a\u4e0b\u6587\u3002 \u7b56\u7565\u670d\u52a1 \u6807\u8bc6\u7ec4\u4ef6\uff0c\u63d0\u4f9b\u89c4\u5219\u7ba1\u7406\u63a5\u53e3\u548c\u57fa\u4e8e\u89c4\u5219\u7684\u6388\u6743\u5f15\u64ce\u3002 \u57fa\u4e8e\u7b56\u7565\u7684\u8def\u7531 \uff08PBR\uff09 \u63d0\u4f9b\u4e00\u79cd\u673a\u5236\uff0c\u7528\u4e8e\u6839\u636e\u7f51\u7edc\u7ba1\u7406\u5458\u5b9a\u4e49\u7684\u7b56\u7565\u5b9e\u73b0\u6570\u636e\u5305\u8f6c\u53d1\u548c\u8def\u7531\u3002 \u6c60 \u4e00\u7ec4\u903b\u8f91\u8bbe\u5907\uff0c\u4f8b\u5982 Web \u670d\u52a1\u5668\uff0c\u60a8\u53ef\u4ee5\u5c06\u5176\u7ec4\u5408\u5728\u4e00\u8d77\u4ee5\u63a5\u6536\u548c\u5904\u7406\u6d41\u91cf\u3002\u8d1f\u8f7d\u5e73\u8861\u529f\u80fd\u9009\u62e9\u6c60\u4e2d\u7684\u54ea\u4e2a\u6210\u5458\u5904\u7406\u5728 VIP \u5730\u5740\u4e0a\u6536\u5230\u7684\u65b0\u8bf7\u6c42\u6216\u8fde\u63a5\u3002\u6bcf\u4e2aVIP\u90fd\u6709\u4e00\u4e2a\u6e38\u6cf3\u6c60\u3002 \u6c60\u6210\u5458 \u5728\u8d1f\u8f7d\u5e73\u8861\u7cfb\u7edf\u4e2d\u7684\u540e\u7aef\u670d\u52a1\u5668\u4e0a\u8fd0\u884c\u7684\u5e94\u7528\u7a0b\u5e8f\u3002 \u7aef\u53e3 \u7f51\u7edc\u4e2d\u7684\u865a\u62df\u7f51\u7edc\u7aef\u53e3;VIF / vNIC \u8fde\u63a5\u5230\u7aef\u53e3\u3002 \u7aef\u53e3 UUID \u7f51\u7edc\u7aef\u53e3\u7684\u552f\u4e00 ID\u3002 \u9884\u7f6e \u5728\u57fa\u4e8e Debian \u7684 Linux \u53d1\u884c\u7248\u4e0a\u81ea\u52a8\u8fdb\u884c\u7cfb\u7edf\u914d\u7f6e\u548c\u5b89\u88c5\u7684\u5de5\u5177\u3002 \u79c1\u6709\u4e91 \u4e00\u4e2a\u4f01\u4e1a\u6216\u7ec4\u7ec7\u72ec\u5360\u4f7f\u7528\u7684\u8ba1\u7b97\u8d44\u6e90\u3002 \u79c1\u6709\u6620\u50cf \u4ec5\u5bf9\u6307\u5b9a\u9879\u76ee\u53ef\u7528\u7684\u6620\u50cf\u670d\u52a1\u865a\u62df\u673a\u6620\u50cf\u3002 \u79c1\u6709 IP \u5730\u5740 \u7528\u4e8e\u7ba1\u7406\u548c\u7ba1\u7406\u7684 IP \u5730\u5740\uff0c\u4e0d\u53ef\u7528\u4e8e\u516c\u5171 Internet\u3002 \u4e13\u7528\u7f51\u7edc \u7f51\u7edc\u63a7\u5236\u5668\u63d0\u4f9b\u865a\u62df\u7f51\u7edc\uff0c\u4f7f\u8ba1\u7b97\u670d\u52a1\u5668\u80fd\u591f\u76f8\u4e92\u4ea4\u4e92\u4ee5\u53ca\u4e0e\u516c\u7528\u7f51\u7edc\u4ea4\u4e92\u3002\u6240\u6709\u8ba1\u7b97\u673a\u90fd\u5fc5\u987b\u5177\u6709\u516c\u5171\u548c\u4e13\u7528\u7f51\u7edc\u63a5\u53e3\u3002\u4e13\u7528\u7f51\u7edc\u63a5\u53e3\u53ef\u4ee5\u662f\u5e73\u9762\u7f51\u7edc\u63a5\u53e3\uff0c\u4e5f\u53ef\u4ee5\u662f VLAN \u7f51\u7edc\u63a5\u53e3\u3002\u6241\u5e73\u5316\u7f51\u7edc\u63a5\u53e3\u7531\u5177\u6709\u6241\u5e73\u5316\u7ba1\u7406\u5668\u7684flat_interface\u63a7\u5236\u3002VLAN \u7f51\u7edc\u63a5\u53e3\u7531\u5e26\u6709 VLAN \u7ba1\u7406\u5668\u7684 vlan_interface \u9009\u4ef6\u63a7\u5236\u3002 \u9879\u76ee \u9879\u76ee\u4ee3\u8868\u4e86OpenStack\u4e2d\u201c\u6240\u6709\u6743\u201d\u7684\u57fa\u672c\u5355\u4f4d\uff0c\u56e0\u4e3aOpenStack\u4e2d\u7684\u6240\u6709\u8d44\u6e90\u90fd\u5e94\u8be5\u7531\u7279\u5b9a\u9879\u76ee\u62e5\u6709\u3002\u5728 OpenStack Identity \u4e2d\uff0c\u9879\u76ee\u5fc5\u987b\u7531\u7279\u5b9a\u57df\u62e5\u6709\u3002 \u9879\u76ee ID Identity \u670d\u52a1\u5206\u914d\u7ed9\u6bcf\u4e2a\u9879\u76ee\u7684\u552f\u4e00 ID\u3002 \u9879\u76ee VPN cloudpipe \u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u6df7\u6742\u6a21\u5f0f \u4f7f\u7f51\u7edc\u63a5\u53e3\u5c06\u5176\u63a5\u6536\u7684\u6240\u6709\u6d41\u91cf\u4f20\u9012\u5230\u4e3b\u673a\uff0c\u800c\u4e0d\u662f\u4ec5\u4f20\u9012\u5bfb\u5740\u5230\u5b83\u7684\u5e27\u3002 \u53d7\u4fdd\u62a4\u7684\u5c5e\u6027 \u901a\u5e38\uff0c\u53ea\u6709\u4e91\u7ba1\u7406\u5458\u624d\u80fd\u8bbf\u95ee\u7684\u6620\u50cf\u670d\u52a1\u6620\u50cf\u4e0a\u7684\u989d\u5916\u5c5e\u6027\u3002\u9650\u5236\u54ea\u4e9b\u7528\u6237\u89d2\u8272\u53ef\u4ee5\u5bf9\u8be5\u5c5e\u6027\u6267\u884c CRUD \u64cd\u4f5c\u3002\u4e91\u7ba1\u7406\u5458\u53ef\u4ee5\u5c06\u4efb\u4f55\u6620\u50cf\u5c5e\u6027\u914d\u7f6e\u4e3a\u53d7\u4fdd\u62a4\u3002 \u63d0\u4f9b\u8005 \u6709\u6743\u8bbf\u95ee\u6240\u6709\u4e3b\u673a\u548c\u5b9e\u4f8b\u7684\u7ba1\u7406\u5458\u3002 \u4ee3\u7406\u8282\u70b9 \u63d0\u4f9bObject Storage\u4ee3\u7406\u670d\u52a1\u7684\u8282\u70b9\u3002 \u4ee3\u7406\u670d\u52a1\u5668 \u5bf9\u8c61\u5b58\u50a8\u7684\u7528\u6237\u901a\u8fc7\u4ee3\u7406\u670d\u52a1\u5668\u4e0e\u670d\u52a1\u8fdb\u884c\u4ea4\u4e92\uff0c\u4ee3\u7406\u670d\u52a1\u5668\u53c8\u5728\u73af\u5185\u67e5\u627e\u6240\u8bf7\u6c42\u6570\u636e\u7684\u4f4d\u7f6e\uff0c\u5e76\u5c06\u7ed3\u679c\u8fd4\u56de\u7ed9\u7528\u6237\u3002 \u516c\u5171 API \u7528\u4e8e\u670d\u52a1\u5230\u670d\u52a1\u901a\u4fe1\u548c\u6700\u7ec8\u7528\u6237\u4ea4\u4e92\u7684 API \u7ec8\u7ed3\u70b9\u3002 \u516c\u6709\u4e91 \u8bb8\u591a\u7528\u6237\u53ef\u901a\u8fc7 Internet \u8bbf\u95ee\u7684\u6570\u636e\u4e2d\u5fc3\u3002 \u516c\u5171\u955c\u50cf \u53ef\u4f9b\u6240\u6709\u9879\u76ee\u4f7f\u7528\u7684\u955c\u50cf\u670d\u52a1\u865a\u62df\u673a\u955c\u50cf\u3002 \u516c\u7f51 IP \u5730\u5740 \u6700\u7ec8\u7528\u6237\u53ef\u8bbf\u95ee\u7684 IP \u5730\u5740\u3002 \u516c\u94a5\u8ba4\u8bc1 \u4f7f\u7528\u5bc6\u94a5\u800c\u4e0d\u662f\u5bc6\u7801\u7684\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u3002 \u516c\u7f51 \u7f51\u7edc\u63a7\u5236\u5668\u63d0\u4f9b\u865a\u62df\u7f51\u7edc\uff0c\u4f7f\u8ba1\u7b97\u670d\u52a1\u5668\u80fd\u591f\u76f8\u4e92\u4ea4\u4e92\u4ee5\u53ca\u4e0e\u516c\u7528\u7f51\u7edc\u4ea4\u4e92\u3002\u6240\u6709\u8ba1\u7b97\u673a\u90fd\u5fc5\u987b\u5177\u6709\u516c\u5171\u548c\u4e13\u7528\u7f51\u7edc\u63a5\u53e3\u3002\u516c\u7528\u7f51\u7edc\u63a5\u53e3\u7531\u8be5 public_interface \u9009\u9879\u63a7\u5236\u3002 Puppet OpenStack\u652f\u6301\u7684\u64cd\u4f5c\u7cfb\u7edf\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\u3002 Python \u6a21\u578b OpenStack\u4e2d\u5e7f\u6cdb\u4f7f\u7528\u7684\u7f16\u7a0b\u8bed\u8a00\u3002","title":"P"},{"location":"security/security-guide/#q","text":"QEMU \u5199\u5165\u65f6\u590d\u5236 2 \uff08QCOW2\uff09 \u955c\u50cf\u670d\u52a1\u652f\u6301\u7684\u865a\u62df\u673a\u955c\u50cf\u78c1\u76d8\u683c\u5f0f\u4e4b\u4e00\u3002 Qpid penStack\u652f\u6301\u7684\u6d88\u606f\u961f\u5217\u8f6f\u4ef6;RabbitMQ \u7684\u66ff\u4ee3\u54c1\u3002 \u670d\u52a1\u8d28\u91cf \uff08QoS\uff09 \u4fdd\u8bc1\u67d0\u4e9b\u7f51\u7edc\u6216\u5b58\u50a8\u8981\u6c42\u4ee5\u6ee1\u8db3\u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u5546\u548c\u6700\u7ec8\u7528\u6237\u4e4b\u95f4\u7684\u670d\u52a1\u7ea7\u522b\u534f\u8bae \uff08SLA\uff09 \u7684\u80fd\u529b\u3002\u901a\u5e38\u5305\u62ec\u7f51\u7edc\u5e26\u5bbd\u3001\u5ef6\u8fdf\u3001\u6296\u52a8\u6821\u6b63\u548c\u53ef\u9760\u6027\u7b49\u6027\u80fd\u8981\u6c42\uff0c\u4ee5\u53ca\u6bcf\u79d2\u8f93\u5165/\u8f93\u51fa\u64cd\u4f5c\u6570 \uff08IOPS\uff09 \u4e2d\u7684\u5b58\u50a8\u6027\u80fd\u3001\u9650\u5236\u534f\u8bae\u548c\u5cf0\u503c\u8d1f\u8f7d\u4e0b\u7684\u6027\u80fd\u9884\u671f\u3002 \u9694\u79bb \u5982\u679c\u5bf9\u8c61\u5b58\u50a8\u53d1\u73b0\u5bf9\u8c61\u3001\u5bb9\u5668\u6216\u5e10\u6237\u5df2\u635f\u574f\uff0c\u5219\u4f1a\u5c06\u5176\u7f6e\u4e8e\u6b64\u72b6\u6001\uff0c\u4e0d\u4f1a\u88ab\u590d\u5236\uff0c\u5ba2\u6237\u7aef\u65e0\u6cd5\u8bfb\u53d6\uff0c\u5e76\u4e14\u4f1a\u91cd\u65b0\u590d\u5236\u6b63\u786e\u7684\u526f\u672c\u3002 Queens OpenStack \u7b2c 17 \u7248\u7684\u4ee3\u53f7\u3002OpenStack\u5cf0\u4f1a\u5728\u6fb3\u5927\u5229\u4e9a\u6089\u5c3c\u4e3e\u884c\u3002\u8be5\u7248\u672c\u4ee5\u65b0\u5357\u5a01\u5c14\u58eb\u5dde\u5357\u6d77\u5cb8\u5730\u533a\u7684\u7687\u540e\u5e9e\u5fb7\u6cb3\u547d\u540d\u3002 Quick EMUlator \uff08QEMU\uff09 \uff08\u5feb\u901f EMUlator\uff09 QEMU \u662f\u4e00\u4e2a\u901a\u7528\u7684\u5f00\u6e90\u673a\u5668\u4eff\u771f\u5668\u548c\u865a\u62df\u5316\u5668\u3002OpenStack \u652f\u6301\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e4b\u4e00\uff0c\u901a\u5e38\u7528\u4e8e\u5f00\u53d1\u76ee\u7684\u3002 \u914d\u989d \u5728\u8ba1\u7b97\u548c\u5757\u5b58\u50a8\u4e2d\uff0c\u80fd\u591f\u57fa\u4e8e\u6bcf\u4e2a\u9879\u76ee\u8bbe\u7f6e\u8d44\u6e90\u9650\u5236\u3002","title":"Q"},{"location":"security/security-guide/#r","text":"RabbitMQ \u6a21\u578b OpenStack \u4f7f\u7528\u7684\u9ed8\u8ba4\u6d88\u606f\u961f\u5217\u8f6f\u4ef6\u3002 Rackspace \u4e91\u6587\u4ef6 2010 \u5e74\u7531 Rackspace \u5f00\u6e90\u53d1\u5e03;\u5bf9\u8c61\u5b58\u50a8\u7684\u57fa\u7840\u3002 RADOS \u5757\u8bbe\u5907 \uff08RBD\uff09 Ceph \u7ec4\u4ef6\uff0c\u4f7f Linux \u5757\u8bbe\u5907\u80fd\u591f\u5728\u591a\u4e2a\u5206\u5e03\u5f0f\u6570\u636e\u5b58\u50a8\u4e0a\u8fdb\u884c\u6761\u5e26\u5316\u3002 radvd \u8def\u7531\u5668\u901a\u544a\u5b88\u62a4\u7a0b\u5e8f\uff0c\u7531\u8ba1\u7b97 VLAN \u7ba1\u7406\u5668\u548c FlatDHCP \u7ba1\u7406\u5668\u7528\u4e8e\u4e3a VM \u5b9e\u4f8b\u63d0\u4f9b\u8def\u7531\u670d\u52a1\u3002 rally Benchmark \u670d\u52a1\u7684\u4ee3\u53f7\u3002 RAM\u8fc7\u6ee4\u5668 \u542f\u7528\u6216\u7981\u7528 RAM \u8fc7\u91cf\u5206\u914d\u7684\u8ba1\u7b97\u8bbe\u7f6e\u3002 RAM \u8fc7\u91cf\u5206\u914d \u80fd\u591f\u6839\u636e\u4e3b\u673a\u7684\u5b9e\u9645\u5185\u5b58\u4f7f\u7528\u60c5\u51b5\u542f\u52a8\u65b0\u7684 VM \u5b9e\u4f8b\uff0c\u800c\u4e0d\u662f\u6839\u636e\u6bcf\u4e2a\u6b63\u5728\u8fd0\u884c\u7684\u5b9e\u4f8b\u8ba4\u4e3a\u5176\u53ef\u7528\u7684 RAM \u91cf\u6765\u505a\u51fa\u51b3\u5b9a\u3002\u4e5f\u79f0\u4e3a\u5185\u5b58\u8fc7\u91cf\u4f7f\u7528\u3002 \u901f\u7387\u9650\u5236 \u5bf9\u8c61\u5b58\u50a8\u4e2d\u7684\u53ef\u914d\u7f6e\u9009\u9879\uff0c\u7528\u4e8e\u9650\u5236\u6bcf\u4e2a\u5e10\u6237\u548c/\u6216\u6bcf\u4e2a\u5bb9\u5668\u7684\u6570\u636e\u5e93\u5199\u5165\u3002 \u539f\u59cb \u6620\u50cf\u670d\u52a1\u652f\u6301\u7684\u865a\u62df\u673a\u6620\u50cf\u78c1\u76d8\u683c\u5f0f\u4e4b\u4e00;\u975e\u7ed3\u6784\u5316\u78c1\u76d8\u6620\u50cf\u3002 \u91cd\u65b0\u5e73\u8861 \u5728\u73af\u4e2d\u7684\u6240\u6709\u9a71\u52a8\u5668\u4e4b\u95f4\u5206\u914d\u5bf9\u8c61\u5b58\u50a8\u5206\u533a\u7684\u8fc7\u7a0b;\u5728\u521d\u59cb\u73af\u521b\u5efa\u671f\u95f4\u548c\u73af\u91cd\u65b0\u914d\u7f6e\u540e\u4f7f\u7528\u3002 \u91cd\u542f \u5bf9\u670d\u52a1\u5668\u8fdb\u884c\u8f6f\u91cd\u542f\u6216\u786c\u91cd\u542f\u3002\u901a\u8fc7\u8f6f\u91cd\u542f\uff0c\u64cd\u4f5c\u7cfb\u7edf\u4f1a\u53d1\u51fa\u91cd\u65b0\u542f\u52a8\u4fe1\u53f7\uff0c\u4ece\u800c\u53ef\u4ee5\u6b63\u5e38\u5173\u95ed\u6240\u6709\u8fdb\u7a0b\u3002\u786c\u91cd\u542f\u76f8\u5f53\u4e8e\u91cd\u542f\u670d\u52a1\u5668\u3002\u865a\u62df\u5316\u5e73\u53f0\u5e94\u786e\u4fdd\u91cd\u65b0\u542f\u52a8\u64cd\u4f5c\u5df2\u6210\u529f\u5b8c\u6210\uff0c\u5373\u4f7f\u5728\u57fa\u7840\u57df/VM \u6682\u505c\u6216\u505c\u6b62/\u505c\u6b62\u7684\u60c5\u51b5\u4e0b\u4e5f\u662f\u5982\u6b64\u3002 \u91cd\u5efa \u5220\u9664\u670d\u52a1\u5668\u4e0a\u7684\u6240\u6709\u6570\u636e\uff0c\u5e76\u5c06\u5176\u66ff\u6362\u4e3a\u6307\u5b9a\u7684\u6620\u50cf\u3002\u670d\u52a1\u5668 ID \u548c IP \u5730\u5740\u4fdd\u6301\u4e0d\u53d8\u3002 \u4fa6\u5bdf \u7528\u4e8e\u6536\u96c6\u8ba1\u91cf\u7684\u5bf9\u8c61\u5b58\u50a8\u7ec4\u4ef6\u3002 \u8bb0\u5f55 \u5c5e\u4e8e\u7279\u5b9a\u57df\uff0c\u7528\u4e8e\u6307\u5b9a\u6709\u5173\u8be5\u57df\u7684\u4fe1\u606f\u3002\u6709\u51e0\u79cd\u7c7b\u578b\u7684 DNS \u8bb0\u5f55\u3002\u6bcf\u79cd\u8bb0\u5f55\u7c7b\u578b\u90fd\u5305\u542b\u7528\u4e8e\u63cf\u8ff0\u8be5\u8bb0\u5f55\u7528\u9014\u7684\u7279\u5b9a\u4fe1\u606f\u3002\u793a\u4f8b\u5305\u62ec\u90ae\u4ef6\u4ea4\u6362 \uff08MX\uff09 \u8bb0\u5f55\uff0c\u5b83\u6307\u5b9a\u7279\u5b9a\u57df\u7684\u90ae\u4ef6\u670d\u52a1\u5668;\u548c\u540d\u79f0\u670d\u52a1\u5668 \uff08NS\uff09 \u8bb0\u5f55\uff0c\u7528\u4e8e\u6307\u5b9a\u57df\u7684\u6743\u5a01\u540d\u79f0\u670d\u52a1\u5668\u3002 \u8bb0\u5f55 ID \u6570\u636e\u5e93\u4e2d\u7684\u4e00\u4e2a\u6570\u5b57\uff0c\u6bcf\u6b21\u8fdb\u884c\u66f4\u6539\u65f6\u90fd\u4f1a\u9012\u589e\u3002\u5bf9\u8c61\u5b58\u50a8\u5728\u590d\u5236\u65f6\u4f7f\u7528\u3002 Red Hat Enterprise Linux \uff08RHEL\uff09 \uff08\u82f1\u8bed\uff09 \u4e0e OpenStack \u517c\u5bb9\u7684 Linux \u53d1\u884c\u7248\u3002 \u53c2\u8003\u67b6\u6784 OpenStack \u4e91\u7684\u63a8\u8350\u67b6\u6784\u3002 \u533a\u57df \u5177\u6709\u4e13\u7528 API \u7aef\u70b9\u7684\u79bb\u6563 OpenStack \u73af\u5883\uff0c\u901a\u5e38\u4ec5\u4e0e\u5176\u4ed6\u533a\u57df\u5171\u4eab\u8eab\u4efd \uff08keystone\uff09\u3002 \u6ce8\u518c\u8868 \u5f71\u50cf\u670d\u52a1\u6ce8\u518c\u8868\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u6ce8\u518c\u8868\u670d\u52a1\u5668 \u5411\u5ba2\u6237\u7aef\u63d0\u4f9b\u865a\u62df\u673a\u955c\u50cf\u5143\u6570\u636e\u4fe1\u606f\u7684\u955c\u50cf\u670d\u52a1\u3002 \u53ef\u9760\u3001\u81ea\u4e3b\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8 \uff08\u96f7\u8fbe\uff09 \u5728 Ceph \u4e2d\u63d0\u4f9b\u5bf9\u8c61\u5b58\u50a8\u7684\u7ec4\u4ef6\u96c6\u5408\u3002\u7c7b\u4f3c\u4e8e OpenStack Object Storage\u3002 \u8fdc\u7a0b\u8fc7\u7a0b\u8c03\u7528 \uff08RPC\uff09 \u8ba1\u7b97RabbitMQ \u7528\u4e8e\u670d\u52a1\u5185\u901a\u4fe1\u7684\u65b9\u6cd5\u3002 \u526f\u672c \u901a\u8fc7\u521b\u5efa\u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61\u3001\u5e10\u6237\u548c\u5bb9\u5668\u7684\u526f\u672c\u6765\u63d0\u4f9b\u6570\u636e\u5197\u4f59\u548c\u5bb9\u9519\uff0c\u4ee5\u4fbf\u5728\u5e95\u5c42\u5b58\u50a8\u53d1\u751f\u6545\u969c\u65f6\u4e0d\u4f1a\u4e22\u5931\u5b83\u4eec\u3002 \u526f\u672c\u6570\u91cf \u5bf9\u8c61\u5b58\u50a8\u73af\u4e2d\u6570\u636e\u7684\u526f\u672c\u6570\u3002 \u590d\u5236 \u5c06\u6570\u636e\u590d\u5236\u5230\u5355\u72ec\u7684\u7269\u7406\u8bbe\u5907\u4ee5\u5b9e\u73b0\u5bb9\u9519\u548c\u6027\u80fd\u7684\u8fc7\u7a0b\u3002 \u590d\u5236\u5668 \u5bf9\u8c61\u5b58\u50a8\u540e\u7aef\u8fdb\u7a0b\uff0c\u7528\u4e8e\u521b\u5efa\u548c\u7ba1\u7406\u5bf9\u8c61\u526f\u672c\u3002 \u8bf7\u6c42 ID \u5206\u914d\u7ed9\u53d1\u9001\u5230\u8ba1\u7b97\u7684\u6bcf\u4e2a\u8bf7\u6c42\u7684\u552f\u4e00 ID\u3002 \u6551\u63f4\u6620\u50cf \u4e00\u79cd\u7279\u6b8a\u7c7b\u578b\u7684 VM \u6620\u50cf\uff0c\u5728\u5c06\u5b9e\u4f8b\u7f6e\u4e8e\u6551\u63f4\u6a21\u5f0f\u65f6\u542f\u52a8\u3002\u5141\u8bb8\u7ba1\u7406\u5458\u6302\u8f7d\u5b9e\u4f8b\u7684\u6587\u4ef6\u7cfb\u7edf\u4ee5\u66f4\u6b63\u95ee\u9898\u3002 \u8c03\u6574\u5927\u5c0f \u5c06\u73b0\u6709\u670d\u52a1\u5668\u8f6c\u6362\u4e3a\u5176\u4ed6\u98ce\u683c\uff0c\u4ece\u800c\u6269\u5c55\u6216\u7f29\u51cf\u670d\u52a1\u5668\u3002\u4fdd\u5b58\u539f\u59cb\u670d\u52a1\u5668\u4ee5\u5728\u51fa\u73b0\u95ee\u9898\u65f6\u542f\u7528\u56de\u6eda\u3002\u5fc5\u987b\u6d4b\u8bd5\u5e76\u660e\u786e\u786e\u8ba4\u6240\u6709\u8c03\u6574\u5927\u5c0f\uff0c\u6b64\u65f6\u5c06\u5220\u9664\u539f\u59cb\u670d\u52a1\u5668\u3002 RESTful \u4e00\u79cd\u4f7f\u7528 REST \u6216\u5177\u8c61\u72b6\u6001\u4f20\u8f93\u7684 Web \u670d\u52a1 API\u3002REST\u662f\u7528\u4e8e\u4e07\u7ef4\u7f51\u7684\u8d85\u5a92\u4f53\u7cfb\u7edf\u7684\u67b6\u6784\u98ce\u683c \u73af \u5c06\u5bf9\u8c61\u5b58\u50a8\u6570\u636e\u6620\u5c04\u5230\u5206\u533a\u7684\u5b9e\u4f53\u3002\u6bcf\u4e2a\u670d\u52a1\uff08\u4f8b\u5982\u5e10\u6237\u3001\u5bf9\u8c61\u548c\u5bb9\u5668\uff09\u90fd\u5b58\u5728\u4e00\u4e2a\u5355\u72ec\u7684\u73af\u3002 \u73af\u6784\u5efa\u5668 \u5728\u5bf9\u8c61\u5b58\u50a8\u4e2d\u6784\u5efa\u548c\u7ba1\u7406\u73af\uff0c\u4e3a\u8bbe\u5907\u5206\u914d\u5206\u533a\uff0c\u5e76\u5c06\u914d\u7f6e\u63a8\u9001\u5230\u5176\u4ed6\u5b58\u50a8\u8282\u70b9\u3002 Rocky OpenStack \u7b2c 18 \u7248\u7684\u4ee3\u53f7\u3002OpenStack\u5cf0\u4f1a\u5728\u52a0\u62ff\u5927\u6e29\u54e5\u534e\u4e3e\u884c\u3002\u8be5\u7248\u672c\u4ee5\u843d\u57fa\u5c71\u8109\u547d\u540d\u3002 \u89d2\u8272 \u7528\u6237\u4e3a\u6267\u884c\u4e00\u7ec4\u7279\u5b9a\u64cd\u4f5c\u800c\u5047\u5b9a\u7684\u4e2a\u6027\u3002\u89d2\u8272\u5305\u62ec\u4e00\u7ec4\u6743\u9650\u548c\u7279\u6743\u3002\u62c5\u4efb\u8be5\u89d2\u8272\u7684\u7528\u6237\u5c06\u7ee7\u627f\u8fd9\u4e9b\u6743\u5229\u548c\u7279\u6743\u3002 \u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236 \uff08RBAC\uff09 \u63d0\u4f9b\u7528\u6237\u53ef\u4ee5\u6267\u884c\u7684\u64cd\u4f5c\u7684\u9884\u5b9a\u4e49\u5217\u8868\uff0c\u4f8b\u5982\u542f\u52a8\u6216\u505c\u6b62 VM\u3001\u91cd\u7f6e\u5bc6\u7801\u7b49\u3002\u5728\u6807\u8bc6\u548c\u8ba1\u7b97\u4e2d\u5747\u53d7\u652f\u6301\uff0c\u53ef\u4ee5\u4f7f\u7528\u4eea\u8868\u677f\u8fdb\u884c\u914d\u7f6e\u3002 \u89d2\u8272 ID \u5206\u914d\u7ed9\u6bcf\u4e2a\u8eab\u4efd\u670d\u52a1\u89d2\u8272\u7684\u5b57\u6bcd\u6570\u5b57 ID\u3002 \u6839\u672c\u539f\u56e0\u5206\u6790\uff08RCA\uff09\u670d\u52a1\uff08Vitrage\uff09 OpenStack\u9879\u76ee\u65e8\u5728\u7ec4\u7ec7\u3001\u5206\u6790\u548c\u53ef\u89c6\u5316OpenStack\u8b66\u62a5\u548c\u4e8b\u4ef6\uff0c\u6df1\u5165\u4e86\u89e3\u95ee\u9898\u7684\u6839\u672c\u539f\u56e0\uff0c\u5e76\u5728\u76f4\u63a5\u68c0\u6d4b\u5230\u95ee\u9898\u4e4b\u524d\u63a8\u65ad\u51fa\u5b83\u4eec\u7684\u5b58\u5728\u3002 rootwrap \u8ba1\u7b97\u7684\u4e00\u9879\u529f\u80fd\uff0c\u5141\u8bb8\u975e\u7279\u6743\u201cnova\u201d\u7528\u6237\u4ee5 Linux root \u7528\u6237\u8eab\u4efd\u8fd0\u884c\u6307\u5b9a\u7684\u547d\u4ee4\u5217\u8868\u3002 \u5faa\u73af\u8c03\u5ea6\u5668 \u5728\u53ef\u7528\u4e3b\u673a\u4e4b\u95f4\u5747\u5300\u5206\u914d\u5b9e\u4f8b\u7684\u8ba1\u7b97\u8ba1\u5212\u7a0b\u5e8f\u7684\u7c7b\u578b\u3002 \u8def\u7531\u5668 \u5728\u4e0d\u540c\u7f51\u7edc\u4e4b\u95f4\u4f20\u9012\u7f51\u7edc\u6d41\u91cf\u7684\u7269\u7406\u6216\u865a\u62df\u7f51\u7edc\u8bbe\u5907\u3002 \u8def\u7531\u5bc6\u94a5 \u8ba1\u7b97\u76f4\u63a5\u4ea4\u6362\u3001\u6247\u51fa\u4ea4\u6362\u548c\u4e3b\u9898\u4ea4\u6362\u4f7f\u7528\u6b64\u5bc6\u94a5\u6765\u786e\u5b9a\u5982\u4f55\u5904\u7406\u6d88\u606f;\u5904\u7406\u65b9\u5f0f\u56e0 Exchange \u7c7b\u578b\u800c\u5f02\u3002 RPC \u9a71\u52a8\u7a0b\u5e8f \u6a21\u5757\u5316\u7cfb\u7edf\uff0c\u5141\u8bb8\u66f4\u6539 Compute \u7684\u5e95\u5c42\u6d88\u606f\u961f\u5217\u8f6f\u4ef6\u3002\u4f8b\u5982\uff0c\u4ece RabbitMQ \u5230 ZeroMQ \u6216 Qpid\u3002 rsync \u7531\u5bf9\u8c61\u5b58\u50a8\u7528\u4e8e\u63a8\u9001\u5bf9\u8c61\u526f\u672c\u3002 RXTX \u9650 \u5236 \u8ba1\u7b97 VM \u5b9e\u4f8b\u53ef\u4ee5\u53d1\u9001\u548c\u63a5\u6536\u7684\u7f51\u7edc\u6d41\u91cf\u7684\u7edd\u5bf9\u9650\u5236\u3002 RXTX \u914d\u989d \u5bf9\u8ba1\u7b97 VM \u5b9e\u4f8b\u53ef\u4ee5\u53d1\u9001\u548c\u63a5\u6536\u7684\u7f51\u7edc\u6d41\u91cf\u7684\u8f6f\u9650\u5236\u3002","title":"R"},{"location":"security/security-guide/#s","text":"sahara \u6570\u636e\u5904\u7406\u670d\u52a1\u7684\u4ee3\u53f7\u3002 SAML \u65ad\u8a00 \u5305\u542b\u6807\u8bc6\u63d0\u4f9b\u8005\u63d0\u4f9b\u7684\u6709\u5173\u7528\u6237\u7684\u4fe1\u606f\u3002\u8fd9\u8868\u793a\u7528\u6237\u5df2\u901a\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u3002 \u6c99\u76d2 \u4e00\u4e2a\u865a\u62df\u7a7a\u95f4\uff0c\u53ef\u4ee5\u5728\u5176\u4e2d\u5b89\u5168\u5730\u8fd0\u884c\u65b0\u7684\u6216\u672a\u7ecf\u6d4b\u8bd5\u7684\u8f6f\u4ef6\u3002 \u8c03\u5ea6\u5668\u7ba1\u7406\u5668 \u4e00\u4e2a\u8ba1\u7b97\u7ec4\u4ef6\uff0c\u7528\u4e8e\u786e\u5b9a VM \u5b9e\u4f8b\u7684\u542f\u52a8\u4f4d\u7f6e\u3002\u91c7\u7528\u6a21\u5757\u5316\u8bbe\u8ba1\uff0c\u652f\u6301\u591a\u79cd\u8c03\u5ea6\u7a0b\u5e8f\u7c7b\u578b\u3002 \u4f5c\u7528\u57df\u4ee4\u724c \u4e0e\u7279\u5b9a\u9879\u76ee\u5173\u8054\u7684\u8eab\u4efd\u670d\u52a1 API \u8bbf\u95ee\u4ee4\u724c\u3002 \u6d17\u6da4\u5668 \u68c0\u67e5\u5e76\u5220\u9664\u672a\u4f7f\u7528\u7684\u865a\u62df\u673a;\u5b9e\u73b0\u5ef6\u8fdf\u5220\u9664\u7684\u5f71\u50cf\u670d\u52a1\u7ec4\u4ef6\u3002 \u5bc6\u94a5 \u53ea\u6709\u7528\u6237\u77e5\u9053\u7684\u6587\u672c\u5b57\u7b26\u4e32;\u4e0e\u8bbf\u95ee\u5bc6\u94a5\u4e00\u8d77\u4f7f\u7528\uff0c\u4ee5\u5411\u8ba1\u7b97 API \u53d1\u51fa\u8bf7\u6c42\u3002 \u5b89\u5168\u542f\u52a8 \u7cfb\u7edf\u56fa\u4ef6\u9a8c\u8bc1\u542f\u52a8\u8fc7\u7a0b\u4e2d\u6d89\u53ca\u7684\u4ee3\u7801\u7684\u771f\u5b9e\u6027\u7684\u8fc7\u7a0b\u3002 \u5b89\u5168\u5916\u58f3 \uff08SSH\uff09 \u7528\u4e8e\u901a\u8fc7\u52a0\u5bc6\u901a\u4fe1\u901a\u9053\u8bbf\u95ee\u8fdc\u7a0b\u4e3b\u673a\u7684\u5f00\u6e90\u5de5\u5177\uff0c\u8ba1\u7b97\u652f\u6301 SSH \u5bc6\u94a5\u6ce8\u5165\u3002 \u5b89\u5168\u7ec4 \u5e94\u7528\u4e8e\u8ba1\u7b97\u5b9e\u4f8b\u7684\u4e00\u7ec4\u7f51\u7edc\u6d41\u91cf\u7b5b\u9009\u89c4\u5219\u3002 \u5206\u6bb5\u5bf9\u8c61 \u5df2\u5206\u89e3\u4e3a\u591a\u4e2a\u90e8\u5206\u7684\u5bf9\u8c61\u5b58\u50a8\u5927\u578b\u5bf9\u8c61\u3002\u91cd\u65b0\u7ec4\u5408\u7684\u5bf9\u8c61\u79f0\u4e3a\u4e32\u8054\u5bf9\u8c61\u3002 \u81ea\u52a9\u670d\u52a1 \u5bf9\u4e8e IaaS\uff0c\u5e38\u89c4\uff08\u975e\u7279\u6743\uff09\u5e10\u6237\u80fd\u591f\u5728\u4e0d\u6d89\u53ca\u7ba1\u7406\u5458\u7684\u60c5\u51b5\u4e0b\u7ba1\u7406\u865a\u62df\u57fa\u7840\u67b6\u6784\u7ec4\u4ef6\uff08\u5982\u7f51\u7edc\uff09\u3002 SELinux \u51fd\u6570 Linux \u5185\u6838\u5b89\u5168\u6a21\u5757\uff0c\u63d0\u4f9b\u7528\u4e8e\u652f\u6301\u8bbf\u95ee\u63a7\u5236\u7b56\u7565\u7684\u673a\u5236\u3002 senlin \u7fa4\u96c6\u670d\u52a1\u7684\u4ee3\u7801\u540d\u79f0\u3002 \u670d\u52a1\u5668 \u4e3a\u8be5\u7cfb\u7edf\u4e0a\u8fd0\u884c\u7684\u5ba2\u6237\u7aef\u8f6f\u4ef6\u63d0\u4f9b\u663e\u5f0f\u670d\u52a1\u7684\u8ba1\u7b97\u673a\uff0c\u901a\u5e38\u7ba1\u7406\u5404\u79cd\u8ba1\u7b97\u673a\u64cd\u4f5c\u3002\u670d\u52a1\u5668\u662f\u8ba1\u7b97\u7cfb\u7edf\u4e2d\u7684 VM \u5b9e\u4f8b\u3002\u98ce\u683c\u548c\u56fe\u50cf\u662f\u521b\u5efa\u670d\u52a1\u5668\u65f6\u7684\u5fc5\u8981\u5143\u7d20\u3002 \u670d\u52a1\u5668\u6620\u50cf VM \u6620\u50cf\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u670d\u52a1\u5668 UUID \u5206\u914d\u7ed9\u6bcf\u4e2a\u6765\u5bbe VM \u5b9e\u4f8b\u7684\u552f\u4e00 ID\u3002 \u670d\u52a1 OpenStack \u670d\u52a1\uff0c\u4f8b\u5982\u8ba1\u7b97\u3001\u5bf9\u8c61\u5b58\u50a8\u6216\u6620\u50cf\u670d\u52a1\u3002\u63d0\u4f9b\u4e00\u4e2a\u6216\u591a\u4e2a\u7aef\u70b9\uff0c\u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u8fd9\u4e9b\u7aef\u70b9\u8bbf\u95ee\u8d44\u6e90\u548c\u6267\u884c\u64cd\u4f5c\u3002 \u670d\u52a1\u76ee\u5f55 Identity \u670d\u52a1\u76ee\u5f55\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u670d\u52a1\u529f\u80fd\u94fe \uff08SFC\uff09 \u5bf9\u4e8e\u7ed9\u5b9a\u7684\u670d\u52a1\uff0cSFC \u662f\u6240\u9700\u670d\u52a1\u529f\u80fd\u53ca\u5176\u5e94\u7528\u987a\u5e8f\u7684\u62bd\u8c61\u89c6\u56fe\u3002 \u670d\u52a1 ID \u5206\u914d\u7ed9 Identity \u670d\u52a1\u76ee\u5f55\u4e2d\u53ef\u7528\u7684\u6bcf\u4e2a\u670d\u52a1\u7684\u552f\u4e00 ID\u3002 \u670d\u52a1\u6c34\u5e73\u534f\u8bae \uff08SLA\uff09 \u786e\u4fdd\u670d\u52a1\u53ef\u7528\u6027\u7684\u5408\u540c\u4e49\u52a1\u3002 \u670d\u52a1\u9879\u76ee \u5305\u542b\u76ee\u5f55\u4e2d\u5217\u51fa\u7684\u6240\u6709\u670d\u52a1\u7684\u7279\u6b8a\u9879\u76ee\u3002 \u670d\u52a1\u63d0\u4f9b\u8005 \u5411\u5176\u4ed6\u7cfb\u7edf\u5b9e\u4f53\u63d0\u4f9b\u670d\u52a1\u7684\u7cfb\u7edf\u3002\u5728\u8054\u5408\u8eab\u4efd\u7684\u60c5\u51b5\u4e0b\uff0cOpenStack \u8eab\u4efd\u662f\u670d\u52a1\u63d0\u4f9b\u8005\u3002 \u670d\u52a1\u6ce8\u518c \u4e00\u79cd\u8eab\u4efd\u670d\u52a1\u529f\u80fd\uff0c\u4f7f\u670d\u52a1\uff08\u5982\u8ba1\u7b97\uff09\u80fd\u591f\u81ea\u52a8\u6ce8\u518c\u5230\u76ee\u5f55\u3002 \u670d\u52a1\u4ee4\u724c \u7ba1\u7406\u5458\u5b9a\u4e49\u7684\u4ee4\u724c\uff0c\u7531\u8ba1\u7b97\u7528\u4e8e\u4e0e\u8eab\u4efd\u670d\u52a1\u8fdb\u884c\u5b89\u5168\u901a\u4fe1\u3002 \u4f1a\u8bdd\u540e\u7aef Horizon \u7528\u4e8e\u8ddf\u8e2a\u5ba2\u6237\u7aef\u4f1a\u8bdd\u7684\u5b58\u50a8\u65b9\u6cd5\uff0c\u4f8b\u5982\u672c\u5730\u5185\u5b58\u3001Cookie\u3001\u6570\u636e\u5e93\u6216 memcached\u3002 \u4f1a\u8bdd\u6301\u4e45\u5316 \u8d1f\u8f7d\u5e73\u8861\u670d\u52a1\u7684\u4e00\u9879\u529f\u80fd\u3002\u53ea\u8981\u67d0\u4e2a\u670d\u52a1\u5904\u4e8e\u8054\u673a\u72b6\u6001\uff0c\u5b83\u5c31\u4f1a\u5c1d\u8bd5\u5f3a\u5236\u5c06\u670d\u52a1\u7684\u540e\u7eed\u8fde\u63a5\u91cd\u5b9a\u5411\u5230\u540c\u4e00\u8282\u70b9\u3002 \u4f1a\u8bdd\u5b58\u50a8 \u7528\u4e8e\u5b58\u50a8\u548c\u8ddf\u8e2a\u5ba2\u6237\u7aef\u4f1a\u8bdd\u4fe1\u606f\u7684 Horizon \u7ec4\u4ef6\u3002\u901a\u8fc7 Django \u4f1a\u8bdd\u6846\u67b6\u5b9e\u73b0\u3002 \u5171\u4eab \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4e0a\u4e0b\u6587\u4e2d\u7684\u8fdc\u7a0b\u53ef\u6302\u8f7d\u6587\u4ef6\u7cfb\u7edf\u3002\u60a8\u53ef\u4ee5\u4e00\u6b21\u5c06\u5171\u4eab\u88c5\u8f7d\u5230\u591a\u4e2a\u4e3b\u673a\uff0c\u4e5f\u53ef\u4ee5\u7531\u591a\u4e2a\u7528\u6237\u4ece\u591a\u4e2a\u4e3b\u673a\u8bbf\u95ee\u5171\u4eab\u3002 \u5171\u4eab\u7f51\u7edc \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4e0a\u4e0b\u6587\u4e2d\u7684\u5b9e\u4f53\uff0c\u7528\u4e8e\u5c01\u88c5\u4e0e\u7f51\u7edc\u670d\u52a1\u7684\u4ea4\u4e92\u3002\u5982\u679c\u6240\u9009\u9a71\u52a8\u7a0b\u5e8f\u5728\u9700\u8981\u6b64\u7c7b\u4ea4\u4e92\u7684\u6a21\u5f0f\u4e0b\u8fd0\u884c\uff0c\u5219\u9700\u8981\u6307\u5b9a\u5171\u4eab\u7f51\u7edc\u4ee5\u521b\u5efa\u5171\u4eab\u3002 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf API \u63d0\u4f9b\u7a33\u5b9a RESTful API \u7684\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u3002\u8be5\u670d\u52a1\u5728\u6574\u4e2a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4e2d\u5bf9\u8bf7\u6c42\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u548c\u8def\u7531\u3002\u6709 python-manilaclient \u53ef\u4ee5\u4e0e API \u4ea4\u4e92\u3002 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\uff08manila\uff09 \u8be5\u670d\u52a1\u63d0\u4f9b\u4e00\u7ec4\u670d\u52a1\uff0c\u7528\u4e8e\u7ba1\u7406\u591a\u9879\u76ee\u4e91\u73af\u5883\u4e2d\u7684\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\uff0c\u7c7b\u4f3c\u4e8e OpenStack \u901a\u8fc7 OpenStack Block Storage \u670d\u52a1\u9879\u76ee\u63d0\u4f9b\u57fa\u4e8e\u5757\u7684\u5b58\u50a8\u7ba1\u7406\u3002\u4f7f\u7528\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\uff0c\u60a8\u53ef\u4ee5\u521b\u5efa\u8fdc\u7a0b\u6587\u4ef6\u7cfb\u7edf\u5e76\u5c06\u6587\u4ef6\u7cfb\u7edf\u6302\u8f7d\u5230\u60a8\u7684\u5b9e\u4f8b\u4e0a\u3002\u60a8\u8fd8\u53ef\u4ee5\u5728\u6587\u4ef6\u7cfb\u7edf\u4e2d\u8bfb\u53d6\u548c\u5199\u5165\u5b9e\u4f8b\u4e2d\u7684\u6570\u636e\u3002 \u5171\u4eab IP \u5730\u5740 \u53ef\u5206\u914d\u7ed9\u5171\u4eab IP \u7ec4\u4e2d\u7684 VM \u5b9e\u4f8b\u7684 IP \u5730\u5740\u3002\u516c\u5171 IP \u5730\u5740\u53ef\u4ee5\u5728\u591a\u4e2a\u670d\u52a1\u5668\u4e4b\u95f4\u5171\u4eab\uff0c\u4ee5\u4fbf\u5728\u5404\u79cd\u9ad8\u53ef\u7528\u6027\u65b9\u6848\u4e2d\u4f7f\u7528\u3002\u5f53 IP \u5730\u5740\u5171\u4eab\u5230\u53e6\u4e00\u53f0\u670d\u52a1\u5668\u65f6\uff0c\u5c06\u4fee\u6539\u4e91\u7f51\u7edc\u9650\u5236\uff0c\u4f7f\u6bcf\u4e2a\u670d\u52a1\u5668\u90fd\u80fd\u4fa6\u542c\u548c\u54cd\u5e94\u8be5 IP \u5730\u5740\u3002\u60a8\u53ef\u4ee5\u9009\u62e9\u6307\u5b9a\u4fee\u6539\u76ee\u6807\u670d\u52a1\u5668\u7f51\u7edc\u914d\u7f6e\u3002\u5171\u4eab IP \u5730\u5740\u53ef\u4ee5\u4e0e\u8bb8\u591a\u6807\u51c6\u68c0\u6d4b\u4fe1\u53f7\u5de5\u5177\uff08\u5982 keepalive\uff09\u4e00\u8d77\u4f7f\u7528\uff0c\u8fd9\u4e9b\u5de5\u5177\u53ef\u76d1\u89c6\u6545\u969c\u5e76\u7ba1\u7406 IP \u6545\u969c\u8f6c\u79fb\u3002 \u5171\u4eab IP \u7ec4 \u53ef\u4ee5\u4e0e\u7ec4\u7684\u5176\u4ed6\u6210\u5458\u5171\u4eab IP \u7684\u670d\u52a1\u5668\u96c6\u5408\u3002\u7ec4\u4e2d\u7684\u4efb\u4f55\u670d\u52a1\u5668\u90fd\u53ef\u4ee5\u4e0e\u7ec4\u4e2d\u7684\u4efb\u4f55\u5176\u4ed6\u670d\u52a1\u5668\u5171\u4eab\u4e00\u4e2a\u6216\u591a\u4e2a\u516c\u5171 IP\u3002\u9664\u4e86\u5171\u4eab IP \u7ec4\u4e2d\u7684\u7b2c\u4e00\u53f0\u670d\u52a1\u5668\u5916\uff0c\u670d\u52a1\u5668\u5fc5\u987b\u542f\u52a8\u5230\u5171\u4eab IP \u7ec4\u4e2d\u3002\u4e00\u53f0\u670d\u52a1\u5668\u53ea\u80fd\u662f\u4e00\u4e2a\u5171\u4eab IP \u7ec4\u7684\u6210\u5458\u3002 \u5171\u4eab\u5b58\u50a8 \u53ef\u7531\u591a\u4e2a\u5ba2\u6237\u7aef\u540c\u65f6\u8bbf\u95ee\u7684\u5757\u5b58\u50a8\uff0c\u4f8b\u5982 NFS\u3002 Sheepdog \u9762\u5411 QEMU \u7684\u5206\u5e03\u5f0f\u5757\u5b58\u50a8\u7cfb\u7edf\uff0c\u7531 OpenStack \u63d0\u4f9b\u652f\u6301\u3002 \u7b80\u5355\u4e91\u8eab\u4efd\u7ba1\u7406 \uff08SCIM\uff09 \u7528\u4e8e\u5728\u4e91\u4e2d\u7ba1\u7406\u8eab\u4efd\u7684\u89c4\u8303\uff0c\u76ee\u524d\u4e0d\u53d7 OpenStack \u652f\u6301\u3002 \u72ec\u7acb\u8ba1\u7b97\u73af\u5883\u7684\u7b80\u5355\u534f\u8bae \uff08SPICE\uff09 SPICE \u63d0\u4f9b\u5bf9\u5ba2\u6237\u673a\u865a\u62df\u673a\u7684\u8fdc\u7a0b\u684c\u9762\u8bbf\u95ee\u3002\u5b83\u662f VNC \u7684\u66ff\u4ee3\u54c1\u3002OpenStack\u652f\u6301SPICE\u3002 \u5355\u6839 I/O \u865a\u62df\u5316 \uff08SR-IOV\uff09 \u5f53\u7531\u7269\u7406 PCIe \u8bbe\u5907\u5b9e\u73b0\u65f6\uff0c\u8be5\u89c4\u8303\u4f7f\u5176\u80fd\u591f\u663e\u793a\u4e3a\u591a\u4e2a\u5355\u72ec\u7684 PCIe \u8bbe\u5907\u3002\u8fd9\u4f7f\u591a\u4e2a\u865a\u62df\u5316\u5ba2\u6237\u673a\u80fd\u591f\u5171\u4eab\u5bf9\u7269\u7406\u8bbe\u5907\u7684\u76f4\u63a5\u8bbf\u95ee\uff0c\u4ece\u800c\u63d0\u4f9b\u6bd4\u7b49\u6548\u865a\u62df\u8bbe\u5907\u66f4\u9ad8\u7684\u6027\u80fd\u3002\u76ee\u524d\u5728 OpenStack Havana \u53ca\u66f4\u9ad8\u7248\u672c\u4e2d\u53d7\u652f\u6301\u3002 SmokeStack \u9488\u5bf9\u6838\u5fc3 OpenStack API \u8fd0\u884c\u81ea\u52a8\u5316\u6d4b\u8bd5;\u7528 Rails \u7f16\u5199\u3002 \u5feb\u7167 OpenStack \u5b58\u50a8\u5377\u6216\u6620\u50cf\u7684\u65f6\u95f4\u70b9\u526f\u672c\u3002\u4f7f\u7528\u5b58\u50a8\u5377\u5feb\u7167\u5907\u4efd\u5377\u3002\u4f7f\u7528\u6620\u50cf\u5feb\u7167\u6765\u5907\u4efd\u6570\u636e\uff0c\u6216\u4f5c\u4e3a\u5176\u4ed6\u670d\u52a1\u5668\u7684\u201c\u9ec4\u91d1\u201d\u6620\u50cf\u3002 \u8f6f\u91cd\u542f \u901a\u8fc7\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6b63\u786e\u91cd\u542f VM \u5b9e\u4f8b\u7684\u53d7\u63a7\u91cd\u542f\u3002 \u8f6f\u4ef6\u5f00\u53d1\u5de5\u5177\u5305 \uff08SDK\uff09 \u5305\u542b\u4ee3\u7801\u3001\u793a\u4f8b\u548c\u6587\u6863\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528\u8fd9\u4e9b\u4ee3\u7801\u3001\u793a\u4f8b\u548c\u6587\u6863\u4ee5\u6240\u9009\u8bed\u8a00\u521b\u5efa\u5e94\u7528\u7a0b\u5e8f\u3002 \u8f6f\u4ef6\u5f00\u53d1\u751f\u547d\u5468\u671f\u81ea\u52a8\u5316\u670d\u52a1\uff08solum\uff09 OpenStack\u9879\u76ee\uff0c\u65e8\u5728\u901a\u8fc7\u81ea\u52a8\u5316\u4ece\u6e90\u5230\u6620\u50cf\u7684\u8fc7\u7a0b\uff0c\u5e76\u7b80\u5316\u4ee5\u5e94\u7528\u7a0b\u5e8f\u4e3a\u4e2d\u5fc3\u7684\u90e8\u7f72\uff0c\u4f7f\u4e91\u670d\u52a1\u66f4\u6613\u4e8e\u4f7f\u7528\u5e76\u4e0e\u5e94\u7528\u7a0b\u5e8f\u5f00\u53d1\u8fc7\u7a0b\u96c6\u6210\u3002 \u8f6f\u4ef6\u5b9a\u4e49\u7f51\u7edc \uff08SDN\uff09 \u4e3a\u7f51\u7edc\u7ba1\u7406\u5458\u63d0\u4f9b\u4e00\u79cd\u65b9\u6cd5\uff0c\u901a\u8fc7\u62bd\u8c61\u8f83\u4f4e\u7ea7\u522b\u7684\u529f\u80fd\u6765\u7ba1\u7406\u8ba1\u7b97\u673a\u7f51\u7edc\u670d\u52a1\u3002 SolidFire \u5377\u9a71\u52a8\u7a0b\u5e8f SolidFire iSCSI \u5b58\u50a8\u8bbe\u5907\u7684\u5757\u5b58\u50a8\u9a71\u52a8\u7a0b\u5e8f\u3002 solum \u8f6f\u4ef6\u5f00\u53d1\u751f\u547d\u5468\u671f\u81ea\u52a8\u5316\u670d\u52a1\u7684\u4ee3\u53f7\u3002 \u70b9\u5dee\u4f18\u5148\u8c03\u5ea6\u5668 \u8ba1\u7b97 VM \u8ba1\u5212\u7b97\u6cd5\uff0c\u5c1d\u8bd5\u4ee5\u6700\u5c0f\u7684\u8d1f\u8f7d\u5728\u4e3b\u673a\u4e0a\u542f\u52a8\u65b0 VM\u3002 SQLAlchemy \u7528\u4e8e Python \u7684\u5f00\u6e90 SQL \u5de5\u5177\u5305\uff0c\u7528\u4e8e OpenStack\u3002 SQLite \u4e00\u4e2a\u8f7b\u91cf\u7ea7\u7684 SQL \u6570\u636e\u5e93\uff0c\u5728\u8bb8\u591a OpenStack \u670d\u52a1\u4e2d\u7528\u4f5c\u9ed8\u8ba4\u7684\u6301\u4e45\u5316\u5b58\u50a8\u65b9\u6cd5\u3002 \u5806\u6808 \u7531\u7f16\u6392\u670d\u52a1\u6839\u636e\u7ed9\u5b9a\u6a21\u677f\uff08AWS CloudFormation \u6a21\u677f\u6216 Heat \u7f16\u6392\u6a21\u677f \uff08HOT\uff09\uff09\u521b\u5efa\u548c\u7ba1\u7406\u7684\u4e00\u7ec4 OpenStack \u8d44\u6e90\u3002 StackTach \u6355\u83b7\u8ba1\u7b97 AMQP \u901a\u4fe1\u7684\u793e\u533a\u9879\u76ee;\u5bf9\u8c03\u8bd5\u5f88\u6709\u7528\u3002 \u9759\u6001 IP \u5730\u5740 \u56fa\u5b9a IP \u5730\u5740\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u9759\u6001\u7f51\u9875 \u5bf9\u8c61\u5b58\u50a8\u7684 WSGI \u4e2d\u95f4\u4ef6\u7ec4\u4ef6\uff0c\u5c06\u5bb9\u5668\u6570\u636e\u4f5c\u4e3a\u9759\u6001\u7f51\u9875\u63d0\u4f9b\u3002 Stein OpenStack \u7b2c 19 \u7248\u7684\u4ee3\u53f7\u3002OpenStack\u5cf0\u4f1a\u5728\u5fb7\u56fd\u67cf\u6797\u4e3e\u884c\u3002\u8be5\u7248\u672c\u4ee5\u67cf\u6797\u7684 Steinstra\u00dfe \u8857\u547d\u540d\u3002 \u5b58\u50a8\u540e\u7aef \u670d\u52a1\u7528\u4e8e\u6301\u4e45\u6027\u5b58\u50a8\u7684\u65b9\u6cd5\uff0c\u4f8b\u5982 iSCSI\u3001NFS \u6216\u672c\u5730\u78c1\u76d8\u3002 \u5b58\u50a8\u7ba1\u7406\u5668 \u4e00\u4e2a XenAPI \u7ec4\u4ef6\uff0c\u5b83\u63d0\u4f9b\u53ef\u63d2\u5165\u63a5\u53e3\u4ee5\u652f\u6301\u5404\u79cd\u6301\u4e45\u6027\u5b58\u50a8\u540e\u7aef\u3002 \u5b58\u50a8\u7ba1\u7406\u5668\u540e\u7aef XenAPI \u652f\u6301\u7684\u6301\u4e45\u6027\u5b58\u50a8\u65b9\u6cd5\uff0c\u4f8b\u5982 iSCSI \u6216 NFS\u3002 \u5b58\u50a8\u8282\u70b9 \u63d0\u4f9b\u5bb9\u5668\u670d\u52a1\u3001\u8d26\u6237\u670d\u52a1\u548c\u5bf9\u8c61\u670d\u52a1\u7684\u5bf9\u8c61\u5b58\u50a8\u8282\u70b9;\u63a7\u5236\u5e10\u6237\u6570\u636e\u5e93\u3001\u5bb9\u5668\u6570\u636e\u5e93\u548c\u5bf9\u8c61\u5b58\u50a8\u3002 \u5b58\u50a8\u670d\u52a1 \u63d0\u4f9b\u5bb9\u5668\u670d\u52a1\u3001\u8d26\u6237\u670d\u52a1\u548c\u5bf9\u8c61\u670d\u52a1\u7684\u5bf9\u8c61\u5b58\u50a8\u8282\u70b9;\u63a7\u5236\u5e10\u6237\u6570\u636e\u5e93\u3001\u5bb9\u5668\u6570\u636e\u5e93\u548c\u5bf9\u8c61\u5b58\u50a8\u3002 \u5b58\u50a8\u670d\u52a1 \u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61\u670d\u52a1\u3001\u5bb9\u5668\u670d\u52a1\u548c\u5e10\u6237\u670d\u52a1\u7684\u96c6\u5408\u540d\u79f0\u3002 \u7b56\u7565 \u6307\u5b9a\u955c\u50cf\u670d\u52a1\u6216\u8eab\u4efd\u4f7f\u7528\u7684\u8ba4\u8bc1\u6e90\u3002\u5728\u6570\u636e\u5e93\u670d\u52a1\u4e2d\uff0c\u5b83\u662f\u6307\u4e3a\u6570\u636e\u5b58\u50a8\u5b9e\u73b0\u7684\u6269\u5c55\u3002 \u5b50\u57df \u7236\u57df\u4e2d\u7684\u57df\u3002\u65e0\u6cd5\u6ce8\u518c\u5b50\u57df\u3002\u5b50\u57df\u4f7f\u60a8\u80fd\u591f\u59d4\u6d3e\u57df\u3002\u5b50\u57df\u672c\u8eab\u53ef\u4ee5\u6709\u5b50\u57df\uff0c\u56e0\u6b64\u53ef\u4ee5\u8fdb\u884c\u4e09\u7ea7\u3001\u56db\u7ea7\u3001\u4e94\u7ea7\u548c\u66f4\u6df1\u7ea7\u522b\u7684\u5d4c\u5957\u3002 \u5b50\u7f51 IP \u7f51\u7edc\u7684\u903b\u8f91\u7ec6\u5206\u3002 SUSE Linux Enterprise Server \uff08SLES\uff09 \uff08\u82f1\u8bed\uff09 \u4e0e OpenStack \u517c\u5bb9\u7684 Linux \u53d1\u884c\u7248\u3002 \u6302\u8d77 \u865a\u62df\u673a\u5b9e\u4f8b\u5c06\u6682\u505c\uff0c\u5176\u72b6\u6001\u5c06\u4fdd\u5b58\u5230\u4e3b\u673a\u7684\u78c1\u76d8\u4e2d\u3002 \u4ea4\u6362 \u64cd\u4f5c\u7cfb\u7edf\u4f7f\u7528\u7684\u57fa\u4e8e\u78c1\u76d8\u7684\u865a\u62df\u5185\u5b58\uff0c\u7528\u4e8e\u63d0\u4f9b\u6bd4\u7cfb\u7edf\u4e0a\u5b9e\u9645\u53ef\u7528\u7684\u5185\u5b58\u66f4\u591a\u7684\u5185\u5b58\u3002 swift OpenStack \u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u7684\u4ee3\u53f7\u3002 swift \u591a\u5408\u4e00 \uff08SAIO\uff09 Swift \u4e2d\u95f4\u4ef6 \u63d0\u4f9b\u9644\u52a0\u529f\u80fd\u7684\u5bf9\u8c61\u5b58\u50a8\u7ec4\u4ef6\u7684\u7edf\u79f0\u3002 Swift \u4ee3\u7406\u670d\u52a1\u5668 \u5145\u5f53\u5bf9\u8c61\u5b58\u50a8\u7684\u7f51\u5b88\uff0c\u5e76\u8d1f\u8d23\u5bf9\u7528\u6237\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002 Swift \u5b58\u50a8\u8282\u70b9 \u8fd0\u884c\u5bf9\u8c61\u5b58\u50a8\u5e10\u6237\u3001\u5bb9\u5668\u548c\u5bf9\u8c61\u670d\u52a1\u7684\u8282\u70b9\u3002 \u540c\u6b65\u70b9 \u81ea\u4e0a\u6b21\u5bb9\u5668\u548c\u5e10\u6237\u6570\u636e\u5e93\u5728\u5bf9\u8c61\u5b58\u50a8\u4e2d\u7684\u8282\u70b9\u4e4b\u95f4\u540c\u6b65\u4ee5\u6765\u7684\u65f6\u95f4\u70b9\u3002 \u7cfb\u7edf\u7ba1\u7406\u5458 \u8ba1\u7b97 RBAC \u7cfb\u7edf\u4e2d\u7684\u9ed8\u8ba4\u89d2\u8272\u4e4b\u4e00\u3002\u4f7f\u7528\u6237\u80fd\u591f\u5c06\u5176\u4ed6\u7528\u6237\u6dfb\u52a0\u5230\u9879\u76ee\u4e2d\uff0c\u4e0e\u4e0e\u9879\u76ee\u5173\u8054\u7684 VM \u6620\u50cf\u8fdb\u884c\u4ea4\u4e92\uff0c\u4ee5\u53ca\u542f\u52a8\u548c\u505c\u6b62 VM \u5b9e\u4f8b\u3002 \u7cfb\u7edf\u4f7f\u7528\u60c5\u51b5 \u4e00\u4e2a\u8ba1\u7b97\u7ec4\u4ef6\uff0c\u5b83\u4e0e\u901a\u77e5\u7cfb\u7edf\u4e00\u8d77\u6536\u96c6\u8ba1\u91cf\u548c\u4f7f\u7528\u60c5\u51b5\u4fe1\u606f\u3002\u6b64\u4fe1\u606f\u53ef\u7528\u4e8e\u8ba1\u8d39\u3002","title":"S"},{"location":"security/security-guide/#t","text":"Tacker NFV \u7f16\u6392\u670d\u52a1\u7684\u4ee3\u7801\u540d\u79f0 \u9065\u6d4b\u670d\u52a1\uff08telemetry\uff09 OpenStack\u9879\u76ee\u6536\u96c6\u5305\u542b\u5df2\u90e8\u7f72\u4e91\u7684\u7269\u7406\u548c\u865a\u62df\u8d44\u6e90\u5229\u7528\u7387\u7684\u6d4b\u91cf\u503c\uff0c\u4fdd\u7559\u6b64\u6570\u636e\u4ee5\u4f9b\u540e\u7eed\u68c0\u7d22\u548c\u5206\u6790\uff0c\u5e76\u5728\u6ee1\u8db3\u5b9a\u4e49\u7684\u6761\u4ef6\u65f6\u89e6\u53d1\u64cd\u4f5c\u3002 TempAuth \u51fd\u6570 Object Storage\u4e2d\u7684\u4e00\u79cd\u8eab\u4efd\u9a8c\u8bc1\u5de5\u5177\uff0c\u4f7fObject Storage\u672c\u8eab\u80fd\u591f\u6267\u884c\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743\u3002\u7ecf\u5e38\u7528\u4e8e\u6d4b\u8bd5\u548c\u5f00\u53d1\u3002 Tempest \u81ea\u52a8\u5316\u8f6f\u4ef6\u6d4b\u8bd5\u5957\u4ef6\uff0c\u65e8\u5728\u9488\u5bf9 OpenStack \u6838\u5fc3\u9879\u76ee\u7684\u4e3b\u5e72\u8fd0\u884c\u3002 TempURL \u4e00\u4e2a\u5bf9\u8c61\u5b58\u50a8\u4e2d\u95f4\u4ef6\u7ec4\u4ef6\uff0c\u7528\u4e8e\u521b\u5efa\u7528\u4e8e\u4e34\u65f6\u5bf9\u8c61\u8bbf\u95ee\u7684 URL\u3002 \u79df\u6237 \u4e00\u7ec4\u7528\u6237;\u7528\u4e8e\u9694\u79bb\u5bf9\u8ba1\u7b97\u8d44\u6e90\u7684\u8bbf\u95ee\u3002\u9879\u76ee\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u79df\u6237 API \u9879\u76ee\u53ef\u8bbf\u95ee\u7684 API\u3002 \u79df\u6237\u7aef\u70b9 \u4e0e\u4e00\u4e2a\u6216\u591a\u4e2a\u9879\u76ee\u5173\u8054\u7684\u8eab\u4efd\u670d\u52a1 API \u7aef\u70b9\u3002 \u79df\u6237 ID \u9879\u76ee ID \u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u4ee4\u724c \u7528\u4e8e\u8bbf\u95ee OpenStack API \u548c\u8d44\u6e90\u7684\u5b57\u6bcd\u6570\u5b57\u6587\u672c\u5b57\u7b26\u4e32\u3002 \u4ee4\u724c\u670d\u52a1 \u4e00\u4e2a\u8eab\u4efd\u670d\u52a1\u7ec4\u4ef6\uff0c\u7528\u4e8e\u5728\u7528\u6237\u6216\u9879\u76ee\u901a\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u540e\u7ba1\u7406\u548c\u9a8c\u8bc1\u4ee4\u724c\u3002 \u903b\u8f91\u5220\u9664 \u7528\u4e8e\u6807\u8bb0\u5df2\u5220\u9664\u7684\u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61;\u786e\u4fdd\u5bf9\u8c61\u5728\u5220\u9664\u540e\u4e0d\u4f1a\u5728\u53e6\u4e00\u4e2a\u8282\u70b9\u4e0a\u66f4\u65b0\u3002 \u4e3b\u9898\u53d1\u5e03\u8005 \u6267\u884c RPC \u8c03\u7528\u65f6\u521b\u5efa\u7684\u8fdb\u7a0b;\u7528\u4e8e\u5c06\u6d88\u606f\u63a8\u9001\u5230\u4e3b\u9898\u4ea4\u6362\u3002 Torpedo \u7528\u4e8e\u9488\u5bf9 OpenStack API \u8fd0\u884c\u81ea\u52a8\u5316\u6d4b\u8bd5\u7684\u793e\u533a\u9879\u76ee\u3002 Train OpenStack \u7b2c 20 \u7248\u7684\u4ee3\u53f7\u3002OpenStack \u57fa\u7840\u67b6\u6784\u5cf0\u4f1a\u5728\u7f8e\u56fd\u79d1\u7f57\u62c9\u591a\u5dde\u4e39\u4f5b\u5e02\u4e3e\u884c\u3002 \u4e39\u4f5b\u7684\u4e24\u6b21\u9879\u76ee\u56e2\u961f\u805a\u4f1a\u4f1a\u8bae\u5728\u4ece\u5e02\u4e2d\u5fc3\u5230\u673a\u573a\u7684\u706b\u8f66\u7ebf\u65c1\u8fb9\u7684\u4e00\u5bb6\u9152\u5e97\u4e3e\u884c\u3002\u90a3\u91cc\u7684\u4ea4\u53c9\u4fe1\u53f7\u706f\u8fc7\u53bb\u66fe\u51fa\u73b0\u8fc7\u67d0\u79cd\u6545\u969c\uff0c\u5bfc\u81f4\u5b83\u4eec\u5728\u706b\u8f66\u6b63\u5e38\u9a76\u6765\u65f6\u6ca1\u6709\u505c\u4e0b\u8f66\u53a2\u3002\u56e0\u6b64\uff0c\u706b\u8f66\u5728\u7ecf\u8fc7\u8be5\u5730\u533a\u65f6\u5fc5\u987b\u9e23\u5587\u53ed\u3002\u663e\u7136\uff0c\u4f4f\u5728\u9152\u5e97\u91cc\uff0c\u4e58\u5750\u706b\u8f6624/7\u5439\u5587\u53ed\uff0c\u4e0d\u592a\u7406\u60f3\u3002\u7ed3\u679c\uff0c\u51fa\u73b0\u4e86\u8bb8\u591a\u5173\u4e8e\u4e39\u4f5b\u548c\u706b\u8f66\u7684\u7b11\u8bdd\u2014\u2014\u56e0\u6b64\u8fd9\u4e2a\u7248\u672c\u88ab\u79f0\u4e3a\u706b\u8f66\u3002 \u4ea4\u6613 ID \u5206\u914d\u7ed9\u6bcf\u4e2a\u5bf9\u8c61\u5b58\u50a8\u8bf7\u6c42\u7684\u552f\u4e00 ID;\u7528\u4e8e\u8c03\u8bd5\u548c\u8ddf\u8e2a\u3002 \u77ac\u6001 \u975e\u8010\u7528\u54c1\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u77ac\u6001\u4ea4\u6362 \u975e\u6301\u4e45\u4ea4\u6362\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u77ac\u6001\u6d88\u606f \u5b58\u50a8\u5728\u5185\u5b58\u4e2d\u5e76\u5728\u670d\u52a1\u5668\u91cd\u65b0\u542f\u52a8\u540e\u4e22\u5931\u7684\u6d88\u606f\u3002 \u77ac\u6001\u961f\u5217 \u975e\u6301\u4e45\u961f\u5217\u7684\u66ff\u4ee3\u672f\u8bed\u3002 TripleO OpenStack-on-OpenStack \u7a0b\u5e8f\u3002OpenStack Deployment \u7a0b\u5e8f\u7684\u4ee3\u53f7\u3002 Trove OpenStack \u6570\u636e\u5e93\u670d\u52a1\u7684\u4ee3\u53f7\u3002 \u53ef\u4fe1\u5e73\u53f0\u6a21\u5757\uff08TPM\uff09 \u4e13\u7528\u5fae\u5904\u7406\u5668\uff0c\u7528\u4e8e\u5c06\u52a0\u5bc6\u5bc6\u94a5\u6574\u5408\u5230\u8bbe\u5907\u4e2d\uff0c\u4ee5\u9a8c\u8bc1\u548c\u4fdd\u62a4\u786c\u4ef6\u5e73\u53f0\u3002","title":"T"},{"location":"security/security-guide/#u","text":"Ubuntu \u57fa\u4e8e Debian \u7684 Linux \u53d1\u884c\u7248\u3002 \u65e0\u4f5c\u7528\u57df\u4ee4\u724c Identity \u670d\u52a1\u9ed8\u8ba4\u4ee4\u724c\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u66f4\u65b0\u5668 \u4e00\u7ec4\u5bf9\u8c61\u5b58\u50a8\u7ec4\u4ef6\u7684\u7edf\u79f0\uff0c\u7528\u4e8e\u5904\u7406\u5bb9\u5668\u548c\u5bf9\u8c61\u7684\u6392\u961f\u548c\u5931\u8d25\u7684\u66f4\u65b0\u3002 \u7528\u6237 \u5728 OpenStack Identity \u4e2d\uff0c\u5b9e\u4f53\u4ee3\u8868\u5355\u4e2a API \u4f7f\u7528\u8005\uff0c\u5e76\u7531\u7279\u5b9a\u57df\u62e5\u6709\u3002\u5728 OpenStack \u8ba1\u7b97\u4e2d\uff0c\u7528\u6237\u53ef\u4ee5\u4e0e\u89d2\u8272\u548c/\u6216\u9879\u76ee\u76f8\u5173\u8054\u3002 \u7528\u6237\u6570\u636e \u7528\u6237\u5728\u542f\u52a8\u5b9e\u4f8b\u65f6\u53ef\u4ee5\u6307\u5b9a\u7684\u6570\u636e Blob\u3002\u5b9e\u4f8b\u53ef\u4ee5\u901a\u8fc7\u5143\u6570\u636e\u670d\u52a1\u6216\u914d\u7f6e\u9a71\u52a8\u5668\u8bbf\u95ee\u6b64\u6570\u636e\u3002\u901a\u5e38\u7528\u4e8e\u4f20\u9012\u5b9e\u4f8b\u5728\u542f\u52a8\u65f6\u8fd0\u884c\u7684 shell \u811a\u672c\u3002 \u7528\u6237\u6a21\u5f0f Linux \uff08UML\uff09 \u652f\u6301 OpenStack \u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002 Ussuri OpenStack \u7b2c 21 \u7248\u7684\u4ee3\u53f7\u3002OpenStack\u57fa\u7840\u8bbe\u65bd\u5cf0\u4f1a\u5728\u4e2d\u534e\u4eba\u6c11\u5171\u548c\u56fd\u4e0a\u6d77\u4e3e\u884c\u3002\u8be5\u7248\u672c\u4ee5\u4e4c\u82cf\u91cc\u6cb3\u547d\u540d\u3002","title":"U"},{"location":"security/security-guide/#v","text":"Victoria OpenStack \u7b2c 22 \u7248\u7684\u4ee3\u53f7\u3002OpenDev + PTG \u8ba1\u5212\u5728\u52a0\u62ff\u5927\u4e0d\u5217\u98a0\u54e5\u4f26\u6bd4\u4e9a\u7701\u6e29\u54e5\u534e\u4e3e\u884c\u3002\u8be5\u7248\u672c\u4ee5\u4e0d\u5217\u98a0\u54e5\u4f26\u6bd4\u4e9a\u7701\u9996\u5e9c\u7ef4\u591a\u5229\u4e9a\u547d\u540d\u3002 \u7531\u4e8e COVID-19\uff0c\u73b0\u573a\u6d3b\u52a8\u88ab\u53d6\u6d88\u3002\u8be5\u4e8b\u4ef6\u6b63\u5728\u865a\u62df\u5316\u3002 VIF UUID \u5206\u914d\u7ed9\u6bcf\u4e2a\u7f51\u7edc VIF \u7684\u552f\u4e00 ID\u3002 \u865a\u62df\u4e2d\u592e\u5904\u7406\u5668 \uff08vCPU\uff09 \u7ec6\u5206\u7269\u7406 CPU\u3002\u7136\u540e\uff0c\u5b9e\u4f8b\u53ef\u4ee5\u4f7f\u7528\u8fd9\u4e9b\u5206\u533a\u3002 \u865a\u62df\u78c1\u76d8\u6620\u50cf \uff08VDI\uff09 \u6620\u50cf\u670d\u52a1\u652f\u6301\u7684\u865a\u62df\u673a\u6620\u50cf\u78c1\u76d8\u683c\u5f0f\u4e4b\u4e00\u3002 \u865a\u62df\u53ef\u6269\u5c55\u5c40\u57df\u7f51 \uff08VXLAN\uff09 \u4e00\u79cd\u7f51\u7edc\u865a\u62df\u5316\u6280\u672f\uff0c\u8bd5\u56fe\u51cf\u5c11\u4e0e\u5927\u578b\u4e91\u8ba1\u7b97\u90e8\u7f72\u76f8\u5173\u7684\u53ef\u4f38\u7f29\u6027\u95ee\u9898\u3002\u5b83\u4f7f\u7528\u7c7b\u4f3c VLAN \u7684\u5c01\u88c5\u6280\u672f\u5c06\u4ee5\u592a\u7f51\u5e27\u5c01\u88c5\u5728 UDP \u6570\u636e\u5305\u4e2d\u3002 \u865a\u62df\u786c\u76d8 \uff08VHD\uff09 \u955c\u50cf\u670d\u52a1\u652f\u6301\u7684\u865a\u62df\u673a\u955c\u50cf\u78c1\u76d8\u683c\u5f0f\u4e4b\u4e00\u3002 \u865a\u62df IP \u5730\u5740 \uff08VIP\uff09 \u5728\u8d1f\u8f7d\u5e73\u8861\u5668\u4e0a\u914d\u7f6e\u7684 Internet \u534f\u8bae \uff08IP\uff09 \u5730\u5740\uff0c\u4f9b\u8fde\u63a5\u5230\u8d1f\u8f7d\u5e73\u8861\u670d\u52a1\u7684\u5ba2\u6237\u7aef\u4f7f\u7528\u3002\u4f20\u5165\u8fde\u63a5\u5c06\u6839\u636e\u8d1f\u8f7d\u5747\u8861\u5668\u7684\u914d\u7f6e\u5206\u53d1\u5230\u540e\u7aef\u8282\u70b9\u3002 \u865a\u62df\u673a \uff08VM\uff09 \u5728\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u4e0a\u8fd0\u884c\u7684\u64cd\u4f5c\u7cfb\u7edf\u5b9e\u4f8b\u3002\u591a\u4e2a VM \u53ef\u4ee5\u5728\u540c\u4e00\u7269\u7406\u4e3b\u673a\u4e0a\u540c\u65f6\u8fd0\u884c\u3002 \u865a\u62df\u7f51\u7edc \u7f51\u7edc\u4e2d\u7684 L2 \u7f51\u6bb5\u3002 \u865a\u62df\u7f51\u7edc\u8ba1\u7b97 \uff08VNC\uff09 \u7528\u4e8e\u8fdc\u7a0b\u63a7\u5236\u53f0\u8bbf\u95ee VM \u7684\u5f00\u6e90 GUI \u548c CLI \u5de5\u5177\u3002 \u865a\u62df\u7f51\u7edc\u63a5\u53e3 \uff08VIF\uff09 \u63d2\u5165\u7f51\u7edc\u7f51\u7edc\u4e2d\u7684\u7aef\u53e3\u7684\u63a5\u53e3\u3002\u901a\u5e38\u5c5e\u4e8e VM \u7684\u865a\u62df\u7f51\u7edc\u63a5\u53e3\u3002 \u865a\u62df\u7f51\u7edc \u4f7f\u7528\u7269\u7406\u7f51\u7edc\u57fa\u7840\u67b6\u6784\u4e0a\u7684\u865a\u62df\u673a\u548c\u8986\u76d6\u7f51\u7edc\u7ec4\u5408\u5b9e\u73b0\u7f51\u7edc\u529f\u80fd\u865a\u62df\u5316\uff08\u5982\u4ea4\u6362\u3001\u8def\u7531\u3001\u8d1f\u8f7d\u5e73\u8861\u548c\u5b89\u5168\u6027\uff09\u7684\u901a\u7528\u672f\u8bed\u3002 \u865a\u62df\u7aef\u53e3 \u865a\u62df\u63a5\u53e3\u8fde\u63a5\u5230\u865a\u62df\u7f51\u7edc\u7684\u8fde\u63a5\u70b9\u3002 \u865a\u62df\u4e13\u7528\u7f51\u7edc \uff08VPN\uff09 \u7531 Compute \u4ee5 cloudpipes \u7684\u5f62\u5f0f\u63d0\u4f9b\uff0c\u8fd9\u4e9b\u4e13\u7528\u5b9e\u4f8b\u7528\u4e8e\u6309\u9879\u76ee\u521b\u5efa VPN\u3002 \u865a\u62df\u670d\u52a1\u5668 VM \u6216\u6765\u5bbe\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u865a\u62df\u4ea4\u6362\u673a \uff08vSwitch\uff09 \u5728\u4e3b\u673a\u6216\u8282\u70b9\u4e0a\u8fd0\u884c\u5e76\u63d0\u4f9b\u57fa\u4e8e\u786c\u4ef6\u7684\u7f51\u7edc\u4ea4\u6362\u673a\u7684\u7279\u6027\u548c\u529f\u80fd\u7684\u8f6f\u4ef6\u3002 \u865a\u62df VLAN \u865a\u62df\u7f51\u7edc\u7684\u66ff\u4ee3\u672f\u8bed\u3002 VirtualBox \u652f\u6301 OpenStack \u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002 Vitrage Root Cause Analysis\u670d\u52a1\u7684\u4ee3\u7801\u540d\u79f0\u3002 VLAN \u7ba1\u7406\u5668 \u4e00\u4e2a Compute \u7ec4\u4ef6\uff0c\u5b83\u63d0\u4f9b dnsmasq \u548c radvd\uff0c\u5e76\u8bbe\u7f6e\u4e0e cloudpipe \u5b9e\u4f8b\u4e4b\u95f4\u7684\u8f6c\u53d1\u3002 VLAN \u7f51\u7edc \u7f51\u7edc\u63a7\u5236\u5668\u63d0\u4f9b\u865a\u62df\u7f51\u7edc\uff0c\u4f7f\u8ba1\u7b97\u670d\u52a1\u5668\u80fd\u591f\u76f8\u4e92\u4ea4\u4e92\u4ee5\u53ca\u4e0e\u516c\u7528\u7f51\u7edc\u4ea4\u4e92\u3002\u6240\u6709\u8ba1\u7b97\u673a\u90fd\u5fc5\u987b\u5177\u6709\u516c\u5171\u548c\u4e13\u7528\u7f51\u7edc\u63a5\u53e3\u3002VLAN \u7f51\u7edc\u662f\u4e00\u4e2a\u4e13\u7528\u7f51\u7edc\u63a5\u53e3\uff0c\u7531 VLAN \u7ba1\u7406\u5668 vlan_interface \u9009\u9879\u63a7\u5236\u3002 \u865a\u62df\u673a\u78c1\u76d8\uff08VMDK\uff09 \u955c\u50cf\u670d\u52a1\u652f\u6301\u7684\u865a\u62df\u673a\u955c\u50cf\u78c1\u76d8\u683c\u5f0f\u4e4b\u4e00\u3002 \u865a\u62df\u673a\u6620\u50cf \u6620\u50cf\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u865a\u62df\u673a\u8fdc\u7a0b\u63a7\u5236 \uff08VMRC\uff09 \u4f7f\u7528 Web \u6d4f\u89c8\u5668\u8bbf\u95ee VM \u5b9e\u4f8b\u63a7\u5236\u53f0\u7684\u65b9\u6cd5\u3002\u7531\u8ba1\u7b97\u652f\u6301\u3002 VMware API \u63a5\u53e3 \u652f\u6301\u5728\u8ba1\u7b97\u4e2d\u4e0e VMware \u4ea7\u54c1\u8fdb\u884c\u4ea4\u4e92\u3002 VMware NSX Neutron \u63d2\u4ef6 \u5728 Neutron \u4e2d\u63d0\u4f9b\u5bf9 VMware NSX \u7684\u652f\u6301\u3002 VNC \u4ee3\u7406 \u4e00\u4e2a\u8ba1\u7b97\u7ec4\u4ef6\uff0c\u5141\u8bb8\u7528\u6237\u901a\u8fc7 VNC \u6216 VMRC \u8bbf\u95ee\u5176 VM \u5b9e\u4f8b\u7684\u63a7\u5236\u53f0\u3002 \u5377 \u57fa\u4e8e\u78c1\u76d8\u7684\u6570\u636e\u5b58\u50a8\u901a\u5e38\u8868\u793a\u4e3a\u5177\u6709\u652f\u6301\u6269\u5c55\u5c5e\u6027\u7684\u6587\u4ef6\u7cfb\u7edf\u7684 iSCSI \u76ee\u6807;\u53ef\u4ee5\u662f\u6301\u4e45\u7684\uff0c\u4e5f\u53ef\u4ee5\u662f\u77ed\u6682\u7684\u3002 \u5377 API \u5757\u5b58\u50a8 API \u7684\u66ff\u4ee3\u540d\u79f0\u3002 \u5377\u63a7\u5236\u5668 \u4e00\u4e2a\u5757\u5b58\u50a8\u7ec4\u4ef6\uff0c\u7528\u4e8e\u76d1\u7763\u548c\u534f\u8c03\u5b58\u50a8\u5377\u64cd\u4f5c\u3002 \u5377\u9a71\u52a8\u7a0b\u5e8f \u5377\u63d2\u4ef6\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u5377 ID \u5e94\u7528\u4e8e\u5757\u5b58\u50a8\u63a7\u5236\u4e0b\u6bcf\u4e2a\u5b58\u50a8\u5377\u7684\u552f\u4e00 ID\u3002 \u5377\u7ba1\u7406\u5668 \u7528\u4e8e\u521b\u5efa\u3001\u9644\u52a0\u548c\u5206\u79bb\u6301\u4e45\u6027\u5b58\u50a8\u5377\u7684\u5757\u5b58\u50a8\u7ec4\u4ef6\u3002 \u5377\u8282\u70b9 \u8fd0\u884c cinder-volume \u5b88\u62a4\u7a0b\u5e8f\u7684\u5757\u5b58\u50a8\u8282\u70b9\u3002 \u5377\u63d2\u4ef6 \u4e3a\u5757\u5b58\u50a8\u5377\u7ba1\u7406\u5668\u63d0\u4f9b\u5bf9\u65b0\u578b\u548c\u4e13\u7528\u540e\u7aef\u5b58\u50a8\u7c7b\u578b\u7684\u652f\u6301\u3002 \u5377\u5de5\u4f5c\u5668 \u4e00\u4e2a cinder \u7ec4\u4ef6\uff0c\u5b83\u4e0e\u540e\u7aef\u5b58\u50a8\u4ea4\u4e92\uff0c\u4ee5\u7ba1\u7406\u5377\u7684\u521b\u5efa\u548c\u5220\u9664\u4ee5\u53ca\u8ba1\u7b97\u5377\u7684\u521b\u5efa\uff0c\u7531 cinder-volume \u5b88\u62a4\u7a0b\u5e8f\u63d0\u4f9b\u3002 vSphere \u652f\u6301 OpenStack \u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002","title":"V"},{"location":"security/security-guide/#w","text":"Wallaby OpenStack \u7b2c 23 \u7248\u7684\u4ee3\u53f7\u3002\u5c0f\u888b\u9f20\u539f\u4ea7\u4e8e\u6fb3\u5927\u5229\u4e9a\uff0c\u5728\u8fd9\u4e2a\u547d\u540d\u671f\u5f00\u59cb\u65f6\uff0c\u6fb3\u5927\u5229\u4e9a\u6b63\u5728\u7ecf\u5386\u524d\u6240\u672a\u6709\u7684\u91ce\u706b\u3002 Watcher \u57fa\u7840\u7ed3\u6784\u4f18\u5316\u670d\u52a1\u7684\u4ee3\u53f7\u3002 \u6743\u91cd \u5bf9\u8c61\u5b58\u50a8\u8bbe\u5907\u7528\u4e8e\u786e\u5b9a\u54ea\u4e9b\u5b58\u50a8\u8bbe\u5907\u9002\u5408\u4f5c\u4e1a\u3002\u8bbe\u5907\u6309\u5927\u5c0f\u52a0\u6743\u3002 \u52a0\u6743\u6210\u672c \u51b3\u5b9a\u5728\u8ba1\u7b97\u4e2d\u542f\u52a8\u65b0 VM \u5b9e\u4f8b\u7684\u4f4d\u7f6e\u65f6\u6240\u4f7f\u7528\u7684\u6bcf\u4e2a\u6210\u672c\u7684\u603b\u548c\u3002 \u52a0\u6743 \u4e00\u4e2a\u8ba1\u7b97\u8fc7\u7a0b\uff0c\u7528\u4e8e\u786e\u5b9a VM \u5b9e\u4f8b\u662f\u5426\u9002\u5408\u7279\u5b9a\u4e3b\u673a\u7684\u4f5c\u4e1a\u3002\u4f8b\u5982\uff0c\u4e3b\u673a\u4e0a\u7684 RAM \u4e0d\u8db3\u3001\u4e3b\u673a\u4e0a\u7684 CPU \u8fc7\u591a\u7b49\u3002 \u5de5\u4f5c\u8005 \u4fa6\u542c\u961f\u5217\u5e76\u6267\u884c\u4efb\u52a1\u4ee5\u54cd\u5e94\u6d88\u606f\u7684\u5b88\u62a4\u7a0b\u5e8f\u3002\u4f8b\u5982\uff0c cinder-volume worker \u7ba1\u7406\u5b58\u50a8\u9635\u5217\u4e0a\u7684\u5377\u521b\u5efa\u548c\u5220\u9664\u3002 \u5de5\u4f5c\u6d41\u670d\u52a1 \uff08mistral\uff09 OpenStack\u670d\u52a1\u63d0\u4f9b\u4e86\u4e00\u79cd\u57fa\u4e8eYAML\u7684\u7b80\u5355\u8bed\u8a00\u6765\u7f16\u5199\u5de5\u4f5c\u6d41\uff08\u4efb\u52a1\u548c\u8f6c\u6362\u89c4\u5219\uff09\uff0c\u4ee5\u53ca\u4e00\u79cd\u5141\u8bb8\u4e0a\u4f20\u3001\u4fee\u6539\u3001\u5927\u89c4\u6a21\u548c\u9ad8\u5ea6\u53ef\u7528\u7684\u65b9\u5f0f\u8fd0\u884c\u5b83\u4eec\u3001\u7ba1\u7406\u548c\u76d1\u63a7\u5de5\u4f5c\u6d41\u6267\u884c\u72b6\u6001\u548c\u5355\u4e2a\u4efb\u52a1\u72b6\u6001\u7684\u670d\u52a1\u3002","title":"W"},{"location":"security/security-guide/#x","text":"X.509 X.509 \u662f\u5b9a\u4e49\u6570\u5b57\u8bc1\u4e66\u7684\u6700\u5e7f\u6cdb\u4f7f\u7528\u7684\u6807\u51c6\u3002\u5b83\u662f\u4e00\u79cd\u6570\u636e\u7ed3\u6784\uff0c\u5305\u542b\u4e3b\u9898\uff08\u5b9e\u4f53\uff09\u53ef\u8bc6\u522b\u4fe1\u606f\uff0c\u4f8b\u5982\u5176\u540d\u79f0\u53ca\u5176\u516c\u94a5\u3002\u8bc1\u4e66\u8fd8\u53ef\u4ee5\u5305\u542b\u4e00\u4e9b\u5176\u4ed6\u5c5e\u6027\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u7248\u672c\u3002X.509 \u7684\u6700\u65b0\u6807\u51c6\u7248\u672c\u662f v3\u3002 Xen Xen \u662f\u4e00\u4e2a\u4f7f\u7528\u5fae\u5185\u6838\u8bbe\u8ba1\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\uff0c\u5b83\u63d0\u4f9b\u7684\u670d\u52a1\u5141\u8bb8\u591a\u4e2a\u8ba1\u7b97\u673a\u64cd\u4f5c\u7cfb\u7edf\u5728\u540c\u4e00\u8ba1\u7b97\u673a\u786c\u4ef6\u4e0a\u540c\u65f6\u6267\u884c\u3002 Xen API Xen \u7ba1\u7406 API\uff0c\u53d7 Compute \u652f\u6301\u3002 Xen \u4e91\u5e73\u53f0 \uff08XCP\uff09 \u652f\u6301 OpenStack \u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002 Xen Storage Manager \u5377\u9a71\u52a8\u7a0b\u5e8f \u652f\u6301\u4e0e Xen Storage Manager API \u8fdb\u884c\u901a\u4fe1\u7684\u5757\u5b58\u50a8\u5377\u63d2\u4ef6\u3002 Xena OpenStack \u7b2c 24 \u7248\u7684\u4ee3\u53f7\u3002\u8be5\u7248\u672c\u4ee5\u865a\u6784\u7684\u6218\u58eb\u516c\u4e3b\u547d\u540d\u3002 XenServer An OpenStack-supported hypervisor. \u652f\u6301 OpenStack \u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002 XFS \u51fd\u6570 \u7531 Silicon Graphics \u521b\u5efa\u7684\u9ad8\u6027\u80fd 64 \u4f4d\u6587\u4ef6\u7cfb\u7edf\u3002\u5728\u5e76\u884c I/O \u64cd\u4f5c\u548c\u6570\u636e\u4e00\u81f4\u6027\u65b9\u9762\u8868\u73b0\u51fa\u8272\u3002","title":"X"},{"location":"security/security-guide/#y","text":"Yoga OpenStack \u7b2c 25 \u7248\u7684\u4ee3\u53f7\u3002\u8be5\u7248\u672c\u4ee5\u6765\u81ea\u5370\u5ea6\u7684\u4e00\u6240\u54f2\u5b66\u5b66\u6821\u547d\u540d\uff0c\u8be5\u5b66\u6821\u5177\u6709\u5fc3\u7406\u548c\u8eab\u4f53\u5b9e\u8df5\u3002","title":"Y"},{"location":"security/security-guide/#z","text":"Yoga \u6d88\u606f\u670d\u52a1\u7684\u4ee3\u53f7\u3002 Zed OpenStack \u7b2c 26 \u7248\u7684\u4ee3\u53f7\u3002\u8be5\u7248\u672c\u4ee5\u5b57\u6bcd Z \u7684\u53d1\u97f3\u547d\u540d\u3002 ZeroMQ OpenStack \u652f\u6301\u7684\u6d88\u606f\u961f\u5217\u8f6f\u4ef6\u3002RabbitMQ \u7684\u66ff\u4ee3\u54c1\u3002\u4e5f\u62fc\u5199\u4e3a 0MQ\u3002 Zuul Zuul \u662f\u4e00\u4e2a\u5f00\u6e90 CI/CD \u5e73\u53f0\uff0c\u4e13\u95e8\u7528\u4e8e\u5728\u767b\u9646\u5355\u4e2a\u8865\u4e01\u4e4b\u524d\u8de8\u591a\u4e2a\u7cfb\u7edf\u548c\u5e94\u7528\u7a0b\u5e8f\u8fdb\u884c\u95e8\u63a7\u66f4\u6539\u3002 Zuul \u7528\u4e8e OpenStack \u5f00\u53d1\uff0c\u4ee5\u786e\u4fdd\u53ea\u6709\u7ecf\u8fc7\u6d4b\u8bd5\u7684\u4ee3\u7801\u624d\u4f1a\u88ab\u5408\u5e76\u3002","title":"Z"},{"location":"spec/distributed-traffic/","text":"\u6d41\u91cf\u5206\u6563 \u00b6 \u6982\u8ff0 \u00b6 OpenStack\u4e3a\u7528\u6237\u63d0\u4f9b\u8ba1\u7b97\u548c\u7f51\u7edc\u670d\u52a1\u3002\u7528\u6237\u521b\u5efa\u865a\u62df\u673a\u5e76\u8fde\u63a5Router\u53ef\u4ee5\u8bbf\u95ee\u5916\u90e8\u7f51\u7edc\uff0c\u540c\u65f6\u53ef\u4ee5\u5f00\u542f\u6d6e\u52a8IP\u7684\u7aef\u53e3\u6620\u5c04\uff0c\u8ba9\u5916\u90e8\u7f51\u7edc\u7684\u8bbe\u5907\u8bbf\u95ee\u865a\u62df\u673a\u5185\u90e8\u7684\u670d\u52a1\u3002\u4f46\u4e0e\u6b64\u540c\u65f6\uff0c\u968f\u7740\u865a\u62df\u673a\u548c\u6d6e\u52a8IP \u7aef\u53e3\u6620\u5c04\u7684\u6570\u91cf\u7684\u589e\u591a\uff0c\u7f51\u7edc\u8282\u70b9\u7684\u538b\u529b\u4e5f\u8d8a\u6765\u8d8a\u5927\uff0c\u5fc5\u987b\u627e\u5230\u5206\u6563\u7f51\u7edc\u8282\u70b9\u6d41\u91cf\uff0c\u758f\u89e3\u7f51\u7edc\u8282\u70b9\u538b\u529b\u7684\u65b9\u6cd5\u3002\u672c\u65b9\u6848\u5b9e\u73b0\u4e86\u5728OpenStack\u73af\u5883\u4e2d\u5c06\u7f51\u7edc\u8282\u70b9\u6d41\u91cf\u5206\u6563\uff0c\u4fdd\u8bc1\u517c\u5bb9\u652f\u6301L3 HA\u548cDVR\uff0c\u540c\u65f6\u53c8\u5c06\u7f51\u7edc\u8d44\u6e90\u4f7f\u7528\u6700\u5c0f\u5316\u3002 \u80cc\u666f \u00b6 \u7528\u6237\u521b\u5efa\u865a\u62df\u673a\u5e76\u8fde\u63a5Router\u7684\u57fa\u672c\u6d41\u7a0b\u5982\u4e0b\u3002 \u7528\u6237\u63d0\u524d\u521b\u5efa\u5185\u90e8\u7f51\u7edc\u548c\u5916\u90e8\u7f51\u7edc\u3002 \u521b\u5efaRouter\u65f6\u6307\u5b9aExternal Gateway\u4e3a\u63d0\u524d\u521b\u5efa\u7684\u5916\u90e8\u7f51\u7edc\u3002 \u5c06Router\u548c\u521b\u5efa\u597d\u7684\u5185\u90e8\u7f51\u7edc\u8fdb\u884c\u8fde\u63a5\u3002 \u521b\u5efa\u865a\u62df\u673a\u5b9e\u4f8b\u65f6\u6307\u5b9a\u5185\u90e8\u7f51\u7edc\u3002 \u5229\u7528\u521b\u5efa\u7684\u5916\u90e8\u7f51\u7edc\u521b\u5efa\u6d6e\u52a8IP\u3002 \u4e3a\u865a\u62df\u673a\u5b9e\u4f8b\u5f00\u542f\u6d6e\u52a8IP\u7aef\u53e3\u6620\u5c04\u3002 \u7ecf\u8fc7\u4e0a\u9762\u7684\u64cd\u4f5c\uff0c\u7528\u6237\u521b\u5efa\u7684\u865a\u62df\u673a\u5b9e\u4f8b\u53ef\u4ee5\u8bbf\u95ee\u5230\u5916\u90e8\u7f51\u7edc\uff0c\u5916\u90e8\u7f51\u7edc\u7684\u8bbe\u5907\u4e5f\u53ef\u4ee5\u6839\u636e\u6d6e\u52a8IP\u6307\u5b9a\u7684\u7aef\u53e3\u8bbf\u95ee\u865a\u62df\u673a\u5b9e\u4f8b\u5185\u90e8\u7684\u670d\u52a1\u3002 \u5728\u4e00\u4e2a\u57fa\u672c\u7684OpenStack\u73af\u5883\u4e2d\u865a\u62df\u673a\u5b9e\u4f8b\u7684\u6d41\u91cf\u8d70\u5411\u5982\u4e0b\u6240\u793a\u3002 \u5728\u7528\u6237\u521b\u5efa\u5b8c\u591a\u4e2a\u5b9e\u4f8b\u540e\uff0c\u865a\u62df\u673a\u5b9e\u4f8b\u53ef\u80fd\u4f1a\u5747\u5300\u5206\u5e03\u5728\u5404\u4e2a\u8ba1\u7b97\u8282\u70b9\uff0c\u865a\u62df\u673a\u7684\u6d41\u91cf\u8d70\u5411\u53ef\u80fd\u5982\u4e0b\u56fe\u6240\u793a\u3002 \u53ef\u4ee5\u770b\u5230\uff0c\u4e0d\u8bba\u865a\u62df\u673a\u7684\u4e1c\u897f\u6d41\u91cf\u8fd8\u662f\u5357\u5317\u6d41\u91cf\u90fd\u4f1a\u7ecf\u8fc7Network-1\u8282\u70b9\uff0c\u8fd9\u65e0\u7591\u52a0\u5927\u4e86\u7f51\u7edc\u8282\u70b9\u7684\u8d1f\u8f7d\uff0c\u540c\u65f6\u5f53\u7f51\u7edc\u8282\u70b9\u53d1\u751f\u6545\u969c\u65f6\u4e0d\u80fd\u5f88\u597d\u7684\u8fdb\u884c\u6545\u969c\u6062\u590d\u3002 \u90a3\u4e48\u662f\u5426\u53ef\u4ee5\u5c06\u540c\u4e00\u5b50\u7f51\u7ed1\u5b9a\u591a\u4e2aRouter\uff0c\u5728OpenStack\u4e2d\u540c\u4e00\u5b50\u7f51\u53ef\u4ee5\u7ed1\u5b9a\u591a\u4e2aRouter\uff0c\u4f46\u662f\u5b50\u7f51\u5728\u7ed1\u5b9aRouter\u65f6\u9ed8\u8ba4\u4f1a\u5c06\u5b50\u7f51\u7684\u7f51\u5173\u5730\u5740\u7ed1\u5b9a\u5230Router\u4e0a\uff0c\u4e00\u4e2a\u5b50\u7f51\u53ea\u6709\u4e00\u4e2a\u7f51\u5173\u5730\u5740\uff0c\u540c\u65f6\u8fd9\u4e2a\u7f51\u5173\u5730\u5740\u53c8\u4f1a\u5728DHCP\u670d\u52a1\u4e2d\u7528\u5230\uff0c\u7528\u4e8e\u7ed9\u865a\u62df\u673a\u5b9e\u4f8b\u63d0\u4f9b\u4e0b\u4e00\u8df3\u7684\u7f51\u5173\u5730\u5740\uff0c\u4e8e\u662f\u4e4e\u5373\u4f7f\u5c06\u5b50\u7f51\u7ed1\u5b9a\u5230\u591a\u4e2aRouter\u4e0a\uff0c\u865a\u62df\u673a\u5185\u90e8\u4e0b\u4e00\u8df3\u7684\u7f51\u5173\u5730\u5740\u8fd8\u4f1a\u662f\u5b50\u7f51\u7684\u7f51\u5173\u5730\u5740\uff0c\u800c\u4e14Router\u9009\u62e9\u7684\u7f51\u7edc\u8282\u70b9\u7528\u6237\u662f\u4e0d\u53ef\u63a7\u7684\uff0c\u96be\u514d\u4f1a\u51fa\u73b0\u867d\u7136\u5b50\u7f51\u7ed1\u5b9a\u4e86\u4e24\u4e2aRouter\uff0c\u4f46\u662f\u8fd9\u4e24\u4e2aRouter\u5728\u540c\u4e00\u4e2a\u7f51\u7edc\u8282\u70b9\u4e0a\u7684\u5c34\u5c2c\u573a\u9762\u3002 \u4e3a\u4e86\u5206\u6563\u6d41\u91cfOpenStack\u6709\u5e94\u5bf9\u7684\u7b56\u7565\uff0c\u53ef\u4ee5\u5c06neutron\u7684DVR\u529f\u80fd\u6253\u5f00\uff0c\u4e3a\u9884\u9632\u7f51\u7edc\u8282\u70b9\u7684\u5355\u70b9\u6545\u969c\u4e5f\u53ef\u4ee5\u6253\u5f00neutron\u7684L3 HA\uff0c\u4f46\u662f\u4e0a\u8ff0\u65b9\u6cd5\u4e5f\u6709\u5b83\u4eec\u7684\u5c40\u9650\u6027\u3002 DVR\u7684\u6d41\u91cf\u5206\u6563\u6709\u6bd4\u8f83\u5927\u7684\u5c40\u9650\u6027\uff0c\u539f\u56e0\u6709\u4ee5\u4e0b\u51e0\u70b9\u3002 DVR\u53ea\u662f\u4f5c\u7528\u4e8e\u540c\u4e00Router\u4e0b\u4e0d\u540c\u8ba1\u7b97\u8282\u70b9\u7684\u865a\u62df\u673a\u5b9e\u4f8b\u4e4b\u95f4\u7684\u4e1c\u897f\u6d41\u91cf\uff0c\u5df2\u7ecf\u7ed1\u5b9a\u6d6e\u52a8IP\u865a\u62df\u673a\u7684\u5357\u5317\u6d41\u91cf\uff0c\u5bf9\u4e8e\u672a\u7ed1\u5b9a\u6d6e\u52a8IP\u7684\u865a\u62df\u673a\u8bbf\u95ee\u5916\u90e8\u7f51\u7edc\u4f9d\u636e\u9700\u8981\u7ecf\u8fc7\u7f51\u7edc\u8282\u70b9\u3002 \u751f\u4ea7\u73af\u5883\u4e0b\uff0c\u7ed9\u6bcf\u4e2a\u865a\u62df\u673a\u90fd\u7ed1\u5b9a\u6d6e\u52a8IP\u662f\u4e0d\u5207\u5b9e\u9645\u7684\uff0c\u4f46\u662f\u53ef\u4ee5\u901a\u8fc7\u5f00\u542f\u6d6e\u52a8IP\u7684\u7aef\u53e3\u6620\u5c04\uff0c\u8ba9\u591a\u53f0\u865a\u62df\u673a\u5bf9\u5e94\u4e00\u4e2a\u6d6e\u52a8IP\uff0c\u4f46\u5728\u76ee\u524d\u7684OpenStack\u7248\u672c\u4e2d\uff0c\u4e0d\u8bba\u662f\u5426\u5f00\u542fDVR\uff0c\u6d6e\u52a8IP\u7684\u7aef\u53e3\u6620\u5c04\u7684\u5b9e\u73b0\u90fd\u662f\u5728\u7f51\u7edc\u8282\u70b9\u7684\u7f51\u7edc\u547d\u540d\u7a7a\u95f4\u4e2d\u5b8c\u6210\u7684\u3002 \u6700\u540e\u4e00\u70b9\uff0cDVR\u6a21\u5f0f\u4e0b\uff0c\u4e3a\u4e86\u8ba9\u865a\u62df\u673a\u7684\u5357\u5317\u6d41\u91cf\u4e0d\u7ecf\u8fc7\u7f51\u7edc\u8282\u70b9\uff0c\u4ece\u8ba1\u7b97\u8282\u70b9\u4e0a\u76f4\u63a5\u8d70\u51fa\uff0c\u90fd\u4f1a\u5728\u6bcf\u4e2a\u8ba1\u7b97\u8282\u70b9\u4e0a\u751f\u6210\u4e00\u4e2afip\u5f00\u5934\u7684\u7f51\u7edc\u547d\u540d\u7a7a\u95f4\uff0c\u5373\u4f7f\u865a\u62df\u673a\u4e0d\u4f1a\u7ed1\u5b9a\u6d6e\u52a8IP\u3002\u800c\u8fd9\u4e2afip\u7f51\u7edc\u547d\u540d\u7a7a\u95f4\u4e2d\u4f1a\u5360\u7528\u4e00\u4e2a\u5916\u90e8\u7f51\u7edc\u7684IP\u5730\u5740\uff0c\u8fd9\u65e0\u7591\u4f1a\u52a0\u5927\u7f51\u7edc\u8d44\u6e90\u7684\u6d88\u8017\u3002 L3 HA\u4e5f\u6709\u51e0\u70b9\u4e0d\u8db3\uff0c\u5f00\u542fL3 HA\u540e\uff0cRouter\u5229\u7528keepalived\u4f1a\u5728\u51e0\u4e2a\u7f51\u7edc\u8282\u70b9\u4e4b\u95f4\u8fdb\u884c\u9009\u62e9\uff0c\u53ea\u6709Keepalived\u7684\u72b6\u6001\u4e3aMaster \u7684\u7f51\u7edc\u8282\u70b9\u624d\u4f1a\u62c5\u4efb\u771f\u6b63\u7684\u6d41\u91cf\u8fd0\u8f93\u7684\u4efb\u52a1\uff0c\u800c\u5bf9\u4e8e\u7f51\u7edc\u8282\u70b9\u9009\u62e9\uff0c\u7528\u6237\u65e0\u6743\u5e72\u6d89\u3002\u867d\u7136neutron\u4e2d\u7ed9\u51fa\u4e86Router\u7684\u9ed8\u8ba4\u8c03\u5ea6\u7b56\u7565\uff0c\u4e5f\u5c31\u662f\u6700\u5c11Router\u6570\uff0cRouter\u4f1a\u8c03\u5ea6\u5230Router\u4e2a\u6570\u6700\u5c11\u7684\u7f51\u7edc\u8282\u70b9\u4e0a\u3002\u800c\u4e14\u5728\u5e95\u5c42keepalived\u5f00\u542f\u7684\u6a21\u5f0f\u662f\u975e\u62a2\u5360\u7684\uff0c\u4e5f\u5c31\u662f\u5f53vip\u53d1\u751f\u6f02\u79fb\u540e\uff0c\u5373\u4f7f\u4e3b\u670d\u52a1\u5668\u6062\u590d\u6b63\u5e38\uff0c\u4e5f\u4e0d\u4f1a\u81ea\u52a8\u5c06\u8d44\u6e90\u4ece\u5907\u7528\u670d\u52a1\u5668\u624b\u4e2d\u62a2\u5360\u56de\u6765\uff0c\u8fd9\u53c8\u589e\u52a0\u4e86\u5bf9\u4e8e\u771f\u6b63\u8fd0\u884cRouter\u7684\u7f51\u7edc\u8282\u70b9\u7684\u4e0d\u786e\u5b9a\u6027\u3002 \u603b\u7ed3\u4e00\u4e0b\uff0c\u73b0\u6709\u7684\u6280\u672f\u65b9\u6848\u505a\u4e0d\u5230\u771f\u6b63\u7684\u6d41\u91cf\u5206\u53d1\uff0c\u5373\u4f7f\u5728\u5f00\u542fDVR\u540e\uff0c\u4e00\u65b9\u9762\u4f1a\u6709\u4e00\u4e9b\u989d\u5916\u7f51\u7edc\u8d44\u6e90\u7684\u635f\u8017\uff0c\u540c\u65f6\u53c8\u56e0\u4e3aRouter\u7684\u7f51\u7edc\u8282\u70b9\u7684\u4e0d\u786e\u5b9a\u6027\uff0c\u5bfc\u81f4\u865a\u62df\u673a\u7684\u5357\u5317\u6d41\u91cf\u65e0\u6cd5\u505a\u5230\u5f88\u597d\u7684\u5206\u53d1\u3002 \u9700\u8981\u89e3\u51b3\u7684\u95ee\u9898 \u00b6 \u5b9e\u73b0DVR\u6a21\u5f0f\u548cL3 HA\u6a21\u5f0f\u4e0b\u4ee5\u53caLegacy\u6a21\u5f0f\u4e0b\u7f51\u7edc\u5206\u53d1\u3002\u9996\u5148\u8981\u89e3\u51b3\u4ee5\u4e0b\u51e0\u4e2a\u6280\u672f\u95ee\u9898\uff1a Router\u53ef\u4ee5\u6307\u5b9a\u7f51\u7edc\u8282\u70b9\uff0c\u4e0d\u8bba\u662f\u5426\u5f00\u542fL3 HA\u3002 \u540c\u4e00\u5b50\u7f51\u7ed1\u5b9a\u591a\u4e2aRouter\u65f6\uff0cDHCP\u670d\u52a1\u80fd\u4e3a\u4e0d\u540c\u8ba1\u7b97\u8282\u70b9\u7684\u865a\u62df\u673a\u63d0\u4f9b\u4e0d\u540c\u7684\u8def\u7531\u65b9\u5f0f\u3002 \u5728\u7528\u6237\u4f7f\u7528\u7aef\u53e3\u6620\u5c04\u65f6\uff0c\u53ef\u4ee5\u5c06Router\u7684External Gateway\u7684IP\u5730\u5740\u4f5c\u4e3a\u5916\u90e8\u7f51\u7edc\u7684\u5730\u5740\u3002 \u5b9e\u73b0\u65b9\u6848 \u00b6 \u89e3\u51b3\u6307\u5b9aL3 agent\u7684\u95ee\u9898 \u00b6 \u9996\u5148\u4fee\u6539Router\u7684\u5e95\u5c42\u6570\u636e\u5e93\u4e3a\u5176\u6dfb\u52a0\u4e00\u4e2aconfigurations\u5b57\u6bb5\uff0c\u7528\u4e8e\u5b58\u50a8Router\u7684\u76f8\u5173\u914d\u7f6e\u4fe1\u606f\uff0cconfigurations\u7684\u683c\u5f0f\u5982\u4e0b\u6240\u793a\u3002 { \"configurations\": { \"preferred_agent\": \"network-1\" } } \u5728\u672a\u5f00\u542fL3 HA\u65f6\uff0cpreferred_agent\u5b57\u6bb5\u7528\u4e8e\u6307\u5b9aRouter\u4f4d\u4e8e\u7684\u7f51\u7edc\u8282\u70b9\u3002 \u5728\u5f00\u542fL3 HA\u65f6\uff0cconfigurations\u7684\u683c\u5f0f\u5982\u4e0b\u6240\u793a\u3002 { \"configurations\": { \"slave_agents\": [ \"compute-1\" ], \"master_agent\": \"network-1\" } } master_agent\u7528\u4e8e\u6307\u5b9aMaster\u89d2\u8272\u7684\u7f51\u7edc\u8282\u70b9\uff0cslave_agents\u7528\u4e8e\u6307\u5b9aSlave\u89d2\u8272\u7684\u7f51\u7edc\u8282\u70b9\u6570\u7ec4\u3002 \u7136\u540e\u8981\u4fee\u6539Router\u7684\u521b\u5efa\u903b\u8f91\uff0c\u9700\u8981\u4e3aRouter\u65b0\u589e\u4e00\u4e2a\u8c03\u5ea6\u65b9\u6cd5\u3002Neutron\u4e2drouter_scheduler_driver\u9ed8\u8ba4\u662fLeastRoutersScheduler\uff08\u6700\u5c11Router\u4e2a\u6570\u7684\u7f51\u7edc\u8282\u70b9\uff09\uff0c\u7ee7\u627f\u8be5\u7c7b\u65b0\u589e\u8c03\u5ea6\u65b9\u6cd5\uff0c\u53ef\u4ee5\u6839\u636eRouter\u7684configurations\u5b57\u6bb5\u9009\u62e9\u6307\u5b9a\u7684\u7f51\u7edc\u8282\u70b9\u3002 \u6700\u540e\u9700\u8981\u4fee\u6539neutron-l3-agent\u7684Router\u66f4\u65b0\u7684\u903b\u8f91\u4ee3\u7801\uff0c\u7531\u4e8eneutron-l3-agent\u542f\u52a8\u65f6\u4f1a\u521d\u59cb\u5316\u4e00\u4e2a\u8d44\u6e90\u961f\u5217\u7528\u4e8e\u66f4\u65b0\u8d44\u6e90\u72b6\u6001\uff0c\u540c\u65f6\u5f00\u542f\u4e00\u4e2a\u5b88\u62a4\u7ebf\u7a0b\u7528\u4e8e\u8bfb\u53d6\u8d44\u6e90\u961f\u5217\uff0c\u6bcf\u6b21\u7f51\u7edc\u8d44\u6e90\u72b6\u6001\u6709\u53d8\u5316\uff08\u521b\u5efa\u3001\u5220\u9664\u6216\u8005\u66f4\u65b0\uff09\u65f6\uff0c\u5c31\u4f1a\u6dfb\u52a0\u5230\u8be5\u961f\u5217\u4e2d\uff0c\u6700\u540e\u6839\u636e\u8d44\u6e90\u7684\u7c7b\u578b\u548c\u72b6\u6001\u786e\u5b9a\u5c06\u8981\u6267\u884c\u7684\u52a8\u4f5c\u3002 \u8fd9\u91ccRouter\u521b\u5efa\u5b8c\u540e\uff0cneutron-l3-agent\u6700\u540e\u4f1a\u6267\u884c_process_added_router\u65b9\u6cd5\uff0c\u5148\u8c03\u7528RouterInfo\u7684initialize\u65b9\u6cd5\uff0c\u518d\u8c03\u7528process\u65b9\u6cd5\u3002 initialize\u65b9\u6cd5\u4e3b\u8981\u6d89\u53ca\u5230Router\u4fe1\u606f\u7684\u4e00\u4e9b\u521d\u59cb\u5316\uff0c\u5305\u62ec\u7f51\u7edc\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3001port\u7684\u521b\u5efa\u3001keepalived\u8fdb\u7a0b\u7684\u521d\u59cb\u5316\u7b49\u7b49\u3002 process\u65b9\u6cd5\u4e2d\u4f1a\u505a\u4e0b\u9762\u51e0\u4e2a\u64cd\u4f5c\u3002 \u8bbe\u7f6e\u5185\u90e8\u7684Port\uff0c\u7528\u4e8e\u8fde\u63a5\u5185\u90e8\u7f51\u7edc\uff1b \u8bbe\u7f6e\u5916\u90e8Port\uff0c\u7528\u4e8e\u8fde\u63a5\u5916\u90e8\u7f51\u7edc\uff1b \u66f4\u65b0\u8def\u7531\u8868\uff1b \u5bf9\u4e8e\u5f00\u542fL3 HA\u7684Router\uff0c\u9700\u8981\u8bbe\u7f6eHA\u7684Port\uff0c\u7136\u540e\u5f00\u542fkeepalived\u8fdb\u7a0b\u3002 \u5bf9\u4e8e\u5f00\u542fDVR\u7684Router\uff0c\u8fd8\u9700\u8981\u8bbe\u7f6e\u4e00\u4e0bfip\u547d\u540d\u7a7a\u95f4\u4e2d\u7684Port\u3002 \u8fd9\u91cc\u53ea\u9700\u8981\u8003\u8651L3 HA\u5f00\u542f\u7684\u60c5\u51b5\uff0c\u56e0\u4e3a\u5728\u672a\u5f00\u542fL3 HA\u65f6\uff0cneutron-server\u521b\u5efa\u5b8cRouter\u540e\uff0c\u7ecf\u8fc7\u65b0\u7684\u8c03\u5ea6\u65b9\u6cd5\u9009\u62e9\u7279\u5b9a\u7684\u7f51\u7edc\u8282\u70b9\uff0cRPC\u8c03\u7528\u76f4\u63a5\u53d1\u9001\u7ed9\u7279\u5b9a\u7f51\u7edc\u8282\u70b9\u7684neutron-l3-agent\u670d\u52a1\u3002\u5f00\u542fL3 HA\u65f6\uff0c\u8c03\u5ea6\u65b9\u6cd5\u4f1a\u9009\u62e9\u51famaster\u548cslave\u7f51\u7edc\u8282\u70b9\uff0c\u5e76\u4e14RPC\u8c03\u7528\u4f1a\u53d1\u9001\u7ed9\u8fd9\u4e9b\u7f51\u7edc\u8282\u70b9\u4e0a\u7684neutron-l3-agent\u670d\u52a1\u3002 neutron-l3-agent\u4f1a\u4e3a\u6bcf\u4e2aRouter\u542f\u52a8\u4e00\u4e2akeepalived\u8fdb\u7a0b\u7528\u4e8eL3 HA\uff0c\u6240\u4ee5\u9700\u8981\u5728keepalived\u521d\u59cb\u5316\u65f6\uff0c\u5c06keepalived\u542f\u52a8\u903b\u8f91\u4fee\u6539\u3002\u5229\u7528configurations\u5b57\u6bb5\u7684\u4fe1\u606f\uff0c\u83b7\u53d6master\u548cslave\u7f51\u7edc\u8282\u70b9\uff0c\u540c\u65f6\u548c\u5f53\u524d\u7f51\u7edc\u8282\u70b9\u7684\u4fe1\u606f\u5224\u65ad\uff0c\u786e\u5b9a\u7f51\u7edc\u8282\u70b9\u7684\u89d2\u8272\u3002\u6700\u540e\uff0c\u56e0\u4e3a\u6307\u5b9a\u4e86master\u548cslave\u8282\u70b9\uff0c\u907f\u514d\u51fa\u73b0master\u7f51\u7edc\u8282\u70b9\u5b95\u673a\u6062\u590d\u540e\uff0cvip\u4f9d\u65e7\u5728slave\u8282\u70b9\u7684\u60c5\u51b5\uff0c\u8981\u628akeepalived\u7684\u6a21\u5f0f\u6539\u4e3a\u62a2\u5360\u6a21\u5f0f\u3002 \u89e3\u51b3\u8def\u7531\u95ee\u9898 \u00b6 \u89e3\u51b3\u540c\u4e00\u5b50\u7f51\u7ed1\u5b9a\u591a\u4e2aRouter\u540e\uff0c\u865a\u62df\u673a\u5b9e\u4f8b\u7684\u8def\u7531\u95ee\u9898\u3002DHCP\u534f\u8bae\u529f\u80fd\u4e0d\u4ec5\u5305\u62ec\u548cDNS\u670d\u52a1\u5668\u5206\u914d\u8fd8\u5305\u62ec\u7f51\u5173\u5730\u5740\u5206\u914d\uff0c\u4e5f\u5c31\u662f\u53ef\u4ee5\u901a\u8fc7DHCP\u534f\u8bae\u5c06\u8def\u7531\u4fe1\u606f\u4f20\u7ed9\u865a\u62df\u673a\u5b9e\u4f8b\u3002\u5728OpenStack\u4e2d\uff0c\u865a\u62df\u673a\u5b9e\u4f8b\u7684DHCP\u7531neutron-dhcp-agent\u63d0\u4f9b\uff0cneutron-dhcp-agent\u7684\u6838\u5fc3\u529f\u80fd\u57fa\u672c\u7531dnsmasq\u5b8c\u6210\u3002 dnsmasq\u4e2d\u63d0\u4f9btag\u6807\u7b7e\uff0c\u53ef\u4ee5\u4e3a\u6307\u5b9aIP\u5730\u5740\u6dfb\u52a0\u6807\u7b7e\uff0c\u7136\u540e\u53ef\u4ee5\u6839\u636e\u6807\u7b7e\u4e0b\u53d1\u914d\u7f6e\u3002 dnsmasq\u7684host\u914d\u7f6e\u6587\u4ef6\u5982\u4e0b\u6240\u793a\u3002 fa:16:3e:28:a5:0a,host-172-16-0-1.openstacklocal,172.16.0.1,set:subnet-6a4db541-e563-43ff-891b-aa8c05c988c5 fa:16:3e:2b:dd:88,host-172-16-0-10.openstacklocal,172.16.0.10,set:subnet-6a4db541-e563-43ff-891b-aa8c05c988c5 fa:16:3e:a1:96:fc,host-172-16-0-207.openstacklocal,172.16.0.207,set:compute-1-subnet-6a4db541-e563-43ff-891b-aa8c05c988c5 fa:16:3e:45:b4:1a,host-172-16-10-1.openstacklocal,172.16.10.1,set:subnet-faeec4d1-2c0c-4f7a-bc9b-0af562694902 dnsmasq\u7684option\u914d\u7f6e\u6587\u4ef6\u5982\u4e0b\u6240\u793a\u3002 tag:subnet-faeec4d1-2c0c-4f7a-bc9b-0af562694902,option:dns-server,8.8.8.8 tag:subnet-faeec4d1-2c0c-4f7a-bc9b-0af562694902,option:classless-static-route,172.16.0.0/24,0.0.0.0,169.254.169.254/32,172.16.0.2,0.0.0.0/0,172.16.0.1 tag:subnet-faeec4d1-2c0c-4f7a-bc9b-0af562694902,249,172.16.0.0/24,0.0.0.0,169.254.169.254/32,172.16.0.2,0.0.0.0/0,172.16.0.1 tag:subnet-faeec4d1-2c0c-4f7a-bc9b-0af562694902,option:router,172.16.0.1 tag:compute-1-subnet-6a4db541-e563-43ff-891b-aa8c05c988c5,option:classless-static-route,172.16.10.0/24,0.0.0.0,169.254.169.254/32,172.16.0.2,0.0.0.0/0,172.16.0.10 tag:compute-1-subnet-6a4db541-e563-43ff-891b-aa8c05c988c5,249,172.16.0.0/24,0.0.0.0,169.254.169.254/32,172.16.0.2,0.0.0.0/0,172.16.0.10 tag:compute-1-subnet-6a4db541-e563-43ff-891b-aa8c05c988c5,option:router,172.16.0.10 \u53ef\u4ee5\u770b\u5230IP172.16.0.207\u88ab\u6253\u4e0a\u4e86compute-1\u5f00\u5934\u7684tag\uff0c\u5339\u914d\u5230option\u6587\u4ef6\u540e\uff0c172.16.0.207\u7684\u865a\u62df\u673a\u7684\u9ed8\u8ba4\u8def\u7531\u7f51\u5173\u5730\u5740\u5c31\u4f1a\u4ece172.16.0.1\u53d8\u4e3a172.16.0.10\u3002\u5f53\u7136\u8fd9\u4e00\u5207\u7684\u524d\u63d0\u5b50\u7f51\u9700\u8981\u7ed1\u5b9a\u591a\u4e2aRouter\u3002 \u540c\u65f6\u4e3aneutron-dhcp-agent\u63d0\u4f9b\u53ef\u4f9b\u7ba1\u7406\u5458\u4fee\u6539\u7684\u914d\u7f6e\u9879\uff0c\u7528\u4e8e\u6307\u5b9a\u8ba1\u7b97\u8282\u70b9\u548c\u7f51\u7edc\u8282\u70b9\u7684\u5173\u7cfb\uff0c\u53ef\u4ee5\u662f\u4e00\u5bf9\u4e00\uff0c\u53ef\u4ee5\u662f\u591a\u5bf9\u4e00\u3002 \u89e3\u51b3Router Gateway\u7aef\u53e3\u8f6c\u53d1\u7684\u95ee\u9898 \u00b6 \u5c06\u539f\u672c\u57fa\u4e8e\u6d6e\u52a8IP\u7684\u7aef\u53e3\u6620\u5c04\u6539\u4e3a\u57fa\u4e8eRouter\u7684External Gateway\u7684\u65b9\u5f0f\u3002\u539f\u56e0\u6709\u4e8c\uff1a \u57fa\u4e8e\u6d6e\u52a8IP\u7684\u7aef\u53e3\u6620\u5c04\uff0c\u5bf9\u4e8e\u539f\u672c\u5c31\u8981\u4f7f\u7528Router\u7684External Gateway\u7684\u7528\u6237\u5c31\u4f1a\u591a\u5360\u7528\u4e00\u4e2a\u5916\u90e8\u7f51\u7edc\u7684IP\uff0c\u4e3a\u51cf\u5c11\u5916\u90e8\u7f51\u7edcIP\u7684\u4f7f\u7528\u6539\u7528External Gateway\u7684\u65b9\u5f0f\u8fdb\u884c\u7aef\u53e3\u6620\u5c04\u3002 \u57fa\u4e8e\u6d6e\u52a8IP\u7684\u7aef\u53e3\u6620\u5c04\uff0c\u4f9d\u8d56Router\u7684\u7f51\u7edc\u547d\u540d\u7a7a\u95f4\u6765\u505aNAT\uff0c\u4e0d\u5f00\u542fL3 HA\u65f6\uff0c\u540c\u4e00\u5b50\u7f51\u5728\u7ed1\u5b9a\u591a\u4e2aRouter\u540e\uff0c\u7531\u4e8e\u7aef\u53e3\u6620\u5c04\u521b\u5efa\u7684\u903b\u8f91\uff0cNAT\u4f1a\u53d1\u751f\u5728\u5b50\u7f51\u7f51\u5173\u5730\u5740\u6240\u5728\u7684Router\u7684\u7f51\u7edc\u547d\u540d\u7a7a\u95f4\u4e2d\uff08\u7279\u5b9a\u7684\u7f51\u7edc\u8282\u70b9\uff09\uff0c\u4e0d\u4f1a\u5206\u6563\u5728\u5404\u4e2aRouter\u7684\u7f51\u7edc\u547d\u540d\u7a7a\u95f4\u4e2d\uff08\u6bcf\u4e2a\u7f51\u7edc\u8282\u70b9\uff09\u3002\u8fd9\u6837\u5728\u7aef\u53e3\u6620\u5c04\u65f6\uff0c\u4f1a\u589e\u52a0\u7f51\u7edc\u8282\u70b9\u7684\u538b\u529b\u3002 \u5b9e\u73b0\u65b9\u5f0f\u548c\u57fa\u4e8e\u6d6e\u52a8IP\u7684\u7aef\u53e3\u6620\u5c04\u7c7b\u4f3c\uff0c\u4e0e\u4e4b\u4e0d\u540c\u7684\u662fExternal Gateway\u4e0d\u9700\u8981\u9009\u62e9Router\uff0c\u56e0\u4e3aExternal Gateway\u672c\u6765\u548cRouter\u5c31\u662f\u76f8\u5173\u8054\u7684\u3002\u57fa\u4e8e\u6d6e\u52a8IP\u7684\u7aef\u53e3\u6620\u5c04\u5728\u9009\u62e9Router\u65f6\uff0c\u9009\u62e9\u7684\u662f\u5b50\u7f51\u7684\u7f51\u5173\u5730\u5740\u6240\u5728\u7684Router\u3002 \u6700\u540e\uff0c\u5728\u5b9e\u73b0\u4e0a\u9762\u4e09\u4e2a\u90e8\u5206\u540e\uff0c\u7528\u6237\u5b9e\u73b0\u6d41\u91cf\u5206\u6563\u7684\u6b65\u9aa4\u5982\u4e0b\u3002 \u7528\u6237\u4fee\u6539neutron-dhcp-agent\u7684\u914d\u7f6e\u6587\u4ef6\uff0c\u4fee\u6539\u8ba1\u7b97\u8282\u70b9\u548c\u7f51\u7edc\u8282\u70b9\u7684\u6620\u5c04\u5173\u7cfb\u3002\u4f8b\u5982\u4e09\u4e2a\u7f51\u7edc\u8282\u70b9\u3001\u4e09\u4e2a\u8ba1\u7b97\u8282\u70b9\uff0c\u914d\u7f6ecompute-1\u8d70network-1\u8282\u70b9\uff0ccompute-2\u548ccompute-3\u8d70network-2\u8282\u70b9\u3002 \u5229\u7528neutron\u7684API\u521b\u5efa\u591a\u4e2aRouter\u5e76\u6307\u5b9a\u7f51\u7edc\u8282\u70b9\uff0c\u5e76\u5c06Router\u7ed1\u5b9a\u5230\u540c\u4e00\u5b50\u7f51\u3002 \u5229\u7528\u5b50\u7f51\u7f51\u7edc\u521b\u5efa\u591a\u4e2a\u865a\u62df\u673a\u5b9e\u4f8b\u3002 \u865a\u62df\u673a\u5b9e\u4f8b\u7684\u7f51\u7edc\u6d41\u91cf\u7684\u6d41\u5411\u5982\u4e0b\u56fe\u6240\u793a\u3002 \u53ef\u4ee5\u770b\u5230\uff0cVM-1\u8bbf\u95ee\u5916\u90e8\u7f51\u7edc\u7ecf\u8fc7\u7684\u662fnetwork-1\u8282\u70b9\uff0cVM-2\u548cVM-3\u8bbf\u95ee\u5916\u90e8\u7f51\u7edc\u7ecf\u8fc7\u7684\u662fnetwork-2\u8282\u70b9\u3002\u540c\u65f6VM-1\u3001VM-2\u548cVM-3\u53c8\u662f\u5728\u540c\u4e00\u4e2a\u5b50\u7f51\u4e0b\uff0c\u53ef\u4ee5\u4e92\u76f8\u8bbf\u95ee\u3002 API \u00b6 \u67e5\u770b\u8def\u7531\u5668\u7f51\u5173\u7aef\u53e3\u8f6c\u53d1\u5217\u8868 \u00b6 GET /v2.0/routers/{router_id}/gateway_port_forwardings Response { \"gateway_port_forwardings\": [ { \"id\": \"67a70b09-f9e7-441e-bd49-7177fe70bb47\", \"external_port\": 34203, \"protocol\": \"tcp\", \"internal_port_id\": \"b671c61a-95c3-49cd-89f2-b7e817d1f486\", \"internal_ip_address\": \"172.16.0.196\", \"internal_port\": 518, \"gw_ip_address\": \"192.168.57.234\" } ] } \u67e5\u770b\u8def\u7531\u5668\u7f51\u5173\u7aef\u53e3\u8f6c\u53d1 \u00b6 GET /v2.0/routers/{router_id}/gateway_port_forwardings/{port_forwarding_id} Response { \"gateway_port_forwarding\": { \"id\": \"67a70b09-f9e7-441e-bd49-7177fe70bb47\", \"external_port\": 34203, \"protocol\": \"tcp\", \"internal_port_id\": \"b671c61a-95c3-49cd-89f2-b7e817d1f486\", \"internal_ip_address\": \"172.16.0.196\", \"internal_port\": 518, \"gw_ip_address\": \"192.168.57.234\" } } \u521b\u5efa\u8def\u7531\u5668\u7f51\u5173\u7aef\u53e3\u8f6c\u53d1 \u00b6 POST /v2.0/routers/{router_id}/gateway_port_forwardings Request Body { \"gateway_port_forwarding\": { \"external_port\": int, \"internal_port\": int, \"internal_ip_address\": \"string\", \"protocol\": \"tcp\", \"internal_port_id\": \"string\" } } Response { \"gateway_port_forwarding\": { \"id\": \"da554833-b756-4626-9900-6256c361f94b\", \"external_port\": 14122, \"protocol\": \"tcp\", \"internal_port_id\": \"b671c61a-95c3-49cd-89f2-b7e817d1f486\", \"internal_ip_address\": \"172.16.0.196\", \"internal_port\": 3634, \"gw_ip_address\": \"192.168.57.234\" } } \u66f4\u65b0\u8def\u7531\u5668\u7f51\u5173\u7aef\u53e3\u8f6c\u53d1 \u00b6 PUT /v2.0/routers/{router_id}/gateway_port_forwardings/{port_forwarding_id} Request Body { \"gateway_port_forwarding\": { \"external_port\": int, \"internal_port\": int, \"internal_ip_address\": \"string\", \"protocol\": \"tcp\", \"internal_port_id\": \"string\" } } Response { \"gateway_port_forwarding\": { \"id\": \"da554833-b756-4626-9900-6256c361f94b\", \"external_port\": 14122, \"protocol\": \"tcp\", \"internal_port_id\": \"b671c61a-95c3-49cd-89f2-b7e817d1f486\", \"internal_ip_address\": \"172.16.0.196\", \"internal_port\": 3634, \"gw_ip_address\": \"192.168.57.234\" } } \u5220\u9664\u8def\u7531\u5668\u7f51\u5173\u7aef\u53e3\u8f6c\u53d1 \u00b6 DELETE /v2.0/routers/{router_id}/gateway_port_forwardings/{port_forwarding_id} \u65b0\u5efa\u8def\u7531\u5668 \u00b6 POST /v2.0/routers Request Body { \"router\": { \"name\": \"string\", \"admin_state_up\": true, \"configurations\": { \"preferred_agent\": \"string\", \"master_agent\": \"string\", \"slave_agents\": [ \"string\" ] } } } \u66f4\u65b0\u8def\u7531\u5668 \u00b6 PUT /v2.0/routers/{router_id} Request Body { \"router\": { \"name\": \"string\", \"admin_state_up\": true, \"configurations\": { \"preferred_agent\": \"string\", \"master_agent\": \"control01\", \"slave_agents\": [ \"control01\" ] } } } \u5f00\u53d1\u8282\u594f \u00b6 2023-07-28\u52302023-08-30 \u5b8c\u6210\u5f00\u53d1 2023-09-01\u52302023-11-15 \u6d4b\u8bd5\u3001\u95ee\u9898\u4fee\u590d 2023-11-30\u5f15\u5165openEuler 20.03 LTS SP4\u7248\u672c 2023-12-30\u5f15\u5165openEuler 22.03 LTS SP3\u7248\u672c","title":"\u6d41\u91cf\u5206\u6563"},{"location":"spec/distributed-traffic/#_1","text":"","title":"\u6d41\u91cf\u5206\u6563"},{"location":"spec/distributed-traffic/#_2","text":"OpenStack\u4e3a\u7528\u6237\u63d0\u4f9b\u8ba1\u7b97\u548c\u7f51\u7edc\u670d\u52a1\u3002\u7528\u6237\u521b\u5efa\u865a\u62df\u673a\u5e76\u8fde\u63a5Router\u53ef\u4ee5\u8bbf\u95ee\u5916\u90e8\u7f51\u7edc\uff0c\u540c\u65f6\u53ef\u4ee5\u5f00\u542f\u6d6e\u52a8IP\u7684\u7aef\u53e3\u6620\u5c04\uff0c\u8ba9\u5916\u90e8\u7f51\u7edc\u7684\u8bbe\u5907\u8bbf\u95ee\u865a\u62df\u673a\u5185\u90e8\u7684\u670d\u52a1\u3002\u4f46\u4e0e\u6b64\u540c\u65f6\uff0c\u968f\u7740\u865a\u62df\u673a\u548c\u6d6e\u52a8IP \u7aef\u53e3\u6620\u5c04\u7684\u6570\u91cf\u7684\u589e\u591a\uff0c\u7f51\u7edc\u8282\u70b9\u7684\u538b\u529b\u4e5f\u8d8a\u6765\u8d8a\u5927\uff0c\u5fc5\u987b\u627e\u5230\u5206\u6563\u7f51\u7edc\u8282\u70b9\u6d41\u91cf\uff0c\u758f\u89e3\u7f51\u7edc\u8282\u70b9\u538b\u529b\u7684\u65b9\u6cd5\u3002\u672c\u65b9\u6848\u5b9e\u73b0\u4e86\u5728OpenStack\u73af\u5883\u4e2d\u5c06\u7f51\u7edc\u8282\u70b9\u6d41\u91cf\u5206\u6563\uff0c\u4fdd\u8bc1\u517c\u5bb9\u652f\u6301L3 HA\u548cDVR\uff0c\u540c\u65f6\u53c8\u5c06\u7f51\u7edc\u8d44\u6e90\u4f7f\u7528\u6700\u5c0f\u5316\u3002","title":"\u6982\u8ff0"},{"location":"spec/distributed-traffic/#_3","text":"\u7528\u6237\u521b\u5efa\u865a\u62df\u673a\u5e76\u8fde\u63a5Router\u7684\u57fa\u672c\u6d41\u7a0b\u5982\u4e0b\u3002 \u7528\u6237\u63d0\u524d\u521b\u5efa\u5185\u90e8\u7f51\u7edc\u548c\u5916\u90e8\u7f51\u7edc\u3002 \u521b\u5efaRouter\u65f6\u6307\u5b9aExternal Gateway\u4e3a\u63d0\u524d\u521b\u5efa\u7684\u5916\u90e8\u7f51\u7edc\u3002 \u5c06Router\u548c\u521b\u5efa\u597d\u7684\u5185\u90e8\u7f51\u7edc\u8fdb\u884c\u8fde\u63a5\u3002 \u521b\u5efa\u865a\u62df\u673a\u5b9e\u4f8b\u65f6\u6307\u5b9a\u5185\u90e8\u7f51\u7edc\u3002 \u5229\u7528\u521b\u5efa\u7684\u5916\u90e8\u7f51\u7edc\u521b\u5efa\u6d6e\u52a8IP\u3002 \u4e3a\u865a\u62df\u673a\u5b9e\u4f8b\u5f00\u542f\u6d6e\u52a8IP\u7aef\u53e3\u6620\u5c04\u3002 \u7ecf\u8fc7\u4e0a\u9762\u7684\u64cd\u4f5c\uff0c\u7528\u6237\u521b\u5efa\u7684\u865a\u62df\u673a\u5b9e\u4f8b\u53ef\u4ee5\u8bbf\u95ee\u5230\u5916\u90e8\u7f51\u7edc\uff0c\u5916\u90e8\u7f51\u7edc\u7684\u8bbe\u5907\u4e5f\u53ef\u4ee5\u6839\u636e\u6d6e\u52a8IP\u6307\u5b9a\u7684\u7aef\u53e3\u8bbf\u95ee\u865a\u62df\u673a\u5b9e\u4f8b\u5185\u90e8\u7684\u670d\u52a1\u3002 \u5728\u4e00\u4e2a\u57fa\u672c\u7684OpenStack\u73af\u5883\u4e2d\u865a\u62df\u673a\u5b9e\u4f8b\u7684\u6d41\u91cf\u8d70\u5411\u5982\u4e0b\u6240\u793a\u3002 \u5728\u7528\u6237\u521b\u5efa\u5b8c\u591a\u4e2a\u5b9e\u4f8b\u540e\uff0c\u865a\u62df\u673a\u5b9e\u4f8b\u53ef\u80fd\u4f1a\u5747\u5300\u5206\u5e03\u5728\u5404\u4e2a\u8ba1\u7b97\u8282\u70b9\uff0c\u865a\u62df\u673a\u7684\u6d41\u91cf\u8d70\u5411\u53ef\u80fd\u5982\u4e0b\u56fe\u6240\u793a\u3002 \u53ef\u4ee5\u770b\u5230\uff0c\u4e0d\u8bba\u865a\u62df\u673a\u7684\u4e1c\u897f\u6d41\u91cf\u8fd8\u662f\u5357\u5317\u6d41\u91cf\u90fd\u4f1a\u7ecf\u8fc7Network-1\u8282\u70b9\uff0c\u8fd9\u65e0\u7591\u52a0\u5927\u4e86\u7f51\u7edc\u8282\u70b9\u7684\u8d1f\u8f7d\uff0c\u540c\u65f6\u5f53\u7f51\u7edc\u8282\u70b9\u53d1\u751f\u6545\u969c\u65f6\u4e0d\u80fd\u5f88\u597d\u7684\u8fdb\u884c\u6545\u969c\u6062\u590d\u3002 \u90a3\u4e48\u662f\u5426\u53ef\u4ee5\u5c06\u540c\u4e00\u5b50\u7f51\u7ed1\u5b9a\u591a\u4e2aRouter\uff0c\u5728OpenStack\u4e2d\u540c\u4e00\u5b50\u7f51\u53ef\u4ee5\u7ed1\u5b9a\u591a\u4e2aRouter\uff0c\u4f46\u662f\u5b50\u7f51\u5728\u7ed1\u5b9aRouter\u65f6\u9ed8\u8ba4\u4f1a\u5c06\u5b50\u7f51\u7684\u7f51\u5173\u5730\u5740\u7ed1\u5b9a\u5230Router\u4e0a\uff0c\u4e00\u4e2a\u5b50\u7f51\u53ea\u6709\u4e00\u4e2a\u7f51\u5173\u5730\u5740\uff0c\u540c\u65f6\u8fd9\u4e2a\u7f51\u5173\u5730\u5740\u53c8\u4f1a\u5728DHCP\u670d\u52a1\u4e2d\u7528\u5230\uff0c\u7528\u4e8e\u7ed9\u865a\u62df\u673a\u5b9e\u4f8b\u63d0\u4f9b\u4e0b\u4e00\u8df3\u7684\u7f51\u5173\u5730\u5740\uff0c\u4e8e\u662f\u4e4e\u5373\u4f7f\u5c06\u5b50\u7f51\u7ed1\u5b9a\u5230\u591a\u4e2aRouter\u4e0a\uff0c\u865a\u62df\u673a\u5185\u90e8\u4e0b\u4e00\u8df3\u7684\u7f51\u5173\u5730\u5740\u8fd8\u4f1a\u662f\u5b50\u7f51\u7684\u7f51\u5173\u5730\u5740\uff0c\u800c\u4e14Router\u9009\u62e9\u7684\u7f51\u7edc\u8282\u70b9\u7528\u6237\u662f\u4e0d\u53ef\u63a7\u7684\uff0c\u96be\u514d\u4f1a\u51fa\u73b0\u867d\u7136\u5b50\u7f51\u7ed1\u5b9a\u4e86\u4e24\u4e2aRouter\uff0c\u4f46\u662f\u8fd9\u4e24\u4e2aRouter\u5728\u540c\u4e00\u4e2a\u7f51\u7edc\u8282\u70b9\u4e0a\u7684\u5c34\u5c2c\u573a\u9762\u3002 \u4e3a\u4e86\u5206\u6563\u6d41\u91cfOpenStack\u6709\u5e94\u5bf9\u7684\u7b56\u7565\uff0c\u53ef\u4ee5\u5c06neutron\u7684DVR\u529f\u80fd\u6253\u5f00\uff0c\u4e3a\u9884\u9632\u7f51\u7edc\u8282\u70b9\u7684\u5355\u70b9\u6545\u969c\u4e5f\u53ef\u4ee5\u6253\u5f00neutron\u7684L3 HA\uff0c\u4f46\u662f\u4e0a\u8ff0\u65b9\u6cd5\u4e5f\u6709\u5b83\u4eec\u7684\u5c40\u9650\u6027\u3002 DVR\u7684\u6d41\u91cf\u5206\u6563\u6709\u6bd4\u8f83\u5927\u7684\u5c40\u9650\u6027\uff0c\u539f\u56e0\u6709\u4ee5\u4e0b\u51e0\u70b9\u3002 DVR\u53ea\u662f\u4f5c\u7528\u4e8e\u540c\u4e00Router\u4e0b\u4e0d\u540c\u8ba1\u7b97\u8282\u70b9\u7684\u865a\u62df\u673a\u5b9e\u4f8b\u4e4b\u95f4\u7684\u4e1c\u897f\u6d41\u91cf\uff0c\u5df2\u7ecf\u7ed1\u5b9a\u6d6e\u52a8IP\u865a\u62df\u673a\u7684\u5357\u5317\u6d41\u91cf\uff0c\u5bf9\u4e8e\u672a\u7ed1\u5b9a\u6d6e\u52a8IP\u7684\u865a\u62df\u673a\u8bbf\u95ee\u5916\u90e8\u7f51\u7edc\u4f9d\u636e\u9700\u8981\u7ecf\u8fc7\u7f51\u7edc\u8282\u70b9\u3002 \u751f\u4ea7\u73af\u5883\u4e0b\uff0c\u7ed9\u6bcf\u4e2a\u865a\u62df\u673a\u90fd\u7ed1\u5b9a\u6d6e\u52a8IP\u662f\u4e0d\u5207\u5b9e\u9645\u7684\uff0c\u4f46\u662f\u53ef\u4ee5\u901a\u8fc7\u5f00\u542f\u6d6e\u52a8IP\u7684\u7aef\u53e3\u6620\u5c04\uff0c\u8ba9\u591a\u53f0\u865a\u62df\u673a\u5bf9\u5e94\u4e00\u4e2a\u6d6e\u52a8IP\uff0c\u4f46\u5728\u76ee\u524d\u7684OpenStack\u7248\u672c\u4e2d\uff0c\u4e0d\u8bba\u662f\u5426\u5f00\u542fDVR\uff0c\u6d6e\u52a8IP\u7684\u7aef\u53e3\u6620\u5c04\u7684\u5b9e\u73b0\u90fd\u662f\u5728\u7f51\u7edc\u8282\u70b9\u7684\u7f51\u7edc\u547d\u540d\u7a7a\u95f4\u4e2d\u5b8c\u6210\u7684\u3002 \u6700\u540e\u4e00\u70b9\uff0cDVR\u6a21\u5f0f\u4e0b\uff0c\u4e3a\u4e86\u8ba9\u865a\u62df\u673a\u7684\u5357\u5317\u6d41\u91cf\u4e0d\u7ecf\u8fc7\u7f51\u7edc\u8282\u70b9\uff0c\u4ece\u8ba1\u7b97\u8282\u70b9\u4e0a\u76f4\u63a5\u8d70\u51fa\uff0c\u90fd\u4f1a\u5728\u6bcf\u4e2a\u8ba1\u7b97\u8282\u70b9\u4e0a\u751f\u6210\u4e00\u4e2afip\u5f00\u5934\u7684\u7f51\u7edc\u547d\u540d\u7a7a\u95f4\uff0c\u5373\u4f7f\u865a\u62df\u673a\u4e0d\u4f1a\u7ed1\u5b9a\u6d6e\u52a8IP\u3002\u800c\u8fd9\u4e2afip\u7f51\u7edc\u547d\u540d\u7a7a\u95f4\u4e2d\u4f1a\u5360\u7528\u4e00\u4e2a\u5916\u90e8\u7f51\u7edc\u7684IP\u5730\u5740\uff0c\u8fd9\u65e0\u7591\u4f1a\u52a0\u5927\u7f51\u7edc\u8d44\u6e90\u7684\u6d88\u8017\u3002 L3 HA\u4e5f\u6709\u51e0\u70b9\u4e0d\u8db3\uff0c\u5f00\u542fL3 HA\u540e\uff0cRouter\u5229\u7528keepalived\u4f1a\u5728\u51e0\u4e2a\u7f51\u7edc\u8282\u70b9\u4e4b\u95f4\u8fdb\u884c\u9009\u62e9\uff0c\u53ea\u6709Keepalived\u7684\u72b6\u6001\u4e3aMaster \u7684\u7f51\u7edc\u8282\u70b9\u624d\u4f1a\u62c5\u4efb\u771f\u6b63\u7684\u6d41\u91cf\u8fd0\u8f93\u7684\u4efb\u52a1\uff0c\u800c\u5bf9\u4e8e\u7f51\u7edc\u8282\u70b9\u9009\u62e9\uff0c\u7528\u6237\u65e0\u6743\u5e72\u6d89\u3002\u867d\u7136neutron\u4e2d\u7ed9\u51fa\u4e86Router\u7684\u9ed8\u8ba4\u8c03\u5ea6\u7b56\u7565\uff0c\u4e5f\u5c31\u662f\u6700\u5c11Router\u6570\uff0cRouter\u4f1a\u8c03\u5ea6\u5230Router\u4e2a\u6570\u6700\u5c11\u7684\u7f51\u7edc\u8282\u70b9\u4e0a\u3002\u800c\u4e14\u5728\u5e95\u5c42keepalived\u5f00\u542f\u7684\u6a21\u5f0f\u662f\u975e\u62a2\u5360\u7684\uff0c\u4e5f\u5c31\u662f\u5f53vip\u53d1\u751f\u6f02\u79fb\u540e\uff0c\u5373\u4f7f\u4e3b\u670d\u52a1\u5668\u6062\u590d\u6b63\u5e38\uff0c\u4e5f\u4e0d\u4f1a\u81ea\u52a8\u5c06\u8d44\u6e90\u4ece\u5907\u7528\u670d\u52a1\u5668\u624b\u4e2d\u62a2\u5360\u56de\u6765\uff0c\u8fd9\u53c8\u589e\u52a0\u4e86\u5bf9\u4e8e\u771f\u6b63\u8fd0\u884cRouter\u7684\u7f51\u7edc\u8282\u70b9\u7684\u4e0d\u786e\u5b9a\u6027\u3002 \u603b\u7ed3\u4e00\u4e0b\uff0c\u73b0\u6709\u7684\u6280\u672f\u65b9\u6848\u505a\u4e0d\u5230\u771f\u6b63\u7684\u6d41\u91cf\u5206\u53d1\uff0c\u5373\u4f7f\u5728\u5f00\u542fDVR\u540e\uff0c\u4e00\u65b9\u9762\u4f1a\u6709\u4e00\u4e9b\u989d\u5916\u7f51\u7edc\u8d44\u6e90\u7684\u635f\u8017\uff0c\u540c\u65f6\u53c8\u56e0\u4e3aRouter\u7684\u7f51\u7edc\u8282\u70b9\u7684\u4e0d\u786e\u5b9a\u6027\uff0c\u5bfc\u81f4\u865a\u62df\u673a\u7684\u5357\u5317\u6d41\u91cf\u65e0\u6cd5\u505a\u5230\u5f88\u597d\u7684\u5206\u53d1\u3002","title":"\u80cc\u666f"},{"location":"spec/distributed-traffic/#_4","text":"\u5b9e\u73b0DVR\u6a21\u5f0f\u548cL3 HA\u6a21\u5f0f\u4e0b\u4ee5\u53caLegacy\u6a21\u5f0f\u4e0b\u7f51\u7edc\u5206\u53d1\u3002\u9996\u5148\u8981\u89e3\u51b3\u4ee5\u4e0b\u51e0\u4e2a\u6280\u672f\u95ee\u9898\uff1a Router\u53ef\u4ee5\u6307\u5b9a\u7f51\u7edc\u8282\u70b9\uff0c\u4e0d\u8bba\u662f\u5426\u5f00\u542fL3 HA\u3002 \u540c\u4e00\u5b50\u7f51\u7ed1\u5b9a\u591a\u4e2aRouter\u65f6\uff0cDHCP\u670d\u52a1\u80fd\u4e3a\u4e0d\u540c\u8ba1\u7b97\u8282\u70b9\u7684\u865a\u62df\u673a\u63d0\u4f9b\u4e0d\u540c\u7684\u8def\u7531\u65b9\u5f0f\u3002 \u5728\u7528\u6237\u4f7f\u7528\u7aef\u53e3\u6620\u5c04\u65f6\uff0c\u53ef\u4ee5\u5c06Router\u7684External Gateway\u7684IP\u5730\u5740\u4f5c\u4e3a\u5916\u90e8\u7f51\u7edc\u7684\u5730\u5740\u3002","title":"\u9700\u8981\u89e3\u51b3\u7684\u95ee\u9898"},{"location":"spec/distributed-traffic/#_5","text":"","title":"\u5b9e\u73b0\u65b9\u6848"},{"location":"spec/distributed-traffic/#l3-agent","text":"\u9996\u5148\u4fee\u6539Router\u7684\u5e95\u5c42\u6570\u636e\u5e93\u4e3a\u5176\u6dfb\u52a0\u4e00\u4e2aconfigurations\u5b57\u6bb5\uff0c\u7528\u4e8e\u5b58\u50a8Router\u7684\u76f8\u5173\u914d\u7f6e\u4fe1\u606f\uff0cconfigurations\u7684\u683c\u5f0f\u5982\u4e0b\u6240\u793a\u3002 { \"configurations\": { \"preferred_agent\": \"network-1\" } } \u5728\u672a\u5f00\u542fL3 HA\u65f6\uff0cpreferred_agent\u5b57\u6bb5\u7528\u4e8e\u6307\u5b9aRouter\u4f4d\u4e8e\u7684\u7f51\u7edc\u8282\u70b9\u3002 \u5728\u5f00\u542fL3 HA\u65f6\uff0cconfigurations\u7684\u683c\u5f0f\u5982\u4e0b\u6240\u793a\u3002 { \"configurations\": { \"slave_agents\": [ \"compute-1\" ], \"master_agent\": \"network-1\" } } master_agent\u7528\u4e8e\u6307\u5b9aMaster\u89d2\u8272\u7684\u7f51\u7edc\u8282\u70b9\uff0cslave_agents\u7528\u4e8e\u6307\u5b9aSlave\u89d2\u8272\u7684\u7f51\u7edc\u8282\u70b9\u6570\u7ec4\u3002 \u7136\u540e\u8981\u4fee\u6539Router\u7684\u521b\u5efa\u903b\u8f91\uff0c\u9700\u8981\u4e3aRouter\u65b0\u589e\u4e00\u4e2a\u8c03\u5ea6\u65b9\u6cd5\u3002Neutron\u4e2drouter_scheduler_driver\u9ed8\u8ba4\u662fLeastRoutersScheduler\uff08\u6700\u5c11Router\u4e2a\u6570\u7684\u7f51\u7edc\u8282\u70b9\uff09\uff0c\u7ee7\u627f\u8be5\u7c7b\u65b0\u589e\u8c03\u5ea6\u65b9\u6cd5\uff0c\u53ef\u4ee5\u6839\u636eRouter\u7684configurations\u5b57\u6bb5\u9009\u62e9\u6307\u5b9a\u7684\u7f51\u7edc\u8282\u70b9\u3002 \u6700\u540e\u9700\u8981\u4fee\u6539neutron-l3-agent\u7684Router\u66f4\u65b0\u7684\u903b\u8f91\u4ee3\u7801\uff0c\u7531\u4e8eneutron-l3-agent\u542f\u52a8\u65f6\u4f1a\u521d\u59cb\u5316\u4e00\u4e2a\u8d44\u6e90\u961f\u5217\u7528\u4e8e\u66f4\u65b0\u8d44\u6e90\u72b6\u6001\uff0c\u540c\u65f6\u5f00\u542f\u4e00\u4e2a\u5b88\u62a4\u7ebf\u7a0b\u7528\u4e8e\u8bfb\u53d6\u8d44\u6e90\u961f\u5217\uff0c\u6bcf\u6b21\u7f51\u7edc\u8d44\u6e90\u72b6\u6001\u6709\u53d8\u5316\uff08\u521b\u5efa\u3001\u5220\u9664\u6216\u8005\u66f4\u65b0\uff09\u65f6\uff0c\u5c31\u4f1a\u6dfb\u52a0\u5230\u8be5\u961f\u5217\u4e2d\uff0c\u6700\u540e\u6839\u636e\u8d44\u6e90\u7684\u7c7b\u578b\u548c\u72b6\u6001\u786e\u5b9a\u5c06\u8981\u6267\u884c\u7684\u52a8\u4f5c\u3002 \u8fd9\u91ccRouter\u521b\u5efa\u5b8c\u540e\uff0cneutron-l3-agent\u6700\u540e\u4f1a\u6267\u884c_process_added_router\u65b9\u6cd5\uff0c\u5148\u8c03\u7528RouterInfo\u7684initialize\u65b9\u6cd5\uff0c\u518d\u8c03\u7528process\u65b9\u6cd5\u3002 initialize\u65b9\u6cd5\u4e3b\u8981\u6d89\u53ca\u5230Router\u4fe1\u606f\u7684\u4e00\u4e9b\u521d\u59cb\u5316\uff0c\u5305\u62ec\u7f51\u7edc\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3001port\u7684\u521b\u5efa\u3001keepalived\u8fdb\u7a0b\u7684\u521d\u59cb\u5316\u7b49\u7b49\u3002 process\u65b9\u6cd5\u4e2d\u4f1a\u505a\u4e0b\u9762\u51e0\u4e2a\u64cd\u4f5c\u3002 \u8bbe\u7f6e\u5185\u90e8\u7684Port\uff0c\u7528\u4e8e\u8fde\u63a5\u5185\u90e8\u7f51\u7edc\uff1b \u8bbe\u7f6e\u5916\u90e8Port\uff0c\u7528\u4e8e\u8fde\u63a5\u5916\u90e8\u7f51\u7edc\uff1b \u66f4\u65b0\u8def\u7531\u8868\uff1b \u5bf9\u4e8e\u5f00\u542fL3 HA\u7684Router\uff0c\u9700\u8981\u8bbe\u7f6eHA\u7684Port\uff0c\u7136\u540e\u5f00\u542fkeepalived\u8fdb\u7a0b\u3002 \u5bf9\u4e8e\u5f00\u542fDVR\u7684Router\uff0c\u8fd8\u9700\u8981\u8bbe\u7f6e\u4e00\u4e0bfip\u547d\u540d\u7a7a\u95f4\u4e2d\u7684Port\u3002 \u8fd9\u91cc\u53ea\u9700\u8981\u8003\u8651L3 HA\u5f00\u542f\u7684\u60c5\u51b5\uff0c\u56e0\u4e3a\u5728\u672a\u5f00\u542fL3 HA\u65f6\uff0cneutron-server\u521b\u5efa\u5b8cRouter\u540e\uff0c\u7ecf\u8fc7\u65b0\u7684\u8c03\u5ea6\u65b9\u6cd5\u9009\u62e9\u7279\u5b9a\u7684\u7f51\u7edc\u8282\u70b9\uff0cRPC\u8c03\u7528\u76f4\u63a5\u53d1\u9001\u7ed9\u7279\u5b9a\u7f51\u7edc\u8282\u70b9\u7684neutron-l3-agent\u670d\u52a1\u3002\u5f00\u542fL3 HA\u65f6\uff0c\u8c03\u5ea6\u65b9\u6cd5\u4f1a\u9009\u62e9\u51famaster\u548cslave\u7f51\u7edc\u8282\u70b9\uff0c\u5e76\u4e14RPC\u8c03\u7528\u4f1a\u53d1\u9001\u7ed9\u8fd9\u4e9b\u7f51\u7edc\u8282\u70b9\u4e0a\u7684neutron-l3-agent\u670d\u52a1\u3002 neutron-l3-agent\u4f1a\u4e3a\u6bcf\u4e2aRouter\u542f\u52a8\u4e00\u4e2akeepalived\u8fdb\u7a0b\u7528\u4e8eL3 HA\uff0c\u6240\u4ee5\u9700\u8981\u5728keepalived\u521d\u59cb\u5316\u65f6\uff0c\u5c06keepalived\u542f\u52a8\u903b\u8f91\u4fee\u6539\u3002\u5229\u7528configurations\u5b57\u6bb5\u7684\u4fe1\u606f\uff0c\u83b7\u53d6master\u548cslave\u7f51\u7edc\u8282\u70b9\uff0c\u540c\u65f6\u548c\u5f53\u524d\u7f51\u7edc\u8282\u70b9\u7684\u4fe1\u606f\u5224\u65ad\uff0c\u786e\u5b9a\u7f51\u7edc\u8282\u70b9\u7684\u89d2\u8272\u3002\u6700\u540e\uff0c\u56e0\u4e3a\u6307\u5b9a\u4e86master\u548cslave\u8282\u70b9\uff0c\u907f\u514d\u51fa\u73b0master\u7f51\u7edc\u8282\u70b9\u5b95\u673a\u6062\u590d\u540e\uff0cvip\u4f9d\u65e7\u5728slave\u8282\u70b9\u7684\u60c5\u51b5\uff0c\u8981\u628akeepalived\u7684\u6a21\u5f0f\u6539\u4e3a\u62a2\u5360\u6a21\u5f0f\u3002","title":"\u89e3\u51b3\u6307\u5b9aL3 agent\u7684\u95ee\u9898"},{"location":"spec/distributed-traffic/#_6","text":"\u89e3\u51b3\u540c\u4e00\u5b50\u7f51\u7ed1\u5b9a\u591a\u4e2aRouter\u540e\uff0c\u865a\u62df\u673a\u5b9e\u4f8b\u7684\u8def\u7531\u95ee\u9898\u3002DHCP\u534f\u8bae\u529f\u80fd\u4e0d\u4ec5\u5305\u62ec\u548cDNS\u670d\u52a1\u5668\u5206\u914d\u8fd8\u5305\u62ec\u7f51\u5173\u5730\u5740\u5206\u914d\uff0c\u4e5f\u5c31\u662f\u53ef\u4ee5\u901a\u8fc7DHCP\u534f\u8bae\u5c06\u8def\u7531\u4fe1\u606f\u4f20\u7ed9\u865a\u62df\u673a\u5b9e\u4f8b\u3002\u5728OpenStack\u4e2d\uff0c\u865a\u62df\u673a\u5b9e\u4f8b\u7684DHCP\u7531neutron-dhcp-agent\u63d0\u4f9b\uff0cneutron-dhcp-agent\u7684\u6838\u5fc3\u529f\u80fd\u57fa\u672c\u7531dnsmasq\u5b8c\u6210\u3002 dnsmasq\u4e2d\u63d0\u4f9btag\u6807\u7b7e\uff0c\u53ef\u4ee5\u4e3a\u6307\u5b9aIP\u5730\u5740\u6dfb\u52a0\u6807\u7b7e\uff0c\u7136\u540e\u53ef\u4ee5\u6839\u636e\u6807\u7b7e\u4e0b\u53d1\u914d\u7f6e\u3002 dnsmasq\u7684host\u914d\u7f6e\u6587\u4ef6\u5982\u4e0b\u6240\u793a\u3002 fa:16:3e:28:a5:0a,host-172-16-0-1.openstacklocal,172.16.0.1,set:subnet-6a4db541-e563-43ff-891b-aa8c05c988c5 fa:16:3e:2b:dd:88,host-172-16-0-10.openstacklocal,172.16.0.10,set:subnet-6a4db541-e563-43ff-891b-aa8c05c988c5 fa:16:3e:a1:96:fc,host-172-16-0-207.openstacklocal,172.16.0.207,set:compute-1-subnet-6a4db541-e563-43ff-891b-aa8c05c988c5 fa:16:3e:45:b4:1a,host-172-16-10-1.openstacklocal,172.16.10.1,set:subnet-faeec4d1-2c0c-4f7a-bc9b-0af562694902 dnsmasq\u7684option\u914d\u7f6e\u6587\u4ef6\u5982\u4e0b\u6240\u793a\u3002 tag:subnet-faeec4d1-2c0c-4f7a-bc9b-0af562694902,option:dns-server,8.8.8.8 tag:subnet-faeec4d1-2c0c-4f7a-bc9b-0af562694902,option:classless-static-route,172.16.0.0/24,0.0.0.0,169.254.169.254/32,172.16.0.2,0.0.0.0/0,172.16.0.1 tag:subnet-faeec4d1-2c0c-4f7a-bc9b-0af562694902,249,172.16.0.0/24,0.0.0.0,169.254.169.254/32,172.16.0.2,0.0.0.0/0,172.16.0.1 tag:subnet-faeec4d1-2c0c-4f7a-bc9b-0af562694902,option:router,172.16.0.1 tag:compute-1-subnet-6a4db541-e563-43ff-891b-aa8c05c988c5,option:classless-static-route,172.16.10.0/24,0.0.0.0,169.254.169.254/32,172.16.0.2,0.0.0.0/0,172.16.0.10 tag:compute-1-subnet-6a4db541-e563-43ff-891b-aa8c05c988c5,249,172.16.0.0/24,0.0.0.0,169.254.169.254/32,172.16.0.2,0.0.0.0/0,172.16.0.10 tag:compute-1-subnet-6a4db541-e563-43ff-891b-aa8c05c988c5,option:router,172.16.0.10 \u53ef\u4ee5\u770b\u5230IP172.16.0.207\u88ab\u6253\u4e0a\u4e86compute-1\u5f00\u5934\u7684tag\uff0c\u5339\u914d\u5230option\u6587\u4ef6\u540e\uff0c172.16.0.207\u7684\u865a\u62df\u673a\u7684\u9ed8\u8ba4\u8def\u7531\u7f51\u5173\u5730\u5740\u5c31\u4f1a\u4ece172.16.0.1\u53d8\u4e3a172.16.0.10\u3002\u5f53\u7136\u8fd9\u4e00\u5207\u7684\u524d\u63d0\u5b50\u7f51\u9700\u8981\u7ed1\u5b9a\u591a\u4e2aRouter\u3002 \u540c\u65f6\u4e3aneutron-dhcp-agent\u63d0\u4f9b\u53ef\u4f9b\u7ba1\u7406\u5458\u4fee\u6539\u7684\u914d\u7f6e\u9879\uff0c\u7528\u4e8e\u6307\u5b9a\u8ba1\u7b97\u8282\u70b9\u548c\u7f51\u7edc\u8282\u70b9\u7684\u5173\u7cfb\uff0c\u53ef\u4ee5\u662f\u4e00\u5bf9\u4e00\uff0c\u53ef\u4ee5\u662f\u591a\u5bf9\u4e00\u3002","title":"\u89e3\u51b3\u8def\u7531\u95ee\u9898"},{"location":"spec/distributed-traffic/#router-gateway","text":"\u5c06\u539f\u672c\u57fa\u4e8e\u6d6e\u52a8IP\u7684\u7aef\u53e3\u6620\u5c04\u6539\u4e3a\u57fa\u4e8eRouter\u7684External Gateway\u7684\u65b9\u5f0f\u3002\u539f\u56e0\u6709\u4e8c\uff1a \u57fa\u4e8e\u6d6e\u52a8IP\u7684\u7aef\u53e3\u6620\u5c04\uff0c\u5bf9\u4e8e\u539f\u672c\u5c31\u8981\u4f7f\u7528Router\u7684External Gateway\u7684\u7528\u6237\u5c31\u4f1a\u591a\u5360\u7528\u4e00\u4e2a\u5916\u90e8\u7f51\u7edc\u7684IP\uff0c\u4e3a\u51cf\u5c11\u5916\u90e8\u7f51\u7edcIP\u7684\u4f7f\u7528\u6539\u7528External Gateway\u7684\u65b9\u5f0f\u8fdb\u884c\u7aef\u53e3\u6620\u5c04\u3002 \u57fa\u4e8e\u6d6e\u52a8IP\u7684\u7aef\u53e3\u6620\u5c04\uff0c\u4f9d\u8d56Router\u7684\u7f51\u7edc\u547d\u540d\u7a7a\u95f4\u6765\u505aNAT\uff0c\u4e0d\u5f00\u542fL3 HA\u65f6\uff0c\u540c\u4e00\u5b50\u7f51\u5728\u7ed1\u5b9a\u591a\u4e2aRouter\u540e\uff0c\u7531\u4e8e\u7aef\u53e3\u6620\u5c04\u521b\u5efa\u7684\u903b\u8f91\uff0cNAT\u4f1a\u53d1\u751f\u5728\u5b50\u7f51\u7f51\u5173\u5730\u5740\u6240\u5728\u7684Router\u7684\u7f51\u7edc\u547d\u540d\u7a7a\u95f4\u4e2d\uff08\u7279\u5b9a\u7684\u7f51\u7edc\u8282\u70b9\uff09\uff0c\u4e0d\u4f1a\u5206\u6563\u5728\u5404\u4e2aRouter\u7684\u7f51\u7edc\u547d\u540d\u7a7a\u95f4\u4e2d\uff08\u6bcf\u4e2a\u7f51\u7edc\u8282\u70b9\uff09\u3002\u8fd9\u6837\u5728\u7aef\u53e3\u6620\u5c04\u65f6\uff0c\u4f1a\u589e\u52a0\u7f51\u7edc\u8282\u70b9\u7684\u538b\u529b\u3002 \u5b9e\u73b0\u65b9\u5f0f\u548c\u57fa\u4e8e\u6d6e\u52a8IP\u7684\u7aef\u53e3\u6620\u5c04\u7c7b\u4f3c\uff0c\u4e0e\u4e4b\u4e0d\u540c\u7684\u662fExternal Gateway\u4e0d\u9700\u8981\u9009\u62e9Router\uff0c\u56e0\u4e3aExternal Gateway\u672c\u6765\u548cRouter\u5c31\u662f\u76f8\u5173\u8054\u7684\u3002\u57fa\u4e8e\u6d6e\u52a8IP\u7684\u7aef\u53e3\u6620\u5c04\u5728\u9009\u62e9Router\u65f6\uff0c\u9009\u62e9\u7684\u662f\u5b50\u7f51\u7684\u7f51\u5173\u5730\u5740\u6240\u5728\u7684Router\u3002 \u6700\u540e\uff0c\u5728\u5b9e\u73b0\u4e0a\u9762\u4e09\u4e2a\u90e8\u5206\u540e\uff0c\u7528\u6237\u5b9e\u73b0\u6d41\u91cf\u5206\u6563\u7684\u6b65\u9aa4\u5982\u4e0b\u3002 \u7528\u6237\u4fee\u6539neutron-dhcp-agent\u7684\u914d\u7f6e\u6587\u4ef6\uff0c\u4fee\u6539\u8ba1\u7b97\u8282\u70b9\u548c\u7f51\u7edc\u8282\u70b9\u7684\u6620\u5c04\u5173\u7cfb\u3002\u4f8b\u5982\u4e09\u4e2a\u7f51\u7edc\u8282\u70b9\u3001\u4e09\u4e2a\u8ba1\u7b97\u8282\u70b9\uff0c\u914d\u7f6ecompute-1\u8d70network-1\u8282\u70b9\uff0ccompute-2\u548ccompute-3\u8d70network-2\u8282\u70b9\u3002 \u5229\u7528neutron\u7684API\u521b\u5efa\u591a\u4e2aRouter\u5e76\u6307\u5b9a\u7f51\u7edc\u8282\u70b9\uff0c\u5e76\u5c06Router\u7ed1\u5b9a\u5230\u540c\u4e00\u5b50\u7f51\u3002 \u5229\u7528\u5b50\u7f51\u7f51\u7edc\u521b\u5efa\u591a\u4e2a\u865a\u62df\u673a\u5b9e\u4f8b\u3002 \u865a\u62df\u673a\u5b9e\u4f8b\u7684\u7f51\u7edc\u6d41\u91cf\u7684\u6d41\u5411\u5982\u4e0b\u56fe\u6240\u793a\u3002 \u53ef\u4ee5\u770b\u5230\uff0cVM-1\u8bbf\u95ee\u5916\u90e8\u7f51\u7edc\u7ecf\u8fc7\u7684\u662fnetwork-1\u8282\u70b9\uff0cVM-2\u548cVM-3\u8bbf\u95ee\u5916\u90e8\u7f51\u7edc\u7ecf\u8fc7\u7684\u662fnetwork-2\u8282\u70b9\u3002\u540c\u65f6VM-1\u3001VM-2\u548cVM-3\u53c8\u662f\u5728\u540c\u4e00\u4e2a\u5b50\u7f51\u4e0b\uff0c\u53ef\u4ee5\u4e92\u76f8\u8bbf\u95ee\u3002","title":"\u89e3\u51b3Router Gateway\u7aef\u53e3\u8f6c\u53d1\u7684\u95ee\u9898"},{"location":"spec/distributed-traffic/#api","text":"","title":"API"},{"location":"spec/distributed-traffic/#_7","text":"GET /v2.0/routers/{router_id}/gateway_port_forwardings Response { \"gateway_port_forwardings\": [ { \"id\": \"67a70b09-f9e7-441e-bd49-7177fe70bb47\", \"external_port\": 34203, \"protocol\": \"tcp\", \"internal_port_id\": \"b671c61a-95c3-49cd-89f2-b7e817d1f486\", \"internal_ip_address\": \"172.16.0.196\", \"internal_port\": 518, \"gw_ip_address\": \"192.168.57.234\" } ] }","title":"\u67e5\u770b\u8def\u7531\u5668\u7f51\u5173\u7aef\u53e3\u8f6c\u53d1\u5217\u8868"},{"location":"spec/distributed-traffic/#_8","text":"GET /v2.0/routers/{router_id}/gateway_port_forwardings/{port_forwarding_id} Response { \"gateway_port_forwarding\": { \"id\": \"67a70b09-f9e7-441e-bd49-7177fe70bb47\", \"external_port\": 34203, \"protocol\": \"tcp\", \"internal_port_id\": \"b671c61a-95c3-49cd-89f2-b7e817d1f486\", \"internal_ip_address\": \"172.16.0.196\", \"internal_port\": 518, \"gw_ip_address\": \"192.168.57.234\" } }","title":"\u67e5\u770b\u8def\u7531\u5668\u7f51\u5173\u7aef\u53e3\u8f6c\u53d1"},{"location":"spec/distributed-traffic/#_9","text":"POST /v2.0/routers/{router_id}/gateway_port_forwardings Request Body { \"gateway_port_forwarding\": { \"external_port\": int, \"internal_port\": int, \"internal_ip_address\": \"string\", \"protocol\": \"tcp\", \"internal_port_id\": \"string\" } } Response { \"gateway_port_forwarding\": { \"id\": \"da554833-b756-4626-9900-6256c361f94b\", \"external_port\": 14122, \"protocol\": \"tcp\", \"internal_port_id\": \"b671c61a-95c3-49cd-89f2-b7e817d1f486\", \"internal_ip_address\": \"172.16.0.196\", \"internal_port\": 3634, \"gw_ip_address\": \"192.168.57.234\" } }","title":"\u521b\u5efa\u8def\u7531\u5668\u7f51\u5173\u7aef\u53e3\u8f6c\u53d1"},{"location":"spec/distributed-traffic/#_10","text":"PUT /v2.0/routers/{router_id}/gateway_port_forwardings/{port_forwarding_id} Request Body { \"gateway_port_forwarding\": { \"external_port\": int, \"internal_port\": int, \"internal_ip_address\": \"string\", \"protocol\": \"tcp\", \"internal_port_id\": \"string\" } } Response { \"gateway_port_forwarding\": { \"id\": \"da554833-b756-4626-9900-6256c361f94b\", \"external_port\": 14122, \"protocol\": \"tcp\", \"internal_port_id\": \"b671c61a-95c3-49cd-89f2-b7e817d1f486\", \"internal_ip_address\": \"172.16.0.196\", \"internal_port\": 3634, \"gw_ip_address\": \"192.168.57.234\" } }","title":"\u66f4\u65b0\u8def\u7531\u5668\u7f51\u5173\u7aef\u53e3\u8f6c\u53d1"},{"location":"spec/distributed-traffic/#_11","text":"DELETE /v2.0/routers/{router_id}/gateway_port_forwardings/{port_forwarding_id}","title":"\u5220\u9664\u8def\u7531\u5668\u7f51\u5173\u7aef\u53e3\u8f6c\u53d1"},{"location":"spec/distributed-traffic/#_12","text":"POST /v2.0/routers Request Body { \"router\": { \"name\": \"string\", \"admin_state_up\": true, \"configurations\": { \"preferred_agent\": \"string\", \"master_agent\": \"string\", \"slave_agents\": [ \"string\" ] } } }","title":"\u65b0\u5efa\u8def\u7531\u5668"},{"location":"spec/distributed-traffic/#_13","text":"PUT /v2.0/routers/{router_id} Request Body { \"router\": { \"name\": \"string\", \"admin_state_up\": true, \"configurations\": { \"preferred_agent\": \"string\", \"master_agent\": \"control01\", \"slave_agents\": [ \"control01\" ] } } }","title":"\u66f4\u65b0\u8def\u7531\u5668"},{"location":"spec/distributed-traffic/#_14","text":"2023-07-28\u52302023-08-30 \u5b8c\u6210\u5f00\u53d1 2023-09-01\u52302023-11-15 \u6d4b\u8bd5\u3001\u95ee\u9898\u4fee\u590d 2023-11-30\u5f15\u5165openEuler 20.03 LTS SP4\u7248\u672c 2023-12-30\u5f15\u5165openEuler 22.03 LTS SP3\u7248\u672c","title":"\u5f00\u53d1\u8282\u594f"},{"location":"spec/openkite/","text":"1\u3001\u524d\u5e8f \u00b6 1.1\u3001 \u8f6f\u4ef6\u8bb8\u53ef\u534f\u8bae \u00b6 \u672c\u8f6f\u4ef6\u57fa\u4e8eLGPL V3\u534f\u8bae\uff0c\u8bf7\u7528\u6237\u548c\u5f00\u53d1\u8005\u6ce8\u610fLGPL\u534f\u8bae\u7684\u8981\u6c42\uff0c\u5176\u4e2d\u6700\u91cd\u8981\u7684\u4e00\u70b9\u662f \u4e0d\u5141\u8bb8fork\u9879\u76ee\u95ed\u6e90 \u3002 1.2\u3001 \u8f6f\u4ef6\u7528\u9014 \u00b6 1.3\u3001 \u5f00\u53d1\u4eba\u5458\u540d\u5355 \u00b6 1.4\u3001 \u751f\u547d\u5f00\u53d1\u5468\u671f \u00b6 1.5\u3001 \u529f\u80fd\u5f00\u53d1\u987a\u5e8f \u00b6 2\u3001\u5f00\u53d1\u89c4\u8303\u7ea6\u5b9a \u00b6 2.1\u3001 \u7a97\u4f53\u63a7\u4ef6\u547d\u540d\u89c4\u8303 \u00b6 \u63a7\u4ef6\u539f\u540d\u79f0_\u7a97\u4f53_\u63a7\u4ef6\u540d\u79f0\u7ec4\u5408\u4f53\u9996\u5b57\u6bcd\u5927\u5199 \u793a\u4f8b\uff1a \u6309\u94ae\u539f\u540d\u79f0\uff1apushButton \u4e3b\u7a97\u4f53 \u83dc\u5355\u6309\u94ae \u547d\u540d\u89c4\u8303\uff1apushButton_MainWindow_Menu \u6309\u94ae\u539f\u540d\u79f0\uff1atoolButton \u4e3b\u7a97\u4f53 \u4e0a\u4f20\u6309\u94ae \u547d\u540d\u89c4\u8303\uff1atoolButton_MainWindow_UpLoad 2.2\u3001 \u540e\u53f0\u529f\u80fd\u5b9e\u73b0\u547d\u540d\u89c4\u8303 \u00b6 \u53d8\u91cf\u3001\u5e38\u91cf\u3001\u51fd\u6570\u3001\u7c7b\u3001\u5bb9\u5668\u7b49 2.3\u3001 \u8f6f\u4ef6\u5305\u6587\u4ef6\u540d\u547d\u540d\u89c4\u8303 \u00b6 2.4\u3001 \u6587\u4ef6\u547d\u540d\u89c4\u8303 \u00b6 2.5\u3001 \u6807\u6ce8 \u00b6 \u5220\u9664\u3001\u79fb\u52a8\u3001\u6539\u540d\u3001\u6743\u9650\u8bbe\u7f6e 3\u3001\u7a97\u53e3\u4e3b\u4f53\u63a7\u4ef6\u540d\u79f0\u3001\u5c3a\u5bf8\u3001\u7528\u9014 \u00b6 3.1\u3001\u83dc\u5355\u529f\u80fd\u5927\u7c7b \u00b6 PushButton\u63a7\u4ef6\u7528\u4e8e\u83dc\u5355\u5927\u7c7b\u8c03\u7528\u7a97\u53e3 \u63a7\u4ef6\u5c3a\u5bf8\uff1a \u56fa\u5b9a\u5c3a\u5bf8 80*25 \u63a7\u4ef6\u4e2d\u6587\u540d \u63a7\u4ef6\u79cd\u7c7b \u63a7\u4ef6\u540d \u7528\u9014 \u83dc\u5355 PushButton pushButton_MainWindow_Menu \u8c03\u51fa\u83dc\u5355\u7a97\u53e3 \u5e2e\u52a9 PushButton pushButton_MainWindow_Help \u8c03\u51fa\u5e2e\u52a9\u7a97\u53e3 \u5de5\u5177 PushButton pushButton_MainWindow_Tool \u8c03\u51fa\u5de5\u5177\u7a97\u53e3 \u62a5\u9519\u5206\u6790 PushButton pushButton_MainWindow_ErrorAnalysis \u8c03\u51fa\u62a5\u9519\u5206\u6790\u7a97\u53e3 \u76d1\u63a7 PushButton pushButton_MainWindow_Monitor \u8c03\u51fa\u76d1\u63a7\u7a97\u53e3 \u8fd0\u7ef4\u65e5\u5fd7 PushButton pushButton_MainWindow_OperationLog \u8c03\u51fa\u8fd0\u7ef4\u65e5\u5fd7\u7a97\u53e3 3.1.1\u3001\u83dc\u5355\u5b50\u7c7b \u00b6 \u8bbe\u7f6e \u8f6f\u4ef6\u4e3b\u9898 3.1.2\u3001\u5e2e\u52a9\u7c7b \u00b6 \u793e\u533a \u7248\u672c\u66f4\u65b0 \u4f7f\u7528\u624b\u518c 3.1.3\u3001\u5de5\u5177\u7c7b \u00b6 \u63d2\u4ef6\u4ed3\u5e93 img\u955c\u50cf\u5de5\u5177 MD5\u6821\u9a8c\u5de5\u5177 OpenStack\u6a21\u5757\u529f\u80fd\u6d4b\u8bd5 \u538b\u529b\u6d4b\u8bd5 3.1.4\u3001\u62a5\u9519\u5206\u6790\u7c7b \u00b6 \u7cfb\u7edf\u62a5\u9519\uff08\u8282\u70b9\u62a5\u9519\u5206\u6790\uff09 OpenStack\u62a5\u9519 K8S\u62a5\u9519 3.1.5\u3001\u76d1\u63a7\u7c7b \u00b6 OPS\u76d1\u63a7\u72b6\u6001\u4e0e\u6027\u80fd\u4f7f\u7528\u5206\u6790 K8S\u76d1\u63a7\u72b6\u6001\u4e0e\u6027\u80fd\u4f7f\u7528\u5206\u6790 3.1.6\u3001\u8fd0\u7ef4\u65e5\u5fd7\u7c7b \u00b6 \u67e5\u770b\u5386\u53f2\u8fd0\u7ef4\u65e5\u5fd7 \u65e5\u5fd7\u5bfc\u51fa 3.2\u3001\u6570\u636e\u53ef\u89c6\u5316\u7c7b \u00b6 3.2.1\u3001\u8ba1\u7b97\u673a\u786c\u4ef6\u4fe1\u606f\u7c7b \u00b6 ProgressBar\u63a7\u4ef6\u663e\u793a\u8ba1\u7b97\u673a\u786c\u4ef6\u6027\u80fd\u5360\u7528\u6bd4 \u63a7\u4ef6\u5c3a\u5bf8\uff1a \u6700\u5c0f\u5c3a\u5bf8 116*27 \u9ad8\u5ea6\u5c3a\u5bf8\u56fa\u5b9a \u63a7\u4ef6\u4e2d\u6587\u540d \u63a7\u4ef6\u79cd\u7c7b \u63a7\u4ef6\u540d \u7528\u9014 \u672c\u673aCPU ProgressBar progressBar_MainWindow_LocalCPU \u663e\u793a\u672c\u5730CPU\u4f7f\u7528\u7387 \u76ee\u6807CPU ProgressBar progressBar_MainWindow_TargetCPU \u663e\u793a\u76ee\u6807CPU\u4f7f\u7528\u7387 \u672c\u673aRAM ProgressBar progressBar_MainWindow_LocalRAM \u663e\u793a\u672c\u673aRAM\u4f7f\u7528\u7387 \u76ee\u6807RAM ProgressBar progressBar_MainWindow_TargetRAM \u663e\u793a\u76ee\u6807RAM\u4f7f\u7528\u7387 \u672c\u673a\u7f51\u7edc ProgressBar progressBar_MainWindow_LocalNetwork \u663e\u793a\u672c\u673a\u7f51\u7edc\u5e26\u5bbd\u4f7f\u7528\u7387 \u76ee\u6807\u7f51\u7edc ProgressBar progressBar_MainWindow_TargetNetwork \u663e\u793a\u76ee\u6807\u7f51\u7edc\u5e26\u5bbd\u4f7f\u7528\u7387 \u672c\u673a\u78c1\u76d8 ProgressBar progressBar_MainWindow_LocalDisk \u663e\u793a\u672c\u673a\u78c1\u76d8IO\u4f7f\u7528\u7387 \u76ee\u6807\u78c1\u76d8 ProgressBar progressBar_MainWindow_TargetDisk \u663e\u793a\u76ee\u6807\u78c1\u76d8IO\u4f7f\u7528\u7387 3.2.2\u3001\u8ba1\u7b97\u673a\u8f6f\u4ef6\u4fe1\u606f\u7c7b \u00b6 Label\u63a7\u4ef6\u663e\u793a\u7cfb\u7edfIP\u4e0eDNS \u63a7\u4ef6\u5c3a\u5bf8\uff1a \u56fa\u5b9a\u5c3a\u5bf8 110*27 \u63a7\u4ef6\u4e2d\u6587\u540d \u63a7\u4ef6\u79cd\u7c7b \u63a7\u4ef6\u540d \u7528\u9014 \u672c\u673aIP Label label_MainWindow_LocalIP \u663e\u793a\u672c\u673aIP \u76ee\u6807IP Label label_MainWindow_TargetIP \u663e\u793a\u76ee\u6807IP \u672c\u673aDNS Label label_MainWindow_LocalNDS \u663e\u793a\u672c\u673aDNS \u76ee\u6807DNS Label label_MainWindow_TargetNDS \u663e\u793a\u76ee\u6807DNS ListWidget\u63a7\u4ef6\u663e\u793a\u7cfb\u7edf\u5fc5\u8981\u4fe1\u606f\u9879\u8bf4\u660e \u63a7\u4ef6\u5c3a\u5bf8\uff1a \u56fa\u5b9a\u5c3a\u5bf8 200*111 \u63a7\u4ef6\u4e2d\u6587\u540d \u63a7\u4ef6\u79cd\u7c7b \u63a7\u4ef6\u540d \u7528\u9014 \u7cfb\u7edf\u4fe1\u606f\u663e\u793a ListWidgets listWidget_MainWidow_SystemShow \u663e\u793a\u7cfb\u7edf\u5fc5\u8981\u4fe1\u606f \u7cfb\u7edf\u5fc5\u8981\u4fe1\u606f\u663e\u793a\u6240\u7528\u53d8\u91cf\u7684API\u63a5\u53e3 \u4e2d\u6587\u540d \u53d8\u91cf\u7c7b\u578b \u53d8\u91cf\u540d \u7528\u9014 \u53d1\u884c\u7248 QStringList systemNameShow linux\u53d1\u884c\u7248\u540d\u79f0 \u7248\u672c\u53f7 QStringList systemVersion linux\u53d1\u884c\u7248\u7248\u672c\u53f7 \u5185\u6838\u53f7 QStringList systemKernel linux\u53d1\u884c\u7248\u5185\u6838\u7248\u672c \u7ba1\u7406\u6743\u9650 QStringList systemAdminPower \u5f53\u524d\u8d26\u53f7\u64cd\u4f5c\u6743\u9650 \u670d\u52a1\u540d\u79f0 QStringList systemServiceName \u5f53\u524d\u8fd0\u7ef4\u8f6f\u4ef6\u670d\u52a1\u540d\u79f0 \u670d\u52a1\u7248\u672c QStringList systemServicVersion \u5f53\u524d\u8fd0\u7ef4\u8f6f\u4ef6\u7248\u672c Label\u4e0eProgressBar\u63a7\u4ef6\u663e\u793a\u5f53\u524d\u8fd0\u884c\u547d\u4ee4\u53ca\u8fdb\u5ea6 \u63a7\u4ef6\u5c3a\u5bf8\uff1a \u5f53\u524d\u8fd0\u884c\u547d\u4ee4\u63a7\u4ef6\u5c3a\u5bf8\uff1a \u6700\u5c0f\u5c3a\u5bf8\uff1a500*31 \u9ad8\u5ea6\u5c3a\u5bf8\u56fa\u5b9a \u5f53\u524d\u547d\u4ee4\u8fdb\u5ea6\u63a7\u4ef6\u5c3a\u5bf8\uff1a \u6700\u5c0f\u5c3a\u5bf8\uff1a171*31 \u9ad8\u5ea6\u5c3a\u5bf8\u56fa\u5b9a \u4e2d\u6587\u540d \u63a7\u4ef6\u79cd\u7c7b \u63a7\u4ef6\u540d \u7528\u9014 \u5f53\u524d\u8fd0\u884c\u547d\u4ee4 Label label_MainWindow_ShowCurrentCommand \u663e\u793a\u5f53\u524d\u96c6\u7fa4\u6216\u8282\u70b9\u6b63\u5728\u8fd0\u884c\u7684\u547d\u4ee4 \u5f53\u524d\u547d\u4ee4\u8fdb\u5ea6 ProgressBar progressBar_MainWindow_ShowCommandProgress \u663e\u793a\u5f53\u524d\u96c6\u7fa4\u6216\u8282\u70b9\u6b63\u5728\u8fd0\u884c\u7684\u547d\u4ee4\u7684\u8fdb\u5ea6 3.3\u3001\u6dfb\u52a0\u96c6\u7fa4\u7c7b \u00b6 3.3.1\u3001 \u96c6\u7fa4\u6dfb\u52a0\u7c7b \u00b6 ToolButton\u63a7\u4ef6\u6dfb\u52a0\u96c6\u7fa4\u8282\u70b9\u4fe1\u606f \u63a7\u4ef6\u5c3a\u5bf8\uff1a \u56fa\u5b9a\u5c3a\u5bf8\uff1a300*31 \u4e2d\u6587\u540d \u63a7\u4ef6\u7c7b\u578b \u63a7\u4ef6\u540d \u7528\u9014 \u6dfb\u52a0\u96c6\u7fa4/\u8282\u70b9 ToolButton toolButton_MainWindow_AddNode \u5f39\u51fa\u7a97\u53e3\u6dfb\u52a0\u96c6\u7fa4\u6216\u8282\u70b9 \u5355\u8282\u70b9\u6dfb\u52a0 \u6279\u91cf\u8282\u70b9\u6dfb\u52a0 \u96c6\u7fa4\u6dfb\u52a0 3.3.2\u3001\u96c6\u7fa4\u663e\u793a\u7c7b \u00b6 TreeWidget\u63a7\u4ef6\u663e\u793a\u96c6\u7fa4\u4fe1\u606f \u63a7\u4ef6\u5c3a\u5bf8\uff1a \u6700\u5c0f\u5c3a\u5bf8\uff1a200*438 \u5bbd\u5ea6\u5c3a\u5bf8\u56fa\u5b9a \u4e2d\u6587\u540d \u63a7\u4ef6\u7c7b\u578b \u63a7\u4ef6\u540d \u7528\u9014 \u8282\u70b9\u4fe1\u606f TreeWidget treeWidget_MainWindow_ShowNode \u7528\u4e8e\u663e\u793a\u96c6\u7fa4\u4e0e\u8282\u70b9\u4fe1\u606f\u6216\u70b9\u51fb\u4fe1\u606f\u540e\u521b\u5efaSSH\u8fdc\u7a0b\u7a97\u53e3\u754c\u9762 \u96c6\u7fa4\u540d\u79f0 \u8282\u70b9\u540d\u79f0 \u8282\u70b9IP\u5730\u5740 3.4\u3001\u811a\u672c\u4e0e\u90e8\u7f72\u7c7b \u00b6 TerrWidget\u63a7\u4ef6\u5f39\u7a97 \u63a7\u4ef6\u5c3a\u5bf8\uff1a \u4e0a\u4f20\u3001\u811a\u672c\u6309\u94ae\u56fa\u5b9a\u5c3a\u5bf8\uff1a63*31 \u90e8\u7f72\u6309\u94ae\u56fa\u5b9a\u5c3a\u5bf8\uff1a65*31 \u4e2d\u6587\u540d \u63a7\u4ef6\u7c7b\u578b \u63a7\u4ef6\u540d \u7528\u9014 \u4e0a\u4f20 terrWidget toolButton_MainWindow_UpLoad \u5f39\u51fa\u4e0a\u4f20\u7a97\u4f53:load.ui \u811a\u672c terrWidget toolButton_MainWindow_Shell \u5f39\u51fa\u811a\u672c\u7a97\u4f53:shell.ui \u90e8\u7f72 terrWidget toolButton_MainWindow_Deploy \u5f39\u51fa\u90e8\u7f72\u7a97\u4f53:deploy.ui 3.4.1\u3001\u4e0a\u4f20\u4e0e\u4e0b\u8f7d\u529f\u80fd\u7c7b \u00b6 \u811a\u672c\u7f16\u8bd1\u5668 yaml\u7f16\u8bd1\u5668 \u811a\u672c\u7f16\u8bd1\u5668 \u52a0\u8f7d\u672c\u5730\u7b56\u7565 \u52a0\u8f7d\u96c6\u7fa4\u914d\u7f6e\u7b56\u7565 \u52a0\u8f7d\u8282\u70b9\u914d\u7f6e\u7b56\u7565 \u4e0a\u4f20\u6587\u4ef6\u5230\u76ee\u6807\u8ba1\u7b97\u673a \u5355\u8282\u70b9 \u591a\u8282\u70b9 \u4e0b\u8f7d\u6587\u4ef6\u5230\u672c\u5730\u8ba1\u7b97\u673a \u5355\u8282\u70b9 \u591a\u8282\u70b9 \u76ee\u6807\u8ba1\u7b97\u673a\u6587\u4ef6\u4e92\u4f20 \u70b9\u5bf9\u70b9\u4e92\u4f20 \u70b9\u5bf9\u591a\u4e92\u4f20 3.4.2\u3001\u811a\u672c\u7c7b \u00b6 \u7f16\u8f91 \u7f16\u8f91\u5b50\u6a21\u5757\u811a\u672c \u7f16\u8f91\u96c6\u7fa4\u6a21\u5757\u811a\u672c \u67e5\u770b \u67e5\u770b\u5b50\u6a21\u5757\u811a\u672c \u67e5\u770b\u96c6\u7fa4\u6a21\u5757\u811a\u672c \u5bfc\u51fa \u5bfc\u51fa\u5b50\u6a21\u5757\u811a\u672c \u5bfc\u51fa\u96c6\u7fa4\u6a21\u5757\u811a\u672c \u5bfc\u51fa\u6240\u6709\u811a\u672c 3.4.3\u3001\u90e8\u7f72\u7c7b \u00b6 \u90e8\u7f72 \u53ef\u6279\u91cf\u9009\u62e9\u8282\u70b9\u90e8\u7f72\u4e0d\u540c\u529f\u80fd\u811a\u672c \u53ef\u96c6\u7fa4\u90e8\u7f72\u4e0d\u540c\u8282\u70b9\u4e0d\u540c\u529f\u80fd\u811a\u672c \u53ef\u5355\u8282\u70b9\u90e8\u7f72\u4e0d\u540c\u529f\u80fd\u811a\u672c \u7ec8\u6b62 \u53ef\u6279\u91cf\u591a\u8282\u70b9\u3001\u5355\u8282\u70b9\u3001\u96c6\u7fa4\u7ec8\u6b62\u5f53\u524d\u90e8\u7f72 3.5\u3001\u529f\u80fd\u63d2\u4ef6\u7c7b \u00b6 3.5.1\u3001\u57fa\u7840\u8fd0\u7ef4\u7c7b \u00b6 \u4fee\u6539\u670d\u52a1\u5668\u8ba1\u7b97\u673a\u540d \u4fee\u6539\u670d\u52a1\u5668\u7528\u6237\u540d \u4fee\u6539\u670d\u52a1\u5668\u5bc6\u7801 \u4fee\u6539\u9632\u706b\u5899\u914d\u7f6e \u4fee\u6539host \u4fee\u6539DNS \u4fee\u6539\u7f51\u5173 \u4fee\u6539IP \u90e8\u7f72\u65f6\u95f4\u670d\u52a1 \u90e8\u7f72DNS\u670d\u52a1 3.5.2\u3001\u5176\u4ed6\u529f\u80fd\u63d2\u4ef6\u7c7b \u00b6 OpenStack\u63d2\u4ef6\u7c7b K8S\u63d2\u4ef6\u7c7b Ceph\u63d2\u4ef6\u7c7b 3.6\u3001ssh\u8fdc\u7a0b\u663e\u793a\u7c7b \u00b6 \u53ef\u590d\u5236\u7c98\u8d34\u547d\u4ee4\uff0c\u4e2d\u6587\u663e\u793a\u7efc\u5408\u7aef\u53e3 3.6.1\u3001\u96c6\u7fa4SSH\u8fdc\u7a0b\u663e\u793a\u7c7b \u00b6 \u7efc\u5408\u7aef\u53e3\u663e\u793a\uff0c\u70b9\u5bf9\u591assh\u8fdc\u7a0b 3.6.2\u3001\u5355\u8282\u70b9SSH\u8fdc\u7a0b\u663e\u793a\u7c7b \u00b6 \u70b9\u5bf9\u70b9ssh\u8fdc\u7a0b 4\u3001\u7a97\u53e3\u4e3b\u4f53\u529f\u80fd\u63d2\u4ef6\u6dfb\u52a0\u65b9\u5f0f\u3001\u89c4\u8303\u3001API\u4e0e\u529f\u80fd\u6ce8\u91ca \u00b6 4.1\u3001\u5de5\u5177\u7c7b \u00b6 \u5f00\u53d1\u89c4\u8303\uff1a API\u63a5\u53e3\uff1a \u529f\u80fd\u6ce8\u91ca\uff1a \u9762\u677f\u6dfb\u52a0\u65b9\u5f0f\uff1a \u540e\u53f0\u529f\u80fd\u6a21\u5757\u6dfb\u52a0\u65b9\u5f0f\uff1a \u6587\u4ef6\u5939\u4f4d\u7f6e\uff1a 4.2\u3001\u529f\u80fd\u63d2\u4ef6\u7c7b \u00b6 \u5f00\u53d1\u89c4\u8303\uff1a API\u63a5\u53e3\uff1a \u529f\u80fd\u6ce8\u91ca\uff1a \u9762\u677f\u6dfb\u52a0\u65b9\u5f0f\uff1a \u540e\u53f0\u529f\u80fd\u6a21\u5757\u6dfb\u52a0\u65b9\u5f0f\uff1a \u6587\u4ef6\u5939\u4f4d\u7f6e\uff1a 5\u3001\u540e\u53f0API\u8c03\u7528\u3001\u89c4\u8303\u4e0e\u4f7f\u7528\u8bf4\u660e \u00b6 5.1\u3001\u8ba1\u7b97\u673a\u786c\u4ef6 \u00b6 5.1.1\u3001CPU \u00b6 5.1.2\u3001RAM \u00b6 5.2\u3001\u8ba1\u7b97\u673a\u8f6f\u4ef6 \u00b6 5.2.1\u3001\u672c\u5730\u8f6f\u4ef6\u5305 \u00b6 5.2.2\u3001\u6e90\u8f6f\u4ef6\u5305 \u00b6 6\u3001\u5f00\u53d1\u601d\u8def\u5907\u6ce8 \u00b6 \u5728\u5404\u79cd\u64cd\u4f5c\u524d\u8fdb\u884c\u5224\u65ad\u672c\u5730\u7f51\u7edc\u4e0e\u76ee\u6807\u7f51\u7edc\u662f\u5426\u8fde\u540c \u5728\u76ee\u6807\u7f51\u7edc\u65e0\u6cd5\u8fde\u901a\u65f6\u63d0\u793a\uff1a\u76ee\u6807IP\u7f51\u7edc\u4e0d\u901a \u5728\u96c6\u7fa4\u8282\u70b9\u90fd\u65e0\u6cd5\u8054\u901a\u65f6\uff0c\u96c6\u7fa4\u8282\u70b9\u5b57\u4f53\u7070\u8272 \u5728\u96c6\u7fa4\u64cd\u4f5c\u6216\u591a\u8282\u70b9\u64cd\u4f5c\u65f6\u63d0\u793a\u65e0\u6cd5\u8fde\u63a5\u7684\u76ee\u6807\u4fe1\u606f\uff0c\u5e76\u63d0\u793a\u786e\u5b9e\u662f\u5426\u7ee7\u7eed\uff0c\u5982\u7ee7\u7eed\u5219\u5c4f\u853d\u65e0\u6cd5\u8fde\u63a5\u7684\u8282\u70b9\u53bb\u8fdb\u884c\u6279\u91cf\u90e8\u7f72 \u754c\u9762\u4fe1\u606f\u5237\u65b0\u9891\u7387 \u8f6f\u786c\u4ef6\u4fe1\u606f\u5237\u65b0\u9891\u7387 cpu\u3001\u5185\u5b58\u7b49\u5360\u6bd4\u663e\u793a\u4fe1\u606f\u7684\u5237\u65b0\u9891\u7387\u4e3a0.5s ssh\u754c\u9762\u5237\u5c4f\u9891\u7387\u4e3a\u5b9e\u65f6\u5237\u65b0 \u96c6\u7fa4\u663e\u793a\u4fe1\u606f\u4e3a\u5b9e\u65f6\u5237\u65b0 \u7cfb\u7edf\u5fc5\u8981\u4fe1\u606f\u663e\u793a\u533a\u57df\u4e3a\u5b9e\u65f6\u5237\u65b0","title":"1\u3001\u524d\u5e8f"},{"location":"spec/openkite/#1","text":"","title":"1\u3001\u524d\u5e8f"},{"location":"spec/openkite/#11","text":"\u672c\u8f6f\u4ef6\u57fa\u4e8eLGPL V3\u534f\u8bae\uff0c\u8bf7\u7528\u6237\u548c\u5f00\u53d1\u8005\u6ce8\u610fLGPL\u534f\u8bae\u7684\u8981\u6c42\uff0c\u5176\u4e2d\u6700\u91cd\u8981\u7684\u4e00\u70b9\u662f \u4e0d\u5141\u8bb8fork\u9879\u76ee\u95ed\u6e90 \u3002","title":"1.1\u3001 \u8f6f\u4ef6\u8bb8\u53ef\u534f\u8bae"},{"location":"spec/openkite/#12","text":"","title":"1.2\u3001 \u8f6f\u4ef6\u7528\u9014"},{"location":"spec/openkite/#13","text":"","title":"1.3\u3001 \u5f00\u53d1\u4eba\u5458\u540d\u5355"},{"location":"spec/openkite/#14","text":"","title":"1.4\u3001 \u751f\u547d\u5f00\u53d1\u5468\u671f"},{"location":"spec/openkite/#15","text":"","title":"1.5\u3001 \u529f\u80fd\u5f00\u53d1\u987a\u5e8f"},{"location":"spec/openkite/#2","text":"","title":"2\u3001\u5f00\u53d1\u89c4\u8303\u7ea6\u5b9a"},{"location":"spec/openkite/#21","text":"\u63a7\u4ef6\u539f\u540d\u79f0_\u7a97\u4f53_\u63a7\u4ef6\u540d\u79f0\u7ec4\u5408\u4f53\u9996\u5b57\u6bcd\u5927\u5199 \u793a\u4f8b\uff1a \u6309\u94ae\u539f\u540d\u79f0\uff1apushButton \u4e3b\u7a97\u4f53 \u83dc\u5355\u6309\u94ae \u547d\u540d\u89c4\u8303\uff1apushButton_MainWindow_Menu \u6309\u94ae\u539f\u540d\u79f0\uff1atoolButton \u4e3b\u7a97\u4f53 \u4e0a\u4f20\u6309\u94ae \u547d\u540d\u89c4\u8303\uff1atoolButton_MainWindow_UpLoad","title":"2.1\u3001 \u7a97\u4f53\u63a7\u4ef6\u547d\u540d\u89c4\u8303"},{"location":"spec/openkite/#22","text":"\u53d8\u91cf\u3001\u5e38\u91cf\u3001\u51fd\u6570\u3001\u7c7b\u3001\u5bb9\u5668\u7b49","title":"2.2\u3001 \u540e\u53f0\u529f\u80fd\u5b9e\u73b0\u547d\u540d\u89c4\u8303"},{"location":"spec/openkite/#23","text":"","title":"2.3\u3001 \u8f6f\u4ef6\u5305\u6587\u4ef6\u540d\u547d\u540d\u89c4\u8303"},{"location":"spec/openkite/#24","text":"","title":"2.4\u3001 \u6587\u4ef6\u547d\u540d\u89c4\u8303"},{"location":"spec/openkite/#25","text":"\u5220\u9664\u3001\u79fb\u52a8\u3001\u6539\u540d\u3001\u6743\u9650\u8bbe\u7f6e","title":"2.5\u3001 \u6807\u6ce8"},{"location":"spec/openkite/#3","text":"","title":"3\u3001\u7a97\u53e3\u4e3b\u4f53\u63a7\u4ef6\u540d\u79f0\u3001\u5c3a\u5bf8\u3001\u7528\u9014"},{"location":"spec/openkite/#31","text":"PushButton\u63a7\u4ef6\u7528\u4e8e\u83dc\u5355\u5927\u7c7b\u8c03\u7528\u7a97\u53e3 \u63a7\u4ef6\u5c3a\u5bf8\uff1a \u56fa\u5b9a\u5c3a\u5bf8 80*25 \u63a7\u4ef6\u4e2d\u6587\u540d \u63a7\u4ef6\u79cd\u7c7b \u63a7\u4ef6\u540d \u7528\u9014 \u83dc\u5355 PushButton pushButton_MainWindow_Menu \u8c03\u51fa\u83dc\u5355\u7a97\u53e3 \u5e2e\u52a9 PushButton pushButton_MainWindow_Help \u8c03\u51fa\u5e2e\u52a9\u7a97\u53e3 \u5de5\u5177 PushButton pushButton_MainWindow_Tool \u8c03\u51fa\u5de5\u5177\u7a97\u53e3 \u62a5\u9519\u5206\u6790 PushButton pushButton_MainWindow_ErrorAnalysis \u8c03\u51fa\u62a5\u9519\u5206\u6790\u7a97\u53e3 \u76d1\u63a7 PushButton pushButton_MainWindow_Monitor \u8c03\u51fa\u76d1\u63a7\u7a97\u53e3 \u8fd0\u7ef4\u65e5\u5fd7 PushButton pushButton_MainWindow_OperationLog \u8c03\u51fa\u8fd0\u7ef4\u65e5\u5fd7\u7a97\u53e3","title":"3.1\u3001\u83dc\u5355\u529f\u80fd\u5927\u7c7b"},{"location":"spec/openkite/#311","text":"\u8bbe\u7f6e \u8f6f\u4ef6\u4e3b\u9898","title":"3.1.1\u3001\u83dc\u5355\u5b50\u7c7b"},{"location":"spec/openkite/#312","text":"\u793e\u533a \u7248\u672c\u66f4\u65b0 \u4f7f\u7528\u624b\u518c","title":"3.1.2\u3001\u5e2e\u52a9\u7c7b"},{"location":"spec/openkite/#313","text":"\u63d2\u4ef6\u4ed3\u5e93 img\u955c\u50cf\u5de5\u5177 MD5\u6821\u9a8c\u5de5\u5177 OpenStack\u6a21\u5757\u529f\u80fd\u6d4b\u8bd5 \u538b\u529b\u6d4b\u8bd5","title":"3.1.3\u3001\u5de5\u5177\u7c7b"},{"location":"spec/openkite/#314","text":"\u7cfb\u7edf\u62a5\u9519\uff08\u8282\u70b9\u62a5\u9519\u5206\u6790\uff09 OpenStack\u62a5\u9519 K8S\u62a5\u9519","title":"3.1.4\u3001\u62a5\u9519\u5206\u6790\u7c7b"},{"location":"spec/openkite/#315","text":"OPS\u76d1\u63a7\u72b6\u6001\u4e0e\u6027\u80fd\u4f7f\u7528\u5206\u6790 K8S\u76d1\u63a7\u72b6\u6001\u4e0e\u6027\u80fd\u4f7f\u7528\u5206\u6790","title":"3.1.5\u3001\u76d1\u63a7\u7c7b"},{"location":"spec/openkite/#316","text":"\u67e5\u770b\u5386\u53f2\u8fd0\u7ef4\u65e5\u5fd7 \u65e5\u5fd7\u5bfc\u51fa","title":"3.1.6\u3001\u8fd0\u7ef4\u65e5\u5fd7\u7c7b"},{"location":"spec/openkite/#32","text":"","title":"3.2\u3001\u6570\u636e\u53ef\u89c6\u5316\u7c7b"},{"location":"spec/openkite/#321","text":"ProgressBar\u63a7\u4ef6\u663e\u793a\u8ba1\u7b97\u673a\u786c\u4ef6\u6027\u80fd\u5360\u7528\u6bd4 \u63a7\u4ef6\u5c3a\u5bf8\uff1a \u6700\u5c0f\u5c3a\u5bf8 116*27 \u9ad8\u5ea6\u5c3a\u5bf8\u56fa\u5b9a \u63a7\u4ef6\u4e2d\u6587\u540d \u63a7\u4ef6\u79cd\u7c7b \u63a7\u4ef6\u540d \u7528\u9014 \u672c\u673aCPU ProgressBar progressBar_MainWindow_LocalCPU \u663e\u793a\u672c\u5730CPU\u4f7f\u7528\u7387 \u76ee\u6807CPU ProgressBar progressBar_MainWindow_TargetCPU \u663e\u793a\u76ee\u6807CPU\u4f7f\u7528\u7387 \u672c\u673aRAM ProgressBar progressBar_MainWindow_LocalRAM \u663e\u793a\u672c\u673aRAM\u4f7f\u7528\u7387 \u76ee\u6807RAM ProgressBar progressBar_MainWindow_TargetRAM \u663e\u793a\u76ee\u6807RAM\u4f7f\u7528\u7387 \u672c\u673a\u7f51\u7edc ProgressBar progressBar_MainWindow_LocalNetwork \u663e\u793a\u672c\u673a\u7f51\u7edc\u5e26\u5bbd\u4f7f\u7528\u7387 \u76ee\u6807\u7f51\u7edc ProgressBar progressBar_MainWindow_TargetNetwork \u663e\u793a\u76ee\u6807\u7f51\u7edc\u5e26\u5bbd\u4f7f\u7528\u7387 \u672c\u673a\u78c1\u76d8 ProgressBar progressBar_MainWindow_LocalDisk \u663e\u793a\u672c\u673a\u78c1\u76d8IO\u4f7f\u7528\u7387 \u76ee\u6807\u78c1\u76d8 ProgressBar progressBar_MainWindow_TargetDisk \u663e\u793a\u76ee\u6807\u78c1\u76d8IO\u4f7f\u7528\u7387","title":"3.2.1\u3001\u8ba1\u7b97\u673a\u786c\u4ef6\u4fe1\u606f\u7c7b"},{"location":"spec/openkite/#322","text":"Label\u63a7\u4ef6\u663e\u793a\u7cfb\u7edfIP\u4e0eDNS \u63a7\u4ef6\u5c3a\u5bf8\uff1a \u56fa\u5b9a\u5c3a\u5bf8 110*27 \u63a7\u4ef6\u4e2d\u6587\u540d \u63a7\u4ef6\u79cd\u7c7b \u63a7\u4ef6\u540d \u7528\u9014 \u672c\u673aIP Label label_MainWindow_LocalIP \u663e\u793a\u672c\u673aIP \u76ee\u6807IP Label label_MainWindow_TargetIP \u663e\u793a\u76ee\u6807IP \u672c\u673aDNS Label label_MainWindow_LocalNDS \u663e\u793a\u672c\u673aDNS \u76ee\u6807DNS Label label_MainWindow_TargetNDS \u663e\u793a\u76ee\u6807DNS ListWidget\u63a7\u4ef6\u663e\u793a\u7cfb\u7edf\u5fc5\u8981\u4fe1\u606f\u9879\u8bf4\u660e \u63a7\u4ef6\u5c3a\u5bf8\uff1a \u56fa\u5b9a\u5c3a\u5bf8 200*111 \u63a7\u4ef6\u4e2d\u6587\u540d \u63a7\u4ef6\u79cd\u7c7b \u63a7\u4ef6\u540d \u7528\u9014 \u7cfb\u7edf\u4fe1\u606f\u663e\u793a ListWidgets listWidget_MainWidow_SystemShow \u663e\u793a\u7cfb\u7edf\u5fc5\u8981\u4fe1\u606f \u7cfb\u7edf\u5fc5\u8981\u4fe1\u606f\u663e\u793a\u6240\u7528\u53d8\u91cf\u7684API\u63a5\u53e3 \u4e2d\u6587\u540d \u53d8\u91cf\u7c7b\u578b \u53d8\u91cf\u540d \u7528\u9014 \u53d1\u884c\u7248 QStringList systemNameShow linux\u53d1\u884c\u7248\u540d\u79f0 \u7248\u672c\u53f7 QStringList systemVersion linux\u53d1\u884c\u7248\u7248\u672c\u53f7 \u5185\u6838\u53f7 QStringList systemKernel linux\u53d1\u884c\u7248\u5185\u6838\u7248\u672c \u7ba1\u7406\u6743\u9650 QStringList systemAdminPower \u5f53\u524d\u8d26\u53f7\u64cd\u4f5c\u6743\u9650 \u670d\u52a1\u540d\u79f0 QStringList systemServiceName \u5f53\u524d\u8fd0\u7ef4\u8f6f\u4ef6\u670d\u52a1\u540d\u79f0 \u670d\u52a1\u7248\u672c QStringList systemServicVersion \u5f53\u524d\u8fd0\u7ef4\u8f6f\u4ef6\u7248\u672c Label\u4e0eProgressBar\u63a7\u4ef6\u663e\u793a\u5f53\u524d\u8fd0\u884c\u547d\u4ee4\u53ca\u8fdb\u5ea6 \u63a7\u4ef6\u5c3a\u5bf8\uff1a \u5f53\u524d\u8fd0\u884c\u547d\u4ee4\u63a7\u4ef6\u5c3a\u5bf8\uff1a \u6700\u5c0f\u5c3a\u5bf8\uff1a500*31 \u9ad8\u5ea6\u5c3a\u5bf8\u56fa\u5b9a \u5f53\u524d\u547d\u4ee4\u8fdb\u5ea6\u63a7\u4ef6\u5c3a\u5bf8\uff1a \u6700\u5c0f\u5c3a\u5bf8\uff1a171*31 \u9ad8\u5ea6\u5c3a\u5bf8\u56fa\u5b9a \u4e2d\u6587\u540d \u63a7\u4ef6\u79cd\u7c7b \u63a7\u4ef6\u540d \u7528\u9014 \u5f53\u524d\u8fd0\u884c\u547d\u4ee4 Label label_MainWindow_ShowCurrentCommand \u663e\u793a\u5f53\u524d\u96c6\u7fa4\u6216\u8282\u70b9\u6b63\u5728\u8fd0\u884c\u7684\u547d\u4ee4 \u5f53\u524d\u547d\u4ee4\u8fdb\u5ea6 ProgressBar progressBar_MainWindow_ShowCommandProgress \u663e\u793a\u5f53\u524d\u96c6\u7fa4\u6216\u8282\u70b9\u6b63\u5728\u8fd0\u884c\u7684\u547d\u4ee4\u7684\u8fdb\u5ea6","title":"3.2.2\u3001\u8ba1\u7b97\u673a\u8f6f\u4ef6\u4fe1\u606f\u7c7b"},{"location":"spec/openkite/#33","text":"","title":"3.3\u3001\u6dfb\u52a0\u96c6\u7fa4\u7c7b"},{"location":"spec/openkite/#331","text":"ToolButton\u63a7\u4ef6\u6dfb\u52a0\u96c6\u7fa4\u8282\u70b9\u4fe1\u606f \u63a7\u4ef6\u5c3a\u5bf8\uff1a \u56fa\u5b9a\u5c3a\u5bf8\uff1a300*31 \u4e2d\u6587\u540d \u63a7\u4ef6\u7c7b\u578b \u63a7\u4ef6\u540d \u7528\u9014 \u6dfb\u52a0\u96c6\u7fa4/\u8282\u70b9 ToolButton toolButton_MainWindow_AddNode \u5f39\u51fa\u7a97\u53e3\u6dfb\u52a0\u96c6\u7fa4\u6216\u8282\u70b9 \u5355\u8282\u70b9\u6dfb\u52a0 \u6279\u91cf\u8282\u70b9\u6dfb\u52a0 \u96c6\u7fa4\u6dfb\u52a0","title":"3.3.1\u3001 \u96c6\u7fa4\u6dfb\u52a0\u7c7b"},{"location":"spec/openkite/#332","text":"TreeWidget\u63a7\u4ef6\u663e\u793a\u96c6\u7fa4\u4fe1\u606f \u63a7\u4ef6\u5c3a\u5bf8\uff1a \u6700\u5c0f\u5c3a\u5bf8\uff1a200*438 \u5bbd\u5ea6\u5c3a\u5bf8\u56fa\u5b9a \u4e2d\u6587\u540d \u63a7\u4ef6\u7c7b\u578b \u63a7\u4ef6\u540d \u7528\u9014 \u8282\u70b9\u4fe1\u606f TreeWidget treeWidget_MainWindow_ShowNode \u7528\u4e8e\u663e\u793a\u96c6\u7fa4\u4e0e\u8282\u70b9\u4fe1\u606f\u6216\u70b9\u51fb\u4fe1\u606f\u540e\u521b\u5efaSSH\u8fdc\u7a0b\u7a97\u53e3\u754c\u9762 \u96c6\u7fa4\u540d\u79f0 \u8282\u70b9\u540d\u79f0 \u8282\u70b9IP\u5730\u5740","title":"3.3.2\u3001\u96c6\u7fa4\u663e\u793a\u7c7b"},{"location":"spec/openkite/#34","text":"TerrWidget\u63a7\u4ef6\u5f39\u7a97 \u63a7\u4ef6\u5c3a\u5bf8\uff1a \u4e0a\u4f20\u3001\u811a\u672c\u6309\u94ae\u56fa\u5b9a\u5c3a\u5bf8\uff1a63*31 \u90e8\u7f72\u6309\u94ae\u56fa\u5b9a\u5c3a\u5bf8\uff1a65*31 \u4e2d\u6587\u540d \u63a7\u4ef6\u7c7b\u578b \u63a7\u4ef6\u540d \u7528\u9014 \u4e0a\u4f20 terrWidget toolButton_MainWindow_UpLoad \u5f39\u51fa\u4e0a\u4f20\u7a97\u4f53:load.ui \u811a\u672c terrWidget toolButton_MainWindow_Shell \u5f39\u51fa\u811a\u672c\u7a97\u4f53:shell.ui \u90e8\u7f72 terrWidget toolButton_MainWindow_Deploy \u5f39\u51fa\u90e8\u7f72\u7a97\u4f53:deploy.ui","title":"3.4\u3001\u811a\u672c\u4e0e\u90e8\u7f72\u7c7b"},{"location":"spec/openkite/#341","text":"\u811a\u672c\u7f16\u8bd1\u5668 yaml\u7f16\u8bd1\u5668 \u811a\u672c\u7f16\u8bd1\u5668 \u52a0\u8f7d\u672c\u5730\u7b56\u7565 \u52a0\u8f7d\u96c6\u7fa4\u914d\u7f6e\u7b56\u7565 \u52a0\u8f7d\u8282\u70b9\u914d\u7f6e\u7b56\u7565 \u4e0a\u4f20\u6587\u4ef6\u5230\u76ee\u6807\u8ba1\u7b97\u673a \u5355\u8282\u70b9 \u591a\u8282\u70b9 \u4e0b\u8f7d\u6587\u4ef6\u5230\u672c\u5730\u8ba1\u7b97\u673a \u5355\u8282\u70b9 \u591a\u8282\u70b9 \u76ee\u6807\u8ba1\u7b97\u673a\u6587\u4ef6\u4e92\u4f20 \u70b9\u5bf9\u70b9\u4e92\u4f20 \u70b9\u5bf9\u591a\u4e92\u4f20","title":"3.4.1\u3001\u4e0a\u4f20\u4e0e\u4e0b\u8f7d\u529f\u80fd\u7c7b"},{"location":"spec/openkite/#342","text":"\u7f16\u8f91 \u7f16\u8f91\u5b50\u6a21\u5757\u811a\u672c \u7f16\u8f91\u96c6\u7fa4\u6a21\u5757\u811a\u672c \u67e5\u770b \u67e5\u770b\u5b50\u6a21\u5757\u811a\u672c \u67e5\u770b\u96c6\u7fa4\u6a21\u5757\u811a\u672c \u5bfc\u51fa \u5bfc\u51fa\u5b50\u6a21\u5757\u811a\u672c \u5bfc\u51fa\u96c6\u7fa4\u6a21\u5757\u811a\u672c \u5bfc\u51fa\u6240\u6709\u811a\u672c","title":"3.4.2\u3001\u811a\u672c\u7c7b"},{"location":"spec/openkite/#343","text":"\u90e8\u7f72 \u53ef\u6279\u91cf\u9009\u62e9\u8282\u70b9\u90e8\u7f72\u4e0d\u540c\u529f\u80fd\u811a\u672c \u53ef\u96c6\u7fa4\u90e8\u7f72\u4e0d\u540c\u8282\u70b9\u4e0d\u540c\u529f\u80fd\u811a\u672c \u53ef\u5355\u8282\u70b9\u90e8\u7f72\u4e0d\u540c\u529f\u80fd\u811a\u672c \u7ec8\u6b62 \u53ef\u6279\u91cf\u591a\u8282\u70b9\u3001\u5355\u8282\u70b9\u3001\u96c6\u7fa4\u7ec8\u6b62\u5f53\u524d\u90e8\u7f72","title":"3.4.3\u3001\u90e8\u7f72\u7c7b"},{"location":"spec/openkite/#35","text":"","title":"3.5\u3001\u529f\u80fd\u63d2\u4ef6\u7c7b"},{"location":"spec/openkite/#351","text":"\u4fee\u6539\u670d\u52a1\u5668\u8ba1\u7b97\u673a\u540d \u4fee\u6539\u670d\u52a1\u5668\u7528\u6237\u540d \u4fee\u6539\u670d\u52a1\u5668\u5bc6\u7801 \u4fee\u6539\u9632\u706b\u5899\u914d\u7f6e \u4fee\u6539host \u4fee\u6539DNS \u4fee\u6539\u7f51\u5173 \u4fee\u6539IP \u90e8\u7f72\u65f6\u95f4\u670d\u52a1 \u90e8\u7f72DNS\u670d\u52a1","title":"3.5.1\u3001\u57fa\u7840\u8fd0\u7ef4\u7c7b"},{"location":"spec/openkite/#352","text":"OpenStack\u63d2\u4ef6\u7c7b K8S\u63d2\u4ef6\u7c7b Ceph\u63d2\u4ef6\u7c7b","title":"3.5.2\u3001\u5176\u4ed6\u529f\u80fd\u63d2\u4ef6\u7c7b"},{"location":"spec/openkite/#36ssh","text":"\u53ef\u590d\u5236\u7c98\u8d34\u547d\u4ee4\uff0c\u4e2d\u6587\u663e\u793a\u7efc\u5408\u7aef\u53e3","title":"3.6\u3001ssh\u8fdc\u7a0b\u663e\u793a\u7c7b"},{"location":"spec/openkite/#361ssh","text":"\u7efc\u5408\u7aef\u53e3\u663e\u793a\uff0c\u70b9\u5bf9\u591assh\u8fdc\u7a0b","title":"3.6.1\u3001\u96c6\u7fa4SSH\u8fdc\u7a0b\u663e\u793a\u7c7b"},{"location":"spec/openkite/#362ssh","text":"\u70b9\u5bf9\u70b9ssh\u8fdc\u7a0b","title":"3.6.2\u3001\u5355\u8282\u70b9SSH\u8fdc\u7a0b\u663e\u793a\u7c7b"},{"location":"spec/openkite/#4api","text":"","title":"4\u3001\u7a97\u53e3\u4e3b\u4f53\u529f\u80fd\u63d2\u4ef6\u6dfb\u52a0\u65b9\u5f0f\u3001\u89c4\u8303\u3001API\u4e0e\u529f\u80fd\u6ce8\u91ca"},{"location":"spec/openkite/#41","text":"\u5f00\u53d1\u89c4\u8303\uff1a API\u63a5\u53e3\uff1a \u529f\u80fd\u6ce8\u91ca\uff1a \u9762\u677f\u6dfb\u52a0\u65b9\u5f0f\uff1a \u540e\u53f0\u529f\u80fd\u6a21\u5757\u6dfb\u52a0\u65b9\u5f0f\uff1a \u6587\u4ef6\u5939\u4f4d\u7f6e\uff1a","title":"4.1\u3001\u5de5\u5177\u7c7b"},{"location":"spec/openkite/#42","text":"\u5f00\u53d1\u89c4\u8303\uff1a API\u63a5\u53e3\uff1a \u529f\u80fd\u6ce8\u91ca\uff1a \u9762\u677f\u6dfb\u52a0\u65b9\u5f0f\uff1a \u540e\u53f0\u529f\u80fd\u6a21\u5757\u6dfb\u52a0\u65b9\u5f0f\uff1a \u6587\u4ef6\u5939\u4f4d\u7f6e\uff1a","title":"4.2\u3001\u529f\u80fd\u63d2\u4ef6\u7c7b"},{"location":"spec/openkite/#5api","text":"","title":"5\u3001\u540e\u53f0API\u8c03\u7528\u3001\u89c4\u8303\u4e0e\u4f7f\u7528\u8bf4\u660e"},{"location":"spec/openkite/#51","text":"","title":"5.1\u3001\u8ba1\u7b97\u673a\u786c\u4ef6"},{"location":"spec/openkite/#511cpu","text":"","title":"5.1.1\u3001CPU"},{"location":"spec/openkite/#512ram","text":"","title":"5.1.2\u3001RAM"},{"location":"spec/openkite/#52","text":"","title":"5.2\u3001\u8ba1\u7b97\u673a\u8f6f\u4ef6"},{"location":"spec/openkite/#521","text":"","title":"5.2.1\u3001\u672c\u5730\u8f6f\u4ef6\u5305"},{"location":"spec/openkite/#522","text":"","title":"5.2.2\u3001\u6e90\u8f6f\u4ef6\u5305"},{"location":"spec/openkite/#6","text":"\u5728\u5404\u79cd\u64cd\u4f5c\u524d\u8fdb\u884c\u5224\u65ad\u672c\u5730\u7f51\u7edc\u4e0e\u76ee\u6807\u7f51\u7edc\u662f\u5426\u8fde\u540c \u5728\u76ee\u6807\u7f51\u7edc\u65e0\u6cd5\u8fde\u901a\u65f6\u63d0\u793a\uff1a\u76ee\u6807IP\u7f51\u7edc\u4e0d\u901a \u5728\u96c6\u7fa4\u8282\u70b9\u90fd\u65e0\u6cd5\u8054\u901a\u65f6\uff0c\u96c6\u7fa4\u8282\u70b9\u5b57\u4f53\u7070\u8272 \u5728\u96c6\u7fa4\u64cd\u4f5c\u6216\u591a\u8282\u70b9\u64cd\u4f5c\u65f6\u63d0\u793a\u65e0\u6cd5\u8fde\u63a5\u7684\u76ee\u6807\u4fe1\u606f\uff0c\u5e76\u63d0\u793a\u786e\u5b9e\u662f\u5426\u7ee7\u7eed\uff0c\u5982\u7ee7\u7eed\u5219\u5c4f\u853d\u65e0\u6cd5\u8fde\u63a5\u7684\u8282\u70b9\u53bb\u8fdb\u884c\u6279\u91cf\u90e8\u7f72 \u754c\u9762\u4fe1\u606f\u5237\u65b0\u9891\u7387 \u8f6f\u786c\u4ef6\u4fe1\u606f\u5237\u65b0\u9891\u7387 cpu\u3001\u5185\u5b58\u7b49\u5360\u6bd4\u663e\u793a\u4fe1\u606f\u7684\u5237\u65b0\u9891\u7387\u4e3a0.5s ssh\u754c\u9762\u5237\u5c4f\u9891\u7387\u4e3a\u5b9e\u65f6\u5237\u65b0 \u96c6\u7fa4\u663e\u793a\u4fe1\u606f\u4e3a\u5b9e\u65f6\u5237\u65b0 \u7cfb\u7edf\u5fc5\u8981\u4fe1\u606f\u663e\u793a\u533a\u57df\u4e3a\u5b9e\u65f6\u5237\u65b0","title":"6\u3001\u5f00\u53d1\u601d\u8def\u5907\u6ce8"},{"location":"spec/openstack-sig-tool-requirement/","text":"openEuler OpenStack\u5f00\u53d1\u5e73\u53f0\u9700\u6c42\u8bf4\u660e\u4e66 \u00b6 \u80cc\u666f \u00b6 \u76ee\u524d\uff0c\u968f\u7740SIG\u7684\u4e0d\u65ad\u53d1\u5c55\uff0c\u6211\u4eec\u660e\u663e\u7684\u9047\u5230\u4e86\u4ee5\u4e0b\u51e0\u7c7b\u95ee\u9898\uff1a 1. OpenStack\u6280\u672f\u590d\u6742\uff0c\u6d89\u53ca\u4e91IAAS\u5c42\u7684\u8ba1\u7b97\u3001\u7f51\u7edc\u3001\u5b58\u50a8\u3001\u955c\u50cf\u3001\u9274\u6743\u7b49\u65b9\u65b9\u9762\u9762\u7684\u6280\u672f\uff0c\u5f00\u53d1\u8005\u5f88\u96be\u5168\u77e5\u5168\u4f1a\uff0c\u63d0\u4ea4\u7684 \u4ee3\u7801\u903b\u8f91\u3001\u8d28\u91cf\u582a\u5fe7 \u3002 2. OpenStack\u662f\u7531python\u7f16\u5199\u7684\uff0cpython\u8f6f\u4ef6\u7684\u4f9d\u8d56\u95ee\u9898\u96be\u4ee5\u5904\u7406\uff0c\u4ee5OpenStack Wallaby\u7248\u672c\u4e3a\u4f8b\uff0c\u6d89\u53ca\u6838\u5fc3python\u8f6f\u4ef6\u5305400+\uff0c \u6bcf\u4e2a\u8f6f\u4ef6\u7684\u4f9d\u8d56\u5c42\u7ea7\u3001\u4f9d\u8d56\u7248\u672c \u9519\u7efc\u590d\u6742\uff0c\u9009\u578b\u56f0\u96be \uff0c\u96be\u4ee5\u5f62\u6210\u95ed\u73af\u3002 3. OpenStack\u8f6f\u4ef6\u5305\u4f17\u591a\uff0cRPM Spec\u7f16\u5199\u5f00\u53d1\u91cf\u5de8\u5927\uff0c\u5e76\u4e14\u968f\u7740openEuler\u3001OpenStack\u672c\u8eab\u7248\u672c\u7684\u4e0d\u65ad\u6f14\u8fdb\uff0cN:N\u7684\u9002\u914d\u5173\u7cfb\u4f1a\u5bfc\u81f4 \u5de5\u4f5c\u91cf\u6210\u500d\u589e\u957f\uff0c\u4eba\u529b\u6210\u672c\u8d8a\u6765\u8d8a\u5927 \u3002 4. OpenStack\u6d4b\u8bd5\u95e8\u69db\u8fc7\u9ad8\uff0c\u4e0d\u4ec5\u9700\u8981\u5f00\u53d1\u4eba\u5458\u719f\u6089OpenStack\uff0c\u8fd8\u8981\u5bf9\u865a\u62df\u5316\u3001\u865a\u62df\u7f51\u6865\u3001\u5757\u5b58\u50a8\u7b49Linux\u5e95\u5c42\u6280\u672f\u6709\u4e00\u5b9a\u4e86\u89e3\u4e0e\u638c\u63e1\uff0c\u90e8\u7f72\u4e00\u5957OpenStack\u73af\u5883\u8017\u65f6\u8fc7\u957f\uff0c\u529f\u80fd\u6d4b\u8bd5\u96be\u5ea6\u5de8\u5927\u3002\u5e76\u4e14\u6d4b\u8bd5\u573a\u666f\u591a\uff0c\u6bd4\u5982X86\u3001ARM64\u67b6\u6784\u6d4b\u8bd5\uff0c\u88f8\u673a\u3001\u865a\u673a\u79cd\u7c7b\u6d4b\u8bd5\uff0cOVS\u3001OVN\u7f51\u6865\u6d4b\u8bd5\uff0cLVM\u3001Ceph\u5b58\u50a8\u6d4b\u8bd5\u7b49\u7b49\uff0c\u66f4\u52a0\u52a0\u91cd\u4e86 \u4eba\u529b\u6210\u672c\u4ee5\u53ca\u6280\u672f\u95e8\u69db \u3002 \u9488\u5bf9\u4ee5\u4e0a\u95ee\u9898\u9700\u8981\u5728openEuler OpenStack\u63d0\u4f9b\u4e00\u4e2a\u5f00\u53d1\u5e73\u53f0\uff0c\u89e3\u51b3\u5f00\u53d1\u8fc7\u7a0b\u9047\u5230\u7684\u4ee5\u4e0a\u75db\u70b9\u95ee\u9898\u3002 \u76ee\u6807 \u00b6 \u8bbe\u8ba1\u5e76\u5f00\u53d1\u4e00\u4e2aOpenStack\u5f3a\u76f8\u5173\u7684openEuler\u5f00\u6e90\u5f00\u53d1\u5e73\u53f0\uff0c\u901a\u8fc7\u89c4\u8303\u5316\u3001\u5de5\u5177\u5316\u3001\u81ea\u52a8\u5316\u7684\u65b9\u5f0f\uff0c\u6ee1\u8db3SIG\u5f00\u53d1\u8005\u7684\u65e5\u5e38\u5f00\u53d1\u9700\u6c42\uff0c\u964d\u4f4e\u5f00\u53d1\u6210\u672c\uff0c\u51cf\u5c11\u4eba\u529b\u6295\u5165\u6210\u672c\uff0c\u964d\u4f4e\u5f00\u53d1\u95e8\u69db\uff0c\u4ece\u800c\u63d0\u9ad8\u5f00\u53d1\u6548\u7387\u3001\u63d0\u9ad8SIG\u8f6f\u4ef6\u8d28\u91cf\u3001\u53d1\u5c55SIG\u751f\u6001\u3001\u5438\u5f15\u66f4\u591a\u5f00\u53d1\u8005\u52a0\u5165SIG\u3002 \u8303\u56f4 \u00b6 \u7528\u6237\u8303\u56f4 \uff1aopenEuler OpenStack SIG\u5f00\u53d1\u8005 \u4e1a\u52a1\u8303\u56f4 \uff1aopenEuler OpenStack SIG\u65e5\u5e38\u5f00\u53d1\u6d3b\u52a8 \u7f16\u7a0b\u8bed\u8a00 \uff1aPython\u3001Ansible\u3001Jinja\u3001JavaScript IT\u6280\u672f \uff1aWeb\u670d\u52a1\u3001RestFul\u89c4\u8303\u3001CLI\u89c4\u8303\u3001\u524d\u7aefGUI\u3001\u6570\u636e\u5e93\u4f7f\u7528 \u529f\u80fd \u00b6 OpenStack\u5f00\u53d1\u5e73\u53f0\u6574\u4f53\u91c7\u7528C/S\u67b6\u6784\uff0c\u4ee5SIG\u5bf9\u5916\u63d0\u4f9b\u5e73\u53f0\u80fd\u529b\uff0cclient\u7aef\u9762\u5411\u6307\u5b9a\u7528\u6237\u767d\u540d\u5355\u5f00\u653e\u3002 \u4e3a\u65b9\u4fbf\u767d\u540d\u5355\u4ee5\u5916\u7528\u6237\u4f7f\u7528\uff0c\u672c\u5e73\u53f0\u8fd8\u63d0\u4f9bCLI\u6a21\u5f0f\uff0c\u5728\u6b64\u6a21\u5f0f\u4e0b\u4e0d\u9700\u8981\u989d\u5916\u670d\u52a1\u7aef\u901a\u4fe1\uff0c\u5728\u672c\u5730\u5373\u53ef\u5f00\u7bb1\u5373\u7528\u3002 \u8f93\u51faOpenStack\u670d\u52a1\u7c7b\u8f6f\u4ef6\u3001\u4f9d\u8d56\u5e93\u8f6f\u4ef6\u7684RPM SPEC\u5f00\u53d1\u89c4\u8303\uff0c\u5f00\u53d1\u8005\u53caReviewer\u9700\u8981\u4e25\u683c\u9075\u5b88\u89c4\u8303\u8fdb\u884c\u5f00\u53d1\u5b9e\u65bd\u3002 \u63d0\u4f9bOpenStack python\u8f6f\u4ef6\u4f9d\u8d56\u5206\u6790\u529f\u80fd\uff0c\u4e00\u952e\u751f\u6210\u4f9d\u8d56\u62d3\u6251\u4e0e\u7ed3\u679c\uff0c\u4fdd\u8bc1\u4f9d\u8d56\u95ed\u73af\uff0c\u907f\u514d\u8f6f\u4ef6\u4f9d\u8d56\u98ce\u9669\u3002 \u63d0\u4f9bOpenStack RPM spec\u751f\u6210\u529f\u80fd\uff0c\u9488\u5bf9\u901a\u7528\u6027\u8f6f\u4ef6\uff0c\u63d0\u4f9b\u4e00\u952e\u751f\u6210 RPM spec\u7684\u529f\u80fd\uff0c\u7f29\u77ed\u5f00\u53d1\u65f6\u95f4\uff0c\u964d\u4f4e\u6295\u5165\u6210\u672c\u3002 \u63d0\u4f9b\u81ea\u52a8\u5316\u90e8\u7f72\u3001\u6d4b\u8bd5\u5e73\u53f0\u529f\u80fd\uff0c\u5b9e\u73b0\u4e00\u952e\u5728\u4efb\u4f55openEuler\u7248\u672c\u4e0a\u90e8\u7f72\u6307\u5b9aOpenStack\u7248\u672c\u7684\u80fd\u529b\uff0c\u5feb\u901f\u6d4b\u8bd5\u3001\u5feb\u901f\u8fed\u4ee3\u3002 \u63d0\u4f9bopenEuler Gitee\u4ed3\u5e93\u81ea\u52a8\u5316\u5904\u7406\u80fd\u529b\uff0c\u6ee1\u8db3\u6279\u91cf\u4fee\u6539\u8f6f\u4ef6\u7684\u9700\u6c42\uff0c\u6bd4\u5982\u521b\u5efa\u4ee3\u7801\u5206\u652f\u3001\u521b\u5efa\u4ed3\u5e93\u3001\u63d0\u4ea4Pull Request\u7b49\u529f\u80fd\u3002 SPEC\u5f00\u53d1\u89c4\u8303\u5236\u5b9a \u00b6 \u3010\u529f\u80fd\u70b9\u3011 1. \u7ea6\u675fOpenStack\u670d\u52a1\u7ea7\u9879\u76eeSPEC\u683c\u5f0f\u4e0e\u5185\u5bb9\u89c4\u8303 2. \u89c4\u5b9aOpenStack\u4f9d\u8d56\u5e93\u7ea7\u522b\u9879\u76eeSPEC\u7684\u6846\u67b6\u3002 \u3010\u5148\u51b3\u6761\u4ef6\u3011\uff1aOpenStack SIG\u5168\u4f53Maintainer\u8fbe\u6210\u4e00\u81f4\uff0c\u53c2\u4e0e\u5382\u5546\u6ca1\u6709\u5206\u6b67\u3002 \u3010\u53c2\u4e0e\u65b9\u3011\uff1a\u4e2d\u56fd\u7535\u4fe1\u3001\u4e2d\u56fd\u8054\u901a\u3001\u7edf\u4fe1\u8f6f\u4ef6 \u3010\u8f93\u5165\u3011\uff1aRPM SPEC\u7f16\u5199\u6807\u51c6 \u3010\u8f93\u51fa\u3011\uff1a\u670d\u52a1\u7ea7\u3001\u4f9d\u8d56\u5e93\u7ea7SPEC\u6a21\u677f\uff1b\u8f6f\u4ef6\u5206\u5c42\u89c4\u8303\u3002 \u3010\u5bf9\u5176\u4ed6\u529f\u80fd\u7684\u5f71\u54cd\u3011\uff1a\u672c\u529f\u80fd\u662f\u4ee5\u4e0b\u8f6f\u4ef6\u529f\u80fd\u7684\u524d\u63d0\uff0c\u4e0b\u8ff0\u5982 SPEC\u81ea\u52a8\u751f\u6210\u529f\u80fd \u9700\u9075\u5faa\u672c\u89c4\u8303\u6267\u884c\u3002 \u4f9d\u8d56\u5206\u6790\u9700\u6c42 \u00b6 \u3010\u529f\u80fd\u70b9\u3011 1. \u81ea\u52a8\u751f\u6210\u57fa\u4e8e\u6307\u5b9aopenEuler\u7248\u672c\u7684OpenStack\u4f9d\u8d56\u8868\u3002 2. \u80fd\u5904\u7406\u4f9d\u8d56\u6210\u73af\u3001\u7248\u672c\u7f3a\u7701\u3001\u540d\u79f0\u4e0d\u4e00\u81f4\u7b49\u4f9d\u8d56\u5e38\u89c1\u95ee\u9898\u3002 \u3010\u5148\u51b3\u6761\u4ef6\u3011\uff1aN/A \u3010\u53c2\u4e0e\u65b9\u3011\uff1aOpenStack SIG\u6838\u5fc3\u5f00\u53d1\u8005 \u3010\u8f93\u5165\u3011\uff1aopenEuler\u7248\u672c\u53f7\u3001OpenStack\u7248\u672c\u53f7\u3001\u76ee\u6807\u4f9d\u8d56\u8303\u56f4\uff08\u6838\u5fc3/\u6d4b\u8bd5/\u6587\u6863\uff09 \u3010\u8f93\u51fa\u3011\uff1a\u6307\u5b9aOpenStack\u7248\u672c\u7684\u5168\u91cf\u4f9d\u8d56\u5e93\u4fe1\u606f\uff0c\u5305\u62ec\u6700\u5c0f/\u6700\u5927\u4f9d\u8d56\u7248\u672c\u3001\u6240\u5c5eopenEuler SIG\u3001RPM\u5305\u540d\u3001\u4f9d\u8d56\u5c42\u7ea7\u3001\u5b50\u4f9d\u8d56\u6811\u7b49\u5185\u5bb9\uff0c\u53ef\u4ee5\u4ee5Excel\u8868\u683c\u7684\u65b9\u5f0f\u8f93\u51fa\u3002 \u3010\u5bf9\u5176\u4ed6\u529f\u80fd\u7684\u5f71\u54cd\u3011\uff1aN/A Spec\u81ea\u52a8\u751f\u6210\u9700\u6c42 \u00b6 \u3010\u529f\u80fd\u70b9\u3011 1. \u4e00\u952e\u751f\u6210OpenStack\u4f9d\u8d56\u5e93\u7c7b\u8f6f\u4ef6\u7684RPM SPEC 2. \u652f\u6301\u5404\u79cdPython\u8f6f\u4ef6\u6784\u5efa\u7cfb\u7edf\uff0c\u6bd4\u5982setuptools\u3001pyproject\u7b49\u3002 \u3010\u5148\u51b3\u6761\u4ef6\u3011\uff1a\u9700\u9075\u5b88 SPEC\u5f00\u53d1\u89c4\u8303 \u3010\u53c2\u4e0e\u65b9\u3011\uff1aOpenStack SIG\u6838\u5fc3\u5f00\u53d1\u8005 \u3010\u8f93\u5165\u3011\uff1a\u6307\u5b9a\u8f6f\u4ef6\u540d\u53ca\u76ee\u6807\u7248\u672c \u3010\u8f93\u51fa\u3011\uff1a\u5bf9\u5e94\u8f6f\u4ef6\u7684RPM SPEC\u6587\u4ef6 \u3010\u5bf9\u5176\u4ed6\u529f\u80fd\u7684\u5f71\u54cd\u3011\uff1a\u751f\u6210\u7684SPEC\u53ef\u4ee5\u901a\u8fc7\u4e0b\u8ff0 \u4ee3\u7801\u63d0\u4ea4\u529f\u80fd \u4e00\u952epush\u5230openEuler\u793e\u533a\u3002 \u81ea\u52a8\u5316\u90e8\u7f72\u3001\u6d4b\u8bd5\u9700\u6c42 \u00b6 \u3010\u529f\u80fd\u70b9\u3011 1. \u4e00\u952e\u5feb\u901f\u90e8\u7f72\u6307\u5b9aOpenStack\u7248\u672c\u3001\u62d3\u6251\u3001\u529f\u80fd\u7684OpenStack\u5355/\u591a\u8282\u70b9\u73af\u5883 2. \u4e00\u952e\u57fa\u4e8e\u5df2\u90e8\u7f72OpenStack\u73af\u5883\u8fdb\u884c\u8d44\u6e90\u9884\u914d\u7f6e\u4e0e\u529f\u80fd\u6d4b\u8bd5\u3002 3. \u652f\u6301\u591a\u4e91\u3001\u4e3b\u673a\u7eb3\u7ba1\u529f\u80fd\uff0c\u652f\u6301\u63d2\u4ef6\u81ea\u5b9a\u4e49\u529f\u80fd\u3002 \u3010\u5148\u51b3\u6761\u4ef6\u3011\uff1aN/A \u3010\u53c2\u4e0e\u65b9\u3011\uff1aOpenStack SIG\u6838\u5fc3\u5f00\u53d1\u8005\u3001\u5404\u4e2a\u4e91\u5e73\u53f0\u76f8\u5173\u5f00\u53d1\u8005 \u3010\u8f93\u5165\u3011\uff1a\u76ee\u6807OpenStack\u7248\u672c\u3001\u8ba1\u7b97/\u7f51\u7edc/\u5b58\u50a8\u7684driver\u573a\u666f \u3010\u8f93\u51fa\u3011\uff1a\u4e00\u4e2a\u53ef\u4ee5\u4e00\u952e\u6267\u884cOpenStack Tempest\u6d4b\u8bd5\u7684OpenStack\u73af\u5883\uff1bTempest\u6d4b\u8bd5\u62a5\u544a\u3002 \u3010\u5bf9\u5176\u4ed6\u529f\u80fd\u7684\u5f71\u54cd\u3011\uff1a N/A \u4e00\u952e\u4ee3\u7801\u5904\u7406\u9700\u6c42 \u00b6 \u3010\u529f\u80fd\u70b9\u3011 1. \u4e00\u952e\u9488\u5bf9openEuler OpenStack\u6240\u5c5e\u9879\u76ee\u7684Repo\u3001Branch\u3001PR\u6267\u884c\u5404\u79cd\u64cd\u4f5c\u3002 2. \u64cd\u4f5c\u5305\u62ec\uff1a\u5efa\u7acb/\u5220\u9664\u6e90\u7801\u4ed3;\u5efa\u7acb/\u5220\u9664openEuler\u5206\u652f\uff1b\u63d0\u4ea4\u8f6f\u4ef6Update PR\uff1b\u5728PR\u4e2d\u6dfb\u52a0\u8bc4\u5ba1\u610f\u89c1\u3002 \u3010\u5148\u51b3\u6761\u4ef6\u3011\uff1a\u63d0\u4ea4PR\u529f\u80fd\u4f9d\u8d56\u4e0a\u8ff0 SPEC\u751f\u6210 \u529f\u80fd \u3010\u53c2\u4e0e\u65b9\u3011\uff1aOpenStack SIG\u6838\u5fc3\u5f00\u53d1\u8005 \u3010\u8f93\u5165\u3011\uff1a\u6307\u5b9a\u8f6f\u4ef6\u540d\u3001openEuler release\u540d\u3001\u76ee\u6807Spec\u6587\u4ef6\u3001\u8bc4\u5ba1\u610f\u89c1\u5185\u5bb9\u3002 \u3010\u8f93\u51fa\u3011\uff1a\u8f6f\u4ef6\u5efa\u4ed3PR\uff1b\u8f6f\u4ef6\u521b\u5efa\u5206\u652fPR\uff1b\u8f6f\u4ef6\u5347\u7ea7PR\uff1bPR\u65b0\u589e\u8bc4\u5ba1\u610f\u89c1\u3002 \u3010\u5bf9\u5176\u4ed6\u529f\u80fd\u7684\u5f71\u54cd\u3011\uff1aN/A \u975e\u529f\u80fd\u9700\u6c42 \u00b6 \u6d4b\u8bd5\u9700\u6c42 \u00b6 \u5bf9\u5e94\u8f6f\u4ef6\u4ee3\u7801\u9700\u5305\u542b\u5355\u5143\u6d4b\u8bd5\uff0c\u8986\u76d6\u7387\u4e0d\u4f4e\u4e8e80%\u3002 \u9700\u63d0\u4f9b\u7aef\u5230\u7aef\u529f\u80fd\u6d4b\u8bd5\uff0c\u8986\u76d6\u4e0a\u8ff0\u6240\u6709\u63a5\u53e3\uff0c\u4ee5\u53ca\u6838\u5fc3\u7684\u573a\u666f\u6d4b\u8bd5\u3002 \u57fa\u4e8eopenEuler\u793e\u533aCI\uff0c\u6784\u5efaCI/CD\u6d41\u7a0b\uff0c\u6240\u6709Pull Request\u8981\u6709CI\u4fdd\u8bc1\u4ee3\u7801\u8d28\u91cf\uff0c\u5b9a\u671f\u53d1\u5e03release\u7248\u672c\uff0c\u8f6f\u4ef6\u53d1\u5e03\u95f4\u9694\u4e0d\u5927\u4e8e3\u4e2a\u6708\u3002 \u5b89\u5168 \u00b6 \u6570\u636e\u5b89\u5168\uff1a\u8f6f\u4ef6\u5168\u7a0b\u4e0d\u8054\u7f51\uff0c\u6301\u4e45\u5b58\u50a8\u4e2d\u4e0d\u5305\u542b\u7528\u6237\u654f\u611f\u4fe1\u606f\u3002 \u7f51\u7edc\u5b89\u5168\uff1aOOS\u5728REST\u67b6\u6784\u4e0b\u4f7f\u7528http\u534f\u8bae\u901a\u4fe1\uff0c\u4f46\u8f6f\u4ef6\u8bbe\u8ba1\u76ee\u6807\u5b9e\u5728\u5185\u7f51\u73af\u5883\u4e2d\u4f7f\u7528\uff0c\u4e0d\u5efa\u8bae\u66b4\u9732\u5728\u516c\u7f51IP\u4e2d\uff0c\u5982\u5fc5\u987b\u5982\u6b64\uff0c\u5efa\u8bae\u589e\u52a0\u8bbf\u95eeIP\u767d\u540d\u5355\u9650\u5236\u3002 \u7cfb\u7edf\u5b89\u5168\uff1a\u57fa\u4e8eopenEuler\u5b89\u5168\u673a\u5236\uff0c\u5b9a\u671f\u53d1\u5e03CVE\u4fee\u590d\u6216\u5b89\u5168\u8865\u4e01\u3002 \u5e94\u7528\u5c42\u5b89\u5168\uff1a\u4e0d\u6d89\u53ca\uff0c\u4e0d\u63d0\u4f9b\u5e94\u7528\u7ea7\u5b89\u5168\u670d\u52a1\uff0c\u4f8b\u5982\u5bc6\u7801\u7b56\u7565\u3001\u8bbf\u95ee\u63a7\u5236\u7b49\u3002 \u7ba1\u7406\u5b89\u5168\uff1a\u8f6f\u4ef6\u63d0\u4f9b\u65e5\u5fd7\u751f\u6210\u548c\u5468\u671f\u6027\u5907\u4efd\u673a\u5236\uff0c\u65b9\u4fbf\u7528\u6237\u5b9a\u671f\u5ba1\u8ba1\u3002 \u53ef\u9760\u6027 \u00b6 \u672c\u8f6f\u4ef6\u9762\u5411openEuler\u793e\u533aOpenStack\u5f00\u53d1\u884c\u4e3a\uff0c\u4e0d\u6d89\u53ca\u670d\u52a1\u4e0a\u7ebf\u6216\u8005\u5546\u4e1a\u751f\u4ea7\u843d\u5730\uff0c\u6240\u6709\u4ee3\u7801\u516c\u5f00\u900f\u660e\uff0c\u4e0d\u6d89\u53ca\u79c1\u6709\u529f\u80fd\u53ca\u4ee3\u7801\u3002\u56e0\u6b64\u4e0d\u63d0\u4f9b\u4f8b\u5982\u8282\u70b9\u5197\u4f59\u3001\u5bb9\u707e\u5907\u4efd\u80fd\u529f\u80fd\u3002 \u5f00\u6e90\u5408\u89c4 \u00b6 \u672c\u5e73\u53f0\u91c7\u7528Apache2.0 License\uff0c\u4e0d\u9650\u5236\u4e0b\u6e38fork\u8f6f\u4ef6\u7684\u95ed\u6e90\u4e0e\u5546\u4e1a\u884c\u4e3a\uff0c\u4f46\u4e0b\u6e38\u8f6f\u4ef6\u9700\u6807\u6ce8\u4ee3\u7801\u6765\u6e90\u4ee5\u53ca\u4fdd\u7559\u539f\u6709License\u3002 \u5b9e\u65bd\u8ba1\u5212 \u00b6 \u65f6\u95f4 \u5185\u5bb9 2021.06 \u5b8c\u6210\u8f6f\u4ef6\u6574\u4f53\u6846\u67b6\u7f16\u5199\uff0c\u5b9e\u73b0CLI Built-in\u673a\u5236\uff0c\u81f3\u5c11\u4e00\u4e2aAPI\u53ef\u7528 2021.12 \u5b8c\u6210CLI Built-in\u673a\u5236\u7684\u5168\u91cf\u529f\u80fd\u53ef\u7528 2022.06 \u5b8c\u6210\u8d28\u91cf\u52a0\u56fa\uff0c\u4fdd\u8bc1\u529f\u80fd\uff0c\u5728openEuler OpenStack\u793e\u533a\u5f00\u53d1\u6d41\u7a0b\u4e2d\u6b63\u5f0f\u5f15\u5165OOS 2022.12 \u4e0d\u65ad\u5b8c\u6210OOS\uff0c\u4fdd\u8bc1\u6613\u7528\u6027\u3001\u5065\u58ee\u6027\uff0c\u81ea\u52a8\u5316\u8986\u76d6\u5ea6\u8d85\u8fc780%\uff0c\u964d\u4f4e\u5f00\u53d1\u4eba\u529b\u6295\u5165 2023.06 \u8865\u9f50REST\u6846\u67b6\u3001CI/CD\u6d41\u7a0b\uff0c\u4e30\u5bccPlugin\u673a\u5236\uff0c\u5f15\u5165\u66f4\u591abackend\u652f\u6301 2023.12 \u5b8c\u6210\u524d\u7aefGUI\u529f\u80fd","title":"openEuler OpenStack\u5f00\u53d1\u5e73\u53f0\u9700\u6c42\u8bf4\u660e\u4e66"},{"location":"spec/openstack-sig-tool-requirement/#openeuler-openstack","text":"","title":"openEuler OpenStack\u5f00\u53d1\u5e73\u53f0\u9700\u6c42\u8bf4\u660e\u4e66"},{"location":"spec/openstack-sig-tool-requirement/#_1","text":"\u76ee\u524d\uff0c\u968f\u7740SIG\u7684\u4e0d\u65ad\u53d1\u5c55\uff0c\u6211\u4eec\u660e\u663e\u7684\u9047\u5230\u4e86\u4ee5\u4e0b\u51e0\u7c7b\u95ee\u9898\uff1a 1. OpenStack\u6280\u672f\u590d\u6742\uff0c\u6d89\u53ca\u4e91IAAS\u5c42\u7684\u8ba1\u7b97\u3001\u7f51\u7edc\u3001\u5b58\u50a8\u3001\u955c\u50cf\u3001\u9274\u6743\u7b49\u65b9\u65b9\u9762\u9762\u7684\u6280\u672f\uff0c\u5f00\u53d1\u8005\u5f88\u96be\u5168\u77e5\u5168\u4f1a\uff0c\u63d0\u4ea4\u7684 \u4ee3\u7801\u903b\u8f91\u3001\u8d28\u91cf\u582a\u5fe7 \u3002 2. OpenStack\u662f\u7531python\u7f16\u5199\u7684\uff0cpython\u8f6f\u4ef6\u7684\u4f9d\u8d56\u95ee\u9898\u96be\u4ee5\u5904\u7406\uff0c\u4ee5OpenStack Wallaby\u7248\u672c\u4e3a\u4f8b\uff0c\u6d89\u53ca\u6838\u5fc3python\u8f6f\u4ef6\u5305400+\uff0c \u6bcf\u4e2a\u8f6f\u4ef6\u7684\u4f9d\u8d56\u5c42\u7ea7\u3001\u4f9d\u8d56\u7248\u672c \u9519\u7efc\u590d\u6742\uff0c\u9009\u578b\u56f0\u96be \uff0c\u96be\u4ee5\u5f62\u6210\u95ed\u73af\u3002 3. OpenStack\u8f6f\u4ef6\u5305\u4f17\u591a\uff0cRPM Spec\u7f16\u5199\u5f00\u53d1\u91cf\u5de8\u5927\uff0c\u5e76\u4e14\u968f\u7740openEuler\u3001OpenStack\u672c\u8eab\u7248\u672c\u7684\u4e0d\u65ad\u6f14\u8fdb\uff0cN:N\u7684\u9002\u914d\u5173\u7cfb\u4f1a\u5bfc\u81f4 \u5de5\u4f5c\u91cf\u6210\u500d\u589e\u957f\uff0c\u4eba\u529b\u6210\u672c\u8d8a\u6765\u8d8a\u5927 \u3002 4. OpenStack\u6d4b\u8bd5\u95e8\u69db\u8fc7\u9ad8\uff0c\u4e0d\u4ec5\u9700\u8981\u5f00\u53d1\u4eba\u5458\u719f\u6089OpenStack\uff0c\u8fd8\u8981\u5bf9\u865a\u62df\u5316\u3001\u865a\u62df\u7f51\u6865\u3001\u5757\u5b58\u50a8\u7b49Linux\u5e95\u5c42\u6280\u672f\u6709\u4e00\u5b9a\u4e86\u89e3\u4e0e\u638c\u63e1\uff0c\u90e8\u7f72\u4e00\u5957OpenStack\u73af\u5883\u8017\u65f6\u8fc7\u957f\uff0c\u529f\u80fd\u6d4b\u8bd5\u96be\u5ea6\u5de8\u5927\u3002\u5e76\u4e14\u6d4b\u8bd5\u573a\u666f\u591a\uff0c\u6bd4\u5982X86\u3001ARM64\u67b6\u6784\u6d4b\u8bd5\uff0c\u88f8\u673a\u3001\u865a\u673a\u79cd\u7c7b\u6d4b\u8bd5\uff0cOVS\u3001OVN\u7f51\u6865\u6d4b\u8bd5\uff0cLVM\u3001Ceph\u5b58\u50a8\u6d4b\u8bd5\u7b49\u7b49\uff0c\u66f4\u52a0\u52a0\u91cd\u4e86 \u4eba\u529b\u6210\u672c\u4ee5\u53ca\u6280\u672f\u95e8\u69db \u3002 \u9488\u5bf9\u4ee5\u4e0a\u95ee\u9898\u9700\u8981\u5728openEuler OpenStack\u63d0\u4f9b\u4e00\u4e2a\u5f00\u53d1\u5e73\u53f0\uff0c\u89e3\u51b3\u5f00\u53d1\u8fc7\u7a0b\u9047\u5230\u7684\u4ee5\u4e0a\u75db\u70b9\u95ee\u9898\u3002","title":"\u80cc\u666f"},{"location":"spec/openstack-sig-tool-requirement/#_2","text":"\u8bbe\u8ba1\u5e76\u5f00\u53d1\u4e00\u4e2aOpenStack\u5f3a\u76f8\u5173\u7684openEuler\u5f00\u6e90\u5f00\u53d1\u5e73\u53f0\uff0c\u901a\u8fc7\u89c4\u8303\u5316\u3001\u5de5\u5177\u5316\u3001\u81ea\u52a8\u5316\u7684\u65b9\u5f0f\uff0c\u6ee1\u8db3SIG\u5f00\u53d1\u8005\u7684\u65e5\u5e38\u5f00\u53d1\u9700\u6c42\uff0c\u964d\u4f4e\u5f00\u53d1\u6210\u672c\uff0c\u51cf\u5c11\u4eba\u529b\u6295\u5165\u6210\u672c\uff0c\u964d\u4f4e\u5f00\u53d1\u95e8\u69db\uff0c\u4ece\u800c\u63d0\u9ad8\u5f00\u53d1\u6548\u7387\u3001\u63d0\u9ad8SIG\u8f6f\u4ef6\u8d28\u91cf\u3001\u53d1\u5c55SIG\u751f\u6001\u3001\u5438\u5f15\u66f4\u591a\u5f00\u53d1\u8005\u52a0\u5165SIG\u3002","title":"\u76ee\u6807"},{"location":"spec/openstack-sig-tool-requirement/#_3","text":"\u7528\u6237\u8303\u56f4 \uff1aopenEuler OpenStack SIG\u5f00\u53d1\u8005 \u4e1a\u52a1\u8303\u56f4 \uff1aopenEuler OpenStack SIG\u65e5\u5e38\u5f00\u53d1\u6d3b\u52a8 \u7f16\u7a0b\u8bed\u8a00 \uff1aPython\u3001Ansible\u3001Jinja\u3001JavaScript IT\u6280\u672f \uff1aWeb\u670d\u52a1\u3001RestFul\u89c4\u8303\u3001CLI\u89c4\u8303\u3001\u524d\u7aefGUI\u3001\u6570\u636e\u5e93\u4f7f\u7528","title":"\u8303\u56f4"},{"location":"spec/openstack-sig-tool-requirement/#_4","text":"OpenStack\u5f00\u53d1\u5e73\u53f0\u6574\u4f53\u91c7\u7528C/S\u67b6\u6784\uff0c\u4ee5SIG\u5bf9\u5916\u63d0\u4f9b\u5e73\u53f0\u80fd\u529b\uff0cclient\u7aef\u9762\u5411\u6307\u5b9a\u7528\u6237\u767d\u540d\u5355\u5f00\u653e\u3002 \u4e3a\u65b9\u4fbf\u767d\u540d\u5355\u4ee5\u5916\u7528\u6237\u4f7f\u7528\uff0c\u672c\u5e73\u53f0\u8fd8\u63d0\u4f9bCLI\u6a21\u5f0f\uff0c\u5728\u6b64\u6a21\u5f0f\u4e0b\u4e0d\u9700\u8981\u989d\u5916\u670d\u52a1\u7aef\u901a\u4fe1\uff0c\u5728\u672c\u5730\u5373\u53ef\u5f00\u7bb1\u5373\u7528\u3002 \u8f93\u51faOpenStack\u670d\u52a1\u7c7b\u8f6f\u4ef6\u3001\u4f9d\u8d56\u5e93\u8f6f\u4ef6\u7684RPM SPEC\u5f00\u53d1\u89c4\u8303\uff0c\u5f00\u53d1\u8005\u53caReviewer\u9700\u8981\u4e25\u683c\u9075\u5b88\u89c4\u8303\u8fdb\u884c\u5f00\u53d1\u5b9e\u65bd\u3002 \u63d0\u4f9bOpenStack python\u8f6f\u4ef6\u4f9d\u8d56\u5206\u6790\u529f\u80fd\uff0c\u4e00\u952e\u751f\u6210\u4f9d\u8d56\u62d3\u6251\u4e0e\u7ed3\u679c\uff0c\u4fdd\u8bc1\u4f9d\u8d56\u95ed\u73af\uff0c\u907f\u514d\u8f6f\u4ef6\u4f9d\u8d56\u98ce\u9669\u3002 \u63d0\u4f9bOpenStack RPM spec\u751f\u6210\u529f\u80fd\uff0c\u9488\u5bf9\u901a\u7528\u6027\u8f6f\u4ef6\uff0c\u63d0\u4f9b\u4e00\u952e\u751f\u6210 RPM spec\u7684\u529f\u80fd\uff0c\u7f29\u77ed\u5f00\u53d1\u65f6\u95f4\uff0c\u964d\u4f4e\u6295\u5165\u6210\u672c\u3002 \u63d0\u4f9b\u81ea\u52a8\u5316\u90e8\u7f72\u3001\u6d4b\u8bd5\u5e73\u53f0\u529f\u80fd\uff0c\u5b9e\u73b0\u4e00\u952e\u5728\u4efb\u4f55openEuler\u7248\u672c\u4e0a\u90e8\u7f72\u6307\u5b9aOpenStack\u7248\u672c\u7684\u80fd\u529b\uff0c\u5feb\u901f\u6d4b\u8bd5\u3001\u5feb\u901f\u8fed\u4ee3\u3002 \u63d0\u4f9bopenEuler Gitee\u4ed3\u5e93\u81ea\u52a8\u5316\u5904\u7406\u80fd\u529b\uff0c\u6ee1\u8db3\u6279\u91cf\u4fee\u6539\u8f6f\u4ef6\u7684\u9700\u6c42\uff0c\u6bd4\u5982\u521b\u5efa\u4ee3\u7801\u5206\u652f\u3001\u521b\u5efa\u4ed3\u5e93\u3001\u63d0\u4ea4Pull Request\u7b49\u529f\u80fd\u3002","title":"\u529f\u80fd"},{"location":"spec/openstack-sig-tool-requirement/#spec","text":"\u3010\u529f\u80fd\u70b9\u3011 1. \u7ea6\u675fOpenStack\u670d\u52a1\u7ea7\u9879\u76eeSPEC\u683c\u5f0f\u4e0e\u5185\u5bb9\u89c4\u8303 2. \u89c4\u5b9aOpenStack\u4f9d\u8d56\u5e93\u7ea7\u522b\u9879\u76eeSPEC\u7684\u6846\u67b6\u3002 \u3010\u5148\u51b3\u6761\u4ef6\u3011\uff1aOpenStack SIG\u5168\u4f53Maintainer\u8fbe\u6210\u4e00\u81f4\uff0c\u53c2\u4e0e\u5382\u5546\u6ca1\u6709\u5206\u6b67\u3002 \u3010\u53c2\u4e0e\u65b9\u3011\uff1a\u4e2d\u56fd\u7535\u4fe1\u3001\u4e2d\u56fd\u8054\u901a\u3001\u7edf\u4fe1\u8f6f\u4ef6 \u3010\u8f93\u5165\u3011\uff1aRPM SPEC\u7f16\u5199\u6807\u51c6 \u3010\u8f93\u51fa\u3011\uff1a\u670d\u52a1\u7ea7\u3001\u4f9d\u8d56\u5e93\u7ea7SPEC\u6a21\u677f\uff1b\u8f6f\u4ef6\u5206\u5c42\u89c4\u8303\u3002 \u3010\u5bf9\u5176\u4ed6\u529f\u80fd\u7684\u5f71\u54cd\u3011\uff1a\u672c\u529f\u80fd\u662f\u4ee5\u4e0b\u8f6f\u4ef6\u529f\u80fd\u7684\u524d\u63d0\uff0c\u4e0b\u8ff0\u5982 SPEC\u81ea\u52a8\u751f\u6210\u529f\u80fd \u9700\u9075\u5faa\u672c\u89c4\u8303\u6267\u884c\u3002","title":"SPEC\u5f00\u53d1\u89c4\u8303\u5236\u5b9a"},{"location":"spec/openstack-sig-tool-requirement/#_5","text":"\u3010\u529f\u80fd\u70b9\u3011 1. \u81ea\u52a8\u751f\u6210\u57fa\u4e8e\u6307\u5b9aopenEuler\u7248\u672c\u7684OpenStack\u4f9d\u8d56\u8868\u3002 2. \u80fd\u5904\u7406\u4f9d\u8d56\u6210\u73af\u3001\u7248\u672c\u7f3a\u7701\u3001\u540d\u79f0\u4e0d\u4e00\u81f4\u7b49\u4f9d\u8d56\u5e38\u89c1\u95ee\u9898\u3002 \u3010\u5148\u51b3\u6761\u4ef6\u3011\uff1aN/A \u3010\u53c2\u4e0e\u65b9\u3011\uff1aOpenStack SIG\u6838\u5fc3\u5f00\u53d1\u8005 \u3010\u8f93\u5165\u3011\uff1aopenEuler\u7248\u672c\u53f7\u3001OpenStack\u7248\u672c\u53f7\u3001\u76ee\u6807\u4f9d\u8d56\u8303\u56f4\uff08\u6838\u5fc3/\u6d4b\u8bd5/\u6587\u6863\uff09 \u3010\u8f93\u51fa\u3011\uff1a\u6307\u5b9aOpenStack\u7248\u672c\u7684\u5168\u91cf\u4f9d\u8d56\u5e93\u4fe1\u606f\uff0c\u5305\u62ec\u6700\u5c0f/\u6700\u5927\u4f9d\u8d56\u7248\u672c\u3001\u6240\u5c5eopenEuler SIG\u3001RPM\u5305\u540d\u3001\u4f9d\u8d56\u5c42\u7ea7\u3001\u5b50\u4f9d\u8d56\u6811\u7b49\u5185\u5bb9\uff0c\u53ef\u4ee5\u4ee5Excel\u8868\u683c\u7684\u65b9\u5f0f\u8f93\u51fa\u3002 \u3010\u5bf9\u5176\u4ed6\u529f\u80fd\u7684\u5f71\u54cd\u3011\uff1aN/A","title":"\u4f9d\u8d56\u5206\u6790\u9700\u6c42"},{"location":"spec/openstack-sig-tool-requirement/#spec_1","text":"\u3010\u529f\u80fd\u70b9\u3011 1. \u4e00\u952e\u751f\u6210OpenStack\u4f9d\u8d56\u5e93\u7c7b\u8f6f\u4ef6\u7684RPM SPEC 2. \u652f\u6301\u5404\u79cdPython\u8f6f\u4ef6\u6784\u5efa\u7cfb\u7edf\uff0c\u6bd4\u5982setuptools\u3001pyproject\u7b49\u3002 \u3010\u5148\u51b3\u6761\u4ef6\u3011\uff1a\u9700\u9075\u5b88 SPEC\u5f00\u53d1\u89c4\u8303 \u3010\u53c2\u4e0e\u65b9\u3011\uff1aOpenStack SIG\u6838\u5fc3\u5f00\u53d1\u8005 \u3010\u8f93\u5165\u3011\uff1a\u6307\u5b9a\u8f6f\u4ef6\u540d\u53ca\u76ee\u6807\u7248\u672c \u3010\u8f93\u51fa\u3011\uff1a\u5bf9\u5e94\u8f6f\u4ef6\u7684RPM SPEC\u6587\u4ef6 \u3010\u5bf9\u5176\u4ed6\u529f\u80fd\u7684\u5f71\u54cd\u3011\uff1a\u751f\u6210\u7684SPEC\u53ef\u4ee5\u901a\u8fc7\u4e0b\u8ff0 \u4ee3\u7801\u63d0\u4ea4\u529f\u80fd \u4e00\u952epush\u5230openEuler\u793e\u533a\u3002","title":"Spec\u81ea\u52a8\u751f\u6210\u9700\u6c42"},{"location":"spec/openstack-sig-tool-requirement/#_6","text":"\u3010\u529f\u80fd\u70b9\u3011 1. \u4e00\u952e\u5feb\u901f\u90e8\u7f72\u6307\u5b9aOpenStack\u7248\u672c\u3001\u62d3\u6251\u3001\u529f\u80fd\u7684OpenStack\u5355/\u591a\u8282\u70b9\u73af\u5883 2. \u4e00\u952e\u57fa\u4e8e\u5df2\u90e8\u7f72OpenStack\u73af\u5883\u8fdb\u884c\u8d44\u6e90\u9884\u914d\u7f6e\u4e0e\u529f\u80fd\u6d4b\u8bd5\u3002 3. \u652f\u6301\u591a\u4e91\u3001\u4e3b\u673a\u7eb3\u7ba1\u529f\u80fd\uff0c\u652f\u6301\u63d2\u4ef6\u81ea\u5b9a\u4e49\u529f\u80fd\u3002 \u3010\u5148\u51b3\u6761\u4ef6\u3011\uff1aN/A \u3010\u53c2\u4e0e\u65b9\u3011\uff1aOpenStack SIG\u6838\u5fc3\u5f00\u53d1\u8005\u3001\u5404\u4e2a\u4e91\u5e73\u53f0\u76f8\u5173\u5f00\u53d1\u8005 \u3010\u8f93\u5165\u3011\uff1a\u76ee\u6807OpenStack\u7248\u672c\u3001\u8ba1\u7b97/\u7f51\u7edc/\u5b58\u50a8\u7684driver\u573a\u666f \u3010\u8f93\u51fa\u3011\uff1a\u4e00\u4e2a\u53ef\u4ee5\u4e00\u952e\u6267\u884cOpenStack Tempest\u6d4b\u8bd5\u7684OpenStack\u73af\u5883\uff1bTempest\u6d4b\u8bd5\u62a5\u544a\u3002 \u3010\u5bf9\u5176\u4ed6\u529f\u80fd\u7684\u5f71\u54cd\u3011\uff1a N/A","title":"\u81ea\u52a8\u5316\u90e8\u7f72\u3001\u6d4b\u8bd5\u9700\u6c42"},{"location":"spec/openstack-sig-tool-requirement/#_7","text":"\u3010\u529f\u80fd\u70b9\u3011 1. \u4e00\u952e\u9488\u5bf9openEuler OpenStack\u6240\u5c5e\u9879\u76ee\u7684Repo\u3001Branch\u3001PR\u6267\u884c\u5404\u79cd\u64cd\u4f5c\u3002 2. \u64cd\u4f5c\u5305\u62ec\uff1a\u5efa\u7acb/\u5220\u9664\u6e90\u7801\u4ed3;\u5efa\u7acb/\u5220\u9664openEuler\u5206\u652f\uff1b\u63d0\u4ea4\u8f6f\u4ef6Update PR\uff1b\u5728PR\u4e2d\u6dfb\u52a0\u8bc4\u5ba1\u610f\u89c1\u3002 \u3010\u5148\u51b3\u6761\u4ef6\u3011\uff1a\u63d0\u4ea4PR\u529f\u80fd\u4f9d\u8d56\u4e0a\u8ff0 SPEC\u751f\u6210 \u529f\u80fd \u3010\u53c2\u4e0e\u65b9\u3011\uff1aOpenStack SIG\u6838\u5fc3\u5f00\u53d1\u8005 \u3010\u8f93\u5165\u3011\uff1a\u6307\u5b9a\u8f6f\u4ef6\u540d\u3001openEuler release\u540d\u3001\u76ee\u6807Spec\u6587\u4ef6\u3001\u8bc4\u5ba1\u610f\u89c1\u5185\u5bb9\u3002 \u3010\u8f93\u51fa\u3011\uff1a\u8f6f\u4ef6\u5efa\u4ed3PR\uff1b\u8f6f\u4ef6\u521b\u5efa\u5206\u652fPR\uff1b\u8f6f\u4ef6\u5347\u7ea7PR\uff1bPR\u65b0\u589e\u8bc4\u5ba1\u610f\u89c1\u3002 \u3010\u5bf9\u5176\u4ed6\u529f\u80fd\u7684\u5f71\u54cd\u3011\uff1aN/A","title":"\u4e00\u952e\u4ee3\u7801\u5904\u7406\u9700\u6c42"},{"location":"spec/openstack-sig-tool-requirement/#_8","text":"","title":"\u975e\u529f\u80fd\u9700\u6c42"},{"location":"spec/openstack-sig-tool-requirement/#_9","text":"\u5bf9\u5e94\u8f6f\u4ef6\u4ee3\u7801\u9700\u5305\u542b\u5355\u5143\u6d4b\u8bd5\uff0c\u8986\u76d6\u7387\u4e0d\u4f4e\u4e8e80%\u3002 \u9700\u63d0\u4f9b\u7aef\u5230\u7aef\u529f\u80fd\u6d4b\u8bd5\uff0c\u8986\u76d6\u4e0a\u8ff0\u6240\u6709\u63a5\u53e3\uff0c\u4ee5\u53ca\u6838\u5fc3\u7684\u573a\u666f\u6d4b\u8bd5\u3002 \u57fa\u4e8eopenEuler\u793e\u533aCI\uff0c\u6784\u5efaCI/CD\u6d41\u7a0b\uff0c\u6240\u6709Pull Request\u8981\u6709CI\u4fdd\u8bc1\u4ee3\u7801\u8d28\u91cf\uff0c\u5b9a\u671f\u53d1\u5e03release\u7248\u672c\uff0c\u8f6f\u4ef6\u53d1\u5e03\u95f4\u9694\u4e0d\u5927\u4e8e3\u4e2a\u6708\u3002","title":"\u6d4b\u8bd5\u9700\u6c42"},{"location":"spec/openstack-sig-tool-requirement/#_10","text":"\u6570\u636e\u5b89\u5168\uff1a\u8f6f\u4ef6\u5168\u7a0b\u4e0d\u8054\u7f51\uff0c\u6301\u4e45\u5b58\u50a8\u4e2d\u4e0d\u5305\u542b\u7528\u6237\u654f\u611f\u4fe1\u606f\u3002 \u7f51\u7edc\u5b89\u5168\uff1aOOS\u5728REST\u67b6\u6784\u4e0b\u4f7f\u7528http\u534f\u8bae\u901a\u4fe1\uff0c\u4f46\u8f6f\u4ef6\u8bbe\u8ba1\u76ee\u6807\u5b9e\u5728\u5185\u7f51\u73af\u5883\u4e2d\u4f7f\u7528\uff0c\u4e0d\u5efa\u8bae\u66b4\u9732\u5728\u516c\u7f51IP\u4e2d\uff0c\u5982\u5fc5\u987b\u5982\u6b64\uff0c\u5efa\u8bae\u589e\u52a0\u8bbf\u95eeIP\u767d\u540d\u5355\u9650\u5236\u3002 \u7cfb\u7edf\u5b89\u5168\uff1a\u57fa\u4e8eopenEuler\u5b89\u5168\u673a\u5236\uff0c\u5b9a\u671f\u53d1\u5e03CVE\u4fee\u590d\u6216\u5b89\u5168\u8865\u4e01\u3002 \u5e94\u7528\u5c42\u5b89\u5168\uff1a\u4e0d\u6d89\u53ca\uff0c\u4e0d\u63d0\u4f9b\u5e94\u7528\u7ea7\u5b89\u5168\u670d\u52a1\uff0c\u4f8b\u5982\u5bc6\u7801\u7b56\u7565\u3001\u8bbf\u95ee\u63a7\u5236\u7b49\u3002 \u7ba1\u7406\u5b89\u5168\uff1a\u8f6f\u4ef6\u63d0\u4f9b\u65e5\u5fd7\u751f\u6210\u548c\u5468\u671f\u6027\u5907\u4efd\u673a\u5236\uff0c\u65b9\u4fbf\u7528\u6237\u5b9a\u671f\u5ba1\u8ba1\u3002","title":"\u5b89\u5168"},{"location":"spec/openstack-sig-tool-requirement/#_11","text":"\u672c\u8f6f\u4ef6\u9762\u5411openEuler\u793e\u533aOpenStack\u5f00\u53d1\u884c\u4e3a\uff0c\u4e0d\u6d89\u53ca\u670d\u52a1\u4e0a\u7ebf\u6216\u8005\u5546\u4e1a\u751f\u4ea7\u843d\u5730\uff0c\u6240\u6709\u4ee3\u7801\u516c\u5f00\u900f\u660e\uff0c\u4e0d\u6d89\u53ca\u79c1\u6709\u529f\u80fd\u53ca\u4ee3\u7801\u3002\u56e0\u6b64\u4e0d\u63d0\u4f9b\u4f8b\u5982\u8282\u70b9\u5197\u4f59\u3001\u5bb9\u707e\u5907\u4efd\u80fd\u529f\u80fd\u3002","title":"\u53ef\u9760\u6027"},{"location":"spec/openstack-sig-tool-requirement/#_12","text":"\u672c\u5e73\u53f0\u91c7\u7528Apache2.0 License\uff0c\u4e0d\u9650\u5236\u4e0b\u6e38fork\u8f6f\u4ef6\u7684\u95ed\u6e90\u4e0e\u5546\u4e1a\u884c\u4e3a\uff0c\u4f46\u4e0b\u6e38\u8f6f\u4ef6\u9700\u6807\u6ce8\u4ee3\u7801\u6765\u6e90\u4ee5\u53ca\u4fdd\u7559\u539f\u6709License\u3002","title":"\u5f00\u6e90\u5408\u89c4"},{"location":"spec/openstack-sig-tool-requirement/#_13","text":"\u65f6\u95f4 \u5185\u5bb9 2021.06 \u5b8c\u6210\u8f6f\u4ef6\u6574\u4f53\u6846\u67b6\u7f16\u5199\uff0c\u5b9e\u73b0CLI Built-in\u673a\u5236\uff0c\u81f3\u5c11\u4e00\u4e2aAPI\u53ef\u7528 2021.12 \u5b8c\u6210CLI Built-in\u673a\u5236\u7684\u5168\u91cf\u529f\u80fd\u53ef\u7528 2022.06 \u5b8c\u6210\u8d28\u91cf\u52a0\u56fa\uff0c\u4fdd\u8bc1\u529f\u80fd\uff0c\u5728openEuler OpenStack\u793e\u533a\u5f00\u53d1\u6d41\u7a0b\u4e2d\u6b63\u5f0f\u5f15\u5165OOS 2022.12 \u4e0d\u65ad\u5b8c\u6210OOS\uff0c\u4fdd\u8bc1\u6613\u7528\u6027\u3001\u5065\u58ee\u6027\uff0c\u81ea\u52a8\u5316\u8986\u76d6\u5ea6\u8d85\u8fc780%\uff0c\u964d\u4f4e\u5f00\u53d1\u4eba\u529b\u6295\u5165 2023.06 \u8865\u9f50REST\u6846\u67b6\u3001CI/CD\u6d41\u7a0b\uff0c\u4e30\u5bccPlugin\u673a\u5236\uff0c\u5f15\u5165\u66f4\u591abackend\u652f\u6301 2023.12 \u5b8c\u6210\u524d\u7aefGUI\u529f\u80fd","title":"\u5b9e\u65bd\u8ba1\u5212"},{"location":"spec/openstack-sig-tool/","text":"openEuler OpenStack \u5f00\u53d1\u5e73\u53f0 \u00b6 openEuler OpenStack SIG\u6210\u7acb\u4e8e2021\u5e74\uff0c\u662f\u7531\u4e2d\u56fd\u8054\u901a\u3001\u4e2d\u56fd\u7535\u4fe1\u3001\u534e\u4e3a\u3001\u7edf\u4fe1\u7b49\u516c\u53f8\u7684\u5f00\u53d1\u8005\u5171\u540c\u6295\u5165\u5e76\u7ef4\u62a4\u7684SIG\u5c0f\u7ec4\uff0c\u65e8\u5728openEuler\u4e4b\u4e0a\u63d0\u4f9b\u539f\u751f\u7684OpenStack\uff0c\u6784\u5efa\u5f00\u653e\u53ef\u9760\u7684\u4e91\u8ba1\u7b97\u6280\u672f\u6808\uff0c\u662fopenEuler\u7684\u6807\u6746SIG\u3002\u4f46OpenStack\u672c\u8eab\u6280\u672f\u590d\u6742\u3001\u5305\u542b\u670d\u52a1\u4f17\u591a\uff0c\u5f00\u53d1\u95e8\u69db\u8f83\u9ad8\uff0c\u5bf9\u8d21\u732e\u8005\u7684\u6280\u672f\u80fd\u529b\u8981\u6c42\u4e5f\u8f83\u9ad8\uff0c\u4eba\u529b\u6210\u672c\u9ad8\u5c45\u4e0d\u4e0b\uff0c\u5728\u5b9e\u9645\u5f00\u53d1\u4e0e\u8d21\u732e\u4e2d\u5b58\u5728\u5404\u79cd\u5404\u6837\u7684\u95ee\u9898\u3002\u4e3a\u4e86\u89e3\u51b3SIG\u9762\u4e34\u7684\u95ee\u9898\uff0c\u4e9f\u9700\u4e00\u4e2aopenEuler+OpenStack\u89e3\u51b3\u65b9\u6848\uff0c\u4ece\u800c\u964d\u4f4e\u5f00\u53d1\u8005\u95e8\u69db\uff0c\u964d\u4f4e\u6295\u5165\u6210\u672c\uff0c\u63d0\u9ad8\u5f00\u53d1\u6548\u7387\uff0c\u4fdd\u8bc1SIG\u7684\u6301\u7eed\u6d3b\u8dc3\u4e0e\u53ef\u6301\u7eed\u53d1\u5c55\u3002 1. \u6982\u8ff0 \u00b6 1.1 \u5f53\u524d\u73b0\u72b6 \u00b6 \u76ee\u524d\uff0c\u968f\u7740SIG\u7684\u4e0d\u65ad\u53d1\u5c55\uff0c\u6211\u4eec\u660e\u663e\u7684\u9047\u5230\u4e86\u4ee5\u4e0b\u51e0\u7c7b\u95ee\u9898\uff1a 1. OpenStack\u6280\u672f\u590d\u6742\uff0c\u6d89\u53ca\u4e91IAAS\u5c42\u7684\u8ba1\u7b97\u3001\u7f51\u7edc\u3001\u5b58\u50a8\u3001\u955c\u50cf\u3001\u9274\u6743\u7b49\u65b9\u65b9\u9762\u9762\u7684\u6280\u672f\uff0c\u5f00\u53d1\u8005\u5f88\u96be\u5168\u77e5\u5168\u4f1a\uff0c\u63d0\u4ea4\u7684\u4ee3\u7801\u903b\u8f91\u3001\u8d28\u91cf\u582a\u5fe7\u3002 2. OpenStack\u662f\u7531python\u7f16\u5199\u7684\uff0cpython\u8f6f\u4ef6\u7684\u4f9d\u8d56\u95ee\u9898\u96be\u4ee5\u5904\u7406\uff0c\u4ee5OpenStack Wallaby\u7248\u672c\u4e3a\u4f8b\uff0c\u6d89\u53ca\u6838\u5fc3python\u8f6f\u4ef6\u5305400+\uff0c \u6bcf\u4e2a\u8f6f\u4ef6\u7684\u4f9d\u8d56\u5c42\u7ea7\u3001\u4f9d\u8d56\u7248\u672c\u9519\u7efc\u590d\u6742\uff0c\u9009\u578b\u56f0\u96be\uff0c\u96be\u4ee5\u5f62\u6210\u95ed\u73af\u3002 3. OpenStack\u8f6f\u4ef6\u5305\u4f17\u591a\uff0cRPM Spec\u7f16\u5199\u5f00\u53d1\u91cf\u5de8\u5927\uff0c\u5e76\u4e14\u968f\u7740openEuler\u3001OpenStack\u672c\u8eab\u7248\u672c\u7684\u4e0d\u65ad\u6f14\u8fdb\uff0cN:N\u7684\u9002\u914d\u5173\u7cfb\u4f1a\u5bfc\u81f4\u5de5\u4f5c\u91cf\u6210\u500d\u589e\u957f\uff0c\u4eba\u529b\u6210\u672c\u8d8a\u6765\u8d8a\u5927\u3002 4. OpenStack\u6d4b\u8bd5\u95e8\u69db\u8fc7\u9ad8\uff0c\u4e0d\u4ec5\u9700\u8981\u5f00\u53d1\u4eba\u5458\u719f\u6089OpenStack\uff0c\u8fd8\u8981\u5bf9\u865a\u62df\u5316\u3001\u865a\u62df\u7f51\u6865\u3001\u5757\u5b58\u50a8\u7b49Linux\u5e95\u5c42\u6280\u672f\u6709\u4e00\u5b9a\u4e86\u89e3\u4e0e\u638c\u63e1\uff0c\u90e8\u7f72\u4e00\u5957OpenStack\u73af\u5883\u8017\u65f6\u8fc7\u957f\uff0c\u529f\u80fd\u6d4b\u8bd5\u96be\u5ea6\u5de8\u5927\u3002\u5e76\u4e14\u6d4b\u8bd5\u573a\u666f\u591a\uff0c\u6bd4\u5982X86\u3001ARM64\u67b6\u6784\u6d4b\u8bd5\uff0c\u88f8\u673a\u3001\u865a\u673a\u79cd\u7c7b\u6d4b\u8bd5\uff0cOVS\u3001OVN\u7f51\u6865\u6d4b\u8bd5\uff0cLVM\u3001Ceph\u5b58\u50a8\u6d4b\u8bd5\u7b49\u7b49\uff0c\u66f4\u52a0\u52a0\u91cd\u4e86\u4eba\u529b\u6210\u672c\u4ee5\u53ca\u6280\u672f\u95e8\u69db\u3002 1.2 \u89e3\u51b3\u65b9\u6848 \u00b6 \u9488\u5bf9\u4ee5\u4e0a\u76ee\u524dSIG\u9047\u5230\u7684\u95ee\u9898\uff0c\u89c4\u8303\u5316\u3001\u5de5\u5177\u5316\u3001\u81ea\u52a8\u5316\u7684\u76ee\u6807\u52bf\u5728\u5fc5\u884c\u3002\u672c\u7bc7\u8bbe\u8ba1\u6587\u6863\u65e8\u5728\u5728openEuler OpenStack SIG\u4e2d\u63d0\u4f9b\u4e00\u4e2a\u7aef\u5230\u7aef\u53ef\u7528\u7684\u5f00\u53d1\u89e3\u51b3\u65b9\u6848\uff0c\u4ece\u6280\u672f\u89c4\u8303\u5230\u6280\u672f\u5b9e\u73b0\uff0c\u63d0\u51fa\u4e25\u683c\u7684\u6807\u51c6\u8981\u6c42\u4e0e\u8bbe\u8ba1\u65b9\u6848\uff0c\u6ee1\u8db3SIG\u5f00\u53d1\u8005\u7684\u65e5\u5e38\u5f00\u53d1\u9700\u6c42\uff0c\u964d\u4f4e\u5f00\u53d1\u6210\u672c\uff0c\u51cf\u5c11\u4eba\u529b\u6295\u5165\u6210\u672c\uff0c\u964d\u4f4e\u5f00\u53d1\u95e8\u69db\uff0c\u4ece\u800c\u63d0\u9ad8\u5f00\u53d1\u6548\u7387\u3001\u63d0\u9ad8SIG\u8f6f\u4ef6\u8d28\u91cf\u3001\u53d1\u5c55SIG\u751f\u6001\u3001\u5438\u5f15\u66f4\u591a\u5f00\u53d1\u8005\u52a0\u5165SIG\u3002\u4e3b\u8981\u52a8\u4f5c\u5982\u4e0b\uff1a 1. \u8f93\u51faOpenStack\u670d\u52a1\u7c7b\u8f6f\u4ef6\u3001\u4f9d\u8d56\u5e93\u8f6f\u4ef6\u7684RPM SPEC\u5f00\u53d1\u89c4\u8303\uff0c\u5f00\u53d1\u8005\u53caReviewer\u9700\u8981\u4e25\u683c\u9075\u5b88\u89c4\u8303\u8fdb\u884c\u5f00\u53d1\u5b9e\u65bd\u3002 2. \u63d0\u4f9bOpenStack python\u8f6f\u4ef6\u4f9d\u8d56\u5206\u6790\u529f\u80fd\uff0c\u4e00\u952e\u751f\u6210\u4f9d\u8d56\u62d3\u6251\u4e0e\u7ed3\u679c\uff0c\u4fdd\u8bc1\u4f9d\u8d56\u95ed\u73af\uff0c\u907f\u514d\u8f6f\u4ef6\u4f9d\u8d56\u98ce\u9669\u3002 3. \u63d0\u4f9bOpenStack RPM spec\u751f\u6210\u529f\u80fd\uff0c\u9488\u5bf9\u901a\u7528\u6027\u8f6f\u4ef6\uff0c\u63d0\u4f9b\u4e00\u952e\u751f\u6210 RPM spec\u7684\u529f\u80fd\uff0c\u7f29\u77ed\u5f00\u53d1\u65f6\u95f4\uff0c\u964d\u4f4e\u6295\u5165\u6210\u672c\u3002 4. \u63d0\u4f9b\u81ea\u52a8\u5316\u90e8\u7f72\u3001\u6d4b\u8bd5\u5e73\u53f0\u529f\u80fd\uff0c\u5b9e\u73b0\u4e00\u952e\u5728\u4efb\u4f55openEuler\u7248\u672c\u4e0a\u90e8\u7f72\u6307\u5b9aOpenStack\u7248\u672c\u7684\u80fd\u529b\uff0c\u5feb\u901f\u6d4b\u8bd5\u3001\u5feb\u901f\u8fed\u4ee3\u3002 5. \u63d0\u4f9bopenEuler Gitee\u4ed3\u5e93\u81ea\u52a8\u5316\u5904\u7406\u80fd\u529b\uff0c\u6ee1\u8db3\u6279\u91cf\u4fee\u6539\u8f6f\u4ef6\u7684\u9700\u6c42\uff0c\u6bd4\u5982\u521b\u5efa\u4ee3\u7801\u5206\u652f\u3001\u521b\u5efa\u4ed3\u5e93\u3001\u63d0\u4ea4Pull Request\u7b49\u529f\u80fd\u3002 \u4ee5\u4e0a\u89e3\u51b3\u65b9\u6cd5\u53ef\u4ee5\u7edf\u4e00\u5230\u4e00\u4e2a\u7cfb\u7edf\u5e73\u53f0\u4e2d\uff0c\u6211\u4eec\u79f0\u4f5cOpenStack SIG Tool\uff08\u4ee5\u4e0b\u7b80\u79f0oos\uff09\uff0c\u5373\u5c31\u662fopenEuler OpenStack\u5f00\u53d1\u5e73\u53f0\uff0c\u5177\u4f53\u67b6\u6784\u5982\u4e0b\uff1a \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u2502 CLI \u2502 \u2502 GUI \u2502 \u2514\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2502 \u2502 \u2502 Built-in\u2502 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2502 \u2502REST \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u2502 OpenStack Develop Platform \u2502 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2502 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u2502 \u2502 \u2502 \u2502 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2510 \u2502Dependency Analysis\u2502 \u2502SPEC Generation\u2502 \u2502Deploy and Test\u2502 \u2502Code Action\u2502 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u8be5\u67b6\u6784\u4e3b\u8981\u6709\u4ee5\u4e0b\u4e24\u79cd\u6a21\u5f0f\uff1a 1. Client/Server\u6a21\u5f0f \u5728\u8fd9\u79cd\u6a21\u5f0f\u4e0b\uff0coos\u90e8\u7f72\u6210Web Server\u5f62\u5f0f\uff0cClient\u901a\u8fc7REST\u65b9\u5f0f\u8c03\u7528oos\u3002 - \u4f18\u70b9\uff1a\u63d0\u4f9b\u5f02\u6b65\u8c03\u7528\u80fd\u529b\uff0c\u652f\u6301\u5e76\u53d1\u5904\u7406\uff0c\u652f\u6301\u8bb0\u5f55\u6301\u4e45\u5316\u3002 - \u7f3a\u70b9\uff1a\u6709\u4e00\u5b9a\u5b89\u88c5\u90e8\u7f72\u6210\u672c\uff0c\u4f7f\u7528\u65b9\u5f0f\u8f83\u4e3a\u6b7b\u677f\u3002 Built-in\u6a21\u5f0f \u5728\u8fd9\u79cd\u6a21\u5f0f\u4e0b\uff0coos\u65e0\u9700\u90e8\u7f72\uff0c\u4ee5\u5185\u7f6eCLI\u7684\u65b9\u5f0f\u5bf9\u5916\u63d0\u4f9b\u670d\u52a1\uff0c\u7528\u6237\u901a\u8fc7cli\u76f4\u63a5\u8c03\u7528\u5404\u79cd\u529f\u80fd\u3002 \u4f18\u70b9\uff1a\u65e0\u9700\u90e8\u7f72\uff0c\u968f\u65f6\u968f\u5730\u53ef\u7528\u3002 \u7f3a\u70b9\uff1a\u6ca1\u6709\u6301\u4e45\u5316\u80fd\u529b\uff0c\u4e0d\u652f\u6301\u5e76\u53d1\uff0c\u5355\u4eba\u5355\u7528\u3002 2. \u8be6\u7ec6\u8bbe\u8ba1 \u00b6 2.1 OpenStack Spec\u89c4\u8303 \u00b6 Spec\u89c4\u8303\u662f\u4e00\u4e2a\u6216\u591a\u4e2aspec\u6a21\u677f\uff0c\u9488\u5bf9RPM spec\u7684\u6bcf\u4e2a\u5173\u952e\u5b57\u53ca\u6784\u5efa\u7ae0\u8282\uff0c\u4e25\u683c\u89c4\u5b9a\u76f8\u5173\u5185\u5bb9\uff0c\u5f00\u53d1\u8005\u5728\u7f16\u5199spec\u65f6\uff0c\u5fc5\u987b\u6ee1\u8db3\u89c4\u8303\u8981\u6c42\uff0c\u5426\u5219\u4ee3\u7801\u4e0d\u5141\u8bb8\u88ab\u5408\u5165\u3002\u89c4\u8303\u5185\u5bb9\u7531SIG maintainer\u516c\u5f00\u8ba8\u8bba\u540e\u5f62\u6210\u7ed3\u8bba\uff0c\u5e76\u5b9a\u671f\u5ba1\u89c6\u66f4\u65b0\u3002\u4efb\u4f55\u4eba\u90fd\u6709\u6743\u5229\u63d0\u51fa\u5bf9\u89c4\u8303\u7684\u8d28\u7591\u548c\u5efa\u8bae\uff0c maintainer\u8d1f\u8d23\u89e3\u91ca\u4e0e\u5237\u65b0\u3002\u89c4\u8303\u76ee\u524d\u5305\u62ec\u4e24\u7c7b\uff1a 1. \u670d\u52a1\u7c7b\u8f6f\u4ef6\u89c4\u8303 \u6b64\u7c7b\u8f6f\u4ef6\u4ee5Nova\u3001Neutron\u3001Cinder\u7b49OpenStack\u6838\u5fc3\u670d\u52a1\u4e3a\u4f8b\uff0c\u5b83\u4eec\u4e00\u822c\u5b9a\u5236\u5316\u8981\u6c42\u9ad8\uff0c\u5185\u5bb9\u533a\u522b\u5927\uff0c\u5fc5\u8981\u4eba\u4e3a\u624b\u52a8\u7f16\u5199\u3002\u89c4\u8303\u9700\u6e05\u6670\u89c4\u5b9a\u8f6f\u4ef6\u7684\u5206\u5c42\u65b9\u6cd5\u3001\u6784\u5efa\u65b9\u6cd5\u3001\u8f6f\u4ef6\u5305\u7ec4\u6210\u5185\u5bb9\u3001\u6d4b\u8bd5\u65b9\u6cd5\u3001\u7248\u672c\u53f7\u89c4\u5219\u7b49\u5185\u5bb9\u3002 \u901a\u7528\u4f9d\u8d56\u7c7b\u8f6f\u4ef6\u89c4\u8303 \u6b64\u7c7b\u8f6f\u4ef6\u4e00\u822c\u5b9a\u5236\u5316\u4f4e\uff0c\u5185\u5bb9\u7ed3\u6784\u533a\u522b\u5c0f\uff0c\u9002\u5408\u81ea\u52a8\u5316\u5de5\u5177\u4e00\u952e\u751f\u6210\uff0c\u6211\u4eec\u53ea\u9700\u8981\u5728\u89c4\u8303\u4e2d\u5b9a\u4e49\u76f8\u5173\u5de5\u5177\u7684\u751f\u6210\u89c4\u5219\u5373\u53ef\u3002 2.1.1 \u670d\u52a1\u7c7b\u8f6f\u4ef6\u89c4\u8303 \u00b6 OpenStack\u6bcf\u4e2a\u670d\u52a1\u901a\u5e38\u5305\u542b\u82e5\u5e72\u5b50\u670d\u52a1\uff0c\u9488\u5bf9\u8fd9\u4e9b\u5b50\u670d\u52a1\uff0c\u6211\u4eec\u5728\u6253\u5305\u7684\u65f6\u5019\u4e5f\u8981\u505a\u62c6\u5305\u5904\u7406\uff0c\u5206\u6210\u82e5\u5e72\u4e2a\u5b50RPM\u5305\u3002\u672c\u7ae0\u8282\u89c4\u5b9a\u4e86openEuler SIG\u5bf9OpenStack\u670d\u52a1\u7684RPM\u5305\u62c6\u5206\u7684\u539f\u5219\u3002 2.1.1.1 \u901a\u7528\u539f\u5219 \u00b6 \u91c7\u7528\u5206\u5c42\u67b6\u6784\uff0cRPM\u5305\u7ed3\u6784\u5982\u4e0b\u56fe\u6240\u793a\uff0c\u4ee5openstack-nova\u4e3a\u4f8b\uff1a Level | Package | Example | | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25021\u2502 | \u2502 Root Package \u2502 \u2502 Doc Package (Optional) \u2502 | \u2502 openstack-nova.rpm \u2502 \u2502 openstack-nova-doc.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2502 | | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u253c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | | \u2502 \u2502 | | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25022\u2502 | \u2502 Service1 Package \u2502 \u2502 Service2 Package \u2502 | | \u2502 openstack-nova-compute.rpm \u2502 \u2502 openstack-nova-api.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | | | | | | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | | | | | | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25023\u2502 | \u2502 Common Package \u2502 | | \u2502 openstack-nova-common.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2502 | | | \u2502 | | | \u2502 | | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25024\u2502 | \u2502 Library Package \u25c4------------| Library Test Package (Optional) \u2502 | \u2502 python2-nova.rpm \u2502 \u2502 python2-nova-tests.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u5982\u56fe\u6240\u793a\uff0c\u5206\u4e3a4\u7ea7 Root Package\u4e3a\u603bRPM\u5305\uff0c\u539f\u5219\u4e0a\u4e0d\u5305\u542b\u4efb\u4f55\u6587\u4ef6\u3002\u53ea\u505a\u670d\u52a1\u96c6\u5408\u7528\u3002\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5RPM\u4e00\u952e\u5b89\u88c5\u6240\u6709\u5b50RPM\u5305\u3002 \u5982\u679c\u9879\u76ee\u6709doc\u76f8\u5173\u7684\u6587\u4ef6\uff0c\u4e5f\u53ef\u4ee5\u5355\u72ec\u6210\u5305\uff08\u53ef\u9009\uff09 Service Package\u4e3a\u5b50\u670d\u52a1RPM\u5305\uff0c\u5305\u542b\u8be5\u670d\u52a1\u7684systemd\u670d\u52a1\u542f\u52a8\u6587\u4ef6\u3001\u81ea\u5df1\u72ec\u6709\u7684\u914d\u7f6e\u6587\u4ef6\u7b49\u3002 Common Package\u662f\u5171\u7528\u4f9d\u8d56\u7684RPM\u5305\uff0c\u5305\u542b\u5404\u4e2a\u5b50\u670d\u52a1\u4f9d\u8d56\u7684\u901a\u7528\u914d\u7f6e\u6587\u4ef6\u3001\u7cfb\u7edf\u914d\u7f6e\u6587\u4ef6\u7b49\u3002 Library Package\u4e3apython\u6e90\u7801\u5305\uff0c\u5305\u542b\u4e86\u8be5\u9879\u76ee\u7684python\u4ee3\u7801\u3002 \u5982\u679c\u9879\u76ee\u6709test\u76f8\u5173\u7684\u6587\u4ef6\uff0c\u4e5f\u53ef\u4ee5\u5355\u72ec\u6210\u5305\uff08\u53ef\u9009\uff09 \u6d89\u53ca\u672c\u539f\u5219\u7684\u9879\u76ee\u6709\uff1a openstack-nova openstack-cinder openstack-glance openstack-placment openstack-ironic 2.1.1.2 \u7279\u6b8a\u60c5\u51b5 \u00b6 \u6709\u4e9bopenstack\u7ec4\u4ef6\u672c\u8eab\u53ea\u5305\u542b\u4e00\u4e2a\u670d\u52a1\uff0c\u4e0d\u5b58\u5728\u5b50\u670d\u52a1\u7684\u6982\u5ff5,\u8fd9\u79cd\u670d\u52a1\u5219\u53ea\u9700\u8981\u5206\u4e3a\u4e24\u7ea7\uff1a Level | Package | Example | | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25021\u2502 | \u2502 Root Package \u2502 \u2502 Doc Package (Optional) \u2502 | \u2502 openstack-keystone.rpm \u2502 \u2502 openstack-keystone-doc.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | | | | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25022\u2502 | \u2502 Library Package \u25c4-----| Library Test Package (Optional) \u2502 | \u2502 python2-keystone.rpm \u2502 \u2502 python2-keystone-tests.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 Root Package RPM\u5305\u5305\u542b\u4e86\u9664python\u6e90\u7801\u5916\u7684\u5176\u4ed6\u6240\u6709\u6587\u4ef6\uff0c\u5305\u62ec\u670d\u52a1\u542f\u52a8\u6587\u4ef6\u3001\u9879\u76ee\u914d\u7f6e\u6587\u4ef6\u3001\u7cfb\u7edf\u914d\u7f6e\u6587\u4ef6\u7b49\u7b49\u3002 \u5982\u679c\u9879\u76ee\u6709doc\u76f8\u5173\u7684\u6587\u4ef6\uff0c\u4e5f\u53ef\u4ee5\u5355\u72ec\u6210\u5305\uff08\u53ef\u9009\uff09 Library Package\u4e3apython\u6e90\u7801\u5305\uff0c\u5305\u542b\u4e86\u8be5\u9879\u76ee\u7684python\u4ee3\u7801\u3002 \u5982\u679c\u9879\u76ee\u6709test\u76f8\u5173\u7684\u6587\u4ef6\uff0c\u4e5f\u53ef\u4ee5\u5355\u72ec\u6210\u5305\uff08\u53ef\u9009\uff09 \u6d89\u53ca\u672c\u539f\u5219\u7684\u9879\u76ee\u6709\uff1a openstack-keystone openstack-horizon \u8fd8\u6709\u4e9b\u9879\u76ee\u867d\u7136\u6709\u82e5\u5e72\u5b50RPM\u5305\uff0c\u4f46\u8fd9\u4e9b\u5b50RPM\u5305\u662f\u4e92\u65a5\u7684\uff0c\u5219\u8fd9\u79cd\u670d\u52a1\u7684\u7ed3\u6784\u5982\u4e0b\uff1a Level | Package | Example | | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25021\u2502 | \u2502 Root Package \u2502 \u2502 Doc Package (Optional) \u2502 | \u2502 openstack-neutron.rpm \u2502 \u2502 openstack-neutron-doc.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2502 | | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | | \u2502 | | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25022\u2502 | \u2502 Service1 Package \u2502 \u2502 Service2 Package \u2502 \u2502 Service3 Package \u2502 | | \u2502 openstack-neutron-server.rpm \u2502 \u2502 openstack-neutron-openvswitch.rpm \u2502 \u2502 openstack-neutron-linuxbridge.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | | | | | | | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u253c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | | | | | | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25023\u2502 | \u2502 Common Package \u2502 | | \u2502 openstack-neutron-common.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2502 | | | \u2502 | | | \u2502 | | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25024\u2502 | \u2502 Library Package \u25c4------| Library Test Package (Optional) \u2502 | \u2502 python2-neutron.rpm \u2502 \u2502 python2-neutron-tests.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u5982\u56fe\u6240\u793a\uff0cService2\u548cService3\u4e92\u65a5\u3002 Root\u5305\u53ea\u5305\u542b\u4e0d\u4e92\u65a5\u7684\u5b50\u5305\uff0c\u4e92\u65a5\u7684\u5b50\u5305\u5355\u72ec\u63d0\u4f9b\u3002 \u5982\u679c\u9879\u76ee\u6709doc\u76f8\u5173\u7684\u6587\u4ef6\uff0c\u4e5f\u53ef\u4ee5\u5355\u72ec\u6210\u5305\uff08\u53ef\u9009\uff09 Service Package\u4e3a\u5b50\u670d\u52a1RPM\u5305\uff0c\u5305\u542b\u8be5\u670d\u52a1\u7684systemd\u670d\u52a1\u542f\u52a8\u6587\u4ef6\u3001\u81ea\u5df1\u72ec\u6709\u7684\u914d\u7f6e\u6587\u4ef6\u7b49\u3002 \u4e92\u65a5\u7684Service\u5305\u4e0d\u88abRoot\u5305\u6240\u5305\u542b\uff0c\u7528\u6237\u9700\u8981\u5355\u72ec\u5b89\u88c5\u3002 Common Package\u662f\u5171\u7528\u4f9d\u8d56\u7684RPM\u5305\uff0c\u5305\u542b\u5404\u4e2a\u5b50\u670d\u52a1\u4f9d\u8d56\u7684\u901a\u7528\u914d\u7f6e\u6587\u4ef6\u3001\u7cfb\u7edf\u914d\u7f6e\u6587\u4ef6\u7b49\u3002 Library Package\u4e3apython\u6e90\u7801\u5305\uff0c\u5305\u542b\u4e86\u8be5\u9879\u76ee\u7684python\u4ee3\u7801\u3002 \u5982\u679c\u9879\u76ee\u6709test\u76f8\u5173\u7684\u6587\u4ef6\uff0c\u4e5f\u53ef\u4ee5\u5355\u72ec\u6210\u5305\uff08\u53ef\u9009\uff09 \u6d89\u53ca\u672c\u539f\u5219\u7684\u9879\u76ee\u6709\uff1a openstack-neutron 2.1.2 \u901a\u7528\u4f9d\u8d56\u7c7b\u8f6f\u4ef6\u89c4\u8303 \u00b6 \u4e00\u4e2a\u4f9d\u8d56\u5e93\u4e00\u822c\u53ea\u5305\u542b\u4e00\u4e2aRPM\u5305\uff0c\u4e0d\u9700\u8981\u505a\u62c6\u5206\u5904\u7406\u3002 Level | Package | Example | | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25021\u2502 | \u2502 Library Package \u2502 \u2502 Help Package (Optional)\u2502 | \u2502 python2-oslo-service.rpm \u2502 \u2502 python2-oslo-service-help.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 NOTE openEuler\u793e\u533a\u5bf9python2\u548cpython3 RPM\u5305\u7684\u547d\u540d\u6709\u8981\u6c42\uff0cpython2\u7684\u5305\u524d\u7f00\u4e3a python2- \uff0cpython3\u7684\u5305\u524d\u7f00\u4e3a python3- \u3002\u56e0\u6b64\uff0cOpenStack\u8981\u6c42\u5f00\u53d1\u8005\u5728\u6253Library\u7684RPM\u5305\u65f6\uff0c\u4e5f\u8981\u9075\u5b88openEuler\u793e\u533a\u89c4\u8303\u3002 2.2 \u8f6f\u4ef6\u4f9d\u8d56\u529f\u80fd \u00b6 \u8f6f\u4ef6\u4f9d\u8d56\u5206\u6790\u529f\u80fd\u4e3a\u7528\u6237\u63d0\u4f9b\u4e00\u952e\u5206\u6790\u76ee\u6807OpenStack\u7248\u672c\u5305\u542b\u7684\u5168\u91cfpython\u8f6f\u4ef6\u4f9d\u8d56\u62d3\u6251\u53ca\u5bf9\u5e94\u8f6f\u4ef6\u7248\u672c\u7684\u80fd\u529b\u3002\u5e76\u81ea\u52a8\u4e0e\u76ee\u6807openEuler\u7248\u672c\u8fdb\u884c\u6bd4\u5bf9\uff0c\u8f93\u51fa\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u5f00\u53d1\u5efa\u8bae\u3002\u672c\u529f\u80fd\u5305\u542b\u4e24\u4e2a\u5b50\u529f\u80fd\uff1a - \u4f9d\u8d56\u5206\u6790 \u5bf9OpenStack python\u5305\u7684\u4f9d\u8d56\u6811\u8fdb\u884c\u89e3\u6790\uff0c\u62c6\u89e3\u4f9d\u8d56\u62d3\u6251\u3002\u4f9d\u8d56\u6811\u672c\u8d28\u4e0a\u662f\u5bf9\u6709\u5411\u56fe\u7684\u904d\u5386\uff0c\u7406\u8bba\u4e0a\uff0c\u4e00\u4e2a\u6b63\u5e38\u7684python\u4f9d\u8d56\u6811\u662f\u4e00\u4e2a\u6709\u5411\u65e0\u73af\u56fe\uff0c\u6709\u5411\u65e0\u73af\u56fe\u7684\u89e3\u6790\u65b9\u6cd5\u5f88\u591a\uff0c\u8fd9\u91cc\u91c7\u7528\u5e38\u7528\u7684\u5e7f\u5ea6\u4f18\u5148\u641c\u7d22\u65b9\u6cd5\u5373\u53ef\u3002\u4f46\u5728\u67d0\u4e9b\u7279\u6b8a\u573a\u666f\u4e0b\uff0cpython\u4f9d\u8d56\u6811\u4f1a\u53d8\u6210\u6709\u5411\u6709\u73af\u56fe\uff0c\u4f8b\u5982\uff1aSphinx\u662f\u4e00\u4e2a\u6587\u6863\u751f\u4ea7\u9879\u76ee\uff0c\u4f46\u5b83\u81ea\u5df1\u7684\u6587\u6863\u751f\u6210\u4e5f\u4f9d\u8d56Sphinx\uff0c\u8fd9\u5c31\u5bfc\u81f4\u4e86\u4f9d\u8d56\u73af\u7684\u5f62\u6210\u3002\u9488\u5bf9\u8fd9\u79cd\u95ee\u9898\uff0c\u6211\u4eec\u53ea\u9700\u8981\u628a\u73af\u4e0a\u7684\u7279\u5b9a\u8282\u70b9\u624b\u52a8\u65ad\u5f00\u5373\u53ef\u3002\u7c7b\u4f3c\u7684\u8fd8\u6709\u4e00\u4e9b\u6d4b\u8bd5\u4f9d\u8d56\u5e93\u3002\u53e6\u4e00\u79cd\u89c4\u907f\u65b9\u6cd5\u662f\u8df3\u8fc7\u6587\u6863\u3001\u6d4b\u8bd5\u8fd9\u79cd\u975e\u6838\u5fc3\u5e93\uff0c\u8fd9\u6837\u4e0d\u4ec5\u907f\u514d\u4e86\u4f9d\u8d56\u73af\u7684\u5f62\u6210\uff0c\u4e5f\u4f1a\u6781\u5927\u51cf\u5c11\u8f6f\u4ef6\u5305\u7684\u6570\u91cf\uff0c\u964d\u4f4e\u5f00\u53d1\u5de5\u4f5c\u91cf\u3002\u4ee5OpenStack Wallaby\u7248\u672c\u4e3a\u4f8b\uff0c\u5168\u91cf\u4f9d\u8d56\u5305\u5927\u6982\u5728700+\u4ee5\u4e0a\uff0c\u53bb\u6389\u6587\u6863\u3001\u6d4b\u8bd5\u540e\uff0c\u4f9d\u8d56\u5305\u5927\u6982\u662f300+\u5de6\u53f3\u3002\u56e0\u6b64\u6211\u4eec\u5f15\u5165`core`\u6838\u5fc3\u7684\u6982\u5ff5\uff0c\u7528\u6237\u6839\u636e\u81ea\u5df1\u7684\u9700\u6c42\uff0c\u9009\u62e9\u8981\u5206\u6790\u7684\u8f6f\u4ef6\u8303\u56f4\u3002\u53e6\u5916\u867d\u7136OpenStack\u5305\u542b\u670d\u52a1\u51e0\u5341\u4e2a\uff0c\u4f46\u7528\u6237\u53ef\u80fd\u53ea\u9700\u8981\u5176\u4e2d\u7684\u67d0\u4e9b\u670d\u52a1\uff0c\u56e0\u6b64\u6211\u4eec\u53e6\u5916\u5f15\u5165`projects`\u8fc7\u6ee4\u5668\uff0c\u7528\u6237\u53ef\u4ee5\u6839\u636e\u81ea\u5df1\u7684\u9700\u6c42\uff0c\u6307\u5b9a\u5206\u6790\u7684\u8f6f\u4ef6\u4f9d\u8d56\u8303\u56f4\u3002 \u4f9d\u8d56\u6bd4\u5bf9 \u4f9d\u8d56\u5206\u6790\u5b8c\u540e\uff0c\u8fd8\u8981\u6709\u5bf9\u5e94\u7684openEuler\u5f00\u53d1\u52a8\u4f5c\uff0c\u56e0\u6b64\u6211\u4eec\u8fd8\u8981\u63d0\u4f9b\u57fa\u4e8e\u76ee\u6807openEuler\u7248\u672c\u7684RPM\u8f6f\u4ef6\u5305\u5f00\u53d1\u5efa\u8bae\u3002openEuler\u4e0eOpenStack\u7248\u672c\u4e4b\u95f4\u6709N:N\u7684\u6620\u5c04\u5173\u7cfb\uff0c\u4e00\u4e2aopenEuler\u7248\u672c\u53ef\u4ee5\u652f\u6301\u591a\u4e2aOpenStack\u7248\u672c\uff0c\u4e00\u4e2aOpenStack\u7248\u672c\u53ef\u4ee5\u90e8\u7f72\u5728\u591a\u4e2aopenEuler\u7248\u672c\u4e0a\u3002\u7528\u6237\u5728\u6307\u5b9a\u4e86\u76ee\u6807openEuler\u7248\u672c\u548cOpenStack\u7248\u672c\u540e\uff0c\u672c\u529f\u80fd\u81ea\u52a8\u904d\u5386openEuler\u8f6f\u4ef6\u5e93\uff0c\u5206\u6790\u5e76\u8f93\u51faOpenStack\u6d89\u53ca\u7684\u5168\u91cf\u8f6f\u4ef6\u5305\u9700\u8981\u8fdb\u884c\u4e86\u64cd\u4f5c\uff0c\u4f8b\u5982\u9700\u8981\u521d\u59cb\u5316\u4ed3\u5e93\u3001\u521b\u5efaopenEuler\u5206\u652f\u3001\u5347\u7ea7\u8f6f\u4ef6\u5305\u7b49\u7b49\u3002\u4e3a\u5f00\u53d1\u8005\u540e\u7eed\u7684\u5f00\u53d1\u63d0\u4f9b\u6307\u5bfc\u3002 2.2.1 \u7248\u672c\u5339\u914d\u89c4\u8303 \u00b6 \u4f9d\u8d56\u5206\u6790 \u8f93\u5165\uff1a\u76ee\u6807OpenStack\u7248\u672c\u3001\u76ee\u6807OpenStack\u670d\u52a1\u5217\u8868\u3001\u662f\u5426\u53ea\u5206\u6790\u6838\u5fc3\u8f6f\u4ef6 \u8f93\u51fa\uff1a\u6240\u6709\u6d89\u53ca\u7684\u8f6f\u4ef6\u5305\u53ca\u6bcf\u4e2a\u8f6f\u4ef6\u5305\u7684\u5bf9\u5e94\u5185\u5bb9\u3002\u683c\u5f0f\u5982\u4e0b\uff1a \u2514\u2500\u2500{OpenStack\u7248\u672c\u540d}_cached_file \u2514\u2500\u2500packageA.yaml \u2514\u2500\u2500packageB.yaml \u2514\u2500\u2500packageC.yaml ...... \u6bcf\u4e2a\u8f6f\u4ef6\u5185\u5bb9\u683c\u5f0f\u5982\u4e0b\uff1a { \"name\": \"packageA\", \"version_dict\": { \"version\": \"0.3.7\", \"eq_version\": \"\", \"ge_version\": \"0.3.5\", \"lt_version\": \"\", \"ne_version\": [], \"upper_version\": \"0.3.7\"}, \"deep\": { \"count\": 1, \"list\": [\"packageB\", \"packageC\"]}, \"requires\": {} } \u5173\u952e\u5b57\u8bf4\u660e | Key | Description | |:-----------------:|:-----------:| | name | \u8f6f\u4ef6\u5305\u540d | | version_dict | \u8f6f\u4ef6\u7248\u672c\u8981\u6c42\uff0c\u5305\u62ec\u7b49\u4e8e\u3001\u5927\u4e8e\u7b49\u4e8e\u3001\u5c0f\u4e8e\u3001\u4e0d\u7b49\u4e8e\uff0c\u7b49\u7b49 | | version_dict.deep | \u8868\u793a\u8be5\u8f6f\u4ef6\u5728\u5168\u91cf\u4f9d\u8d56\u6811\u7684\u6df1\u5ea6\uff0c\u4ee5\u53ca\u6df1\u5ea6\u904d\u5386\u7684\u8def\u5f84 | | requires | \u5305\u542b\u672c\u8f6f\u4ef6\u7684\u4f9d\u8d56\u8f6f\u4ef6\u5217\u8868 | \u4f9d\u8d56\u6bd4\u5bf9 \u8f93\u5165\uff1a\u4f9d\u8d56\u5206\u6790\u7ed3\u679c\u3001\u76ee\u6807openEuler\u7248\u672c\u4ee5\u53cabase\u6bd4\u5bf9\u57fa\u7ebf \u8f93\u51fa\uff1a\u4e00\u4e2a\u8868\u683c\uff0c\u5305\u542b\u6bcf\u4e2a\u8f6f\u4ef6\u7684\u5206\u6790\u7ed3\u679c\u53ca\u5904\u7406\u5efa\u8bae\uff0c\u6bcf\u4e00\u884c\u8868\u793a\u4e00\u4e2a\u8f6f\u4ef6\uff0c\u6240\u6709\u5217\u540d\u53ca\u5b9a\u4e49\u89c4\u8303\u5982\u4e0b\uff1a Column Description Project Name \u8f6f\u4ef6\u5305\u540d openEuler Repo \u8f6f\u4ef6\u5728openEuler\u4e0a\u7684\u6e90\u7801\u4ed3\u5e93\u540d Repo version openEuler\u4e0a\u7684\u6e90\u7801\u7248\u672c Required (Min) Version \u8981\u6c42\u7684\u6700\u5c0f\u7248\u672c lt Version \u8981\u6c42\u5c0f\u4e8e\u7684\u7248\u672c ne Version \u8981\u6c42\u7684\u4e0d\u7b49\u4e8e\u7248\u672c Upper Version \u8981\u6c42\u7684\u6700\u5927\u7248\u672c Status \u5f00\u53d1\u5efa\u8bae Requires \u8f6f\u4ef6\u7684\u4f9d\u8d56\u5217\u8868 Depth \u8f6f\u4ef6\u7684\u4f9d\u8d56\u6811\u6df1\u5ea6 \u5176\u4e2d Status \u5305\u542b\u7684\u5efa\u8bae\u6709: - \u201cOK\u201d\uff1a\u5f53\u524d\u7248\u672c\u76f4\u63a5\u53ef\u7528\uff0c\u4e0d\u9700\u8981\u5904\u7406\u3002 - \u201cNeed Create Repo\u201d\uff1aopenEuler \u7cfb\u7edf\u4e2d\u6ca1\u6709\u6b64\u8f6f\u4ef6\u5305\uff0c\u9700\u8981\u5728 Gitee \u4e2d\u7684 src-openeuler repo \u4ed3\u65b0\u5efa\u4ed3\u5e93\u3002 - \u201cNeed Create Branch\u201d\uff1a\u4ed3\u5e93\u4e2d\u6ca1\u6709\u6240\u9700\u5206\u652f\uff0c\u9700\u8981\u5f00\u53d1\u8005\u521b\u5efa\u5e76\u521d\u59cb\u5316\u3002 - \u201cNeed Init Branch\u201d\uff1a\u8868\u660e\u5206\u652f\u5b58\u5728\uff0c\u4f46\u662f\u91cc\u9762\u5e76\u6ca1\u6709\u4efb\u4f55\u7248\u672c\u7684\u6e90\u7801\u5305\uff0c\u5f00\u53d1\u8005\u9700\u8981\u5bf9\u6b64\u5206\u652f\u8fdb\u884c\u521d\u59cb\u5316\u3002 - \u201cNeed Downgrade\u201d\uff1a\u964d\u7ea7\u8f6f\u4ef6\u5305\u3002 - \u201cNeed Upgrade\u201d\uff1a\u5347\u7ea7\u8f6f\u4ef6\u5305\u3002 \u5f00\u53d1\u8005\u6839\u636e Status \u7684\u5efa\u8bae\u8fdb\u884c\u540e\u7eed\u5f00\u53d1\u52a8\u4f5c\u3002 2.2.2 API\u548cCLI\u5b9a\u4e49 \u00b6 \u521b\u5efa\u4f9d\u8d56\u5206\u6790 CLI: oos dependence analysis create endpoint: /dependence/analysis type: POST sync OR async: async request body: { \"release\"[required]: Enum(\"OpenStack Relase\"), \"runtime\"[optional][Default: \"3.10\"]: Enum(\"Python version\"), \"core\"[optional][Default: False]: Boolean, \"projects\"[optional][Default: None]: List(\"OpenStack service\") } response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } \u83b7\u53d6\u4f9d\u8d56\u5206\u6790 CLI: oos dependence analysis show \u3001 oos dependence analysis list endpoint: /dependence/analysis/{UUID} \u3001 /dependence/analysis type: GET sync OR async: sync request body: None response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\", \"OK\") } \u5220\u9664\u4f9d\u8d56\u5206\u6790 CLI: oos dependence analysis delete endpoint: /dependence/analysis/{UUID} type: DELETE sync OR async: sync request body: None response body: { \"ID\": UUID, \"status\": Enum(\"Error\", \"OK\") } \u521b\u5efa\u4f9d\u8d56\u6bd4\u5bf9 CLI: oos dependence generate endpoint: /dependence/generate type: POST sync OR async: async request body: { \"analysis_id\"[required]: UUID, \"compare\"[optional][Default: None]: { \"token\"[required]: GITEE_TOKEN_ID, \"compare-from\"[optional][Default: master]: Enum(\"openEuler project branch\"), \"compare-branch\"[optional][Default: master]: Enum(\"openEuler project branch\") } } response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } \u83b7\u53d6\u4f9d\u8d56\u6bd4\u5bf9 CLI: oos dependence generate show \u3001 oos dependence generate list endpoint: /dependence/generate/{UUID} \u3001 /dependence/generate type: GET sync OR async: sync request body: None response body: { \"ID\": UUID, \"data\" RAW(result data file) } \u5220\u9664\u4f9d\u8d56\u6bd4\u5bf9 CLI: oos dependence generate delete endpoint: /dependence/generate/{UUID} type: DELETE sync OR async: sync request body: None response body: { \"ID\": UUID, \"status\": Enum(\"Error\", \"OK\") } 2.3 \u8f6f\u4ef6SPEC\u751f\u6210\u529f\u80fd \u00b6 OpenStack\u4f9d\u8d56\u7684\u5927\u91cfpython\u5e93\u662f\u9762\u5411\u5f00\u53d1\u8005\u7684\uff0c\u8fd9\u79cd\u5e93\u4e0d\u5bf9\u5916\u63d0\u4f9b\u7528\u6237\u670d\u52a1\uff0c\u53ea\u63d0\u4f9b\u4ee3\u7801\u7ea7\u8c03\u7528\uff0c\u5176RPM\u5185\u5bb9\u6784\u6210\u5355\u4e00\u3001\u683c\u5f0f\u56fa\u5b9a\uff0c\u9002\u5408\u4f7f\u7528\u5de5\u5177\u5316\u65b9\u5f0f\u63d0\u9ad8\u5f00\u53d1\u6548\u7387\u3002 2.3.1 SPEC\u751f\u6210\u89c4\u8303 \u00b6 SPEC\u7f16\u5199\u4e00\u822c\u5206\u4e3a\u51e0\u4e2a\u9636\u6bb5\uff0c\u6bcf\u4e2a\u9636\u6bb5\u6709\u5bf9\u5e94\u7684\u89c4\u8303\u8981\u6c42\uff1a 1. \u5e38\u89c4\u9879\u586b\u5199\uff0c\u5305\u62ecName\u3001Version\u3001Release\u3001Summary\u3001License\u7b49\u5185\u5bb9\uff0c\u8fd9\u4e9b\u5185\u5bb9\u7531\u76ee\u6807\u8f6f\u4ef6\u7684pypi\u4fe1\u606f\u63d0\u4f9b 2. \u5b50\u8f6f\u4ef6\u5305\u4fe1\u606f\u586b\u5199\uff0c\u5305\u62ec\u8f6f\u4ef6\u5305\u540d\u3001\u7f16\u8bd1\u4f9d\u8d56\u3001\u5b89\u88c5\u4f9d\u8d56\u3001\u63cf\u8ff0\u4fe1\u606f\u7b49\u3002\u8fd9\u4e9b\u5185\u5bb9\u4e5f\u7531\u76ee\u6807\u8f6f\u4ef6\u7684pypi\u4fe1\u606f\u63d0\u4f9b\u3002\u5176\u4e2d\u8f6f\u4ef6\u5305\u540d\u9700\u8981\u6709\u660e\u663e\u7684python\u5316\u663e\u793a\uff0c\u6bd4\u5982\u4ee5 python3- \u4e3a\u524d\u7f00\u3002 3. \u6784\u5efa\u8fc7\u7a0b\u4fe1\u606f\u586b\u5199\uff0c\u5305\u62ec%prep\u3001%build %install %check\u5185\u5bb9\uff0c\u8fd9\u4e9b\u5185\u5bb9\u5f62\u5f0f\u56fa\u5b9a\uff0c\u751f\u6210\u5bf9\u5e94rpm\u5b8f\u547d\u4ee4\u5373\u53ef\u3002 4. RPM\u5305\u6587\u4ef6\u5c01\u88c5\u9636\u6bb5\uff0c\u672c\u9636\u6bb5\u901a\u8fc7\u6587\u4ef6\u641c\u7d22\u65b9\u5f0f\uff0c\u628abin\u3001lib\u3001doc\u7b49\u5185\u5bb9\u5206\u522b\u653e\u5230\u5bf9\u5e94\u76ee\u5f55\u5373\u53ef\u3002 NOTE \uff1a\u5728\u901a\u7528\u89c4\u8303\u5916\uff0c\u4e5f\u6709\u4e00\u4e9b\u4f8b\u5916\u60c5\u51b5\uff0c\u9700\u8981\u7279\u6b8a\u8bf4\u660e\uff1a 1. \u8f6f\u4ef6\u5305\u540d\u5982\u679c\u672c\u8eab\u5df2\u5305\u542b python \u8fd9\u6837\u7684\u5b57\u773c\uff0c\u4e0d\u518d\u9700\u8981\u6dfb\u52a0 python- \u6216 python3- \u524d\u7f00\u3002 2. \u8f6f\u4ef6\u6784\u5efa\u548c\u5b89\u88c5\u9636\u6bb5\uff0c\u6839\u636e\u8f6f\u4ef6\u672c\u8eab\u7684\u5b89\u88c5\u65b9\u5f0f\u4e0d\u540c\uff0c\u5b8f\u547d\u4ee4\u5305\u62ec %py3_build \u6216 pyproject_build \uff0c\u9700\u8981\u4eba\u5de5\u5ba1\u89c6\u3002 3. \u5982\u679c\u8f6f\u4ef6\u672c\u8eab\u5305\u542bC\u8bed\u8a00\u7b49\u7f16\u8bd1\u7c7b\u4ee3\u7801\uff0c\u5219\u9700\u8981\u79fb\u9664 BuildArch: noarch \u5173\u952e\u5b57,\u5e76\u4e14\u5728%file\u9636\u6bb5\u6ce8\u610fRPM\u5b8f %{python3_sitelib} \u548c %{python3_sitearch} \u7684\u533a\u522b\u3002 2.3.2 API\u548cCLI\u5b9a\u4e49 \u00b6 \u521b\u5efaSPEC CLI: oos spec create endpoint: /spec type: POST sync OR async: async request body: { \"name\"[required]: String, \"version\"[optional][Default: \"latest\"]: String, \"arch\"[optional][Default: False]: Boolean, \"check\"[optional][Default: True]: Boolean, \"pyproject\"[optional][Default: False]: Boolean, } response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } \u83b7\u53d6SPEC CLI: oos spec show \u3001 oos spec list endpoint: /spec/{UUID} \u3001 /spec/ type: GET sync OR async: sync request body: None response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\", \"OK\") } \u66f4\u65b0SPEC CLI: oos spec update endpoint: /spec/{UUID} type: POST sync OR async: async request body: { \"name\"[required]: String, \"version\"[optional][Default: \"latest\"]: String, } response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } \u5220\u9664SPEC CLI: oos spec delete endpoint: /spec/{UUID} type: DELETE sync OR async: sync request body: None response body: { \"ID\": UUID, \"status\": Enum(\"Error\", \"OK\") } 2.4 \u81ea\u52a8\u5316\u90e8\u7f72\u3001\u6d4b\u8bd5\u529f\u80fd \u00b6 OpenStack\u7684\u90e8\u7f72\u573a\u666f\u591a\u6837\u3001\u90e8\u7f72\u6d41\u7a0b\u590d\u6742\u3001\u90e8\u7f72\u6280\u672f\u95e8\u69db\u8f83\u9ad8\uff0c\u4e3a\u4e86\u89e3\u51b3\u95e8\u69db\u9ad8\u3001\u6548\u7387\u4f4e\u3001\u4eba\u529b\u591a\u7684\u95ee\u9898\uff0copenEuler OpenStack\u5f00\u53d1\u5e73\u53f0\u9700\u8981\u63d0\u4f9b\u81ea\u52a8\u5316\u90e8\u7f72\u3001\u6d4b\u8bd5\u529f\u80fd\u3002 \u81ea\u52a8\u5316\u90e8\u7f72 \u63d0\u4f9b\u57fa\u4e8eopenEuler\u7684OpenStack\u7684\u4e00\u952e\u90e8\u7f72\u80fd\u529b\uff0c\u5305\u62ec\u652f\u6301\u4e0d\u540c\u67b6\u6784\u3001\u4e0d\u540c\u670d\u52a1\u3001\u4e0d\u540c\u573a\u666f\u7684\u90e8\u7f72\u529f\u80fd\uff0c\u63d0\u4f9b\u57fa\u4e8e\u4e0d\u540c\u73af\u5883\u5feb\u901f\u53d1\u653e\u3001\u914d\u7f6eopenEuler\u73af\u5883\u7684\u80fd\u529b\u3002\u5e76\u63d0\u4f9b \u63d2\u4ef6\u5316 \u80fd\u529b\uff0c\u65b9\u4fbf\u7528\u6237\u6269\u5c55\u652f\u6301\u7684\u90e8\u7f72\u540e\u7aef\u548c\u573a\u666f\u3002 \u81ea\u52a8\u5316\u6d4b\u8bd5 \u63d0\u4f9b\u57fa\u4e8eopenEuler\u7684OpenStack\u7684\u4e00\u952e\u6d4b\u8bd5\u80fd\u529b\uff0c\u5305\u62ec\u652f\u6301\u4e0d\u540c\u573a\u666f\u7684\u6d4b\u8bd5\uff0c\u63d0\u4f9b\u7528\u6237\u81ea\u5b9a\u4e49\u6d4b\u8bd5\u7684\u80fd\u529b\uff0c\u5e76\u89c4\u8303\u6d4b\u8bd5\u62a5\u544a\uff0c\u4ee5\u53ca\u652f\u6301\u5bf9\u6d4b\u8bd5\u7ed3\u679c\u4e0a\u62a5\u548c\u6301\u4e45\u5316\u7684\u80fd\u529b\u3002 2.4.1 \u81ea\u52a8\u5316\u90e8\u7f72 \u00b6 \u81ea\u52a8\u5316\u90e8\u7f72\u4e3b\u8981\u5305\u62ec\u4e24\u90e8\u5206\uff1aopenEuler\u73af\u5883\u51c6\u5907\u548cOpenStack\u90e8\u7f72\u3002 openEuler\u73af\u5883\u51c6\u5907 \u63d0\u4f9b\u5feb\u901f\u53d1\u653eopenEuler\u73af\u5883\u7684\u80fd\u529b\uff0c\u652f\u6301\u7684\u53d1\u653e\u65b9\u5f0f\u5305\u62ec \u521b\u5efa\u516c\u6709\u4e91\u8d44\u6e90 \u548c \u7eb3\u7ba1\u5df2\u6709\u73af\u5883 \uff0c\u5177\u4f53\u8bbe\u8ba1\u5982\u4e0b\uff1a **NOTE** openEuler\u7684OpenStack\u652f\u6301\u4ee5RPM + systemd\u7684\u65b9\u5f0f\u4e3a\u4e3b\uff0c\u6682\u4e0d\u652f\u6301\u5bb9\u5668\u65b9\u5f0f\u3002 \u521b\u5efa\u516c\u6709\u4e91\u8d44\u6e90 \u521b\u5efa\u516c\u6709\u4e91\u8d44\u6e90\u4ee5\u865a\u62df\u673a\u652f\u6301\u4e3a\u4e3b\uff08\u88f8\u673a\u5728\u4e91\u4e0a\u64cd\u4f5c\u8d1f\u8d23\uff0c\u751f\u6001\u6ee1\u8db3\u5ea6\u4e0d\u8db3\uff0c\u6682\u4e0d\u505a\u652f\u6301\uff09\u3002\u91c7\u7528\u63d2\u4ef6\u5316\u65b9\u5f0f\uff0c\u63d0\u4f9b\u591a\u4e91\u652f\u6301\u7684\u80fd\u529b\uff0c\u4ee5\u534e\u4e3a\u4e91\u4e3a\u53c2\u8003\u5b9e\u73b0\uff0c\u4f18\u5148\u5b9e\u73b0\u3002\u5176\u4ed6\u4e91\u7684\u652f\u6301\u6839\u636e\u7528\u6237\u9700\u6c42\uff0c\u6301\u7eed\u63a8\u8fdb\u3002\u6839\u636e\u573a\u666f\uff0c\u652f\u6301all in one\u548c\u4e09\u8282\u70b9\u62d3\u6251\u3002 1. \u521b\u5efa\u73af\u5883 - CLI: oos env create - endpoint: `/environment` - type: POST - sync OR async: async - request body: ``` { \"name\"[required]: String, \"type\"[required]: Enmu(\"all-in-one\", \"cluster\"), \"release\"[required]: Enmu(\"openEuler_Release\"), \"flavor\"[required]\uff1a Enmu(\"small\", \"medium\", \"large\"), \"arch\"[required]\uff1a Enmu(\"x86\", \"arm64\"), } ``` - response body: ``` { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } ``` \u67e5\u8be2\u73af\u5883 CLI: oos env list endpoint: /environment type: GET sync OR async: async request body: None response body: { \"ID\": UUID, \"Provider\": String, \"Name\": String, \"IP\": IP_ADDRESS, \"Flavor\": Enmu(\"small\", \"medium\", \"large\"), \"openEuler_release\": String, \"OpenStack_release\": String, \"create_time\": TIME, } \u5220\u9664\u73af\u5883 CLI: oos env delete endpoint: /environment/{UUID} type: DELETE sync OR async: sync request body: None response body: { \"ID\": UUID, \"status\": Enum(\"Error\", \"OK\") } \u7eb3\u7ba1\u5df2\u6709\u73af\u5883 \u7528\u6237\u8fd8\u53ef\u4ee5\u76f4\u63a5\u4f7f\u7528\u5df2\u6709\u7684openEuler\u73af\u5883\u8fdb\u884cOpenStack\u90e8\u7f72\uff0c\u9700\u8981\u628a\u5df2\u6709\u73af\u5883\u7eb3\u7ba1\u5230\u5e73\u53f0\u4e2d\u3002\u7eb3\u7ba1\u540e\uff0c\u73af\u5883\u4e0e\u521b\u5efa\u7684\u9879\u76ee\uff0c\u53ef\u4ee5\u76f4\u63a5\u67e5\u8be2\u6216\u5220\u9664\u3002 1. \u7eb3\u7ba1\u73af\u5883 - CLI: oos env manage - endpoint: `/environment/manage` - type: POST - sync OR async: sync - request body: ``` { \"name\"[required]: String, \"ip\"[required]: IP_ADDRESS, \"release\"[required]: Enmu(\"openEuler_Release\"), \"password\"[required]\uff1a String, } ``` - response body: ``` { \"ID\": UUID, \"status\": Enum(\"Error\", \"OK\") } ``` OpenStack\u90e8\u7f72 \u63d0\u4f9b\u5728\u5df2\u521b\u5efa/\u7eb3\u7ba1\u7684openEuler\u73af\u5883\u4e0a\u90e8\u7f72\u6307\u5b9aOpenStack\u7248\u672c\u7684\u80fd\u529b\u3002 1. \u90e8\u7f72OpenStack - CLI: oos env setup - endpoint: `/environment/setup` - type: POST - sync OR async: async - request body: ``` { \"target\"[required]: UUID(environment), \"release\"[required]: Enmu(\"OpenStack_Release\"), } ``` - response body: ``` { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } ``` \u521d\u59cb\u5316OpenStack\u8d44\u6e90 CLI: oos env init endpoint: /environment/init type: POST sync OR async: async request body: { \"target\"[required]: UUID(environment), } response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } \u5378\u8f7d\u5df2\u90e8\u7f72OpenStack CLI: oos env clean endpoint: /environment/clean type: POST sync OR async: async request body: { \"target\"[required]: UUID(environment), } response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } \u81ea\u52a8\u5316\u6d4b\u8bd5 \u00b6 \u73af\u5883\u90e8\u7f72\u6210\u529f\u540e\uff0cSIG\u5f00\u53d1\u5e73\u53f0\u63d0\u4f9b\u57fa\u4e8e\u5df2\u90e8\u7f72OpenStack\u73af\u5883\u7684\u81ea\u52a8\u5316\u6d4b\u8bd5\u529f\u80fd\u3002\u4e3b\u8981\u5305\u542b\u4ee5\u4e0b\u51e0\u4e2a\u91cd\u8981\u5185\u5bb9\uff1a OpenStack\u672c\u8eab\u63d0\u4f9b\u4e00\u5957\u5b8c\u5584\u7684\u6d4b\u8bd5\u6846\u67b6\u3002\u5305\u62ec \u5355\u5143\u6d4b\u8bd5 \u548c \u529f\u80fd\u6d4b\u8bd5 \uff0c\u5176\u4e2d \u5355\u5143\u6d4b\u8bd5 \u5728 2.3\u7ae0\u8282 \u4e2d\u5df2\u7ecf\u7531RPM spec\u5305\u542b\uff0cspec\u7684%check\u9636\u6bb5\u53ef\u4ee5\u5b9a\u4e49\u6bcf\u4e2a\u9879\u76ee\u7684\u5355\u5143\u6d4b\u8bd5\u65b9\u5f0f\uff0c\u4e00\u822c\u60c5\u51b5\u4e0b\u53ea\u9700\u8981\u6dfb\u52a0 pytest \u6216 stestr \u5373\u53ef\u3002 \u529f\u80fd\u6d4b\u8bd5 \u7531OpenStack Tempest\u670d\u52a1\u63d0\u4f9b\uff0c\u5728\u4e0a\u6587\u6240\u8ff0\u7684\u81ea\u52a8\u5316\u90e8\u7f72 oos env init \u9636\u6bb5\uff0coos\u4f1a\u81ea\u52a8\u5b89\u88c5Tempest\u5e76\u751f\u6210\u9ed8\u8ba4\u7684\u914d\u7f6e\u6587\u4ef6\u3002 - CLI: oos env test endpoint: /environment/test type: POST sync OR async: async request body: { \"target\"[required]: UUID(environment), } response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } \u6d4b\u8bd5\u6267\u884c\u5b8c\u540e\uff0coos\u4f1a\u8f93\u51fa\u6d4b\u8bd5\u62a5\u544a\uff0c\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0coos\u4f7f\u7528 subunit2html \u5de5\u5177\uff0c\u751f\u6210html\u683c\u5f0f\u7684Tempest\u6d4b\u8bd5\u7ed3\u679c\u6587\u4ef6\u3002 2.5 openEuler\u81ea\u52a8\u5316\u5f00\u53d1\u529f\u80fd \u00b6 OpenStack\u6d89\u53ca\u8f6f\u4ef6\u5305\u4f17\u591a\uff0c\u968f\u7740\u7248\u672c\u4e0d\u65ad\u5730\u6f14\u8fdb\u3001\u652f\u6301\u670d\u52a1\u4e0d\u65ad\u7684\u5b8c\u5584\uff0cSIG\u7ef4\u62a4\u7684\u8f6f\u4ef6\u5305\u5217\u8868\u4f1a\u4e0d\u65ad\u5237\u65b0\uff0c\u4e3a\u4e86\u964d\u4f4e\u91cd\u590d\u7684\u5f00\u53d1\u52a8\u4f5c\uff0coos\u8fd8\u5c01\u88c5\u4e86\u4e00\u4e9b\u6613\u7528\u7684\u4ee3\u7801\u5f00\u53d1\u5e73\u53f0\u81ea\u52a8\u5316\u80fd\u529b\uff0c\u6bd4\u5982\u57fa\u4e8eGitee\u7684\u81ea\u52a8\u4ee3\u7801\u63d0\u4ea4\u80fd\u529b\u3002\u529f\u80fd\u5982\u4e0b\uff1a \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u2502 Code Action \u2502 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2502 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u253c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u2502 \u2502 \u2502 \u250c\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u2502Repo Action\u2502 \u2502Branch Action\u2502 \u2502Pull Request Action\u2502 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 Repo Action \u63d0\u4f9b\u4e0e\u8f6f\u4ef6\u4ed3\u76f8\u5173\u7684\u81ea\u52a8\u5316\u529f\u80fd\uff1a \u81ea\u52a8\u5efa\u4ed3 CLI: oos repo create endpoint: /repo type: POST sync OR async: async request body: { \"project\"[required]: String, \"repo\"[required]: String, \"push\"[optional][Default: \"False\"]: Boolean, } response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } Branch Action \u63d0\u4f9b\u4e0e\u8f6f\u4ef6\u5206\u652f\u76f8\u5173\u7684\u81ea\u52a8\u5316\u529f\u80fd\uff1a \u81ea\u52a8\u521b\u5efa\u5206\u652f CLI: oos repo branch-create endpoint: /repo/branch type: POST sync OR async: async request body: { \"branches\"[required]: { \"branch-name\"[required]: String, \"branch-type\"[optional][Default: \"None\"]: Enum(\"protected\"), \"parent-branch\"[required]: String } } response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } Pull Request Action \u63d0\u4f9b\u4e0e\u4ee3\u7801PR\u76f8\u5173\u7684\u81ea\u52a8\u5316\u529f\u80fd\uff1a \u65b0\u589ePR\u8bc4\u8bba\uff0c\u65b9\u4fbf\u7528\u6237\u6267\u884c\u7c7b\u4f3c retest \u3001 /lgtm \u7b49\u5e38\u89c4\u5316\u8bc4\u8bba\u3002 CLI: oos repo pr-comment endpoint: /repo/pr/comment type: POST sync OR async: sync request body: { \"repo\"[required]: String, \"pr_number\"[required]: Int, \"comment\"[required]: String } response body: { \"ID\": UUID, \"status\": Enum(\"OK\", \"Error\") } \u83b7\u53d6SIG\u6240\u6709PR\uff0c\u65b9\u4fbfmaintainer\u83b7\u53d6\u5f53\u524dSIG\u7684\u5f00\u53d1\u73b0\u72b6\uff0c\u63d0\u9ad8\u8bc4\u5ba1\u6548\u7387\u3002 CLI: oos repo pr-fetch endpoint: /repo/pr/fetch type: POST sync OR async: async request body: { \"repo\"[optional][Default: \"None\"]: List[String] } response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } 3. \u8d28\u91cf\u3001\u5b89\u5168\u4e0e\u5408\u89c4 \u00b6 SIG\u5f00\u6e90\u8f6f\u4ef6\u9700\u8981\u7b26\u5408openeEuler\u793e\u533a\u5bf9\u5176\u4e2d\u8f6f\u4ef6\u7684\u5404\u79cd\u8981\u6c42\uff0c\u5e76\u4e14\u4e5f\u8981\u7b26\u5408OpenStack\u793e\u533a\u8f6f\u4ef6\u7684\u51fa\u53e3\u6807\u51c6\u3002 3.1 \u8d28\u91cf\u4e0e\u5b89\u5168 \u00b6 \u8f6f\u4ef6\u8d28\u91cf\uff08\u53ef\u670d\u52a1\u6027\uff09 \u5bf9\u5e94\u8f6f\u4ef6\u4ee3\u7801\u9700\u5305\u542b\u5355\u5143\u6d4b\u8bd5\uff0c\u8986\u76d6\u7387\u4e0d\u4f4e\u4e8e80%\u3002 \u9700\u63d0\u4f9b\u7aef\u5230\u7aef\u529f\u80fd\u6d4b\u8bd5\uff0c\u8986\u76d6\u4e0a\u8ff0\u6240\u6709\u63a5\u53e3\uff0c\u4ee5\u53ca\u6838\u5fc3\u7684\u573a\u666f\u6d4b\u8bd5\u3002 \u57fa\u4e8eopenEuler\u793e\u533aCI\uff0c\u6784\u5efaCI/CD\u6d41\u7a0b\uff0c\u6240\u6709Pull Request\u8981\u6709CI\u4fdd\u8bc1\u4ee3\u7801\u8d28\u91cf\uff0c\u5b9a\u671f\u53d1\u5e03release\u7248\u672c\uff0c\u8f6f\u4ef6\u53d1\u5e03\u95f4\u9694\u4e0d\u5927\u4e8e3\u4e2a\u6708\u3002 \u57fa\u4e8eGitee ISSUE\u7cfb\u7edf\u5904\u7406\u7528\u6237\u53d1\u73b0\u5e76\u53cd\u9988\u7684\u95ee\u9898\uff0c\u95ed\u73af\u7387\u5927\u4e8e80%\uff0c\u95ed\u73af\u5468\u671f\u4e0d\u8d85\u8fc71\u5468\u3002 \u8f6f\u4ef6\u5b89\u5168 \u6570\u636e\u5b89\u5168\uff1a\u8f6f\u4ef6\u5168\u7a0b\u4e0d\u8054\u7f51\uff0c\u6301\u4e45\u5b58\u50a8\u4e2d\u4e0d\u5305\u542b\u7528\u6237\u654f\u611f\u4fe1\u606f\u3002 \u7f51\u7edc\u5b89\u5168\uff1aOOS\u5728REST\u67b6\u6784\u4e0b\u4f7f\u7528http\u534f\u8bae\u901a\u4fe1\uff0c\u4f46\u8f6f\u4ef6\u8bbe\u8ba1\u76ee\u6807\u5b9e\u5728\u5185\u7f51\u73af\u5883\u4e2d\u4f7f\u7528\uff0c\u4e0d\u5efa\u8bae\u66b4\u9732\u5728\u516c\u7f51IP\u4e2d\uff0c\u5982\u5fc5\u987b\u5982\u6b64\uff0c\u5efa\u8bae\u589e\u52a0\u8bbf\u95eeIP\u767d\u540d\u5355\u9650\u5236\u3002 \u7cfb\u7edf\u5b89\u5168\uff1a\u57fa\u4e8eopenEuler\u5b89\u5168\u673a\u5236\uff0c\u5b9a\u671f\u53d1\u5e03CVE\u4fee\u590d\u6216\u5b89\u5168\u8865\u4e01\u3002 \u5e94\u7528\u5c42\u5b89\u5168\uff1a\u4e0d\u6d89\u53ca\uff0c\u4e0d\u63d0\u4f9b\u5e94\u7528\u7ea7\u5b89\u5168\u670d\u52a1\uff0c\u4f8b\u5982\u5bc6\u7801\u7b56\u7565\u3001\u8bbf\u95ee\u63a7\u5236\u7b49\u3002 \u7ba1\u7406\u5b89\u5168\uff1a\u8f6f\u4ef6\u63d0\u4f9b\u65e5\u5fd7\u751f\u6210\u548c\u5468\u671f\u6027\u5907\u4efd\u673a\u5236\uff0c\u65b9\u4fbf\u7528\u6237\u5b9a\u671f\u5ba1\u8ba1\u3002 \u53ef\u9760\u6027 \u672c\u8f6f\u4ef6\u9762\u5411openEuler\u793e\u533aOpenStack\u5f00\u53d1\u884c\u4e3a\uff0c\u4e0d\u6d89\u53ca\u670d\u52a1\u4e0a\u7ebf\u6216\u8005\u5546\u4e1a\u751f\u4ea7\u843d\u5730\uff0c\u6240\u6709\u4ee3\u7801\u516c\u5f00\u900f\u660e\uff0c\u4e0d\u6d89\u53ca\u79c1\u6709\u529f\u80fd\u53ca\u4ee3\u7801\u3002\u56e0\u6b64\u4e0d\u63d0\u4f9b\u4f8b\u5982\u8282\u70b9\u5197\u4f59\u3001\u5bb9\u707e\u5907\u4efd\u80fd\u529f\u80fd\u3002 3.2 \u5408\u89c4 \u00b6 License\u5408\u89c4 \u672c\u5e73\u53f0\u91c7\u7528Apache2.0 License\uff0c\u4e0d\u9650\u5236\u4e0b\u6e38fork\u8f6f\u4ef6\u7684\u95ed\u6e90\u4e0e\u5546\u4e1a\u884c\u4e3a\uff0c\u4f46\u4e0b\u6e38\u8f6f\u4ef6\u9700\u6807\u6ce8\u4ee3\u7801\u6765\u6e90\u4ee5\u53ca\u4fdd\u7559\u539f\u6709License\u3002 \u6cd5\u52a1\u5408\u89c4 \u672c\u5e73\u53f0\u7531\u5f00\u6e90\u5f00\u53d1\u8005\u5171\u540c\u5f00\u53d1\u7ef4\u62a4\uff0c\u4e0d\u6d89\u53ca\u5546\u4e1a\u516c\u53f8\u7684\u79d8\u5bc6\u4ee5\u53ca\u975e\u516c\u5f00\u4ee3\u7801\u3002\u6240\u6709\u8d21\u732e\u8005\u9700\u9075\u5b88openEuler\u793e\u533a\u8d21\u732e\u51c6\u5219\uff0c\u786e\u4fdd\u81ea\u8eab\u7684\u8d21\u732e\u5408\u89c4\u5408\u6cd5\u3002SIG\u53ca\u793e\u533a\u672c\u8eab\u4e0d\u627f\u62c5\u76f8\u5e94\u8d23\u4efb\u3002 \u5982\u53d1\u73b0\u4e0d\u5408\u89c4\u7684\u6e90\u7801\uff0cSIG\u65e0\u9700\u83b7\u53d6\u8d21\u732e\u8005\u7684\u5141\u8bb8\uff0c\u6709\u6743\u5229\u53ca\u4e49\u52a1\u53ca\u65f6\u5220\u9664\u3002\u5e76\u6709\u6743\u7981\u6b62\u4e0d\u5408\u89c4\u4ee3\u7801\u6216\u5f00\u53d1\u8005\u7ee7\u7eed\u8d21\u732e\u3002 \u5f00\u53d1\u8005\u5982\u679c\u6709\u975e\u516c\u5f00\u4ee3\u7801\u9700\u8981\u8d21\u732e\uff0c\u5219\u8981\u5148\u9075\u5b88\u672c\u516c\u53f8\u7684\u5f00\u6e90\u6d41\u7a0b\u4e0e\u89c4\u5b9a\uff0c\u5e76\u6309\u7167openEuler\u793e\u533a\u5f00\u6e90\u89c4\u8303\u516c\u5f00\u8d21\u732e\u4ee3\u7801\u3002 4. \u5b9e\u65bd\u8ba1\u5212 \u00b6 \u65f6\u95f4 \u5185\u5bb9 \u72b6\u6001 2021.06 \u5b8c\u6210\u8f6f\u4ef6\u6574\u4f53\u6846\u67b6\u7f16\u5199\uff0c\u5b9e\u73b0CLI Built-in\u673a\u5236\uff0c\u81f3\u5c11\u4e00\u4e2aAPI\u53ef\u7528 Done 2021.12 \u5b8c\u6210CLI Built-in\u673a\u5236\u7684\u5168\u91cf\u529f\u80fd\u53ef\u7528 Done 2022.06 \u5b8c\u6210\u8d28\u91cf\u52a0\u56fa\uff0c\u4fdd\u8bc1\u529f\u80fd\uff0c\u5728openEuler OpenStack\u793e\u533a\u5f00\u53d1\u6d41\u7a0b\u4e2d\u6b63\u5f0f\u5f15\u5165OOS Done 2022.12 \u4e0d\u65ad\u5b8c\u6210OOS\uff0c\u4fdd\u8bc1\u6613\u7528\u6027\u3001\u5065\u58ee\u6027\uff0c\u81ea\u52a8\u5316\u8986\u76d6\u5ea6\u8d85\u8fc780%\uff0c\u964d\u4f4e\u5f00\u53d1\u4eba\u529b\u6295\u5165 Done 2023.06 \u8865\u9f50REST\u6846\u67b6\u3001CI/CD\u6d41\u7a0b\uff0c\u4e30\u5bccPlugin\u673a\u5236\uff0c\u5f15\u5165\u66f4\u591abackend\u652f\u6301 Working in progress 2023.12 \u5b8c\u6210\u524d\u7aefGUI\u529f\u80fd Planning","title":"openEuler OpenStack \u5f00\u53d1\u5e73\u53f0"},{"location":"spec/openstack-sig-tool/#openeuler-openstack","text":"openEuler OpenStack SIG\u6210\u7acb\u4e8e2021\u5e74\uff0c\u662f\u7531\u4e2d\u56fd\u8054\u901a\u3001\u4e2d\u56fd\u7535\u4fe1\u3001\u534e\u4e3a\u3001\u7edf\u4fe1\u7b49\u516c\u53f8\u7684\u5f00\u53d1\u8005\u5171\u540c\u6295\u5165\u5e76\u7ef4\u62a4\u7684SIG\u5c0f\u7ec4\uff0c\u65e8\u5728openEuler\u4e4b\u4e0a\u63d0\u4f9b\u539f\u751f\u7684OpenStack\uff0c\u6784\u5efa\u5f00\u653e\u53ef\u9760\u7684\u4e91\u8ba1\u7b97\u6280\u672f\u6808\uff0c\u662fopenEuler\u7684\u6807\u6746SIG\u3002\u4f46OpenStack\u672c\u8eab\u6280\u672f\u590d\u6742\u3001\u5305\u542b\u670d\u52a1\u4f17\u591a\uff0c\u5f00\u53d1\u95e8\u69db\u8f83\u9ad8\uff0c\u5bf9\u8d21\u732e\u8005\u7684\u6280\u672f\u80fd\u529b\u8981\u6c42\u4e5f\u8f83\u9ad8\uff0c\u4eba\u529b\u6210\u672c\u9ad8\u5c45\u4e0d\u4e0b\uff0c\u5728\u5b9e\u9645\u5f00\u53d1\u4e0e\u8d21\u732e\u4e2d\u5b58\u5728\u5404\u79cd\u5404\u6837\u7684\u95ee\u9898\u3002\u4e3a\u4e86\u89e3\u51b3SIG\u9762\u4e34\u7684\u95ee\u9898\uff0c\u4e9f\u9700\u4e00\u4e2aopenEuler+OpenStack\u89e3\u51b3\u65b9\u6848\uff0c\u4ece\u800c\u964d\u4f4e\u5f00\u53d1\u8005\u95e8\u69db\uff0c\u964d\u4f4e\u6295\u5165\u6210\u672c\uff0c\u63d0\u9ad8\u5f00\u53d1\u6548\u7387\uff0c\u4fdd\u8bc1SIG\u7684\u6301\u7eed\u6d3b\u8dc3\u4e0e\u53ef\u6301\u7eed\u53d1\u5c55\u3002","title":"openEuler OpenStack \u5f00\u53d1\u5e73\u53f0"},{"location":"spec/openstack-sig-tool/#1","text":"","title":"1. \u6982\u8ff0"},{"location":"spec/openstack-sig-tool/#11","text":"\u76ee\u524d\uff0c\u968f\u7740SIG\u7684\u4e0d\u65ad\u53d1\u5c55\uff0c\u6211\u4eec\u660e\u663e\u7684\u9047\u5230\u4e86\u4ee5\u4e0b\u51e0\u7c7b\u95ee\u9898\uff1a 1. OpenStack\u6280\u672f\u590d\u6742\uff0c\u6d89\u53ca\u4e91IAAS\u5c42\u7684\u8ba1\u7b97\u3001\u7f51\u7edc\u3001\u5b58\u50a8\u3001\u955c\u50cf\u3001\u9274\u6743\u7b49\u65b9\u65b9\u9762\u9762\u7684\u6280\u672f\uff0c\u5f00\u53d1\u8005\u5f88\u96be\u5168\u77e5\u5168\u4f1a\uff0c\u63d0\u4ea4\u7684\u4ee3\u7801\u903b\u8f91\u3001\u8d28\u91cf\u582a\u5fe7\u3002 2. OpenStack\u662f\u7531python\u7f16\u5199\u7684\uff0cpython\u8f6f\u4ef6\u7684\u4f9d\u8d56\u95ee\u9898\u96be\u4ee5\u5904\u7406\uff0c\u4ee5OpenStack Wallaby\u7248\u672c\u4e3a\u4f8b\uff0c\u6d89\u53ca\u6838\u5fc3python\u8f6f\u4ef6\u5305400+\uff0c \u6bcf\u4e2a\u8f6f\u4ef6\u7684\u4f9d\u8d56\u5c42\u7ea7\u3001\u4f9d\u8d56\u7248\u672c\u9519\u7efc\u590d\u6742\uff0c\u9009\u578b\u56f0\u96be\uff0c\u96be\u4ee5\u5f62\u6210\u95ed\u73af\u3002 3. OpenStack\u8f6f\u4ef6\u5305\u4f17\u591a\uff0cRPM Spec\u7f16\u5199\u5f00\u53d1\u91cf\u5de8\u5927\uff0c\u5e76\u4e14\u968f\u7740openEuler\u3001OpenStack\u672c\u8eab\u7248\u672c\u7684\u4e0d\u65ad\u6f14\u8fdb\uff0cN:N\u7684\u9002\u914d\u5173\u7cfb\u4f1a\u5bfc\u81f4\u5de5\u4f5c\u91cf\u6210\u500d\u589e\u957f\uff0c\u4eba\u529b\u6210\u672c\u8d8a\u6765\u8d8a\u5927\u3002 4. OpenStack\u6d4b\u8bd5\u95e8\u69db\u8fc7\u9ad8\uff0c\u4e0d\u4ec5\u9700\u8981\u5f00\u53d1\u4eba\u5458\u719f\u6089OpenStack\uff0c\u8fd8\u8981\u5bf9\u865a\u62df\u5316\u3001\u865a\u62df\u7f51\u6865\u3001\u5757\u5b58\u50a8\u7b49Linux\u5e95\u5c42\u6280\u672f\u6709\u4e00\u5b9a\u4e86\u89e3\u4e0e\u638c\u63e1\uff0c\u90e8\u7f72\u4e00\u5957OpenStack\u73af\u5883\u8017\u65f6\u8fc7\u957f\uff0c\u529f\u80fd\u6d4b\u8bd5\u96be\u5ea6\u5de8\u5927\u3002\u5e76\u4e14\u6d4b\u8bd5\u573a\u666f\u591a\uff0c\u6bd4\u5982X86\u3001ARM64\u67b6\u6784\u6d4b\u8bd5\uff0c\u88f8\u673a\u3001\u865a\u673a\u79cd\u7c7b\u6d4b\u8bd5\uff0cOVS\u3001OVN\u7f51\u6865\u6d4b\u8bd5\uff0cLVM\u3001Ceph\u5b58\u50a8\u6d4b\u8bd5\u7b49\u7b49\uff0c\u66f4\u52a0\u52a0\u91cd\u4e86\u4eba\u529b\u6210\u672c\u4ee5\u53ca\u6280\u672f\u95e8\u69db\u3002","title":"1.1 \u5f53\u524d\u73b0\u72b6"},{"location":"spec/openstack-sig-tool/#12","text":"\u9488\u5bf9\u4ee5\u4e0a\u76ee\u524dSIG\u9047\u5230\u7684\u95ee\u9898\uff0c\u89c4\u8303\u5316\u3001\u5de5\u5177\u5316\u3001\u81ea\u52a8\u5316\u7684\u76ee\u6807\u52bf\u5728\u5fc5\u884c\u3002\u672c\u7bc7\u8bbe\u8ba1\u6587\u6863\u65e8\u5728\u5728openEuler OpenStack SIG\u4e2d\u63d0\u4f9b\u4e00\u4e2a\u7aef\u5230\u7aef\u53ef\u7528\u7684\u5f00\u53d1\u89e3\u51b3\u65b9\u6848\uff0c\u4ece\u6280\u672f\u89c4\u8303\u5230\u6280\u672f\u5b9e\u73b0\uff0c\u63d0\u51fa\u4e25\u683c\u7684\u6807\u51c6\u8981\u6c42\u4e0e\u8bbe\u8ba1\u65b9\u6848\uff0c\u6ee1\u8db3SIG\u5f00\u53d1\u8005\u7684\u65e5\u5e38\u5f00\u53d1\u9700\u6c42\uff0c\u964d\u4f4e\u5f00\u53d1\u6210\u672c\uff0c\u51cf\u5c11\u4eba\u529b\u6295\u5165\u6210\u672c\uff0c\u964d\u4f4e\u5f00\u53d1\u95e8\u69db\uff0c\u4ece\u800c\u63d0\u9ad8\u5f00\u53d1\u6548\u7387\u3001\u63d0\u9ad8SIG\u8f6f\u4ef6\u8d28\u91cf\u3001\u53d1\u5c55SIG\u751f\u6001\u3001\u5438\u5f15\u66f4\u591a\u5f00\u53d1\u8005\u52a0\u5165SIG\u3002\u4e3b\u8981\u52a8\u4f5c\u5982\u4e0b\uff1a 1. \u8f93\u51faOpenStack\u670d\u52a1\u7c7b\u8f6f\u4ef6\u3001\u4f9d\u8d56\u5e93\u8f6f\u4ef6\u7684RPM SPEC\u5f00\u53d1\u89c4\u8303\uff0c\u5f00\u53d1\u8005\u53caReviewer\u9700\u8981\u4e25\u683c\u9075\u5b88\u89c4\u8303\u8fdb\u884c\u5f00\u53d1\u5b9e\u65bd\u3002 2. \u63d0\u4f9bOpenStack python\u8f6f\u4ef6\u4f9d\u8d56\u5206\u6790\u529f\u80fd\uff0c\u4e00\u952e\u751f\u6210\u4f9d\u8d56\u62d3\u6251\u4e0e\u7ed3\u679c\uff0c\u4fdd\u8bc1\u4f9d\u8d56\u95ed\u73af\uff0c\u907f\u514d\u8f6f\u4ef6\u4f9d\u8d56\u98ce\u9669\u3002 3. \u63d0\u4f9bOpenStack RPM spec\u751f\u6210\u529f\u80fd\uff0c\u9488\u5bf9\u901a\u7528\u6027\u8f6f\u4ef6\uff0c\u63d0\u4f9b\u4e00\u952e\u751f\u6210 RPM spec\u7684\u529f\u80fd\uff0c\u7f29\u77ed\u5f00\u53d1\u65f6\u95f4\uff0c\u964d\u4f4e\u6295\u5165\u6210\u672c\u3002 4. \u63d0\u4f9b\u81ea\u52a8\u5316\u90e8\u7f72\u3001\u6d4b\u8bd5\u5e73\u53f0\u529f\u80fd\uff0c\u5b9e\u73b0\u4e00\u952e\u5728\u4efb\u4f55openEuler\u7248\u672c\u4e0a\u90e8\u7f72\u6307\u5b9aOpenStack\u7248\u672c\u7684\u80fd\u529b\uff0c\u5feb\u901f\u6d4b\u8bd5\u3001\u5feb\u901f\u8fed\u4ee3\u3002 5. \u63d0\u4f9bopenEuler Gitee\u4ed3\u5e93\u81ea\u52a8\u5316\u5904\u7406\u80fd\u529b\uff0c\u6ee1\u8db3\u6279\u91cf\u4fee\u6539\u8f6f\u4ef6\u7684\u9700\u6c42\uff0c\u6bd4\u5982\u521b\u5efa\u4ee3\u7801\u5206\u652f\u3001\u521b\u5efa\u4ed3\u5e93\u3001\u63d0\u4ea4Pull Request\u7b49\u529f\u80fd\u3002 \u4ee5\u4e0a\u89e3\u51b3\u65b9\u6cd5\u53ef\u4ee5\u7edf\u4e00\u5230\u4e00\u4e2a\u7cfb\u7edf\u5e73\u53f0\u4e2d\uff0c\u6211\u4eec\u79f0\u4f5cOpenStack SIG Tool\uff08\u4ee5\u4e0b\u7b80\u79f0oos\uff09\uff0c\u5373\u5c31\u662fopenEuler OpenStack\u5f00\u53d1\u5e73\u53f0\uff0c\u5177\u4f53\u67b6\u6784\u5982\u4e0b\uff1a \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u2502 CLI \u2502 \u2502 GUI \u2502 \u2514\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2502 \u2502 \u2502 Built-in\u2502 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2502 \u2502REST \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u2502 OpenStack Develop Platform \u2502 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2502 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u2502 \u2502 \u2502 \u2502 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2510 \u2502Dependency Analysis\u2502 \u2502SPEC Generation\u2502 \u2502Deploy and Test\u2502 \u2502Code Action\u2502 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u8be5\u67b6\u6784\u4e3b\u8981\u6709\u4ee5\u4e0b\u4e24\u79cd\u6a21\u5f0f\uff1a 1. Client/Server\u6a21\u5f0f \u5728\u8fd9\u79cd\u6a21\u5f0f\u4e0b\uff0coos\u90e8\u7f72\u6210Web Server\u5f62\u5f0f\uff0cClient\u901a\u8fc7REST\u65b9\u5f0f\u8c03\u7528oos\u3002 - \u4f18\u70b9\uff1a\u63d0\u4f9b\u5f02\u6b65\u8c03\u7528\u80fd\u529b\uff0c\u652f\u6301\u5e76\u53d1\u5904\u7406\uff0c\u652f\u6301\u8bb0\u5f55\u6301\u4e45\u5316\u3002 - \u7f3a\u70b9\uff1a\u6709\u4e00\u5b9a\u5b89\u88c5\u90e8\u7f72\u6210\u672c\uff0c\u4f7f\u7528\u65b9\u5f0f\u8f83\u4e3a\u6b7b\u677f\u3002 Built-in\u6a21\u5f0f \u5728\u8fd9\u79cd\u6a21\u5f0f\u4e0b\uff0coos\u65e0\u9700\u90e8\u7f72\uff0c\u4ee5\u5185\u7f6eCLI\u7684\u65b9\u5f0f\u5bf9\u5916\u63d0\u4f9b\u670d\u52a1\uff0c\u7528\u6237\u901a\u8fc7cli\u76f4\u63a5\u8c03\u7528\u5404\u79cd\u529f\u80fd\u3002 \u4f18\u70b9\uff1a\u65e0\u9700\u90e8\u7f72\uff0c\u968f\u65f6\u968f\u5730\u53ef\u7528\u3002 \u7f3a\u70b9\uff1a\u6ca1\u6709\u6301\u4e45\u5316\u80fd\u529b\uff0c\u4e0d\u652f\u6301\u5e76\u53d1\uff0c\u5355\u4eba\u5355\u7528\u3002","title":"1.2 \u89e3\u51b3\u65b9\u6848"},{"location":"spec/openstack-sig-tool/#2","text":"","title":"2. \u8be6\u7ec6\u8bbe\u8ba1"},{"location":"spec/openstack-sig-tool/#21-openstack-spec","text":"Spec\u89c4\u8303\u662f\u4e00\u4e2a\u6216\u591a\u4e2aspec\u6a21\u677f\uff0c\u9488\u5bf9RPM spec\u7684\u6bcf\u4e2a\u5173\u952e\u5b57\u53ca\u6784\u5efa\u7ae0\u8282\uff0c\u4e25\u683c\u89c4\u5b9a\u76f8\u5173\u5185\u5bb9\uff0c\u5f00\u53d1\u8005\u5728\u7f16\u5199spec\u65f6\uff0c\u5fc5\u987b\u6ee1\u8db3\u89c4\u8303\u8981\u6c42\uff0c\u5426\u5219\u4ee3\u7801\u4e0d\u5141\u8bb8\u88ab\u5408\u5165\u3002\u89c4\u8303\u5185\u5bb9\u7531SIG maintainer\u516c\u5f00\u8ba8\u8bba\u540e\u5f62\u6210\u7ed3\u8bba\uff0c\u5e76\u5b9a\u671f\u5ba1\u89c6\u66f4\u65b0\u3002\u4efb\u4f55\u4eba\u90fd\u6709\u6743\u5229\u63d0\u51fa\u5bf9\u89c4\u8303\u7684\u8d28\u7591\u548c\u5efa\u8bae\uff0c maintainer\u8d1f\u8d23\u89e3\u91ca\u4e0e\u5237\u65b0\u3002\u89c4\u8303\u76ee\u524d\u5305\u62ec\u4e24\u7c7b\uff1a 1. \u670d\u52a1\u7c7b\u8f6f\u4ef6\u89c4\u8303 \u6b64\u7c7b\u8f6f\u4ef6\u4ee5Nova\u3001Neutron\u3001Cinder\u7b49OpenStack\u6838\u5fc3\u670d\u52a1\u4e3a\u4f8b\uff0c\u5b83\u4eec\u4e00\u822c\u5b9a\u5236\u5316\u8981\u6c42\u9ad8\uff0c\u5185\u5bb9\u533a\u522b\u5927\uff0c\u5fc5\u8981\u4eba\u4e3a\u624b\u52a8\u7f16\u5199\u3002\u89c4\u8303\u9700\u6e05\u6670\u89c4\u5b9a\u8f6f\u4ef6\u7684\u5206\u5c42\u65b9\u6cd5\u3001\u6784\u5efa\u65b9\u6cd5\u3001\u8f6f\u4ef6\u5305\u7ec4\u6210\u5185\u5bb9\u3001\u6d4b\u8bd5\u65b9\u6cd5\u3001\u7248\u672c\u53f7\u89c4\u5219\u7b49\u5185\u5bb9\u3002 \u901a\u7528\u4f9d\u8d56\u7c7b\u8f6f\u4ef6\u89c4\u8303 \u6b64\u7c7b\u8f6f\u4ef6\u4e00\u822c\u5b9a\u5236\u5316\u4f4e\uff0c\u5185\u5bb9\u7ed3\u6784\u533a\u522b\u5c0f\uff0c\u9002\u5408\u81ea\u52a8\u5316\u5de5\u5177\u4e00\u952e\u751f\u6210\uff0c\u6211\u4eec\u53ea\u9700\u8981\u5728\u89c4\u8303\u4e2d\u5b9a\u4e49\u76f8\u5173\u5de5\u5177\u7684\u751f\u6210\u89c4\u5219\u5373\u53ef\u3002","title":"2.1 OpenStack Spec\u89c4\u8303"},{"location":"spec/openstack-sig-tool/#211","text":"OpenStack\u6bcf\u4e2a\u670d\u52a1\u901a\u5e38\u5305\u542b\u82e5\u5e72\u5b50\u670d\u52a1\uff0c\u9488\u5bf9\u8fd9\u4e9b\u5b50\u670d\u52a1\uff0c\u6211\u4eec\u5728\u6253\u5305\u7684\u65f6\u5019\u4e5f\u8981\u505a\u62c6\u5305\u5904\u7406\uff0c\u5206\u6210\u82e5\u5e72\u4e2a\u5b50RPM\u5305\u3002\u672c\u7ae0\u8282\u89c4\u5b9a\u4e86openEuler SIG\u5bf9OpenStack\u670d\u52a1\u7684RPM\u5305\u62c6\u5206\u7684\u539f\u5219\u3002","title":"2.1.1 \u670d\u52a1\u7c7b\u8f6f\u4ef6\u89c4\u8303"},{"location":"spec/openstack-sig-tool/#2111","text":"\u91c7\u7528\u5206\u5c42\u67b6\u6784\uff0cRPM\u5305\u7ed3\u6784\u5982\u4e0b\u56fe\u6240\u793a\uff0c\u4ee5openstack-nova\u4e3a\u4f8b\uff1a Level | Package | Example | | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25021\u2502 | \u2502 Root Package \u2502 \u2502 Doc Package (Optional) \u2502 | \u2502 openstack-nova.rpm \u2502 \u2502 openstack-nova-doc.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2502 | | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u253c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | | \u2502 \u2502 | | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25022\u2502 | \u2502 Service1 Package \u2502 \u2502 Service2 Package \u2502 | | \u2502 openstack-nova-compute.rpm \u2502 \u2502 openstack-nova-api.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | | | | | | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | | | | | | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25023\u2502 | \u2502 Common Package \u2502 | | \u2502 openstack-nova-common.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2502 | | | \u2502 | | | \u2502 | | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25024\u2502 | \u2502 Library Package \u25c4------------| Library Test Package (Optional) \u2502 | \u2502 python2-nova.rpm \u2502 \u2502 python2-nova-tests.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u5982\u56fe\u6240\u793a\uff0c\u5206\u4e3a4\u7ea7 Root Package\u4e3a\u603bRPM\u5305\uff0c\u539f\u5219\u4e0a\u4e0d\u5305\u542b\u4efb\u4f55\u6587\u4ef6\u3002\u53ea\u505a\u670d\u52a1\u96c6\u5408\u7528\u3002\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5RPM\u4e00\u952e\u5b89\u88c5\u6240\u6709\u5b50RPM\u5305\u3002 \u5982\u679c\u9879\u76ee\u6709doc\u76f8\u5173\u7684\u6587\u4ef6\uff0c\u4e5f\u53ef\u4ee5\u5355\u72ec\u6210\u5305\uff08\u53ef\u9009\uff09 Service Package\u4e3a\u5b50\u670d\u52a1RPM\u5305\uff0c\u5305\u542b\u8be5\u670d\u52a1\u7684systemd\u670d\u52a1\u542f\u52a8\u6587\u4ef6\u3001\u81ea\u5df1\u72ec\u6709\u7684\u914d\u7f6e\u6587\u4ef6\u7b49\u3002 Common Package\u662f\u5171\u7528\u4f9d\u8d56\u7684RPM\u5305\uff0c\u5305\u542b\u5404\u4e2a\u5b50\u670d\u52a1\u4f9d\u8d56\u7684\u901a\u7528\u914d\u7f6e\u6587\u4ef6\u3001\u7cfb\u7edf\u914d\u7f6e\u6587\u4ef6\u7b49\u3002 Library Package\u4e3apython\u6e90\u7801\u5305\uff0c\u5305\u542b\u4e86\u8be5\u9879\u76ee\u7684python\u4ee3\u7801\u3002 \u5982\u679c\u9879\u76ee\u6709test\u76f8\u5173\u7684\u6587\u4ef6\uff0c\u4e5f\u53ef\u4ee5\u5355\u72ec\u6210\u5305\uff08\u53ef\u9009\uff09 \u6d89\u53ca\u672c\u539f\u5219\u7684\u9879\u76ee\u6709\uff1a openstack-nova openstack-cinder openstack-glance openstack-placment openstack-ironic","title":"2.1.1.1 \u901a\u7528\u539f\u5219"},{"location":"spec/openstack-sig-tool/#2112","text":"\u6709\u4e9bopenstack\u7ec4\u4ef6\u672c\u8eab\u53ea\u5305\u542b\u4e00\u4e2a\u670d\u52a1\uff0c\u4e0d\u5b58\u5728\u5b50\u670d\u52a1\u7684\u6982\u5ff5,\u8fd9\u79cd\u670d\u52a1\u5219\u53ea\u9700\u8981\u5206\u4e3a\u4e24\u7ea7\uff1a Level | Package | Example | | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25021\u2502 | \u2502 Root Package \u2502 \u2502 Doc Package (Optional) \u2502 | \u2502 openstack-keystone.rpm \u2502 \u2502 openstack-keystone-doc.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | | | | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25022\u2502 | \u2502 Library Package \u25c4-----| Library Test Package (Optional) \u2502 | \u2502 python2-keystone.rpm \u2502 \u2502 python2-keystone-tests.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 Root Package RPM\u5305\u5305\u542b\u4e86\u9664python\u6e90\u7801\u5916\u7684\u5176\u4ed6\u6240\u6709\u6587\u4ef6\uff0c\u5305\u62ec\u670d\u52a1\u542f\u52a8\u6587\u4ef6\u3001\u9879\u76ee\u914d\u7f6e\u6587\u4ef6\u3001\u7cfb\u7edf\u914d\u7f6e\u6587\u4ef6\u7b49\u7b49\u3002 \u5982\u679c\u9879\u76ee\u6709doc\u76f8\u5173\u7684\u6587\u4ef6\uff0c\u4e5f\u53ef\u4ee5\u5355\u72ec\u6210\u5305\uff08\u53ef\u9009\uff09 Library Package\u4e3apython\u6e90\u7801\u5305\uff0c\u5305\u542b\u4e86\u8be5\u9879\u76ee\u7684python\u4ee3\u7801\u3002 \u5982\u679c\u9879\u76ee\u6709test\u76f8\u5173\u7684\u6587\u4ef6\uff0c\u4e5f\u53ef\u4ee5\u5355\u72ec\u6210\u5305\uff08\u53ef\u9009\uff09 \u6d89\u53ca\u672c\u539f\u5219\u7684\u9879\u76ee\u6709\uff1a openstack-keystone openstack-horizon \u8fd8\u6709\u4e9b\u9879\u76ee\u867d\u7136\u6709\u82e5\u5e72\u5b50RPM\u5305\uff0c\u4f46\u8fd9\u4e9b\u5b50RPM\u5305\u662f\u4e92\u65a5\u7684\uff0c\u5219\u8fd9\u79cd\u670d\u52a1\u7684\u7ed3\u6784\u5982\u4e0b\uff1a Level | Package | Example | | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25021\u2502 | \u2502 Root Package \u2502 \u2502 Doc Package (Optional) \u2502 | \u2502 openstack-neutron.rpm \u2502 \u2502 openstack-neutron-doc.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2502 | | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | | \u2502 | | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25022\u2502 | \u2502 Service1 Package \u2502 \u2502 Service2 Package \u2502 \u2502 Service3 Package \u2502 | | \u2502 openstack-neutron-server.rpm \u2502 \u2502 openstack-neutron-openvswitch.rpm \u2502 \u2502 openstack-neutron-linuxbridge.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | | | | | | | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u253c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | | | | | | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25023\u2502 | \u2502 Common Package \u2502 | | \u2502 openstack-neutron-common.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2502 | | | \u2502 | | | \u2502 | | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25024\u2502 | \u2502 Library Package \u25c4------| Library Test Package (Optional) \u2502 | \u2502 python2-neutron.rpm \u2502 \u2502 python2-neutron-tests.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u5982\u56fe\u6240\u793a\uff0cService2\u548cService3\u4e92\u65a5\u3002 Root\u5305\u53ea\u5305\u542b\u4e0d\u4e92\u65a5\u7684\u5b50\u5305\uff0c\u4e92\u65a5\u7684\u5b50\u5305\u5355\u72ec\u63d0\u4f9b\u3002 \u5982\u679c\u9879\u76ee\u6709doc\u76f8\u5173\u7684\u6587\u4ef6\uff0c\u4e5f\u53ef\u4ee5\u5355\u72ec\u6210\u5305\uff08\u53ef\u9009\uff09 Service Package\u4e3a\u5b50\u670d\u52a1RPM\u5305\uff0c\u5305\u542b\u8be5\u670d\u52a1\u7684systemd\u670d\u52a1\u542f\u52a8\u6587\u4ef6\u3001\u81ea\u5df1\u72ec\u6709\u7684\u914d\u7f6e\u6587\u4ef6\u7b49\u3002 \u4e92\u65a5\u7684Service\u5305\u4e0d\u88abRoot\u5305\u6240\u5305\u542b\uff0c\u7528\u6237\u9700\u8981\u5355\u72ec\u5b89\u88c5\u3002 Common Package\u662f\u5171\u7528\u4f9d\u8d56\u7684RPM\u5305\uff0c\u5305\u542b\u5404\u4e2a\u5b50\u670d\u52a1\u4f9d\u8d56\u7684\u901a\u7528\u914d\u7f6e\u6587\u4ef6\u3001\u7cfb\u7edf\u914d\u7f6e\u6587\u4ef6\u7b49\u3002 Library Package\u4e3apython\u6e90\u7801\u5305\uff0c\u5305\u542b\u4e86\u8be5\u9879\u76ee\u7684python\u4ee3\u7801\u3002 \u5982\u679c\u9879\u76ee\u6709test\u76f8\u5173\u7684\u6587\u4ef6\uff0c\u4e5f\u53ef\u4ee5\u5355\u72ec\u6210\u5305\uff08\u53ef\u9009\uff09 \u6d89\u53ca\u672c\u539f\u5219\u7684\u9879\u76ee\u6709\uff1a openstack-neutron","title":"2.1.1.2 \u7279\u6b8a\u60c5\u51b5"},{"location":"spec/openstack-sig-tool/#212","text":"\u4e00\u4e2a\u4f9d\u8d56\u5e93\u4e00\u822c\u53ea\u5305\u542b\u4e00\u4e2aRPM\u5305\uff0c\u4e0d\u9700\u8981\u505a\u62c6\u5206\u5904\u7406\u3002 Level | Package | Example | | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25021\u2502 | \u2502 Library Package \u2502 \u2502 Help Package (Optional)\u2502 | \u2502 python2-oslo-service.rpm \u2502 \u2502 python2-oslo-service-help.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 NOTE openEuler\u793e\u533a\u5bf9python2\u548cpython3 RPM\u5305\u7684\u547d\u540d\u6709\u8981\u6c42\uff0cpython2\u7684\u5305\u524d\u7f00\u4e3a python2- \uff0cpython3\u7684\u5305\u524d\u7f00\u4e3a python3- \u3002\u56e0\u6b64\uff0cOpenStack\u8981\u6c42\u5f00\u53d1\u8005\u5728\u6253Library\u7684RPM\u5305\u65f6\uff0c\u4e5f\u8981\u9075\u5b88openEuler\u793e\u533a\u89c4\u8303\u3002","title":"2.1.2 \u901a\u7528\u4f9d\u8d56\u7c7b\u8f6f\u4ef6\u89c4\u8303"},{"location":"spec/openstack-sig-tool/#22","text":"\u8f6f\u4ef6\u4f9d\u8d56\u5206\u6790\u529f\u80fd\u4e3a\u7528\u6237\u63d0\u4f9b\u4e00\u952e\u5206\u6790\u76ee\u6807OpenStack\u7248\u672c\u5305\u542b\u7684\u5168\u91cfpython\u8f6f\u4ef6\u4f9d\u8d56\u62d3\u6251\u53ca\u5bf9\u5e94\u8f6f\u4ef6\u7248\u672c\u7684\u80fd\u529b\u3002\u5e76\u81ea\u52a8\u4e0e\u76ee\u6807openEuler\u7248\u672c\u8fdb\u884c\u6bd4\u5bf9\uff0c\u8f93\u51fa\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u5f00\u53d1\u5efa\u8bae\u3002\u672c\u529f\u80fd\u5305\u542b\u4e24\u4e2a\u5b50\u529f\u80fd\uff1a - \u4f9d\u8d56\u5206\u6790 \u5bf9OpenStack python\u5305\u7684\u4f9d\u8d56\u6811\u8fdb\u884c\u89e3\u6790\uff0c\u62c6\u89e3\u4f9d\u8d56\u62d3\u6251\u3002\u4f9d\u8d56\u6811\u672c\u8d28\u4e0a\u662f\u5bf9\u6709\u5411\u56fe\u7684\u904d\u5386\uff0c\u7406\u8bba\u4e0a\uff0c\u4e00\u4e2a\u6b63\u5e38\u7684python\u4f9d\u8d56\u6811\u662f\u4e00\u4e2a\u6709\u5411\u65e0\u73af\u56fe\uff0c\u6709\u5411\u65e0\u73af\u56fe\u7684\u89e3\u6790\u65b9\u6cd5\u5f88\u591a\uff0c\u8fd9\u91cc\u91c7\u7528\u5e38\u7528\u7684\u5e7f\u5ea6\u4f18\u5148\u641c\u7d22\u65b9\u6cd5\u5373\u53ef\u3002\u4f46\u5728\u67d0\u4e9b\u7279\u6b8a\u573a\u666f\u4e0b\uff0cpython\u4f9d\u8d56\u6811\u4f1a\u53d8\u6210\u6709\u5411\u6709\u73af\u56fe\uff0c\u4f8b\u5982\uff1aSphinx\u662f\u4e00\u4e2a\u6587\u6863\u751f\u4ea7\u9879\u76ee\uff0c\u4f46\u5b83\u81ea\u5df1\u7684\u6587\u6863\u751f\u6210\u4e5f\u4f9d\u8d56Sphinx\uff0c\u8fd9\u5c31\u5bfc\u81f4\u4e86\u4f9d\u8d56\u73af\u7684\u5f62\u6210\u3002\u9488\u5bf9\u8fd9\u79cd\u95ee\u9898\uff0c\u6211\u4eec\u53ea\u9700\u8981\u628a\u73af\u4e0a\u7684\u7279\u5b9a\u8282\u70b9\u624b\u52a8\u65ad\u5f00\u5373\u53ef\u3002\u7c7b\u4f3c\u7684\u8fd8\u6709\u4e00\u4e9b\u6d4b\u8bd5\u4f9d\u8d56\u5e93\u3002\u53e6\u4e00\u79cd\u89c4\u907f\u65b9\u6cd5\u662f\u8df3\u8fc7\u6587\u6863\u3001\u6d4b\u8bd5\u8fd9\u79cd\u975e\u6838\u5fc3\u5e93\uff0c\u8fd9\u6837\u4e0d\u4ec5\u907f\u514d\u4e86\u4f9d\u8d56\u73af\u7684\u5f62\u6210\uff0c\u4e5f\u4f1a\u6781\u5927\u51cf\u5c11\u8f6f\u4ef6\u5305\u7684\u6570\u91cf\uff0c\u964d\u4f4e\u5f00\u53d1\u5de5\u4f5c\u91cf\u3002\u4ee5OpenStack Wallaby\u7248\u672c\u4e3a\u4f8b\uff0c\u5168\u91cf\u4f9d\u8d56\u5305\u5927\u6982\u5728700+\u4ee5\u4e0a\uff0c\u53bb\u6389\u6587\u6863\u3001\u6d4b\u8bd5\u540e\uff0c\u4f9d\u8d56\u5305\u5927\u6982\u662f300+\u5de6\u53f3\u3002\u56e0\u6b64\u6211\u4eec\u5f15\u5165`core`\u6838\u5fc3\u7684\u6982\u5ff5\uff0c\u7528\u6237\u6839\u636e\u81ea\u5df1\u7684\u9700\u6c42\uff0c\u9009\u62e9\u8981\u5206\u6790\u7684\u8f6f\u4ef6\u8303\u56f4\u3002\u53e6\u5916\u867d\u7136OpenStack\u5305\u542b\u670d\u52a1\u51e0\u5341\u4e2a\uff0c\u4f46\u7528\u6237\u53ef\u80fd\u53ea\u9700\u8981\u5176\u4e2d\u7684\u67d0\u4e9b\u670d\u52a1\uff0c\u56e0\u6b64\u6211\u4eec\u53e6\u5916\u5f15\u5165`projects`\u8fc7\u6ee4\u5668\uff0c\u7528\u6237\u53ef\u4ee5\u6839\u636e\u81ea\u5df1\u7684\u9700\u6c42\uff0c\u6307\u5b9a\u5206\u6790\u7684\u8f6f\u4ef6\u4f9d\u8d56\u8303\u56f4\u3002 \u4f9d\u8d56\u6bd4\u5bf9 \u4f9d\u8d56\u5206\u6790\u5b8c\u540e\uff0c\u8fd8\u8981\u6709\u5bf9\u5e94\u7684openEuler\u5f00\u53d1\u52a8\u4f5c\uff0c\u56e0\u6b64\u6211\u4eec\u8fd8\u8981\u63d0\u4f9b\u57fa\u4e8e\u76ee\u6807openEuler\u7248\u672c\u7684RPM\u8f6f\u4ef6\u5305\u5f00\u53d1\u5efa\u8bae\u3002openEuler\u4e0eOpenStack\u7248\u672c\u4e4b\u95f4\u6709N:N\u7684\u6620\u5c04\u5173\u7cfb\uff0c\u4e00\u4e2aopenEuler\u7248\u672c\u53ef\u4ee5\u652f\u6301\u591a\u4e2aOpenStack\u7248\u672c\uff0c\u4e00\u4e2aOpenStack\u7248\u672c\u53ef\u4ee5\u90e8\u7f72\u5728\u591a\u4e2aopenEuler\u7248\u672c\u4e0a\u3002\u7528\u6237\u5728\u6307\u5b9a\u4e86\u76ee\u6807openEuler\u7248\u672c\u548cOpenStack\u7248\u672c\u540e\uff0c\u672c\u529f\u80fd\u81ea\u52a8\u904d\u5386openEuler\u8f6f\u4ef6\u5e93\uff0c\u5206\u6790\u5e76\u8f93\u51faOpenStack\u6d89\u53ca\u7684\u5168\u91cf\u8f6f\u4ef6\u5305\u9700\u8981\u8fdb\u884c\u4e86\u64cd\u4f5c\uff0c\u4f8b\u5982\u9700\u8981\u521d\u59cb\u5316\u4ed3\u5e93\u3001\u521b\u5efaopenEuler\u5206\u652f\u3001\u5347\u7ea7\u8f6f\u4ef6\u5305\u7b49\u7b49\u3002\u4e3a\u5f00\u53d1\u8005\u540e\u7eed\u7684\u5f00\u53d1\u63d0\u4f9b\u6307\u5bfc\u3002","title":"2.2 \u8f6f\u4ef6\u4f9d\u8d56\u529f\u80fd"},{"location":"spec/openstack-sig-tool/#221","text":"\u4f9d\u8d56\u5206\u6790 \u8f93\u5165\uff1a\u76ee\u6807OpenStack\u7248\u672c\u3001\u76ee\u6807OpenStack\u670d\u52a1\u5217\u8868\u3001\u662f\u5426\u53ea\u5206\u6790\u6838\u5fc3\u8f6f\u4ef6 \u8f93\u51fa\uff1a\u6240\u6709\u6d89\u53ca\u7684\u8f6f\u4ef6\u5305\u53ca\u6bcf\u4e2a\u8f6f\u4ef6\u5305\u7684\u5bf9\u5e94\u5185\u5bb9\u3002\u683c\u5f0f\u5982\u4e0b\uff1a \u2514\u2500\u2500{OpenStack\u7248\u672c\u540d}_cached_file \u2514\u2500\u2500packageA.yaml \u2514\u2500\u2500packageB.yaml \u2514\u2500\u2500packageC.yaml ...... \u6bcf\u4e2a\u8f6f\u4ef6\u5185\u5bb9\u683c\u5f0f\u5982\u4e0b\uff1a { \"name\": \"packageA\", \"version_dict\": { \"version\": \"0.3.7\", \"eq_version\": \"\", \"ge_version\": \"0.3.5\", \"lt_version\": \"\", \"ne_version\": [], \"upper_version\": \"0.3.7\"}, \"deep\": { \"count\": 1, \"list\": [\"packageB\", \"packageC\"]}, \"requires\": {} } \u5173\u952e\u5b57\u8bf4\u660e | Key | Description | |:-----------------:|:-----------:| | name | \u8f6f\u4ef6\u5305\u540d | | version_dict | \u8f6f\u4ef6\u7248\u672c\u8981\u6c42\uff0c\u5305\u62ec\u7b49\u4e8e\u3001\u5927\u4e8e\u7b49\u4e8e\u3001\u5c0f\u4e8e\u3001\u4e0d\u7b49\u4e8e\uff0c\u7b49\u7b49 | | version_dict.deep | \u8868\u793a\u8be5\u8f6f\u4ef6\u5728\u5168\u91cf\u4f9d\u8d56\u6811\u7684\u6df1\u5ea6\uff0c\u4ee5\u53ca\u6df1\u5ea6\u904d\u5386\u7684\u8def\u5f84 | | requires | \u5305\u542b\u672c\u8f6f\u4ef6\u7684\u4f9d\u8d56\u8f6f\u4ef6\u5217\u8868 | \u4f9d\u8d56\u6bd4\u5bf9 \u8f93\u5165\uff1a\u4f9d\u8d56\u5206\u6790\u7ed3\u679c\u3001\u76ee\u6807openEuler\u7248\u672c\u4ee5\u53cabase\u6bd4\u5bf9\u57fa\u7ebf \u8f93\u51fa\uff1a\u4e00\u4e2a\u8868\u683c\uff0c\u5305\u542b\u6bcf\u4e2a\u8f6f\u4ef6\u7684\u5206\u6790\u7ed3\u679c\u53ca\u5904\u7406\u5efa\u8bae\uff0c\u6bcf\u4e00\u884c\u8868\u793a\u4e00\u4e2a\u8f6f\u4ef6\uff0c\u6240\u6709\u5217\u540d\u53ca\u5b9a\u4e49\u89c4\u8303\u5982\u4e0b\uff1a Column Description Project Name \u8f6f\u4ef6\u5305\u540d openEuler Repo \u8f6f\u4ef6\u5728openEuler\u4e0a\u7684\u6e90\u7801\u4ed3\u5e93\u540d Repo version openEuler\u4e0a\u7684\u6e90\u7801\u7248\u672c Required (Min) Version \u8981\u6c42\u7684\u6700\u5c0f\u7248\u672c lt Version \u8981\u6c42\u5c0f\u4e8e\u7684\u7248\u672c ne Version \u8981\u6c42\u7684\u4e0d\u7b49\u4e8e\u7248\u672c Upper Version \u8981\u6c42\u7684\u6700\u5927\u7248\u672c Status \u5f00\u53d1\u5efa\u8bae Requires \u8f6f\u4ef6\u7684\u4f9d\u8d56\u5217\u8868 Depth \u8f6f\u4ef6\u7684\u4f9d\u8d56\u6811\u6df1\u5ea6 \u5176\u4e2d Status \u5305\u542b\u7684\u5efa\u8bae\u6709: - \u201cOK\u201d\uff1a\u5f53\u524d\u7248\u672c\u76f4\u63a5\u53ef\u7528\uff0c\u4e0d\u9700\u8981\u5904\u7406\u3002 - \u201cNeed Create Repo\u201d\uff1aopenEuler \u7cfb\u7edf\u4e2d\u6ca1\u6709\u6b64\u8f6f\u4ef6\u5305\uff0c\u9700\u8981\u5728 Gitee \u4e2d\u7684 src-openeuler repo \u4ed3\u65b0\u5efa\u4ed3\u5e93\u3002 - \u201cNeed Create Branch\u201d\uff1a\u4ed3\u5e93\u4e2d\u6ca1\u6709\u6240\u9700\u5206\u652f\uff0c\u9700\u8981\u5f00\u53d1\u8005\u521b\u5efa\u5e76\u521d\u59cb\u5316\u3002 - \u201cNeed Init Branch\u201d\uff1a\u8868\u660e\u5206\u652f\u5b58\u5728\uff0c\u4f46\u662f\u91cc\u9762\u5e76\u6ca1\u6709\u4efb\u4f55\u7248\u672c\u7684\u6e90\u7801\u5305\uff0c\u5f00\u53d1\u8005\u9700\u8981\u5bf9\u6b64\u5206\u652f\u8fdb\u884c\u521d\u59cb\u5316\u3002 - \u201cNeed Downgrade\u201d\uff1a\u964d\u7ea7\u8f6f\u4ef6\u5305\u3002 - \u201cNeed Upgrade\u201d\uff1a\u5347\u7ea7\u8f6f\u4ef6\u5305\u3002 \u5f00\u53d1\u8005\u6839\u636e Status \u7684\u5efa\u8bae\u8fdb\u884c\u540e\u7eed\u5f00\u53d1\u52a8\u4f5c\u3002","title":"2.2.1 \u7248\u672c\u5339\u914d\u89c4\u8303"},{"location":"spec/openstack-sig-tool/#222-apicli","text":"\u521b\u5efa\u4f9d\u8d56\u5206\u6790 CLI: oos dependence analysis create endpoint: /dependence/analysis type: POST sync OR async: async request body: { \"release\"[required]: Enum(\"OpenStack Relase\"), \"runtime\"[optional][Default: \"3.10\"]: Enum(\"Python version\"), \"core\"[optional][Default: False]: Boolean, \"projects\"[optional][Default: None]: List(\"OpenStack service\") } response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } \u83b7\u53d6\u4f9d\u8d56\u5206\u6790 CLI: oos dependence analysis show \u3001 oos dependence analysis list endpoint: /dependence/analysis/{UUID} \u3001 /dependence/analysis type: GET sync OR async: sync request body: None response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\", \"OK\") } \u5220\u9664\u4f9d\u8d56\u5206\u6790 CLI: oos dependence analysis delete endpoint: /dependence/analysis/{UUID} type: DELETE sync OR async: sync request body: None response body: { \"ID\": UUID, \"status\": Enum(\"Error\", \"OK\") } \u521b\u5efa\u4f9d\u8d56\u6bd4\u5bf9 CLI: oos dependence generate endpoint: /dependence/generate type: POST sync OR async: async request body: { \"analysis_id\"[required]: UUID, \"compare\"[optional][Default: None]: { \"token\"[required]: GITEE_TOKEN_ID, \"compare-from\"[optional][Default: master]: Enum(\"openEuler project branch\"), \"compare-branch\"[optional][Default: master]: Enum(\"openEuler project branch\") } } response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } \u83b7\u53d6\u4f9d\u8d56\u6bd4\u5bf9 CLI: oos dependence generate show \u3001 oos dependence generate list endpoint: /dependence/generate/{UUID} \u3001 /dependence/generate type: GET sync OR async: sync request body: None response body: { \"ID\": UUID, \"data\" RAW(result data file) } \u5220\u9664\u4f9d\u8d56\u6bd4\u5bf9 CLI: oos dependence generate delete endpoint: /dependence/generate/{UUID} type: DELETE sync OR async: sync request body: None response body: { \"ID\": UUID, \"status\": Enum(\"Error\", \"OK\") }","title":"2.2.2 API\u548cCLI\u5b9a\u4e49"},{"location":"spec/openstack-sig-tool/#23-spec","text":"OpenStack\u4f9d\u8d56\u7684\u5927\u91cfpython\u5e93\u662f\u9762\u5411\u5f00\u53d1\u8005\u7684\uff0c\u8fd9\u79cd\u5e93\u4e0d\u5bf9\u5916\u63d0\u4f9b\u7528\u6237\u670d\u52a1\uff0c\u53ea\u63d0\u4f9b\u4ee3\u7801\u7ea7\u8c03\u7528\uff0c\u5176RPM\u5185\u5bb9\u6784\u6210\u5355\u4e00\u3001\u683c\u5f0f\u56fa\u5b9a\uff0c\u9002\u5408\u4f7f\u7528\u5de5\u5177\u5316\u65b9\u5f0f\u63d0\u9ad8\u5f00\u53d1\u6548\u7387\u3002","title":"2.3 \u8f6f\u4ef6SPEC\u751f\u6210\u529f\u80fd"},{"location":"spec/openstack-sig-tool/#231-spec","text":"SPEC\u7f16\u5199\u4e00\u822c\u5206\u4e3a\u51e0\u4e2a\u9636\u6bb5\uff0c\u6bcf\u4e2a\u9636\u6bb5\u6709\u5bf9\u5e94\u7684\u89c4\u8303\u8981\u6c42\uff1a 1. \u5e38\u89c4\u9879\u586b\u5199\uff0c\u5305\u62ecName\u3001Version\u3001Release\u3001Summary\u3001License\u7b49\u5185\u5bb9\uff0c\u8fd9\u4e9b\u5185\u5bb9\u7531\u76ee\u6807\u8f6f\u4ef6\u7684pypi\u4fe1\u606f\u63d0\u4f9b 2. \u5b50\u8f6f\u4ef6\u5305\u4fe1\u606f\u586b\u5199\uff0c\u5305\u62ec\u8f6f\u4ef6\u5305\u540d\u3001\u7f16\u8bd1\u4f9d\u8d56\u3001\u5b89\u88c5\u4f9d\u8d56\u3001\u63cf\u8ff0\u4fe1\u606f\u7b49\u3002\u8fd9\u4e9b\u5185\u5bb9\u4e5f\u7531\u76ee\u6807\u8f6f\u4ef6\u7684pypi\u4fe1\u606f\u63d0\u4f9b\u3002\u5176\u4e2d\u8f6f\u4ef6\u5305\u540d\u9700\u8981\u6709\u660e\u663e\u7684python\u5316\u663e\u793a\uff0c\u6bd4\u5982\u4ee5 python3- \u4e3a\u524d\u7f00\u3002 3. \u6784\u5efa\u8fc7\u7a0b\u4fe1\u606f\u586b\u5199\uff0c\u5305\u62ec%prep\u3001%build %install %check\u5185\u5bb9\uff0c\u8fd9\u4e9b\u5185\u5bb9\u5f62\u5f0f\u56fa\u5b9a\uff0c\u751f\u6210\u5bf9\u5e94rpm\u5b8f\u547d\u4ee4\u5373\u53ef\u3002 4. RPM\u5305\u6587\u4ef6\u5c01\u88c5\u9636\u6bb5\uff0c\u672c\u9636\u6bb5\u901a\u8fc7\u6587\u4ef6\u641c\u7d22\u65b9\u5f0f\uff0c\u628abin\u3001lib\u3001doc\u7b49\u5185\u5bb9\u5206\u522b\u653e\u5230\u5bf9\u5e94\u76ee\u5f55\u5373\u53ef\u3002 NOTE \uff1a\u5728\u901a\u7528\u89c4\u8303\u5916\uff0c\u4e5f\u6709\u4e00\u4e9b\u4f8b\u5916\u60c5\u51b5\uff0c\u9700\u8981\u7279\u6b8a\u8bf4\u660e\uff1a 1. \u8f6f\u4ef6\u5305\u540d\u5982\u679c\u672c\u8eab\u5df2\u5305\u542b python \u8fd9\u6837\u7684\u5b57\u773c\uff0c\u4e0d\u518d\u9700\u8981\u6dfb\u52a0 python- \u6216 python3- \u524d\u7f00\u3002 2. \u8f6f\u4ef6\u6784\u5efa\u548c\u5b89\u88c5\u9636\u6bb5\uff0c\u6839\u636e\u8f6f\u4ef6\u672c\u8eab\u7684\u5b89\u88c5\u65b9\u5f0f\u4e0d\u540c\uff0c\u5b8f\u547d\u4ee4\u5305\u62ec %py3_build \u6216 pyproject_build \uff0c\u9700\u8981\u4eba\u5de5\u5ba1\u89c6\u3002 3. \u5982\u679c\u8f6f\u4ef6\u672c\u8eab\u5305\u542bC\u8bed\u8a00\u7b49\u7f16\u8bd1\u7c7b\u4ee3\u7801\uff0c\u5219\u9700\u8981\u79fb\u9664 BuildArch: noarch \u5173\u952e\u5b57,\u5e76\u4e14\u5728%file\u9636\u6bb5\u6ce8\u610fRPM\u5b8f %{python3_sitelib} \u548c %{python3_sitearch} \u7684\u533a\u522b\u3002","title":"2.3.1 SPEC\u751f\u6210\u89c4\u8303"},{"location":"spec/openstack-sig-tool/#232-apicli","text":"\u521b\u5efaSPEC CLI: oos spec create endpoint: /spec type: POST sync OR async: async request body: { \"name\"[required]: String, \"version\"[optional][Default: \"latest\"]: String, \"arch\"[optional][Default: False]: Boolean, \"check\"[optional][Default: True]: Boolean, \"pyproject\"[optional][Default: False]: Boolean, } response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } \u83b7\u53d6SPEC CLI: oos spec show \u3001 oos spec list endpoint: /spec/{UUID} \u3001 /spec/ type: GET sync OR async: sync request body: None response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\", \"OK\") } \u66f4\u65b0SPEC CLI: oos spec update endpoint: /spec/{UUID} type: POST sync OR async: async request body: { \"name\"[required]: String, \"version\"[optional][Default: \"latest\"]: String, } response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } \u5220\u9664SPEC CLI: oos spec delete endpoint: /spec/{UUID} type: DELETE sync OR async: sync request body: None response body: { \"ID\": UUID, \"status\": Enum(\"Error\", \"OK\") }","title":"2.3.2 API\u548cCLI\u5b9a\u4e49"},{"location":"spec/openstack-sig-tool/#24","text":"OpenStack\u7684\u90e8\u7f72\u573a\u666f\u591a\u6837\u3001\u90e8\u7f72\u6d41\u7a0b\u590d\u6742\u3001\u90e8\u7f72\u6280\u672f\u95e8\u69db\u8f83\u9ad8\uff0c\u4e3a\u4e86\u89e3\u51b3\u95e8\u69db\u9ad8\u3001\u6548\u7387\u4f4e\u3001\u4eba\u529b\u591a\u7684\u95ee\u9898\uff0copenEuler OpenStack\u5f00\u53d1\u5e73\u53f0\u9700\u8981\u63d0\u4f9b\u81ea\u52a8\u5316\u90e8\u7f72\u3001\u6d4b\u8bd5\u529f\u80fd\u3002 \u81ea\u52a8\u5316\u90e8\u7f72 \u63d0\u4f9b\u57fa\u4e8eopenEuler\u7684OpenStack\u7684\u4e00\u952e\u90e8\u7f72\u80fd\u529b\uff0c\u5305\u62ec\u652f\u6301\u4e0d\u540c\u67b6\u6784\u3001\u4e0d\u540c\u670d\u52a1\u3001\u4e0d\u540c\u573a\u666f\u7684\u90e8\u7f72\u529f\u80fd\uff0c\u63d0\u4f9b\u57fa\u4e8e\u4e0d\u540c\u73af\u5883\u5feb\u901f\u53d1\u653e\u3001\u914d\u7f6eopenEuler\u73af\u5883\u7684\u80fd\u529b\u3002\u5e76\u63d0\u4f9b \u63d2\u4ef6\u5316 \u80fd\u529b\uff0c\u65b9\u4fbf\u7528\u6237\u6269\u5c55\u652f\u6301\u7684\u90e8\u7f72\u540e\u7aef\u548c\u573a\u666f\u3002 \u81ea\u52a8\u5316\u6d4b\u8bd5 \u63d0\u4f9b\u57fa\u4e8eopenEuler\u7684OpenStack\u7684\u4e00\u952e\u6d4b\u8bd5\u80fd\u529b\uff0c\u5305\u62ec\u652f\u6301\u4e0d\u540c\u573a\u666f\u7684\u6d4b\u8bd5\uff0c\u63d0\u4f9b\u7528\u6237\u81ea\u5b9a\u4e49\u6d4b\u8bd5\u7684\u80fd\u529b\uff0c\u5e76\u89c4\u8303\u6d4b\u8bd5\u62a5\u544a\uff0c\u4ee5\u53ca\u652f\u6301\u5bf9\u6d4b\u8bd5\u7ed3\u679c\u4e0a\u62a5\u548c\u6301\u4e45\u5316\u7684\u80fd\u529b\u3002","title":"2.4 \u81ea\u52a8\u5316\u90e8\u7f72\u3001\u6d4b\u8bd5\u529f\u80fd"},{"location":"spec/openstack-sig-tool/#241","text":"\u81ea\u52a8\u5316\u90e8\u7f72\u4e3b\u8981\u5305\u62ec\u4e24\u90e8\u5206\uff1aopenEuler\u73af\u5883\u51c6\u5907\u548cOpenStack\u90e8\u7f72\u3002 openEuler\u73af\u5883\u51c6\u5907 \u63d0\u4f9b\u5feb\u901f\u53d1\u653eopenEuler\u73af\u5883\u7684\u80fd\u529b\uff0c\u652f\u6301\u7684\u53d1\u653e\u65b9\u5f0f\u5305\u62ec \u521b\u5efa\u516c\u6709\u4e91\u8d44\u6e90 \u548c \u7eb3\u7ba1\u5df2\u6709\u73af\u5883 \uff0c\u5177\u4f53\u8bbe\u8ba1\u5982\u4e0b\uff1a **NOTE** openEuler\u7684OpenStack\u652f\u6301\u4ee5RPM + systemd\u7684\u65b9\u5f0f\u4e3a\u4e3b\uff0c\u6682\u4e0d\u652f\u6301\u5bb9\u5668\u65b9\u5f0f\u3002 \u521b\u5efa\u516c\u6709\u4e91\u8d44\u6e90 \u521b\u5efa\u516c\u6709\u4e91\u8d44\u6e90\u4ee5\u865a\u62df\u673a\u652f\u6301\u4e3a\u4e3b\uff08\u88f8\u673a\u5728\u4e91\u4e0a\u64cd\u4f5c\u8d1f\u8d23\uff0c\u751f\u6001\u6ee1\u8db3\u5ea6\u4e0d\u8db3\uff0c\u6682\u4e0d\u505a\u652f\u6301\uff09\u3002\u91c7\u7528\u63d2\u4ef6\u5316\u65b9\u5f0f\uff0c\u63d0\u4f9b\u591a\u4e91\u652f\u6301\u7684\u80fd\u529b\uff0c\u4ee5\u534e\u4e3a\u4e91\u4e3a\u53c2\u8003\u5b9e\u73b0\uff0c\u4f18\u5148\u5b9e\u73b0\u3002\u5176\u4ed6\u4e91\u7684\u652f\u6301\u6839\u636e\u7528\u6237\u9700\u6c42\uff0c\u6301\u7eed\u63a8\u8fdb\u3002\u6839\u636e\u573a\u666f\uff0c\u652f\u6301all in one\u548c\u4e09\u8282\u70b9\u62d3\u6251\u3002 1. \u521b\u5efa\u73af\u5883 - CLI: oos env create - endpoint: `/environment` - type: POST - sync OR async: async - request body: ``` { \"name\"[required]: String, \"type\"[required]: Enmu(\"all-in-one\", \"cluster\"), \"release\"[required]: Enmu(\"openEuler_Release\"), \"flavor\"[required]\uff1a Enmu(\"small\", \"medium\", \"large\"), \"arch\"[required]\uff1a Enmu(\"x86\", \"arm64\"), } ``` - response body: ``` { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } ``` \u67e5\u8be2\u73af\u5883 CLI: oos env list endpoint: /environment type: GET sync OR async: async request body: None response body: { \"ID\": UUID, \"Provider\": String, \"Name\": String, \"IP\": IP_ADDRESS, \"Flavor\": Enmu(\"small\", \"medium\", \"large\"), \"openEuler_release\": String, \"OpenStack_release\": String, \"create_time\": TIME, } \u5220\u9664\u73af\u5883 CLI: oos env delete endpoint: /environment/{UUID} type: DELETE sync OR async: sync request body: None response body: { \"ID\": UUID, \"status\": Enum(\"Error\", \"OK\") } \u7eb3\u7ba1\u5df2\u6709\u73af\u5883 \u7528\u6237\u8fd8\u53ef\u4ee5\u76f4\u63a5\u4f7f\u7528\u5df2\u6709\u7684openEuler\u73af\u5883\u8fdb\u884cOpenStack\u90e8\u7f72\uff0c\u9700\u8981\u628a\u5df2\u6709\u73af\u5883\u7eb3\u7ba1\u5230\u5e73\u53f0\u4e2d\u3002\u7eb3\u7ba1\u540e\uff0c\u73af\u5883\u4e0e\u521b\u5efa\u7684\u9879\u76ee\uff0c\u53ef\u4ee5\u76f4\u63a5\u67e5\u8be2\u6216\u5220\u9664\u3002 1. \u7eb3\u7ba1\u73af\u5883 - CLI: oos env manage - endpoint: `/environment/manage` - type: POST - sync OR async: sync - request body: ``` { \"name\"[required]: String, \"ip\"[required]: IP_ADDRESS, \"release\"[required]: Enmu(\"openEuler_Release\"), \"password\"[required]\uff1a String, } ``` - response body: ``` { \"ID\": UUID, \"status\": Enum(\"Error\", \"OK\") } ``` OpenStack\u90e8\u7f72 \u63d0\u4f9b\u5728\u5df2\u521b\u5efa/\u7eb3\u7ba1\u7684openEuler\u73af\u5883\u4e0a\u90e8\u7f72\u6307\u5b9aOpenStack\u7248\u672c\u7684\u80fd\u529b\u3002 1. \u90e8\u7f72OpenStack - CLI: oos env setup - endpoint: `/environment/setup` - type: POST - sync OR async: async - request body: ``` { \"target\"[required]: UUID(environment), \"release\"[required]: Enmu(\"OpenStack_Release\"), } ``` - response body: ``` { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } ``` \u521d\u59cb\u5316OpenStack\u8d44\u6e90 CLI: oos env init endpoint: /environment/init type: POST sync OR async: async request body: { \"target\"[required]: UUID(environment), } response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } \u5378\u8f7d\u5df2\u90e8\u7f72OpenStack CLI: oos env clean endpoint: /environment/clean type: POST sync OR async: async request body: { \"target\"[required]: UUID(environment), } response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") }","title":"2.4.1 \u81ea\u52a8\u5316\u90e8\u7f72"},{"location":"spec/openstack-sig-tool/#_1","text":"\u73af\u5883\u90e8\u7f72\u6210\u529f\u540e\uff0cSIG\u5f00\u53d1\u5e73\u53f0\u63d0\u4f9b\u57fa\u4e8e\u5df2\u90e8\u7f72OpenStack\u73af\u5883\u7684\u81ea\u52a8\u5316\u6d4b\u8bd5\u529f\u80fd\u3002\u4e3b\u8981\u5305\u542b\u4ee5\u4e0b\u51e0\u4e2a\u91cd\u8981\u5185\u5bb9\uff1a OpenStack\u672c\u8eab\u63d0\u4f9b\u4e00\u5957\u5b8c\u5584\u7684\u6d4b\u8bd5\u6846\u67b6\u3002\u5305\u62ec \u5355\u5143\u6d4b\u8bd5 \u548c \u529f\u80fd\u6d4b\u8bd5 \uff0c\u5176\u4e2d \u5355\u5143\u6d4b\u8bd5 \u5728 2.3\u7ae0\u8282 \u4e2d\u5df2\u7ecf\u7531RPM spec\u5305\u542b\uff0cspec\u7684%check\u9636\u6bb5\u53ef\u4ee5\u5b9a\u4e49\u6bcf\u4e2a\u9879\u76ee\u7684\u5355\u5143\u6d4b\u8bd5\u65b9\u5f0f\uff0c\u4e00\u822c\u60c5\u51b5\u4e0b\u53ea\u9700\u8981\u6dfb\u52a0 pytest \u6216 stestr \u5373\u53ef\u3002 \u529f\u80fd\u6d4b\u8bd5 \u7531OpenStack Tempest\u670d\u52a1\u63d0\u4f9b\uff0c\u5728\u4e0a\u6587\u6240\u8ff0\u7684\u81ea\u52a8\u5316\u90e8\u7f72 oos env init \u9636\u6bb5\uff0coos\u4f1a\u81ea\u52a8\u5b89\u88c5Tempest\u5e76\u751f\u6210\u9ed8\u8ba4\u7684\u914d\u7f6e\u6587\u4ef6\u3002 - CLI: oos env test endpoint: /environment/test type: POST sync OR async: async request body: { \"target\"[required]: UUID(environment), } response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } \u6d4b\u8bd5\u6267\u884c\u5b8c\u540e\uff0coos\u4f1a\u8f93\u51fa\u6d4b\u8bd5\u62a5\u544a\uff0c\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0coos\u4f7f\u7528 subunit2html \u5de5\u5177\uff0c\u751f\u6210html\u683c\u5f0f\u7684Tempest\u6d4b\u8bd5\u7ed3\u679c\u6587\u4ef6\u3002","title":"\u81ea\u52a8\u5316\u6d4b\u8bd5"},{"location":"spec/openstack-sig-tool/#25-openeuler","text":"OpenStack\u6d89\u53ca\u8f6f\u4ef6\u5305\u4f17\u591a\uff0c\u968f\u7740\u7248\u672c\u4e0d\u65ad\u5730\u6f14\u8fdb\u3001\u652f\u6301\u670d\u52a1\u4e0d\u65ad\u7684\u5b8c\u5584\uff0cSIG\u7ef4\u62a4\u7684\u8f6f\u4ef6\u5305\u5217\u8868\u4f1a\u4e0d\u65ad\u5237\u65b0\uff0c\u4e3a\u4e86\u964d\u4f4e\u91cd\u590d\u7684\u5f00\u53d1\u52a8\u4f5c\uff0coos\u8fd8\u5c01\u88c5\u4e86\u4e00\u4e9b\u6613\u7528\u7684\u4ee3\u7801\u5f00\u53d1\u5e73\u53f0\u81ea\u52a8\u5316\u80fd\u529b\uff0c\u6bd4\u5982\u57fa\u4e8eGitee\u7684\u81ea\u52a8\u4ee3\u7801\u63d0\u4ea4\u80fd\u529b\u3002\u529f\u80fd\u5982\u4e0b\uff1a \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u2502 Code Action \u2502 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2502 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u253c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u2502 \u2502 \u2502 \u250c\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u2502Repo Action\u2502 \u2502Branch Action\u2502 \u2502Pull Request Action\u2502 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 Repo Action \u63d0\u4f9b\u4e0e\u8f6f\u4ef6\u4ed3\u76f8\u5173\u7684\u81ea\u52a8\u5316\u529f\u80fd\uff1a \u81ea\u52a8\u5efa\u4ed3 CLI: oos repo create endpoint: /repo type: POST sync OR async: async request body: { \"project\"[required]: String, \"repo\"[required]: String, \"push\"[optional][Default: \"False\"]: Boolean, } response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } Branch Action \u63d0\u4f9b\u4e0e\u8f6f\u4ef6\u5206\u652f\u76f8\u5173\u7684\u81ea\u52a8\u5316\u529f\u80fd\uff1a \u81ea\u52a8\u521b\u5efa\u5206\u652f CLI: oos repo branch-create endpoint: /repo/branch type: POST sync OR async: async request body: { \"branches\"[required]: { \"branch-name\"[required]: String, \"branch-type\"[optional][Default: \"None\"]: Enum(\"protected\"), \"parent-branch\"[required]: String } } response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } Pull Request Action \u63d0\u4f9b\u4e0e\u4ee3\u7801PR\u76f8\u5173\u7684\u81ea\u52a8\u5316\u529f\u80fd\uff1a \u65b0\u589ePR\u8bc4\u8bba\uff0c\u65b9\u4fbf\u7528\u6237\u6267\u884c\u7c7b\u4f3c retest \u3001 /lgtm \u7b49\u5e38\u89c4\u5316\u8bc4\u8bba\u3002 CLI: oos repo pr-comment endpoint: /repo/pr/comment type: POST sync OR async: sync request body: { \"repo\"[required]: String, \"pr_number\"[required]: Int, \"comment\"[required]: String } response body: { \"ID\": UUID, \"status\": Enum(\"OK\", \"Error\") } \u83b7\u53d6SIG\u6240\u6709PR\uff0c\u65b9\u4fbfmaintainer\u83b7\u53d6\u5f53\u524dSIG\u7684\u5f00\u53d1\u73b0\u72b6\uff0c\u63d0\u9ad8\u8bc4\u5ba1\u6548\u7387\u3002 CLI: oos repo pr-fetch endpoint: /repo/pr/fetch type: POST sync OR async: async request body: { \"repo\"[optional][Default: \"None\"]: List[String] } response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") }","title":"2.5 openEuler\u81ea\u52a8\u5316\u5f00\u53d1\u529f\u80fd"},{"location":"spec/openstack-sig-tool/#3","text":"SIG\u5f00\u6e90\u8f6f\u4ef6\u9700\u8981\u7b26\u5408openeEuler\u793e\u533a\u5bf9\u5176\u4e2d\u8f6f\u4ef6\u7684\u5404\u79cd\u8981\u6c42\uff0c\u5e76\u4e14\u4e5f\u8981\u7b26\u5408OpenStack\u793e\u533a\u8f6f\u4ef6\u7684\u51fa\u53e3\u6807\u51c6\u3002","title":"3. \u8d28\u91cf\u3001\u5b89\u5168\u4e0e\u5408\u89c4"},{"location":"spec/openstack-sig-tool/#31","text":"\u8f6f\u4ef6\u8d28\u91cf\uff08\u53ef\u670d\u52a1\u6027\uff09 \u5bf9\u5e94\u8f6f\u4ef6\u4ee3\u7801\u9700\u5305\u542b\u5355\u5143\u6d4b\u8bd5\uff0c\u8986\u76d6\u7387\u4e0d\u4f4e\u4e8e80%\u3002 \u9700\u63d0\u4f9b\u7aef\u5230\u7aef\u529f\u80fd\u6d4b\u8bd5\uff0c\u8986\u76d6\u4e0a\u8ff0\u6240\u6709\u63a5\u53e3\uff0c\u4ee5\u53ca\u6838\u5fc3\u7684\u573a\u666f\u6d4b\u8bd5\u3002 \u57fa\u4e8eopenEuler\u793e\u533aCI\uff0c\u6784\u5efaCI/CD\u6d41\u7a0b\uff0c\u6240\u6709Pull Request\u8981\u6709CI\u4fdd\u8bc1\u4ee3\u7801\u8d28\u91cf\uff0c\u5b9a\u671f\u53d1\u5e03release\u7248\u672c\uff0c\u8f6f\u4ef6\u53d1\u5e03\u95f4\u9694\u4e0d\u5927\u4e8e3\u4e2a\u6708\u3002 \u57fa\u4e8eGitee ISSUE\u7cfb\u7edf\u5904\u7406\u7528\u6237\u53d1\u73b0\u5e76\u53cd\u9988\u7684\u95ee\u9898\uff0c\u95ed\u73af\u7387\u5927\u4e8e80%\uff0c\u95ed\u73af\u5468\u671f\u4e0d\u8d85\u8fc71\u5468\u3002 \u8f6f\u4ef6\u5b89\u5168 \u6570\u636e\u5b89\u5168\uff1a\u8f6f\u4ef6\u5168\u7a0b\u4e0d\u8054\u7f51\uff0c\u6301\u4e45\u5b58\u50a8\u4e2d\u4e0d\u5305\u542b\u7528\u6237\u654f\u611f\u4fe1\u606f\u3002 \u7f51\u7edc\u5b89\u5168\uff1aOOS\u5728REST\u67b6\u6784\u4e0b\u4f7f\u7528http\u534f\u8bae\u901a\u4fe1\uff0c\u4f46\u8f6f\u4ef6\u8bbe\u8ba1\u76ee\u6807\u5b9e\u5728\u5185\u7f51\u73af\u5883\u4e2d\u4f7f\u7528\uff0c\u4e0d\u5efa\u8bae\u66b4\u9732\u5728\u516c\u7f51IP\u4e2d\uff0c\u5982\u5fc5\u987b\u5982\u6b64\uff0c\u5efa\u8bae\u589e\u52a0\u8bbf\u95eeIP\u767d\u540d\u5355\u9650\u5236\u3002 \u7cfb\u7edf\u5b89\u5168\uff1a\u57fa\u4e8eopenEuler\u5b89\u5168\u673a\u5236\uff0c\u5b9a\u671f\u53d1\u5e03CVE\u4fee\u590d\u6216\u5b89\u5168\u8865\u4e01\u3002 \u5e94\u7528\u5c42\u5b89\u5168\uff1a\u4e0d\u6d89\u53ca\uff0c\u4e0d\u63d0\u4f9b\u5e94\u7528\u7ea7\u5b89\u5168\u670d\u52a1\uff0c\u4f8b\u5982\u5bc6\u7801\u7b56\u7565\u3001\u8bbf\u95ee\u63a7\u5236\u7b49\u3002 \u7ba1\u7406\u5b89\u5168\uff1a\u8f6f\u4ef6\u63d0\u4f9b\u65e5\u5fd7\u751f\u6210\u548c\u5468\u671f\u6027\u5907\u4efd\u673a\u5236\uff0c\u65b9\u4fbf\u7528\u6237\u5b9a\u671f\u5ba1\u8ba1\u3002 \u53ef\u9760\u6027 \u672c\u8f6f\u4ef6\u9762\u5411openEuler\u793e\u533aOpenStack\u5f00\u53d1\u884c\u4e3a\uff0c\u4e0d\u6d89\u53ca\u670d\u52a1\u4e0a\u7ebf\u6216\u8005\u5546\u4e1a\u751f\u4ea7\u843d\u5730\uff0c\u6240\u6709\u4ee3\u7801\u516c\u5f00\u900f\u660e\uff0c\u4e0d\u6d89\u53ca\u79c1\u6709\u529f\u80fd\u53ca\u4ee3\u7801\u3002\u56e0\u6b64\u4e0d\u63d0\u4f9b\u4f8b\u5982\u8282\u70b9\u5197\u4f59\u3001\u5bb9\u707e\u5907\u4efd\u80fd\u529f\u80fd\u3002","title":"3.1 \u8d28\u91cf\u4e0e\u5b89\u5168"},{"location":"spec/openstack-sig-tool/#32","text":"License\u5408\u89c4 \u672c\u5e73\u53f0\u91c7\u7528Apache2.0 License\uff0c\u4e0d\u9650\u5236\u4e0b\u6e38fork\u8f6f\u4ef6\u7684\u95ed\u6e90\u4e0e\u5546\u4e1a\u884c\u4e3a\uff0c\u4f46\u4e0b\u6e38\u8f6f\u4ef6\u9700\u6807\u6ce8\u4ee3\u7801\u6765\u6e90\u4ee5\u53ca\u4fdd\u7559\u539f\u6709License\u3002 \u6cd5\u52a1\u5408\u89c4 \u672c\u5e73\u53f0\u7531\u5f00\u6e90\u5f00\u53d1\u8005\u5171\u540c\u5f00\u53d1\u7ef4\u62a4\uff0c\u4e0d\u6d89\u53ca\u5546\u4e1a\u516c\u53f8\u7684\u79d8\u5bc6\u4ee5\u53ca\u975e\u516c\u5f00\u4ee3\u7801\u3002\u6240\u6709\u8d21\u732e\u8005\u9700\u9075\u5b88openEuler\u793e\u533a\u8d21\u732e\u51c6\u5219\uff0c\u786e\u4fdd\u81ea\u8eab\u7684\u8d21\u732e\u5408\u89c4\u5408\u6cd5\u3002SIG\u53ca\u793e\u533a\u672c\u8eab\u4e0d\u627f\u62c5\u76f8\u5e94\u8d23\u4efb\u3002 \u5982\u53d1\u73b0\u4e0d\u5408\u89c4\u7684\u6e90\u7801\uff0cSIG\u65e0\u9700\u83b7\u53d6\u8d21\u732e\u8005\u7684\u5141\u8bb8\uff0c\u6709\u6743\u5229\u53ca\u4e49\u52a1\u53ca\u65f6\u5220\u9664\u3002\u5e76\u6709\u6743\u7981\u6b62\u4e0d\u5408\u89c4\u4ee3\u7801\u6216\u5f00\u53d1\u8005\u7ee7\u7eed\u8d21\u732e\u3002 \u5f00\u53d1\u8005\u5982\u679c\u6709\u975e\u516c\u5f00\u4ee3\u7801\u9700\u8981\u8d21\u732e\uff0c\u5219\u8981\u5148\u9075\u5b88\u672c\u516c\u53f8\u7684\u5f00\u6e90\u6d41\u7a0b\u4e0e\u89c4\u5b9a\uff0c\u5e76\u6309\u7167openEuler\u793e\u533a\u5f00\u6e90\u89c4\u8303\u516c\u5f00\u8d21\u732e\u4ee3\u7801\u3002","title":"3.2 \u5408\u89c4"},{"location":"spec/openstack-sig-tool/#4","text":"\u65f6\u95f4 \u5185\u5bb9 \u72b6\u6001 2021.06 \u5b8c\u6210\u8f6f\u4ef6\u6574\u4f53\u6846\u67b6\u7f16\u5199\uff0c\u5b9e\u73b0CLI Built-in\u673a\u5236\uff0c\u81f3\u5c11\u4e00\u4e2aAPI\u53ef\u7528 Done 2021.12 \u5b8c\u6210CLI Built-in\u673a\u5236\u7684\u5168\u91cf\u529f\u80fd\u53ef\u7528 Done 2022.06 \u5b8c\u6210\u8d28\u91cf\u52a0\u56fa\uff0c\u4fdd\u8bc1\u529f\u80fd\uff0c\u5728openEuler OpenStack\u793e\u533a\u5f00\u53d1\u6d41\u7a0b\u4e2d\u6b63\u5f0f\u5f15\u5165OOS Done 2022.12 \u4e0d\u65ad\u5b8c\u6210OOS\uff0c\u4fdd\u8bc1\u6613\u7528\u6027\u3001\u5065\u58ee\u6027\uff0c\u81ea\u52a8\u5316\u8986\u76d6\u5ea6\u8d85\u8fc780%\uff0c\u964d\u4f4e\u5f00\u53d1\u4eba\u529b\u6295\u5165 Done 2023.06 \u8865\u9f50REST\u6846\u67b6\u3001CI/CD\u6d41\u7a0b\uff0c\u4e30\u5bccPlugin\u673a\u5236\uff0c\u5f15\u5165\u66f4\u591abackend\u652f\u6301 Working in progress 2023.12 \u5b8c\u6210\u524d\u7aefGUI\u529f\u80fd Planning","title":"4. \u5b9e\u65bd\u8ba1\u5212"},{"location":"spec/priority_vm/","text":"\u9ad8\u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u6df7\u90e8 \u00b6 \u865a\u62df\u673a\u6df7\u5408\u90e8\u7f72\u662f\u6307\u628a\u5bf9CPU\u3001IO\u3001Memory\u7b49\u8d44\u6e90\u6709\u4e0d\u540c\u9700\u6c42\u7684\u865a\u62df\u673a\u901a\u8fc7\u8c03\u5ea6\u65b9\u5f0f\u90e8\u7f72\u3001\u8fc1\u79fb\u5230\u540c\u4e00\u4e2a\u8ba1\u7b97\u8282\u70b9\u4e0a\uff0c\u4ece\u800c\u4f7f\u5f97\u8282\u70b9\u7684\u8d44\u6e90\u5f97\u5230\u5145\u5206\u5229\u7528\u3002\u5728\u5355\u673a\u7684\u8d44\u6e90\u8c03\u5ea6\u5206\u914d\u4e0a\uff0c\u533a\u5206\u51fa\u9ad8\u4f4e\u4f18\u5148\u7ea7\uff0c\u5373\u9ad8\u4f18\u5148\u7ea7\u865a\u673a\u548c\u4f4e\u4f18\u5148\u7ea7\u865a\u673a\u53d1\u751f\u8d44\u6e90\u7ade\u4e89\u65f6\uff0c\u8d44\u6e90\u4f18\u5148\u5206\u914d\u7ed9\u524d\u8005\uff0c\u4e25\u683c\u4fdd\u969c\u5176QoS\u3002 \u865a\u62df\u673a\u6df7\u5408\u90e8\u7f72\u7684\u573a\u666f\u6709\u591a\u79cd\uff0c\u6bd4\u5982\u901a\u8fc7\u52a8\u6001\u8d44\u6e90\u8c03\u5ea6\u6ee1\u8db3\u8282\u70b9\u8d44\u6e90\u7684\u52a8\u6001\u8c03\u6574\uff1b\u6839\u636e\u7528\u6237\u4f7f\u7528\u4e60\u60ef\u52a8\u6001\u8c03\u6574\u8282\u70b9\u865a\u62df\u673a\u5206\u5e03\u7b49\u7b49\u3002\u800c\u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u8c03\u5ea6\u4e5f\u662f\u5176\u4e2d\u7684\u4e00\u79cd\u5b9e\u73b0\u65b9\u6cd5\u3002 \u5728OpenStack Nova\u4e2d\u5f15\u5165\u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u6280\u672f\uff0c\u53ef\u4ee5\u4e00\u5b9a\u7a0b\u5ea6\u4e0a\u6ee1\u8db3\u865a\u62df\u673a\u7684\u6df7\u5408\u90e8\u7f72\u8981\u6c42\u3002\u672c\u6587\u6863\u4e3b\u8981\u9488\u5bf9OpenStack Nova\u865a\u62df\u673a\u521b\u5efa\u529f\u80fd\uff0c\u4ecb\u7ecd\u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u8c03\u5ea6\u7684\u8bbe\u8ba1\u4e0e\u5b9e\u73b0\u3002 \u5b9e\u73b0\u65b9\u6848 \u00b6 \u5728Nova\u7684\u865a\u62df\u673a\u521b\u5efa\u3001\u8fc1\u79fb\u6d41\u7a0b\u4e2d\u5f15\u5165\u9ad8\u4f4e\u4f18\u5148\u7ea7\u6982\u5ff5\uff0c\u865a\u62df\u673a\u5bf9\u8c61\u65b0\u589e\u9ad8\u4f4e\u4f18\u5148\u7ea7\u5c5e\u6027\u3002\u9ad8\u4f18\u5148\u7ea7\u865a\u62df\u673a\u5728\u8c03\u5ea6\u7684\u8fc7\u7a0b\u4e2d\uff0c\u4f1a\u5c3d\u53ef\u80fd\u7684\u8c03\u5ea6\u5230\u8d44\u6e90\u5145\u8db3\u7684\u8282\u70b9\uff0c\u8fd9\u6837\u7684\u8282\u70b9\u9700\u8981\u81f3\u5c11\u6ee1\u8db3\u5185\u5b58\u4e0d\u8d85\u5356\u3001\u9ad8\u4f18\u5148\u7ea7\u865a\u62df\u673a\u6240\u7528CPU\u4e0d\u8d85\u5356\u7684\u8981\u6c42\u3002 \u672c\u7279\u6027\u7684\u5b9e\u73b0\u57fa\u4e8eOpenStack Yoga\u7248\u672c\uff0c\u627f\u8f7d\u4e8eopenEuler 22.09\u521b\u65b0\u7248\u672c\u4e2d\u3002\u540c\u65f6\u5f15\u5165openEuler 22.03 LTS SP1\u7684Train\u7248\u672c\u3002 \u603b\u4f53\u67b6\u6784 \u00b6 \u7528\u6237\u521b\u5efaflavor\u6216\u521b\u5efa\u865a\u673a\u65f6\uff0c\u53ef\u6307\u5b9a\u5176\u4f18\u5148\u7ea7\u5c5e\u6027\u3002\u4f46\u4f18\u5148\u7ea7\u5c5e\u6027\u4e0d\u5f71\u54cdNova\u73b0\u6709\u7684\u8d44\u6e90\u6a21\u578b\u53ca\u8282\u70b9\u8c03\u5ea6\u7b56\u7565\uff0c\u5373Nova\u4ecd\u6309\u6b63\u5e38\u6d41\u7a0b\u9009\u53d6\u8ba1\u7b97\u8282\u70b9\u53ca\u521b\u5efa\u865a\u673a\u3002 \u865a\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u7279\u6027\u4e3b\u8981\u5f71\u54cd\u865a\u673a\u521b\u5efa\u540e\u5355\u673a\u5c42\u9762\u7684\u8d44\u6e90\u8c03\u5ea6\u5206\u914d\u7b56\u7565\u3002\u9ad8\u4f18\u5148\u7ea7\u865a\u673a\u548c\u4f4e\u4f18\u5148\u7ea7\u865a\u673a\u53d1\u751f\u8d44\u6e90\u7ade\u4e89\u65f6\uff0c\u8d44\u6e90\u4f18\u5148\u5206\u914d\u7ed9\u524d\u8005\uff0c\u4e25\u683c\u4fdd\u969c\u5176QoS\u3002 Nova\u9488\u5bf9\u865a\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u7279\u6027\u6709\u4ee5\u4e0b\u6539\u53d8\uff1a 1. VM\u5bf9\u8c61\u548cflavor\u65b0\u589e\u9ad8\u4f4e\u4f18\u5148\u7ea7\u5c5e\u6027\u914d\u7f6e\u3002\u540c\u65f6\u7ed3\u5408\u4e1a\u52a1\u573a\u666f\uff0c\u7ea6\u675f\u9ad8\u4f18\u5148\u7ea7\u5c5e\u6027\u53ea\u80fd\u8bbe\u7f6e\u7ed9\u7ed1\u6838\u7c7b\u578b\u865a\u673a\uff0c\u4f4e\u4f18\u5148\u7ea7\u5c5e\u6027\u53ea\u80fd\u8bbe\u7f6e\u7ed9\u975e\u7ed1\u6838\u7c7b\u865a\u673a\u3002 2. \u5bf9\u4e8e\u5177\u6709\u4f18\u5148\u7ea7\u5c5e\u6027\u7684\u865a\u673a\uff0c\u9700\u4fee\u6539libvirt XML\u914d\u7f6e\uff0c\u8ba9\u5355\u673a\u4e0a\u7684QoS\u7ba1\u7406\u7ec4\u4ef6\uff08\u540d\u4e3aSkylark\uff09\u611f\u77e5\uff0c\u4ece\u800c\u81ea\u52a8\u8fdb\u884c\u8d44\u6e90\u5206\u914d\u548cQoS\u7ba1\u7406\u3002 3. \u4f4e\u4f18\u5148\u7ea7\u865a\u673a\u7684\u7ed1\u6838\u8303\u56f4\u6709\u6539\u53d8\uff0c\u4ee5\u5145\u5206\u5229\u7528\u9ad8\u4f18\u5148\u7ea7\u865a\u673a\u7a7a\u95f2\u7684\u8d44\u6e90\u3002 \u8d44\u6e90\u6a21\u578b \u00b6 VM\u5bf9\u8c61\u65b0\u589e\u53ef\u9009\u5c5e\u6027 priority \uff0c priority \u53ef\u88ab\u8bbe\u7f6e\u6210 high \u6216 low \uff0c\u5206\u522b\u8868\u793a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u3002 flavor extra_specs\u65b0\u589e hw:cpu_priority \u5b57\u6bb5\uff0c\u6807\u8bc6\u4e3a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u89c4\u683c\uff0c\u503c\u4e3a high \u6216 low \u3002 \u53c2\u6570\u9650\u5236\u53ca\u89c4\u5219\uff1a priority=high \u5fc5\u987b\u4e0e hw:cpu_policy=dedicated \u914d\u5957\u4f7f\u7528\uff0c\u5426\u5219\u62a5\u9519\u3002 priority=low \u5fc5\u987b\u4e0e hw:cpu_policy=shared (\u9ed8\u8ba4\u503c)\u914d\u5957\u4f7f\u7528\uff0c\u5426\u5219\u62a5\u9519\u3002 VM\u5bf9\u8c61\u7684\u4f18\u5148\u7ea7\u914d\u7f6e\u548cflavor\u7684\u4f18\u5148\u7ea7\u914d\u7f6e\u90fd\u4e3a\u53ef\u9009\uff0c\u90fd\u4e0d\u914d\u7f6e\u65f6\u4ee3\u8868\u662f\u666e\u901aVM\uff0c\u90fd\u914d\u7f6e\u65f6\u4ee5VM\u5bf9\u8c61\u7684\u4f18\u5148\u7ea7\u5c5e\u6027\u4e3a\u51c6\u3002 \u666e\u901aVM\u53ef\u4e0e\u5177\u6709\u4f18\u5148\u7ea7\u5c5e\u6027\u7684VM\u5171\u5b58\uff0c\u56e0\u4e3a\u4f18\u5148\u7ea7\u5c5e\u6027\u4e0d\u5f71\u54cdNova\u73b0\u6709\u7684\u8d44\u6e90\u6a21\u578b\u53ca\u8282\u70b9\u8c03\u5ea6\u7b56\u7565\u3002\u5f53\u666e\u901aVM\u4e0e\u9ad8\u4f18\u5148\u7ea7VM\u53d1\u751f\u8d44\u6e90\u7ade\u4e89\u65f6\uff0cSkylark\u7ec4\u4ef6\u4e0d\u4f1a\u5e72\u9884\u3002\u5f53\u666e\u901aVM\u4e0e\u4f4e\u4f18\u5148\u7ea7VM\u53d1\u751f\u8d44\u6e90\u7ade\u4e89\u65f6\uff0cSkylark\u7ec4\u4ef6\u4f1a\u4f18\u5148\u4fdd\u969c\u666e\u901aVM\u7684\u8d44\u6e90\u5206\u914d\u3002 API \u00b6 \u521b\u5efa\u865a\u62df\u673aAPI\u4e2d\u53ef\u9009\u53c2\u6570 os:scheduler_hints.priority \u53ef\u88ab\u8bbe\u7f6e\u6210 high \u6216 low \uff0c\u7528\u4e8e\u8bbe\u7f6eVM\u5bf9\u8c61\u7684\u4f18\u5148\u7ea7\u3002 POST v2/servers (v2.1\u9ed8\u8ba4\u7248\u672c) { \"OS-SCH-HNT:scheduler_hints\": {\"priority\": \"high\"} } Scheduler \u00b6 \u4fdd\u6301\u4e0d\u53d8 Compute \u00b6 \u8d44\u6e90\u4e0a\u62a5 \u00b6 \u4fdd\u6301\u4e0d\u53d8 \u8d44\u6e90\u5206\u914d\u7ed1\u5b9a \u00b6 \u9ad8\u4f4e\u4f18\u5148\u7ea7\u673a\u5668\u521b\u5efa\u6309\u7167priority\u6807\u5fd7\u5206\u914dCPU\uff1a \u9ad8\u4f18\u5148\u7ea7\u865a\u62df\u673a\u53ea\u80fd\u662f\u7ed1\u6838\u7c7b\u578b\u865a\u673a\uff0c\u4e00\u5bf9\u4e00\u7ed1\u5b9a cpu_dedicated_set \u4e2d\u6307\u5b9aCPU \u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u53ea\u80fd\u662f\u975e\u7ed1\u6838\u7c7b\u578b\u865a\u673a\uff0c\u9ed8\u8ba4\u8303\u56f4\u7ed1\u5b9a cpu_shared_set \u4e2d\u6307\u5b9a\u7684CPU\u3002 \u6b64\u5916\uff0c nova.conf \u7684 compute \u5757\u4e2d\u65b0\u589e\u914d\u7f6e\u9879 cpu_priority_mix_enable \uff0c\u9ed8\u8ba4\u503c\u4e3aFalse\u3002\u8bbe\u7f6e\u4e3aTrue\u540e\uff0c\u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u53ef\u4f7f\u7528\u9ad8\u4f18\u5148\u7ea7\u7684\u865a\u62df\u673a\u7ed1\u5b9a\u7684CPU\uff0c\u5373\u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u53ef\u8303\u56f4\u7ed1\u5b9a cpu_shared_set \u4e0e cpu_dedicated_set \u6307\u5b9a\u7684CPU\u3002 \u865a\u62df\u673axml \u00b6 \u9ad8\u4f4e\u4f18\u5148\u7ea7\u673a\u5668\u521b\u5efa\u6309\u7167priority\u6807\u5fd7\uff0c\u5bf9\u865a\u62df\u673a\u8fdb\u884c\u6807\u8bc6\u3002 Libvirt XML\u4e2d\u65b0\u589e\u5c5e\u6027 <resource> \u7247\u6bb5\uff0c\u5305\u62ec /high_prio_machine \u3001 /low_prio_machine \u4e24\u79cd\u503c\uff0c\u5206\u522b\u8868\u793a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u3002\u8be5\u7247\u6bb5\u672c\u8eab\u5728Nova\u4e2d\u6ca1\u6709\u4efb\u4f55\u4f5c\u7528\uff0c\u53ea\u662f\u4e3a Skylark QoS\u670d\u52a1\u6307\u660eVM\u7684\u9ad8\u4f4e\u4f18\u5148\u7ea7\u5c5e\u6027\u3002 \u4e3e\u4f8b \u00b6 \u5047\u8bbe\u4e00\u4e2acompute\u8282\u70b9\u62e5\u670914\u4e2acore\uff0c\u8bbe\u7f6ecpu_dedicated_set=0-11\uff0c\u4e00\u517112\u4e2a\u6838\uff0ccpu_shared_set=12-13\uff0c\u4e00\u51712\u4e2a\u6838\u5fc3\uff0ccpu_allocation_ratio=8 \u5219\uff1a \u9ad8\u4f18VM\u5728scheduler\u89c6\u89d2\u53ef\u7528core\u4e3a12\uff0ccompute\u89c6\u89d2\u53ef\u7ed1\u6838core\u4e5f\u662f12\uff0c\u4e0eNova\u539f\u6709\u903b\u8f91\u4e00\u81f4\u3002 \u4f4e\u4f18VM\u5728scheduler\u89c6\u89d2\u53ef\u7528core\u4e3a2 * 8 = 16\uff0ccompute\u89c6\u89d2\u53ef\u7ed1\u6838core\u4e3a2(\u5f53cpu_priority_mix_enable=False)\uff0c\u4e0eNova\u539f\u6709\u903b\u8f91\u4e00\u81f4\u3002 \u4f4e\u4f18VM\u5728scheduler\u89c6\u89d2\u53ef\u7528core\u4e3a2 * 8 = 16\uff0ccompute\u89c6\u89d2\u53ef\u7ed1\u6838core\u4e3a2+12(\u5f53cpu_priority_mix_enable=True)\uff0c\u4e0eNova\u539f\u6709\u903b\u8f91\u6709\u5dee\u5f02\u3002 \u53c2\u6570\u914d\u7f6e\u5efa\u8bae \u00b6 \u5148\u786e\u5b9a\u5168\u5c40\u8d85\u5206\u6bd4\u548c\u6781\u7aef\u8d85\u5206\u6bd4\u3002 \u5168\u5c40\u8d85\u5206\u6bd4\u7684\u5b9a\u4e49\uff1a\u6240\u6709\u53ef\u5206\u914dvCPU\u6570\u91cf\uff08\u9ad8\u548c\u4f4e\u603b\u548c\uff09\u4e0e\u6240\u6709\u53ef\u7528\u7269\u7406core\u6570\u91cf\u7684\u6bd4\u503c\uff0c\u8fd9\u662f\u4e00\u4e2a\u8ba1\u7b97\u51fa\u6765\u7684\u7406\u8bba\u503c\uff0c\u6bd4\u5982\u4e0a\u8ff0\u4e3e\u4f8b\u4e2d\uff0c\u5168\u5c40\u8d85\u5206\u6bd4\u4e3a (12 + 2 \\* 8) / 14 = 2\u3002 \u5168\u5c40\u8d85\u5206\u6bd4\u7684\u610f\u4e49\uff1a\u5728\u9ad8\u4f4e\u4f18\u5148\u7ea7\u573a\u666f\u4e0b\uff0c\u5168\u5c40\u8d85\u5206\u6bd4\u4e3b\u8981\u5f71\u54cd\u4f4e\u4f18\u5148\u7ea7\u865a\u673a\u4e00\u822c\u6761\u4ef6\u4e0b\uff08\u9ad8\u4f18\u5148\u7ea7\u865a\u673avCPU\u6ca1\u6709\u540c\u65f6\u51b2\u9ad8\uff09\u7684QoS\u3002\u8bbe\u7f6e\u5408\u7406\u7684\u5168\u5c40\u8d85\u5206\u6bd4\u53ef\u4ee5\u51cf\u5c11\u5e95\u5c42\u8d44\u6e90\u5145\u8db3\u4f46\u8c03\u5ea6\u5931\u8d25\u7684\u60c5\u51b5\u51fa\u73b0\u3002 \u6781\u7aef\u8d85\u5206\u6bd4\u7684\u5b9a\u4e49\uff1a\u5373cpu_allocation_ratio\u3002\u53ea\u5f71\u54cdshare\u6838\u5fc3\u7684\u8d85\u5206\u80fd\u529b\u3002 \u6781\u7aef\u8d85\u5206\u6bd4\u7684\u610f\u4e49\uff1a\u5728\u9ad8\u4f4e\u4f18\u5148\u7ea7\u573a\u666f\u4e0b\uff0c\u6781\u7aef\u8d85\u5206\u6bd4\u4e3b\u8981\u5f71\u54cd\u4f4e\u4f18\u5148\u7ea7\u865a\u673a\u6781\u7aef\u6761\u4ef6\u4e0b\uff08\u6240\u6709\u9ad8\u4f18\u5148\u7ea7\u865a\u673avCPU\u540c\u65f6\u51b2\u9ad8\uff09\u7684QoS\u3002 \u7528\u6237\u7ed3\u5408\u4e1a\u52a1\u7279\u5f81\u53caQoS\u76ee\u6807\uff0c\u9009\u62e9\u5408\u9002\u7684\u5168\u5c40\u8d85\u5206\u6bd4\u548c\u6781\u7aef\u8d85\u5206\u6bd4\u540e\uff0c\u7136\u540e\u6309\u7167\u4e0b\u9762\u7684\u8ba1\u7b97\u516c\u5f0f\uff0c\u914d\u7f6e\u5408\u7406\u7684cpu_dedicated_set\u53cacpu_shared_set\u3002 \u8ba1\u7b97\u516c\u5f0f\uff1a ``` \u7528\u6237\u671f\u671b\u7684\u5168\u5c40\u8d85\u5206\u6bd4 = (\u6781\u7aef\u8d85\u5206\u6bd4 * shared\u6838\u5fc3\u6570 + dedicated\u6838\u5fc3\u6570) / compute\u6240\u6709\u6838\u5fc3\u6570 ``` \u8fd8\u662f\u4ee5\u4e0a\u8ff0compute\u8282\u70b9\u4e3a\u4f8b\uff0ccompute\u6240\u6709\u6838\u5fc3\u6570\u4e3a14\uff0c\u5047\u8bbe\u6781\u7aef\u8d85\u5206\u6bd4\u4e3a8\uff0c\u5219\u8ba1\u7b97\u53ef\u5f97\uff1a ``` \u5f53dedicated\u6838\u5fc3\u6570\u4e3a12\u65f6\uff0cshared\u6838\u5fc3\u6570\u4e3a2\u65f6\uff0c\u7528\u6237\u671f\u671b\u7684\u5168\u5c40\u8d85\u5206 = (8*2+12)/14 = 2 \u5f53dedicated\u6838\u5fc3\u6570\u4e3a4\u65f6\uff0cshared\u6838\u5fc3\u6570\u4e3a10\u65f6\uff0c\u7528\u6237\u671f\u671b\u7684\u5168\u5c40\u8d85\u5206 = (8*10+4)/14 = 6 ``` \u5f00\u53d1\u8282\u594f \u00b6 \u5f00\u53d1\u8005\uff1a \u738b\u73ba\u6e90 wangxiyuan1007@gmail.com \u90ed\u96f7 guolei_yewu@cmss.chinamobile.com \u9a6c\u5e72\u6797 maganlin_yewu@cmss.chinamobile.com \u97e9\u5149\u5b87 hanguangyu@uniontech.com \u5f20\u8fce zhangy1317@foxmail.com \u5f20\u5e06 zh.f@outlook.com \u65f6\u95f4\u70b9\uff1a 2022-04-01\u52302022-05-30 \u5b8c\u6210\u5f00\u53d1 2022-06-01\u52302022-07-30 \u6d4b\u8bd5\u3001\u8054\u8c03\u3001\u5237\u65b0\u4ee3\u7801 2022-08-01\u52302022-08-30 \u5b8c\u6210RPM\u5305\u6784\u5efa 2022-09-30\u5f15\u5165openEuler 22.09 Yoga\u7248\u672c 2022-12-30\u5f15\u5165openEuler 22.03 LTS SP1 Train\u7248\u672c","title":"\u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7"},{"location":"spec/priority_vm/#_1","text":"\u865a\u62df\u673a\u6df7\u5408\u90e8\u7f72\u662f\u6307\u628a\u5bf9CPU\u3001IO\u3001Memory\u7b49\u8d44\u6e90\u6709\u4e0d\u540c\u9700\u6c42\u7684\u865a\u62df\u673a\u901a\u8fc7\u8c03\u5ea6\u65b9\u5f0f\u90e8\u7f72\u3001\u8fc1\u79fb\u5230\u540c\u4e00\u4e2a\u8ba1\u7b97\u8282\u70b9\u4e0a\uff0c\u4ece\u800c\u4f7f\u5f97\u8282\u70b9\u7684\u8d44\u6e90\u5f97\u5230\u5145\u5206\u5229\u7528\u3002\u5728\u5355\u673a\u7684\u8d44\u6e90\u8c03\u5ea6\u5206\u914d\u4e0a\uff0c\u533a\u5206\u51fa\u9ad8\u4f4e\u4f18\u5148\u7ea7\uff0c\u5373\u9ad8\u4f18\u5148\u7ea7\u865a\u673a\u548c\u4f4e\u4f18\u5148\u7ea7\u865a\u673a\u53d1\u751f\u8d44\u6e90\u7ade\u4e89\u65f6\uff0c\u8d44\u6e90\u4f18\u5148\u5206\u914d\u7ed9\u524d\u8005\uff0c\u4e25\u683c\u4fdd\u969c\u5176QoS\u3002 \u865a\u62df\u673a\u6df7\u5408\u90e8\u7f72\u7684\u573a\u666f\u6709\u591a\u79cd\uff0c\u6bd4\u5982\u901a\u8fc7\u52a8\u6001\u8d44\u6e90\u8c03\u5ea6\u6ee1\u8db3\u8282\u70b9\u8d44\u6e90\u7684\u52a8\u6001\u8c03\u6574\uff1b\u6839\u636e\u7528\u6237\u4f7f\u7528\u4e60\u60ef\u52a8\u6001\u8c03\u6574\u8282\u70b9\u865a\u62df\u673a\u5206\u5e03\u7b49\u7b49\u3002\u800c\u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u8c03\u5ea6\u4e5f\u662f\u5176\u4e2d\u7684\u4e00\u79cd\u5b9e\u73b0\u65b9\u6cd5\u3002 \u5728OpenStack Nova\u4e2d\u5f15\u5165\u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u6280\u672f\uff0c\u53ef\u4ee5\u4e00\u5b9a\u7a0b\u5ea6\u4e0a\u6ee1\u8db3\u865a\u62df\u673a\u7684\u6df7\u5408\u90e8\u7f72\u8981\u6c42\u3002\u672c\u6587\u6863\u4e3b\u8981\u9488\u5bf9OpenStack Nova\u865a\u62df\u673a\u521b\u5efa\u529f\u80fd\uff0c\u4ecb\u7ecd\u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u8c03\u5ea6\u7684\u8bbe\u8ba1\u4e0e\u5b9e\u73b0\u3002","title":"\u9ad8\u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u6df7\u90e8"},{"location":"spec/priority_vm/#_2","text":"\u5728Nova\u7684\u865a\u62df\u673a\u521b\u5efa\u3001\u8fc1\u79fb\u6d41\u7a0b\u4e2d\u5f15\u5165\u9ad8\u4f4e\u4f18\u5148\u7ea7\u6982\u5ff5\uff0c\u865a\u62df\u673a\u5bf9\u8c61\u65b0\u589e\u9ad8\u4f4e\u4f18\u5148\u7ea7\u5c5e\u6027\u3002\u9ad8\u4f18\u5148\u7ea7\u865a\u62df\u673a\u5728\u8c03\u5ea6\u7684\u8fc7\u7a0b\u4e2d\uff0c\u4f1a\u5c3d\u53ef\u80fd\u7684\u8c03\u5ea6\u5230\u8d44\u6e90\u5145\u8db3\u7684\u8282\u70b9\uff0c\u8fd9\u6837\u7684\u8282\u70b9\u9700\u8981\u81f3\u5c11\u6ee1\u8db3\u5185\u5b58\u4e0d\u8d85\u5356\u3001\u9ad8\u4f18\u5148\u7ea7\u865a\u62df\u673a\u6240\u7528CPU\u4e0d\u8d85\u5356\u7684\u8981\u6c42\u3002 \u672c\u7279\u6027\u7684\u5b9e\u73b0\u57fa\u4e8eOpenStack Yoga\u7248\u672c\uff0c\u627f\u8f7d\u4e8eopenEuler 22.09\u521b\u65b0\u7248\u672c\u4e2d\u3002\u540c\u65f6\u5f15\u5165openEuler 22.03 LTS SP1\u7684Train\u7248\u672c\u3002","title":"\u5b9e\u73b0\u65b9\u6848"},{"location":"spec/priority_vm/#_3","text":"\u7528\u6237\u521b\u5efaflavor\u6216\u521b\u5efa\u865a\u673a\u65f6\uff0c\u53ef\u6307\u5b9a\u5176\u4f18\u5148\u7ea7\u5c5e\u6027\u3002\u4f46\u4f18\u5148\u7ea7\u5c5e\u6027\u4e0d\u5f71\u54cdNova\u73b0\u6709\u7684\u8d44\u6e90\u6a21\u578b\u53ca\u8282\u70b9\u8c03\u5ea6\u7b56\u7565\uff0c\u5373Nova\u4ecd\u6309\u6b63\u5e38\u6d41\u7a0b\u9009\u53d6\u8ba1\u7b97\u8282\u70b9\u53ca\u521b\u5efa\u865a\u673a\u3002 \u865a\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u7279\u6027\u4e3b\u8981\u5f71\u54cd\u865a\u673a\u521b\u5efa\u540e\u5355\u673a\u5c42\u9762\u7684\u8d44\u6e90\u8c03\u5ea6\u5206\u914d\u7b56\u7565\u3002\u9ad8\u4f18\u5148\u7ea7\u865a\u673a\u548c\u4f4e\u4f18\u5148\u7ea7\u865a\u673a\u53d1\u751f\u8d44\u6e90\u7ade\u4e89\u65f6\uff0c\u8d44\u6e90\u4f18\u5148\u5206\u914d\u7ed9\u524d\u8005\uff0c\u4e25\u683c\u4fdd\u969c\u5176QoS\u3002 Nova\u9488\u5bf9\u865a\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u7279\u6027\u6709\u4ee5\u4e0b\u6539\u53d8\uff1a 1. VM\u5bf9\u8c61\u548cflavor\u65b0\u589e\u9ad8\u4f4e\u4f18\u5148\u7ea7\u5c5e\u6027\u914d\u7f6e\u3002\u540c\u65f6\u7ed3\u5408\u4e1a\u52a1\u573a\u666f\uff0c\u7ea6\u675f\u9ad8\u4f18\u5148\u7ea7\u5c5e\u6027\u53ea\u80fd\u8bbe\u7f6e\u7ed9\u7ed1\u6838\u7c7b\u578b\u865a\u673a\uff0c\u4f4e\u4f18\u5148\u7ea7\u5c5e\u6027\u53ea\u80fd\u8bbe\u7f6e\u7ed9\u975e\u7ed1\u6838\u7c7b\u865a\u673a\u3002 2. \u5bf9\u4e8e\u5177\u6709\u4f18\u5148\u7ea7\u5c5e\u6027\u7684\u865a\u673a\uff0c\u9700\u4fee\u6539libvirt XML\u914d\u7f6e\uff0c\u8ba9\u5355\u673a\u4e0a\u7684QoS\u7ba1\u7406\u7ec4\u4ef6\uff08\u540d\u4e3aSkylark\uff09\u611f\u77e5\uff0c\u4ece\u800c\u81ea\u52a8\u8fdb\u884c\u8d44\u6e90\u5206\u914d\u548cQoS\u7ba1\u7406\u3002 3. \u4f4e\u4f18\u5148\u7ea7\u865a\u673a\u7684\u7ed1\u6838\u8303\u56f4\u6709\u6539\u53d8\uff0c\u4ee5\u5145\u5206\u5229\u7528\u9ad8\u4f18\u5148\u7ea7\u865a\u673a\u7a7a\u95f2\u7684\u8d44\u6e90\u3002","title":"\u603b\u4f53\u67b6\u6784"},{"location":"spec/priority_vm/#_4","text":"VM\u5bf9\u8c61\u65b0\u589e\u53ef\u9009\u5c5e\u6027 priority \uff0c priority \u53ef\u88ab\u8bbe\u7f6e\u6210 high \u6216 low \uff0c\u5206\u522b\u8868\u793a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u3002 flavor extra_specs\u65b0\u589e hw:cpu_priority \u5b57\u6bb5\uff0c\u6807\u8bc6\u4e3a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u89c4\u683c\uff0c\u503c\u4e3a high \u6216 low \u3002 \u53c2\u6570\u9650\u5236\u53ca\u89c4\u5219\uff1a priority=high \u5fc5\u987b\u4e0e hw:cpu_policy=dedicated \u914d\u5957\u4f7f\u7528\uff0c\u5426\u5219\u62a5\u9519\u3002 priority=low \u5fc5\u987b\u4e0e hw:cpu_policy=shared (\u9ed8\u8ba4\u503c)\u914d\u5957\u4f7f\u7528\uff0c\u5426\u5219\u62a5\u9519\u3002 VM\u5bf9\u8c61\u7684\u4f18\u5148\u7ea7\u914d\u7f6e\u548cflavor\u7684\u4f18\u5148\u7ea7\u914d\u7f6e\u90fd\u4e3a\u53ef\u9009\uff0c\u90fd\u4e0d\u914d\u7f6e\u65f6\u4ee3\u8868\u662f\u666e\u901aVM\uff0c\u90fd\u914d\u7f6e\u65f6\u4ee5VM\u5bf9\u8c61\u7684\u4f18\u5148\u7ea7\u5c5e\u6027\u4e3a\u51c6\u3002 \u666e\u901aVM\u53ef\u4e0e\u5177\u6709\u4f18\u5148\u7ea7\u5c5e\u6027\u7684VM\u5171\u5b58\uff0c\u56e0\u4e3a\u4f18\u5148\u7ea7\u5c5e\u6027\u4e0d\u5f71\u54cdNova\u73b0\u6709\u7684\u8d44\u6e90\u6a21\u578b\u53ca\u8282\u70b9\u8c03\u5ea6\u7b56\u7565\u3002\u5f53\u666e\u901aVM\u4e0e\u9ad8\u4f18\u5148\u7ea7VM\u53d1\u751f\u8d44\u6e90\u7ade\u4e89\u65f6\uff0cSkylark\u7ec4\u4ef6\u4e0d\u4f1a\u5e72\u9884\u3002\u5f53\u666e\u901aVM\u4e0e\u4f4e\u4f18\u5148\u7ea7VM\u53d1\u751f\u8d44\u6e90\u7ade\u4e89\u65f6\uff0cSkylark\u7ec4\u4ef6\u4f1a\u4f18\u5148\u4fdd\u969c\u666e\u901aVM\u7684\u8d44\u6e90\u5206\u914d\u3002","title":"\u8d44\u6e90\u6a21\u578b"},{"location":"spec/priority_vm/#api","text":"\u521b\u5efa\u865a\u62df\u673aAPI\u4e2d\u53ef\u9009\u53c2\u6570 os:scheduler_hints.priority \u53ef\u88ab\u8bbe\u7f6e\u6210 high \u6216 low \uff0c\u7528\u4e8e\u8bbe\u7f6eVM\u5bf9\u8c61\u7684\u4f18\u5148\u7ea7\u3002 POST v2/servers (v2.1\u9ed8\u8ba4\u7248\u672c) { \"OS-SCH-HNT:scheduler_hints\": {\"priority\": \"high\"} }","title":"API"},{"location":"spec/priority_vm/#scheduler","text":"\u4fdd\u6301\u4e0d\u53d8","title":"Scheduler"},{"location":"spec/priority_vm/#compute","text":"","title":"Compute"},{"location":"spec/priority_vm/#_5","text":"\u4fdd\u6301\u4e0d\u53d8","title":"\u8d44\u6e90\u4e0a\u62a5"},{"location":"spec/priority_vm/#_6","text":"\u9ad8\u4f4e\u4f18\u5148\u7ea7\u673a\u5668\u521b\u5efa\u6309\u7167priority\u6807\u5fd7\u5206\u914dCPU\uff1a \u9ad8\u4f18\u5148\u7ea7\u865a\u62df\u673a\u53ea\u80fd\u662f\u7ed1\u6838\u7c7b\u578b\u865a\u673a\uff0c\u4e00\u5bf9\u4e00\u7ed1\u5b9a cpu_dedicated_set \u4e2d\u6307\u5b9aCPU \u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u53ea\u80fd\u662f\u975e\u7ed1\u6838\u7c7b\u578b\u865a\u673a\uff0c\u9ed8\u8ba4\u8303\u56f4\u7ed1\u5b9a cpu_shared_set \u4e2d\u6307\u5b9a\u7684CPU\u3002 \u6b64\u5916\uff0c nova.conf \u7684 compute \u5757\u4e2d\u65b0\u589e\u914d\u7f6e\u9879 cpu_priority_mix_enable \uff0c\u9ed8\u8ba4\u503c\u4e3aFalse\u3002\u8bbe\u7f6e\u4e3aTrue\u540e\uff0c\u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u53ef\u4f7f\u7528\u9ad8\u4f18\u5148\u7ea7\u7684\u865a\u62df\u673a\u7ed1\u5b9a\u7684CPU\uff0c\u5373\u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u53ef\u8303\u56f4\u7ed1\u5b9a cpu_shared_set \u4e0e cpu_dedicated_set \u6307\u5b9a\u7684CPU\u3002","title":"\u8d44\u6e90\u5206\u914d\u7ed1\u5b9a"},{"location":"spec/priority_vm/#xml","text":"\u9ad8\u4f4e\u4f18\u5148\u7ea7\u673a\u5668\u521b\u5efa\u6309\u7167priority\u6807\u5fd7\uff0c\u5bf9\u865a\u62df\u673a\u8fdb\u884c\u6807\u8bc6\u3002 Libvirt XML\u4e2d\u65b0\u589e\u5c5e\u6027 <resource> \u7247\u6bb5\uff0c\u5305\u62ec /high_prio_machine \u3001 /low_prio_machine \u4e24\u79cd\u503c\uff0c\u5206\u522b\u8868\u793a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u3002\u8be5\u7247\u6bb5\u672c\u8eab\u5728Nova\u4e2d\u6ca1\u6709\u4efb\u4f55\u4f5c\u7528\uff0c\u53ea\u662f\u4e3a Skylark QoS\u670d\u52a1\u6307\u660eVM\u7684\u9ad8\u4f4e\u4f18\u5148\u7ea7\u5c5e\u6027\u3002","title":"\u865a\u62df\u673axml"},{"location":"spec/priority_vm/#_7","text":"\u5047\u8bbe\u4e00\u4e2acompute\u8282\u70b9\u62e5\u670914\u4e2acore\uff0c\u8bbe\u7f6ecpu_dedicated_set=0-11\uff0c\u4e00\u517112\u4e2a\u6838\uff0ccpu_shared_set=12-13\uff0c\u4e00\u51712\u4e2a\u6838\u5fc3\uff0ccpu_allocation_ratio=8 \u5219\uff1a \u9ad8\u4f18VM\u5728scheduler\u89c6\u89d2\u53ef\u7528core\u4e3a12\uff0ccompute\u89c6\u89d2\u53ef\u7ed1\u6838core\u4e5f\u662f12\uff0c\u4e0eNova\u539f\u6709\u903b\u8f91\u4e00\u81f4\u3002 \u4f4e\u4f18VM\u5728scheduler\u89c6\u89d2\u53ef\u7528core\u4e3a2 * 8 = 16\uff0ccompute\u89c6\u89d2\u53ef\u7ed1\u6838core\u4e3a2(\u5f53cpu_priority_mix_enable=False)\uff0c\u4e0eNova\u539f\u6709\u903b\u8f91\u4e00\u81f4\u3002 \u4f4e\u4f18VM\u5728scheduler\u89c6\u89d2\u53ef\u7528core\u4e3a2 * 8 = 16\uff0ccompute\u89c6\u89d2\u53ef\u7ed1\u6838core\u4e3a2+12(\u5f53cpu_priority_mix_enable=True)\uff0c\u4e0eNova\u539f\u6709\u903b\u8f91\u6709\u5dee\u5f02\u3002","title":"\u4e3e\u4f8b"},{"location":"spec/priority_vm/#_8","text":"\u5148\u786e\u5b9a\u5168\u5c40\u8d85\u5206\u6bd4\u548c\u6781\u7aef\u8d85\u5206\u6bd4\u3002 \u5168\u5c40\u8d85\u5206\u6bd4\u7684\u5b9a\u4e49\uff1a\u6240\u6709\u53ef\u5206\u914dvCPU\u6570\u91cf\uff08\u9ad8\u548c\u4f4e\u603b\u548c\uff09\u4e0e\u6240\u6709\u53ef\u7528\u7269\u7406core\u6570\u91cf\u7684\u6bd4\u503c\uff0c\u8fd9\u662f\u4e00\u4e2a\u8ba1\u7b97\u51fa\u6765\u7684\u7406\u8bba\u503c\uff0c\u6bd4\u5982\u4e0a\u8ff0\u4e3e\u4f8b\u4e2d\uff0c\u5168\u5c40\u8d85\u5206\u6bd4\u4e3a (12 + 2 \\* 8) / 14 = 2\u3002 \u5168\u5c40\u8d85\u5206\u6bd4\u7684\u610f\u4e49\uff1a\u5728\u9ad8\u4f4e\u4f18\u5148\u7ea7\u573a\u666f\u4e0b\uff0c\u5168\u5c40\u8d85\u5206\u6bd4\u4e3b\u8981\u5f71\u54cd\u4f4e\u4f18\u5148\u7ea7\u865a\u673a\u4e00\u822c\u6761\u4ef6\u4e0b\uff08\u9ad8\u4f18\u5148\u7ea7\u865a\u673avCPU\u6ca1\u6709\u540c\u65f6\u51b2\u9ad8\uff09\u7684QoS\u3002\u8bbe\u7f6e\u5408\u7406\u7684\u5168\u5c40\u8d85\u5206\u6bd4\u53ef\u4ee5\u51cf\u5c11\u5e95\u5c42\u8d44\u6e90\u5145\u8db3\u4f46\u8c03\u5ea6\u5931\u8d25\u7684\u60c5\u51b5\u51fa\u73b0\u3002 \u6781\u7aef\u8d85\u5206\u6bd4\u7684\u5b9a\u4e49\uff1a\u5373cpu_allocation_ratio\u3002\u53ea\u5f71\u54cdshare\u6838\u5fc3\u7684\u8d85\u5206\u80fd\u529b\u3002 \u6781\u7aef\u8d85\u5206\u6bd4\u7684\u610f\u4e49\uff1a\u5728\u9ad8\u4f4e\u4f18\u5148\u7ea7\u573a\u666f\u4e0b\uff0c\u6781\u7aef\u8d85\u5206\u6bd4\u4e3b\u8981\u5f71\u54cd\u4f4e\u4f18\u5148\u7ea7\u865a\u673a\u6781\u7aef\u6761\u4ef6\u4e0b\uff08\u6240\u6709\u9ad8\u4f18\u5148\u7ea7\u865a\u673avCPU\u540c\u65f6\u51b2\u9ad8\uff09\u7684QoS\u3002 \u7528\u6237\u7ed3\u5408\u4e1a\u52a1\u7279\u5f81\u53caQoS\u76ee\u6807\uff0c\u9009\u62e9\u5408\u9002\u7684\u5168\u5c40\u8d85\u5206\u6bd4\u548c\u6781\u7aef\u8d85\u5206\u6bd4\u540e\uff0c\u7136\u540e\u6309\u7167\u4e0b\u9762\u7684\u8ba1\u7b97\u516c\u5f0f\uff0c\u914d\u7f6e\u5408\u7406\u7684cpu_dedicated_set\u53cacpu_shared_set\u3002 \u8ba1\u7b97\u516c\u5f0f\uff1a ``` \u7528\u6237\u671f\u671b\u7684\u5168\u5c40\u8d85\u5206\u6bd4 = (\u6781\u7aef\u8d85\u5206\u6bd4 * shared\u6838\u5fc3\u6570 + dedicated\u6838\u5fc3\u6570) / compute\u6240\u6709\u6838\u5fc3\u6570 ``` \u8fd8\u662f\u4ee5\u4e0a\u8ff0compute\u8282\u70b9\u4e3a\u4f8b\uff0ccompute\u6240\u6709\u6838\u5fc3\u6570\u4e3a14\uff0c\u5047\u8bbe\u6781\u7aef\u8d85\u5206\u6bd4\u4e3a8\uff0c\u5219\u8ba1\u7b97\u53ef\u5f97\uff1a ``` \u5f53dedicated\u6838\u5fc3\u6570\u4e3a12\u65f6\uff0cshared\u6838\u5fc3\u6570\u4e3a2\u65f6\uff0c\u7528\u6237\u671f\u671b\u7684\u5168\u5c40\u8d85\u5206 = (8*2+12)/14 = 2 \u5f53dedicated\u6838\u5fc3\u6570\u4e3a4\u65f6\uff0cshared\u6838\u5fc3\u6570\u4e3a10\u65f6\uff0c\u7528\u6237\u671f\u671b\u7684\u5168\u5c40\u8d85\u5206 = (8*10+4)/14 = 6 ```","title":"\u53c2\u6570\u914d\u7f6e\u5efa\u8bae"},{"location":"spec/priority_vm/#_9","text":"\u5f00\u53d1\u8005\uff1a \u738b\u73ba\u6e90 wangxiyuan1007@gmail.com \u90ed\u96f7 guolei_yewu@cmss.chinamobile.com \u9a6c\u5e72\u6797 maganlin_yewu@cmss.chinamobile.com \u97e9\u5149\u5b87 hanguangyu@uniontech.com \u5f20\u8fce zhangy1317@foxmail.com \u5f20\u5e06 zh.f@outlook.com \u65f6\u95f4\u70b9\uff1a 2022-04-01\u52302022-05-30 \u5b8c\u6210\u5f00\u53d1 2022-06-01\u52302022-07-30 \u6d4b\u8bd5\u3001\u8054\u8c03\u3001\u5237\u65b0\u4ee3\u7801 2022-08-01\u52302022-08-30 \u5b8c\u6210RPM\u5305\u6784\u5efa 2022-09-30\u5f15\u5165openEuler 22.09 Yoga\u7248\u672c 2022-12-30\u5f15\u5165openEuler 22.03 LTS SP1 Train\u7248\u672c","title":"\u5f00\u53d1\u8282\u594f"},{"location":"test/openEuler-20.03-LTS-SP2/","text":"\u7248\u6743\u6240\u6709 \u00a9 2021 openEuler\u793e\u533a \u60a8\u5bf9\u201c\u672c\u6587\u6863\u201d\u7684\u590d\u5236\u3001\u4f7f\u7528\u3001\u4fee\u6539\u53ca\u5206\u53d1\u53d7\u77e5\u8bc6\u5171\u4eab(Creative Commons)\u7f72\u540d\u2014\u76f8\u540c\u65b9\u5f0f\u5171\u4eab4.0\u56fd\u9645\u516c\u5171\u8bb8\u53ef\u534f\u8bae(\u4ee5\u4e0b\u7b80\u79f0\u201cCC BY-SA 4.0\u201d)\u7684\u7ea6\u675f\u3002\u4e3a\u4e86\u65b9\u4fbf\u7528\u6237\u7406\u89e3\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95ee https://creativecommons.org/licenses/by-sa/4.0/ \u4e86\u89e3CC BY-SA 4.0\u7684\u6982\u8981 (\u4f46\u4e0d\u662f\u66ff\u4ee3)\u3002CC BY-SA 4.0\u7684\u5b8c\u6574\u534f\u8bae\u5185\u5bb9\u60a8\u53ef\u4ee5\u8bbf\u95ee\u5982\u4e0b\u7f51\u5740\u83b7\u53d6\uff1a https://creativecommons.org/licenses/by-sa/4.0/legalcode\u3002 \u4fee\u8ba2\u8bb0\u5f55 \u65e5\u671f \u4fee\u8ba2\u7248\u672c \u4fee\u6539\u63cf\u8ff0 \u4f5c\u8005 2021-6-16 1 \u521d\u7a3f \u738b\u73ba\u6e90 2021-6-17 2 \u589e\u52a0Rocky\u7248\u672c\u6d4b\u8bd5\u62a5\u544a \u9ec4\u586b\u534e \u5173\u952e\u8bcd\uff1a OpenStack \u6458\u8981\uff1a \u5728openEuler 20.03 LTS SP2\u7248\u672c\u4e2d\u63d0\u4f9bOpenStack Queens\u3001Rocky\u7248\u672c\u7684RPM\u5b89\u88c5\u5305\u3002\u65b9\u4fbf\u7528\u6237\u5feb\u901f\u90e8\u7f72OpenStack\u3002 \u7f29\u7565\u8bed\u6e05\u5355\uff1a \u7f29\u7565\u8bed \u82f1\u6587\u5168\u540d \u4e2d\u6587\u89e3\u91ca CLI Command Line Interface \u547d\u4ee4\u884c\u5de5\u5177 ECS Elastic Cloud Server \u5f39\u6027\u4e91\u670d\u52a1\u5668 1 \u7279\u6027\u6982\u8ff0 \u00b6 \u5728openEuler 20.03 LTS SP2 release\u4e2d\u63d0\u4f9bOpenStack Queens\u3001Rocky RPM\u5b89\u88c5\u5305\u652f\u6301\uff0c\u5305\u62ec\u9879\u76ee\uff1aKeystone\u3001Glance\u3001Nova\u3001Neutron\u3001Cinder\u3001Ironic\u3001Trove\u3001Kolla\u3001Horizon\u3001Tempest\u4ee5\u53ca\u6bcf\u4e2a\u9879\u76ee\u914d\u5957\u7684CLI\u3002 2 \u7279\u6027\u6d4b\u8bd5\u4fe1\u606f \u00b6 \u672c\u8282\u63cf\u8ff0\u88ab\u6d4b\u5bf9\u8c61\u7684\u7248\u672c\u4fe1\u606f\u548c\u6d4b\u8bd5\u7684\u65f6\u95f4\u53ca\u6d4b\u8bd5\u8f6e\u6b21\uff0c\u5305\u62ec\u4f9d\u8d56\u7684\u786c\u4ef6\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u8d77\u59cb\u65f6\u95f4 \u6d4b\u8bd5\u7ed3\u675f\u65f6\u95f4 openEuler 20.03 LTS SP2 (OpenStack\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2021.6.1 2021.6.7 openEuler 20.03 LTS SP2 \uff08OpenStack\u57fa\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5\uff09 2021.6.8 2021.6.10 openEuler 20.03 LTS SP2 \uff08OpenStack tempest\u96c6\u6210\u6d4b\u8bd5\uff09 2021.6.11 2021.6.15 openEuler 20.03 LTS SP2 \uff08\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5\uff09 2021.6.16 2021.6.17 \u63cf\u8ff0\u7279\u6027\u6d4b\u8bd5\u7684\u786c\u4ef6\u73af\u5883\u4fe1\u606f \u786c\u4ef6\u578b\u53f7 \u786c\u4ef6\u914d\u7f6e\u4fe1\u606f \u5907\u6ce8 \u534e\u4e3a\u4e91ECS Intel Cascade Lake 3.0GHz 8U16G \u534e\u4e3a\u4e91x86\u865a\u62df\u673a \u534e\u4e3a\u4e91ECS Huawei Kunpeng 920 2.6GHz 8U16G \u534e\u4e3a\u4e91arm64\u865a\u62df\u673a TaiShan 200-2280 Kunpeng 920,48 Core@2.6GHz*2; 256GB DDR4 RAM ARM\u67b6\u6784\u670d\u52a1\u5668 3 \u6d4b\u8bd5\u7ed3\u8bba\u6982\u8ff0 \u00b6 3.1 \u6d4b\u8bd5\u6574\u4f53\u7ed3\u8bba \u00b6 OpenStack Queens\u7248\u672c\uff0c\u5171\u8ba1\u6267\u884cTempest\u7528\u4f8b1164\u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86API\u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc77*24\u7684\u957f\u7a33\u6d4b\u8bd5\uff0cSkip\u7528\u4f8b52\u4e2a\uff08\u5168\u662fopenStack Queens\u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982Keystone V1\u3001Cinder V1\u7b49\uff09\uff0c\u5931\u8d25\u7528\u4f8b3\u4e2a\uff08\u6d4b\u8bd5\u7528\u4f8b\u672c\u8eab\u95ee\u9898\uff09\uff0c\u5176\u4ed61109\u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 OpenStack Rocky\u7248\u672c\uff0c\u5171\u8ba1\u6267\u884cTempest\u7528\u4f8b1197\u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86API\u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc77*24\u7684\u957f\u7a33\u6d4b\u8bd5\uff0cSkip\u7528\u4f8b105\u4e2a\uff08\u5168\u662fopenStack Rocky\u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982KeystoneV1\u3001Cinder V1\u7b49\uff0c\u548c\u4e0d\u652f\u6301\u7684barbican\u9879\u76ee\uff09\uff0c\u5931\u8d25\u7528\u4f8b1\u4e2a\uff0c\u5176\u4ed61091\u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 \u6d4b\u8bd5\u6d3b\u52a8 tempest\u96c6\u6210\u6d4b\u8bd5 \u63a5\u53e3\u6d4b\u8bd5 API\u5168\u8986\u76d6 \u529f\u80fd\u6d4b\u8bd5 Queens\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1164\u4e2a\uff0c\u5176\u4e2dSkip 52\u4e2a\uff0cFail 3\u4e2a\uff0c\u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u529f\u80fd\u6d4b\u8bd5 Rocky\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1197\u4e2a\uff0c\u5176\u4e2dSkip 105\u4e2a\uff0cFail 1\u4e2a, \u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u6d4b\u8bd5\u6d3b\u52a8 \u529f\u80fd\u6d4b\u8bd5 \u529f\u80fd\u6d4b\u8bd5 \u865a\u62df\u673a\uff08KVM\u3001Qemu)\u3001\u5b58\u50a8\uff08lvm\u3001NFS\u3001Ceph\u540e\u7aef\uff09\u3001\u7f51\u7edc\u8d44\u6e90\uff08linuxbridge\u3001openvswitch\uff09\u7ba1\u7406\u64cd\u4f5c\u6b63\u5e38 3.2 \u7ea6\u675f\u8bf4\u660e \u00b6 \u672c\u6b21\u6d4b\u8bd5\u6ca1\u6709\u8986\u76d6OpenStack Queens\u3001Rocky\u7248\u4e2d\u660e\u786e\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff0c\u56e0\u6b64\u4e0d\u80fd\u4fdd\u8bc1\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff08\u524d\u6587\u63d0\u5230\u7684Skip\u7684\u7528\u4f8b\uff09\u5728openEuler 20.03 LTS SP2\u4e0a\u80fd\u6b63\u5e38\u4f7f\u7528\u3002 3.3 \u9057\u7559\u95ee\u9898\u5206\u6790 \u00b6 3.3.1 \u9057\u7559\u95ee\u9898\u5f71\u54cd\u4ee5\u53ca\u89c4\u907f\u63aa\u65bd \u00b6 \u95ee\u9898\u5355\u53f7 \u95ee\u9898\u63cf\u8ff0 \u95ee\u9898\u7ea7\u522b \u95ee\u9898\u5f71\u54cd\u548c\u89c4\u907f\u63aa\u65bd \u5f53\u524d\u72b6\u6001 1 targetcli\u8f6f\u4ef6\u5305\u4e0epython2-rtslib-fb\u5305\u51b2\u7a81\uff0c\u65e0\u6cd5\u5b89\u88c5 \u4e2d \u4f7f\u7528tgtadm\u4ee3\u66fflioadm\u547d\u4ee4 \u89e3\u51b3\u4e2d 2 python2-flake8\u8f6f\u4ef6\u5305\u4f9d\u8d56\u4f4e\u7248\u672c\u7684pyflakes\uff0c\u5bfc\u81f4yum update\u547d\u4ee4\u62a5\u51fa\u8b66\u544a \u4f4e \u4f7f\u7528yum update --nobest\u547d\u4ee4\u5347\u7ea7\u8f6f\u4ef6\u5305 \u89e3\u51b3\u4e2d 3.3.2 \u95ee\u9898\u7edf\u8ba1 \u00b6 \u95ee\u9898\u603b\u6570 \u4e25\u91cd \u4e3b\u8981 \u6b21\u8981 \u4e0d\u91cd\u8981 \u6570\u76ee 14 3 6 5 \u767e\u5206\u6bd4 100 21.4 42.8 35.8 4 \u6d4b\u8bd5\u6267\u884c \u00b6 4.1 \u6d4b\u8bd5\u6267\u884c\u7edf\u8ba1\u6570\u636e \u00b6 \u672c\u8282\u5185\u5bb9\u6839\u636e\u6d4b\u8bd5\u7528\u4f8b\u53ca\u5b9e\u9645\u6267\u884c\u60c5\u51b5\u8fdb\u884c\u7279\u6027\u6574\u4f53\u6d4b\u8bd5\u7684\u7edf\u8ba1\uff0c\u53ef\u6839\u636e\u7b2c\u4e8c\u7ae0\u7684\u6d4b\u8bd5\u8f6e\u6b21\u5206\u5f00\u8fdb\u884c\u7edf\u8ba1\u8bf4\u660e\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u7528\u4f8b\u6570 \u7528\u4f8b\u6267\u884c\u7ed3\u679c \u53d1\u73b0\u95ee\u9898\u5355\u6570 openEuler 20.03 LTS SP2 OpenStack Queens 1164 \u901a\u8fc71109\u4e2a\uff0cskip 52\u4e2a\uff0cFail 3\u4e2a 7 openEuler 20.03 LTS SP2 OpenStack Rocky 1197 \u901a\u8fc71001\u4e2a\uff0cskip 101\u4e2a 7 4.2 \u540e\u7eed\u6d4b\u8bd5\u5efa\u8bae \u00b6 \u6db5\u76d6\u4e3b\u8981\u7684\u6027\u80fd\u6d4b\u8bd5 \u8986\u76d6\u66f4\u591a\u7684driver/plugin\u6d4b\u8bd5 5 \u9644\u4ef6 \u00b6 N/A","title":"openEuler-20.03-LTS-SP2"},{"location":"test/openEuler-20.03-LTS-SP2/#1","text":"\u5728openEuler 20.03 LTS SP2 release\u4e2d\u63d0\u4f9bOpenStack Queens\u3001Rocky RPM\u5b89\u88c5\u5305\u652f\u6301\uff0c\u5305\u62ec\u9879\u76ee\uff1aKeystone\u3001Glance\u3001Nova\u3001Neutron\u3001Cinder\u3001Ironic\u3001Trove\u3001Kolla\u3001Horizon\u3001Tempest\u4ee5\u53ca\u6bcf\u4e2a\u9879\u76ee\u914d\u5957\u7684CLI\u3002","title":"1 \u7279\u6027\u6982\u8ff0"},{"location":"test/openEuler-20.03-LTS-SP2/#2","text":"\u672c\u8282\u63cf\u8ff0\u88ab\u6d4b\u5bf9\u8c61\u7684\u7248\u672c\u4fe1\u606f\u548c\u6d4b\u8bd5\u7684\u65f6\u95f4\u53ca\u6d4b\u8bd5\u8f6e\u6b21\uff0c\u5305\u62ec\u4f9d\u8d56\u7684\u786c\u4ef6\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u8d77\u59cb\u65f6\u95f4 \u6d4b\u8bd5\u7ed3\u675f\u65f6\u95f4 openEuler 20.03 LTS SP2 (OpenStack\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2021.6.1 2021.6.7 openEuler 20.03 LTS SP2 \uff08OpenStack\u57fa\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5\uff09 2021.6.8 2021.6.10 openEuler 20.03 LTS SP2 \uff08OpenStack tempest\u96c6\u6210\u6d4b\u8bd5\uff09 2021.6.11 2021.6.15 openEuler 20.03 LTS SP2 \uff08\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5\uff09 2021.6.16 2021.6.17 \u63cf\u8ff0\u7279\u6027\u6d4b\u8bd5\u7684\u786c\u4ef6\u73af\u5883\u4fe1\u606f \u786c\u4ef6\u578b\u53f7 \u786c\u4ef6\u914d\u7f6e\u4fe1\u606f \u5907\u6ce8 \u534e\u4e3a\u4e91ECS Intel Cascade Lake 3.0GHz 8U16G \u534e\u4e3a\u4e91x86\u865a\u62df\u673a \u534e\u4e3a\u4e91ECS Huawei Kunpeng 920 2.6GHz 8U16G \u534e\u4e3a\u4e91arm64\u865a\u62df\u673a TaiShan 200-2280 Kunpeng 920,48 Core@2.6GHz*2; 256GB DDR4 RAM ARM\u67b6\u6784\u670d\u52a1\u5668","title":"2 \u7279\u6027\u6d4b\u8bd5\u4fe1\u606f"},{"location":"test/openEuler-20.03-LTS-SP2/#3","text":"","title":"3 \u6d4b\u8bd5\u7ed3\u8bba\u6982\u8ff0"},{"location":"test/openEuler-20.03-LTS-SP2/#31","text":"OpenStack Queens\u7248\u672c\uff0c\u5171\u8ba1\u6267\u884cTempest\u7528\u4f8b1164\u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86API\u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc77*24\u7684\u957f\u7a33\u6d4b\u8bd5\uff0cSkip\u7528\u4f8b52\u4e2a\uff08\u5168\u662fopenStack Queens\u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982Keystone V1\u3001Cinder V1\u7b49\uff09\uff0c\u5931\u8d25\u7528\u4f8b3\u4e2a\uff08\u6d4b\u8bd5\u7528\u4f8b\u672c\u8eab\u95ee\u9898\uff09\uff0c\u5176\u4ed61109\u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 OpenStack Rocky\u7248\u672c\uff0c\u5171\u8ba1\u6267\u884cTempest\u7528\u4f8b1197\u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86API\u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc77*24\u7684\u957f\u7a33\u6d4b\u8bd5\uff0cSkip\u7528\u4f8b105\u4e2a\uff08\u5168\u662fopenStack Rocky\u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982KeystoneV1\u3001Cinder V1\u7b49\uff0c\u548c\u4e0d\u652f\u6301\u7684barbican\u9879\u76ee\uff09\uff0c\u5931\u8d25\u7528\u4f8b1\u4e2a\uff0c\u5176\u4ed61091\u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 \u6d4b\u8bd5\u6d3b\u52a8 tempest\u96c6\u6210\u6d4b\u8bd5 \u63a5\u53e3\u6d4b\u8bd5 API\u5168\u8986\u76d6 \u529f\u80fd\u6d4b\u8bd5 Queens\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1164\u4e2a\uff0c\u5176\u4e2dSkip 52\u4e2a\uff0cFail 3\u4e2a\uff0c\u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u529f\u80fd\u6d4b\u8bd5 Rocky\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1197\u4e2a\uff0c\u5176\u4e2dSkip 105\u4e2a\uff0cFail 1\u4e2a, \u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u6d4b\u8bd5\u6d3b\u52a8 \u529f\u80fd\u6d4b\u8bd5 \u529f\u80fd\u6d4b\u8bd5 \u865a\u62df\u673a\uff08KVM\u3001Qemu)\u3001\u5b58\u50a8\uff08lvm\u3001NFS\u3001Ceph\u540e\u7aef\uff09\u3001\u7f51\u7edc\u8d44\u6e90\uff08linuxbridge\u3001openvswitch\uff09\u7ba1\u7406\u64cd\u4f5c\u6b63\u5e38","title":"3.1 \u6d4b\u8bd5\u6574\u4f53\u7ed3\u8bba"},{"location":"test/openEuler-20.03-LTS-SP2/#32","text":"\u672c\u6b21\u6d4b\u8bd5\u6ca1\u6709\u8986\u76d6OpenStack Queens\u3001Rocky\u7248\u4e2d\u660e\u786e\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff0c\u56e0\u6b64\u4e0d\u80fd\u4fdd\u8bc1\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff08\u524d\u6587\u63d0\u5230\u7684Skip\u7684\u7528\u4f8b\uff09\u5728openEuler 20.03 LTS SP2\u4e0a\u80fd\u6b63\u5e38\u4f7f\u7528\u3002","title":"3.2 \u7ea6\u675f\u8bf4\u660e"},{"location":"test/openEuler-20.03-LTS-SP2/#33","text":"","title":"3.3 \u9057\u7559\u95ee\u9898\u5206\u6790"},{"location":"test/openEuler-20.03-LTS-SP2/#331","text":"\u95ee\u9898\u5355\u53f7 \u95ee\u9898\u63cf\u8ff0 \u95ee\u9898\u7ea7\u522b \u95ee\u9898\u5f71\u54cd\u548c\u89c4\u907f\u63aa\u65bd \u5f53\u524d\u72b6\u6001 1 targetcli\u8f6f\u4ef6\u5305\u4e0epython2-rtslib-fb\u5305\u51b2\u7a81\uff0c\u65e0\u6cd5\u5b89\u88c5 \u4e2d \u4f7f\u7528tgtadm\u4ee3\u66fflioadm\u547d\u4ee4 \u89e3\u51b3\u4e2d 2 python2-flake8\u8f6f\u4ef6\u5305\u4f9d\u8d56\u4f4e\u7248\u672c\u7684pyflakes\uff0c\u5bfc\u81f4yum update\u547d\u4ee4\u62a5\u51fa\u8b66\u544a \u4f4e \u4f7f\u7528yum update --nobest\u547d\u4ee4\u5347\u7ea7\u8f6f\u4ef6\u5305 \u89e3\u51b3\u4e2d","title":"3.3.1 \u9057\u7559\u95ee\u9898\u5f71\u54cd\u4ee5\u53ca\u89c4\u907f\u63aa\u65bd"},{"location":"test/openEuler-20.03-LTS-SP2/#332","text":"\u95ee\u9898\u603b\u6570 \u4e25\u91cd \u4e3b\u8981 \u6b21\u8981 \u4e0d\u91cd\u8981 \u6570\u76ee 14 3 6 5 \u767e\u5206\u6bd4 100 21.4 42.8 35.8","title":"3.3.2 \u95ee\u9898\u7edf\u8ba1"},{"location":"test/openEuler-20.03-LTS-SP2/#4","text":"","title":"4 \u6d4b\u8bd5\u6267\u884c"},{"location":"test/openEuler-20.03-LTS-SP2/#41","text":"\u672c\u8282\u5185\u5bb9\u6839\u636e\u6d4b\u8bd5\u7528\u4f8b\u53ca\u5b9e\u9645\u6267\u884c\u60c5\u51b5\u8fdb\u884c\u7279\u6027\u6574\u4f53\u6d4b\u8bd5\u7684\u7edf\u8ba1\uff0c\u53ef\u6839\u636e\u7b2c\u4e8c\u7ae0\u7684\u6d4b\u8bd5\u8f6e\u6b21\u5206\u5f00\u8fdb\u884c\u7edf\u8ba1\u8bf4\u660e\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u7528\u4f8b\u6570 \u7528\u4f8b\u6267\u884c\u7ed3\u679c \u53d1\u73b0\u95ee\u9898\u5355\u6570 openEuler 20.03 LTS SP2 OpenStack Queens 1164 \u901a\u8fc71109\u4e2a\uff0cskip 52\u4e2a\uff0cFail 3\u4e2a 7 openEuler 20.03 LTS SP2 OpenStack Rocky 1197 \u901a\u8fc71001\u4e2a\uff0cskip 101\u4e2a 7","title":"4.1 \u6d4b\u8bd5\u6267\u884c\u7edf\u8ba1\u6570\u636e"},{"location":"test/openEuler-20.03-LTS-SP2/#42","text":"\u6db5\u76d6\u4e3b\u8981\u7684\u6027\u80fd\u6d4b\u8bd5 \u8986\u76d6\u66f4\u591a\u7684driver/plugin\u6d4b\u8bd5","title":"4.2 \u540e\u7eed\u6d4b\u8bd5\u5efa\u8bae"},{"location":"test/openEuler-20.03-LTS-SP2/#5","text":"N/A","title":"5 \u9644\u4ef6"},{"location":"test/openEuler-20.03-LTS-SP3/","text":"\u7248\u6743\u6240\u6709 \u00a9 2021 openEuler\u793e\u533a \u60a8\u5bf9\u201c\u672c\u6587\u6863\u201d\u7684\u590d\u5236\u3001\u4f7f\u7528\u3001\u4fee\u6539\u53ca\u5206\u53d1\u53d7\u77e5\u8bc6\u5171\u4eab(Creative Commons)\u7f72\u540d\u2014\u76f8\u540c\u65b9\u5f0f\u5171\u4eab4.0\u56fd\u9645\u516c\u5171\u8bb8\u53ef\u534f\u8bae(\u4ee5\u4e0b\u7b80\u79f0\u201cCC BY-SA 4.0\u201d)\u7684\u7ea6\u675f\u3002\u4e3a\u4e86\u65b9\u4fbf\u7528\u6237\u7406\u89e3\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95ee https://creativecommons.org/licenses/by-sa/4.0/ \u4e86\u89e3CC BY-SA 4.0\u7684\u6982\u8981 (\u4f46\u4e0d\u662f\u66ff\u4ee3)\u3002CC BY-SA 4.0\u7684\u5b8c\u6574\u534f\u8bae\u5185\u5bb9\u60a8\u53ef\u4ee5\u8bbf\u95ee\u5982\u4e0b\u7f51\u5740\u83b7\u53d6\uff1a https://creativecommons.org/licenses/by-sa/4.0/legalcode\u3002 \u4fee\u8ba2\u8bb0\u5f55 \u65e5\u671f \u4fee\u8ba2\u7248\u672c \u4fee\u6539\u63cf\u8ff0 \u4f5c\u8005 2021-12-10 1 \u521d\u7a3f\u53ca\u540c\u6b65Train\u7248\u672c\u6d4b\u8bd5\u60c5\u51b5 \u9ec4\u586b\u534e \u5173\u952e\u8bcd\uff1a OpenStack \u6458\u8981\uff1a \u5728openEuler 20.03 LTS SP3\u7248\u672c\u4e2d\u63d0\u4f9bOpenStack Queens\u3001Rocky\u3001Train\u7248\u672c\u7684RPM\u5b89\u88c5\u5305\u3002\u65b9\u4fbf\u7528\u6237\u5feb\u901f\u90e8\u7f72OpenStack\u3002 \u7f29\u7565\u8bed\u6e05\u5355\uff1a \u7f29\u7565\u8bed \u82f1\u6587\u5168\u540d \u4e2d\u6587\u89e3\u91ca CLI Command Line Interface \u547d\u4ee4\u884c\u5de5\u5177 ECS Elastic Cloud Server \u5f39\u6027\u4e91\u670d\u52a1\u5668 1 \u7279\u6027\u6982\u8ff0 \u00b6 \u5728openEuler 20.03 LTS SP2 release\u4e2d\u63d0\u4f9bOpenStack Queens\u3001Rocky RPM\u5b89\u88c5\u5305\u652f\u6301\uff0c\u5305\u62ec\u9879\u76ee\uff1aKeystone\u3001Glance\u3001Nova\u3001Neutron\u3001Cinder\u3001Ironic\u3001Trove\u3001Kolla\u3001Horizon\u3001Tempest\u4ee5\u53ca\u6bcf\u4e2a\u9879\u76ee\u914d\u5957\u7684CLI\u3002 openEuler 20.03 LTS SP3 release\u589e\u52a0\u4e86OpenStack Train\u7248\u672cRPM\u5b89\u88c5\u5305\u652f\u6301\uff0c\u5305\u62ec\u9879\u76ee\uff1aKeystone\u3001Glance\u3001Placement\u3001Nova\u3001Neutron\u3001Cinder\u3001Ironic\u3001Trove\u3001Kolla\u3001Heat\u3001Aodh\u3001Ceilometer\u3001Gnocchi\u3001Swift\u3001Horizon\u3001Tempest\u4ee5\u53ca\u6bcf\u4e2a\u9879\u76ee\u914d\u5957\u7684CLI\u3002 2 \u7279\u6027\u6d4b\u8bd5\u4fe1\u606f \u00b6 \u672c\u8282\u63cf\u8ff0\u88ab\u6d4b\u5bf9\u8c61\u7684\u7248\u672c\u4fe1\u606f\u548c\u6d4b\u8bd5\u7684\u65f6\u95f4\u53ca\u6d4b\u8bd5\u8f6e\u6b21\uff0c\u5305\u62ec\u4f9d\u8d56\u7684\u786c\u4ef6\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u8d77\u59cb\u65f6\u95f4 \u6d4b\u8bd5\u7ed3\u675f\u65f6\u95f4 openEuler 20.03 LTS SP3 RC1 \uff08OpenStack Train\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5\uff09 2021.11.25 2021.11.30 openEuler 20.03 LTS SP3 RC1 \uff08OpenStack Train\u7248\u672c\u57fa\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5\uff09 2021.12.1 2021.12.2 openEuler 20.03 LTS SP3 RC2 \uff08OpenStack Train\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5\uff09 2021.12.3 2021.12.9 openEuler 20.03 LTS SP3 RC3 \uff08OpenStack Train\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5\uff09 2021.12.10 2021.12.12 openEuler 20.03 LTS SP3 RC3 \uff08OpenStack Queens&Rocky\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5\uff09 2021.12.10 2021.12.13 openEuler 20.03 LTS SP3 RC3 \uff08OpenStack Queens&Rocky\u7248\u672c\u57fa\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5\uff09 2021.12.14 2021.12.16 openEuler 20.03 LTS SP3 RC4 \uff08OpenStack Queens&Rocky\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5\uff09 2021.12.17 2021.12.20 openEuler 20.03 LTS SP3 RC4 \uff08OpenStack Queens&Rocky\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5\uff09 2021.12.21 2021.12.23 \u63cf\u8ff0\u7279\u6027\u6d4b\u8bd5\u7684\u786c\u4ef6\u73af\u5883\u4fe1\u606f \u786c\u4ef6\u578b\u53f7 \u786c\u4ef6\u914d\u7f6e\u4fe1\u606f \u5907\u6ce8 \u534e\u4e3a\u4e91ECS Intel Cascade Lake 3.0GHz 8U16G \u534e\u4e3a\u4e91x86\u865a\u62df\u673a \u534e\u4e3a\u4e91ECS Huawei Kunpeng 920 2.6GHz 8U16G \u534e\u4e3a\u4e91arm64\u865a\u62df\u673a TaiShan 200-2280 Kunpeng 920,48 Core@2.6GHz*2; 256GB DDR4 RAM ARM\u67b6\u6784\u670d\u52a1\u5668 3 \u6d4b\u8bd5\u7ed3\u8bba\u6982\u8ff0 \u00b6 3.1 \u6d4b\u8bd5\u6574\u4f53\u7ed3\u8bba \u00b6 OpenStack Queens\u7248\u672c\uff0c\u5171\u8ba1\u6267\u884cTempest\u7528\u4f8b1164\u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86API\u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0cSkip\u7528\u4f8b52\u4e2a\uff08\u5168\u662fopenStack Queens\u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982Keystone V1\u3001Cinder V1\u7b49\uff09\uff0c\u5931\u8d25\u7528\u4f8b3\u4e2a\uff08\u6d4b\u8bd5\u7528\u4f8b\u672c\u8eab\u95ee\u9898\uff09\uff0c\u5176\u4ed61109\u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 OpenStack Rocky\u7248\u672c\uff0c\u5171\u8ba1\u6267\u884cTempest\u7528\u4f8b1197\u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86API\u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0cSkip\u7528\u4f8b101\u4e2a\uff08\u5168\u662fopenStack Rocky\u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982KeystoneV1\u3001Cinder V1\u7b49\uff09\uff0c\u5176\u4ed61096\u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 OpenStack Train\u7248\u672c\u9664\u4e86Cyborg\uff08Cyborg\u5b89\u88c5\u90e8\u7f72\u6b63\u5e38\uff0c\u529f\u80fd\u4e0d\u53ef\u7528\uff09\u5404\u7ec4\u4ef6\u57fa\u672c\u529f\u80fd\u6b63\u5e38\uff0c\u5171\u8ba1\u6267\u884cTempest\u7528\u4f8b1179\u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86API\u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0cSkip\u7528\u4f8b115\u4e2a\uff08\u5305\u62ec\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982Keystone V1\u3001Cinder V1\u7b49\uff0c\u5305\u62ec\u4e00\u4e9b\u590d\u6742\u529f\u80fd\uff0c\u6bd4\u5982\u6587\u4ef6\u6ce8\u5165\uff0c\u865a\u62df\u673a\u914d\u7f6e\u7b49\uff09\uff0c\u5176\u4ed61064\u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u5171\u8ba1\u53d1\u73b0\u95ee\u989814\u4e2a\uff08\u5305\u62eclibvirt 1\u4e2a\u95ee\u9898\uff09\uff0c\u5747\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 \u6d4b\u8bd5\u6d3b\u52a8 tempest\u96c6\u6210\u6d4b\u8bd5 \u63a5\u53e3\u6d4b\u8bd5 API\u5168\u8986\u76d6 \u529f\u80fd\u6d4b\u8bd5 Queens\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1164\u4e2a\uff0c\u5176\u4e2dSkip 52\u4e2a\uff0cFail 3\u4e2a\uff0c\u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u529f\u80fd\u6d4b\u8bd5 Rocky\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1197\u4e2a\uff0c\u5176\u4e2dSkip 101\u4e2a\uff0c\u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u529f\u80fd\u6d4b\u8bd5 Train\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1179\u4e2a\uff0c\u5176\u4e2dSkip 115\u4e2a\uff0c\u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u6d4b\u8bd5\u6d3b\u52a8 \u529f\u80fd\u6d4b\u8bd5 \u529f\u80fd\u6d4b\u8bd5 \u865a\u62df\u673a\uff08KVM\u3001Qemu)\u3001\u5b58\u50a8\uff08lvm\uff09\u3001\u7f51\u7edc\u8d44\u6e90\uff08linuxbridge\uff09\u7ba1\u7406\u64cd\u4f5c\u6b63\u5e38 3.2 \u7ea6\u675f\u8bf4\u660e \u00b6 \u672c\u6b21\u6d4b\u8bd5\u6ca1\u6709\u8986\u76d6OpenStack Queens\u3001Rocky\u7248\u4e2d\u660e\u786e\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff0c\u56e0\u6b64\u4e0d\u80fd\u4fdd\u8bc1\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff08\u524d\u6587\u63d0\u5230\u7684Skip\u7684\u7528\u4f8b\uff09\u5728openEuler 20.03 LTS SP3\u4e0a\u80fd\u6b63\u5e38\u4f7f\u7528\uff0c\u53e6\u5916Cyborg\u529f\u80fd\u4e0d\u53ef\u7528\u3002 3.3 \u9057\u7559\u95ee\u9898\u5206\u6790 \u00b6 3.3.1 Queens&Rocky\u9057\u7559\u95ee\u9898\u5f71\u54cd\u4ee5\u53ca\u89c4\u907f\u63aa\u65bd \u00b6 \u95ee\u9898\u5355\u53f7 \u95ee\u9898\u63cf\u8ff0 \u95ee\u9898\u7ea7\u522b \u95ee\u9898\u5f71\u54cd\u548c\u89c4\u907f\u63aa\u65bd \u5f53\u524d\u72b6\u6001 1 targetcli\u8f6f\u4ef6\u5305\u4e0epython2-rtslib-fb\u5305\u51b2\u7a81\uff0c\u65e0\u6cd5\u5b89\u88c5 \u4e2d \u4f7f\u7528tgtadm\u4ee3\u66fflioadm\u547d\u4ee4 \u89e3\u51b3\u4e2d 2 python2-flake8\u8f6f\u4ef6\u5305\u4f9d\u8d56\u4f4e\u7248\u672c\u7684pyflakes\uff0c\u5bfc\u81f4yum update\u547d\u4ee4\u62a5\u51fa\u8b66\u544a \u4f4e \u4f7f\u7528yum update --nobest\u547d\u4ee4\u5347\u7ea7\u8f6f\u4ef6\u5305 \u89e3\u51b3\u4e2d 3.3.2 Train\u7248\u672c\u95ee\u9898\u7edf\u8ba1 \u00b6 \u95ee\u9898\u603b\u6570 \u4e25\u91cd \u4e3b\u8981 \u6b21\u8981 \u4e0d\u91cd\u8981 \u6570\u76ee 14 1 6 7 \u767e\u5206\u6bd4 100 7.1 42.9 50 4 \u6d4b\u8bd5\u6267\u884c \u00b6 4.1 \u6d4b\u8bd5\u6267\u884c\u7edf\u8ba1\u6570\u636e \u00b6 \u672c\u8282\u5185\u5bb9\u6839\u636e\u6d4b\u8bd5\u7528\u4f8b\u53ca\u5b9e\u9645\u6267\u884c\u60c5\u51b5\u8fdb\u884c\u7279\u6027\u6574\u4f53\u6d4b\u8bd5\u7684\u7edf\u8ba1\uff0c\u53ef\u6839\u636e\u7b2c\u4e8c\u7ae0\u7684\u6d4b\u8bd5\u8f6e\u6b21\u5206\u5f00\u8fdb\u884c\u7edf\u8ba1\u8bf4\u660e\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u7528\u4f8b\u6570 \u7528\u4f8b\u6267\u884c\u7ed3\u679c \u53d1\u73b0\u95ee\u9898\u5355\u6570 openEuler 20.03 LTS SP3 OpenStack Queens 1164 \u901a\u8fc71109\u4e2a\uff0cskip 52\u4e2a\uff0cFail 3\u4e2a 0 openEuler 20.03 LTS SP3 OpenStack Rocky 1197 \u901a\u8fc71096\u4e2a\uff0cskip 101\u4e2a 0 openEuler 20.03 LTS SP3 OpenStack Train 1179 \u901a\u8fc71064\u4e2a\uff0cskip 115\u4e2a 14 4.2 \u540e\u7eed\u6d4b\u8bd5\u5efa\u8bae \u00b6 \u6db5\u76d6\u4e3b\u8981\u7684\u6027\u80fd\u6d4b\u8bd5 \u8986\u76d6\u66f4\u591a\u7684driver/plugin\u6d4b\u8bd5 5 \u9644\u4ef6 \u00b6 N/A","title":"openEuler-20.03-LTS-SP3"},{"location":"test/openEuler-20.03-LTS-SP3/#1","text":"\u5728openEuler 20.03 LTS SP2 release\u4e2d\u63d0\u4f9bOpenStack Queens\u3001Rocky RPM\u5b89\u88c5\u5305\u652f\u6301\uff0c\u5305\u62ec\u9879\u76ee\uff1aKeystone\u3001Glance\u3001Nova\u3001Neutron\u3001Cinder\u3001Ironic\u3001Trove\u3001Kolla\u3001Horizon\u3001Tempest\u4ee5\u53ca\u6bcf\u4e2a\u9879\u76ee\u914d\u5957\u7684CLI\u3002 openEuler 20.03 LTS SP3 release\u589e\u52a0\u4e86OpenStack Train\u7248\u672cRPM\u5b89\u88c5\u5305\u652f\u6301\uff0c\u5305\u62ec\u9879\u76ee\uff1aKeystone\u3001Glance\u3001Placement\u3001Nova\u3001Neutron\u3001Cinder\u3001Ironic\u3001Trove\u3001Kolla\u3001Heat\u3001Aodh\u3001Ceilometer\u3001Gnocchi\u3001Swift\u3001Horizon\u3001Tempest\u4ee5\u53ca\u6bcf\u4e2a\u9879\u76ee\u914d\u5957\u7684CLI\u3002","title":"1 \u7279\u6027\u6982\u8ff0"},{"location":"test/openEuler-20.03-LTS-SP3/#2","text":"\u672c\u8282\u63cf\u8ff0\u88ab\u6d4b\u5bf9\u8c61\u7684\u7248\u672c\u4fe1\u606f\u548c\u6d4b\u8bd5\u7684\u65f6\u95f4\u53ca\u6d4b\u8bd5\u8f6e\u6b21\uff0c\u5305\u62ec\u4f9d\u8d56\u7684\u786c\u4ef6\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u8d77\u59cb\u65f6\u95f4 \u6d4b\u8bd5\u7ed3\u675f\u65f6\u95f4 openEuler 20.03 LTS SP3 RC1 \uff08OpenStack Train\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5\uff09 2021.11.25 2021.11.30 openEuler 20.03 LTS SP3 RC1 \uff08OpenStack Train\u7248\u672c\u57fa\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5\uff09 2021.12.1 2021.12.2 openEuler 20.03 LTS SP3 RC2 \uff08OpenStack Train\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5\uff09 2021.12.3 2021.12.9 openEuler 20.03 LTS SP3 RC3 \uff08OpenStack Train\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5\uff09 2021.12.10 2021.12.12 openEuler 20.03 LTS SP3 RC3 \uff08OpenStack Queens&Rocky\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5\uff09 2021.12.10 2021.12.13 openEuler 20.03 LTS SP3 RC3 \uff08OpenStack Queens&Rocky\u7248\u672c\u57fa\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5\uff09 2021.12.14 2021.12.16 openEuler 20.03 LTS SP3 RC4 \uff08OpenStack Queens&Rocky\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5\uff09 2021.12.17 2021.12.20 openEuler 20.03 LTS SP3 RC4 \uff08OpenStack Queens&Rocky\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5\uff09 2021.12.21 2021.12.23 \u63cf\u8ff0\u7279\u6027\u6d4b\u8bd5\u7684\u786c\u4ef6\u73af\u5883\u4fe1\u606f \u786c\u4ef6\u578b\u53f7 \u786c\u4ef6\u914d\u7f6e\u4fe1\u606f \u5907\u6ce8 \u534e\u4e3a\u4e91ECS Intel Cascade Lake 3.0GHz 8U16G \u534e\u4e3a\u4e91x86\u865a\u62df\u673a \u534e\u4e3a\u4e91ECS Huawei Kunpeng 920 2.6GHz 8U16G \u534e\u4e3a\u4e91arm64\u865a\u62df\u673a TaiShan 200-2280 Kunpeng 920,48 Core@2.6GHz*2; 256GB DDR4 RAM ARM\u67b6\u6784\u670d\u52a1\u5668","title":"2 \u7279\u6027\u6d4b\u8bd5\u4fe1\u606f"},{"location":"test/openEuler-20.03-LTS-SP3/#3","text":"","title":"3 \u6d4b\u8bd5\u7ed3\u8bba\u6982\u8ff0"},{"location":"test/openEuler-20.03-LTS-SP3/#31","text":"OpenStack Queens\u7248\u672c\uff0c\u5171\u8ba1\u6267\u884cTempest\u7528\u4f8b1164\u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86API\u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0cSkip\u7528\u4f8b52\u4e2a\uff08\u5168\u662fopenStack Queens\u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982Keystone V1\u3001Cinder V1\u7b49\uff09\uff0c\u5931\u8d25\u7528\u4f8b3\u4e2a\uff08\u6d4b\u8bd5\u7528\u4f8b\u672c\u8eab\u95ee\u9898\uff09\uff0c\u5176\u4ed61109\u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 OpenStack Rocky\u7248\u672c\uff0c\u5171\u8ba1\u6267\u884cTempest\u7528\u4f8b1197\u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86API\u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0cSkip\u7528\u4f8b101\u4e2a\uff08\u5168\u662fopenStack Rocky\u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982KeystoneV1\u3001Cinder V1\u7b49\uff09\uff0c\u5176\u4ed61096\u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 OpenStack Train\u7248\u672c\u9664\u4e86Cyborg\uff08Cyborg\u5b89\u88c5\u90e8\u7f72\u6b63\u5e38\uff0c\u529f\u80fd\u4e0d\u53ef\u7528\uff09\u5404\u7ec4\u4ef6\u57fa\u672c\u529f\u80fd\u6b63\u5e38\uff0c\u5171\u8ba1\u6267\u884cTempest\u7528\u4f8b1179\u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86API\u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0cSkip\u7528\u4f8b115\u4e2a\uff08\u5305\u62ec\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982Keystone V1\u3001Cinder V1\u7b49\uff0c\u5305\u62ec\u4e00\u4e9b\u590d\u6742\u529f\u80fd\uff0c\u6bd4\u5982\u6587\u4ef6\u6ce8\u5165\uff0c\u865a\u62df\u673a\u914d\u7f6e\u7b49\uff09\uff0c\u5176\u4ed61064\u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u5171\u8ba1\u53d1\u73b0\u95ee\u989814\u4e2a\uff08\u5305\u62eclibvirt 1\u4e2a\u95ee\u9898\uff09\uff0c\u5747\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 \u6d4b\u8bd5\u6d3b\u52a8 tempest\u96c6\u6210\u6d4b\u8bd5 \u63a5\u53e3\u6d4b\u8bd5 API\u5168\u8986\u76d6 \u529f\u80fd\u6d4b\u8bd5 Queens\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1164\u4e2a\uff0c\u5176\u4e2dSkip 52\u4e2a\uff0cFail 3\u4e2a\uff0c\u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u529f\u80fd\u6d4b\u8bd5 Rocky\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1197\u4e2a\uff0c\u5176\u4e2dSkip 101\u4e2a\uff0c\u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u529f\u80fd\u6d4b\u8bd5 Train\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1179\u4e2a\uff0c\u5176\u4e2dSkip 115\u4e2a\uff0c\u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u6d4b\u8bd5\u6d3b\u52a8 \u529f\u80fd\u6d4b\u8bd5 \u529f\u80fd\u6d4b\u8bd5 \u865a\u62df\u673a\uff08KVM\u3001Qemu)\u3001\u5b58\u50a8\uff08lvm\uff09\u3001\u7f51\u7edc\u8d44\u6e90\uff08linuxbridge\uff09\u7ba1\u7406\u64cd\u4f5c\u6b63\u5e38","title":"3.1 \u6d4b\u8bd5\u6574\u4f53\u7ed3\u8bba"},{"location":"test/openEuler-20.03-LTS-SP3/#32","text":"\u672c\u6b21\u6d4b\u8bd5\u6ca1\u6709\u8986\u76d6OpenStack Queens\u3001Rocky\u7248\u4e2d\u660e\u786e\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff0c\u56e0\u6b64\u4e0d\u80fd\u4fdd\u8bc1\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff08\u524d\u6587\u63d0\u5230\u7684Skip\u7684\u7528\u4f8b\uff09\u5728openEuler 20.03 LTS SP3\u4e0a\u80fd\u6b63\u5e38\u4f7f\u7528\uff0c\u53e6\u5916Cyborg\u529f\u80fd\u4e0d\u53ef\u7528\u3002","title":"3.2 \u7ea6\u675f\u8bf4\u660e"},{"location":"test/openEuler-20.03-LTS-SP3/#33","text":"","title":"3.3 \u9057\u7559\u95ee\u9898\u5206\u6790"},{"location":"test/openEuler-20.03-LTS-SP3/#331-queensrocky","text":"\u95ee\u9898\u5355\u53f7 \u95ee\u9898\u63cf\u8ff0 \u95ee\u9898\u7ea7\u522b \u95ee\u9898\u5f71\u54cd\u548c\u89c4\u907f\u63aa\u65bd \u5f53\u524d\u72b6\u6001 1 targetcli\u8f6f\u4ef6\u5305\u4e0epython2-rtslib-fb\u5305\u51b2\u7a81\uff0c\u65e0\u6cd5\u5b89\u88c5 \u4e2d \u4f7f\u7528tgtadm\u4ee3\u66fflioadm\u547d\u4ee4 \u89e3\u51b3\u4e2d 2 python2-flake8\u8f6f\u4ef6\u5305\u4f9d\u8d56\u4f4e\u7248\u672c\u7684pyflakes\uff0c\u5bfc\u81f4yum update\u547d\u4ee4\u62a5\u51fa\u8b66\u544a \u4f4e \u4f7f\u7528yum update --nobest\u547d\u4ee4\u5347\u7ea7\u8f6f\u4ef6\u5305 \u89e3\u51b3\u4e2d","title":"3.3.1 Queens&amp;Rocky\u9057\u7559\u95ee\u9898\u5f71\u54cd\u4ee5\u53ca\u89c4\u907f\u63aa\u65bd"},{"location":"test/openEuler-20.03-LTS-SP3/#332-train","text":"\u95ee\u9898\u603b\u6570 \u4e25\u91cd \u4e3b\u8981 \u6b21\u8981 \u4e0d\u91cd\u8981 \u6570\u76ee 14 1 6 7 \u767e\u5206\u6bd4 100 7.1 42.9 50","title":"3.3.2 Train\u7248\u672c\u95ee\u9898\u7edf\u8ba1"},{"location":"test/openEuler-20.03-LTS-SP3/#4","text":"","title":"4 \u6d4b\u8bd5\u6267\u884c"},{"location":"test/openEuler-20.03-LTS-SP3/#41","text":"\u672c\u8282\u5185\u5bb9\u6839\u636e\u6d4b\u8bd5\u7528\u4f8b\u53ca\u5b9e\u9645\u6267\u884c\u60c5\u51b5\u8fdb\u884c\u7279\u6027\u6574\u4f53\u6d4b\u8bd5\u7684\u7edf\u8ba1\uff0c\u53ef\u6839\u636e\u7b2c\u4e8c\u7ae0\u7684\u6d4b\u8bd5\u8f6e\u6b21\u5206\u5f00\u8fdb\u884c\u7edf\u8ba1\u8bf4\u660e\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u7528\u4f8b\u6570 \u7528\u4f8b\u6267\u884c\u7ed3\u679c \u53d1\u73b0\u95ee\u9898\u5355\u6570 openEuler 20.03 LTS SP3 OpenStack Queens 1164 \u901a\u8fc71109\u4e2a\uff0cskip 52\u4e2a\uff0cFail 3\u4e2a 0 openEuler 20.03 LTS SP3 OpenStack Rocky 1197 \u901a\u8fc71096\u4e2a\uff0cskip 101\u4e2a 0 openEuler 20.03 LTS SP3 OpenStack Train 1179 \u901a\u8fc71064\u4e2a\uff0cskip 115\u4e2a 14","title":"4.1 \u6d4b\u8bd5\u6267\u884c\u7edf\u8ba1\u6570\u636e"},{"location":"test/openEuler-20.03-LTS-SP3/#42","text":"\u6db5\u76d6\u4e3b\u8981\u7684\u6027\u80fd\u6d4b\u8bd5 \u8986\u76d6\u66f4\u591a\u7684driver/plugin\u6d4b\u8bd5","title":"4.2 \u540e\u7eed\u6d4b\u8bd5\u5efa\u8bae"},{"location":"test/openEuler-20.03-LTS-SP3/#5","text":"N/A","title":"5 \u9644\u4ef6"},{"location":"test/openEuler-22.03-LTS-SP1/","text":"openEuler 22.03 LTS SP1\u6d4b\u8bd5\u62a5\u544a \u00b6 \u7248\u6743\u6240\u6709 \u00a9 2021 openEuler\u793e\u533a \u60a8\u5bf9\u201c\u672c\u6587\u6863\u201d\u7684\u590d\u5236\u3001\u4f7f\u7528\u3001\u4fee\u6539\u53ca\u5206\u53d1\u53d7\u77e5\u8bc6\u5171\u4eab(Creative Commons)\u7f72\u540d\u2014\u76f8\u540c\u65b9\u5f0f\u5171\u4eab4.0\u56fd\u9645\u516c\u5171\u8bb8\u53ef\u534f\u8bae(\u4ee5\u4e0b\u7b80\u79f0\u201cCC BY-SA 4.0\u201d)\u7684\u7ea6\u675f\u3002\u4e3a\u4e86\u65b9\u4fbf\u7528\u6237\u7406\u89e3\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95ee https://creativecommons.org/licenses/by-sa/4.0/ \u4e86\u89e3CC BY-SA 4.0\u7684\u6982\u8981 (\u4f46\u4e0d\u662f\u66ff\u4ee3)\u3002CC BY-SA 4.0\u7684\u5b8c\u6574\u534f\u8bae\u5185\u5bb9\u60a8\u53ef\u4ee5\u8bbf\u95ee\u5982\u4e0b\u7f51\u5740\u83b7\u53d6\uff1a https://creativecommons.org/licenses/by-sa/4.0/legalcode\u3002 \u4fee\u8ba2\u8bb0\u5f55 \u65e5\u671f \u4fee\u8ba2\u7248\u672c \u4fee\u6539\u63cf\u8ff0 \u4f5c\u8005 2022-12-2 1 \u521d\u7a3f \u738b\u73ba\u6e90 \u5173\u952e\u8bcd\uff1a OpenStack \u6458\u8981\uff1a \u5728 openEuler 22.03 LTS SP1 \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Train \u3001 OpenStack Wallaby \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u65b9\u4fbf\u7528\u6237\u5feb\u901f\u90e8\u7f72 OpenStack \u3002 \u7f29\u7565\u8bed\u6e05\u5355\uff1a \u7f29\u7565\u8bed \u82f1\u6587\u5168\u540d \u4e2d\u6587\u89e3\u91ca CLI Command Line Interface \u547d\u4ee4\u884c\u5de5\u5177 ECS Elastic Cloud Server \u5f39\u6027\u4e91\u670d\u52a1\u5668 1 \u7279\u6027\u6982\u8ff0 \u00b6 \u5728 openEuler 22.03 LTS SP1 \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Train \u3001 OpenStack Wallaby \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u5305\u62ec\u4ee5\u4e0b\u9879\u76ee\u4ee5\u53ca\u6bcf\u4e2a\u9879\u76ee\u914d\u5957\u7684 CLI \u3002 Keystone Neutron Cinder Nova Placement Glance Horizon Aodh Ceilometer Cyborg Gnocchi Heat Swift Ironic Kolla Trove Tempest 2 \u7279\u6027\u6d4b\u8bd5\u4fe1\u606f \u00b6 \u672c\u8282\u63cf\u8ff0\u88ab\u6d4b\u5bf9\u8c61\u7684\u7248\u672c\u4fe1\u606f\u548c\u6d4b\u8bd5\u7684\u65f6\u95f4\u53ca\u6d4b\u8bd5\u8f6e\u6b21\uff0c\u5305\u62ec\u4f9d\u8d56\u7684\u786c\u4ef6\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u8d77\u59cb\u65f6\u95f4 \u6d4b\u8bd5\u7ed3\u675f\u65f6\u95f4 openEuler 22.03 LTS SP1 RC1 (OpenStack Train\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2022.11.23 2022.11.29 openEuler 22.03 LTS SP1 RC1 (OpenStack Train\u7248\u672c\u57fa\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2022.11.23 2022.11.29 openEuler 22.03 LTS SP1 RC2 (OpenStack Train\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2022.12.02 2022.12.08 openEuler 22.03 LTS SP1 RC3 (OpenStack Train\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2022.12.09 2022.12.15 openEuler 22.03 LTS SP1 RC3 (OpenStack Wallaby\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2022.12.09 2022.12.15 openEuler 22.03 LTS SP1 RC3 (OpenStack Wallaby\u57fa\u7248\u672c\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2022.12.09 2022.12.15 openEuler 22.03 LTS SP1 RC4 (OpenStack Wallaby\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2022.12.16 2022.12.20 openEuler 22.03 LTS SP1 RC4 (OpenStack Wallaby\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2022.12.16 2022.12.20 \u63cf\u8ff0\u7279\u6027\u6d4b\u8bd5\u7684\u786c\u4ef6\u73af\u5883\u4fe1\u606f \u786c\u4ef6\u578b\u53f7 \u786c\u4ef6\u914d\u7f6e\u4fe1\u606f \u5907\u6ce8 \u534e\u4e3a\u4e91ECS Intel Cascade Lake 3.0GHz 8U16G \u534e\u4e3a\u4e91x86\u865a\u62df\u673a \u534e\u4e3a\u4e91ECS Huawei Kunpeng 920 2.6GHz 8U16G \u534e\u4e3a\u4e91arm64\u865a\u62df\u673a TaiShan 200-2280 Kunpeng 920,48 Core@2.6GHz*2; 256GB DDR4 RAM ARM\u67b6\u6784\u670d\u52a1\u5668 3 \u6d4b\u8bd5\u7ed3\u8bba\u6982\u8ff0 \u00b6 3.1 \u6d4b\u8bd5\u6574\u4f53\u7ed3\u8bba \u00b6 OpenStack Train \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1354 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86 API \u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 64 \u4e2a\uff08\u5168\u662f OpenStack Train \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982Keystone V1\u3001Cinder V1\u7b49\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff0c\u5176\u4ed6 1290 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 OpenStack Wallaby \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1164 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86API\u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 70 \u4e2a\uff08\u5168\u662f OpenStack Wallaby \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982KeystoneV1\u3001Cinder V1\u7b49\uff0c\u548c\u4e0d\u652f\u6301\u7684barbican\u9879\u76ee\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff0c\u5176\u4ed6 1094 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 \u6d4b\u8bd5\u6d3b\u52a8 tempest\u96c6\u6210\u6d4b\u8bd5 \u63a5\u53e3\u6d4b\u8bd5 API\u5168\u8986\u76d6 \u529f\u80fd\u6d4b\u8bd5 Train\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1354\u4e2a\uff0c\u5176\u4e2dSkip 64\u4e2a\uff0cFail 0\u4e2a\uff0c\u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u529f\u80fd\u6d4b\u8bd5 Wallaby\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1164\u4e2a\uff0c\u5176\u4e2dSkip 70\u4e2a\uff0cFail 0\u4e2a, \u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u6d4b\u8bd5\u6d3b\u52a8 \u529f\u80fd\u6d4b\u8bd5 \u529f\u80fd\u6d4b\u8bd5 \u865a\u62df\u673a\uff08KVM\u3001Qemu)\u3001\u5b58\u50a8\uff08lvm\u3001NFS\u3001Ceph\u540e\u7aef\uff09\u3001\u7f51\u7edc\u8d44\u6e90\uff08linuxbridge\u3001openvswitch\uff09\u7ba1\u7406\u64cd\u4f5c\u6b63\u5e38 3.2 \u7ea6\u675f\u8bf4\u660e \u00b6 \u672c\u6b21\u6d4b\u8bd5\u6ca1\u6709\u8986\u76d6 OpenStack Train \u3001 OpenStack Wallaby \u7248\u4e2d\u660e\u786e\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff0c\u56e0\u6b64\u4e0d\u80fd\u4fdd\u8bc1\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff08\u524d\u6587\u63d0\u5230\u7684Skip\u7684\u7528\u4f8b\uff09\u5728 openEuler 22.03 LTS SP1 \u4e0a\u80fd\u6b63\u5e38\u4f7f\u7528\u3002 3.3 \u9057\u7559\u95ee\u9898\u5206\u6790 \u00b6 3.3.1 \u9057\u7559\u95ee\u9898\u5f71\u54cd\u4ee5\u53ca\u89c4\u907f\u63aa\u65bd \u00b6 \u95ee\u9898\u5355\u53f7 \u95ee\u9898\u63cf\u8ff0 \u95ee\u9898\u7ea7\u522b \u95ee\u9898\u5f71\u54cd\u548c\u89c4\u907f\u63aa\u65bd \u5f53\u524d\u72b6\u6001 N/A N/A N/A N/A N/A 3.3.2 \u95ee\u9898\u7edf\u8ba1 \u00b6 \u95ee\u9898\u603b\u6570 \u4e25\u91cd \u4e3b\u8981 \u6b21\u8981 \u4e0d\u91cd\u8981 \u6570\u76ee 2 1 0 1 0 \u767e\u5206\u6bd4 100 50 0 50 0 ISSUE Link https://gitee.com/openeuler/openstack/issues/I64OL3 https://gitee.com/openeuler/openstack/issues/I66IEB 4 \u6d4b\u8bd5\u6267\u884c \u00b6 4.1 \u6d4b\u8bd5\u6267\u884c\u7edf\u8ba1\u6570\u636e \u00b6 \u672c\u8282\u5185\u5bb9\u6839\u636e\u6d4b\u8bd5\u7528\u4f8b\u53ca\u5b9e\u9645\u6267\u884c\u60c5\u51b5\u8fdb\u884c\u7279\u6027\u6574\u4f53\u6d4b\u8bd5\u7684\u7edf\u8ba1\uff0c\u53ef\u6839\u636e\u7b2c\u4e8c\u7ae0\u7684\u6d4b\u8bd5\u8f6e\u6b21\u5206\u5f00\u8fdb\u884c\u7edf\u8ba1\u8bf4\u660e\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u7528\u4f8b\u6570 \u7528\u4f8b\u6267\u884c\u7ed3\u679c \u53d1\u73b0\u95ee\u9898\u5355\u6570 openEuler 22.03 LTS SP1 OpenStack Train 1354 \u901a\u8fc71289\u4e2a\uff0cskip 64\u4e2a\uff0cFail 0\u4e2a 2 openEuler 22.03 LTS SP1 OpenStack Wallaby 1164 \u901a\u8fc71088\u4e2a\uff0cskip 70\u4e2a\uff0cFail 0\u4e2a 1 4.2 \u540e\u7eed\u6d4b\u8bd5\u5efa\u8bae \u00b6 \u6db5\u76d6\u4e3b\u8981\u7684\u6027\u80fd\u6d4b\u8bd5 \u8986\u76d6\u66f4\u591a\u7684driver/plugin\u6d4b\u8bd5 5 \u9644\u4ef6 \u00b6 N/A","title":"openEuler-22.03-LTS-SP1"},{"location":"test/openEuler-22.03-LTS-SP1/#openeuler-2203-lts-sp1","text":"\u7248\u6743\u6240\u6709 \u00a9 2021 openEuler\u793e\u533a \u60a8\u5bf9\u201c\u672c\u6587\u6863\u201d\u7684\u590d\u5236\u3001\u4f7f\u7528\u3001\u4fee\u6539\u53ca\u5206\u53d1\u53d7\u77e5\u8bc6\u5171\u4eab(Creative Commons)\u7f72\u540d\u2014\u76f8\u540c\u65b9\u5f0f\u5171\u4eab4.0\u56fd\u9645\u516c\u5171\u8bb8\u53ef\u534f\u8bae(\u4ee5\u4e0b\u7b80\u79f0\u201cCC BY-SA 4.0\u201d)\u7684\u7ea6\u675f\u3002\u4e3a\u4e86\u65b9\u4fbf\u7528\u6237\u7406\u89e3\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95ee https://creativecommons.org/licenses/by-sa/4.0/ \u4e86\u89e3CC BY-SA 4.0\u7684\u6982\u8981 (\u4f46\u4e0d\u662f\u66ff\u4ee3)\u3002CC BY-SA 4.0\u7684\u5b8c\u6574\u534f\u8bae\u5185\u5bb9\u60a8\u53ef\u4ee5\u8bbf\u95ee\u5982\u4e0b\u7f51\u5740\u83b7\u53d6\uff1a https://creativecommons.org/licenses/by-sa/4.0/legalcode\u3002 \u4fee\u8ba2\u8bb0\u5f55 \u65e5\u671f \u4fee\u8ba2\u7248\u672c \u4fee\u6539\u63cf\u8ff0 \u4f5c\u8005 2022-12-2 1 \u521d\u7a3f \u738b\u73ba\u6e90 \u5173\u952e\u8bcd\uff1a OpenStack \u6458\u8981\uff1a \u5728 openEuler 22.03 LTS SP1 \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Train \u3001 OpenStack Wallaby \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u65b9\u4fbf\u7528\u6237\u5feb\u901f\u90e8\u7f72 OpenStack \u3002 \u7f29\u7565\u8bed\u6e05\u5355\uff1a \u7f29\u7565\u8bed \u82f1\u6587\u5168\u540d \u4e2d\u6587\u89e3\u91ca CLI Command Line Interface \u547d\u4ee4\u884c\u5de5\u5177 ECS Elastic Cloud Server \u5f39\u6027\u4e91\u670d\u52a1\u5668","title":"openEuler 22.03 LTS SP1\u6d4b\u8bd5\u62a5\u544a"},{"location":"test/openEuler-22.03-LTS-SP1/#1","text":"\u5728 openEuler 22.03 LTS SP1 \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Train \u3001 OpenStack Wallaby \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u5305\u62ec\u4ee5\u4e0b\u9879\u76ee\u4ee5\u53ca\u6bcf\u4e2a\u9879\u76ee\u914d\u5957\u7684 CLI \u3002 Keystone Neutron Cinder Nova Placement Glance Horizon Aodh Ceilometer Cyborg Gnocchi Heat Swift Ironic Kolla Trove Tempest","title":"1 \u7279\u6027\u6982\u8ff0"},{"location":"test/openEuler-22.03-LTS-SP1/#2","text":"\u672c\u8282\u63cf\u8ff0\u88ab\u6d4b\u5bf9\u8c61\u7684\u7248\u672c\u4fe1\u606f\u548c\u6d4b\u8bd5\u7684\u65f6\u95f4\u53ca\u6d4b\u8bd5\u8f6e\u6b21\uff0c\u5305\u62ec\u4f9d\u8d56\u7684\u786c\u4ef6\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u8d77\u59cb\u65f6\u95f4 \u6d4b\u8bd5\u7ed3\u675f\u65f6\u95f4 openEuler 22.03 LTS SP1 RC1 (OpenStack Train\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2022.11.23 2022.11.29 openEuler 22.03 LTS SP1 RC1 (OpenStack Train\u7248\u672c\u57fa\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2022.11.23 2022.11.29 openEuler 22.03 LTS SP1 RC2 (OpenStack Train\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2022.12.02 2022.12.08 openEuler 22.03 LTS SP1 RC3 (OpenStack Train\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2022.12.09 2022.12.15 openEuler 22.03 LTS SP1 RC3 (OpenStack Wallaby\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2022.12.09 2022.12.15 openEuler 22.03 LTS SP1 RC3 (OpenStack Wallaby\u57fa\u7248\u672c\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2022.12.09 2022.12.15 openEuler 22.03 LTS SP1 RC4 (OpenStack Wallaby\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2022.12.16 2022.12.20 openEuler 22.03 LTS SP1 RC4 (OpenStack Wallaby\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2022.12.16 2022.12.20 \u63cf\u8ff0\u7279\u6027\u6d4b\u8bd5\u7684\u786c\u4ef6\u73af\u5883\u4fe1\u606f \u786c\u4ef6\u578b\u53f7 \u786c\u4ef6\u914d\u7f6e\u4fe1\u606f \u5907\u6ce8 \u534e\u4e3a\u4e91ECS Intel Cascade Lake 3.0GHz 8U16G \u534e\u4e3a\u4e91x86\u865a\u62df\u673a \u534e\u4e3a\u4e91ECS Huawei Kunpeng 920 2.6GHz 8U16G \u534e\u4e3a\u4e91arm64\u865a\u62df\u673a TaiShan 200-2280 Kunpeng 920,48 Core@2.6GHz*2; 256GB DDR4 RAM ARM\u67b6\u6784\u670d\u52a1\u5668","title":"2 \u7279\u6027\u6d4b\u8bd5\u4fe1\u606f"},{"location":"test/openEuler-22.03-LTS-SP1/#3","text":"","title":"3 \u6d4b\u8bd5\u7ed3\u8bba\u6982\u8ff0"},{"location":"test/openEuler-22.03-LTS-SP1/#31","text":"OpenStack Train \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1354 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86 API \u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 64 \u4e2a\uff08\u5168\u662f OpenStack Train \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982Keystone V1\u3001Cinder V1\u7b49\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff0c\u5176\u4ed6 1290 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 OpenStack Wallaby \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1164 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86API\u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 70 \u4e2a\uff08\u5168\u662f OpenStack Wallaby \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982KeystoneV1\u3001Cinder V1\u7b49\uff0c\u548c\u4e0d\u652f\u6301\u7684barbican\u9879\u76ee\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff0c\u5176\u4ed6 1094 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 \u6d4b\u8bd5\u6d3b\u52a8 tempest\u96c6\u6210\u6d4b\u8bd5 \u63a5\u53e3\u6d4b\u8bd5 API\u5168\u8986\u76d6 \u529f\u80fd\u6d4b\u8bd5 Train\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1354\u4e2a\uff0c\u5176\u4e2dSkip 64\u4e2a\uff0cFail 0\u4e2a\uff0c\u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u529f\u80fd\u6d4b\u8bd5 Wallaby\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1164\u4e2a\uff0c\u5176\u4e2dSkip 70\u4e2a\uff0cFail 0\u4e2a, \u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u6d4b\u8bd5\u6d3b\u52a8 \u529f\u80fd\u6d4b\u8bd5 \u529f\u80fd\u6d4b\u8bd5 \u865a\u62df\u673a\uff08KVM\u3001Qemu)\u3001\u5b58\u50a8\uff08lvm\u3001NFS\u3001Ceph\u540e\u7aef\uff09\u3001\u7f51\u7edc\u8d44\u6e90\uff08linuxbridge\u3001openvswitch\uff09\u7ba1\u7406\u64cd\u4f5c\u6b63\u5e38","title":"3.1 \u6d4b\u8bd5\u6574\u4f53\u7ed3\u8bba"},{"location":"test/openEuler-22.03-LTS-SP1/#32","text":"\u672c\u6b21\u6d4b\u8bd5\u6ca1\u6709\u8986\u76d6 OpenStack Train \u3001 OpenStack Wallaby \u7248\u4e2d\u660e\u786e\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff0c\u56e0\u6b64\u4e0d\u80fd\u4fdd\u8bc1\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff08\u524d\u6587\u63d0\u5230\u7684Skip\u7684\u7528\u4f8b\uff09\u5728 openEuler 22.03 LTS SP1 \u4e0a\u80fd\u6b63\u5e38\u4f7f\u7528\u3002","title":"3.2 \u7ea6\u675f\u8bf4\u660e"},{"location":"test/openEuler-22.03-LTS-SP1/#33","text":"","title":"3.3 \u9057\u7559\u95ee\u9898\u5206\u6790"},{"location":"test/openEuler-22.03-LTS-SP1/#331","text":"\u95ee\u9898\u5355\u53f7 \u95ee\u9898\u63cf\u8ff0 \u95ee\u9898\u7ea7\u522b \u95ee\u9898\u5f71\u54cd\u548c\u89c4\u907f\u63aa\u65bd \u5f53\u524d\u72b6\u6001 N/A N/A N/A N/A N/A","title":"3.3.1 \u9057\u7559\u95ee\u9898\u5f71\u54cd\u4ee5\u53ca\u89c4\u907f\u63aa\u65bd"},{"location":"test/openEuler-22.03-LTS-SP1/#332","text":"\u95ee\u9898\u603b\u6570 \u4e25\u91cd \u4e3b\u8981 \u6b21\u8981 \u4e0d\u91cd\u8981 \u6570\u76ee 2 1 0 1 0 \u767e\u5206\u6bd4 100 50 0 50 0 ISSUE Link https://gitee.com/openeuler/openstack/issues/I64OL3 https://gitee.com/openeuler/openstack/issues/I66IEB","title":"3.3.2 \u95ee\u9898\u7edf\u8ba1"},{"location":"test/openEuler-22.03-LTS-SP1/#4","text":"","title":"4 \u6d4b\u8bd5\u6267\u884c"},{"location":"test/openEuler-22.03-LTS-SP1/#41","text":"\u672c\u8282\u5185\u5bb9\u6839\u636e\u6d4b\u8bd5\u7528\u4f8b\u53ca\u5b9e\u9645\u6267\u884c\u60c5\u51b5\u8fdb\u884c\u7279\u6027\u6574\u4f53\u6d4b\u8bd5\u7684\u7edf\u8ba1\uff0c\u53ef\u6839\u636e\u7b2c\u4e8c\u7ae0\u7684\u6d4b\u8bd5\u8f6e\u6b21\u5206\u5f00\u8fdb\u884c\u7edf\u8ba1\u8bf4\u660e\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u7528\u4f8b\u6570 \u7528\u4f8b\u6267\u884c\u7ed3\u679c \u53d1\u73b0\u95ee\u9898\u5355\u6570 openEuler 22.03 LTS SP1 OpenStack Train 1354 \u901a\u8fc71289\u4e2a\uff0cskip 64\u4e2a\uff0cFail 0\u4e2a 2 openEuler 22.03 LTS SP1 OpenStack Wallaby 1164 \u901a\u8fc71088\u4e2a\uff0cskip 70\u4e2a\uff0cFail 0\u4e2a 1","title":"4.1 \u6d4b\u8bd5\u6267\u884c\u7edf\u8ba1\u6570\u636e"},{"location":"test/openEuler-22.03-LTS-SP1/#42","text":"\u6db5\u76d6\u4e3b\u8981\u7684\u6027\u80fd\u6d4b\u8bd5 \u8986\u76d6\u66f4\u591a\u7684driver/plugin\u6d4b\u8bd5","title":"4.2 \u540e\u7eed\u6d4b\u8bd5\u5efa\u8bae"},{"location":"test/openEuler-22.03-LTS-SP1/#5","text":"N/A","title":"5 \u9644\u4ef6"},{"location":"test/openEuler-22.03-LTS-SP2/","text":"openEuler 22.03 LTS SP2\u6d4b\u8bd5\u62a5\u544a \u00b6 \u7248\u6743\u6240\u6709 \u00a9 2023 openEuler\u793e\u533a \u60a8\u5bf9\u201c\u672c\u6587\u6863\u201d\u7684\u590d\u5236\u3001\u4f7f\u7528\u3001\u4fee\u6539\u53ca\u5206\u53d1\u53d7\u77e5\u8bc6\u5171\u4eab(Creative Commons)\u7f72\u540d\u2014\u76f8\u540c\u65b9\u5f0f\u5171\u4eab4.0\u56fd\u9645\u516c\u5171\u8bb8\u53ef\u534f\u8bae(\u4ee5\u4e0b\u7b80\u79f0\u201cCC BY-SA 4.0\u201d)\u7684\u7ea6\u675f\u3002\u4e3a\u4e86\u65b9\u4fbf\u7528\u6237\u7406\u89e3\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95eehttps://creativecommons.org/licenses/by-sa/4.0/ \u4e86\u89e3CC BY-SA 4.0\u7684\u6982\u8981 (\u4f46\u4e0d\u662f\u66ff\u4ee3)\u3002CC BY-SA 4.0\u7684\u5b8c\u6574\u534f\u8bae\u5185\u5bb9\u60a8\u53ef\u4ee5\u8bbf\u95ee\u5982\u4e0b\u7f51\u5740\u83b7\u53d6\uff1ahttps://creativecommons.org/licenses/by-sa/4.0/legalcode\u3002 \u4fee\u8ba2\u8bb0\u5f55 \u65e5\u671f \u4fee\u8ba2\u7248\u672c \u4fee\u6539\u63cf\u8ff0 \u4f5c\u8005 2023-06-21 1 \u521d\u7a3f \u738b\u73ba\u6e90 \u5173\u952e\u8bcd\uff1a OpenStack \u6458\u8981\uff1a \u5728 openEuler 22.03 LTS SP2 \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Train \u3001 OpenStack Wallaby \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u65b9\u4fbf\u7528\u6237\u5feb\u901f\u90e8\u7f72 OpenStack \u3002 \u7f29\u7565\u8bed\u6e05\u5355\uff1a \u7f29\u7565\u8bed \u82f1\u6587\u5168\u540d \u4e2d\u6587\u89e3\u91ca CLI Command Line Interface \u547d\u4ee4\u884c\u5de5\u5177 ECS Elastic Cloud Server \u5f39\u6027\u4e91\u670d\u52a1\u5668 1 \u7279\u6027\u6982\u8ff0 \u00b6 \u5728 openEuler 22.03 LTS SP2 \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Train \u3001 OpenStack Wallaby \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u5305\u62ec\u4ee5\u4e0b\u9879\u76ee\u4ee5\u53ca\u6bcf\u4e2a\u9879\u76ee\u914d\u5957\u7684 CLI \u3002 Keystone Neutron Cinder Nova Placement Glance Horizon Aodh Ceilometer Cyborg Gnocchi Heat Swift Ironic Kolla Trove Tempest Barbican Octavia designate Manila Masakari Mistral Senlin Zaqar 2 \u7279\u6027\u6d4b\u8bd5\u4fe1\u606f \u00b6 \u672c\u8282\u63cf\u8ff0\u88ab\u6d4b\u5bf9\u8c61\u7684\u7248\u672c\u4fe1\u606f\u548c\u6d4b\u8bd5\u7684\u65f6\u95f4\u53ca\u6d4b\u8bd5\u8f6e\u6b21\uff0c\u5305\u62ec\u4f9d\u8d56\u7684\u786c\u4ef6\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u8d77\u59cb\u65f6\u95f4 \u6d4b\u8bd5\u7ed3\u675f\u65f6\u95f4 openEuler 22.03 LTS SP2 RC1 (OpenStack Train\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2023.05.17 2023.05.23 openEuler 22.03 LTS SP2 RC1 (OpenStack Train\u7248\u672c\u57fa\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2023.05.17 2023.05.23 openEuler 22.03 LTS SP2 RC2 (OpenStack Train\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2023.05.24 2023.06.02 openEuler 22.03 LTS SP2 RC3 (OpenStack Train\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2023.06.03 2023.06.09 openEuler 22.03 LTS SP2 RC3 (OpenStack Wallaby\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2023.06.03 2023.06.09 openEuler 22.03 LTS SP2 RC3 (OpenStack Wallaby\u57fa\u7248\u672c\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2023.06.03 2023.06.09 openEuler 22.03 LTS SP2 RC4 (OpenStack Wallaby\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2023.06.10 2023.06.16 openEuler 22.03 LTS SP2 RC4 (OpenStack Wallaby\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2023.06.10 2023.06.16 \u63cf\u8ff0\u7279\u6027\u6d4b\u8bd5\u7684\u786c\u4ef6\u73af\u5883\u4fe1\u606f \u786c\u4ef6\u578b\u53f7 \u786c\u4ef6\u914d\u7f6e\u4fe1\u606f \u5907\u6ce8 \u534e\u4e3a\u4e91ECS Intel Cascade Lake 3.0GHz 8U16G \u534e\u4e3a\u4e91x86\u865a\u62df\u673a \u534e\u4e3a\u4e91ECS Huawei Kunpeng 920 2.6GHz 8U16G \u534e\u4e3a\u4e91arm64\u865a\u62df\u673a 3 \u6d4b\u8bd5\u7ed3\u8bba\u6982\u8ff0 \u00b6 3.1 \u6d4b\u8bd5\u6574\u4f53\u7ed3\u8bba \u00b6 OpenStack Train \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1354 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86 API \u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 64 \u4e2a\uff08\u5168\u662f OpenStack Train \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982Keystone V1\u3001Cinder V1\u7b49\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff0c\u5176\u4ed6 1290 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 OpenStack Wallaby \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1164 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86API\u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 70 \u4e2a\uff08\u5168\u662f OpenStack Wallaby \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982KeystoneV1\u3001Cinder V1\u7b49\uff0c\u548c\u4e0d\u652f\u6301\u7684barbican\u9879\u76ee\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff0c\u5176\u4ed6 1094 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 \u6d4b\u8bd5\u6d3b\u52a8 tempest\u96c6\u6210\u6d4b\u8bd5 \u63a5\u53e3\u6d4b\u8bd5 API\u5168\u8986\u76d6 \u529f\u80fd\u6d4b\u8bd5 Train\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1354\u4e2a\uff0c\u5176\u4e2dSkip 64\u4e2a\uff0cFail 0\u4e2a\uff0c\u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u529f\u80fd\u6d4b\u8bd5 Wallaby\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1164\u4e2a\uff0c\u5176\u4e2dSkip 70\u4e2a\uff0cFail 0\u4e2a, \u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u6d4b\u8bd5\u6d3b\u52a8 \u529f\u80fd\u6d4b\u8bd5 \u529f\u80fd\u6d4b\u8bd5 \u865a\u62df\u673a\uff08KVM\u3001Qemu)\u3001\u5b58\u50a8\uff08lvm\u3001NFS\u3001Ceph\u540e\u7aef\uff09\u3001\u7f51\u7edc\u8d44\u6e90\uff08linuxbridge\u3001openvswitch\uff09\u7ba1\u7406\u64cd\u4f5c\u6b63\u5e38 3.2 \u7ea6\u675f\u8bf4\u660e \u00b6 \u672c\u6b21\u6d4b\u8bd5\u6ca1\u6709\u8986\u76d6 OpenStack Train \u3001 OpenStack Wallaby \u7248\u4e2d\u660e\u786e\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff0c\u56e0\u6b64\u4e0d\u80fd\u4fdd\u8bc1\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff08\u524d\u6587\u63d0\u5230\u7684Skip\u7684\u7528\u4f8b\uff09\u5728 openEuler 22.03 LTS SP2 \u4e0a\u80fd\u6b63\u5e38\u4f7f\u7528\u3002 3.3 \u9057\u7559\u95ee\u9898\u5206\u6790 \u00b6 3.3.1 \u9057\u7559\u95ee\u9898\u5f71\u54cd\u4ee5\u53ca\u89c4\u907f\u63aa\u65bd \u00b6 \u95ee\u9898\u5355\u53f7 \u95ee\u9898\u63cf\u8ff0 \u95ee\u9898\u7ea7\u522b \u95ee\u9898\u5f71\u54cd\u548c\u89c4\u907f\u63aa\u65bd \u5f53\u524d\u72b6\u6001 N/A N/A N/A N/A N/A 3.3.2 \u95ee\u9898\u7edf\u8ba1 \u00b6 \u95ee\u9898\u603b\u6570 \u4e25\u91cd \u4e3b\u8981 \u6b21\u8981 \u4e0d\u91cd\u8981 \u6570\u76ee 12 0 5 6 1 \u767e\u5206\u6bd4 100 0 42 50 8 ISSUE Link https://gitee.com/src-openeuler/python-flask-restful/issues/I7ABYH https://gitee.com/src-openeuler/python-zVMCloudConnector/issues/I79KJO https://gitee.com/src-openeuler/openvswitch/issues/I79K23 https://gitee.com/src-openeuler/openstack-nova/issues/I79JC8 https://gitee.com/src-openeuler/python-rtslib-fb/issues/I79IXG https://gitee.com/src-openeuler/python-suds-jurko/issues/I79IQM https://gitee.com/src-openeuler/ovn/issues/I79I7O https://gitee.com/openeuler/openstack/issues/I77LN7 https://gitee.com/openeuler/openstack/issues/I77LQN https://gitee.com/openeuler/openstack/issues/I79OIL https://gitee.com/openeuler/openstack/issues/I7BQC0 https://gitee.com/openeuler/openstack/issues/I7CC2N 4 \u6d4b\u8bd5\u6267\u884c \u00b6 4.1 \u6d4b\u8bd5\u6267\u884c\u7edf\u8ba1\u6570\u636e \u00b6 \u672c\u8282\u5185\u5bb9\u6839\u636e\u6d4b\u8bd5\u7528\u4f8b\u53ca\u5b9e\u9645\u6267\u884c\u60c5\u51b5\u8fdb\u884c\u7279\u6027\u6574\u4f53\u6d4b\u8bd5\u7684\u7edf\u8ba1\uff0c\u53ef\u6839\u636e\u7b2c\u4e8c\u7ae0\u7684\u6d4b\u8bd5\u8f6e\u6b21\u5206\u5f00\u8fdb\u884c\u7edf\u8ba1\u8bf4\u660e\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u7528\u4f8b\u6570 \u7528\u4f8b\u6267\u884c\u7ed3\u679c \u53d1\u73b0\u95ee\u9898\u5355\u6570 openEuler 22.03 LTS SP2 OpenStack Train 1354 \u901a\u8fc71289\u4e2a\uff0cskip 64\u4e2a\uff0cFail 0\u4e2a 2 openEuler 22.03 LTS SP2 OpenStack Wallaby 1164 \u901a\u8fc71088\u4e2a\uff0cskip 70\u4e2a\uff0cFail 0\u4e2a 1 4.2 \u540e\u7eed\u6d4b\u8bd5\u5efa\u8bae \u00b6 \u6db5\u76d6\u4e3b\u8981\u7684\u6027\u80fd\u6d4b\u8bd5\u3002 \u8986\u76d6\u66f4\u591a\u7684driver/plugin\u6d4b\u8bd5\u3002 \u91cd\u70b9\u6d4b\u8bd5SP2\u65b0\u589eOpenStack\u670d\u52a1\uff0c\u5c3d\u65e9\u53d1\u73b0\u95ee\u9898\uff0c\u89e3\u51b3\u95ee\u9898\u3002 5 \u9644\u4ef6 \u00b6 N/A","title":"openEuler-22.03-LTS-SP2"},{"location":"test/openEuler-22.03-LTS-SP2/#openeuler-2203-lts-sp2","text":"\u7248\u6743\u6240\u6709 \u00a9 2023 openEuler\u793e\u533a \u60a8\u5bf9\u201c\u672c\u6587\u6863\u201d\u7684\u590d\u5236\u3001\u4f7f\u7528\u3001\u4fee\u6539\u53ca\u5206\u53d1\u53d7\u77e5\u8bc6\u5171\u4eab(Creative Commons)\u7f72\u540d\u2014\u76f8\u540c\u65b9\u5f0f\u5171\u4eab4.0\u56fd\u9645\u516c\u5171\u8bb8\u53ef\u534f\u8bae(\u4ee5\u4e0b\u7b80\u79f0\u201cCC BY-SA 4.0\u201d)\u7684\u7ea6\u675f\u3002\u4e3a\u4e86\u65b9\u4fbf\u7528\u6237\u7406\u89e3\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95eehttps://creativecommons.org/licenses/by-sa/4.0/ \u4e86\u89e3CC BY-SA 4.0\u7684\u6982\u8981 (\u4f46\u4e0d\u662f\u66ff\u4ee3)\u3002CC BY-SA 4.0\u7684\u5b8c\u6574\u534f\u8bae\u5185\u5bb9\u60a8\u53ef\u4ee5\u8bbf\u95ee\u5982\u4e0b\u7f51\u5740\u83b7\u53d6\uff1ahttps://creativecommons.org/licenses/by-sa/4.0/legalcode\u3002 \u4fee\u8ba2\u8bb0\u5f55 \u65e5\u671f \u4fee\u8ba2\u7248\u672c \u4fee\u6539\u63cf\u8ff0 \u4f5c\u8005 2023-06-21 1 \u521d\u7a3f \u738b\u73ba\u6e90 \u5173\u952e\u8bcd\uff1a OpenStack \u6458\u8981\uff1a \u5728 openEuler 22.03 LTS SP2 \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Train \u3001 OpenStack Wallaby \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u65b9\u4fbf\u7528\u6237\u5feb\u901f\u90e8\u7f72 OpenStack \u3002 \u7f29\u7565\u8bed\u6e05\u5355\uff1a \u7f29\u7565\u8bed \u82f1\u6587\u5168\u540d \u4e2d\u6587\u89e3\u91ca CLI Command Line Interface \u547d\u4ee4\u884c\u5de5\u5177 ECS Elastic Cloud Server \u5f39\u6027\u4e91\u670d\u52a1\u5668","title":"openEuler 22.03 LTS SP2\u6d4b\u8bd5\u62a5\u544a"},{"location":"test/openEuler-22.03-LTS-SP2/#1","text":"\u5728 openEuler 22.03 LTS SP2 \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Train \u3001 OpenStack Wallaby \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u5305\u62ec\u4ee5\u4e0b\u9879\u76ee\u4ee5\u53ca\u6bcf\u4e2a\u9879\u76ee\u914d\u5957\u7684 CLI \u3002 Keystone Neutron Cinder Nova Placement Glance Horizon Aodh Ceilometer Cyborg Gnocchi Heat Swift Ironic Kolla Trove Tempest Barbican Octavia designate Manila Masakari Mistral Senlin Zaqar","title":"1 \u7279\u6027\u6982\u8ff0"},{"location":"test/openEuler-22.03-LTS-SP2/#2","text":"\u672c\u8282\u63cf\u8ff0\u88ab\u6d4b\u5bf9\u8c61\u7684\u7248\u672c\u4fe1\u606f\u548c\u6d4b\u8bd5\u7684\u65f6\u95f4\u53ca\u6d4b\u8bd5\u8f6e\u6b21\uff0c\u5305\u62ec\u4f9d\u8d56\u7684\u786c\u4ef6\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u8d77\u59cb\u65f6\u95f4 \u6d4b\u8bd5\u7ed3\u675f\u65f6\u95f4 openEuler 22.03 LTS SP2 RC1 (OpenStack Train\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2023.05.17 2023.05.23 openEuler 22.03 LTS SP2 RC1 (OpenStack Train\u7248\u672c\u57fa\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2023.05.17 2023.05.23 openEuler 22.03 LTS SP2 RC2 (OpenStack Train\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2023.05.24 2023.06.02 openEuler 22.03 LTS SP2 RC3 (OpenStack Train\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2023.06.03 2023.06.09 openEuler 22.03 LTS SP2 RC3 (OpenStack Wallaby\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2023.06.03 2023.06.09 openEuler 22.03 LTS SP2 RC3 (OpenStack Wallaby\u57fa\u7248\u672c\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2023.06.03 2023.06.09 openEuler 22.03 LTS SP2 RC4 (OpenStack Wallaby\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2023.06.10 2023.06.16 openEuler 22.03 LTS SP2 RC4 (OpenStack Wallaby\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2023.06.10 2023.06.16 \u63cf\u8ff0\u7279\u6027\u6d4b\u8bd5\u7684\u786c\u4ef6\u73af\u5883\u4fe1\u606f \u786c\u4ef6\u578b\u53f7 \u786c\u4ef6\u914d\u7f6e\u4fe1\u606f \u5907\u6ce8 \u534e\u4e3a\u4e91ECS Intel Cascade Lake 3.0GHz 8U16G \u534e\u4e3a\u4e91x86\u865a\u62df\u673a \u534e\u4e3a\u4e91ECS Huawei Kunpeng 920 2.6GHz 8U16G \u534e\u4e3a\u4e91arm64\u865a\u62df\u673a","title":"2 \u7279\u6027\u6d4b\u8bd5\u4fe1\u606f"},{"location":"test/openEuler-22.03-LTS-SP2/#3","text":"","title":"3 \u6d4b\u8bd5\u7ed3\u8bba\u6982\u8ff0"},{"location":"test/openEuler-22.03-LTS-SP2/#31","text":"OpenStack Train \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1354 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86 API \u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 64 \u4e2a\uff08\u5168\u662f OpenStack Train \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982Keystone V1\u3001Cinder V1\u7b49\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff0c\u5176\u4ed6 1290 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 OpenStack Wallaby \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1164 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86API\u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 70 \u4e2a\uff08\u5168\u662f OpenStack Wallaby \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982KeystoneV1\u3001Cinder V1\u7b49\uff0c\u548c\u4e0d\u652f\u6301\u7684barbican\u9879\u76ee\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff0c\u5176\u4ed6 1094 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 \u6d4b\u8bd5\u6d3b\u52a8 tempest\u96c6\u6210\u6d4b\u8bd5 \u63a5\u53e3\u6d4b\u8bd5 API\u5168\u8986\u76d6 \u529f\u80fd\u6d4b\u8bd5 Train\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1354\u4e2a\uff0c\u5176\u4e2dSkip 64\u4e2a\uff0cFail 0\u4e2a\uff0c\u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u529f\u80fd\u6d4b\u8bd5 Wallaby\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1164\u4e2a\uff0c\u5176\u4e2dSkip 70\u4e2a\uff0cFail 0\u4e2a, \u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u6d4b\u8bd5\u6d3b\u52a8 \u529f\u80fd\u6d4b\u8bd5 \u529f\u80fd\u6d4b\u8bd5 \u865a\u62df\u673a\uff08KVM\u3001Qemu)\u3001\u5b58\u50a8\uff08lvm\u3001NFS\u3001Ceph\u540e\u7aef\uff09\u3001\u7f51\u7edc\u8d44\u6e90\uff08linuxbridge\u3001openvswitch\uff09\u7ba1\u7406\u64cd\u4f5c\u6b63\u5e38","title":"3.1 \u6d4b\u8bd5\u6574\u4f53\u7ed3\u8bba"},{"location":"test/openEuler-22.03-LTS-SP2/#32","text":"\u672c\u6b21\u6d4b\u8bd5\u6ca1\u6709\u8986\u76d6 OpenStack Train \u3001 OpenStack Wallaby \u7248\u4e2d\u660e\u786e\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff0c\u56e0\u6b64\u4e0d\u80fd\u4fdd\u8bc1\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff08\u524d\u6587\u63d0\u5230\u7684Skip\u7684\u7528\u4f8b\uff09\u5728 openEuler 22.03 LTS SP2 \u4e0a\u80fd\u6b63\u5e38\u4f7f\u7528\u3002","title":"3.2 \u7ea6\u675f\u8bf4\u660e"},{"location":"test/openEuler-22.03-LTS-SP2/#33","text":"","title":"3.3 \u9057\u7559\u95ee\u9898\u5206\u6790"},{"location":"test/openEuler-22.03-LTS-SP2/#331","text":"\u95ee\u9898\u5355\u53f7 \u95ee\u9898\u63cf\u8ff0 \u95ee\u9898\u7ea7\u522b \u95ee\u9898\u5f71\u54cd\u548c\u89c4\u907f\u63aa\u65bd \u5f53\u524d\u72b6\u6001 N/A N/A N/A N/A N/A","title":"3.3.1 \u9057\u7559\u95ee\u9898\u5f71\u54cd\u4ee5\u53ca\u89c4\u907f\u63aa\u65bd"},{"location":"test/openEuler-22.03-LTS-SP2/#332","text":"\u95ee\u9898\u603b\u6570 \u4e25\u91cd \u4e3b\u8981 \u6b21\u8981 \u4e0d\u91cd\u8981 \u6570\u76ee 12 0 5 6 1 \u767e\u5206\u6bd4 100 0 42 50 8 ISSUE Link https://gitee.com/src-openeuler/python-flask-restful/issues/I7ABYH https://gitee.com/src-openeuler/python-zVMCloudConnector/issues/I79KJO https://gitee.com/src-openeuler/openvswitch/issues/I79K23 https://gitee.com/src-openeuler/openstack-nova/issues/I79JC8 https://gitee.com/src-openeuler/python-rtslib-fb/issues/I79IXG https://gitee.com/src-openeuler/python-suds-jurko/issues/I79IQM https://gitee.com/src-openeuler/ovn/issues/I79I7O https://gitee.com/openeuler/openstack/issues/I77LN7 https://gitee.com/openeuler/openstack/issues/I77LQN https://gitee.com/openeuler/openstack/issues/I79OIL https://gitee.com/openeuler/openstack/issues/I7BQC0 https://gitee.com/openeuler/openstack/issues/I7CC2N","title":"3.3.2 \u95ee\u9898\u7edf\u8ba1"},{"location":"test/openEuler-22.03-LTS-SP2/#4","text":"","title":"4 \u6d4b\u8bd5\u6267\u884c"},{"location":"test/openEuler-22.03-LTS-SP2/#41","text":"\u672c\u8282\u5185\u5bb9\u6839\u636e\u6d4b\u8bd5\u7528\u4f8b\u53ca\u5b9e\u9645\u6267\u884c\u60c5\u51b5\u8fdb\u884c\u7279\u6027\u6574\u4f53\u6d4b\u8bd5\u7684\u7edf\u8ba1\uff0c\u53ef\u6839\u636e\u7b2c\u4e8c\u7ae0\u7684\u6d4b\u8bd5\u8f6e\u6b21\u5206\u5f00\u8fdb\u884c\u7edf\u8ba1\u8bf4\u660e\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u7528\u4f8b\u6570 \u7528\u4f8b\u6267\u884c\u7ed3\u679c \u53d1\u73b0\u95ee\u9898\u5355\u6570 openEuler 22.03 LTS SP2 OpenStack Train 1354 \u901a\u8fc71289\u4e2a\uff0cskip 64\u4e2a\uff0cFail 0\u4e2a 2 openEuler 22.03 LTS SP2 OpenStack Wallaby 1164 \u901a\u8fc71088\u4e2a\uff0cskip 70\u4e2a\uff0cFail 0\u4e2a 1","title":"4.1 \u6d4b\u8bd5\u6267\u884c\u7edf\u8ba1\u6570\u636e"},{"location":"test/openEuler-22.03-LTS-SP2/#42","text":"\u6db5\u76d6\u4e3b\u8981\u7684\u6027\u80fd\u6d4b\u8bd5\u3002 \u8986\u76d6\u66f4\u591a\u7684driver/plugin\u6d4b\u8bd5\u3002 \u91cd\u70b9\u6d4b\u8bd5SP2\u65b0\u589eOpenStack\u670d\u52a1\uff0c\u5c3d\u65e9\u53d1\u73b0\u95ee\u9898\uff0c\u89e3\u51b3\u95ee\u9898\u3002","title":"4.2 \u540e\u7eed\u6d4b\u8bd5\u5efa\u8bae"},{"location":"test/openEuler-22.03-LTS-SP2/#5","text":"N/A","title":"5 \u9644\u4ef6"},{"location":"test/openEuler-22.03-LTS-SP3/","text":"openEuler 22.03 LTS SP3\u6d4b\u8bd5\u62a5\u544a \u00b6 \u7248\u6743\u6240\u6709 \u00a9 2023 openEuler\u793e\u533a \u60a8\u5bf9\u201c\u672c\u6587\u6863\u201d\u7684\u590d\u5236\u3001\u4f7f\u7528\u3001\u4fee\u6539\u53ca\u5206\u53d1\u53d7\u77e5\u8bc6\u5171\u4eab(Creative Commons)\u7f72\u540d\u2014\u76f8\u540c\u65b9\u5f0f\u5171\u4eab4.0\u56fd\u9645\u516c\u5171\u8bb8\u53ef\u534f\u8bae(\u4ee5\u4e0b\u7b80\u79f0\u201cCC BY-SA 4.0\u201d)\u7684\u7ea6\u675f\u3002\u4e3a\u4e86\u65b9\u4fbf\u7528\u6237\u7406\u89e3\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95eehttps://creativecommons.org/licenses/by-sa/4.0/ \u4e86\u89e3CC BY-SA 4.0\u7684\u6982\u8981 (\u4f46\u4e0d\u662f\u66ff\u4ee3)\u3002CC BY-SA 4.0\u7684\u5b8c\u6574\u534f\u8bae\u5185\u5bb9\u60a8\u53ef\u4ee5\u8bbf\u95ee\u5982\u4e0b\u7f51\u5740\u83b7\u53d6\uff1ahttps://creativecommons.org/licenses/by-sa/4.0/legalcode\u3002 \u4fee\u8ba2\u8bb0\u5f55 \u65e5\u671f \u4fee\u8ba2\u7248\u672c \u4fee\u6539\u63cf\u8ff0 \u4f5c\u8005 2023-12-27 1 \u521d\u7a3f \u90d1\u633a \u5173\u952e\u8bcd\uff1a OpenStack \u6458\u8981\uff1a \u5728 openEuler 22.03 LTS SP3 \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Train \u3001 OpenStack Wallaby \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u65b9\u4fbf\u7528\u6237\u5feb\u901f\u90e8\u7f72 OpenStack \u3002 \u7f29\u7565\u8bed\u6e05\u5355\uff1a \u7f29\u7565\u8bed \u82f1\u6587\u5168\u540d \u4e2d\u6587\u89e3\u91ca CLI Command Line Interface \u547d\u4ee4\u884c\u5de5\u5177 ECS Elastic Cloud Server \u5f39\u6027\u4e91\u670d\u52a1\u5668 1 \u7279\u6027\u6982\u8ff0 \u00b6 \u5728 openEuler 22.03 LTS SP3 \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Train \u3001 OpenStack Wallaby \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u5305\u62ec\u4ee5\u4e0b\u9879\u76ee\u4ee5\u53ca\u6bcf\u4e2a\u9879\u76ee\u914d\u5957\u7684 CLI \u3002 Keystone Neutron Cinder Nova Placement Glance Horizon Aodh Ceilometer Cyborg Gnocchi Heat Swift Ironic Kolla Trove Tempest Barbican Octavia designate Manila Masakari Mistral Senlin Zaqar 2 \u7279\u6027\u6d4b\u8bd5\u4fe1\u606f \u00b6 \u672c\u8282\u63cf\u8ff0\u88ab\u6d4b\u5bf9\u8c61\u7684\u7248\u672c\u4fe1\u606f\u548c\u6d4b\u8bd5\u7684\u65f6\u95f4\u53ca\u6d4b\u8bd5\u8f6e\u6b21\uff0c\u5305\u62ec\u4f9d\u8d56\u7684\u786c\u4ef6\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u8d77\u59cb\u65f6\u95f4 \u6d4b\u8bd5\u7ed3\u675f\u65f6\u95f4 openEuler 22.03 LTS SP3 RC1 (OpenStack Train\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2023.11.23 2023.11.27 openEuler 22.03 LTS SP3 RC1 (OpenStack Train\u7248\u672c\u57fa\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2023.11.28 2023.12.1 openEuler 22.03 LTS SP3 RC2 (OpenStack Train\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2023.12.2 2023.12.6 openEuler 22.03 LTS SP3 RC3 (OpenStack Train\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2023.12.7 2023.12.11 openEuler 22.03 LTS SP3 RC3 (OpenStack Wallaby\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2023.12.12 2023.12.16 openEuler 22.03 LTS SP3 RC3 (OpenStack Wallaby\u57fa\u7248\u672c\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2023.12.17 2023.12.21 openEuler 22.03 LTS SP3 RC4 (OpenStack Wallaby\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2023.12.21 2023.12.25 openEuler 22.03 LTS SP3 RC4 (OpenStack Wallaby\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2023.12.25 2023.12.28 \u63cf\u8ff0\u7279\u6027\u6d4b\u8bd5\u7684\u786c\u4ef6\u73af\u5883\u4fe1\u606f \u786c\u4ef6\u578b\u53f7 \u786c\u4ef6\u914d\u7f6e\u4fe1\u606f \u5907\u6ce8 \u534e\u4e3a\u4e91ECS Intel Cascade Lake 3.0GHz 8U16G \u534e\u4e3a\u4e91x86\u865a\u62df\u673a \u534e\u4e3a\u4e91ECS Huawei Kunpeng 920 2.6GHz 8U16G \u534e\u4e3a\u4e91arm64\u865a\u62df\u673a 3 \u6d4b\u8bd5\u7ed3\u8bba\u6982\u8ff0 \u00b6 3.1 \u6d4b\u8bd5\u6574\u4f53\u7ed3\u8bba \u00b6 OpenStack Train \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1303 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86 API \u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 65 \u4e2a\uff08\u5168\u662f OpenStack Train \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982Keystone V1\u3001Cinder V1\u7b49\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff0c\u5176\u4ed6 1238 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 OpenStack Wallaby \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1263 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86API\u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 93 \u4e2a\uff08\u5168\u662f OpenStack Wallaby \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982KeystoneV1\u3001Cinder V1\u7b49\uff0c\u548c\u4e0d\u652f\u6301\u7684barbican\u9879\u76ee\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff0c\u5176\u4ed6 1170 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 \u6d4b\u8bd5\u6d3b\u52a8 tempest\u96c6\u6210\u6d4b\u8bd5 \u63a5\u53e3\u6d4b\u8bd5 API\u5168\u8986\u76d6 \u529f\u80fd\u6d4b\u8bd5 Train\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1303\u4e2a\uff0c\u5176\u4e2dSkip 65\u4e2a\uff0cFail 0\u4e2a\uff0c\u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u529f\u80fd\u6d4b\u8bd5 Wallaby\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1263\u4e2a\uff0c\u5176\u4e2dSkip 93\u4e2a\uff0cFail 0\u4e2a, \u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u6d4b\u8bd5\u6d3b\u52a8 \u529f\u80fd\u6d4b\u8bd5 \u529f\u80fd\u6d4b\u8bd5 \u865a\u62df\u673a\uff08KVM\u3001Qemu)\u3001\u5b58\u50a8\uff08lvm\u3001NFS\u3001Ceph\u540e\u7aef\uff09\u3001\u7f51\u7edc\u8d44\u6e90\uff08linuxbridge\u3001openvswitch\uff09\u7ba1\u7406\u64cd\u4f5c\u6b63\u5e38 3.2 \u7ea6\u675f\u8bf4\u660e \u00b6 \u672c\u6b21\u6d4b\u8bd5\u6ca1\u6709\u8986\u76d6 OpenStack Train \u3001 OpenStack Wallaby \u7248\u4e2d\u660e\u786e\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff0c\u56e0\u6b64\u4e0d\u80fd\u4fdd\u8bc1\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff08\u524d\u6587\u63d0\u5230\u7684Skip\u7684\u7528\u4f8b\uff09\u5728 openEuler 22.03 LTS SP3 \u4e0a\u80fd\u6b63\u5e38\u4f7f\u7528\u3002 3.3 \u9057\u7559\u95ee\u9898\u5206\u6790 \u00b6 3.3.1 \u9057\u7559\u95ee\u9898\u5f71\u54cd\u4ee5\u53ca\u89c4\u907f\u63aa\u65bd \u00b6 \u95ee\u9898\u5355\u53f7 \u95ee\u9898\u63cf\u8ff0 \u95ee\u9898\u7ea7\u522b \u95ee\u9898\u5f71\u54cd\u548c\u89c4\u907f\u63aa\u65bd \u5f53\u524d\u72b6\u6001 N/A N/A N/A N/A N/A 3.3.2 \u95ee\u9898\u7edf\u8ba1 \u00b6 \u95ee\u9898\u603b\u6570 \u4e25\u91cd \u4e3b\u8981 \u6b21\u8981 \u4e0d\u91cd\u8981 \u6570\u76ee 1 0 1 0 0 \u767e\u5206\u6bd4 100 0 100 0 0 ISSUE Link https://gitee.com/src-openeuler/python-ndg-httpsclient/issues/I8Q6GR 4 \u6d4b\u8bd5\u6267\u884c \u00b6 4.1 \u6d4b\u8bd5\u6267\u884c\u7edf\u8ba1\u6570\u636e \u00b6 \u672c\u8282\u5185\u5bb9\u6839\u636e\u6d4b\u8bd5\u7528\u4f8b\u53ca\u5b9e\u9645\u6267\u884c\u60c5\u51b5\u8fdb\u884c\u7279\u6027\u6574\u4f53\u6d4b\u8bd5\u7684\u7edf\u8ba1\uff0c\u53ef\u6839\u636e\u7b2c\u4e8c\u7ae0\u7684\u6d4b\u8bd5\u8f6e\u6b21\u5206\u5f00\u8fdb\u884c\u7edf\u8ba1\u8bf4\u660e\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u7528\u4f8b\u6570 \u7528\u4f8b\u6267\u884c\u7ed3\u679c \u53d1\u73b0\u95ee\u9898\u5355\u6570 openEuler 22.03 LTS SP3 OpenStack Train 1303 \u901a\u8fc71238\u4e2a\uff0cskip 65\u4e2a\uff0cFail 0\u4e2a 0 openEuler 22.03 LTS SP3 OpenStack Wallaby 1263 \u901a\u8fc71170\u4e2a\uff0cskip 93\u4e2a\uff0cFail 0\u4e2a 1 4.2 \u540e\u7eed\u6d4b\u8bd5\u5efa\u8bae \u00b6 \u6db5\u76d6\u4e3b\u8981\u7684\u6027\u80fd\u6d4b\u8bd5\u3002 \u8986\u76d6\u66f4\u591a\u7684driver/plugin\u6d4b\u8bd5\u3002 \u91cd\u70b9\u6d4b\u8bd5SP3\u65b0\u589eOpenStack\u670d\u52a1\uff0c\u5c3d\u65e9\u53d1\u73b0\u95ee\u9898\uff0c\u89e3\u51b3\u95ee\u9898\u3002 5 \u9644\u4ef6 \u00b6 N/A","title":"openEuler-22.03-LTS-SP3"},{"location":"test/openEuler-22.03-LTS-SP3/#openeuler-2203-lts-sp3","text":"\u7248\u6743\u6240\u6709 \u00a9 2023 openEuler\u793e\u533a \u60a8\u5bf9\u201c\u672c\u6587\u6863\u201d\u7684\u590d\u5236\u3001\u4f7f\u7528\u3001\u4fee\u6539\u53ca\u5206\u53d1\u53d7\u77e5\u8bc6\u5171\u4eab(Creative Commons)\u7f72\u540d\u2014\u76f8\u540c\u65b9\u5f0f\u5171\u4eab4.0\u56fd\u9645\u516c\u5171\u8bb8\u53ef\u534f\u8bae(\u4ee5\u4e0b\u7b80\u79f0\u201cCC BY-SA 4.0\u201d)\u7684\u7ea6\u675f\u3002\u4e3a\u4e86\u65b9\u4fbf\u7528\u6237\u7406\u89e3\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95eehttps://creativecommons.org/licenses/by-sa/4.0/ \u4e86\u89e3CC BY-SA 4.0\u7684\u6982\u8981 (\u4f46\u4e0d\u662f\u66ff\u4ee3)\u3002CC BY-SA 4.0\u7684\u5b8c\u6574\u534f\u8bae\u5185\u5bb9\u60a8\u53ef\u4ee5\u8bbf\u95ee\u5982\u4e0b\u7f51\u5740\u83b7\u53d6\uff1ahttps://creativecommons.org/licenses/by-sa/4.0/legalcode\u3002 \u4fee\u8ba2\u8bb0\u5f55 \u65e5\u671f \u4fee\u8ba2\u7248\u672c \u4fee\u6539\u63cf\u8ff0 \u4f5c\u8005 2023-12-27 1 \u521d\u7a3f \u90d1\u633a \u5173\u952e\u8bcd\uff1a OpenStack \u6458\u8981\uff1a \u5728 openEuler 22.03 LTS SP3 \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Train \u3001 OpenStack Wallaby \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u65b9\u4fbf\u7528\u6237\u5feb\u901f\u90e8\u7f72 OpenStack \u3002 \u7f29\u7565\u8bed\u6e05\u5355\uff1a \u7f29\u7565\u8bed \u82f1\u6587\u5168\u540d \u4e2d\u6587\u89e3\u91ca CLI Command Line Interface \u547d\u4ee4\u884c\u5de5\u5177 ECS Elastic Cloud Server \u5f39\u6027\u4e91\u670d\u52a1\u5668","title":"openEuler 22.03 LTS SP3\u6d4b\u8bd5\u62a5\u544a"},{"location":"test/openEuler-22.03-LTS-SP3/#1","text":"\u5728 openEuler 22.03 LTS SP3 \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Train \u3001 OpenStack Wallaby \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u5305\u62ec\u4ee5\u4e0b\u9879\u76ee\u4ee5\u53ca\u6bcf\u4e2a\u9879\u76ee\u914d\u5957\u7684 CLI \u3002 Keystone Neutron Cinder Nova Placement Glance Horizon Aodh Ceilometer Cyborg Gnocchi Heat Swift Ironic Kolla Trove Tempest Barbican Octavia designate Manila Masakari Mistral Senlin Zaqar","title":"1 \u7279\u6027\u6982\u8ff0"},{"location":"test/openEuler-22.03-LTS-SP3/#2","text":"\u672c\u8282\u63cf\u8ff0\u88ab\u6d4b\u5bf9\u8c61\u7684\u7248\u672c\u4fe1\u606f\u548c\u6d4b\u8bd5\u7684\u65f6\u95f4\u53ca\u6d4b\u8bd5\u8f6e\u6b21\uff0c\u5305\u62ec\u4f9d\u8d56\u7684\u786c\u4ef6\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u8d77\u59cb\u65f6\u95f4 \u6d4b\u8bd5\u7ed3\u675f\u65f6\u95f4 openEuler 22.03 LTS SP3 RC1 (OpenStack Train\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2023.11.23 2023.11.27 openEuler 22.03 LTS SP3 RC1 (OpenStack Train\u7248\u672c\u57fa\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2023.11.28 2023.12.1 openEuler 22.03 LTS SP3 RC2 (OpenStack Train\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2023.12.2 2023.12.6 openEuler 22.03 LTS SP3 RC3 (OpenStack Train\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2023.12.7 2023.12.11 openEuler 22.03 LTS SP3 RC3 (OpenStack Wallaby\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2023.12.12 2023.12.16 openEuler 22.03 LTS SP3 RC3 (OpenStack Wallaby\u57fa\u7248\u672c\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2023.12.17 2023.12.21 openEuler 22.03 LTS SP3 RC4 (OpenStack Wallaby\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2023.12.21 2023.12.25 openEuler 22.03 LTS SP3 RC4 (OpenStack Wallaby\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2023.12.25 2023.12.28 \u63cf\u8ff0\u7279\u6027\u6d4b\u8bd5\u7684\u786c\u4ef6\u73af\u5883\u4fe1\u606f \u786c\u4ef6\u578b\u53f7 \u786c\u4ef6\u914d\u7f6e\u4fe1\u606f \u5907\u6ce8 \u534e\u4e3a\u4e91ECS Intel Cascade Lake 3.0GHz 8U16G \u534e\u4e3a\u4e91x86\u865a\u62df\u673a \u534e\u4e3a\u4e91ECS Huawei Kunpeng 920 2.6GHz 8U16G \u534e\u4e3a\u4e91arm64\u865a\u62df\u673a","title":"2 \u7279\u6027\u6d4b\u8bd5\u4fe1\u606f"},{"location":"test/openEuler-22.03-LTS-SP3/#3","text":"","title":"3 \u6d4b\u8bd5\u7ed3\u8bba\u6982\u8ff0"},{"location":"test/openEuler-22.03-LTS-SP3/#31","text":"OpenStack Train \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1303 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86 API \u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 65 \u4e2a\uff08\u5168\u662f OpenStack Train \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982Keystone V1\u3001Cinder V1\u7b49\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff0c\u5176\u4ed6 1238 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 OpenStack Wallaby \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1263 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86API\u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 93 \u4e2a\uff08\u5168\u662f OpenStack Wallaby \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982KeystoneV1\u3001Cinder V1\u7b49\uff0c\u548c\u4e0d\u652f\u6301\u7684barbican\u9879\u76ee\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff0c\u5176\u4ed6 1170 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 \u6d4b\u8bd5\u6d3b\u52a8 tempest\u96c6\u6210\u6d4b\u8bd5 \u63a5\u53e3\u6d4b\u8bd5 API\u5168\u8986\u76d6 \u529f\u80fd\u6d4b\u8bd5 Train\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1303\u4e2a\uff0c\u5176\u4e2dSkip 65\u4e2a\uff0cFail 0\u4e2a\uff0c\u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u529f\u80fd\u6d4b\u8bd5 Wallaby\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1263\u4e2a\uff0c\u5176\u4e2dSkip 93\u4e2a\uff0cFail 0\u4e2a, \u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u6d4b\u8bd5\u6d3b\u52a8 \u529f\u80fd\u6d4b\u8bd5 \u529f\u80fd\u6d4b\u8bd5 \u865a\u62df\u673a\uff08KVM\u3001Qemu)\u3001\u5b58\u50a8\uff08lvm\u3001NFS\u3001Ceph\u540e\u7aef\uff09\u3001\u7f51\u7edc\u8d44\u6e90\uff08linuxbridge\u3001openvswitch\uff09\u7ba1\u7406\u64cd\u4f5c\u6b63\u5e38","title":"3.1 \u6d4b\u8bd5\u6574\u4f53\u7ed3\u8bba"},{"location":"test/openEuler-22.03-LTS-SP3/#32","text":"\u672c\u6b21\u6d4b\u8bd5\u6ca1\u6709\u8986\u76d6 OpenStack Train \u3001 OpenStack Wallaby \u7248\u4e2d\u660e\u786e\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff0c\u56e0\u6b64\u4e0d\u80fd\u4fdd\u8bc1\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff08\u524d\u6587\u63d0\u5230\u7684Skip\u7684\u7528\u4f8b\uff09\u5728 openEuler 22.03 LTS SP3 \u4e0a\u80fd\u6b63\u5e38\u4f7f\u7528\u3002","title":"3.2 \u7ea6\u675f\u8bf4\u660e"},{"location":"test/openEuler-22.03-LTS-SP3/#33","text":"","title":"3.3 \u9057\u7559\u95ee\u9898\u5206\u6790"},{"location":"test/openEuler-22.03-LTS-SP3/#331","text":"\u95ee\u9898\u5355\u53f7 \u95ee\u9898\u63cf\u8ff0 \u95ee\u9898\u7ea7\u522b \u95ee\u9898\u5f71\u54cd\u548c\u89c4\u907f\u63aa\u65bd \u5f53\u524d\u72b6\u6001 N/A N/A N/A N/A N/A","title":"3.3.1 \u9057\u7559\u95ee\u9898\u5f71\u54cd\u4ee5\u53ca\u89c4\u907f\u63aa\u65bd"},{"location":"test/openEuler-22.03-LTS-SP3/#332","text":"\u95ee\u9898\u603b\u6570 \u4e25\u91cd \u4e3b\u8981 \u6b21\u8981 \u4e0d\u91cd\u8981 \u6570\u76ee 1 0 1 0 0 \u767e\u5206\u6bd4 100 0 100 0 0 ISSUE Link https://gitee.com/src-openeuler/python-ndg-httpsclient/issues/I8Q6GR","title":"3.3.2 \u95ee\u9898\u7edf\u8ba1"},{"location":"test/openEuler-22.03-LTS-SP3/#4","text":"","title":"4 \u6d4b\u8bd5\u6267\u884c"},{"location":"test/openEuler-22.03-LTS-SP3/#41","text":"\u672c\u8282\u5185\u5bb9\u6839\u636e\u6d4b\u8bd5\u7528\u4f8b\u53ca\u5b9e\u9645\u6267\u884c\u60c5\u51b5\u8fdb\u884c\u7279\u6027\u6574\u4f53\u6d4b\u8bd5\u7684\u7edf\u8ba1\uff0c\u53ef\u6839\u636e\u7b2c\u4e8c\u7ae0\u7684\u6d4b\u8bd5\u8f6e\u6b21\u5206\u5f00\u8fdb\u884c\u7edf\u8ba1\u8bf4\u660e\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u7528\u4f8b\u6570 \u7528\u4f8b\u6267\u884c\u7ed3\u679c \u53d1\u73b0\u95ee\u9898\u5355\u6570 openEuler 22.03 LTS SP3 OpenStack Train 1303 \u901a\u8fc71238\u4e2a\uff0cskip 65\u4e2a\uff0cFail 0\u4e2a 0 openEuler 22.03 LTS SP3 OpenStack Wallaby 1263 \u901a\u8fc71170\u4e2a\uff0cskip 93\u4e2a\uff0cFail 0\u4e2a 1","title":"4.1 \u6d4b\u8bd5\u6267\u884c\u7edf\u8ba1\u6570\u636e"},{"location":"test/openEuler-22.03-LTS-SP3/#42","text":"\u6db5\u76d6\u4e3b\u8981\u7684\u6027\u80fd\u6d4b\u8bd5\u3002 \u8986\u76d6\u66f4\u591a\u7684driver/plugin\u6d4b\u8bd5\u3002 \u91cd\u70b9\u6d4b\u8bd5SP3\u65b0\u589eOpenStack\u670d\u52a1\uff0c\u5c3d\u65e9\u53d1\u73b0\u95ee\u9898\uff0c\u89e3\u51b3\u95ee\u9898\u3002","title":"4.2 \u540e\u7eed\u6d4b\u8bd5\u5efa\u8bae"},{"location":"test/openEuler-22.03-LTS-SP3/#5","text":"N/A","title":"5 \u9644\u4ef6"},{"location":"test/openEuler-22.03-LTS-SP4/","text":"openEuler 22.03 LTS SP4\u6d4b\u8bd5\u62a5\u544a \u00b6 \u7248\u6743\u6240\u6709 \u00a9 2023 openEuler\u793e\u533a \u60a8\u5bf9\u201c\u672c\u6587\u6863\u201d\u7684\u590d\u5236\u3001\u4f7f\u7528\u3001\u4fee\u6539\u53ca\u5206\u53d1\u53d7\u77e5\u8bc6\u5171\u4eab(Creative Commons)\u7f72\u540d\u2014\u76f8\u540c\u65b9\u5f0f\u5171\u4eab4.0\u56fd\u9645\u516c\u5171\u8bb8\u53ef\u534f\u8bae(\u4ee5\u4e0b\u7b80\u79f0\u201cCC BY-SA 4.0\u201d)\u7684\u7ea6\u675f\u3002\u4e3a\u4e86\u65b9\u4fbf\u7528\u6237\u7406\u89e3\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95eehttps://creativecommons.org/licenses/by-sa/4.0/ \u4e86\u89e3CC BY-SA 4.0\u7684\u6982\u8981 (\u4f46\u4e0d\u662f\u66ff\u4ee3)\u3002CC BY-SA 4.0\u7684\u5b8c\u6574\u534f\u8bae\u5185\u5bb9\u60a8\u53ef\u4ee5\u8bbf\u95ee\u5982\u4e0b\u7f51\u5740\u83b7\u53d6\uff1ahttps://creativecommons.org/licenses/by-sa/4.0/legalcode\u3002 \u4fee\u8ba2\u8bb0\u5f55 \u65e5\u671f \u4fee\u8ba2\u7248\u672c \u4fee\u6539\u63cf\u8ff0 \u4f5c\u8005 2024-06-21 1 \u521d\u7a3f \u738b\u9759 \u5173\u952e\u8bcd\uff1a OpenStack \u6458\u8981\uff1a \u5728 openEuler 22.03 LTS SP4 \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Train \u3001 OpenStack Wallaby \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u65b9\u4fbf\u7528\u6237\u5feb\u901f\u90e8\u7f72 OpenStack \u3002 \u7f29\u7565\u8bed\u6e05\u5355\uff1a \u7f29\u7565\u8bed \u82f1\u6587\u5168\u540d \u4e2d\u6587\u89e3\u91ca CLI Command Line Interface \u547d\u4ee4\u884c\u5de5\u5177 ECS Elastic Cloud Server \u5f39\u6027\u4e91\u670d\u52a1\u5668 1 \u7279\u6027\u6982\u8ff0 \u00b6 \u5728 openEuler 22.03 LTS SP4 \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Train \u3001 OpenStack Wallaby \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u5305\u62ec\u4ee5\u4e0b\u9879\u76ee\u4ee5\u53ca\u6bcf\u4e2a\u9879\u76ee\u914d\u5957\u7684 CLI \u3002 Keystone Neutron Cinder Nova Placement Glance Horizon Aodh Ceilometer Cyborg Gnocchi Heat Swift Ironic Kolla Trove Tempest Barbican Octavia designate Manila Masakari Mistral Senlin Zaqar 2 \u7279\u6027\u6d4b\u8bd5\u4fe1\u606f \u00b6 \u672c\u8282\u63cf\u8ff0\u88ab\u6d4b\u5bf9\u8c61\u7684\u7248\u672c\u4fe1\u606f\u548c\u6d4b\u8bd5\u7684\u65f6\u95f4\u53ca\u6d4b\u8bd5\u8f6e\u6b21\uff0c\u5305\u62ec\u4f9d\u8d56\u7684\u786c\u4ef6\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u8d77\u59cb\u65f6\u95f4 \u6d4b\u8bd5\u7ed3\u675f\u65f6\u95f4 openEuler 22.03 LTS SP4 RC1 (OpenStack Train\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2024.04.23 2024.04.27 openEuler 22.03 LTS SP4 RC1 (OpenStack Train\u7248\u672c\u57fa\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2024.04.28 2024.05.09 openEuler 22.03 LTS SP4 RC2 (OpenStack Train\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2024.05.09 2024.05.16 openEuler 22.03 LTS SP4 RC3 (OpenStack Train\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2024.05.17 2024.05.21 openEuler 22.03 LTS SP4 RC3 (OpenStack Wallaby\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2024.05.22 2024.05.25 openEuler 22.03 LTS SP4 RC3 (OpenStack Wallaby\u57fa\u7248\u672c\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2024.05.27 2024.05.30 openEuler 22.03 LTS SP4 RC4 (OpenStack Wallaby\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2024.06.01 2024.06.07 openEuler 22.03 LTS SP4 RC4 (OpenStack Wallaby\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2024.06.08 2024.06.19 \u63cf\u8ff0\u7279\u6027\u6d4b\u8bd5\u7684\u786c\u4ef6\u73af\u5883\u4fe1\u606f \u786c\u4ef6\u578b\u53f7 \u786c\u4ef6\u914d\u7f6e\u4fe1\u606f \u5907\u6ce8 \u534e\u4e3a\u4e91ECS Intel Cascade Lake 3.0GHz 8U16G \u534e\u4e3a\u4e91x86\u865a\u62df\u673a \u534e\u4e3a\u4e91ECS Huawei Kunpeng 920 2.6GHz 8U16G \u534e\u4e3a\u4e91arm64\u865a\u62df\u673a 3 \u6d4b\u8bd5\u7ed3\u8bba\u6982\u8ff0 \u00b6 3.1 \u6d4b\u8bd5\u6574\u4f53\u7ed3\u8bba \u00b6 OpenStack Train \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1420 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86 API \u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 66 \u4e2a\uff08\u5168\u662f OpenStack Train \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982Keystone V1\u3001Cinder V1\u7b49\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff0c\u5176\u4ed6 1354 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 OpenStack Wallaby \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1436 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86API\u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 95 \u4e2a\uff08\u5168\u662f OpenStack Wallaby \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982KeystoneV1\u3001Cinder V1\u7b49\uff0c\u548c\u4e0d\u652f\u6301\u7684barbican\u9879\u76ee\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff0c\u5176\u4ed6 1341 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 \u6d4b\u8bd5\u6d3b\u52a8 tempest\u96c6\u6210\u6d4b\u8bd5 \u63a5\u53e3\u6d4b\u8bd5 API\u5168\u8986\u76d6 \u529f\u80fd\u6d4b\u8bd5 Train\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1420\u4e2a\uff0c\u5176\u4e2dSkip 66\u4e2a\uff0cFail 0\u4e2a\uff0c\u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u529f\u80fd\u6d4b\u8bd5 Wallaby\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1436\u4e2a\uff0c\u5176\u4e2dSkip 95\u4e2a\uff0cFail 0\u4e2a, \u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u6d4b\u8bd5\u6d3b\u52a8 \u529f\u80fd\u6d4b\u8bd5 \u529f\u80fd\u6d4b\u8bd5 \u865a\u62df\u673a\uff08KVM\u3001Qemu)\u3001\u5b58\u50a8\uff08lvm\u3001NFS\u3001Ceph\u540e\u7aef\uff09\u3001\u7f51\u7edc\u8d44\u6e90\uff08linuxbridge\u3001openvswitch\uff09\u7ba1\u7406\u64cd\u4f5c\u6b63\u5e38 3.2 \u7ea6\u675f\u8bf4\u660e \u00b6 \u672c\u6b21\u6d4b\u8bd5\u6ca1\u6709\u8986\u76d6 OpenStack Train \u3001 OpenStack Wallaby \u7248\u4e2d\u660e\u786e\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff0c\u56e0\u6b64\u4e0d\u80fd\u4fdd\u8bc1\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff08\u524d\u6587\u63d0\u5230\u7684Skip\u7684\u7528\u4f8b\uff09\u5728 openEuler 22.03 LTS SP4 \u4e0a\u80fd\u6b63\u5e38\u4f7f\u7528\u3002 3.3 \u9057\u7559\u95ee\u9898\u5206\u6790 \u00b6 3.3.1 \u9057\u7559\u95ee\u9898\u5f71\u54cd\u4ee5\u53ca\u89c4\u907f\u63aa\u65bd \u00b6 \u95ee\u9898\u5355\u53f7 \u95ee\u9898\u63cf\u8ff0 \u95ee\u9898\u7ea7\u522b \u95ee\u9898\u5f71\u54cd\u548c\u89c4\u907f\u63aa\u65bd \u5f53\u524d\u72b6\u6001 N/A N/A N/A N/A N/A 3.3.2 \u95ee\u9898\u7edf\u8ba1 \u00b6 \u95ee\u9898\u603b\u6570 \u4e25\u91cd \u4e3b\u8981 \u6b21\u8981 \u4e0d\u91cd\u8981 \u6570\u76ee 1 0 1 0 0 \u767e\u5206\u6bd4 100 0 100 0 0 ISSUE Link 4 \u6d4b\u8bd5\u6267\u884c \u00b6 4.1 \u6d4b\u8bd5\u6267\u884c\u7edf\u8ba1\u6570\u636e \u00b6 \u672c\u8282\u5185\u5bb9\u6839\u636e\u6d4b\u8bd5\u7528\u4f8b\u53ca\u5b9e\u9645\u6267\u884c\u60c5\u51b5\u8fdb\u884c\u7279\u6027\u6574\u4f53\u6d4b\u8bd5\u7684\u7edf\u8ba1\uff0c\u53ef\u6839\u636e\u7b2c\u4e8c\u7ae0\u7684\u6d4b\u8bd5\u8f6e\u6b21\u5206\u5f00\u8fdb\u884c\u7edf\u8ba1\u8bf4\u660e\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u7528\u4f8b\u6570 \u7528\u4f8b\u6267\u884c\u7ed3\u679c \u53d1\u73b0\u95ee\u9898\u5355\u6570 openEuler 22.03 LTS SP4 OpenStack Train 1420 \u901a\u8fc71354\u4e2a\uff0cskip 66\u4e2a\uff0cFail 0\u4e2a 0 openEuler 22.03 LTS SP4 OpenStack Wallaby 1436 \u901a\u8fc71431\u4e2a\uff0cskip 95\u4e2a\uff0cFail 0\u4e2a 0 4.2 \u540e\u7eed\u6d4b\u8bd5\u5efa\u8bae \u00b6 \u6db5\u76d6\u4e3b\u8981\u7684\u6027\u80fd\u6d4b\u8bd5\u3002 \u8986\u76d6\u66f4\u591a\u7684driver/plugin\u6d4b\u8bd5\u3002 \u91cd\u70b9\u6d4b\u8bd5SP4\u65b0\u589eOpenStack\u670d\u52a1\uff0c\u5c3d\u65e9\u53d1\u73b0\u95ee\u9898\uff0c\u89e3\u51b3\u95ee\u9898\u3002 5 \u9644\u4ef6 \u00b6 N/A","title":"openEuler-22.03-LTS-SP4"},{"location":"test/openEuler-22.03-LTS-SP4/#openeuler-2203-lts-sp4","text":"\u7248\u6743\u6240\u6709 \u00a9 2023 openEuler\u793e\u533a \u60a8\u5bf9\u201c\u672c\u6587\u6863\u201d\u7684\u590d\u5236\u3001\u4f7f\u7528\u3001\u4fee\u6539\u53ca\u5206\u53d1\u53d7\u77e5\u8bc6\u5171\u4eab(Creative Commons)\u7f72\u540d\u2014\u76f8\u540c\u65b9\u5f0f\u5171\u4eab4.0\u56fd\u9645\u516c\u5171\u8bb8\u53ef\u534f\u8bae(\u4ee5\u4e0b\u7b80\u79f0\u201cCC BY-SA 4.0\u201d)\u7684\u7ea6\u675f\u3002\u4e3a\u4e86\u65b9\u4fbf\u7528\u6237\u7406\u89e3\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95eehttps://creativecommons.org/licenses/by-sa/4.0/ \u4e86\u89e3CC BY-SA 4.0\u7684\u6982\u8981 (\u4f46\u4e0d\u662f\u66ff\u4ee3)\u3002CC BY-SA 4.0\u7684\u5b8c\u6574\u534f\u8bae\u5185\u5bb9\u60a8\u53ef\u4ee5\u8bbf\u95ee\u5982\u4e0b\u7f51\u5740\u83b7\u53d6\uff1ahttps://creativecommons.org/licenses/by-sa/4.0/legalcode\u3002 \u4fee\u8ba2\u8bb0\u5f55 \u65e5\u671f \u4fee\u8ba2\u7248\u672c \u4fee\u6539\u63cf\u8ff0 \u4f5c\u8005 2024-06-21 1 \u521d\u7a3f \u738b\u9759 \u5173\u952e\u8bcd\uff1a OpenStack \u6458\u8981\uff1a \u5728 openEuler 22.03 LTS SP4 \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Train \u3001 OpenStack Wallaby \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u65b9\u4fbf\u7528\u6237\u5feb\u901f\u90e8\u7f72 OpenStack \u3002 \u7f29\u7565\u8bed\u6e05\u5355\uff1a \u7f29\u7565\u8bed \u82f1\u6587\u5168\u540d \u4e2d\u6587\u89e3\u91ca CLI Command Line Interface \u547d\u4ee4\u884c\u5de5\u5177 ECS Elastic Cloud Server \u5f39\u6027\u4e91\u670d\u52a1\u5668","title":"openEuler 22.03 LTS SP4\u6d4b\u8bd5\u62a5\u544a"},{"location":"test/openEuler-22.03-LTS-SP4/#1","text":"\u5728 openEuler 22.03 LTS SP4 \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Train \u3001 OpenStack Wallaby \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u5305\u62ec\u4ee5\u4e0b\u9879\u76ee\u4ee5\u53ca\u6bcf\u4e2a\u9879\u76ee\u914d\u5957\u7684 CLI \u3002 Keystone Neutron Cinder Nova Placement Glance Horizon Aodh Ceilometer Cyborg Gnocchi Heat Swift Ironic Kolla Trove Tempest Barbican Octavia designate Manila Masakari Mistral Senlin Zaqar","title":"1 \u7279\u6027\u6982\u8ff0"},{"location":"test/openEuler-22.03-LTS-SP4/#2","text":"\u672c\u8282\u63cf\u8ff0\u88ab\u6d4b\u5bf9\u8c61\u7684\u7248\u672c\u4fe1\u606f\u548c\u6d4b\u8bd5\u7684\u65f6\u95f4\u53ca\u6d4b\u8bd5\u8f6e\u6b21\uff0c\u5305\u62ec\u4f9d\u8d56\u7684\u786c\u4ef6\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u8d77\u59cb\u65f6\u95f4 \u6d4b\u8bd5\u7ed3\u675f\u65f6\u95f4 openEuler 22.03 LTS SP4 RC1 (OpenStack Train\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2024.04.23 2024.04.27 openEuler 22.03 LTS SP4 RC1 (OpenStack Train\u7248\u672c\u57fa\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2024.04.28 2024.05.09 openEuler 22.03 LTS SP4 RC2 (OpenStack Train\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2024.05.09 2024.05.16 openEuler 22.03 LTS SP4 RC3 (OpenStack Train\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2024.05.17 2024.05.21 openEuler 22.03 LTS SP4 RC3 (OpenStack Wallaby\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2024.05.22 2024.05.25 openEuler 22.03 LTS SP4 RC3 (OpenStack Wallaby\u57fa\u7248\u672c\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2024.05.27 2024.05.30 openEuler 22.03 LTS SP4 RC4 (OpenStack Wallaby\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2024.06.01 2024.06.07 openEuler 22.03 LTS SP4 RC4 (OpenStack Wallaby\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2024.06.08 2024.06.19 \u63cf\u8ff0\u7279\u6027\u6d4b\u8bd5\u7684\u786c\u4ef6\u73af\u5883\u4fe1\u606f \u786c\u4ef6\u578b\u53f7 \u786c\u4ef6\u914d\u7f6e\u4fe1\u606f \u5907\u6ce8 \u534e\u4e3a\u4e91ECS Intel Cascade Lake 3.0GHz 8U16G \u534e\u4e3a\u4e91x86\u865a\u62df\u673a \u534e\u4e3a\u4e91ECS Huawei Kunpeng 920 2.6GHz 8U16G \u534e\u4e3a\u4e91arm64\u865a\u62df\u673a","title":"2 \u7279\u6027\u6d4b\u8bd5\u4fe1\u606f"},{"location":"test/openEuler-22.03-LTS-SP4/#3","text":"","title":"3 \u6d4b\u8bd5\u7ed3\u8bba\u6982\u8ff0"},{"location":"test/openEuler-22.03-LTS-SP4/#31","text":"OpenStack Train \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1420 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86 API \u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 66 \u4e2a\uff08\u5168\u662f OpenStack Train \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982Keystone V1\u3001Cinder V1\u7b49\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff0c\u5176\u4ed6 1354 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 OpenStack Wallaby \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1436 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86API\u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 95 \u4e2a\uff08\u5168\u662f OpenStack Wallaby \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982KeystoneV1\u3001Cinder V1\u7b49\uff0c\u548c\u4e0d\u652f\u6301\u7684barbican\u9879\u76ee\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff0c\u5176\u4ed6 1341 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 \u6d4b\u8bd5\u6d3b\u52a8 tempest\u96c6\u6210\u6d4b\u8bd5 \u63a5\u53e3\u6d4b\u8bd5 API\u5168\u8986\u76d6 \u529f\u80fd\u6d4b\u8bd5 Train\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1420\u4e2a\uff0c\u5176\u4e2dSkip 66\u4e2a\uff0cFail 0\u4e2a\uff0c\u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u529f\u80fd\u6d4b\u8bd5 Wallaby\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1436\u4e2a\uff0c\u5176\u4e2dSkip 95\u4e2a\uff0cFail 0\u4e2a, \u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u6d4b\u8bd5\u6d3b\u52a8 \u529f\u80fd\u6d4b\u8bd5 \u529f\u80fd\u6d4b\u8bd5 \u865a\u62df\u673a\uff08KVM\u3001Qemu)\u3001\u5b58\u50a8\uff08lvm\u3001NFS\u3001Ceph\u540e\u7aef\uff09\u3001\u7f51\u7edc\u8d44\u6e90\uff08linuxbridge\u3001openvswitch\uff09\u7ba1\u7406\u64cd\u4f5c\u6b63\u5e38","title":"3.1 \u6d4b\u8bd5\u6574\u4f53\u7ed3\u8bba"},{"location":"test/openEuler-22.03-LTS-SP4/#32","text":"\u672c\u6b21\u6d4b\u8bd5\u6ca1\u6709\u8986\u76d6 OpenStack Train \u3001 OpenStack Wallaby \u7248\u4e2d\u660e\u786e\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff0c\u56e0\u6b64\u4e0d\u80fd\u4fdd\u8bc1\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff08\u524d\u6587\u63d0\u5230\u7684Skip\u7684\u7528\u4f8b\uff09\u5728 openEuler 22.03 LTS SP4 \u4e0a\u80fd\u6b63\u5e38\u4f7f\u7528\u3002","title":"3.2 \u7ea6\u675f\u8bf4\u660e"},{"location":"test/openEuler-22.03-LTS-SP4/#33","text":"","title":"3.3 \u9057\u7559\u95ee\u9898\u5206\u6790"},{"location":"test/openEuler-22.03-LTS-SP4/#331","text":"\u95ee\u9898\u5355\u53f7 \u95ee\u9898\u63cf\u8ff0 \u95ee\u9898\u7ea7\u522b \u95ee\u9898\u5f71\u54cd\u548c\u89c4\u907f\u63aa\u65bd \u5f53\u524d\u72b6\u6001 N/A N/A N/A N/A N/A","title":"3.3.1 \u9057\u7559\u95ee\u9898\u5f71\u54cd\u4ee5\u53ca\u89c4\u907f\u63aa\u65bd"},{"location":"test/openEuler-22.03-LTS-SP4/#332","text":"\u95ee\u9898\u603b\u6570 \u4e25\u91cd \u4e3b\u8981 \u6b21\u8981 \u4e0d\u91cd\u8981 \u6570\u76ee 1 0 1 0 0 \u767e\u5206\u6bd4 100 0 100 0 0 ISSUE Link","title":"3.3.2 \u95ee\u9898\u7edf\u8ba1"},{"location":"test/openEuler-22.03-LTS-SP4/#4","text":"","title":"4 \u6d4b\u8bd5\u6267\u884c"},{"location":"test/openEuler-22.03-LTS-SP4/#41","text":"\u672c\u8282\u5185\u5bb9\u6839\u636e\u6d4b\u8bd5\u7528\u4f8b\u53ca\u5b9e\u9645\u6267\u884c\u60c5\u51b5\u8fdb\u884c\u7279\u6027\u6574\u4f53\u6d4b\u8bd5\u7684\u7edf\u8ba1\uff0c\u53ef\u6839\u636e\u7b2c\u4e8c\u7ae0\u7684\u6d4b\u8bd5\u8f6e\u6b21\u5206\u5f00\u8fdb\u884c\u7edf\u8ba1\u8bf4\u660e\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u7528\u4f8b\u6570 \u7528\u4f8b\u6267\u884c\u7ed3\u679c \u53d1\u73b0\u95ee\u9898\u5355\u6570 openEuler 22.03 LTS SP4 OpenStack Train 1420 \u901a\u8fc71354\u4e2a\uff0cskip 66\u4e2a\uff0cFail 0\u4e2a 0 openEuler 22.03 LTS SP4 OpenStack Wallaby 1436 \u901a\u8fc71431\u4e2a\uff0cskip 95\u4e2a\uff0cFail 0\u4e2a 0","title":"4.1 \u6d4b\u8bd5\u6267\u884c\u7edf\u8ba1\u6570\u636e"},{"location":"test/openEuler-22.03-LTS-SP4/#42","text":"\u6db5\u76d6\u4e3b\u8981\u7684\u6027\u80fd\u6d4b\u8bd5\u3002 \u8986\u76d6\u66f4\u591a\u7684driver/plugin\u6d4b\u8bd5\u3002 \u91cd\u70b9\u6d4b\u8bd5SP4\u65b0\u589eOpenStack\u670d\u52a1\uff0c\u5c3d\u65e9\u53d1\u73b0\u95ee\u9898\uff0c\u89e3\u51b3\u95ee\u9898\u3002","title":"4.2 \u540e\u7eed\u6d4b\u8bd5\u5efa\u8bae"},{"location":"test/openEuler-22.03-LTS-SP4/#5","text":"N/A","title":"5 \u9644\u4ef6"},{"location":"test/openEuler-22.03-LTS/","text":"openEuler 22.03 LTS \u6d4b\u8bd5\u62a5\u544a \u00b6 \u7248\u6743\u6240\u6709 \u00a9 2021 openEuler\u793e\u533a \u60a8\u5bf9\u201c\u672c\u6587\u6863\u201d\u7684\u590d\u5236\u3001\u4f7f\u7528\u3001\u4fee\u6539\u53ca\u5206\u53d1\u53d7\u77e5\u8bc6\u5171\u4eab(Creative Commons)\u7f72\u540d\u2014\u76f8\u540c\u65b9\u5f0f\u5171\u4eab4.0\u56fd\u9645\u516c\u5171\u8bb8\u53ef\u534f\u8bae(\u4ee5\u4e0b\u7b80\u79f0\u201cCC BY-SA 4.0\u201d)\u7684\u7ea6\u675f\u3002\u4e3a\u4e86\u65b9\u4fbf\u7528\u6237\u7406\u89e3\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95ee https://creativecommons.org/licenses/by-sa/4.0/ \u4e86\u89e3CC BY-SA 4.0\u7684\u6982\u8981 (\u4f46\u4e0d\u662f\u66ff\u4ee3)\u3002CC BY-SA 4.0\u7684\u5b8c\u6574\u534f\u8bae\u5185\u5bb9\u60a8\u53ef\u4ee5\u8bbf\u95ee\u5982\u4e0b\u7f51\u5740\u83b7\u53d6\uff1a https://creativecommons.org/licenses/by-sa/4.0/legalcode\u3002 \u4fee\u8ba2\u8bb0\u5f55 \u65e5\u671f \u4fee\u8ba2\u7248\u672c \u4fee\u6539\u63cf\u8ff0 \u4f5c\u8005 2022-03-21 1 \u521d\u7a3f \u674e\u4f73\u4f1f \u5173\u952e\u8bcd\uff1a OpenStack \u6458\u8981\uff1a \u5728 openEuler 22.03 LTS \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Train \u3001 OpenStack Wallaby \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u65b9\u4fbf\u7528\u6237\u5feb\u901f\u90e8\u7f72 OpenStack \u3002 \u7f29\u7565\u8bed\u6e05\u5355\uff1a \u7f29\u7565\u8bed \u82f1\u6587\u5168\u540d \u4e2d\u6587\u89e3\u91ca CLI Command Line Interface \u547d\u4ee4\u884c\u5de5\u5177 ECS Elastic Cloud Server \u5f39\u6027\u4e91\u670d\u52a1\u5668 1 \u7279\u6027\u6982\u8ff0 \u00b6 \u5728 openEuler 22.03 LTS \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Train \u3001 OpenStack Wallaby \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u5305\u62ec\u4ee5\u4e0b\u9879\u76ee\u4ee5\u53ca\u6bcf\u4e2a\u9879\u76ee\u914d\u5957\u7684 CLI \u3002 Keystone Neutron Cinder Nova Placement Glance Horizon Aodh Ceilometer Cyborg Gnocchi Heat Swift Ironic Kolla Trove Tempest 2 \u7279\u6027\u6d4b\u8bd5\u4fe1\u606f \u00b6 \u672c\u8282\u63cf\u8ff0\u88ab\u6d4b\u5bf9\u8c61\u7684\u7248\u672c\u4fe1\u606f\u548c\u6d4b\u8bd5\u7684\u65f6\u95f4\u53ca\u6d4b\u8bd5\u8f6e\u6b21\uff0c\u5305\u62ec\u4f9d\u8d56\u7684\u786c\u4ef6\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u8d77\u59cb\u65f6\u95f4 \u6d4b\u8bd5\u7ed3\u675f\u65f6\u95f4 openEuler 22.03 LTS RC1 (OpenStack Train\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2022.02.20 2022.02.27 openEuler 22.03 LTS RC1 (OpenStack Train\u7248\u672c\u57fa\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2022.02.28 2022.03.03 openEuler 22.03 LTS RC2 (OpenStack Train\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2022.03.04 2022.03.07 openEuler 22.03 LTS RC3 (OpenStack Train\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2022.03.08 2022.03.09 openEuler 22.03 LTS RC3 (OpenStack Wallaby\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2022.03.10 2022.03.15 openEuler 22.03 LTS RC3 (OpenStack Wallaby\u57fa\u7248\u672c\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2022.03.16 2022.03.19 openEuler 22.03 LTS RC4 (OpenStack Wallaby\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2022.03.20 2022.03.21 openEuler 22.03 LTS RC4 (OpenStack Wallaby\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2022.03.21 2022.03.22 \u63cf\u8ff0\u7279\u6027\u6d4b\u8bd5\u7684\u786c\u4ef6\u73af\u5883\u4fe1\u606f \u786c\u4ef6\u578b\u53f7 \u786c\u4ef6\u914d\u7f6e\u4fe1\u606f \u5907\u6ce8 \u534e\u4e3a\u4e91ECS Intel Cascade Lake 3.0GHz 8U16G \u534e\u4e3a\u4e91x86\u865a\u62df\u673a \u534e\u4e3a\u4e91ECS Huawei Kunpeng 920 2.6GHz 8U16G \u534e\u4e3a\u4e91arm64\u865a\u62df\u673a TaiShan 200-2280 Kunpeng 920,48 Core@2.6GHz*2; 256GB DDR4 RAM ARM\u67b6\u6784\u670d\u52a1\u5668 3 \u6d4b\u8bd5\u7ed3\u8bba\u6982\u8ff0 \u00b6 3.1 \u6d4b\u8bd5\u6574\u4f53\u7ed3\u8bba \u00b6 OpenStack Train \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1354 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86 API \u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 64 \u4e2a\uff08\u5168\u662f OpenStack Train \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982Keystone V1\u3001Cinder V1\u7b49\uff09\uff0c\u5931\u8d25\u7528\u4f8b 1 \u4e2a\uff08\u6d4b\u8bd5\u7528\u4f8b\u672c\u8eab\u95ee\u9898\uff09\uff0c\u5176\u4ed6 1289 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 OpenStack Wallaby \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1164 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86API\u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 70 \u4e2a\uff08\u5168\u662f OpenStack Wallaby \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982KeystoneV1\u3001Cinder V1\u7b49\uff0c\u548c\u4e0d\u652f\u6301\u7684barbican\u9879\u76ee\uff09\uff0c\u5931\u8d25\u7528\u4f8b 6 \u4e2a\uff0c\u5176\u4ed6 1088 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 \u6d4b\u8bd5\u6d3b\u52a8 tempest\u96c6\u6210\u6d4b\u8bd5 \u63a5\u53e3\u6d4b\u8bd5 API\u5168\u8986\u76d6 \u529f\u80fd\u6d4b\u8bd5 Train\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1354\u4e2a\uff0c\u5176\u4e2dSkip 64\u4e2a\uff0cFail 1\u4e2a\uff0c\u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u529f\u80fd\u6d4b\u8bd5 Wallaby\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1164\u4e2a\uff0c\u5176\u4e2dSkip 70\u4e2a\uff0cFail 6\u4e2a, \u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u6d4b\u8bd5\u6d3b\u52a8 \u529f\u80fd\u6d4b\u8bd5 \u529f\u80fd\u6d4b\u8bd5 \u865a\u62df\u673a\uff08KVM\u3001Qemu)\u3001\u5b58\u50a8\uff08lvm\u3001NFS\u3001Ceph\u540e\u7aef\uff09\u3001\u7f51\u7edc\u8d44\u6e90\uff08linuxbridge\u3001openvswitch\uff09\u7ba1\u7406\u64cd\u4f5c\u6b63\u5e38 3.2 \u7ea6\u675f\u8bf4\u660e \u00b6 \u672c\u6b21\u6d4b\u8bd5\u6ca1\u6709\u8986\u76d6 OpenStack Train \u3001 OpenStack Wallaby \u7248\u4e2d\u660e\u786e\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff0c\u56e0\u6b64\u4e0d\u80fd\u4fdd\u8bc1\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff08\u524d\u6587\u63d0\u5230\u7684Skip\u7684\u7528\u4f8b\uff09\u5728 openEuler 22.03 LTS \u4e0a\u80fd\u6b63\u5e38\u4f7f\u7528\u3002 3.3 \u9057\u7559\u95ee\u9898\u5206\u6790 \u00b6 3.3.1 \u9057\u7559\u95ee\u9898\u5f71\u54cd\u4ee5\u53ca\u89c4\u907f\u63aa\u65bd \u00b6 \u95ee\u9898\u5355\u53f7 \u95ee\u9898\u63cf\u8ff0 \u95ee\u9898\u7ea7\u522b \u95ee\u9898\u5f71\u54cd\u548c\u89c4\u907f\u63aa\u65bd \u5f53\u524d\u72b6\u6001 N/A N/A N/A N/A N/A 3.3.2 \u95ee\u9898\u7edf\u8ba1 \u00b6 \u95ee\u9898\u603b\u6570 \u4e25\u91cd \u4e3b\u8981 \u6b21\u8981 \u4e0d\u91cd\u8981 \u6570\u76ee 10 2 6 2 0 \u767e\u5206\u6bd4 100 20 60 20 0 4 \u6d4b\u8bd5\u6267\u884c \u00b6 4.1 \u6d4b\u8bd5\u6267\u884c\u7edf\u8ba1\u6570\u636e \u00b6 \u672c\u8282\u5185\u5bb9\u6839\u636e\u6d4b\u8bd5\u7528\u4f8b\u53ca\u5b9e\u9645\u6267\u884c\u60c5\u51b5\u8fdb\u884c\u7279\u6027\u6574\u4f53\u6d4b\u8bd5\u7684\u7edf\u8ba1\uff0c\u53ef\u6839\u636e\u7b2c\u4e8c\u7ae0\u7684\u6d4b\u8bd5\u8f6e\u6b21\u5206\u5f00\u8fdb\u884c\u7edf\u8ba1\u8bf4\u660e\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u7528\u4f8b\u6570 \u7528\u4f8b\u6267\u884c\u7ed3\u679c \u53d1\u73b0\u95ee\u9898\u5355\u6570 openEuler 22.03 LTS OpenStack Train 1354 \u901a\u8fc71289\u4e2a\uff0cskip 64\u4e2a\uff0cFail 1\u4e2a 7 openEuler 22.03 LTS OpenStack Wallaby 1164 \u901a\u8fc71088\u4e2a\uff0cskip 70\u4e2a\uff0cFail 6\u4e2a 3 4.2 \u540e\u7eed\u6d4b\u8bd5\u5efa\u8bae \u00b6 \u6db5\u76d6\u4e3b\u8981\u7684\u6027\u80fd\u6d4b\u8bd5 \u8986\u76d6\u66f4\u591a\u7684driver/plugin\u6d4b\u8bd5 5 \u9644\u4ef6 \u00b6 N/A","title":"openEuler-22.03-LTS"},{"location":"test/openEuler-22.03-LTS/#openeuler-2203-lts","text":"\u7248\u6743\u6240\u6709 \u00a9 2021 openEuler\u793e\u533a \u60a8\u5bf9\u201c\u672c\u6587\u6863\u201d\u7684\u590d\u5236\u3001\u4f7f\u7528\u3001\u4fee\u6539\u53ca\u5206\u53d1\u53d7\u77e5\u8bc6\u5171\u4eab(Creative Commons)\u7f72\u540d\u2014\u76f8\u540c\u65b9\u5f0f\u5171\u4eab4.0\u56fd\u9645\u516c\u5171\u8bb8\u53ef\u534f\u8bae(\u4ee5\u4e0b\u7b80\u79f0\u201cCC BY-SA 4.0\u201d)\u7684\u7ea6\u675f\u3002\u4e3a\u4e86\u65b9\u4fbf\u7528\u6237\u7406\u89e3\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95ee https://creativecommons.org/licenses/by-sa/4.0/ \u4e86\u89e3CC BY-SA 4.0\u7684\u6982\u8981 (\u4f46\u4e0d\u662f\u66ff\u4ee3)\u3002CC BY-SA 4.0\u7684\u5b8c\u6574\u534f\u8bae\u5185\u5bb9\u60a8\u53ef\u4ee5\u8bbf\u95ee\u5982\u4e0b\u7f51\u5740\u83b7\u53d6\uff1a https://creativecommons.org/licenses/by-sa/4.0/legalcode\u3002 \u4fee\u8ba2\u8bb0\u5f55 \u65e5\u671f \u4fee\u8ba2\u7248\u672c \u4fee\u6539\u63cf\u8ff0 \u4f5c\u8005 2022-03-21 1 \u521d\u7a3f \u674e\u4f73\u4f1f \u5173\u952e\u8bcd\uff1a OpenStack \u6458\u8981\uff1a \u5728 openEuler 22.03 LTS \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Train \u3001 OpenStack Wallaby \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u65b9\u4fbf\u7528\u6237\u5feb\u901f\u90e8\u7f72 OpenStack \u3002 \u7f29\u7565\u8bed\u6e05\u5355\uff1a \u7f29\u7565\u8bed \u82f1\u6587\u5168\u540d \u4e2d\u6587\u89e3\u91ca CLI Command Line Interface \u547d\u4ee4\u884c\u5de5\u5177 ECS Elastic Cloud Server \u5f39\u6027\u4e91\u670d\u52a1\u5668","title":"openEuler 22.03 LTS \u6d4b\u8bd5\u62a5\u544a"},{"location":"test/openEuler-22.03-LTS/#1","text":"\u5728 openEuler 22.03 LTS \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Train \u3001 OpenStack Wallaby \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u5305\u62ec\u4ee5\u4e0b\u9879\u76ee\u4ee5\u53ca\u6bcf\u4e2a\u9879\u76ee\u914d\u5957\u7684 CLI \u3002 Keystone Neutron Cinder Nova Placement Glance Horizon Aodh Ceilometer Cyborg Gnocchi Heat Swift Ironic Kolla Trove Tempest","title":"1 \u7279\u6027\u6982\u8ff0"},{"location":"test/openEuler-22.03-LTS/#2","text":"\u672c\u8282\u63cf\u8ff0\u88ab\u6d4b\u5bf9\u8c61\u7684\u7248\u672c\u4fe1\u606f\u548c\u6d4b\u8bd5\u7684\u65f6\u95f4\u53ca\u6d4b\u8bd5\u8f6e\u6b21\uff0c\u5305\u62ec\u4f9d\u8d56\u7684\u786c\u4ef6\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u8d77\u59cb\u65f6\u95f4 \u6d4b\u8bd5\u7ed3\u675f\u65f6\u95f4 openEuler 22.03 LTS RC1 (OpenStack Train\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2022.02.20 2022.02.27 openEuler 22.03 LTS RC1 (OpenStack Train\u7248\u672c\u57fa\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2022.02.28 2022.03.03 openEuler 22.03 LTS RC2 (OpenStack Train\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2022.03.04 2022.03.07 openEuler 22.03 LTS RC3 (OpenStack Train\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2022.03.08 2022.03.09 openEuler 22.03 LTS RC3 (OpenStack Wallaby\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2022.03.10 2022.03.15 openEuler 22.03 LTS RC3 (OpenStack Wallaby\u57fa\u7248\u672c\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2022.03.16 2022.03.19 openEuler 22.03 LTS RC4 (OpenStack Wallaby\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2022.03.20 2022.03.21 openEuler 22.03 LTS RC4 (OpenStack Wallaby\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2022.03.21 2022.03.22 \u63cf\u8ff0\u7279\u6027\u6d4b\u8bd5\u7684\u786c\u4ef6\u73af\u5883\u4fe1\u606f \u786c\u4ef6\u578b\u53f7 \u786c\u4ef6\u914d\u7f6e\u4fe1\u606f \u5907\u6ce8 \u534e\u4e3a\u4e91ECS Intel Cascade Lake 3.0GHz 8U16G \u534e\u4e3a\u4e91x86\u865a\u62df\u673a \u534e\u4e3a\u4e91ECS Huawei Kunpeng 920 2.6GHz 8U16G \u534e\u4e3a\u4e91arm64\u865a\u62df\u673a TaiShan 200-2280 Kunpeng 920,48 Core@2.6GHz*2; 256GB DDR4 RAM ARM\u67b6\u6784\u670d\u52a1\u5668","title":"2 \u7279\u6027\u6d4b\u8bd5\u4fe1\u606f"},{"location":"test/openEuler-22.03-LTS/#3","text":"","title":"3 \u6d4b\u8bd5\u7ed3\u8bba\u6982\u8ff0"},{"location":"test/openEuler-22.03-LTS/#31","text":"OpenStack Train \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1354 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86 API \u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 64 \u4e2a\uff08\u5168\u662f OpenStack Train \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982Keystone V1\u3001Cinder V1\u7b49\uff09\uff0c\u5931\u8d25\u7528\u4f8b 1 \u4e2a\uff08\u6d4b\u8bd5\u7528\u4f8b\u672c\u8eab\u95ee\u9898\uff09\uff0c\u5176\u4ed6 1289 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 OpenStack Wallaby \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1164 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86API\u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 70 \u4e2a\uff08\u5168\u662f OpenStack Wallaby \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982KeystoneV1\u3001Cinder V1\u7b49\uff0c\u548c\u4e0d\u652f\u6301\u7684barbican\u9879\u76ee\uff09\uff0c\u5931\u8d25\u7528\u4f8b 6 \u4e2a\uff0c\u5176\u4ed6 1088 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 \u6d4b\u8bd5\u6d3b\u52a8 tempest\u96c6\u6210\u6d4b\u8bd5 \u63a5\u53e3\u6d4b\u8bd5 API\u5168\u8986\u76d6 \u529f\u80fd\u6d4b\u8bd5 Train\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1354\u4e2a\uff0c\u5176\u4e2dSkip 64\u4e2a\uff0cFail 1\u4e2a\uff0c\u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u529f\u80fd\u6d4b\u8bd5 Wallaby\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1164\u4e2a\uff0c\u5176\u4e2dSkip 70\u4e2a\uff0cFail 6\u4e2a, \u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u6d4b\u8bd5\u6d3b\u52a8 \u529f\u80fd\u6d4b\u8bd5 \u529f\u80fd\u6d4b\u8bd5 \u865a\u62df\u673a\uff08KVM\u3001Qemu)\u3001\u5b58\u50a8\uff08lvm\u3001NFS\u3001Ceph\u540e\u7aef\uff09\u3001\u7f51\u7edc\u8d44\u6e90\uff08linuxbridge\u3001openvswitch\uff09\u7ba1\u7406\u64cd\u4f5c\u6b63\u5e38","title":"3.1 \u6d4b\u8bd5\u6574\u4f53\u7ed3\u8bba"},{"location":"test/openEuler-22.03-LTS/#32","text":"\u672c\u6b21\u6d4b\u8bd5\u6ca1\u6709\u8986\u76d6 OpenStack Train \u3001 OpenStack Wallaby \u7248\u4e2d\u660e\u786e\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff0c\u56e0\u6b64\u4e0d\u80fd\u4fdd\u8bc1\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff08\u524d\u6587\u63d0\u5230\u7684Skip\u7684\u7528\u4f8b\uff09\u5728 openEuler 22.03 LTS \u4e0a\u80fd\u6b63\u5e38\u4f7f\u7528\u3002","title":"3.2 \u7ea6\u675f\u8bf4\u660e"},{"location":"test/openEuler-22.03-LTS/#33","text":"","title":"3.3 \u9057\u7559\u95ee\u9898\u5206\u6790"},{"location":"test/openEuler-22.03-LTS/#331","text":"\u95ee\u9898\u5355\u53f7 \u95ee\u9898\u63cf\u8ff0 \u95ee\u9898\u7ea7\u522b \u95ee\u9898\u5f71\u54cd\u548c\u89c4\u907f\u63aa\u65bd \u5f53\u524d\u72b6\u6001 N/A N/A N/A N/A N/A","title":"3.3.1 \u9057\u7559\u95ee\u9898\u5f71\u54cd\u4ee5\u53ca\u89c4\u907f\u63aa\u65bd"},{"location":"test/openEuler-22.03-LTS/#332","text":"\u95ee\u9898\u603b\u6570 \u4e25\u91cd \u4e3b\u8981 \u6b21\u8981 \u4e0d\u91cd\u8981 \u6570\u76ee 10 2 6 2 0 \u767e\u5206\u6bd4 100 20 60 20 0","title":"3.3.2 \u95ee\u9898\u7edf\u8ba1"},{"location":"test/openEuler-22.03-LTS/#4","text":"","title":"4 \u6d4b\u8bd5\u6267\u884c"},{"location":"test/openEuler-22.03-LTS/#41","text":"\u672c\u8282\u5185\u5bb9\u6839\u636e\u6d4b\u8bd5\u7528\u4f8b\u53ca\u5b9e\u9645\u6267\u884c\u60c5\u51b5\u8fdb\u884c\u7279\u6027\u6574\u4f53\u6d4b\u8bd5\u7684\u7edf\u8ba1\uff0c\u53ef\u6839\u636e\u7b2c\u4e8c\u7ae0\u7684\u6d4b\u8bd5\u8f6e\u6b21\u5206\u5f00\u8fdb\u884c\u7edf\u8ba1\u8bf4\u660e\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u7528\u4f8b\u6570 \u7528\u4f8b\u6267\u884c\u7ed3\u679c \u53d1\u73b0\u95ee\u9898\u5355\u6570 openEuler 22.03 LTS OpenStack Train 1354 \u901a\u8fc71289\u4e2a\uff0cskip 64\u4e2a\uff0cFail 1\u4e2a 7 openEuler 22.03 LTS OpenStack Wallaby 1164 \u901a\u8fc71088\u4e2a\uff0cskip 70\u4e2a\uff0cFail 6\u4e2a 3","title":"4.1 \u6d4b\u8bd5\u6267\u884c\u7edf\u8ba1\u6570\u636e"},{"location":"test/openEuler-22.03-LTS/#42","text":"\u6db5\u76d6\u4e3b\u8981\u7684\u6027\u80fd\u6d4b\u8bd5 \u8986\u76d6\u66f4\u591a\u7684driver/plugin\u6d4b\u8bd5","title":"4.2 \u540e\u7eed\u6d4b\u8bd5\u5efa\u8bae"},{"location":"test/openEuler-22.03-LTS/#5","text":"N/A","title":"5 \u9644\u4ef6"},{"location":"test/openEuler-22.09/","text":"openEuler 22.09 OpenStack Yoga + OpenSD + \u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u7279\u6027\u6d4b\u8bd5\u62a5\u544a \u00b6 \u7248\u6743\u6240\u6709 \u00a9 2022 openEuler\u793e\u533a \u60a8\u5bf9\u201c\u672c\u6587\u6863\u201d\u7684\u590d\u5236\u3001\u4f7f\u7528\u3001\u4fee\u6539\u53ca\u5206\u53d1\u53d7\u77e5\u8bc6\u5171\u4eab(Creative Commons)\u7f72\u540d\u2014\u76f8\u540c\u65b9\u5f0f\u5171\u4eab4.0\u56fd\u9645\u516c\u5171\u8bb8\u53ef\u534f\u8bae(\u4ee5\u4e0b\u7b80\u79f0\u201cCC BY-SA 4.0\u201d)\u7684\u7ea6\u675f\u3002\u4e3a\u4e86\u65b9\u4fbf\u7528\u6237\u7406\u89e3\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95ee https://creativecommons.org/licenses/by-sa/4.0/ \u4e86\u89e3CC BY-SA 4.0\u7684\u6982\u8981 (\u4f46\u4e0d\u662f\u66ff\u4ee3)\u3002CC BY-SA 4.0\u7684\u5b8c\u6574\u534f\u8bae\u5185\u5bb9\u60a8\u53ef\u4ee5\u8bbf\u95ee\u5982\u4e0b\u7f51\u5740\u83b7\u53d6\uff1a https://creativecommons.org/licenses/by-sa/4.0/legalcode\u3002 \u4fee\u8ba2\u8bb0\u5f55 \u65e5\u671f \u4fee\u8ba2\u7248\u672c \u4fee\u6539\u63cf\u8ff0 \u4f5c\u8005 2022-09-15 1 \u521d\u7a3f \u97e9\u5149\u5b87 2022-09-16 2 \u683c\u5f0f\u6574\u6539\uff0c\u65b0\u589eopensd\u6d4b\u8bd5\u62a5\u544a,\u65b0\u589e\u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u7279\u6027\u6d4b\u8bd5\u62a5\u544a \u738b\u73ba\u6e90 \u5173\u952e\u8bcd\uff1a OpenStack\u3001opensd \u6458\u8981\uff1a \u5728 openEuler 22.09 \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Yoga \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u65b9\u4fbf\u7528\u6237\u5feb\u901f\u90e8\u7f72 OpenStack \u3002 opensd\u662f\u4e2d\u56fd\u8054\u901a\u5728openEuler\u5f00\u6e90\u7684OpenStack\u90e8\u7f72\u5de5\u5177\uff0c\u5728 openEuler 22.09 \u4e2d\u63d0\u4f9b\u5bf9 OpenStack Yoga \u7684\u652f\u6301\u3002 \u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7 \u7279\u6027\u662fOpenStack SIG\u81ea\u7814\u7684OpenStack\u7279\u6027\uff0c\u8be5\u7279\u6027\u5141\u8bb8\u7528\u6237\u6307\u5b9a\u865a\u62df\u673a\u7684\u4f18\u5148\u7ea7\uff0c\u57fa\u4e8e\u4e0d\u540c\u7684\u4f18\u5148\u7ea7\uff0cOpenStack\u81ea\u52a8\u5206\u914d\u4e0d\u540c\u7684\u7ed1\u6838\u7b56\u7565\uff0c\u914d\u5408openEuler\u81ea\u7814\u7684 skylark QOS\u670d\u52a1\uff0c\u5b9e\u73b0\u9ad8\u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u5bf9\u8d44\u6e90\u7684\u5408\u7406\u4f7f\u7528\u3002 \u7f29\u7565\u8bed\u6e05\u5355\uff1a \u7f29\u7565\u8bed \u82f1\u6587\u5168\u540d \u4e2d\u6587\u89e3\u91ca CLI Command Line Interface \u547d\u4ee4\u884c\u5de5\u5177 ECS Elastic Cloud Server \u5f39\u6027\u4e91\u670d\u52a1\u5668 1 \u7279\u6027\u6982\u8ff0 \u00b6 \u5728 openEuler 22.09 \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Yoga \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u5305\u62ec\u4ee5\u4e0b\u9879\u76ee\u4ee5\u53ca\u6bcf\u4e2a\u9879\u76ee\u914d\u5957\u7684 CLI \u3002 Keystone Neutron Cinder Nova Placement Glance Horizon Aodh Ceilometer Cyborg Gnocchi Heat Swift Ironic Kolla Trove Tempest \u5728 openEuler 22.09 \u7248\u672c\u4e2d\u63d0\u4f9b opensd \u7684\u5b89\u88c5\u5305\u4ee5\u53ca\u5bf9 openEuler \u548c OpenStack Yoga \u7684\u652f\u6301\u80fd\u529b\u3002 \u5728 openEuler 22.09 \u7248\u672c\u4e2d\u63d0\u4f9b openstack-plugin-priority-vm \u5b89\u88c5\u5305\uff0c\u652f\u6301\u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u7279\u6027\u3002 2 \u7279\u6027\u6d4b\u8bd5\u4fe1\u606f \u00b6 \u672c\u8282\u63cf\u8ff0\u88ab\u6d4b\u5bf9\u8c61\u7684\u7248\u672c\u4fe1\u606f\u548c\u6d4b\u8bd5\u7684\u65f6\u95f4\u53ca\u6d4b\u8bd5\u8f6e\u6b21\uff0c\u5305\u62ec\u4f9d\u8d56\u7684\u786c\u4ef6\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u8d77\u59cb\u65f6\u95f4 \u6d4b\u8bd5\u7ed3\u675f\u65f6\u95f4 openEuler 22.09 RC1 (OpenStack Yoga\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5\uff1bopensd\u5b89\u88c5\u80fd\u529b\u6d4b\u8bd5\uff1b\u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u7279\u6027\u5b89\u88c5\u6d4b\u8bd5) 2022.08.10 2022.08.17 openEuler 22.09 RC2 (OpenStack Yoga\u7248\u672c\u57fa\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\u3001\u5377 \u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5\uff1bopensd\u652f\u6301openEuler\u7684\u80fd\u529b\u6d4b\u8bd5\uff1b\u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u7279\u6027\u529f\u80fd\u6d4b\u8bd5) 2022.08.18 2022.08.23 openEuler 22.09 RC3 (OpenStack Yoga\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5\uff1bopensd\u652f\u6301OpenStack Yoga\u7684\u80fd\u529b\u6d4b\u8bd5\uff1b\u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u7279\u6027\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2022.08.24 2022.09.07 openEuler 22.09 RC4 (OpenStack Yoga\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5\uff1bopensd\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2022.09.08 2022.09.15 \u63cf\u8ff0\u7279\u6027\u6d4b\u8bd5\u7684\u786c\u4ef6\u73af\u5883\u4fe1\u606f \u786c\u4ef6\u578b\u53f7 \u786c\u4ef6\u914d\u7f6e\u4fe1\u606f \u5907\u6ce8 \u534e\u4e3a\u4e91ECS Intel Cascade Lake 3.0GHz 8U16G x86\u865a\u62df\u673a \u8054\u901a\u4e91ECS Intel(R) Xeon(R) Silver 4114 2.20GHz 8U16G X86\u865a\u62df\u673a \u534e\u4e3a 2288H V5 Intel Xeon Gold 6146 3.20GHz 48U192G X86\u7269\u7406\u673a \u8054\u901a\u4e91ECS Huawei Kunpeng 920 2.6GHz 4U8G arm64\u865a\u62df\u673a \u98de\u817eS2500 FT-S2500 2.1GHz 8U16G arm64\u865a\u62df\u673a \u98de\u817eS2500 FT-S2500,64 Core@2.1GHz*2; 512GB DDR4 RAM arm64\u7269\u7406\u673a 3 \u6d4b\u8bd5\u7ed3\u8bba\u6982\u8ff0 \u00b6 3.1 \u6d4b\u8bd5\u6574\u4f53\u7ed3\u8bba \u00b6 OpenStack Yoga \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1452 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86 API \u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 95 \u4e2a\uff08 OpenStack Yoga \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982Keystone V1\u3001Cinder V1\u7b49\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff08FLAT\u7f51\u7edc\u672a\u5b9e\u9645\u8054\u901a\u53ca\u5b58\u5728\u4e00\u4e9b\u8d85\u65f6\u95ee\u9898\uff09\uff0c\u5176\u4ed6 1357 \u4e2a\u7528\u4f8b\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 opensd \u652f\u6301 Yoga \u7248\u672c mariadb\u3001rabbitmq\u3001memcached\u3001ceph_client\u3001keystone\u3001glance\u3001cinder\u3001placement\u3001nova\u3001neutron \u517110\u4e2a\u9879\u76ee\u7684\u90e8\u7f72\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\u3002 \u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u7279\u6027 \uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\u3002 \u6d4b\u8bd5\u6d3b\u52a8 tempest\u96c6\u6210\u6d4b\u8bd5 \u63a5\u53e3\u6d4b\u8bd5 API\u5168\u8986\u76d6 \u529f\u80fd\u6d4b\u8bd5 Yoga\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1452\u4e2a\uff0c\u5176\u4e2dSkip 95\u4e2a\uff0cFail 0\u4e2a, \u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u6d4b\u8bd5\u6d3b\u52a8 \u529f\u80fd\u6d4b\u8bd5 \u529f\u80fd\u6d4b\u8bd5 \u865a\u62df\u673a\uff08KVM\u3001Qemu)\u3001\u5b58\u50a8\uff08lvm\u3001NFS\u3001Ceph\u540e\u7aef\uff09\u3001\u7f51\u7edc\u8d44\u6e90\uff08linuxbridge\u3001openvswitch\uff09\u7ba1\u7406\u64cd\u4f5c\u6b63\u5e38 3.2 \u7ea6\u675f\u8bf4\u660e \u00b6 \u672c\u6b21\u6d4b\u8bd5\u6ca1\u6709\u8986\u76d6 OpenStack Yoga \u7248\u4e2d\u660e\u786e\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff0c\u56e0\u6b64\u4e0d\u80fd\u4fdd\u8bc1\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff08\u524d\u6587\u63d0\u5230\u7684Skip\u7684\u7528\u4f8b\uff09\u5728 openEuler 22.09 \u4e0a\u80fd\u6b63\u5e38\u4f7f\u7528\u3002 opensd \u53ea\u652f\u6301\u6d4b\u8bd5\u8303\u56f4\u5185\u7684\u670d\u52a1\u90e8\u7f72\uff0c\u5176\u4ed6\u670d\u52a1\u672a\u7ecf\u8fc7\u6d4b\u8bd5\uff0c\u4e0d\u4fdd\u8bc1\u8d28\u91cf\u3002 \u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u7279\u6027 \u9700\u8981\u914d\u5408openEuelr 22.09 skylark\u670d\u52a1\u4f7f\u7528\u3002 3.3 \u9057\u7559\u95ee\u9898\u5206\u6790 \u00b6 3.3.1 \u9057\u7559\u95ee\u9898\u5f71\u54cd\u4ee5\u53ca\u89c4\u907f\u63aa\u65bd \u00b6 \u95ee\u9898\u5355\u53f7 \u95ee\u9898\u63cf\u8ff0 \u95ee\u9898\u7ea7\u522b \u95ee\u9898\u5f71\u54cd\u548c\u89c4\u907f\u63aa\u65bd \u5f53\u524d\u72b6\u6001 N/A N/A N/A N/A N/A 3.3.2 \u95ee\u9898\u7edf\u8ba1 \u00b6 \u95ee\u9898\u603b\u6570 \u4e25\u91cd \u4e3b\u8981 \u6b21\u8981 \u4e0d\u91cd\u8981 \u6570\u76ee 4 1 2 1 0 \u767e\u5206\u6bd4 100 25 59 25 0 4 \u6d4b\u8bd5\u6267\u884c \u00b6 4.1 \u6d4b\u8bd5\u6267\u884c\u7edf\u8ba1\u6570\u636e \u00b6 \u672c\u8282\u5185\u5bb9\u6839\u636e\u6d4b\u8bd5\u7528\u4f8b\u53ca\u5b9e\u9645\u6267\u884c\u60c5\u51b5\u8fdb\u884c\u7279\u6027\u6574\u4f53\u6d4b\u8bd5\u7684\u7edf\u8ba1\uff0c\u53ef\u6839\u636e\u7b2c\u4e8c\u7ae0\u7684\u6d4b\u8bd5\u8f6e\u6b21\u5206\u5f00\u8fdb\u884c\u7edf\u8ba1\u8bf4\u660e\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u7528\u4f8b\u6570 \u7528\u4f8b\u6267\u884c\u7ed3\u679c \u53d1\u73b0\u95ee\u9898\u5355\u6570 openEuler 22.09 OpenStack Yoga 1452 \u901a\u8fc71357\u4e2a\uff0cskip 95\u4e2a\uff0cFail 0\u4e2a 3 4.2 \u540e\u7eed\u6d4b\u8bd5\u5efa\u8bae \u00b6 \u6db5\u76d6\u4e3b\u8981\u7684\u6027\u80fd\u6d4b\u8bd5 \u8986\u76d6\u66f4\u591a\u7684driver/plugin\u6d4b\u8bd5 opensd\u6d4b\u8bd5\u9a8c\u8bc1\u66f4\u591aOpenStack\u670d\u52a1\u3002 5 \u9644\u4ef6 \u00b6 N/A","title":"openEuler-22.09"},{"location":"test/openEuler-22.09/#openeuler-2209-openstack-yoga-opensd","text":"\u7248\u6743\u6240\u6709 \u00a9 2022 openEuler\u793e\u533a \u60a8\u5bf9\u201c\u672c\u6587\u6863\u201d\u7684\u590d\u5236\u3001\u4f7f\u7528\u3001\u4fee\u6539\u53ca\u5206\u53d1\u53d7\u77e5\u8bc6\u5171\u4eab(Creative Commons)\u7f72\u540d\u2014\u76f8\u540c\u65b9\u5f0f\u5171\u4eab4.0\u56fd\u9645\u516c\u5171\u8bb8\u53ef\u534f\u8bae(\u4ee5\u4e0b\u7b80\u79f0\u201cCC BY-SA 4.0\u201d)\u7684\u7ea6\u675f\u3002\u4e3a\u4e86\u65b9\u4fbf\u7528\u6237\u7406\u89e3\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95ee https://creativecommons.org/licenses/by-sa/4.0/ \u4e86\u89e3CC BY-SA 4.0\u7684\u6982\u8981 (\u4f46\u4e0d\u662f\u66ff\u4ee3)\u3002CC BY-SA 4.0\u7684\u5b8c\u6574\u534f\u8bae\u5185\u5bb9\u60a8\u53ef\u4ee5\u8bbf\u95ee\u5982\u4e0b\u7f51\u5740\u83b7\u53d6\uff1a https://creativecommons.org/licenses/by-sa/4.0/legalcode\u3002 \u4fee\u8ba2\u8bb0\u5f55 \u65e5\u671f \u4fee\u8ba2\u7248\u672c \u4fee\u6539\u63cf\u8ff0 \u4f5c\u8005 2022-09-15 1 \u521d\u7a3f \u97e9\u5149\u5b87 2022-09-16 2 \u683c\u5f0f\u6574\u6539\uff0c\u65b0\u589eopensd\u6d4b\u8bd5\u62a5\u544a,\u65b0\u589e\u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u7279\u6027\u6d4b\u8bd5\u62a5\u544a \u738b\u73ba\u6e90 \u5173\u952e\u8bcd\uff1a OpenStack\u3001opensd \u6458\u8981\uff1a \u5728 openEuler 22.09 \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Yoga \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u65b9\u4fbf\u7528\u6237\u5feb\u901f\u90e8\u7f72 OpenStack \u3002 opensd\u662f\u4e2d\u56fd\u8054\u901a\u5728openEuler\u5f00\u6e90\u7684OpenStack\u90e8\u7f72\u5de5\u5177\uff0c\u5728 openEuler 22.09 \u4e2d\u63d0\u4f9b\u5bf9 OpenStack Yoga \u7684\u652f\u6301\u3002 \u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7 \u7279\u6027\u662fOpenStack SIG\u81ea\u7814\u7684OpenStack\u7279\u6027\uff0c\u8be5\u7279\u6027\u5141\u8bb8\u7528\u6237\u6307\u5b9a\u865a\u62df\u673a\u7684\u4f18\u5148\u7ea7\uff0c\u57fa\u4e8e\u4e0d\u540c\u7684\u4f18\u5148\u7ea7\uff0cOpenStack\u81ea\u52a8\u5206\u914d\u4e0d\u540c\u7684\u7ed1\u6838\u7b56\u7565\uff0c\u914d\u5408openEuler\u81ea\u7814\u7684 skylark QOS\u670d\u52a1\uff0c\u5b9e\u73b0\u9ad8\u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u5bf9\u8d44\u6e90\u7684\u5408\u7406\u4f7f\u7528\u3002 \u7f29\u7565\u8bed\u6e05\u5355\uff1a \u7f29\u7565\u8bed \u82f1\u6587\u5168\u540d \u4e2d\u6587\u89e3\u91ca CLI Command Line Interface \u547d\u4ee4\u884c\u5de5\u5177 ECS Elastic Cloud Server \u5f39\u6027\u4e91\u670d\u52a1\u5668","title":"openEuler 22.09 OpenStack Yoga + OpenSD + \u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u7279\u6027\u6d4b\u8bd5\u62a5\u544a"},{"location":"test/openEuler-22.09/#1","text":"\u5728 openEuler 22.09 \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Yoga \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u5305\u62ec\u4ee5\u4e0b\u9879\u76ee\u4ee5\u53ca\u6bcf\u4e2a\u9879\u76ee\u914d\u5957\u7684 CLI \u3002 Keystone Neutron Cinder Nova Placement Glance Horizon Aodh Ceilometer Cyborg Gnocchi Heat Swift Ironic Kolla Trove Tempest \u5728 openEuler 22.09 \u7248\u672c\u4e2d\u63d0\u4f9b opensd \u7684\u5b89\u88c5\u5305\u4ee5\u53ca\u5bf9 openEuler \u548c OpenStack Yoga \u7684\u652f\u6301\u80fd\u529b\u3002 \u5728 openEuler 22.09 \u7248\u672c\u4e2d\u63d0\u4f9b openstack-plugin-priority-vm \u5b89\u88c5\u5305\uff0c\u652f\u6301\u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u7279\u6027\u3002","title":"1 \u7279\u6027\u6982\u8ff0"},{"location":"test/openEuler-22.09/#2","text":"\u672c\u8282\u63cf\u8ff0\u88ab\u6d4b\u5bf9\u8c61\u7684\u7248\u672c\u4fe1\u606f\u548c\u6d4b\u8bd5\u7684\u65f6\u95f4\u53ca\u6d4b\u8bd5\u8f6e\u6b21\uff0c\u5305\u62ec\u4f9d\u8d56\u7684\u786c\u4ef6\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u8d77\u59cb\u65f6\u95f4 \u6d4b\u8bd5\u7ed3\u675f\u65f6\u95f4 openEuler 22.09 RC1 (OpenStack Yoga\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5\uff1bopensd\u5b89\u88c5\u80fd\u529b\u6d4b\u8bd5\uff1b\u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u7279\u6027\u5b89\u88c5\u6d4b\u8bd5) 2022.08.10 2022.08.17 openEuler 22.09 RC2 (OpenStack Yoga\u7248\u672c\u57fa\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\u3001\u5377 \u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5\uff1bopensd\u652f\u6301openEuler\u7684\u80fd\u529b\u6d4b\u8bd5\uff1b\u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u7279\u6027\u529f\u80fd\u6d4b\u8bd5) 2022.08.18 2022.08.23 openEuler 22.09 RC3 (OpenStack Yoga\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5\uff1bopensd\u652f\u6301OpenStack Yoga\u7684\u80fd\u529b\u6d4b\u8bd5\uff1b\u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u7279\u6027\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2022.08.24 2022.09.07 openEuler 22.09 RC4 (OpenStack Yoga\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5\uff1bopensd\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2022.09.08 2022.09.15 \u63cf\u8ff0\u7279\u6027\u6d4b\u8bd5\u7684\u786c\u4ef6\u73af\u5883\u4fe1\u606f \u786c\u4ef6\u578b\u53f7 \u786c\u4ef6\u914d\u7f6e\u4fe1\u606f \u5907\u6ce8 \u534e\u4e3a\u4e91ECS Intel Cascade Lake 3.0GHz 8U16G x86\u865a\u62df\u673a \u8054\u901a\u4e91ECS Intel(R) Xeon(R) Silver 4114 2.20GHz 8U16G X86\u865a\u62df\u673a \u534e\u4e3a 2288H V5 Intel Xeon Gold 6146 3.20GHz 48U192G X86\u7269\u7406\u673a \u8054\u901a\u4e91ECS Huawei Kunpeng 920 2.6GHz 4U8G arm64\u865a\u62df\u673a \u98de\u817eS2500 FT-S2500 2.1GHz 8U16G arm64\u865a\u62df\u673a \u98de\u817eS2500 FT-S2500,64 Core@2.1GHz*2; 512GB DDR4 RAM arm64\u7269\u7406\u673a","title":"2 \u7279\u6027\u6d4b\u8bd5\u4fe1\u606f"},{"location":"test/openEuler-22.09/#3","text":"","title":"3 \u6d4b\u8bd5\u7ed3\u8bba\u6982\u8ff0"},{"location":"test/openEuler-22.09/#31","text":"OpenStack Yoga \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1452 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86 API \u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 95 \u4e2a\uff08 OpenStack Yoga \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982Keystone V1\u3001Cinder V1\u7b49\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff08FLAT\u7f51\u7edc\u672a\u5b9e\u9645\u8054\u901a\u53ca\u5b58\u5728\u4e00\u4e9b\u8d85\u65f6\u95ee\u9898\uff09\uff0c\u5176\u4ed6 1357 \u4e2a\u7528\u4f8b\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 opensd \u652f\u6301 Yoga \u7248\u672c mariadb\u3001rabbitmq\u3001memcached\u3001ceph_client\u3001keystone\u3001glance\u3001cinder\u3001placement\u3001nova\u3001neutron \u517110\u4e2a\u9879\u76ee\u7684\u90e8\u7f72\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\u3002 \u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u7279\u6027 \uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\u3002 \u6d4b\u8bd5\u6d3b\u52a8 tempest\u96c6\u6210\u6d4b\u8bd5 \u63a5\u53e3\u6d4b\u8bd5 API\u5168\u8986\u76d6 \u529f\u80fd\u6d4b\u8bd5 Yoga\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1452\u4e2a\uff0c\u5176\u4e2dSkip 95\u4e2a\uff0cFail 0\u4e2a, \u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u6d4b\u8bd5\u6d3b\u52a8 \u529f\u80fd\u6d4b\u8bd5 \u529f\u80fd\u6d4b\u8bd5 \u865a\u62df\u673a\uff08KVM\u3001Qemu)\u3001\u5b58\u50a8\uff08lvm\u3001NFS\u3001Ceph\u540e\u7aef\uff09\u3001\u7f51\u7edc\u8d44\u6e90\uff08linuxbridge\u3001openvswitch\uff09\u7ba1\u7406\u64cd\u4f5c\u6b63\u5e38","title":"3.1 \u6d4b\u8bd5\u6574\u4f53\u7ed3\u8bba"},{"location":"test/openEuler-22.09/#32","text":"\u672c\u6b21\u6d4b\u8bd5\u6ca1\u6709\u8986\u76d6 OpenStack Yoga \u7248\u4e2d\u660e\u786e\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff0c\u56e0\u6b64\u4e0d\u80fd\u4fdd\u8bc1\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff08\u524d\u6587\u63d0\u5230\u7684Skip\u7684\u7528\u4f8b\uff09\u5728 openEuler 22.09 \u4e0a\u80fd\u6b63\u5e38\u4f7f\u7528\u3002 opensd \u53ea\u652f\u6301\u6d4b\u8bd5\u8303\u56f4\u5185\u7684\u670d\u52a1\u90e8\u7f72\uff0c\u5176\u4ed6\u670d\u52a1\u672a\u7ecf\u8fc7\u6d4b\u8bd5\uff0c\u4e0d\u4fdd\u8bc1\u8d28\u91cf\u3002 \u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u7279\u6027 \u9700\u8981\u914d\u5408openEuelr 22.09 skylark\u670d\u52a1\u4f7f\u7528\u3002","title":"3.2 \u7ea6\u675f\u8bf4\u660e"},{"location":"test/openEuler-22.09/#33","text":"","title":"3.3 \u9057\u7559\u95ee\u9898\u5206\u6790"},{"location":"test/openEuler-22.09/#331","text":"\u95ee\u9898\u5355\u53f7 \u95ee\u9898\u63cf\u8ff0 \u95ee\u9898\u7ea7\u522b \u95ee\u9898\u5f71\u54cd\u548c\u89c4\u907f\u63aa\u65bd \u5f53\u524d\u72b6\u6001 N/A N/A N/A N/A N/A","title":"3.3.1 \u9057\u7559\u95ee\u9898\u5f71\u54cd\u4ee5\u53ca\u89c4\u907f\u63aa\u65bd"},{"location":"test/openEuler-22.09/#332","text":"\u95ee\u9898\u603b\u6570 \u4e25\u91cd \u4e3b\u8981 \u6b21\u8981 \u4e0d\u91cd\u8981 \u6570\u76ee 4 1 2 1 0 \u767e\u5206\u6bd4 100 25 59 25 0","title":"3.3.2 \u95ee\u9898\u7edf\u8ba1"},{"location":"test/openEuler-22.09/#4","text":"","title":"4 \u6d4b\u8bd5\u6267\u884c"},{"location":"test/openEuler-22.09/#41","text":"\u672c\u8282\u5185\u5bb9\u6839\u636e\u6d4b\u8bd5\u7528\u4f8b\u53ca\u5b9e\u9645\u6267\u884c\u60c5\u51b5\u8fdb\u884c\u7279\u6027\u6574\u4f53\u6d4b\u8bd5\u7684\u7edf\u8ba1\uff0c\u53ef\u6839\u636e\u7b2c\u4e8c\u7ae0\u7684\u6d4b\u8bd5\u8f6e\u6b21\u5206\u5f00\u8fdb\u884c\u7edf\u8ba1\u8bf4\u660e\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u7528\u4f8b\u6570 \u7528\u4f8b\u6267\u884c\u7ed3\u679c \u53d1\u73b0\u95ee\u9898\u5355\u6570 openEuler 22.09 OpenStack Yoga 1452 \u901a\u8fc71357\u4e2a\uff0cskip 95\u4e2a\uff0cFail 0\u4e2a 3","title":"4.1 \u6d4b\u8bd5\u6267\u884c\u7edf\u8ba1\u6570\u636e"},{"location":"test/openEuler-22.09/#42","text":"\u6db5\u76d6\u4e3b\u8981\u7684\u6027\u80fd\u6d4b\u8bd5 \u8986\u76d6\u66f4\u591a\u7684driver/plugin\u6d4b\u8bd5 opensd\u6d4b\u8bd5\u9a8c\u8bc1\u66f4\u591aOpenStack\u670d\u52a1\u3002","title":"4.2 \u540e\u7eed\u6d4b\u8bd5\u5efa\u8bae"},{"location":"test/openEuler-22.09/#5","text":"N/A","title":"5 \u9644\u4ef6"},{"location":"test/openEuler-24.03-LTS/","text":"openEuler 24.03 LTS \u6d4b\u8bd5\u62a5\u544a \u00b6 \u7248\u6743\u6240\u6709 \u00a9 2024 openEuler\u793e\u533a \u60a8\u5bf9\u201c\u672c\u6587\u6863\u201d\u7684\u590d\u5236\u3001\u4f7f\u7528\u3001\u4fee\u6539\u53ca\u5206\u53d1\u53d7\u77e5\u8bc6\u5171\u4eab(Creative Commons)\u7f72\u540d\u2014\u76f8\u540c\u65b9\u5f0f\u5171\u4eab4.0\u56fd\u9645\u516c\u5171\u8bb8\u53ef\u534f\u8bae(\u4ee5\u4e0b\u7b80\u79f0\u201cCC BY-SA 4.0\u201d)\u7684\u7ea6\u675f\u3002\u4e3a\u4e86\u65b9\u4fbf\u7528\u6237\u7406\u89e3\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95eehttps://creativecommons.org/licenses/by-sa/4.0/ \u4e86\u89e3CC BY-SA 4.0\u7684\u6982\u8981 (\u4f46\u4e0d\u662f\u66ff\u4ee3)\u3002CC BY-SA 4.0\u7684\u5b8c\u6574\u534f\u8bae\u5185\u5bb9\u60a8\u53ef\u4ee5\u8bbf\u95ee\u5982\u4e0b\u7f51\u5740\u83b7\u53d6\uff1ahttps://creativecommons.org/licenses/by-sa/4.0/legalcode\u3002 \u4fee\u8ba2\u8bb0\u5f55 \u65e5\u671f \u4fee\u8ba2\u7248\u672c \u4fee\u6539\u63cf\u8ff0 \u4f5c\u8005 2024-06-03 1 \u521d\u7a3f \u90d1\u633a \u5173\u952e\u8bcd\uff1a OpenStack \u6458\u8981\uff1a \u5728 openEuler 24.03 LTS \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Wallaby \u3001 OpenStack Antelope \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u65b9\u4fbf\u7528\u6237\u5feb\u901f\u90e8\u7f72 OpenStack \u3002 \u7f29\u7565\u8bed\u6e05\u5355\uff1a \u7f29\u7565\u8bed \u82f1\u6587\u5168\u540d \u4e2d\u6587\u89e3\u91ca CLI Command Line Interface \u547d\u4ee4\u884c\u5de5\u5177 ECS Elastic Cloud Server \u5f39\u6027\u4e91\u670d\u52a1\u5668 1 \u7279\u6027\u6982\u8ff0 \u00b6 \u5728 openEuler 24.03 LTS \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Wallaby \u3001 OpenStack Antelope \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u5305\u62ec\u4ee5\u4e0b\u9879\u76ee\u4ee5\u53ca\u6bcf\u4e2a\u9879\u76ee\u914d\u5957\u7684 CLI \u3002 Keystone Neutron Cinder Nova Placement Glance Horizon Aodh Ceilometer Cyborg Gnocchi Heat Swift Ironic Kolla Trove Tempest Barbican Octavia designate Manila Masakari Mistral Senlin Zaqar 2 \u7279\u6027\u6d4b\u8bd5\u4fe1\u606f \u00b6 \u672c\u8282\u63cf\u8ff0\u88ab\u6d4b\u5bf9\u8c61\u7684\u7248\u672c\u4fe1\u606f\u548c\u6d4b\u8bd5\u7684\u65f6\u95f4\u53ca\u6d4b\u8bd5\u8f6e\u6b21\uff0c\u5305\u62ec\u4f9d\u8d56\u7684\u786c\u4ef6\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u8d77\u59cb\u65f6\u95f4 \u6d4b\u8bd5\u7ed3\u675f\u65f6\u95f4 openEuler 24.03 LTS RC1 (OpenStack Antelope\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2024.03.31 2024.04.03 openEuler 24.03 LTS RC1 (OpenStack Antelope\u7248\u672c\u57fa\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2024.04.04 2024.04.09 openEuler 24.03 LTS RC2 (OpenStack Antelope\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2024.04.10 2024.04.19 openEuler 24.03 LTS RC3 (OpenStack Antelope\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2024.04.20 2024.05.09 openEuler 24.03 LTS RC4 (OpenStack Wallaby\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2024.05.10 2024.05.14 openEuler 24.03 LTS RC4 (OpenStack Wallaby\u57fa\u7248\u672c\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2024.05.15 2024.05.21 openEuler 24.03 LTS RC5 (OpenStack Wallaby\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2024.05.22 2024.05.28 openEuler 24.03 LTS RC5 (OpenStack Wallaby\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2024.05.29 2024.06.03 \u63cf\u8ff0\u7279\u6027\u6d4b\u8bd5\u7684\u786c\u4ef6\u73af\u5883\u4fe1\u606f \u786c\u4ef6\u578b\u53f7 \u786c\u4ef6\u914d\u7f6e\u4fe1\u606f \u5907\u6ce8 \u534e\u4e3a\u4e91ECS Intel Cascade Lake 3.0GHz 8U16G \u534e\u4e3a\u4e91x86\u865a\u62df\u673a \u534e\u4e3a\u4e91ECS Huawei Kunpeng 920 2.6GHz 8U16G \u534e\u4e3a\u4e91arm64\u865a\u62df\u673a 3 \u6d4b\u8bd5\u7ed3\u8bba\u6982\u8ff0 \u00b6 3.1 \u6d4b\u8bd5\u6574\u4f53\u7ed3\u8bba \u00b6 OpenStack Antelope \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1483 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86 API \u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 100 \u4e2a\uff08\u5168\u662f OpenStack Antelope \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982Keystone V1\u3001Cinder V1\u7b49\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff0c\u5176\u4ed6 1383 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 OpenStack Wallaby \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1434 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86 API \u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 95 \u4e2a\uff08\u5168\u662f OpenStack Wallaby \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982KeystoneV1\u3001Cinder V1\u7b49\uff0c\u548c\u4e0d\u652f\u6301\u7684barbican\u9879\u76ee\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff0c\u5176\u4ed6 1339 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 \u6d4b\u8bd5\u6d3b\u52a8 tempest\u96c6\u6210\u6d4b\u8bd5 \u63a5\u53e3\u6d4b\u8bd5 API\u5168\u8986\u76d6 \u529f\u80fd\u6d4b\u8bd5 Antelope\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1483\u4e2a\uff0c\u5176\u4e2dSkip 100\u4e2a\uff0cFail 0\u4e2a\uff0c\u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u529f\u80fd\u6d4b\u8bd5 Wallaby\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1434\u4e2a\uff0c\u5176\u4e2dSkip 95\u4e2a\uff0cFail 0\u4e2a, \u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u6d4b\u8bd5\u6d3b\u52a8 \u529f\u80fd\u6d4b\u8bd5 \u529f\u80fd\u6d4b\u8bd5 \u865a\u62df\u673a\uff08KVM\u3001Qemu)\u3001\u5b58\u50a8\uff08lvm\u3001NFS\u3001Ceph\u540e\u7aef\uff09\u3001\u7f51\u7edc\u8d44\u6e90\uff08linuxbridge\u3001openvswitch\uff09\u7ba1\u7406\u64cd\u4f5c\u6b63\u5e38 3.2 \u7ea6\u675f\u8bf4\u660e \u00b6 \u672c\u6b21\u6d4b\u8bd5\u6ca1\u6709\u8986\u76d6 OpenStack Antelope \u3001 OpenStack Wallaby \u7248\u4e2d\u660e\u786e\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff0c\u56e0\u6b64\u4e0d\u80fd\u4fdd\u8bc1\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff08\u524d\u6587\u63d0\u5230\u7684Skip\u7684\u7528\u4f8b\uff09\u5728 openEuler 24.03 LTS \u4e0a\u80fd\u6b63\u5e38\u4f7f\u7528\u3002 3.3 \u9057\u7559\u95ee\u9898\u5206\u6790 \u00b6 3.3.1 \u9057\u7559\u95ee\u9898\u5f71\u54cd\u4ee5\u53ca\u89c4\u907f\u63aa\u65bd \u00b6 \u95ee\u9898\u5355\u53f7 \u95ee\u9898\u63cf\u8ff0 \u95ee\u9898\u7ea7\u522b \u95ee\u9898\u5f71\u54cd\u548c\u89c4\u907f\u63aa\u65bd \u5f53\u524d\u72b6\u6001 N/A N/A N/A N/A N/A 3.3.2 \u95ee\u9898\u7edf\u8ba1 \u00b6 \u95ee\u9898\u603b\u6570 \u4e25\u91cd \u4e3b\u8981 \u6b21\u8981 \u4e0d\u91cd\u8981 \u6570\u76ee 6 0 6 0 0 \u767e\u5206\u6bd4 100 0 100 0 0 ISSUE Link https://gitee.com/openeuler/openstack/issues/I9RUHD?from=project-issue https://gitee.com/openeuler/openstack/issues/I9RKHC?from=project-issue https://gitee.com/openeuler/openstack/issues/I9S2L0?from=project-issue https://gitee.com/openeuler/openstack/issues/I9S2LT?from=project-issue https://gitee.com/openeuler/openstack/issues/I9UF6L?from=project-issue https://gitee.com/openeuler/openstack/issues/I9UFAZ?from=project-issue 4 \u6d4b\u8bd5\u6267\u884c \u00b6 4.1 \u6d4b\u8bd5\u6267\u884c\u7edf\u8ba1\u6570\u636e \u00b6 \u672c\u8282\u5185\u5bb9\u6839\u636e\u6d4b\u8bd5\u7528\u4f8b\u53ca\u5b9e\u9645\u6267\u884c\u60c5\u51b5\u8fdb\u884c\u7279\u6027\u6574\u4f53\u6d4b\u8bd5\u7684\u7edf\u8ba1\uff0c\u53ef\u6839\u636e\u7b2c\u4e8c\u7ae0\u7684\u6d4b\u8bd5\u8f6e\u6b21\u5206\u5f00\u8fdb\u884c\u7edf\u8ba1\u8bf4\u660e\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u7528\u4f8b\u6570 \u7528\u4f8b\u6267\u884c\u7ed3\u679c \u53d1\u73b0\u95ee\u9898\u5355\u6570 openEuler 24.03 LTS OpenStack Antelope 1483 \u901a\u8fc71383\u4e2a\uff0cskip 100\u4e2a\uff0cFail 0\u4e2a 1 openEuler 24.03 LTS OpenStack Wallaby 1434 \u901a\u8fc71339\u4e2a\uff0cskip 95\u4e2a\uff0cFail 0\u4e2a 5 4.2 \u540e\u7eed\u6d4b\u8bd5\u5efa\u8bae \u00b6 \u6db5\u76d6\u4e3b\u8981\u7684\u6027\u80fd\u6d4b\u8bd5\u3002 \u8986\u76d6\u66f4\u591a\u7684driver/plugin\u6d4b\u8bd5\u3002 \u91cd\u70b9\u6d4b\u8bd5Antelope\u548cWallaby\u7248\u672c\u5bf9python3.11\u7248\u672c\u7684\u9002\u914d\u60c5\u51b5\u3002 5 \u9644\u4ef6 \u00b6 N/A","title":"openEuler-24.03-LTS"},{"location":"test/openEuler-24.03-LTS/#openeuler-2403-lts","text":"\u7248\u6743\u6240\u6709 \u00a9 2024 openEuler\u793e\u533a \u60a8\u5bf9\u201c\u672c\u6587\u6863\u201d\u7684\u590d\u5236\u3001\u4f7f\u7528\u3001\u4fee\u6539\u53ca\u5206\u53d1\u53d7\u77e5\u8bc6\u5171\u4eab(Creative Commons)\u7f72\u540d\u2014\u76f8\u540c\u65b9\u5f0f\u5171\u4eab4.0\u56fd\u9645\u516c\u5171\u8bb8\u53ef\u534f\u8bae(\u4ee5\u4e0b\u7b80\u79f0\u201cCC BY-SA 4.0\u201d)\u7684\u7ea6\u675f\u3002\u4e3a\u4e86\u65b9\u4fbf\u7528\u6237\u7406\u89e3\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95eehttps://creativecommons.org/licenses/by-sa/4.0/ \u4e86\u89e3CC BY-SA 4.0\u7684\u6982\u8981 (\u4f46\u4e0d\u662f\u66ff\u4ee3)\u3002CC BY-SA 4.0\u7684\u5b8c\u6574\u534f\u8bae\u5185\u5bb9\u60a8\u53ef\u4ee5\u8bbf\u95ee\u5982\u4e0b\u7f51\u5740\u83b7\u53d6\uff1ahttps://creativecommons.org/licenses/by-sa/4.0/legalcode\u3002 \u4fee\u8ba2\u8bb0\u5f55 \u65e5\u671f \u4fee\u8ba2\u7248\u672c \u4fee\u6539\u63cf\u8ff0 \u4f5c\u8005 2024-06-03 1 \u521d\u7a3f \u90d1\u633a \u5173\u952e\u8bcd\uff1a OpenStack \u6458\u8981\uff1a \u5728 openEuler 24.03 LTS \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Wallaby \u3001 OpenStack Antelope \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u65b9\u4fbf\u7528\u6237\u5feb\u901f\u90e8\u7f72 OpenStack \u3002 \u7f29\u7565\u8bed\u6e05\u5355\uff1a \u7f29\u7565\u8bed \u82f1\u6587\u5168\u540d \u4e2d\u6587\u89e3\u91ca CLI Command Line Interface \u547d\u4ee4\u884c\u5de5\u5177 ECS Elastic Cloud Server \u5f39\u6027\u4e91\u670d\u52a1\u5668","title":"openEuler 24.03 LTS \u6d4b\u8bd5\u62a5\u544a"},{"location":"test/openEuler-24.03-LTS/#1","text":"\u5728 openEuler 24.03 LTS \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Wallaby \u3001 OpenStack Antelope \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u5305\u62ec\u4ee5\u4e0b\u9879\u76ee\u4ee5\u53ca\u6bcf\u4e2a\u9879\u76ee\u914d\u5957\u7684 CLI \u3002 Keystone Neutron Cinder Nova Placement Glance Horizon Aodh Ceilometer Cyborg Gnocchi Heat Swift Ironic Kolla Trove Tempest Barbican Octavia designate Manila Masakari Mistral Senlin Zaqar","title":"1 \u7279\u6027\u6982\u8ff0"},{"location":"test/openEuler-24.03-LTS/#2","text":"\u672c\u8282\u63cf\u8ff0\u88ab\u6d4b\u5bf9\u8c61\u7684\u7248\u672c\u4fe1\u606f\u548c\u6d4b\u8bd5\u7684\u65f6\u95f4\u53ca\u6d4b\u8bd5\u8f6e\u6b21\uff0c\u5305\u62ec\u4f9d\u8d56\u7684\u786c\u4ef6\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u8d77\u59cb\u65f6\u95f4 \u6d4b\u8bd5\u7ed3\u675f\u65f6\u95f4 openEuler 24.03 LTS RC1 (OpenStack Antelope\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2024.03.31 2024.04.03 openEuler 24.03 LTS RC1 (OpenStack Antelope\u7248\u672c\u57fa\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2024.04.04 2024.04.09 openEuler 24.03 LTS RC2 (OpenStack Antelope\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2024.04.10 2024.04.19 openEuler 24.03 LTS RC3 (OpenStack Antelope\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2024.04.20 2024.05.09 openEuler 24.03 LTS RC4 (OpenStack Wallaby\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2024.05.10 2024.05.14 openEuler 24.03 LTS RC4 (OpenStack Wallaby\u57fa\u7248\u672c\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2024.05.15 2024.05.21 openEuler 24.03 LTS RC5 (OpenStack Wallaby\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2024.05.22 2024.05.28 openEuler 24.03 LTS RC5 (OpenStack Wallaby\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2024.05.29 2024.06.03 \u63cf\u8ff0\u7279\u6027\u6d4b\u8bd5\u7684\u786c\u4ef6\u73af\u5883\u4fe1\u606f \u786c\u4ef6\u578b\u53f7 \u786c\u4ef6\u914d\u7f6e\u4fe1\u606f \u5907\u6ce8 \u534e\u4e3a\u4e91ECS Intel Cascade Lake 3.0GHz 8U16G \u534e\u4e3a\u4e91x86\u865a\u62df\u673a \u534e\u4e3a\u4e91ECS Huawei Kunpeng 920 2.6GHz 8U16G \u534e\u4e3a\u4e91arm64\u865a\u62df\u673a","title":"2 \u7279\u6027\u6d4b\u8bd5\u4fe1\u606f"},{"location":"test/openEuler-24.03-LTS/#3","text":"","title":"3 \u6d4b\u8bd5\u7ed3\u8bba\u6982\u8ff0"},{"location":"test/openEuler-24.03-LTS/#31","text":"OpenStack Antelope \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1483 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86 API \u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 100 \u4e2a\uff08\u5168\u662f OpenStack Antelope \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982Keystone V1\u3001Cinder V1\u7b49\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff0c\u5176\u4ed6 1383 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 OpenStack Wallaby \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1434 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86 API \u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 95 \u4e2a\uff08\u5168\u662f OpenStack Wallaby \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982KeystoneV1\u3001Cinder V1\u7b49\uff0c\u548c\u4e0d\u652f\u6301\u7684barbican\u9879\u76ee\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff0c\u5176\u4ed6 1339 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 \u6d4b\u8bd5\u6d3b\u52a8 tempest\u96c6\u6210\u6d4b\u8bd5 \u63a5\u53e3\u6d4b\u8bd5 API\u5168\u8986\u76d6 \u529f\u80fd\u6d4b\u8bd5 Antelope\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1483\u4e2a\uff0c\u5176\u4e2dSkip 100\u4e2a\uff0cFail 0\u4e2a\uff0c\u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u529f\u80fd\u6d4b\u8bd5 Wallaby\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1434\u4e2a\uff0c\u5176\u4e2dSkip 95\u4e2a\uff0cFail 0\u4e2a, \u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u6d4b\u8bd5\u6d3b\u52a8 \u529f\u80fd\u6d4b\u8bd5 \u529f\u80fd\u6d4b\u8bd5 \u865a\u62df\u673a\uff08KVM\u3001Qemu)\u3001\u5b58\u50a8\uff08lvm\u3001NFS\u3001Ceph\u540e\u7aef\uff09\u3001\u7f51\u7edc\u8d44\u6e90\uff08linuxbridge\u3001openvswitch\uff09\u7ba1\u7406\u64cd\u4f5c\u6b63\u5e38","title":"3.1 \u6d4b\u8bd5\u6574\u4f53\u7ed3\u8bba"},{"location":"test/openEuler-24.03-LTS/#32","text":"\u672c\u6b21\u6d4b\u8bd5\u6ca1\u6709\u8986\u76d6 OpenStack Antelope \u3001 OpenStack Wallaby \u7248\u4e2d\u660e\u786e\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff0c\u56e0\u6b64\u4e0d\u80fd\u4fdd\u8bc1\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff08\u524d\u6587\u63d0\u5230\u7684Skip\u7684\u7528\u4f8b\uff09\u5728 openEuler 24.03 LTS \u4e0a\u80fd\u6b63\u5e38\u4f7f\u7528\u3002","title":"3.2 \u7ea6\u675f\u8bf4\u660e"},{"location":"test/openEuler-24.03-LTS/#33","text":"","title":"3.3 \u9057\u7559\u95ee\u9898\u5206\u6790"},{"location":"test/openEuler-24.03-LTS/#331","text":"\u95ee\u9898\u5355\u53f7 \u95ee\u9898\u63cf\u8ff0 \u95ee\u9898\u7ea7\u522b \u95ee\u9898\u5f71\u54cd\u548c\u89c4\u907f\u63aa\u65bd \u5f53\u524d\u72b6\u6001 N/A N/A N/A N/A N/A","title":"3.3.1 \u9057\u7559\u95ee\u9898\u5f71\u54cd\u4ee5\u53ca\u89c4\u907f\u63aa\u65bd"},{"location":"test/openEuler-24.03-LTS/#332","text":"\u95ee\u9898\u603b\u6570 \u4e25\u91cd \u4e3b\u8981 \u6b21\u8981 \u4e0d\u91cd\u8981 \u6570\u76ee 6 0 6 0 0 \u767e\u5206\u6bd4 100 0 100 0 0 ISSUE Link https://gitee.com/openeuler/openstack/issues/I9RUHD?from=project-issue https://gitee.com/openeuler/openstack/issues/I9RKHC?from=project-issue https://gitee.com/openeuler/openstack/issues/I9S2L0?from=project-issue https://gitee.com/openeuler/openstack/issues/I9S2LT?from=project-issue https://gitee.com/openeuler/openstack/issues/I9UF6L?from=project-issue https://gitee.com/openeuler/openstack/issues/I9UFAZ?from=project-issue","title":"3.3.2 \u95ee\u9898\u7edf\u8ba1"},{"location":"test/openEuler-24.03-LTS/#4","text":"","title":"4 \u6d4b\u8bd5\u6267\u884c"},{"location":"test/openEuler-24.03-LTS/#41","text":"\u672c\u8282\u5185\u5bb9\u6839\u636e\u6d4b\u8bd5\u7528\u4f8b\u53ca\u5b9e\u9645\u6267\u884c\u60c5\u51b5\u8fdb\u884c\u7279\u6027\u6574\u4f53\u6d4b\u8bd5\u7684\u7edf\u8ba1\uff0c\u53ef\u6839\u636e\u7b2c\u4e8c\u7ae0\u7684\u6d4b\u8bd5\u8f6e\u6b21\u5206\u5f00\u8fdb\u884c\u7edf\u8ba1\u8bf4\u660e\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u7528\u4f8b\u6570 \u7528\u4f8b\u6267\u884c\u7ed3\u679c \u53d1\u73b0\u95ee\u9898\u5355\u6570 openEuler 24.03 LTS OpenStack Antelope 1483 \u901a\u8fc71383\u4e2a\uff0cskip 100\u4e2a\uff0cFail 0\u4e2a 1 openEuler 24.03 LTS OpenStack Wallaby 1434 \u901a\u8fc71339\u4e2a\uff0cskip 95\u4e2a\uff0cFail 0\u4e2a 5","title":"4.1 \u6d4b\u8bd5\u6267\u884c\u7edf\u8ba1\u6570\u636e"},{"location":"test/openEuler-24.03-LTS/#42","text":"\u6db5\u76d6\u4e3b\u8981\u7684\u6027\u80fd\u6d4b\u8bd5\u3002 \u8986\u76d6\u66f4\u591a\u7684driver/plugin\u6d4b\u8bd5\u3002 \u91cd\u70b9\u6d4b\u8bd5Antelope\u548cWallaby\u7248\u672c\u5bf9python3.11\u7248\u672c\u7684\u9002\u914d\u60c5\u51b5\u3002","title":"4.2 \u540e\u7eed\u6d4b\u8bd5\u5efa\u8bae"},{"location":"test/openEuler-24.03-LTS/#5","text":"N/A","title":"5 \u9644\u4ef6"}]}
\ No newline at end of file
+{"config":{"indexing":"full","lang":["zh"],"min_search_length":3,"prebuild_index":false,"separator":"[\\s\\-]+"},"docs":[{"location":"","text":"openEuler OpenStack SIG \u00b6 SIG \u5de5\u4f5c\u76ee\u6807\u548c\u8303\u56f4 \u00b6 \u5728openEuler\u4e4b\u4e0a\u63d0\u4f9b\u539f\u751f\u7684OpenStack\uff0c\u6784\u5efa\u5f00\u653e\u53ef\u9760\u7684\u4e91\u8ba1\u7b97\u6280\u672f\u6808\u3002 \u5b9a\u671f\u53ec\u5f00\u4f1a\u8bae\uff0c\u6536\u96c6\u5f00\u53d1\u8005\u3001\u5382\u5546\u8bc9\u6c42\uff0c\u8ba8\u8bbaOpenStack\u793e\u533a\u53d1\u5c55\u3002 \u7ec4\u7ec7\u4f1a\u8bae \u00b6 \u516c\u5f00\u7684\u4f1a\u8bae\u65f6\u95f4\uff1a\u6708\u5ea6\u4f8b\u4f1a\uff0c\u6bcf\u6708\u4e2d\u4e0b\u65ec\u7684\u67d0\u4e2a\u5468\u4e09\u4e0b\u53483:00-4:00(\u5317\u4eac\u65f6\u95f4) \u4f1a\u8bae\u94fe\u63a5\uff1a\u901a\u8fc7\u5fae\u4fe1\u7fa4\u6d88\u606f\u548c\u90ae\u4ef6\u5217\u8868\u53d1\u51fa \u4f1a\u8bae\u7eaa\u8981\uff1a https://etherpad.openeuler.org/p/sig-openstack-meetings OpenStack\u7248\u672c\u652f\u6301\u5217\u8868 \u00b6 OpenStack SIG\u901a\u8fc7\u7528\u6237\u53cd\u9988\u7b49\u65b9\u5f0f\u6536\u96c6OpenStack\u7248\u672c\u9700\u6c42\uff0c\u7ecf\u8fc7SIG\u7ec4\u5185\u6210\u5458\u516c\u5f00\u8ba8\u8bba\u51b3\u5b9aOpenStack\u7684\u7248\u672c\u6f14\u8fdb\u8def\u7ebf\u3002\u89c4\u5212\u4e2d\u7684\u7248\u672c\u53ef\u80fd\u56e0\u4e3a\u9700\u6c42\u66f4\u53d8\u3001\u4eba\u529b\u53d8\u52a8\u7b49\u539f\u56e0\u8fdb\u884c\u8c03\u6574\u3002OpenStack SIG\u6b22\u8fce\u66f4\u591a\u5f00\u53d1\u8005\u3001\u5382\u5546\u53c2\u4e0e\uff0c\u5171\u540c\u5b8c\u5584openEuler\u7684OpenStack\u652f\u6301\u3002 \u25cf - \u5df2\u652f\u6301 \u25cb - \u89c4\u5212\u4e2d/\u5f00\u53d1\u4e2d \u25b2 - \u90e8\u5206openEuler\u7248\u672c\u652f\u6301 Queens Rocky Train Ussuri Victoria Wallaby Xena Yoga Antelope openEuler 20.03 LTS SP1 \u25cf openEuler 20.03 LTS SP2 \u25cf \u25cf openEuler 20.03 LTS SP3 \u25cf \u25cf \u25cf openEuler 20.03 LTS SP4 \u25cf openEuler 21.03 \u25cf openEuler 21.09 \u25cf openEuler 22.03 LTS \u25cf \u25cf openEuler 22.03 LTS SP1 \u25cf \u25cf openEuler 22.03 LTS SP2 \u25cf \u25cf openEuler 22.03 LTS SP3 \u25cf \u25cf openEuler 22.03 LTS SP4 \u25cb \u25cb openEuler 22.09 \u25cf \u25cf openEuler 24.03 LTS \u25cf \u25cf Queens Rocky Train Victoria Wallaby Yoga Antelope Keystone \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf Glance \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf Nova \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf Cinder \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf Neutron \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf Tempest \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf Horizon \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf Ironic \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf Placement \u25cf \u25cf \u25cf \u25cf \u25cf Trove \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf Kolla \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf Rally \u25b2 \u25b2 Swift \u25cf \u25cf \u25cf \u25cf Heat \u25cf \u25b2 \u25cf \u25cf Ceilometer \u25cf \u25b2 \u25cf \u25cf Aodh \u25cf \u25b2 \u25cf \u25cf Cyborg \u25cf \u25b2 \u25cf \u25cf Gnocchi \u25cf \u25cf \u25cf \u25cf OpenStack-helm \u25cf \u25cf Barbican \u25b2 \u25cf Octavia \u25b2 \u25cf Designate \u25b2 \u25cf Manila \u25b2 \u25cf Masakari \u25b2 \u25cf Mistral \u25b2 \u25cf Senlin \u25b2 \u25cf Zaqar \u25b2 \u25cf Note: openEuler 20.03 LTS SP2\u4e0d\u652f\u6301Rally Heat\u3001Ceilometer\u3001Swift\u3001Aodh\u548cCyborg\u53ea\u572822.03 LTS\u4ee5\u4e0a\u7248\u672c\u652f\u6301 Barbican\u3001Octavia\u3001Designate\u3001Manila\u3001Masakari\u3001Mistral\u3001Senlin\u548cZaqar\u53ea\u572822.03 LTS SP2\u4ee5\u4e0a\u7248\u672c\u652f\u6301 oepkg\u8f6f\u4ef6\u4ed3\u5730\u5740\u5217\u8868 \u00b6 Queens\u3001Rocky\u3001Train\u7248\u672c\u7684\u652f\u6301\u653e\u5728SIG\u5b98\u65b9\u8ba4\u8bc1\u7684\u7b2c\u4e09\u65b9\u8f6f\u4ef6\u5e73\u53f0oepkg: 20.03-LTS-SP1 Train: https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP1/contrib/openstack/train/ \u8be5Train\u7248\u672c\u4e0d\u662f\u7eaf\u539f\u751f\u4ee3\u7801\uff0c\u5305\u542b\u4e86\u667a\u80fd\u7f51\u5361\u652f\u6301\u7684\u76f8\u5173\u4ee3\u7801\uff0c\u7528\u6237\u4f7f\u7528\u524d\u8bf7\u81ea\u884c\u8bc4\u5ba1 20.03-LTS-SP2 Rocky\uff1a https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP2/budding-openeuler/openstack/queens/ 20.03-LTS-SP3 Rocky\uff1a https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP3/budding-openeuler/openstack/rocky/ 20.03-LTS-SP2 Queens\uff1a https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP2/budding-openeuler/openstack/queens/ 20.03-LTS-SP3 Rocky\uff1a https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP3/budding-openeuler/openstack/rocky/ \u53e6\u5916\uff0c20.03-LTS-SP1\u867d\u7136\u6709Queens\u3001Rocky\u7248\u672c\u7684\u8f6f\u4ef6\u5305\uff0c\u4f46\u672a\u7ecf\u8fc7\u9a8c\u8bc1\uff0c\u8bf7\u8c28\u614e\u4f7f\u7528\uff1a 20.03-LTS-SP1 Queens: https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP1/contrib/openstack/queens/ 20.03-LTS-SP1 Rocky: https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP1/contrib/openstack/rocky/ Maintainer\u7684\u52a0\u5165\u548c\u9000\u51fa \u00b6 \u79c9\u627f\u5f00\u6e90\u5f00\u653e\u7684\u7406\u5ff5\uff0cOpenStack SIG\u5728maintainer\u6210\u5458\u7684\u7ba1\u7406\u65b9\u9762\u4e5f\u6709\u4e00\u5b9a\u7684\u89c4\u8303\u548c\u8981\u6c42\u3002 \u5982\u4f55\u6210\u4e3amaintainer \u00b6 maintainer\u4f5c\u4e3aSIG\u7684\u76f4\u63a5\u8d1f\u8d23\u4eba\uff0c\u62e5\u6709\u4ee3\u7801\u5408\u5165\u3001\u8def\u6807\u89c4\u5212\u3001\u63d0\u540dmaintainer\u7b49\u65b9\u9762\u7684\u6743\u5229\uff0c\u540c\u65f6\u4e5f\u6709\u8f6f\u4ef6\u8d28\u91cf\u770b\u62a4\u3001\u7248\u672c\u5f00\u53d1\u7684\u4e49\u52a1\u3002\u5982\u679c\u60a8\u60f3\u6210\u4e3aOpenStack SIG\u7684\u4e00\u540dmaintainer\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u51e0\u70b9\u8981\u6c42\uff1a \u6301\u7eed\u53c2\u4e0eOpenStack SIG\u5f00\u53d1\u8d21\u732e\uff0c\u4e0d\u5c0f\u4e8e\u4e00\u4e2aopenEuler release\u5468\u671f\uff08\u4e00\u822c\u4e3a3\u4e2a\u6708\uff09 \u6301\u7eed\u53c2\u4e0eOpenStack SIG\u4ee3\u7801\u68c0\u89c6\uff0creview\u6392\u540d\u5e94\u4e0d\u4f4e\u4e8eSIG\u5e73\u5747\u91cf \u5b9a\u65f6\u53c2\u52a0OpenStack SIG\u4f8b\u4f1a\uff08\u4e00\u822c\u4e3a\u53cc\u5468\u4e00\u6b21\uff09\uff0c\u4e00\u4e2aopenEuler release\u5468\u671f\u4e00\u822c\u5305\u62ec6\u6b21\u4f8b\u4f1a\uff0c\u7f3a\u5e2d\u6b21\u6570\u5e94\u4e0d\u5927\u4e8e2\u6b21 \u52a0\u5206\u9879\uff1a \u79ef\u6781\u53c2\u52a0OpenStack SIG\u7ec4\u7ec7\u7684\u5404\u79cd\u6d3b\u52a8\uff0c\u6bd4\u5982\u7ebf\u4e0a\u5206\u4eab\u3001\u7ebf\u4e0bmeetup\u6216\u5cf0\u4f1a\u7b49\u3002 \u5e2e\u52a9SIG\u6269\u5c55\u8fd0\u8425\u8303\u56f4\uff0c\u8fdb\u884c\u8054\u5408\u6280\u672f\u521b\u65b0\uff0c\u4f8b\u5982\u4e3b\u52a8\u5f00\u6e90\u65b0\u9879\u76ee\uff0c\u5438\u5f15\u65b0\u7684\u5f00\u53d1\u8005\u3001\u5382\u5546\u52a0\u5165SIG\u7b49\u3002 SIG maintainer\u6bcf\u4e2a\u5b63\u5ea6\u4f1a\u7ec4\u7ec7\u95ed\u95e8\u4f1a\u8bae\uff0c\u5ba1\u89c6\u5f53\u524d\u8d21\u732e\u6570\u636e\uff0c\u6839\u636e\u8d21\u732e\u8005\u6ee1\u8db3\u76f8\u5173\u8981\u6c42\uff0c\u7ecf\u8ba8\u8bba\u8fbe\u6210\u4e00\u81f4\u540e\u5e76\u4e14\u8d21\u732e\u8005\u613f\u610f\u62c5\u4efbmaintainer\u4e00\u804c\u65f6\uff0cSIG\u4f1a\u5411openEuler TC\u63d0\u51fa\u76f8\u5173\u7533\u8bf7 \u6d3b\u8dc3maintainer \u00b6 \u53c2\u8003 Apache\u57fa\u91d1\u4f1a \u7b49\u793e\u533a\uff0c\u7ed3\u5408SIG\u5177\u4f53\u60c5\u51b5\uff0c\u5f15\u5165\u6d3b\u8dc3maintainer\u673a\u5236\u3002 \u5bf9\u4e8e\u65e0\u6cd5\u4fdd\u6301\u957f\u671f\u9ad8\u6d3b\u8dc3\uff0c\u4f46\u613f\u610f\u7ee7\u7eed\u627f\u62c5SIG\u8d23\u4efb\u7684maintainer\uff0cmaintainer\u89d2\u8272\u4fdd\u7559\u3002 \u975e\u9ad8\u6d3b\u8dc3maintainer\u8d23\u4efb\u4e0e\u6743\u9650\uff1a \u4fdd\u6301SIG\u52a8\u6001\u8ddf\u8fdb\uff0c\u53c2\u4e0eSIG\u91cd\u5927\u4e8b\u52a1\u3002 \u53c2\u4e0eSIG\u51b3\u7b56\u3002\u6d3b\u8dc3maintainer\u5bf9SIG\u4e8b\u52a1\u51b3\u7b56\u5177\u5907\u66f4\u9ad8\u6743\u91cd\uff0c\u610f\u89c1\u76f8\u5de6\u65f6\u4ee5\u6d3b\u8dc3\u8005\u4e3a\u51c6\u3002 \u4e0d\u5177\u5907\u63d0\u540d\u6743\u9650\u3002 \u6d3b\u8dc3maintainer\u5728SIG\u4e3b\u9875\u5217\u8868\u4e2d\u88ab\u5217\u51fa\u3002 \u5f53SIG maintainer\u56e0\u4e3a\u81ea\u8eab\u539f\u56e0\uff0c\u65e0\u6cd5\u4fdd\u6301\u957f\u671f\u9ad8\u6d3b\u8dc3\u65f6\uff0c\u53ef\u4e3b\u52a8\u7533\u8bf7\u9000\u51fa\u9ad8\u6d3b\u8dc3\u72b6\u6001\u3002SIG maintainer\u6bcf\u534a\u5e74\u4f8b\u884c\u5ba1\u89c6\u5f53\u524dmaintainer\u5217\u8868\uff0c\u66f4\u65b0\u6d3b\u8dc3\u5217\u8868\u3002 maintainer\u7684\u9000\u51fa \u00b6 \u5f53SIG maintainer\u56e0\u4e3a\u81ea\u8eab\u539f\u56e0\uff08\u5de5\u4f5c\u53d8\u52a8\u3001\u4e1a\u52a1\u8c03\u6574\u7b49\u539f\u56e0\uff09\uff0c\u65e0\u6cd5\u518d\u62c5\u4efbmaintainer\u4e00\u804c\u65f6\uff0c\u53ef\u4e3b\u52a8\u7533\u8bf7\u9000\u51fa\u3002 SIG maintainer\u6bcf\u5e74\u4e5f\u4f1a\u4f8b\u884c\u5ba1\u89c6\u5f53\u524dmaintainer\u5217\u8868\uff0c\u5982\u679c\u53d1\u73b0\u6709\u4e0d\u518d\u9002\u5408\u62c5\u4efbmaintainer\u7684\u8d21\u732e\u8005\uff08\u65e0\u6cd5\u4fdd\u969c\u53c2\u4e0e\u7b49\u539f\u56e0\uff09\uff0c\u7ecf\u8ba8\u8bba\u8fbe\u6210\u4e00\u81f4\u540e\uff0c\u4f1a\u5411openEuler TC\u63d0\u51fa\u76f8\u5173\u7533\u8bf7\u3002 \u6d3b\u8dc3Maintainer \u00b6 \u59d3\u540d Gitee ID \u90ae\u7bb1 \u516c\u53f8 \u90d1\u633a tzing_t zhengting13@huawei.com \u534e\u4e3a \u738b\u4e1c\u5174 desert-sailor dongxing.wang_a@thundersoft.com \u521b\u8fbe\u5965\u601d\u7ef4 \u738b\u9759 Accessac wangjing@uniontech.com \u7edf\u4fe1\u8f6f\u4ef6 Maintainer/Committer\u5217\u8868 \u00b6 \u59d3\u540d Gitee ID \u90ae\u7bb1 \u516c\u53f8 \u9648\u7855 joec88 joseph.chn1988@gmail.com \u4e2d\u56fd\u8054\u901a \u674e\u6606\u5c71 liksh li_kunshan@163.com \u4e2d\u56fd\u8054\u901a \u9ec4\u586b\u534e huangtianhua huangtianhua223@gmail.com \u534e\u4e3a \u738b\u73ba\u6e90 xiyuanwang wangxiyuan1007@gmail.com \u534e\u4e3a \u5f20\u5e06 zh-f zh.f@outlook.com \u4e2d\u56fd\u7535\u4fe1 \u5f20\u8fce zhangy1317 zhangy1317@foxmail.com \u4e2d\u56fd\u8054\u901a \u97e9\u5149\u5b87 han-guangyu hanguangyu@uniontech.com \u7edf\u4fe1\u8f6f\u4ef6 \u738b\u4e1c\u5174 desert-sailor dongxing.wang_a@thundersoft.com \u521b\u8fbe\u5965\u601d\u7ef4 \u90d1\u633a tzing_t zhengting13@huawei.com \u534e\u4e3a \u738b\u9759 Accessac wangjing@uniontech.com \u7edf\u4fe1\u8f6f\u4ef6 \u5982\u4f55\u8d21\u732e \u00b6 OpenStack SIG\u79c9\u627fOpenStack\u793e\u533a4\u4e2aOpen\u539f\u5219\uff08Open source\u3001Open Design\u3001Open Development\u3001Open Community\uff09\uff0c\u6b22\u8fce\u5f00\u53d1\u8005\u3001\u7528\u6237\u3001\u5382\u5546\u4ee5\u5404\u79cd\u5f00\u6e90\u65b9\u5f0f\u53c2\u4e0eSIG\u8d21\u732e\uff0c\u5305\u62ec\u4f46\u4e0d\u9650\u4e8e\uff1a \u63d0\u4ea4Issue \u5982\u679c\u60a8\u5728\u4f7f\u7528OpenStack\u65f6\u9047\u5230\u4e86\u4efb\u4f55\u95ee\u9898\uff0c\u53ef\u4ee5\u5411SIG\u63d0\u4ea4ISSUE\uff0c\u5305\u62ec\u4e0d\u9650\u4e8e\u4f7f\u7528\u7591\u95ee\u3001\u8f6f\u4ef6\u5305BUG\u3001\u7279\u6027\u9700\u6c42\u7b49\u7b49\u3002 \u53c2\u4e0e\u6280\u672f\u8ba8\u8bba \u901a\u8fc7\u90ae\u4ef6\u5217\u8868\u3001\u5fae\u4fe1\u7fa4\u3001\u5728\u7ebf\u4f8b\u4f1a\u7b49\u65b9\u5f0f\uff0c\u4e0eSIG\u6210\u5458\u5b9e\u65f6\u8ba8\u8bbaOpenStack\u6280\u672f\u3002 \u53c2\u4e0eSIG\u7684\u8f6f\u4ef6\u5f00\u53d1\u6d4b\u8bd5\u5de5\u4f5c OpenStack SIG\u8ddf\u968fopenEuler\u7248\u672c\u5f00\u53d1\u7684\u8282\u594f\uff0c\u6bcf\u51e0\u4e2a\u6708\u5bf9\u5916\u53d1\u5e03\u4e0d\u540c\u7248\u672c\u7684OpenStack\uff0c\u6bcf\u4e2a\u7248\u672c\u5305\u542b\u4e86\u51e0\u767e\u4e2aRPM\u8f6f\u4ef6\u5305\uff0c\u5f00\u53d1\u8005\u53ef\u4ee5\u53c2\u4e0e\u5230\u8fd9\u4e9bRPM\u5305\u7684\u5f00\u53d1\u5de5\u4f5c\u4e2d\u3002 OpenStack SIG\u5305\u62ec\u4e00\u4e9b\u6765\u81ea\u5382\u5546\u6350\u732e\u3001\u81ea\u4e3b\u7814\u53d1\u7684\u9879\u76ee\uff0c\u5f00\u53d1\u8005\u53ef\u4ee5\u53c2\u4e0e\u76f8\u5173\u9879\u76ee\u7684\u5f00\u53d1\u5de5\u4f5c\u3002 openEuler\u65b0\u7248\u672c\u53d1\u5e03\u540e\uff0c\u7528\u6237\u53ef\u4ee5\u6d4b\u8bd5\u8bd5\u7528\u5bf9\u5e94\u7684OpenStack\uff0c\u76f8\u5173BUG\u548c\u95ee\u9898\u53ef\u4ee5\u63d0\u4ea4\u5230SIG\u3002 OpenStack SIG\u8fd8\u63d0\u4f9b\u4e86\u4e00\u7cfb\u5217\u63d0\u9ad8\u5f00\u53d1\u6548\u7387\u7684\u5de5\u5177\u548c\u6587\u6863\uff0c\u7528\u6237\u53ef\u4ee5\u5e2e\u5fd9\u4f18\u5316\u3001\u5b8c\u5584\u3002 \u6280\u672f\u9884\u8a00\u3001\u8054\u5408\u521b\u65b0 OpenStack SIG\u6b22\u8fce\u5404\u79cd\u5f62\u5f0f\u7684\u8054\u5408\u521b\u65b0\uff0c\u9080\u8bf7\u5404\u4f4d\u5f00\u53d1\u8005\u4ee5\u5f00\u6e90\u7684\u65b9\u5f0f\u3001\u4ee5SIG\u4e3a\u5e73\u53f0\uff0c\u521b\u9020\u5c5e\u4e8e\u56fd\u4eba\u7684\u4e91\u8ba1\u7b97\u65b0\u6280\u672f\u3002\u5982\u679c\u60a8\u6709idea\u6216\u5f00\u53d1\u610f\u613f\uff0c\u6b22\u8fce\u52a0\u5165SIG\u3002 \u5f53\u7136\uff0c\u8d21\u732e\u5f62\u5f0f\u4e0d\u4ec5\u5305\u542b\u8fd9\u4e9b\uff0c\u5176\u4ed6\u4efb\u4f55\u4e0eOpenStack\u76f8\u5173\u3001\u4e0e\u5f00\u6e90\u76f8\u5173\u7684\u4e8b\u52a1\u90fd\u53ef\u4ee5\u5e26\u5230SIG\u4e2d\u3002OpenStack SIG\u6b22\u8fce\u60a8\u7684\u53c2\u4e0e\u3002 \u9879\u76ee\u6e05\u5355 \u00b6 SIG\u5305\u542b\u7684\u5168\u90e8\u9879\u76ee\uff1a https://gitee.com/openeuler/openstack/blob/master/tools/oos/etc/openeuler_sig_repo.yaml OpenStack\u5305\u542b\u9879\u76ee\u4f17\u591a\uff0c\u4e3a\u4e86\u65b9\u4fbf\u7ba1\u7406\uff0c\u8bbe\u7f6e\u4e86\u7edf\u4e00\u5165\u53e3\u9879\u76ee\uff0c\u7528\u6237\u3001\u5f00\u53d1\u8005\u5bf9OpenStack SIG\u4ee5\u53ca\u5404OpenStack\u5b50\u9879\u76ee\u6709\u4efb\u4f55\u95ee\u9898\uff0c\u53ef\u4ee5\u5728\u8be5\u9879\u76ee\u4e2d\u63d0\u4ea4Issue\u3002 https://gitee.com/openeuler/openstack SIG\u540c\u65f6\u8054\u5408\u5404\u5927\u5382\u5546\u3001\u5f00\u53d1\u8005\uff0c\u521b\u5efa\u4e86\u4e00\u7cfb\u5217\u81ea\u7814\u9879\u76ee\uff1a https://gitee.com/openeuler/openstack-kolla-ansible-plugin https://gitee.com/openeuler/openstack-kolla-plugin https://gitee.com/openeuler/openstack-plugin https://gitee.com/openeuler/hostha https://gitee.com/openeuler/opensd \u4ea4\u6d41\u7fa4 \u00b6 \u6dfb\u52a0\u5c0f\u52a9\u624b\u56de\u590d\"\u52a0\u7fa4\"\u8fdb\u5165openEuler sig-OpenStack\u4ea4\u6d41\u7fa4","title":"OpenStack SIG"},{"location":"#openeuler-openstack-sig","text":"","title":"openEuler OpenStack SIG"},{"location":"#sig","text":"\u5728openEuler\u4e4b\u4e0a\u63d0\u4f9b\u539f\u751f\u7684OpenStack\uff0c\u6784\u5efa\u5f00\u653e\u53ef\u9760\u7684\u4e91\u8ba1\u7b97\u6280\u672f\u6808\u3002 \u5b9a\u671f\u53ec\u5f00\u4f1a\u8bae\uff0c\u6536\u96c6\u5f00\u53d1\u8005\u3001\u5382\u5546\u8bc9\u6c42\uff0c\u8ba8\u8bbaOpenStack\u793e\u533a\u53d1\u5c55\u3002","title":"SIG \u5de5\u4f5c\u76ee\u6807\u548c\u8303\u56f4"},{"location":"#_1","text":"\u516c\u5f00\u7684\u4f1a\u8bae\u65f6\u95f4\uff1a\u6708\u5ea6\u4f8b\u4f1a\uff0c\u6bcf\u6708\u4e2d\u4e0b\u65ec\u7684\u67d0\u4e2a\u5468\u4e09\u4e0b\u53483:00-4:00(\u5317\u4eac\u65f6\u95f4) \u4f1a\u8bae\u94fe\u63a5\uff1a\u901a\u8fc7\u5fae\u4fe1\u7fa4\u6d88\u606f\u548c\u90ae\u4ef6\u5217\u8868\u53d1\u51fa \u4f1a\u8bae\u7eaa\u8981\uff1a https://etherpad.openeuler.org/p/sig-openstack-meetings","title":"\u7ec4\u7ec7\u4f1a\u8bae"},{"location":"#openstack","text":"OpenStack SIG\u901a\u8fc7\u7528\u6237\u53cd\u9988\u7b49\u65b9\u5f0f\u6536\u96c6OpenStack\u7248\u672c\u9700\u6c42\uff0c\u7ecf\u8fc7SIG\u7ec4\u5185\u6210\u5458\u516c\u5f00\u8ba8\u8bba\u51b3\u5b9aOpenStack\u7684\u7248\u672c\u6f14\u8fdb\u8def\u7ebf\u3002\u89c4\u5212\u4e2d\u7684\u7248\u672c\u53ef\u80fd\u56e0\u4e3a\u9700\u6c42\u66f4\u53d8\u3001\u4eba\u529b\u53d8\u52a8\u7b49\u539f\u56e0\u8fdb\u884c\u8c03\u6574\u3002OpenStack SIG\u6b22\u8fce\u66f4\u591a\u5f00\u53d1\u8005\u3001\u5382\u5546\u53c2\u4e0e\uff0c\u5171\u540c\u5b8c\u5584openEuler\u7684OpenStack\u652f\u6301\u3002 \u25cf - \u5df2\u652f\u6301 \u25cb - \u89c4\u5212\u4e2d/\u5f00\u53d1\u4e2d \u25b2 - \u90e8\u5206openEuler\u7248\u672c\u652f\u6301 Queens Rocky Train Ussuri Victoria Wallaby Xena Yoga Antelope openEuler 20.03 LTS SP1 \u25cf openEuler 20.03 LTS SP2 \u25cf \u25cf openEuler 20.03 LTS SP3 \u25cf \u25cf \u25cf openEuler 20.03 LTS SP4 \u25cf openEuler 21.03 \u25cf openEuler 21.09 \u25cf openEuler 22.03 LTS \u25cf \u25cf openEuler 22.03 LTS SP1 \u25cf \u25cf openEuler 22.03 LTS SP2 \u25cf \u25cf openEuler 22.03 LTS SP3 \u25cf \u25cf openEuler 22.03 LTS SP4 \u25cb \u25cb openEuler 22.09 \u25cf \u25cf openEuler 24.03 LTS \u25cf \u25cf Queens Rocky Train Victoria Wallaby Yoga Antelope Keystone \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf Glance \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf Nova \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf Cinder \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf Neutron \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf Tempest \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf Horizon \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf Ironic \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf Placement \u25cf \u25cf \u25cf \u25cf \u25cf Trove \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf Kolla \u25cf \u25cf \u25cf \u25cf \u25cf \u25cf Rally \u25b2 \u25b2 Swift \u25cf \u25cf \u25cf \u25cf Heat \u25cf \u25b2 \u25cf \u25cf Ceilometer \u25cf \u25b2 \u25cf \u25cf Aodh \u25cf \u25b2 \u25cf \u25cf Cyborg \u25cf \u25b2 \u25cf \u25cf Gnocchi \u25cf \u25cf \u25cf \u25cf OpenStack-helm \u25cf \u25cf Barbican \u25b2 \u25cf Octavia \u25b2 \u25cf Designate \u25b2 \u25cf Manila \u25b2 \u25cf Masakari \u25b2 \u25cf Mistral \u25b2 \u25cf Senlin \u25b2 \u25cf Zaqar \u25b2 \u25cf Note: openEuler 20.03 LTS SP2\u4e0d\u652f\u6301Rally Heat\u3001Ceilometer\u3001Swift\u3001Aodh\u548cCyborg\u53ea\u572822.03 LTS\u4ee5\u4e0a\u7248\u672c\u652f\u6301 Barbican\u3001Octavia\u3001Designate\u3001Manila\u3001Masakari\u3001Mistral\u3001Senlin\u548cZaqar\u53ea\u572822.03 LTS SP2\u4ee5\u4e0a\u7248\u672c\u652f\u6301","title":"OpenStack\u7248\u672c\u652f\u6301\u5217\u8868"},{"location":"#oepkg","text":"Queens\u3001Rocky\u3001Train\u7248\u672c\u7684\u652f\u6301\u653e\u5728SIG\u5b98\u65b9\u8ba4\u8bc1\u7684\u7b2c\u4e09\u65b9\u8f6f\u4ef6\u5e73\u53f0oepkg: 20.03-LTS-SP1 Train: https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP1/contrib/openstack/train/ \u8be5Train\u7248\u672c\u4e0d\u662f\u7eaf\u539f\u751f\u4ee3\u7801\uff0c\u5305\u542b\u4e86\u667a\u80fd\u7f51\u5361\u652f\u6301\u7684\u76f8\u5173\u4ee3\u7801\uff0c\u7528\u6237\u4f7f\u7528\u524d\u8bf7\u81ea\u884c\u8bc4\u5ba1 20.03-LTS-SP2 Rocky\uff1a https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP2/budding-openeuler/openstack/queens/ 20.03-LTS-SP3 Rocky\uff1a https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP3/budding-openeuler/openstack/rocky/ 20.03-LTS-SP2 Queens\uff1a https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP2/budding-openeuler/openstack/queens/ 20.03-LTS-SP3 Rocky\uff1a https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP3/budding-openeuler/openstack/rocky/ \u53e6\u5916\uff0c20.03-LTS-SP1\u867d\u7136\u6709Queens\u3001Rocky\u7248\u672c\u7684\u8f6f\u4ef6\u5305\uff0c\u4f46\u672a\u7ecf\u8fc7\u9a8c\u8bc1\uff0c\u8bf7\u8c28\u614e\u4f7f\u7528\uff1a 20.03-LTS-SP1 Queens: https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP1/contrib/openstack/queens/ 20.03-LTS-SP1 Rocky: https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP1/contrib/openstack/rocky/","title":"oepkg\u8f6f\u4ef6\u4ed3\u5730\u5740\u5217\u8868"},{"location":"#maintainer","text":"\u79c9\u627f\u5f00\u6e90\u5f00\u653e\u7684\u7406\u5ff5\uff0cOpenStack SIG\u5728maintainer\u6210\u5458\u7684\u7ba1\u7406\u65b9\u9762\u4e5f\u6709\u4e00\u5b9a\u7684\u89c4\u8303\u548c\u8981\u6c42\u3002","title":"Maintainer\u7684\u52a0\u5165\u548c\u9000\u51fa"},{"location":"#maintainer_1","text":"maintainer\u4f5c\u4e3aSIG\u7684\u76f4\u63a5\u8d1f\u8d23\u4eba\uff0c\u62e5\u6709\u4ee3\u7801\u5408\u5165\u3001\u8def\u6807\u89c4\u5212\u3001\u63d0\u540dmaintainer\u7b49\u65b9\u9762\u7684\u6743\u5229\uff0c\u540c\u65f6\u4e5f\u6709\u8f6f\u4ef6\u8d28\u91cf\u770b\u62a4\u3001\u7248\u672c\u5f00\u53d1\u7684\u4e49\u52a1\u3002\u5982\u679c\u60a8\u60f3\u6210\u4e3aOpenStack SIG\u7684\u4e00\u540dmaintainer\uff0c\u9700\u8981\u6ee1\u8db3\u4ee5\u4e0b\u51e0\u70b9\u8981\u6c42\uff1a \u6301\u7eed\u53c2\u4e0eOpenStack SIG\u5f00\u53d1\u8d21\u732e\uff0c\u4e0d\u5c0f\u4e8e\u4e00\u4e2aopenEuler release\u5468\u671f\uff08\u4e00\u822c\u4e3a3\u4e2a\u6708\uff09 \u6301\u7eed\u53c2\u4e0eOpenStack SIG\u4ee3\u7801\u68c0\u89c6\uff0creview\u6392\u540d\u5e94\u4e0d\u4f4e\u4e8eSIG\u5e73\u5747\u91cf \u5b9a\u65f6\u53c2\u52a0OpenStack SIG\u4f8b\u4f1a\uff08\u4e00\u822c\u4e3a\u53cc\u5468\u4e00\u6b21\uff09\uff0c\u4e00\u4e2aopenEuler release\u5468\u671f\u4e00\u822c\u5305\u62ec6\u6b21\u4f8b\u4f1a\uff0c\u7f3a\u5e2d\u6b21\u6570\u5e94\u4e0d\u5927\u4e8e2\u6b21 \u52a0\u5206\u9879\uff1a \u79ef\u6781\u53c2\u52a0OpenStack SIG\u7ec4\u7ec7\u7684\u5404\u79cd\u6d3b\u52a8\uff0c\u6bd4\u5982\u7ebf\u4e0a\u5206\u4eab\u3001\u7ebf\u4e0bmeetup\u6216\u5cf0\u4f1a\u7b49\u3002 \u5e2e\u52a9SIG\u6269\u5c55\u8fd0\u8425\u8303\u56f4\uff0c\u8fdb\u884c\u8054\u5408\u6280\u672f\u521b\u65b0\uff0c\u4f8b\u5982\u4e3b\u52a8\u5f00\u6e90\u65b0\u9879\u76ee\uff0c\u5438\u5f15\u65b0\u7684\u5f00\u53d1\u8005\u3001\u5382\u5546\u52a0\u5165SIG\u7b49\u3002 SIG maintainer\u6bcf\u4e2a\u5b63\u5ea6\u4f1a\u7ec4\u7ec7\u95ed\u95e8\u4f1a\u8bae\uff0c\u5ba1\u89c6\u5f53\u524d\u8d21\u732e\u6570\u636e\uff0c\u6839\u636e\u8d21\u732e\u8005\u6ee1\u8db3\u76f8\u5173\u8981\u6c42\uff0c\u7ecf\u8ba8\u8bba\u8fbe\u6210\u4e00\u81f4\u540e\u5e76\u4e14\u8d21\u732e\u8005\u613f\u610f\u62c5\u4efbmaintainer\u4e00\u804c\u65f6\uff0cSIG\u4f1a\u5411openEuler TC\u63d0\u51fa\u76f8\u5173\u7533\u8bf7","title":"\u5982\u4f55\u6210\u4e3amaintainer"},{"location":"#maintainer_2","text":"\u53c2\u8003 Apache\u57fa\u91d1\u4f1a \u7b49\u793e\u533a\uff0c\u7ed3\u5408SIG\u5177\u4f53\u60c5\u51b5\uff0c\u5f15\u5165\u6d3b\u8dc3maintainer\u673a\u5236\u3002 \u5bf9\u4e8e\u65e0\u6cd5\u4fdd\u6301\u957f\u671f\u9ad8\u6d3b\u8dc3\uff0c\u4f46\u613f\u610f\u7ee7\u7eed\u627f\u62c5SIG\u8d23\u4efb\u7684maintainer\uff0cmaintainer\u89d2\u8272\u4fdd\u7559\u3002 \u975e\u9ad8\u6d3b\u8dc3maintainer\u8d23\u4efb\u4e0e\u6743\u9650\uff1a \u4fdd\u6301SIG\u52a8\u6001\u8ddf\u8fdb\uff0c\u53c2\u4e0eSIG\u91cd\u5927\u4e8b\u52a1\u3002 \u53c2\u4e0eSIG\u51b3\u7b56\u3002\u6d3b\u8dc3maintainer\u5bf9SIG\u4e8b\u52a1\u51b3\u7b56\u5177\u5907\u66f4\u9ad8\u6743\u91cd\uff0c\u610f\u89c1\u76f8\u5de6\u65f6\u4ee5\u6d3b\u8dc3\u8005\u4e3a\u51c6\u3002 \u4e0d\u5177\u5907\u63d0\u540d\u6743\u9650\u3002 \u6d3b\u8dc3maintainer\u5728SIG\u4e3b\u9875\u5217\u8868\u4e2d\u88ab\u5217\u51fa\u3002 \u5f53SIG maintainer\u56e0\u4e3a\u81ea\u8eab\u539f\u56e0\uff0c\u65e0\u6cd5\u4fdd\u6301\u957f\u671f\u9ad8\u6d3b\u8dc3\u65f6\uff0c\u53ef\u4e3b\u52a8\u7533\u8bf7\u9000\u51fa\u9ad8\u6d3b\u8dc3\u72b6\u6001\u3002SIG maintainer\u6bcf\u534a\u5e74\u4f8b\u884c\u5ba1\u89c6\u5f53\u524dmaintainer\u5217\u8868\uff0c\u66f4\u65b0\u6d3b\u8dc3\u5217\u8868\u3002","title":"\u6d3b\u8dc3maintainer"},{"location":"#maintainer_3","text":"\u5f53SIG maintainer\u56e0\u4e3a\u81ea\u8eab\u539f\u56e0\uff08\u5de5\u4f5c\u53d8\u52a8\u3001\u4e1a\u52a1\u8c03\u6574\u7b49\u539f\u56e0\uff09\uff0c\u65e0\u6cd5\u518d\u62c5\u4efbmaintainer\u4e00\u804c\u65f6\uff0c\u53ef\u4e3b\u52a8\u7533\u8bf7\u9000\u51fa\u3002 SIG maintainer\u6bcf\u5e74\u4e5f\u4f1a\u4f8b\u884c\u5ba1\u89c6\u5f53\u524dmaintainer\u5217\u8868\uff0c\u5982\u679c\u53d1\u73b0\u6709\u4e0d\u518d\u9002\u5408\u62c5\u4efbmaintainer\u7684\u8d21\u732e\u8005\uff08\u65e0\u6cd5\u4fdd\u969c\u53c2\u4e0e\u7b49\u539f\u56e0\uff09\uff0c\u7ecf\u8ba8\u8bba\u8fbe\u6210\u4e00\u81f4\u540e\uff0c\u4f1a\u5411openEuler TC\u63d0\u51fa\u76f8\u5173\u7533\u8bf7\u3002","title":"maintainer\u7684\u9000\u51fa"},{"location":"#maintainer_4","text":"\u59d3\u540d Gitee ID \u90ae\u7bb1 \u516c\u53f8 \u90d1\u633a tzing_t zhengting13@huawei.com \u534e\u4e3a \u738b\u4e1c\u5174 desert-sailor dongxing.wang_a@thundersoft.com \u521b\u8fbe\u5965\u601d\u7ef4 \u738b\u9759 Accessac wangjing@uniontech.com \u7edf\u4fe1\u8f6f\u4ef6","title":"\u6d3b\u8dc3Maintainer"},{"location":"#maintainercommitter","text":"\u59d3\u540d Gitee ID \u90ae\u7bb1 \u516c\u53f8 \u9648\u7855 joec88 joseph.chn1988@gmail.com \u4e2d\u56fd\u8054\u901a \u674e\u6606\u5c71 liksh li_kunshan@163.com \u4e2d\u56fd\u8054\u901a \u9ec4\u586b\u534e huangtianhua huangtianhua223@gmail.com \u534e\u4e3a \u738b\u73ba\u6e90 xiyuanwang wangxiyuan1007@gmail.com \u534e\u4e3a \u5f20\u5e06 zh-f zh.f@outlook.com \u4e2d\u56fd\u7535\u4fe1 \u5f20\u8fce zhangy1317 zhangy1317@foxmail.com \u4e2d\u56fd\u8054\u901a \u97e9\u5149\u5b87 han-guangyu hanguangyu@uniontech.com \u7edf\u4fe1\u8f6f\u4ef6 \u738b\u4e1c\u5174 desert-sailor dongxing.wang_a@thundersoft.com \u521b\u8fbe\u5965\u601d\u7ef4 \u90d1\u633a tzing_t zhengting13@huawei.com \u534e\u4e3a \u738b\u9759 Accessac wangjing@uniontech.com \u7edf\u4fe1\u8f6f\u4ef6","title":"Maintainer/Committer\u5217\u8868"},{"location":"#_2","text":"OpenStack SIG\u79c9\u627fOpenStack\u793e\u533a4\u4e2aOpen\u539f\u5219\uff08Open source\u3001Open Design\u3001Open Development\u3001Open Community\uff09\uff0c\u6b22\u8fce\u5f00\u53d1\u8005\u3001\u7528\u6237\u3001\u5382\u5546\u4ee5\u5404\u79cd\u5f00\u6e90\u65b9\u5f0f\u53c2\u4e0eSIG\u8d21\u732e\uff0c\u5305\u62ec\u4f46\u4e0d\u9650\u4e8e\uff1a \u63d0\u4ea4Issue \u5982\u679c\u60a8\u5728\u4f7f\u7528OpenStack\u65f6\u9047\u5230\u4e86\u4efb\u4f55\u95ee\u9898\uff0c\u53ef\u4ee5\u5411SIG\u63d0\u4ea4ISSUE\uff0c\u5305\u62ec\u4e0d\u9650\u4e8e\u4f7f\u7528\u7591\u95ee\u3001\u8f6f\u4ef6\u5305BUG\u3001\u7279\u6027\u9700\u6c42\u7b49\u7b49\u3002 \u53c2\u4e0e\u6280\u672f\u8ba8\u8bba \u901a\u8fc7\u90ae\u4ef6\u5217\u8868\u3001\u5fae\u4fe1\u7fa4\u3001\u5728\u7ebf\u4f8b\u4f1a\u7b49\u65b9\u5f0f\uff0c\u4e0eSIG\u6210\u5458\u5b9e\u65f6\u8ba8\u8bbaOpenStack\u6280\u672f\u3002 \u53c2\u4e0eSIG\u7684\u8f6f\u4ef6\u5f00\u53d1\u6d4b\u8bd5\u5de5\u4f5c OpenStack SIG\u8ddf\u968fopenEuler\u7248\u672c\u5f00\u53d1\u7684\u8282\u594f\uff0c\u6bcf\u51e0\u4e2a\u6708\u5bf9\u5916\u53d1\u5e03\u4e0d\u540c\u7248\u672c\u7684OpenStack\uff0c\u6bcf\u4e2a\u7248\u672c\u5305\u542b\u4e86\u51e0\u767e\u4e2aRPM\u8f6f\u4ef6\u5305\uff0c\u5f00\u53d1\u8005\u53ef\u4ee5\u53c2\u4e0e\u5230\u8fd9\u4e9bRPM\u5305\u7684\u5f00\u53d1\u5de5\u4f5c\u4e2d\u3002 OpenStack SIG\u5305\u62ec\u4e00\u4e9b\u6765\u81ea\u5382\u5546\u6350\u732e\u3001\u81ea\u4e3b\u7814\u53d1\u7684\u9879\u76ee\uff0c\u5f00\u53d1\u8005\u53ef\u4ee5\u53c2\u4e0e\u76f8\u5173\u9879\u76ee\u7684\u5f00\u53d1\u5de5\u4f5c\u3002 openEuler\u65b0\u7248\u672c\u53d1\u5e03\u540e\uff0c\u7528\u6237\u53ef\u4ee5\u6d4b\u8bd5\u8bd5\u7528\u5bf9\u5e94\u7684OpenStack\uff0c\u76f8\u5173BUG\u548c\u95ee\u9898\u53ef\u4ee5\u63d0\u4ea4\u5230SIG\u3002 OpenStack SIG\u8fd8\u63d0\u4f9b\u4e86\u4e00\u7cfb\u5217\u63d0\u9ad8\u5f00\u53d1\u6548\u7387\u7684\u5de5\u5177\u548c\u6587\u6863\uff0c\u7528\u6237\u53ef\u4ee5\u5e2e\u5fd9\u4f18\u5316\u3001\u5b8c\u5584\u3002 \u6280\u672f\u9884\u8a00\u3001\u8054\u5408\u521b\u65b0 OpenStack SIG\u6b22\u8fce\u5404\u79cd\u5f62\u5f0f\u7684\u8054\u5408\u521b\u65b0\uff0c\u9080\u8bf7\u5404\u4f4d\u5f00\u53d1\u8005\u4ee5\u5f00\u6e90\u7684\u65b9\u5f0f\u3001\u4ee5SIG\u4e3a\u5e73\u53f0\uff0c\u521b\u9020\u5c5e\u4e8e\u56fd\u4eba\u7684\u4e91\u8ba1\u7b97\u65b0\u6280\u672f\u3002\u5982\u679c\u60a8\u6709idea\u6216\u5f00\u53d1\u610f\u613f\uff0c\u6b22\u8fce\u52a0\u5165SIG\u3002 \u5f53\u7136\uff0c\u8d21\u732e\u5f62\u5f0f\u4e0d\u4ec5\u5305\u542b\u8fd9\u4e9b\uff0c\u5176\u4ed6\u4efb\u4f55\u4e0eOpenStack\u76f8\u5173\u3001\u4e0e\u5f00\u6e90\u76f8\u5173\u7684\u4e8b\u52a1\u90fd\u53ef\u4ee5\u5e26\u5230SIG\u4e2d\u3002OpenStack SIG\u6b22\u8fce\u60a8\u7684\u53c2\u4e0e\u3002","title":"\u5982\u4f55\u8d21\u732e"},{"location":"#_3","text":"SIG\u5305\u542b\u7684\u5168\u90e8\u9879\u76ee\uff1a https://gitee.com/openeuler/openstack/blob/master/tools/oos/etc/openeuler_sig_repo.yaml OpenStack\u5305\u542b\u9879\u76ee\u4f17\u591a\uff0c\u4e3a\u4e86\u65b9\u4fbf\u7ba1\u7406\uff0c\u8bbe\u7f6e\u4e86\u7edf\u4e00\u5165\u53e3\u9879\u76ee\uff0c\u7528\u6237\u3001\u5f00\u53d1\u8005\u5bf9OpenStack SIG\u4ee5\u53ca\u5404OpenStack\u5b50\u9879\u76ee\u6709\u4efb\u4f55\u95ee\u9898\uff0c\u53ef\u4ee5\u5728\u8be5\u9879\u76ee\u4e2d\u63d0\u4ea4Issue\u3002 https://gitee.com/openeuler/openstack SIG\u540c\u65f6\u8054\u5408\u5404\u5927\u5382\u5546\u3001\u5f00\u53d1\u8005\uff0c\u521b\u5efa\u4e86\u4e00\u7cfb\u5217\u81ea\u7814\u9879\u76ee\uff1a https://gitee.com/openeuler/openstack-kolla-ansible-plugin https://gitee.com/openeuler/openstack-kolla-plugin https://gitee.com/openeuler/openstack-plugin https://gitee.com/openeuler/hostha https://gitee.com/openeuler/opensd","title":"\u9879\u76ee\u6e05\u5355"},{"location":"#_4","text":"\u6dfb\u52a0\u5c0f\u52a9\u624b\u56de\u590d\"\u52a0\u7fa4\"\u8fdb\u5165openEuler sig-OpenStack\u4ea4\u6d41\u7fa4","title":"\u4ea4\u6d41\u7fa4"},{"location":"contribute/rpm-packaging-reference/","text":"SIG RPM \u7f16\u5305\u6d41\u7a0b\u68b3\u7406 \u00b6 OpenStack SIG \u6709\u4e00\u9879\u957f\u671f\u5f00\u53d1\u5de5\u4f5c\u662f\u8fdb\u884c OpenStack \u5404\u7248\u672c\u76f8\u5173 RPM \u8f6f\u4ef6\u5305\u7684\u6253\u5305\u7ef4\u62a4\u3002\u4e3a\u4e86\u65b9\u4fbf\u65b0\u52a0\u5165 SIG \u7684\u5f00\u53d1\u8005\u66f4\u5feb\u4e86\u89e3 SIG \u7f16\u5305\u6d41\u7a0b\uff0c\u5728\u6b64\u5bf9 SIG \u7f16\u5305\u6d41\u7a0b\u8fdb\u884c\u68b3\u7406\uff0c\u4ee5\u4f9b\u53c2\u8003\u3002 Excel\u8868\u683c\u8bf4\u660e \u00b6 SIG \u7f16\u5305\u65f6\uff0c\u4f1a\u4ee5\u5171\u4eab\u8868\u683c\u7684\u5f62\u5f0f\uff0c\u5c06\u9700\u8981\u5904\u7406\u7684\u8f6f\u4ef6\u5305\u6574\u7406\u51fa\u6765\uff0c\u4f9b\u5f00\u53d1\u8005\u534f\u540c\u5904\u7406\u3002\u5f53\u524d\u8868\u683c\u683c\u5f0f\u5982\u4e0b\uff1a Project Name openEuler Repo SIG Repo version Required (Min) Version lt Version ne Version Upper Version Status Requires Depth Author PR link PR status pyrsistent python-pyrsistent sig-python-modules 0.18.0 0.18.1 [] 0.18.1 Need Upgrade [] 13 ... \u201cProject Name\u201d\u5217\u4e3a\u8f6f\u4ef6\u9879\u76ee\u540d\u3002\u201copenEuler Repo\u201d\u5217\u4e3a\u6b64\u9879\u76ee\u5728 openEuler gitee \u4e0a\u7684\u4ed3\u5e93\u540d\uff0c\u540c\u65f6\u4e5f\u662f\u6b64\u9879\u76ee\u5728openEuler\u7cfb\u7edf\u4e2d\u7684\u8f6f\u4ef6\u5305\u540d\u3002\u6240\u6709 openEuler \u7684\u8f6f\u4ef6\u5305\u4ed3\u5e93\u5747\u5b58\u653e\u4e8ehttps://gitee.com/src-openeuler\u4e4b\u4e2d\u3002\u201cSIG\u201d\u5217\u8bb0\u5f55\u8f6f\u4ef6\u5305\u5f52\u5c5e\u4e8e\u54ea\u4e2a SIG\u3002 \u5904\u7406\u65f6\u9996\u5148\u67e5\u770b\u201cStatus\u201d\u5217\uff0c\u8be5\u5217\u8868\u793a\u8f6f\u4ef6\u5305\u72b6\u6001\u3002\u8f6f\u4ef6\u5305\u5171\u67096\u79cd\u72b6\u6001\uff0c\u5f00\u53d1\u8005\u9700\u8981\u6839\u636e\u201cStatus\u201d\u8fdb\u884c\u76f8\u5e94\u5904\u7406\u3002 \u201cOK\u201d\uff1a\u5f53\u524d\u7248\u672c\u76f4\u63a5\u53ef\u7528\uff0c\u4e0d\u9700\u8981\u5904\u7406\u3002 \u201cNeed Create Repo\u201d\uff1aopenEuler \u7cfb\u7edf\u4e2d\u6ca1\u6709\u6b64\u8f6f\u4ef6\u5305\uff0c\u9700\u8981\u5728 Gitee \u4e2d\u7684 src-openeuler repo \u4ed3\u65b0\u5efa\u4ed3\u5e93\u3002\u6d41\u7a0b\u53ef\u53c2\u8003\u793e\u533a\u6307\u5bfc\u6587\u6863\uff1a \u65b0\u589e\u8f6f\u4ef6\u5305 \u3002\u521b\u5efa\u5e76\u521d\u59cb\u5316\u4ed3\u5e93\u540e\uff0c\u5c06\u8f6f\u4ef6\u5305\u653e\u5165\u9700\u8981\u7684 OBS \u5de5\u7a0b\u3002 \u201cNeed Create Branch\u201d\uff1a\u4ed3\u5e93\u4e2d\u6ca1\u6709\u6240\u9700\u5206\u652f\uff0c\u9700\u8981\u5f00\u53d1\u8005\u521b\u5efa\u5e76\u521d\u59cb\u5316\u3002 \u201cNeed Init Branch\u201d\uff1a\u9700\u8981\u521d\u59cb\u5316\u5206\u652f\u5e76\u5c06\u6b64\u5206\u652f\u8f6f\u4ef6\u5305\u653e\u5165\u9700\u8981\u7684 OBS \u5de5\u7a0b\u3002\u8868\u660e\u5206\u652f\u5b58\u5728\uff0c\u4f46\u662f\u91cc\u9762\u5e76\u6ca1\u6709\u4efb\u4f55\u7248\u672c\u7684\u6e90\u7801\u5305\uff0c\u5f00\u53d1\u8005\u9700\u8981\u5bf9\u6b64\u5206\u652f\u8fdb\u884c\u521d\u59cb\u5316\uff0c\u4e0a\u4f20\u6240\u9700\u7248\u672c\u6e90\u7801\u5305\u53ca spec \u6587\u4ef6\u7b49\u3002\u4ee522.09\u5f00\u53d1\u5468\u671f\u9002\u914d Yoga \u7248\u672c\u4e3a\u4f8b\uff0c\u6b64\u4efb\u52a1\u76f4\u63a5\u5728 master \u5206\u652f\u5de5\u4f5c\u3002get_gitee_project_version \u9879\u76ee\u72b6\u6001\u4e3a\u201cNeed Init Branch\u201d\u201d\uff0c\u5b83\u5bf9\u5e94\u7684\u201cpython-neutron-tempest-plugin\u201d\u4ed3\u5e93\u7684master\u5206\u652f\uff0c\u5728\u5904\u7406\u524d\uff0c\u53ea\u6709 README.md \u548c README.en.md \u4e24\u4e2a\u6587\u4ef6\uff0c\u9700\u8981\u5f00\u53d1\u8005\u521d\u59cb\u5316\u5206\u652f\u3002 \u201cNeed Downgrade\u201d\uff1a\u964d\u7ea7\u8f6f\u4ef6\u5305\u3002\u6b64\u79cd\u60c5\u51b5\u9760\u540e\u5904\u7406\uff0c\u4e0e SIG \u786e\u8ba4\u540e\u518d\u64cd\u4f5c\u3002 \u201cNeed Upgrade\u201d\uff1a\u5347\u7ea7\u8f6f\u4ef6\u5305\u3002 \u786e\u5b9a\u597d\u8f6f\u4ef6\u5305\u5bf9\u5e94\u7684\u5904\u7406\u7c7b\u578b\u540e\uff0c\u9700\u8981\u6839\u636e\u7248\u672c\u4fe1\u606f\u8fdb\u884c\u5904\u7406\u3002\u201cRepo version\u201d\u5217\u4e3a\u5f53\u524d\u4ed3\u5e93\u4e2d\u5bf9\u5e94\u5206\u652f\u7684\u8f6f\u4ef6\u5305\u7248\u672c\u3002\u201cRequired (Min) Version\u201d\u5219\u662f\u9700\u8981\u7684\u6700\u5c0f\u7248\u672c\uff0c\u5982\u679c\u5176\u540e\u6709\"(Must)\"\u6807\u8bc6\uff0c\u5219\u8868\u793a\u5fc5\u987b\u4f7f\u7528\u6b64\u7248\u672c\u3002\u201cUpper Version\u201d\u4e3a\u53ef\u4ee5\u4f7f\u7528\u7684\u6700\u9ad8\u7248\u672c\u3002\u5982\u679c\u201cRequired (Min) Version\u201d\u548c\u201cUpper Version\u201d\u4e0d\u540c\uff0c\u4f18\u5148\u4f7f\u7528\u201cRequired (Min) Version\u201d\u3002\u6bd4\u5982\u5347\u7ea7\u8f6f\u4ef6\u5305\uff0c\u4f18\u5148\u5347\u7ea7\u5230\u201cRequired (Min) Version\u201d\u3002 \u201cRequires\u201d\u5217\u4e3a\u8f6f\u4ef6\u5305\u7684\u4f9d\u8d56\u3002\u201cDepth\u201d\u5217\u8868\u793a\u8f6f\u4ef6\u5305\u4f9d\u8d56\u5c42\u7ea7\u3002\u201cDepth\u201d\u4e3a1\u7684\u662f\u201cDepth\u201d\u4e3a0\u7684\u8f6f\u4ef6\u5305\u7684\u4f9d\u8d56\uff0c\u4ee5\u6b64\u7c7b\u63a8\uff0c\u201cDepth\u201d\u9ad8\u7684\u8f6f\u4ef6\u5305\u4e3a\u201cDepth\u201d\u4f4e\u7684\u8f6f\u4ef6\u5305\u7684\u4f9d\u8d56\u3002\u5904\u7406\u65f6\u5e94\u4f18\u5148\u5904\u7406\u201cDepth\u201d\u9ad8\u7684\u884c\u3002\u4f46\u5982\u679c\u67d0\u4e2a\u5305\uff0c\u6ca1\u6709\u4f9d\u8d56\uff08\u201cRequires\u201d\u4e3a[]\uff09,\u4e5f\u53ef\u76f4\u63a5\u5904\u7406\u3002\u5982\u679c\u67d0\u4e9b\u5305\u9700\u8981\u4f18\u5148\u5904\u7406\uff0c\u5e94\u6309\u7167\u5176\u201cRequires\u201d\uff0c\u4f18\u5148\u5904\u7406\u5176\u4f9d\u8d56\u3002 \u5904\u7406\u4e00\u4e2a\u8f6f\u4ef6\u5305\u65f6\uff0c\u5e94\u9996\u5148\u5728\u201cAuthor\u201d\u5217\u6807\u6ce8\u81ea\u5df1\u7684\u540d\u5b57\uff0c\u4ee5\u544a\u8bc9\u5176\u4ed6\u5f00\u53d1\u8005\u6b64\u5305\u5df2\u6709\u4eba\u5904\u7406\u3002pr\uff08pull request\uff09\u63d0\u4ea4\u540e\uff0c\u5c06 pr \u94fe\u63a5\u8d34\u5230\u201cPR link\u201d\u5217\u3002pr \u5408\u5e76\u540e\uff0c\u5e94\u5728\u201cPR status\u201d\u5217\u6807\u6ce8\u201cDone\u201d\u3002 SIG \u5904\u7406\u7f16\u5305\u95ee\u9898\u6d41\u7a0b \u00b6 \u76ee\u524d SIG \u5904\u7406\u7f16\u5305\u95ee\u9898\u4e3b\u8981\u4f7f\u7528 SIG \u81ea\u5df1\u7f16\u5199\u7684 oos \u5de5\u5177\u3002oos \u5de5\u5177\u7ec6\u8282\u53c2\u8003 oos README \u3002\u4e0d\u540c\u201cStatus\u201d\u5904\u7406\u65f6\u6d89\u53ca\u7684\u201c\u5347\u7ea7\u201d\u3001\u201c\u521d\u59cb\u5316\u5206\u652f\u201d\u3001\u201c\u8f6f\u4ef6\u5305\u653e\u5165 OBS \u5de5\u7a0b\u201d\u7b49\u64cd\u4f5c\uff0coos \u5de5\u5177\u6709\u5bf9\u5e94\u5b9e\u73b0\u3002 \u4ee5 Yoga \u7248\u672c\u5347\u7ea7 python-pyrsistent \u8f6f\u4ef6\u5305\u4e3a\u4f8b\uff0c\u6f14\u793a\u7f16\u5305\u6d41\u7a0b\uff0c\u5e2e\u52a9\u5f00\u53d1\u8005\u719f\u6089 OpenStack SIG \u57fa\u4e8e oos \u5de5\u5177\u7684\u6253\u5305\u76f8\u5173\u6d41\u7a0b\u3002\u5728\u4e86\u89e3\u57fa\u7840\u6d41\u7a0b\u540e\uff0c\u5f00\u53d1\u8005\u53ef\u901a\u8fc7 oos README \u4e86\u89e3\u5176\u4f59\u64cd\u4f5c\u3002python-pyrsistent \u8f6f\u4ef6\u5305\u4fe1\u606f\u53c2\u89c1\u4e0a\u6587\u8868\u683c\u3002\u8be5\u8f6f\u4ef6\u5305\u9700\u8981\u4ece0.18.0\u7248\u672c\u5347\u7ea7\u52300.18.1\u7248\u672c\u3002Yoga \u7248\u672c\u662f\u572822.09\u7248\u672c\u5f00\u53d1\u89c4\u5212\u4e2d\uff0c\u5f53\u524d\u4e3a22\u5e745\u6708\uff0c\u76f4\u63a5\u63d0\u4ea4\u5230master\u5206\u652f\u5373\u53ef\u3002 \u7b7e\u7f72 CLA \u00b6 \u5728 openEuler \u793e\u533a\u63d0\u4ea4\u8d21\u732e\u9700\u8981\u7b7e\u7f72 CLA \u3002 \u5bf9\u4e8e\u521d\u6b21\u53c2\u4e0e openEuler \u793e\u533a\u7684\u5f00\u53d1\u8005\uff0c\u53ef\u9996\u5148\u67e5\u770b openEuler \u8d21\u732e\u653b\u7565 \uff0c\u6982\u89c8\u6574\u4f53\u8d21\u732e\u60c5\u51b5\u3002 \u73af\u5883\u51c6\u5907 \u00b6 dnf install rpm-build rpmdevtools git # \u751f\u6210~/rpmbuild\u76ee\u5f55\uff0coos\u9ed8\u8ba4\u5de5\u4f5c\u8def\u5f84\u4e5f\u4e3a\u6b64 rpmdev-setuptree pip install openstack-sig-tool==1.0.6 \u8bf4\u660e\uff1aopenstack-sig-tool \u5728 1.1.0 \u7248\u672c\u5bf9 oos spec \u547d\u4ee4\u8fdb\u884c\u4e86 \u91cd\u6784 \u3002\u5982\u4e0b\u6d41\u7a0b\u6d89\u53ca oos spec \u547d\u4ee4\u7684\u64cd\u4f5c\u5bf9\u5e94 1.0.6 \u7248\u672c\u3002\u5efa\u8bae\u5b89\u88c5\u65b0\u7248 oos , \u5e76\u53c2\u8003\u5bf9\u5e94 README \u4f7f\u7528\u3002 \u751f\u6210\u4e2a\u4eba Gitee \u5e10\u6237\u7684 pat(personal access token) \u00b6 \u9996\u5148\u8fdb\u5165 Gitee \u5e10\u6237\u7684\u201c\u8bbe\u7f6e\u201d\u754c\u9762\u3002 \u9009\u62e9\u201c\u79c1\u4eba\u4ee4\u724c\u201d\uff0c\u7136\u540e\u70b9\u51fb\u201c\u751f\u6210\u65b0\u4ee4\u724c\u201d\u3002\u751f\u6210\u540e\u5355\u72ec\u4fdd\u5b58\u597d\u81ea\u5df1\u7684\u79c1\u4eba\u4ee4\u724c\uff08pat\uff09\uff0cGitee \u4e0a\u65e0\u6cd5\u518d\u6b21\u67e5\u770b\uff0c\u5982\u679c\u4e22\u5931\u53ea\u80fd\u91cd\u65b0\u751f\u6210\u3002 \u751f\u6210 python-pyrsistent \u5305\u7684 spec \u5e76\u63d0\u4ea4 \u00b6 export GITEE_PAT=<your gitee pat> oos spec push --name python-pyrsistent --version 0.18.1 -dp -dp, --do-push [\u53ef\u9009] \u6307\u5b9a\u662f\u5426\u6267\u884cpush\u5230gitee\u4ed3\u5e93\u4e0a\u5e76\u63d0\u4ea4PR\uff0c\u5982\u679c\u4e0d\u6307\u5b9a\u5219\u53ea\u4f1a\u63d0\u4ea4\u5230\u672c\u5730\u7684\u4ed3\u5e93\u4e2d \u6ce8\u610f\u6b64\u5904 --name \u53c2\u6570\u4e3a\u8868\u683c\u4e2d\u7684\u201cProject Name\u201d\u5217\u3002 oos spec push \u547d\u4ee4\u4f1a\u81ea\u52a8\u8fdb\u884c\u5982\u4e0b\u6d41\u7a0b\uff1a fork --name \u5bf9\u5e94\u4ed3\u5e93\u5230 pat \u5bf9\u5e94\u7684 gitee \u5e10\u6237\u3002 \u5c06\u4ed3\u5e93 clone \u5230\u672c\u5730\uff0c\u9ed8\u8ba4\u8def\u5f84\u4e3a ~/rpmbuild/src-repos \u3002 \u6839\u636e --name \u548c --version \u4e0b\u8f7d\u6e90\u7801\u5305\uff0c\u5e76\u751f\u6210 spec \u6587\u4ef6(\u8bfb\u53d6\u4ed3\u5e93\u4e2d\u539f\u6709 changelog)\u3002\u6b64\u9636\u6bb5\u9ed8\u8ba4\u8def\u5f84\u4e3a ~/rpmbuild \u3002 \u672c\u5730\u8fd0\u884c rpm \u5305\u6784\u5efa\u3002\u672c\u5730\u8fd0\u884c\u901a\u8fc7\u540e\uff0c\u4f1a\u81ea\u52a8\u5c06 spec \u6587\u4ef6\u53ca\u6e90\u7801\u5305\u66f4\u65b0\u5230 git \u4ed3\u5e93\u3002\u5982\u679c\u6709 -dp \u53c2\u6570\u5219\u81ea\u52a8\u8fdb\u884c push \u53ca\u521b\u5efa pr \u64cd\u4f5c\u3002\u5982\u679c\u672c\u5730\u6784\u5efa\u65f6\u5931\u8d25\uff0c\u5219\u505c\u6b62\u6d41\u7a0b\u3002 \u5982\u679c\u672c\u5730\u6784\u5efa\u5931\u8d25\uff0c\u5219\u53ef\u4ee5\u4fee\u6539\u751f\u6210\u7684 spec \u6587\u4ef6\u3002\u7136\u540e\u6267\u884c\uff1a oos spec push --name python-pyrsistent --version 0.18.1 -dp -rs -rs, --reuse-spec [\u53ef\u9009] \u590d\u7528\u5df2\u5b58\u5728\u7684spec\u6587\u4ef6\uff0c\u4e0d\u518d\u91cd\u65b0\u751f\u6210\u3002 \u5982\u6b64\u5faa\u73af\uff0c\u76f4\u81f3\u4e0a\u4f20\u6210\u529f\u3002 \u6ce81\uff1a\u5347\u7ea7\u65f6\u8981\u901a\u8fc7 oos spec push \u547d\u4ee4\u751f\u6210 spec \u6587\u4ef6\uff0c\u4e0d\u8981\u4f7f\u7528 oos spec build \u547d\u4ee4\uff0cpush \u547d\u4ee4\u4f1a\u4fdd\u7559\u4ed3\u5e93\u4e2d \u73b0\u6709 spec \u7684 changelog\uff0cbuild \u547d\u4ee4\u5219\u76f4\u63a5\u751f\u6210\u65b0\u7684 changelog\u3002 \u6ce82\uff1a\u5904\u7406\u9519\u8bef\u65f6\uff0c\u53ef\u4ee5\u53c2\u8003\u4ed3\u5e93\u4e2d\u73b0\u6709\u7684 spec \u6587\u4ef6\uff1b\u5f53\u524d spec \u9664\u4e86 changelog \u90e8\u5206\uff0c\u5176\u4f59\u4e3a oos \u5de5\u5177\u91cd\u65b0\u751f\u6210\uff0c\u524d\u4eba\u9047\u5230\u7684\u9519\u8bef\uff0c\u6b64\u5904\u4ecd\u53ef\u80fd\u9047\u5230\uff0c\u53ef\u53c2\u8003\u524d\u4eba\u64cd\u4f5c\u7ed3\u679c\u95ee\u9898\u3002 \u6ce83\uff1aoos \u547d\u4ee4\u8fd8\u652f\u6301\u6279\u91cf\u5904\u7406\uff0c\u53ef\u4ee5\u53c2\u8003 oos \u7684 README \u81ea\u884c\u5c1d\u8bd5\u3002 PR \u95e8\u7981\u68c0\u67e5 \u00b6 \u6b64\u65f6\u5728\u81ea\u5df1\u7684 gitee \u5e10\u6237\u4e2d\u53ef\u4ee5\u770b\u5230 fork \u8fc7\u6765\u7684\u4ed3\u5e93\u3002\u8fdb\u5165\u81ea\u5df1\u5e10\u53f7\u4e2d\u7684\u4ed3\u5e93\uff0c\u53ef\u901a\u8fc7\u70b9\u51fb\u5982\u4e0b\u6846\u8d77\u4f4d\u7f6e\uff0c\u53ef\u8fdb\u5165\u539f\u4ed3\u5e93\u3002 \u539f\u4ed3\u5e93\u4e2d\u53ef\u4ee5\u770b\u5230\u81ea\u52a8\u63d0\u4ea4\u7684 pr\u3002Pr \u4e2d\u53ef\u4ee5\u770b\u5230 openeuler-ci-bot \u7684\u8bc4\u8bba\uff1a openEuler \u5728 gitee \u4e0a\u6258\u7ba1\u7684\u4ee3\u7801\uff0c\u63d0\u4ea4 pr \u4f1a\u81ea\u52a8\u89e6\u53d1\u95e8\u7981\u3002\u672c\u5730\u6784\u5efa\u901a\u8fc7\u7684\uff0c\u4e5f\u6709\u53ef\u80fd\u5728\u95e8\u7981\u68c0\u67e5\u4e2d\u6784\u5efa\u5931\u8d25\u3002\u6bd4\u5982\u4e0a\u56fe\u4e2d\u6b64\u6b21\u63d0\u4ea4\u4fbf\u6784\u5efa\u5931\u8d25\uff0c\u53ef\u4ee5\u70b9\u51fb\u6846\u8d77\u90e8\u5206\uff0c\u67e5\u770b\u5bf9\u5e94\u67b6\u6784\u7684 build details\u3002 \u6b64\u65f6\u53ef\u4ee5\u6839\u636e build details \u4e2d\u65e5\u5fd7\u4e2d\u62a5\u9519\u4fe1\u606f\uff0c\u5bf9\u672c\u5730 spec \u8fdb\u884c\u4fee\u6539\uff0c\u800c\u540e\u518d\u6b21\u6267\u884c\uff1a oos spec push --name python-pyrsistent --version 0.18.1 -dp -rs \u7ebf\u4e0a\u4f1a\u81ea\u52a8\u91cd\u65b0\u6267\u884c\u6d4b\u8bd5\u3002 \u95e8\u7981\u8be6\u7ec6\u4fe1\u606f\u53ca\u5404\u9879\u7ed3\u679c\u542b\u4e49\u53c2\u8003\u793e\u533a\u7684 \u300a\u95e8\u7981\u529f\u80fd\u6307\u5bfc\u624b\u518c\u300b \u3002 PR \u68c0\u89c6 \u00b6 \u5f53\u4e00\u4e2a pr \u901a\u8fc7\u95e8\u7981\u68c0\u67e5\u540e\uff0c\u9700\u8981\u7531\u8f6f\u4ef6\u4ed3\u5e93\u6240\u5c5e SIG \u7684 maintainer \u8fdb\u884c review\u3002\u4e3a\u4e86\u52a0\u901f\u8fdb\u7a0b\uff0c\u95e8\u7981\u901a\u8fc7\u540e\uff0c\u53ef\u4ee5\u624b\u52a8 @ \u5bf9\u5e94\u7684 maintainer\uff0c\u8bf7\u6c42\u5e2e\u5fd9\u68c0\u89c6\u3002\u5728 pr \u63d0\u4ea4\u540e\uff0copeneuler-ci-bot \u4f1a\u6709\u5982\u4e0b\u56fe\u6240\u793a\u8bc4\u8bba\uff0c\u5176\u4e2d\u88ab @ \u7684\u4eba\u5373\u4e3a\u5f53\u524d\u4ed3\u5e93\u6240\u5c5e SIG \u7684 maintainer\u3002 \u6ce8\u610f\u4e8b\u9879 \u00b6 \u8fd9\u91cc\u5bf9\u4e00\u4e9b\u53ef\u80fd\u9047\u5230\u7684\u7279\u6b8a\u95ee\u9898\u8fdb\u884c\u8bb0\u5f55\u3002 \u6d4b\u8bd5\u672a\u6267\u884c\u95ee\u9898 \u00b6 oos \u81ea\u52a8\u751f\u6210\u7684 spec \u6587\u4ef6\u4e2d\uff0c%check \u90e8\u5206\u9ed8\u8ba4\u4e3a %{__python3} setup.py test \u3002\u4f46\u662f\u5728\u6709\u4e9b\u5305\u4e2d\uff0c\u8fd9\u6837\u5e76\u4e0d\u4f1a\u771f\u6b63\u6267\u884c\u6d4b\u8bd5\uff0c\u4f46\u95e8\u7981\u7ed3\u679c\u4e5f\u663e\u793a\u901a\u8fc7\u3002\u9700\u8981\u5f00\u53d1\u8005\u4eba\u5de5\u8fa8\u522b\u3002\u53c2\u8003\u65b9\u6cd5\u5982\u4e0b\uff1a \u5982\u679c\u662f\u6b64\u524d\u5df2\u6709 spec \u6587\u4ef6\uff0c\u53ef\u4ee5\u53c2\u8003\u4e4b\u524d\u7684 spec \u4e2d %check \u90e8\u5206\u5982\u4f55\u4e66\u5199\u3002\u5982\u679c\u4ee5\u524d\u5199\u7684\u4e0d\u662f %{__python3} setup.py test \uff0c\u4fbf\u9700\u8981\u91cd\u70b9\u6ce8\u610f\u3002 \u8fdb\u5165\u95e8\u7981\u7684 build details(\u53c2\u89c1\u4e0a\u6587\u201cPR \u95e8\u7981\u68c0\u67e5\u201d\u90e8\u5206)\uff0c\u67e5\u770b\u6784\u5efa\u65e5\u5fd7\u7684 %check \u90e8\u5206\u3002\u4e0b\u56fe\u4e3a\u8fdb\u5165 build details\uff0c\u7136\u540e\u9009\u62e9\u201c\u6587\u672c\u65b9\u5f0f\u67e5\u770b\u201d\u7684\u65e5\u5fd7\u663e\u793a\u622a\u56fe\u3002\u53ef\u4ee5\u770b\u5230\u663e\u793a\u5b9e\u9645\u8fd0\u884c\u6d4b\u8bd5\u6570\u4e3a0\u3002 \u5305\u540d\u4e0d\u4e00\u81f4\u95ee\u9898 \u00b6 \u5c0f\u90e8\u5206\u8f6f\u4ef6\u5305\u53ef\u80fd\u4f1a\u78b0\u5230\uff0coos \u81ea\u52a8\u751f\u6210\u7684 spec \u6240\u4f7f\u7528\u7684\u7684\u5305\u540d\u4e0e\u73b0\u6709\u5305\u540d\u4e0d\u4e00\u81f4\u3002\u6bd4\u5982\u4e00\u4e2a\u4f7f\u7528 - ,\u4e00\u4e2a\u4f7f\u7528\u4e0b\u5212\u7ebf _ \u3002\u6b64\u5904\u4ee5\u539f\u672c\u4f7f\u7528\u7684\u5305\u540d\u4e3a\u51c6\uff0c\u4e0d\u4fee\u6539\u539f\u6709\u5305\u540d\u3002 \u4f5c\u4e3a\u4e34\u65f6\u7684\u5904\u7406\uff0c\u5f00\u53d1\u8005\u53ef\u4ee5\u624b\u52a8\u5c06 spec \u6587\u4ef6\u76f8\u5173\u5730\u65b9\u6539\u4e3a\u539f\u6709\u5305\u540d\u3002\u4e0e\u6b64\u540c\u65f6\uff0coos \u62e5\u6709 mapping \u4fee\u6b63\u529f\u80fd\uff0c\u5f00\u53d1\u8005\u53ef\u4ee5\u63d0\u4ea4 issue\uff0cSIG \u5c06\u5728 oos \u4e2d\u8fdb\u884c\u4fee\u590d\u3002","title":"RPM\u5f00\u53d1\u6d41\u7a0b"},{"location":"contribute/rpm-packaging-reference/#sig-rpm","text":"OpenStack SIG \u6709\u4e00\u9879\u957f\u671f\u5f00\u53d1\u5de5\u4f5c\u662f\u8fdb\u884c OpenStack \u5404\u7248\u672c\u76f8\u5173 RPM \u8f6f\u4ef6\u5305\u7684\u6253\u5305\u7ef4\u62a4\u3002\u4e3a\u4e86\u65b9\u4fbf\u65b0\u52a0\u5165 SIG \u7684\u5f00\u53d1\u8005\u66f4\u5feb\u4e86\u89e3 SIG \u7f16\u5305\u6d41\u7a0b\uff0c\u5728\u6b64\u5bf9 SIG \u7f16\u5305\u6d41\u7a0b\u8fdb\u884c\u68b3\u7406\uff0c\u4ee5\u4f9b\u53c2\u8003\u3002","title":"SIG RPM \u7f16\u5305\u6d41\u7a0b\u68b3\u7406"},{"location":"contribute/rpm-packaging-reference/#excel","text":"SIG \u7f16\u5305\u65f6\uff0c\u4f1a\u4ee5\u5171\u4eab\u8868\u683c\u7684\u5f62\u5f0f\uff0c\u5c06\u9700\u8981\u5904\u7406\u7684\u8f6f\u4ef6\u5305\u6574\u7406\u51fa\u6765\uff0c\u4f9b\u5f00\u53d1\u8005\u534f\u540c\u5904\u7406\u3002\u5f53\u524d\u8868\u683c\u683c\u5f0f\u5982\u4e0b\uff1a Project Name openEuler Repo SIG Repo version Required (Min) Version lt Version ne Version Upper Version Status Requires Depth Author PR link PR status pyrsistent python-pyrsistent sig-python-modules 0.18.0 0.18.1 [] 0.18.1 Need Upgrade [] 13 ... \u201cProject Name\u201d\u5217\u4e3a\u8f6f\u4ef6\u9879\u76ee\u540d\u3002\u201copenEuler Repo\u201d\u5217\u4e3a\u6b64\u9879\u76ee\u5728 openEuler gitee \u4e0a\u7684\u4ed3\u5e93\u540d\uff0c\u540c\u65f6\u4e5f\u662f\u6b64\u9879\u76ee\u5728openEuler\u7cfb\u7edf\u4e2d\u7684\u8f6f\u4ef6\u5305\u540d\u3002\u6240\u6709 openEuler \u7684\u8f6f\u4ef6\u5305\u4ed3\u5e93\u5747\u5b58\u653e\u4e8ehttps://gitee.com/src-openeuler\u4e4b\u4e2d\u3002\u201cSIG\u201d\u5217\u8bb0\u5f55\u8f6f\u4ef6\u5305\u5f52\u5c5e\u4e8e\u54ea\u4e2a SIG\u3002 \u5904\u7406\u65f6\u9996\u5148\u67e5\u770b\u201cStatus\u201d\u5217\uff0c\u8be5\u5217\u8868\u793a\u8f6f\u4ef6\u5305\u72b6\u6001\u3002\u8f6f\u4ef6\u5305\u5171\u67096\u79cd\u72b6\u6001\uff0c\u5f00\u53d1\u8005\u9700\u8981\u6839\u636e\u201cStatus\u201d\u8fdb\u884c\u76f8\u5e94\u5904\u7406\u3002 \u201cOK\u201d\uff1a\u5f53\u524d\u7248\u672c\u76f4\u63a5\u53ef\u7528\uff0c\u4e0d\u9700\u8981\u5904\u7406\u3002 \u201cNeed Create Repo\u201d\uff1aopenEuler \u7cfb\u7edf\u4e2d\u6ca1\u6709\u6b64\u8f6f\u4ef6\u5305\uff0c\u9700\u8981\u5728 Gitee \u4e2d\u7684 src-openeuler repo \u4ed3\u65b0\u5efa\u4ed3\u5e93\u3002\u6d41\u7a0b\u53ef\u53c2\u8003\u793e\u533a\u6307\u5bfc\u6587\u6863\uff1a \u65b0\u589e\u8f6f\u4ef6\u5305 \u3002\u521b\u5efa\u5e76\u521d\u59cb\u5316\u4ed3\u5e93\u540e\uff0c\u5c06\u8f6f\u4ef6\u5305\u653e\u5165\u9700\u8981\u7684 OBS \u5de5\u7a0b\u3002 \u201cNeed Create Branch\u201d\uff1a\u4ed3\u5e93\u4e2d\u6ca1\u6709\u6240\u9700\u5206\u652f\uff0c\u9700\u8981\u5f00\u53d1\u8005\u521b\u5efa\u5e76\u521d\u59cb\u5316\u3002 \u201cNeed Init Branch\u201d\uff1a\u9700\u8981\u521d\u59cb\u5316\u5206\u652f\u5e76\u5c06\u6b64\u5206\u652f\u8f6f\u4ef6\u5305\u653e\u5165\u9700\u8981\u7684 OBS \u5de5\u7a0b\u3002\u8868\u660e\u5206\u652f\u5b58\u5728\uff0c\u4f46\u662f\u91cc\u9762\u5e76\u6ca1\u6709\u4efb\u4f55\u7248\u672c\u7684\u6e90\u7801\u5305\uff0c\u5f00\u53d1\u8005\u9700\u8981\u5bf9\u6b64\u5206\u652f\u8fdb\u884c\u521d\u59cb\u5316\uff0c\u4e0a\u4f20\u6240\u9700\u7248\u672c\u6e90\u7801\u5305\u53ca spec \u6587\u4ef6\u7b49\u3002\u4ee522.09\u5f00\u53d1\u5468\u671f\u9002\u914d Yoga \u7248\u672c\u4e3a\u4f8b\uff0c\u6b64\u4efb\u52a1\u76f4\u63a5\u5728 master \u5206\u652f\u5de5\u4f5c\u3002get_gitee_project_version \u9879\u76ee\u72b6\u6001\u4e3a\u201cNeed Init Branch\u201d\u201d\uff0c\u5b83\u5bf9\u5e94\u7684\u201cpython-neutron-tempest-plugin\u201d\u4ed3\u5e93\u7684master\u5206\u652f\uff0c\u5728\u5904\u7406\u524d\uff0c\u53ea\u6709 README.md \u548c README.en.md \u4e24\u4e2a\u6587\u4ef6\uff0c\u9700\u8981\u5f00\u53d1\u8005\u521d\u59cb\u5316\u5206\u652f\u3002 \u201cNeed Downgrade\u201d\uff1a\u964d\u7ea7\u8f6f\u4ef6\u5305\u3002\u6b64\u79cd\u60c5\u51b5\u9760\u540e\u5904\u7406\uff0c\u4e0e SIG \u786e\u8ba4\u540e\u518d\u64cd\u4f5c\u3002 \u201cNeed Upgrade\u201d\uff1a\u5347\u7ea7\u8f6f\u4ef6\u5305\u3002 \u786e\u5b9a\u597d\u8f6f\u4ef6\u5305\u5bf9\u5e94\u7684\u5904\u7406\u7c7b\u578b\u540e\uff0c\u9700\u8981\u6839\u636e\u7248\u672c\u4fe1\u606f\u8fdb\u884c\u5904\u7406\u3002\u201cRepo version\u201d\u5217\u4e3a\u5f53\u524d\u4ed3\u5e93\u4e2d\u5bf9\u5e94\u5206\u652f\u7684\u8f6f\u4ef6\u5305\u7248\u672c\u3002\u201cRequired (Min) Version\u201d\u5219\u662f\u9700\u8981\u7684\u6700\u5c0f\u7248\u672c\uff0c\u5982\u679c\u5176\u540e\u6709\"(Must)\"\u6807\u8bc6\uff0c\u5219\u8868\u793a\u5fc5\u987b\u4f7f\u7528\u6b64\u7248\u672c\u3002\u201cUpper Version\u201d\u4e3a\u53ef\u4ee5\u4f7f\u7528\u7684\u6700\u9ad8\u7248\u672c\u3002\u5982\u679c\u201cRequired (Min) Version\u201d\u548c\u201cUpper Version\u201d\u4e0d\u540c\uff0c\u4f18\u5148\u4f7f\u7528\u201cRequired (Min) Version\u201d\u3002\u6bd4\u5982\u5347\u7ea7\u8f6f\u4ef6\u5305\uff0c\u4f18\u5148\u5347\u7ea7\u5230\u201cRequired (Min) Version\u201d\u3002 \u201cRequires\u201d\u5217\u4e3a\u8f6f\u4ef6\u5305\u7684\u4f9d\u8d56\u3002\u201cDepth\u201d\u5217\u8868\u793a\u8f6f\u4ef6\u5305\u4f9d\u8d56\u5c42\u7ea7\u3002\u201cDepth\u201d\u4e3a1\u7684\u662f\u201cDepth\u201d\u4e3a0\u7684\u8f6f\u4ef6\u5305\u7684\u4f9d\u8d56\uff0c\u4ee5\u6b64\u7c7b\u63a8\uff0c\u201cDepth\u201d\u9ad8\u7684\u8f6f\u4ef6\u5305\u4e3a\u201cDepth\u201d\u4f4e\u7684\u8f6f\u4ef6\u5305\u7684\u4f9d\u8d56\u3002\u5904\u7406\u65f6\u5e94\u4f18\u5148\u5904\u7406\u201cDepth\u201d\u9ad8\u7684\u884c\u3002\u4f46\u5982\u679c\u67d0\u4e2a\u5305\uff0c\u6ca1\u6709\u4f9d\u8d56\uff08\u201cRequires\u201d\u4e3a[]\uff09,\u4e5f\u53ef\u76f4\u63a5\u5904\u7406\u3002\u5982\u679c\u67d0\u4e9b\u5305\u9700\u8981\u4f18\u5148\u5904\u7406\uff0c\u5e94\u6309\u7167\u5176\u201cRequires\u201d\uff0c\u4f18\u5148\u5904\u7406\u5176\u4f9d\u8d56\u3002 \u5904\u7406\u4e00\u4e2a\u8f6f\u4ef6\u5305\u65f6\uff0c\u5e94\u9996\u5148\u5728\u201cAuthor\u201d\u5217\u6807\u6ce8\u81ea\u5df1\u7684\u540d\u5b57\uff0c\u4ee5\u544a\u8bc9\u5176\u4ed6\u5f00\u53d1\u8005\u6b64\u5305\u5df2\u6709\u4eba\u5904\u7406\u3002pr\uff08pull request\uff09\u63d0\u4ea4\u540e\uff0c\u5c06 pr \u94fe\u63a5\u8d34\u5230\u201cPR link\u201d\u5217\u3002pr \u5408\u5e76\u540e\uff0c\u5e94\u5728\u201cPR status\u201d\u5217\u6807\u6ce8\u201cDone\u201d\u3002","title":"Excel\u8868\u683c\u8bf4\u660e"},{"location":"contribute/rpm-packaging-reference/#sig","text":"\u76ee\u524d SIG \u5904\u7406\u7f16\u5305\u95ee\u9898\u4e3b\u8981\u4f7f\u7528 SIG \u81ea\u5df1\u7f16\u5199\u7684 oos \u5de5\u5177\u3002oos \u5de5\u5177\u7ec6\u8282\u53c2\u8003 oos README \u3002\u4e0d\u540c\u201cStatus\u201d\u5904\u7406\u65f6\u6d89\u53ca\u7684\u201c\u5347\u7ea7\u201d\u3001\u201c\u521d\u59cb\u5316\u5206\u652f\u201d\u3001\u201c\u8f6f\u4ef6\u5305\u653e\u5165 OBS \u5de5\u7a0b\u201d\u7b49\u64cd\u4f5c\uff0coos \u5de5\u5177\u6709\u5bf9\u5e94\u5b9e\u73b0\u3002 \u4ee5 Yoga \u7248\u672c\u5347\u7ea7 python-pyrsistent \u8f6f\u4ef6\u5305\u4e3a\u4f8b\uff0c\u6f14\u793a\u7f16\u5305\u6d41\u7a0b\uff0c\u5e2e\u52a9\u5f00\u53d1\u8005\u719f\u6089 OpenStack SIG \u57fa\u4e8e oos \u5de5\u5177\u7684\u6253\u5305\u76f8\u5173\u6d41\u7a0b\u3002\u5728\u4e86\u89e3\u57fa\u7840\u6d41\u7a0b\u540e\uff0c\u5f00\u53d1\u8005\u53ef\u901a\u8fc7 oos README \u4e86\u89e3\u5176\u4f59\u64cd\u4f5c\u3002python-pyrsistent \u8f6f\u4ef6\u5305\u4fe1\u606f\u53c2\u89c1\u4e0a\u6587\u8868\u683c\u3002\u8be5\u8f6f\u4ef6\u5305\u9700\u8981\u4ece0.18.0\u7248\u672c\u5347\u7ea7\u52300.18.1\u7248\u672c\u3002Yoga \u7248\u672c\u662f\u572822.09\u7248\u672c\u5f00\u53d1\u89c4\u5212\u4e2d\uff0c\u5f53\u524d\u4e3a22\u5e745\u6708\uff0c\u76f4\u63a5\u63d0\u4ea4\u5230master\u5206\u652f\u5373\u53ef\u3002","title":"SIG \u5904\u7406\u7f16\u5305\u95ee\u9898\u6d41\u7a0b"},{"location":"contribute/rpm-packaging-reference/#cla","text":"\u5728 openEuler \u793e\u533a\u63d0\u4ea4\u8d21\u732e\u9700\u8981\u7b7e\u7f72 CLA \u3002 \u5bf9\u4e8e\u521d\u6b21\u53c2\u4e0e openEuler \u793e\u533a\u7684\u5f00\u53d1\u8005\uff0c\u53ef\u9996\u5148\u67e5\u770b openEuler \u8d21\u732e\u653b\u7565 \uff0c\u6982\u89c8\u6574\u4f53\u8d21\u732e\u60c5\u51b5\u3002","title":"\u7b7e\u7f72 CLA"},{"location":"contribute/rpm-packaging-reference/#_1","text":"dnf install rpm-build rpmdevtools git # \u751f\u6210~/rpmbuild\u76ee\u5f55\uff0coos\u9ed8\u8ba4\u5de5\u4f5c\u8def\u5f84\u4e5f\u4e3a\u6b64 rpmdev-setuptree pip install openstack-sig-tool==1.0.6 \u8bf4\u660e\uff1aopenstack-sig-tool \u5728 1.1.0 \u7248\u672c\u5bf9 oos spec \u547d\u4ee4\u8fdb\u884c\u4e86 \u91cd\u6784 \u3002\u5982\u4e0b\u6d41\u7a0b\u6d89\u53ca oos spec \u547d\u4ee4\u7684\u64cd\u4f5c\u5bf9\u5e94 1.0.6 \u7248\u672c\u3002\u5efa\u8bae\u5b89\u88c5\u65b0\u7248 oos , \u5e76\u53c2\u8003\u5bf9\u5e94 README \u4f7f\u7528\u3002","title":"\u73af\u5883\u51c6\u5907"},{"location":"contribute/rpm-packaging-reference/#gitee-patpersonal-access-token","text":"\u9996\u5148\u8fdb\u5165 Gitee \u5e10\u6237\u7684\u201c\u8bbe\u7f6e\u201d\u754c\u9762\u3002 \u9009\u62e9\u201c\u79c1\u4eba\u4ee4\u724c\u201d\uff0c\u7136\u540e\u70b9\u51fb\u201c\u751f\u6210\u65b0\u4ee4\u724c\u201d\u3002\u751f\u6210\u540e\u5355\u72ec\u4fdd\u5b58\u597d\u81ea\u5df1\u7684\u79c1\u4eba\u4ee4\u724c\uff08pat\uff09\uff0cGitee \u4e0a\u65e0\u6cd5\u518d\u6b21\u67e5\u770b\uff0c\u5982\u679c\u4e22\u5931\u53ea\u80fd\u91cd\u65b0\u751f\u6210\u3002","title":"\u751f\u6210\u4e2a\u4eba Gitee \u5e10\u6237\u7684 pat(personal access token)"},{"location":"contribute/rpm-packaging-reference/#python-pyrsistent-spec","text":"export GITEE_PAT=<your gitee pat> oos spec push --name python-pyrsistent --version 0.18.1 -dp -dp, --do-push [\u53ef\u9009] \u6307\u5b9a\u662f\u5426\u6267\u884cpush\u5230gitee\u4ed3\u5e93\u4e0a\u5e76\u63d0\u4ea4PR\uff0c\u5982\u679c\u4e0d\u6307\u5b9a\u5219\u53ea\u4f1a\u63d0\u4ea4\u5230\u672c\u5730\u7684\u4ed3\u5e93\u4e2d \u6ce8\u610f\u6b64\u5904 --name \u53c2\u6570\u4e3a\u8868\u683c\u4e2d\u7684\u201cProject Name\u201d\u5217\u3002 oos spec push \u547d\u4ee4\u4f1a\u81ea\u52a8\u8fdb\u884c\u5982\u4e0b\u6d41\u7a0b\uff1a fork --name \u5bf9\u5e94\u4ed3\u5e93\u5230 pat \u5bf9\u5e94\u7684 gitee \u5e10\u6237\u3002 \u5c06\u4ed3\u5e93 clone \u5230\u672c\u5730\uff0c\u9ed8\u8ba4\u8def\u5f84\u4e3a ~/rpmbuild/src-repos \u3002 \u6839\u636e --name \u548c --version \u4e0b\u8f7d\u6e90\u7801\u5305\uff0c\u5e76\u751f\u6210 spec \u6587\u4ef6(\u8bfb\u53d6\u4ed3\u5e93\u4e2d\u539f\u6709 changelog)\u3002\u6b64\u9636\u6bb5\u9ed8\u8ba4\u8def\u5f84\u4e3a ~/rpmbuild \u3002 \u672c\u5730\u8fd0\u884c rpm \u5305\u6784\u5efa\u3002\u672c\u5730\u8fd0\u884c\u901a\u8fc7\u540e\uff0c\u4f1a\u81ea\u52a8\u5c06 spec \u6587\u4ef6\u53ca\u6e90\u7801\u5305\u66f4\u65b0\u5230 git \u4ed3\u5e93\u3002\u5982\u679c\u6709 -dp \u53c2\u6570\u5219\u81ea\u52a8\u8fdb\u884c push \u53ca\u521b\u5efa pr \u64cd\u4f5c\u3002\u5982\u679c\u672c\u5730\u6784\u5efa\u65f6\u5931\u8d25\uff0c\u5219\u505c\u6b62\u6d41\u7a0b\u3002 \u5982\u679c\u672c\u5730\u6784\u5efa\u5931\u8d25\uff0c\u5219\u53ef\u4ee5\u4fee\u6539\u751f\u6210\u7684 spec \u6587\u4ef6\u3002\u7136\u540e\u6267\u884c\uff1a oos spec push --name python-pyrsistent --version 0.18.1 -dp -rs -rs, --reuse-spec [\u53ef\u9009] \u590d\u7528\u5df2\u5b58\u5728\u7684spec\u6587\u4ef6\uff0c\u4e0d\u518d\u91cd\u65b0\u751f\u6210\u3002 \u5982\u6b64\u5faa\u73af\uff0c\u76f4\u81f3\u4e0a\u4f20\u6210\u529f\u3002 \u6ce81\uff1a\u5347\u7ea7\u65f6\u8981\u901a\u8fc7 oos spec push \u547d\u4ee4\u751f\u6210 spec \u6587\u4ef6\uff0c\u4e0d\u8981\u4f7f\u7528 oos spec build \u547d\u4ee4\uff0cpush \u547d\u4ee4\u4f1a\u4fdd\u7559\u4ed3\u5e93\u4e2d \u73b0\u6709 spec \u7684 changelog\uff0cbuild \u547d\u4ee4\u5219\u76f4\u63a5\u751f\u6210\u65b0\u7684 changelog\u3002 \u6ce82\uff1a\u5904\u7406\u9519\u8bef\u65f6\uff0c\u53ef\u4ee5\u53c2\u8003\u4ed3\u5e93\u4e2d\u73b0\u6709\u7684 spec \u6587\u4ef6\uff1b\u5f53\u524d spec \u9664\u4e86 changelog \u90e8\u5206\uff0c\u5176\u4f59\u4e3a oos \u5de5\u5177\u91cd\u65b0\u751f\u6210\uff0c\u524d\u4eba\u9047\u5230\u7684\u9519\u8bef\uff0c\u6b64\u5904\u4ecd\u53ef\u80fd\u9047\u5230\uff0c\u53ef\u53c2\u8003\u524d\u4eba\u64cd\u4f5c\u7ed3\u679c\u95ee\u9898\u3002 \u6ce83\uff1aoos \u547d\u4ee4\u8fd8\u652f\u6301\u6279\u91cf\u5904\u7406\uff0c\u53ef\u4ee5\u53c2\u8003 oos \u7684 README \u81ea\u884c\u5c1d\u8bd5\u3002","title":"\u751f\u6210 python-pyrsistent \u5305\u7684 spec \u5e76\u63d0\u4ea4"},{"location":"contribute/rpm-packaging-reference/#pr","text":"\u6b64\u65f6\u5728\u81ea\u5df1\u7684 gitee \u5e10\u6237\u4e2d\u53ef\u4ee5\u770b\u5230 fork \u8fc7\u6765\u7684\u4ed3\u5e93\u3002\u8fdb\u5165\u81ea\u5df1\u5e10\u53f7\u4e2d\u7684\u4ed3\u5e93\uff0c\u53ef\u901a\u8fc7\u70b9\u51fb\u5982\u4e0b\u6846\u8d77\u4f4d\u7f6e\uff0c\u53ef\u8fdb\u5165\u539f\u4ed3\u5e93\u3002 \u539f\u4ed3\u5e93\u4e2d\u53ef\u4ee5\u770b\u5230\u81ea\u52a8\u63d0\u4ea4\u7684 pr\u3002Pr \u4e2d\u53ef\u4ee5\u770b\u5230 openeuler-ci-bot \u7684\u8bc4\u8bba\uff1a openEuler \u5728 gitee \u4e0a\u6258\u7ba1\u7684\u4ee3\u7801\uff0c\u63d0\u4ea4 pr \u4f1a\u81ea\u52a8\u89e6\u53d1\u95e8\u7981\u3002\u672c\u5730\u6784\u5efa\u901a\u8fc7\u7684\uff0c\u4e5f\u6709\u53ef\u80fd\u5728\u95e8\u7981\u68c0\u67e5\u4e2d\u6784\u5efa\u5931\u8d25\u3002\u6bd4\u5982\u4e0a\u56fe\u4e2d\u6b64\u6b21\u63d0\u4ea4\u4fbf\u6784\u5efa\u5931\u8d25\uff0c\u53ef\u4ee5\u70b9\u51fb\u6846\u8d77\u90e8\u5206\uff0c\u67e5\u770b\u5bf9\u5e94\u67b6\u6784\u7684 build details\u3002 \u6b64\u65f6\u53ef\u4ee5\u6839\u636e build details \u4e2d\u65e5\u5fd7\u4e2d\u62a5\u9519\u4fe1\u606f\uff0c\u5bf9\u672c\u5730 spec \u8fdb\u884c\u4fee\u6539\uff0c\u800c\u540e\u518d\u6b21\u6267\u884c\uff1a oos spec push --name python-pyrsistent --version 0.18.1 -dp -rs \u7ebf\u4e0a\u4f1a\u81ea\u52a8\u91cd\u65b0\u6267\u884c\u6d4b\u8bd5\u3002 \u95e8\u7981\u8be6\u7ec6\u4fe1\u606f\u53ca\u5404\u9879\u7ed3\u679c\u542b\u4e49\u53c2\u8003\u793e\u533a\u7684 \u300a\u95e8\u7981\u529f\u80fd\u6307\u5bfc\u624b\u518c\u300b \u3002","title":"PR \u95e8\u7981\u68c0\u67e5"},{"location":"contribute/rpm-packaging-reference/#pr_1","text":"\u5f53\u4e00\u4e2a pr \u901a\u8fc7\u95e8\u7981\u68c0\u67e5\u540e\uff0c\u9700\u8981\u7531\u8f6f\u4ef6\u4ed3\u5e93\u6240\u5c5e SIG \u7684 maintainer \u8fdb\u884c review\u3002\u4e3a\u4e86\u52a0\u901f\u8fdb\u7a0b\uff0c\u95e8\u7981\u901a\u8fc7\u540e\uff0c\u53ef\u4ee5\u624b\u52a8 @ \u5bf9\u5e94\u7684 maintainer\uff0c\u8bf7\u6c42\u5e2e\u5fd9\u68c0\u89c6\u3002\u5728 pr \u63d0\u4ea4\u540e\uff0copeneuler-ci-bot \u4f1a\u6709\u5982\u4e0b\u56fe\u6240\u793a\u8bc4\u8bba\uff0c\u5176\u4e2d\u88ab @ \u7684\u4eba\u5373\u4e3a\u5f53\u524d\u4ed3\u5e93\u6240\u5c5e SIG \u7684 maintainer\u3002","title":"PR \u68c0\u89c6"},{"location":"contribute/rpm-packaging-reference/#_2","text":"\u8fd9\u91cc\u5bf9\u4e00\u4e9b\u53ef\u80fd\u9047\u5230\u7684\u7279\u6b8a\u95ee\u9898\u8fdb\u884c\u8bb0\u5f55\u3002","title":"\u6ce8\u610f\u4e8b\u9879"},{"location":"contribute/rpm-packaging-reference/#_3","text":"oos \u81ea\u52a8\u751f\u6210\u7684 spec \u6587\u4ef6\u4e2d\uff0c%check \u90e8\u5206\u9ed8\u8ba4\u4e3a %{__python3} setup.py test \u3002\u4f46\u662f\u5728\u6709\u4e9b\u5305\u4e2d\uff0c\u8fd9\u6837\u5e76\u4e0d\u4f1a\u771f\u6b63\u6267\u884c\u6d4b\u8bd5\uff0c\u4f46\u95e8\u7981\u7ed3\u679c\u4e5f\u663e\u793a\u901a\u8fc7\u3002\u9700\u8981\u5f00\u53d1\u8005\u4eba\u5de5\u8fa8\u522b\u3002\u53c2\u8003\u65b9\u6cd5\u5982\u4e0b\uff1a \u5982\u679c\u662f\u6b64\u524d\u5df2\u6709 spec \u6587\u4ef6\uff0c\u53ef\u4ee5\u53c2\u8003\u4e4b\u524d\u7684 spec \u4e2d %check \u90e8\u5206\u5982\u4f55\u4e66\u5199\u3002\u5982\u679c\u4ee5\u524d\u5199\u7684\u4e0d\u662f %{__python3} setup.py test \uff0c\u4fbf\u9700\u8981\u91cd\u70b9\u6ce8\u610f\u3002 \u8fdb\u5165\u95e8\u7981\u7684 build details(\u53c2\u89c1\u4e0a\u6587\u201cPR \u95e8\u7981\u68c0\u67e5\u201d\u90e8\u5206)\uff0c\u67e5\u770b\u6784\u5efa\u65e5\u5fd7\u7684 %check \u90e8\u5206\u3002\u4e0b\u56fe\u4e3a\u8fdb\u5165 build details\uff0c\u7136\u540e\u9009\u62e9\u201c\u6587\u672c\u65b9\u5f0f\u67e5\u770b\u201d\u7684\u65e5\u5fd7\u663e\u793a\u622a\u56fe\u3002\u53ef\u4ee5\u770b\u5230\u663e\u793a\u5b9e\u9645\u8fd0\u884c\u6d4b\u8bd5\u6570\u4e3a0\u3002","title":"\u6d4b\u8bd5\u672a\u6267\u884c\u95ee\u9898"},{"location":"contribute/rpm-packaging-reference/#_4","text":"\u5c0f\u90e8\u5206\u8f6f\u4ef6\u5305\u53ef\u80fd\u4f1a\u78b0\u5230\uff0coos \u81ea\u52a8\u751f\u6210\u7684 spec \u6240\u4f7f\u7528\u7684\u7684\u5305\u540d\u4e0e\u73b0\u6709\u5305\u540d\u4e0d\u4e00\u81f4\u3002\u6bd4\u5982\u4e00\u4e2a\u4f7f\u7528 - ,\u4e00\u4e2a\u4f7f\u7528\u4e0b\u5212\u7ebf _ \u3002\u6b64\u5904\u4ee5\u539f\u672c\u4f7f\u7528\u7684\u5305\u540d\u4e3a\u51c6\uff0c\u4e0d\u4fee\u6539\u539f\u6709\u5305\u540d\u3002 \u4f5c\u4e3a\u4e34\u65f6\u7684\u5904\u7406\uff0c\u5f00\u53d1\u8005\u53ef\u4ee5\u624b\u52a8\u5c06 spec \u6587\u4ef6\u76f8\u5173\u5730\u65b9\u6539\u4e3a\u539f\u6709\u5305\u540d\u3002\u4e0e\u6b64\u540c\u65f6\uff0coos \u62e5\u6709 mapping \u4fee\u6b63\u529f\u80fd\uff0c\u5f00\u53d1\u8005\u53ef\u4ee5\u63d0\u4ea4 issue\uff0cSIG \u5c06\u5728 oos \u4e2d\u8fdb\u884c\u4fee\u590d\u3002","title":"\u5305\u540d\u4e0d\u4e00\u81f4\u95ee\u9898"},{"location":"install/devstack/","text":"\u4f7f\u7528Devstack\u5b89\u88c5OpenStack \u00b6 \u4f7f\u7528Devstack\u5b89\u88c5OpenStack \u5b89\u88c5\u6b65\u9aa4 \u76ee\u524dOpenStack\u539f\u751fDevstack\u9879\u76ee\u5df2\u7ecf\u652f\u6301\u5728openEuler\u4e0a\u5b89\u88c5OpenStack\uff0c\u5176\u4e2dopenEuler 20.03 LTS SP2\u5df2\u7ecf\u8fc7\u9a8c\u8bc1\uff0c\u5e76\u4e14\u6709\u4e0a\u6e38\u5b98\u65b9CI\u4fdd\u8bc1\u8d28\u91cf\u3002\u5176\u4ed6\u7248\u672c\u7684openEuler\u9700\u8981\u7528\u6237\u81ea\u884c\u6d4b\u8bd5(2022-04-25 openEuler master\u5206\u652f\u5df2\u9a8c\u8bc1)\u3002 \u5b89\u88c5\u6b65\u9aa4 \u00b6 \u51c6\u5907\u4e00\u4e2aopenEuler\u73af\u5883, 20.03 LTS SP2 \u865a\u62df\u673a\u955c\u50cf\u5730\u5740 , master \u865a\u62df\u673a\u955c\u50cf\u5730\u5740 \u914d\u7f6eyum\u6e90 openEuler 20.03 LTS SP2 \uff1a openEuler\u5b98\u65b9\u6e90\u4e2d\u7f3a\u5c11\u4e86\u4e00\u4e9bOpenStack\u9700\u8981\u7684RPM\u5305\uff0c\u56e0\u6b64\u9700\u8981\u5148\u914d\u4e0aOpenStack SIG\u5728oepkg\u4e2d\u51c6\u5907\u597d\u7684RPM\u6e90 vi /etc/yum.repos.d/openeuler.repo [openstack] name=openstack baseurl=https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP2/budding-openeuler/openstack-master-ci/aarch64/ enabled=1 gpgcheck=0 openEuler master : \u4f7f\u7528master\u7684RPM\u6e90: vi /etc/yum.repos.d/openeuler.repo [mainline] name=mainline baseurl=http://119.3.219.20:82/openEuler:/Mainline/standard_aarch64/ gpgcheck=false [epol] name=epol baseurl=http://119.3.219.20:82/openEuler:/Epol/standard_aarch64/ gpgcheck=false \u524d\u671f\u51c6\u5907 openEuler 20.03 LTS SP2 \uff1a \u5728\u4e00\u4e9b\u7248\u672c\u7684openEuler\u5b98\u65b9\u955c\u50cf\u7684\u9ed8\u8ba4\u6e90\u4e2d\uff0cEPOL-update\u7684URL\u53ef\u80fd\u914d\u7f6e\u4e0d\u6b63\u786e\uff0c\u9700\u8981\u4fee\u6539 vi /etc/yum.repos.d/openEuler.repo # \u628a[EPOL-UPDATE]URL\u6539\u6210 baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP2/EPOL/update/main/$basearch/ openEuler master : yum remove python3-pip # \u7cfb\u7edf\u7684pip\u4e0edevstack pip\u51b2\u7a81\uff0c\u9700\u8981\u5148\u5220\u9664 # master\u7684\u865a\u673a\u73af\u5883\u7f3a\u5c11\u4e86\u4e00\u4e9b\u4f9d\u8d56\uff0cdevstack\u4e0d\u4f1a\u81ea\u52a8\u5b89\u88c5\uff0c\u9700\u8981\u624b\u52a8\u5b89\u88c5 yum install iptables tar wget python3-devel httpd-devel iscsi-initiator-utils libvirt python3-libvirt qemu memcached \u4e0b\u8f7ddevstack yum update yum install git cd /opt/ git clone https://opendev.org/openstack/devstack.git \u521d\u59cb\u5316devstack\u73af\u5883\u914d\u7f6e # \u521b\u5efastack\u7528\u6237 /opt/devstack/tools/create-stack-user.sh # \u4fee\u6539\u76ee\u5f55\u6743\u9650 chown -R stack:stack /opt/devstack chmod -R 755 /opt/devstack chmod -R 755 /opt/stack # \u5207\u6362\u5230\u8981\u90e8\u7f72\u7684openstack\u7248\u672c\u5206\u652f\uff0c\u4ee5yoga\u4e3a\u4f8b\uff0c\u4e0d\u5207\u6362\u7684\u8bdd\uff0c\u9ed8\u8ba4\u5b89\u88c5\u7684\u662fmaster\u7248\u672c\u7684openstack git checkout stable/yoga \u521d\u59cb\u5316devstack\u914d\u7f6e\u6587\u4ef6 \u5207\u6362\u5230stack\u7528\u6237 su stack \u6b64\u65f6\uff0c\u8bf7\u786e\u8ba4stack\u7528\u6237\u7684PATH\u73af\u5883\u53d8\u91cf\u662f\u5426\u5305\u542b\u4e86`/usr/sbin`\uff0c\u5982\u679c\u6ca1\u6709\uff0c\u5219\u9700\u8981\u6267\u884c PATH=$PATH:/usr/sbin \u65b0\u589e\u914d\u7f6e\u6587\u4ef6 vi /opt/devstack/local.conf [[local|localrc]] DATABASE_PASSWORD=root RABBIT_PASSWORD=root SERVICE_PASSWORD=root ADMIN_PASSWORD=root OVN_BUILD_FROM_SOURCE=True openEuler\u6ca1\u6709\u63d0\u4f9bOVN\u7684RPM\u8f6f\u4ef6\u5305\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6e OVN_BUILD_FROM_SOURCE=True , \u4ece\u6e90\u7801\u7f16\u8bd1OVN \u53e6\u5916\u5982\u679c\u4f7f\u7528\u7684\u662farm64\u865a\u62df\u673a\u73af\u5883\uff0c\u5219\u9700\u8981\u914d\u7f6elibvirt\u5d4c\u5957\u865a\u62df\u5316\uff0c\u5728 local.conf \u4e2d\u8ffd\u52a0\u5982\u4e0b\u914d\u7f6e\uff1a [[post-config|$NOVA_CONF]] [libvirt] cpu_mode=custom cpu_model=cortex-a72 \u5982\u679c\u5b89\u88c5Ironic\uff0c\u9700\u8981\u63d0\u524d\u5b89\u88c5\u4f9d\u8d56\uff1a sudo dnf install syslinux-nonlinux openEuler master\u7684\u7279\u6b8a\u914d\u7f6e \uff1a \u7531\u4e8edevstack\u8fd8\u6ca1\u6709\u9002\u914d\u6700\u65b0\u7684openEuler\uff0c\u6211\u4eec\u9700\u8981\u624b\u52a8\u4fee\u590d\u4e00\u4e9b\u95ee\u9898\uff1a \u4fee\u6539devstack\u6e90\u7801 vi /opt/devstack/tools/fixup_stuff.sh \u628afixup_openeuler\u65b9\u6cd5\u4e2d\u7684\u6240\u6709echo\u8bed\u53e5\u5220\u6389 (echo '[openstack-ci]' echo 'name=openstack' echo 'baseurl=https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP2/budding-openeuler/openstack-master-ci/'$arch'/' echo 'enabled=1' echo 'gpgcheck=0') | sudo tee -a /etc/yum.repos.d/openstack-master.repo > /dev/null 2. \u4fee\u6539requirements\u6e90\u7801 Yoga\u7248keystone\u7684\u4f9d\u8d56 setproctitle \u7684devstack\u9ed8\u8ba4\u7248\u672c\u4e0d\u652f\u6301python3.10\uff0c\u9700\u8981\u5347\u7ea7\uff0c\u624b\u52a8\u4e0b\u8f7drequirements\u9879\u76ee\u5e76\u4fee\u6539 cd /opt/stack git clone https://opendev.org/openstack/requirements --branch stable/yoga vi /opt/stack/requirements/upper-constraints.txt setproctitle===1.2.3 OpenStack horizon\u6709BUG\uff0c\u65e0\u6cd5\u6b63\u5e38\u5b89\u88c5\u3002\u8fd9\u91cc\u6211\u4eec\u6682\u65f6\u4e0d\u5b89\u88c5horizon\uff0c\u4fee\u6539 local.conf \uff0c\u65b0\u589e\u4e00\u884c\uff1a [[local|localrc]] disable_service horizon \u5982\u679c\u786e\u5b9e\u6709\u5bf9horizon\u7684\u9700\u6c42\uff0c\u5219\u9700\u8981\u89e3\u51b3\u4ee5\u4e0b\u95ee\u9898\uff1a # 1. horizon\u4f9d\u8d56\u7684pyScss\u9ed8\u8ba4\u4e3a1.3.7\u7248\u672c\uff0c\u4e0d\u652f\u6301python3.10 # \u89e3\u51b3\u65b9\u6cd5\uff1a\u9700\u8981\u63d0\u524dclone`requirements`\u9879\u76ee\u5e76\u4fee\u6539\u4ee3\u7801 vi /opt/stack/requirements/upper-constraints.txt pyScss===1.4.0 # 2. horizon\u4f9d\u8d56httpd\u7684mod_wsgi\u63d2\u4ef6\uff0c\u4f46\u76ee\u524dopenEuler\u7684mod_wsgi\u6784\u5efa\u5f02\u5e38\uff082022-04-25\uff09\uff08\u89e3\u51b3\u540eyum install mod_wsgi\u5373\u53ef\uff09\uff0c\u65e0\u6cd5\u4eceyum\u5b89\u88c5 # \u89e3\u51b3\u65b9\u6cd5\uff1a\u624b\u52a8\u6e90\u7801build mod_wsgi\u5e76\u914d\u7f6e\uff0c\u8be5\u8fc7\u7a0b\u8f83\u590d\u6742\uff0c\u8fd9\u91cc\u7565\u8fc7 dstat\u670d\u52a1\u4f9d\u8d56\u7684 pcp-system-tools \u6784\u5efa\u5f02\u5e38\uff082022-04-25\uff09\uff08\u89e3\u51b3\u540eyum install pcp-system-tools\u5373\u53ef\uff09\uff0c\u65e0\u6cd5\u4eceyum\u5b89\u88c5\uff0c\u6682\u65f6\u5148\u4e0d\u5b89\u88c5dstat [[local|localrc]] disable_service dstat \u90e8\u7f72OpenStack \u8fdb\u5165devstack\u76ee\u5f55\uff0c\u6267\u884c ./stack.sh \uff0c\u7b49\u5f85OpenStack\u5b8c\u6210\u5b89\u88c5\u90e8\u7f72\u3002","title":"devstack"},{"location":"install/devstack/#devstackopenstack","text":"\u4f7f\u7528Devstack\u5b89\u88c5OpenStack \u5b89\u88c5\u6b65\u9aa4 \u76ee\u524dOpenStack\u539f\u751fDevstack\u9879\u76ee\u5df2\u7ecf\u652f\u6301\u5728openEuler\u4e0a\u5b89\u88c5OpenStack\uff0c\u5176\u4e2dopenEuler 20.03 LTS SP2\u5df2\u7ecf\u8fc7\u9a8c\u8bc1\uff0c\u5e76\u4e14\u6709\u4e0a\u6e38\u5b98\u65b9CI\u4fdd\u8bc1\u8d28\u91cf\u3002\u5176\u4ed6\u7248\u672c\u7684openEuler\u9700\u8981\u7528\u6237\u81ea\u884c\u6d4b\u8bd5(2022-04-25 openEuler master\u5206\u652f\u5df2\u9a8c\u8bc1)\u3002","title":"\u4f7f\u7528Devstack\u5b89\u88c5OpenStack"},{"location":"install/devstack/#_1","text":"\u51c6\u5907\u4e00\u4e2aopenEuler\u73af\u5883, 20.03 LTS SP2 \u865a\u62df\u673a\u955c\u50cf\u5730\u5740 , master \u865a\u62df\u673a\u955c\u50cf\u5730\u5740 \u914d\u7f6eyum\u6e90 openEuler 20.03 LTS SP2 \uff1a openEuler\u5b98\u65b9\u6e90\u4e2d\u7f3a\u5c11\u4e86\u4e00\u4e9bOpenStack\u9700\u8981\u7684RPM\u5305\uff0c\u56e0\u6b64\u9700\u8981\u5148\u914d\u4e0aOpenStack SIG\u5728oepkg\u4e2d\u51c6\u5907\u597d\u7684RPM\u6e90 vi /etc/yum.repos.d/openeuler.repo [openstack] name=openstack baseurl=https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP2/budding-openeuler/openstack-master-ci/aarch64/ enabled=1 gpgcheck=0 openEuler master : \u4f7f\u7528master\u7684RPM\u6e90: vi /etc/yum.repos.d/openeuler.repo [mainline] name=mainline baseurl=http://119.3.219.20:82/openEuler:/Mainline/standard_aarch64/ gpgcheck=false [epol] name=epol baseurl=http://119.3.219.20:82/openEuler:/Epol/standard_aarch64/ gpgcheck=false \u524d\u671f\u51c6\u5907 openEuler 20.03 LTS SP2 \uff1a \u5728\u4e00\u4e9b\u7248\u672c\u7684openEuler\u5b98\u65b9\u955c\u50cf\u7684\u9ed8\u8ba4\u6e90\u4e2d\uff0cEPOL-update\u7684URL\u53ef\u80fd\u914d\u7f6e\u4e0d\u6b63\u786e\uff0c\u9700\u8981\u4fee\u6539 vi /etc/yum.repos.d/openEuler.repo # \u628a[EPOL-UPDATE]URL\u6539\u6210 baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP2/EPOL/update/main/$basearch/ openEuler master : yum remove python3-pip # \u7cfb\u7edf\u7684pip\u4e0edevstack pip\u51b2\u7a81\uff0c\u9700\u8981\u5148\u5220\u9664 # master\u7684\u865a\u673a\u73af\u5883\u7f3a\u5c11\u4e86\u4e00\u4e9b\u4f9d\u8d56\uff0cdevstack\u4e0d\u4f1a\u81ea\u52a8\u5b89\u88c5\uff0c\u9700\u8981\u624b\u52a8\u5b89\u88c5 yum install iptables tar wget python3-devel httpd-devel iscsi-initiator-utils libvirt python3-libvirt qemu memcached \u4e0b\u8f7ddevstack yum update yum install git cd /opt/ git clone https://opendev.org/openstack/devstack.git \u521d\u59cb\u5316devstack\u73af\u5883\u914d\u7f6e # \u521b\u5efastack\u7528\u6237 /opt/devstack/tools/create-stack-user.sh # \u4fee\u6539\u76ee\u5f55\u6743\u9650 chown -R stack:stack /opt/devstack chmod -R 755 /opt/devstack chmod -R 755 /opt/stack # \u5207\u6362\u5230\u8981\u90e8\u7f72\u7684openstack\u7248\u672c\u5206\u652f\uff0c\u4ee5yoga\u4e3a\u4f8b\uff0c\u4e0d\u5207\u6362\u7684\u8bdd\uff0c\u9ed8\u8ba4\u5b89\u88c5\u7684\u662fmaster\u7248\u672c\u7684openstack git checkout stable/yoga \u521d\u59cb\u5316devstack\u914d\u7f6e\u6587\u4ef6 \u5207\u6362\u5230stack\u7528\u6237 su stack \u6b64\u65f6\uff0c\u8bf7\u786e\u8ba4stack\u7528\u6237\u7684PATH\u73af\u5883\u53d8\u91cf\u662f\u5426\u5305\u542b\u4e86`/usr/sbin`\uff0c\u5982\u679c\u6ca1\u6709\uff0c\u5219\u9700\u8981\u6267\u884c PATH=$PATH:/usr/sbin \u65b0\u589e\u914d\u7f6e\u6587\u4ef6 vi /opt/devstack/local.conf [[local|localrc]] DATABASE_PASSWORD=root RABBIT_PASSWORD=root SERVICE_PASSWORD=root ADMIN_PASSWORD=root OVN_BUILD_FROM_SOURCE=True openEuler\u6ca1\u6709\u63d0\u4f9bOVN\u7684RPM\u8f6f\u4ef6\u5305\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6e OVN_BUILD_FROM_SOURCE=True , \u4ece\u6e90\u7801\u7f16\u8bd1OVN \u53e6\u5916\u5982\u679c\u4f7f\u7528\u7684\u662farm64\u865a\u62df\u673a\u73af\u5883\uff0c\u5219\u9700\u8981\u914d\u7f6elibvirt\u5d4c\u5957\u865a\u62df\u5316\uff0c\u5728 local.conf \u4e2d\u8ffd\u52a0\u5982\u4e0b\u914d\u7f6e\uff1a [[post-config|$NOVA_CONF]] [libvirt] cpu_mode=custom cpu_model=cortex-a72 \u5982\u679c\u5b89\u88c5Ironic\uff0c\u9700\u8981\u63d0\u524d\u5b89\u88c5\u4f9d\u8d56\uff1a sudo dnf install syslinux-nonlinux openEuler master\u7684\u7279\u6b8a\u914d\u7f6e \uff1a \u7531\u4e8edevstack\u8fd8\u6ca1\u6709\u9002\u914d\u6700\u65b0\u7684openEuler\uff0c\u6211\u4eec\u9700\u8981\u624b\u52a8\u4fee\u590d\u4e00\u4e9b\u95ee\u9898\uff1a \u4fee\u6539devstack\u6e90\u7801 vi /opt/devstack/tools/fixup_stuff.sh \u628afixup_openeuler\u65b9\u6cd5\u4e2d\u7684\u6240\u6709echo\u8bed\u53e5\u5220\u6389 (echo '[openstack-ci]' echo 'name=openstack' echo 'baseurl=https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP2/budding-openeuler/openstack-master-ci/'$arch'/' echo 'enabled=1' echo 'gpgcheck=0') | sudo tee -a /etc/yum.repos.d/openstack-master.repo > /dev/null 2. \u4fee\u6539requirements\u6e90\u7801 Yoga\u7248keystone\u7684\u4f9d\u8d56 setproctitle \u7684devstack\u9ed8\u8ba4\u7248\u672c\u4e0d\u652f\u6301python3.10\uff0c\u9700\u8981\u5347\u7ea7\uff0c\u624b\u52a8\u4e0b\u8f7drequirements\u9879\u76ee\u5e76\u4fee\u6539 cd /opt/stack git clone https://opendev.org/openstack/requirements --branch stable/yoga vi /opt/stack/requirements/upper-constraints.txt setproctitle===1.2.3 OpenStack horizon\u6709BUG\uff0c\u65e0\u6cd5\u6b63\u5e38\u5b89\u88c5\u3002\u8fd9\u91cc\u6211\u4eec\u6682\u65f6\u4e0d\u5b89\u88c5horizon\uff0c\u4fee\u6539 local.conf \uff0c\u65b0\u589e\u4e00\u884c\uff1a [[local|localrc]] disable_service horizon \u5982\u679c\u786e\u5b9e\u6709\u5bf9horizon\u7684\u9700\u6c42\uff0c\u5219\u9700\u8981\u89e3\u51b3\u4ee5\u4e0b\u95ee\u9898\uff1a # 1. horizon\u4f9d\u8d56\u7684pyScss\u9ed8\u8ba4\u4e3a1.3.7\u7248\u672c\uff0c\u4e0d\u652f\u6301python3.10 # \u89e3\u51b3\u65b9\u6cd5\uff1a\u9700\u8981\u63d0\u524dclone`requirements`\u9879\u76ee\u5e76\u4fee\u6539\u4ee3\u7801 vi /opt/stack/requirements/upper-constraints.txt pyScss===1.4.0 # 2. horizon\u4f9d\u8d56httpd\u7684mod_wsgi\u63d2\u4ef6\uff0c\u4f46\u76ee\u524dopenEuler\u7684mod_wsgi\u6784\u5efa\u5f02\u5e38\uff082022-04-25\uff09\uff08\u89e3\u51b3\u540eyum install mod_wsgi\u5373\u53ef\uff09\uff0c\u65e0\u6cd5\u4eceyum\u5b89\u88c5 # \u89e3\u51b3\u65b9\u6cd5\uff1a\u624b\u52a8\u6e90\u7801build mod_wsgi\u5e76\u914d\u7f6e\uff0c\u8be5\u8fc7\u7a0b\u8f83\u590d\u6742\uff0c\u8fd9\u91cc\u7565\u8fc7 dstat\u670d\u52a1\u4f9d\u8d56\u7684 pcp-system-tools \u6784\u5efa\u5f02\u5e38\uff082022-04-25\uff09\uff08\u89e3\u51b3\u540eyum install pcp-system-tools\u5373\u53ef\uff09\uff0c\u65e0\u6cd5\u4eceyum\u5b89\u88c5\uff0c\u6682\u65f6\u5148\u4e0d\u5b89\u88c5dstat [[local|localrc]] disable_service dstat \u90e8\u7f72OpenStack \u8fdb\u5165devstack\u76ee\u5f55\uff0c\u6267\u884c ./stack.sh \uff0c\u7b49\u5f85OpenStack\u5b8c\u6210\u5b89\u88c5\u90e8\u7f72\u3002","title":"\u5b89\u88c5\u6b65\u9aa4"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-queens/","text":"OpenStack-Queens \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack-Queens \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 OpenStack \u7b80\u4ecb \u00b6 OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 20.03-LTS-SP2 \u7248\u672c\u5b98\u65b9\u8ba4\u8bc1\u7684\u7b2c\u4e09\u65b9oepkg yum \u6e90\u5df2\u7ecf\u652f\u6301 Openstack-Queens \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597doepkg yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002 \u7ea6\u5b9a \u00b6 Openstack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron \u51c6\u5907\u73af\u5883 \u00b6 \u73af\u5883\u914d\u7f6e \u00b6 \u914d\u7f6e 20.03-LTS-SP2 \u5b98\u65b9\u8ba4\u8bc1\u7684\u7b2c\u4e09\u65b9\u6e90 oepkg cat << EOF >> /etc/yum.repos.d/OpenStack_Queens.repo [openstack_queens] name=OpenStack_Queens baseurl=https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP2/budding-openeuler/openstack/queens/$basearch/ gpgcheck=0 enabled=1 EOF yum clean all && yum makecache \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute \u5b89\u88c5 SQL DataBase \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python2-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef \u5b89\u88c5 RabbitMQ \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5 Memcached \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python2-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u5b89\u88c5 OpenStack \u00b6 Keystone \u5b89\u88c5 \u00b6 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd python2-mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython2-openstackclient\uff1a yum install python2-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ vim /etc/glance/glance-registry.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service openstack-glance-registry.service systemctl start openstack-glance-api.service openstack-glance-registry.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7darm64\u7248\u672c\u7684\u955c\u50cf \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Nova \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CPT) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CPT) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTP) openstack role add --project service --user nova admin (CPT) openstack service create --name nova --description \"OpenStack Compute\" compute (CPT) \u521b\u5efaplacement\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt placement (CPT) openstack role add --project service --user placement admin (CPT) openstack service create --name placement --description \"Placement API\" placement (CPT) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CPT) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CPT) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CPT) \u521b\u5efaplacement API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 (CPT) openstack endpoint create --region RegionOne placement internal http://controller:8778 (CPT) openstack endpoint create --region RegionOne placement admin http://controller:8778 (CPT) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor openstack-nova-console \\ openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api (CTL) yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [libvirt] virt_type = qemu (CPT) cpu_mode = custom (CPT) cpu_model = cortex-a7 (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u5e10\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u624b\u52a8\u589e\u52a0Placement API\u63a5\u5165\u914d\u7f6e\u3002 vim /etc/httpd/conf.d/00-nova-placement-api.conf (CTL) <Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory> \u91cd\u542fhttpd\u670d\u52a1\uff1a systemctl restart httpd (CTL) \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF chown nova:nova /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd (CPT) ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd (CPT) vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] (CPT) \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-consoleauth.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-consoleauth.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u548cplacement API\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL) Neutron \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge-agent ebtables ipset \\ (CTL) openstack-neutron-l3-agent openstack-neutron-dhcp-agent \\ openstack-neutron-metadata-agent yum install openstack-neutron-linuxbridge-agent ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u5e10\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini (CTL) [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable openstack-neutron-server.service \\ (CTL) openstack-neutron-linuxbridge-agent.service openstack-neutron-dhcp-agent.service \\ openstack-neutron-metadata-agent.service openstack-neutron-l3-agent.service systemctl restart openstack-nova-api.service openstack-neutron-server.service (CTL) openstack-neutron-linuxbridge-agent.service openstack-neutron-dhcp-agent.service \\ openstack-neutron-metadata-agent.service openstack-neutron-l3-agent.service systemctl enable openstack-neutron-linuxbridge-agent.service (CPT) systemctl restart openstack-neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u5217\u51fa\u4ee3\u7406\u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list Cinder \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (CPT) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (CPT) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (CPT) backup_share=HOST:PATH (CPT) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (CPT) volume_group = cinder-volumes (CPT) iscsi_protocol = iscsi (CPT) iscsi_helper = tgtadm (CPT) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u5e10\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS\u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (CPT) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (CPT) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list horizon \u5b89\u88c5 \u00b6 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings ALLOWED_HOSTS = ['*', ] OPENSTACK_HOST = \"controller\" OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740 Tempest \u5b89\u88c5 \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run Ironic \u5b89\u88c5 \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://172.20.19.13:5050/v1 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenstack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenstack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenstack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenstack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenstack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728Openstack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeopenstack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u7f3a\u7701\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector 3\u3001\u914d\u7f6e\u6d88\u606f\u5ea6\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 4\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD 5\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 6\u3001\u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service deploy ramdisk\u955c\u50cf\u5236\u4f5c Q\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528Q\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 Kolla \u5b89\u88c5 \u00b6 Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 20.03 LTS SP2\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002 Trove \u5b89\u88c5 \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s \u89e3\u91ca\uff1a $TROVE_NODE \u66ff\u6362\u4e3aTrove\u7684API\u670d\u52a1\u90e8\u7f72\u8282\u70b9 \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 ```shell script yum install openstack-trove python-troveclient 2. \u914d\u7f6e`trove.conf` ```shell script vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove auth_strategy = keystone # Config option for showing the IP address that nova doles out add_addresses = True network_label_regex = ^NETWORK_LABEL$ api_paste_config = /etc/trove/api-paste.ini trove_auth_url = http://controller:35357/v3/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASS nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/v3/ auth_url=http://controller:35357/v3/ #auth_uri = http://controller/identity #auth_url = http://controller/identity_admin auth_type = password project_domain_name = default user_domain_name = default project_name = service username = trove password = TROVE_PASS \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 \u914d\u7f6e trove-taskmanager.conf ```shell script vim /etc/trove/trove-taskmanager.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller/identity/v2.0 nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove **\u89e3\u91ca\uff1a** \u53c2\u7167`trove.conf`\u914d\u7f6e 4. \u914d\u7f6e`trove-conductor.conf` ```shell script vim /etc/trove/trove-conductor.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller/identity/v2.0 nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:trove@controller/trove \u89e3\u91ca\uff1a \u53c2\u7167 trove.conf \u914d\u7f6e \u914d\u7f6e trove-guestagent.conf ```shell script vim /etc/trove/trove-guestagent.conf [DEFAULT] rabbit_host = controller rabbit_password = RABBIT_PASS nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASS nova_proxy_admin_tenant_name = service trove_auth_url = http://controller/identity_admin/v2.0 **\u89e3\u91ca\uff1a** `guestagent`\u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 6. \u751f\u6210\u6570\u636e`Trove`\u6570\u636e\u5e93\u8868 ```shell script su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 ```shell script systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2. \u542f\u52a8\u670d\u52a1 ```shell script systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"openEuler-20.03-LTS-SP2_Queens"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-queens/#openstack-queens","text":"OpenStack-Queens \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5","title":"OpenStack-Queens \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-queens/#openstack","text":"OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 20.03-LTS-SP2 \u7248\u672c\u5b98\u65b9\u8ba4\u8bc1\u7684\u7b2c\u4e09\u65b9oepkg yum \u6e90\u5df2\u7ecf\u652f\u6301 Openstack-Queens \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597doepkg yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002","title":"OpenStack \u7b80\u4ecb"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-queens/#_1","text":"Openstack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron","title":"\u7ea6\u5b9a"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-queens/#_2","text":"","title":"\u51c6\u5907\u73af\u5883"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-queens/#_3","text":"\u914d\u7f6e 20.03-LTS-SP2 \u5b98\u65b9\u8ba4\u8bc1\u7684\u7b2c\u4e09\u65b9\u6e90 oepkg cat << EOF >> /etc/yum.repos.d/OpenStack_Queens.repo [openstack_queens] name=OpenStack_Queens baseurl=https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP2/budding-openeuler/openstack/queens/$basearch/ gpgcheck=0 enabled=1 EOF yum clean all && yum makecache \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute","title":"\u73af\u5883\u914d\u7f6e"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-queens/#sql-database","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python2-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef","title":"\u5b89\u88c5 SQL DataBase"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-queens/#rabbitmq","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5 RabbitMQ"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-queens/#memcached","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python2-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002","title":"\u5b89\u88c5 Memcached"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-queens/#openstack_1","text":"","title":"\u5b89\u88c5 OpenStack"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-queens/#keystone","text":"\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd python2-mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython2-openstackclient\uff1a yum install python2-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-queens/#glance","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ vim /etc/glance/glance-registry.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service openstack-glance-registry.service systemctl start openstack-glance-api.service openstack-glance-registry.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7darm64\u7248\u672c\u7684\u955c\u50cf \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-queens/#nova","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CPT) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CPT) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTP) openstack role add --project service --user nova admin (CPT) openstack service create --name nova --description \"OpenStack Compute\" compute (CPT) \u521b\u5efaplacement\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt placement (CPT) openstack role add --project service --user placement admin (CPT) openstack service create --name placement --description \"Placement API\" placement (CPT) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CPT) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CPT) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CPT) \u521b\u5efaplacement API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 (CPT) openstack endpoint create --region RegionOne placement internal http://controller:8778 (CPT) openstack endpoint create --region RegionOne placement admin http://controller:8778 (CPT) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor openstack-nova-console \\ openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api (CTL) yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [libvirt] virt_type = qemu (CPT) cpu_mode = custom (CPT) cpu_model = cortex-a7 (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u5e10\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u624b\u52a8\u589e\u52a0Placement API\u63a5\u5165\u914d\u7f6e\u3002 vim /etc/httpd/conf.d/00-nova-placement-api.conf (CTL) <Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory> \u91cd\u542fhttpd\u670d\u52a1\uff1a systemctl restart httpd (CTL) \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF chown nova:nova /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd (CPT) ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd (CPT) vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] (CPT) \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-consoleauth.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-consoleauth.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u548cplacement API\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL)","title":"Nova \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-queens/#neutron","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge-agent ebtables ipset \\ (CTL) openstack-neutron-l3-agent openstack-neutron-dhcp-agent \\ openstack-neutron-metadata-agent yum install openstack-neutron-linuxbridge-agent ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u5e10\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini (CTL) [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable openstack-neutron-server.service \\ (CTL) openstack-neutron-linuxbridge-agent.service openstack-neutron-dhcp-agent.service \\ openstack-neutron-metadata-agent.service openstack-neutron-l3-agent.service systemctl restart openstack-nova-api.service openstack-neutron-server.service (CTL) openstack-neutron-linuxbridge-agent.service openstack-neutron-dhcp-agent.service \\ openstack-neutron-metadata-agent.service openstack-neutron-l3-agent.service systemctl enable openstack-neutron-linuxbridge-agent.service (CPT) systemctl restart openstack-neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u5217\u51fa\u4ee3\u7406\u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list","title":"Neutron \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-queens/#cinder","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (CPT) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (CPT) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (CPT) backup_share=HOST:PATH (CPT) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (CPT) volume_group = cinder-volumes (CPT) iscsi_protocol = iscsi (CPT) iscsi_helper = tgtadm (CPT) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u5e10\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS\u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (CPT) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (CPT) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list","title":"Cinder \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-queens/#horizon","text":"\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings ALLOWED_HOSTS = ['*', ] OPENSTACK_HOST = \"controller\" OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740","title":"horizon \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-queens/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run","title":"Tempest \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-queens/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://172.20.19.13:5050/v1 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenstack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenstack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenstack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenstack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenstack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728Openstack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeopenstack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u7f3a\u7701\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector 3\u3001\u914d\u7f6e\u6d88\u606f\u5ea6\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 4\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD 5\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 6\u3001\u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service deploy ramdisk\u955c\u50cf\u5236\u4f5c Q\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528Q\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002","title":"Ironic \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-queens/#kolla","text":"Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 20.03 LTS SP2\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002","title":"Kolla \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-queens/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s \u89e3\u91ca\uff1a $TROVE_NODE \u66ff\u6362\u4e3aTrove\u7684API\u670d\u52a1\u90e8\u7f72\u8282\u70b9 \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 ```shell script yum install openstack-trove python-troveclient 2. \u914d\u7f6e`trove.conf` ```shell script vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove auth_strategy = keystone # Config option for showing the IP address that nova doles out add_addresses = True network_label_regex = ^NETWORK_LABEL$ api_paste_config = /etc/trove/api-paste.ini trove_auth_url = http://controller:35357/v3/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASS nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/v3/ auth_url=http://controller:35357/v3/ #auth_uri = http://controller/identity #auth_url = http://controller/identity_admin auth_type = password project_domain_name = default user_domain_name = default project_name = service username = trove password = TROVE_PASS \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 \u914d\u7f6e trove-taskmanager.conf ```shell script vim /etc/trove/trove-taskmanager.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller/identity/v2.0 nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove **\u89e3\u91ca\uff1a** \u53c2\u7167`trove.conf`\u914d\u7f6e 4. \u914d\u7f6e`trove-conductor.conf` ```shell script vim /etc/trove/trove-conductor.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller/identity/v2.0 nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:trove@controller/trove \u89e3\u91ca\uff1a \u53c2\u7167 trove.conf \u914d\u7f6e \u914d\u7f6e trove-guestagent.conf ```shell script vim /etc/trove/trove-guestagent.conf [DEFAULT] rabbit_host = controller rabbit_password = RABBIT_PASS nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASS nova_proxy_admin_tenant_name = service trove_auth_url = http://controller/identity_admin/v2.0 **\u89e3\u91ca\uff1a** `guestagent`\u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 6. \u751f\u6210\u6570\u636e`Trove`\u6570\u636e\u5e93\u8868 ```shell script su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 ```shell script systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2. \u542f\u52a8\u670d\u52a1 ```shell script systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/","text":"OpenStack-Rocky \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack-Rocky \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u51c6\u5907\u73af\u5883 OpenStack yum\u6e90\u914d\u7f6e \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 ... ... ... \u6ce8\u610f\uff1a\u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7darm64\u7248\u672c\u7684\u955c\u50cf\u3002 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 Horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 OpenStack \u7b80\u4ecb \u00b6 OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 20.03-LTS-SP2 \u7248\u672c\u5b98\u65b9\u8ba4\u8bc1\u7684\u7b2c\u4e09\u65b9oepkg yum \u6e90\u5df2\u7ecf\u652f\u6301 Openstack-Rocky \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597doepkg yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002 \u51c6\u5907\u73af\u5883 \u00b6 OpenStack yum\u6e90\u914d\u7f6e \u00b6 \u914d\u7f6e 20.03-LTS-SP2 \u5b98\u65b9\u8ba4\u8bc1\u7684\u7b2c\u4e09\u65b9\u6e90 oepkg\uff0c\u4ee5x86_64\u4e3a\u4f8b $ cat << EOF >> /etc/yum.repos.d/OpenStack_Rocky.repo [openstack_rocky] name=OpenStack_Rocky baseurl=https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP2/budding-openeuler/openstack/rocky/x86_64/ gpgcheck=0 enabled=1 EOF $ yum clean all && yum makecache \u73af\u5883\u914d\u7f6e \u00b6 \u5728 /etc/hosts \u4e2d\u6dfb\u52a0controller\u4fe1\u606f\uff0c\u4f8b\u5982\u8282\u70b9IP\u662f 10.0.0.11 \uff0c\u5219\u65b0\u589e\uff1a 10.0.0.11 controller \u5b89\u88c5 SQL DataBase \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 $ yum install mariadb mariadb-server python2-PyMySQL 2. \u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 \u590d\u5236\u5982\u4e0b\u5185\u5bb9\u5230\u6587\u4ef6\uff0c\u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a $ systemctl enable mariadb.service $ systemctl start mariadb.service \u5b89\u88c5 RabbitMQ \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 $ yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 $ systemctl enable rabbitmq-server.service $ systemctl start rabbitmq-server.service 3. \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 $ rabbitmqctl add_user openstack RABBIT_PASS 4. \u66ff\u6362 RABBIT_PASS\uff0c\u4e3aOpenStack\u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a $ rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5 Memcached \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 $ yum install memcached python2-memcached 2. \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\uff0c\u6dfb\u52a0\u4ee5\u4e0b\u5185\u5bb9 OPTIONS=\"-l 127.0.0.1,::1,controller\" OPTIONS \u4fee\u6539\u4e3a\u5b9e\u9645\u73af\u5883\u4e2d\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 $ systemctl enable memcached.service $ systemctl start memcached.service \u5b89\u88c5 OpenStack \u00b6 Keystone \u5b89\u88c5 \u00b6 \u4ee5 root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u66ff\u6362 KEYSTONE_DBPASS\uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 $ yum install openstack-keystone httpd python2-mod_wsgi \u914d\u7f6ekeystone\uff0c\u7f16\u8f91 /etc/keystone/keystone.conf \u6587\u4ef6\u3002\u5728[database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\u3002\u5728[token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u66ff\u6362KEYSTONE_DBPASS\u4e3aKeystone\u6570\u636e\u5e93\u7684\u5bc6\u7801 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 $ keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone $ keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8\u8eab\u4efd\u670d\u52a1\u3002 $ keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u66ff\u6362 ADMIN_PASS\uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801\u3002 \u7f16\u8f91 /etc/httpd/conf/httpd.conf \u6587\u4ef6\uff0c\u914d\u7f6eApache HTTP server $ vim /etc/httpd/conf/httpd.conf \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9\uff0c\u5982\u4e0b\u6240\u793a\u3002 ServerName controller \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa\u3002 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u4e3a /usr/share/keystone/wsgi-keystone.conf \u6587\u4ef6\u521b\u5efa\u94fe\u63a5\u3002 $ ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u5b8c\u6210\u5b89\u88c5\uff0c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8Apache HTTP\u670d\u52a1\u3002 $ systemctl enable httpd.service $ systemctl start httpd.service \u5b89\u88c5OpenStackClient $ yum install python2-openstackclient \u521b\u5efa OpenStack client \u73af\u5883\u811a\u672c \u521b\u5efaadmin\u7528\u6237\u7684\u73af\u5883\u53d8\u91cf\u811a\u672c\uff1a # vim admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 \u66ff\u6362ADMIN_PASS\u4e3aadmin\u7528\u6237\u7684\u5bc6\u7801, \u4e0e\u4e0a\u8ff0 keystone-manage bootstrap \u547d\u4ee4\u4e2d\u8bbe\u7f6e\u7684\u5bc6\u7801\u4e00\u81f4 \u8fd0\u884c\u811a\u672c\u52a0\u8f7d\u73af\u5883\u53d8\u91cf\uff1a $ source admin-openrc \u5206\u522b\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efadomain, projects, users, roles\u3002 \u521b\u5efadomain \u2018example\u2019\uff1a $ openstack domain create --description \"An Example Domain\" example \u6ce8\uff1adomain \u2018default\u2019\u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa \u521b\u5efaproject \u2018service\u2019\uff1a $ openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project \u2019myproject\u2018\uff0cuser \u2019myuser\u2018 \u548c role \u2019myrole\u2018\uff0c\u4e3a\u2018myproject\u2019\u548c\u2018myuser\u2019\u6dfb\u52a0\u89d2\u8272\u2018myrole\u2019\uff1a $ openstack project create --domain default --description \"Demo Project\" myproject $ openstack user create --domain default --password-prompt myuser $ openstack role create myrole $ openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a $ unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a $ openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a $ openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4ee5 root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa glance \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u66ff\u6362 GLANCE_DBPASS\uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 $ source admin-openrc \u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff0c\u5206\u522b\u5b8c\u6210\u521b\u5efa glance \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efaglance\u7528\u6237\u548c\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018glance\u2019\u3002 $ openstack user create --domain default --password-prompt glance $ openstack role add --project service --user glance admin $ openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a $ openstack endpoint create --region RegionOne image public http://controller:9292 $ openstack endpoint create --region RegionOne image internal http://controller:9292 $ openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install openstack-glance \u914d\u7f6eglance\uff1a \u7f16\u8f91 /etc/glance/glance-api.conf \u6587\u4ef6\uff1a \u5728[database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 \u5728[glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e [database] # ... connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] # ... flavor = keystone [glance_store] # ... stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u7f16\u8f91 /etc/glance/glance-registry.conf \u6587\u4ef6\uff1a \u5728[database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 ```ini [database] ... \u00b6 connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] ... \u00b6 www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] ... \u00b6 flavor = keystone ``` \u5176\u4e2d\uff0c\u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u955c\u50cf\u670d\u52a1\uff1a $ systemctl enable openstack-glance-api.service openstack-glance-registry.service $ systemctl start openstack-glance-api.service openstack-glance-registry.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf ```shell $ source admin-openrc \u6ce8\u610f\uff1a\u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7darm64\u7248\u672c\u7684\u955c\u50cf\u3002 \u00b6 $ wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img ``` \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a shell $ glance image-create --name \"cirros\" --file cirros-0.4.0-x86_64-disk.img --disk-format qcow2 --container-format bare --visibility=public \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a shell $ glance image-list Nova \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3aroot\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efanova\u3001nova_api\u3001nova_cell0 \u6570\u636e\u5e93\u5e76\u6388\u6743 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u66ff\u6362NOVA_DBPASS\u53caPLACEMENT_DBPASS\uff0c\u4e3anova\u53caplacement\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b8c\u6210\u521b\u5efanova\u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efanova\u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018nova\u2019\u3002 $ . admin-openrc $ openstack user create --domain default --password-prompt nova $ openstack role add --project service --user nova admin $ openstack service create --name nova --description \"OpenStack Compute\" compute \u521b\u5efa\u8ba1\u7b97\u670d\u52a1API\u7aef\u70b9\uff1a $ openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 $ openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 $ openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 \u521b\u5efaplacement\u7528\u6237\u5e76\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\uff1a $ openstack user create --domain default --password-prompt placement $ openstack role add --project service --user placement admin \u521b\u5efaplacement\u670d\u52a1\u51ed\u8bc1\u53caAPI\u670d\u52a1\u7aef\u70b9\uff1a $ openstack service create --name placement --description \"Placement API\" placement $ openstack endpoint create --region RegionOne placement public http://controller:8778 $ openstack endpoint create --region RegionOne placement internal http://controller:8778 $ openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install openstack-nova-api openstack-nova-conductor \\ openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-compute \\ openstack-nova-placement-api openstack-nova-console \u914d\u7f6enova\uff1a \u7f16\u8f91 /etc/nova/nova.conf \u6587\u4ef6\uff1a \u5728[default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b \u5728[api_database] [database] [placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b \u5728[vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b \u5728[glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b \u5728[oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b \u5728[placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 [DEFAULT] # ... enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.11 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver = libvirt.LibvirtDriver instances_path = /var/lib/nova/instances/ [api_database] # ... connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api [database] # ... connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true # ... server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html [glance] # ... api_servers = http://controller:9292 [oslo_concurrency] # ... lock_path = /var/lib/nova/tmp [placement] # ... region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] # ... auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS \u66ff\u6362RABBIT_PASS\u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6emy_ip\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362NOVA_DBPASS\u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362PLACEMENT_DBPASS\u4e3aplacement\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362NOVA_PASS\u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362PLACEMENT_PASS\u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362NEUTRON_PASS\u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u7f16\u8f91 /etc/httpd/conf.d/00-nova-placement-api.conf \uff0c\u589e\u52a0Placement API\u63a5\u5165\u914d\u7f6e <Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory> \u91cd\u542fhttpd\u670d\u52a1\uff1a $ systemctl restart httpd \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"nova-manage api_db sync\" nova \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova \u521b\u5efacell1 cell\uff1a $ su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova \u540c\u6b65nova\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"nova-manage db sync\" nova \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a $ egrep -c '(vmx|svm)' /proc/cpuinfo \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a \u6ce8\u610f\uff1a \u5982\u679c\u662f\u5728ARM64\u7684\u670d\u52a1\u5668\u4e0a\uff0c\u8fd8\u9700\u8981\u5728\u914d\u7f6e cpu_mode \u4e3a custom , cpu_model \u4e3a cortex-a72 # vim /etc/nova/nova.conf [libvirt] # ... virt_type = qemu cpu_mode = custom cpu_model = cortex-a72 \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u5728 compute \u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd chown nova:nova /usr/share/AAVMF -R vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd\", \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw:/usr/share/edk2/aarch64/vars-template-pflash.raw\" ] \u542f\u52a8\u8ba1\u7b97\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u914d\u7f6e\u5176\u5f00\u673a\u542f\u52a8\uff1a $ systemctl enable \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service $ systemctl start \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service $ systemctl enable libvirtd.service openstack-nova-compute.service $ systemctl start libvirtd.service openstack-nova-compute.service \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230cell\u6570\u636e\u5e93\uff1a \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u5b58\u5728\uff1a $ . admin-openrc $ openstack compute service list --service nova-compute \u6ce8\u518c\u8ba1\u7b97\u8282\u70b9\uff1a $ su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova \u9a8c\u8bc1 $ . admin-openrc \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a $ openstack compute service list \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a $ openstack catalog list \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a $ openstack image list \u68c0\u67e5cells\u548cplacement API\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 $ nova-status upgrade check Neutron \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3aroot\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa neutron \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u66ff\u6362NEUTRON_DBPASS\uff0c\u4e3aneutron\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 $ . admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b8c\u6210\u521b\u5efa neutron \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efaneutron\u7528\u6237\u548c\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u2018neutron\u2019\u7528\u6237\u64cd\u4f5c\u3002 \u521b\u5efaneutron\u670d\u52a1 $ openstack user create --domain default --password-prompt neutron $ openstack role add --project service --user neutron admin $ openstack service create --name neutron --description \"OpenStack Networking\" network \u521b\u5efa\u7f51\u7edc\u670d\u52a1API\u7aef\u70b9\uff1a $ openstack endpoint create --region RegionOne network public http://controller:9696 $ openstack endpoint create --region RegionOne network internal http://controller:9696 $ openstack endpoint create --region RegionOne network admin http://controller:9696 \u5b89\u88c5\u548c\u914d\u7f6e Self-service \u7f51\u7edc \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install openstack-neutron openstack-neutron-ml2 \\ openstack-neutron-linuxbridge ebtables ipset \u914d\u7f6eneutron\uff1a \u7f16\u8f91 /etc/neutron/neutron.conf \u6587\u4ef6\uff1a \u5728[database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b \u5728[default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b \u5728[default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b \u5728[default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b \u5728[oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 [database] # ... connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron [DEFAULT] # ... core_plugin = ml2 service_plugins = router allow_overlapping_ips = true transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] # ... auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = nova password = NOVA_PASS [oslo_concurrency] # ... lock_path = /var/lib/neutron/tmp \u66ff\u6362NEUTRON_DBPASS\u4e3aneutron\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362RABBIT_PASS\u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362NEUTRON_PASS\u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362NOVA_PASS\u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a \u7f16\u8f91 /etc/neutron/plugins/ml2/ml2_conf.ini \u6587\u4ef6\uff1a \u5728[ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528\u7f51\u6865\u53ca layer-2 population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b \u5728[ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b \u5728[ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b \u5728[securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 # vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] # ... type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] # ... flat_networks = provider [ml2_type_vxlan] # ... vni_ranges = 1:1000 [securitygroup] # ... enable_ipset = true \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a \u7f16\u8f91 /etc/neutron/plugins/ml2/linuxbridge_agent.ini \u6587\u4ef6\uff1a \u5728[linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u5728[vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b \u5728[securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] # ... enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u66ff\u6362PROVIDER_INTERFACE_NAME\u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362OVERLAY_INTERFACE_IP_ADDRESS\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a \u7f16\u8f91 /etc/neutron/l3_agent.ini \u6587\u4ef6\uff1a \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge [DEFAULT] # ... interface_driver = linuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a \u7f16\u8f91 /etc/neutron/dhcp_agent.ini \u6587\u4ef6\uff1a \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 [DEFAULT] # ... interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u914d\u7f6emetadata\u4ee3\u7406\uff1a \u7f16\u8f91 /etc/neutron/metadata_agent.ini \u6587\u4ef6\uff1a \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 [DEFAULT] # ... nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u66ff\u6362METADATA_SECRET\u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6e\u8ba1\u7b97\u670d\u52a1 \u7f16\u8f91 /etc/nova/nova.conf \u6587\u4ef6\uff1a \u5728[neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 [neutron] # ... auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET \u66ff\u6362NEUTRON_PASS\u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362METADATA_SECRET\u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u5b8c\u6210\u5b89\u88c5 \u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u94fe\u63a5\uff1a $ ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u540c\u6b65\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a $ systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1\u5e76\u914d\u7f6e\u5f00\u673a\u542f\u52a8\uff1a $ systemctl enable neutron-server.service \\ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service $ systemctl start neutron-server.service \\ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service $ systemctl enable neutron-l3-agent.service $ systemctl start neutron-l3-agent.service \u9a8c\u8bc1 \u5217\u51fa\u4ee3\u7406\u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a $ openstack network agent list Cinder \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3aroot\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efacinder\u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u66ff\u6362CINDER_DBPASS\uff0c\u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 $ source admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a \u521b\u5efacinder\u7528\u6237 \u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018cinder\u2019 \u521b\u5efacinderv2\u548ccinderv3\u670d\u52a1 $ openstack user create --domain default --password-prompt cinder $ openstack role add --project service --user cinder admin $ openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 $ openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a $ openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s $ openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s $ openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s $ openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s $ openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s $ openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u548c\u914d\u7f6e\u63a7\u5236\u8282\u70b9 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install openstack-cinder \u914d\u7f6ecinder\uff1a \u7f16\u8f91 /etc/cinder/cinder.conf \u6587\u4ef6\uff1a \u5728[database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b \u5728[DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b \u5728[DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b \u5728[oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 [database] # ... connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [DEFAULT] # ... transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] # ... lock_path = /var/lib/cinder/tmp \u66ff\u6362CINDER_DBPASS\u4e3acinder\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362RABBIT_PASS\u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6emy_ip\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362CINDER_PASS\u4e3acinder\u7528\u6237\u7684\u5bc6\u7801\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"cinder-manage db sync\" cinder \u914d\u7f6e\u8ba1\u7b97\u4f7f\u7528\u5757\u5b58\u50a8\uff1a \u7f16\u8f91 /etc/nova/nova.conf \u6587\u4ef6\u3002 [cinder] os_region_name = RegionOne \u5b8c\u6210\u5b89\u88c5\uff1a \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 $ systemctl restart openstack-nova-api.service \u542f\u52a8\u5757\u5b58\u50a8\u670d\u52a1 $ systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service $ systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9\uff08LVM\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install lvm2 device-mapper-persistent-data scsi-target-utils python2-keystone \\ openstack-cinder-volume \u521b\u5efaLVM\u7269\u7406\u5377 /dev/sdb\uff1a $ pvcreate /dev/sdb \u521b\u5efaLVM\u5377\u7ec4 cinder-volumes\uff1a $ vgcreate cinder-volumes /dev/sdb \u7f16\u8f91 /etc/lvm/lvm.conf \u6587\u4ef6\uff1a \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/sdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 devices { # ... filter = [ \"a/sdb/\", \"r/.*/\"] \u7f16\u8f91 /etc/cinder/cinder.conf \u6587\u4ef6\uff1a \u5728[lvm]\u90e8\u5206\uff0c\u4f7f\u7528LVM\u9a71\u52a8\u3001cinder-volumes\u5377\u7ec4\u3001iSCSI\u534f\u8bae\u548c\u9002\u5f53\u7684iSCSI\u670d\u52a1\u914d\u7f6eLVM\u540e\u7aef\u3002 \u5728[DEFAULT]\u90e8\u5206\uff0c\u542f\u7528LVM\u540e\u7aef\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u4f4d\u7f6e\u3002 [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver volume_group = cinder-volumes target_protocol = iscsi target_helper = lioadm [DEFAULT] # ... enabled_backends = lvm glance_api_servers = http://controller:9292 \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u5b8c\u6210\u5b89\u88c5\uff1a $ systemctl enable openstack-cinder-volume.service tgtd.service iscsid.service $ systemctl start openstack-cinder-volume.service tgtd.service iscsid.service \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9\uff08ceph RBD\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install ceph-common python2-rados python2-rbd python2-keystone openstack-cinder-volume \u5728[DEFAULT]\u90e8\u5206\uff0c\u542f\u7528LVM\u540e\u7aef\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u4f4d\u7f6e\u3002 [DEFAULT] enabled_backends = ceph-rbd \u6dfb\u52a0ceph rbd\u914d\u7f6e\u90e8\u5206\uff0c\u914d\u7f6e\u5757\u547d\u540d\u4e0eenabled_backends\u4e2d\u4fdd\u6301\u4e00\u81f4 [ceph-rbd] glance_api_version = 2 rados_connect_timeout = -1 rbd_ceph_conf = /etc/ceph/ceph.conf rbd_flatten_volume_from_snapshot = False rbd_max_clone_depth = 5 rbd_pool = <RBD_POOL_NAME> # RBD\u5b58\u50a8\u6c60\u540d\u79f0 rbd_secret_uuid = <rbd_secret_uuid> # \u968f\u673a\u751f\u6210SECRET UUID rbd_store_chunk_size = 4 rbd_user = <RBD_USER_NAME> volume_backend_name = ceph-rbd volume_driver = cinder.volume.drivers.rbd.RBDDriver \u914d\u7f6e\u5b58\u50a8\u8282\u70b9ceph\u5ba2\u6237\u7aef\uff0c\u9700\u8981\u4fdd\u8bc1/etc/ceph/\u76ee\u5f55\u4e2d\u5305\u542bceph\u96c6\u7fa4\u8bbf\u95ee\u914d\u7f6e\uff0c\u5305\u62ecceph.conf\u4ee5\u53cakeyring [root@openeuler ~]# ll /etc/ceph -rw-r--r-- 1 root root 82 Jun 16 17:11 ceph.client.<rbd_user>.keyring -rw-r--r-- 1 root root 1.5K Jun 16 17:11 ceph.conf -rw-r--r-- 1 root root 92 Jun 16 17:11 rbdmap \u5728\u5b58\u50a8\u8282\u70b9\u68c0\u67e5ceph\u96c6\u7fa4\u662f\u5426\u6b63\u5e38\u53ef\u8bbf\u95ee [root@openeuler ~]# ceph --user cinder -s cluster: id: b7b2fac6-420f-4ec1-aea2-4862d29b4059 health: HEALTH_OK services: mon: 3 daemons, quorum VIRT01,VIRT02,VIRT03 mgr: VIRT03(active), standbys: VIRT02, VIRT01 mds: cephfs_virt-1/1/1 up {0=VIRT03=up:active}, 2 up:standby osd: 15 osds: 15 up, 15 in data: pools: 7 pools, 1416 pgs objects: 5.41M objects, 19.8TiB usage: 49.3TiB used, 59.9TiB / 109TiB avail pgs: 1414 active io: client: 2.73MiB/s rd, 22.4MiB/s wr, 3.21kop/s rd, 1.19kop/s wr \u542f\u52a8\u670d\u52a1 $ systemctl enable openstack-cinder-volume.service $ systemctl start openstack-cinder-volume.service \u5b89\u88c5\u548c\u914d\u7f6e\u5907\u4efd\u670d\u52a1 \u7f16\u8f91 /etc/cinder/cinder.conf \u6587\u4ef6\uff1a \u5728[DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6e\u5907\u4efd\u9009\u9879 [DEFAULT] # ... # \u6ce8\u610f: openEuler 21.03\u4e2d\u6ca1\u6709\u63d0\u4f9bOpenStack Swift\u8f6f\u4ef6\u5305\uff0c\u9700\u8981\u7528\u6237\u81ea\u884c\u5b89\u88c5\u3002\u6216\u8005\u4f7f\u7528\u5176\u4ed6\u7684\u5907\u4efd\u540e\u7aef\uff0c\u4f8b\u5982\uff0cNFS\u3002NFS\u5df2\u7ecf\u8fc7\u6d4b\u8bd5\u9a8c\u8bc1\uff0c\u53ef\u4ee5\u6b63\u5e38\u4f7f\u7528\u3002 backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver backup_swift_url = SWIFT_URL \u66ff\u6362SWIFT_URL\u4e3a\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u7684URL\uff0c\u8be5URL\u53ef\u4ee5\u901a\u8fc7\u5bf9\u8c61\u5b58\u50a8API\u7aef\u70b9\u627e\u5230\uff1a $ openstack catalog show object-store \u5b8c\u6210\u5b89\u88c5\uff1a $ systemctl enable openstack-cinder-backup.service $ systemctl start openstack-cinder-backup.service \u9a8c\u8bc1 \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\u9a8c\u8bc1\u6bcf\u4e2a\u6b65\u9aa4\u6210\u529f\uff1a $ source admin-openrc $ openstack volume service list \u6ce8\uff1a\u76ee\u524d\u6682\u672a\u5bf9swift\u7ec4\u4ef6\u8fdb\u884c\u652f\u6301\uff0c\u6709\u6761\u4ef6\u7684\u540c\u5b66\u53ef\u4ee5\u914d\u7f6e\u5bf9\u63a5ceph\u3002 Horizon \u5b89\u88c5 \u00b6 \u5b89\u88c5\u8f6f\u4ef6\u5305 $ yum install openstack-dashboard 2. \u4fee\u6539\u6587\u4ef6 /usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.py \u4fee\u6539\u53d8\u91cf ALLOWED_HOSTS = ['*', ] OPENSTACK_HOST = \"controller\" OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } \u65b0\u589e\u53d8\u91cf OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } WEBROOT = \"/dashboard/\" COMPRESS_OFFLINE = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"admin\" LOGIN_URL = '/dashboard/auth/login/' LOGOUT_URL = '/dashboard/auth/logout/' 3. \u4fee\u6539\u6587\u4ef6/etc/httpd/conf.d/openstack-dashboard.conf WSGIDaemonProcess dashboard WSGIProcessGroup dashboard WSGISocketPrefix run/wsgi WSGIApplicationGroup %{GLOBAL} WSGIScriptAlias /dashboard /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi Alias /dashboard/static /usr/share/openstack-dashboard/static <Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi> Options All AllowOverride All Require all granted </Directory> <Directory /usr/share/openstack-dashboard/static> Options All AllowOverride All Require all granted </Directory> 4. \u5728/usr/share/openstack-dashboard\u76ee\u5f55\u4e0b\u6267\u884c $ ./manage.py compress 5. \u91cd\u542f httpd \u670d\u52a1 $ systemctl restart httpd 5. \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740http:// \uff0c\u767b\u5f55 horizon\u3002 Tempest \u5b89\u88c5 \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5 \u5b89\u88c5Tempest $ yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 $ tempest init mytest 3. \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 $ cd mytest $ vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 $ tempest run Ironic \u5b89\u88c5 \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u7ec4\u4ef6\u5b89\u88c5\u4e0e\u914d\u7f6e ##### \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 $ openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic $ openstack role add --project service --user ironic admin $ openstack service create --name ironic --description \\ \"Ironic baremetal provisioning service\" baremetal $ openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection $ openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector $ openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 $ openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 $ openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 $ openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 $ openstack endpoint create --region RegionOne baremetal-introspection internal http://$IRONIC_NODE:5050/v1 $ openstack endpoint create --region RegionOne baremetal-introspection public http://$IRONIC_NODE:5050/v1 $ openstack endpoint create --region RegionOne baremetal-introspection admin http://$IRONIC_NODE:5050/v1 ##### \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone force_config_drive = True [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u9700\u8981\u5728\u914d\u7f6e\u6587\u4ef6\u4e2d\u6307\u5b9aironic\u65e5\u5fd7\u76ee\u5f55 [DEFAULT] log_dir = /var/log/ironic/ 5\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 $ ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 6\u3001\u91cd\u542fironic-api\u670d\u52a1 $ systemctl restart openstack-ironic-api ##### \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenstack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenstack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenstack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenstack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenstack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728Openstack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeopenstack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] # ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 $ systemctl restart openstack-ironic-conductor ##### \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84 /etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector 3\u3001\u8c03\u7528 ironic-inspector-dbsync \u751f\u6210\u8868 ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade 4\u3001\u914d\u7f6e\u6d88\u606f\u961f\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 5\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD 6\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 7\u3001\u542f\u52a8\u670d\u52a1 $ systemctl enable --now openstack-ironic-inspector.service $ systemctl enable --now openstack-ironic-inspector-dnsmasq.service 8\u3001\u5982\u679c\u8282\u70b9\u5355\u72ec\u90e8\u7f72ironic\u670d\u52a1\u8fd8\u9700\u8981\u90e8\u7f72\u542f\u52a8iscsid.service\u670d\u52a1 $ systemctl enable openstack-cinder-volume.service tgtd.service iscsid.service $ systemctl start openstack-cinder-volume.service tgtd.service iscsid.service \u6ce8\u610f \uff1aarm\u67b6\u6784\u652f\u6301\u4e0d\u5b8c\u5168\uff0c\u9700\u8981\u6839\u636e\u81ea\u5df1\u60c5\u51b5\u8fdb\u884c\u9002\u914d\uff1b deploy ramdisk\u955c\u50cf\u5236\u4f5c \u76ee\u524dramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic python agent builder\u6765\u8fdb\u884c\u5236\u4f5c\uff0c\u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528\u8fd9\u4e2a\u5de5\u5177\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002\uff08\u7528\u6237\u4e5f\u53ef\u4ee5\u6839\u636e\u81ea\u5df1\u7684\u60c5\u51b5\u83b7\u53d6ironic-python-agent\uff0c\u8fd9\u91cc\u63d0\u4f9b\u4f7f\u7528ipa-builder\u5236\u4f5cipa\u65b9\u6cd5\uff09 ##### \u5b89\u88c5 ironic-python-agent-builder \u5b89\u88c5\u5de5\u5177\uff1a $ pip install ironic-python-agent-builder \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a $ /usr/bin/yum /usr/libexec/urlgrabber-ext-down \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a $ yum install git \u7531\u4e8e DIB \u4f9d\u8d56 semanage \u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a semanage --help \uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ##### \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f aarch64 \u67b6\u6784\uff0c\u8fd8\u9700\u8981\u6dfb\u52a0\uff1a $ export ARCH=aarch64 ###### \u666e\u901a\u955c\u50cf \u57fa\u672c\u7528\u6cd5\uff1a usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder \u4e3e\u4f8b\u8bf4\u660e\uff1a $ ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ###### \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a $ export DIB_DEV_USER_USERNAME=ipa \\ $ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ $ export DIB_DEV_USER_PASSWORD='123' $ ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ###### \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 \u53c2\u8003\uff1a source-repositories \u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 Kolla \u5b89\u88c5 \u00b6 Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 20.03 LTS SP2\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef $ yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002 Trove \u5b89\u88c5 \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5bf9\u5e94\u5bc6\u7801 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 $ openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove $ openstack role add --project service --user trove admin $ openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 $ openstack endpoint create --region RegionOne database public http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s $ openstack endpoint create --region RegionOne database internal http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s $ openstack endpoint create --region RegionOne database admin http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s \u89e3\u91ca\uff1a $TROVE_NODE \u66ff\u6362\u4e3aTrove\u7684API\u670d\u52a1\u90e8\u7f72\u8282\u70b9 \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 $ yum install openstack-trove python-troveclient 2\u3001\u914d\u7f6e /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove auth_strategy = keystone # Config option for showing the IP address that nova doles out add_addresses = True network_label_regex = ^NETWORK_LABEL$ api_paste_config = /etc/trove/api-paste.ini trove_auth_url = http://controller:35357/v3/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASS nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/v3/ auth_url=http://controller:35357/v3/ #auth_uri = http://controller/identity #auth_url = http://controller/identity_admin auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = trove password = TROVE_PASS \u89e3\u91ca\uff1a - [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP - nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint - nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b - transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 3\u3001\u914d\u7f6e /etc/trove/trove-taskmanager.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller/identity/v2.0 nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove \u89e3\u91ca\uff1a \u53c2\u7167 trove.conf \u914d\u7f6e 4\u3001\u914d\u7f6e /etc/trove/trove-conductor.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller/identity/v2.0 nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:trove@controller/trove \u89e3\u91ca\uff1a \u53c2\u7167 trove.conf \u914d\u7f6e 5\u3001\u914d\u7f6e /etc/trove/trove-guestagent.conf [DEFAULT] rabbit_host = controller rabbit_password = RABBIT_PASS nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASS nova_proxy_admin_tenant_name = service trove_auth_url = http://controller/identity_admin/v2.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 6\u3001\u751f\u6210\u6570\u636e Trove \u6570\u636e\u5e93\u8868 $ su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e 1\u3001\u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 $ systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2\u3001\u542f\u52a8\u670d\u52a1 $ systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"openEuler-20.03-LTS-SP2_Rocky"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#openstack-rocky","text":"OpenStack-Rocky \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u51c6\u5907\u73af\u5883 OpenStack yum\u6e90\u914d\u7f6e \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 ... ... ... \u6ce8\u610f\uff1a\u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7darm64\u7248\u672c\u7684\u955c\u50cf\u3002 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 Horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5","title":"OpenStack-Rocky \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#openstack","text":"OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 20.03-LTS-SP2 \u7248\u672c\u5b98\u65b9\u8ba4\u8bc1\u7684\u7b2c\u4e09\u65b9oepkg yum \u6e90\u5df2\u7ecf\u652f\u6301 Openstack-Rocky \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597doepkg yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002","title":"OpenStack \u7b80\u4ecb"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#_1","text":"","title":"\u51c6\u5907\u73af\u5883"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#openstack-yum","text":"\u914d\u7f6e 20.03-LTS-SP2 \u5b98\u65b9\u8ba4\u8bc1\u7684\u7b2c\u4e09\u65b9\u6e90 oepkg\uff0c\u4ee5x86_64\u4e3a\u4f8b $ cat << EOF >> /etc/yum.repos.d/OpenStack_Rocky.repo [openstack_rocky] name=OpenStack_Rocky baseurl=https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP2/budding-openeuler/openstack/rocky/x86_64/ gpgcheck=0 enabled=1 EOF $ yum clean all && yum makecache","title":"OpenStack yum\u6e90\u914d\u7f6e"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#_2","text":"\u5728 /etc/hosts \u4e2d\u6dfb\u52a0controller\u4fe1\u606f\uff0c\u4f8b\u5982\u8282\u70b9IP\u662f 10.0.0.11 \uff0c\u5219\u65b0\u589e\uff1a 10.0.0.11 controller","title":"\u73af\u5883\u914d\u7f6e"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#sql-database","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 $ yum install mariadb mariadb-server python2-PyMySQL 2. \u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 \u590d\u5236\u5982\u4e0b\u5185\u5bb9\u5230\u6587\u4ef6\uff0c\u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a $ systemctl enable mariadb.service $ systemctl start mariadb.service","title":"\u5b89\u88c5 SQL DataBase"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#rabbitmq","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 $ yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 $ systemctl enable rabbitmq-server.service $ systemctl start rabbitmq-server.service 3. \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 $ rabbitmqctl add_user openstack RABBIT_PASS 4. \u66ff\u6362 RABBIT_PASS\uff0c\u4e3aOpenStack\u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a $ rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5 RabbitMQ"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#memcached","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 $ yum install memcached python2-memcached 2. \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\uff0c\u6dfb\u52a0\u4ee5\u4e0b\u5185\u5bb9 OPTIONS=\"-l 127.0.0.1,::1,controller\" OPTIONS \u4fee\u6539\u4e3a\u5b9e\u9645\u73af\u5883\u4e2d\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 $ systemctl enable memcached.service $ systemctl start memcached.service","title":"\u5b89\u88c5 Memcached"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#openstack_1","text":"","title":"\u5b89\u88c5 OpenStack"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#keystone","text":"\u4ee5 root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u66ff\u6362 KEYSTONE_DBPASS\uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 $ yum install openstack-keystone httpd python2-mod_wsgi \u914d\u7f6ekeystone\uff0c\u7f16\u8f91 /etc/keystone/keystone.conf \u6587\u4ef6\u3002\u5728[database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\u3002\u5728[token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u66ff\u6362KEYSTONE_DBPASS\u4e3aKeystone\u6570\u636e\u5e93\u7684\u5bc6\u7801 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 $ keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone $ keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8\u8eab\u4efd\u670d\u52a1\u3002 $ keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u66ff\u6362 ADMIN_PASS\uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801\u3002 \u7f16\u8f91 /etc/httpd/conf/httpd.conf \u6587\u4ef6\uff0c\u914d\u7f6eApache HTTP server $ vim /etc/httpd/conf/httpd.conf \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9\uff0c\u5982\u4e0b\u6240\u793a\u3002 ServerName controller \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa\u3002 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u4e3a /usr/share/keystone/wsgi-keystone.conf \u6587\u4ef6\u521b\u5efa\u94fe\u63a5\u3002 $ ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u5b8c\u6210\u5b89\u88c5\uff0c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8Apache HTTP\u670d\u52a1\u3002 $ systemctl enable httpd.service $ systemctl start httpd.service \u5b89\u88c5OpenStackClient $ yum install python2-openstackclient \u521b\u5efa OpenStack client \u73af\u5883\u811a\u672c \u521b\u5efaadmin\u7528\u6237\u7684\u73af\u5883\u53d8\u91cf\u811a\u672c\uff1a # vim admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 \u66ff\u6362ADMIN_PASS\u4e3aadmin\u7528\u6237\u7684\u5bc6\u7801, \u4e0e\u4e0a\u8ff0 keystone-manage bootstrap \u547d\u4ee4\u4e2d\u8bbe\u7f6e\u7684\u5bc6\u7801\u4e00\u81f4 \u8fd0\u884c\u811a\u672c\u52a0\u8f7d\u73af\u5883\u53d8\u91cf\uff1a $ source admin-openrc \u5206\u522b\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efadomain, projects, users, roles\u3002 \u521b\u5efadomain \u2018example\u2019\uff1a $ openstack domain create --description \"An Example Domain\" example \u6ce8\uff1adomain \u2018default\u2019\u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa \u521b\u5efaproject \u2018service\u2019\uff1a $ openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project \u2019myproject\u2018\uff0cuser \u2019myuser\u2018 \u548c role \u2019myrole\u2018\uff0c\u4e3a\u2018myproject\u2019\u548c\u2018myuser\u2019\u6dfb\u52a0\u89d2\u8272\u2018myrole\u2019\uff1a $ openstack project create --domain default --description \"Demo Project\" myproject $ openstack user create --domain default --password-prompt myuser $ openstack role create myrole $ openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a $ unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a $ openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a $ openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#glance","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4ee5 root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa glance \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u66ff\u6362 GLANCE_DBPASS\uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 $ source admin-openrc \u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff0c\u5206\u522b\u5b8c\u6210\u521b\u5efa glance \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efaglance\u7528\u6237\u548c\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018glance\u2019\u3002 $ openstack user create --domain default --password-prompt glance $ openstack role add --project service --user glance admin $ openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a $ openstack endpoint create --region RegionOne image public http://controller:9292 $ openstack endpoint create --region RegionOne image internal http://controller:9292 $ openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install openstack-glance \u914d\u7f6eglance\uff1a \u7f16\u8f91 /etc/glance/glance-api.conf \u6587\u4ef6\uff1a \u5728[database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 \u5728[glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e [database] # ... connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] # ... flavor = keystone [glance_store] # ... stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u7f16\u8f91 /etc/glance/glance-registry.conf \u6587\u4ef6\uff1a \u5728[database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 ```ini [database]","title":"Glance \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#_3","text":"connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken]","title":"..."},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#_4","text":"www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy]","title":"..."},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#_5","text":"flavor = keystone ``` \u5176\u4e2d\uff0c\u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u955c\u50cf\u670d\u52a1\uff1a $ systemctl enable openstack-glance-api.service openstack-glance-registry.service $ systemctl start openstack-glance-api.service openstack-glance-registry.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf ```shell $ source admin-openrc","title":"..."},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#arm64","text":"$ wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img ``` \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a shell $ glance image-create --name \"cirros\" --file cirros-0.4.0-x86_64-disk.img --disk-format qcow2 --container-format bare --visibility=public \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a shell $ glance image-list","title":"\u6ce8\u610f\uff1a\u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7darm64\u7248\u672c\u7684\u955c\u50cf\u3002"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#nova","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3aroot\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efanova\u3001nova_api\u3001nova_cell0 \u6570\u636e\u5e93\u5e76\u6388\u6743 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u66ff\u6362NOVA_DBPASS\u53caPLACEMENT_DBPASS\uff0c\u4e3anova\u53caplacement\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b8c\u6210\u521b\u5efanova\u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efanova\u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018nova\u2019\u3002 $ . admin-openrc $ openstack user create --domain default --password-prompt nova $ openstack role add --project service --user nova admin $ openstack service create --name nova --description \"OpenStack Compute\" compute \u521b\u5efa\u8ba1\u7b97\u670d\u52a1API\u7aef\u70b9\uff1a $ openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 $ openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 $ openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 \u521b\u5efaplacement\u7528\u6237\u5e76\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\uff1a $ openstack user create --domain default --password-prompt placement $ openstack role add --project service --user placement admin \u521b\u5efaplacement\u670d\u52a1\u51ed\u8bc1\u53caAPI\u670d\u52a1\u7aef\u70b9\uff1a $ openstack service create --name placement --description \"Placement API\" placement $ openstack endpoint create --region RegionOne placement public http://controller:8778 $ openstack endpoint create --region RegionOne placement internal http://controller:8778 $ openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install openstack-nova-api openstack-nova-conductor \\ openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-compute \\ openstack-nova-placement-api openstack-nova-console \u914d\u7f6enova\uff1a \u7f16\u8f91 /etc/nova/nova.conf \u6587\u4ef6\uff1a \u5728[default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b \u5728[api_database] [database] [placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b \u5728[vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b \u5728[glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b \u5728[oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b \u5728[placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 [DEFAULT] # ... enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.11 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver = libvirt.LibvirtDriver instances_path = /var/lib/nova/instances/ [api_database] # ... connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api [database] # ... connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true # ... server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html [glance] # ... api_servers = http://controller:9292 [oslo_concurrency] # ... lock_path = /var/lib/nova/tmp [placement] # ... region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] # ... auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS \u66ff\u6362RABBIT_PASS\u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6emy_ip\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362NOVA_DBPASS\u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362PLACEMENT_DBPASS\u4e3aplacement\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362NOVA_PASS\u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362PLACEMENT_PASS\u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362NEUTRON_PASS\u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u7f16\u8f91 /etc/httpd/conf.d/00-nova-placement-api.conf \uff0c\u589e\u52a0Placement API\u63a5\u5165\u914d\u7f6e <Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory> \u91cd\u542fhttpd\u670d\u52a1\uff1a $ systemctl restart httpd \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"nova-manage api_db sync\" nova \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova \u521b\u5efacell1 cell\uff1a $ su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova \u540c\u6b65nova\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"nova-manage db sync\" nova \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a $ egrep -c '(vmx|svm)' /proc/cpuinfo \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a \u6ce8\u610f\uff1a \u5982\u679c\u662f\u5728ARM64\u7684\u670d\u52a1\u5668\u4e0a\uff0c\u8fd8\u9700\u8981\u5728\u914d\u7f6e cpu_mode \u4e3a custom , cpu_model \u4e3a cortex-a72 # vim /etc/nova/nova.conf [libvirt] # ... virt_type = qemu cpu_mode = custom cpu_model = cortex-a72 \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u5728 compute \u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd chown nova:nova /usr/share/AAVMF -R vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd\", \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw:/usr/share/edk2/aarch64/vars-template-pflash.raw\" ] \u542f\u52a8\u8ba1\u7b97\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u914d\u7f6e\u5176\u5f00\u673a\u542f\u52a8\uff1a $ systemctl enable \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service $ systemctl start \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service $ systemctl enable libvirtd.service openstack-nova-compute.service $ systemctl start libvirtd.service openstack-nova-compute.service \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230cell\u6570\u636e\u5e93\uff1a \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u5b58\u5728\uff1a $ . admin-openrc $ openstack compute service list --service nova-compute \u6ce8\u518c\u8ba1\u7b97\u8282\u70b9\uff1a $ su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova \u9a8c\u8bc1 $ . admin-openrc \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a $ openstack compute service list \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a $ openstack catalog list \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a $ openstack image list \u68c0\u67e5cells\u548cplacement API\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 $ nova-status upgrade check","title":"Nova \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#neutron","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3aroot\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa neutron \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u66ff\u6362NEUTRON_DBPASS\uff0c\u4e3aneutron\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 $ . admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b8c\u6210\u521b\u5efa neutron \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efaneutron\u7528\u6237\u548c\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u2018neutron\u2019\u7528\u6237\u64cd\u4f5c\u3002 \u521b\u5efaneutron\u670d\u52a1 $ openstack user create --domain default --password-prompt neutron $ openstack role add --project service --user neutron admin $ openstack service create --name neutron --description \"OpenStack Networking\" network \u521b\u5efa\u7f51\u7edc\u670d\u52a1API\u7aef\u70b9\uff1a $ openstack endpoint create --region RegionOne network public http://controller:9696 $ openstack endpoint create --region RegionOne network internal http://controller:9696 $ openstack endpoint create --region RegionOne network admin http://controller:9696 \u5b89\u88c5\u548c\u914d\u7f6e Self-service \u7f51\u7edc \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install openstack-neutron openstack-neutron-ml2 \\ openstack-neutron-linuxbridge ebtables ipset \u914d\u7f6eneutron\uff1a \u7f16\u8f91 /etc/neutron/neutron.conf \u6587\u4ef6\uff1a \u5728[database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b \u5728[default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b \u5728[default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b \u5728[default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b \u5728[oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 [database] # ... connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron [DEFAULT] # ... core_plugin = ml2 service_plugins = router allow_overlapping_ips = true transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] # ... auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = nova password = NOVA_PASS [oslo_concurrency] # ... lock_path = /var/lib/neutron/tmp \u66ff\u6362NEUTRON_DBPASS\u4e3aneutron\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362RABBIT_PASS\u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362NEUTRON_PASS\u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362NOVA_PASS\u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a \u7f16\u8f91 /etc/neutron/plugins/ml2/ml2_conf.ini \u6587\u4ef6\uff1a \u5728[ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528\u7f51\u6865\u53ca layer-2 population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b \u5728[ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b \u5728[ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b \u5728[securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 # vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] # ... type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] # ... flat_networks = provider [ml2_type_vxlan] # ... vni_ranges = 1:1000 [securitygroup] # ... enable_ipset = true \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a \u7f16\u8f91 /etc/neutron/plugins/ml2/linuxbridge_agent.ini \u6587\u4ef6\uff1a \u5728[linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u5728[vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b \u5728[securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] # ... enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u66ff\u6362PROVIDER_INTERFACE_NAME\u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362OVERLAY_INTERFACE_IP_ADDRESS\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a \u7f16\u8f91 /etc/neutron/l3_agent.ini \u6587\u4ef6\uff1a \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge [DEFAULT] # ... interface_driver = linuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a \u7f16\u8f91 /etc/neutron/dhcp_agent.ini \u6587\u4ef6\uff1a \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 [DEFAULT] # ... interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u914d\u7f6emetadata\u4ee3\u7406\uff1a \u7f16\u8f91 /etc/neutron/metadata_agent.ini \u6587\u4ef6\uff1a \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 [DEFAULT] # ... nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u66ff\u6362METADATA_SECRET\u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6e\u8ba1\u7b97\u670d\u52a1 \u7f16\u8f91 /etc/nova/nova.conf \u6587\u4ef6\uff1a \u5728[neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 [neutron] # ... auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET \u66ff\u6362NEUTRON_PASS\u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362METADATA_SECRET\u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u5b8c\u6210\u5b89\u88c5 \u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u94fe\u63a5\uff1a $ ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u540c\u6b65\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a $ systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1\u5e76\u914d\u7f6e\u5f00\u673a\u542f\u52a8\uff1a $ systemctl enable neutron-server.service \\ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service $ systemctl start neutron-server.service \\ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service $ systemctl enable neutron-l3-agent.service $ systemctl start neutron-l3-agent.service \u9a8c\u8bc1 \u5217\u51fa\u4ee3\u7406\u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a $ openstack network agent list","title":"Neutron \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#cinder","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3aroot\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efacinder\u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u66ff\u6362CINDER_DBPASS\uff0c\u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 $ source admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a \u521b\u5efacinder\u7528\u6237 \u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018cinder\u2019 \u521b\u5efacinderv2\u548ccinderv3\u670d\u52a1 $ openstack user create --domain default --password-prompt cinder $ openstack role add --project service --user cinder admin $ openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 $ openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a $ openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s $ openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s $ openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s $ openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s $ openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s $ openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u548c\u914d\u7f6e\u63a7\u5236\u8282\u70b9 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install openstack-cinder \u914d\u7f6ecinder\uff1a \u7f16\u8f91 /etc/cinder/cinder.conf \u6587\u4ef6\uff1a \u5728[database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b \u5728[DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b \u5728[DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b \u5728[oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 [database] # ... connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [DEFAULT] # ... transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] # ... lock_path = /var/lib/cinder/tmp \u66ff\u6362CINDER_DBPASS\u4e3acinder\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362RABBIT_PASS\u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6emy_ip\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362CINDER_PASS\u4e3acinder\u7528\u6237\u7684\u5bc6\u7801\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"cinder-manage db sync\" cinder \u914d\u7f6e\u8ba1\u7b97\u4f7f\u7528\u5757\u5b58\u50a8\uff1a \u7f16\u8f91 /etc/nova/nova.conf \u6587\u4ef6\u3002 [cinder] os_region_name = RegionOne \u5b8c\u6210\u5b89\u88c5\uff1a \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 $ systemctl restart openstack-nova-api.service \u542f\u52a8\u5757\u5b58\u50a8\u670d\u52a1 $ systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service $ systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9\uff08LVM\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install lvm2 device-mapper-persistent-data scsi-target-utils python2-keystone \\ openstack-cinder-volume \u521b\u5efaLVM\u7269\u7406\u5377 /dev/sdb\uff1a $ pvcreate /dev/sdb \u521b\u5efaLVM\u5377\u7ec4 cinder-volumes\uff1a $ vgcreate cinder-volumes /dev/sdb \u7f16\u8f91 /etc/lvm/lvm.conf \u6587\u4ef6\uff1a \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/sdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 devices { # ... filter = [ \"a/sdb/\", \"r/.*/\"] \u7f16\u8f91 /etc/cinder/cinder.conf \u6587\u4ef6\uff1a \u5728[lvm]\u90e8\u5206\uff0c\u4f7f\u7528LVM\u9a71\u52a8\u3001cinder-volumes\u5377\u7ec4\u3001iSCSI\u534f\u8bae\u548c\u9002\u5f53\u7684iSCSI\u670d\u52a1\u914d\u7f6eLVM\u540e\u7aef\u3002 \u5728[DEFAULT]\u90e8\u5206\uff0c\u542f\u7528LVM\u540e\u7aef\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u4f4d\u7f6e\u3002 [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver volume_group = cinder-volumes target_protocol = iscsi target_helper = lioadm [DEFAULT] # ... enabled_backends = lvm glance_api_servers = http://controller:9292 \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u5b8c\u6210\u5b89\u88c5\uff1a $ systemctl enable openstack-cinder-volume.service tgtd.service iscsid.service $ systemctl start openstack-cinder-volume.service tgtd.service iscsid.service \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9\uff08ceph RBD\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install ceph-common python2-rados python2-rbd python2-keystone openstack-cinder-volume \u5728[DEFAULT]\u90e8\u5206\uff0c\u542f\u7528LVM\u540e\u7aef\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u4f4d\u7f6e\u3002 [DEFAULT] enabled_backends = ceph-rbd \u6dfb\u52a0ceph rbd\u914d\u7f6e\u90e8\u5206\uff0c\u914d\u7f6e\u5757\u547d\u540d\u4e0eenabled_backends\u4e2d\u4fdd\u6301\u4e00\u81f4 [ceph-rbd] glance_api_version = 2 rados_connect_timeout = -1 rbd_ceph_conf = /etc/ceph/ceph.conf rbd_flatten_volume_from_snapshot = False rbd_max_clone_depth = 5 rbd_pool = <RBD_POOL_NAME> # RBD\u5b58\u50a8\u6c60\u540d\u79f0 rbd_secret_uuid = <rbd_secret_uuid> # \u968f\u673a\u751f\u6210SECRET UUID rbd_store_chunk_size = 4 rbd_user = <RBD_USER_NAME> volume_backend_name = ceph-rbd volume_driver = cinder.volume.drivers.rbd.RBDDriver \u914d\u7f6e\u5b58\u50a8\u8282\u70b9ceph\u5ba2\u6237\u7aef\uff0c\u9700\u8981\u4fdd\u8bc1/etc/ceph/\u76ee\u5f55\u4e2d\u5305\u542bceph\u96c6\u7fa4\u8bbf\u95ee\u914d\u7f6e\uff0c\u5305\u62ecceph.conf\u4ee5\u53cakeyring [root@openeuler ~]# ll /etc/ceph -rw-r--r-- 1 root root 82 Jun 16 17:11 ceph.client.<rbd_user>.keyring -rw-r--r-- 1 root root 1.5K Jun 16 17:11 ceph.conf -rw-r--r-- 1 root root 92 Jun 16 17:11 rbdmap \u5728\u5b58\u50a8\u8282\u70b9\u68c0\u67e5ceph\u96c6\u7fa4\u662f\u5426\u6b63\u5e38\u53ef\u8bbf\u95ee [root@openeuler ~]# ceph --user cinder -s cluster: id: b7b2fac6-420f-4ec1-aea2-4862d29b4059 health: HEALTH_OK services: mon: 3 daemons, quorum VIRT01,VIRT02,VIRT03 mgr: VIRT03(active), standbys: VIRT02, VIRT01 mds: cephfs_virt-1/1/1 up {0=VIRT03=up:active}, 2 up:standby osd: 15 osds: 15 up, 15 in data: pools: 7 pools, 1416 pgs objects: 5.41M objects, 19.8TiB usage: 49.3TiB used, 59.9TiB / 109TiB avail pgs: 1414 active io: client: 2.73MiB/s rd, 22.4MiB/s wr, 3.21kop/s rd, 1.19kop/s wr \u542f\u52a8\u670d\u52a1 $ systemctl enable openstack-cinder-volume.service $ systemctl start openstack-cinder-volume.service \u5b89\u88c5\u548c\u914d\u7f6e\u5907\u4efd\u670d\u52a1 \u7f16\u8f91 /etc/cinder/cinder.conf \u6587\u4ef6\uff1a \u5728[DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6e\u5907\u4efd\u9009\u9879 [DEFAULT] # ... # \u6ce8\u610f: openEuler 21.03\u4e2d\u6ca1\u6709\u63d0\u4f9bOpenStack Swift\u8f6f\u4ef6\u5305\uff0c\u9700\u8981\u7528\u6237\u81ea\u884c\u5b89\u88c5\u3002\u6216\u8005\u4f7f\u7528\u5176\u4ed6\u7684\u5907\u4efd\u540e\u7aef\uff0c\u4f8b\u5982\uff0cNFS\u3002NFS\u5df2\u7ecf\u8fc7\u6d4b\u8bd5\u9a8c\u8bc1\uff0c\u53ef\u4ee5\u6b63\u5e38\u4f7f\u7528\u3002 backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver backup_swift_url = SWIFT_URL \u66ff\u6362SWIFT_URL\u4e3a\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u7684URL\uff0c\u8be5URL\u53ef\u4ee5\u901a\u8fc7\u5bf9\u8c61\u5b58\u50a8API\u7aef\u70b9\u627e\u5230\uff1a $ openstack catalog show object-store \u5b8c\u6210\u5b89\u88c5\uff1a $ systemctl enable openstack-cinder-backup.service $ systemctl start openstack-cinder-backup.service \u9a8c\u8bc1 \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\u9a8c\u8bc1\u6bcf\u4e2a\u6b65\u9aa4\u6210\u529f\uff1a $ source admin-openrc $ openstack volume service list \u6ce8\uff1a\u76ee\u524d\u6682\u672a\u5bf9swift\u7ec4\u4ef6\u8fdb\u884c\u652f\u6301\uff0c\u6709\u6761\u4ef6\u7684\u540c\u5b66\u53ef\u4ee5\u914d\u7f6e\u5bf9\u63a5ceph\u3002","title":"Cinder \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#horizon","text":"\u5b89\u88c5\u8f6f\u4ef6\u5305 $ yum install openstack-dashboard 2. \u4fee\u6539\u6587\u4ef6 /usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.py \u4fee\u6539\u53d8\u91cf ALLOWED_HOSTS = ['*', ] OPENSTACK_HOST = \"controller\" OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } \u65b0\u589e\u53d8\u91cf OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } WEBROOT = \"/dashboard/\" COMPRESS_OFFLINE = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"admin\" LOGIN_URL = '/dashboard/auth/login/' LOGOUT_URL = '/dashboard/auth/logout/' 3. \u4fee\u6539\u6587\u4ef6/etc/httpd/conf.d/openstack-dashboard.conf WSGIDaemonProcess dashboard WSGIProcessGroup dashboard WSGISocketPrefix run/wsgi WSGIApplicationGroup %{GLOBAL} WSGIScriptAlias /dashboard /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi Alias /dashboard/static /usr/share/openstack-dashboard/static <Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi> Options All AllowOverride All Require all granted </Directory> <Directory /usr/share/openstack-dashboard/static> Options All AllowOverride All Require all granted </Directory> 4. \u5728/usr/share/openstack-dashboard\u76ee\u5f55\u4e0b\u6267\u884c $ ./manage.py compress 5. \u91cd\u542f httpd \u670d\u52a1 $ systemctl restart httpd 5. \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740http:// \uff0c\u767b\u5f55 horizon\u3002","title":"Horizon \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5 \u5b89\u88c5Tempest $ yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 $ tempest init mytest 3. \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 $ cd mytest $ vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 $ tempest run","title":"Tempest \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u7ec4\u4ef6\u5b89\u88c5\u4e0e\u914d\u7f6e ##### \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 $ openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic $ openstack role add --project service --user ironic admin $ openstack service create --name ironic --description \\ \"Ironic baremetal provisioning service\" baremetal $ openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection $ openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector $ openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 $ openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 $ openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 $ openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 $ openstack endpoint create --region RegionOne baremetal-introspection internal http://$IRONIC_NODE:5050/v1 $ openstack endpoint create --region RegionOne baremetal-introspection public http://$IRONIC_NODE:5050/v1 $ openstack endpoint create --region RegionOne baremetal-introspection admin http://$IRONIC_NODE:5050/v1 ##### \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone force_config_drive = True [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u9700\u8981\u5728\u914d\u7f6e\u6587\u4ef6\u4e2d\u6307\u5b9aironic\u65e5\u5fd7\u76ee\u5f55 [DEFAULT] log_dir = /var/log/ironic/ 5\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 $ ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 6\u3001\u91cd\u542fironic-api\u670d\u52a1 $ systemctl restart openstack-ironic-api ##### \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenstack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenstack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenstack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenstack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenstack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728Openstack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeopenstack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] # ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 $ systemctl restart openstack-ironic-conductor ##### \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84 /etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector 3\u3001\u8c03\u7528 ironic-inspector-dbsync \u751f\u6210\u8868 ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade 4\u3001\u914d\u7f6e\u6d88\u606f\u961f\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 5\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD 6\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 7\u3001\u542f\u52a8\u670d\u52a1 $ systemctl enable --now openstack-ironic-inspector.service $ systemctl enable --now openstack-ironic-inspector-dnsmasq.service 8\u3001\u5982\u679c\u8282\u70b9\u5355\u72ec\u90e8\u7f72ironic\u670d\u52a1\u8fd8\u9700\u8981\u90e8\u7f72\u542f\u52a8iscsid.service\u670d\u52a1 $ systemctl enable openstack-cinder-volume.service tgtd.service iscsid.service $ systemctl start openstack-cinder-volume.service tgtd.service iscsid.service \u6ce8\u610f \uff1aarm\u67b6\u6784\u652f\u6301\u4e0d\u5b8c\u5168\uff0c\u9700\u8981\u6839\u636e\u81ea\u5df1\u60c5\u51b5\u8fdb\u884c\u9002\u914d\uff1b deploy ramdisk\u955c\u50cf\u5236\u4f5c \u76ee\u524dramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic python agent builder\u6765\u8fdb\u884c\u5236\u4f5c\uff0c\u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528\u8fd9\u4e2a\u5de5\u5177\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002\uff08\u7528\u6237\u4e5f\u53ef\u4ee5\u6839\u636e\u81ea\u5df1\u7684\u60c5\u51b5\u83b7\u53d6ironic-python-agent\uff0c\u8fd9\u91cc\u63d0\u4f9b\u4f7f\u7528ipa-builder\u5236\u4f5cipa\u65b9\u6cd5\uff09 ##### \u5b89\u88c5 ironic-python-agent-builder \u5b89\u88c5\u5de5\u5177\uff1a $ pip install ironic-python-agent-builder \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a $ /usr/bin/yum /usr/libexec/urlgrabber-ext-down \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a $ yum install git \u7531\u4e8e DIB \u4f9d\u8d56 semanage \u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a semanage --help \uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ##### \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f aarch64 \u67b6\u6784\uff0c\u8fd8\u9700\u8981\u6dfb\u52a0\uff1a $ export ARCH=aarch64 ###### \u666e\u901a\u955c\u50cf \u57fa\u672c\u7528\u6cd5\uff1a usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder \u4e3e\u4f8b\u8bf4\u660e\uff1a $ ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ###### \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a $ export DIB_DEV_USER_USERNAME=ipa \\ $ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ $ export DIB_DEV_USER_PASSWORD='123' $ ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ###### \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 \u53c2\u8003\uff1a source-repositories \u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002","title":"Ironic \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#kolla","text":"Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 20.03 LTS SP2\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef $ yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002","title":"Kolla \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP2/OpenStack-rocky/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5bf9\u5e94\u5bc6\u7801 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 $ openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove $ openstack role add --project service --user trove admin $ openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 $ openstack endpoint create --region RegionOne database public http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s $ openstack endpoint create --region RegionOne database internal http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s $ openstack endpoint create --region RegionOne database admin http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s \u89e3\u91ca\uff1a $TROVE_NODE \u66ff\u6362\u4e3aTrove\u7684API\u670d\u52a1\u90e8\u7f72\u8282\u70b9 \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 $ yum install openstack-trove python-troveclient 2\u3001\u914d\u7f6e /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove auth_strategy = keystone # Config option for showing the IP address that nova doles out add_addresses = True network_label_regex = ^NETWORK_LABEL$ api_paste_config = /etc/trove/api-paste.ini trove_auth_url = http://controller:35357/v3/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASS nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/v3/ auth_url=http://controller:35357/v3/ #auth_uri = http://controller/identity #auth_url = http://controller/identity_admin auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = trove password = TROVE_PASS \u89e3\u91ca\uff1a - [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP - nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint - nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b - transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 3\u3001\u914d\u7f6e /etc/trove/trove-taskmanager.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller/identity/v2.0 nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove \u89e3\u91ca\uff1a \u53c2\u7167 trove.conf \u914d\u7f6e 4\u3001\u914d\u7f6e /etc/trove/trove-conductor.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller/identity/v2.0 nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:trove@controller/trove \u89e3\u91ca\uff1a \u53c2\u7167 trove.conf \u914d\u7f6e 5\u3001\u914d\u7f6e /etc/trove/trove-guestagent.conf [DEFAULT] rabbit_host = controller rabbit_password = RABBIT_PASS nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASS nova_proxy_admin_tenant_name = service trove_auth_url = http://controller/identity_admin/v2.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 6\u3001\u751f\u6210\u6570\u636e Trove \u6570\u636e\u5e93\u8868 $ su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e 1\u3001\u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 $ systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2\u3001\u542f\u52a8\u670d\u52a1 $ systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-queens/","text":"OpenStack-Queens \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack-Queens \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Rally \u5b89\u88c5 OpenStack \u7b80\u4ecb \u00b6 OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531 nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon \u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 20.03-LTS-SP3 \u7248\u672c\u5b98\u65b9\u8ba4\u8bc1\u7684\u7b2c\u4e09\u65b9 oepkg yum \u6e90\u5df2\u7ecf\u652f\u6301 Openstack-Queens \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d oepkg yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002 \u7ea6\u5b9a \u00b6 Openstack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron \u51c6\u5907\u73af\u5883 \u00b6 \u73af\u5883\u914d\u7f6e \u00b6 \u914d\u7f6e 20.03-LTS-SP3 \u5b98\u65b9\u8ba4\u8bc1\u7684\u7b2c\u4e09\u65b9\u6e90 oepkg cat << EOF >> /etc/yum.repos.d/OpenStack_Queens.repo [openstack_queens] name=OpenStack_Queens baseurl=https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP3/budding-openeuler/openstack/queens/$basearch/ gpgcheck=0 enabled=1 EOF \u6ce8\u610f \u5982\u679c\u73af\u5883\u542f\u7528\u4e86Epol\u6e90\uff0c\u9700\u8981\u63d0\u9ad8queens\u4ed3\u7684\u4f18\u5148\u7ea7\uff0c\u8bbe\u7f6epriority=1\uff1a cat << EOF >> /etc/yum.repos.d/OpenStack_Queens.repo [openstack_queens] name=OpenStack_Queens baseurl=https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP3/budding-openeuler/openstack/queens/$basearch/ gpgcheck=0 enabled=1 priority=1 EOF $ yum clean all && yum makecache \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute \u5b89\u88c5 SQL DataBase \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python2-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef \u5b89\u88c5 RabbitMQ \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5 Memcached \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python2-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u5b89\u88c5 OpenStack \u00b6 Keystone \u5b89\u88c5 \u00b6 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd python2-mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython2-openstackclient\uff1a yum install python2-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ vim /etc/glance/glance-registry.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service openstack-glance-registry.service systemctl start openstack-glance-api.service openstack-glance-registry.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7darm64\u7248\u672c\u7684\u955c\u50cf \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Nova \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CPT) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CPT) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTP) openstack role add --project service --user nova admin (CPT) openstack service create --name nova --description \"OpenStack Compute\" compute (CPT) \u521b\u5efaplacement\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt placement (CPT) openstack role add --project service --user placement admin (CPT) openstack service create --name placement --description \"Placement API\" placement (CPT) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CPT) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CPT) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CPT) \u521b\u5efaplacement API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 (CPT) openstack endpoint create --region RegionOne placement internal http://controller:8778 (CPT) openstack endpoint create --region RegionOne placement admin http://controller:8778 (CPT) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor openstack-nova-console \\ novnc openstack-nova-novncproxy openstack-nova-scheduler \\ openstack-nova-placement-api (CTL) yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver = libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) logdir = /var/log/nova/ [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u624b\u52a8\u589e\u52a0Placement API\u63a5\u5165\u914d\u7f6e\u3002 vim /etc/httpd/conf.d/00-nova-placement-api.conf (CTL) <Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory> \u91cd\u542fhttpd\u670d\u52a1\uff1a systemctl restart httpd (CTL) \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF chown nova:nova /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u5e76\u4e14\u5f53ARM\u67b6\u6784\u4e0b\u7684\u90e8\u7f72\u73af\u5883\u4e3a\u5d4c\u5957\u865a\u62df\u5316\u65f6\uff0c libvirt \u914d\u7f6e\u5982\u4e0b\uff1a [libvirt] virt_type = qemu cpu_mode = custom cpu_model = cortex-a72 \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-consoleauth.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-consoleauth.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u548cplacement API\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL) Neutron \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge-agent \\ (CTL) ebtables ipset openstack-neutron-l3-agent \\ openstack-neutron-dhcp-agent \\ openstack-neutron-metadata-agent yum install openstack-neutron-linuxbridge-agent ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable openstack-neutron-server.service \\ (CTL) openstack-neutron-linuxbridge-agent.service openstack-neutron-dhcp-agent.service \\ openstack-neutron-metadata-agent.service openstack-neutron-l3-agent.service systemctl restart openstack-nova-api.service openstack-neutron-server.service \\ (CTL) openstack-neutron-linuxbridge-agent.service openstack-neutron-dhcp-agent.service \\ openstack-neutron-metadata-agent.service openstack-neutron-l3-agent.service systemctl enable openstack-neutron-linuxbridge-agent.service (CPT) systemctl restart openstack-neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u5217\u51fa\u4ee3\u7406\u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list Cinder \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (CPT) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (CPT) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (CPT) backup_share=HOST:PATH (CPT) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (CPT) volume_group = cinder-volumes (CPT) iscsi_protocol = iscsi (CPT) iscsi_helper = tgtadm (CPT) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS\u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (CPT) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (CPT) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list horizon \u5b89\u88c5 \u00b6 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings ALLOWED_HOSTS = ['*', ] OPENSTACK_HOST = \"controller\" OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740 Tempest \u5b89\u88c5 \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run Ironic \u5b89\u88c5 \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-ironic-api openstack-ironic-conductor python2-ironicclient \u542f\u52a8\u670d\u52a1 systemctl enable openstack-ironic-api openstack-ironic-conductor systemctl start openstack-ironic-api openstack-ironic-conductor \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenstack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenstack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenstack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenstack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenstack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728Openstack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeopenstack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor deploy ramdisk\u955c\u50cf\u5236\u4f5c Q\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528Q\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u5728Queens\u4e2d\uff0c\u6211\u4eec\u8fd8\u63d0\u4f9b\u4e86ironic-inspector\u7b49\u670d\u52a1\uff0c\u7528\u6237\u53ef\u6839\u636e\u81ea\u8eab\u9700\u6c42\u5b89\u88c5\u3002 Kolla \u5b89\u88c5 \u00b6 Kolla \u4e3a OpenStack \u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 20.03 LTS SP2\u4e2d\u5df2\u7ecf\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\uff0c\u4f46\u662fKolla \u4ee5\u53ca Kolla-ansible \u539f\u751f\u5e76\u4e0d\u652f\u6301 openEuler\uff0c \u56e0\u6b64 Openstack SIG \u5728openEuler 20.03 LTS SP3\u4e2d\u63d0\u4f9b\u4e86 openstack-kolla-plugin \u548c openstack-kolla-ansible-plugin \u8fd9\u4e24\u4e2a\u8865\u4e01\u5305\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef \u652f\u6301 openEuler \u7248\u672c\uff1a yum install openstack-kolla-plugin openstack-kolla-ansible-plugin \u4e0d\u652f\u6301 openEuler \u7248\u672c\uff1a yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002 Trove \u5b89\u88c5 \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s \u89e3\u91ca\uff1a $TROVE_NODE \u66ff\u6362\u4e3aTrove\u7684API\u670d\u52a1\u90e8\u7f72\u8282\u70b9 \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 ```shell script yum install openstack-trove python2-troveclient 2. \u914d\u7f6e`trove.conf` ```shell script vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove auth_strategy = keystone # Config option for showing the IP address that nova doles out add_addresses = True network_label_regex = ^NETWORK_LABEL$ api_paste_config = /etc/trove/api-paste.ini trove_auth_url = http://controller:35357/v3/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASS nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/v3/ auth_url=http://controller:35357/v3/ #auth_uri = http://controller/identity #auth_url = http://controller/identity_admin auth_type = password project_domain_name = default user_domain_name = default project_name = service username = trove password = TROVE_PASS \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 \u914d\u7f6e trove-taskmanager.conf ```shell script vim /etc/trove/trove-taskmanager.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller/identity/v2.0 nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove **\u89e3\u91ca\uff1a** \u53c2\u7167`trove.conf`\u914d\u7f6e 4. \u914d\u7f6e`trove-conductor.conf` ```shell script vim /etc/trove/trove-conductor.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller/identity/v2.0 nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:trove@controller/trove \u89e3\u91ca\uff1a \u53c2\u7167 trove.conf \u914d\u7f6e \u914d\u7f6e trove-guestagent.conf ```shell script vim /etc/trove/trove-guestagent.conf [DEFAULT] rabbit_host = controller rabbit_password = RABBIT_PASS nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASS nova_proxy_admin_tenant_name = service trove_auth_url = http://controller/identity_admin/v2.0 **\u89e3\u91ca\uff1a** `guestagent`\u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 6. \u751f\u6210\u6570\u636e`Trove`\u6570\u636e\u5e93\u8868 ```shell script su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 ```shell script systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2. \u542f\u52a8\u670d\u52a1 ```shell script systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Rally \u5b89\u88c5 \u00b6 Rally\u662fOpenStack\u63d0\u4f9b\u7684\u6027\u80fd\u6d4b\u8bd5\u5de5\u5177\u3002\u53ea\u9700\u8981\u7b80\u5355\u7684\u5b89\u88c5\u5373\u53ef\u3002 yum install openstack-rally openstack-rally-plugins","title":"openEuler-20.03-LTS-SP3_Queens"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-queens/#openstack-queens","text":"OpenStack-Queens \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Rally \u5b89\u88c5","title":"OpenStack-Queens \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-queens/#openstack","text":"OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531 nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon \u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 20.03-LTS-SP3 \u7248\u672c\u5b98\u65b9\u8ba4\u8bc1\u7684\u7b2c\u4e09\u65b9 oepkg yum \u6e90\u5df2\u7ecf\u652f\u6301 Openstack-Queens \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d oepkg yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002","title":"OpenStack \u7b80\u4ecb"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-queens/#_1","text":"Openstack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron","title":"\u7ea6\u5b9a"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-queens/#_2","text":"","title":"\u51c6\u5907\u73af\u5883"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-queens/#_3","text":"\u914d\u7f6e 20.03-LTS-SP3 \u5b98\u65b9\u8ba4\u8bc1\u7684\u7b2c\u4e09\u65b9\u6e90 oepkg cat << EOF >> /etc/yum.repos.d/OpenStack_Queens.repo [openstack_queens] name=OpenStack_Queens baseurl=https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP3/budding-openeuler/openstack/queens/$basearch/ gpgcheck=0 enabled=1 EOF \u6ce8\u610f \u5982\u679c\u73af\u5883\u542f\u7528\u4e86Epol\u6e90\uff0c\u9700\u8981\u63d0\u9ad8queens\u4ed3\u7684\u4f18\u5148\u7ea7\uff0c\u8bbe\u7f6epriority=1\uff1a cat << EOF >> /etc/yum.repos.d/OpenStack_Queens.repo [openstack_queens] name=OpenStack_Queens baseurl=https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP3/budding-openeuler/openstack/queens/$basearch/ gpgcheck=0 enabled=1 priority=1 EOF $ yum clean all && yum makecache \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute","title":"\u73af\u5883\u914d\u7f6e"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-queens/#sql-database","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python2-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef","title":"\u5b89\u88c5 SQL DataBase"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-queens/#rabbitmq","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5 RabbitMQ"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-queens/#memcached","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python2-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002","title":"\u5b89\u88c5 Memcached"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-queens/#openstack_1","text":"","title":"\u5b89\u88c5 OpenStack"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-queens/#keystone","text":"\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd python2-mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython2-openstackclient\uff1a yum install python2-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-queens/#glance","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ vim /etc/glance/glance-registry.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service openstack-glance-registry.service systemctl start openstack-glance-api.service openstack-glance-registry.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7darm64\u7248\u672c\u7684\u955c\u50cf \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-queens/#nova","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CPT) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CPT) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTP) openstack role add --project service --user nova admin (CPT) openstack service create --name nova --description \"OpenStack Compute\" compute (CPT) \u521b\u5efaplacement\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt placement (CPT) openstack role add --project service --user placement admin (CPT) openstack service create --name placement --description \"Placement API\" placement (CPT) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CPT) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CPT) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CPT) \u521b\u5efaplacement API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 (CPT) openstack endpoint create --region RegionOne placement internal http://controller:8778 (CPT) openstack endpoint create --region RegionOne placement admin http://controller:8778 (CPT) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor openstack-nova-console \\ novnc openstack-nova-novncproxy openstack-nova-scheduler \\ openstack-nova-placement-api (CTL) yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver = libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) logdir = /var/log/nova/ [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u624b\u52a8\u589e\u52a0Placement API\u63a5\u5165\u914d\u7f6e\u3002 vim /etc/httpd/conf.d/00-nova-placement-api.conf (CTL) <Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory> \u91cd\u542fhttpd\u670d\u52a1\uff1a systemctl restart httpd (CTL) \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF chown nova:nova /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u5e76\u4e14\u5f53ARM\u67b6\u6784\u4e0b\u7684\u90e8\u7f72\u73af\u5883\u4e3a\u5d4c\u5957\u865a\u62df\u5316\u65f6\uff0c libvirt \u914d\u7f6e\u5982\u4e0b\uff1a [libvirt] virt_type = qemu cpu_mode = custom cpu_model = cortex-a72 \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-consoleauth.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-consoleauth.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u548cplacement API\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL)","title":"Nova \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-queens/#neutron","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge-agent \\ (CTL) ebtables ipset openstack-neutron-l3-agent \\ openstack-neutron-dhcp-agent \\ openstack-neutron-metadata-agent yum install openstack-neutron-linuxbridge-agent ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable openstack-neutron-server.service \\ (CTL) openstack-neutron-linuxbridge-agent.service openstack-neutron-dhcp-agent.service \\ openstack-neutron-metadata-agent.service openstack-neutron-l3-agent.service systemctl restart openstack-nova-api.service openstack-neutron-server.service \\ (CTL) openstack-neutron-linuxbridge-agent.service openstack-neutron-dhcp-agent.service \\ openstack-neutron-metadata-agent.service openstack-neutron-l3-agent.service systemctl enable openstack-neutron-linuxbridge-agent.service (CPT) systemctl restart openstack-neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u5217\u51fa\u4ee3\u7406\u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list","title":"Neutron \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-queens/#cinder","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (CPT) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (CPT) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (CPT) backup_share=HOST:PATH (CPT) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (CPT) volume_group = cinder-volumes (CPT) iscsi_protocol = iscsi (CPT) iscsi_helper = tgtadm (CPT) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS\u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (CPT) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (CPT) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list","title":"Cinder \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-queens/#horizon","text":"\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings ALLOWED_HOSTS = ['*', ] OPENSTACK_HOST = \"controller\" OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740","title":"horizon \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-queens/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run","title":"Tempest \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-queens/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-ironic-api openstack-ironic-conductor python2-ironicclient \u542f\u52a8\u670d\u52a1 systemctl enable openstack-ironic-api openstack-ironic-conductor systemctl start openstack-ironic-api openstack-ironic-conductor \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenstack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenstack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenstack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenstack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenstack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728Openstack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeopenstack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor deploy ramdisk\u955c\u50cf\u5236\u4f5c Q\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528Q\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u5728Queens\u4e2d\uff0c\u6211\u4eec\u8fd8\u63d0\u4f9b\u4e86ironic-inspector\u7b49\u670d\u52a1\uff0c\u7528\u6237\u53ef\u6839\u636e\u81ea\u8eab\u9700\u6c42\u5b89\u88c5\u3002","title":"Ironic \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-queens/#kolla","text":"Kolla \u4e3a OpenStack \u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 20.03 LTS SP2\u4e2d\u5df2\u7ecf\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\uff0c\u4f46\u662fKolla \u4ee5\u53ca Kolla-ansible \u539f\u751f\u5e76\u4e0d\u652f\u6301 openEuler\uff0c \u56e0\u6b64 Openstack SIG \u5728openEuler 20.03 LTS SP3\u4e2d\u63d0\u4f9b\u4e86 openstack-kolla-plugin \u548c openstack-kolla-ansible-plugin \u8fd9\u4e24\u4e2a\u8865\u4e01\u5305\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef \u652f\u6301 openEuler \u7248\u672c\uff1a yum install openstack-kolla-plugin openstack-kolla-ansible-plugin \u4e0d\u652f\u6301 openEuler \u7248\u672c\uff1a yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002","title":"Kolla \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-queens/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s \u89e3\u91ca\uff1a $TROVE_NODE \u66ff\u6362\u4e3aTrove\u7684API\u670d\u52a1\u90e8\u7f72\u8282\u70b9 \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 ```shell script yum install openstack-trove python2-troveclient 2. \u914d\u7f6e`trove.conf` ```shell script vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove auth_strategy = keystone # Config option for showing the IP address that nova doles out add_addresses = True network_label_regex = ^NETWORK_LABEL$ api_paste_config = /etc/trove/api-paste.ini trove_auth_url = http://controller:35357/v3/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASS nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/v3/ auth_url=http://controller:35357/v3/ #auth_uri = http://controller/identity #auth_url = http://controller/identity_admin auth_type = password project_domain_name = default user_domain_name = default project_name = service username = trove password = TROVE_PASS \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 \u914d\u7f6e trove-taskmanager.conf ```shell script vim /etc/trove/trove-taskmanager.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller/identity/v2.0 nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove **\u89e3\u91ca\uff1a** \u53c2\u7167`trove.conf`\u914d\u7f6e 4. \u914d\u7f6e`trove-conductor.conf` ```shell script vim /etc/trove/trove-conductor.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller/identity/v2.0 nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:trove@controller/trove \u89e3\u91ca\uff1a \u53c2\u7167 trove.conf \u914d\u7f6e \u914d\u7f6e trove-guestagent.conf ```shell script vim /etc/trove/trove-guestagent.conf [DEFAULT] rabbit_host = controller rabbit_password = RABBIT_PASS nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASS nova_proxy_admin_tenant_name = service trove_auth_url = http://controller/identity_admin/v2.0 **\u89e3\u91ca\uff1a** `guestagent`\u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 6. \u751f\u6210\u6570\u636e`Trove`\u6570\u636e\u5e93\u8868 ```shell script su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 ```shell script systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2. \u542f\u52a8\u670d\u52a1 ```shell script systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-queens/#rally","text":"Rally\u662fOpenStack\u63d0\u4f9b\u7684\u6027\u80fd\u6d4b\u8bd5\u5de5\u5177\u3002\u53ea\u9700\u8981\u7b80\u5355\u7684\u5b89\u88c5\u5373\u53ef\u3002 yum install openstack-rally openstack-rally-plugins","title":"Rally \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/","text":"OpenStack-Rocky \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack-Rocky \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u51c6\u5907\u73af\u5883 OpenStack yum\u6e90\u914d\u7f6e \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 ... ... ... \u6ce8\u610f\uff1a\u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7darm64\u7248\u672c\u7684\u955c\u50cf\u3002 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 Horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Rally \u5b89\u88c5 OpenStack \u7b80\u4ecb \u00b6 OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531 nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon \u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 20.03-LTS-SP3 \u7248\u672c\u5b98\u65b9\u8ba4\u8bc1\u7684\u7b2c\u4e09\u65b9 oepkg yum \u6e90\u5df2\u7ecf\u652f\u6301 Openstack-Rocky \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d oepkg yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002 \u51c6\u5907\u73af\u5883 \u00b6 OpenStack yum\u6e90\u914d\u7f6e \u00b6 \u914d\u7f6e 20.03-LTS-SP3 \u5b98\u65b9\u8ba4\u8bc1\u7684\u7b2c\u4e09\u65b9\u6e90 oepkg $ cat << EOF >> /etc/yum.repos.d/OpenStack_Rocky.repo [openstack_rocky] name=OpenStack_Rocky baseurl=https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP3/budding-openeuler/openstack/rocky/$basearch/ gpgcheck=0 enabled=1 EOF \u6ce8\u610f \u5982\u679c\u73af\u5883\u542f\u7528\u4e86Epol\u6e90\uff0c\u9700\u8981\u63d0\u9ad8rocky\u4ed3\u7684\u4f18\u5148\u7ea7\uff0c\u8bbe\u7f6epriority=1\uff1a $ cat << EOF >> /etc/yum.repos.d/OpenStack_Rocky.repo [openstack_rocky] name=OpenStack_Rocky baseurl=https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP3/budding-openeuler/openstack/rocky/$basearch/ gpgcheck=0 enabled=1 priority=1 EOF $ yum clean all && yum makecache \u73af\u5883\u914d\u7f6e \u00b6 \u5728 /etc/hosts \u4e2d\u6dfb\u52a0controller\u4fe1\u606f\uff0c\u4f8b\u5982\u8282\u70b9IP\u662f 10.0.0.11 \uff0c\u5219\u65b0\u589e\uff1a 10.0.0.11 controller \u5b89\u88c5 SQL DataBase \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 $ yum install mariadb mariadb-server python2-PyMySQL 2. \u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 \u590d\u5236\u5982\u4e0b\u5185\u5bb9\u5230\u6587\u4ef6\uff0c\u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a $ systemctl enable mariadb.service $ systemctl start mariadb.service \u5b89\u88c5 RabbitMQ \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 $ yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 $ systemctl enable rabbitmq-server.service $ systemctl start rabbitmq-server.service 3. \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 $ rabbitmqctl add_user openstack RABBIT_PASS 4. \u66ff\u6362 RABBIT_PASS\uff0c\u4e3aOpenStack\u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a $ rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5 Memcached \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 $ yum install memcached python2-memcached 2. \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\uff0c\u6dfb\u52a0\u4ee5\u4e0b\u5185\u5bb9 OPTIONS=\"-l 127.0.0.1,::1,controller\" OPTIONS \u4fee\u6539\u4e3a\u5b9e\u9645\u73af\u5883\u4e2d\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 $ systemctl enable memcached.service $ systemctl start memcached.service \u5b89\u88c5 OpenStack \u00b6 Keystone \u5b89\u88c5 \u00b6 \u4ee5 root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u66ff\u6362 KEYSTONE_DBPASS\uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 $ yum install openstack-keystone httpd python2-mod_wsgi \u914d\u7f6ekeystone\uff0c\u7f16\u8f91 /etc/keystone/keystone.conf \u6587\u4ef6\u3002\u5728[database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\u3002\u5728[token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u66ff\u6362KEYSTONE_DBPASS\u4e3aKeystone\u6570\u636e\u5e93\u7684\u5bc6\u7801 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 $ keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone $ keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8\u8eab\u4efd\u670d\u52a1\u3002 $ keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u66ff\u6362 ADMIN_PASS\uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801\u3002 \u7f16\u8f91 /etc/httpd/conf/httpd.conf \u6587\u4ef6\uff0c\u914d\u7f6eApache HTTP server $ vim /etc/httpd/conf/httpd.conf \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9\uff0c\u5982\u4e0b\u6240\u793a\u3002 ServerName controller \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa\u3002 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u4e3a /usr/share/keystone/wsgi-keystone.conf \u6587\u4ef6\u521b\u5efa\u94fe\u63a5\u3002 $ ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u5b8c\u6210\u5b89\u88c5\uff0c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8Apache HTTP\u670d\u52a1\u3002 $ systemctl enable httpd.service $ systemctl start httpd.service \u5b89\u88c5OpenStackClient $ yum install python2-openstackclient \u521b\u5efa OpenStack client \u73af\u5883\u811a\u672c \u521b\u5efaadmin\u7528\u6237\u7684\u73af\u5883\u53d8\u91cf\u811a\u672c\uff1a # vim admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 \u66ff\u6362ADMIN_PASS\u4e3aadmin\u7528\u6237\u7684\u5bc6\u7801, \u4e0e\u4e0a\u8ff0 keystone-manage bootstrap \u547d\u4ee4\u4e2d\u8bbe\u7f6e\u7684\u5bc6\u7801\u4e00\u81f4 \u8fd0\u884c\u811a\u672c\u52a0\u8f7d\u73af\u5883\u53d8\u91cf\uff1a $ source admin-openrc \u5206\u522b\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efadomain, projects, users, roles\u3002 \u521b\u5efadomain \u2018example\u2019\uff1a $ openstack domain create --description \"An Example Domain\" example \u6ce8\uff1adomain \u2018default\u2019\u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa \u521b\u5efaproject \u2018service\u2019\uff1a $ openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project \u2019myproject\u2018\uff0cuser \u2019myuser\u2018 \u548c role \u2019myrole\u2018\uff0c\u4e3a\u2018myproject\u2019\u548c\u2018myuser\u2019\u6dfb\u52a0\u89d2\u8272\u2018myrole\u2019\uff1a $ openstack project create --domain default --description \"Demo Project\" myproject $ openstack user create --domain default --password-prompt myuser $ openstack role create myrole $ openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a $ unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a $ openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a $ openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4ee5 root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa glance \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u66ff\u6362 GLANCE_DBPASS\uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 $ source admin-openrc \u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff0c\u5206\u522b\u5b8c\u6210\u521b\u5efa glance \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efaglance\u7528\u6237\u548c\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018glance\u2019\u3002 $ openstack user create --domain default --password-prompt glance $ openstack role add --project service --user glance admin $ openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a $ openstack endpoint create --region RegionOne image public http://controller:9292 $ openstack endpoint create --region RegionOne image internal http://controller:9292 $ openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install openstack-glance \u914d\u7f6eglance\uff1a \u7f16\u8f91 /etc/glance/glance-api.conf \u6587\u4ef6\uff1a \u5728[database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 \u5728[glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e [database] # ... connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] # ... flavor = keystone [glance_store] # ... stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u7f16\u8f91 /etc/glance/glance-registry.conf \u6587\u4ef6\uff1a \u5728[database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 ```ini [database] ... \u00b6 connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] ... \u00b6 www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] ... \u00b6 flavor = keystone ``` \u5176\u4e2d\uff0c\u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u955c\u50cf\u670d\u52a1\uff1a $ systemctl enable openstack-glance-api.service openstack-glance-registry.service $ systemctl start openstack-glance-api.service openstack-glance-registry.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf ```shell $ source admin-openrc \u6ce8\u610f\uff1a\u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7darm64\u7248\u672c\u7684\u955c\u50cf\u3002 \u00b6 $ wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img ``` \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a shell $ glance image-create --name \"cirros\" --file cirros-0.4.0-x86_64-disk.img --disk-format qcow2 --container-format bare --visibility=public \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a shell $ glance image-list Nova \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3aroot\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efanova\u3001nova_api\u3001nova_cell0 \u6570\u636e\u5e93\u5e76\u6388\u6743 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u66ff\u6362NOVA_DBPASS\u53caPLACEMENT_DBPASS\uff0c\u4e3anova\u53caplacement\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b8c\u6210\u521b\u5efanova\u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efanova\u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018nova\u2019\u3002 $ . admin-openrc $ openstack user create --domain default --password-prompt nova $ openstack role add --project service --user nova admin $ openstack service create --name nova --description \"OpenStack Compute\" compute \u521b\u5efa\u8ba1\u7b97\u670d\u52a1API\u7aef\u70b9\uff1a $ openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 $ openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 $ openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 \u521b\u5efaplacement\u7528\u6237\u5e76\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\uff1a $ openstack user create --domain default --password-prompt placement $ openstack role add --project service --user placement admin \u521b\u5efaplacement\u670d\u52a1\u51ed\u8bc1\u53caAPI\u670d\u52a1\u7aef\u70b9\uff1a $ openstack service create --name placement --description \"Placement API\" placement $ openstack endpoint create --region RegionOne placement public http://controller:8778 $ openstack endpoint create --region RegionOne placement internal http://controller:8778 $ openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install openstack-nova-api openstack-nova-conductor \\ openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-compute \\ openstack-nova-placement-api openstack-nova-console \u914d\u7f6enova\uff1a \u7f16\u8f91 /etc/nova/nova.conf \u6587\u4ef6\uff1a \u5728[default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b \u5728[api_database] [database] [placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b \u5728[vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b \u5728[glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b \u5728[oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b \u5728[placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 [DEFAULT] # ... enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.11 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver = libvirt.LibvirtDriver instances_path = /var/lib/nova/instances/ [api_database] # ... connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api [database] # ... connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true # ... server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html [glance] # ... api_servers = http://controller:9292 [oslo_concurrency] # ... lock_path = /var/lib/nova/tmp [placement] # ... region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] # ... auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS \u66ff\u6362RABBIT_PASS\u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6emy_ip\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362NOVA_DBPASS\u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362PLACEMENT_DBPASS\u4e3aplacement\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362NOVA_PASS\u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362PLACEMENT_PASS\u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362NEUTRON_PASS\u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u7f16\u8f91 /etc/httpd/conf.d/00-nova-placement-api.conf \uff0c\u589e\u52a0Placement API\u63a5\u5165\u914d\u7f6e <Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory> \u91cd\u542fhttpd\u670d\u52a1\uff1a $ systemctl restart httpd \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"nova-manage api_db sync\" nova \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova \u521b\u5efacell1 cell\uff1a $ su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova \u540c\u6b65nova\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"nova-manage db sync\" nova \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a $ egrep -c '(vmx|svm)' /proc/cpuinfo \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a \u6ce8\u610f\uff1a \u5982\u679c\u662f\u5728ARM64\u7684\u670d\u52a1\u5668\u4e0a\uff0c\u8fd8\u9700\u8981\u5728\u914d\u7f6e cpu_mode \u4e3a custom , cpu_model \u4e3a cortex-a72 # vim /etc/nova/nova.conf [libvirt] # ... virt_type = qemu cpu_mode = custom cpu_model = cortex-a72 \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u5728 compute \u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd chown nova:nova /usr/share/AAVMF -R vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd\", \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw:/usr/share/edk2/aarch64/vars-template-pflash.raw\" ] \u542f\u52a8\u8ba1\u7b97\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u914d\u7f6e\u5176\u5f00\u673a\u542f\u52a8\uff1a $ systemctl enable \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service $ systemctl start \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service $ systemctl enable libvirtd.service openstack-nova-compute.service $ systemctl start libvirtd.service openstack-nova-compute.service \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230cell\u6570\u636e\u5e93\uff1a \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u5b58\u5728\uff1a $ . admin-openrc $ openstack compute service list --service nova-compute \u6ce8\u518c\u8ba1\u7b97\u8282\u70b9\uff1a $ su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova \u9a8c\u8bc1 $ . admin-openrc \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a $ openstack compute service list \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a $ openstack catalog list \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a $ openstack image list \u68c0\u67e5cells\u548cplacement API\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 $ nova-status upgrade check Neutron \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3aroot\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa neutron \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u66ff\u6362NEUTRON_DBPASS\uff0c\u4e3aneutron\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 $ . admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b8c\u6210\u521b\u5efa neutron \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efaneutron\u7528\u6237\u548c\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u2018neutron\u2019\u7528\u6237\u64cd\u4f5c\u3002 \u521b\u5efaneutron\u670d\u52a1 $ openstack user create --domain default --password-prompt neutron $ openstack role add --project service --user neutron admin $ openstack service create --name neutron --description \"OpenStack Networking\" network \u521b\u5efa\u7f51\u7edc\u670d\u52a1API\u7aef\u70b9\uff1a $ openstack endpoint create --region RegionOne network public http://controller:9696 $ openstack endpoint create --region RegionOne network internal http://controller:9696 $ openstack endpoint create --region RegionOne network admin http://controller:9696 \u5b89\u88c5\u548c\u914d\u7f6e Self-service \u7f51\u7edc \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install openstack-neutron openstack-neutron-ml2 \\ openstack-neutron-linuxbridge ebtables ipset \u914d\u7f6eneutron\uff1a \u7f16\u8f91 /etc/neutron/neutron.conf \u6587\u4ef6\uff1a \u5728[database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b \u5728[default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b \u5728[default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b \u5728[default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b \u5728[oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 [database] # ... connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron [DEFAULT] # ... core_plugin = ml2 service_plugins = router allow_overlapping_ips = true transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] # ... auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = nova password = NOVA_PASS [oslo_concurrency] # ... lock_path = /var/lib/neutron/tmp \u66ff\u6362NEUTRON_DBPASS\u4e3aneutron\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362RABBIT_PASS\u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362NEUTRON_PASS\u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362NOVA_PASS\u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a \u7f16\u8f91 /etc/neutron/plugins/ml2/ml2_conf.ini \u6587\u4ef6\uff1a \u5728[ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528\u7f51\u6865\u53ca layer-2 population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b \u5728[ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b \u5728[ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b \u5728[securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 # vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] # ... type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] # ... flat_networks = provider [ml2_type_vxlan] # ... vni_ranges = 1:1000 [securitygroup] # ... enable_ipset = true \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a \u7f16\u8f91 /etc/neutron/plugins/ml2/linuxbridge_agent.ini \u6587\u4ef6\uff1a \u5728[linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u5728[vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b \u5728[securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] # ... enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u66ff\u6362PROVIDER_INTERFACE_NAME\u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362OVERLAY_INTERFACE_IP_ADDRESS\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a \u7f16\u8f91 /etc/neutron/l3_agent.ini \u6587\u4ef6\uff1a \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge [DEFAULT] # ... interface_driver = linuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a \u7f16\u8f91 /etc/neutron/dhcp_agent.ini \u6587\u4ef6\uff1a \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 [DEFAULT] # ... interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u914d\u7f6emetadata\u4ee3\u7406\uff1a \u7f16\u8f91 /etc/neutron/metadata_agent.ini \u6587\u4ef6\uff1a \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 [DEFAULT] # ... nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u66ff\u6362METADATA_SECRET\u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6e\u8ba1\u7b97\u670d\u52a1 \u7f16\u8f91 /etc/nova/nova.conf \u6587\u4ef6\uff1a \u5728[neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 [neutron] # ... auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET \u66ff\u6362NEUTRON_PASS\u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362METADATA_SECRET\u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u5b8c\u6210\u5b89\u88c5 \u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u94fe\u63a5\uff1a $ ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u540c\u6b65\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a $ systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1\u5e76\u914d\u7f6e\u5f00\u673a\u542f\u52a8\uff1a $ systemctl enable neutron-server.service \\ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service $ systemctl start neutron-server.service \\ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service $ systemctl enable neutron-l3-agent.service $ systemctl start neutron-l3-agent.service \u9a8c\u8bc1 \u5217\u51fa\u4ee3\u7406\u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a $ openstack network agent list Cinder \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3aroot\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efacinder\u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u66ff\u6362CINDER_DBPASS\uff0c\u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 $ source admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a \u521b\u5efacinder\u7528\u6237 \u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018cinder\u2019 \u521b\u5efacinderv2\u548ccinderv3\u670d\u52a1 $ openstack user create --domain default --password-prompt cinder $ openstack role add --project service --user cinder admin $ openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 $ openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a $ openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s $ openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s $ openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s $ openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s $ openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s $ openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u548c\u914d\u7f6e\u63a7\u5236\u8282\u70b9 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install openstack-cinder \u914d\u7f6ecinder\uff1a \u7f16\u8f91 /etc/cinder/cinder.conf \u6587\u4ef6\uff1a \u5728[database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b \u5728[DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b \u5728[DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b \u5728[oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 [database] # ... connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [DEFAULT] # ... transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] # ... lock_path = /var/lib/cinder/tmp \u66ff\u6362CINDER_DBPASS\u4e3acinder\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362RABBIT_PASS\u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6emy_ip\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362CINDER_PASS\u4e3acinder\u7528\u6237\u7684\u5bc6\u7801\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"cinder-manage db sync\" cinder \u914d\u7f6e\u8ba1\u7b97\u4f7f\u7528\u5757\u5b58\u50a8\uff1a \u7f16\u8f91 /etc/nova/nova.conf \u6587\u4ef6\u3002 [cinder] os_region_name = RegionOne \u5b8c\u6210\u5b89\u88c5\uff1a \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 $ systemctl restart openstack-nova-api.service \u542f\u52a8\u5757\u5b58\u50a8\u670d\u52a1 $ systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service $ systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9\uff08LVM\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install lvm2 device-mapper-persistent-data scsi-target-utils python2-keystone \\ openstack-cinder-volume \u521b\u5efaLVM\u7269\u7406\u5377 /dev/sdb\uff1a $ pvcreate /dev/sdb \u521b\u5efaLVM\u5377\u7ec4 cinder-volumes\uff1a $ vgcreate cinder-volumes /dev/sdb \u7f16\u8f91 /etc/lvm/lvm.conf \u6587\u4ef6\uff1a \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/sdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 devices { # ... filter = [ \"a/sdb/\", \"r/.*/\"] \u7f16\u8f91 /etc/cinder/cinder.conf \u6587\u4ef6\uff1a \u5728[lvm]\u90e8\u5206\uff0c\u4f7f\u7528LVM\u9a71\u52a8\u3001cinder-volumes\u5377\u7ec4\u3001iSCSI\u534f\u8bae\u548c\u9002\u5f53\u7684iSCSI\u670d\u52a1\u914d\u7f6eLVM\u540e\u7aef\u3002 \u5728[DEFAULT]\u90e8\u5206\uff0c\u542f\u7528LVM\u540e\u7aef\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u4f4d\u7f6e\u3002 [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver volume_group = cinder-volumes target_protocol = iscsi target_helper = lioadm [DEFAULT] # ... enabled_backends = lvm glance_api_servers = http://controller:9292 \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u5b8c\u6210\u5b89\u88c5\uff1a $ systemctl enable openstack-cinder-volume.service tgtd.service iscsid.service $ systemctl start openstack-cinder-volume.service tgtd.service iscsid.service \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9\uff08ceph RBD\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install ceph-common python2-rados python2-rbd python2-keystone openstack-cinder-volume \u5728[DEFAULT]\u90e8\u5206\uff0c\u542f\u7528LVM\u540e\u7aef\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u4f4d\u7f6e\u3002 [DEFAULT] enabled_backends = ceph-rbd \u6dfb\u52a0ceph rbd\u914d\u7f6e\u90e8\u5206\uff0c\u914d\u7f6e\u5757\u547d\u540d\u4e0eenabled_backends\u4e2d\u4fdd\u6301\u4e00\u81f4 [ceph-rbd] glance_api_version = 2 rados_connect_timeout = -1 rbd_ceph_conf = /etc/ceph/ceph.conf rbd_flatten_volume_from_snapshot = False rbd_max_clone_depth = 5 rbd_pool = <RBD_POOL_NAME> # RBD\u5b58\u50a8\u6c60\u540d\u79f0 rbd_secret_uuid = <rbd_secret_uuid> # \u968f\u673a\u751f\u6210SECRET UUID rbd_store_chunk_size = 4 rbd_user = <RBD_USER_NAME> volume_backend_name = ceph-rbd volume_driver = cinder.volume.drivers.rbd.RBDDriver \u914d\u7f6e\u5b58\u50a8\u8282\u70b9ceph\u5ba2\u6237\u7aef\uff0c\u9700\u8981\u4fdd\u8bc1/etc/ceph/\u76ee\u5f55\u4e2d\u5305\u542bceph\u96c6\u7fa4\u8bbf\u95ee\u914d\u7f6e\uff0c\u5305\u62ecceph.conf\u4ee5\u53cakeyring [root@openeuler ~]# ll /etc/ceph -rw-r--r-- 1 root root 82 Jun 16 17:11 ceph.client.<rbd_user>.keyring -rw-r--r-- 1 root root 1.5K Jun 16 17:11 ceph.conf -rw-r--r-- 1 root root 92 Jun 16 17:11 rbdmap \u5728\u5b58\u50a8\u8282\u70b9\u68c0\u67e5ceph\u96c6\u7fa4\u662f\u5426\u6b63\u5e38\u53ef\u8bbf\u95ee [root@openeuler ~]# ceph --user cinder -s cluster: id: b7b2fac6-420f-4ec1-aea2-4862d29b4059 health: HEALTH_OK services: mon: 3 daemons, quorum VIRT01,VIRT02,VIRT03 mgr: VIRT03(active), standbys: VIRT02, VIRT01 mds: cephfs_virt-1/1/1 up {0=VIRT03=up:active}, 2 up:standby osd: 15 osds: 15 up, 15 in data: pools: 7 pools, 1416 pgs objects: 5.41M objects, 19.8TiB usage: 49.3TiB used, 59.9TiB / 109TiB avail pgs: 1414 active io: client: 2.73MiB/s rd, 22.4MiB/s wr, 3.21kop/s rd, 1.19kop/s wr \u542f\u52a8\u670d\u52a1 $ systemctl enable openstack-cinder-volume.service $ systemctl start openstack-cinder-volume.service \u5b89\u88c5\u548c\u914d\u7f6e\u5907\u4efd\u670d\u52a1 \u7f16\u8f91 /etc/cinder/cinder.conf \u6587\u4ef6\uff1a \u5728[DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6e\u5907\u4efd\u9009\u9879 [DEFAULT] # ... # \u6ce8\u610f: openEuler 21.03\u4e2d\u6ca1\u6709\u63d0\u4f9bOpenStack Swift\u8f6f\u4ef6\u5305\uff0c\u9700\u8981\u7528\u6237\u81ea\u884c\u5b89\u88c5\u3002\u6216\u8005\u4f7f\u7528\u5176\u4ed6\u7684\u5907\u4efd\u540e\u7aef\uff0c\u4f8b\u5982\uff0cNFS\u3002NFS\u5df2\u7ecf\u8fc7\u6d4b\u8bd5\u9a8c\u8bc1\uff0c\u53ef\u4ee5\u6b63\u5e38\u4f7f\u7528\u3002 backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver backup_swift_url = SWIFT_URL \u66ff\u6362SWIFT_URL\u4e3a\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u7684URL\uff0c\u8be5URL\u53ef\u4ee5\u901a\u8fc7\u5bf9\u8c61\u5b58\u50a8API\u7aef\u70b9\u627e\u5230\uff1a $ openstack catalog show object-store \u5b8c\u6210\u5b89\u88c5\uff1a $ systemctl enable openstack-cinder-backup.service $ systemctl start openstack-cinder-backup.service \u9a8c\u8bc1 \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\u9a8c\u8bc1\u6bcf\u4e2a\u6b65\u9aa4\u6210\u529f\uff1a $ source admin-openrc $ openstack volume service list \u6ce8\uff1a\u76ee\u524d\u6682\u672a\u5bf9swift\u7ec4\u4ef6\u8fdb\u884c\u652f\u6301\uff0c\u6709\u6761\u4ef6\u7684\u540c\u5b66\u53ef\u4ee5\u914d\u7f6e\u5bf9\u63a5ceph\u3002 Horizon \u5b89\u88c5 \u00b6 \u5b89\u88c5\u8f6f\u4ef6\u5305 $ yum install openstack-dashboard 2. \u4fee\u6539\u6587\u4ef6 /usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.py \u4fee\u6539\u53d8\u91cf ALLOWED_HOSTS = ['*', ] OPENSTACK_HOST = \"controller\" OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } \u65b0\u589e\u53d8\u91cf OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } WEBROOT = \"/dashboard/\" COMPRESS_OFFLINE = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"admin\" LOGIN_URL = '/dashboard/auth/login/' LOGOUT_URL = '/dashboard/auth/logout/' 3. \u4fee\u6539\u6587\u4ef6/etc/httpd/conf.d/openstack-dashboard.conf WSGIDaemonProcess dashboard WSGIProcessGroup dashboard WSGISocketPrefix run/wsgi WSGIApplicationGroup %{GLOBAL} WSGIScriptAlias /dashboard /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi Alias /dashboard/static /usr/share/openstack-dashboard/static <Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi> Options All AllowOverride All Require all granted </Directory> <Directory /usr/share/openstack-dashboard/static> Options All AllowOverride All Require all granted </Directory> 4. \u5728/usr/share/openstack-dashboard\u76ee\u5f55\u4e0b\u6267\u884c $ ./manage.py compress 5. \u91cd\u542f httpd \u670d\u52a1 $ systemctl restart httpd 5. \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740http:// \uff0c\u767b\u5f55 horizon\u3002 Tempest \u5b89\u88c5 \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5 \u5b89\u88c5Tempest $ yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 $ tempest init mytest 3. \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 $ cd mytest $ vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 $ tempest run Ironic \u5b89\u88c5 \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-ironic-api openstack-ironic-conductor python2-ironicclient \u542f\u52a8\u670d\u52a1 systemctl enable openstack-ironic-api openstack-ironic-conductor systemctl start openstack-ironic-api openstack-ironic-conductor \u7ec4\u4ef6\u5b89\u88c5\u4e0e\u914d\u7f6e ##### \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 $ openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic $ openstack role add --project service --user ironic admin $ openstack service create --name ironic --description \\ \"Ironic baremetal provisioning service\" baremetal 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 $ openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 $ openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 $ openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 ##### \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone force_config_drive = True [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u9700\u8981\u5728\u914d\u7f6e\u6587\u4ef6\u4e2d\u6307\u5b9aironic\u65e5\u5fd7\u76ee\u5f55 [DEFAULT] log_dir = /var/log/ironic/ 5\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 $ ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 6\u3001\u91cd\u542fironic-api\u670d\u52a1 $ systemctl restart openstack-ironic-api ##### \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenstack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenstack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenstack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenstack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenstack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728Openstack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeopenstack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] # ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 $ systemctl restart openstack-ironic-conductor deploy ramdisk\u955c\u50cf\u5236\u4f5c \u76ee\u524dramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic python agent builder\u6765\u8fdb\u884c\u5236\u4f5c\uff0c\u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528\u8fd9\u4e2a\u5de5\u5177\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002\uff08\u7528\u6237\u4e5f\u53ef\u4ee5\u6839\u636e\u81ea\u5df1\u7684\u60c5\u51b5\u83b7\u53d6ironic-python-agent\uff0c\u8fd9\u91cc\u63d0\u4f9b\u4f7f\u7528ipa-builder\u5236\u4f5cipa\u65b9\u6cd5\uff09 ##### \u5b89\u88c5 ironic-python-agent-builder \u5b89\u88c5\u5de5\u5177\uff1a $ pip install ironic-python-agent-builder \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a $ /usr/bin/yum /usr/libexec/urlgrabber-ext-down \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a $ yum install git \u7531\u4e8e DIB \u4f9d\u8d56 semanage \u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a semanage --help \uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ##### \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f aarch64 \u67b6\u6784\uff0c\u8fd8\u9700\u8981\u6dfb\u52a0\uff1a $ export ARCH=aarch64 ###### \u666e\u901a\u955c\u50cf \u57fa\u672c\u7528\u6cd5\uff1a usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder \u4e3e\u4f8b\u8bf4\u660e\uff1a $ ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ###### \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a $ export DIB_DEV_USER_USERNAME=ipa \\ $ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ $ export DIB_DEV_USER_PASSWORD='123' $ ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ###### \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 \u53c2\u8003\uff1a source-repositories \u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u5728Rocky\u4e2d\uff0c\u6211\u4eec\u8fd8\u63d0\u4f9b\u4e86ironic-inspector\u7b49\u670d\u52a1\uff0c\u7528\u6237\u53ef\u6839\u636e\u81ea\u8eab\u9700\u6c42\u5b89\u88c5\u3002 Kolla \u5b89\u88c5 \u00b6 Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 20.03 LTS SP2\u4e2d\u5df2\u7ecf\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\uff0c\u4f46\u662fKolla \u4ee5\u53ca Kolla-ansible \u539f\u751f\u5e76\u4e0d\u652f\u6301 openEuler\uff0c \u56e0\u6b64 Openstack SIG \u5728openEuler 20.03 LTS SP3\u4e2d\u63d0\u4f9b\u4e86 openstack-kolla-plugin \u548c openstack-kolla-ansible-plugin \u8fd9\u4e24\u4e2a\u8865\u4e01\u5305\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef \u652f\u6301 openEuler \u7248\u672c\uff1a yum install openstack-kolla-plugin openstack-kolla-ansible-plugin \u4e0d\u652f\u6301 openEuler \u7248\u672c\uff1a yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002 Trove \u5b89\u88c5 \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5bf9\u5e94\u5bc6\u7801 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 $ openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove $ openstack role add --project service --user trove admin $ openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 $ openstack endpoint create --region RegionOne database public http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s $ openstack endpoint create --region RegionOne database internal http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s $ openstack endpoint create --region RegionOne database admin http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s \u89e3\u91ca\uff1a $TROVE_NODE \u66ff\u6362\u4e3aTrove\u7684API\u670d\u52a1\u90e8\u7f72\u8282\u70b9 \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 $ yum install openstack-trove python2-troveclient 2\u3001\u914d\u7f6e /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove auth_strategy = keystone # Config option for showing the IP address that nova doles out add_addresses = True network_label_regex = ^NETWORK_LABEL$ api_paste_config = /etc/trove/api-paste.ini trove_auth_url = http://controller:35357/v3/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASS nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/v3/ auth_url=http://controller:35357/v3/ #auth_uri = http://controller/identity #auth_url = http://controller/identity_admin auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = trove password = TROVE_PASS \u89e3\u91ca\uff1a - [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP - nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint - nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b - transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 3\u3001\u914d\u7f6e /etc/trove/trove-taskmanager.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller/identity/v2.0 nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove \u89e3\u91ca\uff1a \u53c2\u7167 trove.conf \u914d\u7f6e 4\u3001\u914d\u7f6e /etc/trove/trove-conductor.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller/identity/v2.0 nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:trove@controller/trove \u89e3\u91ca\uff1a \u53c2\u7167 trove.conf \u914d\u7f6e 5\u3001\u914d\u7f6e /etc/trove/trove-guestagent.conf [DEFAULT] rabbit_host = controller rabbit_password = RABBIT_PASS nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASS nova_proxy_admin_tenant_name = service trove_auth_url = http://controller/identity_admin/v2.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 6\u3001\u751f\u6210\u6570\u636e Trove \u6570\u636e\u5e93\u8868 $ su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e 1\u3001\u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 $ systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2\u3001\u542f\u52a8\u670d\u52a1 $ systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Rally \u5b89\u88c5 \u00b6 Rally\u662fOpenStack\u63d0\u4f9b\u7684\u6027\u80fd\u6d4b\u8bd5\u5de5\u5177\u3002\u53ea\u9700\u8981\u7b80\u5355\u7684\u5b89\u88c5\u5373\u53ef\u3002 yum install openstack-rally openstack-rally-plugins","title":"openEuler-20.03-LTS-SP3_Rocky"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#openstack-rocky","text":"OpenStack-Rocky \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u51c6\u5907\u73af\u5883 OpenStack yum\u6e90\u914d\u7f6e \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 ... ... ... \u6ce8\u610f\uff1a\u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7darm64\u7248\u672c\u7684\u955c\u50cf\u3002 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 Horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Rally \u5b89\u88c5","title":"OpenStack-Rocky \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#openstack","text":"OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531 nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon \u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 20.03-LTS-SP3 \u7248\u672c\u5b98\u65b9\u8ba4\u8bc1\u7684\u7b2c\u4e09\u65b9 oepkg yum \u6e90\u5df2\u7ecf\u652f\u6301 Openstack-Rocky \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d oepkg yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002","title":"OpenStack \u7b80\u4ecb"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#_1","text":"","title":"\u51c6\u5907\u73af\u5883"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#openstack-yum","text":"\u914d\u7f6e 20.03-LTS-SP3 \u5b98\u65b9\u8ba4\u8bc1\u7684\u7b2c\u4e09\u65b9\u6e90 oepkg $ cat << EOF >> /etc/yum.repos.d/OpenStack_Rocky.repo [openstack_rocky] name=OpenStack_Rocky baseurl=https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP3/budding-openeuler/openstack/rocky/$basearch/ gpgcheck=0 enabled=1 EOF \u6ce8\u610f \u5982\u679c\u73af\u5883\u542f\u7528\u4e86Epol\u6e90\uff0c\u9700\u8981\u63d0\u9ad8rocky\u4ed3\u7684\u4f18\u5148\u7ea7\uff0c\u8bbe\u7f6epriority=1\uff1a $ cat << EOF >> /etc/yum.repos.d/OpenStack_Rocky.repo [openstack_rocky] name=OpenStack_Rocky baseurl=https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP3/budding-openeuler/openstack/rocky/$basearch/ gpgcheck=0 enabled=1 priority=1 EOF $ yum clean all && yum makecache","title":"OpenStack yum\u6e90\u914d\u7f6e"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#_2","text":"\u5728 /etc/hosts \u4e2d\u6dfb\u52a0controller\u4fe1\u606f\uff0c\u4f8b\u5982\u8282\u70b9IP\u662f 10.0.0.11 \uff0c\u5219\u65b0\u589e\uff1a 10.0.0.11 controller","title":"\u73af\u5883\u914d\u7f6e"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#sql-database","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 $ yum install mariadb mariadb-server python2-PyMySQL 2. \u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 \u590d\u5236\u5982\u4e0b\u5185\u5bb9\u5230\u6587\u4ef6\uff0c\u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a $ systemctl enable mariadb.service $ systemctl start mariadb.service","title":"\u5b89\u88c5 SQL DataBase"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#rabbitmq","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 $ yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 $ systemctl enable rabbitmq-server.service $ systemctl start rabbitmq-server.service 3. \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 $ rabbitmqctl add_user openstack RABBIT_PASS 4. \u66ff\u6362 RABBIT_PASS\uff0c\u4e3aOpenStack\u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a $ rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5 RabbitMQ"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#memcached","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 $ yum install memcached python2-memcached 2. \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\uff0c\u6dfb\u52a0\u4ee5\u4e0b\u5185\u5bb9 OPTIONS=\"-l 127.0.0.1,::1,controller\" OPTIONS \u4fee\u6539\u4e3a\u5b9e\u9645\u73af\u5883\u4e2d\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 $ systemctl enable memcached.service $ systemctl start memcached.service","title":"\u5b89\u88c5 Memcached"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#openstack_1","text":"","title":"\u5b89\u88c5 OpenStack"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#keystone","text":"\u4ee5 root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u66ff\u6362 KEYSTONE_DBPASS\uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 $ yum install openstack-keystone httpd python2-mod_wsgi \u914d\u7f6ekeystone\uff0c\u7f16\u8f91 /etc/keystone/keystone.conf \u6587\u4ef6\u3002\u5728[database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\u3002\u5728[token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u66ff\u6362KEYSTONE_DBPASS\u4e3aKeystone\u6570\u636e\u5e93\u7684\u5bc6\u7801 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 $ keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone $ keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8\u8eab\u4efd\u670d\u52a1\u3002 $ keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u66ff\u6362 ADMIN_PASS\uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801\u3002 \u7f16\u8f91 /etc/httpd/conf/httpd.conf \u6587\u4ef6\uff0c\u914d\u7f6eApache HTTP server $ vim /etc/httpd/conf/httpd.conf \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9\uff0c\u5982\u4e0b\u6240\u793a\u3002 ServerName controller \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa\u3002 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u4e3a /usr/share/keystone/wsgi-keystone.conf \u6587\u4ef6\u521b\u5efa\u94fe\u63a5\u3002 $ ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u5b8c\u6210\u5b89\u88c5\uff0c\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8Apache HTTP\u670d\u52a1\u3002 $ systemctl enable httpd.service $ systemctl start httpd.service \u5b89\u88c5OpenStackClient $ yum install python2-openstackclient \u521b\u5efa OpenStack client \u73af\u5883\u811a\u672c \u521b\u5efaadmin\u7528\u6237\u7684\u73af\u5883\u53d8\u91cf\u811a\u672c\uff1a # vim admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 \u66ff\u6362ADMIN_PASS\u4e3aadmin\u7528\u6237\u7684\u5bc6\u7801, \u4e0e\u4e0a\u8ff0 keystone-manage bootstrap \u547d\u4ee4\u4e2d\u8bbe\u7f6e\u7684\u5bc6\u7801\u4e00\u81f4 \u8fd0\u884c\u811a\u672c\u52a0\u8f7d\u73af\u5883\u53d8\u91cf\uff1a $ source admin-openrc \u5206\u522b\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efadomain, projects, users, roles\u3002 \u521b\u5efadomain \u2018example\u2019\uff1a $ openstack domain create --description \"An Example Domain\" example \u6ce8\uff1adomain \u2018default\u2019\u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa \u521b\u5efaproject \u2018service\u2019\uff1a $ openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project \u2019myproject\u2018\uff0cuser \u2019myuser\u2018 \u548c role \u2019myrole\u2018\uff0c\u4e3a\u2018myproject\u2019\u548c\u2018myuser\u2019\u6dfb\u52a0\u89d2\u8272\u2018myrole\u2019\uff1a $ openstack project create --domain default --description \"Demo Project\" myproject $ openstack user create --domain default --password-prompt myuser $ openstack role create myrole $ openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a $ unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a $ openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a $ openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#glance","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4ee5 root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa glance \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u66ff\u6362 GLANCE_DBPASS\uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 $ source admin-openrc \u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff0c\u5206\u522b\u5b8c\u6210\u521b\u5efa glance \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efaglance\u7528\u6237\u548c\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018glance\u2019\u3002 $ openstack user create --domain default --password-prompt glance $ openstack role add --project service --user glance admin $ openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a $ openstack endpoint create --region RegionOne image public http://controller:9292 $ openstack endpoint create --region RegionOne image internal http://controller:9292 $ openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install openstack-glance \u914d\u7f6eglance\uff1a \u7f16\u8f91 /etc/glance/glance-api.conf \u6587\u4ef6\uff1a \u5728[database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 \u5728[glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e [database] # ... connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] # ... flavor = keystone [glance_store] # ... stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u7f16\u8f91 /etc/glance/glance-registry.conf \u6587\u4ef6\uff1a \u5728[database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 ```ini [database]","title":"Glance \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#_3","text":"connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken]","title":"..."},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#_4","text":"www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy]","title":"..."},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#_5","text":"flavor = keystone ``` \u5176\u4e2d\uff0c\u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u955c\u50cf\u670d\u52a1\uff1a $ systemctl enable openstack-glance-api.service openstack-glance-registry.service $ systemctl start openstack-glance-api.service openstack-glance-registry.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf ```shell $ source admin-openrc","title":"..."},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#arm64","text":"$ wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img ``` \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a shell $ glance image-create --name \"cirros\" --file cirros-0.4.0-x86_64-disk.img --disk-format qcow2 --container-format bare --visibility=public \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a shell $ glance image-list","title":"\u6ce8\u610f\uff1a\u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7darm64\u7248\u672c\u7684\u955c\u50cf\u3002"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#nova","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3aroot\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efanova\u3001nova_api\u3001nova_cell0 \u6570\u636e\u5e93\u5e76\u6388\u6743 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u66ff\u6362NOVA_DBPASS\u53caPLACEMENT_DBPASS\uff0c\u4e3anova\u53caplacement\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b8c\u6210\u521b\u5efanova\u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efanova\u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018nova\u2019\u3002 $ . admin-openrc $ openstack user create --domain default --password-prompt nova $ openstack role add --project service --user nova admin $ openstack service create --name nova --description \"OpenStack Compute\" compute \u521b\u5efa\u8ba1\u7b97\u670d\u52a1API\u7aef\u70b9\uff1a $ openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 $ openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 $ openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 \u521b\u5efaplacement\u7528\u6237\u5e76\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\uff1a $ openstack user create --domain default --password-prompt placement $ openstack role add --project service --user placement admin \u521b\u5efaplacement\u670d\u52a1\u51ed\u8bc1\u53caAPI\u670d\u52a1\u7aef\u70b9\uff1a $ openstack service create --name placement --description \"Placement API\" placement $ openstack endpoint create --region RegionOne placement public http://controller:8778 $ openstack endpoint create --region RegionOne placement internal http://controller:8778 $ openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install openstack-nova-api openstack-nova-conductor \\ openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-compute \\ openstack-nova-placement-api openstack-nova-console \u914d\u7f6enova\uff1a \u7f16\u8f91 /etc/nova/nova.conf \u6587\u4ef6\uff1a \u5728[default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b \u5728[api_database] [database] [placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b \u5728[vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b \u5728[glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b \u5728[oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b \u5728[placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 [DEFAULT] # ... enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.11 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver = libvirt.LibvirtDriver instances_path = /var/lib/nova/instances/ [api_database] # ... connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api [database] # ... connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true # ... server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html [glance] # ... api_servers = http://controller:9292 [oslo_concurrency] # ... lock_path = /var/lib/nova/tmp [placement] # ... region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] # ... auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS \u66ff\u6362RABBIT_PASS\u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6emy_ip\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362NOVA_DBPASS\u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362PLACEMENT_DBPASS\u4e3aplacement\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362NOVA_PASS\u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362PLACEMENT_PASS\u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362NEUTRON_PASS\u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u7f16\u8f91 /etc/httpd/conf.d/00-nova-placement-api.conf \uff0c\u589e\u52a0Placement API\u63a5\u5165\u914d\u7f6e <Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory> \u91cd\u542fhttpd\u670d\u52a1\uff1a $ systemctl restart httpd \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"nova-manage api_db sync\" nova \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova \u521b\u5efacell1 cell\uff1a $ su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova \u540c\u6b65nova\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"nova-manage db sync\" nova \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a $ egrep -c '(vmx|svm)' /proc/cpuinfo \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a \u6ce8\u610f\uff1a \u5982\u679c\u662f\u5728ARM64\u7684\u670d\u52a1\u5668\u4e0a\uff0c\u8fd8\u9700\u8981\u5728\u914d\u7f6e cpu_mode \u4e3a custom , cpu_model \u4e3a cortex-a72 # vim /etc/nova/nova.conf [libvirt] # ... virt_type = qemu cpu_mode = custom cpu_model = cortex-a72 \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u5728 compute \u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd chown nova:nova /usr/share/AAVMF -R vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd\", \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw:/usr/share/edk2/aarch64/vars-template-pflash.raw\" ] \u542f\u52a8\u8ba1\u7b97\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u914d\u7f6e\u5176\u5f00\u673a\u542f\u52a8\uff1a $ systemctl enable \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service $ systemctl start \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service $ systemctl enable libvirtd.service openstack-nova-compute.service $ systemctl start libvirtd.service openstack-nova-compute.service \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230cell\u6570\u636e\u5e93\uff1a \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u5b58\u5728\uff1a $ . admin-openrc $ openstack compute service list --service nova-compute \u6ce8\u518c\u8ba1\u7b97\u8282\u70b9\uff1a $ su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova \u9a8c\u8bc1 $ . admin-openrc \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a $ openstack compute service list \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a $ openstack catalog list \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a $ openstack image list \u68c0\u67e5cells\u548cplacement API\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 $ nova-status upgrade check","title":"Nova \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#neutron","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3aroot\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa neutron \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u66ff\u6362NEUTRON_DBPASS\uff0c\u4e3aneutron\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 $ . admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b8c\u6210\u521b\u5efa neutron \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efaneutron\u7528\u6237\u548c\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u2018neutron\u2019\u7528\u6237\u64cd\u4f5c\u3002 \u521b\u5efaneutron\u670d\u52a1 $ openstack user create --domain default --password-prompt neutron $ openstack role add --project service --user neutron admin $ openstack service create --name neutron --description \"OpenStack Networking\" network \u521b\u5efa\u7f51\u7edc\u670d\u52a1API\u7aef\u70b9\uff1a $ openstack endpoint create --region RegionOne network public http://controller:9696 $ openstack endpoint create --region RegionOne network internal http://controller:9696 $ openstack endpoint create --region RegionOne network admin http://controller:9696 \u5b89\u88c5\u548c\u914d\u7f6e Self-service \u7f51\u7edc \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install openstack-neutron openstack-neutron-ml2 \\ openstack-neutron-linuxbridge ebtables ipset \u914d\u7f6eneutron\uff1a \u7f16\u8f91 /etc/neutron/neutron.conf \u6587\u4ef6\uff1a \u5728[database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b \u5728[default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b \u5728[default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b \u5728[default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b \u5728[oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 [database] # ... connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron [DEFAULT] # ... core_plugin = ml2 service_plugins = router allow_overlapping_ips = true transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] # ... auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = nova password = NOVA_PASS [oslo_concurrency] # ... lock_path = /var/lib/neutron/tmp \u66ff\u6362NEUTRON_DBPASS\u4e3aneutron\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362RABBIT_PASS\u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362NEUTRON_PASS\u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362NOVA_PASS\u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a \u7f16\u8f91 /etc/neutron/plugins/ml2/ml2_conf.ini \u6587\u4ef6\uff1a \u5728[ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528\u7f51\u6865\u53ca layer-2 population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b \u5728[ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b \u5728[ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b \u5728[securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 # vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] # ... type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] # ... flat_networks = provider [ml2_type_vxlan] # ... vni_ranges = 1:1000 [securitygroup] # ... enable_ipset = true \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a \u7f16\u8f91 /etc/neutron/plugins/ml2/linuxbridge_agent.ini \u6587\u4ef6\uff1a \u5728[linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u5728[vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b \u5728[securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] # ... enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u66ff\u6362PROVIDER_INTERFACE_NAME\u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362OVERLAY_INTERFACE_IP_ADDRESS\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a \u7f16\u8f91 /etc/neutron/l3_agent.ini \u6587\u4ef6\uff1a \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge [DEFAULT] # ... interface_driver = linuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a \u7f16\u8f91 /etc/neutron/dhcp_agent.ini \u6587\u4ef6\uff1a \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 [DEFAULT] # ... interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u914d\u7f6emetadata\u4ee3\u7406\uff1a \u7f16\u8f91 /etc/neutron/metadata_agent.ini \u6587\u4ef6\uff1a \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 [DEFAULT] # ... nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u66ff\u6362METADATA_SECRET\u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6e\u8ba1\u7b97\u670d\u52a1 \u7f16\u8f91 /etc/nova/nova.conf \u6587\u4ef6\uff1a \u5728[neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 [neutron] # ... auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET \u66ff\u6362NEUTRON_PASS\u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362METADATA_SECRET\u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u5b8c\u6210\u5b89\u88c5 \u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u94fe\u63a5\uff1a $ ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u540c\u6b65\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a $ systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1\u5e76\u914d\u7f6e\u5f00\u673a\u542f\u52a8\uff1a $ systemctl enable neutron-server.service \\ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service $ systemctl start neutron-server.service \\ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service $ systemctl enable neutron-l3-agent.service $ systemctl start neutron-l3-agent.service \u9a8c\u8bc1 \u5217\u51fa\u4ee3\u7406\u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a $ openstack network agent list","title":"Neutron \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#cinder","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3aroot\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efacinder\u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u66ff\u6362CINDER_DBPASS\uff0c\u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 $ source admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a \u521b\u5efacinder\u7528\u6237 \u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018cinder\u2019 \u521b\u5efacinderv2\u548ccinderv3\u670d\u52a1 $ openstack user create --domain default --password-prompt cinder $ openstack role add --project service --user cinder admin $ openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 $ openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a $ openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s $ openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s $ openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s $ openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s $ openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s $ openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u548c\u914d\u7f6e\u63a7\u5236\u8282\u70b9 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install openstack-cinder \u914d\u7f6ecinder\uff1a \u7f16\u8f91 /etc/cinder/cinder.conf \u6587\u4ef6\uff1a \u5728[database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b \u5728[DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b \u5728[DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b \u5728[oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 [database] # ... connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [DEFAULT] # ... transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] # ... lock_path = /var/lib/cinder/tmp \u66ff\u6362CINDER_DBPASS\u4e3acinder\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362RABBIT_PASS\u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6emy_ip\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362CINDER_PASS\u4e3acinder\u7528\u6237\u7684\u5bc6\u7801\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a $ su -s /bin/sh -c \"cinder-manage db sync\" cinder \u914d\u7f6e\u8ba1\u7b97\u4f7f\u7528\u5757\u5b58\u50a8\uff1a \u7f16\u8f91 /etc/nova/nova.conf \u6587\u4ef6\u3002 [cinder] os_region_name = RegionOne \u5b8c\u6210\u5b89\u88c5\uff1a \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 $ systemctl restart openstack-nova-api.service \u542f\u52a8\u5757\u5b58\u50a8\u670d\u52a1 $ systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service $ systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9\uff08LVM\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install lvm2 device-mapper-persistent-data scsi-target-utils python2-keystone \\ openstack-cinder-volume \u521b\u5efaLVM\u7269\u7406\u5377 /dev/sdb\uff1a $ pvcreate /dev/sdb \u521b\u5efaLVM\u5377\u7ec4 cinder-volumes\uff1a $ vgcreate cinder-volumes /dev/sdb \u7f16\u8f91 /etc/lvm/lvm.conf \u6587\u4ef6\uff1a \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/sdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 devices { # ... filter = [ \"a/sdb/\", \"r/.*/\"] \u7f16\u8f91 /etc/cinder/cinder.conf \u6587\u4ef6\uff1a \u5728[lvm]\u90e8\u5206\uff0c\u4f7f\u7528LVM\u9a71\u52a8\u3001cinder-volumes\u5377\u7ec4\u3001iSCSI\u534f\u8bae\u548c\u9002\u5f53\u7684iSCSI\u670d\u52a1\u914d\u7f6eLVM\u540e\u7aef\u3002 \u5728[DEFAULT]\u90e8\u5206\uff0c\u542f\u7528LVM\u540e\u7aef\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u4f4d\u7f6e\u3002 [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver volume_group = cinder-volumes target_protocol = iscsi target_helper = lioadm [DEFAULT] # ... enabled_backends = lvm glance_api_servers = http://controller:9292 \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u5b8c\u6210\u5b89\u88c5\uff1a $ systemctl enable openstack-cinder-volume.service tgtd.service iscsid.service $ systemctl start openstack-cinder-volume.service tgtd.service iscsid.service \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9\uff08ceph RBD\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a $ yum install ceph-common python2-rados python2-rbd python2-keystone openstack-cinder-volume \u5728[DEFAULT]\u90e8\u5206\uff0c\u542f\u7528LVM\u540e\u7aef\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u4f4d\u7f6e\u3002 [DEFAULT] enabled_backends = ceph-rbd \u6dfb\u52a0ceph rbd\u914d\u7f6e\u90e8\u5206\uff0c\u914d\u7f6e\u5757\u547d\u540d\u4e0eenabled_backends\u4e2d\u4fdd\u6301\u4e00\u81f4 [ceph-rbd] glance_api_version = 2 rados_connect_timeout = -1 rbd_ceph_conf = /etc/ceph/ceph.conf rbd_flatten_volume_from_snapshot = False rbd_max_clone_depth = 5 rbd_pool = <RBD_POOL_NAME> # RBD\u5b58\u50a8\u6c60\u540d\u79f0 rbd_secret_uuid = <rbd_secret_uuid> # \u968f\u673a\u751f\u6210SECRET UUID rbd_store_chunk_size = 4 rbd_user = <RBD_USER_NAME> volume_backend_name = ceph-rbd volume_driver = cinder.volume.drivers.rbd.RBDDriver \u914d\u7f6e\u5b58\u50a8\u8282\u70b9ceph\u5ba2\u6237\u7aef\uff0c\u9700\u8981\u4fdd\u8bc1/etc/ceph/\u76ee\u5f55\u4e2d\u5305\u542bceph\u96c6\u7fa4\u8bbf\u95ee\u914d\u7f6e\uff0c\u5305\u62ecceph.conf\u4ee5\u53cakeyring [root@openeuler ~]# ll /etc/ceph -rw-r--r-- 1 root root 82 Jun 16 17:11 ceph.client.<rbd_user>.keyring -rw-r--r-- 1 root root 1.5K Jun 16 17:11 ceph.conf -rw-r--r-- 1 root root 92 Jun 16 17:11 rbdmap \u5728\u5b58\u50a8\u8282\u70b9\u68c0\u67e5ceph\u96c6\u7fa4\u662f\u5426\u6b63\u5e38\u53ef\u8bbf\u95ee [root@openeuler ~]# ceph --user cinder -s cluster: id: b7b2fac6-420f-4ec1-aea2-4862d29b4059 health: HEALTH_OK services: mon: 3 daemons, quorum VIRT01,VIRT02,VIRT03 mgr: VIRT03(active), standbys: VIRT02, VIRT01 mds: cephfs_virt-1/1/1 up {0=VIRT03=up:active}, 2 up:standby osd: 15 osds: 15 up, 15 in data: pools: 7 pools, 1416 pgs objects: 5.41M objects, 19.8TiB usage: 49.3TiB used, 59.9TiB / 109TiB avail pgs: 1414 active io: client: 2.73MiB/s rd, 22.4MiB/s wr, 3.21kop/s rd, 1.19kop/s wr \u542f\u52a8\u670d\u52a1 $ systemctl enable openstack-cinder-volume.service $ systemctl start openstack-cinder-volume.service \u5b89\u88c5\u548c\u914d\u7f6e\u5907\u4efd\u670d\u52a1 \u7f16\u8f91 /etc/cinder/cinder.conf \u6587\u4ef6\uff1a \u5728[DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6e\u5907\u4efd\u9009\u9879 [DEFAULT] # ... # \u6ce8\u610f: openEuler 21.03\u4e2d\u6ca1\u6709\u63d0\u4f9bOpenStack Swift\u8f6f\u4ef6\u5305\uff0c\u9700\u8981\u7528\u6237\u81ea\u884c\u5b89\u88c5\u3002\u6216\u8005\u4f7f\u7528\u5176\u4ed6\u7684\u5907\u4efd\u540e\u7aef\uff0c\u4f8b\u5982\uff0cNFS\u3002NFS\u5df2\u7ecf\u8fc7\u6d4b\u8bd5\u9a8c\u8bc1\uff0c\u53ef\u4ee5\u6b63\u5e38\u4f7f\u7528\u3002 backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver backup_swift_url = SWIFT_URL \u66ff\u6362SWIFT_URL\u4e3a\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u7684URL\uff0c\u8be5URL\u53ef\u4ee5\u901a\u8fc7\u5bf9\u8c61\u5b58\u50a8API\u7aef\u70b9\u627e\u5230\uff1a $ openstack catalog show object-store \u5b8c\u6210\u5b89\u88c5\uff1a $ systemctl enable openstack-cinder-backup.service $ systemctl start openstack-cinder-backup.service \u9a8c\u8bc1 \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\u9a8c\u8bc1\u6bcf\u4e2a\u6b65\u9aa4\u6210\u529f\uff1a $ source admin-openrc $ openstack volume service list \u6ce8\uff1a\u76ee\u524d\u6682\u672a\u5bf9swift\u7ec4\u4ef6\u8fdb\u884c\u652f\u6301\uff0c\u6709\u6761\u4ef6\u7684\u540c\u5b66\u53ef\u4ee5\u914d\u7f6e\u5bf9\u63a5ceph\u3002","title":"Cinder \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#horizon","text":"\u5b89\u88c5\u8f6f\u4ef6\u5305 $ yum install openstack-dashboard 2. \u4fee\u6539\u6587\u4ef6 /usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.py \u4fee\u6539\u53d8\u91cf ALLOWED_HOSTS = ['*', ] OPENSTACK_HOST = \"controller\" OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } \u65b0\u589e\u53d8\u91cf OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } WEBROOT = \"/dashboard/\" COMPRESS_OFFLINE = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"admin\" LOGIN_URL = '/dashboard/auth/login/' LOGOUT_URL = '/dashboard/auth/logout/' 3. \u4fee\u6539\u6587\u4ef6/etc/httpd/conf.d/openstack-dashboard.conf WSGIDaemonProcess dashboard WSGIProcessGroup dashboard WSGISocketPrefix run/wsgi WSGIApplicationGroup %{GLOBAL} WSGIScriptAlias /dashboard /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi Alias /dashboard/static /usr/share/openstack-dashboard/static <Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi> Options All AllowOverride All Require all granted </Directory> <Directory /usr/share/openstack-dashboard/static> Options All AllowOverride All Require all granted </Directory> 4. \u5728/usr/share/openstack-dashboard\u76ee\u5f55\u4e0b\u6267\u884c $ ./manage.py compress 5. \u91cd\u542f httpd \u670d\u52a1 $ systemctl restart httpd 5. \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740http:// \uff0c\u767b\u5f55 horizon\u3002","title":"Horizon \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5 \u5b89\u88c5Tempest $ yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 $ tempest init mytest 3. \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 $ cd mytest $ vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 $ tempest run","title":"Tempest \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-ironic-api openstack-ironic-conductor python2-ironicclient \u542f\u52a8\u670d\u52a1 systemctl enable openstack-ironic-api openstack-ironic-conductor systemctl start openstack-ironic-api openstack-ironic-conductor \u7ec4\u4ef6\u5b89\u88c5\u4e0e\u914d\u7f6e ##### \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 $ openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic $ openstack role add --project service --user ironic admin $ openstack service create --name ironic --description \\ \"Ironic baremetal provisioning service\" baremetal 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 $ openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 $ openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 $ openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 ##### \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone force_config_drive = True [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u9700\u8981\u5728\u914d\u7f6e\u6587\u4ef6\u4e2d\u6307\u5b9aironic\u65e5\u5fd7\u76ee\u5f55 [DEFAULT] log_dir = /var/log/ironic/ 5\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 $ ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 6\u3001\u91cd\u542fironic-api\u670d\u52a1 $ systemctl restart openstack-ironic-api ##### \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenstack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenstack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenstack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenstack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenstack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728Openstack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeopenstack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] # ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 $ systemctl restart openstack-ironic-conductor deploy ramdisk\u955c\u50cf\u5236\u4f5c \u76ee\u524dramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic python agent builder\u6765\u8fdb\u884c\u5236\u4f5c\uff0c\u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528\u8fd9\u4e2a\u5de5\u5177\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002\uff08\u7528\u6237\u4e5f\u53ef\u4ee5\u6839\u636e\u81ea\u5df1\u7684\u60c5\u51b5\u83b7\u53d6ironic-python-agent\uff0c\u8fd9\u91cc\u63d0\u4f9b\u4f7f\u7528ipa-builder\u5236\u4f5cipa\u65b9\u6cd5\uff09 ##### \u5b89\u88c5 ironic-python-agent-builder \u5b89\u88c5\u5de5\u5177\uff1a $ pip install ironic-python-agent-builder \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a $ /usr/bin/yum /usr/libexec/urlgrabber-ext-down \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a $ yum install git \u7531\u4e8e DIB \u4f9d\u8d56 semanage \u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a semanage --help \uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ##### \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f aarch64 \u67b6\u6784\uff0c\u8fd8\u9700\u8981\u6dfb\u52a0\uff1a $ export ARCH=aarch64 ###### \u666e\u901a\u955c\u50cf \u57fa\u672c\u7528\u6cd5\uff1a usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder \u4e3e\u4f8b\u8bf4\u660e\uff1a $ ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ###### \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a $ export DIB_DEV_USER_USERNAME=ipa \\ $ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ $ export DIB_DEV_USER_PASSWORD='123' $ ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ###### \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 \u53c2\u8003\uff1a source-repositories \u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u5728Rocky\u4e2d\uff0c\u6211\u4eec\u8fd8\u63d0\u4f9b\u4e86ironic-inspector\u7b49\u670d\u52a1\uff0c\u7528\u6237\u53ef\u6839\u636e\u81ea\u8eab\u9700\u6c42\u5b89\u88c5\u3002","title":"Ironic \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#kolla","text":"Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 20.03 LTS SP2\u4e2d\u5df2\u7ecf\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\uff0c\u4f46\u662fKolla \u4ee5\u53ca Kolla-ansible \u539f\u751f\u5e76\u4e0d\u652f\u6301 openEuler\uff0c \u56e0\u6b64 Openstack SIG \u5728openEuler 20.03 LTS SP3\u4e2d\u63d0\u4f9b\u4e86 openstack-kolla-plugin \u548c openstack-kolla-ansible-plugin \u8fd9\u4e24\u4e2a\u8865\u4e01\u5305\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef \u652f\u6301 openEuler \u7248\u672c\uff1a yum install openstack-kolla-plugin openstack-kolla-ansible-plugin \u4e0d\u652f\u6301 openEuler \u7248\u672c\uff1a yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002","title":"Kolla \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5bf9\u5e94\u5bc6\u7801 $ mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 $ openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove $ openstack role add --project service --user trove admin $ openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 $ openstack endpoint create --region RegionOne database public http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s $ openstack endpoint create --region RegionOne database internal http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s $ openstack endpoint create --region RegionOne database admin http://$TROVE_NODE:8779/v1.0/%\\(tenant_id\\)s \u89e3\u91ca\uff1a $TROVE_NODE \u66ff\u6362\u4e3aTrove\u7684API\u670d\u52a1\u90e8\u7f72\u8282\u70b9 \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 $ yum install openstack-trove python2-troveclient 2\u3001\u914d\u7f6e /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove auth_strategy = keystone # Config option for showing the IP address that nova doles out add_addresses = True network_label_regex = ^NETWORK_LABEL$ api_paste_config = /etc/trove/api-paste.ini trove_auth_url = http://controller:35357/v3/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASS nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/v3/ auth_url=http://controller:35357/v3/ #auth_uri = http://controller/identity #auth_url = http://controller/identity_admin auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = trove password = TROVE_PASS \u89e3\u91ca\uff1a - [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP - nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint - nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b - transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 3\u3001\u914d\u7f6e /etc/trove/trove-taskmanager.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller/identity/v2.0 nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove \u89e3\u91ca\uff1a \u53c2\u7167 trove.conf \u914d\u7f6e 4\u3001\u914d\u7f6e /etc/trove/trove-conductor.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller/identity/v2.0 nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:trove@controller/trove \u89e3\u91ca\uff1a \u53c2\u7167 trove.conf \u914d\u7f6e 5\u3001\u914d\u7f6e /etc/trove/trove-guestagent.conf [DEFAULT] rabbit_host = controller rabbit_password = RABBIT_PASS nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASS nova_proxy_admin_tenant_name = service trove_auth_url = http://controller/identity_admin/v2.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 6\u3001\u751f\u6210\u6570\u636e Trove \u6570\u636e\u5e93\u8868 $ su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e 1\u3001\u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 $ systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2\u3001\u542f\u52a8\u670d\u52a1 $ systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-rocky/#rally","text":"Rally\u662fOpenStack\u63d0\u4f9b\u7684\u6027\u80fd\u6d4b\u8bd5\u5de5\u5177\u3002\u53ea\u9700\u8981\u7b80\u5355\u7684\u5b89\u88c5\u5373\u53ef\u3002 yum install openstack-rally openstack-rally-plugins","title":"Rally \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/","text":"OpenStack-Train \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack-Train \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 OpenStack \u7b80\u4ecb \u00b6 OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 20.03-LTS-SP3 \u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Train \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002 \u7ea6\u5b9a \u00b6 OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron \u51c6\u5907\u73af\u5883 \u00b6 \u73af\u5883\u914d\u7f6e \u00b6 \u914d\u7f6e 20.03-LTS-SP3 \u5b98\u65b9yum\u6e90\uff0c\u9700\u8981\u542f\u7528EPOL\u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301OpenStack cat << EOF >> /etc/yum.repos.d/20.03-LTS-SP3-OpenStack_Train.repo [OS] name=OS baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP3/OS/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP3/OS/$basearch/RPM-GPG-KEY-openEuler [everything] name=everything baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP3/everything/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP3/everything/$basearch/RPM-GPG-KEY-openEuler [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP3/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP3/OS/$basearch/RPM-GPG-KEY-openEuler EOF yum clean all && yum makecache \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute \u5b89\u88c5 SQL DataBase \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef \u5b89\u88c5 RabbitMQ \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5 Memcached \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u5b89\u88c5 OpenStack \u00b6 Keystone \u5b89\u88c5 \u00b6 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Placement\u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a . admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name Nova \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) logdir = /var/log/nova/ [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u5219 virt_type \u53ef\u4ee5\u914d\u7f6e\u4e3a kvm \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF chown nova:nova /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u5e76\u4e14\u5f53ARM\u67b6\u6784\u4e0b\u7684\u90e8\u7f72\u73af\u5883\u4e3a\u5d4c\u5957\u865a\u62df\u5316\u65f6\uff0c libvirt \u914d\u7f6e\u5982\u4e0b\uff1a [libvirt] virt_type = qemu cpu_mode = custom cpu_model = cortex-a72 \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CTL) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL) Neutron \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini (CTL) [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ (CTL) --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl restart neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list Cinder \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS\u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list horizon \u5b89\u88c5 \u00b6 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"user\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740 Tempest \u5b89\u88c5 \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Train\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin Ironic \u5b89\u88c5 \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; 2. \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u542f\u52a8\u670d\u52a1 systemctl enable openstack-ironic-api openstack-ironic-conductor systemctl start openstack-ironic-api openstack-ironic-conductor \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y 2. \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7. deploy ramdisk\u955c\u50cf\u5236\u4f5c T\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528T\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728T\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a T\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target \u5728Train\u4e2d\uff0c\u6211\u4eec\u8fd8\u63d0\u4f9b\u4e86ironic-inspector\u7b49\u670d\u52a1\uff0c\u7528\u6237\u53ef\u6839\u636e\u81ea\u8eab\u9700\u6c42\u5b89\u88c5\u3002 Kolla \u5b89\u88c5 \u00b6 Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u8fdb\u884c\u76f8\u5173\u7684\u955c\u50cf\u5236\u4f5c\u548c\u5bb9\u5668\u73af\u5883\u90e8\u7f72\u4e86\u3002 Trove \u5b89\u88c5 \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --domain default --password-prompt trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 ``shell script yum install openstack-trove python3-troveclient 2. \u914d\u7f6e`trove.conf` ```shell script vim /etc/trove/trove.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller:5000/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 swift_url = http://controller:8080/v1/AUTH_ rpc_backend = rabbit transport_url = rabbit://openstack:RABBIT_PASS@controller:5672 auth_strategy = keystone add_addresses = True api_paste_config = /etc/trove/api-paste.ini nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASSWORD nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver = trove.network.neutron.NeutronDriver network_label_regex = .* [database] connection = mysql+pymysql://trove:TROVE_DBPASSWORD@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ auth_type = password project_domain_name = default user_domain_name = default project_name = service username = trove password = TROVE_PASSWORD **\u89e3\u91ca\uff1a** - [Default] \u5206\u7ec4\u4e2d nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint - nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b - transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 \u914d\u7f6e trove-guestagent.conf ```shell script vim /etc/trove/trove-guestagent.conf rabbit_host = controller rabbit_password = RABBIT_PASS trove_auth_url = http://controller:5000/ **\u89e3\u91ca\uff1a** `guestagent`\u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 **\u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002** - `RABBIT_PASS`\u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 4. \u751f\u6210\u6570\u636e`Trove`\u6570\u636e\u5e93\u8868 ```shell script su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 ```shell script systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2. \u542f\u52a8\u670d\u52a1 ```shell script systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Swift \u5b89\u88c5 \u00b6 Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #admin\u4e3aswift\u7528\u6237\u6dfb\u52a0\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8swift\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3a\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230 /etc/swift \u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service Cyborg \u5b89\u88c5 \u00b6 Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 \u5b89\u88c5Cyborg yum install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent Aodh \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync \u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service Gnocchi \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade \u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service Ceilometer \u5b89\u88c5 \u00b6 \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade \u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Heat \u5b89\u88c5 \u00b6 \u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service","title":"openEuler-20.03-LTS-SP3_Train"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#openstack-train","text":"OpenStack-Train \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5","title":"OpenStack-Train \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#openstack","text":"OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 20.03-LTS-SP3 \u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Train \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002","title":"OpenStack \u7b80\u4ecb"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#_1","text":"OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron","title":"\u7ea6\u5b9a"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#_2","text":"","title":"\u51c6\u5907\u73af\u5883"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#_3","text":"\u914d\u7f6e 20.03-LTS-SP3 \u5b98\u65b9yum\u6e90\uff0c\u9700\u8981\u542f\u7528EPOL\u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301OpenStack cat << EOF >> /etc/yum.repos.d/20.03-LTS-SP3-OpenStack_Train.repo [OS] name=OS baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP3/OS/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP3/OS/$basearch/RPM-GPG-KEY-openEuler [everything] name=everything baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP3/everything/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP3/everything/$basearch/RPM-GPG-KEY-openEuler [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP3/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP3/OS/$basearch/RPM-GPG-KEY-openEuler EOF yum clean all && yum makecache \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute","title":"\u73af\u5883\u914d\u7f6e"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#sql-database","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef","title":"\u5b89\u88c5 SQL DataBase"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#rabbitmq","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5 RabbitMQ"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#memcached","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002","title":"\u5b89\u88c5 Memcached"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#openstack_1","text":"","title":"\u5b89\u88c5 OpenStack"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#keystone","text":"\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#glance","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#placement","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a . admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name","title":"Placement\u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#nova","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) logdir = /var/log/nova/ [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u5219 virt_type \u53ef\u4ee5\u914d\u7f6e\u4e3a kvm \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF chown nova:nova /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u5e76\u4e14\u5f53ARM\u67b6\u6784\u4e0b\u7684\u90e8\u7f72\u73af\u5883\u4e3a\u5d4c\u5957\u865a\u62df\u5316\u65f6\uff0c libvirt \u914d\u7f6e\u5982\u4e0b\uff1a [libvirt] virt_type = qemu cpu_mode = custom cpu_model = cortex-a72 \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CTL) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL)","title":"Nova \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#neutron","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini (CTL) [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ (CTL) --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl restart neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list","title":"Neutron \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#cinder","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS\u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list","title":"Cinder \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#horizon","text":"\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"user\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740","title":"horizon \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Train\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin","title":"Tempest \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; 2. \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u542f\u52a8\u670d\u52a1 systemctl enable openstack-ironic-api openstack-ironic-conductor systemctl start openstack-ironic-api openstack-ironic-conductor \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y 2. \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7. deploy ramdisk\u955c\u50cf\u5236\u4f5c T\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528T\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728T\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a T\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target \u5728Train\u4e2d\uff0c\u6211\u4eec\u8fd8\u63d0\u4f9b\u4e86ironic-inspector\u7b49\u670d\u52a1\uff0c\u7528\u6237\u53ef\u6839\u636e\u81ea\u8eab\u9700\u6c42\u5b89\u88c5\u3002","title":"Ironic \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#kolla","text":"Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u8fdb\u884c\u76f8\u5173\u7684\u955c\u50cf\u5236\u4f5c\u548c\u5bb9\u5668\u73af\u5883\u90e8\u7f72\u4e86\u3002","title":"Kolla \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --domain default --password-prompt trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 ``shell script yum install openstack-trove python3-troveclient 2. \u914d\u7f6e`trove.conf` ```shell script vim /etc/trove/trove.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller:5000/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 swift_url = http://controller:8080/v1/AUTH_ rpc_backend = rabbit transport_url = rabbit://openstack:RABBIT_PASS@controller:5672 auth_strategy = keystone add_addresses = True api_paste_config = /etc/trove/api-paste.ini nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASSWORD nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver = trove.network.neutron.NeutronDriver network_label_regex = .* [database] connection = mysql+pymysql://trove:TROVE_DBPASSWORD@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ auth_type = password project_domain_name = default user_domain_name = default project_name = service username = trove password = TROVE_PASSWORD **\u89e3\u91ca\uff1a** - [Default] \u5206\u7ec4\u4e2d nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint - nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b - transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 \u914d\u7f6e trove-guestagent.conf ```shell script vim /etc/trove/trove-guestagent.conf rabbit_host = controller rabbit_password = RABBIT_PASS trove_auth_url = http://controller:5000/ **\u89e3\u91ca\uff1a** `guestagent`\u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 **\u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002** - `RABBIT_PASS`\u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 4. \u751f\u6210\u6570\u636e`Trove`\u6570\u636e\u5e93\u8868 ```shell script su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 ```shell script systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2. \u542f\u52a8\u670d\u52a1 ```shell script systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#swift","text":"Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #admin\u4e3aswift\u7528\u6237\u6dfb\u52a0\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8swift\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3a\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230 /etc/swift \u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service","title":"Swift \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#cyborg","text":"Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 \u5b89\u88c5Cyborg yum install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent","title":"Cyborg \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#aodh","text":"\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync \u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service","title":"Aodh \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#gnocchi","text":"\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade \u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service","title":"Gnocchi \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#ceilometer","text":"\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade \u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service","title":"Ceilometer \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP3/OpenStack-train/#heat","text":"\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service","title":"Heat \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/","text":"OpenStack-Train \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack-Train \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u65b0\u7279\u6027\u7684\u5b89\u88c5 Neutron\u6d41\u91cf\u5206\u6563\u7279\u6027 OpenStack \u7b80\u4ecb \u00b6 OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 20.03-LTS-SP4 \u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Train \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002 \u7ea6\u5b9a \u00b6 OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron \u51c6\u5907\u73af\u5883 \u00b6 \u73af\u5883\u914d\u7f6e \u00b6 \u914d\u7f6e 20.03-LTS-SP4 \u5b98\u65b9yum\u6e90\uff0c\u9700\u8981\u542f\u7528EPOL\u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301OpenStack cat << EOF >> /etc/yum.repos.d/20.03-LTS-SP4-OpenStack_Train.repo [OS] name=OS baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/OS/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/OS/$basearch/RPM-GPG-KEY-openEuler [everything] name=everything baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/everything/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/everything/$basearch/RPM-GPG-KEY-openEuler [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/OS/$basearch/RPM-GPG-KEY-openEuler EOF yum clean all && yum makecache \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute \u5b89\u88c5 SQL DataBase \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vi /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef \u5b89\u88c5 RabbitMQ \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5 Memcached \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vi /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u5b89\u88c5 OpenStack \u00b6 Keystone \u5b89\u88c5 \u00b6 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vi /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vi /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vi /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Placement\u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vi /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a . admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name Nova \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vi /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) logdir = /var/log/nova/ [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vi /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u5219 virt_type \u53ef\u4ee5\u914d\u7f6e\u4e3a kvm \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF chown nova:nova /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd vi /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u5e76\u4e14\u5f53ARM\u67b6\u6784\u4e0b\u7684\u90e8\u7f72\u73af\u5883\u4e3a\u5d4c\u5957\u865a\u62df\u5316\u65f6\uff0c libvirt \u914d\u7f6e\u5982\u4e0b\uff1a [libvirt] virt_type = qemu cpu_mode = custom cpu_model = cortex-a72 \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CTL) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL) Neutron \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vi /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vi /etc/neutron/plugins/ml2/ml2_conf.ini (CTL) [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vi /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vi /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vi /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vi /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ (CTL) --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl restart neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list Cinder \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vi /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vi /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS\u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vi /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list horizon \u5b89\u88c5 \u00b6 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vi /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"user\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740 Tempest \u5b89\u88c5 \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Train\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin Ironic \u5b89\u88c5 \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; 2. \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u542f\u52a8\u670d\u52a1 systemctl enable openstack-ironic-api openstack-ironic-conductor systemctl start openstack-ironic-api openstack-ironic-conductor \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y 2. \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7. deploy ramdisk\u955c\u50cf\u5236\u4f5c T\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528T\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728T\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a T\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vi usr/lib/systemd/system/ironic-python-agent.service [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target \u5728Train\u4e2d\uff0c\u6211\u4eec\u8fd8\u63d0\u4f9b\u4e86ironic-inspector\u7b49\u670d\u52a1\uff0c\u7528\u6237\u53ef\u6839\u636e\u81ea\u8eab\u9700\u6c42\u5b89\u88c5\u3002 Kolla \u5b89\u88c5 \u00b6 Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u8fdb\u884c\u76f8\u5173\u7684\u955c\u50cf\u5236\u4f5c\u548c\u5bb9\u5668\u73af\u5883\u90e8\u7f72\u4e86\u3002 Trove \u5b89\u88c5 \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --domain default --password-prompt trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 ``shell script yum install openstack-trove python3-troveclient 2. \u914d\u7f6e`trove.conf` ```shell script vi /etc/trove/trove.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller:5000/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 swift_url = http://controller:8080/v1/AUTH_ rpc_backend = rabbit transport_url = rabbit://openstack:RABBIT_PASS@controller:5672 auth_strategy = keystone add_addresses = True api_paste_config = /etc/trove/api-paste.ini nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASSWORD nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver = trove.network.neutron.NeutronDriver network_label_regex = .* [database] connection = mysql+pymysql://trove:TROVE_DBPASSWORD@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ auth_type = password project_domain_name = default user_domain_name = default project_name = service username = trove password = TROVE_PASSWORD **\u89e3\u91ca\uff1a** - [Default] \u5206\u7ec4\u4e2d nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint - nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b - transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 \u914d\u7f6e trove-guestagent.conf ```shell script vi /etc/trove/trove-guestagent.conf rabbit_host = controller rabbit_password = RABBIT_PASS trove_auth_url = http://controller:5000/ **\u89e3\u91ca\uff1a** `guestagent`\u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 **\u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002** - `RABBIT_PASS`\u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 4. \u751f\u6210\u6570\u636e`Trove`\u6570\u636e\u5e93\u8868 ```shell script su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 ```shell script systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2. \u542f\u52a8\u670d\u52a1 ```shell script systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Swift \u5b89\u88c5 \u00b6 Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #admin\u4e3aswift\u7528\u6237\u6dfb\u52a0\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8swift\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3a\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230 /etc/swift \u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service Cyborg \u5b89\u88c5 \u00b6 Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 \u5b89\u88c5Cyborg yum install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent Aodh \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync \u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service Gnocchi \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade \u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service Ceilometer \u5b89\u88c5 \u00b6 \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade \u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Heat \u5b89\u88c5 \u00b6 \u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service \u65b0\u7279\u6027\u7684\u5b89\u88c5 \u00b6 Neutron\u6d41\u91cf\u5206\u6563\u7279\u6027 \u00b6 \u6d41\u91cf\u5206\u6563\u7279\u6027\u662fOpenStack SIG\u5728openEuler 20.03\u4e2d\u57fa\u4e8eOpenStack Train\u5f00\u53d1\u7684Neutron\u65b0\u7279\u6027\uff0c\u8be5\u7279\u6027\u5141\u8bb8\u7528\u6237\u6307\u5b9a\u8def\u7531\u5668\u6240\u5728\u7684\u7f51\u7edc\u8282\u70b9\uff0c\u540c\u65f6\u8fd8\u63d0\u4f9b\u57fa\u4e8e\u8def\u7531\u5668\u5916\u90e8\u7f51\u5173\u7684\u7aef\u53e3\u8f6c\u53d1\u7684\u529f\u80fd\u3002\u8be5\u7279\u6027\u652f\u6301Neutron\u7684L3 HA\u548cDVR\uff0c\u5177\u4f53\u7ec6\u8282\u53ef\u4ee5\u53c2\u8003 \u7279\u6027\u6587\u6863 \u3002\u672c\u6587\u6863\u4e3b\u8981\u63cf\u8ff0\u5b89\u88c5\u6b65\u9aa4\u3002 \u6309\u7167\u524d\u9762\u7ae0\u8282\u90e8\u7f72\u597d\u4e00\u5957OpenStack\u73af\u5883\uff08\u975e\u5bb9\u5668\uff09\uff0c\u7136\u540e\u5148\u5b89\u88c5plugin\u3002 dnf install -y openstack-neutron-distributed-traffic python3-neutron-lib-distributed-traffic \u914d\u7f6e\u6570\u636e\u5e93 \u672c\u7279\u6027\u5bf9Neutron\u7684\u6570\u636e\u8868\u8fdb\u884c\u4e86\u6269\u5145\uff0c\u56e0\u6b64\u9700\u8981\u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron (CTL) \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/neutron/neutron.conf [DEFAULT] enable_set_route_for_single_port = True network_nodes = network-1,network-2,network-3 router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.PreferredL3AgentRoutersScheduler [network-1] compute_nodes = compute-1 [network-2] compute_nodes = compute-2 [network-3] compute_nodes = compute-3 \u5176\u4e2dnetwork-1\u3001network-2\u548cnetwork-3\u662f\u7f51\u7edc\u8282\u70b9\u7684hostname\uff0ccompute-1\u3001compute-2\u548ccompute-3\u662f\u8ba1\u7b97\u8282\u70b9\u7684hostname\u3002\u6309\u7167\u4e0a\u9762\u8bbe\u7f6e\u7528\u6237\u5728\u521b\u5efa\u591a\u4e2a\u8def\u7531\u5668\u8fde\u63a5\u5230\u540c\u4e00\u5b50\u7f51\u65f6\uff0c\u4f4d\u4e8e\u4e0d\u540c\u8ba1\u7b97\u8282\u70b9\u7684\u865a\u62df\u673a\u7684\u6d41\u91cf\u5c31\u6309\u7167\u914d\u7f6e\u6587\u4ef6\u627e\u5230\u5bf9\u5e94\u7684\u7f51\u7edc\u8282\u70b9\u7684\u8def\u7531\u5668\u3002 \u6253\u5f00\u57fa\u4e8e\u8def\u7531\u5668\u5916\u90e8\u7f51\u5173\u7684\u7aef\u53e3\u8f6c\u53d1\uff08\u53ef\u9009\uff09\u3002\u57fa\u4e8e\u5916\u90e8\u7f51\u5173\u7684\u7aef\u53e3\u8f6c\u53d1\u4e0e\u57fa\u4e8e\u6d6e\u52a8IP\u7684\u7aef\u53e3\u8f6c\u53d1\u4e0d\u80fd\u540c\u65f6\u4f7f\u7528\u3002 vim /etc/neutron/neutron.conf [DEFAULT] service_plugins = router,rg_port_forwarding vim /etc/neutron/l3_agent.ini [agent] extensions = rg_port_forwarding \u91cd\u542f\u76f8\u5173\u670d\u52a1\u3002 systemctl restart neutron-server.service neutron-dhcp-agent.service neutron-l3-agent.service (CTL)","title":"openEuler-20.03-LTS-SP4_Train"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#openstack-train","text":"OpenStack-Train \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u65b0\u7279\u6027\u7684\u5b89\u88c5 Neutron\u6d41\u91cf\u5206\u6563\u7279\u6027","title":"OpenStack-Train \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#openstack","text":"OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 20.03-LTS-SP4 \u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Train \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002","title":"OpenStack \u7b80\u4ecb"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#_1","text":"OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron","title":"\u7ea6\u5b9a"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#_2","text":"","title":"\u51c6\u5907\u73af\u5883"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#_3","text":"\u914d\u7f6e 20.03-LTS-SP4 \u5b98\u65b9yum\u6e90\uff0c\u9700\u8981\u542f\u7528EPOL\u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301OpenStack cat << EOF >> /etc/yum.repos.d/20.03-LTS-SP4-OpenStack_Train.repo [OS] name=OS baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/OS/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/OS/$basearch/RPM-GPG-KEY-openEuler [everything] name=everything baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/everything/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/everything/$basearch/RPM-GPG-KEY-openEuler [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP4/OS/$basearch/RPM-GPG-KEY-openEuler EOF yum clean all && yum makecache \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute","title":"\u73af\u5883\u914d\u7f6e"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#sql-database","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vi /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef","title":"\u5b89\u88c5 SQL DataBase"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#rabbitmq","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5 RabbitMQ"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#memcached","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vi /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002","title":"\u5b89\u88c5 Memcached"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#openstack_1","text":"","title":"\u5b89\u88c5 OpenStack"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#keystone","text":"\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vi /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vi /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#glance","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vi /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#placement","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vi /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a . admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name","title":"Placement\u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#nova","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vi /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) logdir = /var/log/nova/ [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vi /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u5219 virt_type \u53ef\u4ee5\u914d\u7f6e\u4e3a kvm \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF chown nova:nova /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd vi /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u5e76\u4e14\u5f53ARM\u67b6\u6784\u4e0b\u7684\u90e8\u7f72\u73af\u5883\u4e3a\u5d4c\u5957\u865a\u62df\u5316\u65f6\uff0c libvirt \u914d\u7f6e\u5982\u4e0b\uff1a [libvirt] virt_type = qemu cpu_mode = custom cpu_model = cortex-a72 \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CTL) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL)","title":"Nova \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#neutron","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vi /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vi /etc/neutron/plugins/ml2/ml2_conf.ini (CTL) [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vi /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vi /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vi /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vi /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ (CTL) --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl restart neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list","title":"Neutron \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#cinder","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vi /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vi /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS\u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vi /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list","title":"Cinder \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#horizon","text":"\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vi /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"user\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740","title":"horizon \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Train\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin","title":"Tempest \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; 2. \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u542f\u52a8\u670d\u52a1 systemctl enable openstack-ironic-api openstack-ironic-conductor systemctl start openstack-ironic-api openstack-ironic-conductor \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y 2. \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7. deploy ramdisk\u955c\u50cf\u5236\u4f5c T\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528T\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728T\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a T\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vi usr/lib/systemd/system/ironic-python-agent.service [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target \u5728Train\u4e2d\uff0c\u6211\u4eec\u8fd8\u63d0\u4f9b\u4e86ironic-inspector\u7b49\u670d\u52a1\uff0c\u7528\u6237\u53ef\u6839\u636e\u81ea\u8eab\u9700\u6c42\u5b89\u88c5\u3002","title":"Ironic \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#kolla","text":"Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u8fdb\u884c\u76f8\u5173\u7684\u955c\u50cf\u5236\u4f5c\u548c\u5bb9\u5668\u73af\u5883\u90e8\u7f72\u4e86\u3002","title":"Kolla \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --domain default --password-prompt trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 ``shell script yum install openstack-trove python3-troveclient 2. \u914d\u7f6e`trove.conf` ```shell script vi /etc/trove/trove.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller:5000/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 swift_url = http://controller:8080/v1/AUTH_ rpc_backend = rabbit transport_url = rabbit://openstack:RABBIT_PASS@controller:5672 auth_strategy = keystone add_addresses = True api_paste_config = /etc/trove/api-paste.ini nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASSWORD nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver = trove.network.neutron.NeutronDriver network_label_regex = .* [database] connection = mysql+pymysql://trove:TROVE_DBPASSWORD@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ auth_type = password project_domain_name = default user_domain_name = default project_name = service username = trove password = TROVE_PASSWORD **\u89e3\u91ca\uff1a** - [Default] \u5206\u7ec4\u4e2d nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint - nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b - transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 \u914d\u7f6e trove-guestagent.conf ```shell script vi /etc/trove/trove-guestagent.conf rabbit_host = controller rabbit_password = RABBIT_PASS trove_auth_url = http://controller:5000/ **\u89e3\u91ca\uff1a** `guestagent`\u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 **\u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002** - `RABBIT_PASS`\u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 4. \u751f\u6210\u6570\u636e`Trove`\u6570\u636e\u5e93\u8868 ```shell script su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 ```shell script systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2. \u542f\u52a8\u670d\u52a1 ```shell script systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#swift","text":"Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #admin\u4e3aswift\u7528\u6237\u6dfb\u52a0\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8swift\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3a\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230 /etc/swift \u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service","title":"Swift \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#cyborg","text":"Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 \u5b89\u88c5Cyborg yum install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent","title":"Cyborg \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#aodh","text":"\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync \u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service","title":"Aodh \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#gnocchi","text":"\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade \u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service","title":"Gnocchi \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#ceilometer","text":"\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade \u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service","title":"Ceilometer \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#heat","text":"\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service","title":"Heat \u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#_4","text":"","title":"\u65b0\u7279\u6027\u7684\u5b89\u88c5"},{"location":"install/openEuler-20.03-LTS-SP4/OpenStack-train/#neutron_1","text":"\u6d41\u91cf\u5206\u6563\u7279\u6027\u662fOpenStack SIG\u5728openEuler 20.03\u4e2d\u57fa\u4e8eOpenStack Train\u5f00\u53d1\u7684Neutron\u65b0\u7279\u6027\uff0c\u8be5\u7279\u6027\u5141\u8bb8\u7528\u6237\u6307\u5b9a\u8def\u7531\u5668\u6240\u5728\u7684\u7f51\u7edc\u8282\u70b9\uff0c\u540c\u65f6\u8fd8\u63d0\u4f9b\u57fa\u4e8e\u8def\u7531\u5668\u5916\u90e8\u7f51\u5173\u7684\u7aef\u53e3\u8f6c\u53d1\u7684\u529f\u80fd\u3002\u8be5\u7279\u6027\u652f\u6301Neutron\u7684L3 HA\u548cDVR\uff0c\u5177\u4f53\u7ec6\u8282\u53ef\u4ee5\u53c2\u8003 \u7279\u6027\u6587\u6863 \u3002\u672c\u6587\u6863\u4e3b\u8981\u63cf\u8ff0\u5b89\u88c5\u6b65\u9aa4\u3002 \u6309\u7167\u524d\u9762\u7ae0\u8282\u90e8\u7f72\u597d\u4e00\u5957OpenStack\u73af\u5883\uff08\u975e\u5bb9\u5668\uff09\uff0c\u7136\u540e\u5148\u5b89\u88c5plugin\u3002 dnf install -y openstack-neutron-distributed-traffic python3-neutron-lib-distributed-traffic \u914d\u7f6e\u6570\u636e\u5e93 \u672c\u7279\u6027\u5bf9Neutron\u7684\u6570\u636e\u8868\u8fdb\u884c\u4e86\u6269\u5145\uff0c\u56e0\u6b64\u9700\u8981\u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron (CTL) \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/neutron/neutron.conf [DEFAULT] enable_set_route_for_single_port = True network_nodes = network-1,network-2,network-3 router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.PreferredL3AgentRoutersScheduler [network-1] compute_nodes = compute-1 [network-2] compute_nodes = compute-2 [network-3] compute_nodes = compute-3 \u5176\u4e2dnetwork-1\u3001network-2\u548cnetwork-3\u662f\u7f51\u7edc\u8282\u70b9\u7684hostname\uff0ccompute-1\u3001compute-2\u548ccompute-3\u662f\u8ba1\u7b97\u8282\u70b9\u7684hostname\u3002\u6309\u7167\u4e0a\u9762\u8bbe\u7f6e\u7528\u6237\u5728\u521b\u5efa\u591a\u4e2a\u8def\u7531\u5668\u8fde\u63a5\u5230\u540c\u4e00\u5b50\u7f51\u65f6\uff0c\u4f4d\u4e8e\u4e0d\u540c\u8ba1\u7b97\u8282\u70b9\u7684\u865a\u62df\u673a\u7684\u6d41\u91cf\u5c31\u6309\u7167\u914d\u7f6e\u6587\u4ef6\u627e\u5230\u5bf9\u5e94\u7684\u7f51\u7edc\u8282\u70b9\u7684\u8def\u7531\u5668\u3002 \u6253\u5f00\u57fa\u4e8e\u8def\u7531\u5668\u5916\u90e8\u7f51\u5173\u7684\u7aef\u53e3\u8f6c\u53d1\uff08\u53ef\u9009\uff09\u3002\u57fa\u4e8e\u5916\u90e8\u7f51\u5173\u7684\u7aef\u53e3\u8f6c\u53d1\u4e0e\u57fa\u4e8e\u6d6e\u52a8IP\u7684\u7aef\u53e3\u8f6c\u53d1\u4e0d\u80fd\u540c\u65f6\u4f7f\u7528\u3002 vim /etc/neutron/neutron.conf [DEFAULT] service_plugins = router,rg_port_forwarding vim /etc/neutron/l3_agent.ini [agent] extensions = rg_port_forwarding \u91cd\u542f\u76f8\u5173\u670d\u52a1\u3002 systemctl restart neutron-server.service neutron-dhcp-agent.service neutron-l3-agent.service (CTL)","title":"Neutron\u6d41\u91cf\u5206\u6563\u7279\u6027"},{"location":"install/openEuler-21.09/OpenStack-wallaby/","text":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 OpenStack \u7b80\u4ecb \u00b6 OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 21.09 \u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Wallaby \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002 \u7ea6\u5b9a \u00b6 OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron \u51c6\u5907\u73af\u5883 \u00b6 \u73af\u5883\u914d\u7f6e \u00b6 \u914d\u7f6e 21.09 \u5b98\u65b9yum\u6e90\uff0c\u9700\u8981\u542f\u7528EPOL\u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301OpenStack cat << EOF >> /etc/yum.repos.d/21.09-OpenStack_Wallaby.repo [OS] name=OS baseurl=http://repo.openeuler.org/openEuler-21.09/OS/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-21.09/OS/$basearch/RPM-GPG-KEY-openEuler [everything] name=everything baseurl=http://repo.openeuler.org/openEuler-21.09/everything/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-21.09/everything/$basearch/RPM-GPG-KEY-openEuler [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-21.09/EPOL/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-21.09/OS/$basearch/RPM-GPG-KEY-openEuler EOF yum clean all && yum makecache \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute \u5b89\u88c5 SQL DataBase \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef \u5b89\u88c5 RabbitMQ \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5 Memcached \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u5b89\u88c5 OpenStack \u00b6 Keystone \u5b89\u88c5 \u00b6 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Placement\u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a . admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name Nova \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [libvirt] virt_type = qemu (CPT) cpu_mode = custom (CPT) cpu_model = cortex-a72 (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] vim /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } (CPT) \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL) Neutron \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ systemctl enable neutron-l3-agent.service systemctl restart openstack-nova-api.service neutron-server.service (CTL) neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list Cinder \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS\u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list horizon \u5b89\u88c5 \u00b6 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"user\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740 Tempest \u5b89\u88c5 \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Wallaby\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin Ironic \u5b89\u88c5 \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://172.20.19.13:5050/v1 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop transport_url = rabbit://openstack:RABBITPASSWD@controller:5672/ enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:123456@172.20.19.25:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 3\u3001\u914d\u7f6e\u6d88\u606f\u5ea6\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 4\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://control:5000 www_authenticate_uri = http://control:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = control:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True 5\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 6\u3001\u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c 7\u3001\u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\uff1a ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade 8\u3001\u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd deploy ramdisk\u955c\u50cf\u5236\u4f5c W\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528W\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\uff0c\u5982\u4e0b\uff1a \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a w\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 2) ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target Kolla \u5b89\u88c5 \u00b6 Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 21.09\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002 Trove \u5b89\u88c5 \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 ```shell script yum install openstack-trove python-troveclient 2. \u914d\u7f6e`trove.conf` ```shell script vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] project_domain_name = Default project_name = service user_domain_name = Default password = trove username = trove auth_url = http://controller:5000/v3/ auth_type = password [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = trove project_domain_name = Default user_domain_name = Default username = trove [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 \u914d\u7f6e trove-guestagent.conf ```shell script vim /etc/trove/trove-guestagent.conf [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 **\u89e3\u91ca\uff1a** `guestagent`\u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 **\u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002** - `transport_url` \u4e3a`RabbitMQ`\u8fde\u63a5\u4fe1\u606f\uff0c`RABBIT_PASS`\u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d`TROVE_PASS`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 6. \u751f\u6210\u6570\u636e`Trove`\u6570\u636e\u5e93\u8868 ```shell script su -s /bin/sh -c \"trove-manage db_sync\" trove 4. \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e 1. \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 ```shell script systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2. \u542f\u52a8\u670d\u52a1 ```shell script systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Swift \u5b89\u88c5 \u00b6 Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #admin\u4e3aswift\u7528\u6237\u6dfb\u52a0\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8swift\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3a\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230 /etc/swift \u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service","title":"openEuler-21.09_Wallaby"},{"location":"install/openEuler-21.09/OpenStack-wallaby/#openstack-wallaby","text":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5","title":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-21.09/OpenStack-wallaby/#openstack","text":"OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 21.09 \u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Wallaby \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002","title":"OpenStack \u7b80\u4ecb"},{"location":"install/openEuler-21.09/OpenStack-wallaby/#_1","text":"OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron","title":"\u7ea6\u5b9a"},{"location":"install/openEuler-21.09/OpenStack-wallaby/#_2","text":"","title":"\u51c6\u5907\u73af\u5883"},{"location":"install/openEuler-21.09/OpenStack-wallaby/#_3","text":"\u914d\u7f6e 21.09 \u5b98\u65b9yum\u6e90\uff0c\u9700\u8981\u542f\u7528EPOL\u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301OpenStack cat << EOF >> /etc/yum.repos.d/21.09-OpenStack_Wallaby.repo [OS] name=OS baseurl=http://repo.openeuler.org/openEuler-21.09/OS/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-21.09/OS/$basearch/RPM-GPG-KEY-openEuler [everything] name=everything baseurl=http://repo.openeuler.org/openEuler-21.09/everything/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-21.09/everything/$basearch/RPM-GPG-KEY-openEuler [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-21.09/EPOL/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-21.09/OS/$basearch/RPM-GPG-KEY-openEuler EOF yum clean all && yum makecache \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute","title":"\u73af\u5883\u914d\u7f6e"},{"location":"install/openEuler-21.09/OpenStack-wallaby/#sql-database","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef","title":"\u5b89\u88c5 SQL DataBase"},{"location":"install/openEuler-21.09/OpenStack-wallaby/#rabbitmq","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5 RabbitMQ"},{"location":"install/openEuler-21.09/OpenStack-wallaby/#memcached","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002","title":"\u5b89\u88c5 Memcached"},{"location":"install/openEuler-21.09/OpenStack-wallaby/#openstack_1","text":"","title":"\u5b89\u88c5 OpenStack"},{"location":"install/openEuler-21.09/OpenStack-wallaby/#keystone","text":"\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone \u5b89\u88c5"},{"location":"install/openEuler-21.09/OpenStack-wallaby/#glance","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance \u5b89\u88c5"},{"location":"install/openEuler-21.09/OpenStack-wallaby/#placement","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a . admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name","title":"Placement\u5b89\u88c5"},{"location":"install/openEuler-21.09/OpenStack-wallaby/#nova","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [libvirt] virt_type = qemu (CPT) cpu_mode = custom (CPT) cpu_model = cortex-a72 (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] vim /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } (CPT) \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL)","title":"Nova \u5b89\u88c5"},{"location":"install/openEuler-21.09/OpenStack-wallaby/#neutron","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ systemctl enable neutron-l3-agent.service systemctl restart openstack-nova-api.service neutron-server.service (CTL) neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list","title":"Neutron \u5b89\u88c5"},{"location":"install/openEuler-21.09/OpenStack-wallaby/#cinder","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS\u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list","title":"Cinder \u5b89\u88c5"},{"location":"install/openEuler-21.09/OpenStack-wallaby/#horizon","text":"\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"user\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740","title":"horizon \u5b89\u88c5"},{"location":"install/openEuler-21.09/OpenStack-wallaby/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Wallaby\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin","title":"Tempest \u5b89\u88c5"},{"location":"install/openEuler-21.09/OpenStack-wallaby/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://172.20.19.13:5050/v1 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop transport_url = rabbit://openstack:RABBITPASSWD@controller:5672/ enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:123456@172.20.19.25:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 3\u3001\u914d\u7f6e\u6d88\u606f\u5ea6\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 4\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://control:5000 www_authenticate_uri = http://control:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = control:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True 5\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 6\u3001\u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c 7\u3001\u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\uff1a ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade 8\u3001\u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd deploy ramdisk\u955c\u50cf\u5236\u4f5c W\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528W\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\uff0c\u5982\u4e0b\uff1a \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a w\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 2) ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target","title":"Ironic \u5b89\u88c5"},{"location":"install/openEuler-21.09/OpenStack-wallaby/#kolla","text":"Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 21.09\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002","title":"Kolla \u5b89\u88c5"},{"location":"install/openEuler-21.09/OpenStack-wallaby/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 ```shell script yum install openstack-trove python-troveclient 2. \u914d\u7f6e`trove.conf` ```shell script vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] project_domain_name = Default project_name = service user_domain_name = Default password = trove username = trove auth_url = http://controller:5000/v3/ auth_type = password [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = trove project_domain_name = Default user_domain_name = Default username = trove [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 \u914d\u7f6e trove-guestagent.conf ```shell script vim /etc/trove/trove-guestagent.conf [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 **\u89e3\u91ca\uff1a** `guestagent`\u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 **\u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002** - `transport_url` \u4e3a`RabbitMQ`\u8fde\u63a5\u4fe1\u606f\uff0c`RABBIT_PASS`\u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d`TROVE_PASS`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 6. \u751f\u6210\u6570\u636e`Trove`\u6570\u636e\u5e93\u8868 ```shell script su -s /bin/sh -c \"trove-manage db_sync\" trove 4. \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e 1. \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 ```shell script systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2. \u542f\u52a8\u670d\u52a1 ```shell script systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove \u5b89\u88c5"},{"location":"install/openEuler-21.09/OpenStack-wallaby/#swift","text":"Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #admin\u4e3aswift\u7528\u6237\u6dfb\u52a0\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8swift\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3a\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230 /etc/swift \u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service","title":"Swift \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/","text":"OpenStack-Train \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack-Train \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 OpenStack \u7b80\u4ecb \u00b6 OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 22.03-LTS\u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Train \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002 \u7ea6\u5b9a \u00b6 OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron \u51c6\u5907\u73af\u5883 \u00b6 \u73af\u5883\u914d\u7f6e \u00b6 \u542f\u52a8OpenStack Train yum\u6e90 yum update yum install openstack-release-train yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.03-LTS/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.03-LTS/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute \u5b89\u88c5 SQL DataBase \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef \u5b89\u88c5 RabbitMQ \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5 Memcached \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u5b89\u88c5 OpenStack \u00b6 Keystone \u5b89\u88c5 \u00b6 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Placement\u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a . admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name Nova \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) logdir = /var/log/nova/ (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u5219 virt_type \u53ef\u4ee5\u914d\u7f6e\u4e3a kvm \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF chown nova:nova /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u5e76\u4e14\u5f53ARM\u67b6\u6784\u4e0b\u7684\u90e8\u7f72\u73af\u5883\u4e3a\u5d4c\u5957\u865a\u62df\u5316\u65f6\uff0c libvirt \u914d\u7f6e\u5982\u4e0b\uff1a [libvirt] virt_type = qemu cpu_mode = custom cpu_model = cortex-a72 \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CTL) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL) Neutron \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl restart neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list Cinder \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list horizon \u5b89\u88c5 \u00b6 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740 Tempest \u5b89\u88c5 \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Train\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin Ironic \u5b89\u88c5 \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; 2. \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u542f\u52a8\u670d\u52a1 systemctl enable openstack-ironic-api openstack-ironic-conductor systemctl start openstack-ironic-api openstack-ironic-conductor \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y 2. \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7. deploy ramdisk\u955c\u50cf\u5236\u4f5c T\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528T\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728T\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a T\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target \u5728Train\u4e2d\uff0c\u6211\u4eec\u8fd8\u63d0\u4f9b\u4e86ironic-inspector\u7b49\u670d\u52a1\uff0c\u7528\u6237\u53ef\u6839\u636e\u81ea\u8eab\u9700\u6c42\u5b89\u88c5\u3002 Kolla \u5b89\u88c5 \u00b6 Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u8fdb\u884c\u76f8\u5173\u7684\u955c\u50cf\u5236\u4f5c\u548c\u5bb9\u5668\u73af\u5883\u90e8\u7f72\u4e86\u3002 Trove \u5b89\u88c5 \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --domain default --password-prompt trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 ``shell script yum install openstack-trove python3-troveclient 2. \u914d\u7f6e`trove.conf` ```shell script vim /etc/trove/trove.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller:5000/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 swift_url = http://controller:8080/v1/AUTH_ rpc_backend = rabbit transport_url = rabbit://openstack:RABBIT_PASS@controller:5672 auth_strategy = keystone add_addresses = True api_paste_config = /etc/trove/api-paste.ini nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASSWORD nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver = trove.network.neutron.NeutronDriver network_label_regex = .* [database] connection = mysql+pymysql://trove:TROVE_DBPASSWORD@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ auth_type = password project_domain_name = default user_domain_name = default project_name = service username = trove password = TROVE_PASSWORD **\u89e3\u91ca\uff1a** - [Default] \u5206\u7ec4\u4e2d nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint - nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b - transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 \u914d\u7f6e trove-guestagent.conf ```shell script vim /etc/trove/trove-guestagent.conf rabbit_host = controller rabbit_password = RABBIT_PASS trove_auth_url = http://controller:5000/ **\u89e3\u91ca\uff1a** `guestagent`\u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 **\u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002** - `RABBIT_PASS`\u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 4. \u751f\u6210\u6570\u636e`Trove`\u6570\u636e\u5e93\u8868 ```shell script su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 ```shell script systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2. \u542f\u52a8\u670d\u52a1 ```shell script systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Swift \u5b89\u88c5 \u00b6 Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service Cyborg \u5b89\u88c5 \u00b6 Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 \u5b89\u88c5Cyborg yum install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent Aodh \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync \u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service Gnocchi \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade \u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service Ceilometer \u5b89\u88c5 \u00b6 \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade \u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Heat \u5b89\u88c5 \u00b6 \u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 \u00b6 oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 pip install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.03-LTS\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.03-lts -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r train \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.03-lts -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"openEuler-22.03-LTS_Train"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#openstack-train","text":"OpenStack-Train \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72","title":"OpenStack-Train \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#openstack","text":"OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 22.03-LTS\u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Train \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002","title":"OpenStack \u7b80\u4ecb"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#_1","text":"OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron","title":"\u7ea6\u5b9a"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#_2","text":"","title":"\u51c6\u5907\u73af\u5883"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#_3","text":"\u542f\u52a8OpenStack Train yum\u6e90 yum update yum install openstack-release-train yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.03-LTS/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.03-LTS/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute","title":"\u73af\u5883\u914d\u7f6e"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#sql-database","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef","title":"\u5b89\u88c5 SQL DataBase"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#rabbitmq","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5 RabbitMQ"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#memcached","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002","title":"\u5b89\u88c5 Memcached"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#openstack_1","text":"","title":"\u5b89\u88c5 OpenStack"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#keystone","text":"\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#glance","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#placement","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a . admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name","title":"Placement\u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#nova","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) logdir = /var/log/nova/ (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u5219 virt_type \u53ef\u4ee5\u914d\u7f6e\u4e3a kvm \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF chown nova:nova /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u5e76\u4e14\u5f53ARM\u67b6\u6784\u4e0b\u7684\u90e8\u7f72\u73af\u5883\u4e3a\u5d4c\u5957\u865a\u62df\u5316\u65f6\uff0c libvirt \u914d\u7f6e\u5982\u4e0b\uff1a [libvirt] virt_type = qemu cpu_mode = custom cpu_model = cortex-a72 \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CTL) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL)","title":"Nova \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#neutron","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl restart neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list","title":"Neutron \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#cinder","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list","title":"Cinder \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#horizon","text":"\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740","title":"horizon \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Train\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin","title":"Tempest \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; 2. \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u542f\u52a8\u670d\u52a1 systemctl enable openstack-ironic-api openstack-ironic-conductor systemctl start openstack-ironic-api openstack-ironic-conductor \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y 2. \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7. deploy ramdisk\u955c\u50cf\u5236\u4f5c T\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528T\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728T\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a T\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target \u5728Train\u4e2d\uff0c\u6211\u4eec\u8fd8\u63d0\u4f9b\u4e86ironic-inspector\u7b49\u670d\u52a1\uff0c\u7528\u6237\u53ef\u6839\u636e\u81ea\u8eab\u9700\u6c42\u5b89\u88c5\u3002","title":"Ironic \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#kolla","text":"Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u8fdb\u884c\u76f8\u5173\u7684\u955c\u50cf\u5236\u4f5c\u548c\u5bb9\u5668\u73af\u5883\u90e8\u7f72\u4e86\u3002","title":"Kolla \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --domain default --password-prompt trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 ``shell script yum install openstack-trove python3-troveclient 2. \u914d\u7f6e`trove.conf` ```shell script vim /etc/trove/trove.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller:5000/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 swift_url = http://controller:8080/v1/AUTH_ rpc_backend = rabbit transport_url = rabbit://openstack:RABBIT_PASS@controller:5672 auth_strategy = keystone add_addresses = True api_paste_config = /etc/trove/api-paste.ini nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASSWORD nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver = trove.network.neutron.NeutronDriver network_label_regex = .* [database] connection = mysql+pymysql://trove:TROVE_DBPASSWORD@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ auth_type = password project_domain_name = default user_domain_name = default project_name = service username = trove password = TROVE_PASSWORD **\u89e3\u91ca\uff1a** - [Default] \u5206\u7ec4\u4e2d nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint - nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b - transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 \u914d\u7f6e trove-guestagent.conf ```shell script vim /etc/trove/trove-guestagent.conf rabbit_host = controller rabbit_password = RABBIT_PASS trove_auth_url = http://controller:5000/ **\u89e3\u91ca\uff1a** `guestagent`\u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 **\u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002** - `RABBIT_PASS`\u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 4. \u751f\u6210\u6570\u636e`Trove`\u6570\u636e\u5e93\u8868 ```shell script su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 ```shell script systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2. \u542f\u52a8\u670d\u52a1 ```shell script systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#swift","text":"Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service","title":"Swift \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#cyborg","text":"Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 \u5b89\u88c5Cyborg yum install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent","title":"Cyborg \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#aodh","text":"\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync \u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service","title":"Aodh \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#gnocchi","text":"\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade \u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service","title":"Gnocchi \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#ceilometer","text":"\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade \u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service","title":"Ceilometer \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#heat","text":"\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service","title":"Heat \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-train/#openstack-sigoos","text":"oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 pip install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.03-LTS\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.03-lts -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r train \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.03-lts -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"\u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/","text":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 OpenStack \u7b80\u4ecb \u00b6 OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 22.03 LTS \u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Wallaby \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002 \u7ea6\u5b9a \u00b6 OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron \u51c6\u5907\u73af\u5883 \u00b6 \u73af\u5883\u914d\u7f6e \u00b6 \u914d\u7f6e 22.03 LTS \u5b98\u65b9yum\u6e90\uff0c\u9700\u8981\u542f\u7528EPOL\u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301OpenStack yum update yum install openstack-release-wallaby yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.03-LTS/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.03-LTS/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute \u5b89\u88c5 SQL DataBase \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef \u5b89\u88c5 RabbitMQ \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5 Memcached \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u5b89\u88c5 OpenStack \u00b6 Keystone \u5b89\u88c5 \u00b6 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Placement\u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a . admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name Nova \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [libvirt] virt_type = qemu (CPT) cpu_mode = custom (CPT) cpu_model = cortex-a72 (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] vim /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } (CPT) \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL) Neutron \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ systemctl enable neutron-l3-agent.service systemctl restart openstack-nova-api.service neutron-server.service (CTL) neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list Cinder \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list horizon \u5b89\u88c5 \u00b6 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740 Tempest \u5b89\u88c5 \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Wallaby\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin Ironic \u5b89\u88c5 \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://172.20.19.13:5050/v1 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop transport_url = rabbit://openstack:RABBITPASSWD@controller:5672/ enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:123456@172.20.19.25:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 3\u3001\u914d\u7f6e\u6d88\u606f\u5ea6\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 4\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://control:5000 www_authenticate_uri = http://control:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = control:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True 5\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 6\u3001\u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c 7\u3001\u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\uff1a ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade 8\u3001\u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd deploy ramdisk\u955c\u50cf\u5236\u4f5c W\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528W\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\uff0c\u5982\u4e0b\uff1a \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a ![ironic-err](../../img/install/ironic-err.png) \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a w\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 1. \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a ``` [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ``` 2) ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 ``` [DEFAULT] enable_auto_tls = False ``` \u8bbe\u7f6e\u6743\u9650\uff1a ``` chown -R ipa.ipa /etc/ironic_python_agent/ ``` 3. \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service ``` [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target ``` Kolla \u5b89\u88c5 \u00b6 Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 22.03 LTS\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002 Trove \u5b89\u88c5 \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 ``shell script yum install openstack-trove python-troveclient 2. \u914d\u7f6e`trove.conf` ```shell script vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] project_domain_name = Default project_name = service user_domain_name = Default password = trove username = trove auth_url = http://controller:5000/v3/ auth_type = password [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = trove project_domain_name = Default user_domain_name = Default username = trove [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 **\u89e3\u91ca\uff1a** - [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP - nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint - nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b - transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 \u914d\u7f6e trove-guestagent.conf ```shell script vim /etc/trove/trove-guestagent.conf [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 **\u89e3\u91ca\uff1a** `guestagent`\u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 **\u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002** - `transport_url` \u4e3a`RabbitMQ`\u8fde\u63a5\u4fe1\u606f\uff0c`RABBIT_PASS`\u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d`TROVE_PASS`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 6. \u751f\u6210\u6570\u636e`Trove`\u6570\u636e\u5e93\u8868 ```shell script su -s /bin/sh -c \"trove-manage db_sync\" trove 4. \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e 1. \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 ```shell script systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2. \u542f\u52a8\u670d\u52a1 ```shell script systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Swift \u5b89\u88c5 \u00b6 Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service Cyborg \u5b89\u88c5 \u00b6 Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 \u5b89\u88c5Cyborg yum install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent Aodh \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u6ce8\u610f aodh\u4f9d\u8d56\u7684\u8f6f\u4ef6\u5305pytho3-pyparsing\u5728openEuler\u7684OS\u4ed3\u4e0d\u9002\u914d\uff0c\u9700\u8981\u8986\u76d6\u5b89\u88c5OpenStack\u5bf9\u5e94\u7248\u672c\uff0c\u53ef\u4ee5\u4f7f\u7528 yum list |grep pyparsing |grep OpenStack | awk '{print $2}' \u83b7\u53d6\u5bf9\u5e94\u7684\u7248\u672c VERSION,\u7136\u540e\u518d yum install -y python3-pyparsing-VERSION \u8986\u76d6\u5b89\u88c5\u9002\u914d\u7684pyparsing \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync \u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service Gnocchi \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade \u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service Ceilometer \u5b89\u88c5 \u00b6 \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade \u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Heat \u5b89\u88c5 \u00b6 \u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 \u00b6 oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 pip install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.03-LTS\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.03-lts -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r wallaby \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.03-lts -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"openEuler-22.03-LTS_Wallaby"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#openstack-wallaby","text":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72","title":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#openstack","text":"OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 22.03 LTS \u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Wallaby \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002","title":"OpenStack \u7b80\u4ecb"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#_1","text":"OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron","title":"\u7ea6\u5b9a"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#_2","text":"","title":"\u51c6\u5907\u73af\u5883"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#_3","text":"\u914d\u7f6e 22.03 LTS \u5b98\u65b9yum\u6e90\uff0c\u9700\u8981\u542f\u7528EPOL\u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301OpenStack yum update yum install openstack-release-wallaby yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.03-LTS/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.03-LTS/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute","title":"\u73af\u5883\u914d\u7f6e"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#sql-database","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef","title":"\u5b89\u88c5 SQL DataBase"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#rabbitmq","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5 RabbitMQ"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#memcached","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002","title":"\u5b89\u88c5 Memcached"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#openstack_1","text":"","title":"\u5b89\u88c5 OpenStack"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#keystone","text":"\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#glance","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#placement","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a . admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name","title":"Placement\u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#nova","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [libvirt] virt_type = qemu (CPT) cpu_mode = custom (CPT) cpu_model = cortex-a72 (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] vim /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } (CPT) \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL)","title":"Nova \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#neutron","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ systemctl enable neutron-l3-agent.service systemctl restart openstack-nova-api.service neutron-server.service (CTL) neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list","title":"Neutron \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#cinder","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list","title":"Cinder \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#horizon","text":"\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740","title":"horizon \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Wallaby\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin","title":"Tempest \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://172.20.19.13:5050/v1 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop transport_url = rabbit://openstack:RABBITPASSWD@controller:5672/ enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:123456@172.20.19.25:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 3\u3001\u914d\u7f6e\u6d88\u606f\u5ea6\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 4\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://control:5000 www_authenticate_uri = http://control:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = control:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True 5\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 6\u3001\u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c 7\u3001\u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\uff1a ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade 8\u3001\u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd deploy ramdisk\u955c\u50cf\u5236\u4f5c W\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528W\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\uff0c\u5982\u4e0b\uff1a \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a ![ironic-err](../../img/install/ironic-err.png) \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a w\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 1. \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a ``` [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ``` 2) ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 ``` [DEFAULT] enable_auto_tls = False ``` \u8bbe\u7f6e\u6743\u9650\uff1a ``` chown -R ipa.ipa /etc/ironic_python_agent/ ``` 3. \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service ``` [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target ```","title":"Ironic \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#kolla","text":"Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 22.03 LTS\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002","title":"Kolla \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 ``shell script yum install openstack-trove python-troveclient 2. \u914d\u7f6e`trove.conf` ```shell script vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] project_domain_name = Default project_name = service user_domain_name = Default password = trove username = trove auth_url = http://controller:5000/v3/ auth_type = password [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = trove project_domain_name = Default user_domain_name = Default username = trove [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 **\u89e3\u91ca\uff1a** - [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP - nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint - nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b - transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 \u914d\u7f6e trove-guestagent.conf ```shell script vim /etc/trove/trove-guestagent.conf [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 **\u89e3\u91ca\uff1a** `guestagent`\u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 **\u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002** - `transport_url` \u4e3a`RabbitMQ`\u8fde\u63a5\u4fe1\u606f\uff0c`RABBIT_PASS`\u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d`TROVE_PASS`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 6. \u751f\u6210\u6570\u636e`Trove`\u6570\u636e\u5e93\u8868 ```shell script su -s /bin/sh -c \"trove-manage db_sync\" trove 4. \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e 1. \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 ```shell script systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2. \u542f\u52a8\u670d\u52a1 ```shell script systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#swift","text":"Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service","title":"Swift \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#cyborg","text":"Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 \u5b89\u88c5Cyborg yum install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent","title":"Cyborg \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#aodh","text":"\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u6ce8\u610f aodh\u4f9d\u8d56\u7684\u8f6f\u4ef6\u5305pytho3-pyparsing\u5728openEuler\u7684OS\u4ed3\u4e0d\u9002\u914d\uff0c\u9700\u8981\u8986\u76d6\u5b89\u88c5OpenStack\u5bf9\u5e94\u7248\u672c\uff0c\u53ef\u4ee5\u4f7f\u7528 yum list |grep pyparsing |grep OpenStack | awk '{print $2}' \u83b7\u53d6\u5bf9\u5e94\u7684\u7248\u672c VERSION,\u7136\u540e\u518d yum install -y python3-pyparsing-VERSION \u8986\u76d6\u5b89\u88c5\u9002\u914d\u7684pyparsing \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync \u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service","title":"Aodh \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#gnocchi","text":"\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade \u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service","title":"Gnocchi \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#ceilometer","text":"\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade \u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service","title":"Ceilometer \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#heat","text":"\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service","title":"Heat \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS/OpenStack-wallaby/#openstack-sigoos","text":"oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 pip install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.03-LTS\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.03-lts -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r wallaby \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.03-lts -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"\u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/","text":"OpenStack-Train \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack-Train \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 \u57fa\u4e8eOpenStack SIG\u90e8\u7f72\u5de5\u5177opensd\u90e8\u7f72 \u90e8\u7f72\u6b65\u9aa4 1. \u90e8\u7f72\u524d\u9700\u8981\u786e\u8ba4\u7684\u4fe1\u606f 2. ceph pool\u4e0e\u8ba4\u8bc1\u521b\u5efa\uff08\u53ef\u9009\uff09 2.1 \u521b\u5efapool: 2.2 \u521d\u59cb\u5316pool 2.3 \u521b\u5efa\u7528\u6237\u8ba4\u8bc1 3. \u914d\u7f6elvm\uff08\u53ef\u9009\uff09 4. \u914d\u7f6eyum repo 4.1 \u5907\u4efdyum\u6e90 4.2 \u914d\u7f6eyum repo 4.3 \u66f4\u65b0yum\u7f13\u5b58 5. \u5b89\u88c5opensd 5.1 \u514b\u9686opensd\u6e90\u7801\u5e76\u5b89\u88c5 6. \u505assh\u4e92\u4fe1 6.1 \u751f\u6210\u5bc6\u94a5\u5bf9 6.2 \u751f\u6210\u4e3b\u673aIP\u5730\u5740\u6587\u4ef6 6.3 \u66f4\u6539\u5bc6\u7801\u5e76\u6267\u884c\u811a\u672c 6.4 \u90e8\u7f72\u8282\u70b9\u4e0eceph monitor\u505a\u4e92\u4fe1\uff08\u53ef\u9009\uff09 7. \u914d\u7f6eopensd 7.1 \u751f\u6210\u968f\u673a\u5bc6\u7801 7.2 \u914d\u7f6einventory\u6587\u4ef6 7.3 \u914d\u7f6e\u5168\u5c40\u53d8\u91cf 7.4 \u68c0\u67e5\u6240\u6709\u8282\u70b9ssh\u8fde\u63a5\u72b6\u6001 8. \u6267\u884c\u90e8\u7f72 8.1 \u6267\u884cbootstrap 8.2 \u91cd\u542f\u670d\u52a1\u5668 8.3 \u6267\u884c\u90e8\u7f72\u524d\u68c0\u67e5 8.4 \u6267\u884c\u90e8\u7f72 OpenStack \u7b80\u4ecb \u00b6 OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 22.03-LTS-SP1\u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Train \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002 \u7ea6\u5b9a \u00b6 OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron \u51c6\u5907\u73af\u5883 \u00b6 \u73af\u5883\u914d\u7f6e \u00b6 \u542f\u52a8OpenStack Train yum\u6e90 yum update yum install openstack-release-train yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP1/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.03-LTS-SP1/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute \u5b89\u88c5 SQL DataBase \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef \u5b89\u88c5 RabbitMQ \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5 Memcached \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u5b89\u88c5 OpenStack \u00b6 Keystone \u5b89\u88c5 \u00b6 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient==4.0.2 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Placement\u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a . admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name Nova \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u5219 virt_type \u53ef\u4ee5\u914d\u7f6e\u4e3a kvm \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF chown nova:nova /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u5e76\u4e14\u5f53ARM\u67b6\u6784\u4e0b\u7684\u90e8\u7f72\u73af\u5883\u4e3a\u5d4c\u5957\u865a\u62df\u5316\u65f6\uff0c libvirt \u914d\u7f6e\u5982\u4e0b\uff1a [libvirt] virt_type = qemu cpu_mode = custom cpu_model = cortex-a72 \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CTL) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL) Neutron \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl restart neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list Cinder \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list horizon \u5b89\u88c5 \u00b6 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740 Tempest \u5b89\u88c5 \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Train\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin Ironic \u5b89\u88c5 \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; 2. \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u542f\u52a8\u670d\u52a1 systemctl enable openstack-ironic-api openstack-ironic-conductor systemctl start openstack-ironic-api openstack-ironic-conductor \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y 2. \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7. deploy ramdisk\u955c\u50cf\u5236\u4f5c T\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528T\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728T\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a T\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target \u5728Train\u4e2d\uff0c\u6211\u4eec\u8fd8\u63d0\u4f9b\u4e86ironic-inspector\u7b49\u670d\u52a1\uff0c\u7528\u6237\u53ef\u6839\u636e\u81ea\u8eab\u9700\u6c42\u5b89\u88c5\u3002 Kolla \u5b89\u88c5 \u00b6 Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u8fdb\u884c\u76f8\u5173\u7684\u955c\u50cf\u5236\u4f5c\u548c\u5bb9\u5668\u73af\u5883\u90e8\u7f72\u4e86\u3002 Trove \u5b89\u88c5 \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --domain default --password-prompt trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 ``shell script yum install openstack-trove python3-troveclient 2. \u914d\u7f6e`trove.conf` ```shell script vim /etc/trove/trove.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller:5000/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 swift_url = http://controller:8080/v1/AUTH_ rpc_backend = rabbit transport_url = rabbit://openstack:RABBIT_PASS@controller:5672 auth_strategy = keystone add_addresses = True api_paste_config = /etc/trove/api-paste.ini nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASSWORD nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver = trove.network.neutron.NeutronDriver network_label_regex = .* [database] connection = mysql+pymysql://trove:TROVE_DBPASSWORD@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ auth_type = password project_domain_name = default user_domain_name = default project_name = service username = trove password = TROVE_PASSWORD **\u89e3\u91ca\uff1a** - [Default] \u5206\u7ec4\u4e2d nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint - nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b - transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 \u914d\u7f6e trove-guestagent.conf ```shell script vim /etc/trove/trove-guestagent.conf rabbit_host = controller rabbit_password = RABBIT_PASS trove_auth_url = http://controller:5000/ **\u89e3\u91ca\uff1a** `guestagent`\u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 **\u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002** - `RABBIT_PASS`\u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 4. \u751f\u6210\u6570\u636e`Trove`\u6570\u636e\u5e93\u8868 ```shell script su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 ```shell script systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2. \u542f\u52a8\u670d\u52a1 ```shell script systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Swift \u5b89\u88c5 \u00b6 Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service Cyborg \u5b89\u88c5 \u00b6 Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 \u5b89\u88c5Cyborg yum install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent Aodh \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync \u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service Gnocchi \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade \u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service Ceilometer \u5b89\u88c5 \u00b6 \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade \u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Heat \u5b89\u88c5 \u00b6 \u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 \u00b6 oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 pip install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.03-LTS-SP1\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.03-lts-sp1 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r train \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.03-lts-sp1 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002 \u57fa\u4e8eOpenStack SIG\u90e8\u7f72\u5de5\u5177opensd\u90e8\u7f72 \u00b6 opensd\u7528\u4e8e\u6279\u91cf\u5730\u811a\u672c\u5316\u90e8\u7f72openstack\u5404\u7ec4\u4ef6\u670d\u52a1\u3002 \u90e8\u7f72\u6b65\u9aa4 \u00b6 1. \u90e8\u7f72\u524d\u9700\u8981\u786e\u8ba4\u7684\u4fe1\u606f \u00b6 \u88c5\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u9700\u5c06selinux\u8bbe\u7f6e\u4e3adisable \u88c5\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u5c06/etc/ssh/sshd_config\u914d\u7f6e\u6587\u4ef6\u5185\u7684UseDNS\u8bbe\u7f6e\u4e3ano \u64cd\u4f5c\u7cfb\u7edf\u8bed\u8a00\u5fc5\u987b\u8bbe\u7f6e\u4e3a\u82f1\u6587 \u90e8\u7f72\u4e4b\u524d\u8bf7\u786e\u4fdd\u6240\u6709\u8ba1\u7b97\u8282\u70b9/etc/hosts\u6587\u4ef6\u5185\u6ca1\u6709\u5bf9\u8ba1\u7b97\u4e3b\u673a\u7684\u89e3\u6790 2. ceph pool\u4e0e\u8ba4\u8bc1\u521b\u5efa\uff08\u53ef\u9009\uff09 \u00b6 \u4e0d\u4f7f\u7528ceph\u6216\u5df2\u6709ceph\u96c6\u7fa4\u53ef\u5ffd\u7565\u6b64\u6b65\u9aa4 \u5728\u4efb\u610f\u4e00\u53f0ceph monitor\u8282\u70b9\u6267\u884c: 2.1 \u521b\u5efapool: \u00b6 ceph osd pool create volumes 2048 ceph osd pool create images 2048 2.2 \u521d\u59cb\u5316pool \u00b6 rbd pool init volumes rbd pool init images 2.3 \u521b\u5efa\u7528\u6237\u8ba4\u8bc1 \u00b6 ceph auth get-or-create client.glance mon 'profile rbd' osd 'profile rbd pool=images' mgr 'profile rbd pool=images' ceph auth get-or-create client.cinder mon 'profile rbd' osd 'profile rbd pool=volumes, profile rbd pool=images' mgr 'profile rbd pool=volumes' 3. \u914d\u7f6elvm\uff08\u53ef\u9009\uff09 \u00b6 \u6839\u636e\u7269\u7406\u673a\u78c1\u76d8\u914d\u7f6e\u4e0e\u95f2\u7f6e\u60c5\u51b5\uff0c\u4e3amysql\u6570\u636e\u76ee\u5f55\u6302\u8f7d\u989d\u5916\u7684\u78c1\u76d8\u7a7a\u95f4\u3002\u793a\u4f8b\u5982\u4e0b\uff08\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u505a\u914d\u7f6e\uff09\uff1a fdisk -l Disk /dev/sdd: 479.6 GB, 479559942144 bytes, 936640512 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes Disk label type: dos Disk identifier: 0x000ed242 \u521b\u5efa\u5206\u533a parted /dev/sdd mkparted 0 -1 \u521b\u5efapv partprobe /dev/sdd1 pvcreate /dev/sdd1 \u521b\u5efa\u3001\u6fc0\u6d3bvg vgcreate vg_mariadb /dev/sdd1 vgchange -ay vg_mariadb \u67e5\u770bvg\u5bb9\u91cf vgdisplay --- Volume group --- VG Name vg_mariadb System ID Format lvm2 Metadata Areas 1 Metadata Sequence No 2 VG Access read/write VG Status resizable MAX LV 0 Cur LV 1 Open LV 1 Max PV 0 Cur PV 1 Act PV 1 VG Size 446.62 GiB PE Size 4.00 MiB Total PE 114335 Alloc PE / Size 114176 / 446.00 GiB Free PE / Size 159 / 636.00 MiB VG UUID bVUmDc-VkMu-Vi43-mg27-TEkG-oQfK-TvqdEc \u521b\u5efalv lvcreate -L 446G -n lv_mariadb vg_mariadb \u683c\u5f0f\u5316\u78c1\u76d8\u5e76\u83b7\u53d6\u5377\u7684UUID mkfs.ext4 /dev/mapper/vg_mariadb-lv_mariadb blkid /dev/mapper/vg_mariadb-lv_mariadb /dev/mapper/vg_mariadb-lv_mariadb: UUID=\"98d513eb-5f64-4aa5-810e-dc7143884fa2\" TYPE=\"ext4\" \u6ce8\uff1a98d513eb-5f64-4aa5-810e-dc7143884fa2\u4e3a\u5377\u7684UUID \u6302\u8f7d\u78c1\u76d8 mount /dev/mapper/vg_mariadb-lv_mariadb /var/lib/mysql rm -rf /var/lib/mysql/* 4. \u914d\u7f6eyum repo \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 4.1 \u5907\u4efdyum\u6e90 \u00b6 mkdir /etc/yum.repos.d/bak/ mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak/ 4.2 \u914d\u7f6eyum repo \u00b6 cat > /etc/yum.repos.d/opensd.repo << EOF [train] name=train baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP1:/Epol:/Multi-Version:/OpenStack:/Train/standard_$basearch/ enabled=1 gpgcheck=0 [epol] name=epol baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP1:/Epol/standard_$basearch/ enabled=1 gpgcheck=0 [everything] name=everything baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP1/standard_$basearch/ enabled=1 gpgcheck=0 EOF 4.3 \u66f4\u65b0yum\u7f13\u5b58 \u00b6 yum clean all yum makecache 5. \u5b89\u88c5opensd \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 5.1 \u514b\u9686opensd\u6e90\u7801\u5e76\u5b89\u88c5 \u00b6 git clone https://gitee.com/openeuler/opensd cd opensd python3 setup.py install 6. \u505assh\u4e92\u4fe1 \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 6.1 \u751f\u6210\u5bc6\u94a5\u5bf9 \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\u5e76\u4e00\u8def\u56de\u8f66 ssh-keygen 6.2 \u751f\u6210\u4e3b\u673aIP\u5730\u5740\u6587\u4ef6 \u00b6 \u5728auto_ssh_host_ip\u4e2d\u914d\u7f6e\u6240\u6709\u7528\u5230\u7684\u4e3b\u673aip, \u793a\u4f8b\uff1a cd /usr/local/share/opensd/tools/ vim auto_ssh_host_ip 10.0.0.1 10.0.0.2 ... 10.0.0.10 6.3 \u66f4\u6539\u5bc6\u7801\u5e76\u6267\u884c\u811a\u672c \u00b6 \u5c06\u514d\u5bc6\u811a\u672c /usr/local/bin/opensd-auto-ssh \u5185123123\u66ff\u6362\u4e3a\u4e3b\u673a\u771f\u5b9e\u5bc6\u7801 # \u66ff\u6362\u811a\u672c\u5185123123\u5b57\u7b26\u4e32 vim /usr/local/bin/opensd-auto-ssh ## \u5b89\u88c5expect\u540e\u6267\u884c\u811a\u672c dnf install expect -y opensd-auto-ssh 6.4 \u90e8\u7f72\u8282\u70b9\u4e0eceph monitor\u505a\u4e92\u4fe1\uff08\u53ef\u9009\uff09 \u00b6 ssh-copy-id root@x.x.x.x 7. \u914d\u7f6eopensd \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 7.1 \u751f\u6210\u968f\u673a\u5bc6\u7801 \u00b6 \u5b89\u88c5 python3-pbr, python3-utils, python3-pyyaml, python3-oslo-utils\u5e76\u968f\u673a\u751f\u6210\u5bc6\u7801 dnf install python3-pbr python3-utils python3-pyyaml python3-oslo-utils -y # \u6267\u884c\u547d\u4ee4\u751f\u6210\u5bc6\u7801 opensd-genpwd # \u68c0\u67e5\u5bc6\u7801\u662f\u5426\u751f\u6210 cat /usr/local/share/opensd/etc_examples/opensd/passwords.yml 7.2 \u914d\u7f6einventory\u6587\u4ef6 \u00b6 \u4e3b\u673a\u4fe1\u606f\u5305\u542b\uff1a\u4e3b\u673a\u540d\u3001ansible_host IP\u3001availability_zone\uff0c\u4e09\u8005\u5747\u9700\u914d\u7f6e\u7f3a\u4e00\u4e0d\u53ef\uff0c\u793a\u4f8b\uff1a vim /usr/local/share/opensd/ansible/inventory/multinode # \u4e09\u53f0\u63a7\u5236\u8282\u70b9\u4e3b\u673a\u4fe1\u606f [control] controller1 ansible_host=10.0.0.35 availability_zone=az01.cell01.cn-yogadev-1 controller2 ansible_host=10.0.0.36 availability_zone=az01.cell01.cn-yogadev-1 controller3 ansible_host=10.0.0.37 availability_zone=az01.cell01.cn-yogadev-1 # \u7f51\u7edc\u8282\u70b9\u4fe1\u606f\uff0c\u4e0e\u63a7\u5236\u8282\u70b9\u4fdd\u6301\u4e00\u81f4 [network] controller1 ansible_host=10.0.0.35 availability_zone=az01.cell01.cn-yogadev-1 controller2 ansible_host=10.0.0.36 availability_zone=az01.cell01.cn-yogadev-1 controller3 ansible_host=10.0.0.37 availability_zone=az01.cell01.cn-yogadev-1 # cinder-volume\u670d\u52a1\u8282\u70b9\u4fe1\u606f [storage] storage1 ansible_host=10.0.0.61 availability_zone=az01.cell01.cn-yogadev-1 storage2 ansible_host=10.0.0.78 availability_zone=az01.cell01.cn-yogadev-1 storage3 ansible_host=10.0.0.82 availability_zone=az01.cell01.cn-yogadev-1 # Cell1 \u96c6\u7fa4\u4fe1\u606f [cell-control-cell1] cell1 ansible_host=10.0.0.24 availability_zone=az01.cell01.cn-yogadev-1 cell2 ansible_host=10.0.0.25 availability_zone=az01.cell01.cn-yogadev-1 cell3 ansible_host=10.0.0.26 availability_zone=az01.cell01.cn-yogadev-1 [compute-cell1] compute1 ansible_host=10.0.0.27 availability_zone=az01.cell01.cn-yogadev-1 compute2 ansible_host=10.0.0.28 availability_zone=az01.cell01.cn-yogadev-1 compute3 ansible_host=10.0.0.29 availability_zone=az01.cell01.cn-yogadev-1 [cell1:children] cell-control-cell1 compute-cell1 # Cell2\u96c6\u7fa4\u4fe1\u606f [cell-control-cell2] cell4 ansible_host=10.0.0.36 availability_zone=az03.cell02.cn-yogadev-1 cell5 ansible_host=10.0.0.37 availability_zone=az03.cell02.cn-yogadev-1 cell6 ansible_host=10.0.0.38 availability_zone=az03.cell02.cn-yogadev-1 [compute-cell2] compute4 ansible_host=10.0.0.39 availability_zone=az03.cell02.cn-yogadev-1 compute5 ansible_host=10.0.0.40 availability_zone=az03.cell02.cn-yogadev-1 compute6 ansible_host=10.0.0.41 availability_zone=az03.cell02.cn-yogadev-1 [cell2:children] cell-control-cell2 compute-cell2 [baremetal] [compute-cell1-ironic] # \u586b\u5199\u6240\u6709cell\u96c6\u7fa4\u7684control\u4e3b\u673a\u7ec4 [nova-conductor:children] cell-control-cell1 cell-control-cell2 # \u586b\u5199\u6240\u6709cell\u96c6\u7fa4\u7684compute\u4e3b\u673a\u7ec4 [nova-compute:children] compute-added compute-cell1 compute-cell2 # \u4e0b\u9762\u7684\u4e3b\u673a\u7ec4\u4fe1\u606f\u4e0d\u9700\u53d8\u52a8\uff0c\u4fdd\u7559\u5373\u53ef [compute-added] [chrony-server:children] control [pacemaker:children] control ...... ...... 7.3 \u914d\u7f6e\u5168\u5c40\u53d8\u91cf \u00b6 \u6ce8: \u6587\u6863\u4e2d\u63d0\u5230\u7684\u6709\u6ce8\u91ca\u914d\u7f6e\u9879\u9700\u8981\u66f4\u6539\uff0c\u5176\u4ed6\u53c2\u6570\u4e0d\u9700\u8981\u66f4\u6539\uff0c\u82e5\u65e0\u76f8\u5173\u914d\u7f6e\u5219\u4e3a\u7a7a vim /usr/local/share/opensd/etc_examples/opensd/globals.yml ######################## # Network & Base options ######################## network_interface: \"eth0\" #\u7ba1\u7406\u7f51\u7edc\u7684\u7f51\u5361\u540d\u79f0 neutron_external_interface: \"eth1\" #\u4e1a\u52a1\u7f51\u7edc\u7684\u7f51\u5361\u540d\u79f0 cidr_netmask: 24 #\u7ba1\u7406\u7f51\u7684\u63a9\u7801 opensd_vip_address: 10.0.0.33 #\u63a7\u5236\u8282\u70b9\u865a\u62dfIP\u5730\u5740 cell1_vip_address: 10.0.0.34 #cell1\u96c6\u7fa4\u7684\u865a\u62dfIP\u5730\u5740 cell2_vip_address: 10.0.0.35 #cell2\u96c6\u7fa4\u7684\u865a\u62dfIP\u5730\u5740 external_fqdn: \"\" #\u7528\u4e8evnc\u8bbf\u95ee\u865a\u62df\u673a\u7684\u5916\u7f51\u57df\u540d\u5730\u5740 external_ntp_servers: [] #\u5916\u90e8ntp\u670d\u52a1\u5668\u5730\u5740 yumrepo_host: #yum\u6e90\u7684IP\u5730\u5740 yumrepo_port: #yum\u6e90\u7aef\u53e3\u53f7 environment: #yum\u6e90\u7684\u7c7b\u578b upgrade_all_packages: \"yes\" #\u662f\u5426\u5347\u7ea7\u6240\u6709\u5b89\u88c5\u7248\u7684\u7248\u672c(\u6267\u884cyum upgrade)\uff0c\u521d\u59cb\u90e8\u7f72\u8d44\u6e90\u8bf7\u8bbe\u7f6e\u4e3a\"yes\" enable_miner: \"no\" #\u662f\u5426\u5f00\u542f\u90e8\u7f72miner\u670d\u52a1 enable_chrony: \"no\" #\u662f\u5426\u5f00\u542f\u90e8\u7f72chrony\u670d\u52a1 enable_pri_mariadb: \"no\" #\u662f\u5426\u4e3a\u79c1\u6709\u4e91\u90e8\u7f72mariadb enable_hosts_file_modify: \"no\" # \u6269\u5bb9\u8ba1\u7b97\u8282\u70b9\u548c\u90e8\u7f72ironic\u670d\u52a1\u7684\u65f6\u5019\uff0c\u662f\u5426\u5c06\u8282\u70b9\u4fe1\u606f\u6dfb\u52a0\u5230`/etc/hosts` ######################## # Available zone options ######################## az_cephmon_compose: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az01\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az01\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az02\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az02\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az03\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az03\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: # `reserve_vcpu_based_on_numa`\u914d\u7f6e\u4e3a`yes` or `no`,\u4e3e\u4f8b\u8bf4\u660e\uff1a NUMA node0 CPU(s): 0-15,32-47 NUMA node1 CPU(s): 16-31,48-63 \u5f53reserve_vcpu_based_on_numa: \"yes\", \u6839\u636enuma node, \u5e73\u5747\u6bcf\u4e2anode\u9884\u7559vcpu: vcpu_pin_set = 2-15,34-47,18-31,50-63 \u5f53reserve_vcpu_based_on_numa: \"no\", \u4ece\u7b2c\u4e00\u4e2avcpu\u5f00\u59cb\uff0c\u987a\u5e8f\u9884\u7559vcpu: vcpu_pin_set = 8-64 ####################### # Nova options ####################### nova_reserved_host_memory_mb: 2048 #\u8ba1\u7b97\u8282\u70b9\u7ed9\u8ba1\u7b97\u670d\u52a1\u9884\u7559\u7684\u5185\u5b58\u5927\u5c0f enable_cells: \"yes\" #cell\u8282\u70b9\u662f\u5426\u5355\u72ec\u8282\u70b9\u90e8\u7f72 support_gpu: \"False\" #cell\u8282\u70b9\u662f\u5426\u6709GPU\u670d\u52a1\u5668\uff0c\u5982\u679c\u6709\u5219\u4e3aTrue\uff0c\u5426\u5219\u4e3aFalse ####################### # Neutron options ####################### monitor_ip: - 10.0.0.9 #\u914d\u7f6e\u76d1\u63a7\u8282\u70b9 - 10.0.0.10 enable_meter_full_eip: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8EIP\u5168\u91cf\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter_port_forwarding: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8port forwarding\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter_ecs_ipv6: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8ecs_ipv6\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter: True #\u914d\u7f6e\u662f\u5426\u5f00\u542f\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue is_sdn_arch: False #\u914d\u7f6e\u662f\u5426\u662fsdn\u67b6\u6784\uff0c\u9ed8\u8ba4\u4e3aFalse # \u9ed8\u8ba4\u4f7f\u80fd\u7684\u7f51\u7edc\u7c7b\u578b\u662fvlan,vlan\u548cvxlan\u4e24\u79cd\u7c7b\u578b\u53ea\u80fd\u4e8c\u9009\u4e00. enable_vxlan_network_type: False # \u9ed8\u8ba4\u4f7f\u80fd\u7684\u7f51\u7edc\u7c7b\u578b\u662fvlan,\u5982\u679c\u4f7f\u7528vxlan\u7f51\u7edc\uff0c\u914d\u7f6e\u4e3aTrue, \u5982\u679c\u4f7f\u7528vlan\u7f51\u7edc\uff0c\u914d\u7f6e\u4e3aFalse. enable_neutron_fwaas: False # \u73af\u5883\u6709\u4f7f\u7528\u9632\u706b\u5899, \u8bbe\u7f6e\u4e3aTrue, \u4f7f\u80fd\u9632\u62a4\u5899\u529f\u80fd. # Neutron provider neutron_provider_networks: network_types: \"{{ 'vxlan' if enable_vxlan_network_type else 'vlan' }}\" network_vlan_ranges: \"default:xxx:xxx\" #\u90e8\u7f72\u4e4b\u524d\u89c4\u5212\u7684\u4e1a\u52a1\u7f51\u7edcvlan\u8303\u56f4 network_mappings: \"default:br-provider\" network_interface: \"{{ neutron_external_interface }}\" network_vxlan_ranges: \"\" #\u90e8\u7f72\u4e4b\u524d\u89c4\u5212\u7684\u4e1a\u52a1\u7f51\u7edcvxlan\u8303\u56f4 # \u5982\u4e0b\u8fd9\u4e9b\u914d\u7f6e\u662fSND\u63a7\u5236\u5668\u7684\u914d\u7f6e\u53c2\u6570, `enable_sdn_controller`\u8bbe\u7f6e\u4e3aTrue, \u4f7f\u80fdSND\u63a7\u5236\u5668\u529f\u80fd. # \u5176\u4ed6\u53c2\u6570\u8bf7\u6839\u636e\u90e8\u7f72\u4e4b\u524d\u7684\u89c4\u5212\u548cSDN\u90e8\u7f72\u4fe1\u606f\u786e\u5b9a. enable_sdn_controller: False sdn_controller_ip_address: # SDN\u63a7\u5236\u5668ip\u5730\u5740 sdn_controller_username: # SDN\u63a7\u5236\u5668\u7684\u7528\u6237\u540d sdn_controller_password: # SDN\u63a7\u5236\u5668\u7684\u7528\u6237\u5bc6\u7801 ####################### # Dimsagent options ####################### enable_dimsagent: \"no\" # \u5b89\u88c5\u955c\u50cf\u670d\u52a1agent, \u9700\u8981\u6539\u4e3ayes # Address and domain name for s2 s3_address_domain_pair: - host_ip: host_name: ####################### # Trove options ####################### enable_trove: \"no\" #\u5b89\u88c5trove \u9700\u8981\u6539\u4e3ayes #default network trove_default_neutron_networks: #trove \u7684\u7ba1\u7406\u7f51\u7edcid `openstack network list|grep -w trove-mgmt|awk '{print$2}'` #s3 setup(\u5982\u679c\u6ca1\u6709s3,\u4ee5\u4e0b\u503c\u586bnull) s3_endpoint_host_ip: #s3\u7684ip s3_endpoint_host_name: #s3\u7684\u57df\u540d s3_endpoint_url: #s3\u7684url \u00b7\u4e00\u822c\u4e3ahttp\uff1a//s3\u57df\u540d s3_access_key: #s3\u7684ak s3_secret_key: #s3\u7684sk ####################### # Ironic options ####################### enable_ironic: \"no\" #\u662f\u5426\u5f00\u673a\u88f8\u91d1\u5c5e\u90e8\u7f72\uff0c\u9ed8\u8ba4\u4e0d\u5f00\u542f ironic_neutron_provisioning_network_uuid: ironic_neutron_cleaning_network_uuid: \"{{ ironic_neutron_provisioning_network_uuid }}\" ironic_dnsmasq_interface: ironic_dnsmasq_dhcp_range: ironic_tftp_server_address: \"{{ hostvars[inventory_hostname]['ansible_' + ironic_dnsmasq_interface]['ipv4']['address'] }}\" # \u4ea4\u6362\u673a\u8bbe\u5907\u76f8\u5173\u4fe1\u606f neutron_ml2_conf_genericswitch: genericswitch:xxxxxxx: device_type: ngs_mac_address: ip: username: password: ngs_port_default_vlan: # Package state setting haproxy_package_state: \"present\" mariadb_package_state: \"present\" rabbitmq_package_state: \"present\" memcached_package_state: \"present\" ceph_client_package_state: \"present\" keystone_package_state: \"present\" glance_package_state: \"present\" cinder_package_state: \"present\" nova_package_state: \"present\" neutron_package_state: \"present\" miner_package_state: \"present\" 7.4 \u68c0\u67e5\u6240\u6709\u8282\u70b9ssh\u8fde\u63a5\u72b6\u6001 \u00b6 dnf install ansible -y ansible all -i /usr/local/share/opensd/ansible/inventory/multinode -m ping # \u6267\u884c\u7ed3\u679c\u663e\u793a\u6bcf\u53f0\u4e3b\u673a\u90fd\u662f\"SUCCESS\"\u5373\u8bf4\u660e\u8fde\u63a5\u72b6\u6001\u6ca1\u95ee\u9898,\u793a\u4f8b\uff1a compute1 | SUCCESS => { \"ansible_facts\": { \"discovered_interpreter_python\": \"/usr/bin/python\" }, \"changed\": false, \"ping\": \"pong\" } 8. \u6267\u884c\u90e8\u7f72 \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 8.1 \u6267\u884cbootstrap \u00b6 # \u6267\u884c\u90e8\u7f72 opensd -i /usr/local/share/opensd/ansible/inventory/multinode bootstrap --forks 50 8.2 \u91cd\u542f\u670d\u52a1\u5668 \u00b6 \u6ce8\uff1a\u6267\u884c\u91cd\u542f\u7684\u539f\u56e0\u662f:bootstrap\u53ef\u80fd\u4f1a\u5347\u5185\u6838,\u66f4\u6539selinux\u914d\u7f6e\u6216\u8005\u6709GPU\u670d\u52a1\u5668,\u5982\u679c\u88c5\u673a\u8fc7\u7a0b\u5df2\u7ecf\u662f\u65b0\u7248\u5185\u6838,selinux disable\u6216\u8005\u6ca1\u6709GPU\u670d\u52a1\u5668,\u5219\u4e0d\u9700\u8981\u6267\u884c\u8be5\u6b65\u9aa4 # \u624b\u52a8\u91cd\u542f\u5bf9\u5e94\u8282\u70b9,\u6267\u884c\u547d\u4ee4 init6 # \u91cd\u542f\u5b8c\u6210\u540e\uff0c\u518d\u6b21\u68c0\u67e5\u8fde\u901a\u6027 ansible all -i /usr/local/share/opensd/ansible/inventory/multinode -m ping # \u91cd\u542f\u5b8c\u540e\u64cd\u4f5c\u7cfb\u7edf\u540e\uff0c\u518d\u6b21\u542f\u52a8yum\u6e90 8.3 \u6267\u884c\u90e8\u7f72\u524d\u68c0\u67e5 \u00b6 opensd -i /usr/local/share/opensd/ansible/inventory/multinode prechecks --forks 50 8.4 \u6267\u884c\u90e8\u7f72 \u00b6 ln -s /usr/bin/python3 /usr/bin/python \u5168\u91cf\u90e8\u7f72\uff1a opensd -i /usr/local/share/opensd/ansible/inventory/multinode deploy --forks 50 \u5355\u670d\u52a1\u90e8\u7f72\uff1a opensd -i /usr/local/share/opensd/ansible/inventory/multinode deploy --forks 50 -t service_name","title":"openEuler-22.03-LTS-SP1_Train"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#openstack-train","text":"OpenStack-Train \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 \u57fa\u4e8eOpenStack SIG\u90e8\u7f72\u5de5\u5177opensd\u90e8\u7f72 \u90e8\u7f72\u6b65\u9aa4 1. \u90e8\u7f72\u524d\u9700\u8981\u786e\u8ba4\u7684\u4fe1\u606f 2. ceph pool\u4e0e\u8ba4\u8bc1\u521b\u5efa\uff08\u53ef\u9009\uff09 2.1 \u521b\u5efapool: 2.2 \u521d\u59cb\u5316pool 2.3 \u521b\u5efa\u7528\u6237\u8ba4\u8bc1 3. \u914d\u7f6elvm\uff08\u53ef\u9009\uff09 4. \u914d\u7f6eyum repo 4.1 \u5907\u4efdyum\u6e90 4.2 \u914d\u7f6eyum repo 4.3 \u66f4\u65b0yum\u7f13\u5b58 5. \u5b89\u88c5opensd 5.1 \u514b\u9686opensd\u6e90\u7801\u5e76\u5b89\u88c5 6. \u505assh\u4e92\u4fe1 6.1 \u751f\u6210\u5bc6\u94a5\u5bf9 6.2 \u751f\u6210\u4e3b\u673aIP\u5730\u5740\u6587\u4ef6 6.3 \u66f4\u6539\u5bc6\u7801\u5e76\u6267\u884c\u811a\u672c 6.4 \u90e8\u7f72\u8282\u70b9\u4e0eceph monitor\u505a\u4e92\u4fe1\uff08\u53ef\u9009\uff09 7. \u914d\u7f6eopensd 7.1 \u751f\u6210\u968f\u673a\u5bc6\u7801 7.2 \u914d\u7f6einventory\u6587\u4ef6 7.3 \u914d\u7f6e\u5168\u5c40\u53d8\u91cf 7.4 \u68c0\u67e5\u6240\u6709\u8282\u70b9ssh\u8fde\u63a5\u72b6\u6001 8. \u6267\u884c\u90e8\u7f72 8.1 \u6267\u884cbootstrap 8.2 \u91cd\u542f\u670d\u52a1\u5668 8.3 \u6267\u884c\u90e8\u7f72\u524d\u68c0\u67e5 8.4 \u6267\u884c\u90e8\u7f72","title":"OpenStack-Train \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#openstack","text":"OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 22.03-LTS-SP1\u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Train \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002","title":"OpenStack \u7b80\u4ecb"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#_1","text":"OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron","title":"\u7ea6\u5b9a"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#_2","text":"","title":"\u51c6\u5907\u73af\u5883"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#_3","text":"\u542f\u52a8OpenStack Train yum\u6e90 yum update yum install openstack-release-train yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP1/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.03-LTS-SP1/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute","title":"\u73af\u5883\u914d\u7f6e"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#sql-database","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef","title":"\u5b89\u88c5 SQL DataBase"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#rabbitmq","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5 RabbitMQ"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#memcached","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002","title":"\u5b89\u88c5 Memcached"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#openstack_1","text":"","title":"\u5b89\u88c5 OpenStack"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#keystone","text":"\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient==4.0.2 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#glance","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#placement","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a . admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name","title":"Placement\u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#nova","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u5219 virt_type \u53ef\u4ee5\u914d\u7f6e\u4e3a kvm \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF chown nova:nova /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u5e76\u4e14\u5f53ARM\u67b6\u6784\u4e0b\u7684\u90e8\u7f72\u73af\u5883\u4e3a\u5d4c\u5957\u865a\u62df\u5316\u65f6\uff0c libvirt \u914d\u7f6e\u5982\u4e0b\uff1a [libvirt] virt_type = qemu cpu_mode = custom cpu_model = cortex-a72 \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CTL) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL)","title":"Nova \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#neutron","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl restart neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list","title":"Neutron \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#cinder","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list","title":"Cinder \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#horizon","text":"\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740","title":"horizon \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Train\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin","title":"Tempest \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; 2. \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u542f\u52a8\u670d\u52a1 systemctl enable openstack-ironic-api openstack-ironic-conductor systemctl start openstack-ironic-api openstack-ironic-conductor \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y 2. \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7. deploy ramdisk\u955c\u50cf\u5236\u4f5c T\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528T\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728T\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a T\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target \u5728Train\u4e2d\uff0c\u6211\u4eec\u8fd8\u63d0\u4f9b\u4e86ironic-inspector\u7b49\u670d\u52a1\uff0c\u7528\u6237\u53ef\u6839\u636e\u81ea\u8eab\u9700\u6c42\u5b89\u88c5\u3002","title":"Ironic \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#kolla","text":"Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u8fdb\u884c\u76f8\u5173\u7684\u955c\u50cf\u5236\u4f5c\u548c\u5bb9\u5668\u73af\u5883\u90e8\u7f72\u4e86\u3002","title":"Kolla \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --domain default --password-prompt trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 ``shell script yum install openstack-trove python3-troveclient 2. \u914d\u7f6e`trove.conf` ```shell script vim /etc/trove/trove.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller:5000/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 swift_url = http://controller:8080/v1/AUTH_ rpc_backend = rabbit transport_url = rabbit://openstack:RABBIT_PASS@controller:5672 auth_strategy = keystone add_addresses = True api_paste_config = /etc/trove/api-paste.ini nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASSWORD nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver = trove.network.neutron.NeutronDriver network_label_regex = .* [database] connection = mysql+pymysql://trove:TROVE_DBPASSWORD@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ auth_type = password project_domain_name = default user_domain_name = default project_name = service username = trove password = TROVE_PASSWORD **\u89e3\u91ca\uff1a** - [Default] \u5206\u7ec4\u4e2d nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint - nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b - transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 \u914d\u7f6e trove-guestagent.conf ```shell script vim /etc/trove/trove-guestagent.conf rabbit_host = controller rabbit_password = RABBIT_PASS trove_auth_url = http://controller:5000/ **\u89e3\u91ca\uff1a** `guestagent`\u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 **\u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002** - `RABBIT_PASS`\u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 4. \u751f\u6210\u6570\u636e`Trove`\u6570\u636e\u5e93\u8868 ```shell script su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 ```shell script systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2. \u542f\u52a8\u670d\u52a1 ```shell script systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#swift","text":"Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service","title":"Swift \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#cyborg","text":"Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 \u5b89\u88c5Cyborg yum install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent","title":"Cyborg \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#aodh","text":"\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync \u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service","title":"Aodh \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#gnocchi","text":"\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade \u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service","title":"Gnocchi \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#ceilometer","text":"\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade \u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service","title":"Ceilometer \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#heat","text":"\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service","title":"Heat \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#openstack-sigoos","text":"oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 pip install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.03-LTS-SP1\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.03-lts-sp1 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r train \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.03-lts-sp1 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"\u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#openstack-sigopensd","text":"opensd\u7528\u4e8e\u6279\u91cf\u5730\u811a\u672c\u5316\u90e8\u7f72openstack\u5404\u7ec4\u4ef6\u670d\u52a1\u3002","title":"\u57fa\u4e8eOpenStack SIG\u90e8\u7f72\u5de5\u5177opensd\u90e8\u7f72"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#_4","text":"","title":"\u90e8\u7f72\u6b65\u9aa4"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#1","text":"\u88c5\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u9700\u5c06selinux\u8bbe\u7f6e\u4e3adisable \u88c5\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u5c06/etc/ssh/sshd_config\u914d\u7f6e\u6587\u4ef6\u5185\u7684UseDNS\u8bbe\u7f6e\u4e3ano \u64cd\u4f5c\u7cfb\u7edf\u8bed\u8a00\u5fc5\u987b\u8bbe\u7f6e\u4e3a\u82f1\u6587 \u90e8\u7f72\u4e4b\u524d\u8bf7\u786e\u4fdd\u6240\u6709\u8ba1\u7b97\u8282\u70b9/etc/hosts\u6587\u4ef6\u5185\u6ca1\u6709\u5bf9\u8ba1\u7b97\u4e3b\u673a\u7684\u89e3\u6790","title":"1. \u90e8\u7f72\u524d\u9700\u8981\u786e\u8ba4\u7684\u4fe1\u606f"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#2-ceph-pool","text":"\u4e0d\u4f7f\u7528ceph\u6216\u5df2\u6709ceph\u96c6\u7fa4\u53ef\u5ffd\u7565\u6b64\u6b65\u9aa4 \u5728\u4efb\u610f\u4e00\u53f0ceph monitor\u8282\u70b9\u6267\u884c:","title":"2. ceph pool\u4e0e\u8ba4\u8bc1\u521b\u5efa\uff08\u53ef\u9009\uff09"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#21-pool","text":"ceph osd pool create volumes 2048 ceph osd pool create images 2048","title":"2.1 \u521b\u5efapool:"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#22-pool","text":"rbd pool init volumes rbd pool init images","title":"2.2 \u521d\u59cb\u5316pool"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#23","text":"ceph auth get-or-create client.glance mon 'profile rbd' osd 'profile rbd pool=images' mgr 'profile rbd pool=images' ceph auth get-or-create client.cinder mon 'profile rbd' osd 'profile rbd pool=volumes, profile rbd pool=images' mgr 'profile rbd pool=volumes'","title":"2.3 \u521b\u5efa\u7528\u6237\u8ba4\u8bc1"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#3-lvm","text":"\u6839\u636e\u7269\u7406\u673a\u78c1\u76d8\u914d\u7f6e\u4e0e\u95f2\u7f6e\u60c5\u51b5\uff0c\u4e3amysql\u6570\u636e\u76ee\u5f55\u6302\u8f7d\u989d\u5916\u7684\u78c1\u76d8\u7a7a\u95f4\u3002\u793a\u4f8b\u5982\u4e0b\uff08\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u505a\u914d\u7f6e\uff09\uff1a fdisk -l Disk /dev/sdd: 479.6 GB, 479559942144 bytes, 936640512 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes Disk label type: dos Disk identifier: 0x000ed242 \u521b\u5efa\u5206\u533a parted /dev/sdd mkparted 0 -1 \u521b\u5efapv partprobe /dev/sdd1 pvcreate /dev/sdd1 \u521b\u5efa\u3001\u6fc0\u6d3bvg vgcreate vg_mariadb /dev/sdd1 vgchange -ay vg_mariadb \u67e5\u770bvg\u5bb9\u91cf vgdisplay --- Volume group --- VG Name vg_mariadb System ID Format lvm2 Metadata Areas 1 Metadata Sequence No 2 VG Access read/write VG Status resizable MAX LV 0 Cur LV 1 Open LV 1 Max PV 0 Cur PV 1 Act PV 1 VG Size 446.62 GiB PE Size 4.00 MiB Total PE 114335 Alloc PE / Size 114176 / 446.00 GiB Free PE / Size 159 / 636.00 MiB VG UUID bVUmDc-VkMu-Vi43-mg27-TEkG-oQfK-TvqdEc \u521b\u5efalv lvcreate -L 446G -n lv_mariadb vg_mariadb \u683c\u5f0f\u5316\u78c1\u76d8\u5e76\u83b7\u53d6\u5377\u7684UUID mkfs.ext4 /dev/mapper/vg_mariadb-lv_mariadb blkid /dev/mapper/vg_mariadb-lv_mariadb /dev/mapper/vg_mariadb-lv_mariadb: UUID=\"98d513eb-5f64-4aa5-810e-dc7143884fa2\" TYPE=\"ext4\" \u6ce8\uff1a98d513eb-5f64-4aa5-810e-dc7143884fa2\u4e3a\u5377\u7684UUID \u6302\u8f7d\u78c1\u76d8 mount /dev/mapper/vg_mariadb-lv_mariadb /var/lib/mysql rm -rf /var/lib/mysql/*","title":"3. \u914d\u7f6elvm\uff08\u53ef\u9009\uff09"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#4-yum-repo","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"4. \u914d\u7f6eyum repo"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#41-yum","text":"mkdir /etc/yum.repos.d/bak/ mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak/","title":"4.1 \u5907\u4efdyum\u6e90"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#42-yum-repo","text":"cat > /etc/yum.repos.d/opensd.repo << EOF [train] name=train baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP1:/Epol:/Multi-Version:/OpenStack:/Train/standard_$basearch/ enabled=1 gpgcheck=0 [epol] name=epol baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP1:/Epol/standard_$basearch/ enabled=1 gpgcheck=0 [everything] name=everything baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP1/standard_$basearch/ enabled=1 gpgcheck=0 EOF","title":"4.2 \u914d\u7f6eyum repo"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#43-yum","text":"yum clean all yum makecache","title":"4.3 \u66f4\u65b0yum\u7f13\u5b58"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#5-opensd","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"5. \u5b89\u88c5opensd"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#51-opensd","text":"git clone https://gitee.com/openeuler/opensd cd opensd python3 setup.py install","title":"5.1 \u514b\u9686opensd\u6e90\u7801\u5e76\u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#6-ssh","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"6. \u505assh\u4e92\u4fe1"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#61","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u5e76\u4e00\u8def\u56de\u8f66 ssh-keygen","title":"6.1 \u751f\u6210\u5bc6\u94a5\u5bf9"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#62-ip","text":"\u5728auto_ssh_host_ip\u4e2d\u914d\u7f6e\u6240\u6709\u7528\u5230\u7684\u4e3b\u673aip, \u793a\u4f8b\uff1a cd /usr/local/share/opensd/tools/ vim auto_ssh_host_ip 10.0.0.1 10.0.0.2 ... 10.0.0.10","title":"6.2 \u751f\u6210\u4e3b\u673aIP\u5730\u5740\u6587\u4ef6"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#63","text":"\u5c06\u514d\u5bc6\u811a\u672c /usr/local/bin/opensd-auto-ssh \u5185123123\u66ff\u6362\u4e3a\u4e3b\u673a\u771f\u5b9e\u5bc6\u7801 # \u66ff\u6362\u811a\u672c\u5185123123\u5b57\u7b26\u4e32 vim /usr/local/bin/opensd-auto-ssh ## \u5b89\u88c5expect\u540e\u6267\u884c\u811a\u672c dnf install expect -y opensd-auto-ssh","title":"6.3 \u66f4\u6539\u5bc6\u7801\u5e76\u6267\u884c\u811a\u672c"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#64-ceph-monitor","text":"ssh-copy-id root@x.x.x.x","title":"6.4 \u90e8\u7f72\u8282\u70b9\u4e0eceph monitor\u505a\u4e92\u4fe1\uff08\u53ef\u9009\uff09"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#7-opensd","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"7. \u914d\u7f6eopensd"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#71","text":"\u5b89\u88c5 python3-pbr, python3-utils, python3-pyyaml, python3-oslo-utils\u5e76\u968f\u673a\u751f\u6210\u5bc6\u7801 dnf install python3-pbr python3-utils python3-pyyaml python3-oslo-utils -y # \u6267\u884c\u547d\u4ee4\u751f\u6210\u5bc6\u7801 opensd-genpwd # \u68c0\u67e5\u5bc6\u7801\u662f\u5426\u751f\u6210 cat /usr/local/share/opensd/etc_examples/opensd/passwords.yml","title":"7.1 \u751f\u6210\u968f\u673a\u5bc6\u7801"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#72-inventory","text":"\u4e3b\u673a\u4fe1\u606f\u5305\u542b\uff1a\u4e3b\u673a\u540d\u3001ansible_host IP\u3001availability_zone\uff0c\u4e09\u8005\u5747\u9700\u914d\u7f6e\u7f3a\u4e00\u4e0d\u53ef\uff0c\u793a\u4f8b\uff1a vim /usr/local/share/opensd/ansible/inventory/multinode # \u4e09\u53f0\u63a7\u5236\u8282\u70b9\u4e3b\u673a\u4fe1\u606f [control] controller1 ansible_host=10.0.0.35 availability_zone=az01.cell01.cn-yogadev-1 controller2 ansible_host=10.0.0.36 availability_zone=az01.cell01.cn-yogadev-1 controller3 ansible_host=10.0.0.37 availability_zone=az01.cell01.cn-yogadev-1 # \u7f51\u7edc\u8282\u70b9\u4fe1\u606f\uff0c\u4e0e\u63a7\u5236\u8282\u70b9\u4fdd\u6301\u4e00\u81f4 [network] controller1 ansible_host=10.0.0.35 availability_zone=az01.cell01.cn-yogadev-1 controller2 ansible_host=10.0.0.36 availability_zone=az01.cell01.cn-yogadev-1 controller3 ansible_host=10.0.0.37 availability_zone=az01.cell01.cn-yogadev-1 # cinder-volume\u670d\u52a1\u8282\u70b9\u4fe1\u606f [storage] storage1 ansible_host=10.0.0.61 availability_zone=az01.cell01.cn-yogadev-1 storage2 ansible_host=10.0.0.78 availability_zone=az01.cell01.cn-yogadev-1 storage3 ansible_host=10.0.0.82 availability_zone=az01.cell01.cn-yogadev-1 # Cell1 \u96c6\u7fa4\u4fe1\u606f [cell-control-cell1] cell1 ansible_host=10.0.0.24 availability_zone=az01.cell01.cn-yogadev-1 cell2 ansible_host=10.0.0.25 availability_zone=az01.cell01.cn-yogadev-1 cell3 ansible_host=10.0.0.26 availability_zone=az01.cell01.cn-yogadev-1 [compute-cell1] compute1 ansible_host=10.0.0.27 availability_zone=az01.cell01.cn-yogadev-1 compute2 ansible_host=10.0.0.28 availability_zone=az01.cell01.cn-yogadev-1 compute3 ansible_host=10.0.0.29 availability_zone=az01.cell01.cn-yogadev-1 [cell1:children] cell-control-cell1 compute-cell1 # Cell2\u96c6\u7fa4\u4fe1\u606f [cell-control-cell2] cell4 ansible_host=10.0.0.36 availability_zone=az03.cell02.cn-yogadev-1 cell5 ansible_host=10.0.0.37 availability_zone=az03.cell02.cn-yogadev-1 cell6 ansible_host=10.0.0.38 availability_zone=az03.cell02.cn-yogadev-1 [compute-cell2] compute4 ansible_host=10.0.0.39 availability_zone=az03.cell02.cn-yogadev-1 compute5 ansible_host=10.0.0.40 availability_zone=az03.cell02.cn-yogadev-1 compute6 ansible_host=10.0.0.41 availability_zone=az03.cell02.cn-yogadev-1 [cell2:children] cell-control-cell2 compute-cell2 [baremetal] [compute-cell1-ironic] # \u586b\u5199\u6240\u6709cell\u96c6\u7fa4\u7684control\u4e3b\u673a\u7ec4 [nova-conductor:children] cell-control-cell1 cell-control-cell2 # \u586b\u5199\u6240\u6709cell\u96c6\u7fa4\u7684compute\u4e3b\u673a\u7ec4 [nova-compute:children] compute-added compute-cell1 compute-cell2 # \u4e0b\u9762\u7684\u4e3b\u673a\u7ec4\u4fe1\u606f\u4e0d\u9700\u53d8\u52a8\uff0c\u4fdd\u7559\u5373\u53ef [compute-added] [chrony-server:children] control [pacemaker:children] control ...... ......","title":"7.2 \u914d\u7f6einventory\u6587\u4ef6"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#73","text":"\u6ce8: \u6587\u6863\u4e2d\u63d0\u5230\u7684\u6709\u6ce8\u91ca\u914d\u7f6e\u9879\u9700\u8981\u66f4\u6539\uff0c\u5176\u4ed6\u53c2\u6570\u4e0d\u9700\u8981\u66f4\u6539\uff0c\u82e5\u65e0\u76f8\u5173\u914d\u7f6e\u5219\u4e3a\u7a7a vim /usr/local/share/opensd/etc_examples/opensd/globals.yml ######################## # Network & Base options ######################## network_interface: \"eth0\" #\u7ba1\u7406\u7f51\u7edc\u7684\u7f51\u5361\u540d\u79f0 neutron_external_interface: \"eth1\" #\u4e1a\u52a1\u7f51\u7edc\u7684\u7f51\u5361\u540d\u79f0 cidr_netmask: 24 #\u7ba1\u7406\u7f51\u7684\u63a9\u7801 opensd_vip_address: 10.0.0.33 #\u63a7\u5236\u8282\u70b9\u865a\u62dfIP\u5730\u5740 cell1_vip_address: 10.0.0.34 #cell1\u96c6\u7fa4\u7684\u865a\u62dfIP\u5730\u5740 cell2_vip_address: 10.0.0.35 #cell2\u96c6\u7fa4\u7684\u865a\u62dfIP\u5730\u5740 external_fqdn: \"\" #\u7528\u4e8evnc\u8bbf\u95ee\u865a\u62df\u673a\u7684\u5916\u7f51\u57df\u540d\u5730\u5740 external_ntp_servers: [] #\u5916\u90e8ntp\u670d\u52a1\u5668\u5730\u5740 yumrepo_host: #yum\u6e90\u7684IP\u5730\u5740 yumrepo_port: #yum\u6e90\u7aef\u53e3\u53f7 environment: #yum\u6e90\u7684\u7c7b\u578b upgrade_all_packages: \"yes\" #\u662f\u5426\u5347\u7ea7\u6240\u6709\u5b89\u88c5\u7248\u7684\u7248\u672c(\u6267\u884cyum upgrade)\uff0c\u521d\u59cb\u90e8\u7f72\u8d44\u6e90\u8bf7\u8bbe\u7f6e\u4e3a\"yes\" enable_miner: \"no\" #\u662f\u5426\u5f00\u542f\u90e8\u7f72miner\u670d\u52a1 enable_chrony: \"no\" #\u662f\u5426\u5f00\u542f\u90e8\u7f72chrony\u670d\u52a1 enable_pri_mariadb: \"no\" #\u662f\u5426\u4e3a\u79c1\u6709\u4e91\u90e8\u7f72mariadb enable_hosts_file_modify: \"no\" # \u6269\u5bb9\u8ba1\u7b97\u8282\u70b9\u548c\u90e8\u7f72ironic\u670d\u52a1\u7684\u65f6\u5019\uff0c\u662f\u5426\u5c06\u8282\u70b9\u4fe1\u606f\u6dfb\u52a0\u5230`/etc/hosts` ######################## # Available zone options ######################## az_cephmon_compose: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az01\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az01\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az02\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az02\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az03\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az03\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: # `reserve_vcpu_based_on_numa`\u914d\u7f6e\u4e3a`yes` or `no`,\u4e3e\u4f8b\u8bf4\u660e\uff1a NUMA node0 CPU(s): 0-15,32-47 NUMA node1 CPU(s): 16-31,48-63 \u5f53reserve_vcpu_based_on_numa: \"yes\", \u6839\u636enuma node, \u5e73\u5747\u6bcf\u4e2anode\u9884\u7559vcpu: vcpu_pin_set = 2-15,34-47,18-31,50-63 \u5f53reserve_vcpu_based_on_numa: \"no\", \u4ece\u7b2c\u4e00\u4e2avcpu\u5f00\u59cb\uff0c\u987a\u5e8f\u9884\u7559vcpu: vcpu_pin_set = 8-64 ####################### # Nova options ####################### nova_reserved_host_memory_mb: 2048 #\u8ba1\u7b97\u8282\u70b9\u7ed9\u8ba1\u7b97\u670d\u52a1\u9884\u7559\u7684\u5185\u5b58\u5927\u5c0f enable_cells: \"yes\" #cell\u8282\u70b9\u662f\u5426\u5355\u72ec\u8282\u70b9\u90e8\u7f72 support_gpu: \"False\" #cell\u8282\u70b9\u662f\u5426\u6709GPU\u670d\u52a1\u5668\uff0c\u5982\u679c\u6709\u5219\u4e3aTrue\uff0c\u5426\u5219\u4e3aFalse ####################### # Neutron options ####################### monitor_ip: - 10.0.0.9 #\u914d\u7f6e\u76d1\u63a7\u8282\u70b9 - 10.0.0.10 enable_meter_full_eip: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8EIP\u5168\u91cf\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter_port_forwarding: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8port forwarding\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter_ecs_ipv6: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8ecs_ipv6\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter: True #\u914d\u7f6e\u662f\u5426\u5f00\u542f\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue is_sdn_arch: False #\u914d\u7f6e\u662f\u5426\u662fsdn\u67b6\u6784\uff0c\u9ed8\u8ba4\u4e3aFalse # \u9ed8\u8ba4\u4f7f\u80fd\u7684\u7f51\u7edc\u7c7b\u578b\u662fvlan,vlan\u548cvxlan\u4e24\u79cd\u7c7b\u578b\u53ea\u80fd\u4e8c\u9009\u4e00. enable_vxlan_network_type: False # \u9ed8\u8ba4\u4f7f\u80fd\u7684\u7f51\u7edc\u7c7b\u578b\u662fvlan,\u5982\u679c\u4f7f\u7528vxlan\u7f51\u7edc\uff0c\u914d\u7f6e\u4e3aTrue, \u5982\u679c\u4f7f\u7528vlan\u7f51\u7edc\uff0c\u914d\u7f6e\u4e3aFalse. enable_neutron_fwaas: False # \u73af\u5883\u6709\u4f7f\u7528\u9632\u706b\u5899, \u8bbe\u7f6e\u4e3aTrue, \u4f7f\u80fd\u9632\u62a4\u5899\u529f\u80fd. # Neutron provider neutron_provider_networks: network_types: \"{{ 'vxlan' if enable_vxlan_network_type else 'vlan' }}\" network_vlan_ranges: \"default:xxx:xxx\" #\u90e8\u7f72\u4e4b\u524d\u89c4\u5212\u7684\u4e1a\u52a1\u7f51\u7edcvlan\u8303\u56f4 network_mappings: \"default:br-provider\" network_interface: \"{{ neutron_external_interface }}\" network_vxlan_ranges: \"\" #\u90e8\u7f72\u4e4b\u524d\u89c4\u5212\u7684\u4e1a\u52a1\u7f51\u7edcvxlan\u8303\u56f4 # \u5982\u4e0b\u8fd9\u4e9b\u914d\u7f6e\u662fSND\u63a7\u5236\u5668\u7684\u914d\u7f6e\u53c2\u6570, `enable_sdn_controller`\u8bbe\u7f6e\u4e3aTrue, \u4f7f\u80fdSND\u63a7\u5236\u5668\u529f\u80fd. # \u5176\u4ed6\u53c2\u6570\u8bf7\u6839\u636e\u90e8\u7f72\u4e4b\u524d\u7684\u89c4\u5212\u548cSDN\u90e8\u7f72\u4fe1\u606f\u786e\u5b9a. enable_sdn_controller: False sdn_controller_ip_address: # SDN\u63a7\u5236\u5668ip\u5730\u5740 sdn_controller_username: # SDN\u63a7\u5236\u5668\u7684\u7528\u6237\u540d sdn_controller_password: # SDN\u63a7\u5236\u5668\u7684\u7528\u6237\u5bc6\u7801 ####################### # Dimsagent options ####################### enable_dimsagent: \"no\" # \u5b89\u88c5\u955c\u50cf\u670d\u52a1agent, \u9700\u8981\u6539\u4e3ayes # Address and domain name for s2 s3_address_domain_pair: - host_ip: host_name: ####################### # Trove options ####################### enable_trove: \"no\" #\u5b89\u88c5trove \u9700\u8981\u6539\u4e3ayes #default network trove_default_neutron_networks: #trove \u7684\u7ba1\u7406\u7f51\u7edcid `openstack network list|grep -w trove-mgmt|awk '{print$2}'` #s3 setup(\u5982\u679c\u6ca1\u6709s3,\u4ee5\u4e0b\u503c\u586bnull) s3_endpoint_host_ip: #s3\u7684ip s3_endpoint_host_name: #s3\u7684\u57df\u540d s3_endpoint_url: #s3\u7684url \u00b7\u4e00\u822c\u4e3ahttp\uff1a//s3\u57df\u540d s3_access_key: #s3\u7684ak s3_secret_key: #s3\u7684sk ####################### # Ironic options ####################### enable_ironic: \"no\" #\u662f\u5426\u5f00\u673a\u88f8\u91d1\u5c5e\u90e8\u7f72\uff0c\u9ed8\u8ba4\u4e0d\u5f00\u542f ironic_neutron_provisioning_network_uuid: ironic_neutron_cleaning_network_uuid: \"{{ ironic_neutron_provisioning_network_uuid }}\" ironic_dnsmasq_interface: ironic_dnsmasq_dhcp_range: ironic_tftp_server_address: \"{{ hostvars[inventory_hostname]['ansible_' + ironic_dnsmasq_interface]['ipv4']['address'] }}\" # \u4ea4\u6362\u673a\u8bbe\u5907\u76f8\u5173\u4fe1\u606f neutron_ml2_conf_genericswitch: genericswitch:xxxxxxx: device_type: ngs_mac_address: ip: username: password: ngs_port_default_vlan: # Package state setting haproxy_package_state: \"present\" mariadb_package_state: \"present\" rabbitmq_package_state: \"present\" memcached_package_state: \"present\" ceph_client_package_state: \"present\" keystone_package_state: \"present\" glance_package_state: \"present\" cinder_package_state: \"present\" nova_package_state: \"present\" neutron_package_state: \"present\" miner_package_state: \"present\"","title":"7.3 \u914d\u7f6e\u5168\u5c40\u53d8\u91cf"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#74-ssh","text":"dnf install ansible -y ansible all -i /usr/local/share/opensd/ansible/inventory/multinode -m ping # \u6267\u884c\u7ed3\u679c\u663e\u793a\u6bcf\u53f0\u4e3b\u673a\u90fd\u662f\"SUCCESS\"\u5373\u8bf4\u660e\u8fde\u63a5\u72b6\u6001\u6ca1\u95ee\u9898,\u793a\u4f8b\uff1a compute1 | SUCCESS => { \"ansible_facts\": { \"discovered_interpreter_python\": \"/usr/bin/python\" }, \"changed\": false, \"ping\": \"pong\" }","title":"7.4 \u68c0\u67e5\u6240\u6709\u8282\u70b9ssh\u8fde\u63a5\u72b6\u6001"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#8","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"8. \u6267\u884c\u90e8\u7f72"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#81-bootstrap","text":"# \u6267\u884c\u90e8\u7f72 opensd -i /usr/local/share/opensd/ansible/inventory/multinode bootstrap --forks 50","title":"8.1 \u6267\u884cbootstrap"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#82","text":"\u6ce8\uff1a\u6267\u884c\u91cd\u542f\u7684\u539f\u56e0\u662f:bootstrap\u53ef\u80fd\u4f1a\u5347\u5185\u6838,\u66f4\u6539selinux\u914d\u7f6e\u6216\u8005\u6709GPU\u670d\u52a1\u5668,\u5982\u679c\u88c5\u673a\u8fc7\u7a0b\u5df2\u7ecf\u662f\u65b0\u7248\u5185\u6838,selinux disable\u6216\u8005\u6ca1\u6709GPU\u670d\u52a1\u5668,\u5219\u4e0d\u9700\u8981\u6267\u884c\u8be5\u6b65\u9aa4 # \u624b\u52a8\u91cd\u542f\u5bf9\u5e94\u8282\u70b9,\u6267\u884c\u547d\u4ee4 init6 # \u91cd\u542f\u5b8c\u6210\u540e\uff0c\u518d\u6b21\u68c0\u67e5\u8fde\u901a\u6027 ansible all -i /usr/local/share/opensd/ansible/inventory/multinode -m ping # \u91cd\u542f\u5b8c\u540e\u64cd\u4f5c\u7cfb\u7edf\u540e\uff0c\u518d\u6b21\u542f\u52a8yum\u6e90","title":"8.2 \u91cd\u542f\u670d\u52a1\u5668"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#83","text":"opensd -i /usr/local/share/opensd/ansible/inventory/multinode prechecks --forks 50","title":"8.3 \u6267\u884c\u90e8\u7f72\u524d\u68c0\u67e5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-train/#84","text":"ln -s /usr/bin/python3 /usr/bin/python \u5168\u91cf\u90e8\u7f72\uff1a opensd -i /usr/local/share/opensd/ansible/inventory/multinode deploy --forks 50 \u5355\u670d\u52a1\u90e8\u7f72\uff1a opensd -i /usr/local/share/opensd/ansible/inventory/multinode deploy --forks 50 -t service_name","title":"8.4 \u6267\u884c\u90e8\u7f72"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/","text":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 OpenStack \u7b80\u4ecb \u00b6 OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 22.03-LTS-SP1\u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Wallaby \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002 \u7ea6\u5b9a \u00b6 OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron \u51c6\u5907\u73af\u5883 \u00b6 \u73af\u5883\u914d\u7f6e \u00b6 \u914d\u7f6e 22.03 LTS \u5b98\u65b9yum\u6e90\uff0c\u9700\u8981\u542f\u7528EPOL\u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301OpenStack yum update yum install openstack-release-wallaby yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP1/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.03-LTS-SP1/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute \u5b89\u88c5 SQL DataBase \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef \u5b89\u88c5 RabbitMQ \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5 Memcached \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u5b89\u88c5 OpenStack \u00b6 Keystone \u5b89\u88c5 \u00b6 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Placement\u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a . admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name Nova \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) logdir = /var/log/nova/ (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [libvirt] virt_type = qemu (CPT) cpu_mode = custom (CPT) cpu_model = cortex-a72 (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] vim /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } (CPT) \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL) Neutron \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ systemctl enable neutron-l3-agent.service systemctl restart openstack-nova-api.service neutron-server.service (CTL) neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list Cinder \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list horizon \u5b89\u88c5 \u00b6 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740 Tempest \u5b89\u88c5 \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Wallaby\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin Ironic \u5b89\u88c5 \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://172.20.19.13:5050/v1 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop transport_url = rabbit://openstack:RABBITPASSWD@controller:5672/ enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:123456@172.20.19.25:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 3\u3001\u914d\u7f6e\u6d88\u606f\u5ea6\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 4\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://control:5000 www_authenticate_uri = http://control:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = control:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True 5\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 6\u3001\u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c 7\u3001\u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\uff1a ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade 8\u3001\u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd deploy ramdisk\u955c\u50cf\u5236\u4f5c W\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528W\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\uff0c\u5982\u4e0b\uff1a \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a w\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 1. \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a ``` [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ``` 2) ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 ``` [DEFAULT] enable_auto_tls = False ``` \u8bbe\u7f6e\u6743\u9650\uff1a ``` chown -R ipa.ipa /etc/ironic_python_agent/ ``` 3. \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service ``` [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target ``` Kolla \u5b89\u88c5 \u00b6 Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 22.03 LTS\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002 Trove \u5b89\u88c5 \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 1.\u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; 2.\u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s 3.\u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 yum install openstack-trove python-troveclient 2\u3001\u914d\u7f6e trove.conf vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] project_domain_name = Default project_name = service user_domain_name = Default password = trove username = trove auth_url = http://controller:5000/v3/ auth_type = password [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = trove project_domain_name = Default user_domain_name = Default username = trove [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a - `[Default]`\u5206\u7ec4\u4e2d`bind_host`\u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP - `nova_compute_url` \u548c `cinder_url` \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint - `nova_proxy_XXX` \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528`admin`\u7528\u6237\u4e3a\u4f8b - `transport_url` \u4e3a`RabbitMQ`\u8fde\u63a5\u4fe1\u606f\uff0c`RABBIT_PASS`\u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - `[database]`\u5206\u7ec4\u4e2d\u7684`connection` \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d`TROVE_PASS`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 3\u3001\u914d\u7f6e trove-guestagent.conf vim /etc/trove/trove-guestagent.conf [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 - transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 4\u3001\u751f\u6210\u6570\u636e Trove \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"trove-manage db_sync\" trove 4.\u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Swift \u5b89\u88c5 \u00b6 Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 \u6ce8\u610f \u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801 \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service Cyborg \u5b89\u88c5 \u00b6 Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 \u5b89\u88c5Cyborg yum install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent Aodh \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u6ce8\u610f aodh\u4f9d\u8d56\u7684\u8f6f\u4ef6\u5305pytho3-pyparsing\u5728openEuler\u7684OS\u4ed3\u4e0d\u9002\u914d\uff0c\u9700\u8981\u8986\u76d6\u5b89\u88c5OpenStack\u5bf9\u5e94\u7248\u672c\uff0c\u53ef\u4ee5\u4f7f\u7528 yum list |grep pyparsing |grep OpenStack | awk '{print $2}' \u83b7\u53d6\u5bf9\u5e94\u7684\u7248\u672c VERSION,\u7136\u540e\u518d yum install -y python3-pyparsing-VERSION \u8986\u76d6\u5b89\u88c5\u9002\u914d\u7684pyparsing \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync \u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service Gnocchi \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade \u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service Ceilometer \u5b89\u88c5 \u00b6 \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade \u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Heat \u5b89\u88c5 \u00b6 \u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 \u00b6 oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 pip install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.03-LTS-SP1\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.03-lts-sp1 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r wallaby \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.03-lts-sp1 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"openEuler-22.03-LTS-SP1_Wallaby"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#openstack-wallaby","text":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72","title":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#openstack","text":"OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 22.03-LTS-SP1\u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Wallaby \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002","title":"OpenStack \u7b80\u4ecb"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#_1","text":"OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron","title":"\u7ea6\u5b9a"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#_2","text":"","title":"\u51c6\u5907\u73af\u5883"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#_3","text":"\u914d\u7f6e 22.03 LTS \u5b98\u65b9yum\u6e90\uff0c\u9700\u8981\u542f\u7528EPOL\u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301OpenStack yum update yum install openstack-release-wallaby yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP1/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.03-LTS-SP1/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute","title":"\u73af\u5883\u914d\u7f6e"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#sql-database","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef","title":"\u5b89\u88c5 SQL DataBase"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#rabbitmq","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5 RabbitMQ"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#memcached","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002","title":"\u5b89\u88c5 Memcached"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#openstack_1","text":"","title":"\u5b89\u88c5 OpenStack"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#keystone","text":"\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#glance","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#placement","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a . admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name","title":"Placement\u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#nova","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) logdir = /var/log/nova/ (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [libvirt] virt_type = qemu (CPT) cpu_mode = custom (CPT) cpu_model = cortex-a72 (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] vim /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } (CPT) \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL)","title":"Nova \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#neutron","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ systemctl enable neutron-l3-agent.service systemctl restart openstack-nova-api.service neutron-server.service (CTL) neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list","title":"Neutron \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#cinder","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list","title":"Cinder \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#horizon","text":"\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740","title":"horizon \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Wallaby\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin","title":"Tempest \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://172.20.19.13:5050/v1 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop transport_url = rabbit://openstack:RABBITPASSWD@controller:5672/ enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:123456@172.20.19.25:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 3\u3001\u914d\u7f6e\u6d88\u606f\u5ea6\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 4\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://control:5000 www_authenticate_uri = http://control:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = control:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True 5\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 6\u3001\u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c 7\u3001\u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\uff1a ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade 8\u3001\u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd deploy ramdisk\u955c\u50cf\u5236\u4f5c W\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528W\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\uff0c\u5982\u4e0b\uff1a \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a w\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 1. \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a ``` [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ``` 2) ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 ``` [DEFAULT] enable_auto_tls = False ``` \u8bbe\u7f6e\u6743\u9650\uff1a ``` chown -R ipa.ipa /etc/ironic_python_agent/ ``` 3. \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service ``` [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target ```","title":"Ironic \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#kolla","text":"Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 22.03 LTS\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002","title":"Kolla \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 1.\u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; 2.\u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s 3.\u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 yum install openstack-trove python-troveclient 2\u3001\u914d\u7f6e trove.conf vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] project_domain_name = Default project_name = service user_domain_name = Default password = trove username = trove auth_url = http://controller:5000/v3/ auth_type = password [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = trove project_domain_name = Default user_domain_name = Default username = trove [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a - `[Default]`\u5206\u7ec4\u4e2d`bind_host`\u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP - `nova_compute_url` \u548c `cinder_url` \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint - `nova_proxy_XXX` \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528`admin`\u7528\u6237\u4e3a\u4f8b - `transport_url` \u4e3a`RabbitMQ`\u8fde\u63a5\u4fe1\u606f\uff0c`RABBIT_PASS`\u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - `[database]`\u5206\u7ec4\u4e2d\u7684`connection` \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d`TROVE_PASS`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 3\u3001\u914d\u7f6e trove-guestagent.conf vim /etc/trove/trove-guestagent.conf [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 - transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 4\u3001\u751f\u6210\u6570\u636e Trove \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"trove-manage db_sync\" trove 4.\u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#swift","text":"Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 \u6ce8\u610f \u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801 \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service","title":"Swift \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#cyborg","text":"Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 \u5b89\u88c5Cyborg yum install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent","title":"Cyborg \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#aodh","text":"\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u6ce8\u610f aodh\u4f9d\u8d56\u7684\u8f6f\u4ef6\u5305pytho3-pyparsing\u5728openEuler\u7684OS\u4ed3\u4e0d\u9002\u914d\uff0c\u9700\u8981\u8986\u76d6\u5b89\u88c5OpenStack\u5bf9\u5e94\u7248\u672c\uff0c\u53ef\u4ee5\u4f7f\u7528 yum list |grep pyparsing |grep OpenStack | awk '{print $2}' \u83b7\u53d6\u5bf9\u5e94\u7684\u7248\u672c VERSION,\u7136\u540e\u518d yum install -y python3-pyparsing-VERSION \u8986\u76d6\u5b89\u88c5\u9002\u914d\u7684pyparsing \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync \u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service","title":"Aodh \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#gnocchi","text":"\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade \u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service","title":"Gnocchi \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#ceilometer","text":"\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade \u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service","title":"Ceilometer \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#heat","text":"\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service","title":"Heat \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP1/OpenStack-wallaby/#openstack-sigoos","text":"oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 pip install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.03-LTS-SP1\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.03-lts-sp1 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r wallaby \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.03-lts-sp1 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"\u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/","text":"OpenStack-Train \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack-Train \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 \u57fa\u4e8eOpenStack SIG\u90e8\u7f72\u5de5\u5177opensd\u90e8\u7f72 \u90e8\u7f72\u6b65\u9aa4 1. \u90e8\u7f72\u524d\u9700\u8981\u786e\u8ba4\u7684\u4fe1\u606f 2. ceph pool\u4e0e\u8ba4\u8bc1\u521b\u5efa\uff08\u53ef\u9009\uff09 2.1 \u521b\u5efapool: 2.2 \u521d\u59cb\u5316pool 2.3 \u521b\u5efa\u7528\u6237\u8ba4\u8bc1 3. \u914d\u7f6elvm\uff08\u53ef\u9009\uff09 4. \u914d\u7f6eyum repo 4.1 \u5907\u4efdyum\u6e90 4.2 \u914d\u7f6eyum repo 4.3 \u66f4\u65b0yum\u7f13\u5b58 5. \u5b89\u88c5opensd 5.1 \u514b\u9686opensd\u6e90\u7801\u5e76\u5b89\u88c5 6. \u505assh\u4e92\u4fe1 6.1 \u751f\u6210\u5bc6\u94a5\u5bf9 6.2 \u751f\u6210\u4e3b\u673aIP\u5730\u5740\u6587\u4ef6 6.3 \u66f4\u6539\u5bc6\u7801\u5e76\u6267\u884c\u811a\u672c 6.4 \u90e8\u7f72\u8282\u70b9\u4e0eceph monitor\u505a\u4e92\u4fe1\uff08\u53ef\u9009\uff09 7. \u914d\u7f6eopensd 7.1 \u751f\u6210\u968f\u673a\u5bc6\u7801 7.2 \u914d\u7f6einventory\u6587\u4ef6 7.3 \u914d\u7f6e\u5168\u5c40\u53d8\u91cf 7.4 \u68c0\u67e5\u6240\u6709\u8282\u70b9ssh\u8fde\u63a5\u72b6\u6001 8. \u6267\u884c\u90e8\u7f72 8.1 \u6267\u884cbootstrap 8.2 \u91cd\u542f\u670d\u52a1\u5668 8.3 \u6267\u884c\u90e8\u7f72\u524d\u68c0\u67e5 8.4 \u6267\u884c\u90e8\u7f72 OpenStack \u7b80\u4ecb \u00b6 OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 22.03-LTS-SP2\u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Train \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002 \u7ea6\u5b9a \u00b6 OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron \u51c6\u5907\u73af\u5883 \u00b6 \u73af\u5883\u914d\u7f6e \u00b6 \u542f\u52a8OpenStack Train yum\u6e90 yum update yum install openstack-release-train yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP2/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.03-LTS-SP2/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute \u5b89\u88c5 SQL DataBase \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef \u5b89\u88c5 RabbitMQ \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5 Memcached \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u5b89\u88c5 OpenStack \u00b6 Keystone \u5b89\u88c5 \u00b6 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient==4.0.2 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Placement\u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a . admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name Nova \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u5219 virt_type \u53ef\u4ee5\u914d\u7f6e\u4e3a kvm \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF chown nova:nova /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u5e76\u4e14\u5f53ARM\u67b6\u6784\u4e0b\u7684\u90e8\u7f72\u73af\u5883\u4e3a\u5d4c\u5957\u865a\u62df\u5316\u65f6\uff0c libvirt \u914d\u7f6e\u5982\u4e0b\uff1a [libvirt] virt_type = qemu cpu_mode = custom cpu_model = cortex-a72 \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CTL) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL) Neutron \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl restart neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list Cinder \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list horizon \u5b89\u88c5 \u00b6 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740 Tempest \u5b89\u88c5 \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Train\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin Ironic \u5b89\u88c5 \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; 2. \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u542f\u52a8\u670d\u52a1 systemctl enable openstack-ironic-api openstack-ironic-conductor systemctl start openstack-ironic-api openstack-ironic-conductor \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y 2. \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7. deploy ramdisk\u955c\u50cf\u5236\u4f5c T\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528T\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728T\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a T\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target \u5728Train\u4e2d\uff0c\u6211\u4eec\u8fd8\u63d0\u4f9b\u4e86ironic-inspector\u7b49\u670d\u52a1\uff0c\u7528\u6237\u53ef\u6839\u636e\u81ea\u8eab\u9700\u6c42\u5b89\u88c5\u3002 Kolla \u5b89\u88c5 \u00b6 Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u8fdb\u884c\u76f8\u5173\u7684\u955c\u50cf\u5236\u4f5c\u548c\u5bb9\u5668\u73af\u5883\u90e8\u7f72\u4e86\u3002 Trove \u5b89\u88c5 \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --domain default --password-prompt trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 ``shell script yum install openstack-trove python3-troveclient 2. \u914d\u7f6e`trove.conf` ```shell script vim /etc/trove/trove.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller:5000/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 swift_url = http://controller:8080/v1/AUTH_ rpc_backend = rabbit transport_url = rabbit://openstack:RABBIT_PASS@controller:5672 auth_strategy = keystone add_addresses = True api_paste_config = /etc/trove/api-paste.ini nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASSWORD nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver = trove.network.neutron.NeutronDriver network_label_regex = .* [database] connection = mysql+pymysql://trove:TROVE_DBPASSWORD@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ auth_type = password project_domain_name = default user_domain_name = default project_name = service username = trove password = TROVE_PASSWORD **\u89e3\u91ca\uff1a** - [Default] \u5206\u7ec4\u4e2d nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint - nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b - transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 \u914d\u7f6e trove-guestagent.conf ```shell script vim /etc/trove/trove-guestagent.conf rabbit_host = controller rabbit_password = RABBIT_PASS trove_auth_url = http://controller:5000/ **\u89e3\u91ca\uff1a** `guestagent`\u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 **\u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002** - `RABBIT_PASS`\u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 4. \u751f\u6210\u6570\u636e`Trove`\u6570\u636e\u5e93\u8868 ```shell script su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 ```shell script systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2. \u542f\u52a8\u670d\u52a1 ```shell script systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Swift \u5b89\u88c5 \u00b6 Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service Cyborg \u5b89\u88c5 \u00b6 Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 \u5b89\u88c5Cyborg yum install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent Aodh \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync \u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service Gnocchi \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade \u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service Ceilometer \u5b89\u88c5 \u00b6 \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade \u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Heat \u5b89\u88c5 \u00b6 \u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 \u00b6 oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 pip install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.03-LTS-SP2\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.03-lts-sp2 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r train \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.03-lts-sp2 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002 \u57fa\u4e8eOpenStack SIG\u90e8\u7f72\u5de5\u5177opensd\u90e8\u7f72 \u00b6 opensd\u7528\u4e8e\u6279\u91cf\u5730\u811a\u672c\u5316\u90e8\u7f72openstack\u5404\u7ec4\u4ef6\u670d\u52a1\u3002 \u90e8\u7f72\u6b65\u9aa4 \u00b6 1. \u90e8\u7f72\u524d\u9700\u8981\u786e\u8ba4\u7684\u4fe1\u606f \u00b6 \u88c5\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u9700\u5c06selinux\u8bbe\u7f6e\u4e3adisable \u88c5\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u5c06/etc/ssh/sshd_config\u914d\u7f6e\u6587\u4ef6\u5185\u7684UseDNS\u8bbe\u7f6e\u4e3ano \u64cd\u4f5c\u7cfb\u7edf\u8bed\u8a00\u5fc5\u987b\u8bbe\u7f6e\u4e3a\u82f1\u6587 \u90e8\u7f72\u4e4b\u524d\u8bf7\u786e\u4fdd\u6240\u6709\u8ba1\u7b97\u8282\u70b9/etc/hosts\u6587\u4ef6\u5185\u6ca1\u6709\u5bf9\u8ba1\u7b97\u4e3b\u673a\u7684\u89e3\u6790 2. ceph pool\u4e0e\u8ba4\u8bc1\u521b\u5efa\uff08\u53ef\u9009\uff09 \u00b6 \u4e0d\u4f7f\u7528ceph\u6216\u5df2\u6709ceph\u96c6\u7fa4\u53ef\u5ffd\u7565\u6b64\u6b65\u9aa4 \u5728\u4efb\u610f\u4e00\u53f0ceph monitor\u8282\u70b9\u6267\u884c: 2.1 \u521b\u5efapool: \u00b6 ceph osd pool create volumes 2048 ceph osd pool create images 2048 2.2 \u521d\u59cb\u5316pool \u00b6 rbd pool init volumes rbd pool init images 2.3 \u521b\u5efa\u7528\u6237\u8ba4\u8bc1 \u00b6 ceph auth get-or-create client.glance mon 'profile rbd' osd 'profile rbd pool=images' mgr 'profile rbd pool=images' ceph auth get-or-create client.cinder mon 'profile rbd' osd 'profile rbd pool=volumes, profile rbd pool=images' mgr 'profile rbd pool=volumes' 3. \u914d\u7f6elvm\uff08\u53ef\u9009\uff09 \u00b6 \u6839\u636e\u7269\u7406\u673a\u78c1\u76d8\u914d\u7f6e\u4e0e\u95f2\u7f6e\u60c5\u51b5\uff0c\u4e3amysql\u6570\u636e\u76ee\u5f55\u6302\u8f7d\u989d\u5916\u7684\u78c1\u76d8\u7a7a\u95f4\u3002\u793a\u4f8b\u5982\u4e0b\uff08\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u505a\u914d\u7f6e\uff09\uff1a fdisk -l Disk /dev/sdd: 479.6 GB, 479559942144 bytes, 936640512 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes Disk label type: dos Disk identifier: 0x000ed242 \u521b\u5efa\u5206\u533a parted /dev/sdd mkparted 0 -1 \u521b\u5efapv partprobe /dev/sdd1 pvcreate /dev/sdd1 \u521b\u5efa\u3001\u6fc0\u6d3bvg vgcreate vg_mariadb /dev/sdd1 vgchange -ay vg_mariadb \u67e5\u770bvg\u5bb9\u91cf vgdisplay --- Volume group --- VG Name vg_mariadb System ID Format lvm2 Metadata Areas 1 Metadata Sequence No 2 VG Access read/write VG Status resizable MAX LV 0 Cur LV 1 Open LV 1 Max PV 0 Cur PV 1 Act PV 1 VG Size 446.62 GiB PE Size 4.00 MiB Total PE 114335 Alloc PE / Size 114176 / 446.00 GiB Free PE / Size 159 / 636.00 MiB VG UUID bVUmDc-VkMu-Vi43-mg27-TEkG-oQfK-TvqdEc \u521b\u5efalv lvcreate -L 446G -n lv_mariadb vg_mariadb \u683c\u5f0f\u5316\u78c1\u76d8\u5e76\u83b7\u53d6\u5377\u7684UUID mkfs.ext4 /dev/mapper/vg_mariadb-lv_mariadb blkid /dev/mapper/vg_mariadb-lv_mariadb /dev/mapper/vg_mariadb-lv_mariadb: UUID=\"98d513eb-5f64-4aa5-810e-dc7143884fa2\" TYPE=\"ext4\" \u6ce8\uff1a98d513eb-5f64-4aa5-810e-dc7143884fa2\u4e3a\u5377\u7684UUID \u6302\u8f7d\u78c1\u76d8 mount /dev/mapper/vg_mariadb-lv_mariadb /var/lib/mysql rm -rf /var/lib/mysql/* 4. \u914d\u7f6eyum repo \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 4.1 \u5907\u4efdyum\u6e90 \u00b6 mkdir /etc/yum.repos.d/bak/ mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak/ 4.2 \u914d\u7f6eyum repo \u00b6 cat > /etc/yum.repos.d/opensd.repo << EOF [train] name=train baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP2:/Epol:/Multi-Version:/OpenStack:/Train/standard_$basearch/ enabled=1 gpgcheck=0 [epol] name=epol baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP2:/Epol/standard_$basearch/ enabled=1 gpgcheck=0 [everything] name=everything baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP2/standard_$basearch/ enabled=1 gpgcheck=0 EOF 4.3 \u66f4\u65b0yum\u7f13\u5b58 \u00b6 yum clean all yum makecache 5. \u5b89\u88c5opensd \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 5.1 \u514b\u9686opensd\u6e90\u7801\u5e76\u5b89\u88c5 \u00b6 git clone https://gitee.com/openeuler/opensd cd opensd python3 setup.py install 6. \u505assh\u4e92\u4fe1 \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 6.1 \u751f\u6210\u5bc6\u94a5\u5bf9 \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\u5e76\u4e00\u8def\u56de\u8f66 ssh-keygen 6.2 \u751f\u6210\u4e3b\u673aIP\u5730\u5740\u6587\u4ef6 \u00b6 \u5728auto_ssh_host_ip\u4e2d\u914d\u7f6e\u6240\u6709\u7528\u5230\u7684\u4e3b\u673aip, \u793a\u4f8b\uff1a cd /usr/local/share/opensd/tools/ vim auto_ssh_host_ip 10.0.0.1 10.0.0.2 ... 10.0.0.10 6.3 \u66f4\u6539\u5bc6\u7801\u5e76\u6267\u884c\u811a\u672c \u00b6 \u5c06\u514d\u5bc6\u811a\u672c /usr/local/bin/opensd-auto-ssh \u5185123123\u66ff\u6362\u4e3a\u4e3b\u673a\u771f\u5b9e\u5bc6\u7801 # \u66ff\u6362\u811a\u672c\u5185123123\u5b57\u7b26\u4e32 vim /usr/local/bin/opensd-auto-ssh ## \u5b89\u88c5expect\u540e\u6267\u884c\u811a\u672c dnf install expect -y opensd-auto-ssh 6.4 \u90e8\u7f72\u8282\u70b9\u4e0eceph monitor\u505a\u4e92\u4fe1\uff08\u53ef\u9009\uff09 \u00b6 ssh-copy-id root@x.x.x.x 7. \u914d\u7f6eopensd \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 7.1 \u751f\u6210\u968f\u673a\u5bc6\u7801 \u00b6 \u5b89\u88c5 python3-pbr, python3-utils, python3-pyyaml, python3-oslo-utils\u5e76\u968f\u673a\u751f\u6210\u5bc6\u7801 dnf install python3-pbr python3-utils python3-pyyaml python3-oslo-utils -y # \u6267\u884c\u547d\u4ee4\u751f\u6210\u5bc6\u7801 opensd-genpwd # \u68c0\u67e5\u5bc6\u7801\u662f\u5426\u751f\u6210 cat /usr/local/share/opensd/etc_examples/opensd/passwords.yml 7.2 \u914d\u7f6einventory\u6587\u4ef6 \u00b6 \u4e3b\u673a\u4fe1\u606f\u5305\u542b\uff1a\u4e3b\u673a\u540d\u3001ansible_host IP\u3001availability_zone\uff0c\u4e09\u8005\u5747\u9700\u914d\u7f6e\u7f3a\u4e00\u4e0d\u53ef\uff0c\u793a\u4f8b\uff1a vim /usr/local/share/opensd/ansible/inventory/multinode # \u4e09\u53f0\u63a7\u5236\u8282\u70b9\u4e3b\u673a\u4fe1\u606f [control] controller1 ansible_host=10.0.0.35 availability_zone=az01.cell01.cn-yogadev-1 controller2 ansible_host=10.0.0.36 availability_zone=az01.cell01.cn-yogadev-1 controller3 ansible_host=10.0.0.37 availability_zone=az01.cell01.cn-yogadev-1 # \u7f51\u7edc\u8282\u70b9\u4fe1\u606f\uff0c\u4e0e\u63a7\u5236\u8282\u70b9\u4fdd\u6301\u4e00\u81f4 [network] controller1 ansible_host=10.0.0.35 availability_zone=az01.cell01.cn-yogadev-1 controller2 ansible_host=10.0.0.36 availability_zone=az01.cell01.cn-yogadev-1 controller3 ansible_host=10.0.0.37 availability_zone=az01.cell01.cn-yogadev-1 # cinder-volume\u670d\u52a1\u8282\u70b9\u4fe1\u606f [storage] storage1 ansible_host=10.0.0.61 availability_zone=az01.cell01.cn-yogadev-1 storage2 ansible_host=10.0.0.78 availability_zone=az01.cell01.cn-yogadev-1 storage3 ansible_host=10.0.0.82 availability_zone=az01.cell01.cn-yogadev-1 # Cell1 \u96c6\u7fa4\u4fe1\u606f [cell-control-cell1] cell1 ansible_host=10.0.0.24 availability_zone=az01.cell01.cn-yogadev-1 cell2 ansible_host=10.0.0.25 availability_zone=az01.cell01.cn-yogadev-1 cell3 ansible_host=10.0.0.26 availability_zone=az01.cell01.cn-yogadev-1 [compute-cell1] compute1 ansible_host=10.0.0.27 availability_zone=az01.cell01.cn-yogadev-1 compute2 ansible_host=10.0.0.28 availability_zone=az01.cell01.cn-yogadev-1 compute3 ansible_host=10.0.0.29 availability_zone=az01.cell01.cn-yogadev-1 [cell1:children] cell-control-cell1 compute-cell1 # Cell2\u96c6\u7fa4\u4fe1\u606f [cell-control-cell2] cell4 ansible_host=10.0.0.36 availability_zone=az03.cell02.cn-yogadev-1 cell5 ansible_host=10.0.0.37 availability_zone=az03.cell02.cn-yogadev-1 cell6 ansible_host=10.0.0.38 availability_zone=az03.cell02.cn-yogadev-1 [compute-cell2] compute4 ansible_host=10.0.0.39 availability_zone=az03.cell02.cn-yogadev-1 compute5 ansible_host=10.0.0.40 availability_zone=az03.cell02.cn-yogadev-1 compute6 ansible_host=10.0.0.41 availability_zone=az03.cell02.cn-yogadev-1 [cell2:children] cell-control-cell2 compute-cell2 [baremetal] [compute-cell1-ironic] # \u586b\u5199\u6240\u6709cell\u96c6\u7fa4\u7684control\u4e3b\u673a\u7ec4 [nova-conductor:children] cell-control-cell1 cell-control-cell2 # \u586b\u5199\u6240\u6709cell\u96c6\u7fa4\u7684compute\u4e3b\u673a\u7ec4 [nova-compute:children] compute-added compute-cell1 compute-cell2 # \u4e0b\u9762\u7684\u4e3b\u673a\u7ec4\u4fe1\u606f\u4e0d\u9700\u53d8\u52a8\uff0c\u4fdd\u7559\u5373\u53ef [compute-added] [chrony-server:children] control [pacemaker:children] control ...... ...... 7.3 \u914d\u7f6e\u5168\u5c40\u53d8\u91cf \u00b6 \u6ce8: \u6587\u6863\u4e2d\u63d0\u5230\u7684\u6709\u6ce8\u91ca\u914d\u7f6e\u9879\u9700\u8981\u66f4\u6539\uff0c\u5176\u4ed6\u53c2\u6570\u4e0d\u9700\u8981\u66f4\u6539\uff0c\u82e5\u65e0\u76f8\u5173\u914d\u7f6e\u5219\u4e3a\u7a7a vim /usr/local/share/opensd/etc_examples/opensd/globals.yml ######################## # Network & Base options ######################## network_interface: \"eth0\" #\u7ba1\u7406\u7f51\u7edc\u7684\u7f51\u5361\u540d\u79f0 neutron_external_interface: \"eth1\" #\u4e1a\u52a1\u7f51\u7edc\u7684\u7f51\u5361\u540d\u79f0 cidr_netmask: 24 #\u7ba1\u7406\u7f51\u7684\u63a9\u7801 opensd_vip_address: 10.0.0.33 #\u63a7\u5236\u8282\u70b9\u865a\u62dfIP\u5730\u5740 cell1_vip_address: 10.0.0.34 #cell1\u96c6\u7fa4\u7684\u865a\u62dfIP\u5730\u5740 cell2_vip_address: 10.0.0.35 #cell2\u96c6\u7fa4\u7684\u865a\u62dfIP\u5730\u5740 external_fqdn: \"\" #\u7528\u4e8evnc\u8bbf\u95ee\u865a\u62df\u673a\u7684\u5916\u7f51\u57df\u540d\u5730\u5740 external_ntp_servers: [] #\u5916\u90e8ntp\u670d\u52a1\u5668\u5730\u5740 yumrepo_host: #yum\u6e90\u7684IP\u5730\u5740 yumrepo_port: #yum\u6e90\u7aef\u53e3\u53f7 environment: #yum\u6e90\u7684\u7c7b\u578b upgrade_all_packages: \"yes\" #\u662f\u5426\u5347\u7ea7\u6240\u6709\u5b89\u88c5\u7248\u7684\u7248\u672c(\u6267\u884cyum upgrade)\uff0c\u521d\u59cb\u90e8\u7f72\u8d44\u6e90\u8bf7\u8bbe\u7f6e\u4e3a\"yes\" enable_miner: \"no\" #\u662f\u5426\u5f00\u542f\u90e8\u7f72miner\u670d\u52a1 enable_chrony: \"no\" #\u662f\u5426\u5f00\u542f\u90e8\u7f72chrony\u670d\u52a1 enable_pri_mariadb: \"no\" #\u662f\u5426\u4e3a\u79c1\u6709\u4e91\u90e8\u7f72mariadb enable_hosts_file_modify: \"no\" # \u6269\u5bb9\u8ba1\u7b97\u8282\u70b9\u548c\u90e8\u7f72ironic\u670d\u52a1\u7684\u65f6\u5019\uff0c\u662f\u5426\u5c06\u8282\u70b9\u4fe1\u606f\u6dfb\u52a0\u5230`/etc/hosts` ######################## # Available zone options ######################## az_cephmon_compose: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az01\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az01\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az02\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az02\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az03\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az03\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: # `reserve_vcpu_based_on_numa`\u914d\u7f6e\u4e3a`yes` or `no`,\u4e3e\u4f8b\u8bf4\u660e\uff1a NUMA node0 CPU(s): 0-15,32-47 NUMA node1 CPU(s): 16-31,48-63 \u5f53reserve_vcpu_based_on_numa: \"yes\", \u6839\u636enuma node, \u5e73\u5747\u6bcf\u4e2anode\u9884\u7559vcpu: vcpu_pin_set = 2-15,34-47,18-31,50-63 \u5f53reserve_vcpu_based_on_numa: \"no\", \u4ece\u7b2c\u4e00\u4e2avcpu\u5f00\u59cb\uff0c\u987a\u5e8f\u9884\u7559vcpu: vcpu_pin_set = 8-64 ####################### # Nova options ####################### nova_reserved_host_memory_mb: 2048 #\u8ba1\u7b97\u8282\u70b9\u7ed9\u8ba1\u7b97\u670d\u52a1\u9884\u7559\u7684\u5185\u5b58\u5927\u5c0f enable_cells: \"yes\" #cell\u8282\u70b9\u662f\u5426\u5355\u72ec\u8282\u70b9\u90e8\u7f72 support_gpu: \"False\" #cell\u8282\u70b9\u662f\u5426\u6709GPU\u670d\u52a1\u5668\uff0c\u5982\u679c\u6709\u5219\u4e3aTrue\uff0c\u5426\u5219\u4e3aFalse ####################### # Neutron options ####################### monitor_ip: - 10.0.0.9 #\u914d\u7f6e\u76d1\u63a7\u8282\u70b9 - 10.0.0.10 enable_meter_full_eip: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8EIP\u5168\u91cf\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter_port_forwarding: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8port forwarding\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter_ecs_ipv6: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8ecs_ipv6\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter: True #\u914d\u7f6e\u662f\u5426\u5f00\u542f\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue is_sdn_arch: False #\u914d\u7f6e\u662f\u5426\u662fsdn\u67b6\u6784\uff0c\u9ed8\u8ba4\u4e3aFalse # \u9ed8\u8ba4\u4f7f\u80fd\u7684\u7f51\u7edc\u7c7b\u578b\u662fvlan,vlan\u548cvxlan\u4e24\u79cd\u7c7b\u578b\u53ea\u80fd\u4e8c\u9009\u4e00. enable_vxlan_network_type: False # \u9ed8\u8ba4\u4f7f\u80fd\u7684\u7f51\u7edc\u7c7b\u578b\u662fvlan,\u5982\u679c\u4f7f\u7528vxlan\u7f51\u7edc\uff0c\u914d\u7f6e\u4e3aTrue, \u5982\u679c\u4f7f\u7528vlan\u7f51\u7edc\uff0c\u914d\u7f6e\u4e3aFalse. enable_neutron_fwaas: False # \u73af\u5883\u6709\u4f7f\u7528\u9632\u706b\u5899, \u8bbe\u7f6e\u4e3aTrue, \u4f7f\u80fd\u9632\u62a4\u5899\u529f\u80fd. # Neutron provider neutron_provider_networks: network_types: \"{{ 'vxlan' if enable_vxlan_network_type else 'vlan' }}\" network_vlan_ranges: \"default:xxx:xxx\" #\u90e8\u7f72\u4e4b\u524d\u89c4\u5212\u7684\u4e1a\u52a1\u7f51\u7edcvlan\u8303\u56f4 network_mappings: \"default:br-provider\" network_interface: \"{{ neutron_external_interface }}\" network_vxlan_ranges: \"\" #\u90e8\u7f72\u4e4b\u524d\u89c4\u5212\u7684\u4e1a\u52a1\u7f51\u7edcvxlan\u8303\u56f4 # \u5982\u4e0b\u8fd9\u4e9b\u914d\u7f6e\u662fSND\u63a7\u5236\u5668\u7684\u914d\u7f6e\u53c2\u6570, `enable_sdn_controller`\u8bbe\u7f6e\u4e3aTrue, \u4f7f\u80fdSND\u63a7\u5236\u5668\u529f\u80fd. # \u5176\u4ed6\u53c2\u6570\u8bf7\u6839\u636e\u90e8\u7f72\u4e4b\u524d\u7684\u89c4\u5212\u548cSDN\u90e8\u7f72\u4fe1\u606f\u786e\u5b9a. enable_sdn_controller: False sdn_controller_ip_address: # SDN\u63a7\u5236\u5668ip\u5730\u5740 sdn_controller_username: # SDN\u63a7\u5236\u5668\u7684\u7528\u6237\u540d sdn_controller_password: # SDN\u63a7\u5236\u5668\u7684\u7528\u6237\u5bc6\u7801 ####################### # Dimsagent options ####################### enable_dimsagent: \"no\" # \u5b89\u88c5\u955c\u50cf\u670d\u52a1agent, \u9700\u8981\u6539\u4e3ayes # Address and domain name for s2 s3_address_domain_pair: - host_ip: host_name: ####################### # Trove options ####################### enable_trove: \"no\" #\u5b89\u88c5trove \u9700\u8981\u6539\u4e3ayes #default network trove_default_neutron_networks: #trove \u7684\u7ba1\u7406\u7f51\u7edcid `openstack network list|grep -w trove-mgmt|awk '{print$2}'` #s3 setup(\u5982\u679c\u6ca1\u6709s3,\u4ee5\u4e0b\u503c\u586bnull) s3_endpoint_host_ip: #s3\u7684ip s3_endpoint_host_name: #s3\u7684\u57df\u540d s3_endpoint_url: #s3\u7684url \u00b7\u4e00\u822c\u4e3ahttp\uff1a//s3\u57df\u540d s3_access_key: #s3\u7684ak s3_secret_key: #s3\u7684sk ####################### # Ironic options ####################### enable_ironic: \"no\" #\u662f\u5426\u5f00\u673a\u88f8\u91d1\u5c5e\u90e8\u7f72\uff0c\u9ed8\u8ba4\u4e0d\u5f00\u542f ironic_neutron_provisioning_network_uuid: ironic_neutron_cleaning_network_uuid: \"{{ ironic_neutron_provisioning_network_uuid }}\" ironic_dnsmasq_interface: ironic_dnsmasq_dhcp_range: ironic_tftp_server_address: \"{{ hostvars[inventory_hostname]['ansible_' + ironic_dnsmasq_interface]['ipv4']['address'] }}\" # \u4ea4\u6362\u673a\u8bbe\u5907\u76f8\u5173\u4fe1\u606f neutron_ml2_conf_genericswitch: genericswitch:xxxxxxx: device_type: ngs_mac_address: ip: username: password: ngs_port_default_vlan: # Package state setting haproxy_package_state: \"present\" mariadb_package_state: \"present\" rabbitmq_package_state: \"present\" memcached_package_state: \"present\" ceph_client_package_state: \"present\" keystone_package_state: \"present\" glance_package_state: \"present\" cinder_package_state: \"present\" nova_package_state: \"present\" neutron_package_state: \"present\" miner_package_state: \"present\" 7.4 \u68c0\u67e5\u6240\u6709\u8282\u70b9ssh\u8fde\u63a5\u72b6\u6001 \u00b6 dnf install ansible -y ansible all -i /usr/local/share/opensd/ansible/inventory/multinode -m ping # \u6267\u884c\u7ed3\u679c\u663e\u793a\u6bcf\u53f0\u4e3b\u673a\u90fd\u662f\"SUCCESS\"\u5373\u8bf4\u660e\u8fde\u63a5\u72b6\u6001\u6ca1\u95ee\u9898,\u793a\u4f8b\uff1a compute1 | SUCCESS => { \"ansible_facts\": { \"discovered_interpreter_python\": \"/usr/bin/python\" }, \"changed\": false, \"ping\": \"pong\" } 8. \u6267\u884c\u90e8\u7f72 \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 8.1 \u6267\u884cbootstrap \u00b6 # \u6267\u884c\u90e8\u7f72 opensd -i /usr/local/share/opensd/ansible/inventory/multinode bootstrap --forks 50 8.2 \u91cd\u542f\u670d\u52a1\u5668 \u00b6 \u6ce8\uff1a\u6267\u884c\u91cd\u542f\u7684\u539f\u56e0\u662f:bootstrap\u53ef\u80fd\u4f1a\u5347\u5185\u6838,\u66f4\u6539selinux\u914d\u7f6e\u6216\u8005\u6709GPU\u670d\u52a1\u5668,\u5982\u679c\u88c5\u673a\u8fc7\u7a0b\u5df2\u7ecf\u662f\u65b0\u7248\u5185\u6838,selinux disable\u6216\u8005\u6ca1\u6709GPU\u670d\u52a1\u5668,\u5219\u4e0d\u9700\u8981\u6267\u884c\u8be5\u6b65\u9aa4 # \u624b\u52a8\u91cd\u542f\u5bf9\u5e94\u8282\u70b9,\u6267\u884c\u547d\u4ee4 init6 # \u91cd\u542f\u5b8c\u6210\u540e\uff0c\u518d\u6b21\u68c0\u67e5\u8fde\u901a\u6027 ansible all -i /usr/local/share/opensd/ansible/inventory/multinode -m ping # \u91cd\u542f\u5b8c\u540e\u64cd\u4f5c\u7cfb\u7edf\u540e\uff0c\u518d\u6b21\u542f\u52a8yum\u6e90 8.3 \u6267\u884c\u90e8\u7f72\u524d\u68c0\u67e5 \u00b6 opensd -i /usr/local/share/opensd/ansible/inventory/multinode prechecks --forks 50 8.4 \u6267\u884c\u90e8\u7f72 \u00b6 ln -s /usr/bin/python3 /usr/bin/python \u5168\u91cf\u90e8\u7f72\uff1a opensd -i /usr/local/share/opensd/ansible/inventory/multinode deploy --forks 50 \u5355\u670d\u52a1\u90e8\u7f72\uff1a opensd -i /usr/local/share/opensd/ansible/inventory/multinode deploy --forks 50 -t service_name","title":"openEuler-22.03-LTS-SP2_Train"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#openstack-train","text":"OpenStack-Train \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 \u57fa\u4e8eOpenStack SIG\u90e8\u7f72\u5de5\u5177opensd\u90e8\u7f72 \u90e8\u7f72\u6b65\u9aa4 1. \u90e8\u7f72\u524d\u9700\u8981\u786e\u8ba4\u7684\u4fe1\u606f 2. ceph pool\u4e0e\u8ba4\u8bc1\u521b\u5efa\uff08\u53ef\u9009\uff09 2.1 \u521b\u5efapool: 2.2 \u521d\u59cb\u5316pool 2.3 \u521b\u5efa\u7528\u6237\u8ba4\u8bc1 3. \u914d\u7f6elvm\uff08\u53ef\u9009\uff09 4. \u914d\u7f6eyum repo 4.1 \u5907\u4efdyum\u6e90 4.2 \u914d\u7f6eyum repo 4.3 \u66f4\u65b0yum\u7f13\u5b58 5. \u5b89\u88c5opensd 5.1 \u514b\u9686opensd\u6e90\u7801\u5e76\u5b89\u88c5 6. \u505assh\u4e92\u4fe1 6.1 \u751f\u6210\u5bc6\u94a5\u5bf9 6.2 \u751f\u6210\u4e3b\u673aIP\u5730\u5740\u6587\u4ef6 6.3 \u66f4\u6539\u5bc6\u7801\u5e76\u6267\u884c\u811a\u672c 6.4 \u90e8\u7f72\u8282\u70b9\u4e0eceph monitor\u505a\u4e92\u4fe1\uff08\u53ef\u9009\uff09 7. \u914d\u7f6eopensd 7.1 \u751f\u6210\u968f\u673a\u5bc6\u7801 7.2 \u914d\u7f6einventory\u6587\u4ef6 7.3 \u914d\u7f6e\u5168\u5c40\u53d8\u91cf 7.4 \u68c0\u67e5\u6240\u6709\u8282\u70b9ssh\u8fde\u63a5\u72b6\u6001 8. \u6267\u884c\u90e8\u7f72 8.1 \u6267\u884cbootstrap 8.2 \u91cd\u542f\u670d\u52a1\u5668 8.3 \u6267\u884c\u90e8\u7f72\u524d\u68c0\u67e5 8.4 \u6267\u884c\u90e8\u7f72","title":"OpenStack-Train \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#openstack","text":"OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 22.03-LTS-SP2\u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Train \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002","title":"OpenStack \u7b80\u4ecb"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#_1","text":"OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron","title":"\u7ea6\u5b9a"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#_2","text":"","title":"\u51c6\u5907\u73af\u5883"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#_3","text":"\u542f\u52a8OpenStack Train yum\u6e90 yum update yum install openstack-release-train yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP2/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.03-LTS-SP2/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute","title":"\u73af\u5883\u914d\u7f6e"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#sql-database","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef","title":"\u5b89\u88c5 SQL DataBase"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#rabbitmq","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5 RabbitMQ"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#memcached","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002","title":"\u5b89\u88c5 Memcached"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#openstack_1","text":"","title":"\u5b89\u88c5 OpenStack"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#keystone","text":"\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient==4.0.2 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#glance","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#placement","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a . admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name","title":"Placement\u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#nova","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u5219 virt_type \u53ef\u4ee5\u914d\u7f6e\u4e3a kvm \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF chown nova:nova /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u5e76\u4e14\u5f53ARM\u67b6\u6784\u4e0b\u7684\u90e8\u7f72\u73af\u5883\u4e3a\u5d4c\u5957\u865a\u62df\u5316\u65f6\uff0c libvirt \u914d\u7f6e\u5982\u4e0b\uff1a [libvirt] virt_type = qemu cpu_mode = custom cpu_model = cortex-a72 \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CTL) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL)","title":"Nova \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#neutron","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl restart neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list","title":"Neutron \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#cinder","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list","title":"Cinder \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#horizon","text":"\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740","title":"horizon \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Train\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin","title":"Tempest \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; 2. \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u542f\u52a8\u670d\u52a1 systemctl enable openstack-ironic-api openstack-ironic-conductor systemctl start openstack-ironic-api openstack-ironic-conductor \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y 2. \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7. deploy ramdisk\u955c\u50cf\u5236\u4f5c T\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528T\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728T\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a T\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target \u5728Train\u4e2d\uff0c\u6211\u4eec\u8fd8\u63d0\u4f9b\u4e86ironic-inspector\u7b49\u670d\u52a1\uff0c\u7528\u6237\u53ef\u6839\u636e\u81ea\u8eab\u9700\u6c42\u5b89\u88c5\u3002","title":"Ironic \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#kolla","text":"Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u8fdb\u884c\u76f8\u5173\u7684\u955c\u50cf\u5236\u4f5c\u548c\u5bb9\u5668\u73af\u5883\u90e8\u7f72\u4e86\u3002","title":"Kolla \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --domain default --password-prompt trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 ``shell script yum install openstack-trove python3-troveclient 2. \u914d\u7f6e`trove.conf` ```shell script vim /etc/trove/trove.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller:5000/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 swift_url = http://controller:8080/v1/AUTH_ rpc_backend = rabbit transport_url = rabbit://openstack:RABBIT_PASS@controller:5672 auth_strategy = keystone add_addresses = True api_paste_config = /etc/trove/api-paste.ini nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASSWORD nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver = trove.network.neutron.NeutronDriver network_label_regex = .* [database] connection = mysql+pymysql://trove:TROVE_DBPASSWORD@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ auth_type = password project_domain_name = default user_domain_name = default project_name = service username = trove password = TROVE_PASSWORD **\u89e3\u91ca\uff1a** - [Default] \u5206\u7ec4\u4e2d nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint - nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b - transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 \u914d\u7f6e trove-guestagent.conf ```shell script vim /etc/trove/trove-guestagent.conf rabbit_host = controller rabbit_password = RABBIT_PASS trove_auth_url = http://controller:5000/ **\u89e3\u91ca\uff1a** `guestagent`\u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 **\u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002** - `RABBIT_PASS`\u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 4. \u751f\u6210\u6570\u636e`Trove`\u6570\u636e\u5e93\u8868 ```shell script su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 ```shell script systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2. \u542f\u52a8\u670d\u52a1 ```shell script systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#swift","text":"Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service","title":"Swift \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#cyborg","text":"Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 \u5b89\u88c5Cyborg yum install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent","title":"Cyborg \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#aodh","text":"\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync \u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service","title":"Aodh \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#gnocchi","text":"\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade \u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service","title":"Gnocchi \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#ceilometer","text":"\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade \u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service","title":"Ceilometer \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#heat","text":"\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service","title":"Heat \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#openstack-sigoos","text":"oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 pip install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.03-LTS-SP2\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.03-lts-sp2 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r train \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.03-lts-sp2 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"\u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#openstack-sigopensd","text":"opensd\u7528\u4e8e\u6279\u91cf\u5730\u811a\u672c\u5316\u90e8\u7f72openstack\u5404\u7ec4\u4ef6\u670d\u52a1\u3002","title":"\u57fa\u4e8eOpenStack SIG\u90e8\u7f72\u5de5\u5177opensd\u90e8\u7f72"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#_4","text":"","title":"\u90e8\u7f72\u6b65\u9aa4"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#1","text":"\u88c5\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u9700\u5c06selinux\u8bbe\u7f6e\u4e3adisable \u88c5\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u5c06/etc/ssh/sshd_config\u914d\u7f6e\u6587\u4ef6\u5185\u7684UseDNS\u8bbe\u7f6e\u4e3ano \u64cd\u4f5c\u7cfb\u7edf\u8bed\u8a00\u5fc5\u987b\u8bbe\u7f6e\u4e3a\u82f1\u6587 \u90e8\u7f72\u4e4b\u524d\u8bf7\u786e\u4fdd\u6240\u6709\u8ba1\u7b97\u8282\u70b9/etc/hosts\u6587\u4ef6\u5185\u6ca1\u6709\u5bf9\u8ba1\u7b97\u4e3b\u673a\u7684\u89e3\u6790","title":"1. \u90e8\u7f72\u524d\u9700\u8981\u786e\u8ba4\u7684\u4fe1\u606f"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#2-ceph-pool","text":"\u4e0d\u4f7f\u7528ceph\u6216\u5df2\u6709ceph\u96c6\u7fa4\u53ef\u5ffd\u7565\u6b64\u6b65\u9aa4 \u5728\u4efb\u610f\u4e00\u53f0ceph monitor\u8282\u70b9\u6267\u884c:","title":"2. ceph pool\u4e0e\u8ba4\u8bc1\u521b\u5efa\uff08\u53ef\u9009\uff09"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#21-pool","text":"ceph osd pool create volumes 2048 ceph osd pool create images 2048","title":"2.1 \u521b\u5efapool:"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#22-pool","text":"rbd pool init volumes rbd pool init images","title":"2.2 \u521d\u59cb\u5316pool"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#23","text":"ceph auth get-or-create client.glance mon 'profile rbd' osd 'profile rbd pool=images' mgr 'profile rbd pool=images' ceph auth get-or-create client.cinder mon 'profile rbd' osd 'profile rbd pool=volumes, profile rbd pool=images' mgr 'profile rbd pool=volumes'","title":"2.3 \u521b\u5efa\u7528\u6237\u8ba4\u8bc1"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#3-lvm","text":"\u6839\u636e\u7269\u7406\u673a\u78c1\u76d8\u914d\u7f6e\u4e0e\u95f2\u7f6e\u60c5\u51b5\uff0c\u4e3amysql\u6570\u636e\u76ee\u5f55\u6302\u8f7d\u989d\u5916\u7684\u78c1\u76d8\u7a7a\u95f4\u3002\u793a\u4f8b\u5982\u4e0b\uff08\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u505a\u914d\u7f6e\uff09\uff1a fdisk -l Disk /dev/sdd: 479.6 GB, 479559942144 bytes, 936640512 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes Disk label type: dos Disk identifier: 0x000ed242 \u521b\u5efa\u5206\u533a parted /dev/sdd mkparted 0 -1 \u521b\u5efapv partprobe /dev/sdd1 pvcreate /dev/sdd1 \u521b\u5efa\u3001\u6fc0\u6d3bvg vgcreate vg_mariadb /dev/sdd1 vgchange -ay vg_mariadb \u67e5\u770bvg\u5bb9\u91cf vgdisplay --- Volume group --- VG Name vg_mariadb System ID Format lvm2 Metadata Areas 1 Metadata Sequence No 2 VG Access read/write VG Status resizable MAX LV 0 Cur LV 1 Open LV 1 Max PV 0 Cur PV 1 Act PV 1 VG Size 446.62 GiB PE Size 4.00 MiB Total PE 114335 Alloc PE / Size 114176 / 446.00 GiB Free PE / Size 159 / 636.00 MiB VG UUID bVUmDc-VkMu-Vi43-mg27-TEkG-oQfK-TvqdEc \u521b\u5efalv lvcreate -L 446G -n lv_mariadb vg_mariadb \u683c\u5f0f\u5316\u78c1\u76d8\u5e76\u83b7\u53d6\u5377\u7684UUID mkfs.ext4 /dev/mapper/vg_mariadb-lv_mariadb blkid /dev/mapper/vg_mariadb-lv_mariadb /dev/mapper/vg_mariadb-lv_mariadb: UUID=\"98d513eb-5f64-4aa5-810e-dc7143884fa2\" TYPE=\"ext4\" \u6ce8\uff1a98d513eb-5f64-4aa5-810e-dc7143884fa2\u4e3a\u5377\u7684UUID \u6302\u8f7d\u78c1\u76d8 mount /dev/mapper/vg_mariadb-lv_mariadb /var/lib/mysql rm -rf /var/lib/mysql/*","title":"3. \u914d\u7f6elvm\uff08\u53ef\u9009\uff09"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#4-yum-repo","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"4. \u914d\u7f6eyum repo"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#41-yum","text":"mkdir /etc/yum.repos.d/bak/ mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak/","title":"4.1 \u5907\u4efdyum\u6e90"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#42-yum-repo","text":"cat > /etc/yum.repos.d/opensd.repo << EOF [train] name=train baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP2:/Epol:/Multi-Version:/OpenStack:/Train/standard_$basearch/ enabled=1 gpgcheck=0 [epol] name=epol baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP2:/Epol/standard_$basearch/ enabled=1 gpgcheck=0 [everything] name=everything baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP2/standard_$basearch/ enabled=1 gpgcheck=0 EOF","title":"4.2 \u914d\u7f6eyum repo"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#43-yum","text":"yum clean all yum makecache","title":"4.3 \u66f4\u65b0yum\u7f13\u5b58"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#5-opensd","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"5. \u5b89\u88c5opensd"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#51-opensd","text":"git clone https://gitee.com/openeuler/opensd cd opensd python3 setup.py install","title":"5.1 \u514b\u9686opensd\u6e90\u7801\u5e76\u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#6-ssh","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"6. \u505assh\u4e92\u4fe1"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#61","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u5e76\u4e00\u8def\u56de\u8f66 ssh-keygen","title":"6.1 \u751f\u6210\u5bc6\u94a5\u5bf9"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#62-ip","text":"\u5728auto_ssh_host_ip\u4e2d\u914d\u7f6e\u6240\u6709\u7528\u5230\u7684\u4e3b\u673aip, \u793a\u4f8b\uff1a cd /usr/local/share/opensd/tools/ vim auto_ssh_host_ip 10.0.0.1 10.0.0.2 ... 10.0.0.10","title":"6.2 \u751f\u6210\u4e3b\u673aIP\u5730\u5740\u6587\u4ef6"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#63","text":"\u5c06\u514d\u5bc6\u811a\u672c /usr/local/bin/opensd-auto-ssh \u5185123123\u66ff\u6362\u4e3a\u4e3b\u673a\u771f\u5b9e\u5bc6\u7801 # \u66ff\u6362\u811a\u672c\u5185123123\u5b57\u7b26\u4e32 vim /usr/local/bin/opensd-auto-ssh ## \u5b89\u88c5expect\u540e\u6267\u884c\u811a\u672c dnf install expect -y opensd-auto-ssh","title":"6.3 \u66f4\u6539\u5bc6\u7801\u5e76\u6267\u884c\u811a\u672c"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#64-ceph-monitor","text":"ssh-copy-id root@x.x.x.x","title":"6.4 \u90e8\u7f72\u8282\u70b9\u4e0eceph monitor\u505a\u4e92\u4fe1\uff08\u53ef\u9009\uff09"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#7-opensd","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"7. \u914d\u7f6eopensd"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#71","text":"\u5b89\u88c5 python3-pbr, python3-utils, python3-pyyaml, python3-oslo-utils\u5e76\u968f\u673a\u751f\u6210\u5bc6\u7801 dnf install python3-pbr python3-utils python3-pyyaml python3-oslo-utils -y # \u6267\u884c\u547d\u4ee4\u751f\u6210\u5bc6\u7801 opensd-genpwd # \u68c0\u67e5\u5bc6\u7801\u662f\u5426\u751f\u6210 cat /usr/local/share/opensd/etc_examples/opensd/passwords.yml","title":"7.1 \u751f\u6210\u968f\u673a\u5bc6\u7801"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#72-inventory","text":"\u4e3b\u673a\u4fe1\u606f\u5305\u542b\uff1a\u4e3b\u673a\u540d\u3001ansible_host IP\u3001availability_zone\uff0c\u4e09\u8005\u5747\u9700\u914d\u7f6e\u7f3a\u4e00\u4e0d\u53ef\uff0c\u793a\u4f8b\uff1a vim /usr/local/share/opensd/ansible/inventory/multinode # \u4e09\u53f0\u63a7\u5236\u8282\u70b9\u4e3b\u673a\u4fe1\u606f [control] controller1 ansible_host=10.0.0.35 availability_zone=az01.cell01.cn-yogadev-1 controller2 ansible_host=10.0.0.36 availability_zone=az01.cell01.cn-yogadev-1 controller3 ansible_host=10.0.0.37 availability_zone=az01.cell01.cn-yogadev-1 # \u7f51\u7edc\u8282\u70b9\u4fe1\u606f\uff0c\u4e0e\u63a7\u5236\u8282\u70b9\u4fdd\u6301\u4e00\u81f4 [network] controller1 ansible_host=10.0.0.35 availability_zone=az01.cell01.cn-yogadev-1 controller2 ansible_host=10.0.0.36 availability_zone=az01.cell01.cn-yogadev-1 controller3 ansible_host=10.0.0.37 availability_zone=az01.cell01.cn-yogadev-1 # cinder-volume\u670d\u52a1\u8282\u70b9\u4fe1\u606f [storage] storage1 ansible_host=10.0.0.61 availability_zone=az01.cell01.cn-yogadev-1 storage2 ansible_host=10.0.0.78 availability_zone=az01.cell01.cn-yogadev-1 storage3 ansible_host=10.0.0.82 availability_zone=az01.cell01.cn-yogadev-1 # Cell1 \u96c6\u7fa4\u4fe1\u606f [cell-control-cell1] cell1 ansible_host=10.0.0.24 availability_zone=az01.cell01.cn-yogadev-1 cell2 ansible_host=10.0.0.25 availability_zone=az01.cell01.cn-yogadev-1 cell3 ansible_host=10.0.0.26 availability_zone=az01.cell01.cn-yogadev-1 [compute-cell1] compute1 ansible_host=10.0.0.27 availability_zone=az01.cell01.cn-yogadev-1 compute2 ansible_host=10.0.0.28 availability_zone=az01.cell01.cn-yogadev-1 compute3 ansible_host=10.0.0.29 availability_zone=az01.cell01.cn-yogadev-1 [cell1:children] cell-control-cell1 compute-cell1 # Cell2\u96c6\u7fa4\u4fe1\u606f [cell-control-cell2] cell4 ansible_host=10.0.0.36 availability_zone=az03.cell02.cn-yogadev-1 cell5 ansible_host=10.0.0.37 availability_zone=az03.cell02.cn-yogadev-1 cell6 ansible_host=10.0.0.38 availability_zone=az03.cell02.cn-yogadev-1 [compute-cell2] compute4 ansible_host=10.0.0.39 availability_zone=az03.cell02.cn-yogadev-1 compute5 ansible_host=10.0.0.40 availability_zone=az03.cell02.cn-yogadev-1 compute6 ansible_host=10.0.0.41 availability_zone=az03.cell02.cn-yogadev-1 [cell2:children] cell-control-cell2 compute-cell2 [baremetal] [compute-cell1-ironic] # \u586b\u5199\u6240\u6709cell\u96c6\u7fa4\u7684control\u4e3b\u673a\u7ec4 [nova-conductor:children] cell-control-cell1 cell-control-cell2 # \u586b\u5199\u6240\u6709cell\u96c6\u7fa4\u7684compute\u4e3b\u673a\u7ec4 [nova-compute:children] compute-added compute-cell1 compute-cell2 # \u4e0b\u9762\u7684\u4e3b\u673a\u7ec4\u4fe1\u606f\u4e0d\u9700\u53d8\u52a8\uff0c\u4fdd\u7559\u5373\u53ef [compute-added] [chrony-server:children] control [pacemaker:children] control ...... ......","title":"7.2 \u914d\u7f6einventory\u6587\u4ef6"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#73","text":"\u6ce8: \u6587\u6863\u4e2d\u63d0\u5230\u7684\u6709\u6ce8\u91ca\u914d\u7f6e\u9879\u9700\u8981\u66f4\u6539\uff0c\u5176\u4ed6\u53c2\u6570\u4e0d\u9700\u8981\u66f4\u6539\uff0c\u82e5\u65e0\u76f8\u5173\u914d\u7f6e\u5219\u4e3a\u7a7a vim /usr/local/share/opensd/etc_examples/opensd/globals.yml ######################## # Network & Base options ######################## network_interface: \"eth0\" #\u7ba1\u7406\u7f51\u7edc\u7684\u7f51\u5361\u540d\u79f0 neutron_external_interface: \"eth1\" #\u4e1a\u52a1\u7f51\u7edc\u7684\u7f51\u5361\u540d\u79f0 cidr_netmask: 24 #\u7ba1\u7406\u7f51\u7684\u63a9\u7801 opensd_vip_address: 10.0.0.33 #\u63a7\u5236\u8282\u70b9\u865a\u62dfIP\u5730\u5740 cell1_vip_address: 10.0.0.34 #cell1\u96c6\u7fa4\u7684\u865a\u62dfIP\u5730\u5740 cell2_vip_address: 10.0.0.35 #cell2\u96c6\u7fa4\u7684\u865a\u62dfIP\u5730\u5740 external_fqdn: \"\" #\u7528\u4e8evnc\u8bbf\u95ee\u865a\u62df\u673a\u7684\u5916\u7f51\u57df\u540d\u5730\u5740 external_ntp_servers: [] #\u5916\u90e8ntp\u670d\u52a1\u5668\u5730\u5740 yumrepo_host: #yum\u6e90\u7684IP\u5730\u5740 yumrepo_port: #yum\u6e90\u7aef\u53e3\u53f7 environment: #yum\u6e90\u7684\u7c7b\u578b upgrade_all_packages: \"yes\" #\u662f\u5426\u5347\u7ea7\u6240\u6709\u5b89\u88c5\u7248\u7684\u7248\u672c(\u6267\u884cyum upgrade)\uff0c\u521d\u59cb\u90e8\u7f72\u8d44\u6e90\u8bf7\u8bbe\u7f6e\u4e3a\"yes\" enable_miner: \"no\" #\u662f\u5426\u5f00\u542f\u90e8\u7f72miner\u670d\u52a1 enable_chrony: \"no\" #\u662f\u5426\u5f00\u542f\u90e8\u7f72chrony\u670d\u52a1 enable_pri_mariadb: \"no\" #\u662f\u5426\u4e3a\u79c1\u6709\u4e91\u90e8\u7f72mariadb enable_hosts_file_modify: \"no\" # \u6269\u5bb9\u8ba1\u7b97\u8282\u70b9\u548c\u90e8\u7f72ironic\u670d\u52a1\u7684\u65f6\u5019\uff0c\u662f\u5426\u5c06\u8282\u70b9\u4fe1\u606f\u6dfb\u52a0\u5230`/etc/hosts` ######################## # Available zone options ######################## az_cephmon_compose: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az01\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az01\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az02\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az02\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az03\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az03\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: # `reserve_vcpu_based_on_numa`\u914d\u7f6e\u4e3a`yes` or `no`,\u4e3e\u4f8b\u8bf4\u660e\uff1a NUMA node0 CPU(s): 0-15,32-47 NUMA node1 CPU(s): 16-31,48-63 \u5f53reserve_vcpu_based_on_numa: \"yes\", \u6839\u636enuma node, \u5e73\u5747\u6bcf\u4e2anode\u9884\u7559vcpu: vcpu_pin_set = 2-15,34-47,18-31,50-63 \u5f53reserve_vcpu_based_on_numa: \"no\", \u4ece\u7b2c\u4e00\u4e2avcpu\u5f00\u59cb\uff0c\u987a\u5e8f\u9884\u7559vcpu: vcpu_pin_set = 8-64 ####################### # Nova options ####################### nova_reserved_host_memory_mb: 2048 #\u8ba1\u7b97\u8282\u70b9\u7ed9\u8ba1\u7b97\u670d\u52a1\u9884\u7559\u7684\u5185\u5b58\u5927\u5c0f enable_cells: \"yes\" #cell\u8282\u70b9\u662f\u5426\u5355\u72ec\u8282\u70b9\u90e8\u7f72 support_gpu: \"False\" #cell\u8282\u70b9\u662f\u5426\u6709GPU\u670d\u52a1\u5668\uff0c\u5982\u679c\u6709\u5219\u4e3aTrue\uff0c\u5426\u5219\u4e3aFalse ####################### # Neutron options ####################### monitor_ip: - 10.0.0.9 #\u914d\u7f6e\u76d1\u63a7\u8282\u70b9 - 10.0.0.10 enable_meter_full_eip: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8EIP\u5168\u91cf\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter_port_forwarding: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8port forwarding\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter_ecs_ipv6: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8ecs_ipv6\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter: True #\u914d\u7f6e\u662f\u5426\u5f00\u542f\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue is_sdn_arch: False #\u914d\u7f6e\u662f\u5426\u662fsdn\u67b6\u6784\uff0c\u9ed8\u8ba4\u4e3aFalse # \u9ed8\u8ba4\u4f7f\u80fd\u7684\u7f51\u7edc\u7c7b\u578b\u662fvlan,vlan\u548cvxlan\u4e24\u79cd\u7c7b\u578b\u53ea\u80fd\u4e8c\u9009\u4e00. enable_vxlan_network_type: False # \u9ed8\u8ba4\u4f7f\u80fd\u7684\u7f51\u7edc\u7c7b\u578b\u662fvlan,\u5982\u679c\u4f7f\u7528vxlan\u7f51\u7edc\uff0c\u914d\u7f6e\u4e3aTrue, \u5982\u679c\u4f7f\u7528vlan\u7f51\u7edc\uff0c\u914d\u7f6e\u4e3aFalse. enable_neutron_fwaas: False # \u73af\u5883\u6709\u4f7f\u7528\u9632\u706b\u5899, \u8bbe\u7f6e\u4e3aTrue, \u4f7f\u80fd\u9632\u62a4\u5899\u529f\u80fd. # Neutron provider neutron_provider_networks: network_types: \"{{ 'vxlan' if enable_vxlan_network_type else 'vlan' }}\" network_vlan_ranges: \"default:xxx:xxx\" #\u90e8\u7f72\u4e4b\u524d\u89c4\u5212\u7684\u4e1a\u52a1\u7f51\u7edcvlan\u8303\u56f4 network_mappings: \"default:br-provider\" network_interface: \"{{ neutron_external_interface }}\" network_vxlan_ranges: \"\" #\u90e8\u7f72\u4e4b\u524d\u89c4\u5212\u7684\u4e1a\u52a1\u7f51\u7edcvxlan\u8303\u56f4 # \u5982\u4e0b\u8fd9\u4e9b\u914d\u7f6e\u662fSND\u63a7\u5236\u5668\u7684\u914d\u7f6e\u53c2\u6570, `enable_sdn_controller`\u8bbe\u7f6e\u4e3aTrue, \u4f7f\u80fdSND\u63a7\u5236\u5668\u529f\u80fd. # \u5176\u4ed6\u53c2\u6570\u8bf7\u6839\u636e\u90e8\u7f72\u4e4b\u524d\u7684\u89c4\u5212\u548cSDN\u90e8\u7f72\u4fe1\u606f\u786e\u5b9a. enable_sdn_controller: False sdn_controller_ip_address: # SDN\u63a7\u5236\u5668ip\u5730\u5740 sdn_controller_username: # SDN\u63a7\u5236\u5668\u7684\u7528\u6237\u540d sdn_controller_password: # SDN\u63a7\u5236\u5668\u7684\u7528\u6237\u5bc6\u7801 ####################### # Dimsagent options ####################### enable_dimsagent: \"no\" # \u5b89\u88c5\u955c\u50cf\u670d\u52a1agent, \u9700\u8981\u6539\u4e3ayes # Address and domain name for s2 s3_address_domain_pair: - host_ip: host_name: ####################### # Trove options ####################### enable_trove: \"no\" #\u5b89\u88c5trove \u9700\u8981\u6539\u4e3ayes #default network trove_default_neutron_networks: #trove \u7684\u7ba1\u7406\u7f51\u7edcid `openstack network list|grep -w trove-mgmt|awk '{print$2}'` #s3 setup(\u5982\u679c\u6ca1\u6709s3,\u4ee5\u4e0b\u503c\u586bnull) s3_endpoint_host_ip: #s3\u7684ip s3_endpoint_host_name: #s3\u7684\u57df\u540d s3_endpoint_url: #s3\u7684url \u00b7\u4e00\u822c\u4e3ahttp\uff1a//s3\u57df\u540d s3_access_key: #s3\u7684ak s3_secret_key: #s3\u7684sk ####################### # Ironic options ####################### enable_ironic: \"no\" #\u662f\u5426\u5f00\u673a\u88f8\u91d1\u5c5e\u90e8\u7f72\uff0c\u9ed8\u8ba4\u4e0d\u5f00\u542f ironic_neutron_provisioning_network_uuid: ironic_neutron_cleaning_network_uuid: \"{{ ironic_neutron_provisioning_network_uuid }}\" ironic_dnsmasq_interface: ironic_dnsmasq_dhcp_range: ironic_tftp_server_address: \"{{ hostvars[inventory_hostname]['ansible_' + ironic_dnsmasq_interface]['ipv4']['address'] }}\" # \u4ea4\u6362\u673a\u8bbe\u5907\u76f8\u5173\u4fe1\u606f neutron_ml2_conf_genericswitch: genericswitch:xxxxxxx: device_type: ngs_mac_address: ip: username: password: ngs_port_default_vlan: # Package state setting haproxy_package_state: \"present\" mariadb_package_state: \"present\" rabbitmq_package_state: \"present\" memcached_package_state: \"present\" ceph_client_package_state: \"present\" keystone_package_state: \"present\" glance_package_state: \"present\" cinder_package_state: \"present\" nova_package_state: \"present\" neutron_package_state: \"present\" miner_package_state: \"present\"","title":"7.3 \u914d\u7f6e\u5168\u5c40\u53d8\u91cf"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#74-ssh","text":"dnf install ansible -y ansible all -i /usr/local/share/opensd/ansible/inventory/multinode -m ping # \u6267\u884c\u7ed3\u679c\u663e\u793a\u6bcf\u53f0\u4e3b\u673a\u90fd\u662f\"SUCCESS\"\u5373\u8bf4\u660e\u8fde\u63a5\u72b6\u6001\u6ca1\u95ee\u9898,\u793a\u4f8b\uff1a compute1 | SUCCESS => { \"ansible_facts\": { \"discovered_interpreter_python\": \"/usr/bin/python\" }, \"changed\": false, \"ping\": \"pong\" }","title":"7.4 \u68c0\u67e5\u6240\u6709\u8282\u70b9ssh\u8fde\u63a5\u72b6\u6001"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#8","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"8. \u6267\u884c\u90e8\u7f72"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#81-bootstrap","text":"# \u6267\u884c\u90e8\u7f72 opensd -i /usr/local/share/opensd/ansible/inventory/multinode bootstrap --forks 50","title":"8.1 \u6267\u884cbootstrap"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#82","text":"\u6ce8\uff1a\u6267\u884c\u91cd\u542f\u7684\u539f\u56e0\u662f:bootstrap\u53ef\u80fd\u4f1a\u5347\u5185\u6838,\u66f4\u6539selinux\u914d\u7f6e\u6216\u8005\u6709GPU\u670d\u52a1\u5668,\u5982\u679c\u88c5\u673a\u8fc7\u7a0b\u5df2\u7ecf\u662f\u65b0\u7248\u5185\u6838,selinux disable\u6216\u8005\u6ca1\u6709GPU\u670d\u52a1\u5668,\u5219\u4e0d\u9700\u8981\u6267\u884c\u8be5\u6b65\u9aa4 # \u624b\u52a8\u91cd\u542f\u5bf9\u5e94\u8282\u70b9,\u6267\u884c\u547d\u4ee4 init6 # \u91cd\u542f\u5b8c\u6210\u540e\uff0c\u518d\u6b21\u68c0\u67e5\u8fde\u901a\u6027 ansible all -i /usr/local/share/opensd/ansible/inventory/multinode -m ping # \u91cd\u542f\u5b8c\u540e\u64cd\u4f5c\u7cfb\u7edf\u540e\uff0c\u518d\u6b21\u542f\u52a8yum\u6e90","title":"8.2 \u91cd\u542f\u670d\u52a1\u5668"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#83","text":"opensd -i /usr/local/share/opensd/ansible/inventory/multinode prechecks --forks 50","title":"8.3 \u6267\u884c\u90e8\u7f72\u524d\u68c0\u67e5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-train/#84","text":"ln -s /usr/bin/python3 /usr/bin/python \u5168\u91cf\u90e8\u7f72\uff1a opensd -i /usr/local/share/opensd/ansible/inventory/multinode deploy --forks 50 \u5355\u670d\u52a1\u90e8\u7f72\uff1a opensd -i /usr/local/share/opensd/ansible/inventory/multinode deploy --forks 50 -t service_name","title":"8.4 \u6267\u884c\u90e8\u7f72"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/","text":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 OpenStack \u7b80\u4ecb \u00b6 OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 22.03-LTS-SP2\u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Wallaby \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002 \u7ea6\u5b9a \u00b6 OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a CinderSP1 Nova Neutron \u51c6\u5907\u73af\u5883 \u00b6 \u73af\u5883\u914d\u7f6e \u00b6 \u914d\u7f6e 22.03 LTS \u5b98\u65b9yum\u6e90\uff0c\u9700\u8981\u542f\u7528EPOL\u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301OpenStack yum update yum install openstack-release-wallaby yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP2/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.03-LTS-SP2/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute \u5b89\u88c5 SQL DataBase \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef \u5b89\u88c5 RabbitMQ \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5 Memcached \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u5b89\u88c5 OpenStack \u00b6 Keystone \u5b89\u88c5 \u00b6 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Placement\u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a source ~/.admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name Nova \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [libvirt] virt_type = qemu (CPT) cpu_mode = custom (CPT) cpu_model = cortex-a72 (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] vim /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } (CPT) \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL) Neutron \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service systemctl enable neutron-l3-agent.service systemctl restart openstack-nova-api.service neutron-server.service (CTL) neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list Cinder \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list horizon \u5b89\u88c5 \u00b6 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740 Tempest \u5b89\u88c5 \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Wallaby\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin Ironic \u5b89\u88c5 \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://172.20.19.13:5050/v1 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop transport_url = rabbit://openstack:RABBITPASSWD@controller:5672/ enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:123456@172.20.19.25:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 3\u3001\u914d\u7f6e\u6d88\u606f\u5ea6\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 4\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://control:5000 www_authenticate_uri = http://control:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = control:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True 5\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 6\u3001\u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c 7\u3001\u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\uff1a ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade 8\u3001\u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd deploy ramdisk\u955c\u50cf\u5236\u4f5c W\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528W\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\uff0c\u5982\u4e0b\uff1a \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a ![ironic-err](../../img/install/ironic-err.png) \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a w\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 1. \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a ``` [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ``` 2) ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 ``` [DEFAULT] enable_auto_tls = False ``` \u8bbe\u7f6e\u6743\u9650\uff1a ``` chown -R ipa.ipa /etc/ironic_python_agent/ ``` 3. \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service ``` [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target ``` Kolla \u5b89\u88c5 \u00b6 Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 22.03 LTS\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002 Trove \u5b89\u88c5 \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 ``shell script yum install openstack-trove python-troveclient 2. \u914d\u7f6e`trove.conf` ```shell script vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] project_domain_name = Default project_name = service user_domain_name = Default password = trove username = trove auth_url = http://controller:5000/v3/ auth_type = password [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = trove project_domain_name = Default user_domain_name = Default username = trove [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 **\u89e3\u91ca\uff1a** - [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP - nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint - nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b - transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 \u914d\u7f6e trove-guestagent.conf ```shell script vim /etc/trove/trove-guestagent.conf [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 **\u89e3\u91ca\uff1a** `guestagent`\u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 **\u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002** - `transport_url` \u4e3a`RabbitMQ`\u8fde\u63a5\u4fe1\u606f\uff0c`RABBIT_PASS`\u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d`TROVE_PASS`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 6. \u751f\u6210\u6570\u636e`Trove`\u6570\u636e\u5e93\u8868 ```shell script su -s /bin/sh -c \"trove-manage db_sync\" trove 4. \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e 1. \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 ```shell script systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2. \u542f\u52a8\u670d\u52a1 ```shell script systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Swift \u5b89\u88c5 \u00b6 Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service Cyborg \u5b89\u88c5 \u00b6 Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 \u5b89\u88c5Cyborg yum install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent Aodh \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u6ce8\u610f aodh\u4f9d\u8d56\u7684\u8f6f\u4ef6\u5305pytho3-pyparsing\u5728openEuler\u7684OS\u4ed3\u4e0d\u9002\u914d\uff0c\u9700\u8981\u8986\u76d6\u5b89\u88c5OpenStack\u5bf9\u5e94\u7248\u672c\uff0c\u53ef\u4ee5\u4f7f\u7528 yum list |grep pyparsing |grep OpenStack | awk '{print $2}' \u83b7\u53d6\u5bf9\u5e94\u7684\u7248\u672c VERSION,\u7136\u540e\u518d yum install -y python3-pyparsing-VERSION \u8986\u76d6\u5b89\u88c5\u9002\u914d\u7684pyparsing \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync \u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service Gnocchi \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade \u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service Ceilometer \u5b89\u88c5 \u00b6 \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade \u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Heat \u5b89\u88c5 \u00b6 \u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 \u00b6 oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 pip install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.03-LTS-SP2\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.03-lts-sp2 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r wallaby \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.03-lts-sp2 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"openEuler-22.03-LTS-SP2_Wallaby"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#openstack-wallaby","text":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72","title":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#openstack","text":"OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 22.03-LTS-SP2\u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Wallaby \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002","title":"OpenStack \u7b80\u4ecb"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#_1","text":"OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a CinderSP1 Nova Neutron","title":"\u7ea6\u5b9a"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#_2","text":"","title":"\u51c6\u5907\u73af\u5883"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#_3","text":"\u914d\u7f6e 22.03 LTS \u5b98\u65b9yum\u6e90\uff0c\u9700\u8981\u542f\u7528EPOL\u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301OpenStack yum update yum install openstack-release-wallaby yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP2/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.03-LTS-SP2/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute","title":"\u73af\u5883\u914d\u7f6e"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#sql-database","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef","title":"\u5b89\u88c5 SQL DataBase"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#rabbitmq","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5 RabbitMQ"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#memcached","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002","title":"\u5b89\u88c5 Memcached"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#openstack_1","text":"","title":"\u5b89\u88c5 OpenStack"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#keystone","text":"\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#glance","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#placement","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a source ~/.admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name","title":"Placement\u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#nova","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [libvirt] virt_type = qemu (CPT) cpu_mode = custom (CPT) cpu_model = cortex-a72 (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] vim /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } (CPT) \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL)","title":"Nova \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#neutron","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service systemctl enable neutron-l3-agent.service systemctl restart openstack-nova-api.service neutron-server.service (CTL) neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list","title":"Neutron \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#cinder","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list","title":"Cinder \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#horizon","text":"\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740","title":"horizon \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Wallaby\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin","title":"Tempest \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://172.20.19.13:5050/v1 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop transport_url = rabbit://openstack:RABBITPASSWD@controller:5672/ enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:123456@172.20.19.25:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 3\u3001\u914d\u7f6e\u6d88\u606f\u5ea6\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 4\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://control:5000 www_authenticate_uri = http://control:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = control:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True 5\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 6\u3001\u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c 7\u3001\u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\uff1a ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade 8\u3001\u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd deploy ramdisk\u955c\u50cf\u5236\u4f5c W\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528W\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\uff0c\u5982\u4e0b\uff1a \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a ![ironic-err](../../img/install/ironic-err.png) \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a w\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 1. \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a ``` [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ``` 2) ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 ``` [DEFAULT] enable_auto_tls = False ``` \u8bbe\u7f6e\u6743\u9650\uff1a ``` chown -R ipa.ipa /etc/ironic_python_agent/ ``` 3. \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service ``` [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target ```","title":"Ironic \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#kolla","text":"Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 22.03 LTS\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002","title":"Kolla \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 ``shell script yum install openstack-trove python-troveclient 2. \u914d\u7f6e`trove.conf` ```shell script vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] project_domain_name = Default project_name = service user_domain_name = Default password = trove username = trove auth_url = http://controller:5000/v3/ auth_type = password [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = trove project_domain_name = Default user_domain_name = Default username = trove [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 **\u89e3\u91ca\uff1a** - [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP - nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint - nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b - transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 \u914d\u7f6e trove-guestagent.conf ```shell script vim /etc/trove/trove-guestagent.conf [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 **\u89e3\u91ca\uff1a** `guestagent`\u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 **\u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002** - `transport_url` \u4e3a`RabbitMQ`\u8fde\u63a5\u4fe1\u606f\uff0c`RABBIT_PASS`\u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 - Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d`TROVE_PASS`\u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 6. \u751f\u6210\u6570\u636e`Trove`\u6570\u636e\u5e93\u8868 ```shell script su -s /bin/sh -c \"trove-manage db_sync\" trove 4. \u5b8c\u6210\u5b89\u88c5\u914d\u7f6e 1. \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 ```shell script systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service 2. \u542f\u52a8\u670d\u52a1 ```shell script systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#swift","text":"Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service","title":"Swift \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#cyborg","text":"Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 \u5b89\u88c5Cyborg yum install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent","title":"Cyborg \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#aodh","text":"\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u6ce8\u610f aodh\u4f9d\u8d56\u7684\u8f6f\u4ef6\u5305pytho3-pyparsing\u5728openEuler\u7684OS\u4ed3\u4e0d\u9002\u914d\uff0c\u9700\u8981\u8986\u76d6\u5b89\u88c5OpenStack\u5bf9\u5e94\u7248\u672c\uff0c\u53ef\u4ee5\u4f7f\u7528 yum list |grep pyparsing |grep OpenStack | awk '{print $2}' \u83b7\u53d6\u5bf9\u5e94\u7684\u7248\u672c VERSION,\u7136\u540e\u518d yum install -y python3-pyparsing-VERSION \u8986\u76d6\u5b89\u88c5\u9002\u914d\u7684pyparsing \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync \u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service","title":"Aodh \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#gnocchi","text":"\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade \u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service","title":"Gnocchi \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#ceilometer","text":"\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade \u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service","title":"Ceilometer \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#heat","text":"\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service","title":"Heat \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP2/OpenStack-wallaby/#openstack-sigoos","text":"oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 pip install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.03-LTS-SP2\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.03-lts-sp2 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r wallaby \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.03-lts-sp2 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"\u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/","text":"OpenStack-Train \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack-Train \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 \u57fa\u4e8eOpenStack SIG\u90e8\u7f72\u5de5\u5177opensd\u90e8\u7f72 \u90e8\u7f72\u6b65\u9aa4 1. \u90e8\u7f72\u524d\u9700\u8981\u786e\u8ba4\u7684\u4fe1\u606f 2. ceph pool\u4e0e\u8ba4\u8bc1\u521b\u5efa\uff08\u53ef\u9009\uff09 2.1 \u521b\u5efapool: 2.2 \u521d\u59cb\u5316pool 2.3 \u521b\u5efa\u7528\u6237\u8ba4\u8bc1 3. \u914d\u7f6elvm\uff08\u53ef\u9009\uff09 4. \u914d\u7f6eyum repo 4.1 \u5907\u4efdyum\u6e90 4.2 \u914d\u7f6eyum repo 4.3 \u66f4\u65b0yum\u7f13\u5b58 5. \u5b89\u88c5opensd 5.1 \u514b\u9686opensd\u6e90\u7801\u5e76\u5b89\u88c5 6. \u505assh\u4e92\u4fe1 6.1 \u751f\u6210\u5bc6\u94a5\u5bf9 6.2 \u751f\u6210\u4e3b\u673aIP\u5730\u5740\u6587\u4ef6 6.3 \u66f4\u6539\u5bc6\u7801\u5e76\u6267\u884c\u811a\u672c 6.4 \u90e8\u7f72\u8282\u70b9\u4e0eceph monitor\u505a\u4e92\u4fe1\uff08\u53ef\u9009\uff09 7. \u914d\u7f6eopensd 7.1 \u751f\u6210\u968f\u673a\u5bc6\u7801 7.2 \u914d\u7f6einventory\u6587\u4ef6 7.3 \u914d\u7f6e\u5168\u5c40\u53d8\u91cf 7.4 \u68c0\u67e5\u6240\u6709\u8282\u70b9ssh\u8fde\u63a5\u72b6\u6001 8. \u6267\u884c\u90e8\u7f72 8.1 \u6267\u884cbootstrap 8.2 \u91cd\u542f\u670d\u52a1\u5668 8.3 \u6267\u884c\u90e8\u7f72\u524d\u68c0\u67e5 8.4 \u6267\u884c\u90e8\u7f72 OpenStack \u7b80\u4ecb \u00b6 OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 22.03-LTS-SP3\u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Train \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002 \u7ea6\u5b9a \u00b6 OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron \u51c6\u5907\u73af\u5883 \u00b6 \u73af\u5883\u914d\u7f6e \u00b6 \u542f\u52a8OpenStack Train yum\u6e90 yum update yum install openstack-release-train yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute \u5b89\u88c5 SQL DataBase \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef \u5b89\u88c5 RabbitMQ \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5 Memcached \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u5b89\u88c5 OpenStack \u00b6 Keystone \u5b89\u88c5 \u00b6 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient==4.0.2 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Placement\u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a . admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name Nova \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u5219 virt_type \u53ef\u4ee5\u914d\u7f6e\u4e3a kvm \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF chown nova:nova /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u5e76\u4e14\u5f53ARM\u67b6\u6784\u4e0b\u7684\u90e8\u7f72\u73af\u5883\u4e3a\u5d4c\u5957\u865a\u62df\u5316\u65f6\uff0c libvirt \u914d\u7f6e\u5982\u4e0b\uff1a [libvirt] virt_type = qemu cpu_mode = custom cpu_model = cortex-a72 \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CTL) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL) Neutron \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl restart neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list Cinder \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list horizon \u5b89\u88c5 \u00b6 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740 Tempest \u5b89\u88c5 \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Train\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin Ironic \u5b89\u88c5 \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; 2. \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u542f\u52a8\u670d\u52a1 systemctl enable openstack-ironic-api openstack-ironic-conductor systemctl start openstack-ironic-api openstack-ironic-conductor \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y 2. \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7.deploy ramdisk\u955c\u50cf\u5236\u4f5c T\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528T\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728T\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a T\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target \u5728Train\u4e2d\uff0c\u6211\u4eec\u8fd8\u63d0\u4f9b\u4e86ironic-inspector\u7b49\u670d\u52a1\uff0c\u7528\u6237\u53ef\u6839\u636e\u81ea\u8eab\u9700\u6c42\u5b89\u88c5\u3002 Kolla \u5b89\u88c5 \u00b6 Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u8fdb\u884c\u76f8\u5173\u7684\u955c\u50cf\u5236\u4f5c\u548c\u5bb9\u5668\u73af\u5883\u90e8\u7f72\u4e86\u3002 Trove \u5b89\u88c5 \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 1.\u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; 2.\u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --domain default --password-prompt trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s 3.\u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1.\u5b89\u88c5 Trove \u5305 yum install openstack-trove python3-troveclient 2.\u914d\u7f6e trove.conf vim /etc/trove/trove.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller:5000/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 swift_url = http://controller:8080/v1/AUTH_ rpc_backend = rabbit transport_url = rabbit://openstack:RABBIT_PASS@controller:5672 auth_strategy = keystone add_addresses = True api_paste_config = /etc/trove/api-paste.ini nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASSWORD nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver = trove.network.neutron.NeutronDriver network_label_regex = .* [database] connection = mysql+pymysql://trove:TROVE_DBPASSWORD@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ auth_type = password project_domain_name = default user_domain_name = default project_name = service username = trove password = TROVE_PASSWORD \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 3.\u914d\u7f6e trove-guestagent.conf vim /etc/trove/trove-guestagent.conf rabbit_host = controller rabbit_password = RABBIT_PASS trove_auth_url = http://controller:5000/ \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 4.\u751f\u6210\u6570\u636e Trove \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"trove-manage db_sync\" trove 4.\u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Swift \u5b89\u88c5 \u00b6 Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service Cyborg \u5b89\u88c5 \u00b6 Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 1.\u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 3.\u5b89\u88c5Cyborg yum install openstack-cyborg 4.\u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f 5.\u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade 6.\u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent Aodh \u5b89\u88c5 \u00b6 1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 3.\u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync 6.\u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service Gnocchi \u5b89\u88c5 \u00b6 1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 3.\u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade 6.\u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service Ceilometer \u5b89\u88c5 \u00b6 1.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering 2.\u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central 3.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade 6.\u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Heat \u5b89\u88c5 \u00b6 1.\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; 2.\u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin 3.\u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 4.\u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user 5.\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine 6.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 7.\u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat 8.\u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 \u00b6 oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 pip install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.03-LTS-SP3\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.03-lts-SP3 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r train \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.03-lts-SP3 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002 \u57fa\u4e8eOpenStack SIG\u90e8\u7f72\u5de5\u5177opensd\u90e8\u7f72 \u00b6 opensd\u7528\u4e8e\u6279\u91cf\u5730\u811a\u672c\u5316\u90e8\u7f72openstack\u5404\u7ec4\u4ef6\u670d\u52a1\u3002 \u90e8\u7f72\u6b65\u9aa4 \u00b6 1. \u90e8\u7f72\u524d\u9700\u8981\u786e\u8ba4\u7684\u4fe1\u606f \u00b6 \u88c5\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u9700\u5c06selinux\u8bbe\u7f6e\u4e3adisable \u88c5\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u5c06/etc/ssh/sshd_config\u914d\u7f6e\u6587\u4ef6\u5185\u7684UseDNS\u8bbe\u7f6e\u4e3ano \u64cd\u4f5c\u7cfb\u7edf\u8bed\u8a00\u5fc5\u987b\u8bbe\u7f6e\u4e3a\u82f1\u6587 \u90e8\u7f72\u4e4b\u524d\u8bf7\u786e\u4fdd\u6240\u6709\u8ba1\u7b97\u8282\u70b9/etc/hosts\u6587\u4ef6\u5185\u6ca1\u6709\u5bf9\u8ba1\u7b97\u4e3b\u673a\u7684\u89e3\u6790 2. ceph pool\u4e0e\u8ba4\u8bc1\u521b\u5efa\uff08\u53ef\u9009\uff09 \u00b6 \u4e0d\u4f7f\u7528ceph\u6216\u5df2\u6709ceph\u96c6\u7fa4\u53ef\u5ffd\u7565\u6b64\u6b65\u9aa4 \u5728\u4efb\u610f\u4e00\u53f0ceph monitor\u8282\u70b9\u6267\u884c: 2.1 \u521b\u5efapool: \u00b6 ceph osd pool create volumes 2048 ceph osd pool create images 2048 2.2 \u521d\u59cb\u5316pool \u00b6 rbd pool init volumes rbd pool init images 2.3 \u521b\u5efa\u7528\u6237\u8ba4\u8bc1 \u00b6 ceph auth get-or-create client.glance mon 'profile rbd' osd 'profile rbd pool=images' mgr 'profile rbd pool=images' ceph auth get-or-create client.cinder mon 'profile rbd' osd 'profile rbd pool=volumes, profile rbd pool=images' mgr 'profile rbd pool=volumes' 3. \u914d\u7f6elvm\uff08\u53ef\u9009\uff09 \u00b6 \u6839\u636e\u7269\u7406\u673a\u78c1\u76d8\u914d\u7f6e\u4e0e\u95f2\u7f6e\u60c5\u51b5\uff0c\u4e3amysql\u6570\u636e\u76ee\u5f55\u6302\u8f7d\u989d\u5916\u7684\u78c1\u76d8\u7a7a\u95f4\u3002\u793a\u4f8b\u5982\u4e0b\uff08\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u505a\u914d\u7f6e\uff09\uff1a fdisk -l Disk /dev/sdd: 479.6 GB, 479559942144 bytes, 936640512 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes Disk label type: dos Disk identifier: 0x000ed242 \u521b\u5efa\u5206\u533a parted /dev/sdd mkparted 0 -1 \u521b\u5efapv partprobe /dev/sdd1 pvcreate /dev/sdd1 \u521b\u5efa\u3001\u6fc0\u6d3bvg vgcreate vg_mariadb /dev/sdd1 vgchange -ay vg_mariadb \u67e5\u770bvg\u5bb9\u91cf vgdisplay --- Volume group --- VG Name vg_mariadb System ID Format lvm2 Metadata Areas 1 Metadata Sequence No 2 VG Access read/write VG Status resizable MAX LV 0 Cur LV 1 Open LV 1 Max PV 0 Cur PV 1 Act PV 1 VG Size 446.62 GiB PE Size 4.00 MiB Total PE 114335 Alloc PE / Size 114176 / 446.00 GiB Free PE / Size 159 / 636.00 MiB VG UUID bVUmDc-VkMu-Vi43-mg27-TEkG-oQfK-TvqdEc \u521b\u5efalv lvcreate -L 446G -n lv_mariadb vg_mariadb \u683c\u5f0f\u5316\u78c1\u76d8\u5e76\u83b7\u53d6\u5377\u7684UUID mkfs.ext4 /dev/mapper/vg_mariadb-lv_mariadb blkid /dev/mapper/vg_mariadb-lv_mariadb /dev/mapper/vg_mariadb-lv_mariadb: UUID=\"98d513eb-5f64-4aa5-810e-dc7143884fa2\" TYPE=\"ext4\" \u6ce8\uff1a98d513eb-5f64-4aa5-810e-dc7143884fa2\u4e3a\u5377\u7684UUID \u6302\u8f7d\u78c1\u76d8 mount /dev/mapper/vg_mariadb-lv_mariadb /var/lib/mysql rm -rf /var/lib/mysql/* 4. \u914d\u7f6eyum repo \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 4.1 \u5907\u4efdyum\u6e90 \u00b6 mkdir /etc/yum.repos.d/bak/ mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak/ 4.2 \u914d\u7f6eyum repo \u00b6 cat > /etc/yum.repos.d/opensd.repo << EOF [train] name=train baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP3:/Epol:/Multi-Version:/OpenStack:/Train/standard_$basearch/ enabled=1 gpgcheck=0 [epol] name=epol baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP3:/Epol/standard_$basearch/ enabled=1 gpgcheck=0 [everything] name=everything baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP3/standard_$basearch/ enabled=1 gpgcheck=0 EOF 4.3 \u66f4\u65b0yum\u7f13\u5b58 \u00b6 yum clean all yum makecache 5. \u5b89\u88c5opensd \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 5.1 \u514b\u9686opensd\u6e90\u7801\u5e76\u5b89\u88c5 \u00b6 git clone https://gitee.com/openeuler/opensd cd opensd python3 setup.py install 6. \u505assh\u4e92\u4fe1 \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 6.1 \u751f\u6210\u5bc6\u94a5\u5bf9 \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\u5e76\u4e00\u8def\u56de\u8f66 ssh-keygen 6.2 \u751f\u6210\u4e3b\u673aIP\u5730\u5740\u6587\u4ef6 \u00b6 \u5728auto_ssh_host_ip\u4e2d\u914d\u7f6e\u6240\u6709\u7528\u5230\u7684\u4e3b\u673aip, \u793a\u4f8b\uff1a cd /usr/local/share/opensd/tools/ vim auto_ssh_host_ip 10.0.0.1 10.0.0.2 ... 10.0.0.10 6.3 \u66f4\u6539\u5bc6\u7801\u5e76\u6267\u884c\u811a\u672c \u00b6 \u5c06\u514d\u5bc6\u811a\u672c /usr/local/bin/opensd-auto-ssh \u5185123123\u66ff\u6362\u4e3a\u4e3b\u673a\u771f\u5b9e\u5bc6\u7801 # \u66ff\u6362\u811a\u672c\u5185123123\u5b57\u7b26\u4e32 vim /usr/local/bin/opensd-auto-ssh ## \u5b89\u88c5expect\u540e\u6267\u884c\u811a\u672c dnf install expect -y opensd-auto-ssh 6.4 \u90e8\u7f72\u8282\u70b9\u4e0eceph monitor\u505a\u4e92\u4fe1\uff08\u53ef\u9009\uff09 \u00b6 ssh-copy-id root@x.x.x.x 7. \u914d\u7f6eopensd \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 7.1 \u751f\u6210\u968f\u673a\u5bc6\u7801 \u00b6 \u5b89\u88c5 python3-pbr, python3-utils, python3-pyyaml, python3-oslo-utils\u5e76\u968f\u673a\u751f\u6210\u5bc6\u7801 dnf install python3-pbr python3-utils python3-pyyaml python3-oslo-utils -y # \u6267\u884c\u547d\u4ee4\u751f\u6210\u5bc6\u7801 opensd-genpwd # \u68c0\u67e5\u5bc6\u7801\u662f\u5426\u751f\u6210 cat /usr/local/share/opensd/etc_examples/opensd/passwords.yml 7.2 \u914d\u7f6einventory\u6587\u4ef6 \u00b6 \u4e3b\u673a\u4fe1\u606f\u5305\u542b\uff1a\u4e3b\u673a\u540d\u3001ansible_host IP\u3001availability_zone\uff0c\u4e09\u8005\u5747\u9700\u914d\u7f6e\u7f3a\u4e00\u4e0d\u53ef\uff0c\u793a\u4f8b\uff1a vim /usr/local/share/opensd/ansible/inventory/multinode # \u4e09\u53f0\u63a7\u5236\u8282\u70b9\u4e3b\u673a\u4fe1\u606f [control] controller1 ansible_host=10.0.0.35 availability_zone=az01.cell01.cn-yogadev-1 controller2 ansible_host=10.0.0.36 availability_zone=az01.cell01.cn-yogadev-1 controller3 ansible_host=10.0.0.37 availability_zone=az01.cell01.cn-yogadev-1 # \u7f51\u7edc\u8282\u70b9\u4fe1\u606f\uff0c\u4e0e\u63a7\u5236\u8282\u70b9\u4fdd\u6301\u4e00\u81f4 [network] controller1 ansible_host=10.0.0.35 availability_zone=az01.cell01.cn-yogadev-1 controller2 ansible_host=10.0.0.36 availability_zone=az01.cell01.cn-yogadev-1 controller3 ansible_host=10.0.0.37 availability_zone=az01.cell01.cn-yogadev-1 # cinder-volume\u670d\u52a1\u8282\u70b9\u4fe1\u606f [storage] storage1 ansible_host=10.0.0.61 availability_zone=az01.cell01.cn-yogadev-1 storage2 ansible_host=10.0.0.78 availability_zone=az01.cell01.cn-yogadev-1 storage3 ansible_host=10.0.0.82 availability_zone=az01.cell01.cn-yogadev-1 # Cell1 \u96c6\u7fa4\u4fe1\u606f [cell-control-cell1] cell1 ansible_host=10.0.0.24 availability_zone=az01.cell01.cn-yogadev-1 cell2 ansible_host=10.0.0.25 availability_zone=az01.cell01.cn-yogadev-1 cell3 ansible_host=10.0.0.26 availability_zone=az01.cell01.cn-yogadev-1 [compute-cell1] compute1 ansible_host=10.0.0.27 availability_zone=az01.cell01.cn-yogadev-1 compute2 ansible_host=10.0.0.28 availability_zone=az01.cell01.cn-yogadev-1 compute3 ansible_host=10.0.0.29 availability_zone=az01.cell01.cn-yogadev-1 [cell1:children] cell-control-cell1 compute-cell1 # Cell2\u96c6\u7fa4\u4fe1\u606f [cell-control-cell2] cell4 ansible_host=10.0.0.36 availability_zone=az03.cell02.cn-yogadev-1 cell5 ansible_host=10.0.0.37 availability_zone=az03.cell02.cn-yogadev-1 cell6 ansible_host=10.0.0.38 availability_zone=az03.cell02.cn-yogadev-1 [compute-cell2] compute4 ansible_host=10.0.0.39 availability_zone=az03.cell02.cn-yogadev-1 compute5 ansible_host=10.0.0.40 availability_zone=az03.cell02.cn-yogadev-1 compute6 ansible_host=10.0.0.41 availability_zone=az03.cell02.cn-yogadev-1 [cell2:children] cell-control-cell2 compute-cell2 [baremetal] [compute-cell1-ironic] # \u586b\u5199\u6240\u6709cell\u96c6\u7fa4\u7684control\u4e3b\u673a\u7ec4 [nova-conductor:children] cell-control-cell1 cell-control-cell2 # \u586b\u5199\u6240\u6709cell\u96c6\u7fa4\u7684compute\u4e3b\u673a\u7ec4 [nova-compute:children] compute-added compute-cell1 compute-cell2 # \u4e0b\u9762\u7684\u4e3b\u673a\u7ec4\u4fe1\u606f\u4e0d\u9700\u53d8\u52a8\uff0c\u4fdd\u7559\u5373\u53ef [compute-added] [chrony-server:children] control [pacemaker:children] control ...... ...... 7.3 \u914d\u7f6e\u5168\u5c40\u53d8\u91cf \u00b6 \u6ce8: \u6587\u6863\u4e2d\u63d0\u5230\u7684\u6709\u6ce8\u91ca\u914d\u7f6e\u9879\u9700\u8981\u66f4\u6539\uff0c\u5176\u4ed6\u53c2\u6570\u4e0d\u9700\u8981\u66f4\u6539\uff0c\u82e5\u65e0\u76f8\u5173\u914d\u7f6e\u5219\u4e3a\u7a7a vim /usr/local/share/opensd/etc_examples/opensd/globals.yml ######################## # Network & Base options ######################## network_interface: \"eth0\" #\u7ba1\u7406\u7f51\u7edc\u7684\u7f51\u5361\u540d\u79f0 neutron_external_interface: \"eth1\" #\u4e1a\u52a1\u7f51\u7edc\u7684\u7f51\u5361\u540d\u79f0 cidr_netmask: 24 #\u7ba1\u7406\u7f51\u7684\u63a9\u7801 opensd_vip_address: 10.0.0.33 #\u63a7\u5236\u8282\u70b9\u865a\u62dfIP\u5730\u5740 cell1_vip_address: 10.0.0.34 #cell1\u96c6\u7fa4\u7684\u865a\u62dfIP\u5730\u5740 cell2_vip_address: 10.0.0.35 #cell2\u96c6\u7fa4\u7684\u865a\u62dfIP\u5730\u5740 external_fqdn: \"\" #\u7528\u4e8evnc\u8bbf\u95ee\u865a\u62df\u673a\u7684\u5916\u7f51\u57df\u540d\u5730\u5740 external_ntp_servers: [] #\u5916\u90e8ntp\u670d\u52a1\u5668\u5730\u5740 yumrepo_host: #yum\u6e90\u7684IP\u5730\u5740 yumrepo_port: #yum\u6e90\u7aef\u53e3\u53f7 environment: #yum\u6e90\u7684\u7c7b\u578b upgrade_all_packages: \"yes\" #\u662f\u5426\u5347\u7ea7\u6240\u6709\u5b89\u88c5\u7248\u7684\u7248\u672c(\u6267\u884cyum upgrade)\uff0c\u521d\u59cb\u90e8\u7f72\u8d44\u6e90\u8bf7\u8bbe\u7f6e\u4e3a\"yes\" enable_miner: \"no\" #\u662f\u5426\u5f00\u542f\u90e8\u7f72miner\u670d\u52a1 enable_chrony: \"no\" #\u662f\u5426\u5f00\u542f\u90e8\u7f72chrony\u670d\u52a1 enable_pri_mariadb: \"no\" #\u662f\u5426\u4e3a\u79c1\u6709\u4e91\u90e8\u7f72mariadb enable_hosts_file_modify: \"no\" # \u6269\u5bb9\u8ba1\u7b97\u8282\u70b9\u548c\u90e8\u7f72ironic\u670d\u52a1\u7684\u65f6\u5019\uff0c\u662f\u5426\u5c06\u8282\u70b9\u4fe1\u606f\u6dfb\u52a0\u5230`/etc/hosts` ######################## # Available zone options ######################## az_cephmon_compose: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az01\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az01\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az02\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az02\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az03\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az03\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: # `reserve_vcpu_based_on_numa`\u914d\u7f6e\u4e3a`yes` or `no`,\u4e3e\u4f8b\u8bf4\u660e\uff1a NUMA node0 CPU(s): 0-15,32-47 NUMA node1 CPU(s): 16-31,48-63 \u5f53reserve_vcpu_based_on_numa: \"yes\", \u6839\u636enuma node, \u5e73\u5747\u6bcf\u4e2anode\u9884\u7559vcpu: vcpu_pin_set = 2-15,34-47,18-31,50-63 \u5f53reserve_vcpu_based_on_numa: \"no\", \u4ece\u7b2c\u4e00\u4e2avcpu\u5f00\u59cb\uff0c\u987a\u5e8f\u9884\u7559vcpu: vcpu_pin_set = 8-64 ####################### # Nova options ####################### nova_reserved_host_memory_mb: 2048 #\u8ba1\u7b97\u8282\u70b9\u7ed9\u8ba1\u7b97\u670d\u52a1\u9884\u7559\u7684\u5185\u5b58\u5927\u5c0f enable_cells: \"yes\" #cell\u8282\u70b9\u662f\u5426\u5355\u72ec\u8282\u70b9\u90e8\u7f72 support_gpu: \"False\" #cell\u8282\u70b9\u662f\u5426\u6709GPU\u670d\u52a1\u5668\uff0c\u5982\u679c\u6709\u5219\u4e3aTrue\uff0c\u5426\u5219\u4e3aFalse ####################### # Neutron options ####################### monitor_ip: - 10.0.0.9 #\u914d\u7f6e\u76d1\u63a7\u8282\u70b9 - 10.0.0.10 enable_meter_full_eip: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8EIP\u5168\u91cf\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter_port_forwarding: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8port forwarding\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter_ecs_ipv6: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8ecs_ipv6\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter: True #\u914d\u7f6e\u662f\u5426\u5f00\u542f\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue is_sdn_arch: False #\u914d\u7f6e\u662f\u5426\u662fsdn\u67b6\u6784\uff0c\u9ed8\u8ba4\u4e3aFalse # \u9ed8\u8ba4\u4f7f\u80fd\u7684\u7f51\u7edc\u7c7b\u578b\u662fvlan,vlan\u548cvxlan\u4e24\u79cd\u7c7b\u578b\u53ea\u80fd\u4e8c\u9009\u4e00. enable_vxlan_network_type: False # \u9ed8\u8ba4\u4f7f\u80fd\u7684\u7f51\u7edc\u7c7b\u578b\u662fvlan,\u5982\u679c\u4f7f\u7528vxlan\u7f51\u7edc\uff0c\u914d\u7f6e\u4e3aTrue, \u5982\u679c\u4f7f\u7528vlan\u7f51\u7edc\uff0c\u914d\u7f6e\u4e3aFalse. enable_neutron_fwaas: False # \u73af\u5883\u6709\u4f7f\u7528\u9632\u706b\u5899, \u8bbe\u7f6e\u4e3aTrue, \u4f7f\u80fd\u9632\u62a4\u5899\u529f\u80fd. # Neutron provider neutron_provider_networks: network_types: \"{{ 'vxlan' if enable_vxlan_network_type else 'vlan' }}\" network_vlan_ranges: \"default:xxx:xxx\" #\u90e8\u7f72\u4e4b\u524d\u89c4\u5212\u7684\u4e1a\u52a1\u7f51\u7edcvlan\u8303\u56f4 network_mappings: \"default:br-provider\" network_interface: \"{{ neutron_external_interface }}\" network_vxlan_ranges: \"\" #\u90e8\u7f72\u4e4b\u524d\u89c4\u5212\u7684\u4e1a\u52a1\u7f51\u7edcvxlan\u8303\u56f4 # \u5982\u4e0b\u8fd9\u4e9b\u914d\u7f6e\u662fSND\u63a7\u5236\u5668\u7684\u914d\u7f6e\u53c2\u6570, `enable_sdn_controller`\u8bbe\u7f6e\u4e3aTrue, \u4f7f\u80fdSND\u63a7\u5236\u5668\u529f\u80fd. # \u5176\u4ed6\u53c2\u6570\u8bf7\u6839\u636e\u90e8\u7f72\u4e4b\u524d\u7684\u89c4\u5212\u548cSDN\u90e8\u7f72\u4fe1\u606f\u786e\u5b9a. enable_sdn_controller: False sdn_controller_ip_address: # SDN\u63a7\u5236\u5668ip\u5730\u5740 sdn_controller_username: # SDN\u63a7\u5236\u5668\u7684\u7528\u6237\u540d sdn_controller_password: # SDN\u63a7\u5236\u5668\u7684\u7528\u6237\u5bc6\u7801 ####################### # Dimsagent options ####################### enable_dimsagent: \"no\" # \u5b89\u88c5\u955c\u50cf\u670d\u52a1agent, \u9700\u8981\u6539\u4e3ayes # Address and domain name for s2 s3_address_domain_pair: - host_ip: host_name: ####################### # Trove options ####################### enable_trove: \"no\" #\u5b89\u88c5trove \u9700\u8981\u6539\u4e3ayes #default network trove_default_neutron_networks: #trove \u7684\u7ba1\u7406\u7f51\u7edcid `openstack network list|grep -w trove-mgmt|awk '{print$2}'` #s3 setup(\u5982\u679c\u6ca1\u6709s3,\u4ee5\u4e0b\u503c\u586bnull) s3_endpoint_host_ip: #s3\u7684ip s3_endpoint_host_name: #s3\u7684\u57df\u540d s3_endpoint_url: #s3\u7684url \u00b7\u4e00\u822c\u4e3ahttp\uff1a//s3\u57df\u540d s3_access_key: #s3\u7684ak s3_secret_key: #s3\u7684sk ####################### # Ironic options ####################### enable_ironic: \"no\" #\u662f\u5426\u5f00\u673a\u88f8\u91d1\u5c5e\u90e8\u7f72\uff0c\u9ed8\u8ba4\u4e0d\u5f00\u542f ironic_neutron_provisioning_network_uuid: ironic_neutron_cleaning_network_uuid: \"{{ ironic_neutron_provisioning_network_uuid }}\" ironic_dnsmasq_interface: ironic_dnsmasq_dhcp_range: ironic_tftp_server_address: \"{{ hostvars[inventory_hostname]['ansible_' + ironic_dnsmasq_interface]['ipv4']['address'] }}\" # \u4ea4\u6362\u673a\u8bbe\u5907\u76f8\u5173\u4fe1\u606f neutron_ml2_conf_genericswitch: genericswitch:xxxxxxx: device_type: ngs_mac_address: ip: username: password: ngs_port_default_vlan: # Package state setting haproxy_package_state: \"present\" mariadb_package_state: \"present\" rabbitmq_package_state: \"present\" memcached_package_state: \"present\" ceph_client_package_state: \"present\" keystone_package_state: \"present\" glance_package_state: \"present\" cinder_package_state: \"present\" nova_package_state: \"present\" neutron_package_state: \"present\" miner_package_state: \"present\" 7.4 \u68c0\u67e5\u6240\u6709\u8282\u70b9ssh\u8fde\u63a5\u72b6\u6001 \u00b6 dnf install ansible -y ansible all -i /usr/local/share/opensd/ansible/inventory/multinode -m ping # \u6267\u884c\u7ed3\u679c\u663e\u793a\u6bcf\u53f0\u4e3b\u673a\u90fd\u662f\"SUCCESS\"\u5373\u8bf4\u660e\u8fde\u63a5\u72b6\u6001\u6ca1\u95ee\u9898,\u793a\u4f8b\uff1a compute1 | SUCCESS => { \"ansible_facts\": { \"discovered_interpreter_python\": \"/usr/bin/python\" }, \"changed\": false, \"ping\": \"pong\" } 8. \u6267\u884c\u90e8\u7f72 \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 8.1 \u6267\u884cbootstrap \u00b6 # \u6267\u884c\u90e8\u7f72 opensd -i /usr/local/share/opensd/ansible/inventory/multinode bootstrap --forks 50 8.2 \u91cd\u542f\u670d\u52a1\u5668 \u00b6 \u6ce8\uff1a\u6267\u884c\u91cd\u542f\u7684\u539f\u56e0\u662f:bootstrap\u53ef\u80fd\u4f1a\u5347\u5185\u6838,\u66f4\u6539selinux\u914d\u7f6e\u6216\u8005\u6709GPU\u670d\u52a1\u5668,\u5982\u679c\u88c5\u673a\u8fc7\u7a0b\u5df2\u7ecf\u662f\u65b0\u7248\u5185\u6838,selinux disable\u6216\u8005\u6ca1\u6709GPU\u670d\u52a1\u5668,\u5219\u4e0d\u9700\u8981\u6267\u884c\u8be5\u6b65\u9aa4 # \u624b\u52a8\u91cd\u542f\u5bf9\u5e94\u8282\u70b9,\u6267\u884c\u547d\u4ee4 init6 # \u91cd\u542f\u5b8c\u6210\u540e\uff0c\u518d\u6b21\u68c0\u67e5\u8fde\u901a\u6027 ansible all -i /usr/local/share/opensd/ansible/inventory/multinode -m ping # \u91cd\u542f\u5b8c\u540e\u64cd\u4f5c\u7cfb\u7edf\u540e\uff0c\u518d\u6b21\u542f\u52a8yum\u6e90 8.3 \u6267\u884c\u90e8\u7f72\u524d\u68c0\u67e5 \u00b6 opensd -i /usr/local/share/opensd/ansible/inventory/multinode prechecks --forks 50 8.4 \u6267\u884c\u90e8\u7f72 \u00b6 ln -s /usr/bin/python3 /usr/bin/python \u5168\u91cf\u90e8\u7f72\uff1a opensd -i /usr/local/share/opensd/ansible/inventory/multinode deploy --forks 50 \u5355\u670d\u52a1\u90e8\u7f72\uff1a opensd -i /usr/local/share/opensd/ansible/inventory/multinode deploy --forks 50 -t service_name","title":"openEuler-22.03-LTS-SP3_Train"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#openstack-train","text":"OpenStack-Train \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 \u57fa\u4e8eOpenStack SIG\u90e8\u7f72\u5de5\u5177opensd\u90e8\u7f72 \u90e8\u7f72\u6b65\u9aa4 1. \u90e8\u7f72\u524d\u9700\u8981\u786e\u8ba4\u7684\u4fe1\u606f 2. ceph pool\u4e0e\u8ba4\u8bc1\u521b\u5efa\uff08\u53ef\u9009\uff09 2.1 \u521b\u5efapool: 2.2 \u521d\u59cb\u5316pool 2.3 \u521b\u5efa\u7528\u6237\u8ba4\u8bc1 3. \u914d\u7f6elvm\uff08\u53ef\u9009\uff09 4. \u914d\u7f6eyum repo 4.1 \u5907\u4efdyum\u6e90 4.2 \u914d\u7f6eyum repo 4.3 \u66f4\u65b0yum\u7f13\u5b58 5. \u5b89\u88c5opensd 5.1 \u514b\u9686opensd\u6e90\u7801\u5e76\u5b89\u88c5 6. \u505assh\u4e92\u4fe1 6.1 \u751f\u6210\u5bc6\u94a5\u5bf9 6.2 \u751f\u6210\u4e3b\u673aIP\u5730\u5740\u6587\u4ef6 6.3 \u66f4\u6539\u5bc6\u7801\u5e76\u6267\u884c\u811a\u672c 6.4 \u90e8\u7f72\u8282\u70b9\u4e0eceph monitor\u505a\u4e92\u4fe1\uff08\u53ef\u9009\uff09 7. \u914d\u7f6eopensd 7.1 \u751f\u6210\u968f\u673a\u5bc6\u7801 7.2 \u914d\u7f6einventory\u6587\u4ef6 7.3 \u914d\u7f6e\u5168\u5c40\u53d8\u91cf 7.4 \u68c0\u67e5\u6240\u6709\u8282\u70b9ssh\u8fde\u63a5\u72b6\u6001 8. \u6267\u884c\u90e8\u7f72 8.1 \u6267\u884cbootstrap 8.2 \u91cd\u542f\u670d\u52a1\u5668 8.3 \u6267\u884c\u90e8\u7f72\u524d\u68c0\u67e5 8.4 \u6267\u884c\u90e8\u7f72","title":"OpenStack-Train \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#openstack","text":"OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 22.03-LTS-SP3\u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Train \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002","title":"OpenStack \u7b80\u4ecb"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#_1","text":"OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron","title":"\u7ea6\u5b9a"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#_2","text":"","title":"\u51c6\u5907\u73af\u5883"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#_3","text":"\u542f\u52a8OpenStack Train yum\u6e90 yum update yum install openstack-release-train yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute","title":"\u73af\u5883\u914d\u7f6e"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#sql-database","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef","title":"\u5b89\u88c5 SQL DataBase"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#rabbitmq","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5 RabbitMQ"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#memcached","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002","title":"\u5b89\u88c5 Memcached"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#openstack_1","text":"","title":"\u5b89\u88c5 OpenStack"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#keystone","text":"\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient==4.0.2 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#glance","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#placement","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a . admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name","title":"Placement\u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#nova","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u5219 virt_type \u53ef\u4ee5\u914d\u7f6e\u4e3a kvm \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF chown nova:nova /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u5e76\u4e14\u5f53ARM\u67b6\u6784\u4e0b\u7684\u90e8\u7f72\u73af\u5883\u4e3a\u5d4c\u5957\u865a\u62df\u5316\u65f6\uff0c libvirt \u914d\u7f6e\u5982\u4e0b\uff1a [libvirt] virt_type = qemu cpu_mode = custom cpu_model = cortex-a72 \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CTL) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL)","title":"Nova \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#neutron","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl restart neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list","title":"Neutron \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#cinder","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list","title":"Cinder \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#horizon","text":"\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740","title":"horizon \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Train\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin","title":"Tempest \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; 2. \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u542f\u52a8\u670d\u52a1 systemctl enable openstack-ironic-api openstack-ironic-conductor systemctl start openstack-ironic-api openstack-ironic-conductor \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y 2. \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7.deploy ramdisk\u955c\u50cf\u5236\u4f5c T\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528T\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728T\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a T\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target \u5728Train\u4e2d\uff0c\u6211\u4eec\u8fd8\u63d0\u4f9b\u4e86ironic-inspector\u7b49\u670d\u52a1\uff0c\u7528\u6237\u53ef\u6839\u636e\u81ea\u8eab\u9700\u6c42\u5b89\u88c5\u3002","title":"Ironic \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#kolla","text":"Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u8fdb\u884c\u76f8\u5173\u7684\u955c\u50cf\u5236\u4f5c\u548c\u5bb9\u5668\u73af\u5883\u90e8\u7f72\u4e86\u3002","title":"Kolla \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 1.\u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; 2.\u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --domain default --password-prompt trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s 3.\u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1.\u5b89\u88c5 Trove \u5305 yum install openstack-trove python3-troveclient 2.\u914d\u7f6e trove.conf vim /etc/trove/trove.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller:5000/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 swift_url = http://controller:8080/v1/AUTH_ rpc_backend = rabbit transport_url = rabbit://openstack:RABBIT_PASS@controller:5672 auth_strategy = keystone add_addresses = True api_paste_config = /etc/trove/api-paste.ini nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASSWORD nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver = trove.network.neutron.NeutronDriver network_label_regex = .* [database] connection = mysql+pymysql://trove:TROVE_DBPASSWORD@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ auth_type = password project_domain_name = default user_domain_name = default project_name = service username = trove password = TROVE_PASSWORD \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 3.\u914d\u7f6e trove-guestagent.conf vim /etc/trove/trove-guestagent.conf rabbit_host = controller rabbit_password = RABBIT_PASS trove_auth_url = http://controller:5000/ \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 4.\u751f\u6210\u6570\u636e Trove \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"trove-manage db_sync\" trove 4.\u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#swift","text":"Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service","title":"Swift \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#cyborg","text":"Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 1.\u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 3.\u5b89\u88c5Cyborg yum install openstack-cyborg 4.\u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f 5.\u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade 6.\u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent","title":"Cyborg \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#aodh","text":"1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 3.\u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync 6.\u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service","title":"Aodh \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#gnocchi","text":"1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 3.\u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade 6.\u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service","title":"Gnocchi \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#ceilometer","text":"1.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering 2.\u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central 3.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade 6.\u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service","title":"Ceilometer \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#heat","text":"1.\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; 2.\u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin 3.\u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 4.\u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user 5.\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine 6.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 7.\u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat 8.\u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service","title":"Heat \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#openstack-sigoos","text":"oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 pip install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.03-LTS-SP3\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.03-lts-SP3 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r train \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.03-lts-SP3 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"\u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#openstack-sigopensd","text":"opensd\u7528\u4e8e\u6279\u91cf\u5730\u811a\u672c\u5316\u90e8\u7f72openstack\u5404\u7ec4\u4ef6\u670d\u52a1\u3002","title":"\u57fa\u4e8eOpenStack SIG\u90e8\u7f72\u5de5\u5177opensd\u90e8\u7f72"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#_4","text":"","title":"\u90e8\u7f72\u6b65\u9aa4"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#1","text":"\u88c5\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u9700\u5c06selinux\u8bbe\u7f6e\u4e3adisable \u88c5\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u5c06/etc/ssh/sshd_config\u914d\u7f6e\u6587\u4ef6\u5185\u7684UseDNS\u8bbe\u7f6e\u4e3ano \u64cd\u4f5c\u7cfb\u7edf\u8bed\u8a00\u5fc5\u987b\u8bbe\u7f6e\u4e3a\u82f1\u6587 \u90e8\u7f72\u4e4b\u524d\u8bf7\u786e\u4fdd\u6240\u6709\u8ba1\u7b97\u8282\u70b9/etc/hosts\u6587\u4ef6\u5185\u6ca1\u6709\u5bf9\u8ba1\u7b97\u4e3b\u673a\u7684\u89e3\u6790","title":"1. \u90e8\u7f72\u524d\u9700\u8981\u786e\u8ba4\u7684\u4fe1\u606f"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#2-ceph-pool","text":"\u4e0d\u4f7f\u7528ceph\u6216\u5df2\u6709ceph\u96c6\u7fa4\u53ef\u5ffd\u7565\u6b64\u6b65\u9aa4 \u5728\u4efb\u610f\u4e00\u53f0ceph monitor\u8282\u70b9\u6267\u884c:","title":"2. ceph pool\u4e0e\u8ba4\u8bc1\u521b\u5efa\uff08\u53ef\u9009\uff09"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#21-pool","text":"ceph osd pool create volumes 2048 ceph osd pool create images 2048","title":"2.1 \u521b\u5efapool:"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#22-pool","text":"rbd pool init volumes rbd pool init images","title":"2.2 \u521d\u59cb\u5316pool"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#23","text":"ceph auth get-or-create client.glance mon 'profile rbd' osd 'profile rbd pool=images' mgr 'profile rbd pool=images' ceph auth get-or-create client.cinder mon 'profile rbd' osd 'profile rbd pool=volumes, profile rbd pool=images' mgr 'profile rbd pool=volumes'","title":"2.3 \u521b\u5efa\u7528\u6237\u8ba4\u8bc1"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#3-lvm","text":"\u6839\u636e\u7269\u7406\u673a\u78c1\u76d8\u914d\u7f6e\u4e0e\u95f2\u7f6e\u60c5\u51b5\uff0c\u4e3amysql\u6570\u636e\u76ee\u5f55\u6302\u8f7d\u989d\u5916\u7684\u78c1\u76d8\u7a7a\u95f4\u3002\u793a\u4f8b\u5982\u4e0b\uff08\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u505a\u914d\u7f6e\uff09\uff1a fdisk -l Disk /dev/sdd: 479.6 GB, 479559942144 bytes, 936640512 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes Disk label type: dos Disk identifier: 0x000ed242 \u521b\u5efa\u5206\u533a parted /dev/sdd mkparted 0 -1 \u521b\u5efapv partprobe /dev/sdd1 pvcreate /dev/sdd1 \u521b\u5efa\u3001\u6fc0\u6d3bvg vgcreate vg_mariadb /dev/sdd1 vgchange -ay vg_mariadb \u67e5\u770bvg\u5bb9\u91cf vgdisplay --- Volume group --- VG Name vg_mariadb System ID Format lvm2 Metadata Areas 1 Metadata Sequence No 2 VG Access read/write VG Status resizable MAX LV 0 Cur LV 1 Open LV 1 Max PV 0 Cur PV 1 Act PV 1 VG Size 446.62 GiB PE Size 4.00 MiB Total PE 114335 Alloc PE / Size 114176 / 446.00 GiB Free PE / Size 159 / 636.00 MiB VG UUID bVUmDc-VkMu-Vi43-mg27-TEkG-oQfK-TvqdEc \u521b\u5efalv lvcreate -L 446G -n lv_mariadb vg_mariadb \u683c\u5f0f\u5316\u78c1\u76d8\u5e76\u83b7\u53d6\u5377\u7684UUID mkfs.ext4 /dev/mapper/vg_mariadb-lv_mariadb blkid /dev/mapper/vg_mariadb-lv_mariadb /dev/mapper/vg_mariadb-lv_mariadb: UUID=\"98d513eb-5f64-4aa5-810e-dc7143884fa2\" TYPE=\"ext4\" \u6ce8\uff1a98d513eb-5f64-4aa5-810e-dc7143884fa2\u4e3a\u5377\u7684UUID \u6302\u8f7d\u78c1\u76d8 mount /dev/mapper/vg_mariadb-lv_mariadb /var/lib/mysql rm -rf /var/lib/mysql/*","title":"3. \u914d\u7f6elvm\uff08\u53ef\u9009\uff09"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#4-yum-repo","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"4. \u914d\u7f6eyum repo"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#41-yum","text":"mkdir /etc/yum.repos.d/bak/ mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak/","title":"4.1 \u5907\u4efdyum\u6e90"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#42-yum-repo","text":"cat > /etc/yum.repos.d/opensd.repo << EOF [train] name=train baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP3:/Epol:/Multi-Version:/OpenStack:/Train/standard_$basearch/ enabled=1 gpgcheck=0 [epol] name=epol baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP3:/Epol/standard_$basearch/ enabled=1 gpgcheck=0 [everything] name=everything baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP3/standard_$basearch/ enabled=1 gpgcheck=0 EOF","title":"4.2 \u914d\u7f6eyum repo"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#43-yum","text":"yum clean all yum makecache","title":"4.3 \u66f4\u65b0yum\u7f13\u5b58"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#5-opensd","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"5. \u5b89\u88c5opensd"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#51-opensd","text":"git clone https://gitee.com/openeuler/opensd cd opensd python3 setup.py install","title":"5.1 \u514b\u9686opensd\u6e90\u7801\u5e76\u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#6-ssh","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"6. \u505assh\u4e92\u4fe1"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#61","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u5e76\u4e00\u8def\u56de\u8f66 ssh-keygen","title":"6.1 \u751f\u6210\u5bc6\u94a5\u5bf9"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#62-ip","text":"\u5728auto_ssh_host_ip\u4e2d\u914d\u7f6e\u6240\u6709\u7528\u5230\u7684\u4e3b\u673aip, \u793a\u4f8b\uff1a cd /usr/local/share/opensd/tools/ vim auto_ssh_host_ip 10.0.0.1 10.0.0.2 ... 10.0.0.10","title":"6.2 \u751f\u6210\u4e3b\u673aIP\u5730\u5740\u6587\u4ef6"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#63","text":"\u5c06\u514d\u5bc6\u811a\u672c /usr/local/bin/opensd-auto-ssh \u5185123123\u66ff\u6362\u4e3a\u4e3b\u673a\u771f\u5b9e\u5bc6\u7801 # \u66ff\u6362\u811a\u672c\u5185123123\u5b57\u7b26\u4e32 vim /usr/local/bin/opensd-auto-ssh ## \u5b89\u88c5expect\u540e\u6267\u884c\u811a\u672c dnf install expect -y opensd-auto-ssh","title":"6.3 \u66f4\u6539\u5bc6\u7801\u5e76\u6267\u884c\u811a\u672c"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#64-ceph-monitor","text":"ssh-copy-id root@x.x.x.x","title":"6.4 \u90e8\u7f72\u8282\u70b9\u4e0eceph monitor\u505a\u4e92\u4fe1\uff08\u53ef\u9009\uff09"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#7-opensd","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"7. \u914d\u7f6eopensd"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#71","text":"\u5b89\u88c5 python3-pbr, python3-utils, python3-pyyaml, python3-oslo-utils\u5e76\u968f\u673a\u751f\u6210\u5bc6\u7801 dnf install python3-pbr python3-utils python3-pyyaml python3-oslo-utils -y # \u6267\u884c\u547d\u4ee4\u751f\u6210\u5bc6\u7801 opensd-genpwd # \u68c0\u67e5\u5bc6\u7801\u662f\u5426\u751f\u6210 cat /usr/local/share/opensd/etc_examples/opensd/passwords.yml","title":"7.1 \u751f\u6210\u968f\u673a\u5bc6\u7801"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#72-inventory","text":"\u4e3b\u673a\u4fe1\u606f\u5305\u542b\uff1a\u4e3b\u673a\u540d\u3001ansible_host IP\u3001availability_zone\uff0c\u4e09\u8005\u5747\u9700\u914d\u7f6e\u7f3a\u4e00\u4e0d\u53ef\uff0c\u793a\u4f8b\uff1a vim /usr/local/share/opensd/ansible/inventory/multinode # \u4e09\u53f0\u63a7\u5236\u8282\u70b9\u4e3b\u673a\u4fe1\u606f [control] controller1 ansible_host=10.0.0.35 availability_zone=az01.cell01.cn-yogadev-1 controller2 ansible_host=10.0.0.36 availability_zone=az01.cell01.cn-yogadev-1 controller3 ansible_host=10.0.0.37 availability_zone=az01.cell01.cn-yogadev-1 # \u7f51\u7edc\u8282\u70b9\u4fe1\u606f\uff0c\u4e0e\u63a7\u5236\u8282\u70b9\u4fdd\u6301\u4e00\u81f4 [network] controller1 ansible_host=10.0.0.35 availability_zone=az01.cell01.cn-yogadev-1 controller2 ansible_host=10.0.0.36 availability_zone=az01.cell01.cn-yogadev-1 controller3 ansible_host=10.0.0.37 availability_zone=az01.cell01.cn-yogadev-1 # cinder-volume\u670d\u52a1\u8282\u70b9\u4fe1\u606f [storage] storage1 ansible_host=10.0.0.61 availability_zone=az01.cell01.cn-yogadev-1 storage2 ansible_host=10.0.0.78 availability_zone=az01.cell01.cn-yogadev-1 storage3 ansible_host=10.0.0.82 availability_zone=az01.cell01.cn-yogadev-1 # Cell1 \u96c6\u7fa4\u4fe1\u606f [cell-control-cell1] cell1 ansible_host=10.0.0.24 availability_zone=az01.cell01.cn-yogadev-1 cell2 ansible_host=10.0.0.25 availability_zone=az01.cell01.cn-yogadev-1 cell3 ansible_host=10.0.0.26 availability_zone=az01.cell01.cn-yogadev-1 [compute-cell1] compute1 ansible_host=10.0.0.27 availability_zone=az01.cell01.cn-yogadev-1 compute2 ansible_host=10.0.0.28 availability_zone=az01.cell01.cn-yogadev-1 compute3 ansible_host=10.0.0.29 availability_zone=az01.cell01.cn-yogadev-1 [cell1:children] cell-control-cell1 compute-cell1 # Cell2\u96c6\u7fa4\u4fe1\u606f [cell-control-cell2] cell4 ansible_host=10.0.0.36 availability_zone=az03.cell02.cn-yogadev-1 cell5 ansible_host=10.0.0.37 availability_zone=az03.cell02.cn-yogadev-1 cell6 ansible_host=10.0.0.38 availability_zone=az03.cell02.cn-yogadev-1 [compute-cell2] compute4 ansible_host=10.0.0.39 availability_zone=az03.cell02.cn-yogadev-1 compute5 ansible_host=10.0.0.40 availability_zone=az03.cell02.cn-yogadev-1 compute6 ansible_host=10.0.0.41 availability_zone=az03.cell02.cn-yogadev-1 [cell2:children] cell-control-cell2 compute-cell2 [baremetal] [compute-cell1-ironic] # \u586b\u5199\u6240\u6709cell\u96c6\u7fa4\u7684control\u4e3b\u673a\u7ec4 [nova-conductor:children] cell-control-cell1 cell-control-cell2 # \u586b\u5199\u6240\u6709cell\u96c6\u7fa4\u7684compute\u4e3b\u673a\u7ec4 [nova-compute:children] compute-added compute-cell1 compute-cell2 # \u4e0b\u9762\u7684\u4e3b\u673a\u7ec4\u4fe1\u606f\u4e0d\u9700\u53d8\u52a8\uff0c\u4fdd\u7559\u5373\u53ef [compute-added] [chrony-server:children] control [pacemaker:children] control ...... ......","title":"7.2 \u914d\u7f6einventory\u6587\u4ef6"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#73","text":"\u6ce8: \u6587\u6863\u4e2d\u63d0\u5230\u7684\u6709\u6ce8\u91ca\u914d\u7f6e\u9879\u9700\u8981\u66f4\u6539\uff0c\u5176\u4ed6\u53c2\u6570\u4e0d\u9700\u8981\u66f4\u6539\uff0c\u82e5\u65e0\u76f8\u5173\u914d\u7f6e\u5219\u4e3a\u7a7a vim /usr/local/share/opensd/etc_examples/opensd/globals.yml ######################## # Network & Base options ######################## network_interface: \"eth0\" #\u7ba1\u7406\u7f51\u7edc\u7684\u7f51\u5361\u540d\u79f0 neutron_external_interface: \"eth1\" #\u4e1a\u52a1\u7f51\u7edc\u7684\u7f51\u5361\u540d\u79f0 cidr_netmask: 24 #\u7ba1\u7406\u7f51\u7684\u63a9\u7801 opensd_vip_address: 10.0.0.33 #\u63a7\u5236\u8282\u70b9\u865a\u62dfIP\u5730\u5740 cell1_vip_address: 10.0.0.34 #cell1\u96c6\u7fa4\u7684\u865a\u62dfIP\u5730\u5740 cell2_vip_address: 10.0.0.35 #cell2\u96c6\u7fa4\u7684\u865a\u62dfIP\u5730\u5740 external_fqdn: \"\" #\u7528\u4e8evnc\u8bbf\u95ee\u865a\u62df\u673a\u7684\u5916\u7f51\u57df\u540d\u5730\u5740 external_ntp_servers: [] #\u5916\u90e8ntp\u670d\u52a1\u5668\u5730\u5740 yumrepo_host: #yum\u6e90\u7684IP\u5730\u5740 yumrepo_port: #yum\u6e90\u7aef\u53e3\u53f7 environment: #yum\u6e90\u7684\u7c7b\u578b upgrade_all_packages: \"yes\" #\u662f\u5426\u5347\u7ea7\u6240\u6709\u5b89\u88c5\u7248\u7684\u7248\u672c(\u6267\u884cyum upgrade)\uff0c\u521d\u59cb\u90e8\u7f72\u8d44\u6e90\u8bf7\u8bbe\u7f6e\u4e3a\"yes\" enable_miner: \"no\" #\u662f\u5426\u5f00\u542f\u90e8\u7f72miner\u670d\u52a1 enable_chrony: \"no\" #\u662f\u5426\u5f00\u542f\u90e8\u7f72chrony\u670d\u52a1 enable_pri_mariadb: \"no\" #\u662f\u5426\u4e3a\u79c1\u6709\u4e91\u90e8\u7f72mariadb enable_hosts_file_modify: \"no\" # \u6269\u5bb9\u8ba1\u7b97\u8282\u70b9\u548c\u90e8\u7f72ironic\u670d\u52a1\u7684\u65f6\u5019\uff0c\u662f\u5426\u5c06\u8282\u70b9\u4fe1\u606f\u6dfb\u52a0\u5230`/etc/hosts` ######################## # Available zone options ######################## az_cephmon_compose: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az01\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az01\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az02\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az02\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az03\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az03\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: # `reserve_vcpu_based_on_numa`\u914d\u7f6e\u4e3a`yes` or `no`,\u4e3e\u4f8b\u8bf4\u660e\uff1a NUMA node0 CPU(s): 0-15,32-47 NUMA node1 CPU(s): 16-31,48-63 \u5f53reserve_vcpu_based_on_numa: \"yes\", \u6839\u636enuma node, \u5e73\u5747\u6bcf\u4e2anode\u9884\u7559vcpu: vcpu_pin_set = 2-15,34-47,18-31,50-63 \u5f53reserve_vcpu_based_on_numa: \"no\", \u4ece\u7b2c\u4e00\u4e2avcpu\u5f00\u59cb\uff0c\u987a\u5e8f\u9884\u7559vcpu: vcpu_pin_set = 8-64 ####################### # Nova options ####################### nova_reserved_host_memory_mb: 2048 #\u8ba1\u7b97\u8282\u70b9\u7ed9\u8ba1\u7b97\u670d\u52a1\u9884\u7559\u7684\u5185\u5b58\u5927\u5c0f enable_cells: \"yes\" #cell\u8282\u70b9\u662f\u5426\u5355\u72ec\u8282\u70b9\u90e8\u7f72 support_gpu: \"False\" #cell\u8282\u70b9\u662f\u5426\u6709GPU\u670d\u52a1\u5668\uff0c\u5982\u679c\u6709\u5219\u4e3aTrue\uff0c\u5426\u5219\u4e3aFalse ####################### # Neutron options ####################### monitor_ip: - 10.0.0.9 #\u914d\u7f6e\u76d1\u63a7\u8282\u70b9 - 10.0.0.10 enable_meter_full_eip: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8EIP\u5168\u91cf\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter_port_forwarding: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8port forwarding\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter_ecs_ipv6: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8ecs_ipv6\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter: True #\u914d\u7f6e\u662f\u5426\u5f00\u542f\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue is_sdn_arch: False #\u914d\u7f6e\u662f\u5426\u662fsdn\u67b6\u6784\uff0c\u9ed8\u8ba4\u4e3aFalse # \u9ed8\u8ba4\u4f7f\u80fd\u7684\u7f51\u7edc\u7c7b\u578b\u662fvlan,vlan\u548cvxlan\u4e24\u79cd\u7c7b\u578b\u53ea\u80fd\u4e8c\u9009\u4e00. enable_vxlan_network_type: False # \u9ed8\u8ba4\u4f7f\u80fd\u7684\u7f51\u7edc\u7c7b\u578b\u662fvlan,\u5982\u679c\u4f7f\u7528vxlan\u7f51\u7edc\uff0c\u914d\u7f6e\u4e3aTrue, \u5982\u679c\u4f7f\u7528vlan\u7f51\u7edc\uff0c\u914d\u7f6e\u4e3aFalse. enable_neutron_fwaas: False # \u73af\u5883\u6709\u4f7f\u7528\u9632\u706b\u5899, \u8bbe\u7f6e\u4e3aTrue, \u4f7f\u80fd\u9632\u62a4\u5899\u529f\u80fd. # Neutron provider neutron_provider_networks: network_types: \"{{ 'vxlan' if enable_vxlan_network_type else 'vlan' }}\" network_vlan_ranges: \"default:xxx:xxx\" #\u90e8\u7f72\u4e4b\u524d\u89c4\u5212\u7684\u4e1a\u52a1\u7f51\u7edcvlan\u8303\u56f4 network_mappings: \"default:br-provider\" network_interface: \"{{ neutron_external_interface }}\" network_vxlan_ranges: \"\" #\u90e8\u7f72\u4e4b\u524d\u89c4\u5212\u7684\u4e1a\u52a1\u7f51\u7edcvxlan\u8303\u56f4 # \u5982\u4e0b\u8fd9\u4e9b\u914d\u7f6e\u662fSND\u63a7\u5236\u5668\u7684\u914d\u7f6e\u53c2\u6570, `enable_sdn_controller`\u8bbe\u7f6e\u4e3aTrue, \u4f7f\u80fdSND\u63a7\u5236\u5668\u529f\u80fd. # \u5176\u4ed6\u53c2\u6570\u8bf7\u6839\u636e\u90e8\u7f72\u4e4b\u524d\u7684\u89c4\u5212\u548cSDN\u90e8\u7f72\u4fe1\u606f\u786e\u5b9a. enable_sdn_controller: False sdn_controller_ip_address: # SDN\u63a7\u5236\u5668ip\u5730\u5740 sdn_controller_username: # SDN\u63a7\u5236\u5668\u7684\u7528\u6237\u540d sdn_controller_password: # SDN\u63a7\u5236\u5668\u7684\u7528\u6237\u5bc6\u7801 ####################### # Dimsagent options ####################### enable_dimsagent: \"no\" # \u5b89\u88c5\u955c\u50cf\u670d\u52a1agent, \u9700\u8981\u6539\u4e3ayes # Address and domain name for s2 s3_address_domain_pair: - host_ip: host_name: ####################### # Trove options ####################### enable_trove: \"no\" #\u5b89\u88c5trove \u9700\u8981\u6539\u4e3ayes #default network trove_default_neutron_networks: #trove \u7684\u7ba1\u7406\u7f51\u7edcid `openstack network list|grep -w trove-mgmt|awk '{print$2}'` #s3 setup(\u5982\u679c\u6ca1\u6709s3,\u4ee5\u4e0b\u503c\u586bnull) s3_endpoint_host_ip: #s3\u7684ip s3_endpoint_host_name: #s3\u7684\u57df\u540d s3_endpoint_url: #s3\u7684url \u00b7\u4e00\u822c\u4e3ahttp\uff1a//s3\u57df\u540d s3_access_key: #s3\u7684ak s3_secret_key: #s3\u7684sk ####################### # Ironic options ####################### enable_ironic: \"no\" #\u662f\u5426\u5f00\u673a\u88f8\u91d1\u5c5e\u90e8\u7f72\uff0c\u9ed8\u8ba4\u4e0d\u5f00\u542f ironic_neutron_provisioning_network_uuid: ironic_neutron_cleaning_network_uuid: \"{{ ironic_neutron_provisioning_network_uuid }}\" ironic_dnsmasq_interface: ironic_dnsmasq_dhcp_range: ironic_tftp_server_address: \"{{ hostvars[inventory_hostname]['ansible_' + ironic_dnsmasq_interface]['ipv4']['address'] }}\" # \u4ea4\u6362\u673a\u8bbe\u5907\u76f8\u5173\u4fe1\u606f neutron_ml2_conf_genericswitch: genericswitch:xxxxxxx: device_type: ngs_mac_address: ip: username: password: ngs_port_default_vlan: # Package state setting haproxy_package_state: \"present\" mariadb_package_state: \"present\" rabbitmq_package_state: \"present\" memcached_package_state: \"present\" ceph_client_package_state: \"present\" keystone_package_state: \"present\" glance_package_state: \"present\" cinder_package_state: \"present\" nova_package_state: \"present\" neutron_package_state: \"present\" miner_package_state: \"present\"","title":"7.3 \u914d\u7f6e\u5168\u5c40\u53d8\u91cf"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#74-ssh","text":"dnf install ansible -y ansible all -i /usr/local/share/opensd/ansible/inventory/multinode -m ping # \u6267\u884c\u7ed3\u679c\u663e\u793a\u6bcf\u53f0\u4e3b\u673a\u90fd\u662f\"SUCCESS\"\u5373\u8bf4\u660e\u8fde\u63a5\u72b6\u6001\u6ca1\u95ee\u9898,\u793a\u4f8b\uff1a compute1 | SUCCESS => { \"ansible_facts\": { \"discovered_interpreter_python\": \"/usr/bin/python\" }, \"changed\": false, \"ping\": \"pong\" }","title":"7.4 \u68c0\u67e5\u6240\u6709\u8282\u70b9ssh\u8fde\u63a5\u72b6\u6001"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#8","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"8. \u6267\u884c\u90e8\u7f72"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#81-bootstrap","text":"# \u6267\u884c\u90e8\u7f72 opensd -i /usr/local/share/opensd/ansible/inventory/multinode bootstrap --forks 50","title":"8.1 \u6267\u884cbootstrap"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#82","text":"\u6ce8\uff1a\u6267\u884c\u91cd\u542f\u7684\u539f\u56e0\u662f:bootstrap\u53ef\u80fd\u4f1a\u5347\u5185\u6838,\u66f4\u6539selinux\u914d\u7f6e\u6216\u8005\u6709GPU\u670d\u52a1\u5668,\u5982\u679c\u88c5\u673a\u8fc7\u7a0b\u5df2\u7ecf\u662f\u65b0\u7248\u5185\u6838,selinux disable\u6216\u8005\u6ca1\u6709GPU\u670d\u52a1\u5668,\u5219\u4e0d\u9700\u8981\u6267\u884c\u8be5\u6b65\u9aa4 # \u624b\u52a8\u91cd\u542f\u5bf9\u5e94\u8282\u70b9,\u6267\u884c\u547d\u4ee4 init6 # \u91cd\u542f\u5b8c\u6210\u540e\uff0c\u518d\u6b21\u68c0\u67e5\u8fde\u901a\u6027 ansible all -i /usr/local/share/opensd/ansible/inventory/multinode -m ping # \u91cd\u542f\u5b8c\u540e\u64cd\u4f5c\u7cfb\u7edf\u540e\uff0c\u518d\u6b21\u542f\u52a8yum\u6e90","title":"8.2 \u91cd\u542f\u670d\u52a1\u5668"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#83","text":"opensd -i /usr/local/share/opensd/ansible/inventory/multinode prechecks --forks 50","title":"8.3 \u6267\u884c\u90e8\u7f72\u524d\u68c0\u67e5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-train/#84","text":"ln -s /usr/bin/python3 /usr/bin/python \u5168\u91cf\u90e8\u7f72\uff1a opensd -i /usr/local/share/opensd/ansible/inventory/multinode deploy --forks 50 \u5355\u670d\u52a1\u90e8\u7f72\uff1a opensd -i /usr/local/share/opensd/ansible/inventory/multinode deploy --forks 50 -t service_name","title":"8.4 \u6267\u884c\u90e8\u7f72"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/","text":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 OpenStack \u7b80\u4ecb \u00b6 OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 22.03-LTS-SP3\u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Wallaby \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002 \u7ea6\u5b9a \u00b6 OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a CinderSP1 Nova Neutron \u51c6\u5907\u73af\u5883 \u00b6 \u73af\u5883\u914d\u7f6e \u00b6 \u914d\u7f6e 22.03 LTS \u5b98\u65b9yum\u6e90\uff0c\u9700\u8981\u542f\u7528EPOL\u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301OpenStack yum update yum install openstack-release-wallaby yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute \u5b89\u88c5 SQL DataBase \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef \u5b89\u88c5 RabbitMQ \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5 Memcached \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u5b89\u88c5 OpenStack \u00b6 Keystone \u5b89\u88c5 \u00b6 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Placement\u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a source ~/.admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name Nova \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [libvirt] virt_type = qemu (CPT) cpu_mode = custom (CPT) cpu_model = cortex-a72 (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] vim /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } (CPT) \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL) Neutron \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service systemctl enable neutron-l3-agent.service systemctl restart openstack-nova-api.service neutron-server.service (CTL) neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list Cinder \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list horizon \u5b89\u88c5 \u00b6 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740 Tempest \u5b89\u88c5 \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Wallaby\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin Ironic \u5b89\u88c5 \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://172.20.19.13:5050/v1 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop transport_url = rabbit://openstack:RABBITPASSWD@controller:5672/ enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:123456@172.20.19.25:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 3\u3001\u914d\u7f6e\u6d88\u606f\u5ea6\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 4\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://control:5000 www_authenticate_uri = http://control:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = control:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True 5\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 6\u3001\u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c 7\u3001\u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\uff1a ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade 8\u3001\u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service 6.\u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7.deploy ramdisk\u955c\u50cf\u5236\u4f5c W\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528W\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\uff0c\u5982\u4e0b\uff1a \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a ![ironic-err](../../img/install/ironic-err.png) \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a w\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 1. \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a ``` [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ``` 2) ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 ``` [DEFAULT] enable_auto_tls = False ``` \u8bbe\u7f6e\u6743\u9650\uff1a ``` chown -R ipa.ipa /etc/ironic_python_agent/ ``` 3. \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service ``` [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target ``` Kolla \u5b89\u88c5 \u00b6 Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 22.03 LTS\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002 Trove \u5b89\u88c5 \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 1.\u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; 2.\u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s 3.\u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 yum install openstack-trove python-troveclient 2. \u914d\u7f6e trove.conf vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] project_domain_name = Default project_name = service user_domain_name = Default password = trove username = trove auth_url = http://controller:5000/v3/ auth_type = password [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = trove project_domain_name = Default user_domain_name = Default username = trove [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 3.\u914d\u7f6e trove-guestagent.conf vim /etc/trove/trove-guestagent.conf [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 4.\u751f\u6210\u6570\u636e Trove \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"trove-manage db_sync\" trove 4.\u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Swift \u5b89\u88c5 \u00b6 Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** 4.\u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: ```shell yum install xfsprogs rsync ``` \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS ```shell mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc ``` \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: ```shell mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc ``` \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: ```shell blkid ``` \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: ```shell UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 ``` \u6302\u8f7d\u8bbe\u5907\uff1a ```shell mount /srv/node/vdb mount /srv/node/vdc ``` ***\u6ce8\u610f*** **\u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e** \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: ```shell [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock ``` **\u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740** \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: ```shell systemctl enable rsyncd.service systemctl start rsyncd.service ``` 5.\u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: ```shell yum install openstack-swift-account openstack-swift-container openstack-swift-object ``` \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: ```shell chown -R swift:swift /srv/node ``` \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a ```shell mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift ``` 6.\u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 ```shell cd /etc/swift ``` \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: ```shell swift-ring-builder account.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a ```shell swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f *** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder account.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder account.builder rebalance ``` 7.\u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230`/etc/swift`\u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840`container.builder`\u6587\u4ef6\uff1a ```shell swift-ring-builder container.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a ```shell swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f*** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder container.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder container.builder rebalance ``` 8.\u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230`/etc/swift`\u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840`object.builder`\u6587\u4ef6\uff1a ```shell swift-ring-builder object.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d ```shell swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f *** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder object.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder object.builder rebalance ``` \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06`account.ring.gz`\uff0c`container.ring.gz`\u4ee5\u53ca `object.ring.gz`\u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684`/etc/swift`\u76ee\u5f55\u3002 9.\u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service Cyborg \u5b89\u88c5 \u00b6 Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 1.\u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 3.\u5b89\u88c5Cyborg yum install openstack-cyborg 4.\u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f 5.\u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade 6.\u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent Aodh \u5b89\u88c5 \u00b6 1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 3.\u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u6ce8\u610f aodh\u4f9d\u8d56\u7684\u8f6f\u4ef6\u5305pytho3-pyparsing\u5728openEuler\u7684OS\u4ed3\u4e0d\u9002\u914d\uff0c\u9700\u8981\u8986\u76d6\u5b89\u88c5OpenStack\u5bf9\u5e94\u7248\u672c\uff0c\u53ef\u4ee5\u4f7f\u7528 yum list |grep pyparsing |grep OpenStack | awk '{print $2}' \u83b7\u53d6\u5bf9\u5e94\u7684\u7248\u672c VERSION,\u7136\u540e\u518d yum install -y python3-pyparsing-VERSION \u8986\u76d6\u5b89\u88c5\u9002\u914d\u7684pyparsing 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync 6.\u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service Gnocchi \u5b89\u88c5 \u00b6 1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 3.\u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade 6.\u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service Ceilometer \u5b89\u88c5 \u00b6 1.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering 2.\u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central 3.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade 6.\u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Heat \u5b89\u88c5 \u00b6 1.\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; 2.\u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin 3.\u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 4.\u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user 5.\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine 6.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 7.\u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat 8.\u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 \u00b6 oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 pip install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.03-LTS-SP3\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.03-lts-SP3 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r wallaby \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.03-lts-SP3 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"openEuler-22.03-LTS-SP3_Wallaby"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#openstack-wallaby","text":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72","title":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#openstack","text":"OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 22.03-LTS-SP3\u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Wallaby \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002","title":"OpenStack \u7b80\u4ecb"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#_1","text":"OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a CinderSP1 Nova Neutron","title":"\u7ea6\u5b9a"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#_2","text":"","title":"\u51c6\u5907\u73af\u5883"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#_3","text":"\u914d\u7f6e 22.03 LTS \u5b98\u65b9yum\u6e90\uff0c\u9700\u8981\u542f\u7528EPOL\u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301OpenStack yum update yum install openstack-release-wallaby yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.03-LTS-SP3/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute","title":"\u73af\u5883\u914d\u7f6e"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#sql-database","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef","title":"\u5b89\u88c5 SQL DataBase"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#rabbitmq","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5 RabbitMQ"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#memcached","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002","title":"\u5b89\u88c5 Memcached"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#openstack_1","text":"","title":"\u5b89\u88c5 OpenStack"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#keystone","text":"\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#glance","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#placement","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a source ~/.admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name","title":"Placement\u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#nova","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [libvirt] virt_type = qemu (CPT) cpu_mode = custom (CPT) cpu_model = cortex-a72 (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] vim /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } (CPT) \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL)","title":"Nova \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#neutron","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service systemctl enable neutron-l3-agent.service systemctl restart openstack-nova-api.service neutron-server.service (CTL) neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list","title":"Neutron \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#cinder","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list","title":"Cinder \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#horizon","text":"\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740","title":"horizon \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Wallaby\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin","title":"Tempest \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://172.20.19.13:5050/v1 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop transport_url = rabbit://openstack:RABBITPASSWD@controller:5672/ enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:123456@172.20.19.25:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 3\u3001\u914d\u7f6e\u6d88\u606f\u5ea6\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 4\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://control:5000 www_authenticate_uri = http://control:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = control:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True 5\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 6\u3001\u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c 7\u3001\u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\uff1a ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade 8\u3001\u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service 6.\u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7.deploy ramdisk\u955c\u50cf\u5236\u4f5c W\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528W\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\uff0c\u5982\u4e0b\uff1a \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a ![ironic-err](../../img/install/ironic-err.png) \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a w\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 1. \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a ``` [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ``` 2) ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 ``` [DEFAULT] enable_auto_tls = False ``` \u8bbe\u7f6e\u6743\u9650\uff1a ``` chown -R ipa.ipa /etc/ironic_python_agent/ ``` 3. \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service ``` [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target ```","title":"Ironic \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#kolla","text":"Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 22.03 LTS\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002","title":"Kolla \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 1.\u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; 2.\u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s 3.\u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 yum install openstack-trove python-troveclient 2. \u914d\u7f6e trove.conf vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] project_domain_name = Default project_name = service user_domain_name = Default password = trove username = trove auth_url = http://controller:5000/v3/ auth_type = password [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = trove project_domain_name = Default user_domain_name = Default username = trove [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 3.\u914d\u7f6e trove-guestagent.conf vim /etc/trove/trove-guestagent.conf [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 4.\u751f\u6210\u6570\u636e Trove \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"trove-manage db_sync\" trove 4.\u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#swift","text":"Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** 4.\u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: ```shell yum install xfsprogs rsync ``` \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS ```shell mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc ``` \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: ```shell mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc ``` \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: ```shell blkid ``` \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: ```shell UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 ``` \u6302\u8f7d\u8bbe\u5907\uff1a ```shell mount /srv/node/vdb mount /srv/node/vdc ``` ***\u6ce8\u610f*** **\u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e** \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: ```shell [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock ``` **\u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740** \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: ```shell systemctl enable rsyncd.service systemctl start rsyncd.service ``` 5.\u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: ```shell yum install openstack-swift-account openstack-swift-container openstack-swift-object ``` \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: ```shell chown -R swift:swift /srv/node ``` \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a ```shell mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift ``` 6.\u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 ```shell cd /etc/swift ``` \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: ```shell swift-ring-builder account.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a ```shell swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f *** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder account.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder account.builder rebalance ``` 7.\u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230`/etc/swift`\u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840`container.builder`\u6587\u4ef6\uff1a ```shell swift-ring-builder container.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a ```shell swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f*** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder container.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder container.builder rebalance ``` 8.\u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230`/etc/swift`\u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840`object.builder`\u6587\u4ef6\uff1a ```shell swift-ring-builder object.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d ```shell swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f *** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder object.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder object.builder rebalance ``` \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06`account.ring.gz`\uff0c`container.ring.gz`\u4ee5\u53ca `object.ring.gz`\u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684`/etc/swift`\u76ee\u5f55\u3002 9.\u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service","title":"Swift \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#cyborg","text":"Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 1.\u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 3.\u5b89\u88c5Cyborg yum install openstack-cyborg 4.\u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f 5.\u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade 6.\u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent","title":"Cyborg \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#aodh","text":"1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 3.\u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u6ce8\u610f aodh\u4f9d\u8d56\u7684\u8f6f\u4ef6\u5305pytho3-pyparsing\u5728openEuler\u7684OS\u4ed3\u4e0d\u9002\u914d\uff0c\u9700\u8981\u8986\u76d6\u5b89\u88c5OpenStack\u5bf9\u5e94\u7248\u672c\uff0c\u53ef\u4ee5\u4f7f\u7528 yum list |grep pyparsing |grep OpenStack | awk '{print $2}' \u83b7\u53d6\u5bf9\u5e94\u7684\u7248\u672c VERSION,\u7136\u540e\u518d yum install -y python3-pyparsing-VERSION \u8986\u76d6\u5b89\u88c5\u9002\u914d\u7684pyparsing 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync 6.\u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service","title":"Aodh \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#gnocchi","text":"1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 3.\u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade 6.\u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service","title":"Gnocchi \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#ceilometer","text":"1.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering 2.\u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central 3.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade 6.\u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service","title":"Ceilometer \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#heat","text":"1.\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; 2.\u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin 3.\u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 4.\u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user 5.\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine 6.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 7.\u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat 8.\u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service","title":"Heat \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP3/OpenStack-wallaby/#openstack-sigoos","text":"oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 pip install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.03-LTS-SP3\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.03-lts-SP3 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r wallaby \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.03-lts-SP3 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"\u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/","text":"OpenStack-Train \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack-Train \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 \u57fa\u4e8eOpenStack SIG\u90e8\u7f72\u5de5\u5177opensd\u90e8\u7f72 \u90e8\u7f72\u6b65\u9aa4 1. \u90e8\u7f72\u524d\u9700\u8981\u786e\u8ba4\u7684\u4fe1\u606f 2. ceph pool\u4e0e\u8ba4\u8bc1\u521b\u5efa\uff08\u53ef\u9009\uff09 2.1 \u521b\u5efapool: 2.2 \u521d\u59cb\u5316pool 2.3 \u521b\u5efa\u7528\u6237\u8ba4\u8bc1 3. \u914d\u7f6elvm\uff08\u53ef\u9009\uff09 4. \u914d\u7f6eyum repo 4.1 \u5907\u4efdyum\u6e90 4.2 \u914d\u7f6eyum repo 4.3 \u66f4\u65b0yum\u7f13\u5b58 5. \u5b89\u88c5opensd 5.1 \u514b\u9686opensd\u6e90\u7801\u5e76\u5b89\u88c5 6. \u505assh\u4e92\u4fe1 6.1 \u751f\u6210\u5bc6\u94a5\u5bf9 6.2 \u751f\u6210\u4e3b\u673aIP\u5730\u5740\u6587\u4ef6 6.3 \u66f4\u6539\u5bc6\u7801\u5e76\u6267\u884c\u811a\u672c 6.4 \u90e8\u7f72\u8282\u70b9\u4e0eceph monitor\u505a\u4e92\u4fe1\uff08\u53ef\u9009\uff09 7. \u914d\u7f6eopensd 7.1 \u751f\u6210\u968f\u673a\u5bc6\u7801 7.2 \u914d\u7f6einventory\u6587\u4ef6 7.3 \u914d\u7f6e\u5168\u5c40\u53d8\u91cf 7.4 \u68c0\u67e5\u6240\u6709\u8282\u70b9ssh\u8fde\u63a5\u72b6\u6001 8. \u6267\u884c\u90e8\u7f72 8.1 \u6267\u884cbootstrap 8.2 \u91cd\u542f\u670d\u52a1\u5668 8.3 \u6267\u884c\u90e8\u7f72\u524d\u68c0\u67e5 8.4 \u6267\u884c\u90e8\u7f72 OpenStack \u7b80\u4ecb \u00b6 OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 22.03-LTS-SP4\u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Train \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002 \u7ea6\u5b9a \u00b6 OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron \u51c6\u5907\u73af\u5883 \u00b6 \u73af\u5883\u914d\u7f6e \u00b6 \u542f\u52a8OpenStack Train yum\u6e90 yum update yum install openstack-release-train yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.04-LTS-SP4/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.04-LTS-SP4/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute \u5b89\u88c5 SQL DataBase \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef \u5b89\u88c5 RabbitMQ \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5 Memcached \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u5b89\u88c5 OpenStack \u00b6 Keystone \u5b89\u88c5 \u00b6 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient==4.0.2 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Placement\u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a . admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name Nova \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u5219 virt_type \u53ef\u4ee5\u914d\u7f6e\u4e3a kvm \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF chown nova:nova /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u5e76\u4e14\u5f53ARM\u67b6\u6784\u4e0b\u7684\u90e8\u7f72\u73af\u5883\u4e3a\u5d4c\u5957\u865a\u62df\u5316\u65f6\uff0c libvirt \u914d\u7f6e\u5982\u4e0b\uff1a [libvirt] virt_type = qemu cpu_mode = custom cpu_model = cortex-a72 \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CTL) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL) Neutron \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl restart neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list Cinder \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list horizon \u5b89\u88c5 \u00b6 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740 Tempest \u5b89\u88c5 \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Train\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin Ironic \u5b89\u88c5 \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; 2. \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u542f\u52a8\u670d\u52a1 systemctl enable openstack-ironic-api openstack-ironic-conductor systemctl start openstack-ironic-api openstack-ironic-conductor \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y 2. \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7.deploy ramdisk\u955c\u50cf\u5236\u4f5c T\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528T\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728T\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a T\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target \u5728Train\u4e2d\uff0c\u6211\u4eec\u8fd8\u63d0\u4f9b\u4e86ironic-inspector\u7b49\u670d\u52a1\uff0c\u7528\u6237\u53ef\u6839\u636e\u81ea\u8eab\u9700\u6c42\u5b89\u88c5\u3002 Kolla \u5b89\u88c5 \u00b6 Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u8fdb\u884c\u76f8\u5173\u7684\u955c\u50cf\u5236\u4f5c\u548c\u5bb9\u5668\u73af\u5883\u90e8\u7f72\u4e86\u3002 Trove \u5b89\u88c5 \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 1.\u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; 2.\u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --domain default --password-prompt trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s 3.\u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1.\u5b89\u88c5 Trove \u5305 yum install openstack-trove python3-troveclient 2.\u914d\u7f6e trove.conf vim /etc/trove/trove.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller:5000/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 swift_url = http://controller:8080/v1/AUTH_ rpc_backend = rabbit transport_url = rabbit://openstack:RABBIT_PASS@controller:5672 auth_strategy = keystone add_addresses = True api_paste_config = /etc/trove/api-paste.ini nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASSWORD nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver = trove.network.neutron.NeutronDriver network_label_regex = .* [database] connection = mysql+pymysql://trove:TROVE_DBPASSWORD@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ auth_type = password project_domain_name = default user_domain_name = default project_name = service username = trove password = TROVE_PASSWORD \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 3.\u914d\u7f6e trove-guestagent.conf vim /etc/trove/trove-guestagent.conf rabbit_host = controller rabbit_password = RABBIT_PASS trove_auth_url = http://controller:5000/ \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 4.\u751f\u6210\u6570\u636e Trove \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"trove-manage db_sync\" trove 4.\u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Swift \u5b89\u88c5 \u00b6 Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service Cyborg \u5b89\u88c5 \u00b6 Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 1.\u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 3.\u5b89\u88c5Cyborg yum install openstack-cyborg 4.\u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f 5.\u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade 6.\u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent Aodh \u5b89\u88c5 \u00b6 1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 3.\u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync 6.\u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service Gnocchi \u5b89\u88c5 \u00b6 1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 3.\u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade 6.\u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service Ceilometer \u5b89\u88c5 \u00b6 1.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering 2.\u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central 3.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade 6.\u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Heat \u5b89\u88c5 \u00b6 1.\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; 2.\u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin 3.\u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 4.\u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user 5.\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine 6.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 7.\u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat 8.\u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 \u00b6 oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 pip install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.03-LTS-SP4\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.03-lts-sp4 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r train \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.03-lts-sp4 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002 \u57fa\u4e8eOpenStack SIG\u90e8\u7f72\u5de5\u5177opensd\u90e8\u7f72 \u00b6 opensd\u7528\u4e8e\u6279\u91cf\u5730\u811a\u672c\u5316\u90e8\u7f72openstack\u5404\u7ec4\u4ef6\u670d\u52a1\u3002 \u90e8\u7f72\u6b65\u9aa4 \u00b6 1. \u90e8\u7f72\u524d\u9700\u8981\u786e\u8ba4\u7684\u4fe1\u606f \u00b6 \u88c5\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u9700\u5c06selinux\u8bbe\u7f6e\u4e3adisable \u88c5\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u5c06/etc/ssh/sshd_config\u914d\u7f6e\u6587\u4ef6\u5185\u7684UseDNS\u8bbe\u7f6e\u4e3ano \u64cd\u4f5c\u7cfb\u7edf\u8bed\u8a00\u5fc5\u987b\u8bbe\u7f6e\u4e3a\u82f1\u6587 \u90e8\u7f72\u4e4b\u524d\u8bf7\u786e\u4fdd\u6240\u6709\u8ba1\u7b97\u8282\u70b9/etc/hosts\u6587\u4ef6\u5185\u6ca1\u6709\u5bf9\u8ba1\u7b97\u4e3b\u673a\u7684\u89e3\u6790 2. ceph pool\u4e0e\u8ba4\u8bc1\u521b\u5efa\uff08\u53ef\u9009\uff09 \u00b6 \u4e0d\u4f7f\u7528ceph\u6216\u5df2\u6709ceph\u96c6\u7fa4\u53ef\u5ffd\u7565\u6b64\u6b65\u9aa4 \u5728\u4efb\u610f\u4e00\u53f0ceph monitor\u8282\u70b9\u6267\u884c: 2.1 \u521b\u5efapool: \u00b6 ceph osd pool create volumes 2048 ceph osd pool create images 2048 2.2 \u521d\u59cb\u5316pool \u00b6 rbd pool init volumes rbd pool init images 2.3 \u521b\u5efa\u7528\u6237\u8ba4\u8bc1 \u00b6 ceph auth get-or-create client.glance mon 'profile rbd' osd 'profile rbd pool=images' mgr 'profile rbd pool=images' ceph auth get-or-create client.cinder mon 'profile rbd' osd 'profile rbd pool=volumes, profile rbd pool=images' mgr 'profile rbd pool=volumes' 3. \u914d\u7f6elvm\uff08\u53ef\u9009\uff09 \u00b6 \u6839\u636e\u7269\u7406\u673a\u78c1\u76d8\u914d\u7f6e\u4e0e\u95f2\u7f6e\u60c5\u51b5\uff0c\u4e3amysql\u6570\u636e\u76ee\u5f55\u6302\u8f7d\u989d\u5916\u7684\u78c1\u76d8\u7a7a\u95f4\u3002\u793a\u4f8b\u5982\u4e0b\uff08\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u505a\u914d\u7f6e\uff09\uff1a fdisk -l Disk /dev/sdd: 479.6 GB, 479559942144 bytes, 936640512 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes Disk label type: dos Disk identifier: 0x000ed242 \u521b\u5efa\u5206\u533a parted /dev/sdd mkparted 0 -1 \u521b\u5efapv partprobe /dev/sdd1 pvcreate /dev/sdd1 \u521b\u5efa\u3001\u6fc0\u6d3bvg vgcreate vg_mariadb /dev/sdd1 vgchange -ay vg_mariadb \u67e5\u770bvg\u5bb9\u91cf vgdisplay --- Volume group --- VG Name vg_mariadb System ID Format lvm2 Metadata Areas 1 Metadata Sequence No 2 VG Access read/write VG Status resizable MAX LV 0 Cur LV 1 Open LV 1 Max PV 0 Cur PV 1 Act PV 1 VG Size 446.62 GiB PE Size 4.00 MiB Total PE 114335 Alloc PE / Size 114176 / 446.00 GiB Free PE / Size 159 / 636.00 MiB VG UUID bVUmDc-VkMu-Vi43-mg27-TEkG-oQfK-TvqdEc \u521b\u5efalv lvcreate -L 446G -n lv_mariadb vg_mariadb \u683c\u5f0f\u5316\u78c1\u76d8\u5e76\u83b7\u53d6\u5377\u7684UUID mkfs.ext4 /dev/mapper/vg_mariadb-lv_mariadb blkid /dev/mapper/vg_mariadb-lv_mariadb /dev/mapper/vg_mariadb-lv_mariadb: UUID=\"98d513eb-5f64-4aa5-810e-dc7143884fa2\" TYPE=\"ext4\" \u6ce8\uff1a98d513eb-5f64-4aa5-810e-dc7143884fa2\u4e3a\u5377\u7684UUID \u6302\u8f7d\u78c1\u76d8 mount /dev/mapper/vg_mariadb-lv_mariadb /var/lib/mysql rm -rf /var/lib/mysql/* 4. \u914d\u7f6eyum repo \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 4.1 \u5907\u4efdyum\u6e90 \u00b6 mkdir /etc/yum.repos.d/bak/ mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak/ 4.2 \u914d\u7f6eyum repo \u00b6 cat > /etc/yum.repos.d/opensd.repo << EOF [train] name=train baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP4:/Epol:/Multi-Version:/OpenStack:/Train/standard_$basearch/ enabled=1 gpgcheck=0 [epol] name=epol baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP4:/Epol/standard_$basearch/ enabled=1 gpgcheck=0 [everything] name=everything baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP4s/standard_$basearch/ enabled=1 gpgcheck=0 EOF 4.3 \u66f4\u65b0yum\u7f13\u5b58 \u00b6 yum clean all yum makecache 5. \u5b89\u88c5opensd \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 5.1 \u514b\u9686opensd\u6e90\u7801\u5e76\u5b89\u88c5 \u00b6 git clone https://gitee.com/openeuler/opensd cd opensd python3 setup.py install 6. \u505assh\u4e92\u4fe1 \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 6.1 \u751f\u6210\u5bc6\u94a5\u5bf9 \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\u5e76\u4e00\u8def\u56de\u8f66 ssh-keygen 6.2 \u751f\u6210\u4e3b\u673aIP\u5730\u5740\u6587\u4ef6 \u00b6 \u5728auto_ssh_host_ip\u4e2d\u914d\u7f6e\u6240\u6709\u7528\u5230\u7684\u4e3b\u673aip, \u793a\u4f8b\uff1a cd /usr/local/share/opensd/tools/ vim auto_ssh_host_ip 10.0.0.1 10.0.0.2 ... 10.0.0.10 6.3 \u66f4\u6539\u5bc6\u7801\u5e76\u6267\u884c\u811a\u672c \u00b6 \u5c06\u514d\u5bc6\u811a\u672c /usr/local/bin/opensd-auto-ssh \u5185123123\u66ff\u6362\u4e3a\u4e3b\u673a\u771f\u5b9e\u5bc6\u7801 # \u66ff\u6362\u811a\u672c\u5185123123\u5b57\u7b26\u4e32 vim /usr/local/bin/opensd-auto-ssh ## \u5b89\u88c5expect\u540e\u6267\u884c\u811a\u672c dnf install expect -y opensd-auto-ssh 6.4 \u90e8\u7f72\u8282\u70b9\u4e0eceph monitor\u505a\u4e92\u4fe1\uff08\u53ef\u9009\uff09 \u00b6 ssh-copy-id root@x.x.x.x 7. \u914d\u7f6eopensd \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 7.1 \u751f\u6210\u968f\u673a\u5bc6\u7801 \u00b6 \u5b89\u88c5 python3-pbr, python3-utils, python3-pyyaml, python3-oslo-utils\u5e76\u968f\u673a\u751f\u6210\u5bc6\u7801 dnf install python3-pbr python3-utils python3-pyyaml python3-oslo-utils -y # \u6267\u884c\u547d\u4ee4\u751f\u6210\u5bc6\u7801 opensd-genpwd # \u68c0\u67e5\u5bc6\u7801\u662f\u5426\u751f\u6210 cat /usr/local/share/opensd/etc_examples/opensd/passwords.yml 7.2 \u914d\u7f6einventory\u6587\u4ef6 \u00b6 \u4e3b\u673a\u4fe1\u606f\u5305\u542b\uff1a\u4e3b\u673a\u540d\u3001ansible_host IP\u3001availability_zone\uff0c\u4e09\u8005\u5747\u9700\u914d\u7f6e\u7f3a\u4e00\u4e0d\u53ef\uff0c\u793a\u4f8b\uff1a vim /usr/local/share/opensd/ansible/inventory/multinode # \u4e09\u53f0\u63a7\u5236\u8282\u70b9\u4e3b\u673a\u4fe1\u606f [control] controller1 ansible_host=10.0.0.35 availability_zone=az01.cell01.cn-yogadev-1 controller2 ansible_host=10.0.0.36 availability_zone=az01.cell01.cn-yogadev-1 controller3 ansible_host=10.0.0.37 availability_zone=az01.cell01.cn-yogadev-1 # \u7f51\u7edc\u8282\u70b9\u4fe1\u606f\uff0c\u4e0e\u63a7\u5236\u8282\u70b9\u4fdd\u6301\u4e00\u81f4 [network] controller1 ansible_host=10.0.0.35 availability_zone=az01.cell01.cn-yogadev-1 controller2 ansible_host=10.0.0.36 availability_zone=az01.cell01.cn-yogadev-1 controller3 ansible_host=10.0.0.37 availability_zone=az01.cell01.cn-yogadev-1 # cinder-volume\u670d\u52a1\u8282\u70b9\u4fe1\u606f [storage] storage1 ansible_host=10.0.0.61 availability_zone=az01.cell01.cn-yogadev-1 storage2 ansible_host=10.0.0.78 availability_zone=az01.cell01.cn-yogadev-1 storage3 ansible_host=10.0.0.82 availability_zone=az01.cell01.cn-yogadev-1 # Cell1 \u96c6\u7fa4\u4fe1\u606f [cell-control-cell1] cell1 ansible_host=10.0.0.24 availability_zone=az01.cell01.cn-yogadev-1 cell2 ansible_host=10.0.0.25 availability_zone=az01.cell01.cn-yogadev-1 cell3 ansible_host=10.0.0.26 availability_zone=az01.cell01.cn-yogadev-1 [compute-cell1] compute1 ansible_host=10.0.0.27 availability_zone=az01.cell01.cn-yogadev-1 compute2 ansible_host=10.0.0.28 availability_zone=az01.cell01.cn-yogadev-1 compute3 ansible_host=10.0.0.29 availability_zone=az01.cell01.cn-yogadev-1 [cell1:children] cell-control-cell1 compute-cell1 # Cell2\u96c6\u7fa4\u4fe1\u606f [cell-control-cell2] cell4 ansible_host=10.0.0.36 availability_zone=az03.cell02.cn-yogadev-1 cell5 ansible_host=10.0.0.37 availability_zone=az03.cell02.cn-yogadev-1 cell6 ansible_host=10.0.0.38 availability_zone=az03.cell02.cn-yogadev-1 [compute-cell2] compute4 ansible_host=10.0.0.39 availability_zone=az03.cell02.cn-yogadev-1 compute5 ansible_host=10.0.0.40 availability_zone=az03.cell02.cn-yogadev-1 compute6 ansible_host=10.0.0.41 availability_zone=az03.cell02.cn-yogadev-1 [cell2:children] cell-control-cell2 compute-cell2 [baremetal] [compute-cell1-ironic] # \u586b\u5199\u6240\u6709cell\u96c6\u7fa4\u7684control\u4e3b\u673a\u7ec4 [nova-conductor:children] cell-control-cell1 cell-control-cell2 # \u586b\u5199\u6240\u6709cell\u96c6\u7fa4\u7684compute\u4e3b\u673a\u7ec4 [nova-compute:children] compute-added compute-cell1 compute-cell2 # \u4e0b\u9762\u7684\u4e3b\u673a\u7ec4\u4fe1\u606f\u4e0d\u9700\u53d8\u52a8\uff0c\u4fdd\u7559\u5373\u53ef [compute-added] [chrony-server:children] control [pacemaker:children] control ...... ...... 7.3 \u914d\u7f6e\u5168\u5c40\u53d8\u91cf \u00b6 \u6ce8: \u6587\u6863\u4e2d\u63d0\u5230\u7684\u6709\u6ce8\u91ca\u914d\u7f6e\u9879\u9700\u8981\u66f4\u6539\uff0c\u5176\u4ed6\u53c2\u6570\u4e0d\u9700\u8981\u66f4\u6539\uff0c\u82e5\u65e0\u76f8\u5173\u914d\u7f6e\u5219\u4e3a\u7a7a vim /usr/local/share/opensd/etc_examples/opensd/globals.yml ######################## # Network & Base options ######################## network_interface: \"eth0\" #\u7ba1\u7406\u7f51\u7edc\u7684\u7f51\u5361\u540d\u79f0 neutron_external_interface: \"eth1\" #\u4e1a\u52a1\u7f51\u7edc\u7684\u7f51\u5361\u540d\u79f0 cidr_netmask: 24 #\u7ba1\u7406\u7f51\u7684\u63a9\u7801 opensd_vip_address: 10.0.0.33 #\u63a7\u5236\u8282\u70b9\u865a\u62dfIP\u5730\u5740 cell1_vip_address: 10.0.0.34 #cell1\u96c6\u7fa4\u7684\u865a\u62dfIP\u5730\u5740 cell2_vip_address: 10.0.0.35 #cell2\u96c6\u7fa4\u7684\u865a\u62dfIP\u5730\u5740 external_fqdn: \"\" #\u7528\u4e8evnc\u8bbf\u95ee\u865a\u62df\u673a\u7684\u5916\u7f51\u57df\u540d\u5730\u5740 external_ntp_servers: [] #\u5916\u90e8ntp\u670d\u52a1\u5668\u5730\u5740 yumrepo_host: #yum\u6e90\u7684IP\u5730\u5740 yumrepo_port: #yum\u6e90\u7aef\u53e3\u53f7 environment: #yum\u6e90\u7684\u7c7b\u578b upgrade_all_packages: \"yes\" #\u662f\u5426\u5347\u7ea7\u6240\u6709\u5b89\u88c5\u7248\u7684\u7248\u672c(\u6267\u884cyum upgrade)\uff0c\u521d\u59cb\u90e8\u7f72\u8d44\u6e90\u8bf7\u8bbe\u7f6e\u4e3a\"yes\" enable_miner: \"no\" #\u662f\u5426\u5f00\u542f\u90e8\u7f72miner\u670d\u52a1 enable_chrony: \"no\" #\u662f\u5426\u5f00\u542f\u90e8\u7f72chrony\u670d\u52a1 enable_pri_mariadb: \"no\" #\u662f\u5426\u4e3a\u79c1\u6709\u4e91\u90e8\u7f72mariadb enable_hosts_file_modify: \"no\" # \u6269\u5bb9\u8ba1\u7b97\u8282\u70b9\u548c\u90e8\u7f72ironic\u670d\u52a1\u7684\u65f6\u5019\uff0c\u662f\u5426\u5c06\u8282\u70b9\u4fe1\u606f\u6dfb\u52a0\u5230`/etc/hosts` ######################## # Available zone options ######################## az_cephmon_compose: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az01\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az01\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az02\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az02\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az03\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az03\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: # `reserve_vcpu_based_on_numa`\u914d\u7f6e\u4e3a`yes` or `no`,\u4e3e\u4f8b\u8bf4\u660e\uff1a NUMA node0 CPU(s): 0-15,32-47 NUMA node1 CPU(s): 16-31,48-63 \u5f53reserve_vcpu_based_on_numa: \"yes\", \u6839\u636enuma node, \u5e73\u5747\u6bcf\u4e2anode\u9884\u7559vcpu: vcpu_pin_set = 2-15,34-47,18-31,50-63 \u5f53reserve_vcpu_based_on_numa: \"no\", \u4ece\u7b2c\u4e00\u4e2avcpu\u5f00\u59cb\uff0c\u987a\u5e8f\u9884\u7559vcpu: vcpu_pin_set = 8-64 ####################### # Nova options ####################### nova_reserved_host_memory_mb: 2048 #\u8ba1\u7b97\u8282\u70b9\u7ed9\u8ba1\u7b97\u670d\u52a1\u9884\u7559\u7684\u5185\u5b58\u5927\u5c0f enable_cells: \"yes\" #cell\u8282\u70b9\u662f\u5426\u5355\u72ec\u8282\u70b9\u90e8\u7f72 support_gpu: \"False\" #cell\u8282\u70b9\u662f\u5426\u6709GPU\u670d\u52a1\u5668\uff0c\u5982\u679c\u6709\u5219\u4e3aTrue\uff0c\u5426\u5219\u4e3aFalse ####################### # Neutron options ####################### monitor_ip: - 10.0.0.9 #\u914d\u7f6e\u76d1\u63a7\u8282\u70b9 - 10.0.0.10 enable_meter_full_eip: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8EIP\u5168\u91cf\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter_port_forwarding: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8port forwarding\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter_ecs_ipv6: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8ecs_ipv6\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter: True #\u914d\u7f6e\u662f\u5426\u5f00\u542f\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue is_sdn_arch: False #\u914d\u7f6e\u662f\u5426\u662fsdn\u67b6\u6784\uff0c\u9ed8\u8ba4\u4e3aFalse # \u9ed8\u8ba4\u4f7f\u80fd\u7684\u7f51\u7edc\u7c7b\u578b\u662fvlan,vlan\u548cvxlan\u4e24\u79cd\u7c7b\u578b\u53ea\u80fd\u4e8c\u9009\u4e00. enable_vxlan_network_type: False # \u9ed8\u8ba4\u4f7f\u80fd\u7684\u7f51\u7edc\u7c7b\u578b\u662fvlan,\u5982\u679c\u4f7f\u7528vxlan\u7f51\u7edc\uff0c\u914d\u7f6e\u4e3aTrue, \u5982\u679c\u4f7f\u7528vlan\u7f51\u7edc\uff0c\u914d\u7f6e\u4e3aFalse. enable_neutron_fwaas: False # \u73af\u5883\u6709\u4f7f\u7528\u9632\u706b\u5899, \u8bbe\u7f6e\u4e3aTrue, \u4f7f\u80fd\u9632\u62a4\u5899\u529f\u80fd. # Neutron provider neutron_provider_networks: network_types: \"{{ 'vxlan' if enable_vxlan_network_type else 'vlan' }}\" network_vlan_ranges: \"default:xxx:xxx\" #\u90e8\u7f72\u4e4b\u524d\u89c4\u5212\u7684\u4e1a\u52a1\u7f51\u7edcvlan\u8303\u56f4 network_mappings: \"default:br-provider\" network_interface: \"{{ neutron_external_interface }}\" network_vxlan_ranges: \"\" #\u90e8\u7f72\u4e4b\u524d\u89c4\u5212\u7684\u4e1a\u52a1\u7f51\u7edcvxlan\u8303\u56f4 # \u5982\u4e0b\u8fd9\u4e9b\u914d\u7f6e\u662fSND\u63a7\u5236\u5668\u7684\u914d\u7f6e\u53c2\u6570, `enable_sdn_controller`\u8bbe\u7f6e\u4e3aTrue, \u4f7f\u80fdSND\u63a7\u5236\u5668\u529f\u80fd. # \u5176\u4ed6\u53c2\u6570\u8bf7\u6839\u636e\u90e8\u7f72\u4e4b\u524d\u7684\u89c4\u5212\u548cSDN\u90e8\u7f72\u4fe1\u606f\u786e\u5b9a. enable_sdn_controller: False sdn_controller_ip_address: # SDN\u63a7\u5236\u5668ip\u5730\u5740 sdn_controller_username: # SDN\u63a7\u5236\u5668\u7684\u7528\u6237\u540d sdn_controller_password: # SDN\u63a7\u5236\u5668\u7684\u7528\u6237\u5bc6\u7801 ####################### # Dimsagent options ####################### enable_dimsagent: \"no\" # \u5b89\u88c5\u955c\u50cf\u670d\u52a1agent, \u9700\u8981\u6539\u4e3ayes # Address and domain name for s2 s3_address_domain_pair: - host_ip: host_name: ####################### # Trove options ####################### enable_trove: \"no\" #\u5b89\u88c5trove \u9700\u8981\u6539\u4e3ayes #default network trove_default_neutron_networks: #trove \u7684\u7ba1\u7406\u7f51\u7edcid `openstack network list|grep -w trove-mgmt|awk '{print$2}'` #s3 setup(\u5982\u679c\u6ca1\u6709s3,\u4ee5\u4e0b\u503c\u586bnull) s3_endpoint_host_ip: #s3\u7684ip s3_endpoint_host_name: #s3\u7684\u57df\u540d s3_endpoint_url: #s3\u7684url \u00b7\u4e00\u822c\u4e3ahttp\uff1a//s3\u57df\u540d s3_access_key: #s3\u7684ak s3_secret_key: #s3\u7684sk ####################### # Ironic options ####################### enable_ironic: \"no\" #\u662f\u5426\u5f00\u673a\u88f8\u91d1\u5c5e\u90e8\u7f72\uff0c\u9ed8\u8ba4\u4e0d\u5f00\u542f ironic_neutron_provisioning_network_uuid: ironic_neutron_cleaning_network_uuid: \"{{ ironic_neutron_provisioning_network_uuid }}\" ironic_dnsmasq_interface: ironic_dnsmasq_dhcp_range: ironic_tftp_server_address: \"{{ hostvars[inventory_hostname]['ansible_' + ironic_dnsmasq_interface]['ipv4']['address'] }}\" # \u4ea4\u6362\u673a\u8bbe\u5907\u76f8\u5173\u4fe1\u606f neutron_ml2_conf_genericswitch: genericswitch:xxxxxxx: device_type: ngs_mac_address: ip: username: password: ngs_port_default_vlan: # Package state setting haproxy_package_state: \"present\" mariadb_package_state: \"present\" rabbitmq_package_state: \"present\" memcached_package_state: \"present\" ceph_client_package_state: \"present\" keystone_package_state: \"present\" glance_package_state: \"present\" cinder_package_state: \"present\" nova_package_state: \"present\" neutron_package_state: \"present\" miner_package_state: \"present\" 7.4 \u68c0\u67e5\u6240\u6709\u8282\u70b9ssh\u8fde\u63a5\u72b6\u6001 \u00b6 dnf install ansible -y ansible all -i /usr/local/share/opensd/ansible/inventory/multinode -m ping # \u6267\u884c\u7ed3\u679c\u663e\u793a\u6bcf\u53f0\u4e3b\u673a\u90fd\u662f\"SUCCESS\"\u5373\u8bf4\u660e\u8fde\u63a5\u72b6\u6001\u6ca1\u95ee\u9898,\u793a\u4f8b\uff1a compute1 | SUCCESS => { \"ansible_facts\": { \"discovered_interpreter_python\": \"/usr/bin/python\" }, \"changed\": false, \"ping\": \"pong\" } 8. \u6267\u884c\u90e8\u7f72 \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 8.1 \u6267\u884cbootstrap \u00b6 # \u6267\u884c\u90e8\u7f72 opensd -i /usr/local/share/opensd/ansible/inventory/multinode bootstrap --forks 50 8.2 \u91cd\u542f\u670d\u52a1\u5668 \u00b6 \u6ce8\uff1a\u6267\u884c\u91cd\u542f\u7684\u539f\u56e0\u662f:bootstrap\u53ef\u80fd\u4f1a\u5347\u5185\u6838,\u66f4\u6539selinux\u914d\u7f6e\u6216\u8005\u6709GPU\u670d\u52a1\u5668,\u5982\u679c\u88c5\u673a\u8fc7\u7a0b\u5df2\u7ecf\u662f\u65b0\u7248\u5185\u6838,selinux disable\u6216\u8005\u6ca1\u6709GPU\u670d\u52a1\u5668,\u5219\u4e0d\u9700\u8981\u6267\u884c\u8be5\u6b65\u9aa4 # \u624b\u52a8\u91cd\u542f\u5bf9\u5e94\u8282\u70b9,\u6267\u884c\u547d\u4ee4 init6 # \u91cd\u542f\u5b8c\u6210\u540e\uff0c\u518d\u6b21\u68c0\u67e5\u8fde\u901a\u6027 ansible all -i /usr/local/share/opensd/ansible/inventory/multinode -m ping # \u91cd\u542f\u5b8c\u540e\u64cd\u4f5c\u7cfb\u7edf\u540e\uff0c\u518d\u6b21\u542f\u52a8yum\u6e90 8.3 \u6267\u884c\u90e8\u7f72\u524d\u68c0\u67e5 \u00b6 opensd -i /usr/local/share/opensd/ansible/inventory/multinode prechecks --forks 50 8.4 \u6267\u884c\u90e8\u7f72 \u00b6 ln -s /usr/bin/python3 /usr/bin/python \u5168\u91cf\u90e8\u7f72\uff1a opensd -i /usr/local/share/opensd/ansible/inventory/multinode deploy --forks 50 \u5355\u670d\u52a1\u90e8\u7f72\uff1a opensd -i /usr/local/share/opensd/ansible/inventory/multinode deploy --forks 50 -t service_name","title":"openEuler-22.03-LTS-SP4_Train"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#openstack-train","text":"OpenStack-Train \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 \u57fa\u4e8eOpenStack SIG\u90e8\u7f72\u5de5\u5177opensd\u90e8\u7f72 \u90e8\u7f72\u6b65\u9aa4 1. \u90e8\u7f72\u524d\u9700\u8981\u786e\u8ba4\u7684\u4fe1\u606f 2. ceph pool\u4e0e\u8ba4\u8bc1\u521b\u5efa\uff08\u53ef\u9009\uff09 2.1 \u521b\u5efapool: 2.2 \u521d\u59cb\u5316pool 2.3 \u521b\u5efa\u7528\u6237\u8ba4\u8bc1 3. \u914d\u7f6elvm\uff08\u53ef\u9009\uff09 4. \u914d\u7f6eyum repo 4.1 \u5907\u4efdyum\u6e90 4.2 \u914d\u7f6eyum repo 4.3 \u66f4\u65b0yum\u7f13\u5b58 5. \u5b89\u88c5opensd 5.1 \u514b\u9686opensd\u6e90\u7801\u5e76\u5b89\u88c5 6. \u505assh\u4e92\u4fe1 6.1 \u751f\u6210\u5bc6\u94a5\u5bf9 6.2 \u751f\u6210\u4e3b\u673aIP\u5730\u5740\u6587\u4ef6 6.3 \u66f4\u6539\u5bc6\u7801\u5e76\u6267\u884c\u811a\u672c 6.4 \u90e8\u7f72\u8282\u70b9\u4e0eceph monitor\u505a\u4e92\u4fe1\uff08\u53ef\u9009\uff09 7. \u914d\u7f6eopensd 7.1 \u751f\u6210\u968f\u673a\u5bc6\u7801 7.2 \u914d\u7f6einventory\u6587\u4ef6 7.3 \u914d\u7f6e\u5168\u5c40\u53d8\u91cf 7.4 \u68c0\u67e5\u6240\u6709\u8282\u70b9ssh\u8fde\u63a5\u72b6\u6001 8. \u6267\u884c\u90e8\u7f72 8.1 \u6267\u884cbootstrap 8.2 \u91cd\u542f\u670d\u52a1\u5668 8.3 \u6267\u884c\u90e8\u7f72\u524d\u68c0\u67e5 8.4 \u6267\u884c\u90e8\u7f72","title":"OpenStack-Train \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#openstack","text":"OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 22.03-LTS-SP4\u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Train \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002","title":"OpenStack \u7b80\u4ecb"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#_1","text":"OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a Cinder Nova Neutron","title":"\u7ea6\u5b9a"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#_2","text":"","title":"\u51c6\u5907\u73af\u5883"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#_3","text":"\u542f\u52a8OpenStack Train yum\u6e90 yum update yum install openstack-release-train yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.04-LTS-SP4/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.04-LTS-SP4/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute","title":"\u73af\u5883\u914d\u7f6e"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#sql-database","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef","title":"\u5b89\u88c5 SQL DataBase"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#rabbitmq","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5 RabbitMQ"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#memcached","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002","title":"\u5b89\u88c5 Memcached"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#openstack_1","text":"","title":"\u5b89\u88c5 OpenStack"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#keystone","text":"\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient==4.0.2 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#glance","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#placement","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a . admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name","title":"Placement\u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#nova","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u5219 virt_type \u53ef\u4ee5\u914d\u7f6e\u4e3a kvm \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 mkdir -p /usr/share/AAVMF chown nova:nova /usr/share/AAVMF ln -s /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw \\ /usr/share/AAVMF/AAVMF_CODE.fd ln -s /usr/share/edk2/aarch64/vars-template-pflash.raw \\ /usr/share/AAVMF/AAVMF_VARS.fd vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u5e76\u4e14\u5f53ARM\u67b6\u6784\u4e0b\u7684\u90e8\u7f72\u73af\u5883\u4e3a\u5d4c\u5957\u865a\u62df\u5316\u65f6\uff0c libvirt \u914d\u7f6e\u5982\u4e0b\uff1a [libvirt] virt_type = qemu cpu_mode = custom cpu_model = cortex-a72 \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CTL) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL)","title":"Nova \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#neutron","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl restart neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service \\ neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list","title":"Neutron \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#cinder","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list","title":"Cinder \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#horizon","text":"\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740","title":"horizon \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Train\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin","title":"Tempest \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; 2. \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u542f\u52a8\u670d\u52a1 systemctl enable openstack-ironic-api openstack-ironic-conductor systemctl start openstack-ironic-api openstack-ironic-conductor \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y 2. \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7.deploy ramdisk\u955c\u50cf\u5236\u4f5c T\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528T\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728T\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a T\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target \u5728Train\u4e2d\uff0c\u6211\u4eec\u8fd8\u63d0\u4f9b\u4e86ironic-inspector\u7b49\u670d\u52a1\uff0c\u7528\u6237\u53ef\u6839\u636e\u81ea\u8eab\u9700\u6c42\u5b89\u88c5\u3002","title":"Ironic \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#kolla","text":"Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u8fdb\u884c\u76f8\u5173\u7684\u955c\u50cf\u5236\u4f5c\u548c\u5bb9\u5668\u73af\u5883\u90e8\u7f72\u4e86\u3002","title":"Kolla \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 1.\u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; 2.\u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --domain default --password-prompt trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s 3.\u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1.\u5b89\u88c5 Trove \u5305 yum install openstack-trove python3-troveclient 2.\u914d\u7f6e trove.conf vim /etc/trove/trove.conf [DEFAULT] log_dir = /var/log/trove trove_auth_url = http://controller:5000/ nova_compute_url = http://controller:8774/v2 cinder_url = http://controller:8776/v1 swift_url = http://controller:8080/v1/AUTH_ rpc_backend = rabbit transport_url = rabbit://openstack:RABBIT_PASS@controller:5672 auth_strategy = keystone add_addresses = True api_paste_config = /etc/trove/api-paste.ini nova_proxy_admin_user = admin nova_proxy_admin_pass = ADMIN_PASSWORD nova_proxy_admin_tenant_name = service taskmanager_manager = trove.taskmanager.manager.Manager use_nova_server_config_drive = True # Set these if using Neutron Networking network_driver = trove.network.neutron.NeutronDriver network_label_regex = .* [database] connection = mysql+pymysql://trove:TROVE_DBPASSWORD@controller/trove [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ auth_type = password project_domain_name = default user_domain_name = default project_name = service username = trove password = TROVE_PASSWORD \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 3.\u914d\u7f6e trove-guestagent.conf vim /etc/trove/trove-guestagent.conf rabbit_host = controller rabbit_password = RABBIT_PASS trove_auth_url = http://controller:5000/ \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 4.\u751f\u6210\u6570\u636e Trove \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"trove-manage db_sync\" trove 4.\u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#swift","text":"Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** \u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: yum install xfsprogs rsync \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\uff1a mount /srv/node/vdb mount /srv/node/vdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: yum install openstack-swift-account openstack-swift-container openstack-swift-object \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift \u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\uff1a swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\uff1a swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0 \u6ce8\u610f *** *\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service","title":"Swift \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#cyborg","text":"Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 1.\u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 3.\u5b89\u88c5Cyborg yum install openstack-cyborg 4.\u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f 5.\u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade 6.\u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent","title":"Cyborg \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#aodh","text":"1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 3.\u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync 6.\u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service","title":"Aodh \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#gnocchi","text":"1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 3.\u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade 6.\u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service","title":"Gnocchi \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#ceilometer","text":"1.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering 2.\u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central 3.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade 6.\u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service","title":"Ceilometer \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#heat","text":"1.\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; 2.\u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin 3.\u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 4.\u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user 5.\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine 6.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 7.\u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat 8.\u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service","title":"Heat \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#openstack-sigoos","text":"oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 pip install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.03-LTS-SP4\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.03-lts-sp4 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r train \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.03-lts-sp4 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"\u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#openstack-sigopensd","text":"opensd\u7528\u4e8e\u6279\u91cf\u5730\u811a\u672c\u5316\u90e8\u7f72openstack\u5404\u7ec4\u4ef6\u670d\u52a1\u3002","title":"\u57fa\u4e8eOpenStack SIG\u90e8\u7f72\u5de5\u5177opensd\u90e8\u7f72"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#_4","text":"","title":"\u90e8\u7f72\u6b65\u9aa4"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#1","text":"\u88c5\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u9700\u5c06selinux\u8bbe\u7f6e\u4e3adisable \u88c5\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u5c06/etc/ssh/sshd_config\u914d\u7f6e\u6587\u4ef6\u5185\u7684UseDNS\u8bbe\u7f6e\u4e3ano \u64cd\u4f5c\u7cfb\u7edf\u8bed\u8a00\u5fc5\u987b\u8bbe\u7f6e\u4e3a\u82f1\u6587 \u90e8\u7f72\u4e4b\u524d\u8bf7\u786e\u4fdd\u6240\u6709\u8ba1\u7b97\u8282\u70b9/etc/hosts\u6587\u4ef6\u5185\u6ca1\u6709\u5bf9\u8ba1\u7b97\u4e3b\u673a\u7684\u89e3\u6790","title":"1. \u90e8\u7f72\u524d\u9700\u8981\u786e\u8ba4\u7684\u4fe1\u606f"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#2-ceph-pool","text":"\u4e0d\u4f7f\u7528ceph\u6216\u5df2\u6709ceph\u96c6\u7fa4\u53ef\u5ffd\u7565\u6b64\u6b65\u9aa4 \u5728\u4efb\u610f\u4e00\u53f0ceph monitor\u8282\u70b9\u6267\u884c:","title":"2. ceph pool\u4e0e\u8ba4\u8bc1\u521b\u5efa\uff08\u53ef\u9009\uff09"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#21-pool","text":"ceph osd pool create volumes 2048 ceph osd pool create images 2048","title":"2.1 \u521b\u5efapool:"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#22-pool","text":"rbd pool init volumes rbd pool init images","title":"2.2 \u521d\u59cb\u5316pool"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#23","text":"ceph auth get-or-create client.glance mon 'profile rbd' osd 'profile rbd pool=images' mgr 'profile rbd pool=images' ceph auth get-or-create client.cinder mon 'profile rbd' osd 'profile rbd pool=volumes, profile rbd pool=images' mgr 'profile rbd pool=volumes'","title":"2.3 \u521b\u5efa\u7528\u6237\u8ba4\u8bc1"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#3-lvm","text":"\u6839\u636e\u7269\u7406\u673a\u78c1\u76d8\u914d\u7f6e\u4e0e\u95f2\u7f6e\u60c5\u51b5\uff0c\u4e3amysql\u6570\u636e\u76ee\u5f55\u6302\u8f7d\u989d\u5916\u7684\u78c1\u76d8\u7a7a\u95f4\u3002\u793a\u4f8b\u5982\u4e0b\uff08\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u505a\u914d\u7f6e\uff09\uff1a fdisk -l Disk /dev/sdd: 479.6 GB, 479559942144 bytes, 936640512 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes Disk label type: dos Disk identifier: 0x000ed242 \u521b\u5efa\u5206\u533a parted /dev/sdd mkparted 0 -1 \u521b\u5efapv partprobe /dev/sdd1 pvcreate /dev/sdd1 \u521b\u5efa\u3001\u6fc0\u6d3bvg vgcreate vg_mariadb /dev/sdd1 vgchange -ay vg_mariadb \u67e5\u770bvg\u5bb9\u91cf vgdisplay --- Volume group --- VG Name vg_mariadb System ID Format lvm2 Metadata Areas 1 Metadata Sequence No 2 VG Access read/write VG Status resizable MAX LV 0 Cur LV 1 Open LV 1 Max PV 0 Cur PV 1 Act PV 1 VG Size 446.62 GiB PE Size 4.00 MiB Total PE 114335 Alloc PE / Size 114176 / 446.00 GiB Free PE / Size 159 / 636.00 MiB VG UUID bVUmDc-VkMu-Vi43-mg27-TEkG-oQfK-TvqdEc \u521b\u5efalv lvcreate -L 446G -n lv_mariadb vg_mariadb \u683c\u5f0f\u5316\u78c1\u76d8\u5e76\u83b7\u53d6\u5377\u7684UUID mkfs.ext4 /dev/mapper/vg_mariadb-lv_mariadb blkid /dev/mapper/vg_mariadb-lv_mariadb /dev/mapper/vg_mariadb-lv_mariadb: UUID=\"98d513eb-5f64-4aa5-810e-dc7143884fa2\" TYPE=\"ext4\" \u6ce8\uff1a98d513eb-5f64-4aa5-810e-dc7143884fa2\u4e3a\u5377\u7684UUID \u6302\u8f7d\u78c1\u76d8 mount /dev/mapper/vg_mariadb-lv_mariadb /var/lib/mysql rm -rf /var/lib/mysql/*","title":"3. \u914d\u7f6elvm\uff08\u53ef\u9009\uff09"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#4-yum-repo","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"4. \u914d\u7f6eyum repo"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#41-yum","text":"mkdir /etc/yum.repos.d/bak/ mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak/","title":"4.1 \u5907\u4efdyum\u6e90"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#42-yum-repo","text":"cat > /etc/yum.repos.d/opensd.repo << EOF [train] name=train baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP4:/Epol:/Multi-Version:/OpenStack:/Train/standard_$basearch/ enabled=1 gpgcheck=0 [epol] name=epol baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP4:/Epol/standard_$basearch/ enabled=1 gpgcheck=0 [everything] name=everything baseurl=http://119.3.219.20:82/openEuler:/22.03:/LTS:/SP4s/standard_$basearch/ enabled=1 gpgcheck=0 EOF","title":"4.2 \u914d\u7f6eyum repo"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#43-yum","text":"yum clean all yum makecache","title":"4.3 \u66f4\u65b0yum\u7f13\u5b58"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#5-opensd","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"5. \u5b89\u88c5opensd"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#51-opensd","text":"git clone https://gitee.com/openeuler/opensd cd opensd python3 setup.py install","title":"5.1 \u514b\u9686opensd\u6e90\u7801\u5e76\u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#6-ssh","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"6. \u505assh\u4e92\u4fe1"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#61","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u5e76\u4e00\u8def\u56de\u8f66 ssh-keygen","title":"6.1 \u751f\u6210\u5bc6\u94a5\u5bf9"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#62-ip","text":"\u5728auto_ssh_host_ip\u4e2d\u914d\u7f6e\u6240\u6709\u7528\u5230\u7684\u4e3b\u673aip, \u793a\u4f8b\uff1a cd /usr/local/share/opensd/tools/ vim auto_ssh_host_ip 10.0.0.1 10.0.0.2 ... 10.0.0.10","title":"6.2 \u751f\u6210\u4e3b\u673aIP\u5730\u5740\u6587\u4ef6"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#63","text":"\u5c06\u514d\u5bc6\u811a\u672c /usr/local/bin/opensd-auto-ssh \u5185123123\u66ff\u6362\u4e3a\u4e3b\u673a\u771f\u5b9e\u5bc6\u7801 # \u66ff\u6362\u811a\u672c\u5185123123\u5b57\u7b26\u4e32 vim /usr/local/bin/opensd-auto-ssh ## \u5b89\u88c5expect\u540e\u6267\u884c\u811a\u672c dnf install expect -y opensd-auto-ssh","title":"6.3 \u66f4\u6539\u5bc6\u7801\u5e76\u6267\u884c\u811a\u672c"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#64-ceph-monitor","text":"ssh-copy-id root@x.x.x.x","title":"6.4 \u90e8\u7f72\u8282\u70b9\u4e0eceph monitor\u505a\u4e92\u4fe1\uff08\u53ef\u9009\uff09"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#7-opensd","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"7. \u914d\u7f6eopensd"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#71","text":"\u5b89\u88c5 python3-pbr, python3-utils, python3-pyyaml, python3-oslo-utils\u5e76\u968f\u673a\u751f\u6210\u5bc6\u7801 dnf install python3-pbr python3-utils python3-pyyaml python3-oslo-utils -y # \u6267\u884c\u547d\u4ee4\u751f\u6210\u5bc6\u7801 opensd-genpwd # \u68c0\u67e5\u5bc6\u7801\u662f\u5426\u751f\u6210 cat /usr/local/share/opensd/etc_examples/opensd/passwords.yml","title":"7.1 \u751f\u6210\u968f\u673a\u5bc6\u7801"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#72-inventory","text":"\u4e3b\u673a\u4fe1\u606f\u5305\u542b\uff1a\u4e3b\u673a\u540d\u3001ansible_host IP\u3001availability_zone\uff0c\u4e09\u8005\u5747\u9700\u914d\u7f6e\u7f3a\u4e00\u4e0d\u53ef\uff0c\u793a\u4f8b\uff1a vim /usr/local/share/opensd/ansible/inventory/multinode # \u4e09\u53f0\u63a7\u5236\u8282\u70b9\u4e3b\u673a\u4fe1\u606f [control] controller1 ansible_host=10.0.0.35 availability_zone=az01.cell01.cn-yogadev-1 controller2 ansible_host=10.0.0.36 availability_zone=az01.cell01.cn-yogadev-1 controller3 ansible_host=10.0.0.37 availability_zone=az01.cell01.cn-yogadev-1 # \u7f51\u7edc\u8282\u70b9\u4fe1\u606f\uff0c\u4e0e\u63a7\u5236\u8282\u70b9\u4fdd\u6301\u4e00\u81f4 [network] controller1 ansible_host=10.0.0.35 availability_zone=az01.cell01.cn-yogadev-1 controller2 ansible_host=10.0.0.36 availability_zone=az01.cell01.cn-yogadev-1 controller3 ansible_host=10.0.0.37 availability_zone=az01.cell01.cn-yogadev-1 # cinder-volume\u670d\u52a1\u8282\u70b9\u4fe1\u606f [storage] storage1 ansible_host=10.0.0.61 availability_zone=az01.cell01.cn-yogadev-1 storage2 ansible_host=10.0.0.78 availability_zone=az01.cell01.cn-yogadev-1 storage3 ansible_host=10.0.0.82 availability_zone=az01.cell01.cn-yogadev-1 # Cell1 \u96c6\u7fa4\u4fe1\u606f [cell-control-cell1] cell1 ansible_host=10.0.0.24 availability_zone=az01.cell01.cn-yogadev-1 cell2 ansible_host=10.0.0.25 availability_zone=az01.cell01.cn-yogadev-1 cell3 ansible_host=10.0.0.26 availability_zone=az01.cell01.cn-yogadev-1 [compute-cell1] compute1 ansible_host=10.0.0.27 availability_zone=az01.cell01.cn-yogadev-1 compute2 ansible_host=10.0.0.28 availability_zone=az01.cell01.cn-yogadev-1 compute3 ansible_host=10.0.0.29 availability_zone=az01.cell01.cn-yogadev-1 [cell1:children] cell-control-cell1 compute-cell1 # Cell2\u96c6\u7fa4\u4fe1\u606f [cell-control-cell2] cell4 ansible_host=10.0.0.36 availability_zone=az03.cell02.cn-yogadev-1 cell5 ansible_host=10.0.0.37 availability_zone=az03.cell02.cn-yogadev-1 cell6 ansible_host=10.0.0.38 availability_zone=az03.cell02.cn-yogadev-1 [compute-cell2] compute4 ansible_host=10.0.0.39 availability_zone=az03.cell02.cn-yogadev-1 compute5 ansible_host=10.0.0.40 availability_zone=az03.cell02.cn-yogadev-1 compute6 ansible_host=10.0.0.41 availability_zone=az03.cell02.cn-yogadev-1 [cell2:children] cell-control-cell2 compute-cell2 [baremetal] [compute-cell1-ironic] # \u586b\u5199\u6240\u6709cell\u96c6\u7fa4\u7684control\u4e3b\u673a\u7ec4 [nova-conductor:children] cell-control-cell1 cell-control-cell2 # \u586b\u5199\u6240\u6709cell\u96c6\u7fa4\u7684compute\u4e3b\u673a\u7ec4 [nova-compute:children] compute-added compute-cell1 compute-cell2 # \u4e0b\u9762\u7684\u4e3b\u673a\u7ec4\u4fe1\u606f\u4e0d\u9700\u53d8\u52a8\uff0c\u4fdd\u7559\u5373\u53ef [compute-added] [chrony-server:children] control [pacemaker:children] control ...... ......","title":"7.2 \u914d\u7f6einventory\u6587\u4ef6"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#73","text":"\u6ce8: \u6587\u6863\u4e2d\u63d0\u5230\u7684\u6709\u6ce8\u91ca\u914d\u7f6e\u9879\u9700\u8981\u66f4\u6539\uff0c\u5176\u4ed6\u53c2\u6570\u4e0d\u9700\u8981\u66f4\u6539\uff0c\u82e5\u65e0\u76f8\u5173\u914d\u7f6e\u5219\u4e3a\u7a7a vim /usr/local/share/opensd/etc_examples/opensd/globals.yml ######################## # Network & Base options ######################## network_interface: \"eth0\" #\u7ba1\u7406\u7f51\u7edc\u7684\u7f51\u5361\u540d\u79f0 neutron_external_interface: \"eth1\" #\u4e1a\u52a1\u7f51\u7edc\u7684\u7f51\u5361\u540d\u79f0 cidr_netmask: 24 #\u7ba1\u7406\u7f51\u7684\u63a9\u7801 opensd_vip_address: 10.0.0.33 #\u63a7\u5236\u8282\u70b9\u865a\u62dfIP\u5730\u5740 cell1_vip_address: 10.0.0.34 #cell1\u96c6\u7fa4\u7684\u865a\u62dfIP\u5730\u5740 cell2_vip_address: 10.0.0.35 #cell2\u96c6\u7fa4\u7684\u865a\u62dfIP\u5730\u5740 external_fqdn: \"\" #\u7528\u4e8evnc\u8bbf\u95ee\u865a\u62df\u673a\u7684\u5916\u7f51\u57df\u540d\u5730\u5740 external_ntp_servers: [] #\u5916\u90e8ntp\u670d\u52a1\u5668\u5730\u5740 yumrepo_host: #yum\u6e90\u7684IP\u5730\u5740 yumrepo_port: #yum\u6e90\u7aef\u53e3\u53f7 environment: #yum\u6e90\u7684\u7c7b\u578b upgrade_all_packages: \"yes\" #\u662f\u5426\u5347\u7ea7\u6240\u6709\u5b89\u88c5\u7248\u7684\u7248\u672c(\u6267\u884cyum upgrade)\uff0c\u521d\u59cb\u90e8\u7f72\u8d44\u6e90\u8bf7\u8bbe\u7f6e\u4e3a\"yes\" enable_miner: \"no\" #\u662f\u5426\u5f00\u542f\u90e8\u7f72miner\u670d\u52a1 enable_chrony: \"no\" #\u662f\u5426\u5f00\u542f\u90e8\u7f72chrony\u670d\u52a1 enable_pri_mariadb: \"no\" #\u662f\u5426\u4e3a\u79c1\u6709\u4e91\u90e8\u7f72mariadb enable_hosts_file_modify: \"no\" # \u6269\u5bb9\u8ba1\u7b97\u8282\u70b9\u548c\u90e8\u7f72ironic\u670d\u52a1\u7684\u65f6\u5019\uff0c\u662f\u5426\u5c06\u8282\u70b9\u4fe1\u606f\u6dfb\u52a0\u5230`/etc/hosts` ######################## # Available zone options ######################## az_cephmon_compose: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az01\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az01\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az02\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az02\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az03\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az03\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: # `reserve_vcpu_based_on_numa`\u914d\u7f6e\u4e3a`yes` or `no`,\u4e3e\u4f8b\u8bf4\u660e\uff1a NUMA node0 CPU(s): 0-15,32-47 NUMA node1 CPU(s): 16-31,48-63 \u5f53reserve_vcpu_based_on_numa: \"yes\", \u6839\u636enuma node, \u5e73\u5747\u6bcf\u4e2anode\u9884\u7559vcpu: vcpu_pin_set = 2-15,34-47,18-31,50-63 \u5f53reserve_vcpu_based_on_numa: \"no\", \u4ece\u7b2c\u4e00\u4e2avcpu\u5f00\u59cb\uff0c\u987a\u5e8f\u9884\u7559vcpu: vcpu_pin_set = 8-64 ####################### # Nova options ####################### nova_reserved_host_memory_mb: 2048 #\u8ba1\u7b97\u8282\u70b9\u7ed9\u8ba1\u7b97\u670d\u52a1\u9884\u7559\u7684\u5185\u5b58\u5927\u5c0f enable_cells: \"yes\" #cell\u8282\u70b9\u662f\u5426\u5355\u72ec\u8282\u70b9\u90e8\u7f72 support_gpu: \"False\" #cell\u8282\u70b9\u662f\u5426\u6709GPU\u670d\u52a1\u5668\uff0c\u5982\u679c\u6709\u5219\u4e3aTrue\uff0c\u5426\u5219\u4e3aFalse ####################### # Neutron options ####################### monitor_ip: - 10.0.0.9 #\u914d\u7f6e\u76d1\u63a7\u8282\u70b9 - 10.0.0.10 enable_meter_full_eip: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8EIP\u5168\u91cf\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter_port_forwarding: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8port forwarding\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter_ecs_ipv6: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8ecs_ipv6\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter: True #\u914d\u7f6e\u662f\u5426\u5f00\u542f\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue is_sdn_arch: False #\u914d\u7f6e\u662f\u5426\u662fsdn\u67b6\u6784\uff0c\u9ed8\u8ba4\u4e3aFalse # \u9ed8\u8ba4\u4f7f\u80fd\u7684\u7f51\u7edc\u7c7b\u578b\u662fvlan,vlan\u548cvxlan\u4e24\u79cd\u7c7b\u578b\u53ea\u80fd\u4e8c\u9009\u4e00. enable_vxlan_network_type: False # \u9ed8\u8ba4\u4f7f\u80fd\u7684\u7f51\u7edc\u7c7b\u578b\u662fvlan,\u5982\u679c\u4f7f\u7528vxlan\u7f51\u7edc\uff0c\u914d\u7f6e\u4e3aTrue, \u5982\u679c\u4f7f\u7528vlan\u7f51\u7edc\uff0c\u914d\u7f6e\u4e3aFalse. enable_neutron_fwaas: False # \u73af\u5883\u6709\u4f7f\u7528\u9632\u706b\u5899, \u8bbe\u7f6e\u4e3aTrue, \u4f7f\u80fd\u9632\u62a4\u5899\u529f\u80fd. # Neutron provider neutron_provider_networks: network_types: \"{{ 'vxlan' if enable_vxlan_network_type else 'vlan' }}\" network_vlan_ranges: \"default:xxx:xxx\" #\u90e8\u7f72\u4e4b\u524d\u89c4\u5212\u7684\u4e1a\u52a1\u7f51\u7edcvlan\u8303\u56f4 network_mappings: \"default:br-provider\" network_interface: \"{{ neutron_external_interface }}\" network_vxlan_ranges: \"\" #\u90e8\u7f72\u4e4b\u524d\u89c4\u5212\u7684\u4e1a\u52a1\u7f51\u7edcvxlan\u8303\u56f4 # \u5982\u4e0b\u8fd9\u4e9b\u914d\u7f6e\u662fSND\u63a7\u5236\u5668\u7684\u914d\u7f6e\u53c2\u6570, `enable_sdn_controller`\u8bbe\u7f6e\u4e3aTrue, \u4f7f\u80fdSND\u63a7\u5236\u5668\u529f\u80fd. # \u5176\u4ed6\u53c2\u6570\u8bf7\u6839\u636e\u90e8\u7f72\u4e4b\u524d\u7684\u89c4\u5212\u548cSDN\u90e8\u7f72\u4fe1\u606f\u786e\u5b9a. enable_sdn_controller: False sdn_controller_ip_address: # SDN\u63a7\u5236\u5668ip\u5730\u5740 sdn_controller_username: # SDN\u63a7\u5236\u5668\u7684\u7528\u6237\u540d sdn_controller_password: # SDN\u63a7\u5236\u5668\u7684\u7528\u6237\u5bc6\u7801 ####################### # Dimsagent options ####################### enable_dimsagent: \"no\" # \u5b89\u88c5\u955c\u50cf\u670d\u52a1agent, \u9700\u8981\u6539\u4e3ayes # Address and domain name for s2 s3_address_domain_pair: - host_ip: host_name: ####################### # Trove options ####################### enable_trove: \"no\" #\u5b89\u88c5trove \u9700\u8981\u6539\u4e3ayes #default network trove_default_neutron_networks: #trove \u7684\u7ba1\u7406\u7f51\u7edcid `openstack network list|grep -w trove-mgmt|awk '{print$2}'` #s3 setup(\u5982\u679c\u6ca1\u6709s3,\u4ee5\u4e0b\u503c\u586bnull) s3_endpoint_host_ip: #s3\u7684ip s3_endpoint_host_name: #s3\u7684\u57df\u540d s3_endpoint_url: #s3\u7684url \u00b7\u4e00\u822c\u4e3ahttp\uff1a//s3\u57df\u540d s3_access_key: #s3\u7684ak s3_secret_key: #s3\u7684sk ####################### # Ironic options ####################### enable_ironic: \"no\" #\u662f\u5426\u5f00\u673a\u88f8\u91d1\u5c5e\u90e8\u7f72\uff0c\u9ed8\u8ba4\u4e0d\u5f00\u542f ironic_neutron_provisioning_network_uuid: ironic_neutron_cleaning_network_uuid: \"{{ ironic_neutron_provisioning_network_uuid }}\" ironic_dnsmasq_interface: ironic_dnsmasq_dhcp_range: ironic_tftp_server_address: \"{{ hostvars[inventory_hostname]['ansible_' + ironic_dnsmasq_interface]['ipv4']['address'] }}\" # \u4ea4\u6362\u673a\u8bbe\u5907\u76f8\u5173\u4fe1\u606f neutron_ml2_conf_genericswitch: genericswitch:xxxxxxx: device_type: ngs_mac_address: ip: username: password: ngs_port_default_vlan: # Package state setting haproxy_package_state: \"present\" mariadb_package_state: \"present\" rabbitmq_package_state: \"present\" memcached_package_state: \"present\" ceph_client_package_state: \"present\" keystone_package_state: \"present\" glance_package_state: \"present\" cinder_package_state: \"present\" nova_package_state: \"present\" neutron_package_state: \"present\" miner_package_state: \"present\"","title":"7.3 \u914d\u7f6e\u5168\u5c40\u53d8\u91cf"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#74-ssh","text":"dnf install ansible -y ansible all -i /usr/local/share/opensd/ansible/inventory/multinode -m ping # \u6267\u884c\u7ed3\u679c\u663e\u793a\u6bcf\u53f0\u4e3b\u673a\u90fd\u662f\"SUCCESS\"\u5373\u8bf4\u660e\u8fde\u63a5\u72b6\u6001\u6ca1\u95ee\u9898,\u793a\u4f8b\uff1a compute1 | SUCCESS => { \"ansible_facts\": { \"discovered_interpreter_python\": \"/usr/bin/python\" }, \"changed\": false, \"ping\": \"pong\" }","title":"7.4 \u68c0\u67e5\u6240\u6709\u8282\u70b9ssh\u8fde\u63a5\u72b6\u6001"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#8","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"8. \u6267\u884c\u90e8\u7f72"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#81-bootstrap","text":"# \u6267\u884c\u90e8\u7f72 opensd -i /usr/local/share/opensd/ansible/inventory/multinode bootstrap --forks 50","title":"8.1 \u6267\u884cbootstrap"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#82","text":"\u6ce8\uff1a\u6267\u884c\u91cd\u542f\u7684\u539f\u56e0\u662f:bootstrap\u53ef\u80fd\u4f1a\u5347\u5185\u6838,\u66f4\u6539selinux\u914d\u7f6e\u6216\u8005\u6709GPU\u670d\u52a1\u5668,\u5982\u679c\u88c5\u673a\u8fc7\u7a0b\u5df2\u7ecf\u662f\u65b0\u7248\u5185\u6838,selinux disable\u6216\u8005\u6ca1\u6709GPU\u670d\u52a1\u5668,\u5219\u4e0d\u9700\u8981\u6267\u884c\u8be5\u6b65\u9aa4 # \u624b\u52a8\u91cd\u542f\u5bf9\u5e94\u8282\u70b9,\u6267\u884c\u547d\u4ee4 init6 # \u91cd\u542f\u5b8c\u6210\u540e\uff0c\u518d\u6b21\u68c0\u67e5\u8fde\u901a\u6027 ansible all -i /usr/local/share/opensd/ansible/inventory/multinode -m ping # \u91cd\u542f\u5b8c\u540e\u64cd\u4f5c\u7cfb\u7edf\u540e\uff0c\u518d\u6b21\u542f\u52a8yum\u6e90","title":"8.2 \u91cd\u542f\u670d\u52a1\u5668"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#83","text":"opensd -i /usr/local/share/opensd/ansible/inventory/multinode prechecks --forks 50","title":"8.3 \u6267\u884c\u90e8\u7f72\u524d\u68c0\u67e5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-train/#84","text":"ln -s /usr/bin/python3 /usr/bin/python \u5168\u91cf\u90e8\u7f72\uff1a opensd -i /usr/local/share/opensd/ansible/inventory/multinode deploy --forks 50 \u5355\u670d\u52a1\u90e8\u7f72\uff1a opensd -i /usr/local/share/opensd/ansible/inventory/multinode deploy --forks 50 -t service_name","title":"8.4 \u6267\u884c\u90e8\u7f72"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/","text":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 OpenStack \u7b80\u4ecb \u00b6 OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 22.03-LTS-SP4\u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Wallaby \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002 \u7ea6\u5b9a \u00b6 OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a CinderSP1 Nova Neutron \u51c6\u5907\u73af\u5883 \u00b6 \u73af\u5883\u914d\u7f6e \u00b6 \u914d\u7f6e 22.03 LTS \u5b98\u65b9yum\u6e90\uff0c\u9700\u8981\u542f\u7528EPOL\u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301OpenStack yum update yum install openstack-release-wallaby yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP4/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.03-LTS-SP4/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute \u5b89\u88c5 SQL DataBase \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef \u5b89\u88c5 RabbitMQ \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5 Memcached \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u5b89\u88c5 OpenStack \u00b6 Keystone \u5b89\u88c5 \u00b6 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Placement\u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a source ~/.admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name Nova \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [libvirt] virt_type = qemu (CPT) cpu_mode = custom (CPT) cpu_model = cortex-a72 (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] vim /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } (CPT) \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL) Neutron \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service systemctl enable neutron-l3-agent.service systemctl restart openstack-nova-api.service neutron-server.service (CTL) neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list Cinder \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list horizon \u5b89\u88c5 \u00b6 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740 Tempest \u5b89\u88c5 \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Wallaby\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin Ironic \u5b89\u88c5 \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://172.20.19.13:5050/v1 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop transport_url = rabbit://openstack:RABBITPASSWD@controller:5672/ enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:123456@172.20.19.25:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 3\u3001\u914d\u7f6e\u6d88\u606f\u5ea6\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 4\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://control:5000 www_authenticate_uri = http://control:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = control:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True 5\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 6\u3001\u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c 7\u3001\u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\uff1a ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade 8\u3001\u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service 6.\u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7.deploy ramdisk\u955c\u50cf\u5236\u4f5c W\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528W\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\uff0c\u5982\u4e0b\uff1a \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a ![ironic-err](../../img/install/ironic-err.png) \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a w\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 1. \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a ``` [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ``` 2) ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 ``` [DEFAULT] enable_auto_tls = False ``` \u8bbe\u7f6e\u6743\u9650\uff1a ``` chown -R ipa.ipa /etc/ironic_python_agent/ ``` 3. \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service ``` [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target ``` Kolla \u5b89\u88c5 \u00b6 Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 22.03 LTS\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002 Trove \u5b89\u88c5 \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 1.\u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; 2.\u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s 3.\u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 yum install openstack-trove python-troveclient 2. \u914d\u7f6e trove.conf vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] project_domain_name = Default project_name = service user_domain_name = Default password = trove username = trove auth_url = http://controller:5000/v3/ auth_type = password [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = trove project_domain_name = Default user_domain_name = Default username = trove [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 3.\u914d\u7f6e trove-guestagent.conf vim /etc/trove/trove-guestagent.conf [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 4.\u751f\u6210\u6570\u636e Trove \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"trove-manage db_sync\" trove 4.\u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Swift \u5b89\u88c5 \u00b6 Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** 4.\u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: ```shell yum install xfsprogs rsync ``` \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS ```shell mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc ``` \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: ```shell mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc ``` \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: ```shell blkid ``` \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: ```shell UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 ``` \u6302\u8f7d\u8bbe\u5907\uff1a ```shell mount /srv/node/vdb mount /srv/node/vdc ``` ***\u6ce8\u610f*** **\u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e** \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: ```shell [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock ``` **\u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740** \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: ```shell systemctl enable rsyncd.service systemctl start rsyncd.service ``` 5.\u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: ```shell yum install openstack-swift-account openstack-swift-container openstack-swift-object ``` \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: ```shell chown -R swift:swift /srv/node ``` \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a ```shell mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift ``` 6.\u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 ```shell cd /etc/swift ``` \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: ```shell swift-ring-builder account.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a ```shell swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f *** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder account.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder account.builder rebalance ``` 7.\u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230`/etc/swift`\u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840`container.builder`\u6587\u4ef6\uff1a ```shell swift-ring-builder container.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a ```shell swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f*** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder container.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder container.builder rebalance ``` 8.\u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230`/etc/swift`\u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840`object.builder`\u6587\u4ef6\uff1a ```shell swift-ring-builder object.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d ```shell swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f *** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder object.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder object.builder rebalance ``` \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06`account.ring.gz`\uff0c`container.ring.gz`\u4ee5\u53ca `object.ring.gz`\u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684`/etc/swift`\u76ee\u5f55\u3002 9.\u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service Cyborg \u5b89\u88c5 \u00b6 Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 1.\u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 3.\u5b89\u88c5Cyborg yum install openstack-cyborg 4.\u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f 5.\u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade 6.\u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent Aodh \u5b89\u88c5 \u00b6 1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 3.\u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u6ce8\u610f aodh\u4f9d\u8d56\u7684\u8f6f\u4ef6\u5305pytho3-pyparsing\u5728openEuler\u7684OS\u4ed3\u4e0d\u9002\u914d\uff0c\u9700\u8981\u8986\u76d6\u5b89\u88c5OpenStack\u5bf9\u5e94\u7248\u672c\uff0c\u53ef\u4ee5\u4f7f\u7528 yum list |grep pyparsing |grep OpenStack | awk '{print $2}' \u83b7\u53d6\u5bf9\u5e94\u7684\u7248\u672c VERSION,\u7136\u540e\u518d yum install -y python3-pyparsing-VERSION \u8986\u76d6\u5b89\u88c5\u9002\u914d\u7684pyparsing 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync 6.\u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service Gnocchi \u5b89\u88c5 \u00b6 1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 3.\u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade 6.\u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service Ceilometer \u5b89\u88c5 \u00b6 1.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering 2.\u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central 3.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade 6.\u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Heat \u5b89\u88c5 \u00b6 1.\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; 2.\u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin 3.\u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 4.\u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user 5.\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine 6.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 7.\u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat 8.\u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 \u00b6 oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 pip install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.03-LTS-SP4\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.03-lts-sp4 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r wallaby \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.03-lts-sp4 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"openEuler-22.03-LTS-SP4_Wallaby"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#openstack-wallaby","text":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72","title":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#openstack","text":"OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 22.03-LTS-SP4\u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Wallaby \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002","title":"OpenStack \u7b80\u4ecb"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#_1","text":"OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a CinderSP1 Nova Neutron","title":"\u7ea6\u5b9a"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#_2","text":"","title":"\u51c6\u5907\u73af\u5883"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#_3","text":"\u914d\u7f6e 22.03 LTS \u5b98\u65b9yum\u6e90\uff0c\u9700\u8981\u542f\u7528EPOL\u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301OpenStack yum update yum install openstack-release-wallaby yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.03-LTS-SP4/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.03-LTS-SP4/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute","title":"\u73af\u5883\u914d\u7f6e"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#sql-database","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef","title":"\u5b89\u88c5 SQL DataBase"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#rabbitmq","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5 RabbitMQ"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#memcached","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002","title":"\u5b89\u88c5 Memcached"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#openstack_1","text":"","title":"\u5b89\u88c5 OpenStack"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#keystone","text":"\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#glance","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#placement","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a source ~/.admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name","title":"Placement\u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#nova","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [libvirt] virt_type = qemu (CPT) cpu_mode = custom (CPT) cpu_model = cortex-a72 (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] vim /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } (CPT) \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL)","title":"Nova \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#neutron","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service systemctl enable neutron-l3-agent.service systemctl restart openstack-nova-api.service neutron-server.service (CTL) neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list","title":"Neutron \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#cinder","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list","title":"Cinder \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#horizon","text":"\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740","title":"horizon \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Wallaby\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin","title":"Tempest \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://172.20.19.13:5050/v1 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop transport_url = rabbit://openstack:RABBITPASSWD@controller:5672/ enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:123456@172.20.19.25:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 3\u3001\u914d\u7f6e\u6d88\u606f\u5ea6\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 4\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://control:5000 www_authenticate_uri = http://control:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = control:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True 5\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 6\u3001\u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c 7\u3001\u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\uff1a ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade 8\u3001\u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service 6.\u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7.deploy ramdisk\u955c\u50cf\u5236\u4f5c W\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528W\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\uff0c\u5982\u4e0b\uff1a \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a ![ironic-err](../../img/install/ironic-err.png) \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a w\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 1. \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a ``` [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ``` 2) ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 ``` [DEFAULT] enable_auto_tls = False ``` \u8bbe\u7f6e\u6743\u9650\uff1a ``` chown -R ipa.ipa /etc/ironic_python_agent/ ``` 3. \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service ``` [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target ```","title":"Ironic \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#kolla","text":"Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 22.03 LTS\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002","title":"Kolla \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 1.\u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; 2.\u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s 3.\u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 yum install openstack-trove python-troveclient 2. \u914d\u7f6e trove.conf vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] project_domain_name = Default project_name = service user_domain_name = Default password = trove username = trove auth_url = http://controller:5000/v3/ auth_type = password [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = trove project_domain_name = Default user_domain_name = Default username = trove [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 3.\u914d\u7f6e trove-guestagent.conf vim /etc/trove/trove-guestagent.conf [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 4.\u751f\u6210\u6570\u636e Trove \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"trove-manage db_sync\" trove 4.\u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#swift","text":"Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** 4.\u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: ```shell yum install xfsprogs rsync ``` \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS ```shell mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc ``` \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: ```shell mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc ``` \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: ```shell blkid ``` \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: ```shell UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 ``` \u6302\u8f7d\u8bbe\u5907\uff1a ```shell mount /srv/node/vdb mount /srv/node/vdc ``` ***\u6ce8\u610f*** **\u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e** \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: ```shell [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock ``` **\u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740** \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: ```shell systemctl enable rsyncd.service systemctl start rsyncd.service ``` 5.\u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: ```shell yum install openstack-swift-account openstack-swift-container openstack-swift-object ``` \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: ```shell chown -R swift:swift /srv/node ``` \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a ```shell mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift ``` 6.\u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 ```shell cd /etc/swift ``` \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: ```shell swift-ring-builder account.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a ```shell swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f *** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder account.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder account.builder rebalance ``` 7.\u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230`/etc/swift`\u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840`container.builder`\u6587\u4ef6\uff1a ```shell swift-ring-builder container.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a ```shell swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f*** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder container.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder container.builder rebalance ``` 8.\u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230`/etc/swift`\u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840`object.builder`\u6587\u4ef6\uff1a ```shell swift-ring-builder object.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d ```shell swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f *** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder object.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder object.builder rebalance ``` \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06`account.ring.gz`\uff0c`container.ring.gz`\u4ee5\u53ca `object.ring.gz`\u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684`/etc/swift`\u76ee\u5f55\u3002 9.\u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service","title":"Swift \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#cyborg","text":"Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 1.\u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 3.\u5b89\u88c5Cyborg yum install openstack-cyborg 4.\u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f 5.\u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade 6.\u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent","title":"Cyborg \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#aodh","text":"1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 3.\u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u6ce8\u610f aodh\u4f9d\u8d56\u7684\u8f6f\u4ef6\u5305pytho3-pyparsing\u5728openEuler\u7684OS\u4ed3\u4e0d\u9002\u914d\uff0c\u9700\u8981\u8986\u76d6\u5b89\u88c5OpenStack\u5bf9\u5e94\u7248\u672c\uff0c\u53ef\u4ee5\u4f7f\u7528 yum list |grep pyparsing |grep OpenStack | awk '{print $2}' \u83b7\u53d6\u5bf9\u5e94\u7684\u7248\u672c VERSION,\u7136\u540e\u518d yum install -y python3-pyparsing-VERSION \u8986\u76d6\u5b89\u88c5\u9002\u914d\u7684pyparsing 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync 6.\u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service","title":"Aodh \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#gnocchi","text":"1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 3.\u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade 6.\u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service","title":"Gnocchi \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#ceilometer","text":"1.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering 2.\u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central 3.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade 6.\u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service","title":"Ceilometer \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#heat","text":"1.\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; 2.\u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin 3.\u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 4.\u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user 5.\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine 6.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 7.\u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat 8.\u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service","title":"Heat \u5b89\u88c5"},{"location":"install/openEuler-22.03-LTS-SP4/OpenStack-wallaby/#openstack-sigoos","text":"oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 pip install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.03-LTS-SP4\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.03-lts-sp4 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r wallaby \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.03-lts-sp4 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"\u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72"},{"location":"install/openEuler-22.09/OpenStack-yoga/","text":"OpenStack Yoga \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack Yoga \u90e8\u7f72\u6307\u5357 \u57fa\u4e8eRPM\u90e8\u7f72 \u73af\u5883\u51c6\u5907 \u65f6\u949f\u540c\u6b65 \u5b89\u88c5\u6570\u636e\u5e93 \u5b89\u88c5\u6d88\u606f\u961f\u5217 \u5b89\u88c5\u7f13\u5b58\u670d\u52a1 \u90e8\u7f72\u670d\u52a1 Keystone Glance Placement Nova Neutron Cinder Horizon Ironic Trove Swift Cyborg Aodh Gnocchi Ceilometer Heat Tempest \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u90e8\u7f72 \u57fa\u4e8eOpenStack SIG\u90e8\u7f72\u5de5\u5177opensd\u90e8\u7f72 \u90e8\u7f72\u6b65\u9aa4 1. \u90e8\u7f72\u524d\u9700\u8981\u786e\u8ba4\u7684\u4fe1\u606f 2. ceph pool\u4e0e\u8ba4\u8bc1\u521b\u5efa\uff08\u53ef\u9009\uff09 2.1 \u521b\u5efapool: 2.2 \u521d\u59cb\u5316pool 2.3 \u521b\u5efa\u7528\u6237\u8ba4\u8bc1 3. \u914d\u7f6elvm\uff08\u53ef\u9009\uff09 4. \u914d\u7f6eyum repo 4.1 \u5907\u4efdyum\u6e90 4.2 \u914d\u7f6eyum repo 4.3 \u66f4\u65b0yum\u7f13\u5b58 5. \u5b89\u88c5opensd 5.1 \u514b\u9686opensd\u6e90\u7801\u5e76\u5b89\u88c5 6. \u505assh\u4e92\u4fe1 6.1 \u751f\u6210\u5bc6\u94a5\u5bf9 6.2 \u751f\u6210\u4e3b\u673aIP\u5730\u5740\u6587\u4ef6 6.3 \u66f4\u6539\u5bc6\u7801\u5e76\u6267\u884c\u811a\u672c 6.4 \u90e8\u7f72\u8282\u70b9\u4e0eceph monitor\u505a\u4e92\u4fe1\uff08\u53ef\u9009\uff09 7. \u914d\u7f6eopensd 7.1 \u751f\u6210\u968f\u673a\u5bc6\u7801 7.2 \u914d\u7f6einventory\u6587\u4ef6 7.3 \u914d\u7f6e\u5168\u5c40\u53d8\u91cf 7.4 \u68c0\u67e5\u6240\u6709\u8282\u70b9ssh\u8fde\u63a5\u72b6\u6001 8. \u6267\u884c\u90e8\u7f72 8.1 \u6267\u884cbootstrap 8.2 \u91cd\u542f\u670d\u52a1\u5668 8.3 \u6267\u884c\u90e8\u7f72\u524d\u68c0\u67e5 8.4 \u6267\u884c\u90e8\u7f72 \u57fa\u4e8eOpenStack helm\u90e8\u7f72 \u7b80\u4ecb \u524d\u7f6e\u8bbe\u7f6e \u81ea\u52a8\u5b89\u88c5 \u624b\u52a8\u5b89\u88c5 \u4f7f\u7528 OpenStack-Helm \u65b0\u7279\u6027\u7684\u5b89\u88c5 Kolla\u652f\u6301iSula Nova\u652f\u6301\u9ad8\u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u7279\u6027 \u672c\u6587\u6863\u662fopenEuler OpenStack SIG\u7f16\u5199\u7684\u57fa\u4e8eopenEuler 22.09\u7684OpenStack\u90e8\u7f72\u6307\u5357\uff0c\u5185\u5bb9\u7531SIG\u8d21\u732e\u8005\u63d0\u4f9b\u3002\u5728\u9605\u8bfb\u8fc7\u7a0b\u4e2d\uff0c\u5982\u679c\u60a8\u6709\u4efb\u4f55\u7591\u95ee\u6216\u8005\u53d1\u73b0\u4efb\u4f55\u95ee\u9898\uff0c\u8bf7 \u8054\u7cfb SIG\u7ef4\u62a4\u4eba\u5458\uff0c\u6216\u8005\u76f4\u63a5 \u63d0\u4ea4issue \u7ea6\u5b9a \u672c\u7ae0\u8282\u63cf\u8ff0\u6587\u6863\u4e2d\u7684\u4e00\u4e9b\u901a\u7528\u7ea6\u5b9a\u3002 \u540d\u79f0 \u5b9a\u4e49 RABBIT_PASS rabbitmq\u7684\u5bc6\u7801\uff0c\u7531\u7528\u6237\u8bbe\u7f6e\uff0c\u5728OpenStack\u5404\u4e2a\u670d\u52a1\u914d\u7f6e\u4e2d\u4f7f\u7528 CINDER_PASS cinder\u670d\u52a1keystone\u7528\u6237\u7684\u5bc6\u7801\uff0c\u5728cinder\u914d\u7f6e\u4e2d\u4f7f\u7528 CINDER_DBPASS cinder\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728cinder\u914d\u7f6e\u4e2d\u4f7f\u7528 KEYSTONE_DBPASS keystone\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728keystone\u914d\u7f6e\u4e2d\u4f7f\u7528 GLANCE_PASS glance\u670d\u52a1keystone\u7528\u6237\u7684\u5bc6\u7801\uff0c\u5728glance\u914d\u7f6e\u4e2d\u4f7f\u7528 GLANCE_DBPASS glance\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728glance\u914d\u7f6e\u4e2d\u4f7f\u7528 HEAT_PASS \u5728keystone\u6ce8\u518c\u7684heat\u7528\u6237\u5bc6\u7801\uff0c\u5728heat\u914d\u7f6e\u4e2d\u4f7f\u7528 HEAT_DBPASS heat\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728heat\u914d\u7f6e\u4e2d\u4f7f\u7528 CYBORG_PASS \u5728keystone\u6ce8\u518c\u7684cyborg\u7528\u6237\u5bc6\u7801\uff0c\u5728cyborg\u914d\u7f6e\u4e2d\u4f7f\u7528 CYBORG_DBPASS cyborg\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728cyborg\u914d\u7f6e\u4e2d\u4f7f\u7528 NEUTRON_PASS \u5728keystone\u6ce8\u518c\u7684neutron\u7528\u6237\u5bc6\u7801\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 NEUTRON_DBPASS neutron\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 PROVIDER_INTERFACE_NAME \u7269\u7406\u7f51\u7edc\u63a5\u53e3\u7684\u540d\u79f0\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 OVERLAY_INTERFACE_IP_ADDRESS Controller\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406ip\u5730\u5740\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 METADATA_SECRET metadata proxy\u7684secret\u5bc6\u7801\uff0c\u5728nova\u548cneutron\u914d\u7f6e\u4e2d\u4f7f\u7528 PLACEMENT_DBPASS placement\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728placement\u914d\u7f6e\u4e2d\u4f7f\u7528 PLACEMENT_PASS \u5728keystone\u6ce8\u518c\u7684placement\u7528\u6237\u5bc6\u7801\uff0c\u5728placement\u914d\u7f6e\u4e2d\u4f7f\u7528 NOVA_DBPASS nova\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728nova\u914d\u7f6e\u4e2d\u4f7f\u7528 NOVA_PASS \u5728keystone\u6ce8\u518c\u7684nova\u7528\u6237\u5bc6\u7801\uff0c\u5728nova,cyborg,neutron\u7b49\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_DBPASS ironic\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728ironic\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_PASS \u5728keystone\u6ce8\u518c\u7684ironic\u7528\u6237\u5bc6\u7801\uff0c\u5728ironic\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_INSPECTOR_DBPASS ironic-inspector\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728ironic-inspector\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_INSPECTOR_PASS \u5728keystone\u6ce8\u518c\u7684ironic-inspector\u7528\u6237\u5bc6\u7801\uff0c\u5728ironic-inspector\u914d\u7f6e\u4e2d\u4f7f\u7528 OpenStack SIG\u63d0\u4f9b\u4e86\u591a\u79cd\u57fa\u4e8eopenEuler\u90e8\u7f72OpenStack\u7684\u65b9\u6cd5\uff0c\u4ee5\u6ee1\u8db3\u4e0d\u540c\u7684\u7528\u6237\u573a\u666f\uff0c\u8bf7\u6309\u9700\u9009\u62e9\u3002 \u57fa\u4e8eRPM\u90e8\u7f72 \u00b6 \u73af\u5883\u51c6\u5907 \u00b6 \u672c\u6587\u6863\u57fa\u4e8eOpenStack\u7ecf\u5178\u7684\u4e09\u8282\u70b9\u73af\u5883\u8fdb\u884c\u90e8\u7f72\uff0c\u4e09\u4e2a\u8282\u70b9\u5206\u522b\u662f\u63a7\u5236\u8282\u70b9(Controller)\u3001\u8ba1\u7b97\u8282\u70b9(Compute)\u3001\u5b58\u50a8\u8282\u70b9(Storage)\uff0c\u5176\u4e2d\u5b58\u50a8\u8282\u70b9\u4e00\u822c\u53ea\u90e8\u7f72\u5b58\u50a8\u670d\u52a1\uff0c\u5728\u8d44\u6e90\u6709\u9650\u7684\u60c5\u51b5\u4e0b\uff0c\u53ef\u4ee5\u4e0d\u5355\u72ec\u90e8\u7f72\u8be5\u8282\u70b9\uff0c\u628a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u670d\u52a1\u90e8\u7f72\u5230\u8ba1\u7b97\u8282\u70b9\u5373\u53ef\u3002 \u9996\u5148\u51c6\u5907\u4e09\u4e2aopenEuler 22.09\u73af\u5883\uff0c\u6839\u636e\u60a8\u7684\u73af\u5883\uff0c\u4e0b\u8f7d\u5bf9\u5e94\u7684\u955c\u50cf\u5e76\u5b89\u88c5\u5373\u53ef\uff1a ISO\u955c\u50cf \u3001 qcow2\u955c\u50cf \u3002 \u4e0b\u9762\u7684\u5b89\u88c5\u6309\u7167\u5982\u4e0b\u62d3\u6251\u8fdb\u884c\uff1a controller\uff1a192.168.0.2 compute\uff1a 192.168.0.3 storage\uff1a 192.168.0.4 \u5982\u679c\u60a8\u7684\u73af\u5883IP\u4e0d\u540c\uff0c\u8bf7\u6309\u7167\u60a8\u7684\u73af\u5883IP\u4fee\u6539\u76f8\u5e94\u7684\u914d\u7f6e\u6587\u4ef6\u3002 \u672c\u6587\u6863\u7684\u4e09\u8282\u70b9\u670d\u52a1\u62d3\u6251\u5982\u4e0b\u56fe\u6240\u793a(\u53ea\u5305\u542bKeystone\u3001Glance\u3001Nova\u3001Cinder\u3001Neutron\u8fd9\u51e0\u4e2a\u6838\u5fc3\u670d\u52a1\uff0c\u5176\u4ed6\u670d\u52a1\u8bf7\u53c2\u8003\u5177\u4f53\u90e8\u7f72\u7ae0\u8282)\uff1a \u5728\u6b63\u5f0f\u90e8\u7f72\u4e4b\u524d\uff0c\u9700\u8981\u5bf9\u6bcf\u4e2a\u8282\u70b9\u505a\u5982\u4e0b\u914d\u7f6e\u548c\u68c0\u67e5\uff1a \u4fdd\u8bc1EPOL yum\u6e90\u5df2\u914d\u7f6e \u6253\u5f00 /etc/yum.repos.d/openEuler.repo \u6587\u4ef6\uff0c\u68c0\u67e5 [EPOL] \u6e90\u662f\u5426\u5b58\u5728\uff0c\u82e5\u4e0d\u5b58\u5728\uff0c\u5219\u6dfb\u52a0\u5982\u4e0b\u5185\u5bb9: [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.09/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.09/OS/$basearch/RPM-GPG-KEY-openEuler \u4e0d\u8bba\u6539\u4e0d\u6539\u8fd9\u4e2a\u6587\u4ef6\uff0c\u65b0\u673a\u5668\u7684\u7b2c\u4e00\u6b65\u90fd\u8981\u66f4\u65b0\u4e00\u4e0byum\u6e90\uff0c\u6267\u884c yum update \u3002 \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u6bcf\u4e2a\u8282\u70b9\u5206\u522b\u4fee\u6539\u4e3b\u673a\u540d\uff0c\u4ee5controller\u4e3a\u4f8b\uff1a hostnamectl set-hostname controller vi /etc/hostname \u5185\u5bb9\u4fee\u6539\u4e3acontroller \u7136\u540e\u4fee\u6539\u6bcf\u4e2a\u8282\u70b9\u7684 /etc/hosts \u6587\u4ef6\uff0c\u65b0\u589e\u5982\u4e0b\u5185\u5bb9: 192.168.0.2 controller 192.168.0.3 compute 192.168.0.4 storage \u65f6\u949f\u540c\u6b65 \u00b6 \u96c6\u7fa4\u73af\u5883\u65f6\u523b\u8981\u6c42\u6bcf\u4e2a\u8282\u70b9\u7684\u65f6\u95f4\u4e00\u81f4\uff0c\u4e00\u822c\u7531\u65f6\u949f\u540c\u6b65\u8f6f\u4ef6\u4fdd\u8bc1\u3002\u672c\u6587\u4f7f\u7528 chrony \u8f6f\u4ef6\u3002\u6b65\u9aa4\u5982\u4e0b\uff1a Controller\u8282\u70b9 \uff1a \u5b89\u88c5\u670d\u52a1 dnf install chrony \u4fee\u6539 /etc/chrony.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u65b0\u589e\u4e00\u884c # \u8868\u793a\u5141\u8bb8\u54ea\u4e9bIP\u4ece\u672c\u8282\u70b9\u540c\u6b65\u65f6\u949f allow 192.168.0.0/24 \u91cd\u542f\u670d\u52a1 systemctl restart chronyd \u5176\u4ed6\u8282\u70b9 \u5b89\u88c5\u670d\u52a1 dnf install chrony \u4fee\u6539 /etc/chrony.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u65b0\u589e\u4e00\u884c # NTP_SERVER\u662fcontroller IP\uff0c\u8868\u793a\u4ece\u8fd9\u4e2a\u673a\u5668\u83b7\u53d6\u65f6\u95f4\uff0c\u8fd9\u91cc\u6211\u4eec\u586b192.168.0.2\uff0c\u6216\u8005\u5728`/etc/hosts`\u91cc\u914d\u7f6e\u597d\u7684controller\u540d\u5b57\u5373\u53ef\u3002 server NTP_SERVER iburst \u540c\u65f6\uff0c\u8981\u628a pool pool.ntp.org iburst \u8fd9\u4e00\u884c\u6ce8\u91ca\u6389\uff0c\u8868\u793a\u4e0d\u4ece\u516c\u7f51\u540c\u6b65\u65f6\u949f\u3002 \u91cd\u542f\u670d\u52a1 systemctl restart chronyd \u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u68c0\u67e5\u4e00\u4e0b\u7ed3\u679c\uff0c\u5728\u5176\u4ed6\u975econtroller\u8282\u70b9\u6267\u884c chronyc sources \uff0c\u8fd4\u56de\u7ed3\u679c\u7c7b\u4f3c\u5982\u4e0b\u5185\u5bb9\uff0c\u8868\u793a\u6210\u529f\u4ececontroller\u540c\u6b65\u65f6\u949f\u3002 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* 192.168.0.2 4 6 7 0 -1406ns[ +55us] +/- 16ms \u5b89\u88c5\u6570\u636e\u5e93 \u00b6 \u6570\u636e\u5e93\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528mariadb\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install mysql-config mariadb mariadb-server python3-PyMySQL \u65b0\u589e\u914d\u7f6e\u6587\u4ef6 /etc/my.cnf.d/openstack.cnf \uff0c\u5185\u5bb9\u5982\u4e0b [mysqld] bind-address = 192.168.0.2 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u542f\u52a8\u670d\u52a1\u5668 systemctl start mariadb \u521d\u59cb\u5316\u6570\u636e\u5e93\uff0c\u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef mysql_secure_installation \u793a\u4f8b\u5982\u4e0b\uff1a NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and haven't set the root password yet, you should just press enter here. Enter current password for root (enter for none): #\u8fd9\u91cc\u8f93\u5165\u5bc6\u7801\uff0c\u7531\u4e8e\u6211\u4eec\u662f\u521d\u59cb\u5316DB\uff0c\u76f4\u63a5\u56de\u8f66\u5c31\u884c OK, successfully used password, moving on... Setting the root password or using the unix_socket ensures that nobody can log into the MariaDB root user without the proper authorisation. You already have your root account protected, so you can safely answer 'n'. # \u8fd9\u91cc\u6839\u636e\u63d0\u793a\u8f93\u5165N Switch to unix_socket authentication [Y/n] N Enabled successfully! Reloading privilege tables.. ... Success! You already have your root account protected, so you can safely answer 'n'. # \u8f93\u5165Y\uff0c\u4fee\u6539\u5bc6\u7801 Change the root password? [Y/n] Y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. # \u8f93\u5165Y\uff0c\u5220\u9664\u533f\u540d\u7528\u6237 Remove anonymous users? [Y/n] Y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. # \u8f93\u5165Y\uff0c\u5173\u95edroot\u8fdc\u7a0b\u767b\u5f55\u6743\u9650 Disallow root login remotely? [Y/n] Y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. # \u8f93\u5165Y\uff0c\u5220\u9664test\u6570\u636e\u5e93 Remove test database and access to it? [Y/n] Y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. # \u8f93\u5165Y\uff0c\u91cd\u8f7d\u914d\u7f6e Reload privilege tables now? [Y/n] Y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. \u9a8c\u8bc1\uff0c\u6839\u636e\u7b2c\u56db\u6b65\u8bbe\u7f6e\u7684\u5bc6\u7801\uff0c\u68c0\u67e5\u662f\u5426\u80fd\u767b\u5f55mariadb mysql -uroot -p \u5b89\u88c5\u6d88\u606f\u961f\u5217 \u00b6 \u6d88\u606f\u961f\u5217\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528rabbitmq\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install rabbitmq-server \u542f\u52a8\u670d\u52a1 systemctl start rabbitmq-server \u914d\u7f6eopenstack\u7528\u6237\uff0c RABBIT_PASS \u662fopenstack\u670d\u52a1\u767b\u5f55\u6d88\u606f\u961f\u91cc\u7684\u5bc6\u7801\uff0c\u9700\u8981\u548c\u540e\u9762\u5404\u4e2a\u670d\u52a1\u7684\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\u3002 rabbitmqctl add_user openstack RABBIT_PASS rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5\u7f13\u5b58\u670d\u52a1 \u00b6 \u6d88\u606f\u961f\u5217\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528Memcached\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install memcached python3-memcached \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u542f\u52a8\u670d\u52a1 systemctl start memcached \u90e8\u7f72\u670d\u52a1 \u00b6 Keystone \u00b6 Keystone\u662fOpenStack\u63d0\u4f9b\u7684\u9274\u6743\u670d\u52a1\uff0c\u662f\u6574\u4e2aOpenStack\u7684\u5165\u53e3\uff0c\u63d0\u4f9b\u4e86\u79df\u6237\u9694\u79bb\u3001\u7528\u6237\u8ba4\u8bc1\u3001\u670d\u52a1\u53d1\u73b0\u7b49\u529f\u80fd\uff0c\u5fc5\u987b\u5b89\u88c5\u3002 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server \u6253\u5f00httpd.conf\u5e76\u914d\u7f6e #\u9700\u8981\u4fee\u6539\u7684\u914d\u7f6e\u6587\u4ef6\u8def\u5f84 vim /etc/httpd/conf/httpd.conf #\u4fee\u6539\u4ee5\u4e0b\u9879\uff0c\u5982\u679c\u6ca1\u6709\u5219\u65b0\u6dfb\u52a0 ServerName controller \u521b\u5efa\u8f6f\u94fe\u63a5 ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles \u9700\u8981\u5148\u5b89\u88c5python3-openstackclient dnf install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u00b6 Glance\u662fOpenStack\u63d0\u4f9b\u7684\u955c\u50cf\u670d\u52a1\uff0c\u8d1f\u8d23\u865a\u62df\u673a\u3001\u88f8\u673a\u955c\u50cf\u7684\u4e0a\u4f20\u4e0e\u4e0b\u8f7d\uff0c\u5fc5\u987b\u5b89\u88c5\u3002 Controller\u8282\u70b9 \uff1a \u521b\u5efa glance \u6570\u636e\u5e93\u5e76\u6388\u6743 mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521d\u59cb\u5316 glance \u8d44\u6e90\u5bf9\u8c61 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efa\u7528\u6237\u65f6\uff0c\u547d\u4ee4\u884c\u4f1a\u63d0\u793a\u8f93\u5165\u5bc6\u7801\uff0c\u8bf7\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u5bc6\u7801\uff0c\u4e0b\u6587\u6d89\u53ca\u5230 GLANCE_PASS \u7684\u5730\u65b9\u66ff\u6362\u6210\u8be5\u5bc6\u7801\u5373\u53ef\u3002 openstack user create --domain default --password-prompt glance User Password: Repeat User Password: \u6dfb\u52a0glance\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user glance admin \u521b\u5efaglance\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efaglance API\u670d\u52a1\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-glance \u4fee\u6539 glance \u914d\u7f6e\u6587\u4ef6 vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrcu \u4e0b\u8f7d\u955c\u50cf x86\u955c\u50cf\u4e0b\u8f7d\uff1a wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img arm\u955c\u50cf\u4e0b\u8f7d\uff1a wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-aarch64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Placement \u00b6 Placement\u662fOpenStack\u63d0\u4f9b\u7684\u8d44\u6e90\u8c03\u5ea6\u7ec4\u4ef6\uff0c\u4e00\u822c\u4e0d\u9762\u5411\u7528\u6237\uff0c\u7531Nova\u7b49\u7ec4\u4ef6\u8c03\u7528\uff0c\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\u3002 \u5b89\u88c5\u3001\u914d\u7f6ePlacement\u670d\u52a1\u524d\uff0c\u9700\u8981\u5148\u521b\u5efa\u76f8\u5e94\u7684\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548cAPI endpoints\u3002 \u521b\u5efa\u6570\u636e\u5e93 \u4f7f\u7528root\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\u670d\u52a1\uff1a mysql -u root -p \u521b\u5efaplacement\u6570\u636e\u5e93\uff1a MariaDB [(none)]> CREATE DATABASE placement; \u6388\u6743\u6570\u636e\u5e93\u8bbf\u95ee\uff1a MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; \u66ff\u6362 PLACEMENT_DBPASS \u4e3aplacement\u6570\u636e\u5e93\u8bbf\u95ee\u5bc6\u7801\u3002 \u9000\u51fa\u6570\u636e\u5e93\u8bbf\u95ee\u5ba2\u6237\u7aef\uff1a exit \u914d\u7f6e\u7528\u6237\u548cEndpoints source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u521b\u5efaplacement\u7528\u6237\u5e76\u8bbe\u7f6e\u7528\u6237\u5bc6\u7801\uff1a openstack user create --domain default --password-prompt placement User Password: Repeat User Password: \u6dfb\u52a0placement\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user placement admin \u521b\u5efaplacement\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name placement \\ --description \"Placement API\" placement \u521b\u5efaPlacement API\u670d\u52a1endpoints\uff1a openstack endpoint create --region RegionOne \\ placement public http://controller:8778 openstack endpoint create --region RegionOne \\ placement internal http://controller:8778 openstack endpoint create --region RegionOne \\ placement admin http://controller:8778 \u5b89\u88c5\u53ca\u914d\u7f6e\u7ec4\u4ef6 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a dnf install openstack-placement-api \u7f16\u8f91 /etc/placement/placement.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u5b8c\u6210\u5982\u4e0b\u64cd\u4f5c\uff1a \u5728 [placement_database] \u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1a [placement_database] connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement \u66ff\u6362 PLACEMENT_DBPASS \u4e3aplacement\u6570\u636e\u5e93\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u6570\u636e\u5e93\u540c\u6b65\uff0c\u586b\u5145Placement\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8\u670d\u52a1 \u91cd\u542fhttpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650 source ~/.admin-openrc \u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a placement-status upgrade check +----------------------------------------------------------------------+ | Upgrade Check Results | +----------------------------------------------------------------------+ | Check: Missing Root Provider IDs | | Result: Success | | Details: None | +----------------------------------------------------------------------+ | Check: Incomplete Consumers | | Result: Success | | Details: None | +----------------------------------------------------------------------+ | Check: Policy File JSON to YAML Migration | | Result: Failure | | Details: Your policy file is JSON-formatted which is deprecated. You | | need to switch to YAML-formatted file. Use the | | ``oslopolicy-convert-json-to-yaml`` tool to convert the | | existing JSON-formatted files to YAML in a backwards- | | compatible manner: https://docs.openstack.org/oslo.policy/ | | latest/cli/oslopolicy-convert-json-to-yaml.html. | +----------------------------------------------------------------------+ \u8fd9\u91cc\u53ef\u4ee5\u770b\u5230 Policy File JSON to YAML Migration \u7684\u7ed3\u679c\u4e3aFailure\u3002\u8fd9\u662f\u56e0\u4e3a\u5728Placement\u4e2d\uff0cJSON\u683c\u5f0f\u7684policy\u6587\u4ef6\u4eceWallaby\u7248\u672c\u5f00\u59cb\u5df2\u5904\u4e8e deprecated \u72b6\u6001\u3002\u53ef\u4ee5\u53c2\u8003\u63d0\u793a\uff0c\u4f7f\u7528 oslopolicy-convert-json-to-yaml \u5de5\u5177 \u5c06\u73b0\u6709\u7684JSON\u683c\u5f0fpolicy\u6587\u4ef6\u8f6c\u5316\u4e3aYAML\u683c\u5f0f\u3002 oslopolicy-convert-json-to-yaml --namespace placement \\ --policy-file /etc/placement/policy.json \\ --output-file /etc/placement/policy.yaml mv /etc/placement/policy.json{,.bak} \u6ce8\uff1a\u5f53\u524d\u73af\u5883\u4e2d\u6b64\u95ee\u9898\u53ef\u5ffd\u7565\uff0c\u4e0d\u5f71\u54cd\u8fd0\u884c\u3002 \u9488\u5bf9placement API\u8fd0\u884c\u547d\u4ee4\uff1a \u5b89\u88c5osc-placement\u63d2\u4ef6\uff1a dnf install python3-osc-placement \u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a openstack --os-placement-api-version 1.2 resource class list --sort-column name +----------------------------+ | name | +----------------------------+ | DISK_GB | | FPGA | | ... | openstack --os-placement-api-version 1.6 trait list --sort-column name +---------------------------------------+ | name | +---------------------------------------+ | COMPUTE_ACCELERATORS | | COMPUTE_ARCH_AARCH64 | | ... | Nova \u00b6 Nova\u662fOpenStack\u7684\u8ba1\u7b97\u670d\u52a1\uff0c\u8d1f\u8d23\u865a\u62df\u673a\u7684\u521b\u5efa\u3001\u53d1\u653e\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u521b\u5efa\u6570\u636e\u5e93 \u4f7f\u7528root\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\u670d\u52a1\uff1a mysql -u root -p \u521b\u5efa nova_api \u3001 nova \u548c nova_cell0 \u6570\u636e\u5e93\uff1a MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; \u6388\u6743\u6570\u636e\u5e93\u8bbf\u95ee\uff1a MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; \u66ff\u6362 NOVA_DBPASS \u4e3anova\u76f8\u5173\u6570\u636e\u5e93\u8bbf\u95ee\u5bc6\u7801\u3002 \u9000\u51fa\u6570\u636e\u5e93\u8bbf\u95ee\u5ba2\u6237\u7aef\uff1a exit \u914d\u7f6e\u7528\u6237\u548cEndpoints source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u521b\u5efanova\u7528\u6237\u5e76\u8bbe\u7f6e\u7528\u6237\u5bc6\u7801\uff1a openstack user create --domain default --password-prompt nova User Password: Repeat User Password: \u6dfb\u52a0nova\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user nova admin \u521b\u5efanova\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name nova \\ --description \"OpenStack Compute\" compute \u521b\u5efaNova API\u670d\u52a1endpoints\uff1a openstack endpoint create --region RegionOne \\ compute public http://controller:8774/v2.1 openstack endpoint create --region RegionOne \\ compute internal http://controller:8774/v2.1 openstack endpoint create --region RegionOne \\ compute admin http://controller:8774/v2.1 \u5b89\u88c5\u53ca\u914d\u7f6e\u7ec4\u4ef6 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a dnf install openstack-nova-api openstack-nova-conductor \\ openstack-nova-novncproxy openstack-nova-scheduler \u7f16\u8f91 /etc/nova/nova.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u5b8c\u6210\u5982\u4e0b\u64cd\u4f5c\uff1a \u5728 [default] \u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u4f7f\u7528controller\u8282\u70b9\u7ba1\u7406IP\u914d\u7f6emy_ip\uff0c\u663e\u5f0f\u5b9a\u4e49log_dir\uff1a [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 192.168.0.2 log_dir = /var/log/nova \u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002 \u5728 [api_database] \u548c [database] \u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1a [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova \u66ff\u6362 NOVA_DBPASS \u4e3anova\u76f8\u5173\u6570\u636e\u5e93\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u5728 [vnc] \u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1a [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip \u5728 [glance] \u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1a [glance] api_servers = http://controller:9292 \u5728 [oslo_concurrency] \u90e8\u5206\uff0c\u914d\u7f6elock path\uff1a [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\uff1a [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u6570\u636e\u5e93\u540c\u6b65\uff1a \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova \u542f\u52a8\u670d\u52a1 systemctl enable \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service Compute\u8282\u70b9 \u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-nova-compute \u7f16\u8f91 /etc/nova/nova.conf \u914d\u7f6e\u6587\u4ef6 \u5728 [default] \u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u4f7f\u7528Compute\u8282\u70b9\u7ba1\u7406IP\u914d\u7f6emy_ip\uff0c\u663e\u5f0f\u5b9a\u4e49compute_driver\u3001instances_path\u3001log_dir\uff1a [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 192.168.0.3 compute_driver = libvirt.LibvirtDriver instances_path = /var/lib/nova/instances log_dir = /var/log/nova \u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u5728 [vnc] \u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1a [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html \u5728 [glance] \u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1a [glance] api_servers = http://controller:9292 \u5728 [oslo_concurrency] \u90e8\u5206\uff0c\u914d\u7f6elock path\uff1a [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\uff1a [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86_64\uff09 \u5904\u7406\u5668\u4e3ax86_64\u67b6\u6784\u65f6\uff0c\u53ef\u901a\u8fc7\u8fd0\u884c\u5982\u4e0b\u547d\u4ee4\u786e\u8ba4\u662f\u5426\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662f\u9ed8\u8ba4\u7684KVM\u3002\u7f16\u8f91 /etc/nova/nova.conf \u7684 [libvirt] \u90e8\u5206\uff1a [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e\u3002 \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08arm64\uff09 \u5904\u7406\u5668\u4e3aarm64\u67b6\u6784\u65f6\uff0c\u53ef\u901a\u8fc7\u8fd0\u884c\u5982\u4e0b\u547d\u4ee4\u786e\u8ba4\u662f\u5426\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff1a virt-host-validate # \u8be5\u547d\u4ee4\u7531libvirt\u63d0\u4f9b\uff0c\u6b64\u65f6libvirt\u5e94\u5df2\u4f5c\u4e3aopenstack-nova-compute\u4f9d\u8d56\u88ab\u5b89\u88c5\uff0c\u73af\u5883\u4e2d\u5df2\u6709\u6b64\u547d\u4ee4 \u663e\u793aFAIL\u65f6\uff0c\u8868\u793a\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662f\u9ed8\u8ba4\u7684KVM\u3002 QEMU: Checking if device /dev/kvm exists: FAIL (Check that CPU and firmware supports virtualization and kvm module is loaded) \u7f16\u8f91 /etc/nova/nova.conf \u7684 [libvirt] \u90e8\u5206\uff1a [libvirt] virt_type = qemu \u663e\u793aPASS\u65f6\uff0c\u8868\u793a\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e\u3002 QEMU: Checking if device /dev/kvm exists: PASS \u914d\u7f6eqemu\uff08\u4ec5arm64\uff09 \u4ec5\u5f53\u5904\u7406\u5668\u4e3aarm64\u67b6\u6784\u65f6\u9700\u8981\u6267\u884c\u6b64\u64cd\u4f5c\u3002 \u7f16\u8f91 /etc/libvirt/qemu.conf : nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u7f16\u8f91 /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } \u542f\u52a8\u670d\u52a1 systemctl enable libvirtd.service openstack-nova-compute.service systemctl start libvirtd.service openstack-nova-compute.service Controller\u8282\u70b9 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u786e\u8ba4nova-compute\u670d\u52a1\u5df2\u8bc6\u522b\u5230\u6570\u636e\u5e93\u4e2d\uff1a openstack compute service list --service nova-compute \u53d1\u73b0\u8ba1\u7b97\u8282\u70b9\uff0c\u5c06\u8ba1\u7b97\u8282\u70b9\u6dfb\u52a0\u5230cell\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova \u7ed3\u679c\u5982\u4e0b\uff1a Modules with known eventlet monkey patching issues were imported prior to eventlet monkey patching: urllib3. This warning can usually be ignored if the caller is only importing and not executing nova code. Found 2 cell mappings. Skipping cell0 since it does not contain hosts. Getting computes from cell 'cell1': 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2 Checking host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e Creating host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e Found 1 unmapped computes in cell: 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2 \u9a8c\u8bc1 \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check Neutron \u00b6 Neutron\u662fOpenStack\u7684\u7f51\u7edc\u670d\u52a1\uff0c\u63d0\u4f9b\u865a\u62df\u4ea4\u6362\u673a\u3001IP\u8def\u7531\u3001DHCP\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u670d\u52a1\u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u7528\u6237\u548c\u670d\u52a1\uff0c\u5e76\u8bb0\u4f4f\u521b\u5efaneutron\u7528\u6237\u65f6\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6eNEUTRON_PASS\uff1a source ~/.admin-openrc openstack user create --domain default --password-prompt neutron openstack role add --project service --user neutron admin openstack service create --name neutron --description \"OpenStack Networking\" network \u90e8\u7f72 Neutron API \u670d\u52a1\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 openstack endpoint create --region RegionOne network internal http://controller:9696 openstack endpoint create --region RegionOne network admin http://controller:9696 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install -y openstack-neutron openstack-neutron-linuxbridge ebtables ipset openstack-neutron-ml2 3. \u914d\u7f6eNeutron \u4fee\u6539/etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron [DEFAULT] core_plugin = ml2 service_plugins = router allow_overlapping_ips = true transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = nova password = NOVA_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u914d\u7f6eML2\uff0cML2\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge** \u4fee\u6539/etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u4fee\u6539/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u914d\u7f6eLayer-3\u4ee3\u7406 \u4fee\u6539/etc/neutron/l3_agent.ini [DEFAULT] interface_driver = linuxbridge \u914d\u7f6eDHCP\u4ee3\u7406 \u4fee\u6539/etc/neutron/dhcp_agent.ini [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u914d\u7f6emetadata\u4ee3\u7406 \u4fee\u6539/etc/neutron/metadata_agent.ini [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u914d\u7f6enova\u670d\u52a1\u4f7f\u7528neutron\uff0c\u4fee\u6539/etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542fnova api\u670d\u52a1 systemctl restart openstack-nova-api \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service systemctl start neutron-server.service neutron-linuxbridge-agent.service \\ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service Compute\u8282\u70b9 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-neutron-linuxbridge ebtables ipset -y \u914d\u7f6eNeutron \u4fee\u6539/etc/neutron/neutron.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u4fee\u6539/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u914d\u7f6enova compute\u670d\u52a1\u4f7f\u7528neutron\uff0c\u4fee\u6539/etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS \u91cd\u542fnova-compute\u670d\u52a1 systemctl restart openstack-nova-compute.service \u542f\u52a8Neutron linuxbridge agent\u670d\u52a1 systemctl enable neutron-linuxbridge-agent systemctl start neutron-linuxbridge-agent Cinder \u00b6 Cinder\u662fOpenStack\u7684\u5b58\u50a8\u670d\u52a1\uff0c\u63d0\u4f9b\u5757\u8bbe\u5907\u7684\u521b\u5efa\u3001\u53d1\u653e\u3001\u5907\u4efd\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \uff1a \u521d\u59cb\u5316\u6570\u636e\u5e93 CINDER_DBPASS \u662f\u7528\u6237\u81ea\u5b9a\u4e49\u7684cinder\u6570\u636e\u5e93\u5bc6\u7801\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u521d\u59cb\u5316Keystone\u8d44\u6e90\u5bf9\u8c61 source ~/.admin-openrc #\u521b\u5efa\u7528\u6237\u65f6\uff0c\u547d\u4ee4\u884c\u4f1a\u63d0\u793a\u8f93\u5165\u5bc6\u7801\uff0c\u8bf7\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u5bc6\u7801\uff0c\u4e0b\u6587\u6d89\u53ca\u5230`CINDER_PASS`\u7684\u5730\u65b9\u66ff\u6362\u6210\u8be5\u5bc6\u7801\u5373\u53ef\u3002 openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s 3. \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-cinder-api openstack-cinder-scheduler \u4fee\u6539cinder\u914d\u7f6e\u6587\u4ef6 /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 192.168.0.2 [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp \u6570\u636e\u5e93\u540c\u6b65 su -s /bin/sh -c \"cinder-manage db sync\" cinder \u4fee\u6539nova\u914d\u7f6e /etc/nova/nova.conf [cinder] os_region_name = RegionOne \u542f\u52a8\u670d\u52a1 systemctl restart openstack-nova-api systemctl start openstack-cinder-api openstack-cinder-scheduler Storage\u8282\u70b9 \uff1a Storage\u8282\u70b9\u8981\u63d0\u524d\u51c6\u5907\u81f3\u5c11\u4e00\u5757\u786c\u76d8\uff0c\u4f5c\u4e3acinder\u7684\u5b58\u50a8\u540e\u7aef\uff0c\u4e0b\u6587\u9ed8\u8ba4storage\u8282\u70b9\u5df2\u7ecf\u5b58\u5728\u4e00\u5757\u672a\u4f7f\u7528\u7684\u786c\u76d8\uff0c\u8bbe\u5907\u540d\u79f0\u4e3a /dev/sdb \uff0c\u7528\u6237\u5728\u914d\u7f6e\u8fc7\u7a0b\u4e2d\uff0c\u8bf7\u6309\u7167\u771f\u5b9e\u73af\u5883\u4fe1\u606f\u8fdb\u884c\u540d\u79f0\u66ff\u6362\u3002 Cinder\u652f\u6301\u5f88\u591a\u7c7b\u578b\u7684\u540e\u7aef\u5b58\u50a8\uff0c\u672c\u6307\u5bfc\u4f7f\u7528\u6700\u7b80\u5355\u7684lvm\u4e3a\u53c2\u8003\uff0c\u5982\u679c\u60a8\u60f3\u4f7f\u7528\u5982ceph\u7b49\u5176\u4ed6\u540e\u7aef\uff0c\u8bf7\u81ea\u884c\u914d\u7f6e\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils openstack-cinder-volume openstack-cinder-backup \u914d\u7f6elvm\u5377\u7ec4 pvcreate /dev/sdb vgcreate cinder-volumes /dev/sdb \u4fee\u6539cinder\u914d\u7f6e /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 192.168.0.4 enabled_backends = lvm glance_api_servers = http://controller:9292 [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = cinder password = CINDER_PASS [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver volume_group = cinder-volumes target_protocol = iscsi target_helper = lioadm [oslo_concurrency] lock_path = /var/lib/cinder/tmp \u914d\u7f6ecinder backup \uff08\u53ef\u9009\uff09 cinder-backup\u662f\u53ef\u9009\u7684\u5907\u4efd\u670d\u52a1\uff0ccinder\u540c\u6837\u652f\u6301\u5f88\u591a\u79cd\u5907\u4efd\u540e\u7aef\uff0c\u672c\u6587\u4f7f\u7528swift\u5b58\u50a8\uff0c\u5982\u679c\u60a8\u60f3\u4f7f\u7528\u5982NFS\u7b49\u540e\u7aef\uff0c\u8bf7\u81ea\u884c\u914d\u7f6e\uff0c\u4f8b\u5982\u53ef\u4ee5\u53c2\u8003 OpenStack\u5b98\u65b9\u6587\u6863 \u5bf9NFS\u7684\u914d\u7f6e\u8bf4\u660e\u3002 \u4fee\u6539 /etc/cinder/cinder.conf \uff0c\u5728 [DEFAULT] \u4e2d\u65b0\u589e [DEFAULT] backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver backup_swift_url = SWIFT_URL \u8fd9\u91cc\u7684 SWIFT_URL \u662f\u6307\u73af\u5883\u4e2dswift\u670d\u52a1\u7684URL\uff0c\u5728\u90e8\u7f72\u5b8cswift\u670d\u52a1\u540e\uff0c\u6267\u884c openstack catalog show object-store \u547d\u4ee4\u83b7\u53d6\u3002 \u542f\u52a8\u670d\u52a1 systemctl start openstack-cinder-volume target systemctl start openstack-cinder-backup (\u53ef\u9009) \u81f3\u6b64\uff0cCinder\u670d\u52a1\u7684\u90e8\u7f72\u5df2\u5168\u90e8\u5b8c\u6210\uff0c\u53ef\u4ee5\u5728controller\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u8fdb\u884c\u7b80\u5355\u7684\u9a8c\u8bc1 source ~/.admin-openrc openstack storage service list openstack volume list Horizon \u00b6 Horizon\u662fOpenStack\u63d0\u4f9b\u7684\u524d\u7aef\u9875\u9762\uff0c\u53ef\u4ee5\u8ba9\u7528\u6237\u901a\u8fc7\u7f51\u9875\u9f20\u6807\u7684\u64cd\u4f5c\u6765\u63a7\u5236OpenStack\u96c6\u7fa4\uff0c\u800c\u4e0d\u7528\u7e41\u7410\u7684CLI\u547d\u4ee4\u884c\u3002Horizon\u4e00\u822c\u90e8\u7f72\u5728\u63a7\u5236\u8282\u70b9\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-dashboard \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] OPENSTACK_KEYSTONE_URL = \"http://controller:5000/v3\" SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f\u670d\u52a1 systemctl restart httpd \u81f3\u6b64\uff0chorizon\u670d\u52a1\u7684\u90e8\u7f72\u5df2\u5168\u90e8\u5b8c\u6210\uff0c\u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165 http://192.168.0.2/dashboard \uff0c\u6253\u5f00horizon\u767b\u5f55\u9875\u9762\u3002 Ironic \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASS'; MariaDB [(none)]> exit Bye \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 \u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 \u66ff\u6362 IRONIC_PASS \u4e3aironic\u7528\u6237\u5bc6\u7801\uff0c IRONIC_INSPECTOR_PASS \u4e3aironic_inspector\u7528\u6237\u5bc6\u7801\u3002 openstack user create --password IRONIC_PASS \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASS --email ironic_inspector@example.com ironic-inspector openstack role add --project service --user ironic-inspector admin \u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal public http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal internal http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://192.168.0.2:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://192.168.0.2:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://192.168.0.2:5050/v1 \u5b89\u88c5\u7ec4\u4ef6 dnf install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf \u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASS \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQ LAlchemy connection string used to connect to the # database (string value) # connection = mysql+pymysql://ironic:IRONIC_DBPASS@DB_IP/ironic connection = mysql+pymysql://ironic:IRONIC_DBPASS@controller/ironic \u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) # transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq \u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASS \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s % (user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) # www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 www_authenticate_uri=http://controller:5000 # Complete admin Identity API endpoint. (string value) # auth_url=http://PRIVATE_IDENTITY_IP:5000 auth_url=http://controller:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASS # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none \u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema \u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 \u5982\u4e0b\u4e3aironic-conductor\u670d\u52a1\u81ea\u8eab\u7684\u6807\u51c6\u914d\u7f6e\uff0cironic-conductor\u670d\u52a1\u53ef\u4ee5\u4e0eironic-api\u670d\u52a1\u5206\u5e03\u4e8e\u4e0d\u540c\u8282\u70b9\uff0c\u672c\u6307\u5357\u4e2d\u5747\u90e8\u7f72\u4e0e\u63a7\u5236\u8282\u70b9\uff0c\u6240\u4ee5\u91cd\u590d\u7684\u914d\u7f6e\u9879\u53ef\u8df3\u8fc7\u3002 \u66ff\u6362\u4f7f\u7528conductor\u670d\u52a1\u6240\u5728host\u7684IP\u914d\u7f6emy_ip\uff1a [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) # my_ip=HOST_IP my_ip = 192.168.0.2 \u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASS \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASS@controller/ironic \u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq \u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c \u66ff\u6362IRONIC_PASS\u4e3aironic\u7528\u6237\u5bc6\u7801\u3002 [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASS # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public # \u5176\u4ed6\u53c2\u8003\u914d\u7f6e [glance] endpoint_override = http://controller:9292 www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 auth_type = password username = ironic password = IRONIC_PASS project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service [service_catalog] region_name = RegionOne project_domain_id = default user_domain_id = default project_name = service password = IRONIC_PASS username = ironic auth_url = http://controller:5000 auth_type = password \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] endpoint_override = <NEUTRON_API_ADDRESS> \u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 \u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u5b89\u88c5\u7ec4\u4ef6 dnf install openstack-ironic-inspector \u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASS'; MariaDB [(none)]> exit Bye \u914d\u7f6e /etc/ironic-inspector/inspector.conf \u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASS \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801 [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASS@controller/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 \u914d\u7f6e\u6d88\u606f\u961f\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s % (user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://controller:5000 www_authenticate_uri = http://controller:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = controller:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True \u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=192.168.0.40,192.168.0.50 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log \u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c \u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade \u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 dnf install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd deploy ramdisk\u955c\u50cf\u4e0b\u8f7d\u6216\u5236\u4f5c \u90e8\u7f72\u4e00\u4e2a\u88f8\u673a\u8282\u70b9\u603b\u5171\u9700\u8981\u4e24\u7ec4\u955c\u50cf\uff1adeploy ramdisk images\u548cuser images\u3002Deploy ramdisk images\u4e0a\u8fd0\u884c\u6709ironic-python-agent(IPA)\u670d\u52a1\uff0cIronic\u901a\u8fc7\u5b83\u8fdb\u884c\u88f8\u673a\u8282\u70b9\u7684\u73af\u5883\u51c6\u5907\u3002User images\u662f\u6700\u7ec8\u88ab\u5b89\u88c5\u88f8\u673a\u8282\u70b9\u4e0a\uff0c\u4f9b\u7528\u6237\u4f7f\u7528\u7684\u955c\u50cf\u3002 ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent-builder\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002\u82e5\u4f7f\u7528\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \uff0c\u540c\u65f6\u5b98\u65b9\u4e5f\u6709\u63d0\u4f9b\u5236\u4f5c\u597d\u7684deploy\u955c\u50cf\uff0c\u53ef\u5c1d\u8bd5\u4e0b\u8f7d\u3002 \u4e0b\u6587\u4ecb\u7ecd\u901a\u8fc7ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder dnf install python3-ironic-python-agent-builder python3-ironic-python-agent-builder-doc \u6216 pip3 install ironic-python-agent-builder dnf install qemu-img git \u6ce8\uff1a22.09\u7cfb\u7edf\u4e2d\uff0c\u4f7f\u7528dnf\u5b89\u88c5\u65f6\uff0c\u9700\u8981\u540c\u65f6\u6309\u7167\u4e3b\u5305\u548cdoc\u5305\u3002doc\u5305\u5185\u6253\u5305\u7684 /usr/share \u76ee\u5f55\u4e2d\u6587\u4ef6\u4e3a\u8fd0\u884c\u6240\u9700\uff0c\u540e\u7eed\u7cfb\u7edf\u7248\u672c\u5c06\u5408\u5e76\u6587\u4ef6\u5230python3-ironic-python-agent-builder\u5305\u4e2d\u3002 \u5236\u4f5c\u955c\u50cf \u57fa\u672c\u7528\u6cd5\uff1a usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--lzma] [--extra-args EXTRA_ARGS] [--elements-path ELEMENTS_PATH] distribution positional arguments: distribution Distribution to use options: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic-python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --lzma Use lzma compression for smaller images --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder --elements-path ELEMENTS_PATH Path(s) to custom DIB elements separated by a colon \u64cd\u4f5c\u5b9e\u4f8b\uff1a # -o\u9009\u9879\u6307\u5b9a\u751f\u6210\u7684\u955c\u50cf\u540d # ubuntu\u6307\u5b9a\u751f\u6210ubuntu\u7cfb\u7edf\u7684\u955c\u50cf ironic-python-agent-builder -o my-ubuntu-ipa ubuntu \u53ef\u901a\u8fc7\u8bbe\u7f6e ARCH \u73af\u5883\u53d8\u91cf\uff08\u9ed8\u8ba4\u4e3aamd64\uff09\u6307\u5b9a\u6240\u6784\u5efa\u955c\u50cf\u7684\u67b6\u6784\u3002\u5982\u679c\u662f arm \u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a export ARCH=aarch64 \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf,\u8bbe\u7f6e\u7528\u6237\u540d\u3001\u5bc6\u7801\uff0c\u542f\u7528 sodo \u6743\u9650\uff1b\u5e76\u6dfb\u52a0 -e \u9009\u9879\u4f7f\u7528\u76f8\u5e94\u7684DIB\u5143\u7d20\u3002\u5236\u4f5c\u955c\u50cf\u64cd\u4f5c\u5982\u4e0b\uff1a export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder -o my-ssh-ubuntu-ipa -e selinux-permissive -e devuser ubuntu \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=stable/yoga # \u6307\u5b9a\u672c\u5730\u4ed3\u5e93\u53ca\u5206\u652f DIB_REPOLOCATION_ironic_python_agent=/home/user/path/to/repo DIB_REPOREF_ironic_python_agent=my-test-branch ironic-python-agent-builder ubuntu \u53c2\u8003\uff1a source-repositories \u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\u3002 \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a \u5f53\u524d\u7248\u672c\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ ramdisk\u955c\u50cf\u4e2d\u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 \u7f16\u8f91/usr/lib/systemd/system/ironic-python-agent.service\u6587\u4ef6 [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target Trove \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2atrove\u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684trove\u6570\u636e\u5e93\uff0c\u66ff\u6362TROVE_DBPASS\u4e3a\u5408\u9002\u7684\u5bc6\u7801\u3002 CREATE DATABASE trove CHARACTER SET utf8; GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' IDENTIFIED BY 'TROVE_DBPASS'; GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' IDENTIFIED BY 'TROVE_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 # \u521b\u5efatrove\u7528\u6237 openstack user create --domain default --password-prompt trove # \u6dfb\u52a0admin\u89d2\u8272 openstack role add --project service --user trove admin # \u521b\u5efadatabase\u670d\u52a1 openstack service create --name trove --description \"Database service\" database \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5Trove\u3002 dnf install openstack-trove python-troveclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 \u7f16\u8f91/etc/trove/trove.conf\u3002 [DEFAULT] bind_host=192.168.0.2 log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver network_label_regex=.* management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] auth_url = http://controller:5000/v3/ auth_type = password project_domain_name = Default project_name = service user_domain_name = Default password = trove username = TROVE_PASS [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = trove password = TROVE_PASS [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u63a7\u5236\u8282\u70b9\u7684IP\u3002\\ transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801\u3002\\ [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f\u3002\\ Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801\u3002 \u7f16\u8f91/etc/trove/trove-guestagent.conf\u3002 [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df\u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a\u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002\\ transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801\u3002\\ Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801\u3002\\ \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 \u6570\u636e\u5e93\u540c\u6b65\u3002 su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-trove-api.service openstack-trove-taskmanager.service \\ openstack-trove-conductor.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Swift \u00b6 Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 Controller\u8282\u70b9 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 # \u521b\u5efaswift\u7528\u6237 openstack user create --domain default --password-prompt swift # \u6dfb\u52a0admin\u89d2\u8272 openstack role add --project service --user swift admin # \u521b\u5efa\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5Swift\u3002 dnf install openstack-swift-proxy python3-swiftclient python3-keystoneclient \\ python3-keystonemiddleware memcached \u914d\u7f6eproxy-server\u3002 Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cSWIFT_PASS\u5373\u53ef\u3002 vim /etc/swift/proxy-server.conf [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = swift password = SWIFT_PASS delay_auth_decision = True service_token_roles_required = True Storage\u8282\u70b9 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305\u3002 dnf install openstack-swift-account openstack-swift-container openstack-swift-object dnf install xfsprogs rsync \u5c06\u8bbe\u5907/dev/sdb\u548c/dev/sdc\u683c\u5f0f\u5316\u4e3aXFS\u3002 mkfs.xfs /dev/sdb mkfs.xfs /dev/sdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u3002 mkdir -p /srv/node/sdb mkdir -p /srv/node/sdc \u627e\u5230\u65b0\u5206\u533a\u7684UUID\u3002 blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d\u3002 UUID=\"<UUID-from-output-above>\" /srv/node/sdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/sdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\u3002 mount /srv/node/sdb mount /srv/node/sdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e\u3002 \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u914d\u7f6e\u5b58\u50a8\u8282\u70b9\u3002 \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 [DEFAULT] bind_ip = 192.168.0.4 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743\u3002 chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\u3002 mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift Controller\u8282\u70b9\u521b\u5efa\u5e76\u5206\u53d1\u73af \u521b\u5efa\u8d26\u53f7\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840 account.builder \u6587\u4ef6\u3002 swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder account.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS \\ --port 6202 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u8d26\u53f7\u73af\u5185\u5bb9\u3002 swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u8d26\u53f7\u73af\u3002 swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\u3002 swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder container.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u5bb9\u5668\u73af\u5185\u5bb9\u3002 swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u5bb9\u5668\u73af\u3002 swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\u3002 swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder object.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS \\ --port 6200 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u5bf9\u8c61\u73af\u5185\u5bb9\u3002 swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u5bf9\u8c61\u73af\u3002 swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\u3002 \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/swift/swift.conf\u3002 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\u3002 chown -R root:swift /etc/swift \u5b8c\u6210\u5b89\u88c5 \u5728\u63a7\u5236\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\u3002 systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\u3002 systemctl enable openstack-swift-account.service \\ openstack-swift-account-auditor.service \\ openstack-swift-account-reaper.service \\ openstack-swift-account-replicator.service \\ openstack-swift-container.service \\ openstack-swift-container-auditor.service \\ openstack-swift-container-replicator.service \\ openstack-swift-container-updater.service \\ openstack-swift-object.service \\ openstack-swift-object-auditor.service \\ openstack-swift-object-replicator.service \\ openstack-swift-object-updater.service systemctl start openstack-swift-account.service \\ openstack-swift-account-auditor.service \\ openstack-swift-account-reaper.service \\ openstack-swift-account-replicator.service \\ openstack-swift-container.service \\ openstack-swift-container-auditor.service \\ openstack-swift-container-replicator.service \\ openstack-swift-container-updater.service \\ openstack-swift-object.service \\ openstack-swift-object-auditor.service \\ openstack-swift-object-replicator.service \\ openstack-swift-object-updater.service Cyborg \u00b6 Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 Controller\u8282\u70b9 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 mysql -u root -p MariaDB [(none)]> CREATE DATABASE cyborg; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u7528\u6237\u548c\u670d\u52a1\uff0c\u5e76\u8bb0\u4f4f\u521b\u5efacybory\u7528\u6237\u65f6\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6eCYBORG_PASS source ~/.admin-openrc openstack user create --domain default --password-prompt cyborg openstack role add --project service --user cyborg admin openstack service create --name cyborg --description \"Acceleration Service\" accelerator \u4f7f\u7528uwsgi\u90e8\u7f72Cyborg api\u670d\u52a1 openstack endpoint create --region RegionOne accelerator public http://controller/accelerator/v2 openstack endpoint create --region RegionOne accelerator internal http://controller/accelerator/v2 openstack endpoint create --region RegionOne accelerator admin http://controller/accelerator/v2 \u5b89\u88c5Cyborg dnf install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [api] host_ip = 0.0.0.0 [database] connection = mysql+pymysql://cyborg:CYBORG_DBPASS@controller/cyborg [service_catalog] cafile = /opt/stack/data/ca-bundle.pem project_domain_id = default user_domain_id = default project_name = service password = CYBORG_PASS username = cyborg auth_url = http://controller:5000/v3/ auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = password username = PLACEMENT_PASS auth_url = http://controller:5000/v3/ auth_type = password auth_section = keystone_authtoken [nova] project_domain_name = Default project_name = service user_domain_name = Default password = NOVA_PASS username = nova auth_url = http://controller:5000/v3/ auth_type = password auth_section = keystone_authtoken [keystone_authtoken] memcached_servers = localhost:11211 signing_dir = /var/cache/cyborg/api cafile = /opt/stack/data/ca-bundle.pem project_domain_name = Default project_name = service user_domain_name = Default password = CYBORG_PASS username = cyborg auth_url = http://controller:5000/v3/ auth_type = password \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent Aodh \u00b6 Aodh\u53ef\u4ee5\u6839\u636e\u7531Ceilometer\u6216\u8005Gnocchi\u6536\u96c6\u7684\u76d1\u63a7\u6570\u636e\u521b\u5efa\u544a\u8b66\uff0c\u5e76\u8bbe\u7f6e\u89e6\u53d1\u89c4\u5219\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh\u3002 dnf install openstack-aodh-api openstack-aodh-evaluator \\ openstack-aodh-notifier openstack-aodh-listener \\ openstack-aodh-expirer python3-aodhclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/aodh/aodh.conf [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u540c\u6b65\u6570\u636e\u5e93\u3002 aodh-dbsync \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service \\ openstack-aodh-notifier.service openstack-aodh-listener.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service \\ openstack-aodh-notifier.service openstack-aodh-listener.service Gnocchi \u00b6 Gnocchi\u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u65f6\u95f4\u5e8f\u5217\u6570\u636e\u5e93\uff0c\u53ef\u4ee5\u5bf9\u63a5Ceilometer\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi\u3002 dnf install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. # coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u540c\u6b65\u6570\u636e\u5e93\u3002 gnocchi-upgrade \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service Ceilometer \u00b6 Ceilometer\u662fOpenStack\u4e2d\u8d1f\u8d23\u6570\u636e\u6536\u96c6\u7684\u670d\u52a1\u3002 Controller\u8282\u70b9 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer\u8f6f\u4ef6\u5305\u3002 dnf install openstack-ceilometer-notification openstack-ceilometer-central \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/pipeline.yaml\u3002 publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/ceilometer.conf\u3002 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u6570\u636e\u5e93\u540c\u6b65\u3002 ceilometer-upgrade \u5b8c\u6210\u63a7\u5236\u8282\u70b9Ceilometer\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Compute\u8282\u70b9 \u5b89\u88c5Ceilometer\u8f6f\u4ef6\u5305\u3002 dnf install openstack-ceilometer-compute dnf install openstack-ceilometer-ipmi # \u53ef\u9009 \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/ceilometer.conf\u3002 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_url = http://controller:5000 project_domain_id = default user_domain_id = default auth_type = password username = ceilometer project_name = service password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/nova/nova.conf\u3002 [DEFAULT] instance_usage_audit = True instance_usage_audit_period = hour [notifications] notify_on_state_change = vm_and_task_state [oslo_messaging_notifications] driver = messagingv2 \u5b8c\u6210\u5b89\u88c5\u3002 systemctl enable openstack-ceilometer-compute.service systemctl start openstack-ceilometer-compute.service systemctl enable openstack-ceilometer-ipmi.service # \u53ef\u9009 systemctl start openstack-ceilometer-ipmi.service # \u53ef\u9009 # \u91cd\u542fnova-compute\u670d\u52a1 systemctl restart openstack-nova-compute.service Heat \u00b6 Heat\u662f OpenStack \u81ea\u52a8\u7f16\u6392\u670d\u52a1\uff0c\u57fa\u4e8e\u63cf\u8ff0\u6027\u7684\u6a21\u677f\u6765\u7f16\u6392\u590d\u5408\u4e91\u5e94\u7528\uff0c\u4e5f\u79f0\u4e3a Orchestration Service \u3002Heat \u7684\u5404\u670d\u52a1\u4e00\u822c\u5b89\u88c5\u5728 Controller \u8282\u70b9\u4e0a\u3002 Controller\u8282\u70b9 \u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE heat; MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 source ~/.admin-openrc openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f \u521b\u5efa heat domain openstack domain create --description \"Stack projects and users\" heat \u5728 heat domain\u4e0b\u521b\u5efa heat_domain_admin \u7528\u6237\uff0c\u5e76\u8bb0\u4e0b\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6e\u4e0b\u9762\u7684 HEAT_DOMAIN_PASS openstack user create --domain heat --password-prompt heat_domain_admin \u4e3a heat_domain_admin \u7528\u6237\u589e\u52a0 admin \u89d2\u8272 openstack role add --domain heat --user-domain heat --user heat_domain_admin admin \u521b\u5efa heat_stack_owner \u89d2\u8272 openstack role create heat_stack_owner \u521b\u5efa heat_stack_user \u89d2\u8272 openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service Tempest \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 Controller\u8282\u70b9 \uff1a \u5b89\u88c5Tempest dnf install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Yoga\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a dnf install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u90e8\u7f72 \u00b6 oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 oos\u5de5\u5177\u5728\u4e0d\u65ad\u6f14\u8fdb\uff0c\u517c\u5bb9\u6027\u3001\u53ef\u7528\u6027\u4e0d\u80fd\u65f6\u523b\u4fdd\u8bc1\uff0c\u5efa\u8bae\u4f7f\u7528\u5df2\u9a8c\u8bc1\u7684\u672c\u7248\uff0c\u8fd9\u91cc\u9009\u62e9 1.0.6 pip install openstack-sig-tool==1.0.6 \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff0cAK/SK\u662f\u7528\u6237\u7684\u534e\u4e3a\u4e91\u767b\u5f55\u5bc6\u94a5\uff0c\u5176\u4ed6\u914d\u7f6e\u4fdd\u6301\u9ed8\u8ba4\u5373\u53ef\uff08\u9ed8\u8ba4\u4f7f\u7528\u65b0\u52a0\u5761region\uff09\uff0c\u9700\u8981\u63d0\u524d\u5728\u4e91\u4e0a\u521b\u5efa\u5bf9\u5e94\u7684\u8d44\u6e90\uff0c\u5305\u62ec\uff1a \u4e00\u4e2a\u5b89\u5168\u7ec4\uff0c\u540d\u5b57\u9ed8\u8ba4\u662f oos \u4e00\u4e2aopenEuler\u955c\u50cf\uff0c\u540d\u79f0\u683c\u5f0f\u662fopenEuler-%(release)s-%(arch)s\uff0c\u4f8b\u5982 openEuler-22.09-arm64 \u4e00\u4e2aVPC\uff0c\u540d\u79f0\u662f oos_vpc \u8be5VPC\u4e0b\u9762\u4e24\u4e2a\u5b50\u7f51\uff0c\u540d\u79f0\u662f oos_subnet1 \u3001 oos_subnet2 [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668(\u53ea\u5728openEuler LTS\u4e0a\u652f\u6301) \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.09\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.09 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r yoga \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u6267\u884ctempest\u6d4b\u8bd5 \u7528\u6237\u53ef\u4ee5\u4f7f\u7528oos\u81ea\u52a8\u6267\u884c\uff1a oos env test test-oos \u4e5f\u53ef\u4ee5\u624b\u52a8\u767b\u5f55\u76ee\u6807\u8282\u70b9\uff0c\u8fdb\u5165\u6839\u76ee\u5f55\u4e0b\u7684 mytest \u76ee\u5f55\uff0c\u624b\u52a8\u6267\u884c tempest run \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u8df3\u8fc7\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u5728\u7b2c4\u6b65\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 \u88ab\u7eb3\u7ba1\u7684\u865a\u673a\u9700\u8981\u4fdd\u8bc1\uff1a \u81f3\u5c11\u6709\u4e00\u5f20\u7ed9oos\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e neutron_dataplane_interface_name \u81f3\u5c11\u6709\u4e00\u5757\u7ed9oos\u4f7f\u7528\u7684\u786c\u76d8\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e cinder_block_device \u5982\u679c\u8981\u90e8\u7f72swift\u670d\u52a1\uff0c\u5219\u9700\u8981\u65b0\u589e\u4e00\u5757\u786c\u76d8\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e swift_storage_devices # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.09 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002 \u57fa\u4e8eOpenStack SIG\u90e8\u7f72\u5de5\u5177opensd\u90e8\u7f72 \u00b6 opensd\u7528\u4e8e\u6279\u91cf\u5730\u811a\u672c\u5316\u90e8\u7f72openstack\u5404\u7ec4\u4ef6\u670d\u52a1\u3002 \u90e8\u7f72\u6b65\u9aa4 \u00b6 1. \u90e8\u7f72\u524d\u9700\u8981\u786e\u8ba4\u7684\u4fe1\u606f \u00b6 \u88c5\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u9700\u5c06selinux\u8bbe\u7f6e\u4e3adisable \u88c5\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u5c06/etc/ssh/sshd_config\u914d\u7f6e\u6587\u4ef6\u5185\u7684UseDNS\u8bbe\u7f6e\u4e3ano \u64cd\u4f5c\u7cfb\u7edf\u8bed\u8a00\u5fc5\u987b\u8bbe\u7f6e\u4e3a\u82f1\u6587 \u90e8\u7f72\u4e4b\u524d\u8bf7\u786e\u4fdd\u6240\u6709\u8ba1\u7b97\u8282\u70b9/etc/hosts\u6587\u4ef6\u5185\u6ca1\u6709\u5bf9\u8ba1\u7b97\u4e3b\u673a\u7684\u89e3\u6790 2. ceph pool\u4e0e\u8ba4\u8bc1\u521b\u5efa\uff08\u53ef\u9009\uff09 \u00b6 \u4e0d\u4f7f\u7528ceph\u6216\u5df2\u6709ceph\u96c6\u7fa4\u53ef\u5ffd\u7565\u6b64\u6b65\u9aa4 \u5728\u4efb\u610f\u4e00\u53f0ceph monitor\u8282\u70b9\u6267\u884c: 2.1 \u521b\u5efapool: \u00b6 ceph osd pool create volumes 2048 ceph osd pool create images 2048 2.2 \u521d\u59cb\u5316pool \u00b6 rbd pool init volumes rbd pool init images 2.3 \u521b\u5efa\u7528\u6237\u8ba4\u8bc1 \u00b6 ceph auth get-or-create client.glance mon 'profile rbd' osd 'profile rbd pool=images' mgr 'profile rbd pool=images' ceph auth get-or-create client.cinder mon 'profile rbd' osd 'profile rbd pool=volumes, profile rbd pool=images' mgr 'profile rbd pool=volumes' 3. \u914d\u7f6elvm\uff08\u53ef\u9009\uff09 \u00b6 \u6839\u636e\u7269\u7406\u673a\u78c1\u76d8\u914d\u7f6e\u4e0e\u95f2\u7f6e\u60c5\u51b5\uff0c\u4e3amysql\u6570\u636e\u76ee\u5f55\u6302\u8f7d\u989d\u5916\u7684\u78c1\u76d8\u7a7a\u95f4\u3002\u793a\u4f8b\u5982\u4e0b\uff08\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u505a\u914d\u7f6e\uff09\uff1a fdisk -l Disk /dev/sdd: 479.6 GB, 479559942144 bytes, 936640512 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes Disk label type: dos Disk identifier: 0x000ed242 \u521b\u5efa\u5206\u533a parted /dev/sdd mkparted 0 -1 \u521b\u5efapv partprobe /dev/sdd1 pvcreate /dev/sdd1 \u521b\u5efa\u3001\u6fc0\u6d3bvg vgcreate vg_mariadb /dev/sdd1 vgchange -ay vg_mariadb \u67e5\u770bvg\u5bb9\u91cf vgdisplay --- Volume group --- VG Name vg_mariadb System ID Format lvm2 Metadata Areas 1 Metadata Sequence No 2 VG Access read/write VG Status resizable MAX LV 0 Cur LV 1 Open LV 1 Max PV 0 Cur PV 1 Act PV 1 VG Size 446.62 GiB PE Size 4.00 MiB Total PE 114335 Alloc PE / Size 114176 / 446.00 GiB Free PE / Size 159 / 636.00 MiB VG UUID bVUmDc-VkMu-Vi43-mg27-TEkG-oQfK-TvqdEc \u521b\u5efalv lvcreate -L 446G -n lv_mariadb vg_mariadb \u683c\u5f0f\u5316\u78c1\u76d8\u5e76\u83b7\u53d6\u5377\u7684UUID mkfs.ext4 /dev/mapper/vg_mariadb-lv_mariadb blkid /dev/mapper/vg_mariadb-lv_mariadb /dev/mapper/vg_mariadb-lv_mariadb: UUID=\"98d513eb-5f64-4aa5-810e-dc7143884fa2\" TYPE=\"ext4\" \u6ce8\uff1a98d513eb-5f64-4aa5-810e-dc7143884fa2\u4e3a\u5377\u7684UUID \u6302\u8f7d\u78c1\u76d8 mount /dev/mapper/vg_mariadb-lv_mariadb /var/lib/mysql rm -rf /var/lib/mysql/* 4. \u914d\u7f6eyum repo \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 4.1 \u5907\u4efdyum\u6e90 \u00b6 mkdir /etc/yum.repos.d/bak/ mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak/ 4.2 \u914d\u7f6eyum repo \u00b6 cat > /etc/yum.repos.d/opensd.repo << EOF [epol] name=epol baseurl=http://repo.openeuler.org/openEuler-22.09/EPOL/main/$basearch/ enabled=1 gpgcheck=0 [everything] name=everything baseurl=http://repo.openeuler.org/openEuler-22.09/$basearch/ enabled=1 gpgcheck=0 EOF 4.3 \u66f4\u65b0yum\u7f13\u5b58 \u00b6 yum clean all yum makecache 5. \u5b89\u88c5opensd \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 5.1 \u514b\u9686opensd\u6e90\u7801\u5e76\u5b89\u88c5 \u00b6 git clone https://gitee.com/openeuler/opensd cd opensd python3 setup.py install 6. \u505assh\u4e92\u4fe1 \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 6.1 \u751f\u6210\u5bc6\u94a5\u5bf9 \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\u5e76\u4e00\u8def\u56de\u8f66 ssh-keygen 6.2 \u751f\u6210\u4e3b\u673aIP\u5730\u5740\u6587\u4ef6 \u00b6 \u5728auto_ssh_host_ip\u4e2d\u914d\u7f6e\u6240\u6709\u7528\u5230\u7684\u4e3b\u673aip, \u793a\u4f8b\uff1a cd /usr/local/share/opensd/tools/ vim auto_ssh_host_ip 10.0.0.1 10.0.0.2 ... 10.0.0.10 6.3 \u66f4\u6539\u5bc6\u7801\u5e76\u6267\u884c\u811a\u672c \u00b6 \u5c06\u514d\u5bc6\u811a\u672c /usr/local/bin/opensd-auto-ssh \u5185123123\u66ff\u6362\u4e3a\u4e3b\u673a\u771f\u5b9e\u5bc6\u7801 # \u66ff\u6362\u811a\u672c\u5185123123\u5b57\u7b26\u4e32 vim /usr/local/bin/opensd-auto-ssh ## \u5b89\u88c5expect\u540e\u6267\u884c\u811a\u672c dnf install expect -y opensd-auto-ssh 6.4 \u90e8\u7f72\u8282\u70b9\u4e0eceph monitor\u505a\u4e92\u4fe1\uff08\u53ef\u9009\uff09 \u00b6 ssh-copy-id root@x.x.x.x 7. \u914d\u7f6eopensd \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 7.1 \u751f\u6210\u968f\u673a\u5bc6\u7801 \u00b6 \u5b89\u88c5 python3-pbr, python3-utils, python3-pyyaml, python3-oslo-utils\u5e76\u968f\u673a\u751f\u6210\u5bc6\u7801 dnf install python3-pbr python3-utils python3-pyyaml python3-oslo-utils -y # \u6267\u884c\u547d\u4ee4\u751f\u6210\u5bc6\u7801 opensd-genpwd # \u68c0\u67e5\u5bc6\u7801\u662f\u5426\u751f\u6210 cat /usr/local/share/opensd/etc_examples/opensd/passwords.yml 7.2 \u914d\u7f6einventory\u6587\u4ef6 \u00b6 \u4e3b\u673a\u4fe1\u606f\u5305\u542b\uff1a\u4e3b\u673a\u540d\u3001ansible_host IP\u3001availability_zone\uff0c\u4e09\u8005\u5747\u9700\u914d\u7f6e\u7f3a\u4e00\u4e0d\u53ef\uff0c\u793a\u4f8b\uff1a vim /usr/local/share/opensd/ansible/inventory/multinode # \u4e09\u53f0\u63a7\u5236\u8282\u70b9\u4e3b\u673a\u4fe1\u606f [control] controller1 ansible_host=10.0.0.35 availability_zone=az01.cell01.cn-yogadev-1 controller2 ansible_host=10.0.0.36 availability_zone=az01.cell01.cn-yogadev-1 controller3 ansible_host=10.0.0.37 availability_zone=az01.cell01.cn-yogadev-1 # \u7f51\u7edc\u8282\u70b9\u4fe1\u606f\uff0c\u4e0e\u63a7\u5236\u8282\u70b9\u4fdd\u6301\u4e00\u81f4 [network] controller1 ansible_host=10.0.0.35 availability_zone=az01.cell01.cn-yogadev-1 controller2 ansible_host=10.0.0.36 availability_zone=az01.cell01.cn-yogadev-1 controller3 ansible_host=10.0.0.37 availability_zone=az01.cell01.cn-yogadev-1 # cinder-volume\u670d\u52a1\u8282\u70b9\u4fe1\u606f [storage] storage1 ansible_host=10.0.0.61 availability_zone=az01.cell01.cn-yogadev-1 storage2 ansible_host=10.0.0.78 availability_zone=az01.cell01.cn-yogadev-1 storage3 ansible_host=10.0.0.82 availability_zone=az01.cell01.cn-yogadev-1 # Cell1 \u96c6\u7fa4\u4fe1\u606f [cell-control-cell1] cell1 ansible_host=10.0.0.24 availability_zone=az01.cell01.cn-yogadev-1 cell2 ansible_host=10.0.0.25 availability_zone=az01.cell01.cn-yogadev-1 cell3 ansible_host=10.0.0.26 availability_zone=az01.cell01.cn-yogadev-1 [compute-cell1] compute1 ansible_host=10.0.0.27 availability_zone=az01.cell01.cn-yogadev-1 compute2 ansible_host=10.0.0.28 availability_zone=az01.cell01.cn-yogadev-1 compute3 ansible_host=10.0.0.29 availability_zone=az01.cell01.cn-yogadev-1 [cell1:children] cell-control-cell1 compute-cell1 # Cell2\u96c6\u7fa4\u4fe1\u606f [cell-control-cell2] cell4 ansible_host=10.0.0.36 availability_zone=az03.cell02.cn-yogadev-1 cell5 ansible_host=10.0.0.37 availability_zone=az03.cell02.cn-yogadev-1 cell6 ansible_host=10.0.0.38 availability_zone=az03.cell02.cn-yogadev-1 [compute-cell2] compute4 ansible_host=10.0.0.39 availability_zone=az03.cell02.cn-yogadev-1 compute5 ansible_host=10.0.0.40 availability_zone=az03.cell02.cn-yogadev-1 compute6 ansible_host=10.0.0.41 availability_zone=az03.cell02.cn-yogadev-1 [cell2:children] cell-control-cell2 compute-cell2 [baremetal] [compute-cell1-ironic] # \u586b\u5199\u6240\u6709cell\u96c6\u7fa4\u7684control\u4e3b\u673a\u7ec4 [nova-conductor:children] cell-control-cell1 cell-control-cell2 # \u586b\u5199\u6240\u6709cell\u96c6\u7fa4\u7684compute\u4e3b\u673a\u7ec4 [nova-compute:children] compute-added compute-cell1 compute-cell2 # \u4e0b\u9762\u7684\u4e3b\u673a\u7ec4\u4fe1\u606f\u4e0d\u9700\u53d8\u52a8\uff0c\u4fdd\u7559\u5373\u53ef [compute-added] [chrony-server:children] control [pacemaker:children] control ...... ...... 7.3 \u914d\u7f6e\u5168\u5c40\u53d8\u91cf \u00b6 \u6ce8: \u6587\u6863\u4e2d\u63d0\u5230\u7684\u6709\u6ce8\u91ca\u914d\u7f6e\u9879\u9700\u8981\u66f4\u6539\uff0c\u5176\u4ed6\u53c2\u6570\u4e0d\u9700\u8981\u66f4\u6539\uff0c\u82e5\u65e0\u76f8\u5173\u914d\u7f6e\u5219\u4e3a\u7a7a vim /usr/local/share/opensd/etc_examples/opensd/globals.yml ######################## # Network & Base options ######################## network_interface: \"eth0\" #\u7ba1\u7406\u7f51\u7edc\u7684\u7f51\u5361\u540d\u79f0 neutron_external_interface: \"eth1\" #\u4e1a\u52a1\u7f51\u7edc\u7684\u7f51\u5361\u540d\u79f0 cidr_netmask: 24 #\u7ba1\u7406\u7f51\u7684\u63a9\u7801 opensd_vip_address: 10.0.0.33 #\u63a7\u5236\u8282\u70b9\u865a\u62dfIP\u5730\u5740 cell1_vip_address: 10.0.0.34 #cell1\u96c6\u7fa4\u7684\u865a\u62dfIP\u5730\u5740 cell2_vip_address: 10.0.0.35 #cell2\u96c6\u7fa4\u7684\u865a\u62dfIP\u5730\u5740 external_fqdn: \"\" #\u7528\u4e8evnc\u8bbf\u95ee\u865a\u62df\u673a\u7684\u5916\u7f51\u57df\u540d\u5730\u5740 external_ntp_servers: [] #\u5916\u90e8ntp\u670d\u52a1\u5668\u5730\u5740 yumrepo_host: #yum\u6e90\u7684IP\u5730\u5740 yumrepo_port: #yum\u6e90\u7aef\u53e3\u53f7 environment: #yum\u6e90\u7684\u7c7b\u578b upgrade_all_packages: \"yes\" #\u662f\u5426\u5347\u7ea7\u6240\u6709\u5b89\u88c5\u7248\u7684\u7248\u672c(\u6267\u884cyum upgrade)\uff0c\u521d\u59cb\u90e8\u7f72\u8d44\u6e90\u8bf7\u8bbe\u7f6e\u4e3a\"yes\" enable_miner: \"no\" #\u662f\u5426\u5f00\u542f\u90e8\u7f72miner\u670d\u52a1 enable_chrony: \"no\" #\u662f\u5426\u5f00\u542f\u90e8\u7f72chrony\u670d\u52a1 enable_pri_mariadb: \"no\" #\u662f\u5426\u4e3a\u79c1\u6709\u4e91\u90e8\u7f72mariadb enable_hosts_file_modify: \"no\" # \u6269\u5bb9\u8ba1\u7b97\u8282\u70b9\u548c\u90e8\u7f72ironic\u670d\u52a1\u7684\u65f6\u5019\uff0c\u662f\u5426\u5c06\u8282\u70b9\u4fe1\u606f\u6dfb\u52a0\u5230`/etc/hosts` ######################## # Available zone options ######################## az_cephmon_compose: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az01\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az01\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az02\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az02\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az03\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az03\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: # `reserve_vcpu_based_on_numa`\u914d\u7f6e\u4e3a`yes` or `no`,\u4e3e\u4f8b\u8bf4\u660e\uff1a NUMA node0 CPU(s): 0-15,32-47 NUMA node1 CPU(s): 16-31,48-63 \u5f53reserve_vcpu_based_on_numa: \"yes\", \u6839\u636enuma node, \u5e73\u5747\u6bcf\u4e2anode\u9884\u7559vcpu: vcpu_pin_set = 2-15,34-47,18-31,50-63 \u5f53reserve_vcpu_based_on_numa: \"no\", \u4ece\u7b2c\u4e00\u4e2avcpu\u5f00\u59cb\uff0c\u987a\u5e8f\u9884\u7559vcpu: vcpu_pin_set = 8-64 ####################### # Nova options ####################### nova_reserved_host_memory_mb: 2048 #\u8ba1\u7b97\u8282\u70b9\u7ed9\u8ba1\u7b97\u670d\u52a1\u9884\u7559\u7684\u5185\u5b58\u5927\u5c0f enable_cells: \"yes\" #cell\u8282\u70b9\u662f\u5426\u5355\u72ec\u8282\u70b9\u90e8\u7f72 support_gpu: \"False\" #cell\u8282\u70b9\u662f\u5426\u6709GPU\u670d\u52a1\u5668\uff0c\u5982\u679c\u6709\u5219\u4e3aTrue\uff0c\u5426\u5219\u4e3aFalse ####################### # Neutron options ####################### monitor_ip: - 10.0.0.9 #\u914d\u7f6e\u76d1\u63a7\u8282\u70b9 - 10.0.0.10 enable_meter_full_eip: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8EIP\u5168\u91cf\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter_port_forwarding: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8port forwarding\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter_ecs_ipv6: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8ecs_ipv6\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter: True #\u914d\u7f6e\u662f\u5426\u5f00\u542f\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue is_sdn_arch: False #\u914d\u7f6e\u662f\u5426\u662fsdn\u67b6\u6784\uff0c\u9ed8\u8ba4\u4e3aFalse # \u9ed8\u8ba4\u4f7f\u80fd\u7684\u7f51\u7edc\u7c7b\u578b\u662fvlan,vlan\u548cvxlan\u4e24\u79cd\u7c7b\u578b\u53ea\u80fd\u4e8c\u9009\u4e00. enable_vxlan_network_type: False # \u9ed8\u8ba4\u4f7f\u80fd\u7684\u7f51\u7edc\u7c7b\u578b\u662fvlan,\u5982\u679c\u4f7f\u7528vxlan\u7f51\u7edc\uff0c\u914d\u7f6e\u4e3aTrue, \u5982\u679c\u4f7f\u7528vlan\u7f51\u7edc\uff0c\u914d\u7f6e\u4e3aFalse. enable_neutron_fwaas: False # \u73af\u5883\u6709\u4f7f\u7528\u9632\u706b\u5899, \u8bbe\u7f6e\u4e3aTrue, \u4f7f\u80fd\u9632\u62a4\u5899\u529f\u80fd. # Neutron provider neutron_provider_networks: network_types: \"{{ 'vxlan' if enable_vxlan_network_type else 'vlan' }}\" network_vlan_ranges: \"default:xxx:xxx\" #\u90e8\u7f72\u4e4b\u524d\u89c4\u5212\u7684\u4e1a\u52a1\u7f51\u7edcvlan\u8303\u56f4 network_mappings: \"default:br-provider\" network_interface: \"{{ neutron_external_interface }}\" network_vxlan_ranges: \"\" #\u90e8\u7f72\u4e4b\u524d\u89c4\u5212\u7684\u4e1a\u52a1\u7f51\u7edcvxlan\u8303\u56f4 # \u5982\u4e0b\u8fd9\u4e9b\u914d\u7f6e\u662fSND\u63a7\u5236\u5668\u7684\u914d\u7f6e\u53c2\u6570, `enable_sdn_controller`\u8bbe\u7f6e\u4e3aTrue, \u4f7f\u80fdSND\u63a7\u5236\u5668\u529f\u80fd. # \u5176\u4ed6\u53c2\u6570\u8bf7\u6839\u636e\u90e8\u7f72\u4e4b\u524d\u7684\u89c4\u5212\u548cSDN\u90e8\u7f72\u4fe1\u606f\u786e\u5b9a. enable_sdn_controller: False sdn_controller_ip_address: # SDN\u63a7\u5236\u5668ip\u5730\u5740 sdn_controller_username: # SDN\u63a7\u5236\u5668\u7684\u7528\u6237\u540d sdn_controller_password: # SDN\u63a7\u5236\u5668\u7684\u7528\u6237\u5bc6\u7801 ####################### # Dimsagent options ####################### enable_dimsagent: \"no\" # \u5b89\u88c5\u955c\u50cf\u670d\u52a1agent, \u9700\u8981\u6539\u4e3ayes # Address and domain name for s2 s3_address_domain_pair: - host_ip: host_name: ####################### # Trove options ####################### enable_trove: \"no\" #\u5b89\u88c5trove \u9700\u8981\u6539\u4e3ayes #default network trove_default_neutron_networks: #trove \u7684\u7ba1\u7406\u7f51\u7edcid `openstack network list|grep -w trove-mgmt|awk '{print$2}'` #s3 setup(\u5982\u679c\u6ca1\u6709s3,\u4ee5\u4e0b\u503c\u586bnull) s3_endpoint_host_ip: #s3\u7684ip s3_endpoint_host_name: #s3\u7684\u57df\u540d s3_endpoint_url: #s3\u7684url \u00b7\u4e00\u822c\u4e3ahttp\uff1a//s3\u57df\u540d s3_access_key: #s3\u7684ak s3_secret_key: #s3\u7684sk ####################### # Ironic options ####################### enable_ironic: \"no\" #\u662f\u5426\u5f00\u673a\u88f8\u91d1\u5c5e\u90e8\u7f72\uff0c\u9ed8\u8ba4\u4e0d\u5f00\u542f ironic_neutron_provisioning_network_uuid: ironic_neutron_cleaning_network_uuid: \"{{ ironic_neutron_provisioning_network_uuid }}\" ironic_dnsmasq_interface: ironic_dnsmasq_dhcp_range: ironic_tftp_server_address: \"{{ hostvars[inventory_hostname]['ansible_' + ironic_dnsmasq_interface]['ipv4']['address'] }}\" # \u4ea4\u6362\u673a\u8bbe\u5907\u76f8\u5173\u4fe1\u606f neutron_ml2_conf_genericswitch: genericswitch:xxxxxxx: device_type: ngs_mac_address: ip: username: password: ngs_port_default_vlan: # Package state setting haproxy_package_state: \"present\" mariadb_package_state: \"present\" rabbitmq_package_state: \"present\" memcached_package_state: \"present\" ceph_client_package_state: \"present\" keystone_package_state: \"present\" glance_package_state: \"present\" cinder_package_state: \"present\" nova_package_state: \"present\" neutron_package_state: \"present\" miner_package_state: \"present\" 7.4 \u68c0\u67e5\u6240\u6709\u8282\u70b9ssh\u8fde\u63a5\u72b6\u6001 \u00b6 dnf install ansible -y ansible all -i /usr/local/share/opensd/ansible/inventory/multinode -m ping # \u6267\u884c\u7ed3\u679c\u663e\u793a\u6bcf\u53f0\u4e3b\u673a\u90fd\u662f\"SUCCESS\"\u5373\u8bf4\u660e\u8fde\u63a5\u72b6\u6001\u6ca1\u95ee\u9898,\u793a\u4f8b\uff1a compute1 | SUCCESS => { \"ansible_facts\": { \"discovered_interpreter_python\": \"/usr/bin/python\" }, \"changed\": false, \"ping\": \"pong\" } 8. \u6267\u884c\u90e8\u7f72 \u00b6 \u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a 8.1 \u6267\u884cbootstrap \u00b6 # \u6267\u884c\u90e8\u7f72 opensd -i /usr/local/share/opensd/ansible/inventory/multinode bootstrap --forks 50 8.2 \u91cd\u542f\u670d\u52a1\u5668 \u00b6 \u6ce8\uff1a\u6267\u884c\u91cd\u542f\u7684\u539f\u56e0\u662f:bootstrap\u53ef\u80fd\u4f1a\u5347\u5185\u6838,\u66f4\u6539selinux\u914d\u7f6e\u6216\u8005\u6709GPU\u670d\u52a1\u5668,\u5982\u679c\u88c5\u673a\u8fc7\u7a0b\u5df2\u7ecf\u662f\u65b0\u7248\u5185\u6838,selinux disable\u6216\u8005\u6ca1\u6709GPU\u670d\u52a1\u5668,\u5219\u4e0d\u9700\u8981\u6267\u884c\u8be5\u6b65\u9aa4 # \u624b\u52a8\u91cd\u542f\u5bf9\u5e94\u8282\u70b9,\u6267\u884c\u547d\u4ee4 init6 # \u91cd\u542f\u5b8c\u6210\u540e\uff0c\u518d\u6b21\u68c0\u67e5\u8fde\u901a\u6027 ansible all -i /usr/local/share/opensd/ansible/inventory/multinode -m ping # \u91cd\u542f\u5b8c\u540e\u64cd\u4f5c\u7cfb\u7edf\u540e\uff0c\u518d\u6b21\u542f\u52a8yum\u6e90 8.3 \u6267\u884c\u90e8\u7f72\u524d\u68c0\u67e5 \u00b6 opensd -i /usr/local/share/opensd/ansible/inventory/multinode prechecks --forks 50 8.4 \u6267\u884c\u90e8\u7f72 \u00b6 ln -s /usr/bin/python3 /usr/bin/python \u5168\u91cf\u90e8\u7f72\uff1a opensd -i /usr/local/share/opensd/ansible/inventory/multinode deploy --forks 50 \u5355\u670d\u52a1\u90e8\u7f72\uff1a opensd -i /usr/local/share/opensd/ansible/inventory/multinode deploy --forks 50 -t service_name \u57fa\u4e8eOpenStack helm\u90e8\u7f72 \u00b6 \u7b80\u4ecb \u00b6 OpenStack-Helm \u662f\u4e00\u4e2a\u7528\u6765\u5141\u8bb8\u7528\u6237\u5728 Kubernetes \u4e0a\u90e8\u7f72 OpenStack \u7ec4\u4ef6\u7684\u9879\u76ee\u3002\u8be5\u9879\u76ee\u63d0\u4f9b\u4e86 OpenStack \u5404\u4e2a\u7ec4\u4ef6\u7684 Helm Chart\uff0c\u5e76\u63d0\u4f9b\u4e86\u4e00\u7cfb\u5217\u811a\u672c\u6765\u4f9b\u7528\u6237\u5b8c\u6210\u5b89\u88c5\u6d41\u7a0b\u3002 OpenStack-Helm \u8f83\u4e3a\u590d\u6742\uff0c\u5efa\u8bae\u5728\u4e00\u4e2a\u65b0\u7cfb\u7edf\u4e0a\u90e8\u7f72\u3002\u6574\u4e2a\u90e8\u7f72\u5c06\u5360\u7528\u7ea6 30GB \u7684\u78c1\u76d8\u7a7a\u95f4\u3002\u5b89\u88c5\u65f6\u8bf7\u4f7f\u7528 root \u7528\u6237\u3002 \u524d\u7f6e\u8bbe\u7f6e \u00b6 \u5728\u5f00\u59cb\u5b89\u88c5 OpenStack-Helm \u524d\uff0c\u53ef\u80fd\u9700\u8981\u5bf9\u7cfb\u7edf\u8fdb\u884c\u4e00\u4e9b\u57fa\u7840\u8bbe\u7f6e\uff0c\u5305\u62ec\u4e3b\u673a\u540d\u548c\u65f6\u95f4\u7b49\u3002\u8bf7\u53c2\u8003\u201c\u57fa\u4e8eRPM\u90e8\u7f72\u201d\u7ae0\u8282\u7684\u6709\u5173\u4fe1\u606f\u3002 openEuler 22.09 \u4e2d\u5df2\u7ecf\u5305\u542b\u4e86 OpenStack-Helm \u8f6f\u4ef6\u5305\u3002\u9996\u5148\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u548c\u8865\u4e01\uff1a dnf install openstack-helm openstack-helm-infra openstack-helm-images loci \u8fd9\u91cc\u5b89\u88c5\u7684\u662f\u539f\u751fopenstack-helm\uff0c\u9ed8\u8ba4\u4e0d\u652f\u6301openEuler\uff0c\u56e0\u6b64\u5982\u679c\u60f3\u5728openEuler\u4e0a\u4f7f\u7528openstack-helm\uff0c\u8fd8\u9700\u8981\u5b89\u88c5plugin\u63d2\u4ef6\uff0c\u672c\u7ae0\u8282\u662f\u5bf9plugin\u7684\u4f7f\u7528\u8bf4\u660e\u3002 dnf install openstack-plugin-openstack-helm-openeuler-support \u81ea\u52a8\u5b89\u88c5 \u00b6 OpenStack-Helm \u5b89\u88c5\u6587\u4ef6\u5c06\u88ab\u653e\u7f6e\u5230\u7cfb\u7edf\u7684 /usr/share/openstack-helm \u76ee\u5f55\u3002 openEuler \u63d0\u4f9b\u7684\u8f6f\u4ef6\u5305\u4e2d\u5305\u542b\u4e00\u4e2a\u7b80\u6613\u7684\u5b89\u88c5\u5411\u5bfc\u7a0b\u5e8f\uff0c\u4f4d\u4e8e /usr/bin/openstack-helm \u3002\u6267\u884c\u547d\u4ee4\u8fdb\u5165\u5411\u5bfc\u7a0b\u5e8f\uff1a openstack-helm Welcome to OpenStack-Helm installation program for openEuler. I will guide you through the installation. Please refer to https://docs.openstack.org/openstack-helm/latest/ to get more information about OpenStack-Helm. We recommend doing this on a new bare metal or virtual OS installation. Now you have the following options: i: Start automated installation c: Check if all pods in Kubernetes are working e: Exit Your choice? [i/c/e]: \u8f93\u5165 i \u5e76\u70b9\u51fb\u56de\u8f66\u8fdb\u5165\u4e0b\u4e00\u7ea7\u9875\u9762\uff1a Welcome to OpenStack-Helm installation program for openEuler. I will guide you through the installation. Please refer to https://docs.openstack.org/openstack-helm/latest/ to get more information about OpenStack-Helm. We recommend doing this on a new bare metal or virtual OS installation. Now you have the following options: i: Start automated installation c: Check if all pods in Kubernetes are working e: Exit Your choice? [i/c/e]: i There are two storage backends available for OpenStack-Helm: NFS and CEPH. Which storage backend would you like to use? n: NFS storage backend c: CEPH storage backend b: Go back to parent menu Your choice? [n/c/b]: OpenStack-Helm \u63d0\u4f9b\u4e86\u4e24\u79cd\u5b58\u50a8\u65b9\u6cd5\uff1a NFS \u548c Ceph \u3002\u7528\u6237\u53ef\u6839\u636e\u9700\u8981\u8f93\u5165 n \u6765\u9009\u62e9 NFS \u5b58\u50a8\u540e\u7aef\u6216\u8005 c \u6765\u9009\u62e9 Ceph \u5b58\u50a8\u540e\u7aef\u3002 \u9009\u62e9\u5b8c\u6210\u5b58\u50a8\u540e\u7aef\u540e\uff0c\u7528\u6237\u5c06\u6709\u673a\u4f1a\u5b8c\u6210\u786e\u8ba4\u3002\u6536\u5230\u63d0\u793a\u65f6\uff0c\u6309\u4e0b\u56de\u8f66\u4ee5\u5f00\u59cb\u5b89\u88c5\u3002\u5b89\u88c5\u8fc7\u7a0b\u4e2d\uff0c\u7a0b\u5e8f\u5c06\u987a\u5e8f\u6267\u884c\u4e00\u7cfb\u5217\u5b89\u88c5\u811a\u672c\u4ee5\u5b8c\u6210\u90e8\u7f72\u3002\u8fd9\u4e00\u8fc7\u7a0b\u53ef\u80fd\u9700\u8981\u6301\u7eed\u51e0\u5341\u5206\u949f\uff0c\u5b89\u88c5\u8fc7\u7a0b\u4e2d\u8bf7\u786e\u4fdd\u78c1\u76d8\u7a7a\u95f4\u5145\u8db3\u4ee5\u53ca\u4e92\u8054\u7f51\u8fde\u63a5\u7545\u901a\u3002 \u5b89\u88c5\u8fc7\u7a0b\u4e2d\u6267\u884c\u5230\u7684\u811a\u672c\u4f1a\u5c06\u4e00\u4e9b Helm Chart \u90e8\u7f72\u5230\u7cfb\u7edf\u4e0a\u3002\u7531\u4e8e\u76ee\u6807\u7cfb\u7edf\u73af\u5883\u590d\u6742\u591a\u53d8\uff0c\u67d0\u4e9b\u7279\u5b9a\u7684 Helm Chart \u53ef\u80fd\u65e0\u6cd5\u987a\u5229\u88ab\u90e8\u7f72\u3002\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u60a8\u4f1a\u6ce8\u610f\u5230\u8f93\u51fa\u4fe1\u606f\u7684\u6700\u540e\u5305\u542b\u7b49\u5f85 Pod \u5c31\u4f4d\u4f46\u8d85\u65f6\u7684\u63d0\u793a\u3002\u82e5\u53d1\u751f\u6b64\u7c7b\u73b0\u8c61\uff0c\u60a8\u53ef\u80fd\u9700\u8981\u901a\u8fc7\u4e0b\u4e00\u8282\u7ed9\u51fa\u7684\u624b\u52a8\u5b89\u88c5\u65b9\u6cd5\u6765\u5b9a\u4f4d\u95ee\u9898\u6240\u5728\u3002 \u82e5\u60a8\u672a\u89c2\u5bdf\u5230\u4e0a\u8ff0\u7684\u73b0\u8c61\uff0c\u5219\u606d\u559c\u60a8\u5b8c\u6210\u4e86\u90e8\u7f72\u3002\u8bf7\u53c2\u8003\u201c\u4f7f\u7528 OpenStack-Helm\u201d\u4e00\u8282\u6765\u5f00\u59cb\u4f7f\u7528\u3002 \u624b\u52a8\u5b89\u88c5 \u00b6 \u82e5\u60a8\u5728\u81ea\u52a8\u5b89\u88c5\u7684\u8fc7\u7a0b\u4e2d\u9047\u5230\u4e86\u9519\u8bef\uff0c\u6216\u8005\u5e0c\u671b\u624b\u52a8\u5b89\u88c5\u6765\u63a7\u5236\u6574\u4e2a\u5b89\u88c5\u6d41\u7a0b\uff0c\u60a8\u53ef\u4ee5\u53c2\u7167\u4ee5\u4e0b\u987a\u5e8f\u6267\u884c\u5b89\u88c5\u6d41\u7a0b\uff1a cd /usr/share/openstack-helm/openstack-helm #\u57fa\u4e8e NFS ./tools/deployment/developer/common/010-deploy-k8s.sh ./tools/deployment/developer/common/020-setup-client.sh ./tools/deployment/developer/common/030-ingress.sh ./tools/deployment/developer/nfs/040-nfs-provisioner.sh ./tools/deployment/developer/nfs/050-mariadb.sh ./tools/deployment/developer/nfs/060-rabbitmq.sh ./tools/deployment/developer/nfs/070-memcached.sh ./tools/deployment/developer/nfs/080-keystone.sh ./tools/deployment/developer/nfs/090-heat.sh ./tools/deployment/developer/nfs/100-horizon.sh ./tools/deployment/developer/nfs/120-glance.sh ./tools/deployment/developer/nfs/140-openvswitch.sh ./tools/deployment/developer/nfs/150-libvirt.sh ./tools/deployment/developer/nfs/160-compute-kit.sh ./tools/deployment/developer/nfs/170-setup-gateway.sh #\u6216\u8005\u57fa\u4e8e Ceph ./tools/deployment/developer/common/010-deploy-k8s.sh ./tools/deployment/developer/common/020-setup-client.sh ./tools/deployment/developer/common/030-ingress.sh ./tools/deployment/developer/ceph/040-ceph.sh ./tools/deployment/developer/ceph/050-mariadb.sh ./tools/deployment/developer/ceph/060-rabbitmq.sh ./tools/deployment/developer/ceph/070-memcached.sh ./tools/deployment/developer/ceph/080-keystone.sh ./tools/deployment/developer/ceph/090-heat.sh ./tools/deployment/developer/ceph/100-horizon.sh ./tools/deployment/developer/ceph/120-glance.sh ./tools/deployment/developer/ceph/140-openvswitch.sh ./tools/deployment/developer/ceph/150-libvirt.sh ./tools/deployment/developer/ceph/160-compute-kit.sh ./tools/deployment/developer/ceph/170-setup-gateway.sh \u5b89\u88c5\u5b8c\u6210\u540e\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528 kubectl get pods -A \u6765\u67e5\u770b\u5f53\u524d\u7cfb\u7edf\u4e0a\u7684 Pod \u7684\u8fd0\u884c\u60c5\u51b5\u3002 \u4f7f\u7528 OpenStack-Helm \u00b6 \u7cfb\u7edf\u90e8\u7f72\u5b8c\u6210\u540e\uff0cOpenStack CLI \u754c\u9762\u5c06\u88ab\u90e8\u7f72\u5728 /usr/local/bin/openstack \u3002\u53c2\u7167\u4e0b\u9762\u7684\u4f8b\u5b50\u6765\u4f7f\u7528 OpenStack CLI\uff1a export OS_CLOUD=openstack_helm export OS_USERNAME='admin' export OS_PASSWORD='password' export OS_PROJECT_NAME='admin' export OS_PROJECT_DOMAIN_NAME='default' export OS_USER_DOMAIN_NAME='default' export OS_AUTH_URL='http://keystone.openstack.svc.cluster.local/v3' openstack service list openstack stack list \u5f53\u7136\uff0c\u60a8\u4e5f\u53ef\u4ee5\u901a\u8fc7 Web \u754c\u9762\u6765\u8bbf\u95ee OpenStack \u7684\u63a7\u5236\u9762\u677f\u3002Horizon Dashboard \u4f4d\u4e8e http://localhost:31000 \uff0c\u4f7f\u7528\u4ee5\u4e0b\u51ed\u636e\u767b\u5f55\uff1a Domain\uff1a default User Name\uff1a admin Password\uff1a password \u6b64\u65f6\uff0c\u60a8\u5e94\u5f53\u53ef\u4ee5\u770b\u5230\u719f\u6089\u7684 OpenStack \u63a7\u5236\u9762\u677f\u4e86\u3002 \u65b0\u7279\u6027\u7684\u5b89\u88c5 \u00b6 Kolla\u652f\u6301iSula \u00b6 Kolla\u662fOpenStack\u57fa\u4e8eDocker\u548cansible\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u65b9\u6848\uff0c\u5305\u542b\u4e86Kolla\u548cKolla-ansible\u4e24\u4e2a\u9879\u76ee\u3002Kolla\u662f\u5bb9\u5668\u955c\u50cf\u5236\u4f5c\u5de5\u5177\uff0cKolla-ansible\u662f\u5bb9\u5668\u955c\u50cf\u90e8\u7f72\u5de5\u5177\u3002\u5176\u4e2dKolla-ansible\u53ea\u652f\u6301\u5728openEuler LTS\u4e0a\u4f7f\u7528\uff0copenEuler\u521b\u65b0\u7248\u6682\u4e0d\u652f\u6301\u3002\u4f7f\u7528openEuler 22.09\uff0c\u7528\u6237\u53ef\u4ee5\u57fa\u4e8eKolla\u5236\u4f5c\u76f8\u5e94\u7684\u5bb9\u5668\u955c\u50cf\u3002\u540c\u65f6OpenStack SIG\u5728openEuler 22.09\u4e2d\u65b0\u589e\u4e86Kolla\u5bf9iSula\u8fd0\u884c\u65f6\u7684\u652f\u6301\uff0c\u5177\u4f53\u6b65\u9aa4\u5982\u4e0b\uff1a \u5b89\u88c5Kolla dnf install openstack-kolla docker \u5b89\u88c5\u5b8c\u6210\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-build \u547d\u4ee4\u5236\u4f5c\u57fa\u4e8eDocker\u5bb9\u5668\u955c\u50cf\u4e86\uff0c\u975e\u5e38\u7b80\u5355\uff0c\u5982\u679c\u7528\u6237\u60f3\u5c1d\u8bd5\u57fa\u4e8eisula\u7684\u65b9\u5f0f\uff0c\u53ef\u4ee5\u7ee7\u7eed\u64cd\u4f5c \u5b89\u88c5OpenStack iSula\u63d2\u4ef6 dnf install openstack-plugin-kolla-isula-support \u542f\u52a8isula-build\u670d\u52a1 \u7b2c\u4e8c\u6b65\u4f1a\u81ea\u52a8\u5b89\u88c5iSulad\u548cisula-builder\u670d\u52a1\uff0cisulad\u4f1a\u81ea\u52a8\u542f\u52a8\uff0c\u4f46isula-builder\u4e0d\u5bf9\uff0c\u9700\u8981\u624b\u52a8\u62c9\u8d77 systemctl start isula-builder \u914d\u7f6ekolla \u5728 kolla.conf \u4e2d\u7684[Default]\u91cc\u65b0\u589e base_runtime vim /etc/kolla/kolla.conf base_runtime=isula \u81f3\u6b64\u5b89\u88c5\u5b8c\u6210\uff0c\u4f7f\u7528 kolla-build \u5373\u53ef\u57fa\u4e8eisula\u5236\u4f5c\u955c\u50cf\u4e86\uff0c\u6267\u884c\u5b8c\u540e\uff0c\u6267\u884c isula images \u67e5\u770b\u955c\u50cf\u3002 Nova\u652f\u6301\u9ad8\u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u7279\u6027 \u00b6 \u9ad8\u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u7279\u6027\u662fOpenStack SIG\u5728openEuler 22.09\u4e2d\u57fa\u4e8eOpenStack Yoga\u5f00\u53d1\u7684Nova\u7279\u6027\uff0c\u8be5\u7279\u6027\u5141\u8bb8\u7528\u6237\u6307\u5b9a\u865a\u62df\u673a\u7684\u4f18\u5148\u7ea7\uff0c\u57fa\u4e8e\u4e0d\u540c\u7684\u4f18\u5148\u7ea7\uff0cOpenStack\u81ea\u52a8\u5206\u914d\u4e0d\u540c\u7684\u7ed1\u6838\u7b56\u7565\uff0c\u914d\u5408openEuler\u81ea\u7814\u7684 skylark QOS\u670d\u52a1\uff0c\u5b9e\u73b0\u9ad8\u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u5bf9\u8d44\u6e90\u7684\u5408\u7406\u4f7f\u7528\u3002\u5177\u4f53\u7ec6\u8282\u53ef\u4ee5\u53c2\u8003 \u7279\u6027\u6587\u6863 \u3002\u672c\u6587\u6863\u4e3b\u8981\u63cf\u8ff0\u5b89\u88c5\u6b65\u9aa4\u3002 \u6309\u7167\u524d\u9762\u7ae0\u8282\u90e8\u7f72\u597d\u4e00\u5957OpenStack\u73af\u5883\uff08\u975e\u5bb9\u5668\uff09\uff0c\u7136\u540e\u5148\u5b89\u88c5plugin\u3002 dnf install openstack-plugin-priority-vm \u914d\u7f6e\u6570\u636e\u5e93 \u672c\u7279\u6027\u5bf9Nova\u7684\u6570\u636e\u8868\u8fdb\u884c\u4e86\u6269\u5145\uff0c\u56e0\u6b64\u9700\u8981\u540c\u6b65\u6570\u636e\u5e93 nova-manage api_db sync nova-manage db sync \u91cd\u542fnova\u670d\u52a1 \u5728\u63a7\u5236\u8282\u70b9\u548c\u8ba1\u7b97\u8282\u70b9\u5206\u522b\u6267\u884c systemctl restart openstack-nova-*","title":"openEuler-22.09_Yoga"},{"location":"install/openEuler-22.09/OpenStack-yoga/#openstack-yoga","text":"OpenStack Yoga \u90e8\u7f72\u6307\u5357 \u57fa\u4e8eRPM\u90e8\u7f72 \u73af\u5883\u51c6\u5907 \u65f6\u949f\u540c\u6b65 \u5b89\u88c5\u6570\u636e\u5e93 \u5b89\u88c5\u6d88\u606f\u961f\u5217 \u5b89\u88c5\u7f13\u5b58\u670d\u52a1 \u90e8\u7f72\u670d\u52a1 Keystone Glance Placement Nova Neutron Cinder Horizon Ironic Trove Swift Cyborg Aodh Gnocchi Ceilometer Heat Tempest \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u90e8\u7f72 \u57fa\u4e8eOpenStack SIG\u90e8\u7f72\u5de5\u5177opensd\u90e8\u7f72 \u90e8\u7f72\u6b65\u9aa4 1. \u90e8\u7f72\u524d\u9700\u8981\u786e\u8ba4\u7684\u4fe1\u606f 2. ceph pool\u4e0e\u8ba4\u8bc1\u521b\u5efa\uff08\u53ef\u9009\uff09 2.1 \u521b\u5efapool: 2.2 \u521d\u59cb\u5316pool 2.3 \u521b\u5efa\u7528\u6237\u8ba4\u8bc1 3. \u914d\u7f6elvm\uff08\u53ef\u9009\uff09 4. \u914d\u7f6eyum repo 4.1 \u5907\u4efdyum\u6e90 4.2 \u914d\u7f6eyum repo 4.3 \u66f4\u65b0yum\u7f13\u5b58 5. \u5b89\u88c5opensd 5.1 \u514b\u9686opensd\u6e90\u7801\u5e76\u5b89\u88c5 6. \u505assh\u4e92\u4fe1 6.1 \u751f\u6210\u5bc6\u94a5\u5bf9 6.2 \u751f\u6210\u4e3b\u673aIP\u5730\u5740\u6587\u4ef6 6.3 \u66f4\u6539\u5bc6\u7801\u5e76\u6267\u884c\u811a\u672c 6.4 \u90e8\u7f72\u8282\u70b9\u4e0eceph monitor\u505a\u4e92\u4fe1\uff08\u53ef\u9009\uff09 7. \u914d\u7f6eopensd 7.1 \u751f\u6210\u968f\u673a\u5bc6\u7801 7.2 \u914d\u7f6einventory\u6587\u4ef6 7.3 \u914d\u7f6e\u5168\u5c40\u53d8\u91cf 7.4 \u68c0\u67e5\u6240\u6709\u8282\u70b9ssh\u8fde\u63a5\u72b6\u6001 8. \u6267\u884c\u90e8\u7f72 8.1 \u6267\u884cbootstrap 8.2 \u91cd\u542f\u670d\u52a1\u5668 8.3 \u6267\u884c\u90e8\u7f72\u524d\u68c0\u67e5 8.4 \u6267\u884c\u90e8\u7f72 \u57fa\u4e8eOpenStack helm\u90e8\u7f72 \u7b80\u4ecb \u524d\u7f6e\u8bbe\u7f6e \u81ea\u52a8\u5b89\u88c5 \u624b\u52a8\u5b89\u88c5 \u4f7f\u7528 OpenStack-Helm \u65b0\u7279\u6027\u7684\u5b89\u88c5 Kolla\u652f\u6301iSula Nova\u652f\u6301\u9ad8\u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u7279\u6027 \u672c\u6587\u6863\u662fopenEuler OpenStack SIG\u7f16\u5199\u7684\u57fa\u4e8eopenEuler 22.09\u7684OpenStack\u90e8\u7f72\u6307\u5357\uff0c\u5185\u5bb9\u7531SIG\u8d21\u732e\u8005\u63d0\u4f9b\u3002\u5728\u9605\u8bfb\u8fc7\u7a0b\u4e2d\uff0c\u5982\u679c\u60a8\u6709\u4efb\u4f55\u7591\u95ee\u6216\u8005\u53d1\u73b0\u4efb\u4f55\u95ee\u9898\uff0c\u8bf7 \u8054\u7cfb SIG\u7ef4\u62a4\u4eba\u5458\uff0c\u6216\u8005\u76f4\u63a5 \u63d0\u4ea4issue \u7ea6\u5b9a \u672c\u7ae0\u8282\u63cf\u8ff0\u6587\u6863\u4e2d\u7684\u4e00\u4e9b\u901a\u7528\u7ea6\u5b9a\u3002 \u540d\u79f0 \u5b9a\u4e49 RABBIT_PASS rabbitmq\u7684\u5bc6\u7801\uff0c\u7531\u7528\u6237\u8bbe\u7f6e\uff0c\u5728OpenStack\u5404\u4e2a\u670d\u52a1\u914d\u7f6e\u4e2d\u4f7f\u7528 CINDER_PASS cinder\u670d\u52a1keystone\u7528\u6237\u7684\u5bc6\u7801\uff0c\u5728cinder\u914d\u7f6e\u4e2d\u4f7f\u7528 CINDER_DBPASS cinder\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728cinder\u914d\u7f6e\u4e2d\u4f7f\u7528 KEYSTONE_DBPASS keystone\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728keystone\u914d\u7f6e\u4e2d\u4f7f\u7528 GLANCE_PASS glance\u670d\u52a1keystone\u7528\u6237\u7684\u5bc6\u7801\uff0c\u5728glance\u914d\u7f6e\u4e2d\u4f7f\u7528 GLANCE_DBPASS glance\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728glance\u914d\u7f6e\u4e2d\u4f7f\u7528 HEAT_PASS \u5728keystone\u6ce8\u518c\u7684heat\u7528\u6237\u5bc6\u7801\uff0c\u5728heat\u914d\u7f6e\u4e2d\u4f7f\u7528 HEAT_DBPASS heat\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728heat\u914d\u7f6e\u4e2d\u4f7f\u7528 CYBORG_PASS \u5728keystone\u6ce8\u518c\u7684cyborg\u7528\u6237\u5bc6\u7801\uff0c\u5728cyborg\u914d\u7f6e\u4e2d\u4f7f\u7528 CYBORG_DBPASS cyborg\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728cyborg\u914d\u7f6e\u4e2d\u4f7f\u7528 NEUTRON_PASS \u5728keystone\u6ce8\u518c\u7684neutron\u7528\u6237\u5bc6\u7801\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 NEUTRON_DBPASS neutron\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 PROVIDER_INTERFACE_NAME \u7269\u7406\u7f51\u7edc\u63a5\u53e3\u7684\u540d\u79f0\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 OVERLAY_INTERFACE_IP_ADDRESS Controller\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406ip\u5730\u5740\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 METADATA_SECRET metadata proxy\u7684secret\u5bc6\u7801\uff0c\u5728nova\u548cneutron\u914d\u7f6e\u4e2d\u4f7f\u7528 PLACEMENT_DBPASS placement\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728placement\u914d\u7f6e\u4e2d\u4f7f\u7528 PLACEMENT_PASS \u5728keystone\u6ce8\u518c\u7684placement\u7528\u6237\u5bc6\u7801\uff0c\u5728placement\u914d\u7f6e\u4e2d\u4f7f\u7528 NOVA_DBPASS nova\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728nova\u914d\u7f6e\u4e2d\u4f7f\u7528 NOVA_PASS \u5728keystone\u6ce8\u518c\u7684nova\u7528\u6237\u5bc6\u7801\uff0c\u5728nova,cyborg,neutron\u7b49\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_DBPASS ironic\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728ironic\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_PASS \u5728keystone\u6ce8\u518c\u7684ironic\u7528\u6237\u5bc6\u7801\uff0c\u5728ironic\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_INSPECTOR_DBPASS ironic-inspector\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728ironic-inspector\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_INSPECTOR_PASS \u5728keystone\u6ce8\u518c\u7684ironic-inspector\u7528\u6237\u5bc6\u7801\uff0c\u5728ironic-inspector\u914d\u7f6e\u4e2d\u4f7f\u7528 OpenStack SIG\u63d0\u4f9b\u4e86\u591a\u79cd\u57fa\u4e8eopenEuler\u90e8\u7f72OpenStack\u7684\u65b9\u6cd5\uff0c\u4ee5\u6ee1\u8db3\u4e0d\u540c\u7684\u7528\u6237\u573a\u666f\uff0c\u8bf7\u6309\u9700\u9009\u62e9\u3002","title":"OpenStack Yoga \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-22.09/OpenStack-yoga/#rpm","text":"","title":"\u57fa\u4e8eRPM\u90e8\u7f72"},{"location":"install/openEuler-22.09/OpenStack-yoga/#_1","text":"\u672c\u6587\u6863\u57fa\u4e8eOpenStack\u7ecf\u5178\u7684\u4e09\u8282\u70b9\u73af\u5883\u8fdb\u884c\u90e8\u7f72\uff0c\u4e09\u4e2a\u8282\u70b9\u5206\u522b\u662f\u63a7\u5236\u8282\u70b9(Controller)\u3001\u8ba1\u7b97\u8282\u70b9(Compute)\u3001\u5b58\u50a8\u8282\u70b9(Storage)\uff0c\u5176\u4e2d\u5b58\u50a8\u8282\u70b9\u4e00\u822c\u53ea\u90e8\u7f72\u5b58\u50a8\u670d\u52a1\uff0c\u5728\u8d44\u6e90\u6709\u9650\u7684\u60c5\u51b5\u4e0b\uff0c\u53ef\u4ee5\u4e0d\u5355\u72ec\u90e8\u7f72\u8be5\u8282\u70b9\uff0c\u628a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u670d\u52a1\u90e8\u7f72\u5230\u8ba1\u7b97\u8282\u70b9\u5373\u53ef\u3002 \u9996\u5148\u51c6\u5907\u4e09\u4e2aopenEuler 22.09\u73af\u5883\uff0c\u6839\u636e\u60a8\u7684\u73af\u5883\uff0c\u4e0b\u8f7d\u5bf9\u5e94\u7684\u955c\u50cf\u5e76\u5b89\u88c5\u5373\u53ef\uff1a ISO\u955c\u50cf \u3001 qcow2\u955c\u50cf \u3002 \u4e0b\u9762\u7684\u5b89\u88c5\u6309\u7167\u5982\u4e0b\u62d3\u6251\u8fdb\u884c\uff1a controller\uff1a192.168.0.2 compute\uff1a 192.168.0.3 storage\uff1a 192.168.0.4 \u5982\u679c\u60a8\u7684\u73af\u5883IP\u4e0d\u540c\uff0c\u8bf7\u6309\u7167\u60a8\u7684\u73af\u5883IP\u4fee\u6539\u76f8\u5e94\u7684\u914d\u7f6e\u6587\u4ef6\u3002 \u672c\u6587\u6863\u7684\u4e09\u8282\u70b9\u670d\u52a1\u62d3\u6251\u5982\u4e0b\u56fe\u6240\u793a(\u53ea\u5305\u542bKeystone\u3001Glance\u3001Nova\u3001Cinder\u3001Neutron\u8fd9\u51e0\u4e2a\u6838\u5fc3\u670d\u52a1\uff0c\u5176\u4ed6\u670d\u52a1\u8bf7\u53c2\u8003\u5177\u4f53\u90e8\u7f72\u7ae0\u8282)\uff1a \u5728\u6b63\u5f0f\u90e8\u7f72\u4e4b\u524d\uff0c\u9700\u8981\u5bf9\u6bcf\u4e2a\u8282\u70b9\u505a\u5982\u4e0b\u914d\u7f6e\u548c\u68c0\u67e5\uff1a \u4fdd\u8bc1EPOL yum\u6e90\u5df2\u914d\u7f6e \u6253\u5f00 /etc/yum.repos.d/openEuler.repo \u6587\u4ef6\uff0c\u68c0\u67e5 [EPOL] \u6e90\u662f\u5426\u5b58\u5728\uff0c\u82e5\u4e0d\u5b58\u5728\uff0c\u5219\u6dfb\u52a0\u5982\u4e0b\u5185\u5bb9: [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-22.09/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-22.09/OS/$basearch/RPM-GPG-KEY-openEuler \u4e0d\u8bba\u6539\u4e0d\u6539\u8fd9\u4e2a\u6587\u4ef6\uff0c\u65b0\u673a\u5668\u7684\u7b2c\u4e00\u6b65\u90fd\u8981\u66f4\u65b0\u4e00\u4e0byum\u6e90\uff0c\u6267\u884c yum update \u3002 \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u6bcf\u4e2a\u8282\u70b9\u5206\u522b\u4fee\u6539\u4e3b\u673a\u540d\uff0c\u4ee5controller\u4e3a\u4f8b\uff1a hostnamectl set-hostname controller vi /etc/hostname \u5185\u5bb9\u4fee\u6539\u4e3acontroller \u7136\u540e\u4fee\u6539\u6bcf\u4e2a\u8282\u70b9\u7684 /etc/hosts \u6587\u4ef6\uff0c\u65b0\u589e\u5982\u4e0b\u5185\u5bb9: 192.168.0.2 controller 192.168.0.3 compute 192.168.0.4 storage","title":"\u73af\u5883\u51c6\u5907"},{"location":"install/openEuler-22.09/OpenStack-yoga/#_2","text":"\u96c6\u7fa4\u73af\u5883\u65f6\u523b\u8981\u6c42\u6bcf\u4e2a\u8282\u70b9\u7684\u65f6\u95f4\u4e00\u81f4\uff0c\u4e00\u822c\u7531\u65f6\u949f\u540c\u6b65\u8f6f\u4ef6\u4fdd\u8bc1\u3002\u672c\u6587\u4f7f\u7528 chrony \u8f6f\u4ef6\u3002\u6b65\u9aa4\u5982\u4e0b\uff1a Controller\u8282\u70b9 \uff1a \u5b89\u88c5\u670d\u52a1 dnf install chrony \u4fee\u6539 /etc/chrony.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u65b0\u589e\u4e00\u884c # \u8868\u793a\u5141\u8bb8\u54ea\u4e9bIP\u4ece\u672c\u8282\u70b9\u540c\u6b65\u65f6\u949f allow 192.168.0.0/24 \u91cd\u542f\u670d\u52a1 systemctl restart chronyd \u5176\u4ed6\u8282\u70b9 \u5b89\u88c5\u670d\u52a1 dnf install chrony \u4fee\u6539 /etc/chrony.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u65b0\u589e\u4e00\u884c # NTP_SERVER\u662fcontroller IP\uff0c\u8868\u793a\u4ece\u8fd9\u4e2a\u673a\u5668\u83b7\u53d6\u65f6\u95f4\uff0c\u8fd9\u91cc\u6211\u4eec\u586b192.168.0.2\uff0c\u6216\u8005\u5728`/etc/hosts`\u91cc\u914d\u7f6e\u597d\u7684controller\u540d\u5b57\u5373\u53ef\u3002 server NTP_SERVER iburst \u540c\u65f6\uff0c\u8981\u628a pool pool.ntp.org iburst \u8fd9\u4e00\u884c\u6ce8\u91ca\u6389\uff0c\u8868\u793a\u4e0d\u4ece\u516c\u7f51\u540c\u6b65\u65f6\u949f\u3002 \u91cd\u542f\u670d\u52a1 systemctl restart chronyd \u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u68c0\u67e5\u4e00\u4e0b\u7ed3\u679c\uff0c\u5728\u5176\u4ed6\u975econtroller\u8282\u70b9\u6267\u884c chronyc sources \uff0c\u8fd4\u56de\u7ed3\u679c\u7c7b\u4f3c\u5982\u4e0b\u5185\u5bb9\uff0c\u8868\u793a\u6210\u529f\u4ececontroller\u540c\u6b65\u65f6\u949f\u3002 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* 192.168.0.2 4 6 7 0 -1406ns[ +55us] +/- 16ms","title":"\u65f6\u949f\u540c\u6b65"},{"location":"install/openEuler-22.09/OpenStack-yoga/#_3","text":"\u6570\u636e\u5e93\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528mariadb\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install mysql-config mariadb mariadb-server python3-PyMySQL \u65b0\u589e\u914d\u7f6e\u6587\u4ef6 /etc/my.cnf.d/openstack.cnf \uff0c\u5185\u5bb9\u5982\u4e0b [mysqld] bind-address = 192.168.0.2 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u542f\u52a8\u670d\u52a1\u5668 systemctl start mariadb \u521d\u59cb\u5316\u6570\u636e\u5e93\uff0c\u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef mysql_secure_installation \u793a\u4f8b\u5982\u4e0b\uff1a NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and haven't set the root password yet, you should just press enter here. Enter current password for root (enter for none): #\u8fd9\u91cc\u8f93\u5165\u5bc6\u7801\uff0c\u7531\u4e8e\u6211\u4eec\u662f\u521d\u59cb\u5316DB\uff0c\u76f4\u63a5\u56de\u8f66\u5c31\u884c OK, successfully used password, moving on... Setting the root password or using the unix_socket ensures that nobody can log into the MariaDB root user without the proper authorisation. You already have your root account protected, so you can safely answer 'n'. # \u8fd9\u91cc\u6839\u636e\u63d0\u793a\u8f93\u5165N Switch to unix_socket authentication [Y/n] N Enabled successfully! Reloading privilege tables.. ... Success! You already have your root account protected, so you can safely answer 'n'. # \u8f93\u5165Y\uff0c\u4fee\u6539\u5bc6\u7801 Change the root password? [Y/n] Y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. # \u8f93\u5165Y\uff0c\u5220\u9664\u533f\u540d\u7528\u6237 Remove anonymous users? [Y/n] Y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. # \u8f93\u5165Y\uff0c\u5173\u95edroot\u8fdc\u7a0b\u767b\u5f55\u6743\u9650 Disallow root login remotely? [Y/n] Y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. # \u8f93\u5165Y\uff0c\u5220\u9664test\u6570\u636e\u5e93 Remove test database and access to it? [Y/n] Y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. # \u8f93\u5165Y\uff0c\u91cd\u8f7d\u914d\u7f6e Reload privilege tables now? [Y/n] Y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. \u9a8c\u8bc1\uff0c\u6839\u636e\u7b2c\u56db\u6b65\u8bbe\u7f6e\u7684\u5bc6\u7801\uff0c\u68c0\u67e5\u662f\u5426\u80fd\u767b\u5f55mariadb mysql -uroot -p","title":"\u5b89\u88c5\u6570\u636e\u5e93"},{"location":"install/openEuler-22.09/OpenStack-yoga/#_4","text":"\u6d88\u606f\u961f\u5217\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528rabbitmq\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install rabbitmq-server \u542f\u52a8\u670d\u52a1 systemctl start rabbitmq-server \u914d\u7f6eopenstack\u7528\u6237\uff0c RABBIT_PASS \u662fopenstack\u670d\u52a1\u767b\u5f55\u6d88\u606f\u961f\u91cc\u7684\u5bc6\u7801\uff0c\u9700\u8981\u548c\u540e\u9762\u5404\u4e2a\u670d\u52a1\u7684\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\u3002 rabbitmqctl add_user openstack RABBIT_PASS rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5\u6d88\u606f\u961f\u5217"},{"location":"install/openEuler-22.09/OpenStack-yoga/#_5","text":"\u6d88\u606f\u961f\u5217\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528Memcached\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install memcached python3-memcached \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u542f\u52a8\u670d\u52a1 systemctl start memcached","title":"\u5b89\u88c5\u7f13\u5b58\u670d\u52a1"},{"location":"install/openEuler-22.09/OpenStack-yoga/#_6","text":"","title":"\u90e8\u7f72\u670d\u52a1"},{"location":"install/openEuler-22.09/OpenStack-yoga/#keystone","text":"Keystone\u662fOpenStack\u63d0\u4f9b\u7684\u9274\u6743\u670d\u52a1\uff0c\u662f\u6574\u4e2aOpenStack\u7684\u5165\u53e3\uff0c\u63d0\u4f9b\u4e86\u79df\u6237\u9694\u79bb\u3001\u7528\u6237\u8ba4\u8bc1\u3001\u670d\u52a1\u53d1\u73b0\u7b49\u529f\u80fd\uff0c\u5fc5\u987b\u5b89\u88c5\u3002 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server \u6253\u5f00httpd.conf\u5e76\u914d\u7f6e #\u9700\u8981\u4fee\u6539\u7684\u914d\u7f6e\u6587\u4ef6\u8def\u5f84 vim /etc/httpd/conf/httpd.conf #\u4fee\u6539\u4ee5\u4e0b\u9879\uff0c\u5982\u679c\u6ca1\u6709\u5219\u65b0\u6dfb\u52a0 ServerName controller \u521b\u5efa\u8f6f\u94fe\u63a5 ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles \u9700\u8981\u5148\u5b89\u88c5python3-openstackclient dnf install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone"},{"location":"install/openEuler-22.09/OpenStack-yoga/#glance","text":"Glance\u662fOpenStack\u63d0\u4f9b\u7684\u955c\u50cf\u670d\u52a1\uff0c\u8d1f\u8d23\u865a\u62df\u673a\u3001\u88f8\u673a\u955c\u50cf\u7684\u4e0a\u4f20\u4e0e\u4e0b\u8f7d\uff0c\u5fc5\u987b\u5b89\u88c5\u3002 Controller\u8282\u70b9 \uff1a \u521b\u5efa glance \u6570\u636e\u5e93\u5e76\u6388\u6743 mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521d\u59cb\u5316 glance \u8d44\u6e90\u5bf9\u8c61 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efa\u7528\u6237\u65f6\uff0c\u547d\u4ee4\u884c\u4f1a\u63d0\u793a\u8f93\u5165\u5bc6\u7801\uff0c\u8bf7\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u5bc6\u7801\uff0c\u4e0b\u6587\u6d89\u53ca\u5230 GLANCE_PASS \u7684\u5730\u65b9\u66ff\u6362\u6210\u8be5\u5bc6\u7801\u5373\u53ef\u3002 openstack user create --domain default --password-prompt glance User Password: Repeat User Password: \u6dfb\u52a0glance\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user glance admin \u521b\u5efaglance\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efaglance API\u670d\u52a1\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-glance \u4fee\u6539 glance \u914d\u7f6e\u6587\u4ef6 vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrcu \u4e0b\u8f7d\u955c\u50cf x86\u955c\u50cf\u4e0b\u8f7d\uff1a wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img arm\u955c\u50cf\u4e0b\u8f7d\uff1a wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-aarch64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance"},{"location":"install/openEuler-22.09/OpenStack-yoga/#placement","text":"Placement\u662fOpenStack\u63d0\u4f9b\u7684\u8d44\u6e90\u8c03\u5ea6\u7ec4\u4ef6\uff0c\u4e00\u822c\u4e0d\u9762\u5411\u7528\u6237\uff0c\u7531Nova\u7b49\u7ec4\u4ef6\u8c03\u7528\uff0c\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\u3002 \u5b89\u88c5\u3001\u914d\u7f6ePlacement\u670d\u52a1\u524d\uff0c\u9700\u8981\u5148\u521b\u5efa\u76f8\u5e94\u7684\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548cAPI endpoints\u3002 \u521b\u5efa\u6570\u636e\u5e93 \u4f7f\u7528root\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\u670d\u52a1\uff1a mysql -u root -p \u521b\u5efaplacement\u6570\u636e\u5e93\uff1a MariaDB [(none)]> CREATE DATABASE placement; \u6388\u6743\u6570\u636e\u5e93\u8bbf\u95ee\uff1a MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; \u66ff\u6362 PLACEMENT_DBPASS \u4e3aplacement\u6570\u636e\u5e93\u8bbf\u95ee\u5bc6\u7801\u3002 \u9000\u51fa\u6570\u636e\u5e93\u8bbf\u95ee\u5ba2\u6237\u7aef\uff1a exit \u914d\u7f6e\u7528\u6237\u548cEndpoints source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u521b\u5efaplacement\u7528\u6237\u5e76\u8bbe\u7f6e\u7528\u6237\u5bc6\u7801\uff1a openstack user create --domain default --password-prompt placement User Password: Repeat User Password: \u6dfb\u52a0placement\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user placement admin \u521b\u5efaplacement\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name placement \\ --description \"Placement API\" placement \u521b\u5efaPlacement API\u670d\u52a1endpoints\uff1a openstack endpoint create --region RegionOne \\ placement public http://controller:8778 openstack endpoint create --region RegionOne \\ placement internal http://controller:8778 openstack endpoint create --region RegionOne \\ placement admin http://controller:8778 \u5b89\u88c5\u53ca\u914d\u7f6e\u7ec4\u4ef6 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a dnf install openstack-placement-api \u7f16\u8f91 /etc/placement/placement.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u5b8c\u6210\u5982\u4e0b\u64cd\u4f5c\uff1a \u5728 [placement_database] \u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1a [placement_database] connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement \u66ff\u6362 PLACEMENT_DBPASS \u4e3aplacement\u6570\u636e\u5e93\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u6570\u636e\u5e93\u540c\u6b65\uff0c\u586b\u5145Placement\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8\u670d\u52a1 \u91cd\u542fhttpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650 source ~/.admin-openrc \u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a placement-status upgrade check +----------------------------------------------------------------------+ | Upgrade Check Results | +----------------------------------------------------------------------+ | Check: Missing Root Provider IDs | | Result: Success | | Details: None | +----------------------------------------------------------------------+ | Check: Incomplete Consumers | | Result: Success | | Details: None | +----------------------------------------------------------------------+ | Check: Policy File JSON to YAML Migration | | Result: Failure | | Details: Your policy file is JSON-formatted which is deprecated. You | | need to switch to YAML-formatted file. Use the | | ``oslopolicy-convert-json-to-yaml`` tool to convert the | | existing JSON-formatted files to YAML in a backwards- | | compatible manner: https://docs.openstack.org/oslo.policy/ | | latest/cli/oslopolicy-convert-json-to-yaml.html. | +----------------------------------------------------------------------+ \u8fd9\u91cc\u53ef\u4ee5\u770b\u5230 Policy File JSON to YAML Migration \u7684\u7ed3\u679c\u4e3aFailure\u3002\u8fd9\u662f\u56e0\u4e3a\u5728Placement\u4e2d\uff0cJSON\u683c\u5f0f\u7684policy\u6587\u4ef6\u4eceWallaby\u7248\u672c\u5f00\u59cb\u5df2\u5904\u4e8e deprecated \u72b6\u6001\u3002\u53ef\u4ee5\u53c2\u8003\u63d0\u793a\uff0c\u4f7f\u7528 oslopolicy-convert-json-to-yaml \u5de5\u5177 \u5c06\u73b0\u6709\u7684JSON\u683c\u5f0fpolicy\u6587\u4ef6\u8f6c\u5316\u4e3aYAML\u683c\u5f0f\u3002 oslopolicy-convert-json-to-yaml --namespace placement \\ --policy-file /etc/placement/policy.json \\ --output-file /etc/placement/policy.yaml mv /etc/placement/policy.json{,.bak} \u6ce8\uff1a\u5f53\u524d\u73af\u5883\u4e2d\u6b64\u95ee\u9898\u53ef\u5ffd\u7565\uff0c\u4e0d\u5f71\u54cd\u8fd0\u884c\u3002 \u9488\u5bf9placement API\u8fd0\u884c\u547d\u4ee4\uff1a \u5b89\u88c5osc-placement\u63d2\u4ef6\uff1a dnf install python3-osc-placement \u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a openstack --os-placement-api-version 1.2 resource class list --sort-column name +----------------------------+ | name | +----------------------------+ | DISK_GB | | FPGA | | ... | openstack --os-placement-api-version 1.6 trait list --sort-column name +---------------------------------------+ | name | +---------------------------------------+ | COMPUTE_ACCELERATORS | | COMPUTE_ARCH_AARCH64 | | ... |","title":"Placement"},{"location":"install/openEuler-22.09/OpenStack-yoga/#nova","text":"Nova\u662fOpenStack\u7684\u8ba1\u7b97\u670d\u52a1\uff0c\u8d1f\u8d23\u865a\u62df\u673a\u7684\u521b\u5efa\u3001\u53d1\u653e\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u521b\u5efa\u6570\u636e\u5e93 \u4f7f\u7528root\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\u670d\u52a1\uff1a mysql -u root -p \u521b\u5efa nova_api \u3001 nova \u548c nova_cell0 \u6570\u636e\u5e93\uff1a MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; \u6388\u6743\u6570\u636e\u5e93\u8bbf\u95ee\uff1a MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; \u66ff\u6362 NOVA_DBPASS \u4e3anova\u76f8\u5173\u6570\u636e\u5e93\u8bbf\u95ee\u5bc6\u7801\u3002 \u9000\u51fa\u6570\u636e\u5e93\u8bbf\u95ee\u5ba2\u6237\u7aef\uff1a exit \u914d\u7f6e\u7528\u6237\u548cEndpoints source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u521b\u5efanova\u7528\u6237\u5e76\u8bbe\u7f6e\u7528\u6237\u5bc6\u7801\uff1a openstack user create --domain default --password-prompt nova User Password: Repeat User Password: \u6dfb\u52a0nova\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user nova admin \u521b\u5efanova\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name nova \\ --description \"OpenStack Compute\" compute \u521b\u5efaNova API\u670d\u52a1endpoints\uff1a openstack endpoint create --region RegionOne \\ compute public http://controller:8774/v2.1 openstack endpoint create --region RegionOne \\ compute internal http://controller:8774/v2.1 openstack endpoint create --region RegionOne \\ compute admin http://controller:8774/v2.1 \u5b89\u88c5\u53ca\u914d\u7f6e\u7ec4\u4ef6 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a dnf install openstack-nova-api openstack-nova-conductor \\ openstack-nova-novncproxy openstack-nova-scheduler \u7f16\u8f91 /etc/nova/nova.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u5b8c\u6210\u5982\u4e0b\u64cd\u4f5c\uff1a \u5728 [default] \u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u4f7f\u7528controller\u8282\u70b9\u7ba1\u7406IP\u914d\u7f6emy_ip\uff0c\u663e\u5f0f\u5b9a\u4e49log_dir\uff1a [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 192.168.0.2 log_dir = /var/log/nova \u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002 \u5728 [api_database] \u548c [database] \u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1a [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova \u66ff\u6362 NOVA_DBPASS \u4e3anova\u76f8\u5173\u6570\u636e\u5e93\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u5728 [vnc] \u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1a [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip \u5728 [glance] \u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1a [glance] api_servers = http://controller:9292 \u5728 [oslo_concurrency] \u90e8\u5206\uff0c\u914d\u7f6elock path\uff1a [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\uff1a [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u6570\u636e\u5e93\u540c\u6b65\uff1a \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova \u542f\u52a8\u670d\u52a1 systemctl enable \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service Compute\u8282\u70b9 \u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-nova-compute \u7f16\u8f91 /etc/nova/nova.conf \u914d\u7f6e\u6587\u4ef6 \u5728 [default] \u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u4f7f\u7528Compute\u8282\u70b9\u7ba1\u7406IP\u914d\u7f6emy_ip\uff0c\u663e\u5f0f\u5b9a\u4e49compute_driver\u3001instances_path\u3001log_dir\uff1a [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 192.168.0.3 compute_driver = libvirt.LibvirtDriver instances_path = /var/lib/nova/instances log_dir = /var/log/nova \u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u5728 [vnc] \u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1a [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html \u5728 [glance] \u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1a [glance] api_servers = http://controller:9292 \u5728 [oslo_concurrency] \u90e8\u5206\uff0c\u914d\u7f6elock path\uff1a [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\uff1a [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86_64\uff09 \u5904\u7406\u5668\u4e3ax86_64\u67b6\u6784\u65f6\uff0c\u53ef\u901a\u8fc7\u8fd0\u884c\u5982\u4e0b\u547d\u4ee4\u786e\u8ba4\u662f\u5426\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662f\u9ed8\u8ba4\u7684KVM\u3002\u7f16\u8f91 /etc/nova/nova.conf \u7684 [libvirt] \u90e8\u5206\uff1a [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e\u3002 \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08arm64\uff09 \u5904\u7406\u5668\u4e3aarm64\u67b6\u6784\u65f6\uff0c\u53ef\u901a\u8fc7\u8fd0\u884c\u5982\u4e0b\u547d\u4ee4\u786e\u8ba4\u662f\u5426\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff1a virt-host-validate # \u8be5\u547d\u4ee4\u7531libvirt\u63d0\u4f9b\uff0c\u6b64\u65f6libvirt\u5e94\u5df2\u4f5c\u4e3aopenstack-nova-compute\u4f9d\u8d56\u88ab\u5b89\u88c5\uff0c\u73af\u5883\u4e2d\u5df2\u6709\u6b64\u547d\u4ee4 \u663e\u793aFAIL\u65f6\uff0c\u8868\u793a\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662f\u9ed8\u8ba4\u7684KVM\u3002 QEMU: Checking if device /dev/kvm exists: FAIL (Check that CPU and firmware supports virtualization and kvm module is loaded) \u7f16\u8f91 /etc/nova/nova.conf \u7684 [libvirt] \u90e8\u5206\uff1a [libvirt] virt_type = qemu \u663e\u793aPASS\u65f6\uff0c\u8868\u793a\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e\u3002 QEMU: Checking if device /dev/kvm exists: PASS \u914d\u7f6eqemu\uff08\u4ec5arm64\uff09 \u4ec5\u5f53\u5904\u7406\u5668\u4e3aarm64\u67b6\u6784\u65f6\u9700\u8981\u6267\u884c\u6b64\u64cd\u4f5c\u3002 \u7f16\u8f91 /etc/libvirt/qemu.conf : nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u7f16\u8f91 /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } \u542f\u52a8\u670d\u52a1 systemctl enable libvirtd.service openstack-nova-compute.service systemctl start libvirtd.service openstack-nova-compute.service Controller\u8282\u70b9 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u786e\u8ba4nova-compute\u670d\u52a1\u5df2\u8bc6\u522b\u5230\u6570\u636e\u5e93\u4e2d\uff1a openstack compute service list --service nova-compute \u53d1\u73b0\u8ba1\u7b97\u8282\u70b9\uff0c\u5c06\u8ba1\u7b97\u8282\u70b9\u6dfb\u52a0\u5230cell\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova \u7ed3\u679c\u5982\u4e0b\uff1a Modules with known eventlet monkey patching issues were imported prior to eventlet monkey patching: urllib3. This warning can usually be ignored if the caller is only importing and not executing nova code. Found 2 cell mappings. Skipping cell0 since it does not contain hosts. Getting computes from cell 'cell1': 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2 Checking host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e Creating host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e Found 1 unmapped computes in cell: 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2 \u9a8c\u8bc1 \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check","title":"Nova"},{"location":"install/openEuler-22.09/OpenStack-yoga/#neutron","text":"Neutron\u662fOpenStack\u7684\u7f51\u7edc\u670d\u52a1\uff0c\u63d0\u4f9b\u865a\u62df\u4ea4\u6362\u673a\u3001IP\u8def\u7531\u3001DHCP\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u670d\u52a1\u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u7528\u6237\u548c\u670d\u52a1\uff0c\u5e76\u8bb0\u4f4f\u521b\u5efaneutron\u7528\u6237\u65f6\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6eNEUTRON_PASS\uff1a source ~/.admin-openrc openstack user create --domain default --password-prompt neutron openstack role add --project service --user neutron admin openstack service create --name neutron --description \"OpenStack Networking\" network \u90e8\u7f72 Neutron API \u670d\u52a1\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 openstack endpoint create --region RegionOne network internal http://controller:9696 openstack endpoint create --region RegionOne network admin http://controller:9696 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install -y openstack-neutron openstack-neutron-linuxbridge ebtables ipset openstack-neutron-ml2 3. \u914d\u7f6eNeutron \u4fee\u6539/etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron [DEFAULT] core_plugin = ml2 service_plugins = router allow_overlapping_ips = true transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = nova password = NOVA_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u914d\u7f6eML2\uff0cML2\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge** \u4fee\u6539/etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u4fee\u6539/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u914d\u7f6eLayer-3\u4ee3\u7406 \u4fee\u6539/etc/neutron/l3_agent.ini [DEFAULT] interface_driver = linuxbridge \u914d\u7f6eDHCP\u4ee3\u7406 \u4fee\u6539/etc/neutron/dhcp_agent.ini [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u914d\u7f6emetadata\u4ee3\u7406 \u4fee\u6539/etc/neutron/metadata_agent.ini [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u914d\u7f6enova\u670d\u52a1\u4f7f\u7528neutron\uff0c\u4fee\u6539/etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542fnova api\u670d\u52a1 systemctl restart openstack-nova-api \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service systemctl start neutron-server.service neutron-linuxbridge-agent.service \\ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service Compute\u8282\u70b9 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-neutron-linuxbridge ebtables ipset -y \u914d\u7f6eNeutron \u4fee\u6539/etc/neutron/neutron.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u4fee\u6539/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u914d\u7f6enova compute\u670d\u52a1\u4f7f\u7528neutron\uff0c\u4fee\u6539/etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS \u91cd\u542fnova-compute\u670d\u52a1 systemctl restart openstack-nova-compute.service \u542f\u52a8Neutron linuxbridge agent\u670d\u52a1 systemctl enable neutron-linuxbridge-agent systemctl start neutron-linuxbridge-agent","title":"Neutron"},{"location":"install/openEuler-22.09/OpenStack-yoga/#cinder","text":"Cinder\u662fOpenStack\u7684\u5b58\u50a8\u670d\u52a1\uff0c\u63d0\u4f9b\u5757\u8bbe\u5907\u7684\u521b\u5efa\u3001\u53d1\u653e\u3001\u5907\u4efd\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \uff1a \u521d\u59cb\u5316\u6570\u636e\u5e93 CINDER_DBPASS \u662f\u7528\u6237\u81ea\u5b9a\u4e49\u7684cinder\u6570\u636e\u5e93\u5bc6\u7801\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u521d\u59cb\u5316Keystone\u8d44\u6e90\u5bf9\u8c61 source ~/.admin-openrc #\u521b\u5efa\u7528\u6237\u65f6\uff0c\u547d\u4ee4\u884c\u4f1a\u63d0\u793a\u8f93\u5165\u5bc6\u7801\uff0c\u8bf7\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u5bc6\u7801\uff0c\u4e0b\u6587\u6d89\u53ca\u5230`CINDER_PASS`\u7684\u5730\u65b9\u66ff\u6362\u6210\u8be5\u5bc6\u7801\u5373\u53ef\u3002 openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s 3. \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-cinder-api openstack-cinder-scheduler \u4fee\u6539cinder\u914d\u7f6e\u6587\u4ef6 /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 192.168.0.2 [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp \u6570\u636e\u5e93\u540c\u6b65 su -s /bin/sh -c \"cinder-manage db sync\" cinder \u4fee\u6539nova\u914d\u7f6e /etc/nova/nova.conf [cinder] os_region_name = RegionOne \u542f\u52a8\u670d\u52a1 systemctl restart openstack-nova-api systemctl start openstack-cinder-api openstack-cinder-scheduler Storage\u8282\u70b9 \uff1a Storage\u8282\u70b9\u8981\u63d0\u524d\u51c6\u5907\u81f3\u5c11\u4e00\u5757\u786c\u76d8\uff0c\u4f5c\u4e3acinder\u7684\u5b58\u50a8\u540e\u7aef\uff0c\u4e0b\u6587\u9ed8\u8ba4storage\u8282\u70b9\u5df2\u7ecf\u5b58\u5728\u4e00\u5757\u672a\u4f7f\u7528\u7684\u786c\u76d8\uff0c\u8bbe\u5907\u540d\u79f0\u4e3a /dev/sdb \uff0c\u7528\u6237\u5728\u914d\u7f6e\u8fc7\u7a0b\u4e2d\uff0c\u8bf7\u6309\u7167\u771f\u5b9e\u73af\u5883\u4fe1\u606f\u8fdb\u884c\u540d\u79f0\u66ff\u6362\u3002 Cinder\u652f\u6301\u5f88\u591a\u7c7b\u578b\u7684\u540e\u7aef\u5b58\u50a8\uff0c\u672c\u6307\u5bfc\u4f7f\u7528\u6700\u7b80\u5355\u7684lvm\u4e3a\u53c2\u8003\uff0c\u5982\u679c\u60a8\u60f3\u4f7f\u7528\u5982ceph\u7b49\u5176\u4ed6\u540e\u7aef\uff0c\u8bf7\u81ea\u884c\u914d\u7f6e\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils openstack-cinder-volume openstack-cinder-backup \u914d\u7f6elvm\u5377\u7ec4 pvcreate /dev/sdb vgcreate cinder-volumes /dev/sdb \u4fee\u6539cinder\u914d\u7f6e /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 192.168.0.4 enabled_backends = lvm glance_api_servers = http://controller:9292 [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = cinder password = CINDER_PASS [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver volume_group = cinder-volumes target_protocol = iscsi target_helper = lioadm [oslo_concurrency] lock_path = /var/lib/cinder/tmp \u914d\u7f6ecinder backup \uff08\u53ef\u9009\uff09 cinder-backup\u662f\u53ef\u9009\u7684\u5907\u4efd\u670d\u52a1\uff0ccinder\u540c\u6837\u652f\u6301\u5f88\u591a\u79cd\u5907\u4efd\u540e\u7aef\uff0c\u672c\u6587\u4f7f\u7528swift\u5b58\u50a8\uff0c\u5982\u679c\u60a8\u60f3\u4f7f\u7528\u5982NFS\u7b49\u540e\u7aef\uff0c\u8bf7\u81ea\u884c\u914d\u7f6e\uff0c\u4f8b\u5982\u53ef\u4ee5\u53c2\u8003 OpenStack\u5b98\u65b9\u6587\u6863 \u5bf9NFS\u7684\u914d\u7f6e\u8bf4\u660e\u3002 \u4fee\u6539 /etc/cinder/cinder.conf \uff0c\u5728 [DEFAULT] \u4e2d\u65b0\u589e [DEFAULT] backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver backup_swift_url = SWIFT_URL \u8fd9\u91cc\u7684 SWIFT_URL \u662f\u6307\u73af\u5883\u4e2dswift\u670d\u52a1\u7684URL\uff0c\u5728\u90e8\u7f72\u5b8cswift\u670d\u52a1\u540e\uff0c\u6267\u884c openstack catalog show object-store \u547d\u4ee4\u83b7\u53d6\u3002 \u542f\u52a8\u670d\u52a1 systemctl start openstack-cinder-volume target systemctl start openstack-cinder-backup (\u53ef\u9009) \u81f3\u6b64\uff0cCinder\u670d\u52a1\u7684\u90e8\u7f72\u5df2\u5168\u90e8\u5b8c\u6210\uff0c\u53ef\u4ee5\u5728controller\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u8fdb\u884c\u7b80\u5355\u7684\u9a8c\u8bc1 source ~/.admin-openrc openstack storage service list openstack volume list","title":"Cinder"},{"location":"install/openEuler-22.09/OpenStack-yoga/#horizon","text":"Horizon\u662fOpenStack\u63d0\u4f9b\u7684\u524d\u7aef\u9875\u9762\uff0c\u53ef\u4ee5\u8ba9\u7528\u6237\u901a\u8fc7\u7f51\u9875\u9f20\u6807\u7684\u64cd\u4f5c\u6765\u63a7\u5236OpenStack\u96c6\u7fa4\uff0c\u800c\u4e0d\u7528\u7e41\u7410\u7684CLI\u547d\u4ee4\u884c\u3002Horizon\u4e00\u822c\u90e8\u7f72\u5728\u63a7\u5236\u8282\u70b9\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-dashboard \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] OPENSTACK_KEYSTONE_URL = \"http://controller:5000/v3\" SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f\u670d\u52a1 systemctl restart httpd \u81f3\u6b64\uff0chorizon\u670d\u52a1\u7684\u90e8\u7f72\u5df2\u5168\u90e8\u5b8c\u6210\uff0c\u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165 http://192.168.0.2/dashboard \uff0c\u6253\u5f00horizon\u767b\u5f55\u9875\u9762\u3002","title":"Horizon"},{"location":"install/openEuler-22.09/OpenStack-yoga/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASS'; MariaDB [(none)]> exit Bye \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 \u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 \u66ff\u6362 IRONIC_PASS \u4e3aironic\u7528\u6237\u5bc6\u7801\uff0c IRONIC_INSPECTOR_PASS \u4e3aironic_inspector\u7528\u6237\u5bc6\u7801\u3002 openstack user create --password IRONIC_PASS \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASS --email ironic_inspector@example.com ironic-inspector openstack role add --project service --user ironic-inspector admin \u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal public http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal internal http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://192.168.0.2:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://192.168.0.2:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://192.168.0.2:5050/v1 \u5b89\u88c5\u7ec4\u4ef6 dnf install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf \u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASS \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQ LAlchemy connection string used to connect to the # database (string value) # connection = mysql+pymysql://ironic:IRONIC_DBPASS@DB_IP/ironic connection = mysql+pymysql://ironic:IRONIC_DBPASS@controller/ironic \u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) # transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq \u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASS \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s % (user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) # www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 www_authenticate_uri=http://controller:5000 # Complete admin Identity API endpoint. (string value) # auth_url=http://PRIVATE_IDENTITY_IP:5000 auth_url=http://controller:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASS # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none \u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema \u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 \u5982\u4e0b\u4e3aironic-conductor\u670d\u52a1\u81ea\u8eab\u7684\u6807\u51c6\u914d\u7f6e\uff0cironic-conductor\u670d\u52a1\u53ef\u4ee5\u4e0eironic-api\u670d\u52a1\u5206\u5e03\u4e8e\u4e0d\u540c\u8282\u70b9\uff0c\u672c\u6307\u5357\u4e2d\u5747\u90e8\u7f72\u4e0e\u63a7\u5236\u8282\u70b9\uff0c\u6240\u4ee5\u91cd\u590d\u7684\u914d\u7f6e\u9879\u53ef\u8df3\u8fc7\u3002 \u66ff\u6362\u4f7f\u7528conductor\u670d\u52a1\u6240\u5728host\u7684IP\u914d\u7f6emy_ip\uff1a [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) # my_ip=HOST_IP my_ip = 192.168.0.2 \u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASS \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASS@controller/ironic \u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq \u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c \u66ff\u6362IRONIC_PASS\u4e3aironic\u7528\u6237\u5bc6\u7801\u3002 [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASS # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public # \u5176\u4ed6\u53c2\u8003\u914d\u7f6e [glance] endpoint_override = http://controller:9292 www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 auth_type = password username = ironic password = IRONIC_PASS project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service [service_catalog] region_name = RegionOne project_domain_id = default user_domain_id = default project_name = service password = IRONIC_PASS username = ironic auth_url = http://controller:5000 auth_type = password \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] endpoint_override = <NEUTRON_API_ADDRESS> \u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 \u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u5b89\u88c5\u7ec4\u4ef6 dnf install openstack-ironic-inspector \u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASS'; MariaDB [(none)]> exit Bye \u914d\u7f6e /etc/ironic-inspector/inspector.conf \u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASS \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801 [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASS@controller/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 \u914d\u7f6e\u6d88\u606f\u961f\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s % (user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://controller:5000 www_authenticate_uri = http://controller:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = controller:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True \u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=192.168.0.40,192.168.0.50 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log \u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c \u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade \u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 dnf install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd deploy ramdisk\u955c\u50cf\u4e0b\u8f7d\u6216\u5236\u4f5c \u90e8\u7f72\u4e00\u4e2a\u88f8\u673a\u8282\u70b9\u603b\u5171\u9700\u8981\u4e24\u7ec4\u955c\u50cf\uff1adeploy ramdisk images\u548cuser images\u3002Deploy ramdisk images\u4e0a\u8fd0\u884c\u6709ironic-python-agent(IPA)\u670d\u52a1\uff0cIronic\u901a\u8fc7\u5b83\u8fdb\u884c\u88f8\u673a\u8282\u70b9\u7684\u73af\u5883\u51c6\u5907\u3002User images\u662f\u6700\u7ec8\u88ab\u5b89\u88c5\u88f8\u673a\u8282\u70b9\u4e0a\uff0c\u4f9b\u7528\u6237\u4f7f\u7528\u7684\u955c\u50cf\u3002 ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent-builder\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002\u82e5\u4f7f\u7528\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \uff0c\u540c\u65f6\u5b98\u65b9\u4e5f\u6709\u63d0\u4f9b\u5236\u4f5c\u597d\u7684deploy\u955c\u50cf\uff0c\u53ef\u5c1d\u8bd5\u4e0b\u8f7d\u3002 \u4e0b\u6587\u4ecb\u7ecd\u901a\u8fc7ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder dnf install python3-ironic-python-agent-builder python3-ironic-python-agent-builder-doc \u6216 pip3 install ironic-python-agent-builder dnf install qemu-img git \u6ce8\uff1a22.09\u7cfb\u7edf\u4e2d\uff0c\u4f7f\u7528dnf\u5b89\u88c5\u65f6\uff0c\u9700\u8981\u540c\u65f6\u6309\u7167\u4e3b\u5305\u548cdoc\u5305\u3002doc\u5305\u5185\u6253\u5305\u7684 /usr/share \u76ee\u5f55\u4e2d\u6587\u4ef6\u4e3a\u8fd0\u884c\u6240\u9700\uff0c\u540e\u7eed\u7cfb\u7edf\u7248\u672c\u5c06\u5408\u5e76\u6587\u4ef6\u5230python3-ironic-python-agent-builder\u5305\u4e2d\u3002 \u5236\u4f5c\u955c\u50cf \u57fa\u672c\u7528\u6cd5\uff1a usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--lzma] [--extra-args EXTRA_ARGS] [--elements-path ELEMENTS_PATH] distribution positional arguments: distribution Distribution to use options: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic-python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --lzma Use lzma compression for smaller images --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder --elements-path ELEMENTS_PATH Path(s) to custom DIB elements separated by a colon \u64cd\u4f5c\u5b9e\u4f8b\uff1a # -o\u9009\u9879\u6307\u5b9a\u751f\u6210\u7684\u955c\u50cf\u540d # ubuntu\u6307\u5b9a\u751f\u6210ubuntu\u7cfb\u7edf\u7684\u955c\u50cf ironic-python-agent-builder -o my-ubuntu-ipa ubuntu \u53ef\u901a\u8fc7\u8bbe\u7f6e ARCH \u73af\u5883\u53d8\u91cf\uff08\u9ed8\u8ba4\u4e3aamd64\uff09\u6307\u5b9a\u6240\u6784\u5efa\u955c\u50cf\u7684\u67b6\u6784\u3002\u5982\u679c\u662f arm \u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a export ARCH=aarch64 \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf,\u8bbe\u7f6e\u7528\u6237\u540d\u3001\u5bc6\u7801\uff0c\u542f\u7528 sodo \u6743\u9650\uff1b\u5e76\u6dfb\u52a0 -e \u9009\u9879\u4f7f\u7528\u76f8\u5e94\u7684DIB\u5143\u7d20\u3002\u5236\u4f5c\u955c\u50cf\u64cd\u4f5c\u5982\u4e0b\uff1a export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder -o my-ssh-ubuntu-ipa -e selinux-permissive -e devuser ubuntu \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=stable/yoga # \u6307\u5b9a\u672c\u5730\u4ed3\u5e93\u53ca\u5206\u652f DIB_REPOLOCATION_ironic_python_agent=/home/user/path/to/repo DIB_REPOREF_ironic_python_agent=my-test-branch ironic-python-agent-builder ubuntu \u53c2\u8003\uff1a source-repositories \u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\u3002 \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a \u5f53\u524d\u7248\u672c\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ ramdisk\u955c\u50cf\u4e2d\u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 \u7f16\u8f91/usr/lib/systemd/system/ironic-python-agent.service\u6587\u4ef6 [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target","title":"Ironic"},{"location":"install/openEuler-22.09/OpenStack-yoga/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2atrove\u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684trove\u6570\u636e\u5e93\uff0c\u66ff\u6362TROVE_DBPASS\u4e3a\u5408\u9002\u7684\u5bc6\u7801\u3002 CREATE DATABASE trove CHARACTER SET utf8; GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' IDENTIFIED BY 'TROVE_DBPASS'; GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' IDENTIFIED BY 'TROVE_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 # \u521b\u5efatrove\u7528\u6237 openstack user create --domain default --password-prompt trove # \u6dfb\u52a0admin\u89d2\u8272 openstack role add --project service --user trove admin # \u521b\u5efadatabase\u670d\u52a1 openstack service create --name trove --description \"Database service\" database \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5Trove\u3002 dnf install openstack-trove python-troveclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 \u7f16\u8f91/etc/trove/trove.conf\u3002 [DEFAULT] bind_host=192.168.0.2 log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver network_label_regex=.* management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] auth_url = http://controller:5000/v3/ auth_type = password project_domain_name = Default project_name = service user_domain_name = Default password = trove username = TROVE_PASS [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = trove password = TROVE_PASS [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u63a7\u5236\u8282\u70b9\u7684IP\u3002\\ transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801\u3002\\ [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f\u3002\\ Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801\u3002 \u7f16\u8f91/etc/trove/trove-guestagent.conf\u3002 [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df\u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a\u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002\\ transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801\u3002\\ Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801\u3002\\ \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 \u6570\u636e\u5e93\u540c\u6b65\u3002 su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-trove-api.service openstack-trove-taskmanager.service \\ openstack-trove-conductor.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove"},{"location":"install/openEuler-22.09/OpenStack-yoga/#swift","text":"Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 Controller\u8282\u70b9 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 # \u521b\u5efaswift\u7528\u6237 openstack user create --domain default --password-prompt swift # \u6dfb\u52a0admin\u89d2\u8272 openstack role add --project service --user swift admin # \u521b\u5efa\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5Swift\u3002 dnf install openstack-swift-proxy python3-swiftclient python3-keystoneclient \\ python3-keystonemiddleware memcached \u914d\u7f6eproxy-server\u3002 Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cSWIFT_PASS\u5373\u53ef\u3002 vim /etc/swift/proxy-server.conf [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = swift password = SWIFT_PASS delay_auth_decision = True service_token_roles_required = True Storage\u8282\u70b9 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305\u3002 dnf install openstack-swift-account openstack-swift-container openstack-swift-object dnf install xfsprogs rsync \u5c06\u8bbe\u5907/dev/sdb\u548c/dev/sdc\u683c\u5f0f\u5316\u4e3aXFS\u3002 mkfs.xfs /dev/sdb mkfs.xfs /dev/sdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u3002 mkdir -p /srv/node/sdb mkdir -p /srv/node/sdc \u627e\u5230\u65b0\u5206\u533a\u7684UUID\u3002 blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d\u3002 UUID=\"<UUID-from-output-above>\" /srv/node/sdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/sdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\u3002 mount /srv/node/sdb mount /srv/node/sdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e\u3002 \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u914d\u7f6e\u5b58\u50a8\u8282\u70b9\u3002 \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 [DEFAULT] bind_ip = 192.168.0.4 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743\u3002 chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\u3002 mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift Controller\u8282\u70b9\u521b\u5efa\u5e76\u5206\u53d1\u73af \u521b\u5efa\u8d26\u53f7\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840 account.builder \u6587\u4ef6\u3002 swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder account.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS \\ --port 6202 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u8d26\u53f7\u73af\u5185\u5bb9\u3002 swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u8d26\u53f7\u73af\u3002 swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\u3002 swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder container.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u5bb9\u5668\u73af\u5185\u5bb9\u3002 swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u5bb9\u5668\u73af\u3002 swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\u3002 swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder object.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS \\ --port 6200 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u5bf9\u8c61\u73af\u5185\u5bb9\u3002 swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u5bf9\u8c61\u73af\u3002 swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\u3002 \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/swift/swift.conf\u3002 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\u3002 chown -R root:swift /etc/swift \u5b8c\u6210\u5b89\u88c5 \u5728\u63a7\u5236\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\u3002 systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\u3002 systemctl enable openstack-swift-account.service \\ openstack-swift-account-auditor.service \\ openstack-swift-account-reaper.service \\ openstack-swift-account-replicator.service \\ openstack-swift-container.service \\ openstack-swift-container-auditor.service \\ openstack-swift-container-replicator.service \\ openstack-swift-container-updater.service \\ openstack-swift-object.service \\ openstack-swift-object-auditor.service \\ openstack-swift-object-replicator.service \\ openstack-swift-object-updater.service systemctl start openstack-swift-account.service \\ openstack-swift-account-auditor.service \\ openstack-swift-account-reaper.service \\ openstack-swift-account-replicator.service \\ openstack-swift-container.service \\ openstack-swift-container-auditor.service \\ openstack-swift-container-replicator.service \\ openstack-swift-container-updater.service \\ openstack-swift-object.service \\ openstack-swift-object-auditor.service \\ openstack-swift-object-replicator.service \\ openstack-swift-object-updater.service","title":"Swift"},{"location":"install/openEuler-22.09/OpenStack-yoga/#cyborg","text":"Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 Controller\u8282\u70b9 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 mysql -u root -p MariaDB [(none)]> CREATE DATABASE cyborg; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u7528\u6237\u548c\u670d\u52a1\uff0c\u5e76\u8bb0\u4f4f\u521b\u5efacybory\u7528\u6237\u65f6\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6eCYBORG_PASS source ~/.admin-openrc openstack user create --domain default --password-prompt cyborg openstack role add --project service --user cyborg admin openstack service create --name cyborg --description \"Acceleration Service\" accelerator \u4f7f\u7528uwsgi\u90e8\u7f72Cyborg api\u670d\u52a1 openstack endpoint create --region RegionOne accelerator public http://controller/accelerator/v2 openstack endpoint create --region RegionOne accelerator internal http://controller/accelerator/v2 openstack endpoint create --region RegionOne accelerator admin http://controller/accelerator/v2 \u5b89\u88c5Cyborg dnf install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [api] host_ip = 0.0.0.0 [database] connection = mysql+pymysql://cyborg:CYBORG_DBPASS@controller/cyborg [service_catalog] cafile = /opt/stack/data/ca-bundle.pem project_domain_id = default user_domain_id = default project_name = service password = CYBORG_PASS username = cyborg auth_url = http://controller:5000/v3/ auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = password username = PLACEMENT_PASS auth_url = http://controller:5000/v3/ auth_type = password auth_section = keystone_authtoken [nova] project_domain_name = Default project_name = service user_domain_name = Default password = NOVA_PASS username = nova auth_url = http://controller:5000/v3/ auth_type = password auth_section = keystone_authtoken [keystone_authtoken] memcached_servers = localhost:11211 signing_dir = /var/cache/cyborg/api cafile = /opt/stack/data/ca-bundle.pem project_domain_name = Default project_name = service user_domain_name = Default password = CYBORG_PASS username = cyborg auth_url = http://controller:5000/v3/ auth_type = password \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent","title":"Cyborg"},{"location":"install/openEuler-22.09/OpenStack-yoga/#aodh","text":"Aodh\u53ef\u4ee5\u6839\u636e\u7531Ceilometer\u6216\u8005Gnocchi\u6536\u96c6\u7684\u76d1\u63a7\u6570\u636e\u521b\u5efa\u544a\u8b66\uff0c\u5e76\u8bbe\u7f6e\u89e6\u53d1\u89c4\u5219\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh\u3002 dnf install openstack-aodh-api openstack-aodh-evaluator \\ openstack-aodh-notifier openstack-aodh-listener \\ openstack-aodh-expirer python3-aodhclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/aodh/aodh.conf [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u540c\u6b65\u6570\u636e\u5e93\u3002 aodh-dbsync \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service \\ openstack-aodh-notifier.service openstack-aodh-listener.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service \\ openstack-aodh-notifier.service openstack-aodh-listener.service","title":"Aodh"},{"location":"install/openEuler-22.09/OpenStack-yoga/#gnocchi","text":"Gnocchi\u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u65f6\u95f4\u5e8f\u5217\u6570\u636e\u5e93\uff0c\u53ef\u4ee5\u5bf9\u63a5Ceilometer\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi\u3002 dnf install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. # coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u540c\u6b65\u6570\u636e\u5e93\u3002 gnocchi-upgrade \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service","title":"Gnocchi"},{"location":"install/openEuler-22.09/OpenStack-yoga/#ceilometer","text":"Ceilometer\u662fOpenStack\u4e2d\u8d1f\u8d23\u6570\u636e\u6536\u96c6\u7684\u670d\u52a1\u3002 Controller\u8282\u70b9 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer\u8f6f\u4ef6\u5305\u3002 dnf install openstack-ceilometer-notification openstack-ceilometer-central \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/pipeline.yaml\u3002 publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/ceilometer.conf\u3002 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u6570\u636e\u5e93\u540c\u6b65\u3002 ceilometer-upgrade \u5b8c\u6210\u63a7\u5236\u8282\u70b9Ceilometer\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Compute\u8282\u70b9 \u5b89\u88c5Ceilometer\u8f6f\u4ef6\u5305\u3002 dnf install openstack-ceilometer-compute dnf install openstack-ceilometer-ipmi # \u53ef\u9009 \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/ceilometer.conf\u3002 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_url = http://controller:5000 project_domain_id = default user_domain_id = default auth_type = password username = ceilometer project_name = service password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/nova/nova.conf\u3002 [DEFAULT] instance_usage_audit = True instance_usage_audit_period = hour [notifications] notify_on_state_change = vm_and_task_state [oslo_messaging_notifications] driver = messagingv2 \u5b8c\u6210\u5b89\u88c5\u3002 systemctl enable openstack-ceilometer-compute.service systemctl start openstack-ceilometer-compute.service systemctl enable openstack-ceilometer-ipmi.service # \u53ef\u9009 systemctl start openstack-ceilometer-ipmi.service # \u53ef\u9009 # \u91cd\u542fnova-compute\u670d\u52a1 systemctl restart openstack-nova-compute.service","title":"Ceilometer"},{"location":"install/openEuler-22.09/OpenStack-yoga/#heat","text":"Heat\u662f OpenStack \u81ea\u52a8\u7f16\u6392\u670d\u52a1\uff0c\u57fa\u4e8e\u63cf\u8ff0\u6027\u7684\u6a21\u677f\u6765\u7f16\u6392\u590d\u5408\u4e91\u5e94\u7528\uff0c\u4e5f\u79f0\u4e3a Orchestration Service \u3002Heat \u7684\u5404\u670d\u52a1\u4e00\u822c\u5b89\u88c5\u5728 Controller \u8282\u70b9\u4e0a\u3002 Controller\u8282\u70b9 \u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE heat; MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 source ~/.admin-openrc openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f \u521b\u5efa heat domain openstack domain create --description \"Stack projects and users\" heat \u5728 heat domain\u4e0b\u521b\u5efa heat_domain_admin \u7528\u6237\uff0c\u5e76\u8bb0\u4e0b\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6e\u4e0b\u9762\u7684 HEAT_DOMAIN_PASS openstack user create --domain heat --password-prompt heat_domain_admin \u4e3a heat_domain_admin \u7528\u6237\u589e\u52a0 admin \u89d2\u8272 openstack role add --domain heat --user-domain heat --user heat_domain_admin admin \u521b\u5efa heat_stack_owner \u89d2\u8272 openstack role create heat_stack_owner \u521b\u5efa heat_stack_user \u89d2\u8272 openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service","title":"Heat"},{"location":"install/openEuler-22.09/OpenStack-yoga/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 Controller\u8282\u70b9 \uff1a \u5b89\u88c5Tempest dnf install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Yoga\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a dnf install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin","title":"Tempest"},{"location":"install/openEuler-22.09/OpenStack-yoga/#openstack-sigoos","text":"oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 oos\u5de5\u5177\u5728\u4e0d\u65ad\u6f14\u8fdb\uff0c\u517c\u5bb9\u6027\u3001\u53ef\u7528\u6027\u4e0d\u80fd\u65f6\u523b\u4fdd\u8bc1\uff0c\u5efa\u8bae\u4f7f\u7528\u5df2\u9a8c\u8bc1\u7684\u672c\u7248\uff0c\u8fd9\u91cc\u9009\u62e9 1.0.6 pip install openstack-sig-tool==1.0.6 \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff0cAK/SK\u662f\u7528\u6237\u7684\u534e\u4e3a\u4e91\u767b\u5f55\u5bc6\u94a5\uff0c\u5176\u4ed6\u914d\u7f6e\u4fdd\u6301\u9ed8\u8ba4\u5373\u53ef\uff08\u9ed8\u8ba4\u4f7f\u7528\u65b0\u52a0\u5761region\uff09\uff0c\u9700\u8981\u63d0\u524d\u5728\u4e91\u4e0a\u521b\u5efa\u5bf9\u5e94\u7684\u8d44\u6e90\uff0c\u5305\u62ec\uff1a \u4e00\u4e2a\u5b89\u5168\u7ec4\uff0c\u540d\u5b57\u9ed8\u8ba4\u662f oos \u4e00\u4e2aopenEuler\u955c\u50cf\uff0c\u540d\u79f0\u683c\u5f0f\u662fopenEuler-%(release)s-%(arch)s\uff0c\u4f8b\u5982 openEuler-22.09-arm64 \u4e00\u4e2aVPC\uff0c\u540d\u79f0\u662f oos_vpc \u8be5VPC\u4e0b\u9762\u4e24\u4e2a\u5b50\u7f51\uff0c\u540d\u79f0\u662f oos_subnet1 \u3001 oos_subnet2 [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668(\u53ea\u5728openEuler LTS\u4e0a\u652f\u6301) \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 22.09\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 22.09 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r yoga \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u6267\u884ctempest\u6d4b\u8bd5 \u7528\u6237\u53ef\u4ee5\u4f7f\u7528oos\u81ea\u52a8\u6267\u884c\uff1a oos env test test-oos \u4e5f\u53ef\u4ee5\u624b\u52a8\u767b\u5f55\u76ee\u6807\u8282\u70b9\uff0c\u8fdb\u5165\u6839\u76ee\u5f55\u4e0b\u7684 mytest \u76ee\u5f55\uff0c\u624b\u52a8\u6267\u884c tempest run \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u8df3\u8fc7\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u5728\u7b2c4\u6b65\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 \u88ab\u7eb3\u7ba1\u7684\u865a\u673a\u9700\u8981\u4fdd\u8bc1\uff1a \u81f3\u5c11\u6709\u4e00\u5f20\u7ed9oos\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e neutron_dataplane_interface_name \u81f3\u5c11\u6709\u4e00\u5757\u7ed9oos\u4f7f\u7528\u7684\u786c\u76d8\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e cinder_block_device \u5982\u679c\u8981\u90e8\u7f72swift\u670d\u52a1\uff0c\u5219\u9700\u8981\u65b0\u589e\u4e00\u5757\u786c\u76d8\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e swift_storage_devices # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 22.09 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"\u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u90e8\u7f72"},{"location":"install/openEuler-22.09/OpenStack-yoga/#openstack-sigopensd","text":"opensd\u7528\u4e8e\u6279\u91cf\u5730\u811a\u672c\u5316\u90e8\u7f72openstack\u5404\u7ec4\u4ef6\u670d\u52a1\u3002","title":"\u57fa\u4e8eOpenStack SIG\u90e8\u7f72\u5de5\u5177opensd\u90e8\u7f72"},{"location":"install/openEuler-22.09/OpenStack-yoga/#_7","text":"","title":"\u90e8\u7f72\u6b65\u9aa4"},{"location":"install/openEuler-22.09/OpenStack-yoga/#1","text":"\u88c5\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u9700\u5c06selinux\u8bbe\u7f6e\u4e3adisable \u88c5\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u5c06/etc/ssh/sshd_config\u914d\u7f6e\u6587\u4ef6\u5185\u7684UseDNS\u8bbe\u7f6e\u4e3ano \u64cd\u4f5c\u7cfb\u7edf\u8bed\u8a00\u5fc5\u987b\u8bbe\u7f6e\u4e3a\u82f1\u6587 \u90e8\u7f72\u4e4b\u524d\u8bf7\u786e\u4fdd\u6240\u6709\u8ba1\u7b97\u8282\u70b9/etc/hosts\u6587\u4ef6\u5185\u6ca1\u6709\u5bf9\u8ba1\u7b97\u4e3b\u673a\u7684\u89e3\u6790","title":"1. \u90e8\u7f72\u524d\u9700\u8981\u786e\u8ba4\u7684\u4fe1\u606f"},{"location":"install/openEuler-22.09/OpenStack-yoga/#2-ceph-pool","text":"\u4e0d\u4f7f\u7528ceph\u6216\u5df2\u6709ceph\u96c6\u7fa4\u53ef\u5ffd\u7565\u6b64\u6b65\u9aa4 \u5728\u4efb\u610f\u4e00\u53f0ceph monitor\u8282\u70b9\u6267\u884c:","title":"2. ceph pool\u4e0e\u8ba4\u8bc1\u521b\u5efa\uff08\u53ef\u9009\uff09"},{"location":"install/openEuler-22.09/OpenStack-yoga/#21-pool","text":"ceph osd pool create volumes 2048 ceph osd pool create images 2048","title":"2.1 \u521b\u5efapool:"},{"location":"install/openEuler-22.09/OpenStack-yoga/#22-pool","text":"rbd pool init volumes rbd pool init images","title":"2.2 \u521d\u59cb\u5316pool"},{"location":"install/openEuler-22.09/OpenStack-yoga/#23","text":"ceph auth get-or-create client.glance mon 'profile rbd' osd 'profile rbd pool=images' mgr 'profile rbd pool=images' ceph auth get-or-create client.cinder mon 'profile rbd' osd 'profile rbd pool=volumes, profile rbd pool=images' mgr 'profile rbd pool=volumes'","title":"2.3 \u521b\u5efa\u7528\u6237\u8ba4\u8bc1"},{"location":"install/openEuler-22.09/OpenStack-yoga/#3-lvm","text":"\u6839\u636e\u7269\u7406\u673a\u78c1\u76d8\u914d\u7f6e\u4e0e\u95f2\u7f6e\u60c5\u51b5\uff0c\u4e3amysql\u6570\u636e\u76ee\u5f55\u6302\u8f7d\u989d\u5916\u7684\u78c1\u76d8\u7a7a\u95f4\u3002\u793a\u4f8b\u5982\u4e0b\uff08\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u505a\u914d\u7f6e\uff09\uff1a fdisk -l Disk /dev/sdd: 479.6 GB, 479559942144 bytes, 936640512 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes Disk label type: dos Disk identifier: 0x000ed242 \u521b\u5efa\u5206\u533a parted /dev/sdd mkparted 0 -1 \u521b\u5efapv partprobe /dev/sdd1 pvcreate /dev/sdd1 \u521b\u5efa\u3001\u6fc0\u6d3bvg vgcreate vg_mariadb /dev/sdd1 vgchange -ay vg_mariadb \u67e5\u770bvg\u5bb9\u91cf vgdisplay --- Volume group --- VG Name vg_mariadb System ID Format lvm2 Metadata Areas 1 Metadata Sequence No 2 VG Access read/write VG Status resizable MAX LV 0 Cur LV 1 Open LV 1 Max PV 0 Cur PV 1 Act PV 1 VG Size 446.62 GiB PE Size 4.00 MiB Total PE 114335 Alloc PE / Size 114176 / 446.00 GiB Free PE / Size 159 / 636.00 MiB VG UUID bVUmDc-VkMu-Vi43-mg27-TEkG-oQfK-TvqdEc \u521b\u5efalv lvcreate -L 446G -n lv_mariadb vg_mariadb \u683c\u5f0f\u5316\u78c1\u76d8\u5e76\u83b7\u53d6\u5377\u7684UUID mkfs.ext4 /dev/mapper/vg_mariadb-lv_mariadb blkid /dev/mapper/vg_mariadb-lv_mariadb /dev/mapper/vg_mariadb-lv_mariadb: UUID=\"98d513eb-5f64-4aa5-810e-dc7143884fa2\" TYPE=\"ext4\" \u6ce8\uff1a98d513eb-5f64-4aa5-810e-dc7143884fa2\u4e3a\u5377\u7684UUID \u6302\u8f7d\u78c1\u76d8 mount /dev/mapper/vg_mariadb-lv_mariadb /var/lib/mysql rm -rf /var/lib/mysql/*","title":"3. \u914d\u7f6elvm\uff08\u53ef\u9009\uff09"},{"location":"install/openEuler-22.09/OpenStack-yoga/#4-yum-repo","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"4. \u914d\u7f6eyum repo"},{"location":"install/openEuler-22.09/OpenStack-yoga/#41-yum","text":"mkdir /etc/yum.repos.d/bak/ mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak/","title":"4.1 \u5907\u4efdyum\u6e90"},{"location":"install/openEuler-22.09/OpenStack-yoga/#42-yum-repo","text":"cat > /etc/yum.repos.d/opensd.repo << EOF [epol] name=epol baseurl=http://repo.openeuler.org/openEuler-22.09/EPOL/main/$basearch/ enabled=1 gpgcheck=0 [everything] name=everything baseurl=http://repo.openeuler.org/openEuler-22.09/$basearch/ enabled=1 gpgcheck=0 EOF","title":"4.2 \u914d\u7f6eyum repo"},{"location":"install/openEuler-22.09/OpenStack-yoga/#43-yum","text":"yum clean all yum makecache","title":"4.3 \u66f4\u65b0yum\u7f13\u5b58"},{"location":"install/openEuler-22.09/OpenStack-yoga/#5-opensd","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"5. \u5b89\u88c5opensd"},{"location":"install/openEuler-22.09/OpenStack-yoga/#51-opensd","text":"git clone https://gitee.com/openeuler/opensd cd opensd python3 setup.py install","title":"5.1 \u514b\u9686opensd\u6e90\u7801\u5e76\u5b89\u88c5"},{"location":"install/openEuler-22.09/OpenStack-yoga/#6-ssh","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"6. \u505assh\u4e92\u4fe1"},{"location":"install/openEuler-22.09/OpenStack-yoga/#61","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u5e76\u4e00\u8def\u56de\u8f66 ssh-keygen","title":"6.1 \u751f\u6210\u5bc6\u94a5\u5bf9"},{"location":"install/openEuler-22.09/OpenStack-yoga/#62-ip","text":"\u5728auto_ssh_host_ip\u4e2d\u914d\u7f6e\u6240\u6709\u7528\u5230\u7684\u4e3b\u673aip, \u793a\u4f8b\uff1a cd /usr/local/share/opensd/tools/ vim auto_ssh_host_ip 10.0.0.1 10.0.0.2 ... 10.0.0.10","title":"6.2 \u751f\u6210\u4e3b\u673aIP\u5730\u5740\u6587\u4ef6"},{"location":"install/openEuler-22.09/OpenStack-yoga/#63","text":"\u5c06\u514d\u5bc6\u811a\u672c /usr/local/bin/opensd-auto-ssh \u5185123123\u66ff\u6362\u4e3a\u4e3b\u673a\u771f\u5b9e\u5bc6\u7801 # \u66ff\u6362\u811a\u672c\u5185123123\u5b57\u7b26\u4e32 vim /usr/local/bin/opensd-auto-ssh ## \u5b89\u88c5expect\u540e\u6267\u884c\u811a\u672c dnf install expect -y opensd-auto-ssh","title":"6.3 \u66f4\u6539\u5bc6\u7801\u5e76\u6267\u884c\u811a\u672c"},{"location":"install/openEuler-22.09/OpenStack-yoga/#64-ceph-monitor","text":"ssh-copy-id root@x.x.x.x","title":"6.4 \u90e8\u7f72\u8282\u70b9\u4e0eceph monitor\u505a\u4e92\u4fe1\uff08\u53ef\u9009\uff09"},{"location":"install/openEuler-22.09/OpenStack-yoga/#7-opensd","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"7. \u914d\u7f6eopensd"},{"location":"install/openEuler-22.09/OpenStack-yoga/#71","text":"\u5b89\u88c5 python3-pbr, python3-utils, python3-pyyaml, python3-oslo-utils\u5e76\u968f\u673a\u751f\u6210\u5bc6\u7801 dnf install python3-pbr python3-utils python3-pyyaml python3-oslo-utils -y # \u6267\u884c\u547d\u4ee4\u751f\u6210\u5bc6\u7801 opensd-genpwd # \u68c0\u67e5\u5bc6\u7801\u662f\u5426\u751f\u6210 cat /usr/local/share/opensd/etc_examples/opensd/passwords.yml","title":"7.1 \u751f\u6210\u968f\u673a\u5bc6\u7801"},{"location":"install/openEuler-22.09/OpenStack-yoga/#72-inventory","text":"\u4e3b\u673a\u4fe1\u606f\u5305\u542b\uff1a\u4e3b\u673a\u540d\u3001ansible_host IP\u3001availability_zone\uff0c\u4e09\u8005\u5747\u9700\u914d\u7f6e\u7f3a\u4e00\u4e0d\u53ef\uff0c\u793a\u4f8b\uff1a vim /usr/local/share/opensd/ansible/inventory/multinode # \u4e09\u53f0\u63a7\u5236\u8282\u70b9\u4e3b\u673a\u4fe1\u606f [control] controller1 ansible_host=10.0.0.35 availability_zone=az01.cell01.cn-yogadev-1 controller2 ansible_host=10.0.0.36 availability_zone=az01.cell01.cn-yogadev-1 controller3 ansible_host=10.0.0.37 availability_zone=az01.cell01.cn-yogadev-1 # \u7f51\u7edc\u8282\u70b9\u4fe1\u606f\uff0c\u4e0e\u63a7\u5236\u8282\u70b9\u4fdd\u6301\u4e00\u81f4 [network] controller1 ansible_host=10.0.0.35 availability_zone=az01.cell01.cn-yogadev-1 controller2 ansible_host=10.0.0.36 availability_zone=az01.cell01.cn-yogadev-1 controller3 ansible_host=10.0.0.37 availability_zone=az01.cell01.cn-yogadev-1 # cinder-volume\u670d\u52a1\u8282\u70b9\u4fe1\u606f [storage] storage1 ansible_host=10.0.0.61 availability_zone=az01.cell01.cn-yogadev-1 storage2 ansible_host=10.0.0.78 availability_zone=az01.cell01.cn-yogadev-1 storage3 ansible_host=10.0.0.82 availability_zone=az01.cell01.cn-yogadev-1 # Cell1 \u96c6\u7fa4\u4fe1\u606f [cell-control-cell1] cell1 ansible_host=10.0.0.24 availability_zone=az01.cell01.cn-yogadev-1 cell2 ansible_host=10.0.0.25 availability_zone=az01.cell01.cn-yogadev-1 cell3 ansible_host=10.0.0.26 availability_zone=az01.cell01.cn-yogadev-1 [compute-cell1] compute1 ansible_host=10.0.0.27 availability_zone=az01.cell01.cn-yogadev-1 compute2 ansible_host=10.0.0.28 availability_zone=az01.cell01.cn-yogadev-1 compute3 ansible_host=10.0.0.29 availability_zone=az01.cell01.cn-yogadev-1 [cell1:children] cell-control-cell1 compute-cell1 # Cell2\u96c6\u7fa4\u4fe1\u606f [cell-control-cell2] cell4 ansible_host=10.0.0.36 availability_zone=az03.cell02.cn-yogadev-1 cell5 ansible_host=10.0.0.37 availability_zone=az03.cell02.cn-yogadev-1 cell6 ansible_host=10.0.0.38 availability_zone=az03.cell02.cn-yogadev-1 [compute-cell2] compute4 ansible_host=10.0.0.39 availability_zone=az03.cell02.cn-yogadev-1 compute5 ansible_host=10.0.0.40 availability_zone=az03.cell02.cn-yogadev-1 compute6 ansible_host=10.0.0.41 availability_zone=az03.cell02.cn-yogadev-1 [cell2:children] cell-control-cell2 compute-cell2 [baremetal] [compute-cell1-ironic] # \u586b\u5199\u6240\u6709cell\u96c6\u7fa4\u7684control\u4e3b\u673a\u7ec4 [nova-conductor:children] cell-control-cell1 cell-control-cell2 # \u586b\u5199\u6240\u6709cell\u96c6\u7fa4\u7684compute\u4e3b\u673a\u7ec4 [nova-compute:children] compute-added compute-cell1 compute-cell2 # \u4e0b\u9762\u7684\u4e3b\u673a\u7ec4\u4fe1\u606f\u4e0d\u9700\u53d8\u52a8\uff0c\u4fdd\u7559\u5373\u53ef [compute-added] [chrony-server:children] control [pacemaker:children] control ...... ......","title":"7.2 \u914d\u7f6einventory\u6587\u4ef6"},{"location":"install/openEuler-22.09/OpenStack-yoga/#73","text":"\u6ce8: \u6587\u6863\u4e2d\u63d0\u5230\u7684\u6709\u6ce8\u91ca\u914d\u7f6e\u9879\u9700\u8981\u66f4\u6539\uff0c\u5176\u4ed6\u53c2\u6570\u4e0d\u9700\u8981\u66f4\u6539\uff0c\u82e5\u65e0\u76f8\u5173\u914d\u7f6e\u5219\u4e3a\u7a7a vim /usr/local/share/opensd/etc_examples/opensd/globals.yml ######################## # Network & Base options ######################## network_interface: \"eth0\" #\u7ba1\u7406\u7f51\u7edc\u7684\u7f51\u5361\u540d\u79f0 neutron_external_interface: \"eth1\" #\u4e1a\u52a1\u7f51\u7edc\u7684\u7f51\u5361\u540d\u79f0 cidr_netmask: 24 #\u7ba1\u7406\u7f51\u7684\u63a9\u7801 opensd_vip_address: 10.0.0.33 #\u63a7\u5236\u8282\u70b9\u865a\u62dfIP\u5730\u5740 cell1_vip_address: 10.0.0.34 #cell1\u96c6\u7fa4\u7684\u865a\u62dfIP\u5730\u5740 cell2_vip_address: 10.0.0.35 #cell2\u96c6\u7fa4\u7684\u865a\u62dfIP\u5730\u5740 external_fqdn: \"\" #\u7528\u4e8evnc\u8bbf\u95ee\u865a\u62df\u673a\u7684\u5916\u7f51\u57df\u540d\u5730\u5740 external_ntp_servers: [] #\u5916\u90e8ntp\u670d\u52a1\u5668\u5730\u5740 yumrepo_host: #yum\u6e90\u7684IP\u5730\u5740 yumrepo_port: #yum\u6e90\u7aef\u53e3\u53f7 environment: #yum\u6e90\u7684\u7c7b\u578b upgrade_all_packages: \"yes\" #\u662f\u5426\u5347\u7ea7\u6240\u6709\u5b89\u88c5\u7248\u7684\u7248\u672c(\u6267\u884cyum upgrade)\uff0c\u521d\u59cb\u90e8\u7f72\u8d44\u6e90\u8bf7\u8bbe\u7f6e\u4e3a\"yes\" enable_miner: \"no\" #\u662f\u5426\u5f00\u542f\u90e8\u7f72miner\u670d\u52a1 enable_chrony: \"no\" #\u662f\u5426\u5f00\u542f\u90e8\u7f72chrony\u670d\u52a1 enable_pri_mariadb: \"no\" #\u662f\u5426\u4e3a\u79c1\u6709\u4e91\u90e8\u7f72mariadb enable_hosts_file_modify: \"no\" # \u6269\u5bb9\u8ba1\u7b97\u8282\u70b9\u548c\u90e8\u7f72ironic\u670d\u52a1\u7684\u65f6\u5019\uff0c\u662f\u5426\u5c06\u8282\u70b9\u4fe1\u606f\u6dfb\u52a0\u5230`/etc/hosts` ######################## # Available zone options ######################## az_cephmon_compose: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az01\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az01\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az02\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az02\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: - availability_zone: #availability zone\u7684\u540d\u79f0\uff0c\u8be5\u540d\u79f0\u5fc5\u987b\u4e0emultinode\u4e3b\u673a\u6587\u4ef6\u5185\u7684az03\u7684\"availability_zone\"\u503c\u4fdd\u6301\u4e00\u81f4 ceph_mon_host: #az03\u5bf9\u5e94\u7684\u4e00\u53f0ceph monitor\u4e3b\u673a\u5730\u5740\uff0c\u90e8\u7f72\u8282\u70b9\u9700\u8981\u4e0e\u8be5\u4e3b\u673a\u505assh\u4e92\u4fe1 reserve_vcpu_based_on_numa: # `reserve_vcpu_based_on_numa`\u914d\u7f6e\u4e3a`yes` or `no`,\u4e3e\u4f8b\u8bf4\u660e\uff1a NUMA node0 CPU(s): 0-15,32-47 NUMA node1 CPU(s): 16-31,48-63 \u5f53reserve_vcpu_based_on_numa: \"yes\", \u6839\u636enuma node, \u5e73\u5747\u6bcf\u4e2anode\u9884\u7559vcpu: vcpu_pin_set = 2-15,34-47,18-31,50-63 \u5f53reserve_vcpu_based_on_numa: \"no\", \u4ece\u7b2c\u4e00\u4e2avcpu\u5f00\u59cb\uff0c\u987a\u5e8f\u9884\u7559vcpu: vcpu_pin_set = 8-64 ####################### # Nova options ####################### nova_reserved_host_memory_mb: 2048 #\u8ba1\u7b97\u8282\u70b9\u7ed9\u8ba1\u7b97\u670d\u52a1\u9884\u7559\u7684\u5185\u5b58\u5927\u5c0f enable_cells: \"yes\" #cell\u8282\u70b9\u662f\u5426\u5355\u72ec\u8282\u70b9\u90e8\u7f72 support_gpu: \"False\" #cell\u8282\u70b9\u662f\u5426\u6709GPU\u670d\u52a1\u5668\uff0c\u5982\u679c\u6709\u5219\u4e3aTrue\uff0c\u5426\u5219\u4e3aFalse ####################### # Neutron options ####################### monitor_ip: - 10.0.0.9 #\u914d\u7f6e\u76d1\u63a7\u8282\u70b9 - 10.0.0.10 enable_meter_full_eip: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8EIP\u5168\u91cf\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter_port_forwarding: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8port forwarding\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter_ecs_ipv6: True #\u914d\u7f6e\u662f\u5426\u5141\u8bb8ecs_ipv6\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue enable_meter: True #\u914d\u7f6e\u662f\u5426\u5f00\u542f\u76d1\u63a7\uff0c\u9ed8\u8ba4\u4e3aTrue is_sdn_arch: False #\u914d\u7f6e\u662f\u5426\u662fsdn\u67b6\u6784\uff0c\u9ed8\u8ba4\u4e3aFalse # \u9ed8\u8ba4\u4f7f\u80fd\u7684\u7f51\u7edc\u7c7b\u578b\u662fvlan,vlan\u548cvxlan\u4e24\u79cd\u7c7b\u578b\u53ea\u80fd\u4e8c\u9009\u4e00. enable_vxlan_network_type: False # \u9ed8\u8ba4\u4f7f\u80fd\u7684\u7f51\u7edc\u7c7b\u578b\u662fvlan,\u5982\u679c\u4f7f\u7528vxlan\u7f51\u7edc\uff0c\u914d\u7f6e\u4e3aTrue, \u5982\u679c\u4f7f\u7528vlan\u7f51\u7edc\uff0c\u914d\u7f6e\u4e3aFalse. enable_neutron_fwaas: False # \u73af\u5883\u6709\u4f7f\u7528\u9632\u706b\u5899, \u8bbe\u7f6e\u4e3aTrue, \u4f7f\u80fd\u9632\u62a4\u5899\u529f\u80fd. # Neutron provider neutron_provider_networks: network_types: \"{{ 'vxlan' if enable_vxlan_network_type else 'vlan' }}\" network_vlan_ranges: \"default:xxx:xxx\" #\u90e8\u7f72\u4e4b\u524d\u89c4\u5212\u7684\u4e1a\u52a1\u7f51\u7edcvlan\u8303\u56f4 network_mappings: \"default:br-provider\" network_interface: \"{{ neutron_external_interface }}\" network_vxlan_ranges: \"\" #\u90e8\u7f72\u4e4b\u524d\u89c4\u5212\u7684\u4e1a\u52a1\u7f51\u7edcvxlan\u8303\u56f4 # \u5982\u4e0b\u8fd9\u4e9b\u914d\u7f6e\u662fSND\u63a7\u5236\u5668\u7684\u914d\u7f6e\u53c2\u6570, `enable_sdn_controller`\u8bbe\u7f6e\u4e3aTrue, \u4f7f\u80fdSND\u63a7\u5236\u5668\u529f\u80fd. # \u5176\u4ed6\u53c2\u6570\u8bf7\u6839\u636e\u90e8\u7f72\u4e4b\u524d\u7684\u89c4\u5212\u548cSDN\u90e8\u7f72\u4fe1\u606f\u786e\u5b9a. enable_sdn_controller: False sdn_controller_ip_address: # SDN\u63a7\u5236\u5668ip\u5730\u5740 sdn_controller_username: # SDN\u63a7\u5236\u5668\u7684\u7528\u6237\u540d sdn_controller_password: # SDN\u63a7\u5236\u5668\u7684\u7528\u6237\u5bc6\u7801 ####################### # Dimsagent options ####################### enable_dimsagent: \"no\" # \u5b89\u88c5\u955c\u50cf\u670d\u52a1agent, \u9700\u8981\u6539\u4e3ayes # Address and domain name for s2 s3_address_domain_pair: - host_ip: host_name: ####################### # Trove options ####################### enable_trove: \"no\" #\u5b89\u88c5trove \u9700\u8981\u6539\u4e3ayes #default network trove_default_neutron_networks: #trove \u7684\u7ba1\u7406\u7f51\u7edcid `openstack network list|grep -w trove-mgmt|awk '{print$2}'` #s3 setup(\u5982\u679c\u6ca1\u6709s3,\u4ee5\u4e0b\u503c\u586bnull) s3_endpoint_host_ip: #s3\u7684ip s3_endpoint_host_name: #s3\u7684\u57df\u540d s3_endpoint_url: #s3\u7684url \u00b7\u4e00\u822c\u4e3ahttp\uff1a//s3\u57df\u540d s3_access_key: #s3\u7684ak s3_secret_key: #s3\u7684sk ####################### # Ironic options ####################### enable_ironic: \"no\" #\u662f\u5426\u5f00\u673a\u88f8\u91d1\u5c5e\u90e8\u7f72\uff0c\u9ed8\u8ba4\u4e0d\u5f00\u542f ironic_neutron_provisioning_network_uuid: ironic_neutron_cleaning_network_uuid: \"{{ ironic_neutron_provisioning_network_uuid }}\" ironic_dnsmasq_interface: ironic_dnsmasq_dhcp_range: ironic_tftp_server_address: \"{{ hostvars[inventory_hostname]['ansible_' + ironic_dnsmasq_interface]['ipv4']['address'] }}\" # \u4ea4\u6362\u673a\u8bbe\u5907\u76f8\u5173\u4fe1\u606f neutron_ml2_conf_genericswitch: genericswitch:xxxxxxx: device_type: ngs_mac_address: ip: username: password: ngs_port_default_vlan: # Package state setting haproxy_package_state: \"present\" mariadb_package_state: \"present\" rabbitmq_package_state: \"present\" memcached_package_state: \"present\" ceph_client_package_state: \"present\" keystone_package_state: \"present\" glance_package_state: \"present\" cinder_package_state: \"present\" nova_package_state: \"present\" neutron_package_state: \"present\" miner_package_state: \"present\"","title":"7.3 \u914d\u7f6e\u5168\u5c40\u53d8\u91cf"},{"location":"install/openEuler-22.09/OpenStack-yoga/#74-ssh","text":"dnf install ansible -y ansible all -i /usr/local/share/opensd/ansible/inventory/multinode -m ping # \u6267\u884c\u7ed3\u679c\u663e\u793a\u6bcf\u53f0\u4e3b\u673a\u90fd\u662f\"SUCCESS\"\u5373\u8bf4\u660e\u8fde\u63a5\u72b6\u6001\u6ca1\u95ee\u9898,\u793a\u4f8b\uff1a compute1 | SUCCESS => { \"ansible_facts\": { \"discovered_interpreter_python\": \"/usr/bin/python\" }, \"changed\": false, \"ping\": \"pong\" }","title":"7.4 \u68c0\u67e5\u6240\u6709\u8282\u70b9ssh\u8fde\u63a5\u72b6\u6001"},{"location":"install/openEuler-22.09/OpenStack-yoga/#8","text":"\u5728\u90e8\u7f72\u8282\u70b9\u6267\u884c\uff1a","title":"8. \u6267\u884c\u90e8\u7f72"},{"location":"install/openEuler-22.09/OpenStack-yoga/#81-bootstrap","text":"# \u6267\u884c\u90e8\u7f72 opensd -i /usr/local/share/opensd/ansible/inventory/multinode bootstrap --forks 50","title":"8.1 \u6267\u884cbootstrap"},{"location":"install/openEuler-22.09/OpenStack-yoga/#82","text":"\u6ce8\uff1a\u6267\u884c\u91cd\u542f\u7684\u539f\u56e0\u662f:bootstrap\u53ef\u80fd\u4f1a\u5347\u5185\u6838,\u66f4\u6539selinux\u914d\u7f6e\u6216\u8005\u6709GPU\u670d\u52a1\u5668,\u5982\u679c\u88c5\u673a\u8fc7\u7a0b\u5df2\u7ecf\u662f\u65b0\u7248\u5185\u6838,selinux disable\u6216\u8005\u6ca1\u6709GPU\u670d\u52a1\u5668,\u5219\u4e0d\u9700\u8981\u6267\u884c\u8be5\u6b65\u9aa4 # \u624b\u52a8\u91cd\u542f\u5bf9\u5e94\u8282\u70b9,\u6267\u884c\u547d\u4ee4 init6 # \u91cd\u542f\u5b8c\u6210\u540e\uff0c\u518d\u6b21\u68c0\u67e5\u8fde\u901a\u6027 ansible all -i /usr/local/share/opensd/ansible/inventory/multinode -m ping # \u91cd\u542f\u5b8c\u540e\u64cd\u4f5c\u7cfb\u7edf\u540e\uff0c\u518d\u6b21\u542f\u52a8yum\u6e90","title":"8.2 \u91cd\u542f\u670d\u52a1\u5668"},{"location":"install/openEuler-22.09/OpenStack-yoga/#83","text":"opensd -i /usr/local/share/opensd/ansible/inventory/multinode prechecks --forks 50","title":"8.3 \u6267\u884c\u90e8\u7f72\u524d\u68c0\u67e5"},{"location":"install/openEuler-22.09/OpenStack-yoga/#84","text":"ln -s /usr/bin/python3 /usr/bin/python \u5168\u91cf\u90e8\u7f72\uff1a opensd -i /usr/local/share/opensd/ansible/inventory/multinode deploy --forks 50 \u5355\u670d\u52a1\u90e8\u7f72\uff1a opensd -i /usr/local/share/opensd/ansible/inventory/multinode deploy --forks 50 -t service_name","title":"8.4 \u6267\u884c\u90e8\u7f72"},{"location":"install/openEuler-22.09/OpenStack-yoga/#openstack-helm","text":"","title":"\u57fa\u4e8eOpenStack helm\u90e8\u7f72"},{"location":"install/openEuler-22.09/OpenStack-yoga/#_8","text":"OpenStack-Helm \u662f\u4e00\u4e2a\u7528\u6765\u5141\u8bb8\u7528\u6237\u5728 Kubernetes \u4e0a\u90e8\u7f72 OpenStack \u7ec4\u4ef6\u7684\u9879\u76ee\u3002\u8be5\u9879\u76ee\u63d0\u4f9b\u4e86 OpenStack \u5404\u4e2a\u7ec4\u4ef6\u7684 Helm Chart\uff0c\u5e76\u63d0\u4f9b\u4e86\u4e00\u7cfb\u5217\u811a\u672c\u6765\u4f9b\u7528\u6237\u5b8c\u6210\u5b89\u88c5\u6d41\u7a0b\u3002 OpenStack-Helm \u8f83\u4e3a\u590d\u6742\uff0c\u5efa\u8bae\u5728\u4e00\u4e2a\u65b0\u7cfb\u7edf\u4e0a\u90e8\u7f72\u3002\u6574\u4e2a\u90e8\u7f72\u5c06\u5360\u7528\u7ea6 30GB \u7684\u78c1\u76d8\u7a7a\u95f4\u3002\u5b89\u88c5\u65f6\u8bf7\u4f7f\u7528 root \u7528\u6237\u3002","title":"\u7b80\u4ecb"},{"location":"install/openEuler-22.09/OpenStack-yoga/#_9","text":"\u5728\u5f00\u59cb\u5b89\u88c5 OpenStack-Helm \u524d\uff0c\u53ef\u80fd\u9700\u8981\u5bf9\u7cfb\u7edf\u8fdb\u884c\u4e00\u4e9b\u57fa\u7840\u8bbe\u7f6e\uff0c\u5305\u62ec\u4e3b\u673a\u540d\u548c\u65f6\u95f4\u7b49\u3002\u8bf7\u53c2\u8003\u201c\u57fa\u4e8eRPM\u90e8\u7f72\u201d\u7ae0\u8282\u7684\u6709\u5173\u4fe1\u606f\u3002 openEuler 22.09 \u4e2d\u5df2\u7ecf\u5305\u542b\u4e86 OpenStack-Helm \u8f6f\u4ef6\u5305\u3002\u9996\u5148\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u548c\u8865\u4e01\uff1a dnf install openstack-helm openstack-helm-infra openstack-helm-images loci \u8fd9\u91cc\u5b89\u88c5\u7684\u662f\u539f\u751fopenstack-helm\uff0c\u9ed8\u8ba4\u4e0d\u652f\u6301openEuler\uff0c\u56e0\u6b64\u5982\u679c\u60f3\u5728openEuler\u4e0a\u4f7f\u7528openstack-helm\uff0c\u8fd8\u9700\u8981\u5b89\u88c5plugin\u63d2\u4ef6\uff0c\u672c\u7ae0\u8282\u662f\u5bf9plugin\u7684\u4f7f\u7528\u8bf4\u660e\u3002 dnf install openstack-plugin-openstack-helm-openeuler-support","title":"\u524d\u7f6e\u8bbe\u7f6e"},{"location":"install/openEuler-22.09/OpenStack-yoga/#_10","text":"OpenStack-Helm \u5b89\u88c5\u6587\u4ef6\u5c06\u88ab\u653e\u7f6e\u5230\u7cfb\u7edf\u7684 /usr/share/openstack-helm \u76ee\u5f55\u3002 openEuler \u63d0\u4f9b\u7684\u8f6f\u4ef6\u5305\u4e2d\u5305\u542b\u4e00\u4e2a\u7b80\u6613\u7684\u5b89\u88c5\u5411\u5bfc\u7a0b\u5e8f\uff0c\u4f4d\u4e8e /usr/bin/openstack-helm \u3002\u6267\u884c\u547d\u4ee4\u8fdb\u5165\u5411\u5bfc\u7a0b\u5e8f\uff1a openstack-helm Welcome to OpenStack-Helm installation program for openEuler. I will guide you through the installation. Please refer to https://docs.openstack.org/openstack-helm/latest/ to get more information about OpenStack-Helm. We recommend doing this on a new bare metal or virtual OS installation. Now you have the following options: i: Start automated installation c: Check if all pods in Kubernetes are working e: Exit Your choice? [i/c/e]: \u8f93\u5165 i \u5e76\u70b9\u51fb\u56de\u8f66\u8fdb\u5165\u4e0b\u4e00\u7ea7\u9875\u9762\uff1a Welcome to OpenStack-Helm installation program for openEuler. I will guide you through the installation. Please refer to https://docs.openstack.org/openstack-helm/latest/ to get more information about OpenStack-Helm. We recommend doing this on a new bare metal or virtual OS installation. Now you have the following options: i: Start automated installation c: Check if all pods in Kubernetes are working e: Exit Your choice? [i/c/e]: i There are two storage backends available for OpenStack-Helm: NFS and CEPH. Which storage backend would you like to use? n: NFS storage backend c: CEPH storage backend b: Go back to parent menu Your choice? [n/c/b]: OpenStack-Helm \u63d0\u4f9b\u4e86\u4e24\u79cd\u5b58\u50a8\u65b9\u6cd5\uff1a NFS \u548c Ceph \u3002\u7528\u6237\u53ef\u6839\u636e\u9700\u8981\u8f93\u5165 n \u6765\u9009\u62e9 NFS \u5b58\u50a8\u540e\u7aef\u6216\u8005 c \u6765\u9009\u62e9 Ceph \u5b58\u50a8\u540e\u7aef\u3002 \u9009\u62e9\u5b8c\u6210\u5b58\u50a8\u540e\u7aef\u540e\uff0c\u7528\u6237\u5c06\u6709\u673a\u4f1a\u5b8c\u6210\u786e\u8ba4\u3002\u6536\u5230\u63d0\u793a\u65f6\uff0c\u6309\u4e0b\u56de\u8f66\u4ee5\u5f00\u59cb\u5b89\u88c5\u3002\u5b89\u88c5\u8fc7\u7a0b\u4e2d\uff0c\u7a0b\u5e8f\u5c06\u987a\u5e8f\u6267\u884c\u4e00\u7cfb\u5217\u5b89\u88c5\u811a\u672c\u4ee5\u5b8c\u6210\u90e8\u7f72\u3002\u8fd9\u4e00\u8fc7\u7a0b\u53ef\u80fd\u9700\u8981\u6301\u7eed\u51e0\u5341\u5206\u949f\uff0c\u5b89\u88c5\u8fc7\u7a0b\u4e2d\u8bf7\u786e\u4fdd\u78c1\u76d8\u7a7a\u95f4\u5145\u8db3\u4ee5\u53ca\u4e92\u8054\u7f51\u8fde\u63a5\u7545\u901a\u3002 \u5b89\u88c5\u8fc7\u7a0b\u4e2d\u6267\u884c\u5230\u7684\u811a\u672c\u4f1a\u5c06\u4e00\u4e9b Helm Chart \u90e8\u7f72\u5230\u7cfb\u7edf\u4e0a\u3002\u7531\u4e8e\u76ee\u6807\u7cfb\u7edf\u73af\u5883\u590d\u6742\u591a\u53d8\uff0c\u67d0\u4e9b\u7279\u5b9a\u7684 Helm Chart \u53ef\u80fd\u65e0\u6cd5\u987a\u5229\u88ab\u90e8\u7f72\u3002\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u60a8\u4f1a\u6ce8\u610f\u5230\u8f93\u51fa\u4fe1\u606f\u7684\u6700\u540e\u5305\u542b\u7b49\u5f85 Pod \u5c31\u4f4d\u4f46\u8d85\u65f6\u7684\u63d0\u793a\u3002\u82e5\u53d1\u751f\u6b64\u7c7b\u73b0\u8c61\uff0c\u60a8\u53ef\u80fd\u9700\u8981\u901a\u8fc7\u4e0b\u4e00\u8282\u7ed9\u51fa\u7684\u624b\u52a8\u5b89\u88c5\u65b9\u6cd5\u6765\u5b9a\u4f4d\u95ee\u9898\u6240\u5728\u3002 \u82e5\u60a8\u672a\u89c2\u5bdf\u5230\u4e0a\u8ff0\u7684\u73b0\u8c61\uff0c\u5219\u606d\u559c\u60a8\u5b8c\u6210\u4e86\u90e8\u7f72\u3002\u8bf7\u53c2\u8003\u201c\u4f7f\u7528 OpenStack-Helm\u201d\u4e00\u8282\u6765\u5f00\u59cb\u4f7f\u7528\u3002","title":"\u81ea\u52a8\u5b89\u88c5"},{"location":"install/openEuler-22.09/OpenStack-yoga/#_11","text":"\u82e5\u60a8\u5728\u81ea\u52a8\u5b89\u88c5\u7684\u8fc7\u7a0b\u4e2d\u9047\u5230\u4e86\u9519\u8bef\uff0c\u6216\u8005\u5e0c\u671b\u624b\u52a8\u5b89\u88c5\u6765\u63a7\u5236\u6574\u4e2a\u5b89\u88c5\u6d41\u7a0b\uff0c\u60a8\u53ef\u4ee5\u53c2\u7167\u4ee5\u4e0b\u987a\u5e8f\u6267\u884c\u5b89\u88c5\u6d41\u7a0b\uff1a cd /usr/share/openstack-helm/openstack-helm #\u57fa\u4e8e NFS ./tools/deployment/developer/common/010-deploy-k8s.sh ./tools/deployment/developer/common/020-setup-client.sh ./tools/deployment/developer/common/030-ingress.sh ./tools/deployment/developer/nfs/040-nfs-provisioner.sh ./tools/deployment/developer/nfs/050-mariadb.sh ./tools/deployment/developer/nfs/060-rabbitmq.sh ./tools/deployment/developer/nfs/070-memcached.sh ./tools/deployment/developer/nfs/080-keystone.sh ./tools/deployment/developer/nfs/090-heat.sh ./tools/deployment/developer/nfs/100-horizon.sh ./tools/deployment/developer/nfs/120-glance.sh ./tools/deployment/developer/nfs/140-openvswitch.sh ./tools/deployment/developer/nfs/150-libvirt.sh ./tools/deployment/developer/nfs/160-compute-kit.sh ./tools/deployment/developer/nfs/170-setup-gateway.sh #\u6216\u8005\u57fa\u4e8e Ceph ./tools/deployment/developer/common/010-deploy-k8s.sh ./tools/deployment/developer/common/020-setup-client.sh ./tools/deployment/developer/common/030-ingress.sh ./tools/deployment/developer/ceph/040-ceph.sh ./tools/deployment/developer/ceph/050-mariadb.sh ./tools/deployment/developer/ceph/060-rabbitmq.sh ./tools/deployment/developer/ceph/070-memcached.sh ./tools/deployment/developer/ceph/080-keystone.sh ./tools/deployment/developer/ceph/090-heat.sh ./tools/deployment/developer/ceph/100-horizon.sh ./tools/deployment/developer/ceph/120-glance.sh ./tools/deployment/developer/ceph/140-openvswitch.sh ./tools/deployment/developer/ceph/150-libvirt.sh ./tools/deployment/developer/ceph/160-compute-kit.sh ./tools/deployment/developer/ceph/170-setup-gateway.sh \u5b89\u88c5\u5b8c\u6210\u540e\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528 kubectl get pods -A \u6765\u67e5\u770b\u5f53\u524d\u7cfb\u7edf\u4e0a\u7684 Pod \u7684\u8fd0\u884c\u60c5\u51b5\u3002","title":"\u624b\u52a8\u5b89\u88c5"},{"location":"install/openEuler-22.09/OpenStack-yoga/#openstack-helm_1","text":"\u7cfb\u7edf\u90e8\u7f72\u5b8c\u6210\u540e\uff0cOpenStack CLI \u754c\u9762\u5c06\u88ab\u90e8\u7f72\u5728 /usr/local/bin/openstack \u3002\u53c2\u7167\u4e0b\u9762\u7684\u4f8b\u5b50\u6765\u4f7f\u7528 OpenStack CLI\uff1a export OS_CLOUD=openstack_helm export OS_USERNAME='admin' export OS_PASSWORD='password' export OS_PROJECT_NAME='admin' export OS_PROJECT_DOMAIN_NAME='default' export OS_USER_DOMAIN_NAME='default' export OS_AUTH_URL='http://keystone.openstack.svc.cluster.local/v3' openstack service list openstack stack list \u5f53\u7136\uff0c\u60a8\u4e5f\u53ef\u4ee5\u901a\u8fc7 Web \u754c\u9762\u6765\u8bbf\u95ee OpenStack \u7684\u63a7\u5236\u9762\u677f\u3002Horizon Dashboard \u4f4d\u4e8e http://localhost:31000 \uff0c\u4f7f\u7528\u4ee5\u4e0b\u51ed\u636e\u767b\u5f55\uff1a Domain\uff1a default User Name\uff1a admin Password\uff1a password \u6b64\u65f6\uff0c\u60a8\u5e94\u5f53\u53ef\u4ee5\u770b\u5230\u719f\u6089\u7684 OpenStack \u63a7\u5236\u9762\u677f\u4e86\u3002","title":"\u4f7f\u7528 OpenStack-Helm"},{"location":"install/openEuler-22.09/OpenStack-yoga/#_12","text":"","title":"\u65b0\u7279\u6027\u7684\u5b89\u88c5"},{"location":"install/openEuler-22.09/OpenStack-yoga/#kollaisula","text":"Kolla\u662fOpenStack\u57fa\u4e8eDocker\u548cansible\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u65b9\u6848\uff0c\u5305\u542b\u4e86Kolla\u548cKolla-ansible\u4e24\u4e2a\u9879\u76ee\u3002Kolla\u662f\u5bb9\u5668\u955c\u50cf\u5236\u4f5c\u5de5\u5177\uff0cKolla-ansible\u662f\u5bb9\u5668\u955c\u50cf\u90e8\u7f72\u5de5\u5177\u3002\u5176\u4e2dKolla-ansible\u53ea\u652f\u6301\u5728openEuler LTS\u4e0a\u4f7f\u7528\uff0copenEuler\u521b\u65b0\u7248\u6682\u4e0d\u652f\u6301\u3002\u4f7f\u7528openEuler 22.09\uff0c\u7528\u6237\u53ef\u4ee5\u57fa\u4e8eKolla\u5236\u4f5c\u76f8\u5e94\u7684\u5bb9\u5668\u955c\u50cf\u3002\u540c\u65f6OpenStack SIG\u5728openEuler 22.09\u4e2d\u65b0\u589e\u4e86Kolla\u5bf9iSula\u8fd0\u884c\u65f6\u7684\u652f\u6301\uff0c\u5177\u4f53\u6b65\u9aa4\u5982\u4e0b\uff1a \u5b89\u88c5Kolla dnf install openstack-kolla docker \u5b89\u88c5\u5b8c\u6210\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-build \u547d\u4ee4\u5236\u4f5c\u57fa\u4e8eDocker\u5bb9\u5668\u955c\u50cf\u4e86\uff0c\u975e\u5e38\u7b80\u5355\uff0c\u5982\u679c\u7528\u6237\u60f3\u5c1d\u8bd5\u57fa\u4e8eisula\u7684\u65b9\u5f0f\uff0c\u53ef\u4ee5\u7ee7\u7eed\u64cd\u4f5c \u5b89\u88c5OpenStack iSula\u63d2\u4ef6 dnf install openstack-plugin-kolla-isula-support \u542f\u52a8isula-build\u670d\u52a1 \u7b2c\u4e8c\u6b65\u4f1a\u81ea\u52a8\u5b89\u88c5iSulad\u548cisula-builder\u670d\u52a1\uff0cisulad\u4f1a\u81ea\u52a8\u542f\u52a8\uff0c\u4f46isula-builder\u4e0d\u5bf9\uff0c\u9700\u8981\u624b\u52a8\u62c9\u8d77 systemctl start isula-builder \u914d\u7f6ekolla \u5728 kolla.conf \u4e2d\u7684[Default]\u91cc\u65b0\u589e base_runtime vim /etc/kolla/kolla.conf base_runtime=isula \u81f3\u6b64\u5b89\u88c5\u5b8c\u6210\uff0c\u4f7f\u7528 kolla-build \u5373\u53ef\u57fa\u4e8eisula\u5236\u4f5c\u955c\u50cf\u4e86\uff0c\u6267\u884c\u5b8c\u540e\uff0c\u6267\u884c isula images \u67e5\u770b\u955c\u50cf\u3002","title":"Kolla\u652f\u6301iSula"},{"location":"install/openEuler-22.09/OpenStack-yoga/#nova_1","text":"\u9ad8\u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u7279\u6027\u662fOpenStack SIG\u5728openEuler 22.09\u4e2d\u57fa\u4e8eOpenStack Yoga\u5f00\u53d1\u7684Nova\u7279\u6027\uff0c\u8be5\u7279\u6027\u5141\u8bb8\u7528\u6237\u6307\u5b9a\u865a\u62df\u673a\u7684\u4f18\u5148\u7ea7\uff0c\u57fa\u4e8e\u4e0d\u540c\u7684\u4f18\u5148\u7ea7\uff0cOpenStack\u81ea\u52a8\u5206\u914d\u4e0d\u540c\u7684\u7ed1\u6838\u7b56\u7565\uff0c\u914d\u5408openEuler\u81ea\u7814\u7684 skylark QOS\u670d\u52a1\uff0c\u5b9e\u73b0\u9ad8\u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u5bf9\u8d44\u6e90\u7684\u5408\u7406\u4f7f\u7528\u3002\u5177\u4f53\u7ec6\u8282\u53ef\u4ee5\u53c2\u8003 \u7279\u6027\u6587\u6863 \u3002\u672c\u6587\u6863\u4e3b\u8981\u63cf\u8ff0\u5b89\u88c5\u6b65\u9aa4\u3002 \u6309\u7167\u524d\u9762\u7ae0\u8282\u90e8\u7f72\u597d\u4e00\u5957OpenStack\u73af\u5883\uff08\u975e\u5bb9\u5668\uff09\uff0c\u7136\u540e\u5148\u5b89\u88c5plugin\u3002 dnf install openstack-plugin-priority-vm \u914d\u7f6e\u6570\u636e\u5e93 \u672c\u7279\u6027\u5bf9Nova\u7684\u6570\u636e\u8868\u8fdb\u884c\u4e86\u6269\u5145\uff0c\u56e0\u6b64\u9700\u8981\u540c\u6b65\u6570\u636e\u5e93 nova-manage api_db sync nova-manage db sync \u91cd\u542fnova\u670d\u52a1 \u5728\u63a7\u5236\u8282\u70b9\u548c\u8ba1\u7b97\u8282\u70b9\u5206\u522b\u6267\u884c systemctl restart openstack-nova-*","title":"Nova\u652f\u6301\u9ad8\u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u7279\u6027"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/","text":"OpenStack Antelope \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack Antelope \u90e8\u7f72\u6307\u5357 \u57fa\u4e8eRPM\u90e8\u7f72 \u73af\u5883\u51c6\u5907 \u65f6\u949f\u540c\u6b65 \u5b89\u88c5\u6570\u636e\u5e93 \u5b89\u88c5\u6d88\u606f\u961f\u5217 \u5b89\u88c5\u7f13\u5b58\u670d\u52a1 \u90e8\u7f72\u670d\u52a1 Keystone Glance Placement Nova Neutron Cinder Horizon Ironic Trove Swift Cyborg Aodh Gnocchi Ceilometer Heat Tempest \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u90e8\u7f72 \u672c\u6587\u6863\u662f openEuler OpenStack SIG \u7f16\u5199\u7684\u57fa\u4e8e openEuler 24.03 LTS \u7684 OpenStack \u90e8\u7f72\u6307\u5357\uff0c\u5185\u5bb9\u7531 SIG \u8d21\u732e\u8005\u63d0\u4f9b\u3002\u5728\u9605\u8bfb\u8fc7\u7a0b\u4e2d\uff0c\u5982\u679c\u60a8\u6709\u4efb\u4f55\u7591\u95ee\u6216\u8005\u53d1\u73b0\u4efb\u4f55\u95ee\u9898\uff0c\u8bf7 \u8054\u7cfb SIG\u7ef4\u62a4\u4eba\u5458\uff0c\u6216\u8005\u76f4\u63a5 \u63d0\u4ea4issue \u7ea6\u5b9a \u672c\u7ae0\u8282\u63cf\u8ff0\u6587\u6863\u4e2d\u7684\u4e00\u4e9b\u901a\u7528\u7ea6\u5b9a\u3002 \u540d\u79f0 \u5b9a\u4e49 RABBIT_PASS rabbitmq\u7684\u5bc6\u7801\uff0c\u7531\u7528\u6237\u8bbe\u7f6e\uff0c\u5728OpenStack\u5404\u4e2a\u670d\u52a1\u914d\u7f6e\u4e2d\u4f7f\u7528 CINDER_PASS cinder\u670d\u52a1keystone\u7528\u6237\u7684\u5bc6\u7801\uff0c\u5728cinder\u914d\u7f6e\u4e2d\u4f7f\u7528 CINDER_DBPASS cinder\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728cinder\u914d\u7f6e\u4e2d\u4f7f\u7528 KEYSTONE_DBPASS keystone\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728keystone\u914d\u7f6e\u4e2d\u4f7f\u7528 GLANCE_PASS glance\u670d\u52a1keystone\u7528\u6237\u7684\u5bc6\u7801\uff0c\u5728glance\u914d\u7f6e\u4e2d\u4f7f\u7528 GLANCE_DBPASS glance\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728glance\u914d\u7f6e\u4e2d\u4f7f\u7528 HEAT_PASS \u5728keystone\u6ce8\u518c\u7684heat\u7528\u6237\u5bc6\u7801\uff0c\u5728heat\u914d\u7f6e\u4e2d\u4f7f\u7528 HEAT_DBPASS heat\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728heat\u914d\u7f6e\u4e2d\u4f7f\u7528 CYBORG_PASS \u5728keystone\u6ce8\u518c\u7684cyborg\u7528\u6237\u5bc6\u7801\uff0c\u5728cyborg\u914d\u7f6e\u4e2d\u4f7f\u7528 CYBORG_DBPASS cyborg\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728cyborg\u914d\u7f6e\u4e2d\u4f7f\u7528 NEUTRON_PASS \u5728keystone\u6ce8\u518c\u7684neutron\u7528\u6237\u5bc6\u7801\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 NEUTRON_DBPASS neutron\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 PROVIDER_INTERFACE_NAME \u7269\u7406\u7f51\u7edc\u63a5\u53e3\u7684\u540d\u79f0\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 OVERLAY_INTERFACE_IP_ADDRESS Controller\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406ip\u5730\u5740\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 METADATA_SECRET metadata proxy\u7684secret\u5bc6\u7801\uff0c\u5728nova\u548cneutron\u914d\u7f6e\u4e2d\u4f7f\u7528 PLACEMENT_DBPASS placement\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728placement\u914d\u7f6e\u4e2d\u4f7f\u7528 PLACEMENT_PASS \u5728keystone\u6ce8\u518c\u7684placement\u7528\u6237\u5bc6\u7801\uff0c\u5728placement\u914d\u7f6e\u4e2d\u4f7f\u7528 NOVA_DBPASS nova\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728nova\u914d\u7f6e\u4e2d\u4f7f\u7528 NOVA_PASS \u5728keystone\u6ce8\u518c\u7684nova\u7528\u6237\u5bc6\u7801\uff0c\u5728nova,cyborg,neutron\u7b49\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_DBPASS ironic\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728ironic\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_PASS \u5728keystone\u6ce8\u518c\u7684ironic\u7528\u6237\u5bc6\u7801\uff0c\u5728ironic\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_INSPECTOR_DBPASS ironic-inspector\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728ironic-inspector\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_INSPECTOR_PASS \u5728keystone\u6ce8\u518c\u7684ironic-inspector\u7528\u6237\u5bc6\u7801\uff0c\u5728ironic-inspector\u914d\u7f6e\u4e2d\u4f7f\u7528 OpenStack SIG \u63d0\u4f9b\u4e86\u591a\u79cd\u57fa\u4e8e openEuler \u90e8\u7f72 OpenStack \u7684\u65b9\u6cd5\uff0c\u4ee5\u6ee1\u8db3\u4e0d\u540c\u7684\u7528\u6237\u573a\u666f\uff0c\u8bf7\u6309\u9700\u9009\u62e9\u3002 \u57fa\u4e8eRPM\u90e8\u7f72 \u00b6 \u73af\u5883\u51c6\u5907 \u00b6 \u672c\u6587\u6863\u57fa\u4e8eOpenStack\u7ecf\u5178\u7684\u4e09\u8282\u70b9\u73af\u5883\u8fdb\u884c\u90e8\u7f72\uff0c\u4e09\u4e2a\u8282\u70b9\u5206\u522b\u662f\u63a7\u5236\u8282\u70b9(Controller)\u3001\u8ba1\u7b97\u8282\u70b9(Compute)\u3001\u5b58\u50a8\u8282\u70b9(Storage)\uff0c\u5176\u4e2d\u5b58\u50a8\u8282\u70b9\u4e00\u822c\u53ea\u90e8\u7f72\u5b58\u50a8\u670d\u52a1\uff0c\u5728\u8d44\u6e90\u6709\u9650\u7684\u60c5\u51b5\u4e0b\uff0c\u53ef\u4ee5\u4e0d\u5355\u72ec\u90e8\u7f72\u8be5\u8282\u70b9\uff0c\u628a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u670d\u52a1\u90e8\u7f72\u5230\u8ba1\u7b97\u8282\u70b9\u5373\u53ef\u3002 \u9996\u5148\u51c6\u5907\u4e09\u4e2aopenEuler 24.03 LTS\u73af\u5883\uff0c\u6839\u636e\u60a8\u7684\u73af\u5883\uff0c\u4e0b\u8f7d\u5bf9\u5e94\u7684\u955c\u50cf\u5e76\u5b89\u88c5\u5373\u53ef\uff1a ISO\u955c\u50cf \u3001 qcow2\u955c\u50cf \u3002 \u4e0b\u9762\u7684\u5b89\u88c5\u6309\u7167\u5982\u4e0b\u62d3\u6251\u8fdb\u884c\uff1a controller\uff1a192.168.0.2 compute\uff1a 192.168.0.3 storage\uff1a 192.168.0.4 \u5982\u679c\u60a8\u7684\u73af\u5883IP\u4e0d\u540c\uff0c\u8bf7\u6309\u7167\u60a8\u7684\u73af\u5883IP\u4fee\u6539\u76f8\u5e94\u7684\u914d\u7f6e\u6587\u4ef6\u3002 \u672c\u6587\u6863\u7684\u4e09\u8282\u70b9\u670d\u52a1\u62d3\u6251\u5982\u4e0b\u56fe\u6240\u793a(\u53ea\u5305\u542bKeystone\u3001Glance\u3001Nova\u3001Cinder\u3001Neutron\u8fd9\u51e0\u4e2a\u6838\u5fc3\u670d\u52a1\uff0c\u5176\u4ed6\u670d\u52a1\u8bf7\u53c2\u8003\u5177\u4f53\u90e8\u7f72\u7ae0\u8282)\uff1a \u5728\u6b63\u5f0f\u90e8\u7f72\u4e4b\u524d\uff0c\u9700\u8981\u5bf9\u6bcf\u4e2a\u8282\u70b9\u505a\u5982\u4e0b\u914d\u7f6e\u548c\u68c0\u67e5\uff1a \u914d\u7f6e openEuler 24.03 LTS \u5b98\u65b9 yum \u6e90\uff0c\u9700\u8981\u542f\u7528 EPOL \u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301 OpenStack yum update yum install openstack-release-antelope yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-24.03-LTS/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-24.03-LTS/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u6bcf\u4e2a\u8282\u70b9\u5206\u522b\u4fee\u6539\u4e3b\u673a\u540d\uff0c\u4ee5controller\u4e3a\u4f8b\uff1a hostnamectl set-hostname controller vi /etc/hostname \u5185\u5bb9\u4fee\u6539\u4e3acontroller \u7136\u540e\u4fee\u6539\u6bcf\u4e2a\u8282\u70b9\u7684 /etc/hosts \u6587\u4ef6\uff0c\u65b0\u589e\u5982\u4e0b\u5185\u5bb9: 192.168.0.2 controller 192.168.0.3 compute 192.168.0.4 storage \u65f6\u949f\u540c\u6b65 \u00b6 \u96c6\u7fa4\u73af\u5883\u65f6\u523b\u8981\u6c42\u6bcf\u4e2a\u8282\u70b9\u7684\u65f6\u95f4\u4e00\u81f4\uff0c\u4e00\u822c\u7531\u65f6\u949f\u540c\u6b65\u8f6f\u4ef6\u4fdd\u8bc1\u3002\u672c\u6587\u4f7f\u7528 chrony \u8f6f\u4ef6\u3002\u6b65\u9aa4\u5982\u4e0b\uff1a Controller\u8282\u70b9 \uff1a \u5b89\u88c5\u670d\u52a1 dnf install chrony \u4fee\u6539 /etc/chrony.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u65b0\u589e\u4e00\u884c # \u8868\u793a\u5141\u8bb8\u54ea\u4e9bIP\u4ece\u672c\u8282\u70b9\u540c\u6b65\u65f6\u949f allow 192.168.0.0/24 \u91cd\u542f\u670d\u52a1 systemctl restart chronyd \u5176\u4ed6\u8282\u70b9 \u5b89\u88c5\u670d\u52a1 dnf install chrony \u4fee\u6539 /etc/chrony.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u65b0\u589e\u4e00\u884c # NTP_SERVER\u662fcontroller IP\uff0c\u8868\u793a\u4ece\u8fd9\u4e2a\u673a\u5668\u83b7\u53d6\u65f6\u95f4\uff0c\u8fd9\u91cc\u6211\u4eec\u586b192.168.0.2\uff0c\u6216\u8005\u5728`/etc/hosts`\u91cc\u914d\u7f6e\u597d\u7684controller\u540d\u5b57\u5373\u53ef\u3002 server NTP_SERVER iburst \u540c\u65f6\uff0c\u8981\u628a pool pool.ntp.org iburst \u8fd9\u4e00\u884c\u6ce8\u91ca\u6389\uff0c\u8868\u793a\u4e0d\u4ece\u516c\u7f51\u540c\u6b65\u65f6\u949f\u3002 \u91cd\u542f\u670d\u52a1 systemctl restart chronyd \u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u68c0\u67e5\u4e00\u4e0b\u7ed3\u679c\uff0c\u5728\u5176\u4ed6\u975econtroller\u8282\u70b9\u6267\u884c chronyc sources \uff0c\u8fd4\u56de\u7ed3\u679c\u7c7b\u4f3c\u5982\u4e0b\u5185\u5bb9\uff0c\u8868\u793a\u6210\u529f\u4ececontroller\u540c\u6b65\u65f6\u949f\u3002 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* 192.168.0.2 4 6 7 0 -1406ns[ +55us] +/- 16ms \u5b89\u88c5\u6570\u636e\u5e93 \u00b6 \u6570\u636e\u5e93\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528mariadb\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install mysql-config mariadb mariadb-server python3-PyMySQL \u65b0\u589e\u914d\u7f6e\u6587\u4ef6 /etc/my.cnf.d/openstack.cnf \uff0c\u5185\u5bb9\u5982\u4e0b [mysqld] bind-address = 192.168.0.2 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u542f\u52a8\u670d\u52a1\u5668 systemctl start mariadb \u521d\u59cb\u5316\u6570\u636e\u5e93\uff0c\u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef mysql_secure_installation \u793a\u4f8b\u5982\u4e0b\uff1a NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and haven't set the root password yet, you should just press enter here. Enter current password for root (enter for none): #\u8fd9\u91cc\u8f93\u5165\u5bc6\u7801\uff0c\u7531\u4e8e\u6211\u4eec\u662f\u521d\u59cb\u5316DB\uff0c\u76f4\u63a5\u56de\u8f66\u5c31\u884c OK, successfully used password, moving on... Setting the root password or using the unix_socket ensures that nobody can log into the MariaDB root user without the proper authorisation. You already have your root account protected, so you can safely answer 'n'. # \u8fd9\u91cc\u6839\u636e\u63d0\u793a\u8f93\u5165N Switch to unix_socket authentication [Y/n] N Enabled successfully! Reloading privilege tables.. ... Success! You already have your root account protected, so you can safely answer 'n'. # \u8f93\u5165Y\uff0c\u4fee\u6539\u5bc6\u7801 Change the root password? [Y/n] Y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. # \u8f93\u5165Y\uff0c\u5220\u9664\u533f\u540d\u7528\u6237 Remove anonymous users? [Y/n] Y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. # \u8f93\u5165Y\uff0c\u5173\u95edroot\u8fdc\u7a0b\u767b\u5f55\u6743\u9650 Disallow root login remotely? [Y/n] Y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. # \u8f93\u5165Y\uff0c\u5220\u9664test\u6570\u636e\u5e93 Remove test database and access to it? [Y/n] Y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. # \u8f93\u5165Y\uff0c\u91cd\u8f7d\u914d\u7f6e Reload privilege tables now? [Y/n] Y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. \u9a8c\u8bc1\uff0c\u6839\u636e\u7b2c\u56db\u6b65\u8bbe\u7f6e\u7684\u5bc6\u7801\uff0c\u68c0\u67e5\u662f\u5426\u80fd\u767b\u5f55mariadb mysql -uroot -p \u5b89\u88c5\u6d88\u606f\u961f\u5217 \u00b6 \u6d88\u606f\u961f\u5217\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528rabbitmq\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install rabbitmq-server \u542f\u52a8\u670d\u52a1 systemctl start rabbitmq-server \u914d\u7f6eopenstack\u7528\u6237\uff0c RABBIT_PASS \u662fopenstack\u670d\u52a1\u767b\u5f55\u6d88\u606f\u961f\u91cc\u7684\u5bc6\u7801\uff0c\u9700\u8981\u548c\u540e\u9762\u5404\u4e2a\u670d\u52a1\u7684\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\u3002 rabbitmqctl add_user openstack RABBIT_PASS rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5\u7f13\u5b58\u670d\u52a1 \u00b6 \u6d88\u606f\u961f\u5217\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528Memcached\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install memcached python3-memcached \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u542f\u52a8\u670d\u52a1 systemctl start memcached \u90e8\u7f72\u670d\u52a1 \u00b6 Keystone \u00b6 Keystone\u662fOpenStack\u63d0\u4f9b\u7684\u9274\u6743\u670d\u52a1\uff0c\u662f\u6574\u4e2aOpenStack\u7684\u5165\u53e3\uff0c\u63d0\u4f9b\u4e86\u79df\u6237\u9694\u79bb\u3001\u7528\u6237\u8ba4\u8bc1\u3001\u670d\u52a1\u53d1\u73b0\u7b49\u529f\u80fd\uff0c\u5fc5\u987b\u5b89\u88c5\u3002 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server \u6253\u5f00httpd.conf\u5e76\u914d\u7f6e #\u9700\u8981\u4fee\u6539\u7684\u914d\u7f6e\u6587\u4ef6\u8def\u5f84 vim /etc/httpd/conf/httpd.conf #\u4fee\u6539\u4ee5\u4e0b\u9879\uff0c\u5982\u679c\u6ca1\u6709\u5219\u65b0\u6dfb\u52a0 ServerName controller \u521b\u5efa\u8f6f\u94fe\u63a5 ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles \u9700\u8981\u5148\u5b89\u88c5python3-openstackclient dnf install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u00b6 Glance\u662fOpenStack\u63d0\u4f9b\u7684\u955c\u50cf\u670d\u52a1\uff0c\u8d1f\u8d23\u865a\u62df\u673a\u3001\u88f8\u673a\u955c\u50cf\u7684\u4e0a\u4f20\u4e0e\u4e0b\u8f7d\uff0c\u5fc5\u987b\u5b89\u88c5\u3002 Controller\u8282\u70b9 \uff1a \u521b\u5efa glance \u6570\u636e\u5e93\u5e76\u6388\u6743 mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521d\u59cb\u5316 glance \u8d44\u6e90\u5bf9\u8c61 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efa\u7528\u6237\u65f6\uff0c\u547d\u4ee4\u884c\u4f1a\u63d0\u793a\u8f93\u5165\u5bc6\u7801\uff0c\u8bf7\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u5bc6\u7801\uff0c\u4e0b\u6587\u6d89\u53ca\u5230 GLANCE_PASS \u7684\u5730\u65b9\u66ff\u6362\u6210\u8be5\u5bc6\u7801\u5373\u53ef\u3002 openstack user create --domain default --password-prompt glance User Password: Repeat User Password: \u6dfb\u52a0glance\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user glance admin \u521b\u5efaglance\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efaglance API\u670d\u52a1\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-glance \u4fee\u6539 glance \u914d\u7f6e\u6587\u4ef6 vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u5bfc\u5165\u73af\u5883\u53d8\u91cf sorce ~/.admin-openrcu \u4e0b\u8f7d\u955c\u50cf x86\u955c\u50cf\u4e0b\u8f7d\uff1a wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img arm\u955c\u50cf\u4e0b\u8f7d\uff1a wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-aarch64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Placement \u00b6 Placement\u662fOpenStack\u63d0\u4f9b\u7684\u8d44\u6e90\u8c03\u5ea6\u7ec4\u4ef6\uff0c\u4e00\u822c\u4e0d\u9762\u5411\u7528\u6237\uff0c\u7531Nova\u7b49\u7ec4\u4ef6\u8c03\u7528\uff0c\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\u3002 \u5b89\u88c5\u3001\u914d\u7f6ePlacement\u670d\u52a1\u524d\uff0c\u9700\u8981\u5148\u521b\u5efa\u76f8\u5e94\u7684\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548cAPI endpoints\u3002 \u521b\u5efa\u6570\u636e\u5e93 \u4f7f\u7528root\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\u670d\u52a1\uff1a mysql -u root -p \u521b\u5efaplacement\u6570\u636e\u5e93\uff1a MariaDB [(none)]> CREATE DATABASE placement; \u6388\u6743\u6570\u636e\u5e93\u8bbf\u95ee\uff1a MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; \u66ff\u6362 PLACEMENT_DBPASS \u4e3aplacement\u6570\u636e\u5e93\u8bbf\u95ee\u5bc6\u7801\u3002 \u9000\u51fa\u6570\u636e\u5e93\u8bbf\u95ee\u5ba2\u6237\u7aef\uff1a exit \u914d\u7f6e\u7528\u6237\u548cEndpoints source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u521b\u5efaplacement\u7528\u6237\u5e76\u8bbe\u7f6e\u7528\u6237\u5bc6\u7801\uff1a openstack user create --domain default --password-prompt placement User Password: Repeat User Password: \u6dfb\u52a0placement\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user placement admin \u521b\u5efaplacement\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name placement \\ --description \"Placement API\" placement \u521b\u5efaPlacement API\u670d\u52a1endpoints\uff1a openstack endpoint create --region RegionOne \\ placement public http://controller:8778 openstack endpoint create --region RegionOne \\ placement internal http://controller:8778 openstack endpoint create --region RegionOne \\ placement admin http://controller:8778 \u5b89\u88c5\u53ca\u914d\u7f6e\u7ec4\u4ef6 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a dnf install openstack-placement-api \u7f16\u8f91 /etc/placement/placement.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u5b8c\u6210\u5982\u4e0b\u64cd\u4f5c\uff1a \u5728 [placement_database] \u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1a [placement_database] connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement \u66ff\u6362 PLACEMENT_DBPASS \u4e3aplacement\u6570\u636e\u5e93\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u6570\u636e\u5e93\u540c\u6b65\uff0c\u586b\u5145Placement\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8\u670d\u52a1 \u91cd\u542fhttpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650 source ~/.admin-openrc \u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a placement-status upgrade check +----------------------------------------------------------------------+ | Upgrade Check Results | +----------------------------------------------------------------------+ | Check: Missing Root Provider IDs | | Result: Success | | Details: None | +----------------------------------------------------------------------+ | Check: Incomplete Consumers | | Result: Success | | Details: None | +----------------------------------------------------------------------+ | Check: Policy File JSON to YAML Migration | | Result: Failure | | Details: Your policy file is JSON-formatted which is deprecated. You | | need to switch to YAML-formatted file. Use the | | ``oslopolicy-convert-json-to-yaml`` tool to convert the | | existing JSON-formatted files to YAML in a backwards- | | compatible manner: https://docs.openstack.org/oslo.policy/ | | latest/cli/oslopolicy-convert-json-to-yaml.html. | +----------------------------------------------------------------------+ \u8fd9\u91cc\u53ef\u4ee5\u770b\u5230 Policy File JSON to YAML Migration \u7684\u7ed3\u679c\u4e3aFailure\u3002\u8fd9\u662f\u56e0\u4e3a\u5728Placement\u4e2d\uff0cJSON\u683c\u5f0f\u7684policy\u6587\u4ef6\u4eceWallaby\u7248\u672c\u5f00\u59cb\u5df2\u5904\u4e8e deprecated \u72b6\u6001\u3002\u53ef\u4ee5\u53c2\u8003\u63d0\u793a\uff0c\u4f7f\u7528 oslopolicy-convert-json-to-yaml \u5de5\u5177 \u5c06\u73b0\u6709\u7684JSON\u683c\u5f0fpolicy\u6587\u4ef6\u8f6c\u5316\u4e3aYAML\u683c\u5f0f\u3002 oslopolicy-convert-json-to-yaml --namespace placement \\ --policy-file /etc/placement/policy.json \\ --output-file /etc/placement/policy.yaml mv /etc/placement/policy.json{,.bak} \u6ce8\uff1a\u5f53\u524d\u73af\u5883\u4e2d\u6b64\u95ee\u9898\u53ef\u5ffd\u7565\uff0c\u4e0d\u5f71\u54cd\u8fd0\u884c\u3002 \u9488\u5bf9placement API\u8fd0\u884c\u547d\u4ee4\uff1a \u5b89\u88c5osc-placement\u63d2\u4ef6\uff1a dnf install python3-osc-placement \u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a openstack --os-placement-api-version 1.2 resource class list --sort-column name +----------------------------+ | name | +----------------------------+ | DISK_GB | | FPGA | | ... | openstack --os-placement-api-version 1.6 trait list --sort-column name +---------------------------------------+ | name | +---------------------------------------+ | COMPUTE_ACCELERATORS | | COMPUTE_ARCH_AARCH64 | | ... | Nova \u00b6 Nova\u662fOpenStack\u7684\u8ba1\u7b97\u670d\u52a1\uff0c\u8d1f\u8d23\u865a\u62df\u673a\u7684\u521b\u5efa\u3001\u53d1\u653e\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u521b\u5efa\u6570\u636e\u5e93 \u4f7f\u7528root\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\u670d\u52a1\uff1a mysql -u root -p \u521b\u5efa nova_api \u3001 nova \u548c nova_cell0 \u6570\u636e\u5e93\uff1a MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; \u6388\u6743\u6570\u636e\u5e93\u8bbf\u95ee\uff1a MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; \u66ff\u6362 NOVA_DBPASS \u4e3anova\u76f8\u5173\u6570\u636e\u5e93\u8bbf\u95ee\u5bc6\u7801\u3002 \u9000\u51fa\u6570\u636e\u5e93\u8bbf\u95ee\u5ba2\u6237\u7aef\uff1a exit \u914d\u7f6e\u7528\u6237\u548cEndpoints source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u521b\u5efanova\u7528\u6237\u5e76\u8bbe\u7f6e\u7528\u6237\u5bc6\u7801\uff1a openstack user create --domain default --password-prompt nova User Password: Repeat User Password: \u6dfb\u52a0nova\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user nova admin \u521b\u5efanova\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name nova \\ --description \"OpenStack Compute\" compute \u521b\u5efaNova API\u670d\u52a1endpoints\uff1a openstack endpoint create --region RegionOne \\ compute public http://controller:8774/v2.1 openstack endpoint create --region RegionOne \\ compute internal http://controller:8774/v2.1 openstack endpoint create --region RegionOne \\ compute admin http://controller:8774/v2.1 \u5b89\u88c5\u53ca\u914d\u7f6e\u7ec4\u4ef6 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a dnf install openstack-nova-api openstack-nova-conductor \\ openstack-nova-novncproxy openstack-nova-scheduler \u7f16\u8f91 /etc/nova/nova.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u5b8c\u6210\u5982\u4e0b\u64cd\u4f5c\uff1a \u5728 [default] \u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u4f7f\u7528controller\u8282\u70b9\u7ba1\u7406IP\u914d\u7f6emy_ip\uff0c\u663e\u5f0f\u5b9a\u4e49log_dir\uff1a [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 192.168.0.2 log_dir = /var/log/nova state_path = /var/lib/nova \u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002 \u5728 [api_database] \u548c [database] \u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1a [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova \u66ff\u6362 NOVA_DBPASS \u4e3anova\u76f8\u5173\u6570\u636e\u5e93\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u5728 [vnc] \u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1a [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip \u5728 [glance] \u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1a [glance] api_servers = http://controller:9292 \u5728 [oslo_concurrency] \u90e8\u5206\uff0c\u914d\u7f6elock path\uff1a [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\uff1a [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u6570\u636e\u5e93\u540c\u6b65\uff1a \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova \u542f\u52a8\u670d\u52a1 systemctl enable \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service Compute\u8282\u70b9 \u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-nova-compute \u7f16\u8f91 /etc/nova/nova.conf \u914d\u7f6e\u6587\u4ef6 \u5728 [default] \u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u4f7f\u7528Compute\u8282\u70b9\u7ba1\u7406IP\u914d\u7f6emy_ip\uff0c\u663e\u5f0f\u5b9a\u4e49compute_driver\u3001instances_path\u3001log_dir\uff1a [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 192.168.0.3 compute_driver = libvirt.LibvirtDriver instances_path = /var/lib/nova/instances log_dir = /var/log/nova \u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u5728 [vnc] \u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1a [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html \u5728 [glance] \u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1a [glance] api_servers = http://controller:9292 \u5728 [oslo_concurrency] \u90e8\u5206\uff0c\u914d\u7f6elock path\uff1a [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\uff1a [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86_64\uff09 \u5904\u7406\u5668\u4e3ax86_64\u67b6\u6784\u65f6\uff0c\u53ef\u901a\u8fc7\u8fd0\u884c\u5982\u4e0b\u547d\u4ee4\u786e\u8ba4\u662f\u5426\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662f\u9ed8\u8ba4\u7684KVM\u3002\u7f16\u8f91 /etc/nova/nova.conf \u7684 [libvirt] \u90e8\u5206\uff1a [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e\u3002 \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08arm64\uff09 \u5904\u7406\u5668\u4e3aarm64\u67b6\u6784\u65f6\uff0c\u53ef\u901a\u8fc7\u8fd0\u884c\u5982\u4e0b\u547d\u4ee4\u786e\u8ba4\u662f\u5426\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff1a virt-host-validate # \u8be5\u547d\u4ee4\u7531libvirt\u63d0\u4f9b\uff0c\u6b64\u65f6libvirt\u5e94\u5df2\u4f5c\u4e3aopenstack-nova-compute\u4f9d\u8d56\u88ab\u5b89\u88c5\uff0c\u73af\u5883\u4e2d\u5df2\u6709\u6b64\u547d\u4ee4 \u663e\u793aFAIL\u65f6\uff0c\u8868\u793a\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662f\u9ed8\u8ba4\u7684KVM\u3002 QEMU: Checking if device /dev/kvm exists: FAIL (Check that CPU and firmware supports virtualization and kvm module is loaded) \u7f16\u8f91 /etc/nova/nova.conf \u7684 [libvirt] \u90e8\u5206\uff1a [libvirt] virt_type = qemu \u663e\u793aPASS\u65f6\uff0c\u8868\u793a\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e\u3002 QEMU: Checking if device /dev/kvm exists: PASS \u914d\u7f6eqemu\uff08\u4ec5arm64\uff09 \u4ec5\u5f53\u5904\u7406\u5668\u4e3aarm64\u67b6\u6784\u65f6\u9700\u8981\u6267\u884c\u6b64\u64cd\u4f5c\u3002 \u7f16\u8f91 /etc/libvirt/qemu.conf : nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u7f16\u8f91 /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } \u542f\u52a8\u670d\u52a1 systemctl enable libvirtd.service openstack-nova-compute.service systemctl start libvirtd.service openstack-nova-compute.service Controller\u8282\u70b9 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u786e\u8ba4nova-compute\u670d\u52a1\u5df2\u8bc6\u522b\u5230\u6570\u636e\u5e93\u4e2d\uff1a openstack compute service list --service nova-compute \u53d1\u73b0\u8ba1\u7b97\u8282\u70b9\uff0c\u5c06\u8ba1\u7b97\u8282\u70b9\u6dfb\u52a0\u5230cell\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova \u7ed3\u679c\u5982\u4e0b\uff1a Modules with known eventlet monkey patching issues were imported prior to eventlet monkey patching: urllib3. This warning can usually be ignored if the caller is only importing and not executing nova code. Found 2 cell mappings. Skipping cell0 since it does not contain hosts. Getting computes from cell 'cell1': 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2 Checking host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e Creating host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e Found 1 unmapped computes in cell: 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2 \u9a8c\u8bc1 \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check Neutron \u00b6 Neutron\u662fOpenStack\u7684\u7f51\u7edc\u670d\u52a1\uff0c\u63d0\u4f9b\u865a\u62df\u4ea4\u6362\u673a\u3001IP\u8def\u7531\u3001DHCP\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u670d\u52a1\u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u7528\u6237\u548c\u670d\u52a1\uff0c\u5e76\u8bb0\u4f4f\u521b\u5efaneutron\u7528\u6237\u65f6\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6eNEUTRON_PASS\uff1a source ~/.admin-openrc openstack user create --domain default --password-prompt neutron openstack role add --project service --user neutron admin openstack service create --name neutron --description \"OpenStack Networking\" network \u90e8\u7f72 Neutron API \u670d\u52a1\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 openstack endpoint create --region RegionOne network internal http://controller:9696 openstack endpoint create --region RegionOne network admin http://controller:9696 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install -y openstack-neutron openstack-neutron-linuxbridge ebtables ipset openstack-neutron-ml2 3. \u914d\u7f6eNeutron \u4fee\u6539/etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron [DEFAULT] core_plugin = ml2 service_plugins = router allow_overlapping_ips = true transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = nova password = NOVA_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp [experimental] linuxbridge = true \u914d\u7f6eML2\uff0cML2\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge** \u4fee\u6539/etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u4fee\u6539/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u914d\u7f6eLayer-3\u4ee3\u7406 \u4fee\u6539/etc/neutron/l3_agent.ini [DEFAULT] interface_driver = linuxbridge \u914d\u7f6eDHCP\u4ee3\u7406 \u4fee\u6539/etc/neutron/dhcp_agent.ini [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u914d\u7f6emetadata\u4ee3\u7406 \u4fee\u6539/etc/neutron/metadata_agent.ini [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u914d\u7f6enova\u670d\u52a1\u4f7f\u7528neutron\uff0c\u4fee\u6539/etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542fnova api\u670d\u52a1 systemctl restart openstack-nova-api \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service systemctl start neutron-server.service neutron-linuxbridge-agent.service \\ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service Compute\u8282\u70b9 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-neutron-linuxbridge ebtables ipset -y \u914d\u7f6eNeutron \u4fee\u6539/etc/neutron/neutron.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u4fee\u6539/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u914d\u7f6enova compute\u670d\u52a1\u4f7f\u7528neutron\uff0c\u4fee\u6539/etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS \u91cd\u542fnova-compute\u670d\u52a1 systemctl restart openstack-nova-compute.service \u542f\u52a8Neutron linuxbridge agent\u670d\u52a1 systemctl enable neutron-linuxbridge-agent systemctl start neutron-linuxbridge-agent Cinder \u00b6 Cinder\u662fOpenStack\u7684\u5b58\u50a8\u670d\u52a1\uff0c\u63d0\u4f9b\u5757\u8bbe\u5907\u7684\u521b\u5efa\u3001\u53d1\u653e\u3001\u5907\u4efd\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \uff1a \u521d\u59cb\u5316\u6570\u636e\u5e93 CINDER_DBPASS \u662f\u7528\u6237\u81ea\u5b9a\u4e49\u7684cinder\u6570\u636e\u5e93\u5bc6\u7801\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u521d\u59cb\u5316Keystone\u8d44\u6e90\u5bf9\u8c61 source ~/.admin-openrc #\u521b\u5efa\u7528\u6237\u65f6\uff0c\u547d\u4ee4\u884c\u4f1a\u63d0\u793a\u8f93\u5165\u5bc6\u7801\uff0c\u8bf7\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u5bc6\u7801\uff0c\u4e0b\u6587\u6d89\u53ca\u5230`CINDER_PASS`\u7684\u5730\u65b9\u66ff\u6362\u6210\u8be5\u5bc6\u7801\u5373\u53ef\u3002 openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s 3. \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-cinder-api openstack-cinder-scheduler \u4fee\u6539cinder\u914d\u7f6e\u6587\u4ef6 /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 192.168.0.2 [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp \u6570\u636e\u5e93\u540c\u6b65 su -s /bin/sh -c \"cinder-manage db sync\" cinder \u4fee\u6539nova\u914d\u7f6e /etc/nova/nova.conf [cinder] os_region_name = RegionOne \u542f\u52a8\u670d\u52a1 systemctl restart openstack-nova-api systemctl start openstack-cinder-api openstack-cinder-scheduler Storage\u8282\u70b9 \uff1a Storage\u8282\u70b9\u8981\u63d0\u524d\u51c6\u5907\u81f3\u5c11\u4e00\u5757\u786c\u76d8\uff0c\u4f5c\u4e3acinder\u7684\u5b58\u50a8\u540e\u7aef\uff0c\u4e0b\u6587\u9ed8\u8ba4storage\u8282\u70b9\u5df2\u7ecf\u5b58\u5728\u4e00\u5757\u672a\u4f7f\u7528\u7684\u786c\u76d8\uff0c\u8bbe\u5907\u540d\u79f0\u4e3a /dev/sdb \uff0c\u7528\u6237\u5728\u914d\u7f6e\u8fc7\u7a0b\u4e2d\uff0c\u8bf7\u6309\u7167\u771f\u5b9e\u73af\u5883\u4fe1\u606f\u8fdb\u884c\u540d\u79f0\u66ff\u6362\u3002 Cinder\u652f\u6301\u5f88\u591a\u7c7b\u578b\u7684\u540e\u7aef\u5b58\u50a8\uff0c\u672c\u6307\u5bfc\u4f7f\u7528\u6700\u7b80\u5355\u7684lvm\u4e3a\u53c2\u8003\uff0c\u5982\u679c\u60a8\u60f3\u4f7f\u7528\u5982ceph\u7b49\u5176\u4ed6\u540e\u7aef\uff0c\u8bf7\u81ea\u884c\u914d\u7f6e\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils openstack-cinder-volume openstack-cinder-backup \u914d\u7f6elvm\u5377\u7ec4 pvcreate /dev/sdb vgcreate cinder-volumes /dev/sdb \u4fee\u6539cinder\u914d\u7f6e /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 192.168.0.4 enabled_backends = lvm glance_api_servers = http://controller:9292 [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = cinder password = CINDER_PASS [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver volume_group = cinder-volumes target_protocol = iscsi target_helper = lioadm [oslo_concurrency] lock_path = /var/lib/cinder/tmp \u914d\u7f6ecinder backup \uff08\u53ef\u9009\uff09 cinder-backup\u662f\u53ef\u9009\u7684\u5907\u4efd\u670d\u52a1\uff0ccinder\u540c\u6837\u652f\u6301\u5f88\u591a\u79cd\u5907\u4efd\u540e\u7aef\uff0c\u672c\u6587\u4f7f\u7528swift\u5b58\u50a8\uff0c\u5982\u679c\u60a8\u60f3\u4f7f\u7528\u5982NFS\u7b49\u540e\u7aef\uff0c\u8bf7\u81ea\u884c\u914d\u7f6e\uff0c\u4f8b\u5982\u53ef\u4ee5\u53c2\u8003 OpenStack\u5b98\u65b9\u6587\u6863 \u5bf9NFS\u7684\u914d\u7f6e\u8bf4\u660e\u3002 \u4fee\u6539 /etc/cinder/cinder.conf \uff0c\u5728 [DEFAULT] \u4e2d\u65b0\u589e [DEFAULT] backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver backup_swift_url = SWIFT_URL \u8fd9\u91cc\u7684 SWIFT_URL \u662f\u6307\u73af\u5883\u4e2dswift\u670d\u52a1\u7684URL\uff0c\u5728\u90e8\u7f72\u5b8cswift\u670d\u52a1\u540e\uff0c\u6267\u884c openstack catalog show object-store \u547d\u4ee4\u83b7\u53d6\u3002 \u542f\u52a8\u670d\u52a1 systemctl start openstack-cinder-volume target systemctl start openstack-cinder-backup (\u53ef\u9009) \u81f3\u6b64\uff0cCinder\u670d\u52a1\u7684\u90e8\u7f72\u5df2\u5168\u90e8\u5b8c\u6210\uff0c\u53ef\u4ee5\u5728controller\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u8fdb\u884c\u7b80\u5355\u7684\u9a8c\u8bc1 source ~/.admin-openrc openstack storage service list openstack volume list Horizon \u00b6 Horizon\u662fOpenStack\u63d0\u4f9b\u7684\u524d\u7aef\u9875\u9762\uff0c\u53ef\u4ee5\u8ba9\u7528\u6237\u901a\u8fc7\u7f51\u9875\u9f20\u6807\u7684\u64cd\u4f5c\u6765\u63a7\u5236OpenStack\u96c6\u7fa4\uff0c\u800c\u4e0d\u7528\u7e41\u7410\u7684CLI\u547d\u4ee4\u884c\u3002Horizon\u4e00\u822c\u90e8\u7f72\u5728\u63a7\u5236\u8282\u70b9\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-dashboard \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] OPENSTACK_KEYSTONE_URL = \"http://controller:5000/v3\" SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f\u670d\u52a1 systemctl restart httpd \u81f3\u6b64\uff0chorizon\u670d\u52a1\u7684\u90e8\u7f72\u5df2\u5168\u90e8\u5b8c\u6210\uff0c\u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165 http://192.168.0.2/dashboard \uff0c\u6253\u5f00horizon\u767b\u5f55\u9875\u9762\u3002 Ironic \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASS'; MariaDB [(none)]> exit Bye \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 \u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 \u66ff\u6362 IRONIC_PASS \u4e3aironic\u7528\u6237\u5bc6\u7801\uff0c IRONIC_INSPECTOR_PASS \u4e3aironic_inspector\u7528\u6237\u5bc6\u7801\u3002 openstack user create --password IRONIC_PASS \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASS --email ironic_inspector@example.com ironic-inspector openstack role add --project service --user ironic-inspector admin \u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal public http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal internal http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://192.168.0.2:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://192.168.0.2:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://192.168.0.2:5050/v1 \u5b89\u88c5\u7ec4\u4ef6 dnf install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf \u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASS \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQ LAlchemy connection string used to connect to the # database (string value) # connection = mysql+pymysql://ironic:IRONIC_DBPASS@DB_IP/ironic connection = mysql+pymysql://ironic:IRONIC_DBPASS@controller/ironic \u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) # transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq \u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASS \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s % (user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) # www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 www_authenticate_uri=http://controller:5000 # Complete admin Identity API endpoint. (string value) # auth_url=http://PRIVATE_IDENTITY_IP:5000 auth_url=http://controller:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASS # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none \u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema \u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 \u5982\u4e0b\u4e3aironic-conductor\u670d\u52a1\u81ea\u8eab\u7684\u6807\u51c6\u914d\u7f6e\uff0cironic-conductor\u670d\u52a1\u53ef\u4ee5\u4e0eironic-api\u670d\u52a1\u5206\u5e03\u4e8e\u4e0d\u540c\u8282\u70b9\uff0c\u672c\u6307\u5357\u4e2d\u5747\u90e8\u7f72\u4e0e\u63a7\u5236\u8282\u70b9\uff0c\u6240\u4ee5\u91cd\u590d\u7684\u914d\u7f6e\u9879\u53ef\u8df3\u8fc7\u3002 \u66ff\u6362\u4f7f\u7528conductor\u670d\u52a1\u6240\u5728host\u7684IP\u914d\u7f6emy_ip\uff1a [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) # my_ip=HOST_IP my_ip = 192.168.0.2 \u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASS \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASS@controller/ironic \u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq \u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c \u66ff\u6362IRONIC_PASS\u4e3aironic\u7528\u6237\u5bc6\u7801\u3002 [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASS # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public # \u5176\u4ed6\u53c2\u8003\u914d\u7f6e [glance] endpoint_override = http://controller:9292 www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 auth_type = password username = ironic password = IRONIC_PASS project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service [service_catalog] region_name = RegionOne project_domain_id = default user_domain_id = default project_name = service password = IRONIC_PASS username = ironic auth_url = http://controller:5000 auth_type = password \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] endpoint_override = <NEUTRON_API_ADDRESS> \u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 \u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u5b89\u88c5\u7ec4\u4ef6 dnf install openstack-ironic-inspector \u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASS'; MariaDB [(none)]> exit Bye \u914d\u7f6e /etc/ironic-inspector/inspector.conf \u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASS \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801 [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASS@controller/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 \u914d\u7f6e\u6d88\u606f\u961f\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s % (user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://controller:5000 www_authenticate_uri = http://controller:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = controller:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True \u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=192.168.0.40,192.168.0.50 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log \u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c \u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade \u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 dnf install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd deploy ramdisk\u955c\u50cf\u4e0b\u8f7d\u6216\u5236\u4f5c \u90e8\u7f72\u4e00\u4e2a\u88f8\u673a\u8282\u70b9\u603b\u5171\u9700\u8981\u4e24\u7ec4\u955c\u50cf\uff1adeploy ramdisk images\u548cuser images\u3002Deploy ramdisk images\u4e0a\u8fd0\u884c\u6709ironic-python-agent(IPA)\u670d\u52a1\uff0cIronic\u901a\u8fc7\u5b83\u8fdb\u884c\u88f8\u673a\u8282\u70b9\u7684\u73af\u5883\u51c6\u5907\u3002User images\u662f\u6700\u7ec8\u88ab\u5b89\u88c5\u88f8\u673a\u8282\u70b9\u4e0a\uff0c\u4f9b\u7528\u6237\u4f7f\u7528\u7684\u955c\u50cf\u3002 ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent-builder\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002\u82e5\u4f7f\u7528\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \uff0c\u540c\u65f6\u5b98\u65b9\u4e5f\u6709\u63d0\u4f9b\u5236\u4f5c\u597d\u7684deploy\u955c\u50cf\uff0c\u53ef\u5c1d\u8bd5\u4e0b\u8f7d\u3002 \u4e0b\u6587\u4ecb\u7ecd\u901a\u8fc7ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder dnf install python3-ironic-python-agent-builder \u6216 pip3 install ironic-python-agent-builder dnf install qemu-img git \u5236\u4f5c\u955c\u50cf \u57fa\u672c\u7528\u6cd5\uff1a usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--lzma] [--extra-args EXTRA_ARGS] [--elements-path ELEMENTS_PATH] distribution positional arguments: distribution Distribution to use options: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic-python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --lzma Use lzma compression for smaller images --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder --elements-path ELEMENTS_PATH Path(s) to custom DIB elements separated by a colon \u64cd\u4f5c\u5b9e\u4f8b\uff1a # -o\u9009\u9879\u6307\u5b9a\u751f\u6210\u7684\u955c\u50cf\u540d # ubuntu\u6307\u5b9a\u751f\u6210ubuntu\u7cfb\u7edf\u7684\u955c\u50cf ironic-python-agent-builder -o my-ubuntu-ipa ubuntu \u53ef\u901a\u8fc7\u8bbe\u7f6e ARCH \u73af\u5883\u53d8\u91cf\uff08\u9ed8\u8ba4\u4e3aamd64\uff09\u6307\u5b9a\u6240\u6784\u5efa\u955c\u50cf\u7684\u67b6\u6784\u3002\u5982\u679c\u662f arm \u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a export ARCH=aarch64 \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf,\u8bbe\u7f6e\u7528\u6237\u540d\u3001\u5bc6\u7801\uff0c\u542f\u7528 sodo \u6743\u9650\uff1b\u5e76\u6dfb\u52a0 -e \u9009\u9879\u4f7f\u7528\u76f8\u5e94\u7684DIB\u5143\u7d20\u3002\u5236\u4f5c\u955c\u50cf\u64cd\u4f5c\u5982\u4e0b\uff1a export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder -o my-ssh-ubuntu-ipa -e selinux-permissive -e devuser ubuntu \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=stable/2023.1 # \u6307\u5b9a\u672c\u5730\u4ed3\u5e93\u53ca\u5206\u652f DIB_REPOLOCATION_ironic_python_agent=/home/user/path/to/repo DIB_REPOREF_ironic_python_agent=my-test-branch ironic-python-agent-builder ubuntu \u53c2\u8003\uff1a source-repositories \u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\u3002 \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a \u5f53\u524d\u7248\u672c\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ ramdisk\u955c\u50cf\u4e2d\u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 \u7f16\u8f91/usr/lib/systemd/system/ironic-python-agent.service\u6587\u4ef6 [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target Trove \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2atrove\u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684trove\u6570\u636e\u5e93\uff0c\u66ff\u6362TROVE_DBPASS\u4e3a\u5408\u9002\u7684\u5bc6\u7801\u3002 CREATE DATABASE trove CHARACTER SET utf8; GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' IDENTIFIED BY 'TROVE_DBPASS'; GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' IDENTIFIED BY 'TROVE_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 # \u521b\u5efatrove\u7528\u6237 openstack user create --domain default --password-prompt trove # \u6dfb\u52a0admin\u89d2\u8272 openstack role add --project service --user trove admin # \u521b\u5efadatabase\u670d\u52a1 openstack service create --name trove --description \"Database service\" database \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5Trove\u3002 dnf install openstack-trove python-troveclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 \u7f16\u8f91/etc/trove/trove.conf\u3002 [DEFAULT] bind_host=192.168.0.2 log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver network_label_regex=.* management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] auth_url = http://controller:5000/v3/ auth_type = password project_domain_name = Default project_name = service user_domain_name = Default password = trove username = TROVE_PASS [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = trove password = TROVE_PASS [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u63a7\u5236\u8282\u70b9\u7684IP\u3002\\ transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801\u3002\\ [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f\u3002\\ Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801\u3002 \u7f16\u8f91/etc/trove/trove-guestagent.conf\u3002 [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df\u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a\u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002\\ transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801\u3002\\ Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801\u3002\\ \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 \u6570\u636e\u5e93\u540c\u6b65\u3002 su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-trove-api.service openstack-trove-taskmanager.service \\ openstack-trove-conductor.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Swift \u00b6 Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 Controller\u8282\u70b9 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 # \u521b\u5efaswift\u7528\u6237 openstack user create --domain default --password-prompt swift # \u6dfb\u52a0admin\u89d2\u8272 openstack role add --project service --user swift admin # \u521b\u5efa\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5Swift\u3002 dnf install openstack-swift-proxy python3-swiftclient python3-keystoneclient \\ python3-keystonemiddleware memcached \u914d\u7f6eproxy-server\u3002 Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cSWIFT_PASS\u5373\u53ef\u3002 vim /etc/swift/proxy-server.conf [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = swift password = SWIFT_PASS delay_auth_decision = True service_token_roles_required = True Storage\u8282\u70b9 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305\u3002 dnf install openstack-swift-account openstack-swift-container openstack-swift-object dnf install xfsprogs rsync \u5c06\u8bbe\u5907/dev/sdb\u548c/dev/sdc\u683c\u5f0f\u5316\u4e3aXFS\u3002 mkfs.xfs /dev/sdb mkfs.xfs /dev/sdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u3002 mkdir -p /srv/node/sdb mkdir -p /srv/node/sdc \u627e\u5230\u65b0\u5206\u533a\u7684UUID\u3002 blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d\u3002 UUID=\"<UUID-from-output-above>\" /srv/node/sdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/sdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\u3002 mount /srv/node/sdb mount /srv/node/sdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e\u3002 \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u914d\u7f6e\u5b58\u50a8\u8282\u70b9\u3002 \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 [DEFAULT] bind_ip = 192.168.0.4 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743\u3002 chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\u3002 mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift Controller\u8282\u70b9\u521b\u5efa\u5e76\u5206\u53d1\u73af \u521b\u5efa\u8d26\u53f7\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840 account.builder \u6587\u4ef6\u3002 swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder account.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS \\ --port 6202 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u8d26\u53f7\u73af\u5185\u5bb9\u3002 swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u8d26\u53f7\u73af\u3002 swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\u3002 swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder container.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u5bb9\u5668\u73af\u5185\u5bb9\u3002 swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u5bb9\u5668\u73af\u3002 swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\u3002 swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder object.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS \\ --port 6200 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u5bf9\u8c61\u73af\u5185\u5bb9\u3002 swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u5bf9\u8c61\u73af\u3002 swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\u3002 \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/swift/swift.conf\u3002 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\u3002 chown -R root:swift /etc/swift \u5b8c\u6210\u5b89\u88c5 \u5728\u63a7\u5236\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\u3002 systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\u3002 systemctl enable openstack-swift-account.service \\ openstack-swift-account-auditor.service \\ openstack-swift-account-reaper.service \\ openstack-swift-account-replicator.service \\ openstack-swift-container.service \\ openstack-swift-container-auditor.service \\ openstack-swift-container-replicator.service \\ openstack-swift-container-updater.service \\ openstack-swift-object.service \\ openstack-swift-object-auditor.service \\ openstack-swift-object-replicator.service \\ openstack-swift-object-updater.service systemctl start openstack-swift-account.service \\ openstack-swift-account-auditor.service \\ openstack-swift-account-reaper.service \\ openstack-swift-account-replicator.service \\ openstack-swift-container.service \\ openstack-swift-container-auditor.service \\ openstack-swift-container-replicator.service \\ openstack-swift-container-updater.service \\ openstack-swift-object.service \\ openstack-swift-object-auditor.service \\ openstack-swift-object-replicator.service \\ openstack-swift-object-updater.service Cyborg \u00b6 Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 Controller\u8282\u70b9 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 mysql -u root -p MariaDB [(none)]> CREATE DATABASE cyborg; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u7528\u6237\u548c\u670d\u52a1\uff0c\u5e76\u8bb0\u4f4f\u521b\u5efacybory\u7528\u6237\u65f6\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6eCYBORG_PASS source ~/.admin-openrc openstack user create --domain default --password-prompt cyborg openstack role add --project service --user cyborg admin openstack service create --name cyborg --description \"Acceleration Service\" accelerator \u4f7f\u7528uwsgi\u90e8\u7f72Cyborg api\u670d\u52a1 openstack endpoint create --region RegionOne accelerator public http://controller/accelerator/v2 openstack endpoint create --region RegionOne accelerator internal http://controller/accelerator/v2 openstack endpoint create --region RegionOne accelerator admin http://controller/accelerator/v2 \u5b89\u88c5Cyborg dnf install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [api] host_ip = 0.0.0.0 [database] connection = mysql+pymysql://cyborg:CYBORG_DBPASS@controller/cyborg [service_catalog] cafile = /opt/stack/data/ca-bundle.pem project_domain_id = default user_domain_id = default project_name = service password = CYBORG_PASS username = cyborg auth_url = http://controller:5000/v3/ auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = password username = PLACEMENT_PASS auth_url = http://controller:5000/v3/ auth_type = password auth_section = keystone_authtoken [nova] project_domain_name = Default project_name = service user_domain_name = Default password = NOVA_PASS username = nova auth_url = http://controller:5000/v3/ auth_type = password auth_section = keystone_authtoken [keystone_authtoken] memcached_servers = localhost:11211 signing_dir = /var/cache/cyborg/api cafile = /opt/stack/data/ca-bundle.pem project_domain_name = Default project_name = service user_domain_name = Default password = CYBORG_PASS username = cyborg auth_url = http://controller:5000/v3/ auth_type = password \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent Aodh \u00b6 Aodh\u53ef\u4ee5\u6839\u636e\u7531Ceilometer\u6216\u8005Gnocchi\u6536\u96c6\u7684\u76d1\u63a7\u6570\u636e\u521b\u5efa\u544a\u8b66\uff0c\u5e76\u8bbe\u7f6e\u89e6\u53d1\u89c4\u5219\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh\u3002 dnf install openstack-aodh-api openstack-aodh-evaluator \\ openstack-aodh-notifier openstack-aodh-listener \\ openstack-aodh-expirer python3-aodhclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/aodh/aodh.conf [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u540c\u6b65\u6570\u636e\u5e93\u3002 aodh-dbsync \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service \\ openstack-aodh-notifier.service openstack-aodh-listener.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service \\ openstack-aodh-notifier.service openstack-aodh-listener.service Gnocchi \u00b6 Gnocchi\u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u65f6\u95f4\u5e8f\u5217\u6570\u636e\u5e93\uff0c\u53ef\u4ee5\u5bf9\u63a5Ceilometer\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi\u3002 dnf install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. # coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u540c\u6b65\u6570\u636e\u5e93\u3002 gnocchi-upgrade \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service Ceilometer \u00b6 Ceilometer\u662fOpenStack\u4e2d\u8d1f\u8d23\u6570\u636e\u6536\u96c6\u7684\u670d\u52a1\u3002 Controller\u8282\u70b9 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer\u8f6f\u4ef6\u5305\u3002 dnf install openstack-ceilometer-notification openstack-ceilometer-central \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/pipeline.yaml\u3002 publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/ceilometer.conf\u3002 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u6570\u636e\u5e93\u540c\u6b65\u3002 ceilometer-upgrade \u5b8c\u6210\u63a7\u5236\u8282\u70b9Ceilometer\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Compute\u8282\u70b9 \u5b89\u88c5Ceilometer\u8f6f\u4ef6\u5305\u3002 dnf install openstack-ceilometer-compute dnf install openstack-ceilometer-ipmi # \u53ef\u9009 \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/ceilometer.conf\u3002 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_url = http://controller:5000 project_domain_id = default user_domain_id = default auth_type = password username = ceilometer project_name = service password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/nova/nova.conf\u3002 [DEFAULT] instance_usage_audit = True instance_usage_audit_period = hour [notifications] notify_on_state_change = vm_and_task_state [oslo_messaging_notifications] driver = messagingv2 \u5b8c\u6210\u5b89\u88c5\u3002 systemctl enable openstack-ceilometer-compute.service systemctl start openstack-ceilometer-compute.service systemctl enable openstack-ceilometer-ipmi.service # \u53ef\u9009 systemctl start openstack-ceilometer-ipmi.service # \u53ef\u9009 # \u91cd\u542fnova-compute\u670d\u52a1 systemctl restart openstack-nova-compute.service Heat \u00b6 Heat\u662f OpenStack \u81ea\u52a8\u7f16\u6392\u670d\u52a1\uff0c\u57fa\u4e8e\u63cf\u8ff0\u6027\u7684\u6a21\u677f\u6765\u7f16\u6392\u590d\u5408\u4e91\u5e94\u7528\uff0c\u4e5f\u79f0\u4e3a Orchestration Service \u3002Heat \u7684\u5404\u670d\u52a1\u4e00\u822c\u5b89\u88c5\u5728 Controller \u8282\u70b9\u4e0a\u3002 Controller\u8282\u70b9 \u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE heat; MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 source ~/.admin-openrc openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f \u521b\u5efa heat domain openstack domain create --description \"Stack projects and users\" heat \u5728 heat domain\u4e0b\u521b\u5efa heat_domain_admin \u7528\u6237\uff0c\u5e76\u8bb0\u4e0b\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6e\u4e0b\u9762\u7684 HEAT_DOMAIN_PASS openstack user create --domain heat --password-prompt heat_domain_admin \u4e3a heat_domain_admin \u7528\u6237\u589e\u52a0 admin \u89d2\u8272 openstack role add --domain heat --user-domain heat --user heat_domain_admin admin \u521b\u5efa heat_stack_owner \u89d2\u8272 openstack role create heat_stack_owner \u521b\u5efa heat_stack_user \u89d2\u8272 openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service Tempest \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 Controller\u8282\u70b9 \uff1a \u5b89\u88c5Tempest dnf install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Antelope\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a dnf install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u90e8\u7f72 \u00b6 oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 oos\u5de5\u5177\u5728\u4e0d\u65ad\u6f14\u8fdb\uff0c\u517c\u5bb9\u6027\u3001\u53ef\u7528\u6027\u4e0d\u80fd\u65f6\u523b\u4fdd\u8bc1\uff0c\u5efa\u8bae\u4f7f\u7528\u5df2\u9a8c\u8bc1\u7684\u672c\u7248\uff0c\u8fd9\u91cc\u9009\u62e9 1.3.1 pip install openstack-sig-tool==1.3.1 \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff0cAK/SK\u662f\u7528\u6237\u7684\u534e\u4e3a\u4e91\u767b\u5f55\u5bc6\u94a5\uff0c\u5176\u4ed6\u914d\u7f6e\u4fdd\u6301\u9ed8\u8ba4\u5373\u53ef\uff08\u9ed8\u8ba4\u4f7f\u7528\u65b0\u52a0\u5761region\uff09\uff0c\u9700\u8981\u63d0\u524d\u5728\u4e91\u4e0a\u521b\u5efa\u5bf9\u5e94\u7684\u8d44\u6e90\uff0c\u5305\u62ec\uff1a \u4e00\u4e2a\u5b89\u5168\u7ec4\uff0c\u540d\u5b57\u9ed8\u8ba4\u662f oos \u4e00\u4e2aopenEuler\u955c\u50cf\uff0c\u540d\u79f0\u683c\u5f0f\u662fopenEuler-%(release)s-%(arch)s\uff0c\u4f8b\u5982 openEuler-24.03-arm64 \u4e00\u4e2aVPC\uff0c\u540d\u79f0\u662f oos_vpc \u8be5VPC\u4e0b\u9762\u4e24\u4e2a\u5b50\u7f51\uff0c\u540d\u79f0\u662f oos_subnet1 \u3001 oos_subnet2 [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668(\u53ea\u5728openEuler LTS\u4e0a\u652f\u6301) \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 24.03 LTS\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 24.03-lts -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r antelope \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u6267\u884ctempest\u6d4b\u8bd5 \u7528\u6237\u53ef\u4ee5\u4f7f\u7528oos\u81ea\u52a8\u6267\u884c\uff1a oos env test test-oos \u4e5f\u53ef\u4ee5\u624b\u52a8\u767b\u5f55\u76ee\u6807\u8282\u70b9\uff0c\u8fdb\u5165\u6839\u76ee\u5f55\u4e0b\u7684 mytest \u76ee\u5f55\uff0c\u624b\u52a8\u6267\u884c tempest run \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u8df3\u8fc7\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u5728\u7b2c4\u6b65\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 \u88ab\u7eb3\u7ba1\u7684\u865a\u673a\u9700\u8981\u4fdd\u8bc1\uff1a \u81f3\u5c11\u6709\u4e00\u5f20\u7ed9oos\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e neutron_dataplane_interface_name \u81f3\u5c11\u6709\u4e00\u5757\u7ed9oos\u4f7f\u7528\u7684\u786c\u76d8\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e cinder_block_device \u5982\u679c\u8981\u90e8\u7f72swift\u670d\u52a1\uff0c\u5219\u9700\u8981\u65b0\u589e\u4e00\u5757\u786c\u76d8\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e swift_storage_devices # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 24.03-lts -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"openEuler-24.03-LTS_Antelope"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#openstack-antelope","text":"OpenStack Antelope \u90e8\u7f72\u6307\u5357 \u57fa\u4e8eRPM\u90e8\u7f72 \u73af\u5883\u51c6\u5907 \u65f6\u949f\u540c\u6b65 \u5b89\u88c5\u6570\u636e\u5e93 \u5b89\u88c5\u6d88\u606f\u961f\u5217 \u5b89\u88c5\u7f13\u5b58\u670d\u52a1 \u90e8\u7f72\u670d\u52a1 Keystone Glance Placement Nova Neutron Cinder Horizon Ironic Trove Swift Cyborg Aodh Gnocchi Ceilometer Heat Tempest \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u90e8\u7f72 \u672c\u6587\u6863\u662f openEuler OpenStack SIG \u7f16\u5199\u7684\u57fa\u4e8e openEuler 24.03 LTS \u7684 OpenStack \u90e8\u7f72\u6307\u5357\uff0c\u5185\u5bb9\u7531 SIG \u8d21\u732e\u8005\u63d0\u4f9b\u3002\u5728\u9605\u8bfb\u8fc7\u7a0b\u4e2d\uff0c\u5982\u679c\u60a8\u6709\u4efb\u4f55\u7591\u95ee\u6216\u8005\u53d1\u73b0\u4efb\u4f55\u95ee\u9898\uff0c\u8bf7 \u8054\u7cfb SIG\u7ef4\u62a4\u4eba\u5458\uff0c\u6216\u8005\u76f4\u63a5 \u63d0\u4ea4issue \u7ea6\u5b9a \u672c\u7ae0\u8282\u63cf\u8ff0\u6587\u6863\u4e2d\u7684\u4e00\u4e9b\u901a\u7528\u7ea6\u5b9a\u3002 \u540d\u79f0 \u5b9a\u4e49 RABBIT_PASS rabbitmq\u7684\u5bc6\u7801\uff0c\u7531\u7528\u6237\u8bbe\u7f6e\uff0c\u5728OpenStack\u5404\u4e2a\u670d\u52a1\u914d\u7f6e\u4e2d\u4f7f\u7528 CINDER_PASS cinder\u670d\u52a1keystone\u7528\u6237\u7684\u5bc6\u7801\uff0c\u5728cinder\u914d\u7f6e\u4e2d\u4f7f\u7528 CINDER_DBPASS cinder\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728cinder\u914d\u7f6e\u4e2d\u4f7f\u7528 KEYSTONE_DBPASS keystone\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728keystone\u914d\u7f6e\u4e2d\u4f7f\u7528 GLANCE_PASS glance\u670d\u52a1keystone\u7528\u6237\u7684\u5bc6\u7801\uff0c\u5728glance\u914d\u7f6e\u4e2d\u4f7f\u7528 GLANCE_DBPASS glance\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728glance\u914d\u7f6e\u4e2d\u4f7f\u7528 HEAT_PASS \u5728keystone\u6ce8\u518c\u7684heat\u7528\u6237\u5bc6\u7801\uff0c\u5728heat\u914d\u7f6e\u4e2d\u4f7f\u7528 HEAT_DBPASS heat\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728heat\u914d\u7f6e\u4e2d\u4f7f\u7528 CYBORG_PASS \u5728keystone\u6ce8\u518c\u7684cyborg\u7528\u6237\u5bc6\u7801\uff0c\u5728cyborg\u914d\u7f6e\u4e2d\u4f7f\u7528 CYBORG_DBPASS cyborg\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728cyborg\u914d\u7f6e\u4e2d\u4f7f\u7528 NEUTRON_PASS \u5728keystone\u6ce8\u518c\u7684neutron\u7528\u6237\u5bc6\u7801\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 NEUTRON_DBPASS neutron\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 PROVIDER_INTERFACE_NAME \u7269\u7406\u7f51\u7edc\u63a5\u53e3\u7684\u540d\u79f0\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 OVERLAY_INTERFACE_IP_ADDRESS Controller\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406ip\u5730\u5740\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 METADATA_SECRET metadata proxy\u7684secret\u5bc6\u7801\uff0c\u5728nova\u548cneutron\u914d\u7f6e\u4e2d\u4f7f\u7528 PLACEMENT_DBPASS placement\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728placement\u914d\u7f6e\u4e2d\u4f7f\u7528 PLACEMENT_PASS \u5728keystone\u6ce8\u518c\u7684placement\u7528\u6237\u5bc6\u7801\uff0c\u5728placement\u914d\u7f6e\u4e2d\u4f7f\u7528 NOVA_DBPASS nova\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728nova\u914d\u7f6e\u4e2d\u4f7f\u7528 NOVA_PASS \u5728keystone\u6ce8\u518c\u7684nova\u7528\u6237\u5bc6\u7801\uff0c\u5728nova,cyborg,neutron\u7b49\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_DBPASS ironic\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728ironic\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_PASS \u5728keystone\u6ce8\u518c\u7684ironic\u7528\u6237\u5bc6\u7801\uff0c\u5728ironic\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_INSPECTOR_DBPASS ironic-inspector\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728ironic-inspector\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_INSPECTOR_PASS \u5728keystone\u6ce8\u518c\u7684ironic-inspector\u7528\u6237\u5bc6\u7801\uff0c\u5728ironic-inspector\u914d\u7f6e\u4e2d\u4f7f\u7528 OpenStack SIG \u63d0\u4f9b\u4e86\u591a\u79cd\u57fa\u4e8e openEuler \u90e8\u7f72 OpenStack \u7684\u65b9\u6cd5\uff0c\u4ee5\u6ee1\u8db3\u4e0d\u540c\u7684\u7528\u6237\u573a\u666f\uff0c\u8bf7\u6309\u9700\u9009\u62e9\u3002","title":"OpenStack Antelope \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#rpm","text":"","title":"\u57fa\u4e8eRPM\u90e8\u7f72"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#_1","text":"\u672c\u6587\u6863\u57fa\u4e8eOpenStack\u7ecf\u5178\u7684\u4e09\u8282\u70b9\u73af\u5883\u8fdb\u884c\u90e8\u7f72\uff0c\u4e09\u4e2a\u8282\u70b9\u5206\u522b\u662f\u63a7\u5236\u8282\u70b9(Controller)\u3001\u8ba1\u7b97\u8282\u70b9(Compute)\u3001\u5b58\u50a8\u8282\u70b9(Storage)\uff0c\u5176\u4e2d\u5b58\u50a8\u8282\u70b9\u4e00\u822c\u53ea\u90e8\u7f72\u5b58\u50a8\u670d\u52a1\uff0c\u5728\u8d44\u6e90\u6709\u9650\u7684\u60c5\u51b5\u4e0b\uff0c\u53ef\u4ee5\u4e0d\u5355\u72ec\u90e8\u7f72\u8be5\u8282\u70b9\uff0c\u628a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u670d\u52a1\u90e8\u7f72\u5230\u8ba1\u7b97\u8282\u70b9\u5373\u53ef\u3002 \u9996\u5148\u51c6\u5907\u4e09\u4e2aopenEuler 24.03 LTS\u73af\u5883\uff0c\u6839\u636e\u60a8\u7684\u73af\u5883\uff0c\u4e0b\u8f7d\u5bf9\u5e94\u7684\u955c\u50cf\u5e76\u5b89\u88c5\u5373\u53ef\uff1a ISO\u955c\u50cf \u3001 qcow2\u955c\u50cf \u3002 \u4e0b\u9762\u7684\u5b89\u88c5\u6309\u7167\u5982\u4e0b\u62d3\u6251\u8fdb\u884c\uff1a controller\uff1a192.168.0.2 compute\uff1a 192.168.0.3 storage\uff1a 192.168.0.4 \u5982\u679c\u60a8\u7684\u73af\u5883IP\u4e0d\u540c\uff0c\u8bf7\u6309\u7167\u60a8\u7684\u73af\u5883IP\u4fee\u6539\u76f8\u5e94\u7684\u914d\u7f6e\u6587\u4ef6\u3002 \u672c\u6587\u6863\u7684\u4e09\u8282\u70b9\u670d\u52a1\u62d3\u6251\u5982\u4e0b\u56fe\u6240\u793a(\u53ea\u5305\u542bKeystone\u3001Glance\u3001Nova\u3001Cinder\u3001Neutron\u8fd9\u51e0\u4e2a\u6838\u5fc3\u670d\u52a1\uff0c\u5176\u4ed6\u670d\u52a1\u8bf7\u53c2\u8003\u5177\u4f53\u90e8\u7f72\u7ae0\u8282)\uff1a \u5728\u6b63\u5f0f\u90e8\u7f72\u4e4b\u524d\uff0c\u9700\u8981\u5bf9\u6bcf\u4e2a\u8282\u70b9\u505a\u5982\u4e0b\u914d\u7f6e\u548c\u68c0\u67e5\uff1a \u914d\u7f6e openEuler 24.03 LTS \u5b98\u65b9 yum \u6e90\uff0c\u9700\u8981\u542f\u7528 EPOL \u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301 OpenStack yum update yum install openstack-release-antelope yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-24.03-LTS/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-24.03-LTS/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u6bcf\u4e2a\u8282\u70b9\u5206\u522b\u4fee\u6539\u4e3b\u673a\u540d\uff0c\u4ee5controller\u4e3a\u4f8b\uff1a hostnamectl set-hostname controller vi /etc/hostname \u5185\u5bb9\u4fee\u6539\u4e3acontroller \u7136\u540e\u4fee\u6539\u6bcf\u4e2a\u8282\u70b9\u7684 /etc/hosts \u6587\u4ef6\uff0c\u65b0\u589e\u5982\u4e0b\u5185\u5bb9: 192.168.0.2 controller 192.168.0.3 compute 192.168.0.4 storage","title":"\u73af\u5883\u51c6\u5907"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#_2","text":"\u96c6\u7fa4\u73af\u5883\u65f6\u523b\u8981\u6c42\u6bcf\u4e2a\u8282\u70b9\u7684\u65f6\u95f4\u4e00\u81f4\uff0c\u4e00\u822c\u7531\u65f6\u949f\u540c\u6b65\u8f6f\u4ef6\u4fdd\u8bc1\u3002\u672c\u6587\u4f7f\u7528 chrony \u8f6f\u4ef6\u3002\u6b65\u9aa4\u5982\u4e0b\uff1a Controller\u8282\u70b9 \uff1a \u5b89\u88c5\u670d\u52a1 dnf install chrony \u4fee\u6539 /etc/chrony.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u65b0\u589e\u4e00\u884c # \u8868\u793a\u5141\u8bb8\u54ea\u4e9bIP\u4ece\u672c\u8282\u70b9\u540c\u6b65\u65f6\u949f allow 192.168.0.0/24 \u91cd\u542f\u670d\u52a1 systemctl restart chronyd \u5176\u4ed6\u8282\u70b9 \u5b89\u88c5\u670d\u52a1 dnf install chrony \u4fee\u6539 /etc/chrony.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u65b0\u589e\u4e00\u884c # NTP_SERVER\u662fcontroller IP\uff0c\u8868\u793a\u4ece\u8fd9\u4e2a\u673a\u5668\u83b7\u53d6\u65f6\u95f4\uff0c\u8fd9\u91cc\u6211\u4eec\u586b192.168.0.2\uff0c\u6216\u8005\u5728`/etc/hosts`\u91cc\u914d\u7f6e\u597d\u7684controller\u540d\u5b57\u5373\u53ef\u3002 server NTP_SERVER iburst \u540c\u65f6\uff0c\u8981\u628a pool pool.ntp.org iburst \u8fd9\u4e00\u884c\u6ce8\u91ca\u6389\uff0c\u8868\u793a\u4e0d\u4ece\u516c\u7f51\u540c\u6b65\u65f6\u949f\u3002 \u91cd\u542f\u670d\u52a1 systemctl restart chronyd \u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u68c0\u67e5\u4e00\u4e0b\u7ed3\u679c\uff0c\u5728\u5176\u4ed6\u975econtroller\u8282\u70b9\u6267\u884c chronyc sources \uff0c\u8fd4\u56de\u7ed3\u679c\u7c7b\u4f3c\u5982\u4e0b\u5185\u5bb9\uff0c\u8868\u793a\u6210\u529f\u4ececontroller\u540c\u6b65\u65f6\u949f\u3002 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* 192.168.0.2 4 6 7 0 -1406ns[ +55us] +/- 16ms","title":"\u65f6\u949f\u540c\u6b65"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#_3","text":"\u6570\u636e\u5e93\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528mariadb\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install mysql-config mariadb mariadb-server python3-PyMySQL \u65b0\u589e\u914d\u7f6e\u6587\u4ef6 /etc/my.cnf.d/openstack.cnf \uff0c\u5185\u5bb9\u5982\u4e0b [mysqld] bind-address = 192.168.0.2 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u542f\u52a8\u670d\u52a1\u5668 systemctl start mariadb \u521d\u59cb\u5316\u6570\u636e\u5e93\uff0c\u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef mysql_secure_installation \u793a\u4f8b\u5982\u4e0b\uff1a NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and haven't set the root password yet, you should just press enter here. Enter current password for root (enter for none): #\u8fd9\u91cc\u8f93\u5165\u5bc6\u7801\uff0c\u7531\u4e8e\u6211\u4eec\u662f\u521d\u59cb\u5316DB\uff0c\u76f4\u63a5\u56de\u8f66\u5c31\u884c OK, successfully used password, moving on... Setting the root password or using the unix_socket ensures that nobody can log into the MariaDB root user without the proper authorisation. You already have your root account protected, so you can safely answer 'n'. # \u8fd9\u91cc\u6839\u636e\u63d0\u793a\u8f93\u5165N Switch to unix_socket authentication [Y/n] N Enabled successfully! Reloading privilege tables.. ... Success! You already have your root account protected, so you can safely answer 'n'. # \u8f93\u5165Y\uff0c\u4fee\u6539\u5bc6\u7801 Change the root password? [Y/n] Y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. # \u8f93\u5165Y\uff0c\u5220\u9664\u533f\u540d\u7528\u6237 Remove anonymous users? [Y/n] Y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. # \u8f93\u5165Y\uff0c\u5173\u95edroot\u8fdc\u7a0b\u767b\u5f55\u6743\u9650 Disallow root login remotely? [Y/n] Y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. # \u8f93\u5165Y\uff0c\u5220\u9664test\u6570\u636e\u5e93 Remove test database and access to it? [Y/n] Y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. # \u8f93\u5165Y\uff0c\u91cd\u8f7d\u914d\u7f6e Reload privilege tables now? [Y/n] Y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. \u9a8c\u8bc1\uff0c\u6839\u636e\u7b2c\u56db\u6b65\u8bbe\u7f6e\u7684\u5bc6\u7801\uff0c\u68c0\u67e5\u662f\u5426\u80fd\u767b\u5f55mariadb mysql -uroot -p","title":"\u5b89\u88c5\u6570\u636e\u5e93"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#_4","text":"\u6d88\u606f\u961f\u5217\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528rabbitmq\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install rabbitmq-server \u542f\u52a8\u670d\u52a1 systemctl start rabbitmq-server \u914d\u7f6eopenstack\u7528\u6237\uff0c RABBIT_PASS \u662fopenstack\u670d\u52a1\u767b\u5f55\u6d88\u606f\u961f\u91cc\u7684\u5bc6\u7801\uff0c\u9700\u8981\u548c\u540e\u9762\u5404\u4e2a\u670d\u52a1\u7684\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\u3002 rabbitmqctl add_user openstack RABBIT_PASS rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5\u6d88\u606f\u961f\u5217"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#_5","text":"\u6d88\u606f\u961f\u5217\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528Memcached\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install memcached python3-memcached \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u542f\u52a8\u670d\u52a1 systemctl start memcached","title":"\u5b89\u88c5\u7f13\u5b58\u670d\u52a1"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#_6","text":"","title":"\u90e8\u7f72\u670d\u52a1"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#keystone","text":"Keystone\u662fOpenStack\u63d0\u4f9b\u7684\u9274\u6743\u670d\u52a1\uff0c\u662f\u6574\u4e2aOpenStack\u7684\u5165\u53e3\uff0c\u63d0\u4f9b\u4e86\u79df\u6237\u9694\u79bb\u3001\u7528\u6237\u8ba4\u8bc1\u3001\u670d\u52a1\u53d1\u73b0\u7b49\u529f\u80fd\uff0c\u5fc5\u987b\u5b89\u88c5\u3002 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server \u6253\u5f00httpd.conf\u5e76\u914d\u7f6e #\u9700\u8981\u4fee\u6539\u7684\u914d\u7f6e\u6587\u4ef6\u8def\u5f84 vim /etc/httpd/conf/httpd.conf #\u4fee\u6539\u4ee5\u4e0b\u9879\uff0c\u5982\u679c\u6ca1\u6709\u5219\u65b0\u6dfb\u52a0 ServerName controller \u521b\u5efa\u8f6f\u94fe\u63a5 ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles \u9700\u8981\u5148\u5b89\u88c5python3-openstackclient dnf install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#glance","text":"Glance\u662fOpenStack\u63d0\u4f9b\u7684\u955c\u50cf\u670d\u52a1\uff0c\u8d1f\u8d23\u865a\u62df\u673a\u3001\u88f8\u673a\u955c\u50cf\u7684\u4e0a\u4f20\u4e0e\u4e0b\u8f7d\uff0c\u5fc5\u987b\u5b89\u88c5\u3002 Controller\u8282\u70b9 \uff1a \u521b\u5efa glance \u6570\u636e\u5e93\u5e76\u6388\u6743 mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521d\u59cb\u5316 glance \u8d44\u6e90\u5bf9\u8c61 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efa\u7528\u6237\u65f6\uff0c\u547d\u4ee4\u884c\u4f1a\u63d0\u793a\u8f93\u5165\u5bc6\u7801\uff0c\u8bf7\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u5bc6\u7801\uff0c\u4e0b\u6587\u6d89\u53ca\u5230 GLANCE_PASS \u7684\u5730\u65b9\u66ff\u6362\u6210\u8be5\u5bc6\u7801\u5373\u53ef\u3002 openstack user create --domain default --password-prompt glance User Password: Repeat User Password: \u6dfb\u52a0glance\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user glance admin \u521b\u5efaglance\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efaglance API\u670d\u52a1\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-glance \u4fee\u6539 glance \u914d\u7f6e\u6587\u4ef6 vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u5bfc\u5165\u73af\u5883\u53d8\u91cf sorce ~/.admin-openrcu \u4e0b\u8f7d\u955c\u50cf x86\u955c\u50cf\u4e0b\u8f7d\uff1a wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img arm\u955c\u50cf\u4e0b\u8f7d\uff1a wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-aarch64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#placement","text":"Placement\u662fOpenStack\u63d0\u4f9b\u7684\u8d44\u6e90\u8c03\u5ea6\u7ec4\u4ef6\uff0c\u4e00\u822c\u4e0d\u9762\u5411\u7528\u6237\uff0c\u7531Nova\u7b49\u7ec4\u4ef6\u8c03\u7528\uff0c\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\u3002 \u5b89\u88c5\u3001\u914d\u7f6ePlacement\u670d\u52a1\u524d\uff0c\u9700\u8981\u5148\u521b\u5efa\u76f8\u5e94\u7684\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548cAPI endpoints\u3002 \u521b\u5efa\u6570\u636e\u5e93 \u4f7f\u7528root\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\u670d\u52a1\uff1a mysql -u root -p \u521b\u5efaplacement\u6570\u636e\u5e93\uff1a MariaDB [(none)]> CREATE DATABASE placement; \u6388\u6743\u6570\u636e\u5e93\u8bbf\u95ee\uff1a MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; \u66ff\u6362 PLACEMENT_DBPASS \u4e3aplacement\u6570\u636e\u5e93\u8bbf\u95ee\u5bc6\u7801\u3002 \u9000\u51fa\u6570\u636e\u5e93\u8bbf\u95ee\u5ba2\u6237\u7aef\uff1a exit \u914d\u7f6e\u7528\u6237\u548cEndpoints source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u521b\u5efaplacement\u7528\u6237\u5e76\u8bbe\u7f6e\u7528\u6237\u5bc6\u7801\uff1a openstack user create --domain default --password-prompt placement User Password: Repeat User Password: \u6dfb\u52a0placement\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user placement admin \u521b\u5efaplacement\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name placement \\ --description \"Placement API\" placement \u521b\u5efaPlacement API\u670d\u52a1endpoints\uff1a openstack endpoint create --region RegionOne \\ placement public http://controller:8778 openstack endpoint create --region RegionOne \\ placement internal http://controller:8778 openstack endpoint create --region RegionOne \\ placement admin http://controller:8778 \u5b89\u88c5\u53ca\u914d\u7f6e\u7ec4\u4ef6 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a dnf install openstack-placement-api \u7f16\u8f91 /etc/placement/placement.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u5b8c\u6210\u5982\u4e0b\u64cd\u4f5c\uff1a \u5728 [placement_database] \u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1a [placement_database] connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement \u66ff\u6362 PLACEMENT_DBPASS \u4e3aplacement\u6570\u636e\u5e93\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u6570\u636e\u5e93\u540c\u6b65\uff0c\u586b\u5145Placement\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8\u670d\u52a1 \u91cd\u542fhttpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650 source ~/.admin-openrc \u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a placement-status upgrade check +----------------------------------------------------------------------+ | Upgrade Check Results | +----------------------------------------------------------------------+ | Check: Missing Root Provider IDs | | Result: Success | | Details: None | +----------------------------------------------------------------------+ | Check: Incomplete Consumers | | Result: Success | | Details: None | +----------------------------------------------------------------------+ | Check: Policy File JSON to YAML Migration | | Result: Failure | | Details: Your policy file is JSON-formatted which is deprecated. You | | need to switch to YAML-formatted file. Use the | | ``oslopolicy-convert-json-to-yaml`` tool to convert the | | existing JSON-formatted files to YAML in a backwards- | | compatible manner: https://docs.openstack.org/oslo.policy/ | | latest/cli/oslopolicy-convert-json-to-yaml.html. | +----------------------------------------------------------------------+ \u8fd9\u91cc\u53ef\u4ee5\u770b\u5230 Policy File JSON to YAML Migration \u7684\u7ed3\u679c\u4e3aFailure\u3002\u8fd9\u662f\u56e0\u4e3a\u5728Placement\u4e2d\uff0cJSON\u683c\u5f0f\u7684policy\u6587\u4ef6\u4eceWallaby\u7248\u672c\u5f00\u59cb\u5df2\u5904\u4e8e deprecated \u72b6\u6001\u3002\u53ef\u4ee5\u53c2\u8003\u63d0\u793a\uff0c\u4f7f\u7528 oslopolicy-convert-json-to-yaml \u5de5\u5177 \u5c06\u73b0\u6709\u7684JSON\u683c\u5f0fpolicy\u6587\u4ef6\u8f6c\u5316\u4e3aYAML\u683c\u5f0f\u3002 oslopolicy-convert-json-to-yaml --namespace placement \\ --policy-file /etc/placement/policy.json \\ --output-file /etc/placement/policy.yaml mv /etc/placement/policy.json{,.bak} \u6ce8\uff1a\u5f53\u524d\u73af\u5883\u4e2d\u6b64\u95ee\u9898\u53ef\u5ffd\u7565\uff0c\u4e0d\u5f71\u54cd\u8fd0\u884c\u3002 \u9488\u5bf9placement API\u8fd0\u884c\u547d\u4ee4\uff1a \u5b89\u88c5osc-placement\u63d2\u4ef6\uff1a dnf install python3-osc-placement \u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a openstack --os-placement-api-version 1.2 resource class list --sort-column name +----------------------------+ | name | +----------------------------+ | DISK_GB | | FPGA | | ... | openstack --os-placement-api-version 1.6 trait list --sort-column name +---------------------------------------+ | name | +---------------------------------------+ | COMPUTE_ACCELERATORS | | COMPUTE_ARCH_AARCH64 | | ... |","title":"Placement"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#nova","text":"Nova\u662fOpenStack\u7684\u8ba1\u7b97\u670d\u52a1\uff0c\u8d1f\u8d23\u865a\u62df\u673a\u7684\u521b\u5efa\u3001\u53d1\u653e\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u521b\u5efa\u6570\u636e\u5e93 \u4f7f\u7528root\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\u670d\u52a1\uff1a mysql -u root -p \u521b\u5efa nova_api \u3001 nova \u548c nova_cell0 \u6570\u636e\u5e93\uff1a MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; \u6388\u6743\u6570\u636e\u5e93\u8bbf\u95ee\uff1a MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; \u66ff\u6362 NOVA_DBPASS \u4e3anova\u76f8\u5173\u6570\u636e\u5e93\u8bbf\u95ee\u5bc6\u7801\u3002 \u9000\u51fa\u6570\u636e\u5e93\u8bbf\u95ee\u5ba2\u6237\u7aef\uff1a exit \u914d\u7f6e\u7528\u6237\u548cEndpoints source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u521b\u5efanova\u7528\u6237\u5e76\u8bbe\u7f6e\u7528\u6237\u5bc6\u7801\uff1a openstack user create --domain default --password-prompt nova User Password: Repeat User Password: \u6dfb\u52a0nova\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user nova admin \u521b\u5efanova\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name nova \\ --description \"OpenStack Compute\" compute \u521b\u5efaNova API\u670d\u52a1endpoints\uff1a openstack endpoint create --region RegionOne \\ compute public http://controller:8774/v2.1 openstack endpoint create --region RegionOne \\ compute internal http://controller:8774/v2.1 openstack endpoint create --region RegionOne \\ compute admin http://controller:8774/v2.1 \u5b89\u88c5\u53ca\u914d\u7f6e\u7ec4\u4ef6 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a dnf install openstack-nova-api openstack-nova-conductor \\ openstack-nova-novncproxy openstack-nova-scheduler \u7f16\u8f91 /etc/nova/nova.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u5b8c\u6210\u5982\u4e0b\u64cd\u4f5c\uff1a \u5728 [default] \u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u4f7f\u7528controller\u8282\u70b9\u7ba1\u7406IP\u914d\u7f6emy_ip\uff0c\u663e\u5f0f\u5b9a\u4e49log_dir\uff1a [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 192.168.0.2 log_dir = /var/log/nova state_path = /var/lib/nova \u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002 \u5728 [api_database] \u548c [database] \u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1a [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova \u66ff\u6362 NOVA_DBPASS \u4e3anova\u76f8\u5173\u6570\u636e\u5e93\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u5728 [vnc] \u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1a [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip \u5728 [glance] \u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1a [glance] api_servers = http://controller:9292 \u5728 [oslo_concurrency] \u90e8\u5206\uff0c\u914d\u7f6elock path\uff1a [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\uff1a [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u6570\u636e\u5e93\u540c\u6b65\uff1a \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova \u542f\u52a8\u670d\u52a1 systemctl enable \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service Compute\u8282\u70b9 \u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-nova-compute \u7f16\u8f91 /etc/nova/nova.conf \u914d\u7f6e\u6587\u4ef6 \u5728 [default] \u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u4f7f\u7528Compute\u8282\u70b9\u7ba1\u7406IP\u914d\u7f6emy_ip\uff0c\u663e\u5f0f\u5b9a\u4e49compute_driver\u3001instances_path\u3001log_dir\uff1a [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 192.168.0.3 compute_driver = libvirt.LibvirtDriver instances_path = /var/lib/nova/instances log_dir = /var/log/nova \u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u5728 [vnc] \u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1a [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html \u5728 [glance] \u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1a [glance] api_servers = http://controller:9292 \u5728 [oslo_concurrency] \u90e8\u5206\uff0c\u914d\u7f6elock path\uff1a [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\uff1a [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86_64\uff09 \u5904\u7406\u5668\u4e3ax86_64\u67b6\u6784\u65f6\uff0c\u53ef\u901a\u8fc7\u8fd0\u884c\u5982\u4e0b\u547d\u4ee4\u786e\u8ba4\u662f\u5426\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662f\u9ed8\u8ba4\u7684KVM\u3002\u7f16\u8f91 /etc/nova/nova.conf \u7684 [libvirt] \u90e8\u5206\uff1a [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e\u3002 \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08arm64\uff09 \u5904\u7406\u5668\u4e3aarm64\u67b6\u6784\u65f6\uff0c\u53ef\u901a\u8fc7\u8fd0\u884c\u5982\u4e0b\u547d\u4ee4\u786e\u8ba4\u662f\u5426\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff1a virt-host-validate # \u8be5\u547d\u4ee4\u7531libvirt\u63d0\u4f9b\uff0c\u6b64\u65f6libvirt\u5e94\u5df2\u4f5c\u4e3aopenstack-nova-compute\u4f9d\u8d56\u88ab\u5b89\u88c5\uff0c\u73af\u5883\u4e2d\u5df2\u6709\u6b64\u547d\u4ee4 \u663e\u793aFAIL\u65f6\uff0c\u8868\u793a\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662f\u9ed8\u8ba4\u7684KVM\u3002 QEMU: Checking if device /dev/kvm exists: FAIL (Check that CPU and firmware supports virtualization and kvm module is loaded) \u7f16\u8f91 /etc/nova/nova.conf \u7684 [libvirt] \u90e8\u5206\uff1a [libvirt] virt_type = qemu \u663e\u793aPASS\u65f6\uff0c\u8868\u793a\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e\u3002 QEMU: Checking if device /dev/kvm exists: PASS \u914d\u7f6eqemu\uff08\u4ec5arm64\uff09 \u4ec5\u5f53\u5904\u7406\u5668\u4e3aarm64\u67b6\u6784\u65f6\u9700\u8981\u6267\u884c\u6b64\u64cd\u4f5c\u3002 \u7f16\u8f91 /etc/libvirt/qemu.conf : nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u7f16\u8f91 /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } \u542f\u52a8\u670d\u52a1 systemctl enable libvirtd.service openstack-nova-compute.service systemctl start libvirtd.service openstack-nova-compute.service Controller\u8282\u70b9 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u786e\u8ba4nova-compute\u670d\u52a1\u5df2\u8bc6\u522b\u5230\u6570\u636e\u5e93\u4e2d\uff1a openstack compute service list --service nova-compute \u53d1\u73b0\u8ba1\u7b97\u8282\u70b9\uff0c\u5c06\u8ba1\u7b97\u8282\u70b9\u6dfb\u52a0\u5230cell\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova \u7ed3\u679c\u5982\u4e0b\uff1a Modules with known eventlet monkey patching issues were imported prior to eventlet monkey patching: urllib3. This warning can usually be ignored if the caller is only importing and not executing nova code. Found 2 cell mappings. Skipping cell0 since it does not contain hosts. Getting computes from cell 'cell1': 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2 Checking host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e Creating host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e Found 1 unmapped computes in cell: 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2 \u9a8c\u8bc1 \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check","title":"Nova"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#neutron","text":"Neutron\u662fOpenStack\u7684\u7f51\u7edc\u670d\u52a1\uff0c\u63d0\u4f9b\u865a\u62df\u4ea4\u6362\u673a\u3001IP\u8def\u7531\u3001DHCP\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u670d\u52a1\u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u7528\u6237\u548c\u670d\u52a1\uff0c\u5e76\u8bb0\u4f4f\u521b\u5efaneutron\u7528\u6237\u65f6\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6eNEUTRON_PASS\uff1a source ~/.admin-openrc openstack user create --domain default --password-prompt neutron openstack role add --project service --user neutron admin openstack service create --name neutron --description \"OpenStack Networking\" network \u90e8\u7f72 Neutron API \u670d\u52a1\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 openstack endpoint create --region RegionOne network internal http://controller:9696 openstack endpoint create --region RegionOne network admin http://controller:9696 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install -y openstack-neutron openstack-neutron-linuxbridge ebtables ipset openstack-neutron-ml2 3. \u914d\u7f6eNeutron \u4fee\u6539/etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron [DEFAULT] core_plugin = ml2 service_plugins = router allow_overlapping_ips = true transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = nova password = NOVA_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp [experimental] linuxbridge = true \u914d\u7f6eML2\uff0cML2\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge** \u4fee\u6539/etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u4fee\u6539/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u914d\u7f6eLayer-3\u4ee3\u7406 \u4fee\u6539/etc/neutron/l3_agent.ini [DEFAULT] interface_driver = linuxbridge \u914d\u7f6eDHCP\u4ee3\u7406 \u4fee\u6539/etc/neutron/dhcp_agent.ini [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u914d\u7f6emetadata\u4ee3\u7406 \u4fee\u6539/etc/neutron/metadata_agent.ini [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u914d\u7f6enova\u670d\u52a1\u4f7f\u7528neutron\uff0c\u4fee\u6539/etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542fnova api\u670d\u52a1 systemctl restart openstack-nova-api \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service systemctl start neutron-server.service neutron-linuxbridge-agent.service \\ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service Compute\u8282\u70b9 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-neutron-linuxbridge ebtables ipset -y \u914d\u7f6eNeutron \u4fee\u6539/etc/neutron/neutron.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u4fee\u6539/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u914d\u7f6enova compute\u670d\u52a1\u4f7f\u7528neutron\uff0c\u4fee\u6539/etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS \u91cd\u542fnova-compute\u670d\u52a1 systemctl restart openstack-nova-compute.service \u542f\u52a8Neutron linuxbridge agent\u670d\u52a1 systemctl enable neutron-linuxbridge-agent systemctl start neutron-linuxbridge-agent","title":"Neutron"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#cinder","text":"Cinder\u662fOpenStack\u7684\u5b58\u50a8\u670d\u52a1\uff0c\u63d0\u4f9b\u5757\u8bbe\u5907\u7684\u521b\u5efa\u3001\u53d1\u653e\u3001\u5907\u4efd\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \uff1a \u521d\u59cb\u5316\u6570\u636e\u5e93 CINDER_DBPASS \u662f\u7528\u6237\u81ea\u5b9a\u4e49\u7684cinder\u6570\u636e\u5e93\u5bc6\u7801\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u521d\u59cb\u5316Keystone\u8d44\u6e90\u5bf9\u8c61 source ~/.admin-openrc #\u521b\u5efa\u7528\u6237\u65f6\uff0c\u547d\u4ee4\u884c\u4f1a\u63d0\u793a\u8f93\u5165\u5bc6\u7801\uff0c\u8bf7\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u5bc6\u7801\uff0c\u4e0b\u6587\u6d89\u53ca\u5230`CINDER_PASS`\u7684\u5730\u65b9\u66ff\u6362\u6210\u8be5\u5bc6\u7801\u5373\u53ef\u3002 openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s 3. \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-cinder-api openstack-cinder-scheduler \u4fee\u6539cinder\u914d\u7f6e\u6587\u4ef6 /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 192.168.0.2 [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp \u6570\u636e\u5e93\u540c\u6b65 su -s /bin/sh -c \"cinder-manage db sync\" cinder \u4fee\u6539nova\u914d\u7f6e /etc/nova/nova.conf [cinder] os_region_name = RegionOne \u542f\u52a8\u670d\u52a1 systemctl restart openstack-nova-api systemctl start openstack-cinder-api openstack-cinder-scheduler Storage\u8282\u70b9 \uff1a Storage\u8282\u70b9\u8981\u63d0\u524d\u51c6\u5907\u81f3\u5c11\u4e00\u5757\u786c\u76d8\uff0c\u4f5c\u4e3acinder\u7684\u5b58\u50a8\u540e\u7aef\uff0c\u4e0b\u6587\u9ed8\u8ba4storage\u8282\u70b9\u5df2\u7ecf\u5b58\u5728\u4e00\u5757\u672a\u4f7f\u7528\u7684\u786c\u76d8\uff0c\u8bbe\u5907\u540d\u79f0\u4e3a /dev/sdb \uff0c\u7528\u6237\u5728\u914d\u7f6e\u8fc7\u7a0b\u4e2d\uff0c\u8bf7\u6309\u7167\u771f\u5b9e\u73af\u5883\u4fe1\u606f\u8fdb\u884c\u540d\u79f0\u66ff\u6362\u3002 Cinder\u652f\u6301\u5f88\u591a\u7c7b\u578b\u7684\u540e\u7aef\u5b58\u50a8\uff0c\u672c\u6307\u5bfc\u4f7f\u7528\u6700\u7b80\u5355\u7684lvm\u4e3a\u53c2\u8003\uff0c\u5982\u679c\u60a8\u60f3\u4f7f\u7528\u5982ceph\u7b49\u5176\u4ed6\u540e\u7aef\uff0c\u8bf7\u81ea\u884c\u914d\u7f6e\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils openstack-cinder-volume openstack-cinder-backup \u914d\u7f6elvm\u5377\u7ec4 pvcreate /dev/sdb vgcreate cinder-volumes /dev/sdb \u4fee\u6539cinder\u914d\u7f6e /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 192.168.0.4 enabled_backends = lvm glance_api_servers = http://controller:9292 [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = cinder password = CINDER_PASS [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver volume_group = cinder-volumes target_protocol = iscsi target_helper = lioadm [oslo_concurrency] lock_path = /var/lib/cinder/tmp \u914d\u7f6ecinder backup \uff08\u53ef\u9009\uff09 cinder-backup\u662f\u53ef\u9009\u7684\u5907\u4efd\u670d\u52a1\uff0ccinder\u540c\u6837\u652f\u6301\u5f88\u591a\u79cd\u5907\u4efd\u540e\u7aef\uff0c\u672c\u6587\u4f7f\u7528swift\u5b58\u50a8\uff0c\u5982\u679c\u60a8\u60f3\u4f7f\u7528\u5982NFS\u7b49\u540e\u7aef\uff0c\u8bf7\u81ea\u884c\u914d\u7f6e\uff0c\u4f8b\u5982\u53ef\u4ee5\u53c2\u8003 OpenStack\u5b98\u65b9\u6587\u6863 \u5bf9NFS\u7684\u914d\u7f6e\u8bf4\u660e\u3002 \u4fee\u6539 /etc/cinder/cinder.conf \uff0c\u5728 [DEFAULT] \u4e2d\u65b0\u589e [DEFAULT] backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver backup_swift_url = SWIFT_URL \u8fd9\u91cc\u7684 SWIFT_URL \u662f\u6307\u73af\u5883\u4e2dswift\u670d\u52a1\u7684URL\uff0c\u5728\u90e8\u7f72\u5b8cswift\u670d\u52a1\u540e\uff0c\u6267\u884c openstack catalog show object-store \u547d\u4ee4\u83b7\u53d6\u3002 \u542f\u52a8\u670d\u52a1 systemctl start openstack-cinder-volume target systemctl start openstack-cinder-backup (\u53ef\u9009) \u81f3\u6b64\uff0cCinder\u670d\u52a1\u7684\u90e8\u7f72\u5df2\u5168\u90e8\u5b8c\u6210\uff0c\u53ef\u4ee5\u5728controller\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u8fdb\u884c\u7b80\u5355\u7684\u9a8c\u8bc1 source ~/.admin-openrc openstack storage service list openstack volume list","title":"Cinder"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#horizon","text":"Horizon\u662fOpenStack\u63d0\u4f9b\u7684\u524d\u7aef\u9875\u9762\uff0c\u53ef\u4ee5\u8ba9\u7528\u6237\u901a\u8fc7\u7f51\u9875\u9f20\u6807\u7684\u64cd\u4f5c\u6765\u63a7\u5236OpenStack\u96c6\u7fa4\uff0c\u800c\u4e0d\u7528\u7e41\u7410\u7684CLI\u547d\u4ee4\u884c\u3002Horizon\u4e00\u822c\u90e8\u7f72\u5728\u63a7\u5236\u8282\u70b9\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-dashboard \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] OPENSTACK_KEYSTONE_URL = \"http://controller:5000/v3\" SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f\u670d\u52a1 systemctl restart httpd \u81f3\u6b64\uff0chorizon\u670d\u52a1\u7684\u90e8\u7f72\u5df2\u5168\u90e8\u5b8c\u6210\uff0c\u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165 http://192.168.0.2/dashboard \uff0c\u6253\u5f00horizon\u767b\u5f55\u9875\u9762\u3002","title":"Horizon"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASS'; MariaDB [(none)]> exit Bye \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 \u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 \u66ff\u6362 IRONIC_PASS \u4e3aironic\u7528\u6237\u5bc6\u7801\uff0c IRONIC_INSPECTOR_PASS \u4e3aironic_inspector\u7528\u6237\u5bc6\u7801\u3002 openstack user create --password IRONIC_PASS \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASS --email ironic_inspector@example.com ironic-inspector openstack role add --project service --user ironic-inspector admin \u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal public http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal internal http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://192.168.0.2:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://192.168.0.2:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://192.168.0.2:5050/v1 \u5b89\u88c5\u7ec4\u4ef6 dnf install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf \u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASS \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQ LAlchemy connection string used to connect to the # database (string value) # connection = mysql+pymysql://ironic:IRONIC_DBPASS@DB_IP/ironic connection = mysql+pymysql://ironic:IRONIC_DBPASS@controller/ironic \u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) # transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq \u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASS \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s % (user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) # www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 www_authenticate_uri=http://controller:5000 # Complete admin Identity API endpoint. (string value) # auth_url=http://PRIVATE_IDENTITY_IP:5000 auth_url=http://controller:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASS # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none \u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema \u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 \u5982\u4e0b\u4e3aironic-conductor\u670d\u52a1\u81ea\u8eab\u7684\u6807\u51c6\u914d\u7f6e\uff0cironic-conductor\u670d\u52a1\u53ef\u4ee5\u4e0eironic-api\u670d\u52a1\u5206\u5e03\u4e8e\u4e0d\u540c\u8282\u70b9\uff0c\u672c\u6307\u5357\u4e2d\u5747\u90e8\u7f72\u4e0e\u63a7\u5236\u8282\u70b9\uff0c\u6240\u4ee5\u91cd\u590d\u7684\u914d\u7f6e\u9879\u53ef\u8df3\u8fc7\u3002 \u66ff\u6362\u4f7f\u7528conductor\u670d\u52a1\u6240\u5728host\u7684IP\u914d\u7f6emy_ip\uff1a [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) # my_ip=HOST_IP my_ip = 192.168.0.2 \u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASS \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASS@controller/ironic \u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq \u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c \u66ff\u6362IRONIC_PASS\u4e3aironic\u7528\u6237\u5bc6\u7801\u3002 [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASS # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public # \u5176\u4ed6\u53c2\u8003\u914d\u7f6e [glance] endpoint_override = http://controller:9292 www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 auth_type = password username = ironic password = IRONIC_PASS project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service [service_catalog] region_name = RegionOne project_domain_id = default user_domain_id = default project_name = service password = IRONIC_PASS username = ironic auth_url = http://controller:5000 auth_type = password \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] endpoint_override = <NEUTRON_API_ADDRESS> \u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 \u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u5b89\u88c5\u7ec4\u4ef6 dnf install openstack-ironic-inspector \u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASS'; MariaDB [(none)]> exit Bye \u914d\u7f6e /etc/ironic-inspector/inspector.conf \u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASS \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801 [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASS@controller/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 \u914d\u7f6e\u6d88\u606f\u961f\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s % (user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://controller:5000 www_authenticate_uri = http://controller:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = controller:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True \u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=192.168.0.40,192.168.0.50 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log \u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c \u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade \u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 dnf install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd deploy ramdisk\u955c\u50cf\u4e0b\u8f7d\u6216\u5236\u4f5c \u90e8\u7f72\u4e00\u4e2a\u88f8\u673a\u8282\u70b9\u603b\u5171\u9700\u8981\u4e24\u7ec4\u955c\u50cf\uff1adeploy ramdisk images\u548cuser images\u3002Deploy ramdisk images\u4e0a\u8fd0\u884c\u6709ironic-python-agent(IPA)\u670d\u52a1\uff0cIronic\u901a\u8fc7\u5b83\u8fdb\u884c\u88f8\u673a\u8282\u70b9\u7684\u73af\u5883\u51c6\u5907\u3002User images\u662f\u6700\u7ec8\u88ab\u5b89\u88c5\u88f8\u673a\u8282\u70b9\u4e0a\uff0c\u4f9b\u7528\u6237\u4f7f\u7528\u7684\u955c\u50cf\u3002 ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent-builder\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002\u82e5\u4f7f\u7528\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \uff0c\u540c\u65f6\u5b98\u65b9\u4e5f\u6709\u63d0\u4f9b\u5236\u4f5c\u597d\u7684deploy\u955c\u50cf\uff0c\u53ef\u5c1d\u8bd5\u4e0b\u8f7d\u3002 \u4e0b\u6587\u4ecb\u7ecd\u901a\u8fc7ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder dnf install python3-ironic-python-agent-builder \u6216 pip3 install ironic-python-agent-builder dnf install qemu-img git \u5236\u4f5c\u955c\u50cf \u57fa\u672c\u7528\u6cd5\uff1a usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--lzma] [--extra-args EXTRA_ARGS] [--elements-path ELEMENTS_PATH] distribution positional arguments: distribution Distribution to use options: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic-python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --lzma Use lzma compression for smaller images --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder --elements-path ELEMENTS_PATH Path(s) to custom DIB elements separated by a colon \u64cd\u4f5c\u5b9e\u4f8b\uff1a # -o\u9009\u9879\u6307\u5b9a\u751f\u6210\u7684\u955c\u50cf\u540d # ubuntu\u6307\u5b9a\u751f\u6210ubuntu\u7cfb\u7edf\u7684\u955c\u50cf ironic-python-agent-builder -o my-ubuntu-ipa ubuntu \u53ef\u901a\u8fc7\u8bbe\u7f6e ARCH \u73af\u5883\u53d8\u91cf\uff08\u9ed8\u8ba4\u4e3aamd64\uff09\u6307\u5b9a\u6240\u6784\u5efa\u955c\u50cf\u7684\u67b6\u6784\u3002\u5982\u679c\u662f arm \u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a export ARCH=aarch64 \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf,\u8bbe\u7f6e\u7528\u6237\u540d\u3001\u5bc6\u7801\uff0c\u542f\u7528 sodo \u6743\u9650\uff1b\u5e76\u6dfb\u52a0 -e \u9009\u9879\u4f7f\u7528\u76f8\u5e94\u7684DIB\u5143\u7d20\u3002\u5236\u4f5c\u955c\u50cf\u64cd\u4f5c\u5982\u4e0b\uff1a export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder -o my-ssh-ubuntu-ipa -e selinux-permissive -e devuser ubuntu \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=stable/2023.1 # \u6307\u5b9a\u672c\u5730\u4ed3\u5e93\u53ca\u5206\u652f DIB_REPOLOCATION_ironic_python_agent=/home/user/path/to/repo DIB_REPOREF_ironic_python_agent=my-test-branch ironic-python-agent-builder ubuntu \u53c2\u8003\uff1a source-repositories \u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\u3002 \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a \u5f53\u524d\u7248\u672c\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ ramdisk\u955c\u50cf\u4e2d\u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 \u7f16\u8f91/usr/lib/systemd/system/ironic-python-agent.service\u6587\u4ef6 [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target","title":"Ironic"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2atrove\u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684trove\u6570\u636e\u5e93\uff0c\u66ff\u6362TROVE_DBPASS\u4e3a\u5408\u9002\u7684\u5bc6\u7801\u3002 CREATE DATABASE trove CHARACTER SET utf8; GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' IDENTIFIED BY 'TROVE_DBPASS'; GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' IDENTIFIED BY 'TROVE_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 # \u521b\u5efatrove\u7528\u6237 openstack user create --domain default --password-prompt trove # \u6dfb\u52a0admin\u89d2\u8272 openstack role add --project service --user trove admin # \u521b\u5efadatabase\u670d\u52a1 openstack service create --name trove --description \"Database service\" database \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5Trove\u3002 dnf install openstack-trove python-troveclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 \u7f16\u8f91/etc/trove/trove.conf\u3002 [DEFAULT] bind_host=192.168.0.2 log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver network_label_regex=.* management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] auth_url = http://controller:5000/v3/ auth_type = password project_domain_name = Default project_name = service user_domain_name = Default password = trove username = TROVE_PASS [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = trove password = TROVE_PASS [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u63a7\u5236\u8282\u70b9\u7684IP\u3002\\ transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801\u3002\\ [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f\u3002\\ Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801\u3002 \u7f16\u8f91/etc/trove/trove-guestagent.conf\u3002 [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df\u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a\u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002\\ transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801\u3002\\ Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801\u3002\\ \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 \u6570\u636e\u5e93\u540c\u6b65\u3002 su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-trove-api.service openstack-trove-taskmanager.service \\ openstack-trove-conductor.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#swift","text":"Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 Controller\u8282\u70b9 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 # \u521b\u5efaswift\u7528\u6237 openstack user create --domain default --password-prompt swift # \u6dfb\u52a0admin\u89d2\u8272 openstack role add --project service --user swift admin # \u521b\u5efa\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5Swift\u3002 dnf install openstack-swift-proxy python3-swiftclient python3-keystoneclient \\ python3-keystonemiddleware memcached \u914d\u7f6eproxy-server\u3002 Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cSWIFT_PASS\u5373\u53ef\u3002 vim /etc/swift/proxy-server.conf [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = swift password = SWIFT_PASS delay_auth_decision = True service_token_roles_required = True Storage\u8282\u70b9 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305\u3002 dnf install openstack-swift-account openstack-swift-container openstack-swift-object dnf install xfsprogs rsync \u5c06\u8bbe\u5907/dev/sdb\u548c/dev/sdc\u683c\u5f0f\u5316\u4e3aXFS\u3002 mkfs.xfs /dev/sdb mkfs.xfs /dev/sdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u3002 mkdir -p /srv/node/sdb mkdir -p /srv/node/sdc \u627e\u5230\u65b0\u5206\u533a\u7684UUID\u3002 blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d\u3002 UUID=\"<UUID-from-output-above>\" /srv/node/sdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/sdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\u3002 mount /srv/node/sdb mount /srv/node/sdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e\u3002 \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u914d\u7f6e\u5b58\u50a8\u8282\u70b9\u3002 \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 [DEFAULT] bind_ip = 192.168.0.4 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743\u3002 chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\u3002 mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift Controller\u8282\u70b9\u521b\u5efa\u5e76\u5206\u53d1\u73af \u521b\u5efa\u8d26\u53f7\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840 account.builder \u6587\u4ef6\u3002 swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder account.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS \\ --port 6202 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u8d26\u53f7\u73af\u5185\u5bb9\u3002 swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u8d26\u53f7\u73af\u3002 swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\u3002 swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder container.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u5bb9\u5668\u73af\u5185\u5bb9\u3002 swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u5bb9\u5668\u73af\u3002 swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\u3002 swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder object.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS \\ --port 6200 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u5bf9\u8c61\u73af\u5185\u5bb9\u3002 swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u5bf9\u8c61\u73af\u3002 swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\u3002 \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/swift/swift.conf\u3002 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\u3002 chown -R root:swift /etc/swift \u5b8c\u6210\u5b89\u88c5 \u5728\u63a7\u5236\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\u3002 systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\u3002 systemctl enable openstack-swift-account.service \\ openstack-swift-account-auditor.service \\ openstack-swift-account-reaper.service \\ openstack-swift-account-replicator.service \\ openstack-swift-container.service \\ openstack-swift-container-auditor.service \\ openstack-swift-container-replicator.service \\ openstack-swift-container-updater.service \\ openstack-swift-object.service \\ openstack-swift-object-auditor.service \\ openstack-swift-object-replicator.service \\ openstack-swift-object-updater.service systemctl start openstack-swift-account.service \\ openstack-swift-account-auditor.service \\ openstack-swift-account-reaper.service \\ openstack-swift-account-replicator.service \\ openstack-swift-container.service \\ openstack-swift-container-auditor.service \\ openstack-swift-container-replicator.service \\ openstack-swift-container-updater.service \\ openstack-swift-object.service \\ openstack-swift-object-auditor.service \\ openstack-swift-object-replicator.service \\ openstack-swift-object-updater.service","title":"Swift"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#cyborg","text":"Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 Controller\u8282\u70b9 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 mysql -u root -p MariaDB [(none)]> CREATE DATABASE cyborg; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u7528\u6237\u548c\u670d\u52a1\uff0c\u5e76\u8bb0\u4f4f\u521b\u5efacybory\u7528\u6237\u65f6\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6eCYBORG_PASS source ~/.admin-openrc openstack user create --domain default --password-prompt cyborg openstack role add --project service --user cyborg admin openstack service create --name cyborg --description \"Acceleration Service\" accelerator \u4f7f\u7528uwsgi\u90e8\u7f72Cyborg api\u670d\u52a1 openstack endpoint create --region RegionOne accelerator public http://controller/accelerator/v2 openstack endpoint create --region RegionOne accelerator internal http://controller/accelerator/v2 openstack endpoint create --region RegionOne accelerator admin http://controller/accelerator/v2 \u5b89\u88c5Cyborg dnf install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [api] host_ip = 0.0.0.0 [database] connection = mysql+pymysql://cyborg:CYBORG_DBPASS@controller/cyborg [service_catalog] cafile = /opt/stack/data/ca-bundle.pem project_domain_id = default user_domain_id = default project_name = service password = CYBORG_PASS username = cyborg auth_url = http://controller:5000/v3/ auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = password username = PLACEMENT_PASS auth_url = http://controller:5000/v3/ auth_type = password auth_section = keystone_authtoken [nova] project_domain_name = Default project_name = service user_domain_name = Default password = NOVA_PASS username = nova auth_url = http://controller:5000/v3/ auth_type = password auth_section = keystone_authtoken [keystone_authtoken] memcached_servers = localhost:11211 signing_dir = /var/cache/cyborg/api cafile = /opt/stack/data/ca-bundle.pem project_domain_name = Default project_name = service user_domain_name = Default password = CYBORG_PASS username = cyborg auth_url = http://controller:5000/v3/ auth_type = password \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent","title":"Cyborg"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#aodh","text":"Aodh\u53ef\u4ee5\u6839\u636e\u7531Ceilometer\u6216\u8005Gnocchi\u6536\u96c6\u7684\u76d1\u63a7\u6570\u636e\u521b\u5efa\u544a\u8b66\uff0c\u5e76\u8bbe\u7f6e\u89e6\u53d1\u89c4\u5219\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh\u3002 dnf install openstack-aodh-api openstack-aodh-evaluator \\ openstack-aodh-notifier openstack-aodh-listener \\ openstack-aodh-expirer python3-aodhclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/aodh/aodh.conf [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u540c\u6b65\u6570\u636e\u5e93\u3002 aodh-dbsync \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service \\ openstack-aodh-notifier.service openstack-aodh-listener.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service \\ openstack-aodh-notifier.service openstack-aodh-listener.service","title":"Aodh"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#gnocchi","text":"Gnocchi\u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u65f6\u95f4\u5e8f\u5217\u6570\u636e\u5e93\uff0c\u53ef\u4ee5\u5bf9\u63a5Ceilometer\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi\u3002 dnf install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. # coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u540c\u6b65\u6570\u636e\u5e93\u3002 gnocchi-upgrade \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service","title":"Gnocchi"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#ceilometer","text":"Ceilometer\u662fOpenStack\u4e2d\u8d1f\u8d23\u6570\u636e\u6536\u96c6\u7684\u670d\u52a1\u3002 Controller\u8282\u70b9 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer\u8f6f\u4ef6\u5305\u3002 dnf install openstack-ceilometer-notification openstack-ceilometer-central \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/pipeline.yaml\u3002 publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/ceilometer.conf\u3002 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u6570\u636e\u5e93\u540c\u6b65\u3002 ceilometer-upgrade \u5b8c\u6210\u63a7\u5236\u8282\u70b9Ceilometer\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Compute\u8282\u70b9 \u5b89\u88c5Ceilometer\u8f6f\u4ef6\u5305\u3002 dnf install openstack-ceilometer-compute dnf install openstack-ceilometer-ipmi # \u53ef\u9009 \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/ceilometer.conf\u3002 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_url = http://controller:5000 project_domain_id = default user_domain_id = default auth_type = password username = ceilometer project_name = service password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/nova/nova.conf\u3002 [DEFAULT] instance_usage_audit = True instance_usage_audit_period = hour [notifications] notify_on_state_change = vm_and_task_state [oslo_messaging_notifications] driver = messagingv2 \u5b8c\u6210\u5b89\u88c5\u3002 systemctl enable openstack-ceilometer-compute.service systemctl start openstack-ceilometer-compute.service systemctl enable openstack-ceilometer-ipmi.service # \u53ef\u9009 systemctl start openstack-ceilometer-ipmi.service # \u53ef\u9009 # \u91cd\u542fnova-compute\u670d\u52a1 systemctl restart openstack-nova-compute.service","title":"Ceilometer"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#heat","text":"Heat\u662f OpenStack \u81ea\u52a8\u7f16\u6392\u670d\u52a1\uff0c\u57fa\u4e8e\u63cf\u8ff0\u6027\u7684\u6a21\u677f\u6765\u7f16\u6392\u590d\u5408\u4e91\u5e94\u7528\uff0c\u4e5f\u79f0\u4e3a Orchestration Service \u3002Heat \u7684\u5404\u670d\u52a1\u4e00\u822c\u5b89\u88c5\u5728 Controller \u8282\u70b9\u4e0a\u3002 Controller\u8282\u70b9 \u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE heat; MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 source ~/.admin-openrc openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f \u521b\u5efa heat domain openstack domain create --description \"Stack projects and users\" heat \u5728 heat domain\u4e0b\u521b\u5efa heat_domain_admin \u7528\u6237\uff0c\u5e76\u8bb0\u4e0b\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6e\u4e0b\u9762\u7684 HEAT_DOMAIN_PASS openstack user create --domain heat --password-prompt heat_domain_admin \u4e3a heat_domain_admin \u7528\u6237\u589e\u52a0 admin \u89d2\u8272 openstack role add --domain heat --user-domain heat --user heat_domain_admin admin \u521b\u5efa heat_stack_owner \u89d2\u8272 openstack role create heat_stack_owner \u521b\u5efa heat_stack_user \u89d2\u8272 openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service","title":"Heat"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 Controller\u8282\u70b9 \uff1a \u5b89\u88c5Tempest dnf install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Antelope\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a dnf install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin","title":"Tempest"},{"location":"install/openEuler-24.03-LTS/OpenStack-antelope/#openstack-sigoos","text":"oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 oos\u5de5\u5177\u5728\u4e0d\u65ad\u6f14\u8fdb\uff0c\u517c\u5bb9\u6027\u3001\u53ef\u7528\u6027\u4e0d\u80fd\u65f6\u523b\u4fdd\u8bc1\uff0c\u5efa\u8bae\u4f7f\u7528\u5df2\u9a8c\u8bc1\u7684\u672c\u7248\uff0c\u8fd9\u91cc\u9009\u62e9 1.3.1 pip install openstack-sig-tool==1.3.1 \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff0cAK/SK\u662f\u7528\u6237\u7684\u534e\u4e3a\u4e91\u767b\u5f55\u5bc6\u94a5\uff0c\u5176\u4ed6\u914d\u7f6e\u4fdd\u6301\u9ed8\u8ba4\u5373\u53ef\uff08\u9ed8\u8ba4\u4f7f\u7528\u65b0\u52a0\u5761region\uff09\uff0c\u9700\u8981\u63d0\u524d\u5728\u4e91\u4e0a\u521b\u5efa\u5bf9\u5e94\u7684\u8d44\u6e90\uff0c\u5305\u62ec\uff1a \u4e00\u4e2a\u5b89\u5168\u7ec4\uff0c\u540d\u5b57\u9ed8\u8ba4\u662f oos \u4e00\u4e2aopenEuler\u955c\u50cf\uff0c\u540d\u79f0\u683c\u5f0f\u662fopenEuler-%(release)s-%(arch)s\uff0c\u4f8b\u5982 openEuler-24.03-arm64 \u4e00\u4e2aVPC\uff0c\u540d\u79f0\u662f oos_vpc \u8be5VPC\u4e0b\u9762\u4e24\u4e2a\u5b50\u7f51\uff0c\u540d\u79f0\u662f oos_subnet1 \u3001 oos_subnet2 [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668(\u53ea\u5728openEuler LTS\u4e0a\u652f\u6301) \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 24.03 LTS\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 24.03-lts -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r antelope \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u6267\u884ctempest\u6d4b\u8bd5 \u7528\u6237\u53ef\u4ee5\u4f7f\u7528oos\u81ea\u52a8\u6267\u884c\uff1a oos env test test-oos \u4e5f\u53ef\u4ee5\u624b\u52a8\u767b\u5f55\u76ee\u6807\u8282\u70b9\uff0c\u8fdb\u5165\u6839\u76ee\u5f55\u4e0b\u7684 mytest \u76ee\u5f55\uff0c\u624b\u52a8\u6267\u884c tempest run \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u8df3\u8fc7\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u5728\u7b2c4\u6b65\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 \u88ab\u7eb3\u7ba1\u7684\u865a\u673a\u9700\u8981\u4fdd\u8bc1\uff1a \u81f3\u5c11\u6709\u4e00\u5f20\u7ed9oos\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e neutron_dataplane_interface_name \u81f3\u5c11\u6709\u4e00\u5757\u7ed9oos\u4f7f\u7528\u7684\u786c\u76d8\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e cinder_block_device \u5982\u679c\u8981\u90e8\u7f72swift\u670d\u52a1\uff0c\u5219\u9700\u8981\u65b0\u589e\u4e00\u5757\u786c\u76d8\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e swift_storage_devices # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 24.03-lts -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"\u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u90e8\u7f72"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/","text":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 OpenStack \u7b80\u4ecb \u00b6 OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 24.03-LTS \u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Wallaby \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002 \u7ea6\u5b9a \u00b6 OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a CinderSP1 Nova Neutron \u51c6\u5907\u73af\u5883 \u00b6 \u73af\u5883\u914d\u7f6e \u00b6 \u914d\u7f6e 24.03 LTS \u5b98\u65b9 yum \u6e90\uff0c\u9700\u8981\u542f\u7528 EPOL \u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301 OpenStack yum update yum install openstack-release-wallaby yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-24.03-LTS/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-24.03-LTS/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute \u5b89\u88c5 SQL DataBase \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef \u5b89\u88c5 RabbitMQ \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5 Memcached \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u5b89\u88c5 OpenStack \u00b6 Keystone \u5b89\u88c5 \u00b6 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Placement\u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a source ~/.admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name Nova \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [libvirt] virt_type = qemu (CPT) cpu_mode = custom (CPT) cpu_model = cortex-a72 (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] vim /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } (CPT) \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL) Neutron \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service systemctl enable neutron-l3-agent.service systemctl restart openstack-nova-api.service neutron-server.service (CTL) neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list Cinder \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list horizon \u5b89\u88c5 \u00b6 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740 Tempest \u5b89\u88c5 \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Wallaby\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin Ironic \u5b89\u88c5 \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://172.20.19.13:5050/v1 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop transport_url = rabbit://openstack:RABBITPASSWD@controller:5672/ enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:123456@172.20.19.25:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 3\u3001\u914d\u7f6e\u6d88\u606f\u5ea6\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 4\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://control:5000 www_authenticate_uri = http://control:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = control:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True 5\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 6\u3001\u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c 7\u3001\u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\uff1a ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade 8\u3001\u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service 6.\u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7.deploy ramdisk\u955c\u50cf\u5236\u4f5c W\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528W\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\uff0c\u5982\u4e0b\uff1a \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a ![ironic-err](../../img/install/ironic-err.png) \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a w\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 1. \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a ``` [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ``` 2) ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 ``` [DEFAULT] enable_auto_tls = False ``` \u8bbe\u7f6e\u6743\u9650\uff1a ``` chown -R ipa.ipa /etc/ironic_python_agent/ ``` 3. \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service ``` [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target ``` Kolla \u5b89\u88c5 \u00b6 Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 24.03 LTS\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002 Trove \u5b89\u88c5 \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 1.\u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; 2.\u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s 3.\u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 yum install openstack-trove python-troveclient 2. \u914d\u7f6e trove.conf vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] project_domain_name = Default project_name = service user_domain_name = Default password = trove username = trove auth_url = http://controller:5000/v3/ auth_type = password [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = trove project_domain_name = Default user_domain_name = Default username = trove [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 3.\u914d\u7f6e trove-guestagent.conf vim /etc/trove/trove-guestagent.conf [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 4.\u751f\u6210\u6570\u636e Trove \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"trove-manage db_sync\" trove 4.\u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Swift \u5b89\u88c5 \u00b6 Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** 4.\u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: ```shell yum install xfsprogs rsync ``` \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS ```shell mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc ``` \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: ```shell mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc ``` \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: ```shell blkid ``` \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: ```shell UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 ``` \u6302\u8f7d\u8bbe\u5907\uff1a ```shell mount /srv/node/vdb mount /srv/node/vdc ``` ***\u6ce8\u610f*** **\u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e** \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: ```shell [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock ``` **\u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740** \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: ```shell systemctl enable rsyncd.service systemctl start rsyncd.service ``` 5.\u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: ```shell yum install openstack-swift-account openstack-swift-container openstack-swift-object ``` \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: ```shell chown -R swift:swift /srv/node ``` \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a ```shell mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift ``` 6.\u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 ```shell cd /etc/swift ``` \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: ```shell swift-ring-builder account.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a ```shell swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f *** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder account.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder account.builder rebalance ``` 7.\u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230`/etc/swift`\u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840`container.builder`\u6587\u4ef6\uff1a ```shell swift-ring-builder container.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a ```shell swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f*** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder container.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder container.builder rebalance ``` 8.\u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230`/etc/swift`\u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840`object.builder`\u6587\u4ef6\uff1a ```shell swift-ring-builder object.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d ```shell swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f *** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder object.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder object.builder rebalance ``` \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06`account.ring.gz`\uff0c`container.ring.gz`\u4ee5\u53ca `object.ring.gz`\u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684`/etc/swift`\u76ee\u5f55\u3002 9.\u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service Cyborg \u5b89\u88c5 \u00b6 Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 1.\u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 3.\u5b89\u88c5Cyborg yum install openstack-cyborg 4.\u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f 5.\u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade 6.\u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent Aodh \u5b89\u88c5 \u00b6 1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 3.\u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u6ce8\u610f aodh\u4f9d\u8d56\u7684\u8f6f\u4ef6\u5305pytho3-pyparsing\u5728openEuler\u7684OS\u4ed3\u4e0d\u9002\u914d\uff0c\u9700\u8981\u8986\u76d6\u5b89\u88c5OpenStack\u5bf9\u5e94\u7248\u672c\uff0c\u53ef\u4ee5\u4f7f\u7528 yum list |grep pyparsing |grep OpenStack | awk '{print $2}' \u83b7\u53d6\u5bf9\u5e94\u7684\u7248\u672c VERSION,\u7136\u540e\u518d yum install -y python3-pyparsing-VERSION \u8986\u76d6\u5b89\u88c5\u9002\u914d\u7684pyparsing 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync 6.\u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service Gnocchi \u5b89\u88c5 \u00b6 1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 3.\u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade 6.\u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service Ceilometer \u5b89\u88c5 \u00b6 1.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering 2.\u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central 3.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade 6.\u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Heat \u5b89\u88c5 \u00b6 1.\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; 2.\u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin 3.\u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 4.\u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user 5.\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine 6.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 7.\u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat 8.\u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 \u00b6 oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 oos\u5de5\u5177\u5728\u4e0d\u65ad\u6f14\u8fdb\uff0c\u517c\u5bb9\u6027\u3001\u53ef\u7528\u6027\u4e0d\u80fd\u65f6\u523b\u4fdd\u8bc1\uff0c\u5efa\u8bae\u4f7f\u7528\u5df2\u9a8c\u8bc1\u7684\u672c\u7248\uff0c\u8fd9\u91cc\u9009\u62e9 1.3.1 pip install openstack-sig-tool==1.3.1 \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 24.03-LTS\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 24.03-lts -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r wallaby \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 24.03-lts -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"openEuler-24.03-LTS_Wallaby"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#openstack-wallaby","text":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72","title":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#openstack","text":"OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 24.03-LTS \u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Wallaby \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002","title":"OpenStack \u7b80\u4ecb"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#_1","text":"OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a CinderSP1 Nova Neutron","title":"\u7ea6\u5b9a"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#_2","text":"","title":"\u51c6\u5907\u73af\u5883"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#_3","text":"\u914d\u7f6e 24.03 LTS \u5b98\u65b9 yum \u6e90\uff0c\u9700\u8981\u542f\u7528 EPOL \u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301 OpenStack yum update yum install openstack-release-wallaby yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-24.03-LTS/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-24.03-LTS/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute","title":"\u73af\u5883\u914d\u7f6e"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#sql-database","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef","title":"\u5b89\u88c5 SQL DataBase"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#rabbitmq","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5 RabbitMQ"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#memcached","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002","title":"\u5b89\u88c5 Memcached"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#openstack_1","text":"","title":"\u5b89\u88c5 OpenStack"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#keystone","text":"\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#glance","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#placement","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a source ~/.admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name","title":"Placement\u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#nova","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [libvirt] virt_type = qemu (CPT) cpu_mode = custom (CPT) cpu_model = cortex-a72 (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] vim /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } (CPT) \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL)","title":"Nova \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#neutron","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service systemctl enable neutron-l3-agent.service systemctl restart openstack-nova-api.service neutron-server.service (CTL) neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list","title":"Neutron \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#cinder","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list","title":"Cinder \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#horizon","text":"\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740","title":"horizon \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Wallaby\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin","title":"Tempest \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://172.20.19.13:5050/v1 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop transport_url = rabbit://openstack:RABBITPASSWD@controller:5672/ enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:123456@172.20.19.25:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 3\u3001\u914d\u7f6e\u6d88\u606f\u5ea6\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 4\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://control:5000 www_authenticate_uri = http://control:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = control:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True 5\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 6\u3001\u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c 7\u3001\u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\uff1a ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade 8\u3001\u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service 6.\u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7.deploy ramdisk\u955c\u50cf\u5236\u4f5c W\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528W\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\uff0c\u5982\u4e0b\uff1a \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a ![ironic-err](../../img/install/ironic-err.png) \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a w\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 1. \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a ``` [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ``` 2) ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 ``` [DEFAULT] enable_auto_tls = False ``` \u8bbe\u7f6e\u6743\u9650\uff1a ``` chown -R ipa.ipa /etc/ironic_python_agent/ ``` 3. \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service ``` [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target ```","title":"Ironic \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#kolla","text":"Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 24.03 LTS\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002","title":"Kolla \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 1.\u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; 2.\u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s 3.\u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 yum install openstack-trove python-troveclient 2. \u914d\u7f6e trove.conf vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] project_domain_name = Default project_name = service user_domain_name = Default password = trove username = trove auth_url = http://controller:5000/v3/ auth_type = password [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = trove project_domain_name = Default user_domain_name = Default username = trove [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 3.\u914d\u7f6e trove-guestagent.conf vim /etc/trove/trove-guestagent.conf [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 4.\u751f\u6210\u6570\u636e Trove \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"trove-manage db_sync\" trove 4.\u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#swift","text":"Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** 4.\u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: ```shell yum install xfsprogs rsync ``` \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS ```shell mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc ``` \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: ```shell mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc ``` \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: ```shell blkid ``` \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: ```shell UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 ``` \u6302\u8f7d\u8bbe\u5907\uff1a ```shell mount /srv/node/vdb mount /srv/node/vdc ``` ***\u6ce8\u610f*** **\u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e** \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: ```shell [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock ``` **\u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740** \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: ```shell systemctl enable rsyncd.service systemctl start rsyncd.service ``` 5.\u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: ```shell yum install openstack-swift-account openstack-swift-container openstack-swift-object ``` \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: ```shell chown -R swift:swift /srv/node ``` \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a ```shell mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift ``` 6.\u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 ```shell cd /etc/swift ``` \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: ```shell swift-ring-builder account.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a ```shell swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f *** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder account.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder account.builder rebalance ``` 7.\u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230`/etc/swift`\u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840`container.builder`\u6587\u4ef6\uff1a ```shell swift-ring-builder container.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a ```shell swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f*** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder container.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder container.builder rebalance ``` 8.\u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230`/etc/swift`\u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840`object.builder`\u6587\u4ef6\uff1a ```shell swift-ring-builder object.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d ```shell swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f *** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder object.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder object.builder rebalance ``` \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06`account.ring.gz`\uff0c`container.ring.gz`\u4ee5\u53ca `object.ring.gz`\u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684`/etc/swift`\u76ee\u5f55\u3002 9.\u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service","title":"Swift \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#cyborg","text":"Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 1.\u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 3.\u5b89\u88c5Cyborg yum install openstack-cyborg 4.\u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f 5.\u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade 6.\u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent","title":"Cyborg \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#aodh","text":"1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 3.\u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u6ce8\u610f aodh\u4f9d\u8d56\u7684\u8f6f\u4ef6\u5305pytho3-pyparsing\u5728openEuler\u7684OS\u4ed3\u4e0d\u9002\u914d\uff0c\u9700\u8981\u8986\u76d6\u5b89\u88c5OpenStack\u5bf9\u5e94\u7248\u672c\uff0c\u53ef\u4ee5\u4f7f\u7528 yum list |grep pyparsing |grep OpenStack | awk '{print $2}' \u83b7\u53d6\u5bf9\u5e94\u7684\u7248\u672c VERSION,\u7136\u540e\u518d yum install -y python3-pyparsing-VERSION \u8986\u76d6\u5b89\u88c5\u9002\u914d\u7684pyparsing 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync 6.\u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service","title":"Aodh \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#gnocchi","text":"1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 3.\u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade 6.\u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service","title":"Gnocchi \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#ceilometer","text":"1.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering 2.\u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central 3.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade 6.\u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service","title":"Ceilometer \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#heat","text":"1.\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; 2.\u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin 3.\u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 4.\u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user 5.\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine 6.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 7.\u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat 8.\u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service","title":"Heat \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS/OpenStack-wallaby/#openstack-sigoos","text":"oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 oos\u5de5\u5177\u5728\u4e0d\u65ad\u6f14\u8fdb\uff0c\u517c\u5bb9\u6027\u3001\u53ef\u7528\u6027\u4e0d\u80fd\u65f6\u523b\u4fdd\u8bc1\uff0c\u5efa\u8bae\u4f7f\u7528\u5df2\u9a8c\u8bc1\u7684\u672c\u7248\uff0c\u8fd9\u91cc\u9009\u62e9 1.3.1 pip install openstack-sig-tool==1.3.1 \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 24.03-LTS\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 24.03-lts -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r wallaby \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 24.03-lts -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"\u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/","text":"OpenStack Antelope \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack Antelope \u90e8\u7f72\u6307\u5357 \u57fa\u4e8eRPM\u90e8\u7f72 \u73af\u5883\u51c6\u5907 \u65f6\u949f\u540c\u6b65 \u5b89\u88c5\u6570\u636e\u5e93 \u5b89\u88c5\u6d88\u606f\u961f\u5217 \u5b89\u88c5\u7f13\u5b58\u670d\u52a1 \u90e8\u7f72\u670d\u52a1 Keystone Glance Placement Nova Neutron Cinder Horizon Ironic Trove Swift Cyborg Aodh Gnocchi Ceilometer Heat Tempest \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u90e8\u7f72 \u672c\u6587\u6863\u662f openEuler OpenStack SIG \u7f16\u5199\u7684\u57fa\u4e8e |openEuler 24.03 LTS SP1 \u7684 OpenStack \u90e8\u7f72\u6307\u5357\uff0c\u5185\u5bb9\u7531 SIG \u8d21\u732e\u8005\u63d0\u4f9b\u3002\u5728\u9605\u8bfb\u8fc7\u7a0b\u4e2d\uff0c\u5982\u679c\u60a8\u6709\u4efb\u4f55\u7591\u95ee\u6216\u8005\u53d1\u73b0\u4efb\u4f55\u95ee\u9898\uff0c\u8bf7 \u8054\u7cfb SIG\u7ef4\u62a4\u4eba\u5458\uff0c\u6216\u8005\u76f4\u63a5 \u63d0\u4ea4issue \u7ea6\u5b9a \u672c\u7ae0\u8282\u63cf\u8ff0\u6587\u6863\u4e2d\u7684\u4e00\u4e9b\u901a\u7528\u7ea6\u5b9a\u3002 \u540d\u79f0 \u5b9a\u4e49 RABBIT_PASS rabbitmq\u7684\u5bc6\u7801\uff0c\u7531\u7528\u6237\u8bbe\u7f6e\uff0c\u5728OpenStack\u5404\u4e2a\u670d\u52a1\u914d\u7f6e\u4e2d\u4f7f\u7528 CINDER_PASS cinder\u670d\u52a1keystone\u7528\u6237\u7684\u5bc6\u7801\uff0c\u5728cinder\u914d\u7f6e\u4e2d\u4f7f\u7528 CINDER_DBPASS cinder\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728cinder\u914d\u7f6e\u4e2d\u4f7f\u7528 KEYSTONE_DBPASS keystone\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728keystone\u914d\u7f6e\u4e2d\u4f7f\u7528 GLANCE_PASS glance\u670d\u52a1keystone\u7528\u6237\u7684\u5bc6\u7801\uff0c\u5728glance\u914d\u7f6e\u4e2d\u4f7f\u7528 GLANCE_DBPASS glance\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728glance\u914d\u7f6e\u4e2d\u4f7f\u7528 HEAT_PASS \u5728keystone\u6ce8\u518c\u7684heat\u7528\u6237\u5bc6\u7801\uff0c\u5728heat\u914d\u7f6e\u4e2d\u4f7f\u7528 HEAT_DBPASS heat\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728heat\u914d\u7f6e\u4e2d\u4f7f\u7528 CYBORG_PASS \u5728keystone\u6ce8\u518c\u7684cyborg\u7528\u6237\u5bc6\u7801\uff0c\u5728cyborg\u914d\u7f6e\u4e2d\u4f7f\u7528 CYBORG_DBPASS cyborg\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728cyborg\u914d\u7f6e\u4e2d\u4f7f\u7528 NEUTRON_PASS \u5728keystone\u6ce8\u518c\u7684neutron\u7528\u6237\u5bc6\u7801\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 NEUTRON_DBPASS neutron\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 PROVIDER_INTERFACE_NAME \u7269\u7406\u7f51\u7edc\u63a5\u53e3\u7684\u540d\u79f0\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 OVERLAY_INTERFACE_IP_ADDRESS Controller\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406ip\u5730\u5740\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 METADATA_SECRET metadata proxy\u7684secret\u5bc6\u7801\uff0c\u5728nova\u548cneutron\u914d\u7f6e\u4e2d\u4f7f\u7528 PLACEMENT_DBPASS placement\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728placement\u914d\u7f6e\u4e2d\u4f7f\u7528 PLACEMENT_PASS \u5728keystone\u6ce8\u518c\u7684placement\u7528\u6237\u5bc6\u7801\uff0c\u5728placement\u914d\u7f6e\u4e2d\u4f7f\u7528 NOVA_DBPASS nova\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728nova\u914d\u7f6e\u4e2d\u4f7f\u7528 NOVA_PASS \u5728keystone\u6ce8\u518c\u7684nova\u7528\u6237\u5bc6\u7801\uff0c\u5728nova,cyborg,neutron\u7b49\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_DBPASS ironic\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728ironic\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_PASS \u5728keystone\u6ce8\u518c\u7684ironic\u7528\u6237\u5bc6\u7801\uff0c\u5728ironic\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_INSPECTOR_DBPASS ironic-inspector\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728ironic-inspector\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_INSPECTOR_PASS \u5728keystone\u6ce8\u518c\u7684ironic-inspector\u7528\u6237\u5bc6\u7801\uff0c\u5728ironic-inspector\u914d\u7f6e\u4e2d\u4f7f\u7528 OpenStack SIG \u63d0\u4f9b\u4e86\u591a\u79cd\u57fa\u4e8e openEuler \u90e8\u7f72 OpenStack \u7684\u65b9\u6cd5\uff0c\u4ee5\u6ee1\u8db3\u4e0d\u540c\u7684\u7528\u6237\u573a\u666f\uff0c\u8bf7\u6309\u9700\u9009\u62e9\u3002 \u57fa\u4e8eRPM\u90e8\u7f72 \u00b6 \u73af\u5883\u51c6\u5907 \u00b6 \u672c\u6587\u6863\u57fa\u4e8eOpenStack\u7ecf\u5178\u7684\u4e09\u8282\u70b9\u73af\u5883\u8fdb\u884c\u90e8\u7f72\uff0c\u4e09\u4e2a\u8282\u70b9\u5206\u522b\u662f\u63a7\u5236\u8282\u70b9(Controller)\u3001\u8ba1\u7b97\u8282\u70b9(Compute)\u3001\u5b58\u50a8\u8282\u70b9(Storage)\uff0c\u5176\u4e2d\u5b58\u50a8\u8282\u70b9\u4e00\u822c\u53ea\u90e8\u7f72\u5b58\u50a8\u670d\u52a1\uff0c\u5728\u8d44\u6e90\u6709\u9650\u7684\u60c5\u51b5\u4e0b\uff0c\u53ef\u4ee5\u4e0d\u5355\u72ec\u90e8\u7f72\u8be5\u8282\u70b9\uff0c\u628a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u670d\u52a1\u90e8\u7f72\u5230\u8ba1\u7b97\u8282\u70b9\u5373\u53ef\u3002 \u9996\u5148\u51c6\u5907\u4e09\u4e2a|openEuler 24.03 LTS SP1\u73af\u5883\uff0c\u6839\u636e\u60a8\u7684\u73af\u5883\uff0c\u4e0b\u8f7d\u5bf9\u5e94\u7684\u955c\u50cf\u5e76\u5b89\u88c5\u5373\u53ef\uff1a ISO\u955c\u50cf \u3001 qcow2\u955c\u50cf \u3002 \u4e0b\u9762\u7684\u5b89\u88c5\u6309\u7167\u5982\u4e0b\u62d3\u6251\u8fdb\u884c\uff1a controller\uff1a192.168.0.2 compute\uff1a 192.168.0.3 storage\uff1a 192.168.0.4 \u5982\u679c\u60a8\u7684\u73af\u5883IP\u4e0d\u540c\uff0c\u8bf7\u6309\u7167\u60a8\u7684\u73af\u5883IP\u4fee\u6539\u76f8\u5e94\u7684\u914d\u7f6e\u6587\u4ef6\u3002 \u672c\u6587\u6863\u7684\u4e09\u8282\u70b9\u670d\u52a1\u62d3\u6251\u5982\u4e0b\u56fe\u6240\u793a(\u53ea\u5305\u542bKeystone\u3001Glance\u3001Nova\u3001Cinder\u3001Neutron\u8fd9\u51e0\u4e2a\u6838\u5fc3\u670d\u52a1\uff0c\u5176\u4ed6\u670d\u52a1\u8bf7\u53c2\u8003\u5177\u4f53\u90e8\u7f72\u7ae0\u8282)\uff1a \u5728\u6b63\u5f0f\u90e8\u7f72\u4e4b\u524d\uff0c\u9700\u8981\u5bf9\u6bcf\u4e2a\u8282\u70b9\u505a\u5982\u4e0b\u914d\u7f6e\u548c\u68c0\u67e5\uff1a \u914d\u7f6e |openEuler 24.03 LTS SP1 \u5b98\u65b9 yum \u6e90\uff0c\u9700\u8981\u542f\u7528 EPOL \u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301 OpenStack yum update yum install openstack-release-antelope yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP1/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-24.03-LTS-SP1/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u6bcf\u4e2a\u8282\u70b9\u5206\u522b\u4fee\u6539\u4e3b\u673a\u540d\uff0c\u4ee5controller\u4e3a\u4f8b\uff1a hostnamectl set-hostname controller vi /etc/hostname \u5185\u5bb9\u4fee\u6539\u4e3acontroller \u7136\u540e\u4fee\u6539\u6bcf\u4e2a\u8282\u70b9\u7684 /etc/hosts \u6587\u4ef6\uff0c\u65b0\u589e\u5982\u4e0b\u5185\u5bb9: 192.168.0.2 controller 192.168.0.3 compute 192.168.0.4 storage \u65f6\u949f\u540c\u6b65 \u00b6 \u96c6\u7fa4\u73af\u5883\u65f6\u523b\u8981\u6c42\u6bcf\u4e2a\u8282\u70b9\u7684\u65f6\u95f4\u4e00\u81f4\uff0c\u4e00\u822c\u7531\u65f6\u949f\u540c\u6b65\u8f6f\u4ef6\u4fdd\u8bc1\u3002\u672c\u6587\u4f7f\u7528 chrony \u8f6f\u4ef6\u3002\u6b65\u9aa4\u5982\u4e0b\uff1a Controller\u8282\u70b9 \uff1a \u5b89\u88c5\u670d\u52a1 dnf install chrony \u4fee\u6539 /etc/chrony.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u65b0\u589e\u4e00\u884c # \u8868\u793a\u5141\u8bb8\u54ea\u4e9bIP\u4ece\u672c\u8282\u70b9\u540c\u6b65\u65f6\u949f allow 192.168.0.0/24 \u91cd\u542f\u670d\u52a1 systemctl restart chronyd \u5176\u4ed6\u8282\u70b9 \u5b89\u88c5\u670d\u52a1 dnf install chrony \u4fee\u6539 /etc/chrony.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u65b0\u589e\u4e00\u884c # NTP_SERVER\u662fcontroller IP\uff0c\u8868\u793a\u4ece\u8fd9\u4e2a\u673a\u5668\u83b7\u53d6\u65f6\u95f4\uff0c\u8fd9\u91cc\u6211\u4eec\u586b192.168.0.2\uff0c\u6216\u8005\u5728`/etc/hosts`\u91cc\u914d\u7f6e\u597d\u7684controller\u540d\u5b57\u5373\u53ef\u3002 server NTP_SERVER iburst \u540c\u65f6\uff0c\u8981\u628a pool pool.ntp.org iburst \u8fd9\u4e00\u884c\u6ce8\u91ca\u6389\uff0c\u8868\u793a\u4e0d\u4ece\u516c\u7f51\u540c\u6b65\u65f6\u949f\u3002 \u91cd\u542f\u670d\u52a1 systemctl restart chronyd \u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u68c0\u67e5\u4e00\u4e0b\u7ed3\u679c\uff0c\u5728\u5176\u4ed6\u975econtroller\u8282\u70b9\u6267\u884c chronyc sources \uff0c\u8fd4\u56de\u7ed3\u679c\u7c7b\u4f3c\u5982\u4e0b\u5185\u5bb9\uff0c\u8868\u793a\u6210\u529f\u4ececontroller\u540c\u6b65\u65f6\u949f\u3002 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* 192.168.0.2 4 6 7 0 -1406ns[ +55us] +/- 16ms \u5b89\u88c5\u6570\u636e\u5e93 \u00b6 \u6570\u636e\u5e93\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528mariadb\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install mariadb-config mariadb mariadb-server python3-PyMySQL \u65b0\u589e\u914d\u7f6e\u6587\u4ef6 /etc/my.cnf.d/openstack.cnf \uff0c\u5185\u5bb9\u5982\u4e0b [mysqld] bind-address = 192.168.0.2 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u542f\u52a8\u670d\u52a1\u5668 systemctl start mariadb \u521d\u59cb\u5316\u6570\u636e\u5e93\uff0c\u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef mysql_secure_installation \u793a\u4f8b\u5982\u4e0b\uff1a NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and haven't set the root password yet, you should just press enter here. Enter current password for root (enter for none): #\u8fd9\u91cc\u8f93\u5165\u5bc6\u7801\uff0c\u7531\u4e8e\u6211\u4eec\u662f\u521d\u59cb\u5316DB\uff0c\u76f4\u63a5\u56de\u8f66\u5c31\u884c OK, successfully used password, moving on... Setting the root password or using the unix_socket ensures that nobody can log into the MariaDB root user without the proper authorisation. You already have your root account protected, so you can safely answer 'n'. # \u8fd9\u91cc\u6839\u636e\u63d0\u793a\u8f93\u5165N Switch to unix_socket authentication [Y/n] N Enabled successfully! Reloading privilege tables.. ... Success! You already have your root account protected, so you can safely answer 'n'. # \u8f93\u5165Y\uff0c\u4fee\u6539\u5bc6\u7801 Change the root password? [Y/n] Y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. # \u8f93\u5165Y\uff0c\u5220\u9664\u533f\u540d\u7528\u6237 Remove anonymous users? [Y/n] Y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. # \u8f93\u5165Y\uff0c\u5173\u95edroot\u8fdc\u7a0b\u767b\u5f55\u6743\u9650 Disallow root login remotely? [Y/n] Y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. # \u8f93\u5165Y\uff0c\u5220\u9664test\u6570\u636e\u5e93 Remove test database and access to it? [Y/n] Y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. # \u8f93\u5165Y\uff0c\u91cd\u8f7d\u914d\u7f6e Reload privilege tables now? [Y/n] Y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. \u9a8c\u8bc1\uff0c\u6839\u636e\u7b2c\u56db\u6b65\u8bbe\u7f6e\u7684\u5bc6\u7801\uff0c\u68c0\u67e5\u662f\u5426\u80fd\u767b\u5f55mariadb mysql -uroot -p \u5b89\u88c5\u6d88\u606f\u961f\u5217 \u00b6 \u6d88\u606f\u961f\u5217\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528rabbitmq\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install rabbitmq-server \u542f\u52a8\u670d\u52a1 systemctl start rabbitmq-server \u914d\u7f6eopenstack\u7528\u6237\uff0c RABBIT_PASS \u662fopenstack\u670d\u52a1\u767b\u5f55\u6d88\u606f\u961f\u91cc\u7684\u5bc6\u7801\uff0c\u9700\u8981\u548c\u540e\u9762\u5404\u4e2a\u670d\u52a1\u7684\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\u3002 rabbitmqctl add_user openstack RABBIT_PASS rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5\u7f13\u5b58\u670d\u52a1 \u00b6 \u6d88\u606f\u961f\u5217\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528Memcached\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install memcached python3-memcached \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u542f\u52a8\u670d\u52a1 systemctl start memcached \u90e8\u7f72\u670d\u52a1 \u00b6 Keystone \u00b6 Keystone\u662fOpenStack\u63d0\u4f9b\u7684\u9274\u6743\u670d\u52a1\uff0c\u662f\u6574\u4e2aOpenStack\u7684\u5165\u53e3\uff0c\u63d0\u4f9b\u4e86\u79df\u6237\u9694\u79bb\u3001\u7528\u6237\u8ba4\u8bc1\u3001\u670d\u52a1\u53d1\u73b0\u7b49\u529f\u80fd\uff0c\u5fc5\u987b\u5b89\u88c5\u3002 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server \u6253\u5f00httpd.conf\u5e76\u914d\u7f6e #\u9700\u8981\u4fee\u6539\u7684\u914d\u7f6e\u6587\u4ef6\u8def\u5f84 vim /etc/httpd/conf/httpd.conf #\u4fee\u6539\u4ee5\u4e0b\u9879\uff0c\u5982\u679c\u6ca1\u6709\u5219\u65b0\u6dfb\u52a0 ServerName controller \u521b\u5efa\u8f6f\u94fe\u63a5 ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles \u9700\u8981\u5148\u5b89\u88c5python3-openstackclient dnf install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u00b6 Glance\u662fOpenStack\u63d0\u4f9b\u7684\u955c\u50cf\u670d\u52a1\uff0c\u8d1f\u8d23\u865a\u62df\u673a\u3001\u88f8\u673a\u955c\u50cf\u7684\u4e0a\u4f20\u4e0e\u4e0b\u8f7d\uff0c\u5fc5\u987b\u5b89\u88c5\u3002 Controller\u8282\u70b9 \uff1a \u521b\u5efa glance \u6570\u636e\u5e93\u5e76\u6388\u6743 mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521d\u59cb\u5316 glance \u8d44\u6e90\u5bf9\u8c61 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efa\u7528\u6237\u65f6\uff0c\u547d\u4ee4\u884c\u4f1a\u63d0\u793a\u8f93\u5165\u5bc6\u7801\uff0c\u8bf7\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u5bc6\u7801\uff0c\u4e0b\u6587\u6d89\u53ca\u5230 GLANCE_PASS \u7684\u5730\u65b9\u66ff\u6362\u6210\u8be5\u5bc6\u7801\u5373\u53ef\u3002 openstack user create --domain default --password-prompt glance User Password: Repeat User Password: \u6dfb\u52a0glance\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user glance admin \u521b\u5efaglance\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efaglance API\u670d\u52a1\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-glance \u4fee\u6539 glance \u914d\u7f6e\u6587\u4ef6 vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u5bfc\u5165\u73af\u5883\u53d8\u91cf sorce ~/.admin-openrcu \u4e0b\u8f7d\u955c\u50cf x86\u955c\u50cf\u4e0b\u8f7d\uff1a wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img arm\u955c\u50cf\u4e0b\u8f7d\uff1a wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-aarch64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Placement \u00b6 Placement\u662fOpenStack\u63d0\u4f9b\u7684\u8d44\u6e90\u8c03\u5ea6\u7ec4\u4ef6\uff0c\u4e00\u822c\u4e0d\u9762\u5411\u7528\u6237\uff0c\u7531Nova\u7b49\u7ec4\u4ef6\u8c03\u7528\uff0c\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\u3002 \u5b89\u88c5\u3001\u914d\u7f6ePlacement\u670d\u52a1\u524d\uff0c\u9700\u8981\u5148\u521b\u5efa\u76f8\u5e94\u7684\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548cAPI endpoints\u3002 \u521b\u5efa\u6570\u636e\u5e93 \u4f7f\u7528root\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\u670d\u52a1\uff1a mysql -u root -p \u521b\u5efaplacement\u6570\u636e\u5e93\uff1a MariaDB [(none)]> CREATE DATABASE placement; \u6388\u6743\u6570\u636e\u5e93\u8bbf\u95ee\uff1a MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; \u66ff\u6362 PLACEMENT_DBPASS \u4e3aplacement\u6570\u636e\u5e93\u8bbf\u95ee\u5bc6\u7801\u3002 \u9000\u51fa\u6570\u636e\u5e93\u8bbf\u95ee\u5ba2\u6237\u7aef\uff1a exit \u914d\u7f6e\u7528\u6237\u548cEndpoints source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u521b\u5efaplacement\u7528\u6237\u5e76\u8bbe\u7f6e\u7528\u6237\u5bc6\u7801\uff1a openstack user create --domain default --password-prompt placement User Password: Repeat User Password: \u6dfb\u52a0placement\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user placement admin \u521b\u5efaplacement\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name placement \\ --description \"Placement API\" placement \u521b\u5efaPlacement API\u670d\u52a1endpoints\uff1a openstack endpoint create --region RegionOne \\ placement public http://controller:8778 openstack endpoint create --region RegionOne \\ placement internal http://controller:8778 openstack endpoint create --region RegionOne \\ placement admin http://controller:8778 \u5b89\u88c5\u53ca\u914d\u7f6e\u7ec4\u4ef6 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a dnf install openstack-placement-api \u7f16\u8f91 /etc/placement/placement.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u5b8c\u6210\u5982\u4e0b\u64cd\u4f5c\uff1a \u5728 [placement_database] \u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1a [placement_database] connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement \u66ff\u6362 PLACEMENT_DBPASS \u4e3aplacement\u6570\u636e\u5e93\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u6570\u636e\u5e93\u540c\u6b65\uff0c\u586b\u5145Placement\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8\u670d\u52a1 \u91cd\u542fhttpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650 source ~/.admin-openrc \u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a placement-status upgrade check +----------------------------------------------------------------------+ | Upgrade Check Results | +----------------------------------------------------------------------+ | Check: Missing Root Provider IDs | | Result: Success | | Details: None | +----------------------------------------------------------------------+ | Check: Incomplete Consumers | | Result: Success | | Details: None | +----------------------------------------------------------------------+ | Check: Policy File JSON to YAML Migration | | Result: Failure | | Details: Your policy file is JSON-formatted which is deprecated. You | | need to switch to YAML-formatted file. Use the | | ``oslopolicy-convert-json-to-yaml`` tool to convert the | | existing JSON-formatted files to YAML in a backwards- | | compatible manner: https://docs.openstack.org/oslo.policy/ | | latest/cli/oslopolicy-convert-json-to-yaml.html. | +----------------------------------------------------------------------+ \u8fd9\u91cc\u53ef\u4ee5\u770b\u5230 Policy File JSON to YAML Migration \u7684\u7ed3\u679c\u4e3aFailure\u3002\u8fd9\u662f\u56e0\u4e3a\u5728Placement\u4e2d\uff0cJSON\u683c\u5f0f\u7684policy\u6587\u4ef6\u4eceWallaby\u7248\u672c\u5f00\u59cb\u5df2\u5904\u4e8e deprecated \u72b6\u6001\u3002\u53ef\u4ee5\u53c2\u8003\u63d0\u793a\uff0c\u4f7f\u7528 oslopolicy-convert-json-to-yaml \u5de5\u5177 \u5c06\u73b0\u6709\u7684JSON\u683c\u5f0fpolicy\u6587\u4ef6\u8f6c\u5316\u4e3aYAML\u683c\u5f0f\u3002 oslopolicy-convert-json-to-yaml --namespace placement \\ --policy-file /etc/placement/policy.json \\ --output-file /etc/placement/policy.yaml mv /etc/placement/policy.json{,.bak} \u6ce8\uff1a\u5f53\u524d\u73af\u5883\u4e2d\u6b64\u95ee\u9898\u53ef\u5ffd\u7565\uff0c\u4e0d\u5f71\u54cd\u8fd0\u884c\u3002 \u9488\u5bf9placement API\u8fd0\u884c\u547d\u4ee4\uff1a \u5b89\u88c5osc-placement\u63d2\u4ef6\uff1a dnf install python3-osc-placement \u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a openstack --os-placement-api-version 1.2 resource class list --sort-column name +----------------------------+ | name | +----------------------------+ | DISK_GB | | FPGA | | ... | openstack --os-placement-api-version 1.6 trait list --sort-column name +---------------------------------------+ | name | +---------------------------------------+ | COMPUTE_ACCELERATORS | | COMPUTE_ARCH_AARCH64 | | ... | Nova \u00b6 Nova\u662fOpenStack\u7684\u8ba1\u7b97\u670d\u52a1\uff0c\u8d1f\u8d23\u865a\u62df\u673a\u7684\u521b\u5efa\u3001\u53d1\u653e\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u521b\u5efa\u6570\u636e\u5e93 \u4f7f\u7528root\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\u670d\u52a1\uff1a mysql -u root -p \u521b\u5efa nova_api \u3001 nova \u548c nova_cell0 \u6570\u636e\u5e93\uff1a MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; \u6388\u6743\u6570\u636e\u5e93\u8bbf\u95ee\uff1a MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; \u66ff\u6362 NOVA_DBPASS \u4e3anova\u76f8\u5173\u6570\u636e\u5e93\u8bbf\u95ee\u5bc6\u7801\u3002 \u9000\u51fa\u6570\u636e\u5e93\u8bbf\u95ee\u5ba2\u6237\u7aef\uff1a exit \u914d\u7f6e\u7528\u6237\u548cEndpoints source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u521b\u5efanova\u7528\u6237\u5e76\u8bbe\u7f6e\u7528\u6237\u5bc6\u7801\uff1a openstack user create --domain default --password-prompt nova User Password: Repeat User Password: \u6dfb\u52a0nova\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user nova admin \u521b\u5efanova\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name nova \\ --description \"OpenStack Compute\" compute \u521b\u5efaNova API\u670d\u52a1endpoints\uff1a openstack endpoint create --region RegionOne \\ compute public http://controller:8774/v2.1 openstack endpoint create --region RegionOne \\ compute internal http://controller:8774/v2.1 openstack endpoint create --region RegionOne \\ compute admin http://controller:8774/v2.1 \u5b89\u88c5\u53ca\u914d\u7f6e\u7ec4\u4ef6 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a dnf install openstack-nova-api openstack-nova-conductor \\ openstack-nova-novncproxy openstack-nova-scheduler \u7f16\u8f91 /etc/nova/nova.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u5b8c\u6210\u5982\u4e0b\u64cd\u4f5c\uff1a \u5728 [default] \u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u4f7f\u7528controller\u8282\u70b9\u7ba1\u7406IP\u914d\u7f6emy_ip\uff0c\u663e\u5f0f\u5b9a\u4e49log_dir\uff1a [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 192.168.0.2 log_dir = /var/log/nova state_path = /var/lib/nova \u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002 \u5728 [api_database] \u548c [database] \u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1a [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova \u66ff\u6362 NOVA_DBPASS \u4e3anova\u76f8\u5173\u6570\u636e\u5e93\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u5728 [vnc] \u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1a [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip \u5728 [glance] \u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1a [glance] api_servers = http://controller:9292 \u5728 [oslo_concurrency] \u90e8\u5206\uff0c\u914d\u7f6elock path\uff1a [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\uff1a [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u6570\u636e\u5e93\u540c\u6b65\uff1a \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova \u542f\u52a8\u670d\u52a1 systemctl enable \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service Compute\u8282\u70b9 \u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-nova-compute \u7f16\u8f91 /etc/nova/nova.conf \u914d\u7f6e\u6587\u4ef6 \u5728 [default] \u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u4f7f\u7528Compute\u8282\u70b9\u7ba1\u7406IP\u914d\u7f6emy_ip\uff0c\u663e\u5f0f\u5b9a\u4e49compute_driver\u3001instances_path\u3001log_dir\uff1a [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 192.168.0.3 compute_driver = libvirt.LibvirtDriver instances_path = /var/lib/nova/instances log_dir = /var/log/nova \u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u5728 [vnc] \u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1a [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html \u5728 [glance] \u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1a [glance] api_servers = http://controller:9292 \u5728 [oslo_concurrency] \u90e8\u5206\uff0c\u914d\u7f6elock path\uff1a [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\uff1a [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86_64\uff09 \u5904\u7406\u5668\u4e3ax86_64\u67b6\u6784\u65f6\uff0c\u53ef\u901a\u8fc7\u8fd0\u884c\u5982\u4e0b\u547d\u4ee4\u786e\u8ba4\u662f\u5426\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662f\u9ed8\u8ba4\u7684KVM\u3002\u7f16\u8f91 /etc/nova/nova.conf \u7684 [libvirt] \u90e8\u5206\uff1a [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e\u3002 \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08arm64\uff09 \u5904\u7406\u5668\u4e3aarm64\u67b6\u6784\u65f6\uff0c\u53ef\u901a\u8fc7\u8fd0\u884c\u5982\u4e0b\u547d\u4ee4\u786e\u8ba4\u662f\u5426\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff1a virt-host-validate # \u8be5\u547d\u4ee4\u7531libvirt\u63d0\u4f9b\uff0c\u6b64\u65f6libvirt\u5e94\u5df2\u4f5c\u4e3aopenstack-nova-compute\u4f9d\u8d56\u88ab\u5b89\u88c5\uff0c\u73af\u5883\u4e2d\u5df2\u6709\u6b64\u547d\u4ee4 \u663e\u793aFAIL\u65f6\uff0c\u8868\u793a\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662f\u9ed8\u8ba4\u7684KVM\u3002 QEMU: Checking if device /dev/kvm exists: FAIL (Check that CPU and firmware supports virtualization and kvm module is loaded) \u7f16\u8f91 /etc/nova/nova.conf \u7684 [libvirt] \u90e8\u5206\uff1a [libvirt] virt_type = qemu \u663e\u793aPASS\u65f6\uff0c\u8868\u793a\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e\u3002 QEMU: Checking if device /dev/kvm exists: PASS \u914d\u7f6eqemu\uff08\u4ec5arm64\uff09 \u4ec5\u5f53\u5904\u7406\u5668\u4e3aarm64\u67b6\u6784\u65f6\u9700\u8981\u6267\u884c\u6b64\u64cd\u4f5c\u3002 \u7f16\u8f91 /etc/libvirt/qemu.conf : nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u7f16\u8f91 /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } \u542f\u52a8\u670d\u52a1 systemctl enable libvirtd.service openstack-nova-compute.service systemctl start libvirtd.service openstack-nova-compute.service Controller\u8282\u70b9 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u786e\u8ba4nova-compute\u670d\u52a1\u5df2\u8bc6\u522b\u5230\u6570\u636e\u5e93\u4e2d\uff1a openstack compute service list --service nova-compute \u53d1\u73b0\u8ba1\u7b97\u8282\u70b9\uff0c\u5c06\u8ba1\u7b97\u8282\u70b9\u6dfb\u52a0\u5230cell\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova \u7ed3\u679c\u5982\u4e0b\uff1a Modules with known eventlet monkey patching issues were imported prior to eventlet monkey patching: urllib3. This warning can usually be ignored if the caller is only importing and not executing nova code. Found 2 cell mappings. Skipping cell0 since it does not contain hosts. Getting computes from cell 'cell1': 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2 Checking host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e Creating host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e Found 1 unmapped computes in cell: 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2 \u9a8c\u8bc1 \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check Neutron \u00b6 Neutron\u662fOpenStack\u7684\u7f51\u7edc\u670d\u52a1\uff0c\u63d0\u4f9b\u865a\u62df\u4ea4\u6362\u673a\u3001IP\u8def\u7531\u3001DHCP\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u670d\u52a1\u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u7528\u6237\u548c\u670d\u52a1\uff0c\u5e76\u8bb0\u4f4f\u521b\u5efaneutron\u7528\u6237\u65f6\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6eNEUTRON_PASS\uff1a source ~/.admin-openrc openstack user create --domain default --password-prompt neutron openstack role add --project service --user neutron admin openstack service create --name neutron --description \"OpenStack Networking\" network \u90e8\u7f72 Neutron API \u670d\u52a1\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 openstack endpoint create --region RegionOne network internal http://controller:9696 openstack endpoint create --region RegionOne network admin http://controller:9696 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install -y openstack-neutron openstack-neutron-linuxbridge ebtables ipset openstack-neutron-ml2 3. \u914d\u7f6eNeutron \u4fee\u6539/etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron [DEFAULT] core_plugin = ml2 service_plugins = router allow_overlapping_ips = true transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = nova password = NOVA_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp [experimental] linuxbridge = true \u914d\u7f6eML2\uff0cML2\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge** \u4fee\u6539/etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u4fee\u6539/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u914d\u7f6eLayer-3\u4ee3\u7406 \u4fee\u6539/etc/neutron/l3_agent.ini [DEFAULT] interface_driver = linuxbridge \u914d\u7f6eDHCP\u4ee3\u7406 \u4fee\u6539/etc/neutron/dhcp_agent.ini [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u914d\u7f6emetadata\u4ee3\u7406 \u4fee\u6539/etc/neutron/metadata_agent.ini [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u914d\u7f6enova\u670d\u52a1\u4f7f\u7528neutron\uff0c\u4fee\u6539/etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542fnova api\u670d\u52a1 systemctl restart openstack-nova-api \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service systemctl start neutron-server.service neutron-linuxbridge-agent.service \\ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service Compute\u8282\u70b9 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-neutron-linuxbridge ebtables ipset -y \u914d\u7f6eNeutron \u4fee\u6539/etc/neutron/neutron.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u4fee\u6539/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u914d\u7f6enova compute\u670d\u52a1\u4f7f\u7528neutron\uff0c\u4fee\u6539/etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS \u91cd\u542fnova-compute\u670d\u52a1 systemctl restart openstack-nova-compute.service \u542f\u52a8Neutron linuxbridge agent\u670d\u52a1 systemctl enable neutron-linuxbridge-agent systemctl start neutron-linuxbridge-agent Cinder \u00b6 Cinder\u662fOpenStack\u7684\u5b58\u50a8\u670d\u52a1\uff0c\u63d0\u4f9b\u5757\u8bbe\u5907\u7684\u521b\u5efa\u3001\u53d1\u653e\u3001\u5907\u4efd\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \uff1a \u521d\u59cb\u5316\u6570\u636e\u5e93 CINDER_DBPASS \u662f\u7528\u6237\u81ea\u5b9a\u4e49\u7684cinder\u6570\u636e\u5e93\u5bc6\u7801\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u521d\u59cb\u5316Keystone\u8d44\u6e90\u5bf9\u8c61 source ~/.admin-openrc #\u521b\u5efa\u7528\u6237\u65f6\uff0c\u547d\u4ee4\u884c\u4f1a\u63d0\u793a\u8f93\u5165\u5bc6\u7801\uff0c\u8bf7\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u5bc6\u7801\uff0c\u4e0b\u6587\u6d89\u53ca\u5230`CINDER_PASS`\u7684\u5730\u65b9\u66ff\u6362\u6210\u8be5\u5bc6\u7801\u5373\u53ef\u3002 openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s 3. \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-cinder-api openstack-cinder-scheduler \u4fee\u6539cinder\u914d\u7f6e\u6587\u4ef6 /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 192.168.0.2 [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp \u6570\u636e\u5e93\u540c\u6b65 su -s /bin/sh -c \"cinder-manage db sync\" cinder \u4fee\u6539nova\u914d\u7f6e /etc/nova/nova.conf [cinder] os_region_name = RegionOne \u542f\u52a8\u670d\u52a1 systemctl restart openstack-nova-api systemctl start openstack-cinder-api openstack-cinder-scheduler Storage\u8282\u70b9 \uff1a Storage\u8282\u70b9\u8981\u63d0\u524d\u51c6\u5907\u81f3\u5c11\u4e00\u5757\u786c\u76d8\uff0c\u4f5c\u4e3acinder\u7684\u5b58\u50a8\u540e\u7aef\uff0c\u4e0b\u6587\u9ed8\u8ba4storage\u8282\u70b9\u5df2\u7ecf\u5b58\u5728\u4e00\u5757\u672a\u4f7f\u7528\u7684\u786c\u76d8\uff0c\u8bbe\u5907\u540d\u79f0\u4e3a /dev/sdb \uff0c\u7528\u6237\u5728\u914d\u7f6e\u8fc7\u7a0b\u4e2d\uff0c\u8bf7\u6309\u7167\u771f\u5b9e\u73af\u5883\u4fe1\u606f\u8fdb\u884c\u540d\u79f0\u66ff\u6362\u3002 Cinder\u652f\u6301\u5f88\u591a\u7c7b\u578b\u7684\u540e\u7aef\u5b58\u50a8\uff0c\u672c\u6307\u5bfc\u4f7f\u7528\u6700\u7b80\u5355\u7684lvm\u4e3a\u53c2\u8003\uff0c\u5982\u679c\u60a8\u60f3\u4f7f\u7528\u5982ceph\u7b49\u5176\u4ed6\u540e\u7aef\uff0c\u8bf7\u81ea\u884c\u914d\u7f6e\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils openstack-cinder-volume openstack-cinder-backup \u914d\u7f6elvm\u5377\u7ec4 pvcreate /dev/sdb vgcreate cinder-volumes /dev/sdb \u4fee\u6539cinder\u914d\u7f6e /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 192.168.0.4 enabled_backends = lvm glance_api_servers = http://controller:9292 [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = cinder password = CINDER_PASS [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver volume_group = cinder-volumes target_protocol = iscsi target_helper = lioadm [oslo_concurrency] lock_path = /var/lib/cinder/tmp \u914d\u7f6ecinder backup \uff08\u53ef\u9009\uff09 cinder-backup\u662f\u53ef\u9009\u7684\u5907\u4efd\u670d\u52a1\uff0ccinder\u540c\u6837\u652f\u6301\u5f88\u591a\u79cd\u5907\u4efd\u540e\u7aef\uff0c\u672c\u6587\u4f7f\u7528swift\u5b58\u50a8\uff0c\u5982\u679c\u60a8\u60f3\u4f7f\u7528\u5982NFS\u7b49\u540e\u7aef\uff0c\u8bf7\u81ea\u884c\u914d\u7f6e\uff0c\u4f8b\u5982\u53ef\u4ee5\u53c2\u8003 OpenStack\u5b98\u65b9\u6587\u6863 \u5bf9NFS\u7684\u914d\u7f6e\u8bf4\u660e\u3002 \u4fee\u6539 /etc/cinder/cinder.conf \uff0c\u5728 [DEFAULT] \u4e2d\u65b0\u589e [DEFAULT] backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver backup_swift_url = SWIFT_URL \u8fd9\u91cc\u7684 SWIFT_URL \u662f\u6307\u73af\u5883\u4e2dswift\u670d\u52a1\u7684URL\uff0c\u5728\u90e8\u7f72\u5b8cswift\u670d\u52a1\u540e\uff0c\u6267\u884c openstack catalog show object-store \u547d\u4ee4\u83b7\u53d6\u3002 \u542f\u52a8\u670d\u52a1 systemctl start openstack-cinder-volume target systemctl start openstack-cinder-backup (\u53ef\u9009) \u81f3\u6b64\uff0cCinder\u670d\u52a1\u7684\u90e8\u7f72\u5df2\u5168\u90e8\u5b8c\u6210\uff0c\u53ef\u4ee5\u5728controller\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u8fdb\u884c\u7b80\u5355\u7684\u9a8c\u8bc1 source ~/.admin-openrc openstack storage service list openstack volume list Horizon \u00b6 Horizon\u662fOpenStack\u63d0\u4f9b\u7684\u524d\u7aef\u9875\u9762\uff0c\u53ef\u4ee5\u8ba9\u7528\u6237\u901a\u8fc7\u7f51\u9875\u9f20\u6807\u7684\u64cd\u4f5c\u6765\u63a7\u5236OpenStack\u96c6\u7fa4\uff0c\u800c\u4e0d\u7528\u7e41\u7410\u7684CLI\u547d\u4ee4\u884c\u3002Horizon\u4e00\u822c\u90e8\u7f72\u5728\u63a7\u5236\u8282\u70b9\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-dashboard \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] OPENSTACK_KEYSTONE_URL = \"http://controller:5000/v3\" SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f\u670d\u52a1 systemctl restart httpd \u81f3\u6b64\uff0chorizon\u670d\u52a1\u7684\u90e8\u7f72\u5df2\u5168\u90e8\u5b8c\u6210\uff0c\u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165 http://192.168.0.2/dashboard \uff0c\u6253\u5f00horizon\u767b\u5f55\u9875\u9762\u3002 Ironic \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASS'; MariaDB [(none)]> exit Bye \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 \u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 \u66ff\u6362 IRONIC_PASS \u4e3aironic\u7528\u6237\u5bc6\u7801\uff0c IRONIC_INSPECTOR_PASS \u4e3aironic_inspector\u7528\u6237\u5bc6\u7801\u3002 openstack user create --password IRONIC_PASS \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASS --email ironic_inspector@example.com ironic-inspector openstack role add --project service --user ironic-inspector admin \u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal public http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal internal http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://192.168.0.2:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://192.168.0.2:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://192.168.0.2:5050/v1 \u5b89\u88c5\u7ec4\u4ef6 dnf install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf \u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASS \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQ LAlchemy connection string used to connect to the # database (string value) # connection = mysql+pymysql://ironic:IRONIC_DBPASS@DB_IP/ironic connection = mysql+pymysql://ironic:IRONIC_DBPASS@controller/ironic \u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) # transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq \u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASS \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s % (user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) # www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 www_authenticate_uri=http://controller:5000 # Complete admin Identity API endpoint. (string value) # auth_url=http://PRIVATE_IDENTITY_IP:5000 auth_url=http://controller:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASS # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none \u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema \u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 \u5982\u4e0b\u4e3aironic-conductor\u670d\u52a1\u81ea\u8eab\u7684\u6807\u51c6\u914d\u7f6e\uff0cironic-conductor\u670d\u52a1\u53ef\u4ee5\u4e0eironic-api\u670d\u52a1\u5206\u5e03\u4e8e\u4e0d\u540c\u8282\u70b9\uff0c\u672c\u6307\u5357\u4e2d\u5747\u90e8\u7f72\u4e0e\u63a7\u5236\u8282\u70b9\uff0c\u6240\u4ee5\u91cd\u590d\u7684\u914d\u7f6e\u9879\u53ef\u8df3\u8fc7\u3002 \u66ff\u6362\u4f7f\u7528conductor\u670d\u52a1\u6240\u5728host\u7684IP\u914d\u7f6emy_ip\uff1a [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) # my_ip=HOST_IP my_ip = 192.168.0.2 \u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASS \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASS@controller/ironic \u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq \u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c \u66ff\u6362IRONIC_PASS\u4e3aironic\u7528\u6237\u5bc6\u7801\u3002 [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASS # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public # \u5176\u4ed6\u53c2\u8003\u914d\u7f6e [glance] endpoint_override = http://controller:9292 www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 auth_type = password username = ironic password = IRONIC_PASS project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service [service_catalog] region_name = RegionOne project_domain_id = default user_domain_id = default project_name = service password = IRONIC_PASS username = ironic auth_url = http://controller:5000 auth_type = password \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] endpoint_override = <NEUTRON_API_ADDRESS> \u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 \u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u5b89\u88c5\u7ec4\u4ef6 dnf install openstack-ironic-inspector \u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASS'; MariaDB [(none)]> exit Bye \u914d\u7f6e /etc/ironic-inspector/inspector.conf \u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASS \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801 [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASS@controller/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 \u914d\u7f6e\u6d88\u606f\u961f\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s % (user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://controller:5000 www_authenticate_uri = http://controller:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = controller:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True \u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=192.168.0.40,192.168.0.50 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log \u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c \u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade \u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 dnf install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd deploy ramdisk\u955c\u50cf\u4e0b\u8f7d\u6216\u5236\u4f5c \u90e8\u7f72\u4e00\u4e2a\u88f8\u673a\u8282\u70b9\u603b\u5171\u9700\u8981\u4e24\u7ec4\u955c\u50cf\uff1adeploy ramdisk images\u548cuser images\u3002Deploy ramdisk images\u4e0a\u8fd0\u884c\u6709ironic-python-agent(IPA)\u670d\u52a1\uff0cIronic\u901a\u8fc7\u5b83\u8fdb\u884c\u88f8\u673a\u8282\u70b9\u7684\u73af\u5883\u51c6\u5907\u3002User images\u662f\u6700\u7ec8\u88ab\u5b89\u88c5\u88f8\u673a\u8282\u70b9\u4e0a\uff0c\u4f9b\u7528\u6237\u4f7f\u7528\u7684\u955c\u50cf\u3002 ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent-builder\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002\u82e5\u4f7f\u7528\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \uff0c\u540c\u65f6\u5b98\u65b9\u4e5f\u6709\u63d0\u4f9b\u5236\u4f5c\u597d\u7684deploy\u955c\u50cf\uff0c\u53ef\u5c1d\u8bd5\u4e0b\u8f7d\u3002 \u4e0b\u6587\u4ecb\u7ecd\u901a\u8fc7ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder dnf install python3-ironic-python-agent-builder \u6216 pip3 install ironic-python-agent-builder dnf install qemu-img git \u5236\u4f5c\u955c\u50cf \u57fa\u672c\u7528\u6cd5\uff1a usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--lzma] [--extra-args EXTRA_ARGS] [--elements-path ELEMENTS_PATH] distribution positional arguments: distribution Distribution to use options: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic-python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --lzma Use lzma compression for smaller images --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder --elements-path ELEMENTS_PATH Path(s) to custom DIB elements separated by a colon \u64cd\u4f5c\u5b9e\u4f8b\uff1a # -o\u9009\u9879\u6307\u5b9a\u751f\u6210\u7684\u955c\u50cf\u540d # ubuntu\u6307\u5b9a\u751f\u6210ubuntu\u7cfb\u7edf\u7684\u955c\u50cf ironic-python-agent-builder -o my-ubuntu-ipa ubuntu \u53ef\u901a\u8fc7\u8bbe\u7f6e ARCH \u73af\u5883\u53d8\u91cf\uff08\u9ed8\u8ba4\u4e3aamd64\uff09\u6307\u5b9a\u6240\u6784\u5efa\u955c\u50cf\u7684\u67b6\u6784\u3002\u5982\u679c\u662f arm \u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a export ARCH=aarch64 \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf,\u8bbe\u7f6e\u7528\u6237\u540d\u3001\u5bc6\u7801\uff0c\u542f\u7528 sodo \u6743\u9650\uff1b\u5e76\u6dfb\u52a0 -e \u9009\u9879\u4f7f\u7528\u76f8\u5e94\u7684DIB\u5143\u7d20\u3002\u5236\u4f5c\u955c\u50cf\u64cd\u4f5c\u5982\u4e0b\uff1a export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder -o my-ssh-ubuntu-ipa -e selinux-permissive -e devuser ubuntu \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=stable/2023.1 # \u6307\u5b9a\u672c\u5730\u4ed3\u5e93\u53ca\u5206\u652f DIB_REPOLOCATION_ironic_python_agent=/home/user/path/to/repo DIB_REPOREF_ironic_python_agent=my-test-branch ironic-python-agent-builder ubuntu \u53c2\u8003\uff1a source-repositories \u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\u3002 \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a \u5f53\u524d\u7248\u672c\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ ramdisk\u955c\u50cf\u4e2d\u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 \u7f16\u8f91/usr/lib/systemd/system/ironic-python-agent.service\u6587\u4ef6 [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target Trove \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2atrove\u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684trove\u6570\u636e\u5e93\uff0c\u66ff\u6362TROVE_DBPASS\u4e3a\u5408\u9002\u7684\u5bc6\u7801\u3002 CREATE DATABASE trove CHARACTER SET utf8; GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' IDENTIFIED BY 'TROVE_DBPASS'; GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' IDENTIFIED BY 'TROVE_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 # \u521b\u5efatrove\u7528\u6237 openstack user create --domain default --password-prompt trove # \u6dfb\u52a0admin\u89d2\u8272 openstack role add --project service --user trove admin # \u521b\u5efadatabase\u670d\u52a1 openstack service create --name trove --description \"Database service\" database \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5Trove\u3002 dnf install openstack-trove python-troveclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 \u7f16\u8f91/etc/trove/trove.conf\u3002 [DEFAULT] bind_host=192.168.0.2 log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver network_label_regex=.* management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] auth_url = http://controller:5000/v3/ auth_type = password project_domain_name = Default project_name = service user_domain_name = Default password = trove username = TROVE_PASS [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = trove password = TROVE_PASS [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u63a7\u5236\u8282\u70b9\u7684IP\u3002\\ transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801\u3002\\ [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f\u3002\\ Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801\u3002 \u7f16\u8f91/etc/trove/trove-guestagent.conf\u3002 [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df\u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a\u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002\\ transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801\u3002\\ Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801\u3002\\ \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 \u6570\u636e\u5e93\u540c\u6b65\u3002 su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-trove-api.service openstack-trove-taskmanager.service \\ openstack-trove-conductor.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Swift \u00b6 Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 Controller\u8282\u70b9 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 # \u521b\u5efaswift\u7528\u6237 openstack user create --domain default --password-prompt swift # \u6dfb\u52a0admin\u89d2\u8272 openstack role add --project service --user swift admin # \u521b\u5efa\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5Swift\u3002 dnf install openstack-swift-proxy python3-swiftclient python3-keystoneclient \\ python3-keystonemiddleware memcached \u914d\u7f6eproxy-server\u3002 Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cSWIFT_PASS\u5373\u53ef\u3002 vim /etc/swift/proxy-server.conf [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = swift password = SWIFT_PASS delay_auth_decision = True service_token_roles_required = True Storage\u8282\u70b9 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305\u3002 dnf install openstack-swift-account openstack-swift-container openstack-swift-object dnf install xfsprogs rsync \u5c06\u8bbe\u5907/dev/sdb\u548c/dev/sdc\u683c\u5f0f\u5316\u4e3aXFS\u3002 mkfs.xfs /dev/sdb mkfs.xfs /dev/sdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u3002 mkdir -p /srv/node/sdb mkdir -p /srv/node/sdc \u627e\u5230\u65b0\u5206\u533a\u7684UUID\u3002 blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d\u3002 UUID=\"<UUID-from-output-above>\" /srv/node/sdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/sdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\u3002 mount /srv/node/sdb mount /srv/node/sdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e\u3002 \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u914d\u7f6e\u5b58\u50a8\u8282\u70b9\u3002 \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 [DEFAULT] bind_ip = 192.168.0.4 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743\u3002 chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\u3002 mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift Controller\u8282\u70b9\u521b\u5efa\u5e76\u5206\u53d1\u73af \u521b\u5efa\u8d26\u53f7\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840 account.builder \u6587\u4ef6\u3002 swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder account.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS \\ --port 6202 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u8d26\u53f7\u73af\u5185\u5bb9\u3002 swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u8d26\u53f7\u73af\u3002 swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\u3002 swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder container.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u5bb9\u5668\u73af\u5185\u5bb9\u3002 swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u5bb9\u5668\u73af\u3002 swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\u3002 swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder object.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS \\ --port 6200 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u5bf9\u8c61\u73af\u5185\u5bb9\u3002 swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u5bf9\u8c61\u73af\u3002 swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\u3002 \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/swift/swift.conf\u3002 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\u3002 chown -R root:swift /etc/swift \u5b8c\u6210\u5b89\u88c5 \u5728\u63a7\u5236\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\u3002 systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\u3002 systemctl enable openstack-swift-account.service \\ openstack-swift-account-auditor.service \\ openstack-swift-account-reaper.service \\ openstack-swift-account-replicator.service \\ openstack-swift-container.service \\ openstack-swift-container-auditor.service \\ openstack-swift-container-replicator.service \\ openstack-swift-container-updater.service \\ openstack-swift-object.service \\ openstack-swift-object-auditor.service \\ openstack-swift-object-replicator.service \\ openstack-swift-object-updater.service systemctl start openstack-swift-account.service \\ openstack-swift-account-auditor.service \\ openstack-swift-account-reaper.service \\ openstack-swift-account-replicator.service \\ openstack-swift-container.service \\ openstack-swift-container-auditor.service \\ openstack-swift-container-replicator.service \\ openstack-swift-container-updater.service \\ openstack-swift-object.service \\ openstack-swift-object-auditor.service \\ openstack-swift-object-replicator.service \\ openstack-swift-object-updater.service Cyborg \u00b6 Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 Controller\u8282\u70b9 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 mysql -u root -p MariaDB [(none)]> CREATE DATABASE cyborg; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u7528\u6237\u548c\u670d\u52a1\uff0c\u5e76\u8bb0\u4f4f\u521b\u5efacybory\u7528\u6237\u65f6\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6eCYBORG_PASS source ~/.admin-openrc openstack user create --domain default --password-prompt cyborg openstack role add --project service --user cyborg admin openstack service create --name cyborg --description \"Acceleration Service\" accelerator \u4f7f\u7528uwsgi\u90e8\u7f72Cyborg api\u670d\u52a1 openstack endpoint create --region RegionOne accelerator public http://controller/accelerator/v2 openstack endpoint create --region RegionOne accelerator internal http://controller/accelerator/v2 openstack endpoint create --region RegionOne accelerator admin http://controller/accelerator/v2 \u5b89\u88c5Cyborg dnf install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [api] host_ip = 0.0.0.0 [database] connection = mysql+pymysql://cyborg:CYBORG_DBPASS@controller/cyborg [service_catalog] cafile = /opt/stack/data/ca-bundle.pem project_domain_id = default user_domain_id = default project_name = service password = CYBORG_PASS username = cyborg auth_url = http://controller:5000/v3/ auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = password username = PLACEMENT_PASS auth_url = http://controller:5000/v3/ auth_type = password auth_section = keystone_authtoken [nova] project_domain_name = Default project_name = service user_domain_name = Default password = NOVA_PASS username = nova auth_url = http://controller:5000/v3/ auth_type = password auth_section = keystone_authtoken [keystone_authtoken] memcached_servers = localhost:11211 signing_dir = /var/cache/cyborg/api cafile = /opt/stack/data/ca-bundle.pem project_domain_name = Default project_name = service user_domain_name = Default password = CYBORG_PASS username = cyborg auth_url = http://controller:5000/v3/ auth_type = password \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent Aodh \u00b6 Aodh\u53ef\u4ee5\u6839\u636e\u7531Ceilometer\u6216\u8005Gnocchi\u6536\u96c6\u7684\u76d1\u63a7\u6570\u636e\u521b\u5efa\u544a\u8b66\uff0c\u5e76\u8bbe\u7f6e\u89e6\u53d1\u89c4\u5219\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh\u3002 dnf install openstack-aodh-api openstack-aodh-evaluator \\ openstack-aodh-notifier openstack-aodh-listener \\ openstack-aodh-expirer python3-aodhclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/aodh/aodh.conf [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u540c\u6b65\u6570\u636e\u5e93\u3002 aodh-dbsync \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service \\ openstack-aodh-notifier.service openstack-aodh-listener.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service \\ openstack-aodh-notifier.service openstack-aodh-listener.service Gnocchi \u00b6 Gnocchi\u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u65f6\u95f4\u5e8f\u5217\u6570\u636e\u5e93\uff0c\u53ef\u4ee5\u5bf9\u63a5Ceilometer\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi\u3002 dnf install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. # coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u540c\u6b65\u6570\u636e\u5e93\u3002 gnocchi-upgrade \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service Ceilometer \u00b6 Ceilometer\u662fOpenStack\u4e2d\u8d1f\u8d23\u6570\u636e\u6536\u96c6\u7684\u670d\u52a1\u3002 Controller\u8282\u70b9 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer\u8f6f\u4ef6\u5305\u3002 dnf install openstack-ceilometer-notification openstack-ceilometer-central \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/pipeline.yaml\u3002 publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/ceilometer.conf\u3002 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u6570\u636e\u5e93\u540c\u6b65\u3002 ceilometer-upgrade \u5b8c\u6210\u63a7\u5236\u8282\u70b9Ceilometer\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Compute\u8282\u70b9 \u5b89\u88c5Ceilometer\u8f6f\u4ef6\u5305\u3002 dnf install openstack-ceilometer-compute dnf install openstack-ceilometer-ipmi # \u53ef\u9009 \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/ceilometer.conf\u3002 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_url = http://controller:5000 project_domain_id = default user_domain_id = default auth_type = password username = ceilometer project_name = service password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/nova/nova.conf\u3002 [DEFAULT] instance_usage_audit = True instance_usage_audit_period = hour [notifications] notify_on_state_change = vm_and_task_state [oslo_messaging_notifications] driver = messagingv2 \u5b8c\u6210\u5b89\u88c5\u3002 systemctl enable openstack-ceilometer-compute.service systemctl start openstack-ceilometer-compute.service systemctl enable openstack-ceilometer-ipmi.service # \u53ef\u9009 systemctl start openstack-ceilometer-ipmi.service # \u53ef\u9009 # \u91cd\u542fnova-compute\u670d\u52a1 systemctl restart openstack-nova-compute.service Heat \u00b6 Heat\u662f OpenStack \u81ea\u52a8\u7f16\u6392\u670d\u52a1\uff0c\u57fa\u4e8e\u63cf\u8ff0\u6027\u7684\u6a21\u677f\u6765\u7f16\u6392\u590d\u5408\u4e91\u5e94\u7528\uff0c\u4e5f\u79f0\u4e3a Orchestration Service \u3002Heat \u7684\u5404\u670d\u52a1\u4e00\u822c\u5b89\u88c5\u5728 Controller \u8282\u70b9\u4e0a\u3002 Controller\u8282\u70b9 \u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE heat; MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 source ~/.admin-openrc openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f \u521b\u5efa heat domain openstack domain create --description \"Stack projects and users\" heat \u5728 heat domain\u4e0b\u521b\u5efa heat_domain_admin \u7528\u6237\uff0c\u5e76\u8bb0\u4e0b\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6e\u4e0b\u9762\u7684 HEAT_DOMAIN_PASS openstack user create --domain heat --password-prompt heat_domain_admin \u4e3a heat_domain_admin \u7528\u6237\u589e\u52a0 admin \u89d2\u8272 openstack role add --domain heat --user-domain heat --user heat_domain_admin admin \u521b\u5efa heat_stack_owner \u89d2\u8272 openstack role create heat_stack_owner \u521b\u5efa heat_stack_user \u89d2\u8272 openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service Tempest \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 Controller\u8282\u70b9 \uff1a \u5b89\u88c5Tempest dnf install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Antelope\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a dnf install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u90e8\u7f72 \u00b6 oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 yum install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff0cAK/SK\u662f\u7528\u6237\u7684\u534e\u4e3a\u4e91\u767b\u5f55\u5bc6\u94a5\uff0c\u5176\u4ed6\u914d\u7f6e\u4fdd\u6301\u9ed8\u8ba4\u5373\u53ef\uff08\u9ed8\u8ba4\u4f7f\u7528\u65b0\u52a0\u5761region\uff09\uff0c\u9700\u8981\u63d0\u524d\u5728\u4e91\u4e0a\u521b\u5efa\u5bf9\u5e94\u7684\u8d44\u6e90\uff0c\u5305\u62ec\uff1a \u4e00\u4e2a\u5b89\u5168\u7ec4\uff0c\u540d\u5b57\u9ed8\u8ba4\u662f oos \u4e00\u4e2aopenEuler\u955c\u50cf\uff0c\u540d\u79f0\u683c\u5f0f\u662fopenEuler-%(release)s-%(arch)s\uff0c\u4f8b\u5982 openEuler-24.03-sp1-arm64 \u4e00\u4e2aVPC\uff0c\u540d\u79f0\u662f oos_vpc \u8be5VPC\u4e0b\u9762\u4e24\u4e2a\u5b50\u7f51\uff0c\u540d\u79f0\u662f oos_subnet1 \u3001 oos_subnet2 [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668(\u53ea\u5728openEuler LTS\u4e0a\u652f\u6301) \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0|openEuler 24.03 LTS SP1\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 24.03-lts-sp1 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r antelope \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u6267\u884ctempest\u6d4b\u8bd5 \u7528\u6237\u53ef\u4ee5\u4f7f\u7528oos\u81ea\u52a8\u6267\u884c\uff1a oos env test test-oos \u4e5f\u53ef\u4ee5\u624b\u52a8\u767b\u5f55\u76ee\u6807\u8282\u70b9\uff0c\u8fdb\u5165\u6839\u76ee\u5f55\u4e0b\u7684 mytest \u76ee\u5f55\uff0c\u624b\u52a8\u6267\u884c tempest run \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u8df3\u8fc7\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u5728\u7b2c4\u6b65\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 \u88ab\u7eb3\u7ba1\u7684\u865a\u673a\u9700\u8981\u4fdd\u8bc1\uff1a \u81f3\u5c11\u6709\u4e00\u5f20\u7ed9oos\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e neutron_dataplane_interface_name \u81f3\u5c11\u6709\u4e00\u5757\u7ed9oos\u4f7f\u7528\u7684\u786c\u76d8\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e cinder_block_device \u5982\u679c\u8981\u90e8\u7f72swift\u670d\u52a1\uff0c\u5219\u9700\u8981\u65b0\u589e\u4e00\u5757\u786c\u76d8\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e swift_storage_devices # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 24.03-lts-sp1 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"openEuler-24.03-LTS-SP1_Antelope"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#openstack-antelope","text":"OpenStack Antelope \u90e8\u7f72\u6307\u5357 \u57fa\u4e8eRPM\u90e8\u7f72 \u73af\u5883\u51c6\u5907 \u65f6\u949f\u540c\u6b65 \u5b89\u88c5\u6570\u636e\u5e93 \u5b89\u88c5\u6d88\u606f\u961f\u5217 \u5b89\u88c5\u7f13\u5b58\u670d\u52a1 \u90e8\u7f72\u670d\u52a1 Keystone Glance Placement Nova Neutron Cinder Horizon Ironic Trove Swift Cyborg Aodh Gnocchi Ceilometer Heat Tempest \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u90e8\u7f72 \u672c\u6587\u6863\u662f openEuler OpenStack SIG \u7f16\u5199\u7684\u57fa\u4e8e |openEuler 24.03 LTS SP1 \u7684 OpenStack \u90e8\u7f72\u6307\u5357\uff0c\u5185\u5bb9\u7531 SIG \u8d21\u732e\u8005\u63d0\u4f9b\u3002\u5728\u9605\u8bfb\u8fc7\u7a0b\u4e2d\uff0c\u5982\u679c\u60a8\u6709\u4efb\u4f55\u7591\u95ee\u6216\u8005\u53d1\u73b0\u4efb\u4f55\u95ee\u9898\uff0c\u8bf7 \u8054\u7cfb SIG\u7ef4\u62a4\u4eba\u5458\uff0c\u6216\u8005\u76f4\u63a5 \u63d0\u4ea4issue \u7ea6\u5b9a \u672c\u7ae0\u8282\u63cf\u8ff0\u6587\u6863\u4e2d\u7684\u4e00\u4e9b\u901a\u7528\u7ea6\u5b9a\u3002 \u540d\u79f0 \u5b9a\u4e49 RABBIT_PASS rabbitmq\u7684\u5bc6\u7801\uff0c\u7531\u7528\u6237\u8bbe\u7f6e\uff0c\u5728OpenStack\u5404\u4e2a\u670d\u52a1\u914d\u7f6e\u4e2d\u4f7f\u7528 CINDER_PASS cinder\u670d\u52a1keystone\u7528\u6237\u7684\u5bc6\u7801\uff0c\u5728cinder\u914d\u7f6e\u4e2d\u4f7f\u7528 CINDER_DBPASS cinder\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728cinder\u914d\u7f6e\u4e2d\u4f7f\u7528 KEYSTONE_DBPASS keystone\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728keystone\u914d\u7f6e\u4e2d\u4f7f\u7528 GLANCE_PASS glance\u670d\u52a1keystone\u7528\u6237\u7684\u5bc6\u7801\uff0c\u5728glance\u914d\u7f6e\u4e2d\u4f7f\u7528 GLANCE_DBPASS glance\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728glance\u914d\u7f6e\u4e2d\u4f7f\u7528 HEAT_PASS \u5728keystone\u6ce8\u518c\u7684heat\u7528\u6237\u5bc6\u7801\uff0c\u5728heat\u914d\u7f6e\u4e2d\u4f7f\u7528 HEAT_DBPASS heat\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728heat\u914d\u7f6e\u4e2d\u4f7f\u7528 CYBORG_PASS \u5728keystone\u6ce8\u518c\u7684cyborg\u7528\u6237\u5bc6\u7801\uff0c\u5728cyborg\u914d\u7f6e\u4e2d\u4f7f\u7528 CYBORG_DBPASS cyborg\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728cyborg\u914d\u7f6e\u4e2d\u4f7f\u7528 NEUTRON_PASS \u5728keystone\u6ce8\u518c\u7684neutron\u7528\u6237\u5bc6\u7801\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 NEUTRON_DBPASS neutron\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 PROVIDER_INTERFACE_NAME \u7269\u7406\u7f51\u7edc\u63a5\u53e3\u7684\u540d\u79f0\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 OVERLAY_INTERFACE_IP_ADDRESS Controller\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406ip\u5730\u5740\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 METADATA_SECRET metadata proxy\u7684secret\u5bc6\u7801\uff0c\u5728nova\u548cneutron\u914d\u7f6e\u4e2d\u4f7f\u7528 PLACEMENT_DBPASS placement\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728placement\u914d\u7f6e\u4e2d\u4f7f\u7528 PLACEMENT_PASS \u5728keystone\u6ce8\u518c\u7684placement\u7528\u6237\u5bc6\u7801\uff0c\u5728placement\u914d\u7f6e\u4e2d\u4f7f\u7528 NOVA_DBPASS nova\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728nova\u914d\u7f6e\u4e2d\u4f7f\u7528 NOVA_PASS \u5728keystone\u6ce8\u518c\u7684nova\u7528\u6237\u5bc6\u7801\uff0c\u5728nova,cyborg,neutron\u7b49\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_DBPASS ironic\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728ironic\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_PASS \u5728keystone\u6ce8\u518c\u7684ironic\u7528\u6237\u5bc6\u7801\uff0c\u5728ironic\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_INSPECTOR_DBPASS ironic-inspector\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728ironic-inspector\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_INSPECTOR_PASS \u5728keystone\u6ce8\u518c\u7684ironic-inspector\u7528\u6237\u5bc6\u7801\uff0c\u5728ironic-inspector\u914d\u7f6e\u4e2d\u4f7f\u7528 OpenStack SIG \u63d0\u4f9b\u4e86\u591a\u79cd\u57fa\u4e8e openEuler \u90e8\u7f72 OpenStack \u7684\u65b9\u6cd5\uff0c\u4ee5\u6ee1\u8db3\u4e0d\u540c\u7684\u7528\u6237\u573a\u666f\uff0c\u8bf7\u6309\u9700\u9009\u62e9\u3002","title":"OpenStack Antelope \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#rpm","text":"","title":"\u57fa\u4e8eRPM\u90e8\u7f72"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#_1","text":"\u672c\u6587\u6863\u57fa\u4e8eOpenStack\u7ecf\u5178\u7684\u4e09\u8282\u70b9\u73af\u5883\u8fdb\u884c\u90e8\u7f72\uff0c\u4e09\u4e2a\u8282\u70b9\u5206\u522b\u662f\u63a7\u5236\u8282\u70b9(Controller)\u3001\u8ba1\u7b97\u8282\u70b9(Compute)\u3001\u5b58\u50a8\u8282\u70b9(Storage)\uff0c\u5176\u4e2d\u5b58\u50a8\u8282\u70b9\u4e00\u822c\u53ea\u90e8\u7f72\u5b58\u50a8\u670d\u52a1\uff0c\u5728\u8d44\u6e90\u6709\u9650\u7684\u60c5\u51b5\u4e0b\uff0c\u53ef\u4ee5\u4e0d\u5355\u72ec\u90e8\u7f72\u8be5\u8282\u70b9\uff0c\u628a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u670d\u52a1\u90e8\u7f72\u5230\u8ba1\u7b97\u8282\u70b9\u5373\u53ef\u3002 \u9996\u5148\u51c6\u5907\u4e09\u4e2a|openEuler 24.03 LTS SP1\u73af\u5883\uff0c\u6839\u636e\u60a8\u7684\u73af\u5883\uff0c\u4e0b\u8f7d\u5bf9\u5e94\u7684\u955c\u50cf\u5e76\u5b89\u88c5\u5373\u53ef\uff1a ISO\u955c\u50cf \u3001 qcow2\u955c\u50cf \u3002 \u4e0b\u9762\u7684\u5b89\u88c5\u6309\u7167\u5982\u4e0b\u62d3\u6251\u8fdb\u884c\uff1a controller\uff1a192.168.0.2 compute\uff1a 192.168.0.3 storage\uff1a 192.168.0.4 \u5982\u679c\u60a8\u7684\u73af\u5883IP\u4e0d\u540c\uff0c\u8bf7\u6309\u7167\u60a8\u7684\u73af\u5883IP\u4fee\u6539\u76f8\u5e94\u7684\u914d\u7f6e\u6587\u4ef6\u3002 \u672c\u6587\u6863\u7684\u4e09\u8282\u70b9\u670d\u52a1\u62d3\u6251\u5982\u4e0b\u56fe\u6240\u793a(\u53ea\u5305\u542bKeystone\u3001Glance\u3001Nova\u3001Cinder\u3001Neutron\u8fd9\u51e0\u4e2a\u6838\u5fc3\u670d\u52a1\uff0c\u5176\u4ed6\u670d\u52a1\u8bf7\u53c2\u8003\u5177\u4f53\u90e8\u7f72\u7ae0\u8282)\uff1a \u5728\u6b63\u5f0f\u90e8\u7f72\u4e4b\u524d\uff0c\u9700\u8981\u5bf9\u6bcf\u4e2a\u8282\u70b9\u505a\u5982\u4e0b\u914d\u7f6e\u548c\u68c0\u67e5\uff1a \u914d\u7f6e |openEuler 24.03 LTS SP1 \u5b98\u65b9 yum \u6e90\uff0c\u9700\u8981\u542f\u7528 EPOL \u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301 OpenStack yum update yum install openstack-release-antelope yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP1/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-24.03-LTS-SP1/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u6bcf\u4e2a\u8282\u70b9\u5206\u522b\u4fee\u6539\u4e3b\u673a\u540d\uff0c\u4ee5controller\u4e3a\u4f8b\uff1a hostnamectl set-hostname controller vi /etc/hostname \u5185\u5bb9\u4fee\u6539\u4e3acontroller \u7136\u540e\u4fee\u6539\u6bcf\u4e2a\u8282\u70b9\u7684 /etc/hosts \u6587\u4ef6\uff0c\u65b0\u589e\u5982\u4e0b\u5185\u5bb9: 192.168.0.2 controller 192.168.0.3 compute 192.168.0.4 storage","title":"\u73af\u5883\u51c6\u5907"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#_2","text":"\u96c6\u7fa4\u73af\u5883\u65f6\u523b\u8981\u6c42\u6bcf\u4e2a\u8282\u70b9\u7684\u65f6\u95f4\u4e00\u81f4\uff0c\u4e00\u822c\u7531\u65f6\u949f\u540c\u6b65\u8f6f\u4ef6\u4fdd\u8bc1\u3002\u672c\u6587\u4f7f\u7528 chrony \u8f6f\u4ef6\u3002\u6b65\u9aa4\u5982\u4e0b\uff1a Controller\u8282\u70b9 \uff1a \u5b89\u88c5\u670d\u52a1 dnf install chrony \u4fee\u6539 /etc/chrony.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u65b0\u589e\u4e00\u884c # \u8868\u793a\u5141\u8bb8\u54ea\u4e9bIP\u4ece\u672c\u8282\u70b9\u540c\u6b65\u65f6\u949f allow 192.168.0.0/24 \u91cd\u542f\u670d\u52a1 systemctl restart chronyd \u5176\u4ed6\u8282\u70b9 \u5b89\u88c5\u670d\u52a1 dnf install chrony \u4fee\u6539 /etc/chrony.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u65b0\u589e\u4e00\u884c # NTP_SERVER\u662fcontroller IP\uff0c\u8868\u793a\u4ece\u8fd9\u4e2a\u673a\u5668\u83b7\u53d6\u65f6\u95f4\uff0c\u8fd9\u91cc\u6211\u4eec\u586b192.168.0.2\uff0c\u6216\u8005\u5728`/etc/hosts`\u91cc\u914d\u7f6e\u597d\u7684controller\u540d\u5b57\u5373\u53ef\u3002 server NTP_SERVER iburst \u540c\u65f6\uff0c\u8981\u628a pool pool.ntp.org iburst \u8fd9\u4e00\u884c\u6ce8\u91ca\u6389\uff0c\u8868\u793a\u4e0d\u4ece\u516c\u7f51\u540c\u6b65\u65f6\u949f\u3002 \u91cd\u542f\u670d\u52a1 systemctl restart chronyd \u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u68c0\u67e5\u4e00\u4e0b\u7ed3\u679c\uff0c\u5728\u5176\u4ed6\u975econtroller\u8282\u70b9\u6267\u884c chronyc sources \uff0c\u8fd4\u56de\u7ed3\u679c\u7c7b\u4f3c\u5982\u4e0b\u5185\u5bb9\uff0c\u8868\u793a\u6210\u529f\u4ececontroller\u540c\u6b65\u65f6\u949f\u3002 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* 192.168.0.2 4 6 7 0 -1406ns[ +55us] +/- 16ms","title":"\u65f6\u949f\u540c\u6b65"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#_3","text":"\u6570\u636e\u5e93\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528mariadb\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install mariadb-config mariadb mariadb-server python3-PyMySQL \u65b0\u589e\u914d\u7f6e\u6587\u4ef6 /etc/my.cnf.d/openstack.cnf \uff0c\u5185\u5bb9\u5982\u4e0b [mysqld] bind-address = 192.168.0.2 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u542f\u52a8\u670d\u52a1\u5668 systemctl start mariadb \u521d\u59cb\u5316\u6570\u636e\u5e93\uff0c\u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef mysql_secure_installation \u793a\u4f8b\u5982\u4e0b\uff1a NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and haven't set the root password yet, you should just press enter here. Enter current password for root (enter for none): #\u8fd9\u91cc\u8f93\u5165\u5bc6\u7801\uff0c\u7531\u4e8e\u6211\u4eec\u662f\u521d\u59cb\u5316DB\uff0c\u76f4\u63a5\u56de\u8f66\u5c31\u884c OK, successfully used password, moving on... Setting the root password or using the unix_socket ensures that nobody can log into the MariaDB root user without the proper authorisation. You already have your root account protected, so you can safely answer 'n'. # \u8fd9\u91cc\u6839\u636e\u63d0\u793a\u8f93\u5165N Switch to unix_socket authentication [Y/n] N Enabled successfully! Reloading privilege tables.. ... Success! You already have your root account protected, so you can safely answer 'n'. # \u8f93\u5165Y\uff0c\u4fee\u6539\u5bc6\u7801 Change the root password? [Y/n] Y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. # \u8f93\u5165Y\uff0c\u5220\u9664\u533f\u540d\u7528\u6237 Remove anonymous users? [Y/n] Y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. # \u8f93\u5165Y\uff0c\u5173\u95edroot\u8fdc\u7a0b\u767b\u5f55\u6743\u9650 Disallow root login remotely? [Y/n] Y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. # \u8f93\u5165Y\uff0c\u5220\u9664test\u6570\u636e\u5e93 Remove test database and access to it? [Y/n] Y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. # \u8f93\u5165Y\uff0c\u91cd\u8f7d\u914d\u7f6e Reload privilege tables now? [Y/n] Y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. \u9a8c\u8bc1\uff0c\u6839\u636e\u7b2c\u56db\u6b65\u8bbe\u7f6e\u7684\u5bc6\u7801\uff0c\u68c0\u67e5\u662f\u5426\u80fd\u767b\u5f55mariadb mysql -uroot -p","title":"\u5b89\u88c5\u6570\u636e\u5e93"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#_4","text":"\u6d88\u606f\u961f\u5217\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528rabbitmq\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install rabbitmq-server \u542f\u52a8\u670d\u52a1 systemctl start rabbitmq-server \u914d\u7f6eopenstack\u7528\u6237\uff0c RABBIT_PASS \u662fopenstack\u670d\u52a1\u767b\u5f55\u6d88\u606f\u961f\u91cc\u7684\u5bc6\u7801\uff0c\u9700\u8981\u548c\u540e\u9762\u5404\u4e2a\u670d\u52a1\u7684\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\u3002 rabbitmqctl add_user openstack RABBIT_PASS rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5\u6d88\u606f\u961f\u5217"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#_5","text":"\u6d88\u606f\u961f\u5217\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528Memcached\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install memcached python3-memcached \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u542f\u52a8\u670d\u52a1 systemctl start memcached","title":"\u5b89\u88c5\u7f13\u5b58\u670d\u52a1"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#_6","text":"","title":"\u90e8\u7f72\u670d\u52a1"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#keystone","text":"Keystone\u662fOpenStack\u63d0\u4f9b\u7684\u9274\u6743\u670d\u52a1\uff0c\u662f\u6574\u4e2aOpenStack\u7684\u5165\u53e3\uff0c\u63d0\u4f9b\u4e86\u79df\u6237\u9694\u79bb\u3001\u7528\u6237\u8ba4\u8bc1\u3001\u670d\u52a1\u53d1\u73b0\u7b49\u529f\u80fd\uff0c\u5fc5\u987b\u5b89\u88c5\u3002 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server \u6253\u5f00httpd.conf\u5e76\u914d\u7f6e #\u9700\u8981\u4fee\u6539\u7684\u914d\u7f6e\u6587\u4ef6\u8def\u5f84 vim /etc/httpd/conf/httpd.conf #\u4fee\u6539\u4ee5\u4e0b\u9879\uff0c\u5982\u679c\u6ca1\u6709\u5219\u65b0\u6dfb\u52a0 ServerName controller \u521b\u5efa\u8f6f\u94fe\u63a5 ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles \u9700\u8981\u5148\u5b89\u88c5python3-openstackclient dnf install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#glance","text":"Glance\u662fOpenStack\u63d0\u4f9b\u7684\u955c\u50cf\u670d\u52a1\uff0c\u8d1f\u8d23\u865a\u62df\u673a\u3001\u88f8\u673a\u955c\u50cf\u7684\u4e0a\u4f20\u4e0e\u4e0b\u8f7d\uff0c\u5fc5\u987b\u5b89\u88c5\u3002 Controller\u8282\u70b9 \uff1a \u521b\u5efa glance \u6570\u636e\u5e93\u5e76\u6388\u6743 mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521d\u59cb\u5316 glance \u8d44\u6e90\u5bf9\u8c61 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efa\u7528\u6237\u65f6\uff0c\u547d\u4ee4\u884c\u4f1a\u63d0\u793a\u8f93\u5165\u5bc6\u7801\uff0c\u8bf7\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u5bc6\u7801\uff0c\u4e0b\u6587\u6d89\u53ca\u5230 GLANCE_PASS \u7684\u5730\u65b9\u66ff\u6362\u6210\u8be5\u5bc6\u7801\u5373\u53ef\u3002 openstack user create --domain default --password-prompt glance User Password: Repeat User Password: \u6dfb\u52a0glance\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user glance admin \u521b\u5efaglance\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efaglance API\u670d\u52a1\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-glance \u4fee\u6539 glance \u914d\u7f6e\u6587\u4ef6 vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u5bfc\u5165\u73af\u5883\u53d8\u91cf sorce ~/.admin-openrcu \u4e0b\u8f7d\u955c\u50cf x86\u955c\u50cf\u4e0b\u8f7d\uff1a wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img arm\u955c\u50cf\u4e0b\u8f7d\uff1a wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-aarch64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#placement","text":"Placement\u662fOpenStack\u63d0\u4f9b\u7684\u8d44\u6e90\u8c03\u5ea6\u7ec4\u4ef6\uff0c\u4e00\u822c\u4e0d\u9762\u5411\u7528\u6237\uff0c\u7531Nova\u7b49\u7ec4\u4ef6\u8c03\u7528\uff0c\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\u3002 \u5b89\u88c5\u3001\u914d\u7f6ePlacement\u670d\u52a1\u524d\uff0c\u9700\u8981\u5148\u521b\u5efa\u76f8\u5e94\u7684\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548cAPI endpoints\u3002 \u521b\u5efa\u6570\u636e\u5e93 \u4f7f\u7528root\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\u670d\u52a1\uff1a mysql -u root -p \u521b\u5efaplacement\u6570\u636e\u5e93\uff1a MariaDB [(none)]> CREATE DATABASE placement; \u6388\u6743\u6570\u636e\u5e93\u8bbf\u95ee\uff1a MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; \u66ff\u6362 PLACEMENT_DBPASS \u4e3aplacement\u6570\u636e\u5e93\u8bbf\u95ee\u5bc6\u7801\u3002 \u9000\u51fa\u6570\u636e\u5e93\u8bbf\u95ee\u5ba2\u6237\u7aef\uff1a exit \u914d\u7f6e\u7528\u6237\u548cEndpoints source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u521b\u5efaplacement\u7528\u6237\u5e76\u8bbe\u7f6e\u7528\u6237\u5bc6\u7801\uff1a openstack user create --domain default --password-prompt placement User Password: Repeat User Password: \u6dfb\u52a0placement\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user placement admin \u521b\u5efaplacement\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name placement \\ --description \"Placement API\" placement \u521b\u5efaPlacement API\u670d\u52a1endpoints\uff1a openstack endpoint create --region RegionOne \\ placement public http://controller:8778 openstack endpoint create --region RegionOne \\ placement internal http://controller:8778 openstack endpoint create --region RegionOne \\ placement admin http://controller:8778 \u5b89\u88c5\u53ca\u914d\u7f6e\u7ec4\u4ef6 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a dnf install openstack-placement-api \u7f16\u8f91 /etc/placement/placement.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u5b8c\u6210\u5982\u4e0b\u64cd\u4f5c\uff1a \u5728 [placement_database] \u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1a [placement_database] connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement \u66ff\u6362 PLACEMENT_DBPASS \u4e3aplacement\u6570\u636e\u5e93\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u6570\u636e\u5e93\u540c\u6b65\uff0c\u586b\u5145Placement\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8\u670d\u52a1 \u91cd\u542fhttpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650 source ~/.admin-openrc \u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a placement-status upgrade check +----------------------------------------------------------------------+ | Upgrade Check Results | +----------------------------------------------------------------------+ | Check: Missing Root Provider IDs | | Result: Success | | Details: None | +----------------------------------------------------------------------+ | Check: Incomplete Consumers | | Result: Success | | Details: None | +----------------------------------------------------------------------+ | Check: Policy File JSON to YAML Migration | | Result: Failure | | Details: Your policy file is JSON-formatted which is deprecated. You | | need to switch to YAML-formatted file. Use the | | ``oslopolicy-convert-json-to-yaml`` tool to convert the | | existing JSON-formatted files to YAML in a backwards- | | compatible manner: https://docs.openstack.org/oslo.policy/ | | latest/cli/oslopolicy-convert-json-to-yaml.html. | +----------------------------------------------------------------------+ \u8fd9\u91cc\u53ef\u4ee5\u770b\u5230 Policy File JSON to YAML Migration \u7684\u7ed3\u679c\u4e3aFailure\u3002\u8fd9\u662f\u56e0\u4e3a\u5728Placement\u4e2d\uff0cJSON\u683c\u5f0f\u7684policy\u6587\u4ef6\u4eceWallaby\u7248\u672c\u5f00\u59cb\u5df2\u5904\u4e8e deprecated \u72b6\u6001\u3002\u53ef\u4ee5\u53c2\u8003\u63d0\u793a\uff0c\u4f7f\u7528 oslopolicy-convert-json-to-yaml \u5de5\u5177 \u5c06\u73b0\u6709\u7684JSON\u683c\u5f0fpolicy\u6587\u4ef6\u8f6c\u5316\u4e3aYAML\u683c\u5f0f\u3002 oslopolicy-convert-json-to-yaml --namespace placement \\ --policy-file /etc/placement/policy.json \\ --output-file /etc/placement/policy.yaml mv /etc/placement/policy.json{,.bak} \u6ce8\uff1a\u5f53\u524d\u73af\u5883\u4e2d\u6b64\u95ee\u9898\u53ef\u5ffd\u7565\uff0c\u4e0d\u5f71\u54cd\u8fd0\u884c\u3002 \u9488\u5bf9placement API\u8fd0\u884c\u547d\u4ee4\uff1a \u5b89\u88c5osc-placement\u63d2\u4ef6\uff1a dnf install python3-osc-placement \u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a openstack --os-placement-api-version 1.2 resource class list --sort-column name +----------------------------+ | name | +----------------------------+ | DISK_GB | | FPGA | | ... | openstack --os-placement-api-version 1.6 trait list --sort-column name +---------------------------------------+ | name | +---------------------------------------+ | COMPUTE_ACCELERATORS | | COMPUTE_ARCH_AARCH64 | | ... |","title":"Placement"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#nova","text":"Nova\u662fOpenStack\u7684\u8ba1\u7b97\u670d\u52a1\uff0c\u8d1f\u8d23\u865a\u62df\u673a\u7684\u521b\u5efa\u3001\u53d1\u653e\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u521b\u5efa\u6570\u636e\u5e93 \u4f7f\u7528root\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\u670d\u52a1\uff1a mysql -u root -p \u521b\u5efa nova_api \u3001 nova \u548c nova_cell0 \u6570\u636e\u5e93\uff1a MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; \u6388\u6743\u6570\u636e\u5e93\u8bbf\u95ee\uff1a MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; \u66ff\u6362 NOVA_DBPASS \u4e3anova\u76f8\u5173\u6570\u636e\u5e93\u8bbf\u95ee\u5bc6\u7801\u3002 \u9000\u51fa\u6570\u636e\u5e93\u8bbf\u95ee\u5ba2\u6237\u7aef\uff1a exit \u914d\u7f6e\u7528\u6237\u548cEndpoints source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u521b\u5efanova\u7528\u6237\u5e76\u8bbe\u7f6e\u7528\u6237\u5bc6\u7801\uff1a openstack user create --domain default --password-prompt nova User Password: Repeat User Password: \u6dfb\u52a0nova\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user nova admin \u521b\u5efanova\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name nova \\ --description \"OpenStack Compute\" compute \u521b\u5efaNova API\u670d\u52a1endpoints\uff1a openstack endpoint create --region RegionOne \\ compute public http://controller:8774/v2.1 openstack endpoint create --region RegionOne \\ compute internal http://controller:8774/v2.1 openstack endpoint create --region RegionOne \\ compute admin http://controller:8774/v2.1 \u5b89\u88c5\u53ca\u914d\u7f6e\u7ec4\u4ef6 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a dnf install openstack-nova-api openstack-nova-conductor \\ openstack-nova-novncproxy openstack-nova-scheduler \u7f16\u8f91 /etc/nova/nova.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u5b8c\u6210\u5982\u4e0b\u64cd\u4f5c\uff1a \u5728 [default] \u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u4f7f\u7528controller\u8282\u70b9\u7ba1\u7406IP\u914d\u7f6emy_ip\uff0c\u663e\u5f0f\u5b9a\u4e49log_dir\uff1a [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 192.168.0.2 log_dir = /var/log/nova state_path = /var/lib/nova \u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002 \u5728 [api_database] \u548c [database] \u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1a [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova \u66ff\u6362 NOVA_DBPASS \u4e3anova\u76f8\u5173\u6570\u636e\u5e93\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u5728 [vnc] \u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1a [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip \u5728 [glance] \u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1a [glance] api_servers = http://controller:9292 \u5728 [oslo_concurrency] \u90e8\u5206\uff0c\u914d\u7f6elock path\uff1a [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\uff1a [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u6570\u636e\u5e93\u540c\u6b65\uff1a \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova \u542f\u52a8\u670d\u52a1 systemctl enable \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service Compute\u8282\u70b9 \u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-nova-compute \u7f16\u8f91 /etc/nova/nova.conf \u914d\u7f6e\u6587\u4ef6 \u5728 [default] \u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u4f7f\u7528Compute\u8282\u70b9\u7ba1\u7406IP\u914d\u7f6emy_ip\uff0c\u663e\u5f0f\u5b9a\u4e49compute_driver\u3001instances_path\u3001log_dir\uff1a [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 192.168.0.3 compute_driver = libvirt.LibvirtDriver instances_path = /var/lib/nova/instances log_dir = /var/log/nova \u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u5728 [vnc] \u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1a [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html \u5728 [glance] \u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1a [glance] api_servers = http://controller:9292 \u5728 [oslo_concurrency] \u90e8\u5206\uff0c\u914d\u7f6elock path\uff1a [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\uff1a [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86_64\uff09 \u5904\u7406\u5668\u4e3ax86_64\u67b6\u6784\u65f6\uff0c\u53ef\u901a\u8fc7\u8fd0\u884c\u5982\u4e0b\u547d\u4ee4\u786e\u8ba4\u662f\u5426\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662f\u9ed8\u8ba4\u7684KVM\u3002\u7f16\u8f91 /etc/nova/nova.conf \u7684 [libvirt] \u90e8\u5206\uff1a [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e\u3002 \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08arm64\uff09 \u5904\u7406\u5668\u4e3aarm64\u67b6\u6784\u65f6\uff0c\u53ef\u901a\u8fc7\u8fd0\u884c\u5982\u4e0b\u547d\u4ee4\u786e\u8ba4\u662f\u5426\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff1a virt-host-validate # \u8be5\u547d\u4ee4\u7531libvirt\u63d0\u4f9b\uff0c\u6b64\u65f6libvirt\u5e94\u5df2\u4f5c\u4e3aopenstack-nova-compute\u4f9d\u8d56\u88ab\u5b89\u88c5\uff0c\u73af\u5883\u4e2d\u5df2\u6709\u6b64\u547d\u4ee4 \u663e\u793aFAIL\u65f6\uff0c\u8868\u793a\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662f\u9ed8\u8ba4\u7684KVM\u3002 QEMU: Checking if device /dev/kvm exists: FAIL (Check that CPU and firmware supports virtualization and kvm module is loaded) \u7f16\u8f91 /etc/nova/nova.conf \u7684 [libvirt] \u90e8\u5206\uff1a [libvirt] virt_type = qemu \u663e\u793aPASS\u65f6\uff0c\u8868\u793a\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e\u3002 QEMU: Checking if device /dev/kvm exists: PASS \u914d\u7f6eqemu\uff08\u4ec5arm64\uff09 \u4ec5\u5f53\u5904\u7406\u5668\u4e3aarm64\u67b6\u6784\u65f6\u9700\u8981\u6267\u884c\u6b64\u64cd\u4f5c\u3002 \u7f16\u8f91 /etc/libvirt/qemu.conf : nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u7f16\u8f91 /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } \u542f\u52a8\u670d\u52a1 systemctl enable libvirtd.service openstack-nova-compute.service systemctl start libvirtd.service openstack-nova-compute.service Controller\u8282\u70b9 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u786e\u8ba4nova-compute\u670d\u52a1\u5df2\u8bc6\u522b\u5230\u6570\u636e\u5e93\u4e2d\uff1a openstack compute service list --service nova-compute \u53d1\u73b0\u8ba1\u7b97\u8282\u70b9\uff0c\u5c06\u8ba1\u7b97\u8282\u70b9\u6dfb\u52a0\u5230cell\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova \u7ed3\u679c\u5982\u4e0b\uff1a Modules with known eventlet monkey patching issues were imported prior to eventlet monkey patching: urllib3. This warning can usually be ignored if the caller is only importing and not executing nova code. Found 2 cell mappings. Skipping cell0 since it does not contain hosts. Getting computes from cell 'cell1': 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2 Checking host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e Creating host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e Found 1 unmapped computes in cell: 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2 \u9a8c\u8bc1 \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check","title":"Nova"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#neutron","text":"Neutron\u662fOpenStack\u7684\u7f51\u7edc\u670d\u52a1\uff0c\u63d0\u4f9b\u865a\u62df\u4ea4\u6362\u673a\u3001IP\u8def\u7531\u3001DHCP\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u670d\u52a1\u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u7528\u6237\u548c\u670d\u52a1\uff0c\u5e76\u8bb0\u4f4f\u521b\u5efaneutron\u7528\u6237\u65f6\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6eNEUTRON_PASS\uff1a source ~/.admin-openrc openstack user create --domain default --password-prompt neutron openstack role add --project service --user neutron admin openstack service create --name neutron --description \"OpenStack Networking\" network \u90e8\u7f72 Neutron API \u670d\u52a1\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 openstack endpoint create --region RegionOne network internal http://controller:9696 openstack endpoint create --region RegionOne network admin http://controller:9696 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install -y openstack-neutron openstack-neutron-linuxbridge ebtables ipset openstack-neutron-ml2 3. \u914d\u7f6eNeutron \u4fee\u6539/etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron [DEFAULT] core_plugin = ml2 service_plugins = router allow_overlapping_ips = true transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = nova password = NOVA_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp [experimental] linuxbridge = true \u914d\u7f6eML2\uff0cML2\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge** \u4fee\u6539/etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u4fee\u6539/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u914d\u7f6eLayer-3\u4ee3\u7406 \u4fee\u6539/etc/neutron/l3_agent.ini [DEFAULT] interface_driver = linuxbridge \u914d\u7f6eDHCP\u4ee3\u7406 \u4fee\u6539/etc/neutron/dhcp_agent.ini [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u914d\u7f6emetadata\u4ee3\u7406 \u4fee\u6539/etc/neutron/metadata_agent.ini [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u914d\u7f6enova\u670d\u52a1\u4f7f\u7528neutron\uff0c\u4fee\u6539/etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542fnova api\u670d\u52a1 systemctl restart openstack-nova-api \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service systemctl start neutron-server.service neutron-linuxbridge-agent.service \\ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service Compute\u8282\u70b9 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-neutron-linuxbridge ebtables ipset -y \u914d\u7f6eNeutron \u4fee\u6539/etc/neutron/neutron.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u4fee\u6539/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u914d\u7f6enova compute\u670d\u52a1\u4f7f\u7528neutron\uff0c\u4fee\u6539/etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS \u91cd\u542fnova-compute\u670d\u52a1 systemctl restart openstack-nova-compute.service \u542f\u52a8Neutron linuxbridge agent\u670d\u52a1 systemctl enable neutron-linuxbridge-agent systemctl start neutron-linuxbridge-agent","title":"Neutron"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#cinder","text":"Cinder\u662fOpenStack\u7684\u5b58\u50a8\u670d\u52a1\uff0c\u63d0\u4f9b\u5757\u8bbe\u5907\u7684\u521b\u5efa\u3001\u53d1\u653e\u3001\u5907\u4efd\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \uff1a \u521d\u59cb\u5316\u6570\u636e\u5e93 CINDER_DBPASS \u662f\u7528\u6237\u81ea\u5b9a\u4e49\u7684cinder\u6570\u636e\u5e93\u5bc6\u7801\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u521d\u59cb\u5316Keystone\u8d44\u6e90\u5bf9\u8c61 source ~/.admin-openrc #\u521b\u5efa\u7528\u6237\u65f6\uff0c\u547d\u4ee4\u884c\u4f1a\u63d0\u793a\u8f93\u5165\u5bc6\u7801\uff0c\u8bf7\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u5bc6\u7801\uff0c\u4e0b\u6587\u6d89\u53ca\u5230`CINDER_PASS`\u7684\u5730\u65b9\u66ff\u6362\u6210\u8be5\u5bc6\u7801\u5373\u53ef\u3002 openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s 3. \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-cinder-api openstack-cinder-scheduler \u4fee\u6539cinder\u914d\u7f6e\u6587\u4ef6 /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 192.168.0.2 [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp \u6570\u636e\u5e93\u540c\u6b65 su -s /bin/sh -c \"cinder-manage db sync\" cinder \u4fee\u6539nova\u914d\u7f6e /etc/nova/nova.conf [cinder] os_region_name = RegionOne \u542f\u52a8\u670d\u52a1 systemctl restart openstack-nova-api systemctl start openstack-cinder-api openstack-cinder-scheduler Storage\u8282\u70b9 \uff1a Storage\u8282\u70b9\u8981\u63d0\u524d\u51c6\u5907\u81f3\u5c11\u4e00\u5757\u786c\u76d8\uff0c\u4f5c\u4e3acinder\u7684\u5b58\u50a8\u540e\u7aef\uff0c\u4e0b\u6587\u9ed8\u8ba4storage\u8282\u70b9\u5df2\u7ecf\u5b58\u5728\u4e00\u5757\u672a\u4f7f\u7528\u7684\u786c\u76d8\uff0c\u8bbe\u5907\u540d\u79f0\u4e3a /dev/sdb \uff0c\u7528\u6237\u5728\u914d\u7f6e\u8fc7\u7a0b\u4e2d\uff0c\u8bf7\u6309\u7167\u771f\u5b9e\u73af\u5883\u4fe1\u606f\u8fdb\u884c\u540d\u79f0\u66ff\u6362\u3002 Cinder\u652f\u6301\u5f88\u591a\u7c7b\u578b\u7684\u540e\u7aef\u5b58\u50a8\uff0c\u672c\u6307\u5bfc\u4f7f\u7528\u6700\u7b80\u5355\u7684lvm\u4e3a\u53c2\u8003\uff0c\u5982\u679c\u60a8\u60f3\u4f7f\u7528\u5982ceph\u7b49\u5176\u4ed6\u540e\u7aef\uff0c\u8bf7\u81ea\u884c\u914d\u7f6e\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils openstack-cinder-volume openstack-cinder-backup \u914d\u7f6elvm\u5377\u7ec4 pvcreate /dev/sdb vgcreate cinder-volumes /dev/sdb \u4fee\u6539cinder\u914d\u7f6e /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 192.168.0.4 enabled_backends = lvm glance_api_servers = http://controller:9292 [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = cinder password = CINDER_PASS [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver volume_group = cinder-volumes target_protocol = iscsi target_helper = lioadm [oslo_concurrency] lock_path = /var/lib/cinder/tmp \u914d\u7f6ecinder backup \uff08\u53ef\u9009\uff09 cinder-backup\u662f\u53ef\u9009\u7684\u5907\u4efd\u670d\u52a1\uff0ccinder\u540c\u6837\u652f\u6301\u5f88\u591a\u79cd\u5907\u4efd\u540e\u7aef\uff0c\u672c\u6587\u4f7f\u7528swift\u5b58\u50a8\uff0c\u5982\u679c\u60a8\u60f3\u4f7f\u7528\u5982NFS\u7b49\u540e\u7aef\uff0c\u8bf7\u81ea\u884c\u914d\u7f6e\uff0c\u4f8b\u5982\u53ef\u4ee5\u53c2\u8003 OpenStack\u5b98\u65b9\u6587\u6863 \u5bf9NFS\u7684\u914d\u7f6e\u8bf4\u660e\u3002 \u4fee\u6539 /etc/cinder/cinder.conf \uff0c\u5728 [DEFAULT] \u4e2d\u65b0\u589e [DEFAULT] backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver backup_swift_url = SWIFT_URL \u8fd9\u91cc\u7684 SWIFT_URL \u662f\u6307\u73af\u5883\u4e2dswift\u670d\u52a1\u7684URL\uff0c\u5728\u90e8\u7f72\u5b8cswift\u670d\u52a1\u540e\uff0c\u6267\u884c openstack catalog show object-store \u547d\u4ee4\u83b7\u53d6\u3002 \u542f\u52a8\u670d\u52a1 systemctl start openstack-cinder-volume target systemctl start openstack-cinder-backup (\u53ef\u9009) \u81f3\u6b64\uff0cCinder\u670d\u52a1\u7684\u90e8\u7f72\u5df2\u5168\u90e8\u5b8c\u6210\uff0c\u53ef\u4ee5\u5728controller\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u8fdb\u884c\u7b80\u5355\u7684\u9a8c\u8bc1 source ~/.admin-openrc openstack storage service list openstack volume list","title":"Cinder"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#horizon","text":"Horizon\u662fOpenStack\u63d0\u4f9b\u7684\u524d\u7aef\u9875\u9762\uff0c\u53ef\u4ee5\u8ba9\u7528\u6237\u901a\u8fc7\u7f51\u9875\u9f20\u6807\u7684\u64cd\u4f5c\u6765\u63a7\u5236OpenStack\u96c6\u7fa4\uff0c\u800c\u4e0d\u7528\u7e41\u7410\u7684CLI\u547d\u4ee4\u884c\u3002Horizon\u4e00\u822c\u90e8\u7f72\u5728\u63a7\u5236\u8282\u70b9\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-dashboard \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] OPENSTACK_KEYSTONE_URL = \"http://controller:5000/v3\" SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f\u670d\u52a1 systemctl restart httpd \u81f3\u6b64\uff0chorizon\u670d\u52a1\u7684\u90e8\u7f72\u5df2\u5168\u90e8\u5b8c\u6210\uff0c\u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165 http://192.168.0.2/dashboard \uff0c\u6253\u5f00horizon\u767b\u5f55\u9875\u9762\u3002","title":"Horizon"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASS'; MariaDB [(none)]> exit Bye \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 \u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 \u66ff\u6362 IRONIC_PASS \u4e3aironic\u7528\u6237\u5bc6\u7801\uff0c IRONIC_INSPECTOR_PASS \u4e3aironic_inspector\u7528\u6237\u5bc6\u7801\u3002 openstack user create --password IRONIC_PASS \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASS --email ironic_inspector@example.com ironic-inspector openstack role add --project service --user ironic-inspector admin \u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal public http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal internal http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://192.168.0.2:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://192.168.0.2:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://192.168.0.2:5050/v1 \u5b89\u88c5\u7ec4\u4ef6 dnf install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf \u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASS \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQ LAlchemy connection string used to connect to the # database (string value) # connection = mysql+pymysql://ironic:IRONIC_DBPASS@DB_IP/ironic connection = mysql+pymysql://ironic:IRONIC_DBPASS@controller/ironic \u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) # transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq \u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASS \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s % (user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) # www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 www_authenticate_uri=http://controller:5000 # Complete admin Identity API endpoint. (string value) # auth_url=http://PRIVATE_IDENTITY_IP:5000 auth_url=http://controller:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASS # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none \u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema \u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 \u5982\u4e0b\u4e3aironic-conductor\u670d\u52a1\u81ea\u8eab\u7684\u6807\u51c6\u914d\u7f6e\uff0cironic-conductor\u670d\u52a1\u53ef\u4ee5\u4e0eironic-api\u670d\u52a1\u5206\u5e03\u4e8e\u4e0d\u540c\u8282\u70b9\uff0c\u672c\u6307\u5357\u4e2d\u5747\u90e8\u7f72\u4e0e\u63a7\u5236\u8282\u70b9\uff0c\u6240\u4ee5\u91cd\u590d\u7684\u914d\u7f6e\u9879\u53ef\u8df3\u8fc7\u3002 \u66ff\u6362\u4f7f\u7528conductor\u670d\u52a1\u6240\u5728host\u7684IP\u914d\u7f6emy_ip\uff1a [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) # my_ip=HOST_IP my_ip = 192.168.0.2 \u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASS \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASS@controller/ironic \u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq \u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c \u66ff\u6362IRONIC_PASS\u4e3aironic\u7528\u6237\u5bc6\u7801\u3002 [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASS # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public # \u5176\u4ed6\u53c2\u8003\u914d\u7f6e [glance] endpoint_override = http://controller:9292 www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 auth_type = password username = ironic password = IRONIC_PASS project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service [service_catalog] region_name = RegionOne project_domain_id = default user_domain_id = default project_name = service password = IRONIC_PASS username = ironic auth_url = http://controller:5000 auth_type = password \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] endpoint_override = <NEUTRON_API_ADDRESS> \u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 \u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u5b89\u88c5\u7ec4\u4ef6 dnf install openstack-ironic-inspector \u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASS'; MariaDB [(none)]> exit Bye \u914d\u7f6e /etc/ironic-inspector/inspector.conf \u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASS \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801 [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASS@controller/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 \u914d\u7f6e\u6d88\u606f\u961f\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s % (user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://controller:5000 www_authenticate_uri = http://controller:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = controller:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True \u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=192.168.0.40,192.168.0.50 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log \u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c \u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade \u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 dnf install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd deploy ramdisk\u955c\u50cf\u4e0b\u8f7d\u6216\u5236\u4f5c \u90e8\u7f72\u4e00\u4e2a\u88f8\u673a\u8282\u70b9\u603b\u5171\u9700\u8981\u4e24\u7ec4\u955c\u50cf\uff1adeploy ramdisk images\u548cuser images\u3002Deploy ramdisk images\u4e0a\u8fd0\u884c\u6709ironic-python-agent(IPA)\u670d\u52a1\uff0cIronic\u901a\u8fc7\u5b83\u8fdb\u884c\u88f8\u673a\u8282\u70b9\u7684\u73af\u5883\u51c6\u5907\u3002User images\u662f\u6700\u7ec8\u88ab\u5b89\u88c5\u88f8\u673a\u8282\u70b9\u4e0a\uff0c\u4f9b\u7528\u6237\u4f7f\u7528\u7684\u955c\u50cf\u3002 ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent-builder\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002\u82e5\u4f7f\u7528\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \uff0c\u540c\u65f6\u5b98\u65b9\u4e5f\u6709\u63d0\u4f9b\u5236\u4f5c\u597d\u7684deploy\u955c\u50cf\uff0c\u53ef\u5c1d\u8bd5\u4e0b\u8f7d\u3002 \u4e0b\u6587\u4ecb\u7ecd\u901a\u8fc7ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder dnf install python3-ironic-python-agent-builder \u6216 pip3 install ironic-python-agent-builder dnf install qemu-img git \u5236\u4f5c\u955c\u50cf \u57fa\u672c\u7528\u6cd5\uff1a usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--lzma] [--extra-args EXTRA_ARGS] [--elements-path ELEMENTS_PATH] distribution positional arguments: distribution Distribution to use options: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic-python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --lzma Use lzma compression for smaller images --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder --elements-path ELEMENTS_PATH Path(s) to custom DIB elements separated by a colon \u64cd\u4f5c\u5b9e\u4f8b\uff1a # -o\u9009\u9879\u6307\u5b9a\u751f\u6210\u7684\u955c\u50cf\u540d # ubuntu\u6307\u5b9a\u751f\u6210ubuntu\u7cfb\u7edf\u7684\u955c\u50cf ironic-python-agent-builder -o my-ubuntu-ipa ubuntu \u53ef\u901a\u8fc7\u8bbe\u7f6e ARCH \u73af\u5883\u53d8\u91cf\uff08\u9ed8\u8ba4\u4e3aamd64\uff09\u6307\u5b9a\u6240\u6784\u5efa\u955c\u50cf\u7684\u67b6\u6784\u3002\u5982\u679c\u662f arm \u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a export ARCH=aarch64 \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf,\u8bbe\u7f6e\u7528\u6237\u540d\u3001\u5bc6\u7801\uff0c\u542f\u7528 sodo \u6743\u9650\uff1b\u5e76\u6dfb\u52a0 -e \u9009\u9879\u4f7f\u7528\u76f8\u5e94\u7684DIB\u5143\u7d20\u3002\u5236\u4f5c\u955c\u50cf\u64cd\u4f5c\u5982\u4e0b\uff1a export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder -o my-ssh-ubuntu-ipa -e selinux-permissive -e devuser ubuntu \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=stable/2023.1 # \u6307\u5b9a\u672c\u5730\u4ed3\u5e93\u53ca\u5206\u652f DIB_REPOLOCATION_ironic_python_agent=/home/user/path/to/repo DIB_REPOREF_ironic_python_agent=my-test-branch ironic-python-agent-builder ubuntu \u53c2\u8003\uff1a source-repositories \u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\u3002 \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a \u5f53\u524d\u7248\u672c\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ ramdisk\u955c\u50cf\u4e2d\u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 \u7f16\u8f91/usr/lib/systemd/system/ironic-python-agent.service\u6587\u4ef6 [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target","title":"Ironic"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2atrove\u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684trove\u6570\u636e\u5e93\uff0c\u66ff\u6362TROVE_DBPASS\u4e3a\u5408\u9002\u7684\u5bc6\u7801\u3002 CREATE DATABASE trove CHARACTER SET utf8; GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' IDENTIFIED BY 'TROVE_DBPASS'; GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' IDENTIFIED BY 'TROVE_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 # \u521b\u5efatrove\u7528\u6237 openstack user create --domain default --password-prompt trove # \u6dfb\u52a0admin\u89d2\u8272 openstack role add --project service --user trove admin # \u521b\u5efadatabase\u670d\u52a1 openstack service create --name trove --description \"Database service\" database \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5Trove\u3002 dnf install openstack-trove python-troveclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 \u7f16\u8f91/etc/trove/trove.conf\u3002 [DEFAULT] bind_host=192.168.0.2 log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver network_label_regex=.* management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] auth_url = http://controller:5000/v3/ auth_type = password project_domain_name = Default project_name = service user_domain_name = Default password = trove username = TROVE_PASS [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = trove password = TROVE_PASS [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u63a7\u5236\u8282\u70b9\u7684IP\u3002\\ transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801\u3002\\ [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f\u3002\\ Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801\u3002 \u7f16\u8f91/etc/trove/trove-guestagent.conf\u3002 [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df\u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a\u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002\\ transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801\u3002\\ Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801\u3002\\ \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 \u6570\u636e\u5e93\u540c\u6b65\u3002 su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-trove-api.service openstack-trove-taskmanager.service \\ openstack-trove-conductor.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#swift","text":"Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 Controller\u8282\u70b9 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 # \u521b\u5efaswift\u7528\u6237 openstack user create --domain default --password-prompt swift # \u6dfb\u52a0admin\u89d2\u8272 openstack role add --project service --user swift admin # \u521b\u5efa\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5Swift\u3002 dnf install openstack-swift-proxy python3-swiftclient python3-keystoneclient \\ python3-keystonemiddleware memcached \u914d\u7f6eproxy-server\u3002 Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cSWIFT_PASS\u5373\u53ef\u3002 vim /etc/swift/proxy-server.conf [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = swift password = SWIFT_PASS delay_auth_decision = True service_token_roles_required = True Storage\u8282\u70b9 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305\u3002 dnf install openstack-swift-account openstack-swift-container openstack-swift-object dnf install xfsprogs rsync \u5c06\u8bbe\u5907/dev/sdb\u548c/dev/sdc\u683c\u5f0f\u5316\u4e3aXFS\u3002 mkfs.xfs /dev/sdb mkfs.xfs /dev/sdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u3002 mkdir -p /srv/node/sdb mkdir -p /srv/node/sdc \u627e\u5230\u65b0\u5206\u533a\u7684UUID\u3002 blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d\u3002 UUID=\"<UUID-from-output-above>\" /srv/node/sdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/sdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\u3002 mount /srv/node/sdb mount /srv/node/sdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e\u3002 \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u914d\u7f6e\u5b58\u50a8\u8282\u70b9\u3002 \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 [DEFAULT] bind_ip = 192.168.0.4 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743\u3002 chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\u3002 mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift Controller\u8282\u70b9\u521b\u5efa\u5e76\u5206\u53d1\u73af \u521b\u5efa\u8d26\u53f7\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840 account.builder \u6587\u4ef6\u3002 swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder account.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS \\ --port 6202 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u8d26\u53f7\u73af\u5185\u5bb9\u3002 swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u8d26\u53f7\u73af\u3002 swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\u3002 swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder container.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u5bb9\u5668\u73af\u5185\u5bb9\u3002 swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u5bb9\u5668\u73af\u3002 swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\u3002 swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder object.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS \\ --port 6200 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u5bf9\u8c61\u73af\u5185\u5bb9\u3002 swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u5bf9\u8c61\u73af\u3002 swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\u3002 \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/swift/swift.conf\u3002 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\u3002 chown -R root:swift /etc/swift \u5b8c\u6210\u5b89\u88c5 \u5728\u63a7\u5236\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\u3002 systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\u3002 systemctl enable openstack-swift-account.service \\ openstack-swift-account-auditor.service \\ openstack-swift-account-reaper.service \\ openstack-swift-account-replicator.service \\ openstack-swift-container.service \\ openstack-swift-container-auditor.service \\ openstack-swift-container-replicator.service \\ openstack-swift-container-updater.service \\ openstack-swift-object.service \\ openstack-swift-object-auditor.service \\ openstack-swift-object-replicator.service \\ openstack-swift-object-updater.service systemctl start openstack-swift-account.service \\ openstack-swift-account-auditor.service \\ openstack-swift-account-reaper.service \\ openstack-swift-account-replicator.service \\ openstack-swift-container.service \\ openstack-swift-container-auditor.service \\ openstack-swift-container-replicator.service \\ openstack-swift-container-updater.service \\ openstack-swift-object.service \\ openstack-swift-object-auditor.service \\ openstack-swift-object-replicator.service \\ openstack-swift-object-updater.service","title":"Swift"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#cyborg","text":"Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 Controller\u8282\u70b9 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 mysql -u root -p MariaDB [(none)]> CREATE DATABASE cyborg; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u7528\u6237\u548c\u670d\u52a1\uff0c\u5e76\u8bb0\u4f4f\u521b\u5efacybory\u7528\u6237\u65f6\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6eCYBORG_PASS source ~/.admin-openrc openstack user create --domain default --password-prompt cyborg openstack role add --project service --user cyborg admin openstack service create --name cyborg --description \"Acceleration Service\" accelerator \u4f7f\u7528uwsgi\u90e8\u7f72Cyborg api\u670d\u52a1 openstack endpoint create --region RegionOne accelerator public http://controller/accelerator/v2 openstack endpoint create --region RegionOne accelerator internal http://controller/accelerator/v2 openstack endpoint create --region RegionOne accelerator admin http://controller/accelerator/v2 \u5b89\u88c5Cyborg dnf install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [api] host_ip = 0.0.0.0 [database] connection = mysql+pymysql://cyborg:CYBORG_DBPASS@controller/cyborg [service_catalog] cafile = /opt/stack/data/ca-bundle.pem project_domain_id = default user_domain_id = default project_name = service password = CYBORG_PASS username = cyborg auth_url = http://controller:5000/v3/ auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = password username = PLACEMENT_PASS auth_url = http://controller:5000/v3/ auth_type = password auth_section = keystone_authtoken [nova] project_domain_name = Default project_name = service user_domain_name = Default password = NOVA_PASS username = nova auth_url = http://controller:5000/v3/ auth_type = password auth_section = keystone_authtoken [keystone_authtoken] memcached_servers = localhost:11211 signing_dir = /var/cache/cyborg/api cafile = /opt/stack/data/ca-bundle.pem project_domain_name = Default project_name = service user_domain_name = Default password = CYBORG_PASS username = cyborg auth_url = http://controller:5000/v3/ auth_type = password \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent","title":"Cyborg"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#aodh","text":"Aodh\u53ef\u4ee5\u6839\u636e\u7531Ceilometer\u6216\u8005Gnocchi\u6536\u96c6\u7684\u76d1\u63a7\u6570\u636e\u521b\u5efa\u544a\u8b66\uff0c\u5e76\u8bbe\u7f6e\u89e6\u53d1\u89c4\u5219\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh\u3002 dnf install openstack-aodh-api openstack-aodh-evaluator \\ openstack-aodh-notifier openstack-aodh-listener \\ openstack-aodh-expirer python3-aodhclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/aodh/aodh.conf [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u540c\u6b65\u6570\u636e\u5e93\u3002 aodh-dbsync \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service \\ openstack-aodh-notifier.service openstack-aodh-listener.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service \\ openstack-aodh-notifier.service openstack-aodh-listener.service","title":"Aodh"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#gnocchi","text":"Gnocchi\u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u65f6\u95f4\u5e8f\u5217\u6570\u636e\u5e93\uff0c\u53ef\u4ee5\u5bf9\u63a5Ceilometer\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi\u3002 dnf install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. # coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u540c\u6b65\u6570\u636e\u5e93\u3002 gnocchi-upgrade \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service","title":"Gnocchi"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#ceilometer","text":"Ceilometer\u662fOpenStack\u4e2d\u8d1f\u8d23\u6570\u636e\u6536\u96c6\u7684\u670d\u52a1\u3002 Controller\u8282\u70b9 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer\u8f6f\u4ef6\u5305\u3002 dnf install openstack-ceilometer-notification openstack-ceilometer-central \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/pipeline.yaml\u3002 publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/ceilometer.conf\u3002 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u6570\u636e\u5e93\u540c\u6b65\u3002 ceilometer-upgrade \u5b8c\u6210\u63a7\u5236\u8282\u70b9Ceilometer\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Compute\u8282\u70b9 \u5b89\u88c5Ceilometer\u8f6f\u4ef6\u5305\u3002 dnf install openstack-ceilometer-compute dnf install openstack-ceilometer-ipmi # \u53ef\u9009 \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/ceilometer.conf\u3002 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_url = http://controller:5000 project_domain_id = default user_domain_id = default auth_type = password username = ceilometer project_name = service password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/nova/nova.conf\u3002 [DEFAULT] instance_usage_audit = True instance_usage_audit_period = hour [notifications] notify_on_state_change = vm_and_task_state [oslo_messaging_notifications] driver = messagingv2 \u5b8c\u6210\u5b89\u88c5\u3002 systemctl enable openstack-ceilometer-compute.service systemctl start openstack-ceilometer-compute.service systemctl enable openstack-ceilometer-ipmi.service # \u53ef\u9009 systemctl start openstack-ceilometer-ipmi.service # \u53ef\u9009 # \u91cd\u542fnova-compute\u670d\u52a1 systemctl restart openstack-nova-compute.service","title":"Ceilometer"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#heat","text":"Heat\u662f OpenStack \u81ea\u52a8\u7f16\u6392\u670d\u52a1\uff0c\u57fa\u4e8e\u63cf\u8ff0\u6027\u7684\u6a21\u677f\u6765\u7f16\u6392\u590d\u5408\u4e91\u5e94\u7528\uff0c\u4e5f\u79f0\u4e3a Orchestration Service \u3002Heat \u7684\u5404\u670d\u52a1\u4e00\u822c\u5b89\u88c5\u5728 Controller \u8282\u70b9\u4e0a\u3002 Controller\u8282\u70b9 \u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE heat; MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 source ~/.admin-openrc openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f \u521b\u5efa heat domain openstack domain create --description \"Stack projects and users\" heat \u5728 heat domain\u4e0b\u521b\u5efa heat_domain_admin \u7528\u6237\uff0c\u5e76\u8bb0\u4e0b\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6e\u4e0b\u9762\u7684 HEAT_DOMAIN_PASS openstack user create --domain heat --password-prompt heat_domain_admin \u4e3a heat_domain_admin \u7528\u6237\u589e\u52a0 admin \u89d2\u8272 openstack role add --domain heat --user-domain heat --user heat_domain_admin admin \u521b\u5efa heat_stack_owner \u89d2\u8272 openstack role create heat_stack_owner \u521b\u5efa heat_stack_user \u89d2\u8272 openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service","title":"Heat"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 Controller\u8282\u70b9 \uff1a \u5b89\u88c5Tempest dnf install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Antelope\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a dnf install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin","title":"Tempest"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-antelope/#openstack-sigoos","text":"oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 yum install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff0cAK/SK\u662f\u7528\u6237\u7684\u534e\u4e3a\u4e91\u767b\u5f55\u5bc6\u94a5\uff0c\u5176\u4ed6\u914d\u7f6e\u4fdd\u6301\u9ed8\u8ba4\u5373\u53ef\uff08\u9ed8\u8ba4\u4f7f\u7528\u65b0\u52a0\u5761region\uff09\uff0c\u9700\u8981\u63d0\u524d\u5728\u4e91\u4e0a\u521b\u5efa\u5bf9\u5e94\u7684\u8d44\u6e90\uff0c\u5305\u62ec\uff1a \u4e00\u4e2a\u5b89\u5168\u7ec4\uff0c\u540d\u5b57\u9ed8\u8ba4\u662f oos \u4e00\u4e2aopenEuler\u955c\u50cf\uff0c\u540d\u79f0\u683c\u5f0f\u662fopenEuler-%(release)s-%(arch)s\uff0c\u4f8b\u5982 openEuler-24.03-sp1-arm64 \u4e00\u4e2aVPC\uff0c\u540d\u79f0\u662f oos_vpc \u8be5VPC\u4e0b\u9762\u4e24\u4e2a\u5b50\u7f51\uff0c\u540d\u79f0\u662f oos_subnet1 \u3001 oos_subnet2 [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668(\u53ea\u5728openEuler LTS\u4e0a\u652f\u6301) \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0|openEuler 24.03 LTS SP1\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 24.03-lts-sp1 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r antelope \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u6267\u884ctempest\u6d4b\u8bd5 \u7528\u6237\u53ef\u4ee5\u4f7f\u7528oos\u81ea\u52a8\u6267\u884c\uff1a oos env test test-oos \u4e5f\u53ef\u4ee5\u624b\u52a8\u767b\u5f55\u76ee\u6807\u8282\u70b9\uff0c\u8fdb\u5165\u6839\u76ee\u5f55\u4e0b\u7684 mytest \u76ee\u5f55\uff0c\u624b\u52a8\u6267\u884c tempest run \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u8df3\u8fc7\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u5728\u7b2c4\u6b65\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 \u88ab\u7eb3\u7ba1\u7684\u865a\u673a\u9700\u8981\u4fdd\u8bc1\uff1a \u81f3\u5c11\u6709\u4e00\u5f20\u7ed9oos\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e neutron_dataplane_interface_name \u81f3\u5c11\u6709\u4e00\u5757\u7ed9oos\u4f7f\u7528\u7684\u786c\u76d8\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e cinder_block_device \u5982\u679c\u8981\u90e8\u7f72swift\u670d\u52a1\uff0c\u5219\u9700\u8981\u65b0\u589e\u4e00\u5757\u786c\u76d8\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e swift_storage_devices # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 24.03-lts-sp1 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"\u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u90e8\u7f72"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/","text":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 OpenStack \u7b80\u4ecb \u00b6 OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 24.03-LTS-SP1 \u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Wallaby \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002 \u7ea6\u5b9a \u00b6 OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a CinderSP1 Nova Neutron \u51c6\u5907\u73af\u5883 \u00b6 \u73af\u5883\u914d\u7f6e \u00b6 \u914d\u7f6e 24.03 LTS SP1 \u5b98\u65b9 yum \u6e90\uff0c\u9700\u8981\u542f\u7528 EPOL \u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301 OpenStack yum update yum install openstack-release-wallaby yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP1/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-24.03-LTS-SP1/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute \u5b89\u88c5 SQL DataBase \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef \u5b89\u88c5 RabbitMQ \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5 Memcached \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u5b89\u88c5 OpenStack \u00b6 Keystone \u5b89\u88c5 \u00b6 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Placement\u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a source ~/.admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name Nova \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [libvirt] virt_type = qemu (CPT) cpu_mode = custom (CPT) cpu_model = cortex-a72 (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] vim /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } (CPT) \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL) Neutron \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service systemctl enable neutron-l3-agent.service systemctl restart openstack-nova-api.service neutron-server.service (CTL) neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list Cinder \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list horizon \u5b89\u88c5 \u00b6 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740 Tempest \u5b89\u88c5 \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Wallaby\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin Ironic \u5b89\u88c5 \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://172.20.19.13:5050/v1 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop transport_url = rabbit://openstack:RABBITPASSWD@controller:5672/ enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:123456@172.20.19.25:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 3\u3001\u914d\u7f6e\u6d88\u606f\u5ea6\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 4\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://control:5000 www_authenticate_uri = http://control:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = control:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True 5\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 6\u3001\u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c 7\u3001\u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\uff1a ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade 8\u3001\u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service 6.\u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7.deploy ramdisk\u955c\u50cf\u5236\u4f5c W\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528W\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\uff0c\u5982\u4e0b\uff1a \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a ![ironic-err](../../img/install/ironic-err.png) \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a w\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 1. \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a ``` [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ``` 2) ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 ``` [DEFAULT] enable_auto_tls = False ``` \u8bbe\u7f6e\u6743\u9650\uff1a ``` chown -R ipa.ipa /etc/ironic_python_agent/ ``` 3. \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service ``` [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target ``` Kolla \u5b89\u88c5 \u00b6 Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 24.03 LTS SP1\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002 Trove \u5b89\u88c5 \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 1.\u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; 2.\u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s 3.\u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 yum install openstack-trove python-troveclient 2. \u914d\u7f6e trove.conf vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] project_domain_name = Default project_name = service user_domain_name = Default password = trove username = trove auth_url = http://controller:5000/v3/ auth_type = password [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = trove project_domain_name = Default user_domain_name = Default username = trove [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 3.\u914d\u7f6e trove-guestagent.conf vim /etc/trove/trove-guestagent.conf [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 4.\u751f\u6210\u6570\u636e Trove \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"trove-manage db_sync\" trove 4.\u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Swift \u5b89\u88c5 \u00b6 Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** 4.\u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: ```shell yum install xfsprogs rsync ``` \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS ```shell mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc ``` \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: ```shell mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc ``` \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: ```shell blkid ``` \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: ```shell UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 ``` \u6302\u8f7d\u8bbe\u5907\uff1a ```shell mount /srv/node/vdb mount /srv/node/vdc ``` ***\u6ce8\u610f*** **\u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e** \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: ```shell [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock ``` **\u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740** \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: ```shell systemctl enable rsyncd.service systemctl start rsyncd.service ``` 5.\u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: ```shell yum install openstack-swift-account openstack-swift-container openstack-swift-object ``` \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: ```shell chown -R swift:swift /srv/node ``` \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a ```shell mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift ``` 6.\u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 ```shell cd /etc/swift ``` \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: ```shell swift-ring-builder account.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a ```shell swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f *** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder account.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder account.builder rebalance ``` 7.\u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230`/etc/swift`\u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840`container.builder`\u6587\u4ef6\uff1a ```shell swift-ring-builder container.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a ```shell swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f*** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder container.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder container.builder rebalance ``` 8.\u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230`/etc/swift`\u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840`object.builder`\u6587\u4ef6\uff1a ```shell swift-ring-builder object.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d ```shell swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f *** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder object.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder object.builder rebalance ``` \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06`account.ring.gz`\uff0c`container.ring.gz`\u4ee5\u53ca `object.ring.gz`\u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684`/etc/swift`\u76ee\u5f55\u3002 9.\u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service Cyborg \u5b89\u88c5 \u00b6 Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 1.\u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 3.\u5b89\u88c5Cyborg yum install openstack-cyborg 4.\u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f 5.\u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade 6.\u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent Aodh \u5b89\u88c5 \u00b6 1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 3.\u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u6ce8\u610f aodh\u4f9d\u8d56\u7684\u8f6f\u4ef6\u5305pytho3-pyparsing\u5728openEuler\u7684OS\u4ed3\u4e0d\u9002\u914d\uff0c\u9700\u8981\u8986\u76d6\u5b89\u88c5OpenStack\u5bf9\u5e94\u7248\u672c\uff0c\u53ef\u4ee5\u4f7f\u7528 yum list |grep pyparsing |grep OpenStack | awk '{print $2}' \u83b7\u53d6\u5bf9\u5e94\u7684\u7248\u672c VERSION,\u7136\u540e\u518d yum install -y python3-pyparsing-VERSION \u8986\u76d6\u5b89\u88c5\u9002\u914d\u7684pyparsing 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync 6.\u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service Gnocchi \u5b89\u88c5 \u00b6 1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 3.\u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade 6.\u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service Ceilometer \u5b89\u88c5 \u00b6 1.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering 2.\u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central 3.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade 6.\u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Heat \u5b89\u88c5 \u00b6 1.\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; 2.\u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin 3.\u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 4.\u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user 5.\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine 6.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 7.\u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat 8.\u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 \u00b6 oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 yum install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 24.03-LTS-SP1\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 24.03-lts-sp1 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r wallaby \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 24.03-lts-sp1 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"openEuler-24.03-LTS-SP1_Wallaby"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#openstack-wallaby","text":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72","title":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#openstack","text":"OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 24.03-LTS-SP1 \u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Wallaby \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002","title":"OpenStack \u7b80\u4ecb"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#_1","text":"OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a CinderSP1 Nova Neutron","title":"\u7ea6\u5b9a"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#_2","text":"","title":"\u51c6\u5907\u73af\u5883"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#_3","text":"\u914d\u7f6e 24.03 LTS SP1 \u5b98\u65b9 yum \u6e90\uff0c\u9700\u8981\u542f\u7528 EPOL \u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301 OpenStack yum update yum install openstack-release-wallaby yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP1/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-24.03-LTS-SP1/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute","title":"\u73af\u5883\u914d\u7f6e"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#sql-database","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef","title":"\u5b89\u88c5 SQL DataBase"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#rabbitmq","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5 RabbitMQ"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#memcached","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002","title":"\u5b89\u88c5 Memcached"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#openstack_1","text":"","title":"\u5b89\u88c5 OpenStack"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#keystone","text":"\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#glance","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#placement","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a source ~/.admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name","title":"Placement\u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#nova","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [libvirt] virt_type = qemu (CPT) cpu_mode = custom (CPT) cpu_model = cortex-a72 (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] vim /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } (CPT) \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL)","title":"Nova \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#neutron","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service systemctl enable neutron-l3-agent.service systemctl restart openstack-nova-api.service neutron-server.service (CTL) neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list","title":"Neutron \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#cinder","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list","title":"Cinder \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#horizon","text":"\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740","title":"horizon \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Wallaby\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin","title":"Tempest \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://172.20.19.13:5050/v1 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop transport_url = rabbit://openstack:RABBITPASSWD@controller:5672/ enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:123456@172.20.19.25:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 3\u3001\u914d\u7f6e\u6d88\u606f\u5ea6\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 4\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://control:5000 www_authenticate_uri = http://control:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = control:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True 5\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 6\u3001\u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c 7\u3001\u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\uff1a ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade 8\u3001\u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service 6.\u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7.deploy ramdisk\u955c\u50cf\u5236\u4f5c W\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528W\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\uff0c\u5982\u4e0b\uff1a \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a ![ironic-err](../../img/install/ironic-err.png) \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a w\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 1. \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a ``` [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ``` 2) ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 ``` [DEFAULT] enable_auto_tls = False ``` \u8bbe\u7f6e\u6743\u9650\uff1a ``` chown -R ipa.ipa /etc/ironic_python_agent/ ``` 3. \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service ``` [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target ```","title":"Ironic \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#kolla","text":"Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 24.03 LTS SP1\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002","title":"Kolla \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 1.\u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; 2.\u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s 3.\u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 yum install openstack-trove python-troveclient 2. \u914d\u7f6e trove.conf vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] project_domain_name = Default project_name = service user_domain_name = Default password = trove username = trove auth_url = http://controller:5000/v3/ auth_type = password [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = trove project_domain_name = Default user_domain_name = Default username = trove [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 3.\u914d\u7f6e trove-guestagent.conf vim /etc/trove/trove-guestagent.conf [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 4.\u751f\u6210\u6570\u636e Trove \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"trove-manage db_sync\" trove 4.\u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#swift","text":"Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** 4.\u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: ```shell yum install xfsprogs rsync ``` \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS ```shell mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc ``` \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: ```shell mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc ``` \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: ```shell blkid ``` \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: ```shell UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 ``` \u6302\u8f7d\u8bbe\u5907\uff1a ```shell mount /srv/node/vdb mount /srv/node/vdc ``` ***\u6ce8\u610f*** **\u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e** \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: ```shell [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock ``` **\u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740** \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: ```shell systemctl enable rsyncd.service systemctl start rsyncd.service ``` 5.\u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: ```shell yum install openstack-swift-account openstack-swift-container openstack-swift-object ``` \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: ```shell chown -R swift:swift /srv/node ``` \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a ```shell mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift ``` 6.\u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 ```shell cd /etc/swift ``` \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: ```shell swift-ring-builder account.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a ```shell swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f *** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder account.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder account.builder rebalance ``` 7.\u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230`/etc/swift`\u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840`container.builder`\u6587\u4ef6\uff1a ```shell swift-ring-builder container.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a ```shell swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f*** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder container.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder container.builder rebalance ``` 8.\u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230`/etc/swift`\u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840`object.builder`\u6587\u4ef6\uff1a ```shell swift-ring-builder object.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d ```shell swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f *** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder object.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder object.builder rebalance ``` \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06`account.ring.gz`\uff0c`container.ring.gz`\u4ee5\u53ca `object.ring.gz`\u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684`/etc/swift`\u76ee\u5f55\u3002 9.\u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service","title":"Swift \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#cyborg","text":"Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 1.\u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 3.\u5b89\u88c5Cyborg yum install openstack-cyborg 4.\u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f 5.\u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade 6.\u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent","title":"Cyborg \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#aodh","text":"1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 3.\u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u6ce8\u610f aodh\u4f9d\u8d56\u7684\u8f6f\u4ef6\u5305pytho3-pyparsing\u5728openEuler\u7684OS\u4ed3\u4e0d\u9002\u914d\uff0c\u9700\u8981\u8986\u76d6\u5b89\u88c5OpenStack\u5bf9\u5e94\u7248\u672c\uff0c\u53ef\u4ee5\u4f7f\u7528 yum list |grep pyparsing |grep OpenStack | awk '{print $2}' \u83b7\u53d6\u5bf9\u5e94\u7684\u7248\u672c VERSION,\u7136\u540e\u518d yum install -y python3-pyparsing-VERSION \u8986\u76d6\u5b89\u88c5\u9002\u914d\u7684pyparsing 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync 6.\u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service","title":"Aodh \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#gnocchi","text":"1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 3.\u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade 6.\u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service","title":"Gnocchi \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#ceilometer","text":"1.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering 2.\u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central 3.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade 6.\u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service","title":"Ceilometer \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#heat","text":"1.\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; 2.\u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin 3.\u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 4.\u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user 5.\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine 6.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 7.\u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat 8.\u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service","title":"Heat \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP1/OpenStack-wallaby/#openstack-sigoos","text":"oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 yum install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 24.03-LTS-SP1\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 24.03-lts-sp1 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r wallaby \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 24.03-lts-sp1 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"\u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/","text":"OpenStack Antelope \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack Antelope \u90e8\u7f72\u6307\u5357 \u57fa\u4e8eRPM\u90e8\u7f72 \u73af\u5883\u51c6\u5907 \u65f6\u949f\u540c\u6b65 \u5b89\u88c5\u6570\u636e\u5e93 \u5b89\u88c5\u6d88\u606f\u961f\u5217 \u5b89\u88c5\u7f13\u5b58\u670d\u52a1 \u90e8\u7f72\u670d\u52a1 Keystone Glance Placement Nova Neutron Cinder Horizon Ironic Trove Swift Cyborg Aodh Gnocchi Ceilometer Heat Tempest \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u90e8\u7f72 \u672c\u6587\u6863\u662f openEuler OpenStack SIG \u7f16\u5199\u7684\u57fa\u4e8e |openEuler 24.03 LTS SP2 \u7684 OpenStack \u90e8\u7f72\u6307\u5357\uff0c\u5185\u5bb9\u7531 SIG \u8d21\u732e\u8005\u63d0\u4f9b\u3002\u5728\u9605\u8bfb\u8fc7\u7a0b\u4e2d\uff0c\u5982\u679c\u60a8\u6709\u4efb\u4f55\u7591\u95ee\u6216\u8005\u53d1\u73b0\u4efb\u4f55\u95ee\u9898\uff0c\u8bf7 \u8054\u7cfb SIG\u7ef4\u62a4\u4eba\u5458\uff0c\u6216\u8005\u76f4\u63a5 \u63d0\u4ea4issue \u7ea6\u5b9a \u672c\u7ae0\u8282\u63cf\u8ff0\u6587\u6863\u4e2d\u7684\u4e00\u4e9b\u901a\u7528\u7ea6\u5b9a\u3002 \u540d\u79f0 \u5b9a\u4e49 RABBIT_PASS rabbitmq\u7684\u5bc6\u7801\uff0c\u7531\u7528\u6237\u8bbe\u7f6e\uff0c\u5728OpenStack\u5404\u4e2a\u670d\u52a1\u914d\u7f6e\u4e2d\u4f7f\u7528 CINDER_PASS cinder\u670d\u52a1keystone\u7528\u6237\u7684\u5bc6\u7801\uff0c\u5728cinder\u914d\u7f6e\u4e2d\u4f7f\u7528 CINDER_DBPASS cinder\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728cinder\u914d\u7f6e\u4e2d\u4f7f\u7528 KEYSTONE_DBPASS keystone\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728keystone\u914d\u7f6e\u4e2d\u4f7f\u7528 GLANCE_PASS glance\u670d\u52a1keystone\u7528\u6237\u7684\u5bc6\u7801\uff0c\u5728glance\u914d\u7f6e\u4e2d\u4f7f\u7528 GLANCE_DBPASS glance\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728glance\u914d\u7f6e\u4e2d\u4f7f\u7528 HEAT_PASS \u5728keystone\u6ce8\u518c\u7684heat\u7528\u6237\u5bc6\u7801\uff0c\u5728heat\u914d\u7f6e\u4e2d\u4f7f\u7528 HEAT_DBPASS heat\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728heat\u914d\u7f6e\u4e2d\u4f7f\u7528 CYBORG_PASS \u5728keystone\u6ce8\u518c\u7684cyborg\u7528\u6237\u5bc6\u7801\uff0c\u5728cyborg\u914d\u7f6e\u4e2d\u4f7f\u7528 CYBORG_DBPASS cyborg\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728cyborg\u914d\u7f6e\u4e2d\u4f7f\u7528 NEUTRON_PASS \u5728keystone\u6ce8\u518c\u7684neutron\u7528\u6237\u5bc6\u7801\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 NEUTRON_DBPASS neutron\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 PROVIDER_INTERFACE_NAME \u7269\u7406\u7f51\u7edc\u63a5\u53e3\u7684\u540d\u79f0\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 OVERLAY_INTERFACE_IP_ADDRESS Controller\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406ip\u5730\u5740\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 METADATA_SECRET metadata proxy\u7684secret\u5bc6\u7801\uff0c\u5728nova\u548cneutron\u914d\u7f6e\u4e2d\u4f7f\u7528 PLACEMENT_DBPASS placement\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728placement\u914d\u7f6e\u4e2d\u4f7f\u7528 PLACEMENT_PASS \u5728keystone\u6ce8\u518c\u7684placement\u7528\u6237\u5bc6\u7801\uff0c\u5728placement\u914d\u7f6e\u4e2d\u4f7f\u7528 NOVA_DBPASS nova\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728nova\u914d\u7f6e\u4e2d\u4f7f\u7528 NOVA_PASS \u5728keystone\u6ce8\u518c\u7684nova\u7528\u6237\u5bc6\u7801\uff0c\u5728nova,cyborg,neutron\u7b49\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_DBPASS ironic\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728ironic\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_PASS \u5728keystone\u6ce8\u518c\u7684ironic\u7528\u6237\u5bc6\u7801\uff0c\u5728ironic\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_INSPECTOR_DBPASS ironic-inspector\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728ironic-inspector\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_INSPECTOR_PASS \u5728keystone\u6ce8\u518c\u7684ironic-inspector\u7528\u6237\u5bc6\u7801\uff0c\u5728ironic-inspector\u914d\u7f6e\u4e2d\u4f7f\u7528 OpenStack SIG \u63d0\u4f9b\u4e86\u591a\u79cd\u57fa\u4e8e openEuler \u90e8\u7f72 OpenStack \u7684\u65b9\u6cd5\uff0c\u4ee5\u6ee1\u8db3\u4e0d\u540c\u7684\u7528\u6237\u573a\u666f\uff0c\u8bf7\u6309\u9700\u9009\u62e9\u3002 \u57fa\u4e8eRPM\u90e8\u7f72 \u00b6 \u73af\u5883\u51c6\u5907 \u00b6 \u672c\u6587\u6863\u57fa\u4e8eOpenStack\u7ecf\u5178\u7684\u4e09\u8282\u70b9\u73af\u5883\u8fdb\u884c\u90e8\u7f72\uff0c\u4e09\u4e2a\u8282\u70b9\u5206\u522b\u662f\u63a7\u5236\u8282\u70b9(Controller)\u3001\u8ba1\u7b97\u8282\u70b9(Compute)\u3001\u5b58\u50a8\u8282\u70b9(Storage)\uff0c\u5176\u4e2d\u5b58\u50a8\u8282\u70b9\u4e00\u822c\u53ea\u90e8\u7f72\u5b58\u50a8\u670d\u52a1\uff0c\u5728\u8d44\u6e90\u6709\u9650\u7684\u60c5\u51b5\u4e0b\uff0c\u53ef\u4ee5\u4e0d\u5355\u72ec\u90e8\u7f72\u8be5\u8282\u70b9\uff0c\u628a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u670d\u52a1\u90e8\u7f72\u5230\u8ba1\u7b97\u8282\u70b9\u5373\u53ef\u3002 \u9996\u5148\u51c6\u5907\u4e09\u4e2a|openEuler 24.03 LTS SP2\u73af\u5883\uff0c\u6839\u636e\u60a8\u7684\u73af\u5883\uff0c\u4e0b\u8f7d\u5bf9\u5e94\u7684\u955c\u50cf\u5e76\u5b89\u88c5\u5373\u53ef\uff1a ISO\u955c\u50cf \u3001 qcow2\u955c\u50cf \u3002 \u4e0b\u9762\u7684\u5b89\u88c5\u6309\u7167\u5982\u4e0b\u62d3\u6251\u8fdb\u884c\uff1a controller\uff1a192.168.0.2 compute\uff1a 192.168.0.3 storage\uff1a 192.168.0.4 \u5982\u679c\u60a8\u7684\u73af\u5883IP\u4e0d\u540c\uff0c\u8bf7\u6309\u7167\u60a8\u7684\u73af\u5883IP\u4fee\u6539\u76f8\u5e94\u7684\u914d\u7f6e\u6587\u4ef6\u3002 \u672c\u6587\u6863\u7684\u4e09\u8282\u70b9\u670d\u52a1\u62d3\u6251\u5982\u4e0b\u56fe\u6240\u793a(\u53ea\u5305\u542bKeystone\u3001Glance\u3001Nova\u3001Cinder\u3001Neutron\u8fd9\u51e0\u4e2a\u6838\u5fc3\u670d\u52a1\uff0c\u5176\u4ed6\u670d\u52a1\u8bf7\u53c2\u8003\u5177\u4f53\u90e8\u7f72\u7ae0\u8282)\uff1a \u5728\u6b63\u5f0f\u90e8\u7f72\u4e4b\u524d\uff0c\u9700\u8981\u5bf9\u6bcf\u4e2a\u8282\u70b9\u505a\u5982\u4e0b\u914d\u7f6e\u548c\u68c0\u67e5\uff1a \u914d\u7f6e |openEuler 24.03 LTS SP2 \u5b98\u65b9 yum \u6e90\uff0c\u9700\u8981\u542f\u7528 EPOL \u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301 OpenStack yum update yum install openstack-release-antelope yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP2/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-24.03-LTS-SP2/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u6bcf\u4e2a\u8282\u70b9\u5206\u522b\u4fee\u6539\u4e3b\u673a\u540d\uff0c\u4ee5controller\u4e3a\u4f8b\uff1a hostnamectl set-hostname controller vi /etc/hostname \u5185\u5bb9\u4fee\u6539\u4e3acontroller \u7136\u540e\u4fee\u6539\u6bcf\u4e2a\u8282\u70b9\u7684 /etc/hosts \u6587\u4ef6\uff0c\u65b0\u589e\u5982\u4e0b\u5185\u5bb9: 192.168.0.2 controller 192.168.0.3 compute 192.168.0.4 storage \u65f6\u949f\u540c\u6b65 \u00b6 \u96c6\u7fa4\u73af\u5883\u65f6\u523b\u8981\u6c42\u6bcf\u4e2a\u8282\u70b9\u7684\u65f6\u95f4\u4e00\u81f4\uff0c\u4e00\u822c\u7531\u65f6\u949f\u540c\u6b65\u8f6f\u4ef6\u4fdd\u8bc1\u3002\u672c\u6587\u4f7f\u7528 chrony \u8f6f\u4ef6\u3002\u6b65\u9aa4\u5982\u4e0b\uff1a Controller\u8282\u70b9 \uff1a \u5b89\u88c5\u670d\u52a1 dnf install chrony \u4fee\u6539 /etc/chrony.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u65b0\u589e\u4e00\u884c # \u8868\u793a\u5141\u8bb8\u54ea\u4e9bIP\u4ece\u672c\u8282\u70b9\u540c\u6b65\u65f6\u949f allow 192.168.0.0/24 \u91cd\u542f\u670d\u52a1 systemctl restart chronyd \u5176\u4ed6\u8282\u70b9 \u5b89\u88c5\u670d\u52a1 dnf install chrony \u4fee\u6539 /etc/chrony.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u65b0\u589e\u4e00\u884c # NTP_SERVER\u662fcontroller IP\uff0c\u8868\u793a\u4ece\u8fd9\u4e2a\u673a\u5668\u83b7\u53d6\u65f6\u95f4\uff0c\u8fd9\u91cc\u6211\u4eec\u586b192.168.0.2\uff0c\u6216\u8005\u5728`/etc/hosts`\u91cc\u914d\u7f6e\u597d\u7684controller\u540d\u5b57\u5373\u53ef\u3002 server NTP_SERVER iburst \u540c\u65f6\uff0c\u8981\u628a pool pool.ntp.org iburst \u8fd9\u4e00\u884c\u6ce8\u91ca\u6389\uff0c\u8868\u793a\u4e0d\u4ece\u516c\u7f51\u540c\u6b65\u65f6\u949f\u3002 \u91cd\u542f\u670d\u52a1 systemctl restart chronyd \u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u68c0\u67e5\u4e00\u4e0b\u7ed3\u679c\uff0c\u5728\u5176\u4ed6\u975econtroller\u8282\u70b9\u6267\u884c chronyc sources \uff0c\u8fd4\u56de\u7ed3\u679c\u7c7b\u4f3c\u5982\u4e0b\u5185\u5bb9\uff0c\u8868\u793a\u6210\u529f\u4ececontroller\u540c\u6b65\u65f6\u949f\u3002 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* 192.168.0.2 4 6 7 0 -1406ns[ +55us] +/- 16ms \u5b89\u88c5\u6570\u636e\u5e93 \u00b6 \u6570\u636e\u5e93\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528mariadb\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install mariadb-config mariadb mariadb-server python3-PyMySQL \u65b0\u589e\u914d\u7f6e\u6587\u4ef6 /etc/my.cnf.d/openstack.cnf \uff0c\u5185\u5bb9\u5982\u4e0b [mysqld] bind-address = 192.168.0.2 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u542f\u52a8\u670d\u52a1\u5668 systemctl start mariadb \u521d\u59cb\u5316\u6570\u636e\u5e93\uff0c\u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef mysql_secure_installation \u793a\u4f8b\u5982\u4e0b\uff1a NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and haven't set the root password yet, you should just press enter here. Enter current password for root (enter for none): #\u8fd9\u91cc\u8f93\u5165\u5bc6\u7801\uff0c\u7531\u4e8e\u6211\u4eec\u662f\u521d\u59cb\u5316DB\uff0c\u76f4\u63a5\u56de\u8f66\u5c31\u884c OK, successfully used password, moving on... Setting the root password or using the unix_socket ensures that nobody can log into the MariaDB root user without the proper authorisation. You already have your root account protected, so you can safely answer 'n'. # \u8fd9\u91cc\u6839\u636e\u63d0\u793a\u8f93\u5165N Switch to unix_socket authentication [Y/n] N Enabled successfully! Reloading privilege tables.. ... Success! You already have your root account protected, so you can safely answer 'n'. # \u8f93\u5165Y\uff0c\u4fee\u6539\u5bc6\u7801 Change the root password? [Y/n] Y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. # \u8f93\u5165Y\uff0c\u5220\u9664\u533f\u540d\u7528\u6237 Remove anonymous users? [Y/n] Y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. # \u8f93\u5165Y\uff0c\u5173\u95edroot\u8fdc\u7a0b\u767b\u5f55\u6743\u9650 Disallow root login remotely? [Y/n] Y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. # \u8f93\u5165Y\uff0c\u5220\u9664test\u6570\u636e\u5e93 Remove test database and access to it? [Y/n] Y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. # \u8f93\u5165Y\uff0c\u91cd\u8f7d\u914d\u7f6e Reload privilege tables now? [Y/n] Y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. \u9a8c\u8bc1\uff0c\u6839\u636e\u7b2c\u56db\u6b65\u8bbe\u7f6e\u7684\u5bc6\u7801\uff0c\u68c0\u67e5\u662f\u5426\u80fd\u767b\u5f55mariadb mysql -uroot -p \u5b89\u88c5\u6d88\u606f\u961f\u5217 \u00b6 \u6d88\u606f\u961f\u5217\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528rabbitmq\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install rabbitmq-server \u542f\u52a8\u670d\u52a1 systemctl start rabbitmq-server \u914d\u7f6eopenstack\u7528\u6237\uff0c RABBIT_PASS \u662fopenstack\u670d\u52a1\u767b\u5f55\u6d88\u606f\u961f\u91cc\u7684\u5bc6\u7801\uff0c\u9700\u8981\u548c\u540e\u9762\u5404\u4e2a\u670d\u52a1\u7684\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\u3002 rabbitmqctl add_user openstack RABBIT_PASS rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5\u7f13\u5b58\u670d\u52a1 \u00b6 \u6d88\u606f\u961f\u5217\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528Memcached\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install memcached python3-memcached \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u542f\u52a8\u670d\u52a1 systemctl start memcached \u90e8\u7f72\u670d\u52a1 \u00b6 Keystone \u00b6 Keystone\u662fOpenStack\u63d0\u4f9b\u7684\u9274\u6743\u670d\u52a1\uff0c\u662f\u6574\u4e2aOpenStack\u7684\u5165\u53e3\uff0c\u63d0\u4f9b\u4e86\u79df\u6237\u9694\u79bb\u3001\u7528\u6237\u8ba4\u8bc1\u3001\u670d\u52a1\u53d1\u73b0\u7b49\u529f\u80fd\uff0c\u5fc5\u987b\u5b89\u88c5\u3002 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server \u6253\u5f00httpd.conf\u5e76\u914d\u7f6e #\u9700\u8981\u4fee\u6539\u7684\u914d\u7f6e\u6587\u4ef6\u8def\u5f84 vim /etc/httpd/conf/httpd.conf #\u4fee\u6539\u4ee5\u4e0b\u9879\uff0c\u5982\u679c\u6ca1\u6709\u5219\u65b0\u6dfb\u52a0 ServerName controller \u521b\u5efa\u8f6f\u94fe\u63a5 ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles \u9700\u8981\u5148\u5b89\u88c5python3-openstackclient dnf install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u00b6 Glance\u662fOpenStack\u63d0\u4f9b\u7684\u955c\u50cf\u670d\u52a1\uff0c\u8d1f\u8d23\u865a\u62df\u673a\u3001\u88f8\u673a\u955c\u50cf\u7684\u4e0a\u4f20\u4e0e\u4e0b\u8f7d\uff0c\u5fc5\u987b\u5b89\u88c5\u3002 Controller\u8282\u70b9 \uff1a \u521b\u5efa glance \u6570\u636e\u5e93\u5e76\u6388\u6743 mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521d\u59cb\u5316 glance \u8d44\u6e90\u5bf9\u8c61 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efa\u7528\u6237\u65f6\uff0c\u547d\u4ee4\u884c\u4f1a\u63d0\u793a\u8f93\u5165\u5bc6\u7801\uff0c\u8bf7\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u5bc6\u7801\uff0c\u4e0b\u6587\u6d89\u53ca\u5230 GLANCE_PASS \u7684\u5730\u65b9\u66ff\u6362\u6210\u8be5\u5bc6\u7801\u5373\u53ef\u3002 openstack user create --domain default --password-prompt glance User Password: Repeat User Password: \u6dfb\u52a0glance\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user glance admin \u521b\u5efaglance\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efaglance API\u670d\u52a1\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-glance \u4fee\u6539 glance \u914d\u7f6e\u6587\u4ef6 vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u5bfc\u5165\u73af\u5883\u53d8\u91cf sorce ~/.admin-openrcu \u4e0b\u8f7d\u955c\u50cf x86\u955c\u50cf\u4e0b\u8f7d\uff1a wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img arm\u955c\u50cf\u4e0b\u8f7d\uff1a wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-aarch64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Placement \u00b6 Placement\u662fOpenStack\u63d0\u4f9b\u7684\u8d44\u6e90\u8c03\u5ea6\u7ec4\u4ef6\uff0c\u4e00\u822c\u4e0d\u9762\u5411\u7528\u6237\uff0c\u7531Nova\u7b49\u7ec4\u4ef6\u8c03\u7528\uff0c\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\u3002 \u5b89\u88c5\u3001\u914d\u7f6ePlacement\u670d\u52a1\u524d\uff0c\u9700\u8981\u5148\u521b\u5efa\u76f8\u5e94\u7684\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548cAPI endpoints\u3002 \u521b\u5efa\u6570\u636e\u5e93 \u4f7f\u7528root\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\u670d\u52a1\uff1a mysql -u root -p \u521b\u5efaplacement\u6570\u636e\u5e93\uff1a MariaDB [(none)]> CREATE DATABASE placement; \u6388\u6743\u6570\u636e\u5e93\u8bbf\u95ee\uff1a MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; \u66ff\u6362 PLACEMENT_DBPASS \u4e3aplacement\u6570\u636e\u5e93\u8bbf\u95ee\u5bc6\u7801\u3002 \u9000\u51fa\u6570\u636e\u5e93\u8bbf\u95ee\u5ba2\u6237\u7aef\uff1a exit \u914d\u7f6e\u7528\u6237\u548cEndpoints source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u521b\u5efaplacement\u7528\u6237\u5e76\u8bbe\u7f6e\u7528\u6237\u5bc6\u7801\uff1a openstack user create --domain default --password-prompt placement User Password: Repeat User Password: \u6dfb\u52a0placement\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user placement admin \u521b\u5efaplacement\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name placement \\ --description \"Placement API\" placement \u521b\u5efaPlacement API\u670d\u52a1endpoints\uff1a openstack endpoint create --region RegionOne \\ placement public http://controller:8778 openstack endpoint create --region RegionOne \\ placement internal http://controller:8778 openstack endpoint create --region RegionOne \\ placement admin http://controller:8778 \u5b89\u88c5\u53ca\u914d\u7f6e\u7ec4\u4ef6 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a dnf install openstack-placement-api \u7f16\u8f91 /etc/placement/placement.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u5b8c\u6210\u5982\u4e0b\u64cd\u4f5c\uff1a \u5728 [placement_database] \u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1a [placement_database] connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement \u66ff\u6362 PLACEMENT_DBPASS \u4e3aplacement\u6570\u636e\u5e93\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u6570\u636e\u5e93\u540c\u6b65\uff0c\u586b\u5145Placement\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8\u670d\u52a1 \u91cd\u542fhttpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650 source ~/.admin-openrc \u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a placement-status upgrade check +----------------------------------------------------------------------+ | Upgrade Check Results | +----------------------------------------------------------------------+ | Check: Missing Root Provider IDs | | Result: Success | | Details: None | +----------------------------------------------------------------------+ | Check: Incomplete Consumers | | Result: Success | | Details: None | +----------------------------------------------------------------------+ | Check: Policy File JSON to YAML Migration | | Result: Failure | | Details: Your policy file is JSON-formatted which is deprecated. You | | need to switch to YAML-formatted file. Use the | | ``oslopolicy-convert-json-to-yaml`` tool to convert the | | existing JSON-formatted files to YAML in a backwards- | | compatible manner: https://docs.openstack.org/oslo.policy/ | | latest/cli/oslopolicy-convert-json-to-yaml.html. | +----------------------------------------------------------------------+ \u8fd9\u91cc\u53ef\u4ee5\u770b\u5230 Policy File JSON to YAML Migration \u7684\u7ed3\u679c\u4e3aFailure\u3002\u8fd9\u662f\u56e0\u4e3a\u5728Placement\u4e2d\uff0cJSON\u683c\u5f0f\u7684policy\u6587\u4ef6\u4eceWallaby\u7248\u672c\u5f00\u59cb\u5df2\u5904\u4e8e deprecated \u72b6\u6001\u3002\u53ef\u4ee5\u53c2\u8003\u63d0\u793a\uff0c\u4f7f\u7528 oslopolicy-convert-json-to-yaml \u5de5\u5177 \u5c06\u73b0\u6709\u7684JSON\u683c\u5f0fpolicy\u6587\u4ef6\u8f6c\u5316\u4e3aYAML\u683c\u5f0f\u3002 oslopolicy-convert-json-to-yaml --namespace placement \\ --policy-file /etc/placement/policy.json \\ --output-file /etc/placement/policy.yaml mv /etc/placement/policy.json{,.bak} \u6ce8\uff1a\u5f53\u524d\u73af\u5883\u4e2d\u6b64\u95ee\u9898\u53ef\u5ffd\u7565\uff0c\u4e0d\u5f71\u54cd\u8fd0\u884c\u3002 \u9488\u5bf9placement API\u8fd0\u884c\u547d\u4ee4\uff1a \u5b89\u88c5osc-placement\u63d2\u4ef6\uff1a dnf install python3-osc-placement \u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a openstack --os-placement-api-version 1.2 resource class list --sort-column name +----------------------------+ | name | +----------------------------+ | DISK_GB | | FPGA | | ... | openstack --os-placement-api-version 1.6 trait list --sort-column name +---------------------------------------+ | name | +---------------------------------------+ | COMPUTE_ACCELERATORS | | COMPUTE_ARCH_AARCH64 | | ... | Nova \u00b6 Nova\u662fOpenStack\u7684\u8ba1\u7b97\u670d\u52a1\uff0c\u8d1f\u8d23\u865a\u62df\u673a\u7684\u521b\u5efa\u3001\u53d1\u653e\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u521b\u5efa\u6570\u636e\u5e93 \u4f7f\u7528root\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\u670d\u52a1\uff1a mysql -u root -p \u521b\u5efa nova_api \u3001 nova \u548c nova_cell0 \u6570\u636e\u5e93\uff1a MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; \u6388\u6743\u6570\u636e\u5e93\u8bbf\u95ee\uff1a MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; \u66ff\u6362 NOVA_DBPASS \u4e3anova\u76f8\u5173\u6570\u636e\u5e93\u8bbf\u95ee\u5bc6\u7801\u3002 \u9000\u51fa\u6570\u636e\u5e93\u8bbf\u95ee\u5ba2\u6237\u7aef\uff1a exit \u914d\u7f6e\u7528\u6237\u548cEndpoints source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u521b\u5efanova\u7528\u6237\u5e76\u8bbe\u7f6e\u7528\u6237\u5bc6\u7801\uff1a openstack user create --domain default --password-prompt nova User Password: Repeat User Password: \u6dfb\u52a0nova\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user nova admin \u521b\u5efanova\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name nova \\ --description \"OpenStack Compute\" compute \u521b\u5efaNova API\u670d\u52a1endpoints\uff1a openstack endpoint create --region RegionOne \\ compute public http://controller:8774/v2.1 openstack endpoint create --region RegionOne \\ compute internal http://controller:8774/v2.1 openstack endpoint create --region RegionOne \\ compute admin http://controller:8774/v2.1 \u5b89\u88c5\u53ca\u914d\u7f6e\u7ec4\u4ef6 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a dnf install openstack-nova-api openstack-nova-conductor \\ openstack-nova-novncproxy openstack-nova-scheduler \u7f16\u8f91 /etc/nova/nova.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u5b8c\u6210\u5982\u4e0b\u64cd\u4f5c\uff1a \u5728 [default] \u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u4f7f\u7528controller\u8282\u70b9\u7ba1\u7406IP\u914d\u7f6emy_ip\uff0c\u663e\u5f0f\u5b9a\u4e49log_dir\uff1a [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 192.168.0.2 log_dir = /var/log/nova state_path = /var/lib/nova \u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002 \u5728 [api_database] \u548c [database] \u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1a [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova \u66ff\u6362 NOVA_DBPASS \u4e3anova\u76f8\u5173\u6570\u636e\u5e93\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u5728 [vnc] \u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1a [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip \u5728 [glance] \u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1a [glance] api_servers = http://controller:9292 \u5728 [oslo_concurrency] \u90e8\u5206\uff0c\u914d\u7f6elock path\uff1a [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\uff1a [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u6570\u636e\u5e93\u540c\u6b65\uff1a \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova \u542f\u52a8\u670d\u52a1 systemctl enable \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service Compute\u8282\u70b9 \u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-nova-compute \u7f16\u8f91 /etc/nova/nova.conf \u914d\u7f6e\u6587\u4ef6 \u5728 [default] \u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u4f7f\u7528Compute\u8282\u70b9\u7ba1\u7406IP\u914d\u7f6emy_ip\uff0c\u663e\u5f0f\u5b9a\u4e49compute_driver\u3001instances_path\u3001log_dir\uff1a [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 192.168.0.3 compute_driver = libvirt.LibvirtDriver instances_path = /var/lib/nova/instances log_dir = /var/log/nova \u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u5728 [vnc] \u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1a [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html \u5728 [glance] \u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1a [glance] api_servers = http://controller:9292 \u5728 [oslo_concurrency] \u90e8\u5206\uff0c\u914d\u7f6elock path\uff1a [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\uff1a [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86_64\uff09 \u5904\u7406\u5668\u4e3ax86_64\u67b6\u6784\u65f6\uff0c\u53ef\u901a\u8fc7\u8fd0\u884c\u5982\u4e0b\u547d\u4ee4\u786e\u8ba4\u662f\u5426\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662f\u9ed8\u8ba4\u7684KVM\u3002\u7f16\u8f91 /etc/nova/nova.conf \u7684 [libvirt] \u90e8\u5206\uff1a [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e\u3002 \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08arm64\uff09 \u5904\u7406\u5668\u4e3aarm64\u67b6\u6784\u65f6\uff0c\u53ef\u901a\u8fc7\u8fd0\u884c\u5982\u4e0b\u547d\u4ee4\u786e\u8ba4\u662f\u5426\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff1a virt-host-validate # \u8be5\u547d\u4ee4\u7531libvirt\u63d0\u4f9b\uff0c\u6b64\u65f6libvirt\u5e94\u5df2\u4f5c\u4e3aopenstack-nova-compute\u4f9d\u8d56\u88ab\u5b89\u88c5\uff0c\u73af\u5883\u4e2d\u5df2\u6709\u6b64\u547d\u4ee4 \u663e\u793aFAIL\u65f6\uff0c\u8868\u793a\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662f\u9ed8\u8ba4\u7684KVM\u3002 QEMU: Checking if device /dev/kvm exists: FAIL (Check that CPU and firmware supports virtualization and kvm module is loaded) \u7f16\u8f91 /etc/nova/nova.conf \u7684 [libvirt] \u90e8\u5206\uff1a [libvirt] virt_type = qemu \u663e\u793aPASS\u65f6\uff0c\u8868\u793a\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e\u3002 QEMU: Checking if device /dev/kvm exists: PASS \u914d\u7f6eqemu\uff08\u4ec5arm64\uff09 \u4ec5\u5f53\u5904\u7406\u5668\u4e3aarm64\u67b6\u6784\u65f6\u9700\u8981\u6267\u884c\u6b64\u64cd\u4f5c\u3002 \u7f16\u8f91 /etc/libvirt/qemu.conf : nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u7f16\u8f91 /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } \u542f\u52a8\u670d\u52a1 systemctl enable libvirtd.service openstack-nova-compute.service systemctl start libvirtd.service openstack-nova-compute.service Controller\u8282\u70b9 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u786e\u8ba4nova-compute\u670d\u52a1\u5df2\u8bc6\u522b\u5230\u6570\u636e\u5e93\u4e2d\uff1a openstack compute service list --service nova-compute \u53d1\u73b0\u8ba1\u7b97\u8282\u70b9\uff0c\u5c06\u8ba1\u7b97\u8282\u70b9\u6dfb\u52a0\u5230cell\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova \u7ed3\u679c\u5982\u4e0b\uff1a Modules with known eventlet monkey patching issues were imported prior to eventlet monkey patching: urllib3. This warning can usually be ignored if the caller is only importing and not executing nova code. Found 2 cell mappings. Skipping cell0 since it does not contain hosts. Getting computes from cell 'cell1': 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2 Checking host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e Creating host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e Found 1 unmapped computes in cell: 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2 \u9a8c\u8bc1 \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check Neutron \u00b6 Neutron\u662fOpenStack\u7684\u7f51\u7edc\u670d\u52a1\uff0c\u63d0\u4f9b\u865a\u62df\u4ea4\u6362\u673a\u3001IP\u8def\u7531\u3001DHCP\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u670d\u52a1\u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u7528\u6237\u548c\u670d\u52a1\uff0c\u5e76\u8bb0\u4f4f\u521b\u5efaneutron\u7528\u6237\u65f6\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6eNEUTRON_PASS\uff1a source ~/.admin-openrc openstack user create --domain default --password-prompt neutron openstack role add --project service --user neutron admin openstack service create --name neutron --description \"OpenStack Networking\" network \u90e8\u7f72 Neutron API \u670d\u52a1\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 openstack endpoint create --region RegionOne network internal http://controller:9696 openstack endpoint create --region RegionOne network admin http://controller:9696 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install -y openstack-neutron openstack-neutron-linuxbridge ebtables ipset openstack-neutron-ml2 3. \u914d\u7f6eNeutron \u4fee\u6539/etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron [DEFAULT] core_plugin = ml2 service_plugins = router allow_overlapping_ips = true transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = nova password = NOVA_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp [experimental] linuxbridge = true \u914d\u7f6eML2\uff0cML2\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge** \u4fee\u6539/etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u4fee\u6539/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u914d\u7f6eLayer-3\u4ee3\u7406 \u4fee\u6539/etc/neutron/l3_agent.ini [DEFAULT] interface_driver = linuxbridge \u914d\u7f6eDHCP\u4ee3\u7406 \u4fee\u6539/etc/neutron/dhcp_agent.ini [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u914d\u7f6emetadata\u4ee3\u7406 \u4fee\u6539/etc/neutron/metadata_agent.ini [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u914d\u7f6enova\u670d\u52a1\u4f7f\u7528neutron\uff0c\u4fee\u6539/etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542fnova api\u670d\u52a1 systemctl restart openstack-nova-api \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service systemctl start neutron-server.service neutron-linuxbridge-agent.service \\ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service Compute\u8282\u70b9 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-neutron-linuxbridge ebtables ipset -y \u914d\u7f6eNeutron \u4fee\u6539/etc/neutron/neutron.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u4fee\u6539/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u914d\u7f6enova compute\u670d\u52a1\u4f7f\u7528neutron\uff0c\u4fee\u6539/etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS \u91cd\u542fnova-compute\u670d\u52a1 systemctl restart openstack-nova-compute.service \u542f\u52a8Neutron linuxbridge agent\u670d\u52a1 systemctl enable neutron-linuxbridge-agent systemctl start neutron-linuxbridge-agent Cinder \u00b6 Cinder\u662fOpenStack\u7684\u5b58\u50a8\u670d\u52a1\uff0c\u63d0\u4f9b\u5757\u8bbe\u5907\u7684\u521b\u5efa\u3001\u53d1\u653e\u3001\u5907\u4efd\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \uff1a \u521d\u59cb\u5316\u6570\u636e\u5e93 CINDER_DBPASS \u662f\u7528\u6237\u81ea\u5b9a\u4e49\u7684cinder\u6570\u636e\u5e93\u5bc6\u7801\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u521d\u59cb\u5316Keystone\u8d44\u6e90\u5bf9\u8c61 source ~/.admin-openrc #\u521b\u5efa\u7528\u6237\u65f6\uff0c\u547d\u4ee4\u884c\u4f1a\u63d0\u793a\u8f93\u5165\u5bc6\u7801\uff0c\u8bf7\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u5bc6\u7801\uff0c\u4e0b\u6587\u6d89\u53ca\u5230`CINDER_PASS`\u7684\u5730\u65b9\u66ff\u6362\u6210\u8be5\u5bc6\u7801\u5373\u53ef\u3002 openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s 3. \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-cinder-api openstack-cinder-scheduler \u4fee\u6539cinder\u914d\u7f6e\u6587\u4ef6 /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 192.168.0.2 [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp \u6570\u636e\u5e93\u540c\u6b65 su -s /bin/sh -c \"cinder-manage db sync\" cinder \u4fee\u6539nova\u914d\u7f6e /etc/nova/nova.conf [cinder] os_region_name = RegionOne \u542f\u52a8\u670d\u52a1 systemctl restart openstack-nova-api systemctl start openstack-cinder-api openstack-cinder-scheduler Storage\u8282\u70b9 \uff1a Storage\u8282\u70b9\u8981\u63d0\u524d\u51c6\u5907\u81f3\u5c11\u4e00\u5757\u786c\u76d8\uff0c\u4f5c\u4e3acinder\u7684\u5b58\u50a8\u540e\u7aef\uff0c\u4e0b\u6587\u9ed8\u8ba4storage\u8282\u70b9\u5df2\u7ecf\u5b58\u5728\u4e00\u5757\u672a\u4f7f\u7528\u7684\u786c\u76d8\uff0c\u8bbe\u5907\u540d\u79f0\u4e3a /dev/sdb \uff0c\u7528\u6237\u5728\u914d\u7f6e\u8fc7\u7a0b\u4e2d\uff0c\u8bf7\u6309\u7167\u771f\u5b9e\u73af\u5883\u4fe1\u606f\u8fdb\u884c\u540d\u79f0\u66ff\u6362\u3002 Cinder\u652f\u6301\u5f88\u591a\u7c7b\u578b\u7684\u540e\u7aef\u5b58\u50a8\uff0c\u672c\u6307\u5bfc\u4f7f\u7528\u6700\u7b80\u5355\u7684lvm\u4e3a\u53c2\u8003\uff0c\u5982\u679c\u60a8\u60f3\u4f7f\u7528\u5982ceph\u7b49\u5176\u4ed6\u540e\u7aef\uff0c\u8bf7\u81ea\u884c\u914d\u7f6e\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils openstack-cinder-volume openstack-cinder-backup \u914d\u7f6elvm\u5377\u7ec4 pvcreate /dev/sdb vgcreate cinder-volumes /dev/sdb \u4fee\u6539cinder\u914d\u7f6e /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 192.168.0.4 enabled_backends = lvm glance_api_servers = http://controller:9292 [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = cinder password = CINDER_PASS [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver volume_group = cinder-volumes target_protocol = iscsi target_helper = lioadm [oslo_concurrency] lock_path = /var/lib/cinder/tmp \u914d\u7f6ecinder backup \uff08\u53ef\u9009\uff09 cinder-backup\u662f\u53ef\u9009\u7684\u5907\u4efd\u670d\u52a1\uff0ccinder\u540c\u6837\u652f\u6301\u5f88\u591a\u79cd\u5907\u4efd\u540e\u7aef\uff0c\u672c\u6587\u4f7f\u7528swift\u5b58\u50a8\uff0c\u5982\u679c\u60a8\u60f3\u4f7f\u7528\u5982NFS\u7b49\u540e\u7aef\uff0c\u8bf7\u81ea\u884c\u914d\u7f6e\uff0c\u4f8b\u5982\u53ef\u4ee5\u53c2\u8003 OpenStack\u5b98\u65b9\u6587\u6863 \u5bf9NFS\u7684\u914d\u7f6e\u8bf4\u660e\u3002 \u4fee\u6539 /etc/cinder/cinder.conf \uff0c\u5728 [DEFAULT] \u4e2d\u65b0\u589e [DEFAULT] backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver backup_swift_url = SWIFT_URL \u8fd9\u91cc\u7684 SWIFT_URL \u662f\u6307\u73af\u5883\u4e2dswift\u670d\u52a1\u7684URL\uff0c\u5728\u90e8\u7f72\u5b8cswift\u670d\u52a1\u540e\uff0c\u6267\u884c openstack catalog show object-store \u547d\u4ee4\u83b7\u53d6\u3002 \u542f\u52a8\u670d\u52a1 systemctl start openstack-cinder-volume target systemctl start openstack-cinder-backup (\u53ef\u9009) \u81f3\u6b64\uff0cCinder\u670d\u52a1\u7684\u90e8\u7f72\u5df2\u5168\u90e8\u5b8c\u6210\uff0c\u53ef\u4ee5\u5728controller\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u8fdb\u884c\u7b80\u5355\u7684\u9a8c\u8bc1 source ~/.admin-openrc openstack storage service list openstack volume list Horizon \u00b6 Horizon\u662fOpenStack\u63d0\u4f9b\u7684\u524d\u7aef\u9875\u9762\uff0c\u53ef\u4ee5\u8ba9\u7528\u6237\u901a\u8fc7\u7f51\u9875\u9f20\u6807\u7684\u64cd\u4f5c\u6765\u63a7\u5236OpenStack\u96c6\u7fa4\uff0c\u800c\u4e0d\u7528\u7e41\u7410\u7684CLI\u547d\u4ee4\u884c\u3002Horizon\u4e00\u822c\u90e8\u7f72\u5728\u63a7\u5236\u8282\u70b9\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-dashboard \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] OPENSTACK_KEYSTONE_URL = \"http://controller:5000/v3\" SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f\u670d\u52a1 systemctl restart httpd \u81f3\u6b64\uff0chorizon\u670d\u52a1\u7684\u90e8\u7f72\u5df2\u5168\u90e8\u5b8c\u6210\uff0c\u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165 http://192.168.0.2/dashboard \uff0c\u6253\u5f00horizon\u767b\u5f55\u9875\u9762\u3002 Ironic \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASS'; MariaDB [(none)]> exit Bye \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 \u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 \u66ff\u6362 IRONIC_PASS \u4e3aironic\u7528\u6237\u5bc6\u7801\uff0c IRONIC_INSPECTOR_PASS \u4e3aironic_inspector\u7528\u6237\u5bc6\u7801\u3002 openstack user create --password IRONIC_PASS \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASS --email ironic_inspector@example.com ironic-inspector openstack role add --project service --user ironic-inspector admin \u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal public http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal internal http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://192.168.0.2:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://192.168.0.2:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://192.168.0.2:5050/v1 \u5b89\u88c5\u7ec4\u4ef6 dnf install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf \u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASS \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQ LAlchemy connection string used to connect to the # database (string value) # connection = mysql+pymysql://ironic:IRONIC_DBPASS@DB_IP/ironic connection = mysql+pymysql://ironic:IRONIC_DBPASS@controller/ironic \u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) # transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq \u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASS \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s % (user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) # www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 www_authenticate_uri=http://controller:5000 # Complete admin Identity API endpoint. (string value) # auth_url=http://PRIVATE_IDENTITY_IP:5000 auth_url=http://controller:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASS # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none \u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema \u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 \u5982\u4e0b\u4e3aironic-conductor\u670d\u52a1\u81ea\u8eab\u7684\u6807\u51c6\u914d\u7f6e\uff0cironic-conductor\u670d\u52a1\u53ef\u4ee5\u4e0eironic-api\u670d\u52a1\u5206\u5e03\u4e8e\u4e0d\u540c\u8282\u70b9\uff0c\u672c\u6307\u5357\u4e2d\u5747\u90e8\u7f72\u4e0e\u63a7\u5236\u8282\u70b9\uff0c\u6240\u4ee5\u91cd\u590d\u7684\u914d\u7f6e\u9879\u53ef\u8df3\u8fc7\u3002 \u66ff\u6362\u4f7f\u7528conductor\u670d\u52a1\u6240\u5728host\u7684IP\u914d\u7f6emy_ip\uff1a [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) # my_ip=HOST_IP my_ip = 192.168.0.2 \u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASS \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASS@controller/ironic \u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq \u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c \u66ff\u6362IRONIC_PASS\u4e3aironic\u7528\u6237\u5bc6\u7801\u3002 [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASS # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public # \u5176\u4ed6\u53c2\u8003\u914d\u7f6e [glance] endpoint_override = http://controller:9292 www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 auth_type = password username = ironic password = IRONIC_PASS project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service [service_catalog] region_name = RegionOne project_domain_id = default user_domain_id = default project_name = service password = IRONIC_PASS username = ironic auth_url = http://controller:5000 auth_type = password \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] endpoint_override = <NEUTRON_API_ADDRESS> \u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 \u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u5b89\u88c5\u7ec4\u4ef6 dnf install openstack-ironic-inspector \u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASS'; MariaDB [(none)]> exit Bye \u914d\u7f6e /etc/ironic-inspector/inspector.conf \u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASS \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801 [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASS@controller/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 \u914d\u7f6e\u6d88\u606f\u961f\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s % (user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://controller:5000 www_authenticate_uri = http://controller:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = controller:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True \u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=192.168.0.40,192.168.0.50 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log \u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c \u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade \u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 dnf install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd deploy ramdisk\u955c\u50cf\u4e0b\u8f7d\u6216\u5236\u4f5c \u90e8\u7f72\u4e00\u4e2a\u88f8\u673a\u8282\u70b9\u603b\u5171\u9700\u8981\u4e24\u7ec4\u955c\u50cf\uff1adeploy ramdisk images\u548cuser images\u3002Deploy ramdisk images\u4e0a\u8fd0\u884c\u6709ironic-python-agent(IPA)\u670d\u52a1\uff0cIronic\u901a\u8fc7\u5b83\u8fdb\u884c\u88f8\u673a\u8282\u70b9\u7684\u73af\u5883\u51c6\u5907\u3002User images\u662f\u6700\u7ec8\u88ab\u5b89\u88c5\u88f8\u673a\u8282\u70b9\u4e0a\uff0c\u4f9b\u7528\u6237\u4f7f\u7528\u7684\u955c\u50cf\u3002 ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent-builder\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002\u82e5\u4f7f\u7528\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \uff0c\u540c\u65f6\u5b98\u65b9\u4e5f\u6709\u63d0\u4f9b\u5236\u4f5c\u597d\u7684deploy\u955c\u50cf\uff0c\u53ef\u5c1d\u8bd5\u4e0b\u8f7d\u3002 \u4e0b\u6587\u4ecb\u7ecd\u901a\u8fc7ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder dnf install python3-ironic-python-agent-builder \u6216 pip3 install ironic-python-agent-builder dnf install qemu-img git \u5236\u4f5c\u955c\u50cf \u57fa\u672c\u7528\u6cd5\uff1a usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--lzma] [--extra-args EXTRA_ARGS] [--elements-path ELEMENTS_PATH] distribution positional arguments: distribution Distribution to use options: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic-python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --lzma Use lzma compression for smaller images --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder --elements-path ELEMENTS_PATH Path(s) to custom DIB elements separated by a colon \u64cd\u4f5c\u5b9e\u4f8b\uff1a # -o\u9009\u9879\u6307\u5b9a\u751f\u6210\u7684\u955c\u50cf\u540d # ubuntu\u6307\u5b9a\u751f\u6210ubuntu\u7cfb\u7edf\u7684\u955c\u50cf ironic-python-agent-builder -o my-ubuntu-ipa ubuntu \u53ef\u901a\u8fc7\u8bbe\u7f6e ARCH \u73af\u5883\u53d8\u91cf\uff08\u9ed8\u8ba4\u4e3aamd64\uff09\u6307\u5b9a\u6240\u6784\u5efa\u955c\u50cf\u7684\u67b6\u6784\u3002\u5982\u679c\u662f arm \u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a export ARCH=aarch64 \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf,\u8bbe\u7f6e\u7528\u6237\u540d\u3001\u5bc6\u7801\uff0c\u542f\u7528 sodo \u6743\u9650\uff1b\u5e76\u6dfb\u52a0 -e \u9009\u9879\u4f7f\u7528\u76f8\u5e94\u7684DIB\u5143\u7d20\u3002\u5236\u4f5c\u955c\u50cf\u64cd\u4f5c\u5982\u4e0b\uff1a export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder -o my-ssh-ubuntu-ipa -e selinux-permissive -e devuser ubuntu \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=stable/2023.1 # \u6307\u5b9a\u672c\u5730\u4ed3\u5e93\u53ca\u5206\u652f DIB_REPOLOCATION_ironic_python_agent=/home/user/path/to/repo DIB_REPOREF_ironic_python_agent=my-test-branch ironic-python-agent-builder ubuntu \u53c2\u8003\uff1a source-repositories \u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\u3002 \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a \u5f53\u524d\u7248\u672c\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ ramdisk\u955c\u50cf\u4e2d\u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 \u7f16\u8f91/usr/lib/systemd/system/ironic-python-agent.service\u6587\u4ef6 [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target Trove \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2atrove\u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684trove\u6570\u636e\u5e93\uff0c\u66ff\u6362TROVE_DBPASS\u4e3a\u5408\u9002\u7684\u5bc6\u7801\u3002 CREATE DATABASE trove CHARACTER SET utf8; GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' IDENTIFIED BY 'TROVE_DBPASS'; GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' IDENTIFIED BY 'TROVE_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 # \u521b\u5efatrove\u7528\u6237 openstack user create --domain default --password-prompt trove # \u6dfb\u52a0admin\u89d2\u8272 openstack role add --project service --user trove admin # \u521b\u5efadatabase\u670d\u52a1 openstack service create --name trove --description \"Database service\" database \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5Trove\u3002 dnf install openstack-trove python-troveclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 \u7f16\u8f91/etc/trove/trove.conf\u3002 [DEFAULT] bind_host=192.168.0.2 log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver network_label_regex=.* management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] auth_url = http://controller:5000/v3/ auth_type = password project_domain_name = Default project_name = service user_domain_name = Default password = trove username = TROVE_PASS [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = trove password = TROVE_PASS [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u63a7\u5236\u8282\u70b9\u7684IP\u3002\\ transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801\u3002\\ [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f\u3002\\ Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801\u3002 \u7f16\u8f91/etc/trove/trove-guestagent.conf\u3002 [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df\u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a\u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002\\ transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801\u3002\\ Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801\u3002\\ \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 \u6570\u636e\u5e93\u540c\u6b65\u3002 su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-trove-api.service openstack-trove-taskmanager.service \\ openstack-trove-conductor.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Swift \u00b6 Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 Controller\u8282\u70b9 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 # \u521b\u5efaswift\u7528\u6237 openstack user create --domain default --password-prompt swift # \u6dfb\u52a0admin\u89d2\u8272 openstack role add --project service --user swift admin # \u521b\u5efa\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5Swift\u3002 dnf install openstack-swift-proxy python3-swiftclient python3-keystoneclient \\ python3-keystonemiddleware memcached \u914d\u7f6eproxy-server\u3002 Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cSWIFT_PASS\u5373\u53ef\u3002 vim /etc/swift/proxy-server.conf [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = swift password = SWIFT_PASS delay_auth_decision = True service_token_roles_required = True Storage\u8282\u70b9 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305\u3002 dnf install openstack-swift-account openstack-swift-container openstack-swift-object dnf install xfsprogs rsync \u5c06\u8bbe\u5907/dev/sdb\u548c/dev/sdc\u683c\u5f0f\u5316\u4e3aXFS\u3002 mkfs.xfs /dev/sdb mkfs.xfs /dev/sdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u3002 mkdir -p /srv/node/sdb mkdir -p /srv/node/sdc \u627e\u5230\u65b0\u5206\u533a\u7684UUID\u3002 blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d\u3002 UUID=\"<UUID-from-output-above>\" /srv/node/sdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/sdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\u3002 mount /srv/node/sdb mount /srv/node/sdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e\u3002 \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u914d\u7f6e\u5b58\u50a8\u8282\u70b9\u3002 \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 [DEFAULT] bind_ip = 192.168.0.4 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743\u3002 chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\u3002 mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift Controller\u8282\u70b9\u521b\u5efa\u5e76\u5206\u53d1\u73af \u521b\u5efa\u8d26\u53f7\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840 account.builder \u6587\u4ef6\u3002 swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder account.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS \\ --port 6202 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u8d26\u53f7\u73af\u5185\u5bb9\u3002 swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u8d26\u53f7\u73af\u3002 swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\u3002 swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder container.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u5bb9\u5668\u73af\u5185\u5bb9\u3002 swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u5bb9\u5668\u73af\u3002 swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\u3002 swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder object.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS \\ --port 6200 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u5bf9\u8c61\u73af\u5185\u5bb9\u3002 swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u5bf9\u8c61\u73af\u3002 swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\u3002 \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/swift/swift.conf\u3002 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\u3002 chown -R root:swift /etc/swift \u5b8c\u6210\u5b89\u88c5 \u5728\u63a7\u5236\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\u3002 systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\u3002 systemctl enable openstack-swift-account.service \\ openstack-swift-account-auditor.service \\ openstack-swift-account-reaper.service \\ openstack-swift-account-replicator.service \\ openstack-swift-container.service \\ openstack-swift-container-auditor.service \\ openstack-swift-container-replicator.service \\ openstack-swift-container-updater.service \\ openstack-swift-object.service \\ openstack-swift-object-auditor.service \\ openstack-swift-object-replicator.service \\ openstack-swift-object-updater.service systemctl start openstack-swift-account.service \\ openstack-swift-account-auditor.service \\ openstack-swift-account-reaper.service \\ openstack-swift-account-replicator.service \\ openstack-swift-container.service \\ openstack-swift-container-auditor.service \\ openstack-swift-container-replicator.service \\ openstack-swift-container-updater.service \\ openstack-swift-object.service \\ openstack-swift-object-auditor.service \\ openstack-swift-object-replicator.service \\ openstack-swift-object-updater.service Cyborg \u00b6 Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 Controller\u8282\u70b9 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 mysql -u root -p MariaDB [(none)]> CREATE DATABASE cyborg; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u7528\u6237\u548c\u670d\u52a1\uff0c\u5e76\u8bb0\u4f4f\u521b\u5efacybory\u7528\u6237\u65f6\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6eCYBORG_PASS source ~/.admin-openrc openstack user create --domain default --password-prompt cyborg openstack role add --project service --user cyborg admin openstack service create --name cyborg --description \"Acceleration Service\" accelerator \u4f7f\u7528uwsgi\u90e8\u7f72Cyborg api\u670d\u52a1 openstack endpoint create --region RegionOne accelerator public http://controller/accelerator/v2 openstack endpoint create --region RegionOne accelerator internal http://controller/accelerator/v2 openstack endpoint create --region RegionOne accelerator admin http://controller/accelerator/v2 \u5b89\u88c5Cyborg dnf install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [api] host_ip = 0.0.0.0 [database] connection = mysql+pymysql://cyborg:CYBORG_DBPASS@controller/cyborg [service_catalog] cafile = /opt/stack/data/ca-bundle.pem project_domain_id = default user_domain_id = default project_name = service password = CYBORG_PASS username = cyborg auth_url = http://controller:5000/v3/ auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = password username = PLACEMENT_PASS auth_url = http://controller:5000/v3/ auth_type = password auth_section = keystone_authtoken [nova] project_domain_name = Default project_name = service user_domain_name = Default password = NOVA_PASS username = nova auth_url = http://controller:5000/v3/ auth_type = password auth_section = keystone_authtoken [keystone_authtoken] memcached_servers = localhost:11211 signing_dir = /var/cache/cyborg/api cafile = /opt/stack/data/ca-bundle.pem project_domain_name = Default project_name = service user_domain_name = Default password = CYBORG_PASS username = cyborg auth_url = http://controller:5000/v3/ auth_type = password \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent Aodh \u00b6 Aodh\u53ef\u4ee5\u6839\u636e\u7531Ceilometer\u6216\u8005Gnocchi\u6536\u96c6\u7684\u76d1\u63a7\u6570\u636e\u521b\u5efa\u544a\u8b66\uff0c\u5e76\u8bbe\u7f6e\u89e6\u53d1\u89c4\u5219\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh\u3002 dnf install openstack-aodh-api openstack-aodh-evaluator \\ openstack-aodh-notifier openstack-aodh-listener \\ openstack-aodh-expirer python3-aodhclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/aodh/aodh.conf [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u540c\u6b65\u6570\u636e\u5e93\u3002 aodh-dbsync \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service \\ openstack-aodh-notifier.service openstack-aodh-listener.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service \\ openstack-aodh-notifier.service openstack-aodh-listener.service Gnocchi \u00b6 Gnocchi\u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u65f6\u95f4\u5e8f\u5217\u6570\u636e\u5e93\uff0c\u53ef\u4ee5\u5bf9\u63a5Ceilometer\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi\u3002 dnf install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. # coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u540c\u6b65\u6570\u636e\u5e93\u3002 gnocchi-upgrade \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service Ceilometer \u00b6 Ceilometer\u662fOpenStack\u4e2d\u8d1f\u8d23\u6570\u636e\u6536\u96c6\u7684\u670d\u52a1\u3002 Controller\u8282\u70b9 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer\u8f6f\u4ef6\u5305\u3002 dnf install openstack-ceilometer-notification openstack-ceilometer-central \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/pipeline.yaml\u3002 publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/ceilometer.conf\u3002 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u6570\u636e\u5e93\u540c\u6b65\u3002 ceilometer-upgrade \u5b8c\u6210\u63a7\u5236\u8282\u70b9Ceilometer\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Compute\u8282\u70b9 \u5b89\u88c5Ceilometer\u8f6f\u4ef6\u5305\u3002 dnf install openstack-ceilometer-compute dnf install openstack-ceilometer-ipmi # \u53ef\u9009 \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/ceilometer.conf\u3002 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_url = http://controller:5000 project_domain_id = default user_domain_id = default auth_type = password username = ceilometer project_name = service password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/nova/nova.conf\u3002 [DEFAULT] instance_usage_audit = True instance_usage_audit_period = hour [notifications] notify_on_state_change = vm_and_task_state [oslo_messaging_notifications] driver = messagingv2 \u5b8c\u6210\u5b89\u88c5\u3002 systemctl enable openstack-ceilometer-compute.service systemctl start openstack-ceilometer-compute.service systemctl enable openstack-ceilometer-ipmi.service # \u53ef\u9009 systemctl start openstack-ceilometer-ipmi.service # \u53ef\u9009 # \u91cd\u542fnova-compute\u670d\u52a1 systemctl restart openstack-nova-compute.service Heat \u00b6 Heat\u662f OpenStack \u81ea\u52a8\u7f16\u6392\u670d\u52a1\uff0c\u57fa\u4e8e\u63cf\u8ff0\u6027\u7684\u6a21\u677f\u6765\u7f16\u6392\u590d\u5408\u4e91\u5e94\u7528\uff0c\u4e5f\u79f0\u4e3a Orchestration Service \u3002Heat \u7684\u5404\u670d\u52a1\u4e00\u822c\u5b89\u88c5\u5728 Controller \u8282\u70b9\u4e0a\u3002 Controller\u8282\u70b9 \u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE heat; MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 source ~/.admin-openrc openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f \u521b\u5efa heat domain openstack domain create --description \"Stack projects and users\" heat \u5728 heat domain\u4e0b\u521b\u5efa heat_domain_admin \u7528\u6237\uff0c\u5e76\u8bb0\u4e0b\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6e\u4e0b\u9762\u7684 HEAT_DOMAIN_PASS openstack user create --domain heat --password-prompt heat_domain_admin \u4e3a heat_domain_admin \u7528\u6237\u589e\u52a0 admin \u89d2\u8272 openstack role add --domain heat --user-domain heat --user heat_domain_admin admin \u521b\u5efa heat_stack_owner \u89d2\u8272 openstack role create heat_stack_owner \u521b\u5efa heat_stack_user \u89d2\u8272 openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service Tempest \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 Controller\u8282\u70b9 \uff1a \u5b89\u88c5Tempest dnf install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Antelope\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a dnf install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u90e8\u7f72 \u00b6 oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 yum install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff0cAK/SK\u662f\u7528\u6237\u7684\u534e\u4e3a\u4e91\u767b\u5f55\u5bc6\u94a5\uff0c\u5176\u4ed6\u914d\u7f6e\u4fdd\u6301\u9ed8\u8ba4\u5373\u53ef\uff08\u9ed8\u8ba4\u4f7f\u7528\u65b0\u52a0\u5761region\uff09\uff0c\u9700\u8981\u63d0\u524d\u5728\u4e91\u4e0a\u521b\u5efa\u5bf9\u5e94\u7684\u8d44\u6e90\uff0c\u5305\u62ec\uff1a \u4e00\u4e2a\u5b89\u5168\u7ec4\uff0c\u540d\u5b57\u9ed8\u8ba4\u662f oos \u4e00\u4e2aopenEuler\u955c\u50cf\uff0c\u540d\u79f0\u683c\u5f0f\u662fopenEuler-%(release)s-%(arch)s\uff0c\u4f8b\u5982 openEuler-24.03-SP2-arm64 \u4e00\u4e2aVPC\uff0c\u540d\u79f0\u662f oos_vpc \u8be5VPC\u4e0b\u9762\u4e24\u4e2a\u5b50\u7f51\uff0c\u540d\u79f0\u662f oos_subnet1 \u3001 oos_subnet2 [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668(\u53ea\u5728openEuler LTS\u4e0a\u652f\u6301) \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0|openEuler 24.03 LTS SP2\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 24.03-lts-SP2 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r antelope \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u6267\u884ctempest\u6d4b\u8bd5 \u7528\u6237\u53ef\u4ee5\u4f7f\u7528oos\u81ea\u52a8\u6267\u884c\uff1a oos env test test-oos \u4e5f\u53ef\u4ee5\u624b\u52a8\u767b\u5f55\u76ee\u6807\u8282\u70b9\uff0c\u8fdb\u5165\u6839\u76ee\u5f55\u4e0b\u7684 mytest \u76ee\u5f55\uff0c\u624b\u52a8\u6267\u884c tempest run \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u8df3\u8fc7\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u5728\u7b2c4\u6b65\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 \u88ab\u7eb3\u7ba1\u7684\u865a\u673a\u9700\u8981\u4fdd\u8bc1\uff1a \u81f3\u5c11\u6709\u4e00\u5f20\u7ed9oos\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e neutron_dataplane_interface_name \u81f3\u5c11\u6709\u4e00\u5757\u7ed9oos\u4f7f\u7528\u7684\u786c\u76d8\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e cinder_block_device \u5982\u679c\u8981\u90e8\u7f72swift\u670d\u52a1\uff0c\u5219\u9700\u8981\u65b0\u589e\u4e00\u5757\u786c\u76d8\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e swift_storage_devices # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 24.03-lts-SP2 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"openEuler-24.03-LTS-SP2_Antelope"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#openstack-antelope","text":"OpenStack Antelope \u90e8\u7f72\u6307\u5357 \u57fa\u4e8eRPM\u90e8\u7f72 \u73af\u5883\u51c6\u5907 \u65f6\u949f\u540c\u6b65 \u5b89\u88c5\u6570\u636e\u5e93 \u5b89\u88c5\u6d88\u606f\u961f\u5217 \u5b89\u88c5\u7f13\u5b58\u670d\u52a1 \u90e8\u7f72\u670d\u52a1 Keystone Glance Placement Nova Neutron Cinder Horizon Ironic Trove Swift Cyborg Aodh Gnocchi Ceilometer Heat Tempest \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u90e8\u7f72 \u672c\u6587\u6863\u662f openEuler OpenStack SIG \u7f16\u5199\u7684\u57fa\u4e8e |openEuler 24.03 LTS SP2 \u7684 OpenStack \u90e8\u7f72\u6307\u5357\uff0c\u5185\u5bb9\u7531 SIG \u8d21\u732e\u8005\u63d0\u4f9b\u3002\u5728\u9605\u8bfb\u8fc7\u7a0b\u4e2d\uff0c\u5982\u679c\u60a8\u6709\u4efb\u4f55\u7591\u95ee\u6216\u8005\u53d1\u73b0\u4efb\u4f55\u95ee\u9898\uff0c\u8bf7 \u8054\u7cfb SIG\u7ef4\u62a4\u4eba\u5458\uff0c\u6216\u8005\u76f4\u63a5 \u63d0\u4ea4issue \u7ea6\u5b9a \u672c\u7ae0\u8282\u63cf\u8ff0\u6587\u6863\u4e2d\u7684\u4e00\u4e9b\u901a\u7528\u7ea6\u5b9a\u3002 \u540d\u79f0 \u5b9a\u4e49 RABBIT_PASS rabbitmq\u7684\u5bc6\u7801\uff0c\u7531\u7528\u6237\u8bbe\u7f6e\uff0c\u5728OpenStack\u5404\u4e2a\u670d\u52a1\u914d\u7f6e\u4e2d\u4f7f\u7528 CINDER_PASS cinder\u670d\u52a1keystone\u7528\u6237\u7684\u5bc6\u7801\uff0c\u5728cinder\u914d\u7f6e\u4e2d\u4f7f\u7528 CINDER_DBPASS cinder\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728cinder\u914d\u7f6e\u4e2d\u4f7f\u7528 KEYSTONE_DBPASS keystone\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728keystone\u914d\u7f6e\u4e2d\u4f7f\u7528 GLANCE_PASS glance\u670d\u52a1keystone\u7528\u6237\u7684\u5bc6\u7801\uff0c\u5728glance\u914d\u7f6e\u4e2d\u4f7f\u7528 GLANCE_DBPASS glance\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728glance\u914d\u7f6e\u4e2d\u4f7f\u7528 HEAT_PASS \u5728keystone\u6ce8\u518c\u7684heat\u7528\u6237\u5bc6\u7801\uff0c\u5728heat\u914d\u7f6e\u4e2d\u4f7f\u7528 HEAT_DBPASS heat\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728heat\u914d\u7f6e\u4e2d\u4f7f\u7528 CYBORG_PASS \u5728keystone\u6ce8\u518c\u7684cyborg\u7528\u6237\u5bc6\u7801\uff0c\u5728cyborg\u914d\u7f6e\u4e2d\u4f7f\u7528 CYBORG_DBPASS cyborg\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728cyborg\u914d\u7f6e\u4e2d\u4f7f\u7528 NEUTRON_PASS \u5728keystone\u6ce8\u518c\u7684neutron\u7528\u6237\u5bc6\u7801\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 NEUTRON_DBPASS neutron\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 PROVIDER_INTERFACE_NAME \u7269\u7406\u7f51\u7edc\u63a5\u53e3\u7684\u540d\u79f0\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 OVERLAY_INTERFACE_IP_ADDRESS Controller\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406ip\u5730\u5740\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 METADATA_SECRET metadata proxy\u7684secret\u5bc6\u7801\uff0c\u5728nova\u548cneutron\u914d\u7f6e\u4e2d\u4f7f\u7528 PLACEMENT_DBPASS placement\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728placement\u914d\u7f6e\u4e2d\u4f7f\u7528 PLACEMENT_PASS \u5728keystone\u6ce8\u518c\u7684placement\u7528\u6237\u5bc6\u7801\uff0c\u5728placement\u914d\u7f6e\u4e2d\u4f7f\u7528 NOVA_DBPASS nova\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728nova\u914d\u7f6e\u4e2d\u4f7f\u7528 NOVA_PASS \u5728keystone\u6ce8\u518c\u7684nova\u7528\u6237\u5bc6\u7801\uff0c\u5728nova,cyborg,neutron\u7b49\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_DBPASS ironic\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728ironic\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_PASS \u5728keystone\u6ce8\u518c\u7684ironic\u7528\u6237\u5bc6\u7801\uff0c\u5728ironic\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_INSPECTOR_DBPASS ironic-inspector\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728ironic-inspector\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_INSPECTOR_PASS \u5728keystone\u6ce8\u518c\u7684ironic-inspector\u7528\u6237\u5bc6\u7801\uff0c\u5728ironic-inspector\u914d\u7f6e\u4e2d\u4f7f\u7528 OpenStack SIG \u63d0\u4f9b\u4e86\u591a\u79cd\u57fa\u4e8e openEuler \u90e8\u7f72 OpenStack \u7684\u65b9\u6cd5\uff0c\u4ee5\u6ee1\u8db3\u4e0d\u540c\u7684\u7528\u6237\u573a\u666f\uff0c\u8bf7\u6309\u9700\u9009\u62e9\u3002","title":"OpenStack Antelope \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#rpm","text":"","title":"\u57fa\u4e8eRPM\u90e8\u7f72"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#_1","text":"\u672c\u6587\u6863\u57fa\u4e8eOpenStack\u7ecf\u5178\u7684\u4e09\u8282\u70b9\u73af\u5883\u8fdb\u884c\u90e8\u7f72\uff0c\u4e09\u4e2a\u8282\u70b9\u5206\u522b\u662f\u63a7\u5236\u8282\u70b9(Controller)\u3001\u8ba1\u7b97\u8282\u70b9(Compute)\u3001\u5b58\u50a8\u8282\u70b9(Storage)\uff0c\u5176\u4e2d\u5b58\u50a8\u8282\u70b9\u4e00\u822c\u53ea\u90e8\u7f72\u5b58\u50a8\u670d\u52a1\uff0c\u5728\u8d44\u6e90\u6709\u9650\u7684\u60c5\u51b5\u4e0b\uff0c\u53ef\u4ee5\u4e0d\u5355\u72ec\u90e8\u7f72\u8be5\u8282\u70b9\uff0c\u628a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u670d\u52a1\u90e8\u7f72\u5230\u8ba1\u7b97\u8282\u70b9\u5373\u53ef\u3002 \u9996\u5148\u51c6\u5907\u4e09\u4e2a|openEuler 24.03 LTS SP2\u73af\u5883\uff0c\u6839\u636e\u60a8\u7684\u73af\u5883\uff0c\u4e0b\u8f7d\u5bf9\u5e94\u7684\u955c\u50cf\u5e76\u5b89\u88c5\u5373\u53ef\uff1a ISO\u955c\u50cf \u3001 qcow2\u955c\u50cf \u3002 \u4e0b\u9762\u7684\u5b89\u88c5\u6309\u7167\u5982\u4e0b\u62d3\u6251\u8fdb\u884c\uff1a controller\uff1a192.168.0.2 compute\uff1a 192.168.0.3 storage\uff1a 192.168.0.4 \u5982\u679c\u60a8\u7684\u73af\u5883IP\u4e0d\u540c\uff0c\u8bf7\u6309\u7167\u60a8\u7684\u73af\u5883IP\u4fee\u6539\u76f8\u5e94\u7684\u914d\u7f6e\u6587\u4ef6\u3002 \u672c\u6587\u6863\u7684\u4e09\u8282\u70b9\u670d\u52a1\u62d3\u6251\u5982\u4e0b\u56fe\u6240\u793a(\u53ea\u5305\u542bKeystone\u3001Glance\u3001Nova\u3001Cinder\u3001Neutron\u8fd9\u51e0\u4e2a\u6838\u5fc3\u670d\u52a1\uff0c\u5176\u4ed6\u670d\u52a1\u8bf7\u53c2\u8003\u5177\u4f53\u90e8\u7f72\u7ae0\u8282)\uff1a \u5728\u6b63\u5f0f\u90e8\u7f72\u4e4b\u524d\uff0c\u9700\u8981\u5bf9\u6bcf\u4e2a\u8282\u70b9\u505a\u5982\u4e0b\u914d\u7f6e\u548c\u68c0\u67e5\uff1a \u914d\u7f6e |openEuler 24.03 LTS SP2 \u5b98\u65b9 yum \u6e90\uff0c\u9700\u8981\u542f\u7528 EPOL \u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301 OpenStack yum update yum install openstack-release-antelope yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP2/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-24.03-LTS-SP2/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u6bcf\u4e2a\u8282\u70b9\u5206\u522b\u4fee\u6539\u4e3b\u673a\u540d\uff0c\u4ee5controller\u4e3a\u4f8b\uff1a hostnamectl set-hostname controller vi /etc/hostname \u5185\u5bb9\u4fee\u6539\u4e3acontroller \u7136\u540e\u4fee\u6539\u6bcf\u4e2a\u8282\u70b9\u7684 /etc/hosts \u6587\u4ef6\uff0c\u65b0\u589e\u5982\u4e0b\u5185\u5bb9: 192.168.0.2 controller 192.168.0.3 compute 192.168.0.4 storage","title":"\u73af\u5883\u51c6\u5907"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#_2","text":"\u96c6\u7fa4\u73af\u5883\u65f6\u523b\u8981\u6c42\u6bcf\u4e2a\u8282\u70b9\u7684\u65f6\u95f4\u4e00\u81f4\uff0c\u4e00\u822c\u7531\u65f6\u949f\u540c\u6b65\u8f6f\u4ef6\u4fdd\u8bc1\u3002\u672c\u6587\u4f7f\u7528 chrony \u8f6f\u4ef6\u3002\u6b65\u9aa4\u5982\u4e0b\uff1a Controller\u8282\u70b9 \uff1a \u5b89\u88c5\u670d\u52a1 dnf install chrony \u4fee\u6539 /etc/chrony.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u65b0\u589e\u4e00\u884c # \u8868\u793a\u5141\u8bb8\u54ea\u4e9bIP\u4ece\u672c\u8282\u70b9\u540c\u6b65\u65f6\u949f allow 192.168.0.0/24 \u91cd\u542f\u670d\u52a1 systemctl restart chronyd \u5176\u4ed6\u8282\u70b9 \u5b89\u88c5\u670d\u52a1 dnf install chrony \u4fee\u6539 /etc/chrony.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u65b0\u589e\u4e00\u884c # NTP_SERVER\u662fcontroller IP\uff0c\u8868\u793a\u4ece\u8fd9\u4e2a\u673a\u5668\u83b7\u53d6\u65f6\u95f4\uff0c\u8fd9\u91cc\u6211\u4eec\u586b192.168.0.2\uff0c\u6216\u8005\u5728`/etc/hosts`\u91cc\u914d\u7f6e\u597d\u7684controller\u540d\u5b57\u5373\u53ef\u3002 server NTP_SERVER iburst \u540c\u65f6\uff0c\u8981\u628a pool pool.ntp.org iburst \u8fd9\u4e00\u884c\u6ce8\u91ca\u6389\uff0c\u8868\u793a\u4e0d\u4ece\u516c\u7f51\u540c\u6b65\u65f6\u949f\u3002 \u91cd\u542f\u670d\u52a1 systemctl restart chronyd \u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u68c0\u67e5\u4e00\u4e0b\u7ed3\u679c\uff0c\u5728\u5176\u4ed6\u975econtroller\u8282\u70b9\u6267\u884c chronyc sources \uff0c\u8fd4\u56de\u7ed3\u679c\u7c7b\u4f3c\u5982\u4e0b\u5185\u5bb9\uff0c\u8868\u793a\u6210\u529f\u4ececontroller\u540c\u6b65\u65f6\u949f\u3002 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* 192.168.0.2 4 6 7 0 -1406ns[ +55us] +/- 16ms","title":"\u65f6\u949f\u540c\u6b65"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#_3","text":"\u6570\u636e\u5e93\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528mariadb\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install mariadb-config mariadb mariadb-server python3-PyMySQL \u65b0\u589e\u914d\u7f6e\u6587\u4ef6 /etc/my.cnf.d/openstack.cnf \uff0c\u5185\u5bb9\u5982\u4e0b [mysqld] bind-address = 192.168.0.2 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u542f\u52a8\u670d\u52a1\u5668 systemctl start mariadb \u521d\u59cb\u5316\u6570\u636e\u5e93\uff0c\u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef mysql_secure_installation \u793a\u4f8b\u5982\u4e0b\uff1a NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and haven't set the root password yet, you should just press enter here. Enter current password for root (enter for none): #\u8fd9\u91cc\u8f93\u5165\u5bc6\u7801\uff0c\u7531\u4e8e\u6211\u4eec\u662f\u521d\u59cb\u5316DB\uff0c\u76f4\u63a5\u56de\u8f66\u5c31\u884c OK, successfully used password, moving on... Setting the root password or using the unix_socket ensures that nobody can log into the MariaDB root user without the proper authorisation. You already have your root account protected, so you can safely answer 'n'. # \u8fd9\u91cc\u6839\u636e\u63d0\u793a\u8f93\u5165N Switch to unix_socket authentication [Y/n] N Enabled successfully! Reloading privilege tables.. ... Success! You already have your root account protected, so you can safely answer 'n'. # \u8f93\u5165Y\uff0c\u4fee\u6539\u5bc6\u7801 Change the root password? [Y/n] Y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. # \u8f93\u5165Y\uff0c\u5220\u9664\u533f\u540d\u7528\u6237 Remove anonymous users? [Y/n] Y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. # \u8f93\u5165Y\uff0c\u5173\u95edroot\u8fdc\u7a0b\u767b\u5f55\u6743\u9650 Disallow root login remotely? [Y/n] Y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. # \u8f93\u5165Y\uff0c\u5220\u9664test\u6570\u636e\u5e93 Remove test database and access to it? [Y/n] Y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. # \u8f93\u5165Y\uff0c\u91cd\u8f7d\u914d\u7f6e Reload privilege tables now? [Y/n] Y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. \u9a8c\u8bc1\uff0c\u6839\u636e\u7b2c\u56db\u6b65\u8bbe\u7f6e\u7684\u5bc6\u7801\uff0c\u68c0\u67e5\u662f\u5426\u80fd\u767b\u5f55mariadb mysql -uroot -p","title":"\u5b89\u88c5\u6570\u636e\u5e93"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#_4","text":"\u6d88\u606f\u961f\u5217\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528rabbitmq\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install rabbitmq-server \u542f\u52a8\u670d\u52a1 systemctl start rabbitmq-server \u914d\u7f6eopenstack\u7528\u6237\uff0c RABBIT_PASS \u662fopenstack\u670d\u52a1\u767b\u5f55\u6d88\u606f\u961f\u91cc\u7684\u5bc6\u7801\uff0c\u9700\u8981\u548c\u540e\u9762\u5404\u4e2a\u670d\u52a1\u7684\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\u3002 rabbitmqctl add_user openstack RABBIT_PASS rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5\u6d88\u606f\u961f\u5217"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#_5","text":"\u6d88\u606f\u961f\u5217\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528Memcached\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install memcached python3-memcached \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u542f\u52a8\u670d\u52a1 systemctl start memcached","title":"\u5b89\u88c5\u7f13\u5b58\u670d\u52a1"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#_6","text":"","title":"\u90e8\u7f72\u670d\u52a1"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#keystone","text":"Keystone\u662fOpenStack\u63d0\u4f9b\u7684\u9274\u6743\u670d\u52a1\uff0c\u662f\u6574\u4e2aOpenStack\u7684\u5165\u53e3\uff0c\u63d0\u4f9b\u4e86\u79df\u6237\u9694\u79bb\u3001\u7528\u6237\u8ba4\u8bc1\u3001\u670d\u52a1\u53d1\u73b0\u7b49\u529f\u80fd\uff0c\u5fc5\u987b\u5b89\u88c5\u3002 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server \u6253\u5f00httpd.conf\u5e76\u914d\u7f6e #\u9700\u8981\u4fee\u6539\u7684\u914d\u7f6e\u6587\u4ef6\u8def\u5f84 vim /etc/httpd/conf/httpd.conf #\u4fee\u6539\u4ee5\u4e0b\u9879\uff0c\u5982\u679c\u6ca1\u6709\u5219\u65b0\u6dfb\u52a0 ServerName controller \u521b\u5efa\u8f6f\u94fe\u63a5 ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles \u9700\u8981\u5148\u5b89\u88c5python3-openstackclient dnf install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#glance","text":"Glance\u662fOpenStack\u63d0\u4f9b\u7684\u955c\u50cf\u670d\u52a1\uff0c\u8d1f\u8d23\u865a\u62df\u673a\u3001\u88f8\u673a\u955c\u50cf\u7684\u4e0a\u4f20\u4e0e\u4e0b\u8f7d\uff0c\u5fc5\u987b\u5b89\u88c5\u3002 Controller\u8282\u70b9 \uff1a \u521b\u5efa glance \u6570\u636e\u5e93\u5e76\u6388\u6743 mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521d\u59cb\u5316 glance \u8d44\u6e90\u5bf9\u8c61 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efa\u7528\u6237\u65f6\uff0c\u547d\u4ee4\u884c\u4f1a\u63d0\u793a\u8f93\u5165\u5bc6\u7801\uff0c\u8bf7\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u5bc6\u7801\uff0c\u4e0b\u6587\u6d89\u53ca\u5230 GLANCE_PASS \u7684\u5730\u65b9\u66ff\u6362\u6210\u8be5\u5bc6\u7801\u5373\u53ef\u3002 openstack user create --domain default --password-prompt glance User Password: Repeat User Password: \u6dfb\u52a0glance\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user glance admin \u521b\u5efaglance\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efaglance API\u670d\u52a1\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-glance \u4fee\u6539 glance \u914d\u7f6e\u6587\u4ef6 vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u5bfc\u5165\u73af\u5883\u53d8\u91cf sorce ~/.admin-openrcu \u4e0b\u8f7d\u955c\u50cf x86\u955c\u50cf\u4e0b\u8f7d\uff1a wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img arm\u955c\u50cf\u4e0b\u8f7d\uff1a wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-aarch64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#placement","text":"Placement\u662fOpenStack\u63d0\u4f9b\u7684\u8d44\u6e90\u8c03\u5ea6\u7ec4\u4ef6\uff0c\u4e00\u822c\u4e0d\u9762\u5411\u7528\u6237\uff0c\u7531Nova\u7b49\u7ec4\u4ef6\u8c03\u7528\uff0c\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\u3002 \u5b89\u88c5\u3001\u914d\u7f6ePlacement\u670d\u52a1\u524d\uff0c\u9700\u8981\u5148\u521b\u5efa\u76f8\u5e94\u7684\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548cAPI endpoints\u3002 \u521b\u5efa\u6570\u636e\u5e93 \u4f7f\u7528root\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\u670d\u52a1\uff1a mysql -u root -p \u521b\u5efaplacement\u6570\u636e\u5e93\uff1a MariaDB [(none)]> CREATE DATABASE placement; \u6388\u6743\u6570\u636e\u5e93\u8bbf\u95ee\uff1a MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; \u66ff\u6362 PLACEMENT_DBPASS \u4e3aplacement\u6570\u636e\u5e93\u8bbf\u95ee\u5bc6\u7801\u3002 \u9000\u51fa\u6570\u636e\u5e93\u8bbf\u95ee\u5ba2\u6237\u7aef\uff1a exit \u914d\u7f6e\u7528\u6237\u548cEndpoints source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u521b\u5efaplacement\u7528\u6237\u5e76\u8bbe\u7f6e\u7528\u6237\u5bc6\u7801\uff1a openstack user create --domain default --password-prompt placement User Password: Repeat User Password: \u6dfb\u52a0placement\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user placement admin \u521b\u5efaplacement\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name placement \\ --description \"Placement API\" placement \u521b\u5efaPlacement API\u670d\u52a1endpoints\uff1a openstack endpoint create --region RegionOne \\ placement public http://controller:8778 openstack endpoint create --region RegionOne \\ placement internal http://controller:8778 openstack endpoint create --region RegionOne \\ placement admin http://controller:8778 \u5b89\u88c5\u53ca\u914d\u7f6e\u7ec4\u4ef6 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a dnf install openstack-placement-api \u7f16\u8f91 /etc/placement/placement.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u5b8c\u6210\u5982\u4e0b\u64cd\u4f5c\uff1a \u5728 [placement_database] \u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1a [placement_database] connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement \u66ff\u6362 PLACEMENT_DBPASS \u4e3aplacement\u6570\u636e\u5e93\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u6570\u636e\u5e93\u540c\u6b65\uff0c\u586b\u5145Placement\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8\u670d\u52a1 \u91cd\u542fhttpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650 source ~/.admin-openrc \u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a placement-status upgrade check +----------------------------------------------------------------------+ | Upgrade Check Results | +----------------------------------------------------------------------+ | Check: Missing Root Provider IDs | | Result: Success | | Details: None | +----------------------------------------------------------------------+ | Check: Incomplete Consumers | | Result: Success | | Details: None | +----------------------------------------------------------------------+ | Check: Policy File JSON to YAML Migration | | Result: Failure | | Details: Your policy file is JSON-formatted which is deprecated. You | | need to switch to YAML-formatted file. Use the | | ``oslopolicy-convert-json-to-yaml`` tool to convert the | | existing JSON-formatted files to YAML in a backwards- | | compatible manner: https://docs.openstack.org/oslo.policy/ | | latest/cli/oslopolicy-convert-json-to-yaml.html. | +----------------------------------------------------------------------+ \u8fd9\u91cc\u53ef\u4ee5\u770b\u5230 Policy File JSON to YAML Migration \u7684\u7ed3\u679c\u4e3aFailure\u3002\u8fd9\u662f\u56e0\u4e3a\u5728Placement\u4e2d\uff0cJSON\u683c\u5f0f\u7684policy\u6587\u4ef6\u4eceWallaby\u7248\u672c\u5f00\u59cb\u5df2\u5904\u4e8e deprecated \u72b6\u6001\u3002\u53ef\u4ee5\u53c2\u8003\u63d0\u793a\uff0c\u4f7f\u7528 oslopolicy-convert-json-to-yaml \u5de5\u5177 \u5c06\u73b0\u6709\u7684JSON\u683c\u5f0fpolicy\u6587\u4ef6\u8f6c\u5316\u4e3aYAML\u683c\u5f0f\u3002 oslopolicy-convert-json-to-yaml --namespace placement \\ --policy-file /etc/placement/policy.json \\ --output-file /etc/placement/policy.yaml mv /etc/placement/policy.json{,.bak} \u6ce8\uff1a\u5f53\u524d\u73af\u5883\u4e2d\u6b64\u95ee\u9898\u53ef\u5ffd\u7565\uff0c\u4e0d\u5f71\u54cd\u8fd0\u884c\u3002 \u9488\u5bf9placement API\u8fd0\u884c\u547d\u4ee4\uff1a \u5b89\u88c5osc-placement\u63d2\u4ef6\uff1a dnf install python3-osc-placement \u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a openstack --os-placement-api-version 1.2 resource class list --sort-column name +----------------------------+ | name | +----------------------------+ | DISK_GB | | FPGA | | ... | openstack --os-placement-api-version 1.6 trait list --sort-column name +---------------------------------------+ | name | +---------------------------------------+ | COMPUTE_ACCELERATORS | | COMPUTE_ARCH_AARCH64 | | ... |","title":"Placement"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#nova","text":"Nova\u662fOpenStack\u7684\u8ba1\u7b97\u670d\u52a1\uff0c\u8d1f\u8d23\u865a\u62df\u673a\u7684\u521b\u5efa\u3001\u53d1\u653e\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u521b\u5efa\u6570\u636e\u5e93 \u4f7f\u7528root\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\u670d\u52a1\uff1a mysql -u root -p \u521b\u5efa nova_api \u3001 nova \u548c nova_cell0 \u6570\u636e\u5e93\uff1a MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; \u6388\u6743\u6570\u636e\u5e93\u8bbf\u95ee\uff1a MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; \u66ff\u6362 NOVA_DBPASS \u4e3anova\u76f8\u5173\u6570\u636e\u5e93\u8bbf\u95ee\u5bc6\u7801\u3002 \u9000\u51fa\u6570\u636e\u5e93\u8bbf\u95ee\u5ba2\u6237\u7aef\uff1a exit \u914d\u7f6e\u7528\u6237\u548cEndpoints source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u521b\u5efanova\u7528\u6237\u5e76\u8bbe\u7f6e\u7528\u6237\u5bc6\u7801\uff1a openstack user create --domain default --password-prompt nova User Password: Repeat User Password: \u6dfb\u52a0nova\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user nova admin \u521b\u5efanova\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name nova \\ --description \"OpenStack Compute\" compute \u521b\u5efaNova API\u670d\u52a1endpoints\uff1a openstack endpoint create --region RegionOne \\ compute public http://controller:8774/v2.1 openstack endpoint create --region RegionOne \\ compute internal http://controller:8774/v2.1 openstack endpoint create --region RegionOne \\ compute admin http://controller:8774/v2.1 \u5b89\u88c5\u53ca\u914d\u7f6e\u7ec4\u4ef6 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a dnf install openstack-nova-api openstack-nova-conductor \\ openstack-nova-novncproxy openstack-nova-scheduler \u7f16\u8f91 /etc/nova/nova.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u5b8c\u6210\u5982\u4e0b\u64cd\u4f5c\uff1a \u5728 [default] \u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u4f7f\u7528controller\u8282\u70b9\u7ba1\u7406IP\u914d\u7f6emy_ip\uff0c\u663e\u5f0f\u5b9a\u4e49log_dir\uff1a [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 192.168.0.2 log_dir = /var/log/nova state_path = /var/lib/nova \u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002 \u5728 [api_database] \u548c [database] \u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1a [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova \u66ff\u6362 NOVA_DBPASS \u4e3anova\u76f8\u5173\u6570\u636e\u5e93\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u5728 [vnc] \u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1a [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip \u5728 [glance] \u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1a [glance] api_servers = http://controller:9292 \u5728 [oslo_concurrency] \u90e8\u5206\uff0c\u914d\u7f6elock path\uff1a [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\uff1a [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u6570\u636e\u5e93\u540c\u6b65\uff1a \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova \u542f\u52a8\u670d\u52a1 systemctl enable \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service Compute\u8282\u70b9 \u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-nova-compute \u7f16\u8f91 /etc/nova/nova.conf \u914d\u7f6e\u6587\u4ef6 \u5728 [default] \u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u4f7f\u7528Compute\u8282\u70b9\u7ba1\u7406IP\u914d\u7f6emy_ip\uff0c\u663e\u5f0f\u5b9a\u4e49compute_driver\u3001instances_path\u3001log_dir\uff1a [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 192.168.0.3 compute_driver = libvirt.LibvirtDriver instances_path = /var/lib/nova/instances log_dir = /var/log/nova \u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u5728 [vnc] \u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1a [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html \u5728 [glance] \u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1a [glance] api_servers = http://controller:9292 \u5728 [oslo_concurrency] \u90e8\u5206\uff0c\u914d\u7f6elock path\uff1a [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\uff1a [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86_64\uff09 \u5904\u7406\u5668\u4e3ax86_64\u67b6\u6784\u65f6\uff0c\u53ef\u901a\u8fc7\u8fd0\u884c\u5982\u4e0b\u547d\u4ee4\u786e\u8ba4\u662f\u5426\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662f\u9ed8\u8ba4\u7684KVM\u3002\u7f16\u8f91 /etc/nova/nova.conf \u7684 [libvirt] \u90e8\u5206\uff1a [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e\u3002 \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08arm64\uff09 \u5904\u7406\u5668\u4e3aarm64\u67b6\u6784\u65f6\uff0c\u53ef\u901a\u8fc7\u8fd0\u884c\u5982\u4e0b\u547d\u4ee4\u786e\u8ba4\u662f\u5426\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff1a virt-host-validate # \u8be5\u547d\u4ee4\u7531libvirt\u63d0\u4f9b\uff0c\u6b64\u65f6libvirt\u5e94\u5df2\u4f5c\u4e3aopenstack-nova-compute\u4f9d\u8d56\u88ab\u5b89\u88c5\uff0c\u73af\u5883\u4e2d\u5df2\u6709\u6b64\u547d\u4ee4 \u663e\u793aFAIL\u65f6\uff0c\u8868\u793a\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662f\u9ed8\u8ba4\u7684KVM\u3002 QEMU: Checking if device /dev/kvm exists: FAIL (Check that CPU and firmware supports virtualization and kvm module is loaded) \u7f16\u8f91 /etc/nova/nova.conf \u7684 [libvirt] \u90e8\u5206\uff1a [libvirt] virt_type = qemu \u663e\u793aPASS\u65f6\uff0c\u8868\u793a\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e\u3002 QEMU: Checking if device /dev/kvm exists: PASS \u914d\u7f6eqemu\uff08\u4ec5arm64\uff09 \u4ec5\u5f53\u5904\u7406\u5668\u4e3aarm64\u67b6\u6784\u65f6\u9700\u8981\u6267\u884c\u6b64\u64cd\u4f5c\u3002 \u7f16\u8f91 /etc/libvirt/qemu.conf : nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u7f16\u8f91 /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } \u542f\u52a8\u670d\u52a1 systemctl enable libvirtd.service openstack-nova-compute.service systemctl start libvirtd.service openstack-nova-compute.service Controller\u8282\u70b9 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u786e\u8ba4nova-compute\u670d\u52a1\u5df2\u8bc6\u522b\u5230\u6570\u636e\u5e93\u4e2d\uff1a openstack compute service list --service nova-compute \u53d1\u73b0\u8ba1\u7b97\u8282\u70b9\uff0c\u5c06\u8ba1\u7b97\u8282\u70b9\u6dfb\u52a0\u5230cell\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova \u7ed3\u679c\u5982\u4e0b\uff1a Modules with known eventlet monkey patching issues were imported prior to eventlet monkey patching: urllib3. This warning can usually be ignored if the caller is only importing and not executing nova code. Found 2 cell mappings. Skipping cell0 since it does not contain hosts. Getting computes from cell 'cell1': 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2 Checking host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e Creating host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e Found 1 unmapped computes in cell: 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2 \u9a8c\u8bc1 \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check","title":"Nova"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#neutron","text":"Neutron\u662fOpenStack\u7684\u7f51\u7edc\u670d\u52a1\uff0c\u63d0\u4f9b\u865a\u62df\u4ea4\u6362\u673a\u3001IP\u8def\u7531\u3001DHCP\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u670d\u52a1\u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u7528\u6237\u548c\u670d\u52a1\uff0c\u5e76\u8bb0\u4f4f\u521b\u5efaneutron\u7528\u6237\u65f6\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6eNEUTRON_PASS\uff1a source ~/.admin-openrc openstack user create --domain default --password-prompt neutron openstack role add --project service --user neutron admin openstack service create --name neutron --description \"OpenStack Networking\" network \u90e8\u7f72 Neutron API \u670d\u52a1\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 openstack endpoint create --region RegionOne network internal http://controller:9696 openstack endpoint create --region RegionOne network admin http://controller:9696 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install -y openstack-neutron openstack-neutron-linuxbridge ebtables ipset openstack-neutron-ml2 3. \u914d\u7f6eNeutron \u4fee\u6539/etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron [DEFAULT] core_plugin = ml2 service_plugins = router allow_overlapping_ips = true transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = nova password = NOVA_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp [experimental] linuxbridge = true \u914d\u7f6eML2\uff0cML2\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge** \u4fee\u6539/etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u4fee\u6539/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u914d\u7f6eLayer-3\u4ee3\u7406 \u4fee\u6539/etc/neutron/l3_agent.ini [DEFAULT] interface_driver = linuxbridge \u914d\u7f6eDHCP\u4ee3\u7406 \u4fee\u6539/etc/neutron/dhcp_agent.ini [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u914d\u7f6emetadata\u4ee3\u7406 \u4fee\u6539/etc/neutron/metadata_agent.ini [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u914d\u7f6enova\u670d\u52a1\u4f7f\u7528neutron\uff0c\u4fee\u6539/etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542fnova api\u670d\u52a1 systemctl restart openstack-nova-api \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service systemctl start neutron-server.service neutron-linuxbridge-agent.service \\ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service Compute\u8282\u70b9 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-neutron-linuxbridge ebtables ipset -y \u914d\u7f6eNeutron \u4fee\u6539/etc/neutron/neutron.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u4fee\u6539/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u914d\u7f6enova compute\u670d\u52a1\u4f7f\u7528neutron\uff0c\u4fee\u6539/etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS \u91cd\u542fnova-compute\u670d\u52a1 systemctl restart openstack-nova-compute.service \u542f\u52a8Neutron linuxbridge agent\u670d\u52a1 systemctl enable neutron-linuxbridge-agent systemctl start neutron-linuxbridge-agent","title":"Neutron"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#cinder","text":"Cinder\u662fOpenStack\u7684\u5b58\u50a8\u670d\u52a1\uff0c\u63d0\u4f9b\u5757\u8bbe\u5907\u7684\u521b\u5efa\u3001\u53d1\u653e\u3001\u5907\u4efd\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \uff1a \u521d\u59cb\u5316\u6570\u636e\u5e93 CINDER_DBPASS \u662f\u7528\u6237\u81ea\u5b9a\u4e49\u7684cinder\u6570\u636e\u5e93\u5bc6\u7801\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u521d\u59cb\u5316Keystone\u8d44\u6e90\u5bf9\u8c61 source ~/.admin-openrc #\u521b\u5efa\u7528\u6237\u65f6\uff0c\u547d\u4ee4\u884c\u4f1a\u63d0\u793a\u8f93\u5165\u5bc6\u7801\uff0c\u8bf7\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u5bc6\u7801\uff0c\u4e0b\u6587\u6d89\u53ca\u5230`CINDER_PASS`\u7684\u5730\u65b9\u66ff\u6362\u6210\u8be5\u5bc6\u7801\u5373\u53ef\u3002 openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s 3. \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-cinder-api openstack-cinder-scheduler \u4fee\u6539cinder\u914d\u7f6e\u6587\u4ef6 /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 192.168.0.2 [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp \u6570\u636e\u5e93\u540c\u6b65 su -s /bin/sh -c \"cinder-manage db sync\" cinder \u4fee\u6539nova\u914d\u7f6e /etc/nova/nova.conf [cinder] os_region_name = RegionOne \u542f\u52a8\u670d\u52a1 systemctl restart openstack-nova-api systemctl start openstack-cinder-api openstack-cinder-scheduler Storage\u8282\u70b9 \uff1a Storage\u8282\u70b9\u8981\u63d0\u524d\u51c6\u5907\u81f3\u5c11\u4e00\u5757\u786c\u76d8\uff0c\u4f5c\u4e3acinder\u7684\u5b58\u50a8\u540e\u7aef\uff0c\u4e0b\u6587\u9ed8\u8ba4storage\u8282\u70b9\u5df2\u7ecf\u5b58\u5728\u4e00\u5757\u672a\u4f7f\u7528\u7684\u786c\u76d8\uff0c\u8bbe\u5907\u540d\u79f0\u4e3a /dev/sdb \uff0c\u7528\u6237\u5728\u914d\u7f6e\u8fc7\u7a0b\u4e2d\uff0c\u8bf7\u6309\u7167\u771f\u5b9e\u73af\u5883\u4fe1\u606f\u8fdb\u884c\u540d\u79f0\u66ff\u6362\u3002 Cinder\u652f\u6301\u5f88\u591a\u7c7b\u578b\u7684\u540e\u7aef\u5b58\u50a8\uff0c\u672c\u6307\u5bfc\u4f7f\u7528\u6700\u7b80\u5355\u7684lvm\u4e3a\u53c2\u8003\uff0c\u5982\u679c\u60a8\u60f3\u4f7f\u7528\u5982ceph\u7b49\u5176\u4ed6\u540e\u7aef\uff0c\u8bf7\u81ea\u884c\u914d\u7f6e\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils openstack-cinder-volume openstack-cinder-backup \u914d\u7f6elvm\u5377\u7ec4 pvcreate /dev/sdb vgcreate cinder-volumes /dev/sdb \u4fee\u6539cinder\u914d\u7f6e /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 192.168.0.4 enabled_backends = lvm glance_api_servers = http://controller:9292 [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = cinder password = CINDER_PASS [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver volume_group = cinder-volumes target_protocol = iscsi target_helper = lioadm [oslo_concurrency] lock_path = /var/lib/cinder/tmp \u914d\u7f6ecinder backup \uff08\u53ef\u9009\uff09 cinder-backup\u662f\u53ef\u9009\u7684\u5907\u4efd\u670d\u52a1\uff0ccinder\u540c\u6837\u652f\u6301\u5f88\u591a\u79cd\u5907\u4efd\u540e\u7aef\uff0c\u672c\u6587\u4f7f\u7528swift\u5b58\u50a8\uff0c\u5982\u679c\u60a8\u60f3\u4f7f\u7528\u5982NFS\u7b49\u540e\u7aef\uff0c\u8bf7\u81ea\u884c\u914d\u7f6e\uff0c\u4f8b\u5982\u53ef\u4ee5\u53c2\u8003 OpenStack\u5b98\u65b9\u6587\u6863 \u5bf9NFS\u7684\u914d\u7f6e\u8bf4\u660e\u3002 \u4fee\u6539 /etc/cinder/cinder.conf \uff0c\u5728 [DEFAULT] \u4e2d\u65b0\u589e [DEFAULT] backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver backup_swift_url = SWIFT_URL \u8fd9\u91cc\u7684 SWIFT_URL \u662f\u6307\u73af\u5883\u4e2dswift\u670d\u52a1\u7684URL\uff0c\u5728\u90e8\u7f72\u5b8cswift\u670d\u52a1\u540e\uff0c\u6267\u884c openstack catalog show object-store \u547d\u4ee4\u83b7\u53d6\u3002 \u542f\u52a8\u670d\u52a1 systemctl start openstack-cinder-volume target systemctl start openstack-cinder-backup (\u53ef\u9009) \u81f3\u6b64\uff0cCinder\u670d\u52a1\u7684\u90e8\u7f72\u5df2\u5168\u90e8\u5b8c\u6210\uff0c\u53ef\u4ee5\u5728controller\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u8fdb\u884c\u7b80\u5355\u7684\u9a8c\u8bc1 source ~/.admin-openrc openstack storage service list openstack volume list","title":"Cinder"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#horizon","text":"Horizon\u662fOpenStack\u63d0\u4f9b\u7684\u524d\u7aef\u9875\u9762\uff0c\u53ef\u4ee5\u8ba9\u7528\u6237\u901a\u8fc7\u7f51\u9875\u9f20\u6807\u7684\u64cd\u4f5c\u6765\u63a7\u5236OpenStack\u96c6\u7fa4\uff0c\u800c\u4e0d\u7528\u7e41\u7410\u7684CLI\u547d\u4ee4\u884c\u3002Horizon\u4e00\u822c\u90e8\u7f72\u5728\u63a7\u5236\u8282\u70b9\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-dashboard \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] OPENSTACK_KEYSTONE_URL = \"http://controller:5000/v3\" SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f\u670d\u52a1 systemctl restart httpd \u81f3\u6b64\uff0chorizon\u670d\u52a1\u7684\u90e8\u7f72\u5df2\u5168\u90e8\u5b8c\u6210\uff0c\u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165 http://192.168.0.2/dashboard \uff0c\u6253\u5f00horizon\u767b\u5f55\u9875\u9762\u3002","title":"Horizon"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASS'; MariaDB [(none)]> exit Bye \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 \u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 \u66ff\u6362 IRONIC_PASS \u4e3aironic\u7528\u6237\u5bc6\u7801\uff0c IRONIC_INSPECTOR_PASS \u4e3aironic_inspector\u7528\u6237\u5bc6\u7801\u3002 openstack user create --password IRONIC_PASS \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASS --email ironic_inspector@example.com ironic-inspector openstack role add --project service --user ironic-inspector admin \u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal public http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal internal http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://192.168.0.2:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://192.168.0.2:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://192.168.0.2:5050/v1 \u5b89\u88c5\u7ec4\u4ef6 dnf install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf \u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASS \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQ LAlchemy connection string used to connect to the # database (string value) # connection = mysql+pymysql://ironic:IRONIC_DBPASS@DB_IP/ironic connection = mysql+pymysql://ironic:IRONIC_DBPASS@controller/ironic \u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) # transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq \u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASS \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s % (user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) # www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 www_authenticate_uri=http://controller:5000 # Complete admin Identity API endpoint. (string value) # auth_url=http://PRIVATE_IDENTITY_IP:5000 auth_url=http://controller:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASS # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none \u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema \u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 \u5982\u4e0b\u4e3aironic-conductor\u670d\u52a1\u81ea\u8eab\u7684\u6807\u51c6\u914d\u7f6e\uff0cironic-conductor\u670d\u52a1\u53ef\u4ee5\u4e0eironic-api\u670d\u52a1\u5206\u5e03\u4e8e\u4e0d\u540c\u8282\u70b9\uff0c\u672c\u6307\u5357\u4e2d\u5747\u90e8\u7f72\u4e0e\u63a7\u5236\u8282\u70b9\uff0c\u6240\u4ee5\u91cd\u590d\u7684\u914d\u7f6e\u9879\u53ef\u8df3\u8fc7\u3002 \u66ff\u6362\u4f7f\u7528conductor\u670d\u52a1\u6240\u5728host\u7684IP\u914d\u7f6emy_ip\uff1a [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) # my_ip=HOST_IP my_ip = 192.168.0.2 \u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASS \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASS@controller/ironic \u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq \u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c \u66ff\u6362IRONIC_PASS\u4e3aironic\u7528\u6237\u5bc6\u7801\u3002 [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASS # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public # \u5176\u4ed6\u53c2\u8003\u914d\u7f6e [glance] endpoint_override = http://controller:9292 www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 auth_type = password username = ironic password = IRONIC_PASS project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service [service_catalog] region_name = RegionOne project_domain_id = default user_domain_id = default project_name = service password = IRONIC_PASS username = ironic auth_url = http://controller:5000 auth_type = password \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] endpoint_override = <NEUTRON_API_ADDRESS> \u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 \u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u5b89\u88c5\u7ec4\u4ef6 dnf install openstack-ironic-inspector \u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASS'; MariaDB [(none)]> exit Bye \u914d\u7f6e /etc/ironic-inspector/inspector.conf \u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASS \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801 [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASS@controller/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 \u914d\u7f6e\u6d88\u606f\u961f\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s % (user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://controller:5000 www_authenticate_uri = http://controller:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = controller:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True \u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=192.168.0.40,192.168.0.50 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log \u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c \u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade \u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 dnf install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd deploy ramdisk\u955c\u50cf\u4e0b\u8f7d\u6216\u5236\u4f5c \u90e8\u7f72\u4e00\u4e2a\u88f8\u673a\u8282\u70b9\u603b\u5171\u9700\u8981\u4e24\u7ec4\u955c\u50cf\uff1adeploy ramdisk images\u548cuser images\u3002Deploy ramdisk images\u4e0a\u8fd0\u884c\u6709ironic-python-agent(IPA)\u670d\u52a1\uff0cIronic\u901a\u8fc7\u5b83\u8fdb\u884c\u88f8\u673a\u8282\u70b9\u7684\u73af\u5883\u51c6\u5907\u3002User images\u662f\u6700\u7ec8\u88ab\u5b89\u88c5\u88f8\u673a\u8282\u70b9\u4e0a\uff0c\u4f9b\u7528\u6237\u4f7f\u7528\u7684\u955c\u50cf\u3002 ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent-builder\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002\u82e5\u4f7f\u7528\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \uff0c\u540c\u65f6\u5b98\u65b9\u4e5f\u6709\u63d0\u4f9b\u5236\u4f5c\u597d\u7684deploy\u955c\u50cf\uff0c\u53ef\u5c1d\u8bd5\u4e0b\u8f7d\u3002 \u4e0b\u6587\u4ecb\u7ecd\u901a\u8fc7ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder dnf install python3-ironic-python-agent-builder \u6216 pip3 install ironic-python-agent-builder dnf install qemu-img git \u5236\u4f5c\u955c\u50cf \u57fa\u672c\u7528\u6cd5\uff1a usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--lzma] [--extra-args EXTRA_ARGS] [--elements-path ELEMENTS_PATH] distribution positional arguments: distribution Distribution to use options: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic-python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --lzma Use lzma compression for smaller images --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder --elements-path ELEMENTS_PATH Path(s) to custom DIB elements separated by a colon \u64cd\u4f5c\u5b9e\u4f8b\uff1a # -o\u9009\u9879\u6307\u5b9a\u751f\u6210\u7684\u955c\u50cf\u540d # ubuntu\u6307\u5b9a\u751f\u6210ubuntu\u7cfb\u7edf\u7684\u955c\u50cf ironic-python-agent-builder -o my-ubuntu-ipa ubuntu \u53ef\u901a\u8fc7\u8bbe\u7f6e ARCH \u73af\u5883\u53d8\u91cf\uff08\u9ed8\u8ba4\u4e3aamd64\uff09\u6307\u5b9a\u6240\u6784\u5efa\u955c\u50cf\u7684\u67b6\u6784\u3002\u5982\u679c\u662f arm \u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a export ARCH=aarch64 \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf,\u8bbe\u7f6e\u7528\u6237\u540d\u3001\u5bc6\u7801\uff0c\u542f\u7528 sodo \u6743\u9650\uff1b\u5e76\u6dfb\u52a0 -e \u9009\u9879\u4f7f\u7528\u76f8\u5e94\u7684DIB\u5143\u7d20\u3002\u5236\u4f5c\u955c\u50cf\u64cd\u4f5c\u5982\u4e0b\uff1a export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder -o my-ssh-ubuntu-ipa -e selinux-permissive -e devuser ubuntu \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=stable/2023.1 # \u6307\u5b9a\u672c\u5730\u4ed3\u5e93\u53ca\u5206\u652f DIB_REPOLOCATION_ironic_python_agent=/home/user/path/to/repo DIB_REPOREF_ironic_python_agent=my-test-branch ironic-python-agent-builder ubuntu \u53c2\u8003\uff1a source-repositories \u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\u3002 \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a \u5f53\u524d\u7248\u672c\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ ramdisk\u955c\u50cf\u4e2d\u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 \u7f16\u8f91/usr/lib/systemd/system/ironic-python-agent.service\u6587\u4ef6 [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target","title":"Ironic"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2atrove\u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684trove\u6570\u636e\u5e93\uff0c\u66ff\u6362TROVE_DBPASS\u4e3a\u5408\u9002\u7684\u5bc6\u7801\u3002 CREATE DATABASE trove CHARACTER SET utf8; GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' IDENTIFIED BY 'TROVE_DBPASS'; GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' IDENTIFIED BY 'TROVE_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 # \u521b\u5efatrove\u7528\u6237 openstack user create --domain default --password-prompt trove # \u6dfb\u52a0admin\u89d2\u8272 openstack role add --project service --user trove admin # \u521b\u5efadatabase\u670d\u52a1 openstack service create --name trove --description \"Database service\" database \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5Trove\u3002 dnf install openstack-trove python-troveclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 \u7f16\u8f91/etc/trove/trove.conf\u3002 [DEFAULT] bind_host=192.168.0.2 log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver network_label_regex=.* management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] auth_url = http://controller:5000/v3/ auth_type = password project_domain_name = Default project_name = service user_domain_name = Default password = trove username = TROVE_PASS [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = trove password = TROVE_PASS [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u63a7\u5236\u8282\u70b9\u7684IP\u3002\\ transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801\u3002\\ [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f\u3002\\ Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801\u3002 \u7f16\u8f91/etc/trove/trove-guestagent.conf\u3002 [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df\u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a\u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002\\ transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801\u3002\\ Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801\u3002\\ \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 \u6570\u636e\u5e93\u540c\u6b65\u3002 su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-trove-api.service openstack-trove-taskmanager.service \\ openstack-trove-conductor.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#swift","text":"Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 Controller\u8282\u70b9 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 # \u521b\u5efaswift\u7528\u6237 openstack user create --domain default --password-prompt swift # \u6dfb\u52a0admin\u89d2\u8272 openstack role add --project service --user swift admin # \u521b\u5efa\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5Swift\u3002 dnf install openstack-swift-proxy python3-swiftclient python3-keystoneclient \\ python3-keystonemiddleware memcached \u914d\u7f6eproxy-server\u3002 Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cSWIFT_PASS\u5373\u53ef\u3002 vim /etc/swift/proxy-server.conf [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = swift password = SWIFT_PASS delay_auth_decision = True service_token_roles_required = True Storage\u8282\u70b9 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305\u3002 dnf install openstack-swift-account openstack-swift-container openstack-swift-object dnf install xfsprogs rsync \u5c06\u8bbe\u5907/dev/sdb\u548c/dev/sdc\u683c\u5f0f\u5316\u4e3aXFS\u3002 mkfs.xfs /dev/sdb mkfs.xfs /dev/sdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u3002 mkdir -p /srv/node/sdb mkdir -p /srv/node/sdc \u627e\u5230\u65b0\u5206\u533a\u7684UUID\u3002 blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d\u3002 UUID=\"<UUID-from-output-above>\" /srv/node/sdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/sdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\u3002 mount /srv/node/sdb mount /srv/node/sdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e\u3002 \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u914d\u7f6e\u5b58\u50a8\u8282\u70b9\u3002 \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 [DEFAULT] bind_ip = 192.168.0.4 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743\u3002 chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\u3002 mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift Controller\u8282\u70b9\u521b\u5efa\u5e76\u5206\u53d1\u73af \u521b\u5efa\u8d26\u53f7\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840 account.builder \u6587\u4ef6\u3002 swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder account.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS \\ --port 6202 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u8d26\u53f7\u73af\u5185\u5bb9\u3002 swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u8d26\u53f7\u73af\u3002 swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\u3002 swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder container.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u5bb9\u5668\u73af\u5185\u5bb9\u3002 swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u5bb9\u5668\u73af\u3002 swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\u3002 swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder object.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS \\ --port 6200 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u5bf9\u8c61\u73af\u5185\u5bb9\u3002 swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u5bf9\u8c61\u73af\u3002 swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\u3002 \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/swift/swift.conf\u3002 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\u3002 chown -R root:swift /etc/swift \u5b8c\u6210\u5b89\u88c5 \u5728\u63a7\u5236\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\u3002 systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\u3002 systemctl enable openstack-swift-account.service \\ openstack-swift-account-auditor.service \\ openstack-swift-account-reaper.service \\ openstack-swift-account-replicator.service \\ openstack-swift-container.service \\ openstack-swift-container-auditor.service \\ openstack-swift-container-replicator.service \\ openstack-swift-container-updater.service \\ openstack-swift-object.service \\ openstack-swift-object-auditor.service \\ openstack-swift-object-replicator.service \\ openstack-swift-object-updater.service systemctl start openstack-swift-account.service \\ openstack-swift-account-auditor.service \\ openstack-swift-account-reaper.service \\ openstack-swift-account-replicator.service \\ openstack-swift-container.service \\ openstack-swift-container-auditor.service \\ openstack-swift-container-replicator.service \\ openstack-swift-container-updater.service \\ openstack-swift-object.service \\ openstack-swift-object-auditor.service \\ openstack-swift-object-replicator.service \\ openstack-swift-object-updater.service","title":"Swift"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#cyborg","text":"Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 Controller\u8282\u70b9 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 mysql -u root -p MariaDB [(none)]> CREATE DATABASE cyborg; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u7528\u6237\u548c\u670d\u52a1\uff0c\u5e76\u8bb0\u4f4f\u521b\u5efacybory\u7528\u6237\u65f6\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6eCYBORG_PASS source ~/.admin-openrc openstack user create --domain default --password-prompt cyborg openstack role add --project service --user cyborg admin openstack service create --name cyborg --description \"Acceleration Service\" accelerator \u4f7f\u7528uwsgi\u90e8\u7f72Cyborg api\u670d\u52a1 openstack endpoint create --region RegionOne accelerator public http://controller/accelerator/v2 openstack endpoint create --region RegionOne accelerator internal http://controller/accelerator/v2 openstack endpoint create --region RegionOne accelerator admin http://controller/accelerator/v2 \u5b89\u88c5Cyborg dnf install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [api] host_ip = 0.0.0.0 [database] connection = mysql+pymysql://cyborg:CYBORG_DBPASS@controller/cyborg [service_catalog] cafile = /opt/stack/data/ca-bundle.pem project_domain_id = default user_domain_id = default project_name = service password = CYBORG_PASS username = cyborg auth_url = http://controller:5000/v3/ auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = password username = PLACEMENT_PASS auth_url = http://controller:5000/v3/ auth_type = password auth_section = keystone_authtoken [nova] project_domain_name = Default project_name = service user_domain_name = Default password = NOVA_PASS username = nova auth_url = http://controller:5000/v3/ auth_type = password auth_section = keystone_authtoken [keystone_authtoken] memcached_servers = localhost:11211 signing_dir = /var/cache/cyborg/api cafile = /opt/stack/data/ca-bundle.pem project_domain_name = Default project_name = service user_domain_name = Default password = CYBORG_PASS username = cyborg auth_url = http://controller:5000/v3/ auth_type = password \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent","title":"Cyborg"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#aodh","text":"Aodh\u53ef\u4ee5\u6839\u636e\u7531Ceilometer\u6216\u8005Gnocchi\u6536\u96c6\u7684\u76d1\u63a7\u6570\u636e\u521b\u5efa\u544a\u8b66\uff0c\u5e76\u8bbe\u7f6e\u89e6\u53d1\u89c4\u5219\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh\u3002 dnf install openstack-aodh-api openstack-aodh-evaluator \\ openstack-aodh-notifier openstack-aodh-listener \\ openstack-aodh-expirer python3-aodhclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/aodh/aodh.conf [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u540c\u6b65\u6570\u636e\u5e93\u3002 aodh-dbsync \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service \\ openstack-aodh-notifier.service openstack-aodh-listener.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service \\ openstack-aodh-notifier.service openstack-aodh-listener.service","title":"Aodh"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#gnocchi","text":"Gnocchi\u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u65f6\u95f4\u5e8f\u5217\u6570\u636e\u5e93\uff0c\u53ef\u4ee5\u5bf9\u63a5Ceilometer\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi\u3002 dnf install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. # coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u540c\u6b65\u6570\u636e\u5e93\u3002 gnocchi-upgrade \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service","title":"Gnocchi"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#ceilometer","text":"Ceilometer\u662fOpenStack\u4e2d\u8d1f\u8d23\u6570\u636e\u6536\u96c6\u7684\u670d\u52a1\u3002 Controller\u8282\u70b9 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer\u8f6f\u4ef6\u5305\u3002 dnf install openstack-ceilometer-notification openstack-ceilometer-central \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/pipeline.yaml\u3002 publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/ceilometer.conf\u3002 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u6570\u636e\u5e93\u540c\u6b65\u3002 ceilometer-upgrade \u5b8c\u6210\u63a7\u5236\u8282\u70b9Ceilometer\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Compute\u8282\u70b9 \u5b89\u88c5Ceilometer\u8f6f\u4ef6\u5305\u3002 dnf install openstack-ceilometer-compute dnf install openstack-ceilometer-ipmi # \u53ef\u9009 \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/ceilometer.conf\u3002 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_url = http://controller:5000 project_domain_id = default user_domain_id = default auth_type = password username = ceilometer project_name = service password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/nova/nova.conf\u3002 [DEFAULT] instance_usage_audit = True instance_usage_audit_period = hour [notifications] notify_on_state_change = vm_and_task_state [oslo_messaging_notifications] driver = messagingv2 \u5b8c\u6210\u5b89\u88c5\u3002 systemctl enable openstack-ceilometer-compute.service systemctl start openstack-ceilometer-compute.service systemctl enable openstack-ceilometer-ipmi.service # \u53ef\u9009 systemctl start openstack-ceilometer-ipmi.service # \u53ef\u9009 # \u91cd\u542fnova-compute\u670d\u52a1 systemctl restart openstack-nova-compute.service","title":"Ceilometer"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#heat","text":"Heat\u662f OpenStack \u81ea\u52a8\u7f16\u6392\u670d\u52a1\uff0c\u57fa\u4e8e\u63cf\u8ff0\u6027\u7684\u6a21\u677f\u6765\u7f16\u6392\u590d\u5408\u4e91\u5e94\u7528\uff0c\u4e5f\u79f0\u4e3a Orchestration Service \u3002Heat \u7684\u5404\u670d\u52a1\u4e00\u822c\u5b89\u88c5\u5728 Controller \u8282\u70b9\u4e0a\u3002 Controller\u8282\u70b9 \u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE heat; MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 source ~/.admin-openrc openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f \u521b\u5efa heat domain openstack domain create --description \"Stack projects and users\" heat \u5728 heat domain\u4e0b\u521b\u5efa heat_domain_admin \u7528\u6237\uff0c\u5e76\u8bb0\u4e0b\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6e\u4e0b\u9762\u7684 HEAT_DOMAIN_PASS openstack user create --domain heat --password-prompt heat_domain_admin \u4e3a heat_domain_admin \u7528\u6237\u589e\u52a0 admin \u89d2\u8272 openstack role add --domain heat --user-domain heat --user heat_domain_admin admin \u521b\u5efa heat_stack_owner \u89d2\u8272 openstack role create heat_stack_owner \u521b\u5efa heat_stack_user \u89d2\u8272 openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service","title":"Heat"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 Controller\u8282\u70b9 \uff1a \u5b89\u88c5Tempest dnf install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Antelope\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a dnf install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin","title":"Tempest"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-antelope/#openstack-sigoos","text":"oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 yum install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff0cAK/SK\u662f\u7528\u6237\u7684\u534e\u4e3a\u4e91\u767b\u5f55\u5bc6\u94a5\uff0c\u5176\u4ed6\u914d\u7f6e\u4fdd\u6301\u9ed8\u8ba4\u5373\u53ef\uff08\u9ed8\u8ba4\u4f7f\u7528\u65b0\u52a0\u5761region\uff09\uff0c\u9700\u8981\u63d0\u524d\u5728\u4e91\u4e0a\u521b\u5efa\u5bf9\u5e94\u7684\u8d44\u6e90\uff0c\u5305\u62ec\uff1a \u4e00\u4e2a\u5b89\u5168\u7ec4\uff0c\u540d\u5b57\u9ed8\u8ba4\u662f oos \u4e00\u4e2aopenEuler\u955c\u50cf\uff0c\u540d\u79f0\u683c\u5f0f\u662fopenEuler-%(release)s-%(arch)s\uff0c\u4f8b\u5982 openEuler-24.03-SP2-arm64 \u4e00\u4e2aVPC\uff0c\u540d\u79f0\u662f oos_vpc \u8be5VPC\u4e0b\u9762\u4e24\u4e2a\u5b50\u7f51\uff0c\u540d\u79f0\u662f oos_subnet1 \u3001 oos_subnet2 [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668(\u53ea\u5728openEuler LTS\u4e0a\u652f\u6301) \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0|openEuler 24.03 LTS SP2\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 24.03-lts-SP2 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r antelope \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u6267\u884ctempest\u6d4b\u8bd5 \u7528\u6237\u53ef\u4ee5\u4f7f\u7528oos\u81ea\u52a8\u6267\u884c\uff1a oos env test test-oos \u4e5f\u53ef\u4ee5\u624b\u52a8\u767b\u5f55\u76ee\u6807\u8282\u70b9\uff0c\u8fdb\u5165\u6839\u76ee\u5f55\u4e0b\u7684 mytest \u76ee\u5f55\uff0c\u624b\u52a8\u6267\u884c tempest run \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u8df3\u8fc7\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u5728\u7b2c4\u6b65\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 \u88ab\u7eb3\u7ba1\u7684\u865a\u673a\u9700\u8981\u4fdd\u8bc1\uff1a \u81f3\u5c11\u6709\u4e00\u5f20\u7ed9oos\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e neutron_dataplane_interface_name \u81f3\u5c11\u6709\u4e00\u5757\u7ed9oos\u4f7f\u7528\u7684\u786c\u76d8\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e cinder_block_device \u5982\u679c\u8981\u90e8\u7f72swift\u670d\u52a1\uff0c\u5219\u9700\u8981\u65b0\u589e\u4e00\u5757\u786c\u76d8\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e swift_storage_devices # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 24.03-lts-SP2 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"\u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u90e8\u7f72"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/","text":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 OpenStack \u7b80\u4ecb \u00b6 OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 24.03-LTS-SP2 \u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Wallaby \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002 \u7ea6\u5b9a \u00b6 OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a CinderSP2 Nova Neutron \u51c6\u5907\u73af\u5883 \u00b6 \u73af\u5883\u914d\u7f6e \u00b6 \u914d\u7f6e 24.03 LTS SP2 \u5b98\u65b9 yum \u6e90\uff0c\u9700\u8981\u542f\u7528 EPOL \u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301 OpenStack yum update yum install openstack-release-wallaby yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP2/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-24.03-LTS-SP2/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute \u5b89\u88c5 SQL DataBase \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef \u5b89\u88c5 RabbitMQ \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5 Memcached \u00b6 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u5b89\u88c5 OpenStack \u00b6 Keystone \u5b89\u88c5 \u00b6 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Placement\u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a source ~/.admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name Nova \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [libvirt] virt_type = qemu (CPT) cpu_mode = custom (CPT) cpu_model = cortex-a72 (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] vim /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } (CPT) \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL) Neutron \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service systemctl enable neutron-l3-agent.service systemctl restart openstack-nova-api.service neutron-server.service (CTL) neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list Cinder \u5b89\u88c5 \u00b6 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list horizon \u5b89\u88c5 \u00b6 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740 Tempest \u5b89\u88c5 \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Wallaby\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin Ironic \u5b89\u88c5 \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://172.20.19.13:5050/v1 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop transport_url = rabbit://openstack:RABBITPASSWD@controller:5672/ enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:123456@172.20.19.25:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 3\u3001\u914d\u7f6e\u6d88\u606f\u5ea6\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 4\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://control:5000 www_authenticate_uri = http://control:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = control:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True 5\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 6\u3001\u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c 7\u3001\u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\uff1a ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade 8\u3001\u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service 6.\u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7.deploy ramdisk\u955c\u50cf\u5236\u4f5c W\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528W\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\uff0c\u5982\u4e0b\uff1a \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a ![ironic-err](../../img/install/ironic-err.png) \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a w\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 1. \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a ``` [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ``` 2) ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 ``` [DEFAULT] enable_auto_tls = False ``` \u8bbe\u7f6e\u6743\u9650\uff1a ``` chown -R ipa.ipa /etc/ironic_python_agent/ ``` 3. \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service ``` [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target ``` Kolla \u5b89\u88c5 \u00b6 Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 24.03 LTS SP2\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002 Trove \u5b89\u88c5 \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 1.\u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; 2.\u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s 3.\u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 yum install openstack-trove python-troveclient 2. \u914d\u7f6e trove.conf vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] project_domain_name = Default project_name = service user_domain_name = Default password = trove username = trove auth_url = http://controller:5000/v3/ auth_type = password [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = trove project_domain_name = Default user_domain_name = Default username = trove [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 3.\u914d\u7f6e trove-guestagent.conf vim /etc/trove/trove-guestagent.conf [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 4.\u751f\u6210\u6570\u636e Trove \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"trove-manage db_sync\" trove 4.\u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Swift \u5b89\u88c5 \u00b6 Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** 4.\u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: ```shell yum install xfsprogs rsync ``` \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS ```shell mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc ``` \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: ```shell mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc ``` \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: ```shell blkid ``` \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: ```shell UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 ``` \u6302\u8f7d\u8bbe\u5907\uff1a ```shell mount /srv/node/vdb mount /srv/node/vdc ``` ***\u6ce8\u610f*** **\u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e** \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: ```shell [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock ``` **\u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740** \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: ```shell systemctl enable rsyncd.service systemctl start rsyncd.service ``` 5.\u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: ```shell yum install openstack-swift-account openstack-swift-container openstack-swift-object ``` \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: ```shell chown -R swift:swift /srv/node ``` \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a ```shell mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift ``` 6.\u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 ```shell cd /etc/swift ``` \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: ```shell swift-ring-builder account.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a ```shell swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f *** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder account.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder account.builder rebalance ``` 7.\u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230`/etc/swift`\u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840`container.builder`\u6587\u4ef6\uff1a ```shell swift-ring-builder container.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a ```shell swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f*** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder container.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder container.builder rebalance ``` 8.\u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230`/etc/swift`\u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840`object.builder`\u6587\u4ef6\uff1a ```shell swift-ring-builder object.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d ```shell swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f *** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder object.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder object.builder rebalance ``` \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06`account.ring.gz`\uff0c`container.ring.gz`\u4ee5\u53ca `object.ring.gz`\u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684`/etc/swift`\u76ee\u5f55\u3002 9.\u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service Cyborg \u5b89\u88c5 \u00b6 Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 1.\u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 3.\u5b89\u88c5Cyborg yum install openstack-cyborg 4.\u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f 5.\u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade 6.\u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent Aodh \u5b89\u88c5 \u00b6 1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 3.\u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u6ce8\u610f aodh\u4f9d\u8d56\u7684\u8f6f\u4ef6\u5305pytho3-pyparsing\u5728openEuler\u7684OS\u4ed3\u4e0d\u9002\u914d\uff0c\u9700\u8981\u8986\u76d6\u5b89\u88c5OpenStack\u5bf9\u5e94\u7248\u672c\uff0c\u53ef\u4ee5\u4f7f\u7528 yum list |grep pyparsing |grep OpenStack | awk '{print $2}' \u83b7\u53d6\u5bf9\u5e94\u7684\u7248\u672c VERSION,\u7136\u540e\u518d yum install -y python3-pyparsing-VERSION \u8986\u76d6\u5b89\u88c5\u9002\u914d\u7684pyparsing 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync 6.\u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service Gnocchi \u5b89\u88c5 \u00b6 1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 3.\u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade 6.\u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service Ceilometer \u5b89\u88c5 \u00b6 1.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering 2.\u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central 3.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade 6.\u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Heat \u5b89\u88c5 \u00b6 1.\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; 2.\u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin 3.\u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 4.\u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user 5.\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine 6.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 7.\u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat 8.\u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72 \u00b6 oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 yum install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 24.03-LTS-SP2\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 24.03-lts-SP2 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r wallaby \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 24.03-lts-SP2 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"openEuler-24.03-LTS-SP2_Wallaby"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#openstack-wallaby","text":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357 OpenStack \u7b80\u4ecb \u7ea6\u5b9a \u51c6\u5907\u73af\u5883 \u73af\u5883\u914d\u7f6e \u5b89\u88c5 SQL DataBase \u5b89\u88c5 RabbitMQ \u5b89\u88c5 Memcached \u5b89\u88c5 OpenStack Keystone \u5b89\u88c5 Glance \u5b89\u88c5 Placement\u5b89\u88c5 Nova \u5b89\u88c5 Neutron \u5b89\u88c5 Cinder \u5b89\u88c5 horizon \u5b89\u88c5 Tempest \u5b89\u88c5 Ironic \u5b89\u88c5 Kolla \u5b89\u88c5 Trove \u5b89\u88c5 Swift \u5b89\u88c5 Cyborg \u5b89\u88c5 Aodh \u5b89\u88c5 Gnocchi \u5b89\u88c5 Ceilometer \u5b89\u88c5 Heat \u5b89\u88c5 \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72","title":"OpenStack-Wallaby \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#openstack","text":"OpenStack \u662f\u4e00\u4e2a\u793e\u533a\uff0c\u4e5f\u662f\u4e00\u4e2a\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u90e8\u7f72\u4e91\u7684\u64cd\u4f5c\u5e73\u53f0\u6216\u5de5\u5177\u96c6\uff0c\u4e3a\u7ec4\u7ec7\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7075\u6d3b\u7684\u4e91\u8ba1\u7b97\u3002 \u4f5c\u4e3a\u4e00\u4e2a\u5f00\u6e90\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\uff0cOpenStack \u7531nova\u3001cinder\u3001neutron\u3001glance\u3001keystone\u3001horizon\u7b49\u51e0\u4e2a\u4e3b\u8981\u7684\u7ec4\u4ef6\u7ec4\u5408\u8d77\u6765\u5b8c\u6210\u5177\u4f53\u5de5\u4f5c\u3002OpenStack \u652f\u6301\u51e0\u4e4e\u6240\u6709\u7c7b\u578b\u7684\u4e91\u73af\u5883\uff0c\u9879\u76ee\u76ee\u6807\u662f\u63d0\u4f9b\u5b9e\u65bd\u7b80\u5355\u3001\u53ef\u5927\u89c4\u6a21\u6269\u5c55\u3001\u4e30\u5bcc\u3001\u6807\u51c6\u7edf\u4e00\u7684\u4e91\u8ba1\u7b97\u7ba1\u7406\u5e73\u53f0\u3002OpenStack \u901a\u8fc7\u5404\u79cd\u4e92\u8865\u7684\u670d\u52a1\u63d0\u4f9b\u4e86\u57fa\u7840\u8bbe\u65bd\u5373\u670d\u52a1\uff08IaaS\uff09\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u6bcf\u4e2a\u670d\u52a1\u63d0\u4f9b API \u8fdb\u884c\u96c6\u6210\u3002 openEuler 24.03-LTS-SP2 \u7248\u672c\u5b98\u65b9\u6e90\u5df2\u7ecf\u652f\u6301 OpenStack-Wallaby \u7248\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u914d\u7f6e\u597d yum \u6e90\u540e\u6839\u636e\u6b64\u6587\u6863\u8fdb\u884c OpenStack \u90e8\u7f72\u3002","title":"OpenStack \u7b80\u4ecb"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#_1","text":"OpenStack \u652f\u6301\u591a\u79cd\u5f62\u6001\u90e8\u7f72\uff0c\u6b64\u6587\u6863\u652f\u6301 ALL in One \u4ee5\u53ca Distributed \u4e24\u79cd\u90e8\u7f72\u65b9\u5f0f\uff0c\u6309\u7167\u5982\u4e0b\u65b9\u5f0f\u7ea6\u5b9a\uff1a ALL in One \u6a21\u5f0f: \u5ffd\u7565\u6240\u6709\u53ef\u80fd\u7684\u540e\u7f00 Distributed \u6a21\u5f0f: \u4ee5 `(CTL)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u63a7\u5236\u8282\u70b9` \u4ee5 `(CPT)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u8ba1\u7b97\u8282\u70b9` \u4ee5 `(STG)` \u4e3a\u540e\u7f00\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u4ec5\u9002\u7528`\u5b58\u50a8\u8282\u70b9` \u9664\u6b64\u4e4b\u5916\u8868\u793a\u6b64\u6761\u914d\u7f6e\u6216\u8005\u547d\u4ee4\u540c\u65f6\u9002\u7528`\u63a7\u5236\u8282\u70b9`\u548c`\u8ba1\u7b97\u8282\u70b9` \u6ce8\u610f \u6d89\u53ca\u5230\u4ee5\u4e0a\u7ea6\u5b9a\u7684\u670d\u52a1\u5982\u4e0b\uff1a CinderSP2 Nova Neutron","title":"\u7ea6\u5b9a"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#_2","text":"","title":"\u51c6\u5907\u73af\u5883"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#_3","text":"\u914d\u7f6e 24.03 LTS SP2 \u5b98\u65b9 yum \u6e90\uff0c\u9700\u8981\u542f\u7528 EPOL \u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301 OpenStack yum update yum install openstack-release-wallaby yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP2/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-24.03-LTS-SP2/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u8bbe\u7f6e\u5404\u4e2a\u8282\u70b9\u7684\u4e3b\u673a\u540d hostnamectl set-hostname controller (CTL) hostnamectl set-hostname compute (CPT) \u5047\u8bbecontroller\u8282\u70b9\u7684IP\u662f 10.0.0.11 ,compute\u8282\u70b9\u7684IP\u662f 10.0.0.12 \uff08\u5982\u679c\u5b58\u5728\u7684\u8bdd\uff09,\u5219\u4e8e /etc/hosts \u65b0\u589e\u5982\u4e0b\uff1a 10.0.0.11 controller 10.0.0.12 compute","title":"\u73af\u5883\u914d\u7f6e"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#sql-database","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install mariadb mariadb-server python3-PyMySQL \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa\u5e76\u7f16\u8f91 /etc/my.cnf.d/openstack.cnf \u6587\u4ef6\u3002 vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u6ce8\u610f \u5176\u4e2d bind-address \u8bbe\u7f6e\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u542f\u52a8 DataBase \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\uff1a systemctl enable mariadb.service systemctl start mariadb.service \u914d\u7f6eDataBase\u7684\u9ed8\u8ba4\u5bc6\u7801\uff08\u53ef\u9009\uff09 mysql_secure_installation \u6ce8\u610f \u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef","title":"\u5b89\u88c5 SQL DataBase"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#rabbitmq","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install rabbitmq-server \u542f\u52a8 RabbitMQ \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8\u3002 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service \u6dfb\u52a0 OpenStack\u7528\u6237\u3002 rabbitmqctl add_user openstack RABBIT_PASS \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \uff0c\u4e3a OpenStack \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u8bbe\u7f6eopenstack\u7528\u6237\u6743\u9650\uff0c\u5141\u8bb8\u8fdb\u884c\u914d\u7f6e\u3001\u5199\u3001\u8bfb\uff1a rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5 RabbitMQ"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#memcached","text":"\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u5b89\u88c5\u4f9d\u8d56\u8f6f\u4ef6\u5305\u3002 yum install memcached python3-memcached \u7f16\u8f91 /etc/sysconfig/memcached \u6587\u4ef6\u3002 vim /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u542f\u52a8 Memcached \u670d\u52a1\uff0c\u5e76\u4e3a\u5176\u914d\u7f6e\u5f00\u673a\u542f\u52a8\u3002 systemctl enable memcached.service systemctl start memcached.service \u6ce8\u610f \u670d\u52a1\u542f\u52a8\u540e\uff0c\u53ef\u4ee5\u901a\u8fc7\u547d\u4ee4 memcached-tool controller stats \u786e\u4fdd\u542f\u52a8\u6b63\u5e38\uff0c\u670d\u52a1\u53ef\u7528\uff0c\u5176\u4e2d\u53ef\u4ee5\u5c06 controller \u66ff\u6362\u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002","title":"\u5b89\u88c5 Memcached"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#openstack_1","text":"","title":"\u5b89\u88c5 OpenStack"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#keystone","text":"\u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305\u3002 yum install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u6ce8\u610f\uff1a \u66ff\u6362 KEYSTONE_DBPASS \u4e3a Keystone \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\u3002 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93\u3002 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1\u3002 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server vim /etc/httpd/conf/httpd.conf ServerName controller ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1\u3002 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u3002 cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles\uff0c\u9700\u8981\u5148\u5b89\u88c5\u597dpython3-openstackclient\uff1a yum install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#glance","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 source ~/.admin-openrc openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efa\u955c\u50cf\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-glance \u914d\u7f6eglance\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u6ce8\u610f \u66ff\u6362 GLANCE_DBPASS \u4e3a glance \u6570\u636e\u5e93\u7684\u5bc6\u7801 \u66ff\u6362 GLANCE_PASS \u4e3a glance \u7528\u6237\u7684\u5bc6\u7801 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u4e0b\u8f7d\u955c\u50cf source ~/.admin-openrc wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#placement","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a \u4f5c\u4e3a root \u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u521b\u5efa placement \u6570\u636e\u5e93\u5e76\u6388\u6743\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE placement; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u521b\u5efa placement \u670d\u52a1\u51ed\u8bc1\u3001\u521b\u5efa placement \u7528\u6237\u4ee5\u53ca\u6dfb\u52a0\u2018admin\u2019\u89d2\u8272\u5230\u7528\u6237\u2018placement\u2019\u3002 \u521b\u5efaPlacement API\u670d\u52a1 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement --description \"Placement API\" placement \u521b\u5efaplacement\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 \u5b89\u88c5\u548c\u914d\u7f6e \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-placement-api \u914d\u7f6eplacement\uff1a \u7f16\u8f91 /etc/placement/placement.conf \u6587\u4ef6\uff1a \u5728[placement_database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 \u5728[api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 # vim /etc/placement/placement.conf [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u5176\u4e2d\uff0c\u66ff\u6362 PLACEMENT_DBPASS \u4e3a placement \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff0c\u66ff\u6362 PLACEMENT_PASS \u4e3a placement \u7528\u6237\u7684\u5bc6\u7801\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8httpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 \u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff0c\u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a source ~/.admin-openrc placement-status upgrade check \u5b89\u88c5osc-placement\uff0c\u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a yum install python3-osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name","title":"Placement\u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#nova","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362NOVA_DBPASS\uff0c\u4e3anova\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 source ~/.admin-openrc (CTL) \u521b\u5efanova\u670d\u52a1\u51ed\u8bc1: openstack user create --domain default --password-prompt nova (CTL) openstack role add --project service --user nova admin (CTL) openstack service create --name nova --description \"OpenStack Compute\" compute (CTL) \u521b\u5efanova API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 (CTL) openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-nova-api openstack-nova-conductor \\ (CTL) openstack-nova-novncproxy openstack-nova-scheduler yum install openstack-nova-compute (CPT) \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 yum install edk2-aarch64 (CPT) \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 10.0.0.1 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver compute_driver=libvirt.LibvirtDriver (CPT) instances_path = /var/lib/nova/instances/ (CPT) lock_path = /var/lib/nova/tmp (CPT) [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api (CTL) [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova (CTL) [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html (CPT) [libvirt] virt_type = qemu (CPT) cpu_mode = custom (CPT) cpu_model = cortex-a72 (CPT) [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp (CTL) [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [default]\u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff0c\u542f\u7528\u7f51\u7edc\u670d\u52a1neutron\uff1b [api_database] [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [api] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [vnc]\u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1b [glance]\u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\uff1b [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\u3002 \u6ce8\u610f \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\uff1b \u66ff\u6362 NOVA_DBPASS \u4e3anova\u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3aneutron\u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u989d\u5916 \u786e\u5b9a\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86\u67b6\u6784\uff09\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo (CPT) \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662fKVM\uff1a vim /etc/nova/nova.conf (CPT) [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e \u6ce8\u610f \u5982\u679c\u4e3aarm64\u7ed3\u6784\uff0c\u8fd8\u9700\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4 vim /etc/libvirt/qemu.conf nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] vim /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } (CPT) \u540c\u6b65\u6570\u636e\u5e93 \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova (CTL) \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova (CTL) \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova (CTL) \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova (CTL) \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova (CTL) \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova (CPT) \u542f\u52a8\u670d\u52a1 systemctl enable \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ (CTL) openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl enable libvirtd.service openstack-nova-compute.service (CPT) systemctl start libvirtd.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 source ~/.admin-openrc (CTL) \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list (CTL) \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list (CTL) \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list (CTL) \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check (CTL)","title":"Nova \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#neutron","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p (CTL) MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc (CTL) \u521b\u5efaneutron\u670d\u52a1\u51ed\u8bc1 openstack user create --domain default --password-prompt neutron (CTL) openstack role add --project service --user neutron admin (CTL) openstack service create --name neutron --description \"OpenStack Networking\" network (CTL) \u521b\u5efaNeutron\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 (CTL) openstack endpoint create --region RegionOne network internal http://controller:9696 (CTL) openstack endpoint create --region RegionOne network admin http://controller:9696 (CTL) \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \\ (CTL) openstack-neutron-ml2 yum install openstack-neutron-linuxbridge ebtables ipset (CPT) \u914d\u7f6eneutron\u76f8\u5173\u914d\u7f6e\uff1a \u914d\u7f6e\u4e3b\u4f53\u914d\u7f6e vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron (CTL) [DEFAULT] core_plugin = ml2 (CTL) service_plugins = router (CTL) allow_overlapping_ips = true (CTL) transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true (CTL) notify_nova_on_port_data_changes = true (CTL) api_workers = 3 (CTL) [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 (CTL) auth_type = password (CTL) project_domain_name = Default (CTL) user_domain_name = Default (CTL) region_name = RegionOne (CTL) project_name = service (CTL) username = nova (CTL) password = NOVA_PASS (CTL) [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [default]\u90e8\u5206\uff0c\u542f\u7528ml2\u63d2\u4ef6\u548crouter\u63d2\u4ef6\uff0c\u5141\u8bb8ip\u5730\u5740\u91cd\u53e0\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff1b [default] [keystone]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [default] [nova]\u90e8\u5206\uff0c\u914d\u7f6e\u7f51\u7edc\u6765\u901a\u77e5\u8ba1\u7b97\u7f51\u7edc\u62d3\u6251\u7684\u53d8\u5316\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_DBPASS \u4e3a neutron \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ\u4e2dopenstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 NOVA_PASS \u4e3a nova \u7528\u6237\u7684\u5bc6\u7801\u3002 \u914d\u7f6eML2\u63d2\u4ef6\uff1a vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u6ce8\u610f [ml2]\u90e8\u5206\uff0c\u542f\u7528 flat\u3001vlan\u3001vxlan \u7f51\u7edc\uff0c\u542f\u7528 linuxbridge \u53ca l2population \u673a\u5236\uff0c\u542f\u7528\u7aef\u53e3\u5b89\u5168\u6269\u5c55\u9a71\u52a8\uff1b [ml2_type_flat]\u90e8\u5206\uff0c\u914d\u7f6e flat \u7f51\u7edc\u4e3a provider \u865a\u62df\u7f51\u7edc\uff1b [ml2_type_vxlan]\u90e8\u5206\uff0c\u914d\u7f6e VXLAN \u7f51\u7edc\u6807\u8bc6\u7b26\u8303\u56f4\uff1b [securitygroup]\u90e8\u5206\uff0c\u914d\u7f6e\u5141\u8bb8 ipset\u3002 \u8865\u5145 l2 \u7684\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge \u914d\u7f6e Linux bridge \u4ee3\u7406\uff1a vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u89e3\u91ca [linux_bridge]\u90e8\u5206\uff0c\u6620\u5c04 provider \u865a\u62df\u7f51\u7edc\u5230\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b [vxlan]\u90e8\u5206\uff0c\u542f\u7528 vxlan \u8986\u76d6\u7f51\u7edc\uff0c\u914d\u7f6e\u5904\u7406\u8986\u76d6\u7f51\u7edc\u7684\u7269\u7406\u7f51\u7edc\u63a5\u53e3 IP \u5730\u5740\uff0c\u542f\u7528 layer-2 population\uff1b [securitygroup]\u90e8\u5206\uff0c\u5141\u8bb8\u5b89\u5168\u7ec4\uff0c\u914d\u7f6e linux bridge iptables \u9632\u706b\u5899\u9a71\u52a8\u3002 \u6ce8\u610f \u66ff\u6362 PROVIDER_INTERFACE_NAME \u4e3a\u7269\u7406\u7f51\u7edc\u63a5\u53e3\uff1b \u66ff\u6362 OVERLAY_INTERFACE_IP_ADDRESS \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406IP\u5730\u5740\u3002 \u914d\u7f6eLayer-3\u4ee3\u7406\uff1a vim /etc/neutron/l3_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge \u89e3\u91ca \u5728[default]\u90e8\u5206\uff0c\u914d\u7f6e\u63a5\u53e3\u9a71\u52a8\u4e3alinuxbridge \u914d\u7f6eDHCP\u4ee3\u7406\uff1a vim /etc/neutron/dhcp_agent.ini (CTL) [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6elinuxbridge\u63a5\u53e3\u9a71\u52a8\u3001Dnsmasq DHCP\u9a71\u52a8\uff0c\u542f\u7528\u9694\u79bb\u7684\u5143\u6570\u636e\u3002 \u914d\u7f6emetadata\u4ee3\u7406\uff1a vim /etc/neutron/metadata_agent.ini (CTL) [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u89e3\u91ca [default]\u90e8\u5206\uff0c\u914d\u7f6e\u5143\u6570\u636e\u4e3b\u673a\u548cshared secret\u3002 \u6ce8\u610f \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u914d\u7f6enova\u76f8\u5173\u914d\u7f6e vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true (CTL) metadata_proxy_shared_secret = METADATA_SECRET (CTL) \u89e3\u91ca [neutron]\u90e8\u5206\uff0c\u914d\u7f6e\u8bbf\u95ee\u53c2\u6570\uff0c\u542f\u7528\u5143\u6570\u636e\u4ee3\u7406\uff0c\u914d\u7f6esecret\u3002 \u6ce8\u610f \u66ff\u6362 NEUTRON_PASS \u4e3a neutron \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 METADATA_SECRET \u4e3a\u5408\u9002\u7684\u5143\u6570\u636e\u4ee3\u7406secret\u3002 \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf \\ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1\uff1a systemctl restart openstack-nova-api.service \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ (CTL) neutron-dhcp-agent.service neutron-metadata-agent.service systemctl enable neutron-l3-agent.service systemctl restart openstack-nova-api.service neutron-server.service (CTL) neutron-linuxbridge-agent.service neutron-dhcp-agent.service \\ neutron-metadata-agent.service neutron-l3-agent.service systemctl enable neutron-linuxbridge-agent.service (CPT) systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service (CPT) \u9a8c\u8bc1 \u9a8c\u8bc1 neutron \u4ee3\u7406\u542f\u52a8\u6210\u529f\uff1a openstack network agent list","title":"Neutron \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#cinder","text":"\u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \\ IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3acinder\u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801\u3002 source ~/.admin-openrc \u521b\u5efacinder\u670d\u52a1\u51ed\u8bc1\uff1a openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv2 --description \"OpenStack Block Storage\" volumev2 openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 \u521b\u5efa\u5757\u5b58\u50a8\u670d\u52a1API\u7aef\u70b9\uff1a openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-cinder-api openstack-cinder-scheduler (CTL) yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \\ (STG) openstack-cinder-volume openstack-cinder-backup \u51c6\u5907\u5b58\u50a8\u8bbe\u5907\uff0c\u4ee5\u4e0b\u4ec5\u4e3a\u793a\u4f8b\uff1a pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb vim /etc/lvm/lvm.conf devices { ... filter = [ \"a/vdb/\", \"r/.*/\"] \u89e3\u91ca \u5728devices\u90e8\u5206\uff0c\u6dfb\u52a0\u8fc7\u6ee4\u4ee5\u63a5\u53d7/dev/vdb\u8bbe\u5907\u62d2\u7edd\u5176\u4ed6\u8bbe\u5907\u3002 \u51c6\u5907NFS mkdir -p /root/cinder/backup cat << EOF >> /etc/export /root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash) EOF \u914d\u7f6ecinder\u76f8\u5173\u914d\u7f6e\uff1a vim /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 10.0.0.11 enabled_backends = lvm (STG) backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG) backup_share=HOST:PATH (STG) [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG) volume_group = cinder-volumes (STG) iscsi_protocol = iscsi (STG) iscsi_helper = tgtadm (STG) \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1b [DEFAULT]\u90e8\u5206\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u914d\u7f6emy_ip\uff1b [DEFAULT] [keystone_authtoken]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1b [oslo_concurrency]\u90e8\u5206\uff0c\u914d\u7f6elock path\u3002 \u6ce8\u610f \u66ff\u6362 CINDER_DBPASS \u4e3a cinder \u6570\u636e\u5e93\u7684\u5bc6\u7801\uff1b \u66ff\u6362 RABBIT_PASS \u4e3a RabbitMQ \u4e2d openstack \u8d26\u6237\u7684\u5bc6\u7801\uff1b \u914d\u7f6e my_ip \u4e3a\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\uff1b \u66ff\u6362 CINDER_PASS \u4e3a cinder \u7528\u6237\u7684\u5bc6\u7801\uff1b \u66ff\u6362 HOST:PATH \u4e3a NFS \u7684HOSTIP\u548c\u5171\u4eab\u8def\u5f84\uff1b \u540c\u6b65\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"cinder-manage db sync\" cinder (CTL) \u914d\u7f6enova\uff1a vim /etc/nova/nova.conf (CTL) [cinder] os_region_name = RegionOne \u91cd\u542f\u8ba1\u7b97API\u670d\u52a1 systemctl restart openstack-nova-api.service \u542f\u52a8cinder\u670d\u52a1 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL) systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \\ (STG) openstack-cinder-volume.service \\ openstack-cinder-backup.service \u6ce8\u610f \u5f53cinder\u4f7f\u7528tgtadm\u7684\u65b9\u5f0f\u6302\u5377\u7684\u65f6\u5019\uff0c\u8981\u4fee\u6539/etc/tgt/tgtd.conf\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u4fdd\u8bc1tgtd\u53ef\u4ee5\u53d1\u73b0cinder-volume\u7684iscsi target\u3002 include /var/lib/cinder/volumes/* \u9a8c\u8bc1 source ~/.admin-openrc openstack volume service list","title":"Cinder \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#horizon","text":"\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-dashboard \u4fee\u6539\u6587\u4ef6 \u4fee\u6539\u53d8\u91cf vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = \"http://%s:5000/v3\" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f httpd \u670d\u52a1 systemctl restart httpd.service memcached.service \u9a8c\u8bc1 \u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165\u7f51\u5740 http://HOSTIP/dashboard/ \uff0c\u767b\u5f55 horizon\u3002 \u6ce8\u610f \u66ff\u6362HOSTIP\u4e3a\u63a7\u5236\u8282\u70b9\u7ba1\u7406\u5e73\u9762IP\u5730\u5740","title":"horizon \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5b89\u88c5Tempest yum install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Wallaby\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a yum install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin","title":"Tempest \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASSWORD'; \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 openstack user create --password IRONIC_PASSWORD \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASSWORD --email ironic_inspector@example.com ironic_inspector openstack role add --project service --user ironic-inspector admin 2\u3001\u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://172.20.19.13:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://172.20.19.13:5050/v1 \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf 1\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string used to connect to the # database (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 2\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 3\u3001\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASSWORD \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop transport_url = rabbit://openstack:RABBITPASSWD@controller:5672/ enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 # Complete admin Identity API endpoint. (string value) auth_url=http://PRIVATE_IDENTITY_IP:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASSWORD # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:123456@172.20.19.25:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none 4\u3001\u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 5\u3001\u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 1\u3001\u66ff\u6362 HOST_IP \u4e3aconductor host\u7684IP [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) my_ip=HOST_IP 2\u3001\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASSWORD \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362DB_IP\u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic 3\u3001\u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq 4\u3001\u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASSWORD # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] ... endpoint_override = <NEUTRON_API_ADDRESS> 5\u3001\u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 6\u3001\u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic-inspector/inspector.conf 1\u3001\u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASSWORD'; 2\u3001\u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASSWORD \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASSWORD@DB_IP/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 3\u3001\u914d\u7f6e\u6d88\u606f\u5ea6\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ 4\u3001\u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://control:5000 www_authenticate_uri = http://control:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = control:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True 5\u3001\u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=172.20.19.100,172.20.19.110 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log 6\u3001\u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c 7\u3001\u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\uff1a ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade 8\u3001\u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service 6.\u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot ``chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 yum install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd 7.deploy ramdisk\u955c\u50cf\u5236\u4f5c W\u7248\u7684ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent\u670d\u52a1\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u793e\u533a\u6700\u65b0\u7684ironic-python-agent-builder\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002 \u82e5\u4f7f\u7528W\u7248\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 yum install openstack-ironic-python-agent \u6216\u8005 yum install diskimage-builder \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \u8fd9\u91cc\u4ecb\u7ecd\u4e0b\u4f7f\u7528ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder 1. \u5b89\u88c5\u5de5\u5177\uff1a ```shell pip install ironic-python-agent-builder ``` 2. \u4fee\u6539\u4ee5\u4e0b\u6587\u4ef6\u4e2d\u7684python\u89e3\u91ca\u5668\uff1a ```shell /usr/bin/yum /usr/libexec/urlgrabber-ext-down ``` 3. \u5b89\u88c5\u5176\u5b83\u5fc5\u987b\u7684\u5de5\u5177\uff1a ```shell yum install git ``` \u7531\u4e8e`DIB`\u4f9d\u8d56`semanage`\u547d\u4ee4\uff0c\u6240\u4ee5\u5728\u5236\u4f5c\u955c\u50cf\u4e4b\u524d\u786e\u5b9a\u8be5\u547d\u4ee4\u662f\u5426\u53ef\u7528\uff1a`semanage --help`\uff0c\u5982\u679c\u63d0\u793a\u65e0\u6b64\u547d\u4ee4\uff0c\u5b89\u88c5\u5373\u53ef\uff1a ```shell # \u5148\u67e5\u8be2\u9700\u8981\u5b89\u88c5\u54ea\u4e2a\u5305 [root@localhost ~]# yum provides /usr/sbin/semanage \u5df2\u52a0\u8f7d\u63d2\u4ef6\uff1afastestmirror Loading mirror speeds from cached hostfile * base: mirror.vcu.edu * extras: mirror.vcu.edu * updates: mirror.math.princeton.edu policycoreutils-python-2.5-34.el7.aarch64 : SELinux policy core python utilities \u6e90 \uff1abase \u5339\u914d\u6765\u6e90\uff1a \u6587\u4ef6\u540d \uff1a/usr/sbin/semanage # \u5b89\u88c5 [root@localhost ~]# yum install policycoreutils-python ``` \u5236\u4f5c\u955c\u50cf \u5982\u679c\u662f`arm`\u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a ```shell export ARCH=aarch64 ``` \u57fa\u672c\u7528\u6cd5\uff1a ```shell usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--extra-args EXTRA_ARGS] distribution positional arguments: distribution Distribution to use optional arguments: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic- python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder ``` \u4e3e\u4f8b\u8bf4\u660e\uff1a ```shell ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky ``` \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder centos -o /mnt/ironic-agent-ssh -b origin/stable/rocky -e selinux-permissive -e devuser ``` \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a ```shell # \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u4ee5\u53ca\u7248\u672c DIB_REPOLOCATION_ironic_python_agent=git@172.20.2.149:liuzz/ironic-python-agent.git DIB_REPOREF_ironic_python_agent=origin/develop # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://review.opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=refs/changes/43/701043/1 ``` \u53c2\u8003\uff1a[source-repositories](https://docs.openstack.org/diskimage-builder/latest/elements/source-repositories/README.html)\u3002 \u6307\u5b9a\u4ed3\u5e93\u5730\u5740\u53ca\u7248\u672c\u9a8c\u8bc1\u6210\u529f\u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\uff0c\u5982\u4e0b\uff1a \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a ![ironic-err](../../img/install/ironic-err.png) \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a w\u7248\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 1. \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a ``` [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ``` 2) ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ironic_python_agent\u76ee\u5f55\uff09 ``` [DEFAULT] enable_auto_tls = False ``` \u8bbe\u7f6e\u6743\u9650\uff1a ``` chown -R ipa.ipa /etc/ironic_python_agent/ ``` 3. \u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 vim usr/lib/systemd/system/ironic-python-agent.service ``` [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target ```","title":"Ironic \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#kolla","text":"Kolla\u4e3aOpenStack\u670d\u52a1\u63d0\u4f9b\u751f\u4ea7\u73af\u5883\u53ef\u7528\u7684\u5bb9\u5668\u5316\u90e8\u7f72\u7684\u529f\u80fd\u3002openEuler 24.03 LTS SP2\u4e2d\u5f15\u5165\u4e86Kolla\u548cKolla-ansible\u670d\u52a1\u3002 Kolla\u7684\u5b89\u88c5\u5341\u5206\u7b80\u5355\uff0c\u53ea\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684RPM\u5305\u5373\u53ef yum install openstack-kolla openstack-kolla-ansible \u5b89\u88c5\u5b8c\u540e\uff0c\u5c31\u53ef\u4ee5\u4f7f\u7528 kolla-ansible , kolla-build , kolla-genpwd , kolla-mergepwd \u7b49\u547d\u4ee4\u4e86\u3002","title":"Kolla \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 1.\u8bbe\u7f6e\u6570\u636e\u5e93 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a trove \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 trove \u6570\u636e\u5e93\uff0c\u66ff\u6362 TROVE_DBPASSWORD \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE trove CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' \\ IDENTIFIED BY 'TROVE_DBPASSWORD'; 2.\u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 1\u3001\u521b\u5efa Trove \u670d\u52a1\u7528\u6237 openstack user create --password TROVE_PASSWORD \\ --email trove@example.com trove openstack role add --project service --user trove admin openstack service create --name trove --description \"Database service\" database \u89e3\u91ca\uff1a TROVE_PASSWORD \u66ff\u6362\u4e3a trove \u7528\u6237\u7684\u5bc6\u7801 2\u3001\u521b\u5efa Database \u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s 3.\u5b89\u88c5\u548c\u914d\u7f6e Trove \u5404\u7ec4\u4ef6 1\u3001\u5b89\u88c5 Trove \u5305 yum install openstack-trove python-troveclient 2. \u914d\u7f6e trove.conf vim /etc/trove/trove.conf [DEFAULT] bind_host=TROVE_NODE_IP log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True # Set these if using Neutron Networking network_driver=trove.network.neutron.NeutronDriver network_label_regex=.* transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] project_domain_name = Default project_name = service user_domain_name = Default password = trove username = trove auth_url = http://controller:5000/v3/ auth_type = password [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = trove project_domain_name = Default user_domain_name = Default username = trove [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u90e8\u7f72\u8282\u70b9\u7684IP nova_compute_url \u548c cinder_url \u4e3aNova\u548cCinder\u5728Keystone\u4e2d\u521b\u5efa\u7684endpoint nova_proxy_XXX \u4e3a\u4e00\u4e2a\u80fd\u8bbf\u95eeNova\u670d\u52a1\u7684\u7528\u6237\u4fe1\u606f\uff0c\u4e0a\u4f8b\u4e2d\u4f7f\u7528 admin \u7528\u6237\u4e3a\u4f8b transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 3.\u914d\u7f6e trove-guestagent.conf vim /etc/trove/trove-guestagent.conf [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df \u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a \u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002 \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801 Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASS \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801 4.\u751f\u6210\u6570\u636e Trove \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"trove-manage db_sync\" trove 4.\u5b8c\u6210\u5b89\u88c5\u914d\u7f6e \u914d\u7f6e Trove \u670d\u52a1\u81ea\u542f\u52a8 systemctl enable openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service \\ openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#swift","text":"Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3001API\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1 #\u521b\u5efaswift\u7528\u6237\uff1a openstack user create --domain default --password-prompt swift #\u4e3aswift\u7528\u6237\u6dfb\u52a0admin\u89d2\u8272\uff1a openstack role add --project service --user swift admin #\u521b\u5efaswift\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaswift API \u7aef\u70b9: openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a yum install openstack-swift-proxy python3-swiftclient python3-keystoneclient python3-keystonemiddleware memcached \uff08CTL\uff09 \u914d\u7f6eproxy-server\u76f8\u5173\u914d\u7f6e Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cswift password\u5373\u53ef\u3002 ***\u6ce8\u610f*** **\u6ce8\u610f\u66ff\u6362password\u4e3a\u60a8\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u4e3aswift\u7528\u6237\u9009\u62e9\u7684\u5bc6\u7801** 4.\u5b89\u88c5\u548c\u914d\u7f6e\u5b58\u50a8\u8282\u70b9 \uff08STG\uff09 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305: ```shell yum install xfsprogs rsync ``` \u5c06/dev/vdb\u548c/dev/vdc\u8bbe\u5907\u683c\u5f0f\u5316\u4e3a XFS ```shell mkfs.xfs /dev/vdb mkfs.xfs /dev/vdc ``` \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784: ```shell mkdir -p /srv/node/vdb mkdir -p /srv/node/vdc ``` \u627e\u5230\u65b0\u5206\u533a\u7684 UUID: ```shell blkid ``` \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d: ```shell UUID=\"<UUID-from-output-above>\" /srv/node/vdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/vdc xfs noatime 0 2 ``` \u6302\u8f7d\u8bbe\u5907\uff1a ```shell mount /srv/node/vdb mount /srv/node/vdc ``` ***\u6ce8\u610f*** **\u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e** \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: ```shell [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock ``` **\u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740** \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: ```shell systemctl enable rsyncd.service systemctl start rsyncd.service ``` 5.\u5728\u5b58\u50a8\u8282\u70b9\u5b89\u88c5\u548c\u914d\u7f6e\u7ec4\u4ef6 \uff08STG\uff09 \u5b89\u88c5\u8f6f\u4ef6\u5305: ```shell yum install openstack-swift-account openstack-swift-container openstack-swift-object ``` \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743: ```shell chown -R swift:swift /srv/node ``` \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\uff1a ```shell mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift ``` 6.\u521b\u5efa\u8d26\u53f7\u73af (CTL) \u5207\u6362\u5230/etc/swift\u76ee\u5f55\u3002 ```shell cd /etc/swift ``` \u521b\u5efa\u57fa\u7840account.builder\u6587\u4ef6: ```shell swift-ring-builder account.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a ```shell swift-ring-builder account.builder add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6202 --device DEVICE_NAME --weight DEVICE_WEIGHT ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f *** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder account.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder account.builder rebalance ``` 7.\u521b\u5efa\u5bb9\u5668\u73af (CTL) \u5207\u6362\u5230`/etc/swift`\u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840`container.builder`\u6587\u4ef6\uff1a ```shell swift-ring-builder container.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\uff1a ```shell swift-ring-builder container.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 \\ --device DEVICE_NAME --weight 100 ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f*** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder container.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder container.builder rebalance ``` 8.\u521b\u5efa\u5bf9\u8c61\u73af (CTL) \u5207\u6362\u5230`/etc/swift`\u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840`object.builder`\u6587\u4ef6\uff1a ```shell swift-ring-builder object.builder create 10 1 1 ``` \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d ```shell swift-ring-builder object.builder \\ add --region 1 --zone 1 --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6200 \\ --device DEVICE_NAME --weight 100 ``` **\u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0** ***\u6ce8\u610f *** **\u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4** \u9a8c\u8bc1\u6212\u6307\u5185\u5bb9\uff1a ```shell swift-ring-builder object.builder ``` \u91cd\u65b0\u5e73\u8861\u6212\u6307\uff1a ```shell swift-ring-builder object.builder rebalance ``` \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\uff1a \u5c06`account.ring.gz`\uff0c`container.ring.gz`\u4ee5\u53ca `object.ring.gz`\u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684`/etc/swift`\u76ee\u5f55\u3002 9.\u5b8c\u6210\u5b89\u88c5 \u7f16\u8f91 /etc/swift/swift.conf \u6587\u4ef6 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\uff1a chown -R root:swift /etc/swift \u5728\u63a7\u5236\u5668\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\uff1a systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service","title":"Swift \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#cyborg","text":"Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 1.\u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 CREATE DATABASE cyborg; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 $ openstack user create --domain default --password-prompt cyborg $ openstack role add --project service --user cyborg admin $ openstack service create --name cyborg --description \"Acceleration Service\" accelerator $ openstack endpoint create --region RegionOne \\ accelerator public http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator internal http://<cyborg-ip>:6666/v1 $ openstack endpoint create --region RegionOne \\ accelerator admin http://<cyborg-ip>:6666/v1 3.\u5b89\u88c5Cyborg yum install openstack-cyborg 4.\u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://%RABBITMQ_USER%:%RABBITMQ_PASSWORD%@%OPENSTACK_HOST_IP%:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [database] connection = mysql+pymysql://%DATABASE_USER%:%DATABASE_PASSWORD%@%OPENSTACK_HOST_IP%/cyborg [service_catalog] project_domain_id = default user_domain_id = default project_name = service password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = placement auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password [keystone_authtoken] memcached_servers = localhost:11211 project_domain_name = Default project_name = service user_domain_name = Default password = PASSWORD username = cyborg auth_url = http://%OPENSTACK_HOST_IP%/identity auth_type = password \u81ea\u884c\u4fee\u6539\u5bf9\u5e94\u7684\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001IP\u7b49\u4fe1\u606f 5.\u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade 6.\u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent","title":"Cyborg \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#aodh","text":"1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 3.\u5b89\u88c5Aodh yum install openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python3-aodhclient \u6ce8\u610f aodh\u4f9d\u8d56\u7684\u8f6f\u4ef6\u5305pytho3-pyparsing\u5728openEuler\u7684OS\u4ed3\u4e0d\u9002\u914d\uff0c\u9700\u8981\u8986\u76d6\u5b89\u88c5OpenStack\u5bf9\u5e94\u7248\u672c\uff0c\u53ef\u4ee5\u4f7f\u7528 yum list |grep pyparsing |grep OpenStack | awk '{print $2}' \u83b7\u53d6\u5bf9\u5e94\u7684\u7248\u672c VERSION,\u7136\u540e\u518d yum install -y python3-pyparsing-VERSION \u8986\u76d6\u5b89\u88c5\u9002\u914d\u7684pyparsing 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 aodh-dbsync 6.\u542f\u52a8Aodh\u670d\u52a1 systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service","title":"Aodh \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#gnocchi","text":"1.\u521b\u5efa\u6570\u636e\u5e93 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; 2.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 3.\u5b89\u88c5Gnocchi yum install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 gnocchi-upgrade 6.\u542f\u52a8Gnocchi\u670d\u52a1 systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service","title":"Gnocchi \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#ceilometer","text":"1.\u521b\u5efa\u5bf9\u5e94Keystone\u8d44\u6e90\u5bf9\u8c61 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering 2.\u5b89\u88c5Ceilometer yum install openstack-ceilometer-notification openstack-ceilometer-central 3.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/pipeline.yaml publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low 4.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/ceilometer/ceilometer.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne 5.\u521d\u59cb\u5316\u6570\u636e\u5e93 ceilometer-upgrade 6.\u542f\u52a8Ceilometer\u670d\u52a1 systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service","title":"Ceilometer \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#heat","text":"1.\u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; 2.\u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin 3.\u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 4.\u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f\uff0c\u5305\u62ec heat domain\u53ca\u5176\u5bf9\u5e94domain\u7684admin\u7528\u6237 heat_domain_admin \uff0c heat_stack_owner \u89d2\u8272\uff0c heat_stack_user \u89d2\u8272 openstack user create --domain heat --password-prompt heat_domain_admin openstack role add --domain heat --user-domain heat --user heat_domain_admin admin openstack role create heat_stack_owner openstack role create heat_stack_user 5.\u5b89\u88c5\u8f6f\u4ef6\u5305 yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine 6.\u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 7.\u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat 8.\u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service","title":"Heat \u5b89\u88c5"},{"location":"install/openEuler-24.03-LTS-SP2/OpenStack-wallaby/#openstack-sigoos","text":"oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 yum install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff1a [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668 \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0openEuler 24.03-LTS-SP2\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 24.03-lts-SP2 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r wallaby \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u547d\u4ee4\u6267\u884c\u6210\u529f\u540e\uff0c\u5728\u7528\u6237\u7684\u6839\u76ee\u5f55\u4e0b\u4f1a\u751f\u6210mytest\u76ee\u5f55\uff0c\u8fdb\u5165\u5176\u4e2d\u5c31\u53ef\u4ee5\u6267\u884ctempest run\u547d\u4ee4\u4e86\u3002 \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u53bb\u9664\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u7b2c4\u6b65\u7531\u5728\u534e\u4e3a\u4e91\u4e0a\u521b\u5efa\u865a\u62df\u673a\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 24.03-lts-SP2 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"\u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u5feb\u901f\u90e8\u7f72"},{"location":"install/openEuler-25.03/OpenStack-antelope/","text":"OpenStack Antelope \u90e8\u7f72\u6307\u5357 \u00b6 OpenStack Antelope \u90e8\u7f72\u6307\u5357 \u57fa\u4e8eRPM\u90e8\u7f72 \u73af\u5883\u51c6\u5907 \u65f6\u949f\u540c\u6b65 \u5b89\u88c5\u6570\u636e\u5e93 \u5b89\u88c5\u6d88\u606f\u961f\u5217 \u5b89\u88c5\u7f13\u5b58\u670d\u52a1 \u90e8\u7f72\u670d\u52a1 Keystone Glance Placement Nova Neutron Cinder Horizon Ironic Trove Swift Cyborg Aodh Gnocchi Ceilometer Heat Tempest \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u90e8\u7f72 \u672c\u6587\u6863\u662f openEuler OpenStack SIG \u7f16\u5199\u7684\u57fa\u4e8e |openEuler 25.03 \u7684 OpenStack \u90e8\u7f72\u6307\u5357\uff0c\u5185\u5bb9\u7531 SIG \u8d21\u732e\u8005\u63d0\u4f9b\u3002\u5728\u9605\u8bfb\u8fc7\u7a0b\u4e2d\uff0c\u5982\u679c\u60a8\u6709\u4efb\u4f55\u7591\u95ee\u6216\u8005\u53d1\u73b0\u4efb\u4f55\u95ee\u9898\uff0c\u8bf7 \u8054\u7cfb SIG\u7ef4\u62a4\u4eba\u5458\uff0c\u6216\u8005\u76f4\u63a5 \u63d0\u4ea4issue \u7ea6\u5b9a \u672c\u7ae0\u8282\u63cf\u8ff0\u6587\u6863\u4e2d\u7684\u4e00\u4e9b\u901a\u7528\u7ea6\u5b9a\u3002 \u540d\u79f0 \u5b9a\u4e49 RABBIT_PASS rabbitmq\u7684\u5bc6\u7801\uff0c\u7531\u7528\u6237\u8bbe\u7f6e\uff0c\u5728OpenStack\u5404\u4e2a\u670d\u52a1\u914d\u7f6e\u4e2d\u4f7f\u7528 CINDER_PASS cinder\u670d\u52a1keystone\u7528\u6237\u7684\u5bc6\u7801\uff0c\u5728cinder\u914d\u7f6e\u4e2d\u4f7f\u7528 CINDER_DBPASS cinder\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728cinder\u914d\u7f6e\u4e2d\u4f7f\u7528 KEYSTONE_DBPASS keystone\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728keystone\u914d\u7f6e\u4e2d\u4f7f\u7528 GLANCE_PASS glance\u670d\u52a1keystone\u7528\u6237\u7684\u5bc6\u7801\uff0c\u5728glance\u914d\u7f6e\u4e2d\u4f7f\u7528 GLANCE_DBPASS glance\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728glance\u914d\u7f6e\u4e2d\u4f7f\u7528 HEAT_PASS \u5728keystone\u6ce8\u518c\u7684heat\u7528\u6237\u5bc6\u7801\uff0c\u5728heat\u914d\u7f6e\u4e2d\u4f7f\u7528 HEAT_DBPASS heat\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728heat\u914d\u7f6e\u4e2d\u4f7f\u7528 CYBORG_PASS \u5728keystone\u6ce8\u518c\u7684cyborg\u7528\u6237\u5bc6\u7801\uff0c\u5728cyborg\u914d\u7f6e\u4e2d\u4f7f\u7528 CYBORG_DBPASS cyborg\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728cyborg\u914d\u7f6e\u4e2d\u4f7f\u7528 NEUTRON_PASS \u5728keystone\u6ce8\u518c\u7684neutron\u7528\u6237\u5bc6\u7801\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 NEUTRON_DBPASS neutron\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 PROVIDER_INTERFACE_NAME \u7269\u7406\u7f51\u7edc\u63a5\u53e3\u7684\u540d\u79f0\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 OVERLAY_INTERFACE_IP_ADDRESS Controller\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406ip\u5730\u5740\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 METADATA_SECRET metadata proxy\u7684secret\u5bc6\u7801\uff0c\u5728nova\u548cneutron\u914d\u7f6e\u4e2d\u4f7f\u7528 PLACEMENT_DBPASS placement\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728placement\u914d\u7f6e\u4e2d\u4f7f\u7528 PLACEMENT_PASS \u5728keystone\u6ce8\u518c\u7684placement\u7528\u6237\u5bc6\u7801\uff0c\u5728placement\u914d\u7f6e\u4e2d\u4f7f\u7528 NOVA_DBPASS nova\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728nova\u914d\u7f6e\u4e2d\u4f7f\u7528 NOVA_PASS \u5728keystone\u6ce8\u518c\u7684nova\u7528\u6237\u5bc6\u7801\uff0c\u5728nova,cyborg,neutron\u7b49\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_DBPASS ironic\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728ironic\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_PASS \u5728keystone\u6ce8\u518c\u7684ironic\u7528\u6237\u5bc6\u7801\uff0c\u5728ironic\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_INSPECTOR_DBPASS ironic-inspector\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728ironic-inspector\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_INSPECTOR_PASS \u5728keystone\u6ce8\u518c\u7684ironic-inspector\u7528\u6237\u5bc6\u7801\uff0c\u5728ironic-inspector\u914d\u7f6e\u4e2d\u4f7f\u7528 OpenStack SIG \u63d0\u4f9b\u4e86\u591a\u79cd\u57fa\u4e8e openEuler \u90e8\u7f72 OpenStack \u7684\u65b9\u6cd5\uff0c\u4ee5\u6ee1\u8db3\u4e0d\u540c\u7684\u7528\u6237\u573a\u666f\uff0c\u8bf7\u6309\u9700\u9009\u62e9\u3002 \u57fa\u4e8eRPM\u90e8\u7f72 \u00b6 \u73af\u5883\u51c6\u5907 \u00b6 \u672c\u6587\u6863\u57fa\u4e8eOpenStack\u7ecf\u5178\u7684\u4e09\u8282\u70b9\u73af\u5883\u8fdb\u884c\u90e8\u7f72\uff0c\u4e09\u4e2a\u8282\u70b9\u5206\u522b\u662f\u63a7\u5236\u8282\u70b9(Controller)\u3001\u8ba1\u7b97\u8282\u70b9(Compute)\u3001\u5b58\u50a8\u8282\u70b9(Storage)\uff0c\u5176\u4e2d\u5b58\u50a8\u8282\u70b9\u4e00\u822c\u53ea\u90e8\u7f72\u5b58\u50a8\u670d\u52a1\uff0c\u5728\u8d44\u6e90\u6709\u9650\u7684\u60c5\u51b5\u4e0b\uff0c\u53ef\u4ee5\u4e0d\u5355\u72ec\u90e8\u7f72\u8be5\u8282\u70b9\uff0c\u628a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u670d\u52a1\u90e8\u7f72\u5230\u8ba1\u7b97\u8282\u70b9\u5373\u53ef\u3002 \u9996\u5148\u51c6\u5907\u4e09\u4e2a|openEuler 25.03\u73af\u5883\uff0c\u6839\u636e\u60a8\u7684\u73af\u5883\uff0c\u4e0b\u8f7d\u5bf9\u5e94\u7684\u955c\u50cf\u5e76\u5b89\u88c5\u5373\u53ef\uff1a[ISO\u955c\u50cf] https://repo.openeuler.org/openEuler-24.03-LTS-SP1/ISO/ \u3001[qcow2\u955c\u50cf] https://repo.openeuler.org/openEuler-24.03-LTS-SP1/virtual_machine_img/ \u3002 \u4e0b\u9762\u7684\u5b89\u88c5\u6309\u7167\u5982\u4e0b\u62d3\u6251\u8fdb\u884c\uff1a controller\uff1a192.168.0.2 compute\uff1a 192.168.0.3 storage\uff1a 192.168.0.4 \u5982\u679c\u60a8\u7684\u73af\u5883IP\u4e0d\u540c\uff0c\u8bf7\u6309\u7167\u60a8\u7684\u73af\u5883IP\u4fee\u6539\u76f8\u5e94\u7684\u914d\u7f6e\u6587\u4ef6\u3002 \u672c\u6587\u6863\u7684\u4e09\u8282\u70b9\u670d\u52a1\u62d3\u6251\u5982\u4e0b\u56fe\u6240\u793a(\u53ea\u5305\u542bKeystone\u3001Glance\u3001Nova\u3001Cinder\u3001Neutron\u8fd9\u51e0\u4e2a\u6838\u5fc3\u670d\u52a1\uff0c\u5176\u4ed6\u670d\u52a1\u8bf7\u53c2\u8003\u5177\u4f53\u90e8\u7f72\u7ae0\u8282)\uff1a \u5728\u6b63\u5f0f\u90e8\u7f72\u4e4b\u524d\uff0c\u9700\u8981\u5bf9\u6bcf\u4e2a\u8282\u70b9\u505a\u5982\u4e0b\u914d\u7f6e\u548c\u68c0\u67e5\uff1a \u914d\u7f6e |openEuler 25.03 \u5b98\u65b9 yum \u6e90\uff0c\u9700\u8981\u542f\u7528 EPOL \u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301 OpenStack yum update yum install openstack-release-antelope yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP1/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-24.03-LTS-SP1/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u6bcf\u4e2a\u8282\u70b9\u5206\u522b\u4fee\u6539\u4e3b\u673a\u540d\uff0c\u4ee5controller\u4e3a\u4f8b\uff1a hostnamectl set-hostname controller vi /etc/hostname \u5185\u5bb9\u4fee\u6539\u4e3acontroller \u7136\u540e\u4fee\u6539\u6bcf\u4e2a\u8282\u70b9\u7684 /etc/hosts \u6587\u4ef6\uff0c\u65b0\u589e\u5982\u4e0b\u5185\u5bb9: 192.168.0.2 controller 192.168.0.3 compute 192.168.0.4 storage \u65f6\u949f\u540c\u6b65 \u00b6 \u96c6\u7fa4\u73af\u5883\u65f6\u523b\u8981\u6c42\u6bcf\u4e2a\u8282\u70b9\u7684\u65f6\u95f4\u4e00\u81f4\uff0c\u4e00\u822c\u7531\u65f6\u949f\u540c\u6b65\u8f6f\u4ef6\u4fdd\u8bc1\u3002\u672c\u6587\u4f7f\u7528 chrony \u8f6f\u4ef6\u3002\u6b65\u9aa4\u5982\u4e0b\uff1a Controller\u8282\u70b9 \uff1a \u5b89\u88c5\u670d\u52a1 dnf install chrony \u4fee\u6539 /etc/chrony.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u65b0\u589e\u4e00\u884c # \u8868\u793a\u5141\u8bb8\u54ea\u4e9bIP\u4ece\u672c\u8282\u70b9\u540c\u6b65\u65f6\u949f allow 192.168.0.0/24 \u91cd\u542f\u670d\u52a1 systemctl restart chronyd \u5176\u4ed6\u8282\u70b9 \u5b89\u88c5\u670d\u52a1 dnf install chrony \u4fee\u6539 /etc/chrony.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u65b0\u589e\u4e00\u884c # NTP_SERVER\u662fcontroller IP\uff0c\u8868\u793a\u4ece\u8fd9\u4e2a\u673a\u5668\u83b7\u53d6\u65f6\u95f4\uff0c\u8fd9\u91cc\u6211\u4eec\u586b192.168.0.2\uff0c\u6216\u8005\u5728`/etc/hosts`\u91cc\u914d\u7f6e\u597d\u7684controller\u540d\u5b57\u5373\u53ef\u3002 server NTP_SERVER iburst \u540c\u65f6\uff0c\u8981\u628a pool pool.ntp.org iburst \u8fd9\u4e00\u884c\u6ce8\u91ca\u6389\uff0c\u8868\u793a\u4e0d\u4ece\u516c\u7f51\u540c\u6b65\u65f6\u949f\u3002 \u91cd\u542f\u670d\u52a1 systemctl restart chronyd \u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u68c0\u67e5\u4e00\u4e0b\u7ed3\u679c\uff0c\u5728\u5176\u4ed6\u975econtroller\u8282\u70b9\u6267\u884c chronyc sources \uff0c\u8fd4\u56de\u7ed3\u679c\u7c7b\u4f3c\u5982\u4e0b\u5185\u5bb9\uff0c\u8868\u793a\u6210\u529f\u4ececontroller\u540c\u6b65\u65f6\u949f\u3002 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* 192.168.0.2 4 6 7 0 -1406ns[ +55us] +/- 16ms \u5b89\u88c5\u6570\u636e\u5e93 \u00b6 \u6570\u636e\u5e93\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528mariadb\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install mysql-config mariadb mariadb-server python3-PyMySQL \u65b0\u589e\u914d\u7f6e\u6587\u4ef6 /etc/my.cnf.d/openstack.cnf \uff0c\u5185\u5bb9\u5982\u4e0b [mysqld] bind-address = 192.168.0.2 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u542f\u52a8\u670d\u52a1\u5668 systemctl start mariadb \u521d\u59cb\u5316\u6570\u636e\u5e93\uff0c\u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef mysql_secure_installation \u793a\u4f8b\u5982\u4e0b\uff1a NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and haven't set the root password yet, you should just press enter here. Enter current password for root (enter for none): #\u8fd9\u91cc\u8f93\u5165\u5bc6\u7801\uff0c\u7531\u4e8e\u6211\u4eec\u662f\u521d\u59cb\u5316DB\uff0c\u76f4\u63a5\u56de\u8f66\u5c31\u884c OK, successfully used password, moving on... Setting the root password or using the unix_socket ensures that nobody can log into the MariaDB root user without the proper authorisation. You already have your root account protected, so you can safely answer 'n'. # \u8fd9\u91cc\u6839\u636e\u63d0\u793a\u8f93\u5165N Switch to unix_socket authentication [Y/n] N Enabled successfully! Reloading privilege tables.. ... Success! You already have your root account protected, so you can safely answer 'n'. # \u8f93\u5165Y\uff0c\u4fee\u6539\u5bc6\u7801 Change the root password? [Y/n] Y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. # \u8f93\u5165Y\uff0c\u5220\u9664\u533f\u540d\u7528\u6237 Remove anonymous users? [Y/n] Y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. # \u8f93\u5165Y\uff0c\u5173\u95edroot\u8fdc\u7a0b\u767b\u5f55\u6743\u9650 Disallow root login remotely? [Y/n] Y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. # \u8f93\u5165Y\uff0c\u5220\u9664test\u6570\u636e\u5e93 Remove test database and access to it? [Y/n] Y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. # \u8f93\u5165Y\uff0c\u91cd\u8f7d\u914d\u7f6e Reload privilege tables now? [Y/n] Y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. \u9a8c\u8bc1\uff0c\u6839\u636e\u7b2c\u56db\u6b65\u8bbe\u7f6e\u7684\u5bc6\u7801\uff0c\u68c0\u67e5\u662f\u5426\u80fd\u767b\u5f55mariadb mysql -uroot -p \u5b89\u88c5\u6d88\u606f\u961f\u5217 \u00b6 \u6d88\u606f\u961f\u5217\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528rabbitmq\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install rabbitmq-server \u542f\u52a8\u670d\u52a1 systemctl start rabbitmq-server \u914d\u7f6eopenstack\u7528\u6237\uff0c RABBIT_PASS \u662fopenstack\u670d\u52a1\u767b\u5f55\u6d88\u606f\u961f\u91cc\u7684\u5bc6\u7801\uff0c\u9700\u8981\u548c\u540e\u9762\u5404\u4e2a\u670d\u52a1\u7684\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\u3002 rabbitmqctl add_user openstack RABBIT_PASS rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\" \u5b89\u88c5\u7f13\u5b58\u670d\u52a1 \u00b6 \u7f13\u5b58\u670d\u52a1\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528Memcached\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install memcached python3-memcached \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u542f\u52a8\u670d\u52a1 systemctl start memcached \u90e8\u7f72\u670d\u52a1 \u00b6 Keystone \u00b6 Keystone\u662fOpenStack\u63d0\u4f9b\u7684\u9274\u6743\u670d\u52a1\uff0c\u662f\u6574\u4e2aOpenStack\u7684\u5165\u53e3\uff0c\u63d0\u4f9b\u4e86\u79df\u6237\u9694\u79bb\u3001\u7528\u6237\u8ba4\u8bc1\u3001\u670d\u52a1\u53d1\u73b0\u7b49\u529f\u80fd\uff0c\u5fc5\u987b\u5b89\u88c5\u3002 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server \u6253\u5f00httpd.conf\u5e76\u914d\u7f6e #\u9700\u8981\u4fee\u6539\u7684\u914d\u7f6e\u6587\u4ef6\u8def\u5f84 vim /etc/httpd/conf/httpd.conf #\u4fee\u6539\u4ee5\u4e0b\u9879\uff0c\u5982\u679c\u6ca1\u6709\u5219\u65b0\u6dfb\u52a0 ServerName controller \u521b\u5efa\u8f6f\u94fe\u63a5 ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles \u9700\u8981\u5148\u5b89\u88c5python3-openstackclient dnf install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue Glance \u00b6 Glance\u662fOpenStack\u63d0\u4f9b\u7684\u955c\u50cf\u670d\u52a1\uff0c\u8d1f\u8d23\u865a\u62df\u673a\u3001\u88f8\u673a\u955c\u50cf\u7684\u4e0a\u4f20\u4e0e\u4e0b\u8f7d\uff0c\u5fc5\u987b\u5b89\u88c5\u3002 Controller\u8282\u70b9 \uff1a \u521b\u5efa glance \u6570\u636e\u5e93\u5e76\u6388\u6743 mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521d\u59cb\u5316 glance \u8d44\u6e90\u5bf9\u8c61 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efa\u7528\u6237\u65f6\uff0c\u547d\u4ee4\u884c\u4f1a\u63d0\u793a\u8f93\u5165\u5bc6\u7801\uff0c\u8bf7\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u5bc6\u7801\uff0c\u4e0b\u6587\u6d89\u53ca\u5230 GLANCE_PASS \u7684\u5730\u65b9\u66ff\u6362\u6210\u8be5\u5bc6\u7801\u5373\u53ef\u3002 openstack user create --domain default --password-prompt glance User Password: Repeat User Password: \u6dfb\u52a0glance\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user glance admin \u521b\u5efaglance\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efaglance API\u670d\u52a1\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-glance \u4fee\u6539 glance \u914d\u7f6e\u6587\u4ef6 vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrcu \u4e0b\u8f7d\u955c\u50cf x86\u955c\u50cf\u4e0b\u8f7d\uff1a wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img arm\u955c\u50cf\u4e0b\u8f7d\uff1a wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-aarch64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list Placement \u00b6 Placement\u662fOpenStack\u63d0\u4f9b\u7684\u8d44\u6e90\u8c03\u5ea6\u7ec4\u4ef6\uff0c\u4e00\u822c\u4e0d\u9762\u5411\u7528\u6237\uff0c\u7531Nova\u7b49\u7ec4\u4ef6\u8c03\u7528\uff0c\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\u3002 \u5b89\u88c5\u3001\u914d\u7f6ePlacement\u670d\u52a1\u524d\uff0c\u9700\u8981\u5148\u521b\u5efa\u76f8\u5e94\u7684\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548cAPI endpoints\u3002 \u521b\u5efa\u6570\u636e\u5e93 \u4f7f\u7528root\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\u670d\u52a1\uff1a mysql -u root -p \u521b\u5efaplacement\u6570\u636e\u5e93\uff1a MariaDB [(none)]> CREATE DATABASE placement; \u6388\u6743\u6570\u636e\u5e93\u8bbf\u95ee\uff1a MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; \u66ff\u6362 PLACEMENT_DBPASS \u4e3aplacement\u6570\u636e\u5e93\u8bbf\u95ee\u5bc6\u7801\u3002 \u9000\u51fa\u6570\u636e\u5e93\u8bbf\u95ee\u5ba2\u6237\u7aef\uff1a exit \u914d\u7f6e\u7528\u6237\u548cEndpoints source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u521b\u5efaplacement\u7528\u6237\u5e76\u8bbe\u7f6e\u7528\u6237\u5bc6\u7801\uff1a openstack user create --domain default --password-prompt placement User Password: Repeat User Password: \u6dfb\u52a0placement\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user placement admin \u521b\u5efaplacement\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name placement \\ --description \"Placement API\" placement \u521b\u5efaPlacement API\u670d\u52a1endpoints\uff1a openstack endpoint create --region RegionOne \\ placement public http://controller:8778 openstack endpoint create --region RegionOne \\ placement internal http://controller:8778 openstack endpoint create --region RegionOne \\ placement admin http://controller:8778 \u5b89\u88c5\u53ca\u914d\u7f6e\u7ec4\u4ef6 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a dnf install openstack-placement-api \u7f16\u8f91 /etc/placement/placement.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u5b8c\u6210\u5982\u4e0b\u64cd\u4f5c\uff1a \u5728 [placement_database] \u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1a [placement_database] connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement \u66ff\u6362 PLACEMENT_DBPASS \u4e3aplacement\u6570\u636e\u5e93\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u6570\u636e\u5e93\u540c\u6b65\uff0c\u586b\u5145Placement\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8\u670d\u52a1 \u91cd\u542fhttpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650 source ~/.admin-openrc \u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a placement-status upgrade check +----------------------------------------------------------------------+ | Upgrade Check Results | +----------------------------------------------------------------------+ | Check: Missing Root Provider IDs | | Result: Success | | Details: None | +----------------------------------------------------------------------+ | Check: Incomplete Consumers | | Result: Success | | Details: None | +----------------------------------------------------------------------+ | Check: Policy File JSON to YAML Migration | | Result: Failure | | Details: Your policy file is JSON-formatted which is deprecated. You | | need to switch to YAML-formatted file. Use the | | ``oslopolicy-convert-json-to-yaml`` tool to convert the | | existing JSON-formatted files to YAML in a backwards- | | compatible manner: https://docs.openstack.org/oslo.policy/ | | latest/cli/oslopolicy-convert-json-to-yaml.html. | +----------------------------------------------------------------------+ \u8fd9\u91cc\u53ef\u4ee5\u770b\u5230 Policy File JSON to YAML Migration \u7684\u7ed3\u679c\u4e3aFailure\u3002\u8fd9\u662f\u56e0\u4e3a\u5728Placement\u4e2d\uff0cJSON\u683c\u5f0f\u7684policy\u6587\u4ef6\u4eceWallaby\u7248\u672c\u5f00\u59cb\u5df2\u5904\u4e8e deprecated \u72b6\u6001\u3002\u53ef\u4ee5\u53c2\u8003\u63d0\u793a\uff0c\u4f7f\u7528 oslopolicy-convert-json-to-yaml \u5de5\u5177 \u5c06\u73b0\u6709\u7684JSON\u683c\u5f0fpolicy\u6587\u4ef6\u8f6c\u5316\u4e3aYAML\u683c\u5f0f\u3002 oslopolicy-convert-json-to-yaml --namespace placement \\ --policy-file /etc/placement/policy.json \\ --output-file /etc/placement/policy.yaml mv /etc/placement/policy.json{,.bak} \u6ce8\uff1a\u5f53\u524d\u73af\u5883\u4e2d\u6b64\u95ee\u9898\u53ef\u5ffd\u7565\uff0c\u4e0d\u5f71\u54cd\u8fd0\u884c\u3002 \u9488\u5bf9placement API\u8fd0\u884c\u547d\u4ee4\uff1a \u5b89\u88c5osc-placement\u63d2\u4ef6\uff1a dnf install python3-osc-placement \u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a openstack --os-placement-api-version 1.2 resource class list --sort-column name +----------------------------+ | name | +----------------------------+ | DISK_GB | | FPGA | | ... | openstack --os-placement-api-version 1.6 trait list --sort-column name +---------------------------------------+ | name | +---------------------------------------+ | COMPUTE_ACCELERATORS | | COMPUTE_ARCH_AARCH64 | | ... | Nova \u00b6 Nova\u662fOpenStack\u7684\u8ba1\u7b97\u670d\u52a1\uff0c\u8d1f\u8d23\u865a\u62df\u673a\u7684\u521b\u5efa\u3001\u53d1\u653e\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u521b\u5efa\u6570\u636e\u5e93 \u4f7f\u7528root\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\u670d\u52a1\uff1a mysql -u root -p \u521b\u5efa nova_api \u3001 nova \u548c nova_cell0 \u6570\u636e\u5e93\uff1a MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; \u6388\u6743\u6570\u636e\u5e93\u8bbf\u95ee\uff1a MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; \u66ff\u6362 NOVA_DBPASS \u4e3anova\u76f8\u5173\u6570\u636e\u5e93\u8bbf\u95ee\u5bc6\u7801\u3002 \u9000\u51fa\u6570\u636e\u5e93\u8bbf\u95ee\u5ba2\u6237\u7aef\uff1a exit \u914d\u7f6e\u7528\u6237\u548cEndpoints source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u521b\u5efanova\u7528\u6237\u5e76\u8bbe\u7f6e\u7528\u6237\u5bc6\u7801\uff1a openstack user create --domain default --password-prompt nova User Password: Repeat User Password: \u6dfb\u52a0nova\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user nova admin \u521b\u5efanova\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name nova \\ --description \"OpenStack Compute\" compute \u521b\u5efaNova API\u670d\u52a1endpoints\uff1a openstack endpoint create --region RegionOne \\ compute public http://controller:8774/v2.1 openstack endpoint create --region RegionOne \\ compute internal http://controller:8774/v2.1 openstack endpoint create --region RegionOne \\ compute admin http://controller:8774/v2.1 \u5b89\u88c5\u53ca\u914d\u7f6e\u7ec4\u4ef6 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a dnf install openstack-nova-api openstack-nova-conductor \\ openstack-nova-novncproxy openstack-nova-scheduler \u7f16\u8f91 /etc/nova/nova.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u5b8c\u6210\u5982\u4e0b\u64cd\u4f5c\uff1a \u5728 [default] \u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u4f7f\u7528controller\u8282\u70b9\u7ba1\u7406IP\u914d\u7f6emy_ip\uff0c\u663e\u5f0f\u5b9a\u4e49log_dir\uff1a [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 192.168.0.2 log_dir = /var/log/nova state_path = /var/lib/nova \u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002 \u5728 [api_database] \u548c [database] \u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1a [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova \u66ff\u6362 NOVA_DBPASS \u4e3anova\u76f8\u5173\u6570\u636e\u5e93\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u5728 [vnc] \u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1a [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip \u5728 [glance] \u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1a [glance] api_servers = http://controller:9292 \u5728 [oslo_concurrency] \u90e8\u5206\uff0c\u914d\u7f6elock path\uff1a [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\uff1a [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u6570\u636e\u5e93\u540c\u6b65\uff1a \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova \u542f\u52a8\u670d\u52a1 systemctl enable \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service Compute\u8282\u70b9 \u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-nova-compute \u7f16\u8f91 /etc/nova/nova.conf \u914d\u7f6e\u6587\u4ef6 \u5728 [default] \u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u4f7f\u7528Compute\u8282\u70b9\u7ba1\u7406IP\u914d\u7f6emy_ip\uff0c\u663e\u5f0f\u5b9a\u4e49compute_driver\u3001instances_path\u3001log_dir\uff1a [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 192.168.0.3 compute_driver = libvirt.LibvirtDriver instances_path = /var/lib/nova/instances log_dir = /var/log/nova \u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u5728 [vnc] \u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1a [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html \u5728 [glance] \u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1a [glance] api_servers = http://controller:9292 \u5728 [oslo_concurrency] \u90e8\u5206\uff0c\u914d\u7f6elock path\uff1a [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\uff1a [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86_64\uff09 \u5904\u7406\u5668\u4e3ax86_64\u67b6\u6784\u65f6\uff0c\u53ef\u901a\u8fc7\u8fd0\u884c\u5982\u4e0b\u547d\u4ee4\u786e\u8ba4\u662f\u5426\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662f\u9ed8\u8ba4\u7684KVM\u3002\u7f16\u8f91 /etc/nova/nova.conf \u7684 [libvirt] \u90e8\u5206\uff1a [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e\u3002 \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08arm64\uff09 \u5904\u7406\u5668\u4e3aarm64\u67b6\u6784\u65f6\uff0c\u53ef\u901a\u8fc7\u8fd0\u884c\u5982\u4e0b\u547d\u4ee4\u786e\u8ba4\u662f\u5426\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff1a virt-host-validate # \u8be5\u547d\u4ee4\u7531libvirt\u63d0\u4f9b\uff0c\u6b64\u65f6libvirt\u5e94\u5df2\u4f5c\u4e3aopenstack-nova-compute\u4f9d\u8d56\u88ab\u5b89\u88c5\uff0c\u73af\u5883\u4e2d\u5df2\u6709\u6b64\u547d\u4ee4 \u663e\u793aFAIL\u65f6\uff0c\u8868\u793a\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662f\u9ed8\u8ba4\u7684KVM\u3002 QEMU: Checking if device /dev/kvm exists: FAIL (Check that CPU and firmware supports virtualization and kvm module is loaded) \u7f16\u8f91 /etc/nova/nova.conf \u7684 [libvirt] \u90e8\u5206\uff1a [libvirt] virt_type = qemu \u663e\u793aPASS\u65f6\uff0c\u8868\u793a\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e\u3002 QEMU: Checking if device /dev/kvm exists: PASS \u914d\u7f6eqemu\uff08\u4ec5arm64\uff09 \u4ec5\u5f53\u5904\u7406\u5668\u4e3aarm64\u67b6\u6784\u65f6\u9700\u8981\u6267\u884c\u6b64\u64cd\u4f5c\u3002 \u7f16\u8f91 /etc/libvirt/qemu.conf : nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u7f16\u8f91 /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } \u542f\u52a8\u670d\u52a1 systemctl enable libvirtd.service openstack-nova-compute.service systemctl start libvirtd.service openstack-nova-compute.service Controller\u8282\u70b9 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u786e\u8ba4nova-compute\u670d\u52a1\u5df2\u8bc6\u522b\u5230\u6570\u636e\u5e93\u4e2d\uff1a openstack compute service list --service nova-compute \u53d1\u73b0\u8ba1\u7b97\u8282\u70b9\uff0c\u5c06\u8ba1\u7b97\u8282\u70b9\u6dfb\u52a0\u5230cell\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova \u7ed3\u679c\u5982\u4e0b\uff1a Modules with known eventlet monkey patching issues were imported prior to eventlet monkey patching: urllib3. This warning can usually be ignored if the caller is only importing and not executing nova code. Found 2 cell mappings. Skipping cell0 since it does not contain hosts. Getting computes from cell 'cell1': 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2 Checking host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e Creating host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e Found 1 unmapped computes in cell: 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2 \u9a8c\u8bc1 \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check Neutron \u00b6 Neutron\u662fOpenStack\u7684\u7f51\u7edc\u670d\u52a1\uff0c\u63d0\u4f9b\u865a\u62df\u4ea4\u6362\u673a\u3001IP\u8def\u7531\u3001DHCP\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u670d\u52a1\u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u7528\u6237\u548c\u670d\u52a1\uff0c\u5e76\u8bb0\u4f4f\u521b\u5efaneutron\u7528\u6237\u65f6\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6eNEUTRON_PASS\uff1a source ~/.admin-openrc openstack user create --domain default --password-prompt neutron openstack role add --project service --user neutron admin openstack service create --name neutron --description \"OpenStack Networking\" network \u90e8\u7f72 Neutron API \u670d\u52a1\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 openstack endpoint create --region RegionOne network internal http://controller:9696 openstack endpoint create --region RegionOne network admin http://controller:9696 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install -y openstack-neutron openstack-neutron-linuxbridge ebtables ipset openstack-neutron-ml2 \u914d\u7f6eNeutron \u4fee\u6539/etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron [DEFAULT] core_plugin = ml2 service_plugins = router allow_overlapping_ips = true transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = nova password = NOVA_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp [experimental] linuxbridge = true \u914d\u7f6eML2\uff0cML2\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge** \u4fee\u6539/etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u4fee\u6539/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u914d\u7f6eLayer-3\u4ee3\u7406 \u4fee\u6539/etc/neutron/l3_agent.ini [DEFAULT] interface_driver = linuxbridge \u914d\u7f6eDHCP\u4ee3\u7406 \u4fee\u6539/etc/neutron/dhcp_agent.ini [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u914d\u7f6emetadata\u4ee3\u7406 \u4fee\u6539/etc/neutron/metadata_agent.ini [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u914d\u7f6enova\u670d\u52a1\u4f7f\u7528neutron\uff0c\u4fee\u6539/etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542fnova api\u670d\u52a1 systemctl restart openstack-nova-api \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service systemctl start neutron-server.service neutron-linuxbridge-agent.service \\ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service Compute\u8282\u70b9 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-neutron-linuxbridge ebtables ipset -y \u914d\u7f6eNeutron \u4fee\u6539/etc/neutron/neutron.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u4fee\u6539/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u914d\u7f6enova compute\u670d\u52a1\u4f7f\u7528neutron\uff0c\u4fee\u6539/etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS \u91cd\u542fnova-compute\u670d\u52a1 systemctl restart openstack-nova-compute.service \u542f\u52a8Neutron linuxbridge agent\u670d\u52a1 systemctl enable neutron-linuxbridge-agent systemctl start neutron-linuxbridge-agent Cinder \u00b6 Cinder\u662fOpenStack\u7684\u5b58\u50a8\u670d\u52a1\uff0c\u63d0\u4f9b\u5757\u8bbe\u5907\u7684\u521b\u5efa\u3001\u53d1\u653e\u3001\u5907\u4efd\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \uff1a \u521d\u59cb\u5316\u6570\u636e\u5e93 CINDER_DBPASS \u662f\u7528\u6237\u81ea\u5b9a\u4e49\u7684cinder\u6570\u636e\u5e93\u5bc6\u7801\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u521d\u59cb\u5316Keystone\u8d44\u6e90\u5bf9\u8c61 source ~/.admin-openrc #\u521b\u5efa\u7528\u6237\u65f6\uff0c\u547d\u4ee4\u884c\u4f1a\u63d0\u793a\u8f93\u5165\u5bc6\u7801\uff0c\u8bf7\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u5bc6\u7801\uff0c\u4e0b\u6587\u6d89\u53ca\u5230`CINDER_PASS`\u7684\u5730\u65b9\u66ff\u6362\u6210\u8be5\u5bc6\u7801\u5373\u53ef\u3002 openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-cinder-api openstack-cinder-scheduler \u4fee\u6539cinder\u914d\u7f6e\u6587\u4ef6 /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 192.168.0.2 [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp \u6570\u636e\u5e93\u540c\u6b65 su -s /bin/sh -c \"cinder-manage db sync\" cinder \u4fee\u6539nova\u914d\u7f6e /etc/nova/nova.conf [cinder] os_region_name = RegionOne \u542f\u52a8\u670d\u52a1 systemctl restart openstack-nova-api systemctl start openstack-cinder-api openstack-cinder-scheduler Storage\u8282\u70b9 \uff1a Storage\u8282\u70b9\u8981\u63d0\u524d\u51c6\u5907\u81f3\u5c11\u4e00\u5757\u786c\u76d8\uff0c\u4f5c\u4e3acinder\u7684\u5b58\u50a8\u540e\u7aef\uff0c\u4e0b\u6587\u9ed8\u8ba4storage\u8282\u70b9\u5df2\u7ecf\u5b58\u5728\u4e00\u5757\u672a\u4f7f\u7528\u7684\u786c\u76d8\uff0c\u8bbe\u5907\u540d\u79f0\u4e3a /dev/sdb \uff0c\u7528\u6237\u5728\u914d\u7f6e\u8fc7\u7a0b\u4e2d\uff0c\u8bf7\u6309\u7167\u771f\u5b9e\u73af\u5883\u4fe1\u606f\u8fdb\u884c\u540d\u79f0\u66ff\u6362\u3002 Cinder\u652f\u6301\u5f88\u591a\u7c7b\u578b\u7684\u540e\u7aef\u5b58\u50a8\uff0c\u672c\u6307\u5bfc\u4f7f\u7528\u6700\u7b80\u5355\u7684lvm\u4e3a\u53c2\u8003\uff0c\u5982\u679c\u60a8\u60f3\u4f7f\u7528\u5982ceph\u7b49\u5176\u4ed6\u540e\u7aef\uff0c\u8bf7\u81ea\u884c\u914d\u7f6e\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils openstack-cinder-volume openstack-cinder-backup \u914d\u7f6elvm\u5377\u7ec4 pvcreate /dev/sdb vgcreate cinder-volumes /dev/sdb \u4fee\u6539cinder\u914d\u7f6e /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 192.168.0.4 enabled_backends = lvm glance_api_servers = http://controller:9292 [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = cinder password = CINDER_PASS [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver volume_group = cinder-volumes target_protocol = iscsi target_helper = lioadm [oslo_concurrency] lock_path = /var/lib/cinder/tmp \u914d\u7f6ecinder backup \uff08\u53ef\u9009\uff09 cinder-backup\u662f\u53ef\u9009\u7684\u5907\u4efd\u670d\u52a1\uff0ccinder\u540c\u6837\u652f\u6301\u5f88\u591a\u79cd\u5907\u4efd\u540e\u7aef\uff0c\u672c\u6587\u4f7f\u7528swift\u5b58\u50a8\uff0c\u5982\u679c\u60a8\u60f3\u4f7f\u7528\u5982NFS\u7b49\u540e\u7aef\uff0c\u8bf7\u81ea\u884c\u914d\u7f6e\uff0c\u4f8b\u5982\u53ef\u4ee5\u53c2\u8003 OpenStack\u5b98\u65b9\u6587\u6863 \u5bf9NFS\u7684\u914d\u7f6e\u8bf4\u660e\u3002 \u4fee\u6539 /etc/cinder/cinder.conf \uff0c\u5728 [DEFAULT] \u4e2d\u65b0\u589e [DEFAULT] backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver backup_swift_url = SWIFT_URL \u8fd9\u91cc\u7684 SWIFT_URL \u662f\u6307\u73af\u5883\u4e2dswift\u670d\u52a1\u7684URL\uff0c\u5728\u90e8\u7f72\u5b8cswift\u670d\u52a1\u540e\uff0c\u6267\u884c openstack catalog show object-store \u547d\u4ee4\u83b7\u53d6\u3002 \u542f\u52a8\u670d\u52a1 systemctl start openstack-cinder-volume target systemctl start openstack-cinder-backup (\u53ef\u9009) \u81f3\u6b64\uff0cCinder\u670d\u52a1\u7684\u90e8\u7f72\u5df2\u5168\u90e8\u5b8c\u6210\uff0c\u53ef\u4ee5\u5728controller\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u8fdb\u884c\u7b80\u5355\u7684\u9a8c\u8bc1 source ~/.admin-openrc openstack storage service list openstack volume list Horizon \u00b6 Horizon\u662fOpenStack\u63d0\u4f9b\u7684\u524d\u7aef\u9875\u9762\uff0c\u53ef\u4ee5\u8ba9\u7528\u6237\u901a\u8fc7\u7f51\u9875\u9f20\u6807\u7684\u64cd\u4f5c\u6765\u63a7\u5236OpenStack\u96c6\u7fa4\uff0c\u800c\u4e0d\u7528\u7e41\u7410\u7684CLI\u547d\u4ee4\u884c\u3002Horizon\u4e00\u822c\u90e8\u7f72\u5728\u63a7\u5236\u8282\u70b9\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-dashboard \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] OPENSTACK_KEYSTONE_URL = \"http://controller:5000/v3\" SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f\u670d\u52a1 systemctl restart httpd \u81f3\u6b64\uff0chorizon\u670d\u52a1\u7684\u90e8\u7f72\u5df2\u5168\u90e8\u5b8c\u6210\uff0c\u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165 http://192.168.0.2/dashboard \uff0c\u6253\u5f00horizon\u767b\u5f55\u9875\u9762\u3002 Ironic \u00b6 Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASS'; MariaDB [(none)]> exit Bye \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 \u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 \u66ff\u6362 IRONIC_PASS \u4e3aironic\u7528\u6237\u5bc6\u7801\uff0c IRONIC_INSPECTOR_PASS \u4e3aironic_inspector\u7528\u6237\u5bc6\u7801\u3002 openstack user create --password IRONIC_PASS \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASS --email ironic_inspector@example.com ironic-inspector openstack role add --project service --user ironic-inspector admin \u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal public http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal internal http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://192.168.0.2:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://192.168.0.2:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://192.168.0.2:5050/v1 \u5b89\u88c5\u7ec4\u4ef6 dnf install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf \u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASS \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQ LAlchemy connection string used to connect to the # database (string value) # connection = mysql+pymysql://ironic:IRONIC_DBPASS@DB_IP/ironic connection = mysql+pymysql://ironic:IRONIC_DBPASS@controller/ironic \u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) # transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq \u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASS \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s % (user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) # www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 www_authenticate_uri=http://controller:5000 # Complete admin Identity API endpoint. (string value) # auth_url=http://PRIVATE_IDENTITY_IP:5000 auth_url=http://controller:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASS # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none \u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema \u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 \u5982\u4e0b\u4e3aironic-conductor\u670d\u52a1\u81ea\u8eab\u7684\u6807\u51c6\u914d\u7f6e\uff0cironic-conductor\u670d\u52a1\u53ef\u4ee5\u4e0eironic-api\u670d\u52a1\u5206\u5e03\u4e8e\u4e0d\u540c\u8282\u70b9\uff0c\u672c\u6307\u5357\u4e2d\u5747\u90e8\u7f72\u4e0e\u63a7\u5236\u8282\u70b9\uff0c\u6240\u4ee5\u91cd\u590d\u7684\u914d\u7f6e\u9879\u53ef\u8df3\u8fc7\u3002 \u66ff\u6362\u4f7f\u7528conductor\u670d\u52a1\u6240\u5728host\u7684IP\u914d\u7f6emy_ip\uff1a [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) # my_ip=HOST_IP my_ip = 192.168.0.2 \u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASS \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASS@controller/ironic \u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq \u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c \u66ff\u6362IRONIC_PASS\u4e3aironic\u7528\u6237\u5bc6\u7801\u3002 [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASS # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public # \u5176\u4ed6\u53c2\u8003\u914d\u7f6e [glance] endpoint_override = http://controller:9292 www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 auth_type = password username = ironic password = IRONIC_PASS project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service [service_catalog] region_name = RegionOne project_domain_id = default user_domain_id = default project_name = service password = IRONIC_PASS username = ironic auth_url = http://controller:5000 auth_type = password \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] endpoint_override = <NEUTRON_API_ADDRESS> \u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 \u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u5b89\u88c5\u7ec4\u4ef6 dnf install openstack-ironic-inspector \u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASS'; MariaDB [(none)]> exit Bye \u914d\u7f6e /etc/ironic-inspector/inspector.conf \u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASS \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801 [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASS@controller/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 \u914d\u7f6e\u6d88\u606f\u961f\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s % (user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://controller:5000 www_authenticate_uri = http://controller:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = controller:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True \u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=192.168.0.40,192.168.0.50 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log \u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c \u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade \u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 dnf install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd deploy ramdisk\u955c\u50cf\u4e0b\u8f7d\u6216\u5236\u4f5c \u90e8\u7f72\u4e00\u4e2a\u88f8\u673a\u8282\u70b9\u603b\u5171\u9700\u8981\u4e24\u7ec4\u955c\u50cf\uff1adeploy ramdisk images\u548cuser images\u3002Deploy ramdisk images\u4e0a\u8fd0\u884c\u6709ironic-python-agent(IPA)\u670d\u52a1\uff0cIronic\u901a\u8fc7\u5b83\u8fdb\u884c\u88f8\u673a\u8282\u70b9\u7684\u73af\u5883\u51c6\u5907\u3002User images\u662f\u6700\u7ec8\u88ab\u5b89\u88c5\u88f8\u673a\u8282\u70b9\u4e0a\uff0c\u4f9b\u7528\u6237\u4f7f\u7528\u7684\u955c\u50cf\u3002 ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent-builder\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002\u82e5\u4f7f\u7528\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \uff0c\u540c\u65f6\u5b98\u65b9\u4e5f\u6709\u63d0\u4f9b\u5236\u4f5c\u597d\u7684deploy\u955c\u50cf\uff0c\u53ef\u5c1d\u8bd5\u4e0b\u8f7d\u3002 \u4e0b\u6587\u4ecb\u7ecd\u901a\u8fc7ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder dnf install python3-ironic-python-agent-builder \u6216 pip3 install ironic-python-agent-builder dnf install qemu-img git \u5236\u4f5c\u955c\u50cf \u57fa\u672c\u7528\u6cd5\uff1a usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--lzma] [--extra-args EXTRA_ARGS] [--elements-path ELEMENTS_PATH] distribution positional arguments: distribution Distribution to use options: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic-python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --lzma Use lzma compression for smaller images --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder --elements-path ELEMENTS_PATH Path(s) to custom DIB elements separated by a colon \u64cd\u4f5c\u5b9e\u4f8b\uff1a # -o\u9009\u9879\u6307\u5b9a\u751f\u6210\u7684\u955c\u50cf\u540d # ubuntu\u6307\u5b9a\u751f\u6210ubuntu\u7cfb\u7edf\u7684\u955c\u50cf ironic-python-agent-builder -o my-ubuntu-ipa ubuntu \u53ef\u901a\u8fc7\u8bbe\u7f6e ARCH \u73af\u5883\u53d8\u91cf\uff08\u9ed8\u8ba4\u4e3aamd64\uff09\u6307\u5b9a\u6240\u6784\u5efa\u955c\u50cf\u7684\u67b6\u6784\u3002\u5982\u679c\u662f arm \u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a export ARCH=aarch64 \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf,\u8bbe\u7f6e\u7528\u6237\u540d\u3001\u5bc6\u7801\uff0c\u542f\u7528 sodo \u6743\u9650\uff1b\u5e76\u6dfb\u52a0 -e \u9009\u9879\u4f7f\u7528\u76f8\u5e94\u7684DIB\u5143\u7d20\u3002\u5236\u4f5c\u955c\u50cf\u64cd\u4f5c\u5982\u4e0b\uff1a export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder -o my-ssh-ubuntu-ipa -e selinux-permissive -e devuser ubuntu \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=stable/2023.1 # \u6307\u5b9a\u672c\u5730\u4ed3\u5e93\u53ca\u5206\u652f DIB_REPOLOCATION_ironic_python_agent=/home/user/path/to/repo DIB_REPOREF_ironic_python_agent=my-test-branch ironic-python-agent-builder ubuntu \u53c2\u8003\uff1a source-repositories \u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\u3002 \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a \u5f53\u524d\u7248\u672c\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ ramdisk\u955c\u50cf\u4e2d\u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 \u7f16\u8f91/usr/lib/systemd/system/ironic-python-agent.service\u6587\u4ef6 [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target Trove \u00b6 Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2atrove\u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684trove\u6570\u636e\u5e93\uff0c\u66ff\u6362TROVE_DBPASS\u4e3a\u5408\u9002\u7684\u5bc6\u7801\u3002 CREATE DATABASE trove CHARACTER SET utf8; GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' IDENTIFIED BY 'TROVE_DBPASS'; GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' IDENTIFIED BY 'TROVE_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 # \u521b\u5efatrove\u7528\u6237 openstack user create --domain default --password-prompt trove # \u6dfb\u52a0admin\u89d2\u8272 openstack role add --project service --user trove admin # \u521b\u5efadatabase\u670d\u52a1 openstack service create --name trove --description \"Database service\" database \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5Trove\u3002 dnf install openstack-trove python-troveclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 \u7f16\u8f91/etc/trove/trove.conf\u3002 [DEFAULT] bind_host=192.168.0.2 log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver network_label_regex=.* management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] auth_url = http://controller:5000/v3/ auth_type = password project_domain_name = Default project_name = service user_domain_name = Default password = trove username = TROVE_PASS [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = trove password = TROVE_PASS [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u63a7\u5236\u8282\u70b9\u7684IP\u3002\\ transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801\u3002\\ [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f\u3002\\ Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801\u3002 \u7f16\u8f91/etc/trove/trove-guestagent.conf\u3002 [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df\u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a\u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002\\ transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801\u3002\\ Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801\u3002\\ \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 \u6570\u636e\u5e93\u540c\u6b65\u3002 su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-trove-api.service openstack-trove-taskmanager.service \\ openstack-trove-conductor.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service openstack-trove-taskmanager.service \\ openstack-trove-conductor.service Swift \u00b6 Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 Controller\u8282\u70b9 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 # \u521b\u5efaswift\u7528\u6237 openstack user create --domain default --password-prompt swift # \u6dfb\u52a0admin\u89d2\u8272 openstack role add --project service --user swift admin # \u521b\u5efa\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5Swift\u3002 dnf install openstack-swift-proxy python3-swiftclient python3-keystoneclient \\ python3-keystonemiddleware memcached \u914d\u7f6eproxy-server\u3002 Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cSWIFT_PASS\u5373\u53ef\u3002 vim /etc/swift/proxy-server.conf [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = swift password = SWIFT_PASS delay_auth_decision = True service_token_roles_required = True Storage\u8282\u70b9 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305\u3002 dnf install openstack-swift-account openstack-swift-container openstack-swift-object dnf install xfsprogs rsync \u5c06\u8bbe\u5907/dev/sdb\u548c/dev/sdc\u683c\u5f0f\u5316\u4e3aXFS\u3002 mkfs.xfs /dev/sdb mkfs.xfs /dev/sdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u3002 mkdir -p /srv/node/sdb mkdir -p /srv/node/sdc \u627e\u5230\u65b0\u5206\u533a\u7684UUID\u3002 blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d\u3002 UUID=\"<UUID-from-output-above>\" /srv/node/sdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/sdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\u3002 mount /srv/node/sdb mount /srv/node/sdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e\u3002 \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u914d\u7f6e\u5b58\u50a8\u8282\u70b9\u3002 \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 [DEFAULT] bind_ip = 192.168.0.4 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743\u3002 chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\u3002 mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift Controller\u8282\u70b9\u521b\u5efa\u5e76\u5206\u53d1\u73af \u521b\u5efa\u8d26\u53f7\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840 account.builder \u6587\u4ef6\u3002 swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder account.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS \\ --port 6202 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u8d26\u53f7\u73af\u5185\u5bb9\u3002 swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u8d26\u53f7\u73af\u3002 swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\u3002 swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder container.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u5bb9\u5668\u73af\u5185\u5bb9\u3002 swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u5bb9\u5668\u73af\u3002 swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\u3002 swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder object.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS \\ --port 6200 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u5bf9\u8c61\u73af\u5185\u5bb9\u3002 swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u5bf9\u8c61\u73af\u3002 swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\u3002 \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/swift/swift.conf\u3002 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\u3002 chown -R root:swift /etc/swift \u5b8c\u6210\u5b89\u88c5 \u5728\u63a7\u5236\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\u3002 systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\u3002 systemctl enable openstack-swift-account.service \\ openstack-swift-account-auditor.service \\ openstack-swift-account-reaper.service \\ openstack-swift-account-replicator.service \\ openstack-swift-container.service \\ openstack-swift-container-auditor.service \\ openstack-swift-container-replicator.service \\ openstack-swift-container-updater.service \\ openstack-swift-object.service \\ openstack-swift-object-auditor.service \\ openstack-swift-object-replicator.service \\ openstack-swift-object-updater.service systemctl start openstack-swift-account.service \\ openstack-swift-account-auditor.service \\ openstack-swift-account-reaper.service \\ openstack-swift-account-replicator.service \\ openstack-swift-container.service \\ openstack-swift-container-auditor.service \\ openstack-swift-container-replicator.service \\ openstack-swift-container-updater.service \\ openstack-swift-object.service \\ openstack-swift-object-auditor.service \\ openstack-swift-object-replicator.service \\ openstack-swift-object-updater.service Cyborg \u00b6 Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 Controller\u8282\u70b9 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 mysql -u root -p MariaDB [(none)]> CREATE DATABASE cyborg; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u7528\u6237\u548c\u670d\u52a1\uff0c\u5e76\u8bb0\u4f4f\u521b\u5efacybory\u7528\u6237\u65f6\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6eCYBORG_PASS source ~/.admin-openrc openstack user create --domain default --password-prompt cyborg openstack role add --project service --user cyborg admin openstack service create --name cyborg --description \"Acceleration Service\" accelerator \u4f7f\u7528uwsgi\u90e8\u7f72Cyborg api\u670d\u52a1 openstack endpoint create --region RegionOne accelerator public http://controller/accelerator/v2 openstack endpoint create --region RegionOne accelerator internal http://controller/accelerator/v2 openstack endpoint create --region RegionOne accelerator admin http://controller/accelerator/v2 \u5b89\u88c5Cyborg dnf install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [api] host_ip = 0.0.0.0 [database] connection = mysql+pymysql://cyborg:CYBORG_DBPASS@controller/cyborg [service_catalog] cafile = /opt/stack/data/ca-bundle.pem project_domain_id = default user_domain_id = default project_name = service password = CYBORG_PASS username = cyborg auth_url = http://controller:5000/v3/ auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = password username = PLACEMENT_PASS auth_url = http://controller:5000/v3/ auth_type = password auth_section = keystone_authtoken [nova] project_domain_name = Default project_name = service user_domain_name = Default password = NOVA_PASS username = nova auth_url = http://controller:5000/v3/ auth_type = password auth_section = keystone_authtoken [keystone_authtoken] memcached_servers = localhost:11211 signing_dir = /var/cache/cyborg/api cafile = /opt/stack/data/ca-bundle.pem project_domain_name = Default project_name = service user_domain_name = Default password = CYBORG_PASS username = cyborg auth_url = http://controller:5000/v3/ auth_type = password \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent Aodh \u00b6 Aodh\u53ef\u4ee5\u6839\u636e\u7531Ceilometer\u6216\u8005Gnocchi\u6536\u96c6\u7684\u76d1\u63a7\u6570\u636e\u521b\u5efa\u544a\u8b66\uff0c\u5e76\u8bbe\u7f6e\u89e6\u53d1\u89c4\u5219\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh\u3002 dnf install openstack-aodh-api openstack-aodh-evaluator \\ openstack-aodh-notifier openstack-aodh-listener \\ openstack-aodh-expirer python3-aodhclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/aodh/aodh.conf [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u540c\u6b65\u6570\u636e\u5e93\u3002 aodh-dbsync \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service \\ openstack-aodh-notifier.service openstack-aodh-listener.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service \\ openstack-aodh-notifier.service openstack-aodh-listener.service Gnocchi \u00b6 Gnocchi\u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u65f6\u95f4\u5e8f\u5217\u6570\u636e\u5e93\uff0c\u53ef\u4ee5\u5bf9\u63a5Ceilometer\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi\u3002 dnf install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. # coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u540c\u6b65\u6570\u636e\u5e93\u3002 gnocchi-upgrade \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service Ceilometer \u00b6 Ceilometer\u662fOpenStack\u4e2d\u8d1f\u8d23\u6570\u636e\u6536\u96c6\u7684\u670d\u52a1\u3002 Controller\u8282\u70b9 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer\u8f6f\u4ef6\u5305\u3002 dnf install openstack-ceilometer-notification openstack-ceilometer-central \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/pipeline.yaml\u3002 publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/ceilometer.conf\u3002 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u6570\u636e\u5e93\u540c\u6b65\u3002 ceilometer-upgrade \u5b8c\u6210\u63a7\u5236\u8282\u70b9Ceilometer\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Compute\u8282\u70b9 \u5b89\u88c5Ceilometer\u8f6f\u4ef6\u5305\u3002 dnf install openstack-ceilometer-compute dnf install openstack-ceilometer-ipmi # \u53ef\u9009 \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/ceilometer.conf\u3002 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_url = http://controller:5000 project_domain_id = default user_domain_id = default auth_type = password username = ceilometer project_name = service password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/nova/nova.conf\u3002 [DEFAULT] instance_usage_audit = True instance_usage_audit_period = hour [notifications] notify_on_state_change = vm_and_task_state [oslo_messaging_notifications] driver = messagingv2 \u5b8c\u6210\u5b89\u88c5\u3002 systemctl enable openstack-ceilometer-compute.service systemctl start openstack-ceilometer-compute.service systemctl enable openstack-ceilometer-ipmi.service # \u53ef\u9009 systemctl start openstack-ceilometer-ipmi.service # \u53ef\u9009 # \u91cd\u542fnova-compute\u670d\u52a1 systemctl restart openstack-nova-compute.service Heat \u00b6 Heat\u662f OpenStack \u81ea\u52a8\u7f16\u6392\u670d\u52a1\uff0c\u57fa\u4e8e\u63cf\u8ff0\u6027\u7684\u6a21\u677f\u6765\u7f16\u6392\u590d\u5408\u4e91\u5e94\u7528\uff0c\u4e5f\u79f0\u4e3a Orchestration Service \u3002Heat \u7684\u5404\u670d\u52a1\u4e00\u822c\u5b89\u88c5\u5728 Controller \u8282\u70b9\u4e0a\u3002 Controller\u8282\u70b9 \u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE heat; MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 source ~/.admin-openrc openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f \u521b\u5efa heat domain openstack domain create --description \"Stack projects and users\" heat \u5728 heat domain\u4e0b\u521b\u5efa heat_domain_admin \u7528\u6237\uff0c\u5e76\u8bb0\u4e0b\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6e\u4e0b\u9762\u7684 HEAT_DOMAIN_PASS openstack user create --domain heat --password-prompt heat_domain_admin \u4e3a heat_domain_admin \u7528\u6237\u589e\u52a0 admin \u89d2\u8272 openstack role add --domain heat --user-domain heat --user heat_domain_admin admin \u521b\u5efa heat_stack_owner \u89d2\u8272 openstack role create heat_stack_owner \u521b\u5efa heat_stack_user \u89d2\u8272 openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service Tempest \u00b6 Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 Controller\u8282\u70b9 \uff1a \u5b89\u88c5Tempest dnf install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Antelope\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a dnf install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u90e8\u7f72 \u00b6 oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 yum install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff0cAK/SK\u662f\u7528\u6237\u7684\u534e\u4e3a\u4e91\u767b\u5f55\u5bc6\u94a5\uff0c\u5176\u4ed6\u914d\u7f6e\u4fdd\u6301\u9ed8\u8ba4\u5373\u53ef\uff08\u9ed8\u8ba4\u4f7f\u7528\u65b0\u52a0\u5761region\uff09\uff0c\u9700\u8981\u63d0\u524d\u5728\u4e91\u4e0a\u521b\u5efa\u5bf9\u5e94\u7684\u8d44\u6e90\uff0c\u5305\u62ec\uff1a \u4e00\u4e2a\u5b89\u5168\u7ec4\uff0c\u540d\u5b57\u9ed8\u8ba4\u662f oos \u4e00\u4e2aopenEuler\u955c\u50cf\uff0c\u540d\u79f0\u683c\u5f0f\u662fopenEuler-%(release)s-%(arch)s\uff0c\u4f8b\u5982 openEuler-25.03-arm64 \u4e00\u4e2aVPC\uff0c\u540d\u79f0\u662f oos_vpc \u8be5VPC\u4e0b\u9762\u4e24\u4e2a\u5b50\u7f51\uff0c\u540d\u79f0\u662f oos_subnet1 \u3001 oos_subnet2 [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668(\u53ea\u5728openEuler LTS\u4e0a\u652f\u6301) \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0|openEuler 25.03\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 25.03 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r antelope \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u6267\u884ctempest\u6d4b\u8bd5 \u7528\u6237\u53ef\u4ee5\u4f7f\u7528oos\u81ea\u52a8\u6267\u884c\uff1a oos env test test-oos \u4e5f\u53ef\u4ee5\u624b\u52a8\u767b\u5f55\u76ee\u6807\u8282\u70b9\uff0c\u8fdb\u5165\u6839\u76ee\u5f55\u4e0b\u7684 mytest \u76ee\u5f55\uff0c\u624b\u52a8\u6267\u884c tempest run \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u8df3\u8fc7\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u5728\u7b2c4\u6b65\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 \u88ab\u7eb3\u7ba1\u7684\u865a\u673a\u9700\u8981\u4fdd\u8bc1\uff1a \u81f3\u5c11\u6709\u4e00\u5f20\u7ed9oos\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e neutron_dataplane_interface_name \u81f3\u5c11\u6709\u4e00\u5757\u7ed9oos\u4f7f\u7528\u7684\u786c\u76d8\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e cinder_block_device \u5982\u679c\u8981\u90e8\u7f72swift\u670d\u52a1\uff0c\u5219\u9700\u8981\u65b0\u589e\u4e00\u5757\u786c\u76d8\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e swift_storage_devices # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 25.03 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"openEuler-25.03_Antelope"},{"location":"install/openEuler-25.03/OpenStack-antelope/#openstack-antelope","text":"OpenStack Antelope \u90e8\u7f72\u6307\u5357 \u57fa\u4e8eRPM\u90e8\u7f72 \u73af\u5883\u51c6\u5907 \u65f6\u949f\u540c\u6b65 \u5b89\u88c5\u6570\u636e\u5e93 \u5b89\u88c5\u6d88\u606f\u961f\u5217 \u5b89\u88c5\u7f13\u5b58\u670d\u52a1 \u90e8\u7f72\u670d\u52a1 Keystone Glance Placement Nova Neutron Cinder Horizon Ironic Trove Swift Cyborg Aodh Gnocchi Ceilometer Heat Tempest \u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u90e8\u7f72 \u672c\u6587\u6863\u662f openEuler OpenStack SIG \u7f16\u5199\u7684\u57fa\u4e8e |openEuler 25.03 \u7684 OpenStack \u90e8\u7f72\u6307\u5357\uff0c\u5185\u5bb9\u7531 SIG \u8d21\u732e\u8005\u63d0\u4f9b\u3002\u5728\u9605\u8bfb\u8fc7\u7a0b\u4e2d\uff0c\u5982\u679c\u60a8\u6709\u4efb\u4f55\u7591\u95ee\u6216\u8005\u53d1\u73b0\u4efb\u4f55\u95ee\u9898\uff0c\u8bf7 \u8054\u7cfb SIG\u7ef4\u62a4\u4eba\u5458\uff0c\u6216\u8005\u76f4\u63a5 \u63d0\u4ea4issue \u7ea6\u5b9a \u672c\u7ae0\u8282\u63cf\u8ff0\u6587\u6863\u4e2d\u7684\u4e00\u4e9b\u901a\u7528\u7ea6\u5b9a\u3002 \u540d\u79f0 \u5b9a\u4e49 RABBIT_PASS rabbitmq\u7684\u5bc6\u7801\uff0c\u7531\u7528\u6237\u8bbe\u7f6e\uff0c\u5728OpenStack\u5404\u4e2a\u670d\u52a1\u914d\u7f6e\u4e2d\u4f7f\u7528 CINDER_PASS cinder\u670d\u52a1keystone\u7528\u6237\u7684\u5bc6\u7801\uff0c\u5728cinder\u914d\u7f6e\u4e2d\u4f7f\u7528 CINDER_DBPASS cinder\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728cinder\u914d\u7f6e\u4e2d\u4f7f\u7528 KEYSTONE_DBPASS keystone\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728keystone\u914d\u7f6e\u4e2d\u4f7f\u7528 GLANCE_PASS glance\u670d\u52a1keystone\u7528\u6237\u7684\u5bc6\u7801\uff0c\u5728glance\u914d\u7f6e\u4e2d\u4f7f\u7528 GLANCE_DBPASS glance\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728glance\u914d\u7f6e\u4e2d\u4f7f\u7528 HEAT_PASS \u5728keystone\u6ce8\u518c\u7684heat\u7528\u6237\u5bc6\u7801\uff0c\u5728heat\u914d\u7f6e\u4e2d\u4f7f\u7528 HEAT_DBPASS heat\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728heat\u914d\u7f6e\u4e2d\u4f7f\u7528 CYBORG_PASS \u5728keystone\u6ce8\u518c\u7684cyborg\u7528\u6237\u5bc6\u7801\uff0c\u5728cyborg\u914d\u7f6e\u4e2d\u4f7f\u7528 CYBORG_DBPASS cyborg\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728cyborg\u914d\u7f6e\u4e2d\u4f7f\u7528 NEUTRON_PASS \u5728keystone\u6ce8\u518c\u7684neutron\u7528\u6237\u5bc6\u7801\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 NEUTRON_DBPASS neutron\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 PROVIDER_INTERFACE_NAME \u7269\u7406\u7f51\u7edc\u63a5\u53e3\u7684\u540d\u79f0\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 OVERLAY_INTERFACE_IP_ADDRESS Controller\u63a7\u5236\u8282\u70b9\u7684\u7ba1\u7406ip\u5730\u5740\uff0c\u5728neutron\u914d\u7f6e\u4e2d\u4f7f\u7528 METADATA_SECRET metadata proxy\u7684secret\u5bc6\u7801\uff0c\u5728nova\u548cneutron\u914d\u7f6e\u4e2d\u4f7f\u7528 PLACEMENT_DBPASS placement\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728placement\u914d\u7f6e\u4e2d\u4f7f\u7528 PLACEMENT_PASS \u5728keystone\u6ce8\u518c\u7684placement\u7528\u6237\u5bc6\u7801\uff0c\u5728placement\u914d\u7f6e\u4e2d\u4f7f\u7528 NOVA_DBPASS nova\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728nova\u914d\u7f6e\u4e2d\u4f7f\u7528 NOVA_PASS \u5728keystone\u6ce8\u518c\u7684nova\u7528\u6237\u5bc6\u7801\uff0c\u5728nova,cyborg,neutron\u7b49\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_DBPASS ironic\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728ironic\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_PASS \u5728keystone\u6ce8\u518c\u7684ironic\u7528\u6237\u5bc6\u7801\uff0c\u5728ironic\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_INSPECTOR_DBPASS ironic-inspector\u670d\u52a1\u6570\u636e\u5e93\u5bc6\u7801\uff0c\u5728ironic-inspector\u914d\u7f6e\u4e2d\u4f7f\u7528 IRONIC_INSPECTOR_PASS \u5728keystone\u6ce8\u518c\u7684ironic-inspector\u7528\u6237\u5bc6\u7801\uff0c\u5728ironic-inspector\u914d\u7f6e\u4e2d\u4f7f\u7528 OpenStack SIG \u63d0\u4f9b\u4e86\u591a\u79cd\u57fa\u4e8e openEuler \u90e8\u7f72 OpenStack \u7684\u65b9\u6cd5\uff0c\u4ee5\u6ee1\u8db3\u4e0d\u540c\u7684\u7528\u6237\u573a\u666f\uff0c\u8bf7\u6309\u9700\u9009\u62e9\u3002","title":"OpenStack Antelope \u90e8\u7f72\u6307\u5357"},{"location":"install/openEuler-25.03/OpenStack-antelope/#rpm","text":"","title":"\u57fa\u4e8eRPM\u90e8\u7f72"},{"location":"install/openEuler-25.03/OpenStack-antelope/#_1","text":"\u672c\u6587\u6863\u57fa\u4e8eOpenStack\u7ecf\u5178\u7684\u4e09\u8282\u70b9\u73af\u5883\u8fdb\u884c\u90e8\u7f72\uff0c\u4e09\u4e2a\u8282\u70b9\u5206\u522b\u662f\u63a7\u5236\u8282\u70b9(Controller)\u3001\u8ba1\u7b97\u8282\u70b9(Compute)\u3001\u5b58\u50a8\u8282\u70b9(Storage)\uff0c\u5176\u4e2d\u5b58\u50a8\u8282\u70b9\u4e00\u822c\u53ea\u90e8\u7f72\u5b58\u50a8\u670d\u52a1\uff0c\u5728\u8d44\u6e90\u6709\u9650\u7684\u60c5\u51b5\u4e0b\uff0c\u53ef\u4ee5\u4e0d\u5355\u72ec\u90e8\u7f72\u8be5\u8282\u70b9\uff0c\u628a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u670d\u52a1\u90e8\u7f72\u5230\u8ba1\u7b97\u8282\u70b9\u5373\u53ef\u3002 \u9996\u5148\u51c6\u5907\u4e09\u4e2a|openEuler 25.03\u73af\u5883\uff0c\u6839\u636e\u60a8\u7684\u73af\u5883\uff0c\u4e0b\u8f7d\u5bf9\u5e94\u7684\u955c\u50cf\u5e76\u5b89\u88c5\u5373\u53ef\uff1a[ISO\u955c\u50cf] https://repo.openeuler.org/openEuler-24.03-LTS-SP1/ISO/ \u3001[qcow2\u955c\u50cf] https://repo.openeuler.org/openEuler-24.03-LTS-SP1/virtual_machine_img/ \u3002 \u4e0b\u9762\u7684\u5b89\u88c5\u6309\u7167\u5982\u4e0b\u62d3\u6251\u8fdb\u884c\uff1a controller\uff1a192.168.0.2 compute\uff1a 192.168.0.3 storage\uff1a 192.168.0.4 \u5982\u679c\u60a8\u7684\u73af\u5883IP\u4e0d\u540c\uff0c\u8bf7\u6309\u7167\u60a8\u7684\u73af\u5883IP\u4fee\u6539\u76f8\u5e94\u7684\u914d\u7f6e\u6587\u4ef6\u3002 \u672c\u6587\u6863\u7684\u4e09\u8282\u70b9\u670d\u52a1\u62d3\u6251\u5982\u4e0b\u56fe\u6240\u793a(\u53ea\u5305\u542bKeystone\u3001Glance\u3001Nova\u3001Cinder\u3001Neutron\u8fd9\u51e0\u4e2a\u6838\u5fc3\u670d\u52a1\uff0c\u5176\u4ed6\u670d\u52a1\u8bf7\u53c2\u8003\u5177\u4f53\u90e8\u7f72\u7ae0\u8282)\uff1a \u5728\u6b63\u5f0f\u90e8\u7f72\u4e4b\u524d\uff0c\u9700\u8981\u5bf9\u6bcf\u4e2a\u8282\u70b9\u505a\u5982\u4e0b\u914d\u7f6e\u548c\u68c0\u67e5\uff1a \u914d\u7f6e |openEuler 25.03 \u5b98\u65b9 yum \u6e90\uff0c\u9700\u8981\u542f\u7528 EPOL \u8f6f\u4ef6\u4ed3\u4ee5\u652f\u6301 OpenStack yum update yum install openstack-release-antelope yum clean all && yum makecache \u6ce8\u610f \uff1a\u5982\u679c\u4f60\u7684\u73af\u5883\u7684YUM\u6e90\u6ca1\u6709\u542f\u7528EPOL\uff0c\u9700\u8981\u540c\u65f6\u914d\u7f6eEPOL\uff0c\u786e\u4fddEPOL\u5df2\u914d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\u3002 vi /etc/yum.repos.d/openEuler.repo [EPOL] name=EPOL baseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP1/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://repo.openeuler.org/openEuler-24.03-LTS-SP1/OS/$basearch/RPM-GPG-KEY-openEuler EOF \u4fee\u6539\u4e3b\u673a\u540d\u4ee5\u53ca\u6620\u5c04 \u6bcf\u4e2a\u8282\u70b9\u5206\u522b\u4fee\u6539\u4e3b\u673a\u540d\uff0c\u4ee5controller\u4e3a\u4f8b\uff1a hostnamectl set-hostname controller vi /etc/hostname \u5185\u5bb9\u4fee\u6539\u4e3acontroller \u7136\u540e\u4fee\u6539\u6bcf\u4e2a\u8282\u70b9\u7684 /etc/hosts \u6587\u4ef6\uff0c\u65b0\u589e\u5982\u4e0b\u5185\u5bb9: 192.168.0.2 controller 192.168.0.3 compute 192.168.0.4 storage","title":"\u73af\u5883\u51c6\u5907"},{"location":"install/openEuler-25.03/OpenStack-antelope/#_2","text":"\u96c6\u7fa4\u73af\u5883\u65f6\u523b\u8981\u6c42\u6bcf\u4e2a\u8282\u70b9\u7684\u65f6\u95f4\u4e00\u81f4\uff0c\u4e00\u822c\u7531\u65f6\u949f\u540c\u6b65\u8f6f\u4ef6\u4fdd\u8bc1\u3002\u672c\u6587\u4f7f\u7528 chrony \u8f6f\u4ef6\u3002\u6b65\u9aa4\u5982\u4e0b\uff1a Controller\u8282\u70b9 \uff1a \u5b89\u88c5\u670d\u52a1 dnf install chrony \u4fee\u6539 /etc/chrony.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u65b0\u589e\u4e00\u884c # \u8868\u793a\u5141\u8bb8\u54ea\u4e9bIP\u4ece\u672c\u8282\u70b9\u540c\u6b65\u65f6\u949f allow 192.168.0.0/24 \u91cd\u542f\u670d\u52a1 systemctl restart chronyd \u5176\u4ed6\u8282\u70b9 \u5b89\u88c5\u670d\u52a1 dnf install chrony \u4fee\u6539 /etc/chrony.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u65b0\u589e\u4e00\u884c # NTP_SERVER\u662fcontroller IP\uff0c\u8868\u793a\u4ece\u8fd9\u4e2a\u673a\u5668\u83b7\u53d6\u65f6\u95f4\uff0c\u8fd9\u91cc\u6211\u4eec\u586b192.168.0.2\uff0c\u6216\u8005\u5728`/etc/hosts`\u91cc\u914d\u7f6e\u597d\u7684controller\u540d\u5b57\u5373\u53ef\u3002 server NTP_SERVER iburst \u540c\u65f6\uff0c\u8981\u628a pool pool.ntp.org iburst \u8fd9\u4e00\u884c\u6ce8\u91ca\u6389\uff0c\u8868\u793a\u4e0d\u4ece\u516c\u7f51\u540c\u6b65\u65f6\u949f\u3002 \u91cd\u542f\u670d\u52a1 systemctl restart chronyd \u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u68c0\u67e5\u4e00\u4e0b\u7ed3\u679c\uff0c\u5728\u5176\u4ed6\u975econtroller\u8282\u70b9\u6267\u884c chronyc sources \uff0c\u8fd4\u56de\u7ed3\u679c\u7c7b\u4f3c\u5982\u4e0b\u5185\u5bb9\uff0c\u8868\u793a\u6210\u529f\u4ececontroller\u540c\u6b65\u65f6\u949f\u3002 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* 192.168.0.2 4 6 7 0 -1406ns[ +55us] +/- 16ms","title":"\u65f6\u949f\u540c\u6b65"},{"location":"install/openEuler-25.03/OpenStack-antelope/#_3","text":"\u6570\u636e\u5e93\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528mariadb\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install mysql-config mariadb mariadb-server python3-PyMySQL \u65b0\u589e\u914d\u7f6e\u6587\u4ef6 /etc/my.cnf.d/openstack.cnf \uff0c\u5185\u5bb9\u5982\u4e0b [mysqld] bind-address = 192.168.0.2 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 \u542f\u52a8\u670d\u52a1\u5668 systemctl start mariadb \u521d\u59cb\u5316\u6570\u636e\u5e93\uff0c\u6839\u636e\u63d0\u793a\u8fdb\u884c\u5373\u53ef mysql_secure_installation \u793a\u4f8b\u5982\u4e0b\uff1a NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and haven't set the root password yet, you should just press enter here. Enter current password for root (enter for none): #\u8fd9\u91cc\u8f93\u5165\u5bc6\u7801\uff0c\u7531\u4e8e\u6211\u4eec\u662f\u521d\u59cb\u5316DB\uff0c\u76f4\u63a5\u56de\u8f66\u5c31\u884c OK, successfully used password, moving on... Setting the root password or using the unix_socket ensures that nobody can log into the MariaDB root user without the proper authorisation. You already have your root account protected, so you can safely answer 'n'. # \u8fd9\u91cc\u6839\u636e\u63d0\u793a\u8f93\u5165N Switch to unix_socket authentication [Y/n] N Enabled successfully! Reloading privilege tables.. ... Success! You already have your root account protected, so you can safely answer 'n'. # \u8f93\u5165Y\uff0c\u4fee\u6539\u5bc6\u7801 Change the root password? [Y/n] Y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. # \u8f93\u5165Y\uff0c\u5220\u9664\u533f\u540d\u7528\u6237 Remove anonymous users? [Y/n] Y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. # \u8f93\u5165Y\uff0c\u5173\u95edroot\u8fdc\u7a0b\u767b\u5f55\u6743\u9650 Disallow root login remotely? [Y/n] Y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. # \u8f93\u5165Y\uff0c\u5220\u9664test\u6570\u636e\u5e93 Remove test database and access to it? [Y/n] Y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. # \u8f93\u5165Y\uff0c\u91cd\u8f7d\u914d\u7f6e Reload privilege tables now? [Y/n] Y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. \u9a8c\u8bc1\uff0c\u6839\u636e\u7b2c\u56db\u6b65\u8bbe\u7f6e\u7684\u5bc6\u7801\uff0c\u68c0\u67e5\u662f\u5426\u80fd\u767b\u5f55mariadb mysql -uroot -p","title":"\u5b89\u88c5\u6570\u636e\u5e93"},{"location":"install/openEuler-25.03/OpenStack-antelope/#_4","text":"\u6d88\u606f\u961f\u5217\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528rabbitmq\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install rabbitmq-server \u542f\u52a8\u670d\u52a1 systemctl start rabbitmq-server \u914d\u7f6eopenstack\u7528\u6237\uff0c RABBIT_PASS \u662fopenstack\u670d\u52a1\u767b\u5f55\u6d88\u606f\u961f\u91cc\u7684\u5bc6\u7801\uff0c\u9700\u8981\u548c\u540e\u9762\u5404\u4e2a\u670d\u52a1\u7684\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\u3002 rabbitmqctl add_user openstack RABBIT_PASS rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"","title":"\u5b89\u88c5\u6d88\u606f\u961f\u5217"},{"location":"install/openEuler-25.03/OpenStack-antelope/#_5","text":"\u7f13\u5b58\u670d\u52a1\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\uff0c\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528Memcached\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install memcached python3-memcached \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/sysconfig/memcached OPTIONS=\"-l 127.0.0.1,::1,controller\" \u542f\u52a8\u670d\u52a1 systemctl start memcached","title":"\u5b89\u88c5\u7f13\u5b58\u670d\u52a1"},{"location":"install/openEuler-25.03/OpenStack-antelope/#_6","text":"","title":"\u90e8\u7f72\u670d\u52a1"},{"location":"install/openEuler-25.03/OpenStack-antelope/#keystone","text":"Keystone\u662fOpenStack\u63d0\u4f9b\u7684\u9274\u6743\u670d\u52a1\uff0c\u662f\u6574\u4e2aOpenStack\u7684\u5165\u53e3\uff0c\u63d0\u4f9b\u4e86\u79df\u6237\u9694\u79bb\u3001\u7528\u6237\u8ba4\u8bc1\u3001\u670d\u52a1\u53d1\u73b0\u7b49\u529f\u80fd\uff0c\u5fc5\u987b\u5b89\u88c5\u3002 \u521b\u5efa keystone \u6570\u636e\u5e93\u5e76\u6388\u6743 mysql -u root -p MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f \u66ff\u6362 KEYSTONE_DBPASS \uff0c\u4e3a Keystone \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-keystone httpd mod_wsgi \u914d\u7f6ekeystone\u76f8\u5173\u914d\u7f6e vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet \u89e3\u91ca [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [token]\u90e8\u5206\uff0c\u914d\u7f6etoken provider \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"keystone-manage db_sync\" keystone \u521d\u59cb\u5316Fernet\u5bc6\u94a5\u4ed3\u5e93 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone \u542f\u52a8\u670d\u52a1 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\ --bootstrap-admin-url http://controller:5000/v3/ \\ --bootstrap-internal-url http://controller:5000/v3/ \\ --bootstrap-public-url http://controller:5000/v3/ \\ --bootstrap-region-id RegionOne \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \uff0c\u4e3a admin \u7528\u6237\u8bbe\u7f6e\u5bc6\u7801 \u914d\u7f6eApache HTTP server \u6253\u5f00httpd.conf\u5e76\u914d\u7f6e #\u9700\u8981\u4fee\u6539\u7684\u914d\u7f6e\u6587\u4ef6\u8def\u5f84 vim /etc/httpd/conf/httpd.conf #\u4fee\u6539\u4ee5\u4e0b\u9879\uff0c\u5982\u679c\u6ca1\u6709\u5219\u65b0\u6dfb\u52a0 ServerName controller \u521b\u5efa\u8f6f\u94fe\u63a5 ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ \u89e3\u91ca \u914d\u7f6e ServerName \u9879\u5f15\u7528\u63a7\u5236\u8282\u70b9 \u6ce8\u610f \u5982\u679c ServerName \u9879\u4e0d\u5b58\u5728\u5219\u9700\u8981\u521b\u5efa \u542f\u52a8Apache HTTP\u670d\u52a1 systemctl enable httpd.service systemctl start httpd.service \u521b\u5efa\u73af\u5883\u53d8\u91cf\u914d\u7f6e cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF \u6ce8\u610f \u66ff\u6362 ADMIN_PASS \u4e3a admin \u7528\u6237\u7684\u5bc6\u7801 \u4f9d\u6b21\u521b\u5efadomain, projects, users, roles \u9700\u8981\u5148\u5b89\u88c5python3-openstackclient dnf install python3-openstackclient \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efaproject service \uff0c\u5176\u4e2d domain default \u5728 keystone-manage bootstrap \u65f6\u5df2\u521b\u5efa openstack domain create --description \"An Example Domain\" example openstack project create --domain default --description \"Service Project\" service \u521b\u5efa\uff08non-admin\uff09project myproject \uff0cuser myuser \u548c role myrole \uff0c\u4e3a myproject \u548c myuser \u6dfb\u52a0\u89d2\u8272 myrole openstack project create --domain default --description \"Demo Project\" myproject openstack user create --domain default --password-prompt myuser openstack role create myrole openstack role add --project myproject --user myuser myrole \u9a8c\u8bc1 \u53d6\u6d88\u4e34\u65f6\u73af\u5883\u53d8\u91cfOS_AUTH_URL\u548cOS_PASSWORD\uff1a source ~/.admin-openrc unset OS_AUTH_URL OS_PASSWORD \u4e3aadmin\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name admin --os-username admin token issue \u4e3amyuser\u7528\u6237\u8bf7\u6c42token\uff1a openstack --os-auth-url http://controller:5000/v3 \\ --os-project-domain-name Default --os-user-domain-name Default \\ --os-project-name myproject --os-username myuser token issue","title":"Keystone"},{"location":"install/openEuler-25.03/OpenStack-antelope/#glance","text":"Glance\u662fOpenStack\u63d0\u4f9b\u7684\u955c\u50cf\u670d\u52a1\uff0c\u8d1f\u8d23\u865a\u62df\u673a\u3001\u88f8\u673a\u955c\u50cf\u7684\u4e0a\u4f20\u4e0e\u4e0b\u8f7d\uff0c\u5fc5\u987b\u5b89\u88c5\u3002 Controller\u8282\u70b9 \uff1a \u521b\u5efa glance \u6570\u636e\u5e93\u5e76\u6388\u6743 mysql -u root -p MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> exit \u6ce8\u610f: \u66ff\u6362 GLANCE_DBPASS \uff0c\u4e3a glance \u6570\u636e\u5e93\u8bbe\u7f6e\u5bc6\u7801 \u521d\u59cb\u5316 glance \u8d44\u6e90\u5bf9\u8c61 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrc \u521b\u5efa\u7528\u6237\u65f6\uff0c\u547d\u4ee4\u884c\u4f1a\u63d0\u793a\u8f93\u5165\u5bc6\u7801\uff0c\u8bf7\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u5bc6\u7801\uff0c\u4e0b\u6587\u6d89\u53ca\u5230 GLANCE_PASS \u7684\u5730\u65b9\u66ff\u6362\u6210\u8be5\u5bc6\u7801\u5373\u53ef\u3002 openstack user create --domain default --password-prompt glance User Password: Repeat User Password: \u6dfb\u52a0glance\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user glance admin \u521b\u5efaglance\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name glance --description \"OpenStack Image\" image \u521b\u5efaglance API\u670d\u52a1\uff1a openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-glance \u4fee\u6539 glance \u914d\u7f6e\u6587\u4ef6 vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ \u89e3\u91ca: [database]\u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3 [keystone_authtoken] [paste_deploy]\u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3 [glance_store]\u90e8\u5206\uff0c\u914d\u7f6e\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u548c\u955c\u50cf\u6587\u4ef6\u7684\u4f4d\u7f6e \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"glance-manage db_sync\" glance \u542f\u52a8\u670d\u52a1\uff1a systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service \u9a8c\u8bc1 \u5bfc\u5165\u73af\u5883\u53d8\u91cf source ~/.admin-openrcu \u4e0b\u8f7d\u955c\u50cf x86\u955c\u50cf\u4e0b\u8f7d\uff1a wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img arm\u955c\u50cf\u4e0b\u8f7d\uff1a wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-aarch64-disk.img \u6ce8\u610f \u5982\u679c\u60a8\u4f7f\u7528\u7684\u73af\u5883\u662f\u9cb2\u9e4f\u67b6\u6784\uff0c\u8bf7\u4e0b\u8f7daarch64\u7248\u672c\u7684\u955c\u50cf\uff1b\u5df2\u5bf9\u955c\u50cfcirros-0.5.2-aarch64-disk.img\u8fdb\u884c\u6d4b\u8bd5\u3002 \u5411Image\u670d\u52a1\u4e0a\u4f20\u955c\u50cf\uff1a openstack image create --disk-format qcow2 --container-format bare \\ --file cirros-0.4.0-x86_64-disk.img --public cirros \u786e\u8ba4\u955c\u50cf\u4e0a\u4f20\u5e76\u9a8c\u8bc1\u5c5e\u6027\uff1a openstack image list","title":"Glance"},{"location":"install/openEuler-25.03/OpenStack-antelope/#placement","text":"Placement\u662fOpenStack\u63d0\u4f9b\u7684\u8d44\u6e90\u8c03\u5ea6\u7ec4\u4ef6\uff0c\u4e00\u822c\u4e0d\u9762\u5411\u7528\u6237\uff0c\u7531Nova\u7b49\u7ec4\u4ef6\u8c03\u7528\uff0c\u5b89\u88c5\u5728\u63a7\u5236\u8282\u70b9\u3002 \u5b89\u88c5\u3001\u914d\u7f6ePlacement\u670d\u52a1\u524d\uff0c\u9700\u8981\u5148\u521b\u5efa\u76f8\u5e94\u7684\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548cAPI endpoints\u3002 \u521b\u5efa\u6570\u636e\u5e93 \u4f7f\u7528root\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\u670d\u52a1\uff1a mysql -u root -p \u521b\u5efaplacement\u6570\u636e\u5e93\uff1a MariaDB [(none)]> CREATE DATABASE placement; \u6388\u6743\u6570\u636e\u5e93\u8bbf\u95ee\uff1a MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\ IDENTIFIED BY 'PLACEMENT_DBPASS'; \u66ff\u6362 PLACEMENT_DBPASS \u4e3aplacement\u6570\u636e\u5e93\u8bbf\u95ee\u5bc6\u7801\u3002 \u9000\u51fa\u6570\u636e\u5e93\u8bbf\u95ee\u5ba2\u6237\u7aef\uff1a exit \u914d\u7f6e\u7528\u6237\u548cEndpoints source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u521b\u5efaplacement\u7528\u6237\u5e76\u8bbe\u7f6e\u7528\u6237\u5bc6\u7801\uff1a openstack user create --domain default --password-prompt placement User Password: Repeat User Password: \u6dfb\u52a0placement\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user placement admin \u521b\u5efaplacement\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name placement \\ --description \"Placement API\" placement \u521b\u5efaPlacement API\u670d\u52a1endpoints\uff1a openstack endpoint create --region RegionOne \\ placement public http://controller:8778 openstack endpoint create --region RegionOne \\ placement internal http://controller:8778 openstack endpoint create --region RegionOne \\ placement admin http://controller:8778 \u5b89\u88c5\u53ca\u914d\u7f6e\u7ec4\u4ef6 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a dnf install openstack-placement-api \u7f16\u8f91 /etc/placement/placement.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u5b8c\u6210\u5982\u4e0b\u64cd\u4f5c\uff1a \u5728 [placement_database] \u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1a [placement_database] connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement \u66ff\u6362 PLACEMENT_DBPASS \u4e3aplacement\u6570\u636e\u5e93\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u6570\u636e\u5e93\u540c\u6b65\uff0c\u586b\u5145Placement\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"placement-manage db sync\" placement \u542f\u52a8\u670d\u52a1 \u91cd\u542fhttpd\u670d\u52a1\uff1a systemctl restart httpd \u9a8c\u8bc1 source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650 source ~/.admin-openrc \u6267\u884c\u72b6\u6001\u68c0\u67e5\uff1a placement-status upgrade check +----------------------------------------------------------------------+ | Upgrade Check Results | +----------------------------------------------------------------------+ | Check: Missing Root Provider IDs | | Result: Success | | Details: None | +----------------------------------------------------------------------+ | Check: Incomplete Consumers | | Result: Success | | Details: None | +----------------------------------------------------------------------+ | Check: Policy File JSON to YAML Migration | | Result: Failure | | Details: Your policy file is JSON-formatted which is deprecated. You | | need to switch to YAML-formatted file. Use the | | ``oslopolicy-convert-json-to-yaml`` tool to convert the | | existing JSON-formatted files to YAML in a backwards- | | compatible manner: https://docs.openstack.org/oslo.policy/ | | latest/cli/oslopolicy-convert-json-to-yaml.html. | +----------------------------------------------------------------------+ \u8fd9\u91cc\u53ef\u4ee5\u770b\u5230 Policy File JSON to YAML Migration \u7684\u7ed3\u679c\u4e3aFailure\u3002\u8fd9\u662f\u56e0\u4e3a\u5728Placement\u4e2d\uff0cJSON\u683c\u5f0f\u7684policy\u6587\u4ef6\u4eceWallaby\u7248\u672c\u5f00\u59cb\u5df2\u5904\u4e8e deprecated \u72b6\u6001\u3002\u53ef\u4ee5\u53c2\u8003\u63d0\u793a\uff0c\u4f7f\u7528 oslopolicy-convert-json-to-yaml \u5de5\u5177 \u5c06\u73b0\u6709\u7684JSON\u683c\u5f0fpolicy\u6587\u4ef6\u8f6c\u5316\u4e3aYAML\u683c\u5f0f\u3002 oslopolicy-convert-json-to-yaml --namespace placement \\ --policy-file /etc/placement/policy.json \\ --output-file /etc/placement/policy.yaml mv /etc/placement/policy.json{,.bak} \u6ce8\uff1a\u5f53\u524d\u73af\u5883\u4e2d\u6b64\u95ee\u9898\u53ef\u5ffd\u7565\uff0c\u4e0d\u5f71\u54cd\u8fd0\u884c\u3002 \u9488\u5bf9placement API\u8fd0\u884c\u547d\u4ee4\uff1a \u5b89\u88c5osc-placement\u63d2\u4ef6\uff1a dnf install python3-osc-placement \u5217\u51fa\u53ef\u7528\u7684\u8d44\u6e90\u7c7b\u522b\u53ca\u7279\u6027\uff1a openstack --os-placement-api-version 1.2 resource class list --sort-column name +----------------------------+ | name | +----------------------------+ | DISK_GB | | FPGA | | ... | openstack --os-placement-api-version 1.6 trait list --sort-column name +---------------------------------------+ | name | +---------------------------------------+ | COMPUTE_ACCELERATORS | | COMPUTE_ARCH_AARCH64 | | ... |","title":"Placement"},{"location":"install/openEuler-25.03/OpenStack-antelope/#nova","text":"Nova\u662fOpenStack\u7684\u8ba1\u7b97\u670d\u52a1\uff0c\u8d1f\u8d23\u865a\u62df\u673a\u7684\u521b\u5efa\u3001\u53d1\u653e\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u521b\u5efa\u6570\u636e\u5e93 \u4f7f\u7528root\u7528\u6237\u8bbf\u95ee\u6570\u636e\u5e93\u670d\u52a1\uff1a mysql -u root -p \u521b\u5efa nova_api \u3001 nova \u548c nova_cell0 \u6570\u636e\u5e93\uff1a MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; \u6388\u6743\u6570\u636e\u5e93\u8bbf\u95ee\uff1a MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS'; \u66ff\u6362 NOVA_DBPASS \u4e3anova\u76f8\u5173\u6570\u636e\u5e93\u8bbf\u95ee\u5bc6\u7801\u3002 \u9000\u51fa\u6570\u636e\u5e93\u8bbf\u95ee\u5ba2\u6237\u7aef\uff1a exit \u914d\u7f6e\u7528\u6237\u548cEndpoints source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u521b\u5efanova\u7528\u6237\u5e76\u8bbe\u7f6e\u7528\u6237\u5bc6\u7801\uff1a openstack user create --domain default --password-prompt nova User Password: Repeat User Password: \u6dfb\u52a0nova\u7528\u6237\u5230service project\u5e76\u6307\u5b9aadmin\u89d2\u8272\uff1a openstack role add --project service --user nova admin \u521b\u5efanova\u670d\u52a1\u5b9e\u4f53\uff1a openstack service create --name nova \\ --description \"OpenStack Compute\" compute \u521b\u5efaNova API\u670d\u52a1endpoints\uff1a openstack endpoint create --region RegionOne \\ compute public http://controller:8774/v2.1 openstack endpoint create --region RegionOne \\ compute internal http://controller:8774/v2.1 openstack endpoint create --region RegionOne \\ compute admin http://controller:8774/v2.1 \u5b89\u88c5\u53ca\u914d\u7f6e\u7ec4\u4ef6 \u5b89\u88c5\u8f6f\u4ef6\u5305\uff1a dnf install openstack-nova-api openstack-nova-conductor \\ openstack-nova-novncproxy openstack-nova-scheduler \u7f16\u8f91 /etc/nova/nova.conf \u914d\u7f6e\u6587\u4ef6\uff0c\u5b8c\u6210\u5982\u4e0b\u64cd\u4f5c\uff1a \u5728 [default] \u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u4f7f\u7528controller\u8282\u70b9\u7ba1\u7406IP\u914d\u7f6emy_ip\uff0c\u663e\u5f0f\u5b9a\u4e49log_dir\uff1a [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 192.168.0.2 log_dir = /var/log/nova state_path = /var/lib/nova \u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002 \u5728 [api_database] \u548c [database] \u90e8\u5206\uff0c\u914d\u7f6e\u6570\u636e\u5e93\u5165\u53e3\uff1a [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova \u66ff\u6362 NOVA_DBPASS \u4e3anova\u76f8\u5173\u6570\u636e\u5e93\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u5728 [vnc] \u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1a [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip \u5728 [glance] \u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1a [glance] api_servers = http://controller:9292 \u5728 [oslo_concurrency] \u90e8\u5206\uff0c\u914d\u7f6elock path\uff1a [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\uff1a [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u6570\u636e\u5e93\u540c\u6b65\uff1a \u540c\u6b65nova-api\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage api_db sync\" nova \u6ce8\u518ccell0\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova \u521b\u5efacell1 cell\uff1a su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova \u540c\u6b65nova\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage db sync\" nova \u9a8c\u8bc1cell0\u548ccell1\u6ce8\u518c\u6b63\u786e\uff1a su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova \u542f\u52a8\u670d\u52a1 systemctl enable \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service systemctl start \\ openstack-nova-api.service \\ openstack-nova-scheduler.service \\ openstack-nova-conductor.service \\ openstack-nova-novncproxy.service Compute\u8282\u70b9 \u5728\u8ba1\u7b97\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-nova-compute \u7f16\u8f91 /etc/nova/nova.conf \u914d\u7f6e\u6587\u4ef6 \u5728 [default] \u90e8\u5206\uff0c\u542f\u7528\u8ba1\u7b97\u548c\u5143\u6570\u636e\u7684API\uff0c\u914d\u7f6eRabbitMQ\u6d88\u606f\u961f\u5217\u5165\u53e3\uff0c\u4f7f\u7528Compute\u8282\u70b9\u7ba1\u7406IP\u914d\u7f6emy_ip\uff0c\u663e\u5f0f\u5b9a\u4e49compute_driver\u3001instances_path\u3001log_dir\uff1a [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ my_ip = 192.168.0.3 compute_driver = libvirt.LibvirtDriver instances_path = /var/lib/nova/instances log_dir = /var/log/nova \u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002 \u5728 [api] \u548c [keystone_authtoken] \u90e8\u5206\uff0c\u914d\u7f6e\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5165\u53e3\uff1a [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS \u66ff\u6362 NOVA_PASS \u4e3anova\u7528\u6237\u7684\u5bc6\u7801\u3002 \u5728 [vnc] \u90e8\u5206\uff0c\u542f\u7528\u5e76\u914d\u7f6e\u8fdc\u7a0b\u63a7\u5236\u53f0\u5165\u53e3\uff1a [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html \u5728 [glance] \u90e8\u5206\uff0c\u914d\u7f6e\u955c\u50cf\u670d\u52a1API\u7684\u5730\u5740\uff1a [glance] api_servers = http://controller:9292 \u5728 [oslo_concurrency] \u90e8\u5206\uff0c\u914d\u7f6elock path\uff1a [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement]\u90e8\u5206\uff0c\u914d\u7f6eplacement\u670d\u52a1\u7684\u5165\u53e3\uff1a [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS \u66ff\u6362 PLACEMENT_PASS \u4e3aplacement\u7528\u6237\u7684\u5bc6\u7801\u3002 \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08x86_64\uff09 \u5904\u7406\u5668\u4e3ax86_64\u67b6\u6784\u65f6\uff0c\u53ef\u901a\u8fc7\u8fd0\u884c\u5982\u4e0b\u547d\u4ee4\u786e\u8ba4\u662f\u5426\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff1a egrep -c '(vmx|svm)' /proc/cpuinfo \u5982\u679c\u8fd4\u56de\u503c\u4e3a0\u5219\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662f\u9ed8\u8ba4\u7684KVM\u3002\u7f16\u8f91 /etc/nova/nova.conf \u7684 [libvirt] \u90e8\u5206\uff1a [libvirt] virt_type = qemu \u5982\u679c\u8fd4\u56de\u503c\u4e3a1\u6216\u66f4\u5927\u7684\u503c\uff0c\u5219\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e\u3002 \u786e\u8ba4\u8ba1\u7b97\u8282\u70b9\u662f\u5426\u652f\u6301\u865a\u62df\u673a\u786c\u4ef6\u52a0\u901f\uff08arm64\uff09 \u5904\u7406\u5668\u4e3aarm64\u67b6\u6784\u65f6\uff0c\u53ef\u901a\u8fc7\u8fd0\u884c\u5982\u4e0b\u547d\u4ee4\u786e\u8ba4\u662f\u5426\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff1a virt-host-validate # \u8be5\u547d\u4ee4\u7531libvirt\u63d0\u4f9b\uff0c\u6b64\u65f6libvirt\u5e94\u5df2\u4f5c\u4e3aopenstack-nova-compute\u4f9d\u8d56\u88ab\u5b89\u88c5\uff0c\u73af\u5883\u4e2d\u5df2\u6709\u6b64\u547d\u4ee4 \u663e\u793aFAIL\u65f6\uff0c\u8868\u793a\u4e0d\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u9700\u8981\u914d\u7f6elibvirt\u4f7f\u7528QEMU\u800c\u4e0d\u662f\u9ed8\u8ba4\u7684KVM\u3002 QEMU: Checking if device /dev/kvm exists: FAIL (Check that CPU and firmware supports virtualization and kvm module is loaded) \u7f16\u8f91 /etc/nova/nova.conf \u7684 [libvirt] \u90e8\u5206\uff1a [libvirt] virt_type = qemu \u663e\u793aPASS\u65f6\uff0c\u8868\u793a\u652f\u6301\u786c\u4ef6\u52a0\u901f\uff0c\u4e0d\u9700\u8981\u8fdb\u884c\u989d\u5916\u7684\u914d\u7f6e\u3002 QEMU: Checking if device /dev/kvm exists: PASS \u914d\u7f6eqemu\uff08\u4ec5arm64\uff09 \u4ec5\u5f53\u5904\u7406\u5668\u4e3aarm64\u67b6\u6784\u65f6\u9700\u8981\u6267\u884c\u6b64\u64cd\u4f5c\u3002 \u7f16\u8f91 /etc/libvirt/qemu.conf : nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\ /usr/share/AAVMF/AAVMF_VARS.fd\", \\ \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\ /usr/share/edk2/aarch64/vars-template-pflash.raw\"] \u7f16\u8f91 /etc/qemu/firmware/edk2-aarch64.json { \"description\": \"UEFI firmware for ARM64 virtual machines\", \"interface-types\": [ \"uefi\" ], \"mapping\": { \"device\": \"flash\", \"executable\": { \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\", \"format\": \"raw\" }, \"nvram-template\": { \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\", \"format\": \"raw\" } }, \"targets\": [ { \"architecture\": \"aarch64\", \"machines\": [ \"virt-*\" ] } ], \"features\": [ ], \"tags\": [ ] } \u542f\u52a8\u670d\u52a1 systemctl enable libvirtd.service openstack-nova-compute.service systemctl start libvirtd.service openstack-nova-compute.service Controller\u8282\u70b9 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u6dfb\u52a0\u8ba1\u7b97\u8282\u70b9\u5230openstack\u96c6\u7fa4 source admin\u51ed\u8bc1\uff0c\u4ee5\u83b7\u53d6admin\u547d\u4ee4\u884c\u6743\u9650\uff1a source ~/.admin-openrc \u786e\u8ba4nova-compute\u670d\u52a1\u5df2\u8bc6\u522b\u5230\u6570\u636e\u5e93\u4e2d\uff1a openstack compute service list --service nova-compute \u53d1\u73b0\u8ba1\u7b97\u8282\u70b9\uff0c\u5c06\u8ba1\u7b97\u8282\u70b9\u6dfb\u52a0\u5230cell\u6570\u636e\u5e93\uff1a su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova \u7ed3\u679c\u5982\u4e0b\uff1a Modules with known eventlet monkey patching issues were imported prior to eventlet monkey patching: urllib3. This warning can usually be ignored if the caller is only importing and not executing nova code. Found 2 cell mappings. Skipping cell0 since it does not contain hosts. Getting computes from cell 'cell1': 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2 Checking host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e Creating host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e Found 1 unmapped computes in cell: 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2 \u9a8c\u8bc1 \u5217\u51fa\u670d\u52a1\u7ec4\u4ef6\uff0c\u9a8c\u8bc1\u6bcf\u4e2a\u6d41\u7a0b\u90fd\u6210\u529f\u542f\u52a8\u548c\u6ce8\u518c\uff1a openstack compute service list \u5217\u51fa\u8eab\u4efd\u670d\u52a1\u4e2d\u7684API\u7aef\u70b9\uff0c\u9a8c\u8bc1\u4e0e\u8eab\u4efd\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack catalog list \u5217\u51fa\u955c\u50cf\u670d\u52a1\u4e2d\u7684\u955c\u50cf\uff0c\u9a8c\u8bc1\u4e0e\u955c\u50cf\u670d\u52a1\u7684\u8fde\u63a5\uff1a openstack image list \u68c0\u67e5cells\u662f\u5426\u8fd0\u4f5c\u6210\u529f\uff0c\u4ee5\u53ca\u5176\u4ed6\u5fc5\u8981\u6761\u4ef6\u662f\u5426\u5df2\u5177\u5907\u3002 nova-status upgrade check","title":"Nova"},{"location":"install/openEuler-25.03/OpenStack-antelope/#neutron","text":"Neutron\u662fOpenStack\u7684\u7f51\u7edc\u670d\u52a1\uff0c\u63d0\u4f9b\u865a\u62df\u4ea4\u6362\u673a\u3001IP\u8def\u7531\u3001DHCP\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3001\u670d\u52a1\u51ed\u8bc1\u548c API \u670d\u52a1\u7aef\u70b9 \u521b\u5efa\u6570\u636e\u5e93\uff1a mysql -u root -p MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u7528\u6237\u548c\u670d\u52a1\uff0c\u5e76\u8bb0\u4f4f\u521b\u5efaneutron\u7528\u6237\u65f6\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6eNEUTRON_PASS\uff1a source ~/.admin-openrc openstack user create --domain default --password-prompt neutron openstack role add --project service --user neutron admin openstack service create --name neutron --description \"OpenStack Networking\" network \u90e8\u7f72 Neutron API \u670d\u52a1\uff1a openstack endpoint create --region RegionOne network public http://controller:9696 openstack endpoint create --region RegionOne network internal http://controller:9696 openstack endpoint create --region RegionOne network admin http://controller:9696 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install -y openstack-neutron openstack-neutron-linuxbridge ebtables ipset openstack-neutron-ml2 \u914d\u7f6eNeutron \u4fee\u6539/etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron [DEFAULT] core_plugin = ml2 service_plugins = router allow_overlapping_ips = true transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = nova password = NOVA_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp [experimental] linuxbridge = true \u914d\u7f6eML2\uff0cML2\u5177\u4f53\u914d\u7f6e\u53ef\u4ee5\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u4fee\u6539\uff0c\u672c\u6587\u4f7f\u7528\u7684\u662fprovider network + linuxbridge** \u4fee\u6539/etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true \u4fee\u6539/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u914d\u7f6eLayer-3\u4ee3\u7406 \u4fee\u6539/etc/neutron/l3_agent.ini [DEFAULT] interface_driver = linuxbridge \u914d\u7f6eDHCP\u4ee3\u7406 \u4fee\u6539/etc/neutron/dhcp_agent.ini [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true \u914d\u7f6emetadata\u4ee3\u7406 \u4fee\u6539/etc/neutron/metadata_agent.ini [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET \u914d\u7f6enova\u670d\u52a1\u4f7f\u7528neutron\uff0c\u4fee\u6539/etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET \u521b\u5efa/etc/neutron/plugin.ini\u7684\u7b26\u53f7\u94fe\u63a5 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini \u540c\u6b65\u6570\u636e\u5e93 su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron \u91cd\u542fnova api\u670d\u52a1 systemctl restart openstack-nova-api \u542f\u52a8\u7f51\u7edc\u670d\u52a1 systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service systemctl start neutron-server.service neutron-linuxbridge-agent.service \\ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service Compute\u8282\u70b9 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-neutron-linuxbridge ebtables ipset -y \u914d\u7f6eNeutron \u4fee\u6539/etc/neutron/neutron.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NEUTRON_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp \u4fee\u6539/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver \u914d\u7f6enova compute\u670d\u52a1\u4f7f\u7528neutron\uff0c\u4fee\u6539/etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS \u91cd\u542fnova-compute\u670d\u52a1 systemctl restart openstack-nova-compute.service \u542f\u52a8Neutron linuxbridge agent\u670d\u52a1 systemctl enable neutron-linuxbridge-agent systemctl start neutron-linuxbridge-agent","title":"Neutron"},{"location":"install/openEuler-25.03/OpenStack-antelope/#cinder","text":"Cinder\u662fOpenStack\u7684\u5b58\u50a8\u670d\u52a1\uff0c\u63d0\u4f9b\u5757\u8bbe\u5907\u7684\u521b\u5efa\u3001\u53d1\u653e\u3001\u5907\u4efd\u7b49\u529f\u80fd\u3002 Controller\u8282\u70b9 \uff1a \u521d\u59cb\u5316\u6570\u636e\u5e93 CINDER_DBPASS \u662f\u7528\u6237\u81ea\u5b9a\u4e49\u7684cinder\u6570\u636e\u5e93\u5bc6\u7801\u3002 mysql -u root -p MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'CINDER_DBPASS'; MariaDB [(none)]> exit \u521d\u59cb\u5316Keystone\u8d44\u6e90\u5bf9\u8c61 source ~/.admin-openrc #\u521b\u5efa\u7528\u6237\u65f6\uff0c\u547d\u4ee4\u884c\u4f1a\u63d0\u793a\u8f93\u5165\u5bc6\u7801\uff0c\u8bf7\u8f93\u5165\u81ea\u5b9a\u4e49\u7684\u5bc6\u7801\uff0c\u4e0b\u6587\u6d89\u53ca\u5230`CINDER_PASS`\u7684\u5730\u65b9\u66ff\u6362\u6210\u8be5\u5bc6\u7801\u5373\u53ef\u3002 openstack user create --domain default --password-prompt cinder openstack role add --project service --user cinder admin openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3 openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-cinder-api openstack-cinder-scheduler \u4fee\u6539cinder\u914d\u7f6e\u6587\u4ef6 /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 192.168.0.2 [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = CINDER_PASS [oslo_concurrency] lock_path = /var/lib/cinder/tmp \u6570\u636e\u5e93\u540c\u6b65 su -s /bin/sh -c \"cinder-manage db sync\" cinder \u4fee\u6539nova\u914d\u7f6e /etc/nova/nova.conf [cinder] os_region_name = RegionOne \u542f\u52a8\u670d\u52a1 systemctl restart openstack-nova-api systemctl start openstack-cinder-api openstack-cinder-scheduler Storage\u8282\u70b9 \uff1a Storage\u8282\u70b9\u8981\u63d0\u524d\u51c6\u5907\u81f3\u5c11\u4e00\u5757\u786c\u76d8\uff0c\u4f5c\u4e3acinder\u7684\u5b58\u50a8\u540e\u7aef\uff0c\u4e0b\u6587\u9ed8\u8ba4storage\u8282\u70b9\u5df2\u7ecf\u5b58\u5728\u4e00\u5757\u672a\u4f7f\u7528\u7684\u786c\u76d8\uff0c\u8bbe\u5907\u540d\u79f0\u4e3a /dev/sdb \uff0c\u7528\u6237\u5728\u914d\u7f6e\u8fc7\u7a0b\u4e2d\uff0c\u8bf7\u6309\u7167\u771f\u5b9e\u73af\u5883\u4fe1\u606f\u8fdb\u884c\u540d\u79f0\u66ff\u6362\u3002 Cinder\u652f\u6301\u5f88\u591a\u7c7b\u578b\u7684\u540e\u7aef\u5b58\u50a8\uff0c\u672c\u6307\u5bfc\u4f7f\u7528\u6700\u7b80\u5355\u7684lvm\u4e3a\u53c2\u8003\uff0c\u5982\u679c\u60a8\u60f3\u4f7f\u7528\u5982ceph\u7b49\u5176\u4ed6\u540e\u7aef\uff0c\u8bf7\u81ea\u884c\u914d\u7f6e\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils openstack-cinder-volume openstack-cinder-backup \u914d\u7f6elvm\u5377\u7ec4 pvcreate /dev/sdb vgcreate cinder-volumes /dev/sdb \u4fee\u6539cinder\u914d\u7f6e /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone my_ip = 192.168.0.4 enabled_backends = lvm glance_api_servers = http://controller:9292 [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = cinder password = CINDER_PASS [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver volume_group = cinder-volumes target_protocol = iscsi target_helper = lioadm [oslo_concurrency] lock_path = /var/lib/cinder/tmp \u914d\u7f6ecinder backup \uff08\u53ef\u9009\uff09 cinder-backup\u662f\u53ef\u9009\u7684\u5907\u4efd\u670d\u52a1\uff0ccinder\u540c\u6837\u652f\u6301\u5f88\u591a\u79cd\u5907\u4efd\u540e\u7aef\uff0c\u672c\u6587\u4f7f\u7528swift\u5b58\u50a8\uff0c\u5982\u679c\u60a8\u60f3\u4f7f\u7528\u5982NFS\u7b49\u540e\u7aef\uff0c\u8bf7\u81ea\u884c\u914d\u7f6e\uff0c\u4f8b\u5982\u53ef\u4ee5\u53c2\u8003 OpenStack\u5b98\u65b9\u6587\u6863 \u5bf9NFS\u7684\u914d\u7f6e\u8bf4\u660e\u3002 \u4fee\u6539 /etc/cinder/cinder.conf \uff0c\u5728 [DEFAULT] \u4e2d\u65b0\u589e [DEFAULT] backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver backup_swift_url = SWIFT_URL \u8fd9\u91cc\u7684 SWIFT_URL \u662f\u6307\u73af\u5883\u4e2dswift\u670d\u52a1\u7684URL\uff0c\u5728\u90e8\u7f72\u5b8cswift\u670d\u52a1\u540e\uff0c\u6267\u884c openstack catalog show object-store \u547d\u4ee4\u83b7\u53d6\u3002 \u542f\u52a8\u670d\u52a1 systemctl start openstack-cinder-volume target systemctl start openstack-cinder-backup (\u53ef\u9009) \u81f3\u6b64\uff0cCinder\u670d\u52a1\u7684\u90e8\u7f72\u5df2\u5168\u90e8\u5b8c\u6210\uff0c\u53ef\u4ee5\u5728controller\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u8fdb\u884c\u7b80\u5355\u7684\u9a8c\u8bc1 source ~/.admin-openrc openstack storage service list openstack volume list","title":"Cinder"},{"location":"install/openEuler-25.03/OpenStack-antelope/#horizon","text":"Horizon\u662fOpenStack\u63d0\u4f9b\u7684\u524d\u7aef\u9875\u9762\uff0c\u53ef\u4ee5\u8ba9\u7528\u6237\u901a\u8fc7\u7f51\u9875\u9f20\u6807\u7684\u64cd\u4f5c\u6765\u63a7\u5236OpenStack\u96c6\u7fa4\uff0c\u800c\u4e0d\u7528\u7e41\u7410\u7684CLI\u547d\u4ee4\u884c\u3002Horizon\u4e00\u822c\u90e8\u7f72\u5728\u63a7\u5236\u8282\u70b9\u3002 \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-dashboard \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/openstack-dashboard/local_settings OPENSTACK_HOST = \"controller\" ALLOWED_HOSTS = ['*', ] OPENSTACK_KEYSTONE_URL = \"http://controller:5000/v3\" SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\" OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\" WEBROOT = '/dashboard' POLICY_FILES_PATH = \"/etc/openstack-dashboard\" OPENSTACK_API_VERSIONS = { \"identity\": 3, \"image\": 2, \"volume\": 3, } \u91cd\u542f\u670d\u52a1 systemctl restart httpd \u81f3\u6b64\uff0chorizon\u670d\u52a1\u7684\u90e8\u7f72\u5df2\u5168\u90e8\u5b8c\u6210\uff0c\u6253\u5f00\u6d4f\u89c8\u5668\uff0c\u8f93\u5165 http://192.168.0.2/dashboard \uff0c\u6253\u5f00horizon\u767b\u5f55\u9875\u9762\u3002","title":"Horizon"},{"location":"install/openEuler-25.03/OpenStack-antelope/#ironic","text":"Ironic\u662fOpenStack\u7684\u88f8\u91d1\u5c5e\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u8fdb\u884c\u88f8\u673a\u90e8\u7f72\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 \u5728\u63a7\u5236\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002 \u8bbe\u7f6e\u6570\u636e\u5e93 \u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2a ironic \u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684 ironic \u6570\u636e\u5e93\uff0c\u66ff\u6362 IRONIC_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \\ IDENTIFIED BY 'IRONIC_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \\ IDENTIFIED BY 'IRONIC_DBPASS'; MariaDB [(none)]> exit Bye \u521b\u5efa\u670d\u52a1\u7528\u6237\u8ba4\u8bc1 \u521b\u5efaBare Metal\u670d\u52a1\u7528\u6237 \u66ff\u6362 IRONIC_PASS \u4e3aironic\u7528\u6237\u5bc6\u7801\uff0c IRONIC_INSPECTOR_PASS \u4e3aironic_inspector\u7528\u6237\u5bc6\u7801\u3002 openstack user create --password IRONIC_PASS \\ --email ironic@example.com ironic openstack role add --project service --user ironic admin openstack service create --name ironic \\ --description \"Ironic baremetal provisioning service\" baremetal openstack service create --name ironic-inspector --description \"Ironic inspector baremetal provisioning service\" baremetal-introspection openstack user create --password IRONIC_INSPECTOR_PASS --email ironic_inspector@example.com ironic-inspector openstack role add --project service --user ironic-inspector admin \u521b\u5efaBare Metal\u670d\u52a1\u8bbf\u95ee\u5165\u53e3 openstack endpoint create --region RegionOne baremetal admin http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal public http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal internal http://192.168.0.2:6385 openstack endpoint create --region RegionOne baremetal-introspection internal http://192.168.0.2:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection public http://192.168.0.2:5050/v1 openstack endpoint create --region RegionOne baremetal-introspection admin http://192.168.0.2:5050/v1 \u5b89\u88c5\u7ec4\u4ef6 dnf install openstack-ironic-api openstack-ironic-conductor python3-ironicclient \u914d\u7f6eironic-api\u670d\u52a1 \u914d\u7f6e\u6587\u4ef6\u8def\u5f84/etc/ironic/ironic.conf \u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_DBPASS \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 DB_IP \u4e3aDB\u670d\u52a1\u5668\u6240\u5728\u7684IP\u5730\u5740\uff1a [database] # The SQ LAlchemy connection string used to connect to the # database (string value) # connection = mysql+pymysql://ironic:IRONIC_DBPASS@DB_IP/ironic connection = mysql+pymysql://ironic:IRONIC_DBPASS@controller/ironic \u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0c\u66ff\u6362 RPC_* \u4e3aRabbitMQ\u7684\u8be6\u7ec6\u5730\u5740\u548c\u51ed\u8bc1 [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) # transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/ transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq \u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u51ed\u8bc1\uff0c\u66ff\u6362 PUBLIC_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u516c\u5171IP\uff0c\u66ff\u6362 PRIVATE_IDENTITY_IP \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u5668\u7684\u79c1\u6709IP\uff0c\u66ff\u6362 IRONIC_PASS \u4e3a\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u4e2d ironic \u7528\u6237\u7684\u5bc6\u7801\uff0c\u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\u3002\uff1a [DEFAULT] # Authentication strategy used by ironic-api: one of # \"keystone\" or \"noauth\". \"noauth\" should not be used in a # production environment because all authentication will be # disabled. (string value) auth_strategy=keystone host = controller memcache_servers = controller:11211 enabled_network_interfaces = flat,noop,neutron default_network_interface = noop enabled_hardware_types = ipmi enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct default_deploy_interface = direct enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool enabled_rescue_interfaces = no-rescue,agent isolinux_bin = /usr/share/syslinux/isolinux.bin logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s % (user_identity)s] %(instance)s%(message)s [keystone_authtoken] # Authentication type to load (string value) auth_type=password # Complete public Identity API endpoint (string value) # www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000 www_authenticate_uri=http://controller:5000 # Complete admin Identity API endpoint. (string value) # auth_url=http://PRIVATE_IDENTITY_IP:5000 auth_url=http://controller:5000 # Service username. (string value) username=ironic # Service account password. (string value) password=IRONIC_PASS # Service tenant name. (string value) project_name=service # Domain name containing project (string value) project_domain_name=Default # User's domain name (string value) user_domain_name=Default [agent] deploy_logs_collect = always deploy_logs_local_path = /var/log/ironic/deploy deploy_logs_storage_backend = local image_download_source = http stream_raw_images = false force_raw_images = false verify_ca = False [oslo_concurrency] [oslo_messaging_notifications] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ topics = notifications driver = messagingv2 [oslo_messaging_rabbit] amqp_durable_queues = True rabbit_ha_queues = True [pxe] ipxe_enabled = false pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 image_cache_size = 204800 tftp_root=/var/lib/tftpboot/cephfs/ tftp_master_path=/var/lib/tftpboot/cephfs/master_images [dhcp] dhcp_provider = none \u521b\u5efa\u88f8\u91d1\u5c5e\u670d\u52a1\u6570\u636e\u5e93\u8868 ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema \u91cd\u542fironic-api\u670d\u52a1 sudo systemctl restart openstack-ironic-api \u914d\u7f6eironic-conductor\u670d\u52a1 \u5982\u4e0b\u4e3aironic-conductor\u670d\u52a1\u81ea\u8eab\u7684\u6807\u51c6\u914d\u7f6e\uff0cironic-conductor\u670d\u52a1\u53ef\u4ee5\u4e0eironic-api\u670d\u52a1\u5206\u5e03\u4e8e\u4e0d\u540c\u8282\u70b9\uff0c\u672c\u6307\u5357\u4e2d\u5747\u90e8\u7f72\u4e0e\u63a7\u5236\u8282\u70b9\uff0c\u6240\u4ee5\u91cd\u590d\u7684\u914d\u7f6e\u9879\u53ef\u8df3\u8fc7\u3002 \u66ff\u6362\u4f7f\u7528conductor\u670d\u52a1\u6240\u5728host\u7684IP\u914d\u7f6emy_ip\uff1a [DEFAULT] # IP address of this host. If unset, will determine the IP # programmatically. If unable to do so, will use \"127.0.0.1\". # (string value) # my_ip=HOST_IP my_ip = 192.168.0.2 \u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\u3002\u66ff\u6362 IRONIC_DBPASS \u4e3a ironic \u7528\u6237\u7684\u5bc6\u7801\uff1a [database] # The SQLAlchemy connection string to use to connect to the # database. (string value) connection = mysql+pymysql://ironic:IRONIC_DBPASS@controller/ironic \u901a\u8fc7\u4ee5\u4e0b\u9009\u9879\u914d\u7f6eironic-api\u670d\u52a1\u4f7f\u7528RabbitMQ\u6d88\u606f\u4ee3\u7406\uff0cironic-conductor\u5e94\u8be5\u4f7f\u7528\u548cironic-api\u76f8\u540c\u7684\u914d\u7f6e\uff0c\u66ff\u6362 RABBIT_PASS \u4e3aRabbitMQ\u4e2dopenstack\u8d26\u6237\u7684\u5bc6\u7801\uff1a [DEFAULT] # A URL representing the messaging driver to use and its full # configuration. (string value) transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u7528\u6237\u4e5f\u53ef\u81ea\u884c\u4f7f\u7528json-rpc\u65b9\u5f0f\u66ff\u6362rabbitmq \u914d\u7f6e\u51ed\u8bc1\u8bbf\u95ee\u5176\u4ed6OpenStack\u670d\u52a1 \u4e3a\u4e86\u4e0e\u5176\u4ed6OpenStack\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u5728\u8bf7\u6c42\u5176\u4ed6\u670d\u52a1\u65f6\u9700\u8981\u4f7f\u7528\u670d\u52a1\u7528\u6237\u4e0eOpenStack Identity\u670d\u52a1\u8fdb\u884c\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u7528\u6237\u7684\u51ed\u636e\u5fc5\u987b\u5728\u4e0e\u76f8\u5e94\u670d\u52a1\u76f8\u5173\u7684\u6bcf\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d\u8fdb\u884c\u914d\u7f6e\u3002 [neutron] - \u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1 [glance] - \u8bbf\u95eeOpenStack\u955c\u50cf\u670d\u52a1 [swift] - \u8bbf\u95eeOpenStack\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 [cinder] - \u8bbf\u95eeOpenStack\u5757\u5b58\u50a8\u670d\u52a1 [inspector] - \u8bbf\u95eeOpenStack\u88f8\u91d1\u5c5eintrospection\u670d\u52a1 [service_catalog] - \u4e00\u4e2a\u7279\u6b8a\u9879\u7528\u4e8e\u4fdd\u5b58\u88f8\u91d1\u5c5e\u670d\u52a1\u4f7f\u7528\u7684\u51ed\u8bc1\uff0c\u8be5\u51ed\u8bc1\u7528\u4e8e\u53d1\u73b0\u6ce8\u518c\u5728OpenStack\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u76ee\u5f55\u4e2d\u7684\u81ea\u5df1\u7684API URL\u7aef\u70b9 \u7b80\u5355\u8d77\u89c1\uff0c\u53ef\u4ee5\u5bf9\u6240\u6709\u670d\u52a1\u4f7f\u7528\u540c\u4e00\u4e2a\u670d\u52a1\u7528\u6237\u3002\u4e3a\u4e86\u5411\u540e\u517c\u5bb9\uff0c\u8be5\u7528\u6237\u5e94\u8be5\u548cironic-api\u670d\u52a1\u7684[keystone_authtoken]\u6240\u914d\u7f6e\u7684\u4e3a\u540c\u4e00\u4e2a\u7528\u6237\u3002\u4f46\u8fd9\u4e0d\u662f\u5fc5\u987b\u7684\uff0c\u4e5f\u53ef\u4ee5\u4e3a\u6bcf\u4e2a\u670d\u52a1\u521b\u5efa\u5e76\u914d\u7f6e\u4e0d\u540c\u7684\u670d\u52a1\u7528\u6237\u3002 \u5728\u4e0b\u9762\u7684\u793a\u4f8b\u4e2d\uff0c\u7528\u6237\u8bbf\u95eeOpenStack\u7f51\u7edc\u670d\u52a1\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u914d\u7f6e\u4e3a\uff1a \u7f51\u7edc\u670d\u52a1\u90e8\u7f72\u5728\u540d\u4e3aRegionOne\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u57df\u4e2d\uff0c\u4ec5\u5728\u670d\u52a1\u76ee\u5f55\u4e2d\u6ce8\u518c\u516c\u5171\u7aef\u70b9\u63a5\u53e3 \u8bf7\u6c42\u65f6\u4f7f\u7528\u7279\u5b9a\u7684CA SSL\u8bc1\u4e66\u8fdb\u884cHTTPS\u8fde\u63a5 \u4e0eironic-api\u670d\u52a1\u914d\u7f6e\u76f8\u540c\u7684\u670d\u52a1\u7528\u6237 \u52a8\u6001\u5bc6\u7801\u8ba4\u8bc1\u63d2\u4ef6\u57fa\u4e8e\u5176\u4ed6\u9009\u9879\u53d1\u73b0\u5408\u9002\u7684\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1API\u7248\u672c \u66ff\u6362IRONIC_PASS\u4e3aironic\u7528\u6237\u5bc6\u7801\u3002 [neutron] # Authentication type to load (string value) auth_type = password # Authentication URL (string value) auth_url=https://IDENTITY_IP:5000/ # Username (string value) username=ironic # User's password (string value) password=IRONIC_PASS # Project name to scope to (string value) project_name=service # Domain ID containing project (string value) project_domain_id=default # User's domain id (string value) user_domain_id=default # PEM encoded Certificate Authority to use when verifying # HTTPs connections. (string value) cafile=/opt/stack/data/ca-bundle.pem # The default region_name for endpoint URL discovery. (string # value) region_name = RegionOne # List of interfaces, in order of preference, for endpoint # URL. (list value) valid_interfaces=public # \u5176\u4ed6\u53c2\u8003\u914d\u7f6e [glance] endpoint_override = http://controller:9292 www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 auth_type = password username = ironic password = IRONIC_PASS project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service [service_catalog] region_name = RegionOne project_domain_id = default user_domain_id = default project_name = service password = IRONIC_PASS username = ironic auth_url = http://controller:5000 auth_type = password \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u4e3a\u4e86\u4e0e\u5176\u4ed6\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\uff0c\u88f8\u91d1\u5c5e\u670d\u52a1\u4f1a\u5c1d\u8bd5\u901a\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u7684\u670d\u52a1\u76ee\u5f55\u53d1\u73b0\u8be5\u670d\u52a1\u5408\u9002\u7684\u7aef\u70b9\u3002\u5982\u679c\u5e0c\u671b\u5bf9\u4e00\u4e2a\u7279\u5b9a\u670d\u52a1\u4f7f\u7528\u4e00\u4e2a\u4e0d\u540c\u7684\u7aef\u70b9\uff0c\u5219\u5728\u88f8\u91d1\u5c5e\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7endpoint_override\u9009\u9879\u8fdb\u884c\u6307\u5b9a\uff1a [neutron] endpoint_override = <NEUTRON_API_ADDRESS> \u914d\u7f6e\u5141\u8bb8\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u786c\u4ef6\u7c7b\u578b \u901a\u8fc7\u8bbe\u7f6eenabled_hardware_types\u8bbe\u7f6eironic-conductor\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u7684\u786c\u4ef6\u7c7b\u578b\uff1a [DEFAULT] enabled_hardware_types = ipmi \u914d\u7f6e\u786c\u4ef6\u63a5\u53e3\uff1a enabled_boot_interfaces = pxe enabled_deploy_interfaces = direct,iscsi enabled_inspect_interfaces = inspector enabled_management_interfaces = ipmitool enabled_power_interfaces = ipmitool \u914d\u7f6e\u63a5\u53e3\u9ed8\u8ba4\u503c\uff1a [DEFAULT] default_deploy_interface = direct default_network_interface = neutron \u5982\u679c\u542f\u7528\u4e86\u4efb\u4f55\u4f7f\u7528Direct deploy\u7684\u9a71\u52a8\uff0c\u5fc5\u987b\u5b89\u88c5\u548c\u914d\u7f6e\u955c\u50cf\u670d\u52a1\u7684Swift\u540e\u7aef\u3002Ceph\u5bf9\u8c61\u7f51\u5173(RADOS\u7f51\u5173)\u4e5f\u652f\u6301\u4f5c\u4e3a\u955c\u50cf\u670d\u52a1\u7684\u540e\u7aef\u3002 \u91cd\u542fironic-conductor\u670d\u52a1 sudo systemctl restart openstack-ironic-conductor \u914d\u7f6eironic-inspector\u670d\u52a1 \u5b89\u88c5\u7ec4\u4ef6 dnf install openstack-ironic-inspector \u521b\u5efa\u6570\u636e\u5e93 # mysql -u root -p MariaDB [(none)]> CREATE DATABASE ironic_inspector CHARACTER SET utf8; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'localhost' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic_inspector.* TO 'ironic_inspector'@'%' \\ IDENTIFIED BY 'IRONIC_INSPECTOR_DBPASS'; MariaDB [(none)]> exit Bye \u914d\u7f6e /etc/ironic-inspector/inspector.conf \u901a\u8fc7 connection \u9009\u9879\u914d\u7f6e\u6570\u636e\u5e93\u7684\u4f4d\u7f6e\uff0c\u5982\u4e0b\u6240\u793a\uff0c\u66ff\u6362 IRONIC_INSPECTOR_DBPASS \u4e3a ironic_inspector \u7528\u6237\u7684\u5bc6\u7801 [database] backend = sqlalchemy connection = mysql+pymysql://ironic_inspector:IRONIC_INSPECTOR_DBPASS@controller/ironic_inspector min_pool_size = 100 max_pool_size = 500 pool_timeout = 30 max_retries = 5 max_overflow = 200 db_retry_interval = 2 db_inc_retry_interval = True db_max_retry_interval = 2 db_max_retries = 5 \u914d\u7f6e\u6d88\u606f\u961f\u5217\u901a\u4fe1\u5730\u5740 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ \u8bbe\u7f6ekeystone\u8ba4\u8bc1 [DEFAULT] auth_strategy = keystone timeout = 900 rootwrap_config = /etc/ironic-inspector/rootwrap.conf logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(global_request_id)s %(request_id)s % (user_identity)s] %(instance)s%(message)s log_dir = /var/log/ironic-inspector state_path = /var/lib/ironic-inspector use_stderr = False [ironic] api_endpoint = http://IRONIC_API_HOST_ADDRRESS:6385 auth_type = password auth_url = http://PUBLIC_IDENTITY_IP:5000 auth_strategy = keystone ironic_url = http://IRONIC_API_HOST_ADDRRESS:6385 os_region = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = IRONIC_SERVICE_USER_NAME password = IRONIC_SERVICE_USER_PASSWORD [keystone_authtoken] auth_type = password auth_url = http://controller:5000 www_authenticate_uri = http://controller:5000 project_domain_name = default user_domain_name = default project_name = service username = ironic_inspector password = IRONICPASSWD region_name = RegionOne memcache_servers = controller:11211 token_cache_time = 300 [processing] add_ports = active processing_hooks = $default_processing_hooks,local_link_connection,lldp_basic ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk always_store_ramdisk_logs = true store_data =none power_off = false [pxe_filter] driver = iptables [capabilities] boot_mode=True \u914d\u7f6eironic inspector dnsmasq\u670d\u52a1 # \u914d\u7f6e\u6587\u4ef6\u5730\u5740\uff1a/etc/ironic-inspector/dnsmasq.conf port=0 interface=enp3s0 #\u66ff\u6362\u4e3a\u5b9e\u9645\u76d1\u542c\u7f51\u7edc\u63a5\u53e3 dhcp-range=192.168.0.40,192.168.0.50 #\u66ff\u6362\u4e3a\u5b9e\u9645dhcp\u5730\u5740\u8303\u56f4 bind-interfaces enable-tftp dhcp-match=set:efi,option:client-arch,7 dhcp-match=set:efi,option:client-arch,9 dhcp-match=aarch64, option:client-arch,11 dhcp-boot=tag:aarch64,grubaa64.efi dhcp-boot=tag:!aarch64,tag:efi,grubx64.efi dhcp-boot=tag:!aarch64,tag:!efi,pxelinux.0 tftp-root=/tftpboot #\u66ff\u6362\u4e3a\u5b9e\u9645tftpboot\u76ee\u5f55 log-facility=/var/log/dnsmasq.log \u5173\u95edironic provision\u7f51\u7edc\u5b50\u7f51\u7684dhcp openstack subnet set --no-dhcp 72426e89-f552-4dc4-9ac7-c4e131ce7f3c \u521d\u59cb\u5316ironic-inspector\u670d\u52a1\u7684\u6570\u636e\u5e93 ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade \u542f\u52a8\u670d\u52a1 systemctl enable --now openstack-ironic-inspector.service systemctl enable --now openstack-ironic-inspector-dnsmasq.service \u914d\u7f6ehttpd\u670d\u52a1 \u521b\u5efaironic\u8981\u4f7f\u7528\u7684httpd\u7684root\u76ee\u5f55\u5e76\u8bbe\u7f6e\u5c5e\u4e3b\u5c5e\u7ec4\uff0c\u76ee\u5f55\u8def\u5f84\u8981\u548c/etc/ironic/ironic.conf\u4e2d[deploy]\u7ec4\u4e2dhttp_root \u914d\u7f6e\u9879\u6307\u5b9a\u7684\u8def\u5f84\u8981\u4e00\u81f4\u3002 mkdir -p /var/lib/ironic/httproot chown ironic.ironic /var/lib/ironic/httproot \u5b89\u88c5\u548c\u914d\u7f6ehttpd\u670d\u52a1 \u5b89\u88c5httpd\u670d\u52a1\uff0c\u5df2\u6709\u8bf7\u5ffd\u7565 dnf install httpd -y \u521b\u5efa/etc/httpd/conf.d/openstack-ironic-httpd.conf\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a Listen 8080 <VirtualHost *:8080> ServerName ironic.openeuler.com ErrorLog \"/var/log/httpd/openstack-ironic-httpd-error_log\" CustomLog \"/var/log/httpd/openstack-ironic-httpd-access_log\" \"%h %l %u %t \\\"%r\\\" %>s %b\" DocumentRoot \"/var/lib/ironic/httproot\" <Directory \"/var/lib/ironic/httproot\"> Options Indexes FollowSymLinks Require all granted </Directory> LogLevel warn AddDefaultCharset UTF-8 EnableSendfile on </VirtualHost> \u6ce8\u610f\u76d1\u542c\u7684\u7aef\u53e3\u8981\u548c/etc/ironic/ironic.conf\u91cc[deploy]\u9009\u9879\u4e2dhttp_url\u914d\u7f6e\u9879\u4e2d\u6307\u5b9a\u7684\u7aef\u53e3\u4e00\u81f4\u3002 \u91cd\u542fhttpd\u670d\u52a1\u3002 systemctl restart httpd deploy ramdisk\u955c\u50cf\u4e0b\u8f7d\u6216\u5236\u4f5c \u90e8\u7f72\u4e00\u4e2a\u88f8\u673a\u8282\u70b9\u603b\u5171\u9700\u8981\u4e24\u7ec4\u955c\u50cf\uff1adeploy ramdisk images\u548cuser images\u3002Deploy ramdisk images\u4e0a\u8fd0\u884c\u6709ironic-python-agent(IPA)\u670d\u52a1\uff0cIronic\u901a\u8fc7\u5b83\u8fdb\u884c\u88f8\u673a\u8282\u70b9\u7684\u73af\u5883\u51c6\u5907\u3002User images\u662f\u6700\u7ec8\u88ab\u5b89\u88c5\u88f8\u673a\u8282\u70b9\u4e0a\uff0c\u4f9b\u7528\u6237\u4f7f\u7528\u7684\u955c\u50cf\u3002 ramdisk\u955c\u50cf\u652f\u6301\u901a\u8fc7ironic-python-agent-builder\u6216disk-image-builder\u5de5\u5177\u5236\u4f5c\u3002\u7528\u6237\u4e5f\u53ef\u4ee5\u81ea\u884c\u9009\u62e9\u5176\u4ed6\u5de5\u5177\u5236\u4f5c\u3002\u82e5\u4f7f\u7528\u539f\u751f\u5de5\u5177\uff0c\u5219\u9700\u8981\u5b89\u88c5\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u3002 \u5177\u4f53\u7684\u4f7f\u7528\u65b9\u6cd5\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u6587\u6863 \uff0c\u540c\u65f6\u5b98\u65b9\u4e5f\u6709\u63d0\u4f9b\u5236\u4f5c\u597d\u7684deploy\u955c\u50cf\uff0c\u53ef\u5c1d\u8bd5\u4e0b\u8f7d\u3002 \u4e0b\u6587\u4ecb\u7ecd\u901a\u8fc7ironic-python-agent-builder\u6784\u5efaironic\u4f7f\u7528\u7684deploy\u955c\u50cf\u7684\u5b8c\u6574\u8fc7\u7a0b\u3002 \u5b89\u88c5 ironic-python-agent-builder dnf install python3-ironic-python-agent-builder \u6216 pip3 install ironic-python-agent-builder dnf install qemu-img git \u5236\u4f5c\u955c\u50cf \u57fa\u672c\u7528\u6cd5\uff1a usage: ironic-python-agent-builder [-h] [-r RELEASE] [-o OUTPUT] [-e ELEMENT] [-b BRANCH] [-v] [--lzma] [--extra-args EXTRA_ARGS] [--elements-path ELEMENTS_PATH] distribution positional arguments: distribution Distribution to use options: -h, --help show this help message and exit -r RELEASE, --release RELEASE Distribution release to use -o OUTPUT, --output OUTPUT Output base file name -e ELEMENT, --element ELEMENT Additional DIB element to use -b BRANCH, --branch BRANCH If set, override the branch that is used for ironic-python-agent and requirements -v, --verbose Enable verbose logging in diskimage-builder --lzma Use lzma compression for smaller images --extra-args EXTRA_ARGS Extra arguments to pass to diskimage-builder --elements-path ELEMENTS_PATH Path(s) to custom DIB elements separated by a colon \u64cd\u4f5c\u5b9e\u4f8b\uff1a # -o\u9009\u9879\u6307\u5b9a\u751f\u6210\u7684\u955c\u50cf\u540d # ubuntu\u6307\u5b9a\u751f\u6210ubuntu\u7cfb\u7edf\u7684\u955c\u50cf ironic-python-agent-builder -o my-ubuntu-ipa ubuntu \u53ef\u901a\u8fc7\u8bbe\u7f6e ARCH \u73af\u5883\u53d8\u91cf\uff08\u9ed8\u8ba4\u4e3aamd64\uff09\u6307\u5b9a\u6240\u6784\u5efa\u955c\u50cf\u7684\u67b6\u6784\u3002\u5982\u679c\u662f arm \u67b6\u6784\uff0c\u9700\u8981\u6dfb\u52a0\uff1a export ARCH=aarch64 \u5141\u8bb8ssh\u767b\u5f55 \u521d\u59cb\u5316\u73af\u5883\u53d8\u91cf,\u8bbe\u7f6e\u7528\u6237\u540d\u3001\u5bc6\u7801\uff0c\u542f\u7528 sodo \u6743\u9650\uff1b\u5e76\u6dfb\u52a0 -e \u9009\u9879\u4f7f\u7528\u76f8\u5e94\u7684DIB\u5143\u7d20\u3002\u5236\u4f5c\u955c\u50cf\u64cd\u4f5c\u5982\u4e0b\uff1a export DIB_DEV_USER_USERNAME=ipa \\ export DIB_DEV_USER_PWDLESS_SUDO=yes \\ export DIB_DEV_USER_PASSWORD='123' ironic-python-agent-builder -o my-ssh-ubuntu-ipa -e selinux-permissive -e devuser ubuntu \u6307\u5b9a\u4ee3\u7801\u4ed3\u5e93 \u521d\u59cb\u5316\u5bf9\u5e94\u7684\u73af\u5883\u53d8\u91cf\uff0c\u7136\u540e\u5236\u4f5c\u955c\u50cf\uff1a # \u76f4\u63a5\u4ecegerrit\u4e0aclone\u4ee3\u7801 DIB_REPOLOCATION_ironic_python_agent=https://opendev.org/openstack/ironic-python-agent DIB_REPOREF_ironic_python_agent=stable/2023.1 # \u6307\u5b9a\u672c\u5730\u4ed3\u5e93\u53ca\u5206\u652f DIB_REPOLOCATION_ironic_python_agent=/home/user/path/to/repo DIB_REPOREF_ironic_python_agent=my-test-branch ironic-python-agent-builder ubuntu \u53c2\u8003\uff1a source-repositories \u3002 \u6ce8\u610f \u539f\u751f\u7684openstack\u91cc\u7684pxe\u914d\u7f6e\u6587\u4ef6\u7684\u6a21\u7248\u4e0d\u652f\u6301arm64\u67b6\u6784\uff0c\u9700\u8981\u81ea\u5df1\u5bf9\u539f\u751fopenstack\u4ee3\u7801\u8fdb\u884c\u4fee\u6539\uff1a \u5728W\u7248\u4e2d\uff0c\u793e\u533a\u7684ironic\u4ecd\u7136\u4e0d\u652f\u6301arm64\u4f4d\u7684uefi pxe\u542f\u52a8\uff0c\u8868\u73b0\u4e3a\u751f\u6210\u7684grub.cfg\u6587\u4ef6(\u4e00\u822c\u4f4d\u4e8e/tftpboot/\u4e0b)\u683c\u5f0f\u4e0d\u5bf9\u800c\u5bfc\u81f4pxe\u542f\u52a8\u5931\u8d25\u3002 \u751f\u6210\u7684\u9519\u8bef\u914d\u7f6e\u6587\u4ef6\uff1a \u5982\u4e0a\u56fe\u6240\u793a\uff0carm\u67b6\u6784\u91cc\u5bfb\u627evmlinux\u548cramdisk\u955c\u50cf\u7684\u547d\u4ee4\u5206\u522b\u662flinux\u548cinitrd\uff0c\u4e0a\u56fe\u6240\u793a\u7684\u6807\u7ea2\u547d\u4ee4\u662fx86\u67b6\u6784\u4e0b\u7684uefi pxe\u542f\u52a8\u3002 \u9700\u8981\u7528\u6237\u5bf9\u751f\u6210grub.cfg\u7684\u4ee3\u7801\u903b\u8f91\u81ea\u884c\u4fee\u6539\u3002 ironic\u5411ipa\u53d1\u9001\u67e5\u8be2\u547d\u4ee4\u6267\u884c\u72b6\u6001\u8bf7\u6c42\u7684tls\u62a5\u9519\uff1a \u5f53\u524d\u7248\u672c\u7684ipa\u548cironic\u9ed8\u8ba4\u90fd\u4f1a\u5f00\u542ftls\u8ba4\u8bc1\u7684\u65b9\u5f0f\u5411\u5bf9\u65b9\u53d1\u9001\u8bf7\u6c42\uff0c\u8ddf\u636e\u5b98\u7f51\u7684\u8bf4\u660e\u8fdb\u884c\u5173\u95ed\u5373\u53ef\u3002 \u4fee\u6539ironic\u914d\u7f6e\u6587\u4ef6(/etc/ironic/ironic.conf)\u4e0b\u9762\u7684\u914d\u7f6e\u4e2d\u6dfb\u52a0ipa-insecure=1\uff1a [agent] verify_ca = False [pxe] pxe_append_params = nofb nomodeset vga=normal coreos.autologin ipa-insecure=1 ramdisk\u955c\u50cf\u4e2d\u6dfb\u52a0ipa\u914d\u7f6e\u6587\u4ef6/etc/ironic_python_agent/ironic_python_agent.conf\u5e76\u914d\u7f6etls\u7684\u914d\u7f6e\u5982\u4e0b\uff1a /etc/ironic_python_agent/ironic_python_agent.conf (\u9700\u8981\u63d0\u524d\u521b\u5efa/etc/ ironic_python_agent\u76ee\u5f55\uff09 [DEFAULT] enable_auto_tls = False \u8bbe\u7f6e\u6743\u9650\uff1a chown -R ipa.ipa /etc/ironic_python_agent/ ramdisk\u955c\u50cf\u4e2d\u4fee\u6539ipa\u670d\u52a1\u7684\u670d\u52a1\u542f\u52a8\u6587\u4ef6\uff0c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u9009\u9879 \u7f16\u8f91/usr/lib/systemd/system/ironic-python-agent.service\u6587\u4ef6 [Unit] Description=Ironic Python Agent After=network-online.target [Service] ExecStartPre=/sbin/modprobe vfat ExecStart=/usr/local/bin/ironic-python-agent --config-file /etc/ ironic_python_agent/ironic_python_agent.conf Restart=always RestartSec=30s [Install] WantedBy=multi-user.target","title":"Ironic"},{"location":"install/openEuler-25.03/OpenStack-antelope/#trove","text":"Trove\u662fOpenStack\u7684\u6570\u636e\u5e93\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528OpenStack\u63d0\u4f9b\u7684\u6570\u636e\u5e93\u670d\u52a1\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 \u6570\u636e\u5e93\u670d\u52a1\u5728\u6570\u636e\u5e93\u4e2d\u5b58\u50a8\u4fe1\u606f\uff0c\u521b\u5efa\u4e00\u4e2atrove\u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u7684trove\u6570\u636e\u5e93\uff0c\u66ff\u6362TROVE_DBPASS\u4e3a\u5408\u9002\u7684\u5bc6\u7801\u3002 CREATE DATABASE trove CHARACTER SET utf8; GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'localhost' IDENTIFIED BY 'TROVE_DBPASS'; GRANT ALL PRIVILEGES ON trove.* TO 'trove'@'%' IDENTIFIED BY 'TROVE_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 # \u521b\u5efatrove\u7528\u6237 openstack user create --domain default --password-prompt trove # \u6dfb\u52a0admin\u89d2\u8272 openstack role add --project service --user trove admin # \u521b\u5efadatabase\u670d\u52a1 openstack service create --name trove --description \"Database service\" database \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne database public http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database internal http://controller:8779/v1.0/%\\(tenant_id\\)s openstack endpoint create --region RegionOne database admin http://controller:8779/v1.0/%\\(tenant_id\\)s \u5b89\u88c5Trove\u3002 dnf install openstack-trove python-troveclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 \u7f16\u8f91/etc/trove/trove.conf\u3002 [DEFAULT] bind_host=192.168.0.2 log_dir = /var/log/trove network_driver = trove.network.neutron.NeutronDriver network_label_regex=.* management_security_groups = <manage security group> nova_keypair = trove-mgmt default_datastore = mysql taskmanager_manager = trove.taskmanager.manager.Manager trove_api_workers = 5 transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ reboot_time_out = 300 usage_timeout = 900 agent_call_high_timeout = 1200 use_syslog = False debug = True [database] connection = mysql+pymysql://trove:TROVE_DBPASS@controller/trove [keystone_authtoken] auth_url = http://controller:5000/v3/ auth_type = password project_domain_name = Default project_name = service user_domain_name = Default password = trove username = TROVE_PASS [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service project_domain_name = Default user_domain_name = Default username = trove password = TROVE_PASS [mariadb] tcp_ports = 3306,4444,4567,4568 [mysql] tcp_ports = 3306 [postgresql] tcp_ports = 5432 \u89e3\u91ca\uff1a [Default] \u5206\u7ec4\u4e2d bind_host \u914d\u7f6e\u4e3aTrove\u63a7\u5236\u8282\u70b9\u7684IP\u3002\\ transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801\u3002\\ [database] \u5206\u7ec4\u4e2d\u7684 connection \u4e3a\u524d\u9762\u5728mysql\u4e2d\u4e3aTrove\u521b\u5efa\u7684\u6570\u636e\u5e93\u4fe1\u606f\u3002\\ Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801\u3002 \u7f16\u8f91/etc/trove/trove-guestagent.conf\u3002 [DEFAULT] log_file = trove-guestagent.log log_dir = /var/log/trove/ ignore_users = os_admin control_exchange = trove transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ rpc_backend = rabbit command_process_timeout = 60 use_syslog = False debug = True [service_credentials] auth_url = http://controller:5000/v3/ region_name = RegionOne project_name = service password = TROVE_PASS project_domain_name = Default user_domain_name = Default username = trove [mysql] docker_image = your-registry/your-repo/mysql backup_docker_image = your-registry/your-repo/db-backup-mysql:1.1.0 \u89e3\u91ca\uff1a guestagent \u662ftrove\u4e2d\u4e00\u4e2a\u72ec\u7acb\u7ec4\u4ef6\uff0c\u9700\u8981\u9884\u5148\u5185\u7f6e\u5230Trove\u901a\u8fc7Nova\u521b\u5efa\u7684\u865a\u62df\u673a\u955c\u50cf\u4e2d\uff0c\u5728\u521b\u5efa\u597d\u6570\u636e\u5e93\u5b9e\u4f8b\u540e\uff0c\u4f1a\u8d77guestagent\u8fdb\u7a0b\uff0c\u8d1f\u8d23\u901a\u8fc7\u6d88\u606f\u961f\u5217\uff08RabbitMQ\uff09\u5411Trove\u4e0a\u62a5\u5fc3\u8df3\uff0c\u56e0\u6b64\u9700\u8981\u914d\u7f6eRabbitMQ\u7684\u7528\u6237\u548c\u5bc6\u7801\u4fe1\u606f\u3002\\ transport_url \u4e3a RabbitMQ \u8fde\u63a5\u4fe1\u606f\uff0c RABBIT_PASS \u66ff\u6362\u4e3aRabbitMQ\u7684\u5bc6\u7801\u3002\\ Trove\u7684\u7528\u6237\u4fe1\u606f\u4e2d TROVE_PASSWORD \u66ff\u6362\u4e3a\u5b9e\u9645trove\u7528\u6237\u7684\u5bc6\u7801\u3002\\ \u4eceVictoria\u7248\u5f00\u59cb\uff0cTrove\u4f7f\u7528\u4e00\u4e2a\u7edf\u4e00\u7684\u955c\u50cf\u6765\u8dd1\u4e0d\u540c\u7c7b\u578b\u7684\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u670d\u52a1\u8fd0\u884c\u5728Guest\u865a\u62df\u673a\u7684Docker\u5bb9\u5668\u4e2d\u3002 \u6570\u636e\u5e93\u540c\u6b65\u3002 su -s /bin/sh -c \"trove-manage db_sync\" trove \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-trove-api.service openstack-trove-taskmanager.service \\ openstack-trove-conductor.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-trove-api.service openstack-trove-taskmanager.service \\ openstack-trove-conductor.service","title":"Trove"},{"location":"install/openEuler-25.03/OpenStack-antelope/#swift","text":"Swift \u63d0\u4f9b\u4e86\u5f39\u6027\u53ef\u4f38\u7f29\u3001\u9ad8\u53ef\u7528\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9002\u5408\u5b58\u50a8\u5927\u89c4\u6a21\u975e\u7ed3\u6784\u5316\u6570\u636e\u3002 Controller\u8282\u70b9 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 # \u521b\u5efaswift\u7528\u6237 openstack user create --domain default --password-prompt swift # \u6dfb\u52a0admin\u89d2\u8272 openstack role add --project service --user swift admin # \u521b\u5efa\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 openstack service create --name swift --description \"OpenStack Object Storage\" object-store \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\\(project_id\\)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 \u5b89\u88c5Swift\u3002 dnf install openstack-swift-proxy python3-swiftclient python3-keystoneclient \\ python3-keystonemiddleware memcached \u914d\u7f6eproxy-server\u3002 Swift RPM\u5305\u91cc\u5df2\u7ecf\u5305\u542b\u4e86\u4e00\u4e2a\u57fa\u672c\u53ef\u7528\u7684proxy-server.conf\uff0c\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u5176\u4e2d\u7684ip\u548cSWIFT_PASS\u5373\u53ef\u3002 vim /etc/swift/proxy-server.conf [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = swift password = SWIFT_PASS delay_auth_decision = True service_token_roles_required = True Storage\u8282\u70b9 \u5b89\u88c5\u652f\u6301\u7684\u7a0b\u5e8f\u5305\u3002 dnf install openstack-swift-account openstack-swift-container openstack-swift-object dnf install xfsprogs rsync \u5c06\u8bbe\u5907/dev/sdb\u548c/dev/sdc\u683c\u5f0f\u5316\u4e3aXFS\u3002 mkfs.xfs /dev/sdb mkfs.xfs /dev/sdc \u521b\u5efa\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u3002 mkdir -p /srv/node/sdb mkdir -p /srv/node/sdc \u627e\u5230\u65b0\u5206\u533a\u7684UUID\u3002 blkid \u7f16\u8f91/etc/fstab\u6587\u4ef6\u5e76\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6dfb\u52a0\u5230\u5176\u4e2d\u3002 UUID=\"<UUID-from-output-above>\" /srv/node/sdb xfs noatime 0 2 UUID=\"<UUID-from-output-above>\" /srv/node/sdc xfs noatime 0 2 \u6302\u8f7d\u8bbe\u5907\u3002 mount /srv/node/sdb mount /srv/node/sdc \u6ce8\u610f \u5982\u679c\u7528\u6237\u4e0d\u9700\u8981\u5bb9\u707e\u529f\u80fd\uff0c\u4ee5\u4e0a\u6b65\u9aa4\u53ea\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u8bbe\u5907\u5373\u53ef\uff0c\u540c\u65f6\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u7684rsync\u914d\u7f6e\u3002 \uff08\u53ef\u9009\uff09\u521b\u5efa\u6216\u7f16\u8f91/etc/rsyncd.conf\u6587\u4ef6\u4ee5\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9: [DEFAULT] uid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = MANAGEMENT_INTERFACE_IP_ADDRESS [account] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/account.lock [container] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/container.lock [object] max connections = 2 path = /srv/node/ read only = False lock file = /var/lock/object.lock \u66ff\u6362MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740 \u542f\u52a8rsyncd\u670d\u52a1\u5e76\u914d\u7f6e\u5b83\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8: systemctl enable rsyncd.service systemctl start rsyncd.service \u914d\u7f6e\u5b58\u50a8\u8282\u70b9\u3002 \u7f16\u8f91/etc/swift\u76ee\u5f55\u7684account-server.conf\u3001container-server.conf\u548cobject-server.conf\u6587\u4ef6\uff0c\u66ff\u6362bind_ip\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002 [DEFAULT] bind_ip = 192.168.0.4 \u786e\u4fdd\u6302\u8f7d\u70b9\u76ee\u5f55\u7ed3\u6784\u7684\u6b63\u786e\u6240\u6709\u6743\u3002 chown -R swift:swift /srv/node \u521b\u5efarecon\u76ee\u5f55\u5e76\u786e\u4fdd\u5176\u62e5\u6709\u6b63\u786e\u7684\u6240\u6709\u6743\u3002 mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift Controller\u8282\u70b9\u521b\u5efa\u5e76\u5206\u53d1\u73af \u521b\u5efa\u8d26\u53f7\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 cd /etc/swift \u521b\u5efa\u57fa\u7840 account.builder \u6587\u4ef6\u3002 swift-ring-builder account.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder account.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS \\ --port 6202 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u8d26\u53f7\u73af\u5185\u5bb9\u3002 swift-ring-builder account.builder \u91cd\u65b0\u5e73\u8861\u8d26\u53f7\u73af\u3002 swift-ring-builder account.builder rebalance \u521b\u5efa\u5bb9\u5668\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 container.builder \u6587\u4ef6\u3002 swift-ring-builder container.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder container.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS --port 6201 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u5bb9\u5668\u73af\u5185\u5bb9\u3002 swift-ring-builder container.builder \u91cd\u65b0\u5e73\u8861\u5bb9\u5668\u73af\u3002 swift-ring-builder container.builder rebalance \u521b\u5efa\u5bf9\u8c61\u73af\u3002 \u5207\u6362\u5230 /etc/swift \u76ee\u5f55\u3002 \u521b\u5efa\u57fa\u7840 object.builder \u6587\u4ef6\u3002 swift-ring-builder object.builder create 10 1 1 \u5c06\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u6dfb\u52a0\u5230\u73af\u4e2d\u3002 swift-ring-builder object.builder add --region 1 --zone 1 \\ --ip STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS \\ --port 6200 --device DEVICE_NAME \\ --weight 100 \u66ff\u6362STORAGE_NODE_MANAGEMENT_INTERFACE_IP_ADDRESS\u4e3a\u5b58\u50a8\u8282\u70b9\u4e0a\u7ba1\u7406\u7f51\u7edc\u7684IP\u5730\u5740\u3002\\ \u66ff\u6362DEVICE_NAME\u4e3a\u540c\u4e00\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u5b58\u50a8\u8bbe\u5907\u540d\u79f0\u3002 \u6ce8\u610f \u5bf9\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u6bcf\u4e2a\u5b58\u50a8\u8bbe\u5907\u91cd\u590d\u6b64\u547d\u4ee4 \u9a8c\u8bc1\u5bf9\u8c61\u73af\u5185\u5bb9\u3002 swift-ring-builder object.builder \u91cd\u65b0\u5e73\u8861\u5bf9\u8c61\u73af\u3002 swift-ring-builder object.builder rebalance \u5206\u53d1\u73af\u914d\u7f6e\u6587\u4ef6\u3002 \u5c06 account.ring.gz \uff0c container.ring.gz \u4ee5\u53ca object.ring.gz \u6587\u4ef6\u590d\u5236\u5230\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684 /etc/swift \u76ee\u5f55\u3002 \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/swift/swift.conf\u3002 [swift-hash] swift_hash_path_suffix = test-hash swift_hash_path_prefix = test-hash [storage-policy:0] name = Policy-0 default = yes \u7528\u552f\u4e00\u503c\u66ff\u6362 test-hash \u5c06swift.conf\u6587\u4ef6\u590d\u5236\u5230/etc/swift\u6bcf\u4e2a\u5b58\u50a8\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\u7684\u76ee\u5f55\u3002 \u5728\u6240\u6709\u8282\u70b9\u4e0a\uff0c\u786e\u4fdd\u914d\u7f6e\u76ee\u5f55\u7684\u6b63\u786e\u6240\u6709\u6743\u3002 chown -R root:swift /etc/swift \u5b8c\u6210\u5b89\u88c5 \u5728\u63a7\u5236\u8282\u70b9\u548c\u8fd0\u884c\u4ee3\u7406\u670d\u52a1\u7684\u4efb\u4f55\u5176\u4ed6\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u4ee3\u7406\u670d\u52a1\u53ca\u5176\u4f9d\u8d56\u9879\uff0c\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\u3002 systemctl enable openstack-swift-proxy.service memcached.service systemctl start openstack-swift-proxy.service memcached.service \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\uff0c\u542f\u52a8\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5e76\u5c06\u5b83\u4eec\u914d\u7f6e\u4e3a\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u542f\u52a8\u3002 systemctl enable openstack-swift-account.service \\ openstack-swift-account-auditor.service \\ openstack-swift-account-reaper.service \\ openstack-swift-account-replicator.service \\ openstack-swift-container.service \\ openstack-swift-container-auditor.service \\ openstack-swift-container-replicator.service \\ openstack-swift-container-updater.service \\ openstack-swift-object.service \\ openstack-swift-object-auditor.service \\ openstack-swift-object-replicator.service \\ openstack-swift-object-updater.service systemctl start openstack-swift-account.service \\ openstack-swift-account-auditor.service \\ openstack-swift-account-reaper.service \\ openstack-swift-account-replicator.service \\ openstack-swift-container.service \\ openstack-swift-container-auditor.service \\ openstack-swift-container-replicator.service \\ openstack-swift-container-updater.service \\ openstack-swift-object.service \\ openstack-swift-object-auditor.service \\ openstack-swift-object-replicator.service \\ openstack-swift-object-updater.service","title":"Swift"},{"location":"install/openEuler-25.03/OpenStack-antelope/#cyborg","text":"Cyborg\u4e3aOpenStack\u63d0\u4f9b\u52a0\u901f\u5668\u8bbe\u5907\u7684\u652f\u6301\uff0c\u5305\u62ec GPU, FPGA, ASIC, NP, SoCs, NVMe/NOF SSDs, ODP, DPDK/SPDK\u7b49\u7b49\u3002 Controller\u8282\u70b9 \u521d\u59cb\u5316\u5bf9\u5e94\u6570\u636e\u5e93 mysql -u root -p MariaDB [(none)]> CREATE DATABASE cyborg; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'localhost' IDENTIFIED BY 'CYBORG_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cyborg.* TO 'cyborg'@'%' IDENTIFIED BY 'CYBORG_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u7528\u6237\u548c\u670d\u52a1\uff0c\u5e76\u8bb0\u4f4f\u521b\u5efacybory\u7528\u6237\u65f6\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6eCYBORG_PASS source ~/.admin-openrc openstack user create --domain default --password-prompt cyborg openstack role add --project service --user cyborg admin openstack service create --name cyborg --description \"Acceleration Service\" accelerator \u4f7f\u7528uwsgi\u90e8\u7f72Cyborg api\u670d\u52a1 openstack endpoint create --region RegionOne accelerator public http://controller/accelerator/v2 openstack endpoint create --region RegionOne accelerator internal http://controller/accelerator/v2 openstack endpoint create --region RegionOne accelerator admin http://controller/accelerator/v2 \u5b89\u88c5Cyborg dnf install openstack-cyborg \u914d\u7f6eCyborg \u4fee\u6539 /etc/cyborg/cyborg.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ use_syslog = False state_path = /var/lib/cyborg debug = True [api] host_ip = 0.0.0.0 [database] connection = mysql+pymysql://cyborg:CYBORG_DBPASS@controller/cyborg [service_catalog] cafile = /opt/stack/data/ca-bundle.pem project_domain_id = default user_domain_id = default project_name = service password = CYBORG_PASS username = cyborg auth_url = http://controller:5000/v3/ auth_type = password [placement] project_domain_name = Default project_name = service user_domain_name = Default password = password username = PLACEMENT_PASS auth_url = http://controller:5000/v3/ auth_type = password auth_section = keystone_authtoken [nova] project_domain_name = Default project_name = service user_domain_name = Default password = NOVA_PASS username = nova auth_url = http://controller:5000/v3/ auth_type = password auth_section = keystone_authtoken [keystone_authtoken] memcached_servers = localhost:11211 signing_dir = /var/cache/cyborg/api cafile = /opt/stack/data/ca-bundle.pem project_domain_name = Default project_name = service user_domain_name = Default password = CYBORG_PASS username = cyborg auth_url = http://controller:5000/v3/ auth_type = password \u540c\u6b65\u6570\u636e\u5e93\u8868\u683c cyborg-dbsync --config-file /etc/cyborg/cyborg.conf upgrade \u542f\u52a8Cyborg\u670d\u52a1 systemctl enable openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent systemctl start openstack-cyborg-api openstack-cyborg-conductor openstack-cyborg-agent","title":"Cyborg"},{"location":"install/openEuler-25.03/OpenStack-antelope/#aodh","text":"Aodh\u53ef\u4ee5\u6839\u636e\u7531Ceilometer\u6216\u8005Gnocchi\u6536\u96c6\u7684\u76d1\u63a7\u6570\u636e\u521b\u5efa\u544a\u8b66\uff0c\u5e76\u8bbe\u7f6e\u89e6\u53d1\u89c4\u5219\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 CREATE DATABASE aodh; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'localhost' IDENTIFIED BY 'AODH_DBPASS'; GRANT ALL PRIVILEGES ON aodh.* TO 'aodh'@'%' IDENTIFIED BY 'AODH_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt aodh openstack role add --project service --user aodh admin openstack service create --name aodh --description \"Telemetry\" alarming \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne alarming public http://controller:8042 openstack endpoint create --region RegionOne alarming internal http://controller:8042 openstack endpoint create --region RegionOne alarming admin http://controller:8042 \u5b89\u88c5Aodh\u3002 dnf install openstack-aodh-api openstack-aodh-evaluator \\ openstack-aodh-notifier openstack-aodh-listener \\ openstack-aodh-expirer python3-aodhclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/aodh/aodh.conf [database] connection = mysql+pymysql://aodh:AODH_DBPASS@controller/aodh [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = aodh password = AODH_PASS interface = internalURL region_name = RegionOne \u540c\u6b65\u6570\u636e\u5e93\u3002 aodh-dbsync \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service \\ openstack-aodh-notifier.service openstack-aodh-listener.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-aodh-api.service openstack-aodh-evaluator.service \\ openstack-aodh-notifier.service openstack-aodh-listener.service","title":"Aodh"},{"location":"install/openEuler-25.03/OpenStack-antelope/#gnocchi","text":"Gnocchi\u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u65f6\u95f4\u5e8f\u5217\u6570\u636e\u5e93\uff0c\u53ef\u4ee5\u5bf9\u63a5Ceilometer\u3002 Controller\u8282\u70b9 \u521b\u5efa\u6570\u636e\u5e93\u3002 CREATE DATABASE gnocchi; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'localhost' IDENTIFIED BY 'GNOCCHI_DBPASS'; GRANT ALL PRIVILEGES ON gnocchi.* TO 'gnocchi'@'%' IDENTIFIED BY 'GNOCCHI_DBPASS'; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u4ee5\u53caAPI\u7aef\u70b9\u3002 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt gnocchi openstack role add --project service --user gnocchi admin openstack service create --name gnocchi --description \"Metric Service\" metric \u521b\u5efaAPI\u7aef\u70b9\u3002 openstack endpoint create --region RegionOne metric public http://controller:8041 openstack endpoint create --region RegionOne metric internal http://controller:8041 openstack endpoint create --region RegionOne metric admin http://controller:8041 \u5b89\u88c5Gnocchi\u3002 dnf install openstack-gnocchi-api openstack-gnocchi-metricd python3-gnocchiclient \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 vim /etc/gnocchi/gnocchi.conf [api] auth_mode = keystone port = 8041 uwsgi_mode = http-socket [keystone_authtoken] auth_type = password auth_url = http://controller:5000/v3 project_domain_name = Default user_domain_name = Default project_name = service username = gnocchi password = GNOCCHI_PASS interface = internalURL region_name = RegionOne [indexer] url = mysql+pymysql://gnocchi:GNOCCHI_DBPASS@controller/gnocchi [storage] # coordination_url is not required but specifying one will improve # performance with better workload division across workers. # coordination_url = redis://controller:6379 file_basepath = /var/lib/gnocchi driver = file \u540c\u6b65\u6570\u636e\u5e93\u3002 gnocchi-upgrade \u5b8c\u6210\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-gnocchi-api.service openstack-gnocchi-metricd.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-gnocchi-api.service openstack-gnocchi-metricd.service","title":"Gnocchi"},{"location":"install/openEuler-25.03/OpenStack-antelope/#ceilometer","text":"Ceilometer\u662fOpenStack\u4e2d\u8d1f\u8d23\u6570\u636e\u6536\u96c6\u7684\u670d\u52a1\u3002 Controller\u8282\u70b9 \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\u3002 openstack user create --domain default --password-prompt ceilometer openstack role add --project service --user ceilometer admin openstack service create --name ceilometer --description \"Telemetry\" metering \u5b89\u88c5Ceilometer\u8f6f\u4ef6\u5305\u3002 dnf install openstack-ceilometer-notification openstack-ceilometer-central \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/pipeline.yaml\u3002 publishers: # set address of Gnocchi # + filter out Gnocchi-related activity meters (Swift driver) # + set default archive policy - gnocchi://?filter_project=service&archive_policy=low \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/ceilometer.conf\u3002 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_type = password auth_url = http://controller:5000/v3 project_domain_id = default user_domain_id = default project_name = service username = ceilometer password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u6570\u636e\u5e93\u540c\u6b65\u3002 ceilometer-upgrade \u5b8c\u6210\u63a7\u5236\u8282\u70b9Ceilometer\u5b89\u88c5\u3002 # \u914d\u7f6e\u670d\u52a1\u81ea\u542f systemctl enable openstack-ceilometer-notification.service openstack-ceilometer-central.service # \u542f\u52a8\u670d\u52a1 systemctl start openstack-ceilometer-notification.service openstack-ceilometer-central.service Compute\u8282\u70b9 \u5b89\u88c5Ceilometer\u8f6f\u4ef6\u5305\u3002 dnf install openstack-ceilometer-compute dnf install openstack-ceilometer-ipmi # \u53ef\u9009 \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/ceilometer/ceilometer.conf\u3002 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller [service_credentials] auth_url = http://controller:5000 project_domain_id = default user_domain_id = default auth_type = password username = ceilometer project_name = service password = CEILOMETER_PASS interface = internalURL region_name = RegionOne \u7f16\u8f91\u914d\u7f6e\u6587\u4ef6/etc/nova/nova.conf\u3002 [DEFAULT] instance_usage_audit = True instance_usage_audit_period = hour [notifications] notify_on_state_change = vm_and_task_state [oslo_messaging_notifications] driver = messagingv2 \u5b8c\u6210\u5b89\u88c5\u3002 systemctl enable openstack-ceilometer-compute.service systemctl start openstack-ceilometer-compute.service systemctl enable openstack-ceilometer-ipmi.service # \u53ef\u9009 systemctl start openstack-ceilometer-ipmi.service # \u53ef\u9009 # \u91cd\u542fnova-compute\u670d\u52a1 systemctl restart openstack-nova-compute.service","title":"Ceilometer"},{"location":"install/openEuler-25.03/OpenStack-antelope/#heat","text":"Heat\u662f OpenStack \u81ea\u52a8\u7f16\u6392\u670d\u52a1\uff0c\u57fa\u4e8e\u63cf\u8ff0\u6027\u7684\u6a21\u677f\u6765\u7f16\u6392\u590d\u5408\u4e91\u5e94\u7528\uff0c\u4e5f\u79f0\u4e3a Orchestration Service \u3002Heat \u7684\u5404\u670d\u52a1\u4e00\u822c\u5b89\u88c5\u5728 Controller \u8282\u70b9\u4e0a\u3002 Controller\u8282\u70b9 \u521b\u5efa heat \u6570\u636e\u5e93\uff0c\u5e76\u6388\u4e88 heat \u6570\u636e\u5e93\u6b63\u786e\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u66ff\u6362 HEAT_DBPASS \u4e3a\u5408\u9002\u7684\u5bc6\u7801 mysql -u root -p MariaDB [(none)]> CREATE DATABASE heat; MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS'; MariaDB [(none)]> exit; \u521b\u5efa\u670d\u52a1\u51ed\u8bc1\uff0c\u521b\u5efa heat \u7528\u6237\uff0c\u5e76\u4e3a\u5176\u589e\u52a0 admin \u89d2\u8272 source ~/.admin-openrc openstack user create --domain default --password-prompt heat openstack role add --project service --user heat admin \u521b\u5efa heat \u548c heat-cfn \u670d\u52a1\u53ca\u5176\u5bf9\u5e94\u7684API\u7aef\u70b9 openstack service create --name heat --description \"Orchestration\" orchestration openstack service create --name heat-cfn --description \"Orchestration\" cloudformation openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%\\(tenant_id\\)s openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1 \u521b\u5efastack\u7ba1\u7406\u7684\u989d\u5916\u4fe1\u606f \u521b\u5efa heat domain openstack domain create --description \"Stack projects and users\" heat \u5728 heat domain\u4e0b\u521b\u5efa heat_domain_admin \u7528\u6237\uff0c\u5e76\u8bb0\u4e0b\u8f93\u5165\u7684\u5bc6\u7801\uff0c\u7528\u4e8e\u914d\u7f6e\u4e0b\u9762\u7684 HEAT_DOMAIN_PASS openstack user create --domain heat --password-prompt heat_domain_admin \u4e3a heat_domain_admin \u7528\u6237\u589e\u52a0 admin \u89d2\u8272 openstack role add --domain heat --user-domain heat --user heat_domain_admin admin \u521b\u5efa heat_stack_owner \u89d2\u8272 openstack role create heat_stack_owner \u521b\u5efa heat_stack_user \u89d2\u8272 openstack role create heat_stack_user \u5b89\u88c5\u8f6f\u4ef6\u5305 dnf install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \u4fee\u6539\u914d\u7f6e\u6587\u4ef6 /etc/heat/heat.conf [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat [database] connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = HEAT_PASS [trustee] auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = default [clients_keystone] auth_uri = http://controller:5000 \u521d\u59cb\u5316 heat \u6570\u636e\u5e93\u8868 su -s /bin/sh -c \"heat-manage db_sync\" heat \u542f\u52a8\u670d\u52a1 systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service","title":"Heat"},{"location":"install/openEuler-25.03/OpenStack-antelope/#tempest","text":"Tempest\u662fOpenStack\u7684\u96c6\u6210\u6d4b\u8bd5\u670d\u52a1\uff0c\u5982\u679c\u7528\u6237\u9700\u8981\u5168\u9762\u81ea\u52a8\u5316\u6d4b\u8bd5\u5df2\u5b89\u88c5\u7684OpenStack\u73af\u5883\u7684\u529f\u80fd,\u5219\u63a8\u8350\u4f7f\u7528\u8be5\u7ec4\u4ef6\u3002\u5426\u5219\uff0c\u53ef\u4ee5\u4e0d\u7528\u5b89\u88c5\u3002 Controller\u8282\u70b9 \uff1a \u5b89\u88c5Tempest dnf install openstack-tempest \u521d\u59cb\u5316\u76ee\u5f55 tempest init mytest \u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u3002 cd mytest vi etc/tempest.conf tempest.conf\u4e2d\u9700\u8981\u914d\u7f6e\u5f53\u524dOpenStack\u73af\u5883\u7684\u4fe1\u606f\uff0c\u5177\u4f53\u5185\u5bb9\u53ef\u4ee5\u53c2\u8003 \u5b98\u65b9\u793a\u4f8b \u6267\u884c\u6d4b\u8bd5 tempest run \u5b89\u88c5tempest\u6269\u5c55\uff08\u53ef\u9009\uff09 OpenStack\u5404\u4e2a\u670d\u52a1\u672c\u8eab\u4e5f\u63d0\u4f9b\u4e86\u4e00\u4e9btempest\u6d4b\u8bd5\u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5b89\u88c5\u8fd9\u4e9b\u5305\u6765\u4e30\u5bcctempest\u7684\u6d4b\u8bd5\u5185\u5bb9\u3002\u5728Antelope\u4e2d\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86Cinder\u3001Glance\u3001Keystone\u3001Ironic\u3001Trove\u7684\u6269\u5c55\u6d4b\u8bd5\uff0c\u7528\u6237\u53ef\u4ee5\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\u4f7f\u7528\uff1a dnf install python3-cinder-tempest-plugin python3-glance-tempest-plugin python3-ironic-tempest-plugin python3-keystone-tempest-plugin python3-trove-tempest-plugin","title":"Tempest"},{"location":"install/openEuler-25.03/OpenStack-antelope/#openstack-sigoos","text":"oos (openEuler OpenStack SIG)\u662fOpenStack SIG\u63d0\u4f9b\u7684\u547d\u4ee4\u884c\u5de5\u5177\u3002\u5176\u4e2d oos env \u7cfb\u5217\u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u952e\u90e8\u7f72OpenStack \uff08 all in one \u6216\u4e09\u8282\u70b9 cluster \uff09\u7684ansible\u811a\u672c\uff0c\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5\u811a\u672c\u5feb\u901f\u90e8\u7f72\u4e00\u5957\u57fa\u4e8e openEuler RPM \u7684 OpenStack \u73af\u5883\u3002 oos \u5de5\u5177\u652f\u6301\u5bf9\u63a5\u4e91provider\uff08\u76ee\u524d\u4ec5\u652f\u6301\u534e\u4e3a\u4e91provider\uff09\u548c\u4e3b\u673a\u7eb3\u7ba1\u4e24\u79cd\u65b9\u5f0f\u6765\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u4e0b\u9762\u4ee5\u5bf9\u63a5\u534e\u4e3a\u4e91\u90e8\u7f72\u4e00\u5957 all in one \u7684OpenStack\u73af\u5883\u4e3a\u4f8b\u8bf4\u660e oos \u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\u3002 \u5b89\u88c5 oos \u5de5\u5177 yum install openstack-sig-tool \u914d\u7f6e\u5bf9\u63a5\u534e\u4e3a\u4e91provider\u7684\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u4fee\u6539\u914d\u7f6e\u4e3a\u60a8\u62e5\u6709\u7684\u534e\u4e3a\u4e91\u8d44\u6e90\u4fe1\u606f\uff0cAK/SK\u662f\u7528\u6237\u7684\u534e\u4e3a\u4e91\u767b\u5f55\u5bc6\u94a5\uff0c\u5176\u4ed6\u914d\u7f6e\u4fdd\u6301\u9ed8\u8ba4\u5373\u53ef\uff08\u9ed8\u8ba4\u4f7f\u7528\u65b0\u52a0\u5761region\uff09\uff0c\u9700\u8981\u63d0\u524d\u5728\u4e91\u4e0a\u521b\u5efa\u5bf9\u5e94\u7684\u8d44\u6e90\uff0c\u5305\u62ec\uff1a \u4e00\u4e2a\u5b89\u5168\u7ec4\uff0c\u540d\u5b57\u9ed8\u8ba4\u662f oos \u4e00\u4e2aopenEuler\u955c\u50cf\uff0c\u540d\u79f0\u683c\u5f0f\u662fopenEuler-%(release)s-%(arch)s\uff0c\u4f8b\u5982 openEuler-25.03-arm64 \u4e00\u4e2aVPC\uff0c\u540d\u79f0\u662f oos_vpc \u8be5VPC\u4e0b\u9762\u4e24\u4e2a\u5b50\u7f51\uff0c\u540d\u79f0\u662f oos_subnet1 \u3001 oos_subnet2 [huaweicloud] ak = sk = region = ap-southeast-3 root_volume_size = 100 data_volume_size = 100 security_group_name = oos image_format = openEuler-%%(release)s-%%(arch)s vpc_name = oos_vpc subnet1_name = oos_subnet1 subnet2_name = oos_subnet2 \u914d\u7f6e OpenStack \u73af\u5883\u4fe1\u606f \u6253\u5f00 /usr/local/etc/oos/oos.conf \u6587\u4ef6\uff0c\u6839\u636e\u5f53\u524d\u673a\u5668\u73af\u5883\u548c\u9700\u6c42\u4fee\u6539\u914d\u7f6e\u3002\u5185\u5bb9\u5982\u4e0b\uff1a [environment] mysql_root_password = root mysql_project_password = root rabbitmq_password = root project_identity_password = root enabled_service = keystone,neutron,cinder,placement,nova,glance,horizon,aodh,ceilometer,cyborg,gnocchi,kolla,heat,swift,trove,tempest neutron_provider_interface_name = br-ex default_ext_subnet_range = 10.100.100.0/24 default_ext_subnet_gateway = 10.100.100.1 neutron_dataplane_interface_name = eth1 cinder_block_device = vdb swift_storage_devices = vdc swift_hash_path_suffix = ash swift_hash_path_prefix = has glance_api_workers = 2 cinder_api_workers = 2 nova_api_workers = 2 nova_metadata_api_workers = 2 nova_conductor_workers = 2 nova_scheduler_workers = 2 neutron_api_workers = 2 horizon_allowed_host = * kolla_openeuler_plugin = false \u5173\u952e\u914d\u7f6e \u914d\u7f6e\u9879 \u89e3\u91ca enabled_service \u5b89\u88c5\u670d\u52a1\u5217\u8868\uff0c\u6839\u636e\u7528\u6237\u9700\u6c42\u81ea\u884c\u5220\u51cf neutron_provider_interface_name neutron L3\u7f51\u6865\u540d\u79f0 default_ext_subnet_range neutron\u79c1\u7f51IP\u6bb5 default_ext_subnet_gateway neutron\u79c1\u7f51gateway neutron_dataplane_interface_name neutron\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u63a8\u8350\u4f7f\u7528\u4e00\u5f20\u65b0\u7684\u7f51\u5361\uff0c\u4ee5\u514d\u548c\u73b0\u6709\u7f51\u5361\u51b2\u7a81\uff0c\u9632\u6b62all in one\u4e3b\u673a\u65ad\u8fde\u7684\u60c5\u51b5 cinder_block_device cinder\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d swift_storage_devices swift\u4f7f\u7528\u7684\u5377\u8bbe\u5907\u540d kolla_openeuler_plugin \u662f\u5426\u542f\u7528kolla plugin\u3002\u8bbe\u7f6e\u4e3aTrue\uff0ckolla\u5c06\u652f\u6301\u90e8\u7f72openEuler\u5bb9\u5668(\u53ea\u5728openEuler LTS\u4e0a\u652f\u6301) \u534e\u4e3a\u4e91\u4e0a\u9762\u521b\u5efa\u4e00\u53f0|openEuler 25.03\u7684x86_64\u865a\u62df\u673a\uff0c\u7528\u4e8e\u90e8\u7f72 all in one \u7684 OpenStack # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u865a\u62df\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env create -r 25.03 -f small -a x86 -n test-oos all_in_one \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env create --help \u547d\u4ee4\u67e5\u770b \u90e8\u7f72OpenStack all in one \u73af\u5883 oos env setup test-oos -r antelope \u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env setup --help \u547d\u4ee4\u67e5\u770b \u521d\u59cb\u5316tempest\u73af\u5883 \u5982\u679c\u7528\u6237\u60f3\u4f7f\u7528\u8be5\u73af\u5883\u8fd0\u884ctempest\u6d4b\u8bd5\u7684\u8bdd\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4 oos env init \uff0c\u4f1a\u81ea\u52a8\u628atempest\u9700\u8981\u7684OpenStack\u8d44\u6e90\u81ea\u52a8\u521b\u5efa\u597d oos env init test-oos \u6267\u884ctempest\u6d4b\u8bd5 \u7528\u6237\u53ef\u4ee5\u4f7f\u7528oos\u81ea\u52a8\u6267\u884c\uff1a oos env test test-oos \u4e5f\u53ef\u4ee5\u624b\u52a8\u767b\u5f55\u76ee\u6807\u8282\u70b9\uff0c\u8fdb\u5165\u6839\u76ee\u5f55\u4e0b\u7684 mytest \u76ee\u5f55\uff0c\u624b\u52a8\u6267\u884c tempest run \u5982\u679c\u662f\u4ee5\u4e3b\u673a\u7eb3\u7ba1\u7684\u65b9\u5f0f\u90e8\u7f72 OpenStack \u73af\u5883\uff0c\u603b\u4f53\u903b\u8f91\u4e0e\u4e0a\u6587\u5bf9\u63a5\u534e\u4e3a\u4e91\u65f6\u4e00\u81f4\uff0c1\u30013\u30015\u30016\u6b65\u64cd\u4f5c\u4e0d\u53d8\uff0c\u8df3\u8fc7\u7b2c2\u6b65\u5bf9\u534e\u4e3a\u4e91provider\u4fe1\u606f\u7684\u914d\u7f6e\uff0c\u5728\u7b2c4\u6b65\u6539\u4e3a\u7eb3\u7ba1\u4e3b\u673a\u64cd\u4f5c\u3002 \u88ab\u7eb3\u7ba1\u7684\u865a\u673a\u9700\u8981\u4fdd\u8bc1\uff1a \u81f3\u5c11\u6709\u4e00\u5f20\u7ed9oos\u4f7f\u7528\u7684\u7f51\u5361\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e neutron_dataplane_interface_name \u81f3\u5c11\u6709\u4e00\u5757\u7ed9oos\u4f7f\u7528\u7684\u786c\u76d8\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e cinder_block_device \u5982\u679c\u8981\u90e8\u7f72swift\u670d\u52a1\uff0c\u5219\u9700\u8981\u65b0\u589e\u4e00\u5757\u786c\u76d8\uff0c\u540d\u79f0\u4e0e\u914d\u7f6e\u4fdd\u6301\u4e00\u81f4\uff0c\u76f8\u5173\u914d\u7f6e swift_storage_devices # sshpass\u5728`oos env create`\u8fc7\u7a0b\u4e2d\u88ab\u4f7f\u7528\uff0c\u7528\u4e8e\u914d\u7f6e\u5bf9\u76ee\u6807\u4e3b\u673a\u7684\u514d\u5bc6\u8bbf\u95ee dnf install sshpass oos env manage -r 25.03 -i TARGET_MACHINE_IP -p TARGET_MACHINE_PASSWD -n test-oos \u66ff\u6362 TARGET_MACHINE_IP \u4e3a\u76ee\u6807\u673aip\u3001 TARGET_MACHINE_PASSWD \u4e3a\u76ee\u6807\u673a\u5bc6\u7801\u3002\u5177\u4f53\u7684\u53c2\u6570\u53ef\u4ee5\u4f7f\u7528 oos env manage --help \u547d\u4ee4\u67e5\u770b\u3002","title":"\u57fa\u4e8eOpenStack SIG\u5f00\u53d1\u5de5\u5177oos\u90e8\u7f72"},{"location":"security/security-guide/","text":"OpenStack\u5b89\u5168\u6307\u5357 \u00b6 \u672c\u6587\u7ffb\u8bd1\u81ea \u4e0a\u6e38\u5b89\u5168\u6307\u5357 OpenStack\u5b89\u5168\u6307\u5357 \u6458\u8981 \u5185\u5bb9 \u7ea6\u5b9a \u6ce8\u610f\u4e8b\u9879 \u547d\u4ee4\u63d0\u793a\u7b26 \u4ecb\u7ecd \u81f4\u8c22 \u6211\u4eec\u4e3a\u4ec0\u4e48\u4ee5\u53ca\u5982\u4f55\u5199\u8fd9\u672c\u4e66 \u76ee\u6807 \u5199\u4f5c\u8bb0\u5f55 \u5982\u4f55\u4e3a\u672c\u4e66\u505a\u8d21\u732e OpenStack \u7b80\u4ecb \u4e91\u7c7b\u578b \u516c\u6709\u4e91 \u79c1\u6709\u4e91 \u793e\u533a\u4e91 \u6df7\u5408\u4e91 OpenStack \u670d\u52a1\u6982\u8ff0 \u8ba1\u7b97 \u5bf9\u8c61\u5b58\u50a8 \u5757\u5b58\u50a8 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf \u7f51\u7edc \u4eea\u8868\u677f \u8eab\u4efd\u9274\u522b\u670d\u52a1 \u955c\u50cf\u670d\u52a1 \u6570\u636e\u5904\u7406\u670d\u52a1 \u5176\u4ed6\u914d\u5957\u6280\u672f \u5b89\u5168\u8fb9\u754c\u548c\u5a01\u80c1 \u5b89\u5168\u57df \u516c\u5171 \u8bbf\u5ba2 \u7ba1\u7406 \u6570\u636e \u6865\u63a5\u5b89\u5168\u57df \u5a01\u80c1\u5206\u7c7b\u3001\u53c2\u4e0e\u8005\u548c\u653b\u51fb\u5411\u91cf \u5a01\u80c1\u53c2\u4e0e\u8005 \u60c5\u62a5\u673a\u6784 \u4e25\u91cd\u6709\u7ec4\u7ec7\u72af\u7f6a \u9ad8\u80fd\u529b\u7684\u56e2\u961f \u6709\u52a8\u673a\u7684\u4e2a\u4eba \u811a\u672c\u653b\u51fb\u8005 \u516c\u6709\u4e91\u548c\u79c1\u6709\u4e91\u6ce8\u610f\u4e8b\u9879 \u51fa\u7ad9\u653b\u51fb\u548c\u58f0\u8a89\u98ce\u9669 \u653b\u51fb\u7c7b\u578b \u9009\u62e9\u652f\u6301\u8f6f\u4ef6 \u56e2\u961f\u4e13\u4e1a\u77e5\u8bc6 \u4ea7\u54c1\u6216\u9879\u76ee\u6210\u719f\u5ea6 \u901a\u7528\u6807\u51c6 \u786c\u4ef6\u95ee\u9898 \u7cfb\u7edf\u6587\u6863 \u7cfb\u7edf\u6587\u6863\u8981\u6c42 \u7cfb\u7edf\u89d2\u8272\u548c\u7c7b\u578b \u57fa\u7840\u8bbe\u65bd\u8282\u70b9 \u8ba1\u7b97\u3001\u5b58\u50a8\u6216\u5176\u4ed6\u8d44\u6e90\u8282\u70b9 \u7cfb\u7edf\u6e05\u5355 \u786c\u4ef6\u6e05\u5355 \u8f6f\u4ef6\u6e05\u5355 \u7f51\u7edc\u62d3\u6251 \u670d\u52a1\u3001\u534f\u8bae\u548c\u7aef\u53e3 \u7ba1\u7406 \u6301\u7eed\u7684\u7cfb\u7edf\u7ba1\u7406 \u6f0f\u6d1e\u7ba1\u7406 \u5206\u7c7b \u6d4b\u8bd5\u66f4\u65b0 \u90e8\u7f72\u66f4\u65b0 \u914d\u7f6e\u7ba1\u7406 \u7b56\u7565\u66f4\u6539 \u5b89\u5168\u5907\u4efd\u548c\u6062\u590d \u5b89\u5168\u5ba1\u8ba1\u5de5\u5177 \u5b8c\u6574\u6027\u751f\u547d\u5468\u671f \u5b89\u5168\u5f15\u5bfc \u8282\u70b9\u914d\u7f6e \u9a8c\u8bc1\u542f\u52a8 \u8282\u70b9\u52a0\u56fa \u5f3a\u5236\u8bbf\u95ee\u63a7\u5236 \uff08MAC\uff09 \u5220\u9664\u8f6f\u4ef6\u5305\u5e76\u505c\u6b62\u670d\u52a1 \u53ea\u8bfb\u6587\u4ef6\u7cfb\u7edf \u7cfb\u7edf\u9a8c\u8bc1 \u8fd0\u884c\u65f6\u9a8c\u8bc1 \u5165\u4fb5\u68c0\u6d4b\u7cfb\u7edf \u670d\u52a1\u5668\u52a0\u56fa \u6587\u4ef6\u5b8c\u6574\u6027\u7ba1\u7406\uff08FIM\uff09 \u7ba1\u7406\u754c\u9762 \u4eea\u8868\u677f \u529f\u80fd \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u53c2\u8003\u4e66\u76ee OpenStack \u63a5\u53e3 \u529f\u80fd \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u5b89\u5168\u5916\u58f3 \uff08SSH\uff09 \u4e3b\u673a\u5bc6\u94a5\u6307\u7eb9 \u7ba1\u7406\u5b9e\u7528\u7a0b\u5e8f \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u53c2\u8003\u4e66\u76ee \u5e26\u5916\u7ba1\u7406\u63a5\u53e3 \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u53c2\u8003\u4e66\u76ee \u5b89\u5168\u901a\u4fe1 TLS \u548c SSL \u7b80\u4ecb \u8bc1\u4e66\u9881\u53d1\u673a\u6784 TLS \u5e93 \u52a0\u5bc6\u7b97\u6cd5\u3001\u5bc6\u7801\u6a21\u5f0f\u548c\u534f\u8bae \u603b\u7ed3 TLS \u4ee3\u7406\u548c HTTP \u670d\u52a1 \u793a\u4f8b Pound Stud Nginx Apache HTTP \u4e25\u683c\u4f20\u8f93\u5b89\u5168 \u5b8c\u5168\u524d\u5411\u4fdd\u5bc6 \u5b89\u5168\u53c2\u8003\u67b6\u6784 SSL/TLS \u4ee3\u7406\u5728\u524d\u9762 \u4e0e API \u7aef\u70b9\u4f4d\u4e8e\u540c\u4e00\u7269\u7406\u4e3b\u673a\u4e0a\u7684 SSL/TLS SSL/TLS\u8d1f\u8f7d\u5e73\u8861\u5668 \u5916\u90e8\u548c\u5185\u90e8\u73af\u5883\u7684\u52a0\u5bc6\u5206\u79bb API \u7aef\u70b9 API \u7aef\u70b9\u914d\u7f6e\u5efa\u8bae \u5185\u90e8 API \u901a\u4fe1 \u5728\u8eab\u4efd\u670d\u52a1\u76ee\u5f55\u4e2d\u914d\u7f6e\u5185\u90e8 URL \u4e3a\u5185\u90e8 URL \u914d\u7f6e\u5e94\u7528\u7a0b\u5e8f \u7c98\u8d34\u548c\u4e2d\u95f4\u4ef6 API \u7aef\u70b9\u8fdb\u7a0b\u9694\u79bb\u548c\u7b56\u7565 \u547d\u540d\u7a7a\u95f4 \u7f51\u7edc\u7b56\u7565 \u5f3a\u5236\u8bbf\u95ee\u63a7\u5236 API \u7aef\u70b9\u901f\u7387\u9650\u5236 \u8eab\u4efd\u9274\u522b \u8ba4\u8bc1 \u65e0\u6548\u7684\u767b\u5f55\u5c1d\u8bd5 \u591a\u56e0\u7d20\u8eab\u4efd\u9a8c\u8bc1 \u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5 \u5185\u90e8\u5b9e\u73b0\u7684\u8ba4\u8bc1\u65b9\u5f0f \u5916\u90e8\u8ba4\u8bc1\u65b9\u5f0f \u6388\u6743 \u5efa\u7acb\u6b63\u5f0f\u7684\u8bbf\u95ee\u63a7\u5236\u7b56\u7565 \u670d\u52a1\u6388\u6743 \u7ba1\u7406\u5458\u7528\u6237 \u7ec8\u7aef\u7528\u6237 \u653f\u7b56 \u4ee4\u724c Fernet \u4ee4\u724c JWT \u4ee4\u724c \u57df \u8054\u5408\u9274\u6743 \u4e3a\u4ec0\u4e48\u8981\u4f7f\u7528\u8054\u5408\u8eab\u4efd\uff1f \u68c0\u67e5\u8868 Check-Identity-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a keystone\uff1f Check-Identity-02\uff1a\u662f\u5426\u4e3a Identity \u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u6743\u9650\uff1f Check-Identity-03\uff1a\u662f\u5426\u4e3a Identity \u542f\u7528\u4e86 TLS\uff1f Check-Identity-04\uff1a\uff08\u5df2\u8fc7\u65f6\uff09 Check-Identity-05\uff1a\u662f\u5426 max_request_body_size \u8bbe\u7f6e\u4e3a\u9ed8\u8ba4\u503c \uff08114688\uff09\uff1f check-identity-06:\u7981\u7528/etc/keystone/keystone.conf\u4e2d\u7684\u7ba1\u7406\u4ee4\u724c check-identity-07:/etc/keystone/keystone.conf\u4e2d\u7684\u4e0d\u5b89\u5168_\u8c03\u8bd5\u4e3a\u5047 check-identity-08:\u4f7f\u7528/etc/keystone/keystone.conf\u4e2d\u7684Fernet\u4ee4\u724c \u4eea\u8868\u677f \u57df\u540d\u3001\u4eea\u8868\u677f\u5347\u7ea7\u548c\u57fa\u672c Web \u670d\u52a1\u5668\u914d\u7f6e \u57df\u540d \u57fa\u672c\u7684 Web \u670d\u52a1\u5668\u914d\u7f6e \u5141\u8bb8\u7684\u4e3b\u673a Horizon \u955c\u50cf\u4e0a\u4f20 HTTPS\u3001HSTS\u3001XSS \u548c SSRF \u8de8\u7ad9\u811a\u672c \uff08XSS\uff09 \u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020 \uff08CSRF\uff09 \u8de8\u5e27\u811a\u672c \uff08XFS\uff09 HTTPS \u51fd\u6570 HTTP \u4e25\u683c\u4f20\u8f93\u5b89\u5168 \uff08HSTS\uff09 \u524d\u7aef\u7f13\u5b58\u548c\u4f1a\u8bdd\u540e\u7aef \u524d\u7aef\u7f13\u5b58 \u4f1a\u8bdd\u540e\u7aef \u9759\u6001\u5a92\u4f53 \u5bc6\u7801 \u5bc6\u94a5 Cookies \u8de8\u57df\u8d44\u6e90\u5171\u4eab \uff08CORS\uff09 \u8c03\u8bd5 \u68c0\u67e5\u8868 Check-Dashboard-01\uff1a\u7528\u6237/\u914d\u7f6e\u6587\u4ef6\u7ec4\u662f\u5426\u8bbe\u7f6e\u4e3a root/horizon\uff1f Check-Dashboard-02\uff1a\u662f\u5426\u4e3a Horizon \u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u6743\u9650\uff1f Check-Dashboard-03\uff1a\u53c2\u6570\u662f\u5426 DISALLOW_IFRAME_EMBED \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-04\uff1a\u53c2\u6570\u662f\u5426 CSRF_COOKIE_SECURE \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-05\uff1a\u53c2\u6570\u662f\u5426 SESSION_COOKIE_SECURE \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-06\uff1a\u53c2\u6570\u662f\u5426 SESSION_COOKIE_HTTPONLY \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-07\uff1a PASSWORD_AUTOCOMPLETE \u8bbe\u7f6e\u4e3a False \uff1f Check-Dashboard-08\uff1a DISABLE_PASSWORD_REVEAL \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-09\uff1a ENFORCE_PASSWORD_CHECK \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-10\uff1a\u662f\u5426 PASSWORD_VALIDATOR \u5df2\u914d\u7f6e\uff1f Check-Dashboard-11\uff1a\u662f\u5426 SECURE_PROXY_SSL_HEADER \u5df2\u914d\u7f6e\uff1f \u8ba1\u7b97 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u9009\u62e9 OpenStack \u4e2d\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f \u9009\u62e9\u6807\u51c6 \u56e2\u961f\u4e13\u957f \u4ea7\u54c1\u6216\u9879\u76ee\u6210\u719f\u5ea6 \u8ba4\u8bc1\u548c\u8bc1\u660e \u901a\u7528\u6807\u51c6 \u5bc6\u7801\u5b66\u6807\u51c6 FIPS 140-2 \u786c\u4ef6\u95ee\u9898 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e0e\u88f8\u673a Hypervisor \u5185\u5b58\u4f18\u5316 KVM \u5185\u6838\u540c\u9875\u5408\u5e76 XEN \u900f\u660e\u9875\u9762\u5171\u4eab \u5185\u5b58\u4f18\u5316\u7684\u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u5176\u4ed6\u5b89\u5168\u529f\u80fd \u53c2\u8003\u4e66\u76ee \u52a0\u56fa\u865a\u62df\u5316\u5c42 \u7269\u7406\u786c\u4ef6\uff08PCI\u76f4\u901a\uff09 \u865a\u62df\u786c\u4ef6 \uff08QEMU\uff09 \u6700\u5c0f\u5316 QEMU \u4ee3\u7801\u5e93 \u7f16\u8bd1\u5668\u52a0\u56fa \u5b89\u5168\u52a0\u5bc6\u865a\u62df\u5316 \u5f3a\u5236\u8bbf\u95ee\u63a7\u5236 sVirt\uff1aSELinux \u548c\u865a\u62df\u5316 \u6807\u7b7e\u548c\u7c7b\u522b SELinux \u7528\u6237\u548c\u89d2\u8272 \u5e03\u5c14\u503c \u52a0\u56fa\u8ba1\u7b97\u90e8\u7f72 OpenStack \u6f0f\u6d1e\u7ba1\u7406\u56e2\u961f OpenStack \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 OpenStack-dev \u90ae\u4ef6\u5217\u8868 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u90ae\u4ef6\u5217\u8868 \u6f0f\u6d1e\u610f\u8bc6 OpenStack \u6f0f\u6d1e\u7ba1\u7406\u56e2\u961f OpenStack \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 OpenStack-discuss \u90ae\u4ef6\u5217\u8868 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u90ae\u4ef6\u5217\u8868 \u5982\u4f55\u9009\u62e9\u865a\u62df\u63a7\u5236\u53f0 \u865a\u62df\u7f51\u7edc\u8ba1\u7b97\u673a \uff08VNC\uff09 \u529f\u80fd \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u53c2\u8003\u4e66\u76ee \u72ec\u7acb\u8ba1\u7b97\u73af\u5883\u7684\u7b80\u5355\u534f\u8bae \uff08SPICE\uff09 \u529f\u80fd \u9650\u5236 \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u53c2\u8003\u4e66\u76ee \u68c0\u67e5\u8868 Check-Compute-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/nova\uff1f Check-Compute-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Compute-03\uff1aKeystone \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Compute-04\uff1a\u662f\u5426\u4f7f\u7528\u5b89\u5168\u534f\u8bae\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Compute-05\uff1aNova \u4e0e Glance \u7684\u901a\u4fe1\u662f\u5426\u5b89\u5168\uff1f \u5757\u5b58\u50a8 \u5377\u64e6\u9664 \u68c0\u67e5\u8868 Check-Block-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/cinder\uff1f Check-Block-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Block-03\uff1aKeystone \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Block-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Block-05\uff1acinder \u662f\u5426\u901a\u8fc7 TLS \u4e0e nova \u901a\u4fe1\uff1f Check-Block-06\uff1acinder \u662f\u5426\u901a\u8fc7 TLS \u4e0e glance \u901a\u4fe1\uff1f Check-Block-07\uff1a NAS \u662f\u5426\u5728\u5b89\u5168\u7684\u73af\u5883\u4e2d\u8fd0\u884c\uff1f Check-Block-08\uff1a\u8bf7\u6c42\u6b63\u6587\u7684\u6700\u5927\u5927\u5c0f\u662f\u5426\u8bbe\u7f6e\u4e3a\u9ed8\u8ba4\u503c \uff08114688\uff09\uff1f Check-Block-09\uff1a\u662f\u5426\u542f\u7528\u4e86\u5377\u52a0\u5bc6\u529f\u80fd\uff1f \u56fe\u50cf\u5b58\u50a8 \u68c0\u67e5\u8868 Check-Image-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/glance\uff1f Check-Image-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Image-03\uff1aKeystone \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Image-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Image-05\uff1a\u662f\u5426\u963b\u6b62\u4e86\u5c4f\u853d\u7aef\u53e3\u626b\u63cf\uff1f \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf \u4ecb\u7ecd \u4e00\u822c\u5b89\u5168\u4fe1\u606f \u7f51\u7edc\u548c\u5b89\u5168\u6a21\u578b \u5171\u4eab\u540e\u7aef\u6a21\u5f0f \u6241\u5e73\u5316\u4e0e\u5206\u6bb5\u5316\u7f51\u7edc \u7f51\u7edc\u63d2\u4ef6 \u5b89\u5168\u670d\u52a1 \u5b89\u5168\u670d\u52a1\u4ecb\u7ecd \u5b89\u5168\u670d\u52a1\u7ba1\u7406 \u5171\u4eab\u8bbf\u95ee\u63a7\u5236 \u5171\u4eab\u7c7b\u578b\u8bbf\u95ee\u63a7\u5236 \u653f\u7b56 \u68c0\u67e5\u8868 Check-Shared-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/manila\uff1f Check-Shared-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Shared-03\uff1aOpenStack Identity \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Shared-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Shared-05\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u8ba1\u7b97\u8054\u7cfb\uff1f Check-Shared-06\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u7f51\u7edc\u8054\u7cfb\uff1f Check-Shared-07\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u5757\u5b58\u50a8\u8054\u7cfb\uff1f Check-Shared-08\uff1a\u8bf7\u6c42\u6b63\u6587\u7684\u6700\u5927\u5927\u5c0f\u662f\u5426\u8bbe\u7f6e\u4e3a\u9ed8\u8ba4\u503c \uff08114688\uff09\uff1f \u8054\u7f51 \u7f51\u7edc\u67b6\u6784 OpenStack Networking \u670d\u52a1\u5728\u7269\u7406\u670d\u52a1\u5668\u4e0a\u7684\u653e\u7f6e \u7269\u7406\u670d\u52a1\u5668\u7684\u7f51\u7edc\u8fde\u63a5 \u7f51\u7edc\u670d\u52a1 \u4f7f\u7528 VLAN \u548c\u96a7\u9053\u7684 L2 \u9694\u79bb VLANs L2 \u96a7\u9053 \u7f51\u7edc\u670d\u52a1 \u8bbf\u95ee\u63a7\u5236\u5217\u8868 L3 \u8def\u7531\u548c NAT \u670d\u52a1\u8d28\u91cf \uff08QoS\uff09 \u8d1f\u8f7d\u5747\u8861 \u9632\u706b\u5899 \u7f51\u7edc\u670d\u52a1\u6269\u5c55 \u7f51\u7edc\u670d\u52a1\u9650\u5236 \u7f51\u7edc\u670d\u52a1\u5b89\u5168\u6700\u4f73\u505a\u6cd5 OpenStack Networking \u670d\u52a1\u914d\u7f6e \u9650\u5236 API \u670d\u52a1\u5668\u7684\u7ed1\u5b9a\u5730\u5740\uff1aneutron-server \u9650\u5236 OpenStack Networking \u670d\u52a1\u7684 DB \u548c RPC \u901a\u4fe1 \u4fdd\u62a4 OpenStack \u7f51\u7edc\u670d\u52a1 \u9879\u76ee\u7f51\u7edc\u670d\u52a1\u5de5\u4f5c\u6d41 \u7f51\u7edc\u8d44\u6e90\u7b56\u7565\u5f15\u64ce \u5b89\u5168\u7ec4 \u914d\u989d \u7f13\u89e3 ARP \u6b3a\u9a97 \u68c0\u67e5\u8868 Check-Neutron-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/neutron\uff1f Check-Neutron-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Neutron-03\uff1aKeystone\u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Neutron-04\uff1a\u662f\u5426\u4f7f\u7528\u5b89\u5168\u534f\u8bae\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Neutron-05\uff1aNeutron API \u670d\u52a1\u5668\u4e0a\u662f\u5426\u542f\u7528\u4e86 TLS\uff1f \u5bf9\u8c61\u5b58\u50a8 \u7f51\u7edc\u5b89\u5168 \u4e00\u822c\u670d\u52a1\u5b89\u5168 \u4ee5\u975e root \u7528\u6237\u8eab\u4efd\u8fd0\u884c\u670d\u52a1 \u6587\u4ef6\u6743\u9650 \u4fdd\u62a4\u5b58\u50a8\u670d\u52a1 \u5bf9\u8c61\u5b58\u50a8\u5e10\u6237\u672f\u8bed \u4fdd\u62a4\u4ee3\u7406\u670d\u52a1 HTTP \u76d1\u542c\u7aef\u53e3 \u8d1f\u8f7d\u5747\u8861\u5668 \u5bf9\u8c61\u5b58\u50a8\u8eab\u4efd\u9a8c\u8bc1 TempAuth \u51fd\u6570 Keystone \u5176\u4ed6\u503c\u5f97\u6ce8\u610f\u7684\u4e8b\u9879 \u673a\u5bc6\u7ba1\u7406 \u73b0\u6709\u6280\u672f\u6458\u8981 \u76f8\u5173 Openstack \u9879\u76ee \u4f7f\u7528\u6848\u4f8b \u955c\u50cf\u7b7e\u540d\u9a8c\u8bc1 \u5377\u52a0\u5bc6 \u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6 Sahara Magnum Octavia/LBaaS Swift \u914d\u7f6e\u6587\u4ef6\u4e2d\u7684\u5bc6\u7801 Barbican \u6982\u8ff0 Barbican \u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236 \u673a\u5bc6\u5b58\u50a8\u540e\u7aef \u52a0\u5bc6\u63d2\u4ef6 \u7b80\u5355\u7684\u52a0\u5bc6\u63d2\u4ef6 PKCS#11 \u52a0\u5bc6\u63d2\u4ef6 \u673a\u5bc6\u5b58\u50a8\u63d2\u4ef6 KMIP \u63d2\u4ef6 Dogtag \u63d2\u4ef6 Vault \u63d2\u4ef6 \u5a01\u80c1\u5206\u6790 Castellan \u6982\u8ff0 \u5e38\u89c1\u95ee\u9898\u89e3\u7b54 \u68c0\u67e5\u8868 Check-Key-Manager-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/barbican\uff1f Check-Key-Manager-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Key-Manager-03\uff1aOpenStack Identity \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Key-Manager-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f \u6d88\u606f\u961f\u5217 \u6d88\u606f\u5b89\u5168 \u6d88\u606f\u4f20\u8f93\u5b89\u5168 RabbitMQ \u670d\u52a1\u5668 SSL \u914d\u7f6e Qpid \u670d\u52a1\u5668 SSL \u914d\u7f6e \u961f\u5217\u8ba4\u8bc1\u548c\u8bbf\u95ee\u63a7\u5236 \u8eab\u4efd\u9a8c\u8bc1\u914d\u7f6e\u793a\u4f8b\uff1aRabbitMQ OpenStack \u670d\u52a1\u914d\u7f6e\uff1aRabbitMQ \u8eab\u4efd\u9a8c\u8bc1\u914d\u7f6e\u793a\u4f8b\uff1aQpid OpenStack \u670d\u52a1\u914d\u7f6e\uff1aQpid \u6d88\u606f\u961f\u5217\u8fdb\u7a0b\u9694\u79bb\u548c\u7b56\u7565 \u547d\u540d\u7a7a\u95f4 \u7f51\u7edc\u7b56\u7565 \u5f3a\u5236\u8bbf\u95ee\u63a7\u5236 \u6570\u636e\u5904\u7406 \u6570\u636e\u5904\u7406\u7b80\u4ecb \u67b6\u6784 \u6d89\u53ca\u7684\u6280\u672f \u7528\u6237\u8bbf\u95ee\u8d44\u6e90 \u90e8\u7f72 \u63a7\u5236\u5668\u5bf9\u96c6\u7fa4\u7684\u7f51\u7edc\u8bbf\u95ee \u914d\u7f6e\u548c\u5f3a\u5316 TLS\u7cfb\u7edf \u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236\u7b56\u7565 \u5b89\u5168\u7ec4 \u4ee3\u7406\u57df \u81ea\u5b9a\u4e49\u7f51\u7edc\u62d3\u6251 \u95f4\u63a5\u8bbf\u95ee Rootwrap \u65e5\u5fd7 \u53c2\u8003\u4e66\u76ee \u6570\u636e\u5e93 \u6570\u636e\u5e93\u540e\u7aef\u6ce8\u610f\u4e8b\u9879 \u6570\u636e\u5e93\u540e\u7aef\u7684\u5b89\u5168\u53c2\u8003 \u6570\u636e\u5e93\u8bbf\u95ee\u63a7\u5236 OpenStack \u6570\u636e\u5e93\u8bbf\u95ee\u6a21\u578b \u7cbe\u7ec6\u8bbf\u95ee\u63a7\u5236 Nova-conductor \u6570\u636e\u5e93\u8ba4\u8bc1\u548c\u8bbf\u95ee\u63a7\u5236 \u6743\u9650 \u8981\u6c42\u7528\u6237\u5e10\u6237\u9700\u8981 SSL \u4f20\u8f93 \u914d\u7f6e\u793a\u4f8b #1\uff1a\uff08MySQL\uff09 \u914d\u7f6e\u793a\u4f8b #2\uff1a\uff08PostgreSQL\uff09 OpenStack \u670d\u52a1\u6570\u636e\u5e93\u914d\u7f6e MySQL :sql_connection \u7684\u5b57\u7b26\u4e32\u793a\u4f8b\uff1a \u4f7f\u7528 X.509 \u8bc1\u4e66\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1 \u914d\u7f6e\u793a\u4f8b #1\uff1a\uff08MySQL\uff09 \u914d\u7f6e\u793a\u4f8b #2\uff1a\uff08PostgreSQL\uff09 OpenStack \u670d\u52a1\u6570\u636e\u5e93\u914d\u7f6e Nova-conductor \u6570\u636e\u5e93\u4f20\u8f93\u5b89\u5168\u6027 \u6570\u636e\u5e93\u670d\u52a1\u5668 IP \u5730\u5740\u7ed1\u5b9a \u9650\u5236 MySQL \u7684\u7ed1\u5b9a\u5730\u5740 \u9650\u5236 PostgreSQL \u7684\u76d1\u542c\u5730\u5740 \u6570\u636e\u5e93\u4f20\u8f93 MySQL SSL\u914d\u7f6e PostgreSQL SSL \u914d\u7f6e \u79df\u6237\u6570\u636e\u9690\u79c1 \u6570\u636e\u9690\u79c1\u95ee\u9898 \u6570\u636e\u9a7b\u7559 \u6570\u636e\u5904\u7f6e \u6570\u636e\u672a\u5b89\u5168\u5220\u9664 \u5b9e\u4f8b\u5185\u5b58\u6e05\u7406 Cinder \u5377\u6570\u636e \u955c\u50cf\u670d\u52a1\u5ef6\u65f6\u5220\u9664\u529f\u80fd \u8ba1\u7b97\u8f6f\u5220\u9664\u529f\u80fd \u8ba1\u7b97\u5b9e\u4f8b\u4e34\u65f6\u5b58\u50a8 \u88f8\u673a\u670d\u52a1\u5668\u6e05\u7406 \u6570\u636e\u52a0\u5bc6 \u5377\u52a0\u5bc6 \u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6 \u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61 \u5757\u5b58\u50a8\u6027\u80fd\u548c\u540e\u7aef \u7f51\u7edc\u6570\u636e \u5bc6\u94a5\u7ba1\u7406 \u53c2\u8003\u4e66\u76ee\uff1a \u5b9e\u4f8b\u5b89\u5168\u7ba1\u7406 \u5b9e\u4f8b\u7684\u5b89\u5168\u670d\u52a1 \u5b9e\u4f8b\u7684\u71b5 \u5c06\u5b9e\u4f8b\u8c03\u5ea6\u5230\u8282\u70b9 \u53ef\u4fe1\u955c\u50cf \u955c\u50cf\u521b\u5efa\u8fc7\u7a0b \u6620\u50cf\u7b7e\u540d\u9a8c\u8bc1 \u5b9e\u4f8b\u8fc1\u79fb \u5b9e\u65f6\u8fc1\u79fb\u98ce\u9669 \u5b9e\u65f6\u8fc1\u79fb\u7f13\u89e3\u63aa\u65bd \u7981\u7528\u5b9e\u65f6\u8fc1\u79fb \u8fc1\u79fb\u7f51\u7edc \u52a0\u5bc6\u5b9e\u65f6\u8fc1\u79fb \u76d1\u63a7\u3001\u544a\u8b66\u548c\u62a5\u544a \u66f4\u65b0\u548c\u8865\u4e01 \u9632\u706b\u5899\u548c\u5176\u4ed6\u57fa\u4e8e\u4e3b\u673a\u7684\u5b89\u5168\u63a7\u5236 \u76d1\u89c6\u548c\u65e5\u5fd7\u8bb0\u5f55 \u53d6\u8bc1\u548c\u4e8b\u4ef6\u54cd\u5e94 \u76d1\u63a7\u7528\u4f8b \u53c2\u8003\u4e66\u76ee \u5408\u89c4 \u5408\u89c4\u6027\u6982\u8ff0 \u5b89\u5168\u539f\u5219 \u5206\u5c42\u9632\u5fa1 \u5b89\u5168\u5931\u8d25 \u6700\u5c0f\u6743\u9650 \u5206\u9694 \u4fc3\u8fdb\u9690\u79c1 \u65e5\u5fd7\u8bb0\u5f55\u80fd\u529b \u5e38\u7528\u63a7\u5236\u6846\u67b6 \u5ba1\u8ba1\u53c2\u8003 \u4e86\u89e3\u5ba1\u6838\u6d41\u7a0b \u786e\u5b9a\u5ba1\u8ba1\u8303\u56f4 \u5ba1\u8ba1\u7684\u9636\u6bb5 \u5185\u90e8\u5ba1\u8ba1 \u51c6\u5907\u5916\u90e8\u5ba1\u8ba1 \u5916\u90e8\u5ba1\u8ba1 \u5408\u89c4\u6027\u7ef4\u62a4 \u5408\u89c4\u6d3b\u52a8 \u4fe1\u606f\u5b89\u5168\u7ba1\u7406\u7cfb\u7edf \uff08ISMS\uff09 \u98ce\u9669\u8bc4\u4f30 \u8bbf\u95ee\u548c\u65e5\u5fd7\u5ba1\u67e5 \u5907\u4efd\u548c\u707e\u96be\u6062\u590d \u5b89\u5168\u57f9\u8bad \u5b89\u5168\u5ba1\u67e5 \u6f0f\u6d1e\u7ba1\u7406 \u6570\u636e\u5206\u7c7b \u5f02\u5e38\u8fc7\u7a0b \u8ba4\u8bc1\u548c\u5408\u89c4\u58f0\u660e \u5546\u4e1a\u6807\u51c6 SOC 1 \uff08SSAE 16\uff09 / ISAE 3402 SOC 2 \u51fd\u6570 SOC 3 \u51fd\u6570 ISO 27001/2 \u8ba4\u8bc1 HIPAA / HITECH PCI-DSS \u653f\u5e9c\u6807\u51c6 FedRAMP ITAR FISMA \u9690\u79c1 \u5b89\u5168\u5ba1\u67e5 \u67b6\u6784\u9875\u9762\u6307\u5357 \u6807\u9898\u3001\u7248\u672c\u4fe1\u606f\u3001\u8054\u7cfb\u65b9\u5f0f \u9879\u76ee\u63cf\u8ff0\u548c\u76ee\u7684 \u4e3b\u8981\u7528\u6237\u548c\u7528\u4f8b \u5916\u90e8\u4f9d\u8d56\u548c\u76f8\u5173\u7684\u5b89\u5168\u5047\u8bbe \u7ec4\u4ef6 \u670d\u52a1\u67b6\u6784\u56fe \u6570\u636e\u8d44\u4ea7 \u6570\u636e\u8d44\u4ea7\u5f71\u54cd\u5206\u6790 \u63a5\u53e3 \u8d44\u6e90 \u5b89\u5168\u68c0\u67e5\u8868 \u9644\u5f55 \u793e\u533a\u652f\u6301 \u6587\u6863 OpenStack wiki Launchpad bug \u533a\u57df \u6587\u6863\u53cd\u9988 OpenStack IRC \u9891\u9053 OpenStack \u90ae\u4ef6\u5217\u8868 OpenStack \u53d1\u884c\u5305 \u8bcd\u6c47\u8868 0-9 A B C D E F G H I J K M N O P Q R S T U V W X Y Z \u6458\u8981 \u00b6 \u672c\u4e66\u63d0\u4f9b\u4e86\u6709\u5173\u4fdd\u62a4OpenStack\u4e91\u7684\u6700\u4f73\u5b9e\u8df5\u548c\u6982\u5ff5\u4fe1\u606f\u3002 \u672c\u6307\u5357\u6700\u540e\u4e00\u6b21\u66f4\u65b0\u662f\u5728Train\u53d1\u5e03\u671f\u95f4\uff0c\u8bb0\u5f55\u4e86OpenStack Train\u3001Stein\u548cRocky\u7248\u672c\u3002\u5b83\u53ef\u80fd\u4e0d\u9002\u7528\u4e8eEOL\u7248\u672c\uff08\u4f8b\u5982Newton\uff09\u3002\u6211\u4eec\u5efa\u8bae\u60a8\u5728\u8ba1\u5212\u4e3a\u60a8\u7684OpenStack\u4e91\u5b9e\u65bd\u5b89\u5168\u63aa\u65bd\u65f6\uff0c\u81ea\u884c\u9605\u8bfb\u672c\u6587\u3002\u672c\u6307\u5357\u4ec5\u4f9b\u53c2\u8003\u3002OpenStack\u5b89\u5168\u56e2\u961f\u57fa\u4e8eOpenStack\u793e\u533a\u7684\u81ea\u613f\u8d21\u732e\u3002\u60a8\u53ef\u4ee5\u5728OFTC IRC\u4e0a\u7684#OpenStack-Security\u9891\u9053\u4e2d\u76f4\u63a5\u8054\u7cfb\u5b89\u5168\u793e\u533a\uff0c\u6216\u8005\u901a\u8fc7\u5411OpenStack-Discussion\u90ae\u4ef6\u5217\u8868\u53d1\u9001\u4e3b\u9898\u6807\u9898\u4e2d\u5e26\u6709[Security]\u524d\u7f00\u7684\u90ae\u4ef6\u6765\u8054\u7cfb\u3002 \u5185\u5bb9 \u00b6 \u7ea6\u5b9a \u901a\u77e5 \u547d\u4ee4\u63d0\u793a\u7b26 \u4ecb\u7ecd \u786e\u5b9a \u6211\u4eec\u4e3a\u4ec0\u4e48\u4ee5\u53ca\u5982\u4f55\u5199\u8fd9\u672c\u4e66 OpenStack\u7b80\u4ecb \u5b89\u5168\u8fb9\u754c\u548c\u5a01\u80c1 \u9009\u62e9\u652f\u6301\u8f6f\u4ef6 \u7cfb\u7edf\u6587\u6863 \u7cfb\u7edf\u6587\u6863\u8981\u6c42 \u7ba1\u7406 \u6301\u7eed\u7684\u7cfb\u7edf\u7ba1\u7406 \u5b8c\u6574\u6027\u751f\u547d\u5468\u671f \u7ba1\u7406\u754c\u9762 \u5b89\u5168\u901a\u4fe1 TLS\u548cSSL\u7b80\u4ecb TLS\u4ee3\u7406\u548cHTTP\u670d\u52a1 \u5b89\u5168\u53c2\u8003\u67b6\u6784 \u7aef\u70b9 APL\u7aef\u70b9\u914d\u7f6e\u5efa\u8bae \u8eab\u4efd \u8ba4\u8bc1 \u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5 \u6388\u6743 \u653f\u7b56 \u4ee4\u724c \u57df \u8054\u5408\u68af\u5f62\u5931\u771f \u6e05\u5355 \u4eea\u8868\u677f \u57df\u540d\u3001\u4eea\u8868\u677f\u5347\u7ea7\u548c\u57fa\u672cWeb\u670d\u52a1\u5668\u914d\u7f6e HTTPS\u3001HSTS\u3001XSS\u548cSSRF \u524d\u7aef\u7f13\u5b58\u548c\u4f1a\u8bdd\u540e\u7aef \u9759\u6001\u5a92\u4f53 \u5bc6\u7801 \u5bc6\u94a5 \u7f51\u7ad9\u6570\u636e \u8de8\u57df\u8d44\u6e90\u5171\u4eab \uff08CORS\uff09 \u8c03\u8bd5 \u68c0\u67e5\u8868 \u8ba1\u7b97 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u9009\u62e9 \u5f3a\u5316\u865a\u62df\u5316\u5c42 \u5f3a\u5316\u8ba1\u7b97\u90e8\u7f72 \u6f0f\u6d1e\u610f\u8bc6 \u5982\u4f55\u9009\u62e9\u865a\u62df\u63a7\u5236\u53f0 \u68c0\u67e5\u8868 \u5757\u5b58\u50a8 \u97f3\u91cf\u64e6\u9664 \u68c0\u67e5\u8868 \u56fe\u50cf\u5b58\u50a8 \u68c0\u67e5\u8868 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf \u4ecb\u7ecd \u7f51\u7edc\u548c\u5b89\u5168\u6a21\u578b \u5b89\u5168\u670d\u52a1 \u5171\u4eab\u8bbf\u95ee\u63a7\u5236 \u5171\u4eab\u7c7b\u578b\u8bbf\u95ee\u63a7\u5236 \u653f\u7b56 \u68c0\u67e5\u8868 \u8054\u7f51 \u7f51\u7edc\u67b6\u6784 \u7f51\u7edc\u670d\u52a1 \u7f51\u7edc\u670d\u52a1\u5b89\u5168\u6700\u4f73\u505a\u6cd5 \u4fdd\u62a4 OpenStack \u7f51\u7edc\u670d\u52a1 \u68c0\u67e5\u8868 \u5bf9\u8c61\u5b58\u50a8 \u7f51\u7edc\u5b89\u5168 \u4e00\u822c\u4e8b\u52a1\u5b89\u5168 \u4fdd\u62a4\u5b58\u50a8\u670d\u52a1 \u4fdd\u62a4\u4ee3\u7406\u670d\u52a1 \u5bf9\u8c61\u5b58\u50a8\u8eab\u4efd\u9a8c\u8bc1 \u5176\u4ed6\u503c\u5f97\u6ce8\u610f\u7684\u9879\u76ee \u673a\u5bc6\u7ba1\u7406 \u73b0\u6709\u6280\u672f\u6458\u8981 \u76f8\u5173 Openstack \u9879\u76ee \u4f7f\u7528\u6848\u4f8b \u5bc6\u94a5\u7ba1\u7406\u670d\u52a1 \u5bc6\u94a5\u7ba1\u7406\u63a5\u53e3 \u5e38\u89c1\u95ee\u9898\u89e3\u7b54 \u68c0\u67e5\u8868 \u6d88\u606f\u961f\u5217 \u90ae\u4ef6\u5b89\u5168 \u6570\u636e\u5904\u7406 \u6570\u636e\u5904\u7406\u7b80\u4ecb \u90e8\u7f72 \u914d\u7f6e\u548c\u5f3a\u5316 \u6570\u636e\u5e93 \u6570\u636e\u5e93\u540e\u7aef\u6ce8\u610f\u4e8b\u9879 \u6570\u636e\u5e93\u8bbf\u95ee\u63a7\u5236 \u6570\u636e\u5e93\u4f20\u8f93\u5b89\u5168\u6027 \u79df\u6237\u6570\u636e\u9690\u79c1 \u6570\u636e\u9690\u79c1\u95ee\u9898 \u6570\u636e\u52a0\u5bc6 \u5bc6\u94a5\u7ba1\u7406 \u5b9e\u4f8b\u5b89\u5168\u7ba1\u7406 \u5b9e\u4f8b\u7684\u5b89\u5168\u670d\u52a1 \u76d1\u89c6\u548c\u65e5\u5fd7\u8bb0\u5f55 \u53d6\u8bc1\u548c\u4e8b\u4ef6\u54cd\u5e94 \u5408\u89c4 \u5408\u89c4\u6027\u6982\u8ff0 \u4e86\u89e3\u5ba1\u6838\u6d41\u7a0b \u5408\u89c4\u6d3b\u52a8 \u8ba4\u8bc1\u548c\u5408\u89c4\u58f0\u660e \u9690\u79c1 \u5b89\u5168\u5ba1\u67e5 \u4f53\u7cfb\u7ed3\u6784\u9875\u9762\u6307\u5357 \u5b89\u5168\u68c0\u67e5\u8868 \u9644\u5f55 \u793e\u533a\u652f\u6301 \u8bcd\u6c47\u8868 \u7ea6\u5b9a \u00b6 OpenStack \u6587\u6863\u4f7f\u7528\u4e86\u51e0\u79cd\u6392\u7248\u7ea6\u5b9a\u3002 \u6ce8\u610f\u4e8b\u9879 \u00b6 \u6ce8\u610f \u5e26\u6709\u9644\u52a0\u4fe1\u606f\u7684\u6ce8\u91ca\uff0c\u7528\u4e8e\u89e3\u91ca\u6587\u672c\u7684\u67d0\u4e00\u90e8\u5206\u3002 \u91cd\u8981 \u5728\u7ee7\u7eed\u4e4b\u524d\uff0c\u60a8\u5fc5\u987b\u6ce8\u610f\u8fd9\u4e00\u70b9\u3002 \u63d0\u793a \u4e00\u4e2a\u989d\u5916\u4f46\u6709\u7528\u7684\u5b9e\u7528\u5efa\u8bae\u3002 \u8b66\u793a \u9632\u6b62\u7528\u6237\u72af\u9519\u8bef\u7684\u6709\u7528\u4fe1\u606f\u3002 \u8b66\u544a \u6709\u5173\u6570\u636e\u4e22\u5931\u98ce\u9669\u6216\u5b89\u5168\u95ee\u9898\u7684\u5173\u952e\u4fe1\u606f\u3002 \u547d\u4ee4\u63d0\u793a\u7b26 \u00b6 $ command \u4efb\u4f55\u7528\u6237\uff08\u5305\u62ecroot\u7528\u6237\uff09\u90fd\u53ef\u4ee5\u8fd0\u884c\u4ee5$\u63d0\u793a\u7b26\u4e3a\u524d\u7f00\u7684\u547d\u4ee4\u3002 # command root\u7528\u6237\u5fc5\u987b\u8fd0\u884c\u524d\u7f00\u4e3a#\u63d0\u793a\u7b26\u7684\u547d\u4ee4\u3002\u60a8\u8fd8\u53ef\u4ee5\u5728\u8fd9\u4e9b\u547d\u4ee4\u524d\u9762\u52a0\u4e0asudo\u547d\u4ee4\uff08\u5982\u679c\u53ef\u7528\uff09\uff0c\u4ee5\u8fd0\u884c\u8fd9\u4e9b\u547d\u4ee4\u3002 \u4ecb\u7ecd \u00b6 \u300aOpenStack \u5b89\u5168\u6307\u5357\u300b\u662f\u8bb8\u591a\u4eba\u7ecf\u8fc7\u4e94\u5929\u534f\u4f5c\u7684\u6210\u679c\u3002\u672c\u6587\u6863\u65e8\u5728\u63d0\u4f9b\u90e8\u7f72\u5b89\u5168 OpenStack \u4e91\u7684\u6700\u4f73\u5b9e\u8df5\u6307\u5357\u3002\u5b83\u65e8\u5728\u53cd\u6620OpenStack\u793e\u533a\u7684\u5f53\u524d\u5b89\u5168\u72b6\u6001\uff0c\u5e76\u4e3a\u7531\u4e8e\u590d\u6742\u6027\u6216\u5176\u4ed6\u7279\u5b9a\u4e8e\u73af\u5883\u7684\u7ec6\u8282\u800c\u65e0\u6cd5\u5217\u51fa\u7279\u5b9a\u5b89\u5168\u63a7\u5236\u63aa\u65bd\u7684\u51b3\u7b56\u63d0\u4f9b\u6846\u67b6\u3002 \u81f4\u8c22 \u6211\u4eec\u4e3a\u4ec0\u4e48\u4ee5\u53ca\u5982\u4f55\u5199\u8fd9\u672c\u4e66 \u76ee\u6807 \u5982\u4f55 OpenStack \u7b80\u4ecb \u4e91\u7c7b\u578b OpenStack \u670d\u52a1\u6982\u8ff0 \u5b89\u5168\u8fb9\u754c\u548c\u5a01\u80c1 \u5b89\u5168\u57df \u6865\u63a5\u5b89\u5168\u57df \u5a01\u80c1\u5206\u7c7b\u3001\u53c2\u4e0e\u8005\u548c\u653b\u51fb\u5a92\u4ecb \u9009\u62e9\u652f\u6301\u8f6f\u4ef6 \u56e2\u961f\u4e13\u957f \u4ea7\u54c1\u6216\u9879\u76ee\u6210\u719f\u5ea6 \u901a\u7528\u6807\u51c6 \u786c\u4ef6\u95ee\u9898 \u81f4\u8c22 \u00b6 OpenStack \u5b89\u5168\u7ec4\u8981\u611f\u8c22\u4ee5\u4e0b\u7ec4\u7ec7\u7684\u8d21\u732e\uff0c\u4ed6\u4eec\u4e3a\u672c\u4e66\u7684\u51fa\u7248\u505a\u51fa\u4e86\u8d21\u732e\u3002\u8fd9\u4e9b\u7ec4\u7ec7\u662f\uff1a \u6211\u4eec\u4e3a\u4ec0\u4e48\u4ee5\u53ca\u5982\u4f55\u5199\u8fd9\u672c\u4e66 \u00b6 \u968f\u7740 OpenStack \u7684\u666e\u53ca\u548c\u4ea7\u54c1\u6210\u719f\uff0c\u5b89\u5168\u6027\u5df2\u6210\u4e3a\u91cd\u4e2d\u4e4b\u91cd\u3002OpenStack \u5b89\u5168\u7ec4\u5df2\u7ecf\u8ba4\u8bc6\u5230\u9700\u8981\u4e00\u4e2a\u5168\u9762\u800c\u6743\u5a01\u7684\u5b89\u5168\u6307\u5357\u3002\u300aOpenStack \u5b89\u5168\u6307\u5357\u300b\u65e8\u5728\u6982\u8ff0\u63d0\u9ad8 OpenStack \u90e8\u7f72\u5b89\u5168\u6027\u7684\u5b89\u5168\u6700\u4f73\u5b9e\u8df5\u3001\u6307\u5357\u548c\u5efa\u8bae\u3002\u4f5c\u8005\u5e26\u6765\u4e86\u4ed6\u4eec\u5728\u5404\u79cd\u73af\u5883\u4e2d\u90e8\u7f72\u548c\u4fdd\u62a4 OpenStack \u7684\u4e13\u4e1a\u77e5\u8bc6\u3002 \u672c\u6307\u5357\u662f\u5bf9\u300aOpenStack \u64cd\u4f5c\u6307\u5357\u300b\u7684\u8865\u5145\uff0c\u53ef\u7528\u4e8e\u5f3a\u5316\u73b0\u6709\u7684 OpenStack \u90e8\u7f72\u6216\u8bc4\u4f30 OpenStack \u4e91\u63d0\u4f9b\u5546\u7684\u5b89\u5168\u63a7\u5236\u3002 \u76ee\u6807 \u00b6 \u8bc6\u522b OpenStack \u4e2d\u7684\u5b89\u5168\u57df \u63d0\u4f9b\u4fdd\u62a4 OpenStack \u90e8\u7f72\u7684\u6307\u5bfc \u5f3a\u8c03\u5f53\u4eca OpenStack \u4e2d\u7684\u5b89\u5168\u95ee\u9898\u548c\u6f5c\u5728\u7684\u7f13\u89e3\u63aa\u65bd \u8ba8\u8bba\u5373\u5c06\u63a8\u51fa\u7684\u5b89\u5168\u529f\u80fd \u4e3a\u77e5\u8bc6\u83b7\u53d6\u548c\u4f20\u64ad\u63d0\u4f9b\u793e\u533a\u9a71\u52a8\u7684\u8bbe\u65bd \u5199\u4f5c\u8bb0\u5f55 \u00b6 \u4e0e\u300aOpenStack \u64cd\u4f5c\u6307\u5357\u300b\u4e00\u6837\uff0c\u6211\u4eec\u9075\u5faa\u4e86\u672c\u4e66\u7684\u51b2\u523a\u65b9\u6cd5\u3002\u4e66\u7c4d\u51b2\u523a\u8fc7\u7a0b\u5141\u8bb8\u5feb\u901f\u5f00\u53d1\u548c\u5236\u4f5c\u5927\u91cf\u4e66\u9762\u4f5c\u54c1\u3002OpenStack \u5b89\u5168\u7ec4\u7684\u534f\u8c03\u5458\u91cd\u65b0\u9080\u8bf7\u4e86 Adam Hyde \u4f5c\u4e3a\u534f\u8c03\u4eba\u3002\u8be5\u9879\u76ee\u5728\u4fc4\u52d2\u5188\u5dde\u6ce2\u7279\u5170\u5e02\u7684OpenStack\u5cf0\u4f1a\u4e0a\u6b63\u5f0f\u5ba3\u5e03\u3002 \u7531\u4e8e\u8be5\u5c0f\u7ec4\u7684\u4e00\u4e9b\u5173\u952e\u6210\u5458\u79bb\u5f97\u5f88\u8fd1\uff0c\u8be5\u56e2\u961f\u805a\u96c6\u5728\u9a6c\u91cc\u5170\u5dde\u5b89\u7eb3\u6ce2\u5229\u65af\u3002\u8fd9\u662f\u516c\u5171\u90e8\u95e8\u60c5\u62a5\u754c\u6210\u5458\u3001\u7845\u8c37\u521d\u521b\u516c\u53f8\u548c\u4e00\u4e9b\u5927\u578b\u77e5\u540d\u79d1\u6280\u516c\u53f8\u4e4b\u95f4\u7684\u975e\u51e1\u5408\u4f5c\u3002\u8be5\u4e66\u7684\u51b2\u523a\u57282013\u5e746\u6708\u7684\u6700\u540e\u4e00\u5468\u8fdb\u884c\uff0c\u7b2c\u4e00\u7248\u5728\u4e94\u5929\u5185\u5b8c\u6210\u3002 \u8be5\u56e2\u961f\u5305\u62ec\uff1a Bryan D. Payne\uff0c\u661f\u4e91 Bryan D. Payne \u535a\u58eb\u662f Nebula \u7684\u5b89\u5168\u7814\u7a76\u603b\u76d1\uff0c\u4e5f\u662f OpenStack \u5b89\u5168\u7ec4\u7ec7 \uff08OSSG\uff09 \u7684\u8054\u5408\u521b\u59cb\u4eba\u3002\u5728\u52a0\u5165 Nebula \u4e4b\u524d\uff0c\u4ed6\u66fe\u5728\u6851\u8fea\u4e9a\u56fd\u5bb6\u5b9e\u9a8c\u5ba4\u3001\u56fd\u5bb6\u5b89\u5168\u5c40\u3001BAE Systems \u548c IBM \u7814\u7a76\u9662\u5de5\u4f5c\u3002\u4ed6\u6bd5\u4e1a\u4e8e\u4f50\u6cbb\u4e9a\u7406\u5de5\u5b66\u9662\u8ba1\u7b97\u673a\u5b66\u9662\uff0c\u83b7\u5f97\u8ba1\u7b97\u673a\u79d1\u5b66\u535a\u58eb\u5b66\u4f4d\uff0c\u4e13\u653b\u7cfb\u7edf\u5b89\u5168\u3002Bryan \u662f\u300aOpenStack \u5b89\u5168\u6307\u5357\u300b\u7684\u7f16\u8f91\u548c\u8d1f\u8d23\u4eba\uff0c\u8d1f\u8d23\u8be5\u6307\u5357\u5728\u7f16\u5199\u540e\u7684\u4e24\u5e74\u4e2d\u6301\u7eed\u589e\u957f\u3002 Robert Clark\uff0c\u60e0\u666e Robert Clark \u662f\u60e0\u666e\u4e91\u670d\u52a1\u7684\u9996\u5e2d\u5b89\u5168\u67b6\u6784\u5e08\uff0c\u4e5f\u662f OpenStack \u5b89\u5168\u7ec4\u7ec7 \uff08OSSG\uff09 \u7684\u8054\u5408\u521b\u59cb\u4eba\u3002\u5728\u88ab\u60e0\u666e\u62db\u52df\u4e4b\u524d\uff0c\u4ed6\u66fe\u5728\u82f1\u56fd\u60c5\u62a5\u754c\u5de5\u4f5c\u3002Robert \u5728\u5a01\u80c1\u5efa\u6a21\u3001\u5b89\u5168\u67b6\u6784\u548c\u865a\u62df\u5316\u6280\u672f\u65b9\u9762\u62e5\u6709\u6df1\u539a\u7684\u80cc\u666f\u3002Robert \u62e5\u6709\u5a01\u5c14\u58eb\u5927\u5b66\u7684\u8f6f\u4ef6\u5de5\u7a0b\u7855\u58eb\u5b66\u4f4d\u3002 Keith Basil \uff0c\u7ea2\u5e3d Keith Basil \u662f\u7ea2\u5e3d OpenStack \u7684\u9996\u5e2d\u4ea7\u54c1\u7ecf\u7406\uff0c\u4e13\u6ce8\u4e8e\u7ea2\u5e3d\u7684 OpenStack \u4ea7\u54c1\u7ba1\u7406\u3001\u5f00\u53d1\u548c\u6218\u7565\u3002\u5728\u7f8e\u56fd\u516c\u5171\u90e8\u95e8\uff0cBasil \u5e26\u6765\u4e86\u4e3a\u8054\u90a6\u6c11\u7528\u673a\u6784\u548c\u627f\u5305\u5546\u8bbe\u8ba1\u6388\u6743\u3001\u5b89\u5168\u3001\u9ad8\u6027\u80fd\u4e91\u67b6\u6784\u7684\u7ecf\u9a8c\u3002 Cody Bunch\uff0c\u62c9\u514b\u7a7a\u95f4 Cody Bunch \u662f Rackspace \u7684\u79c1\u6709\u4e91\u67b6\u6784\u5e08\u3002Cody \u4e0e\u4eba\u5408\u8457\u4e86\u300aThe OpenStack Cookbook\u300b\u7684\u66f4\u65b0\u4ee5\u53ca\u6709\u5173 VMware \u81ea\u52a8\u5316\u7684\u4e66\u7c4d\u3002 Malini Bhandaru\uff0c\u82f1\u7279\u5c14 Malini Bhandaru \u662f\u82f1\u7279\u5c14\u7684\u4e00\u540d\u5b89\u5168\u67b6\u6784\u5e08\u3002\u5979\u62e5\u6709\u591a\u5143\u5316\u7684\u80cc\u666f\uff0c\u66fe\u5728\u82f1\u7279\u5c14\u4ece\u4e8b\u5e73\u53f0\u529f\u80fd\u548c\u6027\u80fd\u65b9\u9762\u7684\u5de5\u4f5c\uff0c\u5728 Nuance \u4ece\u4e8b\u8bed\u97f3\u4ea7\u54c1\u65b9\u9762\u7684\u5de5\u4f5c\uff0c\u5728 ComBrio \u4ece\u4e8b\u8fdc\u7a0b\u76d1\u63a7\u548c\u7ba1\u7406\u5de5\u4f5c\uff0c\u5728 Verizon \u4ece\u4e8b\u7f51\u7edc\u5546\u52a1\u5de5\u4f5c\u3002\u5979\u62e5\u6709\u9a6c\u8428\u8bf8\u585e\u5927\u5b66\u963f\u9ed8\u65af\u7279\u5206\u6821\u7684\u4eba\u5de5\u667a\u80fd\u535a\u58eb\u5b66\u4f4d\u3002 Gregg Tally\uff0c\u7ea6\u7ff0\u970d\u666e\u91d1\u65af\u5927\u5b66\u5e94\u7528\u7269\u7406\u5b9e\u9a8c\u5ba4 Gregg Tally \u662f JHU/APL \u7f51\u7edc\u7cfb\u7edf\u90e8\u95e8\u975e\u5bf9\u79f0\u8fd0\u8425\u90e8\u7684\u603b\u5de5\u7a0b\u5e08\u3002\u4ed6\u4e3b\u8981\u4ece\u4e8b\u7cfb\u7edf\u5b89\u5168\u5de5\u7a0b\u65b9\u9762\u7684\u5de5\u4f5c\u3002\u6b64\u524d\uff0c\u4ed6\u66fe\u5728\u65af\u5df4\u8fbe\u3001\u8fc8\u514b\u83f2\u548c\u53ef\u4fe1\u4fe1\u606f\u7cfb\u7edf\u516c\u53f8\u5de5\u4f5c\uff0c\u53c2\u4e0e\u7f51\u7edc\u5b89\u5168\u7814\u7a76\u9879\u76ee\u3002 Eric Lopez, \u5a01\u777f Eric Lopez \u662f VMware \u7f51\u7edc\u548c\u5b89\u5168\u4e1a\u52a1\u90e8\u95e8\u7684\u9ad8\u7ea7\u89e3\u51b3\u65b9\u6848\u67b6\u6784\u5e08\uff0c\u4ed6\u5e2e\u52a9\u5ba2\u6237\u5b9e\u65bd OpenStack \u548c VMware NSX\uff08\u4ee5\u524d\u79f0\u4e3a Nicira \u7684\u7f51\u7edc\u865a\u62df\u5316\u5e73\u53f0\uff09\u3002\u5728\u52a0\u5165 VMware\uff08\u901a\u8fc7\u516c\u53f8\u6536\u8d2d Nicira\uff09\u4e4b\u524d\uff0c\u4ed6\u66fe\u5728 Q1 Labs\u3001Symantec\u3001Vontu \u548c Brightmail \u5de5\u4f5c\u3002\u4ed6\u62e5\u6709\u52a0\u5dde\u5927\u5b66\u4f2f\u514b\u5229\u5206\u6821\u7684\u7535\u6c14\u5de5\u7a0b/\u8ba1\u7b97\u673a\u79d1\u5b66\u548c\u6838\u5de5\u7a0b\u5b66\u58eb\u5b66\u4f4d\u548c\u65e7\u91d1\u5c71\u5927\u5b66\u7684\u5de5\u5546\u7ba1\u7406\u7855\u58eb\u5b66\u4f4d\u3002 Shawn Wells\uff0c\u7ea2\u5e3d Shawn Wells \u662f\u7ea2\u5e3d\u521b\u65b0\u9879\u76ee\u603b\u76d1\uff0c\u4e13\u6ce8\u4e8e\u6539\u8fdb\u7f8e\u56fd\u653f\u5e9c\u5185\u90e8\u91c7\u7528\u3001\u4fc3\u8fdb\u548c\u7ba1\u7406\u5f00\u6e90\u6280\u672f\u7684\u6d41\u7a0b\u3002\u6b64\u5916\uff0cShawn \u8fd8\u662f SCAP \u5b89\u5168\u6307\u5357\u9879\u76ee\u7684\u4e0a\u6e38\u7ef4\u62a4\u8005\uff0c\u8be5\u9879\u76ee\u4e0e\u7f8e\u56fd\u519b\u65b9\u3001NSA \u548c DISA \u4e00\u8d77\u5236\u5b9a\u865a\u62df\u5316\u548c\u64cd\u4f5c\u7cfb\u7edf\u5f3a\u5316\u7b56\u7565\u3002Shawn\u66fe\u662fNSA\u7684\u5e73\u6c11\uff0c\u5229\u7528\u5927\u578b\u5206\u5e03\u5f0f\u8ba1\u7b97\u57fa\u7840\u8bbe\u65bd\u5f00\u53d1\u4e86SIGINT\u6536\u96c6\u7cfb\u7edf\u3002 Ben de Bont\uff0c\u60e0\u666e Ben de Bont \u662f\u60e0\u666e\u4e91\u670d\u52a1\u7684\u9996\u5e2d\u6218\u7565\u5b98\u3002\u5728\u62c5\u4efb\u73b0\u804c\u4e4b\u524d\uff0cBen \u9886\u5bfc MySpace \u7684\u4fe1\u606f\u5b89\u5168\u5c0f\u7ec4\u548c MSN Security \u7684\u4e8b\u4ef6\u54cd\u5e94\u56e2\u961f\u3002Ben \u62e5\u6709\u6606\u58eb\u5170\u79d1\u6280\u5927\u5b66\u7684\u8ba1\u7b97\u673a\u79d1\u5b66\u7855\u58eb\u5b66\u4f4d\u3002 Nathanael Burton\uff0c\u56fd\u5bb6\u5b89\u5168\u5c40 \u7eb3\u5854\u5185\u5c14\u00b7\u4f2f\u987f\uff08Nathanael Burton\uff09\u662f\u7f8e\u56fd\u56fd\u5bb6\u5b89\u5168\u5c40\uff08National Security Agency\uff09\u7684\u8ba1\u7b97\u673a\u79d1\u5b66\u5bb6\u3002\u4ed6\u5728\u8be5\u673a\u6784\u5de5\u4f5c\u4e86 10 \u591a\u5e74\uff0c\u4ece\u4e8b\u5206\u5e03\u5f0f\u7cfb\u7edf\u3001\u5927\u89c4\u6a21\u6258\u7ba1\u3001\u5f00\u6e90\u8ba1\u5212\u3001\u64cd\u4f5c\u7cfb\u7edf\u3001\u5b89\u5168\u3001\u5b58\u50a8\u548c\u865a\u62df\u5316\u6280\u672f\u65b9\u9762\u7684\u5de5\u4f5c\u3002\u4ed6\u62e5\u6709\u5f17\u5409\u5c3c\u4e9a\u7406\u5de5\u5927\u5b66\u7684\u8ba1\u7b97\u673a\u79d1\u5b66\u5b66\u58eb\u5b66\u4f4d\u3002 Vibha Fauver Vibha Fauver\uff0cGWEB\uff0cCISSP\uff0cPMP\uff0c\u5728\u4fe1\u606f\u6280\u672f\u9886\u57df\u62e5\u6709\u8d85\u8fc715\u5e74\u7684\u7ecf\u9a8c\u3002\u5979\u7684\u4e13\u4e1a\u9886\u57df\u5305\u62ec\u8f6f\u4ef6\u5de5\u7a0b\u3001\u9879\u76ee\u7ba1\u7406\u548c\u4fe1\u606f\u5b89\u5168\u3002\u5979\u62e5\u6709\u8ba1\u7b97\u673a\u4e0e\u4fe1\u606f\u79d1\u5b66\u5b66\u58eb\u5b66\u4f4d\u548c\u5de5\u7a0b\u7ba1\u7406\u7855\u58eb\u5b66\u4f4d\uff0c\u4e13\u4e1a\u548c\u7cfb\u7edf\u5de5\u7a0b\u8bc1\u4e66\u3002 Eric Windisch\uff0c\u4e91\u7f29\u653e Eric Windisch \u662f Cloudscaling \u7684\u9996\u5e2d\u5de5\u7a0b\u5e08\uff0c\u4ed6\u4e3a OpenStack \u8d21\u732e\u4e86\u4e24\u5e74\u591a\u3002\u57c3\u91cc\u514b\uff08Eric\uff09\u5728\u7f51\u7edc\u6258\u7ba1\u884c\u4e1a\u62e5\u6709\u5341\u591a\u5e74\u7684\u7ecf\u9a8c\uff0c\u4e00\u76f4\u5728\u654c\u5bf9\u73af\u5883\u7684\u6218\u58d5\u4e2d\uff0c\u5efa\u7acb\u4e86\u79df\u6237\u9694\u79bb\u548c\u57fa\u7840\u8bbe\u65bd\u5b89\u5168\u6027\u3002\u81ea 2007 \u5e74\u4ee5\u6765\uff0c\u4ed6\u4e00\u76f4\u5728\u6784\u5efa\u4e91\u8ba1\u7b97\u57fa\u7840\u8bbe\u65bd\u548c\u81ea\u52a8\u5316\u3002 Andrew Hay\uff0c\u4e91\u9053 Andrew Hay \u662f CloudPassage\uff0c Inc. \u7684\u5e94\u7528\u5b89\u5168\u7814\u7a76\u603b\u76d1\uff0c\u8d1f\u8d23\u9886\u5bfc\u8be5\u516c\u53f8\u53ca\u5176\u4e13\u4e3a\u52a8\u6001\u516c\u6709\u4e91\u3001\u79c1\u6709\u4e91\u548c\u6df7\u5408\u4e91\u6258\u7ba1\u73af\u5883\u6784\u5efa\u7684\u670d\u52a1\u5668\u5b89\u5168\u4ea7\u54c1\u7684\u5b89\u5168\u7814\u7a76\u5de5\u4f5c\u3002 Adam Hyde \u4e9a\u5f53\u4fc3\u6210\u4e86\u8fd9\u4e2a Book Sprint\u3002\u4ed6\u8fd8\u521b\u7acb\u4e86 Book Sprint \u65b9\u6cd5\u8bba\uff0c\u5e76\u4e14\u662f\u6700\u6709\u7ecf\u9a8c\u7684 Book Sprint \u4fc3\u8fdb\u8005\u3002Adam \u521b\u7acb\u4e86 FLOSS Manuals\uff0c\u8fd9\u662f\u4e00\u4e2a\u7531 3,000 \u4eba\u7ec4\u6210\u7684\u793e\u533a\uff0c\u81f4\u529b\u4e8e\u5f00\u53d1\u5173\u4e8e\u81ea\u7531\u8f6f\u4ef6\u7684\u81ea\u7531\u624b\u518c\u3002\u4ed6\u8fd8\u662f Booktype \u7684\u521b\u59cb\u4eba\u548c\u9879\u76ee\u7ecf\u7406\uff0cBooktype \u662f\u4e00\u4e2a\u7528\u4e8e\u5728\u7ebf\u548c\u5370\u5237\u4e66\u7c4d\u7f16\u5199\u3001\u7f16\u8f91\u548c\u51fa\u7248\u7684\u5f00\u6e90\u9879\u76ee\u3002 \u5728\u51b2\u523a\u671f\u95f4\uff0c\u6211\u4eec\u8fd8\u5f97\u5230\u4e86 Anne Gentle\u3001Warren Wang\u3001Paul McMillan\u3001Brian Schott \u548c Lorin Hochstein \u7684\u5e2e\u52a9\u3002 \u8fd9\u672c\u4e66\u662f\u5728\u4e3a\u671f 5 \u5929\u7684\u56fe\u4e66\u51b2\u523a\u4e2d\u5236\u4f5c\u7684\u3002\u56fe\u4e66\u51b2\u523a\u662f\u4e00\u4e2a\u9ad8\u5ea6\u534f\u4f5c\u3001\u4fc3\u8fdb\u7684\u8fc7\u7a0b\uff0c\u5b83\u5c06\u4e00\u4e2a\u5c0f\u7ec4\u805a\u96c6\u5728\u4e00\u8d77\uff0c\u5728 3-5 \u5929\u5185\u5236\u4f5c\u4e00\u672c\u4e66\u3002\u8fd9\u662f\u4e00\u4e2a\u7531\u4e9a\u5f53\u00b7\u6d77\u5fb7\uff08Adam Hyde\uff09\u521b\u7acb\u548c\u53d1\u5c55\u7684\u7279\u5b9a\u65b9\u6cd5\u7684\u6709\u529b\u4fc3\u8fdb\u8fc7\u7a0b\u3002\u6709\u5173\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u8bbf\u95eeBookSprints\u7684Book Sprint\u7f51\u9875\u3002 \u5982\u4f55\u4e3a\u672c\u4e66\u505a\u8d21\u732e \u00b6 \u672c\u4e66\u7684\u6700\u521d\u5de5\u4f5c\u662f\u5728\u4e00\u95f4\u7a7a\u8c03\u8fc7\u9ad8\u7684\u623f\u95f4\u91cc\u8fdb\u884c\u7684\uff0c\u8be5\u623f\u95f4\u662f\u6574\u4e2a\u6587\u6863\u51b2\u523a\u671f\u95f4\u7684\u5c0f\u7ec4\u529e\u516c\u5ba4\u3002 \u8981\u4e86\u89e3\u6709\u5173\u5982\u4f55\u4e3a OpenStack \u6587\u6863\u505a\u51fa\u8d21\u732e\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 OpenStack \u6587\u6863\u8d21\u732e\u8005\u6307\u5357\u3002 OpenStack \u7b80\u4ecb \u00b6 \u672c\u6307\u5357\u63d0\u4f9b\u4e86\u5bf9 OpenStack \u90e8\u7f72\u7684\u5b89\u5168\u89c1\u89e3\u3002\u76ee\u6807\u53d7\u4f17\u662f\u4e91\u67b6\u6784\u5e08\u3001\u90e8\u7f72\u4eba\u5458\u548c\u7ba1\u7406\u5458\u3002\u6b64\u5916\uff0c\u4e91\u7528\u6237\u4f1a\u53d1\u73b0\u8be5\u6307\u5357\u5728\u63d0\u4f9b\u5546\u9009\u62e9\u65b9\u9762\u65e2\u6709\u6559\u80b2\u610f\u4e49\u53c8\u6709\u5e2e\u52a9\uff0c\u800c\u5ba1\u8ba1\u4eba\u5458\u4f1a\u53d1\u73b0\u5b83\u4f5c\u4e3a\u53c2\u8003\u6587\u6863\u5f88\u6709\u7528\uff0c\u53ef\u4ee5\u652f\u6301\u4ed6\u4eec\u7684\u5408\u89c4\u6027\u8ba4\u8bc1\u5de5\u4f5c\u3002\u672c\u6307\u5357\u4e5f\u63a8\u8350\u7ed9\u4efb\u4f55\u5bf9\u4e91\u5b89\u5168\u611f\u5174\u8da3\u7684\u4eba\u3002 \u6bcf\u4e2a OpenStack \u90e8\u7f72\u90fd\u5305\u542b\u5404\u79cd\u5404\u6837\u7684\u6280\u672f\uff0c\u5305\u62ec Linux \u53d1\u884c\u7248\u3001\u6570\u636e\u5e93\u7cfb\u7edf\u3001\u6d88\u606f\u961f\u5217\u3001OpenStack \u7ec4\u4ef6\u672c\u8eab\u3001\u8bbf\u95ee\u63a7\u5236\u7b56\u7565\u3001\u65e5\u5fd7\u8bb0\u5f55\u670d\u52a1\u3001\u5b89\u5168\u76d1\u63a7\u5de5\u5177\u7b49\u7b49\u3002\u6240\u6d89\u53ca\u7684\u5b89\u5168\u95ee\u9898\u540c\u6837\u591a\u79cd\u591a\u6837\u4e5f\u5c31\u4e0d\u8db3\u4e3a\u5947\u4e86\uff0c\u5bf9\u8fd9\u4e9b\u95ee\u9898\u7684\u6df1\u5165\u5206\u6790\u9700\u8981\u4e00\u4e9b\u6307\u5357\u3002\u6211\u4eec\u52aa\u529b\u5bfb\u627e\u5e73\u8861\u70b9\uff0c\u63d0\u4f9b\u8db3\u591f\u7684\u80cc\u666f\u4fe1\u606f\u6765\u7406\u89e3OpenStack\u5b89\u5168\u95ee\u9898\u53ca\u5176\u5904\u7406\uff0c\u5e76\u4e3a\u8fdb\u4e00\u6b65\u7684\u4fe1\u606f\u63d0\u4f9b\u5916\u90e8\u53c2\u8003\u3002\u8be5\u6307\u5357\u53ef\u4ee5\u4ece\u5934\u5230\u5c3e\u9605\u8bfb\uff0c\u4e5f\u53ef\u4ee5\u50cf\u53c2\u8003\u4e00\u6837\u4f7f\u7528\u3002 \u6211\u4eec\u7b80\u8981\u4ecb\u7ecd\u4e86\u4e91\u7684\u79cd\u7c7b\uff08\u79c1\u6709\u4e91\u3001\u516c\u6709\u4e91\u548c\u6df7\u5408\u4e91\uff09\uff0c\u7136\u540e\u5728\u672c\u7ae0\u7684\u5176\u4f59\u90e8\u5206\u6982\u8ff0\u4e86 OpenStack \u7ec4\u4ef6\u53ca\u5176\u76f8\u5173\u7684\u5b89\u5168\u95ee\u9898\u3002 \u5728\u6574\u672c\u4e66\u4e2d\uff0c\u6211\u4eec\u63d0\u5230\u4e86\u51e0\u79cd\u7c7b\u578b\u7684OpenStack\u4e91\u7528\u6237\uff1a\u7ba1\u7406\u5458\u3001\u64cd\u4f5c\u5458\u548c\u7528\u6237\u3002\u6211\u4eec\u4f7f\u7528\u8fd9\u4e9b\u672f\u8bed\u6765\u6807\u8bc6\u6bcf\u4e2a\u89d2\u8272\u5177\u6709\u7684\u5b89\u5168\u8bbf\u95ee\u7ea7\u522b\uff0c\u5c3d\u7ba1\u5b9e\u9645\u4e0a\uff0c\u6211\u4eec\u77e5\u9053\u4e0d\u540c\u7684\u89d2\u8272\u901a\u5e38\u7531\u540c\u4e00\u4e2a\u4eba\u62c5\u4efb\u3002 \u4e91\u7c7b\u578b \u00b6 OpenStack\u662f\u91c7\u7528\u4e91\u6280\u672f\u7684\u5173\u952e\u63a8\u52a8\u56e0\u7d20\uff0c\u5e76\u5177\u6709\u51e0\u4e2a\u5e38\u89c1\u7684\u90e8\u7f72\u7528\u4f8b\u3002\u8fd9\u4e9b\u6a21\u578b\u901a\u5e38\u79f0\u4e3a\u516c\u5171\u6a21\u578b\u3001\u4e13\u7528\u6a21\u578b\u548c\u6df7\u5408\u6a21\u578b\u3002\u4ee5\u4e0b\u5404\u8282\u4f7f\u7528\u7f8e\u56fd\u56fd\u5bb6\u6807\u51c6\u4e0e\u6280\u672f\u7814\u7a76\u9662 \uff08NIST\uff09 \u5bf9\u4e91\u7684\u5b9a\u4e49\u6765\u4ecb\u7ecd\u8fd9\u4e9b\u9002\u7528\u4e8e OpenStack \u7684\u4e0d\u540c\u7c7b\u578b\u7684\u4e91\u3002 \u516c\u6709\u4e91 \u00b6 \u6839\u636eNIST\u7684\u8bf4\u6cd5\uff0c\u516c\u5171\u4e91\u662f\u57fa\u7840\u8bbe\u65bd\u5411\u516c\u4f17\u5f00\u653e\u4f9b\u6d88\u8d39\u7684\u4e91\u3002OpenStack\u516c\u6709\u4e91\u901a\u5e38\u7531\u670d\u52a1\u63d0\u4f9b\u5546\u8fd0\u884c\uff0c\u53ef\u4f9b\u4e2a\u4eba\u3001\u516c\u53f8\u6216\u4efb\u4f55\u4ed8\u8d39\u5ba2\u6237\u4f7f\u7528\u3002\u9664\u4e86\u591a\u79cd\u5b9e\u4f8b\u7c7b\u578b\u5916\uff0c\u516c\u6709\u4e91\u63d0\u4f9b\u5546\u8fd8\u53ef\u80fd\u516c\u5f00\u4e00\u6574\u5957\u529f\u80fd\uff0c\u4f8b\u5982\u8f6f\u4ef6\u5b9a\u4e49\u7f51\u7edc\u6216\u5757\u5b58\u50a8\u3002 \u5c31\u5176\u6027\u8d28\u800c\u8a00\uff0c\u516c\u6709\u4e91\u9762\u4e34\u66f4\u9ad8\u7684\u98ce\u9669\u3002\u4f5c\u4e3a\u516c\u6709\u4e91\u7684\u4f7f\u7528\u8005\uff0c\u60a8\u5e94\u8be5\u9a8c\u8bc1\u6240\u9009\u63d0\u4f9b\u5546\u662f\u5426\u5177\u6709\u5fc5\u8981\u7684\u8ba4\u8bc1\u3001\u8bc1\u660e\u548c\u5176\u4ed6\u6cd5\u89c4\u6ce8\u610f\u4e8b\u9879\u3002\u4f5c\u4e3a\u516c\u6709\u4e91\u63d0\u4f9b\u5546\uff0c\u6839\u636e\u60a8\u7684\u76ee\u6807\u5ba2\u6237\uff0c\u60a8\u53ef\u80fd\u9700\u8981\u9075\u5b88\u4e00\u9879\u6216\u591a\u9879\u6cd5\u89c4\u3002\u6b64\u5916\uff0c\u5373\u4f7f\u4e0d\u9700\u8981\u6ee1\u8db3\u6cd5\u89c4\u8981\u6c42\uff0c\u63d0\u4f9b\u5546\u4e5f\u5e94\u786e\u4fdd\u79df\u6237\u9694\u79bb\uff0c\u5e76\u4fdd\u62a4\u7ba1\u7406\u57fa\u7840\u7ed3\u6784\u514d\u53d7\u5916\u90e8\u653b\u51fb\u3002 \u79c1\u6709\u4e91 \u00b6 \u5728\u9891\u8c31\u7684\u53e6\u4e00\u7aef\u662f\u79c1\u6709\u4e91\u3002\u6b63\u5982NIST\u6240\u5b9a\u4e49\u7684\u90a3\u6837\uff0c\u79c1\u6709\u4e91\u88ab\u914d\u7f6e\u4e3a\u7531\u591a\u4e2a\u6d88\u8d39\u8005\uff08\u5982\u4e1a\u52a1\u90e8\u95e8\uff09\u7ec4\u6210\u7684\u5355\u4e2a\u7ec4\u7ec7\u72ec\u5360\u4f7f\u7528\u3002\u4e91\u53ef\u80fd\u7531\u7ec4\u7ec7\u3001\u7b2c\u4e09\u65b9\u6216\u5b83\u4eec\u7684\u67d0\u79cd\u7ec4\u5408\u62e5\u6709\u3001\u7ba1\u7406\u548c\u8fd0\u8425\uff0c\u5e76\u4e14\u53ef\u80fd\u5b58\u5728\u4e8e\u672c\u5730\u6216\u5916\u90e8\u3002\u79c1\u6709\u4e91\u7528\u4f8b\u591a\u79cd\u591a\u6837\uff0c\u56e0\u6b64\uff0c\u5b83\u4eec\u5404\u81ea\u7684\u5b89\u5168\u95ee\u9898\u5404\u4e0d\u76f8\u540c\u3002 \u793e\u533a\u4e91 \u00b6 NIST \u5c06\u793e\u533a\u4e91\u5b9a\u4e49\u4e3a\u5176\u57fa\u7840\u7ed3\u6784\u4ec5\u4f9b\u5177\u6709\u5171\u540c\u5173\u6ce8\u70b9\uff08\u4f8b\u5982\uff0c\u4efb\u52a1\u3001\u5b89\u5168\u8981\u6c42\u3001\u7b56\u7565\u6216\u5408\u89c4\u6027\u6ce8\u610f\u4e8b\u9879\uff09\u7684\u7ec4\u7ec7\u7684\u7279\u5b9a\u6d88\u8d39\u8005\u793e\u533a\u4f7f\u7528\u3002\u4e91\u53ef\u80fd\u7531\u793e\u533a\u4e2d\u7684\u4e00\u4e2a\u6216\u591a\u4e2a\u7ec4\u7ec7\u3001\u7b2c\u4e09\u65b9\u6216\u5b83\u4eec\u7684\u67d0\u79cd\u7ec4\u5408\u62e5\u6709\u3001\u7ba1\u7406\u548c\u8fd0\u8425\uff0c\u5e76\u4e14\u5b83\u53ef\u80fd\u5b58\u5728\u4e8e\u672c\u5730\u6216\u5916\u90e8\u3002 \u6df7\u5408\u4e91 \u00b6 NIST\u5c06\u6df7\u5408\u4e91\u5b9a\u4e49\u4e3a\u4e24\u4e2a\u6216\u591a\u4e2a\u4e0d\u540c\u7684\u4e91\u57fa\u7840\u8bbe\u65bd\uff08\u5982\u79c1\u6709\u4e91\u3001\u793e\u533a\u4e91\u6216\u516c\u5171\u4e91\uff09\u7684\u7ec4\u5408\uff0c\u8fd9\u4e9b\u4e91\u57fa\u7840\u8bbe\u65bd\u4ecd\u7136\u662f\u552f\u4e00\u7684\u5b9e\u4f53\uff0c\u4f46\u901a\u8fc7\u6807\u51c6\u5316\u6216\u4e13\u6709\u6280\u672f\u7ed1\u5b9a\u5728\u4e00\u8d77\uff0c\u4ece\u800c\u5b9e\u73b0\u6570\u636e\u548c\u5e94\u7528\u7a0b\u5e8f\u7684\u53ef\u79fb\u690d\u6027\uff0c\u4f8b\u5982\u7528\u4e8e\u4e91\u4e4b\u95f4\u8d1f\u8f7d\u5e73\u8861\u7684\u4e91\u7206\u53d1\u3002\u4f8b\u5982\uff0c\u5728\u7ebf\u96f6\u552e\u5546\u53ef\u80fd\u4f1a\u5728\u5141\u8bb8\u5f39\u6027\u914d\u7f6e\u7684\u516c\u6709\u4e91\u4e0a\u5c55\u793a\u5176\u5e7f\u544a\u548c\u76ee\u5f55\u3002\u8fd9\u5c06\u4f7f\u4ed6\u4eec\u80fd\u591f\u4ee5\u7075\u6d3b\u3001\u5177\u6709\u6210\u672c\u6548\u76ca\u7684\u65b9\u5f0f\u5904\u7406\u5b63\u8282\u6027\u8d1f\u8f7d\u3002\u4e00\u65e6\u5ba2\u6237\u5f00\u59cb\u5904\u7406\u4ed6\u4eec\u7684\u8ba2\u5355\uff0c\u4ed6\u4eec\u5c31\u4f1a\u88ab\u8f6c\u79fb\u5230\u4e00\u4e2a\u66f4\u5b89\u5168\u7684\u79c1\u6709\u4e91\u4e2d\uff0c\u8be5\u79c1\u6709\u4e91\u7b26\u5408PCI\u6807\u51c6\u3002 \u5728\u672c\u6587\u6863\u4e2d\uff0c\u6211\u4eec\u4ee5\u7c7b\u4f3c\u7684\u65b9\u5f0f\u5bf9\u5f85\u793e\u533a\u548c\u6df7\u5408\u4e91\uff0c\u4ec5\u4ece\u5b89\u5168\u89d2\u5ea6\u660e\u786e\u5904\u7406\u516c\u6709\u4e91\u548c\u79c1\u6709\u4e91\u7684\u6781\u7aef\u60c5\u51b5\u3002\u5b89\u5168\u63aa\u65bd\u53d6\u51b3\u4e8e\u90e8\u7f72\u5728\u79c1\u6709\u516c\u5171\u8fde\u7eed\u4f53\u4e0a\u7684\u4f4d\u7f6e\u3002 OpenStack \u670d\u52a1\u6982\u8ff0 \u00b6 OpenStack \u91c7\u7528\u6a21\u5757\u5316\u67b6\u6784\uff0c\u63d0\u4f9b\u4e00\u7ec4\u6838\u5fc3\u670d\u52a1\uff0c\u4ee5\u4fc3\u8fdb\u53ef\u6269\u5c55\u6027\u548c\u5f39\u6027\u4f5c\u4e3a\u6838\u5fc3\u8bbe\u8ba1\u539f\u5219\u3002\u672c\u7ae0\u7b80\u8981\u56de\u987e\u4e86 OpenStack \u7ec4\u4ef6\u3001\u5b83\u4eec\u7684\u7528\u4f8b\u548c\u5b89\u5168\u6ce8\u610f\u4e8b\u9879\u3002 \u8ba1\u7b97 \u00b6 OpenStack Compute \u670d\u52a1 \uff08nova\uff09 \u63d0\u4f9b\u7684\u670d\u52a1\u652f\u6301\u5927\u89c4\u6a21\u7ba1\u7406\u865a\u62df\u673a\u5b9e\u4f8b\u3001\u6258\u7ba1\u591a\u5c42\u5e94\u7528\u7a0b\u5e8f\u7684\u5b9e\u4f8b\u3001\u5f00\u53d1\u6216\u6d4b\u8bd5\u73af\u5883\u3001\u5904\u7406 Hadoop \u96c6\u7fa4\u7684\u201c\u5927\u6570\u636e\u201d\u6216\u9ad8\u6027\u80fd\u8ba1\u7b97\u3002 \u8ba1\u7b97\u670d\u52a1\u901a\u8fc7\u4e0e\u652f\u6301\u7684\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u4ea4\u4e92\u7684\u62bd\u8c61\u5c42\u6765\u4fc3\u8fdb\u8fd9\u79cd\u7ba1\u7406\uff08\u6211\u4eec\u7a0d\u540e\u4f1a\u66f4\u8be6\u7ec6\u5730\u8ba8\u8bba\u8fd9\u4e2a\u95ee\u9898\uff09\u3002 \u5728\u672c\u6307\u5357\u7684\u540e\u9762\u90e8\u5206\uff0c\u6211\u4eec\u5c06\u91cd\u70b9\u4ecb\u7ecd\u865a\u62df\u5316\u5806\u6808\uff0c\u56e0\u4e3a\u5b83\u4e0e\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u76f8\u5173\u3002 \u6709\u5173\u529f\u80fd\u652f\u6301\u7684\u5f53\u524d\u72b6\u6001\u7684\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 OpenStack Hypervisor \u652f\u6301\u77e9\u9635\u3002 \u8ba1\u7b97\u5b89\u5168\u6027\u5bf9\u4e8eOpenStack\u90e8\u7f72\u81f3\u5173\u91cd\u8981\u3002\u5f3a\u5316\u6280\u672f\u5e94\u5305\u62ec\u5bf9\u5f3a\u5b9e\u4f8b\u9694\u79bb\u7684\u652f\u6301\u3001\u8ba1\u7b97\u5b50\u7ec4\u4ef6\u4e4b\u95f4\u7684\u5b89\u5168\u901a\u4fe1\u4ee5\u53ca\u9762\u5411\u516c\u4f17\u7684 API \u7ec8\u7ed3\u70b9\u7684\u590d\u539f\u80fd\u529b\u3002 \u5bf9\u8c61\u5b58\u50a8 \u00b6 OpenStack \u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 \uff08swift\uff09 \u652f\u6301\u5728\u4e91\u4e2d\u5b58\u50a8\u548c\u68c0\u7d22\u4efb\u610f\u6570\u636e\u3002\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u63d0\u4f9b\u672c\u673a API \u548c\u4e9a\u9a6c\u900a\u4e91\u79d1\u6280 S3 \u517c\u5bb9 API\u3002\u8be5\u670d\u52a1\u901a\u8fc7\u6570\u636e\u590d\u5236\u63d0\u4f9b\u9ad8\u5ea6\u7684\u590d\u539f\u80fd\u529b\uff0c\u5e76\u4e14\u53ef\u4ee5\u5904\u7406 PB \u7ea7\u7684\u6570\u636e\u3002 \u8bf7\u52a1\u5fc5\u4e86\u89e3\u5bf9\u8c61\u5b58\u50a8\u4e0d\u540c\u4e8e\u4f20\u7edf\u7684\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u3002\u5bf9\u8c61\u5b58\u50a8\u6700\u9002\u5408\u7528\u4e8e\u9759\u6001\u6570\u636e\uff0c\u4f8b\u5982\u5a92\u4f53\u6587\u4ef6\uff08MP3\u3001\u56fe\u50cf\u6216\u89c6\u9891\uff09\u3001\u865a\u62df\u673a\u6620\u50cf\u548c\u5907\u4efd\u6587\u4ef6\u3002 \u5bf9\u8c61\u5b89\u5168\u5e94\u4fa7\u91cd\u4e8e\u4f20\u8f93\u4e2d\u548c\u9759\u6001\u6570\u636e\u7684\u8bbf\u95ee\u63a7\u5236\u548c\u52a0\u5bc6\u3002\u5176\u4ed6\u95ee\u9898\u53ef\u80fd\u4e0e\u7cfb\u7edf\u6ee5\u7528\u3001\u975e\u6cd5\u6216\u6076\u610f\u5185\u5bb9\u5b58\u50a8\u4ee5\u53ca\u4ea4\u53c9\u8eab\u4efd\u9a8c\u8bc1\u653b\u51fb\u5a92\u4ecb\u6709\u5173\u3002 \u5757\u5b58\u50a8 \u00b6 OpenStack \u5757\u5b58\u50a8\u670d\u52a1 \uff08cinder\uff09 \u4e3a\u8ba1\u7b97\u5b9e\u4f8b\u63d0\u4f9b\u6301\u4e45\u6027\u5757\u5b58\u50a8\u3002\u5757\u5b58\u50a8\u670d\u52a1\u8d1f\u8d23\u7ba1\u7406\u5757\u8bbe\u5907\u7684\u751f\u547d\u5468\u671f\uff0c\u4ece\u521b\u5efa\u5377\u548c\u9644\u52a0\u5230\u5b9e\u4f8b\uff0c\u518d\u5230\u91ca\u653e\u3002 \u5757\u5b58\u50a8\u7684\u5b89\u5168\u6ce8\u610f\u4e8b\u9879\u4e0e\u5bf9\u8c61\u5b58\u50a8\u7684\u5b89\u5168\u6ce8\u610f\u4e8b\u9879\u7c7b\u4f3c\u3002 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf \u00b6 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\uff08\u9a6c\u5c3c\u62c9\uff09\u63d0\u4f9b\u4e86\u4e00\u7ec4\u7528\u4e8e\u7ba1\u7406\u591a\u79df\u6237\u4e91\u73af\u5883\u4e2d\u7684\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u7684\u670d\u52a1\uff0c\u7c7b\u4f3c\u4e8e OpenStack \u901a\u8fc7 OpenStack \u5757\u5b58\u50a8\u670d\u52a1\u9879\u76ee\u63d0\u4f9b\u57fa\u4e8e\u5757\u7684\u5b58\u50a8\u7ba1\u7406\u7684\u65b9\u5f0f\u3002\u4f7f\u7528\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\uff0c\u60a8\u53ef\u4ee5\u521b\u5efa\u8fdc\u7a0b\u6587\u4ef6\u7cfb\u7edf\uff0c\u5c06\u6587\u4ef6\u7cfb\u7edf\u6302\u8f7d\u5230\u5b9e\u4f8b\u4e0a\uff0c\u7136\u540e\u4ece\u5b9e\u4f8b\u8bfb\u53d6\u548c\u5199\u5165\u6587\u4ef6\u7cfb\u7edf\u4e2d\u7684\u6570\u636e\u3002 \u7f51\u7edc \u00b6 OpenStack \u7f51\u7edc\u670d\u52a1\uff08neutron\uff0c\u4ee5\u524d\u79f0\u4e3a\u91cf\u5b50\uff09\u4e3a\u4e91\u7528\u6237\uff08\u79df\u6237\uff09\u63d0\u4f9b\u5404\u79cd\u7f51\u7edc\u670d\u52a1\uff0c\u4f8b\u5982 IP \u5730\u5740\u7ba1\u7406\u3001DNS\u3001DHCP\u3001\u8d1f\u8f7d\u5747\u8861\u548c\u5b89\u5168\u7ec4\uff08\u7f51\u7edc\u8bbf\u95ee\u89c4\u5219\uff0c\u5982\u9632\u706b\u5899\u7b56\u7565\uff09\u3002\u6b64\u670d\u52a1\u4e3a\u8f6f\u4ef6\u5b9a\u4e49\u7f51\u7edc \uff08SDN\uff09 \u63d0\u4f9b\u4e86\u4e00\u4e2a\u6846\u67b6\uff0c\u5141\u8bb8\u4e0e\u5404\u79cd\u7f51\u7edc\u89e3\u51b3\u65b9\u6848\u8fdb\u884c\u53ef\u63d2\u62d4\u96c6\u6210\u3002 OpenStack Networking \u5141\u8bb8\u4e91\u79df\u6237\u7ba1\u7406\u5176\u8bbf\u5ba2\u7f51\u7edc\u914d\u7f6e\u3002\u7f51\u7edc\u670d\u52a1\u7684\u5b89\u5168\u95ee\u9898\u5305\u62ec\u7f51\u7edc\u6d41\u91cf\u9694\u79bb\u3001\u53ef\u7528\u6027\u3001\u5b8c\u6574\u6027\u548c\u673a\u5bc6\u6027\u3002 \u4eea\u8868\u677f \u00b6 OpenStack \u4eea\u8868\u677f \uff08horizon\uff09 \u4e3a\u4e91\u7ba1\u7406\u5458\u548c\u4e91\u79df\u6237\u63d0\u4f9b\u4e86\u4e00\u4e2a\u57fa\u4e8e Web \u7684\u754c\u9762\u3002\u4f7f\u7528\u6b64\u754c\u9762\uff0c\u7ba1\u7406\u5458\u548c\u79df\u6237\u53ef\u4ee5\u9884\u914d\u3001\u7ba1\u7406\u548c\u76d1\u89c6\u4e91\u8d44\u6e90\u3002\u4eea\u8868\u677f\u901a\u5e38\u4ee5\u9762\u5411\u516c\u4f17\u7684\u65b9\u5f0f\u90e8\u7f72\uff0c\u5177\u6709\u516c\u5171 Web \u95e8\u6237\u7684\u6240\u6709\u5e38\u89c1\u5b89\u5168\u95ee\u9898\u3002 \u8eab\u4efd\u9274\u522b\u670d\u52a1 \u00b6 OpenStack Identity \u670d\u52a1 \uff08keystone\uff09 \u662f\u4e00\u9879\u5171\u4eab\u670d\u52a1\uff0c\u53ef\u5728\u6574\u4e2a\u4e91\u57fa\u7840\u67b6\u6784\u4e2d\u63d0\u4f9b\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743\u670d\u52a1\u3002Identity \u670d\u52a1\u5177\u6709\u5bf9\u591a\u79cd\u8eab\u4efd\u9a8c\u8bc1\u5f62\u5f0f\u7684\u53ef\u63d2\u5165\u652f\u6301\u3002 Identity \u670d\u52a1\u7684\u5b89\u5168\u95ee\u9898\u5305\u62ec\u5bf9\u8eab\u4efd\u9a8c\u8bc1\u7684\u4fe1\u4efb\u3001\u6388\u6743\u4ee4\u724c\u7684\u7ba1\u7406\u4ee5\u53ca\u5b89\u5168\u901a\u4fe1\u3002 \u955c\u50cf\u670d\u52a1 \u00b6 OpenStack \u955c\u50cf\u670d\u52a1\uff08glance\uff09\u63d0\u4f9b\u78c1\u76d8\u955c\u50cf\u7ba1\u7406\u670d\u52a1\uff0c\u5305\u62ec\u955c\u50cf\u53d1\u73b0\u3001\u6ce8\u518c\u548c\u6839\u636e\u9700\u8981\u5411\u8ba1\u7b97\u670d\u52a1\u4ea4\u4ed8\u670d\u52a1\u3002 \u9700\u8981\u53d7\u4fe1\u4efb\u7684\u8fdb\u7a0b\u6765\u7ba1\u7406\u78c1\u76d8\u6620\u50cf\u7684\u751f\u547d\u5468\u671f\uff0c\u4ee5\u53ca\u524d\u9762\u63d0\u5230\u7684\u4e0e\u6570\u636e\u5b89\u5168\u6709\u5173\u7684\u6240\u6709\u95ee\u9898\u3002 \u6570\u636e\u5904\u7406\u670d\u52a1 \u00b6 \u6570\u636e\u5904\u7406\u670d\u52a1 \uff08sahara\uff09 \u63d0\u4f9b\u4e86\u4e00\u4e2a\u5e73\u53f0\uff0c\u7528\u4e8e\u914d\u7f6e\u3001\u7ba1\u7406\u548c\u4f7f\u7528\u8fd0\u884c\u5e38\u7528\u5904\u7406\u6846\u67b6\u7684\u7fa4\u96c6\u3002 \u6570\u636e\u5904\u7406\u7684\u5b89\u5168\u6ce8\u610f\u4e8b\u9879\u5e94\u4fa7\u91cd\u4e8e\u6570\u636e\u9690\u79c1\u548c\u4e0e\u9884\u7f6e\u96c6\u7fa4\u7684\u5b89\u5168\u901a\u4fe1\u3002 \u5176\u4ed6\u914d\u5957\u6280\u672f \u00b6 \u6d88\u606f\u4f20\u9012\u7528\u4e8e\u591a\u4e2a OpenStack \u670d\u52a1\u4e4b\u95f4\u7684\u5185\u90e8\u901a\u4fe1\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0cOpenStack \u4f7f\u7528\u57fa\u4e8e AMQP \u7684\u6d88\u606f\u961f\u5217\u3002\u4e0e\u5927\u591a\u6570 OpenStack \u670d\u52a1\u4e00\u6837\uff0cAMQP \u652f\u6301\u53ef\u63d2\u62d4\u7ec4\u4ef6\u3002\u73b0\u5728\uff0c\u5b9e\u73b0\u540e\u7aef\u53ef\u4ee5\u662f RabbitMQ\u3001Qpid \u6216 ZeroMQ\u3002 \u7531\u4e8e\u5927\u591a\u6570\u7ba1\u7406\u547d\u4ee4\u90fd\u6d41\u7ecf\u6d88\u606f\u961f\u5217\u7cfb\u7edf\uff0c\u56e0\u6b64\u6d88\u606f\u961f\u5217\u5b89\u5168\u6027\u662f\u4efb\u4f55 OpenStack \u90e8\u7f72\u7684\u4e3b\u8981\u5b89\u5168\u95ee\u9898\uff0c\u672c\u6307\u5357\u7a0d\u540e\u5c06\u5bf9\u6b64\u8fdb\u884c\u8be6\u7ec6\u8ba8\u8bba\u3002 \u6709\u51e0\u4e2a\u7ec4\u4ef6\u4f7f\u7528\u6570\u636e\u5e93\uff0c\u5c3d\u7ba1\u5b83\u6ca1\u6709\u663e\u5f0f\u8c03\u7528\u3002\u4fdd\u62a4\u6570\u636e\u5e93\u8bbf\u95ee\u662f\u53e6\u4e00\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u56e0\u6b64\u5728\u672c\u6307\u5357\u540e\u9762\u5c06\u66f4\u8be6\u7ec6\u5730\u8ba8\u8bba\u3002 \u5b89\u5168\u8fb9\u754c\u548c\u5a01\u80c1 \u00b6 \u4e91\u53ef\u4ee5\u62bd\u8c61\u4e3a\u903b\u8f91\u7ec4\u4ef6\u7684\u96c6\u5408\uff0c\u56e0\u4e3a\u5b83\u4eec\u7684\u529f\u80fd\u3001\u7528\u6237\u548c\u5171\u4eab\u7684\u5b89\u5168\u95ee\u9898\uff0c\u6211\u4eec\u79f0\u4e4b\u4e3a\u5b89\u5168\u57df\u3002\u5a01\u80c1\u53c2\u4e0e\u8005\u548c\u5411\u91cf\u6839\u636e\u5176\u52a8\u673a\u548c\u5bf9\u8d44\u6e90\u7684\u8bbf\u95ee\u8fdb\u884c\u5206\u7c7b\u3002\u6211\u4eec\u7684\u76ee\u6807\u662f\u6839\u636e\u60a8\u7684\u98ce\u9669/\u6f0f\u6d1e\u4fdd\u62a4\u76ee\u6807\uff0c\u8ba9\u60a8\u4e86\u89e3\u6bcf\u4e2a\u57df\u7684\u5b89\u5168\u95ee\u9898\u3002 \u5b89\u5168\u57df \u00b6 \u5b89\u5168\u57df\u5305\u62ec\u7528\u6237\u3001\u5e94\u7528\u7a0b\u5e8f\u3001\u670d\u52a1\u5668\u6216\u7f51\u7edc\uff0c\u5b83\u4eec\u5728\u7cfb\u7edf\u4e2d\u5177\u6709\u5171\u540c\u7684\u4fe1\u4efb\u8981\u6c42\u548c\u671f\u671b\u3002\u901a\u5e38\uff0c\u5b83\u4eec\u5177\u6709\u76f8\u540c\u7684\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743 \uff08AuthN/Z\uff09 \u8981\u6c42\u548c\u7528\u6237\u3002 \u5c3d\u7ba1\u60a8\u53ef\u80fd\u5e0c\u671b\u8fdb\u4e00\u6b65\u7ec6\u5206\u8fd9\u4e9b\u57df\uff08\u6211\u4eec\u7a0d\u540e\u5c06\u8ba8\u8bba\u5728\u54ea\u4e9b\u65b9\u9762\u53ef\u80fd\u5408\u9002\uff09\uff0c\u4f46\u6211\u4eec\u901a\u5e38\u6307\u7684\u662f\u56db\u4e2a\u4e0d\u540c\u7684\u5b89\u5168\u57df\uff0c\u5b83\u4eec\u6784\u6210\u4e86\u5b89\u5168\u90e8\u7f72\u4efb\u4f55 OpenStack \u4e91\u6240\u9700\u7684\u6700\u4f4e\u9650\u5ea6\u3002\u8fd9\u4e9b\u5b89\u5168\u57df\u5305\u62ec\uff1a \u516c\u5171\u57df \u8bbf\u5ba2\u57df \u7ba1\u7406\u57df \u6570\u636e\u57df \u6211\u4eec\u4e4b\u6240\u4ee5\u9009\u62e9\u8fd9\u4e9b\u5b89\u5168\u57df\uff0c\u662f\u56e0\u4e3a\u5b83\u4eec\u53ef\u4ee5\u72ec\u7acb\u6620\u5c04\uff0c\u4e5f\u53ef\u4ee5\u7ec4\u5408\u8d77\u6765\uff0c\u4ee5\u8868\u793a\u7ed9\u5b9a OpenStack \u90e8\u7f72\u4e2d\u5927\u591a\u6570\u53ef\u80fd\u7684\u4fe1\u4efb\u533a\u57df\u3002\u4f8b\u5982\uff0c\u67d0\u4e9b\u90e8\u7f72\u62d3\u6251\u53ef\u80fd\u7531\u4e00\u4e2a\u7269\u7406\u7f51\u7edc\u4e0a\u7684\u6765\u5bbe\u57df\u548c\u6570\u636e\u57df\u7684\u7ec4\u5408\u7ec4\u6210\uff0c\u800c\u5176\u4ed6\u62d3\u6251\u5219\u5c06\u8fd9\u4e9b\u57df\u5206\u5f00\u3002\u5728\u6bcf\u79cd\u60c5\u51b5\u4e0b\uff0c\u4e91\u64cd\u4f5c\u5458\u90fd\u5e94\u6ce8\u610f\u9002\u5f53\u7684\u5b89\u5168\u95ee\u9898\u3002\u5b89\u5168\u57df\u5e94\u9488\u5bf9\u7279\u5b9a\u7684 OpenStack \u90e8\u7f72\u62d3\u6251\u8fdb\u884c\u6620\u5c04\u3002\u57df\u53ca\u5176\u4fe1\u4efb\u8981\u6c42\u53d6\u51b3\u4e8e\u4e91\u5b9e\u4f8b\u662f\u516c\u6709\u4e91\u5b9e\u4f8b\u3001\u79c1\u6709\u4e91\u5b9e\u4f8b\u8fd8\u662f\u6df7\u5408\u4e91\u5b9e\u4f8b\u3002 \u516c\u5171 \u00b6 \u516c\u5171\u5b89\u5168\u57df\u662f\u4e91\u57fa\u7840\u67b6\u6784\u4e2d\u5b8c\u5168\u4e0d\u53d7\u4fe1\u4efb\u7684\u533a\u57df\u3002\u5b83\u53ef\u4ee5\u6307\u6574\u4e2a\u4e92\u8054\u7f51\uff0c\u4e5f\u53ef\u4ee5\u7b80\u5355\u5730\u6307\u60a8\u65e0\u6743\u8bbf\u95ee\u7684\u7f51\u7edc\u3002\u4efb\u4f55\u5177\u6709\u673a\u5bc6\u6027\u6216\u5b8c\u6574\u6027\u8981\u6c42\u4f20\u8f93\u6b64\u57df\u7684\u6570\u636e\u90fd\u5e94\u4f7f\u7528\u8865\u507f\u63a7\u5236\u8fdb\u884c\u4fdd\u62a4\u3002 \u6b64\u57df\u5e94\u59cb\u7ec8\u88ab\u89c6\u4e3a\u4e0d\u53d7\u4fe1\u4efb\u3002 \u8bbf\u5ba2 \u00b6 \u8bbf\u5ba2\u5b89\u5168\u57df\u901a\u5e38\u7528\u4e8e\u8ba1\u7b97\u5b9e\u4f8b\u5230\u5b9e\u4f8b\u7684\u6d41\u91cf\uff0c\u5b83\u5904\u7406\u7531\u4e91\u4e0a\u7684\u5b9e\u4f8b\u751f\u6210\u7684\u8ba1\u7b97\u6570\u636e\uff0c\u4f46\u4e0d\u5904\u7406\u652f\u6301\u4e91\u64cd\u4f5c\u7684\u670d\u52a1\uff0c\u4f8b\u5982 API \u8c03\u7528\u3002 \u5982\u679c\u516c\u6709\u4e91\u548c\u79c1\u6709\u4e91\u63d0\u4f9b\u5546\u5bf9\u5b9e\u4f8b\u4f7f\u7528\u6ca1\u6709\u4e25\u683c\u63a7\u5236\uff0c\u4e5f\u4e0d\u5141\u8bb8\u5bf9\u865a\u62df\u673a\u8fdb\u884c\u4e0d\u53d7\u9650\u5236\u7684 Internet \u8bbf\u95ee\uff0c\u5219\u5e94\u5c06\u6b64\u57df\u89c6\u4e3a\u4e0d\u53d7\u4fe1\u4efb\u7684\u57df\u3002\u79c1\u6709\u4e91\u63d0\u4f9b\u5546\u53ef\u80fd\u5e0c\u671b\u5c06\u6b64\u7f51\u7edc\u89c6\u4e3a\u5185\u90e8\u7f51\u7edc\uff0c\u5e76\u4e14\u53ea\u6709\u5728\u5b9e\u65bd\u9002\u5f53\u7684\u63a7\u5236\u4ee5\u65ad\u8a00\u5b9e\u4f8b\u548c\u6240\u6709\u5173\u8054\u79df\u6237\u90fd\u662f\u53ef\u4fe1\u7684\u65f6\u3002 \u7ba1\u7406 \u00b6 \u7ba1\u7406\u5b89\u5168\u57df\u662f\u670d\u52a1\u4ea4\u4e92\u7684\u5730\u65b9\u3002\u6709\u65f6\u79f0\u4e3a\u201c\u63a7\u5236\u5e73\u9762\u201d\uff0c\u6b64\u57df\u4e2d\u7684\u7f51\u7edc\u4f20\u8f93\u673a\u5bc6\u6570\u636e\uff0c\u4f8b\u5982\u914d\u7f6e\u53c2\u6570\u3001\u7528\u6237\u540d\u548c\u5bc6\u7801\u3002\u547d\u4ee4\u548c\u63a7\u5236\u6d41\u91cf\u901a\u5e38\u9a7b\u7559\u5728\u6b64\u57df\u4e2d\uff0c\u8fd9\u9700\u8981\u5f3a\u5927\u7684\u5b8c\u6574\u6027\u8981\u6c42\u3002\u5bf9\u6b64\u57df\u7684\u8bbf\u95ee\u5e94\u53d7\u5230\u9ad8\u5ea6\u9650\u5236\u548c\u76d1\u89c6\u3002\u540c\u65f6\uff0c\u6b64\u57df\u4ecd\u5e94\u91c7\u7528\u672c\u6307\u5357\u4e2d\u63cf\u8ff0\u7684\u6240\u6709\u5b89\u5168\u6700\u4f73\u505a\u6cd5\u3002 \u5728\u5927\u591a\u6570\u90e8\u7f72\u4e2d\uff0c\u6b64\u57df\u88ab\u89c6\u4e3a\u53d7\u4fe1\u4efb\u7684\u57df\u3002\u4f46\u662f\uff0c\u5728\u8003\u8651 OpenStack \u90e8\u7f72\u65f6\uff0c\u6709\u8bb8\u591a\u7cfb\u7edf\u5c06\u6b64\u57df\u4e0e\u5176\u4ed6\u57df\u6865\u63a5\u8d77\u6765\uff0c\u8fd9\u53ef\u80fd\u4f1a\u964d\u4f4e\u60a8\u53ef\u4ee5\u5bf9\u8be5\u57df\u7684\u4fe1\u4efb\u7ea7\u522b\u3002\u6709\u5173\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u6865\u63a5\u5b89\u5168\u57df\u3002 \u6570\u636e \u00b6 \u6570\u636e\u5b89\u5168\u57df\u4e3b\u8981\u5173\u6ce8\u4e0eOpenStack\u4e2d\u7684\u5b58\u50a8\u670d\u52a1\u6709\u5173\u7684\u4fe1\u606f\u3002\u901a\u8fc7\u8be5\u7f51\u7edc\u4f20\u8f93\u7684\u5927\u591a\u6570\u6570\u636e\u90fd\u9700\u8981\u9ad8\u5ea6\u7684\u5b8c\u6574\u6027\u548c\u673a\u5bc6\u6027\u3002\u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\uff0c\u6839\u636e\u90e8\u7f72\u7c7b\u578b\uff0c\u53ef\u80fd\u8fd8\u4f1a\u6709\u5f88\u5f3a\u7684\u53ef\u7528\u6027\u8981\u6c42\u3002 \u6b64\u7f51\u7edc\u7684\u4fe1\u4efb\u7ea7\u522b\u5f88\u5927\u7a0b\u5ea6\u4e0a\u53d6\u51b3\u4e8e\u90e8\u7f72\u51b3\u7b56\uff0c\u56e0\u6b64\u6211\u4eec\u4e0d\u4f1a\u4e3a\u5176\u5206\u914d\u4efb\u4f55\u9ed8\u8ba4\u7684\u4fe1\u4efb\u7ea7\u522b\u3002 \u6865\u63a5\u5b89\u5168\u57df \u00b6 \u7f51\u6865\u662f\u5b58\u5728\u4e8e\u591a\u4e2a\u5b89\u5168\u57df\u4e2d\u7684\u7ec4\u4ef6\u3002\u5fc5\u987b\u4ed4\u7ec6\u914d\u7f6e\u6865\u63a5\u5177\u6709\u4e0d\u540c\u4fe1\u4efb\u7ea7\u522b\u6216\u8eab\u4efd\u9a8c\u8bc1\u8981\u6c42\u7684\u5b89\u5168\u57df\u7684\u4efb\u4f55\u7ec4\u4ef6\u3002\u8fd9\u4e9b\u7f51\u6865\u901a\u5e38\u662f\u7f51\u7edc\u67b6\u6784\u4e2d\u7684\u8584\u5f31\u73af\u8282\u3002\u6865\u63a5\u5e94\u59cb\u7ec8\u914d\u7f6e\u4e3a\u6ee1\u8db3\u5b83\u6240\u6865\u63a5\u7684\u4efb\u4f55\u57df\u7684\u6700\u9ad8\u4fe1\u4efb\u7ea7\u522b\u7684\u5b89\u5168\u8981\u6c42\u3002\u5728\u8bb8\u591a\u60c5\u51b5\u4e0b\uff0c\u7531\u4e8e\u653b\u51fb\u7684\u53ef\u80fd\u6027\uff0c\u6865\u63a5\u5668\u7684\u5b89\u5168\u63a7\u5236\u5e94\u8be5\u662f\u4e3b\u8981\u5173\u6ce8\u70b9\u3002 \u4e0a\u56fe\u663e\u793a\u4e86\u6865\u63a5\u6570\u636e\u548c\u7ba1\u7406\u57df\u7684\u8ba1\u7b97\u8282\u70b9;\u56e0\u6b64\uff0c\u5e94\u5c06\u8ba1\u7b97\u8282\u70b9\u914d\u7f6e\u4e3a\u6ee1\u8db3\u7ba1\u7406\u57df\u7684\u5b89\u5168\u8981\u6c42\u3002\u540c\u6837\uff0c\u6b64\u56fe\u4e2d\u7684 API \u7aef\u70b9\u6b63\u5728\u6865\u63a5\u4e0d\u53d7\u4fe1\u4efb\u7684\u516c\u5171\u57df\u548c\u7ba1\u7406\u57df\uff0c\u5e94\u5c06\u5176\u914d\u7f6e\u4e3a\u9632\u6b62\u4ece\u516c\u5171\u57df\u4f20\u64ad\u5230\u7ba1\u7406\u57df\u7684\u653b\u51fb\u3002 \u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\uff0c\u90e8\u7f72\u4eba\u5458\u53ef\u80fd\u5e0c\u671b\u8003\u8651\u5c06\u7f51\u6865\u4fdd\u62a4\u5230\u6bd4\u5b83\u6240\u5728\u7684\u4efb\u4f55\u57df\u66f4\u9ad8\u7684\u6807\u51c6\u3002\u9274\u4e8e\u4e0a\u8ff0 API \u7aef\u70b9\u793a\u4f8b\uff0c\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u4ece\u516c\u5171\u57df\u4ee5 API \u7aef\u70b9\u4e3a\u76ee\u6807\uff0c\u5229\u7528\u5b83\u6765\u5165\u4fb5\u6216\u8bbf\u95ee\u7ba1\u7406\u57df\u3002 OpenStack\u7684\u8bbe\u8ba1\u4f7f\u5f97\u5b89\u5168\u57df\u7684\u5206\u79bb\u662f\u5f88\u56f0\u96be\u7684\u3002\u7531\u4e8e\u6838\u5fc3\u670d\u52a1\u901a\u5e38\u81f3\u5c11\u6865\u63a5\u4e24\u4e2a\u57df\uff0c\u56e0\u6b64\u5728\u5bf9\u5b83\u4eec\u5e94\u7528\u5b89\u5168\u63a7\u5236\u65f6\u5fc5\u987b\u7279\u522b\u8003\u8651\u3002 \u5a01\u80c1\u5206\u7c7b\u3001\u53c2\u4e0e\u8005\u548c\u653b\u51fb\u5411\u91cf \u00b6 \u5927\u591a\u6570\u7c7b\u578b\u7684\u4e91\u90e8\u7f72\uff08\u516c\u6709\u4e91\u6216\u79c1\u6709\u4e91\uff09\u90fd\u4f1a\u53d7\u5230\u67d0\u79cd\u5f62\u5f0f\u7684\u653b\u51fb\u3002\u5728\u672c\u7ae0\u4e2d\uff0c\u6211\u4eec\u5c06\u5bf9\u653b\u51fb\u8005\u8fdb\u884c\u5206\u7c7b\uff0c\u5e76\u603b\u7ed3\u6bcf\u4e2a\u5b89\u5168\u57df\u4e2d\u7684\u6f5c\u5728\u653b\u51fb\u7c7b\u578b\u3002 \u5a01\u80c1\u53c2\u4e0e\u8005 \u00b6 \u5a01\u80c1\u53c2\u4e0e\u8005\u662f\u4e00\u79cd\u62bd\u8c61\u7684\u65b9\u5f0f\uff0c\u7528\u4e8e\u6307\u4ee3\u60a8\u53ef\u80fd\u5c1d\u8bd5\u9632\u5fa1\u7684\u4e00\u7c7b\u5bf9\u624b\u3002\u53c2\u4e0e\u8005\u7684\u80fd\u529b\u8d8a\u5f3a\uff0c\u6210\u529f\u7f13\u89e3\u548c\u9884\u9632\u653b\u51fb\u6240\u9700\u7684\u5b89\u5168\u63a7\u5236\u5c31\u8d8a\u6602\u8d35\u3002\u5b89\u5168\u6027\u662f\u6210\u672c\u3001\u53ef\u7528\u6027\u548c\u9632\u5fa1\u4e4b\u95f4\u7684\u6743\u8861\u3002\u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\uff0c\u4e0d\u53ef\u80fd\u9488\u5bf9\u6211\u4eec\u5728\u6b64\u5904\u63cf\u8ff0\u7684\u6240\u6709\u5a01\u80c1\u53c2\u4e0e\u8005\u4fdd\u62a4\u4e91\u90e8\u7f72\u3002\u90a3\u4e9b\u90e8\u7f72OpenStack\u4e91\u7684\u4eba\u5c06\u4e0d\u5f97\u4e0d\u51b3\u5b9a\u5176\u90e8\u7f72/\u4f7f\u7528\u7684\u5e73\u8861\u70b9\u5728\u54ea\u91cc\u3002 \u60c5\u62a5\u673a\u6784 \u00b6 \u672c\u6307\u5357\u8ba4\u4e3a\u662f\u6700\u6709\u80fd\u529b\u7684\u5bf9\u624b\u3002\u60c5\u62a5\u90e8\u95e8\u548c\u5176\u4ed6\u56fd\u5bb6\u884c\u4e3a\u8005\u53ef\u4ee5\u4e3a\u76ee\u6807\u5e26\u6765\u5de8\u5927\u7684\u8d44\u6e90\u3002\u4ed6\u4eec\u62e5\u6709\u8d85\u8d8a\u4efb\u4f55\u5176\u4ed6\u53c2\u4e0e\u8005\u7684\u80fd\u529b\u3002\u5982\u679c\u6ca1\u6709\u6781\u5176\u4e25\u683c\u7684\u63a7\u5236\u63aa\u65bd\uff0c\u65e0\u8bba\u662f\u4eba\u529b\u8fd8\u662f\u6280\u672f\uff0c\u90fd\u5f88\u96be\u9632\u5fa1\u8fd9\u4e9b\u884c\u4e3a\u8005\u3002 \u4e25\u91cd\u6709\u7ec4\u7ec7\u72af\u7f6a \u00b6 \u80fd\u529b\u5f3a\u4e14\u53d7\u7ecf\u6d4e\u9a71\u52a8\u7684\u653b\u51fb\u8005\u7fa4\u4f53\u3002\u80fd\u591f\u8d44\u52a9\u5185\u90e8\u6f0f\u6d1e\u5f00\u53d1\u548c\u76ee\u6807\u7814\u7a76\u3002\u8fd1\u5e74\u6765\uff0c\u4fc4\u7f57\u65af\u5546\u4e1a\u7f51\u7edc\uff08Russian Business Network\uff09\u7b49\u7ec4\u7ec7\u7684\u5d1b\u8d77\uff0c\u4e00\u4e2a\u5e9e\u5927\u7684\u7f51\u7edc\u72af\u7f6a\u4f01\u4e1a\uff0c\u5df2\u7ecf\u8bc1\u660e\u4e86\u7f51\u7edc\u653b\u51fb\u5982\u4f55\u6210\u4e3a\u4e00\u79cd\u5546\u54c1\u3002\u5de5\u4e1a\u95f4\u8c0d\u6d3b\u52a8\u5c5e\u4e8e\u4e25\u91cd\u7684\u6709\u7ec4\u7ec7\u72af\u7f6a\u96c6\u56e2\u3002 \u9ad8\u80fd\u529b\u7684\u56e2\u961f \u00b6 \u8fd9\u662f\u6307\u201c\u9ed1\u5ba2\u884c\u52a8\u4e3b\u4e49\u8005\u201d\u7c7b\u578b\u7684\u7ec4\u7ec7\uff0c\u4ed6\u4eec\u901a\u5e38\u6ca1\u6709\u5546\u4e1a\u8d44\u52a9\uff0c\u4f46\u53ef\u80fd\u5bf9\u670d\u52a1\u63d0\u4f9b\u5546\u548c\u4e91\u8fd0\u8425\u5546\u6784\u6210\u4e25\u91cd\u5a01\u80c1\u3002 \u6709\u52a8\u673a\u7684\u4e2a\u4eba \u00b6 \u8fd9\u4e9b\u653b\u51fb\u8005\u5355\u72ec\u884c\u52a8\uff0c\u4ee5\u591a\u79cd\u5f62\u5f0f\u51fa\u73b0\uff0c\u4f8b\u5982\u6d41\u6c13\u6216\u6076\u610f\u5458\u5de5\u3001\u5fc3\u6000\u4e0d\u6ee1\u7684\u5ba2\u6237\u6216\u5c0f\u89c4\u6a21\u7684\u5de5\u4e1a\u95f4\u8c0d\u6d3b\u52a8\u3002 \u811a\u672c\u653b\u51fb\u8005 \u00b6 \u81ea\u52a8\u6f0f\u6d1e\u626b\u63cf/\u5229\u7528\u3002\u975e\u9488\u5bf9\u6027\u653b\u51fb\u3002\u901a\u5e38\uff0c\u53ea\u6709\u8fd9\u4e9b\u884c\u4e3a\u8005\u4e4b\u4e00\u7684\u6ecb\u6270\u3001\u59a5\u534f\u624d\u4f1a\u5bf9\u7ec4\u7ec7\u7684\u58f0\u8a89\u6784\u6210\u91cd\u5927\u98ce\u9669\u3002 \u516c\u6709\u4e91\u548c\u79c1\u6709\u4e91\u6ce8\u610f\u4e8b\u9879 \u00b6 \u79c1\u6709\u4e91\u901a\u5e38\u7531\u4f01\u4e1a\u6216\u673a\u6784\u5728\u5176\u7f51\u7edc\u5185\u90e8\u548c\u9632\u706b\u5899\u540e\u9762\u90e8\u7f72\u3002\u4f01\u4e1a\u5c06\u5bf9\u5141\u8bb8\u54ea\u4e9b\u6570\u636e\u9000\u51fa\u5176\u7f51\u7edc\u6709\u4e25\u683c\u7684\u653f\u7b56\uff0c\u751a\u81f3\u53ef\u80fd\u4e3a\u7279\u5b9a\u76ee\u7684\u4f7f\u7528\u4e0d\u540c\u7684\u4e91\u3002\u79c1\u6709\u4e91\u7684\u7528\u6237\u901a\u5e38\u662f\u62e5\u6709\u4e91\u7684\u7ec4\u7ec7\u7684\u5458\u5de5\uff0c\u5e76\u4e14\u80fd\u591f\u5bf9\u5176\u884c\u4e3a\u8d1f\u8d23\u3002\u5458\u5de5\u901a\u5e38\u4f1a\u5728\u8bbf\u95ee\u4e91\u4e4b\u524d\u53c2\u52a0\u57f9\u8bad\u8bfe\u7a0b\uff0c\u5e76\u4e14\u53ef\u80fd\u4f1a\u53c2\u52a0\u5b9a\u671f\u5b89\u6392\u7684\u5b89\u5168\u610f\u8bc6\u57f9\u8bad\u3002\u76f8\u6bd4\u4e4b\u4e0b\uff0c\u516c\u6709\u4e91\u4e0d\u80fd\u5bf9\u5176\u7528\u6237\u3001\u4e91\u7528\u4f8b\u6216\u7528\u6237\u52a8\u673a\u505a\u51fa\u4efb\u4f55\u65ad\u8a00\u3002\u5bf9\u4e8e\u516c\u6709\u4e91\u63d0\u4f9b\u5546\u6765\u8bf4\uff0c\u8fd9\u4f1a\u7acb\u5373\u5c06\u5ba2\u6237\u673a\u5b89\u5168\u57df\u63a8\u5165\u5b8c\u5168\u4e0d\u53d7\u4fe1\u4efb\u7684\u72b6\u6001\u3002 \u516c\u6709\u4e91\u653b\u51fb\u9762\u7684\u4e00\u4e2a\u663e\u7740\u533a\u522b\u662f\uff0c\u5b83\u4eec\u5fc5\u987b\u63d0\u4f9b\u5bf9\u5176\u670d\u52a1\u7684\u4e92\u8054\u7f51\u8bbf\u95ee\u3002\u5b9e\u4f8b\u8fde\u63a5\u3001\u901a\u8fc7 Internet \u8bbf\u95ee\u6587\u4ef6\u4ee5\u53ca\u4e0e\u4e91\u63a7\u5236\u7ed3\u6784\uff08\u5982 API \u7aef\u70b9\u548c\u4eea\u8868\u677f\uff09\u4ea4\u4e92\u7684\u80fd\u529b\u662f\u516c\u6709\u4e91\u7684\u5fc5\u5907\u6761\u4ef6\u3002 \u516c\u6709\u4e91\u548c\u79c1\u6709\u4e91\u7528\u6237\u7684\u9690\u79c1\u95ee\u9898\u901a\u5e38\u662f\u622a\u7136\u76f8\u53cd\u7684\u3002\u5728\u79c1\u6709\u4e91\u4e2d\u751f\u6210\u548c\u5b58\u50a8\u7684\u6570\u636e\u901a\u5e38\u7531\u4e91\u8fd0\u8425\u5546\u62e5\u6709\uff0c\u4ed6\u4eec\u80fd\u591f\u90e8\u7f72\u6570\u636e\u4e22\u5931\u9632\u62a4 \uff08DLP\uff09 \u4fdd\u62a4\u3001\u6587\u4ef6\u68c0\u67e5\u3001\u6df1\u5ea6\u6570\u636e\u5305\u68c0\u67e5\u548c\u89c4\u8303\u6027\u9632\u706b\u5899\u7b49\u6280\u672f\u3002\u76f8\u6bd4\u4e4b\u4e0b\uff0c\u9690\u79c1\u662f\u91c7\u7528\u516c\u6709\u4e91\u57fa\u7840\u8bbe\u65bd\u7684\u4e3b\u8981\u969c\u788d\u4e4b\u4e00\uff0c\u56e0\u4e3a\u524d\u9762\u63d0\u5230\u7684\u8bb8\u591a\u63a7\u5236\u63aa\u65bd\u5e76\u4e0d\u5b58\u5728\u3002 \u51fa\u7ad9\u653b\u51fb\u548c\u58f0\u8a89\u98ce\u9669 \u00b6 \u5e94\u4ed4\u7ec6\u8003\u8651\u4e91\u90e8\u7f72\u4e2d\u6f5c\u5728\u7684\u51fa\u7ad9\u6ee5\u7528\u3002\u65e0\u8bba\u662f\u516c\u6709\u4e91\u8fd8\u662f\u79c1\u6709\u4e91\uff0c\u4e91\u5f80\u5f80\u90fd\u6709\u5927\u91cf\u53ef\u7528\u8d44\u6e90\u3002\u901a\u8fc7\u9ed1\u5ba2\u653b\u51fb\u6216\u6388\u6743\u8bbf\u95ee\u5728\u4e91\u4e2d\u5efa\u7acb\u5b58\u5728\u70b9\u7684\u653b\u51fb\u8005\uff08\u4f8b\u5982\u6d41\u6c13\u5458\u5de5\uff09\u53ef\u4ee5\u4f7f\u8fd9\u4e9b\u8d44\u6e90\u5bf9\u6574\u4e2a\u4e92\u8054\u7f51\u4ea7\u751f\u5f71\u54cd\u3002\u5177\u6709\u8ba1\u7b97\u670d\u52a1\u7684\u4e91\u662f\u7406\u60f3\u7684 DDoS \u548c\u66b4\u529b\u5f15\u64ce\u3002\u5bf9\u4e8e\u516c\u6709\u4e91\u6765\u8bf4\uff0c\u8fd9\u4e2a\u95ee\u9898\u66f4\u4e3a\u7d27\u8feb\uff0c\u56e0\u4e3a\u5b83\u4eec\u7684\u7528\u6237\u5728\u5f88\u5927\u7a0b\u5ea6\u4e0a\u662f\u4e0d\u8d1f\u8d23\u4efb\u7684\uff0c\u5e76\u4e14\u53ef\u4ee5\u8fc5\u901f\u542f\u52a8\u5927\u91cf\u4e00\u6b21\u6027\u5b9e\u4f8b\u8fdb\u884c\u51fa\u7ad9\u653b\u51fb\u3002\u5982\u679c\u4e00\u5bb6\u516c\u53f8\u56e0\u6258\u7ba1\u6076\u610f\u8f6f\u4ef6\u6216\u5bf9\u5176\u4ed6\u7f51\u7edc\u53d1\u8d77\u653b\u51fb\u800c\u95fb\u540d\uff0c\u53ef\u80fd\u4f1a\u5bf9\u516c\u53f8\u7684\u58f0\u8a89\u9020\u6210\u91cd\u5927\u635f\u5bb3\u3002\u9884\u9632\u65b9\u6cd5\u5305\u62ec\u51fa\u53e3\u5b89\u5168\u7ec4\u3001\u51fa\u7ad9\u6d41\u91cf\u68c0\u67e5\u3001\u5ba2\u6237\u6559\u80b2\u548c\u610f\u8bc6\uff0c\u4ee5\u53ca\u6b3a\u8bc8\u548c\u6ee5\u7528\u7f13\u89e3\u7b56\u7565\u3002 \u653b\u51fb\u7c7b\u578b \u00b6 \u8be5\u56fe\u663e\u793a\u4e86\u4e0a\u4e00\u8282\u4e2d\u63cf\u8ff0\u7684\u53c2\u4e0e\u8005\u53ef\u80fd\u9884\u671f\u7684\u5178\u578b\u653b\u51fb\u7c7b\u578b\u3002\u8bf7\u6ce8\u610f\uff0c\u6b64\u56fe\u4e0d\u6392\u9664\u6709\u4e0d\u53ef\u9884\u671f\u7684\u653b\u51fb\u7c7b\u578b\u3002 \u653b\u51fb\u7c7b\u578b \u6bcf\u79cd\u653b\u51fb\u5f62\u5f0f\u7684\u89c4\u8303\u6027\u9632\u5fa1\u8d85\u51fa\u4e86\u672c\u6587\u6863\u7684\u8303\u56f4\u3002\u4e0a\u56fe\u53ef\u4ee5\u5e2e\u52a9\u60a8\u5c31\u5e94\u9632\u8303\u54ea\u4e9b\u7c7b\u578b\u7684\u5a01\u80c1\u548c\u5a01\u80c1\u53c2\u4e0e\u8005\u505a\u51fa\u660e\u667a\u7684\u51b3\u5b9a\u3002\u5bf9\u4e8e\u5546\u4e1a\u516c\u6709\u4e91\u90e8\u7f72\uff0c\u8fd9\u53ef\u80fd\u5305\u62ec\u9884\u9632\u4e25\u91cd\u72af\u7f6a\u3002\u5bf9\u4e8e\u90a3\u4e9b\u4e3a\u653f\u5e9c\u4f7f\u7528\u90e8\u7f72\u79c1\u6709\u4e91\u7684\u4eba\u6765\u8bf4\uff0c\u5e94\u8be5\u5efa\u7acb\u66f4\u4e25\u683c\u7684\u4fdd\u62a4\u673a\u5236\uff0c\u5305\u62ec\u7cbe\u5fc3\u4fdd\u62a4\u7684\u8bbe\u65bd\u548c\u4f9b\u5e94\u94fe\u3002\u76f8\u6bd4\u4e4b\u4e0b\uff0c\u90a3\u4e9b\u5efa\u7acb\u57fa\u672c\u5f00\u53d1\u6216\u6d4b\u8bd5\u73af\u5883\u7684\u4eba\u53ef\u80fd\u9700\u8981\u9650\u5236\u8f83\u5c11\u7684\u63a7\u5236\uff08\u4e2d\u95f4\uff09\u3002 \u9009\u62e9\u652f\u6301\u8f6f\u4ef6 \u00b6 \u60a8\u9009\u62e9\u7684\u652f\u6301\u8f6f\u4ef6\uff08\u5982\u6d88\u606f\u4f20\u9012\u548c\u8d1f\u8f7d\u5e73\u8861\uff09\u53ef\u80fd\u4f1a\u5bf9\u4e91\u4ea7\u751f\u4e25\u91cd\u7684\u5b89\u5168\u5f71\u54cd\u3002\u4e3a\u7ec4\u7ec7\u505a\u51fa\u6b63\u786e\u7684\u9009\u62e9\u975e\u5e38\u91cd\u8981\u3002\u672c\u8282\u63d0\u4f9b\u4e86\u9009\u62e9\u652f\u6301\u8f6f\u4ef6\u7684\u4e00\u4e9b\u4e00\u822c\u51c6\u5219\u3002 \u4e3a\u4e86\u9009\u62e9\u6700\u4f73\u652f\u6301\u8f6f\u4ef6\uff0c\u8bf7\u8003\u8651\u4ee5\u4e0b\u56e0\u7d20\uff1a \u56e2\u961f\u4e13\u4e1a\u77e5\u8bc6 \u4ea7\u54c1\u6216\u9879\u76ee\u6210\u719f\u5ea6 \u901a\u7528\u6807\u51c6 \u786c\u4ef6\u95ee\u9898 \u56e2\u961f\u4e13\u4e1a\u77e5\u8bc6 \u00b6 \u56e2\u961f\u8d8a\u719f\u6089\u7279\u5b9a\u4ea7\u54c1\u3001\u5176\u914d\u7f6e\u548c\u7279\u6b8a\u6027\uff0c\u5c31\u8d8a\u5c11\u4f1a\u51fa\u73b0\u914d\u7f6e\u9519\u8bef\u3002\u6b64\u5916\uff0c\u5c06\u5458\u5de5\u7684\u4e13\u4e1a\u77e5\u8bc6\u5206\u6563\u5230\u6574\u4e2a\u7ec4\u7ec7\u4e2d\u53ef\u4ee5\u589e\u52a0\u7cfb\u7edf\u7684\u53ef\u7528\u6027\uff0c\u5141\u8bb8\u5206\u5de5\uff0c\u5e76\u5728\u56e2\u961f\u6210\u5458\u4e0d\u53ef\u7528\u65f6\u51cf\u8f7b\u95ee\u9898\u3002 \u4ea7\u54c1\u6216\u9879\u76ee\u6210\u719f\u5ea6 \u00b6 \u7ed9\u5b9a\u4ea7\u54c1\u6216\u9879\u76ee\u7684\u6210\u719f\u5ea6\u5bf9\u60a8\u7684\u5b89\u5168\u72b6\u51b5\u81f3\u5173\u91cd\u8981\u3002\u90e8\u7f72\u4e91\u540e\uff0c\u4ea7\u54c1\u6210\u719f\u5ea6\u4f1a\u4ea7\u751f\u8bb8\u591a\u5f71\u54cd\uff1a \u4e13\u4e1a\u77e5\u8bc6\u7684\u53ef\u7528\u6027 \u6d3b\u8dc3\u7684\u5f00\u53d1\u4eba\u5458\u548c\u7528\u6237\u793e\u533a \u66f4\u65b0\u7684\u53ca\u65f6\u6027\u548c\u53ef\u7528\u6027 \u4e8b\u4ef6\u54cd\u5e94 \u901a\u7528\u6807\u51c6 \u00b6 \u901a\u7528\u6807\u51c6\u662f\u4e00\u4e2a\u56fd\u9645\u6807\u51c6\u5316\u7684\u8f6f\u4ef6\u8bc4\u4f30\u8fc7\u7a0b\uff0c\u653f\u5e9c\u548c\u5546\u4e1a\u516c\u53f8\u4f7f\u7528\u5b83\u6765\u9a8c\u8bc1\u8f6f\u4ef6\u6280\u672f\u7684\u6027\u80fd\u662f\u5426\u5982\u5ba3\u4f20\u7684\u90a3\u6837\u3002 \u786c\u4ef6\u95ee\u9898 \u00b6 \u8003\u8651\u8fd0\u884c\u8f6f\u4ef6\u7684\u786c\u4ef6\u7684\u53ef\u652f\u6301\u6027\u3002\u6b64\u5916\uff0c\u8bf7\u8003\u8651\u786c\u4ef6\u4e2d\u53ef\u7528\u7684\u5176\u4ed6\u529f\u80fd\uff0c\u4ee5\u53ca\u60a8\u9009\u62e9\u7684\u8f6f\u4ef6\u5982\u4f55\u652f\u6301\u8fd9\u4e9b\u529f\u80fd\u3002 \u7cfb\u7edf\u6587\u6863 \u00b6 OpenStack \u4e91\u90e8\u7f72\u7684\u7cfb\u7edf\u6587\u6863\u5e94\u9075\u5faa\u7ec4\u7ec7\u4e2d\u4f01\u4e1a\u4fe1\u606f\u6280\u672f\u7cfb\u7edf\u7684\u6a21\u677f\u548c\u6700\u4f73\u5b9e\u8df5\u3002\u7ec4\u7ec7\u901a\u5e38\u6709\u5408\u89c4\u6027\u8981\u6c42\uff0c\u8fd9\u53ef\u80fd\u9700\u8981\u4e00\u4e2a\u6574\u4f53\u7684\u7cfb\u7edf\u5b89\u5168\u8ba1\u5212\u6765\u6e05\u70b9\u548c\u8bb0\u5f55\u7ed9\u5b9a\u7cfb\u7edf\u7684\u67b6\u6784\u3002\u6574\u4e2a\u884c\u4e1a\u90fd\u9762\u4e34\u7740\u4e0e\u8bb0\u5f55\u52a8\u6001\u4e91\u57fa\u7840\u67b6\u6784\u548c\u4fdd\u6301\u4fe1\u606f\u6700\u65b0\u76f8\u5173\u7684\u5171\u540c\u6311\u6218\u3002 \u7cfb\u7edf\u6587\u6863\u8981\u6c42 \u7cfb\u7edf\u89d2\u8272\u548c\u7c7b\u578b \u7cfb\u7edf\u6e05\u5355 \u7f51\u7edc\u62d3\u6251 \u670d\u52a1\u3001\u534f\u8bae\u548c\u7aef\u53e3 \u7cfb\u7edf\u6587\u6863\u8981\u6c42 \u00b6 \u7cfb\u7edf\u89d2\u8272\u548c\u7c7b\u578b \u00b6 \u901a\u5e38\u6784\u6210 OpenStack \u5b89\u88c5\u7684\u4e24\u79cd\u5e7f\u4e49\u8282\u70b9\u7c7b\u578b\u662f\uff1a \u57fa\u7840\u8bbe\u65bd\u8282\u70b9 \u00b6 \u8fd0\u884c\u4e0e\u4e91\u76f8\u5173\u7684\u670d\u52a1\uff0c\u4f8b\u5982 OpenStack Identity \u670d\u52a1\u3001\u6d88\u606f\u961f\u5217\u670d\u52a1\u3001\u5b58\u50a8\u3001\u7f51\u7edc\u4ee5\u53ca\u652f\u6301\u4e91\u8fd0\u884c\u6240\u9700\u7684\u5176\u4ed6\u670d\u52a1\u3002 \u8ba1\u7b97\u3001\u5b58\u50a8\u6216\u5176\u4ed6\u8d44\u6e90\u8282\u70b9 \u00b6 \u4e3a\u4e91\u63d0\u4f9b\u5b58\u50a8\u5bb9\u91cf\u6216\u865a\u62df\u673a\u3002 \u7cfb\u7edf\u6e05\u5355 \u00b6 \u6587\u6863\u5e94\u63d0\u4f9bOpenStack\u73af\u5883\u7684\u4e00\u822c\u63cf\u8ff0\uff0c\u5e76\u6db5\u76d6\u4f7f\u7528\u7684\u6240\u6709\u7cfb\u7edf\uff08\u4f8b\u5982\uff0c\u751f\u4ea7\u3001\u5f00\u53d1\u6216\u6d4b\u8bd5\uff09\u3002\u8bb0\u5f55\u7cfb\u7edf\u7ec4\u4ef6\u3001\u7f51\u7edc\u3001\u670d\u52a1\u548c\u8f6f\u4ef6\u901a\u5e38\u63d0\u4f9b\u5168\u9762\u8986\u76d6\u548c\u8003\u8651\u5b89\u5168\u95ee\u9898\u3001\u653b\u51fb\u5a92\u4ecb\u548c\u53ef\u80fd\u7684\u5b89\u5168\u57df\u6865\u63a5\u70b9\u6240\u9700\u7684\u9e1f\u77b0\u56fe\u3002\u7cfb\u7edf\u6e05\u5355\u53ef\u80fd\u9700\u8981\u6355\u83b7\u4e34\u65f6\u8d44\u6e90\uff0c\u4f8b\u5982\u865a\u62df\u673a\u6216\u865a\u62df\u78c1\u76d8\u5377\uff0c\u5426\u5219\u8fd9\u4e9b\u8d44\u6e90\u5c06\u6210\u4e3a\u4f20\u7edf IT \u7cfb\u7edf\u4e2d\u7684\u6301\u4e45\u6027\u8d44\u6e90\u3002 \u786c\u4ef6\u6e05\u5355 \u00b6 \u5bf9\u4e66\u9762\u6587\u6863\u6ca1\u6709\u4e25\u683c\u5408\u89c4\u6027\u8981\u6c42\u7684\u4e91\u53ef\u80fd\u4f1a\u53d7\u76ca\u4e8e\u914d\u7f6e\u7ba1\u7406\u6570\u636e\u5e93 \uff08CMDB\uff09\u3002CMDB\u901a\u5e38\u7528\u4e8e\u786c\u4ef6\u8d44\u4ea7\u8ddf\u8e2a\u548c\u6574\u4f53\u751f\u547d\u5468\u671f\u7ba1\u7406\u3002\u901a\u8fc7\u5229\u7528 CMDB\uff0c\u7ec4\u7ec7\u53ef\u4ee5\u5feb\u901f\u8bc6\u522b\u4e91\u57fa\u7840\u8bbe\u65bd\u786c\u4ef6\uff0c\u4f8b\u5982\u8ba1\u7b97\u8282\u70b9\u3001\u5b58\u50a8\u8282\u70b9\u6216\u7f51\u7edc\u8bbe\u5907\u3002CMDB\u53ef\u4ee5\u5e2e\u52a9\u8bc6\u522b\u7f51\u7edc\u4e0a\u5b58\u5728\u7684\u8d44\u4ea7\uff0c\u8fd9\u4e9b\u8d44\u4ea7\u53ef\u80fd\u7531\u4e8e\u7ef4\u62a4\u4e0d\u8db3\u3001\u4fdd\u62a4\u4e0d\u8db3\u6216\u88ab\u53d6\u4ee3\u548c\u9057\u5fd8\u800c\u5b58\u5728\u6f0f\u6d1e\u3002\u5982\u679c\u5e95\u5c42\u786c\u4ef6\u652f\u6301\u5fc5\u8981\u7684\u81ea\u52a8\u53d1\u73b0\u529f\u80fd\uff0c\u5219 OpenStack \u7f6e\u5907\u7cfb\u7edf\u53ef\u4ee5\u63d0\u4f9b\u4e00\u4e9b\u57fa\u672c\u7684 CMDB \u529f\u80fd\u3002 \u8f6f\u4ef6\u6e05\u5355 \u00b6 \u4e0e\u786c\u4ef6\u4e00\u6837\uff0cOpenStack \u90e8\u7f72\u4e2d\u7684\u6240\u6709\u8f6f\u4ef6\u7ec4\u4ef6\u90fd\u5e94\u8bb0\u5f55\u5728\u6848\u3002\u793a\u4f8b\u5305\u62ec\uff1a \u7cfb\u7edf\u6570\u636e\u5e93\uff0c\u4f8b\u5982 MySQL \u6216 mongoDB OpenStack \u8f6f\u4ef6\u7ec4\u4ef6\uff0c\u4f8b\u5982 Identity \u6216 Compute \u652f\u6301\u7ec4\u4ef6\uff0c\u4f8b\u5982\u8d1f\u8f7d\u5747\u8861\u5668\u3001\u53cd\u5411\u4ee3\u7406\u3001DNS \u6216 DHCP \u670d\u52a1 \u5728\u8bc4\u4f30\u5e93\u3001\u5e94\u7528\u7a0b\u5e8f\u6216\u8f6f\u4ef6\u7c7b\u522b\u4e2d\u6cc4\u9732\u6216\u6f0f\u6d1e\u7684\u5f71\u54cd\u65f6\uff0c\u8f6f\u4ef6\u7ec4\u4ef6\u7684\u6743\u5a01\u5217\u8868\u53ef\u80fd\u81f3\u5173\u91cd\u8981\u3002 \u7f51\u7edc\u62d3\u6251 \u00b6 \u5e94\u63d0\u4f9b\u7f51\u7edc\u62d3\u6251\uff0c\u5e76\u7a81\u51fa\u663e\u793a\u5b89\u5168\u57df\u4e4b\u95f4\u7684\u6570\u636e\u6d41\u548c\u6865\u63a5\u70b9\u3002\u7f51\u7edc\u5165\u53e3\u548c\u51fa\u53e3\u70b9\u5e94\u4e0e\u4efb\u4f55 OpenStack \u903b\u8f91\u7cfb\u7edf\u8fb9\u754c\u4e00\u8d77\u6807\u8bc6\u3002\u53ef\u80fd\u9700\u8981\u591a\u4e2a\u56fe\u8868\u6765\u63d0\u4f9b\u7cfb\u7edf\u7684\u5b8c\u6574\u89c6\u89c9\u8986\u76d6\u3002\u7f51\u7edc\u62d3\u6251\u6587\u6863\u5e94\u5305\u62ec\u7cfb\u7edf\u4ee3\u8868\u79df\u6237\u521b\u5efa\u7684\u865a\u62df\u7f51\u7edc\uff0c\u4ee5\u53ca OpenStack \u521b\u5efa\u7684\u865a\u62df\u673a\u5b9e\u4f8b\u548c\u7f51\u5173\u3002 \u670d\u52a1\u3001\u534f\u8bae\u548c\u7aef\u53e3 \u00b6 \u4e86\u89e3\u6709\u5173\u7ec4\u7ec7\u8d44\u4ea7\u7684\u4fe1\u606f\u901a\u5e38\u662f\u6700\u4f73\u505a\u6cd5\u3002\u8d44\u4ea7\u8868\u53ef\u4ee5\u5e2e\u52a9\u9a8c\u8bc1\u5b89\u5168\u8981\u6c42\uff0c\u5e76\u5e2e\u52a9\u7ef4\u62a4\u6807\u51c6\u5b89\u5168\u7ec4\u4ef6\uff0c\u4f8b\u5982\u9632\u706b\u5899\u914d\u7f6e\u3001\u670d\u52a1\u7aef\u53e3\u51b2\u7a81\u3001\u5b89\u5168\u4fee\u6b63\u533a\u57df\u548c\u5408\u89c4\u6027\u3002\u6b64\u5916\uff0c\u8be5\u8868\u8fd8\u6709\u52a9\u4e8e\u7406\u89e3 OpenStack \u7ec4\u4ef6\u4e4b\u95f4\u7684\u5173\u7cfb\u3002\u8be5\u8868\u53ef\u80fd\u5305\u62ec\uff1a OpenStack \u90e8\u7f72\u4e2d\u4f7f\u7528\u7684\u670d\u52a1\u3001\u534f\u8bae\u548c\u7aef\u53e3\u3002 \u4e91\u57fa\u7840\u67b6\u6784\u4e2d\u8fd0\u884c\u7684\u6240\u6709\u670d\u52a1\u7684\u6982\u8ff0\u3002 \u5f3a\u70c8\u5efa\u8bae OpenStack \u90e8\u7f72\u8bb0\u5f55\u4e0e\u6b64\u7c7b\u4f3c\u7684\u4fe1\u606f\u3002\u8be5\u8868\u53ef\u4ee5\u6839\u636e\u4ece CMDB \u6d3e\u751f\u7684\u4fe1\u606f\u521b\u5efa\uff0c\u4e5f\u53ef\u4ee5\u624b\u52a8\u6784\u5efa\u3002 \u4e0b\u9762\u63d0\u4f9b\u4e86\u4e00\u4e2a\u8868\u683c\u793a\u4f8b\uff1a \u670d\u52a1 \u534f\u8bae \u7aef\u53e3 \u76ee\u7684 \u4f7f\u7528\u8005 \u5b89\u5168\u57df beam.smp AMQP 5672/tcp AMQP \u6d88\u606f\u670d\u52a1 RabbitMQ \u7ba1\u7406\u57df tgtd iSCSI 3260/tcp iSCSI \u53d1\u8d77\u7a0b\u5e8f\u670d\u52a1 iSCSI \u79c1\u6709\uff08\u6570\u636e\u7f51\u7edc\uff09 sshd ssh 22/tcp \u5141\u8bb8\u5b89\u5168\u767b\u5f55\u5230\u8282\u70b9\u548c\u6765\u5bbe\u865a\u62df\u673a Various \u6309\u9700\u914d\u7f6e\u4f5c\u7528\u4e8e\u7ba1\u7406\u57df\u3001\u516c\u5171\u57df\u548c\u8bbf\u5ba2\u57df mysqld mysql 3306/tcp \u6570\u636e\u5e93\u670d\u52a1 Various \u7ba1\u7406\u57df apache2 http 443/tcp \u4eea\u8868\u677f Tenants \u516c\u5171\u57df dnsmasq dns 53/tcp DNS \u670d\u52a1 Guest VMs \u8bbf\u5ba2\u57df \u7ba1\u7406 \u00b6 \u4e91\u90e8\u7f72\u662f\u4e00\u4e2a\u4e0d\u65ad\u53d8\u5316\u7684\u7cfb\u7edf\u3002\u673a\u5668\u8001\u5316\u548c\u6545\u969c\uff0c\u8f6f\u4ef6\u8fc7\u65f6\uff0c\u6f0f\u6d1e\u88ab\u53d1\u73b0\u3002\u5f53\u914d\u7f6e\u4e2d\u51fa\u73b0\u9519\u8bef\u6216\u9057\u6f0f\u65f6\uff0c\u6216\u8005\u5fc5\u987b\u5e94\u7528\u8f6f\u4ef6\u4fee\u590d\u65f6\uff0c\u5fc5\u987b\u4ee5\u5b89\u5168\u4f46\u65b9\u4fbf\u7684\u65b9\u5f0f\u8fdb\u884c\u8fd9\u4e9b\u66f4\u6539\u3002\u8fd9\u4e9b\u66f4\u6539\u901a\u5e38\u901a\u8fc7\u914d\u7f6e\u7ba1\u7406\u6765\u89e3\u51b3\u3002 \u4fdd\u62a4\u4e91\u90e8\u7f72\u4e0d\u88ab\u6076\u610f\u5b9e\u4f53\u914d\u7f6e\u6216\u64cd\u7eb5\u975e\u5e38\u91cd\u8981\u3002\u7531\u4e8e\u4e91\u4e2d\u7684\u8bb8\u591a\u7cfb\u7edf\u90fd\u91c7\u7528\u8ba1\u7b97\u548c\u7f51\u7edc\u865a\u62df\u5316\uff0c\u56e0\u6b64 OpenStack \u9762\u4e34\u7740\u660e\u663e\u7684\u6311\u6218\uff0c\u5fc5\u987b\u901a\u8fc7\u5b8c\u6574\u6027\u751f\u547d\u5468\u671f\u7ba1\u7406\u6765\u89e3\u51b3\u8fd9\u4e9b\u6311\u6218\u3002 \u7ba1\u7406\u5458\u5fc5\u987b\u5bf9\u4e91\u6267\u884c\u547d\u4ee4\u548c\u63a7\u5236\uff0c\u4ee5\u5b9e\u73b0\u5404\u79cd\u64cd\u4f5c\u529f\u80fd\u3002\u7406\u89e3\u548c\u4fdd\u62a4\u8fd9\u4e9b\u6307\u6325\u548c\u63a7\u5236\u8bbe\u65bd\u975e\u5e38\u91cd\u8981\u3002 \u6301\u7eed\u7684\u7cfb\u7edf\u7ba1\u7406 \u6f0f\u6d1e\u7ba1\u7406 \u914d\u7f6e\u7ba1\u7406 \u5b89\u5168\u5907\u4efd\u548c\u6062\u590d \u5b89\u5168\u5ba1\u8ba1\u5de5\u5177 \u5b8c\u6574\u6027\u751f\u547d\u5468\u671f \u5b89\u5168\u5f15\u5bfc \u8fd0\u884c\u65f6\u9a8c\u8bc1 \u670d\u52a1\u5668\u52a0\u56fa \u7ba1\u7406\u754c\u9762 \u4eea\u8868\u677f OpenStack \u63a5\u53e3 \u5b89\u5168\u5916\u58f3 \uff08SSH\uff09 \u7ba1\u7406\u5b9e\u7528\u7a0b\u5e8f \u5e26\u5916\u7ba1\u7406\u63a5\u53e3 \u6301\u7eed\u7684\u7cfb\u7edf\u7ba1\u7406 \u00b6 \u4e91\u7cfb\u7edf\u603b\u4f1a\u5b58\u5728\u6f0f\u6d1e\uff0c\u5176\u4e2d\u4e00\u4e9b\u53ef\u80fd\u662f\u5b89\u5168\u95ee\u9898\u3002\u56e0\u6b64\uff0c\u51c6\u5907\u597d\u5e94\u7528\u5b89\u5168\u66f4\u65b0\u548c\u5e38\u89c4\u8f6f\u4ef6\u66f4\u65b0\u81f3\u5173\u91cd\u8981\u3002\u8fd9\u6d89\u53ca\u5230\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\u7684\u667a\u80fd\u4f7f\u7528\uff0c\u4e0b\u9762\u5c06\u5bf9\u6b64\u8fdb\u884c\u8ba8\u8bba\u3002\u8fd9\u8fd8\u6d89\u53ca\u4e86\u89e3\u4f55\u65f6\u9700\u8981\u5347\u7ea7\u3002 \u6f0f\u6d1e\u7ba1\u7406 \u00b6 \u6709\u5173\u5b89\u5168\u76f8\u5173\u66f4\u6539\u7684\u516c\u544a\uff0c\u8bf7\u8ba2\u9605 OpenStack Announce \u90ae\u4ef6\u5217\u8868\u3002\u5b89\u5168\u901a\u77e5\u8fd8\u4f1a\u901a\u8fc7\u4e0b\u6e38\u8f6f\u4ef6\u5305\u53d1\u5e03\uff0c\u4f8b\u5982\uff0c\u901a\u8fc7\u60a8\u53ef\u80fd\u4f5c\u4e3a\u8f6f\u4ef6\u5305\u66f4\u65b0\u7684\u4e00\u90e8\u5206\u8ba2\u9605\u7684 Linux \u53d1\u884c\u7248\u3002 OpenStack\u7ec4\u4ef6\u53ea\u662f\u4e91\u4e2d\u8f6f\u4ef6\u7684\u4e00\u5c0f\u90e8\u5206\u3002\u4e0e\u6240\u6709\u8fd9\u4e9b\u5176\u4ed6\u7ec4\u4ef6\u4fdd\u6301\u540c\u6b65\u4e5f\u5f88\u91cd\u8981\u3002\u867d\u7136\u67d0\u4e9b\u6570\u636e\u6e90\u662f\u7279\u5b9a\u4e8e\u90e8\u7f72\u7684\uff0c\u4f46\u4e91\u7ba1\u7406\u5458\u5fc5\u987b\u8ba2\u9605\u5fc5\u8981\u7684\u90ae\u4ef6\u5217\u8868\uff0c\u4ee5\u4fbf\u63a5\u6536\u9002\u7528\u4e8e\u7ec4\u7ec7\u73af\u5883\u7684\u4efb\u4f55\u5b89\u5168\u66f4\u65b0\u7684\u901a\u77e5\u3002\u901a\u5e38\uff0c\u8fd9\u5c31\u50cf\u8ddf\u8e2a\u4e0a\u6e38 Linux \u53d1\u884c\u7248\u4e00\u6837\u7b80\u5355\u3002 \u6ce8\u610f OpenStack \u901a\u8fc7\u4e24\u4e2a\u6e20\u9053\u53d1\u5e03\u5b89\u5168\u4fe1\u606f\u3002 - OpenStack \u5b89\u5168\u516c\u544a \uff08OSSA\uff09 \u7531 OpenStack \u6f0f\u6d1e\u7ba1\u7406\u56e2\u961f \uff08VMT\uff09 \u521b\u5efa\u3002\u5b83\u4eec\u4e0e\u6838\u5fc3OpenStack\u670d\u52a1\u4e2d\u7684\u5b89\u5168\u6f0f\u6d1e\u6709\u5173\u3002\u6709\u5173 VMT \u7684\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u6f0f\u6d1e\u7ba1\u7406\u6d41\u7a0b\u3002 - OpenStack \u5b89\u5168\u8bf4\u660e \uff08OSSN\uff09 \u7531 OpenStack \u5b89\u5168\u7ec4 \uff08OSSG\uff09 \u521b\u5efa\uff0c\u4ee5\u652f\u6301 VMT \u7684\u5de5\u4f5c\u3002OSSN\u89e3\u51b3\u4e86\u652f\u6301\u8f6f\u4ef6\u548c\u5e38\u89c1\u90e8\u7f72\u914d\u7f6e\u4e2d\u7684\u95ee\u9898\u3002\u672c\u6307\u5357\u4e2d\u5f15\u7528\u4e86\u5b83\u4eec\u3002\u5b89\u5168\u8bf4\u660e\u5b58\u6863\u5728OSSN\u4e0a\u3002 \u5206\u7c7b \u00b6 \u6536\u5230\u5b89\u5168\u66f4\u65b0\u901a\u77e5\u540e\uff0c\u4e0b\u4e00\u6b65\u662f\u786e\u5b9a\u6b64\u66f4\u65b0\u5bf9\u7ed9\u5b9a\u4e91\u90e8\u7f72\u7684\u91cd\u8981\u6027\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u62e5\u6709\u9884\u5b9a\u4e49\u7684\u7b56\u7565\u5f88\u6709\u7528\u3002\u73b0\u6709\u7684\u6f0f\u6d1e\u8bc4\u7ea7\u7cfb\u7edf\uff08\u5982\u901a\u7528\u6f0f\u6d1e\u8bc4\u5206\u7cfb\u7edf \uff08CVSS\uff09\uff09\u65e0\u6cd5\u6b63\u786e\u8003\u8651\u4e91\u90e8\u7f72\u3002 \u5728\u6b64\u793a\u4f8b\u4e2d\uff0c\u6211\u4eec\u5f15\u5165\u4e86\u4e00\u4e2a\u8bc4\u5206\u77e9\u9635\uff0c\u8be5\u77e9\u9635\u5c06\u6f0f\u6d1e\u5206\u4e3a\u4e09\u7c7b\uff1a\u6743\u9650\u63d0\u5347\u3001\u62d2\u7edd\u670d\u52a1\u548c\u4fe1\u606f\u6cc4\u9732\u3002\u4e86\u89e3\u6f0f\u6d1e\u7684\u7c7b\u578b\u53ca\u5176\u5728\u57fa\u7840\u67b6\u6784\u4e2d\u53d1\u751f\u7684\u4f4d\u7f6e\u5c06\u4f7f\u60a8\u80fd\u591f\u505a\u51fa\u5408\u7406\u7684\u54cd\u5e94\u51b3\u7b56\u3002 \u6743\u9650\u63d0\u5347\u63cf\u8ff0\u4e86\u7528\u6237\u4f7f\u7528\u7cfb\u7edf\u4e2d\u5176\u4ed6\u7528\u6237\u7684\u6743\u9650\u8fdb\u884c\u64cd\u4f5c\u7684\u80fd\u529b\uff0c\u7ed5\u8fc7\u9002\u5f53\u7684\u6388\u6743\u68c0\u67e5\u3002\u6765\u5bbe\u7528\u6237\u6267\u884c\u7684\u64cd\u4f5c\u5141\u8bb8\u4ed6\u4eec\u4ee5\u7ba1\u7406\u5458\u6743\u9650\u6267\u884c\u672a\u7ecf\u6388\u6743\u7684\u64cd\u4f5c\uff0c\u8fd9\u662f\u6b64\u7c7b\u6f0f\u6d1e\u7684\u4e00\u4e2a\u793a\u4f8b\u3002 \u62d2\u7edd\u670d\u52a1\u662f\u6307\u88ab\u5229\u7528\u7684\u6f0f\u6d1e\uff0c\u53ef\u80fd\u5bfc\u81f4\u670d\u52a1\u6216\u7cfb\u7edf\u4e2d\u65ad\u3002\u8fd9\u65e2\u5305\u62ec\u4f7f\u7f51\u7edc\u8d44\u6e90\u4e0d\u582a\u91cd\u8d1f\u7684\u5206\u5e03\u5f0f\u653b\u51fb\uff0c\u4e5f\u5305\u62ec\u901a\u5e38\u7531\u8d44\u6e90\u5206\u914d\u9519\u8bef\u6216\u8f93\u5165\u5f15\u8d77\u7684\u7cfb\u7edf\u6545\u969c\u7f3a\u9677\u5f15\u8d77\u7684\u5355\u7528\u6237\u653b\u51fb\u3002 \u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u4f1a\u6cc4\u9732\u6709\u5173\u60a8\u7684\u7cfb\u7edf\u6216\u64cd\u4f5c\u7684\u4fe1\u606f\u3002\u8fd9\u4e9b\u6f0f\u6d1e\u7684\u8303\u56f4\u4ece\u8c03\u8bd5\u4fe1\u606f\u6cc4\u9732\u5230\u5173\u952e\u5b89\u5168\u6570\u636e\uff08\u5982\u8eab\u4efd\u9a8c\u8bc1\u51ed\u636e\u548c\u5bc6\u7801\uff09\u7684\u66b4\u9732\u3002 \u653b\u51fb\u8005\u4f4d\u7f6e/\u6743\u9650\u7ea7\u522b \u5916\u90e8 \u4e91\u7528\u6237 \u4e91\u7ba1\u7406\u5458 \u63a7\u5236\u5e73\u9762 \u6743\u9650\u63d0\u5347\uff083 \u7ea7\uff09 \u7d27\u6025 n/a n/a n/a \u6743\u9650\u63d0\u5347\uff082 \u4e2a\u7ea7\u522b\uff09 \u7d27\u6025 \u7d27\u6025 n/a n/a \u7279\u6743\u63d0\u5347\uff081 \u7ea7\uff09 \u7d27\u6025 \u7d27\u6025 \u7d27\u6025 n/a \u62d2\u7edd\u670d\u52a1 \u9ad8 \u4e2d \u4f4e \u4f4e \u4fe1\u606f\u62ab\u9732 \u7d27\u6025/\u9ad8 \u7d27\u6025/\u9ad8 \u4e2d/\u4f4e \u4f4e \u8be5\u8868\u8bf4\u660e\u4e86\u4e00\u79cd\u901a\u7528\u65b9\u6cd5\uff0c\u8be5\u65b9\u6cd5\u6839\u636e\u6f0f\u6d1e\u5728\u90e8\u7f72\u4e2d\u53d1\u751f\u7684\u4f4d\u7f6e\u548c\u5f71\u54cd\u6765\u8861\u91cf\u6f0f\u6d1e\u7684\u5f71\u54cd\u3002\u4f8b\u5982\uff0c\u8ba1\u7b97 API \u8282\u70b9\u4e0a\u7684\u5355\u7ea7\u6743\u9650\u63d0\u5347\u53ef\u80fd\u5141\u8bb8 API \u7684\u6807\u51c6\u7528\u6237\u5347\u7ea7\u4e3a\u5177\u6709\u4e0e\u8282\u70b9\u4e0a\u7684 root \u7528\u6237\u76f8\u540c\u7684\u6743\u9650\u3002 \u6211\u4eec\u5efa\u8bae\u4e91\u7ba1\u7406\u5458\u4f7f\u7528\u6b64\u8868\u4f5c\u4e3a\u6a21\u578b\uff0c\u4ee5\u5e2e\u52a9\u5b9a\u4e49\u8981\u9488\u5bf9\u5404\u79cd\u5b89\u5168\u7ea7\u522b\u6267\u884c\u7684\u64cd\u4f5c\u3002\u4f8b\u5982\uff0c\u5173\u952e\u7ea7\u522b\u7684\u5b89\u5168\u66f4\u65b0\u53ef\u80fd\u9700\u8981\u5feb\u901f\u5347\u7ea7\u4e91\uff0c\u800c\u4f4e\u7ea7\u522b\u7684\u66f4\u65b0\u53ef\u80fd\u9700\u8981\u66f4\u957f\u7684\u65f6\u95f4\u624d\u80fd\u5b8c\u6210\u3002 \u6d4b\u8bd5\u66f4\u65b0 \u00b6 \u5728\u751f\u4ea7\u73af\u5883\u4e2d\u90e8\u7f72\u4efb\u4f55\u66f4\u65b0\u4e4b\u524d\uff0c\u5e94\u5bf9\u5176\u8fdb\u884c\u6d4b\u8bd5\u3002\u901a\u5e38\uff0c\u8fd9\u9700\u8981\u6709\u4e00\u4e2a\u5355\u72ec\u7684\u6d4b\u8bd5\u4e91\u8bbe\u7f6e\uff0c\u8be5\u8bbe\u7f6e\u9996\u5148\u63a5\u6536\u66f4\u65b0\u3002\u5728\u8f6f\u4ef6\u548c\u786c\u4ef6\u65b9\u9762\uff0c\u6b64\u4e91\u5e94\u5c3d\u53ef\u80fd\u63a5\u8fd1\u751f\u4ea7\u4e91\u3002\u5e94\u5728\u6027\u80fd\u5f71\u54cd\u3001\u7a33\u5b9a\u6027\u3001\u5e94\u7528\u7a0b\u5e8f\u5f71\u54cd\u7b49\u65b9\u9762\u5bf9\u66f4\u65b0\u8fdb\u884c\u5168\u9762\u6d4b\u8bd5\u3002\u7279\u522b\u91cd\u8981\u7684\u662f\u9a8c\u8bc1\u66f4\u65b0\u7406\u8bba\u4e0a\u89e3\u51b3\u7684\u95ee\u9898\uff08\u4f8b\u5982\u7279\u5b9a\u6f0f\u6d1e\uff09\u662f\u5426\u5df2\u5b9e\u9645\u4fee\u590d\u3002 \u90e8\u7f72\u66f4\u65b0 \u00b6 \u5b8c\u5168\u6d4b\u8bd5\u66f4\u65b0\u540e\uff0c\u53ef\u4ee5\u5c06\u5176\u90e8\u7f72\u5230\u751f\u4ea7\u73af\u5883\u3002\u5e94\u4f7f\u7528\u4e0b\u9762\u6240\u8ff0\u7684\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\u5b8c\u5168\u81ea\u52a8\u5316\u6b64\u90e8\u7f72\u3002 \u914d\u7f6e\u7ba1\u7406 \u00b6 \u751f\u4ea7\u8d28\u91cf\u7684\u4e91\u5e94\u59cb\u7ec8\u4f7f\u7528\u5de5\u5177\u6765\u81ea\u52a8\u6267\u884c\u914d\u7f6e\u548c\u90e8\u7f72\u3002\u8fd9\u6d88\u9664\u4e86\u4eba\u4e3a\u9519\u8bef\uff0c\u5e76\u5141\u8bb8\u4e91\u66f4\u5feb\u5730\u6269\u5c55\u3002\u81ea\u52a8\u5316\u8fd8\u6709\u52a9\u4e8e\u6301\u7eed\u96c6\u6210\u548c\u6d4b\u8bd5\u3002 \u5728\u6784\u5efa OpenStack \u4e91\u65f6\uff0c\u5f3a\u70c8\u5efa\u8bae\u5728\u8bbe\u8ba1\u548c\u5b9e\u73b0\u65f6\u8003\u8651\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\u6216\u6846\u67b6\u3002\u901a\u8fc7\u914d\u7f6e\u7ba1\u7406\uff0c\u60a8\u53ef\u4ee5\u907f\u514d\u5728\u6784\u5efa\u3001\u7ba1\u7406\u548c\u7ef4\u62a4\u50cf OpenStack \u8fd9\u6837\u590d\u6742\u7684\u57fa\u7840\u67b6\u6784\u65f6\u56fa\u6709\u7684\u8bb8\u591a\u9677\u9631\u3002\u901a\u8fc7\u751f\u6210\u914d\u7f6e\u7ba1\u7406\u5b9e\u7528\u7a0b\u5e8f\u6240\u9700\u7684\u6e05\u5355\u3001\u8bf4\u660e\u4e66\u6216\u6a21\u677f\uff0c\u60a8\u53ef\u4ee5\u6ee1\u8db3\u8bb8\u591a\u6587\u6863\u548c\u6cd5\u89c4\u62a5\u544a\u8981\u6c42\u3002\u6b64\u5916\uff0c\u914d\u7f6e\u7ba1\u7406\u8fd8\u53ef\u4ee5\u4f5c\u4e3a\u4e1a\u52a1\u8fde\u7eed\u6027\u8ba1\u5212 \uff08BCP\uff09 \u548c\u6570\u636e\u6062\u590d \uff08DR\uff09 \u8ba1\u5212\u7684\u4e00\u90e8\u5206\uff0c\u60a8\u53ef\u4ee5\u5728\u5176\u4e2d\u5c06\u8282\u70b9\u6216\u670d\u52a1\u91cd\u5efa\u56de DR \u4e8b\u4ef6\u4e2d\u7684\u5df2\u77e5\u72b6\u6001\u6216\u7ed9\u5b9a\u7684\u59a5\u534f\u72b6\u6001\u3002 \u6b64\u5916\uff0c\u5f53\u4e0e Git \u6216 SVN \u7b49\u7248\u672c\u63a7\u5236\u7cfb\u7edf\u7ed3\u5408\u4f7f\u7528\u65f6\uff0c\u60a8\u53ef\u4ee5\u8ddf\u8e2a\u73af\u5883\u968f\u65f6\u95f4\u63a8\u79fb\u800c\u53d1\u751f\u7684\u66f4\u6539\uff0c\u5e76\u91cd\u65b0\u8c03\u89e3\u53ef\u80fd\u53d1\u751f\u7684\u672a\u7ecf\u6388\u6743\u7684\u66f4\u6539\u3002\u4f8b\u5982\uff0c\u6587\u4ef6 nova.conf \u6216\u5176\u4ed6\u914d\u7f6e\u6587\u4ef6\u4e0d\u7b26\u5408\u60a8\u7684\u6807\u51c6\uff0c\u60a8\u7684\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\u53ef\u4ee5\u8fd8\u539f\u6216\u66ff\u6362\u8be5\u6587\u4ef6\uff0c\u5e76\u5c06\u60a8\u7684\u914d\u7f6e\u6062\u590d\u5230\u5df2\u77e5\u72b6\u6001\u3002\u6700\u540e\uff0c\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\u4e5f\u53ef\u7528\u4e8e\u90e8\u7f72\u66f4\u65b0;\u7b80\u5316\u5b89\u5168\u8865\u4e01\u6d41\u7a0b\u3002\u8fd9\u4e9b\u5de5\u5177\u5177\u6709\u5e7f\u6cdb\u7684\u529f\u80fd\uff0c\u5728\u8be5\u9886\u57df\u975e\u5e38\u6709\u7528\u3002\u4fdd\u62a4\u4e91\u7684\u5173\u952e\u70b9\u662f\u9009\u62e9\u4e00\u79cd\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\u5e76\u4f7f\u7528\u5b83\u3002 \u6709\u8bb8\u591a\u914d\u7f6e\u7ba1\u7406\u89e3\u51b3\u65b9\u6848;\u5728\u64b0\u5199\u672c\u6587\u65f6\uff0c\u5e02\u573a\u4e0a\u6709\u4e24\u4e2a\u5728\u652f\u6301 OpenStack \u73af\u5883\u65b9\u9762\u975e\u5e38\u5f3a\u5927\u7684\u516c\u53f8\uff1aChef \u548c Puppet\u3002\u4e0b\u9762\u63d0\u4f9b\u4e86\u6b64\u7a7a\u95f4\u4e2d\u7684\u5de5\u5177\u7684\u975e\u8be6\u5c3d\u5217\u8868\uff1a Chef Puppet Salt Stack Ansible \u7b56\u7565\u66f4\u6539 \u00b6 \u6bcf\u5f53\u66f4\u6539\u7b56\u7565\u6216\u914d\u7f6e\u7ba1\u7406\u65f6\uff0c\u6700\u597d\u8bb0\u5f55\u6d3b\u52a8\u5e76\u5907\u4efd\u65b0\u96c6\u7684\u526f\u672c\u3002\u901a\u5e38\uff0c\u6b64\u7c7b\u7b56\u7565\u548c\u914d\u7f6e\u5b58\u50a8\u5728\u53d7\u7248\u672c\u63a7\u5236\u7684\u5b58\u50a8\u5e93\uff08\u5982 Git\uff09\u4e2d\u3002 \u5b89\u5168\u5907\u4efd\u548c\u6062\u590d \u00b6 \u5728\u6574\u4e2a\u7cfb\u7edf\u5b89\u5168\u8ba1\u5212\u4e2d\u5305\u62ec\u5907\u4efd\u8fc7\u7a0b\u548c\u7b56\u7565\u975e\u5e38\u91cd\u8981\u3002\u6709\u5173 OpenStack \u5907\u4efd\u548c\u6062\u590d\u529f\u80fd\u548c\u8fc7\u7a0b\u7684\u6982\u8ff0\uff0c\u8bf7\u53c2\u9605\u6709\u5173\u5907\u4efd\u548c\u6062\u590d\u7684 OpenStack \u64cd\u4f5c\u6307\u5357\u3002 \u786e\u4fdd\u53ea\u6709\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u7528\u6237\u548c\u5907\u4efd\u5ba2\u6237\u7aef\u624d\u80fd\u8bbf\u95ee\u5907\u4efd\u670d\u52a1\u5668\u3002 \u4f7f\u7528\u6570\u636e\u52a0\u5bc6\u9009\u9879\u6765\u5b58\u50a8\u548c\u4f20\u8f93\u5907\u4efd\u3002 \u4f7f\u7528\u4e13\u7528\u4e14\u5f3a\u5316\u7684\u5907\u4efd\u670d\u52a1\u5668\u3002\u5907\u4efd\u670d\u52a1\u5668\u7684\u65e5\u5fd7\u5fc5\u987b\u6bcf\u5929\u8fdb\u884c\u76d1\u89c6\uff0c\u5e76\u4e14\u53ea\u6709\u5c11\u6570\u4eba\u53ef\u4ee5\u8bbf\u95ee\u3002 \u5b9a\u671f\u6d4b\u8bd5\u6570\u636e\u6062\u590d\u9009\u9879\uff0c\u5305\u62ec\u5b58\u50a8\u5728\u5b89\u5168\u5907\u4efd\u4e2d\u7684\u955c\u50cf\uff0c\u662f\u786e\u4fdd\u707e\u96be\u6062\u590d\u51c6\u5907\u7684\u5173\u952e\u90e8\u5206\u3002\u5728\u53d1\u751f\u5b89\u5168\u6f0f\u6d1e\u6216\u53d7\u635f\u65f6\uff0c\u7ec8\u6b62\u8fd0\u884c\u4e2d\u7684\u5b9e\u4f8b\u5e76\u4ece\u5df2\u77e5\u7684\u5b89\u5168\u955c\u50cf\u5907\u4efd\u4e2d\u91cd\u65b0\u542f\u52a8\u5b9e\u4f8b\u786e\u5b9e\u662f\u6700\u4f73\u505a\u6cd5\u3002\u8fd9\u6709\u52a9\u4e8e\u786e\u4fdd\u53d7\u635f\u7684\u5b9e\u4f8b\u88ab\u6d88\u9664\uff0c\u5e76\u4e14\u53ef\u4ee5\u8fc5\u901f\u4ece\u5907\u4efd\u7684\u955c\u50cf\u4e2d\u91cd\u65b0\u90e8\u7f72\u5e72\u51c0\u3001\u53ef\u4fe1\u8d56\u7684\u7248\u672c\u3002 \u5b89\u5168\u5ba1\u8ba1\u5de5\u5177 \u00b6 \u5b89\u5168\u5ba1\u6838\u5de5\u5177\u53ef\u4ee5\u8865\u5145\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\u3002\u5b89\u5168\u5ba1\u6838\u5de5\u5177\u53ef\u81ea\u52a8\u6267\u884c\u9a8c\u8bc1\u7ed9\u5b9a\u7cfb\u7edf\u914d\u7f6e\u662f\u5426\u6ee1\u8db3\u5927\u91cf\u5b89\u5168\u63a7\u5236\u7684\u8fc7\u7a0b\u3002\u8fd9\u4e9b\u5de5\u5177\u6709\u52a9\u4e8e\u5f25\u5408\u4ece\u5b89\u5168\u914d\u7f6e\u6307\u5357\u6587\u6863\uff08\u4f8b\u5982\uff0cSTIG \u548c NSA \u6307\u5357\uff09\u5230\u7279\u5b9a\u7cfb\u7edf\u5b89\u88c5\u7684\u5dee\u8ddd\u3002\u4f8b\u5982\uff0cSCAP \u53ef\u4ee5\u5c06\u6b63\u5728\u8fd0\u884c\u7684\u7cfb\u7edf\u4e0e\u9884\u5b9a\u4e49\u7684\u914d\u7f6e\u6587\u4ef6\u8fdb\u884c\u6bd4\u8f83\u3002SCAP \u8f93\u51fa\u4e00\u4efd\u62a5\u544a\uff0c\u8be6\u7ec6\u8bf4\u660e\u914d\u7f6e\u6587\u4ef6\u4e2d\u7684\u54ea\u4e9b\u63a7\u4ef6\u5df2\u6ee1\u8db3\uff0c\u54ea\u4e9b\u63a7\u4ef6\u672a\u901a\u8fc7\uff0c\u54ea\u4e9b\u63a7\u4ef6\u672a\u9009\u4e2d\u3002 \u5c06\u914d\u7f6e\u7ba1\u7406\u548c\u5b89\u5168\u5ba1\u8ba1\u5de5\u5177\u76f8\u7ed3\u5408\uff0c\u5f62\u6210\u4e86\u4e00\u4e2a\u5f3a\u5927\u7684\u7ec4\u5408\u3002\u5ba1\u6838\u5de5\u5177\u5c06\u7a81\u51fa\u663e\u793a\u90e8\u7f72\u95ee\u9898\u3002\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\u7b80\u5316\u4e86\u66f4\u6539\u6bcf\u4e2a\u7cfb\u7edf\u7684\u8fc7\u7a0b\uff0c\u4ee5\u89e3\u51b3\u5ba1\u8ba1\u95ee\u9898\u3002\u4ee5\u8fd9\u79cd\u65b9\u5f0f\u4e00\u8d77\u4f7f\u7528\uff0c\u8fd9\u4e9b\u5de5\u5177\u6709\u52a9\u4e8e\u7ef4\u62a4\u6ee1\u8db3\u4ece\u57fa\u672c\u5f3a\u5316\u5230\u5408\u89c4\u6027\u9a8c\u8bc1\u7b49\u5b89\u5168\u8981\u6c42\u7684\u4e91\u73af\u5883\u3002 \u914d\u7f6e\u7ba1\u7406\u548c\u5b89\u5168\u5ba1\u8ba1\u5de5\u5177\u5c06\u7ed9\u4e91\u5e26\u6765\u53e6\u4e00\u5c42\u590d\u6742\u6027\u3002\u8fd9\u79cd\u590d\u6742\u6027\u5e26\u6765\u4e86\u989d\u5916\u7684\u5b89\u5168\u95ee\u9898\u3002\u8003\u8651\u5230\u5176\u5b89\u5168\u4f18\u52bf\uff0c\u6211\u4eec\u8ba4\u4e3a\u8fd9\u662f\u4e00\u79cd\u53ef\u63a5\u53d7\u7684\u98ce\u9669\u6743\u8861\u3002\u5bf9\u4e8e\u8fd9\u4e9b\u5de5\u5177\u7684\u64cd\u4f5c\u5b89\u5168\u6027\u4fdd\u969c\u8d85\u51fa\u4e86\u672c\u6307\u5357\u7684\u8303\u56f4\u3002 \u5b8c\u6574\u6027\u751f\u547d\u5468\u671f \u00b6 \u6211\u4eec\u5c06\u5b8c\u6574\u6027\u751f\u547d\u5468\u671f\u5b9a\u4e49\u4e3a\u4e00\u4e2a\u6df1\u601d\u719f\u8651\u7684\u8fc7\u7a0b\uff0c\u5b83\u786e\u4fdd\u6211\u4eec\u59cb\u7ec8\u5728\u6574\u4e2a\u4e91\u4e2d\u4ee5\u9884\u671f\u7684\u914d\u7f6e\u8fd0\u884c\u9884\u671f\u7684\u8f6f\u4ef6\u3002\u6b64\u8fc7\u7a0b\u4ece\u5b89\u5168\u5f15\u5bfc\u5f00\u59cb\uff0c\u5e76\u901a\u8fc7\u914d\u7f6e\u7ba1\u7406\u548c\u5b89\u5168\u76d1\u63a7\u8fdb\u884c\u7ef4\u62a4\u3002\u672c\u7ae0\u5c31\u5982\u4f55\u5904\u7406\u5b8c\u6574\u6027\u751f\u547d\u5468\u671f\u8fc7\u7a0b\u63d0\u4f9b\u4e86\u5efa\u8bae\u3002 \u5b89\u5168\u5f15\u5bfc \u00b6 \u4e91\u4e2d\u7684\u8282\u70b9\uff0c\u5305\u62ec\u8ba1\u7b97\u3001\u5b58\u50a8\u3001\u7f51\u7edc\u3001\u670d\u52a1\u548c\u6df7\u5408\u8282\u70b9\uff0c\u5e94\u8be5\u6709\u4e00\u4e2a\u81ea\u52a8\u5316\u7684\u914d\u7f6e\u8fc7\u7a0b\u3002\u8fd9\u786e\u4fdd\u4e86\u8282\u70b9\u7684\u4e00\u81f4\u548c\u6b63\u786e\u914d\u7f6e\u3002\u8fd9\u4e5f\u4fbf\u4e8e\u5b89\u5168\u8865\u4e01\u3001\u5347\u7ea7\u3001\u6545\u969c\u4fee\u590d\u548c\u5176\u4ed6\u5173\u952e\u53d8\u66f4\u3002\u7531\u4e8e\u8fd9\u4e2a\u8fc7\u7a0b\u5b89\u88c5\u4e86\u5728\u4e91\u4e2d\u5177\u6709\u6700\u9ad8\u7279\u6743\u7ea7\u522b\u7684\u65b0\u8f6f\u4ef6\uff0c\u56e0\u6b64\u9a8c\u8bc1\u5b89\u88c5\u6b63\u786e\u7684\u8f6f\u4ef6\u975e\u5e38\u91cd\u8981\uff0c\u5305\u62ec\u542f\u52a8\u8fc7\u7a0b\u7684\u6700\u65e9\u9636\u6bb5\u3002 \u6709\u591a\u79cd\u6280\u672f\u53ef\u4ee5\u9a8c\u8bc1\u8fd9\u4e9b\u65e9\u671f\u542f\u52a8\u9636\u6bb5\u3002\u8fd9\u4e9b\u901a\u5e38\u9700\u8981\u786c\u4ef6\u652f\u6301\uff0c\u4f8b\u5982\u53ef\u4fe1\u5e73\u53f0\u6a21\u5757 \uff08TPM\uff09\u3001\u82f1\u7279\u5c14\u53ef\u4fe1\u6267\u884c\u6280\u672f \uff08TXT\uff09\u3001\u52a8\u6001\u4fe1\u4efb\u6839\u6d4b\u91cf \uff08DRTM\uff09 \u548c\u7edf\u4e00\u53ef\u6269\u5c55\u56fa\u4ef6\u63a5\u53e3 \uff08UEFI\uff09 \u5b89\u5168\u542f\u52a8\u3002\u5728\u672c\u4e66\u4e2d\uff0c\u6211\u4eec\u5c06\u6240\u6709\u8fd9\u4e9b\u7edf\u79f0\u4e3a\u5b89\u5168\u542f\u52a8\u6280\u672f\u3002\u6211\u4eec\u5efa\u8bae\u4f7f\u7528\u5b89\u5168\u542f\u52a8\uff0c\u540c\u65f6\u627f\u8ba4\u90e8\u7f72\u6b64\u542f\u52a8\u6240\u9700\u7684\u8bb8\u591a\u90e8\u5206\u9700\u8981\u9ad8\u7ea7\u6280\u672f\u6280\u80fd\u624d\u80fd\u4e3a\u6bcf\u4e2a\u73af\u5883\u81ea\u5b9a\u4e49\u5de5\u5177\u3002\u4e0e\u672c\u6307\u5357\u4e2d\u7684\u8bb8\u591a\u5176\u4ed6\u5efa\u8bae\u76f8\u6bd4\uff0c\u4f7f\u7528\u5b89\u5168\u542f\u52a8\u9700\u8981\u66f4\u6df1\u5165\u7684\u96c6\u6210\u548c\u81ea\u5b9a\u4e49\u3002TPM \u6280\u672f\u867d\u7136\u5728\u5927\u591a\u6570\u5546\u52a1\u7ea7\u7b14\u8bb0\u672c\u7535\u8111\u548c\u53f0\u5f0f\u673a\u4e2d\u5f88\u5e38\u89c1\u6570\u5e74\uff0c\u4f46\u73b0\u5728\u5df2\u4e0e\u652f\u6301\u7684 BIOS \u4e00\u8d77\u5728\u670d\u52a1\u5668\u4e2d\u53ef\u7528\u3002\u6b63\u786e\u7684\u89c4\u5212\u5bf9\u4e8e\u6210\u529f\u7684\u5b89\u5168\u542f\u52a8\u90e8\u7f72\u81f3\u5173\u91cd\u8981\u3002 \u6709\u5173\u5b89\u5168\u542f\u52a8\u90e8\u7f72\u7684\u5b8c\u6574\u6559\u7a0b\u8d85\u51fa\u4e86\u672c\u4e66\u7684\u8303\u56f4\u3002\u76f8\u53cd\uff0c\u6211\u4eec\u5728\u8fd9\u91cc\u63d0\u4f9b\u4e86\u4e00\u4e2a\u6846\u67b6\uff0c\u7528\u4e8e\u5c06\u5b89\u5168\u542f\u52a8\u6280\u672f\u4e0e\u5178\u578b\u7684\u8282\u70b9\u9884\u914d\u8fc7\u7a0b\u96c6\u6210\u3002\u6709\u5173\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u4e91\u67b6\u6784\u5e08\u5e94\u53c2\u8003\u76f8\u5173\u89c4\u8303\u548c\u8f6f\u4ef6\u914d\u7f6e\u624b\u518c\u3002 \u8282\u70b9\u914d\u7f6e \u00b6 \u8282\u70b9\u5e94\u4f7f\u7528\u9884\u5f15\u5bfc\u6267\u884c\u73af\u5883\uff08PXE\uff09\u8fdb\u884c\u914d\u7f6e\u3002\u8fd9\u5927\u5927\u51cf\u5c11\u4e86\u91cd\u65b0\u90e8\u7f72\u8282\u70b9\u6240\u9700\u7684\u5de5\u4f5c\u91cf\u3002\u5178\u578b\u7684\u8fc7\u7a0b\u6d89\u53ca\u8282\u70b9\u4ece\u670d\u52a1\u5668\u63a5\u6536\u5404\u79cd\u5f15\u5bfc\u9636\u6bb5\uff08\u5373\u6267\u884c\u7684\u8f6f\u4ef6\u9010\u6e10\u590d\u6742\uff09\u3002 \u6211\u4eec\u5efa\u8bae\u5728\u7ba1\u7406\u5b89\u5168\u57df\u4e2d\u4f7f\u7528\u5355\u72ec\u7684\u9694\u79bb\u7f51\u7edc\u8fdb\u884c\u7f6e\u5907\u3002\u6b64\u7f51\u7edc\u5c06\u5904\u7406\u6240\u6709 PXE \u6d41\u91cf\uff0c\u4ee5\u53ca\u4e0a\u9762\u63cf\u8ff0\u7684\u540e\u7eed\u542f\u52a8\u9636\u6bb5\u4e0b\u8f7d\u3002\u8bf7\u6ce8\u610f\uff0c\u8282\u70b9\u5f15\u5bfc\u8fc7\u7a0b\u4ece\u4e24\u4e2a\u4e0d\u5b89\u5168\u7684\u64cd\u4f5c\u5f00\u59cb\uff1aDHCP \u548c TFTP\u3002\u7136\u540e\uff0c\u5f15\u5bfc\u8fc7\u7a0b\u4f7f\u7528 TLS \u4e0b\u8f7d\u90e8\u7f72\u8282\u70b9\u6240\u9700\u7684\u5176\u4f59\u4fe1\u606f\u3002\u8fd9\u53ef\u80fd\u662f\u64cd\u4f5c\u7cfb\u7edf\u5b89\u88c5\u7a0b\u5e8f\u3001\u7531 Chef \u6216 Puppet \u7ba1\u7406\u7684\u57fa\u672c\u5b89\u88c5\uff0c\u751a\u81f3\u662f\u76f4\u63a5\u5199\u5165\u78c1\u76d8\u7684\u5b8c\u6574\u6587\u4ef6\u7cfb\u7edf\u6620\u50cf\u3002 \u867d\u7136\u5728 PXE \u542f\u52a8\u8fc7\u7a0b\u4e2d\u4f7f\u7528 TLS \u66f4\u5177\u6311\u6218\u6027\uff0c\u4f46\u5e38\u89c1\u7684 PXE \u56fa\u4ef6\u9879\u76ee\uff08\u5982 iPXE\uff09\u63d0\u4f9b\u4e86\u8fd9\u79cd\u652f\u6301\u3002\u901a\u5e38\uff0c\u8fd9\u6d89\u53ca\u5728\u4e86\u89e3\u5141\u8bb8\u7684 TLS \u8bc1\u4e66\u94fe\u7684\u60c5\u51b5\u4e0b\u6784\u5efa PXE \u56fa\u4ef6\uff0c\u4ee5\u4fbf\u5b83\u53ef\u4ee5\u6b63\u786e\u9a8c\u8bc1\u670d\u52a1\u5668\u8bc1\u4e66\u3002\u8fd9\u901a\u8fc7\u9650\u5236\u4e0d\u5b89\u5168\u7684\u7eaf\u6587\u672c\u7f51\u7edc\u64cd\u4f5c\u7684\u6570\u91cf\u6765\u63d0\u9ad8\u653b\u51fb\u8005\u7684\u95e8\u69db\u3002 \u9a8c\u8bc1\u542f\u52a8 \u00b6 \u901a\u5e38\uff0c\u6709\u4e24\u79cd\u4e0d\u540c\u7684\u7b56\u7565\u6765\u9a8c\u8bc1\u542f\u52a8\u8fc7\u7a0b\u3002\u4f20\u7edf\u7684\u5b89\u5168\u542f\u52a8\u5c06\u9a8c\u8bc1\u5728\u8fc7\u7a0b\u4e2d\u7684\u6bcf\u4e2a\u6b65\u9aa4\u8fd0\u884c\u7684\u4ee3\u7801\uff0c\u5e76\u5728\u4ee3\u7801\u4e0d\u6b63\u786e\u65f6\u505c\u6b62\u542f\u52a8\u3002\u542f\u52a8\u8bc1\u660e\u5c06\u8bb0\u5f55\u5728\u6bcf\u4e2a\u6b65\u9aa4\u4e2d\u8fd0\u884c\u7684\u4ee3\u7801\uff0c\u5e76\u5c06\u6b64\u4fe1\u606f\u63d0\u4f9b\u7ed9\u53e6\u4e00\u53f0\u8ba1\u7b97\u673a\uff0c\u4ee5\u8bc1\u660e\u542f\u52a8\u8fc7\u7a0b\u6309\u9884\u671f\u5b8c\u6210\u3002\u5728\u8fd9\u4e24\u79cd\u60c5\u51b5\u4e0b\uff0c\u7b2c\u4e00\u6b65\u90fd\u662f\u5728\u8fd0\u884c\u4e4b\u524d\u6d4b\u91cf\u6bcf\u6bb5\u4ee3\u7801\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u6d4b\u91cf\u5b9e\u9645\u4e0a\u662f\u4ee3\u7801\u7684 SHA-1 \u54c8\u5e0c\u503c\uff0c\u5728\u6267\u884c\u4e4b\u524d\u83b7\u53d6\u3002\u54c8\u5e0c\u5b58\u50a8\u5728 TPM \u7684\u5e73\u53f0\u914d\u7f6e\u5bc4\u5b58\u5668 \uff08PCR\uff09 \u4e2d\u3002 \u6ce8\u610f \u6b64\u5904\u4f7f\u7528 SHA-1\uff0c\u56e0\u4e3a\u8fd9\u662f TPM \u82af\u7247\u652f\u6301\u7684\u5185\u5bb9\u3002 \u6bcf\u4e2a TPM \u81f3\u5c11\u6709 24 \u4e2a PCR\u30022005 \u5e74 3 \u6708\u7684 TCG \u901a\u7528\u670d\u52a1\u5668\u89c4\u8303 v1.0 \u5b9a\u4e49\u4e86\u542f\u52a8\u65f6\u5b8c\u6574\u6027\u6d4b\u91cf\u7684 PCR \u5206\u914d\u3002\u4e0b\u8868\u663e\u793a\u4e86\u5178\u578b\u7684PCR\u914d\u7f6e\u3002\u4e0a\u4e0b\u6587\u6307\u793a\u8fd9\u4e9b\u503c\u662f\u6839\u636e\u8282\u70b9\u786c\u4ef6\uff08\u56fa\u4ef6\uff09\u8fd8\u662f\u6839\u636e\u8282\u70b9\u4e0a\u7f6e\u5907\u7684\u8f6f\u4ef6\u786e\u5b9a\u7684\u3002\u67d0\u4e9b\u503c\u53d7\u56fa\u4ef6\u7248\u672c\u3001\u78c1\u76d8\u5927\u5c0f\u548c\u5176\u4ed6\u4f4e\u7ea7\u4fe1\u606f\u7684\u5f71\u54cd\u3002\u56e0\u6b64\uff0c\u5728\u914d\u7f6e\u7ba1\u7406\u65b9\u9762\u91c7\u53d6\u826f\u597d\u7684\u505a\u6cd5\u975e\u5e38\u91cd\u8981\uff0c\u4ee5\u786e\u4fdd\u90e8\u7f72\u7684\u6bcf\u4e2a\u7cfb\u7edf\u90fd\u5b8c\u5168\u6309\u7167\u9884\u671f\u8fdb\u884c\u914d\u7f6e\u3002 \u6ce8\u518c \u6d4b\u91cf\u5185\u5bb9 \u4e0a\u4e0b\u6587 PCR-00 \u6838\u5fc3\u4fe1\u4efb\u6839\u6d4b\u91cf \uff08CRTM\uff09\u3001BIOS \u4ee3\u7801\u3001\u4e3b\u673a\u5e73\u53f0\u6269\u5c55 \u786c\u4ef6 PCR-01 \u4e3b\u673a\u5e73\u53f0\u914d\u7f6e \u786c\u4ef6 PCR-02 \u9009\u9879 ROM \u4ee3\u7801 \u786c\u4ef6 PCR-03 \u9009\u9879 ROM \u914d\u7f6e\u548c\u6570\u636e \u786c\u4ef6 PCR-04 \u521d\u59cb\u7a0b\u5e8f\u52a0\u8f7d\u7a0b\u5e8f \uff08IPL\uff09 \u4ee3\u7801\u3002\u4f8b\u5982\uff0c\u4e3b\u5f15\u5bfc\u8bb0\u5f55\u3002 \u8f6f\u4ef6 PCR-05 IPL \u4ee3\u7801\u914d\u7f6e\u548c\u6570\u636e \u8f6f\u4ef6 PCR-06 \u72b6\u6001\u8f6c\u6362\u548c\u5524\u9192\u4e8b\u4ef6 \u8f6f\u4ef6 PCR-07 \u4e3b\u673a\u5e73\u53f0\u5236\u9020\u5546\u63a7\u5236 \u8f6f\u4ef6 PCR-08 \u7279\u5b9a\u4e8e\u5e73\u53f0\uff0c\u901a\u5e38\u662f\u5185\u6838\u3001\u5185\u6838\u6269\u5c55\u548c\u9a71\u52a8\u7a0b\u5e8f \u8f6f\u4ef6 PCR-09 \u7279\u5b9a\u4e8e\u5e73\u53f0\uff0c\u901a\u5e38\u662f Initramfs \u8f6f\u4ef6 PCR-10 \u81f3 PCR-23 \u7279\u5b9a\u4e8e\u5e73\u53f0 \u8f6f\u4ef6 \u5b89\u5168\u542f\u52a8\u53ef\u80fd\u662f\u6784\u5efa\u4e91\u7684\u4e00\u4e2a\u9009\u9879\uff0c\u4f46\u9700\u8981\u5728\u786c\u4ef6\u9009\u62e9\u65b9\u9762\u8fdb\u884c\u4ed4\u7ec6\u89c4\u5212\u3002\u4f8b\u5982\uff0c\u786e\u4fdd\u60a8\u5177\u6709 TPM \u548c\u82f1\u7279\u5c14 TXT \u652f\u6301\u3002\u7136\u540e\u9a8c\u8bc1\u8282\u70b9\u786c\u4ef6\u4f9b\u5e94\u5546\u5982\u4f55\u586b\u5145 PCR \u503c\u3002\u4f8b\u5982\uff0c\u54ea\u4e9b\u503c\u53ef\u7528\u4e8e\u9a8c\u8bc1\u3002\u901a\u5e38\uff0c\u4e0a\u8868\u4e2d\u8f6f\u4ef6\u4e0a\u4e0b\u6587\u4e0b\u5217\u51fa\u7684 PCR \u503c\u662f\u4e91\u67b6\u6784\u5e08\u53ef\u4ee5\u76f4\u63a5\u63a7\u5236\u7684\u503c\u3002\u4f46\u5373\u4f7f\u8fd9\u4e9b\u4e5f\u53ef\u80fd\u968f\u7740\u4e91\u4e2d\u8f6f\u4ef6\u7684\u5347\u7ea7\u800c\u6539\u53d8\u3002\u914d\u7f6e\u7ba1\u7406\u5e94\u94fe\u63a5\u5230 PCR \u7b56\u7565\u5f15\u64ce\uff0c\u4ee5\u786e\u4fdd\u9a8c\u8bc1\u59cb\u7ec8\u662f\u6700\u65b0\u7684\u3002 \u6bcf\u4e2a\u5236\u9020\u5546\u90fd\u5fc5\u987b\u4e3a\u5176\u670d\u52a1\u5668\u63d0\u4f9b BIOS \u548c\u56fa\u4ef6\u4ee3\u7801\u3002\u4e0d\u540c\u7684\u670d\u52a1\u5668\u3001\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u548c\u64cd\u4f5c\u7cfb\u7edf\u5c06\u9009\u62e9\u586b\u5145\u4e0d\u540c\u7684 PCR\u3002\u5728\u5927\u591a\u6570\u5b9e\u9645\u90e8\u7f72\u4e2d\uff0c\u4e0d\u53ef\u80fd\u6839\u636e\u5df2\u77e5\u7684\u826f\u597d\u6570\u91cf\uff08\u201c\u9ec4\u91d1\u6d4b\u91cf\u201d\uff09\u9a8c\u8bc1\u6bcf\u4e2aPCR\u3002\u7ecf\u9a8c\u8868\u660e\uff0c\u5373\u4f7f\u5728\u5355\u4e2a\u4f9b\u5e94\u5546\u7684\u4ea7\u54c1\u7ebf\u4e2d\uff0c\u7ed9\u5b9aPCR\u7684\u6d4b\u91cf\u8fc7\u7a0b\u4e5f\u53ef\u80fd\u4e0d\u4e00\u81f4\u3002\u5efa\u8bae\u4e3a\u6bcf\u4e2a\u670d\u52a1\u5668\u5efa\u7acb\u57fa\u7ebf\uff0c\u5e76\u76d1\u89c6 PCR \u503c\u4ee5\u67e5\u627e\u610f\u5916\u66f4\u6539\u3002\u7b2c\u4e09\u65b9\u8f6f\u4ef6\u53ef\u80fd\u53ef\u7528\u4e8e\u534f\u52a9 TPM \u9884\u914d\u548c\u76d1\u89c6\u8fc7\u7a0b\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u6240\u9009\u7684\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u89e3\u51b3\u65b9\u6848\u3002 \u521d\u59cb\u7a0b\u5e8f\u52a0\u8f7d\u7a0b\u5e8f \uff08IPL\uff09 \u4ee3\u7801\u5f88\u53ef\u80fd\u662f PXE \u56fa\u4ef6\uff0c\u5047\u8bbe\u91c7\u7528\u4e0a\u8ff0\u8282\u70b9\u90e8\u7f72\u7b56\u7565\u3002\u56e0\u6b64\uff0c\u5b89\u5168\u542f\u52a8\u6216\u542f\u52a8\u8bc1\u660e\u8fc7\u7a0b\u53ef\u4ee5\u6d4b\u91cf\u6240\u6709\u65e9\u671f\u542f\u52a8\u4ee3\u7801\uff0c\u4f8b\u5982 BIOS\u3001\u56fa\u4ef6\u3001PXE \u56fa\u4ef6\u548c\u5185\u6838\u6620\u50cf\u3002\u786e\u4fdd\u6bcf\u4e2a\u8282\u70b9\u90fd\u5b89\u88c5\u4e86\u8fd9\u4e9b\u90e8\u4ef6\u7684\u6b63\u786e\u7248\u672c\uff0c\u4e3a\u6784\u5efa\u8282\u70b9\u8f6f\u4ef6\u5806\u6808\u7684\u5176\u4f59\u90e8\u5206\u5960\u5b9a\u4e86\u575a\u5b9e\u7684\u57fa\u7840\u3002 \u6839\u636e\u6240\u9009\u7684\u7b56\u7565\uff0c\u5728\u53d1\u751f\u6545\u969c\u65f6\uff0c\u8282\u70b9\u5c06\u65e0\u6cd5\u542f\u52a8\uff0c\u6216\u8005\u5b83\u53ef\u4ee5\u5c06\u6545\u969c\u62a5\u544a\u7ed9\u4e91\u4e2d\u7684\u53e6\u4e00\u4e2a\u5b9e\u4f53\u3002\u4e3a\u4e86\u5b9e\u73b0\u5b89\u5168\u5f15\u5bfc\uff0c\u8282\u70b9\u5c06\u65e0\u6cd5\u5f15\u5bfc\uff0c\u7ba1\u7406\u5b89\u5168\u57df\u4e2d\u7684\u7f6e\u5907\u670d\u52a1\u5fc5\u987b\u8bc6\u522b\u8fd9\u4e00\u70b9\u5e76\u8bb0\u5f55\u4e8b\u4ef6\u3002\u5bf9\u4e8e\u542f\u52a8\u8bc1\u660e\uff0c\u5f53\u68c0\u6d4b\u5230\u6545\u969c\u65f6\uff0c\u8282\u70b9\u5c06\u5df2\u7ecf\u5728\u8fd0\u884c\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u5e94\u901a\u8fc7\u7981\u7528\u8282\u70b9\u7684\u7f51\u7edc\u8bbf\u95ee\u6765\u7acb\u5373\u9694\u79bb\u8282\u70b9\u3002\u7136\u540e\uff0c\u5e94\u5206\u6790\u4e8b\u4ef6\u7684\u6839\u672c\u539f\u56e0\u3002\u65e0\u8bba\u54ea\u79cd\u60c5\u51b5\uff0c\u7b56\u7565\u90fd\u5e94\u89c4\u5b9a\u5728\u5931\u8d25\u540e\u5982\u4f55\u7ee7\u7eed\u3002\u4e91\u53ef\u80fd\u4f1a\u81ea\u52a8\u5c1d\u8bd5\u91cd\u65b0\u914d\u7f6e\u8282\u70b9\u4e00\u5b9a\u6b21\u6570\u3002\u6216\u8005\uff0c\u5b83\u53ef\u80fd\u4f1a\u7acb\u5373\u901a\u77e5\u4e91\u7ba1\u7406\u5458\u8c03\u67e5\u95ee\u9898\u3002\u6b64\u5904\u7684\u6b63\u786e\u7b56\u7565\u662f\u7279\u5b9a\u4e8e\u90e8\u7f72\u548c\u6545\u969c\u6a21\u5f0f\u7684\u3002 \u8282\u70b9\u52a0\u56fa \u00b6 \u6b64\u65f6\uff0c\u6211\u4eec\u77e5\u9053\u8282\u70b9\u5df2\u4f7f\u7528\u6b63\u786e\u7684\u5185\u6838\u548c\u5e95\u5c42\u7ec4\u4ef6\u542f\u52a8\u3002\u4e0b\u4e00\u6b65\u662f\u5f3a\u5316\u64cd\u4f5c\u7cfb\u7edf\uff0c\u5b83\u4ece\u4e00\u7ec4\u884c\u4e1a\u516c\u8ba4\u7684\u5f3a\u5316\u63a7\u4ef6\u5f00\u59cb\u3002\u4ee5\u4e0b\u6307\u5357\u662f\u5f88\u597d\u7684\u793a\u4f8b\uff1a \u5b89\u5168\u6280\u672f\u5b9e\u65bd\u6307\u5357 \uff08STIG\uff09 \u56fd\u9632\u4fe1\u606f\u7cfb\u7edf\u5c40 \uff08DISA\uff09\uff08\u96b6\u5c5e\u4e8e\u7f8e\u56fd\u56fd\u9632\u90e8\uff09\u53d1\u5e03\u9002\u7528\u4e8e\u5404\u79cd\u64cd\u4f5c\u7cfb\u7edf\u3001\u5e94\u7528\u7a0b\u5e8f\u548c\u786c\u4ef6\u7684 STIG \u5185\u5bb9\u3002\u8fd9\u4e9b\u63a7\u4ef6\u5728\u672a\u9644\u52a0\u4efb\u4f55\u8bb8\u53ef\u8bc1\u7684\u60c5\u51b5\u4e0b\u53d1\u5e03\u3002 \u4e92\u8054\u7f51\u5b89\u5168\u4e2d\u5fc3 \uff08CIS\uff09 \u57fa\u51c6\u6d4b\u8bd5 CIS \u4f1a\u5b9a\u671f\u53d1\u5e03\u5b89\u5168\u57fa\u51c6\u4ee5\u53ca\u81ea\u52a8\u5e94\u7528\u8fd9\u4e9b\u5b89\u5168\u63a7\u5236\u7684\u81ea\u52a8\u5316\u5de5\u5177\u3002\u8fd9\u4e9b\u57fa\u51c6\u6d4b\u8bd5\u662f\u5728\u5177\u6709\u4e00\u4e9b\u9650\u5236\u7684\u77e5\u8bc6\u5171\u4eab\u8bb8\u53ef\u4e0b\u53d1\u5e03\u7684\u3002 \u8fd9\u4e9b\u5b89\u5168\u63a7\u5236\u6700\u597d\u901a\u8fc7\u81ea\u52a8\u5316\u65b9\u6cd5\u5e94\u7528\u3002\u81ea\u52a8\u5316\u786e\u4fdd\u6bcf\u6b21\u5bf9\u6bcf\u4e2a\u7cfb\u7edf\u90fd\u4ee5\u76f8\u540c\u7684\u65b9\u5f0f\u5e94\u7528\u63a7\u5236\uff0c\u5e76\u4e14\u5b83\u4eec\u8fd8\u63d0\u4f9b\u4e86\u4e00\u79cd\u7528\u4e8e\u5ba1\u6838\u73b0\u6709\u7cfb\u7edf\u7684\u5feb\u901f\u65b9\u6cd5\u3002\u81ea\u52a8\u5316\u6709\u591a\u79cd\u9009\u62e9\uff1a OpenSCAP OpenSCAP \u662f\u4e00\u4e2a\u5f00\u6e90\u5de5\u5177\uff0c\u5b83\u91c7\u7528 SCAP \u5185\u5bb9\uff08\u63cf\u8ff0\u5b89\u5168\u63a7\u5236\u7684 XML \u6587\u4ef6\uff09\u5e76\u5c06\u8be5\u5185\u5bb9\u5e94\u7528\u4e8e\u5404\u79cd\u7cfb\u7edf\u3002\u76ee\u524d\u53ef\u7528\u7684\u5927\u591a\u6570\u5185\u5bb9\u90fd\u9002\u7528\u4e8e Red Hat Enterprise Linux \u548c CentOS\uff0c\u4f46\u8fd9\u4e9b\u5de5\u5177\u9002\u7528\u4e8e\u4efb\u4f55 Linux \u6216 Windows \u7cfb\u7edf\u3002 ansible \u52a0\u56fa ansible-hardening \u9879\u76ee\u63d0\u4f9b\u4e86\u4e00\u4e2a Ansible \u89d2\u8272\uff0c\u53ef\u5c06\u5b89\u5168\u63a7\u5236\u5e94\u7528\u4e8e\u5404\u79cd Linux \u64cd\u4f5c\u7cfb\u7edf\u3002\u5b83\u8fd8\u53ef\u7528\u4e8e\u5ba1\u6838\u73b0\u6709\u7cfb\u7edf\u3002\u4ed4\u7ec6\u68c0\u67e5\u6bcf\u4e2a\u63a7\u5236\u63aa\u65bd\uff0c\u4ee5\u786e\u5b9a\u5b83\u662f\u5426\u53ef\u80fd\u5bf9\u751f\u4ea7\u7cfb\u7edf\u9020\u6210\u635f\u5bb3\u3002\u8fd9\u4e9b\u63a7\u4ef6\u57fa\u4e8e Red Hat Enterprise Linux 7 STIG\u3002 \u5b8c\u5168\u52a0\u56fa\u7684\u7cfb\u7edf\u662f\u4e00\u4e2a\u5177\u6709\u6311\u6218\u6027\u7684\u8fc7\u7a0b\uff0c\u53ef\u80fd\u9700\u8981\u5bf9\u67d0\u4e9b\u7cfb\u7edf\u8fdb\u884c\u5927\u91cf\u66f4\u6539\u3002\u5176\u4e2d\u4e00\u4e9b\u66f4\u6539\u53ef\u80fd\u4f1a\u5f71\u54cd\u751f\u4ea7\u5de5\u4f5c\u8d1f\u8f7d\u3002\u5982\u679c\u7cfb\u7edf\u65e0\u6cd5\u5b8c\u5168\u52a0\u56fa\uff0c\u5f3a\u70c8\u5efa\u8bae\u8fdb\u884c\u4ee5\u4e0b\u4e24\u9879\u66f4\u6539\uff0c\u4ee5\u4fbf\u5728\u4e0d\u9020\u6210\u91cd\u5927\u4e2d\u65ad\u7684\u60c5\u51b5\u4e0b\u63d0\u9ad8\u5b89\u5168\u6027\uff1a \u5f3a\u5236\u8bbf\u95ee\u63a7\u5236 \uff08MAC\uff09 \u00b6 \u5f3a\u5236\u8bbf\u95ee\u63a7\u5236\u4f1a\u5f71\u54cd\u7cfb\u7edf\u4e0a\u7684\u6240\u6709\u7528\u6237\uff0c\u5305\u62ec root\uff0c\u5185\u6838\u7684\u5de5\u4f5c\u662f\u6839\u636e\u5f53\u524d\u5b89\u5168\u7b56\u7565\u5ba1\u67e5\u6d3b\u52a8\u3002\u5982\u679c\u6d3b\u52a8\u4e0d\u5728\u5141\u8bb8\u7684\u7b56\u7565\u8303\u56f4\u5185\uff0c\u5219\u4f1a\u88ab\u963b\u6b62\uff0c\u5373\u4f7f\u5bf9\u4e8e root \u7528\u6237\u4e5f\u662f\u5982\u6b64\u3002\u6709\u5173\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u67e5\u770b\u4e0b\u9762\u5173\u4e8e sVirt\u3001SELinux \u548c AppArmor \u7684\u8ba8\u8bba\u3002 \u5220\u9664\u8f6f\u4ef6\u5305\u5e76\u505c\u6b62\u670d\u52a1 \u00b6 \u786e\u4fdd\u7cfb\u7edf\u5b89\u88c5\u7684\u8f6f\u4ef6\u5305\u6570\u91cf\u5c3d\u53ef\u80fd\u5c11\uff0c\u5e76\u4e14\u8fd0\u884c\u7684\u670d\u52a1\u6570\u91cf\u5c3d\u53ef\u80fd\u5c11\u3002\u5220\u9664\u4e0d\u9700\u8981\u7684\u8f6f\u4ef6\u5305\u53ef\u4ee5\u66f4\u8f7b\u677e\u5730\u8fdb\u884c\u4fee\u8865\uff0c\u5e76\u51cf\u5c11\u7cfb\u7edf\u4e0a\u53ef\u80fd\u5bfc\u81f4\u8fdd\u89c4\u7684\u9879\u76ee\u6570\u91cf\u3002\u505c\u6b62\u4e0d\u9700\u8981\u7684\u670d\u52a1\u4f1a\u7f29\u5c0f\u7cfb\u7edf\u4e0a\u7684\u653b\u51fb\u9762\uff0c\u5e76\u4f7f\u653b\u51fb\u66f4\u52a0\u56f0\u96be\u3002 \u6211\u4eec\u8fd8\u5efa\u8bae\u5bf9\u751f\u4ea7\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u9644\u52a0\u6b65\u9aa4\uff1a \u53ea\u8bfb\u6587\u4ef6\u7cfb\u7edf \u00b6 \u5c3d\u53ef\u80fd\u4f7f\u7528\u53ea\u8bfb\u6587\u4ef6\u7cfb\u7edf\u3002\u786e\u4fdd\u53ef\u5199\u6587\u4ef6\u7cfb\u7edf\u4e0d\u5141\u8bb8\u6267\u884c\u3002\u8fd9\u53ef\u4ee5\u4f7f\u7528 noexec \u4e2d\u7684 \u3001 nosuid \u548c nodev \u6302\u8f7d\u9009\u9879\u6765\u5904\u7406 /etc/fstab \u3002 \u7cfb\u7edf\u9a8c\u8bc1 \u00b6 \u6700\u540e\uff0c\u8282\u70b9\u5185\u6838\u5e94\u8be5\u6709\u4e00\u79cd\u673a\u5236\u6765\u9a8c\u8bc1\u8282\u70b9\u7684\u5176\u4f59\u90e8\u5206\u662f\u5426\u4ee5\u5df2\u77e5\u7684\u826f\u597d\u72b6\u6001\u542f\u52a8\u3002\u8fd9\u63d0\u4f9b\u4e86\u4ece\u5f15\u5bfc\u9a8c\u8bc1\u8fc7\u7a0b\u5230\u9a8c\u8bc1\u6574\u4e2a\u7cfb\u7edf\u7684\u5fc5\u8981\u94fe\u63a5\u3002\u6267\u884c\u6b64\u64cd\u4f5c\u7684\u6b65\u9aa4\u5c06\u7279\u5b9a\u4e8e\u90e8\u7f72\u3002\u4f8b\u5982\uff0c\u5185\u6838\u6a21\u5757\u53ef\u4ee5\u5728\u4f7f\u7528 dm-verity \u6302\u8f7d\u6587\u4ef6\u7cfb\u7edf\u4e4b\u524d\u9a8c\u8bc1\u7ec4\u6210\u6587\u4ef6\u7cfb\u7edf\u7684\u5757\u7684\u54c8\u5e0c\u503c\u3002 \u8fd0\u884c\u65f6\u9a8c\u8bc1 \u00b6 \u4e00\u65e6\u8282\u70b9\u8fd0\u884c\uff0c\u6211\u4eec\u9700\u8981\u786e\u4fdd\u5b83\u968f\u7740\u65f6\u95f4\u7684\u63a8\u79fb\u4fdd\u6301\u826f\u597d\u7684\u72b6\u6001\u3002\u4ece\u5e7f\u4e49\u4e0a\u8bb2\uff0c\u8fd9\u5305\u62ec\u914d\u7f6e\u7ba1\u7406\u548c\u5b89\u5168\u76d1\u63a7\u3002\u8fd9\u4e9b\u9886\u57df\u4e2d\u6bcf\u4e2a\u9886\u57df\u7684\u76ee\u6807\u90fd\u4e0d\u540c\u3002\u901a\u8fc7\u68c0\u67e5\u8fd9\u4e24\u8005\uff0c\u6211\u4eec\u53ef\u4ee5\u66f4\u597d\u5730\u786e\u4fdd\u7cfb\u7edf\u6309\u9884\u671f\u8fd0\u884c\u3002\u6211\u4eec\u5c06\u5728\u7ba1\u7406\u90e8\u5206\u8ba8\u8bba\u914d\u7f6e\u7ba1\u7406\uff0c\u5e76\u5728\u4e0b\u9762\u8ba8\u8bba\u5b89\u5168\u76d1\u63a7\u3002 \u5165\u4fb5\u68c0\u6d4b\u7cfb\u7edf \u00b6 \u57fa\u4e8e\u4e3b\u673a\u7684\u5165\u4fb5\u68c0\u6d4b\u5de5\u5177\u5bf9\u4e8e\u81ea\u52a8\u9a8c\u8bc1\u4e91\u5185\u90e8\u4e5f\u5f88\u6709\u7528\u3002\u6709\u5404\u79cd\u5404\u6837\u7684\u57fa\u4e8e\u4e3b\u673a\u7684\u5165\u4fb5\u68c0\u6d4b\u5de5\u5177\u53ef\u7528\u3002\u6709\u4e9b\u662f\u514d\u8d39\u63d0\u4f9b\u7684\u5f00\u6e90\u9879\u76ee\uff0c\u800c\u53e6\u4e00\u4e9b\u5219\u662f\u5546\u4e1a\u9879\u76ee\u3002\u901a\u5e38\uff0c\u8fd9\u4e9b\u5de5\u5177\u4f1a\u5206\u6790\u6765\u81ea\u5404\u79cd\u6765\u6e90\u7684\u6570\u636e\uff0c\u5e76\u6839\u636e\u89c4\u5219\u96c6\u548c/\u6216\u8bad\u7ec3\u751f\u6210\u5b89\u5168\u8b66\u62a5\u3002\u5178\u578b\u529f\u80fd\u5305\u62ec\u65e5\u5fd7\u5206\u6790\u3001\u6587\u4ef6\u5b8c\u6574\u6027\u68c0\u67e5\u3001\u7b56\u7565\u76d1\u63a7\u548c rootkit \u68c0\u6d4b\u3002\u66f4\u9ad8\u7ea7\uff08\u901a\u5e38\u662f\u81ea\u5b9a\u4e49\uff09\u5de5\u5177\u53ef\u4ee5\u9a8c\u8bc1\u5185\u5b58\u4e2d\u8fdb\u7a0b\u6620\u50cf\u662f\u5426\u4e0e\u78c1\u76d8\u4e0a\u7684\u53ef\u6267\u884c\u6587\u4ef6\u5339\u914d\uff0c\u5e76\u9a8c\u8bc1\u6b63\u5728\u8fd0\u884c\u7684\u8fdb\u7a0b\u7684\u6267\u884c\u72b6\u6001\u3002 \u5bf9\u4e8e\u4e91\u67b6\u6784\u5e08\u6765\u8bf4\uff0c\u4e00\u4e2a\u5173\u952e\u7684\u7b56\u7565\u51b3\u7b56\u662f\u5982\u4f55\u5904\u7406\u5b89\u5168\u76d1\u63a7\u5de5\u5177\u7684\u8f93\u51fa\u3002\u5b9e\u9645\u4e0a\u6709\u4e24\u79cd\u9009\u62e9\u3002\u9996\u5148\u662f\u63d0\u9192\u4eba\u7c7b\u8fdb\u884c\u8c03\u67e5\u548c/\u6216\u91c7\u53d6\u7ea0\u6b63\u63aa\u65bd\u3002\u8fd9\u53ef\u4ee5\u901a\u8fc7\u5728\u4e91\u7ba1\u7406\u5458\u7684\u65e5\u5fd7\u6216\u4e8b\u4ef6\u6e90\u4e2d\u5305\u542b\u5b89\u5168\u8b66\u62a5\u6765\u5b8c\u6210\u3002\u7b2c\u4e8c\u79cd\u9009\u62e9\u662f\u8ba9\u4e91\u81ea\u52a8\u91c7\u53d6\u67d0\u79cd\u5f62\u5f0f\u7684\u8865\u6551\u63aa\u65bd\uff0c\u4ee5\u53ca\u8bb0\u5f55\u4e8b\u4ef6\u3002\u8865\u6551\u63aa\u65bd\u53ef\u80fd\u5305\u62ec\u4ece\u91cd\u65b0\u5b89\u88c5\u8282\u70b9\u5230\u6267\u884c\u6b21\u8981\u670d\u52a1\u914d\u7f6e\u7684\u4efb\u4f55\u5185\u5bb9\u3002\u4f46\u662f\uff0c\u7531\u4e8e\u53ef\u80fd\u5b58\u5728\u8bef\u62a5\uff0c\u81ea\u52a8\u8865\u6551\u63aa\u65bd\u53ef\u80fd\u5177\u6709\u6311\u6218\u6027\u3002 \u5f53\u5b89\u5168\u76d1\u89c6\u5de5\u5177\u4e3a\u826f\u6027\u4e8b\u4ef6\u751f\u6210\u5b89\u5168\u8b66\u62a5\u65f6\uff0c\u4f1a\u53d1\u751f\u8bef\u62a5\u3002\u7531\u4e8e\u5b89\u5168\u76d1\u63a7\u5de5\u5177\u7684\u6027\u8d28\uff0c\u8bef\u62a5\u80af\u5b9a\u4f1a\u4e0d\u65f6\u53d1\u751f\u3002\u901a\u5e38\uff0c\u4e91\u7ba1\u7406\u5458\u53ef\u4ee5\u8c03\u6574\u5b89\u5168\u76d1\u63a7\u5de5\u5177\u4ee5\u51cf\u5c11\u8bef\u62a5\uff0c\u4f46\u8fd9\u4e5f\u53ef\u80fd\u540c\u65f6\u964d\u4f4e\u6574\u4f53\u68c0\u6d4b\u7387\u3002\u5728\u4e91\u4e2d\u8bbe\u7f6e\u5b89\u5168\u76d1\u63a7\u7cfb\u7edf\u65f6\uff0c\u5fc5\u987b\u4e86\u89e3\u5e76\u8003\u8651\u8fd9\u4e9b\u7ecf\u5178\u7684\u6743\u8861\u3002 \u57fa\u4e8e\u4e3b\u673a\u7684\u5165\u4fb5\u68c0\u6d4b\u5de5\u5177\u7684\u9009\u62e9\u548c\u914d\u7f6e\u5177\u6709\u9ad8\u5ea6\u7684\u90e8\u7f72\u7279\u5f02\u6027\u3002\u6211\u4eec\u5efa\u8bae\u4ece\u63a2\u7d22\u4ee5\u4e0b\u5f00\u6e90\u9879\u76ee\u5f00\u59cb\uff0c\u8fd9\u4e9b\u9879\u76ee\u5b9e\u73b0\u4e86\u5404\u79cd\u57fa\u4e8e\u4e3b\u673a\u7684\u5165\u4fb5\u68c0\u6d4b\u548c\u6587\u4ef6\u76d1\u63a7\u529f\u80fd\u3002 OSSEC Samhain Tripwire AIDE \u7f51\u7edc\u5165\u4fb5\u68c0\u6d4b\u5de5\u5177\u662f\u5bf9\u57fa\u4e8e\u4e3b\u673a\u7684\u5de5\u5177\u7684\u8865\u5145\u3002OpenStack \u6ca1\u6709\u5185\u7f6e\u7279\u5b9a\u7684\u7f51\u7edc IDS\uff0c\u4f46 OpenStack Networking \u63d0\u4f9b\u4e86\u4e00\u79cd\u63d2\u4ef6\u673a\u5236\uff0c\u53ef\u4ee5\u901a\u8fc7 Networking API \u542f\u7528\u4e0d\u540c\u7684\u6280\u672f\u3002\u6b64\u63d2\u4ef6\u4f53\u7cfb\u7ed3\u6784\u5c06\u5141\u8bb8\u79df\u6237\u5f00\u53d1 API \u6269\u5c55\uff0c\u4ee5\u63d2\u5165\u548c\u914d\u7f6e\u81ea\u5df1\u7684\u9ad8\u7ea7\u7f51\u7edc\u670d\u52a1\uff0c\u4f8b\u5982\u9632\u706b\u5899\u3001\u5165\u4fb5\u68c0\u6d4b\u7cfb\u7edf\u6216\u865a\u62df\u673a\u4e4b\u95f4\u7684 VPN\u3002 \u4e0e\u57fa\u4e8e\u4e3b\u673a\u7684\u5de5\u5177\u7c7b\u4f3c\uff0c\u57fa\u4e8e\u7f51\u7edc\u7684\u5165\u4fb5\u68c0\u6d4b\u5de5\u5177\u7684\u9009\u62e9\u548c\u914d\u7f6e\u662f\u7279\u5b9a\u4e8e\u90e8\u7f72\u7684\u3002Snort \u662f\u9886\u5148\u7684\u5f00\u6e90\u7f51\u7edc\u5165\u4fb5\u68c0\u6d4b\u5de5\u5177\uff0c\u4e5f\u662f\u4e86\u89e3\u66f4\u591a\u4fe1\u606f\u7684\u826f\u597d\u8d77\u70b9\u3002 \u5bf9\u4e8e\u57fa\u4e8e\u7f51\u7edc\u548c\u4e3b\u673a\u7684\u5165\u4fb5\u68c0\u6d4b\u7cfb\u7edf\uff0c\u6709\u4e00\u4e9b\u91cd\u8981\u7684\u5b89\u5168\u6ce8\u610f\u4e8b\u9879\u3002 \u91cd\u8981\u7684\u662f\u8981\u8003\u8651\u5c06\u7f51\u7edc IDS \u653e\u7f6e\u5728\u4e91\u4e0a\uff08\u4f8b\u5982\uff0c\u5c06\u5176\u6dfb\u52a0\u5230\u7f51\u7edc\u8fb9\u754c\u548c/\u6216\u654f\u611f\u7f51\u7edc\u5468\u56f4\uff09\u3002\u653e\u7f6e\u4f4d\u7f6e\u53d6\u51b3\u4e8e\u60a8\u7684\u7f51\u7edc\u73af\u5883\uff0c\u4f46\u8bf7\u786e\u4fdd\u76d1\u63a7 IDS \u53ef\u80fd\u5bf9\u60a8\u7684\u670d\u52a1\u4ea7\u751f\u7684\u5f71\u54cd\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u60a8\u9009\u62e9\u6dfb\u52a0\u7684\u4f4d\u7f6e\u3002\u7f51\u7edc IDS \u901a\u5e38\u65e0\u6cd5\u68c0\u67e5\u52a0\u5bc6\u6d41\u91cf\uff08\u5982 TLS\uff09\u7684\u5185\u5bb9\u3002\u4f46\u662f\uff0c\u7f51\u7edc IDS \u5728\u8bc6\u522b\u7f51\u7edc\u4e0a\u7684\u5f02\u5e38\u672a\u52a0\u5bc6\u6d41\u91cf\u65b9\u9762\u4ecd\u53ef\u80fd\u63d0\u4f9b\u4e00\u4e9b\u597d\u5904\u3002 \u5728\u67d0\u4e9b\u90e8\u7f72\u4e2d\uff0c\u53ef\u80fd\u9700\u8981\u5728\u5b89\u5168\u57df\u7f51\u6865\u4e0a\u7684\u654f\u611f\u7ec4\u4ef6\u4e0a\u6dfb\u52a0\u57fa\u4e8e\u4e3b\u673a\u7684 IDS\u3002\u57fa\u4e8e\u4e3b\u673a\u7684 IDS \u53ef\u80fd\u4f1a\u901a\u8fc7\u7ec4\u4ef6\u4e0a\u906d\u5230\u5165\u4fb5\u6216\u672a\u7ecf\u6388\u6743\u7684\u8fdb\u7a0b\u6765\u68c0\u6d4b\u5f02\u5e38\u6d3b\u52a8\u3002IDS \u5e94\u5728\u7ba1\u7406\u7f51\u7edc\u4e0a\u4f20\u8f93\u8b66\u62a5\u548c\u65e5\u5fd7\u4fe1\u606f\u3002 \u670d\u52a1\u5668\u52a0\u56fa \u00b6 \u4e91\u73af\u5883\u4e2d\u7684\u670d\u52a1\u5668\uff0c\u5305\u62ec undercloud \u548c overcloud \u57fa\u7840\u67b6\u6784\uff0c\u5e94\u5b9e\u65bd\u5f3a\u5316\u6700\u4f73\u5b9e\u8df5\u3002\u7531\u4e8e\u64cd\u4f5c\u7cfb\u7edf\u548c\u670d\u52a1\u5668\u5f3a\u5316\u5f88\u5e38\u89c1\uff0c\u56e0\u6b64\u6b64\u5904\u4e0d\u6db5\u76d6\u9002\u7528\u7684\u6700\u4f73\u5b9e\u8df5\uff0c\u5305\u62ec\u4f46\u4e0d\u9650\u4e8e\u65e5\u5fd7\u8bb0\u5f55\u3001\u7528\u6237\u5e10\u6237\u9650\u5236\u548c\u5b9a\u671f\u66f4\u65b0\uff0c\u4f46\u5e94\u5e94\u7528\u4e8e\u6240\u6709\u57fa\u7840\u7ed3\u6784\u3002 \u6587\u4ef6\u5b8c\u6574\u6027\u7ba1\u7406\uff08FIM\uff09 \u00b6 \u6587\u4ef6\u5b8c\u6574\u6027\u7ba1\u7406 \uff08FIM\uff09 \u662f\u786e\u4fdd\u654f\u611f\u7cfb\u7edf\u6216\u5e94\u7528\u7a0b\u5e8f\u914d\u7f6e\u6587\u4ef6\u7b49\u6587\u4ef6\u4e0d\u4f1a\u635f\u574f\u6216\u66f4\u6539\u4ee5\u5141\u8bb8\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u6216\u6076\u610f\u884c\u4e3a\u7684\u65b9\u6cd5\u3002\u8fd9\u53ef\u4ee5\u901a\u8fc7\u5b9e\u7528\u7a0b\u5e8f\uff08\u5982 Samhain\uff09\u6765\u5b8c\u6210\uff0c\u8be5\u5b9e\u7528\u7a0b\u5e8f\u5c06\u521b\u5efa\u6307\u5b9a\u8d44\u6e90\u7684\u6821\u9a8c\u548c\u54c8\u5e0c\uff0c\u7136\u540e\u5b9a\u671f\u9a8c\u8bc1\u8be5\u54c8\u5e0c\uff0c\u6216\u8005\u901a\u8fc7 DMVerity \u7b49\u5de5\u5177\u6765\u5b8c\u6210\uff0c\u8be5\u5de5\u5177\u53ef\u4ee5\u83b7\u53d6\u5757\u8bbe\u5907\u7684\u54c8\u5e0c\u503c\uff0c\u5e76\u5728\u7cfb\u7edf\u8bbf\u95ee\u8fd9\u4e9b\u54c8\u5e0c\u503c\u65f6\u5bf9\u5176\u8fdb\u884c\u9a8c\u8bc1\uff0c\u7136\u540e\u518d\u5c06\u5176\u5448\u73b0\u7ed9\u7528\u6237\u3002 \u8fd9\u4e9b\u5e94\u8be5\u653e\u5728\u9002\u5f53\u7684\u4f4d\u7f6e\uff0c\u4ee5\u76d1\u63a7\u548c\u62a5\u544a\u5bf9\u7cfb\u7edf\u3001\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u548c\u5e94\u7528\u7a0b\u5e8f\u914d\u7f6e\u6587\u4ef6\uff08\u5982 \u548c /etc/keystone/keystone.conf \uff09\u4ee5\u53ca\u5185\u6838\u6a21\u5757\uff08\u5982 /etc/pam.d/system-auth virtio\uff09\u7684\u66f4\u6539\u3002\u6700\u4f73\u505a\u6cd5\u662f\u4f7f\u7528 lsmod \u547d\u4ee4\u6765\u663e\u793a\u7cfb\u7edf\u4e0a\u5b9a\u671f\u52a0\u8f7d\u7684\u5185\u5bb9\uff0c\u4ee5\u5e2e\u52a9\u786e\u5b9a FIM \u68c0\u67e5\u4e2d\u5e94\u5305\u542b\u6216\u4e0d\u5e94\u5305\u542b\u7684\u5185\u5bb9\u3002 \u7ba1\u7406\u754c\u9762 \u00b6 \u7ba1\u7406\u5458\u9700\u8981\u5bf9\u4e91\u6267\u884c\u547d\u4ee4\u548c\u63a7\u5236\uff0c\u4ee5\u5b9e\u73b0\u5404\u79cd\u64cd\u4f5c\u529f\u80fd\u3002\u7406\u89e3\u548c\u4fdd\u62a4\u8fd9\u4e9b\u6307\u6325\u548c\u63a7\u5236\u8bbe\u65bd\u975e\u5e38\u91cd\u8981\u3002 OpenStack \u4e3a\u8fd0\u7ef4\u4eba\u5458\u548c\u79df\u6237\u63d0\u4f9b\u4e86\u591a\u79cd\u7ba1\u7406\u754c\u9762\uff1a OpenStack \u4eea\u8868\u677f \uff08horizon\uff09 OpenStack \u63a5\u53e3 \u5b89\u5168\u5916\u58f3 \uff08SSH\uff09 OpenStack \u7ba1\u7406\u5b9e\u7528\u7a0b\u5e8f\uff0c\u4f8b\u5982 nova-manage \u548c glance-manage \u5e26\u5916\u7ba1\u7406\u63a5\u53e3\uff0c\u5982 IPMI \u4eea\u8868\u677f \u00b6 OpenStack \u4eea\u8868\u677f \uff08horizon\uff09 \u4e3a\u7ba1\u7406\u5458\u548c\u79df\u6237\u63d0\u4f9b\u4e86\u4e00\u4e2a\u57fa\u4e8e Web \u7684\u56fe\u5f62\u754c\u9762\uff0c\u7528\u4e8e\u7f6e\u5907\u548c\u8bbf\u95ee\u57fa\u4e8e\u4e91\u7684\u8d44\u6e90\u3002\u4eea\u8868\u677f\u901a\u8fc7\u8c03\u7528 OpenStack API \u4e0e\u540e\u7aef\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\u3002 \u529f\u80fd \u00b6 \u4f5c\u4e3a\u4e91\u7ba1\u7406\u5458\uff0c\u4eea\u8868\u677f\u63d0\u4f9b\u4e91\u5927\u5c0f\u548c\u72b6\u6001\u7684\u6574\u4f53\u89c6\u56fe\u3002\u60a8\u53ef\u4ee5\u521b\u5efa\u7528\u6237\u548c\u79df\u6237/\u9879\u76ee\uff0c\u5c06\u7528\u6237\u5206\u914d\u7ed9\u79df\u6237/\u9879\u76ee\uff0c\u5e76\u5bf9\u53ef\u4f9b\u4ed6\u4eec\u4f7f\u7528\u7684\u8d44\u6e90\u8bbe\u7f6e\u9650\u5236\u3002 \u4eea\u8868\u677f\u4e3a\u79df\u6237\u7528\u6237\u63d0\u4f9b\u4e86\u4e00\u4e2a\u81ea\u52a9\u670d\u52a1\u95e8\u6237\uff0c\u7528\u4e8e\u5728\u7ba1\u7406\u5458\u8bbe\u7f6e\u7684\u9650\u5236\u8303\u56f4\u5185\u9884\u914d\u81ea\u5df1\u7684\u8d44\u6e90\u3002 \u4eea\u8868\u677f\u4e3a\u8def\u7531\u5668\u548c\u8d1f\u8f7d\u5e73\u8861\u5668\u63d0\u4f9b GUI \u652f\u6301\u3002\u4f8b\u5982\uff0c\u4eea\u8868\u677f\u73b0\u5728\u5b9e\u73b0\u4e86\u6240\u6709\u4e3b\u8981\u7684\u7f51\u7edc\u529f\u80fd\u3002 \u5b83\u662f\u4e00\u4e2a\u53ef\u6269\u5c55\u7684 Django Web \u5e94\u7528\u7a0b\u5e8f\uff0c\u5141\u8bb8\u8f7b\u677e\u63d2\u5165\u7b2c\u4e09\u65b9\u4ea7\u54c1\u548c\u670d\u52a1\uff0c\u4f8b\u5982\u8ba1\u8d39\u3001\u76d1\u63a7\u548c\u5176\u4ed6\u7ba1\u7406\u5de5\u5177\u3002 \u4eea\u8868\u677f\u8fd8\u53ef\u4ee5\u4e3a\u670d\u52a1\u63d0\u4f9b\u5546\u548c\u5176\u4ed6\u5546\u4e1a\u4f9b\u5e94\u5546\u6253\u9020\u54c1\u724c\u3002 \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u00b6 \u4eea\u8868\u677f\u8981\u6c42\u5728 Web \u6d4f\u89c8\u5668\u4e2d\u542f\u7528 Cookie \u548c JavaScript\u3002 \u6258\u7ba1\u4eea\u8868\u677f\u7684 Web \u670d\u52a1\u5668\u5e94\u914d\u7f6e\u4e3a\u4f7f\u7528 TLS\uff0c\u4ee5\u786e\u4fdd\u6570\u636e\u5df2\u52a0\u5bc6\u3002 Horizon Web Service \u53ca\u5176\u7528\u4e8e\u4e0e\u540e\u7aef\u901a\u4fe1\u7684 OpenStack API \u90fd\u5bb9\u6613\u53d7\u5230 Web \u653b\u51fb\u5a92\u4ecb\uff08\u5982\u62d2\u7edd\u670d\u52a1\uff09\u7684\u653b\u51fb\uff0c\u56e0\u6b64\u5fc5\u987b\u5bf9\u5176\u8fdb\u884c\u76d1\u63a7\u3002 \u73b0\u5728\u53ef\u4ee5\u901a\u8fc7\u4eea\u8868\u677f\u5c06\u955c\u50cf\u6587\u4ef6\u76f4\u63a5\u4ece\u7528\u6237\u7684\u786c\u76d8\u4e0a\u4f20\u5230 OpenStack \u955c\u50cf\u670d\u52a1\uff08\u5c3d\u7ba1\u5b58\u5728\u8bb8\u591a\u90e8\u7f72/\u5b89\u5168\u9690\u60a3\uff09\u3002\u5bf9\u4e8e\u591a GB \u7684\u6620\u50cf\uff0c\u4ecd\u5f3a\u70c8\u5efa\u8bae\u4f7f\u7528 glance CLI \u8fdb\u884c\u4e0a\u4f20\u3002 \u901a\u8fc7\u4eea\u8868\u76d8\u521b\u5efa\u548c\u7ba1\u7406\u5b89\u5168\u7ec4\u3002\u5b89\u5168\u7ec4\u5141\u8bb8\u5bf9\u5b89\u5168\u7b56\u7565\u8fdb\u884c L3-L4 \u6570\u636e\u5305\u7b5b\u9009\uff0c\u4ee5\u4fdd\u62a4\u865a\u62df\u673a\u3002 \u53c2\u8003\u4e66\u76ee \u00b6 OpenStack.org\uff0cReleaseNotes/Liberty\u30022015. OpenStack Liberty \u53d1\u884c\u8bf4\u660e OpenStack \u63a5\u53e3 \u00b6 OpenStack API \u662f\u4e00\u4e2a RESTful Web \u670d\u52a1\u7aef\u70b9\uff0c\u7528\u4e8e\u8bbf\u95ee\u3001\u914d\u7f6e\u548c\u81ea\u52a8\u5316\u57fa\u4e8e\u4e91\u7684\u8d44\u6e90\u3002\u64cd\u4f5c\u5458\u548c\u7528\u6237\u901a\u5e38\u901a\u8fc7\u547d\u4ee4\u884c\u5b9e\u7528\u7a0b\u5e8f\uff08\u4f8b\u5982\uff0c nova \u6216\uff09\u3001\u7279\u5b9a\u4e8e\u8bed\u8a00\u7684\u5e93\u6216 glance \u7b2c\u4e09\u65b9\u5de5\u5177\u8bbf\u95ee API\u3002 \u529f\u80fd \u00b6 To the cloud administrator, the API provides an overall view of the size and state of the cloud deployment and allows the creation of users, tenants/projects, assigning users to tenants/projects, and specifying resource quotas on a per tenant/project basis. \u5bf9\u4e8e\u4e91\u7ba1\u7406\u5458\u6765\u8bf4\uff0cAPI \u63d0\u4f9b\u4e86\u4e91\u90e8\u7f72\u5927\u5c0f\u548c\u72b6\u6001\u7684\u6574\u4f53\u89c6\u56fe\uff0c\u5e76\u5141\u8bb8\u521b\u5efa\u7528\u6237\u3001\u79df\u6237/\u9879\u76ee\u3001\u5c06\u7528\u6237\u5206\u914d\u7ed9\u79df\u6237/\u9879\u76ee\uff0c\u4ee5\u53ca\u4e3a\u6bcf\u4e2a\u79df\u6237/\u9879\u76ee\u6307\u5b9a\u8d44\u6e90\u914d\u989d\u3002 The API provides a tenant interface for provisioning, managing, and accessing their resources. API \u63d0\u4f9b\u4e86\u4e00\u4e2a\u79df\u6237\u63a5\u53e3\uff0c\u7528\u4e8e\u9884\u914d\u3001\u7ba1\u7406\u548c\u8bbf\u95ee\u5176\u8d44\u6e90\u3002 \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u00b6 \u5e94\u4e3a TLS \u914d\u7f6e API \u670d\u52a1\uff0c\u4ee5\u786e\u4fdd\u6570\u636e\u5df2\u52a0\u5bc6\u3002 \u4f5c\u4e3a Web \u670d\u52a1\uff0cOpenStack API \u5bb9\u6613\u53d7\u5230\u719f\u6089\u7684\u7f51\u7ad9\u653b\u51fb\u5a92\u4ecb\u7684\u5f71\u54cd\uff0c\u4f8b\u5982\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002 \u5b89\u5168\u5916\u58f3 \uff08SSH\uff09 \u00b6 \u4f7f\u7528\u5b89\u5168\u5916\u58f3 \uff08SSH\uff09 \u8bbf\u95ee\u6765\u7ba1\u7406 Linux \u548c Unix \u7cfb\u7edf\u5df2\u6210\u4e3a\u884c\u4e1a\u60ef\u4f8b\u3002SSH \u4f7f\u7528\u5b89\u5168\u7684\u52a0\u5bc6\u539f\u8bed\u8fdb\u884c\u901a\u4fe1\u3002\u9274\u4e8e SSH \u5728\u5178\u578b OpenStack \u90e8\u7f72\u4e2d\u7684\u8303\u56f4\u548c\u91cd\u8981\u6027\uff0c\u4e86\u89e3\u90e8\u7f72 SSH \u7684\u6700\u4f73\u5b9e\u8df5\u975e\u5e38\u91cd\u8981\u3002 \u4e3b\u673a\u5bc6\u94a5\u6307\u7eb9 \u00b6 \u7ecf\u5e38\u88ab\u5ffd\u89c6\u7684\u662f SSH \u4e3b\u673a\u7684\u5bc6\u94a5\u7ba1\u7406\u9700\u6c42\u3002\u7531\u4e8e OpenStack \u90e8\u7f72\u4e2d\u7684\u5927\u591a\u6570\u6216\u6240\u6709\u4e3b\u673a\u90fd\u5c06\u63d0\u4f9b SSH \u670d\u52a1\uff0c\u56e0\u6b64\u5bf9\u4e0e\u8fd9\u4e9b\u4e3b\u673a\u7684\u8fde\u63a5\u5145\u6ee1\u4fe1\u5fc3\u975e\u5e38\u91cd\u8981\u3002\u4e0d\u80fd\u4f4e\u4f30\u7684\u662f\uff0c\u672a\u80fd\u63d0\u4f9b\u5408\u7406\u5b89\u5168\u4e14\u53ef\u8bbf\u95ee\u7684\u65b9\u6cd5\u6765\u9a8c\u8bc1 SSH \u4e3b\u673a\u5bc6\u94a5\u6307\u7eb9\u662f\u6ee5\u7528\u548c\u5229\u7528\u7684\u6210\u719f\u65f6\u673a\u3002 \u6240\u6709 SSH \u5b88\u62a4\u7a0b\u5e8f\u90fd\u5177\u6709\u4e13\u7528\u4e3b\u673a\u5bc6\u94a5\uff0c\u5e76\u5728\u8fde\u63a5\u65f6\u63d0\u4f9b\u4e3b\u673a\u5bc6\u94a5\u6307\u7eb9\u3002\u6b64\u4e3b\u673a\u5bc6\u94a5\u6307\u7eb9\u662f\u672a\u7b7e\u540d\u516c\u94a5\u7684\u54c8\u5e0c\u503c\u3002\u5728\u4e0e\u8fd9\u4e9b\u4e3b\u673a\u5efa\u7acb SSH \u8fde\u63a5\u4e4b\u524d\uff0c\u5fc5\u987b\u77e5\u9053\u8fd9\u4e9b\u4e3b\u673a\u5bc6\u94a5\u6307\u7eb9\u3002\u9a8c\u8bc1\u4e3b\u673a\u5bc6\u94a5\u6307\u7eb9\u6709\u52a9\u4e8e\u68c0\u6d4b\u4e2d\u95f4\u4eba\u653b\u51fb\u3002 \u901a\u5e38\uff0c\u5728\u5b89\u88c5 SSH \u5b88\u62a4\u7a0b\u5e8f\u65f6\uff0c\u5c06\u751f\u6210\u4e3b\u673a\u5bc6\u94a5\u3002\u5728\u4e3b\u673a\u5bc6\u94a5\u751f\u6210\u8fc7\u7a0b\u4e2d\uff0c\u4e3b\u673a\u5fc5\u987b\u5177\u6709\u8db3\u591f\u7684\u71b5\u3002\u4e3b\u673a\u5bc6\u94a5\u751f\u6210\u671f\u95f4\u7684\u71b5\u4e0d\u8db3\u53ef\u80fd\u5bfc\u81f4\u7a83\u542c SSH \u4f1a\u8bdd\u3002 \u751f\u6210 SSH \u4e3b\u673a\u5bc6\u94a5\u540e\uff0c\u4e3b\u673a\u5bc6\u94a5\u6307\u7eb9\u5e94\u5b58\u50a8\u5728\u5b89\u5168\u4e14\u53ef\u67e5\u8be2\u7684\u4f4d\u7f6e\u3002\u4e00\u4e2a\u7279\u522b\u65b9\u4fbf\u7684\u89e3\u51b3\u65b9\u6848\u662f\u4f7f\u7528 RFC-4255 \u4e2d\u5b9a\u4e49\u7684 SSHFP \u8d44\u6e90\u8bb0\u5f55\u7684 DNS\u3002\u4e3a\u4e86\u5b89\u5168\u8d77\u89c1\uff0c\u6709\u5fc5\u8981\u90e8\u7f72 DNSSEC\u3002 \u7ba1\u7406\u5b9e\u7528\u7a0b\u5e8f \u00b6 OpenStack Management Utilities \u662f\u8fdb\u884c API \u8c03\u7528\u7684\u5f00\u6e90 Python \u547d\u4ee4\u884c\u5ba2\u6237\u7aef\u3002\u6bcf\u4e2a OpenStack \u670d\u52a1\u90fd\u6709\u4e00\u4e2a\u5ba2\u6237\u7aef\uff08\u4f8b\u5982\uff0cnova\u3001glance\uff09\u3002\u9664\u4e86\u6807\u51c6\u7684 CLI \u5ba2\u6237\u7aef\u4e4b\u5916\uff0c\u5927\u591a\u6570\u670d\u52a1\u90fd\u5177\u6709\u7ba1\u7406\u547d\u4ee4\u884c\u5b9e\u7528\u7a0b\u5e8f\uff0c\u7528\u4e8e\u76f4\u63a5\u8c03\u7528\u6570\u636e\u5e93\u3002\u8fd9\u4e9b\u4e13\u7528\u7ba1\u7406\u5b9e\u7528\u7a0b\u5e8f\u6b63\u5728\u6162\u6162\u88ab\u5f03\u7528\u3002 \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u00b6 \u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\uff0c\u4e13\u7528\u7ba1\u7406\u5b9e\u7528\u7a0b\u5e8f \uff08*-manage\uff09 \u4f7f\u7528\u76f4\u63a5\u6570\u636e\u5e93\u8fde\u63a5\u3002 \u786e\u4fdd\u5305\u542b\u51ed\u636e\u4fe1\u606f\u7684 .rc \u6587\u4ef6\u662f\u5b89\u5168\u7684\u3002 \u53c2\u8003\u4e66\u76ee \u00b6 OpenStack.org\uff0c\u201cOpenStack \u6700\u7ec8\u7528\u6237\u6307\u5357\u201d\u90e8\u5206\u30022016. OpenStack \u547d\u4ee4\u884c\u5ba2\u6237\u7aef\u6982\u8ff0\u3002 OpenStack.org\uff0c\u4f7f\u7528 OpenStack RC \u6587\u4ef6\u8bbe\u7f6e\u73af\u5883\u53d8\u91cf\u30022016. \u4e0b\u8f7d\u5e76\u83b7\u53d6 OpenStack RC \u6587\u4ef6\u3002 \u5e26\u5916\u7ba1\u7406\u63a5\u53e3 \u00b6 OpenStack \u7ba1\u7406\u4f9d\u8d56\u4e8e\u5e26\u5916\u7ba1\u7406\u63a5\u53e3\uff08\u5982 IPMI \u534f\u8bae\uff09\u6765\u8bbf\u95ee\u8fd0\u884c OpenStack \u7ec4\u4ef6\u7684\u8282\u70b9\u3002IPMI \u662f\u4e00\u79cd\u975e\u5e38\u6d41\u884c\u7684\u89c4\u8303\uff0c\u7528\u4e8e\u8fdc\u7a0b\u7ba1\u7406\u3001\u8bca\u65ad\u548c\u91cd\u65b0\u542f\u52a8\u670d\u52a1\u5668\uff0c\u65e0\u8bba\u64cd\u4f5c\u7cfb\u7edf\u6b63\u5728\u8fd0\u884c\u8fd8\u662f\u7cfb\u7edf\u5d29\u6e83\u3002 \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u00b6 \u4f7f\u7528\u5f3a\u5bc6\u7801\u5e76\u4fdd\u62a4\u5b83\u4eec\uff0c\u6216\u4f7f\u7528\u5ba2\u6237\u7aef TLS \u8eab\u4efd\u9a8c\u8bc1\u3002 \u786e\u4fdd\u7f51\u7edc\u63a5\u53e3\u4f4d\u4e8e\u5176\u81ea\u5df1\u7684\u4e13\u7528\uff08\u7ba1\u7406\u6216\u5355\u72ec\u7684\uff09\u7f51\u7edc\u4e0a\u3002\u4f7f\u7528\u9632\u706b\u5899\u6216\u5176\u4ed6\u7f51\u7edc\u8bbe\u5907\u9694\u79bb\u7ba1\u7406\u57df\u3002 \u5982\u679c\u60a8\u4f7f\u7528 Web \u754c\u9762\u4e0e BMC/IPMI \u4ea4\u4e92\uff0c\u8bf7\u59cb\u7ec8\u4f7f\u7528 TLS \u63a5\u53e3\uff0c\u4f8b\u5982 HTTPS \u6216\u7aef\u53e3 443\u3002\u6b64 TLS \u63a5\u53e3\u4e0d\u5e94\u4f7f\u7528\u81ea\u7b7e\u540d\u8bc1\u4e66\uff08\u901a\u5e38\u662f\u9ed8\u8ba4\u7684\uff09\uff0c\u4f46\u5e94\u5177\u6709\u4f7f\u7528\u6b63\u786e\u5b9a\u4e49\u7684\u5b8c\u5168\u9650\u5b9a\u57df\u540d \uff08FQDN\uff09 \u7684\u53d7\u4fe1\u4efb\u8bc1\u4e66\u3002 \u76d1\u63a7\u7ba1\u7406\u7f51\u7edc\u4e0a\u7684\u6d41\u91cf\u3002\u4e0e\u7e41\u5fd9\u7684\u8ba1\u7b97\u8282\u70b9\u76f8\u6bd4\uff0c\u5f02\u5e38\u53ef\u80fd\u66f4\u5bb9\u6613\u8ddf\u8e2a\u3002 \u5e26\u5916\u7ba1\u7406\u754c\u9762\u901a\u5e38\u8fd8\u5305\u62ec\u56fe\u5f62\u8ba1\u7b97\u673a\u63a7\u5236\u53f0\u8bbf\u95ee\u3002\u8fd9\u4e9b\u63a5\u53e3\u901a\u5e38\u53ef\u4ee5\u52a0\u5bc6\uff0c\u4f46\u4e0d\u4e00\u5b9a\u662f\u9ed8\u8ba4\u7684\u3002\u8bf7\u53c2\u9605\u7cfb\u7edf\u8f6f\u4ef6\u6587\u6863\u4ee5\u52a0\u5bc6\u8fd9\u4e9b\u63a5\u53e3\u3002 \u53c2\u8003\u4e66\u76ee \u00b6 SANS \u6280\u672f\u7814\u7a76\u6240\uff0cInfoSec Handlers \u65e5\u8bb0\u535a\u5ba2\u30022012. \u9ed1\u5ba2\u653b\u51fb\u5df2\u5173\u95ed\u7684\u670d\u52a1\u5668\u3002 \u5b89\u5168\u901a\u4fe1 \u00b6 \u8bbe\u5907\u95f4\u901a\u4fe1\u662f\u4e00\u4e2a\u4e25\u91cd\u7684\u5b89\u5168\u95ee\u9898\u3002\u5728\u5927\u578b\u9879\u76ee\u9519\u8bef\uff08\u5982 Heartbleed\uff09\u6216\u66f4\u9ad8\u7ea7\u7684\u653b\u51fb\uff08\u5982 BEAST \u548c CRIME\uff09\u4e4b\u95f4\uff0c\u901a\u8fc7\u7f51\u7edc\u8fdb\u884c\u5b89\u5168\u901a\u4fe1\u7684\u65b9\u6cd5\u53d8\u5f97\u8d8a\u6765\u8d8a\u91cd\u8981\u3002\u4f46\u662f\uff0c\u5e94\u8be5\u8bb0\u4f4f\uff0c\u52a0\u5bc6\u5e94\u8be5\u4f5c\u4e3a\u66f4\u5927\u7684\u5b89\u5168\u7b56\u7565\u7684\u4e00\u90e8\u5206\u6765\u5e94\u7528\u3002\u7aef\u70b9\u7684\u5165\u4fb5\u610f\u5473\u7740\u653b\u51fb\u8005\u4e0d\u518d\u9700\u8981\u7834\u574f\u6240\u4f7f\u7528\u7684\u52a0\u5bc6\uff0c\u800c\u662f\u80fd\u591f\u5728\u7cfb\u7edf\u5904\u7406\u6d88\u606f\u65f6\u67e5\u770b\u548c\u64cd\u7eb5\u6d88\u606f\u3002 \u672c\u7ae0\u5c06\u56de\u987e\u6709\u5173\u914d\u7f6e TLS \u4ee5\u4fdd\u62a4\u5185\u90e8\u548c\u5916\u90e8\u8d44\u6e90\u7684\u51e0\u4e2a\u529f\u80fd\uff0c\u5e76\u6307\u51fa\u5e94\u7279\u522b\u6ce8\u610f\u7684\u7279\u5b9a\u7c7b\u522b\u7684\u7cfb\u7edf\u3002 TLS \u548c SSL \u7b80\u4ecb \u8bc1\u4e66\u9881\u53d1\u673a\u6784 TLS \u5e93 \u52a0\u5bc6\u7b97\u6cd5\u3001\u5bc6\u7801\u6a21\u5f0f\u548c\u534f\u8bae \u603b\u7ed3 TLS \u4ee3\u7406\u548c HTTP \u670d\u52a1 \u4f8b\u5b50 HTTP \u4e25\u683c\u4f20\u8f93\u5b89\u5168\u6027 \u5b8c\u7f8e\u524d\u5411\u4fdd\u5bc6 \u5b89\u5168\u53c2\u8003\u67b6\u6784 SSL/TLS \u4ee3\u7406\u5728\u524d\u9762 SSL/TLS \u4e0e API \u7aef\u70b9\u4f4d\u4e8e\u540c\u4e00\u7269\u7406\u4e3b\u673a\u4e0a \u8d1f\u8f7d\u5747\u8861\u5668\u4e0a\u7684 SSL/TLS \u5916\u90e8\u548c\u5185\u90e8\u73af\u5883\u7684\u52a0\u5bc6\u5206\u79bb TLS \u548c SSL \u7b80\u4ecb \u00b6 \u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\uff0c\u9700\u8981\u5b89\u5168\u6765\u786e\u4fdd OpenStack \u90e8\u7f72\u4e2d\u7f51\u7edc\u6d41\u91cf\u7684\u673a\u5bc6\u6027\u6216\u5b8c\u6574\u6027\u3002\u8fd9\u901a\u5e38\u662f\u4f7f\u7528\u52a0\u5bc6\u63aa\u65bd\u5b9e\u73b0\u7684\uff0c\u4f8b\u5982\u4f20\u8f93\u5c42\u5b89\u5168\u6027 \uff08TLS\uff09 \u534f\u8bae\u3002 \u5728\u5178\u578b\u90e8\u7f72\u4e2d\uff0c\u901a\u8fc7\u516c\u5171\u7f51\u7edc\u4f20\u8f93\u7684\u6240\u6709\u6d41\u91cf\u90fd\u662f\u5b89\u5168\u7684\uff0c\u4f46\u5b89\u5168\u6700\u4f73\u5b9e\u8df5\u8981\u6c42\u5185\u90e8\u6d41\u91cf\u4e5f\u5fc5\u987b\u5f97\u5230\u4fdd\u62a4\u3002\u4ec5\u4ec5\u4f9d\u9760\u5b89\u5168\u57df\u5206\u79bb\u8fdb\u884c\u4fdd\u62a4\u662f\u4e0d\u591f\u7684\u3002\u5982\u679c\u653b\u51fb\u8005\u83b7\u5f97\u5bf9\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u6216\u4e3b\u673a\u8d44\u6e90\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u7834\u574f API \u7aef\u70b9\u6216\u4efb\u4f55\u5176\u4ed6\u670d\u52a1\uff0c\u5219\u4ed6\u4eec\u4e00\u5b9a\u65e0\u6cd5\u8f7b\u677e\u6ce8\u5165\u6216\u6355\u83b7\u6d88\u606f\u3001\u547d\u4ee4\u6216\u4ee5\u5176\u4ed6\u65b9\u5f0f\u5f71\u54cd\u4e91\u7684\u7ba1\u7406\u529f\u80fd\u3002 \u6240\u6709\u57df\u90fd\u5e94\u4f7f\u7528 TLS \u8fdb\u884c\u4fdd\u62a4\uff0c\u5305\u62ec\u7ba1\u7406\u57df\u670d\u52a1\u548c\u670d\u52a1\u5185\u901a\u4fe1\u3002TLS \u63d0\u4f9b\u4e86\u786e\u4fdd\u7528\u6237\u4e0e OpenStack \u670d\u52a1\u4e4b\u95f4\u4ee5\u53ca OpenStack \u670d\u52a1\u672c\u8eab\u4e4b\u95f4\u901a\u4fe1\u7684\u8eab\u4efd\u9a8c\u8bc1\u3001\u4e0d\u53ef\u5426\u8ba4\u6027\u3001\u673a\u5bc6\u6027\u548c\u5b8c\u6574\u6027\u7684\u673a\u5236\u3002 \u7531\u4e8e\u5b89\u5168\u5957\u63a5\u5b57\u5c42 \uff08SSL\uff09 \u534f\u8bae\u4e2d\u5df2\u53d1\u5e03\u7684\u6f0f\u6d1e\uff0c\u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\u4f18\u5148\u4f7f\u7528 TLS \u800c\u4e0d\u662f SSL\uff0c\u5e76\u4e14\u5728\u4efb\u4f55\u60c5\u51b5\u4e0b\u90fd\u7981\u7528 SSL\uff0c\u9664\u975e\u9700\u8981\u4e0e\u8fc7\u65f6\u7684\u6d4f\u89c8\u5668\u6216\u5e93\u517c\u5bb9\u3002 \u516c\u94a5\u57fa\u7840\u8bbe\u65bd \uff08PKI\uff09 \u662f\u7528\u4e8e\u4fdd\u62a4\u7f51\u7edc\u901a\u4fe1\u7684\u6846\u67b6\u3002\u5b83\u7531\u4e00\u7ec4\u7cfb\u7edf\u548c\u6d41\u7a0b\u7ec4\u6210\uff0c\u4ee5\u786e\u4fdd\u5728\u9a8c\u8bc1\u5404\u65b9\u8eab\u4efd\u7684\u540c\u65f6\u53ef\u4ee5\u5b89\u5168\u5730\u53d1\u9001\u6d41\u91cf\u3002\u6b64\u5904\u63cf\u8ff0\u7684 PKI \u914d\u7f6e\u6587\u4ef6\u662f\u7531 PKIX \u5de5\u4f5c\u7ec4\u5f00\u53d1\u7684 Internet \u5de5\u7a0b\u4efb\u52a1\u7ec4 \uff08IETF\uff09 \u516c\u94a5\u57fa\u7840\u7ed3\u6784 \uff08PKIX\uff09 \u914d\u7f6e\u6587\u4ef6\u3002PKI\u7684\u6838\u5fc3\u7ec4\u4ef6\u5305\u62ec\uff1a \u6570\u5b57\u8bc1\u4e66 \u7b7e\u540d\u516c\u94a5\u8bc1\u4e66\u662f\u5177\u6709\u5b9e\u4f53\u7684\u53ef\u9a8c\u8bc1\u6570\u636e\u3001\u5176\u516c\u94a5\u4ee5\u53ca\u5176\u4ed6\u4e00\u4e9b\u5c5e\u6027\u7684\u6570\u636e\u7ed3\u6784\u3002\u8fd9\u4e9b\u8bc1\u4e66\u7531\u8bc1\u4e66\u9881\u53d1\u673a\u6784 \uff08CA\uff09 \u9881\u53d1\u3002\u7531\u4e8e\u8bc1\u4e66\u7531\u53d7\u4fe1\u4efb\u7684 CA \u7b7e\u540d\uff0c\u56e0\u6b64\u4e00\u65e6\u9a8c\u8bc1\uff0c\u4e0e\u5b9e\u4f53\u5173\u8054\u7684\u516c\u94a5\u5c06\u4fdd\u8bc1\u4e0e\u6240\u8ff0\u5b9e\u4f53\u76f8\u5173\u8054\u3002\u7528\u4e8e\u5b9a\u4e49\u8fd9\u4e9b\u8bc1\u4e66\u7684\u6700\u5e38\u89c1\u6807\u51c6\u662f X.509 \u6807\u51c6\u3002X.509 v3 \u662f\u5f53\u524d\u7684\u6807\u51c6\uff0c\u5728 RFC5280 \u4e2d\u8fdb\u884c\u4e86\u8be6\u7ec6\u63cf\u8ff0\u3002\u8bc1\u4e66\u7531 CA \u9881\u53d1\uff0c\u4f5c\u4e3a\u8bc1\u660e\u5728\u7ebf\u5b9e\u4f53\u8eab\u4efd\u7684\u673a\u5236\u3002CA \u901a\u8fc7\u4ece\u8bc1\u4e66\u521b\u5efa\u6d88\u606f\u6458\u8981\u5e76\u4f7f\u7528\u5176\u79c1\u94a5\u5bf9\u6458\u8981\u8fdb\u884c\u52a0\u5bc6\uff0c\u5bf9\u8bc1\u4e66\u8fdb\u884c\u6570\u5b57\u7b7e\u540d\u3002 \u7ed3\u675f\u5b9e\u4f53 \u4f5c\u4e3a\u8bc1\u4e66\u4e3b\u9898\u7684\u7528\u6237\u3001\u8fdb\u7a0b\u6216\u7cfb\u7edf\u3002\u6700\u7ec8\u5b9e\u4f53\u5c06\u5176\u8bc1\u4e66\u8bf7\u6c42\u53d1\u9001\u5230\u6ce8\u518c\u673a\u6784 \uff08RA\uff09 \u8fdb\u884c\u5ba1\u6279\u3002\u5982\u679c\u83b7\u5f97\u6279\u51c6\uff0cRA \u4f1a\u5c06\u8bf7\u6c42\u8f6c\u53d1\u7ed9\u8bc1\u4e66\u9881\u53d1\u673a\u6784 \uff08CA\uff09\u3002\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u9a8c\u8bc1\u8bf7\u6c42\uff0c\u5982\u679c\u4fe1\u606f\u6b63\u786e\uff0c\u5219\u751f\u6210\u8bc1\u4e66\u5e76\u7b7e\u540d\u3002\u7136\u540e\uff0c\u6b64\u7b7e\u540d\u8bc1\u4e66\u5c06\u53d1\u9001\u5230\u8bc1\u4e66\u5b58\u50a8\u5e93\u3002 \u4fe1\u8d56\u65b9 \u63a5\u6536\u6570\u5b57\u7b7e\u540d\u8bc1\u4e66\u7684\u7ec8\u7ed3\u70b9\uff0c\u8be5\u8bc1\u4e66\u53ef\u53c2\u8003\u8bc1\u4e66\u4e0a\u5217\u51fa\u7684\u516c\u94a5\u8fdb\u884c\u9a8c\u8bc1\u3002\u4fe1\u8d56\u65b9\u5e94\u80fd\u591f\u9a8c\u8bc1\u8bc1\u4e66\u7684\u94fe\u4e0a\uff0c\u786e\u4fdd\u5b83\u4e0d\u5b58\u5728\u4e8e CRL \u4e2d\uff0c\u5e76\u4e14\u8fd8\u5fc5\u987b\u80fd\u591f\u9a8c\u8bc1\u8bc1\u4e66\u7684\u5230\u671f\u65e5\u671f\u3002 \u8bc1\u4e66\u9881\u53d1\u673a\u6784 \uff08CA\uff09 CA \u662f\u53d7\u4fe1\u4efb\u7684\u5b9e\u4f53\uff0c\u65e0\u8bba\u662f\u6700\u7ec8\u65b9\u8fd8\u662f\u4f9d\u8d56\u8bc1\u4e66\u8fdb\u884c\u8bc1\u4e66\u7b56\u7565\u3001\u7ba1\u7406\u5904\u7406\u548c\u8bc1\u4e66\u9881\u53d1\u7684\u4e00\u65b9\u3002 \u6ce8\u518c\u673a\u6784 \uff08RA\uff09 CA \u5c06\u67d0\u4e9b\u7ba1\u7406\u529f\u80fd\u59d4\u6d3e\u7ed9\u7684\u53ef\u9009\u7cfb\u7edf\uff0c\u8fd9\u5305\u62ec\u5728 CA \u9881\u53d1\u8bc1\u4e66\u4e4b\u524d\u5bf9\u7ec8\u7aef\u5b9e\u4f53\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u7b49\u529f\u80fd\u3002 \u8bc1\u4e66\u540a\u9500\u5217\u8868 \uff08CRL\uff09 \u8bc1\u4e66\u540a\u9500\u5217\u8868 \uff08CRL\uff09 \u662f\u5df2\u540a\u9500\u7684\u8bc1\u4e66\u5e8f\u5217\u53f7\u5217\u8868\u3002\u5728 PKI \u6a21\u578b\u4e2d\uff0c\u4e0d\u5e94\u4fe1\u4efb\u63d0\u4f9b\u8fd9\u4e9b\u8bc1\u4e66\u7684\u6700\u7ec8\u5b9e\u4f53\u3002\u540a\u9500\u53ef\u80fd\u7531\u4e8e\u591a\u79cd\u539f\u56e0\u800c\u53d1\u751f\uff0c\u4f8b\u5982\u5bc6\u94a5\u6cc4\u9732\u3001CA \u6cc4\u9732\u3002 CRL \u53d1\u884c\u4eba CA \u5c06\u8bc1\u4e66\u540a\u9500\u5217\u8868\u7684\u53d1\u5e03\u59d4\u6258\u7ed9\u7684\u53ef\u9009\u7cfb\u7edf\u3002 \u8bc1\u4e66\u5b58\u50a8\u5e93 \u5b58\u50a8\u548c\u67e5\u627e\u6700\u7ec8\u5b9e\u4f53\u8bc1\u4e66\u548c\u8bc1\u4e66\u540a\u9500\u5217\u8868\u7684\u4f4d\u7f6e - \u6709\u65f6\u79f0\u4e3a\u8bc1\u4e66\u6346\u7ed1\u5305\u3002 PKI \u6784\u5efa\u4e86\u4e00\u4e2a\u6846\u67b6\uff0c\u7528\u4e8e\u63d0\u4f9b\u52a0\u5bc6\u7b97\u6cd5\u3001\u5bc6\u7801\u6a21\u5f0f\u548c\u534f\u8bae\uff0c\u4ee5\u4fdd\u62a4\u6570\u636e\u548c\u8eab\u4efd\u9a8c\u8bc1\u3002\u5f3a\u70c8\u5efa\u8bae\u4f7f\u7528\u516c\u94a5\u57fa\u7840\u7ed3\u6784 \uff08PKI\uff09 \u4fdd\u62a4\u6240\u6709\u670d\u52a1\uff0c\u5305\u62ec\u5bf9 API \u7ec8\u7ed3\u70b9\u4f7f\u7528 TLS\u3002\u4ec5\u9760\u4f20\u8f93\u6216\u6d88\u606f\u7684\u52a0\u5bc6\u6216\u7b7e\u540d\u662f\u4e0d\u53ef\u80fd\u89e3\u51b3\u6240\u6709\u8fd9\u4e9b\u95ee\u9898\u7684\u3002\u4e3b\u673a\u672c\u8eab\u5fc5\u987b\u662f\u5b89\u5168\u7684\uff0c\u5e76\u5b9e\u65bd\u7b56\u7565\u3001\u547d\u540d\u7a7a\u95f4\u548c\u5176\u4ed6\u63a7\u5236\u63aa\u65bd\u6765\u4fdd\u62a4\u5176\u79c1\u6709\u51ed\u636e\u548c\u5bc6\u94a5\u3002\u4f46\u662f\uff0c\u5bc6\u94a5\u7ba1\u7406\u548c\u4fdd\u62a4\u7684\u6311\u6218\u5e76\u6ca1\u6709\u51cf\u5c11\u8fd9\u4e9b\u63a7\u5236\u7684\u5fc5\u8981\u6027\uff0c\u4e5f\u6ca1\u6709\u964d\u4f4e\u5b83\u4eec\u7684\u91cd\u8981\u6027\u3002 \u8bc1\u4e66\u9881\u53d1\u673a\u6784 \u00b6 \u8bb8\u591a\u7ec4\u7ec7\u90fd\u5efa\u7acb\u4e86\u516c\u94a5\u57fa\u7840\u8bbe\u65bd\uff0c\u5176\u4e2d\u5305\u542b\u81ea\u5df1\u7684\u8bc1\u4e66\u9881\u53d1\u673a\u6784 \uff08CA\uff09\u3001\u8bc1\u4e66\u7b56\u7565\u548c\u7ba1\u7406\uff0c\u4ed6\u4eec\u5e94\u8be5\u4f7f\u7528\u8fd9\u4e9b\u8bc1\u4e66\u4e3a\u5185\u90e8 OpenStack \u7528\u6237\u6216\u670d\u52a1\u9881\u53d1\u8bc1\u4e66\u3002\u516c\u5171\u5b89\u5168\u57df\u9762\u5411 Internet \u7684\u7ec4\u7ec7\u8fd8\u9700\u8981\u7531\u5e7f\u6cdb\u8ba4\u53ef\u7684\u516c\u5171 CA \u7b7e\u540d\u7684\u8bc1\u4e66\u3002\u5bf9\u4e8e\u901a\u8fc7\u7ba1\u7406\u7f51\u7edc\u8fdb\u884c\u7684\u52a0\u5bc6\u901a\u4fe1\uff0c\u5efa\u8bae\u4e0d\u8981\u4f7f\u7528\u516c\u5171 CA\u3002\u76f8\u53cd\uff0c\u6211\u4eec\u671f\u671b\u5e76\u5efa\u8bae\u5927\u591a\u6570\u90e8\u7f72\u90e8\u7f72\u81ea\u5df1\u7684\u5185\u90e8 CA\u3002 \u5efa\u8bae OpenStack \u4e91\u67b6\u6784\u5e08\u8003\u8651\u5bf9\u5185\u90e8\u7cfb\u7edf\u548c\u9762\u5411\u5ba2\u6237\u7684\u670d\u52a1\u4f7f\u7528\u5355\u72ec\u7684 PKI \u90e8\u7f72\u3002\u8fd9\u4f7f\u4e91\u90e8\u7f72\u4eba\u5458\u80fd\u591f\u4fdd\u6301\u5bf9\u5176 PKI \u57fa\u7840\u8bbe\u65bd\u7684\u63a7\u5236\uff0c\u5e76\u4e14\u4f7f\u5185\u90e8\u7cfb\u7edf\u7684\u8bc1\u4e66\u8bf7\u6c42\u3001\u7b7e\u540d\u548c\u90e8\u7f72\u53d8\u5f97\u66f4\u52a0\u5bb9\u6613\u3002\u9ad8\u7ea7\u914d\u7f6e\u53ef\u4ee5\u5bf9\u4e0d\u540c\u7684\u5b89\u5168\u57df\u4f7f\u7528\u5355\u72ec\u7684 PKI \u90e8\u7f72\u3002\u8fd9\u5141\u8bb8\u90e8\u7f72\u4eba\u5458\u4fdd\u6301\u73af\u5883\u7684\u52a0\u5bc6\u9694\u79bb\uff0c\u786e\u4fdd\u9881\u53d1\u7ed9\u4e00\u4e2a\u73af\u5883\u7684\u8bc1\u4e66\u4e0d\u88ab\u53e6\u4e00\u4e2a\u73af\u5883\u8bc6\u522b\u3002 \u7528\u4e8e\u5728\u9762\u5411 Internet \u7684\u4e91\u7aef\u70b9\uff08\u6216\u5ba2\u6237\u63a5\u53e3\uff0c\u5176\u4e2d\u5ba2\u6237\u9884\u8ba1\u4e0d\u4f1a\u5b89\u88c5\u9664\u6807\u51c6\u64cd\u4f5c\u7cfb\u7edf\u63d0\u4f9b\u7684\u8bc1\u4e66\u6346\u7ed1\u5305\u4ee5\u5916\u7684\u4efb\u4f55\u5185\u5bb9\uff09\u4e0a\u652f\u6301 TLS \u7684\u8bc1\u4e66\u5e94\u4f7f\u7528\u5b89\u88c5\u5728\u64cd\u4f5c\u7cfb\u7edf\u8bc1\u4e66\u6346\u7ed1\u5305\u4e2d\u7684\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u8fdb\u884c\u9884\u914d\u3002\u5178\u578b\u7684\u77e5\u540d\u4f9b\u5e94\u5546\u5305\u62ec Let's Encrypt\u3001Verisign \u548c Thawte\uff0c\u4f46\u8fd8\u6709\u8bb8\u591a\u5176\u4ed6\u4f9b\u5e94\u5546\u3002 \u5728\u521b\u5efa\u548c\u7b7e\u7f72\u8bc1\u4e66\u65b9\u9762\u5b58\u5728\u7ba1\u7406\u3001\u7b56\u7565\u548c\u6280\u672f\u65b9\u9762\u7684\u6311\u6218\u3002\u5728\u8fd9\u4e2a\u9886\u57df\uff0c\u4e91\u67b6\u6784\u5e08\u6216\u64cd\u4f5c\u5458\u53ef\u80fd\u5e0c\u671b\u5bfb\u6c42\u884c\u4e1a\u9886\u5bfc\u8005\u548c\u4f9b\u5e94\u5546\u7684\u5efa\u8bae\uff0c\u4ee5\u53ca\u6b64\u5904\u63a8\u8350\u7684\u6307\u5bfc\u3002 TLS \u5e93 \u00b6 OpenStack \u751f\u6001\u7cfb\u7edf\u4e2d\u7684\u7ec4\u4ef6\u3001\u670d\u52a1\u548c\u5e94\u7528\u7a0b\u5e8f\u6216 OpenStack \u7684\u4f9d\u8d56\u9879\u5df2\u5b9e\u73b0\u6216\u53ef\u4ee5\u914d\u7f6e\u4e3a\u4f7f\u7528 TLS \u5e93\u3002OpenStack \u4e2d\u7684 TLS \u548c HTTP \u670d\u52a1\u901a\u5e38\u4f7f\u7528 OpenSSL \u5b9e\u73b0\uff0cOpenSSL \u5177\u6709\u5df2\u9488\u5bf9 FIPS 140-2 \u9a8c\u8bc1\u7684\u6a21\u5757\u3002\u4f46\u662f\uff0c\u8bf7\u8bb0\u4f4f\uff0c\u6bcf\u4e2a\u5e94\u7528\u7a0b\u5e8f\u6216\u670d\u52a1\u5728\u4f7f\u7528 OpenSSL \u5e93\u7684\u65b9\u5f0f\u4e0a\u4ecd\u53ef\u80fd\u5f15\u5165\u5f31\u70b9\u3002 \u52a0\u5bc6\u7b97\u6cd5\u3001\u5bc6\u7801\u6a21\u5f0f\u548c\u534f\u8bae \u00b6 \u5efa\u8bae\u81f3\u5c11\u4f7f\u7528 TLS 1.2\u3002\u65e7\u7248\u672c\uff08\u5982 TLS 1.0\u30011.1 \u548c\u6240\u6709\u7248\u672c\u7684 SSL\uff08TLS \u7684\u524d\u8eab\uff09\u5bb9\u6613\u53d7\u5230\u591a\u79cd\u516c\u5f00\u5df2\u77e5\u7684\u653b\u51fb\uff0c\u56e0\u6b64\u4e0d\u5f97\u4f7f\u7528\u3002TLS 1.2 \u53ef\u7528\u4e8e\u5e7f\u6cdb\u7684\u5ba2\u6237\u7aef\u517c\u5bb9\u6027\uff0c\u4f46\u5728\u542f\u7528\u6b64\u534f\u8bae\u65f6\u8981\u5c0f\u5fc3\u3002\u4ec5\u5f53\u5b58\u5728\u5f3a\u5236\u6027\u517c\u5bb9\u6027\u8981\u6c42\u5e76\u4e14\u60a8\u4e86\u89e3\u6240\u6d89\u53ca\u7684\u98ce\u9669\u65f6\uff0c\u624d\u542f\u7528 TLS \u7248\u672c 1.1\u3002 \u4f7f\u7528 TLS 1.2 \u5e76\u540c\u65f6\u63a7\u5236\u5ba2\u6237\u7aef\u548c\u670d\u52a1\u5668\u65f6\uff0c\u5bc6\u7801\u5957\u4ef6\u5e94\u9650\u5236\u4e3a ECDHE-ECDSA-AES256-GCM-SHA384 .\u5728\u4e0d\u63a7\u5236\u8fd9\u4e24\u4e2a\u7ec8\u7ed3\u70b9\u5e76\u4f7f\u7528 TLS 1.1 \u6216 1.2 \u7684\u60c5\u51b5\u4e0b\uff0c\u66f4\u901a\u7528 HIGH:!aNULL:!eNULL:!DES:!3DES:!SSLv3:!TLSv1:!CAMELLIA \u7684\u662f\u5408\u7406\u7684\u5bc6\u7801\u9009\u62e9\u3002 \u4f46\u662f\uff0c\u7531\u4e8e\u672c\u4e66\u5e76\u4e0d\u6253\u7b97\u5168\u9762\u4ecb\u7ecd\u5bc6\u7801\u5b66\uff0c\u56e0\u6b64\u6211\u4eec\u4e0d\u5e0c\u671b\u89c4\u5b9a\u5728OpenStack\u670d\u52a1\u4e2d\u5e94\u8be5\u542f\u7528\u6216\u7981\u7528\u54ea\u4e9b\u7279\u5b9a\u7684\u7b97\u6cd5\u6216\u5bc6\u7801\u6a21\u5f0f\u3002\u6211\u4eec\u60f3\u63a8\u8350\u4e00\u4e9b\u6743\u5a01\u7684\u53c2\u8003\u8d44\u6599\uff0c\u4ee5\u63d0\u4f9b\u66f4\u591a\u4fe1\u606f\uff1a \u56fd\u5bb6\u5b89\u5168\u5c40\uff0cSuite B \u5bc6\u7801\u5b66 OWASP\u5bc6\u7801\u5b66\u6307\u5357 OWASP \u4f20\u8f93\u5c42\u4fdd\u62a4\u5907\u5fd8\u5355 SoK\uff1aSSL \u548c HTTPS\uff1a\u91cd\u6e29\u8fc7\u53bb\u7684\u6311\u6218\u5e76\u8bc4\u4f30\u8bc1\u4e66\u4fe1\u4efb\u6a21\u578b\u589e\u5f3a\u529f\u80fd \u4e16\u754c\u4e0a\u6700\u5371\u9669\u7684\u4ee3\u7801\uff1a\u5728\u975e\u6d4f\u89c8\u5668\u8f6f\u4ef6\u4e2d\u9a8c\u8bc1SSL\u8bc1\u4e66 OpenSSL \u548c FIPS 140-2 \u603b\u7ed3 \u00b6 \u9274\u4e8e OpenStack \u7ec4\u4ef6\u7684\u590d\u6742\u6027\u548c\u90e8\u7f72\u53ef\u80fd\u6027\u7684\u6570\u91cf\uff0c\u60a8\u5fc5\u987b\u6ce8\u610f\u786e\u4fdd\u6bcf\u4e2a\u7ec4\u4ef6\u90fd\u83b7\u5f97 TLS \u8bc1\u4e66\u3001\u5bc6\u94a5\u548c CA \u7684\u9002\u5f53\u914d\u7f6e\u3002\u540e\u7eed\u90e8\u5206\u5c06\u8ba8\u8bba\u4ee5\u4e0b\u670d\u52a1\uff1a \u8ba1\u7b97 API \u7aef\u70b9 \u8eab\u4efd API \u7aef\u70b9 \u7f51\u7edc API \u7aef\u70b9 \u5b58\u50a8 API \u7aef\u70b9 \u6d88\u606f\u670d\u52a1\u5668 \u6570\u636e\u5e93\u670d\u52a1\u5668 \u4eea\u8868\u677f TLS \u4ee3\u7406\u548c HTTP \u670d\u52a1 \u00b6 OpenStack\u7684\u7ec8\u7aef\u662f\u63d0\u4f9bAPI\u7ed9\u516c\u5171\u7f51\u7edc\u4e0a\u7684\u7ec8\u7aef\u7528\u6237\u548c\u7ba1\u7406\u7f51\u7edc\u4e0a\u7684\u5176\u4ed6OpenStack\u670d\u52a1\u7684HTTP\u670d\u52a1\u3002\u5f3a\u70c8\u5efa\u8bae\u6240\u6709\u8fd9\u4e9b\u8bf7\u6c42\uff0c\u65e0\u8bba\u662f\u5185\u90e8\u8fd8\u662f\u5916\u90e8\uff0c\u90fd\u4f7f\u7528TLS\u8fdb\u884c\u64cd\u4f5c\u3002\u4e3a\u4e86\u5b9e\u73b0\u8fd9\u4e2a\u76ee\u6807\uff0cAPI\u670d\u52a1\u5fc5\u987b\u90e8\u7f72\u5728TLS\u4ee3\u7406\u540e\u9762\uff0c\u8be5\u4ee3\u7406\u80fd\u591f\u5efa\u7acb\u548c\u7ec8\u6b62TLS\u4f1a\u8bdd\u3002\u4e0b\u8868\u63d0\u4f9b\u4e86\u53ef\u7528\u4e8e\u6b64\u76ee\u7684\u7684\u5f00\u6e90\u8f6f\u4ef6\u7684\u975e\u8be6\u5c3d\u5217\u8868\uff1a Pound Stud Nginx Apache httpd \u5728\u8f6f\u4ef6\u7ec8\u7aef\u6027\u80fd\u4e0d\u8db3\u7684\u60c5\u51b5\u4e0b\uff0c\u786c\u4ef6\u52a0\u901f\u5668\u53ef\u80fd\u503c\u5f97\u63a2\u7d22\u4f5c\u4e3a\u66ff\u4ee3\u9009\u9879\u3002\u8bf7\u52a1\u5fc5\u6ce8\u610f\u4efb\u4f55\u9009\u5b9a\u7684 TLS \u4ee3\u7406\u5c06\u5904\u7406\u7684\u8bf7\u6c42\u7684\u5927\u5c0f\u3002 \u793a\u4f8b \u00b6 \u4e0b\u9762\u6211\u4eec\u63d0\u4f9b\u4e86\u4e00\u4e9b\u66f4\u6d41\u884c\u7684 Web \u670d\u52a1\u5668/TLS \u7ec8\u7ed3\u5668\u4e2d\u542f\u7528 TLS \u7684\u63a8\u8350\u914d\u7f6e\u8bbe\u7f6e\u793a\u4f8b\u3002 \u5728\u6df1\u5165\u7814\u7a76\u914d\u7f6e\u4e4b\u524d\uff0c\u6211\u4eec\u7b80\u8981\u8ba8\u8bba\u5bc6\u7801\u7684\u914d\u7f6e\u5143\u7d20\u53ca\u5176\u683c\u5f0f\u3002\u6709\u5173\u53ef\u7528\u5bc6\u7801\u548c OpenSSL \u5bc6\u7801\u5217\u8868\u683c\u5f0f\u7684\u66f4\u8be6\u5c3d\u5904\u7406\uff0c\u8bf7\u53c2\u9605\uff1a\u5bc6\u7801\u3002 ciphers = \"HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM\" \u6216 ciphers = \"kEECDH:kEDH:kRSA:HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM\" \u5bc6\u7801\u5b57\u7b26\u4e32\u9009\u9879\u7531 \u201c\uff1a\u201d \u5206\u9694\uff0c\u800c \u201c\uff01\u201d \u63d0\u4f9b\u7d27\u63a5\u7740\u7684\u5143\u7d20\u7684\u5426\u5b9a\u3002\u5143\u7d20\u987a\u5e8f\u6307\u793a\u9996\u9009\u9879\uff0c\u9664\u975e\u88ab\u9650\u5b9a\u7b26\uff08\u5982 HIGH\uff09\u8986\u76d6\u3002\u8ba9\u6211\u4eec\u4ed4\u7ec6\u770b\u770b\u4e0a\u9762\u793a\u4f8b\u5b57\u7b26\u4e32\u4e2d\u7684\u5143\u7d20\u3002 kEECDH:kEDH \u4e34\u65f6\u692d\u5706\u66f2\u7ebf Diffie-Hellman\uff08\u7f29\u5199\u4e3a EECDH \u548c ECDHE\uff09\u3002 Ephemeral Diffie-Hellman\uff08\u7f29\u5199\u4e3a EDH \u6216 DHE\uff09\u4f7f\u7528\u7d20\u6570\u573a\u7fa4\u3002 \u8fd9\u4e24\u79cd\u65b9\u6cd5\u90fd\u63d0\u4f9b\u5b8c\u5168\u524d\u5411\u4fdd\u5bc6 \uff08PFS\uff09\u3002\u6709\u5173\u6b63\u786e\u914d\u7f6e PFS \u7684\u66f4\u591a\u8ba8\u8bba\uff0c\u8bf7\u53c2\u9605\u5b8c\u5168\u524d\u5411\u4fdd\u5bc6\u3002 \u4e34\u65f6\u692d\u5706\u66f2\u7ebf\u8981\u6c42\u670d\u52a1\u5668\u914d\u7f6e\u547d\u540d\u66f2\u7ebf\uff0c\u5e76\u63d0\u4f9b\u6bd4\u4e3b\u5b57\u6bb5\u7ec4\u66f4\u597d\u7684\u5b89\u5168\u6027\u548c\u66f4\u4f4e\u7684\u8ba1\u7b97\u6210\u672c\u3002\u4f46\u662f\uff0c\u4e3b\u8981\u5b57\u6bb5\u7ec4\u7684\u5b9e\u73b0\u8303\u56f4\u66f4\u5e7f\uff0c\u56e0\u6b64\u901a\u5e38\u4e24\u8005\u90fd\u5305\u542b\u5728\u5217\u8868\u4e2d\u3002 kRSA \u5206\u522b\u4f7f\u7528 RSA \u4ea4\u6362\u3001\u8eab\u4efd\u9a8c\u8bc1\u6216\u4e24\u8005\u4e4b\u4e00\u7684\u5bc6\u7801\u5957\u4ef6\u3002 HIGH \u5728\u534f\u5546\u9636\u6bb5\u9009\u62e9\u53ef\u80fd\u7684\u6700\u9ad8\u5b89\u5168\u5bc6\u7801\u3002\u8fd9\u4e9b\u5bc6\u94a5\u901a\u5e38\u5177\u6709\u957f\u5ea6\u4e3a 128 \u4f4d\u6216\u66f4\u957f\u7684\u5bc6\u94a5\u3002 !RC4 \u6ca1\u6709 RC4\u3002RC4 \u5728 TLS V3 \u7684\u4e0a\u4e0b\u6587\u4e2d\u5b58\u5728\u7f3a\u9677\u3002\u8bf7\u53c2\u9605 TLS \u548c WPA \u4e2d RC4 \u7684\u5b89\u5168\u6027\u3002 !MD5 \u6ca1\u6709 MD5\u3002MD5 \u4e0d\u5177\u6709\u9632\u51b2\u7a81\u529f\u80fd\uff0c\u56e0\u6b64\u4e0d\u63a5\u53d7\u6d88\u606f\u9a8c\u8bc1\u7801 \uff08MAC\uff09 \u6216\u7b7e\u540d\u3002 !aNULL:!eNULL Disallows clear text. \u4e0d\u5141\u8bb8\u660e\u6587\u3002 !EXP \u4e0d\u5141\u8bb8\u5bfc\u51fa\u52a0\u5bc6\u7b97\u6cd5\uff0c\u8fd9\u4e9b\u7b97\u6cd5\u5728\u8bbe\u8ba1\u4e0a\u5f80\u5f80\u5f88\u5f31\uff0c\u901a\u5e38\u4f7f\u7528 40 \u4f4d\u548c 56 \u4f4d\u5bc6\u94a5\u3002 \u7f8e\u56fd\u5bf9\u5bc6\u7801\u5b66\u7cfb\u7edf\u7684\u51fa\u53e3\u9650\u5236\u5df2\u88ab\u53d6\u6d88\uff0c\u4e0d\u518d\u9700\u8981\u652f\u6301\u3002 !LOW:!MEDIUM \u4e0d\u5141\u8bb8\u4f7f\u7528\u4f4e\uff0856 \u6216 64 \u4f4d\u957f\u5bc6\u94a5\uff09\u548c\u4e2d\u7b49\uff08128 \u4f4d\u957f\u5bc6\u94a5\uff09\u5bc6\u7801\uff0c\u56e0\u4e3a\u5b83\u4eec\u5bb9\u6613\u53d7\u5230\u66b4\u529b\u653b\u51fb\uff08\u793a\u4f8b 2-DES\uff09\u3002\u6b64\u89c4\u5219\u4ecd\u5141\u8bb8\u4e09\u91cd\u6570\u636e\u52a0\u5bc6\u6807\u51c6 \uff08Triple DES\uff09\uff0c\u4e5f\u79f0\u4e3a\u4e09\u91cd\u6570\u636e\u52a0\u5bc6\u7b97\u6cd5 \uff08TDEA\uff09 \u548c\u9ad8\u7ea7\u52a0\u5bc6\u6807\u51c6 \uff08AES\uff09\uff0c\u6bcf\u4e2a\u6807\u51c6\u90fd\u5177\u6709\u5927\u4e8e\u7b49\u4e8e 128 \u4f4d\u7684\u5bc6\u94a5\uff0c\u56e0\u6b64\u66f4\u5b89\u5168\u3002 Protocols \u534f\u8bae\u901a\u8fc7SSL_CTX_set_options\u542f\u7528/\u7981\u7528\u3002\u5efa\u8bae\u7981\u7528 SSLv2/v3 \u5e76\u542f\u7528 TLS\u3002 Pound \u00b6 \u6b64 Pound \u793a\u4f8b\u542f\u7528 AES-NI \u52a0\u901f\uff0c\u8fd9\u6709\u52a9\u4e8e\u63d0\u9ad8\u5177\u6709\u652f\u6301\u6b64\u529f\u80fd\u7684\u5904\u7406\u5668\u7684\u7cfb\u7edf\u7684\u6027\u80fd\u3002\u9ed8\u8ba4\u914d\u7f6e\u6587\u4ef6\u4f4d\u4e8e /etc/pound/pound.cfg Ubuntu\u3001RHEL\u3001CentOS\u3001 /etc/pound.cfg openSUSE \u548c SUSE Linux Enterprise \u4e0a\u3002 ## see pound(8) for details daemon 1 ###################################################################### ## global options: User \"swift\" Group \"swift\" #RootJail \"/chroot/pound\" ## Logging: (goes to syslog by default) ## 0 no logging ## 1 normal ## 2 extended ## 3 Apache-style (common log format) LogLevel 0 ## turn on dynamic scaling (off by default) # Dyn Scale 1 ## check backend every X secs: Alive 30 ## client timeout #Client 10 ## allow 10 second proxy connect time ConnTO 10 ## use hardware-acceleration card supported by openssl(1): SSLEngine \"aesni\" # poundctl control socket Control \"/var/run/pound/poundctl.socket\" ###################################################################### ## listen, redirect and ... to: ## redirect all swift requests on port 443 to local swift proxy ListenHTTPS Address 0.0.0.0 Port 443 Cert \"/etc/pound/cert.pem\" ## Certs to accept from clients ## CAlist \"CA_file\" ## Certs to use for client verification ## VerifyList \"Verify_file\" ## Request client cert - don't verify ## Ciphers \"AES256-SHA\" ## allow PUT and DELETE also (by default only GET, POST and HEAD)?: NoHTTPS11 0 ## allow PUT and DELETE also (by default only GET, POST and HEAD)?: xHTTP 1 Service BackEnd Address 127.0.0.1 Port 80 End End End Stud \u00b6 \u5bc6\u7801\u884c\u53ef\u4ee5\u6839\u636e\u60a8\u7684\u9700\u8981\u8fdb\u884c\u8c03\u6574\uff0c\u4f46\u8fd9\u662f\u4e00\u4e2a\u5408\u7406\u7684\u8d77\u70b9\u3002\u9ed8\u8ba4\u914d\u7f6e\u6587\u4ef6\u4f4d\u4e8e\u76ee\u5f55\u4e2d /etc/stud \u3002\u4f46\u662f\uff0c\u9ed8\u8ba4\u60c5\u51b5\u4e0b\u4e0d\u63d0\u4f9b\u5b83\u3002 # SSL x509 certificate file. pem-file = \" # SSL protocol. tls = on ssl = off # List of allowed SSL ciphers. # OpenSSL's high-strength ciphers which require authentication # NOTE: forbids clear text, use of RC4 or MD5 or LOW and MEDIUM strength ciphers ciphers = \"HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM\" # Enforce server cipher list order prefer-server-ciphers = on # Number of worker processes workers = 4 # Listen backlog size backlog = 1000 # TCP socket keepalive interval in seconds keepalive = 3600 # Chroot directory chroot = \"\" # Set uid after binding a socket user = \"www-data\" # Set gid after binding a socket group = \"www-data\" # Quiet execution, report only error messages quiet = off # Use syslog for logging syslog = on # Syslog facility to use syslog-facility = \"daemon\" # Run as daemon daemon = off # Report client address using SENDPROXY protocol for haproxy # Disabling this until we upgrade to HAProxy 1.5 write-proxy = off Nginx \u00b6 \u6b64 Nginx \u793a\u4f8b\u9700\u8981 TLS v1.1 \u6216 v1.2 \u624d\u80fd\u83b7\u5f97\u6700\u5927\u7684\u5b89\u5168\u6027\u3002\u53ef\u4ee5\u6839\u636e\u60a8\u7684\u9700\u8981\u8c03\u6574\u751f\u4ea7\u7ebf ssl_ciphers \uff0c\u4f46\u8fd9\u662f\u4e00\u4e2a\u5408\u7406\u7684\u8d77\u70b9\u3002\u7f3a\u7701\u914d\u7f6e\u6587\u4ef6\u4e3a /etc/nginx/nginx.conf \u3002 server { listen : ssl; ssl_certificate ; ssl_certificate_key ; ssl_protocols TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM ssl_session_tickets off; server_name _; keepalive_timeout 5; location / { } } Apache \u00b6 \u9ed8\u8ba4\u914d\u7f6e\u6587\u4ef6\u4f4d\u4e8e /etc/apache2/apache2.conf Ubuntu\u3001RHEL \u548c CentOS\u3001 /etc/httpd/conf/httpd.conf /etc/apache2/httpd.conf openSUSE \u548c SUSE Linux Enterprise \u4e0a\u3002 <VirtualHost <ip address>:80> ServerName <site FQDN> RedirectPermanent / https://<site FQDN>/ </VirtualHost> <VirtualHost <ip address>:443> ServerName <site FQDN> SSLEngine On SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2 SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM SSLCertificateFile /path/<site FQDN>.crt SSLCACertificateFile /path/<site FQDN>.crt SSLCertificateKeyFile /path/<site FQDN>.key WSGIScriptAlias / <WSGI script location> WSGIDaemonProcess horizon user=<user> group=<group> processes=3 threads=10 Alias /static <static files location> <Directory <WSGI dir>> # For http server 2.2 and earlier: Order allow,deny Allow from all # Or, in Apache http server 2.4 and later: # Require all granted </Directory> </VirtualHost> Apache \u4e2d\u7684\u8ba1\u7b97 API SSL \u7aef\u70b9\uff0c\u5fc5\u987b\u4e0e\u7b80\u77ed\u7684 WSGI \u811a\u672c\u914d\u5bf9\u3002 <VirtualHost <ip address>:8447> ServerName <site FQDN> SSLEngine On SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2 SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM SSLCertificateFile /path/<site FQDN>.crt SSLCACertificateFile /path/<site FQDN>.crt SSLCertificateKeyFile /path/<site FQDN>.key SSLSessionTickets Off WSGIScriptAlias / <WSGI script location> WSGIDaemonProcess osapi user=<user> group=<group> processes=3 threads=10 <Directory <WSGI dir>> # For http server 2.2 and earlier: Order allow,deny Allow from all # Or, in Apache http server 2.4 and later: # Require all granted </Directory> </VirtualHost> HTTP \u4e25\u683c\u4f20\u8f93\u5b89\u5168 \u00b6 \u5efa\u8bae\u6240\u6709\u751f\u4ea7\u90e8\u7f72\u90fd\u4f7f\u7528 HTTP \u4e25\u683c\u4f20\u8f93\u5b89\u5168\u6027 \uff08HSTS\uff09\u3002\u6b64\u6807\u5934\u53ef\u9632\u6b62\u6d4f\u89c8\u5668\u5728\u5efa\u7acb\u5355\u4e2a\u5b89\u5168\u8fde\u63a5\u540e\u5efa\u7acb\u4e0d\u5b89\u5168\u7684\u8fde\u63a5\u3002\u5982\u679c\u60a8\u5df2\u5c06 HTTP \u670d\u52a1\u90e8\u7f72\u5728\u516c\u5171\u57df\u6216\u4e0d\u53d7\u4fe1\u4efb\u7684\u57df\u4e0a\uff0c\u5219 HSTS \u5c24\u4e3a\u91cd\u8981\u3002\u8981\u542f\u7528 HSTS\uff0c\u8bf7\u5c06 Web \u670d\u52a1\u5668\u914d\u7f6e\u4e3a\u53d1\u9001\u5305\u542b\u6240\u6709\u8bf7\u6c42\u7684\u6807\u5934\uff0c\u5982\u4e0b\u6240\u793a\uff1a Strict-Transport-Security: max-age=31536000; includeSubDomains \u5728\u6d4b\u8bd5\u671f\u95f4\u4ece 1 \u5929\u7684\u77ed\u6682\u505c\u5f00\u59cb\uff0c\u5e76\u5728\u6d4b\u8bd5\u8868\u660e\u60a8\u6ca1\u6709\u7ed9\u7528\u6237\u5e26\u6765\u95ee\u9898\u540e\u5c06\u5176\u63d0\u9ad8\u5230\u4e00\u5e74\u3002\u8bf7\u6ce8\u610f\uff0c\u4e00\u65e6\u6b64\u6807\u5934\u8bbe\u7f6e\u4e3a\u8f83\u5927\u7684\u8d85\u65f6\uff0c\u5b83\uff08\u6839\u636e\u8bbe\u8ba1\uff09\u5c31\u5f88\u96be\u7981\u7528\u3002 \u5b8c\u5168\u524d\u5411\u4fdd\u5bc6 \u00b6 \u914d\u7f6e TLS \u670d\u52a1\u5668\u4ee5\u5b9e\u73b0\u5b8c\u7f8e\u7684\u524d\u5411\u4fdd\u5bc6\u9700\u8981\u56f4\u7ed5\u5bc6\u94a5\u5927\u5c0f\u3001\u4f1a\u8bdd ID \u548c\u4f1a\u8bdd\u7968\u8bc1\u8fdb\u884c\u4ed4\u7ec6\u89c4\u5212\u3002\u6b64\u5916\uff0c\u5bf9\u4e8e\u591a\u670d\u52a1\u5668\u90e8\u7f72\uff0c\u5171\u4eab\u72b6\u6001\u4e5f\u662f\u4e00\u4e2a\u91cd\u8981\u7684\u8003\u8651\u56e0\u7d20\u3002\u4e0a\u9762\u7684 Apache \u548c Nginx \u793a\u4f8b\u914d\u7f6e\u7981\u7528\u4e86\u4f1a\u8bdd\u7968\u8bc1\u9009\u9879\uff0c\u4ee5\u5e2e\u52a9\u7f13\u89e3\u5176\u4e2d\u4e00\u4e9b\u95ee\u9898\u3002\u5b9e\u9645\u90e8\u7f72\u53ef\u80fd\u5e0c\u671b\u542f\u7528\u6b64\u529f\u80fd\u4ee5\u63d0\u9ad8\u6027\u80fd\u3002\u8fd9\u53ef\u4ee5\u5b89\u5168\u5730\u5b8c\u6210\uff0c\u4f46\u9700\u8981\u7279\u522b\u8003\u8651\u5bc6\u94a5\u7ba1\u7406\u3002\u6b64\u7c7b\u914d\u7f6e\u8d85\u51fa\u4e86\u672c\u6307\u5357\u7684\u8303\u56f4\u3002\u6211\u4eec\u5efa\u8bae\u9605\u8bfb ImperialViolet \u7684 How to botch TLS forward secrecy \u4f5c\u4e3a\u7406\u89e3\u95ee\u9898\u7a7a\u95f4\u7684\u8d77\u70b9\u3002 \u5b89\u5168\u53c2\u8003\u67b6\u6784 \u00b6 \u5efa\u8bae\u5728 TLS \u4ee3\u7406\u548c HTTP \u670d\u52a1\u7684\u516c\u7528\u7f51\u7edc\u548c\u7ba1\u7406\u7f51\u7edc\u4e0a\u4f7f\u7528 SSL/TLS\u3002\u4f46\u662f\uff0c\u5982\u679c\u5b9e\u9645\u5728\u4efb\u4f55\u5730\u65b9\u90e8\u7f72 SSL/TLS \u592a\u56f0\u96be\uff0c\u6211\u4eec\u5efa\u8bae\u60a8\u8bc4\u4f30\u60a8\u7684 OpenStack SSL/TLS \u9700\u6c42\uff0c\u5e76\u9075\u5faa\u6b64\u5904\u8ba8\u8bba\u7684\u67b6\u6784\u4e4b\u4e00\u3002 \u5728\u8bc4\u4f30\u5176 OpenStack SSL/TLS \u9700\u6c42\u65f6\uff0c\u5e94\u8be5\u505a\u7684\u7b2c\u4e00\u4ef6\u4e8b\u662f\u8bc6\u522b\u5a01\u80c1\u3002\u60a8\u53ef\u4ee5\u5c06\u8fd9\u4e9b\u5a01\u80c1\u5206\u4e3a\u5916\u90e8\u653b\u51fb\u8005\u548c\u5185\u90e8\u653b\u51fb\u8005\u7c7b\u522b\uff0c\u4f46\u7531\u4e8e OpenStack \u7684\u67d0\u4e9b\u7ec4\u4ef6\u5728\u516c\u5171\u548c\u7ba1\u7406\u7f51\u7edc\u4e0a\u8fd0\u884c\uff0c\u56e0\u6b64\u754c\u9650\u5f80\u5f80\u4f1a\u53d8\u5f97\u6a21\u7cca\u3002 \u5bf9\u4e8e\u9762\u5411\u516c\u4f17\u7684\u670d\u52a1\uff0c\u5a01\u80c1\u975e\u5e38\u7b80\u5355\u3002\u7528\u6237\u5c06\u4f7f\u7528\u5176\u7528\u6237\u540d\u548c\u5bc6\u7801\u5bf9 Horizon \u548c Keystone \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u7528\u6237\u8fd8\u5c06\u4f7f\u7528\u5176 keystone \u4ee4\u724c\u8bbf\u95ee\u5176\u4ed6\u670d\u52a1\u7684 API \u7aef\u70b9\u3002\u5982\u679c\u6b64\u7f51\u7edc\u6d41\u91cf\u672a\u52a0\u5bc6\uff0c\u5219\u653b\u51fb\u8005\u53ef\u4ee5\u4f7f\u7528\u4e2d\u95f4\u4eba\u653b\u51fb\u622a\u83b7\u5bc6\u7801\u548c\u4ee4\u724c\u3002\u7136\u540e\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u4f7f\u7528\u8fd9\u4e9b\u6709\u6548\u51ed\u636e\u6267\u884c\u6076\u610f\u64cd\u4f5c\u3002\u6240\u6709\u5b9e\u9645\u90e8\u7f72\u90fd\u5e94\u4f7f\u7528 SSL/TLS \u6765\u4fdd\u62a4\u9762\u5411\u516c\u4f17\u7684\u670d\u52a1\u3002 \u5bf9\u4e8e\u90e8\u7f72\u5728\u7ba1\u7406\u7f51\u7edc\u4e0a\u7684\u670d\u52a1\uff0c\u7531\u4e8e\u5b89\u5168\u57df\u4e0e\u7f51\u7edc\u5b89\u5168\u7684\u6865\u63a5\uff0c\u5a01\u80c1\u5e76\u4e0d\u90a3\u4e48\u660e\u786e\u3002\u6709\u6743\u8bbf\u95ee\u7ba1\u7406\u7f51\u7edc\u7684\u7ba1\u7406\u5458\u603b\u662f\u6709\u53ef\u80fd\u51b3\u5b9a\u6267\u884c\u6076\u610f\u64cd\u4f5c\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u5982\u679c\u5141\u8bb8\u653b\u51fb\u8005\u8bbf\u95ee\u79c1\u94a5\uff0cSSL/TLS \u5c06\u65e0\u6d4e\u4e8e\u4e8b\u3002\u5f53\u7136\uff0c\u5e76\u4e0d\u662f\u7ba1\u7406\u7f51\u7edc\u4e0a\u7684\u6bcf\u4e2a\u4eba\u90fd\u88ab\u5141\u8bb8\u8bbf\u95ee\u79c1\u94a5\uff0c\u56e0\u6b64\u4f7f\u7528 SSL/TLS \u6765\u4fdd\u62a4\u81ea\u5df1\u514d\u53d7\u5185\u90e8\u653b\u51fb\u8005\u7684\u653b\u51fb\u4ecd\u7136\u5f88\u6709\u4ef7\u503c\u3002\u5373\u4f7f\u5141\u8bb8\u8bbf\u95ee\u60a8\u7684\u7ba1\u7406\u7f51\u7edc\u7684\u6bcf\u4e2a\u4eba\u90fd\u662f 100% \u53d7\u4fe1\u4efb\u7684\uff0c\u4ecd\u7136\u5b58\u5728\u672a\u7ecf\u6388\u6743\u7684\u7528\u6237\u901a\u8fc7\u5229\u7528\u9519\u8bef\u914d\u7f6e\u6216\u8f6f\u4ef6\u6f0f\u6d1e\u8bbf\u95ee\u60a8\u7684\u5185\u90e8\u7f51\u7edc\u7684\u5a01\u80c1\u3002\u5fc5\u987b\u8bb0\u4f4f\uff0c\u7528\u6237\u5728 OpenStack Compute \u8282\u70b9\u4e2d\u7684\u5b9e\u4f8b\u4e0a\u8fd0\u884c\u81ea\u5df1\u7684\u4ee3\u7801\uff0c\u8fd9\u4e9b\u8282\u70b9\u90e8\u7f72\u5728\u7ba1\u7406\u7f51\u7edc\u4e0a\u3002\u5982\u679c\u6f0f\u6d1e\u5141\u8bb8\u4ed6\u4eec\u7a81\u7834\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\uff0c\u4ed6\u4eec\u5c06\u53ef\u4ee5\u8bbf\u95ee\u60a8\u7684\u7ba1\u7406\u7f51\u7edc\u3002\u5728\u7ba1\u7406\u7f51\u7edc\u4e0a\u4f7f\u7528 SSL/TLS \u53ef\u4ee5\u6700\u5927\u7a0b\u5ea6\u5730\u51cf\u5c11\u653b\u51fb\u8005\u53ef\u80fd\u9020\u6210\u7684\u635f\u5bb3\u3002 SSL/TLS \u4ee3\u7406\u5728\u524d\u9762 \u00b6 \u4eba\u4eec\u666e\u904d\u8ba4\u4e3a\uff0c\u6700\u597d\u5c3d\u65e9\u52a0\u5bc6\u654f\u611f\u6570\u636e\uff0c\u5e76\u5c3d\u53ef\u80fd\u665a\u5730\u89e3\u5bc6\u3002\u5c3d\u7ba1\u6709\u8fd9\u79cd\u6700\u4f73\u5b9e\u8df5\uff0c\u4f46\u5728OpenStack\u670d\u52a1\u524d\u9762\u4f7f\u7528SSL / TLS\u4ee3\u7406\u5e76\u5728\u4e4b\u540e\u4f7f\u7528\u6e05\u6670\u7684\u901a\u4fe1\u4f3c\u4e4e\u662f\u5f88\u5e38\u89c1\u7684\uff0c\u5982\u4e0b\u6240\u793a\uff1a \u5982\u4e0a\u56fe\u6240\u793a\uff0c\u4f7f\u7528 SSL/TLS \u4ee3\u7406\u7684\u4e00\u4e9b\u95ee\u9898\uff1a OpenStack \u670d\u52a1\u4e2d\u7684\u539f\u751f SSL/TLS \u7684\u6027\u80fd/\u6269\u5c55\u6027\u4e0d\u5982 SSL \u4ee3\u7406\uff08\u7279\u522b\u662f\u5bf9\u4e8e\u50cf Eventlet \u8fd9\u6837\u7684 Python \u5b9e\u73b0\uff09\u3002 OpenStack \u670d\u52a1\u4e2d\u7684\u539f\u751f SSL/TLS \u6ca1\u6709\u50cf\u66f4\u6210\u719f\u7684\u89e3\u51b3\u65b9\u6848\u90a3\u6837\u7ecf\u8fc7\u4ed4\u7ec6\u5ba1\u67e5/\u5ba1\u8ba1\u3002 \u672c\u673a SSL/TLS \u914d\u7f6e\u5f88\u56f0\u96be\uff08\u6ca1\u6709\u5f88\u597d\u7684\u6587\u6863\u8bb0\u5f55\u3001\u6d4b\u8bd5\u6216\u8de8\u670d\u52a1\u4fdd\u6301\u4e00\u81f4\uff09\u3002 \u6743\u9650\u5206\u79bb\uff08OpenStack \u670d\u52a1\u8fdb\u7a0b\u4e0d\u5e94\u76f4\u63a5\u8bbf\u95ee\u7528\u4e8e SSL/TLS \u7684\u79c1\u94a5\uff09\u3002 \u6d41\u91cf\u68c0\u67e5\u9700\u8981\u8d1f\u8f7d\u5747\u8861\u3002 \u4ee5\u4e0a\u6240\u6709\u95ee\u9898\u90fd\u662f\u6709\u9053\u7406\u7684\uff0c\u4f46\u5b83\u4eec\u90fd\u4e0d\u80fd\u963b\u6b62\u5728\u7ba1\u7406\u7f51\u7edc\u4e0a\u4f7f\u7528 SSL/TLS\u3002\u8ba9\u6211\u4eec\u8003\u8651\u4e0b\u4e00\u4e2a\u90e8\u7f72\u6a21\u578b\u3002 \u4e0e API \u7aef\u70b9\u4f4d\u4e8e\u540c\u4e00\u7269\u7406\u4e3b\u673a\u4e0a\u7684 SSL/TLS \u00b6 \u8fd9\u4e0e\u524d\u9762\u7684 SSL/TLS \u4ee3\u7406\u975e\u5e38\u76f8\u4f3c\uff0c\u4f46 SSL/TLS \u4ee3\u7406\u4e0e API \u7aef\u70b9\u4f4d\u4e8e\u540c\u4e00\u7269\u7406\u7cfb\u7edf\u4e0a\u3002API \u7aef\u70b9\u5c06\u914d\u7f6e\u4e3a\u4ec5\u4fa6\u542c\u672c\u5730\u7f51\u7edc\u63a5\u53e3\u3002\u4e0e API \u7aef\u70b9\u7684\u6240\u6709\u8fdc\u7a0b\u901a\u4fe1\u90fd\u5c06\u901a\u8fc7 SSL/TLS \u4ee3\u7406\u8fdb\u884c\u3002\u901a\u8fc7\u6b64\u90e8\u7f72\u6a21\u578b\uff0c\u6211\u4eec\u5c06\u89e3\u51b3 SSL/TLS \u4ee3\u7406\u4e2d\u7684\u8bb8\u591a\u8981\u70b9\uff1a\u5c06\u4f7f\u7528\u6027\u80fd\u826f\u597d\u7684\u7ecf\u8fc7\u9a8c\u8bc1\u7684 SSL \u5b9e\u73b0\u3002\u6240\u6709\u670d\u52a1\u90fd\u5c06\u4f7f\u7528\u76f8\u540c\u7684 SSL \u4ee3\u7406\u8f6f\u4ef6\uff0c\u56e0\u6b64 API \u7aef\u70b9\u7684 SSL \u914d\u7f6e\u5c06\u662f\u4e00\u81f4\u7684\u3002OpenStack \u670d\u52a1\u8fdb\u7a0b\u5c06\u65e0\u6cd5\u76f4\u63a5\u8bbf\u95ee\u7528\u4e8e SSL/TLS \u7684\u79c1\u94a5\uff0c\u56e0\u4e3a\u60a8\u5c06\u4ee5\u4e0d\u540c\u7684\u7528\u6237\u8eab\u4efd\u8fd0\u884c SSL \u4ee3\u7406\uff0c\u5e76\u4f7f\u7528\u6743\u9650\u9650\u5236\u8bbf\u95ee\uff08\u4ee5\u53ca\u4f7f\u7528 SELinux \u4e4b\u7c7b\u7684\u989d\u5916\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236\uff09\u3002\u7406\u60f3\u60c5\u51b5\u4e0b\uff0c\u6211\u4eec\u4f1a\u8ba9 API \u7aef\u70b9\u5728 Unix \u5957\u63a5\u5b57\u4e0a\u76d1\u542c\uff0c\u8fd9\u6837\u6211\u4eec\u5c31\u53ef\u4ee5\u4f7f\u7528\u6743\u9650\u548c\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236\u6765\u9650\u5236\u5bf9\u5b83\u7684\u8bbf\u95ee\u3002\u4e0d\u5e78\u7684\u662f\uff0c\u6839\u636e\u6211\u4eec\u7684\u6d4b\u8bd5\uff0c\u8fd9\u5728 Eventlet \u4e2d\u76ee\u524d\u4f3c\u4e4e\u4e0d\u8d77\u4f5c\u7528\u3002\u8fd9\u662f\u4e00\u4e2a\u5f88\u597d\u7684\u672a\u6765\u53d1\u5c55\u76ee\u6807\u3002 SSL/TLS\u8d1f\u8f7d\u5e73\u8861\u5668 \u00b6 \u9700\u8981\u68c0\u67e5\u6d41\u91cf\u7684\u9ad8\u53ef\u7528\u6027\u6216\u8d1f\u8f7d\u5747\u8861\u90e8\u7f72\u4f1a\u600e\u6837\uff1f\u4ee5\u524d\u7684\u90e8\u7f72\u6a21\u578b\uff08\u4e0e API \u7aef\u70b9\u4f4d\u4e8e\u540c\u4e00\u7269\u7406\u4e3b\u673a\u4e0a\u7684 SSL/TLS\uff09\u4e0d\u5141\u8bb8\u8fdb\u884c\u6df1\u5ea6\u6570\u636e\u5305\u68c0\u6d4b\uff0c\u56e0\u4e3a\u6d41\u91cf\u662f\u52a0\u5bc6\u7684\u3002\u5982\u679c\u4ec5\u51fa\u4e8e\u57fa\u672c\u8def\u7531\u76ee\u7684\u800c\u9700\u8981\u68c0\u67e5\u6d41\u91cf\uff0c\u5219\u8d1f\u8f7d\u5747\u8861\u5668\u53ef\u80fd\u6ca1\u6709\u5fc5\u8981\u8bbf\u95ee\u672a\u52a0\u5bc6\u7684\u6d41\u91cf\u3002HAProxy \u80fd\u591f\u5728\u63e1\u624b\u671f\u95f4\u63d0\u53d6 SSL/TLS \u4f1a\u8bdd ID\uff0c\u7136\u540e\u53ef\u4ee5\u4f7f\u7528\u8be5 ID \u6765\u5b9e\u73b0\u4f1a\u8bdd\u4eb2\u548c\u6027\uff08\u4f1a\u8bdd ID \u914d\u7f6e\u8be6\u7ec6\u4fe1\u606f \u6b64\u5904 \uff09\u3002HAProxy\u8fd8\u53ef\u4ee5\u4f7f\u7528TLS\u670d\u52a1\u5668\u540d\u79f0\u6307\u793a\uff08SNI\uff09\u6269\u5c55\u6765\u786e\u5b9a\u5e94\u5c06\u6d41\u91cf\u8def\u7531\u5230\u7684\u4f4d\u7f6e\uff08SNI\u914d\u7f6e\u8be6\u7ec6\u4fe1\u606f\u8bf7\u5728\u6b64\u5904\uff09\u3002\u8fd9\u4e9b\u529f\u80fd\u53ef\u80fd\u6db5\u76d6\u4e86\u4e00\u4e9b\u6700\u5e38\u89c1\u7684\u8d1f\u8f7d\u5747\u8861\u5668\u9700\u6c42\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0cHAProxy \u5c06\u80fd\u591f\u5c06 HTTPS \u6d41\u91cf\u76f4\u63a5\u4f20\u9012\u5230 API \u7aef\u70b9\u7cfb\u7edf\uff1a \u5916\u90e8\u548c\u5185\u90e8\u73af\u5883\u7684\u52a0\u5bc6\u5206\u79bb \u00b6 \u5982\u679c\u60a8\u5e0c\u671b\u5bf9\u5916\u90e8\u548c\u5185\u90e8\u73af\u5883\u8fdb\u884c\u52a0\u5bc6\u5206\u79bb\uff0c\u8be5\u600e\u4e48\u529e\uff1f\u516c\u6709\u4e91\u63d0\u4f9b\u5546\u53ef\u80fd\u5e0c\u671b\u5176\u9762\u5411\u516c\u4f17\u7684\u670d\u52a1\uff08\u6216\u4ee3\u7406\uff09\u4f7f\u7528\u7531 CA \u9881\u53d1\u7684\u8bc1\u4e66\uff0c\u8be5\u8bc1\u4e66\u94fe\u63a5\u5230\u53d7\u4fe1\u4efb\u7684\u6839 CA\uff0c\u8be5\u6839 CA \u5206\u5e03\u5728\u6d41\u884c\u7684 SSL/TLS Web \u6d4f\u89c8\u5668\u8f6f\u4ef6\u4e2d\u3002\u5bf9\u4e8e\u5185\u90e8\u670d\u52a1\uff0c\u53ef\u80fd\u5e0c\u671b\u6539\u7528\u81ea\u5df1\u7684 PKI \u6765\u9881\u53d1 SSL/TLS \u8bc1\u4e66\u3002\u53ef\u4ee5\u901a\u8fc7\u5728\u7f51\u7edc\u8fb9\u754c\u7ec8\u6b62 SSL\uff0c\u7136\u540e\u4f7f\u7528\u5185\u90e8\u9881\u53d1\u7684\u8bc1\u4e66\u91cd\u65b0\u52a0\u5bc6\u6765\u5b9e\u73b0\u8fd9\u79cd\u52a0\u5bc6\u5206\u79bb\u3002\u6d41\u91cf\u5c06\u5728\u9762\u5411\u516c\u4f17\u7684 SSL/TLS \u4ee3\u7406\u4e0a\u77ed\u65f6\u95f4\u5185\u672a\u52a0\u5bc6\uff0c\u4f46\u6c38\u8fdc\u4e0d\u4f1a\u4ee5\u660e\u6587\u5f62\u5f0f\u901a\u8fc7\u7f51\u7edc\u4f20\u8f93\u3002\u5982\u679c\u8d1f\u8f7d\u5747\u8861\u5668\u4e0a\u786e\u5b9e\u9700\u8981\u6df1\u5ea6\u6570\u636e\u5305\u68c0\u6d4b\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u7528\u4e8e\u5b9e\u73b0\u52a0\u5bc6\u5206\u79bb\u7684\u76f8\u540c\u91cd\u65b0\u52a0\u5bc6\u65b9\u6cd5\u3002\u4e0b\u9762\u662f\u6b64\u90e8\u7f72\u6a21\u578b\u7684\u6837\u5b50\uff1a\u4e0b\u9762\u662f\u6b64\u90e8\u7f72\u6a21\u578b\u7684\u5916\u89c2: \u4e0e\u5927\u591a\u6570\u4e8b\u60c5\u4e00\u6837\uff0c\u9700\u8981\u6743\u8861\u53d6\u820d\u3002\u4e3b\u8981\u7684\u6743\u8861\u662f\u5728\u5b89\u5168\u6027\u548c\u6027\u80fd\u4e4b\u95f4\u3002\u52a0\u5bc6\u662f\u6709\u4ee3\u4ef7\u7684\uff0c\u4f46\u88ab\u9ed1\u5ba2\u5165\u4fb5\u4e5f\u662f\u6709\u4ee3\u4ef7\u7684\u3002\u6bcf\u4e2a\u90e8\u7f72\u7684\u5b89\u5168\u6027\u548c\u6027\u80fd\u8981\u6c42\u90fd\u4f1a\u6709\u6240\u4e0d\u540c\uff0c\u56e0\u6b64\u5982\u4f55\u4f7f\u7528 SSL/TLS \u6700\u7ec8\u5c06\u7531\u4e2a\u4eba\u51b3\u5b9a\u3002 API \u7aef\u70b9 \u00b6 \u4f7f\u7528 OpenStack \u4e91\u7684\u8fc7\u7a0b\u662f\u901a\u8fc7\u67e5\u8be2 API \u7aef\u70b9\u5f00\u59cb\u7684\u3002\u867d\u7136\u516c\u5171\u548c\u4e13\u7528\u7ec8\u7ed3\u70b9\u9762\u4e34\u4e0d\u540c\u7684\u6311\u6218\uff0c\u4f46\u8fd9\u4e9b\u662f\u9ad8\u4ef7\u503c\u8d44\u4ea7\uff0c\u5982\u679c\u906d\u5230\u5165\u4fb5\uff0c\u53ef\u80fd\u4f1a\u5e26\u6765\u91cd\u5927\u98ce\u9669\u3002 \u672c\u7ae0\u5efa\u8bae\u5bf9\u9762\u5411\u516c\u5171\u548c\u79c1\u6709\u7684 API \u7aef\u70b9\u8fdb\u884c\u5b89\u5168\u589e\u5f3a\u3002 API \u7aef\u70b9\u914d\u7f6e\u5efa\u8bae \u5185\u90e8 API \u901a\u4fe1 \u7c98\u8d34\u4ef6\u548c\u4e2d\u95f4\u4ef6 API \u7aef\u70b9\u8fdb\u7a0b\u9694\u79bb\u548c\u7b56\u7565 API \u7ec8\u7aef\u8282\u70b9\u901f\u7387\u9650\u5236 API \u7aef\u70b9\u914d\u7f6e\u5efa\u8bae \u00b6 \u5185\u90e8 API \u901a\u4fe1 \u00b6 OpenStack \u63d0\u4f9b\u9762\u5411\u516c\u4f17\u548c\u79c1\u6709\u7684 API \u7aef\u70b9\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0cOpenStack \u7ec4\u4ef6\u4f7f\u7528\u516c\u5f00\u5b9a\u4e49\u7684\u7aef\u70b9\u3002\u5efa\u8bae\u5c06\u8fd9\u4e9b\u7ec4\u4ef6\u914d\u7f6e\u4e3a\u5728\u9002\u5f53\u7684\u5b89\u5168\u57df\u4e2d\u4f7f\u7528 API \u7aef\u70b9\u3002 \u670d\u52a1\u6839\u636e OpenStack \u670d\u52a1\u76ee\u5f55\u9009\u62e9\u5404\u81ea\u7684 API \u7aef\u70b9\u3002\u8fd9\u4e9b\u670d\u52a1\u53ef\u80fd\u4e0d\u9075\u5b88\u5217\u51fa\u7684\u516c\u5171\u6216\u5185\u90e8 API \u7aef\u70b9\u503c\u3002\u8fd9\u53ef\u80fd\u4f1a\u5bfc\u81f4\u5185\u90e8\u7ba1\u7406\u6d41\u91cf\u8def\u7531\u5230\u5916\u90e8 API \u7ec8\u7ed3\u70b9\u3002 \u5728\u8eab\u4efd\u670d\u52a1\u76ee\u5f55\u4e2d\u914d\u7f6e\u5185\u90e8 URL \u00b6 Identity \u670d\u52a1\u76ee\u5f55\u5e94\u4e86\u89e3\u60a8\u7684\u5185\u90e8 URL\u3002\u867d\u7136\u9ed8\u8ba4\u60c5\u51b5\u4e0b\u4e0d\u4f7f\u7528\u6b64\u529f\u80fd\uff0c\u4f46\u53ef\u4ee5\u901a\u8fc7\u914d\u7f6e\u6765\u5229\u7528\u5b83\u3002\u6b64\u5916\uff0c\u4e00\u65e6\u6b64\u884c\u4e3a\u6210\u4e3a\u9ed8\u8ba4\u884c\u4e3a\uff0c\u5b83\u5e94\u8be5\u4e0e\u9884\u671f\u7684\u66f4\u6539\u5411\u524d\u517c\u5bb9\u3002 \u8981\u4e3a\u7ec8\u7ed3\u70b9\u6ce8\u518c\u5185\u90e8 URL\uff0c\u8bf7\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\uff1a $ openstack endpoint create identity \\ --region RegionOne internal \\ https://MANAGEMENT_IP:5000/v3 \u66ff\u6362\u4e3a MANAGEMENT_IP \u63a7\u5236\u5668\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\u3002 \u4e3a\u5185\u90e8 URL \u914d\u7f6e\u5e94\u7528\u7a0b\u5e8f \u00b6 \u60a8\u53ef\u4ee5\u5f3a\u5236\u67d0\u4e9b\u670d\u52a1\u4f7f\u7528\u7279\u5b9a\u7684 API \u7aef\u70b9\u3002\u56e0\u6b64\uff0c\u5efa\u8bae\u5fc5\u987b\u5c06\u6bcf\u4e2a\u4e0e\u53e6\u4e00\u4e2a\u670d\u52a1\u7684 API \u901a\u4fe1\u7684 OpenStack \u670d\u52a1\u663e\u5f0f\u914d\u7f6e\u4e3a\u8bbf\u95ee\u6b63\u786e\u7684\u5185\u90e8 API \u7aef\u70b9\u3002 \u6bcf\u4e2a\u9879\u76ee\u90fd\u53ef\u80fd\u5448\u73b0\u5b9a\u4e49\u76ee\u6807 API \u7aef\u70b9\u7684\u4e0d\u4e00\u81f4\u65b9\u5f0f\u3002OpenStack \u7684\u672a\u6765\u7248\u672c\u8bd5\u56fe\u901a\u8fc7\u4e00\u81f4\u5730\u4f7f\u7528\u8eab\u4efd\u670d\u52a1\u76ee\u5f55\u6765\u89e3\u51b3\u8fd9\u4e9b\u4e0d\u4e00\u81f4\u95ee\u9898\u3002 \u914d\u7f6e\u793a\u4f8b #1\uff1anova cinder_catalog_info='volume:cinder:internalURL' glance_protocol='https' neutron_url='https://neutron-host:9696' neutron_admin_auth_url='https://neutron-host:9696' s3_host='s3-host' s3_use_ssl=True \u914d\u7f6e\u793a\u4f8b #2\uff1acinder glance_host = 'https://glance-server' \u7c98\u8d34\u548c\u4e2d\u95f4\u4ef6 \u00b6 OpenStack \u4e2d\u7684\u5927\u591a\u6570 API \u7aef\u70b9\u548c\u5176\u4ed6 HTTP \u670d\u52a1\u90fd\u4f7f\u7528 Python Paste Deploy \u5e93\u3002\u4ece\u5b89\u5168\u89d2\u5ea6\u6765\u770b\uff0c\u6b64\u5e93\u5141\u8bb8\u901a\u8fc7\u5e94\u7528\u7a0b\u5e8f\u7684\u914d\u7f6e\u6765\u64cd\u4f5c\u8bf7\u6c42\u7b5b\u9009\u5668\u7ba1\u9053\u3002\u6b64\u94fe\u4e2d\u7684\u6bcf\u4e2a\u5143\u7d20\u90fd\u79f0\u4e3a\u4e2d\u95f4\u4ef6\u3002\u66f4\u6539\u7ba1\u9053\u4e2d\u7b5b\u9009\u5668\u7684\u987a\u5e8f\u6216\u6dfb\u52a0\u5176\u4ed6\u4e2d\u95f4\u4ef6\u53ef\u80fd\u4f1a\u4ea7\u751f\u4e0d\u53ef\u9884\u77e5\u7684\u5b89\u5168\u5f71\u54cd\u3002 \u901a\u5e38\uff0c\u5b9e\u73b0\u8005\u4f1a\u6dfb\u52a0\u4e2d\u95f4\u4ef6\u6765\u6269\u5c55 OpenStack \u7684\u57fa\u672c\u529f\u80fd\u3002\u6211\u4eec\u5efa\u8bae\u5b9e\u73b0\u8005\u4ed4\u7ec6\u8003\u8651\u5c06\u975e\u6807\u51c6\u8f6f\u4ef6\u7ec4\u4ef6\u6dfb\u52a0\u5230\u5176 HTTP \u8bf7\u6c42\u7ba1\u9053\u4e2d\u53ef\u80fd\u5e26\u6765\u7684\u98ce\u9669\u3002 \u6709\u5173\u7c98\u8d34\u90e8\u7f72\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 Python \u7c98\u8d34\u90e8\u7f72\u6587\u6863\u3002 API \u7aef\u70b9\u8fdb\u7a0b\u9694\u79bb\u548c\u7b56\u7565 \u00b6 \u60a8\u5e94\u8be5\u9694\u79bb API \u7aef\u70b9\u8fdb\u7a0b\uff0c\u5c24\u5176\u662f\u90a3\u4e9b\u4f4d\u4e8e\u516c\u5171\u5b89\u5168\u57df\u4e2d\u7684\u8fdb\u7a0b\uff0c\u5e94\u5c3d\u53ef\u80fd\u9694\u79bb\u3002\u5728\u90e8\u7f72\u5141\u8bb8\u7684\u60c5\u51b5\u4e0b\uff0cAPI \u7aef\u70b9\u5e94\u90e8\u7f72\u5728\u5355\u72ec\u7684\u4e3b\u673a\u4e0a\uff0c\u4ee5\u589e\u5f3a\u9694\u79bb\u6027\u3002 \u547d\u540d\u7a7a\u95f4 \u00b6 \u73b0\u5728\uff0c\u8bb8\u591a\u64cd\u4f5c\u7cfb\u7edf\u90fd\u63d0\u4f9b\u5206\u533a\u5316\u652f\u6301\u3002Linux \u652f\u6301\u547d\u540d\u7a7a\u95f4\u5c06\u8fdb\u7a0b\u5206\u914d\u5230\u72ec\u7acb\u7684\u57df\u4e2d\u3002\u672c\u6307\u5357\u7684\u5176\u4ed6\u90e8\u5206\u66f4\u8be6\u7ec6\u5730\u4ecb\u7ecd\u4e86\u7cfb\u7edf\u533a\u9694\u3002 \u7f51\u7edc\u7b56\u7565 \u00b6 \u7531\u4e8e API \u7aef\u70b9\u901a\u5e38\u6865\u63a5\u591a\u4e2a\u5b89\u5168\u57df\uff0c\u56e0\u6b64\u60a8\u5fc5\u987b\u7279\u522b\u6ce8\u610f API \u8fdb\u7a0b\u7684\u5212\u5206\u3002\u6709\u5173\u6b64\u533a\u57df\u7684\u5176\u4ed6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u6865\u63a5\u5b89\u5168\u57df\u3002 \u901a\u8fc7\u4ed4\u7ec6\u5efa\u6a21\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528\u7f51\u7edc ACL \u548c IDS \u6280\u672f\u5728\u7f51\u7edc\u670d\u52a1\u4e4b\u95f4\u5f3a\u5236\u5b9e\u65bd\u663e\u5f0f\u70b9\u5bf9\u70b9\u901a\u4fe1\u3002\u4f5c\u4e3a\u4e00\u9879\u5173\u952e\u7684\u8de8\u57df\u670d\u52a1\uff0c\u8fd9\u79cd\u663e\u5f0f\u5f3a\u5236\u6267\u884c\u5bf9 OpenStack \u7684\u6d88\u606f\u961f\u5217\u670d\u52a1\u975e\u5e38\u6709\u6548\u3002 \u8981\u5b9e\u65bd\u7b56\u7565\uff0c\u60a8\u53ef\u4ee5\u914d\u7f6e\u670d\u52a1\u3001\u57fa\u4e8e\u4e3b\u673a\u7684\u9632\u706b\u5899\uff08\u4f8b\u5982 iptables\uff09\u3001\u672c\u5730\u7b56\u7565\uff08SELinux \u6216 AppArmor\uff09\u4ee5\u53ca\u53ef\u9009\u7684\u5168\u5c40\u7f51\u7edc\u7b56\u7565\u3002 \u5f3a\u5236\u8bbf\u95ee\u63a7\u5236 \u00b6 \u60a8\u5e94\u8be5\u5c06 API \u7aef\u70b9\u8fdb\u7a0b\u5f7c\u6b64\u9694\u79bb\uff0c\u5e76\u9694\u79bb\u8ba1\u7b97\u673a\u4e0a\u7684\u5176\u4ed6\u8fdb\u7a0b\u3002\u8fd9\u4e9b\u8fdb\u7a0b\u7684\u914d\u7f6e\u4e0d\u4ec5\u5e94\u901a\u8fc7\u4efb\u610f\u8bbf\u95ee\u63a7\u5236\uff0c\u8fd8\u5e94\u901a\u8fc7\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236\u6765\u9650\u5236\u8fd9\u4e9b\u8fdb\u7a0b\u3002\u8fd9\u4e9b\u589e\u5f3a\u7684\u8bbf\u95ee\u63a7\u5236\u7684\u76ee\u6807\u662f\u5e2e\u52a9\u904f\u5236\u548c\u5347\u7ea7 API \u7aef\u70b9\u5b89\u5168\u6f0f\u6d1e\u3002\u901a\u8fc7\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236\uff0c\u6b64\u7c7b\u8fdd\u89c4\u884c\u4e3a\u4f1a\u4e25\u91cd\u9650\u5236\u5bf9\u8d44\u6e90\u7684\u8bbf\u95ee\uff0c\u5e76\u9488\u5bf9\u6b64\u7c7b\u4e8b\u4ef6\u63d0\u4f9b\u65e9\u671f\u8b66\u62a5\u3002 API \u7aef\u70b9\u901f\u7387\u9650\u5236 \u00b6 \u901f\u7387\u9650\u5236\u662f\u4e00\u79cd\u63a7\u5236\u57fa\u4e8e\u7f51\u7edc\u7684\u5e94\u7528\u7a0b\u5e8f\u63a5\u6536\u4e8b\u4ef6\u9891\u7387\u7684\u65b9\u6cd5\u3002\u5982\u679c\u4e0d\u5b58\u5728\u53ef\u9760\u7684\u901f\u7387\u9650\u5236\uff0c\u5219\u53ef\u80fd\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5bb9\u6613\u53d7\u5230\u5404\u79cd\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u5bf9\u4e8e API \u5c24\u5176\u5982\u6b64\uff0c\u56e0\u4e3a API \u7684\u672c\u8d28\u662f\u65e8\u5728\u63a5\u53d7\u9ad8\u9891\u7387\u7684\u7c7b\u4f3c\u8bf7\u6c42\u7c7b\u578b\u548c\u64cd\u4f5c\u3002 \u5728 OpenStack \u4e2d\uff0c\u5efa\u8bae\u901a\u8fc7\u901f\u7387\u9650\u5236\u4ee3\u7406\u6216 Web \u5e94\u7528\u7a0b\u5e8f\u9632\u706b\u5899\u4e3a\u6240\u6709\u7aef\u70b9\uff08\u5c24\u5176\u662f\u516c\u5171\u7aef\u70b9\uff09\u63d0\u4f9b\u989d\u5916\u7684\u4fdd\u62a4\u5c42\u3002 \u5728\u914d\u7f6e\u548c\u5b9e\u73b0\u4efb\u4f55\u901f\u7387\u9650\u5236\u529f\u80fd\u65f6\uff0c\u8fd0\u8425\u5546\u5fc5\u987b\u4ed4\u7ec6\u89c4\u5212\u5e76\u8003\u8651\u5176 OpenStack \u4e91\u4e2d\u7528\u6237\u548c\u670d\u52a1\u7684\u4e2a\u4eba\u6027\u80fd\u9700\u6c42\uff0c\u8fd9\u4e00\u70b9\u81f3\u5173\u91cd\u8981\u3002 \u63d0\u4f9b\u901f\u7387\u9650\u5236\u7684\u5e38\u89c1\u89e3\u51b3\u65b9\u6848\u662f Nginx\u3001HAProxy\u3001OpenPose \u6216 Apache \u6a21\u5757\uff0c\u4f8b\u5982 mod_ratelimit\u3001mod_qos \u6216 mod_security\u3002 \u8eab\u4efd\u9274\u522b \u00b6 Keystone\u8eab\u4efd\u670d\u52a1\u4e3aOpenStack\u7cfb\u5217\u670d\u52a1\u4e13\u95e8\u63d0\u4f9b\u8eab\u4efd\u3001\u4ee4\u724c\u3001\u76ee\u5f55\u548c\u7b56\u7565\u670d\u52a1\u3002\u8eab\u4efd\u670d\u52a1\u7ec4\u7ec7\u4e3a\u4e00\u7ec4\u5185\u90e8\u670d\u52a1\uff0c\u901a\u8fc7\u4e00\u4e2a\u6216\u591a\u4e2a\u7aef\u70b9\u66b4\u9732\u3002\u8fd9\u4e9b\u670d\u52a1\u4e2d\u7684\u8bb8\u591a\u662f\u7531\u524d\u7aef\u4ee5\u7ec4\u5408\u65b9\u5f0f\u4f7f\u7528\u7684\u3002\u4f8b\u5982\uff0c\u8eab\u4efd\u9a8c\u8bc1\u8c03\u7528\u901a\u8fc7\u8eab\u4efd\u670d\u52a1\u9a8c\u8bc1\u7528\u6237\u548c\u9879\u76ee\u51ed\u636e\u3002\u5982\u679c\u6210\u529f\uff0c\u5b83\u5c06\u4f7f\u7528\u4ee4\u724c\u670d\u52a1\u521b\u5efa\u5e76\u8fd4\u56de\u4ee4\u724c\u3002\u66f4\u591a\u4fe1\u606f\u53ef\u4ee5\u5728Keystone\u5f00\u53d1\u8005\u6587\u6863\u4e2d\u627e\u5230\u3002 \u8ba4\u8bc1 \u65e0\u6548\u7684\u767b\u5f55\u5c1d\u8bd5 \u591a\u56e0\u7d20\u8ba4\u8bc1 \u8ba4\u8bc1\u65b9\u6cd5 \u5185\u90e8\u5b9e\u65bd\u7684\u8ba4\u8bc1\u65b9\u6cd5 \u5916\u90e8\u8ba4\u8bc1\u65b9\u6cd5 \u6388\u6743 \u5efa\u7acb\u6b63\u5f0f\u7684\u8bbf\u95ee\u63a7\u5236\u7b56\u7565 \u670d\u52a1\u6388\u6743 \u7ba1\u7406\u539f\u7528\u6237 \u7ec8\u7aef\u7528\u6237 \u7b56\u7565 \u4ee4\u724c Fernet \u4ee4\u724c JWT \u4ee4\u724c \u57df \u8054\u5408 Keystone \u4e3a\u4ec0\u4e48\u8981\u4f7f\u7528\u8054\u5408\u9274\u522b \u68c0\u67e5\u8868 Check-Identity-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a keystone\uff1f Check-Identity-02\uff1a\u662f\u5426\u4e3a\u8eab\u4efd\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u6743\u9650 Check-Identity-03\uff1a\u662f\u5426\u4e3a Identity \u542f\u7528\u4e86 TLS\uff1f Check-Identity-04\uff1a\uff08\u5df2\u8fc7\u65f6\uff09 Check-Identity-05\uff1a\u662f\u5426 max_request_body_size \u8bbe\u7f6e\u4e3a\u9ed8\u8ba4\u503c \uff08114688\uff09\uff1f check-identity-06:\u7981\u7528/etc/keystone/keystone.conf\u4e2d\u7684\u7ba1\u7406\u4ee4\u724c check-identity-07:/etc/keystone/keystone.conf\u4e2d\u7684\u4e0d\u5b89\u5168_\u8c03\u8bd5\u4e3a\u5047 check-identity-08:\u4f7f\u7528/etc/keystone/keystone.conf\u4e2d\u7684Fernet\u4ee4\u724c \u8ba4\u8bc1 \u00b6 \u8eab\u4efd\u8ba4\u8bc1\u662f\u4efb\u4f55\u5b9e\u9645OpenStack\u90e8\u7f72\u4e2d\u4e0d\u53ef\u6216\u7f3a\u7684\u4e00\u90e8\u5206\uff0c\u56e0\u6b64\u5e94\u8be5\u4ed4\u7ec6\u8003\u8651\u7cfb\u7edf\u8bbe\u8ba1\u7684\u8fd9\u4e00\u65b9\u9762\u3002\u672c\u4e3b\u9898\u7684\u5b8c\u6574\u5904\u7406\u8d85\u51fa\u4e86\u672c\u6307\u5357\u7684\u8303\u56f4\uff0c\u4f46\u662f\u4ee5\u4e0b\u5404\u8282\u4ecb\u7ecd\u4e86\u4e00\u4e9b\u5173\u952e\u4e3b\u9898\u3002 \u4ece\u6839\u672c\u4e0a\u8bf4\uff0c\u8eab\u4efd\u8ba4\u8bc1\u662f\u786e\u8ba4\u8eab\u4efd\u7684\u8fc7\u7a0b - \u7528\u6237\u5b9e\u9645\u4e0a\u662f\u4ed6\u4eec\u58f0\u79f0\u7684\u8eab\u4efd\u3002\u4e00\u4e2a\u719f\u6089\u7684\u793a\u4f8b\u662f\u5728\u767b\u5f55\u7cfb\u7edf\u65f6\u63d0\u4f9b\u7528\u6237\u540d\u548c\u5bc6\u7801\u3002 OpenStack \u8eab\u4efd\u9274\u522b\u670d\u52a1\uff08keystone\uff09\u652f\u6301\u591a\u79cd\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\uff0c\u5305\u62ec\u7528\u6237\u540d\u548c\u5bc6\u7801\u3001LDAP \u548c\u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u3002\u8eab\u4efd\u8ba4\u8bc1\u6210\u529f\u540e\uff0c\u8eab\u4efd\u9274\u522b\u670d\u52a1\u4f1a\u5411\u7528\u6237\u63d0\u4f9b\u7528\u4e8e\u540e\u7eed\u670d\u52a1\u8bf7\u6c42\u7684\u6388\u6743\u4ee4\u724c\u3002 \u4f20\u8f93\u5c42\u5b89\u5168\u6027 \uff08TLS\uff09 \u4f7f\u7528 X.509 \u8bc1\u4e66\u5728\u670d\u52a1\u548c\u4eba\u5458\u4e4b\u95f4\u63d0\u4f9b\u8eab\u4efd\u9a8c\u8bc1\u3002\u5c3d\u7ba1 TLS \u7684\u9ed8\u8ba4\u6a21\u5f0f\u662f\u4ec5\u670d\u52a1\u5668\u7aef\u8eab\u4efd\u9a8c\u8bc1\uff0c\u4f46\u8bc1\u4e66\u4e5f\u53ef\u7528\u4e8e\u5ba2\u6237\u7aef\u8eab\u4efd\u9a8c\u8bc1\u3002 \u65e0\u6548\u7684\u767b\u5f55\u5c1d\u8bd5 \u00b6 \u4ece Newton \u7248\u672c\u5f00\u59cb\uff0c\u8eab\u4efd\u9274\u522b\u670d\u52a1\u53ef\u4ee5\u5728\u591a\u6b21\u767b\u5f55\u5c1d\u8bd5\u5931\u8d25\u540e\u9650\u5236\u5bf9\u5e10\u6237\u7684\u8bbf\u95ee\u3002\u91cd\u590d\u5931\u8d25\u767b\u5f55\u5c1d\u8bd5\u7684\u6a21\u5f0f\u901a\u5e38\u662f\u66b4\u529b\u653b\u51fb\u7684\u6307\u6807\uff08\u8bf7\u53c2\u9605\u653b\u51fb\u7c7b\u578b\uff09\u3002\u8fd9\u79cd\u7c7b\u578b\u7684\u653b\u51fb\u5728\u516c\u6709\u4e91\u90e8\u7f72\u4e2d\u66f4\u4e3a\u666e\u904d\u3002 \u5bf9\u4e8e\u9700\u8981\u6b64\u529f\u80fd\u7684\u65e7\u90e8\u7f72\uff0c\u53ef\u4ee5\u4f7f\u7528\u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1\u7cfb\u7edf\u8fdb\u884c\u9884\u9632\uff0c\u8be5\u7cfb\u7edf\u5728\u914d\u7f6e\u7684\u767b\u5f55\u5c1d\u8bd5\u5931\u8d25\u6b21\u6570\u540e\u9501\u5b9a\u5e10\u6237\u3002\u7136\u540e\uff0c\u53ea\u6709\u901a\u8fc7\u8fdb\u4e00\u6b65\u7684\u4fa7\u4fe1\u9053\u5e72\u9884\u624d\u80fd\u89e3\u9501\u8be5\u5e10\u6237\u3002 \u5982\u679c\u65e0\u6cd5\u9884\u9632\uff0c\u5219\u53ef\u4ee5\u4f7f\u7528\u68c0\u6d4b\u6765\u51cf\u8f7b\u635f\u5bb3\u3002\u68c0\u6d4b\u6d89\u53ca\u9891\u7e41\u67e5\u770b\u8bbf\u95ee\u63a7\u5236\u65e5\u5fd7\uff0c\u4ee5\u8bc6\u522b\u672a\u7ecf\u6388\u6743\u7684\u5e10\u6237\u8bbf\u95ee\u5c1d\u8bd5\u3002\u53ef\u80fd\u7684\u8865\u6551\u63aa\u65bd\u5305\u62ec\u68c0\u67e5\u7528\u6237\u5bc6\u7801\u7684\u5f3a\u5ea6\uff0c\u6216\u901a\u8fc7\u9632\u706b\u5899\u89c4\u5219\u963b\u6b62\u653b\u51fb\u7684\u7f51\u7edc\u6e90\u3002Keystone \u670d\u52a1\u5668\u4e0a\u9650\u5236\u8fde\u63a5\u6570\u7684\u9632\u706b\u5899\u89c4\u5219\u53ef\u7528\u4e8e\u964d\u4f4e\u653b\u51fb\u6548\u7387\uff0c\u4ece\u800c\u529d\u963b\u653b\u51fb\u8005\u3002 \u6b64\u5916\uff0c\u68c0\u67e5\u5e10\u6237\u6d3b\u52a8\u662f\u5426\u5b58\u5728\u5f02\u5e38\u767b\u5f55\u65f6\u95f4\u548c\u53ef\u7591\u64cd\u4f5c\uff0c\u5e76\u91c7\u53d6\u7ea0\u6b63\u63aa\u65bd\uff08\u5982\u7981\u7528\u5e10\u6237\uff09\u4e5f\u5f88\u6709\u7528\u3002\u901a\u5e38\uff0c\u4fe1\u7528\u5361\u63d0\u4f9b\u5546\u91c7\u7528\u8fd9\u79cd\u65b9\u6cd5\u8fdb\u884c\u6b3a\u8bc8\u68c0\u6d4b\u548c\u8b66\u62a5\u3002 \u591a\u56e0\u7d20\u8eab\u4efd\u9a8c\u8bc1 \u00b6 \u91c7\u7528\u591a\u91cd\u8eab\u4efd\u9a8c\u8bc1\u5bf9\u7279\u6743\u7528\u6237\u5e10\u6237\u8fdb\u884c\u7f51\u7edc\u8bbf\u95ee\u3002\u8eab\u4efd\u9274\u522b\u670d\u52a1\u901a\u8fc7\u53ef\u63d0\u4f9b\u6b64\u529f\u80fd\u7684 Apache Web \u670d\u52a1\u5668\u652f\u6301\u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u3002\u670d\u52a1\u5668\u8fd8\u53ef\u4ee5\u4f7f\u7528\u8bc1\u4e66\u5f3a\u5236\u6267\u884c\u5ba2\u6237\u7aef\u8eab\u4efd\u9a8c\u8bc1\u3002 \u6b64\u5efa\u8bae\u53ef\u9632\u6b62\u66b4\u529b\u7834\u89e3\u3001\u793e\u4f1a\u5de5\u7a0b\u4ee5\u53ca\u53ef\u80fd\u6cc4\u9732\u7ba1\u7406\u5458\u5bc6\u7801\u7684\u72d9\u51fb\u548c\u5927\u89c4\u6a21\u7f51\u7edc\u9493\u9c7c\u653b\u51fb\u3002 \u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5 \u00b6 \u5185\u90e8\u5b9e\u73b0\u7684\u8ba4\u8bc1\u65b9\u5f0f \u00b6 \u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u53ef\u4ee5\u5c06\u7528\u6237\u51ed\u636e\u5b58\u50a8\u5728 SQL \u6570\u636e\u5e93\u4e2d\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u7b26\u5408 LDAP \u7684\u76ee\u5f55\u670d\u52a1\u5668\u3002\u8eab\u4efd\u6570\u636e\u5e93\u53ef\u4ee5\u4e0e\u5176\u4ed6 OpenStack \u670d\u52a1\u4f7f\u7528\u7684\u6570\u636e\u5e93\u5206\u5f00\uff0c\u4ee5\u964d\u4f4e\u5b58\u50a8\u51ed\u636e\u6cc4\u9732\u7684\u98ce\u9669\u3002 \u5f53\u60a8\u4f7f\u7528\u7528\u6237\u540d\u548c\u5bc6\u7801\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u65f6\uff0c\u8eab\u4efd\u670d\u52a1\u4e0d\u4f1a\u5f3a\u5236\u6267\u884c NIST Special Publication 800-118\uff08\u8349\u6848\uff09\u4e2d\u63a8\u8350\u7684\u6709\u5173\u5bc6\u7801\u5f3a\u5ea6\u3001\u8fc7\u671f\u6216\u5931\u8d25\u8eab\u4efd\u9a8c\u8bc1\u5c1d\u8bd5\u7684\u7b56\u7565\u3002\u5e0c\u671b\u6267\u884c\u66f4\u4e25\u683c\u5bc6\u7801\u7b56\u7565\u7684\u7ec4\u7ec7\u5e94\u8003\u8651\u4f7f\u7528\u8eab\u4efd\u670d\u52a1\u7684\u6269\u5c55\u6216\u5916\u90e8\u8ba4\u8bc1\u670d\u52a1\u3002 LDAP \u7b80\u5316\u4e86\u8eab\u4efd\u8ba4\u8bc1\u4e0e\u7ec4\u7ec7\u73b0\u6709\u76ee\u5f55\u670d\u52a1\u548c\u7528\u6237\u5e10\u6237\u7ba1\u7406\u6d41\u7a0b\u7684\u96c6\u6210\u3002 OpenStack \u4e2d\u7684\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743\u7b56\u7565\u53ef\u4ee5\u59d4\u6258\u7ed9\u5176\u4ed6\u670d\u52a1\u3002\u4e00\u4e2a\u5178\u578b\u7684\u7528\u4f8b\u662f\u5bfb\u6c42\u90e8\u7f72\u79c1\u6709\u4e91\u7684\u7ec4\u7ec7\uff0c\u5e76\u4e14\u5df2\u7ecf\u5728 LDAP \u7cfb\u7edf\u4e2d\u62e5\u6709\u5458\u5de5\u548c\u7528\u6237\u7684\u6570\u636e\u5e93\u3002\u4f7f\u7528\u6b64\u8eab\u4efd\u9a8c\u8bc1\u673a\u6784\uff0c\u5c06\u5bf9\u8eab\u4efd\u670d\u52a1\u7684\u8bf7\u6c42\u59d4\u6258\u7ed9 LDAP \u7cfb\u7edf\uff0c\u7136\u540e LDAP \u7cfb\u7edf\u5c06\u6839\u636e\u5176\u7b56\u7565\u8fdb\u884c\u6388\u6743\u6216\u62d2\u7edd\u3002\u8eab\u4efd\u9a8c\u8bc1\u6210\u529f\u540e\uff0c\u8eab\u4efd\u9274\u522b\u670d\u52a1\u4f1a\u751f\u6210\u4e00\u4e2a\u4ee4\u724c\uff0c\u7528\u4e8e\u8bbf\u95ee\u6388\u6743\u670d\u52a1\u3002 \u8bf7\u6ce8\u610f\uff0c\u5982\u679c LDAP \u7cfb\u7edf\u5177\u6709\u4e3a\u7528\u6237\u5b9a\u4e49\u7684\u5c5e\u6027\uff0c\u4f8b\u5982 admin\u3001finance\u3001HR \u7b49\uff0c\u5219\u5fc5\u987b\u5c06\u8fd9\u4e9b\u5c5e\u6027\u6620\u5c04\u5230\u8eab\u4efd\u9274\u522b\u4e2d\u7684\u89d2\u8272\u548c\u7ec4\uff0c\u4ee5\u4f9b\u5404\u79cd OpenStack \u670d\u52a1\u4f7f\u7528\u3002\u8be5\u6587\u4ef6 /etc/keystone/keystone.conf \u5c06 LDAP \u5c5e\u6027\u6620\u5c04\u5230\u8eab\u4efd\u5c5e\u6027\u3002 \u4e0d\u5f97\u5141\u8bb8\u8eab\u4efd\u670d\u52a1\u5199\u5165\u7528\u4e8e OpenStack \u90e8\u7f72\u4e4b\u5916\u7684\u8eab\u4efd\u9a8c\u8bc1\u7684 LDAP \u670d\u52a1\uff0c\u56e0\u4e3a\u8fd9\u5c06\u5141\u8bb8\u5177\u6709\u8db3\u591f\u6743\u9650\u7684 keystone \u7528\u6237\u5bf9 LDAP \u76ee\u5f55\u8fdb\u884c\u66f4\u6539\u3002\u8fd9\u5c06\u5141\u8bb8\u5728\u66f4\u5e7f\u6cdb\u7684\u7ec4\u7ec7\u5185\u8fdb\u884c\u6743\u9650\u5347\u7ea7\uff0c\u6216\u4fc3\u8fdb\u5bf9\u5176\u4ed6\u4fe1\u606f\u548c\u8d44\u6e90\u7684\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002\u5728\u8fd9\u6837\u7684\u90e8\u7f72\u4e2d\uff0c\u7528\u6237\u914d\u7f6e\u5c06\u8d85\u51fa OpenStack \u90e8\u7f72\u7684\u8303\u56f4\u3002 \u6ce8\u610f \u6709\u4e00\u4e2a\u5173\u4e8e keystone.conf \u6743\u9650\u7684 OpenStack \u5b89\u5168\u8bf4\u660e \uff08OSSN\uff09\u3002 \u6709\u4e00\u4e2a\u5173\u4e8e\u6f5c\u5728 DoS \u653b\u51fb\u7684 OpenStack \u5b89\u5168\u8bf4\u660e \uff08OSSN\uff09\u3002 \u5916\u90e8\u8ba4\u8bc1\u65b9\u5f0f \u00b6 \u672c\u7ec4\u7ec7\u53ef\u80fd\u5e0c\u671b\u5b9e\u73b0\u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1\uff0c\u4ee5\u4fbf\u4e0e\u73b0\u6709\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u517c\u5bb9\uff0c\u6216\u5f3a\u5236\u5b9e\u65bd\u66f4\u5f3a\u7684\u8eab\u4efd\u9a8c\u8bc1\u7b56\u7565\u8981\u6c42\u3002\u5c3d\u7ba1\u5bc6\u7801\u662f\u6700\u5e38\u89c1\u7684\u8eab\u4efd\u9a8c\u8bc1\u5f62\u5f0f\uff0c\u4f46\u5b83\u4eec\u53ef\u4ee5\u901a\u8fc7\u591a\u79cd\u65b9\u6cd5\u6cc4\u9732\uff0c\u5305\u62ec\u51fb\u952e\u8bb0\u5f55\u548c\u5bc6\u7801\u6cc4\u9732\u3002\u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u53ef\u4ee5\u63d0\u4f9b\u66ff\u4ee3\u5f62\u5f0f\u7684\u8eab\u4efd\u9a8c\u8bc1\uff0c\u4ee5\u6700\u5927\u7a0b\u5ea6\u5730\u964d\u4f4e\u5f31\u5bc6\u7801\u5e26\u6765\u7684\u98ce\u9669\u3002 \u8fd9\u4e9b\u5305\u62ec\uff1a \u5bc6\u7801\u7b56\u7565\u5b9e\u65bd \u8981\u6c42\u7528\u6237\u5bc6\u7801\u7b26\u5408\u957f\u5ea6\u3001\u5b57\u7b26\u591a\u6837\u6027\u3001\u8fc7\u671f\u6216\u767b\u5f55\u5c1d\u8bd5\u5931\u8d25\u7684\u6700\u4f4e\u6807\u51c6\u3002\u5728\u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6848\u4e2d\uff0c\u8fd9\u5c06\u662f\u539f\u59cb\u8eab\u4efd\u5b58\u50a8\u4e0a\u7684\u5bc6\u7801\u7b56\u7565\u3002 \u591a\u56e0\u7d20\u8eab\u4efd\u9a8c\u8bc1 \u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u8981\u6c42\u7528\u6237\u6839\u636e\u4ed6\u4eec\u62e5\u6709\u7684\u5185\u5bb9\uff08\u5982\u4e00\u6b21\u6027\u5bc6\u7801\u4ee4\u724c\u6216 X.509 \u8bc1\u4e66\uff09\u548c\u4ed6\u4eec\u77e5\u9053\u7684\u5185\u5bb9\uff08\u5982\u5bc6\u7801\uff09\u63d0\u4f9b\u4fe1\u606f\u3002 Kerberos \u4e00\u79cd\u4f7f\u7528\u201c\u7968\u8bc1\u201d\u8fdb\u884c\u53cc\u5411\u8ba4\u8bc1\u7684\u7f51\u7edc\u534f\u8bae\uff0c\u7528\u4e8e\u4fdd\u62a4\u5ba2\u6237\u7aef\u548c\u670d\u52a1\u5668\u4e4b\u95f4\u7684\u901a\u4fe1\u3002Kerberos \u7968\u8bc1\u6388\u4e88\u7968\u8bc1\u53ef\u5b89\u5168\u5730\u4e3a\u7279\u5b9a\u670d\u52a1\u63d0\u4f9b\u7968\u8bc1\u3002 \u6388\u6743 \u00b6 \u8eab\u4efd\u670d\u52a1\u652f\u6301\u7ec4\u548c\u89d2\u8272\u7684\u6982\u5ff5\u3002\u7528\u6237\u5c5e\u4e8e\u7ec4\uff0c\u800c\u7ec4\u5177\u6709\u89d2\u8272\u5217\u8868\u3002OpenStack \u670d\u52a1\u5f15\u7528\u5c1d\u8bd5\u8bbf\u95ee\u8be5\u670d\u52a1\u7684\u7528\u6237\u7684\u89d2\u8272\u3002OpenStack \u7b56\u7565\u6267\u884c\u5668\u4e2d\u95f4\u4ef6\u4f1a\u8003\u8651\u4e0e\u6bcf\u4e2a\u8d44\u6e90\u5173\u8054\u7684\u7b56\u7565\u89c4\u5219\uff0c\u7136\u540e\u8003\u8651\u7528\u6237\u7684\u7ec4/\u89d2\u8272\u548c\u5173\u8054\uff0c\u4ee5\u786e\u5b9a\u662f\u5426\u5141\u8bb8\u8bbf\u95ee\u6240\u8bf7\u6c42\u7684\u8d44\u6e90\u3002 \u7b56\u7565\u5b9e\u65bd\u4e2d\u95f4\u4ef6\u652f\u6301\u5bf9 OpenStack \u8d44\u6e90\u8fdb\u884c\u7ec6\u7c92\u5ea6\u7684\u8bbf\u95ee\u63a7\u5236\u3002\u7b56\u7565\u4e2d\u6df1\u5165\u8ba8\u8bba\u4e86\u7b56\u7565\u7684\u884c\u4e3a\u3002 \u5efa\u7acb\u6b63\u5f0f\u7684\u8bbf\u95ee\u63a7\u5236\u7b56\u7565 \u00b6 \u5728\u914d\u7f6e\u89d2\u8272\u3001\u7ec4\u548c\u7528\u6237\u4e4b\u524d\uff0c\u8bf7\u8bb0\u5f55 OpenStack \u5b89\u88c5\u6240\u9700\u7684\u8bbf\u95ee\u63a7\u5236\u7b56\u7565\u3002\u8fd9\u4e9b\u7b56\u7565\u5e94\u4e0e\u7ec4\u7ec7\u7684\u4efb\u4f55\u6cd5\u89c4\u6216\u6cd5\u5f8b\u8981\u6c42\u4fdd\u6301\u4e00\u81f4\u3002\u5c06\u6765\u5bf9\u8bbf\u95ee\u63a7\u5236\u914d\u7f6e\u7684\u4fee\u6539\u5e94\u4e0e\u6b63\u5f0f\u7b56\u7565\u4fdd\u6301\u4e00\u81f4\u3002\u7b56\u7565\u5e94\u5305\u62ec\u521b\u5efa\u3001\u5220\u9664\u3001\u7981\u7528\u548c\u542f\u7528\u5e10\u6237\u4ee5\u53ca\u4e3a\u5e10\u6237\u5206\u914d\u6743\u9650\u7684\u6761\u4ef6\u548c\u8fc7\u7a0b\u3002\u5b9a\u671f\u67e5\u770b\u7b56\u7565\uff0c\u5e76\u786e\u4fdd\u914d\u7f6e\u7b26\u5408\u6279\u51c6\u7684\u7b56\u7565\u3002 \u670d\u52a1\u6388\u6743 \u00b6 \u4e91\u7ba1\u7406\u5458\u5fc5\u987b\u4e3a\u6bcf\u4e2a\u670d\u52a1\u5b9a\u4e49\u4e00\u4e2a\u5177\u6709\u7ba1\u7406\u5458\u89d2\u8272\u7684\u7528\u6237\uff0c\u5982\u300aOpenStack \u7ba1\u7406\u5458\u6307\u5357\u300b\u4e2d\u6240\u8ff0\u3002\u6b64\u670d\u52a1\u5e10\u6237\u4e3a\u670d\u52a1\u63d0\u4f9b\u5bf9\u7528\u6237\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u7684\u6388\u6743\u3002 \u53ef\u4ee5\u5c06\u8ba1\u7b97\u548c\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u914d\u7f6e\u4e3a\u4f7f\u7528\u8eab\u4efd\u670d\u52a1\u6765\u5b58\u50a8\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u3002\u5b58\u50a8\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u7684\u5176\u4ed6\u9009\u9879\u5305\u62ec\u4f7f\u7528\u201ctempAuth\u201d\u6587\u4ef6\uff0c\u4f46\u4e0d\u5e94\u5c06\u5176\u90e8\u7f72\u5728\u751f\u4ea7\u73af\u5883\u4e2d\uff0c\u56e0\u4e3a\u5bc6\u7801\u4ee5\u7eaf\u6587\u672c\u5f62\u5f0f\u663e\u793a\u3002 \u8eab\u4efd\u9274\u522b\u670d\u52a1\u652f\u6301\u5bf9 TLS \u8fdb\u884c\u5ba2\u6237\u7aef\u8eab\u4efd\u9a8c\u8bc1\uff0c\u8be5\u8eab\u4efd\u9a8c\u8bc1\u53ef\u80fd\u5df2\u542f\u7528\u3002\u9664\u4e86\u7528\u6237\u540d\u548c\u5bc6\u7801\u4e4b\u5916\uff0cTLS \u5ba2\u6237\u7aef\u8eab\u4efd\u9a8c\u8bc1\u8fd8\u63d0\u4f9b\u4e86\u989d\u5916\u7684\u8eab\u4efd\u9a8c\u8bc1\u56e0\u7d20\uff0c\u4ece\u800c\u63d0\u9ad8\u4e86\u7528\u6237\u6807\u8bc6\u7684\u53ef\u9760\u6027\u3002\u5f53\u7528\u6237\u540d\u548c\u5bc6\u7801\u53ef\u80fd\u88ab\u6cc4\u9732\u65f6\uff0c\u5b83\u964d\u4f4e\u4e86\u672a\u7ecf\u6388\u6743\u8bbf\u95ee\u7684\u98ce\u9669\u3002\u4f46\u662f\uff0c\u5411\u7528\u6237\u9881\u53d1\u8bc1\u4e66\u4f1a\u4ea7\u751f\u989d\u5916\u7684\u7ba1\u7406\u5f00\u9500\u548c\u6210\u672c\uff0c\u8fd9\u5728\u6bcf\u6b21\u90e8\u7f72\u4e2d\u90fd\u53ef\u80fd\u4e0d\u53ef\u884c\u3002 \u6ce8\u610f \u6211\u4eec\u5efa\u8bae\u60a8\u5c06\u5ba2\u6237\u7aef\u8eab\u4efd\u9a8c\u8bc1\u4e0e TLS \u7ed3\u5408\u4f7f\u7528\uff0c\u4ee5\u4fbf\u5bf9\u8eab\u4efd\u9274\u522b\u670d\u52a1\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002 \u4e91\u7ba1\u7406\u5458\u5e94\u4fdd\u62a4\u654f\u611f\u7684\u914d\u7f6e\u6587\u4ef6\u514d\u906d\u672a\u7ecf\u6388\u6743\u7684\u4fee\u6539\u3002\u8fd9\u53ef\u4ee5\u901a\u8fc7\u5f3a\u5236\u6027\u8bbf\u95ee\u63a7\u5236\u6846\u67b6\uff08\u5982 SELinux\uff09\u6765\u5b9e\u73b0\uff0c\u5305\u62ec /etc/keystone/keystone.conf X.509 \u8bc1\u4e66\u3002 \u4f7f\u7528 TLS \u7684\u5ba2\u6237\u7aef\u8eab\u4efd\u9a8c\u8bc1\u9700\u8981\u5411\u670d\u52a1\u9881\u53d1\u8bc1\u4e66\u3002\u8fd9\u4e9b\u8bc1\u4e66\u53ef\u4ee5\u7531\u5916\u90e8\u6216\u5185\u90e8\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u7b7e\u540d\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0cOpenStack \u670d\u52a1\u4f1a\u6839\u636e\u53d7\u4fe1\u4efb\u7684 CA \u68c0\u67e5\u8bc1\u4e66\u7b7e\u540d\u7684\u6709\u6548\u6027\uff0c\u5982\u679c\u7b7e\u540d\u65e0\u6548\u6216 CA \u4e0d\u53ef\u4fe1\uff0c\u8fde\u63a5\u5c06\u5931\u8d25\u3002\u4e91\u90e8\u7f72\u4eba\u5458\u53ef\u4ee5\u4f7f\u7528\u81ea\u7b7e\u540d\u8bc1\u4e66\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u5fc5\u987b\u7981\u7528\u6709\u6548\u6027\u68c0\u67e5\uff0c\u6216\u8005\u5e94\u5c06\u8bc1\u4e66\u6807\u8bb0\u4e3a\u53d7\u4fe1\u4efb\u3002\u82e5\u8981\u7981\u7528\u81ea\u7b7e\u540d\u8bc1\u4e66\u7684\u9a8c\u8bc1\uff0c\u8bf7\u5728 /etc/nova/api.paste.ini \u6587\u4ef6\u7684 [filter:authtoken] \u201c\u90e8\u5206\u201d\u4e2d\u8fdb\u884c\u8bbe\u7f6e insecure=False \u3002\u6b64\u8bbe\u7f6e\u8fd8\u4f1a\u7981\u7528\u5176\u4ed6\u7ec4\u4ef6\u7684\u8bc1\u4e66\u3002 \u7ba1\u7406\u5458\u7528\u6237 \u00b6 \u6211\u4eec\u5efa\u8bae\u7ba1\u7406\u5458\u7528\u6237\u4f7f\u7528\u8eab\u4efd\u670d\u52a1\u548c\u652f\u6301 2 \u56e0\u7d20\u8eab\u4efd\u9a8c\u8bc1\u7684\u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\uff08\u4f8b\u5982\u8bc1\u4e66\uff09\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u8fd9\u6837\u53ef\u4ee5\u964d\u4f4e\u5bc6\u7801\u53ef\u80fd\u88ab\u6cc4\u9732\u7684\u98ce\u9669\u3002\u6b64\u5efa\u8bae\u7b26\u5408 NIST 800-53 IA-2\uff081\uff09 \u6307\u5357\uff0c\u5373\u4f7f\u7528\u591a\u91cd\u8eab\u4efd\u9a8c\u8bc1\u5bf9\u7279\u6743\u5e10\u6237\u8fdb\u884c\u7f51\u7edc\u8bbf\u95ee\u3002 \u7ec8\u7aef\u7528\u6237 \u00b6 \u8eab\u4efd\u9274\u522b\u670d\u52a1\u53ef\u4ee5\u76f4\u63a5\u63d0\u4f9b\u6700\u7ec8\u7528\u6237\u8eab\u4efd\u9a8c\u8bc1\uff0c\u4e5f\u53ef\u4ee5\u914d\u7f6e\u4e3a\u4f7f\u7528\u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u4ee5\u7b26\u5408\u7ec4\u7ec7\u7684\u5b89\u5168\u7b56\u7565\u548c\u8981\u6c42\u3002 \u653f\u7b56 \u00b6 \u6bcf\u4e2a OpenStack \u670d\u52a1\u90fd\u5728\u5173\u8054\u7684\u7b56\u7565\u6587\u4ef6\u4e2d\u5b9a\u4e49\u5176\u8d44\u6e90\u7684\u8bbf\u95ee\u7b56\u7565\u3002\u4f8b\u5982\uff0c\u8d44\u6e90\u53ef\u4ee5\u662f API \u8bbf\u95ee\u3001\u9644\u52a0\u5230\u5377\u6216\u542f\u52a8\u5b9e\u4f8b\u7684\u80fd\u529b\u3002\u7b56\u7565\u89c4\u5219\u4ee5 JSON \u683c\u5f0f\u6307\u5b9a\uff0c\u6587\u4ef6\u79f0\u4e3a policy.json .\u6b64\u6587\u4ef6\u7684\u8bed\u6cd5\u548c\u683c\u5f0f\u5728\u914d\u7f6e\u53c2\u8003\u4e2d\u8fdb\u884c\u4e86\u8ba8\u8bba\u3002 \u4e91\u7ba1\u7406\u5458\u53ef\u4ee5\u4fee\u6539\u6216\u66f4\u65b0\u8fd9\u4e9b\u7b56\u7565\uff0c\u4ee5\u63a7\u5236\u5bf9\u5404\u79cd\u8d44\u6e90\u7684\u8bbf\u95ee\u3002\u786e\u4fdd\u5bf9\u8bbf\u95ee\u63a7\u5236\u7b56\u7565\u7684\u4efb\u4f55\u66f4\u6539\u90fd\u4e0d\u4f1a\u65e0\u610f\u4e2d\u524a\u5f31\u4efb\u4f55\u8d44\u6e90\u7684\u5b89\u5168\u6027\u3002\u53e6\u8bf7\u6ce8\u610f\uff0c\u5bf9 policy.json \u6587\u4ef6\u7684\u66f4\u6539\u4f1a\u7acb\u5373\u751f\u6548\uff0c\u5e76\u4e14\u4e0d\u9700\u8981\u91cd\u65b0\u542f\u52a8\u670d\u52a1\u3002 \u4ee5\u4e0b\u793a\u4f8b\u663e\u793a\u4e86\u8be5\u670d\u52a1\u5982\u4f55\u5c06\u521b\u5efa\u3001\u66f4\u65b0\u548c\u5220\u9664\u8d44\u6e90\u7684\u8bbf\u95ee\u6743\u9650\u9650\u5236\u4e3a\u4ec5\u5177\u6709\u89d2\u8272 cloud_admin \u7684\u7528\u6237\uff0c\u8be5\u89d2\u8272\u5df2\u5b9a\u4e49\u4e3a role = admin \u548c domain_id = admin_domain_id \u7684\u7ed3\u5408\uff0c\u800c get \u548c list \u8d44\u6e90\u53ef\u4f9b\u89d2\u8272\u4e3a cloud_admin \u6216 admin \u7684\u7528\u6237\u4f7f\u7528\u3002 { \"admin_required\": \"role:admin\", \"cloud_admin\": \"rule:admin_required and domain_id:admin_domain_id\", \"service_role\": \"role:service\", \"service_or_admin\": \"rule:admin_required or rule:service_role\", \"owner\" : \"user_id:%(user_id)s or user_id:%(target.token.user_id)s\", \"admin_or_owner\": \"(rule:admin_required and domain_id:%(target.token.user.domain.id)s) or rule:owner\", \"admin_or_cloud_admin\": \"rule:admin_required or rule:cloud_admin\", \"admin_and_matching_domain_id\": \"rule:admin_required and domain_id:%(domain_id)s\", \"service_admin_or_owner\": \"rule:service_or_admin or rule:owner\", \"default\": \"rule:admin_required\", \"identity:get_service\": \"rule:admin_or_cloud_admin\", \"identity:list_services\": \"rule:admin_or_cloud_admin\", \"identity:create_service\": \"rule:cloud_admin\", \"identity:update_service\": \"rule:cloud_admin\", \"identity:delete_service\": \"rule:cloud_admin\", \"identity:get_endpoint\": \"rule:admin_or_cloud_admin\", \"identity:list_endpoints\": \"rule:admin_or_cloud_admin\", \"identity:create_endpoint\": \"rule:cloud_admin\", \"identity:update_endpoint\": \"rule:cloud_admin\", \"identity:delete_endpoint\": \"rule:cloud_admin\", } \u4ee4\u724c \u00b6 \u7528\u6237\u901a\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u540e\uff0c\u5c06\u751f\u6210\u4e00\u4e2a\u4ee4\u724c\uff0c\u7528\u4e8e\u6388\u6743\u548c\u8bbf\u95ee OpenStack \u73af\u5883\u3002\u4ee3\u5e01\u53ef\u4ee5\u5177\u6709\u53ef\u53d8\u7684\u751f\u547d\u5468\u671f;\u4f46\u662f\uff0cexpiry \u7684\u9ed8\u8ba4\u503c\u4e3a 1 \u5c0f\u65f6\u3002\u5efa\u8bae\u7684\u8fc7\u671f\u503c\u5e94\u8bbe\u7f6e\u4e3a\u8f83\u4f4e\u7684\u503c\uff0c\u4ee5\u4fbf\u5185\u90e8\u670d\u52a1\u6709\u8db3\u591f\u7684\u65f6\u95f4\u5b8c\u6210\u4efb\u52a1\u3002\u5982\u679c\u4ee4\u724c\u5728\u4efb\u52a1\u5b8c\u6210\u4e4b\u524d\u8fc7\u671f\uff0c\u4e91\u53ef\u80fd\u4f1a\u53d8\u5f97\u65e0\u54cd\u5e94\u6216\u505c\u6b62\u63d0\u4f9b\u670d\u52a1\u3002\u4f8b\u5982\uff0c\u8ba1\u7b97\u670d\u52a1\u5c06\u78c1\u76d8\u6620\u50cf\u4f20\u8f93\u5230\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u4ee5\u8fdb\u884c\u672c\u5730\u7f13\u5b58\u6240\u9700\u7684\u65f6\u95f4\u3002\u5141\u8bb8\u5728\u4f7f\u7528\u6709\u6548\u7684\u670d\u52a1\u4ee4\u724c\u65f6\u63d0\u53d6\u8fc7\u671f\u7684\u4ee4\u724c\u3002 \u4ee4\u724c\u901a\u5e38\u5728 Identity \u670d\u52a1\u54cd\u5e94\u7684\u8f83\u5927\u4e0a\u4e0b\u6587\u7684\u7ed3\u6784\u4e2d\u4f20\u9012\u3002\u8fd9\u4e9b\u54cd\u5e94\u8fd8\u63d0\u4f9b\u4e86\u5404\u79cd OpenStack \u670d\u52a1\u7684\u76ee\u5f55\u3002\u5217\u51fa\u4e86\u6bcf\u4e2a\u670d\u52a1\u7684\u540d\u79f0\u3001\u5185\u90e8\u8bbf\u95ee\u3001\u7ba1\u7406\u5458\u8bbf\u95ee\u548c\u516c\u5171\u8bbf\u95ee\u7684\u8bbf\u95ee\u7ec8\u7ed3\u70b9\u3002 \u53ef\u4ee5\u4f7f\u7528\u6807\u8bc6 API \u540a\u9500\u4ee4\u724c\u3002 \u5728 Stein \u7248\u672c\u4e2d\uff0c\u6709\u4e24\u79cd\u53d7\u652f\u6301\u7684\u4ee4\u724c\u7c7b\u578b\uff1afernet \u548c JWT\u3002 fernet \u548c JWT \u4ee4\u724c\u90fd\u4e0d\u9700\u8981\u6301\u4e45\u6027\u3002Keystone \u4ee4\u724c\u6570\u636e\u5e93\u4e0d\u518d\u56e0\u8eab\u4efd\u9a8c\u8bc1\u7684\u526f\u4f5c\u7528\u800c\u906d\u53d7\u81a8\u80c0\u3002\u8fc7\u671f\u4ee4\u724c\u7684\u4fee\u526a\u4f1a\u81ea\u52a8\u8fdb\u884c\u3002\u4e5f\u4e0d\u518d\u9700\u8981\u8de8\u591a\u4e2a\u8282\u70b9\u8fdb\u884c\u590d\u5236\u3002\u53ea\u8981\u6bcf\u4e2a keystone \u8282\u70b9\u5171\u4eab\u76f8\u540c\u7684\u5b58\u50a8\u5e93\uff0c\u5c31\u53ef\u4ee5\u5728\u6240\u6709\u8282\u70b9\u4e0a\u7acb\u5373\u521b\u5efa\u548c\u9a8c\u8bc1\u4ee4\u724c\u3002 Fernet \u4ee4\u724c \u00b6 Fernet \u4ee4\u724c\u662f Stein \u652f\u6301\u7684\u4ee4\u724c\u63d0\u4f9b\u7a0b\u5e8f\uff08\u9ed8\u8ba4\uff09\u3002Fernet \u662f\u4e00\u79cd\u5b89\u5168\u7684\u6d88\u606f\u4f20\u9012\u683c\u5f0f\uff0c\u4e13\u95e8\u8bbe\u8ba1\u7528\u4e8e API \u4ee4\u724c\u3002\u5b83\u4eec\u662f\u8f7b\u91cf\u7ea7\u7684\uff08\u8303\u56f4\u5728 180 \u5230 240 \u5b57\u8282\u4e4b\u95f4\uff09\uff0c\u5e76\u51cf\u5c11\u4e86\u8fd0\u884c\u4e91\u6240\u9700\u7684\u8fd0\u8425\u5f00\u9500\u3002\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743\u5143\u6570\u636e\u88ab\u6574\u9f50\u5730\u6346\u7ed1\u5230\u6d88\u606f\u6253\u5305\u7684\u6709\u6548\u8d1f\u8f7d\u4e2d\uff0c\u7136\u540e\u5bf9\u5176\u8fdb\u884c\u52a0\u5bc6\u5e76\u4f5c\u4e3a fernet \u4ee4\u724c\u767b\u5f55\u3002 JWT \u4ee4\u724c \u00b6 JSON Web \u7b7e\u540d \uff08JWS\uff09 \u4ee4\u724c\u662f\u5728 Stein \u7248\u672c\u4e2d\u5f15\u5165\u7684\u3002\u4e0efernet\u76f8\u6bd4\uff0cJWS\u901a\u8fc7\u9650\u5236\u9700\u8981\u5171\u4eab\u5bf9\u79f0\u52a0\u5bc6\u5bc6\u94a5\u7684\u4e3b\u673a\u6570\u91cf\uff0c\u4e3a\u8fd0\u8425\u5546\u63d0\u4f9b\u4e86\u6f5c\u5728\u7684\u597d\u5904\u3002\u8fd9\u6709\u52a9\u4e8e\u9632\u6b62\u53ef\u80fd\u5df2\u5728\u90e8\u7f72\u4e2d\u7ad9\u7a33\u811a\u8ddf\u7684\u6076\u610f\u53c2\u4e0e\u8005\u6269\u6563\u5230\u5176\u4ed6\u8282\u70b9\u3002 \u6709\u5173\u8fd9\u4e9b\u4ee4\u724c\u63d0\u4f9b\u7a0b\u5e8f\u4e4b\u95f4\u5dee\u5f02\u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u6b64\u5904 https://docs.openstack.org/keystone/stein/admin/tokens-overview.html#token-providers \u57df \u00b6 \u57df\u662f\u9879\u76ee\u3001\u7528\u6237\u548c\u7ec4\u7684\u9ad8\u7ea7\u5bb9\u5668\u3002\u56e0\u6b64\uff0c\u5b83\u4eec\u53ef\u7528\u4e8e\u96c6\u4e2d\u7ba1\u7406\u6240\u6709\u57fa\u4e8e keystone \u7684\u8eab\u4efd\u7ec4\u4ef6\u3002\u968f\u7740\u5e10\u6237\u57df\u7684\u5f15\u5165\uff0c\u670d\u52a1\u5668\u3001\u5b58\u50a8\u548c\u5176\u4ed6\u8d44\u6e90\u73b0\u5728\u53ef\u4ee5\u5728\u903b\u8f91\u4e0a\u5206\u7ec4\u5230\u591a\u4e2a\u9879\u76ee\uff08\u4ee5\u524d\u79f0\u4e3a\u79df\u6237\uff09\u4e2d\uff0c\u8fd9\u4e9b\u9879\u76ee\u672c\u8eab\u53ef\u4ee5\u5206\u7ec4\u5230\u7c7b\u4f3c\u4e3b\u5e10\u6237\u7684\u5bb9\u5668\u4e0b\u3002\u6b64\u5916\uff0c\u53ef\u4ee5\u5728\u4e00\u4e2a\u5e10\u6237\u57df\u4e2d\u7ba1\u7406\u591a\u4e2a\u7528\u6237\uff0c\u5e76\u4e3a\u6bcf\u4e2a\u9879\u76ee\u5206\u914d\u4e0d\u540c\u7684\u89d2\u8272\u3002 Identity V3 API \u652f\u6301\u591a\u4e2a\u57df\u3002\u4e0d\u540c\u57df\u7684\u7528\u6237\u53ef\u80fd\u5728\u4e0d\u540c\u7684\u8eab\u4efd\u9a8c\u8bc1\u540e\u7aef\u4e2d\u8868\u793a\uff0c\u751a\u81f3\u5177\u6709\u4e0d\u540c\u7684\u5c5e\u6027\uff0c\u8fd9\u4e9b\u5c5e\u6027\u5fc5\u987b\u6620\u5c04\u5230\u4e00\u7ec4\u89d2\u8272\u548c\u6743\u9650\uff0c\u8fd9\u4e9b\u89d2\u8272\u548c\u6743\u9650\u5728\u7b56\u7565\u5b9a\u4e49\u4e2d\u7528\u4e8e\u8bbf\u95ee\u5404\u79cd\u670d\u52a1\u8d44\u6e90\u3002 \u5982\u679c\u89c4\u5219\u53ef\u4ee5\u4ec5\u6307\u5b9a\u5bf9\u7ba1\u7406\u5458\u7528\u6237\u548c\u5c5e\u4e8e\u79df\u6237\u7684\u7528\u6237\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u5219\u6620\u5c04\u53ef\u80fd\u5f88\u7b80\u5355\u3002\u5728\u5176\u4ed6\u60c5\u51b5\u4e0b\uff0c\u4e91\u7ba1\u7406\u5458\u53ef\u80fd\u9700\u8981\u6279\u51c6\u6bcf\u4e2a\u79df\u6237\u7684\u6620\u5c04\u4f8b\u7a0b\u3002 \u7279\u5b9a\u4e8e\u57df\u7684\u8eab\u4efd\u9a8c\u8bc1\u9a71\u52a8\u7a0b\u5e8f\u5141\u8bb8\u4f7f\u7528\u7279\u5b9a\u4e8e\u57df\u7684\u914d\u7f6e\u6587\u4ef6\u4e3a\u591a\u4e2a\u57df\u914d\u7f6e\u6807\u8bc6\u670d\u52a1\u3002\u542f\u7528\u9a71\u52a8\u7a0b\u5e8f\u5e76\u8bbe\u7f6e\u7279\u5b9a\u4e8e\u57df\u7684\u914d\u7f6e\u6587\u4ef6\u4f4d\u7f6e\u53d1\u751f\u5728 keystone.conf \u6587\u4ef6 [identity] \u90e8\u5206\u4e2d\uff1a [identity] domain_specific_drivers_enabled = True domain_config_dir = /etc/keystone/domains \u4efb\u4f55\u6ca1\u6709\u7279\u5b9a\u4e8e\u57df\u7684\u914d\u7f6e\u6587\u4ef6\u7684\u57df\u90fd\u5c06\u4f7f\u7528\u4e3b keystone.conf \u6587\u4ef6\u4e2d\u7684\u9009\u9879\u3002 \u8054\u5408\u9274\u6743 \u00b6 \u91cd\u8981\u5b9a\u4e49\uff1a \u670d\u52a1\u63d0\u4f9b\u5546 \uff08SP\uff09 \u5411\u59d4\u6258\u4eba\u6216\u5176\u4ed6\u7cfb\u7edf\u5b9e\u4f53\u63d0\u4f9b\u670d\u52a1\u7684\u7cfb\u7edf\u5b9e\u4f53\uff0c\u5728\u672c\u4f8b\u4e2d\uff0cOpenStack Identity \u662f\u670d\u52a1\u63d0\u4f9b\u8005\u3002 \u8eab\u4efd\u63d0\u4f9b\u5546 \uff08IdP\uff09 \u76ee\u5f55\u670d\u52a1\uff08\u5982 LDAP\u3001RADIUS \u548c Active Directory\uff09\u5141\u8bb8\u7528\u6237\u4f7f\u7528\u7528\u6237\u540d\u548c\u5bc6\u7801\u767b\u5f55\uff0c\u662f\u8eab\u4efd\u63d0\u4f9b\u5546\u5904\u8eab\u4efd\u9a8c\u8bc1\u4ee4\u724c\uff08\u4f8b\u5982\u5bc6\u7801\uff09\u7684\u5178\u578b\u6765\u6e90\u3002 \u8054\u5408\u9274\u6743\u662f\u4e00\u79cd\u5728 IdP \u548c SP \u4e4b\u95f4\u5efa\u7acb\u4fe1\u4efb\u7684\u673a\u5236\uff0c\u5728\u672c\u4f8b\u4e2d\uff0c\u662f\u5728\u8eab\u4efd\u63d0\u4f9b\u8005\u548c OpenStack Cloud \u63d0\u4f9b\u7684\u670d\u52a1\u4e4b\u95f4\u5efa\u7acb\u4fe1\u4efb\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u79cd\u5b89\u5168\u7684\u65b9\u6cd5\uff0c\u53ef\u4ee5\u4f7f\u7528\u73b0\u6709\u51ed\u636e\u8de8\u591a\u4e2a\u7aef\u70b9\u8bbf\u95ee\u4e91\u8d44\u6e90\uff0c\u4f8b\u5982\u670d\u52a1\u5668\u3001\u5377\u548c\u6570\u636e\u5e93\u3002\u51ed\u8bc1\u7531\u7528\u6237\u7684 IdP \u7ef4\u62a4\u3002 \u4e3a\u4ec0\u4e48\u8981\u4f7f\u7528\u8054\u5408\u8eab\u4efd\uff1f \u00b6 \u4e24\u4e2a\u6839\u672c\u539f\u56e0\uff1a \u964d\u4f4e\u590d\u6742\u6027\u4f7f\u90e8\u7f72\u66f4\u6613\u4e8e\u4fdd\u62a4\u3002 \u5b83\u4e3a\u60a8\u548c\u60a8\u7684\u7528\u6237\u8282\u7701\u4e86\u65f6\u95f4\u3002 \u96c6\u4e2d\u7ba1\u7406\u5e10\u6237\uff0c\u9632\u6b62 OpenStack \u57fa\u7840\u67b6\u6784\u5185\u90e8\u7684\u91cd\u590d\u5de5\u4f5c\u3002 \u51cf\u8f7b\u7528\u6237\u8d1f\u62c5\u3002\u5355\u70b9\u767b\u5f55\u5141\u8bb8\u4f7f\u7528\u5355\u4e00\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u6765\u8bbf\u95ee\u8bb8\u591a\u4e0d\u540c\u7684\u670d\u52a1\u548c\u73af\u5883\u3002 \u5c06\u5bc6\u7801\u6062\u590d\u8fc7\u7a0b\u7684\u8d23\u4efb\u8f6c\u79fb\u5230 IdP\u3002 \u8fdb\u4e00\u6b65\u7684\u7406\u7531\u548c\u7ec6\u8282\u53ef\u4ee5\u5728 Keystone \u5173\u4e8e\u8054\u5408\u7684\u6587\u6863\u4e2d\u627e\u5230\u3002 \u68c0\u67e5\u8868 \u00b6 Check-Identity-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a keystone\uff1f \u00b6 \u914d\u7f6e\u6587\u4ef6\u5305\u542b\u7ec4\u4ef6\u5e73\u7a33\u8fd0\u884c\u6240\u9700\u7684\u5173\u952e\u53c2\u6570\u548c\u4fe1\u606f\u3002\u5982\u679c\u975e\u7279\u6743\u7528\u6237\u6709\u610f\u6216\u65e0\u610f\u5730\u4fee\u6539\u6216\u5220\u9664\u4efb\u4f55\u53c2\u6570\u6216\u6587\u4ef6\u672c\u8eab\uff0c\u5219\u4f1a\u5bfc\u81f4\u4e25\u91cd\u7684\u53ef\u7528\u6027\u95ee\u9898\uff0c\u4ece\u800c\u5bfc\u81f4\u5bf9\u5176\u4ed6\u6700\u7ec8\u7528\u6237\u7684\u62d2\u7edd\u670d\u52a1\u3002\u56e0\u6b64\uff0c\u6b64\u7c7b\u5173\u952e\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a\u8be5\u7ec4\u4ef6\u6240\u6709\u8005\u3002\u6b64\u5916\uff0c\u5305\u542b\u76ee\u5f55\u5e94\u5177\u6709\u76f8\u540c\u7684\u6240\u6709\u6743\uff0c\u4ee5\u786e\u4fdd\u6b63\u786e\u62e5\u6709\u65b0\u6587\u4ef6\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%U %G\" /etc/keystone/keystone.conf | egrep \"keystone keystone\" $ stat -L -c \"%U %G\" /etc/keystone/keystone-paste.ini | egrep \"keystone keystone\" $ stat -L -c \"%U %G\" /etc/keystone/policy.json | egrep \"keystone keystone\" $ stat -L -c \"%U %G\" /etc/keystone/logging.conf | egrep \"keystone keystone\" $ stat -L -c \"%U %G\" /etc/keystone/ssl/certs/signing_cert.pem | egrep \"keystone keystone\" $ stat -L -c \"%U %G\" /etc/keystone/ssl/private/signing_key.pem | egrep \"keystone keystone\" $ stat -L -c \"%U %G\" /etc/keystone/ssl/certs/ca.pem | egrep \"keystone keystone\" $ stat -L -c \"%U %G\" /etc/keystone | egrep \"keystone keystone\" \u901a\u8fc7\uff1a \u5982\u679c\u6240\u6709\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u90fd\u8bbe\u7f6e\u4e3a keystone\u3002\u4e0a\u8ff0\u547d\u4ee4\u663e\u793a keystone keystone \u7684\u8f93\u51fa\u3002 \u5931\u8d25\uff1a \u5982\u679c\u4e0a\u8ff0\u547d\u4ee4\u672a\u8fd4\u56de\u4efb\u4f55\u8f93\u51fa\uff0c\u56e0\u4e3a\u7528\u6237\u6216\u7ec4\u6240\u6709\u6743\u53ef\u80fd\u5df2\u8bbe\u7f6e\u4e3a\u9664 keystone \u4ee5\u5916\u7684\u4efb\u4f55\u7528\u6237\u3002 \u63a8\u8350\u4e8e\uff1a\u5185\u90e8\u5b9e\u73b0\u7684\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u3002 Check-Identity-02\uff1a\u662f\u5426\u4e3a Identity \u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u6743\u9650\uff1f \u00b6 \u4e0e\u524d\u9762\u7684\u68c0\u67e5\u7c7b\u4f3c\uff0c\u5efa\u8bae\u5bf9\u6b64\u7c7b\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e25\u683c\u7684\u8bbf\u95ee\u6743\u9650\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%a\" /etc/keystone/keystone.conf $ stat -L -c \"%a\" /etc/keystone/keystone-paste.ini $ stat -L -c \"%a\" /etc/keystone/policy.json $ stat -L -c \"%a\" /etc/keystone/logging.conf $ stat -L -c \"%a\" /etc/keystone/ssl/certs/signing_cert.pem $ stat -L -c \"%a\" /etc/keystone/ssl/private/signing_key.pem $ stat -L -c \"%a\" /etc/keystone/ssl/certs/ca.pem $ stat -L -c \"%a\" /etc/keystone \u8fd8\u53ef\u4ee5\u8fdb\u884c\u66f4\u5e7f\u6cdb\u7684\u9650\u5236\uff1a\u5982\u679c\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\uff0c\u5219\u4fdd\u8bc1\u6b64\u76ee\u5f55\u4e2d\u65b0\u521b\u5efa\u7684\u6587\u4ef6\u5177\u6709\u6240\u9700\u7684\u6743\u9650\u3002 \u901a\u8fc7\uff1a \u5982\u679c\u6743\u9650\u8bbe\u7f6e\u4e3a 640 \u6216\u66f4\u4e25\u683c\uff0c\u6216\u8005\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\u3002 \u5931\u8d25\uff1a \u5982\u679c\u6743\u9650\u672a\u8bbe\u7f6e\u4e3a\u81f3\u5c11 640/750\u3002 \u63a8\u8350\u4e8e\uff1a\u5185\u90e8\u5b9e\u73b0\u7684\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u3002 Check-Identity-03\uff1a\u662f\u5426\u4e3a Identity \u542f\u7528\u4e86 TLS\uff1f \u00b6 OpenStack \u7ec4\u4ef6\u4f7f\u7528\u5404\u79cd\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\uff0c\u901a\u4fe1\u53ef\u80fd\u6d89\u53ca\u654f\u611f\u6216\u673a\u5bc6\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5c1d\u8bd5\u7a83\u542c\u9891\u9053\u4ee5\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u56e0\u6b64\uff0c\u6240\u6709\u7ec4\u4ef6\u90fd\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u901a\u4fe1\u534f\u8bae\uff08\u5982 HTTPS\uff09\u76f8\u4e92\u901a\u4fe1\u3002 \u5982\u679c\u5c06 HTTP/WSGI \u670d\u52a1\u5668\u7528\u4e8e\u6807\u8bc6\uff0c\u5219\u5e94\u5728 HTTP/WSGI \u670d\u52a1\u5668\u4e0a\u542f\u7528 TLS\u3002 \u901a\u8fc7\uff1a \u5982\u679c\u5728 HTTP \u670d\u52a1\u5668\u4e0a\u542f\u7528\u4e86 TLS\u3002 \u5931\u8d25\uff1a \u5982\u679c HTTP \u670d\u52a1\u5668\u4e0a\u672a\u542f\u7528 TLS\u3002 \u63a8\u8350\u4e8e\uff1a\u5b89\u5168\u901a\u4fe1\u3002 Check-Identity-04\uff1a\uff08\u5df2\u8fc7\u65f6\uff09 \u00b6 Check-Identity-05\uff1a\u662f\u5426 max_request_body_size \u8bbe\u7f6e\u4e3a\u9ed8\u8ba4\u503c \uff08114688\uff09\uff1f \u00b6 \u8be5\u53c2\u6570 max_request_body_size \u5b9a\u4e49\u6bcf\u4e2a\u8bf7\u6c42\u7684\u6700\u5927\u6b63\u6587\u5927\u5c0f\uff08\u4ee5\u5b57\u8282\u4e3a\u5355\u4f4d\uff09\u3002\u5982\u679c\u672a\u5b9a\u4e49\u6700\u5927\u5927\u5c0f\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u6784\u5efa\u4efb\u610f\u5927\u5bb9\u91cf\u8bf7\u6c42\uff0c\u5bfc\u81f4\u670d\u52a1\u5d29\u6e83\uff0c\u6700\u7ec8\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u5206\u914d\u6700\u5927\u503c\u53ef\u786e\u4fdd\u963b\u6b62\u4efb\u4f55\u6076\u610f\u7684\u8d85\u5927\u8bf7\u6c42\uff0c\u4ece\u800c\u786e\u4fdd\u7ec4\u4ef6\u7684\u6301\u7eed\u53ef\u7528\u6027\u3002 \u901a\u8fc7\uff1a \u5982\u679c\u53c2\u6570 max_request_body_size in /etc/keystone/keystone.conf \u7684\u503c\u8bbe\u7f6e\u4e3a\u9ed8\u8ba4\u503c \uff08114688\uff09 \u6216\u6839\u636e\u60a8\u7684\u73af\u5883\u8bbe\u7f6e\u7684\u67d0\u4e2a\u5408\u7406\u503c\u3002 \u5931\u8d25\uff1a \u5982\u679c\u672a\u8bbe\u7f6e\u53c2\u6570 max_request_body_size \u503c\u3002 check-identity-06:\u7981\u7528/etc/keystone/keystone.conf\u4e2d\u7684\u7ba1\u7406\u4ee4\u724c \u00b6 \u7ba1\u7406\u5458\u4ee4\u724c\u901a\u5e38\u7528\u4e8e\u5f15\u5bfc Identity\u3002\u6b64\u4ee4\u724c\u662f\u6700\u6709\u4ef7\u503c\u7684\u6807\u8bc6\u8d44\u4ea7\uff0c\u53ef\u7528\u4e8e\u83b7\u53d6\u4e91\u7ba1\u7406\u5458\u6743\u9650\u3002 \u901a\u8fc7\uff1a \u5982\u679c admin_token under [DEFAULT] section in /etc/keystone/keystone.conf \u88ab\u7981\u7528\u3002\u5e76\u4e14\uff0c AdminTokenAuthMiddleware under [filter:admin_token_auth] \u4ece /etc/keystone/keystone-paste.ini \u5931\u8d25\uff1a \u5982\u679c admin_token \u8bbe\u7f6e\u4e86 under [DEFAULT] \u90e8\u5206\u5e76 AdminTokenAuthMiddleware \u5b58\u5728\u4e8e keystone-paste.ini \u4e2d\u3002 \u5efa\u8bae \u7981\u7528 `admin_token` \u610f\u5473\u7740\u5b83\u7684\u503c\u4e3a `<none>` \u3002 check-identity-07:/etc/keystone/keystone.conf\u4e2d\u7684\u4e0d\u5b89\u5168_\u8c03\u8bd5\u4e3a\u5047 \u00b6 \u5982\u679c insecure_debug \u8bbe\u7f6e\u4e3a true\uff0c\u5219\u670d\u52a1\u5668\u5c06\u5728 HTTP \u54cd\u5e94\u4e2d\u8fd4\u56de\u4fe1\u606f\uff0c\u8fd9\u4e9b\u4fe1\u606f\u53ef\u80fd\u5141\u8bb8\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u6216\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u7528\u6237\u83b7\u53d6\u6bd4\u6b63\u5e38\u60c5\u51b5\u66f4\u591a\u7684\u4fe1\u606f\uff0c\u4f8b\u5982\u6709\u5173\u8eab\u4efd\u9a8c\u8bc1\u5931\u8d25\u539f\u56e0\u7684\u5176\u4ed6\u8be6\u7ec6\u4fe1\u606f\u3002 \u901a\u8fc7\uff1a \u5982\u679c insecure_debug under [DEFAULT] section in /etc/keystone/keystone.conf \u4e3a false\u3002 \u5931\u8d25\uff1a \u5982\u679c insecure_debug under [DEFAULT] section in /etc/keystone/keystone.conf \u4e3a true\u3002 check-identity-08:\u4f7f\u7528/etc/keystone/keystone.conf\u4e2d\u7684Fernet\u4ee4\u724c \u00b6 OpenStack Identity \u670d\u52a1\u63d0\u4f9b uuid \u548c fernet \u4f5c\u4e3a\u4ee4\u724c\u63d0\u4f9b\u8005\u3002 uuid \u4ee4\u724c\u5fc5\u987b\u6301\u4e45\u5316\uff0c\u5e76\u88ab\u89c6\u4e3a\u4e0d\u5b89\u5168\u3002 \u901a\u8fc7\uff1a \u5982\u679c section in /etc/keystone/keystone.conf \u4e0b\u7684 [token] \u53c2\u6570 provider \u503c\u8bbe\u7f6e\u4e3a fernet\u3002 \u5931\u8d25\uff1a \u5982\u679c section \u4e0b\u7684 [token] \u53c2\u6570 provider \u503c\u8bbe\u7f6e\u4e3a uuid\u3002 \u4eea\u8868\u677f \u00b6 Dashboard \uff08horizon\uff09 \u662f OpenStack \u4eea\u8868\u677f\uff0c\u5b83\u4e3a\u7528\u6237\u63d0\u4f9b\u4e86\u4e00\u4e2a\u81ea\u52a9\u670d\u52a1\u95e8\u6237\uff0c\u4ee5\u4fbf\u5728\u7ba1\u7406\u5458\u8bbe\u7f6e\u7684\u9650\u5236\u8303\u56f4\u5185\u914d\u7f6e\u81ea\u5df1\u7684\u8d44\u6e90\u3002\u5176\u4e2d\u5305\u62ec\u9884\u7f6e\u7528\u6237\u3001\u5b9a\u4e49\u5b9e\u4f8b\u53d8\u79cd\u3001\u4e0a\u4f20\u865a\u62df\u673a \uff08VM\uff09 \u6620\u50cf\u3001\u7ba1\u7406\u7f51\u7edc\u3001\u8bbe\u7f6e\u5b89\u5168\u7ec4\u3001\u542f\u52a8\u5b9e\u4f8b\u4ee5\u53ca\u901a\u8fc7\u63a7\u5236\u53f0\u8bbf\u95ee\u5b9e\u4f8b\u3002 \u4eea\u8868\u677f\u57fa\u4e8e Django Web \u6846\u67b6\uff0c\u786e\u4fdd Django \u7684\u5b89\u5168\u90e8\u7f72\u5b9e\u8df5\u76f4\u63a5\u5e94\u7528\u4e8e Horizon\u3002\u672c\u6307\u5357\u63d0\u4f9b\u4e86\u4e00\u7ec4 Django \u5b89\u5168\u5efa\u8bae\u3002\u66f4\u591a\u4fe1\u606f\u53ef\u4ee5\u901a\u8fc7\u9605\u8bfb Django \u6587\u6863\u627e\u5230\u3002 \u4eea\u8868\u677f\u9644\u5e26\u9ed8\u8ba4\u5b89\u5168\u8bbe\u7f6e\uff0c\u5e76\u5177\u6709\u90e8\u7f72\u548c\u914d\u7f6e\u6587\u6863\u3002 \u57df\u540d\u3001\u4eea\u8868\u677f\u5347\u7ea7\u548c\u57fa\u672c Web \u670d\u52a1\u5668\u914d\u7f6e \u57df\u540d \u57fa\u672c Web \u670d\u52a1\u5668\u914d\u7f6e \u5141\u8bb8\u7684\u4e3b\u673a \u6620\u50cf\u4e0a\u4f20 HTTPS\u3001HSTS\u3001XSS \u548c SSRF \u8de8\u7ad9\u70b9\u811a\u672c \uff08XSS\uff09 \u8de8\u7ad9\u70b9\u8bf7\u6c42\u4f2a\u9020 \uff08CSRF\uff09 \u8de8\u5e27\u811a\u672c \uff08XFS\uff09 HTTPS\u534f\u8bae HTTP \u4e25\u683c\u4f20\u8f93\u5b89\u5168 \uff08HSTS\uff09 \u524d\u7aef\u7f13\u5b58\u548c\u4f1a\u8bdd\u540e\u7aef \u524d\u7aef\u7f13\u5b58 \u4f1a\u8bdd\u540e\u7aef \u9759\u6001\u5a92\u4f53 \u5bc6\u7801 \u5bc6\u94a5 \u7f51\u7ad9\u6570\u636e \u8de8\u57df\u8d44\u6e90\u5171\u4eab \uff08CORS\uff09 \u8c03\u8bd5 \u68c0\u67e5\u8868 Check-Dashboard-01\uff1a\u7528\u6237/\u914d\u7f6e\u6587\u4ef6\u7ec4\u662f\u5426\u8bbe\u7f6e\u4e3a root/horizon\uff1f Check-Dashboard-02\uff1a\u662f\u5426\u4e3a Horizon \u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u6743\u9650\uff1f Check-Dashboard-03\uff1a\u53c2\u6570\u662f\u5426 DISALLOW_IFRAME_EMBED \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-04\uff1a\u53c2\u6570\u662f\u5426 CSRF_COOKIE_SECURE \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-05\uff1a\u53c2\u6570\u662f\u5426 SESSION_COOKIE_SECURE \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-06\uff1a\u53c2\u6570\u662f\u5426 SESSION_COOKIE_HTTPONLY \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-07\uff1a PASSWORD_AUTOCOMPLETE \u8bbe\u7f6e\u4e3a False \uff1f Check-Dashboard-08\uff1a DISABLE_PASSWORD_REVEAL \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-09\uff1a ENFORCE_PASSWORD_CHECK \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-10\uff1a\u662f\u5426 PASSWORD_VALIDATOR \u5df2\u914d\u7f6e\uff1f Check-Dashboard-11\uff1a\u662f\u5426 SECURE_PROXY_SSL_HEADER \u5df2\u914d\u7f6e\uff1f \u57df\u540d\u3001\u4eea\u8868\u677f\u5347\u7ea7\u548c\u57fa\u672c Web \u670d\u52a1\u5668\u914d\u7f6e \u00b6 \u57df\u540d \u00b6 \u8bb8\u591a\u7ec4\u7ec7\u901a\u5e38\u5728\u603b\u4f53\u7ec4\u7ec7\u57df\u7684\u5b50\u57df\u4e2d\u90e8\u7f72 Web \u5e94\u7528\u7a0b\u5e8f\u3002\u7528\u6237\u5f88\u81ea\u7136\u5730\u671f\u671b openstack.example.org .\u5728\u6b64\u4e0a\u4e0b\u6587\u4e2d\uff0c\u901a\u5e38\u5b58\u5728\u90e8\u7f72\u5728\u540c\u4e00\u4e2a\u4e8c\u7ea7\u547d\u540d\u7a7a\u95f4\u4e2d\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\u6b64\u540d\u79f0\u7ed3\u6784\u975e\u5e38\u65b9\u4fbf\uff0c\u5e76\u7b80\u5316\u4e86\u540d\u79f0\u670d\u52a1\u5668\u7684\u7ef4\u62a4\u3002 \u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\u5c06\u4eea\u8868\u677f\u90e8\u7f72\u5230\u4e8c\u7ea7\u57df\uff0c\u4f8b\u5982 \uff0c\u800c\u4e0d\u662f\u5728\u4efb\u4f55\u7ea7\u522b\u7684\u5171\u4eab\u5b50\u57df\u4e0a\u90e8\u7f72\u4eea\u8868\u677f\uff0c\u4f8b\u5982 https://example.com https://openstack.example.org \u6216 https://horizon.openstack.example.org \u3002\u6211\u4eec\u8fd8\u5efa\u8bae\u4e0d\u8981\u90e8\u7f72\u5230\u88f8\u5185\u90e8\u57df\uff0c\u4f8b\u5982 https://horizon/ .\u8fd9\u4e9b\u5efa\u8bae\u57fa\u4e8e\u6d4f\u89c8\u5668\u540c\u6e90\u7b56\u7565\u7684\u9650\u5236\u3002 \u5982\u679c\u5c06\u4eea\u8868\u677f\u90e8\u7f72\u5728\u8fd8\u6258\u7ba1\u7528\u6237\u751f\u6210\u5185\u5bb9\u7684\u57df\u4e2d\uff0c\u5219\u672c\u6307\u5357\u4e2d\u63d0\u4f9b\u7684\u5efa\u8bae\u65e0\u6cd5\u6709\u6548\u9632\u8303\u5df2\u77e5\u653b\u51fb\uff0c\u5373\u4f7f\u6b64\u5185\u5bb9\u9a7b\u7559\u5728\u5355\u72ec\u7684\u5b50\u57df\u4e2d\u4e5f\u662f\u5982\u6b64\u3002\u7528\u6237\u751f\u6210\u7684\u5185\u5bb9\u53ef\u4ee5\u5305\u542b\u4efb\u4f55\u7c7b\u578b\u7684\u811a\u672c\u3001\u56fe\u50cf\u6216\u4e0a\u4f20\u5185\u5bb9\u3002\u5927\u591a\u6570\u4e3b\u8981\u7684 Web \u5b58\u5728\uff08\u5305\u62ec googleusercontent.com\u3001fbcdn.com\u3001github.io \u548c twimg.co\uff09\u90fd\u4f7f\u7528\u8fd9\u79cd\u65b9\u6cd5\u5c06\u7528\u6237\u751f\u6210\u7684\u5185\u5bb9\u4e0e Cookie \u548c\u5b89\u5168\u4ee4\u724c\u9694\u79bb\u5f00\u6765\u3002 \u5982\u679c\u60a8\u4e0d\u9075\u5faa\u6709\u5173\u4e8c\u7ea7\u57df\u7684\u5efa\u8bae\uff0c\u8bf7\u907f\u514d\u4f7f\u7528 Cookie \u652f\u6301\u7684\u4f1a\u8bdd\u5b58\u50a8\uff0c\u5e76\u91c7\u7528 HTTP \u4e25\u683c\u4f20\u8f93\u5b89\u5168 \uff08HSTS\uff09\u3002\u5f53\u90e8\u7f72\u5728\u5b50\u57df\u4e0a\u65f6\uff0c\u4eea\u8868\u677f\u7684\u5b89\u5168\u6027\u7b49\u540c\u4e8e\u90e8\u7f72\u5728\u540c\u4e00\u4e8c\u7ea7\u57df\u4e0a\u7684\u5b89\u5168\u6027\u6700\u4f4e\u7684\u5e94\u7528\u7a0b\u5e8f\u3002 \u57fa\u672c\u7684 Web \u670d\u52a1\u5668\u914d\u7f6e \u00b6 \u4eea\u8868\u677f\u5e94\u90e8\u7f72\u4e3a HTTPS \u4ee3\u7406\uff08\u5982 Apache \u6216 Nginx\uff09\u540e\u9762\u7684 Web \u670d\u52a1\u7f51\u5173\u63a5\u53e3 \uff08WSGI\uff09 \u5e94\u7528\u7a0b\u5e8f\u3002\u5982\u679c Apache \u5c1a\u672a\u4f7f\u7528\uff0c\u6211\u4eec\u5efa\u8bae\u4f7f\u7528 Nginx\uff0c\u56e0\u4e3a\u5b83\u662f\u8f7b\u91cf\u7ea7\u7684\uff0c\u5e76\u4e14\u66f4\u5bb9\u6613\u6b63\u786e\u914d\u7f6e\u3002 \u4f7f\u7528 Nginx \u65f6\uff0c\u6211\u4eec\u5efa\u8bae gunicorn \u4f5c\u4e3a WSGI \u4e3b\u673a\uff0c\u5e76\u5177\u6709\u9002\u5f53\u6570\u91cf\u7684\u540c\u6b65\u5de5\u4f5c\u7ebf\u7a0b\u3002\u4f7f\u7528 Apache \u65f6\uff0c\u6211\u4eec\u5efa\u8bae mod_wsgi \u6258\u7ba1\u4eea\u8868\u677f\u3002 \u5141\u8bb8\u7684\u4e3b\u673a \u00b6 \u4f7f\u7528 OpenStack \u4eea\u8868\u677f\u63d0\u4f9b\u7684\u5b8c\u5168\u9650\u5b9a\u4e3b\u673a\u540d\u914d\u7f6e\u8bbe\u7f6e ALLOWED_HOSTS \u3002\u63d0\u4f9b\u6b64\u8bbe\u7f6e\u540e\uff0c\u5982\u679c\u4f20\u5165 HTTP \u8bf7\u6c42\u7684\u201cHost\uff1a\u201d\u6807\u5934\u4e2d\u7684\u503c\u4e0e\u6b64\u5217\u8868\u4e2d\u7684\u4efb\u4f55\u503c\u90fd\u4e0d\u5339\u914d\uff0c\u5219\u5c06\u5f15\u53d1\u9519\u8bef\uff0c\u5e76\u4e14\u8bf7\u6c42\u8005\u5c06\u65e0\u6cd5\u7ee7\u7eed\u3002\u5982\u679c\u672a\u80fd\u914d\u7f6e\u6b64\u9009\u9879\uff0c\u6216\u8005\u5728\u6307\u5b9a\u7684\u4e3b\u673a\u540d\u4e2d\u4f7f\u7528\u901a\u914d\u7b26\uff0c\u5c06\u5bfc\u81f4\u4eea\u8868\u677f\u5bb9\u6613\u53d7\u5230\u4e0e\u865a\u5047 HTTP \u4e3b\u673a\u6807\u5934\u5173\u8054\u7684\u5b89\u5168\u6f0f\u6d1e\u7684\u5f71\u54cd\u3002 \u6709\u5173\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 Django \u6587\u6863\u3002 Horizon \u955c\u50cf\u4e0a\u4f20 \u00b6 \u6211\u4eec\u5efa\u8bae\u5b9e\u65bd\u8005\u7981\u7528HORIZON_IMAGES_ALLOW_UPLOAD\uff0c\u9664\u975e\u4ed6\u4eec\u5df2\u5b9e\u65bd\u9632\u6b62\u8d44\u6e90\u8017\u5c3d\u548c\u62d2\u7edd\u670d\u52a1\u7684\u8ba1\u5212\u3002 HTTPS\u3001HSTS\u3001XSS \u548c SSRF \u00b6 \u8de8\u7ad9\u811a\u672c \uff08XSS\uff09 \u00b6 \u4e0e\u8bb8\u591a\u7c7b\u4f3c\u7684\u7cfb\u7edf\u4e0d\u540c\uff0cOpenStack \u4eea\u8868\u677f\u5141\u8bb8\u5728\u5927\u591a\u6570\u5b57\u6bb5\u4e2d\u4f7f\u7528\u6574\u4e2a Unicode \u5b57\u7b26\u96c6\u3002\u8fd9\u610f\u5473\u7740\u5f00\u53d1\u4eba\u5458\u72af\u9519\u8bef\u7684\u81ea\u7531\u5ea6\u8f83\u5c0f\uff0c\u8fd9\u4e9b\u9519\u8bef\u4e3a\u8de8\u7ad9\u70b9\u811a\u672c \uff08XSS\uff09 \u6253\u5f00\u4e86\u653b\u51fb\u5a92\u4ecb\u3002 Dashboard \u4e3a\u5f00\u53d1\u4eba\u5458\u63d0\u4f9b\u4e86\u907f\u514d\u521b\u5efa XSS \u6f0f\u6d1e\u7684\u5de5\u5177\uff0c\u4f46\u5b83\u4eec\u53ea\u6709\u5728\u5f00\u53d1\u4eba\u5458\u6b63\u786e\u4f7f\u7528\u5b83\u4eec\u65f6\u624d\u6709\u6548\u3002\u5ba1\u6838\u4efb\u4f55\u81ea\u5b9a\u4e49\u4eea\u8868\u677f\uff0c\u7279\u522b\u6ce8\u610f mark_safe \u51fd\u6570\u7684\u4f7f\u7528\u3001\u4e0e\u81ea\u5b9a\u4e49\u6a21\u677f\u6807\u8bb0\u7684\u4f7f\u7528 is_safe \u3001 safe \u6a21\u677f\u6807\u8bb0\u7684\u4f7f\u7528\u3001\u5173\u95ed\u81ea\u52a8\u8f6c\u4e49\u7684\u4efb\u4f55\u4f4d\u7f6e\uff0c\u4ee5\u53ca\u4efb\u4f55\u53ef\u80fd\u8bc4\u4f30\u4e0d\u5f53\u8f6c\u4e49\u6570\u636e\u7684 JavaScript\u3002 \u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020 \uff08CSRF\uff09 \u00b6 Django \u6709\u4e13\u95e8\u7684\u4e2d\u95f4\u4ef6\u7528\u4e8e\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020 \uff08CSRF\uff09\u3002\u6709\u5173\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 Django \u6587\u6863\u3002 OpenStack \u4eea\u8868\u677f\u65e8\u5728\u963b\u6b62\u5f00\u53d1\u4eba\u5458\u5728\u5f15\u5165\u7ebf\u7a0b\u65f6\u4f7f\u7528\u81ea\u5b9a\u4e49\u4eea\u8868\u677f\u5f15\u5165\u8de8\u7ad9\u70b9\u811a\u672c\u6f0f\u6d1e\u3002\u5e94\u5ba1\u6838\u4f7f\u7528\u591a\u4e2a JavaScript \u5b9e\u4f8b\u7684\u4eea\u8868\u677f\u662f\u5426\u5b58\u5728\u6f0f\u6d1e\uff0c\u4f8b\u5982\u4e0d\u5f53\u4f7f\u7528 @csrf_exempt \u88c5\u9970\u5668\u3002\u5728\u653e\u5bbd\u9650\u5236\u4e4b\u524d\uff0c\u5e94\u4ed4\u7ec6\u8bc4\u4f30\u4efb\u4f55\u4e0d\u9075\u5faa\u8fd9\u4e9b\u5efa\u8bae\u7684\u5b89\u5168\u8bbe\u7f6e\u7684\u4eea\u8868\u677f\u3002 \u8de8\u5e27\u811a\u672c \uff08XFS\uff09 \u00b6 \u4f20\u7edf\u6d4f\u89c8\u5668\u4ecd\u7136\u5bb9\u6613\u53d7\u5230\u8de8\u5e27\u811a\u672c \uff08XFS\uff09 \u6f0f\u6d1e\u7684\u653b\u51fb\uff0c\u56e0\u6b64 OpenStack \u4eea\u8868\u677f\u63d0\u4f9b\u4e86\u4e00\u4e2a\u9009\u9879 DISALLOW_IFRAME_EMBED \uff0c\u5141\u8bb8\u5728\u90e8\u7f72\u4e2d\u4e0d\u4f7f\u7528 iframe \u7684\u60c5\u51b5\u4e0b\u8fdb\u884c\u989d\u5916\u7684\u5b89\u5168\u5f3a\u5316\u3002 HTTPS \u51fd\u6570 \u00b6 \u4f7f\u7528\u6765\u81ea\u516c\u8ba4\u7684\u8bc1\u4e66\u9881\u53d1\u673a\u6784 \uff08CA\uff09 \u7684\u6709\u6548\u53d7\u4fe1\u4efb\u8bc1\u4e66\uff0c\u5c06\u4eea\u8868\u677f\u90e8\u7f72\u5728\u5b89\u5168 HTTPS \u670d\u52a1\u5668\u540e\u9762\u3002\u4ec5\u5f53\u4fe1\u4efb\u6839\u9884\u5b89\u88c5\u5728\u6240\u6709\u7528\u6237\u6d4f\u89c8\u5668\u4e2d\u65f6\uff0c\u79c1\u6709\u7ec4\u7ec7\u9881\u53d1\u7684\u8bc1\u4e66\u624d\u9002\u7528\u3002 \u914d\u7f6e\u5bf9\u4eea\u8868\u677f\u57df\u7684 HTTP \u8bf7\u6c42\uff0c\u4ee5\u91cd\u5b9a\u5411\u5230\u5b8c\u5168\u9650\u5b9a\u7684 HTTPS URL\u3002 HTTP \u4e25\u683c\u4f20\u8f93\u5b89\u5168 \uff08HSTS\uff09 \u00b6 \u5f3a\u70c8\u5efa\u8bae\u4f7f\u7528 HTTP \u4e25\u683c\u4f20\u8f93\u5b89\u5168 \uff08HSTS\uff09\u3002 \u6ce8\u610f \u5982\u679c\u60a8\u5728 Web \u670d\u52a1\u5668\u524d\u9762\u4f7f\u7528 HTTPS \u4ee3\u7406\uff0c\u800c\u4e0d\u662f\u4f7f\u7528\u5177\u6709 HTTPS \u529f\u80fd\u7684 HTTP \u670d\u52a1\u5668\uff0c\u8bf7\u4fee\u6539\u8be5 `SECURE_PROXY_SSL_HEADER` \u53d8\u91cf\u3002\u6709\u5173\u4fee\u6539 `SECURE_PROXY_SSL_HEADER` \u53d8\u91cf\u7684\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 Django \u6587\u6863\u3002 \u6709\u5173 HTTPS \u914d\u7f6e\uff08\u5305\u62ec HSTS \u914d\u7f6e\uff09\u7684\u66f4\u5177\u4f53\u5efa\u8bae\u548c\u670d\u52a1\u5668\u914d\u7f6e\uff0c\u8bf7\u53c2\u9605\u201c\u5b89\u5168\u901a\u4fe1\u201d\u4e00\u7ae0\u3002 \u524d\u7aef\u7f13\u5b58\u548c\u4f1a\u8bdd\u540e\u7aef \u00b6 \u524d\u7aef\u7f13\u5b58 \u00b6 \u6211\u4eec\u4e0d\u5efa\u8bae\u5728\u4eea\u8868\u677f\u4e2d\u4f7f\u7528\u524d\u7aef\u7f13\u5b58\u5de5\u5177\u3002\u4eea\u8868\u677f\u6b63\u5728\u6e32\u67d3\u76f4\u63a5\u7531 OpenStack API \u8bf7\u6c42\u751f\u6210\u7684\u52a8\u6001\u5185\u5bb9\uff0c\u524d\u7aef\u7f13\u5b58\u5c42\uff08\u5982 varnish\uff09\u53ef\u80fd\u4f1a\u963b\u6b62\u663e\u793a\u6b63\u786e\u7684\u5185\u5bb9\u3002\u5728 Django \u4e2d\uff0c\u9759\u6001\u5a92\u4f53\u76f4\u63a5\u4ece Apache \u6216 Nginx \u63d0\u4f9b\uff0c\u5e76\u4e14\u5df2\u7ecf\u53d7\u76ca\u4e8e Web \u4e3b\u673a\u7f13\u5b58\u3002 \u4f1a\u8bdd\u540e\u7aef \u00b6 Horizon \u7684\u9ed8\u8ba4\u4f1a\u8bdd\u540e\u7aef django.contrib.sessions.backends.signed_cookies \u5c06\u7528\u6237\u6570\u636e\u4fdd\u5b58\u5728\u6d4f\u89c8\u5668\u4e2d\u5b58\u50a8\u7684\u5df2\u7b7e\u540d\u4f46\u672a\u52a0\u5bc6\u7684 Cookie \u4e2d\u3002\u7531\u4e8e\u6bcf\u4e2a\u4eea\u8868\u677f\u5b9e\u4f8b\u90fd\u662f\u65e0\u72b6\u6001\u7684\uff0c\u56e0\u6b64\u524d\u9762\u63d0\u5230\u7684\u65b9\u6cd5\u63d0\u4f9b\u4e86\u5b9e\u73b0\u6700\u7b80\u5355\u7684\u4f1a\u8bdd\u540e\u7aef\u6269\u5c55\u7684\u80fd\u529b\u3002 \u5e94\u8be5\u6ce8\u610f\u7684\u662f\uff0c\u5728\u8fd9\u79cd\u7c7b\u578b\u7684\u5b9e\u73b0\u4e2d\uff0c\u654f\u611f\u7684\u8bbf\u95ee\u4ee4\u724c\u5c06\u5b58\u50a8\u5728\u6d4f\u89c8\u5668\u4e2d\uff0c\u5e76\u5c06\u968f\u7740\u6bcf\u4e2a\u8bf7\u6c42\u7684\u53d1\u51fa\u800c\u4f20\u8f93\u3002\u540e\u7aef\u786e\u4fdd\u4f1a\u8bdd\u6570\u636e\u7684\u5b8c\u6574\u6027\uff0c\u5373\u4f7f\u4f20\u8f93\u7684\u6570\u636e\u4ec5\u901a\u8fc7 HTTPS \u52a0\u5bc6\u3002 \u5982\u679c\u60a8\u7684\u67b6\u6784\u5141\u8bb8\u5171\u4eab\u5b58\u50a8\uff0c\u5e76\u4e14\u60a8\u6b63\u786e\u914d\u7f6e\u4e86\u7f13\u5b58\uff0c\u6211\u4eec\u5efa\u8bae\u60a8\u5c06\u5176\u8bbe\u7f6e\u4e3a SESSION_ENGINE django.contrib.sessions.backends.cache \u5e76\u7528\u4f5c\u57fa\u4e8e\u7f13\u5b58\u7684\u4f1a\u8bdd\u540e\u7aef\uff0c\u5e76\u5c06 memcached \u4f5c\u4e3a\u7f13\u5b58\u3002Memcached \u662f\u4e00\u79cd\u9ad8\u6548\u7684\u5185\u5b58\u952e\u503c\u5b58\u50a8\uff0c\u7528\u4e8e\u5b58\u50a8\u6570\u636e\u5757\uff0c\u53ef\u5728\u9ad8\u53ef\u7528\u6027\u548c\u5206\u5e03\u5f0f\u73af\u5883\u4e2d\u4f7f\u7528\uff0c\u5e76\u4e14\u6613\u4e8e\u914d\u7f6e\u3002\u4f46\u662f\uff0c\u60a8\u9700\u8981\u786e\u4fdd\u6ca1\u6709\u6570\u636e\u6cc4\u6f0f\u3002Memcached \u5229\u7528\u5907\u7528 RAM \u6765\u5b58\u50a8\u7ecf\u5e38\u8bbf\u95ee\u7684\u6570\u636e\u5757\uff0c\u5c31\u50cf\u91cd\u590d\u8bbf\u95ee\u4fe1\u606f\u7684\u5185\u5b58\u7f13\u5b58\u4e00\u6837\u3002\u7531\u4e8e memcached \u4f7f\u7528\u672c\u5730\u5185\u5b58\uff0c\u56e0\u6b64\u4e0d\u4f1a\u4ea7\u751f\u6570\u636e\u5e93\u548c\u6587\u4ef6\u7cfb\u7edf\u4f7f\u7528\u5f00\u9500\uff0c\u4ece\u800c\u5bfc\u81f4\u76f4\u63a5\u4ece RAM \u800c\u4e0d\u662f\u4ece\u78c1\u76d8\u8bbf\u95ee\u6570\u636e\u3002 \u6211\u4eec\u5efa\u8bae\u4f7f\u7528 memcached \u800c\u4e0d\u662f\u672c\u5730\u5185\u5b58\u7f13\u5b58\uff0c\u56e0\u4e3a\u5b83\u901f\u5ea6\u5feb\uff0c\u6570\u636e\u4fdd\u7559\u65f6\u95f4\u66f4\u957f\uff0c\u591a\u8fdb\u7a0b\u5b89\u5168\uff0c\u5e76\u4e14\u80fd\u591f\u5728\u591a\u4e2a\u670d\u52a1\u5668\u4e0a\u5171\u4eab\u7f13\u5b58\uff0c\u4f46\u4ecd\u5c06\u5176\u89c6\u4e3a\u5355\u4e2a\u7f13\u5b58\u3002 \u8981\u542f\u7528 memcached\uff0c\u8bf7\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache' } \u6709\u5173\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 Django \u6587\u6863\u3002 \u9759\u6001\u5a92\u4f53 \u00b6 \u4eea\u8868\u677f\u7684\u9759\u6001\u5a92\u4f53\u5e94\u90e8\u7f72\u5230\u4eea\u8868\u677f\u57df\u7684\u5b50\u57df\uff0c\u5e76\u7531 Web \u670d\u52a1\u5668\u63d0\u4f9b\u670d\u52a1\u3002\u4f7f\u7528\u5916\u90e8\u5185\u5bb9\u5206\u53d1\u7f51\u7edc \uff08CDN\uff09 \u4e5f\u662f\u53ef\u4ee5\u63a5\u53d7\u7684\u3002\u6b64\u5b50\u57df\u4e0d\u5e94\u8bbe\u7f6e Cookie \u6216\u63d0\u4f9b\u7528\u6237\u63d0\u4f9b\u7684\u5185\u5bb9\u3002\u5a92\u4f53\u4e5f\u5e94\u4f7f\u7528 HTTPS \u63d0\u4f9b\u3002 Django \u5a92\u4f53\u8bbe\u7f6e\u8bb0\u5f55\u5728 Django \u6587\u6863\u4e2d\u3002 Dashboard \u7684\u9ed8\u8ba4\u914d\u7f6e\u4f7f\u7528 django_compressor \u6765\u538b\u7f29\u548c\u7f29\u5c0f CSS \u548c JavaScript \u5185\u5bb9\uff0c\u7136\u540e\u518d\u63d0\u4f9b\u8fd9\u4e9b\u5185\u5bb9\u3002\u6b64\u8fc7\u7a0b\u5e94\u5728\u90e8\u7f72\u4eea\u8868\u677f\u4e4b\u524d\u9759\u6001\u5b8c\u6210\uff0c\u800c\u4e0d\u662f\u4f7f\u7528\u9ed8\u8ba4\u7684\u8bf7\u6c42\u5185\u52a8\u6001\u538b\u7f29\uff0c\u5e76\u5c06\u751f\u6210\u7684\u6587\u4ef6\u4e0e\u5df2\u90e8\u7f72\u7684\u4ee3\u7801\u4e00\u8d77\u590d\u5236\u5230 CDN \u670d\u52a1\u5668\u3002\u538b\u7f29\u5e94\u5728\u975e\u751f\u4ea7\u751f\u6210\u73af\u5883\u4e2d\u5b8c\u6210\u3002\u5982\u679c\u8fd9\u4e0d\u53ef\u884c\uff0c\u6211\u4eec\u5efa\u8bae\u5b8c\u5168\u7981\u7528\u8d44\u6e90\u538b\u7f29\u3002\u4e0d\u5e94\u5728\u751f\u4ea7\u8ba1\u7b97\u673a\u4e0a\u5b89\u88c5\u8054\u673a\u538b\u7f29\u4f9d\u8d56\u9879\uff08\u8f83\u5c11\uff0cNode.js\uff09\u3002 \u5bc6\u7801 \u00b6 \u5bc6\u7801\u7ba1\u7406\u5e94\u8be5\u662f\u4e91\u7ba1\u7406\u8ba1\u5212\u4e0d\u53ef\u6216\u7f3a\u7684\u4e00\u90e8\u5206\u3002\u5173\u4e8e\u5bc6\u7801\u7684\u6743\u5a01\u6559\u7a0b\u8d85\u51fa\u4e86\u672c\u4e66\u7684\u8303\u56f4;\u4f46\u662f\uff0c\u4e91\u7ba1\u7406\u5458\u5e94\u53c2\u8003 NIST \u4f01\u4e1a\u5bc6\u7801\u7ba1\u7406\u7279\u522b\u51fa\u7248\u7269\u6307\u5357\u7b2c 4 \u7ae0\u4e2d\u63a8\u8350\u7684\u6700\u4f73\u5b9e\u8df5\u3002 \u65e0\u8bba\u662f\u901a\u8fc7\u4eea\u8868\u677f\u8fd8\u662f\u5176\u4ed6\u5e94\u7528\u7a0b\u5e8f\uff0c\u57fa\u4e8e\u6d4f\u89c8\u5668\u7684 OpenStack \u4e91\u8bbf\u95ee\u90fd\u4f1a\u5f15\u5165\u989d\u5916\u7684\u6ce8\u610f\u4e8b\u9879\u3002\u73b0\u4ee3\u6d4f\u89c8\u5668\u90fd\u652f\u6301\u67d0\u79cd\u5f62\u5f0f\u7684\u5bc6\u7801\u5b58\u50a8\u548c\u81ea\u52a8\u586b\u5145\u8bb0\u4f4f\u7684\u7ad9\u70b9\u7684\u51ed\u636e\u3002\u8fd9\u5728\u4f7f\u7528\u4e0d\u5bb9\u6613\u8bb0\u4f4f\u6216\u952e\u5165\u7684\u5f3a\u5bc6\u7801\u65f6\u975e\u5e38\u6709\u7528\uff0c\u4f46\u5982\u679c\u5ba2\u6237\u7aef\u7684\u7269\u7406\u5b89\u5168\u6027\u53d7\u5230\u5a01\u80c1\uff0c\u53ef\u80fd\u4f1a\u5bfc\u81f4\u6d4f\u89c8\u5668\u6210\u4e3a\u8584\u5f31\u73af\u8282\u3002\u5982\u679c\u6d4f\u89c8\u5668\u7684\u5bc6\u7801\u5b58\u50a8\u672c\u8eab\u4e0d\u53d7\u5f3a\u5bc6\u7801\u4fdd\u62a4\uff0c\u6216\u8005\u5982\u679c\u5141\u8bb8\u5bc6\u7801\u5b58\u50a8\u5728\u4f1a\u8bdd\u671f\u95f4\u4fdd\u6301\u89e3\u9501\u72b6\u6001\uff0c\u5219\u5f88\u5bb9\u6613\u83b7\u5f97\u5bf9\u7cfb\u7edf\u7684\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002 KeePassX \u548c Password Safe \u7b49\u5bc6\u7801\u7ba1\u7406\u5e94\u7528\u7a0b\u5e8f\u975e\u5e38\u6709\u7528\uff0c\u56e0\u4e3a\u5927\u591a\u6570\u5e94\u7528\u7a0b\u5e8f\u90fd\u652f\u6301\u751f\u6210\u5f3a\u5bc6\u7801\u548c\u5b9a\u671f\u63d0\u9192\u751f\u6210\u65b0\u5bc6\u7801\u3002\u6700\u91cd\u8981\u7684\u662f\uff0c\u5bc6\u7801\u5b58\u50a8\u4ec5\u77ed\u6682\u4fdd\u6301\u89e3\u9501\u72b6\u6001\uff0c\u4ece\u800c\u964d\u4f4e\u4e86\u5bc6\u7801\u6cc4\u9732\u548c\u901a\u8fc7\u6d4f\u89c8\u5668\u6216\u7cfb\u7edf\u5165\u4fb5\u8fdb\u884c\u672a\u7ecf\u6388\u6743\u7684\u8d44\u6e90\u8bbf\u95ee\u7684\u98ce\u9669\u3002 \u5bc6\u94a5 \u00b6 \u4eea\u8868\u677f\u4f9d\u8d56\u4e8e\u67d0\u4e9b\u5b89\u5168\u529f\u80fd\u7684\u5171\u4eab SECRET_KEY \u8bbe\u7f6e\u3002\u5bc6\u94a5\u5e94\u4e3a\u968f\u673a\u751f\u6210\u7684\u5b57\u7b26\u4e32\uff0c\u957f\u5ea6\u81f3\u5c11\u4e3a 64 \u4e2a\u5b57\u7b26\uff0c\u5fc5\u987b\u5728\u6240\u6709\u6d3b\u52a8\u4eea\u8868\u677f\u5b9e\u4f8b\u4e4b\u95f4\u5171\u4eab\u3002\u6cc4\u9732\u6b64\u5bc6\u94a5\u53ef\u80fd\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u8f6e\u6362\u6b64\u5bc6\u94a5\u4f1a\u4f7f\u73b0\u6709\u7528\u6237\u4f1a\u8bdd\u548c\u7f13\u5b58\u5931\u6548\u3002\u8bf7\u52ff\u5c06\u6b64\u5bc6\u94a5\u63d0\u4ea4\u5230\u516c\u5171\u5b58\u50a8\u5e93\u3002 Cookies \u00b6 \u4f1a\u8bddCookies\u5e94\u8bbe\u7f6e\u4e3a HTTPONLY\uff1a SESSION_COOKIE_HTTPONLY = True \u5207\u52ff\u5c06 CSRF \u6216\u4f1a\u8bdd Cookie \u914d\u7f6e\u4e3a\u5177\u6709\u5e26\u524d\u5bfc\u70b9\u7684\u901a\u914d\u7b26\u57df\u3002\u4f7f\u7528 HTTPS \u90e8\u7f72\u65f6\uff0c\u5e94\u4fdd\u62a4 Horizon \u7684\u4f1a\u8bdd\u548c CSRF Cookie\uff1a CSRF_COOKIE_SECURE = True SESSION_COOKIE_SECURE = True \u8de8\u57df\u8d44\u6e90\u5171\u4eab \uff08CORS\uff09 \u00b6 \u5c06 Web \u670d\u52a1\u5668\u914d\u7f6e\u4e3a\u5728\u6bcf\u6b21\u54cd\u5e94\u65f6\u53d1\u9001\u9650\u5236\u6027 CORS \u6807\u5934\uff0c\u4ec5\u5141\u8bb8\u4eea\u8868\u677f\u57df\u548c\u534f\u8bae\uff1a Access-Control-Allow-Origin: https://example.com/ \u6c38\u8fdc\u4e0d\u5141\u8bb8\u901a\u914d\u7b26\u6765\u6e90\u3002 \u8c03\u8bd5 \u00b6 \u5efa\u8bae\u5728\u751f\u4ea7\u73af\u5883\u4e2d\u5c06 DEBUG \u8be5\u8bbe\u7f6e\u8bbe\u7f6e\u4e3a False \u3002\u5982\u679c DEBUG \u8bbe\u7f6e\u4e3a True\uff0c\u5219\u5f53\u629b\u51fa\u5f02\u5e38\u65f6\uff0cDjango \u5c06\u663e\u793a\u5806\u6808\u8ddf\u8e2a\u548c\u654f\u611f\u7684 Web \u670d\u52a1\u5668\u72b6\u6001\u4fe1\u606f\u3002 \u68c0\u67e5\u8868 \u00b6 Check-Dashboard-01\uff1a\u7528\u6237/\u914d\u7f6e\u6587\u4ef6\u7ec4\u662f\u5426\u8bbe\u7f6e\u4e3a root/horizon\uff1f \u00b6 \u914d\u7f6e\u6587\u4ef6\u5305\u542b\u7ec4\u4ef6\u5e73\u7a33\u8fd0\u884c\u6240\u9700\u7684\u5173\u952e\u53c2\u6570\u548c\u4fe1\u606f\u3002\u5982\u679c\u975e\u7279\u6743\u7528\u6237\u6709\u610f\u6216\u65e0\u610f\u5730\u4fee\u6539\u6216\u5220\u9664\u4efb\u4f55\u53c2\u6570\u6216\u6587\u4ef6\u672c\u8eab\uff0c\u5219\u4f1a\u5bfc\u81f4\u4e25\u91cd\u7684\u53ef\u7528\u6027\u95ee\u9898\uff0c\u4ece\u800c\u5bfc\u81f4\u5bf9\u5176\u4ed6\u6700\u7ec8\u7528\u6237\u7684\u62d2\u7edd\u670d\u52a1\u3002\u56e0\u6b64\uff0c\u6b64\u7c7b\u5173\u952e\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a root\uff0c\u7ec4\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a horizon\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%U %G\" /etc/openstack-dashboard/local_settings.py | egrep \"root horizon\" \u901a\u8fc7\uff1a\u5982\u679c\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u5206\u522b\u8bbe\u7f6e\u4e3a root \u548c horizon\u3002\u4e0a\u9762\u7684\u547d\u4ee4\u663e\u793a\u4e86\u6839\u5730\u5e73\u7ebf\u7684\u8f93\u51fa\u3002 \u5931\u8d25\uff1a\u5982\u679c\u4e0a\u8ff0\u547d\u4ee4\u672a\u8fd4\u56de\u4efb\u4f55\u8f93\u51fa\uff0c\u56e0\u4e3a\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u53ef\u80fd\u5df2\u8bbe\u7f6e\u4e3a\u9664 root \u4ee5\u5916\u7684\u4efb\u4f55\u7528\u6237\u6216\u9664 Horizon \u4ee5\u5916\u7684\u4efb\u4f55\u7ec4\u3002 Check-Dashboard-02\uff1a\u662f\u5426\u4e3a Horizon \u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u6743\u9650\uff1f \u00b6 \u4e0e\u524d\u9762\u7684\u68c0\u67e5\u7c7b\u4f3c\uff0c\u5efa\u8bae\u5bf9\u6b64\u7c7b\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e25\u683c\u7684\u8bbf\u95ee\u6743\u9650\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%a\" /etc/openstack-dashboard/local_settings.py \u901a\u8fc7\uff1a\u5982\u679c\u6743\u9650\u8bbe\u7f6e\u4e3a 640 \u6216\u66f4\u4e25\u683c\u3002640 \u7684\u6743\u9650\u8f6c\u6362\u4e3a\u6240\u6709\u8005 r/w\u3001\u7ec4 r\uff0c\u800c\u5bf9\u5176\u4ed6\u4eba\u6ca1\u6709\u6743\u9650\uff0c\u5373\u201cu=rw\uff0cg=r\uff0co=\u201d\u3002\u8bf7\u6ce8\u610f\uff0c\u4f7f\u7528 Check-Dashboard-01 \u65f6\uff1a\u7528\u6237/\u914d\u7f6e\u6587\u4ef6\u7ec4\u662f\u5426\u8bbe\u7f6e\u4e3a root/horizon\uff1f\u6743\u9650\u8bbe\u7f6e\u4e3a 640\uff0c\u5219 root \u7528\u6237\u5177\u6709\u8bfb/\u5199\u8bbf\u95ee\u6743\u9650\uff0cHorizon \u5177\u6709\u5bf9\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u8bfb\u53d6\u8bbf\u95ee\u6743\u9650\u3002\u4e5f\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u9a8c\u8bc1\u8bbf\u95ee\u6743\u9650\u3002\u4ec5\u5f53\u6b64\u547d\u4ee4\u652f\u6301 ACL \u65f6\uff0c\u5b83\u624d\u5728\u60a8\u7684\u7cfb\u7edf\u4e0a\u53ef\u7528\u3002 $ getfacl --tabular -a /etc/openstack-dashboard/local_settings.py getfacl: Removing leading '/' from absolute path names # file: etc/openstack-dashboard/local_settings.py USER root rw- GROUP horizon r-- mask r-- other --- \u5931\u8d25\uff1a\u5982\u679c\u6743\u9650\u672a\u8bbe\u7f6e\u4e3a\u81f3\u5c11 640\u3002 Check-Dashboard-03\uff1a\u53c2\u6570\u662f\u5426 DISALLOW_IFRAME_EMBED \u8bbe\u7f6e\u4e3a True \uff1f \u00b6 DISALLOW_IFRAME_EMBED \u53ef\u7528\u4e8e\u9632\u6b62 OpenStack Dashboard \u5d4c\u5165\u5230 iframe \u4e2d\u3002 \u65e7\u7248\u6d4f\u89c8\u5668\u4ecd\u7136\u5bb9\u6613\u53d7\u5230\u8de8\u5e27\u811a\u672c \uff08XFS\uff09 \u6f0f\u6d1e\u7684\u5f71\u54cd\uff0c\u56e0\u6b64\u6b64\u9009\u9879\u5141\u8bb8\u5728\u90e8\u7f72\u4e2d\u672a\u4f7f\u7528 iframe \u7684\u60c5\u51b5\u4e0b\u8fdb\u884c\u989d\u5916\u7684\u5b89\u5168\u5f3a\u5316\u3002 \u9ed8\u8ba4\u8bbe\u7f6e\u4e3a True\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 DISALLOW_IFRAME_EMBED in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a True \u3002 \u5931\u8d25\uff1a\u5982\u679c\u53c2\u6570 DISALLOW_IFRAME_EMBED in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a False \u3002 \u63a8\u8350\u7528\u4e8e\uff1aHTTPS\u3001HSTS\u3001XSS \u548c SSRF\u3002 Check-Dashboard-04\uff1a\u53c2\u6570\u662f\u5426 CSRF_COOKIE_SECURE \u8bbe\u7f6e\u4e3a True \uff1f \u00b6 CSRF\uff08\u8de8\u7ad9\u70b9\u8bf7\u6c42\u4f2a\u9020\uff09\u662f\u4e00\u79cd\u653b\u51fb\uff0c\u5b83\u8feb\u4f7f\u6700\u7ec8\u7528\u6237\u5728\u4ed6/\u5979\u5f53\u524d\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684 Web \u5e94\u7528\u7a0b\u5e8f\u4e0a\u6267\u884c\u672a\u7ecf\u6388\u6743\u7684\u547d\u4ee4\u3002\u6210\u529f\u7684 CSRF \u6f0f\u6d1e\u53ef\u80fd\u4f1a\u5371\u53ca\u6700\u7ec8\u7528\u6237\u7684\u6570\u636e\u548c\u64cd\u4f5c\u3002\u5982\u679c\u76ee\u6807\u6700\u7ec8\u7528\u6237\u5177\u6709\u7ba1\u7406\u5458\u6743\u9650\uff0c\u8fd9\u53ef\u80fd\u4f1a\u5371\u53ca\u6574\u4e2a Web \u5e94\u7528\u7a0b\u5e8f\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 CSRF_COOKIE_SECURE in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a True \u3002 \u5931\u8d25\uff1a\u5982\u679c\u53c2\u6570 CSRF_COOKIE_SECURE in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a False \u3002 \u63a8\u8350\u4e8e\uff1aCookies\u3002 Check-Dashboard-05\uff1a\u53c2\u6570\u662f\u5426 SESSION_COOKIE_SECURE \u8bbe\u7f6e\u4e3a True \uff1f \u00b6 \u201cSECURE\u201dcookie \u5c5e\u6027\u6307\u793a Web \u6d4f\u89c8\u5668\u4ec5\u901a\u8fc7\u52a0\u5bc6\u7684 HTTPS \uff08SSL/TLS\uff09 \u8fde\u63a5\u53d1\u9001 cookie\u3002\u6b64\u4f1a\u8bdd\u4fdd\u62a4\u673a\u5236\u662f\u5f3a\u5236\u6027\u7684\uff0c\u4ee5\u9632\u6b62\u901a\u8fc7 MitM\uff08\u4e2d\u95f4\u4eba\uff09\u653b\u51fb\u6cc4\u9732\u4f1a\u8bdd ID\u3002\u5b83\u786e\u4fdd\u653b\u51fb\u8005\u65e0\u6cd5\u7b80\u5355\u5730\u4ece Web \u6d4f\u89c8\u5668\u6d41\u91cf\u4e2d\u6355\u83b7\u4f1a\u8bdd ID\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 SESSION_COOKIE_SECURE in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a True \u3002 \u5931\u8d25\uff1a\u5982\u679c\u53c2\u6570 SESSION_COOKIE_SECURE in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a False \u3002 \u63a8\u8350\u4e8e\uff1aCookies\u3002 Check-Dashboard-06\uff1a\u53c2\u6570\u662f\u5426 SESSION_COOKIE_HTTPONLY \u8bbe\u7f6e\u4e3a True \uff1f \u00b6 \u201cHTTPONLY\u201dcookie \u5c5e\u6027\u6307\u793a Web \u6d4f\u89c8\u5668\u4e0d\u5141\u8bb8\u811a\u672c\uff08\u4f8b\u5982 JavaScript \u6216 VBscript\uff09\u901a\u8fc7 DOM document.cookie \u5bf9\u8c61\u8bbf\u95ee cookie\u3002\u6b64\u4f1a\u8bdd ID \u4fdd\u62a4\u662f\u5fc5\u9700\u7684\uff0c\u4ee5\u9632\u6b62\u901a\u8fc7 XSS \u653b\u51fb\u7a83\u53d6\u4f1a\u8bdd ID\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 SESSION_COOKIE_HTTPONLY in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a True \u3002 \u5931\u8d25\uff1a\u5982\u679c\u53c2\u6570 SESSION_COOKIE_HTTPONLY in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a False \u3002 \u63a8\u8350\u4e8e\uff1aCookies\u3002 Check-Dashboard-07\uff1a PASSWORD_AUTOCOMPLETE \u8bbe\u7f6e\u4e3a False \uff1f \u00b6 \u5e94\u7528\u7a0b\u5e8f\u7528\u4e8e\u4e3a\u7528\u6237\u63d0\u4f9b\u4fbf\u5229\u7684\u5e38\u89c1\u529f\u80fd\u662f\u5c06\u5bc6\u7801\u672c\u5730\u7f13\u5b58\u5728\u6d4f\u89c8\u5668\u4e2d\uff08\u5728\u5ba2\u6237\u7aef\u8ba1\u7b97\u673a\u4e0a\uff09\uff0c\u5e76\u5728\u6240\u6709\u540e\u7eed\u8bf7\u6c42\u4e2d\u201c\u9884\u5148\u952e\u5165\u201d\u3002\u867d\u7136\u6b64\u529f\u80fd\u5bf9\u666e\u901a\u7528\u6237\u6765\u8bf4\u975e\u5e38\u53cb\u597d\uff0c\u4f46\u540c\u65f6\uff0c\u5b83\u5f15\u5165\u4e86\u4e00\u4e2a\u7f3a\u9677\uff0c\u56e0\u4e3a\u5728\u5ba2\u6237\u7aef\u8ba1\u7b97\u673a\u4e0a\u4f7f\u7528\u76f8\u540c\u5e10\u6237\u7684\u4efb\u4f55\u4eba\u90fd\u53ef\u4ee5\u8f7b\u677e\u8bbf\u95ee\u7528\u6237\u5e10\u6237\uff0c\u4ece\u800c\u53ef\u80fd\u5bfc\u81f4\u7528\u6237\u5e10\u6237\u53d7\u635f\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 PASSWORD_AUTOCOMPLETE in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a off \u3002 \u5931\u8d25\uff1a\u5982\u679c\u53c2\u6570 PASSWORD_AUTOCOMPLETE in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a on \u3002 Check-Dashboard-08\uff1a DISABLE_PASSWORD_REVEAL \u8bbe\u7f6e\u4e3a True \uff1f \u00b6 \u4e0e\u4e4b\u524d\u7684\u68c0\u67e5\u7c7b\u4f3c\uff0c\u5efa\u8bae\u4e0d\u8981\u663e\u793a\u5bc6\u7801\u5b57\u6bb5\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 DISABLE_PASSWORD_REVEAL in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a True \u3002 \u5931\u8d25\uff1a\u5982\u679c\u53c2\u6570 DISABLE_PASSWORD_REVEAL in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a False \u3002 \u6ce8\u610f \u6b64\u9009\u9879\u662f\u5728 Kilo \u7248\u672c\u4e2d\u5f15\u5165\u7684\u3002 Check-Dashboard-09\uff1a ENFORCE_PASSWORD_CHECK \u8bbe\u7f6e\u4e3a True \uff1f \u00b6 \u8bbe\u7f6e\u4e3a ENFORCE_PASSWORD_CHECK True \u5c06\u5728\u201c\u66f4\u6539\u5bc6\u7801\u201d\u7a97\u4f53\u4e0a\u663e\u793a\u201c\u7ba1\u7406\u5458\u5bc6\u7801\u201d\u5b57\u6bb5\uff0c\u4ee5\u9a8c\u8bc1\u662f\u5426\u786e\u5b9e\u662f\u7ba1\u7406\u5458\u767b\u5f55\u7684\u8981\u66f4\u6539\u5bc6\u7801\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 ENFORCE_PASSWORD_CHECK in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a True \u3002 \u5931\u8d25\uff1a\u5982\u679c\u53c2\u6570 ENFORCE_PASSWORD_CHECK in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a False \u3002 Check-Dashboard-10\uff1a\u662f\u5426 PASSWORD_VALIDATOR \u5df2\u914d\u7f6e\uff1f \u00b6 \u5141\u8bb8\u6b63\u5219\u8868\u8fbe\u5f0f\u9a8c\u8bc1\u7528\u6237\u5bc6\u7801\u7684\u590d\u6742\u6027\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 PASSWORD_VALIDATOR in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a defaul \u4e4b\u5916\u7684\u4efb\u4f55\u503c\uff0c\u5219\u5141\u8bb8\u6240\u6709 \u201cregex\u201d\uff1a '.*'\uff0c \u5931\u8d25\uff1a\u5982\u679c\u53c2\u6570 PASSWORD_VALIDATOR in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a\u5141\u8bb8\u6240\u6709 \u201cregex\u201d\uff1a '.*' Check-Dashboard-11\uff1a\u662f\u5426 SECURE_PROXY_SSL_HEADER \u5df2\u914d\u7f6e\uff1f \u00b6 \u5982\u679c OpenStack Dashboard \u90e8\u7f72\u5728\u4ee3\u7406\u540e\u9762\uff0c\u5e76\u4e14\u4ee3\u7406\u4ece\u6240\u6709\u4f20\u5165\u8bf7\u6c42\u4e2d\u5265\u79bb X-Forwarded-Proto \u6807\u5934\uff0c\u6216\u8005\u8bbe\u7f6e\u6807\u5934 X-Forwarded-Proto \u5e76\u5c06\u5176\u53d1\u9001\u5230 Dashboard\uff0c\u4f46\u4ec5\u9002\u7528\u4e8e\u6700\u521d\u901a\u8fc7 HTTPS \u4f20\u5165\u7684\u8bf7\u6c42\uff0c\u90a3\u4e48\u60a8\u5e94\u8be5\u8003\u8651\u914d\u7f6e SECURE_PROXY_SSL_HEADER \u66f4\u591a\u4fe1\u606f\u53ef\u4ee5\u5728 Django \u6587\u6863\u4e2d\u627e\u5230\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 SECURE_PROXY_SSL_HEADER in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a 'HTTP_X_FORWARDED_PROTO', 'https' \u5931\u8d25\uff1a\u5982\u679c\u53c2\u6570 SECURE_PROXY_SSL_HEADER in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u672a\u8bbe\u7f6e\u4e3a 'HTTP_X_FORWARDED_PROTO', 'https' \u6216\u6ce8\u91ca\u6389\u3002 \u8ba1\u7b97 \u00b6 OpenStack \u8ba1\u7b97\u670d\u52a1 \uff08nova\uff09 \u5728\u6574\u4e2a\u4e91\u4e2d\u7684\u8bb8\u591a\u4f4d\u7f6e\u8fd0\u884c\uff0c\u5e76\u4e0e\u5404\u79cd\u5185\u90e8\u670d\u52a1\u8fdb\u884c\u4ea4\u4e92\u3002OpenStack \u8ba1\u7b97\u670d\u52a1\u63d0\u4f9b\u4e86\u591a\u79cd\u914d\u7f6e\u9009\u9879\uff0c\u8fd9\u4e9b\u9009\u9879\u53ef\u80fd\u662f\u7279\u5b9a\u4e8e\u90e8\u7f72\u7684\u3002 \u5728\u672c\u7ae0\u4e2d\uff0c\u6211\u4eec\u5c06\u4ecb\u7ecd\u6709\u5173\u8ba1\u7b97\u5b89\u5168\u6027\u7684\u4e00\u822c\u6700\u4f73\u5b9e\u8df5\uff0c\u4ee5\u53ca\u53ef\u80fd\u5bfc\u81f4\u5b89\u5168\u95ee\u9898\u7684\u7279\u5b9a\u5df2\u77e5\u914d\u7f6e\u3002 nova.conf \u6587\u4ef6\u548c /var/lib/nova \u4f4d\u7f6e\u5e94\u53d7\u5230\u4fdd\u62a4\u3002\u5e94\u5b9e\u65bd\u96c6\u4e2d\u5f0f\u65e5\u5fd7\u8bb0\u5f55\u3001 policy.json \u6587\u4ef6\u548c\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236\u6846\u67b6\u7b49\u63a7\u5236\u63aa\u65bd\u3002 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u9009\u62e9 OpenStack \u4e2d\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f \u7eb3\u5165\u6392\u9664\u6807\u51c6 \u56e2\u961f\u4e13\u957f \u4ea7\u54c1\u6216\u9879\u76ee\u6210\u719f\u5ea6 \u8ba4\u8bc1\u548c\u8bc1\u660e \u901a\u7528\u6807\u51c6 \u52a0\u5bc6\u6807\u51c6 FIPS 140-2 \u786c\u4ef6\u95ee\u9898 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e0e\u88f8\u673a \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5185\u5b58\u4f18\u5316 KVM \u5185\u6838 Samepage \u5408\u5e76 XEN\u900f\u660e\u9875\u9762\u5171\u4eab \u5185\u5b58\u4f18\u5316\u7684\u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u5176\u4ed6\u5b89\u5168\u529f\u80fd \u4e66\u76ee \u5f3a\u5316\u865a\u62df\u5316\u5c42 \u7269\u7406\u786c\u4ef6\uff08PCI \u76f4\u901a\uff09 \u865a\u62df\u786c\u4ef6 \uff08QEMU\uff09 \u6700\u5c0f\u5316 QEMU \u4ee3\u7801\u5e93 \u7f16\u8bd1\u5668\u5f3a\u5316 \u5b89\u5168\u52a0\u5bc6\u865a\u62df\u5316 \u5f3a\u5236\u8bbf\u95ee\u63a7\u5236 sVirt\uff1aSELinux \u548c\u865a\u62df\u5316 \u6807\u7b7e\u548c\u7c7b\u522b SELinux \u7528\u6237\u548c\u89d2\u8272 \u5e03\u5c14\u503c \u5f3a\u5316\u8ba1\u7b97\u90e8\u7f72 OpenStack \u6f0f\u6d1e\u7ba1\u7406\u56e2\u961f OpenStack \u5b89\u5168\u8bf4\u660e OpenStack-dev \u90ae\u4ef6\u5217\u8868 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u90ae\u4ef6\u5217\u8868 \u6f0f\u6d1e\u610f\u8bc6 OpenStack \u6f0f\u6d1e\u7ba1\u7406\u56e2\u961f OpenStack \u5b89\u5168\u8bf4\u660e OpenStack-\u8ba8\u8bba\u90ae\u4ef6\u5217\u8868 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u90ae\u4ef6\u5217\u8868 \u5982\u4f55\u9009\u62e9\u865a\u62df\u63a7\u5236\u53f0 \u865a\u62df\u7f51\u7edc\u8ba1\u7b97\u673a \uff08VNC\uff09 \u72ec\u7acb\u8ba1\u7b97\u73af\u5883\u7684\u7b80\u5355\u534f\u8bae \uff08SPICE\uff09 \u68c0\u67e5\u8868 Check-Compute-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/nova\uff1f Check-Compute-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Compute-03\uff1aKeystone \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Compute-04\uff1a\u662f\u5426\u4f7f\u7528\u5b89\u5168\u534f\u8bae\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Compute-05\uff1aNova \u4e0e Glance \u7684\u901a\u4fe1\u662f\u5426\u5b89\u5168\uff1f \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u9009\u62e9 \u00b6 OpenStack \u4e2d\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f \u00b6 \u65e0\u8bbaOpenStack\u662f\u90e8\u7f72\u5728\u79c1\u6709\u6570\u636e\u4e2d\u5fc3\u5185\uff0c\u8fd8\u662f\u4f5c\u4e3a\u516c\u5171\u4e91\u670d\u52a1\u90e8\u7f72\uff0c\u5e95\u5c42\u865a\u62df\u5316\u6280\u672f\u90fd\u80fd\u5728\u53ef\u6269\u5c55\u6027\u3001\u8d44\u6e90\u6548\u7387\u548c\u6b63\u5e38\u8fd0\u884c\u65f6\u95f4\u65b9\u9762\u63d0\u4f9b\u4f01\u4e1a\u7ea7\u529f\u80fd\u3002\u867d\u7136\u5728\u8bb8\u591a OpenStack \u652f\u6301\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u6280\u672f\u4e2d\u901a\u5e38\u90fd\u5177\u6709\u8fd9\u79cd\u9ad8\u7ea7\u4f18\u52bf\uff0c\u4f46\u6bcf\u4e2a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u7684\u5b89\u5168\u67b6\u6784\u548c\u529f\u80fd\u90fd\u5b58\u5728\u663e\u8457\u5dee\u5f02\uff0c\u5c24\u5176\u662f\u5728\u8003\u8651\u5f39\u6027 OpenStack \u73af\u5883\u7279\u6709\u7684\u5b89\u5168\u5a01\u80c1\u5411\u91cf\u65f6\u3002\u968f\u7740\u5e94\u7528\u7a0b\u5e8f\u6574\u5408\u5230\u5355\u4e2a\u57fa\u7840\u67b6\u6784\u5373\u670d\u52a1 \uff08IaaS\uff09 \u5e73\u53f0\u4e2d\uff0c\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u7ea7\u522b\u7684\u5b9e\u4f8b\u9694\u79bb\u53d8\u5f97\u81f3\u5173\u91cd\u8981\u3002\u5b89\u5168\u9694\u79bb\u7684\u8981\u6c42\u5728\u5546\u4e1a\u3001\u653f\u5e9c\u548c\u519b\u4e8b\u793e\u533a\u4e2d\u90fd\u9002\u7528\u3002 \u5728 OpenStack \u6846\u67b6\u4e2d\uff0c\u60a8\u53ef\u4ee5\u5728\u4f17\u591a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5e73\u53f0\u548c\u76f8\u5e94\u7684 OpenStack \u63d2\u4ef6\u4e2d\u8fdb\u884c\u9009\u62e9\uff0c\u4ee5\u4f18\u5316\u60a8\u7684\u4e91\u73af\u5883\u3002\u5728\u672c\u6307\u5357\u7684\u4e0a\u4e0b\u6587\u4e2d\uff0c\u91cd\u70b9\u4ecb\u7ecd\u4e86\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u9009\u62e9\u6ce8\u610f\u4e8b\u9879\uff0c\u56e0\u4e3a\u5b83\u4eec\u4e0e\u5bf9\u5b89\u5168\u6027\u81f3\u5173\u91cd\u8981\u7684\u529f\u80fd\u96c6\u6709\u5173\u3002\u4f46\u662f\uff0c\u8fd9\u4e9b\u6ce8\u610f\u4e8b\u9879\u5e76\u4e0d\u610f\u5473\u7740\u5bf9\u7279\u5b9a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u7684\u4f18\u7f3a\u70b9\u8fdb\u884c\u8be6\u5c3d\u7684\u8c03\u67e5\u3002NIST \u5728\u7279\u522b\u51fa\u7248\u7269 800-125\u201c\u5b8c\u6574\u865a\u62df\u5316\u6280\u672f\u5b89\u5168\u6307\u5357\u201d\u4e2d\u63d0\u4f9b\u4e86\u5176\u4ed6\u6307\u5bfc\u3002 \u9009\u62e9\u6807\u51c6 \u00b6 \u4f5c\u4e3a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u9009\u62e9\u8fc7\u7a0b\u7684\u4e00\u90e8\u5206\uff0c\u60a8\u5fc5\u987b\u8003\u8651\u8bb8\u591a\u91cd\u8981\u56e0\u7d20\uff0c\u4ee5\u5e2e\u52a9\u6539\u5584\u60a8\u7684\u5b89\u5168\u72b6\u51b5\u3002\u5177\u4f53\u6765\u8bf4\uff0c\u60a8\u5fc5\u987b\u719f\u6089\u4ee5\u4e0b\u65b9\u9762\uff1a \u56e2\u961f\u4e13\u957f \u4ea7\u54c1\u6216\u9879\u76ee\u6210\u719f\u5ea6 \u901a\u7528\u6807\u51c6 \u8ba4\u8bc1\u548c\u8bc1\u660e \u786c\u4ef6\u95ee\u9898 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e0e\u88f8\u673a \u5176\u4ed6\u5b89\u5168\u529f\u80fd \u6b64\u5916\uff0c\u5f3a\u70c8\u5efa\u8bae\u5728\u4e3a OpenStack \u90e8\u7f72\u9009\u62e9\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u65f6\u8bc4\u4f30\u4ee5\u4e0b\u4e0e\u5b89\u5168\u76f8\u5173\u7684\u6807\u51c6\uff1a * \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u662f\u5426\u7ecf\u8fc7\u901a\u7528\u6807\u51c6\u8ba4\u8bc1\uff1f\u5982\u679c\u662f\u8fd9\u6837\uff0c\u8fbe\u5230\u4ec0\u4e48\u6c34\u5e73\uff1f* \u5e95\u5c42\u5bc6\u7801\u5b66\u662f\u5426\u7ecf\u8fc7\u7b2c\u4e09\u65b9\u8ba4\u8bc1\uff1f \u56e2\u961f\u4e13\u957f \u00b6 \u6700\u6709\u53ef\u80fd\u7684\u662f\uff0c\u5728\u9009\u62e9\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u65f6\uff0c\u6700\u91cd\u8981\u7684\u65b9\u9762\u662f\u60a8\u7684\u5458\u5de5\u5728\u7ba1\u7406\u548c\u7ef4\u62a4\u7279\u5b9a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5e73\u53f0\u65b9\u9762\u7684\u4e13\u4e1a\u77e5\u8bc6\u3002\u60a8\u7684\u56e2\u961f\u5bf9\u7ed9\u5b9a\u4ea7\u54c1\u3001\u5176\u914d\u7f6e\u53ca\u5176\u602a\u7656\u8d8a\u719f\u6089\uff0c\u914d\u7f6e\u9519\u8bef\u5c31\u8d8a\u5c11\u3002\u6b64\u5916\uff0c\u5728\u7ed9\u5b9a\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e0a\u5c06\u5458\u5de5\u4e13\u4e1a\u77e5\u8bc6\u5206\u5e03\u5728\u6574\u4e2a\u7ec4\u7ec7\u4e2d\u53ef\u4ee5\u63d0\u9ad8\u7cfb\u7edf\u7684\u53ef\u7528\u6027\uff0c\u5141\u8bb8\u804c\u8d23\u5206\u79bb\uff0c\u5e76\u5728\u56e2\u961f\u6210\u5458\u4e0d\u53ef\u7528\u65f6\u7f13\u89e3\u95ee\u9898\u3002 \u4ea7\u54c1\u6216\u9879\u76ee\u6210\u719f\u5ea6 \u00b6 \u7ed9\u5b9a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4ea7\u54c1\u6216\u9879\u76ee\u7684\u6210\u719f\u5ea6\u5bf9\u60a8\u7684\u5b89\u5168\u72b6\u51b5\u4e5f\u81f3\u5173\u91cd\u8981\u3002\u90e8\u7f72\u4e91\u540e\uff0c\u4ea7\u54c1\u6210\u719f\u5ea6\u4f1a\u4ea7\u751f\u8bb8\u591a\u5f71\u54cd\uff1a\u7ed9\u5b9a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4ea7\u54c1\u6216\u9879\u76ee\u7684\u6210\u719f\u5ea6\u5bf9\u60a8\u7684\u5b89\u5168\u72b6\u51b5\u4e5f\u81f3\u5173\u91cd\u8981\u3002\u90e8\u7f72\u4e91\u540e\uff0c\u4ea7\u54c1\u6210\u719f\u5ea6\u4f1a\u4ea7\u751f\u8bb8\u591a\u5f71\u54cd\uff1a \u4e13\u4e1a\u77e5\u8bc6\u7684\u53ef\u7528\u6027 \u6d3b\u8dc3\u7684\u5f00\u53d1\u4eba\u5458\u548c\u7528\u6237\u793e\u533a \u66f4\u65b0\u7684\u53ca\u65f6\u6027\u548c\u53ef\u7528\u6027 \u53d1\u75c5\u7387\u54cd\u5e94 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u6210\u719f\u5ea6\u7684\u6700\u5927\u6307\u6807\u4e4b\u4e00\u662f\u56f4\u7ed5\u5b83\u7684\u793e\u533a\u7684\u89c4\u6a21\u548c\u6d3b\u529b\u3002\u7531\u4e8e\u8fd9\u6d89\u53ca\u5b89\u5168\u6027\uff0c\u56e0\u6b64\u5982\u679c\u60a8\u9700\u8981\u989d\u5916\u7684\u4e91\u64cd\u4f5c\u5458\uff0c\u793e\u533a\u7684\u8d28\u91cf\u4f1a\u5f71\u54cd\u4e13\u4e1a\u77e5\u8bc6\u7684\u53ef\u7528\u6027\u3002\u8fd9\u4e5f\u8868\u660e\u4e86\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u7684\u5e7f\u6cdb\u90e8\u7f72\uff0c\u8fdb\u800c\u5bfc\u81f4\u4efb\u4f55\u53c2\u8003\u67b6\u6784\u548c\u6700\u4f73\u5b9e\u8df5\u7684\u6218\u5907\u72b6\u6001\u3002 \u6b64\u5916\uff0c\u793e\u533a\u7684\u8d28\u91cf\uff0c\u56e0\u4e3a\u5b83\u56f4\u7ed5\u7740KVM\u6216Xen\u7b49\u5f00\u6e90\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\uff0c\u5bf9\u9519\u8bef\u4fee\u590d\u548c\u5b89\u5168\u66f4\u65b0\u7684\u53ca\u65f6\u6027\u6709\u76f4\u63a5\u5f71\u54cd\u3002\u5728\u8c03\u67e5\u5546\u4e1a\u548c\u5f00\u6e90\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u65f6\uff0c\u60a8\u5fc5\u987b\u67e5\u770b\u5b83\u4eec\u7684\u53d1\u5e03\u548c\u652f\u6301\u5468\u671f\uff0c\u4ee5\u53ca\u53d1\u5e03\u9519\u8bef\u6216\u5b89\u5168\u95ee\u9898\u4e0e\u8865\u4e01\u6216\u54cd\u5e94\u4e4b\u95f4\u7684\u65f6\u95f4\u5dee\u3002\u6700\u540e\uff0cOpenStack \u8ba1\u7b97\u652f\u6301\u7684\u529f\u80fd\u56e0\u6240\u9009\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u800c\u5f02\u3002\u8bf7\u53c2\u9605 OpenStack Hypervisor Support Matrix\uff0c\u4e86\u89e3 Hypervisor \u5bf9 OpenStack \u8ba1\u7b97\u529f\u80fd\u7684\u652f\u6301\u3002 \u8ba4\u8bc1\u548c\u8bc1\u660e \u00b6 \u9009\u62e9\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u65f6\uff0c\u53e6\u4e00\u4e2a\u8003\u8651\u56e0\u7d20\u662f\u5404\u79cd\u6b63\u5f0f\u8ba4\u8bc1\u548c\u8bc1\u660e\u7684\u53ef\u7528\u6027\u3002\u867d\u7136\u5b83\u4eec\u53ef\u80fd\u4e0d\u662f\u7279\u5b9a\u7ec4\u7ec7\u7684\u8981\u6c42\uff0c\u4f46\u8fd9\u4e9b\u8ba4\u8bc1\u548c\u8bc1\u660e\u8bf4\u660e\u4e86\u7279\u5b9a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5e73\u53f0\u6240\u7ecf\u8fc7\u7684\u6d4b\u8bd5\u7684\u6210\u719f\u5ea6\u3001\u751f\u4ea7\u51c6\u5907\u60c5\u51b5\u548c\u5f7b\u5e95\u6027\u3002 \u901a\u7528\u6807\u51c6 \u00b6 \u901a\u7528\u6807\u51c6\u662f\u4e00\u4e2a\u56fd\u9645\u6807\u51c6\u5316\u7684\u8f6f\u4ef6\u8bc4\u4f30\u8fc7\u7a0b\uff0c\u653f\u5e9c\u548c\u5546\u4e1a\u516c\u53f8\u4f7f\u7528\u5b83\u6765\u9a8c\u8bc1\u8f6f\u4ef6\u6280\u672f\u662f\u5426\u5982\u5ba3\u4f20\u7684\u90a3\u6837\u3002\u5728\u653f\u5e9c\u90e8\u95e8\uff0cNSTISSP \u7b2c 11 \u53f7\u89c4\u5b9a\u7f8e\u56fd\u653f\u5e9c\u673a\u6784\u53ea\u80fd\u91c7\u8d2d\u5df2\u901a\u8fc7\u901a\u7528\u6807\u51c6\u8ba4\u8bc1\u7684\u8f6f\u4ef6\uff0c\u8be5\u653f\u7b56\u81ea 2002 \u5e74 7 \u6708\u8d77\u5b9e\u65bd\u3002 \u6ce8\u610f OpenStack\u5c1a\u672a\u901a\u8fc7\u901a\u7528\u6807\u51c6\u8ba4\u8bc1\uff0c\u4f46\u8bb8\u591a\u53ef\u7528\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u90fd\u7ecf\u8fc7\u4e86\u8ba4\u8bc1\u3002 \u9664\u4e86\u9a8c\u8bc1\u6280\u672f\u80fd\u529b\u5916\uff0c\u901a\u7528\u6807\u51c6\u6d41\u7a0b\u8fd8\u8bc4\u4f30\u6280\u672f\u7684\u5f00\u53d1\u65b9\u5f0f\u3002 \u5982\u4f55\u8fdb\u884c\u6e90\u4ee3\u7801\u7ba1\u7406\uff1f \u5982\u4f55\u6388\u4e88\u7528\u6237\u5bf9\u6784\u5efa\u7cfb\u7edf\u7684\u8bbf\u95ee\u6743\u9650\uff1f \u8be5\u6280\u672f\u5728\u5206\u53d1\u524d\u662f\u5426\u7ecf\u8fc7\u52a0\u5bc6\u7b7e\u540d\uff1f KVM \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5df2\u901a\u8fc7\u7f8e\u56fd\u653f\u5e9c\u548c\u5546\u4e1a\u53d1\u884c\u7248\u7684\u901a\u7528\u6807\u51c6\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u5df2\u7ecf\u8fc7\u9a8c\u8bc1\uff0c\u53ef\u4ee5\u5c06\u865a\u62df\u673a\u7684\u8fd0\u884c\u65f6\u73af\u5883\u5f7c\u6b64\u5206\u79bb\uff0c\u4ece\u800c\u63d0\u4f9b\u57fa\u7840\u6280\u672f\u6765\u5b9e\u65bd\u5b9e\u4f8b\u9694\u79bb\u3002\u9664\u4e86\u865a\u62df\u673a\u9694\u79bb\u4e4b\u5916\uff0cKVM \u8fd8\u901a\u8fc7\u4e86\u901a\u7528\u6807\u51c6\u8ba4\u8bc1\uff1a \"...provide system-inherent separation mechanisms to the resources of virtual machines. This separation ensures that large software component used for virtualizing and simulating devices executing for each virtual machine cannot interfere with each other. Using the SELinux multi-category mechanism, the virtualization and simulation software instances are isolated. The virtual machine management framework configures SELinux multi-category settings transparently to the administrator.\" \u867d\u7136\u8bb8\u591a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4f9b\u5e94\u5546\uff08\u5982 Red Hat\u3001Microsoft \u548c VMware\uff09\u5df2\u83b7\u5f97\u901a\u7528\u6807\u51c6\u8ba4\u8bc1\uff0c\u4f46\u5176\u57fa\u7840\u8ba4\u8bc1\u529f\u80fd\u96c6\u6709\u6240\u4e0d\u540c\uff0c\u4f46\u6211\u4eec\u5efa\u8bae\u8bc4\u4f30\u4f9b\u5e94\u5546\u58f0\u660e\uff0c\u4ee5\u786e\u4fdd\u5b83\u4eec\u81f3\u5c11\u6ee1\u8db3\u4ee5\u4e0b\u8981\u6c42\uff1a \u5ba1\u8ba1 \u8be5\u7cfb\u7edf\u63d0\u4f9b\u4e86\u5ba1\u6838\u5927\u91cf\u4e8b\u4ef6\u7684\u529f\u80fd\uff0c\u5305\u62ec\u5355\u4e2a\u7cfb\u7edf\u8c03\u7528\u548c\u53d7\u4fe1\u4efb\u8fdb\u7a0b\u751f\u6210\u7684\u4e8b\u4ef6\u3002\u5ba1\u8ba1\u6570\u636e\u4ee5 ASCII \u683c\u5f0f\u6536\u96c6\u5728\u5e38\u89c4\u6587\u4ef6\u4e2d\u3002\u7cfb\u7edf\u63d0\u4f9b\u4e86\u4e00\u4e2a\u7528\u4e8e\u641c\u7d22\u5ba1\u8ba1\u8bb0\u5f55\u7684\u7a0b\u5e8f\u3002\u7cfb\u7edf\u7ba1\u7406\u5458\u53ef\u4ee5\u5b9a\u4e49\u4e00\u4e2a\u89c4\u5219\u5e93\uff0c\u4ee5\u5c06\u5ba1\u6838\u9650\u5236\u4e3a\u4ed6\u4eec\u611f\u5174\u8da3\u7684\u4e8b\u4ef6\u3002\u8fd9\u5305\u62ec\u5c06\u5ba1\u6838\u9650\u5236\u4e3a\u7279\u5b9a\u4e8b\u4ef6\u3001\u7279\u5b9a\u7528\u6237\u3001\u7279\u5b9a\u5bf9\u8c61\u6216\u6240\u6709\u8fd9\u4e9b\u7684\u7ec4\u5408\u7684\u80fd\u529b\u3002\u5ba1\u8ba1\u8bb0\u5f55\u53ef\u4ee5\u4f20\u8f93\u5230\u8fdc\u7a0b\u5ba1\u8ba1\u5b88\u62a4\u7a0b\u5e8f\u3002 \u81ea\u4e3b\u8bbf\u95ee\u63a7\u5236 \u81ea\u4e3b\u8bbf\u95ee\u63a7\u5236 \uff08DAC\uff09 \u9650\u5236\u5bf9\u57fa\u4e8e ACL \u7684\u6587\u4ef6\u7cfb\u7edf\u5bf9\u8c61\u7684\u8bbf\u95ee\uff0c\u8fd9\u4e9b\u5bf9\u8c61\u5305\u62ec\u7528\u6237\u3001\u7ec4\u548c\u5176\u4ed6\u4eba\u5458\u7684\u6807\u51c6 UNIX \u6743\u9650\u3002\u8bbf\u95ee\u63a7\u5236\u673a\u5236\u8fd8\u53ef\u4ee5\u4fdd\u62a4 IPC \u5bf9\u8c61\u514d\u53d7\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002\u8be5\u7cfb\u7edf\u5305\u62ec ext4 \u6587\u4ef6\u7cfb\u7edf\uff0c\u5b83\u652f\u6301 POSIX ACL\u3002\u8fd9\u5141\u8bb8\u5b9a\u4e49\u5bf9\u6b64\u7c7b\u6587\u4ef6\u7cfb\u7edf\u4e2d\u6587\u4ef6\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u7cbe\u786e\u5230\u5355\u4e2a\u7528\u6237\u7684\u7c92\u5ea6\u3002 \u5f3a\u5236\u8bbf\u95ee\u63a7\u5236 \u5f3a\u5236\u8bbf\u95ee\u63a7\u5236 \uff08MAC\uff09 \u6839\u636e\u5206\u914d\u7ed9\u4e3b\u4f53\u548c\u5bf9\u8c61\u7684\u6807\u7b7e\u6765\u9650\u5236\u5bf9\u5bf9\u8c61\u7684\u8bbf\u95ee\u3002\u654f\u611f\u5ea6\u6807\u7b7e\u4f1a\u81ea\u52a8\u9644\u52a0\u5230\u8fdb\u7a0b\u548c\u5bf9\u8c61\u3002\u4f7f\u7528\u8fd9\u4e9b\u6807\u7b7e\u5f3a\u5236\u5b9e\u65bd\u7684\u8bbf\u95ee\u63a7\u5236\u7b56\u7565\u6d3e\u751f\u81ea Bell-LaPadula \u6a21\u578b\u3002SELinux \u7c7b\u522b\u9644\u52a0\u5230\u865a\u62df\u673a\u53ca\u5176\u8d44\u6e90\u3002\u5982\u679c\u865a\u62df\u673a\u7684\u7c7b\u522b\u4e0e\u6240\u8bbf\u95ee\u8d44\u6e90\u7684\u7c7b\u522b\u76f8\u540c\uff0c\u5219\u4f7f\u7528\u8fd9\u4e9b\u7c7b\u522b\u5f3a\u5236\u5b9e\u65bd\u7684\u8bbf\u95ee\u63a7\u5236\u7b56\u7565\u5c06\u6388\u4e88\u865a\u62df\u673a\u5bf9\u8d44\u6e90\u7684\u8bbf\u95ee\u6743\u9650\u3002TOE \u5b9e\u73b0\u975e\u5206\u5c42\u7c7b\u522b\u6765\u63a7\u5236\u5bf9\u865a\u62df\u673a\u7684\u8bbf\u95ee\u3002 \u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236 \u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236 \uff08RBAC\uff09 \u5141\u8bb8\u89d2\u8272\u5206\u79bb\uff0c\u65e0\u9700\u5168\u80fd\u7684\u7cfb\u7edf\u7ba1\u7406\u5458\u3002 \u5bf9\u8c61\u91cd\u7528 \u6587\u4ef6\u7cfb\u7edf\u5bf9\u8c61\u3001\u5185\u5b58\u548c IPC \u5bf9\u8c61\u5728\u88ab\u5c5e\u4e8e\u5176\u4ed6\u7528\u6237\u7684\u8fdb\u7a0b\u91cd\u7528\u4e4b\u524d\u4f1a\u88ab\u6e05\u9664\u3002 \u5b89\u5168\u7ba1\u7406 \u7cfb\u7edf\u5b89\u5168\u5173\u952e\u53c2\u6570\u7684\u7ba1\u7406\u7531\u7ba1\u7406\u7528\u6237\u6267\u884c\u3002\u4e00\u7ec4\u9700\u8981 root \u6743\u9650\uff08\u6216\u4f7f\u7528 RBAC \u65f6\u9700\u8981\u7279\u5b9a\u89d2\u8272\uff09\u7684\u547d\u4ee4\u7528\u4e8e\u7cfb\u7edf\u7ba1\u7406\u3002\u5b89\u5168\u53c2\u6570\u5b58\u50a8\u5728\u7279\u5b9a\u6587\u4ef6\u4e2d\uff0c\u8fd9\u4e9b\u6587\u4ef6\u53d7\u7cfb\u7edf\u7684\u8bbf\u95ee\u63a7\u5236\u673a\u5236\u4fdd\u62a4\uff0c\u9632\u6b62\u975e\u7ba1\u7406\u7528\u6237\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002 \u5b89\u5168\u901a\u4fe1 \u7cfb\u7edf\u652f\u6301\u4f7f\u7528 SSH \u5b9a\u4e49\u53ef\u4fe1\u901a\u9053\u3002\u652f\u6301\u57fa\u4e8e\u5bc6\u7801\u7684\u8eab\u4efd\u9a8c\u8bc1\u3002\u5728\u8bc4\u4f30\u7684\u914d\u7f6e\u4e2d\uff0c\u8fd9\u4e9b\u534f\u8bae\u4ec5\u652f\u6301\u6709\u9650\u6570\u91cf\u7684\u5bc6\u7801\u5957\u4ef6\u3002 \u5b58\u50a8\u52a0\u5bc6 \u7cfb\u7edf\u652f\u6301\u52a0\u5bc6\u5757\u8bbe\u5907\uff0c\u901a\u8fc7 dm_crypt \u63d0\u4f9b\u5b58\u50a8\u673a\u5bc6\u6027\u3002 TSF \u4fdd\u62a4 \u5728\u8fd0\u884c\u65f6\uff0c\u5185\u6838\u8f6f\u4ef6\u548c\u6570\u636e\u53d7\u5230\u786c\u4ef6\u5185\u5b58\u4fdd\u62a4\u673a\u5236\u7684\u4fdd\u62a4\u3002\u5185\u6838\u7684\u5185\u5b58\u548c\u8fdb\u7a0b\u7ba1\u7406\u7ec4\u4ef6\u786e\u4fdd\u7528\u6237\u8fdb\u7a0b\u65e0\u6cd5\u8bbf\u95ee\u5185\u6838\u5b58\u50a8\u6216\u5c5e\u4e8e\u5176\u4ed6\u8fdb\u7a0b\u7684\u5b58\u50a8\u3002\u975e\u5185\u6838 TSF \u8f6f\u4ef6\u548c\u6570\u636e\u53d7 DAC \u548c\u8fdb\u7a0b\u9694\u79bb\u673a\u5236\u4fdd\u62a4\u3002\u5728\u8bc4\u4f30\u7684\u914d\u7f6e\u4e2d\uff0c\u4fdd\u7559\u7528\u6237 ID root \u62e5\u6709\u5b9a\u4e49 TSF \u914d\u7f6e\u7684\u76ee\u5f55\u548c\u6587\u4ef6\u3002\u901a\u5e38\uff0c\u5305\u542b\u5185\u90e8 TSF \u6570\u636e\u7684\u6587\u4ef6\u548c\u76ee\u5f55\uff08\u5982\u914d\u7f6e\u6587\u4ef6\u548c\u6279\u5904\u7406\u4f5c\u4e1a\u961f\u5217\uff09\u4e5f\u53d7\u5230 DAC \u6743\u9650\u7684\u4fdd\u62a4\uff0c\u4e0d\u4f1a\u88ab\u8bfb\u53d6\u3002\u7cfb\u7edf\u4ee5\u53ca\u786c\u4ef6\u548c\u56fa\u4ef6\u7ec4\u4ef6\u9700\u8981\u53d7\u5230\u7269\u7406\u4fdd\u62a4\uff0c\u4ee5\u9632\u6b62\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002\u7cfb\u7edf\u5185\u6838\u8c03\u89e3\u5bf9\u786c\u4ef6\u673a\u5236\u672c\u8eab\u7684\u6240\u6709\u8bbf\u95ee\uff0c\u4f46\u7a0b\u5e8f\u53ef\u89c1\u7684 CPU \u6307\u4ee4\u51fd\u6570\u9664\u5916\u3002\u6b64\u5916\uff0c\u8fd8\u63d0\u4f9b\u4e86\u9632\u6b62\u5806\u6808\u6ea2\u51fa\u653b\u51fb\u7684\u673a\u5236\u3002 \u5bc6\u7801\u5b66\u6807\u51c6 \u00b6 OpenStack \u4e2d\u63d0\u4f9b\u4e86\u591a\u79cd\u52a0\u5bc6\u7b97\u6cd5\uff0c\u7528\u4e8e\u8bc6\u522b\u548c\u6388\u6743\u3001\u6570\u636e\u4f20\u8f93\u548c\u9759\u6001\u6570\u636e\u4fdd\u62a4\u3002\u9009\u62e9\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u65f6\uff0c\u6211\u4eec\u5efa\u8bae\u91c7\u7528\u4ee5\u4e0b\u7b97\u6cd5\u548c\u5b9e\u73b0\u6807\u51c6\uff1a \u7b97\u6cd5 \u5bc6\u94a5\u957f\u5ea6 \u9884\u671f\u76ee\u7684 \u5b89\u5168\u529f\u80fd \u6267\u884c\u6807\u51c6 AES 128\u3001192 \u6216 256 \u4f4d \u52a0\u5bc6/\u89e3\u5bc6 \u53d7\u4fdd\u62a4\u7684\u6570\u636e\u4f20\u8f93\uff0c\u4fdd\u62a4\u9759\u6001\u6570\u636e RFC 4253 TDES 168 \u4f4d \u52a0\u5bc6/\u89e3\u5bc6 \u53d7\u4fdd\u62a4\u7684\u6570\u636e\u4f20\u8f93 RFC 4253 RSA 1024\u30012048 \u6216 3072 \u4f4d \u8eab\u4efd\u9a8c\u8bc1\u3001\u5bc6\u94a5\u4ea4\u6362 \u8bc6\u522b\u548c\u8eab\u4efd\u9a8c\u8bc1\uff0c\u53d7\u4fdd\u62a4\u7684\u6570\u636e\u4f20\u8f93 U.S. NIST FIPS PUB 186-3 DSA L=1024\uff0cN=160\u4f4d \u8eab\u4efd\u9a8c\u8bc1\u3001\u5bc6\u94a5\u4ea4\u6362 \u8bc6\u522b\u548c\u8eab\u4efd\u9a8c\u8bc1\uff0c\u53d7\u4fdd\u62a4\u7684\u6570\u636e\u4f20\u8f93 U.S. NIST FIPS PUB 186-3 Serpent 128\u3001192 \u6216 256 \u4f4d \u52a0\u5bc6/\u89e3\u5bc6 \u9759\u6001\u6570\u636e\u4fdd\u62a4 http://www.cl.cam.ac.uk/~rja14/Papers/serpent.pdf Twofish 128\u3001192 \u6216 256 \u4f4d \u52a0\u5bc6/\u89e3\u5bc6 \u9759\u6001\u6570\u636e\u4fdd\u62a4 https://www.schneier.com/paper-twofish-paper.html SHA-1 \u6d88\u606f\u6458\u8981 \u4fdd\u62a4\u9759\u6001\u6570\u636e\uff0c\u53d7\u4fdd\u62a4\u7684\u6570\u636e\u4f20\u8f93 U.S. NIST FIPS PUB 180-3 SHA-2\uff08224\u3001256\u3001384 \u6216 512 \u4f4d\uff09 \u6d88\u606f\u6458\u8981 Protection for data at rest, identification and authentication \u4fdd\u62a4\u9759\u6001\u6570\u636e\u3001\u8bc6\u522b\u548c\u8eab\u4efd\u9a8c\u8bc1 U.S. NIST FIPS PUB 180-3 FIPS 140-2 \u00b6 \u5728\u7f8e\u56fd\uff0c\u7f8e\u56fd\u56fd\u5bb6\u79d1\u5b66\u6280\u672f\u7814\u7a76\u9662 \uff08NIST\uff09 \u901a\u8fc7\u79f0\u4e3a\u52a0\u5bc6\u6a21\u5757\u9a8c\u8bc1\u8ba1\u5212\u7684\u8fc7\u7a0b\u5bf9\u52a0\u5bc6\u7b97\u6cd5\u8fdb\u884c\u8ba4\u8bc1\u3002NIST \u8ba4\u8bc1\u7b97\u6cd5\u7b26\u5408\u8054\u90a6\u4fe1\u606f\u5904\u7406\u6807\u51c6 140-2 \uff08FIPS 140-2\uff09\uff0c\u786e\u4fdd\uff1a \"... Products validated as conforming to FIPS 140-2 are accepted by the Federal agencies of both countries [United States and Canada] for the protection of sensitive information (United States) or Designated Information (Canada). The goal of the CMVP is to promote the use of validated cryptographic modules and provide Federal agencies with a security metric to use in procuring equipment containing validated cryptographic modules.\" \u5728\u8bc4\u4f30\u57fa\u672c\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u6280\u672f\u65f6\uff0c\u8bf7\u8003\u8651\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u662f\u5426\u5df2\u901a\u8fc7 FIPS 140-2 \u8ba4\u8bc1\u3002\u6839\u636e\u7f8e\u56fd\u653f\u5e9c\u653f\u7b56\uff0c\u4e0d\u4ec5\u5f3a\u5236\u8981\u6c42\u7b26\u5408 FIPS 140-2\uff0c\u800c\u4e14\u6b63\u5f0f\u8ba4\u8bc1\u8868\u660e\u5df2\u5bf9\u52a0\u5bc6\u7b97\u6cd5\u7684\u7ed9\u5b9a\u5b9e\u73b0\u8fdb\u884c\u4e86\u5ba1\u67e5\uff0c\u4ee5\u786e\u4fdd\u7b26\u5408\u6a21\u5757\u89c4\u8303\u3001\u52a0\u5bc6\u6a21\u5757\u7aef\u53e3\u548c\u63a5\u53e3;\u89d2\u8272\u3001\u670d\u52a1\u548c\u8eab\u4efd\u9a8c\u8bc1;\u6709\u9650\u72b6\u6001\u6a21\u578b;\u4eba\u8eab\u5b89\u5168;\u64cd\u4f5c\u73af\u5883;\u52a0\u5bc6\u5bc6\u94a5\u7ba1\u7406;\u7535\u78c1\u5e72\u6270/\u7535\u78c1\u517c\u5bb9\u6027\uff08EMI/EMC\uff09;\u81ea\u68c0;\u8bbe\u8ba1\u4fdd\u8bc1;\u4ee5\u53ca\u7f13\u89e3\u5176\u4ed6\u653b\u51fb\u3002 \u786c\u4ef6\u95ee\u9898 \u00b6 \u5728\u8bc4\u4f30\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5e73\u53f0\u65f6\uff0c\u8bf7\u8003\u8651\u8fd0\u884c\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u7684\u786c\u4ef6\u7684\u53ef\u652f\u6301\u6027\u3002\u6b64\u5916\uff0c\u8bf7\u8003\u8651\u786c\u4ef6\u4e2d\u53ef\u7528\u7684\u5176\u4ed6\u529f\u80fd\uff0c\u4ee5\u53ca\u60a8\u5728 OpenStack \u90e8\u7f72\u4e2d\u9009\u62e9\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5982\u4f55\u652f\u6301\u8fd9\u4e9b\u529f\u80fd\u3002\u4e3a\u6b64\uff0c\u6bcf\u4e2a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u90fd\u6709\u81ea\u5df1\u7684\u786c\u4ef6\u517c\u5bb9\u6027\u5217\u8868 \uff08HCL\uff09\u3002\u5728\u9009\u62e9\u517c\u5bb9\u7684\u786c\u4ef6\u65f6\uff0c\u4ece\u5b89\u5168\u89d2\u5ea6\u6765\u770b\uff0c\u63d0\u524d\u4e86\u89e3\u54ea\u4e9b\u57fa\u4e8e\u786c\u4ef6\u7684\u865a\u62df\u5316\u6280\u672f\u662f\u91cd\u8981\u7684\uff0c\u8fd9\u4e00\u70b9\u5f88\u91cd\u8981\u3002 \u63cf\u8ff0 \u79d1\u6280 \u89e3\u91ca I/O MMU VT-d / AMD-Vi \u4fdd\u62a4 PCI \u76f4\u901a\u6240\u5fc5\u9700\u7684 \u82f1\u7279\u5c14\u53ef\u4fe1\u6267\u884c\u6280\u672f Intel TXT / SEM \u52a8\u6001\u8bc1\u660e\u670d\u52a1\u662f\u5fc5\u9700\u7684 PCI-SIG I/O \u865a\u62df\u5316 SR-IOV, MR-IOV, ATS \u9700\u8981\u5141\u8bb8\u5b89\u5168\u5171\u4eab PCI Express \u8bbe\u5907 \u7f51\u7edc\u865a\u62df\u5316 VT-c \u63d0\u9ad8\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e0a\u7684\u7f51\u7edc I/O \u6027\u80fd \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e0e\u88f8\u673a \u00b6 \u91cd\u8981\u7684\u662f\u8981\u8ba4\u8bc6\u5230\u4f7f\u7528 Linux \u5bb9\u5668 \uff08LXC\uff09 \u6216\u88f8\u673a\u7cfb\u7edf\u4e0e\u4f7f\u7528 KVM \u7b49\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e4b\u95f4\u7684\u533a\u522b\u3002\u5177\u4f53\u6765\u8bf4\uff0c\u672c\u5b89\u5168\u6307\u5357\u7684\u91cd\u70b9\u4e3b\u8981\u57fa\u4e8e\u62e5\u6709\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u548c\u865a\u62df\u5316\u5e73\u53f0\u3002\u4f46\u662f\uff0c\u5982\u679c\u60a8\u7684\u5b9e\u73b0\u9700\u8981\u4f7f\u7528\u88f8\u673a\u6216 LXC \u73af\u5883\uff0c\u5219\u5fc5\u987b\u6ce8\u610f\u8be5\u73af\u5883\u90e8\u7f72\u65b9\u9762\u7684\u7279\u6b8a\u5dee\u5f02\u3002 \u5728\u91cd\u65b0\u9884\u914d\u4e4b\u524d\uff0c\u8bf7\u786e\u4fdd\u6700\u7ec8\u7528\u6237\u5df2\u6b63\u786e\u6e05\u7406\u8282\u70b9\u7684\u6570\u636e\u3002\u6b64\u5916\uff0c\u5728\u91cd\u7528\u8282\u70b9\u4e4b\u524d\uff0c\u5fc5\u987b\u4fdd\u8bc1\u786c\u4ef6\u672a\u88ab\u7be1\u6539\u6216\u4ee5\u5176\u4ed6\u65b9\u5f0f\u53d7\u5230\u635f\u5bb3\u3002 \u6ce8\u610f \u867d\u7136OpenStack\u6709\u4e00\u4e2a\u88f8\u673a\u9879\u76ee\uff0c\u4f46\u5bf9\u8fd0\u884c\u88f8\u673a\u7684\u7279\u6b8a\u5b89\u5168\u5f71\u54cd\u7684\u8ba8\u8bba\u8d85\u51fa\u4e86\u672c\u4e66\u7684\u8303\u56f4\u3002 \u7531\u4e8e\u4e66\u672c\u51b2\u523a\u7684\u65f6\u95f4\u9650\u5236\uff0c\u8be5\u56e2\u961f\u9009\u62e9\u5728\u6211\u4eec\u7684\u793a\u4f8b\u5b9e\u73b0\u548c\u67b6\u6784\u4e2d\u4f7f\u7528 KVM \u4f5c\u4e3a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002 \u6ce8\u610f \u6709\u4e00\u4e2a\u5173\u4e8e\u5728\u8ba1\u7b97\u4e2d\u4f7f\u7528 LXC \u7684 OpenStack \u5b89\u5168\u8bf4\u660e\u3002 Hypervisor \u5185\u5b58\u4f18\u5316 \u00b6 \u8bb8\u591a\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u4f7f\u7528\u5185\u5b58\u4f18\u5316\u6280\u672f\u5c06\u5185\u5b58\u8fc7\u91cf\u4f7f\u7528\u5230\u6765\u5bbe\u865a\u62df\u673a\u3002\u8fd9\u662f\u4e00\u9879\u6709\u7528\u7684\u529f\u80fd\uff0c\u53ef\u7528\u4e8e\u90e8\u7f72\u975e\u5e38\u5bc6\u96c6\u7684\u8ba1\u7b97\u7fa4\u96c6\u3002\u5b9e\u73b0\u6b64\u76ee\u7684\u7684\u4e00\u79cd\u65b9\u6cd5\u662f\u901a\u8fc7\u91cd\u590d\u6570\u636e\u6d88\u9664\u6216\u5171\u4eab\u5185\u5b58\u9875\u3002\u5f53\u4e24\u4e2a\u865a\u62df\u673a\u5728\u5185\u5b58\u4e2d\u5177\u6709\u76f8\u540c\u7684\u6570\u636e\u65f6\uff0c\u8ba9\u5b83\u4eec\u5f15\u7528\u76f8\u540c\u7684\u5185\u5b58\u662f\u6709\u597d\u5904\u7684\u3002 \u901a\u5e38\uff0c\u8fd9\u662f\u901a\u8fc7\u5199\u5165\u65f6\u590d\u5236 \uff08COW\uff09 \u673a\u5236\u5b9e\u73b0\u7684\u3002\u8fd9\u4e9b\u673a\u5236\u5df2\u88ab\u8bc1\u660e\u5bb9\u6613\u53d7\u5230\u4fa7\u4fe1\u9053\u653b\u51fb\uff0c\u5176\u4e2d\u4e00\u4e2a VM \u53ef\u4ee5\u63a8\u65ad\u51fa\u53e6\u4e00\u4e2a VM \u7684\u72b6\u6001\uff0c\u5e76\u4e14\u53ef\u80fd\u4e0d\u9002\u7528\u4e8e\u5e76\u975e\u6240\u6709\u79df\u6237\u90fd\u53d7\u4fe1\u4efb\u6216\u5171\u4eab\u76f8\u540c\u4fe1\u4efb\u7ea7\u522b\u7684\u591a\u79df\u6237\u73af\u5883\u3002 KVM \u5185\u6838\u540c\u9875\u5408\u5e76 \u00b6 \u5728\u7248\u672c 2.6.32 \u4e2d\u5f15\u5165\u5230 Linux \u5185\u6838\u4e2d\uff0c\u5185\u6838\u76f8\u540c\u9875\u5408\u5e76 \uff08KSM\uff09 \u5728 Linux \u8fdb\u7a0b\u4e4b\u95f4\u6574\u5408\u4e86\u76f8\u540c\u7684\u5185\u5b58\u9875\u3002\u7531\u4e8e KVM \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e0b\u7684\u6bcf\u4e2a\u5ba2\u6237\u673a\u865a\u62df\u673a\u90fd\u5728\u81ea\u5df1\u7684\u8fdb\u7a0b\u4e2d\u8fd0\u884c\uff0c\u56e0\u6b64 KSM \u53ef\u7528\u4e8e\u4f18\u5316\u865a\u62df\u673a\u4e4b\u95f4\u7684\u5185\u5b58\u4f7f\u7528\u3002 XEN \u900f\u660e\u9875\u9762\u5171\u4eab \u00b6 XenServer 5.6 \u5305\u542b\u4e00\u4e2a\u540d\u4e3a\u900f\u660e\u9875\u9762\u5171\u4eab \uff08TPS\uff09 \u7684\u5185\u5b58\u8fc7\u91cf\u4f7f\u7528\u529f\u80fd\u3002TPS \u626b\u63cf 4 KB \u533a\u5757\u4e2d\u7684\u5185\u5b58\u4ee5\u67e5\u627e\u4efb\u4f55\u91cd\u590d\u9879\u3002\u627e\u5230\u540e\uff0cXen \u865a\u62df\u673a\u76d1\u89c6\u5668 \uff08VMM\uff09 \u5c06\u4e22\u5f03\u5176\u4e2d\u4e00\u4e2a\u91cd\u590d\u9879\uff0c\u5e76\u8bb0\u5f55\u7b2c\u4e8c\u4e2a\u526f\u672c\u7684\u5f15\u7528\u3002 \u5185\u5b58\u4f18\u5316\u7684\u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u00b6 \u4f20\u7edf\u4e0a\uff0c\u5185\u5b58\u91cd\u590d\u6570\u636e\u6d88\u9664\u7cfb\u7edf\u5bb9\u6613\u53d7\u5230\u4fa7\u4fe1\u9053\u653b\u51fb\u3002KSM \u548c TPS \u90fd\u5df2\u88ab\u8bc1\u660e\u5bb9\u6613\u53d7\u5230\u67d0\u79cd\u5f62\u5f0f\u7684\u653b\u51fb\u3002\u5728\u5b66\u672f\u7814\u7a76\u4e2d\uff0c\u653b\u51fb\u8005\u80fd\u591f\u901a\u8fc7\u5206\u6790\u653b\u51fb\u8005\u865a\u62df\u673a\u4e0a\u7684\u5185\u5b58\u8bbf\u95ee\u65f6\u95f4\u6765\u8bc6\u522b\u76f8\u90bb\u865a\u62df\u673a\u4e0a\u8fd0\u884c\u7684\u8f6f\u4ef6\u5305\u548c\u7248\u672c\uff0c\u4ee5\u53ca\u8f6f\u4ef6\u4e0b\u8f7d\u548c\u5176\u4ed6\u654f\u611f\u4fe1\u606f\u3002 \u5982\u679c\u4e91\u90e8\u7f72\u9700\u8981\u5f3a\u79df\u6237\u5206\u79bb\uff08\u5982\u516c\u6709\u4e91\u548c\u67d0\u4e9b\u79c1\u6709\u4e91\u7684\u60c5\u51b5\uff09\uff0c\u90e8\u7f72\u4eba\u5458\u5e94\u8003\u8651\u7981\u7528 TPS \u548c KSM \u5185\u5b58\u4f18\u5316\u3002 \u5176\u4ed6\u5b89\u5168\u529f\u80fd \u00b6 \u9009\u62e9\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5e73\u53f0\u65f6\u8981\u8003\u8651\u7684\u53e6\u4e00\u4ef6\u4e8b\u662f\u7279\u5b9a\u5b89\u5168\u529f\u80fd\u7684\u53ef\u7528\u6027\u3002\u7279\u522b\u662f\u529f\u80fd\u3002\u4f8b\u5982\uff0cXen Server \u7684 XSM \u6216 Xen \u5b89\u5168\u6a21\u5757\u3001sVirt\u3001Intel TXT \u6216 AppArmor\u3002 \u4e0b\u8868\u6309\u5e38\u89c1\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5e73\u53f0\u5217\u51fa\u4e86\u8fd9\u4e9b\u529f\u80fd\u3002 XSM sVirt TXT AppArmor cgroups MAC \u7b56\u7565 KVM X X X X X Xen X X ESXi X Hyper-V \u6ce8\u610f \u6b64\u8868\u4e2d\u7684\u529f\u80fd\u53ef\u80fd\u4e0d\u9002\u7528\u4e8e\u6240\u6709\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\uff0c\u4e5f\u53ef\u80fd\u65e0\u6cd5\u5728\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e4b\u95f4\u76f4\u63a5\u6620\u5c04\u3002 \u53c2\u8003\u4e66\u76ee \u00b6 Sunar\u3001Eisenbarth\u3001Inci\u3001Gorka Irazoqui Apecechea\u3002\u5bf9 Xen \u548c VMware \u8fdb\u884c\u7ec6\u7c92\u5ea6\u8de8\u865a\u62df\u673a\u653b\u51fb\u662f\u53ef\u80fd\u7684\uff012014\u3002 https://eprint.iacr.org/2014/248.pfd Artho\u3001Yagi\u3001Iijima\u3001Kuniyasu Suzaki\u3002\u5185\u5b58\u91cd\u590d\u6570\u636e\u5220\u9664\u5bf9\u5ba2\u6237\u673a\u64cd\u4f5c\u7cfb\u7edf\u7684\u5a01\u80c1\u30022011 \u5e74\u3002https://staff.aist.go.jp/c.artho/papers/EuroSec2011-suzaki.pdf KVM\uff1a\u57fa\u4e8e\u5185\u6838\u7684\u865a\u62df\u673a\u3002\u5185\u6838\u76f8\u540c\u9875\u5408\u5e76\u30022010\u3002http://www.linux-kvm.org/page/KSM Xen \u9879\u76ee\uff0cXen \u5b89\u5168\u6a21\u5757\uff1aXSM-FLASK\u30022014\u3002 http://wiki.xen.org/wiki/Xen_Security_Modules_:_XSM-FLASK SELinux \u9879\u76ee\uff0cSVirt\u30022011\u3002 http://selinuxproject.org/page/SVirt Intel.com\uff0c\u91c7\u7528\u82f1\u7279\u5c14\u53ef\u4fe1\u6267\u884c\u6280\u672f \uff08Intel TXT\uff09 \u7684\u53ef\u4fe1\u8ba1\u7b97\u6c60\u3002http://www.intel.com/txt AppArmor.net\uff0cAppArmor \u4e3b\u9875\u30022011\u3002 http://wiki.apparmor.net/index.php/Main_Page Kernel.org\uff0cCGroups\u30022004\u3002https://www.kernel.org/doc/Documentation/cgroup-v1/cgroups.txt \u8ba1\u7b97\u673a\u5b89\u5168\u8d44\u6e90\u4e2d\u5fc3\u3002\u5b8c\u6574\u865a\u62df\u5316\u6280\u672f\u5b89\u5168\u6307\u5357\u30022011\u3002 http://csrc.nist.gov/publications/nistpubs/800-125/SP800-125-final.pdf \u56fd\u5bb6\u4fe1\u606f\u4fdd\u969c\u4f19\u4f34\u5173\u7cfb\uff0c\u56fd\u5bb6\u5b89\u5168\u7535\u4fe1\u548c\u4fe1\u606f\u7cfb\u7edf\u5b89\u5168\u653f\u7b56\u30022003\u3002http://www.niap-ccevs.org/cc-scheme/nstissp_11_revised_factsheet.pdf \u52a0\u56fa\u865a\u62df\u5316\u5c42 \u00b6 \u5728\u672c\u7ae0\u7684\u5f00\u5934\uff0c\u6211\u4eec\u5c06\u8ba8\u8bba\u5b9e\u4f8b\u5bf9\u7269\u7406\u548c\u865a\u62df\u786c\u4ef6\u7684\u4f7f\u7528\u3001\u76f8\u5173\u7684\u5b89\u5168\u98ce\u9669\u4ee5\u53ca\u7f13\u89e3\u8fd9\u4e9b\u98ce\u9669\u7684\u4e00\u4e9b\u5efa\u8bae\u3002\u7136\u540e\uff0c\u6211\u4eec\u5c06\u8ba8\u8bba\u5982\u4f55\u4f7f\u7528\u5b89\u5168\u52a0\u5bc6\u865a\u62df\u5316\u6280\u672f\u6765\u52a0\u5bc6\u652f\u6301\u8be5\u6280\u672f\u7684\u57fa\u4e8e AMD \u7684\u673a\u5668\u4e0a\u7684\u865a\u62df\u673a\u7684\u5185\u5b58\u3002\u5728\u672c\u7ae0\u7684\u6700\u540e\uff0c\u6211\u4eec\u5c06\u8ba8\u8bba sVirt\uff0c\u8fd9\u662f\u4e00\u4e2a\u5f00\u6e90\u9879\u76ee\uff0c\u7528\u4e8e\u5c06 SELinux \u5f3a\u5236\u8bbf\u95ee\u63a7\u5236\u4e0e\u865a\u62df\u5316\u7ec4\u4ef6\u96c6\u6210\u3002 \u7269\u7406\u786c\u4ef6\uff08PCI\u76f4\u901a\uff09 \u00b6 \u8bb8\u591a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u90fd\u63d0\u4f9b\u4e00\u79cd\u79f0\u4e3a PCI \u76f4\u901a\u7684\u529f\u80fd\u3002\u8fd9\u5141\u8bb8\u5b9e\u4f8b\u76f4\u63a5\u8bbf\u95ee\u8282\u70b9\u4e0a\u7684\u786c\u4ef6\u3002\u4f8b\u5982\uff0c\u8fd9\u53ef\u7528\u4e8e\u5141\u8bb8\u5b9e\u4f8b\u8bbf\u95ee\u63d0\u4f9b\u8ba1\u7b97\u7edf\u4e00\u8bbe\u5907\u67b6\u6784 \uff08CUDA\uff09 \u4ee5\u5b9e\u73b0\u9ad8\u6027\u80fd\u8ba1\u7b97\u7684\u89c6\u9891\u5361\u6216 GPU\u3002\u6b64\u529f\u80fd\u5b58\u5728\u4e24\u79cd\u7c7b\u578b\u7684\u5b89\u5168\u98ce\u9669\uff1a\u76f4\u63a5\u5185\u5b58\u8bbf\u95ee\u548c\u786c\u4ef6\u611f\u67d3\u3002 \u76f4\u63a5\u5185\u5b58\u8bbf\u95ee \uff08DMA\uff09 \u662f\u4e00\u79cd\u529f\u80fd\uff0c\u5b83\u5141\u8bb8\u67d0\u4e9b\u786c\u4ef6\u8bbe\u5907\u8bbf\u95ee\u4e3b\u673a\u4e2d\u7684\u4efb\u610f\u7269\u7406\u5185\u5b58\u5730\u5740\u3002\u89c6\u9891\u5361\u901a\u5e38\u5177\u6709\u6b64\u529f\u80fd\u3002\u4f46\u662f\uff0c\u4e0d\u5e94\u5411\u5b9e\u4f8b\u6388\u4e88\u4efb\u610f\u7269\u7406\u5185\u5b58\u8bbf\u95ee\u6743\u9650\uff0c\u56e0\u4e3a\u8fd9\u5c06\u4f7f\u5176\u80fd\u591f\u5168\u9762\u4e86\u89e3\u4e3b\u673a\u7cfb\u7edf\u548c\u5728\u540c\u4e00\u8282\u70b9\u4e0a\u8fd0\u884c\u7684\u5176\u4ed6\u5b9e\u4f8b\u3002\u5728\u8fd9\u4e9b\u60c5\u51b5\u4e0b\uff0c\u786c\u4ef6\u4f9b\u5e94\u5546\u4f7f\u7528\u8f93\u5165/\u8f93\u51fa\u5185\u5b58\u7ba1\u7406\u5355\u5143 \uff08IOMMU\uff09 \u6765\u7ba1\u7406 DMA \u8bbf\u95ee\u3002\u6211\u4eec\u5efa\u8bae\u4e91\u67b6\u6784\u5e08\u5e94\u786e\u4fdd\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u914d\u7f6e\u4e3a\u4f7f\u7528\u6b64\u786c\u4ef6\u529f\u80fd\u3002 KVM: KVM\uff1a \u5982\u4f55\u5728 KVM \u4e2d\u4f7f\u7528 VT-d \u5206\u914d\u8bbe\u5907 Xen: Xen\uff1a Xen VTd Howto Xen VTd \u8d34\u58eb\u6307\u5357 \u6ce8\u610f IOMMU \u529f\u80fd\u7531 Intel \u4f5c\u4e3a VT-d \u9500\u552e\uff0c\u7531 AMD \u4ee5 AMD-Vi \u9500\u552e\u3002 \u5f53\u5b9e\u4f8b\u5bf9\u56fa\u4ef6\u6216\u8bbe\u5907\u7684\u67d0\u4e9b\u5176\u4ed6\u90e8\u5206\u8fdb\u884c\u6076\u610f\u4fee\u6539\u65f6\uff0c\u5c31\u4f1a\u53d1\u751f\u786c\u4ef6\u611f\u67d3\u3002\u7531\u4e8e\u6b64\u8bbe\u5907\u7531\u5176\u4ed6\u5b9e\u4f8b\u6216\u4e3b\u673a\u64cd\u4f5c\u7cfb\u7edf\u4f7f\u7528\uff0c\u56e0\u6b64\u6076\u610f\u4ee3\u7801\u53ef\u80fd\u4f1a\u4f20\u64ad\u5230\u8fd9\u4e9b\u7cfb\u7edf\u4e2d\u3002\u6700\u7ec8\u7ed3\u679c\u662f\uff0c\u4e00\u4e2a\u5b9e\u4f8b\u53ef\u4ee5\u5728\u5176\u5b89\u5168\u57df\u4e4b\u5916\u8fd0\u884c\u4ee3\u7801\u3002\u8fd9\u662f\u4e00\u4e2a\u91cd\u5927\u7684\u6f0f\u6d1e\uff0c\u56e0\u4e3a\u91cd\u7f6e\u7269\u7406\u786c\u4ef6\u7684\u72b6\u6001\u6bd4\u91cd\u7f6e\u865a\u62df\u786c\u4ef6\u66f4\u96be\uff0c\u5e76\u4e14\u53ef\u80fd\u5bfc\u81f4\u989d\u5916\u7684\u66b4\u9732\uff0c\u4f8b\u5982\u8bbf\u95ee\u7ba1\u7406\u7f51\u7edc\u3002 \u786c\u4ef6\u611f\u67d3\u95ee\u9898\u7684\u89e3\u51b3\u65b9\u6848\u662f\u7279\u5b9a\u4e8e\u57df\u7684\u3002\u8be5\u7b56\u7565\u662f\u786e\u5b9a\u5b9e\u4f8b\u5982\u4f55\u4fee\u6539\u786c\u4ef6\u72b6\u6001\uff0c\u7136\u540e\u786e\u5b9a\u5728\u4f7f\u7528\u786c\u4ef6\u5b8c\u6210\u5b9e\u4f8b\u65f6\u5982\u4f55\u91cd\u7f6e\u4efb\u4f55\u4fee\u6539\u3002\u4f8b\u5982\uff0c\u4e00\u79cd\u9009\u62e9\u53ef\u80fd\u662f\u5728\u4f7f\u7528\u540e\u91cd\u65b0\u5237\u65b0\u56fa\u4ef6\u3002\u9700\u8981\u5e73\u8861\u786c\u4ef6\u5bff\u547d\u548c\u5b89\u5168\u6027\uff0c\u56e0\u4e3a\u67d0\u4e9b\u56fa\u4ef6\u5728\u5927\u91cf\u5199\u5165\u540e\u4f1a\u51fa\u73b0\u6545\u969c\u3002\u5b89\u5168\u5f15\u5bfc\u4e2d\u6240\u8ff0\u7684 TPM \u6280\u672f\u662f\u4e00\u79cd\u7528\u4e8e\u68c0\u6d4b\u672a\u7ecf\u6388\u6743\u7684\u56fa\u4ef6\u66f4\u6539\u7684\u89e3\u51b3\u65b9\u6848\u3002\u65e0\u8bba\u9009\u62e9\u54ea\u79cd\u7b56\u7565\uff0c\u90fd\u5fc5\u987b\u4e86\u89e3\u4e0e\u6b64\u7c7b\u786c\u4ef6\u5171\u4eab\u76f8\u5173\u7684\u98ce\u9669\uff0c\u4ee5\u4fbf\u9488\u5bf9\u7ed9\u5b9a\u7684\u90e8\u7f72\u65b9\u6848\u9002\u5f53\u7f13\u89e3\u8fd9\u4e9b\u98ce\u9669\u3002 \u7531\u4e8e\u4e0e PCI \u76f4\u901a\u76f8\u5173\u7684\u98ce\u9669\u548c\u590d\u6742\u6027\uff0c\u9ed8\u8ba4\u60c5\u51b5\u4e0b\u5e94\u7981\u7528\u5b83\u3002\u5982\u679c\u4e3a\u7279\u5b9a\u9700\u6c42\u542f\u7528\uff0c\u5219\u9700\u8981\u5236\u5b9a\u9002\u5f53\u7684\u6d41\u7a0b\uff0c\u4ee5\u786e\u4fdd\u786c\u4ef6\u5728\u91cd\u65b0\u53d1\u884c\u4e4b\u524d\u662f\u5e72\u51c0\u7684\u3002 \u865a\u62df\u786c\u4ef6 \uff08QEMU\uff09 \u00b6 \u8fd0\u884c\u865a\u62df\u673a\u65f6\uff0c\u865a\u62df\u786c\u4ef6\u662f\u4e3a\u865a\u62df\u673a\u63d0\u4f9b\u786c\u4ef6\u63a5\u53e3\u7684\u8f6f\u4ef6\u5c42\u3002\u5b9e\u4f8b\u4f7f\u7528\u6b64\u529f\u80fd\u63d0\u4f9b\u53ef\u80fd\u9700\u8981\u7684\u7f51\u7edc\u3001\u5b58\u50a8\u3001\u89c6\u9891\u548c\u5176\u4ed6\u8bbe\u5907\u3002\u8003\u8651\u5230\u8fd9\u4e00\u70b9\uff0c\u73af\u5883\u4e2d\u7684\u5927\u591a\u6570\u5b9e\u4f8b\u5c06\u4e13\u95e8\u4f7f\u7528\u865a\u62df\u786c\u4ef6\uff0c\u5c11\u6570\u5b9e\u4f8b\u9700\u8981\u76f4\u63a5\u786c\u4ef6\u8bbf\u95ee\u3002\u4e3b\u8981\u7684\u5f00\u6e90\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4f7f\u7528 QEMU \u6765\u5b9e\u73b0\u6b64\u529f\u80fd\u3002\u867d\u7136 QEMU \u6ee1\u8db3\u4e86\u5bf9\u865a\u62df\u5316\u5e73\u53f0\u7684\u91cd\u8981\u9700\u6c42\uff0c\u4f46\u5b83\u5df2\u88ab\u8bc1\u660e\u662f\u4e00\u4e2a\u975e\u5e38\u5177\u6709\u6311\u6218\u6027\u7684\u8f6f\u4ef6\u9879\u76ee\u3002QEMU \u4e2d\u7684\u8bb8\u591a\u529f\u80fd\u90fd\u662f\u901a\u8fc7\u5927\u591a\u6570\u5f00\u53d1\u4eba\u5458\u96be\u4ee5\u7406\u89e3\u7684\u4f4e\u7ea7\u4ee3\u7801\u5b9e\u73b0\u7684\u3002QEMU \u865a\u62df\u5316\u7684\u786c\u4ef6\u5305\u62ec\u8bb8\u591a\u4f20\u7edf\u8bbe\u5907\uff0c\u8fd9\u4e9b\u8bbe\u5907\u6709\u81ea\u5df1\u7684\u4e00\u5957\u602a\u7656\u3002\u7efc\u4e0a\u6240\u8ff0\uff0cQEMU \u4e00\u76f4\u662f\u8bb8\u591a\u5b89\u5168\u95ee\u9898\u7684\u6839\u6e90\uff0c\u5305\u62ec\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u7a81\u7834\u653b\u51fb\u3002 \u91c7\u53d6\u79ef\u6781\u4e3b\u52a8\u7684\u63aa\u65bd\u6765\u5f3a\u5316 QEMU \u975e\u5e38\u91cd\u8981\u3002\u6211\u4eec\u5efa\u8bae\u6267\u884c\u4e09\u4e2a\u5177\u4f53\u6b65\u9aa4\uff1a \u6700\u5c0f\u5316\u4ee3\u7801\u5e93\u3002 \u4f7f\u7528\u7f16\u8bd1\u5668\u5f3a\u5316\u3002 \u4f7f\u7528\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236\uff0c\u4f8b\u5982 sVirt\u3001SELinux \u6216 AppArmor\u3002 \u786e\u4fdd\u60a8\u7684 iptables \u5177\u6709\u8fc7\u6ee4\u7f51\u7edc\u6d41\u91cf\u7684\u9ed8\u8ba4\u7b56\u7565\uff0c\u5e76\u8003\u8651\u68c0\u67e5\u73b0\u6709\u89c4\u5219\u96c6\u4ee5\u4e86\u89e3\u6bcf\u4e2a\u89c4\u5219\u5e76\u786e\u5b9a\u662f\u5426\u9700\u8981\u6269\u5c55\u8be5\u7b56\u7565\u3002 \u6700\u5c0f\u5316 QEMU \u4ee3\u7801\u5e93 \u00b6 \u6211\u4eec\u5efa\u8bae\u901a\u8fc7\u4ece\u7cfb\u7edf\u4e2d\u5220\u9664\u672a\u4f7f\u7528\u7684\u7ec4\u4ef6\u6765\u6700\u5c0f\u5316 QEMU \u4ee3\u7801\u5e93\u3002QEMU \u4e3a\u8bb8\u591a\u4e0d\u540c\u7684\u865a\u62df\u786c\u4ef6\u8bbe\u5907\u63d0\u4f9b\u652f\u6301\uff0c\u4f46\u7ed9\u5b9a\u5b9e\u4f8b\u53ea\u9700\u8981\u5c11\u91cf\u8bbe\u5907\u3002\u6700\u5e38\u89c1\u7684\u786c\u4ef6\u8bbe\u5907\u662f virtio \u8bbe\u5907\u3002\u67d0\u4e9b\u65e7\u5b9e\u4f8b\u5c06\u9700\u8981\u8bbf\u95ee\u7279\u5b9a\u786c\u4ef6\uff0c\u8fd9\u4e9b\u786c\u4ef6\u53ef\u4ee5\u4f7f\u7528 glance \u5143\u6570\u636e\u6307\u5b9a\uff1a $ glance image-update \\ --property hw_disk_bus=ide \\ --property hw_cdrom_bus=ide \\ --property hw_vif_model=e1000 \\ f16-x86_64-openstack-sda \u4e91\u67b6\u6784\u5e08\u5e94\u51b3\u5b9a\u5411\u4e91\u7528\u6237\u63d0\u4f9b\u54ea\u4e9b\u8bbe\u5907\u3002\u4efb\u4f55\u4e0d\u9700\u8981\u7684\u4e1c\u897f\u90fd\u5e94\u8be5\u4ece QEMU \u4e2d\u5220\u9664\u3002\u6b64\u6b65\u9aa4\u9700\u8981\u5728\u4fee\u6539\u4f20\u9012\u7ed9 QEMU \u914d\u7f6e\u811a\u672c\u7684\u9009\u9879\u540e\u91cd\u65b0\u7f16\u8bd1 QEMU\u3002\u8981\u83b7\u5f97\u6700\u65b0\u9009\u9879\u7684\u5b8c\u6574\u5217\u8868\uff0c\u53ea\u9700\u4ece QEMU \u6e90\u76ee\u5f55\u4e2d\u8fd0\u884c ./configure --help\u3002\u786e\u5b9a\u90e8\u7f72\u6240\u9700\u7684\u5185\u5bb9\uff0c\u5e76\u7981\u7528\u5176\u4f59\u9009\u9879\u3002 \u7f16\u8bd1\u5668\u52a0\u56fa \u00b6 \u4f7f\u7528\u7f16\u8bd1\u5668\u5f3a\u5316\u9009\u9879\u5f3a\u5316 QEMU\u3002\u73b0\u4ee3\u7f16\u8bd1\u5668\u63d0\u4f9b\u4e86\u591a\u79cd\u7f16\u8bd1\u65f6\u9009\u9879\uff0c\u4ee5\u63d0\u9ad8\u751f\u6210\u7684\u4e8c\u8fdb\u5236\u6587\u4ef6\u7684\u5b89\u5168\u6027\u3002\u8fd9\u4e9b\u529f\u80fd\u5305\u62ec\u53ea\u8bfb\u91cd\u5b9a\u4f4d \uff08RELRO\uff09\u3001\u5806\u6808\u91d1\u4e1d\u96c0\u3001\u4ece\u4e0d\u6267\u884c \uff08NX\uff09\u3001\u4f4d\u7f6e\u65e0\u5173\u53ef\u6267\u884c\u6587\u4ef6 \uff08PIE\uff09 \u548c\u5730\u5740\u7a7a\u95f4\u5e03\u5c40\u968f\u673a\u5316 \uff08ASLR\uff09\u3002 \u8bb8\u591a\u73b0\u4ee3 Linux \u53d1\u884c\u7248\u5df2\u7ecf\u5728\u6784\u5efa\u542f\u7528\u7f16\u8bd1\u5668\u5f3a\u5316\u7684 QEMU\uff0c\u6211\u4eec\u5efa\u8bae\u5728\u7ee7\u7eed\u64cd\u4f5c\u4e4b\u524d\u9a8c\u8bc1\u73b0\u6709\u7684\u53ef\u6267\u884c\u6587\u4ef6\u3002\u53ef\u4ee5\u5e2e\u52a9\u60a8\u8fdb\u884c\u6b64\u9a8c\u8bc1\u7684\u4e00\u79cd\u5de5\u5177\u79f0\u4e3a checksec.sh RELocation \u53ea\u8bfb \uff08RELRO\uff09 \u5f3a\u5316\u53ef\u6267\u884c\u6587\u4ef6\u7684\u6570\u636e\u90e8\u5206\u3002gcc \u652f\u6301\u5b8c\u6574\u548c\u90e8\u5206 RELRO \u6a21\u5f0f\u3002\u5bf9\u4e8eQEMU\u6765\u8bf4\uff0c\u5b8c\u6574\u7684RELLO\u662f\u60a8\u7684\u6700\u4f73\u9009\u62e9\u3002\u8fd9\u5c06\u4f7f\u5168\u5c40\u504f\u79fb\u8868\u6210\u4e3a\u53ea\u8bfb\u7684\uff0c\u5e76\u5728\u751f\u6210\u7684\u53ef\u6267\u884c\u6587\u4ef6\u4e2d\u5c06\u5404\u79cd\u5185\u90e8\u6570\u636e\u90e8\u5206\u653e\u5728\u7a0b\u5e8f\u6570\u636e\u90e8\u5206\u4e4b\u524d\u3002 \u6808\u4fdd\u62a4 \u5c06\u503c\u653e\u5728\u5806\u6808\u4e0a\u5e76\u9a8c\u8bc1\u5176\u662f\u5426\u5b58\u5728\uff0c\u4ee5\u5e2e\u52a9\u9632\u6b62\u7f13\u51b2\u533a\u6ea2\u51fa\u653b\u51fb\u3002 \u4ece\u4e0d\u6267\u884c \uff08NX\uff09 \u4e5f\u79f0\u4e3a\u6570\u636e\u6267\u884c\u4fdd\u62a4 \uff08DEP\uff09\uff0c\u786e\u4fdd\u65e0\u6cd5\u6267\u884c\u53ef\u6267\u884c\u6587\u4ef6\u7684\u6570\u636e\u90e8\u5206\u3002 \u4f4d\u7f6e\u65e0\u5173\u53ef\u6267\u884c\u6587\u4ef6 \uff08PIE\uff09 \u751f\u6210\u4e00\u4e2a\u72ec\u7acb\u4e8e\u4f4d\u7f6e\u7684\u53ef\u6267\u884c\u6587\u4ef6\uff0c\u8fd9\u662f ASLR \u6240\u5fc5\u9700\u7684\u3002 \u5730\u5740\u7a7a\u95f4\u5e03\u5c40\u968f\u673a\u5316 \uff08ASLR\uff09 \u8fd9\u786e\u4fdd\u4e86\u4ee3\u7801\u548c\u6570\u636e\u533a\u57df\u7684\u653e\u7f6e\u90fd\u662f\u968f\u673a\u7684\u3002\u5f53\u4f7f\u7528 PIE \u6784\u5efa\u53ef\u6267\u884c\u6587\u4ef6\u65f6\uff0c\u7531\u5185\u6838\u542f\u7528\uff08\u6240\u6709\u73b0\u4ee3 Linux \u5185\u6838\u90fd\u652f\u6301 ASLR\uff09\u3002 \u7f16\u8bd1 QEMU \u65f6\uff0c\u5efa\u8bae\u5bf9 GCC \u4f7f\u7528\u4ee5\u4e0b\u7f16\u8bd1\u5668\u9009\u9879\uff1a CFLAGS=\"-arch x86_64 -fstack-protector-all -Wstack-protector \\ --param ssp-buffer-size=4 -pie -fPIE -ftrapv -D_FORTIFY_SOURCE=2 -O2 \\ -Wl,-z,relro,-z,now\" \u6211\u4eec\u5efa\u8bae\u5728\u7f16\u8bd1 QEMU \u53ef\u6267\u884c\u6587\u4ef6\u540e\u5bf9\u5176\u8fdb\u884c\u6d4b\u8bd5\uff0c\u4ee5\u786e\u4fdd\u7f16\u8bd1\u5668\u5f3a\u5316\u6b63\u5e38\u5de5\u4f5c\u3002 \u5927\u591a\u6570\u4e91\u90e8\u7f72\u4e0d\u4f1a\u624b\u52a8\u6784\u5efa\u8f6f\u4ef6\uff0c\u4f8b\u5982 QEMU\u3002\u6700\u597d\u4f7f\u7528\u6253\u5305\u6765\u786e\u4fdd\u8be5\u8fc7\u7a0b\u662f\u53ef\u91cd\u590d\u7684\uff0c\u5e76\u786e\u4fdd\u6700\u7ec8\u7ed3\u679c\u53ef\u4ee5\u8f7b\u677e\u5730\u90e8\u7f72\u5728\u6574\u4e2a\u4e91\u4e2d\u3002\u4e0b\u9762\u7684\u53c2\u8003\u8d44\u6599\u63d0\u4f9b\u4e86\u6709\u5173\u5c06\u7f16\u8bd1\u5668\u5f3a\u5316\u9009\u9879\u5e94\u7528\u4e8e\u73b0\u6709\u5305\u7684\u4e00\u4e9b\u5176\u4ed6\u8be6\u7ec6\u4fe1\u606f\u3002 DEB \u5c01\u88c5\uff1a \u786c\u5316\u6307\u5357 RPM \u5305\uff1a \u5982\u4f55\u521b\u5efa RPM \u5305 \u5b89\u5168\u52a0\u5bc6\u865a\u62df\u5316 \u00b6 \u5b89\u5168\u52a0\u5bc6\u865a\u62df\u5316 \uff08SEV\uff09 \u662f AMD \u7684\u4e00\u9879\u6280\u672f\uff0c\u5b83\u5141\u8bb8\u4f7f\u7528 VM \u552f\u4e00\u7684\u5bc6\u94a5\u5bf9 VM \u7684\u5185\u5b58\u8fdb\u884c\u52a0\u5bc6\u3002SEV \u5728 Train \u7248\u672c\u4e2d\u4f5c\u4e3a\u6280\u672f\u9884\u89c8\u7248\u63d0\u4f9b\uff0c\u5728\u67d0\u4e9b\u57fa\u4e8e AMD \u7684\u673a\u5668\u4e0a\u63d0\u4f9b KVM \u5ba2\u6237\u673a\uff0c\u7528\u4e8e\u8bc4\u4f30\u6280\u672f\u3002 nova \u914d\u7f6e\u6307\u5357\u7684 KVM \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u90e8\u5206\u5305\u542b\u914d\u7f6e\u8ba1\u7b97\u673a\u548c\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u6240\u9700\u7684\u4fe1\u606f\uff0c\u5e76\u5217\u51fa\u4e86 SEV \u7684\u51e0\u4e2a\u9650\u5236\u3002 SEV \u4e3a\u6b63\u5728\u8fd0\u884c\u7684 VM \u4f7f\u7528\u7684\u5185\u5b58\u4e2d\u7684\u6570\u636e\u63d0\u4f9b\u4fdd\u62a4\u3002\u4f46\u662f\uff0c\u867d\u7136 SEV \u4e0e OpenStack \u96c6\u6210\u7684\u7b2c\u4e00\u9636\u6bb5\u652f\u6301\u865a\u62df\u673a\u52a0\u5bc6\u5185\u5b58\uff0c\u4f46\u91cd\u8981\u7684\u662f\u5b83\u4e0d\u63d0\u4f9b SEV \u56fa\u4ef6\u63d0\u4f9b\u7684 LAUNCH_MEASURE or LAUNCH_SECRET \u529f\u80fd\u3002\u8fd9\u610f\u5473\u7740\u53d7 SEV \u4fdd\u62a4\u7684 VM \u4f7f\u7528\u7684\u6570\u636e\u53ef\u80fd\u4f1a\u53d7\u5230\u63a7\u5236\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u7684\u6709\u52a8\u673a\u7684\u5bf9\u624b\u7684\u653b\u51fb\u3002\u4f8b\u5982\uff0c\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u8ba1\u7b97\u673a\u4e0a\u7684\u6076\u610f\u7ba1\u7406\u5458\u53ef\u4ee5\u4e3a\u5177\u6709\u540e\u95e8\u548c\u95f4\u8c0d\u8f6f\u4ef6\u7684\u79df\u6237\u63d0\u4f9b VM \u6620\u50cf\uff0c\u8fd9\u4e9b\u540e\u95e8\u548c\u95f4\u8c0d\u8f6f\u4ef6\u80fd\u591f\u7a83\u53d6\u673a\u5bc6\uff0c\u6216\u8005\u66ff\u6362 VNC \u670d\u52a1\u5668\u8fdb\u7a0b\u4ee5\u7aa5\u63a2\u53d1\u9001\u5230 VM \u63a7\u5236\u53f0\u6216\u4ece VM \u63a7\u5236\u53f0\u53d1\u9001\u7684\u6570\u636e\uff0c\u5305\u62ec\u89e3\u9501\u5168\u78c1\u76d8\u52a0\u5bc6\u89e3\u51b3\u65b9\u6848\u7684\u5bc6\u7801\u3002 \u4e3a\u4e86\u51cf\u5c11\u6076\u610f\u7ba1\u7406\u5458\u672a\u7ecf\u6388\u6743\u8bbf\u95ee\u6570\u636e\u7684\u673a\u4f1a\uff0c\u4f7f\u7528 SEV \u65f6\u5e94\u9075\u5faa\u4ee5\u4e0b\u5b89\u5168\u505a\u6cd5\uff1a VM \u5e94\u4f7f\u7528\u5b8c\u6574\u78c1\u76d8\u52a0\u5bc6\u89e3\u51b3\u65b9\u6848\u3002 \u5e94\u5728 VM \u4e0a\u4f7f\u7528\u5f15\u5bfc\u52a0\u8f7d\u7a0b\u5e8f\u5bc6\u7801\u3002 \u6b64\u5916\uff0c\u5e94\u5c06\u6807\u51c6\u5b89\u5168\u6700\u4f73\u505a\u6cd5\u7528\u4e8e VM\uff0c\u5305\u62ec\u4ee5\u4e0b\u5185\u5bb9\uff1a VM \u5e94\u5f97\u5230\u826f\u597d\u7684\u7ef4\u62a4\uff0c\u5305\u62ec\u5b9a\u671f\u8fdb\u884c\u5b89\u5168\u626b\u63cf\u548c\u4fee\u8865\uff0c\u4ee5\u786e\u4fdd VM \u6301\u7eed\u4fdd\u6301\u5f3a\u5927\u7684\u5b89\u5168\u6001\u52bf\u3002 \u4e0e VM \u7684\u8fde\u63a5\u5e94\u4f7f\u7528\u52a0\u5bc6\u548c\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u534f\u8bae\uff0c\u4f8b\u5982 HTTPS \u548c SSH\u3002 \u5e94\u8003\u8651\u4f7f\u7528\u5176\u4ed6\u5b89\u5168\u5de5\u5177\u548c\u6d41\u7a0b\uff0c\u5e76\u5c06\u5176\u7528\u4e8e\u9002\u5408\u6570\u636e\u654f\u611f\u5ea6\u7ea7\u522b\u7684 VM\u3002 \u5f3a\u5236\u8bbf\u95ee\u63a7\u5236 \u00b6 \u7f16\u8bd1\u5668\u52a0\u56fa\u4f7f\u653b\u51fb QEMU \u8fdb\u7a0b\u53d8\u5f97\u66f4\u52a0\u56f0\u96be\u3002\u4f46\u662f\uff0c\u5982\u679c\u653b\u51fb\u8005\u5f97\u901e\uff0c\u5219\u9700\u8981\u9650\u5236\u653b\u51fb\u7684\u5f71\u54cd\u3002\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236\u901a\u8fc7\u5c06 QEMU \u8fdb\u7a0b\u4e0a\u7684\u6743\u9650\u9650\u5236\u4e3a\u4ec5\u9700\u8981\u7684\u6743\u9650\u6765\u5b9e\u73b0\u6b64\u76ee\u7684\u3002\u8fd9\u53ef\u4ee5\u901a\u8fc7\u4f7f\u7528 sVirt\u3001SELinux \u6216 AppArmor \u6765\u5b9e\u73b0\u3002\u4f7f\u7528 sVirt \u65f6\uff0cSELinux \u914d\u7f6e\u4e3a\u5728\u5355\u72ec\u7684\u5b89\u5168\u4e0a\u4e0b\u6587\u4e0b\u8fd0\u884c\u6bcf\u4e2a QEMU \u8fdb\u7a0b\u3002AppArmor \u53ef\u4ee5\u914d\u7f6e\u4e3a\u63d0\u4f9b\u7c7b\u4f3c\u7684\u529f\u80fd\u3002\u6211\u4eec\u5728\u4ee5\u4e0b sVirt \u548c\u5b9e\u4f8b\u9694\u79bb\u90e8\u5206\u4e2d\u63d0\u4f9b\u4e86\u6709\u5173 sVirt \u548c\u5b9e\u4f8b\u9694\u79bb\u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff1aSELinux \u548c\u865a\u62df\u5316\u3002 \u7279\u5b9a\u7684 SELinux \u7b56\u7565\u53ef\u7528\u4e8e\u8bb8\u591a OpenStack \u670d\u52a1\u3002CentOS \u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u5b89\u88c5 selinux-policy \u6e90\u7801\u5305\u6765\u67e5\u770b\u8fd9\u4e9b\u7b56\u7565\u3002\u6700\u65b0\u7684\u7b56\u7565\u51fa\u73b0\u5728 Fedora \u7684 selinux-policy \u5b58\u50a8\u5e93\u4e2d\u3002rawhide-contrib \u5206\u652f\u5305\u542b\u4ee5 .te \u7ed3\u5c3e\u7684\u6587\u4ef6\uff0c\u4f8b\u5982 cinder.te \uff0c\u8fd9\u4e9b\u6587\u4ef6\u53ef\u4ee5\u5728\u8fd0\u884c SELinux \u7684\u7cfb\u7edf\u4e0a\u4f7f\u7528\u3002 OpenStack \u670d\u52a1\u7684 AppArmor \u914d\u7f6e\u6587\u4ef6\u5f53\u524d\u4e0d\u5b58\u5728\uff0c\u4f46 OpenStack-Ansible \u9879\u76ee\u901a\u8fc7\u5c06 AppArmor \u914d\u7f6e\u6587\u4ef6\u5e94\u7528\u4e8e\u8fd0\u884c OpenStack \u670d\u52a1\u7684\u6bcf\u4e2a\u5bb9\u5668\u6765\u5904\u7406\u6b64\u95ee\u9898\u3002 sVirt\uff1aSELinux \u548c\u865a\u62df\u5316 \u00b6 \u51ed\u501f\u72ec\u7279\u7684\u5185\u6838\u7ea7\u67b6\u6784\u548c\u56fd\u5bb6\u5b89\u5168\u5c40 \uff08NSA\uff09 \u5f00\u53d1\u7684\u5b89\u5168\u673a\u5236\uff0cKVM \u4e3a\u591a\u79df\u6237\u63d0\u4f9b\u4e86\u57fa\u7840\u9694\u79bb\u6280\u672f\u3002\u5b89\u5168\u865a\u62df\u5316 \uff08sVirt\uff09 \u6280\u672f\u7684\u53d1\u5c55\u8d77\u6e90\u4e8e 2002 \u5e74\uff0c\u662f SELinux \u5bf9\u73b0\u4ee3\u865a\u62df\u5316\u7684\u5e94\u7528\u3002SELinux \u65e8\u5728\u5e94\u7528\u57fa\u4e8e\u6807\u7b7e\u7684\u5206\u79bb\u63a7\u5236\uff0c\u73b0\u5df2\u6269\u5c55\u4e3a\u5728\u865a\u62df\u673a\u8fdb\u7a0b\u3001\u8bbe\u5907\u3001\u6570\u636e\u6587\u4ef6\u548c\u4ee3\u8868\u5b83\u4eec\u6267\u884c\u64cd\u4f5c\u7684\u7cfb\u7edf\u8fdb\u7a0b\u4e4b\u95f4\u63d0\u4f9b\u9694\u79bb\u3002 OpenStack \u7684 sVirt \u5b9e\u73b0\u65e8\u5728\u4fdd\u62a4\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e3b\u673a\u548c\u865a\u62df\u673a\u514d\u53d7\u4e24\u4e2a\u4e3b\u8981\u5a01\u80c1\u5a92\u4ecb\u7684\u4fb5\u5bb3\uff1a \u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u5a01\u80c1 \u5728\u865a\u62df\u673a\u4e2d\u8fd0\u884c\u7684\u53d7\u635f\u5e94\u7528\u7a0b\u5e8f\u4f1a\u653b\u51fb\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u4ee5\u8bbf\u95ee\u5e95\u5c42\u8d44\u6e90\u3002\u4f8b\u5982\uff0c\u5f53\u865a\u62df\u673a\u80fd\u591f\u8bbf\u95ee\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u64cd\u4f5c\u7cfb\u7edf\u3001\u7269\u7406\u8bbe\u5907\u6216\u5176\u4ed6\u5e94\u7528\u7a0b\u5e8f\u65f6\u3002\u6b64\u5a01\u80c1\u5411\u91cf\u5b58\u5728\u76f8\u5f53\u5927\u7684\u98ce\u9669\uff0c\u56e0\u4e3a\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u4e0a\u7684\u5165\u4fb5\u53ef\u80fd\u4f1a\u611f\u67d3\u7269\u7406\u786c\u4ef6\u5e76\u66b4\u9732\u5176\u4ed6\u865a\u62df\u673a\u548c\u7f51\u6bb5\u3002 \u865a\u62df\u673a\uff08\u591a\u79df\u6237\uff09\u5a01\u80c1 \u5728 VM \u4e2d\u8fd0\u884c\u7684\u53d7\u635f\u5e94\u7528\u7a0b\u5e8f\u4f1a\u653b\u51fb\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\uff0c\u4ee5\u8bbf\u95ee\u6216\u63a7\u5236\u53e6\u4e00\u4e2a\u865a\u62df\u673a\u53ca\u5176\u8d44\u6e90\u3002\u8fd9\u662f\u865a\u62df\u5316\u7279\u6709\u7684\u5a01\u80c1\u5411\u91cf\uff0c\u5b58\u5728\u76f8\u5f53\u5927\u7684\u98ce\u9669\uff0c\u56e0\u4e3a\u5927\u91cf\u865a\u62df\u673a\u6587\u4ef6\u6620\u50cf\u53ef\u80fd\u56e0\u5355\u4e2a\u5e94\u7528\u7a0b\u5e8f\u4e2d\u7684\u6f0f\u6d1e\u800c\u53d7\u5230\u635f\u5bb3\u3002\u8fd9\u79cd\u865a\u62df\u7f51\u7edc\u653b\u51fb\u662f\u4e00\u4e2a\u4e3b\u8981\u95ee\u9898\uff0c\u56e0\u4e3a\u7528\u4e8e\u4fdd\u62a4\u771f\u5b9e\u7f51\u7edc\u7684\u7ba1\u7406\u6280\u672f\u5e76\u4e0d\u76f4\u63a5\u9002\u7528\u4e8e\u865a\u62df\u73af\u5883\u3002 \u6bcf\u4e2a\u57fa\u4e8e KVM \u7684\u865a\u62df\u673a\u90fd\u662f\u4e00\u4e2a\u7531 SELinux \u6807\u8bb0\u7684\u8fdb\u7a0b\uff0c\u4ece\u800c\u6709\u6548\u5730\u5728\u6bcf\u4e2a\u865a\u62df\u673a\u5468\u56f4\u5efa\u7acb\u5b89\u5168\u8fb9\u754c\u3002\u6b64\u5b89\u5168\u8fb9\u754c\u7531 Linux \u5185\u6838\u76d1\u89c6\u548c\u5f3a\u5236\u6267\u884c\uff0c\u4ece\u800c\u9650\u5236\u865a\u62df\u673a\u8bbf\u95ee\u5176\u8fb9\u754c\u4e4b\u5916\u7684\u8d44\u6e90\uff0c\u4f8b\u5982\u4e3b\u673a\u6570\u636e\u6587\u4ef6\u6216\u5176\u4ed6 VM\u3002 \u65e0\u8bba\u865a\u62df\u673a\u5185\u8fd0\u884c\u7684\u5ba2\u6237\u673a\u64cd\u4f5c\u7cfb\u7edf\u5982\u4f55\uff0c\u90fd\u4f1a\u63d0\u4f9b sVirt \u9694\u79bb\u3002\u53ef\u4ee5\u4f7f\u7528 Linux \u6216 Windows VM\u3002\u6b64\u5916\uff0c\u8bb8\u591a Linux \u53d1\u884c\u7248\u5728\u64cd\u4f5c\u7cfb\u7edf\u4e2d\u63d0\u4f9b SELinux\uff0c\u4f7f\u865a\u62df\u673a\u80fd\u591f\u4fdd\u62a4\u5185\u90e8\u865a\u62df\u8d44\u6e90\u514d\u53d7\u5a01\u80c1\u3002 \u6807\u7b7e\u548c\u7c7b\u522b \u00b6 \u57fa\u4e8e KVM \u7684\u865a\u62df\u673a\u5b9e\u4f8b\u4f7f\u7528\u5176\u81ea\u5df1\u7684 SELinux \u6570\u636e\u7c7b\u578b\u8fdb\u884c\u6807\u8bb0\uff0c\u79f0\u4e3a svirt_image_t \u3002\u5185\u6838\u7ea7\u4fdd\u62a4\u53ef\u9632\u6b62\u672a\u7ecf\u6388\u6743\u7684\u7cfb\u7edf\u8fdb\u7a0b\uff08\u5982\u6076\u610f\u8f6f\u4ef6\uff09\u64cd\u7eb5\u78c1\u76d8\u4e0a\u7684\u865a\u62df\u673a\u6620\u50cf\u6587\u4ef6\u3002\u5173\u95ed\u865a\u62df\u673a\u7535\u6e90\u540e\uff0c\u6620\u50cf\u7684\u5b58\u50a8 svirt_image_t \u65b9\u5f0f\u5982\u4e0b\u6240\u793a\uff1a system_u:object_r:svirt_image_t:SystemLow image1 system_u:object_r:svirt_image_t:SystemLow image2 system_u:object_r:svirt_image_t:SystemLow image3 system_u:object_r:svirt_image_t:SystemLow image4 \u8be5 svirt_image_t \u6807\u7b7e\u552f\u4e00\u6807\u8bc6\u78c1\u76d8\u4e0a\u7684\u56fe\u50cf\u6587\u4ef6\uff0c\u5141\u8bb8 SELinux \u7b56\u7565\u9650\u5236\u8bbf\u95ee\u3002\u5f53\u57fa\u4e8e KVM \u7684\u8ba1\u7b97\u6620\u50cf\u901a\u7535\u65f6\uff0csVirt \u4f1a\u5c06\u968f\u673a\u6570\u5b57\u6807\u8bc6\u7b26\u9644\u52a0\u5230\u6620\u50cf\u4e2d\u3002sVirt \u80fd\u591f\u4e3a\u6bcf\u4e2a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u8282\u70b9\u6700\u591a\u5206\u914d 524,288 \u4e2a\u865a\u62df\u673a\u7684\u6570\u5b57\u6807\u8bc6\u7b26\uff0c\u4f46\u5927\u591a\u6570 OpenStack \u90e8\u7f72\u6781\u4e0d\u53ef\u80fd\u9047\u5230\u6b64\u9650\u5236\u3002 \u6b64\u793a\u4f8b\u663e\u793a\u4e86 sVirt \u7c7b\u522b\u6807\u8bc6\u7b26\uff1a system_u:object_r:svirt_image_t:s0:c87,c520 image1 system_u:object_r:svirt_image_t:s0:419,c172 image2 SELinux \u7528\u6237\u548c\u89d2\u8272 \u00b6 SELinux \u7ba1\u7406\u7528\u6237\u89d2\u8272\u3002\u53ef\u4ee5\u901a\u8fc7 -Z \u6807\u5fd7\u6216\u4f7f\u7528 semanage \u547d\u4ee4\u67e5\u770b\u8fd9\u4e9b\u5185\u5bb9\u3002\u5728\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e0a\uff0c\u53ea\u6709\u7ba1\u7406\u5458\u624d\u80fd\u8bbf\u95ee\u7cfb\u7edf\uff0c\u5e76\u4e14\u5e94\u8be5\u56f4\u7ed5\u7ba1\u7406\u7528\u6237\u548c\u7cfb\u7edf\u4e0a\u7684\u4efb\u4f55\u5176\u4ed6\u7528\u6237\u5177\u6709\u9002\u5f53\u7684\u4e0a\u4e0b\u6587\u3002\u6709\u5173\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 SELinux \u7528\u6237\u6587\u6863\u3002 \u5e03\u5c14\u503c \u00b6 \u4e3a\u4e86\u51cf\u8f7b\u7ba1\u7406 SELinux \u7684\u7ba1\u7406\u8d1f\u62c5\uff0c\u8bb8\u591a\u4f01\u4e1a Linux \u5e73\u53f0\u5229\u7528 SELinux \u5e03\u5c14\u503c\u6765\u5feb\u901f\u6539\u53d8 sVirt \u7684\u5b89\u5168\u6001\u52bf\u3002 \u57fa\u4e8e Red Hat Enterprise Linux \u7684 KVM \u90e8\u7f72\u4f7f\u7528\u4ee5\u4e0b sVirt \u5e03\u5c14\u503c\uff1a sVirt SELinux \u5e03\u5c14\u503c \u63cf\u8ff0 virt_use_common \u5141\u8bb8 virt \u4f7f\u7528\u4e32\u884c\u6216\u5e76\u884c\u901a\u4fe1\u7aef\u53e3\u3002 virt_use_fusefs \u5141\u8bb8 virt \u8bfb\u53d6 FUSE \u6302\u8f7d\u7684\u6587\u4ef6\u3002 virt_use_nfs \u5141\u8bb8 virt \u7ba1\u7406 NFS \u6302\u8f7d\u7684\u6587\u4ef6\u3002 virt_use_samba \u5141\u8bb8 virt \u7ba1\u7406 CIFS \u6302\u8f7d\u7684\u6587\u4ef6\u3002 virt_use_sanlock \u5141\u8bb8\u53d7\u9650\u7684\u865a\u62df\u8bbf\u5ba2\u4e0e sanlock \u4ea4\u4e92\u3002 virt_use_sysfs \u5141\u8bb8 virt \u7ba1\u7406\u8bbe\u5907\u914d\u7f6e \uff08PCI\uff09\u3002 virt_use_usb \u5141\u8bb8 virt \u4f7f\u7528 USB \u8bbe\u5907\u3002 virt_use_xserver \u5141\u8bb8\u865a\u62df\u673a\u4e0e X Window \u7cfb\u7edf\u4ea4\u4e92\u3002 \u52a0\u56fa\u8ba1\u7b97\u90e8\u7f72 \u00b6 \u4efb\u4f55OpenStack\u90e8\u7f72\u7684\u4e3b\u8981\u5b89\u5168\u95ee\u9898\u4e4b\u4e00\u662f\u56f4\u7ed5\u654f\u611f\u6587\u4ef6\uff08\u5982 nova.conf \u6587\u4ef6\uff09\u7684\u5b89\u5168\u6027\u548c\u63a7\u5236\u3002\u6b64\u914d\u7f6e\u6587\u4ef6\u901a\u5e38\u5305\u542b\u5728 /etc \u76ee\u5f55\u4e2d\uff0c\u5305\u542b\u8bb8\u591a\u654f\u611f\u9009\u9879\uff0c\u5305\u62ec\u914d\u7f6e\u8be6\u7ec6\u4fe1\u606f\u548c\u670d\u52a1\u5bc6\u7801\u3002\u5e94\u4e3a\u6240\u6709\u6b64\u7c7b\u654f\u611f\u6587\u4ef6\u6388\u4e88\u4e25\u683c\u7684\u6587\u4ef6\u7ea7\u6743\u9650\uff0c\u5e76\u901a\u8fc7\u6587\u4ef6\u5b8c\u6574\u6027\u76d1\u89c6 \uff08FIM\uff09 \u5de5\u5177\uff08\u5982 iNotify \u6216 Samhain\uff09\u76d1\u89c6\u66f4\u6539\u3002\u8fd9\u4e9b\u5b9e\u7528\u7a0b\u5e8f\u5c06\u83b7\u53d6\u5904\u4e8e\u5df2\u77e5\u826f\u597d\u72b6\u6001\u7684\u76ee\u6807\u6587\u4ef6\u7684\u54c8\u5e0c\u503c\uff0c\u7136\u540e\u5b9a\u671f\u83b7\u53d6\u8be5\u6587\u4ef6\u7684\u65b0\u54c8\u5e0c\u503c\uff0c\u5e76\u5c06\u5176\u4e0e\u5df2\u77e5\u826f\u597d\u7684\u54c8\u5e0c\u503c\u8fdb\u884c\u6bd4\u8f83\u3002\u5982\u679c\u53d1\u73b0\u8b66\u62a5\u88ab\u610f\u5916\u4fee\u6539\uff0c\u5219\u53ef\u4ee5\u521b\u5efa\u8b66\u62a5\u3002 \u53ef\u4ee5\u68c0\u67e5\u6587\u4ef6\u7684\u6743\u9650\uff0c\u6211\u79fb\u52a8\u5230\u6587\u4ef6\u6240\u5728\u7684\u76ee\u5f55\u5e76\u8fd0\u884c ls -lh \u547d\u4ee4\u3002\u8fd9\u5c06\u663e\u793a\u6709\u6743\u8bbf\u95ee\u6587\u4ef6\u7684\u6743\u9650\u3001\u6240\u6709\u8005\u548c\u7ec4\uff0c\u4ee5\u53ca\u5176\u4ed6\u4fe1\u606f\uff0c\u4f8b\u5982\u4e0a\u6b21\u4fee\u6539\u6587\u4ef6\u7684\u65f6\u95f4\u548c\u521b\u5efa\u65f6\u95f4\u3002 \u8be5 /var/lib/nova \u76ee\u5f55\u7528\u4e8e\u4fdd\u5b58\u6709\u5173\u7ed9\u5b9a\u8ba1\u7b97\u4e3b\u673a\u4e0a\u7684\u5b9e\u4f8b\u7684\u8be6\u7ec6\u4fe1\u606f\u3002\u6b64\u76ee\u5f55\u4e5f\u5e94\u88ab\u89c6\u4e3a\u654f\u611f\u76ee\u5f55\uff0c\u5e76\u5177\u6709\u4e25\u683c\u5f3a\u5236\u6267\u884c\u7684\u6587\u4ef6\u6743\u9650\u3002\u6b64\u5916\uff0c\u5e94\u5b9a\u671f\u5907\u4efd\u5b83\uff0c\u56e0\u4e3a\u5b83\u5305\u542b\u4e0e\u8be5\u4e3b\u673a\u5173\u8054\u7684\u5b9e\u4f8b\u7684\u4fe1\u606f\u548c\u5143\u6570\u636e\u3002 \u5982\u679c\u90e8\u7f72\u4e0d\u9700\u8981\u5b8c\u6574\u7684\u865a\u62df\u673a\u5907\u4efd\uff0c\u5efa\u8bae\u6392\u9664\u8be5 /var/lib/nova/instances \u76ee\u5f55\uff0c\u56e0\u4e3a\u5b83\u7684\u5927\u5c0f\u5c06\u4e0e\u8be5\u8282\u70b9\u4e0a\u8fd0\u884c\u7684\u6bcf\u4e2a VM \u7684\u603b\u7a7a\u95f4\u4e00\u6837\u5927\u3002\u5982\u679c\u90e8\u7f72\u786e\u5b9e\u9700\u8981\u5b8c\u6574 VM \u5907\u4efd\uff0c\u5219\u9700\u8981\u786e\u4fdd\u6210\u529f\u5907\u4efd\u6b64\u76ee\u5f55\u3002 \u76d1\u89c6\u662f IT \u57fa\u7840\u7ed3\u6784\u7684\u5173\u952e\u7ec4\u4ef6\uff0c\u6211\u4eec\u5efa\u8bae\u76d1\u89c6\u548c\u5206\u6790\u8ba1\u7b97\u65e5\u5fd7\u6587\u4ef6\uff0c\u4ee5\u4fbf\u53ef\u4ee5\u521b\u5efa\u6709\u610f\u4e49\u7684\u8b66\u62a5\u3002 OpenStack \u6f0f\u6d1e\u7ba1\u7406\u56e2\u961f \u00b6 \u6211\u4eec\u5efa\u8bae\u5728\u53d1\u5e03\u5b89\u5168\u95ee\u9898\u548c\u5efa\u8bae\u65f6\u53ca\u65f6\u4e86\u89e3\u5b83\u4eec\u3002OpenStack \u5b89\u5168\u95e8\u6237\u662f\u4e00\u4e2a\u4e2d\u592e\u95e8\u6237\uff0c\u53ef\u4ee5\u5728\u8fd9\u91cc\u534f\u8c03\u5efa\u8bae\u3001\u901a\u77e5\u3001\u4f1a\u8bae\u548c\u6d41\u7a0b\u3002\u6b64\u5916\uff0cOpenStack \u6f0f\u6d1e\u7ba1\u7406\u56e2\u961f \uff08VMT\uff09 \u95e8\u6237\u901a\u8fc7\u5c06 Bug \u6807\u8bb0\u4e3a\u201c\u6b64 bug \u662f\u5b89\u5168\u6f0f\u6d1e\u201d\u6765\u534f\u8c03 OpenStack \u9879\u76ee\u5185\u7684\u8865\u6551\u63aa\u65bd\uff0c\u4ee5\u53ca\u8c03\u67e5\u8d1f\u8d23\u4efb\u5730\uff08\u79c1\u4e0b\uff09\u5411 VMT \u62ab\u9732\u7684\u62a5\u544a bug \u7684\u8fc7\u7a0b\u3002VMT \u6d41\u7a0b\u9875\u9762\u4e2d\u6982\u8ff0\u4e86\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u5e76\u751f\u6210\u4e86 OpenStack \u5b89\u5168\u516c\u544a \uff08OSSA\uff09\u3002\u6b64 OSSA \u6982\u8ff0\u4e86\u95ee\u9898\u548c\u4fee\u590d\u7a0b\u5e8f\uff0c\u5e76\u94fe\u63a5\u5230\u539f\u59cb\u9519\u8bef\u548c\u8865\u4e01\u6258\u7ba1\u4f4d\u7f6e\u3002 OpenStack \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u00b6 \u62a5\u544a\u7684\u5b89\u5168\u6f0f\u6d1e\u88ab\u53d1\u73b0\u662f\u914d\u7f6e\u9519\u8bef\u7684\u7ed3\u679c\uff0c\u6216\u8005\u4e0d\u662f\u4e25\u683c\u610f\u4e49\u4e0a\u7684 OpenStack \u7684\u4e00\u90e8\u5206\uff0c\u8fd9\u4e9b\u6f0f\u6d1e\u5c06\u88ab\u8d77\u8349\u5230 OpenStack \u5b89\u5168\u8bf4\u660e \uff08OSSN\uff09 \u4e2d\u3002\u8fd9\u4e9b\u95ee\u9898\u5305\u62ec\u914d\u7f6e\u95ee\u9898\uff0c\u4f8b\u5982\u786e\u4fdd\u8eab\u4efd\u63d0\u4f9b\u7a0b\u5e8f\u6620\u5c04\u4ee5\u53ca\u975e OpenStack\uff0c\u4f46\u5173\u952e\u95ee\u9898\uff08\u4f8b\u5982\u5f71\u54cd OpenStack \u4f7f\u7528\u7684\u5e73\u53f0\u7684 Bashbug/Ghost \u6216 Venom \u6f0f\u6d1e\uff09\u3002\u5f53\u524d\u7684 OSSN \u96c6\u4f4d\u4e8e\u5b89\u5168\u8bf4\u660e wiki \u4e2d\u3002 OpenStack-dev \u90ae\u4ef6\u5217\u8868 \u00b6 \u6240\u6709\u9519\u8bef\u3001OSSA \u548c OSSN \u90fd\u901a\u8fc7 openstack-discuss \u90ae\u4ef6\u5217\u8868\u516c\u5f00\u53d1\u5e03\uff0c\u4e3b\u9898\u884c\u4e2d\u5e26\u6709 [security] \u4e3b\u9898\u3002\u6211\u4eec\u5efa\u8bae\u8ba2\u9605\u6b64\u5217\u8868\u4ee5\u53ca\u90ae\u4ef6\u8fc7\u6ee4\u89c4\u5219\uff0c\u4ee5\u786e\u4fdd\u4e0d\u4f1a\u9057\u6f0f OSSN\u3001OSSA \u548c\u5176\u4ed6\u91cd\u8981\u516c\u544a\u3002openstack-discuss \u90ae\u4ef6\u5217\u8868\u901a\u8fc7 OpenStack Development Mailing List \u8fdb\u884c\u7ba1\u7406\u3002openstack-discuss \u4f7f\u7528\u300a\u9879\u76ee\u56e2\u961f\u6307\u5357\u300b\u4e2d\u5b9a\u4e49\u7684\u6807\u8bb0\u3002 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u90ae\u4ef6\u5217\u8868 \u00b6 \u5728\u5b9e\u65bdOpenStack\u65f6\uff0c\u6838\u5fc3\u51b3\u7b56\u4e4b\u4e00\u662f\u4f7f\u7528\u54ea\u4e2a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002\u6211\u4eec\u5efa\u8bae\u60a8\u4e86\u89e3\u4e0e\u60a8\u9009\u62e9\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u76f8\u5173\u7684\u516c\u544a\u3002\u4ee5\u4e0b\u662f\u51e0\u4e2a\u5e38\u89c1\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5b89\u5168\u5217\u8868\uff1a Xen\uff1a http://xenbits.xen.org/xsa/ VMWare\uff1a http://blogs.vmware.com/security/ \u5176\u4ed6\uff08KVM \u7b49\uff09\uff1a http://seclists.org/oss-sec \u6f0f\u6d1e\u610f\u8bc6 \u00b6 OpenStack \u6f0f\u6d1e\u7ba1\u7406\u56e2\u961f \u00b6 \u6211\u4eec\u5efa\u8bae\u5728\u53d1\u5e03\u5b89\u5168\u95ee\u9898\u548c\u5efa\u8bae\u65f6\u53ca\u65f6\u4e86\u89e3\u5b83\u4eec\u3002OpenStack \u5b89\u5168\u95e8\u6237\u662f\u4e00\u4e2a\u4e2d\u592e\u95e8\u6237\uff0c\u53ef\u4ee5\u5728\u8fd9\u91cc\u534f\u8c03\u5efa\u8bae\u3001\u901a\u77e5\u3001\u4f1a\u8bae\u548c\u6d41\u7a0b\u3002\u6b64\u5916\uff0cOpenStack \u6f0f\u6d1e\u7ba1\u7406\u56e2\u961f \uff08VMT\uff09 \u95e8\u6237\u534f\u8c03 OpenStack \u5185\u90e8\u7684\u8865\u6551\u63aa\u65bd\uff0c\u4ee5\u53ca\u8c03\u67e5\u8d1f\u8d23\u4efb\u5730\uff08\u79c1\u4e0b\uff09\u5411 VMT \u62ab\u9732\u7684\u62a5\u544a\u9519\u8bef\u7684\u8fc7\u7a0b\uff0c\u65b9\u6cd5\u662f\u5c06\u9519\u8bef\u6807\u8bb0\u4e3a\u201c\u6b64\u9519\u8bef\u662f\u5b89\u5168\u6f0f\u6d1e\u201d\u3002VMT \u6d41\u7a0b\u9875\u9762\u4e2d\u6982\u8ff0\u4e86\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u5e76\u751f\u6210\u4e86 OpenStack \u5b89\u5168\u516c\u544a \uff08OSSA\uff09\u3002\u6b64 OSSA \u6982\u8ff0\u4e86\u95ee\u9898\u548c\u4fee\u590d\u7a0b\u5e8f\uff0c\u5e76\u94fe\u63a5\u5230\u539f\u59cb\u9519\u8bef\u548c\u8865\u4e01\u6258\u7ba1\u4f4d\u7f6e\u3002 OpenStack \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u00b6 \u62a5\u544a\u7684\u5b89\u5168\u6f0f\u6d1e\u88ab\u53d1\u73b0\u662f\u914d\u7f6e\u9519\u8bef\u7684\u7ed3\u679c\uff0c\u6216\u8005\u4e0d\u662f\u4e25\u683c\u610f\u4e49\u4e0a\u7684 OpenStack \u7684\u4e00\u90e8\u5206\uff0c\u5c06\u88ab\u8d77\u8349\u5230 OpenStack \u5b89\u5168\u8bf4\u660e \uff08OSSN\uff09 \u4e2d\u3002\u8fd9\u4e9b\u95ee\u9898\u5305\u62ec\u914d\u7f6e\u95ee\u9898\uff0c\u4f8b\u5982\u786e\u4fdd\u8eab\u4efd\u63d0\u4f9b\u5546\u6620\u5c04\uff0c\u4ee5\u53ca\u975e OpenStack \u4f46\u5173\u952e\u7684\u95ee\u9898\uff0c\u4f8b\u5982\u5f71\u54cd OpenStack \u4f7f\u7528\u7684\u5e73\u53f0\u7684 Bashbug/Ghost \u6216 Venom \u6f0f\u6d1e\u3002\u5f53\u524d\u7684 OSSN \u96c6\u4f4d\u4e8e\u5b89\u5168\u8bf4\u660e wiki \u4e2d\u3002 OpenStack-discuss \u90ae\u4ef6\u5217\u8868 \u00b6 \u6240\u6709 bug\u3001OSSA \u548c OSSN \u90fd\u901a\u8fc7 openstack-discuss \u90ae\u4ef6\u5217\u8868\u516c\u5f00\u53d1\u5e03\uff0c\u4e3b\u9898\u884c\u4e2d\u5305\u542b [security] \u4e3b\u9898\u3002\u6211\u4eec\u5efa\u8bae\u8ba2\u9605\u6b64\u5217\u8868\u4ee5\u53ca\u90ae\u4ef6\u8fc7\u6ee4\u89c4\u5219\uff0c\u4ee5\u786e\u4fdd\u4e0d\u4f1a\u9057\u6f0f OSSN\u3001OSSA \u548c\u5176\u4ed6\u91cd\u8981\u516c\u544a\u3002openstack-discuss \u90ae\u4ef6\u5217\u8868\u901a\u8fc7 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-discuss \u8fdb\u884c\u7ba1\u7406\u3002openstack-discuss \u4f7f\u7528\u300a\u9879\u76ee\u56e2\u961f\u6307\u5357\u300b\u4e2d\u5b9a\u4e49\u7684\u6807\u8bb0\u3002 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u90ae\u4ef6\u5217\u8868 \u00b6 \u5728\u5b9e\u65bdOpenStack\u65f6\uff0c\u6838\u5fc3\u51b3\u7b56\u4e4b\u4e00\u662f\u4f7f\u7528\u54ea\u4e2a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002\u6211\u4eec\u5efa\u8bae\u60a8\u4e86\u89e3\u4e0e\u60a8\u9009\u62e9\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u76f8\u5173\u7684\u516c\u544a\u3002\u4ee5\u4e0b\u662f\u51e0\u4e2a\u5e38\u89c1\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5b89\u5168\u5217\u8868\uff1a Xen\uff1a http://xenbits.xen.org/xsa/ VMWare\uff1a http://blogs.vmware.com/security/ \u5176\u4ed6\uff08KVM \u7b49\uff09\uff1a http://seclists.org/oss-sec \u5982\u4f55\u9009\u62e9\u865a\u62df\u63a7\u5236\u53f0 \u00b6 \u4e91\u67b6\u6784\u5e08\u9700\u8981\u505a\u51fa\u7684\u6709\u5173\u8ba1\u7b97\u670d\u52a1\u914d\u7f6e\u7684\u4e00\u4e2a\u51b3\u5b9a\u662f\u4f7f\u7528 VNC \u8fd8\u662f SPICE\u3002 \u865a\u62df\u7f51\u7edc\u8ba1\u7b97\u673a \uff08VNC\uff09 \u00b6 OpenStack \u53ef\u4ee5\u914d\u7f6e\u4e3a\u4f7f\u7528\u865a\u62df\u7f51\u7edc\u8ba1\u7b97\u673a \uff08VNC\uff09 \u534f\u8bae\u4e3a\u79df\u6237\u548c\u7ba1\u7406\u5458\u63d0\u4f9b\u5bf9\u5b9e\u4f8b\u7684\u8fdc\u7a0b\u684c\u9762\u63a7\u5236\u53f0\u8bbf\u95ee\u3002 \u529f\u80fd \u00b6 OpenStack Dashboard \uff08horizon\uff09 \u53ef\u4ee5\u4f7f\u7528 HTML5 noVNC \u5ba2\u6237\u7aef\u76f4\u63a5\u5728\u7f51\u9875\u4e0a\u4e3a\u5b9e\u4f8b\u63d0\u4f9b VNC \u63a7\u5236\u53f0\u3002\u8fd9\u8981\u6c42 nova-novncproxy \u670d\u52a1\u4ece\u516c\u7528\u7f51\u7edc\u6865\u63a5\u5230\u7ba1\u7406\u7f51\u7edc\u3002 nova \u547d\u4ee4\u884c\u5b9e\u7528\u7a0b\u5e8f\u53ef\u4ee5\u8fd4\u56de VNC \u63a7\u5236\u53f0\u7684 URL\uff0c\u4ee5\u4f9b nova Java VNC \u5ba2\u6237\u7aef\u8bbf\u95ee\u3002\u8fd9\u8981\u6c42 nova-xvpvncproxy \u670d\u52a1\u4ece\u516c\u7528\u7f51\u7edc\u6865\u63a5\u5230\u7ba1\u7406\u7f51\u7edc\u3002 \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u00b6 \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c nova-novncproxy \u548c nova-xvpvncproxy \u670d\u52a1\u4f1a\u6253\u5f00\u7ecf\u8fc7\u4ee4\u724c\u8eab\u4efd\u9a8c\u8bc1\u7684\u9762\u5411\u516c\u4f17\u7684\u7aef\u53e3\u3002 \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u8fdc\u7a0b\u684c\u9762\u6d41\u91cf\u672a\u52a0\u5bc6\u3002\u53ef\u4ee5\u542f\u7528 TLS \u6765\u52a0\u5bc6 VNC \u6d41\u91cf\u3002\u8bf7\u53c2\u9605 TLS \u548c SSL \u7b80\u4ecb\u4ee5\u83b7\u53d6\u9002\u5f53\u7684\u5efa\u8bae\u3002 \u53c2\u8003\u4e66\u76ee \u00b6 blog.malchuk.ru, OpenStack VNC Security. 2013. Secure Connections to VNC ports blog.malchuk.ru\uff0cOpenStack VNC \u5b89\u5168\u6027\u30022013. \u4e0e VNC \u7aef\u53e3\u7684\u5b89\u5168\u8fde\u63a5 OpenStack Mailing List, [OpenStack] nova-novnc SSL configuration - Havana. 2014. OpenStack nova-novnc SSL Configuration OpenStack \u90ae\u4ef6\u5217\u8868\uff0c[OpenStack] nova-novnc SSL \u914d\u7f6e - \u54c8\u74e6\u90a3\u30022014. OpenStack nova-novnc SSL\u914d\u7f6e Redhat.com/solutions\uff0c\u5728 OpenStack \u4e2d\u4f7f\u7528 SSL \u52a0\u5bc6 nova-novacproxy\u30022014. OpenStack nova-novncproxy SSL\u52a0\u5bc6 \u72ec\u7acb\u8ba1\u7b97\u73af\u5883\u7684\u7b80\u5355\u534f\u8bae \uff08SPICE\uff09 \u00b6 \u4f5c\u4e3a VNC \u7684\u66ff\u4ee3\u65b9\u6848\uff0cOpenStack \u4f7f\u7528\u72ec\u7acb\u8ba1\u7b97\u73af\u5883\u7684\u7b80\u5355\u534f\u8bae \uff08SPICE\uff09 \u534f\u8bae\u63d0\u4f9b\u5bf9\u5ba2\u6237\u673a\u865a\u62df\u673a\u7684\u8fdc\u7a0b\u684c\u9762\u8bbf\u95ee\u3002 \u529f\u80fd \u00b6 OpenStack Dashboard \uff08horizon\uff09 \u76f4\u63a5\u5728\u5b9e\u4f8b\u7f51\u9875\u4e0a\u652f\u6301 SPICE\u3002\u8fd9\u9700\u8981\u670d\u52a1 nova-spicehtml5proxy \u3002 nova \u547d\u4ee4\u884c\u5b9e\u7528\u7a0b\u5e8f\u53ef\u4ee5\u8fd4\u56de SPICE \u63a7\u5236\u53f0\u7684 URL\uff0c\u4ee5\u4f9b SPICE-html \u5ba2\u6237\u7aef\u8bbf\u95ee\u3002 \u9650\u5236 \u00b6 \u5c3d\u7ba1 SPICE \u4e0e VNC \u76f8\u6bd4\u5177\u6709\u8bb8\u591a\u4f18\u52bf\uff0c\u4f46 spice-html5 \u6d4f\u89c8\u5668\u96c6\u6210\u76ee\u524d\u4e0d\u5141\u8bb8\u7ba1\u7406\u5458\u5229\u7528\u8fd9\u4e9b\u4f18\u52bf\u3002\u4e3a\u4e86\u5229\u7528 \u591a\u663e\u793a\u5668\u3001USB \u76f4\u901a\u7b49 SPICE \u529f\u80fd\uff0c\u6211\u4eec\u5efa\u8bae\u7ba1\u7406\u5458\u5728\u7ba1\u7406\u7f51\u7edc\u4e2d\u4f7f\u7528\u72ec\u7acb\u7684 SPICE \u5ba2\u6237\u7aef\u3002 \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u00b6 \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u8be5 nova-spicehtml5proxy \u670d\u52a1\u4f1a\u6253\u5f00\u7ecf\u8fc7\u4ee4\u724c\u8eab\u4efd\u9a8c\u8bc1\u7684\u9762\u5411\u516c\u4f17\u7684\u7aef\u53e3\u3002 \u529f\u80fd\u548c\u96c6\u6210\u4ecd\u5728\u4e0d\u65ad\u53d1\u5c55\u3002\u6211\u4eec\u5c06\u5728\u4e0b\u4e00\u4e2a\u7248\u672c\u4e2d\u8bbf\u95ee\u8fd9\u4e9b\u529f\u80fd\u5e76\u63d0\u51fa\u5efa\u8bae\u3002 \u4e0e VNC \u7684\u60c5\u51b5\u4e00\u6837\uff0c\u76ee\u524d\u6211\u4eec\u5efa\u8bae\u4ece\u7ba1\u7406\u7f51\u7edc\u4f7f\u7528 SPICE\uff0c\u6b64\u5916\u8fd8\u9650\u5236\u4f7f\u7528\u5c11\u6570\u4eba\u3002 \u53c2\u8003\u4e66\u76ee \u00b6 OpenStack \u7ba1\u7406\u5458\u6307\u5357\u3002SPICE\u63a7\u5236\u53f0\u3002SPICE\u63a7\u5236\u53f0\u3002 bugzilla.redhat.com\uff0c Bug 913607 - RFE\uff1a \u652f\u6301\u901a\u8fc7 websockets \u96a7\u9053\u4f20\u8f93 SPICE\u30022013. RedHat \u9519\u8bef913607\u3002 \u68c0\u67e5\u8868 \u00b6 Check-Compute-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/nova\uff1f \u00b6 \u914d\u7f6e\u6587\u4ef6\u5305\u542b\u7ec4\u4ef6\u5e73\u7a33\u8fd0\u884c\u6240\u9700\u7684\u5173\u952e\u53c2\u6570\u548c\u4fe1\u606f\u3002\u5982\u679c\u975e\u7279\u6743\u7528\u6237\u6709\u610f\u6216\u65e0\u610f\u5730\u4fee\u6539\u6216\u5220\u9664\u4efb\u4f55\u53c2\u6570\u6216\u6587\u4ef6\u672c\u8eab\uff0c\u5219\u4f1a\u5bfc\u81f4\u4e25\u91cd\u7684\u53ef\u7528\u6027\u95ee\u9898\uff0c\u4ece\u800c\u5bfc\u81f4\u62d2\u7edd\u5411\u5176\u4ed6\u6700\u7ec8\u7528\u6237\u63d0\u4f9b\u670d\u52a1\u3002\u6b64\u7c7b\u5173\u952e\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a nova \uff0c root \u5e76\u4e14\u7ec4\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a \u3002\u6b64\u5916\uff0c\u5305\u542b\u76ee\u5f55\u5e94\u5177\u6709\u76f8\u540c\u7684\u6240\u6709\u6743\uff0c\u4ee5\u786e\u4fdd\u6b63\u786e\u62e5\u6709\u65b0\u6587\u4ef6\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%U %G\" /etc/nova/nova.conf | egrep \"root nova\" $ stat -L -c \"%U %G\" /etc/nova/api-paste.ini | egrep \"root nova\" $ stat -L -c \"%U %G\" /etc/nova/policy.json | egrep \"root nova\" $ stat -L -c \"%U %G\" /etc/nova/rootwrap.conf | egrep \"root nova\" $ stat -L -c \"%U %G\" /etc/nova | egrep \"root nova\" \u901a\u8fc7\uff1a\u5982\u679c\u6240\u6709\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u5206\u522b\u8bbe\u7f6e\u4e3a root \u548c nova \u3002\u4e0a\u8ff0\u547d\u4ee4\u663e\u793a \u7684 root nova \u8f93\u51fa\u3002 \u5931\u8d25\uff1a\u5982\u679c\u4e0a\u8ff0\u547d\u4ee4\u672a\u8fd4\u56de\u4efb\u4f55\u8f93\u51fa\uff0c\u5219\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u53ef\u80fd\u5df2\u8bbe\u7f6e\u4e3a\u9664 \u4ee5\u5916\u7684\u4efb\u4f55\u7528\u6237\u6216\u9664 nova \u4ee5\u5916\u7684 root \u4efb\u4f55\u7ec4\u3002 \u63a8\u8350\u4e8e\uff1a\u8ba1\u7b97\u3002 Check-Compute-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f \u00b6 \u4e0e\u524d\u9762\u7684\u68c0\u67e5\u7c7b\u4f3c\uff0c\u6211\u4eec\u5efa\u8bae\u4e3a\u6b64\u7c7b\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e25\u683c\u7684\u8bbf\u95ee\u6743\u9650\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%a\" /etc/nova/nova.conf $ stat -L -c \"%a\" /etc/nova/api-paste.ini $ stat -L -c \"%a\" /etc/nova/policy.json $ stat -L -c \"%a\" /etc/nova/rootwrap.conf \u8fd8\u53ef\u4ee5\u8fdb\u884c\u66f4\u5e7f\u6cdb\u7684\u9650\u5236\uff1a\u5982\u679c\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\uff0c\u5219\u4fdd\u8bc1\u6b64\u76ee\u5f55\u4e2d\u65b0\u521b\u5efa\u7684\u6587\u4ef6\u5177\u6709\u6240\u9700\u7684\u6743\u9650\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u6743\u9650\u8bbe\u7f6e\u4e3a 640 \u6216\u66f4\u4e25\u683c\uff0c\u6216\u8005\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\u3002640/750 \u7684\u6743\u9650\u8f6c\u6362\u4e3a\u6240\u6709\u8005 r/w\u3001\u7ec4 r\uff0c\u800c\u5bf9\u5176\u4ed6\u4eba\u6ca1\u6709\u6743\u9650\u3002\u4f8b\u5982\uff0c\u201cu=rw\uff0cg=r\uff0co=\u201d\u3002 \u6ce8\u610f \u5982\u679c Check-Compute-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/nova\uff1f\u6743\u9650\u8bbe\u7f6e\u4e3a 640\uff0croot \u5177\u6709\u8bfb/\u5199\u8bbf\u95ee\u6743\u9650\uff0cnova \u5177\u6709\u5bf9\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u8bfb\u53d6\u8bbf\u95ee\u6743\u9650\u3002\u4e5f\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u9a8c\u8bc1\u8bbf\u95ee\u6743\u9650\u3002\u4ec5\u5f53\u6b64\u547d\u4ee4\u652f\u6301 ACL \u65f6\uff0c\u5b83\u624d\u5728\u60a8\u7684\u7cfb\u7edf\u4e0a\u53ef\u7528\u3002 $ getfacl --tabular -a /etc/nova/nova.conf getfacl: Removing leading '/' from absolute path names # file: etc/nova/nova.conf USER root rw- GROUP nova r-- mask r-- other --- \u5931\u8d25\uff1a\u5982\u679c\u6743\u9650\u672a\u8bbe\u7f6e\u4e3a\u81f3\u5c11 640/750\u3002 \u63a8\u8350\u4e8e\uff1a\u8ba1\u7b97\u3002 Check-Compute-03\uff1aKeystone \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f \u00b6 \u6ce8\u610f \u6b64\u9879\u4ec5\u9002\u7528\u4e8e OpenStack \u7248\u672c Rocky \u53ca\u4e4b\u524d\u7248\u672c\uff0c\u56e0\u4e3a `auth_strategy` Stein \u4e2d\u5df2\u5f03\u7528\u3002 OpenStack \u652f\u6301\u5404\u79cd\u8eab\u4efd\u9a8c\u8bc1\u7b56\u7565\uff0c\u5982 noauth \u548c keystone\u3002\u5982\u679c\u4f7f\u7528 noauth \u7b56\u7565\uff0c\u90a3\u4e48\u7528\u6237\u65e0\u9700\u4efb\u4f55\u8eab\u4efd\u9a8c\u8bc1\u5373\u53ef\u4e0e OpenStack \u670d\u52a1\u8fdb\u884c\u4ea4\u4e92\u3002\u8fd9\u53ef\u80fd\u662f\u4e00\u4e2a\u6f5c\u5728\u7684\u98ce\u9669\uff0c\u56e0\u4e3a\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u83b7\u5f97\u5bf9 OpenStack \u7ec4\u4ef6\u7684\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002\u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\u6240\u6709\u670d\u52a1\u90fd\u5fc5\u987b\u4f7f\u7528\u5176\u670d\u52a1\u5e10\u6237\u901a\u8fc7 keystone \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002 \u5728Ocata\u4e4b\u524d\uff1a \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 auth_strategy \u8bbe\u7f6e\u4e3a keystone \u3002 [DEFAULT] /etc/nova/nova.conf \u5931\u8d25\uff1a\u5982\u679c section \u4e0b\u7684 [DEFAULT] \u53c2\u6570 auth_strategy \u503c\u8bbe\u7f6e\u4e3a noauth \u6216 noauth2 \u3002 \u5728Ocata\u4e4b\u540e\uff1a \u901a\u8fc7\uff1a\u5982\u679c under [api] \u6216 [DEFAULT] section in /etc/nova/nova.conf \u7684\u53c2\u6570 auth_strategy \u503c\u8bbe\u7f6e\u4e3a keystone \u3002 \u5931\u8d25\uff1a\u5982\u679c or [DEFAULT] \u90e8\u5206\u4e0b\u7684 [api] \u53c2\u6570 auth_strategy \u503c\u8bbe\u7f6e\u4e3a noauth \u6216 noauth2 \u3002 Check-Compute-04\uff1a\u662f\u5426\u4f7f\u7528\u5b89\u5168\u534f\u8bae\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f \u00b6 OpenStack \u7ec4\u4ef6\u4f7f\u7528\u5404\u79cd\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\uff0c\u901a\u4fe1\u53ef\u80fd\u6d89\u53ca\u654f\u611f\u6216\u673a\u5bc6\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5c1d\u8bd5\u7a83\u542c\u9891\u9053\u4ee5\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u6240\u6709\u7ec4\u4ef6\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in /etc/nova/nova.conf \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a Identity API \u7aef\u70b9\u5f00\u5934\uff0c https:// \u5e76\u4e14 same /etc/nova/nova.conf \u4e2d\u540c\u4e00 [keystone_authtoken] \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri insecure \u503c\u8bbe\u7f6e\u4e3a False \u3002 \u5931\u8d25\uff1a\u5982\u679c in /etc/nova/nova.conf \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri \u503c\u672a\u8bbe\u7f6e\u4e3a\u4ee5 \u5f00\u5934\u7684\u8eab\u4efd API \u7aef\u70b9\uff0c https:// \u6216\u8005\u540c\u4e00 /etc/nova/nova.conf \u90e8\u5206\u4e2d\u7684\u53c2\u6570 insecure [keystone_authtoken] \u503c\u8bbe\u7f6e\u4e3a True \u3002 Check-Compute-05\uff1aNova \u4e0e Glance \u7684\u901a\u4fe1\u662f\u5426\u5b89\u5168\uff1f \u00b6 OpenStack \u7ec4\u4ef6\u4f7f\u7528\u5404\u79cd\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\uff0c\u901a\u4fe1\u53ef\u80fd\u6d89\u53ca\u654f\u611f\u6216\u673a\u5bc6\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5c1d\u8bd5\u7a83\u542c\u9891\u9053\u4ee5\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u6240\u6709\u7ec4\u4ef6\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a False \uff0c\u5e76\u4e14 section in /etc/nova/nova.conf /etc/nova/nova.conf \u4e0b\u7684 [glance] [glance] \u53c2\u6570 api_insecure api_servers \u503c\u8bbe\u7f6e\u4e3a\u4ee5 https:// \u5f00\u5934\u7684\u503c\u3002 \u5931\u8d25\uff1a\u5982\u679c in /etc/nova/nova.conf \u8282\u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a True \uff0c\u6216\u8005 in /etc/nova/nova.conf \u8282\u4e0b\u7684 [glance] [glance] \u53c2\u6570 api_insecure api_servers \u503c\u8bbe\u7f6e\u4e3a\u4e0d\u4ee5 https:// \u5f00\u5934\u7684\u503c\u3002 \u5757\u5b58\u50a8 \u00b6 OpenStack Block Storage \uff08cinder\uff09 \u662f\u4e00\u9879\u670d\u52a1\uff0c\u5b83\u63d0\u4f9b\u8f6f\u4ef6\uff08\u670d\u52a1\u548c\u5e93\uff09\u6765\u81ea\u52a9\u7ba1\u7406\u6301\u4e45\u6027\u5757\u7ea7\u5b58\u50a8\u8bbe\u5907\u3002\u8fd9\u5c06\u521b\u5efa\u5bf9\u5757\u5b58\u50a8\u8d44\u6e90\u7684\u6309\u9700\u8bbf\u95ee\uff0c\u4ee5\u4fbf\u4e0e OpenStack \u8ba1\u7b97 \uff08nova\uff09 \u5b9e\u4f8b\u4e00\u8d77\u4f7f\u7528\u3002\u901a\u8fc7\u5c06\u5757\u5b58\u50a8\u6c60\u865a\u62df\u5316\u5230\u5404\u79cd\u540e\u7aef\u5b58\u50a8\u8bbe\u5907\uff08\u53ef\u4ee5\u662f\u8f6f\u4ef6\u5b9e\u73b0\u6216\u4f20\u7edf\u786c\u4ef6\u5b58\u50a8\u4ea7\u54c1\uff09\uff0c\u901a\u8fc7\u62bd\u8c61\u521b\u5efa\u8f6f\u4ef6\u5b9a\u4e49\u5b58\u50a8\u3002\u5176\u4e3b\u8981\u529f\u80fd\u662f\u7ba1\u7406\u5757\u8bbe\u5907\u7684\u521b\u5efa\u3001\u9644\u52a0\u548c\u5206\u79bb\u3002\u6d88\u8d39\u8005\u4e0d\u9700\u8981\u77e5\u9053\u540e\u7aef\u5b58\u50a8\u8bbe\u5907\u7684\u7c7b\u578b\u6216\u5b83\u7684\u4f4d\u7f6e\u3002 \u8ba1\u7b97\u5b9e\u4f8b\u901a\u8fc7\u884c\u4e1a\u6807\u51c6\u5b58\u50a8\u534f\u8bae\uff08\u5982 iSCSI\u3001\u4ee5\u592a\u7f51 ATA \u6216\u5149\u7ea4\u901a\u9053\uff09\u5b58\u50a8\u548c\u68c0\u7d22\u5757\u5b58\u50a8\u3002\u8fd9\u4e9b\u8d44\u6e90\u901a\u8fc7 OpenStack \u539f\u751f\u6807\u51c6 HTTP RESTful API \u8fdb\u884c\u7ba1\u7406\u548c\u914d\u7f6e\u3002\u6709\u5173 API \u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 OpenStack \u5757\u5b58\u50a8\u6587\u6863\u3002 \u5377\u64e6\u9664 \u68c0\u67e5\u8868 Check-Block-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/cinder\uff1f Check-Block-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Block-03\uff1aKeystone \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Block-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Block-05\uff1acinder \u662f\u5426\u901a\u8fc7 TLS \u4e0e nova \u901a\u4fe1\uff1f Check-Block-06\uff1acinder \u662f\u5426\u901a\u8fc7 TLS \u4e0e glance \u901a\u4fe1\uff1f Check-Block-07\uff1a NAS \u662f\u5426\u5728\u5b89\u5168\u7684\u73af\u5883\u4e2d\u8fd0\u884c\uff1f Check-Block-08\uff1a\u8bf7\u6c42\u6b63\u6587\u7684\u6700\u5927\u5927\u5c0f\u662f\u5426\u8bbe\u7f6e\u4e3a\u9ed8\u8ba4\u503c \uff08114688\uff09\uff1f Check-Block-09\uff1a\u662f\u5426\u542f\u7528\u4e86\u5377\u52a0\u5bc6\u529f\u80fd\uff1f \u6ce8\u610f \u867d\u7136\u672c\u7ae0\u76ee\u524d\u5bf9\u5177\u4f53\u6307\u5357\u7684\u4ecb\u7ecd\u5f88\u5c11\uff0c\u4f46\u9884\u8ba1\u5c06\u9075\u5faa\u6807\u51c6\u7684\u5f3a\u5316\u5b9e\u8df5\u3002\u672c\u8282\u5c06\u6269\u5c55\u76f8\u5173\u4fe1\u606f\u3002 \u5377\u64e6\u9664 \u00b6 \u6709\u51e0\u79cd\u65b9\u6cd5\u53ef\u4ee5\u64e6\u9664\u5757\u5b58\u50a8\u8bbe\u5907\u3002\u4f20\u7edf\u7684\u65b9\u6cd5\u662f\u5c06 lvm_type \u8bbe\u7f6e\u4e3a thin \uff0c\u5982\u679c\u4f7f\u7528 LVM \u540e\u7aef\uff0c\u5219\u4f7f\u7528 volume_clear \u8be5\u53c2\u6570\u3002\u6216\u8005\uff0c\u5982\u679c\u4f7f\u7528\u5377\u52a0\u5bc6\u529f\u80fd\uff0c\u5219\u5728\u5220\u9664\u5377\u52a0\u5bc6\u5bc6\u94a5\u65f6\u4e0d\u9700\u8981\u5377\u64e6\u9664\u3002\u6709\u5173\u8bbe\u7f6e\u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u5377\u52a0\u5bc6\u90e8\u5206\u4e2d\u7684 OpenStack \u914d\u7f6e\u53c2\u8003\u6587\u6863\uff0c\u4ee5\u53ca\u6709\u5173\u5bc6\u94a5\u5220\u9664\u7684 Castellan \u4f7f\u7528\u6587\u6863 \u6ce8\u610f \u5728\u8f83\u65e7\u7684 OpenStack \u7248\u672c\u4e2d\uff0c `lvm_type=default` \u7528\u4e8e\u8868\u793a\u64e6\u9664\u3002\u867d\u7136\u6b64\u65b9\u6cd5\u4ecd\u7136\u6709\u6548\uff0c\u4f46 `lvm_type=default` \u4e0d\u5efa\u8bae\u7528\u4e8e\u8bbe\u7f6e\u5b89\u5168\u5220\u9664\u3002 \u8be5 volume_clear \u53c2\u6570\u53ef\u4ee5\u8bbe\u7f6e\u4e3a zero \u3002\u8be5 zero \u53c2\u6570\u5c06\u5411\u8bbe\u5907\u5199\u5165\u4e00\u6b21\u96f6\u4f20\u9012\u3002 \u6709\u5173\u8be5 lvm_type \u53c2\u6570\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 cinder \u9879\u76ee\u6587\u6863\u7684\u7cbe\u7b80\u7f6e\u5907\u4e2d\u7684 LVM \u548c\u8d85\u989d\u8ba2\u9605\u90e8\u5206\u3002 \u6709\u5173\u8be5 volume_clear \u53c2\u6570\u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 cinder \u9879\u76ee\u6587\u6863\u7684 Cinder \u914d\u7f6e\u9009\u9879\u90e8\u5206\u3002 \u68c0\u67e5\u8868 \u00b6 Check-Block-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/cinder\uff1f \u00b6 \u914d\u7f6e\u6587\u4ef6\u5305\u542b\u7ec4\u4ef6\u5e73\u7a33\u8fd0\u884c\u6240\u9700\u7684\u5173\u952e\u53c2\u6570\u548c\u4fe1\u606f\u3002\u5982\u679c\u975e\u7279\u6743\u7528\u6237\u6709\u610f\u6216\u65e0\u610f\u5730\u4fee\u6539\u6216\u5220\u9664\u4efb\u4f55\u53c2\u6570\u6216\u6587\u4ef6\u672c\u8eab\uff0c\u5219\u4f1a\u5bfc\u81f4\u4e25\u91cd\u7684\u53ef\u7528\u6027\u95ee\u9898\uff0c\u4ece\u800c\u5bfc\u81f4\u62d2\u7edd\u5411\u5176\u4ed6\u6700\u7ec8\u7528\u6237\u63d0\u4f9b\u670d\u52a1\u3002\u56e0\u6b64\uff0c\u6b64\u7c7b\u5173\u952e\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a root\uff0c\u7ec4\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a cinder\u3002\u6b64\u5916\uff0c\u5305\u542b\u76ee\u5f55\u5e94\u5177\u6709\u76f8\u540c\u7684\u6240\u6709\u6743\uff0c\u4ee5\u786e\u4fdd\u6b63\u786e\u62e5\u6709\u65b0\u6587\u4ef6\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%U %G\" /etc/cinder/cinder.conf | egrep \"root cinder\" $ stat -L -c \"%U %G\" /etc/cinder/api-paste.ini | egrep \"root cinder\" $ stat -L -c \"%U %G\" /etc/cinder/policy.json | egrep \"root cinder\" $ stat -L -c \"%U %G\" /etc/cinder/rootwrap.conf | egrep \"root cinder\" $ stat -L -c \"%U %G\" /etc/cinder | egrep \"root cinder\" \u901a\u8fc7\uff1a\u5982\u679c\u6240\u6709\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u5206\u522b\u8bbe\u7f6e\u4e3a root \u548c cinder\u3002\u4e0a\u9762\u7684\u547d\u4ee4\u663e\u793a\u4e86\u6839\u7164\u6e23\u7684\u8f93\u51fa\u3002 \u5931\u8d25\uff1a\u5982\u679c\u4e0a\u8ff0\u547d\u4ee4\u672a\u8fd4\u56de\u4efb\u4f55\u8f93\u51fa\uff0c\u56e0\u4e3a\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u53ef\u80fd\u5df2\u8bbe\u7f6e\u4e3a\u9664 root \u4ee5\u5916\u7684\u4efb\u4f55\u7528\u6237\u6216\u9664 cinder \u4ee5\u5916\u7684\u4efb\u4f55\u7ec4\u3002 Check-Block-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f \u00b6 \u4e0e\u524d\u9762\u7684\u68c0\u67e5\u7c7b\u4f3c\uff0c\u6211\u4eec\u5efa\u8bae\u4e3a\u6b64\u7c7b\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e25\u683c\u7684\u8bbf\u95ee\u6743\u9650\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%a\" /etc/cinder/cinder.conf $ stat -L -c \"%a\" /etc/cinder/api-paste.ini $ stat -L -c \"%a\" /etc/cinder/policy.json $ stat -L -c \"%a\" /etc/cinder/rootwrap.conf $ stat -L -c \"%a\" /etc/cinder \u8fd8\u53ef\u4ee5\u8fdb\u884c\u66f4\u5e7f\u6cdb\u7684\u9650\u5236\uff1a\u5982\u679c\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\uff0c\u5219\u4fdd\u8bc1\u6b64\u76ee\u5f55\u4e2d\u65b0\u521b\u5efa\u7684\u6587\u4ef6\u5177\u6709\u6240\u9700\u7684\u6743\u9650\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u6743\u9650\u8bbe\u7f6e\u4e3a 640 \u6216\u66f4\u4e25\u683c\uff0c\u6216\u8005\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\u3002640/750 \u7684\u6743\u9650\u8f6c\u6362\u4e3a\u6240\u6709\u8005 r/w\u3001\u7ec4 r\uff0c\u800c\u5bf9\u5176\u4ed6\u4eba\u6ca1\u6709\u6743\u9650\uff0c\u5373\u201cu=rw\uff0cg=r\uff0co=\u201d\u3002\u8bf7\u6ce8\u610f\uff0c\u4f7f\u7528 Check-Block-01 \u65f6\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/cinder\uff1f\u6743\u9650\u8bbe\u7f6e\u4e3a 640\uff0croot \u5177\u6709\u8bfb/\u5199\u8bbf\u95ee\u6743\u9650\uff0ccinder \u5177\u6709\u5bf9\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u8bfb\u53d6\u8bbf\u95ee\u6743\u9650\u3002\u4e5f\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u9a8c\u8bc1\u8bbf\u95ee\u6743\u9650\u3002\u4ec5\u5f53\u6b64\u547d\u4ee4\u652f\u6301 ACL \u65f6\uff0c\u5b83\u624d\u5728\u60a8\u7684\u7cfb\u7edf\u4e0a\u53ef\u7528\u3002 $ getfacl --tabular -a /etc/cinder/cinder.conf getfacl: Removing leading '/' from absolute path names # file: etc/cinder/cinder.conf USER root rw- GROUP cinder r-- mask r-- other --- \u5931\u8d25\uff1a\u5982\u679c\u6743\u9650\u672a\u8bbe\u7f6e\u4e3a\u81f3\u5c11 640\u3002 Check-Block-03\uff1aKeystone \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f \u00b6 \u6ce8\u610f \u6b64\u9879\u4ec5\u9002\u7528\u4e8e OpenStack \u7248\u672c Rocky \u53ca\u4e4b\u524d\u7248\u672c\uff0c\u56e0\u4e3a `auth_strategy` Stein \u4e2d\u5df2\u5f03\u7528\u3002 OpenStack \u652f\u6301\u5404\u79cd\u8eab\u4efd\u9a8c\u8bc1\u7b56\u7565\uff0c\u5982 noauth\u3001keystone \u7b49\u3002\u5982\u679c\u4f7f\u7528\u201cnoauth\u201d\u7b56\u7565\uff0c\u90a3\u4e48\u7528\u6237\u65e0\u9700\u4efb\u4f55\u8eab\u4efd\u9a8c\u8bc1\u5373\u53ef\u4e0eOpenStack\u670d\u52a1\u8fdb\u884c\u4ea4\u4e92\u3002\u8fd9\u53ef\u80fd\u662f\u4e00\u4e2a\u6f5c\u5728\u7684\u98ce\u9669\uff0c\u56e0\u4e3a\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u83b7\u5f97\u5bf9 OpenStack \u7ec4\u4ef6\u7684\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002\u56e0\u6b64\uff0c\u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\u6240\u6709\u670d\u52a1\u90fd\u5fc5\u987b\u4f7f\u7528\u5176\u670d\u52a1\u5e10\u6237\u901a\u8fc7 keystone \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 auth_strategy \u8bbe\u7f6e\u4e3a keystone \u3002 [DEFAULT] /etc/cinder/cinder.conf \u5931\u8d25\uff1a\u5982\u679c section \u4e0b\u7684 [DEFAULT] \u53c2\u6570 auth_strategy \u503c\u8bbe\u7f6e\u4e3a noauth \u3002 Check-Block-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f \u00b6 OpenStack \u7ec4\u4ef6\u4f7f\u7528\u5404\u79cd\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\uff0c\u901a\u4fe1\u53ef\u80fd\u6d89\u53ca\u654f\u611f/\u673a\u5bc6\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5c1d\u8bd5\u7a83\u542c\u9891\u9053\u4ee5\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u56e0\u6b64\uff0c\u6240\u6709\u7ec4\u4ef6\u90fd\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u7684\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in /etc/cinder/cinder.conf \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a Identity API \u7aef\u70b9\u5f00\u5934\uff0c https:// \u5e76\u4e14 same /etc/cinder/cinder.conf \u4e2d\u540c\u4e00 [keystone_authtoken] \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri insecure \u503c\u8bbe\u7f6e\u4e3a False \u3002 \u5931\u8d25\uff1a\u5982\u679c in /etc/cinder/cinder.conf \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri \u503c\u672a\u8bbe\u7f6e\u4e3a\u4ee5 \u5f00\u5934\u7684\u8eab\u4efd API \u7aef\u70b9\uff0c https:// \u6216\u8005\u540c\u4e00 /etc/cinder/cinder.conf \u90e8\u5206\u4e2d\u7684\u53c2\u6570 insecure [keystone_authtoken] \u503c\u8bbe\u7f6e\u4e3a True \u3002 Check-Block-05\uff1acinder \u662f\u5426\u901a\u8fc7 TLS \u4e0e nova \u901a\u4fe1\uff1f \u00b6 OpenStack \u7ec4\u4ef6\u4f7f\u7528\u5404\u79cd\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\uff0c\u901a\u4fe1\u53ef\u80fd\u6d89\u53ca\u654f\u611f/\u673a\u5bc6\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5c1d\u8bd5\u7a83\u542c\u9891\u9053\u4ee5\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u56e0\u6b64\uff0c\u6240\u6709\u7ec4\u4ef6\u90fd\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u7684\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 nova_api_insecure \u8bbe\u7f6e\u4e3a False \u3002 [DEFAULT] /etc/cinder/cinder.conf \u5931\u8d25\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 nova_api_insecure \u8bbe\u7f6e\u4e3a True \u3002 [DEFAULT] /etc/cinder/cinder.conf Check-Block-06\uff1acinder \u662f\u5426\u901a\u8fc7 TLS \u4e0e glance \u901a\u4fe1\uff1f \u00b6 \u4e0e\u4e4b\u524d\u7684\u68c0\u67e5\uff08Check-Block-05\uff1acinder \u662f\u5426\u901a\u8fc7 TLS \u4e0e nova \u901a\u4fe1\uff1f\uff09\u7c7b\u4f3c\uff0c\u6211\u4eec\u5efa\u8bae\u6240\u6709\u7ec4\u4ef6\u4f7f\u7528\u5b89\u5168\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c in \u90e8\u5206\u4e0b\u7684 [DEFAULT] \u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a False \u5e76\u4e14\u53c2\u6570 glance_api_servers glance_api_insecure \u503c\u8bbe\u7f6e\u4e3a\u4ee5 https:// \u5f00\u5934 /etc/cinder/cinder.conf \u7684\u503c\u3002 \u5931\u8d25\uff1a\u5982\u679c\u5c06 section in \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a True \u6216\u53c2\u6570 glance_api_servers glance_api_insecure \u503c\u8bbe\u7f6e\u4e3a\u4e0d\u4ee5 https:// \u5f00\u5934\u7684\u503c\u3002 [DEFAULT] /etc/cinder/cinder.conf Check-Block-07\uff1a NAS \u662f\u5426\u5728\u5b89\u5168\u7684\u73af\u5883\u4e2d\u8fd0\u884c\uff1f \u00b6 Cinder \u652f\u6301 NFS \u9a71\u52a8\u7a0b\u5e8f\uff0c\u5176\u5de5\u4f5c\u65b9\u5f0f\u4e0e\u4f20\u7edf\u7684\u5757\u5b58\u50a8\u9a71\u52a8\u7a0b\u5e8f\u4e0d\u540c\u3002NFS \u9a71\u52a8\u7a0b\u5e8f\u5b9e\u9645\u4e0a\u4e0d\u5141\u8bb8\u5b9e\u4f8b\u5728\u5757\u7ea7\u522b\u8bbf\u95ee\u5b58\u50a8\u8bbe\u5907\u3002\u76f8\u53cd\uff0c\u6587\u4ef6\u662f\u5728 NFS \u5171\u4eab\u4e0a\u521b\u5efa\u7684\uff0c\u5e76\u6620\u5c04\u5230\u6a21\u62df\u5757\u50a8\u5b58\u8bbe\u5907\u7684\u5b9e\u4f8b\u3002Cinder \u901a\u8fc7\u5728\u521b\u5efa Cinder \u5377\u65f6\u63a7\u5236\u6587\u4ef6\u6743\u9650\u6765\u652f\u6301\u6b64\u7c7b\u6587\u4ef6\u7684\u5b89\u5168\u914d\u7f6e\u3002Cinder \u914d\u7f6e\u8fd8\u53ef\u4ee5\u63a7\u5236\u662f\u4ee5 root \u7528\u6237\u8eab\u4efd\u8fd8\u662f\u5f53\u524d OpenStack \u8fdb\u7a0b\u7528\u6237\u8eab\u4efd\u8fd0\u884c\u6587\u4ef6\u64cd\u4f5c\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 nas_secure_file_permissions \u8bbe\u7f6e\u4e3a auto \u3002 [DEFAULT] /etc/cinder/cinder.conf \u5982\u679c\u8bbe\u7f6e\u4e3a auto \uff0c\u5219\u5728 cinder \u542f\u52a8\u671f\u95f4\u8fdb\u884c\u68c0\u67e5\u4ee5\u786e\u5b9a\u662f\u5426\u5b58\u5728\u73b0\u6709\u7684 cinder \u5377\uff0c\u4efb\u4f55\u5377\u90fd\u4e0d\u4f1a\u5c06\u9009\u9879\u8bbe\u7f6e\u4e3a True \uff0c\u5e76\u4f7f\u7528\u5b89\u5168\u6587\u4ef6\u6743\u9650\u3002\u68c0\u6d4b\u73b0\u6709\u5377\u4f1a\u5c06\u9009\u9879\u8bbe\u7f6e\u4e3a False \uff0c\u5e76\u4f7f\u7528\u5f53\u524d\u4e0d\u5b89\u5168\u7684\u65b9\u6cd5\u6765\u5904\u7406\u6587\u4ef6\u6743\u9650\u3002\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 nas_secure_file_operations \u8bbe\u7f6e\u4e3a auto \u3002 [DEFAULT] /etc/cinder/cinder.conf \u5f53\u8bbe\u7f6e\u4e3a\u201cauto\u201d\u65f6\uff0c\u5728 cinder \u542f\u52a8\u671f\u95f4\u8fdb\u884c\u68c0\u67e5\u4ee5\u786e\u5b9a\u662f\u5426\u5b58\u5728\u73b0\u6709\u7684 cinder \u5377\uff0c\u4efb\u4f55\u5377\u90fd\u4e0d\u4f1a\u5c06\u9009\u9879\u8bbe\u7f6e\u4e3a True \uff0c\u5b89\u5168\u4e14\u4e0d\u4ee5 root \u7528\u6237\u8eab\u4efd\u8fd0\u884c\u3002\u5bf9\u73b0\u6709\u5377\u7684\u68c0\u6d4b\u4f1a\u5c06\u9009\u9879\u8bbe\u7f6e\u4e3a False \uff0c\u5e76\u4f7f\u7528\u5f53\u524d\u65b9\u6cd5\u4ee5 root \u7528\u6237\u8eab\u4efd\u8fd0\u884c\u64cd\u4f5c\u3002\u5bf9\u4e8e\u65b0\u5b89\u88c5\uff0c\u4f1a\u7f16\u5199\u4e00\u4e2a\u201c\u6807\u8bb0\u6587\u4ef6\u201d\uff0c\u4ee5\u4fbf\u968f\u540e\u91cd\u65b0\u542f\u52a8 cinder \u5c06\u77e5\u9053\u539f\u59cb\u786e\u5b9a\u662f\u4ec0\u4e48\u3002 \u5931\u8d25\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a False \uff0c\u5e76\u4e14 section in /etc/cinder/cinder.conf /etc/cinder/cinder.conf \u4e0b\u7684 [DEFAULT] [DEFAULT] \u53c2\u6570 nas_secure_file_permissions nas_secure_file_operations \u503c\u8bbe\u7f6e\u4e3a False \u3002 Check-Block-08\uff1a\u8bf7\u6c42\u6b63\u6587\u7684\u6700\u5927\u5927\u5c0f\u662f\u5426\u8bbe\u7f6e\u4e3a\u9ed8\u8ba4\u503c \uff08114688\uff09\uff1f \u00b6 \u5982\u679c\u672a\u5b9a\u4e49\u6bcf\u4e2a\u8bf7\u6c42\u7684\u6700\u5927\u6b63\u6587\u5927\u5c0f\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u6784\u5efa\u4efb\u610f\u8f83\u5927\u7684osapi\u8bf7\u6c42\uff0c\u5bfc\u81f4\u670d\u52a1\u5d29\u6e83\uff0c\u6700\u7ec8\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u5206\u914d\u6700\u5927\u503c\u53ef\u786e\u4fdd\u963b\u6b62\u4efb\u4f55\u6076\u610f\u8d85\u5927\u8bf7\u6c42\uff0c\u4ece\u800c\u786e\u4fdd\u670d\u52a1\u7684\u6301\u7eed\u53ef\u7528\u6027\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a 114688 114688 \uff0c\u6216\u8005 section in /etc/cinder/cinder.conf /etc/cinder/cinder.conf \u4e0b\u7684 [oslo_middleware] [DEFAULT] \u53c2\u6570 osapi_max_request_body_size max_request_body_size \u503c\u8bbe\u7f6e\u4e3a \u3002 \u5931\u8d25\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570\u503c\u672a\u8bbe\u7f6e\u4e3a 114688 \uff0c 114688 \u6216\u8005 section in /etc/cinder/cinder.conf /etc/cinder/cinder.conf \u4e0b\u7684 [oslo_middleware] [DEFAULT] \u53c2\u6570 osapi_max_request_body_size max_request_body_size \u503c\u672a\u8bbe\u7f6e\u4e3a \u3002 Check-Block-09\uff1a\u662f\u5426\u542f\u7528\u4e86\u5377\u52a0\u5bc6\u529f\u80fd\uff1f \u00b6 \u672a\u52a0\u5bc6\u7684\u5377\u6570\u636e\u4f7f\u5377\u6258\u7ba1\u5e73\u53f0\u6210\u4e3a\u653b\u51fb\u8005\u7279\u522b\u9ad8\u4ef7\u503c\u7684\u76ee\u6807\uff0c\u56e0\u4e3a\u5b83\u5141\u8bb8\u653b\u51fb\u8005\u8bfb\u53d6\u8bb8\u591a\u4e0d\u540c VM \u7684\u6570\u636e\u3002\u6b64\u5916\uff0c\u7269\u7406\u5b58\u50a8\u4ecb\u8d28\u53ef\u80fd\u4f1a\u88ab\u7a83\u53d6\u3001\u91cd\u65b0\u88c5\u8f7d\u548c\u4ece\u53e6\u4e00\u53f0\u8ba1\u7b97\u673a\u8bbf\u95ee\u3002\u52a0\u5bc6\u5377\u6570\u636e\u53ef\u4ee5\u964d\u4f4e\u8fd9\u4e9b\u98ce\u9669\uff0c\u5e76\u4e3a\u5377\u6258\u7ba1\u5e73\u53f0\u63d0\u4f9b\u6df1\u5ea6\u9632\u5fa1\u3002\u5757\u5b58\u50a8 \uff08cinder\uff09 \u80fd\u591f\u5728\u5c06\u5377\u6570\u636e\u5199\u5165\u78c1\u76d8\u4e4b\u524d\u5bf9\u5176\u8fdb\u884c\u52a0\u5bc6\uff0c\u56e0\u6b64\u5efa\u8bae\u5f00\u542f\u5377\u52a0\u5bc6\u529f\u80fd\u3002\u6709\u5173\u8bf4\u660e\uff0c\u8bf7\u53c2\u9605 Openstack Cinder \u670d\u52a1\u914d\u7f6e\u6587\u6863\u7684\u5377\u52a0\u5bc6\u90e8\u5206\u3002 \u901a\u8fc7\uff1a\u5982\u679c 1\uff09 \u8bbe\u7f6e\u4e86 in [key_manager] \u90e8\u5206\u4e0b\u7684\u53c2\u6570\u503c\uff0c2\uff09 \u8bbe\u7f6e\u4e86 in \u4e0b\u7684 [key_manager] \u53c2\u6570 backend backend \u503c\uff0c\u4ee5\u53ca 3\uff09 \u5982\u679c\u6b63\u786e\u9075\u5faa\u4e86 /etc/cinder/cinder.conf /etc/nova/nova.conf \u4e0a\u8ff0\u6587\u6863\u4e2d\u7684\u8bf4\u660e\u3002 \u82e5\u8981\u8fdb\u4e00\u6b65\u9a8c\u8bc1\uff0c\u8bf7\u5728\u5b8c\u6210\u5377\u52a0\u5bc6\u8bbe\u7f6e\u5e76\u4e3a LUKS \u521b\u5efa\u5377\u7c7b\u578b\u540e\u6267\u884c\u8fd9\u4e9b\u6b65\u9aa4\uff0c\u5982\u4e0a\u8ff0\u6587\u6863\u4e2d\u6240\u8ff0\u3002 \u521b\u5efa VM\uff1a $ openstack server create --image cirros-0.3.1-x86_64-disk --flavor m1.tiny TESTVM \u521b\u5efa\u52a0\u5bc6\u5377\u5e76\u5c06\u5176\u9644\u52a0\u5230 VM\uff1a $ openstack volume create --size 1 --type LUKS 'encrypted volume' $ openstack volume list $ openstack server add volume --device /dev/vdb TESTVM 'encrypted volume' \u5728 VM \u4e0a\uff0c\u5c06\u4e00\u4e9b\u6587\u672c\u53d1\u9001\u5230\u65b0\u9644\u52a0\u7684\u5377\u5e76\u540c\u6b65\u5b83\uff1a # echo \"Hello, world (encrypted /dev/vdb)\" >> /dev/vdb # sync && sleep 2 \u5728\u6258\u7ba1 cinder \u5377\u670d\u52a1\u7684\u7cfb\u7edf\u4e0a\uff0c\u540c\u6b65\u4ee5\u5237\u65b0 I/O \u7f13\u5b58\uff0c\u7136\u540e\u6d4b\u8bd5\u662f\u5426\u53ef\u4ee5\u627e\u5230\u5b57\u7b26\u4e32\uff1a # sync && sleep 2 # strings /dev/stack-volumes/volume-* | grep \"Hello\" \u641c\u7d22\u4e0d\u5e94\u8fd4\u56de\u5199\u5165\u52a0\u5bc6\u5377\u7684\u5b57\u7b26\u4e32\u3002 \u5931\u8d25\uff1a\u5982\u679c\u672a\u8bbe\u7f6e in \u90e8\u5206\u4e0b\u7684\u53c2\u6570\u503c\uff0c\u6216\u8005\u672a\u8bbe\u7f6e in /etc/cinder/cinder.conf /etc/nova/nova.conf \u90e8\u5206\u4e0b\u7684 [key_manager] [key_manager] \u53c2\u6570 backend backend \u503c\uff0c\u6216\u8005\u672a\u6b63\u786e\u9075\u5faa\u4e0a\u8ff0\u6587\u6863\u4e2d\u7684\u8bf4\u660e\u3002 \u56fe\u50cf\u5b58\u50a8 \u00b6 OpenStack Image Storage \uff08glance\uff09 \u662f\u4e00\u9879\u670d\u52a1\uff0c\u7528\u6237\u53ef\u4ee5\u5728\u5176\u4e2d\u4e0a\u4f20\u548c\u53d1\u73b0\u65e8\u5728\u4e0e\u5176\u4ed6\u670d\u52a1\u4e00\u8d77\u4f7f\u7528\u7684\u6570\u636e\u8d44\u4ea7\u3002\u8fd9\u76ee\u524d\u5305\u62ec\u56fe\u50cf\u548c\u5143\u6570\u636e\u5b9a\u4e49\u3002 \u6620\u50cf\u670d\u52a1\u5305\u62ec\u53d1\u73b0\u3001\u6ce8\u518c\u548c\u68c0\u7d22\u865a\u62df\u673a\u6620\u50cf\u3002Glance \u6709\u4e00\u4e2a RESTful API\uff0c\u5141\u8bb8\u67e5\u8be2 VM \u6620\u50cf\u5143\u6570\u636e\u4ee5\u53ca\u68c0\u7d22\u5b9e\u9645\u6620\u50cf\u3002 \u6709\u5173\u8be5\u670d\u52a1\u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 OpenStack Glance \u6587\u6863\u3002 \u68c0\u67e5\u8868 Check-Image-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/glance\uff1f Check-Image-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Image-03\uff1aKeystone \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Image-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Image-05\uff1a\u662f\u5426\u963b\u6b62\u4e86\u5c4f\u853d\u7aef\u53e3\u626b\u63cf\uff1f \u6ce8\u610f \u867d\u7136\u672c\u7ae0\u76ee\u524d\u5bf9\u5177\u4f53\u6307\u5357\u7684\u4ecb\u7ecd\u5f88\u5c11\uff0c\u4f46\u9884\u8ba1\u5c06\u9075\u5faa\u6807\u51c6\u7684\u5f3a\u5316\u5b9e\u8df5\u3002\u672c\u8282\u5c06\u6269\u5c55\u76f8\u5173\u4fe1\u606f\u3002 \u68c0\u67e5\u8868 \u00b6 Check-Image-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/glance\uff1f \u00b6 \u914d\u7f6e\u6587\u4ef6\u5305\u542b\u7ec4\u4ef6\u5e73\u7a33\u8fd0\u884c\u6240\u9700\u7684\u5173\u952e\u53c2\u6570\u548c\u4fe1\u606f\u3002\u5982\u679c\u975e\u7279\u6743\u7528\u6237\u6709\u610f\u6216\u65e0\u610f\u5730\u4fee\u6539\u6216\u5220\u9664\u4efb\u4f55\u53c2\u6570\u6216\u6587\u4ef6\u672c\u8eab\uff0c\u5219\u4f1a\u5bfc\u81f4\u4e25\u91cd\u7684\u53ef\u7528\u6027\u95ee\u9898\uff0c\u4ece\u800c\u5bfc\u81f4\u62d2\u7edd\u5411\u5176\u4ed6\u6700\u7ec8\u7528\u6237\u63d0\u4f9b\u670d\u52a1\u3002\u56e0\u6b64\uff0c\u5fc5\u987b\u5c06\u6b64\u7c7b\u5173\u952e\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u6240\u6709\u6743\u8bbe\u7f6e\u4e3a glance \uff0c root \u5e76\u4e14\u5fc5\u987b\u5c06\u7ec4\u6240\u6709\u6743\u8bbe\u7f6e\u4e3a \u3002\u6b64\u5916\uff0c\u5305\u542b\u76ee\u5f55\u5e94\u5177\u6709\u76f8\u540c\u7684\u6240\u6709\u6743\uff0c\u4ee5\u786e\u4fdd\u6b63\u786e\u62e5\u6709\u65b0\u6587\u4ef6\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%U %G\" /etc/glance/glance-api-paste.ini | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance/glance-api.conf | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance/glance-cache.conf | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance/glance-manage.conf | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance/glance-registry-paste.ini | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance/glance-registry.conf | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance/glance-scrubber.conf | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance/glance-swift-store.conf | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance/policy.json | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance/schema-image.json | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance/schema.json | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance | egrep \"root glance\" \u901a\u8fc7\uff1a\u5982\u679c\u6240\u6709\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u5206\u522b\u8bbe\u7f6e\u4e3a root \u548c glance\u3002\u4e0a\u9762\u7684\u547d\u4ee4\u663e\u793a\u4e86 root glance \u7684\u8f93\u51fa\u3002 \u5931\u8d25\uff1a\u5982\u679c\u4e0a\u8ff0\u547d\u4ee4\u4e0d\u8fd4\u56de\u4efb\u4f55\u8f93\u51fa\u3002 Check-Image-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f \u00b6 \u4e0e\u524d\u9762\u7684\u68c0\u67e5\u7c7b\u4f3c\uff0c\u6211\u4eec\u5efa\u8bae\u60a8\u4e3a\u6b64\u7c7b\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e25\u683c\u7684\u8bbf\u95ee\u6743\u9650\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%a\" /etc/glance/glance-api-paste.ini $ stat -L -c \"%a\" /etc/glance/glance-api.conf $ stat -L -c \"%a\" /etc/glance/glance-cache.conf $ stat -L -c \"%a\" /etc/glance/glance-manage.conf $ stat -L -c \"%a\" /etc/glance/glance-registry-paste.ini $ stat -L -c \"%a\" /etc/glance/glance-registry.conf $ stat -L -c \"%a\" /etc/glance/glance-scrubber.conf $ stat -L -c \"%a\" /etc/glance/glance-swift-store.conf $ stat -L -c \"%a\" /etc/glance/policy.json $ stat -L -c \"%a\" /etc/glance/schema-image.json $ stat -L -c \"%a\" /etc/glance/schema.json $ stat -L -c \"%a\" /etc/glance \u8fd8\u53ef\u4ee5\u8fdb\u884c\u66f4\u5e7f\u6cdb\u7684\u9650\u5236\uff1a\u5982\u679c\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\uff0c\u5219\u4fdd\u8bc1\u6b64\u76ee\u5f55\u4e2d\u65b0\u521b\u5efa\u7684\u6587\u4ef6\u5177\u6709\u6240\u9700\u7684\u6743\u9650\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u6743\u9650\u8bbe\u7f6e\u4e3a 640 \u6216\u66f4\u4e25\u683c\uff0c\u6216\u8005\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\u3002640/750 \u7684\u6743\u9650\u8f6c\u6362\u4e3a\u6240\u6709\u8005 r/w\u3001\u7ec4 r\uff0c\u800c\u5bf9\u5176\u4ed6\u4eba\u6ca1\u6709\u6743\u9650\u3002\u4f8b\u5982\uff0c u=rw,g=r,o= . \u6ce8\u610f \u4f7f\u7528 Check-Image-01\uff1a Devices / Group Ownership of config files \u662f\u5426\u8bbe\u7f6e\u4e3a root/glance\uff1f\uff0c\u6743\u9650\u8bbe\u7f6e\u4e3a 640\uff0c\u5219 root \u5177\u6709\u8bfb/\u5199\u8bbf\u95ee\u6743\u9650\uff0cglance \u5177\u6709\u5bf9\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u8bfb\u53d6\u8bbf\u95ee\u6743\u9650\u3002\u4e5f\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u9a8c\u8bc1\u8bbf\u95ee\u6743\u9650\u3002\u4ec5\u5f53\u6b64\u547d\u4ee4\u652f\u6301 ACL \u65f6\uff0c\u5b83\u624d\u5728\u60a8\u7684\u7cfb\u7edf\u4e0a\u53ef\u7528\u3002 $ getfacl --tabular -a /etc/glance/glance-api.conf getfacl: Removing leading '/' from absolute path names # file: /etc/glance/glance-api.conf USER root rw- GROUP glance r-- mask r-- other --- \u5931\u8d25\uff1a\u5982\u679c\u6743\u9650\u672a\u8bbe\u7f6e\u4e3a\u81f3\u5c11 640\u3002 Check-Image-03\uff1aKeystone \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f \u00b6 \u6ce8\u610f \u6b64\u9879\u4ec5\u9002\u7528\u4e8e OpenStack \u7248\u672c Rocky \u53ca\u4e4b\u524d\u7248\u672c\uff0c\u56e0\u4e3a `auth_strategy` Stein \u4e2d\u5df2\u5f03\u7528\u3002 OpenStack \u652f\u6301\u5404\u79cd\u8eab\u4efd\u9a8c\u8bc1\u7b56\u7565\uff0c\u5305\u62ec noauth \u548c keystone\u3002\u5982\u679c\u4f7f\u7528\u8be5 noauth \u7b56\u7565\uff0c\u5219\u7528\u6237\u65e0\u9700\u4efb\u4f55\u8eab\u4efd\u9a8c\u8bc1\u5373\u53ef\u4e0e OpenStack \u670d\u52a1\u8fdb\u884c\u4ea4\u4e92\u3002\u8fd9\u53ef\u80fd\u662f\u4e00\u4e2a\u6f5c\u5728\u7684\u98ce\u9669\uff0c\u56e0\u4e3a\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u83b7\u5f97\u5bf9 OpenStack \u7ec4\u4ef6\u7684\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002\u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\u6240\u6709\u670d\u52a1\u90fd\u5fc5\u987b\u4f7f\u7528\u5176\u670d\u52a1\u5e10\u6237\u901a\u8fc7 keystone \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a \uff0c keystone \u5e76\u4e14 section in /etc/glance/glance-api.conf /etc/glance /glance-registry.conf \u4e0b\u7684 [DEFAULT] [DEFAULT] \u53c2\u6570 auth_strategy auth_strategy \u503c\u8bbe\u7f6e\u4e3a keystone \u3002 \u5931\u8d25\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a noauth \u6216 section in /etc/glance/glance-api.conf /etc/glance/glance- registry.conf \u4e0b\u7684 [DEFAULT] [DEFAULT] \u53c2\u6570 auth_strategy auth_strategy \u503c\u8bbe\u7f6e\u4e3a noauth \u3002 Check-Image-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f \u00b6 OpenStack \u7ec4\u4ef6\u4f7f\u7528\u5404\u79cd\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\uff0c\u901a\u4fe1\u53ef\u80fd\u6d89\u53ca\u654f\u611f\u6216\u673a\u5bc6\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5c1d\u8bd5\u7a83\u542c\u9891\u9053\u4ee5\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u6240\u6709\u7ec4\u4ef6\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u7684\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a\u4ee5 \u5f00\u5934\u7684 Identity API \u7aef\u70b9 https:// \uff0c\u5e76\u4e14\u8be5\u53c2\u6570 insecure www_authenticate_uri \u7684\u503c\u4f4d\u4e8e same /etc/glance/glance-registry.conf \u4e2d\u7684\u540c\u4e00 [keystone_authtoken] \u90e8\u5206\u4e0b\uff0c\u5219\u8bbe\u7f6e\u4e3a False \u3002 [keystone_authtoken] /etc/glance/glance-api.conf \u5931\u8d25\uff1a\u5982\u679c \u4e2d\u7684 /etc/glance/glance-api.conf \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri \u503c\u672a\u8bbe\u7f6e\u4e3a\u4ee5 https:// \u5f00\u5934\u7684\u6807\u8bc6 API \u7aef\u70b9\uff0c\u6216\u8005\u540c\u4e00 /etc/glance/glance-api.conf \u90e8\u5206\u4e2d\u7684\u53c2\u6570 insecure [keystone_authtoken] \u503c\u8bbe\u7f6e\u4e3a True \u3002 Check-Image-05\uff1a\u662f\u5426\u963b\u6b62\u4e86\u5c4f\u853d\u7aef\u53e3\u626b\u63cf\uff1f \u00b6 Glance \u63d0\u4f9b\u7684\u6620\u50cf\u670d\u52a1 API v1 \u4e2d\u7684 copy_from \u529f\u80fd\u53ef\u5141\u8bb8\u653b\u51fb\u8005\u6267\u884c\u5c4f\u853d\u7684\u7f51\u7edc\u7aef\u53e3\u626b\u63cf\u3002\u5982\u679c\u542f\u7528\u4e86 v1 API\uff0c\u5219\u5e94\u5c06\u6b64\u7b56\u7565\u8bbe\u7f6e\u4e3a\u53d7\u9650\u503c\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 copy_from in /etc/glance/policy.json \u7684\u503c\u8bbe\u7f6e\u4e3a\u53d7\u9650\u503c\uff0c\u4f8b\u5982 role:admin . \u5931\u8d25\uff1a\u672a\u8bbe\u7f6e\u53c2\u6570 copy_from in /etc/glance/policy.json \u7684\u503c\u3002 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf \u00b6 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\uff08manila\uff09\u63d0\u4f9b\u4e86\u4e00\u7ec4\u670d\u52a1\uff0c\u7528\u4e8e\u7ba1\u7406\u591a\u79df\u6237\u4e91\u73af\u5883\u4e2d\u7684\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u3002\u5b83\u7c7b\u4f3c\u4e8eOpenStack\u901a\u8fc7OpenStack\u5757\u5b58\u50a8\u670d\u52a1\uff08cinder\uff09\u9879\u76ee\u63d0\u4f9b\u57fa\u4e8e\u5757\u7684\u5b58\u50a8\u7ba1\u7406\u7684\u65b9\u5f0f\u3002\u4f7f\u7528\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\uff0c\u60a8\u53ef\u4ee5\u521b\u5efa\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u5e76\u7ba1\u7406\u5176\u5c5e\u6027\uff0c\u4f8b\u5982\u53ef\u89c1\u6027\u3001\u53ef\u8bbf\u95ee\u6027\u548c\u4f7f\u7528\u914d\u989d\u3002 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u9002\u7528\u4e8e\u4f7f\u7528\u4ee5\u4e0b\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\u7684\u5404\u79cd\u5b58\u50a8\u63d0\u4f9b\u7a0b\u5e8f\uff1aNFS\u3001CIFS\u3001GlusterFS \u548c HDFS\u3002 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u7684\u7528\u9014\u4e0e Amazon Elastic File System \uff08EFS\uff09 \u76f8\u540c\u3002 \u4ecb\u7ecd \u4e00\u822c\u5b89\u5168\u4fe1\u606f \u7f51\u7edc\u548c\u5b89\u5168\u6a21\u578b \u5171\u4eab\u540e\u7aef\u6a21\u5f0f \u6241\u5e73\u5316\u7f51\u7edc\u4e0e\u5206\u6bb5\u5316\u7f51\u7edc \u7f51\u7edc\u63d2\u4ef6 \u5b89\u5168\u670d\u52a1 \u5b89\u5168\u670d\u52a1\u7b80\u4ecb \u5b89\u5168\u670d\u52a1\u7ba1\u7406 \u5171\u4eab\u8bbf\u95ee\u63a7\u5236 \u5171\u4eab\u7c7b\u578b\u8bbf\u95ee\u63a7\u5236 \u653f\u7b56 \u68c0\u67e5\u8868 Check-Shared-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/manila\uff1f Check-Shared-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Shared-03\uff1aOpenStack Identity \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Shared-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Shared-05\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u8ba1\u7b97\u8054\u7cfb\uff1f Check-Shared-06\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u7f51\u7edc\u8054\u7cfb\uff1f Check-Shared-07\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u5757\u5b58\u50a8\u8054\u7cfb\uff1f Check-Shared-08\uff1a\u8bf7\u6c42\u6b63\u6587\u7684\u6700\u5927\u5927\u5c0f\u662f\u5426\u8bbe\u7f6e\u4e3a\u9ed8\u8ba4\u503c \uff08114688\uff09\uff1f \u4ecb\u7ecd \u00b6 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\uff08\u9a6c\u5c3c\u62c9\uff09\u65e8\u5728\u5728\u5355\u8282\u70b9\u6216\u8de8\u591a\u4e2a\u8282\u70b9\u8fd0\u884c\u3002\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u7531\u56db\u4e2a\u4e3b\u8981\u670d\u52a1\u7ec4\u6210\uff0c\u5b83\u4eec\u7c7b\u4f3c\u4e8e\u5757\u5b58\u50a8\u670d\u52a1\uff1a manila-api manila-scheduler manila-share manila-data manila-api \u63d0\u4f9b\u7a33\u5b9a RESTful API \u7684\u670d\u52a1\u3002\u8be5\u670d\u52a1\u5728\u6574\u4e2a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4e2d\u5bf9\u8bf7\u6c42\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u548c\u8def\u7531\u3002\u6709 python-manilaclient \u53ef\u4ee5\u4e0e API \u4ea4\u4e92\u3002\u6709\u5173\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf API \u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 OpenStack \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf API\u3002 manila-share \u8d1f\u8d23\u7ba1\u7406\u5171\u4eab\u6587\u4ef6\u670d\u52a1\u8bbe\u5907\uff0c\u7279\u522b\u662f\u540e\u7aef\u8bbe\u5907\u3002 manila-scheduler \u8d1f\u8d23\u5b89\u6392\u8bf7\u6c42\u5e76\u5c06\u5176\u8def\u7531\u5230\u76f8\u5e94\u7684 manila-share \u670d\u52a1\u3002\u5b83\u901a\u8fc7\u9009\u62e9\u4e00\u4e2a\u540e\u7aef\uff0c\u540c\u65f6\u8fc7\u6ee4\u9664\u4e00\u4e2a\u540e\u7aef\u4e4b\u5916\u7684\u6240\u6709\u540e\u7aef\u6765\u5b9e\u73b0\u8fd9\u4e00\u70b9\u3002 manila-data \u6b64\u670d\u52a1\u8d1f\u8d23\u7ba1\u7406\u6570\u636e\u64cd\u4f5c\uff0c\u5982\u679c\u4e0d\u5355\u72ec\u5904\u7406\uff0c\u53ef\u80fd\u9700\u8981\u5f88\u957f\u65f6\u95f4\u624d\u80fd\u5b8c\u6210\uff0c\u5e76\u963b\u6b62\u5176\u4ed6\u670d\u52a1\u3002 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4f7f\u7528\u57fa\u4e8e SQL \u7684\u4e2d\u592e\u6570\u636e\u5e93\uff0c\u8be5\u6570\u636e\u5e93\u7531\u7cfb\u7edf\u4e2d\u7684\u6240\u6709\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5171\u4eab\u3002\u5b83\u53ef\u4ee5\u4f7f\u7528 ORM SQLALcvery \u652f\u6301\u7684\u4efb\u4f55 SQL \u65b9\u8a00\uff0c\u4f46\u4ec5\u4f7f\u7528 MySQL \u548c PostgreSQL \u6570\u636e\u5e93\u8fdb\u884c\u6d4b\u8bd5\u3002 \u4f7f\u7528 SQL\uff0c\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u7c7b\u4f3c\u4e8e\u5176\u4ed6 OpenStack \u670d\u52a1\uff0c\u53ef\u4ee5\u4e0e\u4efb\u4f55 OpenStack \u90e8\u7f72\u4e00\u8d77\u4f7f\u7528\u3002\u6709\u5173 API \u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 OpenStack \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf API \u8bf4\u660e\u3002\u6709\u5173 CLI \u7528\u6cd5\u548c\u914d\u7f6e\u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u4e91\u7ba1\u7406\u6307\u5357\u3002 \u4e0b\u56fe\u4e2d\uff0c\u60a8\u53ef\u4ee5\u770b\u5230\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u7684\u4e0d\u540c\u90e8\u5206\u5982\u4f55\u76f8\u4e92\u4ea4\u4e92\u3002 \u9664\u4e86\u5df2\u7ecf\u63cf\u8ff0\u7684\u670d\u52a1\u4e4b\u5916\uff0c\u60a8\u8fd8\u53ef\u4ee5\u5728\u56fe\u50cf\u4e0a\u770b\u5230\u53e6\u5916\u4e24\u4e2a\u5b9e\u4f53\uff1a python-manilaclient \u548c storage controller \u3002 python-manilaclient \u547d\u4ee4\u884c\u754c\u9762\uff0c\u7528\u4e8e\u901a\u8fc7 manila-api \u4e0e\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u8fdb\u884c\u4ea4\u4e92\uff0c\u4ee5\u53ca\u7528\u4e8e\u4ee5\u7f16\u7a0b\u65b9\u5f0f\u4e0e\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4ea4\u4e92\u7684 Python \u6a21\u5757\u3002 Storage controller \u901a\u5e38\u662f\u4e00\u4e2a\u91d1\u5c5e\u76d2\uff0c\u5e26\u6709\u65cb\u8f6c\u78c1\u76d8\u3001\u4ee5\u592a\u7f51\u7aef\u53e3\u548c\u67d0\u79cd\u8f6f\u4ef6\uff0c\u5141\u8bb8\u7f51\u7edc\u5ba2\u6237\u7aef\u5728\u78c1\u76d8\u4e0a\u8bfb\u53d6\u548c\u5199\u5165\u6587\u4ef6\u3002\u8fd8\u6709\u4e00\u4e9b\u5728\u4efb\u610f\u786c\u4ef6\u4e0a\u8fd0\u884c\u7684\u7eaf\u8f6f\u4ef6\u5b58\u50a8\u63a7\u5236\u5668\uff0c\u7fa4\u96c6\u63a7\u5236\u5668\u53ef\u80fd\u5141\u8bb8\u591a\u4e2a\u7269\u7406\u8bbe\u5907\u663e\u793a\u4e3a\u5355\u4e2a\u5b58\u50a8\u63a7\u5236\u5668\uff0c\u6216\u7eaf\u865a\u62df\u5b58\u50a8\u63a7\u5236\u5668\u3002 \u5171\u4eab\u662f\u8fdc\u7a0b\u7684\u3001\u53ef\u88c5\u8f7d\u7684\u6587\u4ef6\u7cfb\u7edf\u3002\u60a8\u53ef\u4ee5\u4e00\u6b21\u5c06\u5171\u4eab\u88c5\u8f7d\u5230\u591a\u4e2a\u4e3b\u673a\uff0c\u4e5f\u53ef\u4ee5\u7531\u591a\u4e2a\u7528\u6237\u4ece\u591a\u4e2a\u4e3b\u673a\u8bbf\u95ee\u5171\u4eab\u3002 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u53ef\u4ee5\u4f7f\u7528\u4e0d\u540c\u7684\u7f51\u7edc\u7c7b\u578b\uff1a\u6241\u5e73\u7f51\u7edc\u3001VLAN\u3001VXLAN \u6216 GRE\uff0c\u5e76\u652f\u6301\u5206\u6bb5\u7f51\u7edc\u3002\u6b64\u5916\uff0c\u8fd8\u6709\u4e0d\u540c\u7684\u7f51\u7edc\u63d2\u4ef6\uff0c\u5b83\u4eec\u63d0\u4f9b\u4e86\u4e0e OpenStack \u63d0\u4f9b\u7684\u7f51\u7edc\u670d\u52a1\u7684\u5404\u79cd\u96c6\u6210\u65b9\u6cd5\u3002 \u4e0d\u540c\u4f9b\u5e94\u5546\u521b\u5efa\u4e86\u5927\u91cf\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\uff0c\u8fd9\u4e9b\u9a71\u52a8\u7a0b\u5e8f\u652f\u6301\u4e0d\u540c\u7684\u786c\u4ef6\u5b58\u50a8\u89e3\u51b3\u65b9\u6848\uff0c\u4f8b\u5982 NetApp \u96c6\u7fa4\u6a21\u5f0f Data ONTAP \uff08 cDOT \uff09\u9a71\u52a8\u7a0b\u5e8f\uff0c\u534e\u4e3a NAS \u9a71\u52a8\u7a0b\u5e8f\u6216 GlusterFS \u9a71\u52a8\u7a0b\u5e8f\u3002\u6bcf\u4e2a\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u90fd\u662f\u4e00\u4e2a Python \u7c7b\uff0c\u53ef\u4ee5\u4e3a\u540e\u7aef\u8bbe\u7f6e\u5e76\u5728\u540e\u7aef\u8fd0\u884c\u4ee5\u7ba1\u7406\u5171\u4eab\u64cd\u4f5c\uff0c\u5176\u4e2d\u4e00\u4e9b\u64cd\u4f5c\u53ef\u80fd\u662f\u7279\u5b9a\u4e8e\u4f9b\u5e94\u5546\u7684\u3002\u540e\u7aef\u662f manila-share \u670d\u52a1\u7684\u4e00\u4e2a\u5b9e\u4f8b\u3002 \u5ba2\u6237\u7aef\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743\u7684\u914d\u7f6e\u6570\u636e\u53ef\u4ee5\u7531\u5b89\u5168\u670d\u52a1\u5b58\u50a8\u3002\u53ef\u4ee5\u914d\u7f6e\u548c\u4f7f\u7528 LDAP\u3001Kerberos \u6216 Microsoft Active Directory \u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u7b49\u534f\u8bae\u3002 \u9664\u975e\u672a\u5728 policy.json \u4e2d\u663e\u5f0f\u66f4\u6539\uff0c\u5426\u5219\u7ba1\u7406\u5458\u6216\u62e5\u6709\u5171\u4eab\u7684\u79df\u6237\u90fd\u80fd\u591f\u7ba1\u7406\u5bf9\u5171\u4eab\u7684\u8bbf\u95ee\u3002\u8bbf\u95ee\u7ba1\u7406\u662f\u901a\u8fc7\u521b\u5efa\u8bbf\u95ee\u89c4\u5219\u6765\u5b8c\u6210\u7684\uff0c\u8be5\u89c4\u5219\u901a\u8fc7 IP \u5730\u5740\u3001\u7528\u6237\u3001\u7ec4\u6216 TLS \u8bc1\u4e66\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u53ef\u7528\u7684\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u53d6\u51b3\u4e8e\u60a8\u914d\u7f6e\u548c\u4f7f\u7528\u7684\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u548c\u5b89\u5168\u670d\u52a1\u3002 \u6ce8\u610f \u4e0d\u540c\u7684\u9a71\u52a8\u7a0b\u5e8f\u652f\u6301\u4e0d\u540c\u7684\u8bbf\u95ee\u9009\u9879\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u4f7f\u7528\u7684\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\u3002\u652f\u6301\u7684\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\u5305\u62ec NFS\u3001CIFS\u3001GlusterFS \u548c HDFS\u3002\u4f8b\u5982\uff0c\u901a\u7528\uff08\u5757\u5b58\u50a8\u4f5c\u4e3a\u540e\u7aef\uff09\u9a71\u52a8\u7a0b\u5e8f\u4e0d\u652f\u6301\u7528\u6237\u548c\u8bc1\u4e66\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u3002\u5b83\u8fd8\u4e0d\u652f\u6301\u4efb\u4f55\u5b89\u5168\u670d\u52a1\uff0c\u4f8b\u5982 LDAP\u3001Kerberos \u6216 Active Directory\u3002\u6709\u5173\u4e0d\u540c\u9a71\u52a8\u7a0b\u5e8f\u652f\u6301\u7684\u529f\u80fd\u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u9a6c\u5c3c\u62c9\u5171\u4eab\u529f\u80fd\u652f\u6301\u6620\u5c04\u3002 \u4f5c\u4e3a\u7ba1\u7406\u5458\uff0c\u60a8\u53ef\u4ee5\u521b\u5efa\u5171\u4eab\u7c7b\u578b\uff0c\u4f7f\u8ba1\u5212\u7a0b\u5e8f\u80fd\u591f\u5728\u521b\u5efa\u5171\u4eab\u4e4b\u524d\u7b5b\u9009\u540e\u7aef\u3002\u5171\u4eab\u7c7b\u578b\u5177\u6709\u989d\u5916\u7684\u89c4\u8303\uff0c\u60a8\u53ef\u4ee5\u4e3a\u8ba1\u5212\u7a0b\u5e8f\u8bbe\u7f6e\u8fd9\u4e9b\u89c4\u8303\uff0c\u4ee5\u7b5b\u9009\u548c\u6743\u8861\u540e\u7aef\uff0c\u4ee5\u4fbf\u4e3a\u8bf7\u6c42\u521b\u5efa\u5171\u4eab\u7684\u7528\u6237\u9009\u62e9\u9002\u5f53\u7684\u5171\u4eab\u7c7b\u578b\u3002\u5171\u4eab\u548c\u5171\u4eab\u7c7b\u578b\u53ef\u4ee5\u521b\u5efa\u4e3a\u516c\u5171\u6216\u79c1\u6709\u3002\u6b64\u53ef\u89c1\u6027\u7ea7\u522b\u5b9a\u4e49\u5176\u4ed6\u79df\u6237\u662f\u5426\u80fd\u591f\u770b\u5230\u8fd9\u4e9b\u5bf9\u8c61\u5e76\u5bf9\u5176\u8fdb\u884c\u64cd\u4f5c\u3002\u7ba1\u7406\u5458\u53ef\u4ee5\u4e3a\u8eab\u4efd\u670d\u52a1\u4e2d\u7684\u7279\u5b9a\u7528\u6237\u6216\u79df\u6237\u6dfb\u52a0\u5bf9\u4e13\u7528\u5171\u4eab\u7c7b\u578b\u7684\u8bbf\u95ee\u6743\u9650\u3002\u56e0\u6b64\uff0c\u60a8\u6388\u4e88\u8bbf\u95ee\u6743\u9650\u7684\u7528\u6237\u53ef\u4ee5\u770b\u5230\u53ef\u7528\u7684\u5171\u4eab\u7c7b\u578b\uff0c\u5e76\u4f7f\u7528\u5b83\u4eec\u521b\u5efa\u5171\u4eab\u3002 \u4e0d\u540c\u7528\u6237\u53ca\u5176\u89d2\u8272\u7684 API \u8c03\u7528\u6743\u9650\u7531\u7b56\u7565\u51b3\u5b9a\uff0c\u5c31\u50cf\u5728\u5176\u4ed6 OpenStack \u670d\u52a1\u4e2d\u4e00\u6837\u3002 \u6807\u8bc6\u670d\u52a1\u53ef\u7528\u4e8e\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4e2d\u7684\u8eab\u4efd\u9a8c\u8bc1\u3002\u8bf7\u53c2\u9605\u201c\u8eab\u4efd\u201d\u90e8\u5206\u4e2d\u7684\u8eab\u4efd\u670d\u52a1\u5b89\u5168\u6027\u7684\u8be6\u7ec6\u4fe1\u606f\u3002 \u4e00\u822c\u5b89\u5168\u4fe1\u606f \u00b6 \u4e0e\u5176\u4ed6 OpenStack \u9879\u76ee\u7c7b\u4f3c\uff0c\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5df2\u6ce8\u518c\u5230 Identity \u670d\u52a1\uff0c\u56e0\u6b64\u60a8\u53ef\u4ee5\u4f7f\u7528 manila endpoints \u547d\u4ee4\u67e5\u627e\u5171\u4eab\u670d\u52a1 v1 \u548c v2 \u7684 API \u7aef\u70b9\uff1a $ manila endpoints +-------------+-----------------------------------------+ | manila | Value | +-------------+-----------------------------------------+ | adminURL | http://172.18.198.55:8786/v1/20787a7b...| | region | RegionOne | | publicURL | http://172.18.198.55:8786/v1/20787a7b...| | internalURL | http://172.18.198.55:8786/v1/20787a7b...| | id | 82cc5535aa444632b64585f138cb9b61 | +-------------+-----------------------------------------+ +-------------+-----------------------------------------+ | manilav2 | Value | +-------------+-----------------------------------------+ | adminURL | http://172.18.198.55:8786/v2/20787a7b...| | region | RegionOne | | publicURL | http://172.18.198.55:8786/v2/20787a7b...| | internalURL | http://172.18.198.55:8786/v2/20787a7b...| | id | 2e8591bfcac4405fa7e5dc3fd61a2b85 | +-------------+-----------------------------------------+ \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf API \u670d\u52a1\u4ec5\u4fa6\u542c tcp6 \u7c7b\u578b\u540c\u65f6\u652f\u6301 IPv4 \u548c IPv6 \u7684\u7aef\u53e3 8786 \u3002 \u6ce8\u610f \u8be5\u7aef\u53e3\u662f\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u7684\u9ed8\u8ba4\u7aef\u53e3 8786 \u3002\u5b83\u53ef\u4ee5\u66f4\u6539\u4e3a\u4efb\u4f55\u5176\u4ed6\u7aef\u53e3\uff0c\u4f46\u6b64\u66f4\u6539\u4e5f\u5e94\u5728\u914d\u7f6e\u6587\u4ef6\u4e2d\u7684 \u9009\u9879\u4e2d\u8fdb\u884c\uff0c\u8be5\u9009\u9879 osapi_share_listen_port \u9ed8\u8ba4\u4e3a 8786 \u3002 \u5728 /etc/manila/ \u76ee\u5f55\u4e2d\uff0c\u60a8\u53ef\u4ee5\u627e\u5230\u51e0\u4e2a\u914d\u7f6e\u6587\u4ef6\uff1a api-paste.ini manila.conf policy.json rootwrap.conf rootwrap.d ./rootwrap.d: share.filters \u5efa\u8bae\u60a8\u5c06\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u914d\u7f6e\u4e3a\u5728\u975e root \u670d\u52a1\u5e10\u6237\u4e0b\u8fd0\u884c\uff0c\u5e76\u66f4\u6539\u6587\u4ef6\u6743\u9650\uff0c\u4ee5\u4fbf\u53ea\u6709\u7cfb\u7edf\u7ba1\u7406\u5458\u624d\u80fd\u4fee\u6539\u5b83\u4eec\u3002\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u8981\u6c42\u53ea\u6709\u7ba1\u7406\u5458\u624d\u80fd\u5199\u5165\u914d\u7f6e\u6587\u4ef6\uff0c\u800c\u670d\u52a1\u53ea\u80fd\u901a\u8fc7\u5176\u5728\u7ec4\u4e2d\u7684 manila \u7ec4\u6210\u5458\u8eab\u4efd\u8bfb\u53d6\u5b83\u4eec\u3002\u5176\u4ed6\u4eba\u4e00\u5b9a\u65e0\u6cd5\u8bfb\u53d6\u8fd9\u4e9b\u6587\u4ef6\uff0c\u56e0\u4e3a\u8fd9\u4e9b\u6587\u4ef6\u5305\u542b\u4e0d\u540c\u670d\u52a1\u7684\u7ba1\u7406\u5458\u5bc6\u7801\u3002 \u5e94\u7528\u68c0\u67e5 Check-Shared-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/manila\uff1f\u548c Check-Shared-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f\u4ece\u6e05\u5355\u4e2d\u9a8c\u8bc1\u6743\u9650\u8bbe\u7f6e\u662f\u5426\u6b63\u786e\u3002 \u6ce8\u610f \u6587\u4ef6\u4e2d\u7684 manila-rootwrap \u914d\u7f6e\u548c\u6587\u4ef6\u4e2d `rootwrap.conf` `rootwrap.d/share.filters` \u5171\u4eab\u8282\u70b9\u7684 manila-rootwrap \u547d\u4ee4\u8fc7\u6ee4\u5668\u5e94\u5f52 root \u7528\u6237\u6240\u6709\uff0c\u5e76\u4e14\u53ea\u80fd\u7531 root \u7528\u6237\u5199\u5165\u3002 \u5efa\u8bae manila \u914d\u7f6e\u6587\u4ef6 `manila.conf` \u53ef\u4ee5\u653e\u7f6e\u5728\u4efb\u4f55\u4f4d\u7f6e\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u8be5\u8def\u5f84 `/etc/manila/manila.conf` \u662f\u5fc5\u9700\u7684\u3002 \u7f51\u7edc\u548c\u5b89\u5168\u6a21\u578b \u00b6 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4e2d\u7684\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u662f\u4e00\u4e2a Python \u7c7b\uff0c\u53ef\u4ee5\u4e3a\u540e\u7aef\u8bbe\u7f6e\u5e76\u5728\u5176\u4e2d\u8fd0\u884c\u4ee5\u7ba1\u7406\u5171\u4eab\u64cd\u4f5c\uff0c\u5176\u4e2d\u4e00\u4e9b\u64cd\u4f5c\u662f\u7279\u5b9a\u4e8e\u4f9b\u5e94\u5546\u7684\u3002\u540e\u7aef\u662f manila-share \u670d\u52a1\u7684\u5b9e\u4f8b\u3002\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4e2d\u6709\u8bb8\u591a\u7531\u4e0d\u540c\u4f9b\u5e94\u5546\u521b\u5efa\u7684\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u3002\u6bcf\u4e2a\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u90fd\u652f\u6301\u4e00\u79cd\u6216\u591a\u79cd\u540e\u7aef\u6a21\u5f0f\uff1a\u5171\u4eab\u670d\u52a1\u5668\u548c\u65e0\u5171\u4eab\u670d\u52a1\u5668\u3002\u7ba1\u7406\u5458\u901a\u8fc7\u5728\u914d\u7f6e\u6587\u4ef6\u4e2d manila.conf \u6307\u5b9a\u6a21\u5f0f\u6765\u9009\u62e9\u4f7f\u7528\u54ea\u79cd\u6a21\u5f0f\u3002\u5b83\u4f7f\u7528\u4e86\u4e00\u4e2a\u9009\u9879 driver_handles_share_servers \u3002 \u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f\u53ef\u4ee5\u914d\u7f6e\u4e3a\u6241\u5e73\u7f51\u7edc\uff0c\u4e5f\u53ef\u4ee5\u914d\u7f6e\u5206\u6bb5\u7f51\u7edc\u3002\u8fd9\u53d6\u51b3\u4e8e\u7f51\u7edc\u63d0\u4f9b\u5546\u3002 \u5982\u679c\u60a8\u60f3\u4f7f\u7528\u4e0d\u540c\u7684\u914d\u7f6e\uff0c\u5219\u53ef\u4ee5\u4e3a\u4e0d\u540c\u7684\u6a21\u5f0f\u4f7f\u7528\u76f8\u540c\u7684\u786c\u4ef6\u4f7f\u7528\u5355\u72ec\u7684\u9a71\u52a8\u7a0b\u5e8f\u3002\u6839\u636e\u9009\u62e9\u7684\u6a21\u5f0f\uff0c\u7ba1\u7406\u5458\u53ef\u80fd\u9700\u8981\u901a\u8fc7\u914d\u7f6e\u6587\u4ef6\u63d0\u4f9b\u66f4\u591a\u914d\u7f6e\u8be6\u7ec6\u4fe1\u606f\u3002 \u5171\u4eab\u540e\u7aef\u6a21\u5f0f \u00b6 \u6bcf\u4e2a\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u81f3\u5c11\u652f\u6301\u4e00\u79cd\u53ef\u80fd\u7684\u9a71\u52a8\u7a0b\u5e8f\u6a21\u5f0f\uff1a \u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f \u65e0\u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f \u8bbe\u7f6e\u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f\u6216\u65e0\u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f\u7684 manila.conf \u914d\u7f6e\u9009\u9879\u662f driver_handles_share_servers \u9009\u9879\u3002\u5b83\u6307\u793a\u9a71\u52a8\u7a0b\u5e8f\u662f\u81ea\u884c\u5904\u7406\u5171\u4eab\u670d\u52a1\u5668\uff0c\u8fd8\u662f\u671f\u671b\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u6267\u884c\u6b64\u64cd\u4f5c\u3002 \u6a21\u5f0f \u914d\u7f6e\u9009\u9879 \u63cf\u8ff0 \u5171\u4eab\u670d\u52a1\u5668 driver_handles_share_servers =True \u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u521b\u5efa\u5171\u4eab\u670d\u52a1\u5668\u5e76\u7ba1\u7406\u6216\u5904\u7406\u5171\u4eab\u670d\u52a1\u5668\u751f\u547d\u5468\u671f\u3002 \u65e0\u5171\u4eab\u670d\u52a1\u5668 driver_handles_share_servers =False \u7ba1\u7406\u5458\uff08\u800c\u4e0d\u662f\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\uff09\u4f7f\u7528\u67d0\u4e9b\u7f51\u7edc\u63a5\u53e3\uff08\u800c\u4e0d\u662f\u5171\u4eab\u670d\u52a1\u5668\u7684\u5b58\u5728\uff09\u7ba1\u7406\u88f8\u673a\u5b58\u50a8\u3002 \u65e0\u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f \u5728\u8fd9\u79cd\u6a21\u5f0f\u4e0b\uff0c\u9a71\u52a8\u7a0b\u5e8f\u57fa\u672c\u4e0a\u6ca1\u6709\u4efb\u4f55\u7f51\u7edc\u8981\u6c42\u3002\u5047\u5b9a\u7531\u9a71\u52a8\u7a0b\u5e8f\u7ba1\u7406\u7684\u5b58\u50a8\u63a7\u5236\u5668\u5177\u6709\u6240\u9700\u7684\u6240\u6709\u7f51\u7edc\u63a5\u53e3\u3002\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5c06\u671f\u671b\u9a71\u52a8\u7a0b\u5e8f\u76f4\u63a5\u8bbe\u7f6e\u5171\u4eab\uff0c\u800c\u65e0\u9700\u4e8b\u5148\u521b\u5efa\u4efb\u4f55\u5171\u4eab\u670d\u52a1\u5668\u3002\u6b64\u6a21\u5f0f\u5bf9\u5e94\u4e8e\u67d0\u4e9b\u73b0\u6709\u9a71\u52a8\u7a0b\u5e8f\u5df2\u5728\u6267\u884c\u7684\u64cd\u4f5c\uff0c\u4f46\u5b83\u4f7f\u7ba1\u7406\u5458\u53ef\u4ee5\u660e\u786e\u9009\u62e9\u3002\u5728\u6b64\u6a21\u5f0f\u4e0b\uff0c\u5171\u4eab\u521b\u5efa\u65f6\u4e0d\u9700\u8981\u5171\u4eab\u7f51\u7edc\uff0c\u4e5f\u4e0d\u5f97\u63d0\u4f9b\u5171\u4eab\u7f51\u7edc\u3002 \u6ce8\u610f \u5728\u65e0\u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f\u4e0b\uff0c\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5c06\u5047\u5b9a\u6240\u6709\u79df\u6237\u90fd\u5df2\u53ef\u8bbf\u95ee\u7528\u4e8e\u5bfc\u51fa\u4efb\u4f55\u5171\u4eab\u7684\u7f51\u7edc\u63a5\u53e3\u3002 \u5728\u65e0\u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f\u4e0b\uff0c\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u4e0d\u5904\u7406\u5b58\u50a8\u751f\u547d\u5468\u671f\u3002\u7ba1\u7406\u5458\u5e94\u5904\u7406\u5b58\u50a8\u3001\u7f51\u7edc\u63a5\u53e3\u548c\u5176\u4ed6\u4e3b\u673a\u914d\u7f6e\u3002\u5728\u6b64\u6a21\u5f0f\u4e0b\uff0c\u7ba1\u7406\u5458\u53ef\u4ee5\u5c06\u5b58\u50a8\u8bbe\u7f6e\u4e3a\u5bfc\u51fa\u5171\u4eab\u7684\u4e3b\u673a\u3002\u6b64\u6a21\u5f0f\u7684\u4e3b\u8981\u7279\u5f81\u662f\u5b58\u50a8\u4e0d\u7531\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5904\u7406\u3002\u79df\u6237\u4e2d\u7684\u7528\u6237\u5171\u4eab\u516c\u5171\u7f51\u7edc\u3001\u4e3b\u673a\u3001\u5904\u7406\u5668\u548c\u7f51\u7edc\u7ba1\u9053\u3002\u5982\u679c\u7ba1\u7406\u5458\u6216\u4ee3\u7406\u4e4b\u524d\u914d\u7f6e\u7684\u5b58\u50a8\u6ca1\u6709\u6b63\u786e\u7684\u5e73\u8861\u8c03\u6574\uff0c\u5b83\u4eec\u53ef\u80fd\u4f1a\u76f8\u4e92\u963b\u788d\u3002\u5728\u516c\u6709\u4e91\u4e2d\uff0c\u6240\u6709\u7f51\u7edc\u5bb9\u91cf\u53ef\u80fd\u90fd\u7531\u4e00\u4e2a\u5ba2\u6237\u7aef\u4f7f\u7528\uff0c\u56e0\u6b64\u7ba1\u7406\u5458\u5e94\u6ce8\u610f\u4e0d\u8981\u53d1\u751f\u8fd9\u79cd\u60c5\u51b5\u3002\u5e73\u8861\u8c03\u6574\u53ef\u4ee5\u901a\u8fc7\u4efb\u4f55\u65b9\u5f0f\u5b8c\u6210\uff0c\u800c\u4e0d\u4e00\u5b9a\u662f\u4f7f\u7528 OpenStack \u5de5\u5177\u3002 \u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f \u5728\u6b64\u6a21\u5f0f\u4e0b\uff0c\u9a71\u52a8\u7a0b\u5e8f\u80fd\u591f\u521b\u5efa\u5171\u4eab\u670d\u52a1\u5668\u5e76\u5c06\u5176\u63d2\u5165\u73b0\u6709\u7f51\u7edc\u3002\u63d0\u4f9b\u65b0\u7684\u5171\u4eab\u670d\u52a1\u5668\u65f6\uff0c\u9a71\u52a8\u7a0b\u5e8f\u9700\u8981\u6765\u81ea\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u7684 IP \u5730\u5740\u548c\u5b50\u7f51\u3002 \u4e0e\u65e0\u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f\u4e0d\u540c\uff0c\u5728\u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f\u4e0b\uff0c\u7528\u6237\u5177\u6709\u4e00\u4e2a\u5171\u4eab\u7f51\u7edc\u548c\u4e00\u4e2a\u4e3a\u6bcf\u4e2a\u5171\u4eab\u7f51\u7edc\u521b\u5efa\u7684\u5171\u4eab\u670d\u52a1\u5668\u3002\u56e0\u6b64\uff0c\u6240\u6709\u7528\u6237\u90fd\u6709\u5355\u72ec\u7684 CPU\u3001CPU \u65f6\u95f4\u3001\u7f51\u7edc\u3001\u5bb9\u91cf\u548c\u541e\u5410\u91cf\u3002 \u60a8\u8fd8\u53ef\u4ee5\u5728\u5171\u4eab\u670d\u52a1\u5668\u548c\u65e0\u5171\u4eab\u670d\u52a1\u5668\u540e\u7aef\u6a21\u5f0f\u4e0b\u914d\u7f6e\u5b89\u5168\u670d\u52a1\u3002\u4f46\u662f\uff0c\u5982\u679c\u6ca1\u6709\u5171\u4eab\u670d\u52a1\u5668\u540e\u7aef\u6a21\u5f0f\uff0c\u7ba1\u7406\u5458\u5e94\u5728\u4e3b\u673a\u4e0a\u624b\u52a8\u8bbe\u7f6e\u6240\u9700\u7684\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u3002\u5728\u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f\u4e0b\uff0c\u53ef\u4ee5\u4f7f\u7528\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u652f\u6301\u7684\u4efb\u4f55\u73b0\u6709\u5b89\u5168\u670d\u52a1\u81ea\u52a8\u914d\u7f6e\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u3002 \u6241\u5e73\u5316\u4e0e\u5206\u6bb5\u5316\u7f51\u7edc \u00b6 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u4e0d\u540c\u7c7b\u578b\u7684\u7f51\u7edc\uff1a flat GRE VLAN VXLAN \u6ce8\u610f \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u53ea\u662f\u5c06\u6709\u5173\u7f51\u7edc\u7684\u4fe1\u606f\u4fdd\u5b58\u5728\u6570\u636e\u5e93\u4e2d\uff0c\u800c\u771f\u6b63\u7684\u7f51\u7edc\u5219\u7531\u7f51\u7edc\u63d0\u4f9b\u5546\u63d0\u4f9b\u3002\u5728OpenStack\u4e2d\uff0c\u5b83\u53ef\u4ee5\u662f\u4f20\u7edf\u7f51\u7edc\uff08nova-network\uff09\u6216\u7f51\u7edc\uff08neutron\uff09\u670d\u52a1\uff0c\u4f46\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u751a\u81f3\u53ef\u4ee5\u5728OpenStack\u4e4b\u5916\u5de5\u4f5c\u3002\u8fd9\u662f\u5141\u8bb8\u7684\uff0c `StandaloneNetworkPlugin` \u53ef\u4ee5\u4e0e\u4efb\u4f55\u7f51\u7edc\u5e73\u53f0\u4e00\u8d77\u4f7f\u7528\uff0c\u5e76\u4e14\u4e0d\u9700\u8981OpenStack\u4e2d\u7684\u67d0\u4e9b\u7279\u5b9a\u7f51\u7edc\u670d\u52a1\uff0c\u5982Networking\u6216Legacy\u7f51\u7edc\u670d\u52a1\u3002\u60a8\u53ef\u4ee5\u5728\u5176\u914d\u7f6e\u6587\u4ef6\u4e2d\u8bbe\u7f6e\u7f51\u7edc\u53c2\u6570\u3002 \u5728\u5171\u4eab\u670d\u52a1\u5668\u540e\u7aef\u6a21\u5f0f\u4e0b\uff0c\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u4e3a\u6bcf\u4e2a\u5171\u4eab\u7f51\u7edc\u521b\u5efa\u548c\u7ba1\u7406\u5171\u4eab\u670d\u52a1\u5668\u3002\u6b64\u6a21\u5f0f\u53ef\u5206\u4e3a\u4e24\u79cd\u53d8\u4f53\uff1a \u5171\u4eab\u670d\u52a1\u5668\u540e\u7aef\u6a21\u5f0f\u4e0b\u7684\u6241\u5e73\u7f51\u7edc \u5171\u4eab\u670d\u52a1\u5668\u540e\u7aef\u6a21\u5f0f\u4e0b\u7684\u5206\u6bb5\u7f51\u7edc \u6700\u521d\uff0c\u5728\u521b\u5efa\u5171\u4eab\u7f51\u7edc\u65f6\uff0c\u60a8\u53ef\u4ee5\u8bbe\u7f6e OpenStack Networking \uff08neutron\uff09 \u7684\u7f51\u7edc\u548c\u5b50\u7f51\uff0c\u4e5f\u53ef\u4ee5\u8bbe\u7f6e Legacy \u7f51\u7edc \uff08nova-network\uff09 \u670d\u52a1\u7f51\u7edc\u3002\u7b2c\u4e09\u79cd\u65b9\u6cd5\u662f\u5728\u6ca1\u6709\u65e7\u7248\u7f51\u7edc\u548c\u7f51\u7edc\u670d\u52a1\u7684\u60c5\u51b5\u4e0b\u914d\u7f6e\u7f51\u7edc\u3002 StandaloneNetworkPlugin \u53ef\u4e0e\u4efb\u4f55\u7f51\u7edc\u5e73\u53f0\u4e00\u8d77\u4f7f\u7528\u3002\u60a8\u53ef\u4ee5\u5728\u5176\u914d\u7f6e\u6587\u4ef6\u4e2d\u8bbe\u7f6e\u7f51\u7edc\u53c2\u6570\u3002 \u5efa\u8bae \u6240\u6709\u4f7f\u7528 OpenStack Compute \u670d\u52a1\u7684\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u90fd\u4e0d\u4f7f\u7528\u7f51\u7edc\u63d2\u4ef6\u3002\u5728 Mitaka \u7248\u672c\u4e2d\uff0c\u5b83\u662f Windows \u548c\u901a\u7528\u9a71\u52a8\u7a0b\u5e8f\u3002\u8fd9\u4e9b\u5171\u4eab\u9a71\u52a8\u5668\u5177\u6709\u5176\u4ed6\u9009\u9879\u5e76\u4f7f\u7528\u4e0d\u540c\u7684\u65b9\u6cd5\u3002 \u521b\u5efa\u5171\u4eab\u7f51\u7edc\u540e\uff0c\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5c06\u68c0\u7d22\u7531\u7f51\u7edc\u63d0\u4f9b\u5546\u786e\u5b9a\u7684\u7f51\u7edc\u4fe1\u606f\uff1a\u7f51\u7edc\u7c7b\u578b\u3001\u5206\u6bb5\u6807\u8bc6\u7b26\uff08\u5982\u679c\u7f51\u7edc\u4f7f\u7528\u5206\u6bb5\uff09\u548c CIDR \u8868\u793a\u6cd5\u4e2d\u7684 IP \u5757\uff0c\u4ee5\u4fbf\u4ece\u4e2d\u5206\u914d\u7f51\u7edc\u3002 \u5171\u4eab\u670d\u52a1\u5668\u540e\u7aef\u6a21\u5f0f\u4e0b\u7684\u6241\u5e73\u7f51\u7edc \u5728\u6b64\u6a21\u5f0f\u4e0b\uff0c\u67d0\u4e9b\u5b58\u50a8\u63a7\u5236\u5668\u53ef\u4ee5\u521b\u5efa\u5171\u4eab\u670d\u52a1\u5668\uff0c\u4f46\u7531\u4e8e\u7269\u7406\u6216\u903b\u8f91\u7f51\u7edc\u7684\u5404\u79cd\u9650\u5236\uff0c\u6240\u6709\u5171\u4eab\u670d\u52a1\u5668\u90fd\u5fc5\u987b\u4f4d\u4e8e\u6241\u5e73\u7f51\u7edc\u4e0a\u3002\u5728\u6b64\u6a21\u5f0f\u4e0b\uff0c\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u9700\u8981\u4e00\u4e9b\u4e1c\u897f\u6765\u4e3a\u5171\u4eab\u670d\u52a1\u5668\u9884\u914d IP \u5730\u5740\uff0c\u4f46 IP \u5c06\u5168\u90e8\u6765\u81ea\u540c\u4e00\u5b50\u7f51\uff0c\u5e76\u4e14\u5047\u5b9a\u6240\u6709\u79df\u6237\u90fd\u53ef\u4ee5\u8bbf\u95ee\u8be5\u5b50\u7f51\u672c\u8eab\u3002 \u5171\u4eab\u7f51\u7edc\u7684\u5b89\u5168\u670d\u52a1\u90e8\u5206\u6307\u5b9a\u5b89\u5168\u8981\u6c42\uff0c\u4f8b\u5982 AD \u6216 LDAP \u57df\u6216 Kerberos \u57df\u3002\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5047\u5b9a\u5b89\u5168\u670d\u52a1\u4e2d\u5f15\u7528\u7684\u4efb\u4f55\u4e3b\u673a\u90fd\u53ef\u4ee5\u4ece\u521b\u5efa\u5171\u4eab\u670d\u52a1\u5668\u7684\u5b50\u7f51\u8bbf\u95ee\uff0c\u8fd9\u9650\u5236\u4e86\u53ef\u4ee5\u4f7f\u7528\u6b64\u6a21\u5f0f\u7684\u60c5\u51b5\u6570\u3002 \u5171\u4eab\u670d\u52a1\u5668\u540e\u7aef\u6a21\u5f0f\u4e0b\u7684\u5206\u6bb5\u7f51\u7edc \u5728\u6b64\u6a21\u5f0f\u4e0b\uff0c\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u80fd\u591f\u521b\u5efa\u5171\u4eab\u670d\u52a1\u5668\u5e76\u5c06\u5176\u63d2\u5165\u5230\u73b0\u6709\u7684\u5206\u6bb5\u7f51\u7edc\u3002\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u671f\u671b\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4e3a\u6bcf\u4e2a\u65b0\u7684\u5171\u4eab\u670d\u52a1\u5668\u63d0\u4f9b\u5b50\u7f51\u5b9a\u4e49\u3002\u6b64\u5b9a\u4e49\u5e94\u5305\u62ec\u5206\u6bb5\u7c7b\u578b\u3001\u5206\u6bb5 ID \u4ee5\u53ca\u4e0e\u5206\u6bb5\u7c7b\u578b\u76f8\u5173\u7684\u4efb\u4f55\u5176\u4ed6\u4fe1\u606f\u3002 \u6ce8\u610f \u67d0\u4e9b\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u53ef\u80fd\u4e0d\u652f\u6301\u6240\u6709\u7c7b\u578b\u7684\u5206\u6bb5\uff0c\u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u6b63\u5728\u4f7f\u7528\u7684\u9a71\u52a8\u7a0b\u5e8f\u7684\u89c4\u8303\u3002 \u7f51\u7edc\u63d2\u4ef6 \u00b6 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4f53\u7cfb\u7ed3\u6784\u5b9a\u4e49\u4e86\u7528\u4e8e\u7f51\u7edc\u8d44\u6e90\u8c03\u914d\u7684\u62bd\u8c61\u5c42\u3002\u5b83\u5141\u8bb8\u7ba1\u7406\u5458\u4ece\u4e0d\u540c\u7684\u9009\u9879\u4e2d\u8fdb\u884c\u9009\u62e9\uff0c\u4ee5\u51b3\u5b9a\u5982\u4f55\u5c06\u7f51\u7edc\u8d44\u6e90\u5206\u914d\u7ed9\u5176\u79df\u6237\u7684\u7f51\u7edc\u5b58\u50a8\u3002\u6709\u51e0\u4e2a\u7f51\u7edc\u63d2\u4ef6\u63d0\u4f9b\u4e86\u4e0eOpenStack\u63d0\u4f9b\u7684\u7f51\u7edc\u670d\u52a1\u7684\u5404\u79cd\u96c6\u6210\u65b9\u6cd5\u3002 \u7f51\u7edc\u63d2\u4ef6\u5141\u8bb8\u4f7f\u7528 OpenStack Networking \u548c Legacy \u7f51\u7edc\u670d\u52a1\u7684\u4efb\u4f55\u529f\u80fd\u3001\u914d\u7f6e\u3002\u53ef\u4ee5\u4f7f\u7528\u7f51\u7edc\u670d\u52a1\u652f\u6301\u7684\u4efb\u4f55\u7f51\u7edc\u5206\u6bb5\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u4f20\u7edf\u7f51\u7edc \uff08nova-network\uff09 \u670d\u52a1\u7684\u6241\u5e73\u7f51\u7edc\u6216 VLAN \u5206\u6bb5\u7f51\u7edc\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u63d2\u4ef6\u6765\u72ec\u7acb\u4e8e OpenStack \u7f51\u7edc\u670d\u52a1\u6307\u5b9a\u7f51\u7edc\u3002\u6709\u5173\u5982\u4f55\u4f7f\u7528\u4e0d\u540c\u7f51\u7edc\u63d2\u4ef6\u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u7f51\u7edc\u63d2\u4ef6\u3002 \u5b89\u5168\u670d\u52a1 \u00b6 \u5bf9\u4e8e\u5ba2\u6237\u7aef\u7684\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743\uff0c\u53ef\u4ee5\u9009\u62e9\u4f7f\u7528\u4e0d\u540c\u7684\u7f51\u7edc\u8eab\u4efd\u9a8c\u8bc1\u534f\u8bae\u914d\u7f6e\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u670d\u52a1\u3002\u652f\u6301\u7684\u8eab\u4efd\u9a8c\u8bc1\u534f\u8bae\u5305\u62ec LDAP\u3001Kerberos \u548c Microsoft Active Directory \u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u3002 \u5b89\u5168\u670d\u52a1\u4ecb\u7ecd \u00b6 \u521b\u5efa\u5171\u4eab\u5e76\u83b7\u53d6\u5176\u5bfc\u51fa\u4f4d\u7f6e\u540e\uff0c\u7528\u6237\u65e0\u6743\u88c5\u8f7d\u8be5\u5171\u4eab\u5e76\u5904\u7406\u6587\u4ef6\u3002\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u9700\u8981\u663e\u5f0f\u6388\u4e88\u5bf9\u65b0\u5171\u4eab\u7684\u8bbf\u95ee\u6743\u9650\u3002 \u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743 \uff08AuthN/AuthZ\uff09 \u7684\u5ba2\u6237\u673a\u914d\u7f6e\u6570\u636e\u53ef\u4ee5\u901a\u8fc7 \u5b58\u50a8 security services \u3002\u5982\u679c\u4f7f\u7528\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u540e\u7aef\u652f\u6301 LDAP\u3001Kerberos \u6216 Microsoft Active Directory\uff0c\u5219\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u53ef\u4ee5\u4f7f\u7528\u5b83\u4eec\u3002\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u4e5f\u53ef\u4ee5\u5728\u6ca1\u6709\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u7684\u60c5\u51b5\u4e0b\u8fdb\u884c\u914d\u7f6e\u3002 \u6ce8\u610f \u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\uff0c\u9700\u8981\u663e\u5f0f\u6307\u5b9a\u5176\u4e2d\u4e00\u9879\u5b89\u5168\u670d\u52a1\uff0c\u4f8b\u5982\uff0cNetApp\u3001EMC \u548c Windows \u9a71\u52a8\u7a0b\u5e8f\u9700\u8981 Active Directory \u624d\u80fd\u521b\u5efa\u4e0e CIFS \u534f\u8bae\u7684\u5171\u4eab\u3002 \u5b89\u5168\u670d\u52a1\u7ba1\u7406 \u00b6 \u5b89\u5168\u670d\u52a1\u662f\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\uff08\u9a6c\u5c3c\u62c9\uff09\u5b9e\u4f53\uff0c\u5b83\u62bd\u8c61\u51fa\u4e00\u7ec4\u9009\u9879\uff0c\u8fd9\u4e9b\u9009\u9879\u4e3a\u7279\u5b9a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\uff08\u5982 Active Directory \u57df\u6216 Kerberos \u57df\uff09\u5b9a\u4e49\u5b89\u5168\u57df\u3002\u5b89\u5168\u670d\u52a1\u5305\u542b\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u521b\u5efa\u52a0\u5165\u7ed9\u5b9a\u57df\u7684\u670d\u52a1\u5668\u6240\u9700\u7684\u6240\u6709\u4fe1\u606f\u3002 \u4f7f\u7528 API\uff0c\u7528\u6237\u53ef\u4ee5\u521b\u5efa\u3001\u66f4\u65b0\u3001\u67e5\u770b\u548c\u5220\u9664\u5b89\u5168\u670d\u52a1\u3002\u5b89\u5168\u670d\u52a1\u7684\u8bbe\u8ba1\u57fa\u4e8e\u4ee5\u4e0b\u5047\u8bbe\uff1a \u79df\u6237\u63d0\u4f9b\u5b89\u5168\u670d\u52a1\u7684\u8be6\u7ec6\u4fe1\u606f\u3002 \u7ba1\u7406\u5458\u5173\u5fc3\u5b89\u5168\u670d\u52a1\uff1a\u4ed6\u4eec\u914d\u7f6e\u6b64\u7c7b\u5b89\u5168\u670d\u52a1\u7684\u670d\u52a1\u5668\u7aef\u3002 \u5728\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf API \u4e2d\uff0ca security_service \u4e0e share_networks \u5173\u8054\u3002 \u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u4f7f\u7528\u5b89\u5168\u670d\u52a1\u4e2d\u7684\u6570\u636e\u6765\u914d\u7f6e\u65b0\u521b\u5efa\u7684\u5171\u4eab\u670d\u52a1\u5668\u3002 \u521b\u5efa\u5b89\u5168\u670d\u52a1\u65f6\uff0c\u53ef\u4ee5\u9009\u62e9\u4ee5\u4e0b\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u4e4b\u4e00\uff1a \u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1 \u63cf\u8ff0 LDAP \u8f7b\u91cf\u7ea7\u76ee\u5f55\u8bbf\u95ee\u534f\u8bae\u3002\u7528\u4e8e\u901a\u8fc7 IP \u7f51\u7edc\u8bbf\u95ee\u548c\u7ef4\u62a4\u5206\u5e03\u5f0f\u76ee\u5f55\u4fe1\u606f\u670d\u52a1\u7684\u5e94\u7528\u7a0b\u5e8f\u534f\u8bae\u3002 Kerberos \u7f51\u7edc\u8eab\u4efd\u9a8c\u8bc1\u534f\u8bae\uff0c\u5b83\u57fa\u4e8e\u7968\u8bc1\u5de5\u4f5c\uff0c\u5141\u8bb8\u901a\u8fc7\u975e\u5b89\u5168\u7f51\u7edc\u8fdb\u884c\u901a\u4fe1\u7684\u8282\u70b9\u4ee5\u5b89\u5168\u7684\u65b9\u5f0f\u76f8\u4e92\u8bc1\u660e\u5176\u8eab\u4efd\u3002 \u6d3b\u52a8\u76ee\u5f55 Microsoft \u4e3a Windows \u57df\u7f51\u7edc\u5f00\u53d1\u7684\u76ee\u5f55\u670d\u52a1\u3002\u4f7f\u7528 LDAP\u3001Microsoft \u7684 Kerberos \u7248\u672c\u548c DNS\u3002 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5141\u8bb8\u60a8\u4f7f\u7528\u4ee5\u4e0b\u9009\u9879\u914d\u7f6e\u5b89\u5168\u670d\u52a1\uff1a \u79df\u6237\u7f51\u7edc\u5185\u90e8\u4f7f\u7528\u7684 DNS IP \u5730\u5740\u3002 \u5b89\u5168\u670d\u52a1\u7684 IP \u5730\u5740\u6216\u4e3b\u673a\u540d\u3002 \u5b89\u5168\u670d\u52a1\u7684\u57df\u3002 \u79df\u6237\u4f7f\u7528\u7684\u7528\u6237\u540d\u6216\u7ec4\u540d\u3002 \u5982\u679c\u6307\u5b9a\u7528\u6237\u540d\uff0c\u5219\u9700\u8981\u4e00\u4e2a\u7528\u6237\u5bc6\u7801\u3002 \u73b0\u6709\u5b89\u5168\u670d\u52a1\u5b9e\u4f53\u53ef\u4ee5\u4e0e\u5171\u4eab\u7f51\u7edc\u5b9e\u4f53\u76f8\u5173\u8054\uff0c\u8fd9\u4e9b\u5b9e\u4f53\u901a\u77e5\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4e00\u7ec4\u5171\u4eab\u7684\u5b89\u5168\u6027\u548c\u7f51\u7edc\u914d\u7f6e\u3002\u60a8\u8fd8\u53ef\u4ee5\u67e5\u770b\u6307\u5b9a\u5171\u4eab\u7f51\u7edc\u7684\u6240\u6709\u5b89\u5168\u670d\u52a1\u7684\u5217\u8868\uff0c\u5e76\u53d6\u6d88\u5b83\u4eec\u4e0e\u5171\u4eab\u7f51\u7edc\u7684\u5173\u8054\u3002 \u6709\u5173\u901a\u8fc7 API \u7ba1\u7406\u5b89\u5168\u670d\u52a1\u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u5b89\u5168\u670d\u52a1 API\u3002\u60a8\u8fd8\u53ef\u4ee5\u901a\u8fc7 python-manilaclient \u7ba1\u7406\u5b89\u5168\u670d\u52a1\uff0c\u8bf7\u53c2\u9605\u5b89\u5168\u670d\u52a1 CLI \u7ba1\u7406\u3002 \u7ba1\u7406\u5458\u548c\u4f5c\u4e3a\u5171\u4eab\u6240\u6709\u8005\u7684\u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u521b\u5efa\u8bbf\u95ee\u89c4\u5219\uff0c\u5e76\u901a\u8fc7 IP \u5730\u5740\u3001\u7528\u6237\u3001\u7ec4\u6216 TLS \u8bc1\u4e66\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u6765\u7ba1\u7406\u5bf9\u5171\u4eab\u7684\u8bbf\u95ee\u3002\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u53d6\u51b3\u4e8e\u60a8\u914d\u7f6e\u548c\u4f7f\u7528\u7684\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u548c\u5b89\u5168\u670d\u52a1\u3002 \u56e0\u6b64\uff0c\u4f5c\u4e3a\u7ba1\u7406\u5458\uff0c\u60a8\u53ef\u4ee5\u5c06\u540e\u7aef\u914d\u7f6e\u4e3a\u901a\u8fc7\u7f51\u7edc\u4f7f\u7528\u7279\u5b9a\u7684\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\uff0c\u5b83\u5c06\u5b58\u50a8\u7528\u6237\u3002\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u53ef\u4ee5\u5728\u6ca1\u6709\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u548c\u6807\u8bc6\u670d\u52a1\u7684\u5ba2\u6237\u7aef\u4e0a\u8fd0\u884c\u3002 \u6ce8\u610f \u4e0d\u540c\u7684\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u652f\u6301\u4e0d\u540c\u7684\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u3002\u6709\u5173\u4e0d\u540c\u9a71\u52a8\u7a0b\u5e8f\u652f\u6301\u529f\u80fd\u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u9a6c\u5c3c\u62c9\u5171\u4eab\u529f\u80fd\u652f\u6301\u6620\u5c04\u3002\u9a71\u52a8\u7a0b\u5e8f\u5bf9\u7279\u5b9a\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u7684\u652f\u6301\u5e76\u4e0d\u610f\u5473\u7740\u53ef\u4ee5\u4f7f\u7528\u4efb\u4f55\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\u5bf9\u5176\u8fdb\u884c\u914d\u7f6e\u3002\u652f\u6301\u7684\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\u5305\u62ec NFS\u3001CIFS\u3001GlusterFS \u548c HDFS\u3002\u6709\u5173\u7279\u5b9a\u9a71\u52a8\u7a0b\u5e8f\u53ca\u5176\u5b89\u5168\u670d\u52a1\u914d\u7f6e\u7684\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u9a71\u52a8\u7a0b\u5e8f\u4f9b\u5e94\u5546\u7684\u6587\u6863\u3002 \u67d0\u4e9b\u9a71\u52a8\u7a0b\u5e8f\u652f\u6301\u5b89\u5168\u670d\u52a1\uff0c\u800c\u5176\u4ed6\u9a71\u52a8\u7a0b\u5e8f\u4e0d\u652f\u6301\u4e0a\u8ff0\u4efb\u4f55\u5b89\u5168\u670d\u52a1\u3002\u4f8b\u5982\uff0c\u5177\u6709 NFS \u6216 CIFS \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\u7684\u901a\u7528\u9a71\u52a8\u7a0b\u5e8f\u4ec5\u652f\u6301\u901a\u8fc7 IP \u5730\u5740\u7684\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u3002 \u5efa\u8bae - \u5728\u5927\u591a\u6570\u60c5\u51b5\u4e0b\uff0c\u652f\u6301 CIFS \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\u7684\u9a71\u52a8\u7a0b\u5e8f\u53ef\u4ee5\u914d\u7f6e\u4e3a\u4f7f\u7528 Active Directory \u5e76\u901a\u8fc7\u7528\u6237\u8eab\u4efd\u9a8c\u8bc1\u7ba1\u7406\u8bbf\u95ee\u3002 - \u652f\u6301 GlusterFS \u534f\u8bae\u7684\u9a71\u52a8\u7a0b\u5e8f\u53ef\u4ee5\u901a\u8fc7 TLS \u8bc1\u4e66\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002 - \u4f7f\u7528\u652f\u6301 NFS \u534f\u8bae\u7684\u9a71\u52a8\u7a0b\u5e8f\uff0c\u901a\u8fc7 IP \u5730\u5740\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u662f\u552f\u4e00\u53d7\u652f\u6301\u7684\u9009\u9879\u3002 - \u7531\u4e8e HDFS \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\u4f7f\u7528 NFS \u8bbf\u95ee\uff0c\u56e0\u6b64\u4e5f\u53ef\u4ee5\u5c06\u5176\u914d\u7f6e\u4e3a\u901a\u8fc7 IP \u5730\u5740\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002 \u4f46\u8bf7\u6ce8\u610f\uff0c\u901a\u8fc7 IP \u8fdb\u884c\u7684\u8eab\u4efd\u9a8c\u8bc1\u662f\u6700\u4e0d\u5b89\u5168\u7684\u8eab\u4efd\u9a8c\u8bc1\u7c7b\u578b\u3002 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5b9e\u9645\u4f7f\u7528\u60c5\u51b5\u7684\u5efa\u8bae\u914d\u7f6e\u662f\u4f7f\u7528 CIFS \u5171\u4eab\u534f\u8bae\u521b\u5efa\u5171\u4eab\uff0c\u5e76\u5411\u5176\u6dfb\u52a0 Microsoft Active Directory \u76ee\u5f55\u670d\u52a1\u3002\u5728\u6b64\u914d\u7f6e\u4e2d\uff0c\u60a8\u5c06\u83b7\u5f97\u96c6\u4e2d\u5f0f\u6570\u636e\u5e93\u4ee5\u53ca\u5c06Kerberos\u548cLDAP\u65b9\u6cd5\u7ed3\u5408\u5728\u4e00\u8d77\u7684\u670d\u52a1\u3002\u8fd9\u662f\u4e00\u4e2a\u771f\u5b9e\u7684\u7528\u4f8b\uff0c\u5bf9\u4e8e\u751f\u4ea7\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u6765\u8bf4\u5f88\u65b9\u4fbf\u3002 \u5171\u4eab\u8bbf\u95ee\u63a7\u5236 \u00b6 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5141\u8bb8\u6388\u4e88\u6216\u62d2\u7edd\u5176\u4ed6\u5ba2\u6237\u7aef\u5bf9\u670d\u52a1\u7684\u4e0d\u540c\u5b9e\u4f53\u7684\u8bbf\u95ee\u3002 \u5c06\u5171\u4eab\u4f5c\u4e3a\u6587\u4ef6\u7cfb\u7edf\u7684\u53ef\u8fdc\u7a0b\u6302\u8f7d\u5b9e\u4f8b\uff0c\u53ef\u4ee5\u7ba1\u7406\u5bf9\u6307\u5b9a\u5171\u4eab\u7684\u8bbf\u95ee\uff0c\u5e76\u5217\u51fa\u6307\u5b9a\u5171\u4eab\u7684\u6743\u9650\u3002 \u5171\u4eab\u53ef\u4ee5\u662f\u516c\u5171\u7684\uff0c\u4e5f\u53ef\u4ee5\u662f\u79c1\u6709\u7684\u3002\u8fd9\u662f\u5171\u4eab\u7684\u53ef\u89c1\u6027\u7ea7\u522b\uff0c\u7528\u4e8e\u5b9a\u4e49\u5176\u4ed6\u79df\u6237\u662f\u5426\u53ef\u4ee5\u770b\u5230\u5171\u4eab\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u6240\u6709\u5171\u4eab\u90fd\u521b\u5efa\u4e3a\u4e13\u7528\u5171\u4eab\u3002\u521b\u5efa\u5171\u4eab\u65f6\uff0c\u8bf7\u4f7f\u7528\u5bc6\u94a5 --public \u5c06\u5171\u4eab\u516c\u5f00\uff0c\u4f9b\u5176\u4ed6\u79df\u6237\u67e5\u770b\u5171\u4eab\u5217\u8868\u5e76\u67e5\u770b\u5176\u8be6\u7ec6\u4fe1\u606f\u3002 \u6839\u636e policy.json \u6587\u4ef6\uff0c\u7ba1\u7406\u5458\u548c\u4f5c\u4e3a\u5171\u4eab\u6240\u6709\u8005\u7684\u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u521b\u5efa\u8bbf\u95ee\u89c4\u5219\u6765\u7ba1\u7406\u5bf9\u5171\u4eab\u7684\u8bbf\u95ee\u3002\u4f7f\u7528 manila access-allow\u3001manila access-deny \u548c manila access-list \u547d\u4ee4\uff0c\u60a8\u53ef\u4ee5\u76f8\u5e94\u5730\u6388\u4e88\u3001\u62d2\u7edd\u548c\u5217\u51fa\u5bf9\u6307\u5b9a\u5171\u4eab\u7684\u8bbf\u95ee\u6743\u9650\u3002 \u5efa\u8bae \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u5f53\u521b\u5efa\u5171\u4eab\u5e76\u5177\u6709\u5176\u5bfc\u51fa\u4f4d\u7f6e\u65f6\uff0c\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u671f\u671b\u4efb\u4f55\u4eba\u90fd\u65e0\u6cd5\u901a\u8fc7\u88c5\u8f7d\u5171\u4eab\u6765\u8bbf\u95ee\u8be5\u5171\u4eab\u3002\u8bf7\u6ce8\u610f\uff0c\u60a8\u4f7f\u7528\u7684\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u53ef\u4ee5\u66f4\u6539\u6b64\u914d\u7f6e\uff0c\u4e5f\u53ef\u4ee5\u76f4\u63a5\u5728\u5171\u4eab\u5b58\u50a8\u4e0a\u66f4\u6539\u3002\u8981\u786e\u4fdd\u8bbf\u95ee\u5171\u4eab\uff0c\u8bf7\u68c0\u67e5\u5bfc\u51fa\u534f\u8bae\u7684\u6302\u8f7d\u914d\u7f6e\u3002 \u521a\u521b\u5efa\u5171\u4eab\u65f6\uff0c\u6ca1\u6709\u4e0e\u4e4b\u5173\u8054\u7684\u9ed8\u8ba4\u8bbf\u95ee\u89c4\u5219\u548c\u88c5\u8f7d\u6743\u9650\u3002\u8fd9\u53ef\u4ee5\u5728\u6b63\u5728\u4f7f\u7528\u7684\u5bfc\u51fa\u534f\u8bae\u7684\u6302\u8f7d\u914d\u7f6e\u4e2d\u770b\u5230\u3002\u4f8b\u5982\uff0c\u5b58\u50a8\u4e0a\u6709\u4e00\u4e2a NFS \u547d\u4ee4 exportfs \u6216 /etc/exports \u6587\u4ef6\uff0c\u7528\u4e8e\u63a7\u5236\u6bcf\u4e2a\u8fdc\u7a0b\u5171\u4eab\u5e76\u5b9a\u4e49\u53ef\u4ee5\u8bbf\u95ee\u5b83\u7684\u4e3b\u673a\u3002\u5982\u679c\u6ca1\u6709\u4eba\u53ef\u4ee5\u6302\u8f7d\u5171\u4eab\uff0c\u5219\u4e3a\u7a7a\u3002\u5bf9\u4e8e\u8fdc\u7a0b CIFS \u670d\u52a1\u5668\uff0c\u6709\u4e00\u4e2a net conf list \u663e\u793a\u914d\u7f6e\u7684\u547d\u4ee4\u3002 hosts deny \u53c2\u6570\u5e94\u7531\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u8bbe\u7f6e 0.0.0.0/0 \uff0c\u8fd9\u610f\u5473\u7740\u4efb\u4f55\u4e3b\u673a\u90fd\u88ab\u62d2\u7edd\u6302\u8f7d\u5171\u4eab\u3002 \u4f7f\u7528\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\uff0c\u53ef\u4ee5\u901a\u8fc7\u6307\u5b9a\u4ee5\u4e0b\u652f\u6301\u7684\u5171\u4eab\u8bbf\u95ee\u7ea7\u522b\u4e4b\u4e00\u6765\u6388\u4e88\u6216\u62d2\u7edd\u5bf9\u5171\u4eab\u7684\u8bbf\u95ee\uff1a rw\u3002\u8bfb\u53d6\u548c\u5199\u5165 \uff08RW\uff09 \u8bbf\u95ee\u3002\u8fd9\u662f\u9ed8\u8ba4\u503c\u3002 ro\u3002\u53ea\u8bfb \uff08RO\uff09 \u8bbf\u95ee\u3002 \u5efa\u8bae \u5f53\u7ba1\u7406\u5458\u4e3a\u67d0\u4e9b\u7279\u5b9a\u7f16\u8f91\u8005\u6216\u8d21\u732e\u8005\u63d0\u4f9b\u8bfb\u5199 \uff08RW\uff09 \u8bbf\u95ee\u6743\u9650\u5e76\u4e3a\u5176\u4f59\u7528\u6237\uff08\u67e5\u770b\u8005\uff09\u63d0\u4f9b\u53ea\u8bfb \uff08RO\uff09 \u8bbf\u95ee\u6743\u9650\u65f6\uff0cRO \u8bbf\u95ee\u7ea7\u522b\u5728\u516c\u5171\u5171\u4eab\u4e2d\u4f1a\u5f88\u6709\u5e2e\u52a9\u3002 \u60a8\u8fd8\u5fc5\u987b\u6307\u5b9a\u4ee5\u4e0b\u53d7\u652f\u6301\u7684\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u4e4b\u4e00\uff1a ip\u3002\u901a\u8fc7\u5b9e\u4f8b\u7684 IP \u5730\u5740\u5bf9\u5b9e\u4f8b\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u6709\u6548\u683c\u5f0f\u4e3a XX.XX.XX.XX \u6216 XX.XX.XX.XX/XX\u3002\u4f8b\u5982\uff0c0.0.0.0/0\u3002 cert\u3002\u901a\u8fc7 TLS \u8bc1\u4e66\u5bf9\u5b9e\u4f8b\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u5c06 TLS \u6807\u8bc6\u6307\u5b9a\u4e3a IDENTKEY\u3002\u6709\u6548\u503c\u662f\u8bc1\u4e66\u516c\u7528\u540d \uff08CN\uff09 \u4e2d\u957f\u5ea6\u4e0d\u8d85\u8fc7 64 \u4e2a\u5b57\u7b26\u7684\u4efb\u4f55\u5b57\u7b26\u4e32\u3002 user\u3002\u6309\u6307\u5b9a\u7684\u7528\u6237\u540d\u6216\u7ec4\u540d\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u6709\u6548\u503c\u662f\u4e00\u4e2a\u5b57\u6bcd\u6570\u5b57\u5b57\u7b26\u4e32\uff0c\u53ef\u4ee5\u5305\u542b\u4e00\u4e9b\u7279\u6b8a\u5b57\u7b26\uff0c\u957f\u5ea6\u4e3a 4 \u5230 32 \u4e2a\u5b57\u7b26\u3002 \u6ce8\u610f \u652f\u6301\u7684\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u53d6\u51b3\u4e8e\u60a8\u914d\u7f6e\u548c\u4f7f\u7528\u7684\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u3001\u5b89\u5168\u670d\u52a1\u548c\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\u3002\u652f\u6301\u7684\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\u5305\u62ec NFS\u3001CIFS\u3001GlusterFS \u548c HDFS\u3002\u652f\u6301\u7684\u5b89\u5168\u670d\u52a1\u5305\u62ec LDAP\u3001Kerberos \u534f\u8bae\u6216 Microsoft Active Directory \u670d\u52a1\u3002\u6709\u5173\u4e0d\u540c\u9a71\u52a8\u7a0b\u5e8f\u652f\u6301\u529f\u80fd\u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u9a6c\u5c3c\u62c9\u5171\u4eab\u529f\u80fd\u652f\u6301\u6620\u5c04\u3002 \u4e0b\u9762\u662f\u4e0e\u901a\u7528\u9a71\u52a8\u7a0b\u5e8f\u5171\u4eab\u7684 NFS \u793a\u4f8b\u3002\u521b\u5efa\u5171\u4eab\u540e\uff0c\u5b83\u5177\u6709\u5bfc\u51fa\u4f4d\u7f6e 10.254.0.3:/shares/share-b2874f8d-d428-4a5c-b056-e6af80a995de \u3002\u5982\u679c\u60a8\u5c1d\u8bd5\u4f7f\u7528 10.254.0.4 IP \u5730\u5740\u5c06\u5176\u6302\u8f7d\u5230\u4e3b\u673a\u4e0a\uff0c\u60a8\u5c06\u6536\u5230\u201c\u6743\u9650\u88ab\u62d2\u7edd\u201d\u6d88\u606f\u3002 # mount.nfs -v 10.254.0.3:/shares/share-b2874f8d-d428-4a5c-b056-e6af80a995de /mnt mount.nfs: timeout set for Mon Oct 12 13:07:47 2015 mount.nfs: trying text-based options 'vers=4,addr=10.254.0.3,clientaddr=10.254.0.4' mount.nfs: mount(2): Permission denied mount.nfs: access denied by server while mounting 10.254.0.3:/shares/share-b2874f8d-... \u4f5c\u4e3a\u7ba1\u7406\u5458\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7 SSH \u8fde\u63a5\u5230\u5177\u6709 IP \u5730\u5740\u7684 10.254.0.3 \u4e3b\u673a\uff0c\u68c0\u67e5\u5176 /etc/exports \u4e0a\u7684\u6587\u4ef6\u5e76\u67e5\u770b\u5b83\u662f\u5426\u4e3a\u7a7a\uff1a # cat /etc/exports # \u6211\u4eec\u5728\u793a\u4f8b\u4e2d\u4f7f\u7528\u7684\u901a\u7528\u9a71\u52a8\u7a0b\u5e8f\u4e0d\u652f\u6301\u4efb\u4f55\u5b89\u5168\u670d\u52a1\uff0c\u56e0\u6b64\u4f7f\u7528 NFS \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\uff0c\u6211\u4eec\u53ea\u80fd\u901a\u8fc7 IP \u5730\u5740\u6388\u4e88\u8bbf\u95ee\u6743\u9650\uff1a $ manila access-allow Share_demo2 ip 10.254.0.4 +--------------+--------------------------------------+ | Property | Value | +--------------+--------------------------------------+ | share_id | e57c25a8-0392-444f-9ffc-5daadb9f756c | | access_type | ip | | access_to | 10.254.0.4 | | access_level | rw | | state | new | | id | 62b8e453-d712-4074-8410-eab6227ba267 | +--------------+--------------------------------------+ \u89c4\u5219\u8fdb\u5165\u72b6\u6001 active \u540e\uff0c\u6211\u4eec\u53ef\u4ee5\u518d\u6b21\u8fde\u63a5\u5230 10.254.0.3 \u4e3b\u673a\u5e76\u68c0\u67e5 /etc/exports \u6587\u4ef6\uff0c\u5e76\u67e5\u770b\u662f\u5426\u6dfb\u52a0\u4e86\u5e26\u6709\u89c4\u5219\u7684\u884c\uff1a # cat /etc/exports /shares/share-b2874f8d-d428-4a5c-b056-e6af80a995de 10.254.0.4(rw,sync,wdelay,hide,nocrossmnt,secure,root_squash,no_all_squash,no_subtree_check,secure_locks,acl,anonuid=65534,anongid=65534,sec=sys,rw,root_squash,no_all_squash) \u73b0\u5728\uff0c\u6211\u4eec\u53ef\u4ee5\u4f7f\u7528 IP \u5730\u5740 10.254.0.4 \u5728\u4e3b\u673a\u4e0a\u6302\u8f7d\u5171\u4eab\uff0c\u5e76\u62e5\u6709 rw \u5171\u4eab\u6743\u9650\uff1a # mount.nfs -v 10.254.0.3:/shares/share-b2874f8d-d428-4a5c-b056-e6af80a995de /mnt # ls -a /mnt . .. lost+found # echo \"Hello!\" > /mnt/1.txt # ls -a /mnt . .. 1.txt lost+found # \u5171\u4eab\u7c7b\u578b\u8bbf\u95ee\u63a7\u5236 \u00b6 \u5171\u4eab\u7c7b\u578b\u662f\u7ba1\u7406\u5458\u5b9a\u4e49\u7684\u201c\u670d\u52a1\u7c7b\u578b\u201d\uff0c\u7531\u79df\u6237\u53ef\u89c1\u63cf\u8ff0\u548c\u79df\u6237\u4e0d\u53ef\u89c1\u952e\u503c\u5bf9\u5217\u8868\uff08\u989d\u5916\u89c4\u8303\uff09\u7ec4\u6210\u3002manila-scheduler \u4f7f\u7528\u989d\u5916\u7684\u89c4\u8303\u6765\u505a\u51fa\u8c03\u5ea6\u51b3\u7b56\uff0c\u9a71\u52a8\u7a0b\u5e8f\u63a7\u5236\u5171\u4eab\u521b\u5efa\u3002 \u7ba1\u7406\u5458\u53ef\u4ee5\u521b\u5efa\u548c\u5220\u9664\u5171\u4eab\u7c7b\u578b\uff0c\u8fd8\u53ef\u4ee5\u7ba1\u7406\u5728\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4e2d\u8d4b\u4e88\u5b83\u4eec\u542b\u4e49\u7684\u989d\u5916\u89c4\u8303\u3002\u79df\u6237\u53ef\u4ee5\u5217\u51fa\u5171\u4eab\u7c7b\u578b\uff0c\u5e76\u53ef\u4ee5\u4f7f\u7528\u5b83\u4eec\u521b\u5efa\u65b0\u5171\u4eab\u3002\u6709\u5173\u7ba1\u7406\u5171\u4eab\u7c7b\u578b\u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf API \u548c\u5171\u4eab\u7c7b\u578b\u7ba1\u7406\u6587\u6863\u3002 \u5171\u4eab\u7c7b\u578b\u53ef\u4ee5\u521b\u5efa\u4e3a\u516c\u5171\u548c\u79c1\u6709\u3002\u8fd9\u662f\u5171\u4eab\u7c7b\u578b\u7684\u53ef\u89c1\u6027\u7ea7\u522b\uff0c\u7528\u4e8e\u5b9a\u4e49\u5176\u4ed6\u79df\u6237\u662f\u5426\u53ef\u4ee5\u5728\u5171\u4eab\u7c7b\u578b\u5217\u8868\u4e2d\u770b\u5230\u5b83\uff0c\u5e76\u4f7f\u7528\u5b83\u6765\u521b\u5efa\u65b0\u5171\u4eab\u3002 \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u5171\u4eab\u7c7b\u578b\u521b\u5efa\u4e3a\u516c\u5171\u7c7b\u578b\u3002\u521b\u5efa\u5171\u4eab\u7c7b\u578b\u65f6\uff0c\u8bf7\u4f7f\u7528 --is_public \u53c2\u6570\u96c6 \u8bbe\u7f6e\u4e3a False \u79c1\u6709\u5171\u4eab\u7c7b\u578b\uff0c\u8fd9\u5c06\u9632\u6b62\u5176\u4ed6\u79df\u6237\u5728\u5171\u4eab\u7c7b\u578b\u5217\u8868\u4e2d\u770b\u5230\u5b83\u5e76\u4f7f\u7528\u5b83\u521b\u5efa\u65b0\u5171\u4eab\u3002\u53e6\u4e00\u65b9\u9762\uff0c\u516c\u5171\u5171\u4eab\u7c7b\u578b\u53ef\u4f9b\u4e91\u4e2d\u7684\u6bcf\u4e2a\u79df\u6237\u4f7f\u7528\u3002 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5141\u8bb8\u7ba1\u7406\u5458\u6388\u4e88\u6216\u62d2\u7edd\u5bf9\u79df\u6237\u7684\u4e13\u7528\u5171\u4eab\u7c7b\u578b\u7684\u8bbf\u95ee\u6743\u9650\u3002\u8fd8\u53ef\u4ee5\u83b7\u53d6\u6709\u5173\u6307\u5b9a\u4e13\u7528\u5171\u4eab\u7c7b\u578b\u7684\u8bbf\u95ee\u6743\u9650\u7684\u4fe1\u606f\u3002 \u5efa\u8bae \u7531\u4e8e\u5171\u4eab\u7c7b\u578b\u7531\u4e8e\u5176\u989d\u5916\u7684\u89c4\u8303\u800c\u6709\u52a9\u4e8e\u5728\u7528\u6237\u521b\u5efa\u5171\u4eab\u4e4b\u524d\u7b5b\u9009\u6216\u9009\u62e9\u540e\u7aef\uff0c\u56e0\u6b64\u4f7f\u7528\u5bf9\u5171\u4eab\u7c7b\u578b\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u53ef\u4ee5\u9650\u5236\u5ba2\u6237\u7aef\u9009\u62e9\u7279\u5b9a\u7684\u540e\u7aef\u3002 \u4f8b\u5982\uff0c\u4f5c\u4e3a\u7ba1\u7406\u5458\u79df\u6237\u4e2d\u7684\u7ba1\u7406\u5458\u7528\u6237\uff0c\u53ef\u4ee5\u521b\u5efa\u540d\u4e3a my_type \u7684\u4e13\u7528\u5171\u4eab\u7c7b\u578b\uff0c\u5e76\u5728\u5217\u8868\u4e2d\u67e5\u770b\u5b83\u3002\u5728\u63a7\u5236\u53f0\u793a\u4f8b\u4e2d\uff0c\u7701\u7565\u4e86\u767b\u5f55\u548c\u6ce8\u9500\uff0c\u5e76\u63d0\u4f9b\u4e86\u73af\u5883\u53d8\u91cf\u4ee5\u663e\u793a\u5f53\u524d\u767b\u5f55\u7684\u7528\u6237\u3002 $ env | grep OS_ ... OS_USERNAME=admin OS_TENANT_NAME=admin ... $ manila type-list --all +----+--------+-----------+-----------+-----------------------------------+-----------------------+ | ID | Name | Visibility| is_default| required_extra_specs | optional_extra_specs | +----+--------+-----------+-----------+-----------------------------------+-----------------------+ | 4..| my_type| private | - | driver_handles_share_servers:False| snapshot_support:True | | 5..| default| public | YES | driver_handles_share_servers:True | snapshot_support:True | +----+--------+-----------+-----------+-----------------------------------+-----------------------+ demo \u79df\u6237\u4e2d\u7684 demo \u7528\u6237\u53ef\u4ee5\u5217\u51fa\u7c7b\u578b\uff0c\u5e76\u4e14\u547d\u540d my_type \u7684\u4e13\u7528\u5171\u4eab\u7c7b\u578b\u5bf9\u4ed6\u4e0d\u53ef\u89c1\u3002 $ env | grep OS_ ... OS_USERNAME=demo OS_TENANT_NAME=demo ... $ manila type-list --all +----+--------+-----------+-----------+----------------------------------+----------------------+ | ID | Name | Visibility| is_default| required_extra_specs | optional_extra_specs | +----+--------+-----------+-----------+----------------------------------+----------------------+ | 5..| default| public | YES | driver_handles_share_servers:True| snapshot_support:True| +----+--------+-----------+-----------+----------------------------------+----------------------+ \u7ba1\u7406\u5458\u53ef\u4ee5\u6388\u4e88\u5bf9\u79df\u6237 ID \u7b49\u4e8e df29a37db5ae48d19b349fe947fada46 \u7684\u6f14\u793a\u79df\u6237\u7684\u4e13\u7528\u5171\u4eab\u7c7b\u578b\u7684\u8bbf\u95ee\u6743\u9650\uff1a $ env | grep OS_ ... OS_USERNAME=admin OS_TENANT_NAME=admin ... $ openstack project list +----------------------------------+--------------------+ | ID | Name | +----------------------------------+--------------------+ | ... | ... | | df29a37db5ae48d19b349fe947fada46 | demo | +----------------------------------+--------------------+ $ manila type-access-add my_type df29a37db5ae48d19b349fe947fada46 \u56e0\u6b64\uff0c\u73b0\u5728\u6f14\u793a\u79df\u6237\u4e2d\u7684\u7528\u6237\u53ef\u4ee5\u770b\u5230\u4e13\u7528\u5171\u4eab\u7c7b\u578b\uff0c\u5e76\u5728\u5171\u4eab\u521b\u5efa\u4e2d\u4f7f\u7528\u5b83\uff1a $ env | grep OS_ ... OS_USERNAME=demo OS_TENANT_NAME=demo ... $ manila type-list --all +----+--------+-----------+-----------+-----------------------------------+-----------------------+ | ID | Name | Visibility| is_default| required_extra_specs | optional_extra_specs | +----+--------+-----------+-----------+-----------------------------------+-----------------------+ | 4..| my_type| private | - | driver_handles_share_servers:False| snapshot_support:True | | 5..| default| public | YES | driver_handles_share_servers:True | snapshot_support:True | +----+--------+-----------+-----------+-----------------------------------+- \u8981\u62d2\u7edd\u5bf9\u6307\u5b9a\u9879\u76ee\u7684\u8bbf\u95ee\uff0c\u8bf7\u4f7f\u7528 manila type-access-remove \u547d\u4ee4\u3002 \u5efa\u8bae \u4e00\u4e2a\u771f\u5b9e\u7684\u751f\u4ea7\u7528\u4f8b\u663e\u793a\u4e86\u5171\u4eab\u7c7b\u578b\u7684\u7528\u9014\u548c\u5bf9\u5b83\u4eec\u7684\u8bbf\u95ee\uff0c\u5f53\u4f60\u6709\u4e24\u4e2a\u540e\u7aef\u65f6\uff1a\u5ec9\u4ef7\u7684 LVM \u4f5c\u4e3a\u516c\u5171\u5b58\u50a8\uff0c\u6602\u8d35\u7684 Ceph \u4f5c\u4e3a\u79c1\u6709\u5b58\u50a8\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u53ef\u4ee5\u5411\u67d0\u4e9b\u79df\u6237\u6388\u4e88\u8bbf\u95ee\u6743\u9650\uff0c\u5e76\u4f7f\u7528 `user/group` \u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u8fdb\u884c\u8bbf\u95ee\u3002 \u653f\u7b56 \u00b6 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u6709\u81ea\u5df1\u7684\u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u7b56\u7565\u3002\u5b83\u4eec\u786e\u5b9a\u54ea\u4e2a\u7528\u6237\u53ef\u4ee5\u4ee5\u54ea\u79cd\u65b9\u5f0f\u8bbf\u95ee\u54ea\u4e9b\u5bf9\u8c61\uff0c\u5e76\u5728\u670d\u52a1\u7684 policy.json \u6587\u4ef6\u4e2d\u5b9a\u4e49\u3002 \u5efa\u8bae \u914d\u7f6e\u6587\u4ef6 `policy.json` \u53ef\u4ee5\u653e\u7f6e\u5728\u4efb\u4f55\u4f4d\u7f6e\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u8be5\u8def\u5f84 `/etc/manila/policy.json` \u662f\u5fc5\u9700\u7684\u3002 \u6bcf\u5f53\u5bf9\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u8fdb\u884c API \u8c03\u7528\u65f6\uff0c\u7b56\u7565\u5f15\u64ce\u90fd\u4f1a\u4f7f\u7528\u76f8\u5e94\u7684\u7b56\u7565\u5b9a\u4e49\u6765\u786e\u5b9a\u662f\u5426\u53ef\u4ee5\u63a5\u53d7\u8be5\u8c03\u7528\u3002 \u7b56\u7565\u89c4\u5219\u786e\u5b9a\u5728\u4ec0\u4e48\u60c5\u51b5\u4e0b\u5141\u8bb8 API \u8c03\u7528\u3002\u5f53 /etc/manila/policy.json \u89c4\u5219\u4e3a\u7a7a\u5b57\u7b26\u4e32\u65f6\uff0c\u8be5\u6587\u4ef6\u5177\u6709\u59cb\u7ec8\u5141\u8bb8\u64cd\u4f5c\u7684\u89c4\u5219\uff1a \"\" ;\u57fa\u4e8e\u7528\u6237\u89d2\u8272\u6216\u89c4\u5219\u7684\u89c4\u5219;\u5e26\u6709\u5e03\u5c14\u8868\u8fbe\u5f0f\u7684\u89c4\u5219\u3002\u4e0b\u9762\u662f\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1 policy.json \u7684\u6587\u4ef6\u7247\u6bb5\u3002\u4ece\u4e00\u4e2aOpenStack\u7248\u672c\u5230\u53e6\u4e00\u4e2aOpenStack\u7248\u672c\uff0c\u53ef\u4ee5\u5bf9\u5176\u8fdb\u884c\u66f4\u6539\u3002 { \"context_is_admin\": \"role:admin\", \"admin_or_owner\": \"is_admin:True or project_id:%(project_id)s\", \"default\": \"rule:admin_or_owner\", \"share_extension:quotas:show\": \"\", \"share_extension:quotas:update\": \"rule:admin_api\", \"share_extension:quotas:delete\": \"rule:admin_api\", \"share_extension:quota_classes\": \"\", } \u5fc5\u987b\u5c06\u7528\u6237\u5206\u914d\u5230\u7b56\u7565\u4e2d\u5f15\u7528\u7684\u7ec4\u548c\u89d2\u8272\u3002\u5f53\u4f7f\u7528\u7528\u6237\u7ba1\u7406\u547d\u4ee4\u65f6\uff0c\u670d\u52a1\u4f1a\u81ea\u52a8\u5b8c\u6210\u6b64\u64cd\u4f5c\u3002 \u6ce8\u610f \u4efb\u4f55\u66f4\u6539 `/etc/manila/policy.json` \u90fd\u4f1a\u7acb\u5373\u751f\u6548\uff0c\u8fd9\u5141\u8bb8\u5728\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u8fd0\u884c\u65f6\u5b9e\u65bd\u65b0\u7b56\u7565\u3002\u624b\u52a8\u4fee\u6539\u7b56\u7565\u53ef\u80fd\u4f1a\u4ea7\u751f\u610f\u60f3\u4e0d\u5230\u7684\u526f\u4f5c\u7528\uff0c\u56e0\u6b64\u4e0d\u9f13\u52b1\u8fd9\u6837\u505a\u3002\u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 policy.json \u6587\u4ef6\u3002 \u68c0\u67e5\u8868 \u00b6 Check-Shared-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/manila\uff1f \u00b6 \u914d\u7f6e\u6587\u4ef6\u5305\u542b\u7ec4\u4ef6\u5e73\u7a33\u8fd0\u884c\u6240\u9700\u7684\u5173\u952e\u53c2\u6570\u548c\u4fe1\u606f\u3002\u5982\u679c\u975e\u7279\u6743\u7528\u6237\u6709\u610f\u6216\u65e0\u610f\u5730\u4fee\u6539\u6216\u5220\u9664\u4efb\u4f55\u53c2\u6570\u6216\u6587\u4ef6\u672c\u8eab\uff0c\u5219\u4f1a\u5bfc\u81f4\u4e25\u91cd\u7684\u53ef\u7528\u6027\u95ee\u9898\uff0c\u4ece\u800c\u5bfc\u81f4\u62d2\u7edd\u5411\u5176\u4ed6\u6700\u7ec8\u7528\u6237\u63d0\u4f9b\u670d\u52a1\u3002\u56e0\u6b64\uff0c\u6b64\u7c7b\u5173\u952e\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a root\uff0c\u7ec4\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a manila\u3002\u6b64\u5916\uff0c\u5305\u542b\u76ee\u5f55\u5e94\u5177\u6709\u76f8\u540c\u7684\u6240\u6709\u6743\uff0c\u4ee5\u786e\u4fdd\u6b63\u786e\u62e5\u6709\u65b0\u6587\u4ef6\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%U %G\" /etc/manila/manila.conf | egrep \"root manila\" $ stat -L -c \"%U %G\" /etc/manila/api-paste.ini | egrep \"root manila\" $ stat -L -c \"%U %G\" /etc/manila/policy.json | egrep \"root manila\" $ stat -L -c \"%U %G\" /etc/manila/rootwrap.conf | egrep \"root manila\" $ stat -L -c \"%U %G\" /etc/manila | egrep \"root manila\" \u901a\u8fc7\uff1a\u5982\u679c\u6240\u6709\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u5206\u522b\u8bbe\u7f6e\u4e3a root \u548c manila\u3002\u4e0a\u9762\u7684\u547d\u4ee4\u663e\u793a\u4e86\u6839\u9a6c\u5c3c\u62c9\u7684\u8f93\u51fa\u3002 \u5931\u8d25\uff1a\u5982\u679c\u4e0a\u8ff0\u547d\u4ee4\u672a\u8fd4\u56de\u4efb\u4f55\u8f93\u51fa\uff0c\u56e0\u4e3a\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u53ef\u80fd\u5df2\u8bbe\u7f6e\u4e3a\u9664 root \u4ee5\u5916\u7684\u4efb\u4f55\u7528\u6237\u6216\u9a6c\u5c3c\u62c9\u4ee5\u5916\u7684\u4efb\u4f55\u7ec4\u3002 Check-Shared-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f \u00b6 \u4e0e\u524d\u9762\u7684\u68c0\u67e5\u7c7b\u4f3c\uff0c\u5efa\u8bae\u5bf9\u6b64\u7c7b\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e25\u683c\u7684\u8bbf\u95ee\u6743\u9650\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%a\" /etc/manila/manila.conf $ stat -L -c \"%a\" /etc/manila/api-paste.ini $ stat -L -c \"%a\" /etc/manila/policy.json $ stat -L -c \"%a\" /etc/manila/rootwrap.conf $ stat -L -c \"%a\" /etc/manila \u8fd8\u53ef\u4ee5\u8fdb\u884c\u66f4\u5e7f\u6cdb\u7684\u9650\u5236\uff1a\u5982\u679c\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\uff0c\u5219\u4fdd\u8bc1\u6b64\u76ee\u5f55\u4e2d\u65b0\u521b\u5efa\u7684\u6587\u4ef6\u5177\u6709\u6240\u9700\u7684\u6743\u9650\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u6743\u9650\u8bbe\u7f6e\u4e3a 640 \u6216\u66f4\u4e25\u683c\uff0c\u6216\u8005\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\u3002640 \u7684\u6743\u9650\u8f6c\u6362\u4e3a\u6240\u6709\u8005 r/w\u3001\u7ec4 r\uff0c\u800c\u5bf9\u5176\u4ed6\u4eba\u6ca1\u6709\u6743\u9650\uff0c\u5373\u201cu=rw\uff0cg=r\uff0co=\u201d\u3002\u8bf7\u6ce8\u610f\uff0c\u4f7f\u7528 Check-Shared-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/manila\uff1f\u6743\u9650\u8bbe\u7f6e\u4e3a 640\uff0croot \u5177\u6709\u8bfb/\u5199\u8bbf\u95ee\u6743\u9650\uff0cmanila \u5177\u6709\u5bf9\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u8bfb\u53d6\u8bbf\u95ee\u6743\u9650\u3002\u4e5f\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u9a8c\u8bc1\u8bbf\u95ee\u6743\u9650\u3002\u4ec5\u5f53\u6b64\u547d\u4ee4\u652f\u6301 ACL \u65f6\uff0c\u5b83\u624d\u5728\u60a8\u7684\u7cfb\u7edf\u4e0a\u53ef\u7528\u3002 $ getfacl --tabular -a /etc/manila/manila.conf getfacl: Removing leading '/' from absolute path names # file: etc/manila/manila.conf USER root rw- GROUP manila r-- mask r-- other --- \u5931\u8d25\uff1a\u5982\u679c\u6743\u9650\u672a\u8bbe\u7f6e\u4e3a\u81f3\u5c11 640\u3002 Check-Shared-03\uff1aOpenStack Identity \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f \u00b6 \u6ce8\u610f \u6b64\u9879\u4ec5\u9002\u7528\u4e8e OpenStack \u7248\u672c Rocky \u53ca\u4e4b\u524d\u7248\u672c\uff0c\u56e0\u4e3a `auth_strategy` Stein \u4e2d\u5df2\u5f03\u7528\u3002 OpenStack \u652f\u6301\u5404\u79cd\u8eab\u4efd\u9a8c\u8bc1\u7b56\u7565\uff0c\u5982 noauth \u548c keystone\u3002\u5982\u679c\u4f7f\u7528 ' noauth ' \u7b56\u7565\uff0c\u5219\u7528\u6237\u65e0\u9700\u4efb\u4f55\u8eab\u4efd\u9a8c\u8bc1\u5373\u53ef\u4e0e OpenStack \u670d\u52a1\u8fdb\u884c\u4ea4\u4e92\u3002\u8fd9\u53ef\u80fd\u662f\u4e00\u4e2a\u6f5c\u5728\u7684\u98ce\u9669\uff0c\u56e0\u4e3a\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u83b7\u5f97\u5bf9 OpenStack \u7ec4\u4ef6\u7684\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002\u56e0\u6b64\uff0c\u5f3a\u70c8\u5efa\u8bae\u6240\u6709\u670d\u52a1\u90fd\u5fc5\u987b\u4f7f\u7528\u5176\u670d\u52a1\u5e10\u6237\u901a\u8fc7 keystone \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 auth_strategy \u8bbe\u7f6e\u4e3a keystone \u3002 [DEFAULT] manila.conf \u5931\u8d25\uff1a\u5982\u679c section \u4e0b\u7684 [DEFAULT] \u53c2\u6570 auth_strategy \u503c\u8bbe\u7f6e\u4e3a noauth \u3002 Check-Shared-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f \u00b6 OpenStack \u7ec4\u4ef6\u4f7f\u7528\u5404\u79cd\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\uff0c\u901a\u4fe1\u53ef\u80fd\u6d89\u53ca\u654f\u611f\u6216\u673a\u5bc6\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5c1d\u8bd5\u7a83\u542c\u9891\u9053\u4ee5\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u6240\u6709\u7ec4\u4ef6\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in /etc/manila/manila.conf \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a Identity API \u7aef\u70b9\u5f00\u5934\uff0c https:// \u5e76\u4e14 same /etc/manila/manila.conf \u4e2d\u540c\u4e00 [keystone_authtoken] \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri insecure \u503c\u8bbe\u7f6e\u4e3a False \u3002 \u5931\u8d25\uff1a\u5982\u679c in /etc/manila/manila.conf \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri \u503c\u672a\u8bbe\u7f6e\u4e3a\u4ee5 \u5f00\u5934\u7684\u8eab\u4efd API \u7aef\u70b9\uff0c https:// \u6216\u8005\u540c\u4e00 /etc/manila/manila.conf \u90e8\u5206\u4e2d\u7684\u53c2\u6570 insecure [keystone_authtoken] \u503c\u8bbe\u7f6e\u4e3a True \u3002 Check-Shared-05\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u8ba1\u7b97\u8054\u7cfb\uff1f \u00b6 \u6ce8\u610f \u6b64\u9879\u4ec5\u9002\u7528\u4e8e OpenStack \u7248\u672c Train \u53ca\u4e4b\u524d\u7248\u672c\uff0c\u56e0\u4e3a `auth_strategy` Ussuri \u4e2d\u5df2\u5f03\u7528\u3002 OpenStack \u7ec4\u4ef6\u4f7f\u7528\u5404\u79cd\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\uff0c\u901a\u4fe1\u53ef\u80fd\u6d89\u53ca\u654f\u611f\u6216\u673a\u5bc6\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5c1d\u8bd5\u7a83\u542c\u9891\u9053\u4ee5\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u56e0\u6b64\uff0c\u6240\u6709\u7ec4\u4ef6\u90fd\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u7684\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 nova_api_insecure \u8bbe\u7f6e\u4e3a False \u3002 [DEFAULT] manila.conf \u5931\u8d25\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 nova_api_insecure \u8bbe\u7f6e\u4e3a True \u3002 [DEFAULT] manila.conf Check-Shared-06\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u7f51\u7edc\u8054\u7cfb\uff1f \u00b6 \u6ce8\u610f \u6b64\u9879\u4ec5\u9002\u7528\u4e8e OpenStack \u7248\u672c Train \u53ca\u4e4b\u524d\u7248\u672c\uff0c\u56e0\u4e3a `auth_strategy` Ussuri \u4e2d\u5df2\u5f03\u7528\u3002 \u4e0e\u4e4b\u524d\u7684\u68c0\u67e5\uff08Check-Shared-05\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u8ba1\u7b97\u8054\u7cfb\uff1f\uff09\u7c7b\u4f3c\uff0c\u5efa\u8bae\u6240\u6709\u7ec4\u4ef6\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 neutron_api_insecure \u8bbe\u7f6e\u4e3a False \u3002 [DEFAULT] manila.conf \u5931\u8d25\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 neutron_api_insecure \u8bbe\u7f6e\u4e3a True \u3002 [DEFAULT] manila.conf Check-Shared-07\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u5757\u5b58\u50a8\u8054\u7cfb\uff1f \u00b6 \u6ce8\u610f \u6b64\u9879\u4ec5\u9002\u7528\u4e8e OpenStack \u7248\u672c Train \u53ca\u4e4b\u524d\u7248\u672c\uff0c\u56e0\u4e3a `auth_strategy` Ussuri \u4e2d\u5df2\u5f03\u7528\u3002 \u4e0e\u4e4b\u524d\u7684\u68c0\u67e5\uff08Check-Shared-05\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u8ba1\u7b97\u8054\u7cfb\uff1f\uff09\u7c7b\u4f3c\uff0c\u5efa\u8bae\u6240\u6709\u7ec4\u4ef6\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 cinder_api_insecure \u8bbe\u7f6e\u4e3a False \u3002 [DEFAULT] manila.conf \u5931\u8d25\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 cinder_api_insecure \u8bbe\u7f6e\u4e3a True \u3002 [DEFAULT] manila.conf Check-Shared-08\uff1a\u8bf7\u6c42\u6b63\u6587\u7684\u6700\u5927\u5927\u5c0f\u662f\u5426\u8bbe\u7f6e\u4e3a\u9ed8\u8ba4\u503c \uff08114688\uff09\uff1f \u00b6 \u5982\u679c\u672a\u5b9a\u4e49\u6bcf\u4e2a\u8bf7\u6c42\u7684\u6700\u5927\u6b63\u6587\u5927\u5c0f\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u6784\u5efa\u4efb\u610f\u8f83\u5927\u7684OSAPI\u8bf7\u6c42\uff0c\u5bfc\u81f4\u670d\u52a1\u5d29\u6e83\uff0c\u6700\u7ec8\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u5206\u914d\u6700\u5927\u503c\u53ef\u786e\u4fdd\u963b\u6b62\u4efb\u4f55\u6076\u610f\u8d85\u5927\u8bf7\u6c42\uff0c\u4ece\u800c\u786e\u4fdd\u670d\u52a1\u7684\u6301\u7eed\u53ef\u7528\u6027\u3002 \u901a\u8fc7\uff1a\u5982\u679c in \u8282\u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a \uff0c\u6216\u8005 in manila.conf manila.conf \u8282\u4e0b\u7684 [oslo_middleware] [DEFAULT] \u53c2\u6570 max_request_body_size osapi_max_request_body_size \u503c\u8bbe\u7f6e\u4e3a 114688 \u3002 114688 \u4e0b\u9762\u7684 [DEFAULT] \u53c2\u6570 osapi_max_request_body_size \u5df2\u5f03\u7528\uff0c\u6700\u597d\u4f7f\u7528 [oslo_middleware]/ max_request_body_size \u3002 \u5931\u8d25\uff1a\u5982\u679c in manila.conf \u8282\u4e0b\u7684\u53c2\u6570\u503c\u672a\u8bbe\u7f6e\u4e3a 114688 \uff0c\u6216\u8005 in manila.conf \u8282\u4e0b\u7684 [DEFAULT] [oslo_middleware] \u53c2\u6570 max_request_body_size osapi_max_request_body_size \u503c\u672a\u8bbe\u7f6e\u4e3a 114688 \u3002 \u8054\u7f51 \u00b6 OpenStack \u7f51\u7edc\u670d\u52a1 \uff08neutron\uff09 \u4f7f\u6700\u7ec8\u7528\u6237\u6216\u79df\u6237\u80fd\u591f\u5b9a\u4e49\u3001\u5229\u7528\u548c\u4f7f\u7528\u7f51\u7edc\u8d44\u6e90\u3002OpenStack Networking \u63d0\u4f9b\u4e86\u4e00\u4e2a\u9762\u5411\u79df\u6237\u7684 API\uff0c\u7528\u4e8e\u5b9a\u4e49\u4e91\u4e2d\u5b9e\u4f8b\u7684\u7f51\u7edc\u8fde\u63a5\u548c IP \u5bfb\u5740\uff0c\u4ee5\u53ca\u7f16\u6392\u7f51\u7edc\u914d\u7f6e\u3002\u968f\u7740\u5411\u4ee5 API \u4e3a\u4e2d\u5fc3\u7684\u7f51\u7edc\u670d\u52a1\u7684\u8fc7\u6e21\uff0c\u4e91\u67b6\u6784\u5e08\u548c\u7ba1\u7406\u5458\u5e94\u8003\u8651\u6700\u4f73\u5b9e\u8df5\u6765\u4fdd\u62a4\u7269\u7406\u548c\u865a\u62df\u7f51\u7edc\u57fa\u7840\u67b6\u6784\u548c\u670d\u52a1\u3002 OpenStack Networking \u91c7\u7528\u63d2\u4ef6\u67b6\u6784\u8bbe\u8ba1\uff0c\u901a\u8fc7\u5f00\u6e90\u793e\u533a\u6216\u7b2c\u4e09\u65b9\u670d\u52a1\u63d0\u4f9b API \u7684\u53ef\u6269\u5c55\u6027\u3002\u5728\u8bc4\u4f30\u67b6\u6784\u8bbe\u8ba1\u8981\u6c42\u65f6\uff0c\u786e\u5b9a OpenStack Networking \u6838\u5fc3\u670d\u52a1\u4e2d\u6709\u54ea\u4e9b\u529f\u80fd\u3001\u7b2c\u4e09\u65b9\u4ea7\u54c1\u63d0\u4f9b\u7684\u4efb\u4f55\u5176\u4ed6\u670d\u52a1\u4ee5\u53ca\u9700\u8981\u5728\u7269\u7406\u57fa\u7840\u67b6\u6784\u4e2d\u5b9e\u73b0\u54ea\u4e9b\u8865\u5145\u670d\u52a1\u975e\u5e38\u91cd\u8981\u3002 \u672c\u8282\u7b80\u8981\u6982\u8ff0\u4e86\u5728\u5b9e\u73b0 OpenStack Networking \u65f6\u5e94\u8003\u8651\u54ea\u4e9b\u6d41\u7a0b\u548c\u6700\u4f73\u5b9e\u8df5\u3002 \u7f51\u7edc\u67b6\u6784 \u5728\u7269\u7406\u670d\u52a1\u5668\u4e0a\u653e\u7f6e OpenStack Networking \u670d\u52a1 \u7f51\u7edc\u670d\u52a1 \u4f7f\u7528 VLAN \u548c\u96a7\u9053\u7684 L2 \u9694\u79bb \u7f51\u7edc\u670d\u52a1 \u7f51\u7edc\u670d\u52a1\u6269\u5c55 \u7f51\u7edc\u670d\u52a1\u9650\u5236 \u7f51\u7edc\u670d\u52a1\u5b89\u5168\u6700\u4f73\u505a\u6cd5 OpenStack Networking \u670d\u52a1\u914d\u7f6e \u4fdd\u62a4 OpenStack \u7f51\u7edc\u670d\u52a1 \u9879\u76ee\u7f51\u7edc\u670d\u52a1\u5de5\u4f5c\u6d41\u7a0b \u7f51\u7edc\u8d44\u6e90\u7b56\u7565\u5f15\u64ce \u5b89\u5168\u7ec4 \u914d\u989d \u7f13\u89e3 ARP \u6b3a\u9a97 \u68c0\u67e5\u8868 Check-Neutron-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/neutron\uff1f Check-Neutron-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Neutron-03\uff1aKeystone\u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Neutron-04\uff1a\u662f\u5426\u4f7f\u7528\u5b89\u5168\u534f\u8bae\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Neutron-05\uff1aNeutron API \u670d\u52a1\u5668\u4e0a\u662f\u5426\u542f\u7528\u4e86 TLS\uff1f \u7f51\u7edc\u67b6\u6784 \u00b6 OpenStack Networking \u662f\u4e00\u4e2a\u72ec\u7acb\u7684\u670d\u52a1\uff0c\u901a\u5e38\u5728\u591a\u4e2a\u8282\u70b9\u4e0a\u90e8\u7f72\u591a\u4e2a\u8fdb\u7a0b\u3002\u8fd9\u4e9b\u8fdb\u7a0b\u5f7c\u6b64\u4ea4\u4e92\uff0c\u5e76\u4e0e\u5176\u4ed6 OpenStack \u670d\u52a1\u4ea4\u4e92\u3002OpenStack Networking \u670d\u52a1\u7684\u4e3b\u8981\u8fdb\u7a0b\u662f neutron-server\uff0c\u8fd9\u662f\u4e00\u4e2a Python \u5b88\u62a4\u8fdb\u7a0b\uff0c\u5b83\u516c\u5f00 OpenStack Networking API\uff0c\u5e76\u5c06\u79df\u6237\u8bf7\u6c42\u4f20\u9012\u7ed9\u4e00\u7ec4\u63d2\u4ef6\u8fdb\u884c\u989d\u5916\u5904\u7406\u3002 OpenStack Networking \u7ec4\u4ef6\u5305\u62ec\uff1a neutron \u670d\u52a1\u5668\uff08neutron-server \u548c neutron-*-plugin\uff09 \u6b64\u670d\u52a1\u5728\u7f51\u7edc\u8282\u70b9\u4e0a\u8fd0\u884c\uff0c\u4e3a\u7f51\u7edc API \u53ca\u5176\u6269\u5c55\u63d0\u4f9b\u670d\u52a1\u3002\u5b83\u8fd8\u5f3a\u5236\u6267\u884c\u6bcf\u4e2a\u7aef\u53e3\u7684\u7f51\u7edc\u6a21\u578b\u548c IP \u5bfb\u5740\u3002neutron-server \u9700\u8981\u95f4\u63a5\u8bbf\u95ee\u6301\u4e45\u6027\u6570\u636e\u5e93\u3002\u8fd9\u662f\u901a\u8fc7\u63d2\u4ef6\u5b9e\u73b0\u7684\uff0c\u63d2\u4ef6\u4f7f\u7528 AMQP\uff08\u9ad8\u7ea7\u6d88\u606f\u961f\u5217\u534f\u8bae\uff09\u4e0e\u6570\u636e\u5e93\u8fdb\u884c\u901a\u4fe1\u3002 \u63d2\u4ef6\u4ee3\u7406 \uff08neutron-*-agent\uff09 \u5728\u6bcf\u4e2a\u8ba1\u7b97\u8282\u70b9\u4e0a\u8fd0\u884c\uff0c\u4ee5\u7ba1\u7406\u672c\u5730\u865a\u62df\u4ea4\u6362\u673a \uff08vswitch\uff09 \u914d\u7f6e\u3002\u60a8\u4f7f\u7528\u7684\u63d2\u4ef6\u51b3\u5b9a\u4e86\u8fd0\u884c\u54ea\u4e9b\u4ee3\u7406\u3002\u6b64\u670d\u52a1\u9700\u8981\u6d88\u606f\u961f\u5217\u8bbf\u95ee\uff0c\u5e76\u53d6\u51b3\u4e8e\u6240\u4f7f\u7528\u7684\u63d2\u4ef6\u3002\u4e00\u4e9b\u63d2\u4ef6\uff0c\u5982 OpenDaylight\uff08ODL\uff09 \u548c\u5f00\u653e\u865a\u62df\u7f51\u7edc \uff08OVN\uff09\uff0c\u5728\u8ba1\u7b97\u8282\u70b9\u4e0a\u4e0d\u9700\u8981\u4efb\u4f55 python \u4ee3\u7406\u3002 DHCP \u4ee3\u7406 \uff08neutron-dhcp-agent\uff09 \u4e3a\u79df\u6237\u7f51\u7edc\u63d0\u4f9bDHCP\u670d\u52a1\u3002\u6b64\u4ee3\u7406\u5728\u6240\u6709\u63d2\u4ef6\u4e2d\u90fd\u662f\u76f8\u540c\u7684\uff0c\u5e76\u8d1f\u8d23\u7ef4\u62a4 DHCP \u914d\u7f6e\u3002neutron-dhcp-agent \u9700\u8981\u6d88\u606f\u961f\u5217\u8bbf\u95ee\u3002\u53ef\u9009\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u63d2\u4ef6\u3002 L3 \u4ee3\u7406\uff08neutron-L3-agent\uff09 \u4e3a\u79df\u6237\u7f51\u7edc\u4e0a\u7684\u865a\u62df\u673a\u63d0\u4f9b L3/NAT \u8f6c\u53d1\u3002\u9700\u8981\u6d88\u606f\u961f\u5217\u8bbf\u95ee\u6743\u9650\u3002\u53ef\u9009\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u63d2\u4ef6\u3002 \u7f51\u7edc\u63d0\u4f9b\u5546\u670d\u52a1\uff08SDN \u670d\u52a1\u5668/\u670d\u52a1\uff09 \u4e3a\u79df\u6237\u7f51\u7edc\u63d0\u4f9b\u5176\u4ed6\u7f51\u7edc\u670d\u52a1\u3002\u8fd9\u4e9b SDN \u670d\u52a1\u53ef\u4ee5\u901a\u8fc7 REST API \u7b49\u901a\u4fe1\u901a\u9053\u4e0e neutron-server\u3001neutron-plugin \u548c plugin-agents \u8fdb\u884c\u4ea4\u4e92\u3002 \u4e0b\u56fe\u663e\u793a\u4e86 OpenStack Networking \u7ec4\u4ef6\u7684\u67b6\u6784\u548c\u7f51\u7edc\u6d41\u7a0b\u56fe\uff1a OpenStack Networking \u670d\u52a1\u5728\u7269\u7406\u670d\u52a1\u5668\u4e0a\u7684\u653e\u7f6e \u00b6 \u672c\u6307\u5357\u91cd\u70b9\u4ecb\u7ecd\u4e00\u4e2a\u6807\u51c6\u67b6\u6784\uff0c\u5176\u4e2d\u5305\u62ec\u4e00\u4e2a\u4e91\u63a7\u5236\u5668\u4e3b\u673a\u3001\u4e00\u4e2a\u7f51\u7edc\u4e3b\u673a\u548c\u4e00\u7ec4\u7528\u4e8e\u8fd0\u884c VM \u7684\u8ba1\u7b97\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u3002 \u7269\u7406\u670d\u52a1\u5668\u7684\u7f51\u7edc\u8fde\u63a5 \u00b6 \u6807\u51c6\u7684 OpenStack Networking \u8bbe\u7f6e\u6700\u591a\u6709\u56db\u4e2a\u4e0d\u540c\u7684\u7269\u7406\u6570\u636e\u4e2d\u5fc3\u7f51\u7edc\uff1a \u7ba1\u7406\u7f51\u7edc \u7528\u4e8e OpenStack \u7ec4\u4ef6\u4e4b\u95f4\u7684\u5185\u90e8\u901a\u4fe1\u3002\u6b64\u7f51\u7edc\u4e0a\u7684 IP \u5730\u5740\u5e94\u53ea\u80fd\u5728\u6570\u636e\u4e2d\u5fc3\u5185\u8bbf\u95ee\uff0c\u5e76\u88ab\u89c6\u4e3a\u7ba1\u7406\u5b89\u5168\u57df\u3002 \u8bbf\u5ba2\u7f51\u7edc \u7528\u4e8e\u4e91\u90e8\u7f72\u4e2d\u7684 VM \u6570\u636e\u901a\u4fe1\u3002\u6b64\u7f51\u7edc\u7684 IP \u5bfb\u5740\u8981\u6c42\u53d6\u51b3\u4e8e\u6240\u4f7f\u7528\u7684 OpenStack Networking \u63d2\u4ef6\u4ee5\u53ca\u79df\u6237\u5bf9\u865a\u62df\u7f51\u7edc\u6240\u505a\u7684\u7f51\u7edc\u914d\u7f6e\u9009\u62e9\u3002\u6b64\u7f51\u7edc\u88ab\u89c6\u4e3a\u5ba2\u6237\u673a\u5b89\u5168\u57df\u3002 \u5916\u90e8\u7f51\u7edc \u7528\u4e8e\u5728\u67d0\u4e9b\u90e8\u7f72\u65b9\u6848\u4e2d\u4e3a VM \u63d0\u4f9b Internet \u8bbf\u95ee\u6743\u9650\u3002Internet \u4e0a\u7684\u4efb\u4f55\u4eba\u90fd\u53ef\u4ee5\u8bbf\u95ee\u6b64\u7f51\u7edc\u4e0a\u7684 IP \u5730\u5740\u3002\u6b64\u7f51\u7edc\u88ab\u89c6\u4e3a\u5c5e\u4e8e\u516c\u5171\u5b89\u5168\u57df\u3002 API\u7f51\u7edc \u5411\u79df\u6237\u516c\u5f00\u6240\u6709 OpenStack API\uff0c\u5305\u62ec OpenStack \u7f51\u7edc API\u3002Internet \u4e0a\u7684\u4efb\u4f55\u4eba\u90fd\u53ef\u4ee5\u8bbf\u95ee\u6b64\u7f51\u7edc\u4e0a\u7684 IP \u5730\u5740\u3002\u8fd9\u53ef\u80fd\u4e0e\u5916\u90e8\u7f51\u7edc\u662f\u540c\u4e00\u7f51\u7edc\uff0c\u56e0\u4e3a\u53ef\u4ee5\u4e3a\u4f7f\u7528 IP \u5206\u914d\u8303\u56f4\u7684\u5916\u90e8\u7f51\u7edc\u521b\u5efa\u4e00\u4e2a\u5b50\u7f51\uff0c\u4ee5\u4fbf\u4ec5\u4f7f\u7528 IP \u5757\u4e2d\u5c0f\u4e8e\u5168\u90e8\u8303\u56f4\u7684 IP \u5730\u5740\u3002\u6b64\u7f51\u7edc\u88ab\u89c6\u4e3a\u516c\u5171\u5b89\u5168\u57df\u3002 \u6709\u5173\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u300aOpenStack \u7ba1\u7406\u5458\u6307\u5357\u300b\u3002 \u7f51\u7edc\u670d\u52a1 \u00b6 \u5728\u8bbe\u8ba1 OpenStack \u7f51\u7edc\u57fa\u7840\u67b6\u6784\u7684\u521d\u59cb\u67b6\u6784\u9636\u6bb5\uff0c\u786e\u4fdd\u63d0\u4f9b\u9002\u5f53\u7684\u4e13\u4e1a\u77e5\u8bc6\u6765\u534f\u52a9\u8bbe\u8ba1\u7269\u7406\u7f51\u7edc\u57fa\u7840\u67b6\u6784\uff0c\u786e\u5b9a\u9002\u5f53\u7684\u5b89\u5168\u63a7\u5236\u548c\u5ba1\u8ba1\u673a\u5236\u975e\u5e38\u91cd\u8981\u3002 OpenStack Networking \u589e\u52a0\u4e86\u4e00\u5c42\u865a\u62df\u5316\u7f51\u7edc\u670d\u52a1\uff0c\u4f7f\u79df\u6237\u80fd\u591f\u6784\u5efa\u81ea\u5df1\u7684\u865a\u62df\u7f51\u7edc\u3002\u76ee\u524d\uff0c\u8fd9\u4e9b\u865a\u62df\u5316\u670d\u52a1\u8fd8\u6ca1\u6709\u4f20\u7edf\u7f51\u7edc\u7684\u6210\u719f\u3002\u5728\u91c7\u7528\u8fd9\u4e9b\u865a\u62df\u5316\u670d\u52a1\u4e4b\u524d\uff0c\u8bf7\u8003\u8651\u8fd9\u4e9b\u670d\u52a1\u7684\u5f53\u524d\u72b6\u6001\uff0c\u56e0\u4e3a\u5b83\u51b3\u5b9a\u4e86\u60a8\u53ef\u80fd\u9700\u8981\u5728\u865a\u62df\u5316\u548c\u4f20\u7edf\u7f51\u7edc\u8fb9\u754c\u4e0a\u5b9e\u73b0\u54ea\u4e9b\u63a7\u5236\u3002 \u4f7f\u7528 VLAN \u548c\u96a7\u9053\u7684 L2 \u9694\u79bb \u00b6 OpenStack Networking \u53ef\u4ee5\u91c7\u7528\u4e24\u79cd\u4e0d\u540c\u7684\u673a\u5236\u5bf9\u6bcf\u4e2a\u79df\u6237/\u7f51\u7edc\u7ec4\u5408\u8fdb\u884c\u6d41\u91cf\u9694\u79bb\uff1aVLAN\uff08IEEE 802.1Q \u6807\u8bb0\uff09\u6216\u4f7f\u7528 GRE \u5c01\u88c5\u7684 L2 \u96a7\u9053\u3002OpenStack \u90e8\u7f72\u7684\u8303\u56f4\u548c\u89c4\u6a21\u51b3\u5b9a\u4e86\u60a8\u5e94\u8be5\u4f7f\u7528\u54ea\u79cd\u65b9\u6cd5\u8fdb\u884c\u6d41\u91cf\u9694\u79bb\u6216\u9694\u79bb\u3002 VLANs \u00b6 VLAN \u5728\u7279\u5b9a\u7269\u7406\u7f51\u7edc\u4e0a\u5b9e\u73b0\u4e3a\u6570\u636e\u5305\uff0c\u5176\u4e2d\u5305\u542b\u5177\u6709\u7279\u5b9a VLAN ID \uff08VID\uff09 \u5b57\u6bb5\u503c\u7684 IEEE 802.1Q \u6807\u5934\u3002\u5171\u4eab\u540c\u4e00\u7269\u7406\u7f51\u7edc\u7684 VLAN \u7f51\u7edc\u5728 L2 \u4e0a\u5f7c\u6b64\u9694\u79bb\uff0c\u751a\u81f3\u53ef\u4ee5\u6709\u91cd\u53e0\u7684 IP \u5730\u5740\u7a7a\u95f4\u3002\u6bcf\u4e2a\u652f\u6301 VLAN \u7f51\u7edc\u7684\u4e0d\u540c\u7269\u7406\u7f51\u7edc\u90fd\u88ab\u89c6\u4e3a\u4e00\u4e2a\u5355\u72ec\u7684 VLAN \u4e2d\u7ee7\uff0c\u5177\u6709\u4e0d\u540c\u7684 VID \u503c\u7a7a\u95f4\u3002\u6709\u6548\u7684 VID \u503c\u4e3a 1 \u5230 4094\u3002 VLAN \u914d\u7f6e\u7684\u590d\u6742\u6027\u53d6\u51b3\u4e8e\u60a8\u7684 OpenStack \u8bbe\u8ba1\u8981\u6c42\u3002\u4e3a\u4e86\u8ba9 OpenStack Networking \u80fd\u591f\u6709\u6548\u5730\u4f7f\u7528 VLAN\uff0c\u60a8\u5fc5\u987b\u5206\u914d\u4e00\u4e2a VLAN \u8303\u56f4\uff08\u6bcf\u4e2a\u79df\u6237\u4e00\u4e2a\uff09\uff0c\u5e76\u5c06\u6bcf\u4e2a\u8ba1\u7b97\u8282\u70b9\u7269\u7406\u4ea4\u6362\u673a\u7aef\u53e3\u8f6c\u6362\u4e3a VLAN \u4e2d\u7ee7\u7aef\u53e3\u3002 \u6ce8\u610f \u5982\u679c\u60a8\u6253\u7b97\u8ba9\u60a8\u7684\u7f51\u7edc\u652f\u6301\u8d85\u8fc7 4094 \u4e2a\u79df\u6237\uff0c\u5219 VLAN \u53ef\u80fd\u4e0d\u662f\u60a8\u7684\u6b63\u786e\u9009\u62e9\uff0c\u56e0\u4e3a\u9700\u8981\u591a\u4e2a\u201c\u9ed1\u5ba2\u201d\u624d\u80fd\u5c06 VLAN \u6807\u8bb0\u6269\u5c55\u5230\u8d85\u8fc7 4094 \u4e2a\u79df\u6237\u3002 L2 \u96a7\u9053 \u00b6 \u7f51\u7edc\u96a7\u9053\u4f7f\u7528\u552f\u4e00\u7684\u201ctunnel-id\u201d\u5c01\u88c5\u6bcf\u4e2a\u79df\u6237/\u7f51\u7edc\u7ec4\u5408\uff0c\u8be5 ID \u7528\u4e8e\u6807\u8bc6\u5c5e\u4e8e\u8be5\u7ec4\u5408\u7684\u7f51\u7edc\u6d41\u91cf\u3002\u79df\u6237\u7684 L2 \u7f51\u7edc\u8fde\u63a5\u4e0e\u7269\u7406\u4f4d\u7f6e\u6216\u57fa\u7840\u7f51\u7edc\u8bbe\u8ba1\u65e0\u5173\u3002\u901a\u8fc7\u5c06\u6d41\u91cf\u5c01\u88c5\u5728 IP \u6570\u636e\u5305\u4e2d\uff0c\u8be5\u6d41\u91cf\u53ef\u4ee5\u8de8\u8d8a\u7b2c 3 \u5c42\u8fb9\u754c\uff0c\u65e0\u9700\u9884\u914d\u7f6e VLAN \u548c VLAN \u4e2d\u7ee7\u3002\u96a7\u9053\u4e3a\u7f51\u7edc\u6570\u636e\u6d41\u91cf\u589e\u52a0\u4e86\u4e00\u5c42\u6df7\u6dc6\uff0c\u4ece\u76d1\u63a7\u7684\u89d2\u5ea6\u964d\u4f4e\u4e86\u5355\u4e2a\u79df\u6237\u6d41\u91cf\u7684\u53ef\u89c1\u6027\u3002 OpenStack Networking \u76ee\u524d\u652f\u6301 GRE \u548c VXLAN \u5c01\u88c5\u3002 \u63d0\u4f9b L2 \u9694\u79bb\u7684\u6280\u672f\u9009\u62e9\u53d6\u51b3\u4e8e\u5c06\u5728\u90e8\u7f72\u4e2d\u521b\u5efa\u7684\u79df\u6237\u7f51\u7edc\u7684\u8303\u56f4\u548c\u5927\u5c0f\u3002\u5982\u679c\u60a8\u7684\u73af\u5883\u7684 VLAN ID \u53ef\u7528\u6027\u6709\u9650\u6216\u5c06\u5177\u6709\u5927\u91cf L2 \u7f51\u7edc\uff0c\u6211\u4eec\u5efa\u8bae\u60a8\u4f7f\u7528\u96a7\u9053\u3002 \u7f51\u7edc\u670d\u52a1 \u00b6 \u79df\u6237\u7f51\u7edc\u9694\u79bb\u7684\u9009\u62e9\u4f1a\u5f71\u54cd\u79df\u6237\u670d\u52a1\u7684\u7f51\u7edc\u5b89\u5168\u548c\u63a7\u5236\u8fb9\u754c\u7684\u5b9e\u73b0\u65b9\u5f0f\u3002\u4ee5\u4e0b\u9644\u52a0\u7f51\u7edc\u670d\u52a1\u5df2\u7ecf\u53ef\u7528\u6216\u76ee\u524d\u6b63\u5728\u5f00\u53d1\u4e2d\uff0c\u4ee5\u589e\u5f3a OpenStack \u7f51\u7edc\u67b6\u6784\u7684\u5b89\u5168\u6001\u52bf\u3002 \u8bbf\u95ee\u63a7\u5236\u5217\u8868 \u00b6 OpenStack \u8ba1\u7b97\u5728\u4e0e\u65e7\u7248 nova-network \u670d\u52a1\u4e00\u8d77\u90e8\u7f72\u65f6\u76f4\u63a5\u652f\u6301\u79df\u6237\u7f51\u7edc\u6d41\u91cf\u8bbf\u95ee\u63a7\u5236\uff0c\u6216\u8005\u53ef\u4ee5\u5c06\u8bbf\u95ee\u63a7\u5236\u63a8\u8fdf\u5230 OpenStack Networking \u670d\u52a1\u3002 \u8bf7\u6ce8\u610f\uff0c\u65e7\u7248 nova-network \u5b89\u5168\u7ec4\u4f7f\u7528 iptables \u5e94\u7528\u4e8e\u5b9e\u4f8b\u4e0a\u7684\u6240\u6709\u865a\u62df\u63a5\u53e3\u7aef\u53e3\u3002 \u5b89\u5168\u7ec4\u5141\u8bb8\u7ba1\u7406\u5458\u548c\u79df\u6237\u6307\u5b9a\u6d41\u91cf\u7c7b\u578b\u4ee5\u53ca\u5141\u8bb8\u901a\u8fc7\u865a\u62df\u63a5\u53e3\u7aef\u53e3\u7684\u65b9\u5411\uff08\u5165\u53e3/\u51fa\u53e3\uff09\u3002\u5b89\u5168\u7ec4\u89c4\u5219\u662f\u6709\u72b6\u6001\u7684 L2-L4 \u6d41\u91cf\u8fc7\u6ee4\u5668\u3002 \u4f7f\u7528\u7f51\u7edc\u670d\u52a1\u65f6\uff0c\u5efa\u8bae\u5728\u6b64\u670d\u52a1\u4e2d\u542f\u7528\u5b89\u5168\u7ec4\uff0c\u5e76\u5728\u8ba1\u7b97\u670d\u52a1\u4e2d\u7981\u7528\u5b89\u5168\u7ec4\u3002 L3 \u8def\u7531\u548c NAT \u00b6 OpenStack Networking \u8def\u7531\u5668\u53ef\u4ee5\u8fde\u63a5\u591a\u4e2a L2 \u7f51\u7edc\uff0c\u5e76\u4e14\u8fd8\u53ef\u4ee5\u63d0\u4f9b\u8fde\u63a5\u4e00\u4e2a\u6216\u591a\u4e2a\u79c1\u6709 L2 \u7f51\u7edc\u5230\u5171\u4eab\u5916\u90e8\u7f51\u7edc\uff08\u4f8b\u5982\u7528\u4e8e\u8bbf\u95ee\u4e92\u8054\u7f51\u7684\u516c\u5171\u7f51\u7edc\uff09\u7684\u7f51\u5173\u3002 L3 \u8def\u7531\u5668\u5728\u5c06\u8def\u7531\u5668\u4e0a\u884c\u94fe\u8def\u5230\u5916\u90e8\u7f51\u7edc\u7684\u7f51\u5173\u7aef\u53e3\u4e0a\u63d0\u4f9b\u57fa\u672c\u7684\u7f51\u7edc\u5730\u5740\u8f6c\u6362 \uff08NAT\uff09 \u529f\u80fd\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u6b64\u8def\u7531\u5668\u4f1a SNAT\uff08\u9759\u6001 NAT\uff09\u6240\u6709\u6d41\u91cf\uff0c\u5e76\u652f\u6301\u6d6e\u52a8 IP\uff0c\u8fd9\u4f1a\u521b\u5efa\u4ece\u5916\u90e8\u7f51\u7edc\u4e0a\u7684\u516c\u5171 IP \u5230\u8fde\u63a5\u5230\u8def\u7531\u5668\u7684\u5176\u4ed6\u5b50\u7f51\u4e0a\u7684\u4e13\u7528 IP \u7684\u9759\u6001\u4e00\u5bf9\u4e00\u6620\u5c04\u3002 \u6211\u4eec\u5efa\u8bae\u5229\u7528\u6bcf\u4e2a\u79df\u6237\u7684 L3 \u8def\u7531\u548c\u6d6e\u52a8 IP \u6765\u5b9e\u73b0\u79df\u6237 VM \u7684\u66f4\u7cbe\u7ec6\u8fde\u63a5\u3002 \u670d\u52a1\u8d28\u91cf \uff08QoS\uff09 \u00b6 \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u670d\u52a1\u8d28\u91cf \uff08QoS\uff09 \u7b56\u7565\u548c\u89c4\u5219\u7531\u4e91\u7ba1\u7406\u5458\u7ba1\u7406\uff0c\u8fd9\u4f1a\u5bfc\u81f4\u79df\u6237\u65e0\u6cd5\u521b\u5efa\u7279\u5b9a\u7684 QoS \u89c4\u5219\uff0c\u4e5f\u65e0\u6cd5\u5c06\u7279\u5b9a\u7aef\u53e3\u9644\u52a0\u5230\u7b56\u7565\u3002\u5728\u67d0\u4e9b\u7528\u4f8b\u4e2d\uff0c\u4f8b\u5982\u67d0\u4e9b\u7535\u4fe1\u5e94\u7528\u7a0b\u5e8f\uff0c\u7ba1\u7406\u5458\u53ef\u80fd\u4fe1\u4efb\u79df\u6237\uff0c\u56e0\u6b64\u5141\u8bb8\u4ed6\u4eec\u521b\u5efa\u81ea\u5df1\u7684\u7b56\u7565\u5e76\u5c06\u5176\u9644\u52a0\u5230\u7aef\u53e3\u3002\u8fd9\u53ef\u4ee5\u901a\u8fc7\u4fee\u6539 policy.json \u6587\u4ef6\u548c\u7279\u5b9a\u6587\u6863\u6765\u5b9e\u73b0\u3002\u5c06\u4e0e\u6269\u5c55\u4e00\u8d77\u53d1\u5e03\u3002 \u7f51\u7edc\u670d\u52a1 \uff08neutron\uff09 \u652f\u6301 Liberty \u53ca\u66f4\u9ad8\u7248\u672c\u4e2d\u7684\u5e26\u5bbd\u9650\u5236 QoS \u89c4\u5219\u3002\u6b64 QoS \u89c4\u5219\u5df2\u547d\u540d QosBandwidthLimitRule \uff0c\u5b83\u63a5\u53d7\u4e24\u4e2a\u975e\u8d1f\u6574\u6570\uff0c\u4ee5\u5343\u6bd4\u7279/\u79d2\u4e3a\u5355\u4f4d\uff1a max-kbps \uff1a\u5e26\u5bbd max-burst-kbps \uff1a\u7a81\u53d1\u7f13\u51b2\u533a \u5df2 QoSBandwidthLimitRule \u5728 neutron Open vSwitch\u3001Linux \u7f51\u6865\u548c\u5355\u6839\u8f93\u5165/\u8f93\u51fa\u865a\u62df\u5316 \uff08SR-IOV\uff09 \u9a71\u52a8\u7a0b\u5e8f\u4e2d\u5b9e\u73b0\u3002 \u5728 Newton \u4e2d\uff0c\u6dfb\u52a0\u4e86 QoS \u89c4\u5219 QosDscpMarkingRule \u3002\u6b64\u89c4\u5219\u5728 IPv4 \uff08RFC 2474\uff09 \u4e0a\u7684\u670d\u52a1\u6807\u5934\u7c7b\u578b\u548c IPv6 \u4e0a\u7684\u6d41\u91cf\u7c7b\u6807\u5934\u4e2d\u6807\u8bb0\u5dee\u5206\u670d\u52a1\u4ee3\u7801\u70b9 \uff08DSCP\uff09 \u503c\uff0c\u8fd9\u4e9b\u503c\u9002\u7528\u4e8e\u5e94\u7528\u89c4\u5219\u7684\u865a\u62df\u673a\u7684\u6240\u6709\u6d41\u91cf\u3002\u8fd9\u662f\u4e00\u4e2a 6 \u4f4d\u6807\u5934\uff0c\u5177\u6709 21 \u4e2a\u6709\u6548\u503c\uff0c\u8868\u793a\u6570\u636e\u5305\u5728\u9047\u5230\u62e5\u585e\u65f6\u7a7f\u8fc7\u7f51\u7edc\u65f6\u7684\u4e22\u5f03\u4f18\u5148\u7ea7\u3002\u9632\u706b\u5899\u8fd8\u53ef\u4ee5\u4f7f\u7528\u5b83\u6765\u5c06\u6709\u6548\u6216\u65e0\u6548\u6d41\u91cf\u4e0e\u5176\u8bbf\u95ee\u63a7\u5236\u5217\u8868\u8fdb\u884c\u5339\u914d\u3002 \u7aef\u53e3\u955c\u50cf\u670d\u52a1\u6d89\u53ca\u5c06\u8fdb\u5165\u6216\u79bb\u5f00\u4e00\u4e2a\u7aef\u53e3\u7684\u6570\u636e\u5305\u526f\u672c\u53d1\u9001\u5230\u53e6\u4e00\u4e2a\u7aef\u53e3\uff0c\u8be5\u7aef\u53e3\u901a\u5e38\u4e0e\u88ab\u955c\u50cf\u6570\u636e\u5305\u7684\u539f\u59cb\u76ee\u7684\u5730\u4e0d\u540c\u3002Tap-as-a-Service \uff08TaaS\uff09 \u662f OpenStack \u7f51\u7edc\u670d\u52a1 \uff08neutron\uff09 \u7684\u6269\u5c55\u3002\u5b83\u4e3a\u79df\u6237\u865a\u62df\u7f51\u7edc\u63d0\u4f9b\u8fdc\u7a0b\u7aef\u53e3\u955c\u50cf\u529f\u80fd\u3002\u6b64\u670d\u52a1\u4e3b\u8981\u65e8\u5728\u5e2e\u52a9\u79df\u6237\uff08\u6216\u4e91\u7ba1\u7406\u5458\uff09\u8c03\u8bd5\u590d\u6742\u7684\u865a\u62df\u7f51\u7edc\uff0c\u5e76\u901a\u8fc7\u76d1\u89c6\u4e0e\u5176\u5173\u8054\u7684\u7f51\u7edc\u6d41\u91cf\u6765\u4e86\u89e3\u5176 VM\u3002TaaS \u9075\u5faa\u79df\u6237\u8fb9\u754c\uff0c\u5176\u955c\u50cf\u4f1a\u8bdd\u80fd\u591f\u8de8\u8d8a\u591a\u4e2a\u8ba1\u7b97\u548c\u7f51\u7edc\u8282\u70b9\u3002\u5b83\u662f\u4e00\u4e2a\u5fc5\u4e0d\u53ef\u5c11\u7684\u57fa\u7840\u8bbe\u65bd\u7ec4\u4ef6\uff0c\u53ef\u7528\u4e8e\u5411\u5404\u79cd\u7f51\u7edc\u5206\u6790\u548c\u5b89\u5168\u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u6570\u636e\u3002 \u8d1f\u8f7d\u5747\u8861 \u00b6 OpenStack Networking \u7684\u53e6\u4e00\u4e2a\u7279\u6027\u662f\u8d1f\u8f7d\u5747\u8861\u5668\u5373\u670d\u52a1 \uff08LBaaS\uff09\u3002LBaaS \u53c2\u8003\u5b9e\u73b0\u57fa\u4e8e HA-Proxy\u3002OpenStack Networking \u4e2d\u7684\u6269\u5c55\u6b63\u5728\u5f00\u53d1\u7b2c\u4e09\u65b9\u63d2\u4ef6\uff0c\u4ee5\u4fbf\u4e3a\u865a\u62df\u63a5\u53e3\u7aef\u53e3\u63d0\u4f9b\u5e7f\u6cdb\u7684 L4-L7 \u529f\u80fd\u3002 \u9632\u706b\u5899 \u00b6 FW-as-a-Service\uff08FWaaS\uff09\u88ab\u8ba4\u4e3a\u662fOpenStack Networking\u7684Kilo\u7248\u672c\u7684\u5b9e\u9a8c\u6027\u529f\u80fd\u3002FWaaS \u6ee1\u8db3\u4e86\u7ba1\u7406\u548c\u5229\u7528\u5178\u578b\u9632\u706b\u5899\u4ea7\u54c1\u63d0\u4f9b\u7684\u4e30\u5bcc\u5b89\u5168\u529f\u80fd\u7684\u9700\u6c42\uff0c\u8fd9\u4e9b\u4ea7\u54c1\u901a\u5e38\u6bd4\u5f53\u524d\u5b89\u5168\u7ec4\u63d0\u4f9b\u7684\u8981\u5168\u9762\u5f97\u591a\u3002\u98de\u601d\u5361\u5c14\u548c\u82f1\u7279\u5c14\u90fd\u5f00\u53d1\u4e86\u7b2c\u4e09\u65b9\u63d2\u4ef6\u4f5c\u4e3aOpenStack Networking\u7684\u6269\u5c55\uff0c\u4ee5\u5728Kilo\u7248\u672c\u4e2d\u652f\u6301\u6b64\u7ec4\u4ef6\u3002\u6709\u5173 FWaaS \u7ba1\u7406\u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u300aOpenStack \u7ba1\u7406\u5458\u6307\u5357\u300b\u4e2d\u7684\u9632\u706b\u5899\u5373\u670d\u52a1 \uff08FWaaS\uff09 \u6982\u8ff0\u3002 \u5728\u8bbe\u8ba1 OpenStack Networking \u57fa\u7840\u67b6\u6784\u65f6\uff0c\u4e86\u89e3\u53ef\u7528\u7f51\u7edc\u670d\u52a1\u7684\u5f53\u524d\u7279\u6027\u548c\u5c40\u9650\u6027\u975e\u5e38\u91cd\u8981\u3002\u4e86\u89e3\u865a\u62df\u7f51\u7edc\u548c\u7269\u7406\u7f51\u7edc\u7684\u8fb9\u754c\u5c06\u6709\u52a9\u4e8e\u5728\u60a8\u7684\u73af\u5883\u4e2d\u6dfb\u52a0\u6240\u9700\u7684\u5b89\u5168\u63a7\u4ef6\u3002 \u7f51\u7edc\u670d\u52a1\u6269\u5c55 \u00b6 \u5f00\u6e90\u793e\u533a\u6216\u4f7f\u7528 OpenStack Networking \u7684 SDN \u516c\u53f8\u63d0\u4f9b\u7684\u5df2\u77e5\u63d2\u4ef6\u5217\u8868\u53ef\u5728 OpenStack neutron \u63d2\u4ef6\u548c\u9a71\u52a8\u7a0b\u5e8f wiki \u9875\u9762\u4e0a\u627e\u5230\u3002 \u7f51\u7edc\u670d\u52a1\u9650\u5236 \u00b6 OpenStack Networking \u5177\u6709\u4ee5\u4e0b\u5df2\u77e5\u9650\u5236\uff1a \u91cd\u53e0\u7684 IP \u5730\u5740 \u5982\u679c\u8fd0\u884c neutron-l3-agent \u6216 neutron-dhcp-agent \u7684\u8282\u70b9\u4f7f\u7528\u91cd\u53e0\u7684 IP \u5730\u5740\uff0c\u5219\u8fd9\u4e9b\u8282\u70b9\u5fc5\u987b\u4f7f\u7528 Linux \u7f51\u7edc\u547d\u540d\u7a7a\u95f4\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0cDHCP \u548c L3 \u4ee3\u7406\u4f7f\u7528 Linux \u7f51\u7edc\u547d\u540d\u7a7a\u95f4\uff0c\u5e76\u5728\u5404\u81ea\u7684\u547d\u540d\u7a7a\u95f4\u4e2d\u8fd0\u884c\u3002\u4f46\u662f\uff0c\u5982\u679c\u4e3b\u673a\u4e0d\u652f\u6301\u591a\u4e2a\u547d\u540d\u7a7a\u95f4\uff0c\u5219 DHCP \u548c L3 \u4ee3\u7406\u5e94\u5728\u4e0d\u540c\u7684\u4e3b\u673a\u4e0a\u8fd0\u884c\u3002\u8fd9\u662f\u56e0\u4e3a L3 \u4ee3\u7406\u548c DHCP \u4ee3\u7406\u521b\u5efa\u7684 IP \u5730\u5740\u4e4b\u95f4\u6ca1\u6709\u9694\u79bb\u3002 \u5982\u679c\u4e0d\u5b58\u5728\u7f51\u7edc\u547d\u540d\u7a7a\u95f4\u652f\u6301\uff0c\u5219 L3 \u4ee3\u7406\u7684\u53e6\u4e00\u4e2a\u9650\u5236\u662f\u4ec5\u652f\u6301\u5355\u4e2a\u903b\u8f91\u8def\u7531\u5668\u3002 \u591a\u4e3b\u673a DHCP \u4ee3\u7406 OpenStack Networking \u652f\u6301\u591a\u4e2a\u5177\u6709\u8d1f\u8f7d\u5747\u8861\u529f\u80fd\u7684 L3 \u548c DHCP \u4ee3\u7406\u3002\u4f46\u662f\uff0c\u4e0d\u652f\u6301\u865a\u62df\u673a\u4f4d\u7f6e\u7684\u7d27\u5bc6\u8026\u5408\u3002\u6362\u8a00\u4e4b\uff0c\u5728\u521b\u5efa\u865a\u62df\u673a\u65f6\uff0c\u9ed8\u8ba4\u865a\u62df\u673a\u8c03\u5ea6\u7a0b\u5e8f\u4e0d\u4f1a\u8003\u8651\u4ee3\u7406\u7684\u4f4d\u7f6e\u3002 L3 \u4ee3\u7406\u4e0d\u652f\u6301 IPv6 neutron-l3-agent \u88ab\u8bb8\u591a\u63d2\u4ef6\u7528\u4e8e\u5b9e\u73b0 L3 \u8f6c\u53d1\uff0c\u4ec5\u652f\u6301 IPv4 \u8f6c\u53d1\u3002 \u7f51\u7edc\u670d\u52a1\u5b89\u5168\u6700\u4f73\u505a\u6cd5 \u00b6 \u8981\u4fdd\u62a4 OpenStack Networking\uff0c\u60a8\u5fc5\u987b\u4e86\u89e3\u5982\u4f55\u5c06\u79df\u6237\u5b9e\u4f8b\u521b\u5efa\u7684\u5de5\u4f5c\u6d41\u8fc7\u7a0b\u6620\u5c04\u5230\u5b89\u5168\u57df\u3002 \u6709\u56db\u4e2a\u4e3b\u8981\u670d\u52a1\u4e0e OpenStack Networking \u4ea4\u4e92\u3002\u5728\u5178\u578b\u7684 OpenStack \u90e8\u7f72\u4e2d\uff0c\u8fd9\u4e9b\u670d\u52a1\u6620\u5c04\u5230\u4ee5\u4e0b\u5b89\u5168\u57df\uff1a OpenStack \u4eea\u8868\u677f\uff1a\u516c\u5171\u548c\u7ba1\u7406 OpenStack Identity\uff1a\u7ba1\u7406 OpenStack \u8ba1\u7b97\u8282\u70b9\uff1a\u7ba1\u7406\u548c\u5ba2\u6237\u7aef OpenStack \u7f51\u7edc\u8282\u70b9\uff1a\u7ba1\u7406\u3001\u5ba2\u6237\u7aef\uff0c\u4ee5\u53ca\u53ef\u80fd\u7684\u516c\u5171\u8282\u70b9\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u6b63\u5728\u4f7f\u7528\u7684 neutron-plugin\u3002 SDN \u670d\u52a1\u8282\u70b9\uff1a\u7ba1\u7406\u3001\u8bbf\u5ba2\u548c\u53ef\u80fd\u7684\u516c\u5171\u670d\u52a1\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u4f7f\u7528\u7684\u4ea7\u54c1\u3002 \u8981\u9694\u79bb OpenStack Networking \u670d\u52a1\u4e0e\u5176\u4ed6 OpenStack \u6838\u5fc3\u670d\u52a1\u4e4b\u95f4\u7684\u654f\u611f\u6570\u636e\u901a\u4fe1\uff0c\u8bf7\u5c06\u8fd9\u4e9b\u901a\u4fe1\u901a\u9053\u914d\u7f6e\u4e3a\u4ec5\u5141\u8bb8\u901a\u8fc7\u9694\u79bb\u7684\u7ba1\u7406\u7f51\u7edc\u8fdb\u884c\u901a\u4fe1\u3002 OpenStack Networking \u670d\u52a1\u914d\u7f6e \u00b6 \u9650\u5236 API \u670d\u52a1\u5668\u7684\u7ed1\u5b9a\u5730\u5740\uff1aneutron-server \u00b6 \u8981\u9650\u5236 OpenStack Networking API \u670d\u52a1\u4e3a\u4f20\u5165\u5ba2\u6237\u7aef\u8fde\u63a5\u7ed1\u5b9a\u7f51\u7edc\u5957\u63a5\u5b57\u7684\u63a5\u53e3\u6216 IP \u5730\u5740\uff0c\u8bf7\u5728 neutron.conf \u6587\u4ef6\u4e2d\u6307\u5b9a bind_host \u548c bind_port\uff0c\u5982\u4e0b\u6240\u793a\uff1a # Address to bind the API server bind_host = IP ADDRESS OF SERVER # Port the bind the API server to bind_port = 9696 \u9650\u5236 OpenStack Networking \u670d\u52a1\u7684 DB \u548c RPC \u901a\u4fe1 \u00b6 OpenStack Networking \u670d\u52a1\u7684\u5404\u79cd\u7ec4\u4ef6\u4f7f\u7528\u6d88\u606f\u961f\u5217\u6216\u6570\u636e\u5e93\u8fde\u63a5\u4e0e OpenStack Networking \u4e2d\u7684\u5176\u4ed6\u7ec4\u4ef6\u8fdb\u884c\u901a\u4fe1\u3002 \u5bf9\u4e8e\u9700\u8981\u76f4\u63a5\u6570\u636e\u5e93\u8fde\u63a5\u7684\u6240\u6709\u7ec4\u4ef6\uff0c\u5efa\u8bae\u60a8\u9075\u5faa\u6570\u636e\u5e93\u8eab\u4efd\u9a8c\u8bc1\u548c\u8bbf\u95ee\u63a7\u5236\u4e2d\u63d0\u4f9b\u7684\u51c6\u5219\u3002 \u5efa\u8bae\u60a8\u9075\u5faa\u961f\u5217\u8eab\u4efd\u9a8c\u8bc1\u548c\u8bbf\u95ee\u63a7\u5236\u4e2d\u63d0\u4f9b\u7684\u51c6\u5219\uff0c\u9002\u7528\u4e8e\u9700\u8981 RPC \u901a\u4fe1\u7684\u6240\u6709\u7ec4\u4ef6\u3002 \u4fdd\u62a4 OpenStack \u7f51\u7edc\u670d\u52a1 \u00b6 \u672c\u8282\u8ba8\u8bba OpenStack Networking \u914d\u7f6e\u6700\u4f73\u5b9e\u8df5\uff0c\u56e0\u4e3a\u5b83\u4eec\u9002\u7528\u4e8e OpenStack \u90e8\u7f72\u4e2d\u7684\u9879\u76ee\u7f51\u7edc\u5b89\u5168\u3002 \u9879\u76ee\u7f51\u7edc\u670d\u52a1\u5de5\u4f5c\u6d41 \u00b6 OpenStack Networking \u4e3a\u7528\u6237\u63d0\u4f9b\u7f51\u7edc\u8d44\u6e90\u548c\u914d\u7f6e\u7684\u81ea\u52a9\u670d\u52a1\u3002\u4e91\u67b6\u6784\u5e08\u548c\u8fd0\u7ef4\u4eba\u5458\u5fc5\u987b\u8bc4\u4f30\u5176\u8bbe\u8ba1\u7528\u4f8b\uff0c\u4ee5\u4fbf\u4e3a\u7528\u6237\u63d0\u4f9b\u521b\u5efa\u3001\u66f4\u65b0\u548c\u9500\u6bc1\u53ef\u7528\u7f51\u7edc\u8d44\u6e90\u7684\u80fd\u529b\u3002 \u7f51\u7edc\u8d44\u6e90\u7b56\u7565\u5f15\u64ce \u00b6 OpenStack Networking \u4e2d\u7684\u7b56\u7565\u5f15\u64ce\u53ca\u5176\u914d\u7f6e\u6587\u4ef6 policy.json \u63d0\u4f9b\u4e86\u4e00\u79cd\u65b9\u6cd5\uff0c\u53ef\u4ee5\u5bf9\u7528\u6237\u5728\u9879\u76ee\u7f51\u7edc\u65b9\u6cd5\u548c\u5bf9\u8c61\u4e0a\u63d0\u4f9b\u66f4\u7ec6\u7c92\u5ea6\u7684\u6388\u6743\u3002OpenStack Networking \u7b56\u7565\u5b9a\u4e49\u4f1a\u5f71\u54cd\u7f51\u7edc\u53ef\u7528\u6027\u3001\u7f51\u7edc\u5b89\u5168\u548c\u6574\u4f53 OpenStack \u5b89\u5168\u6027\u3002\u4e91\u67b6\u6784\u5e08\u548c\u8fd0\u7ef4\u4eba\u5458\u5e94\u4ed4\u7ec6\u8bc4\u4f30\u5176\u5bf9\u7528\u6237\u548c\u9879\u76ee\u8bbf\u95ee\u7f51\u7edc\u8d44\u6e90\u7ba1\u7406\u7684\u7b56\u7565\u3002\u6709\u5173 OpenStack Networking \u7b56\u7565\u5b9a\u4e49\u7684\u66f4\u8be6\u7ec6\u8bf4\u660e\uff0c\u8bf7\u53c2\u9605\u300aOpenStack \u7ba1\u7406\u5458\u6307\u5357\u300b\u4e2d\u7684\u201c\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743\u201d\u90e8\u5206\u3002 \u6ce8\u610f \u8bf7\u52a1\u5fc5\u67e5\u770b\u9ed8\u8ba4\u7f51\u7edc\u8d44\u6e90\u7b56\u7565\uff0c\u56e0\u4e3a\u53ef\u4ee5\u4fee\u6539\u6b64\u7b56\u7565\u4ee5\u9002\u5408\u60a8\u7684\u5b89\u5168\u72b6\u51b5\u3002 \u5982\u679c\u60a8\u7684 OpenStack \u90e8\u7f72\u4e3a\u4e0d\u540c\u7684\u5b89\u5168\u57df\u63d0\u4f9b\u4e86\u591a\u4e2a\u5916\u90e8\u8bbf\u95ee\u70b9\uff0c\u90a3\u4e48\u9650\u5236\u9879\u76ee\u5c06\u591a\u4e2a vNIC \u8fde\u63a5\u5230\u591a\u4e2a\u5916\u90e8\u8bbf\u95ee\u70b9\u7684\u80fd\u529b\u975e\u5e38\u91cd\u8981\uff0c\u8fd9\u5c06\u6865\u63a5\u8fd9\u4e9b\u5b89\u5168\u57df\uff0c\u5e76\u53ef\u80fd\u5bfc\u81f4\u4e0d\u53ef\u9884\u89c1\u7684\u5b89\u5168\u5371\u5bb3\u3002\u901a\u8fc7\u5229\u7528 OpenStack Compute \u63d0\u4f9b\u7684\u4e3b\u673a\u805a\u5408\u529f\u80fd\uff0c\u6216\u8005\u5c06\u9879\u76ee\u865a\u62df\u673a\u62c6\u5206\u4e3a\u5177\u6709\u4e0d\u540c\u865a\u62df\u7f51\u7edc\u914d\u7f6e\u7684\u591a\u4e2a\u9879\u76ee\u9879\u76ee\uff0c\u53ef\u4ee5\u964d\u4f4e\u8fd9\u79cd\u98ce\u9669\u3002 \u5b89\u5168\u7ec4 \u00b6 OpenStack Networking \u670d\u52a1\u4f7f\u7528\u6bd4 OpenStack Compute \u4e2d\u5185\u7f6e\u7684\u5b89\u5168\u7ec4\u529f\u80fd\u66f4\u7075\u6d3b\u3001\u66f4\u5f3a\u5927\u7684\u673a\u5236\u63d0\u4f9b\u5b89\u5168\u7ec4\u529f\u80fd\u3002\u56e0\u6b64\uff0c\u5728\u4f7f\u7528 OpenStack Network \u65f6\uff0c\u5e94\u59cb\u7ec8\u7981\u7528\u5185\u7f6e\u5b89\u5168\u7ec4\uff0c nova.conf \u5e76\u5c06\u6240\u6709\u5b89\u5168\u7ec4\u8c03\u7528\u4ee3\u7406\u5230 OpenStack Networking API\u3002\u5982\u679c\u4e0d\u8fd9\u6837\u505a\uff0c\u5c06\u5bfc\u81f4\u4e24\u4e2a\u670d\u52a1\u540c\u65f6\u5e94\u7528\u51b2\u7a81\u7684\u5b89\u5168\u7b56\u7565\u3002\u8981\u5c06\u5b89\u5168\u7ec4\u4ee3\u7406\u5230 OpenStack Networking\uff0c\u8bf7\u4f7f\u7528\u4ee5\u4e0b\u914d\u7f6e\u503c\uff1a firewall_driver \u5fc5\u987b\u8bbe\u7f6e\u4e3a nova.virt.firewall.NoopFirewallDriver \uff0c\u4ee5\u4fbf nova-compute \u672c\u8eab\u4e0d\u6267\u884c\u57fa\u4e8e iptables \u7684\u8fc7\u6ee4\u3002 security_group_api \u5fc5\u987b\u8bbe\u7f6e\u4e3a neutron \u4ee5\u4fbf\u5c06\u6240\u6709\u5b89\u5168\u7ec4\u8bf7\u6c42\u4ee3\u7406\u5230 OpenStack Networking \u670d\u52a1\u3002 \u5b89\u5168\u7ec4\u662f\u5b89\u5168\u7ec4\u89c4\u5219\u7684\u5bb9\u5668\u3002\u5b89\u5168\u7ec4\u53ca\u5176\u89c4\u5219\u5141\u8bb8\u7ba1\u7406\u5458\u548c\u9879\u76ee\u6307\u5b9a\u5141\u8bb8\u901a\u8fc7\u865a\u62df\u63a5\u53e3\u7aef\u53e3\u7684\u6d41\u91cf\u7c7b\u578b\u548c\u65b9\u5411\uff08\u5165\u53e3/\u51fa\u53e3\uff09\u3002\u5728 OpenStack Networking \u4e2d\u521b\u5efa\u865a\u62df\u63a5\u53e3\u7aef\u53e3\u65f6\uff0c\u8be5\u7aef\u53e3\u4e0e\u5b89\u5168\u7ec4\u76f8\u5173\u8054\u3002\u6709\u5173\u7aef\u53e3\u5b89\u5168\u7ec4\u9ed8\u8ba4\u884c\u4e3a\u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u7f51\u7edc\u5b89\u5168\u7ec4\u884c\u4e3a\u6587\u6863\u3002\u53ef\u4ee5\u5c06\u89c4\u5219\u6dfb\u52a0\u5230\u9ed8\u8ba4\u5b89\u5168\u7ec4\uff0c\u4ee5\u4fbf\u6839\u636e\u6bcf\u4e2a\u90e8\u7f72\u66f4\u6539\u884c\u4e3a\u3002 \u4f7f\u7528 OpenStack Compute API \u4fee\u6539\u5b89\u5168\u7ec4\u65f6\uff0c\u66f4\u65b0\u540e\u7684\u5b89\u5168\u7ec4\u5c06\u5e94\u7528\u4e8e\u5b9e\u4f8b\u4e0a\u7684\u6240\u6709\u865a\u62df\u63a5\u53e3\u7aef\u53e3\u3002\u8fd9\u662f\u56e0\u4e3a OpenStack Compute \u5b89\u5168\u7ec4 API \u662f\u57fa\u4e8e\u5b9e\u4f8b\u7684\uff0c\u800c\u4e0d\u662f\u57fa\u4e8e\u7aef\u53e3\u7684\uff0c\u5982 OpenStack Networking \u4e2d\u6240\u793a\u3002 \u914d\u989d \u00b6 \u914d\u989d\u63d0\u4f9b\u4e86\u9650\u5236\u9879\u76ee\u53ef\u7528\u7684\u7f51\u7edc\u8d44\u6e90\u6570\u91cf\u7684\u529f\u80fd\u3002\u60a8\u53ef\u4ee5\u5bf9\u6240\u6709\u9879\u76ee\u5f3a\u5236\u5b9e\u65bd\u9ed8\u8ba4\u914d\u989d\u3002\u5305\u62ec /etc/neutron/neutron.conf \u4ee5\u4e0b\u914d\u989d\u9009\u9879\uff1a [QUOTAS] # resource name(s) that are supported in quota features quota_items = network,subnet,port # default number of resource allowed per tenant, minus for unlimited #default_quota = -1 # number of networks allowed per tenant, and minus means unlimited quota_network = 10 # number of subnets allowed per tenant, and minus means unlimited quota_subnet = 10 # number of ports allowed per tenant, and minus means unlimited quota_port = 50 # number of security groups allowed per tenant, and minus means unlimited quota_security_group = 10 # number of security group rules allowed per tenant, and minus means unlimited quota_security_group_rule = 100 # default driver to use for quota checks quota_driver = neutron.quota.ConfDriver OpenStack Networking \u8fd8\u901a\u8fc7\u914d\u989d\u6269\u5c55 API \u652f\u6301\u6bcf\u4e2a\u9879\u76ee\u7684\u914d\u989d\u9650\u5236\u3002\u8981\u542f\u7528\u6bcf\u4e2a\u9879\u76ee\u7684\u914d\u989d\uff0c\u5fc5\u987b\u5728 \u4e2d\u8bbe\u7f6e\u9009\u9879 quota_driver neutron.conf \u3002 quota_driver = neutron.db.quota.driver.DbQuotaDriver \u7f13\u89e3 ARP \u6b3a\u9a97 \u00b6 \u4f7f\u7528\u6241\u5e73\u7f51\u7edc\u65f6\uff0c\u4e0d\u80fd\u5047\u5b9a\u5171\u4eab\u540c\u4e00\u7b2c 2 \u5c42\u7f51\u7edc\uff08\u6216\u5e7f\u64ad\u57df\uff09\u7684\u9879\u76ee\u5f7c\u6b64\u5b8c\u5168\u9694\u79bb\u3002\u8fd9\u4e9b\u9879\u76ee\u53ef\u80fd\u5bb9\u6613\u53d7\u5230 ARP \u6b3a\u9a97\u7684\u653b\u51fb\uff0c\u4ece\u800c\u6709\u53ef\u80fd\u906d\u53d7\u4e2d\u95f4\u4eba\u653b\u51fb\u3002 \u5982\u679c\u4f7f\u7528\u652f\u6301 ARP \u5b57\u6bb5\u5339\u914d\u7684 Open vSwitch \u7248\u672c\uff0c\u5219\u53ef\u4ee5\u901a\u8fc7\u542f\u7528 Open vSwitch \u4ee3\u7406 prevent_arp_spoofing \u9009\u9879\u6765\u5e2e\u52a9\u964d\u4f4e\u6b64\u98ce\u9669\u3002\u6b64\u9009\u9879\u53ef\u9632\u6b62\u5b9e\u4f8b\u6267\u884c\u6b3a\u9a97\u653b\u51fb;\u5b83\u4e0d\u80fd\u4fdd\u62a4\u4ed6\u4eec\u514d\u53d7\u6b3a\u9a97\u653b\u51fb\u3002\u8bf7\u6ce8\u610f\uff0c\u6b64\u8bbe\u7f6e\u9884\u8ba1\u5c06\u5728 Ocata \u4e2d\u5220\u9664\uff0c\u8be5\u884c\u4e3a\u5c06\u6c38\u4e45\u5904\u4e8e\u6d3b\u52a8\u72b6\u6001\u3002 \u4f8b\u5982\uff0c\u5728 /etc/neutron/plugins/ml2/openvswitch_agent.ini \uff1a prevent_arp_spoofing = True \u9664 Open vSwitch \u5916\uff0c\u5176\u4ed6\u63d2\u4ef6\u4e5f\u53ef\u80fd\u5305\u542b\u7c7b\u4f3c\u7684\u7f13\u89e3\u63aa\u65bd;\u5efa\u8bae\u60a8\u5728\u9002\u5f53\u7684\u60c5\u51b5\u4e0b\u542f\u7528\u6b64\u529f\u80fd\u3002 \u6ce8\u610f \u5373\u4f7f\u542f\u7528 `prevent_arp_spoofing` \u4e86\u6241\u5e73\u7f51\u7edc\uff0c\u4e5f\u65e0\u6cd5\u63d0\u4f9b\u5b8c\u6574\u7684\u9879\u76ee\u9694\u79bb\u7ea7\u522b\uff0c\u56e0\u4e3a\u6240\u6709\u9879\u76ee\u6d41\u91cf\u4ecd\u4f1a\u53d1\u9001\u5230\u540c\u4e00 VLAN\u3002 \u68c0\u67e5\u8868 \u00b6 Check-Neutron-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/neutron\uff1f \u00b6 \u914d\u7f6e\u6587\u4ef6\u5305\u542b\u7ec4\u4ef6\u5e73\u7a33\u8fd0\u884c\u6240\u9700\u7684\u5173\u952e\u53c2\u6570\u548c\u4fe1\u606f\u3002\u5982\u679c\u975e\u7279\u6743\u7528\u6237\u6709\u610f\u6216\u65e0\u610f\u5730\u4fee\u6539\u6216\u5220\u9664\u4efb\u4f55\u53c2\u6570\u6216\u6587\u4ef6\u672c\u8eab\uff0c\u5219\u4f1a\u5bfc\u81f4\u4e25\u91cd\u7684\u53ef\u7528\u6027\u95ee\u9898\uff0c\u4ece\u800c\u5bfc\u81f4\u5bf9\u5176\u4ed6\u6700\u7ec8\u7528\u6237\u7684\u62d2\u7edd\u670d\u52a1\u3002\u56e0\u6b64\uff0c\u6b64\u7c7b\u5173\u952e\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a root\uff0c\u7ec4\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a neutron\u3002\u6b64\u5916\uff0c\u5305\u542b\u76ee\u5f55\u5e94\u5177\u6709\u76f8\u540c\u7684\u6240\u6709\u6743\uff0c\u4ee5\u786e\u4fdd\u6b63\u786e\u62e5\u6709\u65b0\u6587\u4ef6\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%U %G\" /etc/neutron/neutron.conf | egrep \"root neutron\" $ stat -L -c \"%U %G\" /etc/neutron/api-paste.ini | egrep \"root neutron\" $ stat -L -c \"%U %G\" /etc/neutron/policy.json | egrep \"root neutron\" $ stat -L -c \"%U %G\" /etc/neutron/rootwrap.conf | egrep \"root neutron\" $ stat -L -c \"%U %G\" /etc/neutron | egrep \"root neutron\" \u901a\u8fc7\uff1a\u5982\u679c\u6240\u6709\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u5206\u522b\u8bbe\u7f6e\u4e3a root \u548c neutron\u3002\u4e0a\u9762\u7684\u547d\u4ee4\u663e\u793a\u4e86\u6839\u4e2d\u5b50\u7684\u8f93\u51fa\u3002 \u5931\u8d25\uff1a\u5982\u679c\u4e0a\u8ff0\u547d\u4ee4\u672a\u8fd4\u56de\u4efb\u4f55\u8f93\u51fa\uff0c\u56e0\u4e3a\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u53ef\u80fd\u5df2\u8bbe\u7f6e\u4e3a\u9664 root \u4ee5\u5916\u7684\u4efb\u4f55\u7528\u6237\u6216\u9664 neutron \u4ee5\u5916\u7684\u4efb\u4f55\u7ec4\u3002 Check-Neutron-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f \u00b6 \u4e0e\u524d\u9762\u7684\u68c0\u67e5\u7c7b\u4f3c\uff0c\u5efa\u8bae\u5bf9\u6b64\u7c7b\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e25\u683c\u7684\u8bbf\u95ee\u6743\u9650\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%a\" /etc/neutron/neutron.conf $ stat -L -c \"%a\" /etc/neutron/api-paste.ini $ stat -L -c \"%a\" /etc/neutron/policy.json $ stat -L -c \"%a\" /etc/neutron/rootwrap.conf $ stat -L -c \"%a\" /etc/neutron \u8fd8\u53ef\u4ee5\u8fdb\u884c\u66f4\u5e7f\u6cdb\u7684\u9650\u5236\uff1a\u5982\u679c\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\uff0c\u5219\u4fdd\u8bc1\u6b64\u76ee\u5f55\u4e2d\u65b0\u521b\u5efa\u7684\u6587\u4ef6\u5177\u6709\u6240\u9700\u7684\u6743\u9650\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u6743\u9650\u8bbe\u7f6e\u4e3a 640 \u6216\u66f4\u4e25\u683c\uff0c\u6216\u8005\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\u3002640 \u7684\u6743\u9650\u8f6c\u6362\u4e3a\u6240\u6709\u8005 r/w\u3001\u7ec4 r\uff0c\u800c\u5bf9\u5176\u4ed6\u4eba\u6ca1\u6709\u6743\u9650\uff0c\u5373\u201cu=rw\uff0cg=r\uff0co=\u201d\u3002 \u8bf7\u6ce8\u610f\uff0c\u4f7f\u7528 Check-Neutron-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/neutron\uff1f\u6743\u9650\u8bbe\u7f6e\u4e3a 640\uff0croot \u5177\u6709\u8bfb/\u5199\u8bbf\u95ee\u6743\u9650\uff0cneutron \u5177\u6709\u5bf9\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u8bfb\u53d6\u8bbf\u95ee\u6743\u9650\u3002\u4e5f\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u9a8c\u8bc1\u8bbf\u95ee\u6743\u9650\u3002\u4ec5\u5f53\u6b64\u547d\u4ee4\u652f\u6301 ACL \u65f6\uff0c\u5b83\u624d\u5728\u60a8\u7684\u7cfb\u7edf\u4e0a\u53ef\u7528\u3002 $ getfacl --tabular -a /etc/neutron/neutron.conf getfacl: Removing leading '/' from absolute path names # file: etc/neutron/neutron.conf USER root rw- GROUP neutron r-- mask r-- other --- \u5931\u8d25\uff1a\u5982\u679c\u6743\u9650\u6ca1\u6709\u8bbe\u7f6e\u81f3\u5c11\u4e3a640\u3002 Check-Neutron-03\uff1aKeystone\u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f \u00b6 \u6ce8\u610f \u6b64\u9879\u4ec5\u9002\u7528\u4e8e OpenStack \u7248\u672c Rocky \u53ca\u4e4b\u524d\u7248\u672c\uff0c\u56e0\u4e3a `auth_strategy` Stein \u4e2d\u5df2\u5f03\u7528\u3002 OpenStack \u652f\u6301\u5404\u79cd\u8eab\u4efd\u9a8c\u8bc1\u7b56\u7565\uff0c\u5982 noauth\u3001keystone \u7b49\u3002\u5982\u679c\u4f7f\u7528\u201cnoauth\u201d\u7b56\u7565\uff0c\u90a3\u4e48\u7528\u6237\u65e0\u9700\u4efb\u4f55\u8eab\u4efd\u9a8c\u8bc1\u5373\u53ef\u4e0eOpenStack\u670d\u52a1\u8fdb\u884c\u4ea4\u4e92\u3002\u8fd9\u53ef\u80fd\u662f\u4e00\u4e2a\u6f5c\u5728\u7684\u98ce\u9669\uff0c\u56e0\u4e3a\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u83b7\u5f97\u5bf9 OpenStack \u7ec4\u4ef6\u7684\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002\u56e0\u6b64\uff0c\u5f3a\u70c8\u5efa\u8bae\u6240\u6709\u670d\u52a1\u90fd\u5fc5\u987b\u4f7f\u7528\u5176\u670d\u52a1\u5e10\u6237\u901a\u8fc7 keystone \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 auth_strategy \u8bbe\u7f6e\u4e3a keystone \u3002 [DEFAULT] /etc/neutron/neutron.conf \u5931\u8d25\uff1a\u5982\u679c section \u4e0b\u7684 [DEFAULT] \u53c2\u6570 auth_strategy \u503c\u8bbe\u7f6e\u4e3a noauth \u6216 noauth2 \u3002 Check-Neutron-04\uff1a\u662f\u5426\u4f7f\u7528\u5b89\u5168\u534f\u8bae\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f \u00b6 OpenStack \u7ec4\u4ef6\u4f7f\u7528\u5404\u79cd\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\uff0c\u901a\u4fe1\u53ef\u80fd\u6d89\u53ca\u654f\u611f/\u673a\u5bc6\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5c1d\u8bd5\u7a83\u542c\u9891\u9053\u4ee5\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u56e0\u6b64\uff0c\u6240\u6709\u7ec4\u4ef6\u90fd\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u7684\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in /etc/neutron/neutron.conf \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a Identity API \u7aef\u70b9\u5f00\u5934\uff0c https:// \u5e76\u4e14 same /etc/neutron/neutron.conf \u4e2d\u540c\u4e00 [keystone_authtoken] \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri insecure \u503c\u8bbe\u7f6e\u4e3a False \u3002 \u5931\u8d25\uff1a\u5982\u679c in /etc/neutron/neutron.conf \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri \u503c\u672a\u8bbe\u7f6e\u4e3a\u4ee5 \u5f00\u5934\u7684\u8eab\u4efd API \u7aef\u70b9\uff0c https:// \u6216\u8005\u540c\u4e00 /etc/neutron/neutron.conf \u90e8\u5206\u4e2d\u7684\u53c2\u6570 insecure [keystone_authtoken] \u503c\u8bbe\u7f6e\u4e3a True \u3002 Check-Neutron-05\uff1aNeutron API \u670d\u52a1\u5668\u4e0a\u662f\u5426\u542f\u7528\u4e86 TLS\uff1f \u00b6 \u4e0e\u4e4b\u524d\u7684\u68c0\u67e5\u7c7b\u4f3c\uff0c\u5efa\u8bae\u5728 API \u670d\u52a1\u5668\u4e0a\u542f\u7528\u5b89\u5168\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 use_ssl \u8bbe\u7f6e\u4e3a True \u3002 [DEFAULT] /etc/neutron/neutron.conf \u5931\u8d25\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 use_ssl \u8bbe\u7f6e\u4e3a False \u3002 [DEFAULT] /etc/neutron/neutron.conf \u5bf9\u8c61\u5b58\u50a8 \u00b6 OpenStack \u5bf9\u8c61\u5b58\u50a8 \uff08swift\uff09 \u670d\u52a1\u63d0\u4f9b\u901a\u8fc7 HTTP \u5b58\u50a8\u548c\u68c0\u7d22\u6570\u636e\u7684\u8f6f\u4ef6\u3002\u5bf9\u8c61\uff08\u6570\u636e blob\uff09\u5b58\u50a8\u5728\u7ec4\u7ec7\u5c42\u6b21\u7ed3\u6784\u4e2d\uff0c\u8be5\u5c42\u6b21\u7ed3\u6784\u63d0\u4f9b\u533f\u540d\u53ea\u8bfb\u8bbf\u95ee\u3001ACL \u5b9a\u4e49\u7684\u8bbf\u95ee\uff0c\u751a\u81f3\u4e34\u65f6\u8bbf\u95ee\u3002\u5bf9\u8c61\u5b58\u50a8\u652f\u6301\u901a\u8fc7\u4e2d\u95f4\u4ef6\u5b9e\u73b0\u7684\u591a\u79cd\u57fa\u4e8e\u4ee4\u724c\u7684\u8eab\u4efd\u9a8c\u8bc1\u673a\u5236\u3002 \u5e94\u7528\u7a0b\u5e8f\u901a\u8fc7\u884c\u4e1a\u6807\u51c6\u7684 HTTP RESTful API \u5728\u5bf9\u8c61\u5b58\u50a8\u4e2d\u5b58\u50a8\u548c\u68c0\u7d22\u6570\u636e\u3002\u5bf9\u8c61\u5b58\u50a8\u7684\u540e\u7aef\u7ec4\u4ef6\u9075\u5faa\u76f8\u540c\u7684 RESTful \u6a21\u578b\uff0c\u5c3d\u7ba1\u67d0\u4e9b API\uff08\u4f8b\u5982\u7ba1\u7406\u6301\u4e45\u6027\u7684 API\uff09\u5bf9\u96c6\u7fa4\u662f\u79c1\u6709\u7684\u3002\u6709\u5173 API \u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 OpenStack Storage API\u3002 \u5bf9\u8c61\u5b58\u50a8\u7684\u7ec4\u4ef6\u5206\u4e3a\u4ee5\u4e0b\u4e3b\u8981\u7ec4\uff1a \u4ee3\u7406\u670d\u52a1 \u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1 \u5b58\u50a8\u670d\u52a1 \u8d26\u6237\u670d\u52a1 \u5bb9\u5668\u670d\u52a1 \u5bf9\u8c61\u670d\u52a1 OpenStack \u5bf9\u8c61\u5b58\u50a8\u7ba1\u7406\u6307\u5357 \uff082013\uff09 \u4e2d\u7684\u793a\u4f8b\u56fe \u6ce8\u610f \u5bf9\u8c61\u5b58\u50a8\u5b89\u88c5\u4e0d\u5fc5\u4f4d\u4e8e Internet \u4e0a\uff0c\u4e5f\u53ef\u4ee5\u662f\u79c1\u6709\u4e91\uff0c\u5176\u4e2d\u516c\u5171\u4ea4\u6362\u673a\u662f\u7ec4\u7ec7\u5185\u90e8\u7f51\u7edc\u57fa\u7840\u67b6\u6784\u7684\u4e00\u90e8\u5206\u3002 \u7f51\u7edc\u5b89\u5168 \u00b6 \u8981\u4fdd\u62a4\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9996\u5148\u8981\u4fdd\u62a4\u7f51\u7edc\u7ec4\u4ef6\u3002\u5982\u679c\u60a8\u8df3\u8fc7\u4e86\u7f51\u7edc\u7ae0\u8282\uff0c\u8bf7\u8fd4\u56de\u5230\u7f51\u7edc\u90e8\u5206\u3002 rsync \u534f\u8bae\u7528\u4e8e\u5728\u5b58\u50a8\u670d\u52a1\u8282\u70b9\u4e4b\u95f4\u590d\u5236\u6570\u636e\u4ee5\u5b9e\u73b0\u9ad8\u53ef\u7528\u6027\u3002\u6b64\u5916\uff0c\u5728\u5ba2\u6237\u7aef\u7aef\u70b9\u548c\u4e91\u73af\u5883\u4e4b\u95f4\u6765\u56de\u4e2d\u7ee7\u6570\u636e\u65f6\uff0c\u4ee3\u7406\u670d\u52a1\u4f1a\u4e0e\u5b58\u50a8\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\u3002 \u8b66\u544a \u5bf9\u8c61\u5b58\u50a8\u4e0d\u5bf9\u8282\u70b9\u95f4\u901a\u4fe1\u8fdb\u884c\u52a0\u5bc6\u6216\u8eab\u4efd\u9a8c\u8bc1\u3002\u8fd9\u5c31\u662f\u60a8\u5728\u4f53\u7cfb\u7ed3\u6784\u56fe\u4e2d\u770b\u5230\u4e13\u7528\u4ea4\u6362\u673a\u6216\u4e13\u7528\u7f51\u7edc \uff08[V]LAN\uff09 \u7684\u539f\u56e0\u3002\u8fd9\u4e2a\u6570\u636e\u57df\u4e5f\u5e94\u8be5\u4e0e\u5176\u4ed6OpenStack\u6570\u636e\u7f51\u7edc\u5206\u5f00\u3002\u6709\u5173\u5b89\u5168\u57df\u7684\u8fdb\u4e00\u6b65\u8ba8\u8bba\uff0c\u8bf7\u53c2\u9605\u5b89\u5168\u8fb9\u754c\u548c\u5a01\u80c1\u3002 \u5efa\u8bae \u5bf9\u6570\u636e\u57df\u4e2d\u7684\u5b58\u50a8\u8282\u70b9\u4f7f\u7528\u4e13\u7528 \uff08V\uff09LAN \u7f51\u6bb5\u3002 \u8fd9\u9700\u8981\u4ee3\u7406\u8282\u70b9\u5177\u6709\u53cc\u63a5\u53e3\uff08\u7269\u7406\u6216\u865a\u62df\uff09\uff1a \u4e00\u4e2a\u4f5c\u4e3a\u6d88\u8d39\u8005\u8bbf\u95ee\u7684\u516c\u5171\u754c\u9762\u3002 \u53e6\u4e00\u4e2a\u4f5c\u4e3a\u53ef\u4ee5\u8bbf\u95ee\u5b58\u50a8\u8282\u70b9\u7684\u4e13\u7528\u63a5\u53e3\u3002 \u4e0b\u56fe\u6f14\u793a\u4e86\u4e00\u79cd\u53ef\u80fd\u7684\u7f51\u7edc\u4f53\u7cfb\u7ed3\u6784\u3002 \u5177\u6709\u7ba1\u7406\u8282\u70b9\uff08OSAM\uff09\u7684\u5bf9\u8c61\u5b58\u50a8\u7f51\u7edc\u67b6\u6784 \u4e00\u822c\u670d\u52a1\u5b89\u5168 \u00b6 \u4ee5\u975e root \u7528\u6237\u8eab\u4efd\u8fd0\u884c\u670d\u52a1 \u00b6 \u6211\u4eec\u5efa\u8bae\u60a8\u5c06\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u914d\u7f6e\u4e3a\u5728\u975e root \uff08UID 0\uff09 \u670d\u52a1\u5e10\u6237\u4e0b\u8fd0\u884c\u3002\u4e00\u4e2a\u5efa\u8bae\u662f swift \u5177\u6709\u4e3b\u7ec4 swift \u7684\u7528\u6237\u540d\u3002\u4f8b\u5982\uff0c proxy-server \u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5305\u62ec\u3001\u3001 container-server account-server \u3002\u6709\u5173\u8bbe\u7f6e\u548c\u914d\u7f6e\u7684\u8be6\u7ec6\u6b65\u9aa4\uff0c\u8bf7\u53c2\u9605\u300a\u5b89\u88c5\u6307\u5357\u300b\u7684\u201c\u6dfb\u52a0\u5bf9\u8c61\u5b58\u50a8\u201d\u4e00\u7ae0\u7684 OpenStack \u6587\u6863\u7d22\u5f15\u3002 \u6ce8\u610f \u4e0a\u9762\u7684\u94fe\u63a5\u9ed8\u8ba4\u4e3aUbuntu\u7248\u672c\u3002 \u6587\u4ef6\u6743\u9650 \u00b6 \u8be5 /etc/swift \u76ee\u5f55\u5305\u542b\u6709\u5173\u73af\u5f62\u62d3\u6251\u548c\u73af\u5883\u914d\u7f6e\u7684\u4fe1\u606f\u3002\u5efa\u8bae\u4f7f\u7528\u4ee5\u4e0b\u6743\u9650\uff1a # chown -R root:swift /etc/swift/* # find /etc/swift/ -type f -exec chmod 640 {} \\; # find /etc/swift/ -type d -exec chmod 750 {} \\; \u8fd9\u5c06\u9650\u5236\u53ea\u6709 root \u7528\u6237\u80fd\u591f\u4fee\u6539\u914d\u7f6e\u6587\u4ef6\uff0c\u540c\u65f6\u5141\u8bb8\u670d\u52a1\u901a\u8fc7\u5176 swift \u5728\u7ec4\u4e2d\u7684\u7ec4\u6210\u5458\u8eab\u4efd\u8bfb\u53d6\u5b83\u4eec\u3002 \u4fdd\u62a4\u5b58\u50a8\u670d\u52a1 \u00b6 \u4ee5\u4e0b\u662f\u5404\u79cd\u5b58\u50a8\u670d\u52a1\u7684\u9ed8\u8ba4\u4fa6\u542c\u7aef\u53e3\uff1a \u670d\u52a1\u540d\u79f0 \u6e2f\u53e3 \u7c7b\u578b \u8d26\u6237\u670d\u52a1 6002 TCP \u5bb9\u5668\u670d\u52a1 6001 TCP \u5bf9\u8c61\u670d\u52a1 6000 TCP \u540c\u6b65 [1] 873 TCP \u5982\u679c\u4f7f\u7528 ssync \u800c\u4e0d\u662f rsync\uff0c\u5219\u4f7f\u7528\u5bf9\u8c61\u670d\u52a1\u7aef\u53e3\u6765\u7ef4\u62a4\u6301\u4e45\u6027\u3002 \u91cd\u8981 \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\u4e0d\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u5982\u679c\u80fd\u591f\u5728\u5176\u4e2d\u4e00\u4e2a\u7aef\u53e3\u4e0a\u8fde\u63a5\u5230\u5b58\u50a8\u8282\u70b9\uff0c\u5219\u65e0\u9700\u8eab\u4efd\u9a8c\u8bc1\u5373\u53ef\u8bbf\u95ee\u6216\u4fee\u6539\u6570\u636e\u3002\u4e3a\u4e86\u9632\u6b62\u6b64\u95ee\u9898\uff0c\u60a8\u5e94\u8be5\u9075\u5faa\u4e4b\u524d\u7ed9\u51fa\u7684\u6709\u5173\u4f7f\u7528\u4e13\u7528\u5b58\u50a8\u7f51\u7edc\u7684\u5efa\u8bae\u3002 \u5bf9\u8c61\u5b58\u50a8\u5e10\u6237\u672f\u8bed \u00b6 \u5bf9\u8c61\u5b58\u50a8\u5e10\u6237\u4e0d\u662f\u7528\u6237\u5e10\u6237\u6216\u51ed\u636e\u3002\u4e0b\u9762\u5bf9\u8fd9\u4e9b\u5173\u7cfb\u8fdb\u884c\u8bf4\u660e\uff1a \u5bf9\u8c61\u5b58\u50a8\u5e10\u6237 \u5bb9\u5668\u7684\u6536\u96c6;\u4e0d\u662f\u7528\u6237\u5e10\u6237\u6216\u8eab\u4efd\u9a8c\u8bc1\u3002\u54ea\u4e9b\u7528\u6237\u4e0e\u8be5\u5e10\u6237\u76f8\u5173\u8054\u4ee5\u53ca\u4ed6\u4eec\u5982\u4f55\u8bbf\u95ee\u8be5\u5e10\u6237\u53d6\u51b3\u4e8e\u6240\u4f7f\u7528\u7684\u8eab\u4efd\u9a8c\u8bc1\u7cfb\u7edf\u3002\u8bf7\u53c2\u9605\u5bf9\u8c61\u5b58\u50a8\u8eab\u4efd\u9a8c\u8bc1\u3002 \u5bf9\u8c61\u5b58\u50a8\u5bb9\u5668 \u5bf9\u8c61\u7684\u96c6\u5408\u3002\u5bb9\u5668\u4e0a\u7684\u5143\u6570\u636e\u53ef\u7528\u4e8e ACL\u3002ACL \u7684\u542b\u4e49\u53d6\u51b3\u4e8e\u6240\u4f7f\u7528\u7684\u8eab\u4efd\u9a8c\u8bc1\u7cfb\u7edf\u3002 \u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61 \u5b9e\u9645\u6570\u636e\u5bf9\u8c61\u3002\u5bf9\u8c61\u7ea7\u522b\u7684 ACL \u4e5f\u53ef\u4ee5\u4e0e\u5143\u6570\u636e\u4e00\u8d77\u4f7f\u7528\uff0c\u5e76\u4e14\u53d6\u51b3\u4e8e\u6240\u4f7f\u7528\u7684\u8eab\u4efd\u9a8c\u8bc1\u7cfb\u7edf\u3002 \u5728\u6bcf\u4e2a\u7ea7\u522b\uff0c\u60a8\u90fd\u6709 ACL\uff0c\u7528\u4e8e\u6307\u793a\u8c01\u62e5\u6709\u54ea\u79cd\u7c7b\u578b\u7684\u8bbf\u95ee\u6743\u9650\u3002ACL \u662f\u6839\u636e\u6b63\u5728\u4f7f\u7528\u7684\u8eab\u4efd\u9a8c\u8bc1\u7cfb\u7edf\u8fdb\u884c\u89e3\u91ca\u7684\u3002\u6700\u5e38\u7528\u7684\u4e24\u79cd\u8eab\u4efd\u9a8c\u8bc1\u63d0\u4f9b\u7a0b\u5e8f\u7c7b\u578b\u662f Identity service \uff08keystone\uff09 \u548c TempAuth\u3002\u81ea\u5b9a\u4e49\u8eab\u4efd\u9a8c\u8bc1\u63d0\u4f9b\u7a0b\u5e8f\u4e5f\u662f\u53ef\u80fd\u7684\u3002\u6709\u5173\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u5bf9\u8c61\u5b58\u50a8\u8eab\u4efd\u9a8c\u8bc1\u3002 \u4fdd\u62a4\u4ee3\u7406\u670d\u52a1 \u00b6 \u4ee3\u7406\u8282\u70b9\u5e94\u81f3\u5c11\u5177\u6709\u4e24\u4e2a\u63a5\u53e3\uff08\u7269\u7406\u6216\u865a\u62df\uff09\uff1a\u4e00\u4e2a\u516c\u5171\u63a5\u53e3\u548c\u4e00\u4e2a\u4e13\u7528\u63a5\u53e3\u3002\u9632\u706b\u5899\u6216\u670d\u52a1\u7ed1\u5b9a\u53ef\u80fd\u4f1a\u4fdd\u62a4\u516c\u5171\u63a5\u53e3\u3002\u9762\u5411\u516c\u4f17\u7684\u670d\u52a1\u662f\u4e00\u4e2a HTTP Web \u670d\u52a1\u5668\uff0c\u7528\u4e8e\u5904\u7406\u7aef\u70b9\u5ba2\u6237\u7aef\u8bf7\u6c42\u3001\u5bf9\u5176\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u5e76\u6267\u884c\u76f8\u5e94\u7684\u64cd\u4f5c\u3002\u4e13\u7528\u63a5\u53e3\u4e0d\u9700\u8981\u4efb\u4f55\u4fa6\u542c\u670d\u52a1\uff0c\u800c\u662f\u7528\u4e8e\u5efa\u7acb\u4e0e\u4e13\u7528\u5b58\u50a8\u7f51\u7edc\u4e0a\u7684\u5b58\u50a8\u8282\u70b9\u7684\u4f20\u51fa\u8fde\u63a5\u3002 HTTP \u76d1\u542c\u7aef\u53e3 \u00b6 \u5982\u524d\u6240\u8ff0\uff0c\u60a8\u5e94\u8be5\u5c06 Web \u670d\u52a1\u914d\u7f6e\u4e3a\u975e root\uff08\u65e0 UID 0\uff09\u7528\u6237 swift \u3002\u9700\u8981\u4f7f\u7528\u5927\u4e8e 1024 \u7684\u7aef\u53e3\u624d\u80fd\u8f7b\u677e\u5b8c\u6210\u6b64\u64cd\u4f5c\uff0c\u5e76\u907f\u514d\u4ee5 root \u8eab\u4efd\u8fd0\u884c Web \u5bb9\u5668\u7684\u4efb\u4f55\u90e8\u5206\u3002\u901a\u5e38\uff0c\u4f7f\u7528 HTTP REST API \u5e76\u6267\u884c\u8eab\u4efd\u9a8c\u8bc1\u7684\u5ba2\u6237\u7aef\u4f1a\u81ea\u52a8\u4ece\u8eab\u4efd\u9a8c\u8bc1\u54cd\u5e94\u4e2d\u68c0\u7d22\u6240\u9700\u7684\u5b8c\u6574 REST API URL\u3002OpenStack \u7684 REST API \u5141\u8bb8\u5ba2\u6237\u7aef\u5bf9\u4e00\u4e2a URL \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff0c\u7136\u540e\u88ab\u544a\u77e5\u5bf9\u5b9e\u9645\u670d\u52a1\u4f7f\u7528\u5b8c\u5168\u4e0d\u540c\u7684 URL\u3002\u4f8b\u5982\uff0c\u5ba2\u6237\u7aef\u5411 https://identity.cloud.example.org:55443/v1/auth \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff0c\u5e76\u83b7\u53d6\u5176\u8eab\u4efd\u9a8c\u8bc1\u5bc6\u94a5\u548c\u5b58\u50a8 URL\uff08\u4ee3\u7406\u8282\u70b9\u6216\u8d1f\u8f7d\u5747\u8861\u5668\u7684 URL\uff09https://swift.cloud.example.org:44443/v1/AUTH_8980 \u54cd\u5e94\u3002 \u5c06 Web \u670d\u52a1\u5668\u914d\u7f6e\u4e3a\u4ee5\u975e root \u7528\u6237\u8eab\u4efd\u542f\u52a8\u548c\u8fd0\u884c\u7684\u65b9\u6cd5\u56e0 Web \u670d\u52a1\u5668\u548c\u64cd\u4f5c\u7cfb\u7edf\u800c\u5f02\u3002 \u8d1f\u8f7d\u5747\u8861\u5668 \u00b6 \u5982\u679c\u4f7f\u7528 Apache \u7684\u9009\u9879\u4e0d\u53ef\u884c\uff0c\u6216\u8005\u4e3a\u4e86\u63d0\u9ad8\u6027\u80fd\uff0c\u60a8\u5e0c\u671b\u51cf\u8f7b TLS \u5de5\u4f5c\uff0c\u5219\u53ef\u4ee5\u4f7f\u7528\u4e13\u7528\u7684\u7f51\u7edc\u8bbe\u5907\u8d1f\u8f7d\u5e73\u8861\u5668\u3002\u8fd9\u662f\u5728\u4f7f\u7528\u591a\u4e2a\u4ee3\u7406\u8282\u70b9\u65f6\u63d0\u4f9b\u5197\u4f59\u548c\u8d1f\u8f7d\u5e73\u8861\u7684\u5e38\u7528\u65b9\u6cd5\u3002 \u5982\u679c\u9009\u62e9\u5378\u8f7d TLS\uff0c\u8bf7\u786e\u4fdd\u8d1f\u8f7d\u5747\u8861\u5668\u548c\u4ee3\u7406\u8282\u70b9\u4e4b\u95f4\u7684\u7f51\u7edc\u94fe\u8def\u4f4d\u4e8e\u4e13\u7528 \uff08V\uff09LAN \u7f51\u6bb5\u4e0a\uff0c\u4ee5\u4fbf\u7f51\u7edc\u4e0a\u7684\u5176\u4ed6\u8282\u70b9\uff08\u53ef\u80fd\u5df2\u6cc4\u9732\uff09\u65e0\u6cd5\u7a83\u542c\uff08\u55c5\u63a2\uff09\u672a\u52a0\u5bc6\u7684\u6d41\u91cf\u3002\u5982\u679c\u53d1\u751f\u6b64\u7c7b\u8fdd\u89c4\u884c\u4e3a\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u8bbf\u95ee\u7aef\u70b9\u5ba2\u6237\u7aef\u6216\u4e91\u7ba1\u7406\u5458\u51ed\u636e\u5e76\u8bbf\u95ee\u4e91\u6570\u636e\u3002 \u60a8\u4f7f\u7528\u7684\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\uff08\u4f8b\u5982\u8eab\u4efd\u670d\u52a1\uff08keystone\uff09\u6216TempAuth\uff09\u5c06\u51b3\u5b9a\u5982\u4f55\u5728\u5bf9\u7aef\u70b9\u5ba2\u6237\u7aef\u7684\u54cd\u5e94\u4e2d\u914d\u7f6e\u4e0d\u540c\u7684URL\uff0c\u4ee5\u4fbf\u5b83\u4eec\u4f7f\u7528\u8d1f\u8f7d\u5e73\u8861\u5668\u800c\u4e0d\u662f\u5355\u4e2a\u4ee3\u7406\u8282\u70b9\u3002 \u5bf9\u8c61\u5b58\u50a8\u8eab\u4efd\u9a8c\u8bc1 \u00b6 \u5bf9\u8c61\u5b58\u50a8\u4f7f\u7528 WSGI \u6a21\u578b\u6765\u63d0\u4f9b\u4e2d\u95f4\u4ef6\u529f\u80fd\uff0c\u8be5\u529f\u80fd\u4e0d\u4ec5\u63d0\u4f9b\u901a\u7528\u53ef\u6269\u5c55\u6027\uff0c\u8fd8\u7528\u4e8e\u7aef\u70b9\u5ba2\u6237\u7aef\u7684\u8eab\u4efd\u9a8c\u8bc1\u3002\u8eab\u4efd\u9a8c\u8bc1\u63d0\u4f9b\u7a0b\u5e8f\u5b9a\u4e49\u5b58\u5728\u7684\u89d2\u8272\u548c\u7528\u6237\u7c7b\u578b\u3002\u6709\u4e9b\u4f7f\u7528\u4f20\u7edf\u7684\u7528\u6237\u540d\u548c\u5bc6\u7801\u51ed\u636e\uff0c\u800c\u53e6\u4e00\u4e9b\u5219\u53ef\u80fd\u5229\u7528 API \u5bc6\u94a5\u4ee4\u724c\u751a\u81f3\u5ba2\u6237\u7aef x.509 \u8bc1\u4e66\u3002\u81ea\u5b9a\u4e49\u63d0\u4f9b\u7a0b\u5e8f\u53ef\u4ee5\u96c6\u6210\u5230\u4f7f\u7528\u81ea\u5b9a\u4e49\u4e2d\u95f4\u4ef6\u4e2d\u3002 \u5bf9\u8c61\u5b58\u50a8\u9ed8\u8ba4\u81ea\u5e26\u4e24\u4e2a\u8ba4\u8bc1\u4e2d\u95f4\u4ef6\u6a21\u5757\uff0c\u5176\u4e2d\u4efb\u4f55\u4e00\u4e2a\u6a21\u5757\u90fd\u53ef\u4ee5\u4f5c\u4e3a\u5f00\u53d1\u81ea\u5b9a\u4e49\u8ba4\u8bc1\u4e2d\u95f4\u4ef6\u7684\u793a\u4f8b\u4ee3\u7801\u3002 TempAuth \u51fd\u6570 \u00b6 TempAuth \u662f\u5bf9\u8c61\u5b58\u50a8\u7684\u9ed8\u8ba4\u8eab\u4efd\u9a8c\u8bc1\u3002\u4e0e Identity \u76f8\u6bd4\uff0c\u5b83\u5c06\u7528\u6237\u5e10\u6237\u3001\u51ed\u636e\u548c\u5143\u6570\u636e\u5b58\u50a8\u5728\u5bf9\u8c61\u5b58\u50a8\u672c\u8eab\u4e2d\u3002\u6709\u5173\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u5bf9\u8c61\u5b58\u50a8 \uff08swift\uff09 \u6587\u6863\u7684\u8eab\u4efd\u9a8c\u8bc1\u7cfb\u7edf\u90e8\u5206\u3002 Keystone \u00b6 Keystone \u662f OpenStack \u4e2d\u5e38\u7528\u7684\u8eab\u4efd\u63d0\u4f9b\u7a0b\u5e8f\u3002\u5b83\u8fd8\u53ef\u7528\u4e8e\u5bf9\u8c61\u5b58\u50a8\u4e2d\u7684\u8eab\u4efd\u9a8c\u8bc1\u3002Identity \u4e2d\u5df2\u63d0\u4f9b\u4fdd\u62a4 keystone \u7684\u8986\u76d6\u8303\u56f4\u3002 \u5176\u4ed6\u503c\u5f97\u6ce8\u610f\u7684\u4e8b\u9879 \u00b6 \u5728 \u4e2d /etc/swift \uff0c\u5728\u6bcf\u4e2a\u8282\u70b9\u4e0a\uff0c\u90fd\u6709\u4e00\u4e2a\u8bbe\u7f6e\u548c\u4e00\u4e2a swift_hash_path_prefix swift_hash_path_suffix \u8bbe\u7f6e\u3002\u63d0\u4f9b\u8fd9\u4e9b\u662f\u4e3a\u4e86\u51cf\u5c11\u5b58\u50a8\u5bf9\u8c61\u53d1\u751f\u54c8\u5e0c\u51b2\u7a81\u7684\u53ef\u80fd\u6027\uff0c\u5e76\u907f\u514d\u4e00\u4e2a\u7528\u6237\u8986\u76d6\u53e6\u4e00\u4e2a\u7528\u6237\u7684\u6570\u636e\u3002 \u6b64\u503c\u6700\u521d\u5e94\u4f7f\u7528\u52a0\u5bc6\u5b89\u5168\u7684\u968f\u673a\u6570\u751f\u6210\u5668\u8fdb\u884c\u8bbe\u7f6e\uff0c\u5e76\u5728\u6240\u6709\u8282\u70b9\u4e0a\u4fdd\u6301\u4e00\u81f4\u3002\u786e\u4fdd\u5b83\u53d7\u5230\u9002\u5f53\u7684 ACL \u4fdd\u62a4\uff0c\u5e76\u4e14\u60a8\u6709\u5907\u4efd\u526f\u672c\u4ee5\u907f\u514d\u6570\u636e\u4e22\u5931\u3002 \u673a\u5bc6\u7ba1\u7406 \u00b6 \u64cd\u4f5c\u5458\u901a\u8fc7\u4f7f\u7528\u5404\u79cd\u52a0\u5bc6\u5e94\u7528\u7a0b\u5e8f\u6765\u4fdd\u62a4\u4e91\u90e8\u7f72\u4e2d\u7684\u654f\u611f\u4fe1\u606f\u3002\u4f8b\u5982\uff0c\u5bf9\u9759\u6001\u6570\u636e\u8fdb\u884c\u52a0\u5bc6\u6216\u5bf9\u6620\u50cf\u8fdb\u884c\u7b7e\u540d\u4ee5\u8bc1\u660e\u5176\u672a\u88ab\u7be1\u6539\u3002\u5728\u6240\u6709\u60c5\u51b5\u4e0b\uff0c\u8fd9\u4e9b\u52a0\u5bc6\u529f\u80fd\u90fd\u9700\u8981\u67d0\u79cd\u5bc6\u94a5\u6750\u6599\u624d\u80fd\u8fd0\u884c\u3002 \u673a\u5bc6\u7ba1\u7406\u63cf\u8ff0\u4e86\u4e00\u7ec4\u65e8\u5728\u4fdd\u62a4\u8f6f\u4ef6\u7cfb\u7edf\u4e2d\u7684\u5173\u952e\u6750\u6599\u7684\u6280\u672f\u3002\u4f20\u7edf\u4e0a\uff0c\u5bc6\u94a5\u7ba1\u7406\u6d89\u53ca\u786c\u4ef6\u5b89\u5168\u6a21\u5757 \uff08HSM\uff09 \u7684\u90e8\u7f72\u3002\u8fd9\u4e9b\u8bbe\u5907\u5df2\u7ecf\u8fc7\u7269\u7406\u5f3a\u5316\uff0c\u53ef\u9632\u6b62\u7be1\u6539\u3002 \u968f\u7740\u6280\u672f\u7684\u8fdb\u6b65\uff0c\u9700\u8981\u4fdd\u62a4\u7684\u79d8\u5bc6\u7269\u54c1\u7684\u6570\u91cf\u5df2\u7ecf\u4ece\u5bc6\u94a5\u6750\u6599\u589e\u52a0\u5230\u5305\u62ec\u8bc1\u4e66\u5bf9\u3001API \u5bc6\u94a5\u3001\u7cfb\u7edf\u5bc6\u7801\u3001\u7b7e\u540d\u5bc6\u94a5\u7b49\u3002\u8fd9\u79cd\u589e\u957f\u4ea7\u751f\u4e86\u5bf9\u66f4\u5177\u53ef\u6269\u5c55\u6027\u7684\u5bc6\u94a5\u7ba1\u7406\u65b9\u6cd5\u7684\u9700\u6c42\uff0c\u5e76\u5bfc\u81f4\u521b\u5efa\u4e86\u8bb8\u591a\u63d0\u4f9b\u53ef\u6269\u5c55\u52a8\u6001\u5bc6\u94a5\u7ba1\u7406\u7684\u8f6f\u4ef6\u670d\u52a1\u3002\u672c\u7ae0\u4ecb\u7ecd\u4e86\u76ee\u524d\u5b58\u5728\u7684\u670d\u52a1\uff0c\u5e76\u91cd\u70b9\u4ecb\u7ecd\u4e86\u90a3\u4e9b\u80fd\u591f\u96c6\u6210\u5230OpenStack\u4e91\u4e2d\u7684\u670d\u52a1\u3002 \u73b0\u6709\u6280\u672f\u6458\u8981 \u76f8\u5173 Openstack \u9879\u76ee \u4f7f\u7528\u6848\u4f8b \u955c\u50cf\u7b7e\u540d\u9a8c\u8bc1 \u5377\u52a0\u5bc6 \u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6 Sahara Magnum Octavia/LBaaS Swift \u914d\u7f6e\u6587\u4ef6\u4e2d\u7684\u5bc6\u7801 Barbican \u6982\u8ff0 \u52a0\u5bc6\u63d2\u4ef6 \u7b80\u5355\u7684\u52a0\u5bc6\u63d2\u4ef6 PKCS#11\u52a0\u5bc6\u63d2\u4ef6 \u5bc6\u94a5\u5546\u5e97\u63d2\u4ef6 KMIP\u63d2\u4ef6 Dogtag \u63d2\u4ef6 Vault \u63d2\u4ef6 Castellan \u6982\u8ff0 \u5e38\u89c1\u95ee\u9898\u89e3\u7b54 \u68c0\u67e5\u8868 Check-Key-Manager-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/barbican\uff1f Check-Key-Manager-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Key-Manager-03\uff1aOpenStack Identity \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Key-Manager-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f \u73b0\u6709\u6280\u672f\u6458\u8981 \u00b6 \u5728OpenStack\u4e2d\uff0c\u6709\u4e24\u79cd\u63a8\u8350\u7528\u4e8e\u673a\u5bc6\u7ba1\u7406\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u5373Barbican\u548cCastellan\u3002\u672c\u7ae0\u5c06\u6982\u8ff0\u4e0d\u540c\u7684\u65b9\u6848\uff0c\u4ee5\u5e2e\u52a9\u64cd\u4f5c\u5458\u9009\u62e9\u4f7f\u7528\u54ea\u4e2a\u5bc6\u94a5\u7ba1\u7406\u5668\u3002 \u7b2c\u4e09\u79cd\u4e0d\u53d7\u652f\u6301\u7684\u65b9\u6cd5\u662f\u56fa\u5b9a/\u786c\u7f16\u7801\u5bc6\u94a5\u3002\u4f17\u6240\u5468\u77e5\uff0c\u67d0\u4e9b OpenStack \u670d\u52a1\u53ef\u4ee5\u9009\u62e9\u5728\u5176\u914d\u7f6e\u6587\u4ef6\u4e2d\u6307\u5b9a\u5bc6\u94a5\u3002\u8fd9\u662f\u6700\u4e0d\u5b89\u5168\u7684\u64cd\u4f5c\u65b9\u5f0f\uff0c\u6211\u4eec\u4e0d\u5efa\u8bae\u5728\u4efb\u4f55\u7c7b\u578b\u7684\u751f\u4ea7\u73af\u5883\u4e2d\u4f7f\u7528\u3002 \u5176\u4ed6\u89e3\u51b3\u65b9\u6848\u5305\u62ec KeyWhiz\u3001Confidant\u3001Conjur\u3001EJSON\u3001Knox \u548c Red October\uff0c\u4f46\u5728\u672c\u6587\u6863\u7684\u8ba8\u8bba\u8303\u56f4\u4e4b\u5916\uff0c\u65e0\u6cd5\u6db5\u76d6\u6240\u6709\u53ef\u7528\u7684 Key Manager\u3002 \u5bf9\u4e8e\u673a\u5bc6\u7684\u5b58\u50a8\uff0c\u5f3a\u70c8\u5efa\u8bae\u4f7f\u7528\u786c\u4ef6\u5b89\u5168\u6a21\u5757 \uff08HSM\uff09 \u3002HSM \u53ef\u4ee5\u6709\u591a\u79cd\u5f62\u5f0f\u3002\u4f20\u7edf\u8bbe\u5907\u662f\u673a\u67b6\u5f0f\u8bbe\u5907\uff0c\u5982\u4ee5\u4e0b\u535a\u5ba2\u6587\u7ae0\u4e2d\u6240\u793a\u3002 \u76f8\u5173 Openstack \u9879\u76ee \u00b6 Castellan \u662f\u4e00\u4e2a\u5e93\uff0c\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u7b80\u5355\u7684\u901a\u7528\u63a5\u53e3\u6765\u5b58\u50a8\u3001\u751f\u6210\u548c\u68c0\u7d22\u673a\u5bc6\u3002\u5927\u591a\u6570 Openstack \u670d\u52a1\u90fd\u4f7f\u7528\u5b83\u8fdb\u884c\u673a\u5bc6\u7ba1\u7406\u3002\u4f5c\u4e3a\u4e00\u4e2a\u56fe\u4e66\u9986\uff0cCastellan \u672c\u8eab\u5e76\u4e0d\u63d0\u4f9b\u79d8\u5bc6\u5b58\u50a8\u3002\u76f8\u53cd\uff0c\u9700\u8981\u90e8\u7f72\u540e\u7aef\u5b9e\u73b0\u3002 \u8bf7\u6ce8\u610f\uff0cCastellan \u4e0d\u63d0\u4f9b\u4efb\u4f55\u8eab\u4efd\u9a8c\u8bc1\u3002\u5b83\u53ea\u662f\u901a\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u51ed\u636e\uff08\u4f8b\u5982Keystone\u4ee4\u724c\uff09\u4f20\u9012\u5230\u540e\u7aef\u3002 Barbican \u662f\u4e00\u4e2a OpenStack \u670d\u52a1\uff0c\u4e3a Castellan \u63d0\u4f9b\u540e\u7aef\u3002Barbican \u9700\u8981\u5e76\u9a8c\u8bc1 keystone \u8eab\u4efd\u9a8c\u8bc1\u4ee4\u724c\uff0c\u4ee5\u8bc6\u522b\u8bbf\u95ee\u6216\u5b58\u50a8\u5bc6\u94a5\u7684\u7528\u6237\u548c\u9879\u76ee\u3002\u7136\u540e\uff0c\u5b83\u5e94\u7528\u7b56\u7565\u6765\u786e\u5b9a\u662f\u5426\u5141\u8bb8\u8bbf\u95ee\u3002\u5b83\u8fd8\u63d0\u4f9b\u4e86\u8bb8\u591a\u989d\u5916\u7684\u6709\u7528\u529f\u80fd\u6765\u6539\u8fdb\u5bc6\u94a5\u7ba1\u7406\uff0c\u5305\u62ec\u914d\u989d\u3001\u6bcf\u4e2a\u5bc6\u94a5\u7684 ACL\u3001\u8ddf\u8e2a\u5bc6\u94a5\u4f7f\u7528\u8005\u4ee5\u53ca\u5bc6\u94a5\u5bb9\u5668\u4e2d\u7684\u5bc6\u94a5\u5206\u7ec4\u3002\u4f8b\u5982\uff0c\u660e\u9510\u76f4\u63a5\u4e0e\u5df4\u6bd4\u80af\uff08\u800c\u4e0d\u662f\u5361\u65af\u7279\u62c9\u5170\uff09\u96c6\u6210\uff0c\u4ee5\u5229\u7528\u5176\u4e2d\u4e00\u4e9b\u529f\u80fd\u3002 Barbican \u6709\u8bb8\u591a\u540e\u7aef\u63d2\u4ef6\uff0c\u53ef\u7528\u4e8e\u5c06\u673a\u5bc6\u5b89\u5168\u5730\u5b58\u50a8\u5728\u672c\u5730\u6570\u636e\u5e93\u6216 HSM \u4e2d\u3002 \u76ee\u524d\uff0cBarbican \u662f Castellan \u552f\u4e00\u53ef\u7528\u7684\u540e\u7aef\u3002\u7136\u800c\uff0c\u6709\u51e0\u4e2a\u540e\u7aef\u6b63\u5728\u5f00\u53d1\u4e2d\uff0c\u5305\u62ec KMIP\u3001Dogtag\u3001Hashicorp Vault \u548c Custodia\u3002\u5bf9\u4e8e\u90a3\u4e9b\u4e0d\u5e0c\u671b\u90e8\u7f72 Barbican \u5e76\u4e14\u5bc6\u94a5\u7ba1\u7406\u9700\u6c42\u76f8\u5bf9\u7b80\u5355\u7684\u90e8\u7f72\u4eba\u5458\u6765\u8bf4\uff0c\u4f7f\u7528\u8fd9\u4e9b\u540e\u7aef\u4e4b\u4e00\u53ef\u80fd\u662f\u4e00\u4e2a\u53ef\u884c\u7684\u66ff\u4ee3\u65b9\u6848\u3002\u4f46\u662f\uff0c\u5728\u68c0\u7d22\u5bc6\u94a5\u65f6\uff0c\u7f3a\u5c11\u7684\u662f\u591a\u79df\u6237\u548c\u79df\u6237\u7b56\u7565\u7684\u5b9e\u65bd\uff0c\u4ee5\u53ca\u4e0a\u9762\u63d0\u5230\u7684\u4efb\u4f55\u989d\u5916\u529f\u80fd\u3002 \u4f7f\u7528\u6848\u4f8b \u00b6 \u955c\u50cf\u7b7e\u540d\u9a8c\u8bc1 \u00b6 \u9a8c\u8bc1\u955c\u50cf\u7b7e\u540d\u53ef\u786e\u4fdd\u955c\u50cf\u81ea\u539f\u59cb\u4e0a\u4f20\u4ee5\u6765\u4e0d\u4f1a\u88ab\u66ff\u6362\u6216\u66f4\u6539\u3002\u955c\u50cf\u7b7e\u540d\u9a8c\u8bc1\u529f\u80fd\u4f7f\u7528 Castellan \u4f5c\u4e3a\u5176\u5bc6\u94a5\u7ba1\u7406\u5668\u6765\u5b58\u50a8\u52a0\u5bc6\u7b7e\u540d\u3002\u955c\u50cf\u7b7e\u540d\u548c\u8bc1\u4e66 UUID \u5c06\u4e0e\u955c\u50cf\u4e00\u8d77\u4e0a\u4f20\u5230\u955c\u50cf \uff08glance\uff09 \u670d\u52a1\u3002Glance \u5728\u4ece\u5bc6\u94a5\u7ba1\u7406\u5668\u68c0\u7d22\u8bc1\u4e66\u540e\u9a8c\u8bc1\u7b7e\u540d\u3002\u542f\u52a8\u955c\u50cf\u65f6\uff0c\u8ba1\u7b97\u670d\u52a1 \uff08nova\uff09 \u5728\u4ece\u5bc6\u94a5\u7ba1\u7406\u5668\u68c0\u7d22\u8bc1\u4e66\u540e\u9a8c\u8bc1\u7b7e\u540d\u3002 \u6709\u5173\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u53ef\u4fe1\u6620\u50cf\u6587\u6863\u3002 \u5377\u52a0\u5bc6 \u00b6 \u5377\u52a0\u5bc6\u529f\u80fd\u4f7f\u7528 Castellan \u63d0\u4f9b\u9759\u6001\u6570\u636e\u52a0\u5bc6\u3002\u5f53\u7528\u6237\u521b\u5efa\u52a0\u5bc6\u5377\u7c7b\u578b\u5e76\u4f7f\u7528\u8be5\u7c7b\u578b\u521b\u5efa\u5377\u65f6\uff0c\u5757\u5b58\u50a8 \uff08cinder\uff09 \u670d\u52a1\u4f1a\u8bf7\u6c42\u5bc6\u94a5\u7ba1\u7406\u5668\u521b\u5efa\u8981\u4e0e\u8be5\u5377\u5173\u8054\u7684\u5bc6\u94a5\u3002\u5f53\u5377\u9644\u52a0\u5230\u5b9e\u4f8b\u65f6\uff0cnova \u4f1a\u68c0\u7d22\u5bc6\u94a5\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u6570\u636e\u52a0\u5bc6\u90e8\u5206\u3002\u548c\u5377\u52a0\u5bc6\u3002 \u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6 \u00b6 \u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\u529f\u80fd\u53ef\u89e3\u51b3\u6570\u636e\u9690\u79c1\u95ee\u9898\u3002\u4e34\u65f6\u78c1\u76d8\u662f\u865a\u62df\u4e3b\u673a\u64cd\u4f5c\u7cfb\u7edf\u4f7f\u7528\u7684\u4e34\u65f6\u5de5\u4f5c\u7a7a\u95f4\u3002\u5982\u679c\u4e0d\u52a0\u5bc6\uff0c\u53ef\u4ee5\u5728\u6b64\u78c1\u76d8\u4e0a\u8bbf\u95ee\u654f\u611f\u7684\u7528\u6237\u4fe1\u606f\uff0c\u5e76\u4e14\u5728\u5378\u8f7d\u78c1\u76d8\u540e\u53ef\u80fd\u4f1a\u4fdd\u7559\u6b8b\u7559\u4fe1\u606f\u3002 \u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\u529f\u80fd\u53ef\u4ee5\u901a\u8fc7\u5b89\u5168\u5305\u88c5\u5668\u4e0e\u5bc6\u94a5\u7ba1\u7406\u670d\u52a1\u4ea4\u4e92\uff0c\u5e76\u901a\u8fc7\u6309\u79df\u6237\u63d0\u4f9b\u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\u5bc6\u94a5\u6765\u652f\u6301\u6570\u636e\u9694\u79bb\u3002\u5efa\u8bae\u4f7f\u7528\u540e\u7aef\u5bc6\u94a5\u5b58\u50a8\u4ee5\u589e\u5f3a\u5b89\u5168\u6027\uff08\u4f8b\u5982\uff0cHSM \u6216 KMIP \u670d\u52a1\u5668\u53ef\u7528\u4f5c barbican \u540e\u7aef\u5bc6\u94a5\u5b58\u50a8\uff09\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\u6587\u6863\u3002 Sahara \u00b6 Sahara\u5728\u64cd\u4f5c\u8fc7\u7a0b\u4e2d\u751f\u6210\u5e76\u5b58\u50a8\u591a\u4e2a\u5bc6\u7801\u3002\u4e3a\u4e86\u52a0\u5f3aSahara\u5bf9\u5bc6\u7801\u7684\u4f7f\u7528\uff0c\u53ef\u4ee5\u6307\u793a\u5b83\u4f7f\u7528\u5916\u90e8\u5bc6\u94a5\u7ba1\u7406\u5668\u6765\u5b58\u50a8\u548c\u68c0\u7d22\u8fd9\u4e9b\u5bc6\u94a5\u3002\u8981\u542f\u7528\u6b64\u529f\u80fd\uff0c\u5fc5\u987b\u9996\u5148\u5728\u5806\u6808\u4e2d\u90e8\u7f72\u4e00\u4e2a OpenStack Key Manager \u670d\u52a1\u3002 \u5728\u5806\u6808\u4e0a\u90e8\u7f72\u5bc6\u94a5\u7ba1\u7406\u5668\u670d\u52a1\u540e\uff0c\u5fc5\u987b\u5c06 sahara \u914d\u7f6e\u4e3a\u542f\u7528\u5bc6\u94a5\u7684\u5916\u90e8\u5b58\u50a8\u3002Sahara \u4f7f\u7528 Castellan \u5e93\u4e0e OpenStack Key Manager \u670d\u52a1\u8fdb\u884c\u4ea4\u4e92\u3002\u6b64\u5e93\u63d0\u4f9b\u5bf9\u5bc6\u94a5\u7ba1\u7406\u5668\u7684\u53ef\u914d\u7f6e\u8bbf\u95ee\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 Sahara \u9ad8\u7ea7\u914d\u7f6e\u6307\u5357\u3002 Magnum \u00b6 \u4e3a\u4e86\u4f7f\u7528\u672c\u673a\u5ba2\u6237\u7aef\uff08 docker \u6216 kubectl \u5206\u522b\uff09\u63d0\u4f9b\u5bf9 Docker Swarm \u6216 Kubernetes \u7684\u8bbf\u95ee\uff0cmagnum \u4f7f\u7528 TLS \u8bc1\u4e66\u3002\u8981\u5b58\u50a8\u8bc1\u4e66\uff0c\u5efa\u8bae\u4f7f\u7528 Barbican \u6216 Magnum \u6570\u636e\u5e93 \uff08 x590keypair \uff09\u3002 \u4e5f\u53ef\u4ee5\u4f7f\u7528\u672c\u5730\u76ee\u5f55 \uff08 local \uff09\uff0c\u4f46\u88ab\u8ba4\u4e3a\u662f\u4e0d\u5b89\u5168\u7684\uff0c\u4e0d\u9002\u5408\u751f\u4ea7\u73af\u5883\u3002 \u6709\u5173\u4e3a Magnum \u8bbe\u7f6e\u8bc1\u4e66\u7ba1\u7406\u5668\u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u5bb9\u5668\u57fa\u7840\u67b6\u6784\u7ba1\u7406\u670d\u52a1\u6587\u6863\u3002 Octavia/LBaaS \u00b6 Neutron \u548c Octavia \u9879\u76ee\u7684 LBaaS\uff08\u8d1f\u8f7d\u5747\u8861\u5668\u5373\u670d\u52a1\uff09\u529f\u80fd\u9700\u8981\u8bc1\u4e66\u53ca\u5176\u79c1\u94a5\u6765\u4e3a TLS \u8fde\u63a5\u63d0\u4f9b\u8d1f\u8f7d\u5747\u8861\u3002Barbican \u53ef\u7528\u4e8e\u5b58\u50a8\u6b64\u654f\u611f\u4fe1\u606f\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u5982\u4f55\u521b\u5efa TLS \u8d1f\u8f7d\u5747\u8861\u5668\u548c\u90e8\u7f72\u4ee5 TLS \u7ed3\u5c3e\u7684 HTTPS \u8d1f\u8f7d\u5747\u8861\u5668\u3002 Swift \u00b6 \u5bf9\u79f0\u5bc6\u94a5\u53ef\u7528\u4e8e\u52a0\u5bc6 Swift \u5bb9\u5668\uff0c\u4ee5\u964d\u4f4e\u7528\u6237\u6570\u636e\u88ab\u8bfb\u53d6\u7684\u98ce\u9669\uff0c\u5982\u679c\u672a\u7ecf\u6388\u6743\u7684\u4e00\u65b9\u8981\u83b7\u5f97\u5bf9\u78c1\u76d8\u7684\u7269\u7406\u8bbf\u95ee\u6743\u9650\u3002 \u6709\u5173\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u5b98\u65b9 swift \u6587\u6863\u4e2d\u7684\u5bf9\u8c61\u52a0\u5bc6\u90e8\u5206\u3002 \u914d\u7f6e\u6587\u4ef6\u4e2d\u7684\u5bc6\u7801 \u00b6 OpenStack \u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u5305\u542b\u8bb8\u591a\u7eaf\u6587\u672c\u5bc6\u7801\u3002\u4f8b\u5982\uff0c\u8fd9\u4e9b\u5305\u62ec\u670d\u52a1\u7528\u6237\u7528\u4e8e\u5411 keystone \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u4ee5\u9a8c\u8bc1 keystone \u4ee4\u724c\u7684\u5bc6\u7801\u3002 \u76ee\u524d\u6ca1\u6709\u5bf9\u8fd9\u4e9b\u5bc6\u7801\u8fdb\u884c\u6a21\u7cca\u5904\u7406\u7684\u89e3\u51b3\u65b9\u6848\u3002\u5efa\u8bae\u901a\u8fc7\u6587\u4ef6\u6743\u9650\u9002\u5f53\u5730\u4fdd\u62a4\u8fd9\u4e9b\u6587\u4ef6\u3002 \u76ee\u524d\u6b63\u5728\u52aa\u529b\u5c06\u8fd9\u4e9b\u5bc6\u94a5\u5b58\u50a8\u5728 Castellan \u540e\u7aef\uff0c\u7136\u540e\u8ba9 oslo.config \u4f7f\u7528 Castellan \u6765\u68c0\u7d22\u8fd9\u4e9b\u5bc6\u94a5\u3002 Barbican \u00b6 \u6982\u8ff0 \u00b6 Barbican \u662f\u4e00\u4e2a REST API\uff0c\u65e8\u5728\u5b89\u5168\u5b58\u50a8\u3001\u914d\u7f6e\u548c\u7ba1\u7406\u5bc6\u7801\u3001\u52a0\u5bc6\u5bc6\u94a5\u548c X.509 \u8bc1\u4e66\u7b49\u673a\u5bc6\u3002\u5b83\u65e8\u5728\u5bf9\u6240\u6709\u73af\u5883\u90fd\u6709\u7528\uff0c\u5305\u62ec\u5927\u578b\u77ed\u6682\u4e91\u3002 Barbican \u4e0e\u591a\u4e2a OpenStack \u529f\u80fd\u96c6\u6210\uff0c\u53ef\u4ee5\u76f4\u63a5\u96c6\u6210\uff0c\u4e5f\u53ef\u4ee5\u4f5c\u4e3a Castellan \u7684\u540e\u7aef\u96c6\u6210\u3002 Barbican \u901a\u5e38\u7528\u4f5c\u5bc6\u94a5\u7ba1\u7406\u7cfb\u7edf\uff0c\u4ee5\u5b9e\u73b0\u56fe\u50cf\u7b7e\u540d\u9a8c\u8bc1\u3001\u5377\u52a0\u5bc6\u7b49\u7528\u4f8b\u3002\u8fd9\u4e9b\u7528\u4f8b\u5728\u7528\u4f8b\u4e2d\u8fdb\u884c\u4e86\u6982\u8ff0 Barbican \u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236 \u00b6 \u5f85\u5b9a \u673a\u5bc6\u5b58\u50a8\u540e\u7aef \u00b6 Key Manager \u670d\u52a1\u5177\u6709\u63d2\u4ef6\u67b6\u6784\uff0c\u5141\u8bb8\u90e8\u7f72\u7a0b\u5e8f\u5c06\u5bc6\u94a5\u5b58\u50a8\u5728\u4e00\u4e2a\u6216\u591a\u4e2a\u5bc6\u94a5\u5b58\u50a8\u4e2d\u3002\u673a\u5bc6\u5b58\u50a8\u53ef\u4ee5\u662f\u57fa\u4e8e\u8f6f\u4ef6\u7684\uff08\u5982\u8f6f\u4ef6\u4ee4\u724c\uff09\uff0c\u4e5f\u53ef\u4ee5\u662f\u57fa\u4e8e\u786c\u4ef6\u8bbe\u5907\uff08\u5982\u786c\u4ef6\u5b89\u5168\u6a21\u5757 \uff08HSM\uff09\uff09\u7684\u3002\u672c\u8282\u4ecb\u7ecd\u5f53\u524d\u53ef\u7528\u7684\u63d2\u4ef6\uff0c\u5e76\u8ba8\u8bba\u6bcf\u4e2a\u63d2\u4ef6\u7684\u5b89\u5168\u72b6\u51b5\u3002\u63d2\u4ef6\u5df2\u542f\u7528\u5e76\u4f7f\u7528\u914d\u7f6e\u6587\u4ef6\u4e2d\u7684 /etc/barbican/barbican.conf \u8bbe\u7f6e\u8fdb\u884c\u914d\u7f6e\u3002 \u6709\u4e24\u79cd\u7c7b\u578b\u7684\u63d2\u4ef6\uff1a\u52a0\u5bc6\u63d2\u4ef6\u548c\u673a\u5bc6\u5b58\u50a8\u63d2\u4ef6\u3002 \u52a0\u5bc6\u63d2\u4ef6 \u00b6 \u52a0\u5bc6\u63d2\u4ef6\u5c06\u673a\u5bc6\u5b58\u50a8\u4e3a Barbican \u6570\u636e\u5e93\u4e2d\u7684\u52a0\u5bc6 blob\u3002\u8c03\u7528\u8be5\u63d2\u4ef6\u6765\u52a0\u5bc6\u5bc6\u94a5\u5b58\u50a8\u4e0a\u7684\u5bc6\u94a5\uff0c\u5e76\u5728\u5bc6\u94a5\u68c0\u7d22\u65f6\u89e3\u5bc6\u5bc6\u94a5\u3002\u76ee\u524d\u6709\u4e24\u79cd\u7c7b\u578b\u7684\u5b58\u50a8\u63d2\u4ef6\u53ef\u7528\uff1aSimple Crypto \u63d2\u4ef6\u548c PKCS#11 \u52a0\u5bc6\u63d2\u4ef6\u3002 \u7b80\u5355\u7684\u52a0\u5bc6\u63d2\u4ef6 \u00b6 \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u5728 \u4e2d barbican.conf \u914d\u7f6e\u4e86\u7b80\u5355\u7684\u52a0\u5bc6\u63d2\u4ef6\u3002\u8be5\u63d2\u4ef6\u4f7f\u7528\u5355\u4e2a\u5bf9\u79f0\u5bc6\u94a5\uff08KEK - \u6216\u201c\u5bc6\u94a5\u52a0\u5bc6\u5bc6\u94a5\u201d\uff09\uff0c\u8be5\u5bc6\u94a5\u4ee5\u7eaf\u6587\u672c\u5f62\u5f0f\u5b58\u50a8\u5728 barbican.conf \u6587\u4ef6\u4e2d\uff0c\u4ee5\u52a0\u5bc6\u548c\u89e3\u5bc6\u6240\u6709\u673a\u5bc6\u3002\u6b64\u63d2\u4ef6\u88ab\u8ba4\u4e3a\u662f\u4e0d\u592a\u5b89\u5168\u7684\u9009\u9879\uff0c\u4ec5\u9002\u7528\u4e8e\u5f00\u53d1\u548c\u6d4b\u8bd5\uff0c\u56e0\u4e3a\u4e3b\u5bc6\u94a5\u4ee5\u7eaf\u6587\u672c\u5f62\u5f0f\u5b58\u50a8\u5728\u914d\u7f6e\u6587\u4ef6\u4e2d\uff0c\u56e0\u6b64\u4e0d\u5efa\u8bae\u5728\u751f\u4ea7\u90e8\u7f72\u4e2d\u4f7f\u7528\u3002 PKCS#11 \u52a0\u5bc6\u63d2\u4ef6 \u00b6 PKCS#11 \u52a0\u5bc6\u63d2\u4ef6\u53ef\u7528\u4e8e\u4e0e\u4f7f\u7528 PKCS#11 \u534f\u8bae\u7684\u786c\u4ef6\u5b89\u5168\u6a21\u5757 \uff08HSM\uff09 \u8fde\u63a5\u3002\u673a\u5bc6\u7531\u9879\u76ee\u7279\u5b9a\u7684\u5bc6\u94a5\u52a0\u5bc6\u5bc6\u94a5 \uff08KEK\uff09 \u52a0\u5bc6 \uff08\u5e76\u5728\u68c0\u7d22\u65f6\u89e3\u5bc6\uff09 \u3002KEK \u53d7\u4e3b KEK \uff08MKEK\uff09 \u4fdd\u62a4\uff08\u52a0\u5bc6\uff09\u3002MKEK \u4e0e HMAC \u4e00\u8d77\u9a7b\u7559\u5728 HSM \u4e2d\u3002\u7531\u4e8e\u6bcf\u4e2a\u9879\u76ee\u90fd\u4f7f\u7528\u4e0d\u540c\u7684 KEK\uff0c\u5e76\u4e14\u7531\u4e8e KEK \u4ee5\u52a0\u5bc6\u5f62\u5f0f\uff08\u800c\u4e0d\u662f\u914d\u7f6e\u6587\u4ef6\u4e2d\u7684\u660e\u6587\uff09\u5b58\u50a8\u5728\u6570\u636e\u5e93\u4e2d\uff0c\u56e0\u6b64 PKCS#11 \u63d2\u4ef6\u6bd4\u7b80\u5355\u7684\u52a0\u5bc6\u63d2\u4ef6\u5b89\u5168\u5f97\u591a\u3002\u5b83\u662f Barbican \u90e8\u7f72\u4e2d\u6700\u53d7\u6b22\u8fce\u7684\u540e\u7aef\u3002 \u673a\u5bc6\u5b58\u50a8\u63d2\u4ef6 \u00b6 \u5bc6\u94a5\u5b58\u50a8\u63d2\u4ef6\u4e0e\u5b89\u5168\u5b58\u50a8\u7cfb\u7edf\u63a5\u53e3\uff0c\u4ee5\u5c06\u5bc6\u94a5\u5b58\u50a8\u5728\u8fd9\u4e9b\u7cfb\u7edf\u4e2d\u3002\u5bc6\u94a5\u5b58\u50a8\u63d2\u4ef6\u6709\u4e09\u79cd\u7c7b\u578b\uff1aKMIP \u63d2\u4ef6\u3001Dogtag \u63d2\u4ef6\u548c Vault \u63d2\u4ef6\u3002 KMIP \u63d2\u4ef6 \u00b6 \u5bc6\u94a5\u7ba1\u7406\u4e92\u64cd\u4f5c\u6027\u534f\u8bae \uff08KMIP\uff09 \u5bc6\u94a5\u5b58\u50a8\u63d2\u4ef6\u7528\u4e8e\u4e0e\u542f\u7528\u4e86 KMIP \u7684\u8bbe\u5907\uff08\u5982\u786c\u4ef6\u5b89\u5168\u6a21\u5757 \uff08HSM\uff09\uff09\u8fdb\u884c\u901a\u4fe1\u3002\u5bc6\u94a5\u76f4\u63a5\u5b89\u5168\u5730\u5b58\u50a8\u5728\u542f\u7528\u4e86 KMIP \u7684\u8bbe\u5907\u4e2d\uff0c\u800c\u4e0d\u662f\u5b58\u50a8\u5728 Barbican \u6570\u636e\u5e93\u4e2d\u3002Barbican \u6570\u636e\u5e93\u7ef4\u62a4\u5bf9\u5bc6\u94a5\u4f4d\u7f6e\u7684\u5f15\u7528\uff0c\u4ee5\u4f9b\u4ee5\u540e\u68c0\u7d22\u3002\u8be5\u63d2\u4ef6\u53ef\u4ee5\u914d\u7f6e\u4e3a\u4f7f\u7528\u7528\u6237\u540d\u548c\u5bc6\u7801\u6216\u4f7f\u7528\u5ba2\u6237\u7aef\u8bc1\u4e66\u5411\u542f\u7528\u4e86 KMIP \u7684\u8bbe\u5907\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u6b64\u4fe1\u606f\u5b58\u50a8\u5728 Barbican \u914d\u7f6e\u6587\u4ef6\u4e2d\u3002 Dogtag \u63d2\u4ef6 \u00b6 Dogtag \u79d8\u5bc6\u5b58\u50a8\u63d2\u4ef6\u7528\u4e8e\u4e0e Dogtag \u901a\u4fe1\u3002Dogtag \u662f\u5bf9\u5e94\u4e8e Red Hat \u8bc1\u4e66\u7cfb\u7edf\u7684\u4e0a\u6e38\u9879\u76ee\uff0cRed Hat Certificate System \u662f\u4e00\u4e2a\u901a\u7528\u6807\u51c6/FIPS \u8ba4\u8bc1\u7684 PKI \u89e3\u51b3\u65b9\u6848\uff0c\u5305\u542b\u8bc1\u4e66\u7ba1\u7406\u5668 \uff08CA\uff09 \u548c\u5bc6\u94a5\u6062\u590d\u673a\u6784 \uff08KRA\uff09\uff0c\u7528\u4e8e\u5b89\u5168\u5b58\u50a8\u673a\u5bc6\u3002KRA \u5c06\u673a\u5bc6\u4f5c\u4e3a\u52a0\u5bc6\u7684 blob \u5b58\u50a8\u5728\u5176\u5185\u90e8\u6570\u636e\u5e93\u4e2d\uff0c\u4e3b\u52a0\u5bc6\u5bc6\u94a5\u5b58\u50a8\u5728\u57fa\u4e8e\u8f6f\u4ef6\u7684 NSS \u5b89\u5168\u6570\u636e\u5e93\u4e2d\uff0c\u6216\u5b58\u50a8\u5728\u786c\u4ef6\u5b89\u5168\u6a21\u5757 \uff08HSM\uff09 \u4e2d\u3002\u57fa\u4e8e\u8f6f\u4ef6\u7684 NSS \u6570\u636e\u5e93\u914d\u7f6e\u4e3a\u4e0d\u5e0c\u671b\u4f7f\u7528 HSM \u7684\u90e8\u7f72\u63d0\u4f9b\u4e86\u5b89\u5168\u9009\u9879\u3002KRA \u662f FreeIPA \u7684\u4e00\u4e2a\u7ec4\u4ef6\uff0c\u56e0\u6b64\u53ef\u4ee5\u4f7f\u7528 FreeIPA \u670d\u52a1\u5668\u914d\u7f6e\u63d2\u4ef6\u3002\u4ee5\u4e0b\u535a\u5ba2\u6587\u7ae0\u4e2d\u63d0\u4f9b\u4e86\u6709\u5173\u5982\u4f55\u4f7f\u7528 FreeIPA \u8bbe\u7f6e Barbican \u7684\u66f4\u8be6\u7ec6\u8bf4\u660e\u3002 Vault \u63d2\u4ef6 \u00b6 Vault \u662f Hashicorp \u5f00\u53d1\u7684\u79d8\u5bc6\u5b58\u50a8\uff0c\u7528\u4e8e\u5b89\u5168\u8bbf\u95ee\u673a\u5bc6\u548c\u5176\u4ed6\u5bf9\u8c61\uff0c\u4f8b\u5982 API \u5bc6\u94a5\u3001\u5bc6\u7801\u6216\u8bc1\u4e66\u3002\u4fdd\u9669\u67dc\u4e3a\u4efb\u4f55\u673a\u5bc6\u63d0\u4f9b\u7edf\u4e00\u7684\u754c\u9762\uff0c\u540c\u65f6\u63d0\u4f9b\u4e25\u683c\u7684\u8bbf\u95ee\u63a7\u5236\u5e76\u8bb0\u5f55\u8be6\u7ec6\u7684\u5ba1\u6838\u65e5\u5fd7\u3002Vault \u4f01\u4e1a\u7248\u8fd8\u5141\u8bb8\u4e0e HSM \u96c6\u6210\u4ee5\u8fdb\u884c\u81ea\u52a8\u89e3\u5c01\u3001\u63d0\u4f9b FIPS \u5bc6\u94a5\u5b58\u50a8\u548c\u71b5\u589e\u5f3a\u3002\u4f46\u662f\uff0cVault \u63d2\u4ef6\u7684\u7f3a\u70b9\u662f\u5b83\u4e0d\u652f\u6301\u591a\u79df\u6237\uff0c\u56e0\u6b64\u6240\u6709\u5bc6\u94a5\u90fd\u5c06\u5b58\u50a8\u5728\u540c\u4e00\u4e2a\u952e/\u503c\u5bc6\u94a5\u5f15\u64ce\u4e0b\u3002\u6302\u8f7d\u70b9\u3002 \u5a01\u80c1\u5206\u6790 \u00b6 Barbican \u56e2\u961f\u4e0e OpenStack \u5b89\u5168\u9879\u76ee\u5408\u4f5c\uff0c\u5bf9\u6700\u4f73\u5b9e\u8df5 Barbican \u90e8\u7f72\u8fdb\u884c\u4e86\u5b89\u5168\u5ba1\u67e5\u3002\u5b89\u5168\u5ba1\u67e5\u7684\u76ee\u7684\u662f\u8bc6\u522b\u670d\u52a1\u8bbe\u8ba1\u548c\u4f53\u7cfb\u7ed3\u6784\u4e2d\u7684\u5f31\u70b9\u548c\u7f3a\u9677\uff0c\u5e76\u63d0\u51fa\u89e3\u51b3\u8fd9\u4e9b\u95ee\u9898\u7684\u63a7\u5236\u6216\u4fee\u590d\u63aa\u65bd\u3002 \u5df4\u6bd4\u80af\u5a01\u80c1\u5206\u6790\u786e\u5b9a\u4e86\u516b\u9879\u5b89\u5168\u53d1\u73b0\u548c\u4e24\u9879\u5efa\u8bae\uff0c\u4ee5\u63d0\u9ad8\u5df4\u6bd4\u80af\u90e8\u7f72\u7684\u5b89\u5168\u6027\u3002\u8fd9\u4e9b\u7ed3\u679c\u53ef\u4ee5\u5728\u5b89\u5168\u5206\u6790\u5b58\u50a8\u5e93\u4e2d\u67e5\u770b\uff0c\u4ee5\u53ca Barbican \u4f53\u7cfb\u7ed3\u6784\u56fe\u548c\u4f53\u7cfb\u7ed3\u6784\u63cf\u8ff0\u9875\u3002 Castellan \u00b6 \u6982\u8ff0 \u00b6 Castellan \u662f\u7531 Barbican \u56e2\u961f\u5f00\u53d1\u7684\u901a\u7528\u5bc6\u94a5\u7ba1\u7406\u5668\u754c\u9762\u3002\u5b83\u4f7f\u9879\u76ee\u80fd\u591f\u4f7f\u7528\u53ef\u914d\u7f6e\u7684\u5bc6\u94a5\u7ba1\u7406\u5668\uff0c\u8be5\u7ba1\u7406\u5668\u53ef\u4ee5\u7279\u5b9a\u4e8e\u90e8\u7f72\u3002 \u5e38\u89c1\u95ee\u9898\u89e3\u7b54 \u00b6 \u200b 1.\u5728 OpenStack \u4e2d\u5b89\u5168\u5b58\u50a8\u5bc6\u94a5\u7684\u63a8\u8350\u65b9\u6cd5\u662f\u4ec0\u4e48\uff1f \u5728OpenStack\u4e2d\u5b89\u5168\u5730\u5b58\u50a8\u548c\u7ba1\u7406\u5bc6\u94a5\u7684\u63a8\u8350\u65b9\u6cd5\u662f\u4f7f\u7528Barbican\u3002 \u200b 2.\u6211\u4e3a\u4ec0\u4e48\u8981\u4f7f\u7528Barbican\uff1f Barbican \u662f\u4e00\u79cd OpenStack \u670d\u52a1\uff0c\u5b83\u652f\u6301\u591a\u79df\u6237\uff0c\u5e76\u4f7f\u7528 Keystone \u4ee4\u724c\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u8fd9\u610f\u5473\u7740\u5bf9\u5bc6\u94a5\u7684\u8bbf\u95ee\u662f\u901a\u8fc7\u79df\u6237\u548c RBAC \u89d2\u8272\u7684 OpenStack \u7b56\u7565\u6765\u63a7\u5236\u7684\u3002 Barbican \u5177\u6709\u591a\u4e2a\u53ef\u63d2\u62d4\u540e\u7aef\uff0c\u53ef\u4ee5\u4f7f\u7528 PKCS#11 \u6216 KMIP \u4e0e\u57fa\u4e8e\u8f6f\u4ef6\u548c\u786c\u4ef6\u7684\u5b89\u5168\u6a21\u5757\u8fdb\u884c\u901a\u4fe1\u3002 \u200b 3.\u5982\u679c\u6211\u4e0d\u60f3\u4f7f\u7528Barbican\u600e\u4e48\u529e\uff1f \u5728 Openstack \u4e0a\u4e0b\u6587\u4e2d\uff0c\u9700\u8981\u7ba1\u7406\u4e24\u79cd\u7c7b\u578b\u7684\u5bc6\u94a5 - \u9700\u8981\u5bc6\u94a5\u5931\u771f\u4ee4\u724c\u624d\u80fd\u8bbf\u95ee\u7684\u5bc6\u94a5\uff0c\u4ee5\u53ca\u4e0d\u9700\u8981\u5bc6\u94a5\u9a8c\u8bc1\u4ee4\u724c\u7684\u5bc6\u94a5\u3002 \u9700\u8981 keystone \u8eab\u4efd\u9a8c\u8bc1\u7684\u5bc6\u94a5\u7684\u4e00\u4e2a\u793a\u4f8b\u662f\u7279\u5b9a\u9879\u76ee\u62e5\u6709\u7684\u5bc6\u7801\u548c\u5bc6\u94a5\u3002\u4f8b\u5982\uff0c\u8fd9\u4e9b\u5305\u62ec\u9879\u76ee\u52a0\u5bc6\u7164\u6e23\u5377\u7684\u52a0\u5bc6\u5bc6\u94a5\u6216\u9879\u76ee\u6982\u89c8\u56fe\u50cf\u7684\u7b7e\u540d\u5bc6\u94a5\u3002 \u4e0d\u9700\u8981 keystone \u4ee4\u724c\u5373\u53ef\u8bbf\u95ee\u7684\u5bc6\u94a5\u793a\u4f8b\u5305\u62ec\u670d\u52a1\u914d\u7f6e\u6587\u4ef6\u4e2d\u670d\u52a1\u7528\u6237\u7684\u5bc6\u7801\u6216\u4e0d\u5c5e\u4e8e\u4efb\u4f55\u7279\u5b9a\u9879\u76ee\u7684\u52a0\u5bc6\u5bc6\u94a5\u3002 \u9700\u8981 keystone \u4ee4\u724c\u7684\u673a\u5bc6\u5e94\u4f7f\u7528 Barbican \u8fdb\u884c\u5b58\u50a8\u3002 \u4e0d\u9700\u8981 keystone \u8eab\u4efd\u9a8c\u8bc1\u7684\u5bc6\u94a5\u53ef\u4ee5\u5b58\u50a8\u5728\u4efb\u4f55\u5bc6\u94a5\u5b58\u50a8\u4e2d\uff0c\u8be5\u5bc6\u94a5\u5b58\u50a8\u5b9e\u73b0\u4e86\u901a\u8fc7 Castellan \u516c\u5f00\u7684\u7b80\u5355\u5bc6\u94a5\u5b58\u50a8 API\u3002\u8fd9\u4e5f\u5305\u62ec\u5df4\u6bd4\u80af\u3002 \u200b 4.\u5982\u4f55\u4f7f\u7528 Vault\u3001Keywhiz\u3001Custodia \u7b49...\uff1f \u5982\u679c\u5df2\u4e3a\u8be5\u5bc6\u94a5\u7ba1\u7406\u5668\u7f16\u5199\u4e86 Castellan \u63d2\u4ef6\uff0c\u5219\u60a8\u9009\u62e9\u7684\u5bc6\u94a5\u7ba1\u7406\u5668\u53ef\u4ee5\u4e0e\u8be5\u5bc6\u94a5\u7ba1\u7406\u5668\u4e00\u8d77\u4f7f\u7528\u3002\u4e00\u65e6\u8be5\u63d2\u4ef6\u88ab\u7f16\u5199\u51fa\u6765\uff0c\u76f4\u63a5\u4f7f\u7528\u8be5\u63d2\u4ef6\u6216\u5728 Barbican \u540e\u9762\u4f7f\u7528\u8be5\u63d2\u4ef6\u662f\u76f8\u5bf9\u5fae\u4e0d\u8db3\u9053\u7684\u3002 \u76ee\u524d\uff0cVault \u548c Custodia \u63d2\u4ef6\u6b63\u5728\u4e3a Queens \u5468\u671f\u5f00\u53d1\u3002 \u68c0\u67e5\u8868 \u00b6 Check-Key-Manager-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/barbican\uff1f \u00b6 \u914d\u7f6e\u6587\u4ef6\u5305\u542b\u7ec4\u4ef6\u5e73\u7a33\u8fd0\u884c\u6240\u9700\u7684\u5173\u952e\u53c2\u6570\u548c\u4fe1\u606f\u3002\u5982\u679c\u975e\u7279\u6743\u7528\u6237\u6709\u610f\u6216\u65e0\u610f\u5730\u4fee\u6539\u6216\u5220\u9664\u4efb\u4f55\u53c2\u6570\u6216\u6587\u4ef6\u672c\u8eab\uff0c\u5219\u4f1a\u5bfc\u81f4\u4e25\u91cd\u7684\u53ef\u7528\u6027\u95ee\u9898\uff0c\u4ece\u800c\u5bfc\u81f4\u62d2\u7edd\u5411\u5176\u4ed6\u6700\u7ec8\u7528\u6237\u63d0\u4f9b\u670d\u52a1\u3002\u6b64\u7c7b\u5173\u952e\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a root\uff0c\u7ec4\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a barbican\u3002\u6b64\u5916\uff0c\u5305\u542b\u76ee\u5f55\u5e94\u5177\u6709\u76f8\u540c\u7684\u6240\u6709\u6743\uff0c\u4ee5\u786e\u4fdd\u6b63\u786e\u62e5\u6709\u65b0\u6587\u4ef6\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%U %G\" /etc/barbican/barbican.conf | egrep \"root barbican\" $ stat -L -c \"%U %G\" /etc/barbican/barbican-api-paste.ini | egrep \"root barbican\" $ stat -L -c \"%U %G\" /etc/barbican/policy.json | egrep \"root barbican\" $ stat -L -c \"%U %G\" /etc/barbican | egrep \"root barbican\" \u901a\u8fc7\uff1a\u5982\u679c\u6240\u6709\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u5206\u522b\u8bbe\u7f6e\u4e3a root \u548c barbican\u3002\u4e0a\u9762\u7684\u547d\u4ee4\u663e\u793a\u4e86 root / barbican \u7684\u8f93\u51fa\u3002 \u5931\u8d25\uff1a\u5982\u679c\u4e0a\u8ff0\u547d\u4ee4\u672a\u8fd4\u56de\u4efb\u4f55\u8f93\u51fa\uff0c\u5219\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u53ef\u80fd\u5df2\u8bbe\u7f6e\u4e3a\u9664 root \u4ee5\u5916\u7684\u4efb\u4f55\u7528\u6237\u6216\u9664 barbican \u4ee5\u5916\u7684\u4efb\u4f55\u7ec4\u3002 Check-Key-Manager-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f \u00b6 \u4e0e\u524d\u9762\u7684\u68c0\u67e5\u7c7b\u4f3c\uff0c\u6211\u4eec\u5efa\u8bae\u4e3a\u6b64\u7c7b\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e25\u683c\u7684\u8bbf\u95ee\u6743\u9650\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%a\" /etc/barbican/barbican.conf $ stat -L -c \"%a\" /etc/barbican/barbican-api-paste.ini $ stat -L -c \"%a\" /etc/barbican/policy.json $ stat -L -c \"%a\" /etc/barbican \u8fd8\u53ef\u4ee5\u8fdb\u884c\u66f4\u5e7f\u6cdb\u7684\u9650\u5236\uff1a\u5982\u679c\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\uff0c\u5219\u4fdd\u8bc1\u6b64\u76ee\u5f55\u4e2d\u65b0\u521b\u5efa\u7684\u6587\u4ef6\u5177\u6709\u6240\u9700\u7684\u6743\u9650\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u6743\u9650\u8bbe\u7f6e\u4e3a 640 \u6216\u66f4\u4e25\u683c\uff0c\u6216\u8005\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\u3002640 \u7684\u6743\u9650\u8f6c\u6362\u4e3a\u6240\u6709\u8005 r/w\u3001\u7ec4 r\uff0c\u800c\u5bf9\u5176\u4ed6\u4eba\u6ca1\u6709\u6743\u9650\uff0c\u4f8b\u5982\u201cu=rw\uff0cg=r\uff0co=\u201d\u3002 \u6ce8\u610f \u4f7f\u7528 Check-Key-Manager-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/barbican\uff1f\u6743\u9650\u8bbe\u7f6e\u4e3a 640\uff0croot \u5177\u6709\u8bfb/\u5199\u8bbf\u95ee\u6743\u9650\uff0cBarbican \u5177\u6709\u5bf9\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u8bfb\u53d6\u8bbf\u95ee\u6743\u9650\u3002\u4e5f\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u9a8c\u8bc1\u8bbf\u95ee\u6743\u9650\u3002\u4ec5\u5f53\u6b64\u547d\u4ee4\u652f\u6301 ACL \u65f6\uff0c\u5b83\u624d\u5728\u60a8\u7684\u7cfb\u7edf\u4e0a\u53ef\u7528\u3002 $ getfacl --tabular -a /etc/barbican/barbican.conf getfacl: Removing leading '/' from absolute path names # file: etc/barbican/barbican.conf USER root rw- GROUP barbican r-- mask r-- other --- \u5931\u8d25\uff1a\u5982\u679c\u6743\u9650\u8bbe\u7f6e\u5927\u4e8e 640\u3002 Check-Key-Manager-03\uff1aOpenStack Identity \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f \u00b6 OpenStack \u652f\u6301\u5404\u79cd\u8eab\u4efd\u9a8c\u8bc1\u7b56\u7565\uff0c\u5982 noauth \u548c keystone \u3002\u5982\u679c\u4f7f\u7528\u8be5 noauth \u7b56\u7565\uff0c\u5219\u7528\u6237\u65e0\u9700\u4efb\u4f55\u8eab\u4efd\u9a8c\u8bc1\u5373\u53ef\u4e0e OpenStack \u670d\u52a1\u8fdb\u884c\u4ea4\u4e92\u3002\u8fd9\u53ef\u80fd\u662f\u4e00\u4e2a\u6f5c\u5728\u7684\u98ce\u9669\uff0c\u56e0\u4e3a\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u83b7\u5f97\u5bf9 OpenStack \u7ec4\u4ef6\u7684\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002\u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\u6240\u6709\u670d\u52a1\u90fd\u5fc5\u987b\u4f7f\u7528\u5176\u670d\u52a1\u5e10\u6237\u901a\u8fc7 keystone \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 authtoken \u5217\u5728 \u4e2d\u7684 pipeline:barbican-api-keystone barbican-api-paste.ini \u90e8\u5206\u4e0b\u3002 \u5931\u8d25\uff1a\u5982\u679c \u4e2d\u7684 pipeline:barbican-api-keystone barbican-api-paste.ini \u90e8\u5206\u4e0b\u7f3a\u5c11\u8be5\u53c2\u6570 authtoken \u3002 Check-Key-Manager-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f \u00b6 OpenStack \u7ec4\u4ef6\u4f7f\u7528\u5404\u79cd\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\uff0c\u901a\u4fe1\u53ef\u80fd\u6d89\u53ca\u654f\u611f\u6216\u673a\u5bc6\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5c1d\u8bd5\u7a83\u542c\u9891\u9053\u4ee5\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u6240\u6709\u7ec4\u4ef6\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in /etc/barbican/barbican.conf \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a Identity API \u7aef\u70b9\u5f00\u5934\uff0c https:// \u5e76\u4e14 same /etc/barbican/barbican.conf \u4e2d\u540c\u4e00 [keystone_authtoken] \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri insecure \u503c\u8bbe\u7f6e\u4e3a False \u3002 \u5931\u8d25\uff1a\u5982\u679c in /etc/barbican/barbican.conf \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri \u503c\u672a\u8bbe\u7f6e\u4e3a\u4ee5 \u5f00\u5934\u7684\u8eab\u4efd API \u7aef\u70b9\uff0c https:// \u6216\u8005\u540c\u4e00 /etc/barbican/barbican.conf \u90e8\u5206\u4e2d\u7684\u53c2\u6570 insecure [keystone_authtoken] \u503c\u8bbe\u7f6e\u4e3a True \u3002 \u6d88\u606f\u961f\u5217 \u00b6 \u6d88\u606f\u961f\u5217\u670d\u52a1\u4fc3\u8fdb\u4e86 OpenStack \u4e2d\u7684\u8fdb\u7a0b\u95f4\u901a\u4fe1\u3002OpenStack \u652f\u6301\u4ee5\u4e0b\u6d88\u606f\u961f\u5217\u670d\u52a1\u540e\u7aef\uff1a RabbitMQ Qpid ZeroMQ \u6216 0MQ RabbitMQ \u548c Qpid \u90fd\u662f\u9ad8\u7ea7\u6d88\u606f\u961f\u5217\u534f\u8bae \uff08AMQP\uff09 \u6846\u67b6\uff0c\u5b83\u4eec\u4e3a\u70b9\u5bf9\u70b9\u901a\u4fe1\u63d0\u4f9b\u6d88\u606f\u961f\u5217\u3002\u961f\u5217\u5b9e\u73b0\u901a\u5e38\u90e8\u7f72\u4e3a\u96c6\u4e2d\u5f0f\u6216\u5206\u6563\u5f0f\u961f\u5217\u670d\u52a1\u5668\u6c60\u3002ZeroMQ \u901a\u8fc7 TCP \u5957\u63a5\u5b57\u63d0\u4f9b\u76f4\u63a5\u7684\u70b9\u5bf9\u70b9\u901a\u4fe1\u3002 \u6d88\u606f\u961f\u5217\u6709\u6548\u5730\u4fc3\u8fdb\u4e86\u8de8 OpenStack \u90e8\u7f72\u7684\u547d\u4ee4\u548c\u63a7\u5236\u529f\u80fd\u3002\u4e00\u65e6\u5141\u8bb8\u8bbf\u95ee\u961f\u5217\uff0c\u5c31\u4e0d\u4f1a\u6267\u884c\u8fdb\u4e00\u6b65\u7684\u6388\u6743\u68c0\u67e5\u3002\u53ef\u901a\u8fc7\u961f\u5217\u8bbf\u95ee\u7684\u670d\u52a1\u4f1a\u9a8c\u8bc1\u5b9e\u9645\u6d88\u606f\u8d1f\u8f7d\u4e2d\u7684\u4e0a\u4e0b\u6587\u548c\u4ee4\u724c\u3002\u4f46\u662f\uff0c\u60a8\u5fc5\u987b\u6ce8\u610f\u4ee4\u724c\u7684\u5230\u671f\u65e5\u671f\uff0c\u56e0\u4e3a\u4ee4\u724c\u53ef\u80fd\u53ef\u91cd\u64ad\uff0c\u5e76\u4e14\u53ef\u4ee5\u6388\u6743\u57fa\u7840\u7ed3\u6784\u4e2d\u7684\u5176\u4ed6\u670d\u52a1\u3002 OpenStack \u4e0d\u652f\u6301\u6d88\u606f\u7ea7\u522b\u7684\u5b89\u5168\u6027\uff0c\u4f8b\u5982\u6d88\u606f\u7b7e\u540d\u3002\u56e0\u6b64\uff0c\u60a8\u5fc5\u987b\u5bf9\u6d88\u606f\u4f20\u8f93\u672c\u8eab\u8fdb\u884c\u5b89\u5168\u548c\u8eab\u4efd\u9a8c\u8bc1\u3002\u5bf9\u4e8e\u9ad8\u53ef\u7528\u6027 \uff08HA\uff09 \u914d\u7f6e\uff0c\u60a8\u5fc5\u987b\u6267\u884c\u961f\u5217\u5bf9\u961f\u5217\u7684\u8eab\u4efd\u9a8c\u8bc1\u548c\u52a0\u5bc6\u3002 \u901a\u8fc7 ZeroMQ \u6d88\u606f\u4f20\u9012\uff0cIPC \u5957\u63a5\u5b57\u5728\u5355\u4e2a\u673a\u5668\u4e0a\u4f7f\u7528\u3002\u7531\u4e8e\u8fd9\u4e9b\u5957\u63a5\u5b57\u5bb9\u6613\u53d7\u5230\u653b\u51fb\uff0c\u56e0\u6b64\u8bf7\u786e\u4fdd\u4e91\u8fd0\u8425\u5546\u5df2\u4fdd\u62a4\u5b83\u4eec\u3002 \u6d88\u606f\u5b89\u5168 \u6d88\u606f\u4f20\u8f93\u5b89\u5168 \u961f\u5217\u8eab\u4efd\u9a8c\u8bc1\u548c\u8bbf\u95ee\u63a7\u5236 \u6d88\u606f\u961f\u5217\u8fdb\u7a0b\u9694\u79bb\u548c\u7b56\u7565 \u6d88\u606f\u5b89\u5168 \u00b6 \u672c\u8282\u8ba8\u8bba OpenStack \u4e2d\u4f7f\u7528\u7684\u4e09\u79cd\u6700\u5e38\u89c1\u7684\u6d88\u606f\u961f\u5217\u89e3\u51b3\u65b9\u6848\u7684\u5b89\u5168\u5f3a\u5316\u65b9\u6cd5\uff1aRabbitMQ\u3001Qpid \u548c ZeroMQ\u3002 \u6d88\u606f\u4f20\u8f93\u5b89\u5168 \u00b6 \u57fa\u4e8e AMQP \u7684\u89e3\u51b3\u65b9\u6848\uff08Qpid \u548c RabbitMQ\uff09\u652f\u6301\u4f7f\u7528 TLS \u7684\u4f20\u8f93\u7ea7\u5b89\u5168\u6027\u3002ZeroMQ \u6d88\u606f\u4f20\u9012\u672c\u8eab\u4e0d\u652f\u6301 TLS\uff0c\u4f46\u4f7f\u7528\u6807\u8bb0\u7684 IPsec \u6216 CIPSO \u7f51\u7edc\u6807\u7b7e\u53ef\u4ee5\u5b9e\u73b0\u4f20\u8f93\u7ea7\u5b89\u5168\u6027\u3002 \u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\u4e3a\u60a8\u7684\u6d88\u606f\u961f\u5217\u542f\u7528\u4f20\u8f93\u7ea7\u52a0\u5bc6\u3002\u5c06 TLS \u7528\u4e8e\u6d88\u606f\u4f20\u9012\u5ba2\u6237\u7aef\u8fde\u63a5\u53ef\u4ee5\u4fdd\u62a4\u901a\u4fe1\u5728\u4f20\u8f93\u5230\u6d88\u606f\u4f20\u9012\u670d\u52a1\u5668\u7684\u8fc7\u7a0b\u4e2d\u4e0d\u88ab\u7be1\u6539\u548c\u7a83\u542c\u3002\u4ee5\u4e0b\u662f\u6709\u5173\u5982\u4f55\u4e3a\u4e24\u4e2a\u5e38\u7528\u6d88\u606f\u4f20\u9012\u670d\u52a1\u5668 Qpid \u548c RabbitMQ \u914d\u7f6e TLS \u7684\u6307\u5357\u3002\u5728\u914d\u7f6e\u6d88\u606f\u4f20\u9012\u670d\u52a1\u5668\u7528\u4e8e\u9a8c\u8bc1\u5ba2\u6237\u673a\u8fde\u63a5\u7684\u53ef\u4fe1\u8bc1\u4e66\u9881\u53d1\u673a\u6784 \uff08CA\uff09 \u6346\u7ed1\u8f6f\u4ef6\u65f6\uff0c\u5efa\u8bae\u4ec5\u5c06\u5176\u9650\u5236\u4e3a\u7528\u4e8e\u8282\u70b9\u7684 CA\uff0c\u6700\u597d\u662f\u5185\u90e8\u7ba1\u7406\u7684 CA\u3002\u53d7\u4fe1\u4efb\u7684 CA \u6346\u7ed1\u5305\u5c06\u786e\u5b9a\u54ea\u4e9b\u5ba2\u6237\u7aef\u8bc1\u4e66\u5c06\u83b7\u5f97\u6388\u6743\uff0c\u5e76\u901a\u8fc7\u8bbe\u7f6e TLS \u8fde\u63a5\u7684\u5ba2\u6237\u7aef-\u670d\u52a1\u5668\u9a8c\u8bc1\u6b65\u9aa4\u3002\u8bf7\u6ce8\u610f\uff0c\u5728\u5b89\u88c5\u8bc1\u4e66\u548c\u5bc6\u94a5\u6587\u4ef6\u65f6\uff0c\u8bf7\u786e\u4fdd\u6587\u4ef6\u6743\u9650\u53d7\u5230\u9650\u5236\uff0c\u4f8b\u5982\u4f7f\u7528 chmod 0600 \uff0c\u5e76\u4e14\u6240\u6709\u6743\u9650\u5236\u4e3a\u6d88\u606f\u4f20\u9012\u670d\u52a1\u5668\u5b88\u62a4\u7a0b\u5e8f\u7528\u6237\uff0c\u4ee5\u9632\u6b62\u6d88\u606f\u4f20\u9012\u670d\u52a1\u5668\u4e0a\u7684\u5176\u4ed6\u8fdb\u7a0b\u548c\u7528\u6237\u8fdb\u884c\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002 RabbitMQ \u670d\u52a1\u5668 SSL \u914d\u7f6e \u00b6 \u5e94\u5c06\u4ee5\u4e0b\u884c\u6dfb\u52a0\u5230\u7cfb\u7edf\u8303\u56f4\u7684 RabbitMQ \u914d\u7f6e\u6587\u4ef6\u4e2d\uff0c\u901a\u5e38 /etc/rabbitmq/rabbitmq.config \uff1a [ {rabbit, [ {tcp_listeners, [] }, {ssl_listeners, [{\"<IP address or hostname of management network interface>\", 5671}] }, {ssl_options, [{cacertfile,\"/etc/ssl/cacert.pem\"}, {certfile,\"/etc/ssl/rabbit-server-cert.pem\"}, {keyfile,\"/etc/ssl/rabbit-server-key.pem\"}, {verify,verify_peer}, {fail_if_no_peer_cert,true}]} ]} ]. \u8bf7\u6ce8\u610f\uff0c\u8be5 tcp_listeners \u9009\u9879\u8bbe\u7f6e\u4e3a [] \u963b\u6b62\u5b83\u4fa6\u542c\u975e SSL \u7aef\u53e3\u3002\u5e94\u5c06\u8be5 ssl_listeners \u9009\u9879\u9650\u5236\u4e3a\u4ec5\u5728\u7ba1\u7406\u7f51\u7edc\u4e0a\u4fa6\u542c\u670d\u52a1\u3002 \u6709\u5173 RabbitMQ SSL \u914d\u7f6e\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\uff1a RabbitMQ \u914d\u7f6e RabbitMQ SSL\u534f\u8bae Qpid \u670d\u52a1\u5668 SSL \u914d\u7f6e \u00b6 Apache \u57fa\u91d1\u4f1a\u4e3a Qpid \u63d0\u4f9b\u4e86\u6d88\u606f\u4f20\u9012\u5b89\u5168\u6307\u5357\u3002\u8bf7\u53c2\u9605\uff1a Apache Qpid SSL \u961f\u5217\u8ba4\u8bc1\u548c\u8bbf\u95ee\u63a7\u5236 \u00b6 RabbitMQ \u548c Qpid \u63d0\u4f9b\u8eab\u4efd\u9a8c\u8bc1\u548c\u8bbf\u95ee\u63a7\u5236\u673a\u5236\uff0c\u7528\u4e8e\u63a7\u5236\u5bf9\u961f\u5217\u7684\u8bbf\u95ee\u3002ZeroMQ \u4e0d\u63d0\u4f9b\u6b64\u7c7b\u673a\u5236\u3002 \u7b80\u5355\u8eab\u4efd\u9a8c\u8bc1\u548c\u5b89\u5168\u5c42 \uff08SASL\uff09 \u662f Internet \u534f\u8bae\u4e2d\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\u548c\u6570\u636e\u5b89\u5168\u7684\u6846\u67b6\u3002RabbitMQ \u548c Qpid \u90fd\u63d0\u4f9b SASL \u548c\u5176\u4ed6\u53ef\u63d2\u5165\u7684\u8eab\u4efd\u9a8c\u8bc1\u673a\u5236\uff0c\u800c\u4e0d\u4ec5\u4ec5\u662f\u7b80\u5355\u7684\u7528\u6237\u540d\u548c\u5bc6\u7801\uff0c\u4ece\u800c\u53ef\u4ee5\u63d0\u9ad8\u8eab\u4efd\u9a8c\u8bc1\u5b89\u5168\u6027\u3002\u867d\u7136 RabbitMQ \u652f\u6301 SASL\uff0c\u4f46 OpenStack \u4e2d\u7684\u652f\u6301\u76ee\u524d\u4e0d\u5141\u8bb8\u8bf7\u6c42\u7279\u5b9a\u7684 SASL \u8eab\u4efd\u9a8c\u8bc1\u673a\u5236\u3002OpenStack \u4e2d\u7684 RabbitMQ \u652f\u6301\u5141\u8bb8\u901a\u8fc7\u672a\u52a0\u5bc6\u7684\u8fde\u63a5\u8fdb\u884c\u7528\u6237\u540d\u548c\u5bc6\u7801\u8eab\u4efd\u9a8c\u8bc1\uff0c\u6216\u8005\u5c06\u7528\u6237\u540d\u548c\u5bc6\u7801\u4e0e X.509 \u5ba2\u6237\u7aef\u8bc1\u4e66\u7ed3\u5408\u4f7f\u7528\uff0c\u4ee5\u5efa\u7acb\u5b89\u5168\u7684 TLS \u8fde\u63a5\u3002 \u6211\u4eec\u5efa\u8bae\u5728\u6240\u6709 OpenStack \u670d\u52a1\u8282\u70b9\u4e0a\u914d\u7f6e X.509 \u5ba2\u6237\u7aef\u8bc1\u4e66\uff0c\u4ee5\u4fbf\u5ba2\u6237\u7aef\u8fde\u63a5\u5230\u6d88\u606f\u4f20\u9012\u961f\u5217\uff0c\u5e76\u5728\u53ef\u80fd\u7684\u60c5\u51b5\u4e0b\uff08\u76ee\u524d\u4ec5 Qpid\uff09\u4f7f\u7528 X.509 \u5ba2\u6237\u7aef\u8bc1\u4e66\u6267\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u4f7f\u7528\u7528\u6237\u540d\u548c\u5bc6\u7801\u65f6\uff0c\u5e94\u6309\u670d\u52a1\u548c\u8282\u70b9\u521b\u5efa\u5e10\u6237\uff0c\u4ee5\u4fbf\u5bf9\u961f\u5217\u7684\u8bbf\u95ee\u8fdb\u884c\u66f4\u7cbe\u7ec6\u7684\u53ef\u5ba1\u6838\u6027\u3002 \u5728\u90e8\u7f72\u4e4b\u524d\uff0c\u8bf7\u8003\u8651\u6392\u961f\u670d\u52a1\u5668\u4f7f\u7528\u7684 TLS \u5e93\u3002Qpid \u4f7f\u7528 Mozilla \u7684 NSS \u5e93\uff0c\u800c RabbitMQ \u4f7f\u7528 Erlang \u7684 TLS \u6a21\u5757\uff0c\u8be5\u6a21\u5757\u4f7f\u7528 OpenSSL\u3002 \u8eab\u4efd\u9a8c\u8bc1\u914d\u7f6e\u793a\u4f8b\uff1aRabbitMQ \u00b6 \u5728 RabbitMQ \u670d\u52a1\u5668\u4e0a\uff0c\u5220\u9664\u9ed8\u8ba4 guest \u7528\u6237\uff1a # rabbitmqctl delete_user guest \u5728 RabbitMQ \u670d\u52a1\u5668\u4e0a\uff0c\u5bf9\u4e8e\u4e0e\u6d88\u606f\u961f\u5217\u901a\u4fe1\u7684\u6bcf\u4e2a OpenStack \u670d\u52a1\u6216\u8282\u70b9\uff0c\u8bf7\u8bbe\u7f6e\u7528\u6237\u5e10\u6237\u548c\u6743\u9650\uff1a # rabbitmqctl add_user compute01 RABBIT_PASS # rabbitmqctl set_permissions compute01 \".*\" \".*\" \".*\" \u5c06RABBIT_PASS\u66ff\u6362\u4e3a\u5408\u9002\u7684\u5bc6\u7801\u3002 \u6709\u5173\u5176\u4ed6\u914d\u7f6e\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\uff1a RabbitMQ \u8bbf\u95ee\u63a7\u5236 RabbitMQ \u8eab\u4efd\u9a8c\u8bc1 RabbitMQ \u63d2\u4ef6 RabbitMQ SASL \u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1 OpenStack \u670d\u52a1\u914d\u7f6e\uff1aRabbitMQ \u00b6 [DEFAULT] rpc_backend = nova.openstack.common.rpc.impl_kombu rabbit_use_ssl = True rabbit_host = RABBIT_HOST rabbit_port = 5671 rabbit_user = compute01 rabbit_password = RABBIT_PASS kombu_ssl_keyfile = /etc/ssl/node-key.pem kombu_ssl_certfile = /etc/ssl/node-cert.pem kombu_ssl_ca_certs = /etc/ssl/cacert.pem \u8eab\u4efd\u9a8c\u8bc1\u914d\u7f6e\u793a\u4f8b\uff1aQpid \u00b6 \u6709\u5173\u914d\u7f6e\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\uff1a Apache Qpid \u8eab\u4efd\u9a8c\u8bc1 Apache Qpid \u6388\u6743 OpenStack \u670d\u52a1\u914d\u7f6e\uff1aQpid \u00b6 [DEFAULT] rpc_backend = nova.openstack.common.rpc.impl_qpid qpid_protocol = ssl qpid_hostname = <IP or hostname of management network interface of messaging server> qpid_port = 5671 qpid_username = compute01 qpid_password = QPID_PASS \uff08\u53ef\u9009\uff09\u5982\u679c\u5c06 SASL \u4e0e Qpid \u4e00\u8d77\u4f7f\u7528\uff0c\u8bf7\u901a\u8fc7\u6dfb\u52a0\u4ee5\u4e0b\u5185\u5bb9\u6765\u6307\u5b9a\u6b63\u5728\u4f7f\u7528\u7684 SASL \u673a\u5236\uff1a qpid_sasl_mechanisms = <space separated list of SASL mechanisms to use for auth> \u6d88\u606f\u961f\u5217\u8fdb\u7a0b\u9694\u79bb\u548c\u7b56\u7565 \u00b6 \u6bcf\u4e2a\u9879\u76ee\u90fd\u63d0\u4f9b\u4e86\u8bb8\u591a\u53d1\u9001\u548c\u4f7f\u7528\u6d88\u606f\u7684\u670d\u52a1\u3002\u6bcf\u4e2a\u53d1\u9001\u6d88\u606f\u7684\u4e8c\u8fdb\u5236\u6587\u4ef6\u90fd\u5e94\u8be5\u4f7f\u7528\u961f\u5217\u4e2d\u7684\u6d88\u606f\uff0c\u5982\u679c\u53ea\u662f\u56de\u590d\u7684\u8bdd\u3002 \u6d88\u606f\u961f\u5217\u670d\u52a1\u8fdb\u7a0b\u5e94\u5f7c\u6b64\u9694\u79bb\uff0c\u5e76\u5e94\u4e0e\u8ba1\u7b97\u673a\u4e0a\u7684\u5176\u4ed6\u8fdb\u7a0b\u9694\u79bb\u3002 \u547d\u540d\u7a7a\u95f4 \u00b6 \u5f3a\u70c8\u5efa\u8bae\u5728 OpenStack Compute Hypervisor \u4e0a\u8fd0\u884c\u7684\u6240\u6709\u670d\u52a1\u4f7f\u7528\u7f51\u7edc\u547d\u540d\u7a7a\u95f4\u3002\u8fd9\u5c06\u6709\u52a9\u4e8e\u9632\u6b62 VM \u6765\u5bbe\u548c\u7ba1\u7406\u7f51\u7edc\u4e4b\u95f4\u7684\u7f51\u7edc\u6d41\u91cf\u6865\u63a5\u3002 \u4f7f\u7528 ZeroMQ \u6d88\u606f\u4f20\u9012\u65f6\uff0c\u6bcf\u4e2a\u4e3b\u673a\u5fc5\u987b\u81f3\u5c11\u8fd0\u884c\u4e00\u4e2a ZeroMQ \u6d88\u606f\u63a5\u6536\u5668\uff0c\u4ee5\u63a5\u6536\u6765\u81ea\u7f51\u7edc\u7684\u6d88\u606f\u5e76\u901a\u8fc7 IPC \u5c06\u6d88\u606f\u8f6c\u53d1\u5230\u672c\u5730\u8fdb\u7a0b\u3002\u5728 IPC \u547d\u540d\u7a7a\u95f4\u4e2d\u4e3a\u6bcf\u4e2a\u9879\u76ee\u8fd0\u884c\u4e00\u4e2a\u72ec\u7acb\u7684\u6d88\u606f\u63a5\u6536\u5668\u662f\u53ef\u80fd\u7684\uff0c\u4e5f\u662f\u53ef\u53d6\u7684\uff0c\u4ee5\u53ca\u540c\u4e00\u9879\u76ee\u4e2d\u7684\u5176\u4ed6\u670d\u52a1\u3002 \u7f51\u7edc\u7b56\u7565 \u00b6 \u961f\u5217\u670d\u52a1\u5668\u5e94\u4ec5\u63a5\u53d7\u6765\u81ea\u7ba1\u7406\u7f51\u7edc\u7684\u8fde\u63a5\u3002\u8fd9\u9002\u7528\u4e8e\u6240\u6709\u5b9e\u73b0\u3002\u8fd9\u5e94\u901a\u8fc7\u670d\u52a1\u914d\u7f6e\u6765\u5b9e\u73b0\uff0c\u5e76\u53ef\u9009\u62e9\u901a\u8fc7\u5168\u5c40\u7f51\u7edc\u7b56\u7565\u5f3a\u5236\u5b9e\u65bd\u3002 \u4f7f\u7528 ZeroMQ \u6d88\u606f\u4f20\u9012\u65f6\uff0c\u6bcf\u4e2a\u9879\u76ee\u90fd\u5e94\u5728\u4e13\u7528\u4e8e\u5c5e\u4e8e\u8be5\u9879\u76ee\u7684\u670d\u52a1\u7684\u7aef\u53e3\u4e0a\u8fd0\u884c\u5355\u72ec\u7684 ZeroMQ \u63a5\u6536\u65b9\u8fdb\u7a0b\u3002\u8fd9\u76f8\u5f53\u4e8e AMQP \u7684\u63a7\u5236\u4ea4\u6362\u6982\u5ff5\u3002 \u5f3a\u5236\u8bbf\u95ee\u63a7\u5236 \u00b6 \u4f7f\u7528\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236 \uff08MAC\uff09 \u548c\u81ea\u7531\u8bbf\u95ee\u63a7\u5236 \uff08DAC\uff09 \u5c06\u8fdb\u7a0b\u7684\u914d\u7f6e\u9650\u5236\u4e3a\u4ec5\u8fd9\u4e9b\u8fdb\u7a0b\u3002\u6b64\u9650\u5236\u53ef\u9632\u6b62\u8fd9\u4e9b\u8fdb\u7a0b\u4e0e\u5728\u540c\u4e00\u53f0\u8ba1\u7b97\u673a\u4e0a\u8fd0\u884c\u7684\u5176\u4ed6\u8fdb\u7a0b\u9694\u79bb\u3002 \u6570\u636e\u5904\u7406 \u00b6 \u6570\u636e\u5904\u7406\u670d\u52a1\uff08sahara\uff09\u63d0\u4f9b\u4e86\u4e00\u4e2a\u5e73\u53f0\uff0c\u7528\u4e8e\u4f7f\u7528Hadoop\u548cSpark\u7b49\u5904\u7406\u6846\u67b6\u6765\u914d\u7f6e\u548c\u7ba1\u7406\u5b9e\u4f8b\u96c6\u7fa4\u3002\u901a\u8fc7 OpenStack Dashboard \u6216 REST API\uff0c\u7528\u6237\u80fd\u591f\u4e0a\u4f20\u548c\u6267\u884c\u6846\u67b6\u5e94\u7528\u7a0b\u5e8f\uff0c\u8fd9\u4e9b\u5e94\u7528\u7a0b\u5e8f\u53ef\u4ee5\u8bbf\u95ee\u5bf9\u8c61\u5b58\u50a8\u6216\u5916\u90e8\u63d0\u4f9b\u7a0b\u5e8f\u4e2d\u7684\u6570\u636e\u3002\u6570\u636e\u5904\u7406\u63a7\u5236\u5668\u4f7f\u7528\u7f16\u6392\u670d\u52a1 \uff08heat\uff09 \u521b\u5efa\u5b9e\u4f8b\u96c6\u7fa4\uff0c\u8fd9\u4e9b\u96c6\u7fa4\u53ef\u4ee5\u4f5c\u4e3a\u957f\u671f\u8fd0\u884c\u7684\u7ec4\u5b58\u5728\uff0c\u8fd9\u4e9b\u7ec4\u53ef\u4ee5\u6839\u636e\u8bf7\u6c42\u8fdb\u884c\u6269\u5c55\u548c\u6536\u7f29\uff0c\u4e5f\u53ef\u4ee5\u4f5c\u4e3a\u4e3a\u5355\u4e2a\u5de5\u4f5c\u8d1f\u8f7d\u521b\u5efa\u7684\u77ac\u6001\u7ec4\u5b58\u5728\u3002 \u6570\u636e\u5904\u7406\u7b80\u4ecb \u67b6\u6784 \u6d89\u53ca\u7684\u6280\u672f \u7528\u6237\u5bf9\u8d44\u6e90\u7684\u8bbf\u95ee\u6743\u9650 \u90e8\u7f72 \u63a7\u5236\u5668\u5bf9\u96c6\u7fa4\u7684\u7f51\u7edc\u8bbf\u95ee \u914d\u7f6e\u548c\u5f3a\u5316 TLS \u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236\u7b56\u7565 \u5b89\u5168\u7ec4 \u4ee3\u7406\u57df \u81ea\u5b9a\u4e49\u7f51\u7edc\u62d3\u6251 \u95f4\u63a5\u8bbf\u95ee \u6839\u5305\u88c5 \u65e5\u5fd7\u8bb0\u5f55 \u53c2\u8003\u4e66\u76ee \u6570\u636e\u5904\u7406\u7b80\u4ecb \u00b6 \u6570\u636e\u5904\u7406\u670d\u52a1\u63a7\u5236\u5668\u5c06\u8d1f\u8d23\u521b\u5efa\u3001\u7ef4\u62a4\u548c\u9500\u6bc1\u4e3a\u5176\u96c6\u7fa4\u521b\u5efa\u7684\u4efb\u4f55\u5b9e\u4f8b\u3002\u63a7\u5236\u5668\u5c06\u4f7f\u7528\u7f51\u7edc\u670d\u52a1\u5728\u81ea\u8eab\u548c\u96c6\u7fa4\u5b9e\u4f8b\u4e4b\u95f4\u5efa\u7acb\u7f51\u7edc\u8def\u5f84\u3002\u5b83\u8fd8\u5c06\u7ba1\u7406\u8981\u5728\u96c6\u7fa4\u4e0a\u8fd0\u884c\u7684\u7528\u6237\u5e94\u7528\u7a0b\u5e8f\u7684\u90e8\u7f72\u548c\u751f\u547d\u5468\u671f\u3002\u96c6\u7fa4\u4e2d\u7684\u5b9e\u4f8b\u5305\u542b\u6846\u67b6\u5904\u7406\u5f15\u64ce\u7684\u6838\u5fc3\uff0c\u6570\u636e\u5904\u7406\u670d\u52a1\u63d0\u4f9b\u4e86\u591a\u4e2a\u9009\u9879\u6765\u521b\u5efa\u548c\u7ba1\u7406\u4e0e\u8fd9\u4e9b\u5b9e\u4f8b\u7684\u8fde\u63a5\u3002 \u6570\u636e\u5904\u7406\u8d44\u6e90\uff08\u7fa4\u96c6\u3001\u4f5c\u4e1a\u548c\u6570\u636e\u6e90\uff09\u6309\u8eab\u4efd\u670d\u52a1\u4e2d\u5b9a\u4e49\u7684\u9879\u76ee\u8fdb\u884c\u5206\u9694\u3002\u8fd9\u4e9b\u8d44\u6e90\u5728\u9879\u76ee\u4e2d\u5171\u4eab\uff0c\u4e86\u89e3\u4f7f\u7528\u8be5\u670d\u52a1\u7684\u4eba\u5458\u7684\u8bbf\u95ee\u9700\u6c42\u975e\u5e38\u91cd\u8981\u3002\u901a\u8fc7\u4f7f\u7528\u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236\uff0c\u53ef\u4ee5\u8fdb\u4e00\u6b65\u9650\u5236\u9879\u76ee\u4e2d\u7684\u6d3b\u52a8\uff08\u4f8b\u5982\u542f\u52a8\u96c6\u7fa4\u3001\u4e0a\u4f20\u4f5c\u4e1a\u7b49\uff09\u3002 \u5728\u672c\u7ae0\u4e2d\uff0c\u6211\u4eec\u5c06\u8ba8\u8bba\u5982\u4f55\u8bc4\u4f30\u6570\u636e\u5904\u7406\u7528\u6237\u5bf9\u5176\u5e94\u7528\u7a0b\u5e8f\u3001\u4ed6\u4eec\u4f7f\u7528\u7684\u6570\u636e\u4ee5\u53ca\u4ed6\u4eec\u5728\u9879\u76ee\u4e2d\u7684\u9884\u671f\u529f\u80fd\u7684\u9700\u6c42\u3002\u6211\u4eec\u8fd8\u5c06\u6f14\u793a\u670d\u52a1\u63a7\u5236\u5668\u53ca\u5176\u96c6\u7fa4\u7684\u4e00\u4e9b\u5f3a\u5316\u6280\u672f\uff0c\u5e76\u63d0\u4f9b\u5404\u79cd\u63a7\u5236\u5668\u914d\u7f6e\u548c\u7528\u6237\u7ba1\u7406\u65b9\u6cd5\u7684\u793a\u4f8b\uff0c\u4ee5\u786e\u4fdd\u8db3\u591f\u7684\u5b89\u5168\u548c\u9690\u79c1\u7ea7\u522b\u3002 \u67b6\u6784 \u00b6 \u4e0b\u56fe\u663e\u793a\u4e86\u6570\u636e\u5904\u7406\u670d\u52a1\u5982\u4f55\u9002\u5e94\u66f4\u5927\u7684 OpenStack \u751f\u6001\u7cfb\u7edf\u7684\u6982\u5ff5\u89c6\u56fe\u3002 \u6570\u636e\u5904\u7406\u670d\u52a1\u5728\u96c6\u7fa4\u914d\u7f6e\u8fc7\u7a0b\u4e2d\u5927\u91cf\u4f7f\u7528\u8ba1\u7b97\u3001\u7f16\u6392\u3001\u955c\u50cf\u548c\u5757\u5b58\u50a8\u670d\u52a1\u3002\u5b83\u8fd8\u5c06\u4f7f\u7528\u5728\u7fa4\u96c6\u521b\u5efa\u671f\u95f4\u63d0\u4f9b\u7684\u7531\u7f51\u7edc\u670d\u52a1\u521b\u5efa\u7684\u4e00\u4e2a\u6216\u591a\u4e2a\u7f51\u7edc\u6765\u7ba1\u7406\u5b9e\u4f8b\u3002\u5f53\u7528\u6237\u8fd0\u884c\u6846\u67b6\u5e94\u7528\u7a0b\u5e8f\u65f6\uff0c\u63a7\u5236\u5668\u548c\u96c6\u7fa4\u5c06\u8bbf\u95ee\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u3002\u9274\u4e8e\u8fd9\u4e9b\u670d\u52a1\u7528\u6cd5\uff0c\u6211\u4eec\u5efa\u8bae\u6309\u7167\u7cfb\u7edf\u6587\u6863\u4e2d\u6982\u8ff0\u7684\u8bf4\u660e\u5bf9\u5b89\u88c5\u7684\u6240\u6709\u7ec4\u4ef6\u8fdb\u884c\u7f16\u76ee\u3002 \u6d89\u53ca\u7684\u6280\u672f \u00b6 \u6570\u636e\u5904\u7406\u670d\u52a1\u8d1f\u8d23\u90e8\u7f72\u548c\u7ba1\u7406\u591a\u4e2a\u5e94\u7528\u7a0b\u5e8f\u3002\u4e3a\u4e86\u5168\u9762\u4e86\u89e3\u6240\u63d0\u4f9b\u7684\u5b89\u5168\u9009\u9879\uff0c\u6211\u4eec\u5efa\u8bae\u64cd\u4f5c\u5458\u5927\u81f4\u719f\u6089\u8fd9\u4e9b\u5e94\u7528\u7a0b\u5e8f\u3002\u7a81\u51fa\u663e\u793a\u7684\u6280\u672f\u5217\u8868\u5206\u4e3a\u4e24\u90e8\u5206\uff1a\u7b2c\u4e00\u90e8\u5206\uff0c\u5bf9\u5b89\u5168\u6027\u5f71\u54cd\u8f83\u5927\u7684\u9ad8\u4f18\u5148\u7ea7\u5e94\u7528\u7a0b\u5e8f\uff0c\u7b2c\u4e8c\u90e8\u5206\uff0c\u652f\u6301\u5f71\u54cd\u8f83\u5c0f\u7684\u5e94\u7528\u7a0b\u5e8f\u3002 \u66f4\u9ad8\u7684\u5f71\u54cd Hadoop Hadoop\u5b89\u5168\u6a21\u5f0f\u6587\u6863 HDFS Spark Spark \u5b89\u5168 Storm Zookeeper \u8f83\u4f4e\u7684\u5f71\u54cd Oozie Hive Pig \u8fd9\u4e9b\u6280\u672f\u6784\u6210\u4e86\u4e0e\u6570\u636e\u5904\u7406\u670d\u52a1\u4e00\u8d77\u90e8\u7f72\u7684\u6846\u67b6\u7684\u6838\u5fc3\u3002\u9664\u4e86\u8fd9\u4e9b\u6280\u672f\u4e4b\u5916\uff0c\u8be5\u670d\u52a1\u8fd8\u5305\u62ec\u7b2c\u4e09\u65b9\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u6346\u7ed1\u6846\u67b6\u3002\u8fd9\u4e9b\u6346\u7ed1\u6846\u67b6\u662f\u4f7f\u7528\u4e0a\u8ff0\u76f8\u540c\u6838\u5fc3\u90e8\u5206\u4ee5\u53ca\u4f9b\u5e94\u5546\u5305\u542b\u7684\u914d\u7f6e\u548c\u5e94\u7528\u7a0b\u5e8f\u6784\u5efa\u7684\u3002\u6709\u5173\u7b2c\u4e09\u65b9\u6846\u67b6\u6346\u7ed1\u5305\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u4ee5\u4e0b\u94fe\u63a5\uff1a Cloudera CDH Hortonworks Data Platform MapR \u7528\u6237\u8bbf\u95ee\u8d44\u6e90 \u00b6 \u6570\u636e\u5904\u7406\u670d\u52a1\u7684\u8d44\u6e90\uff08\u96c6\u7fa4\u3001\u4f5c\u4e1a\u548c\u6570\u636e\u6e90\uff09\u5728\u9879\u76ee\u8303\u56f4\u5185\u5171\u4eab\u3002\u5c3d\u7ba1\u5355\u4e2a\u63a7\u5236\u5668\u5b89\u88c5\u53ef\u4ee5\u7ba1\u7406\u591a\u7ec4\u8d44\u6e90\uff0c\u4f46\u8fd9\u4e9b\u8d44\u6e90\u7684\u8303\u56f4\u5c06\u9650\u5b9a\u4e3a\u5355\u4e2a\u9879\u76ee\u3002\u9274\u4e8e\u6b64\u9650\u5236\uff0c\u6211\u4eec\u5efa\u8bae\u5bc6\u5207\u76d1\u89c6\u9879\u76ee\u4e2d\u7684\u7528\u6237\u6210\u5458\u8eab\u4efd\uff0c\u4ee5\u4fdd\u6301\u8d44\u6e90\u7684\u9002\u5f53\u9694\u79bb\u3002 \u7531\u4e8e\u90e8\u7f72\u6b64\u670d\u52a1\u7684\u7ec4\u7ec7\u7684\u5b89\u5168\u8981\u6c42\u4f1a\u6839\u636e\u5176\u7279\u5b9a\u9700\u6c42\u800c\u6709\u6240\u4e0d\u540c\uff0c\u56e0\u6b64\u6211\u4eec\u5efa\u8bae\u8fd0\u8425\u5546\u5c06\u91cd\u70b9\u653e\u5728\u6570\u636e\u9690\u79c1\u3001\u96c6\u7fa4\u7ba1\u7406\u548c\u6700\u7ec8\u7528\u6237\u5e94\u7528\u7a0b\u5e8f\u4e0a\uff0c\u4f5c\u4e3a\u8bc4\u4f30\u7528\u6237\u9700\u6c42\u7684\u8d77\u70b9\u3002\u8fd9\u4e9b\u51b3\u7b56\u5c06\u6709\u52a9\u4e8e\u6307\u5bfc\u914d\u7f6e\u7528\u6237\u5bf9\u670d\u52a1\u7684\u8bbf\u95ee\u7684\u8fc7\u7a0b\u3002\u6709\u5173\u6570\u636e\u9690\u79c1\u7684\u6269\u5c55\u8ba8\u8bba\uff0c\u8bf7\u53c2\u9605\u79df\u6237\u6570\u636e\u9690\u79c1\u3002 \u6570\u636e\u5904\u7406\u5b89\u88c5\u7684\u9ed8\u8ba4\u5047\u8bbe\u662f\u7528\u6237\u5c06\u6709\u6743\u8bbf\u95ee\u5176\u9879\u76ee\u4e2d\u7684\u6240\u6709\u529f\u80fd\u3002\u5982\u679c\u9700\u8981\u66f4\u7cbe\u7ec6\u7684\u63a7\u5236\uff0c\u6570\u636e\u5904\u7406\u670d\u52a1\u4f1a\u63d0\u4f9b\u7b56\u7565\u6587\u4ef6\uff08\u5982\u7b56\u7565\u4e2d\u6240\u8ff0\uff09\u3002\u8fd9\u4e9b\u914d\u7f6e\u5c06\u9ad8\u5ea6\u4f9d\u8d56\u4e8e\u5b89\u88c5\u7ec4\u7ec7\u7684\u9700\u6c42\uff0c\u56e0\u6b64\u6ca1\u6709\u5173\u4e8e\u5176\u4f7f\u7528\u7684\u4e00\u822c\u5efa\u8bae\uff1a\u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236\u7b56\u7565\u3002 \u90e8\u7f72 \u00b6 \u4e0e\u8bb8\u591a\u5176\u4ed6 OpenStack \u670d\u52a1\u4e00\u6837\uff0c\u6570\u636e\u5904\u7406\u670d\u52a1\u88ab\u90e8\u7f72\u4e3a\u5728\u8fde\u63a5\u5230\u5806\u6808\u7684\u4e3b\u673a\u4e0a\u8fd0\u884c\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\u4ece Kilo \u7248\u672c\u5f00\u59cb\uff0c\u5b83\u80fd\u591f\u4ee5\u5206\u5e03\u5f0f\u65b9\u5f0f\u90e8\u7f72\u591a\u4e2a\u5197\u4f59\u63a7\u5236\u5668\u3002\u4e0e\u5176\u4ed6\u670d\u52a1\u4e00\u6837\uff0c\u5b83\u4e5f\u9700\u8981\u4e00\u4e2a\u6570\u636e\u5e93\u6765\u5b58\u50a8\u6709\u5173\u5176\u8d44\u6e90\u7684\u4fe1\u606f\u3002\u8bf7\u53c2\u9605\u6570\u636e\u5e93\u3002\u8bf7\u52a1\u5fc5\u6ce8\u610f\uff0c\u6570\u636e\u5904\u7406\u670d\u52a1\u5c06\u9700\u8981\u7ba1\u7406\u591a\u4e2a\u6807\u8bc6\u670d\u52a1\u4fe1\u4efb\uff0c\u76f4\u63a5\u4e0e\u4e1a\u52a1\u6d41\u7a0b\u548c\u7f51\u7edc\u670d\u52a1\u901a\u4fe1\uff0c\u5e76\u53ef\u80fd\u5728\u4ee3\u7406\u57df\u4e2d\u521b\u5efa\u7528\u6237\u3002\u7531\u4e8e\u8fd9\u4e9b\u539f\u56e0\uff0c\u63a7\u5236\u5668\u5c06\u9700\u8981\u8bbf\u95ee\u63a7\u5236\u5e73\u9762\uff0c\u56e0\u6b64\u6211\u4eec\u5efa\u8bae\u5c06\u5176\u4e0e\u5176\u4ed6\u670d\u52a1\u63a7\u5236\u5668\u4e00\u8d77\u5b89\u88c5\u3002 \u6570\u636e\u5904\u7406\u76f4\u63a5\u4e0e\u591a\u4e2a OpenStack \u670d\u52a1\u4ea4\u4e92\uff1a \u8ba1\u7b97 \u8eab\u4efd\u9a8c\u8bc1 \u8054\u7f51 \u5bf9\u8c61\u5b58\u50a8 \u914d\u5668 \u5757\u5b58\u50a8\uff08\u53ef\u9009\uff09 \u5efa\u8bae\u8bb0\u5f55\u8fd9\u4e9b\u670d\u52a1\u4e0e\u6570\u636e\u5904\u7406\u63a7\u5236\u5668\u4e4b\u95f4\u7684\u6240\u6709\u6570\u636e\u6d41\u548c\u6865\u63a5\u70b9\u3002\u8bf7\u53c2\u9605\u7cfb\u7edf\u6587\u6863\u3002 \u6570\u636e\u5904\u7406\u670d\u52a1\u4f7f\u7528\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u6765\u5b58\u50a8\u4f5c\u4e1a\u4e8c\u8fdb\u5236\u6587\u4ef6\u548c\u6570\u636e\u6e90\u3002\u5e0c\u671b\u8bbf\u95ee\u5b8c\u6574\u6570\u636e\u5904\u7406\u670d\u52a1\u529f\u80fd\u7684\u7528\u6237\u5c06\u9700\u8981\u5728\u4ed6\u4eec\u6b63\u5728\u4f7f\u7528\u7684\u9879\u76ee\u4e2d\u5b58\u50a8\u5bf9\u8c61\u3002 \u7f51\u7edc\u670d\u52a1\u5728\u7fa4\u96c6\u7684\u914d\u7f6e\u4e2d\u8d77\u7740\u91cd\u8981\u4f5c\u7528\u3002\u5728\u9884\u914d\u4e4b\u524d\uff0c\u7528\u6237\u5e94\u4e3a\u7fa4\u96c6\u5b9e\u4f8b\u63d0\u4f9b\u4e00\u4e2a\u6216\u591a\u4e2a\u7f51\u7edc\u3002\u5173\u8054\u7f51\u7edc\u7684\u64cd\u4f5c\u7c7b\u4f3c\u4e8e\u901a\u8fc7\u4eea\u8868\u677f\u542f\u52a8\u5b9e\u4f8b\u65f6\u5206\u914d\u7f51\u7edc\u7684\u8fc7\u7a0b\u3002\u63a7\u5236\u5668\u4f7f\u7528\u8fd9\u4e9b\u7f51\u7edc\u5bf9\u5176\u96c6\u7fa4\u7684\u5b9e\u4f8b\u548c\u6846\u67b6\u8fdb\u884c\u7ba1\u7406\u8bbf\u95ee\u3002 \u53e6\u5916\u503c\u5f97\u6ce8\u610f\u7684\u662f\u8eab\u4efd\u670d\u52a1\u3002\u6570\u636e\u5904\u7406\u670d\u52a1\u7684\u7528\u6237\u9700\u8981\u5728\u5176\u9879\u76ee\u4e2d\u5177\u6709\u9002\u5f53\u7684\u89d2\u8272\uff0c\u4ee5\u5141\u8bb8\u4e3a\u5176\u96c6\u7fa4\u9884\u7f6e\u5b9e\u4f8b\u3002\u4f7f\u7528\u4ee3\u7406\u57df\u914d\u7f6e\u7684\u5b89\u88c5\u9700\u8981\u7279\u522b\u6ce8\u610f\u3002\u8bf7\u53c2\u9605\u4ee3\u7406\u57df\u3002\u5177\u4f53\u800c\u8a00\uff0c\u6570\u636e\u5904\u7406\u670d\u52a1\u5c06\u9700\u8981\u80fd\u591f\u5728\u4ee3\u7406\u57df\u4e2d\u521b\u5efa\u7528\u6237\u3002 \u63a7\u5236\u5668\u5bf9\u96c6\u7fa4\u7684\u7f51\u7edc\u8bbf\u95ee \u00b6 \u6570\u636e\u5904\u7406\u63a7\u5236\u5668\u7684\u4e3b\u8981\u4efb\u52a1\u4e4b\u4e00\u662f\u4e0e\u5176\u751f\u6210\u7684\u5b9e\u4f8b\u8fdb\u884c\u901a\u4fe1\u3002\u8fd9\u4e9b\u5b9e\u4f8b\u662f\u9884\u7f6e\u7684\uff0c\u7136\u540e\u6839\u636e\u6240\u4f7f\u7528\u7684\u6846\u67b6\u8fdb\u884c\u914d\u7f6e\u3002\u63a7\u5236\u5668\u548c\u5b9e\u4f8b\u4e4b\u95f4\u7684\u901a\u4fe1\u4f7f\u7528\u5b89\u5168\u5916\u58f3 \uff08SSH\uff09 \u548c HTTP \u534f\u8bae\u3002 \u5728\u9884\u914d\u96c6\u7fa4\u65f6\uff0c\u5c06\u5728\u7528\u6237\u63d0\u4f9b\u7684\u7f51\u7edc\u4e2d\u4e3a\u6bcf\u4e2a\u5b9e\u4f8b\u63d0\u4f9b\u4e00\u4e2a IP \u5730\u5740\u3002\u7b2c\u4e00\u4e2a\u7f51\u7edc\u901a\u5e38\u79f0\u4e3a\u6570\u636e\u5904\u7406\u7ba1\u7406\u7f51\u7edc\uff0c\u5b9e\u4f8b\u53ef\u4ee5\u4f7f\u7528\u7f51\u7edc\u670d\u52a1\u4e3a\u6b64\u7f51\u7edc\u5206\u914d\u7684\u56fa\u5b9a IP \u5730\u5740\u3002\u63a7\u5236\u5668\u8fd8\u53ef\u4ee5\u914d\u7f6e\u4e3a\u9664\u4e86\u56fa\u5b9a\u5730\u5740\u4e4b\u5916\uff0c\u8fd8\u5bf9\u5b9e\u4f8b\u4f7f\u7528\u6d6e\u52a8 IP \u5730\u5740\u3002\u4e0e\u5b9e\u4f8b\u901a\u4fe1\u65f6\uff0c\u63a7\u5236\u5668\u5c06\u9996\u9009\u6d6e\u52a8\u5730\u5740\uff08\u5982\u679c\u542f\u7528\uff09\u3002 \u5bf9\u4e8e\u56fa\u5b9a\u548c\u6d6e\u52a8 IP \u5730\u5740\u65e0\u6cd5\u63d0\u4f9b\u6240\u9700\u529f\u80fd\u7684\u60c5\u51b5\uff0c\u63a7\u5236\u5668\u53ef\u4ee5\u901a\u8fc7\u4e24\u79cd\u66ff\u4ee3\u65b9\u6cd5\u63d0\u4f9b\u8bbf\u95ee\uff1a\u81ea\u5b9a\u4e49\u7f51\u7edc\u62d3\u6251\u548c\u95f4\u63a5\u8bbf\u95ee\u3002\u81ea\u5b9a\u4e49\u7f51\u7edc\u62d3\u6251\u529f\u80fd\u5141\u8bb8\u63a7\u5236\u5668\u901a\u8fc7\u914d\u7f6e\u6587\u4ef6\u4e2d\u63d0\u4f9b\u7684 shell \u547d\u4ee4\u8bbf\u95ee\u5b9e\u4f8b\u3002\u95f4\u63a5\u8bbf\u95ee\u7528\u4e8e\u6307\u5b9a\u7528\u6237\u5728\u96c6\u7fa4\u7f6e\u5907\u671f\u95f4\u53ef\u7528\u4f5c\u4ee3\u7406\u7f51\u5173\u7684\u5b9e\u4f8b\u3002\u8fd9\u4e9b\u9009\u9879\u901a\u8fc7\u914d\u7f6e\u548c\u5f3a\u5316\u4e2d\u7684\u7528\u6cd5\u793a\u4f8b\u8fdb\u884c\u8ba8\u8bba\u3002 \u914d\u7f6e\u548c\u5f3a\u5316 \u00b6 \u6709\u591a\u4e2a\u914d\u7f6e\u9009\u9879\u548c\u90e8\u7f72\u7b56\u7565\u53ef\u4ee5\u63d0\u9ad8\u6570\u636e\u5904\u7406\u670d\u52a1\u7684\u5b89\u5168\u6027\u3002\u670d\u52a1\u63a7\u5236\u5668\u901a\u8fc7\u4e3b\u914d\u7f6e\u6587\u4ef6\u548c\u4e00\u4e2a\u6216\u591a\u4e2a\u7b56\u7565\u6587\u4ef6\u8fdb\u884c\u914d\u7f6e\u3002\u4f7f\u7528\u6570\u636e\u5c40\u90e8\u6027\u529f\u80fd\u7684\u5b89\u88c5\u8fd8\u5c06\u5177\u6709\u4e24\u4e2a\u9644\u52a0\u6587\u4ef6\uff0c\u7528\u4e8e\u6307\u5b9a\u8ba1\u7b97\u8282\u70b9\u548c\u5bf9\u8c61\u5b58\u50a8\u8282\u70b9\u7684\u7269\u7406\u4f4d\u7f6e\u3002 TLS\u7cfb\u7edf \u00b6 \u4e0e\u8bb8\u591a\u5176\u4ed6 OpenStack \u63a7\u5236\u5668\u4e00\u6837\uff0c\u6570\u636e\u5904\u7406\u670d\u52a1\u63a7\u5236\u5668\u53ef\u4ee5\u914d\u7f6e\u4e3a\u9700\u8981 TLS \u8fde\u63a5\u3002 Pre-Kilo \u7248\u672c\u5c06\u9700\u8981 TLS \u4ee3\u7406\uff0c\u56e0\u4e3a\u63a7\u5236\u5668\u4e0d\u5141\u8bb8\u76f4\u63a5 TLS \u8fde\u63a5\u3002TLS \u4ee3\u7406\u548c HTTP \u670d\u52a1\u4e2d\u4ecb\u7ecd\u4e86\u5982\u4f55\u914d\u7f6e TLS \u4ee3\u7406\uff0c\u6211\u4eec\u5efa\u8bae\u6309\u7167\u5176\u4e2d\u7684\u5efa\u8bae\u521b\u5efa\u6b64\u7c7b\u5b89\u88c5\u3002 \u4ece Kilo \u7248\u672c\u5f00\u59cb\uff0c\u6570\u636e\u5904\u7406\u63a7\u5236\u5668\u5141\u8bb8\u76f4\u63a5 TLS \u8fde\u63a5\uff0c\u6211\u4eec\u5efa\u8bae\u8fd9\u6837\u505a\u3002\u542f\u7528\u6b64\u884c\u4e3a\u9700\u8981\u5bf9\u63a7\u5236\u5668\u914d\u7f6e\u6587\u4ef6\u8fdb\u884c\u4e00\u4e9b\u5c0f\u7684\u8c03\u6574\u3002 \u4f8b\u3002\u914d\u7f6e\u5bf9\u63a7\u5236\u5668\u7684 TLS \u8bbf\u95ee [ssl] ca_file = cafile.pem cert_file = certfile.crt key_file = keyfile.key \u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236\u7b56\u7565 \u00b6 \u6570\u636e\u5904\u7406\u670d\u52a1\u4f7f\u7528\u7b56\u7565\u6587\u4ef6\uff08\u5982\u7b56\u7565\u4e2d\u6240\u8ff0\uff09\u6765\u914d\u7f6e\u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236\u3002\u4f7f\u7528\u7b56\u7565\u6587\u4ef6\uff0c\u64cd\u4f5c\u5458\u53ef\u4ee5\u9650\u5236\u7ec4\u5bf9\u7279\u5b9a\u6570\u636e\u5904\u7406\u529f\u80fd\u7684\u8bbf\u95ee\u3002 \u6267\u884c\u6b64\u64cd\u4f5c\u7684\u539f\u56e0\u5c06\u6839\u636e\u5b89\u88c5\u7684\u7ec4\u7ec7\u8981\u6c42\u800c\u66f4\u6539\u3002\u901a\u5e38\uff0c\u8fd9\u4e9b\u7ec6\u7c92\u5ea6\u63a7\u4ef6\u7528\u4e8e\u64cd\u4f5c\u5458\u9700\u8981\u9650\u5236\u6570\u636e\u5904\u7406\u670d\u52a1\u8d44\u6e90\u7684\u521b\u5efa\u3001\u5220\u9664\u548c\u68c0\u7d22\u7684\u60c5\u51b5\u3002\u9700\u8981\u9650\u5236\u9879\u76ee\u5185\u8bbf\u95ee\u7684\u64cd\u4f5c\u5458\u5e94\u5145\u5206\u610f\u8bc6\u5230\uff0c\u9700\u8981\u6709\u5176\u4ed6\u65b9\u6cd5\u8ba9\u7528\u6237\u8bbf\u95ee\u670d\u52a1\u7684\u6838\u5fc3\u529f\u80fd\uff08\u4f8b\u5982\uff0c\u914d\u7f6e\u96c6\u7fa4\uff09\u3002 \u4f8b\u3002\u5141\u8bb8\u6240\u6709\u7528\u6237\u4f7f\u7528\u6240\u6709\u65b9\u6cd5\uff08\u9ed8\u8ba4\u7b56\u7565\uff09 { \"default\": \"\" } \u4f8b\u3002\u7981\u6b62\u5bf9\u975e\u7ba1\u7406\u5458\u7528\u6237\u8fdb\u884c\u6620\u50cf\u6ce8\u518c\u8868\u64cd\u4f5c { \"default\": \"\", \"data-processing:images:register\": \"role:admin\", \"data-processing:images:unregister\": \"role:admin\", \"data-processing:images:add_tags\": \"role:admin\", \"data-processing:images:remove_tags\": \"role:admin\" } \u5b89\u5168\u7ec4 \u00b6 \u6570\u636e\u5904\u7406\u670d\u52a1\u5141\u8bb8\u5c06\u5b89\u5168\u7ec4\u4e0e\u4e3a\u5176\u96c6\u7fa4\u9884\u7f6e\u7684\u5b9e\u4f8b\u76f8\u5173\u8054\u3002\u65e0\u9700\u5176\u4ed6\u914d\u7f6e\uff0c\u8be5\u670d\u52a1\u5c06\u5bf9\u9884\u7f6e\u96c6\u7fa4\u7684\u4efb\u4f55\u9879\u76ee\u4f7f\u7528\u9ed8\u8ba4\u5b89\u5168\u7ec4\u3002\u5982\u679c\u8bf7\u6c42\uff0c\u53ef\u4ee5\u4f7f\u7528\u4e0d\u540c\u7684\u5b89\u5168\u7ec4\uff0c\u6216\u8005\u5b58\u5728\u4e00\u4e2a\u81ea\u52a8\u9009\u9879\uff0c\u8be5\u9009\u9879\u6307\u793a\u670d\u52a1\u6839\u636e\u6240\u8bbf\u95ee\u6846\u67b6\u6307\u5b9a\u7684\u7aef\u53e3\u521b\u5efa\u5b89\u5168\u7ec4\u3002 \u5bf9\u4e8e\u751f\u4ea7\u73af\u5883\uff0c\u6211\u4eec\u5efa\u8bae\u624b\u52a8\u63a7\u5236\u5b89\u5168\u7ec4\uff0c\u5e76\u521b\u5efa\u4e00\u7ec4\u9002\u5408\u5b89\u88c5\u7684\u7ec4\u89c4\u5219\u3002\u901a\u8fc7\u8fd9\u79cd\u65b9\u5f0f\uff0c\u64cd\u4f5c\u5458\u53ef\u4ee5\u786e\u4fdd\u9ed8\u8ba4\u5b89\u5168\u7ec4\u5c06\u5305\u542b\u6240\u6709\u9002\u5f53\u7684\u89c4\u5219\u3002\u6709\u5173\u5b89\u5168\u7ec4\u7684\u6269\u5c55\u8ba8\u8bba\uff0c\u8bf7\u53c2\u9605\u5b89\u5168\u7ec4\u3002 \u4ee3\u7406\u57df \u00b6 \u5c06\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u4e0e\u6570\u636e\u5904\u7406\u7ed3\u5408\u4f7f\u7528\u65f6\uff0c\u9700\u8981\u6dfb\u52a0\u5b58\u50a8\u8bbf\u95ee\u51ed\u636e\u3002\u4f7f\u7528\u4ee3\u7406\u57df\uff0c\u6570\u636e\u5904\u7406\u670d\u52a1\u53ef\u4ee5\u6539\u7528\u6765\u81ea\u6807\u8bc6\u670d\u52a1\u7684\u59d4\u6d3e\u4fe1\u4efb\uff0c\u4ee5\u5141\u8bb8\u901a\u8fc7\u57df\u4e2d\u521b\u5efa\u7684\u4e34\u65f6\u7528\u6237\u8fdb\u884c\u5b58\u50a8\u8bbf\u95ee\u3002\u8981\u4f7f\u6b64\u59d4\u6d3e\u673a\u5236\u8d77\u4f5c\u7528\uff0c\u5fc5\u987b\u5c06\u6570\u636e\u5904\u7406\u670d\u52a1\u914d\u7f6e\u4e3a\u4f7f\u7528\u4ee3\u7406\u57df\uff0c\u5e76\u4e14\u64cd\u4f5c\u5458\u5fc5\u987b\u4e3a\u4ee3\u7406\u7528\u6237\u914d\u7f6e\u8eab\u4efd\u57df\u3002 \u6570\u636e\u5904\u7406\u63a7\u5236\u5668\u4fdd\u7559\u4e3a\u5bf9\u8c61\u5b58\u50a8\u8bbf\u95ee\u63d0\u4f9b\u7684\u7528\u6237\u540d\u548c\u5bc6\u7801\u7684\u4e34\u65f6\u5b58\u50a8\u3002\u4f7f\u7528\u4ee3\u7406\u57df\u65f6\uff0c\u63a7\u5236\u5668\u5c06\u4e3a\u4ee3\u7406\u7528\u6237\u751f\u6210\u6b64\u5bf9\uff0c\u5e76\u4e14\u6b64\u7528\u6237\u7684\u8bbf\u95ee\u5c06\u4ec5\u9650\u4e8e\u8eab\u4efd\u4fe1\u4efb\u7684\u8bbf\u95ee\u3002\u6211\u4eec\u5efa\u8bae\u5728\u63a7\u5236\u5668\u6216\u5176\u6570\u636e\u5e93\u5177\u6709\u4e0e\u516c\u5171\u7f51\u7edc\u4e4b\u95f4\u7684\u8def\u7531\u7684\u4efb\u4f55\u5b89\u88c5\u4e2d\u4f7f\u7528\u4ee3\u7406\u57df\u3002 \u793a\u4f8b\uff1a\u4e3a\u540d\u4e3a\u201cdp_proxy\u201d\u7684\u4ee3\u7406\u57df\u8fdb\u884c\u914d\u7f6e [DEFAULT] use_domain_for_proxy_users = true proxy_user_domain_name = dp_proxy proxy_user_role_names = Member \u81ea\u5b9a\u4e49\u7f51\u7edc\u62d3\u6251 \u00b6 \u6570\u636e\u5904\u7406\u63a7\u5236\u5668\u53ef\u4ee5\u914d\u7f6e\u4e3a\u4f7f\u7528\u4ee3\u7406\u547d\u4ee4\u6765\u8bbf\u95ee\u5176\u96c6\u7fa4\u5b9e\u4f8b\u3002\u901a\u8fc7\u8fd9\u79cd\u65b9\u5f0f\uff0c\u53ef\u4ee5\u4e3a\u4e0d\u4f7f\u7528\u7f51\u7edc\u670d\u52a1\u76f4\u63a5\u63d0\u4f9b\u7684\u7f51\u7edc\u7684\u5b89\u88c5\u521b\u5efa\u81ea\u5b9a\u4e49\u7f51\u7edc\u62d3\u6251\u3002\u5bf9\u4e8e\u9700\u8981\u9650\u5236\u63a7\u5236\u5668\u548c\u5b9e\u4f8b\u4e4b\u95f4\u8bbf\u95ee\u7684\u5b89\u88c5\uff0c\u6211\u4eec\u5efa\u8bae\u4f7f\u7528\u6b64\u9009\u9879\u3002 \u793a\u4f8b\uff1a\u901a\u8fc7\u6307\u5b9a\u7684\u4e2d\u7ee7\u673a\u8bbf\u95ee\u5b9e\u4f8b [DEFAULT] proxy_command='ssh relay-machine-{tenant_id} nc {host} {port}' \u793a\u4f8b\uff1a\u901a\u8fc7\u81ea\u5b9a\u4e49\u7f51\u7edc\u547d\u540d\u7a7a\u95f4\u8bbf\u95ee\u5b9e\u4f8b [DEFAULT] proxy_command='ip netns exec ns_for_{network_id} nc {host} {port}' \u95f4\u63a5\u8bbf\u95ee \u00b6 \u5bf9\u4e8e\u63a7\u5236\u5668\u5bf9\u96c6\u7fa4\u6240\u6709\u5b9e\u4f8b\u7684\u8bbf\u95ee\u6743\u9650\u6709\u9650\u7684\u5b89\u88c5\uff0c\u7531\u4e8e\u5bf9\u6d6e\u52a8 IP \u5730\u5740\u6216\u5b89\u5168\u89c4\u5219\u7684\u9650\u5236\uff0c\u53ef\u4ee5\u914d\u7f6e\u95f4\u63a5\u8bbf\u95ee\u3002\u8fd9\u5141\u8bb8\u5c06\u67d0\u4e9b\u5b9e\u4f8b\u6307\u5b9a\u4e3a\u96c6\u7fa4\u5176\u4ed6\u5b9e\u4f8b\u7684\u4ee3\u7406\u7f51\u5173\u3002 \u53ea\u6709\u5728\u5b9a\u4e49\u5c06\u6784\u6210\u6570\u636e\u5904\u7406\u96c6\u7fa4\u7684\u8282\u70b9\u7ec4\u6a21\u677f\u65f6\uff0c\u624d\u80fd\u542f\u7528\u6b64\u914d\u7f6e\u3002\u5b83\u4f5c\u4e3a\u8fd0\u884c\u65f6\u9009\u9879\u63d0\u4f9b\uff0c\u53ef\u5728\u7fa4\u96c6\u7f6e\u5907\u8fc7\u7a0b\u4e2d\u542f\u7528\u3002 Rootwrap \u00b6 \u5728\u4e3a\u7f51\u7edc\u8bbf\u95ee\u521b\u5efa\u81ea\u5b9a\u4e49\u62d3\u6251\u65f6\uff0c\u53ef\u80fd\u9700\u8981\u5141\u8bb8\u975e root \u7528\u6237\u8fd0\u884c\u4ee3\u7406\u547d\u4ee4\u3002\u5bf9\u4e8e\u8fd9\u4e9b\u60c5\u51b5\uff0coslo rootwrap \u8f6f\u4ef6\u5305\u7528\u4e8e\u4e3a\u975e root \u7528\u6237\u63d0\u4f9b\u8fd0\u884c\u7279\u6743\u547d\u4ee4\u7684\u5de5\u5177\u3002\u6b64\u914d\u7f6e\u8981\u6c42\u4e0e\u6570\u636e\u5904\u7406\u63a7\u5236\u5668\u5e94\u7528\u7a0b\u5e8f\u5173\u8054\u7684\u7528\u6237\u4f4d\u4e8e sudoers \u5217\u8868\u4e2d\uff0c\u5e76\u5728\u914d\u7f6e\u6587\u4ef6\u4e2d\u542f\u7528\u8be5\u9009\u9879\u3002\u6216\u8005\uff0c\u53ef\u4ee5\u63d0\u4f9b\u5907\u7528 rootwrap \u547d\u4ee4\u3002 \u793a\u4f8b\uff1a\u542f\u7528 rootwrap \u7528\u6cd5\u5e76\u663e\u793a\u9ed8\u8ba4\u547d\u4ee4 [DEFAULT] use_rootwrap=True rootwrap_command=\u2019sudo sahara-rootwrap /etc/sahara/rootwrap.conf\u2019 \u5173\u4e8e rootwrap \u9879\u76ee\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u8003\u5b98\u65b9\u6587\u6863\uff1ahttps://wiki.openstack.org/wiki/Rootwrap \u65e5\u5fd7 \u00b6 \u76d1\u89c6\u670d\u52a1\u63a7\u5236\u5668\u7684\u8f93\u51fa\u662f\u4e00\u4e2a\u5f3a\u5927\u7684\u53d6\u8bc1\u5de5\u5177\uff0c\u5982\u76d1\u89c6\u548c\u65e5\u5fd7\u8bb0\u5f55\u4e2d\u66f4\u8be6\u7ec6\u5730\u63cf\u8ff0\u7684\u90a3\u6837\u3002\u6570\u636e\u5904\u7406\u670d\u52a1\u63a7\u5236\u5668\u63d0\u4f9b\u4e86\u51e0\u4e2a\u9009\u9879\u6765\u8bbe\u7f6e\u65e5\u5fd7\u8bb0\u5f55\u7684\u4f4d\u7f6e\u548c\u7ea7\u522b\u3002 \u793a\u4f8b\uff1a\u5c06\u65e5\u5fd7\u7ea7\u522b\u8bbe\u7f6e\u4e3a\u9ad8\u4e8e\u8b66\u544a\u5e76\u6307\u5b9a\u8f93\u51fa\u6587\u4ef6\u3002 [DEFAULT] verbose = true log_file = /var/log/data-processing.log \u53c2\u8003\u4e66\u76ee \u00b6 OpenStack.org\uff0c\u6b22\u8fce\u6765\u5230Sahara\uff012016.Sahara\u9879\u76ee\u6587\u6863 Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0c\u6b22\u8fce\u6765\u5230 Apache Hadoop\uff012016. Apache Hadoop \u9879\u76ee Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0c\u5b89\u5168\u6a21\u5f0f\u4e0b\u7684 Hadoop\u30022016. Hadoop \u5b89\u5168\u6a21\u5f0f\u6587\u6863 Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0cHDFS \u7528\u6237\u6307\u5357\u30022016. Hadoop HDFS \u6587\u6863 Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0cSpark\u30022016. Spark\u9879\u76ee Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0cSpark Security\u30022016. Spark \u5b89\u5168\u6587\u6863 Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0cApache Storm\u30022016. Storm \u9879\u76ee Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0cApache Zookeeper\u30022016. Zookeeper \u9879\u76ee Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0cApache Oozie Workflow Scheduler for Hadoop\u30022016. Oozie\u9879\u76ee Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0cApache Hive\u30022016. Hive Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0c\u6b22\u8fce\u6765\u5230 Apache Pig\u30022016.Pig Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0cCloudera \u4ea7\u54c1\u6587\u6863\u30022016. Cloudera CDH \u6587\u6863 Hortonworks\uff0cHortonworks\u30022016. Hortonworks \u6570\u636e\u5e73\u53f0\u6587\u6863 MapR Technologies\uff0c\u7528\u4e8e MapR \u878d\u5408\u6570\u636e\u5e73\u53f0\u7684 Apache Hadoop\u30022016. MapR \u9879\u76ee \u6570\u636e\u5e93 \u00b6 \u6570\u636e\u5e93\u670d\u52a1\u5668\u7684\u9009\u62e9\u662f OpenStack \u90e8\u7f72\u5b89\u5168\u6027\u7684\u4e00\u4e2a\u91cd\u8981\u8003\u8651\u56e0\u7d20\u3002\u5728\u51b3\u5b9a\u4f7f\u7528\u6570\u636e\u5e93\u670d\u52a1\u5668\u65f6\uff0c\u5e94\u8003\u8651\u591a\u79cd\u56e0\u7d20\uff0c\u4f46\u5728\u672c\u672c\u4e66\u7684\u8303\u56f4\u5185\uff0c\u5c06\u53ea\u8ba8\u8bba\u5b89\u5168\u6ce8\u610f\u4e8b\u9879\u3002OpenStack \u652f\u6301\u591a\u79cd\u6570\u636e\u5e93\u7c7b\u578b\u3002\u6709\u5173\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u300aOpenStack \u7ba1\u7406\u5458\u6307\u5357\u300b\u3002 \u300a\u5b89\u5168\u6307\u5357\u300b\u76ee\u524d\u4e3b\u8981\u9488\u5bf9 PostgreSQL \u548c MySQL\u3002 \u6570\u636e\u5e93\u540e\u7aef\u6ce8\u610f\u4e8b\u9879 \u6570\u636e\u5e93\u540e\u7aef\u7684\u5b89\u5168\u53c2\u8003 \u6570\u636e\u5e93\u8bbf\u95ee\u63a7\u5236 OpenStack \u6570\u636e\u5e93\u8bbf\u95ee\u6a21\u578b \u6570\u636e\u5e93\u8eab\u4efd\u9a8c\u8bc1\u548c\u8bbf\u95ee\u63a7\u5236 \u8981\u6c42\u7528\u6237\u5e10\u6237\u9700\u8981 SSL \u4f20\u8f93 \u4f7f\u7528 X.509 \u8bc1\u4e66\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1 OpenStack \u670d\u52a1\u6570\u636e\u5e93\u914d\u7f6e Nova-conductor \u6570\u636e\u5e93\u4f20\u8f93\u5b89\u5168\u6027 \u6570\u636e\u5e93\u670d\u52a1\u5668 IP \u5730\u5740\u7ed1\u5b9a \u6570\u636e\u5e93\u4f20\u8f93 MySQL SSL\u914d\u7f6e PostgreSQL SSL \u914d\u7f6e \u6570\u636e\u5e93\u540e\u7aef\u6ce8\u610f\u4e8b\u9879 \u00b6 PostgreSQL \u5177\u6709\u8bb8\u591a\u7406\u60f3\u7684\u5b89\u5168\u529f\u80fd\uff0c\u4f8b\u5982 Kerberos \u8eab\u4efd\u9a8c\u8bc1\u3001\u5bf9\u8c61\u7ea7\u5b89\u5168\u6027\u548c\u52a0\u5bc6\u652f\u6301\u3002PostgreSQL \u793e\u533a\u5728\u63d0\u4f9b\u53ef\u9760\u7684\u6307\u5bfc\u3001\u6587\u6863\u548c\u5de5\u5177\u4ee5\u4fc3\u8fdb\u79ef\u6781\u7684\u5b89\u5168\u5b9e\u8df5\u65b9\u9762\u505a\u5f97\u5f88\u597d\u3002 MySQL\u62e5\u6709\u5e9e\u5927\u7684\u793e\u533a\uff0c\u88ab\u5e7f\u6cdb\u91c7\u7528\uff0c\u5e76\u63d0\u4f9b\u9ad8\u53ef\u7528\u6027\u9009\u9879\u3002MySQL\u8fd8\u80fd\u591f\u901a\u8fc7\u63d2\u4ef6\u8eab\u4efd\u9a8c\u8bc1\u673a\u5236\u63d0\u4f9b\u589e\u5f3a\u7684\u5ba2\u6237\u7aef\u8eab\u4efd\u9a8c\u8bc1\u3002MySQL\u793e\u533a\u4e2d\u7684\u5206\u53c9\u53d1\u884c\u7248\u63d0\u4f9b\u4e86\u8bb8\u591a\u53ef\u4f9b\u8003\u8651\u7684\u9009\u9879\u3002\u6839\u636e\u5bf9\u5b89\u5168\u6001\u52bf\u7684\u5168\u9762\u8bc4\u4f30\u548c\u4e3a\u7ed9\u5b9a\u53d1\u884c\u7248\u63d0\u4f9b\u7684\u652f\u6301\u7ea7\u522b\uff0c\u9009\u62e9MySQL\u7684\u7279\u5b9a\u5b9e\u73b0\u975e\u5e38\u91cd\u8981\u3002 \u6570\u636e\u5e93\u540e\u7aef\u7684\u5b89\u5168\u53c2\u8003 \u00b6 \u5efa\u8bae\u90e8\u7f72 MySQL \u6216 PostgreSQL \u7684\u7528\u6237\u53c2\u8003\u73b0\u6709\u7684\u5b89\u5168\u6307\u5357\u3002\u4e0b\u9762\u5217\u51fa\u4e86\u4e00\u4e9b\u53c2\u8003\u8d44\u6599\uff1a MySQL\u6570\u636e\u5e93\uff1a OWASP MySQL\u5f3a\u5316 MySQL \u53ef\u63d2\u5165\u8eab\u4efd\u9a8c\u8bc1 MySQL\u4e2d\u7684\u5b89\u5168\u6027 PostgreSQL\u683c\u5f0f\uff1a OWASP PostgreSQL \u5f3a\u5316 PostgreSQL \u6570\u636e\u5e93\u4e2d\u7684\u603b\u4f53\u5b89\u5168\u6027 \u6570\u636e\u5e93\u8bbf\u95ee\u63a7\u5236 \u00b6 \u6bcf\u4e2a\u6838\u5fc3 OpenStack \u670d\u52a1\uff08\u8ba1\u7b97\u3001\u8eab\u4efd\u3001\u7f51\u7edc\u3001\u5757\u5b58\u50a8\uff09\u90fd\u5c06\u72b6\u6001\u548c\u914d\u7f6e\u4fe1\u606f\u5b58\u50a8\u5728\u6570\u636e\u5e93\u4e2d\u3002\u5728\u672c\u7ae0\u4e2d\uff0c\u6211\u4eec\u5c06\u8ba8\u8bba\u5f53\u524d\u5728OpenStack\u4e2d\u4f7f\u7528\u6570\u636e\u5e93\u7684\u65b9\u5f0f\u3002\u6211\u4eec\u8fd8\u63a2\u8ba8\u4e86\u5b89\u5168\u95ee\u9898\uff0c\u4ee5\u53ca\u6570\u636e\u5e93\u540e\u7aef\u9009\u62e9\u7684\u5b89\u5168\u540e\u679c\u3002 OpenStack \u6570\u636e\u5e93\u8bbf\u95ee\u6a21\u578b \u00b6 OpenStack \u9879\u76ee\u4e2d\u7684\u6240\u6709\u670d\u52a1\u90fd\u8bbf\u95ee\u5355\u4e2a\u6570\u636e\u5e93\u3002\u76ee\u524d\u6ca1\u6709\u7528\u4e8e\u521b\u5efa\u57fa\u4e8e\u8868\u6216\u884c\u7684\u6570\u636e\u5e93\u8bbf\u95ee\u9650\u5236\u7684\u53c2\u8003\u7b56\u7565\u3002 \u5728OpenStack\u4e2d\uff0c\u6ca1\u6709\u5bf9\u6570\u636e\u5e93\u64cd\u4f5c\u8fdb\u884c\u7cbe\u7ec6\u63a7\u5236\u7684\u4e00\u822c\u89c4\u5b9a\u3002\u8bbf\u95ee\u6743\u9650\u548c\u7279\u6743\u7684\u6388\u4e88\u4ec5\u57fa\u4e8e\u8282\u70b9\u662f\u5426\u6709\u6743\u8bbf\u95ee\u6570\u636e\u5e93\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u6709\u6743\u8bbf\u95ee\u6570\u636e\u5e93\u7684\u8282\u70b9\u53ef\u80fd\u5177\u6709 DROP\u3001INSERT \u6216 UPDATE \u51fd\u6570\u7684\u5b8c\u5168\u6743\u9650\u3002 \u7cbe\u7ec6\u8bbf\u95ee\u63a7\u5236 \u00b6 \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u6bcf\u4e2a OpenStack \u670d\u52a1\u53ca\u5176\u8fdb\u7a0b\u90fd\u4f7f\u7528\u4e00\u7ec4\u5171\u4eab\u51ed\u636e\u8bbf\u95ee\u6570\u636e\u5e93\u3002\u8fd9\u4f7f\u5f97\u5ba1\u6838\u6570\u636e\u5e93\u64cd\u4f5c\u548c\u64a4\u6d88\u670d\u52a1\u53ca\u5176\u8fdb\u7a0b\u5bf9\u6570\u636e\u5e93\u7684\u8bbf\u95ee\u6743\u9650\u53d8\u5f97\u7279\u522b\u56f0\u96be\u3002 Nova-conductor \u00b6 \u8ba1\u7b97\u8282\u70b9\u662f OpenStack \u4e2d\u6700\u4e0d\u53d7\u4fe1\u4efb\u7684\u670d\u52a1\uff0c\u56e0\u4e3a\u5b83\u4eec\u6258\u7ba1\u79df\u6237\u5b9e\u4f8b\u3002\u5f15\u5165\u8be5 nova-conductor \u670d\u52a1\u4f5c\u4e3a\u6570\u636e\u5e93\u4ee3\u7406\uff0c\u5145\u5f53\u8ba1\u7b97\u8282\u70b9\u548c\u6570\u636e\u5e93\u4e4b\u95f4\u7684\u4e2d\u4ecb\u3002\u6211\u4eec\u5c06\u5728\u672c\u7ae0\u540e\u9762\u8ba8\u8bba\u5176\u540e\u679c\u3002 \u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\uff1a \u6240\u6709\u6570\u636e\u5e93\u901a\u4fe1\u90fd\u4e0e\u7ba1\u7406\u7f51\u7edc\u9694\u79bb \u4f7f\u7528 TLS \u4fdd\u62a4\u901a\u4fe1 \u4e3a\u6bcf\u4e2a OpenStack \u670d\u52a1\u7aef\u70b9\u521b\u5efa\u552f\u4e00\u7684\u6570\u636e\u5e93\u7528\u6237\u5e10\u6237\uff08\u5982\u4e0b\u56fe\u6240\u793a\uff09 \u6570\u636e\u5e93\u8ba4\u8bc1\u548c\u8bbf\u95ee\u63a7\u5236 \u00b6 \u8003\u8651\u5230\u8bbf\u95ee\u6570\u636e\u5e93\u7684\u98ce\u9669\uff0c\u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\u4e3a\u6bcf\u4e2a\u9700\u8981\u8bbf\u95ee\u6570\u636e\u5e93\u7684\u8282\u70b9\u521b\u5efa\u552f\u4e00\u7684\u6570\u636e\u5e93\u7528\u6237\u5e10\u6237\u3002\u8fd9\u6837\u505a\u6709\u52a9\u4e8e\u66f4\u597d\u5730\u8fdb\u884c\u5206\u6790\u548c\u5ba1\u6838\uff0c\u4ee5\u786e\u4fdd\u5408\u89c4\u6027\uff0c\u6216\u8005\u5728\u8282\u70b9\u906d\u5230\u5165\u4fb5\u65f6\uff0c\u901a\u8fc7\u5728\u68c0\u6d4b\u5230\u8be5\u8282\u70b9\u65f6\u5220\u9664\u8be5\u8282\u70b9\u5bf9\u6570\u636e\u5e93\u7684\u8bbf\u95ee\u6765\u9694\u79bb\u53d7\u611f\u67d3\u7684\u4e3b\u673a\u3002\u521b\u5efa\u8fd9\u4e9b\u6bcf\u4e2a\u670d\u52a1\u7ec8\u7ed3\u70b9\u6570\u636e\u5e93\u7528\u6237\u5e10\u6237\u65f6\uff0c\u5e94\u6ce8\u610f\u786e\u4fdd\u5c06\u5176\u914d\u7f6e\u4e3a\u9700\u8981 TLS\u3002\u6216\u8005\uff0c\u4e3a\u4e86\u63d0\u9ad8\u5b89\u5168\u6027\uff0c\u5efa\u8bae\u9664\u4e86\u7528\u6237\u540d\u548c\u5bc6\u7801\u5916\uff0c\u8fd8\u4f7f\u7528 X.509 \u8bc1\u4e66\u8eab\u4efd\u9a8c\u8bc1\u6765\u914d\u7f6e\u6570\u636e\u5e93\u5e10\u6237\u3002 \u6743\u9650 \u00b6 \u5e94\u521b\u5efa\u5e76\u4fdd\u62a4\u4e00\u4e2a\u5355\u72ec\u7684\u6570\u636e\u5e93\u7ba1\u7406\u5458 \uff08DBA\uff09 \u5e10\u6237\uff0c\u8be5\u5e10\u6237\u5177\u6709\u521b\u5efa/\u5220\u9664\u6570\u636e\u5e93\u3001\u521b\u5efa\u7528\u6237\u5e10\u6237\u548c\u66f4\u65b0\u7528\u6237\u6743\u9650\u7684\u5b8c\u5168\u6743\u9650\u3002\u8fd9\u79cd\u7b80\u5355\u7684\u8d23\u4efb\u5206\u79bb\u65b9\u6cd5\u6709\u52a9\u4e8e\u9632\u6b62\u610f\u5916\u914d\u7f6e\u9519\u8bef\uff0c\u964d\u4f4e\u98ce\u9669\u5e76\u7f29\u5c0f\u5371\u5bb3\u8303\u56f4\u3002 \u4e3a OpenStack \u670d\u52a1\u548c\u6bcf\u4e2a\u8282\u70b9\u521b\u5efa\u7684\u6570\u636e\u5e93\u7528\u6237\u5e10\u6237\u7684\u6743\u9650\u5e94\u4ec5\u9650\u4e8e\u4e0e\u8be5\u8282\u70b9\u6240\u5c5e\u7684\u670d\u52a1\u76f8\u5173\u7684\u6570\u636e\u5e93\u3002 \u8981\u6c42\u7528\u6237\u5e10\u6237\u9700\u8981 SSL \u4f20\u8f93 \u00b6 \u914d\u7f6e\u793a\u4f8b #1\uff1a\uff08MySQL\uff09 \u00b6 GRANT ALL ON dbname.* to 'compute01'@'hostname' IDENTIFIED BY 'NOVA_DBPASS' REQUIRE SSL; \u914d\u7f6e\u793a\u4f8b #2\uff1a\uff08PostgreSQL\uff09 \u00b6 \u5728\u6587\u4ef6\u4e2d pg_hba.conf \uff1a hostssl dbname compute01 hostname md5 \u8bf7\u6ce8\u610f\uff0c\u6b64\u547d\u4ee4\u4ec5\u6dfb\u52a0\u901a\u8fc7 SSL \u8fdb\u884c\u901a\u4fe1\u7684\u529f\u80fd\uff0c\u5e76\u4e14\u662f\u975e\u72ec\u5360\u7684\u3002\u5e94\u7981\u7528\u53ef\u80fd\u5141\u8bb8\u672a\u52a0\u5bc6\u4f20\u8f93\u7684\u5176\u4ed6\u8bbf\u95ee\u65b9\u6cd5\uff0c\u4ee5\u4fbf SSL \u662f\u552f\u4e00\u7684\u8bbf\u95ee\u65b9\u6cd5\u3002 \u8be5 md5 \u53c2\u6570\u5c06\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u5b9a\u4e49\u4e3a\u54c8\u5e0c\u5bc6\u7801\u3002\u6211\u4eec\u5728\u4ee5\u4e0b\u90e8\u5206\u4e2d\u63d0\u4f9b\u4e86\u4e00\u4e2a\u5b89\u5168\u8eab\u4efd\u9a8c\u8bc1\u793a\u4f8b\u3002 OpenStack \u670d\u52a1\u6570\u636e\u5e93\u914d\u7f6e \u00b6 \u5982\u679c\u6570\u636e\u5e93\u670d\u52a1\u5668\u914d\u7f6e\u4e3a\u4f7f\u7528 TLS \u4f20\u8f93\uff0c\u5219\u9700\u8981\u6307\u5b9a\u7528\u4e8e SQLAlchemy \u67e5\u8be2\u4e2d\u7684\u521d\u59cb\u8fde\u63a5\u5b57\u7b26\u4e32\u7684\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u4fe1\u606f\u3002 MySQL :sql_connection \u7684\u5b57\u7b26\u4e32\u793a\u4f8b\uff1a \u00b6 sql_connection = mysql://compute01:NOVA_DBPASS@localhost/nova?charset=utf8&ssl_ca=/etc/mysql/cacert.pem \u4f7f\u7528 X.509 \u8bc1\u4e66\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1 \u00b6 \u901a\u8fc7\u8981\u6c42\u4f7f\u7528 X.509 \u5ba2\u6237\u7aef\u8bc1\u4e66\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff0c\u53ef\u4ee5\u589e\u5f3a\u5b89\u5168\u6027\u3002\u4ee5\u8fd9\u79cd\u65b9\u5f0f\u5bf9\u6570\u636e\u5e93\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u53ef\u4ee5\u4e3a\u4e0e\u6570\u636e\u5e93\u5efa\u7acb\u8fde\u63a5\u7684\u5ba2\u6237\u7aef\u63d0\u4f9b\u66f4\u597d\u7684\u8eab\u4efd\u4fdd\u8bc1\uff0c\u5e76\u786e\u4fdd\u901a\u4fe1\u662f\u52a0\u5bc6\u7684\u3002 \u914d\u7f6e\u793a\u4f8b #1\uff1a\uff08MySQL\uff09 \u00b6 GRANT ALL on dbname.* to 'compute01'@'hostname' IDENTIFIED BY 'NOVA_DBPASS' REQUIRE SUBJECT '/C=XX/ST=YYY/L=ZZZZ/O=cloudycloud/CN=compute01' AND ISSUER '/C=XX/ST=YYY/L=ZZZZ/O=cloudycloud/CN=cloud-ca'; \u914d\u7f6e\u793a\u4f8b #2\uff1a\uff08PostgreSQL\uff09 \u00b6 hostssl dbname compute01 hostname cert OpenStack \u670d\u52a1\u6570\u636e\u5e93\u914d\u7f6e \u00b6 \u5982\u679c\u6570\u636e\u5e93\u670d\u52a1\u5668\u914d\u7f6e\u4e3a\u9700\u8981 X.509 \u8bc1\u4e66\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff0c\u5219\u9700\u8981\u4e3a\u6570\u636e\u5e93\u540e\u7aef\u6307\u5b9a\u76f8\u5e94\u7684 SQLAlchemy \u67e5\u8be2\u53c2\u6570\u3002\u8fd9\u4e9b\u53c2\u6570\u6307\u5b9a\u7528\u4e8e\u521d\u59cb\u8fde\u63a5\u5b57\u7b26\u4e32\u7684\u8bc1\u4e66\u3001\u79c1\u94a5\u548c\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u4fe1\u606f\u3002 MySQL \u7684 X.509 \u8bc1\u4e66\u8eab\u4efd\u9a8c\u8bc1 :sql_connection \u5b57\u7b26\u4e32\u793a\u4f8b\uff1a sql_connection = mysql://compute01:NOVA_DBPASS@localhost/nova? charset=utf8&ssl_ca = /etc/mysql/cacert.pem&ssl_cert=/etc/mysql/server-cert.pem&ssl_key=/etc/mysql/server-key.pem Nova-conductor \u00b6 OpenStack Compute \u63d0\u4f9b\u4e86\u4e00\u4e2a\u79f0\u4e3a nova-conductor \u7684\u5b50\u670d\u52a1\uff0c\u7528\u4e8e\u4ee3\u7406\u6570\u636e\u5e93\u8fde\u63a5\uff0c\u5176\u4e3b\u8981\u76ee\u7684\u662f\u8ba9 nova \u8ba1\u7b97\u8282\u70b9\u4e0e nova-conductor \u8fde\u63a5\u4ee5\u6ee1\u8db3\u6570\u636e\u6301\u4e45\u6027\u9700\u6c42\uff0c\u800c\u4e0d\u662f\u76f4\u63a5\u4e0e\u6570\u636e\u5e93\u901a\u4fe1\u3002 Nova-conductor \u901a\u8fc7 RPC \u63a5\u6536\u8bf7\u6c42\u5e76\u4ee3\u8868\u8c03\u7528\u670d\u52a1\u6267\u884c\u64cd\u4f5c\uff0c\u800c\u65e0\u9700\u6388\u4e88\u5bf9\u6570\u636e\u5e93\u3001\u5176\u8868\u6216\u5176\u4e2d\u6570\u636e\u7684\u7cbe\u7ec6\u8bbf\u95ee\u6743\u9650\u3002Nova-conductor \u5b9e\u8d28\u4e0a\u5c06\u76f4\u63a5\u6570\u636e\u5e93\u8bbf\u95ee\u4ece\u8ba1\u7b97\u8282\u70b9\u4e2d\u62bd\u8c61\u51fa\u6765\u3002 \u8fd9\u79cd\u62bd\u8c61\u7684\u4f18\u70b9\u662f\u5c06\u670d\u52a1\u9650\u5236\u4e3a\u4f7f\u7528\u53c2\u6570\u6267\u884c\u65b9\u6cd5\uff0c\u7c7b\u4f3c\u4e8e\u5b58\u50a8\u8fc7\u7a0b\uff0c\u4ece\u800c\u9632\u6b62\u5927\u91cf\u7cfb\u7edf\u76f4\u63a5\u8bbf\u95ee\u6216\u4fee\u6539\u6570\u636e\u5e93\u6570\u636e\u3002\u8fd9\u662f\u5728\u4e0d\u5728\u6570\u636e\u5e93\u672c\u8eab\u7684\u4e0a\u4e0b\u6587\u6216\u8303\u56f4\u5185\u5b58\u50a8\u6216\u6267\u884c\u8fd9\u4e9b\u8fc7\u7a0b\u7684\u60c5\u51b5\u4e0b\u5b8c\u6210\u7684\uff0c\u8fd9\u662f\u5bf9\u5178\u578b\u5b58\u50a8\u8fc7\u7a0b\u7684\u5e38\u89c1\u6279\u8bc4\u3002 \u9057\u61be\u7684\u662f\uff0c\u6b64\u89e3\u51b3\u65b9\u6848\u4f7f\u66f4\u7ec6\u7c92\u5ea6\u7684\u8bbf\u95ee\u63a7\u5236\u548c\u5ba1\u6838\u6570\u636e\u8bbf\u95ee\u7684\u80fd\u529b\u7684\u4efb\u52a1\u590d\u6742\u5316\u3002\u7531\u4e8e nova-conductor \u670d\u52a1\u901a\u8fc7 RPC \u63a5\u6536\u8bf7\u6c42\uff0c\u56e0\u6b64\u5b83\u7a81\u51fa\u4e86\u63d0\u9ad8\u6d88\u606f\u4f20\u9012\u5b89\u5168\u6027\u7684\u91cd\u8981\u6027\u3002\u4efb\u4f55\u6709\u6743\u8bbf\u95ee\u6d88\u606f\u961f\u5217\u7684\u8282\u70b9\u90fd\u53ef\u4ee5\u6267\u884c nova-conductor \u63d0\u4f9b\u7684\u8fd9\u4e9b\u65b9\u6cd5\uff0c\u5e76\u6709\u6548\u5730\u4fee\u6539\u6570\u636e\u5e93\u3002 \u8bf7\u6ce8\u610f\uff0c\u7531\u4e8e nova-conductor \u4ec5\u9002\u7528\u4e8e OpenStack Compute\uff0c\u56e0\u6b64\u5bf9\u4e8e\u5176\u4ed6 OpenStack \u7ec4\u4ef6\uff08\u5982 Telemetry\uff08\u4e91\u9ad8\u8ba1\uff09\u3001\u7f51\u7edc\u548c\u5757\u5b58\u50a8\uff09\u7684\u8fd0\u884c\uff0c\u53ef\u80fd\u4ecd\u7136\u9700\u8981\u4ece\u8ba1\u7b97\u4e3b\u673a\u76f4\u63a5\u8bbf\u95ee\u6570\u636e\u5e93\u3002 \u82e5\u8981\u7981\u7528 nova-conductor\uff0c\u8bf7\u5c06\u4ee5\u4e0b\u5185\u5bb9\u653e\u5165 nova.conf \u6587\u4ef6\u4e2d\uff08\u5728\u8ba1\u7b97\u4e3b\u673a\u4e0a\uff09\uff1a [conductor] use_local = true \u6570\u636e\u5e93\u4f20\u8f93\u5b89\u5168\u6027 \u00b6 \u672c\u7ae0\u4ecb\u7ecd\u4e0e\u6570\u636e\u5e93\u670d\u52a1\u5668\u4e4b\u95f4\u7684\u7f51\u7edc\u901a\u4fe1\u76f8\u5173\u7684\u95ee\u9898\u3002\u8fd9\u5305\u62ec IP \u5730\u5740\u7ed1\u5b9a\u548c\u4f7f\u7528 TLS \u52a0\u5bc6\u7f51\u7edc\u6d41\u91cf\u3002 \u6570\u636e\u5e93\u670d\u52a1\u5668 IP \u5730\u5740\u7ed1\u5b9a \u00b6 \u82e5\u8981\u9694\u79bb\u670d\u52a1\u548c\u6570\u636e\u5e93\u4e4b\u95f4\u7684\u654f\u611f\u6570\u636e\u5e93\u901a\u4fe1\uff0c\u5f3a\u70c8\u5efa\u8bae\u5c06\u6570\u636e\u5e93\u670d\u52a1\u5668\u914d\u7f6e\u4e3a\u4ec5\u5141\u8bb8\u901a\u8fc7\u9694\u79bb\u7684\u7ba1\u7406\u7f51\u7edc\u4e0e\u6570\u636e\u5e93\u8fdb\u884c\u901a\u4fe1\u3002\u8fd9\u662f\u901a\u8fc7\u9650\u5236\u6570\u636e\u5e93\u670d\u52a1\u5668\u4e3a\u4f20\u5165\u5ba2\u6237\u7aef\u8fde\u63a5\u7ed1\u5b9a\u7f51\u7edc\u5957\u63a5\u5b57\u7684\u63a5\u53e3\u6216 IP \u5730\u5740\u6765\u5b9e\u73b0\u7684\u3002 \u9650\u5236 MySQL \u7684\u7ed1\u5b9a\u5730\u5740 \u00b6 \u5728 my.cnf \uff1a [mysqld] ... bind-address <ip address or hostname of management network interface> \u9650\u5236 PostgreSQL \u7684\u76d1\u542c\u5730\u5740 \u00b6 \u5728 postgresql.conf \uff1a listen_addresses = <ip address or hostname of management network interface> \u6570\u636e\u5e93\u4f20\u8f93 \u00b6 \u9664\u4e86\u5c06\u6570\u636e\u5e93\u901a\u4fe1\u9650\u5236\u4e3a\u7ba1\u7406\u7f51\u7edc\u5916\uff0c\u6211\u4eec\u8fd8\u5f3a\u70c8\u5efa\u8bae\u4e91\u7ba1\u7406\u5458\u5c06\u5176\u6570\u636e\u5e93\u540e\u7aef\u914d\u7f6e\u4e3a\u9700\u8981 TLS\u3002\u5c06 TLS \u7528\u4e8e\u6570\u636e\u5e93\u5ba2\u6237\u7aef\u8fde\u63a5\u53ef\u4fdd\u62a4\u901a\u4fe1\u4e0d\u88ab\u7be1\u6539\u548c\u7a83\u542c\u3002\u6b63\u5982\u4e0b\u4e00\u8282\u5c06\u8ba8\u8bba\u7684\u90a3\u6837\uff0c\u4f7f\u7528 TLS \u8fd8\u63d0\u4f9b\u4e86\u901a\u8fc7 X.509 \u8bc1\u4e66\uff08\u901a\u5e38\u79f0\u4e3a PKI\uff09\u6267\u884c\u6570\u636e\u5e93\u7528\u6237\u8eab\u4efd\u9a8c\u8bc1\u7684\u6846\u67b6\u3002\u4ee5\u4e0b\u662f\u6709\u5173\u5982\u4f55\u4e3a\u4e24\u4e2a\u6d41\u884c\u7684\u6570\u636e\u5e93\u540e\u7aef MySQL \u548c PostgreSQL \u914d\u7f6e TLS \u7684\u6307\u5357\u3002 \u6ce8\u610f \u5b89\u88c5\u8bc1\u4e66\u548c\u5bc6\u94a5\u6587\u4ef6\u65f6\uff0c\u8bf7\u786e\u4fdd\u6587\u4ef6\u6743\u9650\u53d7\u5230\u9650\u5236\uff0c\u4f8b\u5982 `chmod 0600` \uff0c\u6240\u6709\u6743\u9650\u5236\u4e3a\u6570\u636e\u5e93\u5b88\u62a4\u7a0b\u5e8f\u7528\u6237\uff0c\u4ee5\u9632\u6b62\u6570\u636e\u5e93\u670d\u52a1\u5668\u4e0a\u7684\u5176\u4ed6\u8fdb\u7a0b\u548c\u7528\u6237\u8fdb\u884c\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002 MySQL SSL\u914d\u7f6e \u00b6 \u5e94\u5728\u7cfb\u7edf\u8303\u56f4\u7684MySQL\u914d\u7f6e\u6587\u4ef6\u4e2d\u6dfb\u52a0\u4ee5\u4e0b\u884c\uff1a \u5728 my.cnf \uff1a [[mysqld]] ... ssl-ca = /path/to/ssl/cacert.pem ssl-cert = /path/to/ssl/server-cert.pem ssl-key = /path/to/ssl/server-key.pem \uff08\u53ef\u9009\uff09\u5982\u679c\u60a8\u5e0c\u671b\u9650\u5236\u7528\u4e8e\u52a0\u5bc6\u8fde\u63a5\u7684 SSL \u5bc6\u7801\u96c6\u3002\u6709\u5173\u5bc6\u7801\u5217\u8868\u548c\u7528\u4e8e\u6307\u5b9a\u5bc6\u7801\u5b57\u7b26\u4e32\u7684\u8bed\u6cd5\uff0c\u8bf7\u53c2\u9605\u5bc6\u7801\uff1a ssl-cipher = 'cipher:list' PostgreSQL SSL \u914d\u7f6e \u00b6 \u5e94\u5728\u7cfb\u7edf\u8303\u56f4\u7684 PostgreSQL \u914d\u7f6e\u6587\u4ef6\u4e2d\u6dfb\u52a0\u4ee5\u4e0b\u884c\u3002 postgresql.conf ssl = true \uff08\u53ef\u9009\uff09\u5982\u679c\u60a8\u5e0c\u671b\u9650\u5236\u7528\u4e8e\u52a0\u5bc6\u8fde\u63a5\u7684 SSL \u5bc6\u7801\u96c6\u3002\u6709\u5173\u5bc6\u7801\u5217\u8868\u548c\u7528\u4e8e\u6307\u5b9a\u5bc6\u7801\u5b57\u7b26\u4e32\u7684\u8bed\u6cd5\uff0c\u8bf7\u53c2\u9605\u5bc6\u7801\uff1a ssl-ciphers = 'cipher:list' \u670d\u52a1\u5668\u8bc1\u4e66\u3001\u5bc6\u94a5\u548c\u8bc1\u4e66\u9881\u53d1\u673a\u6784 \uff08CA\uff09 \u6587\u4ef6\u5e94\u653e\u5728\u4ee5\u4e0b\u6587\u4ef6\u7684 $PGDATA \u76ee\u5f55\u4e2d\uff1a $PGDATA/server.crt - \u670d\u52a1\u5668\u8bc1\u4e66 $PGDATA/server.key - \u79c1\u94a5\u5bf9\u5e94\u4e8e server.crt $PGDATA/root.crt - \u53ef\u4fe1\u8bc1\u4e66\u9881\u53d1\u673a\u6784 $PGDATA/root.crl - \u8bc1\u4e66\u64a4\u9500\u5217\u8868 \u79df\u6237\u6570\u636e\u9690\u79c1 \u00b6 OpenStack\u65e8\u5728\u652f\u6301\u591a\u79df\u6237\uff0c\u8fd9\u4e9b\u79df\u6237\u5f88\u53ef\u80fd\u6709\u4e0d\u540c\u7684\u6570\u636e\u8981\u6c42\u3002\u4f5c\u4e3a\u4e91\u6784\u5efa\u8005\u6216\u8fd0\u8425\u5546\uff0c\u60a8\u5fc5\u987b\u786e\u4fdd\u60a8\u7684 OpenStack \u73af\u5883\u80fd\u591f\u89e3\u51b3\u6570\u636e\u9690\u79c1\u95ee\u9898\u548c\u6cd5\u89c4\u3002\u5728\u672c\u7ae0\u4e2d\uff0c\u6211\u4eec\u5c06\u8ba8\u8bba\u4e0e OpenStack \u5b9e\u73b0\u76f8\u5173\u7684\u6570\u636e\u9a7b\u7559\u548c\u5904\u7f6e\u3002 \u6570\u636e\u9690\u79c1\u95ee\u9898 \u6570\u636e\u9a7b\u7559 \u6570\u636e\u5904\u7f6e \u6570\u636e\u52a0\u5bc6 \u5377\u52a0\u5bc6 \u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6 \u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61 \u5757\u5b58\u50a8\u6027\u80fd\u548c\u540e\u7aef \u7f51\u7edc\u6570\u636e \u5bc6\u94a5\u7ba1\u7406 \u53c2\u8003\u4e66\u76ee: \u6570\u636e\u9690\u79c1\u95ee\u9898 \u00b6 \u6570\u636e\u9a7b\u7559 \u00b6 \u5728\u8fc7\u53bb\u51e0\u5e74\u4e2d\uff0c\u6570\u636e\u7684\u9690\u79c1\u548c\u9694\u79bb\u4e00\u76f4\u88ab\u8ba4\u4e3a\u662f\u91c7\u7528\u4e91\u7684\u4e3b\u8981\u969c\u788d\u3002\u8fc7\u53bb\uff0c\u5bf9\u8c01\u62e5\u6709\u4e91\u4e2d\u6570\u636e\u4ee5\u53ca\u4e91\u8fd0\u8425\u5546\u662f\u5426\u53ef\u4ee5\u6700\u7ec8\u4fe1\u4efb\u8fd9\u4e9b\u6570\u636e\u7684\u4fdd\u7ba1\u4eba\u7684\u62c5\u5fe7\u4e00\u76f4\u662f\u91cd\u5927\u95ee\u9898\u3002 \u8bb8\u591a OpenStack \u670d\u52a1\u7ef4\u62a4\u5c5e\u4e8e\u79df\u6237\u7684\u6570\u636e\u548c\u5143\u6570\u636e\u6216\u53c2\u8003\u79df\u6237\u4fe1\u606f\u3002 \u5b58\u50a8\u5728 OpenStack \u4e91\u4e2d\u7684\u79df\u6237\u6570\u636e\u53ef\u80fd\u5305\u62ec\u4ee5\u4e0b\u9879\u76ee\uff1a \u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61 \u8ba1\u7b97\u5b9e\u4f8b\u4e34\u65f6\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8 \u8ba1\u7b97\u5b9e\u4f8b\u5185\u5b58 \u5757\u5b58\u50a8\u5377\u6570\u636e \u7528\u4e8e\u8ba1\u7b97\u8bbf\u95ee\u7684\u516c\u94a5 \u6620\u50cf\u670d\u52a1\u4e2d\u7684\u865a\u62df\u673a\u6620\u50cf \u8ba1\u7b97\u673a\u5feb\u7167 \u4f20\u9012\u7ed9 OpenStack Compute \u7684\u914d\u7f6e\u9a71\u52a8\u5668\u6269\u5c55\u7684\u6570\u636e OpenStack \u4e91\u5b58\u50a8\u7684\u5143\u6570\u636e\u5305\u62ec\u4ee5\u4e0b\u975e\u8be6\u5c3d\u9879\u76ee\uff1a \u7ec4\u7ec7\u540d\u79f0 \u7528\u6237\u7684\u201c\u771f\u5b9e\u59d3\u540d\u201d \u6b63\u5728\u8fd0\u884c\u7684\u5b9e\u4f8b\u3001\u5b58\u50a8\u6876\u3001\u5bf9\u8c61\u3001\u5377\u548c\u5176\u4ed6\u914d\u989d\u76f8\u5173\u9879\u76ee\u7684\u6570\u91cf\u6216\u5927\u5c0f \u8fd0\u884c\u5b9e\u4f8b\u6216\u5b58\u50a8\u6570\u636e\u7684\u5c0f\u65f6\u6570 \u7528\u6237\u7684 IP \u5730\u5740 \u5185\u90e8\u751f\u6210\u7684\u7528\u4e8e\u8ba1\u7b97\u6620\u50cf\u6346\u7ed1\u7684\u79c1\u94a5 \u6570\u636e\u5904\u7f6e \u00b6 OpenStack\u8fd0\u8425\u5546\u5e94\u52aa\u529b\u63d0\u4f9b\u4e00\u5b9a\u7a0b\u5ea6\u7684\u79df\u6237\u6570\u636e\u5904\u7f6e\u4fdd\u8bc1\u3002\u6700\u4f73\u5b9e\u8df5\u5efa\u8bae\u64cd\u4f5c\u5458\u5728\u5904\u7f6e\u3001\u91ca\u653e\u7ec4\u7ec7\u63a7\u5236\u6216\u91ca\u653e\u4ee5\u4f9b\u91cd\u590d\u4f7f\u7528\u4e4b\u524d\u5bf9\u4e91\u7cfb\u7edf\u4ecb\u8d28\uff08\u6570\u5b57\u548c\u975e\u6570\u5b57\uff09\u8fdb\u884c\u6e05\u7406\u3002\u9274\u4e8e\u4fe1\u606f\u7684\u7279\u5b9a\u5b89\u5168\u57df\u548c\u654f\u611f\u6027\uff0c\u6e05\u7406\u65b9\u6cd5\u5e94\u5b9e\u73b0\u9002\u5f53\u7ea7\u522b\u7684\u5f3a\u5ea6\u548c\u5b8c\u6574\u6027\u3002 \u201c\u6e05\u7406\u8fc7\u7a0b\u4f1a\u4ece\u4ecb\u8d28\u4e2d\u5220\u9664\u4fe1\u606f\uff0c\u56e0\u6b64\u65e0\u6cd5\u68c0\u7d22\u6216\u91cd\u5efa\u4fe1\u606f\u3002\u6e05\u7406\u6280\u672f\uff0c\u5305\u62ec\u6e05\u9664\u3001\u6e05\u9664\u3001\u52a0\u5bc6\u64e6\u9664\u548c\u9500\u6bc1\uff0c\u53ef\u9632\u6b62\u5728\u91cd\u590d\u4f7f\u7528\u6216\u91ca\u653e\u5904\u7f6e\u6b64\u7c7b\u4ecb\u8d28\u65f6\u5411\u672a\u7ecf\u6388\u6743\u7684\u4e2a\u4eba\u62ab\u9732\u4fe1\u606f\u3002NIST \u7279\u522b\u51fa\u7248\u7269 800-53 \u4fee\u8ba2\u7248 4 NIST\u5efa\u8bae\u7684\u5b89\u5168\u63a7\u5236\u63aa\u65bd\u4e2d\u91c7\u7528\u7684\u4e00\u822c\u6570\u636e\u5904\u7f6e\u548c\u6e05\u7406\u6307\u5357\u3002\u4e91\u8fd0\u8425\u5546\u5e94\uff1a \u8ddf\u8e2a\u3001\u8bb0\u5f55\u548c\u9a8c\u8bc1\u4ecb\u8d28\u6e05\u7406\u548c\u5904\u7f6e\u64cd\u4f5c\u3002 \u6d4b\u8bd5\u6e05\u7406\u8bbe\u5907\u548c\u7a0b\u5e8f\u4ee5\u9a8c\u8bc1\u5176\u6027\u80fd\u662f\u5426\u6b63\u5e38\u3002 \u5728\u5c06\u4fbf\u643a\u5f0f\u53ef\u79fb\u52a8\u5b58\u50a8\u8bbe\u5907\u8fde\u63a5\u5230\u4e91\u57fa\u7840\u67b6\u6784\u4e4b\u524d\uff0c\u5148\u5bf9\u5176\u8fdb\u884c\u6e05\u7406\u3002 \u9500\u6bc1\u65e0\u6cd5\u6e05\u7406\u7684\u4e91\u7cfb\u7edf\u4ecb\u8d28\u3002 \u5728 OpenStack \u90e8\u7f72\u4e2d\uff0c\u60a8\u9700\u8981\u89e3\u51b3\u4ee5\u4e0b\u95ee\u9898\uff1a \u5b89\u5168\u6570\u636e\u64e6\u9664 \u5b9e\u4f8b\u5185\u5b58\u6e05\u7406 \u5757\u5b58\u50a8\u5377\u6570\u636e \u8ba1\u7b97\u5b9e\u4f8b\u4e34\u65f6\u5b58\u50a8 \u88f8\u673a\u670d\u52a1\u5668\u6e05\u7406 \u6570\u636e\u672a\u5b89\u5168\u5220\u9664 \u00b6 \u5728OpenStack\u4e2d\uff0c\u67d0\u4e9b\u6570\u636e\u53ef\u80fd\u4f1a\u88ab\u5220\u9664\uff0c\u4f46\u5728\u4e0a\u8ff0NIST\u6807\u51c6\u7684\u4e0a\u4e0b\u6587\u4e2d\u4e0d\u4f1a\u88ab\u5b89\u5168\u5220\u9664\u3002\u8fd9\u901a\u5e38\u9002\u7528\u4e8e\u5b58\u50a8\u5728\u6570\u636e\u5e93\u4e2d\u7684\u5927\u591a\u6570\u6216\u5168\u90e8\u4e0a\u8ff0\u5b9a\u4e49\u7684\u5143\u6570\u636e\u548c\u4fe1\u606f\u3002\u8fd9\u53ef\u4ee5\u901a\u8fc7\u6570\u636e\u5e93\u548c/\u6216\u7cfb\u7edf\u914d\u7f6e\u8fdb\u884c\u81ea\u52a8\u5438\u5c18\u548c\u5b9a\u671f\u53ef\u7528\u7a7a\u95f4\u64e6\u9664\u6765\u4fee\u590d\u3002 \u5b9e\u4f8b\u5185\u5b58\u6e05\u7406 \u00b6 \u7279\u5b9a\u4e8e\u5404\u79cd\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u7684\u662f\u5b9e\u4f8b\u5185\u5b58\u7684\u5904\u7406\u3002OpenStack Compute \u4e2d\u6ca1\u6709\u5b9a\u4e49\u6b64\u884c\u4e3a\uff0c\u5c3d\u7ba1\u901a\u5e38\u671f\u671b hypervisor \u5728\u5220\u9664\u5b9e\u4f8b\u548c/\u6216\u521b\u5efa\u5b9e\u4f8b\u65f6\u5c3d\u6700\u5927\u52aa\u529b\u6e05\u7406\u5185\u5b58\u3002 Xen \u663e\u5f0f\u5730\u4e3a\u5b9e\u4f8b\u5206\u914d\u4e13\u7528\u5185\u5b58\u533a\u57df\uff0c\u5e76\u5728\u5b9e\u4f8b\uff08\u6216 Xen \u672f\u8bed\u4e2d\u7684\u57df\uff09\u9500\u6bc1\u65f6\u6e05\u7406\u6570\u636e\u3002KVM \u5728\u5f88\u5927\u7a0b\u5ea6\u4e0a\u4f9d\u8d56\u4e8e Linux \u9875\u9762\u7ba1\u7406;KVM \u6587\u6863\u4e2d\u5b9a\u4e49\u4e86\u4e00\u7ec4\u4e0e KVM \u5206\u9875\u76f8\u5173\u7684\u590d\u6742\u89c4\u5219\u3002 \u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u4f7f\u7528 Xen \u5185\u5b58\u6c14\u7403\u529f\u80fd\u53ef\u80fd\u4f1a\u5bfc\u81f4\u4fe1\u606f\u6cc4\u9732\u3002\u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\u907f\u514d\u4f7f\u7528\u6b64\u529f\u80fd\u3002 \u5bf9\u4e8e\u8fd9\u4e9b\u548c\u5176\u4ed6\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\uff0c\u6211\u4eec\u5efa\u8bae\u53c2\u8003\u7279\u5b9a\u4e8e\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u7684\u6587\u6863\u3002 Cinder \u5377\u6570\u636e \u00b6 \u5f3a\u70c8\u5efa\u8bae\u4f7f\u7528 OpenStack \u5377\u52a0\u5bc6\u529f\u80fd\u3002\u4e0b\u9762\u201c\u5377\u52a0\u5bc6\u201d\u4e0b\u7684\u201c\u6570\u636e\u52a0\u5bc6\u201d\u90e8\u5206\u5bf9\u6b64\u8fdb\u884c\u4e86\u8ba8\u8bba\u3002\u4f7f\u7528\u6b64\u529f\u80fd\u65f6\uff0c\u901a\u8fc7\u5b89\u5168\u5730\u5220\u9664\u52a0\u5bc6\u5bc6\u94a5\u6765\u5b8c\u6210\u6570\u636e\u9500\u6bc1\u3002\u6700\u7ec8\u7528\u6237\u53ef\u4ee5\u5728\u521b\u5efa\u5377\u65f6\u9009\u62e9\u6b64\u529f\u80fd\uff0c\u4f46\u8bf7\u6ce8\u610f\uff0c\u7ba1\u7406\u5458\u5fc5\u987b\u5148\u6267\u884c\u5377\u52a0\u5bc6\u529f\u80fd\u7684\u4e00\u6b21\u6027\u8bbe\u7f6e\u3002\u6709\u5173\u6b64\u8bbe\u7f6e\u7684\u8bf4\u660e\uff0c\u8bf7\u53c2\u9605\u201c\u914d\u7f6e\u53c2\u8003\u201d\u7684\u201c\u5757\u5b58\u50a8\u201d\u90e8\u5206\u7684\u201c\u5377\u52a0\u5bc6\u201d\u4e0b\u3002 \u5982\u679c\u4e0d\u4f7f\u7528 OpenStack \u5377\u52a0\u5bc6\u529f\u80fd\uff0c\u90a3\u4e48\u5176\u4ed6\u65b9\u6cd5\u901a\u5e38\u66f4\u96be\u542f\u7528\u3002\u5982\u679c\u4f7f\u7528\u540e\u7aef\u63d2\u4ef6\uff0c\u5219\u53ef\u80fd\u5b58\u5728\u72ec\u7acb\u7684\u52a0\u5bc6\u65b9\u6cd5\u6216\u975e\u6807\u51c6\u8986\u76d6\u89e3\u51b3\u65b9\u6848\u3002OpenStack Block Storage \u7684\u63d2\u4ef6\u5c06\u4ee5\u591a\u79cd\u65b9\u5f0f\u5b58\u50a8\u6570\u636e\u3002\u8bb8\u591a\u63d2\u4ef6\u7279\u5b9a\u4e8e\u4f9b\u5e94\u5546\u6216\u6280\u672f\uff0c\u800c\u5176\u4ed6\u63d2\u4ef6\u5219\u66f4\u591a\u5730\u662f\u56f4\u7ed5\u6587\u4ef6\u7cfb\u7edf\uff08\u5982 LVM \u6216 ZFS\uff09\u7684 DIY \u89e3\u51b3\u65b9\u6848\u3002\u5b89\u5168\u9500\u6bc1\u6570\u636e\u7684\u65b9\u6cd5\u56e0\u63d2\u4ef6\u800c\u5f02\uff0c\u56e0\u4f9b\u5e94\u5546\u7684\u89e3\u51b3\u65b9\u6848\u800c\u5f02\uff0c\u4e5f\u56e0\u6587\u4ef6\u7cfb\u7edf\u800c\u5f02\u3002 \u4e00\u4e9b\u540e\u7aef\uff08\u5982 ZFS\uff09\u5c06\u652f\u6301\u5199\u5165\u65f6\u590d\u5236\uff0c\u4ee5\u9632\u6b62\u6570\u636e\u6cc4\u9732\u3002\u5728\u8fd9\u4e9b\u60c5\u51b5\u4e0b\uff0c\u4ece\u672a\u5199\u5165\u5757\u4e2d\u8bfb\u53d6\u5c06\u59cb\u7ec8\u8fd4\u56de\u96f6\u3002\u5176\u4ed6\u540e\u7aef\uff08\u5982 LVM\uff09\u53ef\u80fd\u672c\u8eab\u4e0d\u652f\u6301\u6b64\u529f\u80fd\uff0c\u56e0\u6b64\u5757\u5b58\u50a8\u63d2\u4ef6\u8d1f\u8d23\u5728\u5c06\u4e4b\u524d\u5199\u5165\u7684\u5757\u4ea4\u7ed9\u7528\u6237\u4e4b\u524d\u8986\u76d6\u5b83\u4eec\u3002\u8bf7\u52a1\u5fc5\u67e5\u770b\u6240\u9009\u5377\u540e\u7aef\u63d0\u4f9b\u54ea\u4e9b\u4fdd\u8bc1\uff0c\u5e76\u67e5\u770b\u54ea\u4e9b\u4e2d\u4ecb\u53ef\u7528\u4e8e\u672a\u63d0\u4f9b\u7684\u4fdd\u8bc1\u3002 \u955c\u50cf\u670d\u52a1\u5ef6\u65f6\u5220\u9664\u529f\u80fd \u00b6 OpenStack \u955c\u50cf\u670d\u52a1\u5177\u6709\u5ef6\u8fdf\u5220\u9664\u529f\u80fd\uff0c\u8be5\u529f\u80fd\u5c06\u5728\u5b9a\u4e49\u7684\u65f6\u95f4\u6bb5\u5185\u7b49\u5f85\u955c\u50cf\u7684\u5220\u9664\u3002\u5982\u679c\u5b58\u5728\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u901a\u8fc7\u7f16\u8f91 etc/glance/glance-api.conf \u6587\u4ef6\u5e76\u5c06 delayed_delete \u9009\u9879\u8bbe\u7f6e\u4e3a False \u6765\u7981\u7528\u6b64\u529f\u80fd\u3002 \u8ba1\u7b97\u8f6f\u5220\u9664\u529f\u80fd \u00b6 OpenStack Compute \u5177\u6709\u8f6f\u5220\u9664\u529f\u80fd\uff0c\u8be5\u529f\u80fd\u4f7f\u88ab\u5220\u9664\u7684\u5b9e\u4f8b\u5728\u5b9a\u4e49\u7684\u65f6\u95f4\u6bb5\u5185\u5904\u4e8e\u8f6f\u5220\u9664\u72b6\u6001\u3002\u5b9e\u4f8b\u53ef\u4ee5\u5728\u6b64\u65f6\u95f4\u6bb5\u5185\u6062\u590d\u3002\u82e5\u8981\u7981\u7528\u8f6f\u5220\u9664\u529f\u80fd\uff0c\u8bf7\u7f16\u8f91 etc/nova/nova.conf \u6587\u4ef6\u5e76\u5c06\u8be5 reclaim_instance_interval \u9009\u9879\u7559\u7a7a\u3002 \u8ba1\u7b97\u5b9e\u4f8b\u4e34\u65f6\u5b58\u50a8 \u00b6 \u8bf7\u6ce8\u610f\uff0cOpenStack \u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\u529f\u80fd\u63d0\u4f9b\u4e86\u4e00\u79cd\u6539\u8fdb\u4e34\u65f6\u5b58\u50a8\u9690\u79c1\u548c\u9694\u79bb\u7684\u65b9\u6cd5\uff0c\u65e0\u8bba\u662f\u5728\u4e3b\u52a8\u4f7f\u7528\u671f\u95f4\u8fd8\u662f\u5728\u9500\u6bc1\u6570\u636e\u65f6\u3002\u4e0e\u52a0\u5bc6\u5757\u5b58\u50a8\u4e00\u6837\uff0c\u53ea\u9700\u5220\u9664\u52a0\u5bc6\u5bc6\u94a5\u5373\u53ef\u6709\u6548\u5730\u9500\u6bc1\u6570\u636e\u3002 \u5728\u521b\u5efa\u548c\u9500\u6bc1\u4e34\u65f6\u5b58\u50a8\u65f6\uff0c\u63d0\u4f9b\u6570\u636e\u9690\u79c1\u7684\u66ff\u4ee3\u63aa\u65bd\u5c06\u5728\u4e00\u5b9a\u7a0b\u5ea6\u4e0a\u53d6\u51b3\u4e8e\u6240\u9009\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u548c OpenStack \u8ba1\u7b97\u63d2\u4ef6\u3002 \u7528\u4e8e\u8ba1\u7b97\u7684 libvirt \u63d2\u4ef6\u53ef\u4ee5\u76f4\u63a5\u5728\u6587\u4ef6\u7cfb\u7edf\u4e0a\u6216 LVM \u4e2d\u7ef4\u62a4\u4e34\u65f6\u5b58\u50a8\u3002\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u901a\u5e38\u4e0d\u4f1a\u5728\u5220\u9664\u6570\u636e\u65f6\u8986\u76d6\u6570\u636e\uff0c\u4f46\u53ef\u4ee5\u4fdd\u8bc1\u4e0d\u4f1a\u5411\u7528\u6237\u63d0\u4f9b\u810f\u76d8\u533a\u3002 \u5f53\u4f7f\u7528 LVM \u652f\u6301\u7684\u57fa\u4e8e\u5757\u7684\u4e34\u65f6\u5b58\u50a8\u65f6\uff0cOpenStack \u8ba1\u7b97\u8f6f\u4ef6\u5fc5\u987b\u5b89\u5168\u5730\u64e6\u9664\u5757\u4ee5\u9632\u6b62\u4fe1\u606f\u6cc4\u9732\u3002\u8fc7\u53bb\u66fe\u5b58\u5728\u4e0e\u4e0d\u5f53\u64e6\u9664\u7684\u4e34\u65f6\u5757\u5b58\u50a8\u8bbe\u5907\u76f8\u5173\u7684\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002 \u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u5bf9\u4e8e\u4e34\u65f6\u5757\u5b58\u50a8\u8bbe\u5907\u6765\u8bf4\u662f\u4e00\u79cd\u6bd4 LVM \u66f4\u5b89\u5168\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u56e0\u4e3a\u65e0\u6cd5\u4e3a\u7528\u6237\u63d0\u4f9b\u810f\u76d8\u533a\u3002\u4f46\u662f\uff0c\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u7528\u6237\u6570\u636e\u4e0d\u4f1a\u88ab\u7834\u574f\uff0c\u56e0\u6b64\u5efa\u8bae\u5bf9\u540e\u5907\u6587\u4ef6\u7cfb\u7edf\u8fdb\u884c\u52a0\u5bc6\u3002 \u88f8\u673a\u670d\u52a1\u5668\u6e05\u7406 \u00b6 \u7528\u4e8e\u8ba1\u7b97\u7684\u88f8\u673a\u670d\u52a1\u5668\u9a71\u52a8\u7a0b\u5e8f\u6b63\u5728\u5f00\u53d1\u4e2d\uff0c\u6b64\u540e\u5df2\u8f6c\u79fb\u5230\u4e00\u4e2a\u540d\u4e3a ironic \u7684\u5355\u72ec\u9879\u76ee\u4e2d\u3002\u5728\u64b0\u5199\u672c\u6587\u65f6\uff0c\u5177\u6709\u8bbd\u523a\u610f\u5473\u7684\u662f\uff0c\u4f3c\u4e4e\u6ca1\u6709\u89e3\u51b3\u9a7b\u7559\u5728\u7269\u7406\u786c\u4ef6\u4e2d\u7684\u79df\u6237\u6570\u636e\u7684\u6e05\u7406\u95ee\u9898\u3002 \u6b64\u5916\uff0c\u88f8\u673a\u7cfb\u7edf\u7684\u79df\u6237\u53ef\u4ee5\u4fee\u6539\u7cfb\u7edf\u56fa\u4ef6\u3002\u5b89\u5168\u5f15\u5bfc\u4e2d\u6240\u8ff0\u7684 TPM \u6280\u672f\u63d0\u4f9b\u4e86\u4e00\u79cd\u7528\u4e8e\u68c0\u6d4b\u672a\u7ecf\u6388\u6743\u7684\u56fa\u4ef6\u66f4\u6539\u7684\u89e3\u51b3\u65b9\u6848\u3002 \u6570\u636e\u52a0\u5bc6 \u00b6 \u8be5\u9009\u9879\u53ef\u4f9b\u5b9e\u65bd\u8005\u52a0\u5bc6\u79df\u6237\u6570\u636e\uff0c\u65e0\u8bba\u8fd9\u4e9b\u6570\u636e\u5b58\u50a8\u5728\u78c1\u76d8\u4e0a\u6216\u901a\u8fc7\u7f51\u7edc\u4f20\u8f93\uff0c\u4f8b\u5982\u4e0b\u9762\u63cf\u8ff0\u7684 OpenStack \u5377\u52a0\u5bc6\u529f\u80fd\u3002\u8fd9\u8d85\u51fa\u4e86\u7528\u6237\u5728\u5c06\u81ea\u5df1\u7684\u6570\u636e\u53d1\u9001\u7ed9\u63d0\u4f9b\u5546\u4e4b\u524d\u52a0\u5bc6\u81ea\u5df1\u7684\u6570\u636e\u7684\u4e00\u822c\u5efa\u8bae\u3002 \u4ee3\u8868\u79df\u6237\u52a0\u5bc6\u6570\u636e\u7684\u91cd\u8981\u6027\u5f88\u5927\u7a0b\u5ea6\u4e0a\u4e0e\u63d0\u4f9b\u5546\u627f\u62c5\u7684\u653b\u51fb\u8005\u53ef\u80fd\u8bbf\u95ee\u79df\u6237\u6570\u636e\u7684\u98ce\u9669\u6709\u5173\u3002\u653f\u5e9c\u53ef\u80fd\u6709\u8981\u6c42\uff0c\u4e5f\u6709\u6bcf\u4e2a\u7b56\u7565\u7684\u8981\u6c42\uff0c\u79c1\u6709\u5408\u540c\uff0c\u751a\u81f3\u4e0e\u516c\u5171\u4e91\u63d0\u4f9b\u5546\u7684\u79c1\u6709\u5408\u540c\u6709\u5173\u7684\u5224\u4f8b\u6cd5\u3002\u5efa\u8bae\u5728\u9009\u62e9\u79df\u6237\u52a0\u5bc6\u7b56\u7565\u4e4b\u524d\u8fdb\u884c\u98ce\u9669\u8bc4\u4f30\u548c\u6cd5\u5f8b\u987e\u95ee\u3002 \u6309\u5b9e\u4f8b\u6216\u6309\u5bf9\u8c61\u52a0\u5bc6\u6bd4\u6309\u9879\u76ee\u3001\u6309\u79df\u6237\u3001\u6309\u4e3b\u673a\u548c\u6309\u4e91\u805a\u5408\u964d\u5e8f\u8fdb\u884c\u52a0\u5bc6\u66f4\u53ef\u53d6\u3002\u8fd9\u9879\u5efa\u8bae\u4e0e\u5b9e\u65bd\u7684\u590d\u6742\u6027\u548c\u96be\u5ea6\u76f8\u53cd\u3002\u76ee\u524d\uff0c\u5728\u67d0\u4e9b\u9879\u76ee\u4e2d\uff0c\u5f88\u96be\u6216\u4e0d\u53ef\u80fd\u5b9e\u73b0\u50cf\u6bcf\u4e2a\u79df\u6237\u4e00\u6837\u677e\u6563\u7684\u52a0\u5bc6\u3002\u6211\u4eec\u5efa\u8bae\u5b9e\u73b0\u8005\u5c3d\u6700\u5927\u52aa\u529b\u52a0\u5bc6\u79df\u6237\u6570\u636e\u3002 \u901a\u5e38\uff0c\u6570\u636e\u52a0\u5bc6\u4e0e\u53ef\u9760\u5730\u9500\u6bc1\u79df\u6237\u548c\u6bcf\u4e2a\u5b9e\u4f8b\u6570\u636e\u7684\u80fd\u529b\u5448\u6b63\u76f8\u5173\uff0c\u53ea\u9700\u4e22\u5f03\u5bc6\u94a5\u5373\u53ef\u3002\u5e94\u8be5\u6307\u51fa\u7684\u662f\uff0c\u5728\u8fd9\u6837\u505a\u65f6\uff0c\u4ee5\u53ef\u9760\u548c\u5b89\u5168\u7684\u65b9\u5f0f\u9500\u6bc1\u8fd9\u4e9b\u5bc6\u94a5\u53d8\u5f97\u975e\u5e38\u91cd\u8981\u3002 Opportunities to encrypt data for users are present: \u5b58\u5728\u4e3a\u7528\u6237\u52a0\u5bc6\u6570\u636e\u7684\u673a\u4f1a\uff1a \u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61 \u7f51\u7edc\u6570\u636e \u5377\u52a0\u5bc6 \u00b6 OpenStack \u4e2d\u7684\u5377\u52a0\u5bc6\u529f\u80fd\u652f\u6301\u57fa\u4e8e\u6bcf\u4e2a\u79df\u6237\u7684\u9690\u79c1\u4fdd\u62a4\u3002\u4ece Kilo \u7248\u672c\u5f00\u59cb\uff0c\u652f\u6301\u4ee5\u4e0b\u529f\u80fd\uff1a \u521b\u5efa\u548c\u4f7f\u7528\u52a0\u5bc6\u5377\u7c7b\u578b\uff0c\u901a\u8fc7\u4eea\u8868\u677f\u6216\u547d\u4ee4\u884c\u754c\u9762\u542f\u52a8 \u542f\u7528\u52a0\u5bc6\u5e76\u9009\u62e9\u52a0\u5bc6\u7b97\u6cd5\u548c\u5bc6\u94a5\u5927\u5c0f\u7b49\u53c2\u6570 iSCSI \u6570\u636e\u5305\u4e2d\u5305\u542b\u7684\u5377\u6570\u636e\u5df2\u52a0\u5bc6 \u5982\u679c\u539f\u59cb\u5377\u5df2\u52a0\u5bc6\uff0c\u5219\u652f\u6301\u52a0\u5bc6\u5907\u4efd \u4eea\u8868\u677f\u6307\u793a\u5377\u52a0\u5bc6\u72b6\u6001\u3002\u5305\u62ec\u5377\u5df2\u52a0\u5bc6\u7684\u6307\u793a\uff0c\u5e76\u5305\u62ec\u7b97\u6cd5\u548c\u5bc6\u94a5\u5927\u5c0f\u7b49\u52a0\u5bc6\u53c2\u6570 \u901a\u8fc7\u5b89\u5168\u5305\u88c5\u5668\u4e0e\u5bc6\u94a5\u7ba1\u7406\u670d\u52a1\u4ea4\u4e92 \u540e\u7aef\u5bc6\u94a5\u5b58\u50a8\u652f\u6301\u5377\u52a0\u5bc6\uff0c\u4ee5\u589e\u5f3a\u5b89\u5168\u6027\uff08\u4f8b\u5982\uff0c\u786c\u4ef6\u5b89\u5168\u6a21\u5757 \uff08HSM\uff09 \u6216 KMIP \u670d\u52a1\u5668\u53ef\u7528\u4f5c barbican \u540e\u7aef\u5bc6\u94a5\u5b58\u50a8\uff09 \u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6 \u00b6 \u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\u529f\u80fd\u53ef\u89e3\u51b3\u6570\u636e\u9690\u79c1\u95ee\u9898\u3002\u4e34\u65f6\u78c1\u76d8\u662f\u865a\u62df\u4e3b\u673a\u64cd\u4f5c\u7cfb\u7edf\u4f7f\u7528\u7684\u4e34\u65f6\u5de5\u4f5c\u7a7a\u95f4\u3002\u5982\u679c\u4e0d\u52a0\u5bc6\uff0c\u53ef\u4ee5\u5728\u6b64\u78c1\u76d8\u4e0a\u8bbf\u95ee\u654f\u611f\u7684\u7528\u6237\u4fe1\u606f\uff0c\u5e76\u4e14\u5728\u5378\u8f7d\u78c1\u76d8\u540e\u53ef\u80fd\u4f1a\u4fdd\u7559\u6b8b\u7559\u4fe1\u606f\u3002\u4ece Kilo \u7248\u672c\u5f00\u59cb\uff0c\u652f\u6301\u4ee5\u4e0b\u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\u529f\u80fd\uff1a \u521b\u5efa\u548c\u4f7f\u7528\u52a0\u5bc6\u7684 LVM \u4e34\u65f6\u78c1\u76d8\uff08\u6ce8\u610f\uff1a\u76ee\u524d OpenStack \u8ba1\u7b97\u670d\u52a1\u4ec5\u652f\u6301 LVM \u683c\u5f0f\u7684\u52a0\u5bc6\u4e34\u65f6\u78c1\u76d8\uff09 \u8ba1\u7b97\u914d\u7f6e \uff0c nova.conf \u5728\u201c[ephemeral_storage_encryption]\u201d\u90e8\u5206\u4e2d\u5177\u6709\u4ee5\u4e0b\u9ed8\u8ba4\u53c2\u6570 \u9009\u9879\uff1a\u201c\u5bc6\u7801 = AES-XTS-plain64\u201d \u6b64\u5b57\u6bb5\u8bbe\u7f6e\u7528\u4e8e\u52a0\u5bc6\u4e34\u65f6\u5b58\u50a8\u7684\u5bc6\u7801\u548c\u6a21\u5f0f\u3002NIST\u5efa\u8bae\u5c06AES-XTS\u4e13\u95e8\u7528\u4e8e\u78c1\u76d8\u5b58\u50a8\uff0c\u8be5\u540d\u79f0\u662f\u4f7f\u7528XTS\u52a0\u5bc6\u6a21\u5f0f\u7684AES\u52a0\u5bc6\u7684\u7b80\u5199\u3002\u53ef\u7528\u7684\u5bc6\u7801\u53d6\u51b3\u4e8e\u5185\u6838\u652f\u6301\u3002\u5728\u547d\u4ee4\u884c\u4e2d\uff0c\u8f93\u5165\u201ccryptsetup benchmark\u201d\u4ee5\u786e\u5b9a\u53ef\u7528\u9009\u9879\uff08\u5e76\u67e5\u770b\u57fa\u51c6\u6d4b\u8bd5\u7ed3\u679c\uff09\uff0c\u6216\u8f6c\u5230 /proc/crypto \u9009\u9879\uff1a 'enabled = false' \u8981\u4f7f\u7528\u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\uff0c\u8bf7\u8bbe\u7f6e\u9009\u9879\uff1a\u201cenabled = true\u201d \u9009\u9879\uff1a\u201ckey_size = 512\u201d \u8bf7\u6ce8\u610f\uff0c\u540e\u7aef\u5bc6\u94a5\u7ba1\u7406\u5668\u53ef\u80fd\u5b58\u5728\u5bc6\u94a5\u5927\u5c0f\u9650\u5236\uff0c\u53ef\u80fd\u9700\u8981\u4f7f\u7528\u201ckey_size = 256\u201d\uff0c\u8fd9\u4ec5\u63d0\u4f9b 128 \u4f4d\u7684 AES \u5bc6\u94a5\u5927\u5c0f\u3002\u9664\u4e86 AES \u6240\u9700\u7684\u52a0\u5bc6\u5bc6\u94a5\u5916\uff0cXTS \u8fd8\u9700\u8981\u81ea\u5df1\u7684\u201c\u8c03\u6574\u5bc6\u94a5\u201d\u3002\u8fd9\u901a\u5e38\u8868\u793a\u4e3a\u5355\u4e2a\u5927\u952e\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u4f7f\u7528 512 \u4f4d\u8bbe\u7f6e\uff0cAES \u5c06\u4f7f\u7528 256 \u4f4d\uff0cXTS \u5c06\u4f7f\u7528 256 \u4f4d\u3002\uff08\u89c1NIST\uff09 \u901a\u8fc7\u5b89\u5168\u5305\u88c5\u5668\u4e0e\u5bc6\u94a5\u7ba1\u7406\u670d\u52a1\u4ea4\u4e92 \u5bc6\u94a5\u7ba1\u7406\u670d\u52a1\u5c06\u901a\u8fc7\u4e3a\u6bcf\u4e2a\u79df\u6237\u63d0\u4f9b\u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\u5bc6\u94a5\u6765\u652f\u6301\u6570\u636e\u9694\u79bb \u540e\u7aef\u5bc6\u94a5\u5b58\u50a8\u652f\u6301\u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\uff0c\u4ee5\u589e\u5f3a\u5b89\u5168\u6027\uff08\u4f8b\u5982\uff0cHSM \u6216 KMIP \u670d\u52a1\u5668\u53ef\u7528\u4f5c barbican \u540e\u7aef\u5bc6\u94a5\u5b58\u50a8\uff09 \u4f7f\u7528\u5bc6\u94a5\u7ba1\u7406\u670d\u52a1\u65f6\uff0c\u5f53\u4e0d\u518d\u9700\u8981\u4e34\u65f6\u78c1\u76d8\u65f6\uff0c\u53ea\u9700\u5220\u9664\u5bc6\u94a5\u5373\u53ef\u53d6\u4ee3\u8986\u76d6\u4e34\u65f6\u78c1\u76d8\u5b58\u50a8\u533a\u57df \u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61 \u00b6 \u5bf9\u8c61\u5b58\u50a8 \uff08swift\uff09 \u652f\u6301\u5bf9\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u9759\u6001\u5bf9\u8c61\u6570\u636e\u8fdb\u884c\u53ef\u9009\u52a0\u5bc6\u3002\u5bf9\u8c61\u6570\u636e\u7684\u52a0\u5bc6\u65e8\u5728\u964d\u4f4e\u5728\u672a\u7ecf\u6388\u6743\u7684\u4e00\u65b9\u83b7\u5f97\u5bf9\u78c1\u76d8\u7684\u7269\u7406\u8bbf\u95ee\u6743\u9650\u65f6\u8bfb\u53d6\u7528\u6237\u6570\u636e\u7684\u98ce\u9669\u3002 \u9759\u6001\u6570\u636e\u52a0\u5bc6\u7531\u4e2d\u95f4\u4ef6\u5b9e\u73b0\uff0c\u4e2d\u95f4\u4ef6\u53ef\u80fd\u5305\u542b\u5728\u4ee3\u7406\u670d\u52a1\u5668 WSGI \u7ba1\u9053\u4e2d\u3002\u8be5\u529f\u80fd\u662f swift \u96c6\u7fa4\u5185\u90e8\u7684\uff0c\u4e0d\u901a\u8fc7 API \u516c\u5f00\u3002\u5ba2\u6237\u7aef\u4e0d\u77e5\u9053 swift \u670d\u52a1\u5185\u90e8\u7684\u6b64\u529f\u80fd\u5bf9\u6570\u636e\u8fdb\u884c\u4e86\u52a0\u5bc6;\u5185\u90e8\u52a0\u5bc6\u7684\u6570\u636e\u4e0d\u5e94\u901a\u8fc7 swift API \u8fd4\u56de\u7ed9\u5ba2\u6237\u7aef\u3002 \u4ee5\u4e0b\u6570\u636e\u5728 swift \u4e2d\u9759\u6001\u65f6\u88ab\u52a0\u5bc6\uff1a \u5bf9\u8c61\u5185\u5bb9\u3002\u4f8b\u5982\uff0c\u5bf9\u8c61 PUT \u8bf7\u6c42\u6b63\u6587\u7684\u5185\u5bb9 \u5177\u6709\u975e\u96f6\u5185\u5bb9\u7684\u5bf9\u8c61\u7684\u5b9e\u4f53\u6807\u8bb0 \uff08ETag\uff09 \u6240\u6709\u81ea\u5b9a\u4e49\u7528\u6237\u5bf9\u8c61\u5143\u6570\u636e\u503c\u3002\u4f8b\u5982\uff0c\u4f7f\u7528 X-Object-Meta- \u5e26\u6709 PUT \u6216 POST \u8bf7\u6c42\u7684\u524d\u7f00\u6807\u5934\u53d1\u9001\u7684\u5143\u6570\u636e \u4e0a\u8ff0\u5217\u8868\u4e2d\u672a\u5305\u542b\u7684\u4efb\u4f55\u6570\u636e\u6216\u5143\u6570\u636e\u5747\u672a\u52a0\u5bc6\uff0c\u5305\u62ec\uff1a \u5e10\u6237\u3001\u5bb9\u5668\u548c\u5bf9\u8c61\u540d\u79f0 \u5e10\u6237\u548c\u5bb9\u5668\u81ea\u5b9a\u4e49\u7528\u6237\u5143\u6570\u636e\u503c \u6240\u6709\u81ea\u5b9a\u4e49\u7528\u6237\u5143\u6570\u636e\u540d\u79f0 \u5bf9\u8c61\u5185\u5bb9\u7c7b\u578b\u503c \u5bf9\u8c61\u5927\u5c0f \u7cfb\u7edf\u5143\u6570\u636e \u6709\u5173\u5bf9\u8c61\u5b58\u50a8\u52a0\u5bc6\u7684\u90e8\u7f72\u3001\u64cd\u4f5c\u6216\u5b9e\u65bd\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u6709\u5173\u5bf9\u8c61\u52a0\u5bc6\u7684 swift \u5f00\u53d1\u4eba\u5458\u6587\u6863\u3002 \u5757\u5b58\u50a8\u6027\u80fd\u548c\u540e\u7aef \u00b6 \u542f\u7528\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u53ef\u4ee5\u4f7f\u7528 Intel \u548c AMD \u5904\u7406\u5668\u4e2d\u5f53\u524d\u53ef\u7528\u7684\u786c\u4ef6\u52a0\u901f\u529f\u80fd\u6765\u589e\u5f3a OpenStack Volume Encryption \u6027\u80fd\u3002OpenStack \u5377\u52a0\u5bc6\u529f\u80fd\u548c OpenStack \u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\u529f\u80fd\u90fd\u7528\u4e8e dm-crypt \u4fdd\u62a4\u5377\u6570\u636e\u3002 dm-crypt \u662f Linux \u5185\u6838\u7248\u672c 2.6 \u53ca\u66f4\u9ad8\u7248\u672c\u4e2d\u7684\u900f\u660e\u78c1\u76d8\u52a0\u5bc6\u529f\u80fd\u3002\u542f\u7528\u5377\u52a0\u5bc6\u540e\uff0c\u52a0\u5bc6\u6570\u636e\u5c06\u901a\u8fc7 iSCSI \u53d1\u9001\u5230\u5757\u5b58\u50a8\uff0c\u4ece\u800c\u540c\u65f6\u4fdd\u62a4\u4f20\u8f93\u4e2d\u7684\u6570\u636e\u548c\u9759\u6001\u6570\u636e\u3002\u4f7f\u7528\u786c\u4ef6\u52a0\u901f\u65f6\uff0c\u8fd9\u4e24\u79cd\u52a0\u5bc6\u529f\u80fd\u5bf9\u6027\u80fd\u7684\u5f71\u54cd\u90fd\u4f1a\u964d\u5230\u6700\u4f4e\u3002 \u867d\u7136\u6211\u4eec\u5efa\u8bae\u4f7f\u7528 OpenStack \u5377\u52a0\u5bc6\u529f\u80fd\uff0c\u4f46\u5757\u5b58\u50a8\u652f\u6301\u591a\u79cd\u66ff\u4ee3\u540e\u7aef\u6765\u63d0\u4f9b\u53ef\u6302\u8f7d\u5377\uff0c\u5176\u4e2d\u4e00\u4e9b\u8fd8\u53ef\u80fd\u63d0\u4f9b\u5377\u52a0\u5bc6\u3002\u7531\u4e8e\u540e\u7aef\u5982\u6b64\u4e4b\u591a\uff0c\u5e76\u4e14\u5fc5\u987b\u4ece\u6bcf\u4e2a\u4f9b\u5e94\u5546\u5904\u83b7\u53d6\u4fe1\u606f\uff0c\u56e0\u6b64\u6307\u5b9a\u5728\u4efb\u4f55\u4e00\u4e2a\u4f9b\u5e94\u5546\u4e2d\u5b9e\u65bd\u52a0\u5bc6\u7684\u5efa\u8bae\u8d85\u51fa\u4e86\u672c\u6307\u5357\u7684\u8303\u56f4\u3002 \u7f51\u7edc\u6570\u636e \u00b6 \u8ba1\u7b97\u7684\u79df\u6237\u6570\u636e\u53ef\u4ee5\u901a\u8fc7 IPsec \u6216\u5176\u4ed6\u96a7\u9053\u8fdb\u884c\u52a0\u5bc6\u3002\u8fd9\u5728OpenStack\u4e2d\u5e76\u4e0d\u5e38\u89c1\u6216\u6807\u51c6\uff0c\u4f46\u5bf9\u4e8e\u6709\u52a8\u529b\u548c\u611f\u5174\u8da3\u7684\u5b9e\u73b0\u8005\u6765\u8bf4\uff0c\u8fd9\u662f\u4e00\u4e2a\u9009\u9879\u3002 \u540c\u6837\uff0c\u52a0\u5bc6\u6570\u636e\u5728\u901a\u8fc7\u7f51\u7edc\u4f20\u8f93\u65f6\u5c06\u4fdd\u6301\u52a0\u5bc6\u72b6\u6001\u3002 \u5bc6\u94a5\u7ba1\u7406 \u00b6 \u4e3a\u4e86\u89e3\u51b3\u7ecf\u5e38\u63d0\u5230\u7684\u79df\u6237\u6570\u636e\u9690\u79c1\u548c\u9650\u5236\u4e91\u63d0\u4f9b\u5546\u8d23\u4efb\u7684\u95ee\u9898\uff0cOpenStack\u793e\u533a\u5bf9\u4f7f\u6570\u636e\u52a0\u5bc6\u66f4\u52a0\u666e\u904d\u7684\u5174\u8da3\u8d8a\u6765\u8d8a\u5927\u3002\u5bf9\u4e8e\u6700\u7ec8\u7528\u6237\u6765\u8bf4\uff0c\u5728\u5c06\u6570\u636e\u4fdd\u5b58\u5230\u4e91\u4e4b\u524d\u5bf9\u5176\u8fdb\u884c\u52a0\u5bc6\u76f8\u5bf9\u5bb9\u6613\uff0c\u8fd9\u662f\u79df\u6237\u5bf9\u8c61\uff08\u5982\u5a92\u4f53\u6587\u4ef6\u3001\u6570\u636e\u5e93\u5b58\u6863\u7b49\uff09\u7684\u53ef\u884c\u8def\u5f84\u3002\u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\uff0c\u5ba2\u6237\u7aef\u52a0\u5bc6\u7528\u4e8e\u52a0\u5bc6\u865a\u62df\u5316\u6280\u672f\u4fdd\u5b58\u7684\u6570\u636e\uff0c\u8fd9\u9700\u8981\u5ba2\u6237\u7aef\u4ea4\u4e92\uff08\u4f8b\u5982\u63d0\u4f9b\u5bc6\u94a5\uff09\u6765\u89e3\u5bc6\u6570\u636e\u4ee5\u4f9b\u5c06\u6765\u4f7f\u7528\u3002\u4e3a\u4e86\u65e0\u7f1d\u5730\u4fdd\u62a4\u6570\u636e\u5e76\u4f7f\u5176\u53ef\u8bbf\u95ee\uff0c\u800c\u65e0\u9700\u7ed9\u5ba2\u6237\u5e26\u6765\u7ba1\u7406\u5176\u5bc6\u94a5\u7684\u8d1f\u62c5\uff0c\u5e76\u4ee5\u4ea4\u4e92\u65b9\u5f0f\u5411\u4ed6\u4eec\u63d0\u4f9b OpenStack \u4e2d\u7684\u5bc6\u94a5\u7ba1\u7406\u670d\u52a1\u3002\u4f5c\u4e3aOpenStack\u7684\u4e00\u90e8\u5206\uff0c\u63d0\u4f9b\u52a0\u5bc6\u548c\u5bc6\u94a5\u7ba1\u7406\u670d\u52a1\u53ef\u4ee5\u7b80\u5316\u9759\u6001\u6570\u636e\u5b89\u5168\u91c7\u7528\uff0c\u5e76\u89e3\u51b3\u5ba2\u6237\u5bf9\u9690\u79c1\u6216\u6570\u636e\u6ee5\u7528\u7684\u62c5\u5fe7\uff0c\u540c\u65f6\u4e5f\u9650\u5236\u4e86\u4e91\u63d0\u4f9b\u5546\u7684\u8d23\u4efb\u3002\u8fd9\u6709\u52a9\u4e8e\u51cf\u5c11\u63d0\u4f9b\u5546\u5728\u591a\u79df\u6237\u516c\u6709\u4e91\u4e2d\u7684\u4e8b\u4ef6\u8c03\u67e5\u671f\u95f4\u5904\u7406\u79df\u6237\u6570\u636e\u65f6\u7684\u8d23\u4efb\u3002 \u5377\u52a0\u5bc6\u548c\u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\u529f\u80fd\u4f9d\u8d56\u4e8e\u5bc6\u94a5\u7ba1\u7406\u670d\u52a1\uff08\u4f8b\u5982\uff0cbarbican\uff09\u6765\u521b\u5efa\u548c\u5b89\u5168\u5b58\u50a8\u5bc6\u94a5\u3002\u5bc6\u94a5\u7ba1\u7406\u5668\u662f\u53ef\u63d2\u5165\u7684\uff0c\u4ee5\u65b9\u4fbf\u9700\u8981\u7b2c\u4e09\u65b9\u786c\u4ef6\u5b89\u5168\u6a21\u5757 \uff08HSM\uff09 \u6216\u4f7f\u7528\u5bc6\u94a5\u7ba1\u7406\u4ea4\u6362\u534f\u8bae \uff08KMIP\uff09 \u7684\u90e8\u7f72\uff0c\u8be5\u534f\u8bae\u7531\u540d\u4e3a PyKMIP \u7684\u5f00\u6e90\u9879\u76ee\u652f\u6301\u3002 \u53c2\u8003\u4e66\u76ee\uff1a \u00b6 OpenStack.org\uff0c\u6b22\u8fce\u6765\u5230 barbican \u7684\u5f00\u53d1\u8005\u6587\u6863\uff012014\u3002Barbican \u5f00\u53d1\u8005\u6587\u6863 oasis-open.org\uff0cOASIS \u5bc6\u94a5\u7ba1\u7406\u4e92\u64cd\u4f5c\u6027\u534f\u8bae \uff08KMIP\uff09\u30022014\u5e74\u3002KMIP PyKMIP \u5e93 \u673a\u5bc6\u7ba1\u7406 \u673a\u5bc6\u7ba1\u7406 \u5b9e\u4f8b\u5b89\u5168\u7ba1\u7406 \u00b6 \u5728\u865a\u62df\u5316\u73af\u5883\u4e2d\u8fd0\u884c\u5b9e\u4f8b\u7684\u4f18\u70b9\u4e4b\u4e00\u662f\uff0c\u5b83\u4e3a\u5b89\u5168\u63a7\u5236\u5f00\u8f9f\u4e86\u65b0\u7684\u673a\u4f1a\uff0c\u800c\u8fd9\u4e9b\u63a7\u5236\u5728\u90e8\u7f72\u5230\u88f8\u673a\u4e0a\u65f6\u901a\u5e38\u4e0d\u53ef\u7528\u3002\u6709\u51e0\u79cd\u6280\u672f\u53ef\u4ee5\u5e94\u7528\u4e8e\u865a\u62df\u5316\u5806\u6808\uff0c\u4e3a\u4e91\u79df\u6237\u5e26\u6765\u66f4\u597d\u7684\u4fe1\u606f\u4fdd\u969c\u3002 \u5177\u6709\u5f3a\u70c8\u5b89\u5168\u8981\u6c42\u7684 OpenStack \u90e8\u7f72\u4eba\u5458\u6216\u7528\u6237\u53ef\u80fd\u9700\u8981\u8003\u8651\u90e8\u7f72\u8fd9\u4e9b\u6280\u672f\u3002\u5e76\u975e\u6240\u6709\u60c5\u51b5\u90fd\u9002\u7528\u3002\u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\uff0c\u7531\u4e8e\u89c4\u8303\u6027\u4e1a\u52a1\u9700\u6c42\uff0c\u53ef\u80fd\u4f1a\u6392\u9664\u5728\u4e91\u4e2d\u4f7f\u7528\u6280\u672f\u3002\u540c\u6837\uff0c\u67d0\u4e9b\u6280\u672f\u4f1a\u68c0\u67e5\u5b9e\u4f8b\u6570\u636e\uff0c\u4f8b\u5982\u8fd0\u884c\u72b6\u6001\uff0c\u8fd9\u5bf9\u7cfb\u7edf\u7528\u6237\u6765\u8bf4\u53ef\u80fd\u662f\u4e0d\u5e0c\u671b\u7684\u3002 \u5728\u672c\u7ae0\u4e2d\uff0c\u6211\u4eec\u5c06\u63a2\u8ba8\u8fd9\u4e9b\u6280\u672f\uff0c\u5e76\u63cf\u8ff0\u5b83\u4eec\u53ef\u7528\u4e8e\u589e\u5f3a\u5b9e\u4f8b\u6216\u5e95\u5c42\u5b9e\u4f8b\u5b89\u5168\u6027\u7684\u60c5\u51b5\u3002\u6211\u4eec\u8fd8\u8bd5\u56fe\u5f3a\u8c03\u53ef\u80fd\u5b58\u5728\u9690\u79c1\u95ee\u9898\u7684\u5730\u65b9\u3002\u8fd9\u4e9b\u5305\u62ec\u6570\u636e\u4f20\u9012\u3001\u5185\u7701\u6216\u63d0\u4f9b\u71b5\u6e90\u3002\u5728\u672c\u8282\u4e2d\uff0c\u6211\u4eec\u5c06\u91cd\u70b9\u4ecb\u7ecd\u4ee5\u4e0b\u9644\u52a0\u5b89\u5168\u670d\u52a1\uff1a \u5b9e\u4f8b\u7684\u71b5 \u5c06\u5b9e\u4f8b\u8c03\u5ea6\u5230\u8282\u70b9 \u53d7\u4fe1\u4efb\u7684\u6620\u50cf \u5b9e\u4f8b\u8fc1\u79fb \u76d1\u63a7\u3001\u8b66\u62a5\u548c\u62a5\u544a \u66f4\u65b0\u548c\u8865\u4e01 \u9632\u706b\u5899\u548c\u5176\u4ed6\u57fa\u4e8e\u4e3b\u673a\u7684\u5b89\u5168\u63a7\u5236 \u5b9e\u4f8b\u7684\u5b89\u5168\u670d\u52a1 \u5b9e\u4f8b\u7684\u71b5 \u5c06\u5b9e\u4f8b\u8c03\u5ea6\u5230\u8282\u70b9 \u53d7\u4fe1\u4efb\u7684\u6620\u50cf \u5b9e\u4f8b\u8fc1\u79fb \u76d1\u63a7\u3001\u8b66\u62a5\u548c\u62a5\u544a \u66f4\u65b0\u548c\u8865\u4e01 \u9632\u706b\u5899\u548c\u5176\u4ed6\u57fa\u4e8e\u4e3b\u673a\u7684\u5b89\u5168\u63a7\u5236 \u5b9e\u4f8b\u7684\u5b89\u5168\u670d\u52a1 \u00b6 \u5b9e\u4f8b\u7684\u71b5 \u00b6 \u6211\u4eec\u8ba4\u4e3a\u71b5\u662f\u6307\u5b9e\u4f8b\u53ef\u7528\u7684\u968f\u673a\u6570\u636e\u7684\u8d28\u91cf\u548c\u6765\u6e90\u3002\u52a0\u5bc6\u6280\u672f\u901a\u5e38\u4e25\u91cd\u4f9d\u8d56\u968f\u673a\u6027\uff0c\u9700\u8981\u9ad8\u8d28\u91cf\u7684\u71b5\u6c60\u624d\u80fd\u4ece\u4e2d\u6c72\u53d6\u3002\u865a\u62df\u673a\u901a\u5e38\u5f88\u96be\u83b7\u5f97\u8db3\u591f\u7684\u71b5\u6765\u652f\u6301\u8fd9\u4e9b\u64cd\u4f5c\uff0c\u8fd9\u79f0\u4e3a\u71b5\u9965\u997f\u3002\u71b5\u9965\u997f\u53ef\u4ee5\u8868\u73b0\u4e3a\u770b\u4f3c\u65e0\u5173\u7684\u4e8b\u60c5\u3002\u4f8b\u5982\uff0c\u542f\u52a8\u65f6\u95f4\u6162\u53ef\u80fd\u662f\u7531\u4e8e\u5b9e\u4f8b\u7b49\u5f85 ssh \u5bc6\u94a5\u751f\u6210\u9020\u6210\u7684\u3002\u71b5\u9965\u997f\u8fd8\u53ef\u80fd\u4fc3\u4f7f\u7528\u6237\u5728\u5b9e\u4f8b\u4e2d\u4f7f\u7528\u8d28\u91cf\u8f83\u5dee\u7684\u71b5\u6e90\uff0c\u4ece\u800c\u4f7f\u5728\u4e91\u4e2d\u8fd0\u884c\u7684\u5e94\u7528\u7a0b\u5e8f\u6574\u4f53\u5b89\u5168\u6027\u964d\u4f4e\u3002 \u5e78\u8fd0\u7684\u662f\uff0c\u4e91\u67b6\u6784\u5e08\u53ef\u4ee5\u901a\u8fc7\u4e3a\u4e91\u5b9e\u4f8b\u63d0\u4f9b\u9ad8\u8d28\u91cf\u7684\u71b5\u6e90\u6765\u89e3\u51b3\u8fd9\u4e9b\u95ee\u9898\u3002\u8fd9\u53ef\u4ee5\u901a\u8fc7\u5728\u4e91\u4e2d\u62e5\u6709\u8db3\u591f\u7684\u786c\u4ef6\u968f\u673a\u6570\u751f\u6210\u5668 \uff08HRNG\uff09 \u6765\u652f\u6301\u5b9e\u4f8b\u6765\u5b9e\u73b0\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u201c\u8db3\u591f\u201d\u5728\u67d0\u79cd\u7a0b\u5ea6\u4e0a\u662f\u7279\u5b9a\u4e8e\u57df\u7684\u3002\u5bf9\u4e8e\u65e5\u5e38\u64cd\u4f5c\uff0c\u73b0\u4ee3 HRNG \u53ef\u80fd\u4f1a\u4ea7\u751f\u8db3\u591f\u7684\u71b5\u6765\u652f\u6301 50-100 \u4e2a\u8ba1\u7b97\u8282\u70b9\u3002\u9ad8\u5e26\u5bbd HRNG\uff08\u4f8b\u5982\u82f1\u7279\u5c14 Ivy Bridge \u548c\u66f4\u65b0\u7684\u5904\u7406\u5668\u63d0\u4f9b\u7684 RdRand \u6307\u4ee4\uff09\u53ef\u80fd\u4f1a\u5904\u7406\u66f4\u591a\u8282\u70b9\u3002\u5bf9\u4e8e\u7ed9\u5b9a\u7684\u4e91\uff0c\u67b6\u6784\u5e08\u9700\u8981\u4e86\u89e3\u5e94\u7528\u7a0b\u5e8f\u8981\u6c42\uff0c\u4ee5\u786e\u4fdd\u6709\u8db3\u591f\u7684\u71b5\u53ef\u7528\u3002 Virtio RNG \u662f\u4e00\u4e2a\u968f\u673a\u6570\u751f\u6210\u5668\uff0c\u9ed8\u8ba4\u60c5\u51b5\u4e0b\u7528\u4f5c /dev/random \u71b5\u6e90\uff0c\u4f46\u53ef\u4ee5\u914d\u7f6e\u4e3a\u4f7f\u7528\u786c\u4ef6 RNG \u6216\u71b5\u6536\u96c6\u5b88\u62a4\u7a0b\u5e8f \uff08EGD\uff09 \u7b49\u5de5\u5177\uff0c\u4ee5\u63d0\u4f9b\u4e00\u79cd\u901a\u8fc7\u5206\u5e03\u5f0f\u7cfb\u7edf\u516c\u5e73\u5b89\u5168\u5730\u5206\u914d\u71b5\u7684\u65b9\u6cd5\u3002Virtio RNG \u662f\u4f7f\u7528\u7528\u4e8e\u521b\u5efa\u5b9e\u4f8b\u7684\u5143\u6570\u636e\u7684 hw_rng \u5c5e\u6027\u542f\u7528\u7684\u3002 \u5c06\u5b9e\u4f8b\u8c03\u5ea6\u5230\u8282\u70b9 \u00b6 \u5728\u521b\u5efa\u5b9e\u4f8b\u4e4b\u524d\uff0c\u5fc5\u987b\u9009\u62e9\u7528\u4e8e\u955c\u50cf\u5b9e\u4f8b\u5316\u7684\u4e3b\u673a\u3002\u6b64\u9009\u62e9\u7531 nova-scheduler \u786e\u5b9a\u5982\u4f55\u5206\u6d3e\u8ba1\u7b97\u548c\u5377\u8bf7\u6c42\u7684 \u6267\u884c\u3002 \u8fd9\u662f FilterScheduler OpenStack Compute\u7684\u9ed8\u8ba4\u8c03\u5ea6\u7a0b\u5e8f\uff0c\u5c3d\u7ba1\u5b58\u5728\u5176\u4ed6\u8c03\u5ea6\u7a0b\u5e8f\uff08\u8bf7\u53c2\u9605 OpenStack Configuration Reference \u4e2d\u7684 Scheduling \u90e8\u5206\uff09\u3002\u8fd9\u4e0e\u201c\u8fc7\u6ee4\u5668\u63d0\u793a\u201d\u534f\u540c\u5de5\u4f5c\uff0c\u4ee5\u51b3\u5b9a\u5b9e\u4f8b\u7684\u542f\u52a8\u4f4d\u7f6e\u3002\u6b64\u4e3b\u673a\u9009\u62e9\u8fc7\u7a0b\u5141\u8bb8\u7ba1\u7406\u5458\u6ee1\u8db3\u8bb8\u591a\u4e0d\u540c\u7684\u5b89\u5168\u6027\u548c\u5408\u89c4\u6027\u8981\u6c42\u3002\u4f8b\u5982\uff0c\u6839\u636e\u4e91\u90e8\u7f72\u7c7b\u578b\uff0c\u5982\u679c\u6570\u636e\u9694\u79bb\u662f\u4e3b\u8981\u95ee\u9898\uff0c\u5219\u53ef\u4ee5\u9009\u62e9\u5c3d\u53ef\u80fd\u8ba9\u79df\u6237\u5b9e\u4f8b\u9a7b\u7559\u5728\u76f8\u540c\u7684\u4e3b\u673a\u4e0a\u3002\u76f8\u53cd\uff0c\u51fa\u4e8e\u53ef\u7528\u6027\u6216\u5bb9\u9519\u539f\u56e0\uff0c\u53ef\u4ee5\u5c1d\u8bd5\u5c06\u79df\u6237\u7684\u5b9e\u4f8b\u9a7b\u7559\u5728\u5c3d\u53ef\u80fd\u591a\u7684\u4e0d\u540c\u4e3b\u673a\u4e0a\u3002 \u7b5b\u9009\u5668\u8ba1\u5212\u7a0b\u5e8f\u5206\u4e3a\u56db\u5927\u7c7b\uff1a \u57fa\u4e8e\u8d44\u6e90\u7684\u7b5b\u9009\u5668 \u8fd9\u4e9b\u7b5b\u9009\u5668\u5c06\u6839\u636e\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u4e3b\u673a\u96c6\u7684\u5229\u7528\u7387\u521b\u5efa\u5b9e\u4f8b\uff0c\u5e76\u53ef\u4ee5\u5728\u53ef\u7528\u6216\u4f7f\u7528\u7684\u5c5e\u6027\uff08\u5982 RAM\u3001IO \u6216 CPU \u5229\u7528\u7387\uff09\u4e0a\u89e6\u53d1\u3002 \u57fa\u4e8e\u6620\u50cf\u7684\u8fc7\u6ee4\u5668 \u8fd9\u5c06\u6839\u636e\u4f7f\u7528\u7684\u6620\u50cf\uff08\u4f8b\u5982 VM \u7684\u64cd\u4f5c\u7cfb\u7edf\u6216\u4f7f\u7528\u7684\u6620\u50cf\u7c7b\u578b\uff09\u59d4\u6d3e\u5b9e\u4f8b\u521b\u5efa\u3002 \u57fa\u4e8e\u73af\u5883\u7684\u8fc7\u6ee4\u5668 \u6b64\u7b5b\u9009\u5668\u5c06\u57fa\u4e8e\u5916\u90e8\u8be6\u7ec6\u4fe1\u606f\u521b\u5efa\u5b9e\u4f8b\uff0c\u4f8b\u5982\u5728\u7279\u5b9a IP \u8303\u56f4\u5185\u3001\u8de8\u53ef\u7528\u533a\u6216\u4e0e\u5176\u4ed6\u5b9e\u4f8b\u4f4d\u4e8e\u540c\u4e00\u4e3b\u673a\u4e0a\u3002 \u81ea\u5b9a\u4e49\u6761\u4ef6 \u6b64\u7b5b\u9009\u5668\u5c06\u6839\u636e\u7528\u6237\u6216\u7ba1\u7406\u5458\u63d0\u4f9b\u7684\u6761\u4ef6\uff08\u5982\u4fe1\u4efb\u6216\u5143\u6570\u636e\u5206\u6790\uff09\u59d4\u6d3e\u5b9e\u4f8b\u521b\u5efa\u3002 \u53ef\u4ee5\u540c\u65f6\u5e94\u7528\u591a\u4e2a\u7b5b\u9009\u5668\uff0c\u4f8b\u5982\uff0c\u7b5b\u9009\u5668\u7528\u4e8e\u786e\u4fdd\u5728\u4e00\u7ec4\u7279\u5b9a\u4e3b\u673a\u7684\u6210\u5458\u4e0a\u521b\u5efa\u5b9e\u4f8b\uff0c\u4ee5\u53ca ServerGroupAntiAffinity \u7528\u4e8e\u786e\u4fdd\u4e0d\u4f1a\u5728\u53e6\u4e00\u7ec4\u7279\u5b9a\u4e3b\u673a\u4e0a\u521b\u5efa\u540c\u4e00\u5b9e\u4f8b\u7684\u7b5b\u9009\u5668 ServerGroupAffinity \u3002\u5e94\u4ed4\u7ec6\u5206\u6790\u8fd9\u4e9b\u7b5b\u9009\u5668\uff0c\u4ee5\u786e\u4fdd\u5b83\u4eec\u4e0d\u4f1a\u76f8\u4e92\u51b2\u7a81\uff0c\u5e76\u5bfc\u81f4\u963b\u6b62\u521b\u5efa\u5b9e\u4f8b\u7684\u89c4\u5219\u3002 GroupAffinity \u548c GroupAntiAffinity \u7b5b\u9009\u5668\u51b2\u7a81\uff0c\u4e0d\u5e94\u540c\u65f6\u542f\u7528\u3002 \u7b5b\u9009\u5668 DiskFilter \u80fd\u591f\u8d85\u989d\u8ba2\u9605\u78c1\u76d8\u7a7a\u95f4\u3002\u867d\u7136\u901a\u5e38\u4e0d\u662f\u95ee\u9898\uff0c\u4f46\u5bf9\u4e8e\u7cbe\u7b80\u9884\u914d\u7684\u5b58\u50a8\u8bbe\u5907\u6765\u8bf4\uff0c\u8fd9\u53ef\u80fd\u662f\u4e00\u4e2a\u95ee\u9898\uff0c\u5e76\u4e14\u6b64\u7b5b\u9009\u5668\u5e94\u4e0e\u5e94\u7528\u7ecf\u8fc7\u5145\u5206\u6d4b\u8bd5\u7684\u914d\u989d\u4e00\u8d77\u4f7f\u7528\u3002 \u6211\u4eec\u5efa\u8bae\u60a8\u7981\u7528\u8fc7\u6ee4\u5668\uff0c\u8fd9\u4e9b\u8fc7\u6ee4\u5668\u53ef\u4ee5\u5206\u6790\u7528\u6237\u63d0\u4f9b\u7684\u5185\u5bb9\u6216\u53ef\u64cd\u4f5c\u7684\u5185\u5bb9\uff0c\u4f8b\u5982\u5143\u6570\u636e\u3002 \u53ef\u4fe1\u955c\u50cf \u00b6 \u5728\u4e91\u73af\u5883\u4e2d\uff0c\u7528\u6237\u4f7f\u7528\u9884\u5b89\u88c5\u7684\u6620\u50cf\u6216\u4ed6\u4eec\u81ea\u5df1\u4e0a\u4f20\u7684\u6620\u50cf\u3002\u5728\u8fd9\u4e24\u79cd\u60c5\u51b5\u4e0b\uff0c\u7528\u6237\u90fd\u5e94\u8be5\u80fd\u591f\u786e\u4fdd\u4ed6\u4eec\u6b63\u5728\u4f7f\u7528\u7684\u56fe\u50cf\u6ca1\u6709\u88ab\u7be1\u6539\u3002\u9a8c\u8bc1\u56fe\u50cf\u7684\u80fd\u529b\u662f\u5b89\u5168\u6027\u7684\u57fa\u672c\u8981\u6c42\u3002\u4ece\u6620\u50cf\u6e90\u5230\u4f7f\u7528\u6620\u50cf\u7684\u76ee\u6807\u9700\u8981\u4fe1\u4efb\u94fe\u3002\u8fd9\u53ef\u4ee5\u901a\u8fc7\u5bf9\u4ece\u53d7\u4fe1\u4efb\u6765\u6e90\u83b7\u53d6\u7684\u6620\u50cf\u8fdb\u884c\u7b7e\u540d\u5e76\u5728\u4f7f\u7528\u524d\u9a8c\u8bc1\u7b7e\u540d\u6765\u5b9e\u73b0\u3002\u4e0b\u9762\u5c06\u8ba8\u8bba\u83b7\u53d6\u548c\u521b\u5efa\u5df2\u9a8c\u8bc1\u56fe\u50cf\u7684\u5404\u79cd\u65b9\u6cd5\uff0c\u7136\u540e\u4ecb\u7ecd\u56fe\u50cf\u7b7e\u540d\u9a8c\u8bc1\u529f\u80fd\u3002 \u955c\u50cf\u521b\u5efa\u8fc7\u7a0b \u00b6 OpenStack \u6587\u6863\u63d0\u4f9b\u4e86\u6709\u5173\u5982\u4f55\u521b\u5efa\u6620\u50cf\u5e76\u5c06\u5176\u4e0a\u4f20\u5230\u6620\u50cf\u670d\u52a1\u7684\u6307\u5bfc\u3002\u6b64\u5916\uff0c\u5047\u5b9a\u60a8\u6709\u4e00\u4e2a\u5b89\u88c5\u548c\u5f3a\u5316\u64cd\u4f5c\u7cfb\u7edf\u7684\u8fc7\u7a0b\u3002\u56e0\u6b64\uff0c\u4ee5\u4e0b\u5404\u9879\u5c06\u63d0\u4f9b\u6709\u5173\u5982\u4f55\u786e\u4fdd\u5c06\u6620\u50cf\u5b89\u5168\u5730\u4f20\u8f93\u5230 OpenStack \u4e2d\u7684\u989d\u5916\u6307\u5bfc\u3002\u6709\u591a\u79cd\u9009\u9879\u53ef\u7528\u4e8e\u83b7\u53d6\u56fe\u50cf\u3002\u6bcf\u4e2a\u6b65\u9aa4\u90fd\u6709\u7279\u5b9a\u7684\u6b65\u9aa4\uff0c\u6709\u52a9\u4e8e\u9a8c\u8bc1\u56fe\u50cf\u7684\u51fa\u5904\u3002 \u7b2c\u4e00\u4e2a\u9009\u9879\u662f\u4ece\u53d7\u4fe1\u4efb\u7684\u6765\u6e90\u83b7\u53d6\u542f\u52a8\u5a92\u4f53\u3002 $ mkdir -p /tmp/download_directorycd /tmp/download_directory $ wget http://mirror.anl.gov/pub/ubuntu-iso/CDs/precise/ubuntu-12.04.2-server-amd64.iso $ wget http://mirror.anl.gov/pub/ubuntu-iso/CDs/precise/SHA256SUMS $ wget http://mirror.anl.gov/pub/ubuntu-iso/CDs/precise/SHA256SUMS.gpg $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xFBB75451 $ gpg --verify SHA256SUMS.gpg SHA256SUMSsha256sum -c SHA256SUMS 2>&1 | grep OK \u7b2c\u4e8c\u79cd\u9009\u62e9\u662f\u4f7f\u7528 OpenStack \u865a\u62df\u673a\u6620\u50cf\u6307\u5357\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u60a8\u9700\u8981\u9075\u5faa\u7ec4\u7ec7\u7684\u64cd\u4f5c\u7cfb\u7edf\u5f3a\u5316\u51c6\u5219\u6216\u53d7\u4fe1\u4efb\u7684\u7b2c\u4e09\u65b9\uff08\u5982 Linux STIG\uff09\u63d0\u4f9b\u7684\u51c6\u5219\u3002 \u6700\u540e\u4e00\u79cd\u9009\u62e9\u662f\u4f7f\u7528\u81ea\u52a8\u6620\u50cf\u751f\u6210\u5668\u3002\u4ee5\u4e0b\u793a\u4f8b\u4f7f\u7528 Oz \u6620\u50cf\u751f\u6210\u5668\u3002OpenStack \u793e\u533a\u6700\u8fd1\u521b\u5efa\u4e86\u4e00\u4e2a\u503c\u5f97\u7814\u7a76\u7684\u65b0\u5de5\u5177\uff1adisk-image-builder\u3002\u6211\u4eec\u5c1a\u672a\u4ece\u5b89\u5168\u89d2\u5ea6\u8bc4\u4f30\u6b64\u5de5\u5177\u3002 RHEL 6 CCE-26976-1 \u793a\u4f8b\uff0c\u8fd9\u5c06\u6709\u52a9\u4e8e\u5728 OZ \u4e2d\u5b9e\u65bd NIST 800-53 \u7b2c AC-19\uff08d\uff09\u8282\u3002 <template> <name>centos64</name> <os> <name>RHEL-6</name> <version>4</version> <arch>x86_64</arch> <install type='iso'> <iso>http://trusted_local_iso_mirror/isos/x86_64/RHEL-6.4-x86_64-bin-DVD1.iso</iso> </install> <rootpw>CHANGE THIS TO YOUR ROOT PASSWORD</rootpw> </os> <description>RHEL 6.4 x86_64</description> <repositories> <repository name='epel-6'> <url>http://download.fedoraproject.org/pub/epel/6/$basearch</url> <signed>no</signed> </repository> </repositories> <packages> <package name='epel-release'/> <package name='cloud-utils'/> <package name='cloud-init'/> </packages> <commands> <command name='update'> yum update yum clean all rm -rf /var/log/yum sed -i '/^HWADDR/d' /etc/sysconfig/network-scripts/ifcfg-eth0 echo -n > /etc/udev/rules.d/70-persistent-net.rules echo -n > /lib/udev/rules.d/75-persistent-net-generator.rules chkconfig --level 0123456 autofs off service autofs stop </command> </commands> </template> \u5efa\u8bae\u907f\u514d\u624b\u52a8\u6620\u50cf\u6784\u5efa\u8fc7\u7a0b\uff0c\u56e0\u4e3a\u5b83\u5f88\u590d\u6742\u4e14\u5bb9\u6613\u51fa\u9519\u3002\u6b64\u5916\uff0c\u4f7f\u7528 Oz \u7b49\u81ea\u52a8\u5316\u7cfb\u7edf\u8fdb\u884c\u6620\u50cf\u6784\u5efa\uff0c\u6216\u4f7f\u7528 Chef \u6216 Puppet \u7b49\u914d\u7f6e\u7ba1\u7406\u5b9e\u7528\u7a0b\u5e8f\u8fdb\u884c\u542f\u52a8\u540e\u6620\u50cf\u5f3a\u5316\uff0c\u4f7f\u60a8\u80fd\u591f\u751f\u6210\u4e00\u81f4\u7684\u6620\u50cf\uff0c\u5e76\u8ddf\u8e2a\u57fa\u7840\u6620\u50cf\u5728\u4e00\u6bb5\u65f6\u95f4\u5185\u662f\u5426\u7b26\u5408\u5176\u5404\u81ea\u7684\u5f3a\u5316\u51c6\u5219\u3002 \u5982\u679c\u8ba2\u9605\u516c\u6709\u4e91\u670d\u52a1\uff0c\u5219\u5e94\u4e0e\u4e91\u63d0\u4f9b\u5546\u8054\u7cfb\uff0c\u4e86\u89e3\u7528\u4e8e\u751f\u6210\u5176\u9ed8\u8ba4\u6620\u50cf\u7684\u8fc7\u7a0b\u7684\u6982\u8ff0\u3002\u5982\u679c\u63d0\u4f9b\u5546\u5141\u8bb8\u60a8\u4e0a\u4f20\u81ea\u5df1\u7684\u6620\u50cf\uff0c\u5219\u9700\u8981\u786e\u4fdd\u5728\u4f7f\u7528\u6620\u50cf\u521b\u5efa\u5b9e\u4f8b\u4e4b\u524d\u80fd\u591f\u9a8c\u8bc1\u6620\u50cf\u662f\u5426\u672a\u88ab\u4fee\u6539\u3002\u4e3a\u6b64\uff0c\u8bf7\u53c2\u9605\u4ee5\u4e0b\u6709\u5173\u56fe\u50cf\u7b7e\u540d\u9a8c\u8bc1\u7684\u90e8\u5206\uff0c\u5982\u679c\u65e0\u6cd5\u4f7f\u7528\u7b7e\u540d\uff0c\u8bf7\u53c2\u9605\u4ee5\u4e0b\u6bb5\u843d\u3002 \u6620\u50cf\u4ece\u8282\u70b9\u4e0a\u7684\u6620\u50cf\u670d\u52a1\u4f20\u8f93\u5230\u8ba1\u7b97\u670d\u52a1\u3002\u5e94\u901a\u8fc7\u901a\u8fc7 TLS \u8fd0\u884c\u6765\u4fdd\u62a4\u6b64\u4f20\u8f93\u3002\u6620\u50cf\u4f4d\u4e8e\u8282\u70b9\u4e0a\u540e\uff0c\u5c06\u4f7f\u7528\u57fa\u672c\u6821\u9a8c\u548c\u5bf9\u5176\u8fdb\u884c\u9a8c\u8bc1\uff0c\u7136\u540e\u6839\u636e\u8981\u542f\u52a8\u7684\u5b9e\u4f8b\u7684\u5927\u5c0f\u6269\u5c55\u5176\u78c1\u76d8\u3002\u5982\u679c\u7a0d\u540e\u5728\u6b64\u8282\u70b9\u4e0a\u4ee5\u76f8\u540c\u7684\u5b9e\u4f8b\u5927\u5c0f\u542f\u52a8\u540c\u4e00\u6620\u50cf\uff0c\u5219\u4f1a\u4ece\u540c\u4e00\u6269\u5c55\u6620\u50cf\u542f\u52a8\u8be5\u6620\u50cf\u3002\u7531\u4e8e\u6b64\u6269\u5c55\u6620\u50cf\u5728\u542f\u52a8\u524d\u9ed8\u8ba4\u4e0d\u4f1a\u91cd\u65b0\u9a8c\u8bc1\uff0c\u56e0\u6b64\u5b83\u53ef\u80fd\u5df2\u88ab\u7be1\u6539\u3002\u9664\u975e\u5728\u751f\u6210\u7684\u6620\u50cf\u4e2d\u5bf9\u6587\u4ef6\u6267\u884c\u624b\u52a8\u68c0\u67e5\uff0c\u5426\u5219\u7528\u6237\u4e0d\u4f1a\u610f\u8bc6\u5230\u7be1\u6539\u3002 \u6620\u50cf\u7b7e\u540d\u9a8c\u8bc1 \u00b6 OpenStack \u4e2d\u73b0\u5728\u63d0\u4f9b\u4e86\u4e00\u4e9b\u4e0e\u6620\u50cf\u7b7e\u540d\u76f8\u5173\u7684\u529f\u80fd\u3002\u4ece Mitaka \u7248\u672c\u5f00\u59cb\uff0c\u6620\u50cf\u670d\u52a1\u53ef\u4ee5\u9a8c\u8bc1\u8fd9\u4e9b\u5df2\u7b7e\u540d\u7684\u6620\u50cf\uff0c\u5e76\u4e14\u4e3a\u4e86\u63d0\u4f9b\u5b8c\u6574\u7684\u4fe1\u4efb\u94fe\uff0c\u8ba1\u7b97\u670d\u52a1\u53ef\u4ee5\u9009\u62e9\u5728\u6620\u50cf\u542f\u52a8\u4e4b\u524d\u6267\u884c\u6620\u50cf\u7b7e\u540d\u9a8c\u8bc1\u3002\u5728\u6620\u50cf\u542f\u52a8\u4e4b\u524d\u6210\u529f\u8fdb\u884c\u7b7e\u540d\u9a8c\u8bc1\u53ef\u786e\u4fdd\u5df2\u7b7e\u540d\u7684\u6620\u50cf\u672a\u66f4\u6539\u3002\u542f\u7528\u6b64\u529f\u80fd\u540e\uff0c\u53ef\u4ee5\u68c0\u6d4b\u5230\u672a\u7ecf\u6388\u6743\u7684\u6620\u50cf\u4fee\u6539\uff08\u4f8b\u5982\uff0c\u4fee\u6539\u6620\u50cf\u4ee5\u5305\u542b\u6076\u610f\u8f6f\u4ef6\u6216 rootkit\uff09\u3002 \u7ba1\u7406\u5458\u53ef\u4ee5\u901a\u8fc7\u5728\u6587\u4ef6\u4e2d\u5c06 verify_glance_signatures \u6807\u5fd7\u8bbe\u7f6e\u4e3a\u6765 True \u542f\u7528\u5b9e\u4f8b\u7b7e\u540d /etc/nova/nova.conf \u9a8c\u8bc1\u3002\u542f\u7528\u540e\uff0c\u8ba1\u7b97\u670d\u52a1\u4f1a\u5728\u4ece\u5f71\u50cf\u670d\u52a1\u68c0\u7d22\u7b7e\u540d\u5b9e\u4f8b\u65f6\u81ea\u52a8\u5bf9\u5176\u8fdb\u884c\u9a8c\u8bc1\u3002\u5982\u679c\u6b64\u9a8c\u8bc1\u5931\u8d25\uff0c\u5219\u4e0d\u4f1a\u542f\u52a8\u3002\u300aOpenStack \u64cd\u4f5c\u6307\u5357\u300b\u63d0\u4f9b\u4e86\u6709\u5173\u5982\u4f55\u521b\u5efa\u548c\u4e0a\u4f20\u7b7e\u540d\u6620\u50cf\u4ee5\u53ca\u5982\u4f55\u4f7f\u7528\u6b64\u529f\u80fd\u7684\u6307\u5bfc\u3002\u6709\u5173\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u300a\u64cd\u4f5c\u6307\u5357\u300b\u4e2d\u7684\u6dfb\u52a0\u7b7e\u540d\u6620\u50cf\u3002 \u5b9e\u4f8b\u8fc1\u79fb \u00b6 OpenStack \u548c\u5e95\u5c42\u865a\u62df\u5316\u5c42\u63d0\u4f9b\u5728 OpenStack \u8282\u70b9\u4e4b\u95f4\u5b9e\u65f6\u8fc1\u79fb\u6620\u50cf\uff0c\u4f7f\u60a8\u80fd\u591f\u65e0\u7f1d\u5730\u6267\u884c OpenStack \u8ba1\u7b97\u8282\u70b9\u7684\u6eda\u52a8\u5347\u7ea7\uff0c\u800c\u65e0\u9700\u5b9e\u4f8b\u505c\u673a\u3002\u4f46\u662f\uff0c\u5b9e\u65f6\u8fc1\u79fb\u4e5f\u5b58\u5728\u91cd\u5927\u98ce\u9669\u3002\u82e5\u8981\u4e86\u89e3\u6240\u6d89\u53ca\u7684\u98ce\u9669\uff0c\u4ee5\u4e0b\u662f\u5728\u5b9e\u65f6\u8fc1\u79fb\u671f\u95f4\u6267\u884c\u7684\u9ad8\u7ea7\u6b65\u9aa4\uff1a \u5728\u76ee\u6807\u4e3b\u673a\u4e0a\u542f\u52a8\u5b9e\u4f8b \u4f20\u8f93\u5185\u5b58 \u505c\u6b62\u5ba2\u6237\u673a\u548c\u540c\u6b65\u78c1\u76d8 \u4f20\u8f93\u72b6\u6001 \u542f\u52a8\u5ba2\u6237\u673a \u5b9e\u65f6\u8fc1\u79fb\u98ce\u9669 \u00b6 \u5728\u5b9e\u65f6\u8fc1\u79fb\u8fc7\u7a0b\u7684\u5404\u4e2a\u9636\u6bb5\uff0c\u5b9e\u4f8b\u8fd0\u884c\u65f6\u3001\u5185\u5b58\u548c\u78c1\u76d8\u7684\u5185\u5bb9\u4ee5\u7eaf\u6587\u672c\u5f62\u5f0f\u901a\u8fc7\u7f51\u7edc\u4f20\u8f93\u3002\u56e0\u6b64\uff0c\u5728\u4f7f\u7528\u5b9e\u65f6\u8fc1\u79fb\u65f6\u9700\u8981\u89e3\u51b3\u4e00\u4e9b\u98ce\u9669\u3002\u4ee5\u4e0b\u8be6\u5c3d\u5217\u8868\u8be6\u7ec6\u4ecb\u7ecd\u4e86\u5176\u4e2d\u7684\u4e00\u4e9b\u98ce\u9669\uff1a \u62d2\u7edd\u670d\u52a1 \uff08DoS\uff09\uff1a\u5982\u679c\u5728\u8fc1\u79fb\u8fc7\u7a0b\u4e2d\u51fa\u73b0\u6545\u969c\uff0c\u5b9e\u4f8b\u53ef\u80fd\u4f1a\u4e22\u5931\u3002 \u6570\u636e\u6cc4\u9732\uff1a\u5fc5\u987b\u5b89\u5168\u5730\u5904\u7406\u5185\u5b58\u6216\u78c1\u76d8\u4f20\u8f93\u3002 \u6570\u636e\u64cd\u7eb5\uff1a\u5982\u679c\u5185\u5b58\u6216\u78c1\u76d8\u4f20\u8f93\u672a\u5f97\u5230\u5b89\u5168\u5904\u7406\uff0c\u5219\u653b\u51fb\u8005\u53ef\u4ee5\u5728\u8fc1\u79fb\u8fc7\u7a0b\u4e2d\u64cd\u7eb5\u7528\u6237\u6570\u636e\u3002 \u4ee3\u7801\u6ce8\u5165\uff1a\u5982\u679c\u5185\u5b58\u6216\u78c1\u76d8\u4f20\u8f93\u672a\u5f97\u5230\u5b89\u5168\u5904\u7406\uff0c\u5219\u653b\u51fb\u8005\u53ef\u4ee5\u5728\u8fc1\u79fb\u671f\u95f4\u64cd\u7eb5\u78c1\u76d8\u6216\u5185\u5b58\u4e2d\u7684\u53ef\u6267\u884c\u6587\u4ef6\u3002 \u5b9e\u65f6\u8fc1\u79fb\u7f13\u89e3\u63aa\u65bd \u00b6 \u6709\u51e0\u79cd\u65b9\u6cd5\u53ef\u4ee5\u7f13\u89e3\u4e0e\u5b9e\u65f6\u8fc1\u79fb\u76f8\u5173\u7684\u4e00\u4e9b\u98ce\u9669\uff0c\u4ee5\u4e0b\u5217\u8868\u8be6\u7ec6\u4ecb\u7ecd\u4e86\u5176\u4e2d\u7684\u4e00\u4e9b\u65b9\u6cd5\uff1a \u7981\u7528\u5b9e\u65f6\u8fc1\u79fb I\u9694\u79bb\u7684\u8fc1\u79fb\u7f51\u7edc \u52a0\u5bc6\u5b9e\u65f6\u8fc1\u79fb \u7981\u7528\u5b9e\u65f6\u8fc1\u79fb \u00b6 \u76ee\u524d\uff0cOpenStack \u4e2d\u9ed8\u8ba4\u542f\u7528\u5b9e\u65f6\u8fc1\u79fb\u3002\u53ef\u4ee5\u901a\u8fc7\u5411 nova policy.json \u6587\u4ef6\u6dfb\u52a0\u4ee5\u4e0b\u884c\u6765\u7981\u7528\u5b9e\u65f6\u8fc1\u79fb\uff1a { \"compute_extension:admin_actions:migrate\": \"!\", \"compute_extension:admin_actions:migrateLive\": \"!\", } \u8fc1\u79fb\u7f51\u7edc \u00b6 \u4e00\u822c\u505a\u6cd5\u662f\uff0c\u5b9e\u65f6\u8fc1\u79fb\u6d41\u91cf\u5e94\u9650\u5236\u5728\u7ba1\u7406\u5b89\u5168\u57df\u5185\uff0c\u8bf7\u53c2\u9605\u5b89\u5168\u8fb9\u754c\u548c\u5a01\u80c1\u3002\u5bf9\u4e8e\u5b9e\u65f6\u8fc1\u79fb\u6d41\u91cf\uff0c\u7531\u4e8e\u5176\u7eaf\u6587\u672c\u6027\u8d28\u4ee5\u53ca\u60a8\u6b63\u5728\u4f20\u8f93\u6b63\u5728\u8fd0\u884c\u7684\u5b9e\u4f8b\u7684\u78c1\u76d8\u548c\u5185\u5b58\u5185\u5bb9\uff0c\u56e0\u6b64\u5efa\u8bae\u60a8\u8fdb\u4e00\u6b65\u5c06\u5b9e\u65f6\u8fc1\u79fb\u6d41\u91cf\u5206\u79bb\u5230\u4e13\u7528\u7f51\u7edc\u4e0a\u3002\u5c06\u6d41\u91cf\u9694\u79bb\u5230\u4e13\u7528\u7f51\u7edc\u53ef\u4ee5\u964d\u4f4e\u66b4\u9732\u98ce\u9669\u3002 \u52a0\u5bc6\u5b9e\u65f6\u8fc1\u79fb \u00b6 \u5982\u679c\u6709\u8db3\u591f\u7684\u4e1a\u52a1\u6848\u4f8b\u6765\u4fdd\u6301\u5b9e\u65f6\u8fc1\u79fb\u7684\u542f\u7528\u72b6\u6001\uff0c\u5219 libvirtd \u53ef\u4ee5\u4e3a\u5b9e\u65f6\u8fc1\u79fb\u63d0\u4f9b\u52a0\u5bc6\u96a7\u9053\u3002\u4f46\u662f\uff0c\u6b64\u529f\u80fd\u76ee\u524d\u5c1a\u672a\u5728 OpenStack Dashboard \u6216 nova-client \u547d\u4ee4\u4e2d\u516c\u5f00\uff0c\u53ea\u80fd\u901a\u8fc7\u624b\u52a8\u914d\u7f6e libvirtd \u6765\u8bbf\u95ee\u3002\u7136\u540e\uff0c\u5b9e\u65f6\u8fc1\u79fb\u8fc7\u7a0b\u5c06\u66f4\u6539\u4e3a\u4ee5\u4e0b\u9ad8\u7ea7\u6b65\u9aa4\uff1a \u5b9e\u4f8b\u6570\u636e\u4ece\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u590d\u5236\u5230 libvirtd\u3002 \u5728\u6e90\u4e3b\u673a\u548c\u76ee\u6807\u4e3b\u673a\u4e0a\u7684 libvirtd \u8fdb\u7a0b\u4e4b\u95f4\u521b\u5efa\u52a0\u5bc6\u96a7\u9053\u3002 \u76ee\u6807 libvirtd \u4e3b\u673a\u5c06\u5b9e\u4f8b\u590d\u5236\u56de\u5e95\u5c42\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002 \u76d1\u63a7\u3001\u544a\u8b66\u548c\u62a5\u544a \u00b6 \u7531\u4e8e OpenStack \u865a\u62df\u673a\u662f\u80fd\u591f\u8de8\u4e3b\u673a\u590d\u5236\u7684\u670d\u52a1\u5668\u6620\u50cf\uff0c\u56e0\u6b64\u65e5\u5fd7\u8bb0\u5f55\u7684\u6700\u4f73\u5b9e\u8df5\u540c\u6837\u9002\u7528\u4e8e\u7269\u7406\u4e3b\u673a\u548c\u865a\u62df\u4e3b\u673a\u3002\u5e94\u8bb0\u5f55\u64cd\u4f5c\u7cfb\u7edf\u7ea7\u548c\u5e94\u7528\u7a0b\u5e8f\u7ea7\u4e8b\u4ef6\uff0c\u5305\u62ec\u5bf9\u4e3b\u673a\u548c\u6570\u636e\u7684\u8bbf\u95ee\u4e8b\u4ef6\u3001\u7528\u6237\u6dfb\u52a0\u548c\u5220\u9664\u3001\u6743\u9650\u66f4\u6539\u4ee5\u53ca\u73af\u5883\u89c4\u5b9a\u7684\u5176\u4ed6\u4e8b\u4ef6\u3002\u7406\u60f3\u60c5\u51b5\u4e0b\uff0c\u60a8\u53ef\u4ee5\u5c06\u8fd9\u4e9b\u65e5\u5fd7\u914d\u7f6e\u4e3a\u5bfc\u51fa\u5230\u65e5\u5fd7\u805a\u5408\u5668\uff0c\u8be5\u805a\u5408\u5668\u6536\u96c6\u65e5\u5fd7\u4e8b\u4ef6\uff0c\u5c06\u5b83\u4eec\u5173\u8054\u8d77\u6765\u8fdb\u884c\u5206\u6790\uff0c\u5e76\u5b58\u50a8\u5b83\u4eec\u4ee5\u4f9b\u53c2\u8003\u6216\u8fdb\u4e00\u6b65\u64cd\u4f5c\u3002\u5b9e\u73b0\u6b64\u76ee\u7684\u7684\u4e00\u4e2a\u5e38\u89c1\u5de5\u5177\u662f ELK \u5806\u6808\uff0c\u5373 Elasticsearch\u3001Logstash \u548c Kibana\u3002 \u5e94\u5b9a\u671f\u67e5\u770b\u8fd9\u4e9b\u65e5\u5fd7\uff0c\u4f8b\u5982\u7531\u7f51\u7edc\u8fd0\u8425\u4e2d\u5fc3 \uff08NOC\uff09 \u5b9e\u65f6\u67e5\u770b\uff0c\u6216\u8005\u5982\u679c\u73af\u5883\u4e0d\u591f\u5927\u800c\u4e0d\u9700\u8981 NOC\uff0c\u5219\u65e5\u5fd7\u5e94\u5b9a\u671f\u8fdb\u884c\u65e5\u5fd7\u5ba1\u67e5\u8fc7\u7a0b\u3002 \u5f88\u591a\u65f6\u5019\uff0c\u6709\u8da3\u7684\u4e8b\u4ef6\u4f1a\u89e6\u53d1\u8b66\u62a5\uff0c\u8be5\u8b66\u62a5\u5c06\u53d1\u9001\u7ed9\u54cd\u5e94\u65b9\u4ee5\u91c7\u53d6\u884c\u52a8\u3002\u901a\u5e38\uff0c\u6b64\u8b66\u62a5\u91c7\u7528\u5305\u542b\u76f8\u5173\u6d88\u606f\u7684\u7535\u5b50\u90ae\u4ef6\u5f62\u5f0f\u3002\u4e00\u4e2a\u6709\u8da3\u7684\u4e8b\u4ef6\u53ef\u80fd\u662f\u91cd\u5927\u6545\u969c\uff0c\u4e5f\u53ef\u80fd\u662f\u6302\u8d77\u6545\u969c\u7684\u5df2\u77e5\u8fd0\u884c\u72b6\u51b5\u6307\u793a\u5668\u3002\u7528\u4e8e\u7ba1\u7406\u544a\u8b66\u7684\u4e24\u4e2a\u5e38\u89c1\u5b9e\u7528\u7a0b\u5e8f\u662f Nagios \u548c Zabbix\u3002 \u66f4\u65b0\u548c\u8865\u4e01 \u00b6 \u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u8fd0\u884c\u72ec\u7acb\u7684\u865a\u62df\u673a\u3002\u6b64\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u53ef\u4ee5\u5728\u64cd\u4f5c\u7cfb\u7edf\u4e2d\u8fd0\u884c\uff0c\u4e5f\u53ef\u4ee5\u76f4\u63a5\u5728\u786c\u4ef6\u4e0a\u8fd0\u884c\uff08\u79f0\u4e3a\u88f8\u673a\uff09\u3002\u5bf9\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u7684\u66f4\u65b0\u4e0d\u4f1a\u5411\u4e0b\u4f20\u64ad\u5230\u865a\u62df\u673a\u3002\u4f8b\u5982\uff0c\u5982\u679c\u90e8\u7f72\u4f7f\u7528\u7684\u662f XenServer\uff0c\u5e76\u4e14\u5177\u6709\u4e00\u7ec4 Debian \u865a\u62df\u673a\uff0c\u5219\u5bf9 XenServer \u7684\u66f4\u65b0\u4e0d\u4f1a\u66f4\u65b0 Debian \u865a\u62df\u673a\u4e0a\u8fd0\u884c\u7684\u4efb\u4f55\u5185\u5bb9\u3002 \u56e0\u6b64\uff0c\u6211\u4eec\u5efa\u8bae\u5206\u914d\u865a\u62df\u673a\u7684\u660e\u786e\u6240\u6709\u6743\uff0c\u5e76\u7531\u8fd9\u4e9b\u6240\u6709\u8005\u8d1f\u8d23\u865a\u62df\u673a\u7684\u5f3a\u5316\u3001\u90e8\u7f72\u548c\u6301\u7eed\u529f\u80fd\u3002\u6211\u4eec\u8fd8\u5efa\u8bae\u5b9a\u671f\u90e8\u7f72\u66f4\u65b0\u3002\u8fd9\u4e9b\u8865\u4e01\u5e94\u5728\u5c3d\u53ef\u80fd\u63a5\u8fd1\u751f\u4ea7\u73af\u5883\u7684\u73af\u5883\u4e2d\u8fdb\u884c\u6d4b\u8bd5\uff0c\u4ee5\u786e\u4fdd\u8865\u4e01\u80cc\u540e\u7684\u95ee\u9898\u7684\u7a33\u5b9a\u6027\u548c\u89e3\u51b3\u65b9\u6848\u3002 \u9632\u706b\u5899\u548c\u5176\u4ed6\u57fa\u4e8e\u4e3b\u673a\u7684\u5b89\u5168\u63a7\u5236 \u00b6 \u6700\u5e38\u89c1\u7684\u64cd\u4f5c\u7cfb\u7edf\u5305\u62ec\u57fa\u4e8e\u4e3b\u673a\u7684\u9632\u706b\u5899\uff0c\u4ee5\u63d0\u9ad8\u5b89\u5168\u6027\u3002\u867d\u7136\u6211\u4eec\u5efa\u8bae\u865a\u62df\u673a\u8fd0\u884c\u5c3d\u53ef\u80fd\u5c11\u7684\u5e94\u7528\u7a0b\u5e8f\uff08\u5982\u679c\u53ef\u80fd\u7684\u8bdd\uff0c\u8fbe\u5230\u5355\u4e00\u7528\u9014\u5b9e\u4f8b\u7684\u7a0b\u5ea6\uff09\uff0c\u4f46\u5e94\u5206\u6790\u865a\u62df\u673a\u4e0a\u8fd0\u884c\u7684\u6240\u6709\u5e94\u7528\u7a0b\u5e8f\uff0c\u4ee5\u786e\u5b9a\u5e94\u7528\u7a0b\u5e8f\u9700\u8981\u8bbf\u95ee\u54ea\u4e9b\u7cfb\u7edf\u8d44\u6e90\u3001\u8fd0\u884c\u6240\u9700\u7684\u6700\u4f4e\u7279\u6743\u7ea7\u522b\uff0c\u4ee5\u53ca\u5c06\u8fdb\u51fa\u865a\u62df\u673a\u7684\u9884\u671f\u7f51\u7edc\u6d41\u91cf\u3002\u6b64\u9884\u671f\u6d41\u91cf\u5e94\u4f5c\u4e3a\u5141\u8bb8\u7684\u6d41\u91cf\uff08\u6216\u5217\u5165\u767d\u540d\u5355\uff09\u6dfb\u52a0\u5230\u57fa\u4e8e\u4e3b\u673a\u7684\u9632\u706b\u5899\u4e2d\uff0c\u4ee5\u53ca\u4efb\u4f55\u5fc5\u8981\u7684\u65e5\u5fd7\u8bb0\u5f55\u548c\u7ba1\u7406\u901a\u4fe1\uff0c\u4f8b\u5982 SSH \u6216 RDP\u3002\u5e94\u5728\u9632\u706b\u5899\u914d\u7f6e\u4e2d\u660e\u786e\u62d2\u7edd\u6240\u6709\u5176\u4ed6\u6d41\u91cf\u3002 \u5728 Linux \u865a\u62df\u673a\u4e0a\uff0c\u4e0a\u8ff0\u5e94\u7528\u7a0b\u5e8f\u914d\u7f6e\u6587\u4ef6\u53ef\u4ee5\u4e0e audit2allow \u7b49\u5de5\u5177\u7ed3\u5408\u4f7f\u7528\uff0c\u4ee5\u6784\u5efa SELinux \u7b56\u7565\uff0c\u4ee5\u8fdb\u4e00\u6b65\u4fdd\u62a4\u5927\u591a\u6570 Linux \u53d1\u884c\u7248\u4e0a\u7684\u654f\u611f\u7cfb\u7edf\u4fe1\u606f\u3002SELinux \u4f7f\u7528\u7528\u6237\u3001\u7b56\u7565\u548c\u5b89\u5168\u4e0a\u4e0b\u6587\u7684\u7ec4\u5408\u6765\u5212\u5206\u5e94\u7528\u7a0b\u5e8f\u8fd0\u884c\u6240\u9700\u7684\u8d44\u6e90\uff0c\u5e76\u5c06\u5176\u4e0e\u5176\u4ed6\u4e0d\u9700\u8981\u7684\u7cfb\u7edf\u8d44\u6e90\u533a\u5206\u5f00\u6765\u3002 OpenStack \u4e3a\u4e3b\u673a\u548c\u7f51\u7edc\u63d0\u4f9b\u5b89\u5168\u7ec4\uff0c\u4ee5\u589e\u52a0\u5bf9\u7ed9\u5b9a\u9879\u76ee\u4e2d\u865a\u62df\u673a\u7684\u6df1\u5ea6\u9632\u5fa1\u3002\u8fd9\u4e9b\u89c4\u5219\u7c7b\u4f3c\u4e8e\u57fa\u4e8e\u4e3b\u673a\u7684\u9632\u706b\u5899\uff0c\u56e0\u4e3a\u5b83\u4eec\u6839\u636e\u7aef\u53e3\u3001\u534f\u8bae\u548c\u5730\u5740\u5141\u8bb8\u6216\u62d2\u7edd\u4f20\u5165\u6d41\u91cf\uff0c\u4f46\u5b89\u5168\u7ec4\u89c4\u5219\u4ec5\u9002\u7528\u4e8e\u4f20\u5165\u6d41\u91cf\uff0c\u800c\u57fa\u4e8e\u4e3b\u673a\u7684\u9632\u706b\u5899\u89c4\u5219\u80fd\u591f\u5e94\u7528\u4e8e\u4f20\u5165\u548c\u4f20\u51fa\u6d41\u91cf\u3002\u4e3b\u673a\u548c\u7f51\u7edc\u5b89\u5168\u7ec4\u89c4\u5219\u4e5f\u53ef\u80fd\u53d1\u751f\u51b2\u7a81\u5e76\u62d2\u7edd\u5408\u6cd5\u6d41\u91cf\u3002\u6211\u4eec\u5efa\u8bae\u786e\u4fdd\u4e3a\u6b63\u5728\u4f7f\u7528\u7684\u7f51\u7edc\u6b63\u786e\u914d\u7f6e\u5b89\u5168\u7ec4\u3002\u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u672c\u6307\u5357\u4e2d\u7684\u5b89\u5168\u7ec4\u3002 \u76d1\u89c6\u548c\u65e5\u5fd7\u8bb0\u5f55 \u00b6 \u5728\u4e91\u73af\u5883\u4e2d\uff0c\u786c\u4ef6\u3001\u64cd\u4f5c\u7cfb\u7edf\u3001\u865a\u62df\u673a\u7ba1\u7406\u5668\u3001OpenStack \u670d\u52a1\u3001\u4e91\u7528\u6237\u6d3b\u52a8\uff08\u4f8b\u5982\u521b\u5efa\u5b9e\u4f8b\u548c\u9644\u52a0\u5b58\u50a8\uff09\u3001\u7f51\u7edc\u4ee5\u53ca\u4f7f\u7528\u5728\u5404\u79cd\u5b9e\u4f8b\u4e0a\u8fd0\u884c\u7684\u5e94\u7528\u7a0b\u5e8f\u7684\u6700\u7ec8\u7528\u6237\u6df7\u5408\u5728\u4e00\u8d77\u3002 \u65e5\u5fd7\u8bb0\u5f55\u7684\u57fa\u7840\u77e5\u8bc6\uff1a\u914d\u7f6e\u3001\u8bbe\u7f6e\u65e5\u5fd7\u7ea7\u522b\u3001\u65e5\u5fd7\u6587\u4ef6\u7684\u4f4d\u7f6e\u3001\u5982\u4f55\u4f7f\u7528\u548c\u81ea\u5b9a\u4e49\u65e5\u5fd7\uff0c\u4ee5\u53ca\u5982\u4f55\u96c6\u4e2d\u6536\u96c6\u65e5\u5fd7\uff0c\u8fd9\u4e9b\u5728 OpenStack \u64cd\u4f5c\u6307\u5357\u4e2d\u90fd\u6709\u5f88\u597d\u7684\u4ecb\u7ecd\u3002 \u53d6\u8bc1\u548c\u4e8b\u4ef6\u54cd\u5e94 \u76d1\u63a7\u7528\u4f8b \u53c2\u8003\u4e66\u76ee \u53d6\u8bc1\u548c\u4e8b\u4ef6\u54cd\u5e94 \u00b6 \u65e5\u5fd7\u7684\u751f\u6210\u548c\u6536\u96c6\u662f\u5b89\u5168\u76d1\u63a7 OpenStack \u57fa\u7840\u67b6\u6784\u7684\u91cd\u8981\u7ec4\u6210\u90e8\u5206\u3002\u65e5\u5fd7\u63d0\u4f9b\u5bf9\u7ba1\u7406\u5458\u3001\u79df\u6237\u548c\u6765\u5bbe\u65e5\u5e38\u64cd\u4f5c\u7684\u53ef\u89c1\u6027\uff0c\u4ee5\u53ca\u8ba1\u7b97\u3001\u7f51\u7edc\u548c\u5b58\u50a8\u4ee5\u53ca\u6784\u6210 OpenStack \u90e8\u7f72\u7684\u5176\u4ed6\u7ec4\u4ef6\u4e2d\u7684\u6d3b\u52a8\u3002 \u65e5\u5fd7\u4e0d\u4ec5\u5bf9\u4e3b\u52a8\u5b89\u5168\u548c\u6301\u7eed\u5408\u89c4\u6027\u6d3b\u52a8\u5f88\u6709\u4ef7\u503c\uff0c\u800c\u4e14\u4e5f\u662f\u8c03\u67e5\u548c\u54cd\u5e94\u4e8b\u4ef6\u7684\u5b9d\u8d35\u4fe1\u606f\u6e90\u3002 \u4f8b\u5982\uff0c\u5206\u6790\u8eab\u4efd\u670d\u52a1\u6216\u5176\u66ff\u4ee3\u8eab\u4efd\u9a8c\u8bc1\u7cfb\u7edf\u7684\u8bbf\u95ee\u65e5\u5fd7\u4f1a\u63d0\u9192\u6211\u4eec\u767b\u5f55\u5931\u8d25\u3001\u9891\u7387\u3001\u6e90 IP\u3001\u4e8b\u4ef6\u662f\u5426\u4ec5\u9650\u4e8e\u9009\u62e9\u5e10\u6237\u548c\u5176\u4ed6\u76f8\u5173\u4fe1\u606f\u3002\u65e5\u5fd7\u5206\u6790\u652f\u6301\u68c0\u6d4b\u3002 \u53ef\u4ee5\u91c7\u53d6\u63aa\u65bd\u6765\u7f13\u89e3\u6f5c\u5728\u7684\u6076\u610f\u6d3b\u52a8\uff0c\u4f8b\u5982\u5c06 IP \u5730\u5740\u5217\u5165\u9ed1\u540d\u5355\u3001\u5efa\u8bae\u52a0\u5f3a\u7528\u6237\u5bc6\u7801\u6216\u505c\u7528\u88ab\u89c6\u4e3a\u4f11\u7720\u7684\u7528\u6237\u5e10\u6237\u3002 \u76d1\u63a7\u7528\u4f8b \u00b6 \u4e8b\u4ef6\u76d1\u63a7\u662f\u4e00\u79cd\u66f4\u4e3b\u52a8\u7684\u65b9\u6cd5\uff0c\u53ef\u4ee5\u4fdd\u62a4\u73af\u5883\uff0c\u63d0\u4f9b\u5b9e\u65f6\u68c0\u6d4b\u548c\u54cd\u5e94\u3002\u6709\u51e0\u79cd\u5de5\u5177\u53ef\u4ee5\u5e2e\u52a9\u8fdb\u884c\u76d1\u63a7\u3002 \u5bf9\u4e8eOpenStack\u4e91\u5b9e\u4f8b\uff0c\u6211\u4eec\u9700\u8981\u76d1\u63a7\u786c\u4ef6\u3001OpenStack\u670d\u52a1\u548c\u4e91\u8d44\u6e90\u4f7f\u7528\u60c5\u51b5\u3002\u540e\u8005\u6e90\u4e8e\u5e0c\u671b\u5177\u6709\u5f39\u6027\uff0c\u4ee5\u9002\u5e94\u7528\u6237\u7684\u52a8\u6001\u9700\u6c42\u3002 \u4ee5\u4e0b\u662f\u5728\u5b9e\u65bd\u65e5\u5fd7\u805a\u5408\u3001\u5206\u6790\u548c\u76d1\u63a7\u65f6\u9700\u8981\u8003\u8651\u7684\u51e0\u4e2a\u91cd\u8981\u7528\u4f8b\u3002\u8fd9\u4e9b\u7528\u4f8b\u53ef\u4ee5\u901a\u8fc7\u5404\u79cd\u5e94\u7528\u7a0b\u5e8f\u3001\u5de5\u5177\u6216\u811a\u672c\u6765\u5b9e\u73b0\u548c\u76d1\u63a7\u3002\u6709\u5f00\u6e90\u548c\u5546\u4e1a\u89e3\u51b3\u65b9\u6848\uff0c\u4e00\u4e9b\u8fd0\u8425\u5546\u5f00\u53d1\u81ea\u5df1\u7684\u5185\u90e8\u89e3\u51b3\u65b9\u6848\u3002\u8fd9\u4e9b\u5de5\u5177\u548c\u811a\u672c\u53ef\u4ee5\u751f\u6210\u4e8b\u4ef6\uff0c\u8fd9\u4e9b\u4e8b\u4ef6\u53ef\u4ee5\u901a\u8fc7\u7535\u5b50\u90ae\u4ef6\u53d1\u9001\u7ed9\u7ba1\u7406\u5458\u6216\u5728\u96c6\u6210\u4eea\u8868\u677f\u4e2d\u67e5\u770b\u3002\u8bf7\u52a1\u5fc5\u8003\u8651\u53ef\u80fd\u9002\u7528\u4e8e\u60a8\u7684\u7279\u5b9a\u7f51\u7edc\u7684\u5176\u4ed6\u7528\u4f8b\uff0c\u4ee5\u53ca\u60a8\u53ef\u80fd\u8ba4\u4e3a\u7684\u5f02\u5e38\u884c\u4e3a\u3002 \u68c0\u6d4b\u65e5\u5fd7\u751f\u6210\u7f3a\u5931\u662f\u4e00\u4e2a\u5177\u6709\u5f88\u9ad8\u4ef7\u503c\u7684\u4e8b\u4ef6\u3002\u6b64\u7c7b\u4e8b\u4ef6\u5c06\u8868\u660e\u670d\u52a1\u5931\u8d25\uff0c\u751a\u81f3\u8868\u793a\u5165\u4fb5\u8005\u6682\u65f6\u5173\u95ed\u4e86\u65e5\u5fd7\u8bb0\u5f55\u6216\u4fee\u6539\u4e86\u65e5\u5fd7\u7ea7\u522b\u4ee5\u9690\u85cf\u5176\u8e2a\u8ff9\u3002 \u5e94\u7528\u7a0b\u5e8f\u4e8b\u4ef6\uff08\u5982\u8ba1\u5212\u5916\u7684\u542f\u52a8\u6216\u505c\u6b62\u4e8b\u4ef6\uff09\u4e5f\u662f\u8981\u76d1\u89c6\u548c\u68c0\u67e5\u53ef\u80fd\u7684\u5b89\u5168\u9690\u60a3\u7684\u4e8b\u4ef6\u3002 OpenStack \u670d\u52a1\u673a\u5668\u4e0a\u7684\u64cd\u4f5c\u7cfb\u7edf\u4e8b\u4ef6\uff08\u5982\u7528\u6237\u767b\u5f55\u6216\u91cd\u65b0\u542f\u52a8\uff09\u4e5f\u4e3a\u7cfb\u7edf\u7684\u6b63\u786e\u548c\u4e0d\u5f53\u4f7f\u7528\u63d0\u4f9b\u4e86\u6709\u4ef7\u503c\u7684\u89c1\u89e3\u3002 \u80fd\u591f\u68c0\u6d4bOpenStack\u670d\u52a1\u5668\u4e0a\u7684\u8d1f\u8f7d\u8fd8\u53ef\u4ee5\u901a\u8fc7\u5f15\u5165\u5176\u4ed6\u670d\u52a1\u5668\u8fdb\u884c\u8d1f\u8f7d\u5e73\u8861\u6765\u505a\u51fa\u54cd\u5e94\uff0c\u4ee5\u786e\u4fdd\u9ad8\u53ef\u7528\u6027\u3002 \u5176\u4ed6\u53ef\u64cd\u4f5c\u7684\u4e8b\u4ef6\u5305\u62ec\u7f51\u7edc\u7f51\u6865\u5173\u95ed\u3001\u8ba1\u7b97\u8282\u70b9\u4e0a\u7684 IP \u8868\u88ab\u5237\u65b0\uff0c\u4ee5\u53ca\u968f\u4e4b\u800c\u6765\u7684\u5bf9\u5b9e\u4f8b\u7684\u8bbf\u95ee\u4e22\u5931\uff0c\u5bfc\u81f4\u5ba2\u6237\u4e0d\u6ee1\u610f\u3002 \u4e3a\u4e86\u964d\u4f4e\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u5220\u9664\u7528\u6237\u3001\u79df\u6237\u6216\u57df\u65f6\u5b64\u7acb\u5b9e\u4f8b\u7684\u5b89\u5168\u98ce\u9669\uff0c\u6211\u4eec\u8ba8\u8bba\u4e86\u5728\u7cfb\u7edf\u4e2d\u751f\u6210\u901a\u77e5\uff0c\u5e76\u8ba9 OpenStack \u7ec4\u4ef6\u9002\u5f53\u5730\u54cd\u5e94\u8fd9\u4e9b\u4e8b\u4ef6\uff0c\u4f8b\u5982\u7ec8\u6b62\u5b9e\u4f8b\u3001\u65ad\u5f00\u8fde\u63a5\u7684\u5377\u3001\u56de\u6536 CPU \u548c\u5b58\u50a8\u8d44\u6e90\u7b49\u3002 \u4e91\u5c06\u6258\u7ba1\u8bb8\u591a\u865a\u62df\u5b9e\u4f8b\uff0c\u5e76\u4e14\u76d1\u89c6\u8fd9\u4e9b\u5b9e\u4f8b\u8d85\u51fa\u4e86\u53ef\u80fd\u4ec5\u5305\u542b CRUD \u4e8b\u4ef6\u7684\u786c\u4ef6\u76d1\u89c6\u548c\u65e5\u5fd7\u6587\u4ef6\u3002 \u5b89\u5168\u76d1\u63a7\u63a7\u5236\uff08\u5982\u5165\u4fb5\u68c0\u6d4b\u8f6f\u4ef6\u3001\u9632\u75c5\u6bd2\u8f6f\u4ef6\u4ee5\u53ca\u95f4\u8c0d\u8f6f\u4ef6\u68c0\u6d4b\u548c\u5220\u9664\u5b9e\u7528\u7a0b\u5e8f\uff09\u53ef\u4ee5\u751f\u6210\u65e5\u5fd7\uff0c\u663e\u793a\u653b\u51fb\u6216\u5165\u4fb5\u53d1\u751f\u7684\u65f6\u95f4\u548c\u65b9\u5f0f\u3002\u5728\u4e91\u8ba1\u7b97\u673a\u4e0a\u90e8\u7f72\u8fd9\u4e9b\u5de5\u5177\u53ef\u63d0\u4f9b\u4ef7\u503c\u548c\u4fdd\u62a4\u3002\u4e91\u7528\u6237\uff0c\u5373\u5728\u4e91\u4e0a\u8fd0\u884c\u5b9e\u4f8b\u7684\u7528\u6237\uff0c\u53ef\u80fd\u4e5f\u5e0c\u671b\u5728\u5176\u5b9e\u4f8b\u4e0a\u8fd0\u884c\u6b64\u7c7b\u5de5\u5177\u3002 \u53c2\u8003\u4e66\u76ee \u00b6 Siwczak, Piotr\uff0c\u5728 OpenStack \u4e91\u4e2d\u8fdb\u884c\u76d1\u63a7\u7684\u4e00\u4e9b\u5b9e\u9645\u6ce8\u610f\u4e8b\u9879\u30022012. blog.sflow.com\uff0c sflow\uff1a\u4e3b\u673a sFlow \u5206\u5e03\u5f0f\u4ee3\u7406\u30022012. blog.sflow.com\uff0csflow\uff1aLAN \u548c WAN\u30022009. blog.sflow.com\u3001sflow\uff1a\u5feb\u901f\u68c0\u6d4b\u5927\u6d41\u91cf sFlow \u4e0e NetFlow/IPFIX\u30022013. \u5408\u89c4 \u00b6 OpenStack \u90e8\u7f72\u53ef\u80fd\u9700\u8981\u51fa\u4e8e\u591a\u79cd\u76ee\u7684\u8fdb\u884c\u5408\u89c4\u6027\u6d3b\u52a8\uff0c\u4f8b\u5982\u6cd5\u89c4\u548c\u6cd5\u5f8b\u8981\u6c42\u3001\u5ba2\u6237\u9700\u6c42\u3001\u9690\u79c1\u6ce8\u610f\u4e8b\u9879\u548c\u5b89\u5168\u6700\u4f73\u5b9e\u8df5\u3002\u5408\u89c4\u529f\u80fd\u5bf9\u4f01\u4e1a\u53ca\u5176\u5ba2\u6237\u5f88\u91cd\u8981\u3002\u5408\u89c4\u610f\u5473\u7740\u9075\u5b88\u6cd5\u89c4\u3001\u89c4\u8303\u3001\u6807\u51c6\u548c\u6cd5\u5f8b\u3002\u5b83\u8fd8\u7528\u4e8e\u63cf\u8ff0\u6709\u5173\u8bc4\u4f30\u3001\u5ba1\u6838\u548c\u8ba4\u8bc1\u7684\u7ec4\u7ec7\u72b6\u6001\u3002\u5982\u679c\u64cd\u4f5c\u5f97\u5f53\uff0c\u5408\u89c4\u6027\u53ef\u4ee5\u7edf\u4e00\u548c\u52a0\u5f3a\u672c\u6307\u5357\u4e2d\u8ba8\u8bba\u7684\u5176\u4ed6\u5b89\u5168\u4e3b\u9898\u3002 \u672c\u7ae0\u6709\u51e0\u4e2a\u76ee\u6807\uff1a \u67e5\u770b\u5e38\u89c1\u7684\u5b89\u5168\u539f\u5219\u3002 \u8ba8\u8bba\u5e38\u89c1\u7684\u63a7\u5236\u6846\u67b6\u548c\u8ba4\u8bc1\u8d44\u6e90\uff0c\u4ee5\u5b9e\u73b0\u884c\u4e1a\u8ba4\u8bc1\u6216\u76d1\u7ba1\u673a\u6784\u8ba4\u8bc1\u3002 \u5728\u8bc4\u4f30 OpenStack \u90e8\u7f72\u65f6\uff0c\u53ef\u4f5c\u4e3a\u5ba1\u8ba1\u4eba\u5458\u7684\u53c2\u8003\u3002 \u4ecb\u7ecd\u7279\u5b9a\u4e8e OpenStack \u548c\u4e91\u73af\u5883\u7684\u9690\u79c1\u6ce8\u610f\u4e8b\u9879\u3002 \u5408\u89c4\u6027\u6982\u8ff0 \u5b89\u5168\u539f\u5219 \u5e38\u89c1\u63a7\u5236\u6846\u67b6 \u5ba1\u6838\u53c2\u8003 \u4e86\u89e3\u5ba1\u6838\u6d41\u7a0b \u786e\u5b9a\u5ba1\u8ba1\u8303\u56f4 \u5ba1\u8ba1\u9636\u6bb5 \u5185\u90e8\u5ba1\u8ba1 \u51c6\u5907\u5916\u90e8\u5ba1\u8ba1 \u5916\u90e8\u5ba1\u8ba1 \u5408\u89c4\u6027\u7ef4\u62a4 \u5408\u89c4\u6d3b\u52a8 \u4fe1\u606f\u5b89\u5168\u7ba1\u7406\u7cfb\u7edf\uff08ISMS\uff09 \u98ce\u9669\u8bc4\u4f30 \u8bbf\u95ee\u548c\u65e5\u5fd7\u5ba1\u67e5 \u5907\u4efd\u548c\u707e\u96be\u6062\u590d \u5b89\u5168\u57f9\u8bad \u5b89\u5168\u5ba1\u67e5 \u6f0f\u6d1e\u7ba1\u7406 \u6570\u636e\u5206\u7c7b \u5f02\u5e38\u8fc7\u7a0b \u8ba4\u8bc1\u548c\u5408\u89c4\u58f0\u660e \u5546\u4e1a\u6807\u51c6 \u653f\u5e9c\u6807\u51c6 \u9690\u79c1 \u5408\u89c4\u6027\u6982\u8ff0 \u00b6 \u5b89\u5168\u539f\u5219 \u00b6 \u884c\u4e1a\u6807\u51c6\u5b89\u5168\u539f\u5219\u4e3a\u5408\u89c4\u6027\u8ba4\u8bc1\u548c\u8bc1\u660e\u63d0\u4f9b\u4e86\u57fa\u51c6\u3002\u5982\u679c\u5728\u6574\u4e2a OpenStack \u90e8\u7f72\u8fc7\u7a0b\u4e2d\u8003\u8651\u548c\u5f15\u7528\u8fd9\u4e9b\u539f\u5219\uff0c\u5219\u53ef\u4ee5\u7b80\u5316\u8ba4\u8bc1\u6d3b\u52a8\u3002 \u5206\u5c42\u9632\u5fa1 \u00b6 \u786e\u5b9a\u4e91\u67b6\u6784\u4e2d\u5b58\u5728\u98ce\u9669\u7684\u4f4d\u7f6e\uff0c\u5e76\u5e94\u7528\u63a7\u5236\u63aa\u65bd\u6765\u964d\u4f4e\u98ce\u9669\u3002\u5728\u91cd\u5927\u5173\u6ce8\u9886\u57df\uff0c\u5206\u5c42\u9632\u5fa1\u63d0\u4f9b\u591a\u79cd\u4e92\u8865\u63a7\u5236\uff0c\u5c06\u98ce\u9669\u7ba1\u7406\u5230\u53ef\u63a5\u53d7\u7684\u6c34\u5e73\u3002\u4f8b\u5982\uff0c\u4e3a\u4e86\u786e\u4fdd\u4e91\u79df\u6237\u4e4b\u95f4\u7684\u5145\u5206\u9694\u79bb\uff0c\u6211\u4eec\u5efa\u8bae\u5f3a\u5316 QEMU\uff0c\u4f7f\u7528\u652f\u6301 SELinux \u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\uff0c\u5b9e\u65bd\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236\u7b56\u7565\uff0c\u5e76\u51cf\u5c11\u6574\u4f53\u653b\u51fb\u9762\u3002\u57fa\u672c\u539f\u5219\u662f\u7528\u591a\u5c42\u9632\u5fa1\u6765\u5f3a\u5316\u5173\u6ce8\u533a\u57df\uff0c\u8fd9\u6837\uff0c\u5982\u679c\u4efb\u4f55\u4e00\u5c42\u53d7\u5230\u635f\u5bb3\uff0c\u5176\u4ed6\u5c42\u5c06\u5b58\u5728\u4ee5\u63d0\u4f9b\u4fdd\u62a4\u5e76\u6700\u5927\u9650\u5ea6\u5730\u51cf\u5c11\u66b4\u9732\u3002 \u5b89\u5168\u5931\u8d25 \u00b6 \u5728\u53d1\u751f\u6545\u969c\u7684\u60c5\u51b5\u4e0b\uff0c\u7cfb\u7edf\u5e94\u914d\u7f6e\u4e3a\u5728\u5173\u95ed\u7684\u5b89\u5168\u72b6\u6001\u4e2d\u5931\u8d25\u3002\u4f8b\u5982\uff0c\u5982\u679cTLS\u8bc1\u4e66\u9a8c\u8bc1\u672a\u901a\u8fc7\uff0c\u5373CNAME\u4e0e\u670d\u52a1\u5668\u7684DNS\u540d\u79f0\u4e0d\u5339\u914d\uff0c\u5e94\u901a\u8fc7\u5207\u65ad\u7f51\u7edc\u8fde\u63a5\u6765\u5b89\u5168\u5931\u8d25\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u8f6f\u4ef6\u901a\u5e38\u4f1a\u4ee5\u5f00\u653e\u65b9\u5f0f\u5931\u8d25\uff0c\u5141\u8bb8\u8fde\u63a5\u5728\u6ca1\u6709CNAME\u5339\u914d\u7684\u60c5\u51b5\u4e0b\u7ee7\u7eed\u8fdb\u884c\uff0c\u8fd9\u6837\u4e0d\u591f\u5b89\u5168\uff0c\u4e5f\u4e0d\u5efa\u8bae\u3002 \u6700\u5c0f\u6743\u9650 \u00b6 \u4ec5\u6388\u4e88\u7528\u6237\u548c\u7cfb\u7edf\u670d\u52a1\u7684\u6700\u4f4e\u8bbf\u95ee\u7ea7\u522b\u3002\u8fd9\u79cd\u8bbf\u95ee\u57fa\u4e8e\u89d2\u8272\u3001\u804c\u8d23\u548c\u5de5\u4f5c\u804c\u80fd\u3002\u8fd9\u79cd\u6700\u5c0f\u7279\u6743\u5b89\u5168\u539f\u5219\u5df2\u5199\u5165\u591a\u4e2a\u56fd\u9645\u653f\u5e9c\u5b89\u5168\u7b56\u7565\u4e2d\uff0c\u4f8b\u5982\u7f8e\u56fd\u5883\u5185\u7684 NIST 800-53 \u7b2c AC-6 \u8282\u3002 \u5206\u9694 \u00b6 \u7cfb\u7edf\u5e94\u4ee5\u8fd9\u6837\u4e00\u79cd\u65b9\u5f0f\u9694\u79bb\uff0c\u5373\u5982\u679c\u4e00\u53f0\u8ba1\u7b97\u673a\u6216\u7cfb\u7edf\u7ea7\u670d\u52a1\u53d7\u5230\u635f\u5bb3\uff0c\u5176\u4ed6\u7cfb\u7edf\u7684\u5b89\u5168\u6027\u5c06\u4fdd\u6301\u4e0d\u53d8\u3002\u5b9e\u9645\u4e0a\uff0cSELinux \u7684\u542f\u7528\u548c\u6b63\u786e\u4f7f\u7528\u6709\u52a9\u4e8e\u5b9e\u73b0\u8fd9\u4e00\u76ee\u6807\u3002 \u4fc3\u8fdb\u9690\u79c1 \u00b6 \u5e94\u5c3d\u91cf\u51cf\u5c11\u53ef\u4ee5\u6536\u96c6\u7684\u6709\u5173\u7cfb\u7edf\u53ca\u5176\u7528\u6237\u7684\u4fe1\u606f\u91cf\u3002 \u65e5\u5fd7\u8bb0\u5f55\u80fd\u529b \u00b6 \u5b9e\u65bd\u9002\u5f53\u7684\u65e5\u5fd7\u8bb0\u5f55\u4ee5\u76d1\u63a7\u672a\u7ecf\u6388\u6743\u7684\u4f7f\u7528\u3001\u4e8b\u4ef6\u54cd\u5e94\u548c\u53d6\u8bc1\u3002\u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\u9009\u5b9a\u7684\u5ba1\u8ba1\u5b50\u7cfb\u7edf\u901a\u8fc7\u901a\u7528\u6807\u51c6\u8ba4\u8bc1\uff0c\u8be5\u6807\u51c6\u5728\u5927\u591a\u6570\u56fd\u5bb6/\u5730\u533a\u63d0\u4f9b\u4e0d\u53ef\u8bc1\u660e\u7684\u4e8b\u4ef6\u8bb0\u5f55\u3002 \u5e38\u7528\u63a7\u5236\u6846\u67b6 \u00b6 \u4ee5\u4e0b\u662f\u7ec4\u7ec7\u53ef\u7528\u4e8e\u6784\u5efa\u5176\u5b89\u5168\u63a7\u5236\u7684\u63a7\u5236\u6846\u67b6\u5217\u8868\u3002 \u4e91\u5b89\u5168\u8054\u76df \uff08CSA\uff09 \u901a\u7528\u63a7\u5236\u77e9\u9635 \uff08CCM\uff09 CSA CCM \u4e13\u95e8\u7528\u4e8e\u63d0\u4f9b\u57fa\u672c\u7684\u5b89\u5168\u539f\u5219\uff0c\u4ee5\u6307\u5bfc\u4e91\u4f9b\u5e94\u5546\u5e76\u5e2e\u52a9\u6f5c\u5728\u7684\u4e91\u5ba2\u6237\u8bc4\u4f30\u4e91\u63d0\u4f9b\u5546\u7684\u6574\u4f53\u5b89\u5168\u98ce\u9669\u3002CSA CCM \u63d0\u4f9b\u4e86\u4e00\u4e2a\u8de8 16 \u4e2a\u5b89\u5168\u57df\u4fdd\u6301\u4e00\u81f4\u7684\u63a7\u5236\u6846\u67b6\u3002\u4e91\u63a7\u5236\u77e9\u9635\u7684\u57fa\u7840\u5728\u4e8e\u5176\u4e0e\u5176\u4ed6\u884c\u4e1a\u6807\u51c6\u3001\u6cd5\u89c4\u548c\u63a7\u5236\u6846\u67b6\u7684\u5b9a\u5236\u5173\u7cfb\uff0c\u4f8b\u5982\uff1aISO 27001\uff1a2013\u3001COBIT 5.0\u3001PCI\uff1aDSS v3\u3001AICPA 2014 \u4fe1\u4efb\u670d\u52a1\u539f\u5219\u548c\u6807\u51c6\uff0c\u5e76\u589e\u5f3a\u4e86\u670d\u52a1\u7ec4\u7ec7\u63a7\u5236\u62a5\u544a\u8bc1\u660e\u7684\u5185\u90e8\u63a7\u5236\u65b9\u5411\u3002 CSA CCM \u901a\u8fc7\u51cf\u5c11\u4e91\u4e2d\u7684\u5b89\u5168\u5a01\u80c1\u548c\u6f0f\u6d1e\u6765\u52a0\u5f3a\u73b0\u6709\u7684\u4fe1\u606f\u5b89\u5168\u63a7\u5236\u73af\u5883\uff0c\u63d0\u4f9b\u6807\u51c6\u5316\u7684\u5b89\u5168\u548c\u8fd0\u8425\u98ce\u9669\u7ba1\u7406\uff0c\u5e76\u5bfb\u6c42\u89c4\u8303\u5316\u5b89\u5168\u671f\u671b\u3001\u4e91\u5206\u7c7b\u548c\u672f\u8bed\u4ee5\u53ca\u5728\u4e91\u4e2d\u5b9e\u65bd\u7684\u5b89\u5168\u63aa\u65bd\u3002 ISO 27001/2:2013 ISO 27001/2\uff1a2013 \u8ba4\u8bc1 ISO 27001 \u4fe1\u606f\u5b89\u5168\u6807\u51c6\u548c\u8ba4\u8bc1\u591a\u5e74\u6765\u4e00\u76f4\u7528\u4e8e\u8bc4\u4f30\u548c\u533a\u5206\u7ec4\u7ec7\u662f\u5426\u7b26\u5408\u4fe1\u606f\u5b89\u5168\u6700\u4f73\u5b9e\u8df5\u3002\u8be5\u6807\u51c6\u7531\u4e24\u90e8\u5206\u7ec4\u6210\uff1a\u5b9a\u4e49\u4fe1\u606f\u5b89\u5168\u7ba1\u7406\u7cfb\u7edf \uff08ISMS\uff09 \u7684\u5f3a\u5236\u6027\u6761\u6b3e\u548c\u5305\u542b\u6309\u9886\u57df\u7ec4\u7ec7\u7684\u63a7\u5236\u5217\u8868\u7684\u9644\u5f55 A\u3002 \u4fe1\u606f\u5b89\u5168\u7ba1\u7406\u7cfb\u7edf\u901a\u8fc7\u5e94\u7528\u98ce\u9669\u7ba1\u7406\u6d41\u7a0b\u6765\u4fdd\u6301\u4fe1\u606f\u7684\u673a\u5bc6\u6027\u3001\u5b8c\u6574\u6027\u548c\u53ef\u7528\u6027\uff0c\u5e76\u4f7f\u76f8\u5173\u65b9\u76f8\u4fe1\u98ce\u9669\u5f97\u5230\u5145\u5206\u7ba1\u7406\u3002 \u53ef\u4fe1\u5b89\u5168\u539f\u5219 \u4fe1\u6258\u670d\u52a1\u662f\u4e00\u5957\u57fa\u4e8e\u4e00\u5957\u6838\u5fc3\u539f\u5219\u548c\u6807\u51c6\u7684\u4e13\u4e1a\u8ba4\u8bc1\u548c\u54a8\u8be2\u670d\u52a1\uff0c\u7528\u4e8e\u89e3\u51b3 IT \u7cfb\u7edf\u548c\u9690\u79c1\u8ba1\u5212\u7684\u98ce\u9669\u548c\u673a\u9047\u3002\u901a\u5e38\u79f0\u4e3a SOC \u5ba1\u8ba1\uff0c\u8fd9\u4e9b\u539f\u5219\u5b9a\u4e49\u4e86\u8981\u6c42\u662f\u4ec0\u4e48\uff0c\u7ec4\u7ec7\u6709\u8d23\u4efb\u5b9a\u4e49\u6ee1\u8db3\u8981\u6c42\u7684\u63a7\u5236\u63aa\u65bd\u3002 \u5ba1\u8ba1\u53c2\u8003 \u00b6 OpenStack\u5728\u8bb8\u591a\u65b9\u9762\u90fd\u662f\u521b\u65b0\u7684\uff0c\u4f46\u662f\u7528\u4e8e\u5ba1\u8ba1OpenStack\u90e8\u7f72\u7684\u8fc7\u7a0b\u76f8\u5f53\u666e\u904d\u3002\u5ba1\u6838\u5458\u5c06\u6839\u636e\u4e24\u4e2a\u6807\u51c6\u8bc4\u4f30\u6d41\u7a0b\uff1a\u63a7\u5236\u662f\u5426\u6709\u6548\u8bbe\u8ba1\u4ee5\u53ca\u63a7\u5236\u662f\u5426\u6709\u6548\u8fd0\u884c\u3002\u4e86\u89e3\u5ba1\u8ba1\u5e08\u5982\u4f55\u8bc4\u4f30\u63a7\u5236\u63aa\u65bd\u662f\u5426\u6709\u6548\u8bbe\u8ba1\u548c\u8fd0\u884c\uff0c\u5c06\u5728\u201c\u4e86\u89e3\u5ba1\u8ba1\u8fc7\u7a0b\u201d\u4e00\u8282\u4e2d\u8ba8\u8bba\u3002 \u7528\u4e8e\u5ba1\u6838\u548c\u8bc4\u4f30\u4e91\u90e8\u7f72\u7684\u6700\u5e38\u89c1\u6846\u67b6\u5305\u62ec\u524d\u9762\u63d0\u5230\u7684 ISO 27001/2 \u4fe1\u606f\u5b89\u5168\u6807\u51c6\u3001ISACA \u7684\u4fe1\u606f\u548c\u76f8\u5173\u6280\u672f\u63a7\u5236\u76ee\u6807 \uff08COBIT\uff09 \u6846\u67b6\u3001\u7279\u96f7\u5fb7\u97e6\u59d4\u5458\u4f1a\u8d5e\u52a9\u7ec4\u7ec7\u59d4\u5458\u4f1a \uff08COSO\uff09 \u548c\u4fe1\u606f\u6280\u672f\u57fa\u7840\u8bbe\u65bd\u5e93 \uff08ITIL\uff09\u3002\u5ba1\u8ba1\u901a\u5e38\u5305\u62ec\u4e00\u4e2a\u6216\u591a\u4e2a\u8fd9\u4e9b\u6846\u67b6\u4e2d\u7684\u91cd\u70b9\u9886\u57df\u3002\u5e78\u8fd0\u7684\u662f\uff0c\u8fd9\u4e9b\u6846\u67b6\u4e4b\u95f4\u6709\u5f88\u591a\u91cd\u53e0\uff0c\u56e0\u6b64\u91c7\u7528\u6846\u67b6\u7684\u7ec4\u7ec7\u5c06\u5728\u5ba1\u8ba1\u65f6\u5904\u4e8e\u6709\u5229\u5730\u4f4d\u3002 \u4e86\u89e3\u5ba1\u6838\u6d41\u7a0b \u00b6 \u4fe1\u606f\u7cfb\u7edf\u5b89\u5168\u5408\u89c4\u6027\u4f9d\u8d56\u4e8e\u4e24\u4e2a\u57fa\u672c\u6d41\u7a0b\u7684\u5b8c\u6210\uff1a \u5b89\u5168\u63a7\u5236\u7684\u5b9e\u65bd\u548c\u64cd\u4f5c \u4f7f\u4fe1\u606f\u7cfb\u7edf\u4e0e\u8303\u56f4\u5185\u7684\u6807\u51c6\u548c\u6cd5\u89c4\u4fdd\u6301\u4e00\u81f4\u6d89\u53ca\u5185\u90e8\u4efb\u52a1\uff0c\u8fd9\u4e9b\u4efb\u52a1\u5fc5\u987b\u5728\u6b63\u5f0f\u8bc4\u4f30\u4e4b\u524d\u8fdb\u884c\u3002\u5ba1\u6838\u5458\u53ef\u80fd\u4f1a\u53c2\u4e0e\u6b64\u72b6\u6001\uff0c\u4ee5\u8fdb\u884c\u5dee\u8ddd\u5206\u6790\uff0c\u63d0\u4f9b\u6307\u5bfc\uff0c\u5e76\u589e\u52a0\u6210\u529f\u8ba4\u8bc1\u7684\u53ef\u80fd\u6027\u3002 \u72ec\u7acb\u9a8c\u8bc1\u548c\u786e\u8ba4 \u5728\u8bb8\u591a\u4fe1\u606f\u7cfb\u7edf\u83b7\u5f97\u8ba4\u8bc1\u72b6\u6001\u4e4b\u524d\uff0c\u9700\u8981\u5411\u4e2d\u7acb\u7684\u7b2c\u4e09\u65b9\u8bc1\u660e\u7cfb\u7edf\u5b89\u5168\u63a7\u5236\u5df2\u5b9e\u65bd\u5e76\u6709\u6548\u8fd0\u884c\uff0c\u7b26\u5408\u8303\u56f4\u5185\u7684\u6807\u51c6\u548c\u6cd5\u89c4\u3002\u8bb8\u591a\u8ba4\u8bc1\u9700\u8981\u5b9a\u671f\u5ba1\u6838\uff0c\u4ee5\u786e\u4fdd\u6301\u7eed\u8ba4\u8bc1\uff0c\u8fd9\u88ab\u8ba4\u4e3a\u662f\u603b\u4f53\u6301\u7eed\u76d1\u63a7\u5b9e\u8df5\u7684\u4e00\u90e8\u5206\u3002 \u786e\u5b9a\u5ba1\u8ba1\u8303\u56f4 \u00b6 \u786e\u5b9a\u5ba1\u8ba1\u8303\u56f4\uff0c\u7279\u522b\u662f\u9700\u8981\u54ea\u4e9b\u63a7\u5236\u63aa\u65bd\uff0c\u4ee5\u53ca\u5982\u4f55\u8bbe\u8ba1\u6216\u4fee\u6539OpenStack\u90e8\u7f72\u4ee5\u6ee1\u8db3\u8fd9\u4e9b\u63a7\u5236\u63aa\u65bd\uff0c\u5e94\u8be5\u662f\u6700\u521d\u7684\u89c4\u5212\u6b65\u9aa4\u3002 \u5728\u51fa\u4e8e\u5408\u89c4\u6027\u76ee\u7684\u786e\u5b9a OpenStack \u90e8\u7f72\u8303\u56f4\u65f6\uff0c\u5e94\u4f18\u5148\u8003\u8651\u5bf9\u654f\u611f\u670d\u52a1\u7684\u63a7\u5236\uff0c\u4f8b\u5982\u547d\u4ee4\u548c\u63a7\u5236\u529f\u80fd\u4ee5\u53ca\u57fa\u672c\u865a\u62df\u5316\u6280\u672f\u3002\u8fd9\u4e9b\u8bbe\u65bd\u7684\u59a5\u534f\u53ef\u80fd\u4f1a\u5f71\u54cd\u6574\u4e2a OpenStack \u73af\u5883\u3002 \u7f29\u5c0f\u8303\u56f4\u6709\u52a9\u4e8e\u786e\u4fdd OpenStack \u67b6\u6784\u5e08\u5efa\u7acb\u9488\u5bf9\u7279\u5b9a\u90e8\u7f72\u91cf\u8eab\u5b9a\u5236\u7684\u9ad8\u8d28\u91cf\u5b89\u5168\u63a7\u5236\uff0c\u4f46\u6700\u91cd\u8981\u7684\u662f\u786e\u4fdd\u8fd9\u4e9b\u5b9e\u8df5\u4e0d\u4f1a\u9057\u6f0f\u5b89\u5168\u5f3a\u5316\u4e2d\u7684\u533a\u57df\u6216\u529f\u80fd\u3002\u4e00\u4e2a\u5e38\u89c1\u7684\u4f8b\u5b50\u662fPCI-DSS\u51c6\u5219\uff0c\u5176\u4e2d\u4e0e\u652f\u4ed8\u76f8\u5173\u7684\u57fa\u7840\u8bbe\u65bd\u53ef\u80fd\u4f1a\u53d7\u5230\u5b89\u5168\u95ee\u9898\u7684\u5ba1\u67e5\uff0c\u4f46\u652f\u6301\u670d\u52a1\u88ab\u5ffd\u89c6\uff0c\u5e76\u4e14\u5bb9\u6613\u53d7\u5230\u653b\u51fb\u3002 \u5728\u89e3\u51b3\u5408\u89c4\u6027\u95ee\u9898\u65f6\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u786e\u5b9a\u9002\u7528\u4e8e\u591a\u4e2a\u8ba4\u8bc1\u7684\u5e38\u89c1\u9886\u57df\u548c\u6807\u51c6\u6765\u63d0\u9ad8\u6548\u7387\u5e76\u51cf\u5c11\u5de5\u4f5c\u91cf\u3002\u672c\u4e66\u4e2d\u8ba8\u8bba\u7684\u8bb8\u591a\u5ba1\u8ba1\u539f\u5219\u548c\u51c6\u5219\u5c06\u6709\u52a9\u4e8e\u786e\u5b9a\u8fd9\u4e9b\u63a7\u5236\u63aa\u65bd\uff0c\u6b64\u5916\uff0c\u4e00\u4e9b\u5916\u90e8\u5b9e\u4f53\u63d0\u4f9b\u4e86\u5168\u9762\u7684\u6e05\u5355\u3002\u4ee5\u4e0b\u662f\u4e00\u4e9b\u793a\u4f8b\uff1a \u4e91\u5b89\u5168\u8054\u76df\u4e91\u63a7\u5236\u77e9\u9635 \uff08CCM\uff09 \u53ef\u5e2e\u52a9\u4e91\u63d0\u4f9b\u5546\u548c\u6d88\u8d39\u8005\u8bc4\u4f30\u4e91\u63d0\u4f9b\u5546\u7684\u6574\u4f53\u5b89\u5168\u6027\u3002CSA CMM \u63d0\u4f9b\u4e86\u4e00\u4e2a\u63a7\u5236\u6846\u67b6\uff0c\u8be5\u6846\u67b6\u6620\u5c04\u5230\u8bb8\u591a\u884c\u4e1a\u516c\u8ba4\u7684\u6807\u51c6\u548c\u6cd5\u89c4\uff0c\u5305\u62ec ISO 27001/2\u3001ISACA\u3001COBIT\u3001PCI\u3001NIST\u3001Jericho Forum \u548c NERC CIP\u3002 \u300aSCAP \u5b89\u5168\u6307\u5357\u300b\u662f\u53e6\u4e00\u4e2a\u6709\u7528\u7684\u53c2\u8003\u3002\u8fd9\u4ecd\u7136\u662f\u4e00\u4e2a\u65b0\u5174\u7684\u6765\u6e90\uff0c\u4f46\u6211\u4eec\u9884\u8ba1\u8fd9\u5c06\u53d1\u5c55\u6210\u4e3a\u4e00\u4e2a\u5de5\u5177\uff0c\u5176\u63a7\u4ef6\u6620\u5c04\u66f4\u4fa7\u91cd\u4e8e\u7f8e\u56fd\u8054\u90a6\u653f\u5e9c\u7684\u8ba4\u8bc1\u548c\u5efa\u8bae\u3002\u4f8b\u5982\uff0cSCAP \u5b89\u5168\u6307\u5357\u76ee\u524d\u5305\u542b\u5b89\u5168\u6280\u672f\u5b9e\u65bd\u6307\u5357 \uff08STIG\uff09 \u548c NIST-800-53 \u7684\u4e00\u4e9b\u6620\u5c04\u3002 \u8fd9\u4e9b\u63a7\u5236\u6620\u5c04\u5c06\u6709\u52a9\u4e8e\u8bc6\u522b\u8de8\u8ba4\u8bc1\u7684\u901a\u7528\u63a7\u5236\u6807\u51c6\uff0c\u5e76\u4e3a\u5ba1\u6838\u5458\u548c\u88ab\u5ba1\u6838\u65b9\u63d0\u4f9b\u5bf9\u7279\u5b9a\u5408\u89c4\u6027\u8ba4\u8bc1\u548c\u8bc1\u660e\u7684\u63a7\u5236\u96c6\u4e2d\u95ee\u9898\u533a\u57df\u7684\u53ef\u89c1\u6027\u3002 \u5ba1\u8ba1\u7684\u9636\u6bb5 \u00b6 \u5ba1\u8ba1\u6709\u56db\u4e2a\u4e0d\u540c\u7684\u9636\u6bb5\uff0c\u5c3d\u7ba1\u5927\u591a\u6570\u5229\u76ca\u76f8\u5173\u8005\u548c\u63a7\u5236\u6240\u6709\u8005\u53ea\u4f1a\u53c2\u4e0e\u4e00\u4e24\u4e2a\u9636\u6bb5\u3002\u56db\u4e2a\u9636\u6bb5\u662f\u89c4\u5212\u3001\u5b9e\u5730\u8003\u5bdf\u3001\u62a5\u544a\u548c\u603b\u7ed3\u3002\u4e0b\u9762\u5c06\u8ba8\u8bba\u8fd9\u4e9b\u9636\u6bb5\u4e2d\u7684\u6bcf\u4e00\u4e2a\u3002 \u89c4\u5212\u9636\u6bb5\u901a\u5e38\u5728\u5b9e\u5730\u5de5\u4f5c\u5f00\u59cb\u524d\u4e24\u5468\u5230\u516d\u4e2a\u6708\u8fdb\u884c\u3002\u5728\u6b64\u9636\u6bb5\uff0c\u5c06\u8ba8\u8bba\u5e76\u6700\u7ec8\u786e\u5b9a\u65f6\u95f4\u8303\u56f4\u3001\u65f6\u95f4\u8868\u3001\u8981\u8bc4\u4f30\u7684\u63a7\u5236\u63aa\u65bd\u548c\u63a7\u5236\u6240\u6709\u8005\u7b49\u5ba1\u8ba1\u9879\u76ee\u3002\u5bf9\u8d44\u6e90\u53ef\u7528\u6027\u3001\u516c\u6b63\u6027\u548c\u6210\u672c\u7684\u62c5\u5fe7\u4e5f\u5f97\u5230\u4e86\u89e3\u51b3\u3002 \u5b9e\u5730\u8003\u5bdf\u9636\u6bb5\u662f\u5ba1\u8ba1\u4e2d\u6700\u660e\u663e\u7684\u90e8\u5206\u3002\u8fd9\u662f\u5ba1\u8ba1\u5458\u5728\u73b0\u573a\u7684\u5730\u65b9\uff0c\u4e0e\u63a7\u5236\u6240\u6709\u8005\u9762\u8c08\uff0c\u8bb0\u5f55\u73b0\u6709\u7684\u63a7\u5236\u63aa\u65bd\uff0c\u5e76\u786e\u5b9a\u4efb\u4f55\u95ee\u9898\u3002\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u5ba1\u8ba1\u5e08\u5c06\u4f7f\u7528\u4e24\u90e8\u5206\u6d41\u7a0b\u6765\u8bc4\u4f30\u73b0\u6709\u7684\u63a7\u5236\u63aa\u65bd\u3002\u7b2c\u4e00\u90e8\u5206\u662f\u8bc4\u4f30\u63a7\u5236\u7684\u8bbe\u8ba1\u6709\u6548\u6027\u3002\u5728\u8fd9\u91cc\uff0c\u5ba1\u8ba1\u5458\u5c06\u8bc4\u4f30\u63a7\u5236\u662f\u5426\u80fd\u591f\u6709\u6548\u5730\u9884\u9632\u6216\u68c0\u6d4b\u548c\u7ea0\u6b63\u5f31\u70b9\u548c\u7f3a\u9677\u3002\u63a7\u4ef6\u5fc5\u987b\u901a\u8fc7\u6b64\u6d4b\u8bd5\u624d\u80fd\u5728\u7b2c\u4e8c\u9636\u6bb5\u8fdb\u884c\u8bc4\u4f30\u3002\u8fd9\u662f\u56e0\u4e3a\u5bf9\u4e8e\u8bbe\u8ba1\u65e0\u6548\u7684\u63a7\u4ef6\uff0c\u6ca1\u6709\u5fc5\u8981\u8003\u8651\u5b83\u662f\u5426\u6709\u6548\u8fd0\u884c\u3002\u7b2c\u4e8c\u90e8\u5206\u662f\u8fd0\u8425\u6548\u7387\u3002\u64cd\u4f5c\u6709\u6548\u6027\u6d4b\u8bd5\u5c06\u786e\u5b9a\u5982\u4f55\u5e94\u7528\u63a7\u5236\u63aa\u65bd\uff0c\u5e94\u7528\u63a7\u5236\u63aa\u65bd\u7684\u4e00\u81f4\u6027\u4ee5\u53ca\u7531\u8c01\u6216\u4ee5\u4f55\u79cd\u65b9\u5f0f\u5e94\u7528\u63a7\u5236\u63aa\u65bd\u3002\u4e00\u9879\u63a7\u5236\u53ef\u80fd\u4f9d\u8d56\u4e8e\u5176\u4ed6\u63a7\u5236\uff08\u95f4\u63a5\u63a7\u5236\uff09\uff0c\u5982\u679c\u5b83\u4eec\u4f9d\u8d56\u4e8e\u5176\u4ed6\u63a7\u5236\uff0c\u5219\u5ba1\u8ba1\u5e08\u53ef\u80fd\u9700\u8981\u989d\u5916\u7684\u8bc1\u636e\u6765\u8bc1\u660e\u8fd9\u4e9b\u95f4\u63a5\u63a7\u5236\u7684\u8fd0\u4f5c\u6709\u6548\u6027\uff0c\u4ee5\u786e\u5b9a\u63a7\u5236\u7684\u6574\u4f53\u8fd0\u4f5c\u6709\u6548\u6027\u3002 \u5728\u62a5\u544a\u9636\u6bb5\uff0c\u7ba1\u7406\u5c42\u5c06\u5bf9\u5728\u5b9e\u5730\u5de5\u4f5c\u9636\u6bb5\u53d1\u73b0\u7684\u4efb\u4f55\u95ee\u9898\u8fdb\u884c\u9a8c\u8bc1\u3002\u51fa\u4e8e\u540e\u52e4\u76ee\u7684\uff0c\u4e00\u4e9b\u6d3b\u52a8\uff08\u4f8b\u5982\u95ee\u9898\u9a8c\u8bc1\uff09\u53ef\u80fd\u4f1a\u5728\u5b9e\u5730\u5de5\u4f5c\u9636\u6bb5\u6267\u884c\u3002\u7ba1\u7406\u5c42\u8fd8\u9700\u8981\u63d0\u4f9b\u8865\u6551\u8ba1\u5212\u6765\u89e3\u51b3\u95ee\u9898\uff0c\u5e76\u786e\u4fdd\u5b83\u4eec\u4e0d\u4f1a\u518d\u6b21\u53d1\u751f\u3002\u5c06\u5411\u5229\u76ca\u6538\u5173\u65b9\u548c\u7ba1\u7406\u5c42\u5206\u53d1\u4e00\u4efd\u603b\u4f53\u62a5\u544a\u8349\u7a3f\uff0c\u4f9b\u5176\u5ba1\u67e5\u3002\u5546\u5b9a\u7684\u4fee\u6539\u88ab\u7eb3\u5165\uff0c\u66f4\u65b0\u540e\u7684\u8349\u6848\u5c06\u9001\u4ea4\u9ad8\u7ea7\u7ba1\u7406\u5c42\u5ba1\u67e5\u548c\u6279\u51c6\u3002\u4e00\u65e6\u9ad8\u7ea7\u7ba1\u7406\u5c42\u6279\u51c6\u62a5\u544a\uff0c\u8be5\u62a5\u544a\u5c31\u4f1a\u5b9a\u7a3f\u5e76\u5206\u53d1\u7ed9\u6267\u884c\u7ba1\u7406\u5c42\u3002\u4efb\u4f55\u95ee\u9898\u90fd\u4f1a\u8f93\u5165\u5230\u7ec4\u7ec7\u4f7f\u7528\u7684\u95ee\u9898\u8ddf\u8e2a\u6216\u98ce\u9669\u8ddf\u8e2a\u673a\u5236\u4e2d\u3002 \u603b\u7ed3\u9636\u6bb5\u662f\u5ba1\u8ba1\u6b63\u5f0f\u7ec8\u6b62\u7684\u5730\u65b9\u3002\u6b64\u65f6\uff0c\u7ba1\u7406\u5c42\u5c06\u5f00\u59cb\u6574\u6539\u6d3b\u52a8\u3002\u4f7f\u7528\u8fc7\u7a0b\u548c\u901a\u77e5\u786e\u4fdd\u5c06\u4efb\u4f55\u4e0e\u5ba1\u8ba1\u76f8\u5173\u7684\u4fe1\u606f\u90fd\u88ab\u79fb\u81f3\u5b89\u5168\u5b58\u50a8\u5e930\u3002 \u5185\u90e8\u5ba1\u8ba1 \u00b6 \u90e8\u7f72\u4e91\u540e\uff0c\u5c31\u8be5\u8fdb\u884c\u5185\u90e8\u5ba1\u8ba1\u4e86\u3002\u73b0\u5728\u662f\u65f6\u5019\u5c06\u4e0a\u9762\u786e\u5b9a\u7684\u63a7\u4ef6\u4e0e\u4e91\u4e2d\u4f7f\u7528\u7684\u8bbe\u8ba1\u3001\u529f\u80fd\u548c\u90e8\u7f72\u7b56\u7565\u8fdb\u884c\u6bd4\u8f83\u4e86\u3002\u76ee\u6807\u662f\u4e86\u89e3\u6bcf\u4e2a\u63a7\u4ef6\u7684\u5904\u7406\u65b9\u5f0f\u4ee5\u53ca\u5b58\u5728\u5dee\u8ddd\u7684\u4f4d\u7f6e\u3002\u8bb0\u5f55\u6240\u6709\u53d1\u73b0\u4ee5\u5907\u5c06\u6765\u53c2\u8003\u3002 \u5728\u5ba1\u8ba1OpenStack\u4e91\u65f6\uff0c\u4e86\u89e3OpenStack\u67b6\u6784\u56fa\u6709\u7684\u591a\u79df\u6237\u73af\u5883\u662f\u5f88\u91cd\u8981\u7684\u3002\u9700\u8981\u5173\u6ce8\u7684\u4e00\u4e9b\u5173\u952e\u9886\u57df\u5305\u62ec\u6570\u636e\u5904\u7f6e\u3001\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5b89\u5168\u6027\u3001\u8282\u70b9\u5f3a\u5316\u548c\u8eab\u4efd\u9a8c\u8bc1\u673a\u5236\u3002 \u51c6\u5907\u5916\u90e8\u5ba1\u8ba1 \u00b6 \u4e00\u65e6\u5185\u90e8\u5ba1\u8ba1\u7ed3\u679c\u770b\u8d77\u6765\u4e0d\u9519\uff0c\u5c31\u8be5\u4e3a\u5916\u90e8\u5ba1\u8ba1\u505a\u51c6\u5907\u4e86\u3002\u5728\u6b64\u9636\u6bb5\u9700\u8981\u91c7\u53d6\u51e0\u9879\u5173\u952e\u884c\u52a8\uff0c\u8fd9\u4e9b\u884c\u52a8\u6982\u8ff0\u5982\u4e0b\uff1a \u4fdd\u6301\u5185\u90e8\u5ba1\u8ba1\u7684\u826f\u597d\u8bb0\u5f55\u3002\u8fd9\u4e9b\u5c06\u5728\u5916\u90e8\u5ba1\u8ba1\u671f\u95f4\u8bc1\u660e\u5f88\u6709\u7528\uff0c\u56e0\u6b64\u60a8\u53ef\u4ee5\u51c6\u5907\u597d\u56de\u7b54\u6709\u5173\u5c06\u5408\u89c4\u6027\u63a7\u5236\u6620\u5c04\u5230\u7279\u5b9a\u90e8\u7f72\u7684\u95ee\u9898\u3002 \u90e8\u7f72\u81ea\u52a8\u5316\u6d4b\u8bd5\u5de5\u5177\uff0c\u786e\u4fdd\u4e91\u957f\u671f\u4fdd\u6301\u5408\u89c4\u3002 \u9009\u62e9\u5ba1\u8ba1\u5458\u3002 \u9009\u62e9\u5ba1\u8ba1\u5e08\u53ef\u80fd\u5177\u6709\u6311\u6218\u6027\u3002\u7406\u60f3\u60c5\u51b5\u4e0b\uff0c\u60a8\u6b63\u5728\u5bfb\u627e\u5177\u6709\u4e91\u5408\u89c4\u6027\u5ba1\u6838\u7ecf\u9a8c\u7684\u4eba\u3002OpenStack\u7ecf\u9a8c\u662f\u53e6\u4e00\u5927\u4f18\u52bf\u3002\u901a\u5e38\uff0c\u6700\u597d\u54a8\u8be2\u7ecf\u5386\u8fc7\u6b64\u8fc7\u7a0b\u7684\u4eba\u8fdb\u884c\u8f6c\u8bca\u3002\u6210\u672c\u53ef\u80fd\u4f1a\u56e0\u53c2\u4e0e\u8303\u56f4\u548c\u6240\u8003\u8651\u7684\u5ba1\u8ba1\u516c\u53f8\u800c\u6709\u5f88\u5927\u5dee\u5f02\u3002 \u5916\u90e8\u5ba1\u8ba1 \u00b6 \u8fd9\u662f\u6b63\u5f0f\u7684\u5ba1\u8ba1\u8fc7\u7a0b\u3002\u5ba1\u8ba1\u5458\u5c06\u6d4b\u8bd5\u7279\u5b9a\u8ba4\u8bc1\u8303\u56f4\u5185\u7684\u5b89\u5168\u63a7\u5236\u63aa\u65bd\uff0c\u5e76\u8981\u6c42\u63d0\u4f9b\u8bc1\u636e\u8981\u6c42\uff0c\u4ee5\u8bc1\u660e\u8fd9\u4e9b\u63a7\u5236\u63aa\u65bd\u5728\u5ba1\u8ba1\u7a97\u53e3\u5185\u4e5f\u5df2\u5230\u4f4d\uff08\u4f8b\u5982\uff0cSOC 2 \u5ba1\u8ba1\u901a\u5e38\u5728 6-12 \u4e2a\u6708\u5185\u8bc4\u4f30\u5b89\u5168\u63a7\u5236\u63aa\u65bd\uff09\u3002\u4efb\u4f55\u63a7\u5236\u5931\u8d25\u90fd\u4f1a\u88ab\u8bb0\u5f55\u4e0b\u6765\uff0c\u5e76\u5c06\u8bb0\u5f55\u5728\u5916\u90e8\u5ba1\u8ba1\u5e08\u7684\u6700\u7ec8\u62a5\u544a\u4e2d\u3002\u6839\u636e OpenStack \u90e8\u7f72\u7684\u7c7b\u578b\uff0c\u5ba2\u6237\u53ef\u80fd\u4f1a\u67e5\u770b\u8fd9\u4e9b\u62a5\u544a\uff0c\u56e0\u6b64\u907f\u514d\u63a7\u5236\u5931\u8d25\u975e\u5e38\u91cd\u8981\u3002\u8fd9\u5c31\u662f\u4e3a\u4ec0\u4e48\u5ba1\u8ba1\u51c6\u5907\u5982\u6b64\u91cd\u8981\u7684\u539f\u56e0\u3002 \u5408\u89c4\u6027\u7ef4\u62a4 \u00b6 \u8be5\u8fc7\u7a0b\u4e0d\u4f1a\u56e0\u5355\u4e00\u7684\u5916\u90e8\u5ba1\u8ba1\u800c\u7ed3\u675f\u3002\u5927\u591a\u6570\u8ba4\u8bc1\u90fd\u9700\u8981\u6301\u7eed\u7684\u5408\u89c4\u6d3b\u52a8\uff0c\u8fd9\u610f\u5473\u7740\u8981\u5b9a\u671f\u91cd\u590d\u5ba1\u6838\u8fc7\u7a0b\u3002\u6211\u4eec\u5efa\u8bae\u5c06\u81ea\u52a8\u5408\u89c4\u6027\u9a8c\u8bc1\u5de5\u5177\u96c6\u6210\u5230\u4e91\u4e2d\uff0c\u4ee5\u786e\u4fdd\u5176\u59cb\u7ec8\u5408\u89c4\u3002\u9664\u4e86\u5176\u4ed6\u5b89\u5168\u76d1\u63a7\u5de5\u5177\u4e4b\u5916\uff0c\u8fd8\u5e94\u8be5\u8fd9\u6837\u505a\u3002\u8bf7\u8bb0\u4f4f\uff0c\u76ee\u6807\u65e2\u662f\u5b89\u5168\u6027\uff0c\u4e5f\u662f\u5408\u89c4\u6027\u3002\u5982\u679c\u5728\u4e0a\u8ff0\u4efb\u4f55\u4e00\u9879\u65b9\u9762\u90fd\u5931\u8d25\uff0c\u5c06\u4f7f\u672a\u6765\u7684\u5ba1\u8ba1\u53d8\u5f97\u975e\u5e38\u590d\u6742\u3002 \u5408\u89c4\u6d3b\u52a8 \u00b6 \u6709\u8bb8\u591a\u6807\u51c6\u6d3b\u52a8\u5c06\u6781\u5927\u5730\u5e2e\u52a9\u5408\u89c4\u8fc7\u7a0b\u3002\u672c\u7ae0\u6982\u8ff0\u4e86\u4e00\u4e9b\u6700\u5e38\u89c1\u7684\u5408\u89c4\u6027\u6d3b\u52a8\u3002\u8fd9\u4e9b\u5e76\u4e0d\u662fOpenStack\u6240\u7279\u6709\u7684\uff0c\u4f46\u662f\u672c\u4e66\u4e2d\u63d0\u4f9b\u4e86\u76f8\u5173\u7ae0\u8282\u7684\u53c2\u8003\u8d44\u6599\uff0c\u4f5c\u4e3a\u6709\u7528\u7684\u4e0a\u4e0b\u6587\u3002 \u4fe1\u606f\u5b89\u5168\u7ba1\u7406\u7cfb\u7edf \uff08ISMS\uff09 \u00b6 \u4fe1\u606f\u5b89\u5168\u7ba1\u7406\u7cfb\u7edf \uff08ISMS\uff09 \u662f\u7ec4\u7ec7\u521b\u5efa\u548c\u7ef4\u62a4\u7684\u4e00\u5957\u5168\u9762\u7684\u7b56\u7565\u548c\u6d41\u7a0b\uff0c\u7528\u4e8e\u7ba1\u7406\u4fe1\u606f\u8d44\u4ea7\u7684\u98ce\u9669\u3002\u4e91\u90e8\u7f72\u6700\u5e38\u89c1\u7684 ISMS \u662f ISO/IEC 27001/2\uff0c\u5b83\u4e3a\u5b89\u5168\u63a7\u5236\u548c\u5b9e\u8df5\u5960\u5b9a\u4e86\u575a\u5b9e\u7684\u57fa\u7840\uff0c\u4ee5\u5b9e\u73b0\u66f4\u4e25\u683c\u7684\u5408\u89c4\u6027\u8ba4\u8bc1\u3002\u8be5\u6807\u51c6\u4e8e 2013 \u5e74\u8fdb\u884c\u4e86\u66f4\u65b0\uff0c\u4ee5\u53cd\u6620\u4e91\u670d\u52a1\u7684\u65e5\u76ca\u4f7f\u7528\uff0c\u5e76\u66f4\u52a0\u5f3a\u8c03\u8861\u91cf\u548c\u8bc4\u4f30\u7ec4\u7ec7\u7684 ISMS \u6027\u80fd\u3002 \u98ce\u9669\u8bc4\u4f30 \u00b6 \u98ce\u9669\u8bc4\u4f30\u6846\u67b6\u53ef\u8bc6\u522b\u7ec4\u7ec7\u6216\u670d\u52a1\u4e2d\u7684\u98ce\u9669\uff0c\u5e76\u6307\u5b9a\u8fd9\u4e9b\u98ce\u9669\u7684\u6240\u6709\u6743\uff0c\u4ee5\u53ca\u5b9e\u65bd\u548c\u7f13\u89e3\u7b56\u7565\u3002\u98ce\u9669\u9002\u7528\u4e8e\u670d\u52a1\u7684\u6240\u6709\u9886\u57df\uff0c\u4ece\u6280\u672f\u63a7\u5236\u5230\u73af\u5883\u707e\u96be\u573a\u666f\u548c\u4eba\u4e3a\u56e0\u7d20\u3002\u4f8b\u5982\uff0c\u6076\u610f\u5185\u90e8\u4eba\u5458\u3002\u53ef\u4ee5\u4f7f\u7528\u591a\u79cd\u673a\u5236\u5bf9\u98ce\u9669\u8fdb\u884c\u8bc4\u7ea7\u3002\u4f8b\u5982\uff0c\u53ef\u80fd\u6027\u4e0e\u5f71\u54cd\u3002OpenStack \u90e8\u7f72\u98ce\u9669\u8bc4\u4f30\u53ef\u4ee5\u5305\u62ec\u63a7\u5236\u5dee\u8ddd\u3002 \u8bbf\u95ee\u548c\u65e5\u5fd7\u5ba1\u67e5 \u00b6 \u9700\u8981\u5b9a\u671f\u8bbf\u95ee\u548c\u65e5\u5fd7\u5ba1\u67e5\uff0c\u4ee5\u786e\u4fdd\u670d\u52a1\u90e8\u7f72\u4e2d\u7684\u8eab\u4efd\u9a8c\u8bc1\u3001\u6388\u6743\u548c\u95ee\u8d23\u5236\u3002\u6709\u5173\u8fd9\u4e9b\u4e3b\u9898\u7684 OpenStack \u7684\u5177\u4f53\u6307\u5357\u5728\u76d1\u63a7\u548c\u65e5\u5fd7\u8bb0\u5f55\u4e2d\u8fdb\u884c\u4e86\u6df1\u5165\u8ba8\u8bba\u3002 OpenStack Identity \u670d\u52a1\u652f\u6301\u4e91\u5ba1\u8ba1\u6570\u636e\u8054\u5408 \uff08CADF\uff09 \u901a\u77e5\uff0c\u63d0\u4f9b\u5ba1\u8ba1\u6570\u636e\u4ee5\u7b26\u5408\u5b89\u5168\u6027\u3001\u64cd\u4f5c\u548c\u4e1a\u52a1\u6d41\u7a0b\u3002\u6709\u5173\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 Keystone \u5f00\u53d1\u4eba\u5458\u6587\u6863\u3002 \u5907\u4efd\u548c\u707e\u96be\u6062\u590d \u00b6 \u707e\u96be\u6062\u590d \uff08DR\uff09 \u548c\u4e1a\u52a1\u8fde\u7eed\u6027\u89c4\u5212 \uff08BCP\uff09 \u8ba1\u5212\u662f ISMS \u548c\u5408\u89c4\u6027\u6d3b\u52a8\u7684\u5e38\u89c1\u8981\u6c42\u3002\u8fd9\u4e9b\u8ba1\u5212\u5fc5\u987b\u5b9a\u671f\u6d4b\u8bd5\u5e76\u8bb0\u5f55\u5728\u6848\u3002\u5728 OpenStack \u4e2d\uff0c\u5173\u952e\u533a\u57df\u4f4d\u4e8e\u7ba1\u7406\u5b89\u5168\u57df\u4e2d\uff0c\u4ee5\u53ca\u4efb\u4f55\u53ef\u4ee5\u8bc6\u522b\u5355\u70b9\u6545\u969c \uff08SPOF\uff09 \u7684\u5730\u65b9\u3002 \u5b89\u5168\u57f9\u8bad \u00b6 \u9488\u5bf9\u7279\u5b9a\u89d2\u8272\u7684\u5e74\u5ea6\u5b89\u5168\u57f9\u8bad\u662f\u51e0\u4e4e\u6240\u6709\u5408\u89c4\u6027\u8ba4\u8bc1\u548c\u8bc1\u660e\u7684\u5f3a\u5236\u6027\u8981\u6c42\u3002\u4e3a\u4e86\u4f18\u5316\u5b89\u5168\u57f9\u8bad\u7684\u6709\u6548\u6027\uff0c\u4e00\u79cd\u5e38\u89c1\u7684\u65b9\u6cd5\u662f\u63d0\u4f9b\u7279\u5b9a\u4e8e\u89d2\u8272\u7684\u57f9\u8bad\uff0c\u4f8b\u5982\u5411\u5f00\u53d1\u4eba\u5458\u3001\u64cd\u4f5c\u4eba\u5458\u548c\u975e\u6280\u672f\u4eba\u5458\u63d0\u4f9b\u57f9\u8bad\u3002\u57fa\u4e8e\u6b64\u5f3a\u5316\u6307\u5357\u7684\u5176\u4ed6\u4e91\u5b89\u5168\u6216 OpenStack \u5b89\u5168\u57f9\u8bad\u5c06\u662f\u7406\u60f3\u7684\u9009\u62e9\u3002 \u5b89\u5168\u5ba1\u67e5 \u00b6 \u7531\u4e8eOpenStack\u662f\u4e00\u4e2a\u6d41\u884c\u7684\u5f00\u6e90\u9879\u76ee\uff0c\u56e0\u6b64\u8bb8\u591a\u4ee3\u7801\u5e93\u548c\u67b6\u6784\u5df2\u7ecf\u8fc7\u4e2a\u4eba\u8d21\u732e\u8005\u3001\u7ec4\u7ec7\u548c\u4f01\u4e1a\u7684\u5ba1\u67e5\u3002\u4ece\u5b89\u5168\u89d2\u5ea6\u6765\u770b\uff0c\u8fd9\u53ef\u80fd\u662f\u6709\u5229\u7684\uff0c\u4f46\u662f\u5bf9\u4e8e\u670d\u52a1\u63d0\u4f9b\u5546\u6765\u8bf4\uff0c\u5b89\u5168\u5ba1\u67e5\u7684\u9700\u6c42\u4ecd\u7136\u662f\u4e00\u4e2a\u5173\u952e\u7684\u8003\u8651\u56e0\u7d20\uff0c\u56e0\u4e3a\u90e8\u7f72\u5404\u4e0d\u76f8\u540c\uff0c\u800c\u4e14\u5b89\u5168\u6027\u5e76\u4e0d\u603b\u662f\u8d21\u732e\u8005\u7684\u4e3b\u8981\u5173\u6ce8\u70b9\u3002\u5168\u9762\u7684\u5b89\u5168\u5ba1\u67e5\u8fc7\u7a0b\u53ef\u80fd\u5305\u62ec\u67b6\u6784\u5ba1\u67e5\u3001\u5a01\u80c1\u5efa\u6a21\u3001\u6e90\u4ee3\u7801\u5206\u6790\u548c\u6e17\u900f\u6d4b\u8bd5\u3002\u6709\u8bb8\u591a\u7528\u4e8e\u8fdb\u884c\u5b89\u5168\u5ba1\u67e5\u7684\u6280\u672f\u548c\u5efa\u8bae\uff0c\u53ef\u4ee5\u5728\u516c\u5f00\u53d1\u5e03\u4e2d\u627e\u5230\u3002\u4e00\u4e2a\u7ecf\u8fc7\u5145\u5206\u6d4b\u8bd5\u7684\u4f8b\u5b50\u662f Microsoft SDL\uff0c\u5b83\u662f\u4f5c\u4e3a Microsoft \u53ef\u4fe1\u8ba1\u7b97\u8ba1\u5212\u7684\u4e00\u90e8\u5206\u521b\u5efa\u7684\u3002 \u6f0f\u6d1e\u7ba1\u7406 \u00b6 \u5b89\u5168\u66f4\u65b0\u5bf9\u4e8e\u4efb\u4f55 IaaS \u90e8\u7f72\uff08\u65e0\u8bba\u662f\u79c1\u6709\u90e8\u7f72\u8fd8\u662f\u516c\u5171\u90e8\u7f72\uff09\u90fd\u81f3\u5173\u91cd\u8981\u3002\u6613\u53d7\u653b\u51fb\u7684\u7cfb\u7edf\u6269\u5927\u4e86\u653b\u51fb\u9762\uff0c\u662f\u653b\u51fb\u8005\u7684\u660e\u663e\u76ee\u6807\u3002\u5e38\u89c1\u7684\u626b\u63cf\u6280\u672f\u548c\u6f0f\u6d1e\u901a\u77e5\u670d\u52a1\u53ef\u4ee5\u5e2e\u52a9\u7f13\u89e3\u8fd9\u79cd\u5a01\u80c1\u3002\u91cd\u8981\u7684\u662f\uff0c\u626b\u63cf\u8981\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\uff0c\u5e76\u4e14\u7f13\u89e3\u7b56\u7565\u8981\u8d85\u8d8a\u7b80\u5355\u7684\u5916\u56f4\u5f3a\u5316\u3002OpenStack \u7b49\u591a\u79df\u6237\u67b6\u6784\u7279\u522b\u5bb9\u6613\u53d7\u5230\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u6f0f\u6d1e\u7684\u5f71\u54cd\uff0c\u56e0\u6b64\u8fd9\u662f\u6f0f\u6d1e\u7ba1\u7406\u7cfb\u7edf\u7684\u5173\u952e\u90e8\u5206\u3002 \u6570\u636e\u5206\u7c7b \u00b6 \u6570\u636e\u5206\u7c7b\u5b9a\u4e49\u4e86\u4e00\u79cd\u5bf9\u4fe1\u606f\u8fdb\u884c\u5206\u7c7b\u548c\u5904\u7406\u7684\u65b9\u6cd5\uff0c\u901a\u5e38\u7528\u4e8e\u4fdd\u62a4\u5ba2\u6237\u4fe1\u606f\u514d\u906d\u610f\u5916\u6216\u6545\u610f\u76d7\u7a83\u3001\u4e22\u5931\u6216\u4e0d\u5f53\u62ab\u9732\u3002\u6700\u5e38\u89c1\u7684\u60c5\u51b5\u662f\uff0c\u8fd9\u6d89\u53ca\u5c06\u4fe1\u606f\u5206\u7c7b\u4e3a\u654f\u611f\u6216\u975e\u654f\u611f\u4fe1\u606f\uff0c\u6216\u4e2a\u4eba\u8eab\u4efd\u4fe1\u606f \uff08PII\uff09\u3002\u6839\u636e\u90e8\u7f72\u7684\u4e0a\u4e0b\u6587\uff0c\u53ef\u4ee5\u4f7f\u7528\u5404\u79cd\u5176\u4ed6\u5206\u7c7b\u6807\u51c6\uff08\u653f\u5e9c\u3001\u533b\u7597\u4fdd\u5065\uff09\u3002\u57fa\u672c\u539f\u5219\u662f\u660e\u786e\u5b9a\u4e49\u548c\u4f7f\u7528\u6570\u636e\u5206\u7c7b\u3002\u6700\u5e38\u89c1\u7684\u4fdd\u62a4\u673a\u5236\u5305\u62ec\u884c\u4e1a\u6807\u51c6\u52a0\u5bc6\u6280\u672f\u3002 \u5f02\u5e38\u8fc7\u7a0b \u00b6 \u5f02\u5e38\u8fc7\u7a0b\u662f ISMS \u7684\u91cd\u8981\u7ec4\u6210\u90e8\u5206\u3002\u5f53\u67d0\u4e9b\u64cd\u4f5c\u4e0d\u7b26\u5408\u7ec4\u7ec7\u5b9a\u4e49\u7684\u5b89\u5168\u7b56\u7565\u65f6\uff0c\u5fc5\u987b\u8bb0\u5f55\u8fd9\u4e9b\u64cd\u4f5c\u3002\u9700\u8981\u5305\u62ec\u9002\u5f53\u7684\u7406\u7531\u3001\u63cf\u8ff0\u548c\u7f13\u89e3\u7ec6\u8282\uff0c\u5e76\u7531\u6709\u5173\u5f53\u5c40\u7b7e\u7f72\u3002OpenStack \u9ed8\u8ba4\u914d\u7f6e\u5728\u6ee1\u8db3\u5404\u79cd\u5408\u89c4\u6027\u6807\u51c6\u65b9\u9762\u53ef\u80fd\u4f1a\u6709\u6240\u4e0d\u540c\uff0c\u5e94\u8bb0\u5f55\u4e0d\u7b26\u5408\u5408\u89c4\u6027\u8981\u6c42\u7684\u533a\u57df\uff0c\u5e76\u8003\u8651\u6f5c\u5728\u7684\u4fee\u590d\u7a0b\u5e8f\u4ee5\u5bf9\u793e\u533a\u505a\u51fa\u8d21\u732e\u3002 \u8ba4\u8bc1\u548c\u5408\u89c4\u58f0\u660e \u00b6 \u5408\u89c4\u6027\u548c\u5b89\u5168\u6027\u4e0d\u662f\u6392\u4ed6\u6027\u7684\uff0c\u5fc5\u987b\u4e00\u8d77\u89e3\u51b3\u3002\u5982\u679c\u4e0d\u8fdb\u884c\u5b89\u5168\u5f3a\u5316\uff0cOpenStack \u90e8\u7f72\u4e0d\u592a\u53ef\u80fd\u6ee1\u8db3\u5408\u89c4\u6027\u8981\u6c42\u3002\u4e0b\u9762\u7684\u5217\u8868\u63d0\u4f9b\u4e86 OpenStack \u67b6\u6784\u5e08\u7684\u57fa\u7840\u77e5\u8bc6\u548c\u6307\u5bfc\uff0c\u4ee5\u5b9e\u73b0\u5bf9\u5546\u4e1a\u548c\u653f\u5e9c\u8ba4\u8bc1\u548c\u6807\u51c6\u7684\u5408\u89c4\u6027\u3002 \u5546\u4e1a\u6807\u51c6 \u00b6 \u5bf9\u4e8eOpenStack\u7684\u5546\u4e1a\u90e8\u7f72\uff0c\u6211\u4eec\u5efa\u8bae\u5c06SOC 1/2\u4e0eISO 2700 1/2\u76f8\u7ed3\u5408\uff0c\u4f5c\u4e3aOpenStack\u8ba4\u8bc1\u6d3b\u52a8\u7684\u8d77\u70b9\u3002\u8fd9\u4e9b\u8ba4\u8bc1\u89c4\u5b9a\u7684\u6240\u9700\u5b89\u5168\u6d3b\u52a8\u6709\u52a9\u4e8e\u4e3a\u5b89\u5168\u6700\u4f73\u5b9e\u8df5\u548c\u901a\u7528\u63a7\u5236\u6807\u51c6\u5960\u5b9a\u57fa\u7840\uff0c\u4ece\u800c\u6709\u52a9\u4e8e\u5b9e\u73b0\u66f4\u4e25\u683c\u7684\u5408\u89c4\u6027\u6d3b\u52a8\uff0c\u5305\u62ec\u653f\u5e9c\u8bc1\u660e\u548c\u8ba4\u8bc1\u3002 \u5b8c\u6210\u8fd9\u4e9b\u521d\u59cb\u8ba4\u8bc1\u540e\uff0c\u5176\u4f59\u8ba4\u8bc1\u5c06\u66f4\u52a0\u7279\u5b9a\u4e8e\u90e8\u7f72\u3002\u4f8b\u5982\uff0c\u5904\u7406\u4fe1\u7528\u5361\u4ea4\u6613\u7684\u4e91\u9700\u8981 PCI-DSS\uff0c\u5b58\u50a8\u533b\u7597\u4fdd\u5065\u4fe1\u606f\u7684\u4e91\u9700\u8981 HIPAA\uff0c\u8054\u90a6\u653f\u5e9c\u5185\u90e8\u7684\u4e91\u53ef\u80fd\u9700\u8981 FedRAMP/FISMA \u548c ITAR \u8ba4\u8bc1\u3002 SOC 1 \uff08SSAE 16\uff09 / ISAE 3402 \u00b6 \u670d\u52a1\u7ec4\u7ec7\u63a7\u5236 \uff08SOC\uff09 \u6807\u51c6\u7531\u7f8e\u56fd\u6ce8\u518c\u4f1a\u8ba1\u5e08\u534f\u4f1a \uff08AICPA\uff09 \u5b9a\u4e49\u3002SOC \u63a7\u5236\u8bc4\u4f30\u670d\u52a1\u63d0\u4f9b\u5546\u7684\u76f8\u5173\u8d22\u52a1\u62a5\u8868\u548c\u65ad\u8a00\uff0c\u4f8b\u5982\u662f\u5426\u9075\u5b88\u300a\u8428\u73ed\u65af-\u5965\u514b\u65af\u5229\u6cd5\u6848\u300b\u3002 SOC 1 \u53d6\u4ee3\u4e86\u5ba1\u8ba1\u51c6\u5219\u7b2c 70 \u53f7\u58f0\u660e \uff08SAS 70\uff09 II \u7c7b\u62a5\u544a\u3002\u8fd9\u4e9b\u63a7\u5236\u63aa\u65bd\u901a\u5e38\u5305\u62ec\u8303\u56f4\u5185\u7684\u7269\u7406\u6570\u636e\u4e2d\u5fc3\u3002 \u6709\u4e24\u79cd\u7c7b\u578b\u7684 SOC 1 \u62a5\u544a\uff1a \u7c7b\u578b 1 - \u62a5\u544a\u7ba1\u7406\u5c42\u5bf9\u670d\u52a1\u7ec4\u7ec7\u7cfb\u7edf\u7684\u63cf\u8ff0\u7684\u516c\u5141\u6027\uff0c\u4ee5\u53ca\u63a7\u5236\u8bbe\u8ba1\u662f\u5426\u9002\u5408\u5b9e\u73b0\u622a\u81f3\u6307\u5b9a\u65e5\u671f\u7684\u63cf\u8ff0\u4e2d\u5305\u542b\u7684\u76f8\u5173\u63a7\u5236\u76ee\u6807\u3002 \u7c7b\u578b 2 - \u62a5\u544a\u7ba1\u7406\u5c42\u5bf9\u670d\u52a1\u7ec4\u7ec7\u7cfb\u7edf\u7684\u63cf\u8ff0\u7684\u516c\u5141\u6027\uff0c\u4ee5\u53ca\u63a7\u5236\u63aa\u65bd\u7684\u8bbe\u8ba1\u548c\u8fd0\u8425\u6709\u6548\u6027\u662f\u5426\u9002\u5408\u5728\u7279\u5b9a\u65f6\u671f\u5185\u5b9e\u73b0\u63cf\u8ff0\u4e2d\u5305\u542b\u7684\u76f8\u5173\u63a7\u5236\u76ee\u6807 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605AICPA\u5173\u4e8e\u4e0e\u7528\u6237\u5b9e\u4f53\u8d22\u52a1\u62a5\u544a\u5185\u90e8\u63a7\u5236\u76f8\u5173\u7684\u670d\u52a1\u7ec4\u7ec7\u63a7\u5236\u7684\u62a5\u544a\u3002 SOC 2 \u51fd\u6570 \u00b6 \u670d\u52a1\u7ec4\u7ec7\u63a7\u5236 \uff08SOC\uff09 2 \u662f\u5bf9\u5f71\u54cd\u670d\u52a1\u7ec4\u7ec7\u7528\u4e8e\u5904\u7406\u7528\u6237\u6570\u636e\u7684\u7cfb\u7edf\u7684\u5b89\u5168\u6027\u3001\u53ef\u7528\u6027\u548c\u5904\u7406\u5b8c\u6574\u6027\u4ee5\u53ca\u8fd9\u4e9b\u7cfb\u7edf\u5904\u7406\u7684\u4fe1\u606f\u7684\u673a\u5bc6\u6027\u548c\u9690\u79c1\u6027\u7684\u63a7\u5236\u7684\u81ea\u6211\u8bc1\u660e\u3002\u7528\u6237\u793a\u4f8b\u5305\u62ec\u8d1f\u8d23\u670d\u52a1\u7ec4\u7ec7\u6cbb\u7406\u7684\u4eba\u5458\u3001\u670d\u52a1\u7ec4\u7ec7\u7684\u5ba2\u6237\u3001\u76d1\u7ba1\u673a\u6784\u3001\u4e1a\u52a1\u5408\u4f5c\u4f19\u4f34\u3001\u4f9b\u5e94\u5546\u4ee5\u53ca\u4e86\u89e3\u670d\u52a1\u7ec4\u7ec7\u53ca\u5176\u63a7\u5236\u63aa\u65bd\u7684\u5176\u4ed6\u4eba\u5458\u3002 \u6709\u4e24\u79cd\u7c7b\u578b\u7684 SOC 2 \u62a5\u544a\uff1a \u7c7b\u578b 1 - \u62a5\u544a\u7ba1\u7406\u5c42\u5bf9\u670d\u52a1\u7ec4\u7ec7\u7cfb\u7edf\u7684\u63cf\u8ff0\u7684\u516c\u5141\u6027\uff0c\u4ee5\u53ca\u63a7\u5236\u8bbe\u8ba1\u662f\u5426\u9002\u5408\u5b9e\u73b0\u622a\u81f3\u6307\u5b9a\u65e5\u671f\u7684\u63cf\u8ff0\u4e2d\u5305\u542b\u7684\u76f8\u5173\u63a7\u5236\u76ee\u6807\u3002 \u7c7b\u578b 2 - \u62a5\u544a\u7ba1\u7406\u5c42\u5bf9\u670d\u52a1\u7ec4\u7ec7\u7cfb\u7edf\u7684\u63cf\u8ff0\u7684\u516c\u5141\u6027\uff0c\u4ee5\u53ca\u63a7\u5236\u7684\u8bbe\u8ba1\u548c\u8fd0\u8425\u6709\u6548\u6027\u7684\u9002\u7528\u6027\uff0c\u4ee5\u5728\u7279\u5b9a\u65f6\u671f\u5185\u5b9e\u73b0\u63cf\u8ff0\u4e2d\u5305\u542b\u7684\u76f8\u5173\u63a7\u5236\u76ee\u6807\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 AICPA \u5173\u4e8e\u670d\u52a1\u7ec4\u7ec7\u4e2d\u4e0e\u5b89\u5168\u6027\u3001\u53ef\u7528\u6027\u3001\u5904\u7406\u5b8c\u6574\u6027\u3001\u673a\u5bc6\u6027\u6216\u9690\u79c1\u76f8\u5173\u7684\u63a7\u5236\u7684\u62a5\u544a\u3002 SOC 3 \u51fd\u6570 \u00b6 \u670d\u52a1\u7ec4\u7ec7\u63a7\u5236 \uff08SOC\uff09 3 \u662f\u670d\u52a1\u7ec4\u7ec7\u7684\u4fe1\u4efb\u670d\u52a1\u62a5\u544a\u3002\u8fd9\u4e9b\u62a5\u544a\u65e8\u5728\u6ee1\u8db3\u4ee5\u4e0b\u7528\u6237\u7684\u9700\u6c42\uff1a\u8fd9\u4e9b\u7528\u6237\u5e0c\u671b\u786e\u4fdd\u670d\u52a1\u7ec4\u7ec7\u4e2d\u4e0e\u5b89\u5168\u6027\u3001\u53ef\u7528\u6027\u3001\u5904\u7406\u5b8c\u6574\u6027\u3001\u673a\u5bc6\u6027\u6216\u9690\u79c1\u76f8\u5173\u7684\u63a7\u5236\u63aa\u65bd\uff0c\u4f46\u6ca1\u6709\u6709\u6548\u4f7f\u7528 SOC 2 \u62a5\u544a\u6240\u9700\u7684\u77e5\u8bc6\u3002\u8fd9\u4e9b\u62a5\u544a\u662f\u6839\u636e AICPA/\u52a0\u62ff\u5927\u7279\u8bb8\u4f1a\u8ba1\u5e08\u534f\u4f1a \uff08CICA\uff09 \u5173\u4e8e\u5b89\u5168\u6027\u3001\u53ef\u7528\u6027\u3001\u5904\u7406\u5b8c\u6574\u6027\u3001\u673a\u5bc6\u6027\u548c\u9690\u79c1\u7684\u4fe1\u6258\u670d\u52a1\u539f\u5219\u3001\u6807\u51c6\u548c\u63d2\u56fe\u7f16\u5199\u7684\u3002\u7531\u4e8e SOC 3 \u62a5\u544a\u662f\u901a\u7528\u62a5\u544a\uff0c\u56e0\u6b64\u53ef\u4ee5\u4f5c\u4e3a\u5370\u7ae0\u81ea\u7531\u5206\u53d1\u6216\u53d1\u5e03\u5728\u7f51\u7ad9\u4e0a\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u670d\u52a1\u7ec4\u7ec7\u7684 AICPA \u4fe1\u4efb\u670d\u52a1\u62a5\u544a\u3002 ISO 27001/2 \u8ba4\u8bc1 \u00b6 ISO/IEC 27001/2 \u6807\u51c6\u53d6\u4ee3\u4e86 BS7799-2\uff0c\u662f\u4fe1\u606f\u5b89\u5168\u7ba1\u7406\u4f53\u7cfb \uff08ISMS\uff09 \u7684\u89c4\u8303\u3002ISMS \u662f\u7ec4\u7ec7\u4e3a\u7ba1\u7406\u4fe1\u606f\u8d44\u4ea7\u98ce\u9669\u800c\u521b\u5efa\u548c\u7ef4\u62a4\u7684\u4e00\u6574\u5957\u7b56\u7565\u548c\u8fc7\u7a0b\u3002\u8fd9\u4e9b\u98ce\u9669\u57fa\u4e8e\u7528\u6237\u4fe1\u606f\u7684\u673a\u5bc6\u6027\u3001\u5b8c\u6574\u6027\u548c\u53ef\u7528\u6027 \uff08CIA\uff09\u3002\u4e2d\u592e\u60c5\u62a5\u5c40\u7684\u5b89\u5168\u4e09\u5408\u4f1a\u5df2\u88ab\u7528\u4f5c\u672c\u4e66\u5927\u90e8\u5206\u7ae0\u8282\u7684\u57fa\u7840\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 ISO 27001\u3002 HIPAA / HITECH \u00b6 \u5065\u5eb7\u4fdd\u9669\u6d41\u901a\u4e0e\u8d23\u4efb\u6cd5\u6848 \uff08HIPAA\uff09 \u662f\u7f8e\u56fd\u56fd\u4f1a\u7684\u4e00\u9879\u6cd5\u6848\uff0c\u7528\u4e8e\u7ba1\u7406\u60a3\u8005\u5065\u5eb7\u8bb0\u5f55\u7684\u6536\u96c6\u3001\u5b58\u50a8\u3001\u4f7f\u7528\u548c\u9500\u6bc1\u3002\u8be5\u6cd5\u6848\u89c4\u5b9a\uff0c\u53d7\u4fdd\u62a4\u7684\u5065\u5eb7\u4fe1\u606f\uff08PHI\uff09\u5fc5\u987b\u5bf9\u672a\u7ecf\u6388\u6743\u7684\u4eba\u5458\u201c\u4e0d\u53ef\u7528\u3001\u4e0d\u53ef\u8bfb\u6216\u65e0\u6cd5\u7834\u8bd1\u201d\uff0c\u5e76\u4e14\u5e94\u89e3\u51b3\u201c\u9759\u6001\u201d\u548c\u201c\u52a8\u6001\u201d\u6570\u636e\u7684\u52a0\u5bc6\u95ee\u9898\u3002 HIPAA \u4e0d\u662f\u8ba4\u8bc1\uff0c\u800c\u662f\u4fdd\u62a4\u533b\u7597\u4fdd\u5065\u6570\u636e\u7684\u6307\u5357\u3002\u4e0e PCI-DSS \u7c7b\u4f3c\uff0cPCI \u548c HIPPA \u6700\u91cd\u8981\u7684\u95ee\u9898\u662f\u4e0d\u4f1a\u53d1\u751f\u4fe1\u7528\u5361\u4fe1\u606f\u548c\u5065\u5eb7\u6570\u636e\u6cc4\u9732\u7684\u60c5\u51b5\u3002\u5728\u53d1\u751f\u8fdd\u89c4\u884c\u4e3a\u65f6\uff0c\u5c06\u4ed4\u7ec6\u5ba1\u67e5\u4e91\u63d0\u4f9b\u5546\u662f\u5426\u7b26\u5408 PCI \u548c HIPPA \u63a7\u5236\u63aa\u65bd\u3002\u5982\u679c\u8bc1\u660e\u5408\u89c4\uff0c\u63d0\u4f9b\u5546\u5c06\u7acb\u5373\u5b9e\u65bd\u8865\u6551\u63a7\u5236\u3001\u8fdd\u89c4\u901a\u77e5\u8d23\u4efb\u4ee5\u53ca\u7528\u4e8e\u989d\u5916\u5408\u89c4\u6d3b\u52a8\u7684\u5927\u91cf\u652f\u51fa\u3002\u5982\u679c\u4e0d\u5408\u89c4\uff0c\u4e91\u63d0\u4f9b\u5546\u53ef\u80fd\u4f1a\u9762\u4e34\u73b0\u573a\u5ba1\u8ba1\u56e2\u961f\u3001\u7f5a\u6b3e\u3001\u6f5c\u5728\u7684\u5546\u5bb6 ID \uff08PCI\uff09 \u4e22\u5931\u4ee5\u53ca\u5de8\u5927\u7684\u58f0\u8a89\u5f71\u54cd\u3002 \u62e5\u6709 PHI \u7684\u7528\u6237\u6216\u7ec4\u7ec7\u5fc5\u987b\u652f\u6301 HIPAA \u8981\u6c42\uff0c\u5e76\u4e14\u662f HIPAA \u6db5\u76d6\u7684\u5b9e\u4f53\u3002\u5982\u679c\u5b9e\u4f53\u6253\u7b97\u4f7f\u7528\u67d0\u9879\u670d\u52a1\uff0c\u6216\u8005\u5728\u672c\u4f8b\u4e2d\uff0c\u4f7f\u7528\u53ef\u80fd\u4f7f\u7528\u3001\u5b58\u50a8\u6216\u8bbf\u95ee\u8be5 PHI \u7684 OpenStack \u4e91\uff0c\u5219\u5fc5\u987b\u7b7e\u7f72\u4e1a\u52a1\u4f19\u4f34\u534f\u8bae \uff08BAA\uff09\u3002BAA \u662f HIPAA \u6db5\u76d6\u7684\u5b9e\u4f53\u4e0e OpenStack \u670d\u52a1\u63d0\u4f9b\u5546\u4e4b\u95f4\u7684\u5408\u540c\uff0c\u8981\u6c42\u63d0\u4f9b\u5546\u6839\u636e HIPAA \u8981\u6c42\u5904\u7406\u8be5 PHI\u3002\u5982\u679c\u670d\u52a1\u63d0\u4f9b\u5546\u4e0d\u5904\u7406 PHI\uff0c\u4f8b\u5982\u5b89\u5168\u63a7\u5236\u548c\u5f3a\u5316\uff0c\u90a3\u4e48\u4ed6\u4eec\u5c06\u53d7\u5230 HIPAA \u7684\u7f5a\u6b3e\u548c\u5904\u7f5a\u3002 OpenStack \u67b6\u6784\u5e08\u89e3\u91ca\u548c\u54cd\u5e94 HIPAA \u58f0\u660e\uff0c\u6570\u636e\u52a0\u5bc6\u4ecd\u7136\u662f\u6838\u5fc3\u5b9e\u8df5\u3002\u76ee\u524d\uff0c\u8fd9\u5c06\u8981\u6c42\u4f7f\u7528\u884c\u4e1a\u6807\u51c6\u52a0\u5bc6\u7b97\u6cd5\u5bf9 OpenStack \u90e8\u7f72\u4e2d\u5305\u542b\u7684\u4efb\u4f55\u53d7\u4fdd\u62a4\u7684\u5065\u5eb7\u4fe1\u606f\u8fdb\u884c\u52a0\u5bc6\u3002\u672a\u6765\u6f5c\u5728\u7684OpenStack\u9879\u76ee\uff0c\u5982\u5bf9\u8c61\u52a0\u5bc6\uff0c\u5c06\u4fc3\u8fdbHIPAA\u51c6\u5219\u7684\u9075\u5b88\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u300a\u5065\u5eb7\u4fdd\u9669\u6d41\u901a\u4e0e\u8d23\u4efb\u6cd5\u6848\u300b\u3002 PCI-DSS \u00b6 \u652f\u4ed8\u5361\u884c\u4e1a\u6570\u636e\u5b89\u5168\u6807\u51c6 \uff08PCI DSS\uff09 \u7531\u652f\u4ed8\u5361\u884c\u4e1a\u6807\u51c6\u59d4\u5458\u4f1a\u5b9a\u4e49\uff0c\u65e8\u5728\u52a0\u5f3a\u5bf9\u6301\u5361\u4eba\u6570\u636e\u7684\u63a7\u5236\uff0c\u4ee5\u51cf\u5c11\u4fe1\u7528\u5361\u6b3a\u8bc8\u3002\u5e74\u5ea6\u5408\u89c4\u6027\u9a8c\u8bc1\u7531\u5916\u90e8\u5408\u683c\u5b89\u5168\u8bc4\u4f30\u673a\u6784 \uff08QSA\uff09 \u8fdb\u884c\u8bc4\u4f30\uff0c\u8be5\u8bc4\u4f30\u673a\u6784\u4f1a\u6839\u636e\u6301\u5361\u4eba\u7684\u4ea4\u6613\u91cf\u521b\u5efa\u5408\u89c4\u62a5\u544a \uff08ROC\uff09\uff0c\u6216\u901a\u8fc7\u81ea\u6211\u8bc4\u4f30\u95ee\u5377 \uff08SAQ\uff09 \u8fdb\u884c\u8bc4\u4f30\u3002 \u5b58\u50a8\u3001\u5904\u7406\u6216\u4f20\u8f93\u652f\u4ed8\u5361\u8be6\u7ec6\u4fe1\u606f\u7684 OpenStack \u90e8\u7f72\u5728 PCI-DSS \u7684\u8303\u56f4\u5185\u3002\u6240\u6709\u672a\u4ece\u5904\u7406\u652f\u4ed8\u6570\u636e\u7684\u7cfb\u7edf\u6216\u7f51\u7edc\u4e2d\u6b63\u786e\u5206\u5272\u7684 OpenStack \u7ec4\u4ef6\u90fd\u5c5e\u4e8e PCI-DSS \u7684\u51c6\u5219\u3002PCI-DSS \u4e0a\u4e0b\u6587\u4e2d\u7684\u5206\u6bb5\u4e0d\u652f\u6301\u591a\u79df\u6237\uff0c\u800c\u662f\u7269\u7406\u5206\u79bb\uff08\u4e3b\u673a/\u7f51\u7edc\uff09\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 PCI \u5b89\u5168\u6807\u51c6\u3002 \u653f\u5e9c\u6807\u51c6 \u00b6 FedRAMP \u00b6 \u201c\u8054\u90a6\u98ce\u9669\u548c\u6388\u6743\u7ba1\u7406\u8ba1\u5212 \uff08FedRAMP\uff09 \u662f\u4e00\u9879\u653f\u5e9c\u8303\u56f4\u7684\u8ba1\u5212\uff0c\u5b83\u4e3a\u4e91\u4ea7\u54c1\u548c\u670d\u52a1\u7684\u5b89\u5168\u8bc4\u4f30\u3001\u6388\u6743\u548c\u6301\u7eed\u76d1\u63a7\u63d0\u4f9b\u4e86\u4e00\u79cd\u6807\u51c6\u5316\u65b9\u6cd5\u201d\u3002NIST 800-53 \u662f FISMA \u548c FedRAMP \u7684\u57fa\u7840\uff0c\u540e\u8005\u8981\u6c42\u4e13\u95e8\u9009\u62e9\u5b89\u5168\u63a7\u5236\u4ee5\u5728\u4e91\u73af\u5883\u4e2d\u63d0\u4f9b\u4fdd\u62a4\u3002\u7531\u4e8e\u5b89\u5168\u63a7\u5236\u7684\u7279\u6b8a\u6027\u4ee5\u53ca\u6ee1\u8db3\u653f\u5e9c\u6807\u51c6\u6240\u9700\u7684\u6587\u6863\u91cf\uff0cFedRAMP \u53ef\u80fd\u975e\u5e38\u5bc6\u96c6\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 FedRAMP\u3002 ITAR \u00b6 \u300a\u56fd\u9645\u6b66\u5668\u8d38\u6613\u6761\u4f8b\u300b\uff08ITAR\uff09 \u662f\u4e00\u5957\u7f8e\u56fd\u653f\u5e9c\u6cd5\u89c4\uff0c\u7528\u4e8e\u63a7\u5236\u7f8e\u56fd\u519b\u9700\u54c1\u6e05\u5355 \uff08USML\uff09 \u548c\u76f8\u5173\u6280\u672f\u6570\u636e\u4e2d\u4e0e\u56fd\u9632\u76f8\u5173\u7684\u7269\u54c1\u548c\u670d\u52a1\u7684\u8fdb\u51fa\u53e3\u3002ITAR\u901a\u5e38\u88ab\u4e91\u63d0\u4f9b\u5546\u89c6\u4e3a\u201c\u64cd\u4f5c\u4e00\u81f4\u6027\u201d\uff0c\u800c\u4e0d\u662f\u6b63\u5f0f\u8ba4\u8bc1\u3002\u8fd9\u901a\u5e38\u6d89\u53ca\u6309\u7167 FISMA \u8981\u6c42\uff0c\u9075\u5faa\u57fa\u4e8e NIST 800-53 \u6846\u67b6\u7684\u505a\u6cd5\u5b9e\u65bd\u9694\u79bb\u7684\u4e91\u73af\u5883\uff0c\u5e76\u8f85\u4ee5\u9650\u5236\u4ec5\u8bbf\u95ee\u201c\u7f8e\u56fd\u4eba\u201d\u548c\u80cc\u666f\u7b5b\u9009\u7684\u989d\u5916\u63a7\u5236\u63aa\u65bd\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u300a\u56fd\u9645\u6b66\u5668\u8d38\u6613\u6761\u4f8b\u300b\uff08ITAR\uff09\u3002 FISMA \u00b6 \u300a\u8054\u90a6\u4fe1\u606f\u5b89\u5168\u7ba1\u7406\u6cd5\u300b\u8981\u6c42\u653f\u5e9c\u673a\u6784\u5236\u5b9a\u4e00\u9879\u5168\u9762\u7684\u8ba1\u5212\uff0c\u4ee5\u5b9e\u65bd\u4f17\u591a\u653f\u5e9c\u5b89\u5168\u6807\u51c6\uff0c\u5e76\u5728 2002 \u5e74\u7684\u300a\u7535\u5b50\u653f\u52a1\u6cd5\u300b\u4e2d\u9881\u5e03\u3002FISMA\u6982\u8ff0\u4e86\u4e00\u4e2a\u8fc7\u7a0b\uff0c\u8be5\u8fc7\u7a0b\u5229\u7528\u591a\u4e2aNIST\u51fa\u7248\u7269\uff0c\u51c6\u5907\u4e86\u4e00\u4e2a\u4fe1\u606f\u7cfb\u7edf\u6765\u5b58\u50a8\u548c\u5904\u7406\u653f\u5e9c\u6570\u636e\u3002 \u6b64\u8fc7\u7a0b\u5206\u4e3a\u4e09\u4e2a\u4e3b\u8981\u7c7b\u522b\uff1a \u7cfb\u7edf\u5206\u7c7b\uff1a \u4fe1\u606f\u7cfb\u7edf\u5c06\u6536\u5230\u8054\u90a6\u4fe1\u606f\u5904\u7406\u6807\u51c6\u51fa\u7248\u7269 199 \uff08FIPS 199\uff09 \u4e2d\u5b9a\u4e49\u7684\u5b89\u5168\u7c7b\u522b\u3002\u8fd9\u4e9b\u7c7b\u522b\u53cd\u6620\u4e86\u7cfb\u7edf\u5165\u4fb5\u7684\u6f5c\u5728\u5f71\u54cd\u3002 \u63a7\u4ef6\u9009\u62e9\uff1a \u6839\u636e FIPS 199 \u4e2d\u5b9a\u4e49\u7684\u7cfb\u7edf\u5b89\u5168\u7c7b\u522b\uff0c\u7ec4\u7ec7\u5229\u7528 FIPS 200 \u6765\u786e\u5b9a\u4fe1\u606f\u7cfb\u7edf\u7684\u7279\u5b9a\u5b89\u5168\u63a7\u5236\u8981\u6c42\u3002\u4f8b\u5982\uff0c\u5982\u679c\u7cfb\u7edf\u88ab\u5f52\u7c7b\u4e3a\u201c\u4e2d\u7b49\u201d\uff0c\u5219\u53ef\u80fd\u4f1a\u5f15\u5165\u5f3a\u5236\u8981\u6c42\u201c\u5b89\u5168\u5bc6\u7801\u201d\u7684\u8981\u6c42\u3002 \u63a7\u5236\u5b9a\u5236\uff1a \u4e00\u65e6\u786e\u5b9a\u4e86\u7cfb\u7edf\u5b89\u5168\u63a7\u5236\u63aa\u65bd\uff0cOpenStack \u67b6\u6784\u5e08\u5c06\u5229\u7528 NIST 800-53 \u6765\u63d0\u53d6\u91cf\u8eab\u5b9a\u5236\u7684\u63a7\u5236\u63aa\u65bd\u9009\u62e9\u3002\u4f8b\u5982\uff0c\u89c4\u8303\u4ec0\u4e48\u662f\u201c\u5b89\u5168\u5bc6\u7801\u201d\u3002 \u9690\u79c1 \u00b6 \u9690\u79c1\u662f\u5408\u89c4\u8ba1\u5212\u4e2d\u8d8a\u6765\u8d8a\u91cd\u8981\u7684\u5143\u7d20\u3002\u5ba2\u6237\u5bf9\u4f01\u4e1a\u7684\u8981\u6c42\u8d8a\u6765\u8d8a\u9ad8\uff0c\u4ed6\u4eec\u8d8a\u6765\u8d8a\u6709\u5174\u8da3\u4ece\u9690\u79c1\u7684\u89d2\u5ea6\u4e86\u89e3\u4ed6\u4eec\u7684\u6570\u636e\u662f\u5982\u4f55\u88ab\u5904\u7406\u7684\u3002 OpenStack\u90e8\u7f72\u53ef\u80fd\u9700\u8981\u8bc1\u660e\u7b26\u5408\u7ec4\u7ec7\u7684\u9690\u79c1\u653f\u7b56\uff0c\u4ee5\u53ca\u7f8e\u56fd-\u6b27\u76df\u3002\u5b89\u5168\u6e2f\u6846\u67b6\u3001ISO/IEC 29100\uff1a2011 \u9690\u79c1\u6846\u67b6\u6216\u5176\u4ed6\u7279\u5b9a\u4e8e\u9690\u79c1\u7684\u51c6\u5219\u3002\u5728\u7f8e\u56fd\uff0c\u7f8e\u56fd\u6ce8\u518c\u4f1a\u8ba1\u5e08\u534f\u4f1a\uff08AICPA\uff09\u5df2\u7ecf\u5b9a\u4e49\u4e8610\u4e2a\u9690\u79c1\u91cd\u70b9\u9886\u57df\uff0c\u5728\u5546\u4e1a\u73af\u5883\u4e2d\u90e8\u7f72OpenStack\u53ef\u80fd\u5e0c\u671b\u8bc1\u660e\u5176\u4e2d\u7684\u90e8\u5206\u6216\u5168\u90e8\u539f\u5219\u3002 \u4e3a\u4e86\u5e2e\u52a9 OpenStack \u67b6\u6784\u5e08\u4fdd\u62a4\u4e2a\u4eba\u6570\u636e\uff0c\u6211\u4eec\u5efa\u8bae OpenStack \u67b6\u6784\u5e08\u67e5\u770b NIST \u51fa\u7248\u7269 800-122\uff0c\u6807\u9898\u4e3a\u201c\u4fdd\u62a4\u4e2a\u4eba\u8eab\u4efd\u4fe1\u606f \uff08PII\uff09 \u673a\u5bc6\u6027\u6307\u5357\u201d\u3002\u672c\u6307\u5357\u9010\u6b65\u5b8c\u6210\u4fdd\u62a4\u8fc7\u7a0b\uff1a \"...\u7531\u673a\u6784\u7ef4\u62a4\u7684\u6709\u5173\u4e2a\u4eba\u7684\u4efb\u4f55\u4fe1\u606f\uff0c\u5305\u62ec \uff081\uff09 \u53ef\u7528\u4e8e\u533a\u5206\u6216\u8ffd\u8e2a\u4e2a\u4eba\u8eab\u4efd\u7684\u4efb\u4f55\u4fe1\u606f\uff0c\u4f8b\u5982\u59d3\u540d\u3001\u793e\u4f1a\u5b89\u5168\u53f7\u7801\u3001\u51fa\u751f\u65e5\u671f\u548c\u5730\u70b9\u3001\u6bcd\u4eb2\u7684\u5a5a\u524d\u59d3\u6c0f\u6216\u751f\u7269\u8bc6\u522b\u8bb0\u5f55;\uff082\uff09\u4e0e\u4e2a\u4eba\u6709\u8054\u7cfb\u6216\u53ef\u8054\u7cfb\u7684\u4efb\u4f55\u5176\u4ed6\u4fe1\u606f\uff0c\u5982\u533b\u7597\u3001\u6559\u80b2\u3001\u8d22\u52a1\u548c\u5c31\u4e1a\u4fe1\u606f......\u201d \u5168\u9762\u7684\u9690\u79c1\u7ba1\u7406\u9700\u8981\u5927\u91cf\u7684\u51c6\u5907\u3001\u601d\u8003\u548c\u6295\u8d44\u3002\u5728\u6784\u5efa\u5168\u7403OpenStack\u4e91\u65f6\uff0c\u8fd8\u5f15\u5165\u4e86\u989d\u5916\u7684\u590d\u6742\u6027\uff0c\u4f8b\u5982\uff0c\u5728\u7f8e\u56fd\u548c\u66f4\u4e25\u683c\u7684\u6b27\u76df\u9690\u79c1\u6cd5\u4e4b\u95f4\u7684\u5dee\u5f02\u4e2d\u5bfc\u822a\u3002\u6b64\u5916\uff0c\u5728\u5904\u7406\u654f\u611f\u7684 PII \u65f6\u9700\u8981\u683c\u5916\u5c0f\u5fc3\uff0c\u5176\u4e2d\u53ef\u80fd\u5305\u62ec\u4fe1\u7528\u5361\u53f7\u6216\u533b\u7597\u8bb0\u5f55\u7b49\u4fe1\u606f\u3002\u8fd9\u4e9b\u654f\u611f\u6570\u636e\u4e0d\u4ec5\u53d7\u9690\u79c1\u6cd5\u7684\u7ea6\u675f\uff0c\u8fd8\u53d7\u76d1\u7ba1\u548c\u653f\u5e9c\u6cd5\u89c4\u7684\u7ea6\u675f\u3002\u901a\u8fc7\u9075\u5faa\u65e2\u5b9a\u7684\u6700\u4f73\u5b9e\u8df5\uff0c\u5305\u62ec\u653f\u5e9c\u53d1\u5e03\u7684\u6700\u4f73\u5b9e\u8df5\uff0c\u53ef\u4ee5\u4e3aOpenStack\u90e8\u7f72\u521b\u5efa\u548c\u5b9e\u8df5\u4e00\u4e2a\u5168\u9762\u7684\u9690\u79c1\u7ba1\u7406\u653f\u7b56\u3002 \u5b89\u5168\u5ba1\u67e5 \u00b6 OpenStack\u793e\u533a\u5b89\u5168\u5ba1\u67e5\u7684\u76ee\u6807\u662f\u8bc6\u522bOpenStack\u9879\u76ee\u8bbe\u8ba1\u6216\u5b9e\u73b0\u4e2d\u7684\u5f31\u70b9\u3002\u867d\u7136\u8fd9\u4e9b\u5f31\u70b9\u5f88\u5c11\u89c1\uff0c\u4f46\u53ef\u80fd\u4f1a\u5bf9OpenStack\u90e8\u7f72\u7684\u5b89\u5168\u6027\u4ea7\u751f\u707e\u96be\u6027\u7684\u5f71\u54cd\uff0c\u56e0\u6b64\u5e94\u8be5\u52aa\u529b\u5c06\u8fd9\u4e9b\u7f3a\u9677\u5728\u5df2\u53d1\u5e03\u9879\u76ee\u4e2d\u7684\u53ef\u80fd\u6027\u964d\u5230\u6700\u4f4e\u3002\u5728\u5b89\u5168\u5ba1\u67e5\u8fc7\u7a0b\u4e2d\uff0c\u5e94\u4e86\u89e3\u5e76\u8bb0\u5f55\u4ee5\u4e0b\u5185\u5bb9\uff1a \u7cfb\u7edf\u7684\u6240\u6709\u5165\u53e3\u70b9 \u98ce\u9669\u8d44\u4ea7 \u6570\u636e\u6301\u4e45\u5316\u7684\u4f4d\u7f6e \u6570\u636e\u5982\u4f55\u5728\u7cfb\u7edf\u7ec4\u4ef6\u4e4b\u95f4\u4f20\u8f93 \u6570\u636e\u683c\u5f0f\u548c\u8f6c\u6362 \u9879\u76ee\u7684\u5916\u90e8\u4f9d\u8d56\u9879 \u4e00\u7ec4\u5546\u5b9a\u7684\u8c03\u67e5\u7ed3\u679c\u548c/\u6216\u7f3a\u9677 \u9879\u76ee\u5982\u4f55\u4e0e\u5916\u90e8\u4f9d\u8d56\u9879\u4ea4\u4e92 \u5bf9 OpenStack \u53ef\u4ea4\u4ed8\u5b58\u50a8\u5e93\u6267\u884c\u5b89\u5168\u5ba1\u67e5\u7684\u4e00\u4e2a\u5e38\u89c1\u539f\u56e0\u662f\u534f\u52a9\u6f0f\u6d1e\u7ba1\u7406\u56e2\u961f \uff08VMT\uff09 \u76d1\u7763\u3002OpenStack VMT \u5217\u51fa\u4e86\u53d7\u76d1\u7763\u7684\u5b58\u50a8\u5e93\uff0c\u5176\u4e2d\u6f0f\u6d1e\u7684\u62a5\u544a\u63a5\u6536\u548c\u62ab\u9732\u7531 VMT \u7ba1\u7406\u3002\u867d\u7136\u4e0d\u662f\u4e25\u683c\u7684\u8981\u6c42\uff0c\u4f46\u67d0\u79cd\u5f62\u5f0f\u7684\u5b89\u5168\u5ba1\u67e5\u3001\u5ba1\u8ba1\u6216\u5a01\u80c1\u5206\u6790\u53ef\u4ee5\u5e2e\u52a9\u6bcf\u4e2a\u4eba\u66f4\u8f7b\u677e\u5730\u67e5\u660e\u7cfb\u7edf\u66f4\u5bb9\u6613\u51fa\u73b0\u6f0f\u6d1e\u7684\u533a\u57df\uff0c\u5e76\u5728\u5b83\u4eec\u6210\u4e3a\u7528\u6237\u95ee\u9898\u4e4b\u524d\u89e3\u51b3\u5b83\u4eec\u3002 OpenStack VMT \u5efa\u8bae\uff0c\u5bf9\u9879\u76ee\u63a8\u8350\u7684\u90e8\u7f72\u8fdb\u884c\u67b6\u6784\u5ba1\u67e5\u662f\u4e00\u79cd\u9002\u5f53\u7684\u5b89\u5168\u5ba1\u67e5\u5f62\u5f0f\uff0c\u5728\u5ba1\u67e5\u9700\u6c42\u4e0e OpenStack \u89c4\u6a21\u7684\u9879\u76ee\u8d44\u6e90\u9700\u6c42\u4e4b\u95f4\u53d6\u5f97\u5e73\u8861\u3002\u5b89\u5168\u67b6\u6784\u5ba1\u67e5\u901a\u5e38\u4e5f\u79f0\u4e3a\u5a01\u80c1\u5206\u6790\u3001\u5b89\u5168\u5206\u6790\u6216\u5a01\u80c1\u5efa\u6a21\u3002\u5728OpenStack\u5b89\u5168\u5ba1\u67e5\u7684\u80cc\u666f\u4e0b\uff0c\u8fd9\u4e9b\u672f\u8bed\u662f\u67b6\u6784\u5b89\u5168\u5ba1\u67e5\u7684\u540c\u4e49\u8bcd\uff0c\u5b83\u53ef\u4ee5\u8bc6\u522b\u9879\u76ee\u6216\u53c2\u8003\u67b6\u6784\u8bbe\u8ba1\u4e2d\u7684\u7f3a\u9677\uff0c\u5e76\u53ef\u80fd\u5bfc\u81f4\u8fdb\u4e00\u6b65\u7684\u8c03\u67e5\u5de5\u4f5c\u6765\u9a8c\u8bc1\u90e8\u5206\u5b9e\u73b0\u3002 \u5bf9\u4e8e\u65b0\u9879\u76ee\u4ee5\u53ca\u7b2c\u4e09\u65b9\u672a\u8fdb\u884c\u5b89\u5168\u5ba1\u67e5\u6216\u65e0\u6cd5\u5171\u4eab\u5176\u7ed3\u679c\u7684\u60c5\u51b5\uff0c\u9884\u8ba1\u5b89\u5168\u5ba1\u67e5\u5c06\u662f\u6b63\u5e38\u9014\u5f84\u3002\u9700\u8981\u5b89\u5168\u5ba1\u67e5\u7684\u9879\u76ee\u7684\u4fe1\u606f\u5c06\u5728\u5373\u5c06\u5230\u6765\u7684\u5b89\u5168\u5ba1\u67e5\u8fc7\u7a0b\u4e2d\u63d0\u4f9b\u3002 \u5982\u679c\u7b2c\u4e09\u65b9\u5df2\u7ecf\u6267\u884c\u4e86\u5b89\u5168\u5ba1\u67e5\uff0c\u6216\u8005\u9879\u76ee\u66f4\u559c\u6b22\u4f7f\u7528\u7b2c\u4e09\u65b9\u6765\u6267\u884c\u5ba1\u67e5\uff0c\u5219\u5728\u5373\u5c06\u5230\u6765\u7684\u7b2c\u4e09\u65b9\u5b89\u5168\u5ba1\u67e5\u8fc7\u7a0b\u4e2d\u5c06\u63d0\u4f9b\u6709\u5173\u5982\u4f55\u83b7\u53d6\u8be5\u7b2c\u4e09\u65b9\u5ba1\u67e5\u7684\u8f93\u51fa\u5e76\u5c06\u5176\u63d0\u4ea4\u9a8c\u8bc1\u7684\u4fe1\u606f\u3002 \u65e0\u8bba\u54ea\u79cd\u60c5\u51b5\uff0c\u5bf9\u6587\u6863\u5de5\u4ef6\u7684\u8981\u6c42\u90fd\u662f\u76f8\u4f3c\u7684 - \u9879\u76ee\u5fc5\u987b\u63d0\u4f9b\u6700\u4f73\u5b9e\u8df5\u90e8\u7f72\u7684\u67b6\u6784\u56fe\u3002\u867d\u7136\u5f3a\u70c8\u5efa\u8bae\u4f5c\u4e3a\u6240\u6709\u56e2\u961f\u5f00\u53d1\u5468\u671f\u7684\u4e00\u90e8\u5206\uff0c\u4f46\u6f0f\u6d1e\u626b\u63cf\u548c\u9759\u6001\u5206\u6790\u626b\u63cf\u4e0d\u8db3\u4ee5\u4f5c\u4e3a\u7b2c\u4e09\u65b9\u5ba1\u67e5\u7684\u8bc1\u636e\u3002 \u67b6\u6784\u9875\u9762\u6307\u5357 \u6807\u9898\u3001\u7248\u672c\u4fe1\u606f\u3001\u8054\u7cfb\u65b9\u5f0f \u9879\u76ee\u63cf\u8ff0\u548c\u76ee\u7684 \u4e3b\u8981\u7528\u6237\u548c\u7528\u4f8b \u5916\u90e8\u4f9d\u8d56\u5173\u7cfb\u548c\u5173\u8054\u7684\u5b89\u5168\u5047\u8bbe \u7ec4\u4ef6 \u670d\u52a1\u67b6\u6784\u56fe \u6570\u636e\u8d44\u4ea7 \u6570\u636e\u8d44\u4ea7\u5f71\u54cd\u5206\u6790 \u63a5\u53e3 \u8d44\u6e90 \u67b6\u6784\u9875\u9762\u6307\u5357 \u00b6 \u67b6\u6784\u9875\u9762\u7684\u76ee\u7684\u662f\u8bb0\u5f55\u670d\u52a1\u6216\u9879\u76ee\u7684\u4f53\u7cfb\u7ed3\u6784\u3001\u7528\u9014\u548c\u5b89\u5168\u63a7\u5236\u3002\u5b83\u5e94\u8be5\u8bb0\u5f55\u8be5\u9879\u76ee\u7684\u6700\u4f73\u5b9e\u8df5\u90e8\u7f72\u3002 \u67b6\u6784\u9875\u9762\u6709\u4e00\u4e9b\u5173\u952e\u90e8\u5206\uff0c\u4e0b\u9762\u5c06\u66f4\u8be6\u7ec6\u5730\u89e3\u91ca\u8fd9\u4e9b\u90e8\u5206\uff1a \u6807\u9898\u3001\u7248\u672c\u4fe1\u606f\u3001\u8054\u7cfb\u65b9\u5f0f \u9879\u76ee\u63cf\u8ff0\u548c\u76ee\u7684 \u4e3b\u8981\u7528\u6237\u548c\u7528\u4f8b \u5916\u90e8\u4f9d\u8d56\u5173\u7cfb\u548c\u5173\u8054\u7684\u5b89\u5168\u5047\u8bbe \u7ec4\u4ef6 \u67b6\u6784\u56fe \u6570\u636e\u8d44\u4ea7 \u6570\u636e\u8d44\u4ea7\u5f71\u54cd\u5206\u6790 \u63a5\u53e3 \u6807\u9898\u3001\u7248\u672c\u4fe1\u606f\u3001\u8054\u7cfb\u65b9\u5f0f \u00b6 \u672c\u90e8\u5206\u4e3a\u67b6\u6784\u9875\u9762\u6dfb\u52a0\u6807\u9898\uff0c\u63d0\u4f9b\u8bc4\u5ba1\u72b6\u6001\uff08\u8349\u7a3f\u3001\u51c6\u5907\u8bc4\u5ba1\u3001\u5df2\u5ba1\u6838\uff09\uff0c\u5e76\u6355\u83b7\u9879\u76ee\u7684\u53d1\u5e03\u548c\u7248\u672c\uff08\u5982\u679c\u76f8\u5173\uff09\u3002\u5b83\u8fd8\u8bb0\u5f55\u4e86\u9879\u76ee\u7684 PTL\u3001\u8d1f\u8d23\u751f\u6210\u67b6\u6784\u9875\u9762\u3001\u56fe\u8868\u548c\u5b8c\u6210\u8bc4\u5ba1\u7684\u9879\u76ee\u67b6\u6784\u5e08\uff08\u8fd9\u53ef\u80fd\u662f\u4e5f\u53ef\u80fd\u4e0d\u662f PTL\uff09\u548c\u5b89\u5168\u8bc4\u5ba1\u5458\u3002 \u9879\u76ee\u63cf\u8ff0\u548c\u76ee\u7684 \u00b6 \u672c\u8282\u5c06\u5305\u542b\u9879\u76ee\u7684\u7b80\u8981\u8bf4\u660e\uff0c\u4ee5\u5411\u7b2c\u4e09\u65b9\u4ecb\u7ecd\u8be5\u670d\u52a1\u3002\u8fd9\u5e94\u8be5\u662f\u4e00\u4e24\u4e2a\u6bb5\u843d\uff0c\u53ef\u4ee5\u4ece wiki \u6216\u5176\u4ed6\u6587\u6863\u4e2d\u526a\u5207/\u7c98\u8d34\u3002\u5305\u62ec\u76f8\u5173\u6f14\u793a\u6587\u7a3f\u548c\u66f4\u591a\u6587\u6863\u7684\u94fe\u63a5\uff08\u5982\u679c\u6709\uff09\u3002 \u4f8b\u5982\uff1a \u201cAnchor \u662f\u4e00\u79cd\u516c\u94a5\u57fa\u7840\u8bbe\u65bd \uff08PKI\uff09 \u670d\u52a1\uff0c\u5b83\u4f7f\u7528\u81ea\u52a8\u8bc1\u4e66\u8bf7\u6c42\u9a8c\u8bc1\u6765\u81ea\u52a8\u505a\u51fa\u9881\u53d1\u51b3\u7b56\u3002\u8bc1\u4e66\u7684\u9881\u53d1\u65f6\u95f4\u5f88\u77ed\uff08\u901a\u5e38\u4e3a 12-48 \u5c0f\u65f6\uff09\uff0c\u4ee5\u907f\u514d\u4e0e CRL \u548c OCSP \u76f8\u5173\u7684\u6709\u7f3a\u9677\u7684\u540a\u9500\u95ee\u9898\u3002 \u4e3b\u8981\u7528\u6237\u548c\u7528\u4f8b \u00b6 \u5df2\u5b9e\u73b0\u67b6\u6784\u7684\u9884\u671f\u4e3b\u8981\u7528\u6237\u53ca\u5176\u7528\u4f8b\u7684\u5217\u8868\u3002\u201c\u7528\u6237\u201d\u53ef\u4ee5\u662f OpenStack \u4e2d\u7684\u53c2\u4e0e\u8005\u6216\u5176\u4ed6\u670d\u52a1\u3002 \u4f8b\u5982\uff1a \u6700\u7ec8\u7528\u6237\u5c06\u4f7f\u7528\u7cfb\u7edf\u6765\u5b58\u50a8\u654f\u611f\u6570\u636e\uff0c\u4f8b\u5982\u5bc6\u7801\u3001\u52a0\u5bc6\u5bc6\u94a5\u7b49\u3002 \u4e91\u7ba1\u7406\u5458\u5c06\u4f7f\u7528\u7ba1\u7406 API \u6765\u7ba1\u7406\u8d44\u6e90\u914d\u989d\u3002 \u5916\u90e8\u4f9d\u8d56\u548c\u76f8\u5173\u7684\u5b89\u5168\u5047\u8bbe \u00b6 \u5916\u90e8\u4f9d\u8d56\u9879\u662f\u670d\u52a1\u64cd\u4f5c\u6240\u9700\u7684\u4e0d\u53d7\u63a7\u5236\u7684\u9879\uff0c\u5982\u679c\u5b83\u4eec\u53d7\u5230\u5a01\u80c1\u6216\u53d8\u5f97\u4e0d\u53ef\u7528\uff0c\u53ef\u80fd\u4f1a\u5f71\u54cd\u670d\u52a1\u3002\u8fd9\u4e9b\u9879\u76ee\u901a\u5e38\u4e0d\u5728\u5f00\u53d1\u4eba\u5458\u7684\u63a7\u5236\u8303\u56f4\u5185\uff0c\u4f46\u5728\u90e8\u7f72\u8005\u7684\u63a7\u5236\u8303\u56f4\u5185\uff0c\u6216\u8005\u5b83\u4eec\u53ef\u80fd\u7531\u7b2c\u4e09\u65b9\u64cd\u4f5c\u3002\u8bbe\u5907\u5e94\u88ab\u89c6\u4e3a\u5916\u90e8\u4f9d\u8d56\u9879\u3002 \u4f8b\u5982\uff1a Nova \u8ba1\u7b97\u670d\u52a1\u4f9d\u8d56\u4e8e\u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743\u670d\u52a1\u3002\u5728\u5178\u578b\u90e8\u7f72\u4e2d\uff0c\u6b64\u4f9d\u8d56\u5173\u7cfb\u5c06\u7531 keystone \u670d\u52a1\u5b9e\u73b0\u3002 Barbican \u4f9d\u8d56\u4e8e\u786c\u4ef6\u5b89\u5168\u6a21\u5757 \uff08HSM\uff09 \u8bbe\u5907\u7684\u4f7f\u7528\u3002 \u7ec4\u4ef6 \u00b6 \u5df2\u90e8\u7f72\u9879\u76ee\u7684\u7ec4\u4ef6\u5217\u8868\uff0c\u4e0d\u5305\u62ec\u5916\u90e8\u5b9e\u4f53\u3002\u6bcf\u4e2a\u7ec4\u4ef6\u90fd\u5e94\u547d\u540d\u5e76\u7b80\u8981\u63cf\u8ff0\u5176\u7528\u9014\uff0c\u5e76\u4f7f\u7528\u4f7f\u7528\u7684\u4e3b\u8981\u6280\u672f\uff08\u4f8b\u5982 Python\u3001MySQL\u3001RabbitMQ\uff09\u8fdb\u884c\u6807\u8bb0\u3002 \u4f8b\u5982\uff1a keystone \u76d1\u542c\u5668\u8fdb\u7a0b \uff08Python\uff09\uff1a\u4f7f\u7528 keystone \u670d\u52a1\u53d1\u5e03\u7684 keystone \u4e8b\u4ef6\u7684 Python \u8fdb\u7a0b\u3002 \u6570\u636e\u5e93 \uff08MySQL\uff09\uff1aMySQL \u6570\u636e\u5e93\uff0c\u7528\u4e8e\u5b58\u50a8\u4e0e\u5176\u6258\u7ba1\u5b9e\u4f53\u53ca\u5176\u5143\u6570\u636e\u76f8\u5173\u7684\u5df4\u6bd4\u80af\u72b6\u6001\u6570\u636e\u3002 \u670d\u52a1\u67b6\u6784\u56fe \u00b6 \u67b6\u6784\u56fe\u663e\u793a\u4e86\u7cfb\u7edf\u7684\u903b\u8f91\u5e03\u5c40\uff0c\u4ee5\u4fbf\u5b89\u5168\u5ba1\u9605\u8005\u53ef\u4ee5\u4e0e\u9879\u76ee\u56e2\u961f\u4e00\u8d77\u9010\u6b65\u5b8c\u6210\u67b6\u6784\u3002\u5b83\u662f\u4e00\u4e2a\u903b\u8f91\u56fe\uff0c\u663e\u793a\u7ec4\u4ef6\u5982\u4f55\u4ea4\u4e92\u3001\u5b83\u4eec\u5982\u4f55\u8fde\u63a5\u5230\u5916\u90e8\u5b9e\u4f53\u4ee5\u53ca\u901a\u4fe1\u8de8\u8d8a\u4fe1\u4efb\u8fb9\u754c\u7684\u4f4d\u7f6e\u3002\u6709\u5173\u67b6\u6784\u56fe\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u5305\u62ec\u7b26\u53f7\u952e\uff0c\u5c06\u5728\u5373\u5c06\u53d1\u5e03\u7684\u67b6\u6784\u56fe\u6307\u5357\u4e2d\u7ed9\u51fa\u3002\u53ef\u4ee5\u5728\u4efb\u4f55\u53ef\u4ee5\u751f\u6210\u4f7f\u7528\u952e\u4e2d\u7b26\u53f7\u7684\u56fe\u8868\u7684\u5de5\u5177\u4e2d\u7ed8\u5236\u56fe\u8868\uff0c\u4f46\u5f3a\u70c8\u5efa\u8bae draw.io\u3002 \u6b64\u793a\u4f8b\u663e\u793a\u4e86 barbican \u67b6\u6784\u56fe\uff1a \u6570\u636e\u8d44\u4ea7 \u00b6 \u6570\u636e\u8d44\u4ea7\u662f\u653b\u51fb\u8005\u53ef\u80fd\u9488\u5bf9\u7684\u7528\u6237\u6570\u636e\u3001\u9ad8\u4ef7\u503c\u6570\u636e\u3001\u914d\u7f6e\u9879\u3001\u6388\u6743\u4ee4\u724c\u6216\u5176\u4ed6\u9879\u3002\u6570\u636e\u9879\u96c6\u56e0\u9879\u76ee\u800c\u5f02\uff0c\u4f46\u4e00\u822c\u800c\u8a00\uff0c\u5e94\u5c06\u5176\u89c6\u4e3a\u5bf9\u9879\u76ee\u9884\u671f\u64cd\u4f5c\u81f3\u5173\u91cd\u8981\u7684\u7c7b\u522b\u3002\u6240\u9700\u7684\u8be6\u7ec6\u7a0b\u5ea6\u5728\u67d0\u79cd\u7a0b\u5ea6\u4e0a\u53d6\u51b3\u4e8e\u4e0a\u4e0b\u6587\u3002\u6570\u636e\u901a\u5e38\u53ef\u4ee5\u5206\u7ec4\uff0c\u4f8b\u5982\u201c\u7528\u6237\u6570\u636e\u201d\u3001\u201c\u673a\u5bc6\u6570\u636e\u201d\u6216\u201c\u914d\u7f6e\u6587\u4ef6\u201d\uff0c\u4f46\u4e5f\u53ef\u4ee5\u662f\u5355\u6570\uff0c\u4f8b\u5982\u201c\u7ba1\u7406\u5458\u8eab\u4efd\u4ee4\u724c\u201d\u6216\u201c\u7528\u6237\u8eab\u4efd\u4ee4\u724c\u201d\u6216\u201c\u6570\u636e\u5e93\u914d\u7f6e\u6587\u4ef6\u201d\u3002 \u6570\u636e\u8d44\u4ea7\u5e94\u5305\u62ec\u8be5\u8d44\u4ea7\u6301\u4e45\u5316\u4f4d\u7f6e\u7684\u58f0\u660e\u3002 \u4f8b\u5982\uff1a \u673a\u5bc6\u6570\u636e - \u5bc6\u7801\u3001\u52a0\u5bc6\u5bc6\u94a5\u3001RSA \u5bc6\u94a5 - \u4fdd\u7559\u5728\u6570\u636e\u5e93 [PKCS#11] \u6216 HSM [KMIP] \u6216 [KMIP\u3001Dogtag] \u4e2d RBAC \u89c4\u5219\u96c6 - \u4fdd\u7559\u5728 policy.json \u4e2d RabbitMQ \u51ed\u8bc1 - \u4fdd\u7559\u5728 barbican.conf \u4e2d keystone \u4e8b\u4ef6\u961f\u5217\u51ed\u636e - \u4fdd\u7559\u5728 barbican.conf \u4e2d \u4e2d\u95f4\u4ef6\u914d\u7f6e - \u4fdd\u7559\u5728\u7c98\u8d34 .ini \u4e2d \u6570\u636e\u8d44\u4ea7\u5f71\u54cd\u5206\u6790 \u00b6 \u6570\u636e\u8d44\u4ea7\u5f71\u54cd\u5206\u6790\u5206\u89e3\u4e86\u6bcf\u4e2a\u6570\u636e\u8d44\u4ea7\u7684\u673a\u5bc6\u6027\u3001\u5b8c\u6574\u6027\u6216\u53ef\u7528\u6027\u635f\u5931\u7684\u5f71\u54cd\u3002\u9879\u76ee\u67b6\u6784\u5e08\u5e94\u8be5\u5c1d\u8bd5\u5b8c\u6210\u8fd9\u9879\u5de5\u4f5c\uff0c\u56e0\u4e3a\u4ed6\u4eec\u6700\u8be6\u7ec6\u5730\u4e86\u89e3\u4ed6\u4eec\u7684\u9879\u76ee\uff0c\u4f46 OpenStack \u5b89\u5168\u9879\u76ee \uff08OSSP\uff09 \u5c06\u5728\u5b89\u5168\u5ba1\u67e5\u671f\u95f4\u4e0e\u9879\u76ee\u4e00\u8d77\u89e3\u51b3\u8fd9 \u4e2a\u95ee\u9898\uff0c\u5e76\u53ef\u80fd\u6dfb\u52a0\u6216\u66f4\u65b0\u5f71\u54cd\u7ec6\u8282\u3002 \u4f8b\u5982\uff1a RabbitMQ \u51ed\u636e\uff1a \u5b8c\u6574\u6027\u6545\u969c\u5f71\u54cd\uff1abarbican \u548c Workers \u65e0\u6cd5\u518d\u8bbf\u95ee\u961f\u5217\u3002\u62d2\u7edd\u670d\u52a1\u3002 \u673a\u5bc6\u6027\u6545\u969c\u5f71\u54cd\uff1a\u653b\u51fb\u8005\u53ef\u4ee5\u5c06\u65b0\u4efb\u52a1\u6dfb\u52a0\u5230\u961f\u5217\u4e2d\uff0c\u8fd9\u4e9b\u4efb\u52a1\u5c06\u7531\u5de5\u4f5c\u4eba\u5458\u6267\u884c\u3002\u653b\u51fb\u8005\u53ef\u80fd\u8017\u5c3d\u7528\u6237\u914d\u989d\u3002\u62d2\u7edd\u670d\u52a1\u3002\u7528\u6237\u5c06\u65e0\u6cd5\u521b\u5efa\u771f\u6b63\u7684\u673a\u5bc6\u3002 \u53ef\u7528\u6027\u6545\u969c\u5f71\u54cd\uff1a\u5982\u679c\u6ca1\u6709\u5bf9\u961f\u5217\u7684\u8bbf\u95ee\u6743\u9650\uff0cbarbican \u65e0\u6cd5\u518d\u521b\u5efa\u65b0\u5bc6\u94a5\u3002 Keystone \u51ed\u636e\uff1a \u5b8c\u6574\u6027\u6545\u969c\u5f71\u54cd\uff1abarbican \u5c06\u65e0\u6cd5\u9a8c\u8bc1\u7528\u6237\u51ed\u636e\u5e76\u5931\u8d25\u3002\u62d2\u7edd\u670d\u52a1\u3002 \u673a\u5bc6\u6027\u6545\u969c\u5f71\u54cd\uff1a\u6076\u610f\u7528\u6237\u53ef\u80fd\u4f1a\u6ee5\u7528\u5176\u4ed6 OpenStack \u670d\u52a1\uff08\u53d6\u51b3\u4e8e keystone \u89d2\u8272\u914d\u7f6e\uff09\uff0c\u4f46 barbican \u4e0d\u53d7\u5f71\u54cd\u3002\u5982\u679c\u7528\u4e8e\u4ee4\u724c\u9a8c\u8bc1\u7684\u670d\u52a1\u5e10\u6237\u4e5f\u5177\u6709 barbican \u7ba1\u7406\u5458\u6743\u9650\uff0c\u5219\u6076\u610f\u7528\u6237\u53ef\u4ee5\u64cd\u7eb5 barbican \u7ba1\u7406\u5458\u529f\u80fd\u3002 \u53ef\u7528\u6027\u6545\u969c\u5f71\u54cd\uff1abarbican \u5c06\u65e0\u6cd5\u9a8c\u8bc1\u7528\u6237\u51ed\u636e\u5e76\u5931\u8d25\u3002\u62d2\u7edd\u670d\u52a1\u3002 \u63a5\u53e3 \u00b6 \u63a5\u53e3\u5217\u8868\u6355\u83b7\u4e86\u5ba1\u67e5\u8303\u56f4\u5185\u7684\u63a5\u53e3\u3002\u8fd9\u5305\u62ec\u67b6\u6784\u56fe\u4e0a\u8de8\u8d8a\u4fe1\u4efb\u8fb9\u754c\u6216\u4e0d\u4f7f\u7528\u884c\u4e1a\u6807\u51c6\u52a0\u5bc6\u534f\u8bae\uff08\u5982 TLS \u6216 SSH\uff09\u7684\u6a21\u5757\u4e4b\u95f4\u7684\u8fde\u63a5\u3002\u5bf9\u4e8e\u6bcf\u4e2a\u63a5\u53e3\uff0c\u5c06\u6355\u83b7\u4ee5\u4e0b\u4fe1\u606f\uff1a \u4f7f\u7528\u7684\u534f\u8bae \u901a\u8fc7\u8be5\u63a5\u53e3\u4f20\u8f93\u7684\u4efb\u4f55\u6570\u636e\u8d44\u4ea7 \u6709\u5173\u7528\u4e8e\u8fde\u63a5\u5230\u8be5\u63a5\u53e3\u7684\u8eab\u4efd\u9a8c\u8bc1\u7684\u4fe1\u606f \u63a5\u53e3\u7528\u9014\u7684\u7b80\u8981\u8bf4\u660e\u3002 \u8bb0\u5f55\u683c\u5f0f\u5982\u4e0b\uff1a \u4ece>\u5230[\u4f20\u8f93\u65b9\u5f0f]\uff1a \u52a8\u6001\u8d44\u4ea7 \u8eab\u4efd\u8ba4\u8bc1\uff1f \u63cf\u8ff0 \u4f8b\u5982\uff1a \u5ba2\u6237\u7aef>API \u8fdb\u7a0b [TLS]\uff1a \u4f20\u8f93\u4e2d\u7684\u8d44\u4ea7\uff1a\u7528\u6237\u5bc6\u94a5\u5931\u771f\u51ed\u636e\u3001\u660e\u6587\u5bc6\u94a5\u3001HTTP \u8c13\u8bcd\u3001\u5bc6\u94a5 ID\u3001\u8def\u5f84 \u5bf9 keystone \u51ed\u636e\u6216\u660e\u6587\u673a\u5bc6\u7684\u8bbf\u95ee\u88ab\u89c6\u4e3a\u7cfb\u7edf\u7684\u5b8c\u5168\u5b89\u5168\u6545\u969c - \u6b64\u63a5\u53e3\u5fc5\u987b\u5177\u6709\u5f3a\u5927\u7684\u673a\u5bc6\u6027\u548c\u5b8c\u6574\u6027\u63a7\u5236\u3002 \u8d44\u6e90 \u00b6 \u5217\u51fa\u4e0e\u9879\u76ee\u76f8\u5173\u7684\u8d44\u6e90\uff0c\u4f8b\u5982\u63cf\u8ff0\u5176\u90e8\u7f72\u548c\u7528\u6cd5\u7684 Wiki \u9875\u9762\uff0c\u4ee5\u53ca\u6307\u5411\u4ee3\u7801\u5b58\u50a8\u5e93\u548c\u76f8\u5173\u6f14\u793a\u6587\u7a3f\u7684\u94fe\u63a5\u3002 \u5b89\u5168\u68c0\u67e5\u8868 \u00b6 \u8eab\u4efd\u670d\u52a1\u68c0\u67e5\u8868 \u4eea\u8868\u677f\u68c0\u67e5\u8868 \u8ba1\u7b97\u670d\u52a1\u68c0\u67e5\u8868 \u5757\u5b58\u50a8\u670d\u52a1\u68c0\u67e5\u8868 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u68c0\u67e5\u8868 \u7f51\u7edc\u670d\u52a1\u68c0\u67e5\u8868 \u9644\u5f55 \u00b6 \u793e\u533a\u652f\u6301 \u8bcd\u6c47\u8868 \u793e\u533a\u652f\u6301 \u00b6 \u4ee5\u4e0b\u8d44\u6e90\u53ef\u5e2e\u52a9\u60a8\u8fd0\u884c\u548c\u4f7f\u7528 OpenStack\u3002OpenStack\u793e\u533a\u4e0d\u65ad\u6539\u8fdb\u548c\u589e\u52a0OpenStack\u7684\u4e3b\u8981\u529f\u80fd\uff0c\u4f46\u5982\u679c\u60a8\u6709\u4efb\u4f55\u95ee\u9898\uff0c\u8bf7\u968f\u65f6\u63d0\u95ee\u3002\u4f7f\u7528\u4ee5\u4e0b\u8d44\u6e90\u83b7\u53d6 OpenStack \u652f\u6301\u5e76\u5bf9\u5b89\u88c5\u8fdb\u884c\u6545\u969c\u6392\u9664\u3002 \u6587\u6863 \u00b6 \u6709\u5173\u53ef\u7528\u7684 OpenStack \u6587\u6863\uff0c\u8bf7\u53c2\u9605 docs.openstack.org\u3002 \u4ee5\u4e0b\u6307\u5357\u89e3\u91ca\u4e86\u5982\u4f55\u5b89\u88c5\u6982\u5ff5\u9a8c\u8bc1 OpenStack \u4e91\u53ca\u5176\u76f8\u5173\u7ec4\u4ef6\uff1a Rocky \u5b89\u88c5\u6307\u5357 \u4ee5\u4e0b\u4e66\u7c4d\u4ecb\u7ecd\u4e86\u5982\u4f55\u914d\u7f6e\u548c\u8fd0\u884c OpenStack \u4e91\uff1a \u67b6\u6784\u8bbe\u8ba1\u6307\u5357 Rocky \u7ba1\u7406\u5458\u6307\u5357 Rocky \u914d\u7f6e\u6307\u5357 Rocky \u7f51\u7edc\u6307\u5357 \u9ad8\u53ef\u7528\u6027\u6307\u5357 \u5b89\u5168\u6307\u5357 \u865a\u62df\u673a\u6620\u50cf\u6307\u5357 \u4ee5\u4e0b\u4e66\u7c4d\u4ecb\u7ecd\u4e86\u5982\u4f55\u4f7f\u7528\u547d\u4ee4\u884c\u5ba2\u6237\u7aef\uff1a Rocky API \u7ed1\u5b9a \u4ee5\u4e0b\u6587\u6863\u63d0\u4f9b\u4e86 OpenStack API \u7684\u53c2\u8003\u548c\u6307\u5bfc\u4fe1\u606f\uff1a API \u6587\u6863 \u4ee5\u4e0b\u6307\u5357\u63d0\u4f9b\u4e86\u6709\u5173\u5982\u4f55\u4e3a OpenStack \u6587\u6863\u505a\u51fa\u8d21\u732e\u7684\u4fe1\u606f\uff1a \u6587\u6863\u8d21\u732e\u8005\u6307\u5357 OpenStack wiki \u00b6 OpenStack wiki \u5305\u542b\u5e7f\u6cdb\u7684\u4e3b\u9898\uff0c\u4f46\u6709\u4e9b\u4fe1\u606f\u53ef\u80fd\u5f88\u96be\u627e\u5230\u6216\u53ea\u6709\u51e0\u9875\u6df1\u3002\u5e78\u8fd0\u7684\u662f\uff0cWiki \u641c\u7d22\u529f\u80fd\u4f7f\u60a8\u80fd\u591f\u6309\u6807\u9898\u6216\u5185\u5bb9\u8fdb\u884c\u641c\u7d22\u3002\u5982\u679c\u60a8\u641c\u7d22\u7279\u5b9a\u4fe1\u606f\uff0c\u4f8b\u5982\u6709\u5173\u7f51\u7edc\u6216 OpenStack \u8ba1\u7b97\u7684\u4fe1\u606f\uff0c\u60a8\u53ef\u4ee5\u627e\u5230\u5927\u91cf\u76f8\u5173\u6750\u6599\u3002\u66f4\u591a\u5185\u5bb9\u4e00\u76f4\u5728\u6dfb\u52a0\uff0c\u56e0\u6b64\u8bf7\u52a1\u5fc5\u7ecf\u5e38\u56de\u6765\u67e5\u770b\u3002\u60a8\u53ef\u4ee5\u5728\u4efb\u4f55 OpenStack wiki \u9875\u9762\u7684\u53f3\u4e0a\u89d2\u627e\u5230\u641c\u7d22\u6846\u3002 Launchpad bug \u533a\u57df \u00b6 OpenStack \u793e\u533a\u91cd\u89c6\u60a8\u7684\u8bbe\u7f6e\u548c\u6d4b\u8bd5\u5de5\u4f5c\uff0c\u5e76\u5e0c\u671b\u5f97\u5230\u60a8\u7684\u53cd\u9988\u3002\u8981\u8bb0\u5f55bug\uff0c\u60a8\u5fc5\u987b\u6ce8\u518c\u4e00\u4e2a Launchpad \u5e10\u6237\u3002\u60a8\u53ef\u4ee5\u5728 Launchpad bug \u533a\u57df\u4e2d\u67e5\u770b\u73b0\u6709bug\u5e76\u62a5\u544abug\u3002\u4f7f\u7528\u641c\u7d22\u529f\u80fd\u786e\u5b9abug\u662f\u5426\u5df2\u62a5\u544a\u6216\u5df2\u4fee\u590d\u3002\u5982\u679c\u60a8\u7684bug\u4f3c\u4e4e\u4ecd\u672a\u62a5\u544a\uff0c\u8bf7\u586b\u5199bug\u62a5\u544a\u3002 \u4e00\u4e9b\u63d0\u793a\uff1a \u7ed9\u51fa\u4e00\u4e2a\u6e05\u6670\u3001\u7b80\u6d01\u7684\u603b\u7ed3\u3002 \u5728\u63cf\u8ff0\u4e2d\u63d0\u4f9b\u5c3d\u53ef\u80fd\u591a\u7684\u8be6\u7ec6\u4fe1\u606f\u3002\u7c98\u8d34\u547d\u4ee4\u8f93\u51fa\u6216\u5806\u6808\u8ddf\u8e2a\u3001\u5c4f\u5e55\u622a\u56fe\u94fe\u63a5\u4ee5\u53ca\u53ef\u80fd\u6709\u7528\u7684\u4efb\u4f55\u5176\u4ed6\u4fe1\u606f\u3002 \u8bf7\u52a1\u5fc5\u5305\u62ec\u60a8\u6b63\u5728\u4f7f\u7528\u7684\u8f6f\u4ef6\u548c\u8f6f\u4ef6\u5305\u7248\u672c\uff0c\u5c24\u5176\u662f\u5728\u4f7f\u7528\u5f00\u53d1\u5206\u652f\uff08\u5982 \"Kilo release\" vs git commit bc79c3ecc55929bac585d04a03475b72e06a3208 . \u4efb\u4f55\u7279\u5b9a\u4e8e\u90e8\u7f72\u7684\u4fe1\u606f\u90fd\u5f88\u6709\u7528\uff0c\u4f8b\u5982\u60a8\u4f7f\u7528\u7684\u662f Ubuntu 14.04 \u8fd8\u662f\u6b63\u5728\u6267\u884c\u591a\u8282\u70b9\u5b89\u88c5\u3002 \u4ee5\u4e0b Launchpad Bug \u533a\u57df\u53ef\u7528\uff1a Bugs\uff1aOpenStack \u5757\u5b58\u50a8 \uff08cinder\uff09 Bugs\uff1aOpenStack \u8ba1\u7b97\uff08nova\uff09 Bugs\uff1aOpenStack \u4eea\u8868\u677f\uff08horizon\uff09 Bugs\uff1aOpenStack \u8eab\u4efd\u8ba4\u8bc1\uff08keystone\uff09 Bugs\uff1aOpenStack \u955c\u50cf\u670d\u52a1 \uff08glance\uff09 Bugs\uff1aOpenStack \u7f51\u7edc\uff08neutron\uff09 Bugs\uff1aOpenStack \u5bf9\u8c61\u5b58\u50a8 \uff08swift\uff09 Bugs\uff1a\u5e94\u7528\u7a0b\u5e8f\u76ee\u5f55 \uff08murano\uff09 Bugs\uff1a\u88f8\u673a\u670d\u52a1\uff08ironic\uff09 Bugs\uff1a\u96c6\u7fa4\u670d\u52a1\uff08senlin\uff09 Bugs\uff1a\u5bb9\u5668\u57fa\u7840\u67b6\u6784\u7ba1\u7406\u670d\u52a1\uff08magnum\uff09 Bugs\uff1a\u6570\u636e\u5904\u7406\u670d\u52a1\uff08sahara\uff09 Bugs\uff1a\u6570\u636e\u5e93\u670d\u52a1 \uff08trove\uff09 Bugs\uff1aDNS\u670d\u52a1\uff08designate\uff09 Bugs\uff1a\u5bc6\u94a5\u7ba1\u7406\u670d\u52a1\uff08barbican\uff09 Bugs\uff1a\u76d1\u63a7 \uff08monasca\uff09 Bugs\uff1a\u7f16\u6392 \uff08heat\uff09 Bugs\uff1a\u8bc4\u7ea7 \uff08cloudkitty\uff09 Bugs\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf \uff08manila\uff09 Bugs\uff1a\u9065\u6d4b\uff08ceilometer\uff09 Bugs\uff1a\u9065\u6d4bv3 \uff08gnocchi\uff09 Bugs\uff1a\u5de5\u4f5c\u6d41\u670d\u52a1 \uff08mistral\uff09 Bugs\uff1a\u6d88\u606f\u4f20\u9012\u670d\u52a1 \uff08zaqar\uff09 Bugs\uff1a\u5bb9\u5668\u670d\u52a1 \uff08zun\uff09 Bugs\uff1aOpenStack API \u6587\u6863 \uff08developer.openstack.org\uff09 Bugs\uff1aOpenStack \u6587\u6863 \uff08docs.openstack.org\uff09 \u6587\u6863\u53cd\u9988 \u00b6 \u8981\u63d0\u4f9b\u6709\u5173\u6587\u6863\u7684\u53cd\u9988\uff0c\u8bf7\u52a0\u5165\u6211\u4eec\u5728 OFTC IRC \u7f51\u7edc\u4e0a\u7684 IRC \u9891\u9053 #openstack-doc \uff0c\u6216\u5728 Launchpad \u4e2d\u62a5\u544a\u9519\u8bef\u5e76\u9009\u62e9\u6587\u6863\u6240\u5c5e\u7684\u7279\u5b9a\u9879\u76ee\u3002 OpenStack IRC \u9891\u9053 \u00b6 OpenStack \u793e\u533a\u4f4d\u4e8e OFTC \u7f51\u7edc\u4e0a\u7684 #openstack IRC \u9891\u9053\u4e2d\u3002\u60a8\u53ef\u4ee5\u5728\u8fd9\u91cc\u63d0\u95ee\uff0c\u83b7\u53d6\u5373\u65f6\u53cd\u9988\uff0c\u89e3\u51b3\u7d27\u6025\u95ee\u9898\u3002\u8981\u5b89\u88c5 IRC \u5ba2\u6237\u7aef\u6216\u4f7f\u7528\u57fa\u4e8e\u6d4f\u89c8\u5668\u7684\u5ba2\u6237\u7aef\uff0c\u8bf7\u8bbf\u95ee https://webchat.oftc.net/\u3002\u60a8\u8fd8\u53ef\u4ee5\u4f7f\u7528Colloquy \uff08Mac OS X\uff09\u3001mIRC \uff08Windows\uff09 \u6216 XChat \uff08Linux\uff09\u3002\u5f53\u60a8\u5728 IRC \u9891\u9053\u4e2d\u5e76\u4e14\u60f3\u8981\u5171\u4eab\u4ee3\u7801\u6216\u547d\u4ee4\u8f93\u51fa\u65f6\uff0c\u901a\u5e38\u63a5\u53d7\u7684\u65b9\u6cd5\u662f\u4f7f\u7528 Paste Bin\u3002OpenStack \u9879\u76ee\u6709\u4e00\u4e2aPaste\u7f51\u7ad9\u3002\u53ea\u9700\u5c06\u8f83\u957f\u7684\u6587\u672c\u6216\u65e5\u5fd7\u7c98\u8d34\u5230 Web \u8868\u5355\u4e2d\uff0c\u5373\u53ef\u83b7\u5f97\u4e00\u4e2aURL\uff0c\u53ef\u4ee5\u5c06\u5176\u7c98\u8d34\u5230\u9891\u9053\u4e2d\u3002OpenStack IRC \u9891\u9053\u5904\u4e8e #openstack . irc.oftc.net \u60a8\u53ef\u4ee5\u5728 wiki \u7684 IRC \u9875\u9762\u4e0a\u627e\u5230\u6240\u6709 OpenStack IRC \u9891\u9053\u7684\u5217\u8868\u3002 OpenStack \u90ae\u4ef6\u5217\u8868 \u00b6 \u83b7\u5f97\u7b54\u6848\u548c\u89c1\u89e3\u7684\u4e00\u4e2a\u597d\u65b9\u6cd5\u662f\u5c06\u60a8\u7684\u95ee\u9898\u6216\u6709\u95ee\u9898\u7684\u573a\u666f\u53d1\u5e03\u5230 OpenStack \u90ae\u4ef6\u5217\u8868\u4e2d\u3002\u60a8\u53ef\u4ee5\u5411\u53ef\u80fd\u9047\u5230\u7c7b\u4f3c\u95ee\u9898\u7684\u5176\u4ed6\u4eba\u5b66\u4e60\u548c\u63d0\u4f9b\u5e2e\u52a9\u3002\u8981\u8ba2\u9605\u6216\u67e5\u770b\u5b58\u6863\uff0c\u8bf7\u8bbf\u95ee\u4e00\u822c\u7684 OpenStack \u90ae\u4ef6\u5217\u8868\u3002\u5982\u679c\u60a8\u5bf9\u7279\u5b9a\u9879\u76ee\u6216\u5f00\u53d1\u7684\u5176\u4ed6\u90ae\u4ef6\u5217\u8868\u611f\u5174\u8da3\uff0c\u8bf7\u53c2\u9605\u90ae\u4ef6\u5217\u8868\u3002 OpenStack \u53d1\u884c\u5305 \u00b6 \u4ee5\u4e0b Linux \u53d1\u884c\u7248\u4e3a OpenStack \u63d0\u4f9b\u793e\u533a\u652f\u6301\u7684\u8f6f\u4ef6\u5305\uff1a CentOS, Fedora, and Red Hat Enterprise Linux: https://www.rdoproject.org/ openSUSE and SUSE Linux Enterprise Server: https://en.opensuse.org/Portal:OpenStack Ubuntu: https://wiki.ubuntu.com/OpenStack/CloudArchive \u8bcd\u6c47\u8868 \u00b6 \u672c\u8bcd\u6c47\u8868\u63d0\u4f9b\u4e86\u4e00\u7cfb\u5217\u672f\u8bed\u548c\u5b9a\u4e49\uff0c\u7528\u4e8e\u5b9a\u4e49 OpenStack \u76f8\u5173\u6982\u5ff5\u7684\u8bcd\u6c47\u8868\u3002 \u8981\u6dfb\u52a0\u5230 OpenStack \u672f\u8bed\u8868\uff0c\u8bf7\u514b\u9686 openstack/openstack-manuals \u5b58\u50a8\u5e93\uff0c\u5e76\u901a\u8fc7 OpenStack \u8d21\u732e\u8fc7\u7a0b\u66f4\u65b0\u6e90\u6587\u4ef6 doc/common/glossary.rst \u3002 0-9 \u00b6 2023.1 Antelope OpenStack \u7b2c 27 \u7248\u7684\u4ee3\u53f7\u3002\u6b64\u7248\u672c\u662f\u57fa\u4e8e\u201c\u5e74\u201d\u4e4b\u540e\u5f62\u6210\u7684\u65b0\u7248\u672c\u6807\u8bc6\u8fc7\u7a0b\u7684\u7b2c\u4e00\u4e2a\u7248\u672c\u3002\u5e74\u5185\u91ca\u653e\u8ba1\u6570\u201c\uff0cAntelope\u662f\u4e00\u79cd\u654f\u6377\u800c\u4eb2\u5207\u7684\u52a8\u7269\uff0c\u4e5f\u662f\u4e00\u79cd\u84b8\u6c7d\u673a\u8f66\u7684\u7c7b\u578b\u3002 2023.2 Bobcat OpenStack \u7b2c 28 \u7248\u7684\u4ee3\u53f7\u3002 2024.1 Caracal OpenStack \u7b2c 29 \u7248\u7684\u4ee3\u53f7\u3002 6to4 \u4e00\u79cd\u5141\u8bb8 IPv6 \u6570\u636e\u5305\u901a\u8fc7 IPv4 \u7f51\u7edc\u4f20\u8f93\u7684\u673a\u5236\uff0c\u63d0\u4f9b\u8fc1\u79fb\u5230 IPv6 \u7684\u7b56\u7565\u3002 A \u00b6 \u7edd\u5bf9\u9650\u5236 \u5ba2\u6237\u673a\u865a\u62df\u673a\u7684\u4e0d\u53ef\u903e\u8d8a\u9650\u5236\u3002 \u8bbe\u7f6e\u5305\u62ec\u603b RAM \u5927\u5c0f\u3001\u6700\u5927 vCPU \u6570\u548c\u6700\u5927\u78c1\u76d8\u5927\u5c0f\u3002 \u8bbf\u95ee\u63a7\u5236\u5217\u8868\uff08ACL\uff09 \u9644\u52a0\u5230\u5bf9\u8c61\u7684\u6743\u9650\u5217\u8868\u3002ACL \u6307\u5b9a\u54ea\u4e9b\u7528\u6237\u6216\u7cfb\u7edf\u8fdb\u7a0b\u6709\u6743\u8bbf\u95ee\u5bf9\u8c61\u3002\u5b83\u8fd8\u5b9a\u4e49\u53ef\u4ee5\u5bf9\u6307\u5b9a\u5bf9\u8c61\u6267\u884c\u54ea\u4e9b\u64cd\u4f5c\u3002\u5178\u578b ACL \u4e2d\u7684\u6bcf\u4e2a\u6761\u76ee\u90fd\u6307\u5b9a\u4e00\u4e2a\u4e3b\u9898\u548c\u4e00\u4e2a\u64cd\u4f5c\u3002\u4f8b\u5982\uff0c\u6587\u4ef6\u7684 ACL \u6761\u76ee (Alice, delete) \u6388\u4e88 Alice \u5220\u9664\u8be5\u6587\u4ef6\u7684\u6743\u9650\u3002 \u8bbf\u95ee\u5bc6\u94a5 Amazon EC2 \u8bbf\u95ee\u5bc6\u94a5\u7684\u66ff\u4ee3\u672f\u8bed\u3002\u8bf7\u53c2\u9605 EC2 \u8bbf\u95ee\u5bc6\u94a5\u3002 \u8d26\u6237 \u5bf9\u8c61\u5b58\u50a8\u4e2d\u8d26\u6237\u7684\u4e0a\u4e0b\u6587\u3002\u4e0d\u8981\u4e0e\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u4e2d\u7684\u7528\u6237\u5e10\u6237\u6df7\u6dc6\uff0c\u4f8b\u5982 Active Directory\u3001/etc/passwd\u3001OpenLDAP\u3001OpenStack Identity \u7b49\u3002 \u8d26\u6237\u5ba1\u6838\u5458 \u901a\u8fc7\u5bf9\u540e\u7aef SQLite \u6570\u636e\u5e93\u8fd0\u884c\u67e5\u8be2\uff0c\u68c0\u67e5\u6307\u5b9a\u5bf9\u8c61\u5b58\u50a8\u5e10\u6237\u4e2d\u7f3a\u5c11\u7684\u526f\u672c\u4ee5\u53ca\u4e0d\u6b63\u786e\u6216\u635f\u574f\u7684\u5bf9\u8c61\u3002 \u8d26\u6237\u6570\u636e\u5e93 \u4e00\u4e2a SQLite \u6570\u636e\u5e93\uff0c\u5176\u4e2d\u5305\u542b\u5bf9\u8c61\u5b58\u50a8\u5e10\u6237\u548c\u76f8\u5173\u5143\u6570\u636e\uff0c\u5e76\u4e14\u5e10\u6237\u670d\u52a1\u5668\u53ef\u4ee5\u8bbf\u95ee\u8be5\u6570\u636e\u5e93\u3002 \u8d26\u6237\u56de\u6536\u5668 \u4e00\u4e2a\u5bf9\u8c61\u5b58\u50a8\u5de5\u4f5c\u7ebf\u7a0b\uff0c\u7528\u4e8e\u626b\u63cf\u548c\u5220\u9664\u5e10\u6237\u6570\u636e\u5e93\uff0c\u5e76\u4e14\u5e10\u6237\u670d\u52a1\u5668\u5df2\u6807\u8bb0\u4e3a\u5220\u9664\u3002 \u8d26\u6237\u670d\u52a1\u5668 \u5217\u51fa\u5bf9\u8c61\u5b58\u50a8\u4e2d\u7684\u5bb9\u5668\uff0c\u5e76\u5c06\u5bb9\u5668\u4fe1\u606f\u5b58\u50a8\u5728\u5e10\u6237\u6570\u636e\u5e93\u4e2d\u3002 \u8d26\u6237\u670d\u52a1 \u5bf9\u8c61\u5b58\u50a8\u7ec4\u4ef6\uff0c\u63d0\u4f9b\u5217\u8868\u3001\u521b\u5efa\u3001\u4fee\u6539\u3001\u5ba1\u8ba1\u7b49\u8d26\u53f7\u670d\u52a1\u3002\u4e0d\u8981\u4e0e OpenStack Identity \u670d\u52a1\u3001OpenLDAP \u6216\u7c7b\u4f3c\u7684\u7528\u6237\u5e10\u6237\u670d\u52a1\u6df7\u6dc6\u3002 \u4f1a\u8ba1 \u8ba1\u7b97\u670d\u52a1\u901a\u8fc7\u4e8b\u4ef6\u901a\u77e5\u548c\u7cfb\u7edf\u4f7f\u7528\u60c5\u51b5\u6570\u636e\u5de5\u5177\u63d0\u4f9b\u4f1a\u8ba1\u4fe1\u606f\u3002 \u6d3b\u52a8\u76ee\u5f55 Microsoft \u57fa\u4e8e LDAP \u7684\u8eab\u4efd\u9a8c\u8bc1\u548c\u8eab\u4efd\u670d\u52a1\u3002\u5728 OpenStack \u4e2d\u53d7\u652f\u6301\u3002 \u4e3b/\u4e3b\u914d\u7f6e \u5728\u5177\u6709\u4e3b/\u4e3b\u914d\u7f6e\u7684\u9ad8\u53ef\u7528\u6027\u8bbe\u7f6e\u4e2d\uff0c\u591a\u4e2a\u7cfb\u7edf\u4e00\u8d77\u5206\u62c5\u8d1f\u8f7d\uff0c\u5982\u679c\u5176\u4e2d\u4e00\u4e2a\u7cfb\u7edf\u53d1\u751f\u6545\u969c\uff0c\u5219\u8d1f\u8f7d\u5c06\u5206\u914d\u7ed9\u5176\u4f59\u7cfb\u7edf\u3002 \u4e3b/\u5907\u914d\u7f6e \u5728\u5177\u6709\u4e3b/\u5907\u914d\u7f6e\u7684\u9ad8\u53ef\u7528\u6027\u8bbe\u7f6e\u4e2d\uff0c\u7cfb\u7edf\u8bbe\u7f6e\u4e3a\u4f7f\u5176\u4ed6\u8d44\u6e90\u8054\u673a\u4ee5\u66ff\u6362\u90a3\u4e9b\u51fa\u73b0\u6545\u969c\u7684\u8d44\u6e90\u3002 \u5730\u5740\u6c60 \u5206\u914d\u7ed9\u9879\u76ee\u7684\u4e00\u7ec4\u56fa\u5b9a\u548c/\u6216\u6d6e\u52a8 IP \u5730\u5740\uff0c\u53ef\u7531\u9879\u76ee\u4e2d\u7684 VM \u5b9e\u4f8b\u4f7f\u7528\u6216\u5206\u914d\u7ed9\u9879\u76ee\u3002 \u5730\u5740\u89e3\u6790\u534f\u8bae \uff08ARP\uff09 \u5c06\u4e09\u5c42IP\u5730\u5740\u89e3\u6790\u4e3a\u4e8c\u5c42\u94fe\u8def\u672c\u5730\u5730\u5740\u7684\u534f\u8bae\u3002 \u7ba1\u7406\u5458 API \u6388\u6743\u7ba1\u7406\u5458\u53ef\u8bbf\u95ee\u7684 API \u8c03\u7528\u5b50\u96c6\uff0c\u6700\u7ec8\u7528\u6237\u6216\u516c\u5171 Internet \u901a\u5e38\u65e0\u6cd5\u8bbf\u95ee\u8fd9\u4e9b\u8c03\u7528\u3002\u5b83\u4eec\u53ef\u4ee5\u4f5c\u4e3a\u5355\u72ec\u7684\u670d\u52a1 \uff08keystone\uff09 \u5b58\u5728\uff0c\u4e5f\u53ef\u4ee5\u662f\u53e6\u4e00\u4e2a API \uff08nova\uff09 \u7684\u5b50\u96c6\u3002 \u7ba1\u7406\u5458\u670d\u52a1\u5668 \u5728 Identity \u670d\u52a1\u7684\u4e0a\u4e0b\u6587\u4e2d\uff0c\u63d0\u4f9b\u5bf9\u7ba1\u7406 API \u7684\u8bbf\u95ee\u7684\u5de5\u4f5c\u8fdb\u7a0b\u3002 \u7ba1\u7406\u5458 \u8d1f\u8d23\u5b89\u88c5\u3001\u914d\u7f6e\u548c\u7ba1\u7406 OpenStack \u4e91\u7684\u4eba\u5458\u3002 \u9ad8\u7ea7\u6d88\u606f\u961f\u5217\u534f\u8bae \uff08AMQP\uff09 OpenStack \u7ec4\u4ef6\u7528\u4e8e\u670d\u52a1\u5185\u90e8\u901a\u4fe1\u7684\u5f00\u653e\u6807\u51c6\u6d88\u606f\u4f20\u9012\u534f\u8bae\uff0c\u7531 RabbitMQ\u3001Qpid \u6216 ZeroMQ \u63d0\u4f9b\u3002 \u9ad8\u7ea7 RISC \u673a\u5668 \uff08ARM\uff09 \u4f4e\u529f\u8017 CPU \u5e38\u89c1\u4e8e\u79fb\u52a8\u548c\u5d4c\u5165\u5f0f\u8bbe\u5907\u4e2d\u3002\u7531 OpenStack \u652f\u6301\u3002 \u8b66\u62a5 \u8ba1\u7b97\u670d\u52a1\u53ef\u4ee5\u901a\u8fc7\u5176\u901a\u77e5\u7cfb\u7edf\u53d1\u9001\u8b66\u62a5\uff0c\u8be5\u7cfb\u7edf\u5305\u62ec\u7528\u4e8e\u521b\u5efa\u81ea\u5b9a\u4e49\u901a\u77e5\u9a71\u52a8\u7a0b\u5e8f\u7684\u5de5\u5177\u3002\u8b66\u62a5\u53ef\u4ee5\u53d1\u9001\u5230\u5e76\u5728\u4eea\u8868\u677f\u4e0a\u663e\u793a\u3002 \u5206\u914d \u4ece\u5730\u5740\u6c60\u4e2d\u83b7\u53d6\u6d6e\u52a8 IP \u5730\u5740\uff0c\u4ee5\u4fbf\u5c06\u5176\u4e0e\u6765\u5bbe VM \u5b9e\u4f8b\u4e0a\u7684\u56fa\u5b9a IP \u76f8\u5173\u8054\u7684\u8fc7\u7a0b\u3002 Amazon \u5185\u6838\u6620\u50cf \uff08AKI\uff09 VM \u5bb9\u5668\u683c\u5f0f\u548c\u78c1\u76d8\u683c\u5f0f\u3002\u53d7Image\u670d\u52a1\u652f\u6301\u3002 Amazon \u7cfb\u7edf\u6620\u50cf \uff08AMI\uff09 VM \u5bb9\u5668\u683c\u5f0f\u548c\u78c1\u76d8\u683c\u5f0f\u3002\u53d7Image\u670d\u52a1\u652f\u6301\u3002 Amazon Ramdisk \u6620\u50cf \uff08ARI\uff09 VM \u5bb9\u5668\u683c\u5f0f\u548c\u78c1\u76d8\u683c\u5f0f\u3002\u53d7Image\u670d\u52a1\u652f\u6301\u3002 Anvil \u5c06\u540d\u4e3a DevStack \u7684\u57fa\u4e8e shell \u811a\u672c\u7684\u9879\u76ee\u79fb\u690d\u5230 Python \u7684\u9879\u76ee\u3002 AODH OpenStack \u9065\u6d4b\u670d\u52a1\u7684\u4e00\u90e8\u5206;\u63d0\u4f9b\u62a5\u8b66\u529f\u80fd\u3002 Apache Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\u652f\u6301 Apache \u5f00\u6e90\u8f6f\u4ef6\u9879\u76ee\u7684 Apache \u793e\u533a\u3002\u8fd9\u4e9b\u9879\u76ee\u4e3a\u516c\u5171\u5229\u76ca\u63d0\u4f9b\u8f6f\u4ef6\u4ea7\u54c1\u3002 Apache \u8bb8\u53ef\u8bc1 2.0 \u6240\u6709 OpenStack \u6838\u5fc3\u9879\u76ee\u90fd\u662f\u6839\u636e Apache License 2.0 \u8bb8\u53ef\u8bc1\u7684\u6761\u6b3e\u63d0\u4f9b\u7684\u3002 Apache Web \u670d\u52a1\u5668 \u76ee\u524d\u5728 Internet \u4e0a\u4f7f\u7528\u7684\u6700\u5e38\u7528\u7684 Web \u670d\u52a1\u5668\u8f6f\u4ef6\u3002 API \u7aef\u70b9 \u5ba2\u6237\u7aef\u4e3a\u8bbf\u95ee API \u800c\u4e0e\u4e4b\u901a\u4fe1\u7684\u5b88\u62a4\u7a0b\u5e8f\u3001\u5de5\u4f5c\u7a0b\u5e8f\u6216\u670d\u52a1\u3002API \u7ec8\u7ed3\u70b9\u53ef\u4ee5\u63d0\u4f9b\u4efb\u610f\u6570\u91cf\u7684\u670d\u52a1\uff0c\u4f8b\u5982\u8eab\u4efd\u9a8c\u8bc1\u3001\u9500\u552e\u6570\u636e\u3001\u6027\u80fd\u6307\u6807\u3001\u8ba1\u7b97 VM \u547d\u4ee4\u3001\u4eba\u53e3\u666e\u67e5\u6570\u636e\u7b49\u3002 API \u6269\u5c55 \u6269\u5c55\u67d0\u4e9b OpenStack \u6838\u5fc3 API \u7684\u81ea\u5b9a\u4e49\u6a21\u5757\u3002 API \u6269\u5c55\u63d2\u4ef6 \u7f51\u7edc\u63d2\u4ef6\u6216\u7f51\u7edc API \u6269\u5c55\u7684\u66ff\u4ee3\u672f\u8bed\u3002 API \u5bc6\u94a5 API \u4ee4\u724c\u7684\u66ff\u4ee3\u672f\u8bed\u3002 API \u670d\u52a1\u5668 \u8fd0\u884c\u63d0\u4f9b API \u7aef\u70b9\u7684\u5b88\u62a4\u7a0b\u5e8f\u6216\u5de5\u4f5c\u7ebf\u7a0b\u7684\u4efb\u4f55\u8282\u70b9\u3002 API \u4ee4\u724c \u4f20\u9012\u7ed9 API \u8bf7\u6c42\u5e76\u7531 OpenStack \u7528\u4e8e\u9a8c\u8bc1\u5ba2\u6237\u7aef\u662f\u5426\u6709\u6743\u8fd0\u884c\u8bf7\u6c42\u7684\u64cd\u4f5c\u3002 API \u7248\u672c \u5728 OpenStack \u4e2d\uff0c\u9879\u76ee\u7684 API \u7248\u672c\u662f URL \u7684\u4e00\u90e8\u5206\u3002\u4f8b\u5982\uff0c example.com/nova/v1/foobar . \u5c0f\u5e94\u7528\u7a0b\u5e8f \u53ef\u4ee5\u5d4c\u5165\u5230\u7f51\u9875\u4e2d\u7684 Java \u7a0b\u5e8f\u3002 \u5e94\u7528\u7a0b\u5e8f\u76ee\u5f55\u670d\u52a1\uff08murano\uff09 \u63d0\u4f9b\u5e94\u7528\u7a0b\u5e8f\u76ee\u5f55\u670d\u52a1\u7684\u9879\u76ee\uff0c\u4ee5\u4fbf\u7528\u6237\u53ef\u4ee5\u5728\u7ba1\u7406\u5e94\u7528\u7a0b\u5e8f\u751f\u547d\u5468\u671f\u7684\u540c\u65f6\uff0c\u5728\u5e94\u7528\u7a0b\u5e8f\u62bd\u8c61\u7ea7\u522b\u4e0a\u7f16\u5199\u548c\u90e8\u7f72\u590d\u5408\u73af\u5883\u3002 \u5e94\u7528\u7a0b\u5e8f\u7f16\u7a0b\u63a5\u53e3\uff08API\uff09 \u7528\u4e8e\u8bbf\u95ee\u670d\u52a1\u3001\u5e94\u7528\u7a0b\u5e8f\u6216\u7a0b\u5e8f\u7684\u89c4\u8303\u96c6\u5408\u3002\u5305\u62ec\u670d\u52a1\u8c03\u7528\u3001\u6bcf\u4e2a\u8c03\u7528\u7684\u5fc5\u9700\u53c2\u6570\u4ee5\u53ca\u9884\u671f\u7684\u8fd4\u56de\u503c\u3002 \u5e94\u7528\u670d\u52a1\u5668 \u4e00\u79cd\u8f6f\u4ef6\uff0c\u5b83\u4f7f\u53e6\u4e00\u79cd\u8f6f\u4ef6\u5728\u7f51\u7edc\u4e0a\u53ef\u7528\u3002 \u5e94\u7528\u670d\u52a1\u63d0\u4f9b\u8005\u5546\uff08ASP\uff09 \u79df\u7528\u4e13\u7528\u5e94\u7528\u7a0b\u5e8f\u7684\u516c\u53f8\uff0c\u8fd9\u4e9b\u5e94\u7528\u7a0b\u5e8f\u53ef\u5e2e\u52a9\u4f01\u4e1a\u548c\u7ec4\u7ec7\u4ee5\u66f4\u4f4e\u7684\u6210\u672c\u63d0\u4f9b\u9644\u52a0\u670d\u52a1\u3002 \u53ef\u5206\u914d \u7528\u4e8e\u7ef4\u62a4 Linux \u5185\u6838\u9632\u706b\u5899\u6a21\u5757\u4e2d\u7684\u5730\u5740\u89e3\u6790\u534f\u8bae\u6570\u636e\u5305\u8fc7\u6ee4\u89c4\u5219\u7684\u5de5\u5177\u3002\u5728\u8ba1\u7b97\u4e2d\u4e0e iptables\u3001ebtables \u548c ip6tables \u4e00\u8d77\u4f7f\u7528\uff0c\u4e3a VM \u63d0\u4f9b\u9632\u706b\u5899\u670d\u52a1\u3002 \u5173\u8054 \u5c06\u8ba1\u7b97\u6d6e\u52a8 IP \u5730\u5740\u4e0e\u56fa\u5b9a IP \u5730\u5740\u5173\u8054\u7684\u8fc7\u7a0b\u3002 \u5f02\u6b65 JavaScript \u548c XML \uff08AJAX\uff09 \u4e00\u7ec4\u76f8\u4e92\u5173\u8054\u7684 Web \u5f00\u53d1\u6280\u672f\uff0c\u7528\u4e8e\u5728\u5ba2\u6237\u7aef\u521b\u5efa\u5f02\u6b65 Web \u5e94\u7528\u7a0b\u5e8f\u3002\u5728\u5730\u5e73\u7ebf\u4e2d\u5e7f\u6cdb\u4f7f\u7528\u3002 \u4ee5\u592a\u7f51 ATA \uff08AoE\uff09 \u5728\u4ee5\u592a\u7f51\u4e2d\u5efa\u7acb\u96a7\u9053\u7684\u78c1\u76d8\u5b58\u50a8\u534f\u8bae\u3002 \u9644\u52a0 \u5728\u7f51\u7edc\u4e2d\u5c06 VIF \u6216 vNIC \u8fde\u63a5\u5230 L2 \u7f51\u7edc\u7684\u8fc7\u7a0b\u3002\u5728\u8ba1\u7b97\u4e0a\u4e0b\u6587\u4e2d\uff0c\u6b64\u8fc7\u7a0b\u5c06\u5b58\u50a8\u5377\u8fde\u63a5\u5230\u5b9e\u4f8b\u3002 \u9644\u4ef6\uff08\u7f51\u7edc\uff09 \u63a5\u53e3 ID \u4e0e\u903b\u8f91\u7aef\u53e3\u7684\u5173\u8054\u3002\u5c06\u63a5\u53e3\u63d2\u5165\u7aef\u53e3\u3002 \u5ba1\u8ba1 \u901a\u8fc7\u7cfb\u7edf\u4f7f\u7528\u60c5\u51b5\u6570\u636e\u5de5\u5177\u5728\u8ba1\u7b97\u4e2d\u63d0\u4f9b\u3002 \u5ba1\u8ba1\u5458 \u9a8c\u8bc1\u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61\u3001\u5bb9\u5668\u548c\u5e10\u6237\u5b8c\u6574\u6027\u7684\u5de5\u4f5c\u8fdb\u7a0b\u3002\u5ba1\u6838\u5458\u662f\u5bf9\u8c61\u5b58\u50a8\u5e10\u6237\u5ba1\u8ba1\u5458\u3001\u5bb9\u5668\u5ba1\u8ba1\u5458\u548c\u5bf9\u8c61\u5ba1\u8ba1\u5458\u7684\u7edf\u79f0\u3002 Austin OpenStack \u521d\u59cb\u7248\u672c\u7684\u4ee3\u53f7\u3002\u9996\u5c4a\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u7f8e\u56fd\u5fb7\u514b\u8428\u65af\u5dde\u5965\u65af\u6c40\u4e3e\u884c\u3002 auth \u8282\u70b9 \u5bf9\u8c61\u5b58\u50a8\u6388\u6743\u8282\u70b9\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u8eab\u4efd\u9a8c\u8bc1 \u901a\u8fc7\u79c1\u94a5\u3001\u79d8\u5bc6\u4ee4\u724c\u3001\u5bc6\u7801\u3001\u6307\u7eb9\u6216\u7c7b\u4f3c\u65b9\u6cd5\u786e\u8ba4\u7528\u6237\u3001\u8fdb\u7a0b\u6216\u5ba2\u6237\u7aef\u786e\u5b9e\u662f\u4ed6\u4eec\u6240\u8bf4\u7684\u4eba\u7684\u8fc7\u7a0b\u3002 \u8eab\u4efd\u9a8c\u8bc1\u4ee4\u724c \u8eab\u4efd\u9a8c\u8bc1\u540e\u63d0\u4f9b\u7ed9\u5ba2\u6237\u7aef\u7684\u6587\u672c\u5b57\u7b26\u4e32\u3002\u5fc5\u987b\u7531\u7528\u6237\u6216\u8fdb\u7a0b\u5728\u5bf9 API \u7aef\u70b9\u7684\u540e\u7eed\u8bf7\u6c42\u4e2d\u63d0\u4f9b\u3002 AuthN \u63d0\u4f9b\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u7684\u6807\u8bc6\u670d\u52a1\u7ec4\u4ef6\u3002 \u6388\u6743 \u9a8c\u8bc1\u7528\u6237\u3001\u8fdb\u7a0b\u6216\u5ba2\u6237\u7aef\u662f\u5426\u6709\u6743\u6267\u884c\u64cd\u4f5c\u7684\u884c\u4e3a\u3002 \u6388\u6743\u8282\u70b9 \u63d0\u4f9b\u6388\u6743\u670d\u52a1\u7684\u5bf9\u8c61\u5b58\u50a8\u8282\u70b9\u3002 AuthZ \u63d0\u4f9b\u9ad8\u7ea7\u6388\u6743\u670d\u52a1\u7684\u8eab\u4efd\u7ec4\u4ef6\u3002 \u81ea\u52a8\u786e\u8ba4 RabbitMQ \u4e2d\u7684\u914d\u7f6e\u8bbe\u7f6e\uff0c\u7528\u4e8e\u542f\u7528\u6216\u7981\u7528\u6d88\u606f\u786e\u8ba4\u3002\u9ed8\u8ba4\u542f\u7528\u3002 \u81ea\u52a8\u58f0\u660e \u4e00\u4e2a Compute RabbitMQ \u8bbe\u7f6e\uff0c\u7528\u4e8e\u786e\u5b9a\u5728\u7a0b\u5e8f\u542f\u52a8\u65f6\u662f\u5426\u81ea\u52a8\u521b\u5efa\u6d88\u606f\u4ea4\u6362\u3002 \u53ef\u7528\u533a \u7528\u4e8e\u5bb9\u9519\u7684\u9694\u79bb\u533a\u57df\u7684 Amazon EC2 \u6982\u5ff5\u3002\u4e0d\u8981\u4e0e OpenStack Compute \u533a\u57df\u6216\u5355\u5143\u6df7\u6dc6\u3002 AWS CloudFormation \u6a21\u677f AWS CloudFormation \u5141\u8bb8 Amazon Web Services \uff08AWS\uff09 \u7528\u6237\u521b\u5efa\u548c\u7ba1\u7406\u76f8\u5173\u8d44\u6e90\u7684\u96c6\u5408\u3002\u7f16\u6392\u670d\u52a1\u652f\u6301\u4e0e CloudFormation \u517c\u5bb9\u7684\u683c\u5f0f \uff08CFN\uff09\u3002 B \u00b6 \u540e\u7aef \u5bf9\u7528\u6237\u8fdb\u884c\u6a21\u7cca\u5904\u7406\u7684\u4ea4\u4e92\u548c\u8fdb\u7a0b\uff0c\u4f8b\u5982\u8ba1\u7b97\u5377\u6302\u8f7d\u3001\u5b88\u62a4\u7a0b\u5e8f\u5411 iSCSI \u76ee\u6807\u4f20\u8f93\u6570\u636e\u6216\u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61\u5b8c\u6574\u6027\u68c0\u67e5\u3002 \u540e\u7aef\u76ee\u5f55 \u8eab\u4efd\u670d\u52a1\u76ee\u5f55\u670d\u52a1\u7528\u4e8e\u5b58\u50a8\u548c\u68c0\u7d22\u6709\u5173\u5ba2\u6237\u7aef\u53ef\u7528\u7684 API \u7aef\u70b9\u7684\u4fe1\u606f\u7684\u5b58\u50a8\u65b9\u6cd5\u3002\u793a\u4f8b\u5305\u62ec SQL \u6570\u636e\u5e93\u3001LDAP \u6570\u636e\u5e93\u6216 KVS \u540e\u7aef\u3002 \u540e\u7aef\u5b58\u50a8 \u7528\u4e8e\u4fdd\u5b58\u548c\u68c0\u7d22\u670d\u52a1\u4fe1\u606f\u7684\u6301\u4e45\u6027\u6570\u636e\u5b58\u50a8\uff0c\u4f8b\u5982\u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61\u5217\u8868\u3001\u5ba2\u6237\u673a\u865a\u62df\u673a\u7684\u5f53\u524d\u72b6\u6001\u3001\u7528\u6237\u540d\u5217\u8868\u7b49\u3002\u6b64\u5916\uff0c\u6620\u50cf\u670d\u52a1\u7528\u4e8e\u83b7\u53d6\u548c\u5b58\u50a8 VM \u6620\u50cf\u7684\u65b9\u6cd5\u3002\u9009\u9879\u5305\u62ec\u5bf9\u8c61\u5b58\u50a8\u3001\u672c\u5730\u6302\u8f7d\u7684\u6587\u4ef6\u7cfb\u7edf\u3001RADOS \u5757\u8bbe\u5907\u3001VMware \u6570\u636e\u5b58\u50a8\u548c HTTP\u3002 \u5907\u4efd\u3001\u6062\u590d\u548c\u707e\u96be\u6062\u590d\u670d\u52a1\uff08freezer\uff09 \u63d0\u4f9b\u7528\u4e8e\u5907\u4efd\u3001\u8fd8\u539f\u548c\u6062\u590d\u6587\u4ef6\u7cfb\u7edf\u3001\u5b9e\u4f8b\u6216\u6570\u636e\u5e93\u5907\u4efd\u7684\u96c6\u6210\u5de5\u5177\u7684\u9879\u76ee\u3002 \u5e26\u5bbd \u901a\u4fe1\u8d44\u6e90\uff08\u5982 Internet\uff09\u4f7f\u7528\u7684\u53ef\u7528\u6570\u636e\u91cf\u3002\u8868\u793a\u7528\u4e8e\u4e0b\u8f7d\u5185\u5bb9\u7684\u6570\u636e\u91cf\u6216\u53ef\u4f9b\u4e0b\u8f7d\u7684\u6570\u636e\u91cf\u3002 barbican Key Manager \u670d\u52a1\u7684\u4ee3\u53f7\u3002 \u88f8\u673a \u6620\u50cf\u670d\u52a1\u5bb9\u5668\u683c\u5f0f\uff0c\u6307\u793a VM \u6620\u50cf\u4e0d\u5b58\u5728\u5bb9\u5668\u3002 \u88f8\u673a\u670d\u52a1\uff08ironic\uff09 OpenStack \u670d\u52a1\uff0c\u5b83\u63d0\u4f9b\u670d\u52a1\u548c\u5173\u8054\u7684\u5e93\uff0c\u80fd\u591f\u4ee5\u5b89\u5168\u611f\u77e5\u548c\u5bb9\u9519\u7684\u65b9\u5f0f\u7ba1\u7406\u548c\u914d\u7f6e\u7269\u7406\u673a\u3002 \u57fa\u7840\u6620\u50cf OpenStack \u63d0\u4f9b\u7684\u6620\u50cf\u3002 Bell-LaPadula \u6a21\u578b \u4e00\u79cd\u5b89\u5168\u6a21\u578b\uff0c\u4fa7\u91cd\u4e8e\u6570\u636e\u673a\u5bc6\u6027\u548c\u5bf9\u673a\u5bc6\u4fe1\u606f\u7684\u53d7\u63a7\u8bbf\u95ee\u3002\u8be5\u6a21\u578b\u5c06\u5b9e\u4f53\u5206\u4e3a\u4e3b\u4f53\u548c\u5ba2\u4f53\u3002\u5c06\u4e3b\u4f53\u7684\u8bb8\u53ef\u4e0e\u4e3b\u4f53\u7684\u5206\u7c7b\u8fdb\u884c\u6bd4\u8f83\uff0c\u4ee5\u786e\u5b9a\u4e3b\u4f53\u662f\u5426\u88ab\u6388\u6743\u7528\u4e8e\u7279\u5b9a\u7684\u8bbf\u95ee\u6a21\u5f0f\u3002\u95f4\u9699\u6216\u5206\u7c7b\u65b9\u6848\u7528\u6676\u683c\u8868\u793a\u3002 \u57fa\u51c6\u670d\u52a1\uff08\u53cd\u5f39\uff09 OpenStack\u9879\u76ee\uff0c\u4e3a\u5355\u4e2aOpenStack\u7ec4\u4ef6\u7684\u6027\u80fd\u5206\u6790\u548c\u57fa\u51c6\u6d4b\u8bd5\u4ee5\u53ca\u5b8c\u6574\u7684\u751f\u4ea7OpenStack\u4e91\u90e8\u7f72\u63d0\u4f9b\u4e86\u4e00\u4e2a\u6846\u67b6\u3002 Bexar 2011 \u5e74 2 \u6708\u53d1\u5e03\u7684\u4e0e OpenStack \u76f8\u5173\u7684\u9879\u76ee\u7684\u5206\u7ec4\u7248\u672c\u3002\u5b83\u4ec5\u5305\u62ec\u8ba1\u7b97 \uff08nova\uff09 \u548c\u5bf9\u8c61\u5b58\u50a8 \uff08swift\uff09\u3002Bexar \u662f OpenStack \u7b2c\u4e8c\u4e2a\u7248\u672c\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u7f8e\u56fd\u5fb7\u514b\u8428\u65af\u5dde\u5723\u5b89\u4e1c\u5c3c\u5965\u4e3e\u884c\uff0c\u8fd9\u91cc\u662f\u8d1d\u514b\u8428\u5c14\u53bf\u7684\u53bf\u57ce\u3002 \u4e8c\u8fdb\u5236 \u4ec5\u7531 1 \u548c 0 \u7ec4\u6210\u7684\u4fe1\u606f\uff0c\u8fd9\u662f\u8ba1\u7b97\u673a\u7684\u8bed\u8a00\u3002 \u4f4d \u4f4d\u662f\u4ee5 2 \u4e3a\u57fa\u6570\u7684\u4e2a\u4f4d\u6570\uff080 \u6216 1\uff09\u3002\u5e26\u5bbd\u4f7f\u7528\u91cf\u4ee5\u6bcf\u79d2\u4f4d\u6570\u4e3a\u5355\u4f4d\u3002 \u6bcf\u79d2\u6bd4\u7279\u6570 \uff08BPS\uff09 \u901a\u7528\u6d4b\u91cf\u6570\u636e\u4ece\u4e00\u4e2a\u5730\u65b9\u4f20\u8f93\u5230\u53e6\u4e00\u4e2a\u5730\u65b9\u7684\u901f\u5ea6\u3002 \u5757\u8bbe\u5907 \u4e00\u79cd\u4ee5\u5757\u7684\u5f62\u5f0f\u79fb\u52a8\u6570\u636e\u7684\u8bbe\u5907\u3002\u8fd9\u4e9b\u8bbe\u5907\u8282\u70b9\u8fde\u63a5\u8bbe\u5907\uff0c\u4f8b\u5982\u786c\u76d8\u3001CD-ROM \u9a71\u52a8\u5668\u3001\u95ea\u5b58\u9a71\u52a8\u5668\u548c\u5176\u4ed6\u53ef\u5bfb\u5740\u5185\u5b58\u533a\u57df\u3002 \u533a\u5757\u8fc1\u79fb KVM \u4f7f\u7528\u7684\u4e00\u79cd\u865a\u62df\u673a\u5b9e\u65f6\u8fc1\u79fb\u65b9\u6cd5\uff0c\u7528\u4e8e\u5728\u7528\u6237\u542f\u52a8\u7684\u5207\u6362\u671f\u95f4\u5c06\u5b9e\u4f8b\u4ece\u4e00\u53f0\u4e3b\u673a\u64a4\u79bb\u5230\u53e6\u4e00\u53f0\u4e3b\u673a\uff0c\u505c\u673a\u65f6\u95f4\u975e\u5e38\u77ed\u3002\u4e0d\u9700\u8981\u5171\u4eab\u5b58\u50a8\u3002\u7531\u8ba1\u7b97\u652f\u6301\u3002 \u5757\u5b58\u50a8 API \u5355\u72ec\u7ec8\u7ed3\u70b9\u4e0a\u7684 API\uff0c\u7528\u4e8e\u4e3a\u8ba1\u7b97 VM \u9644\u52a0\u3001\u5206\u79bb\u548c\u521b\u5efa\u5757\u5b58\u50a8\u3002 \u5757\u5b58\u50a8\u670d\u52a1\uff08cinder\uff09 OpenStack \u670d\u52a1\uff0c\u5b83\u5b9e\u73b0\u4e86\u670d\u52a1\u548c\u5e93\uff0c\u901a\u8fc7\u5728\u5176\u4ed6\u5757\u5b58\u50a8\u8bbe\u5907\u4e4b\u4e0a\u7684\u62bd\u8c61\u548c\u81ea\u52a8\u5316\uff0c\u63d0\u4f9b\u5bf9\u5757\u5b58\u50a8\u8d44\u6e90\u7684\u6309\u9700\u81ea\u52a9\u8bbf\u95ee\u3002 BMC\uff08\u57fa\u677f\u7ba1\u7406\u63a7\u5236\u5668\uff09 IPMI\u67b6\u6784\u4e2d\u7684\u667a\u80fd\uff0c\u5b83\u662f\u4e00\u79cd\u4e13\u7528\u7684\u5fae\u63a7\u5236\u5668\uff0c\u5d4c\u5165\u5728\u8ba1\u7b97\u673a\u4e3b\u677f\u4e0a\u5e76\u5145\u5f53\u670d\u52a1\u5668\u3002\u7ba1\u7406\u7cfb\u7edf\u7ba1\u7406\u8f6f\u4ef6\u548c\u5e73\u53f0\u786c\u4ef6\u4e4b\u95f4\u7684\u63a5\u53e3\u3002 \u53ef\u542f\u52a8\u78c1\u76d8\u6620\u50cf \u4e00\u79cd VM \u6620\u50cf\u7c7b\u578b\uff0c\u4ee5\u5355\u4e2a\u53ef\u542f\u52a8\u6587\u4ef6\u7684\u5f62\u5f0f\u5b58\u5728\u3002 Bootstrap \u534f\u8bae \uff08BOOTP\uff09 \u7f51\u7edc\u5ba2\u6237\u7aef\u7528\u4e8e\u4ece\u914d\u7f6e\u670d\u52a1\u5668\u83b7\u53d6 IP \u5730\u5740\u7684\u7f51\u7edc\u534f\u8bae\u3002\u5728\u4f7f\u7528 FlatDHCP \u7ba1\u7406\u5668\u6216 VLAN \u7ba1\u7406\u5668\u7f51\u7edc\u7ba1\u7406\u5668\u65f6\uff0c\u901a\u8fc7 dnsmasq \u5b88\u62a4\u7a0b\u5e8f\u8fdb\u884c\u8ba1\u7b97\u4e2d\u63d0\u4f9b\u3002 \u8fb9\u754c\u7f51\u5173\u534f\u8bae \uff08BGP\uff09 \u8fb9\u754c\u7f51\u5173\u534f\u8bae\u662f\u4e00\u79cd\u8fde\u63a5\u81ea\u6cbb\u7cfb\u7edf\u7684\u52a8\u6001\u8def\u7531\u534f\u8bae\u3002\u8be5\u534f\u8bae\u88ab\u8ba4\u4e3a\u662f\u4e92\u8054\u7f51\u7684\u9aa8\u5e72\uff0c\u5c06\u4e0d\u540c\u7684\u7f51\u7edc\u8fde\u63a5\u8d77\u6765\uff0c\u5f62\u6210\u4e00\u4e2a\u66f4\u5927\u7684\u7f51\u7edc\u3002 \u6d4f\u89c8\u5668 \u4f7f\u8ba1\u7b97\u673a\u6216\u8bbe\u5907\u80fd\u591f\u8bbf\u95ee Internet \u7684\u4efb\u4f55\u5ba2\u6237\u7aef\u8f6f\u4ef6\u3002 \u6784\u5efa\u5668\u6587\u4ef6 \u5305\u542b\u5bf9\u8c61\u5b58\u50a8\u7528\u4e8e\u91cd\u65b0\u914d\u7f6e\u73af\u6216\u5728\u53d1\u751f\u4e25\u91cd\u6545\u969c\u540e\u4ece\u5934\u5f00\u59cb\u91cd\u65b0\u521b\u5efa\u73af\u7684\u914d\u7f6e\u4fe1\u606f\u3002 \u6269\u5c55 \u5728\u4e3b\u73af\u5883\u8d44\u6e90\u53d7\u9650\u65f6\uff0c\u5229\u7528\u8f85\u52a9\u73af\u5883\u6309\u9700\u5f39\u6027\u6784\u5efa\u5b9e\u4f8b\u7684\u505a\u6cd5\u3002 \u6309\u94ae\u7c7b \u5730\u5e73\u7ebf\u4e2d\u7684\u4e00\u7ec4\u76f8\u5173\u6309\u94ae\u7c7b\u578b\u3002\u7528\u4e8e\u542f\u52a8\u3001\u505c\u6b62\u548c\u6302\u8d77 VM \u7684\u6309\u94ae\u4f4d\u4e8e\u4e00\u4e2a\u7c7b\u4e2d\u3002\u7528\u4e8e\u5173\u8054\u548c\u53d6\u6d88\u5173\u8054\u6d6e\u52a8 IP \u5730\u5740\u7684\u6309\u94ae\u4f4d\u4e8e\u53e6\u4e00\u4e2a\u7c7b\u4e2d\uff0c\u4f9d\u6b64\u7c7b\u63a8\u3002 \u5b57\u8282 \u6784\u6210\u5355\u4e2a\u5b57\u7b26\u7684\u4f4d\u96c6;\u4e00\u4e2a\u5b57\u8282\u901a\u5e38\u6709 8 \u4f4d\u3002 C \u00b6 \u7f13\u5b58\u4fee\u526a\u5668 \u5c06\u6620\u50cf\u670d\u52a1\u865a\u62df\u673a\u6620\u50cf\u7f13\u5b58\u4fdd\u6301\u5728\u6216\u4f4e\u4e8e\u5176\u914d\u7f6e\u7684\u6700\u5927\u5927\u5c0f\u7684\u7a0b\u5e8f\u3002 Cactus 2011 \u5e74\u6625\u5b63\u53d1\u5e03\u7684 OpenStack \u9879\u76ee\u5206\u7ec4\u7248\u672c\u3002\u5b83\u5305\u62ec\u8ba1\u7b97 \uff08nova\uff09\u3001\u5bf9\u8c61\u5b58\u50a8 \uff08swift\uff09 \u548c\u56fe\u50cf\u670d\u52a1 \uff08glance\uff09\u3002Cactus \u662f\u7f8e\u56fd\u5fb7\u514b\u8428\u65af\u5dde\u7684\u4e00\u4e2a\u57ce\u5e02\uff0c\u662f OpenStack \u7b2c\u4e09\u4e2a\u7248\u672c\u7684\u4ee3\u53f7\u3002\u5f53OpenStack\u7248\u672c\u4ece3\u4e2a\u6708\u5ef6\u957f\u52306\u4e2a\u6708\u65f6\uff0c\u8be5\u7248\u672c\u7684\u4ee3\u53f7\u53d1\u751f\u4e86\u53d8\u5316\uff0c\u4ee5\u5339\u914d\u6700\u63a5\u8fd1\u4e0a\u4e00\u6b21\u5cf0\u4f1a\u7684\u5730\u7406\u4f4d\u7f6e\u3002 \u8c03\u7528 OpenStack \u6d88\u606f\u961f\u5217\u8f6f\u4ef6\u4f7f\u7528\u7684 RPC \u539f\u8bed\u4e4b\u4e00\u3002\u53d1\u9001\u6d88\u606f\u5e76\u7b49\u5f85\u54cd\u5e94\u3002 \u80fd\u529b \u5b9a\u4e49\u5355\u5143\u7684\u8d44\u6e90\uff0c\u5305\u62ec CPU\u3001\u5b58\u50a8\u548c\u7f51\u7edc\u3002\u53ef\u4ee5\u5e94\u7528\u4e8e\u4e00\u4e2a\u5355\u5143\u6216\u6574\u4e2a\u5355\u5143\u5185\u7684\u7279\u5b9a\u670d\u52a1\u3002 \u5bb9\u91cf\u7f13\u5b58 \u8ba1\u7b97\u540e\u7aef\u6570\u636e\u5e93\u8868\uff0c\u5176\u4e2d\u5305\u542b\u5f53\u524d\u5de5\u4f5c\u8d1f\u8f7d\u3001\u53ef\u7528 RAM \u91cf\u4ee5\u53ca\u6bcf\u4e2a\u4e3b\u673a\u4e0a\u8fd0\u884c\u7684 VM \u6570\u3002\u7528\u4e8e\u786e\u5b9a VM \u5728\u54ea\u4e2a\u4e3b\u673a\u4e0a\u542f\u52a8\u3002 \u5bb9\u91cf\u66f4\u65b0\u7a0b\u5e8f \u76d1\u89c6 VM \u5b9e\u4f8b\u5e76\u6839\u636e\u9700\u8981\u66f4\u65b0\u5bb9\u91cf\u7f13\u5b58\u7684\u901a\u77e5\u9a71\u52a8\u7a0b\u5e8f\u3002 \u6295\u5c04 OpenStack \u6d88\u606f\u961f\u5217\u8f6f\u4ef6\u4f7f\u7528\u7684 RPC \u539f\u8bed\u4e4b\u4e00\u3002\u53d1\u9001\u6d88\u606f\uff0c\u4e0d\u7b49\u5f85\u54cd\u5e94\u3002 \u76ee\u5f55 \u7528\u6237\u5728\u4f7f\u7528 Identity \u670d\u52a1\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u540e\u53ef\u7528\u7684 API \u7aef\u70b9\u5217\u8868\u3002 \u76ee\u5f55\u670d\u52a1 \u4e00\u79cd\u8eab\u4efd\u670d\u52a1\uff0c\u5217\u51fa\u7528\u6237\u5728\u4f7f\u7528 Identity \u670d\u52a1\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u540e\u53ef\u7528\u7684 API \u7aef\u70b9\u3002 \u6d4b\u9ad8\u4eea OpenStack Telemetry \u670d\u52a1\u7684\u4e00\u90e8\u5206;\u6536\u96c6\u548c\u5b58\u50a8\u6765\u81ea\u5176\u4ed6 OpenStack \u670d\u52a1\u7684\u6307\u6807\u3002 \u5355\u5143\u683c \u5728\u5b50\u5173\u7cfb\u548c\u7236\u5173\u7cfb\u4e2d\u63d0\u4f9b\u8ba1\u7b97\u8d44\u6e90\u7684\u903b\u8f91\u5206\u533a\u3002\u5982\u679c\u7236\u5355\u5143\u65e0\u6cd5\u63d0\u4f9b\u8bf7\u6c42\u7684\u8d44\u6e90\uff0c\u5219\u8bf7\u6c42\u5c06\u4ece\u7236\u5355\u5143\u4f20\u9012\u5230\u5b50\u5355\u5143\u3002 \u5355\u5143\u683c\u8f6c\u53d1 \u4e00\u4e2a\u201c\u8ba1\u7b97\u201d\u9009\u9879\uff0c\u8be5\u9009\u9879\u4f7f\u7236\u5355\u5143\u80fd\u591f\u5728\u7236\u5355\u5143\u65e0\u6cd5\u63d0\u4f9b\u6240\u8bf7\u6c42\u7684\u8d44\u6e90\u65f6\u5c06\u8d44\u6e90\u8bf7\u6c42\u4f20\u9012\u7ed9\u5b50\u5355\u5143\u3002 \u5355\u5143\u683c\u7ba1\u7406\u5668 \u8ba1\u7b97\u7ec4\u4ef6\uff0c\u5176\u4e2d\u5305\u542b\u5355\u5143\u4e2d\u6bcf\u4e2a\u4e3b\u673a\u7684\u5f53\u524d\u529f\u80fd\u5217\u8868\uff0c\u5e76\u6839\u636e\u9700\u8981\u8def\u7531\u8bf7\u6c42\u3002 CentOS \u64cd\u4f5c\u7cfb\u7edf \u4e0e OpenStack \u517c\u5bb9\u7684 Linux \u53d1\u884c\u7248\u3002 Ceph \u51fd\u6570 \u53ef\u5927\u89c4\u6a21\u6269\u5c55\u7684\u5206\u5e03\u5f0f\u5b58\u50a8\u7cfb\u7edf\uff0c\u7531\u5bf9\u8c61\u5b58\u50a8\u3001\u5757\u5b58\u50a8\u548c\u517c\u5bb9 POSIX \u7684\u5206\u5e03\u5f0f\u6587\u4ef6\u7cfb\u7edf\u7ec4\u6210\u3002\u4e0eOpenStack\u517c\u5bb9\u3002 CephFS Ceph \u63d0\u4f9b\u7684\u7b26\u5408 POSIX \u6807\u51c6\u7684\u6587\u4ef6\u7cfb\u7edf\u3002 \u8bc1\u4e66\u9881\u53d1\u673a\u6784 \uff08CA\uff09 \u5728\u5bc6\u7801\u5b66\u4e2d\uff0c\u9881\u53d1\u6570\u5b57\u8bc1\u4e66\u7684\u5b9e\u4f53\u3002\u6570\u5b57\u8bc1\u4e66\u901a\u8fc7\u8bc1\u4e66\u7684\u6307\u5b9a\u4e3b\u4f53\u8bc1\u660e\u516c\u94a5\u7684\u6240\u6709\u6743\u3002\u8fd9\u4f7f\u5176\u4ed6\u4eba\uff08\u4f9d\u8d56\u65b9\uff09\u80fd\u591f\u4f9d\u8d56\u4e0e\u8ba4\u8bc1\u516c\u94a5\u76f8\u5bf9\u5e94\u7684\u79c1\u94a5\u6240\u505a\u7684\u7b7e\u540d\u6216\u65ad\u8a00\u3002\u5728\u8fd9\u79cd\u4fe1\u4efb\u5173\u7cfb\u6a21\u578b\u4e2d\uff0cCA \u662f\u8bc1\u4e66\u4e3b\u4f53\uff08\u6240\u6709\u8005\uff09\u548c\u4f9d\u8d56\u8bc1\u4e66\u7684\u4e00\u65b9\u7684\u53d7\u4fe1\u4efb\u7b2c\u4e09\u65b9\u3002CA \u662f\u8bb8\u591a\u516c\u94a5\u57fa\u7840\u7ed3\u6784 \uff08PKI\uff09 \u65b9\u6848\u7684\u7279\u5f81\u3002\u5728 OpenStack \u4e2d\uff0cCompute \u4e3a cloudpipe VPN \u548c VM \u6620\u50cf\u89e3\u5bc6\u63d0\u4f9b\u4e86\u4e00\u4e2a\u7b80\u5355\u7684\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u3002 \u6311\u6218\u63e1\u624b\u8eab\u4efd\u9a8c\u8bc1\u534f\u8bae \uff08CHAP\uff09 \u8ba1\u7b97\u652f\u6301\u7684 iSCSI \u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u3002 \u673a\u4f1a\u8c03\u5ea6\u5668 \u8ba1\u7b97\u4f7f\u7528\u7684\u4e00\u79cd\u8ba1\u5212\u65b9\u6cd5\uff0c\u7528\u4e8e\u4ece\u6c60\u4e2d\u968f\u673a\u9009\u62e9\u53ef\u7528\u4e3b\u673a\u3002 \u81ea\u4e0a\u6b21\u66f4\u6539\u4ee5\u6765 \u4e00\u4e2a\u8ba1\u7b97 API \u53c2\u6570\uff0c\u8be5\u53c2\u6570\u5141\u8bb8\u4e0b\u8f7d\u81ea\u4e0a\u6b21\u8bf7\u6c42\u4ee5\u6765\u5bf9\u6240\u8bf7\u6c42\u9879\u7684\u66f4\u6539\uff0c\u800c\u4e0d\u662f\u4e0b\u8f7d\u4e00\u7ec4\u65b0\u7684\u6570\u636e\u5e76\u5c06\u5176\u4e0e\u65e7\u6570\u636e\u8fdb\u884c\u6bd4\u8f83\u3002 Chef \u652f\u6301 OpenStack \u90e8\u7f72\u7684\u64cd\u4f5c\u7cfb\u7edf\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\u3002 \u5b50\u5355\u5143\u683c \u5982\u679c\u8bf7\u6c42\u7684\u8d44\u6e90\uff08\u5982 CPU \u65f6\u95f4\u3001\u78c1\u76d8\u5b58\u50a8\u6216\u5185\u5b58\uff09\u5728\u7236\u5355\u5143\u4e2d\u4e0d\u53ef\u7528\uff0c\u5219\u8be5\u8bf7\u6c42\u5c06\u8f6c\u53d1\u5230\u5176\u5173\u8054\u7684\u5b50\u5355\u5143\u3002\u5982\u679c\u5b50\u5355\u5143\u53ef\u4ee5\u6ee1\u8db3\u8bf7\u6c42\uff0c\u5219\u5b83\u786e\u5b9e\u53ef\u4ee5\u3002\u5426\u5219\uff0c\u5b83\u4f1a\u5c1d\u8bd5\u5c06\u8bf7\u6c42\u4f20\u9012\u7ed9\u5176\u4efb\u4f55\u5b50\u7ea7\u3002 cinder \u5757\u5b58\u50a8\u670d\u52a1\u7684\u4ee3\u53f7\u3002 CirrOS \u4e00\u4e2a\u6700\u5c0f\u7684 Linux \u53d1\u884c\u7248\uff0c\u8bbe\u8ba1\u7528\u4f5c\u4e91\uff08\u5982 OpenStack\uff09\u4e0a\u7684\u6d4b\u8bd5\u6620\u50cf\u3002 Cisco neutron \u63d2\u4ef6 \u9002\u7528\u4e8e Cisco \u8bbe\u5907\u548c\u6280\u672f\uff08\u5305\u62ec UCS \u548c Nexus\uff09\u7684\u7f51\u7edc\u63d2\u4ef6\u3002 \u4e91\u67b6\u6784\u5e08 \u8ba1\u5212\u3001\u8bbe\u8ba1\u548c\u76d1\u7763\u4e91\u521b\u5efa\u7684\u4eba\u3002 \u4e91\u5ba1\u8ba1\u6570\u636e\u8054\u90a6 \uff08CADF\uff09 Cloud Auditing Data Federation \uff08CADF\uff09 \u662f\u7528\u4e8e\u5ba1\u6838\u4e8b\u4ef6\u6570\u636e\u7684\u89c4\u8303\u3002CADF \u53d7 OpenStack Identity \u652f\u6301\u3002 \u4e91\u8ba1\u7b97 \u4e00\u79cd\u6a21\u578b\uff0c\u652f\u6301\u8bbf\u95ee\u53ef\u914d\u7f6e\u8ba1\u7b97\u8d44\u6e90\uff08\u5982\u7f51\u7edc\u3001\u670d\u52a1\u5668\u3001\u5b58\u50a8\u3001\u5e94\u7528\u7a0b\u5e8f\u548c\u670d\u52a1\uff09\u7684\u5171\u4eab\u6c60\uff0c\u8fd9\u4e9b\u8d44\u6e90\u53ef\u4ee5\u5feb\u901f\u914d\u7f6e\u548c\u53d1\u5e03\uff0c\u53ea\u9700\u6700\u5c11\u7684\u7ba1\u7406\u5de5\u4f5c\u6216\u670d\u52a1\u63d0\u4f9b\u5546\u4ea4\u4e92\u3002 \u4e91\u8ba1\u7b97\u57fa\u7840\u8bbe\u65bd \u652f\u6301\u4e91\u8ba1\u7b97\u6a21\u578b\u7684\u8ba1\u7b97\u8981\u6c42\u6240\u9700\u7684\u786c\u4ef6\u548c\u8f6f\u4ef6\u7ec4\u4ef6\uff0c\u4f8b\u5982\u670d\u52a1\u5668\u3001\u5b58\u50a8\u3001\u7f51\u7edc\u548c\u865a\u62df\u5316\u8f6f\u4ef6\u3002 \u4e91\u8ba1\u7b97\u5e73\u53f0\u8f6f\u4ef6 \u901a\u8fc7\u4e92\u8054\u7f51\u63d0\u4f9b\u4e0d\u540c\u7684\u670d\u52a1\u3002\u8fd9\u4e9b\u8d44\u6e90\u5305\u62ec\u6570\u636e\u5b58\u50a8\u3001\u670d\u52a1\u5668\u3001\u6570\u636e\u5e93\u3001\u7f51\u7edc\u548c\u8f6f\u4ef6\u7b49\u5de5\u5177\u548c\u5e94\u7528\u7a0b\u5e8f\u3002\u53ea\u8981\u7535\u5b50\u8bbe\u5907\u53ef\u4ee5\u8bbf\u95ee\u7f51\u7edc\uff0c\u5b83\u5c31\u53ef\u4ee5\u8bbf\u95ee\u6570\u636e\u548c\u8fd0\u884c\u5b83\u7684\u8f6f\u4ef6\u7a0b\u5e8f\u3002 \u4e91\u8ba1\u7b97\u670d\u52a1\u67b6\u6784 \u4e91\u670d\u52a1\u4f53\u7cfb\u7ed3\u6784\u5b9a\u4e49\u4e86\u5728\u4f01\u4e1a\u4e1a\u52a1\u7f51\u7edc\u8fb9\u754c\u5185\u548c\u8de8\u4f01\u4e1a\u4e1a\u52a1\u7f51\u7edc\u8fb9\u754c\u5b9e\u65bd\u7684\u6574\u4f53\u4e91\u8ba1\u7b97\u670d\u52a1\u548c\u89e3\u51b3\u65b9\u6848\u3002\u8003\u8651\u6838\u5fc3\u4e1a\u52a1\u9700\u6c42\uff0c\u5e76\u5c06\u5176\u4e0e\u53ef\u80fd\u7684\u4e91\u89e3\u51b3\u65b9\u6848\u76f8\u5339\u914d\u3002 \u4e91\u63a7\u5236\u5668 \u8868\u793a\u4e91\u5168\u5c40\u72b6\u6001\u7684\u8ba1\u7b97\u7ec4\u4ef6\u7684\u96c6\u5408;\u901a\u8fc7\u961f\u5217\u4e0e\u670d\u52a1\uff08\u4f8b\u5982\u8eab\u4efd\u8ba4\u8bc1\u3001\u5bf9\u8c61\u5b58\u50a8\u548c\u8282\u70b9/\u5b58\u50a8\u5de5\u4f5c\u7ebf\u7a0b\uff09\u8fdb\u884c\u901a\u4fe1\u3002 \u4e91\u63a7\u5236\u5668\u8282\u70b9 \u8fd0\u884c\u7f51\u7edc\u3001\u5377\u3001API\u3001\u8c03\u5ea6\u7a0b\u5e8f\u548c\u6620\u50cf\u670d\u52a1\u7684\u8282\u70b9\u3002\u6bcf\u4e2a\u670d\u52a1\u90fd\u53ef\u4ee5\u5206\u89e3\u4e3a\u5355\u72ec\u7684\u8282\u70b9\uff0c\u4ee5\u5b9e\u73b0\u53ef\u4f38\u7f29\u6027\u6216\u53ef\u7528\u6027\u3002 \u4e91\u6570\u636e\u7ba1\u7406\u63a5\u53e3\uff08CDMI\uff09 SINA\u6807\u51c6\u5b9a\u4e49\u4e86\u4e00\u4e2aRESTful API\uff0c\u7528\u4e8e\u7ba1\u7406\u4e91\u4e2d\u7684\u5bf9\u8c61\uff0c\u76ee\u524d\u5728OpenStack\u4e2d\u4e0d\u53d7\u652f\u6301\u3002 \u4e91\u57fa\u7840\u8bbe\u65bd\u7ba1\u7406\u63a5\u53e3\uff08CIMI\uff09 \u6b63\u5728\u8fdb\u884c\u7684\u4e91\u7ba1\u7406\u89c4\u8303\u3002\u76ee\u524d\u5728 OpenStack \u4e2d\u4e0d\u53d7\u652f\u6301\u3002 \u4e91\u6280\u672f \u4e91\u662f\u7531\u7ba1\u7406\u548c\u81ea\u52a8\u5316\u8f6f\u4ef6\u7f16\u6392\u7684\u865a\u62df\u6e90\u5de5\u5177\u3002\u8fd9\u5305\u62ec\u539f\u59cb\u5904\u7406\u80fd\u529b\u3001\u5185\u5b58\u3001\u7f51\u7edc\u3001\u57fa\u4e8e\u4e91\u7684\u5e94\u7528\u7a0b\u5e8f\u7684\u5b58\u50a8\u3002 cloud-init \u51fd\u6570 \u901a\u5e38\u5b89\u88c5\u5728 VM \u6620\u50cf\u4e2d\u7684\u5305\uff0c\u7528\u4e8e\u5728\u542f\u52a8\u540e\u4f7f\u7528\u4ece\u5143\u6570\u636e\u670d\u52a1\u68c0\u7d22\u5230\u7684\u4fe1\u606f\uff08\u5982 SSH \u516c\u94a5\u548c\u7528\u6237\u6570\u636e\uff09\u6267\u884c\u5b9e\u4f8b\u7684\u521d\u59cb\u5316\u3002 cloudadmin \u8ba1\u7b97 RBAC \u7cfb\u7edf\u4e2d\u7684\u9ed8\u8ba4\u89d2\u8272\u4e4b\u4e00\u3002\u6388\u4e88\u5b8c\u6574\u7684\u7cfb\u7edf\u8bbf\u95ee\u6743\u9650\u3002 Cloudbase-\u521d\u59cb\u5316 \u63d0\u4f9b\u6765\u5bbe\u521d\u59cb\u5316\u529f\u80fd\u7684 Windows \u9879\u76ee\uff0c\u7c7b\u4f3c\u4e8e cloud-init\u3002 cloudpipe \u4e00\u79cd\u57fa\u4e8e\u6bcf\u4e2a\u9879\u76ee\u521b\u5efa VPN \u7684\u8ba1\u7b97\u670d\u52a1\u3002 CloudPipe \u955c\u50cf \u4f5c\u4e3a cloudpipe \u670d\u52a1\u5668\u7684\u9884\u5236 VM \u955c\u50cf\u3002\u4ece\u672c\u8d28\u4e0a\u8bb2\uff0cOpenVPN\u8fd0\u884c\u5728Linux\u4e0a\u3002 \u96c6\u7fa4\u670d\u52a1\uff08senlin\uff09 \u5b9e\u73b0\u96c6\u7fa4\u670d\u52a1\u548c\u5e93\u7684\u9879\u76ee\uff0c\u7528\u4e8e\u7ba1\u7406\u7531\u5176\u4ed6 OpenStack \u670d\u52a1\u516c\u5f00\u7684\u540c\u6784\u5bf9\u8c61\u7ec4\u3002 \u547d\u4ee4\u8fc7\u6ee4\u5668 \u5217\u51fa\u8ba1\u7b97 rootwrap \u5de5\u5177\u4e2d\u5141\u8bb8\u7684\u547d\u4ee4\u3002 \u547d\u4ee4\u884c\u754c\u9762 \uff08CLI\uff09 \u4e00\u4e2a\u57fa\u4e8e\u6587\u672c\u7684\u5ba2\u6237\u7aef\uff0c\u53ef\u5e2e\u52a9\u60a8\u521b\u5efa\u811a\u672c\u4ee5\u4e0e OpenStack \u4e91\u8fdb\u884c\u4ea4\u4e92\u3002 \u901a\u7528 Internet \u6587\u4ef6\u7cfb\u7edf \uff08CIFS\uff09 \u6587\u4ef6\u5171\u4eab\u534f\u8bae\u3002\u5b83\u662f Microsoft \u5f00\u53d1\u548c\u4f7f\u7528\u7684\u539f\u59cb\u670d\u52a1\u5668\u6d88\u606f\u5757 \uff08SMB\uff09 \u534f\u8bae\u7684\u516c\u5171\u6216\u5f00\u653e\u53d8\u4f53\u3002\u4e0e SMB \u534f\u8bae\u4e00\u6837\uff0c CIFS \u5728\u66f4\u9ad8\u7ea7\u522b\u8fd0\u884c\u5e76\u4f7f\u7528 TCP/IP \u534f\u8bae\u3002 \u516c\u5171\u5e93 \uff08oslo\uff09 \u751f\u6210\u4e00\u7ec4 python \u5e93\u7684\u9879\u76ee\uff0c\u5176\u4e2d\u5305\u542b OpenStack \u9879\u76ee\u5171\u4eab\u7684\u4ee3\u7801\u3002\u8fd9\u4e9b\u5e93\u63d0\u4f9b\u7684 API \u5e94\u8be5\u662f\u9ad8\u8d28\u91cf\u3001\u7a33\u5b9a\u3001\u4e00\u81f4\u3001\u6709\u6587\u6863\u8bb0\u5f55\u7684\u548c\u666e\u904d\u9002\u7528\u7684\u3002 \u793e\u533a\u9879\u76ee \u4e00\u4e2a\u6ca1\u6709\u5f97\u5230OpenStack\u6280\u672f\u59d4\u5458\u4f1a\u6b63\u5f0f\u8ba4\u53ef\u7684\u9879\u76ee\u3002\u5982\u679c\u9879\u76ee\u8db3\u591f\u6210\u529f\uff0c\u5b83\u53ef\u80fd\u4f1a\u88ab\u63d0\u5347\u4e3a\u5b75\u5316\u9879\u76ee\uff0c\u7136\u540e\u88ab\u63d0\u5347\u4e3a\u6838\u5fc3\u9879\u76ee\uff0c\u6216\u8005\u5b83\u53ef\u80fd\u4e0e\u4e3b\u4ee3\u7801\u4e3b\u5e72\u5408\u5e76\u3002 \u538b\u7f29 \u901a\u8fc7\u7279\u6b8a\u7f16\u7801\u51cf\u5c0f\u6587\u4ef6\u5927\u5c0f\uff0c\u6587\u4ef6\u53ef\u4ee5\u518d\u6b21\u89e3\u538b\u7f29\u4e3a\u539f\u59cb\u5185\u5bb9\u3002OpenStack \u652f\u6301 Linux \u6587\u4ef6\u7cfb\u7edf\u7ea7\u522b\u7684\u538b\u7f29\uff0c\u4f46\u4e0d\u652f\u6301\u5bf9\u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61\u6216\u955c\u50cf\u670d\u52a1\u865a\u62df\u673a\u6620\u50cf\u7b49\u5185\u5bb9\u8fdb\u884c\u538b\u7f29\u3002 \u8ba1\u7b97 API \uff08nova API\uff09 nova-api \u5b88\u62a4\u7a0b\u5e8f\u63d0\u4f9b\u5bf9 nova \u670d\u52a1\u7684\u8bbf\u95ee\u3002\u53ef\u4ee5\u4e0e\u5176\u4ed6 API \u901a\u4fe1\uff0c\u4f8b\u5982 Amazon EC2 API\u3002 \u8ba1\u7b97\u63a7\u5236\u5668 \u8ba1\u7b97\u7ec4\u4ef6\uff0c\u7528\u4e8e\u9009\u62e9\u8981\u5728\u5176\u4e0a\u542f\u52a8 VM \u5b9e\u4f8b\u7684\u5408\u9002\u4e3b\u673a\u3002 \u8ba1\u7b97\u4e3b\u673a \u4e13\u7528\u4e8e\u8fd0\u884c\u8ba1\u7b97\u8282\u70b9\u7684\u7269\u7406\u4e3b\u673a\u3002 \u8ba1\u7b97\u8282\u70b9 \u8fd0\u884c nova-compute \u5b88\u62a4\u7a0b\u5e8f\u7684\u8282\u70b9\uff0c\u8be5\u5b88\u62a4\u7a0b\u5e8f\u7ba1\u7406\u63d0\u4f9b\u5404\u79cd\u670d\u52a1\uff08\u5982 Web \u5e94\u7528\u7a0b\u5e8f\u548c\u5206\u6790\uff09\u7684 VM \u5b9e\u4f8b\u3002 \u8ba1\u7b97\u670d\u52a1 \uff08nova\uff09 OpenStack \u6838\u5fc3\u9879\u76ee\uff0c\u7528\u4e8e\u5b9e\u73b0\u670d\u52a1\u548c\u76f8\u5173\u5e93\uff0c\u4ee5\u63d0\u4f9b\u5bf9\u8ba1\u7b97\u8d44\u6e90\uff08\u5305\u62ec\u88f8\u673a\u3001\u865a\u62df\u673a\u548c\u5bb9\u5668\uff09\u7684\u5927\u89c4\u6a21\u53ef\u6269\u5c55\u3001\u6309\u9700\u3001\u81ea\u52a9\u8bbf\u95ee\u3002 \u8ba1\u7b97\u5de5\u4f5c\u8fdb\u7a0b \u5728\u6bcf\u4e2a\u8ba1\u7b97\u8282\u70b9\u4e0a\u8fd0\u884c\u5e76\u7ba1\u7406 VM \u5b9e\u4f8b\u751f\u547d\u5468\u671f\u7684\u8ba1\u7b97\u7ec4\u4ef6\uff0c\u5305\u62ec\u8fd0\u884c\u3001\u91cd\u65b0\u542f\u52a8\u3001\u7ec8\u6b62\u3001\u9644\u52a0/\u5206\u79bb\u5377\u7b49\u3002\u7531 nova-compute \u5b88\u62a4\u7a0b\u5e8f\u63d0\u4f9b\u3002 \u4e32\u8054\u5bf9\u8c61 \u5bf9\u8c61\u5b58\u50a8\u7ec4\u5408\u5e76\u53d1\u9001\u5230\u5ba2\u6237\u7aef\u7684\u4e00\u7ec4\u5206\u6bb5\u5bf9\u8c61\u3002 \u5bfc\u4f53 \u5728\u8ba1\u7b97\u4e2d\uff0cconductor \u662f\u4ee3\u7406\u6765\u81ea\u8ba1\u7b97\u8fdb\u7a0b\u7684\u6570\u636e\u5e93\u8bf7\u6c42\u7684\u8fdb\u7a0b\u3002\u4f7f\u7528 conductor \u53ef\u4ee5\u63d0\u9ad8\u5b89\u5168\u6027\uff0c\u56e0\u4e3a\u8ba1\u7b97\u8282\u70b9\u4e0d\u9700\u8981\u76f4\u63a5\u8bbf\u95ee\u6570\u636e\u5e93\u3002 congress \u6cbb\u7406\u670d\u52a1\u7684\u4ee3\u7801\u540d\u79f0\u3002 \u4e00\u81f4\u6027\u7a97\u53e3 \u6240\u6709\u5ba2\u6237\u7aef\u90fd\u53ef\u4ee5\u8bbf\u95ee\u65b0\u7684\u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61\u6240\u9700\u7684\u65f6\u95f4\u3002 \u63a7\u5236\u53f0\u65e5\u5fd7 \u5305\u542b\u8ba1\u7b97\u4e2d Linux VM \u63a7\u5236\u53f0\u7684\u8f93\u51fa\u3002 \u5bb9\u5668 \u5728\u5bf9\u8c61\u5b58\u50a8\u4e2d\u7ec4\u7ec7\u548c\u5b58\u50a8\u5bf9\u8c61\u3002\u7c7b\u4f3c\u4e8e Linux \u76ee\u5f55\u7684\u6982\u5ff5\uff0c\u4f46\u4e0d\u80fd\u5d4c\u5957\u3002\u5f71\u50cf\u670d\u52a1\u5bb9\u5668\u683c\u5f0f\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u5bb9\u5668\u5ba1\u6838\u5458 \u901a\u8fc7\u5bf9 SQLite \u540e\u7aef\u6570\u636e\u5e93\u7684\u67e5\u8be2\uff0c\u68c0\u67e5\u6307\u5b9a\u5bf9\u8c61\u5b58\u50a8\u5bb9\u5668\u4e2d\u7f3a\u5c11\u526f\u672c\u6216\u4e0d\u6b63\u786e\u7684\u5bf9\u8c61\u3002 \u5bb9\u5668\u6570\u636e\u5e93 \u5b58\u50a8\u5bf9\u8c61\u5b58\u50a8\u5bb9\u5668\u548c\u5bb9\u5668\u5143\u6570\u636e\u7684 SQLite \u6570\u636e\u5e93\u3002\u5bb9\u5668\u670d\u52a1\u5668\u8bbf\u95ee\u6b64\u6570\u636e\u5e93\u3002 \u5bb9\u5668\u683c\u5f0f \u6620\u50cf\u670d\u52a1\u4f7f\u7528\u7684\u5305\u88c5\u5668\uff0c\u5176\u4e2d\u5305\u542b VM \u6620\u50cf\u53ca\u5176\u5173\u8054\u7684\u5143\u6570\u636e\uff0c\u4f8b\u5982\u8ba1\u7b97\u673a\u72b6\u6001\u3001OS \u78c1\u76d8\u5927\u5c0f\u7b49\u3002 \u5bb9\u5668\u57fa\u7840\u8bbe\u65bd\u7ba1\u7406\u670d\u52a1\uff08magnum\uff09 \u8be5\u9879\u76ee\u63d0\u4f9b\u4e00\u7ec4\u7528\u4e8e\u9884\u914d\u3001\u6269\u5c55\u548c\u7ba1\u7406\u5bb9\u5668\u7f16\u6392\u5f15\u64ce\u7684\u670d\u52a1\u3002 \u5bb9\u5668\u670d\u52a1\u5668 \u7ba1\u7406\u5bb9\u5668\u7684\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5668\u3002 \u5bb9\u5668\u670d\u52a1 \u63d0\u4f9b\u521b\u5efa\u3001\u5220\u9664\u3001\u5217\u8868\u7b49\u5bb9\u5668\u670d\u52a1\u7684\u5bf9\u8c61\u5b58\u50a8\u7ec4\u4ef6\u3002 \u5185\u5bb9\u5206\u53d1\u7f51\u7edc \uff08CDN\uff09 \u5185\u5bb9\u5206\u53d1\u7f51\u7edc\u662f\u7528\u4e8e\u5c06\u5185\u5bb9\u5206\u53d1\u5230\u5ba2\u6237\u7aef\u7684\u4e13\u7528\u7f51\u7edc\uff0c\u901a\u5e38\u4f4d\u4e8e\u5ba2\u6237\u7aef\u9644\u8fd1\u4ee5\u63d0\u9ad8\u6027\u80fd\u3002 \u6301\u7eed\u4ea4\u4ed8 \u4e00\u79cd\u8f6f\u4ef6\u5de5\u7a0b\u65b9\u6cd5\uff0c\u56e2\u961f\u5728\u77ed\u5468\u671f\u5185\u751f\u4ea7\u8f6f\u4ef6\uff0c\u786e\u4fdd\u8f6f\u4ef6\u53ef\u4ee5\u968f\u65f6\u53ef\u9760\u5730\u53d1\u5e03\uff0c\u5e76\u4e14\u5728\u53d1\u5e03\u8f6f\u4ef6\u65f6\u624b\u52a8\u53d1\u5e03\u3002 \u6301\u7eed\u90e8\u7f72 \u4e00\u79cd\u8f6f\u4ef6\u53d1\u5e03\u8fc7\u7a0b\uff0c\u8be5\u8fc7\u7a0b\u4f7f\u7528\u81ea\u52a8\u5316\u6d4b\u8bd5\u6765\u9a8c\u8bc1\u5bf9\u4ee3\u7801\u5e93\u7684\u66f4\u6539\u662f\u5426\u6b63\u786e\u4e14\u7a33\u5b9a\uff0c\u4ee5\u4fbf\u7acb\u5373\u81ea\u4e3b\u90e8\u7f72\u5230\u751f\u4ea7\u73af\u5883\u3002 \u6301\u7eed\u96c6\u6210 \u6bcf\u5929\u591a\u6b21\u5c06\u6240\u6709\u5f00\u53d1\u4eba\u5458\u7684\u5de5\u4f5c\u526f\u672c\u5408\u5e76\u5230\u5171\u4eab\u4e3b\u7ebf\u7684\u505a\u6cd5\u3002 \u63a7\u5236\u5668\u8282\u70b9 \u4e91\u63a7\u5236\u5668\u8282\u70b9\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u6838\u5fc3 API \u6839\u636e\u4e0a\u4e0b\u6587\uff0c\u6838\u5fc3 API \u53ef\u4ee5\u662f OpenStack API \u6216\u7279\u5b9a\u6838\u5fc3\u9879\u76ee\u7684\u4e3b API\uff0c\u4f8b\u5982\u8ba1\u7b97\u3001\u7f51\u7edc\u3001\u6620\u50cf\u670d\u52a1\u7b49\u3002 \u6838\u5fc3\u670d\u52a1 \u7531 Interop \u5de5\u4f5c\u7ec4\u5b9a\u4e49\u4e3a\u6838\u5fc3\u7684\u5b98\u65b9 OpenStack \u670d\u52a1\u3002\u76ee\u524d\u7531\u5757\u5b58\u50a8\u670d\u52a1\uff08cinder\uff09\u3001\u8ba1\u7b97\u670d\u52a1\uff08nova\uff09\u3001\u8eab\u4efd\u670d\u52a1\uff08keystone\uff09\u3001\u955c\u50cf\u670d\u52a1\uff08glance\uff09\u3001\u7f51\u7edc\u670d\u52a1\uff08neutron\uff09\u548c\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff08swift\uff09\u7ec4\u6210\u3002 \u6210\u672c \u5728\u8ba1\u7b97\u5206\u5e03\u5f0f\u8ba1\u5212\u7a0b\u5e8f\u4e0b\uff0c\u8fd9\u662f\u901a\u8fc7\u67e5\u770b\u6bcf\u4e2a\u4e3b\u673a\u76f8\u5bf9\u4e8e\u6240\u8bf7\u6c42\u7684 VM \u5b9e\u4f8b\u7684\u98ce\u683c\u7684\u529f\u80fd\u6765\u8ba1\u7b97\u7684\u3002 \u51ed\u8bc1 \u53ea\u6709\u7528\u6237\u77e5\u9053\u6216\u53ef\u8bbf\u95ee\u7684\u6570\u636e\uff0c\u7528\u4e8e\u9a8c\u8bc1\u7528\u6237\u662f\u5426\u662f\u4ed6\u6240\u8bf4\u7684\u4eba\u3002\u5728\u8eab\u4efd\u9a8c\u8bc1\u671f\u95f4\uff0c\u5c06\u51ed\u636e\u63d0\u4f9b\u7ed9\u670d\u52a1\u5668\u3002\u793a\u4f8b\u5305\u62ec\u5bc6\u7801\u3001\u5bc6\u94a5\u3001\u6570\u5b57\u8bc1\u4e66\u548c\u6307\u7eb9\u3002 CRL \u51fd\u6570 PKI \u6a21\u578b\u4e2d\u7684\u8bc1\u4e66\u540a\u9500\u5217\u8868 \uff08CRL\uff09 \u662f\u5df2\u540a\u9500\u7684\u8bc1\u4e66\u5217\u8868\u3002\u4e0d\u5e94\u4fe1\u4efb\u63d0\u4f9b\u8fd9\u4e9b\u8bc1\u4e66\u7684\u6700\u7ec8\u5b9e\u4f53\u3002 \u8de8\u57df\u8d44\u6e90\u5171\u4eab \uff08CORS\uff09 \u4e00\u79cd\u673a\u5236\uff0c\u5141\u8bb8\u4ece\u8d44\u6e90\u6765\u6e90\u57df\u4e4b\u5916\u7684\u53e6\u4e00\u4e2a\u57df\u8bf7\u6c42\u7f51\u9875\u4e0a\u7684\u8bb8\u591a\u8d44\u6e90\uff08\u4f8b\u5982\uff0c\u5b57\u4f53\u3001JavaScript\uff09\u3002\u7279\u522b\u662f\uff0cJavaScript \u7684 AJAX \u8c03\u7528\u53ef\u4ee5\u4f7f\u7528 XMLHttpRequest \u673a\u5236\u3002 Crowbar SUSE \u7684\u5f00\u6e90\u793e\u533a\u9879\u76ee\uff0c\u65e8\u5728\u63d0\u4f9b\u6240\u6709\u5fc5\u8981\u7684\u670d\u52a1\uff0c\u4ee5\u5feb\u901f\u90e8\u7f72\u548c\u7ba1\u7406\u4e91\u3002 \u5f53\u524d\u5de5\u4f5c\u8d1f\u8f7d \u8ba1\u7b97\u5bb9\u91cf\u7f13\u5b58\u7684\u4e00\u4e2a\u5143\u7d20\uff0c\u6839\u636e\u7ed9\u5b9a\u4e3b\u673a\u4e0a\u5f53\u524d\u6b63\u5728\u8fdb\u884c\u7684\u751f\u6210\u3001\u5feb\u7167\u3001\u8fc1\u79fb\u548c\u8c03\u6574\u5927\u5c0f\u64cd\u4f5c\u7684\u6570\u91cf\u8fdb\u884c\u8ba1\u7b97\u3002 \u5ba2\u6237 \u9879\u76ee\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u81ea\u5b9a\u4e49\u6a21\u5757 \u7528\u6237\u521b\u5efa\u7684 Python \u6a21\u5757\uff0c\u7531 horizon \u52a0\u8f7d\uff0c\u7528\u4e8e\u66f4\u6539\u4eea\u8868\u677f\u7684\u5916\u89c2\u3002 D \u00b6 \u5b88\u62a4\u8fdb\u7a0b \u5728\u540e\u53f0\u8fd0\u884c\u5e76\u7b49\u5f85\u8bf7\u6c42\u7684\u8fdb\u7a0b\u3002\u53ef\u80fd\u4fa6\u542c\u4e5f\u53ef\u80fd\u4e0d\u4fa6\u542c TCP \u6216 UDP \u7aef\u53e3\u3002\u4e0d\u8981\u4e0e\u5de5\u4eba\u6df7\u6dc6\u3002 \u4eea\u8868\u677f\uff08horizon\uff09 OpenStack \u9879\u76ee\uff0c\u4e3a\u6240\u6709 OpenStack \u670d\u52a1\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7edf\u4e00\u7684\u3001\u57fa\u4e8e Web \u7684\u7528\u6237\u754c\u9762\u3002 \u6570\u636e\u52a0\u5bc6 \u955c\u50cf\u670d\u52a1\u548c\u8ba1\u7b97\u90fd\u652f\u6301\u52a0\u5bc6\u7684\u865a\u62df\u673a \uff08VM\uff09 \u955c\u50cf\uff08\u4f46\u4e0d\u652f\u6301\u5b9e\u4f8b\uff09\u3002OpenStack \u652f\u6301\u4f7f\u7528 HTTPS\u3001SSL\u3001TLS \u548c SSH \u7b49\u6280\u672f\u8fdb\u884c\u4f20\u8f93\u4e2d\u6570\u636e\u52a0\u5bc6\u3002\u5bf9\u8c61\u5b58\u50a8\u4e0d\u652f\u6301\u5e94\u7528\u7a0b\u5e8f\u7ea7\u522b\u7684\u5bf9\u8c61\u52a0\u5bc6\uff0c\u4f46\u53ef\u80fd\u652f\u6301\u4f7f\u7528\u78c1\u76d8\u52a0\u5bc6\u7684\u5b58\u50a8\u3002 \u6570\u636e\u4e22\u5931\u9632\u62a4\uff08DLP\uff09 \u8f6f\u4ef6 \u7528\u4e8e\u4fdd\u62a4\u654f\u611f\u4fe1\u606f\u5e76\u901a\u8fc7\u68c0\u6d4b\u548c\u62d2\u7edd\u6570\u636e\u4f20\u8f93\u6765\u9632\u6b62\u5176\u6cc4\u6f0f\u5230\u7f51\u7edc\u8fb9\u754c\u4e4b\u5916\u7684\u8f6f\u4ef6\u7a0b\u5e8f\u3002 \u6570\u636e\u5904\u7406\u670d\u52a1\uff08sahara\uff09 OpenStack \u9879\u76ee\uff0c\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u6570\u636e\u5904\u7406\u5806\u6808\u548c\u5173\u8054\u7684\u7ba1\u7406\u63a5\u53e3\u3002 \u6570\u636e\u5b58\u50a8 \u6570\u636e\u5e93\u670d\u52a1\u652f\u6301\u7684\u6570\u636e\u5e93\u5f15\u64ce\u3002 \u6570\u636e\u5e93 ID \u4e3a\u5bf9\u8c61\u5b58\u50a8\u6570\u636e\u5e93\u7684\u6bcf\u4e2a\u526f\u672c\u6307\u5b9a\u7684\u552f\u4e00 ID\u3002 \u6570\u636e\u5e93\u590d\u5236\u5668 \u4e00\u4e2a\u5bf9\u8c61\u5b58\u50a8\u7ec4\u4ef6\uff0c\u7528\u4e8e\u5c06\u5e10\u6237\u3001\u5bb9\u5668\u548c\u5bf9\u8c61\u6570\u636e\u5e93\u4e2d\u7684\u66f4\u6539\u590d\u5236\u5230\u5176\u4ed6\u8282\u70b9\u3002 \u6570\u636e\u5e93\u670d\u52a1\uff08trove\uff09 \u4e00\u4e2a\u96c6\u6210\u9879\u76ee\uff0c\u4e3a\u5173\u7cfb\u548c\u975e\u5173\u7cfb\u6570\u636e\u5e93\u5f15\u64ce\u63d0\u4f9b\u53ef\u6269\u5c55\u4e14\u53ef\u9760\u7684\u4e91\u6570\u636e\u5e93\u5373\u670d\u52a1\u529f\u80fd\u3002 \u89e3\u9664\u5206\u914d \u5220\u9664\u6d6e\u52a8 IP \u5730\u5740\u548c\u56fa\u5b9a IP \u5730\u5740\u4e4b\u95f4\u7684\u5173\u8054\u7684\u8fc7\u7a0b\u3002\u5220\u9664\u6b64\u5173\u8054\u540e\uff0c\u6d6e\u52a8 IP \u5c06\u8fd4\u56de\u5230\u5730\u5740\u6c60\u3002 Debian \u4e0e OpenStack \u517c\u5bb9\u7684 Linux \u53d1\u884c\u7248\u3002 \u91cd\u590d\u6570\u636e\u5220\u9664 \u5728\u78c1\u76d8\u5757\u3001\u6587\u4ef6\u548c/\u6216\u5bf9\u8c61\u7ea7\u522b\u67e5\u627e\u91cd\u590d\u6570\u636e\u4ee5\u6700\u5927\u7a0b\u5ea6\u5730\u51cf\u5c11\u5b58\u50a8\u4f7f\u7528\u7684\u8fc7\u7a0b - \u76ee\u524d\u5728 OpenStack \u4e2d\u4e0d\u53d7\u652f\u6301\u3002 \u9ed8\u8ba4\u9762\u677f \u7528\u6237\u8bbf\u95ee\u4eea\u8868\u677f\u65f6\u663e\u793a\u7684\u9ed8\u8ba4\u9762\u677f\u3002 \u9ed8\u8ba4\u9879\u76ee \u5982\u679c\u5728\u521b\u5efa\u7528\u6237\u65f6\u672a\u6307\u5b9a\u4efb\u4f55\u9879\u76ee\uff0c\u5219\u4f1a\u5c06\u65b0\u7528\u6237\u5206\u914d\u7ed9\u6b64\u9879\u76ee\u3002 \u9ed8\u8ba4\u4ee4\u724c \u4e00\u4e2a\u6807\u8bc6\u670d\u52a1\u4ee4\u724c\uff0c\u8be5\u4ee4\u724c\u4e0d\u4e0e\u7279\u5b9a\u9879\u76ee\u5173\u8054\uff0c\u5e76\u4ea4\u6362\u4e3a\u4f5c\u7528\u57df\u5185\u4ee4\u724c\u3002 \u5ef6\u8fdf\u5220\u9664 \u5f71\u50cf\u670d\u52a1\u4e2d\u7684\u4e00\u4e2a\u9009\u9879\uff0c\u7528\u4e8e\u5728\u9884\u5b9a\u4e49\u7684\u79d2\u6570\u540e\u5220\u9664\u5f71\u50cf\uff0c\u800c\u4e0d\u662f\u7acb\u5373\u5220\u9664\u5f71\u50cf\u3002 \u4ea4\u4ed8\u65b9\u5f0f Compute RabbitMQ\u6d88\u606f\u6295\u9012\u6a21\u5f0f\u7684\u8bbe\u7f6e;\u53ef\u4ee5\u8bbe\u7f6e\u4e3a\u77ac\u6001\u6216\u6301\u4e45\u6027\u3002 \u62d2\u7edd\u670d\u52a1 \uff08DoS\uff09 \u62d2\u7edd\u670d\u52a1 \uff08DoS\uff09 \u662f\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u7684\u7b80\u79f0\u3002\u8fd9\u662f\u963b\u6b62\u5408\u6cd5\u7528\u6237\u4f7f\u7528\u670d\u52a1\u7684\u6076\u610f\u5c1d\u8bd5\u3002 \u5df2\u5f03\u7528\u7684\u8eab\u4efd\u9a8c\u8bc1 \u8ba1\u7b97\u4e2d\u7684\u4e00\u4e2a\u9009\u9879\uff0c\u4f7f\u7ba1\u7406\u5458\u80fd\u591f\u901a\u8fc7 nova-manage \u547d\u4ee4\u521b\u5efa\u548c\u7ba1\u7406\u7528\u6237\uff0c\u800c\u4e0d\u662f\u4f7f\u7528\u6807\u8bc6\u670d\u52a1\u3002 \u6307\u5b9a DNS \u670d\u52a1\u7684\u4ee3\u53f7\u3002 \u684c\u9762\u5373\u670d\u52a1 \u4e00\u4e2a\u5e73\u53f0\uff0c\u5b83\u63d0\u4f9b\u4e86\u4e00\u5957\u684c\u9762\u73af\u5883\uff0c\u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95ee\u8fd9\u4e9b\u73af\u5883\u4ece\u4efb\u4f55\u4f4d\u7f6e\u63a5\u6536\u684c\u9762\u4f53\u9a8c\u3002\u8fd9\u53ef\u4ee5\u63d0\u4f9b\u901a\u7528\u3001\u5f00\u53d1\u751a\u81f3\u540c\u6784\u6d4b\u8bd5\u73af\u5883\u3002 \u5f00\u53d1\u8005 \u8ba1\u7b97 RBAC \u7cfb\u7edf\u4e2d\u7684\u9ed8\u8ba4\u89d2\u8272\u4e4b\u4e00\uff0c\u4e5f\u662f\u5206\u914d\u7ed9\u65b0\u7528\u6237\u7684\u9ed8\u8ba4\u89d2\u8272\u3002 \u8bbe\u5907 ID \u5c06\u5bf9\u8c61\u5b58\u50a8\u5206\u533a\u6620\u5c04\u5230\u7269\u7406\u5b58\u50a8\u8bbe\u5907\u3002 \u8bbe\u5907\u6743\u91cd \u6839\u636e\u6bcf\u4e2a\u8bbe\u5907\u7684\u5b58\u50a8\u5bb9\u91cf\uff0c\u5728\u5bf9\u8c61\u5b58\u50a8\u8bbe\u5907\u4e4b\u95f4\u6309\u6bd4\u4f8b\u5206\u914d\u5206\u533a\u3002 \u5f00\u53d1\u5806\u6808 \u4f7f\u7528 shell \u811a\u672c\u5feb\u901f\u6784\u5efa\u5b8c\u6574 OpenStack \u5f00\u53d1\u73af\u5883\u7684\u793e\u533a\u9879\u76ee\u3002 DHCP\u4ee3\u7406 \u4e3a\u865a\u62df\u7f51\u7edc\u63d0\u4f9b DHCP \u670d\u52a1\u7684 OpenStack Networking \u4ee3\u7406\u3002 Diablo 2011 \u5e74\u79cb\u5b63\u53d1\u5e03\u7684\u4e0e OpenStack \u76f8\u5173\u7684\u9879\u76ee\u7684\u5206\u7ec4\u7248\u672c\uff0c\u662f OpenStack \u7684\u7b2c\u56db\u4e2a\u7248\u672c\u3002\u5b83\u5305\u62ec\u8ba1\u7b97 \uff08nova 2011.3\uff09\u3001\u5bf9\u8c61\u5b58\u50a8 \uff08swift 1.4.3\uff09 \u548c\u955c\u50cf\u670d\u52a1 \uff08glance\uff09\u3002Diablo\u662fOpenStack\u7b2c\u56db\u4e2a\u7248\u672c\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u7f8e\u56fd\u52a0\u5229\u798f\u5c3c\u4e9a\u5dde\u5723\u514b\u62c9\u62c9\u9644\u8fd1\u7684\u6e7e\u533a\u4e3e\u884c\uff0cDiablo\u662f\u9644\u8fd1\u7684\u57ce\u5e02\u3002 \u76f4\u63a5\u6d88\u8d39\u8005 Compute RabbitMQ \u7684\u4e00\u4e2a\u5143\u7d20\uff0c\u5728\u6267\u884c RPC \u8c03\u7528\u65f6\u751f\u6548\u3002\u5b83\u901a\u8fc7\u552f\u4e00\u7684\u72ec\u5360\u961f\u5217\u8fde\u63a5\u5230\u76f4\u63a5\u4ea4\u6362\uff0c\u53d1\u9001\u6d88\u606f\uff0c\u7136\u540e\u7ec8\u6b62\u3002 \u76f4\u63a5\u4ea4\u6362 RPC \u8c03\u7528\u671f\u95f4\u5728 Compute RabbitMQ \u4e2d\u521b\u5efa\u7684\u8def\u7531\u8868;\u4e3a\u6bcf\u4e2a\u8c03\u7528\u7684 RPC \u8c03\u7528\u521b\u5efa\u4e00\u4e2a\u3002 \u76f4\u63a5\u53d1\u5e03\u8005 RabbitMQ \u7684\u5143\u7d20\uff0c\u7528\u4e8e\u63d0\u4f9b\u5bf9\u4f20\u5165 MQ \u6d88\u606f\u7684\u54cd\u5e94\u3002 \u89e3\u9664\u5173\u8054 \u5220\u9664\u6d6e\u52a8 IP \u5730\u5740\u548c\u56fa\u5b9a IP \u4e4b\u95f4\u7684\u5173\u8054\uff0c\u4ece\u800c\u5c06\u6d6e\u52a8 IP \u5730\u5740\u8fd4\u56de\u5230\u5730\u5740\u6c60\u7684\u8fc7\u7a0b\u3002 \u81ea\u4e3b\u8bbf\u95ee\u63a7\u5236 \uff08DAC\uff09 \u63a7\u5236\u4f7f\u7528\u8005\u8bbf\u95ee\u5bf9\u8c61\u7684\u80fd\u529b\uff0c\u540c\u65f6\u4f7f\u7528\u6237\u80fd\u591f\u505a\u51fa\u7b56\u7565\u51b3\u7b56\u5e76\u5206\u914d\u5b89\u5168\u5c5e\u6027\u3002\u4f20\u7edf\u7684\u7528\u6237\u3001\u7ec4\u548c\u8bfb-\u5199-\u6267\u884c\u6743\u9650\u7684 UNIX \u7cfb\u7edf\u5c31\u662f DAC \u7684\u4e00\u4e2a\u793a\u4f8b\u3002 \u78c1\u76d8\u52a0\u5bc6 \u80fd\u591f\u5728\u6587\u4ef6\u7cfb\u7edf\u3001\u78c1\u76d8\u5206\u533a\u6216\u6574\u4e2a\u78c1\u76d8\u7ea7\u522b\u52a0\u5bc6\u6570\u636e\u3002\u5728\u8ba1\u7b97 VM \u4e2d\u53d7\u652f\u6301\u3002 \u78c1\u76d8\u683c\u5f0f VM \u7684\u78c1\u76d8\u6620\u50cf\u5728\u6620\u50cf\u670d\u52a1\u540e\u7aef\u5b58\u50a8\u4e2d\u5b58\u50a8\u7684\u57fa\u7840\u683c\u5f0f\u3002\u4f8b\u5982\uff0cAMI\u3001ISO\u3001QCOW2\u3001VMDK \u7b49\u3002 \u5206\u6563 \u5728\u5bf9\u8c61\u5b58\u50a8\u4e2d\uff0c\u7528\u4e8e\u6d4b\u8bd5\u548c\u786e\u4fdd\u5bf9\u8c61\u548c\u5bb9\u5668\u5206\u6563\u4ee5\u786e\u4fdd\u5bb9\u9519\u7684\u5de5\u5177\u3002 \u5206\u5e03\u5f0f\u865a\u62df\u8def\u7531\u5668 \uff08DVR\uff09 \u4f7f\u7528 OpenStack Networking \uff08neutron\uff09 \u65f6\u5b9e\u73b0\u9ad8\u53ef\u7528\u6027\u591a\u4e3b\u673a\u8def\u7531\u7684\u673a\u5236\u3002 Django \u5728\u5730\u5e73\u7ebf\u4e2d\u5e7f\u6cdb\u4f7f\u7528\u7684 Web \u6846\u67b6\u3002 DNS \u8bb0\u5f55 \u6307\u5b9a\u6709\u5173\u7279\u5b9a\u57df\u5e76\u5c5e\u4e8e\u8be5\u57df\u7684\u4fe1\u606f\u7684\u8bb0\u5f55\u3002 DNS\u670d\u52a1\uff08\u6307\u5b9a\uff09 OpenStack \u9879\u76ee\uff0c\u4ee5\u4e0e\u6280\u672f\u65e0\u5173\u7684\u65b9\u5f0f\u63d0\u4f9b\u5bf9\u6743\u5a01 DNS \u670d\u52a1\u7684\u53ef\u6269\u5c55\u3001\u6309\u9700\u3001\u81ea\u52a9\u8bbf\u95ee\u3002 dnsmasq \u4e3a\u865a\u62df\u7f51\u7edc\u63d0\u4f9b DNS\u3001DHCP\u3001BOOTP \u548c TFTP \u670d\u52a1\u7684\u5b88\u62a4\u7a0b\u5e8f\u3002 \u57df \u6807\u8bc6 API v3 \u5b9e\u4f53\u3002\u8868\u793a\u9879\u76ee\u3001\u7ec4\u548c\u7528\u6237\u7684\u96c6\u5408\uff0c\u7528\u4e8e\u5b9a\u4e49\u7528\u4e8e\u7ba1\u7406 OpenStack Identity \u5b9e\u4f53\u7684\u7ba1\u7406\u8fb9\u754c\u3002\u5728 Internet \u4e0a\uff0c\u5c06\u7f51\u7ad9\u4e0e\u5176\u4ed6\u7f51\u7ad9\u5206\u5f00\u3002\u901a\u5e38\uff0c\u57df\u540d\u6709\u4e24\u4e2a\u6216\u591a\u4e2a\u90e8\u5206\uff0c\u7528\u70b9\u5206\u9694\u3002\u4f8b\u5982\uff0cyahoo.com\u3001usa.gov\u3001harvard.edu \u6216 mail.yahoo.com\u3002\u6b64\u5916\uff0c\u57df\u662f\u5305\u542b\u4e00\u6761\u6216\u591a\u6761\u8bb0\u5f55\u7684\u6240\u6709 DNS \u76f8\u5173\u4fe1\u606f\u7684\u5b9e\u4f53\u6216\u5bb9\u5668\u3002 \u57df\u540d\u7cfb\u7edf\uff08DNS\uff09 \u7528\u4e8e\u786e\u5b9a Internet \u57df\u540d\u5230\u5730\u5740\u548c\u5730\u5740\u5230\u540d\u79f0\u89e3\u6790\u7684\u7cfb\u7edf\u3002DNS \u901a\u8fc7\u5c06 IP \u5730\u5740\u8f6c\u6362\u4e3a\u66f4\u6613\u4e8e\u8bb0\u5fc6\u7684\u5730\u5740\u6765\u5e2e\u52a9\u6d4f\u89c8 Internet\u3002\u4f8b\u5982\uff0c\u5c06 111.111.111.1 \u8f6c\u6362\u4e3a www.yahoo.com\u3002\u6240\u6709\u57df\u53ca\u5176\u7ec4\u4ef6\uff08\u5982\u90ae\u4ef6\u670d\u52a1\u5668\uff09\u90fd\u5229\u7528 DNS \u89e3\u6790\u5230\u9002\u5f53\u7684\u4f4d\u7f6e\u3002DNS\u670d\u52a1\u5668\u901a\u5e38\u8bbe\u7f6e\u5728\u4e3b\u4ece\u5173\u7cfb\u4e2d\uff0c\u4ee5\u4fbf\u4e3b\u670d\u52a1\u5668\u6545\u969c\u8c03\u7528\u4ece\u670d\u52a1\u5668\u3002\u8fd8\u53ef\u4ee5\u5bf9 DNS \u670d\u52a1\u5668\u8fdb\u884c\u7fa4\u96c6\u6216\u590d\u5236\uff0c\u4ee5\u4fbf\u5bf9\u4e00\u4e2a DNS \u670d\u52a1\u5668\u6240\u505a\u7684\u66f4\u6539\u81ea\u52a8\u4f20\u64ad\u5230\u5176\u4ed6\u6d3b\u52a8\u670d\u52a1\u5668\u3002\u5728\u8ba1\u7b97\u4e2d\uff0c\u652f\u6301\u5c06 DNS \u6761\u76ee\u4e0e\u6d6e\u52a8 IP \u5730\u5740\u3001\u8282\u70b9\u6216\u5355\u5143\u76f8\u5173\u8054\uff0c\u4ee5\u4fbf\u4e3b\u673a\u540d\u5728\u91cd\u65b0\u542f\u52a8\u65f6\u4fdd\u6301\u4e00\u81f4\u3002 \u4e0b\u8f7d \u5c06\u6570\u636e\uff08\u901a\u5e38\u4ee5\u6587\u4ef6\u7684\u5f62\u5f0f\uff09\u4ece\u4e00\u53f0\u8ba1\u7b97\u673a\u4f20\u8f93\u5230\u53e6\u4e00\u53f0\u8ba1\u7b97\u673a\u3002 \u6301\u4e45\u4ea4\u6362 \u670d\u52a1\u5668\u91cd\u65b0\u542f\u52a8\u65f6\u4fdd\u6301\u6d3b\u52a8\u72b6\u6001\u7684 Compute RabbitMQ \u6d88\u606f\u4ea4\u6362\u3002 \u6301\u4e45\u961f\u5217 \u4e00\u4e2a Compute RabbitMQ \u6d88\u606f\u961f\u5217\uff0c\u5728\u670d\u52a1\u5668\u91cd\u65b0\u542f\u52a8\u65f6\u4fdd\u6301\u6d3b\u52a8\u72b6\u6001\u3002 \u52a8\u6001\u4e3b\u673a\u914d\u7f6e\u534f\u8bae \uff08DHCP\uff09 \u4e00\u79cd\u7f51\u7edc\u534f\u8bae\uff0c\u7528\u4e8e\u914d\u7f6e\u8fde\u63a5\u5230\u7f51\u7edc\u7684\u8bbe\u5907\uff0c\u4ee5\u4fbf\u5b83\u4eec\u53ef\u4ee5\u4f7f\u7528 Internet \u534f\u8bae \uff08IP\uff09 \u5728\u8be5\u7f51\u7edc\u4e0a\u8fdb\u884c\u901a\u4fe1\u3002\u8be5\u534f\u8bae\u5728\u5ba2\u6237\u7aef-\u670d\u52a1\u5668\u6a21\u578b\u4e2d\u5b9e\u73b0\uff0c\u5176\u4e2d DHCP \u5ba2\u6237\u7aef\u4ece DHCP \u670d\u52a1\u5668\u8bf7\u6c42\u914d\u7f6e\u6570\u636e\uff0c\u4f8b\u5982 IP \u5730\u5740\u3001\u9ed8\u8ba4\u8def\u7531\u4ee5\u53ca\u4e00\u4e2a\u6216\u591a\u4e2a DNS \u670d\u52a1\u5668\u5730\u5740\u3002\u4e00\u79cd\u5728\u5f15\u5bfc\u65f6\u81ea\u52a8\u4e3a\u4e3b\u673a\u914d\u7f6e\u7f51\u7edc\u7684\u65b9\u6cd5\u3002\u7531\u7f51\u7edc\u548c\u8ba1\u7b97\u63d0\u4f9b\u3002 \u52a8\u6001\u8d85\u6587\u672c\u6807\u8bb0\u8bed\u8a00 \uff08DHTML\uff09 \u4f7f\u7528 HTML\u3001JavaScript \u548c\u7ea7\u8054\u6837\u5f0f\u8868\u4f7f\u7528\u6237\u80fd\u591f\u4e0e\u7f51\u9875\u4ea4\u4e92\u6216\u663e\u793a\u7b80\u5355\u52a8\u753b\u7684\u9875\u9762\u3002 E \u00b6 \u4e1c\u897f\u5411\u6d41\u91cf \u540c\u4e00\u4e91\u6216\u6570\u636e\u4e2d\u5fc3\u4e2d\u7684\u670d\u52a1\u5668\u4e4b\u95f4\u7684\u7f51\u7edc\u6d41\u91cf\u3002\u53e6\u8bf7\u53c2\u9605\u5357\u5317\u5411\u6d41\u91cf\u3002 EBS \u542f\u52a8\u5377 \u5305\u542b\u53ef\u542f\u52a8 VM \u6620\u50cf\u7684 Amazon EBS \u5b58\u50a8\u5377\uff0cOpenStack \u76ee\u524d\u4e0d\u652f\u6301\u8be5\u6620\u50cf\u3002 ebtables \u7528\u4e8e Linux \u6865\u63a5\u9632\u706b\u5899\u7684\u8fc7\u6ee4\u5de5\u5177\uff0c\u652f\u6301\u8fc7\u6ee4\u901a\u8fc7 Linux \u6865\u63a5\u7684\u7f51\u7edc\u6d41\u91cf\u3002\u5728\u8ba1\u7b97\u4e2d\u4e0e arptables\u3001iptables \u548c ip6tables \u4e00\u8d77\u4f7f\u7528\uff0c\u4ee5\u786e\u4fdd\u7f51\u7edc\u901a\u4fe1\u7684\u9694\u79bb\u3002 EC2 \u51fd\u6570 Amazon \u5546\u4e1a\u8ba1\u7b97\u4ea7\u54c1\uff0c\u7c7b\u4f3c\u4e8e\u8ba1\u7b97\u3002 EC2 \u8bbf\u95ee\u5bc6\u94a5 \u4e0e EC2 \u79c1\u6709\u5bc6\u94a5\u4e00\u8d77\u4f7f\u7528\u4ee5\u8bbf\u95ee\u8ba1\u7b97 EC2 API\u3002 EC2 API OpenStack \u652f\u6301\u901a\u8fc7\u8ba1\u7b97\u8bbf\u95ee Amazon EC2 API\u3002 EC2 \u517c\u5bb9\u6027 API \u4f7f OpenStack \u80fd\u591f\u4e0e Amazon EC2 \u901a\u4fe1\u7684\u8ba1\u7b97\u7ec4\u4ef6\u3002 EC2 \u79c1\u6709\u5bc6\u94a5 \u4e0e\u8ba1\u7b97 EC2 API \u901a\u4fe1\u65f6\u4e0e EC2 \u8bbf\u95ee\u5bc6\u94a5\u4e00\u8d77\u4f7f\u7528;\u7528\u4e8e\u5bf9\u6bcf\u4e2a\u8bf7\u6c42\u8fdb\u884c\u6570\u5b57\u7b7e\u540d\u3002 \u8fb9\u7f18\u8ba1\u7b97 \u5728\u4e91\u4e2d\u8fd0\u884c\u66f4\u5c11\u7684\u8fdb\u7a0b\uff0c\u5e76\u5c06\u8fd9\u4e9b\u8fdb\u7a0b\u79fb\u52a8\u5230\u672c\u5730\u3002 \u5f39\u6027\u5757\u5b58\u50a8 \uff08EBS\uff09 Amazon \u5546\u4e1a\u5757\u5b58\u50a8\u4ea7\u54c1\u3002 \u5c01\u88c5 \u5c06\u4e00\u79cd\u6570\u636e\u5305\u7c7b\u578b\u7f6e\u4e8e\u53e6\u4e00\u79cd\u6570\u636e\u5305\u7c7b\u578b\u4e2d\uff0c\u4ee5\u63d0\u53d6\u6216\u4fdd\u62a4\u6570\u636e\u3002\u793a\u4f8b\u5305\u62ec GRE\u3001MPLS \u6216 IPsec\u3002 \u52a0\u5bc6 OpenStack\u652f\u6301HTTPS\u3001SSH\u3001SSL\u3001TLS\u3001\u6570\u5b57\u8bc1\u4e66\u3001\u6570\u636e\u52a0\u5bc6\u7b49\u52a0\u5bc6\u6280\u672f\u3002 \u7aef\u70b9 \u8bf7\u53c2\u9605 API \u7aef\u70b9\u3002 \u7aef\u70b9\u6ce8\u518c\u8868 \u8eab\u4efd\u670d\u52a1\u76ee\u5f55\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u7aef\u70b9\u6a21\u677f URL \u548c\u7aef\u53e3\u53f7\u7aef\u70b9\u5217\u8868\uff0c\u6307\u793a\u53ef\u4ee5\u8bbf\u95ee\u670d\u52a1\uff08\u5982\u5bf9\u8c61\u5b58\u50a8\u3001\u8ba1\u7b97\u3001\u6807\u8bc6\u7b49\uff09\u7684\u4f4d\u7f6e\u3002 \u4f01\u4e1a\u4e91\u8ba1\u7b97 \u4f4d\u4e8e\u9632\u706b\u5899\u540e\u9762\u7684\u8ba1\u7b97\u73af\u5883\uff0c\u4e3a\u4f01\u4e1a\u63d0\u4f9b\u8f6f\u4ef6\u3001\u57fa\u7840\u8bbe\u65bd\u548c\u5e73\u53f0\u670d\u52a1\u3002 \u5b9e\u4f53 \u4efb\u4f55\u60f3\u8981\u8fde\u63a5\u5230\u7f51\u7edc\uff08\u7f51\u7edc\u8fde\u63a5\u670d\u52a1\uff09\u63d0\u4f9b\u7684\u7f51\u7edc\u670d\u52a1\u7684\u786c\u4ef6\u6216\u8f6f\u4ef6\u3002\u5b9e\u4f53\u53ef\u4ee5\u901a\u8fc7\u5b9e\u73b0 VIF \u6765\u5229\u7528\u7f51\u7edc\u3002 \u4e34\u65f6\u6620\u50cf \u4e0d\u4fdd\u5b58\u5bf9\u5176\u5377\u6240\u505a\u7684\u66f4\u6539\u5e76\u5728\u5b9e\u4f8b\u7ec8\u6b62\u540e\u5c06\u5176\u6062\u590d\u5230\u539f\u59cb\u72b6\u6001\u7684 VM \u6620\u50cf\u3002 \u4e34\u65f6\u5377 \u4e0d\u4fdd\u5b58\u5bf9\u5176\u6240\u505a\u7684\u66f4\u6539\u5e76\u5728\u5f53\u524d\u7528\u6237\u653e\u5f03\u63a7\u5236\u6743\u65f6\u6062\u590d\u5230\u5176\u539f\u59cb\u72b6\u6001\u7684\u5377\u3002 Essex 2012 \u5e74 4 \u6708\u53d1\u5e03\u7684\u4e0e OpenStack \u76f8\u5173\u7684\u9879\u76ee\u7684\u5206\u7ec4\u7248\u672c\uff0c\u662f OpenStack \u7684\u7b2c\u4e94\u4e2a\u7248\u672c\u3002\u5b83\u5305\u62ec\u8ba1\u7b97\uff08nova 2012.1\uff09\u3001\u5bf9\u8c61\u5b58\u50a8\uff08swift 1.4.8\uff09\u3001\u56fe\u50cf\uff08glance\uff09\u3001\u8eab\u4efd\uff08keystone\uff09\u548c\u4eea\u8868\u677f\uff08horizon\uff09\u3002Essex \u662f OpenStack \u7b2c\u4e94\u4e2a\u7248\u672c\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u7f8e\u56fd\u9a6c\u8428\u8bf8\u585e\u5dde\u6ce2\u58eb\u987f\u4e3e\u884c\uff0cEssex\u662f\u9644\u8fd1\u7684\u57ce\u5e02\u3002 ESXi \u652f\u6301 OpenStack \u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002 ETag \u51fd\u6570 \u5bf9\u8c61\u5b58\u50a8\u4e2d\u5bf9\u8c61\u7684 MD5 \u54c8\u5e0c\u503c\uff0c\u7528\u4e8e\u786e\u4fdd\u6570\u636e\u5b8c\u6574\u6027\u3002 euca2ools \u7528\u4e8e\u7ba1\u7406 VM \u7684\u547d\u4ee4\u884c\u5de5\u5177\u96c6\u5408;\u5927\u591a\u6570\u90fd\u4e0eOpenStack\u517c\u5bb9\u3002 Eucalyptus Kernel Image \uff08EKI\uff09 \u4e0e ERI \u4e00\u8d77\u4f7f\u7528\u4ee5\u521b\u5efa EMI\u3002 Eucalyptus\u673a\u5668\u6620\u50cf \uff08EMI\uff09 \u6620\u50cf\u670d\u52a1\u652f\u6301\u7684\u865a\u62df\u673a\u955c\u50cf\u5bb9\u5668\u683c\u5f0f\u3002 Eucalyptus Ramdisk \u955c\u50cf \uff08ERI\uff09 \u4e0e EKI \u4e00\u8d77\u4f7f\u7528\u4ee5\u521b\u5efa EMI\u3002 \u64a4\u79bb \u5c06\u4e00\u4e2a\u6216\u6240\u6709\u865a\u62df\u673a \uff08VM\uff09 \u5b9e\u4f8b\u4ece\u4e00\u53f0\u4e3b\u673a\u8fc1\u79fb\u5230\u53e6\u4e00\u53f0\u4e3b\u673a\u7684\u8fc7\u7a0b\uff0c\u4e0e\u5171\u4eab\u5b58\u50a8\u5b9e\u65f6\u8fc1\u79fb\u548c\u5757\u8fc1\u79fb\u517c\u5bb9\u3002 \u4ea4\u6362 RabbitMQ \u6d88\u606f\u4ea4\u6362\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u4ea4\u6362\u7c7b\u578b Compute RabbitMQ \u4e2d\u7684\u8def\u7531\u7b97\u6cd5\u3002 \u72ec\u5360\u961f\u5217 \u7531 RabbitMQ \u4e2d\u7684\u76f4\u63a5\u4f7f\u7528\u8005\u8fde\u63a5\u5230 - \u8ba1\u7b97\uff0c\u6d88\u606f\u53ea\u80fd\u7531\u5f53\u524d\u8fde\u63a5\u4f7f\u7528\u3002 \u6269\u5c55\u5c5e\u6027 \uff08xattr\uff09 \u6587\u4ef6\u7cfb\u7edf\u9009\u9879\uff0c\u7528\u4e8e\u5b58\u50a8\u6240\u6709\u8005\u3001\u7ec4\u3001\u6743\u9650\u3001\u4fee\u6539\u65f6\u95f4\u7b49\u4ee5\u5916\u7684\u5176\u4ed6\u4fe1\u606f\u3002\u5e95\u5c42\u5bf9\u8c61\u5b58\u50a8\u6587\u4ef6\u7cfb\u7edf\u5fc5\u987b\u652f\u6301\u6269\u5c55\u5c5e\u6027\u3002 \u6269\u5c55 API \u6269\u5c55\u6216\u63d2\u4ef6\u7684\u66ff\u4ee3\u672f\u8bed\u3002\u5728 Identity \u670d\u52a1\u7684\u4e0a\u4e0b\u6587\u4e2d\uff0c\u8fd9\u662f\u7279\u5b9a\u4e8e\u5b9e\u73b0\u7684\u8c03\u7528\uff0c\u4f8b\u5982\u6dfb\u52a0\u5bf9 OpenID \u7684\u652f\u6301\u3002 \u5916\u90e8\u7f51\u7edc \u901a\u5e38\u7528\u4e8e Internet \u8bbf\u95ee\u7684\u7f51\u6bb5\u3002 \u989d\u5916\u89c4\u683c \u6307\u5b9a\u8ba1\u7b97\u786e\u5b9a\u4ece\u4f55\u5904\u5f00\u59cb\u65b0\u5b9e\u4f8b\u65f6\u7684\u5176\u4ed6\u8981\u6c42\u3002\u793a\u4f8b\u5305\u62ec\u6700\u5c0f\u7f51\u7edc\u5e26\u5bbd\u6216 GPU \u91cf\u3002 F \u00b6 FakeLDAP \u521b\u5efa\u7528\u4e8e\u6d4b\u8bd5\u8eab\u4efd\u548c\u8ba1\u7b97\u7684\u672c\u5730 LDAP \u76ee\u5f55\u7684\u7b80\u5355\u65b9\u6cd5\u3002\u9700\u8981 Redis\u3002 fan-out\u4ea4\u6362 \u5728 RabbitMQ \u548c Compute \u4e2d\uff0c\u8c03\u5ea6\u7a0b\u5e8f\u670d\u52a1\u4f7f\u7528\u6d88\u606f\u4f20\u9012\u63a5\u53e3\u4ece\u8ba1\u7b97\u3001\u5377\u548c\u7f51\u7edc\u8282\u70b9\u63a5\u6536\u529f\u80fd\u6d88\u606f\u3002 \u8054\u5408\u8eab\u4efd \u4e00\u79cd\u5728\u8eab\u4efd\u63d0\u4f9b\u5546\u548c OpenStack \u4e91\u4e4b\u95f4\u5efa\u7acb\u4fe1\u4efb\u7684\u65b9\u6cd5\u3002 Fedora \u4e0e OpenStack \u517c\u5bb9\u7684 Linux \u53d1\u884c\u7248\u3002 \u5149\u7ea4\u901a\u9053 \u5b58\u50a8\u534f\u8bae\u5728\u6982\u5ff5\u4e0a\u7c7b\u4f3c\u4e8e TCP/IP;\u5c01\u88c5 SCSI \u547d\u4ee4\u548c\u6570\u636e\u3002 \u4ee5\u592a\u7f51\u5149\u7ea4\u901a\u9053 \uff08FCoE\uff09 \u5149\u7ea4\u901a\u9053\u534f\u8bae\u5728\u4ee5\u592a\u7f51\u5185\u901a\u8fc7\u96a7\u9053\u4f20\u8f93\u3002 \u586b\u5145\u4f18\u5148\u8c03\u5ea6\u5668 \u8ba1\u7b97\u8ba1\u5212\u65b9\u6cd5\uff0c\u5c1d\u8bd5\u7528 VM \u586b\u5145\u4e3b\u673a\uff0c\u800c\u4e0d\u662f\u5728\u5404\u79cd\u4e3b\u673a\u4e0a\u542f\u52a8\u65b0 VM\u3002 \u8fc7\u6ee4\u5668 \u8ba1\u7b97\u8ba1\u5212\u8fc7\u7a0b\u4e2d\u7684\u6b65\u9aa4\uff0c\u5f53\u65e0\u6cd5\u8fd0\u884c VM \u7684\u4e3b\u673a\u88ab\u6dd8\u6c70\u4e14\u672a\u88ab\u9009\u4e2d\u65f6\u3002 \u9632\u706b\u5899 \u7528\u4e8e\u9650\u5236\u4e3b\u673a\u548c/\u6216\u8282\u70b9\u4e4b\u95f4\u7684\u901a\u4fe1\uff0c\u5728\u8ba1\u7b97\u4e2d\u4f7f\u7528 iptables\u3001arptables\u3001ip6tables \u548c ebtables \u5b9e\u73b0\u3002 \u9632\u706b\u5899\u5373\u670d\u52a1 \uff08FWaaS\uff09 \u63d0\u4f9b\u5916\u56f4\u9632\u706b\u5899\u529f\u80fd\u7684\u7f51\u7edc\u6269\u5c55\u3002 \u56fa\u5b9a IP \u5730\u5740 \u6bcf\u6b21\u542f\u52a8\u5b9e\u4f8b\u65f6\u90fd\u4e0e\u540c\u4e00\u5b9e\u4f8b\u5173\u8054\u7684 IP \u5730\u5740\u901a\u5e38\u4e0d\u5bf9\u6700\u7ec8\u7528\u6237\u6216\u516c\u5171 Internet \u8bbf\u95ee\uff0c\u5e76\u7528\u4e8e\u7ba1\u7406\u5b9e\u4f8b\u3002 \u5e73\u9762\u7ba1\u7406\u5668 \u8ba1\u7b97\u7ec4\u4ef6\u4e3a\u6388\u6743\u8282\u70b9\u63d0\u4f9b IP \u5730\u5740\uff0c\u5e76\u5047\u5b9a DHCP\u3001DNS \u4ee5\u53ca\u8def\u7531\u914d\u7f6e\u548c\u670d\u52a1\u7531\u5176\u4ed6\u8bbe\u5907\u63d0\u4f9b\u3002 \u5e73\u9762\u6a21\u5f0f\u6ce8\u5165 \u4e00\u79cd\u8ba1\u7b97\u7f51\u7edc\u65b9\u6cd5\uff0c\u5728\u5b9e\u4f8b\u542f\u52a8\u4e4b\u524d\u5c06\u64cd\u4f5c\u7cfb\u7edf\u7f51\u7edc\u914d\u7f6e\u4fe1\u606f\u6ce8\u5165\u5230 VM \u6620\u50cf\u4e2d\u3002 \u5e73\u9762\u7f51\u7edc \u865a\u62df\u7f51\u7edc\u7c7b\u578b\uff0c\u4e0d\u4f7f\u7528VLAN\u6216\u96a7\u9053\u6765\u5206\u9694\u9879\u76ee\u6d41\u91cf\u3002\u6bcf\u4e2a\u5e73\u9762\u7f51\u7edc\u901a\u5e38\u9700\u8981\u5b9a\u4e49\u7531\u6865\u63a5\u6620\u5c04\u5b9a\u4e49\u7684\u5355\u72ec\u7684\u5e95\u5c42\u7269\u7406\u63a5\u53e3\u3002\u4f46\u662f\uff0c\u5e73\u9762\u7f51\u7edc\u53ef\u4ee5\u5305\u542b\u591a\u4e2a\u5b50\u7f51\u3002FlatDHCP \u7ba1\u7406\u5668 \u63d0\u4f9b dnsmasq\uff08DHCP\u3001DNS\u3001BOOTP\u3001TFTP\uff09\u548c radvd\uff08\u8def\u7531\uff09\u670d\u52a1\u7684\u8ba1\u7b97\u7ec4\u4ef6\u3002 \u89c4\u683c VM \u5b9e\u4f8b\u7c7b\u578b\u7684\u66ff\u4ee3\u672f\u8bed \u89c4\u683cID \u6bcf\u79cd\u8ba1\u7b97\u6216\u6620\u50cf\u670d\u52a1\u865a\u62df\u673a\u89c4\u683c\u6216\u5b9e\u4f8b\u7c7b\u578b\u7684 UUID\u3002 \u6d6e\u52a8 IP \u5730\u5740 \u9879\u76ee\u53ef\u4ee5\u4e0e VM \u5173\u8054\u7684 IP \u5730\u5740\uff0c\u4ee5\u4fbf\u5b9e\u4f8b\u5728\u6bcf\u6b21\u542f\u52a8\u65f6\u90fd\u5177\u6709\u76f8\u540c\u7684\u516c\u6709 IP \u5730\u5740\u3002\u60a8\u53ef\u4ee5\u521b\u5efa\u4e00\u4e2a\u6d6e\u52a8 IP \u5730\u5740\u6c60\uff0c\u5e76\u5728\u5b9e\u4f8b\u542f\u52a8\u65f6\u5c06\u5176\u5206\u914d\u7ed9\u5b9e\u4f8b\uff0c\u4ee5\u4fdd\u6301\u4e00\u81f4\u7684 IP \u5730\u5740\u4ee5\u7ef4\u62a4 DNS \u5206\u914d\u3002 Folsom 2012 \u5e74\u79cb\u5b63\u53d1\u5e03\u7684\u4e0e OpenStack \u76f8\u5173\u7684\u9879\u76ee\u7684\u5206\u7ec4\u7248\u672c\uff0c\u662f OpenStack \u7684\u7b2c\u516d\u4e2a\u7248\u672c\u3002\u5b83\u5305\u62ec\u8ba1\u7b97 \uff08nova\uff09\u3001\u5bf9\u8c61\u5b58\u50a8 \uff08swift\uff09\u3001\u8eab\u4efd \uff08keystone\uff09\u3001\u7f51\u7edc \uff08neutron\uff09\u3001\u6620\u50cf\u670d\u52a1 \uff08glance\uff09 \u4ee5\u53ca\u5377\u6216\u5757\u5b58\u50a8 \uff08cinder\uff09\u3002Folsom \u662f OpenStack \u7b2c\u516d\u4e2a\u7248\u672c\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u7f8e\u56fd\u52a0\u5229\u798f\u5c3c\u4e9a\u5dde\u65e7\u91d1\u5c71\u4e3e\u884c\uff0c\u798f\u5c14\u745f\u59c6\u662f\u9644\u8fd1\u7684\u57ce\u5e02\u3002 FormPost \u5bf9\u8c61\u5b58\u50a8\u4e2d\u95f4\u4ef6\uff0c\u901a\u8fc7\u7f51\u9875\u4e0a\u7684\u8868\u5355\u4e0a\u4f20\uff08\u53d1\u5e03\uff09\u56fe\u50cf\u3002 freezer \u5907\u4efd\u3001\u8fd8\u539f\u548c\u707e\u96be\u6062\u590d\u670d\u52a1\u7684\u4ee3\u53f7\u3002 \u524d\u7aef \u7528\u6237\u4e0e\u670d\u52a1\u4ea4\u4e92\u7684\u70b9;\u53ef\u4ee5\u662f API \u7aef\u70b9\u3001\u4eea\u8868\u677f\u6216\u547d\u4ee4\u884c\u5de5\u5177\u3002 G \u00b6 \u7f51\u5173 \u901a\u5e38\u5206\u914d\u7ed9\u8def\u7531\u5668\u7684 IP \u5730\u5740\uff0c\u7528\u4e8e\u5728\u4e0d\u540c\u7f51\u7edc\u4e4b\u95f4\u4f20\u9012\u7f51\u7edc\u6d41\u91cf\u3002 \u901a\u7528\u63a5\u6536\u5378\u8f7d \uff08GRO\uff09 \u67d0\u4e9b\u7f51\u7edc\u63a5\u53e3\u9a71\u52a8\u7a0b\u5e8f\u7684\u529f\u80fd\uff0c\u5728\u4f20\u9001\u5230\u5185\u6838 IP \u5806\u6808\u4e4b\u524d\uff0c\u5c06\u8bb8\u591a\u8f83\u5c0f\u7684\u63a5\u6536\u6570\u636e\u5305\u5408\u5e76\u4e3a\u4e00\u4e2a\u5927\u6570\u636e\u5305\u3002 \u901a\u7528\u8def\u7531\u5c01\u88c5 \uff08GRE\uff09 \u5728\u865a\u62df\u70b9\u5bf9\u70b9\u94fe\u8def\u4e2d\u5c01\u88c5\u5404\u79cd\u7f51\u7edc\u5c42\u534f\u8bae\u7684\u534f\u8bae\u3002 glance \u5f71\u50cf\u670d\u52a1\u7684\u4ee3\u53f7\u3002 glance API \u670d\u52a1\u5668 \u56fe\u50cf API \u7684\u66ff\u4ee3\u540d\u79f0\u3002 glance \u6ce8\u518c\u8868 \u6620\u50cf\u670d\u52a1\u6620\u50cf\u6ce8\u518c\u8868\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u5168\u5c40\u7aef\u70b9\u6a21\u677f \u5305\u542b\u53ef\u7528\u4e8e\u6240\u6709\u9879\u76ee\u7684\u670d\u52a1\u7684\u6807\u8bc6\u670d\u52a1\u7ec8\u7ed3\u70b9\u6a21\u677f\u3002 GlusterFS \u4e00\u4e2a\u65e8\u5728\u805a\u5408 NAS \u4e3b\u673a\u7684\u6587\u4ef6\u7cfb\u7edf\uff0c\u4e0e OpenStack \u517c\u5bb9\u3002 gnocchi OpenStack Telemetry \u670d\u52a1\u7684\u4e00\u90e8\u5206;\u63d0\u4f9b\u7d22\u5f15\u5668\u548c\u65f6\u5e8f\u6570\u636e\u5e93\u3002 golden\u6620\u50cf \u4e00\u79cd\u64cd\u4f5c\u7cfb\u7edf\u5b89\u88c5\u65b9\u6cd5\uff0c\u5176\u4e2d\u521b\u5efa\u6700\u7ec8\u7684\u78c1\u76d8\u6620\u50cf\uff0c\u7136\u540e\u7531\u6240\u6709\u8282\u70b9\u4f7f\u7528\uff0c\u65e0\u9700\u4fee\u6539\u3002 \u6cbb\u7406\u670d\u52a1\uff08\u5927\u4f1a\uff09 \u8be5\u9879\u76ee\u5728\u4efb\u4f55\u4e91\u670d\u52a1\u96c6\u5408\u4e2d\u63d0\u4f9b\u6cbb\u7406\u5373\u670d\u52a1\uff0c\u4ee5\u4fbf\u76d1\u89c6\u3001\u5b9e\u65bd\u548c\u5ba1\u6838\u52a8\u6001\u57fa\u7840\u7ed3\u6784\u4e0a\u7684\u7b56\u7565\u3002 \u56fe\u5f62\u4ea4\u6362\u683c\u5f0f \uff08GIF\uff09 \u4e00\u79cd\u901a\u5e38\u7528\u4e8e\u7f51\u9875\u4e0a\u7684\u52a8\u753b\u56fe\u50cf\u7684\u56fe\u50cf\u6587\u4ef6\u3002 \u56fe\u5f62\u5904\u7406\u5355\u5143 \uff08GPU\uff09 OpenStack \u76ee\u524d\u4e0d\u652f\u6301\u6839\u636e GPU \u7684\u5b58\u5728\u6765\u9009\u62e9\u4e3b\u673a\u3002 \u7eff\u8272\u7ebf\u7a0b Python \u4f7f\u7528\u7684\u534f\u4f5c\u7ebf\u7a0b\u6a21\u578b;\u51cf\u5c11\u4e89\u7528\u6761\u4ef6\uff0c\u5e76\u4e14\u4ec5\u5728\u8fdb\u884c\u7279\u5b9a\u5e93\u8c03\u7528\u65f6\u8fdb\u884c\u4e0a\u4e0b\u6587\u5207\u6362\u3002\u6bcf\u4e2a OpenStack \u670d\u52a1\u90fd\u662f\u5b83\u81ea\u5df1\u7684\u7ebf\u7a0b\u3002 Grizzly OpenStack \u7b2c\u4e03\u4e2a\u7248\u672c\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u7f8e\u56fd\u52a0\u5229\u798f\u5c3c\u4e9a\u5dde\u5723\u5730\u4e9a\u54e5\u4e3e\u884c\uff0cGrizzly\u662f\u52a0\u5229\u798f\u5c3c\u4e9a\u5dde\u5dde\u65d7\u7684\u4e00\u4e2a\u5143\u7d20\u3002 \u5206\u7ec4 Identity v3 API \u5b9e\u4f53\u3002\u8868\u793a\u7279\u5b9a\u57df\u6240\u62e5\u6709\u7684\u7528\u6237\u96c6\u5408\u3002 \u5ba2\u6237\u673a\u64cd\u4f5c\u7cfb\u7edf \u5728\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u7684\u63a7\u5236\u4e0b\u8fd0\u884c\u7684\u64cd\u4f5c\u7cfb\u7edf\u5b9e\u4f8b\u3002 H \u00b6 Hadoop Apache Hadoop \u662f\u4e00\u4e2a\u5f00\u6e90\u8f6f\u4ef6\u6846\u67b6\uff0c\u652f\u6301\u6570\u636e\u5bc6\u96c6\u578b\u5206\u5e03\u5f0f\u5e94\u7528\u7a0b\u5e8f\u3002 Hadoop \u5206\u5e03\u5f0f\u6587\u4ef6\u7cfb\u7edf \uff08HDFS\uff09 \u4e00\u79cd\u5206\u5e03\u5f0f\u3001\u9ad8\u5ea6\u5bb9\u9519\u7684\u6587\u4ef6\u7cfb\u7edf\uff0c\u8bbe\u8ba1\u7528\u4e8e\u5728\u4f4e\u6210\u672c\u5546\u7528\u786c\u4ef6\u4e0a\u8fd0\u884c\u3002 \u4ea4\u63a5 \u5bf9\u8c61\u5b58\u50a8\u4e2d\u7684\u4e00\u79cd\u5bf9\u8c61\u72b6\u6001\uff0c\u5176\u4e2d\u7531\u4e8e\u9a71\u52a8\u5668\u6545\u969c\u800c\u81ea\u52a8\u521b\u5efa\u5bf9\u8c61\u7684\u65b0\u526f\u672c\u3002 HAProxy \u51fd\u6570 \u4e3a\u57fa\u4e8e TCP \u548c HTTP \u7684\u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u8d1f\u8f7d\u5e73\u8861\u5668\uff0c\u5c06\u8bf7\u6c42\u5206\u6563\u5230\u591a\u4e2a\u670d\u52a1\u5668\u3002 \u786c\u91cd\u542f \u4e00\u79cd\u91cd\u65b0\u542f\u52a8\u7c7b\u578b\uff0c\u5176\u4e2d\u6309\u4e0b\u7269\u7406\u6216\u865a\u62df\u7535\u6e90\u6309\u94ae\uff0c\u800c\u4e0d\u662f\u6b63\u5e38\u3001\u6b63\u786e\u5730\u5173\u95ed\u64cd\u4f5c\u7cfb\u7edf\u3002 Havana OpenStack \u7b2c\u516b\u7248\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u7f8e\u56fd\u4fc4\u52d2\u5188\u5dde\u6ce2\u7279\u5170\u5e02\u4e3e\u884c\uff0cHavana\u662f\u4fc4\u52d2\u5188\u5dde\u7684\u4e00\u4e2a\u975e\u6cd5\u4eba\u793e\u533a\u3002 \u5065\u5eb7\u76d1\u89c6\u5668 \u786e\u5b9a VIP \u6c60\u7684\u540e\u7aef\u6210\u5458\u662f\u5426\u53ef\u4ee5\u5904\u7406\u8bf7\u6c42\u3002\u4e00\u4e2a\u6c60\u53ef\u4ee5\u6709\u591a\u4e2a\u4e0e\u4e4b\u5173\u8054\u7684\u8fd0\u884c\u72b6\u51b5\u76d1\u89c6\u5668\u3002\u5f53\u6c60\u6709\u591a\u4e2a\u4e0e\u4e4b\u5173\u8054\u7684\u76d1\u89c6\u5668\u65f6\uff0c\u6240\u6709\u76d1\u89c6\u5668\u90fd\u4f1a\u68c0\u67e5\u6c60\u7684\u6bcf\u4e2a\u6210\u5458\u3002\u6240\u6709\u76d1\u89c6\u5668\u90fd\u5fc5\u987b\u58f0\u660e\u6210\u5458\u8fd0\u884c\u72b6\u51b5\u826f\u597d\uff0c\u624d\u80fd\u4fdd\u6301\u6d3b\u52a8\u72b6\u6001\u3002 heat \u4e1a\u52a1\u6d41\u7a0b\u670d\u52a1\u7684\u4ee3\u53f7\u3002 Heat \u7f16\u6392\u6a21\u677f \uff08HOT\uff09 \u4ee5 OpenStack \u539f\u751f\u683c\u5f0f\u7684 Heat \u8f93\u5165\u3002 \u9ad8\u53ef\u7528\u6027 \uff08HA\uff09 \u9ad8\u53ef\u7528\u6027\u7cfb\u7edf\u8bbe\u8ba1\u65b9\u6cd5\u548c\u76f8\u5173\u670d\u52a1\u5b9e\u65bd\u53ef\u786e\u4fdd\u5728\u5408\u540c\u6d4b\u91cf\u671f\u95f4\u8fbe\u5230\u9884\u5148\u5b89\u6392\u7684\u8fd0\u8425\u7ee9\u6548\u6c34\u5e73\u3002\u9ad8\u53ef\u7528\u6027\u7cfb\u7edf\u529b\u6c42\u6700\u5927\u9650\u5ea6\u5730\u51cf\u5c11\u7cfb\u7edf\u505c\u673a\u65f6\u95f4\u548c\u6570\u636e\u4e22\u5931\u3002 horizon \u4eea\u8868\u677f\u7684\u4ee3\u53f7\u3002 Horizon \u63d2\u4ef6 OpenStack Dashboard \uff08horizon\uff09 \u7684\u63d2\u4ef6\u3002 \u4e3b\u673a \u7269\u7406\u8ba1\u7b97\u673a\uff0c\u800c\u4e0d\u662f VM \u5b9e\u4f8b\uff08\u8282\u70b9\uff09\u3002 \u4e3b\u673a\u805a\u5408 \u4e00\u79cd\u5c06\u53ef\u7528\u6027\u533a\u57df\u8fdb\u4e00\u6b65\u7ec6\u5206\u4e3a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u6c60\uff08\u516c\u5171\u4e3b\u673a\u7684\u96c6\u5408\uff09\u7684\u65b9\u6cd5\u3002 \u4e3b\u673a\u603b\u7ebf\u9002\u914d\u5668 \uff08HBA\uff09 \u63d2\u5165 PCI \u63d2\u69fd\uff08\u5982\u5149\u7ea4\u901a\u9053\u6216\u7f51\u5361\uff09\u7684\u8bbe\u5907\u3002 \u6df7\u5408\u4e91 \u6df7\u5408\u4e91\u662f\u7531\u4e24\u4e2a\u6216\u591a\u4e2a\u4e91\uff08\u79c1\u6709\u4e91\u3001\u793e\u533a\u4e91\u6216\u516c\u6709\u4e91\uff09\u7ec4\u6210\u7684\uff0c\u8fd9\u4e9b\u4e91\u4ecd\u7136\u662f\u4e0d\u540c\u7684\u5b9e\u4f53\uff0c\u4f46\u7ed1\u5b9a\u5728\u4e00\u8d77\uff0c\u63d0\u4f9b\u591a\u79cd\u90e8\u7f72\u6a21\u578b\u7684\u4f18\u52bf\u3002\u6df7\u5408\u4e91\u8fd8\u610f\u5473\u7740\u80fd\u591f\u5c06\u4e3b\u673a\u6258\u7ba1\u3001\u6258\u7ba1\u548c/\u6216\u4e13\u7528\u670d\u52a1\u4e0e\u4e91\u8d44\u6e90\u8fde\u63a5\u8d77\u6765\u3002 \u6df7\u5408\u4e91\u8ba1\u7b97 \u6df7\u5408\u4e86\u672c\u5730\u3001\u79c1\u6709\u4e91\u548c\u7b2c\u4e09\u65b9\u516c\u6709\u4e91\u670d\u52a1\uff0c\u5e76\u5728\u4e24\u4e2a\u5e73\u53f0\u4e4b\u95f4\u8fdb\u884c\u7f16\u6392\u3002 Hyper-V OpenStack \u652f\u6301\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e4b\u4e00\u3002 \u8d85\u94fe\u63a5 \u5305\u542b\u6307\u5411\u5176\u4ed6\u7f51\u7ad9\u7684\u94fe\u63a5\u7684\u4efb\u4f55\u7c7b\u578b\u7684\u6587\u672c\uff0c\u5e38\u89c1\u4e8e\u5355\u51fb\u4e00\u4e2a\u6216\u591a\u4e2a\u5355\u8bcd\u4f1a\u6253\u5f00\u5176\u4ed6\u7f51\u7ad9\u7684\u6587\u6863\u4e2d\u3002 \u8d85\u6587\u672c\u4f20\u8f93\u534f\u8bae \uff08HTTP\uff09 \u7528\u4e8e\u5206\u5e03\u5f0f\u3001\u534f\u4f5c\u5f0f\u3001\u8d85\u5a92\u4f53\u4fe1\u606f\u7cfb\u7edf\u7684\u5e94\u7528\u534f\u8bae\u3002\u5b83\u662f\u4e07\u7ef4\u7f51\u6570\u636e\u901a\u4fe1\u7684\u57fa\u7840\u3002\u8d85\u6587\u672c\u662f\u5728\u5305\u542b\u6587\u672c\u7684\u8282\u70b9\u4e4b\u95f4\u4f7f\u7528\u903b\u8f91\u94fe\u63a5\uff08\u8d85\u94fe\u63a5\uff09\u7684\u7ed3\u6784\u5316\u6587\u672c\u3002HTTP\u662f\u4ea4\u6362\u6216\u4f20\u8f93\u8d85\u6587\u672c\u7684\u534f\u8bae\u3002 \u5b89\u5168\u8d85\u6587\u672c\u4f20\u8f93\u534f\u8bae \uff08HTTPS\uff09\u4e00\u79cd\u52a0\u5bc6\u901a\u4fe1\u534f\u8bae\uff0c\u7528\u4e8e\u901a\u8fc7\u8ba1\u7b97\u673a\u7f51\u7edc\u8fdb\u884c\u5b89\u5168\u901a\u4fe1\uff0c\u5728 Internet \u4e0a\u7684\u90e8\u7f72\u7279\u522b\u5e7f\u6cdb\u3002\u4ece\u6280\u672f\u4e0a\u8bb2\uff0c\u5b83\u672c\u8eab\u4e0d\u662f\u4e00\u4e2a\u534f\u8bae;\u76f8\u53cd\uff0c\u5b83\u662f\u7b80\u5355\u5730\u5c06\u8d85\u6587\u672c\u4f20\u8f93\u534f\u8bae \uff08HTTP\uff09 \u5206\u5c42\u5728 TLS \u6216 SSL \u534f\u8bae\u4e4b\u4e0a\u7684\u7ed3\u679c\uff0c\u4ece\u800c\u5c06 TLS \u6216 SSL \u7684\u5b89\u5168\u529f\u80fd\u6dfb\u52a0\u5230\u6807\u51c6 HTTP \u901a\u4fe1\u4e2d\u3002\u5927\u591a\u6570 OpenStack API \u7aef\u70b9\u548c\u8bb8\u591a\u7ec4\u4ef6\u95f4\u901a\u4fe1\u90fd\u652f\u6301 HTTPS \u901a\u4fe1\u3002 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f \u4ef2\u88c1\u548c\u63a7\u5236 VM \u5bf9\u5b9e\u9645\u5e95\u5c42\u786c\u4ef6\u7684\u8bbf\u95ee\u7684\u8f6f\u4ef6\u3002 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u6c60 \u901a\u8fc7\u4e3b\u673a\u805a\u5408\u7ec4\u5408\u5728\u4e00\u8d77\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u7684\u96c6\u5408\u3002 I \u00b6 Icehouse OpenStack \u7b2c\u4e5d\u4e2a\u7248\u672c\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u9999\u6e2f\u4e3e\u884c\uff0cIce House\u662f\u8be5\u5e02\u7684\u4e00\u6761\u8857\u9053\u7684\u540d\u5b57\u3002 \u8eab\u4efd\u8bc1\u53f7\u7801 \u4e0e\u8eab\u4efd\u4e2d\u7684\u6bcf\u4e2a\u7528\u6237\u5173\u8054\u7684\u552f\u4e00\u6570\u5b57 ID\uff0c\u5728\u6982\u5ff5\u4e0a\u7c7b\u4f3c\u4e8e Linux \u6216 LDAP UID\u3002 \u8eab\u4efd\u9a8c\u8bc1 API Identity \u670d\u52a1 API \u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u8eab\u4efd\u9a8c\u8bc1\u540e\u7aef Identity \u670d\u52a1\u7528\u4e8e\u68c0\u7d22\u7528\u6237\u4fe1\u606f\u7684\u6e90;\u4f8b\u5982\uff0cOpenLDAP \u670d\u52a1\u5668\u3002 \u8eab\u4efd\u63d0\u4f9b\u8005 \u4e00\u79cd\u76ee\u5f55\u670d\u52a1\uff0c\u5141\u8bb8\u7528\u6237\u4f7f\u7528\u7528\u6237\u540d\u548c\u5bc6\u7801\u767b\u5f55\u3002\u5b83\u662f\u8eab\u4efd\u9a8c\u8bc1\u4ee4\u724c\u7684\u5178\u578b\u6765\u6e90\u3002 \u8eab\u4efd\u670d\u52a1\uff08keystone\uff09 \u4fc3\u8fdb API \u5ba2\u6237\u7aef\u8eab\u4efd\u9a8c\u8bc1\u3001\u670d\u52a1\u53d1\u73b0\u3001\u5206\u5e03\u5f0f\u591a\u9879\u76ee\u6388\u6743\u548c\u5ba1\u8ba1\u7684\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u7528\u6237\u6620\u5c04\u5230\u4ed6\u4eec\u53ef\u4ee5\u8bbf\u95ee\u7684 OpenStack \u670d\u52a1\u7684\u4e2d\u592e\u76ee\u5f55\u3002\u5b83\u8fd8\u4e3a OpenStack \u670d\u52a1\u6ce8\u518c\u7aef\u70b9\uff0c\u5e76\u5145\u5f53\u901a\u7528\u8eab\u4efd\u9a8c\u8bc1\u7cfb\u7edf\u3002 \u8eab\u4efd\u670d\u52a1 API \u7528\u4e8e\u8bbf\u95ee\u901a\u8fc7 keystone \u63d0\u4f9b\u7684 OpenStack Identity \u670d\u52a1\u7684 API\u3002 IETF \uff08\u82f1\u8bed\uff09 Internet \u5de5\u7a0b\u4efb\u52a1\u7ec4 \uff08IETF\uff09 \u662f\u4e00\u4e2a\u5f00\u653e\u6807\u51c6\u7ec4\u7ec7\uff0c\u8d1f\u8d23\u5236\u5b9a Internet \u6807\u51c6\uff0c\u5c24\u5176\u662f\u4e0e TCP/IP \u76f8\u5173\u7684\u6807\u51c6\u3002 \u6620\u50cf \u7528\u4e8e\u521b\u5efa\u6216\u91cd\u5efa\u670d\u52a1\u5668\u7684\u7279\u5b9a\u64cd\u4f5c\u7cfb\u7edf \uff08OS\uff09 \u7684\u6587\u4ef6\u96c6\u5408\u3002OpenStack \u63d0\u4f9b\u9884\u6784\u5efa\u7684\u6620\u50cf\u3002\u60a8\u8fd8\u53ef\u4ee5\u4ece\u5df2\u542f\u52a8\u7684\u670d\u52a1\u5668\u521b\u5efa\u81ea\u5b9a\u4e49\u6620\u50cf\u6216\u5feb\u7167\u3002\u81ea\u5b9a\u4e49\u6620\u50cf\u53ef\u7528\u4e8e\u6570\u636e\u5907\u4efd\uff0c\u6216\u7528\u4f5c\u5176\u4ed6\u670d\u52a1\u5668\u7684\u201c\u9ec4\u91d1\u201d\u6620\u50cf\u3002 \u6620\u50cfAPI \u7528\u4e8e\u7ba1\u7406 VM \u6620\u50cf\u7684\u6620\u50cf\u670d\u52a1 API \u7ec8\u7ed3\u70b9\u3002\u5904\u7406\u5ba2\u6237\u7aef\u5bf9 VM \u7684\u8bf7\u6c42\uff0c\u66f4\u65b0\u6ce8\u518c\u8868\u670d\u52a1\u5668\u4e0a\u7684\u6620\u50cf\u670d\u52a1\u5143\u6570\u636e\uff0c\u5e76\u4e0e\u5b58\u50a8\u9002\u914d\u5668\u901a\u4fe1\u4ee5\u4ece\u540e\u7aef\u5b58\u50a8\u4e0a\u4f20 VM \u6620\u50cf\u3002 \u6620\u50cf\u7f13\u5b58 \u7531\u56fe\u50cf\u670d\u52a1\u7528\u4e8e\u83b7\u53d6\u672c\u5730\u4e3b\u673a\u4e0a\u7684\u56fe\u50cf\uff0c\u800c\u4e0d\u662f\u5728\u6bcf\u6b21\u8bf7\u6c42\u56fe\u50cf\u65f6\u4ece\u56fe\u50cf\u670d\u52a1\u5668\u91cd\u65b0\u4e0b\u8f7d\u56fe\u50cf\u3002 \u6620\u50cf ID URI \u548c UUID \u7684\u7ec4\u5408\uff0c\u7528\u4e8e\u901a\u8fc7\u955c\u50cf API \u8bbf\u95ee\u955c\u50cf\u670d\u52a1\u865a\u62df\u673a\u955c\u50cf\u3002 \u6620\u50cf\u6210\u5458 \u53ef\u4ee5\u5728\u6620\u50cf\u670d\u52a1\u4e2d\u8bbf\u95ee\u7ed9\u5b9a VM \u6620\u50cf\u7684\u9879\u76ee\u5217\u8868\u3002 \u6620\u50cf\u6240\u6709\u8005 \u62e5\u6709\u955c\u50cf\u670d\u52a1\u865a\u62df\u673a\u955c\u50cf\u7684\u9879\u76ee\u3002 \u6620\u50cf\u6ce8\u518c\u8868 \u53ef\u901a\u8fc7\u6620\u50cf\u670d\u52a1\u83b7\u53d6\u7684 VM \u6620\u50cf\u7684\u5217\u8868\u3002 \u6620\u50cf\u670d\u52a1\uff08glance\uff09 OpenStack \u670d\u52a1\uff0c\u5b83\u63d0\u4f9b\u670d\u52a1\u548c\u5173\u8054\u7684\u5e93\u6765\u5b58\u50a8\u3001\u6d4f\u89c8\u3001\u5171\u4eab\u3001\u5206\u53d1\u548c\u7ba1\u7406\u53ef\u542f\u52a8\u78c1\u76d8\u6620\u50cf\u3001\u4e0e\u521d\u59cb\u5316\u8ba1\u7b97\u8d44\u6e90\u5bc6\u5207\u76f8\u5173\u7684\u5176\u4ed6\u6570\u636e\u4ee5\u53ca\u5143\u6570\u636e\u5b9a\u4e49\u3002 \u6620\u50cf\u72b6\u6001 \u955c\u50cf\u670d\u52a1\u4e2d\u865a\u62df\u673a\u955c\u50cf\u7684\u5f53\u524d\u72b6\u6001\uff0c\u4e0d\u8981\u4e0e\u6b63\u5728\u8fd0\u884c\u7684\u5b9e\u4f8b\u7684\u72b6\u6001\u6df7\u6dc6\u3002 \u6620\u50cf\u5b58\u50a8 \u6620\u50cf\u670d\u52a1\u7528\u4e8e\u5b58\u50a8\u865a\u62df\u673a\u6620\u50cf\u7684\u540e\u7aef\u5b58\u50a8\uff0c\u9009\u9879\u5305\u62ec\u5bf9\u8c61\u5b58\u50a8\u3001\u672c\u5730\u6302\u8f7d\u7684\u6587\u4ef6\u7cfb\u7edf\u3001RADOS \u5757\u8bbe\u5907\u3001VMware \u6570\u636e\u5b58\u50a8\u6216 HTTP\u3002 \u6620\u50cf UUID \u6620\u50cf\u670d\u52a1\u7528\u4e8e\u552f\u4e00\u6807\u8bc6\u6bcf\u4e2a VM \u6620\u50cf\u7684 UUID\u3002 \u5b75\u5316\u9879\u76ee \u793e\u533a\u9879\u76ee\u53ef\u4ee5\u63d0\u5347\u5230\u6b64\u72b6\u6001\uff0c\u7136\u540e\u63d0\u5347\u4e3a\u6838\u5fc3\u9879\u76ee \u57fa\u7840\u8bbe\u65bd\u4f18\u5316\u670d\u52a1\uff08\u89c2\u5bdf\u8005\uff09 OpenStack\u9879\u76ee\uff0c\u65e8\u5728\u4e3a\u57fa\u4e8eOpenStack\u7684\u591a\u9879\u76ee\u4e91\u63d0\u4f9b\u7075\u6d3b\u4e14\u53ef\u6269\u5c55\u7684\u8d44\u6e90\u4f18\u5316\u670d\u52a1\u3002 \u57fa\u7840\u67b6\u6784\u5373\u670d\u52a1 \uff08IaaS\uff09 IaaS \u662f\u4e00\u79cd\u914d\u7f6e\u6a21\u578b\uff0c\u5728\u8fd9\u79cd\u6a21\u578b\u4e2d\uff0c\u7ec4\u7ec7\u5916\u5305\u6570\u636e\u4e2d\u5fc3\u7684\u7269\u7406\u7ec4\u4ef6\uff0c\u4f8b\u5982\u5b58\u50a8\u3001\u786c\u4ef6\u3001\u670d\u52a1\u5668\u548c\u7f51\u7edc\u7ec4\u4ef6\u3002\u670d\u52a1\u63d0\u4f9b\u5546\u62e5\u6709\u8bbe\u5907\uff0c\u5e76\u8d1f\u8d23\u8bbe\u5907\u7684\u5b89\u88c5\u3001\u64cd\u4f5c\u548c\u7ef4\u62a4\u3002\u5ba2\u6237\u901a\u5e38\u6309\u4f7f\u7528\u91cf\u4ed8\u8d39\u3002IaaS \u662f\u4e00\u79cd\u63d0\u4f9b\u4e91\u670d\u52a1\u7684\u6a21\u578b\u3002 Ingress \u8fc7\u6ee4 \u7b5b\u9009\u4f20\u5165\u7f51\u7edc\u6d41\u91cf\u7684\u8fc7\u7a0b\u3002\u7531\u8ba1\u7b97\u652f\u6301\u3002 INI \u683c\u5f0f OpenStack \u914d\u7f6e\u6587\u4ef6\u4f7f\u7528 INI \u683c\u5f0f\u6765\u63cf\u8ff0\u9009\u9879\u53ca\u5176\u503c\u3002\u5b83\u7531\u90e8\u5206\u548c\u952e\u503c\u5bf9\u7ec4\u6210\u3002 \u6ce8\u5165 \u5728\u542f\u52a8\u5b9e\u4f8b\u4e4b\u524d\u5c06\u6587\u4ef6\u653e\u5165\u865a\u62df\u673a\u6620\u50cf\u7684\u8fc7\u7a0b\u3002 \u6bcf\u79d2\u8f93\u5165/\u8f93\u51fa\u64cd\u4f5c\u6570 \uff08IOPS\uff09 IOPS \u662f\u4e00\u79cd\u5e38\u89c1\u7684\u6027\u80fd\u5ea6\u91cf\uff0c\u7528\u4e8e\u5bf9\u8ba1\u7b97\u673a\u5b58\u50a8\u8bbe\u5907\uff08\u5982\u786c\u76d8\u9a71\u52a8\u5668\u3001\u56fa\u6001\u9a71\u52a8\u5668\u548c\u5b58\u50a8\u533a\u57df\u7f51\u7edc\uff09\u8fdb\u884c\u57fa\u51c6\u6d4b\u8bd5\u3002 \u5b9e\u4f8b \u6b63\u5728\u8fd0\u884c\u7684 VM \u6216\u5904\u4e8e\u5df2\u77e5\u72b6\u6001\uff08\u5982\u6302\u8d77\uff09\u7684 VM\uff0c\u53ef\u4ee5\u50cf\u786c\u4ef6\u670d\u52a1\u5668\u4e00\u6837\u4f7f\u7528\u3002 \u5b9e\u4f8bID \u4f8b\u5982UUID\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u5b9e\u4f8b\u72b6\u6001 \u6765\u5bbe\u865a\u62df\u673a\u6620\u50cf\u7684\u5f53\u524d\u72b6\u6001\u3002 \u5b9e\u4f8b\u96a7\u9053\u7f51\u7edc \u7528\u4e8e\u8ba1\u7b97\u8282\u70b9\u548c\u7f51\u7edc\u8282\u70b9\u4e4b\u95f4\u7684\u5b9e\u4f8b\u6d41\u91cf\u96a7\u9053\u7684\u7f51\u6bb5\u3002 \u5b9e\u4f8b\u7c7b\u578b \u63cf\u8ff0\u53ef\u4f9b\u7528\u6237\u4f7f\u7528\u7684\u5404\u79cd\u865a\u62df\u673a\u6620\u50cf\u7684\u53c2\u6570;\u5305\u62ec CPU\u3001\u5b58\u50a8\u548c\u5185\u5b58\u7b49\u53c2\u6570\u3002\u98ce\u5473\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u5b9e\u4f8b\u7c7b\u578b ID \u7279\u5b9a\u5b9e\u4f8b ID \u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u5b9e\u4f8b UUID \u5206\u914d\u7ed9\u6bcf\u4e2a\u6765\u5bbe VM \u5b9e\u4f8b\u7684\u552f\u4e00 ID\u3002 \u667a\u80fd\u5e73\u53f0\u7ba1\u7406\u63a5\u53e3\uff08IPMI\uff09 IPMI \u662f\u7cfb\u7edf\u7ba1\u7406\u5458\u7528\u4e8e\u8ba1\u7b97\u673a\u7cfb\u7edf\u5e26\u5916\u7ba1\u7406\u548c\u76d1\u63a7\u5176\u64cd\u4f5c\u7684\u6807\u51c6\u5316\u8ba1\u7b97\u673a\u7cfb\u7edf\u63a5\u53e3\u3002\u901a\u4fd7\u5730\u8bf4\uff0c\u5b83\u662f\u4e00\u79cd\u4f7f\u7528\u76f4\u63a5\u7f51\u7edc\u8fde\u63a5\u7ba1\u7406\u8ba1\u7b97\u673a\u7684\u65b9\u6cd5\uff0c\u65e0\u8bba\u5b83\u662f\u5426\u6253\u5f00;\u8fde\u63a5\u5230\u786c\u4ef6\uff0c\u800c\u4e0d\u662f\u64cd\u4f5c\u7cfb\u7edf\u6216\u767b\u5f55 shell\u3002 \u63a5\u53e3 \u63d0\u4f9b\u4e0e\u5176\u4ed6\u8bbe\u5907\u6216\u4ecb\u8d28\u7684\u8fde\u63a5\u7684\u7269\u7406\u6216\u865a\u62df\u8bbe\u5907\u3002 \u63a5\u53e3 ID UUID \u5f62\u5f0f\u7684\u7f51\u7edc VIF \u6216 vNIC \u7684\u552f\u4e00 ID\u3002 \u4e92\u8054\u7f51\u63a7\u5236\u6d88\u606f\u534f\u8bae \uff08ICMP\uff09 \u7f51\u7edc\u8bbe\u5907\u7528\u4e8e\u63a7\u5236\u6d88\u606f\u7684\u7f51\u7edc\u534f\u8bae\u3002\u4f8b\u5982\uff0cping \u4f7f\u7528 ICMP \u6765\u6d4b\u8bd5\u8fde\u63a5\u3002 \u4e92\u8054\u7f51\u534f\u8bae \uff08IP\uff09 Internet \u534f\u8bae\u5957\u4ef6\u4e2d\u7684\u4e3b\u8981\u901a\u4fe1\u534f\u8bae\uff0c\u7528\u4e8e\u8de8\u7f51\u7edc\u8fb9\u754c\u4e2d\u7ee7\u6570\u636e\u62a5\u3002 \u4e92\u8054\u7f51\u670d\u52a1\u63d0\u4f9b\u5546 \uff08ISP\uff09 \u4efb\u4f55\u5411\u4e2a\u4eba\u6216\u4f01\u4e1a\u63d0\u4f9b\u4e92\u8054\u7f51\u8bbf\u95ee\u7684\u4f01\u4e1a\u3002 \u4e92\u8054\u7f51\u5c0f\u578b\u8ba1\u7b97\u673a\u7cfb\u7edf\u63a5\u53e3\uff08iSCSI\uff09 \u5c01\u88c5 SCSI \u5e27\u4ee5\u901a\u8fc7 IP \u7f51\u7edc\u4f20\u8f93\u7684\u5b58\u50a8\u534f\u8bae\u3002\u53d7\u8ba1\u7b97\u3001\u5bf9\u8c61\u5b58\u50a8\u548c\u955c\u50cf\u670d\u52a1\u652f\u6301\u3002 IO \u8f93\u5165\u548c\u8f93\u51fa\u7684\u7f29\u5199\u3002 IP \u5730\u5740 Internet \u4e0a\u6bcf\u4e2a\u8ba1\u7b97\u673a\u7cfb\u7edf\u552f\u4e00\u7684\u7f16\u53f7\u3002\u5730\u5740\u4f7f\u7528\u4e86\u4e24\u4e2a\u7248\u672c\u7684 Internet \u534f\u8bae \uff08IP\uff09\uff1aIPv4 \u548c IPv6\u3002 IP \u5730\u5740\u7ba1\u7406 \uff08IPAM\uff09 \u81ea\u52a8\u6267\u884c IP \u5730\u5740\u5206\u914d\u3001\u89e3\u9664\u5206\u914d\u548c\u7ba1\u7406\u7684\u8fc7\u7a0b\u3002\u76ee\u524d\u7531 Compute\u3001melange \u548c Networking \u63d0\u4f9b\u3002 ip6tables \u7528\u4e8e\u5728 Linux \u5185\u6838\u4e2d\u8bbe\u7f6e\u3001\u7ef4\u62a4\u548c\u68c0\u67e5 IPv6 \u6570\u636e\u5305\u8fc7\u6ee4\u89c4\u5219\u8868\u7684\u5de5\u5177\u3002\u5728 OpenStack \u8ba1\u7b97\u4e2d\uff0cip6tables \u4e0e arptables\u3001ebtables \u548c iptables \u4e00\u8d77\u4f7f\u7528\uff0c\u4e3a\u8282\u70b9\u548c\u865a\u62df\u673a\u521b\u5efa\u9632\u706b\u5899\u3002 ipset \u5bf9 iptables \u7684\u6269\u5c55\uff0c\u5141\u8bb8\u521b\u5efa\u540c\u65f6\u5339\u914d\u6574\u4e2a IP \u5730\u5740\u201c\u96c6\u201d\u7684\u9632\u706b\u5899\u89c4\u5219\u3002\u8fd9\u4e9b\u96c6\u9a7b\u7559\u5728\u7d22\u5f15\u6570\u636e\u7ed3\u6784\u4e2d\u4ee5\u63d0\u9ad8\u6548\u7387\uff0c\u5c24\u5176\u662f\u5728\u5177\u6709\u5927\u91cf\u89c4\u5219\u7684\u7cfb\u7edf\u4e0a\u3002 iptables iptables \u4e0e arptables \u548c ebtables \u4e00\u8d77\u4f7f\u7528\uff0c\u53ef\u5728 Compute \u4e2d\u521b\u5efa\u9632\u706b\u5899\u3002iptables \u662f Linux \u5185\u6838\u9632\u706b\u5899\uff08\u4f5c\u4e3a\u4e0d\u540c\u7684 Netfilter \u6a21\u5757\u5b9e\u73b0\uff09\u63d0\u4f9b\u7684\u8868\u53ca\u5176\u5b58\u50a8\u7684\u94fe\u548c\u89c4\u5219\u3002\u76ee\u524d\u4e0d\u540c\u7684\u5185\u6838\u6a21\u5757\u548c\u7a0b\u5e8f\u7528\u4e8e\u4e0d\u540c\u7684\u534f\u8bae\uff1aiptables \u9002\u7528\u4e8e IPv4\uff0cip6tables \u9002\u7528\u4e8e IPv6\uff0carptables \u9002\u7528\u4e8e ARP\uff0cebtables \u7528\u4e8e\u4ee5\u592a\u7f51\u5e27\u3002\u9700\u8981 root \u6743\u9650\u624d\u80fd\u64cd\u4f5c\u3002 ironic \u88f8\u673a\u670d\u52a1\u7684\u4ee3\u53f7\u3002 iSCSI \u9650\u5b9a\u540d\u79f0 \uff08IQN\uff09 IQN \u662f\u6700\u5e38\u7528\u7684 iSCSI \u540d\u79f0\u683c\u5f0f\uff0c\u7528\u4e8e\u552f\u4e00\u6807\u8bc6 iSCSI \u7f51\u7edc\u4e2d\u7684\u8282\u70b9\u3002\u6240\u6709 IQN \u90fd\u9075\u5faa iqn.yyyy-mm.domain\uff1aidentifier \u6a21\u5f0f\uff0c\u5176\u4e2d\u201cyyyy-mm\u201d\u662f\u57df\u540d\u6ce8\u518c\u7684\u5e74\u4efd\u548c\u6708\u4efd\uff0c\u201cdomain\u201d\u662f\u9881\u53d1\u7ec4\u7ec7\u7684\u53cd\u5411\u57df\u540d\uff0c\u201cidentifier\u201d\u662f\u4e00\u4e2a\u53ef\u9009\u5b57\u7b26\u4e32\uff0c\u4f7f\u540c\u4e00\u57df\u540d\u4e0b\u7684\u6bcf\u4e2a IQN \u90fd\u662f\u552f\u4e00\u7684\u3002\u4f8b\u5982\uff0c\u201ciqn.2015-10.org.openstack.408ae959bce1\u201d\u3002 ISO9660 \u955c\u50cf\u670d\u52a1\u652f\u6301\u7684\u865a\u62df\u673a\u955c\u50cf\u78c1\u76d8\u683c\u5f0f\u4e4b\u4e00\u3002 ITSEC \u51fd\u6570 \u8ba1\u7b97 RBAC \u7cfb\u7edf\u4e2d\u7684\u9ed8\u8ba4\u89d2\u8272\uff0c\u53ef\u4ee5\u9694\u79bb\u4efb\u4f55\u9879\u76ee\u4e2d\u7684\u5b9e\u4f8b\u3002 J \u00b6 Java \u4e00\u79cd\u7f16\u7a0b\u8bed\u8a00\uff0c\u7528\u4e8e\u521b\u5efa\u901a\u8fc7\u7f51\u7edc\u6d89\u53ca\u591a\u53f0\u8ba1\u7b97\u673a\u7684\u7cfb\u7edf\u3002 JavaScript \u4e00\u79cd\u7528\u4e8e\u751f\u6210\u7f51\u9875\u7684\u811a\u672c\u8bed\u8a00\u3002 JavaScript \u5bf9\u8c61\u8868\u793a\u6cd5 \uff08JSON\uff09 OpenStack \u4e2d\u652f\u6301\u7684\u54cd\u5e94\u683c\u5f0f\u4e4b\u4e00\u3002 \u6846\u67b6\u7684\u5f62\u72b6 \u73b0\u4ee3\u4ee5\u592a\u7f51\u7f51\u7edc\u4e2d\u7684\u529f\u80fd\uff0c\u652f\u6301\u9ad8\u8fbe\u7ea6 9000 \u5b57\u8282\u7684\u5e27\u3002 Juno OpenStack \u7b2c\u5341\u7248\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u7f8e\u56fd\u4f50\u6cbb\u4e9a\u5dde\u4e9a\u7279\u5170\u5927\u4e3e\u884c\uff0cJuno\u662f\u4f50\u6cbb\u4e9a\u5dde\u7684\u4e00\u4e2a\u975e\u6cd5\u4eba\u793e\u533a\u3002 K \u00b6 Kerberos \u4e00\u79cd\u57fa\u4e8e\u7968\u8bc1\u7684\u7f51\u7edc\u8eab\u4efd\u9a8c\u8bc1\u534f\u8bae\u3002Kerberos \u5141\u8bb8\u8282\u70b9\u901a\u8fc7\u975e\u5b89\u5168\u7f51\u7edc\u8fdb\u884c\u901a\u4fe1\uff0c\u5e76\u5141\u8bb8\u8282\u70b9\u4ee5\u5b89\u5168\u7684\u65b9\u5f0f\u76f8\u4e92\u8bc1\u660e\u5176\u8eab\u4efd\u3002 \u57fa\u4e8e\u5185\u6838\u7684\u865a\u62df\u673a \uff08KVM\uff09 \u652f\u6301 OpenStack \u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002KVM \u662f\u9002\u7528\u4e8e Linux on x86 \u786c\u4ef6\u7684\u5b8c\u6574\u865a\u62df\u5316\u89e3\u51b3\u65b9\u6848\uff0c\u5305\u542b\u865a\u62df\u5316\u6269\u5c55\uff08Intel VT \u6216 AMD-V\uff09\u3001ARM\u3001IBM Power \u548c IBM zSeries\u3002\u5b83\u7531\u4e00\u4e2a\u53ef\u52a0\u8f7d\u7684\u5185\u6838\u6a21\u5757\u7ec4\u6210\uff0c\u8be5\u6a21\u5757\u63d0\u4f9b\u6838\u5fc3\u865a\u62df\u5316\u57fa\u7840\u67b6\u6784\u548c\u7279\u5b9a\u4e8e\u5904\u7406\u5668\u7684\u6a21\u5757\u3002 \u5bc6\u94a5\u7ba1\u7406\u5668\u670d\u52a1\uff08barbican\uff09 \u8be5\u9879\u76ee\u4ea7\u751f\u4e00\u4e2a\u79d8\u5bc6\u5b58\u50a8\u548c\u751f\u6210\u7cfb\u7edf\uff0c\u80fd\u591f\u4e3a\u5e0c\u671b\u542f\u7528\u52a0\u5bc6\u529f\u80fd\u7684\u670d\u52a1\u63d0\u4f9b\u5bc6\u94a5\u7ba1\u7406\u3002 keystone Identity \u670d\u52a1\u7684\u4ee3\u53f7\u3002 \u5feb\u901f\u542f\u52a8 \u7528\u4e8e\u5728\u57fa\u4e8e Red Hat\u3001Fedora \u548c CentOS \u7684 Linux \u53d1\u884c\u7248\u4e0a\u81ea\u52a8\u8fdb\u884c\u7cfb\u7edf\u914d\u7f6e\u548c\u5b89\u88c5\u7684\u5de5\u5177\u3002 Kilo OpenStack \u7b2c 11 \u7248\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u6cd5\u56fd\u5df4\u9ece\u4e3e\u884c\u3002\u7531\u4e8e\u540d\u79f0\u9009\u62e9\u7684\u5ef6\u8fdf\uff0c\u8be5\u7248\u672c\u4ec5\u88ab\u79f0\u4e3a K\u3002\u7531\u4e8e k kilo \u662f\u5355\u4f4d\u7b26\u53f7\uff0c\u800c kilogram \u53c2\u8003\u5de5\u4ef6\u5b58\u653e\u5728\u5df4\u9ece\u9644\u8fd1\u7684\u585e\u592b\u5c14 Pavillon de Breteuil \u4e2d\uff0c\u56e0\u6b64\u793e\u533a\u9009\u62e9\u4e86 Kilo \u4f5c\u4e3a\u7248\u672c\u540d\u79f0\u3002 L \u5927\u5bf9\u8c61 Object Storage \u4e2d\u5927\u4e8e 5 GB \u7684\u5bf9\u8c61\u3002 \u542f\u52a8\u677f OpenStack \u7684\u534f\u4f5c\u7ad9\u70b9\u3002 \u4e8c\u5c42\uff08L2\uff09\u4ee3\u7406 \u4e3a\u865a\u62df\u7f51\u7edc\u63d0\u4f9b\u7b2c 2 \u5c42\u8fde\u63a5\u7684 OpenStack Networking \u4ee3\u7406\u3002 \u4e8c\u5c42\u7f51\u7edc OSI \u7f51\u7edc\u4f53\u7cfb\u7ed3\u6784\u4e2d\u7528\u4e8e\u6570\u636e\u94fe\u8def\u5c42\u7684\u672f\u8bed\u3002\u6570\u636e\u94fe\u8def\u5c42\u8d1f\u8d23\u5a92\u4f53\u8bbf\u95ee\u63a7\u5236\u3001\u6d41\u91cf\u63a7\u5236\u4ee5\u53ca\u68c0\u6d4b\u548c\u7ea0\u6b63\u7269\u7406\u5c42\u4e2d\u53ef\u80fd\u53d1\u751f\u7684\u9519\u8bef\u3002 \u4e09\u5c42 \uff08L3\uff09 \u4ee3\u7406 OpenStack Networking \u4ee3\u7406\uff0c\u4e3a\u865a\u62df\u7f51\u7edc\u63d0\u4f9b\u7b2c 3 \u5c42\uff08\u8def\u7531\uff09\u670d\u52a1\u3002 \u4e09\u5c42\u7f51\u7edc \u5728 OSI \u7f51\u7edc\u4f53\u7cfb\u7ed3\u6784\u4e2d\u7528\u4e8e\u7f51\u7edc\u5c42\u7684\u672f\u8bed\u3002\u7f51\u7edc\u5c42\u8d1f\u8d23\u6570\u636e\u5305\u8f6c\u53d1\uff0c\u5305\u62ec\u4ece\u4e00\u4e2a\u8282\u70b9\u5230\u53e6\u4e00\u4e2a\u8282\u70b9\u7684\u8def\u7531\u3002 Liberty OpenStack \u7b2c 12 \u7248\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u52a0\u62ff\u5927\u6e29\u54e5\u534e\u4e3e\u884c\uff0cLiberty\u662f\u52a0\u62ff\u5927\u8428\u65af\u5580\u5f7b\u6e29\u7701\u4e00\u4e2a\u6751\u5e84\u7684\u540d\u5b57\u3002 libvirt OpenStack \u7528\u6765\u4e0e\u8bb8\u591a\u53d7\u652f\u6301\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u8fdb\u884c\u4ea4\u4e92\u7684\u865a\u62df\u5316 API \u5e93\u3002 \u8f7b\u91cf\u7ea7\u76ee\u5f55\u8bbf\u95ee\u534f\u8bae \uff08LDAP\uff09 \u7528\u4e8e\u901a\u8fc7 IP \u7f51\u7edc\u8bbf\u95ee\u548c\u7ef4\u62a4\u5206\u5e03\u5f0f\u76ee\u5f55\u4fe1\u606f\u670d\u52a1\u7684\u5e94\u7528\u7a0b\u5e8f\u534f\u8bae\u3002 Linux \u64cd\u4f5c\u7cfb\u7edf \u7c7bUnix\u8ba1\u7b97\u673a\u64cd\u4f5c\u7cfb\u7edf\uff0c\u5728\u81ea\u7531\u548c\u5f00\u6e90\u8f6f\u4ef6\u5f00\u53d1\u548c\u5206\u53d1\u7684\u6a21\u5f0f\u4e0b\u7ec4\u88c5\u3002 Linux\u6865\u63a5 \u4f7f\u591a\u4e2a VM \u80fd\u591f\u5728\u8ba1\u7b97\u4e2d\u5171\u4eab\u5355\u4e2a\u7269\u7406 NIC \u7684\u8f6f\u4ef6\u3002 Linux Bridge neutron \u63d2\u4ef6 \u4f7f Linux \u7f51\u6865\u80fd\u591f\u7406\u89e3\u7f51\u7edc\u7aef\u53e3\u3001\u63a5\u53e3\u8fde\u63a5\u548c\u5176\u4ed6\u62bd\u8c61\u3002 Linux \u5bb9\u5668 \uff08LXC\uff09 \u652f\u6301 OpenStack \u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002 \u5b9e\u65f6\u8fc1\u79fb \u8ba1\u7b97\u4e2d\u80fd\u591f\u5c06\u6b63\u5728\u8fd0\u884c\u7684\u865a\u62df\u673a\u5b9e\u4f8b\u4ece\u4e00\u53f0\u4e3b\u673a\u79fb\u52a8\u5230\u53e6\u4e00\u53f0\u4e3b\u673a\uff0c\u5728\u5207\u6362\u671f\u95f4\u4ec5\u53d1\u751f\u5c11\u91cf\u670d\u52a1\u4e2d\u65ad\u3002 \u8d1f\u8f7d\u5747\u8861\u5668 \u8d1f\u8f7d\u5747\u8861\u5668\u662f\u5c5e\u4e8e\u4e91\u5e10\u6237\u7684\u903b\u8f91\u8bbe\u5907\u3002\u5b83\u7528\u4e8e\u6839\u636e\u5b9a\u4e49\u4e3a\u5176\u914d\u7f6e\u4e00\u90e8\u5206\u7684\u6761\u4ef6\u5728\u591a\u4e2a\u540e\u7aef\u7cfb\u7edf\u6216\u670d\u52a1\u4e4b\u95f4\u5206\u914d\u5de5\u4f5c\u8d1f\u8f7d\u3002 \u8d1f\u8f7d\u5747\u8861 \u5728\u4e24\u4e2a\u6216\u591a\u4e2a\u8282\u70b9\u4e4b\u95f4\u5206\u6563\u5ba2\u6237\u7aef\u8bf7\u6c42\u4ee5\u63d0\u9ad8\u6027\u80fd\u548c\u53ef\u7528\u6027\u7684\u8fc7\u7a0b\u3002 \u8d1f\u8f7d\u5747\u8861\u5668\u5373\u670d\u52a1\uff08LBaaS\uff09 \u4f7f\u7f51\u7edc\u80fd\u591f\u5728\u6307\u5b9a\u5b9e\u4f8b\u4e4b\u95f4\u5747\u5300\u5206\u914d\u4f20\u5165\u8bf7\u6c42\u3002 \u8d1f\u8f7d\u5747\u8861\u670d\u52a1\uff08octavia\uff09 \u8be5\u9879\u76ee\u65e8\u5728\u4ee5\u4e0e\u6280\u672f\u65e0\u5173\u7684\u65b9\u5f0f\u63d0\u4f9b\u5bf9\u8d1f\u8f7d\u5747\u8861\u5668\u670d\u52a1\u7684\u53ef\u6269\u5c55\u3001\u6309\u9700\u3001\u81ea\u52a9\u670d\u52a1\u8bbf\u95ee\u3002 \u903b\u8f91\u5377\u7ba1\u7406\u5668 \uff08LVM\uff09 \u63d0\u4f9b\u4e00\u79cd\u5728\u5927\u5bb9\u91cf\u5b58\u50a8\u8bbe\u5907\u4e0a\u5206\u914d\u7a7a\u95f4\u7684\u65b9\u6cd5\uff0c\u8be5\u65b9\u6cd5\u6bd4\u4f20\u7edf\u7684\u5206\u533a\u65b9\u6848\u66f4\u7075\u6d3b\u3002 M \u00b6 magnum \u5bb9\u5668\u57fa\u7840\u7ed3\u6784\u7ba1\u7406\u670d\u52a1\u7684\u4ee3\u53f7\u3002 \u7ba1\u7406 API \u7ba1\u7406 API \u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u7ba1\u7406\u7f51\u7edc \u7528\u4e8e\u7ba1\u7406\u7684\u7f51\u6bb5\uff0c\u516c\u5171 Internet \u65e0\u6cd5\u8bbf\u95ee\u3002 \u7ba1\u7406\u5668 \u76f8\u5173\u4ee3\u7801\u7684\u903b\u8f91\u5206\u7ec4\uff0c\u4f8b\u5982\u5757\u5b58\u50a8\u5377\u7ba1\u7406\u5668\u6216\u7f51\u7edc\u7ba1\u7406\u5668\u3002 \u6e05\u5355 \u7528\u4e8e\u8ddf\u8e2a\u5bf9\u8c61\u5b58\u50a8\u4e2d\u5927\u578b\u5bf9\u8c61\u7684\u6bb5\u3002 manifest \u5bf9\u8c61 \u4e00\u4e2a\u7279\u6b8a\u7684\u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61\uff0c\u5176\u4e2d\u5305\u542b\u5927\u578b\u5bf9\u8c61\u7684\u6e05\u5355\u3002 manila OpenStack \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u7684\u4ee3\u53f7\u3002 manila\u5206\u4eab \u8d1f\u8d23\u7ba1\u7406\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u8bbe\u5907\uff0c\u7279\u522b\u662f\u540e\u7aef\u8bbe\u5907\u3002 \u6700\u5927\u4f20\u8f93\u5355\u5143 \uff08MTU\uff09 \u7279\u5b9a\u7f51\u7edc\u4ecb\u8d28\u7684\u6700\u5927\u5e27\u6216\u6570\u636e\u5305\u5927\u5c0f\u3002\u4ee5\u592a\u7f51\u901a\u5e38\u4e3a 1500 \u5b57\u8282\u3002 \u673a\u5236\u9a71\u52a8 \u7a0b\u5e8f \u6a21\u5757\u5316\u7b2c 2 \u5c42 \uff08ML2\uff09 neutron \u63d2\u4ef6\u7684\u9a71\u52a8\u7a0b\u5e8f\uff0c\u4e3a\u865a\u62df\u5b9e\u4f8b\u63d0\u4f9b\u7b2c 2 \u5c42\u8fde\u63a5\u3002\u5355\u4e2a OpenStack \u5b89\u88c5\u53ef\u4ee5\u4f7f\u7528\u591a\u4e2a\u673a\u5236\u9a71\u52a8\u7a0b\u5e8f\u3002 melange OpenStack Network Information Service \u7684\u9879\u76ee\u540d\u79f0\u3002\u5c06\u4e0e\u7f51\u7edc\u5408\u5e76\u3002 \u6210\u5458\u5173\u7cfb \u955c\u50cf\u670d\u52a1\u865a\u62df\u673a\u955c\u50cf\u4e0e\u9879\u76ee\u4e4b\u95f4\u7684\u5173\u8054\u3002\u5141\u8bb8\u4e0e\u6307\u5b9a\u9879\u76ee\u5171\u4eab\u56fe\u50cf\u3002 \u6210\u5458\u5217\u8868 \u53ef\u4ee5\u5728\u6620\u50cf\u670d\u52a1\u4e2d\u8bbf\u95ee\u7ed9\u5b9a VM \u6620\u50cf\u7684\u9879\u76ee\u5217\u8868\u3002 \u5185\u5b58\u7f13\u5b58 \u5bf9\u8c61\u5b58\u50a8\u7528\u4e8e\u7f13\u5b58\u7684\u5206\u5e03\u5f0f\u5185\u5b58\u5bf9\u8c61\u7f13\u5b58\u7cfb\u7edf\u3002 \u5185\u5b58\u8fc7\u91cf\u5206\u914d \u80fd\u591f\u6839\u636e\u4e3b\u673a\u7684\u5b9e\u9645\u5185\u5b58\u4f7f\u7528\u60c5\u51b5\u542f\u52a8\u65b0\u7684 VM \u5b9e\u4f8b\uff0c\u800c\u4e0d\u662f\u6839\u636e\u6bcf\u4e2a\u6b63\u5728\u8fd0\u884c\u7684\u5b9e\u4f8b\u8ba4\u4e3a\u5176\u53ef\u7528\u7684 RAM \u91cf\u6765\u505a\u51fa\u51b3\u5b9a\u3002\u4e5f\u79f0\u4e3a RAM \u8fc7\u91cf\u4f7f\u7528\u3002 \u6d88\u606f\u4ee3\u7406 \u7528\u4e8e\u5728\u8ba1\u7b97\u4e2d\u63d0\u4f9b AMQP \u6d88\u606f\u4f20\u9012\u529f\u80fd\u7684\u8f6f\u4ef6\u5305\u3002\u9ed8\u8ba4\u5305\u4e3a RabbitMQ\u3002 \u6d88\u606f\u603b\u7ebf \u6240\u6709 AMQP \u6d88\u606f\u7528\u4e8e\u8ba1\u7b97\u4e2d\u7684\u4e91\u95f4\u901a\u4fe1\u7684\u4e3b\u8981\u865a\u62df\u901a\u4fe1\u7ebf\u8def\u3002 \u6d88\u606f\u961f\u5217 \u5c06\u6765\u81ea\u5ba2\u6237\u7aef\u7684\u8bf7\u6c42\u4f20\u9012\u7ed9\u76f8\u5e94\u7684\u5de5\u4f5c\u7ebf\u7a0b\uff0c\u5e76\u5728\u4f5c\u4e1a\u5b8c\u6210\u540e\u5c06\u8f93\u51fa\u8fd4\u56de\u7ed9\u5ba2\u6237\u7aef\u3002 \u6d88\u606f\u670d\u52a1 \uff08zaqar\uff09 \u8be5\u9879\u76ee\u63d0\u4f9b\u6d88\u606f\u4f20\u9012\u670d\u52a1\uff0c\u8be5\u670d\u52a1\u4ee5\u9ad8\u6548\u3001\u53ef\u6269\u5c55\u548c\u9ad8\u5ea6\u53ef\u7528\u7684\u65b9\u5f0f\u63d0\u4f9b\u5404\u79cd\u5206\u5e03\u5f0f\u5e94\u7528\u7a0b\u5e8f\u6a21\u5f0f\uff0c\u5e76\u521b\u5efa\u548c\u7ef4\u62a4\u5173\u8054\u7684 Python \u5e93\u548c\u6587\u6863\u3002 \u5143\u6570\u636e\u670d\u52a1\u5668 \uff08MDS\uff09 \u5b58\u50a8 CephFS \u5143\u6570\u636e\u3002 \u5143\u6570\u636e\u4ee3\u7406 \u4e3a\u5b9e\u4f8b\u63d0\u4f9b\u5143\u6570\u636e\u670d\u52a1\u7684 OpenStack Networking \u4ee3\u7406\u3002 \u8fc1\u79fb \u5c06 VM \u5b9e\u4f8b\u4ece\u4e00\u53f0\u4e3b\u673a\u79fb\u52a8\u5230\u53e6\u4e00\u53f0\u4e3b\u673a\u7684\u8fc7\u7a0b\u3002 mistral \u5de5\u4f5c\u6d41\u670d\u52a1\u7684\u4ee3\u53f7\u3002 Mitaka OpenStack \u7b2c 13 \u7248\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u65e5\u672c\u4e1c\u4eac\u4e3e\u884c\u3002Mitaka\u662f\u4e1c\u4eac\u7684\u4e00\u5ea7\u57ce\u5e02\u3002 \u6a21\u5757\u5316\u7b2c 2 \u5c42 \uff08ML2\uff09neutron\u63d2\u4ef6 \u53ef\u4ee5\u5728\u7f51\u7edc\u4e2d\u540c\u65f6\u4f7f\u7528\u591a\u79cd\u4e8c\u5c42\u7f51\u7edc\u6280\u672f\uff0c\u5982802.1Q\u548cVXLAN\u3002 monasca OpenStack \u76d1\u63a7\u7684\u4ee3\u53f7\u3002 \u76d1\u63a7 \uff08LBaaS\uff09 LBaaS \u529f\u80fd\uff0c\u4f7f\u7528 ping \u547d\u4ee4\u3001TCP \u548c HTTP/HTTPS GET \u63d0\u4f9b\u53ef\u7528\u6027\u76d1\u63a7\u3002 \u76d1\u89c6\u5668 \uff08Mon\uff09 \u4e00\u4e2a Ceph \u7ec4\u4ef6\uff0c\u7528\u4e8e\u4e0e\u5916\u90e8\u5ba2\u6237\u7aef\u901a\u4fe1\u3001\u68c0\u67e5\u6570\u636e\u72b6\u6001\u548c\u4e00\u81f4\u6027\u4ee5\u53ca\u6267\u884c\u4ef2\u88c1\u529f\u80fd\u3002 \u76d1\u63a7 \uff08monasca\uff09 OpenStack \u670d\u52a1\uff0c\u4e3a\u6307\u6807\u3001\u590d\u6742\u4e8b\u4ef6\u5904\u7406\u548c\u65e5\u5fd7\u8bb0\u5f55\u63d0\u4f9b\u591a\u9879\u76ee\u3001\u9ad8\u5ea6\u53ef\u6269\u5c55\u3001\u9ad8\u6027\u80fd\u3001\u5bb9\u9519\u7684\u76d1\u63a7\u5373\u670d\u52a1\u89e3\u51b3\u65b9\u6848\u3002\u4e3a\u9ad8\u7ea7\u76d1\u63a7\u670d\u52a1\u6784\u5efa\u4e00\u4e2a\u53ef\u6269\u5c55\u7684\u5e73\u53f0\uff0c\u8fd0\u8425\u5546\u548c\u9879\u76ee\u90fd\u53ef\u4ee5\u4f7f\u7528\u8be5\u5e73\u53f0\u6765\u83b7\u5f97\u8fd0\u8425\u6d1e\u5bdf\u529b\u548c\u53ef\u89c1\u6027\uff0c\u786e\u4fdd\u53ef\u7528\u6027\u548c\u7a33\u5b9a\u6027\u3002 \u591a\u4e91\u8ba1\u7b97 \u5728\u5355\u4e2a\u7f51\u7edc\u67b6\u6784\u4e2d\u4f7f\u7528\u591a\u79cd\u4e91\u8ba1\u7b97\u548c\u5b58\u50a8\u670d\u52a1\u3002 \u591a\u4e91 SDK \u63d0\u4f9b\u591a\u4e91\u62bd\u8c61\u5c42\u5e76\u5305\u542b\u5bf9 OpenStack \u7684\u652f\u6301\u7684 SDK\u3002\u8fd9\u4e9b SDK \u975e\u5e38\u9002\u5408\u7f16\u5199\u9700\u8981\u4f7f\u7528\u591a\u79cd\u7c7b\u578b\u7684\u4e91\u63d0\u4f9b\u5546\u7684\u5e94\u7528\u7a0b\u5e8f\uff0c\u4f46\u53ef\u80fd\u4f1a\u516c\u5f00\u4e00\u7ec4\u66f4\u6709\u9650\u7684\u529f\u80fd\u3002 \u591a\u56e0\u7d20\u8eab\u4efd\u9a8c\u8bc1 \u4f7f\u7528\u4e24\u4e2a\u6216\u591a\u4e2a\u51ed\u636e\uff08\u5982\u5bc6\u7801\u548c\u79c1\u94a5\uff09\u7684\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u3002\u76ee\u524d\u5728 Identity \u4e2d\u4e0d\u53d7\u652f\u6301\u3002 \u591a\u4e3b\u673a \u4f20\u7edf \uff08nova\uff09 \u7f51\u7edc\u7684\u9ad8\u53ef\u7528\u6027\u6a21\u5f0f\u3002\u6bcf\u4e2a\u8ba1\u7b97\u8282\u70b9\u5904\u7406 NAT \u548c DHCP\uff0c\u5e76\u5145\u5f53\u5176\u4e0a\u6240\u6709 VM \u7684\u7f51\u5173\u3002\u4e00\u4e2a\u8ba1\u7b97\u8282\u70b9\u4e0a\u7684\u7f51\u7edc\u6545\u969c\u4e0d\u4f1a\u5f71\u54cd\u5176\u4ed6\u8ba1\u7b97\u8282\u70b9\u4e0a\u7684 VM\u3002 multinic \u51fd\u6570 \u8ba1\u7b97\u4e2d\u7684\u5de5\u5177\uff0c\u5141\u8bb8\u6bcf\u4e2a\u865a\u62df\u673a\u5b9e\u4f8b\u8fde\u63a5\u591a\u4e2a VIF\u3002 murano \u5e94\u7528\u7a0b\u5e8f\u76ee\u5f55\u670d\u52a1\u7684\u4ee3\u53f7\u3002 N \u00b6 Nebula NASA \u4e8e 2010 \u5e74\u4ee5\u5f00\u6e90\u5f62\u5f0f\u53d1\u5e03\uff0c\u662f Compute \u7684\u57fa\u7840\u3002 \u7f51\u7edc\u7ba1\u7406\u5458 \u8ba1\u7b97 RBAC \u7cfb\u7edf\u4e2d\u7684\u9ed8\u8ba4\u89d2\u8272\u4e4b\u4e00\u3002\u5141\u8bb8\u7528\u6237\u4e3a\u5b9e\u4f8b\u5206\u914d\u53ef\u516c\u5f00\u8bbf\u95ee\u7684 IP \u5730\u5740\u5e76\u66f4\u6539\u9632\u706b\u5899\u89c4\u5219\u3002 NetApp \u5377\u9a71\u52a8\u7a0b\u5e8f \u4f7f\u8ba1\u7b97\u80fd\u591f\u901a\u8fc7 NetApp OnCommand \u914d\u7f6e\u7ba1\u7406\u5668\u4e0e NetApp \u5b58\u50a8\u8bbe\u5907\u8fdb\u884c\u901a\u4fe1\u3002 \u7f51\u7edc \u5728\u5b9e\u4f53\u4e4b\u95f4\u63d0\u4f9b\u8fde\u63a5\u7684\u865a\u62df\u7f51\u7edc\u3002\u4f8b\u5982\uff0c\u5171\u4eab\u7f51\u7edc\u8fde\u63a5\u7684\u865a\u62df\u7aef\u53e3\u7684\u96c6\u5408\u3002\u5728\u7f51\u7edc\u672f\u8bed\u4e2d\uff0c\u7f51\u7edc\u59cb\u7ec8\u662f\u7b2c 2 \u5c42\u7f51\u7edc\u3002 \u7f51\u7edc\u5730\u5740\u8f6c\u6362 \uff08NAT\uff09 \u5728\u4f20\u8f93\u8fc7\u7a0b\u4e2d\u4fee\u6539 IP \u5730\u5740\u4fe1\u606f\u7684\u8fc7\u7a0b\u3002\u7531\u8ba1\u7b97\u548c\u7f51\u7edc\u652f\u6301\u3002 \u7f51\u7edc\u63a7\u5236\u5668 \u4e00\u4e2a\u8ba1\u7b97\u5b88\u62a4\u7a0b\u5e8f\uff0c\u7528\u4e8e\u534f\u8c03\u8282\u70b9\u7684\u7f51\u7edc\u914d\u7f6e\uff0c\u5305\u62ec IP \u5730\u5740\u3001VLAN \u548c\u6865\u63a5\u3002\u8fd8\u7ba1\u7406\u516c\u5171\u7f51\u7edc\u548c\u4e13\u7528\u7f51\u7edc\u7684\u8def\u7531\u3002 \u7f51\u7edc\u6587\u4ef6\u7cfb\u7edf \uff08NFS\uff09 \u4e00\u79cd\u4f7f\u6587\u4ef6\u7cfb\u7edf\u5728\u7f51\u7edc\u4e0a\u53ef\u7528\u7684\u65b9\u6cd5\u3002\u7531 OpenStack \u652f\u6301\u3002 \u7f51\u7edc ID \u5206\u914d\u7ed9\u7f51\u7edc\u4e2d\u6bcf\u4e2a\u7f51\u6bb5\u7684\u552f\u4e00 ID\u3002\u4e0e\u7f51\u7edc UUID \u76f8\u540c\u3002 \u7f51\u7edc\u7ba1\u7406\u5668 \u7528\u4e8e\u7ba1\u7406\u5404\u79cd\u7f51\u7edc\u7ec4\u4ef6\uff08\u5982\u9632\u706b\u5899\u89c4\u5219\u3001IP \u5730\u5740\u5206\u914d\u7b49\uff09\u7684\u8ba1\u7b97\u7ec4\u4ef6\u3002 \u7f51\u7edc\u547d\u540d\u7a7a\u95f4 Linux \u5185\u6838\u529f\u80fd\uff0c\u5728\u5355\u4e2a\u4e3b\u673a\u4e0a\u63d0\u4f9b\u72ec\u7acb\u7684\u865a\u62df\u7f51\u7edc\u5b9e\u4f8b\uff0c\u5177\u6709\u5355\u72ec\u7684\u8def\u7531\u8868\u548c\u63a5\u53e3\u3002\u7c7b\u4f3c\u4e8e\u7269\u7406\u7f51\u7edc\u8bbe\u5907\u4e0a\u7684\u865a\u62df\u8def\u7531\u548c\u8f6c\u53d1 \uff08VRF\uff09 \u670d\u52a1\u3002 \u7f51\u7edc\u8282\u70b9 \u8fd0\u884c Network Worker \u5b88\u62a4\u7a0b\u5e8f\u7684\u4efb\u4f55\u8ba1\u7b97\u8282\u70b9\u3002 \u7f51\u7edc\u6bb5 \u8868\u793a\u7f51\u7edc\u4e2d\u865a\u62df\u7684\u9694\u79bb OSI \u7b2c 2 \u5c42\u5b50\u7f51\u3002 \u7f51\u7edc\u670d\u52a1\u6807\u5934 \uff08NSH\uff09 \u63d0\u4f9b\u6cbf\u5b9e\u4f8b\u5316\u670d\u52a1\u8def\u5f84\u8fdb\u884c\u5143\u6570\u636e\u4ea4\u6362\u7684\u673a\u5236\u3002 \u7f51\u7edc\u65f6\u95f4\u534f\u8bae \uff08NTP\uff09 \u901a\u8fc7\u4e0e\u53ef\u4fe1\u3001\u51c6\u786e\u7684\u65f6\u95f4\u6e90\u901a\u4fe1\u6765\u4fdd\u6301\u4e3b\u673a\u6216\u8282\u70b9\u65f6\u949f\u6b63\u786e\u7684\u65b9\u6cd5\u3002 \u7f51\u7edc UUID \u7f51\u7edc\u7f51\u6bb5\u7684\u552f\u4e00 ID\u3002 \u7f51\u7edc\u5de5\u4f5c\u8fdb\u7a0b nova-network worker \u5b88\u62a4\u8fdb\u7a0b;\u63d0\u4f9b\u8bf8\u5982\u4e3a\u542f\u52a8\u7684 nova \u5b9e\u4f8b\u63d0\u4f9b IP \u5730\u5740\u7b49\u670d\u52a1\u3002 \u7f51\u7edc API\uff08Neutron API\uff09 \u7528\u4e8e\u8bbf\u95ee OpenStack Networking \u7684 API\u3002\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u4f53\u7cfb\u7ed3\u6784\u4ee5\u542f\u7528\u81ea\u5b9a\u4e49\u63d2\u4ef6\u521b\u5efa\u3002 \u7f51\u7edc\u670d\u52a1\uff08neutron\uff09 OpenStack \u9879\u76ee\uff0c\u5b83\u5b9e\u73b0\u4e86\u670d\u52a1\u548c\u76f8\u5173\u5e93\uff0c\u4ee5\u63d0\u4f9b\u6309\u9700\u3001\u53ef\u6269\u5c55\u4e14\u4e0e\u6280\u672f\u65e0\u5173\u7684\u7f51\u7edc\u62bd\u8c61\u3002 neutron OpenStack Networking \u670d\u52a1\u7684\u4ee3\u53f7\u3002 neutron API \u7f51\u7edc API \u7684\u66ff\u4ee3\u540d\u79f0\u3002 Neutron \u7ba1\u7406\u5668 \u542f\u7528\u8ba1\u7b97\u548c\u7f51\u7edc\u96c6\u6210\uff0c\u4f7f\u7f51\u7edc\u80fd\u591f\u5bf9\u6765\u5bbe VM \u6267\u884c\u7f51\u7edc\u7ba1\u7406\u3002 Neutron \u63d2\u4ef6 \u7f51\u7edc\u4e2d\u7684\u63a5\u53e3\uff0c\u4f7f\u7ec4\u7ec7\u80fd\u591f\u4e3a\u9ad8\u7ea7\u529f\u80fd\uff08\u5982 QoS\u3001ACL \u6216 IDS\uff09\u521b\u5efa\u81ea\u5b9a\u4e49\u63d2\u4ef6\u3002 Newton OpenStack \u7b2c 14 \u7248\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u7f8e\u56fd\u5fb7\u514b\u8428\u65af\u5dde\u5965\u65af\u6c40\u4e3e\u884c\u3002\u8be5\u7248\u672c\u4ee5\u4f4d\u4e8e\u5fb7\u514b\u8428\u65af\u5dde\u5965\u65af\u6c40\u5e02\u7b2c\u4e5d\u8857 1013 \u53f7\u7684\u201cNewton House\u201d\u547d\u540d\u3002\u88ab\u5217\u5165\u56fd\u5bb6\u53f2\u8ff9\u540d\u5f55\u3002 Nexenta \u5377\u9a71\u52a8\u7a0b\u5e8f \u4e3a\u8ba1\u7b97\u4e2d\u7684 NexentaStor \u8bbe\u5907\u63d0\u4f9b\u652f\u6301\u3002 NFV \u7f16\u6392\u670d\u52a1\uff08tacker\uff09 OpenStack \u670d\u52a1\uff0c\u65e8\u5728\u5b9e\u73b0\u7f51\u7edc\u529f\u80fd\u865a\u62df\u5316 \uff08NFV\uff09 \u7f16\u6392\u670d\u52a1\u548c\u5e93\uff0c\u7528\u4e8e\u7f51\u7edc\u670d\u52a1\u548c\u865a\u62df\u7f51\u7edc\u529f\u80fd \uff08VNF\uff09 \u7684\u7aef\u5230\u7aef\u751f\u547d\u5468\u671f\u7ba1\u7406\u3002 Nginx \u51fd\u6570 HTTP \u548c\u53cd\u5411\u4ee3\u7406\u670d\u52a1\u5668\u3001\u90ae\u4ef6\u4ee3\u7406\u670d\u52a1\u5668\u548c\u901a\u7528 TCP/UDP \u4ee3\u7406\u670d\u52a1\u5668\u3002 \u65e0 ACK \u5728 Compute RabbitMQ \u4e2d\u7981\u7528\u670d\u52a1\u5668\u7aef\u6d88\u606f\u786e\u8ba4\u3002\u63d0\u9ad8\u6027\u80fd\u4f46\u964d\u4f4e\u53ef\u9760\u6027\u3002 \u8282\u70b9 \u5728\u4e3b\u673a\u4e0a\u8fd0\u884c\u7684 VM \u5b9e\u4f8b\u3002 \u975e\u6301\u4e45\u4ea4\u6362 \u670d\u52a1\u91cd\u65b0\u542f\u52a8\u65f6\u6e05\u9664\u7684\u6d88\u606f\u4ea4\u6362\u3002\u5176\u6570\u636e\u4e0d\u4f1a\u5199\u5165\u6301\u4e45\u6027\u5b58\u50a8\u3002 \u975e\u6301\u4e45\u961f\u5217 \u670d\u52a1\u91cd\u65b0\u542f\u52a8\u65f6\u6e05\u9664\u7684\u6d88\u606f\u961f\u5217\u3002\u5176\u6570\u636e\u4e0d\u4f1a\u5199\u5165\u6301\u4e45\u6027\u5b58\u50a8\u3002 \u975e\u6301\u4e45\u5316\u5377 \u4e34\u65f6\u5377\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u5357\u5317\u5411\u6d41\u91cf \u7528\u6237\u6216\u5ba2\u6237\u7aef\uff08\u5317\uff09\u4e0e\u670d\u52a1\u5668\uff08\u5357\uff09\u4e4b\u95f4\u7684\u7f51\u7edc\u6d41\u91cf\uff0c\u6216\u8fdb\u5165\u4e91\uff08\u5357\uff09\u548c\u4e91\u5916\uff08\u5317\uff09\u7684\u6d41\u91cf\u3002\u53e6\u8bf7\u53c2\u9605\u4e1c\u897f\u5411\u6d41\u91cf\u3002 nova OpenStack \u8ba1\u7b97\u670d\u52a1\u7684\u4ee3\u53f7\u3002 Nova API \u63a5\u53e3 \u8ba1\u7b97 API \u7684\u66ff\u4ee3\u672f\u8bed\u3002 nova-network \uff08\u65b0\u661f\u7f51\u7edc\uff09 \u4e00\u4e2a\u8ba1\u7b97\u7ec4\u4ef6\uff0c\u7528\u4e8e\u7ba1\u7406 IP \u5730\u5740\u5206\u914d\u3001\u9632\u706b\u5899\u548c\u5176\u4ed6\u4e0e\u7f51\u7edc\u76f8\u5173\u7684\u4efb\u52a1\u3002\u8fd9\u662f\u65e7\u7248\u7f51\u7edc\u9009\u9879\uff0c\u4e5f\u662f\u7f51\u7edc\u7684\u66ff\u4ee3\u65b9\u6cd5\u3002 O \u00b6 \u5bf9\u8c61 \u5bf9\u8c61\u5b58\u50a8\u4fdd\u5b58\u7684\u6570\u636e\u7684 BLOB;\u53ef\u4ee5\u662f\u4efb\u4f55\u683c\u5f0f\u3002 \u5bf9\u8c61\u5ba1\u8ba1\u5668 \u6253\u5f00\u5bf9\u8c61\u670d\u52a1\u5668\u7684\u6240\u6709\u5bf9\u8c61\uff0c\u5e76\u9a8c\u8bc1\u6bcf\u4e2a\u5bf9\u8c61\u7684 MD5 \u54c8\u5e0c\u3001\u5927\u5c0f\u548c\u5143\u6570\u636e\u3002 \u5bf9\u8c61\u8fc7\u671f Object Storage \u4e2d\u7684\u4e00\u4e2a\u53ef\u914d\u7f6e\u9009\u9879\uff0c\u7528\u4e8e\u5728\u7ecf\u8fc7\u6307\u5b9a\u65f6\u95f4\u6216\u8fbe\u5230\u7279\u5b9a\u65e5\u671f\u540e\u81ea\u52a8\u5220\u9664\u5bf9\u8c61\u3002 \u5bf9\u8c61\u54c8\u5e0c \u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61\u7684\u552f\u4e00 ID\u3002 \u5bf9\u8c61\u8def\u5f84\u54c8\u5e0c \u5bf9\u8c61\u5b58\u50a8\u7528\u4e8e\u786e\u5b9a\u5bf9\u8c61\u5728\u73af\u4e2d\u7684\u4f4d\u7f6e\u3002\u5c06\u5bf9\u8c61\u6620\u5c04\u5230\u5206\u533a\u3002 \u5bf9\u8c61\u590d\u5236\u5668 \u4e00\u4e2a\u5bf9\u8c61\u5b58\u50a8\u7ec4\u4ef6\uff0c\u7528\u4e8e\u5c06\u5bf9\u8c61\u590d\u5236\u5230\u8fdc\u7a0b\u5206\u533a\u4ee5\u5b9e\u73b0\u5bb9\u9519\u3002 \u5bf9\u8c61\u670d\u52a1\u5668 \u8d1f\u8d23\u7ba1\u7406\u5bf9\u8c61\u7684\u5bf9\u8c61\u5b58\u50a8\u7ec4\u4ef6\u3002 \u5bf9\u8c61\u5b58\u50a8 API \u7528\u4e8e\u8bbf\u95ee OpenStack \u5bf9\u8c61\u5b58\u50a8\u7684 API\u3002 \u5bf9\u8c61\u5b58\u50a8\u8bbe\u5907 \uff08OSD\uff09 Ceph \u5b58\u50a8\u5b88\u62a4\u8fdb\u7a0b\u3002 \u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff08swift\uff09 OpenStack \u6838\u5fc3\u9879\u76ee\uff0c\u4e3a\u56fa\u5b9a\u6570\u5b57\u5185\u5bb9\u63d0\u4f9b\u6700\u7ec8\u4e00\u81f4\u6027\u548c\u5197\u4f59\u7684\u5b58\u50a8\u548c\u68c0\u7d22\u3002 \u5bf9\u8c61\u7248\u672c\u63a7\u5236 \u5141\u8bb8\u7528\u6237\u5728\u5bf9\u8c61\u5b58\u50a8\u5bb9\u5668\u4e0a\u8bbe\u7f6e\u6807\u5fd7\uff0c\u4ee5\u4fbf\u5bf9\u5bb9\u5668\u5185\u7684\u6240\u6709\u5bf9\u8c61\u8fdb\u884c\u7248\u672c\u63a7\u5236\u3002 Ocata OpenStack \u7b2c 15 \u7248\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u897f\u73ed\u7259\u5df4\u585e\u7f57\u90a3\u4e3e\u884c\u3002Ocata\u662f\u5df4\u585e\u7f57\u90a3\u5317\u90e8\u7684\u4e00\u4e2a\u6d77\u6ee9\u3002 Octavia \u8d1f\u8f7d\u5e73\u8861\u670d\u52a1\u7684\u4ee3\u53f7\u3002 Oldie \u957f\u65f6\u95f4\u8fd0\u884c\u7684\u5bf9\u8c61\u5b58\u50a8\u8fdb\u7a0b\u7684\u672f\u8bed\u3002\u53ef\u4ee5\u6307\u793a\u6302\u8d77\u7684\u8fdb\u7a0b\u3002 \u5f00\u653e\u4e91\u8ba1\u7b97\u63a5\u53e3\uff08OCCI\uff09 \u7528\u4e8e\u7ba1\u7406\u8ba1\u7b97\u3001\u6570\u636e\u548c\u7f51\u7edc\u8d44\u6e90\u7684\u6807\u51c6\u5316\u63a5\u53e3\uff0c\u76ee\u524d\u5728 OpenStack \u4e2d\u4e0d\u53d7\u652f\u6301\u3002 \u5f00\u653e\u865a\u62df\u5316\u683c\u5f0f \uff08OVF\uff09 \u6253\u5305 VM \u6620\u50cf\u7684\u6807\u51c6\u3002\u5728 OpenStack \u4e2d\u53d7\u652f\u6301\u3002 \u6253\u5f00 vSwitch Open vSwitch \u662f\u5728\u5f00\u6e90 Apache 2.0 \u8bb8\u53ef\u8bc1\u4e0b\u83b7\u5f97\u8bb8\u53ef\u7684\u751f\u4ea7\u8d28\u91cf\u7684\u591a\u5c42\u865a\u62df\u4ea4\u6362\u673a\u3002\u5b83\u65e8\u5728\u901a\u8fc7\u7f16\u7a0b\u6269\u5c55\u5b9e\u73b0\u5927\u89c4\u6a21\u7f51\u7edc\u81ea\u52a8\u5316\uff0c\u540c\u65f6\u4ecd\u652f\u6301\u6807\u51c6\u7ba1\u7406\u63a5\u53e3\u548c\u534f\u8bae\uff08\u4f8b\u5982 NetFlow\u3001sFlow\u3001SPAN\u3001RSPAN\u3001CLI\u3001LACP\u3001802.1ag\uff09\u3002 Open vSwitch\uff08OVS\uff09\u4ee3\u7406 \u4e3a\u7f51\u7edc\u63d2\u4ef6\u63d0\u4f9b\u5e95\u5c42 Open vSwitch \u670d\u52a1\u7684\u63a5\u53e3\u3002 \u6253\u5f00 vSwitch neutron \u63d2\u4ef6 \u5728\u7f51\u7edc\u4e2d\u63d0\u4f9b\u5bf9 Open vSwitch \u7684\u652f\u6301\u3002 OpenDev OpenDev \u662f\u4e00\u4e2a\u534f\u4f5c\u5f00\u6e90\u8f6f\u4ef6\u5f00\u53d1\u7684\u7a7a\u95f4\u3002 OpenDev \u7684\u4f7f\u547d\u662f\u4e3a\u5f00\u6e90\u8f6f\u4ef6\u9879\u76ee\u63d0\u4f9b\u9879\u76ee\u6258\u7ba1\u3001\u6301\u7eed\u96c6\u6210\u5de5\u5177\u548c\u865a\u62df\u534f\u4f5c\u7a7a\u95f4\u3002OpenDev \u672c\u8eab\u662f\u81ea\u6258\u7ba1\u5728\u8fd9\u5957\u5de5\u5177\u4e0a\uff0c\u5305\u62ec\u4ee3\u7801\u5ba1\u67e5\u3001\u6301\u7eed\u96c6\u6210\u3001etherpad\u3001wiki\u3001\u4ee3\u7801\u6d4f\u89c8\u7b49\u3002\u8fd9\u610f\u5473\u7740 OpenDev \u672c\u8eab\u5c31\u50cf\u4e00\u4e2a\u5f00\u6e90\u9879\u76ee\u4e00\u6837\u8fd0\u884c\uff0c\u60a8\u53ef\u4ee5\u52a0\u5165\u6211\u4eec\u5e76\u5e2e\u52a9\u8fd0\u884c\u7cfb\u7edf\u3002\u6b64\u5916\uff0c\u8fd0\u884c\u7684\u6240\u6709\u670d\u52a1\u672c\u8eab\u90fd\u662f\u5f00\u6e90\u8f6f\u4ef6\u3002 OpenStack \u9879\u76ee\u662f\u4f7f\u7528 OpenDev \u7684\u6700\u5927\u9879\u76ee\u3002 OpenLDAP \u5f00\u6e90 LDAP \u670d\u52a1\u5668\u3002\u53d7\u8ba1\u7b97\u548c\u6807\u8bc6\u652f\u6301\u3002 OpenStack OpenStack \u662f\u4e00\u4e2a\u4e91\u64cd\u4f5c\u7cfb\u7edf\uff0c\u53ef\u63a7\u5236\u6574\u4e2a\u6570\u636e\u4e2d\u5fc3\u7684\u5927\u578b\u8ba1\u7b97\u3001\u5b58\u50a8\u548c\u7f51\u7edc\u8d44\u6e90\u6c60\uff0c\u6240\u6709\u8fd9\u4e9b\u8d44\u6e90\u90fd\u901a\u8fc7\u4eea\u8868\u677f\u8fdb\u884c\u7ba1\u7406\uff0c\u8be5\u4eea\u8868\u677f\u4f7f\u7ba1\u7406\u5458\u80fd\u591f\u8fdb\u884c\u63a7\u5236\uff0c\u540c\u65f6\u6388\u6743\u7528\u6237\u901a\u8fc7 Web \u754c\u9762\u914d\u7f6e\u8d44\u6e90\u3002OpenStack \u662f\u4e00\u4e2a\u6839\u636e Apache License 2.0 \u8bb8\u53ef\u7684\u5f00\u6e90\u9879\u76ee\u3002 OpenStack \u4ee3\u7801\u540d\u79f0 \u6bcf\u4e2a OpenStack \u7248\u672c\u90fd\u6709\u4e00\u4e2a\u4ee3\u53f7\u3002\u4ee3\u53f7\u6309\u5b57\u6bcd\u987a\u5e8f\u6392\u5217\uff1aAustin, Bexar, Cactus, Diablo, Essex, Folsom, Grizzly, Havana, Icehouse, Juno, Kilo, Liberty, Mitaka, Newton, Ocata, Pike, Queens, Rocky, Stein, Train, Ussuri, Victoria, Wallaby, Xena, Yoga, Zed\u3002 Wallaby \u662f\u65b0\u7b56\u7565\u9009\u62e9\u7684\u7b2c\u4e00\u4e2a\u4ee3\u53f7\uff1a\u4ee3\u53f7\u7531\u793e\u533a\u6309\u7167\u5b57\u6bcd\u987a\u5e8f\u9009\u62e9\uff0c\u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u53d1\u5e03\u540d\u79f0\u6807\u51c6\u3002 \u7ef4\u591a\u5229\u4e9a\u7684\u540d\u5b57\u662f\u59d3\u6c0f\uff0c\u5176\u4e2d\u4ee3\u53f7\u662f\u9760\u8fd1\u76f8\u5e94OpenStack\u8bbe\u8ba1\u5cf0\u4f1a\u4e3e\u529e\u5730\u7684\u57ce\u5e02\u6216\u53bf\u3002\u4e00\u4e2a\u4f8b\u5916\uff0c\u79f0\u4e3a\u6c83\u5c14\u767b\u4f8b\u5916\uff0c\u88ab\u6388\u4e88\u5dde\u65d7\u4e2d\u542c\u8d77\u6765\u7279\u522b\u9177\u7684\u5143\u7d20\u3002\u4ee3\u53f7\u7531\u5927\u4f17\u6295\u7968\u9009\u51fa\u3002 \u4e0e\u6b64\u540c\u65f6\uff0c\u968f\u7740OpenStack\u53d1\u884c\u7248\u7684\u5b57\u6bcd\u8868\u7528\u5b8c\uff0c\u6280\u672f\u59d4\u5458\u4f1a\u6539\u53d8\u4e86\u547d\u540d\u8fc7\u7a0b\uff0c\u5c06\u53d1\u884c\u53f7\u548c\u53d1\u884c\u7248\u540d\u79f0\u4f5c\u4e3a\u8bc6\u522b\u7801\u3002\u7248\u672c\u53f7\u5c06\u662f\u4e3b\u8981\u6807\u8bc6\u7b26\uff1a\u201cyear\u201d\u3002\u5e74\u5185\u53d1\u5e03\u8ba1\u6570\u201c\uff0c\u8be5\u540d\u79f0\u5c06\u4e3b\u8981\u7528\u4e8e\u8425\u9500\u76ee\u7684\u3002\u7b2c\u4e00\u4e2a\u8fd9\u6837\u7684\u7248\u672c\u662f 2023.1 Antelope\u3002\u7d27\u968f\u5176\u540e\u7684\u662f 2023.2 Bobcat\u30012024.1 Caracal\u3002 openSUSE \u4e0e OpenStack \u517c\u5bb9\u7684 Linux \u53d1\u884c\u7248\u3002 \u64cd\u4f5c\u5458 \u8d1f\u8d23\u89c4\u5212\u548c\u7ef4\u62a4 OpenStack \u5b89\u88c5\u7684\u4eba\u5458\u3002 \u53ef\u9009\u670d\u52a1 \u7531 Interop \u5de5\u4f5c\u7ec4\u5b9a\u4e49\u4e3a\u53ef\u9009\u7684\u5b98\u65b9 OpenStack \u670d\u52a1\u3002\u76ee\u524d\uff0c\u7531 Dashboard \uff08horizon\uff09\u3001Telemetry \u670d\u52a1 \uff08Telemetry\uff09\u3001Orchestration \u670d\u52a1 \uff08heat\uff09\u3001Database \u670d\u52a1 \uff08trove\uff09\u3001Bare Metal \u670d\u52a1 \uff08ironic\uff09 \u7b49\u7ec4\u6210\u3002 \u7f16\u6392\u670d\u52a1\uff08heat\uff09 OpenStack \u670d\u52a1\uff0c\u5b83\u901a\u8fc7 OpenStack \u539f\u751f REST API \u4f7f\u7528\u58f0\u660e\u6027\u6a21\u677f\u683c\u5f0f\u7f16\u6392\u590d\u5408\u4e91\u5e94\u7528\u7a0b\u5e8f\u3002 orphan \u5728\u5bf9\u8c61\u5b58\u50a8\u7684\u4e0a\u4e0b\u6587\u4e2d\uff0c\u8fd9\u662f\u4e00\u4e2a\u5728\u5347\u7ea7\u3001\u91cd\u65b0\u542f\u52a8\u6216\u91cd\u65b0\u52a0\u8f7d\u670d\u52a1\u540e\u4e0d\u4f1a\u7ec8\u6b62\u7684\u8fc7\u7a0b\u3002 Oslo Common Libraries \u9879\u76ee\u7684\u4ee3\u53f7\u3002 P \u00b6 panko OpenStack Telemetry \u670d\u52a1\u7684\u4e00\u90e8\u5206;\u63d0\u4f9b\u4e8b\u4ef6\u5b58\u50a8\u3002 \u7236\u5355\u5143\u683c \u5982\u679c\u8bf7\u6c42\u7684\u8d44\u6e90\uff08\u5982 CPU \u65f6\u95f4\u3001\u78c1\u76d8\u5b58\u50a8\u6216\u5185\u5b58\uff09\u5728\u7236\u5355\u5143\u4e2d\u4e0d\u53ef\u7528\uff0c\u5219\u8be5\u8bf7\u6c42\u5c06\u8f6c\u53d1\u5230\u5173\u8054\u7684\u5b50\u5355\u5143\u3002 \u5206\u533a \u5bf9\u8c61\u5b58\u50a8\u4e2d\u7528\u4e8e\u5b58\u50a8\u5bf9\u8c61\u7684\u5b58\u50a8\u5355\u5143\u3002\u5b83\u5b58\u5728\u4e8e\u8bbe\u5907\u4e4b\u4e0a\uff0c\u5e76\u88ab\u590d\u5236\u4ee5\u5b9e\u73b0\u5bb9\u9519\u3002. \u5206\u533a\u7d22\u5f15 \u5305\u542b\u73af\u5185\u6240\u6709\u5bf9\u8c61\u5b58\u50a8\u5206\u533a\u7684\u4f4d\u7f6e\u3002 \u5206\u533a\u504f\u79fb\u503c \u5bf9\u8c61\u5b58\u50a8\u7528\u4e8e\u786e\u5b9a\u6570\u636e\u5e94\u9a7b\u7559\u5728\u54ea\u4e2a\u5206\u533a\u4e0a\u3002 \u8def\u5f84 MTU \u53d1\u73b0 \uff08PMTUD\uff09 IP \u7f51\u7edc\u4e2d\u7528\u4e8e\u68c0\u6d4b\u7aef\u5230\u7aef MTU \u5e76\u76f8\u5e94\u5730\u8c03\u6574\u6570\u636e\u5305\u5927\u5c0f\u7684\u673a\u5236\u3002 \u6682\u505c \u672a\u53d1\u751f\u4efb\u4f55\u66f4\u6539\uff08\u5185\u5b58\u672a\u66f4\u6539\u3001\u7f51\u7edc\u901a\u4fe1\u505c\u6b62\u7b49\uff09\u7684 VM \u72b6\u6001;VM \u5df2\u51bb\u7ed3\uff0c\u4f46\u672a\u5173\u95ed\u3002 PCI\u76f4\u901a \u4e3a\u5ba2\u6237\u673a\u865a\u62df\u673a\u63d0\u4f9b\u5bf9 PCI \u8bbe\u5907\u7684\u72ec\u5360\u8bbf\u95ee\u6743\u9650\u3002\u76ee\u524d\u5728 OpenStack Havana \u53ca\u66f4\u9ad8\u7248\u672c\u4e2d\u53d7\u652f\u6301\u3002 \u6301\u4e45\u6d88\u606f \u5b58\u50a8\u5728\u5185\u5b58\u548c\u78c1\u76d8\u4e0a\u7684\u6d88\u606f\u3002\u5931\u8d25\u6216\u91cd\u65b0\u542f\u52a8\u540e\uff0c\u6d88\u606f\u4e0d\u4f1a\u4e22\u5931\u3002 \u6301\u4e45\u5377 \u5c06\u4fdd\u5b58\u5bf9\u8fd9\u4e9b\u7c7b\u578b\u7684\u78c1\u76d8\u5377\u6240\u505a\u7684\u66f4\u6539\u3002 \u4e2a\u6027\u6587\u4ef6 \u7528\u4e8e\u81ea\u5b9a\u4e49 Compute \u5b9e\u4f8b\u7684\u6587\u4ef6\u3002\u5b83\u53ef\u7528\u4e8e\u6ce8\u5165 SSH \u5bc6\u94a5\u6216\u7279\u5b9a\u7684\u7f51\u7edc\u914d\u7f6e\u3002 Pike OpenStack \u7b2c 16 \u7248\u7684\u4ee3\u53f7\u3002OpenStack\u5cf0\u4f1a\u5728\u7f8e\u56fd\u9a6c\u8428\u8bf8\u585e\u5dde\u6ce2\u58eb\u987f\u4e3e\u884c\u3002\u8be5\u7248\u672c\u4ee5\u9a6c\u8428\u8bf8\u585e\u5dde\u6536\u8d39\u516c\u8def\u547d\u540d\uff0c\u901a\u5e38\u7f29\u5199\u4e3a\u9a6c\u8428\u8bf8\u585e\u5dde\u6536\u8d39\u516c\u8def\uff0c\u8fd9\u662f 90 \u53f7\u5dde\u9645\u516c\u8def\u6700\u4e1c\u7aef\u7684\u8def\u6bb5\u3002 \u5e73\u53f0\u5373\u670d\u52a1\uff08PaaS\uff09 \u4e3a\u4f7f\u7528\u8005\u63d0\u4f9b\u64cd\u4f5c\u7cfb\u7edf\uff0c\u901a\u5e38\u8fd8\u4e3a\u8bed\u8a00\u8fd0\u884c\u65f6\u548c\u5e93\uff08\u7edf\u79f0\u4e3a\u201c\u5e73\u53f0\u201d\uff09\u63d0\u4f9b\uff0c\u6d88\u8d39\u8005\u53ef\u4ee5\u5728\u5176\u4e0a\u8fd0\u884c\u81ea\u5df1\u7684\u5e94\u7528\u7a0b\u5e8f\u4ee3\u7801\uff0c\u800c\u65e0\u9700\u63d0\u4f9b\u5bf9\u5e95\u5c42\u57fa\u7840\u7ed3\u6784\u7684\u4efb\u4f55\u63a7\u5236\u3002\u5e73\u53f0\u5373\u670d\u52a1\u63d0\u4f9b\u5546\u7684\u793a\u4f8b\u5305\u62ec Cloud Foundry \u548c OpenShift\u3002 \u63d2\u4ef6 \u4e3a\u7f51\u7edc API \u6216\u8ba1\u7b97 API \u63d0\u4f9b\u5b9e\u9645\u5b9e\u73b0\u7684\u8f6f\u4ef6\u7ec4\u4ef6\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u4e0a\u4e0b\u6587\u3002 \u7b56\u7565\u670d\u52a1 \u6807\u8bc6\u7ec4\u4ef6\uff0c\u63d0\u4f9b\u89c4\u5219\u7ba1\u7406\u63a5\u53e3\u548c\u57fa\u4e8e\u89c4\u5219\u7684\u6388\u6743\u5f15\u64ce\u3002 \u57fa\u4e8e\u7b56\u7565\u7684\u8def\u7531 \uff08PBR\uff09 \u63d0\u4f9b\u4e00\u79cd\u673a\u5236\uff0c\u7528\u4e8e\u6839\u636e\u7f51\u7edc\u7ba1\u7406\u5458\u5b9a\u4e49\u7684\u7b56\u7565\u5b9e\u73b0\u6570\u636e\u5305\u8f6c\u53d1\u548c\u8def\u7531\u3002 \u6c60 \u4e00\u7ec4\u903b\u8f91\u8bbe\u5907\uff0c\u4f8b\u5982 Web \u670d\u52a1\u5668\uff0c\u60a8\u53ef\u4ee5\u5c06\u5176\u7ec4\u5408\u5728\u4e00\u8d77\u4ee5\u63a5\u6536\u548c\u5904\u7406\u6d41\u91cf\u3002\u8d1f\u8f7d\u5e73\u8861\u529f\u80fd\u9009\u62e9\u6c60\u4e2d\u7684\u54ea\u4e2a\u6210\u5458\u5904\u7406\u5728 VIP \u5730\u5740\u4e0a\u6536\u5230\u7684\u65b0\u8bf7\u6c42\u6216\u8fde\u63a5\u3002\u6bcf\u4e2aVIP\u90fd\u6709\u4e00\u4e2a\u6e38\u6cf3\u6c60\u3002 \u6c60\u6210\u5458 \u5728\u8d1f\u8f7d\u5e73\u8861\u7cfb\u7edf\u4e2d\u7684\u540e\u7aef\u670d\u52a1\u5668\u4e0a\u8fd0\u884c\u7684\u5e94\u7528\u7a0b\u5e8f\u3002 \u7aef\u53e3 \u7f51\u7edc\u4e2d\u7684\u865a\u62df\u7f51\u7edc\u7aef\u53e3;VIF / vNIC \u8fde\u63a5\u5230\u7aef\u53e3\u3002 \u7aef\u53e3 UUID \u7f51\u7edc\u7aef\u53e3\u7684\u552f\u4e00 ID\u3002 \u9884\u7f6e \u5728\u57fa\u4e8e Debian \u7684 Linux \u53d1\u884c\u7248\u4e0a\u81ea\u52a8\u8fdb\u884c\u7cfb\u7edf\u914d\u7f6e\u548c\u5b89\u88c5\u7684\u5de5\u5177\u3002 \u79c1\u6709\u4e91 \u4e00\u4e2a\u4f01\u4e1a\u6216\u7ec4\u7ec7\u72ec\u5360\u4f7f\u7528\u7684\u8ba1\u7b97\u8d44\u6e90\u3002 \u79c1\u6709\u6620\u50cf \u4ec5\u5bf9\u6307\u5b9a\u9879\u76ee\u53ef\u7528\u7684\u6620\u50cf\u670d\u52a1\u865a\u62df\u673a\u6620\u50cf\u3002 \u79c1\u6709 IP \u5730\u5740 \u7528\u4e8e\u7ba1\u7406\u548c\u7ba1\u7406\u7684 IP \u5730\u5740\uff0c\u4e0d\u53ef\u7528\u4e8e\u516c\u5171 Internet\u3002 \u4e13\u7528\u7f51\u7edc \u7f51\u7edc\u63a7\u5236\u5668\u63d0\u4f9b\u865a\u62df\u7f51\u7edc\uff0c\u4f7f\u8ba1\u7b97\u670d\u52a1\u5668\u80fd\u591f\u76f8\u4e92\u4ea4\u4e92\u4ee5\u53ca\u4e0e\u516c\u7528\u7f51\u7edc\u4ea4\u4e92\u3002\u6240\u6709\u8ba1\u7b97\u673a\u90fd\u5fc5\u987b\u5177\u6709\u516c\u5171\u548c\u4e13\u7528\u7f51\u7edc\u63a5\u53e3\u3002\u4e13\u7528\u7f51\u7edc\u63a5\u53e3\u53ef\u4ee5\u662f\u5e73\u9762\u7f51\u7edc\u63a5\u53e3\uff0c\u4e5f\u53ef\u4ee5\u662f VLAN \u7f51\u7edc\u63a5\u53e3\u3002\u6241\u5e73\u5316\u7f51\u7edc\u63a5\u53e3\u7531\u5177\u6709\u6241\u5e73\u5316\u7ba1\u7406\u5668\u7684flat_interface\u63a7\u5236\u3002VLAN \u7f51\u7edc\u63a5\u53e3\u7531\u5e26\u6709 VLAN \u7ba1\u7406\u5668\u7684 vlan_interface \u9009\u4ef6\u63a7\u5236\u3002 \u9879\u76ee \u9879\u76ee\u4ee3\u8868\u4e86OpenStack\u4e2d\u201c\u6240\u6709\u6743\u201d\u7684\u57fa\u672c\u5355\u4f4d\uff0c\u56e0\u4e3aOpenStack\u4e2d\u7684\u6240\u6709\u8d44\u6e90\u90fd\u5e94\u8be5\u7531\u7279\u5b9a\u9879\u76ee\u62e5\u6709\u3002\u5728 OpenStack Identity \u4e2d\uff0c\u9879\u76ee\u5fc5\u987b\u7531\u7279\u5b9a\u57df\u62e5\u6709\u3002 \u9879\u76ee ID Identity \u670d\u52a1\u5206\u914d\u7ed9\u6bcf\u4e2a\u9879\u76ee\u7684\u552f\u4e00 ID\u3002 \u9879\u76ee VPN cloudpipe \u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u6df7\u6742\u6a21\u5f0f \u4f7f\u7f51\u7edc\u63a5\u53e3\u5c06\u5176\u63a5\u6536\u7684\u6240\u6709\u6d41\u91cf\u4f20\u9012\u5230\u4e3b\u673a\uff0c\u800c\u4e0d\u662f\u4ec5\u4f20\u9012\u5bfb\u5740\u5230\u5b83\u7684\u5e27\u3002 \u53d7\u4fdd\u62a4\u7684\u5c5e\u6027 \u901a\u5e38\uff0c\u53ea\u6709\u4e91\u7ba1\u7406\u5458\u624d\u80fd\u8bbf\u95ee\u7684\u6620\u50cf\u670d\u52a1\u6620\u50cf\u4e0a\u7684\u989d\u5916\u5c5e\u6027\u3002\u9650\u5236\u54ea\u4e9b\u7528\u6237\u89d2\u8272\u53ef\u4ee5\u5bf9\u8be5\u5c5e\u6027\u6267\u884c CRUD \u64cd\u4f5c\u3002\u4e91\u7ba1\u7406\u5458\u53ef\u4ee5\u5c06\u4efb\u4f55\u6620\u50cf\u5c5e\u6027\u914d\u7f6e\u4e3a\u53d7\u4fdd\u62a4\u3002 \u63d0\u4f9b\u8005 \u6709\u6743\u8bbf\u95ee\u6240\u6709\u4e3b\u673a\u548c\u5b9e\u4f8b\u7684\u7ba1\u7406\u5458\u3002 \u4ee3\u7406\u8282\u70b9 \u63d0\u4f9bObject Storage\u4ee3\u7406\u670d\u52a1\u7684\u8282\u70b9\u3002 \u4ee3\u7406\u670d\u52a1\u5668 \u5bf9\u8c61\u5b58\u50a8\u7684\u7528\u6237\u901a\u8fc7\u4ee3\u7406\u670d\u52a1\u5668\u4e0e\u670d\u52a1\u8fdb\u884c\u4ea4\u4e92\uff0c\u4ee3\u7406\u670d\u52a1\u5668\u53c8\u5728\u73af\u5185\u67e5\u627e\u6240\u8bf7\u6c42\u6570\u636e\u7684\u4f4d\u7f6e\uff0c\u5e76\u5c06\u7ed3\u679c\u8fd4\u56de\u7ed9\u7528\u6237\u3002 \u516c\u5171 API \u7528\u4e8e\u670d\u52a1\u5230\u670d\u52a1\u901a\u4fe1\u548c\u6700\u7ec8\u7528\u6237\u4ea4\u4e92\u7684 API \u7ec8\u7ed3\u70b9\u3002 \u516c\u6709\u4e91 \u8bb8\u591a\u7528\u6237\u53ef\u901a\u8fc7 Internet \u8bbf\u95ee\u7684\u6570\u636e\u4e2d\u5fc3\u3002 \u516c\u5171\u955c\u50cf \u53ef\u4f9b\u6240\u6709\u9879\u76ee\u4f7f\u7528\u7684\u955c\u50cf\u670d\u52a1\u865a\u62df\u673a\u955c\u50cf\u3002 \u516c\u7f51 IP \u5730\u5740 \u6700\u7ec8\u7528\u6237\u53ef\u8bbf\u95ee\u7684 IP \u5730\u5740\u3002 \u516c\u94a5\u8ba4\u8bc1 \u4f7f\u7528\u5bc6\u94a5\u800c\u4e0d\u662f\u5bc6\u7801\u7684\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u3002 \u516c\u7f51 \u7f51\u7edc\u63a7\u5236\u5668\u63d0\u4f9b\u865a\u62df\u7f51\u7edc\uff0c\u4f7f\u8ba1\u7b97\u670d\u52a1\u5668\u80fd\u591f\u76f8\u4e92\u4ea4\u4e92\u4ee5\u53ca\u4e0e\u516c\u7528\u7f51\u7edc\u4ea4\u4e92\u3002\u6240\u6709\u8ba1\u7b97\u673a\u90fd\u5fc5\u987b\u5177\u6709\u516c\u5171\u548c\u4e13\u7528\u7f51\u7edc\u63a5\u53e3\u3002\u516c\u7528\u7f51\u7edc\u63a5\u53e3\u7531\u8be5 public_interface \u9009\u9879\u63a7\u5236\u3002 Puppet OpenStack\u652f\u6301\u7684\u64cd\u4f5c\u7cfb\u7edf\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\u3002 Python \u6a21\u578b OpenStack\u4e2d\u5e7f\u6cdb\u4f7f\u7528\u7684\u7f16\u7a0b\u8bed\u8a00\u3002 Q \u00b6 QEMU \u5199\u5165\u65f6\u590d\u5236 2 \uff08QCOW2\uff09 \u955c\u50cf\u670d\u52a1\u652f\u6301\u7684\u865a\u62df\u673a\u955c\u50cf\u78c1\u76d8\u683c\u5f0f\u4e4b\u4e00\u3002 Qpid penStack\u652f\u6301\u7684\u6d88\u606f\u961f\u5217\u8f6f\u4ef6;RabbitMQ \u7684\u66ff\u4ee3\u54c1\u3002 \u670d\u52a1\u8d28\u91cf \uff08QoS\uff09 \u4fdd\u8bc1\u67d0\u4e9b\u7f51\u7edc\u6216\u5b58\u50a8\u8981\u6c42\u4ee5\u6ee1\u8db3\u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u5546\u548c\u6700\u7ec8\u7528\u6237\u4e4b\u95f4\u7684\u670d\u52a1\u7ea7\u522b\u534f\u8bae \uff08SLA\uff09 \u7684\u80fd\u529b\u3002\u901a\u5e38\u5305\u62ec\u7f51\u7edc\u5e26\u5bbd\u3001\u5ef6\u8fdf\u3001\u6296\u52a8\u6821\u6b63\u548c\u53ef\u9760\u6027\u7b49\u6027\u80fd\u8981\u6c42\uff0c\u4ee5\u53ca\u6bcf\u79d2\u8f93\u5165/\u8f93\u51fa\u64cd\u4f5c\u6570 \uff08IOPS\uff09 \u4e2d\u7684\u5b58\u50a8\u6027\u80fd\u3001\u9650\u5236\u534f\u8bae\u548c\u5cf0\u503c\u8d1f\u8f7d\u4e0b\u7684\u6027\u80fd\u9884\u671f\u3002 \u9694\u79bb \u5982\u679c\u5bf9\u8c61\u5b58\u50a8\u53d1\u73b0\u5bf9\u8c61\u3001\u5bb9\u5668\u6216\u5e10\u6237\u5df2\u635f\u574f\uff0c\u5219\u4f1a\u5c06\u5176\u7f6e\u4e8e\u6b64\u72b6\u6001\uff0c\u4e0d\u4f1a\u88ab\u590d\u5236\uff0c\u5ba2\u6237\u7aef\u65e0\u6cd5\u8bfb\u53d6\uff0c\u5e76\u4e14\u4f1a\u91cd\u65b0\u590d\u5236\u6b63\u786e\u7684\u526f\u672c\u3002 Queens OpenStack \u7b2c 17 \u7248\u7684\u4ee3\u53f7\u3002OpenStack\u5cf0\u4f1a\u5728\u6fb3\u5927\u5229\u4e9a\u6089\u5c3c\u4e3e\u884c\u3002\u8be5\u7248\u672c\u4ee5\u65b0\u5357\u5a01\u5c14\u58eb\u5dde\u5357\u6d77\u5cb8\u5730\u533a\u7684\u7687\u540e\u5e9e\u5fb7\u6cb3\u547d\u540d\u3002 Quick EMUlator \uff08QEMU\uff09 \uff08\u5feb\u901f EMUlator\uff09 QEMU \u662f\u4e00\u4e2a\u901a\u7528\u7684\u5f00\u6e90\u673a\u5668\u4eff\u771f\u5668\u548c\u865a\u62df\u5316\u5668\u3002OpenStack \u652f\u6301\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e4b\u4e00\uff0c\u901a\u5e38\u7528\u4e8e\u5f00\u53d1\u76ee\u7684\u3002 \u914d\u989d \u5728\u8ba1\u7b97\u548c\u5757\u5b58\u50a8\u4e2d\uff0c\u80fd\u591f\u57fa\u4e8e\u6bcf\u4e2a\u9879\u76ee\u8bbe\u7f6e\u8d44\u6e90\u9650\u5236\u3002 R \u00b6 RabbitMQ \u6a21\u578b OpenStack \u4f7f\u7528\u7684\u9ed8\u8ba4\u6d88\u606f\u961f\u5217\u8f6f\u4ef6\u3002 Rackspace \u4e91\u6587\u4ef6 2010 \u5e74\u7531 Rackspace \u5f00\u6e90\u53d1\u5e03;\u5bf9\u8c61\u5b58\u50a8\u7684\u57fa\u7840\u3002 RADOS \u5757\u8bbe\u5907 \uff08RBD\uff09 Ceph \u7ec4\u4ef6\uff0c\u4f7f Linux \u5757\u8bbe\u5907\u80fd\u591f\u5728\u591a\u4e2a\u5206\u5e03\u5f0f\u6570\u636e\u5b58\u50a8\u4e0a\u8fdb\u884c\u6761\u5e26\u5316\u3002 radvd \u8def\u7531\u5668\u901a\u544a\u5b88\u62a4\u7a0b\u5e8f\uff0c\u7531\u8ba1\u7b97 VLAN \u7ba1\u7406\u5668\u548c FlatDHCP \u7ba1\u7406\u5668\u7528\u4e8e\u4e3a VM \u5b9e\u4f8b\u63d0\u4f9b\u8def\u7531\u670d\u52a1\u3002 rally Benchmark \u670d\u52a1\u7684\u4ee3\u53f7\u3002 RAM\u8fc7\u6ee4\u5668 \u542f\u7528\u6216\u7981\u7528 RAM \u8fc7\u91cf\u5206\u914d\u7684\u8ba1\u7b97\u8bbe\u7f6e\u3002 RAM \u8fc7\u91cf\u5206\u914d \u80fd\u591f\u6839\u636e\u4e3b\u673a\u7684\u5b9e\u9645\u5185\u5b58\u4f7f\u7528\u60c5\u51b5\u542f\u52a8\u65b0\u7684 VM \u5b9e\u4f8b\uff0c\u800c\u4e0d\u662f\u6839\u636e\u6bcf\u4e2a\u6b63\u5728\u8fd0\u884c\u7684\u5b9e\u4f8b\u8ba4\u4e3a\u5176\u53ef\u7528\u7684 RAM \u91cf\u6765\u505a\u51fa\u51b3\u5b9a\u3002\u4e5f\u79f0\u4e3a\u5185\u5b58\u8fc7\u91cf\u4f7f\u7528\u3002 \u901f\u7387\u9650\u5236 \u5bf9\u8c61\u5b58\u50a8\u4e2d\u7684\u53ef\u914d\u7f6e\u9009\u9879\uff0c\u7528\u4e8e\u9650\u5236\u6bcf\u4e2a\u5e10\u6237\u548c/\u6216\u6bcf\u4e2a\u5bb9\u5668\u7684\u6570\u636e\u5e93\u5199\u5165\u3002 \u539f\u59cb \u6620\u50cf\u670d\u52a1\u652f\u6301\u7684\u865a\u62df\u673a\u6620\u50cf\u78c1\u76d8\u683c\u5f0f\u4e4b\u4e00;\u975e\u7ed3\u6784\u5316\u78c1\u76d8\u6620\u50cf\u3002 \u91cd\u65b0\u5e73\u8861 \u5728\u73af\u4e2d\u7684\u6240\u6709\u9a71\u52a8\u5668\u4e4b\u95f4\u5206\u914d\u5bf9\u8c61\u5b58\u50a8\u5206\u533a\u7684\u8fc7\u7a0b;\u5728\u521d\u59cb\u73af\u521b\u5efa\u671f\u95f4\u548c\u73af\u91cd\u65b0\u914d\u7f6e\u540e\u4f7f\u7528\u3002 \u91cd\u542f \u5bf9\u670d\u52a1\u5668\u8fdb\u884c\u8f6f\u91cd\u542f\u6216\u786c\u91cd\u542f\u3002\u901a\u8fc7\u8f6f\u91cd\u542f\uff0c\u64cd\u4f5c\u7cfb\u7edf\u4f1a\u53d1\u51fa\u91cd\u65b0\u542f\u52a8\u4fe1\u53f7\uff0c\u4ece\u800c\u53ef\u4ee5\u6b63\u5e38\u5173\u95ed\u6240\u6709\u8fdb\u7a0b\u3002\u786c\u91cd\u542f\u76f8\u5f53\u4e8e\u91cd\u542f\u670d\u52a1\u5668\u3002\u865a\u62df\u5316\u5e73\u53f0\u5e94\u786e\u4fdd\u91cd\u65b0\u542f\u52a8\u64cd\u4f5c\u5df2\u6210\u529f\u5b8c\u6210\uff0c\u5373\u4f7f\u5728\u57fa\u7840\u57df/VM \u6682\u505c\u6216\u505c\u6b62/\u505c\u6b62\u7684\u60c5\u51b5\u4e0b\u4e5f\u662f\u5982\u6b64\u3002 \u91cd\u5efa \u5220\u9664\u670d\u52a1\u5668\u4e0a\u7684\u6240\u6709\u6570\u636e\uff0c\u5e76\u5c06\u5176\u66ff\u6362\u4e3a\u6307\u5b9a\u7684\u6620\u50cf\u3002\u670d\u52a1\u5668 ID \u548c IP \u5730\u5740\u4fdd\u6301\u4e0d\u53d8\u3002 \u4fa6\u5bdf \u7528\u4e8e\u6536\u96c6\u8ba1\u91cf\u7684\u5bf9\u8c61\u5b58\u50a8\u7ec4\u4ef6\u3002 \u8bb0\u5f55 \u5c5e\u4e8e\u7279\u5b9a\u57df\uff0c\u7528\u4e8e\u6307\u5b9a\u6709\u5173\u8be5\u57df\u7684\u4fe1\u606f\u3002\u6709\u51e0\u79cd\u7c7b\u578b\u7684 DNS \u8bb0\u5f55\u3002\u6bcf\u79cd\u8bb0\u5f55\u7c7b\u578b\u90fd\u5305\u542b\u7528\u4e8e\u63cf\u8ff0\u8be5\u8bb0\u5f55\u7528\u9014\u7684\u7279\u5b9a\u4fe1\u606f\u3002\u793a\u4f8b\u5305\u62ec\u90ae\u4ef6\u4ea4\u6362 \uff08MX\uff09 \u8bb0\u5f55\uff0c\u5b83\u6307\u5b9a\u7279\u5b9a\u57df\u7684\u90ae\u4ef6\u670d\u52a1\u5668;\u548c\u540d\u79f0\u670d\u52a1\u5668 \uff08NS\uff09 \u8bb0\u5f55\uff0c\u7528\u4e8e\u6307\u5b9a\u57df\u7684\u6743\u5a01\u540d\u79f0\u670d\u52a1\u5668\u3002 \u8bb0\u5f55 ID \u6570\u636e\u5e93\u4e2d\u7684\u4e00\u4e2a\u6570\u5b57\uff0c\u6bcf\u6b21\u8fdb\u884c\u66f4\u6539\u65f6\u90fd\u4f1a\u9012\u589e\u3002\u5bf9\u8c61\u5b58\u50a8\u5728\u590d\u5236\u65f6\u4f7f\u7528\u3002 Red Hat Enterprise Linux \uff08RHEL\uff09 \uff08\u82f1\u8bed\uff09 \u4e0e OpenStack \u517c\u5bb9\u7684 Linux \u53d1\u884c\u7248\u3002 \u53c2\u8003\u67b6\u6784 OpenStack \u4e91\u7684\u63a8\u8350\u67b6\u6784\u3002 \u533a\u57df \u5177\u6709\u4e13\u7528 API \u7aef\u70b9\u7684\u79bb\u6563 OpenStack \u73af\u5883\uff0c\u901a\u5e38\u4ec5\u4e0e\u5176\u4ed6\u533a\u57df\u5171\u4eab\u8eab\u4efd \uff08keystone\uff09\u3002 \u6ce8\u518c\u8868 \u5f71\u50cf\u670d\u52a1\u6ce8\u518c\u8868\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u6ce8\u518c\u8868\u670d\u52a1\u5668 \u5411\u5ba2\u6237\u7aef\u63d0\u4f9b\u865a\u62df\u673a\u955c\u50cf\u5143\u6570\u636e\u4fe1\u606f\u7684\u955c\u50cf\u670d\u52a1\u3002 \u53ef\u9760\u3001\u81ea\u4e3b\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8 \uff08\u96f7\u8fbe\uff09 \u5728 Ceph \u4e2d\u63d0\u4f9b\u5bf9\u8c61\u5b58\u50a8\u7684\u7ec4\u4ef6\u96c6\u5408\u3002\u7c7b\u4f3c\u4e8e OpenStack Object Storage\u3002 \u8fdc\u7a0b\u8fc7\u7a0b\u8c03\u7528 \uff08RPC\uff09 \u8ba1\u7b97RabbitMQ \u7528\u4e8e\u670d\u52a1\u5185\u901a\u4fe1\u7684\u65b9\u6cd5\u3002 \u526f\u672c \u901a\u8fc7\u521b\u5efa\u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61\u3001\u5e10\u6237\u548c\u5bb9\u5668\u7684\u526f\u672c\u6765\u63d0\u4f9b\u6570\u636e\u5197\u4f59\u548c\u5bb9\u9519\uff0c\u4ee5\u4fbf\u5728\u5e95\u5c42\u5b58\u50a8\u53d1\u751f\u6545\u969c\u65f6\u4e0d\u4f1a\u4e22\u5931\u5b83\u4eec\u3002 \u526f\u672c\u6570\u91cf \u5bf9\u8c61\u5b58\u50a8\u73af\u4e2d\u6570\u636e\u7684\u526f\u672c\u6570\u3002 \u590d\u5236 \u5c06\u6570\u636e\u590d\u5236\u5230\u5355\u72ec\u7684\u7269\u7406\u8bbe\u5907\u4ee5\u5b9e\u73b0\u5bb9\u9519\u548c\u6027\u80fd\u7684\u8fc7\u7a0b\u3002 \u590d\u5236\u5668 \u5bf9\u8c61\u5b58\u50a8\u540e\u7aef\u8fdb\u7a0b\uff0c\u7528\u4e8e\u521b\u5efa\u548c\u7ba1\u7406\u5bf9\u8c61\u526f\u672c\u3002 \u8bf7\u6c42 ID \u5206\u914d\u7ed9\u53d1\u9001\u5230\u8ba1\u7b97\u7684\u6bcf\u4e2a\u8bf7\u6c42\u7684\u552f\u4e00 ID\u3002 \u6551\u63f4\u6620\u50cf \u4e00\u79cd\u7279\u6b8a\u7c7b\u578b\u7684 VM \u6620\u50cf\uff0c\u5728\u5c06\u5b9e\u4f8b\u7f6e\u4e8e\u6551\u63f4\u6a21\u5f0f\u65f6\u542f\u52a8\u3002\u5141\u8bb8\u7ba1\u7406\u5458\u6302\u8f7d\u5b9e\u4f8b\u7684\u6587\u4ef6\u7cfb\u7edf\u4ee5\u66f4\u6b63\u95ee\u9898\u3002 \u8c03\u6574\u5927\u5c0f \u5c06\u73b0\u6709\u670d\u52a1\u5668\u8f6c\u6362\u4e3a\u5176\u4ed6\u98ce\u683c\uff0c\u4ece\u800c\u6269\u5c55\u6216\u7f29\u51cf\u670d\u52a1\u5668\u3002\u4fdd\u5b58\u539f\u59cb\u670d\u52a1\u5668\u4ee5\u5728\u51fa\u73b0\u95ee\u9898\u65f6\u542f\u7528\u56de\u6eda\u3002\u5fc5\u987b\u6d4b\u8bd5\u5e76\u660e\u786e\u786e\u8ba4\u6240\u6709\u8c03\u6574\u5927\u5c0f\uff0c\u6b64\u65f6\u5c06\u5220\u9664\u539f\u59cb\u670d\u52a1\u5668\u3002 RESTful \u4e00\u79cd\u4f7f\u7528 REST \u6216\u5177\u8c61\u72b6\u6001\u4f20\u8f93\u7684 Web \u670d\u52a1 API\u3002REST\u662f\u7528\u4e8e\u4e07\u7ef4\u7f51\u7684\u8d85\u5a92\u4f53\u7cfb\u7edf\u7684\u67b6\u6784\u98ce\u683c \u73af \u5c06\u5bf9\u8c61\u5b58\u50a8\u6570\u636e\u6620\u5c04\u5230\u5206\u533a\u7684\u5b9e\u4f53\u3002\u6bcf\u4e2a\u670d\u52a1\uff08\u4f8b\u5982\u5e10\u6237\u3001\u5bf9\u8c61\u548c\u5bb9\u5668\uff09\u90fd\u5b58\u5728\u4e00\u4e2a\u5355\u72ec\u7684\u73af\u3002 \u73af\u6784\u5efa\u5668 \u5728\u5bf9\u8c61\u5b58\u50a8\u4e2d\u6784\u5efa\u548c\u7ba1\u7406\u73af\uff0c\u4e3a\u8bbe\u5907\u5206\u914d\u5206\u533a\uff0c\u5e76\u5c06\u914d\u7f6e\u63a8\u9001\u5230\u5176\u4ed6\u5b58\u50a8\u8282\u70b9\u3002 Rocky OpenStack \u7b2c 18 \u7248\u7684\u4ee3\u53f7\u3002OpenStack\u5cf0\u4f1a\u5728\u52a0\u62ff\u5927\u6e29\u54e5\u534e\u4e3e\u884c\u3002\u8be5\u7248\u672c\u4ee5\u843d\u57fa\u5c71\u8109\u547d\u540d\u3002 \u89d2\u8272 \u7528\u6237\u4e3a\u6267\u884c\u4e00\u7ec4\u7279\u5b9a\u64cd\u4f5c\u800c\u5047\u5b9a\u7684\u4e2a\u6027\u3002\u89d2\u8272\u5305\u62ec\u4e00\u7ec4\u6743\u9650\u548c\u7279\u6743\u3002\u62c5\u4efb\u8be5\u89d2\u8272\u7684\u7528\u6237\u5c06\u7ee7\u627f\u8fd9\u4e9b\u6743\u5229\u548c\u7279\u6743\u3002 \u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236 \uff08RBAC\uff09 \u63d0\u4f9b\u7528\u6237\u53ef\u4ee5\u6267\u884c\u7684\u64cd\u4f5c\u7684\u9884\u5b9a\u4e49\u5217\u8868\uff0c\u4f8b\u5982\u542f\u52a8\u6216\u505c\u6b62 VM\u3001\u91cd\u7f6e\u5bc6\u7801\u7b49\u3002\u5728\u6807\u8bc6\u548c\u8ba1\u7b97\u4e2d\u5747\u53d7\u652f\u6301\uff0c\u53ef\u4ee5\u4f7f\u7528\u4eea\u8868\u677f\u8fdb\u884c\u914d\u7f6e\u3002 \u89d2\u8272 ID \u5206\u914d\u7ed9\u6bcf\u4e2a\u8eab\u4efd\u670d\u52a1\u89d2\u8272\u7684\u5b57\u6bcd\u6570\u5b57 ID\u3002 \u6839\u672c\u539f\u56e0\u5206\u6790\uff08RCA\uff09\u670d\u52a1\uff08Vitrage\uff09 OpenStack\u9879\u76ee\u65e8\u5728\u7ec4\u7ec7\u3001\u5206\u6790\u548c\u53ef\u89c6\u5316OpenStack\u8b66\u62a5\u548c\u4e8b\u4ef6\uff0c\u6df1\u5165\u4e86\u89e3\u95ee\u9898\u7684\u6839\u672c\u539f\u56e0\uff0c\u5e76\u5728\u76f4\u63a5\u68c0\u6d4b\u5230\u95ee\u9898\u4e4b\u524d\u63a8\u65ad\u51fa\u5b83\u4eec\u7684\u5b58\u5728\u3002 rootwrap \u8ba1\u7b97\u7684\u4e00\u9879\u529f\u80fd\uff0c\u5141\u8bb8\u975e\u7279\u6743\u201cnova\u201d\u7528\u6237\u4ee5 Linux root \u7528\u6237\u8eab\u4efd\u8fd0\u884c\u6307\u5b9a\u7684\u547d\u4ee4\u5217\u8868\u3002 \u5faa\u73af\u8c03\u5ea6\u5668 \u5728\u53ef\u7528\u4e3b\u673a\u4e4b\u95f4\u5747\u5300\u5206\u914d\u5b9e\u4f8b\u7684\u8ba1\u7b97\u8ba1\u5212\u7a0b\u5e8f\u7684\u7c7b\u578b\u3002 \u8def\u7531\u5668 \u5728\u4e0d\u540c\u7f51\u7edc\u4e4b\u95f4\u4f20\u9012\u7f51\u7edc\u6d41\u91cf\u7684\u7269\u7406\u6216\u865a\u62df\u7f51\u7edc\u8bbe\u5907\u3002 \u8def\u7531\u5bc6\u94a5 \u8ba1\u7b97\u76f4\u63a5\u4ea4\u6362\u3001\u6247\u51fa\u4ea4\u6362\u548c\u4e3b\u9898\u4ea4\u6362\u4f7f\u7528\u6b64\u5bc6\u94a5\u6765\u786e\u5b9a\u5982\u4f55\u5904\u7406\u6d88\u606f;\u5904\u7406\u65b9\u5f0f\u56e0 Exchange \u7c7b\u578b\u800c\u5f02\u3002 RPC \u9a71\u52a8\u7a0b\u5e8f \u6a21\u5757\u5316\u7cfb\u7edf\uff0c\u5141\u8bb8\u66f4\u6539 Compute \u7684\u5e95\u5c42\u6d88\u606f\u961f\u5217\u8f6f\u4ef6\u3002\u4f8b\u5982\uff0c\u4ece RabbitMQ \u5230 ZeroMQ \u6216 Qpid\u3002 rsync \u7531\u5bf9\u8c61\u5b58\u50a8\u7528\u4e8e\u63a8\u9001\u5bf9\u8c61\u526f\u672c\u3002 RXTX \u9650 \u5236 \u8ba1\u7b97 VM \u5b9e\u4f8b\u53ef\u4ee5\u53d1\u9001\u548c\u63a5\u6536\u7684\u7f51\u7edc\u6d41\u91cf\u7684\u7edd\u5bf9\u9650\u5236\u3002 RXTX \u914d\u989d \u5bf9\u8ba1\u7b97 VM \u5b9e\u4f8b\u53ef\u4ee5\u53d1\u9001\u548c\u63a5\u6536\u7684\u7f51\u7edc\u6d41\u91cf\u7684\u8f6f\u9650\u5236\u3002 S \u00b6 sahara \u6570\u636e\u5904\u7406\u670d\u52a1\u7684\u4ee3\u53f7\u3002 SAML \u65ad\u8a00 \u5305\u542b\u6807\u8bc6\u63d0\u4f9b\u8005\u63d0\u4f9b\u7684\u6709\u5173\u7528\u6237\u7684\u4fe1\u606f\u3002\u8fd9\u8868\u793a\u7528\u6237\u5df2\u901a\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u3002 \u6c99\u76d2 \u4e00\u4e2a\u865a\u62df\u7a7a\u95f4\uff0c\u53ef\u4ee5\u5728\u5176\u4e2d\u5b89\u5168\u5730\u8fd0\u884c\u65b0\u7684\u6216\u672a\u7ecf\u6d4b\u8bd5\u7684\u8f6f\u4ef6\u3002 \u8c03\u5ea6\u5668\u7ba1\u7406\u5668 \u4e00\u4e2a\u8ba1\u7b97\u7ec4\u4ef6\uff0c\u7528\u4e8e\u786e\u5b9a VM \u5b9e\u4f8b\u7684\u542f\u52a8\u4f4d\u7f6e\u3002\u91c7\u7528\u6a21\u5757\u5316\u8bbe\u8ba1\uff0c\u652f\u6301\u591a\u79cd\u8c03\u5ea6\u7a0b\u5e8f\u7c7b\u578b\u3002 \u4f5c\u7528\u57df\u4ee4\u724c \u4e0e\u7279\u5b9a\u9879\u76ee\u5173\u8054\u7684\u8eab\u4efd\u670d\u52a1 API \u8bbf\u95ee\u4ee4\u724c\u3002 \u6d17\u6da4\u5668 \u68c0\u67e5\u5e76\u5220\u9664\u672a\u4f7f\u7528\u7684\u865a\u62df\u673a;\u5b9e\u73b0\u5ef6\u8fdf\u5220\u9664\u7684\u5f71\u50cf\u670d\u52a1\u7ec4\u4ef6\u3002 \u5bc6\u94a5 \u53ea\u6709\u7528\u6237\u77e5\u9053\u7684\u6587\u672c\u5b57\u7b26\u4e32;\u4e0e\u8bbf\u95ee\u5bc6\u94a5\u4e00\u8d77\u4f7f\u7528\uff0c\u4ee5\u5411\u8ba1\u7b97 API \u53d1\u51fa\u8bf7\u6c42\u3002 \u5b89\u5168\u542f\u52a8 \u7cfb\u7edf\u56fa\u4ef6\u9a8c\u8bc1\u542f\u52a8\u8fc7\u7a0b\u4e2d\u6d89\u53ca\u7684\u4ee3\u7801\u7684\u771f\u5b9e\u6027\u7684\u8fc7\u7a0b\u3002 \u5b89\u5168\u5916\u58f3 \uff08SSH\uff09 \u7528\u4e8e\u901a\u8fc7\u52a0\u5bc6\u901a\u4fe1\u901a\u9053\u8bbf\u95ee\u8fdc\u7a0b\u4e3b\u673a\u7684\u5f00\u6e90\u5de5\u5177\uff0c\u8ba1\u7b97\u652f\u6301 SSH \u5bc6\u94a5\u6ce8\u5165\u3002 \u5b89\u5168\u7ec4 \u5e94\u7528\u4e8e\u8ba1\u7b97\u5b9e\u4f8b\u7684\u4e00\u7ec4\u7f51\u7edc\u6d41\u91cf\u7b5b\u9009\u89c4\u5219\u3002 \u5206\u6bb5\u5bf9\u8c61 \u5df2\u5206\u89e3\u4e3a\u591a\u4e2a\u90e8\u5206\u7684\u5bf9\u8c61\u5b58\u50a8\u5927\u578b\u5bf9\u8c61\u3002\u91cd\u65b0\u7ec4\u5408\u7684\u5bf9\u8c61\u79f0\u4e3a\u4e32\u8054\u5bf9\u8c61\u3002 \u81ea\u52a9\u670d\u52a1 \u5bf9\u4e8e IaaS\uff0c\u5e38\u89c4\uff08\u975e\u7279\u6743\uff09\u5e10\u6237\u80fd\u591f\u5728\u4e0d\u6d89\u53ca\u7ba1\u7406\u5458\u7684\u60c5\u51b5\u4e0b\u7ba1\u7406\u865a\u62df\u57fa\u7840\u67b6\u6784\u7ec4\u4ef6\uff08\u5982\u7f51\u7edc\uff09\u3002 SELinux \u51fd\u6570 Linux \u5185\u6838\u5b89\u5168\u6a21\u5757\uff0c\u63d0\u4f9b\u7528\u4e8e\u652f\u6301\u8bbf\u95ee\u63a7\u5236\u7b56\u7565\u7684\u673a\u5236\u3002 senlin \u7fa4\u96c6\u670d\u52a1\u7684\u4ee3\u7801\u540d\u79f0\u3002 \u670d\u52a1\u5668 \u4e3a\u8be5\u7cfb\u7edf\u4e0a\u8fd0\u884c\u7684\u5ba2\u6237\u7aef\u8f6f\u4ef6\u63d0\u4f9b\u663e\u5f0f\u670d\u52a1\u7684\u8ba1\u7b97\u673a\uff0c\u901a\u5e38\u7ba1\u7406\u5404\u79cd\u8ba1\u7b97\u673a\u64cd\u4f5c\u3002\u670d\u52a1\u5668\u662f\u8ba1\u7b97\u7cfb\u7edf\u4e2d\u7684 VM \u5b9e\u4f8b\u3002\u98ce\u683c\u548c\u56fe\u50cf\u662f\u521b\u5efa\u670d\u52a1\u5668\u65f6\u7684\u5fc5\u8981\u5143\u7d20\u3002 \u670d\u52a1\u5668\u6620\u50cf VM \u6620\u50cf\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u670d\u52a1\u5668 UUID \u5206\u914d\u7ed9\u6bcf\u4e2a\u6765\u5bbe VM \u5b9e\u4f8b\u7684\u552f\u4e00 ID\u3002 \u670d\u52a1 OpenStack \u670d\u52a1\uff0c\u4f8b\u5982\u8ba1\u7b97\u3001\u5bf9\u8c61\u5b58\u50a8\u6216\u6620\u50cf\u670d\u52a1\u3002\u63d0\u4f9b\u4e00\u4e2a\u6216\u591a\u4e2a\u7aef\u70b9\uff0c\u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u8fd9\u4e9b\u7aef\u70b9\u8bbf\u95ee\u8d44\u6e90\u548c\u6267\u884c\u64cd\u4f5c\u3002 \u670d\u52a1\u76ee\u5f55 Identity \u670d\u52a1\u76ee\u5f55\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u670d\u52a1\u529f\u80fd\u94fe \uff08SFC\uff09 \u5bf9\u4e8e\u7ed9\u5b9a\u7684\u670d\u52a1\uff0cSFC \u662f\u6240\u9700\u670d\u52a1\u529f\u80fd\u53ca\u5176\u5e94\u7528\u987a\u5e8f\u7684\u62bd\u8c61\u89c6\u56fe\u3002 \u670d\u52a1 ID \u5206\u914d\u7ed9 Identity \u670d\u52a1\u76ee\u5f55\u4e2d\u53ef\u7528\u7684\u6bcf\u4e2a\u670d\u52a1\u7684\u552f\u4e00 ID\u3002 \u670d\u52a1\u6c34\u5e73\u534f\u8bae \uff08SLA\uff09 \u786e\u4fdd\u670d\u52a1\u53ef\u7528\u6027\u7684\u5408\u540c\u4e49\u52a1\u3002 \u670d\u52a1\u9879\u76ee \u5305\u542b\u76ee\u5f55\u4e2d\u5217\u51fa\u7684\u6240\u6709\u670d\u52a1\u7684\u7279\u6b8a\u9879\u76ee\u3002 \u670d\u52a1\u63d0\u4f9b\u8005 \u5411\u5176\u4ed6\u7cfb\u7edf\u5b9e\u4f53\u63d0\u4f9b\u670d\u52a1\u7684\u7cfb\u7edf\u3002\u5728\u8054\u5408\u8eab\u4efd\u7684\u60c5\u51b5\u4e0b\uff0cOpenStack \u8eab\u4efd\u662f\u670d\u52a1\u63d0\u4f9b\u8005\u3002 \u670d\u52a1\u6ce8\u518c \u4e00\u79cd\u8eab\u4efd\u670d\u52a1\u529f\u80fd\uff0c\u4f7f\u670d\u52a1\uff08\u5982\u8ba1\u7b97\uff09\u80fd\u591f\u81ea\u52a8\u6ce8\u518c\u5230\u76ee\u5f55\u3002 \u670d\u52a1\u4ee4\u724c \u7ba1\u7406\u5458\u5b9a\u4e49\u7684\u4ee4\u724c\uff0c\u7531\u8ba1\u7b97\u7528\u4e8e\u4e0e\u8eab\u4efd\u670d\u52a1\u8fdb\u884c\u5b89\u5168\u901a\u4fe1\u3002 \u4f1a\u8bdd\u540e\u7aef Horizon \u7528\u4e8e\u8ddf\u8e2a\u5ba2\u6237\u7aef\u4f1a\u8bdd\u7684\u5b58\u50a8\u65b9\u6cd5\uff0c\u4f8b\u5982\u672c\u5730\u5185\u5b58\u3001Cookie\u3001\u6570\u636e\u5e93\u6216 memcached\u3002 \u4f1a\u8bdd\u6301\u4e45\u5316 \u8d1f\u8f7d\u5e73\u8861\u670d\u52a1\u7684\u4e00\u9879\u529f\u80fd\u3002\u53ea\u8981\u67d0\u4e2a\u670d\u52a1\u5904\u4e8e\u8054\u673a\u72b6\u6001\uff0c\u5b83\u5c31\u4f1a\u5c1d\u8bd5\u5f3a\u5236\u5c06\u670d\u52a1\u7684\u540e\u7eed\u8fde\u63a5\u91cd\u5b9a\u5411\u5230\u540c\u4e00\u8282\u70b9\u3002 \u4f1a\u8bdd\u5b58\u50a8 \u7528\u4e8e\u5b58\u50a8\u548c\u8ddf\u8e2a\u5ba2\u6237\u7aef\u4f1a\u8bdd\u4fe1\u606f\u7684 Horizon \u7ec4\u4ef6\u3002\u901a\u8fc7 Django \u4f1a\u8bdd\u6846\u67b6\u5b9e\u73b0\u3002 \u5171\u4eab \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4e0a\u4e0b\u6587\u4e2d\u7684\u8fdc\u7a0b\u53ef\u6302\u8f7d\u6587\u4ef6\u7cfb\u7edf\u3002\u60a8\u53ef\u4ee5\u4e00\u6b21\u5c06\u5171\u4eab\u88c5\u8f7d\u5230\u591a\u4e2a\u4e3b\u673a\uff0c\u4e5f\u53ef\u4ee5\u7531\u591a\u4e2a\u7528\u6237\u4ece\u591a\u4e2a\u4e3b\u673a\u8bbf\u95ee\u5171\u4eab\u3002 \u5171\u4eab\u7f51\u7edc \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4e0a\u4e0b\u6587\u4e2d\u7684\u5b9e\u4f53\uff0c\u7528\u4e8e\u5c01\u88c5\u4e0e\u7f51\u7edc\u670d\u52a1\u7684\u4ea4\u4e92\u3002\u5982\u679c\u6240\u9009\u9a71\u52a8\u7a0b\u5e8f\u5728\u9700\u8981\u6b64\u7c7b\u4ea4\u4e92\u7684\u6a21\u5f0f\u4e0b\u8fd0\u884c\uff0c\u5219\u9700\u8981\u6307\u5b9a\u5171\u4eab\u7f51\u7edc\u4ee5\u521b\u5efa\u5171\u4eab\u3002 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf API \u63d0\u4f9b\u7a33\u5b9a RESTful API \u7684\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u3002\u8be5\u670d\u52a1\u5728\u6574\u4e2a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4e2d\u5bf9\u8bf7\u6c42\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u548c\u8def\u7531\u3002\u6709 python-manilaclient \u53ef\u4ee5\u4e0e API \u4ea4\u4e92\u3002 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\uff08manila\uff09 \u8be5\u670d\u52a1\u63d0\u4f9b\u4e00\u7ec4\u670d\u52a1\uff0c\u7528\u4e8e\u7ba1\u7406\u591a\u9879\u76ee\u4e91\u73af\u5883\u4e2d\u7684\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\uff0c\u7c7b\u4f3c\u4e8e OpenStack \u901a\u8fc7 OpenStack Block Storage \u670d\u52a1\u9879\u76ee\u63d0\u4f9b\u57fa\u4e8e\u5757\u7684\u5b58\u50a8\u7ba1\u7406\u3002\u4f7f\u7528\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\uff0c\u60a8\u53ef\u4ee5\u521b\u5efa\u8fdc\u7a0b\u6587\u4ef6\u7cfb\u7edf\u5e76\u5c06\u6587\u4ef6\u7cfb\u7edf\u6302\u8f7d\u5230\u60a8\u7684\u5b9e\u4f8b\u4e0a\u3002\u60a8\u8fd8\u53ef\u4ee5\u5728\u6587\u4ef6\u7cfb\u7edf\u4e2d\u8bfb\u53d6\u548c\u5199\u5165\u5b9e\u4f8b\u4e2d\u7684\u6570\u636e\u3002 \u5171\u4eab IP \u5730\u5740 \u53ef\u5206\u914d\u7ed9\u5171\u4eab IP \u7ec4\u4e2d\u7684 VM \u5b9e\u4f8b\u7684 IP \u5730\u5740\u3002\u516c\u5171 IP \u5730\u5740\u53ef\u4ee5\u5728\u591a\u4e2a\u670d\u52a1\u5668\u4e4b\u95f4\u5171\u4eab\uff0c\u4ee5\u4fbf\u5728\u5404\u79cd\u9ad8\u53ef\u7528\u6027\u65b9\u6848\u4e2d\u4f7f\u7528\u3002\u5f53 IP \u5730\u5740\u5171\u4eab\u5230\u53e6\u4e00\u53f0\u670d\u52a1\u5668\u65f6\uff0c\u5c06\u4fee\u6539\u4e91\u7f51\u7edc\u9650\u5236\uff0c\u4f7f\u6bcf\u4e2a\u670d\u52a1\u5668\u90fd\u80fd\u4fa6\u542c\u548c\u54cd\u5e94\u8be5 IP \u5730\u5740\u3002\u60a8\u53ef\u4ee5\u9009\u62e9\u6307\u5b9a\u4fee\u6539\u76ee\u6807\u670d\u52a1\u5668\u7f51\u7edc\u914d\u7f6e\u3002\u5171\u4eab IP \u5730\u5740\u53ef\u4ee5\u4e0e\u8bb8\u591a\u6807\u51c6\u68c0\u6d4b\u4fe1\u53f7\u5de5\u5177\uff08\u5982 keepalive\uff09\u4e00\u8d77\u4f7f\u7528\uff0c\u8fd9\u4e9b\u5de5\u5177\u53ef\u76d1\u89c6\u6545\u969c\u5e76\u7ba1\u7406 IP \u6545\u969c\u8f6c\u79fb\u3002 \u5171\u4eab IP \u7ec4 \u53ef\u4ee5\u4e0e\u7ec4\u7684\u5176\u4ed6\u6210\u5458\u5171\u4eab IP \u7684\u670d\u52a1\u5668\u96c6\u5408\u3002\u7ec4\u4e2d\u7684\u4efb\u4f55\u670d\u52a1\u5668\u90fd\u53ef\u4ee5\u4e0e\u7ec4\u4e2d\u7684\u4efb\u4f55\u5176\u4ed6\u670d\u52a1\u5668\u5171\u4eab\u4e00\u4e2a\u6216\u591a\u4e2a\u516c\u5171 IP\u3002\u9664\u4e86\u5171\u4eab IP \u7ec4\u4e2d\u7684\u7b2c\u4e00\u53f0\u670d\u52a1\u5668\u5916\uff0c\u670d\u52a1\u5668\u5fc5\u987b\u542f\u52a8\u5230\u5171\u4eab IP \u7ec4\u4e2d\u3002\u4e00\u53f0\u670d\u52a1\u5668\u53ea\u80fd\u662f\u4e00\u4e2a\u5171\u4eab IP \u7ec4\u7684\u6210\u5458\u3002 \u5171\u4eab\u5b58\u50a8 \u53ef\u7531\u591a\u4e2a\u5ba2\u6237\u7aef\u540c\u65f6\u8bbf\u95ee\u7684\u5757\u5b58\u50a8\uff0c\u4f8b\u5982 NFS\u3002 Sheepdog \u9762\u5411 QEMU \u7684\u5206\u5e03\u5f0f\u5757\u5b58\u50a8\u7cfb\u7edf\uff0c\u7531 OpenStack \u63d0\u4f9b\u652f\u6301\u3002 \u7b80\u5355\u4e91\u8eab\u4efd\u7ba1\u7406 \uff08SCIM\uff09 \u7528\u4e8e\u5728\u4e91\u4e2d\u7ba1\u7406\u8eab\u4efd\u7684\u89c4\u8303\uff0c\u76ee\u524d\u4e0d\u53d7 OpenStack \u652f\u6301\u3002 \u72ec\u7acb\u8ba1\u7b97\u73af\u5883\u7684\u7b80\u5355\u534f\u8bae \uff08SPICE\uff09 SPICE \u63d0\u4f9b\u5bf9\u5ba2\u6237\u673a\u865a\u62df\u673a\u7684\u8fdc\u7a0b\u684c\u9762\u8bbf\u95ee\u3002\u5b83\u662f VNC \u7684\u66ff\u4ee3\u54c1\u3002OpenStack\u652f\u6301SPICE\u3002 \u5355\u6839 I/O \u865a\u62df\u5316 \uff08SR-IOV\uff09 \u5f53\u7531\u7269\u7406 PCIe \u8bbe\u5907\u5b9e\u73b0\u65f6\uff0c\u8be5\u89c4\u8303\u4f7f\u5176\u80fd\u591f\u663e\u793a\u4e3a\u591a\u4e2a\u5355\u72ec\u7684 PCIe \u8bbe\u5907\u3002\u8fd9\u4f7f\u591a\u4e2a\u865a\u62df\u5316\u5ba2\u6237\u673a\u80fd\u591f\u5171\u4eab\u5bf9\u7269\u7406\u8bbe\u5907\u7684\u76f4\u63a5\u8bbf\u95ee\uff0c\u4ece\u800c\u63d0\u4f9b\u6bd4\u7b49\u6548\u865a\u62df\u8bbe\u5907\u66f4\u9ad8\u7684\u6027\u80fd\u3002\u76ee\u524d\u5728 OpenStack Havana \u53ca\u66f4\u9ad8\u7248\u672c\u4e2d\u53d7\u652f\u6301\u3002 SmokeStack \u9488\u5bf9\u6838\u5fc3 OpenStack API \u8fd0\u884c\u81ea\u52a8\u5316\u6d4b\u8bd5;\u7528 Rails \u7f16\u5199\u3002 \u5feb\u7167 OpenStack \u5b58\u50a8\u5377\u6216\u6620\u50cf\u7684\u65f6\u95f4\u70b9\u526f\u672c\u3002\u4f7f\u7528\u5b58\u50a8\u5377\u5feb\u7167\u5907\u4efd\u5377\u3002\u4f7f\u7528\u6620\u50cf\u5feb\u7167\u6765\u5907\u4efd\u6570\u636e\uff0c\u6216\u4f5c\u4e3a\u5176\u4ed6\u670d\u52a1\u5668\u7684\u201c\u9ec4\u91d1\u201d\u6620\u50cf\u3002 \u8f6f\u91cd\u542f \u901a\u8fc7\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6b63\u786e\u91cd\u542f VM \u5b9e\u4f8b\u7684\u53d7\u63a7\u91cd\u542f\u3002 \u8f6f\u4ef6\u5f00\u53d1\u5de5\u5177\u5305 \uff08SDK\uff09 \u5305\u542b\u4ee3\u7801\u3001\u793a\u4f8b\u548c\u6587\u6863\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528\u8fd9\u4e9b\u4ee3\u7801\u3001\u793a\u4f8b\u548c\u6587\u6863\u4ee5\u6240\u9009\u8bed\u8a00\u521b\u5efa\u5e94\u7528\u7a0b\u5e8f\u3002 \u8f6f\u4ef6\u5f00\u53d1\u751f\u547d\u5468\u671f\u81ea\u52a8\u5316\u670d\u52a1\uff08solum\uff09 OpenStack\u9879\u76ee\uff0c\u65e8\u5728\u901a\u8fc7\u81ea\u52a8\u5316\u4ece\u6e90\u5230\u6620\u50cf\u7684\u8fc7\u7a0b\uff0c\u5e76\u7b80\u5316\u4ee5\u5e94\u7528\u7a0b\u5e8f\u4e3a\u4e2d\u5fc3\u7684\u90e8\u7f72\uff0c\u4f7f\u4e91\u670d\u52a1\u66f4\u6613\u4e8e\u4f7f\u7528\u5e76\u4e0e\u5e94\u7528\u7a0b\u5e8f\u5f00\u53d1\u8fc7\u7a0b\u96c6\u6210\u3002 \u8f6f\u4ef6\u5b9a\u4e49\u7f51\u7edc \uff08SDN\uff09 \u4e3a\u7f51\u7edc\u7ba1\u7406\u5458\u63d0\u4f9b\u4e00\u79cd\u65b9\u6cd5\uff0c\u901a\u8fc7\u62bd\u8c61\u8f83\u4f4e\u7ea7\u522b\u7684\u529f\u80fd\u6765\u7ba1\u7406\u8ba1\u7b97\u673a\u7f51\u7edc\u670d\u52a1\u3002 SolidFire \u5377\u9a71\u52a8\u7a0b\u5e8f SolidFire iSCSI \u5b58\u50a8\u8bbe\u5907\u7684\u5757\u5b58\u50a8\u9a71\u52a8\u7a0b\u5e8f\u3002 solum \u8f6f\u4ef6\u5f00\u53d1\u751f\u547d\u5468\u671f\u81ea\u52a8\u5316\u670d\u52a1\u7684\u4ee3\u53f7\u3002 \u70b9\u5dee\u4f18\u5148\u8c03\u5ea6\u5668 \u8ba1\u7b97 VM \u8ba1\u5212\u7b97\u6cd5\uff0c\u5c1d\u8bd5\u4ee5\u6700\u5c0f\u7684\u8d1f\u8f7d\u5728\u4e3b\u673a\u4e0a\u542f\u52a8\u65b0 VM\u3002 SQLAlchemy \u7528\u4e8e Python \u7684\u5f00\u6e90 SQL \u5de5\u5177\u5305\uff0c\u7528\u4e8e OpenStack\u3002 SQLite \u4e00\u4e2a\u8f7b\u91cf\u7ea7\u7684 SQL \u6570\u636e\u5e93\uff0c\u5728\u8bb8\u591a OpenStack \u670d\u52a1\u4e2d\u7528\u4f5c\u9ed8\u8ba4\u7684\u6301\u4e45\u5316\u5b58\u50a8\u65b9\u6cd5\u3002 \u5806\u6808 \u7531\u7f16\u6392\u670d\u52a1\u6839\u636e\u7ed9\u5b9a\u6a21\u677f\uff08AWS CloudFormation \u6a21\u677f\u6216 Heat \u7f16\u6392\u6a21\u677f \uff08HOT\uff09\uff09\u521b\u5efa\u548c\u7ba1\u7406\u7684\u4e00\u7ec4 OpenStack \u8d44\u6e90\u3002 StackTach \u6355\u83b7\u8ba1\u7b97 AMQP \u901a\u4fe1\u7684\u793e\u533a\u9879\u76ee;\u5bf9\u8c03\u8bd5\u5f88\u6709\u7528\u3002 \u9759\u6001 IP \u5730\u5740 \u56fa\u5b9a IP \u5730\u5740\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u9759\u6001\u7f51\u9875 \u5bf9\u8c61\u5b58\u50a8\u7684 WSGI \u4e2d\u95f4\u4ef6\u7ec4\u4ef6\uff0c\u5c06\u5bb9\u5668\u6570\u636e\u4f5c\u4e3a\u9759\u6001\u7f51\u9875\u63d0\u4f9b\u3002 Stein OpenStack \u7b2c 19 \u7248\u7684\u4ee3\u53f7\u3002OpenStack\u5cf0\u4f1a\u5728\u5fb7\u56fd\u67cf\u6797\u4e3e\u884c\u3002\u8be5\u7248\u672c\u4ee5\u67cf\u6797\u7684 Steinstra\u00dfe \u8857\u547d\u540d\u3002 \u5b58\u50a8\u540e\u7aef \u670d\u52a1\u7528\u4e8e\u6301\u4e45\u6027\u5b58\u50a8\u7684\u65b9\u6cd5\uff0c\u4f8b\u5982 iSCSI\u3001NFS \u6216\u672c\u5730\u78c1\u76d8\u3002 \u5b58\u50a8\u7ba1\u7406\u5668 \u4e00\u4e2a XenAPI \u7ec4\u4ef6\uff0c\u5b83\u63d0\u4f9b\u53ef\u63d2\u5165\u63a5\u53e3\u4ee5\u652f\u6301\u5404\u79cd\u6301\u4e45\u6027\u5b58\u50a8\u540e\u7aef\u3002 \u5b58\u50a8\u7ba1\u7406\u5668\u540e\u7aef XenAPI \u652f\u6301\u7684\u6301\u4e45\u6027\u5b58\u50a8\u65b9\u6cd5\uff0c\u4f8b\u5982 iSCSI \u6216 NFS\u3002 \u5b58\u50a8\u8282\u70b9 \u63d0\u4f9b\u5bb9\u5668\u670d\u52a1\u3001\u8d26\u6237\u670d\u52a1\u548c\u5bf9\u8c61\u670d\u52a1\u7684\u5bf9\u8c61\u5b58\u50a8\u8282\u70b9;\u63a7\u5236\u5e10\u6237\u6570\u636e\u5e93\u3001\u5bb9\u5668\u6570\u636e\u5e93\u548c\u5bf9\u8c61\u5b58\u50a8\u3002 \u5b58\u50a8\u670d\u52a1 \u63d0\u4f9b\u5bb9\u5668\u670d\u52a1\u3001\u8d26\u6237\u670d\u52a1\u548c\u5bf9\u8c61\u670d\u52a1\u7684\u5bf9\u8c61\u5b58\u50a8\u8282\u70b9;\u63a7\u5236\u5e10\u6237\u6570\u636e\u5e93\u3001\u5bb9\u5668\u6570\u636e\u5e93\u548c\u5bf9\u8c61\u5b58\u50a8\u3002 \u5b58\u50a8\u670d\u52a1 \u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61\u670d\u52a1\u3001\u5bb9\u5668\u670d\u52a1\u548c\u5e10\u6237\u670d\u52a1\u7684\u96c6\u5408\u540d\u79f0\u3002 \u7b56\u7565 \u6307\u5b9a\u955c\u50cf\u670d\u52a1\u6216\u8eab\u4efd\u4f7f\u7528\u7684\u8ba4\u8bc1\u6e90\u3002\u5728\u6570\u636e\u5e93\u670d\u52a1\u4e2d\uff0c\u5b83\u662f\u6307\u4e3a\u6570\u636e\u5b58\u50a8\u5b9e\u73b0\u7684\u6269\u5c55\u3002 \u5b50\u57df \u7236\u57df\u4e2d\u7684\u57df\u3002\u65e0\u6cd5\u6ce8\u518c\u5b50\u57df\u3002\u5b50\u57df\u4f7f\u60a8\u80fd\u591f\u59d4\u6d3e\u57df\u3002\u5b50\u57df\u672c\u8eab\u53ef\u4ee5\u6709\u5b50\u57df\uff0c\u56e0\u6b64\u53ef\u4ee5\u8fdb\u884c\u4e09\u7ea7\u3001\u56db\u7ea7\u3001\u4e94\u7ea7\u548c\u66f4\u6df1\u7ea7\u522b\u7684\u5d4c\u5957\u3002 \u5b50\u7f51 IP \u7f51\u7edc\u7684\u903b\u8f91\u7ec6\u5206\u3002 SUSE Linux Enterprise Server \uff08SLES\uff09 \uff08\u82f1\u8bed\uff09 \u4e0e OpenStack \u517c\u5bb9\u7684 Linux \u53d1\u884c\u7248\u3002 \u6302\u8d77 \u865a\u62df\u673a\u5b9e\u4f8b\u5c06\u6682\u505c\uff0c\u5176\u72b6\u6001\u5c06\u4fdd\u5b58\u5230\u4e3b\u673a\u7684\u78c1\u76d8\u4e2d\u3002 \u4ea4\u6362 \u64cd\u4f5c\u7cfb\u7edf\u4f7f\u7528\u7684\u57fa\u4e8e\u78c1\u76d8\u7684\u865a\u62df\u5185\u5b58\uff0c\u7528\u4e8e\u63d0\u4f9b\u6bd4\u7cfb\u7edf\u4e0a\u5b9e\u9645\u53ef\u7528\u7684\u5185\u5b58\u66f4\u591a\u7684\u5185\u5b58\u3002 swift OpenStack \u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u7684\u4ee3\u53f7\u3002 swift \u591a\u5408\u4e00 \uff08SAIO\uff09 Swift \u4e2d\u95f4\u4ef6 \u63d0\u4f9b\u9644\u52a0\u529f\u80fd\u7684\u5bf9\u8c61\u5b58\u50a8\u7ec4\u4ef6\u7684\u7edf\u79f0\u3002 Swift \u4ee3\u7406\u670d\u52a1\u5668 \u5145\u5f53\u5bf9\u8c61\u5b58\u50a8\u7684\u7f51\u5b88\uff0c\u5e76\u8d1f\u8d23\u5bf9\u7528\u6237\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002 Swift \u5b58\u50a8\u8282\u70b9 \u8fd0\u884c\u5bf9\u8c61\u5b58\u50a8\u5e10\u6237\u3001\u5bb9\u5668\u548c\u5bf9\u8c61\u670d\u52a1\u7684\u8282\u70b9\u3002 \u540c\u6b65\u70b9 \u81ea\u4e0a\u6b21\u5bb9\u5668\u548c\u5e10\u6237\u6570\u636e\u5e93\u5728\u5bf9\u8c61\u5b58\u50a8\u4e2d\u7684\u8282\u70b9\u4e4b\u95f4\u540c\u6b65\u4ee5\u6765\u7684\u65f6\u95f4\u70b9\u3002 \u7cfb\u7edf\u7ba1\u7406\u5458 \u8ba1\u7b97 RBAC \u7cfb\u7edf\u4e2d\u7684\u9ed8\u8ba4\u89d2\u8272\u4e4b\u4e00\u3002\u4f7f\u7528\u6237\u80fd\u591f\u5c06\u5176\u4ed6\u7528\u6237\u6dfb\u52a0\u5230\u9879\u76ee\u4e2d\uff0c\u4e0e\u4e0e\u9879\u76ee\u5173\u8054\u7684 VM \u6620\u50cf\u8fdb\u884c\u4ea4\u4e92\uff0c\u4ee5\u53ca\u542f\u52a8\u548c\u505c\u6b62 VM \u5b9e\u4f8b\u3002 \u7cfb\u7edf\u4f7f\u7528\u60c5\u51b5 \u4e00\u4e2a\u8ba1\u7b97\u7ec4\u4ef6\uff0c\u5b83\u4e0e\u901a\u77e5\u7cfb\u7edf\u4e00\u8d77\u6536\u96c6\u8ba1\u91cf\u548c\u4f7f\u7528\u60c5\u51b5\u4fe1\u606f\u3002\u6b64\u4fe1\u606f\u53ef\u7528\u4e8e\u8ba1\u8d39\u3002 T \u00b6 Tacker NFV \u7f16\u6392\u670d\u52a1\u7684\u4ee3\u7801\u540d\u79f0 \u9065\u6d4b\u670d\u52a1\uff08telemetry\uff09 OpenStack\u9879\u76ee\u6536\u96c6\u5305\u542b\u5df2\u90e8\u7f72\u4e91\u7684\u7269\u7406\u548c\u865a\u62df\u8d44\u6e90\u5229\u7528\u7387\u7684\u6d4b\u91cf\u503c\uff0c\u4fdd\u7559\u6b64\u6570\u636e\u4ee5\u4f9b\u540e\u7eed\u68c0\u7d22\u548c\u5206\u6790\uff0c\u5e76\u5728\u6ee1\u8db3\u5b9a\u4e49\u7684\u6761\u4ef6\u65f6\u89e6\u53d1\u64cd\u4f5c\u3002 TempAuth \u51fd\u6570 Object Storage\u4e2d\u7684\u4e00\u79cd\u8eab\u4efd\u9a8c\u8bc1\u5de5\u5177\uff0c\u4f7fObject Storage\u672c\u8eab\u80fd\u591f\u6267\u884c\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743\u3002\u7ecf\u5e38\u7528\u4e8e\u6d4b\u8bd5\u548c\u5f00\u53d1\u3002 Tempest \u81ea\u52a8\u5316\u8f6f\u4ef6\u6d4b\u8bd5\u5957\u4ef6\uff0c\u65e8\u5728\u9488\u5bf9 OpenStack \u6838\u5fc3\u9879\u76ee\u7684\u4e3b\u5e72\u8fd0\u884c\u3002 TempURL \u4e00\u4e2a\u5bf9\u8c61\u5b58\u50a8\u4e2d\u95f4\u4ef6\u7ec4\u4ef6\uff0c\u7528\u4e8e\u521b\u5efa\u7528\u4e8e\u4e34\u65f6\u5bf9\u8c61\u8bbf\u95ee\u7684 URL\u3002 \u79df\u6237 \u4e00\u7ec4\u7528\u6237;\u7528\u4e8e\u9694\u79bb\u5bf9\u8ba1\u7b97\u8d44\u6e90\u7684\u8bbf\u95ee\u3002\u9879\u76ee\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u79df\u6237 API \u9879\u76ee\u53ef\u8bbf\u95ee\u7684 API\u3002 \u79df\u6237\u7aef\u70b9 \u4e0e\u4e00\u4e2a\u6216\u591a\u4e2a\u9879\u76ee\u5173\u8054\u7684\u8eab\u4efd\u670d\u52a1 API \u7aef\u70b9\u3002 \u79df\u6237 ID \u9879\u76ee ID \u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u4ee4\u724c \u7528\u4e8e\u8bbf\u95ee OpenStack API \u548c\u8d44\u6e90\u7684\u5b57\u6bcd\u6570\u5b57\u6587\u672c\u5b57\u7b26\u4e32\u3002 \u4ee4\u724c\u670d\u52a1 \u4e00\u4e2a\u8eab\u4efd\u670d\u52a1\u7ec4\u4ef6\uff0c\u7528\u4e8e\u5728\u7528\u6237\u6216\u9879\u76ee\u901a\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u540e\u7ba1\u7406\u548c\u9a8c\u8bc1\u4ee4\u724c\u3002 \u903b\u8f91\u5220\u9664 \u7528\u4e8e\u6807\u8bb0\u5df2\u5220\u9664\u7684\u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61;\u786e\u4fdd\u5bf9\u8c61\u5728\u5220\u9664\u540e\u4e0d\u4f1a\u5728\u53e6\u4e00\u4e2a\u8282\u70b9\u4e0a\u66f4\u65b0\u3002 \u4e3b\u9898\u53d1\u5e03\u8005 \u6267\u884c RPC \u8c03\u7528\u65f6\u521b\u5efa\u7684\u8fdb\u7a0b;\u7528\u4e8e\u5c06\u6d88\u606f\u63a8\u9001\u5230\u4e3b\u9898\u4ea4\u6362\u3002 Torpedo \u7528\u4e8e\u9488\u5bf9 OpenStack API \u8fd0\u884c\u81ea\u52a8\u5316\u6d4b\u8bd5\u7684\u793e\u533a\u9879\u76ee\u3002 Train OpenStack \u7b2c 20 \u7248\u7684\u4ee3\u53f7\u3002OpenStack \u57fa\u7840\u67b6\u6784\u5cf0\u4f1a\u5728\u7f8e\u56fd\u79d1\u7f57\u62c9\u591a\u5dde\u4e39\u4f5b\u5e02\u4e3e\u884c\u3002 \u4e39\u4f5b\u7684\u4e24\u6b21\u9879\u76ee\u56e2\u961f\u805a\u4f1a\u4f1a\u8bae\u5728\u4ece\u5e02\u4e2d\u5fc3\u5230\u673a\u573a\u7684\u706b\u8f66\u7ebf\u65c1\u8fb9\u7684\u4e00\u5bb6\u9152\u5e97\u4e3e\u884c\u3002\u90a3\u91cc\u7684\u4ea4\u53c9\u4fe1\u53f7\u706f\u8fc7\u53bb\u66fe\u51fa\u73b0\u8fc7\u67d0\u79cd\u6545\u969c\uff0c\u5bfc\u81f4\u5b83\u4eec\u5728\u706b\u8f66\u6b63\u5e38\u9a76\u6765\u65f6\u6ca1\u6709\u505c\u4e0b\u8f66\u53a2\u3002\u56e0\u6b64\uff0c\u706b\u8f66\u5728\u7ecf\u8fc7\u8be5\u5730\u533a\u65f6\u5fc5\u987b\u9e23\u5587\u53ed\u3002\u663e\u7136\uff0c\u4f4f\u5728\u9152\u5e97\u91cc\uff0c\u4e58\u5750\u706b\u8f6624/7\u5439\u5587\u53ed\uff0c\u4e0d\u592a\u7406\u60f3\u3002\u7ed3\u679c\uff0c\u51fa\u73b0\u4e86\u8bb8\u591a\u5173\u4e8e\u4e39\u4f5b\u548c\u706b\u8f66\u7684\u7b11\u8bdd\u2014\u2014\u56e0\u6b64\u8fd9\u4e2a\u7248\u672c\u88ab\u79f0\u4e3a\u706b\u8f66\u3002 \u4ea4\u6613 ID \u5206\u914d\u7ed9\u6bcf\u4e2a\u5bf9\u8c61\u5b58\u50a8\u8bf7\u6c42\u7684\u552f\u4e00 ID;\u7528\u4e8e\u8c03\u8bd5\u548c\u8ddf\u8e2a\u3002 \u77ac\u6001 \u975e\u8010\u7528\u54c1\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u77ac\u6001\u4ea4\u6362 \u975e\u6301\u4e45\u4ea4\u6362\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u77ac\u6001\u6d88\u606f \u5b58\u50a8\u5728\u5185\u5b58\u4e2d\u5e76\u5728\u670d\u52a1\u5668\u91cd\u65b0\u542f\u52a8\u540e\u4e22\u5931\u7684\u6d88\u606f\u3002 \u77ac\u6001\u961f\u5217 \u975e\u6301\u4e45\u961f\u5217\u7684\u66ff\u4ee3\u672f\u8bed\u3002 TripleO OpenStack-on-OpenStack \u7a0b\u5e8f\u3002OpenStack Deployment \u7a0b\u5e8f\u7684\u4ee3\u53f7\u3002 Trove OpenStack \u6570\u636e\u5e93\u670d\u52a1\u7684\u4ee3\u53f7\u3002 \u53ef\u4fe1\u5e73\u53f0\u6a21\u5757\uff08TPM\uff09 \u4e13\u7528\u5fae\u5904\u7406\u5668\uff0c\u7528\u4e8e\u5c06\u52a0\u5bc6\u5bc6\u94a5\u6574\u5408\u5230\u8bbe\u5907\u4e2d\uff0c\u4ee5\u9a8c\u8bc1\u548c\u4fdd\u62a4\u786c\u4ef6\u5e73\u53f0\u3002 U \u00b6 Ubuntu \u57fa\u4e8e Debian \u7684 Linux \u53d1\u884c\u7248\u3002 \u65e0\u4f5c\u7528\u57df\u4ee4\u724c Identity \u670d\u52a1\u9ed8\u8ba4\u4ee4\u724c\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u66f4\u65b0\u5668 \u4e00\u7ec4\u5bf9\u8c61\u5b58\u50a8\u7ec4\u4ef6\u7684\u7edf\u79f0\uff0c\u7528\u4e8e\u5904\u7406\u5bb9\u5668\u548c\u5bf9\u8c61\u7684\u6392\u961f\u548c\u5931\u8d25\u7684\u66f4\u65b0\u3002 \u7528\u6237 \u5728 OpenStack Identity \u4e2d\uff0c\u5b9e\u4f53\u4ee3\u8868\u5355\u4e2a API \u4f7f\u7528\u8005\uff0c\u5e76\u7531\u7279\u5b9a\u57df\u62e5\u6709\u3002\u5728 OpenStack \u8ba1\u7b97\u4e2d\uff0c\u7528\u6237\u53ef\u4ee5\u4e0e\u89d2\u8272\u548c/\u6216\u9879\u76ee\u76f8\u5173\u8054\u3002 \u7528\u6237\u6570\u636e \u7528\u6237\u5728\u542f\u52a8\u5b9e\u4f8b\u65f6\u53ef\u4ee5\u6307\u5b9a\u7684\u6570\u636e Blob\u3002\u5b9e\u4f8b\u53ef\u4ee5\u901a\u8fc7\u5143\u6570\u636e\u670d\u52a1\u6216\u914d\u7f6e\u9a71\u52a8\u5668\u8bbf\u95ee\u6b64\u6570\u636e\u3002\u901a\u5e38\u7528\u4e8e\u4f20\u9012\u5b9e\u4f8b\u5728\u542f\u52a8\u65f6\u8fd0\u884c\u7684 shell \u811a\u672c\u3002 \u7528\u6237\u6a21\u5f0f Linux \uff08UML\uff09 \u652f\u6301 OpenStack \u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002 Ussuri OpenStack \u7b2c 21 \u7248\u7684\u4ee3\u53f7\u3002OpenStack\u57fa\u7840\u8bbe\u65bd\u5cf0\u4f1a\u5728\u4e2d\u534e\u4eba\u6c11\u5171\u548c\u56fd\u4e0a\u6d77\u4e3e\u884c\u3002\u8be5\u7248\u672c\u4ee5\u4e4c\u82cf\u91cc\u6cb3\u547d\u540d\u3002 V \u00b6 Victoria OpenStack \u7b2c 22 \u7248\u7684\u4ee3\u53f7\u3002OpenDev + PTG \u8ba1\u5212\u5728\u52a0\u62ff\u5927\u4e0d\u5217\u98a0\u54e5\u4f26\u6bd4\u4e9a\u7701\u6e29\u54e5\u534e\u4e3e\u884c\u3002\u8be5\u7248\u672c\u4ee5\u4e0d\u5217\u98a0\u54e5\u4f26\u6bd4\u4e9a\u7701\u9996\u5e9c\u7ef4\u591a\u5229\u4e9a\u547d\u540d\u3002 \u7531\u4e8e COVID-19\uff0c\u73b0\u573a\u6d3b\u52a8\u88ab\u53d6\u6d88\u3002\u8be5\u4e8b\u4ef6\u6b63\u5728\u865a\u62df\u5316\u3002 VIF UUID \u5206\u914d\u7ed9\u6bcf\u4e2a\u7f51\u7edc VIF \u7684\u552f\u4e00 ID\u3002 \u865a\u62df\u4e2d\u592e\u5904\u7406\u5668 \uff08vCPU\uff09 \u7ec6\u5206\u7269\u7406 CPU\u3002\u7136\u540e\uff0c\u5b9e\u4f8b\u53ef\u4ee5\u4f7f\u7528\u8fd9\u4e9b\u5206\u533a\u3002 \u865a\u62df\u78c1\u76d8\u6620\u50cf \uff08VDI\uff09 \u6620\u50cf\u670d\u52a1\u652f\u6301\u7684\u865a\u62df\u673a\u6620\u50cf\u78c1\u76d8\u683c\u5f0f\u4e4b\u4e00\u3002 \u865a\u62df\u53ef\u6269\u5c55\u5c40\u57df\u7f51 \uff08VXLAN\uff09 \u4e00\u79cd\u7f51\u7edc\u865a\u62df\u5316\u6280\u672f\uff0c\u8bd5\u56fe\u51cf\u5c11\u4e0e\u5927\u578b\u4e91\u8ba1\u7b97\u90e8\u7f72\u76f8\u5173\u7684\u53ef\u4f38\u7f29\u6027\u95ee\u9898\u3002\u5b83\u4f7f\u7528\u7c7b\u4f3c VLAN \u7684\u5c01\u88c5\u6280\u672f\u5c06\u4ee5\u592a\u7f51\u5e27\u5c01\u88c5\u5728 UDP \u6570\u636e\u5305\u4e2d\u3002 \u865a\u62df\u786c\u76d8 \uff08VHD\uff09 \u955c\u50cf\u670d\u52a1\u652f\u6301\u7684\u865a\u62df\u673a\u955c\u50cf\u78c1\u76d8\u683c\u5f0f\u4e4b\u4e00\u3002 \u865a\u62df IP \u5730\u5740 \uff08VIP\uff09 \u5728\u8d1f\u8f7d\u5e73\u8861\u5668\u4e0a\u914d\u7f6e\u7684 Internet \u534f\u8bae \uff08IP\uff09 \u5730\u5740\uff0c\u4f9b\u8fde\u63a5\u5230\u8d1f\u8f7d\u5e73\u8861\u670d\u52a1\u7684\u5ba2\u6237\u7aef\u4f7f\u7528\u3002\u4f20\u5165\u8fde\u63a5\u5c06\u6839\u636e\u8d1f\u8f7d\u5747\u8861\u5668\u7684\u914d\u7f6e\u5206\u53d1\u5230\u540e\u7aef\u8282\u70b9\u3002 \u865a\u62df\u673a \uff08VM\uff09 \u5728\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u4e0a\u8fd0\u884c\u7684\u64cd\u4f5c\u7cfb\u7edf\u5b9e\u4f8b\u3002\u591a\u4e2a VM \u53ef\u4ee5\u5728\u540c\u4e00\u7269\u7406\u4e3b\u673a\u4e0a\u540c\u65f6\u8fd0\u884c\u3002 \u865a\u62df\u7f51\u7edc \u7f51\u7edc\u4e2d\u7684 L2 \u7f51\u6bb5\u3002 \u865a\u62df\u7f51\u7edc\u8ba1\u7b97 \uff08VNC\uff09 \u7528\u4e8e\u8fdc\u7a0b\u63a7\u5236\u53f0\u8bbf\u95ee VM \u7684\u5f00\u6e90 GUI \u548c CLI \u5de5\u5177\u3002 \u865a\u62df\u7f51\u7edc\u63a5\u53e3 \uff08VIF\uff09 \u63d2\u5165\u7f51\u7edc\u7f51\u7edc\u4e2d\u7684\u7aef\u53e3\u7684\u63a5\u53e3\u3002\u901a\u5e38\u5c5e\u4e8e VM \u7684\u865a\u62df\u7f51\u7edc\u63a5\u53e3\u3002 \u865a\u62df\u7f51\u7edc \u4f7f\u7528\u7269\u7406\u7f51\u7edc\u57fa\u7840\u67b6\u6784\u4e0a\u7684\u865a\u62df\u673a\u548c\u8986\u76d6\u7f51\u7edc\u7ec4\u5408\u5b9e\u73b0\u7f51\u7edc\u529f\u80fd\u865a\u62df\u5316\uff08\u5982\u4ea4\u6362\u3001\u8def\u7531\u3001\u8d1f\u8f7d\u5e73\u8861\u548c\u5b89\u5168\u6027\uff09\u7684\u901a\u7528\u672f\u8bed\u3002 \u865a\u62df\u7aef\u53e3 \u865a\u62df\u63a5\u53e3\u8fde\u63a5\u5230\u865a\u62df\u7f51\u7edc\u7684\u8fde\u63a5\u70b9\u3002 \u865a\u62df\u4e13\u7528\u7f51\u7edc \uff08VPN\uff09 \u7531 Compute \u4ee5 cloudpipes \u7684\u5f62\u5f0f\u63d0\u4f9b\uff0c\u8fd9\u4e9b\u4e13\u7528\u5b9e\u4f8b\u7528\u4e8e\u6309\u9879\u76ee\u521b\u5efa VPN\u3002 \u865a\u62df\u670d\u52a1\u5668 VM \u6216\u6765\u5bbe\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u865a\u62df\u4ea4\u6362\u673a \uff08vSwitch\uff09 \u5728\u4e3b\u673a\u6216\u8282\u70b9\u4e0a\u8fd0\u884c\u5e76\u63d0\u4f9b\u57fa\u4e8e\u786c\u4ef6\u7684\u7f51\u7edc\u4ea4\u6362\u673a\u7684\u7279\u6027\u548c\u529f\u80fd\u7684\u8f6f\u4ef6\u3002 \u865a\u62df VLAN \u865a\u62df\u7f51\u7edc\u7684\u66ff\u4ee3\u672f\u8bed\u3002 VirtualBox \u652f\u6301 OpenStack \u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002 Vitrage Root Cause Analysis\u670d\u52a1\u7684\u4ee3\u7801\u540d\u79f0\u3002 VLAN \u7ba1\u7406\u5668 \u4e00\u4e2a Compute \u7ec4\u4ef6\uff0c\u5b83\u63d0\u4f9b dnsmasq \u548c radvd\uff0c\u5e76\u8bbe\u7f6e\u4e0e cloudpipe \u5b9e\u4f8b\u4e4b\u95f4\u7684\u8f6c\u53d1\u3002 VLAN \u7f51\u7edc \u7f51\u7edc\u63a7\u5236\u5668\u63d0\u4f9b\u865a\u62df\u7f51\u7edc\uff0c\u4f7f\u8ba1\u7b97\u670d\u52a1\u5668\u80fd\u591f\u76f8\u4e92\u4ea4\u4e92\u4ee5\u53ca\u4e0e\u516c\u7528\u7f51\u7edc\u4ea4\u4e92\u3002\u6240\u6709\u8ba1\u7b97\u673a\u90fd\u5fc5\u987b\u5177\u6709\u516c\u5171\u548c\u4e13\u7528\u7f51\u7edc\u63a5\u53e3\u3002VLAN \u7f51\u7edc\u662f\u4e00\u4e2a\u4e13\u7528\u7f51\u7edc\u63a5\u53e3\uff0c\u7531 VLAN \u7ba1\u7406\u5668 vlan_interface \u9009\u9879\u63a7\u5236\u3002 \u865a\u62df\u673a\u78c1\u76d8\uff08VMDK\uff09 \u955c\u50cf\u670d\u52a1\u652f\u6301\u7684\u865a\u62df\u673a\u955c\u50cf\u78c1\u76d8\u683c\u5f0f\u4e4b\u4e00\u3002 \u865a\u62df\u673a\u6620\u50cf \u6620\u50cf\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u865a\u62df\u673a\u8fdc\u7a0b\u63a7\u5236 \uff08VMRC\uff09 \u4f7f\u7528 Web \u6d4f\u89c8\u5668\u8bbf\u95ee VM \u5b9e\u4f8b\u63a7\u5236\u53f0\u7684\u65b9\u6cd5\u3002\u7531\u8ba1\u7b97\u652f\u6301\u3002 VMware API \u63a5\u53e3 \u652f\u6301\u5728\u8ba1\u7b97\u4e2d\u4e0e VMware \u4ea7\u54c1\u8fdb\u884c\u4ea4\u4e92\u3002 VMware NSX Neutron \u63d2\u4ef6 \u5728 Neutron \u4e2d\u63d0\u4f9b\u5bf9 VMware NSX \u7684\u652f\u6301\u3002 VNC \u4ee3\u7406 \u4e00\u4e2a\u8ba1\u7b97\u7ec4\u4ef6\uff0c\u5141\u8bb8\u7528\u6237\u901a\u8fc7 VNC \u6216 VMRC \u8bbf\u95ee\u5176 VM \u5b9e\u4f8b\u7684\u63a7\u5236\u53f0\u3002 \u5377 \u57fa\u4e8e\u78c1\u76d8\u7684\u6570\u636e\u5b58\u50a8\u901a\u5e38\u8868\u793a\u4e3a\u5177\u6709\u652f\u6301\u6269\u5c55\u5c5e\u6027\u7684\u6587\u4ef6\u7cfb\u7edf\u7684 iSCSI \u76ee\u6807;\u53ef\u4ee5\u662f\u6301\u4e45\u7684\uff0c\u4e5f\u53ef\u4ee5\u662f\u77ed\u6682\u7684\u3002 \u5377 API \u5757\u5b58\u50a8 API \u7684\u66ff\u4ee3\u540d\u79f0\u3002 \u5377\u63a7\u5236\u5668 \u4e00\u4e2a\u5757\u5b58\u50a8\u7ec4\u4ef6\uff0c\u7528\u4e8e\u76d1\u7763\u548c\u534f\u8c03\u5b58\u50a8\u5377\u64cd\u4f5c\u3002 \u5377\u9a71\u52a8\u7a0b\u5e8f \u5377\u63d2\u4ef6\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u5377 ID \u5e94\u7528\u4e8e\u5757\u5b58\u50a8\u63a7\u5236\u4e0b\u6bcf\u4e2a\u5b58\u50a8\u5377\u7684\u552f\u4e00 ID\u3002 \u5377\u7ba1\u7406\u5668 \u7528\u4e8e\u521b\u5efa\u3001\u9644\u52a0\u548c\u5206\u79bb\u6301\u4e45\u6027\u5b58\u50a8\u5377\u7684\u5757\u5b58\u50a8\u7ec4\u4ef6\u3002 \u5377\u8282\u70b9 \u8fd0\u884c cinder-volume \u5b88\u62a4\u7a0b\u5e8f\u7684\u5757\u5b58\u50a8\u8282\u70b9\u3002 \u5377\u63d2\u4ef6 \u4e3a\u5757\u5b58\u50a8\u5377\u7ba1\u7406\u5668\u63d0\u4f9b\u5bf9\u65b0\u578b\u548c\u4e13\u7528\u540e\u7aef\u5b58\u50a8\u7c7b\u578b\u7684\u652f\u6301\u3002 \u5377\u5de5\u4f5c\u5668 \u4e00\u4e2a cinder \u7ec4\u4ef6\uff0c\u5b83\u4e0e\u540e\u7aef\u5b58\u50a8\u4ea4\u4e92\uff0c\u4ee5\u7ba1\u7406\u5377\u7684\u521b\u5efa\u548c\u5220\u9664\u4ee5\u53ca\u8ba1\u7b97\u5377\u7684\u521b\u5efa\uff0c\u7531 cinder-volume \u5b88\u62a4\u7a0b\u5e8f\u63d0\u4f9b\u3002 vSphere \u652f\u6301 OpenStack \u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002 W \u00b6 Wallaby OpenStack \u7b2c 23 \u7248\u7684\u4ee3\u53f7\u3002\u5c0f\u888b\u9f20\u539f\u4ea7\u4e8e\u6fb3\u5927\u5229\u4e9a\uff0c\u5728\u8fd9\u4e2a\u547d\u540d\u671f\u5f00\u59cb\u65f6\uff0c\u6fb3\u5927\u5229\u4e9a\u6b63\u5728\u7ecf\u5386\u524d\u6240\u672a\u6709\u7684\u91ce\u706b\u3002 Watcher \u57fa\u7840\u7ed3\u6784\u4f18\u5316\u670d\u52a1\u7684\u4ee3\u53f7\u3002 \u6743\u91cd \u5bf9\u8c61\u5b58\u50a8\u8bbe\u5907\u7528\u4e8e\u786e\u5b9a\u54ea\u4e9b\u5b58\u50a8\u8bbe\u5907\u9002\u5408\u4f5c\u4e1a\u3002\u8bbe\u5907\u6309\u5927\u5c0f\u52a0\u6743\u3002 \u52a0\u6743\u6210\u672c \u51b3\u5b9a\u5728\u8ba1\u7b97\u4e2d\u542f\u52a8\u65b0 VM \u5b9e\u4f8b\u7684\u4f4d\u7f6e\u65f6\u6240\u4f7f\u7528\u7684\u6bcf\u4e2a\u6210\u672c\u7684\u603b\u548c\u3002 \u52a0\u6743 \u4e00\u4e2a\u8ba1\u7b97\u8fc7\u7a0b\uff0c\u7528\u4e8e\u786e\u5b9a VM \u5b9e\u4f8b\u662f\u5426\u9002\u5408\u7279\u5b9a\u4e3b\u673a\u7684\u4f5c\u4e1a\u3002\u4f8b\u5982\uff0c\u4e3b\u673a\u4e0a\u7684 RAM \u4e0d\u8db3\u3001\u4e3b\u673a\u4e0a\u7684 CPU \u8fc7\u591a\u7b49\u3002 \u5de5\u4f5c\u8005 \u4fa6\u542c\u961f\u5217\u5e76\u6267\u884c\u4efb\u52a1\u4ee5\u54cd\u5e94\u6d88\u606f\u7684\u5b88\u62a4\u7a0b\u5e8f\u3002\u4f8b\u5982\uff0c cinder-volume worker \u7ba1\u7406\u5b58\u50a8\u9635\u5217\u4e0a\u7684\u5377\u521b\u5efa\u548c\u5220\u9664\u3002 \u5de5\u4f5c\u6d41\u670d\u52a1 \uff08mistral\uff09 OpenStack\u670d\u52a1\u63d0\u4f9b\u4e86\u4e00\u79cd\u57fa\u4e8eYAML\u7684\u7b80\u5355\u8bed\u8a00\u6765\u7f16\u5199\u5de5\u4f5c\u6d41\uff08\u4efb\u52a1\u548c\u8f6c\u6362\u89c4\u5219\uff09\uff0c\u4ee5\u53ca\u4e00\u79cd\u5141\u8bb8\u4e0a\u4f20\u3001\u4fee\u6539\u3001\u5927\u89c4\u6a21\u548c\u9ad8\u5ea6\u53ef\u7528\u7684\u65b9\u5f0f\u8fd0\u884c\u5b83\u4eec\u3001\u7ba1\u7406\u548c\u76d1\u63a7\u5de5\u4f5c\u6d41\u6267\u884c\u72b6\u6001\u548c\u5355\u4e2a\u4efb\u52a1\u72b6\u6001\u7684\u670d\u52a1\u3002 X \u00b6 X.509 X.509 \u662f\u5b9a\u4e49\u6570\u5b57\u8bc1\u4e66\u7684\u6700\u5e7f\u6cdb\u4f7f\u7528\u7684\u6807\u51c6\u3002\u5b83\u662f\u4e00\u79cd\u6570\u636e\u7ed3\u6784\uff0c\u5305\u542b\u4e3b\u9898\uff08\u5b9e\u4f53\uff09\u53ef\u8bc6\u522b\u4fe1\u606f\uff0c\u4f8b\u5982\u5176\u540d\u79f0\u53ca\u5176\u516c\u94a5\u3002\u8bc1\u4e66\u8fd8\u53ef\u4ee5\u5305\u542b\u4e00\u4e9b\u5176\u4ed6\u5c5e\u6027\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u7248\u672c\u3002X.509 \u7684\u6700\u65b0\u6807\u51c6\u7248\u672c\u662f v3\u3002 Xen Xen \u662f\u4e00\u4e2a\u4f7f\u7528\u5fae\u5185\u6838\u8bbe\u8ba1\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\uff0c\u5b83\u63d0\u4f9b\u7684\u670d\u52a1\u5141\u8bb8\u591a\u4e2a\u8ba1\u7b97\u673a\u64cd\u4f5c\u7cfb\u7edf\u5728\u540c\u4e00\u8ba1\u7b97\u673a\u786c\u4ef6\u4e0a\u540c\u65f6\u6267\u884c\u3002 Xen API Xen \u7ba1\u7406 API\uff0c\u53d7 Compute \u652f\u6301\u3002 Xen \u4e91\u5e73\u53f0 \uff08XCP\uff09 \u652f\u6301 OpenStack \u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002 Xen Storage Manager \u5377\u9a71\u52a8\u7a0b\u5e8f \u652f\u6301\u4e0e Xen Storage Manager API \u8fdb\u884c\u901a\u4fe1\u7684\u5757\u5b58\u50a8\u5377\u63d2\u4ef6\u3002 Xena OpenStack \u7b2c 24 \u7248\u7684\u4ee3\u53f7\u3002\u8be5\u7248\u672c\u4ee5\u865a\u6784\u7684\u6218\u58eb\u516c\u4e3b\u547d\u540d\u3002 XenServer An OpenStack-supported hypervisor. \u652f\u6301 OpenStack \u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002 XFS \u51fd\u6570 \u7531 Silicon Graphics \u521b\u5efa\u7684\u9ad8\u6027\u80fd 64 \u4f4d\u6587\u4ef6\u7cfb\u7edf\u3002\u5728\u5e76\u884c I/O \u64cd\u4f5c\u548c\u6570\u636e\u4e00\u81f4\u6027\u65b9\u9762\u8868\u73b0\u51fa\u8272\u3002 Y \u00b6 Yoga OpenStack \u7b2c 25 \u7248\u7684\u4ee3\u53f7\u3002\u8be5\u7248\u672c\u4ee5\u6765\u81ea\u5370\u5ea6\u7684\u4e00\u6240\u54f2\u5b66\u5b66\u6821\u547d\u540d\uff0c\u8be5\u5b66\u6821\u5177\u6709\u5fc3\u7406\u548c\u8eab\u4f53\u5b9e\u8df5\u3002 Z \u00b6 Yoga \u6d88\u606f\u670d\u52a1\u7684\u4ee3\u53f7\u3002 Zed OpenStack \u7b2c 26 \u7248\u7684\u4ee3\u53f7\u3002\u8be5\u7248\u672c\u4ee5\u5b57\u6bcd Z \u7684\u53d1\u97f3\u547d\u540d\u3002 ZeroMQ OpenStack \u652f\u6301\u7684\u6d88\u606f\u961f\u5217\u8f6f\u4ef6\u3002RabbitMQ \u7684\u66ff\u4ee3\u54c1\u3002\u4e5f\u62fc\u5199\u4e3a 0MQ\u3002 Zuul Zuul \u662f\u4e00\u4e2a\u5f00\u6e90 CI/CD \u5e73\u53f0\uff0c\u4e13\u95e8\u7528\u4e8e\u5728\u767b\u9646\u5355\u4e2a\u8865\u4e01\u4e4b\u524d\u8de8\u591a\u4e2a\u7cfb\u7edf\u548c\u5e94\u7528\u7a0b\u5e8f\u8fdb\u884c\u95e8\u63a7\u66f4\u6539\u3002 Zuul \u7528\u4e8e OpenStack \u5f00\u53d1\uff0c\u4ee5\u786e\u4fdd\u53ea\u6709\u7ecf\u8fc7\u6d4b\u8bd5\u7684\u4ee3\u7801\u624d\u4f1a\u88ab\u5408\u5e76\u3002","title":"\u5b89\u5168\u6307\u5357"},{"location":"security/security-guide/#openstack","text":"\u672c\u6587\u7ffb\u8bd1\u81ea \u4e0a\u6e38\u5b89\u5168\u6307\u5357 OpenStack\u5b89\u5168\u6307\u5357 \u6458\u8981 \u5185\u5bb9 \u7ea6\u5b9a \u6ce8\u610f\u4e8b\u9879 \u547d\u4ee4\u63d0\u793a\u7b26 \u4ecb\u7ecd \u81f4\u8c22 \u6211\u4eec\u4e3a\u4ec0\u4e48\u4ee5\u53ca\u5982\u4f55\u5199\u8fd9\u672c\u4e66 \u76ee\u6807 \u5199\u4f5c\u8bb0\u5f55 \u5982\u4f55\u4e3a\u672c\u4e66\u505a\u8d21\u732e OpenStack \u7b80\u4ecb \u4e91\u7c7b\u578b \u516c\u6709\u4e91 \u79c1\u6709\u4e91 \u793e\u533a\u4e91 \u6df7\u5408\u4e91 OpenStack \u670d\u52a1\u6982\u8ff0 \u8ba1\u7b97 \u5bf9\u8c61\u5b58\u50a8 \u5757\u5b58\u50a8 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf \u7f51\u7edc \u4eea\u8868\u677f \u8eab\u4efd\u9274\u522b\u670d\u52a1 \u955c\u50cf\u670d\u52a1 \u6570\u636e\u5904\u7406\u670d\u52a1 \u5176\u4ed6\u914d\u5957\u6280\u672f \u5b89\u5168\u8fb9\u754c\u548c\u5a01\u80c1 \u5b89\u5168\u57df \u516c\u5171 \u8bbf\u5ba2 \u7ba1\u7406 \u6570\u636e \u6865\u63a5\u5b89\u5168\u57df \u5a01\u80c1\u5206\u7c7b\u3001\u53c2\u4e0e\u8005\u548c\u653b\u51fb\u5411\u91cf \u5a01\u80c1\u53c2\u4e0e\u8005 \u60c5\u62a5\u673a\u6784 \u4e25\u91cd\u6709\u7ec4\u7ec7\u72af\u7f6a \u9ad8\u80fd\u529b\u7684\u56e2\u961f \u6709\u52a8\u673a\u7684\u4e2a\u4eba \u811a\u672c\u653b\u51fb\u8005 \u516c\u6709\u4e91\u548c\u79c1\u6709\u4e91\u6ce8\u610f\u4e8b\u9879 \u51fa\u7ad9\u653b\u51fb\u548c\u58f0\u8a89\u98ce\u9669 \u653b\u51fb\u7c7b\u578b \u9009\u62e9\u652f\u6301\u8f6f\u4ef6 \u56e2\u961f\u4e13\u4e1a\u77e5\u8bc6 \u4ea7\u54c1\u6216\u9879\u76ee\u6210\u719f\u5ea6 \u901a\u7528\u6807\u51c6 \u786c\u4ef6\u95ee\u9898 \u7cfb\u7edf\u6587\u6863 \u7cfb\u7edf\u6587\u6863\u8981\u6c42 \u7cfb\u7edf\u89d2\u8272\u548c\u7c7b\u578b \u57fa\u7840\u8bbe\u65bd\u8282\u70b9 \u8ba1\u7b97\u3001\u5b58\u50a8\u6216\u5176\u4ed6\u8d44\u6e90\u8282\u70b9 \u7cfb\u7edf\u6e05\u5355 \u786c\u4ef6\u6e05\u5355 \u8f6f\u4ef6\u6e05\u5355 \u7f51\u7edc\u62d3\u6251 \u670d\u52a1\u3001\u534f\u8bae\u548c\u7aef\u53e3 \u7ba1\u7406 \u6301\u7eed\u7684\u7cfb\u7edf\u7ba1\u7406 \u6f0f\u6d1e\u7ba1\u7406 \u5206\u7c7b \u6d4b\u8bd5\u66f4\u65b0 \u90e8\u7f72\u66f4\u65b0 \u914d\u7f6e\u7ba1\u7406 \u7b56\u7565\u66f4\u6539 \u5b89\u5168\u5907\u4efd\u548c\u6062\u590d \u5b89\u5168\u5ba1\u8ba1\u5de5\u5177 \u5b8c\u6574\u6027\u751f\u547d\u5468\u671f \u5b89\u5168\u5f15\u5bfc \u8282\u70b9\u914d\u7f6e \u9a8c\u8bc1\u542f\u52a8 \u8282\u70b9\u52a0\u56fa \u5f3a\u5236\u8bbf\u95ee\u63a7\u5236 \uff08MAC\uff09 \u5220\u9664\u8f6f\u4ef6\u5305\u5e76\u505c\u6b62\u670d\u52a1 \u53ea\u8bfb\u6587\u4ef6\u7cfb\u7edf \u7cfb\u7edf\u9a8c\u8bc1 \u8fd0\u884c\u65f6\u9a8c\u8bc1 \u5165\u4fb5\u68c0\u6d4b\u7cfb\u7edf \u670d\u52a1\u5668\u52a0\u56fa \u6587\u4ef6\u5b8c\u6574\u6027\u7ba1\u7406\uff08FIM\uff09 \u7ba1\u7406\u754c\u9762 \u4eea\u8868\u677f \u529f\u80fd \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u53c2\u8003\u4e66\u76ee OpenStack \u63a5\u53e3 \u529f\u80fd \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u5b89\u5168\u5916\u58f3 \uff08SSH\uff09 \u4e3b\u673a\u5bc6\u94a5\u6307\u7eb9 \u7ba1\u7406\u5b9e\u7528\u7a0b\u5e8f \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u53c2\u8003\u4e66\u76ee \u5e26\u5916\u7ba1\u7406\u63a5\u53e3 \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u53c2\u8003\u4e66\u76ee \u5b89\u5168\u901a\u4fe1 TLS \u548c SSL \u7b80\u4ecb \u8bc1\u4e66\u9881\u53d1\u673a\u6784 TLS \u5e93 \u52a0\u5bc6\u7b97\u6cd5\u3001\u5bc6\u7801\u6a21\u5f0f\u548c\u534f\u8bae \u603b\u7ed3 TLS \u4ee3\u7406\u548c HTTP \u670d\u52a1 \u793a\u4f8b Pound Stud Nginx Apache HTTP \u4e25\u683c\u4f20\u8f93\u5b89\u5168 \u5b8c\u5168\u524d\u5411\u4fdd\u5bc6 \u5b89\u5168\u53c2\u8003\u67b6\u6784 SSL/TLS \u4ee3\u7406\u5728\u524d\u9762 \u4e0e API \u7aef\u70b9\u4f4d\u4e8e\u540c\u4e00\u7269\u7406\u4e3b\u673a\u4e0a\u7684 SSL/TLS SSL/TLS\u8d1f\u8f7d\u5e73\u8861\u5668 \u5916\u90e8\u548c\u5185\u90e8\u73af\u5883\u7684\u52a0\u5bc6\u5206\u79bb API \u7aef\u70b9 API \u7aef\u70b9\u914d\u7f6e\u5efa\u8bae \u5185\u90e8 API \u901a\u4fe1 \u5728\u8eab\u4efd\u670d\u52a1\u76ee\u5f55\u4e2d\u914d\u7f6e\u5185\u90e8 URL \u4e3a\u5185\u90e8 URL \u914d\u7f6e\u5e94\u7528\u7a0b\u5e8f \u7c98\u8d34\u548c\u4e2d\u95f4\u4ef6 API \u7aef\u70b9\u8fdb\u7a0b\u9694\u79bb\u548c\u7b56\u7565 \u547d\u540d\u7a7a\u95f4 \u7f51\u7edc\u7b56\u7565 \u5f3a\u5236\u8bbf\u95ee\u63a7\u5236 API \u7aef\u70b9\u901f\u7387\u9650\u5236 \u8eab\u4efd\u9274\u522b \u8ba4\u8bc1 \u65e0\u6548\u7684\u767b\u5f55\u5c1d\u8bd5 \u591a\u56e0\u7d20\u8eab\u4efd\u9a8c\u8bc1 \u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5 \u5185\u90e8\u5b9e\u73b0\u7684\u8ba4\u8bc1\u65b9\u5f0f \u5916\u90e8\u8ba4\u8bc1\u65b9\u5f0f \u6388\u6743 \u5efa\u7acb\u6b63\u5f0f\u7684\u8bbf\u95ee\u63a7\u5236\u7b56\u7565 \u670d\u52a1\u6388\u6743 \u7ba1\u7406\u5458\u7528\u6237 \u7ec8\u7aef\u7528\u6237 \u653f\u7b56 \u4ee4\u724c Fernet \u4ee4\u724c JWT \u4ee4\u724c \u57df \u8054\u5408\u9274\u6743 \u4e3a\u4ec0\u4e48\u8981\u4f7f\u7528\u8054\u5408\u8eab\u4efd\uff1f \u68c0\u67e5\u8868 Check-Identity-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a keystone\uff1f Check-Identity-02\uff1a\u662f\u5426\u4e3a Identity \u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u6743\u9650\uff1f Check-Identity-03\uff1a\u662f\u5426\u4e3a Identity \u542f\u7528\u4e86 TLS\uff1f Check-Identity-04\uff1a\uff08\u5df2\u8fc7\u65f6\uff09 Check-Identity-05\uff1a\u662f\u5426 max_request_body_size \u8bbe\u7f6e\u4e3a\u9ed8\u8ba4\u503c \uff08114688\uff09\uff1f check-identity-06:\u7981\u7528/etc/keystone/keystone.conf\u4e2d\u7684\u7ba1\u7406\u4ee4\u724c check-identity-07:/etc/keystone/keystone.conf\u4e2d\u7684\u4e0d\u5b89\u5168_\u8c03\u8bd5\u4e3a\u5047 check-identity-08:\u4f7f\u7528/etc/keystone/keystone.conf\u4e2d\u7684Fernet\u4ee4\u724c \u4eea\u8868\u677f \u57df\u540d\u3001\u4eea\u8868\u677f\u5347\u7ea7\u548c\u57fa\u672c Web \u670d\u52a1\u5668\u914d\u7f6e \u57df\u540d \u57fa\u672c\u7684 Web \u670d\u52a1\u5668\u914d\u7f6e \u5141\u8bb8\u7684\u4e3b\u673a Horizon \u955c\u50cf\u4e0a\u4f20 HTTPS\u3001HSTS\u3001XSS \u548c SSRF \u8de8\u7ad9\u811a\u672c \uff08XSS\uff09 \u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020 \uff08CSRF\uff09 \u8de8\u5e27\u811a\u672c \uff08XFS\uff09 HTTPS \u51fd\u6570 HTTP \u4e25\u683c\u4f20\u8f93\u5b89\u5168 \uff08HSTS\uff09 \u524d\u7aef\u7f13\u5b58\u548c\u4f1a\u8bdd\u540e\u7aef \u524d\u7aef\u7f13\u5b58 \u4f1a\u8bdd\u540e\u7aef \u9759\u6001\u5a92\u4f53 \u5bc6\u7801 \u5bc6\u94a5 Cookies \u8de8\u57df\u8d44\u6e90\u5171\u4eab \uff08CORS\uff09 \u8c03\u8bd5 \u68c0\u67e5\u8868 Check-Dashboard-01\uff1a\u7528\u6237/\u914d\u7f6e\u6587\u4ef6\u7ec4\u662f\u5426\u8bbe\u7f6e\u4e3a root/horizon\uff1f Check-Dashboard-02\uff1a\u662f\u5426\u4e3a Horizon \u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u6743\u9650\uff1f Check-Dashboard-03\uff1a\u53c2\u6570\u662f\u5426 DISALLOW_IFRAME_EMBED \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-04\uff1a\u53c2\u6570\u662f\u5426 CSRF_COOKIE_SECURE \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-05\uff1a\u53c2\u6570\u662f\u5426 SESSION_COOKIE_SECURE \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-06\uff1a\u53c2\u6570\u662f\u5426 SESSION_COOKIE_HTTPONLY \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-07\uff1a PASSWORD_AUTOCOMPLETE \u8bbe\u7f6e\u4e3a False \uff1f Check-Dashboard-08\uff1a DISABLE_PASSWORD_REVEAL \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-09\uff1a ENFORCE_PASSWORD_CHECK \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-10\uff1a\u662f\u5426 PASSWORD_VALIDATOR \u5df2\u914d\u7f6e\uff1f Check-Dashboard-11\uff1a\u662f\u5426 SECURE_PROXY_SSL_HEADER \u5df2\u914d\u7f6e\uff1f \u8ba1\u7b97 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u9009\u62e9 OpenStack \u4e2d\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f \u9009\u62e9\u6807\u51c6 \u56e2\u961f\u4e13\u957f \u4ea7\u54c1\u6216\u9879\u76ee\u6210\u719f\u5ea6 \u8ba4\u8bc1\u548c\u8bc1\u660e \u901a\u7528\u6807\u51c6 \u5bc6\u7801\u5b66\u6807\u51c6 FIPS 140-2 \u786c\u4ef6\u95ee\u9898 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e0e\u88f8\u673a Hypervisor \u5185\u5b58\u4f18\u5316 KVM \u5185\u6838\u540c\u9875\u5408\u5e76 XEN \u900f\u660e\u9875\u9762\u5171\u4eab \u5185\u5b58\u4f18\u5316\u7684\u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u5176\u4ed6\u5b89\u5168\u529f\u80fd \u53c2\u8003\u4e66\u76ee \u52a0\u56fa\u865a\u62df\u5316\u5c42 \u7269\u7406\u786c\u4ef6\uff08PCI\u76f4\u901a\uff09 \u865a\u62df\u786c\u4ef6 \uff08QEMU\uff09 \u6700\u5c0f\u5316 QEMU \u4ee3\u7801\u5e93 \u7f16\u8bd1\u5668\u52a0\u56fa \u5b89\u5168\u52a0\u5bc6\u865a\u62df\u5316 \u5f3a\u5236\u8bbf\u95ee\u63a7\u5236 sVirt\uff1aSELinux \u548c\u865a\u62df\u5316 \u6807\u7b7e\u548c\u7c7b\u522b SELinux \u7528\u6237\u548c\u89d2\u8272 \u5e03\u5c14\u503c \u52a0\u56fa\u8ba1\u7b97\u90e8\u7f72 OpenStack \u6f0f\u6d1e\u7ba1\u7406\u56e2\u961f OpenStack \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 OpenStack-dev \u90ae\u4ef6\u5217\u8868 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u90ae\u4ef6\u5217\u8868 \u6f0f\u6d1e\u610f\u8bc6 OpenStack \u6f0f\u6d1e\u7ba1\u7406\u56e2\u961f OpenStack \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 OpenStack-discuss \u90ae\u4ef6\u5217\u8868 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u90ae\u4ef6\u5217\u8868 \u5982\u4f55\u9009\u62e9\u865a\u62df\u63a7\u5236\u53f0 \u865a\u62df\u7f51\u7edc\u8ba1\u7b97\u673a \uff08VNC\uff09 \u529f\u80fd \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u53c2\u8003\u4e66\u76ee \u72ec\u7acb\u8ba1\u7b97\u73af\u5883\u7684\u7b80\u5355\u534f\u8bae \uff08SPICE\uff09 \u529f\u80fd \u9650\u5236 \u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u53c2\u8003\u4e66\u76ee \u68c0\u67e5\u8868 Check-Compute-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/nova\uff1f Check-Compute-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Compute-03\uff1aKeystone \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Compute-04\uff1a\u662f\u5426\u4f7f\u7528\u5b89\u5168\u534f\u8bae\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Compute-05\uff1aNova \u4e0e Glance \u7684\u901a\u4fe1\u662f\u5426\u5b89\u5168\uff1f \u5757\u5b58\u50a8 \u5377\u64e6\u9664 \u68c0\u67e5\u8868 Check-Block-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/cinder\uff1f Check-Block-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Block-03\uff1aKeystone \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Block-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Block-05\uff1acinder \u662f\u5426\u901a\u8fc7 TLS \u4e0e nova \u901a\u4fe1\uff1f Check-Block-06\uff1acinder \u662f\u5426\u901a\u8fc7 TLS \u4e0e glance \u901a\u4fe1\uff1f Check-Block-07\uff1a NAS \u662f\u5426\u5728\u5b89\u5168\u7684\u73af\u5883\u4e2d\u8fd0\u884c\uff1f Check-Block-08\uff1a\u8bf7\u6c42\u6b63\u6587\u7684\u6700\u5927\u5927\u5c0f\u662f\u5426\u8bbe\u7f6e\u4e3a\u9ed8\u8ba4\u503c \uff08114688\uff09\uff1f Check-Block-09\uff1a\u662f\u5426\u542f\u7528\u4e86\u5377\u52a0\u5bc6\u529f\u80fd\uff1f \u56fe\u50cf\u5b58\u50a8 \u68c0\u67e5\u8868 Check-Image-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/glance\uff1f Check-Image-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Image-03\uff1aKeystone \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Image-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Image-05\uff1a\u662f\u5426\u963b\u6b62\u4e86\u5c4f\u853d\u7aef\u53e3\u626b\u63cf\uff1f \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf \u4ecb\u7ecd \u4e00\u822c\u5b89\u5168\u4fe1\u606f \u7f51\u7edc\u548c\u5b89\u5168\u6a21\u578b \u5171\u4eab\u540e\u7aef\u6a21\u5f0f \u6241\u5e73\u5316\u4e0e\u5206\u6bb5\u5316\u7f51\u7edc \u7f51\u7edc\u63d2\u4ef6 \u5b89\u5168\u670d\u52a1 \u5b89\u5168\u670d\u52a1\u4ecb\u7ecd \u5b89\u5168\u670d\u52a1\u7ba1\u7406 \u5171\u4eab\u8bbf\u95ee\u63a7\u5236 \u5171\u4eab\u7c7b\u578b\u8bbf\u95ee\u63a7\u5236 \u653f\u7b56 \u68c0\u67e5\u8868 Check-Shared-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/manila\uff1f Check-Shared-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Shared-03\uff1aOpenStack Identity \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Shared-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Shared-05\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u8ba1\u7b97\u8054\u7cfb\uff1f Check-Shared-06\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u7f51\u7edc\u8054\u7cfb\uff1f Check-Shared-07\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u5757\u5b58\u50a8\u8054\u7cfb\uff1f Check-Shared-08\uff1a\u8bf7\u6c42\u6b63\u6587\u7684\u6700\u5927\u5927\u5c0f\u662f\u5426\u8bbe\u7f6e\u4e3a\u9ed8\u8ba4\u503c \uff08114688\uff09\uff1f \u8054\u7f51 \u7f51\u7edc\u67b6\u6784 OpenStack Networking \u670d\u52a1\u5728\u7269\u7406\u670d\u52a1\u5668\u4e0a\u7684\u653e\u7f6e \u7269\u7406\u670d\u52a1\u5668\u7684\u7f51\u7edc\u8fde\u63a5 \u7f51\u7edc\u670d\u52a1 \u4f7f\u7528 VLAN \u548c\u96a7\u9053\u7684 L2 \u9694\u79bb VLANs L2 \u96a7\u9053 \u7f51\u7edc\u670d\u52a1 \u8bbf\u95ee\u63a7\u5236\u5217\u8868 L3 \u8def\u7531\u548c NAT \u670d\u52a1\u8d28\u91cf \uff08QoS\uff09 \u8d1f\u8f7d\u5747\u8861 \u9632\u706b\u5899 \u7f51\u7edc\u670d\u52a1\u6269\u5c55 \u7f51\u7edc\u670d\u52a1\u9650\u5236 \u7f51\u7edc\u670d\u52a1\u5b89\u5168\u6700\u4f73\u505a\u6cd5 OpenStack Networking \u670d\u52a1\u914d\u7f6e \u9650\u5236 API \u670d\u52a1\u5668\u7684\u7ed1\u5b9a\u5730\u5740\uff1aneutron-server \u9650\u5236 OpenStack Networking \u670d\u52a1\u7684 DB \u548c RPC \u901a\u4fe1 \u4fdd\u62a4 OpenStack \u7f51\u7edc\u670d\u52a1 \u9879\u76ee\u7f51\u7edc\u670d\u52a1\u5de5\u4f5c\u6d41 \u7f51\u7edc\u8d44\u6e90\u7b56\u7565\u5f15\u64ce \u5b89\u5168\u7ec4 \u914d\u989d \u7f13\u89e3 ARP \u6b3a\u9a97 \u68c0\u67e5\u8868 Check-Neutron-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/neutron\uff1f Check-Neutron-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Neutron-03\uff1aKeystone\u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Neutron-04\uff1a\u662f\u5426\u4f7f\u7528\u5b89\u5168\u534f\u8bae\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Neutron-05\uff1aNeutron API \u670d\u52a1\u5668\u4e0a\u662f\u5426\u542f\u7528\u4e86 TLS\uff1f \u5bf9\u8c61\u5b58\u50a8 \u7f51\u7edc\u5b89\u5168 \u4e00\u822c\u670d\u52a1\u5b89\u5168 \u4ee5\u975e root \u7528\u6237\u8eab\u4efd\u8fd0\u884c\u670d\u52a1 \u6587\u4ef6\u6743\u9650 \u4fdd\u62a4\u5b58\u50a8\u670d\u52a1 \u5bf9\u8c61\u5b58\u50a8\u5e10\u6237\u672f\u8bed \u4fdd\u62a4\u4ee3\u7406\u670d\u52a1 HTTP \u76d1\u542c\u7aef\u53e3 \u8d1f\u8f7d\u5747\u8861\u5668 \u5bf9\u8c61\u5b58\u50a8\u8eab\u4efd\u9a8c\u8bc1 TempAuth \u51fd\u6570 Keystone \u5176\u4ed6\u503c\u5f97\u6ce8\u610f\u7684\u4e8b\u9879 \u673a\u5bc6\u7ba1\u7406 \u73b0\u6709\u6280\u672f\u6458\u8981 \u76f8\u5173 Openstack \u9879\u76ee \u4f7f\u7528\u6848\u4f8b \u955c\u50cf\u7b7e\u540d\u9a8c\u8bc1 \u5377\u52a0\u5bc6 \u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6 Sahara Magnum Octavia/LBaaS Swift \u914d\u7f6e\u6587\u4ef6\u4e2d\u7684\u5bc6\u7801 Barbican \u6982\u8ff0 Barbican \u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236 \u673a\u5bc6\u5b58\u50a8\u540e\u7aef \u52a0\u5bc6\u63d2\u4ef6 \u7b80\u5355\u7684\u52a0\u5bc6\u63d2\u4ef6 PKCS#11 \u52a0\u5bc6\u63d2\u4ef6 \u673a\u5bc6\u5b58\u50a8\u63d2\u4ef6 KMIP \u63d2\u4ef6 Dogtag \u63d2\u4ef6 Vault \u63d2\u4ef6 \u5a01\u80c1\u5206\u6790 Castellan \u6982\u8ff0 \u5e38\u89c1\u95ee\u9898\u89e3\u7b54 \u68c0\u67e5\u8868 Check-Key-Manager-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/barbican\uff1f Check-Key-Manager-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Key-Manager-03\uff1aOpenStack Identity \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Key-Manager-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f \u6d88\u606f\u961f\u5217 \u6d88\u606f\u5b89\u5168 \u6d88\u606f\u4f20\u8f93\u5b89\u5168 RabbitMQ \u670d\u52a1\u5668 SSL \u914d\u7f6e Qpid \u670d\u52a1\u5668 SSL \u914d\u7f6e \u961f\u5217\u8ba4\u8bc1\u548c\u8bbf\u95ee\u63a7\u5236 \u8eab\u4efd\u9a8c\u8bc1\u914d\u7f6e\u793a\u4f8b\uff1aRabbitMQ OpenStack \u670d\u52a1\u914d\u7f6e\uff1aRabbitMQ \u8eab\u4efd\u9a8c\u8bc1\u914d\u7f6e\u793a\u4f8b\uff1aQpid OpenStack \u670d\u52a1\u914d\u7f6e\uff1aQpid \u6d88\u606f\u961f\u5217\u8fdb\u7a0b\u9694\u79bb\u548c\u7b56\u7565 \u547d\u540d\u7a7a\u95f4 \u7f51\u7edc\u7b56\u7565 \u5f3a\u5236\u8bbf\u95ee\u63a7\u5236 \u6570\u636e\u5904\u7406 \u6570\u636e\u5904\u7406\u7b80\u4ecb \u67b6\u6784 \u6d89\u53ca\u7684\u6280\u672f \u7528\u6237\u8bbf\u95ee\u8d44\u6e90 \u90e8\u7f72 \u63a7\u5236\u5668\u5bf9\u96c6\u7fa4\u7684\u7f51\u7edc\u8bbf\u95ee \u914d\u7f6e\u548c\u5f3a\u5316 TLS\u7cfb\u7edf \u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236\u7b56\u7565 \u5b89\u5168\u7ec4 \u4ee3\u7406\u57df \u81ea\u5b9a\u4e49\u7f51\u7edc\u62d3\u6251 \u95f4\u63a5\u8bbf\u95ee Rootwrap \u65e5\u5fd7 \u53c2\u8003\u4e66\u76ee \u6570\u636e\u5e93 \u6570\u636e\u5e93\u540e\u7aef\u6ce8\u610f\u4e8b\u9879 \u6570\u636e\u5e93\u540e\u7aef\u7684\u5b89\u5168\u53c2\u8003 \u6570\u636e\u5e93\u8bbf\u95ee\u63a7\u5236 OpenStack \u6570\u636e\u5e93\u8bbf\u95ee\u6a21\u578b \u7cbe\u7ec6\u8bbf\u95ee\u63a7\u5236 Nova-conductor \u6570\u636e\u5e93\u8ba4\u8bc1\u548c\u8bbf\u95ee\u63a7\u5236 \u6743\u9650 \u8981\u6c42\u7528\u6237\u5e10\u6237\u9700\u8981 SSL \u4f20\u8f93 \u914d\u7f6e\u793a\u4f8b #1\uff1a\uff08MySQL\uff09 \u914d\u7f6e\u793a\u4f8b #2\uff1a\uff08PostgreSQL\uff09 OpenStack \u670d\u52a1\u6570\u636e\u5e93\u914d\u7f6e MySQL :sql_connection \u7684\u5b57\u7b26\u4e32\u793a\u4f8b\uff1a \u4f7f\u7528 X.509 \u8bc1\u4e66\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1 \u914d\u7f6e\u793a\u4f8b #1\uff1a\uff08MySQL\uff09 \u914d\u7f6e\u793a\u4f8b #2\uff1a\uff08PostgreSQL\uff09 OpenStack \u670d\u52a1\u6570\u636e\u5e93\u914d\u7f6e Nova-conductor \u6570\u636e\u5e93\u4f20\u8f93\u5b89\u5168\u6027 \u6570\u636e\u5e93\u670d\u52a1\u5668 IP \u5730\u5740\u7ed1\u5b9a \u9650\u5236 MySQL \u7684\u7ed1\u5b9a\u5730\u5740 \u9650\u5236 PostgreSQL \u7684\u76d1\u542c\u5730\u5740 \u6570\u636e\u5e93\u4f20\u8f93 MySQL SSL\u914d\u7f6e PostgreSQL SSL \u914d\u7f6e \u79df\u6237\u6570\u636e\u9690\u79c1 \u6570\u636e\u9690\u79c1\u95ee\u9898 \u6570\u636e\u9a7b\u7559 \u6570\u636e\u5904\u7f6e \u6570\u636e\u672a\u5b89\u5168\u5220\u9664 \u5b9e\u4f8b\u5185\u5b58\u6e05\u7406 Cinder \u5377\u6570\u636e \u955c\u50cf\u670d\u52a1\u5ef6\u65f6\u5220\u9664\u529f\u80fd \u8ba1\u7b97\u8f6f\u5220\u9664\u529f\u80fd \u8ba1\u7b97\u5b9e\u4f8b\u4e34\u65f6\u5b58\u50a8 \u88f8\u673a\u670d\u52a1\u5668\u6e05\u7406 \u6570\u636e\u52a0\u5bc6 \u5377\u52a0\u5bc6 \u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6 \u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61 \u5757\u5b58\u50a8\u6027\u80fd\u548c\u540e\u7aef \u7f51\u7edc\u6570\u636e \u5bc6\u94a5\u7ba1\u7406 \u53c2\u8003\u4e66\u76ee\uff1a \u5b9e\u4f8b\u5b89\u5168\u7ba1\u7406 \u5b9e\u4f8b\u7684\u5b89\u5168\u670d\u52a1 \u5b9e\u4f8b\u7684\u71b5 \u5c06\u5b9e\u4f8b\u8c03\u5ea6\u5230\u8282\u70b9 \u53ef\u4fe1\u955c\u50cf \u955c\u50cf\u521b\u5efa\u8fc7\u7a0b \u6620\u50cf\u7b7e\u540d\u9a8c\u8bc1 \u5b9e\u4f8b\u8fc1\u79fb \u5b9e\u65f6\u8fc1\u79fb\u98ce\u9669 \u5b9e\u65f6\u8fc1\u79fb\u7f13\u89e3\u63aa\u65bd \u7981\u7528\u5b9e\u65f6\u8fc1\u79fb \u8fc1\u79fb\u7f51\u7edc \u52a0\u5bc6\u5b9e\u65f6\u8fc1\u79fb \u76d1\u63a7\u3001\u544a\u8b66\u548c\u62a5\u544a \u66f4\u65b0\u548c\u8865\u4e01 \u9632\u706b\u5899\u548c\u5176\u4ed6\u57fa\u4e8e\u4e3b\u673a\u7684\u5b89\u5168\u63a7\u5236 \u76d1\u89c6\u548c\u65e5\u5fd7\u8bb0\u5f55 \u53d6\u8bc1\u548c\u4e8b\u4ef6\u54cd\u5e94 \u76d1\u63a7\u7528\u4f8b \u53c2\u8003\u4e66\u76ee \u5408\u89c4 \u5408\u89c4\u6027\u6982\u8ff0 \u5b89\u5168\u539f\u5219 \u5206\u5c42\u9632\u5fa1 \u5b89\u5168\u5931\u8d25 \u6700\u5c0f\u6743\u9650 \u5206\u9694 \u4fc3\u8fdb\u9690\u79c1 \u65e5\u5fd7\u8bb0\u5f55\u80fd\u529b \u5e38\u7528\u63a7\u5236\u6846\u67b6 \u5ba1\u8ba1\u53c2\u8003 \u4e86\u89e3\u5ba1\u6838\u6d41\u7a0b \u786e\u5b9a\u5ba1\u8ba1\u8303\u56f4 \u5ba1\u8ba1\u7684\u9636\u6bb5 \u5185\u90e8\u5ba1\u8ba1 \u51c6\u5907\u5916\u90e8\u5ba1\u8ba1 \u5916\u90e8\u5ba1\u8ba1 \u5408\u89c4\u6027\u7ef4\u62a4 \u5408\u89c4\u6d3b\u52a8 \u4fe1\u606f\u5b89\u5168\u7ba1\u7406\u7cfb\u7edf \uff08ISMS\uff09 \u98ce\u9669\u8bc4\u4f30 \u8bbf\u95ee\u548c\u65e5\u5fd7\u5ba1\u67e5 \u5907\u4efd\u548c\u707e\u96be\u6062\u590d \u5b89\u5168\u57f9\u8bad \u5b89\u5168\u5ba1\u67e5 \u6f0f\u6d1e\u7ba1\u7406 \u6570\u636e\u5206\u7c7b \u5f02\u5e38\u8fc7\u7a0b \u8ba4\u8bc1\u548c\u5408\u89c4\u58f0\u660e \u5546\u4e1a\u6807\u51c6 SOC 1 \uff08SSAE 16\uff09 / ISAE 3402 SOC 2 \u51fd\u6570 SOC 3 \u51fd\u6570 ISO 27001/2 \u8ba4\u8bc1 HIPAA / HITECH PCI-DSS \u653f\u5e9c\u6807\u51c6 FedRAMP ITAR FISMA \u9690\u79c1 \u5b89\u5168\u5ba1\u67e5 \u67b6\u6784\u9875\u9762\u6307\u5357 \u6807\u9898\u3001\u7248\u672c\u4fe1\u606f\u3001\u8054\u7cfb\u65b9\u5f0f \u9879\u76ee\u63cf\u8ff0\u548c\u76ee\u7684 \u4e3b\u8981\u7528\u6237\u548c\u7528\u4f8b \u5916\u90e8\u4f9d\u8d56\u548c\u76f8\u5173\u7684\u5b89\u5168\u5047\u8bbe \u7ec4\u4ef6 \u670d\u52a1\u67b6\u6784\u56fe \u6570\u636e\u8d44\u4ea7 \u6570\u636e\u8d44\u4ea7\u5f71\u54cd\u5206\u6790 \u63a5\u53e3 \u8d44\u6e90 \u5b89\u5168\u68c0\u67e5\u8868 \u9644\u5f55 \u793e\u533a\u652f\u6301 \u6587\u6863 OpenStack wiki Launchpad bug \u533a\u57df \u6587\u6863\u53cd\u9988 OpenStack IRC \u9891\u9053 OpenStack \u90ae\u4ef6\u5217\u8868 OpenStack \u53d1\u884c\u5305 \u8bcd\u6c47\u8868 0-9 A B C D E F G H I J K M N O P Q R S T U V W X Y Z","title":"OpenStack\u5b89\u5168\u6307\u5357"},{"location":"security/security-guide/#_1","text":"\u672c\u4e66\u63d0\u4f9b\u4e86\u6709\u5173\u4fdd\u62a4OpenStack\u4e91\u7684\u6700\u4f73\u5b9e\u8df5\u548c\u6982\u5ff5\u4fe1\u606f\u3002 \u672c\u6307\u5357\u6700\u540e\u4e00\u6b21\u66f4\u65b0\u662f\u5728Train\u53d1\u5e03\u671f\u95f4\uff0c\u8bb0\u5f55\u4e86OpenStack Train\u3001Stein\u548cRocky\u7248\u672c\u3002\u5b83\u53ef\u80fd\u4e0d\u9002\u7528\u4e8eEOL\u7248\u672c\uff08\u4f8b\u5982Newton\uff09\u3002\u6211\u4eec\u5efa\u8bae\u60a8\u5728\u8ba1\u5212\u4e3a\u60a8\u7684OpenStack\u4e91\u5b9e\u65bd\u5b89\u5168\u63aa\u65bd\u65f6\uff0c\u81ea\u884c\u9605\u8bfb\u672c\u6587\u3002\u672c\u6307\u5357\u4ec5\u4f9b\u53c2\u8003\u3002OpenStack\u5b89\u5168\u56e2\u961f\u57fa\u4e8eOpenStack\u793e\u533a\u7684\u81ea\u613f\u8d21\u732e\u3002\u60a8\u53ef\u4ee5\u5728OFTC IRC\u4e0a\u7684#OpenStack-Security\u9891\u9053\u4e2d\u76f4\u63a5\u8054\u7cfb\u5b89\u5168\u793e\u533a\uff0c\u6216\u8005\u901a\u8fc7\u5411OpenStack-Discussion\u90ae\u4ef6\u5217\u8868\u53d1\u9001\u4e3b\u9898\u6807\u9898\u4e2d\u5e26\u6709[Security]\u524d\u7f00\u7684\u90ae\u4ef6\u6765\u8054\u7cfb\u3002","title":"\u6458\u8981"},{"location":"security/security-guide/#_2","text":"\u7ea6\u5b9a \u901a\u77e5 \u547d\u4ee4\u63d0\u793a\u7b26 \u4ecb\u7ecd \u786e\u5b9a \u6211\u4eec\u4e3a\u4ec0\u4e48\u4ee5\u53ca\u5982\u4f55\u5199\u8fd9\u672c\u4e66 OpenStack\u7b80\u4ecb \u5b89\u5168\u8fb9\u754c\u548c\u5a01\u80c1 \u9009\u62e9\u652f\u6301\u8f6f\u4ef6 \u7cfb\u7edf\u6587\u6863 \u7cfb\u7edf\u6587\u6863\u8981\u6c42 \u7ba1\u7406 \u6301\u7eed\u7684\u7cfb\u7edf\u7ba1\u7406 \u5b8c\u6574\u6027\u751f\u547d\u5468\u671f \u7ba1\u7406\u754c\u9762 \u5b89\u5168\u901a\u4fe1 TLS\u548cSSL\u7b80\u4ecb TLS\u4ee3\u7406\u548cHTTP\u670d\u52a1 \u5b89\u5168\u53c2\u8003\u67b6\u6784 \u7aef\u70b9 APL\u7aef\u70b9\u914d\u7f6e\u5efa\u8bae \u8eab\u4efd \u8ba4\u8bc1 \u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5 \u6388\u6743 \u653f\u7b56 \u4ee4\u724c \u57df \u8054\u5408\u68af\u5f62\u5931\u771f \u6e05\u5355 \u4eea\u8868\u677f \u57df\u540d\u3001\u4eea\u8868\u677f\u5347\u7ea7\u548c\u57fa\u672cWeb\u670d\u52a1\u5668\u914d\u7f6e HTTPS\u3001HSTS\u3001XSS\u548cSSRF \u524d\u7aef\u7f13\u5b58\u548c\u4f1a\u8bdd\u540e\u7aef \u9759\u6001\u5a92\u4f53 \u5bc6\u7801 \u5bc6\u94a5 \u7f51\u7ad9\u6570\u636e \u8de8\u57df\u8d44\u6e90\u5171\u4eab \uff08CORS\uff09 \u8c03\u8bd5 \u68c0\u67e5\u8868 \u8ba1\u7b97 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u9009\u62e9 \u5f3a\u5316\u865a\u62df\u5316\u5c42 \u5f3a\u5316\u8ba1\u7b97\u90e8\u7f72 \u6f0f\u6d1e\u610f\u8bc6 \u5982\u4f55\u9009\u62e9\u865a\u62df\u63a7\u5236\u53f0 \u68c0\u67e5\u8868 \u5757\u5b58\u50a8 \u97f3\u91cf\u64e6\u9664 \u68c0\u67e5\u8868 \u56fe\u50cf\u5b58\u50a8 \u68c0\u67e5\u8868 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf \u4ecb\u7ecd \u7f51\u7edc\u548c\u5b89\u5168\u6a21\u578b \u5b89\u5168\u670d\u52a1 \u5171\u4eab\u8bbf\u95ee\u63a7\u5236 \u5171\u4eab\u7c7b\u578b\u8bbf\u95ee\u63a7\u5236 \u653f\u7b56 \u68c0\u67e5\u8868 \u8054\u7f51 \u7f51\u7edc\u67b6\u6784 \u7f51\u7edc\u670d\u52a1 \u7f51\u7edc\u670d\u52a1\u5b89\u5168\u6700\u4f73\u505a\u6cd5 \u4fdd\u62a4 OpenStack \u7f51\u7edc\u670d\u52a1 \u68c0\u67e5\u8868 \u5bf9\u8c61\u5b58\u50a8 \u7f51\u7edc\u5b89\u5168 \u4e00\u822c\u4e8b\u52a1\u5b89\u5168 \u4fdd\u62a4\u5b58\u50a8\u670d\u52a1 \u4fdd\u62a4\u4ee3\u7406\u670d\u52a1 \u5bf9\u8c61\u5b58\u50a8\u8eab\u4efd\u9a8c\u8bc1 \u5176\u4ed6\u503c\u5f97\u6ce8\u610f\u7684\u9879\u76ee \u673a\u5bc6\u7ba1\u7406 \u73b0\u6709\u6280\u672f\u6458\u8981 \u76f8\u5173 Openstack \u9879\u76ee \u4f7f\u7528\u6848\u4f8b \u5bc6\u94a5\u7ba1\u7406\u670d\u52a1 \u5bc6\u94a5\u7ba1\u7406\u63a5\u53e3 \u5e38\u89c1\u95ee\u9898\u89e3\u7b54 \u68c0\u67e5\u8868 \u6d88\u606f\u961f\u5217 \u90ae\u4ef6\u5b89\u5168 \u6570\u636e\u5904\u7406 \u6570\u636e\u5904\u7406\u7b80\u4ecb \u90e8\u7f72 \u914d\u7f6e\u548c\u5f3a\u5316 \u6570\u636e\u5e93 \u6570\u636e\u5e93\u540e\u7aef\u6ce8\u610f\u4e8b\u9879 \u6570\u636e\u5e93\u8bbf\u95ee\u63a7\u5236 \u6570\u636e\u5e93\u4f20\u8f93\u5b89\u5168\u6027 \u79df\u6237\u6570\u636e\u9690\u79c1 \u6570\u636e\u9690\u79c1\u95ee\u9898 \u6570\u636e\u52a0\u5bc6 \u5bc6\u94a5\u7ba1\u7406 \u5b9e\u4f8b\u5b89\u5168\u7ba1\u7406 \u5b9e\u4f8b\u7684\u5b89\u5168\u670d\u52a1 \u76d1\u89c6\u548c\u65e5\u5fd7\u8bb0\u5f55 \u53d6\u8bc1\u548c\u4e8b\u4ef6\u54cd\u5e94 \u5408\u89c4 \u5408\u89c4\u6027\u6982\u8ff0 \u4e86\u89e3\u5ba1\u6838\u6d41\u7a0b \u5408\u89c4\u6d3b\u52a8 \u8ba4\u8bc1\u548c\u5408\u89c4\u58f0\u660e \u9690\u79c1 \u5b89\u5168\u5ba1\u67e5 \u4f53\u7cfb\u7ed3\u6784\u9875\u9762\u6307\u5357 \u5b89\u5168\u68c0\u67e5\u8868 \u9644\u5f55 \u793e\u533a\u652f\u6301 \u8bcd\u6c47\u8868","title":"\u5185\u5bb9"},{"location":"security/security-guide/#_3","text":"OpenStack \u6587\u6863\u4f7f\u7528\u4e86\u51e0\u79cd\u6392\u7248\u7ea6\u5b9a\u3002","title":"\u7ea6\u5b9a"},{"location":"security/security-guide/#_4","text":"\u6ce8\u610f \u5e26\u6709\u9644\u52a0\u4fe1\u606f\u7684\u6ce8\u91ca\uff0c\u7528\u4e8e\u89e3\u91ca\u6587\u672c\u7684\u67d0\u4e00\u90e8\u5206\u3002 \u91cd\u8981 \u5728\u7ee7\u7eed\u4e4b\u524d\uff0c\u60a8\u5fc5\u987b\u6ce8\u610f\u8fd9\u4e00\u70b9\u3002 \u63d0\u793a \u4e00\u4e2a\u989d\u5916\u4f46\u6709\u7528\u7684\u5b9e\u7528\u5efa\u8bae\u3002 \u8b66\u793a \u9632\u6b62\u7528\u6237\u72af\u9519\u8bef\u7684\u6709\u7528\u4fe1\u606f\u3002 \u8b66\u544a \u6709\u5173\u6570\u636e\u4e22\u5931\u98ce\u9669\u6216\u5b89\u5168\u95ee\u9898\u7684\u5173\u952e\u4fe1\u606f\u3002","title":"\u6ce8\u610f\u4e8b\u9879"},{"location":"security/security-guide/#_5","text":"$ command \u4efb\u4f55\u7528\u6237\uff08\u5305\u62ecroot\u7528\u6237\uff09\u90fd\u53ef\u4ee5\u8fd0\u884c\u4ee5$\u63d0\u793a\u7b26\u4e3a\u524d\u7f00\u7684\u547d\u4ee4\u3002 # command root\u7528\u6237\u5fc5\u987b\u8fd0\u884c\u524d\u7f00\u4e3a#\u63d0\u793a\u7b26\u7684\u547d\u4ee4\u3002\u60a8\u8fd8\u53ef\u4ee5\u5728\u8fd9\u4e9b\u547d\u4ee4\u524d\u9762\u52a0\u4e0asudo\u547d\u4ee4\uff08\u5982\u679c\u53ef\u7528\uff09\uff0c\u4ee5\u8fd0\u884c\u8fd9\u4e9b\u547d\u4ee4\u3002","title":"\u547d\u4ee4\u63d0\u793a\u7b26"},{"location":"security/security-guide/#_6","text":"\u300aOpenStack \u5b89\u5168\u6307\u5357\u300b\u662f\u8bb8\u591a\u4eba\u7ecf\u8fc7\u4e94\u5929\u534f\u4f5c\u7684\u6210\u679c\u3002\u672c\u6587\u6863\u65e8\u5728\u63d0\u4f9b\u90e8\u7f72\u5b89\u5168 OpenStack \u4e91\u7684\u6700\u4f73\u5b9e\u8df5\u6307\u5357\u3002\u5b83\u65e8\u5728\u53cd\u6620OpenStack\u793e\u533a\u7684\u5f53\u524d\u5b89\u5168\u72b6\u6001\uff0c\u5e76\u4e3a\u7531\u4e8e\u590d\u6742\u6027\u6216\u5176\u4ed6\u7279\u5b9a\u4e8e\u73af\u5883\u7684\u7ec6\u8282\u800c\u65e0\u6cd5\u5217\u51fa\u7279\u5b9a\u5b89\u5168\u63a7\u5236\u63aa\u65bd\u7684\u51b3\u7b56\u63d0\u4f9b\u6846\u67b6\u3002 \u81f4\u8c22 \u6211\u4eec\u4e3a\u4ec0\u4e48\u4ee5\u53ca\u5982\u4f55\u5199\u8fd9\u672c\u4e66 \u76ee\u6807 \u5982\u4f55 OpenStack \u7b80\u4ecb \u4e91\u7c7b\u578b OpenStack \u670d\u52a1\u6982\u8ff0 \u5b89\u5168\u8fb9\u754c\u548c\u5a01\u80c1 \u5b89\u5168\u57df \u6865\u63a5\u5b89\u5168\u57df \u5a01\u80c1\u5206\u7c7b\u3001\u53c2\u4e0e\u8005\u548c\u653b\u51fb\u5a92\u4ecb \u9009\u62e9\u652f\u6301\u8f6f\u4ef6 \u56e2\u961f\u4e13\u957f \u4ea7\u54c1\u6216\u9879\u76ee\u6210\u719f\u5ea6 \u901a\u7528\u6807\u51c6 \u786c\u4ef6\u95ee\u9898","title":"\u4ecb\u7ecd"},{"location":"security/security-guide/#_7","text":"OpenStack \u5b89\u5168\u7ec4\u8981\u611f\u8c22\u4ee5\u4e0b\u7ec4\u7ec7\u7684\u8d21\u732e\uff0c\u4ed6\u4eec\u4e3a\u672c\u4e66\u7684\u51fa\u7248\u505a\u51fa\u4e86\u8d21\u732e\u3002\u8fd9\u4e9b\u7ec4\u7ec7\u662f\uff1a","title":"\u81f4\u8c22"},{"location":"security/security-guide/#_8","text":"\u968f\u7740 OpenStack \u7684\u666e\u53ca\u548c\u4ea7\u54c1\u6210\u719f\uff0c\u5b89\u5168\u6027\u5df2\u6210\u4e3a\u91cd\u4e2d\u4e4b\u91cd\u3002OpenStack \u5b89\u5168\u7ec4\u5df2\u7ecf\u8ba4\u8bc6\u5230\u9700\u8981\u4e00\u4e2a\u5168\u9762\u800c\u6743\u5a01\u7684\u5b89\u5168\u6307\u5357\u3002\u300aOpenStack \u5b89\u5168\u6307\u5357\u300b\u65e8\u5728\u6982\u8ff0\u63d0\u9ad8 OpenStack \u90e8\u7f72\u5b89\u5168\u6027\u7684\u5b89\u5168\u6700\u4f73\u5b9e\u8df5\u3001\u6307\u5357\u548c\u5efa\u8bae\u3002\u4f5c\u8005\u5e26\u6765\u4e86\u4ed6\u4eec\u5728\u5404\u79cd\u73af\u5883\u4e2d\u90e8\u7f72\u548c\u4fdd\u62a4 OpenStack \u7684\u4e13\u4e1a\u77e5\u8bc6\u3002 \u672c\u6307\u5357\u662f\u5bf9\u300aOpenStack \u64cd\u4f5c\u6307\u5357\u300b\u7684\u8865\u5145\uff0c\u53ef\u7528\u4e8e\u5f3a\u5316\u73b0\u6709\u7684 OpenStack \u90e8\u7f72\u6216\u8bc4\u4f30 OpenStack \u4e91\u63d0\u4f9b\u5546\u7684\u5b89\u5168\u63a7\u5236\u3002","title":"\u6211\u4eec\u4e3a\u4ec0\u4e48\u4ee5\u53ca\u5982\u4f55\u5199\u8fd9\u672c\u4e66"},{"location":"security/security-guide/#_9","text":"\u8bc6\u522b OpenStack \u4e2d\u7684\u5b89\u5168\u57df \u63d0\u4f9b\u4fdd\u62a4 OpenStack \u90e8\u7f72\u7684\u6307\u5bfc \u5f3a\u8c03\u5f53\u4eca OpenStack \u4e2d\u7684\u5b89\u5168\u95ee\u9898\u548c\u6f5c\u5728\u7684\u7f13\u89e3\u63aa\u65bd \u8ba8\u8bba\u5373\u5c06\u63a8\u51fa\u7684\u5b89\u5168\u529f\u80fd \u4e3a\u77e5\u8bc6\u83b7\u53d6\u548c\u4f20\u64ad\u63d0\u4f9b\u793e\u533a\u9a71\u52a8\u7684\u8bbe\u65bd","title":"\u76ee\u6807"},{"location":"security/security-guide/#_10","text":"\u4e0e\u300aOpenStack \u64cd\u4f5c\u6307\u5357\u300b\u4e00\u6837\uff0c\u6211\u4eec\u9075\u5faa\u4e86\u672c\u4e66\u7684\u51b2\u523a\u65b9\u6cd5\u3002\u4e66\u7c4d\u51b2\u523a\u8fc7\u7a0b\u5141\u8bb8\u5feb\u901f\u5f00\u53d1\u548c\u5236\u4f5c\u5927\u91cf\u4e66\u9762\u4f5c\u54c1\u3002OpenStack \u5b89\u5168\u7ec4\u7684\u534f\u8c03\u5458\u91cd\u65b0\u9080\u8bf7\u4e86 Adam Hyde \u4f5c\u4e3a\u534f\u8c03\u4eba\u3002\u8be5\u9879\u76ee\u5728\u4fc4\u52d2\u5188\u5dde\u6ce2\u7279\u5170\u5e02\u7684OpenStack\u5cf0\u4f1a\u4e0a\u6b63\u5f0f\u5ba3\u5e03\u3002 \u7531\u4e8e\u8be5\u5c0f\u7ec4\u7684\u4e00\u4e9b\u5173\u952e\u6210\u5458\u79bb\u5f97\u5f88\u8fd1\uff0c\u8be5\u56e2\u961f\u805a\u96c6\u5728\u9a6c\u91cc\u5170\u5dde\u5b89\u7eb3\u6ce2\u5229\u65af\u3002\u8fd9\u662f\u516c\u5171\u90e8\u95e8\u60c5\u62a5\u754c\u6210\u5458\u3001\u7845\u8c37\u521d\u521b\u516c\u53f8\u548c\u4e00\u4e9b\u5927\u578b\u77e5\u540d\u79d1\u6280\u516c\u53f8\u4e4b\u95f4\u7684\u975e\u51e1\u5408\u4f5c\u3002\u8be5\u4e66\u7684\u51b2\u523a\u57282013\u5e746\u6708\u7684\u6700\u540e\u4e00\u5468\u8fdb\u884c\uff0c\u7b2c\u4e00\u7248\u5728\u4e94\u5929\u5185\u5b8c\u6210\u3002 \u8be5\u56e2\u961f\u5305\u62ec\uff1a Bryan D. Payne\uff0c\u661f\u4e91 Bryan D. Payne \u535a\u58eb\u662f Nebula \u7684\u5b89\u5168\u7814\u7a76\u603b\u76d1\uff0c\u4e5f\u662f OpenStack \u5b89\u5168\u7ec4\u7ec7 \uff08OSSG\uff09 \u7684\u8054\u5408\u521b\u59cb\u4eba\u3002\u5728\u52a0\u5165 Nebula \u4e4b\u524d\uff0c\u4ed6\u66fe\u5728\u6851\u8fea\u4e9a\u56fd\u5bb6\u5b9e\u9a8c\u5ba4\u3001\u56fd\u5bb6\u5b89\u5168\u5c40\u3001BAE Systems \u548c IBM \u7814\u7a76\u9662\u5de5\u4f5c\u3002\u4ed6\u6bd5\u4e1a\u4e8e\u4f50\u6cbb\u4e9a\u7406\u5de5\u5b66\u9662\u8ba1\u7b97\u673a\u5b66\u9662\uff0c\u83b7\u5f97\u8ba1\u7b97\u673a\u79d1\u5b66\u535a\u58eb\u5b66\u4f4d\uff0c\u4e13\u653b\u7cfb\u7edf\u5b89\u5168\u3002Bryan \u662f\u300aOpenStack \u5b89\u5168\u6307\u5357\u300b\u7684\u7f16\u8f91\u548c\u8d1f\u8d23\u4eba\uff0c\u8d1f\u8d23\u8be5\u6307\u5357\u5728\u7f16\u5199\u540e\u7684\u4e24\u5e74\u4e2d\u6301\u7eed\u589e\u957f\u3002 Robert Clark\uff0c\u60e0\u666e Robert Clark \u662f\u60e0\u666e\u4e91\u670d\u52a1\u7684\u9996\u5e2d\u5b89\u5168\u67b6\u6784\u5e08\uff0c\u4e5f\u662f OpenStack \u5b89\u5168\u7ec4\u7ec7 \uff08OSSG\uff09 \u7684\u8054\u5408\u521b\u59cb\u4eba\u3002\u5728\u88ab\u60e0\u666e\u62db\u52df\u4e4b\u524d\uff0c\u4ed6\u66fe\u5728\u82f1\u56fd\u60c5\u62a5\u754c\u5de5\u4f5c\u3002Robert \u5728\u5a01\u80c1\u5efa\u6a21\u3001\u5b89\u5168\u67b6\u6784\u548c\u865a\u62df\u5316\u6280\u672f\u65b9\u9762\u62e5\u6709\u6df1\u539a\u7684\u80cc\u666f\u3002Robert \u62e5\u6709\u5a01\u5c14\u58eb\u5927\u5b66\u7684\u8f6f\u4ef6\u5de5\u7a0b\u7855\u58eb\u5b66\u4f4d\u3002 Keith Basil \uff0c\u7ea2\u5e3d Keith Basil \u662f\u7ea2\u5e3d OpenStack \u7684\u9996\u5e2d\u4ea7\u54c1\u7ecf\u7406\uff0c\u4e13\u6ce8\u4e8e\u7ea2\u5e3d\u7684 OpenStack \u4ea7\u54c1\u7ba1\u7406\u3001\u5f00\u53d1\u548c\u6218\u7565\u3002\u5728\u7f8e\u56fd\u516c\u5171\u90e8\u95e8\uff0cBasil \u5e26\u6765\u4e86\u4e3a\u8054\u90a6\u6c11\u7528\u673a\u6784\u548c\u627f\u5305\u5546\u8bbe\u8ba1\u6388\u6743\u3001\u5b89\u5168\u3001\u9ad8\u6027\u80fd\u4e91\u67b6\u6784\u7684\u7ecf\u9a8c\u3002 Cody Bunch\uff0c\u62c9\u514b\u7a7a\u95f4 Cody Bunch \u662f Rackspace \u7684\u79c1\u6709\u4e91\u67b6\u6784\u5e08\u3002Cody \u4e0e\u4eba\u5408\u8457\u4e86\u300aThe OpenStack Cookbook\u300b\u7684\u66f4\u65b0\u4ee5\u53ca\u6709\u5173 VMware \u81ea\u52a8\u5316\u7684\u4e66\u7c4d\u3002 Malini Bhandaru\uff0c\u82f1\u7279\u5c14 Malini Bhandaru \u662f\u82f1\u7279\u5c14\u7684\u4e00\u540d\u5b89\u5168\u67b6\u6784\u5e08\u3002\u5979\u62e5\u6709\u591a\u5143\u5316\u7684\u80cc\u666f\uff0c\u66fe\u5728\u82f1\u7279\u5c14\u4ece\u4e8b\u5e73\u53f0\u529f\u80fd\u548c\u6027\u80fd\u65b9\u9762\u7684\u5de5\u4f5c\uff0c\u5728 Nuance \u4ece\u4e8b\u8bed\u97f3\u4ea7\u54c1\u65b9\u9762\u7684\u5de5\u4f5c\uff0c\u5728 ComBrio \u4ece\u4e8b\u8fdc\u7a0b\u76d1\u63a7\u548c\u7ba1\u7406\u5de5\u4f5c\uff0c\u5728 Verizon \u4ece\u4e8b\u7f51\u7edc\u5546\u52a1\u5de5\u4f5c\u3002\u5979\u62e5\u6709\u9a6c\u8428\u8bf8\u585e\u5927\u5b66\u963f\u9ed8\u65af\u7279\u5206\u6821\u7684\u4eba\u5de5\u667a\u80fd\u535a\u58eb\u5b66\u4f4d\u3002 Gregg Tally\uff0c\u7ea6\u7ff0\u970d\u666e\u91d1\u65af\u5927\u5b66\u5e94\u7528\u7269\u7406\u5b9e\u9a8c\u5ba4 Gregg Tally \u662f JHU/APL \u7f51\u7edc\u7cfb\u7edf\u90e8\u95e8\u975e\u5bf9\u79f0\u8fd0\u8425\u90e8\u7684\u603b\u5de5\u7a0b\u5e08\u3002\u4ed6\u4e3b\u8981\u4ece\u4e8b\u7cfb\u7edf\u5b89\u5168\u5de5\u7a0b\u65b9\u9762\u7684\u5de5\u4f5c\u3002\u6b64\u524d\uff0c\u4ed6\u66fe\u5728\u65af\u5df4\u8fbe\u3001\u8fc8\u514b\u83f2\u548c\u53ef\u4fe1\u4fe1\u606f\u7cfb\u7edf\u516c\u53f8\u5de5\u4f5c\uff0c\u53c2\u4e0e\u7f51\u7edc\u5b89\u5168\u7814\u7a76\u9879\u76ee\u3002 Eric Lopez, \u5a01\u777f Eric Lopez \u662f VMware \u7f51\u7edc\u548c\u5b89\u5168\u4e1a\u52a1\u90e8\u95e8\u7684\u9ad8\u7ea7\u89e3\u51b3\u65b9\u6848\u67b6\u6784\u5e08\uff0c\u4ed6\u5e2e\u52a9\u5ba2\u6237\u5b9e\u65bd OpenStack \u548c VMware NSX\uff08\u4ee5\u524d\u79f0\u4e3a Nicira \u7684\u7f51\u7edc\u865a\u62df\u5316\u5e73\u53f0\uff09\u3002\u5728\u52a0\u5165 VMware\uff08\u901a\u8fc7\u516c\u53f8\u6536\u8d2d Nicira\uff09\u4e4b\u524d\uff0c\u4ed6\u66fe\u5728 Q1 Labs\u3001Symantec\u3001Vontu \u548c Brightmail \u5de5\u4f5c\u3002\u4ed6\u62e5\u6709\u52a0\u5dde\u5927\u5b66\u4f2f\u514b\u5229\u5206\u6821\u7684\u7535\u6c14\u5de5\u7a0b/\u8ba1\u7b97\u673a\u79d1\u5b66\u548c\u6838\u5de5\u7a0b\u5b66\u58eb\u5b66\u4f4d\u548c\u65e7\u91d1\u5c71\u5927\u5b66\u7684\u5de5\u5546\u7ba1\u7406\u7855\u58eb\u5b66\u4f4d\u3002 Shawn Wells\uff0c\u7ea2\u5e3d Shawn Wells \u662f\u7ea2\u5e3d\u521b\u65b0\u9879\u76ee\u603b\u76d1\uff0c\u4e13\u6ce8\u4e8e\u6539\u8fdb\u7f8e\u56fd\u653f\u5e9c\u5185\u90e8\u91c7\u7528\u3001\u4fc3\u8fdb\u548c\u7ba1\u7406\u5f00\u6e90\u6280\u672f\u7684\u6d41\u7a0b\u3002\u6b64\u5916\uff0cShawn \u8fd8\u662f SCAP \u5b89\u5168\u6307\u5357\u9879\u76ee\u7684\u4e0a\u6e38\u7ef4\u62a4\u8005\uff0c\u8be5\u9879\u76ee\u4e0e\u7f8e\u56fd\u519b\u65b9\u3001NSA \u548c DISA \u4e00\u8d77\u5236\u5b9a\u865a\u62df\u5316\u548c\u64cd\u4f5c\u7cfb\u7edf\u5f3a\u5316\u7b56\u7565\u3002Shawn\u66fe\u662fNSA\u7684\u5e73\u6c11\uff0c\u5229\u7528\u5927\u578b\u5206\u5e03\u5f0f\u8ba1\u7b97\u57fa\u7840\u8bbe\u65bd\u5f00\u53d1\u4e86SIGINT\u6536\u96c6\u7cfb\u7edf\u3002 Ben de Bont\uff0c\u60e0\u666e Ben de Bont \u662f\u60e0\u666e\u4e91\u670d\u52a1\u7684\u9996\u5e2d\u6218\u7565\u5b98\u3002\u5728\u62c5\u4efb\u73b0\u804c\u4e4b\u524d\uff0cBen \u9886\u5bfc MySpace \u7684\u4fe1\u606f\u5b89\u5168\u5c0f\u7ec4\u548c MSN Security \u7684\u4e8b\u4ef6\u54cd\u5e94\u56e2\u961f\u3002Ben \u62e5\u6709\u6606\u58eb\u5170\u79d1\u6280\u5927\u5b66\u7684\u8ba1\u7b97\u673a\u79d1\u5b66\u7855\u58eb\u5b66\u4f4d\u3002 Nathanael Burton\uff0c\u56fd\u5bb6\u5b89\u5168\u5c40 \u7eb3\u5854\u5185\u5c14\u00b7\u4f2f\u987f\uff08Nathanael Burton\uff09\u662f\u7f8e\u56fd\u56fd\u5bb6\u5b89\u5168\u5c40\uff08National Security Agency\uff09\u7684\u8ba1\u7b97\u673a\u79d1\u5b66\u5bb6\u3002\u4ed6\u5728\u8be5\u673a\u6784\u5de5\u4f5c\u4e86 10 \u591a\u5e74\uff0c\u4ece\u4e8b\u5206\u5e03\u5f0f\u7cfb\u7edf\u3001\u5927\u89c4\u6a21\u6258\u7ba1\u3001\u5f00\u6e90\u8ba1\u5212\u3001\u64cd\u4f5c\u7cfb\u7edf\u3001\u5b89\u5168\u3001\u5b58\u50a8\u548c\u865a\u62df\u5316\u6280\u672f\u65b9\u9762\u7684\u5de5\u4f5c\u3002\u4ed6\u62e5\u6709\u5f17\u5409\u5c3c\u4e9a\u7406\u5de5\u5927\u5b66\u7684\u8ba1\u7b97\u673a\u79d1\u5b66\u5b66\u58eb\u5b66\u4f4d\u3002 Vibha Fauver Vibha Fauver\uff0cGWEB\uff0cCISSP\uff0cPMP\uff0c\u5728\u4fe1\u606f\u6280\u672f\u9886\u57df\u62e5\u6709\u8d85\u8fc715\u5e74\u7684\u7ecf\u9a8c\u3002\u5979\u7684\u4e13\u4e1a\u9886\u57df\u5305\u62ec\u8f6f\u4ef6\u5de5\u7a0b\u3001\u9879\u76ee\u7ba1\u7406\u548c\u4fe1\u606f\u5b89\u5168\u3002\u5979\u62e5\u6709\u8ba1\u7b97\u673a\u4e0e\u4fe1\u606f\u79d1\u5b66\u5b66\u58eb\u5b66\u4f4d\u548c\u5de5\u7a0b\u7ba1\u7406\u7855\u58eb\u5b66\u4f4d\uff0c\u4e13\u4e1a\u548c\u7cfb\u7edf\u5de5\u7a0b\u8bc1\u4e66\u3002 Eric Windisch\uff0c\u4e91\u7f29\u653e Eric Windisch \u662f Cloudscaling \u7684\u9996\u5e2d\u5de5\u7a0b\u5e08\uff0c\u4ed6\u4e3a OpenStack \u8d21\u732e\u4e86\u4e24\u5e74\u591a\u3002\u57c3\u91cc\u514b\uff08Eric\uff09\u5728\u7f51\u7edc\u6258\u7ba1\u884c\u4e1a\u62e5\u6709\u5341\u591a\u5e74\u7684\u7ecf\u9a8c\uff0c\u4e00\u76f4\u5728\u654c\u5bf9\u73af\u5883\u7684\u6218\u58d5\u4e2d\uff0c\u5efa\u7acb\u4e86\u79df\u6237\u9694\u79bb\u548c\u57fa\u7840\u8bbe\u65bd\u5b89\u5168\u6027\u3002\u81ea 2007 \u5e74\u4ee5\u6765\uff0c\u4ed6\u4e00\u76f4\u5728\u6784\u5efa\u4e91\u8ba1\u7b97\u57fa\u7840\u8bbe\u65bd\u548c\u81ea\u52a8\u5316\u3002 Andrew Hay\uff0c\u4e91\u9053 Andrew Hay \u662f CloudPassage\uff0c Inc. \u7684\u5e94\u7528\u5b89\u5168\u7814\u7a76\u603b\u76d1\uff0c\u8d1f\u8d23\u9886\u5bfc\u8be5\u516c\u53f8\u53ca\u5176\u4e13\u4e3a\u52a8\u6001\u516c\u6709\u4e91\u3001\u79c1\u6709\u4e91\u548c\u6df7\u5408\u4e91\u6258\u7ba1\u73af\u5883\u6784\u5efa\u7684\u670d\u52a1\u5668\u5b89\u5168\u4ea7\u54c1\u7684\u5b89\u5168\u7814\u7a76\u5de5\u4f5c\u3002 Adam Hyde \u4e9a\u5f53\u4fc3\u6210\u4e86\u8fd9\u4e2a Book Sprint\u3002\u4ed6\u8fd8\u521b\u7acb\u4e86 Book Sprint \u65b9\u6cd5\u8bba\uff0c\u5e76\u4e14\u662f\u6700\u6709\u7ecf\u9a8c\u7684 Book Sprint \u4fc3\u8fdb\u8005\u3002Adam \u521b\u7acb\u4e86 FLOSS Manuals\uff0c\u8fd9\u662f\u4e00\u4e2a\u7531 3,000 \u4eba\u7ec4\u6210\u7684\u793e\u533a\uff0c\u81f4\u529b\u4e8e\u5f00\u53d1\u5173\u4e8e\u81ea\u7531\u8f6f\u4ef6\u7684\u81ea\u7531\u624b\u518c\u3002\u4ed6\u8fd8\u662f Booktype \u7684\u521b\u59cb\u4eba\u548c\u9879\u76ee\u7ecf\u7406\uff0cBooktype \u662f\u4e00\u4e2a\u7528\u4e8e\u5728\u7ebf\u548c\u5370\u5237\u4e66\u7c4d\u7f16\u5199\u3001\u7f16\u8f91\u548c\u51fa\u7248\u7684\u5f00\u6e90\u9879\u76ee\u3002 \u5728\u51b2\u523a\u671f\u95f4\uff0c\u6211\u4eec\u8fd8\u5f97\u5230\u4e86 Anne Gentle\u3001Warren Wang\u3001Paul McMillan\u3001Brian Schott \u548c Lorin Hochstein \u7684\u5e2e\u52a9\u3002 \u8fd9\u672c\u4e66\u662f\u5728\u4e3a\u671f 5 \u5929\u7684\u56fe\u4e66\u51b2\u523a\u4e2d\u5236\u4f5c\u7684\u3002\u56fe\u4e66\u51b2\u523a\u662f\u4e00\u4e2a\u9ad8\u5ea6\u534f\u4f5c\u3001\u4fc3\u8fdb\u7684\u8fc7\u7a0b\uff0c\u5b83\u5c06\u4e00\u4e2a\u5c0f\u7ec4\u805a\u96c6\u5728\u4e00\u8d77\uff0c\u5728 3-5 \u5929\u5185\u5236\u4f5c\u4e00\u672c\u4e66\u3002\u8fd9\u662f\u4e00\u4e2a\u7531\u4e9a\u5f53\u00b7\u6d77\u5fb7\uff08Adam Hyde\uff09\u521b\u7acb\u548c\u53d1\u5c55\u7684\u7279\u5b9a\u65b9\u6cd5\u7684\u6709\u529b\u4fc3\u8fdb\u8fc7\u7a0b\u3002\u6709\u5173\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u8bbf\u95eeBookSprints\u7684Book Sprint\u7f51\u9875\u3002","title":"\u5199\u4f5c\u8bb0\u5f55"},{"location":"security/security-guide/#_11","text":"\u672c\u4e66\u7684\u6700\u521d\u5de5\u4f5c\u662f\u5728\u4e00\u95f4\u7a7a\u8c03\u8fc7\u9ad8\u7684\u623f\u95f4\u91cc\u8fdb\u884c\u7684\uff0c\u8be5\u623f\u95f4\u662f\u6574\u4e2a\u6587\u6863\u51b2\u523a\u671f\u95f4\u7684\u5c0f\u7ec4\u529e\u516c\u5ba4\u3002 \u8981\u4e86\u89e3\u6709\u5173\u5982\u4f55\u4e3a OpenStack \u6587\u6863\u505a\u51fa\u8d21\u732e\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 OpenStack \u6587\u6863\u8d21\u732e\u8005\u6307\u5357\u3002","title":"\u5982\u4f55\u4e3a\u672c\u4e66\u505a\u8d21\u732e"},{"location":"security/security-guide/#openstack_1","text":"\u672c\u6307\u5357\u63d0\u4f9b\u4e86\u5bf9 OpenStack \u90e8\u7f72\u7684\u5b89\u5168\u89c1\u89e3\u3002\u76ee\u6807\u53d7\u4f17\u662f\u4e91\u67b6\u6784\u5e08\u3001\u90e8\u7f72\u4eba\u5458\u548c\u7ba1\u7406\u5458\u3002\u6b64\u5916\uff0c\u4e91\u7528\u6237\u4f1a\u53d1\u73b0\u8be5\u6307\u5357\u5728\u63d0\u4f9b\u5546\u9009\u62e9\u65b9\u9762\u65e2\u6709\u6559\u80b2\u610f\u4e49\u53c8\u6709\u5e2e\u52a9\uff0c\u800c\u5ba1\u8ba1\u4eba\u5458\u4f1a\u53d1\u73b0\u5b83\u4f5c\u4e3a\u53c2\u8003\u6587\u6863\u5f88\u6709\u7528\uff0c\u53ef\u4ee5\u652f\u6301\u4ed6\u4eec\u7684\u5408\u89c4\u6027\u8ba4\u8bc1\u5de5\u4f5c\u3002\u672c\u6307\u5357\u4e5f\u63a8\u8350\u7ed9\u4efb\u4f55\u5bf9\u4e91\u5b89\u5168\u611f\u5174\u8da3\u7684\u4eba\u3002 \u6bcf\u4e2a OpenStack \u90e8\u7f72\u90fd\u5305\u542b\u5404\u79cd\u5404\u6837\u7684\u6280\u672f\uff0c\u5305\u62ec Linux \u53d1\u884c\u7248\u3001\u6570\u636e\u5e93\u7cfb\u7edf\u3001\u6d88\u606f\u961f\u5217\u3001OpenStack \u7ec4\u4ef6\u672c\u8eab\u3001\u8bbf\u95ee\u63a7\u5236\u7b56\u7565\u3001\u65e5\u5fd7\u8bb0\u5f55\u670d\u52a1\u3001\u5b89\u5168\u76d1\u63a7\u5de5\u5177\u7b49\u7b49\u3002\u6240\u6d89\u53ca\u7684\u5b89\u5168\u95ee\u9898\u540c\u6837\u591a\u79cd\u591a\u6837\u4e5f\u5c31\u4e0d\u8db3\u4e3a\u5947\u4e86\uff0c\u5bf9\u8fd9\u4e9b\u95ee\u9898\u7684\u6df1\u5165\u5206\u6790\u9700\u8981\u4e00\u4e9b\u6307\u5357\u3002\u6211\u4eec\u52aa\u529b\u5bfb\u627e\u5e73\u8861\u70b9\uff0c\u63d0\u4f9b\u8db3\u591f\u7684\u80cc\u666f\u4fe1\u606f\u6765\u7406\u89e3OpenStack\u5b89\u5168\u95ee\u9898\u53ca\u5176\u5904\u7406\uff0c\u5e76\u4e3a\u8fdb\u4e00\u6b65\u7684\u4fe1\u606f\u63d0\u4f9b\u5916\u90e8\u53c2\u8003\u3002\u8be5\u6307\u5357\u53ef\u4ee5\u4ece\u5934\u5230\u5c3e\u9605\u8bfb\uff0c\u4e5f\u53ef\u4ee5\u50cf\u53c2\u8003\u4e00\u6837\u4f7f\u7528\u3002 \u6211\u4eec\u7b80\u8981\u4ecb\u7ecd\u4e86\u4e91\u7684\u79cd\u7c7b\uff08\u79c1\u6709\u4e91\u3001\u516c\u6709\u4e91\u548c\u6df7\u5408\u4e91\uff09\uff0c\u7136\u540e\u5728\u672c\u7ae0\u7684\u5176\u4f59\u90e8\u5206\u6982\u8ff0\u4e86 OpenStack \u7ec4\u4ef6\u53ca\u5176\u76f8\u5173\u7684\u5b89\u5168\u95ee\u9898\u3002 \u5728\u6574\u672c\u4e66\u4e2d\uff0c\u6211\u4eec\u63d0\u5230\u4e86\u51e0\u79cd\u7c7b\u578b\u7684OpenStack\u4e91\u7528\u6237\uff1a\u7ba1\u7406\u5458\u3001\u64cd\u4f5c\u5458\u548c\u7528\u6237\u3002\u6211\u4eec\u4f7f\u7528\u8fd9\u4e9b\u672f\u8bed\u6765\u6807\u8bc6\u6bcf\u4e2a\u89d2\u8272\u5177\u6709\u7684\u5b89\u5168\u8bbf\u95ee\u7ea7\u522b\uff0c\u5c3d\u7ba1\u5b9e\u9645\u4e0a\uff0c\u6211\u4eec\u77e5\u9053\u4e0d\u540c\u7684\u89d2\u8272\u901a\u5e38\u7531\u540c\u4e00\u4e2a\u4eba\u62c5\u4efb\u3002","title":"OpenStack \u7b80\u4ecb"},{"location":"security/security-guide/#_12","text":"OpenStack\u662f\u91c7\u7528\u4e91\u6280\u672f\u7684\u5173\u952e\u63a8\u52a8\u56e0\u7d20\uff0c\u5e76\u5177\u6709\u51e0\u4e2a\u5e38\u89c1\u7684\u90e8\u7f72\u7528\u4f8b\u3002\u8fd9\u4e9b\u6a21\u578b\u901a\u5e38\u79f0\u4e3a\u516c\u5171\u6a21\u578b\u3001\u4e13\u7528\u6a21\u578b\u548c\u6df7\u5408\u6a21\u578b\u3002\u4ee5\u4e0b\u5404\u8282\u4f7f\u7528\u7f8e\u56fd\u56fd\u5bb6\u6807\u51c6\u4e0e\u6280\u672f\u7814\u7a76\u9662 \uff08NIST\uff09 \u5bf9\u4e91\u7684\u5b9a\u4e49\u6765\u4ecb\u7ecd\u8fd9\u4e9b\u9002\u7528\u4e8e OpenStack \u7684\u4e0d\u540c\u7c7b\u578b\u7684\u4e91\u3002","title":"\u4e91\u7c7b\u578b"},{"location":"security/security-guide/#_13","text":"\u6839\u636eNIST\u7684\u8bf4\u6cd5\uff0c\u516c\u5171\u4e91\u662f\u57fa\u7840\u8bbe\u65bd\u5411\u516c\u4f17\u5f00\u653e\u4f9b\u6d88\u8d39\u7684\u4e91\u3002OpenStack\u516c\u6709\u4e91\u901a\u5e38\u7531\u670d\u52a1\u63d0\u4f9b\u5546\u8fd0\u884c\uff0c\u53ef\u4f9b\u4e2a\u4eba\u3001\u516c\u53f8\u6216\u4efb\u4f55\u4ed8\u8d39\u5ba2\u6237\u4f7f\u7528\u3002\u9664\u4e86\u591a\u79cd\u5b9e\u4f8b\u7c7b\u578b\u5916\uff0c\u516c\u6709\u4e91\u63d0\u4f9b\u5546\u8fd8\u53ef\u80fd\u516c\u5f00\u4e00\u6574\u5957\u529f\u80fd\uff0c\u4f8b\u5982\u8f6f\u4ef6\u5b9a\u4e49\u7f51\u7edc\u6216\u5757\u5b58\u50a8\u3002 \u5c31\u5176\u6027\u8d28\u800c\u8a00\uff0c\u516c\u6709\u4e91\u9762\u4e34\u66f4\u9ad8\u7684\u98ce\u9669\u3002\u4f5c\u4e3a\u516c\u6709\u4e91\u7684\u4f7f\u7528\u8005\uff0c\u60a8\u5e94\u8be5\u9a8c\u8bc1\u6240\u9009\u63d0\u4f9b\u5546\u662f\u5426\u5177\u6709\u5fc5\u8981\u7684\u8ba4\u8bc1\u3001\u8bc1\u660e\u548c\u5176\u4ed6\u6cd5\u89c4\u6ce8\u610f\u4e8b\u9879\u3002\u4f5c\u4e3a\u516c\u6709\u4e91\u63d0\u4f9b\u5546\uff0c\u6839\u636e\u60a8\u7684\u76ee\u6807\u5ba2\u6237\uff0c\u60a8\u53ef\u80fd\u9700\u8981\u9075\u5b88\u4e00\u9879\u6216\u591a\u9879\u6cd5\u89c4\u3002\u6b64\u5916\uff0c\u5373\u4f7f\u4e0d\u9700\u8981\u6ee1\u8db3\u6cd5\u89c4\u8981\u6c42\uff0c\u63d0\u4f9b\u5546\u4e5f\u5e94\u786e\u4fdd\u79df\u6237\u9694\u79bb\uff0c\u5e76\u4fdd\u62a4\u7ba1\u7406\u57fa\u7840\u7ed3\u6784\u514d\u53d7\u5916\u90e8\u653b\u51fb\u3002","title":"\u516c\u6709\u4e91"},{"location":"security/security-guide/#_14","text":"\u5728\u9891\u8c31\u7684\u53e6\u4e00\u7aef\u662f\u79c1\u6709\u4e91\u3002\u6b63\u5982NIST\u6240\u5b9a\u4e49\u7684\u90a3\u6837\uff0c\u79c1\u6709\u4e91\u88ab\u914d\u7f6e\u4e3a\u7531\u591a\u4e2a\u6d88\u8d39\u8005\uff08\u5982\u4e1a\u52a1\u90e8\u95e8\uff09\u7ec4\u6210\u7684\u5355\u4e2a\u7ec4\u7ec7\u72ec\u5360\u4f7f\u7528\u3002\u4e91\u53ef\u80fd\u7531\u7ec4\u7ec7\u3001\u7b2c\u4e09\u65b9\u6216\u5b83\u4eec\u7684\u67d0\u79cd\u7ec4\u5408\u62e5\u6709\u3001\u7ba1\u7406\u548c\u8fd0\u8425\uff0c\u5e76\u4e14\u53ef\u80fd\u5b58\u5728\u4e8e\u672c\u5730\u6216\u5916\u90e8\u3002\u79c1\u6709\u4e91\u7528\u4f8b\u591a\u79cd\u591a\u6837\uff0c\u56e0\u6b64\uff0c\u5b83\u4eec\u5404\u81ea\u7684\u5b89\u5168\u95ee\u9898\u5404\u4e0d\u76f8\u540c\u3002","title":"\u79c1\u6709\u4e91"},{"location":"security/security-guide/#_15","text":"NIST \u5c06\u793e\u533a\u4e91\u5b9a\u4e49\u4e3a\u5176\u57fa\u7840\u7ed3\u6784\u4ec5\u4f9b\u5177\u6709\u5171\u540c\u5173\u6ce8\u70b9\uff08\u4f8b\u5982\uff0c\u4efb\u52a1\u3001\u5b89\u5168\u8981\u6c42\u3001\u7b56\u7565\u6216\u5408\u89c4\u6027\u6ce8\u610f\u4e8b\u9879\uff09\u7684\u7ec4\u7ec7\u7684\u7279\u5b9a\u6d88\u8d39\u8005\u793e\u533a\u4f7f\u7528\u3002\u4e91\u53ef\u80fd\u7531\u793e\u533a\u4e2d\u7684\u4e00\u4e2a\u6216\u591a\u4e2a\u7ec4\u7ec7\u3001\u7b2c\u4e09\u65b9\u6216\u5b83\u4eec\u7684\u67d0\u79cd\u7ec4\u5408\u62e5\u6709\u3001\u7ba1\u7406\u548c\u8fd0\u8425\uff0c\u5e76\u4e14\u5b83\u53ef\u80fd\u5b58\u5728\u4e8e\u672c\u5730\u6216\u5916\u90e8\u3002","title":"\u793e\u533a\u4e91"},{"location":"security/security-guide/#_16","text":"NIST\u5c06\u6df7\u5408\u4e91\u5b9a\u4e49\u4e3a\u4e24\u4e2a\u6216\u591a\u4e2a\u4e0d\u540c\u7684\u4e91\u57fa\u7840\u8bbe\u65bd\uff08\u5982\u79c1\u6709\u4e91\u3001\u793e\u533a\u4e91\u6216\u516c\u5171\u4e91\uff09\u7684\u7ec4\u5408\uff0c\u8fd9\u4e9b\u4e91\u57fa\u7840\u8bbe\u65bd\u4ecd\u7136\u662f\u552f\u4e00\u7684\u5b9e\u4f53\uff0c\u4f46\u901a\u8fc7\u6807\u51c6\u5316\u6216\u4e13\u6709\u6280\u672f\u7ed1\u5b9a\u5728\u4e00\u8d77\uff0c\u4ece\u800c\u5b9e\u73b0\u6570\u636e\u548c\u5e94\u7528\u7a0b\u5e8f\u7684\u53ef\u79fb\u690d\u6027\uff0c\u4f8b\u5982\u7528\u4e8e\u4e91\u4e4b\u95f4\u8d1f\u8f7d\u5e73\u8861\u7684\u4e91\u7206\u53d1\u3002\u4f8b\u5982\uff0c\u5728\u7ebf\u96f6\u552e\u5546\u53ef\u80fd\u4f1a\u5728\u5141\u8bb8\u5f39\u6027\u914d\u7f6e\u7684\u516c\u6709\u4e91\u4e0a\u5c55\u793a\u5176\u5e7f\u544a\u548c\u76ee\u5f55\u3002\u8fd9\u5c06\u4f7f\u4ed6\u4eec\u80fd\u591f\u4ee5\u7075\u6d3b\u3001\u5177\u6709\u6210\u672c\u6548\u76ca\u7684\u65b9\u5f0f\u5904\u7406\u5b63\u8282\u6027\u8d1f\u8f7d\u3002\u4e00\u65e6\u5ba2\u6237\u5f00\u59cb\u5904\u7406\u4ed6\u4eec\u7684\u8ba2\u5355\uff0c\u4ed6\u4eec\u5c31\u4f1a\u88ab\u8f6c\u79fb\u5230\u4e00\u4e2a\u66f4\u5b89\u5168\u7684\u79c1\u6709\u4e91\u4e2d\uff0c\u8be5\u79c1\u6709\u4e91\u7b26\u5408PCI\u6807\u51c6\u3002 \u5728\u672c\u6587\u6863\u4e2d\uff0c\u6211\u4eec\u4ee5\u7c7b\u4f3c\u7684\u65b9\u5f0f\u5bf9\u5f85\u793e\u533a\u548c\u6df7\u5408\u4e91\uff0c\u4ec5\u4ece\u5b89\u5168\u89d2\u5ea6\u660e\u786e\u5904\u7406\u516c\u6709\u4e91\u548c\u79c1\u6709\u4e91\u7684\u6781\u7aef\u60c5\u51b5\u3002\u5b89\u5168\u63aa\u65bd\u53d6\u51b3\u4e8e\u90e8\u7f72\u5728\u79c1\u6709\u516c\u5171\u8fde\u7eed\u4f53\u4e0a\u7684\u4f4d\u7f6e\u3002","title":"\u6df7\u5408\u4e91"},{"location":"security/security-guide/#openstack_2","text":"OpenStack \u91c7\u7528\u6a21\u5757\u5316\u67b6\u6784\uff0c\u63d0\u4f9b\u4e00\u7ec4\u6838\u5fc3\u670d\u52a1\uff0c\u4ee5\u4fc3\u8fdb\u53ef\u6269\u5c55\u6027\u548c\u5f39\u6027\u4f5c\u4e3a\u6838\u5fc3\u8bbe\u8ba1\u539f\u5219\u3002\u672c\u7ae0\u7b80\u8981\u56de\u987e\u4e86 OpenStack \u7ec4\u4ef6\u3001\u5b83\u4eec\u7684\u7528\u4f8b\u548c\u5b89\u5168\u6ce8\u610f\u4e8b\u9879\u3002","title":"OpenStack \u670d\u52a1\u6982\u8ff0"},{"location":"security/security-guide/#_17","text":"OpenStack Compute \u670d\u52a1 \uff08nova\uff09 \u63d0\u4f9b\u7684\u670d\u52a1\u652f\u6301\u5927\u89c4\u6a21\u7ba1\u7406\u865a\u62df\u673a\u5b9e\u4f8b\u3001\u6258\u7ba1\u591a\u5c42\u5e94\u7528\u7a0b\u5e8f\u7684\u5b9e\u4f8b\u3001\u5f00\u53d1\u6216\u6d4b\u8bd5\u73af\u5883\u3001\u5904\u7406 Hadoop \u96c6\u7fa4\u7684\u201c\u5927\u6570\u636e\u201d\u6216\u9ad8\u6027\u80fd\u8ba1\u7b97\u3002 \u8ba1\u7b97\u670d\u52a1\u901a\u8fc7\u4e0e\u652f\u6301\u7684\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u4ea4\u4e92\u7684\u62bd\u8c61\u5c42\u6765\u4fc3\u8fdb\u8fd9\u79cd\u7ba1\u7406\uff08\u6211\u4eec\u7a0d\u540e\u4f1a\u66f4\u8be6\u7ec6\u5730\u8ba8\u8bba\u8fd9\u4e2a\u95ee\u9898\uff09\u3002 \u5728\u672c\u6307\u5357\u7684\u540e\u9762\u90e8\u5206\uff0c\u6211\u4eec\u5c06\u91cd\u70b9\u4ecb\u7ecd\u865a\u62df\u5316\u5806\u6808\uff0c\u56e0\u4e3a\u5b83\u4e0e\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u76f8\u5173\u3002 \u6709\u5173\u529f\u80fd\u652f\u6301\u7684\u5f53\u524d\u72b6\u6001\u7684\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 OpenStack Hypervisor \u652f\u6301\u77e9\u9635\u3002 \u8ba1\u7b97\u5b89\u5168\u6027\u5bf9\u4e8eOpenStack\u90e8\u7f72\u81f3\u5173\u91cd\u8981\u3002\u5f3a\u5316\u6280\u672f\u5e94\u5305\u62ec\u5bf9\u5f3a\u5b9e\u4f8b\u9694\u79bb\u7684\u652f\u6301\u3001\u8ba1\u7b97\u5b50\u7ec4\u4ef6\u4e4b\u95f4\u7684\u5b89\u5168\u901a\u4fe1\u4ee5\u53ca\u9762\u5411\u516c\u4f17\u7684 API \u7ec8\u7ed3\u70b9\u7684\u590d\u539f\u80fd\u529b\u3002","title":"\u8ba1\u7b97"},{"location":"security/security-guide/#_18","text":"OpenStack \u5bf9\u8c61\u5b58\u50a8\u670d\u52a1 \uff08swift\uff09 \u652f\u6301\u5728\u4e91\u4e2d\u5b58\u50a8\u548c\u68c0\u7d22\u4efb\u610f\u6570\u636e\u3002\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u63d0\u4f9b\u672c\u673a API \u548c\u4e9a\u9a6c\u900a\u4e91\u79d1\u6280 S3 \u517c\u5bb9 API\u3002\u8be5\u670d\u52a1\u901a\u8fc7\u6570\u636e\u590d\u5236\u63d0\u4f9b\u9ad8\u5ea6\u7684\u590d\u539f\u80fd\u529b\uff0c\u5e76\u4e14\u53ef\u4ee5\u5904\u7406 PB \u7ea7\u7684\u6570\u636e\u3002 \u8bf7\u52a1\u5fc5\u4e86\u89e3\u5bf9\u8c61\u5b58\u50a8\u4e0d\u540c\u4e8e\u4f20\u7edf\u7684\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u3002\u5bf9\u8c61\u5b58\u50a8\u6700\u9002\u5408\u7528\u4e8e\u9759\u6001\u6570\u636e\uff0c\u4f8b\u5982\u5a92\u4f53\u6587\u4ef6\uff08MP3\u3001\u56fe\u50cf\u6216\u89c6\u9891\uff09\u3001\u865a\u62df\u673a\u6620\u50cf\u548c\u5907\u4efd\u6587\u4ef6\u3002 \u5bf9\u8c61\u5b89\u5168\u5e94\u4fa7\u91cd\u4e8e\u4f20\u8f93\u4e2d\u548c\u9759\u6001\u6570\u636e\u7684\u8bbf\u95ee\u63a7\u5236\u548c\u52a0\u5bc6\u3002\u5176\u4ed6\u95ee\u9898\u53ef\u80fd\u4e0e\u7cfb\u7edf\u6ee5\u7528\u3001\u975e\u6cd5\u6216\u6076\u610f\u5185\u5bb9\u5b58\u50a8\u4ee5\u53ca\u4ea4\u53c9\u8eab\u4efd\u9a8c\u8bc1\u653b\u51fb\u5a92\u4ecb\u6709\u5173\u3002","title":"\u5bf9\u8c61\u5b58\u50a8"},{"location":"security/security-guide/#_19","text":"OpenStack \u5757\u5b58\u50a8\u670d\u52a1 \uff08cinder\uff09 \u4e3a\u8ba1\u7b97\u5b9e\u4f8b\u63d0\u4f9b\u6301\u4e45\u6027\u5757\u5b58\u50a8\u3002\u5757\u5b58\u50a8\u670d\u52a1\u8d1f\u8d23\u7ba1\u7406\u5757\u8bbe\u5907\u7684\u751f\u547d\u5468\u671f\uff0c\u4ece\u521b\u5efa\u5377\u548c\u9644\u52a0\u5230\u5b9e\u4f8b\uff0c\u518d\u5230\u91ca\u653e\u3002 \u5757\u5b58\u50a8\u7684\u5b89\u5168\u6ce8\u610f\u4e8b\u9879\u4e0e\u5bf9\u8c61\u5b58\u50a8\u7684\u5b89\u5168\u6ce8\u610f\u4e8b\u9879\u7c7b\u4f3c\u3002","title":"\u5757\u5b58\u50a8"},{"location":"security/security-guide/#_20","text":"\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\uff08\u9a6c\u5c3c\u62c9\uff09\u63d0\u4f9b\u4e86\u4e00\u7ec4\u7528\u4e8e\u7ba1\u7406\u591a\u79df\u6237\u4e91\u73af\u5883\u4e2d\u7684\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u7684\u670d\u52a1\uff0c\u7c7b\u4f3c\u4e8e OpenStack \u901a\u8fc7 OpenStack \u5757\u5b58\u50a8\u670d\u52a1\u9879\u76ee\u63d0\u4f9b\u57fa\u4e8e\u5757\u7684\u5b58\u50a8\u7ba1\u7406\u7684\u65b9\u5f0f\u3002\u4f7f\u7528\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\uff0c\u60a8\u53ef\u4ee5\u521b\u5efa\u8fdc\u7a0b\u6587\u4ef6\u7cfb\u7edf\uff0c\u5c06\u6587\u4ef6\u7cfb\u7edf\u6302\u8f7d\u5230\u5b9e\u4f8b\u4e0a\uff0c\u7136\u540e\u4ece\u5b9e\u4f8b\u8bfb\u53d6\u548c\u5199\u5165\u6587\u4ef6\u7cfb\u7edf\u4e2d\u7684\u6570\u636e\u3002","title":"\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf"},{"location":"security/security-guide/#_21","text":"OpenStack \u7f51\u7edc\u670d\u52a1\uff08neutron\uff0c\u4ee5\u524d\u79f0\u4e3a\u91cf\u5b50\uff09\u4e3a\u4e91\u7528\u6237\uff08\u79df\u6237\uff09\u63d0\u4f9b\u5404\u79cd\u7f51\u7edc\u670d\u52a1\uff0c\u4f8b\u5982 IP \u5730\u5740\u7ba1\u7406\u3001DNS\u3001DHCP\u3001\u8d1f\u8f7d\u5747\u8861\u548c\u5b89\u5168\u7ec4\uff08\u7f51\u7edc\u8bbf\u95ee\u89c4\u5219\uff0c\u5982\u9632\u706b\u5899\u7b56\u7565\uff09\u3002\u6b64\u670d\u52a1\u4e3a\u8f6f\u4ef6\u5b9a\u4e49\u7f51\u7edc \uff08SDN\uff09 \u63d0\u4f9b\u4e86\u4e00\u4e2a\u6846\u67b6\uff0c\u5141\u8bb8\u4e0e\u5404\u79cd\u7f51\u7edc\u89e3\u51b3\u65b9\u6848\u8fdb\u884c\u53ef\u63d2\u62d4\u96c6\u6210\u3002 OpenStack Networking \u5141\u8bb8\u4e91\u79df\u6237\u7ba1\u7406\u5176\u8bbf\u5ba2\u7f51\u7edc\u914d\u7f6e\u3002\u7f51\u7edc\u670d\u52a1\u7684\u5b89\u5168\u95ee\u9898\u5305\u62ec\u7f51\u7edc\u6d41\u91cf\u9694\u79bb\u3001\u53ef\u7528\u6027\u3001\u5b8c\u6574\u6027\u548c\u673a\u5bc6\u6027\u3002","title":"\u7f51\u7edc"},{"location":"security/security-guide/#_22","text":"OpenStack \u4eea\u8868\u677f \uff08horizon\uff09 \u4e3a\u4e91\u7ba1\u7406\u5458\u548c\u4e91\u79df\u6237\u63d0\u4f9b\u4e86\u4e00\u4e2a\u57fa\u4e8e Web \u7684\u754c\u9762\u3002\u4f7f\u7528\u6b64\u754c\u9762\uff0c\u7ba1\u7406\u5458\u548c\u79df\u6237\u53ef\u4ee5\u9884\u914d\u3001\u7ba1\u7406\u548c\u76d1\u89c6\u4e91\u8d44\u6e90\u3002\u4eea\u8868\u677f\u901a\u5e38\u4ee5\u9762\u5411\u516c\u4f17\u7684\u65b9\u5f0f\u90e8\u7f72\uff0c\u5177\u6709\u516c\u5171 Web \u95e8\u6237\u7684\u6240\u6709\u5e38\u89c1\u5b89\u5168\u95ee\u9898\u3002","title":"\u4eea\u8868\u677f"},{"location":"security/security-guide/#_23","text":"OpenStack Identity \u670d\u52a1 \uff08keystone\uff09 \u662f\u4e00\u9879\u5171\u4eab\u670d\u52a1\uff0c\u53ef\u5728\u6574\u4e2a\u4e91\u57fa\u7840\u67b6\u6784\u4e2d\u63d0\u4f9b\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743\u670d\u52a1\u3002Identity \u670d\u52a1\u5177\u6709\u5bf9\u591a\u79cd\u8eab\u4efd\u9a8c\u8bc1\u5f62\u5f0f\u7684\u53ef\u63d2\u5165\u652f\u6301\u3002 Identity \u670d\u52a1\u7684\u5b89\u5168\u95ee\u9898\u5305\u62ec\u5bf9\u8eab\u4efd\u9a8c\u8bc1\u7684\u4fe1\u4efb\u3001\u6388\u6743\u4ee4\u724c\u7684\u7ba1\u7406\u4ee5\u53ca\u5b89\u5168\u901a\u4fe1\u3002","title":"\u8eab\u4efd\u9274\u522b\u670d\u52a1"},{"location":"security/security-guide/#_24","text":"OpenStack \u955c\u50cf\u670d\u52a1\uff08glance\uff09\u63d0\u4f9b\u78c1\u76d8\u955c\u50cf\u7ba1\u7406\u670d\u52a1\uff0c\u5305\u62ec\u955c\u50cf\u53d1\u73b0\u3001\u6ce8\u518c\u548c\u6839\u636e\u9700\u8981\u5411\u8ba1\u7b97\u670d\u52a1\u4ea4\u4ed8\u670d\u52a1\u3002 \u9700\u8981\u53d7\u4fe1\u4efb\u7684\u8fdb\u7a0b\u6765\u7ba1\u7406\u78c1\u76d8\u6620\u50cf\u7684\u751f\u547d\u5468\u671f\uff0c\u4ee5\u53ca\u524d\u9762\u63d0\u5230\u7684\u4e0e\u6570\u636e\u5b89\u5168\u6709\u5173\u7684\u6240\u6709\u95ee\u9898\u3002","title":"\u955c\u50cf\u670d\u52a1"},{"location":"security/security-guide/#_25","text":"\u6570\u636e\u5904\u7406\u670d\u52a1 \uff08sahara\uff09 \u63d0\u4f9b\u4e86\u4e00\u4e2a\u5e73\u53f0\uff0c\u7528\u4e8e\u914d\u7f6e\u3001\u7ba1\u7406\u548c\u4f7f\u7528\u8fd0\u884c\u5e38\u7528\u5904\u7406\u6846\u67b6\u7684\u7fa4\u96c6\u3002 \u6570\u636e\u5904\u7406\u7684\u5b89\u5168\u6ce8\u610f\u4e8b\u9879\u5e94\u4fa7\u91cd\u4e8e\u6570\u636e\u9690\u79c1\u548c\u4e0e\u9884\u7f6e\u96c6\u7fa4\u7684\u5b89\u5168\u901a\u4fe1\u3002","title":"\u6570\u636e\u5904\u7406\u670d\u52a1"},{"location":"security/security-guide/#_26","text":"\u6d88\u606f\u4f20\u9012\u7528\u4e8e\u591a\u4e2a OpenStack \u670d\u52a1\u4e4b\u95f4\u7684\u5185\u90e8\u901a\u4fe1\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0cOpenStack \u4f7f\u7528\u57fa\u4e8e AMQP \u7684\u6d88\u606f\u961f\u5217\u3002\u4e0e\u5927\u591a\u6570 OpenStack \u670d\u52a1\u4e00\u6837\uff0cAMQP \u652f\u6301\u53ef\u63d2\u62d4\u7ec4\u4ef6\u3002\u73b0\u5728\uff0c\u5b9e\u73b0\u540e\u7aef\u53ef\u4ee5\u662f RabbitMQ\u3001Qpid \u6216 ZeroMQ\u3002 \u7531\u4e8e\u5927\u591a\u6570\u7ba1\u7406\u547d\u4ee4\u90fd\u6d41\u7ecf\u6d88\u606f\u961f\u5217\u7cfb\u7edf\uff0c\u56e0\u6b64\u6d88\u606f\u961f\u5217\u5b89\u5168\u6027\u662f\u4efb\u4f55 OpenStack \u90e8\u7f72\u7684\u4e3b\u8981\u5b89\u5168\u95ee\u9898\uff0c\u672c\u6307\u5357\u7a0d\u540e\u5c06\u5bf9\u6b64\u8fdb\u884c\u8be6\u7ec6\u8ba8\u8bba\u3002 \u6709\u51e0\u4e2a\u7ec4\u4ef6\u4f7f\u7528\u6570\u636e\u5e93\uff0c\u5c3d\u7ba1\u5b83\u6ca1\u6709\u663e\u5f0f\u8c03\u7528\u3002\u4fdd\u62a4\u6570\u636e\u5e93\u8bbf\u95ee\u662f\u53e6\u4e00\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u56e0\u6b64\u5728\u672c\u6307\u5357\u540e\u9762\u5c06\u66f4\u8be6\u7ec6\u5730\u8ba8\u8bba\u3002","title":"\u5176\u4ed6\u914d\u5957\u6280\u672f"},{"location":"security/security-guide/#_27","text":"\u4e91\u53ef\u4ee5\u62bd\u8c61\u4e3a\u903b\u8f91\u7ec4\u4ef6\u7684\u96c6\u5408\uff0c\u56e0\u4e3a\u5b83\u4eec\u7684\u529f\u80fd\u3001\u7528\u6237\u548c\u5171\u4eab\u7684\u5b89\u5168\u95ee\u9898\uff0c\u6211\u4eec\u79f0\u4e4b\u4e3a\u5b89\u5168\u57df\u3002\u5a01\u80c1\u53c2\u4e0e\u8005\u548c\u5411\u91cf\u6839\u636e\u5176\u52a8\u673a\u548c\u5bf9\u8d44\u6e90\u7684\u8bbf\u95ee\u8fdb\u884c\u5206\u7c7b\u3002\u6211\u4eec\u7684\u76ee\u6807\u662f\u6839\u636e\u60a8\u7684\u98ce\u9669/\u6f0f\u6d1e\u4fdd\u62a4\u76ee\u6807\uff0c\u8ba9\u60a8\u4e86\u89e3\u6bcf\u4e2a\u57df\u7684\u5b89\u5168\u95ee\u9898\u3002","title":"\u5b89\u5168\u8fb9\u754c\u548c\u5a01\u80c1"},{"location":"security/security-guide/#_28","text":"\u5b89\u5168\u57df\u5305\u62ec\u7528\u6237\u3001\u5e94\u7528\u7a0b\u5e8f\u3001\u670d\u52a1\u5668\u6216\u7f51\u7edc\uff0c\u5b83\u4eec\u5728\u7cfb\u7edf\u4e2d\u5177\u6709\u5171\u540c\u7684\u4fe1\u4efb\u8981\u6c42\u548c\u671f\u671b\u3002\u901a\u5e38\uff0c\u5b83\u4eec\u5177\u6709\u76f8\u540c\u7684\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743 \uff08AuthN/Z\uff09 \u8981\u6c42\u548c\u7528\u6237\u3002 \u5c3d\u7ba1\u60a8\u53ef\u80fd\u5e0c\u671b\u8fdb\u4e00\u6b65\u7ec6\u5206\u8fd9\u4e9b\u57df\uff08\u6211\u4eec\u7a0d\u540e\u5c06\u8ba8\u8bba\u5728\u54ea\u4e9b\u65b9\u9762\u53ef\u80fd\u5408\u9002\uff09\uff0c\u4f46\u6211\u4eec\u901a\u5e38\u6307\u7684\u662f\u56db\u4e2a\u4e0d\u540c\u7684\u5b89\u5168\u57df\uff0c\u5b83\u4eec\u6784\u6210\u4e86\u5b89\u5168\u90e8\u7f72\u4efb\u4f55 OpenStack \u4e91\u6240\u9700\u7684\u6700\u4f4e\u9650\u5ea6\u3002\u8fd9\u4e9b\u5b89\u5168\u57df\u5305\u62ec\uff1a \u516c\u5171\u57df \u8bbf\u5ba2\u57df \u7ba1\u7406\u57df \u6570\u636e\u57df \u6211\u4eec\u4e4b\u6240\u4ee5\u9009\u62e9\u8fd9\u4e9b\u5b89\u5168\u57df\uff0c\u662f\u56e0\u4e3a\u5b83\u4eec\u53ef\u4ee5\u72ec\u7acb\u6620\u5c04\uff0c\u4e5f\u53ef\u4ee5\u7ec4\u5408\u8d77\u6765\uff0c\u4ee5\u8868\u793a\u7ed9\u5b9a OpenStack \u90e8\u7f72\u4e2d\u5927\u591a\u6570\u53ef\u80fd\u7684\u4fe1\u4efb\u533a\u57df\u3002\u4f8b\u5982\uff0c\u67d0\u4e9b\u90e8\u7f72\u62d3\u6251\u53ef\u80fd\u7531\u4e00\u4e2a\u7269\u7406\u7f51\u7edc\u4e0a\u7684\u6765\u5bbe\u57df\u548c\u6570\u636e\u57df\u7684\u7ec4\u5408\u7ec4\u6210\uff0c\u800c\u5176\u4ed6\u62d3\u6251\u5219\u5c06\u8fd9\u4e9b\u57df\u5206\u5f00\u3002\u5728\u6bcf\u79cd\u60c5\u51b5\u4e0b\uff0c\u4e91\u64cd\u4f5c\u5458\u90fd\u5e94\u6ce8\u610f\u9002\u5f53\u7684\u5b89\u5168\u95ee\u9898\u3002\u5b89\u5168\u57df\u5e94\u9488\u5bf9\u7279\u5b9a\u7684 OpenStack \u90e8\u7f72\u62d3\u6251\u8fdb\u884c\u6620\u5c04\u3002\u57df\u53ca\u5176\u4fe1\u4efb\u8981\u6c42\u53d6\u51b3\u4e8e\u4e91\u5b9e\u4f8b\u662f\u516c\u6709\u4e91\u5b9e\u4f8b\u3001\u79c1\u6709\u4e91\u5b9e\u4f8b\u8fd8\u662f\u6df7\u5408\u4e91\u5b9e\u4f8b\u3002","title":"\u5b89\u5168\u57df"},{"location":"security/security-guide/#_29","text":"\u516c\u5171\u5b89\u5168\u57df\u662f\u4e91\u57fa\u7840\u67b6\u6784\u4e2d\u5b8c\u5168\u4e0d\u53d7\u4fe1\u4efb\u7684\u533a\u57df\u3002\u5b83\u53ef\u4ee5\u6307\u6574\u4e2a\u4e92\u8054\u7f51\uff0c\u4e5f\u53ef\u4ee5\u7b80\u5355\u5730\u6307\u60a8\u65e0\u6743\u8bbf\u95ee\u7684\u7f51\u7edc\u3002\u4efb\u4f55\u5177\u6709\u673a\u5bc6\u6027\u6216\u5b8c\u6574\u6027\u8981\u6c42\u4f20\u8f93\u6b64\u57df\u7684\u6570\u636e\u90fd\u5e94\u4f7f\u7528\u8865\u507f\u63a7\u5236\u8fdb\u884c\u4fdd\u62a4\u3002 \u6b64\u57df\u5e94\u59cb\u7ec8\u88ab\u89c6\u4e3a\u4e0d\u53d7\u4fe1\u4efb\u3002","title":"\u516c\u5171"},{"location":"security/security-guide/#_30","text":"\u8bbf\u5ba2\u5b89\u5168\u57df\u901a\u5e38\u7528\u4e8e\u8ba1\u7b97\u5b9e\u4f8b\u5230\u5b9e\u4f8b\u7684\u6d41\u91cf\uff0c\u5b83\u5904\u7406\u7531\u4e91\u4e0a\u7684\u5b9e\u4f8b\u751f\u6210\u7684\u8ba1\u7b97\u6570\u636e\uff0c\u4f46\u4e0d\u5904\u7406\u652f\u6301\u4e91\u64cd\u4f5c\u7684\u670d\u52a1\uff0c\u4f8b\u5982 API \u8c03\u7528\u3002 \u5982\u679c\u516c\u6709\u4e91\u548c\u79c1\u6709\u4e91\u63d0\u4f9b\u5546\u5bf9\u5b9e\u4f8b\u4f7f\u7528\u6ca1\u6709\u4e25\u683c\u63a7\u5236\uff0c\u4e5f\u4e0d\u5141\u8bb8\u5bf9\u865a\u62df\u673a\u8fdb\u884c\u4e0d\u53d7\u9650\u5236\u7684 Internet \u8bbf\u95ee\uff0c\u5219\u5e94\u5c06\u6b64\u57df\u89c6\u4e3a\u4e0d\u53d7\u4fe1\u4efb\u7684\u57df\u3002\u79c1\u6709\u4e91\u63d0\u4f9b\u5546\u53ef\u80fd\u5e0c\u671b\u5c06\u6b64\u7f51\u7edc\u89c6\u4e3a\u5185\u90e8\u7f51\u7edc\uff0c\u5e76\u4e14\u53ea\u6709\u5728\u5b9e\u65bd\u9002\u5f53\u7684\u63a7\u5236\u4ee5\u65ad\u8a00\u5b9e\u4f8b\u548c\u6240\u6709\u5173\u8054\u79df\u6237\u90fd\u662f\u53ef\u4fe1\u7684\u65f6\u3002","title":"\u8bbf\u5ba2"},{"location":"security/security-guide/#_31","text":"\u7ba1\u7406\u5b89\u5168\u57df\u662f\u670d\u52a1\u4ea4\u4e92\u7684\u5730\u65b9\u3002\u6709\u65f6\u79f0\u4e3a\u201c\u63a7\u5236\u5e73\u9762\u201d\uff0c\u6b64\u57df\u4e2d\u7684\u7f51\u7edc\u4f20\u8f93\u673a\u5bc6\u6570\u636e\uff0c\u4f8b\u5982\u914d\u7f6e\u53c2\u6570\u3001\u7528\u6237\u540d\u548c\u5bc6\u7801\u3002\u547d\u4ee4\u548c\u63a7\u5236\u6d41\u91cf\u901a\u5e38\u9a7b\u7559\u5728\u6b64\u57df\u4e2d\uff0c\u8fd9\u9700\u8981\u5f3a\u5927\u7684\u5b8c\u6574\u6027\u8981\u6c42\u3002\u5bf9\u6b64\u57df\u7684\u8bbf\u95ee\u5e94\u53d7\u5230\u9ad8\u5ea6\u9650\u5236\u548c\u76d1\u89c6\u3002\u540c\u65f6\uff0c\u6b64\u57df\u4ecd\u5e94\u91c7\u7528\u672c\u6307\u5357\u4e2d\u63cf\u8ff0\u7684\u6240\u6709\u5b89\u5168\u6700\u4f73\u505a\u6cd5\u3002 \u5728\u5927\u591a\u6570\u90e8\u7f72\u4e2d\uff0c\u6b64\u57df\u88ab\u89c6\u4e3a\u53d7\u4fe1\u4efb\u7684\u57df\u3002\u4f46\u662f\uff0c\u5728\u8003\u8651 OpenStack \u90e8\u7f72\u65f6\uff0c\u6709\u8bb8\u591a\u7cfb\u7edf\u5c06\u6b64\u57df\u4e0e\u5176\u4ed6\u57df\u6865\u63a5\u8d77\u6765\uff0c\u8fd9\u53ef\u80fd\u4f1a\u964d\u4f4e\u60a8\u53ef\u4ee5\u5bf9\u8be5\u57df\u7684\u4fe1\u4efb\u7ea7\u522b\u3002\u6709\u5173\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u6865\u63a5\u5b89\u5168\u57df\u3002","title":"\u7ba1\u7406"},{"location":"security/security-guide/#_32","text":"\u6570\u636e\u5b89\u5168\u57df\u4e3b\u8981\u5173\u6ce8\u4e0eOpenStack\u4e2d\u7684\u5b58\u50a8\u670d\u52a1\u6709\u5173\u7684\u4fe1\u606f\u3002\u901a\u8fc7\u8be5\u7f51\u7edc\u4f20\u8f93\u7684\u5927\u591a\u6570\u6570\u636e\u90fd\u9700\u8981\u9ad8\u5ea6\u7684\u5b8c\u6574\u6027\u548c\u673a\u5bc6\u6027\u3002\u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\uff0c\u6839\u636e\u90e8\u7f72\u7c7b\u578b\uff0c\u53ef\u80fd\u8fd8\u4f1a\u6709\u5f88\u5f3a\u7684\u53ef\u7528\u6027\u8981\u6c42\u3002 \u6b64\u7f51\u7edc\u7684\u4fe1\u4efb\u7ea7\u522b\u5f88\u5927\u7a0b\u5ea6\u4e0a\u53d6\u51b3\u4e8e\u90e8\u7f72\u51b3\u7b56\uff0c\u56e0\u6b64\u6211\u4eec\u4e0d\u4f1a\u4e3a\u5176\u5206\u914d\u4efb\u4f55\u9ed8\u8ba4\u7684\u4fe1\u4efb\u7ea7\u522b\u3002","title":"\u6570\u636e"},{"location":"security/security-guide/#_33","text":"\u7f51\u6865\u662f\u5b58\u5728\u4e8e\u591a\u4e2a\u5b89\u5168\u57df\u4e2d\u7684\u7ec4\u4ef6\u3002\u5fc5\u987b\u4ed4\u7ec6\u914d\u7f6e\u6865\u63a5\u5177\u6709\u4e0d\u540c\u4fe1\u4efb\u7ea7\u522b\u6216\u8eab\u4efd\u9a8c\u8bc1\u8981\u6c42\u7684\u5b89\u5168\u57df\u7684\u4efb\u4f55\u7ec4\u4ef6\u3002\u8fd9\u4e9b\u7f51\u6865\u901a\u5e38\u662f\u7f51\u7edc\u67b6\u6784\u4e2d\u7684\u8584\u5f31\u73af\u8282\u3002\u6865\u63a5\u5e94\u59cb\u7ec8\u914d\u7f6e\u4e3a\u6ee1\u8db3\u5b83\u6240\u6865\u63a5\u7684\u4efb\u4f55\u57df\u7684\u6700\u9ad8\u4fe1\u4efb\u7ea7\u522b\u7684\u5b89\u5168\u8981\u6c42\u3002\u5728\u8bb8\u591a\u60c5\u51b5\u4e0b\uff0c\u7531\u4e8e\u653b\u51fb\u7684\u53ef\u80fd\u6027\uff0c\u6865\u63a5\u5668\u7684\u5b89\u5168\u63a7\u5236\u5e94\u8be5\u662f\u4e3b\u8981\u5173\u6ce8\u70b9\u3002 \u4e0a\u56fe\u663e\u793a\u4e86\u6865\u63a5\u6570\u636e\u548c\u7ba1\u7406\u57df\u7684\u8ba1\u7b97\u8282\u70b9;\u56e0\u6b64\uff0c\u5e94\u5c06\u8ba1\u7b97\u8282\u70b9\u914d\u7f6e\u4e3a\u6ee1\u8db3\u7ba1\u7406\u57df\u7684\u5b89\u5168\u8981\u6c42\u3002\u540c\u6837\uff0c\u6b64\u56fe\u4e2d\u7684 API \u7aef\u70b9\u6b63\u5728\u6865\u63a5\u4e0d\u53d7\u4fe1\u4efb\u7684\u516c\u5171\u57df\u548c\u7ba1\u7406\u57df\uff0c\u5e94\u5c06\u5176\u914d\u7f6e\u4e3a\u9632\u6b62\u4ece\u516c\u5171\u57df\u4f20\u64ad\u5230\u7ba1\u7406\u57df\u7684\u653b\u51fb\u3002 \u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\uff0c\u90e8\u7f72\u4eba\u5458\u53ef\u80fd\u5e0c\u671b\u8003\u8651\u5c06\u7f51\u6865\u4fdd\u62a4\u5230\u6bd4\u5b83\u6240\u5728\u7684\u4efb\u4f55\u57df\u66f4\u9ad8\u7684\u6807\u51c6\u3002\u9274\u4e8e\u4e0a\u8ff0 API \u7aef\u70b9\u793a\u4f8b\uff0c\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u4ece\u516c\u5171\u57df\u4ee5 API \u7aef\u70b9\u4e3a\u76ee\u6807\uff0c\u5229\u7528\u5b83\u6765\u5165\u4fb5\u6216\u8bbf\u95ee\u7ba1\u7406\u57df\u3002 OpenStack\u7684\u8bbe\u8ba1\u4f7f\u5f97\u5b89\u5168\u57df\u7684\u5206\u79bb\u662f\u5f88\u56f0\u96be\u7684\u3002\u7531\u4e8e\u6838\u5fc3\u670d\u52a1\u901a\u5e38\u81f3\u5c11\u6865\u63a5\u4e24\u4e2a\u57df\uff0c\u56e0\u6b64\u5728\u5bf9\u5b83\u4eec\u5e94\u7528\u5b89\u5168\u63a7\u5236\u65f6\u5fc5\u987b\u7279\u522b\u8003\u8651\u3002","title":"\u6865\u63a5\u5b89\u5168\u57df"},{"location":"security/security-guide/#_34","text":"\u5927\u591a\u6570\u7c7b\u578b\u7684\u4e91\u90e8\u7f72\uff08\u516c\u6709\u4e91\u6216\u79c1\u6709\u4e91\uff09\u90fd\u4f1a\u53d7\u5230\u67d0\u79cd\u5f62\u5f0f\u7684\u653b\u51fb\u3002\u5728\u672c\u7ae0\u4e2d\uff0c\u6211\u4eec\u5c06\u5bf9\u653b\u51fb\u8005\u8fdb\u884c\u5206\u7c7b\uff0c\u5e76\u603b\u7ed3\u6bcf\u4e2a\u5b89\u5168\u57df\u4e2d\u7684\u6f5c\u5728\u653b\u51fb\u7c7b\u578b\u3002","title":"\u5a01\u80c1\u5206\u7c7b\u3001\u53c2\u4e0e\u8005\u548c\u653b\u51fb\u5411\u91cf"},{"location":"security/security-guide/#_35","text":"\u5a01\u80c1\u53c2\u4e0e\u8005\u662f\u4e00\u79cd\u62bd\u8c61\u7684\u65b9\u5f0f\uff0c\u7528\u4e8e\u6307\u4ee3\u60a8\u53ef\u80fd\u5c1d\u8bd5\u9632\u5fa1\u7684\u4e00\u7c7b\u5bf9\u624b\u3002\u53c2\u4e0e\u8005\u7684\u80fd\u529b\u8d8a\u5f3a\uff0c\u6210\u529f\u7f13\u89e3\u548c\u9884\u9632\u653b\u51fb\u6240\u9700\u7684\u5b89\u5168\u63a7\u5236\u5c31\u8d8a\u6602\u8d35\u3002\u5b89\u5168\u6027\u662f\u6210\u672c\u3001\u53ef\u7528\u6027\u548c\u9632\u5fa1\u4e4b\u95f4\u7684\u6743\u8861\u3002\u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\uff0c\u4e0d\u53ef\u80fd\u9488\u5bf9\u6211\u4eec\u5728\u6b64\u5904\u63cf\u8ff0\u7684\u6240\u6709\u5a01\u80c1\u53c2\u4e0e\u8005\u4fdd\u62a4\u4e91\u90e8\u7f72\u3002\u90a3\u4e9b\u90e8\u7f72OpenStack\u4e91\u7684\u4eba\u5c06\u4e0d\u5f97\u4e0d\u51b3\u5b9a\u5176\u90e8\u7f72/\u4f7f\u7528\u7684\u5e73\u8861\u70b9\u5728\u54ea\u91cc\u3002","title":"\u5a01\u80c1\u53c2\u4e0e\u8005"},{"location":"security/security-guide/#_36","text":"\u672c\u6307\u5357\u8ba4\u4e3a\u662f\u6700\u6709\u80fd\u529b\u7684\u5bf9\u624b\u3002\u60c5\u62a5\u90e8\u95e8\u548c\u5176\u4ed6\u56fd\u5bb6\u884c\u4e3a\u8005\u53ef\u4ee5\u4e3a\u76ee\u6807\u5e26\u6765\u5de8\u5927\u7684\u8d44\u6e90\u3002\u4ed6\u4eec\u62e5\u6709\u8d85\u8d8a\u4efb\u4f55\u5176\u4ed6\u53c2\u4e0e\u8005\u7684\u80fd\u529b\u3002\u5982\u679c\u6ca1\u6709\u6781\u5176\u4e25\u683c\u7684\u63a7\u5236\u63aa\u65bd\uff0c\u65e0\u8bba\u662f\u4eba\u529b\u8fd8\u662f\u6280\u672f\uff0c\u90fd\u5f88\u96be\u9632\u5fa1\u8fd9\u4e9b\u884c\u4e3a\u8005\u3002","title":"\u60c5\u62a5\u673a\u6784"},{"location":"security/security-guide/#_37","text":"\u80fd\u529b\u5f3a\u4e14\u53d7\u7ecf\u6d4e\u9a71\u52a8\u7684\u653b\u51fb\u8005\u7fa4\u4f53\u3002\u80fd\u591f\u8d44\u52a9\u5185\u90e8\u6f0f\u6d1e\u5f00\u53d1\u548c\u76ee\u6807\u7814\u7a76\u3002\u8fd1\u5e74\u6765\uff0c\u4fc4\u7f57\u65af\u5546\u4e1a\u7f51\u7edc\uff08Russian Business Network\uff09\u7b49\u7ec4\u7ec7\u7684\u5d1b\u8d77\uff0c\u4e00\u4e2a\u5e9e\u5927\u7684\u7f51\u7edc\u72af\u7f6a\u4f01\u4e1a\uff0c\u5df2\u7ecf\u8bc1\u660e\u4e86\u7f51\u7edc\u653b\u51fb\u5982\u4f55\u6210\u4e3a\u4e00\u79cd\u5546\u54c1\u3002\u5de5\u4e1a\u95f4\u8c0d\u6d3b\u52a8\u5c5e\u4e8e\u4e25\u91cd\u7684\u6709\u7ec4\u7ec7\u72af\u7f6a\u96c6\u56e2\u3002","title":"\u4e25\u91cd\u6709\u7ec4\u7ec7\u72af\u7f6a"},{"location":"security/security-guide/#_38","text":"\u8fd9\u662f\u6307\u201c\u9ed1\u5ba2\u884c\u52a8\u4e3b\u4e49\u8005\u201d\u7c7b\u578b\u7684\u7ec4\u7ec7\uff0c\u4ed6\u4eec\u901a\u5e38\u6ca1\u6709\u5546\u4e1a\u8d44\u52a9\uff0c\u4f46\u53ef\u80fd\u5bf9\u670d\u52a1\u63d0\u4f9b\u5546\u548c\u4e91\u8fd0\u8425\u5546\u6784\u6210\u4e25\u91cd\u5a01\u80c1\u3002","title":"\u9ad8\u80fd\u529b\u7684\u56e2\u961f"},{"location":"security/security-guide/#_39","text":"\u8fd9\u4e9b\u653b\u51fb\u8005\u5355\u72ec\u884c\u52a8\uff0c\u4ee5\u591a\u79cd\u5f62\u5f0f\u51fa\u73b0\uff0c\u4f8b\u5982\u6d41\u6c13\u6216\u6076\u610f\u5458\u5de5\u3001\u5fc3\u6000\u4e0d\u6ee1\u7684\u5ba2\u6237\u6216\u5c0f\u89c4\u6a21\u7684\u5de5\u4e1a\u95f4\u8c0d\u6d3b\u52a8\u3002","title":"\u6709\u52a8\u673a\u7684\u4e2a\u4eba"},{"location":"security/security-guide/#_40","text":"\u81ea\u52a8\u6f0f\u6d1e\u626b\u63cf/\u5229\u7528\u3002\u975e\u9488\u5bf9\u6027\u653b\u51fb\u3002\u901a\u5e38\uff0c\u53ea\u6709\u8fd9\u4e9b\u884c\u4e3a\u8005\u4e4b\u4e00\u7684\u6ecb\u6270\u3001\u59a5\u534f\u624d\u4f1a\u5bf9\u7ec4\u7ec7\u7684\u58f0\u8a89\u6784\u6210\u91cd\u5927\u98ce\u9669\u3002","title":"\u811a\u672c\u653b\u51fb\u8005"},{"location":"security/security-guide/#_41","text":"\u79c1\u6709\u4e91\u901a\u5e38\u7531\u4f01\u4e1a\u6216\u673a\u6784\u5728\u5176\u7f51\u7edc\u5185\u90e8\u548c\u9632\u706b\u5899\u540e\u9762\u90e8\u7f72\u3002\u4f01\u4e1a\u5c06\u5bf9\u5141\u8bb8\u54ea\u4e9b\u6570\u636e\u9000\u51fa\u5176\u7f51\u7edc\u6709\u4e25\u683c\u7684\u653f\u7b56\uff0c\u751a\u81f3\u53ef\u80fd\u4e3a\u7279\u5b9a\u76ee\u7684\u4f7f\u7528\u4e0d\u540c\u7684\u4e91\u3002\u79c1\u6709\u4e91\u7684\u7528\u6237\u901a\u5e38\u662f\u62e5\u6709\u4e91\u7684\u7ec4\u7ec7\u7684\u5458\u5de5\uff0c\u5e76\u4e14\u80fd\u591f\u5bf9\u5176\u884c\u4e3a\u8d1f\u8d23\u3002\u5458\u5de5\u901a\u5e38\u4f1a\u5728\u8bbf\u95ee\u4e91\u4e4b\u524d\u53c2\u52a0\u57f9\u8bad\u8bfe\u7a0b\uff0c\u5e76\u4e14\u53ef\u80fd\u4f1a\u53c2\u52a0\u5b9a\u671f\u5b89\u6392\u7684\u5b89\u5168\u610f\u8bc6\u57f9\u8bad\u3002\u76f8\u6bd4\u4e4b\u4e0b\uff0c\u516c\u6709\u4e91\u4e0d\u80fd\u5bf9\u5176\u7528\u6237\u3001\u4e91\u7528\u4f8b\u6216\u7528\u6237\u52a8\u673a\u505a\u51fa\u4efb\u4f55\u65ad\u8a00\u3002\u5bf9\u4e8e\u516c\u6709\u4e91\u63d0\u4f9b\u5546\u6765\u8bf4\uff0c\u8fd9\u4f1a\u7acb\u5373\u5c06\u5ba2\u6237\u673a\u5b89\u5168\u57df\u63a8\u5165\u5b8c\u5168\u4e0d\u53d7\u4fe1\u4efb\u7684\u72b6\u6001\u3002 \u516c\u6709\u4e91\u653b\u51fb\u9762\u7684\u4e00\u4e2a\u663e\u7740\u533a\u522b\u662f\uff0c\u5b83\u4eec\u5fc5\u987b\u63d0\u4f9b\u5bf9\u5176\u670d\u52a1\u7684\u4e92\u8054\u7f51\u8bbf\u95ee\u3002\u5b9e\u4f8b\u8fde\u63a5\u3001\u901a\u8fc7 Internet \u8bbf\u95ee\u6587\u4ef6\u4ee5\u53ca\u4e0e\u4e91\u63a7\u5236\u7ed3\u6784\uff08\u5982 API \u7aef\u70b9\u548c\u4eea\u8868\u677f\uff09\u4ea4\u4e92\u7684\u80fd\u529b\u662f\u516c\u6709\u4e91\u7684\u5fc5\u5907\u6761\u4ef6\u3002 \u516c\u6709\u4e91\u548c\u79c1\u6709\u4e91\u7528\u6237\u7684\u9690\u79c1\u95ee\u9898\u901a\u5e38\u662f\u622a\u7136\u76f8\u53cd\u7684\u3002\u5728\u79c1\u6709\u4e91\u4e2d\u751f\u6210\u548c\u5b58\u50a8\u7684\u6570\u636e\u901a\u5e38\u7531\u4e91\u8fd0\u8425\u5546\u62e5\u6709\uff0c\u4ed6\u4eec\u80fd\u591f\u90e8\u7f72\u6570\u636e\u4e22\u5931\u9632\u62a4 \uff08DLP\uff09 \u4fdd\u62a4\u3001\u6587\u4ef6\u68c0\u67e5\u3001\u6df1\u5ea6\u6570\u636e\u5305\u68c0\u67e5\u548c\u89c4\u8303\u6027\u9632\u706b\u5899\u7b49\u6280\u672f\u3002\u76f8\u6bd4\u4e4b\u4e0b\uff0c\u9690\u79c1\u662f\u91c7\u7528\u516c\u6709\u4e91\u57fa\u7840\u8bbe\u65bd\u7684\u4e3b\u8981\u969c\u788d\u4e4b\u4e00\uff0c\u56e0\u4e3a\u524d\u9762\u63d0\u5230\u7684\u8bb8\u591a\u63a7\u5236\u63aa\u65bd\u5e76\u4e0d\u5b58\u5728\u3002","title":"\u516c\u6709\u4e91\u548c\u79c1\u6709\u4e91\u6ce8\u610f\u4e8b\u9879"},{"location":"security/security-guide/#_42","text":"\u5e94\u4ed4\u7ec6\u8003\u8651\u4e91\u90e8\u7f72\u4e2d\u6f5c\u5728\u7684\u51fa\u7ad9\u6ee5\u7528\u3002\u65e0\u8bba\u662f\u516c\u6709\u4e91\u8fd8\u662f\u79c1\u6709\u4e91\uff0c\u4e91\u5f80\u5f80\u90fd\u6709\u5927\u91cf\u53ef\u7528\u8d44\u6e90\u3002\u901a\u8fc7\u9ed1\u5ba2\u653b\u51fb\u6216\u6388\u6743\u8bbf\u95ee\u5728\u4e91\u4e2d\u5efa\u7acb\u5b58\u5728\u70b9\u7684\u653b\u51fb\u8005\uff08\u4f8b\u5982\u6d41\u6c13\u5458\u5de5\uff09\u53ef\u4ee5\u4f7f\u8fd9\u4e9b\u8d44\u6e90\u5bf9\u6574\u4e2a\u4e92\u8054\u7f51\u4ea7\u751f\u5f71\u54cd\u3002\u5177\u6709\u8ba1\u7b97\u670d\u52a1\u7684\u4e91\u662f\u7406\u60f3\u7684 DDoS \u548c\u66b4\u529b\u5f15\u64ce\u3002\u5bf9\u4e8e\u516c\u6709\u4e91\u6765\u8bf4\uff0c\u8fd9\u4e2a\u95ee\u9898\u66f4\u4e3a\u7d27\u8feb\uff0c\u56e0\u4e3a\u5b83\u4eec\u7684\u7528\u6237\u5728\u5f88\u5927\u7a0b\u5ea6\u4e0a\u662f\u4e0d\u8d1f\u8d23\u4efb\u7684\uff0c\u5e76\u4e14\u53ef\u4ee5\u8fc5\u901f\u542f\u52a8\u5927\u91cf\u4e00\u6b21\u6027\u5b9e\u4f8b\u8fdb\u884c\u51fa\u7ad9\u653b\u51fb\u3002\u5982\u679c\u4e00\u5bb6\u516c\u53f8\u56e0\u6258\u7ba1\u6076\u610f\u8f6f\u4ef6\u6216\u5bf9\u5176\u4ed6\u7f51\u7edc\u53d1\u8d77\u653b\u51fb\u800c\u95fb\u540d\uff0c\u53ef\u80fd\u4f1a\u5bf9\u516c\u53f8\u7684\u58f0\u8a89\u9020\u6210\u91cd\u5927\u635f\u5bb3\u3002\u9884\u9632\u65b9\u6cd5\u5305\u62ec\u51fa\u53e3\u5b89\u5168\u7ec4\u3001\u51fa\u7ad9\u6d41\u91cf\u68c0\u67e5\u3001\u5ba2\u6237\u6559\u80b2\u548c\u610f\u8bc6\uff0c\u4ee5\u53ca\u6b3a\u8bc8\u548c\u6ee5\u7528\u7f13\u89e3\u7b56\u7565\u3002","title":"\u51fa\u7ad9\u653b\u51fb\u548c\u58f0\u8a89\u98ce\u9669"},{"location":"security/security-guide/#_43","text":"\u8be5\u56fe\u663e\u793a\u4e86\u4e0a\u4e00\u8282\u4e2d\u63cf\u8ff0\u7684\u53c2\u4e0e\u8005\u53ef\u80fd\u9884\u671f\u7684\u5178\u578b\u653b\u51fb\u7c7b\u578b\u3002\u8bf7\u6ce8\u610f\uff0c\u6b64\u56fe\u4e0d\u6392\u9664\u6709\u4e0d\u53ef\u9884\u671f\u7684\u653b\u51fb\u7c7b\u578b\u3002 \u653b\u51fb\u7c7b\u578b \u6bcf\u79cd\u653b\u51fb\u5f62\u5f0f\u7684\u89c4\u8303\u6027\u9632\u5fa1\u8d85\u51fa\u4e86\u672c\u6587\u6863\u7684\u8303\u56f4\u3002\u4e0a\u56fe\u53ef\u4ee5\u5e2e\u52a9\u60a8\u5c31\u5e94\u9632\u8303\u54ea\u4e9b\u7c7b\u578b\u7684\u5a01\u80c1\u548c\u5a01\u80c1\u53c2\u4e0e\u8005\u505a\u51fa\u660e\u667a\u7684\u51b3\u5b9a\u3002\u5bf9\u4e8e\u5546\u4e1a\u516c\u6709\u4e91\u90e8\u7f72\uff0c\u8fd9\u53ef\u80fd\u5305\u62ec\u9884\u9632\u4e25\u91cd\u72af\u7f6a\u3002\u5bf9\u4e8e\u90a3\u4e9b\u4e3a\u653f\u5e9c\u4f7f\u7528\u90e8\u7f72\u79c1\u6709\u4e91\u7684\u4eba\u6765\u8bf4\uff0c\u5e94\u8be5\u5efa\u7acb\u66f4\u4e25\u683c\u7684\u4fdd\u62a4\u673a\u5236\uff0c\u5305\u62ec\u7cbe\u5fc3\u4fdd\u62a4\u7684\u8bbe\u65bd\u548c\u4f9b\u5e94\u94fe\u3002\u76f8\u6bd4\u4e4b\u4e0b\uff0c\u90a3\u4e9b\u5efa\u7acb\u57fa\u672c\u5f00\u53d1\u6216\u6d4b\u8bd5\u73af\u5883\u7684\u4eba\u53ef\u80fd\u9700\u8981\u9650\u5236\u8f83\u5c11\u7684\u63a7\u5236\uff08\u4e2d\u95f4\uff09\u3002","title":"\u653b\u51fb\u7c7b\u578b"},{"location":"security/security-guide/#_44","text":"\u60a8\u9009\u62e9\u7684\u652f\u6301\u8f6f\u4ef6\uff08\u5982\u6d88\u606f\u4f20\u9012\u548c\u8d1f\u8f7d\u5e73\u8861\uff09\u53ef\u80fd\u4f1a\u5bf9\u4e91\u4ea7\u751f\u4e25\u91cd\u7684\u5b89\u5168\u5f71\u54cd\u3002\u4e3a\u7ec4\u7ec7\u505a\u51fa\u6b63\u786e\u7684\u9009\u62e9\u975e\u5e38\u91cd\u8981\u3002\u672c\u8282\u63d0\u4f9b\u4e86\u9009\u62e9\u652f\u6301\u8f6f\u4ef6\u7684\u4e00\u4e9b\u4e00\u822c\u51c6\u5219\u3002 \u4e3a\u4e86\u9009\u62e9\u6700\u4f73\u652f\u6301\u8f6f\u4ef6\uff0c\u8bf7\u8003\u8651\u4ee5\u4e0b\u56e0\u7d20\uff1a \u56e2\u961f\u4e13\u4e1a\u77e5\u8bc6 \u4ea7\u54c1\u6216\u9879\u76ee\u6210\u719f\u5ea6 \u901a\u7528\u6807\u51c6 \u786c\u4ef6\u95ee\u9898","title":"\u9009\u62e9\u652f\u6301\u8f6f\u4ef6"},{"location":"security/security-guide/#_45","text":"\u56e2\u961f\u8d8a\u719f\u6089\u7279\u5b9a\u4ea7\u54c1\u3001\u5176\u914d\u7f6e\u548c\u7279\u6b8a\u6027\uff0c\u5c31\u8d8a\u5c11\u4f1a\u51fa\u73b0\u914d\u7f6e\u9519\u8bef\u3002\u6b64\u5916\uff0c\u5c06\u5458\u5de5\u7684\u4e13\u4e1a\u77e5\u8bc6\u5206\u6563\u5230\u6574\u4e2a\u7ec4\u7ec7\u4e2d\u53ef\u4ee5\u589e\u52a0\u7cfb\u7edf\u7684\u53ef\u7528\u6027\uff0c\u5141\u8bb8\u5206\u5de5\uff0c\u5e76\u5728\u56e2\u961f\u6210\u5458\u4e0d\u53ef\u7528\u65f6\u51cf\u8f7b\u95ee\u9898\u3002","title":"\u56e2\u961f\u4e13\u4e1a\u77e5\u8bc6"},{"location":"security/security-guide/#_46","text":"\u7ed9\u5b9a\u4ea7\u54c1\u6216\u9879\u76ee\u7684\u6210\u719f\u5ea6\u5bf9\u60a8\u7684\u5b89\u5168\u72b6\u51b5\u81f3\u5173\u91cd\u8981\u3002\u90e8\u7f72\u4e91\u540e\uff0c\u4ea7\u54c1\u6210\u719f\u5ea6\u4f1a\u4ea7\u751f\u8bb8\u591a\u5f71\u54cd\uff1a \u4e13\u4e1a\u77e5\u8bc6\u7684\u53ef\u7528\u6027 \u6d3b\u8dc3\u7684\u5f00\u53d1\u4eba\u5458\u548c\u7528\u6237\u793e\u533a \u66f4\u65b0\u7684\u53ca\u65f6\u6027\u548c\u53ef\u7528\u6027 \u4e8b\u4ef6\u54cd\u5e94","title":"\u4ea7\u54c1\u6216\u9879\u76ee\u6210\u719f\u5ea6"},{"location":"security/security-guide/#_47","text":"\u901a\u7528\u6807\u51c6\u662f\u4e00\u4e2a\u56fd\u9645\u6807\u51c6\u5316\u7684\u8f6f\u4ef6\u8bc4\u4f30\u8fc7\u7a0b\uff0c\u653f\u5e9c\u548c\u5546\u4e1a\u516c\u53f8\u4f7f\u7528\u5b83\u6765\u9a8c\u8bc1\u8f6f\u4ef6\u6280\u672f\u7684\u6027\u80fd\u662f\u5426\u5982\u5ba3\u4f20\u7684\u90a3\u6837\u3002","title":"\u901a\u7528\u6807\u51c6"},{"location":"security/security-guide/#_48","text":"\u8003\u8651\u8fd0\u884c\u8f6f\u4ef6\u7684\u786c\u4ef6\u7684\u53ef\u652f\u6301\u6027\u3002\u6b64\u5916\uff0c\u8bf7\u8003\u8651\u786c\u4ef6\u4e2d\u53ef\u7528\u7684\u5176\u4ed6\u529f\u80fd\uff0c\u4ee5\u53ca\u60a8\u9009\u62e9\u7684\u8f6f\u4ef6\u5982\u4f55\u652f\u6301\u8fd9\u4e9b\u529f\u80fd\u3002","title":"\u786c\u4ef6\u95ee\u9898"},{"location":"security/security-guide/#_49","text":"OpenStack \u4e91\u90e8\u7f72\u7684\u7cfb\u7edf\u6587\u6863\u5e94\u9075\u5faa\u7ec4\u7ec7\u4e2d\u4f01\u4e1a\u4fe1\u606f\u6280\u672f\u7cfb\u7edf\u7684\u6a21\u677f\u548c\u6700\u4f73\u5b9e\u8df5\u3002\u7ec4\u7ec7\u901a\u5e38\u6709\u5408\u89c4\u6027\u8981\u6c42\uff0c\u8fd9\u53ef\u80fd\u9700\u8981\u4e00\u4e2a\u6574\u4f53\u7684\u7cfb\u7edf\u5b89\u5168\u8ba1\u5212\u6765\u6e05\u70b9\u548c\u8bb0\u5f55\u7ed9\u5b9a\u7cfb\u7edf\u7684\u67b6\u6784\u3002\u6574\u4e2a\u884c\u4e1a\u90fd\u9762\u4e34\u7740\u4e0e\u8bb0\u5f55\u52a8\u6001\u4e91\u57fa\u7840\u67b6\u6784\u548c\u4fdd\u6301\u4fe1\u606f\u6700\u65b0\u76f8\u5173\u7684\u5171\u540c\u6311\u6218\u3002 \u7cfb\u7edf\u6587\u6863\u8981\u6c42 \u7cfb\u7edf\u89d2\u8272\u548c\u7c7b\u578b \u7cfb\u7edf\u6e05\u5355 \u7f51\u7edc\u62d3\u6251 \u670d\u52a1\u3001\u534f\u8bae\u548c\u7aef\u53e3","title":"\u7cfb\u7edf\u6587\u6863"},{"location":"security/security-guide/#_50","text":"","title":"\u7cfb\u7edf\u6587\u6863\u8981\u6c42"},{"location":"security/security-guide/#_51","text":"\u901a\u5e38\u6784\u6210 OpenStack \u5b89\u88c5\u7684\u4e24\u79cd\u5e7f\u4e49\u8282\u70b9\u7c7b\u578b\u662f\uff1a","title":"\u7cfb\u7edf\u89d2\u8272\u548c\u7c7b\u578b"},{"location":"security/security-guide/#_52","text":"\u8fd0\u884c\u4e0e\u4e91\u76f8\u5173\u7684\u670d\u52a1\uff0c\u4f8b\u5982 OpenStack Identity \u670d\u52a1\u3001\u6d88\u606f\u961f\u5217\u670d\u52a1\u3001\u5b58\u50a8\u3001\u7f51\u7edc\u4ee5\u53ca\u652f\u6301\u4e91\u8fd0\u884c\u6240\u9700\u7684\u5176\u4ed6\u670d\u52a1\u3002","title":"\u57fa\u7840\u8bbe\u65bd\u8282\u70b9"},{"location":"security/security-guide/#_53","text":"\u4e3a\u4e91\u63d0\u4f9b\u5b58\u50a8\u5bb9\u91cf\u6216\u865a\u62df\u673a\u3002","title":"\u8ba1\u7b97\u3001\u5b58\u50a8\u6216\u5176\u4ed6\u8d44\u6e90\u8282\u70b9"},{"location":"security/security-guide/#_54","text":"\u6587\u6863\u5e94\u63d0\u4f9bOpenStack\u73af\u5883\u7684\u4e00\u822c\u63cf\u8ff0\uff0c\u5e76\u6db5\u76d6\u4f7f\u7528\u7684\u6240\u6709\u7cfb\u7edf\uff08\u4f8b\u5982\uff0c\u751f\u4ea7\u3001\u5f00\u53d1\u6216\u6d4b\u8bd5\uff09\u3002\u8bb0\u5f55\u7cfb\u7edf\u7ec4\u4ef6\u3001\u7f51\u7edc\u3001\u670d\u52a1\u548c\u8f6f\u4ef6\u901a\u5e38\u63d0\u4f9b\u5168\u9762\u8986\u76d6\u548c\u8003\u8651\u5b89\u5168\u95ee\u9898\u3001\u653b\u51fb\u5a92\u4ecb\u548c\u53ef\u80fd\u7684\u5b89\u5168\u57df\u6865\u63a5\u70b9\u6240\u9700\u7684\u9e1f\u77b0\u56fe\u3002\u7cfb\u7edf\u6e05\u5355\u53ef\u80fd\u9700\u8981\u6355\u83b7\u4e34\u65f6\u8d44\u6e90\uff0c\u4f8b\u5982\u865a\u62df\u673a\u6216\u865a\u62df\u78c1\u76d8\u5377\uff0c\u5426\u5219\u8fd9\u4e9b\u8d44\u6e90\u5c06\u6210\u4e3a\u4f20\u7edf IT \u7cfb\u7edf\u4e2d\u7684\u6301\u4e45\u6027\u8d44\u6e90\u3002","title":"\u7cfb\u7edf\u6e05\u5355"},{"location":"security/security-guide/#_55","text":"\u5bf9\u4e66\u9762\u6587\u6863\u6ca1\u6709\u4e25\u683c\u5408\u89c4\u6027\u8981\u6c42\u7684\u4e91\u53ef\u80fd\u4f1a\u53d7\u76ca\u4e8e\u914d\u7f6e\u7ba1\u7406\u6570\u636e\u5e93 \uff08CMDB\uff09\u3002CMDB\u901a\u5e38\u7528\u4e8e\u786c\u4ef6\u8d44\u4ea7\u8ddf\u8e2a\u548c\u6574\u4f53\u751f\u547d\u5468\u671f\u7ba1\u7406\u3002\u901a\u8fc7\u5229\u7528 CMDB\uff0c\u7ec4\u7ec7\u53ef\u4ee5\u5feb\u901f\u8bc6\u522b\u4e91\u57fa\u7840\u8bbe\u65bd\u786c\u4ef6\uff0c\u4f8b\u5982\u8ba1\u7b97\u8282\u70b9\u3001\u5b58\u50a8\u8282\u70b9\u6216\u7f51\u7edc\u8bbe\u5907\u3002CMDB\u53ef\u4ee5\u5e2e\u52a9\u8bc6\u522b\u7f51\u7edc\u4e0a\u5b58\u5728\u7684\u8d44\u4ea7\uff0c\u8fd9\u4e9b\u8d44\u4ea7\u53ef\u80fd\u7531\u4e8e\u7ef4\u62a4\u4e0d\u8db3\u3001\u4fdd\u62a4\u4e0d\u8db3\u6216\u88ab\u53d6\u4ee3\u548c\u9057\u5fd8\u800c\u5b58\u5728\u6f0f\u6d1e\u3002\u5982\u679c\u5e95\u5c42\u786c\u4ef6\u652f\u6301\u5fc5\u8981\u7684\u81ea\u52a8\u53d1\u73b0\u529f\u80fd\uff0c\u5219 OpenStack \u7f6e\u5907\u7cfb\u7edf\u53ef\u4ee5\u63d0\u4f9b\u4e00\u4e9b\u57fa\u672c\u7684 CMDB \u529f\u80fd\u3002","title":"\u786c\u4ef6\u6e05\u5355"},{"location":"security/security-guide/#_56","text":"\u4e0e\u786c\u4ef6\u4e00\u6837\uff0cOpenStack \u90e8\u7f72\u4e2d\u7684\u6240\u6709\u8f6f\u4ef6\u7ec4\u4ef6\u90fd\u5e94\u8bb0\u5f55\u5728\u6848\u3002\u793a\u4f8b\u5305\u62ec\uff1a \u7cfb\u7edf\u6570\u636e\u5e93\uff0c\u4f8b\u5982 MySQL \u6216 mongoDB OpenStack \u8f6f\u4ef6\u7ec4\u4ef6\uff0c\u4f8b\u5982 Identity \u6216 Compute \u652f\u6301\u7ec4\u4ef6\uff0c\u4f8b\u5982\u8d1f\u8f7d\u5747\u8861\u5668\u3001\u53cd\u5411\u4ee3\u7406\u3001DNS \u6216 DHCP \u670d\u52a1 \u5728\u8bc4\u4f30\u5e93\u3001\u5e94\u7528\u7a0b\u5e8f\u6216\u8f6f\u4ef6\u7c7b\u522b\u4e2d\u6cc4\u9732\u6216\u6f0f\u6d1e\u7684\u5f71\u54cd\u65f6\uff0c\u8f6f\u4ef6\u7ec4\u4ef6\u7684\u6743\u5a01\u5217\u8868\u53ef\u80fd\u81f3\u5173\u91cd\u8981\u3002","title":"\u8f6f\u4ef6\u6e05\u5355"},{"location":"security/security-guide/#_57","text":"\u5e94\u63d0\u4f9b\u7f51\u7edc\u62d3\u6251\uff0c\u5e76\u7a81\u51fa\u663e\u793a\u5b89\u5168\u57df\u4e4b\u95f4\u7684\u6570\u636e\u6d41\u548c\u6865\u63a5\u70b9\u3002\u7f51\u7edc\u5165\u53e3\u548c\u51fa\u53e3\u70b9\u5e94\u4e0e\u4efb\u4f55 OpenStack \u903b\u8f91\u7cfb\u7edf\u8fb9\u754c\u4e00\u8d77\u6807\u8bc6\u3002\u53ef\u80fd\u9700\u8981\u591a\u4e2a\u56fe\u8868\u6765\u63d0\u4f9b\u7cfb\u7edf\u7684\u5b8c\u6574\u89c6\u89c9\u8986\u76d6\u3002\u7f51\u7edc\u62d3\u6251\u6587\u6863\u5e94\u5305\u62ec\u7cfb\u7edf\u4ee3\u8868\u79df\u6237\u521b\u5efa\u7684\u865a\u62df\u7f51\u7edc\uff0c\u4ee5\u53ca OpenStack \u521b\u5efa\u7684\u865a\u62df\u673a\u5b9e\u4f8b\u548c\u7f51\u5173\u3002","title":"\u7f51\u7edc\u62d3\u6251"},{"location":"security/security-guide/#_58","text":"\u4e86\u89e3\u6709\u5173\u7ec4\u7ec7\u8d44\u4ea7\u7684\u4fe1\u606f\u901a\u5e38\u662f\u6700\u4f73\u505a\u6cd5\u3002\u8d44\u4ea7\u8868\u53ef\u4ee5\u5e2e\u52a9\u9a8c\u8bc1\u5b89\u5168\u8981\u6c42\uff0c\u5e76\u5e2e\u52a9\u7ef4\u62a4\u6807\u51c6\u5b89\u5168\u7ec4\u4ef6\uff0c\u4f8b\u5982\u9632\u706b\u5899\u914d\u7f6e\u3001\u670d\u52a1\u7aef\u53e3\u51b2\u7a81\u3001\u5b89\u5168\u4fee\u6b63\u533a\u57df\u548c\u5408\u89c4\u6027\u3002\u6b64\u5916\uff0c\u8be5\u8868\u8fd8\u6709\u52a9\u4e8e\u7406\u89e3 OpenStack \u7ec4\u4ef6\u4e4b\u95f4\u7684\u5173\u7cfb\u3002\u8be5\u8868\u53ef\u80fd\u5305\u62ec\uff1a OpenStack \u90e8\u7f72\u4e2d\u4f7f\u7528\u7684\u670d\u52a1\u3001\u534f\u8bae\u548c\u7aef\u53e3\u3002 \u4e91\u57fa\u7840\u67b6\u6784\u4e2d\u8fd0\u884c\u7684\u6240\u6709\u670d\u52a1\u7684\u6982\u8ff0\u3002 \u5f3a\u70c8\u5efa\u8bae OpenStack \u90e8\u7f72\u8bb0\u5f55\u4e0e\u6b64\u7c7b\u4f3c\u7684\u4fe1\u606f\u3002\u8be5\u8868\u53ef\u4ee5\u6839\u636e\u4ece CMDB \u6d3e\u751f\u7684\u4fe1\u606f\u521b\u5efa\uff0c\u4e5f\u53ef\u4ee5\u624b\u52a8\u6784\u5efa\u3002 \u4e0b\u9762\u63d0\u4f9b\u4e86\u4e00\u4e2a\u8868\u683c\u793a\u4f8b\uff1a \u670d\u52a1 \u534f\u8bae \u7aef\u53e3 \u76ee\u7684 \u4f7f\u7528\u8005 \u5b89\u5168\u57df beam.smp AMQP 5672/tcp AMQP \u6d88\u606f\u670d\u52a1 RabbitMQ \u7ba1\u7406\u57df tgtd iSCSI 3260/tcp iSCSI \u53d1\u8d77\u7a0b\u5e8f\u670d\u52a1 iSCSI \u79c1\u6709\uff08\u6570\u636e\u7f51\u7edc\uff09 sshd ssh 22/tcp \u5141\u8bb8\u5b89\u5168\u767b\u5f55\u5230\u8282\u70b9\u548c\u6765\u5bbe\u865a\u62df\u673a Various \u6309\u9700\u914d\u7f6e\u4f5c\u7528\u4e8e\u7ba1\u7406\u57df\u3001\u516c\u5171\u57df\u548c\u8bbf\u5ba2\u57df mysqld mysql 3306/tcp \u6570\u636e\u5e93\u670d\u52a1 Various \u7ba1\u7406\u57df apache2 http 443/tcp \u4eea\u8868\u677f Tenants \u516c\u5171\u57df dnsmasq dns 53/tcp DNS \u670d\u52a1 Guest VMs \u8bbf\u5ba2\u57df","title":"\u670d\u52a1\u3001\u534f\u8bae\u548c\u7aef\u53e3"},{"location":"security/security-guide/#_59","text":"\u4e91\u90e8\u7f72\u662f\u4e00\u4e2a\u4e0d\u65ad\u53d8\u5316\u7684\u7cfb\u7edf\u3002\u673a\u5668\u8001\u5316\u548c\u6545\u969c\uff0c\u8f6f\u4ef6\u8fc7\u65f6\uff0c\u6f0f\u6d1e\u88ab\u53d1\u73b0\u3002\u5f53\u914d\u7f6e\u4e2d\u51fa\u73b0\u9519\u8bef\u6216\u9057\u6f0f\u65f6\uff0c\u6216\u8005\u5fc5\u987b\u5e94\u7528\u8f6f\u4ef6\u4fee\u590d\u65f6\uff0c\u5fc5\u987b\u4ee5\u5b89\u5168\u4f46\u65b9\u4fbf\u7684\u65b9\u5f0f\u8fdb\u884c\u8fd9\u4e9b\u66f4\u6539\u3002\u8fd9\u4e9b\u66f4\u6539\u901a\u5e38\u901a\u8fc7\u914d\u7f6e\u7ba1\u7406\u6765\u89e3\u51b3\u3002 \u4fdd\u62a4\u4e91\u90e8\u7f72\u4e0d\u88ab\u6076\u610f\u5b9e\u4f53\u914d\u7f6e\u6216\u64cd\u7eb5\u975e\u5e38\u91cd\u8981\u3002\u7531\u4e8e\u4e91\u4e2d\u7684\u8bb8\u591a\u7cfb\u7edf\u90fd\u91c7\u7528\u8ba1\u7b97\u548c\u7f51\u7edc\u865a\u62df\u5316\uff0c\u56e0\u6b64 OpenStack \u9762\u4e34\u7740\u660e\u663e\u7684\u6311\u6218\uff0c\u5fc5\u987b\u901a\u8fc7\u5b8c\u6574\u6027\u751f\u547d\u5468\u671f\u7ba1\u7406\u6765\u89e3\u51b3\u8fd9\u4e9b\u6311\u6218\u3002 \u7ba1\u7406\u5458\u5fc5\u987b\u5bf9\u4e91\u6267\u884c\u547d\u4ee4\u548c\u63a7\u5236\uff0c\u4ee5\u5b9e\u73b0\u5404\u79cd\u64cd\u4f5c\u529f\u80fd\u3002\u7406\u89e3\u548c\u4fdd\u62a4\u8fd9\u4e9b\u6307\u6325\u548c\u63a7\u5236\u8bbe\u65bd\u975e\u5e38\u91cd\u8981\u3002 \u6301\u7eed\u7684\u7cfb\u7edf\u7ba1\u7406 \u6f0f\u6d1e\u7ba1\u7406 \u914d\u7f6e\u7ba1\u7406 \u5b89\u5168\u5907\u4efd\u548c\u6062\u590d \u5b89\u5168\u5ba1\u8ba1\u5de5\u5177 \u5b8c\u6574\u6027\u751f\u547d\u5468\u671f \u5b89\u5168\u5f15\u5bfc \u8fd0\u884c\u65f6\u9a8c\u8bc1 \u670d\u52a1\u5668\u52a0\u56fa \u7ba1\u7406\u754c\u9762 \u4eea\u8868\u677f OpenStack \u63a5\u53e3 \u5b89\u5168\u5916\u58f3 \uff08SSH\uff09 \u7ba1\u7406\u5b9e\u7528\u7a0b\u5e8f \u5e26\u5916\u7ba1\u7406\u63a5\u53e3","title":"\u7ba1\u7406"},{"location":"security/security-guide/#_60","text":"\u4e91\u7cfb\u7edf\u603b\u4f1a\u5b58\u5728\u6f0f\u6d1e\uff0c\u5176\u4e2d\u4e00\u4e9b\u53ef\u80fd\u662f\u5b89\u5168\u95ee\u9898\u3002\u56e0\u6b64\uff0c\u51c6\u5907\u597d\u5e94\u7528\u5b89\u5168\u66f4\u65b0\u548c\u5e38\u89c4\u8f6f\u4ef6\u66f4\u65b0\u81f3\u5173\u91cd\u8981\u3002\u8fd9\u6d89\u53ca\u5230\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\u7684\u667a\u80fd\u4f7f\u7528\uff0c\u4e0b\u9762\u5c06\u5bf9\u6b64\u8fdb\u884c\u8ba8\u8bba\u3002\u8fd9\u8fd8\u6d89\u53ca\u4e86\u89e3\u4f55\u65f6\u9700\u8981\u5347\u7ea7\u3002","title":"\u6301\u7eed\u7684\u7cfb\u7edf\u7ba1\u7406"},{"location":"security/security-guide/#_61","text":"\u6709\u5173\u5b89\u5168\u76f8\u5173\u66f4\u6539\u7684\u516c\u544a\uff0c\u8bf7\u8ba2\u9605 OpenStack Announce \u90ae\u4ef6\u5217\u8868\u3002\u5b89\u5168\u901a\u77e5\u8fd8\u4f1a\u901a\u8fc7\u4e0b\u6e38\u8f6f\u4ef6\u5305\u53d1\u5e03\uff0c\u4f8b\u5982\uff0c\u901a\u8fc7\u60a8\u53ef\u80fd\u4f5c\u4e3a\u8f6f\u4ef6\u5305\u66f4\u65b0\u7684\u4e00\u90e8\u5206\u8ba2\u9605\u7684 Linux \u53d1\u884c\u7248\u3002 OpenStack\u7ec4\u4ef6\u53ea\u662f\u4e91\u4e2d\u8f6f\u4ef6\u7684\u4e00\u5c0f\u90e8\u5206\u3002\u4e0e\u6240\u6709\u8fd9\u4e9b\u5176\u4ed6\u7ec4\u4ef6\u4fdd\u6301\u540c\u6b65\u4e5f\u5f88\u91cd\u8981\u3002\u867d\u7136\u67d0\u4e9b\u6570\u636e\u6e90\u662f\u7279\u5b9a\u4e8e\u90e8\u7f72\u7684\uff0c\u4f46\u4e91\u7ba1\u7406\u5458\u5fc5\u987b\u8ba2\u9605\u5fc5\u8981\u7684\u90ae\u4ef6\u5217\u8868\uff0c\u4ee5\u4fbf\u63a5\u6536\u9002\u7528\u4e8e\u7ec4\u7ec7\u73af\u5883\u7684\u4efb\u4f55\u5b89\u5168\u66f4\u65b0\u7684\u901a\u77e5\u3002\u901a\u5e38\uff0c\u8fd9\u5c31\u50cf\u8ddf\u8e2a\u4e0a\u6e38 Linux \u53d1\u884c\u7248\u4e00\u6837\u7b80\u5355\u3002 \u6ce8\u610f OpenStack \u901a\u8fc7\u4e24\u4e2a\u6e20\u9053\u53d1\u5e03\u5b89\u5168\u4fe1\u606f\u3002 - OpenStack \u5b89\u5168\u516c\u544a \uff08OSSA\uff09 \u7531 OpenStack \u6f0f\u6d1e\u7ba1\u7406\u56e2\u961f \uff08VMT\uff09 \u521b\u5efa\u3002\u5b83\u4eec\u4e0e\u6838\u5fc3OpenStack\u670d\u52a1\u4e2d\u7684\u5b89\u5168\u6f0f\u6d1e\u6709\u5173\u3002\u6709\u5173 VMT \u7684\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u6f0f\u6d1e\u7ba1\u7406\u6d41\u7a0b\u3002 - OpenStack \u5b89\u5168\u8bf4\u660e \uff08OSSN\uff09 \u7531 OpenStack \u5b89\u5168\u7ec4 \uff08OSSG\uff09 \u521b\u5efa\uff0c\u4ee5\u652f\u6301 VMT \u7684\u5de5\u4f5c\u3002OSSN\u89e3\u51b3\u4e86\u652f\u6301\u8f6f\u4ef6\u548c\u5e38\u89c1\u90e8\u7f72\u914d\u7f6e\u4e2d\u7684\u95ee\u9898\u3002\u672c\u6307\u5357\u4e2d\u5f15\u7528\u4e86\u5b83\u4eec\u3002\u5b89\u5168\u8bf4\u660e\u5b58\u6863\u5728OSSN\u4e0a\u3002","title":"\u6f0f\u6d1e\u7ba1\u7406"},{"location":"security/security-guide/#_62","text":"\u6536\u5230\u5b89\u5168\u66f4\u65b0\u901a\u77e5\u540e\uff0c\u4e0b\u4e00\u6b65\u662f\u786e\u5b9a\u6b64\u66f4\u65b0\u5bf9\u7ed9\u5b9a\u4e91\u90e8\u7f72\u7684\u91cd\u8981\u6027\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u62e5\u6709\u9884\u5b9a\u4e49\u7684\u7b56\u7565\u5f88\u6709\u7528\u3002\u73b0\u6709\u7684\u6f0f\u6d1e\u8bc4\u7ea7\u7cfb\u7edf\uff08\u5982\u901a\u7528\u6f0f\u6d1e\u8bc4\u5206\u7cfb\u7edf \uff08CVSS\uff09\uff09\u65e0\u6cd5\u6b63\u786e\u8003\u8651\u4e91\u90e8\u7f72\u3002 \u5728\u6b64\u793a\u4f8b\u4e2d\uff0c\u6211\u4eec\u5f15\u5165\u4e86\u4e00\u4e2a\u8bc4\u5206\u77e9\u9635\uff0c\u8be5\u77e9\u9635\u5c06\u6f0f\u6d1e\u5206\u4e3a\u4e09\u7c7b\uff1a\u6743\u9650\u63d0\u5347\u3001\u62d2\u7edd\u670d\u52a1\u548c\u4fe1\u606f\u6cc4\u9732\u3002\u4e86\u89e3\u6f0f\u6d1e\u7684\u7c7b\u578b\u53ca\u5176\u5728\u57fa\u7840\u67b6\u6784\u4e2d\u53d1\u751f\u7684\u4f4d\u7f6e\u5c06\u4f7f\u60a8\u80fd\u591f\u505a\u51fa\u5408\u7406\u7684\u54cd\u5e94\u51b3\u7b56\u3002 \u6743\u9650\u63d0\u5347\u63cf\u8ff0\u4e86\u7528\u6237\u4f7f\u7528\u7cfb\u7edf\u4e2d\u5176\u4ed6\u7528\u6237\u7684\u6743\u9650\u8fdb\u884c\u64cd\u4f5c\u7684\u80fd\u529b\uff0c\u7ed5\u8fc7\u9002\u5f53\u7684\u6388\u6743\u68c0\u67e5\u3002\u6765\u5bbe\u7528\u6237\u6267\u884c\u7684\u64cd\u4f5c\u5141\u8bb8\u4ed6\u4eec\u4ee5\u7ba1\u7406\u5458\u6743\u9650\u6267\u884c\u672a\u7ecf\u6388\u6743\u7684\u64cd\u4f5c\uff0c\u8fd9\u662f\u6b64\u7c7b\u6f0f\u6d1e\u7684\u4e00\u4e2a\u793a\u4f8b\u3002 \u62d2\u7edd\u670d\u52a1\u662f\u6307\u88ab\u5229\u7528\u7684\u6f0f\u6d1e\uff0c\u53ef\u80fd\u5bfc\u81f4\u670d\u52a1\u6216\u7cfb\u7edf\u4e2d\u65ad\u3002\u8fd9\u65e2\u5305\u62ec\u4f7f\u7f51\u7edc\u8d44\u6e90\u4e0d\u582a\u91cd\u8d1f\u7684\u5206\u5e03\u5f0f\u653b\u51fb\uff0c\u4e5f\u5305\u62ec\u901a\u5e38\u7531\u8d44\u6e90\u5206\u914d\u9519\u8bef\u6216\u8f93\u5165\u5f15\u8d77\u7684\u7cfb\u7edf\u6545\u969c\u7f3a\u9677\u5f15\u8d77\u7684\u5355\u7528\u6237\u653b\u51fb\u3002 \u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u4f1a\u6cc4\u9732\u6709\u5173\u60a8\u7684\u7cfb\u7edf\u6216\u64cd\u4f5c\u7684\u4fe1\u606f\u3002\u8fd9\u4e9b\u6f0f\u6d1e\u7684\u8303\u56f4\u4ece\u8c03\u8bd5\u4fe1\u606f\u6cc4\u9732\u5230\u5173\u952e\u5b89\u5168\u6570\u636e\uff08\u5982\u8eab\u4efd\u9a8c\u8bc1\u51ed\u636e\u548c\u5bc6\u7801\uff09\u7684\u66b4\u9732\u3002 \u653b\u51fb\u8005\u4f4d\u7f6e/\u6743\u9650\u7ea7\u522b \u5916\u90e8 \u4e91\u7528\u6237 \u4e91\u7ba1\u7406\u5458 \u63a7\u5236\u5e73\u9762 \u6743\u9650\u63d0\u5347\uff083 \u7ea7\uff09 \u7d27\u6025 n/a n/a n/a \u6743\u9650\u63d0\u5347\uff082 \u4e2a\u7ea7\u522b\uff09 \u7d27\u6025 \u7d27\u6025 n/a n/a \u7279\u6743\u63d0\u5347\uff081 \u7ea7\uff09 \u7d27\u6025 \u7d27\u6025 \u7d27\u6025 n/a \u62d2\u7edd\u670d\u52a1 \u9ad8 \u4e2d \u4f4e \u4f4e \u4fe1\u606f\u62ab\u9732 \u7d27\u6025/\u9ad8 \u7d27\u6025/\u9ad8 \u4e2d/\u4f4e \u4f4e \u8be5\u8868\u8bf4\u660e\u4e86\u4e00\u79cd\u901a\u7528\u65b9\u6cd5\uff0c\u8be5\u65b9\u6cd5\u6839\u636e\u6f0f\u6d1e\u5728\u90e8\u7f72\u4e2d\u53d1\u751f\u7684\u4f4d\u7f6e\u548c\u5f71\u54cd\u6765\u8861\u91cf\u6f0f\u6d1e\u7684\u5f71\u54cd\u3002\u4f8b\u5982\uff0c\u8ba1\u7b97 API \u8282\u70b9\u4e0a\u7684\u5355\u7ea7\u6743\u9650\u63d0\u5347\u53ef\u80fd\u5141\u8bb8 API \u7684\u6807\u51c6\u7528\u6237\u5347\u7ea7\u4e3a\u5177\u6709\u4e0e\u8282\u70b9\u4e0a\u7684 root \u7528\u6237\u76f8\u540c\u7684\u6743\u9650\u3002 \u6211\u4eec\u5efa\u8bae\u4e91\u7ba1\u7406\u5458\u4f7f\u7528\u6b64\u8868\u4f5c\u4e3a\u6a21\u578b\uff0c\u4ee5\u5e2e\u52a9\u5b9a\u4e49\u8981\u9488\u5bf9\u5404\u79cd\u5b89\u5168\u7ea7\u522b\u6267\u884c\u7684\u64cd\u4f5c\u3002\u4f8b\u5982\uff0c\u5173\u952e\u7ea7\u522b\u7684\u5b89\u5168\u66f4\u65b0\u53ef\u80fd\u9700\u8981\u5feb\u901f\u5347\u7ea7\u4e91\uff0c\u800c\u4f4e\u7ea7\u522b\u7684\u66f4\u65b0\u53ef\u80fd\u9700\u8981\u66f4\u957f\u7684\u65f6\u95f4\u624d\u80fd\u5b8c\u6210\u3002","title":"\u5206\u7c7b"},{"location":"security/security-guide/#_63","text":"\u5728\u751f\u4ea7\u73af\u5883\u4e2d\u90e8\u7f72\u4efb\u4f55\u66f4\u65b0\u4e4b\u524d\uff0c\u5e94\u5bf9\u5176\u8fdb\u884c\u6d4b\u8bd5\u3002\u901a\u5e38\uff0c\u8fd9\u9700\u8981\u6709\u4e00\u4e2a\u5355\u72ec\u7684\u6d4b\u8bd5\u4e91\u8bbe\u7f6e\uff0c\u8be5\u8bbe\u7f6e\u9996\u5148\u63a5\u6536\u66f4\u65b0\u3002\u5728\u8f6f\u4ef6\u548c\u786c\u4ef6\u65b9\u9762\uff0c\u6b64\u4e91\u5e94\u5c3d\u53ef\u80fd\u63a5\u8fd1\u751f\u4ea7\u4e91\u3002\u5e94\u5728\u6027\u80fd\u5f71\u54cd\u3001\u7a33\u5b9a\u6027\u3001\u5e94\u7528\u7a0b\u5e8f\u5f71\u54cd\u7b49\u65b9\u9762\u5bf9\u66f4\u65b0\u8fdb\u884c\u5168\u9762\u6d4b\u8bd5\u3002\u7279\u522b\u91cd\u8981\u7684\u662f\u9a8c\u8bc1\u66f4\u65b0\u7406\u8bba\u4e0a\u89e3\u51b3\u7684\u95ee\u9898\uff08\u4f8b\u5982\u7279\u5b9a\u6f0f\u6d1e\uff09\u662f\u5426\u5df2\u5b9e\u9645\u4fee\u590d\u3002","title":"\u6d4b\u8bd5\u66f4\u65b0"},{"location":"security/security-guide/#_64","text":"\u5b8c\u5168\u6d4b\u8bd5\u66f4\u65b0\u540e\uff0c\u53ef\u4ee5\u5c06\u5176\u90e8\u7f72\u5230\u751f\u4ea7\u73af\u5883\u3002\u5e94\u4f7f\u7528\u4e0b\u9762\u6240\u8ff0\u7684\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\u5b8c\u5168\u81ea\u52a8\u5316\u6b64\u90e8\u7f72\u3002","title":"\u90e8\u7f72\u66f4\u65b0"},{"location":"security/security-guide/#_65","text":"\u751f\u4ea7\u8d28\u91cf\u7684\u4e91\u5e94\u59cb\u7ec8\u4f7f\u7528\u5de5\u5177\u6765\u81ea\u52a8\u6267\u884c\u914d\u7f6e\u548c\u90e8\u7f72\u3002\u8fd9\u6d88\u9664\u4e86\u4eba\u4e3a\u9519\u8bef\uff0c\u5e76\u5141\u8bb8\u4e91\u66f4\u5feb\u5730\u6269\u5c55\u3002\u81ea\u52a8\u5316\u8fd8\u6709\u52a9\u4e8e\u6301\u7eed\u96c6\u6210\u548c\u6d4b\u8bd5\u3002 \u5728\u6784\u5efa OpenStack \u4e91\u65f6\uff0c\u5f3a\u70c8\u5efa\u8bae\u5728\u8bbe\u8ba1\u548c\u5b9e\u73b0\u65f6\u8003\u8651\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\u6216\u6846\u67b6\u3002\u901a\u8fc7\u914d\u7f6e\u7ba1\u7406\uff0c\u60a8\u53ef\u4ee5\u907f\u514d\u5728\u6784\u5efa\u3001\u7ba1\u7406\u548c\u7ef4\u62a4\u50cf OpenStack \u8fd9\u6837\u590d\u6742\u7684\u57fa\u7840\u67b6\u6784\u65f6\u56fa\u6709\u7684\u8bb8\u591a\u9677\u9631\u3002\u901a\u8fc7\u751f\u6210\u914d\u7f6e\u7ba1\u7406\u5b9e\u7528\u7a0b\u5e8f\u6240\u9700\u7684\u6e05\u5355\u3001\u8bf4\u660e\u4e66\u6216\u6a21\u677f\uff0c\u60a8\u53ef\u4ee5\u6ee1\u8db3\u8bb8\u591a\u6587\u6863\u548c\u6cd5\u89c4\u62a5\u544a\u8981\u6c42\u3002\u6b64\u5916\uff0c\u914d\u7f6e\u7ba1\u7406\u8fd8\u53ef\u4ee5\u4f5c\u4e3a\u4e1a\u52a1\u8fde\u7eed\u6027\u8ba1\u5212 \uff08BCP\uff09 \u548c\u6570\u636e\u6062\u590d \uff08DR\uff09 \u8ba1\u5212\u7684\u4e00\u90e8\u5206\uff0c\u60a8\u53ef\u4ee5\u5728\u5176\u4e2d\u5c06\u8282\u70b9\u6216\u670d\u52a1\u91cd\u5efa\u56de DR \u4e8b\u4ef6\u4e2d\u7684\u5df2\u77e5\u72b6\u6001\u6216\u7ed9\u5b9a\u7684\u59a5\u534f\u72b6\u6001\u3002 \u6b64\u5916\uff0c\u5f53\u4e0e Git \u6216 SVN \u7b49\u7248\u672c\u63a7\u5236\u7cfb\u7edf\u7ed3\u5408\u4f7f\u7528\u65f6\uff0c\u60a8\u53ef\u4ee5\u8ddf\u8e2a\u73af\u5883\u968f\u65f6\u95f4\u63a8\u79fb\u800c\u53d1\u751f\u7684\u66f4\u6539\uff0c\u5e76\u91cd\u65b0\u8c03\u89e3\u53ef\u80fd\u53d1\u751f\u7684\u672a\u7ecf\u6388\u6743\u7684\u66f4\u6539\u3002\u4f8b\u5982\uff0c\u6587\u4ef6 nova.conf \u6216\u5176\u4ed6\u914d\u7f6e\u6587\u4ef6\u4e0d\u7b26\u5408\u60a8\u7684\u6807\u51c6\uff0c\u60a8\u7684\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\u53ef\u4ee5\u8fd8\u539f\u6216\u66ff\u6362\u8be5\u6587\u4ef6\uff0c\u5e76\u5c06\u60a8\u7684\u914d\u7f6e\u6062\u590d\u5230\u5df2\u77e5\u72b6\u6001\u3002\u6700\u540e\uff0c\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\u4e5f\u53ef\u7528\u4e8e\u90e8\u7f72\u66f4\u65b0;\u7b80\u5316\u5b89\u5168\u8865\u4e01\u6d41\u7a0b\u3002\u8fd9\u4e9b\u5de5\u5177\u5177\u6709\u5e7f\u6cdb\u7684\u529f\u80fd\uff0c\u5728\u8be5\u9886\u57df\u975e\u5e38\u6709\u7528\u3002\u4fdd\u62a4\u4e91\u7684\u5173\u952e\u70b9\u662f\u9009\u62e9\u4e00\u79cd\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\u5e76\u4f7f\u7528\u5b83\u3002 \u6709\u8bb8\u591a\u914d\u7f6e\u7ba1\u7406\u89e3\u51b3\u65b9\u6848;\u5728\u64b0\u5199\u672c\u6587\u65f6\uff0c\u5e02\u573a\u4e0a\u6709\u4e24\u4e2a\u5728\u652f\u6301 OpenStack \u73af\u5883\u65b9\u9762\u975e\u5e38\u5f3a\u5927\u7684\u516c\u53f8\uff1aChef \u548c Puppet\u3002\u4e0b\u9762\u63d0\u4f9b\u4e86\u6b64\u7a7a\u95f4\u4e2d\u7684\u5de5\u5177\u7684\u975e\u8be6\u5c3d\u5217\u8868\uff1a Chef Puppet Salt Stack Ansible","title":"\u914d\u7f6e\u7ba1\u7406"},{"location":"security/security-guide/#_66","text":"\u6bcf\u5f53\u66f4\u6539\u7b56\u7565\u6216\u914d\u7f6e\u7ba1\u7406\u65f6\uff0c\u6700\u597d\u8bb0\u5f55\u6d3b\u52a8\u5e76\u5907\u4efd\u65b0\u96c6\u7684\u526f\u672c\u3002\u901a\u5e38\uff0c\u6b64\u7c7b\u7b56\u7565\u548c\u914d\u7f6e\u5b58\u50a8\u5728\u53d7\u7248\u672c\u63a7\u5236\u7684\u5b58\u50a8\u5e93\uff08\u5982 Git\uff09\u4e2d\u3002","title":"\u7b56\u7565\u66f4\u6539"},{"location":"security/security-guide/#_67","text":"\u5728\u6574\u4e2a\u7cfb\u7edf\u5b89\u5168\u8ba1\u5212\u4e2d\u5305\u62ec\u5907\u4efd\u8fc7\u7a0b\u548c\u7b56\u7565\u975e\u5e38\u91cd\u8981\u3002\u6709\u5173 OpenStack \u5907\u4efd\u548c\u6062\u590d\u529f\u80fd\u548c\u8fc7\u7a0b\u7684\u6982\u8ff0\uff0c\u8bf7\u53c2\u9605\u6709\u5173\u5907\u4efd\u548c\u6062\u590d\u7684 OpenStack \u64cd\u4f5c\u6307\u5357\u3002 \u786e\u4fdd\u53ea\u6709\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u7528\u6237\u548c\u5907\u4efd\u5ba2\u6237\u7aef\u624d\u80fd\u8bbf\u95ee\u5907\u4efd\u670d\u52a1\u5668\u3002 \u4f7f\u7528\u6570\u636e\u52a0\u5bc6\u9009\u9879\u6765\u5b58\u50a8\u548c\u4f20\u8f93\u5907\u4efd\u3002 \u4f7f\u7528\u4e13\u7528\u4e14\u5f3a\u5316\u7684\u5907\u4efd\u670d\u52a1\u5668\u3002\u5907\u4efd\u670d\u52a1\u5668\u7684\u65e5\u5fd7\u5fc5\u987b\u6bcf\u5929\u8fdb\u884c\u76d1\u89c6\uff0c\u5e76\u4e14\u53ea\u6709\u5c11\u6570\u4eba\u53ef\u4ee5\u8bbf\u95ee\u3002 \u5b9a\u671f\u6d4b\u8bd5\u6570\u636e\u6062\u590d\u9009\u9879\uff0c\u5305\u62ec\u5b58\u50a8\u5728\u5b89\u5168\u5907\u4efd\u4e2d\u7684\u955c\u50cf\uff0c\u662f\u786e\u4fdd\u707e\u96be\u6062\u590d\u51c6\u5907\u7684\u5173\u952e\u90e8\u5206\u3002\u5728\u53d1\u751f\u5b89\u5168\u6f0f\u6d1e\u6216\u53d7\u635f\u65f6\uff0c\u7ec8\u6b62\u8fd0\u884c\u4e2d\u7684\u5b9e\u4f8b\u5e76\u4ece\u5df2\u77e5\u7684\u5b89\u5168\u955c\u50cf\u5907\u4efd\u4e2d\u91cd\u65b0\u542f\u52a8\u5b9e\u4f8b\u786e\u5b9e\u662f\u6700\u4f73\u505a\u6cd5\u3002\u8fd9\u6709\u52a9\u4e8e\u786e\u4fdd\u53d7\u635f\u7684\u5b9e\u4f8b\u88ab\u6d88\u9664\uff0c\u5e76\u4e14\u53ef\u4ee5\u8fc5\u901f\u4ece\u5907\u4efd\u7684\u955c\u50cf\u4e2d\u91cd\u65b0\u90e8\u7f72\u5e72\u51c0\u3001\u53ef\u4fe1\u8d56\u7684\u7248\u672c\u3002","title":"\u5b89\u5168\u5907\u4efd\u548c\u6062\u590d"},{"location":"security/security-guide/#_68","text":"\u5b89\u5168\u5ba1\u6838\u5de5\u5177\u53ef\u4ee5\u8865\u5145\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\u3002\u5b89\u5168\u5ba1\u6838\u5de5\u5177\u53ef\u81ea\u52a8\u6267\u884c\u9a8c\u8bc1\u7ed9\u5b9a\u7cfb\u7edf\u914d\u7f6e\u662f\u5426\u6ee1\u8db3\u5927\u91cf\u5b89\u5168\u63a7\u5236\u7684\u8fc7\u7a0b\u3002\u8fd9\u4e9b\u5de5\u5177\u6709\u52a9\u4e8e\u5f25\u5408\u4ece\u5b89\u5168\u914d\u7f6e\u6307\u5357\u6587\u6863\uff08\u4f8b\u5982\uff0cSTIG \u548c NSA \u6307\u5357\uff09\u5230\u7279\u5b9a\u7cfb\u7edf\u5b89\u88c5\u7684\u5dee\u8ddd\u3002\u4f8b\u5982\uff0cSCAP \u53ef\u4ee5\u5c06\u6b63\u5728\u8fd0\u884c\u7684\u7cfb\u7edf\u4e0e\u9884\u5b9a\u4e49\u7684\u914d\u7f6e\u6587\u4ef6\u8fdb\u884c\u6bd4\u8f83\u3002SCAP \u8f93\u51fa\u4e00\u4efd\u62a5\u544a\uff0c\u8be6\u7ec6\u8bf4\u660e\u914d\u7f6e\u6587\u4ef6\u4e2d\u7684\u54ea\u4e9b\u63a7\u4ef6\u5df2\u6ee1\u8db3\uff0c\u54ea\u4e9b\u63a7\u4ef6\u672a\u901a\u8fc7\uff0c\u54ea\u4e9b\u63a7\u4ef6\u672a\u9009\u4e2d\u3002 \u5c06\u914d\u7f6e\u7ba1\u7406\u548c\u5b89\u5168\u5ba1\u8ba1\u5de5\u5177\u76f8\u7ed3\u5408\uff0c\u5f62\u6210\u4e86\u4e00\u4e2a\u5f3a\u5927\u7684\u7ec4\u5408\u3002\u5ba1\u6838\u5de5\u5177\u5c06\u7a81\u51fa\u663e\u793a\u90e8\u7f72\u95ee\u9898\u3002\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\u7b80\u5316\u4e86\u66f4\u6539\u6bcf\u4e2a\u7cfb\u7edf\u7684\u8fc7\u7a0b\uff0c\u4ee5\u89e3\u51b3\u5ba1\u8ba1\u95ee\u9898\u3002\u4ee5\u8fd9\u79cd\u65b9\u5f0f\u4e00\u8d77\u4f7f\u7528\uff0c\u8fd9\u4e9b\u5de5\u5177\u6709\u52a9\u4e8e\u7ef4\u62a4\u6ee1\u8db3\u4ece\u57fa\u672c\u5f3a\u5316\u5230\u5408\u89c4\u6027\u9a8c\u8bc1\u7b49\u5b89\u5168\u8981\u6c42\u7684\u4e91\u73af\u5883\u3002 \u914d\u7f6e\u7ba1\u7406\u548c\u5b89\u5168\u5ba1\u8ba1\u5de5\u5177\u5c06\u7ed9\u4e91\u5e26\u6765\u53e6\u4e00\u5c42\u590d\u6742\u6027\u3002\u8fd9\u79cd\u590d\u6742\u6027\u5e26\u6765\u4e86\u989d\u5916\u7684\u5b89\u5168\u95ee\u9898\u3002\u8003\u8651\u5230\u5176\u5b89\u5168\u4f18\u52bf\uff0c\u6211\u4eec\u8ba4\u4e3a\u8fd9\u662f\u4e00\u79cd\u53ef\u63a5\u53d7\u7684\u98ce\u9669\u6743\u8861\u3002\u5bf9\u4e8e\u8fd9\u4e9b\u5de5\u5177\u7684\u64cd\u4f5c\u5b89\u5168\u6027\u4fdd\u969c\u8d85\u51fa\u4e86\u672c\u6307\u5357\u7684\u8303\u56f4\u3002","title":"\u5b89\u5168\u5ba1\u8ba1\u5de5\u5177"},{"location":"security/security-guide/#_69","text":"\u6211\u4eec\u5c06\u5b8c\u6574\u6027\u751f\u547d\u5468\u671f\u5b9a\u4e49\u4e3a\u4e00\u4e2a\u6df1\u601d\u719f\u8651\u7684\u8fc7\u7a0b\uff0c\u5b83\u786e\u4fdd\u6211\u4eec\u59cb\u7ec8\u5728\u6574\u4e2a\u4e91\u4e2d\u4ee5\u9884\u671f\u7684\u914d\u7f6e\u8fd0\u884c\u9884\u671f\u7684\u8f6f\u4ef6\u3002\u6b64\u8fc7\u7a0b\u4ece\u5b89\u5168\u5f15\u5bfc\u5f00\u59cb\uff0c\u5e76\u901a\u8fc7\u914d\u7f6e\u7ba1\u7406\u548c\u5b89\u5168\u76d1\u63a7\u8fdb\u884c\u7ef4\u62a4\u3002\u672c\u7ae0\u5c31\u5982\u4f55\u5904\u7406\u5b8c\u6574\u6027\u751f\u547d\u5468\u671f\u8fc7\u7a0b\u63d0\u4f9b\u4e86\u5efa\u8bae\u3002","title":"\u5b8c\u6574\u6027\u751f\u547d\u5468\u671f"},{"location":"security/security-guide/#_70","text":"\u4e91\u4e2d\u7684\u8282\u70b9\uff0c\u5305\u62ec\u8ba1\u7b97\u3001\u5b58\u50a8\u3001\u7f51\u7edc\u3001\u670d\u52a1\u548c\u6df7\u5408\u8282\u70b9\uff0c\u5e94\u8be5\u6709\u4e00\u4e2a\u81ea\u52a8\u5316\u7684\u914d\u7f6e\u8fc7\u7a0b\u3002\u8fd9\u786e\u4fdd\u4e86\u8282\u70b9\u7684\u4e00\u81f4\u548c\u6b63\u786e\u914d\u7f6e\u3002\u8fd9\u4e5f\u4fbf\u4e8e\u5b89\u5168\u8865\u4e01\u3001\u5347\u7ea7\u3001\u6545\u969c\u4fee\u590d\u548c\u5176\u4ed6\u5173\u952e\u53d8\u66f4\u3002\u7531\u4e8e\u8fd9\u4e2a\u8fc7\u7a0b\u5b89\u88c5\u4e86\u5728\u4e91\u4e2d\u5177\u6709\u6700\u9ad8\u7279\u6743\u7ea7\u522b\u7684\u65b0\u8f6f\u4ef6\uff0c\u56e0\u6b64\u9a8c\u8bc1\u5b89\u88c5\u6b63\u786e\u7684\u8f6f\u4ef6\u975e\u5e38\u91cd\u8981\uff0c\u5305\u62ec\u542f\u52a8\u8fc7\u7a0b\u7684\u6700\u65e9\u9636\u6bb5\u3002 \u6709\u591a\u79cd\u6280\u672f\u53ef\u4ee5\u9a8c\u8bc1\u8fd9\u4e9b\u65e9\u671f\u542f\u52a8\u9636\u6bb5\u3002\u8fd9\u4e9b\u901a\u5e38\u9700\u8981\u786c\u4ef6\u652f\u6301\uff0c\u4f8b\u5982\u53ef\u4fe1\u5e73\u53f0\u6a21\u5757 \uff08TPM\uff09\u3001\u82f1\u7279\u5c14\u53ef\u4fe1\u6267\u884c\u6280\u672f \uff08TXT\uff09\u3001\u52a8\u6001\u4fe1\u4efb\u6839\u6d4b\u91cf \uff08DRTM\uff09 \u548c\u7edf\u4e00\u53ef\u6269\u5c55\u56fa\u4ef6\u63a5\u53e3 \uff08UEFI\uff09 \u5b89\u5168\u542f\u52a8\u3002\u5728\u672c\u4e66\u4e2d\uff0c\u6211\u4eec\u5c06\u6240\u6709\u8fd9\u4e9b\u7edf\u79f0\u4e3a\u5b89\u5168\u542f\u52a8\u6280\u672f\u3002\u6211\u4eec\u5efa\u8bae\u4f7f\u7528\u5b89\u5168\u542f\u52a8\uff0c\u540c\u65f6\u627f\u8ba4\u90e8\u7f72\u6b64\u542f\u52a8\u6240\u9700\u7684\u8bb8\u591a\u90e8\u5206\u9700\u8981\u9ad8\u7ea7\u6280\u672f\u6280\u80fd\u624d\u80fd\u4e3a\u6bcf\u4e2a\u73af\u5883\u81ea\u5b9a\u4e49\u5de5\u5177\u3002\u4e0e\u672c\u6307\u5357\u4e2d\u7684\u8bb8\u591a\u5176\u4ed6\u5efa\u8bae\u76f8\u6bd4\uff0c\u4f7f\u7528\u5b89\u5168\u542f\u52a8\u9700\u8981\u66f4\u6df1\u5165\u7684\u96c6\u6210\u548c\u81ea\u5b9a\u4e49\u3002TPM \u6280\u672f\u867d\u7136\u5728\u5927\u591a\u6570\u5546\u52a1\u7ea7\u7b14\u8bb0\u672c\u7535\u8111\u548c\u53f0\u5f0f\u673a\u4e2d\u5f88\u5e38\u89c1\u6570\u5e74\uff0c\u4f46\u73b0\u5728\u5df2\u4e0e\u652f\u6301\u7684 BIOS \u4e00\u8d77\u5728\u670d\u52a1\u5668\u4e2d\u53ef\u7528\u3002\u6b63\u786e\u7684\u89c4\u5212\u5bf9\u4e8e\u6210\u529f\u7684\u5b89\u5168\u542f\u52a8\u90e8\u7f72\u81f3\u5173\u91cd\u8981\u3002 \u6709\u5173\u5b89\u5168\u542f\u52a8\u90e8\u7f72\u7684\u5b8c\u6574\u6559\u7a0b\u8d85\u51fa\u4e86\u672c\u4e66\u7684\u8303\u56f4\u3002\u76f8\u53cd\uff0c\u6211\u4eec\u5728\u8fd9\u91cc\u63d0\u4f9b\u4e86\u4e00\u4e2a\u6846\u67b6\uff0c\u7528\u4e8e\u5c06\u5b89\u5168\u542f\u52a8\u6280\u672f\u4e0e\u5178\u578b\u7684\u8282\u70b9\u9884\u914d\u8fc7\u7a0b\u96c6\u6210\u3002\u6709\u5173\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u4e91\u67b6\u6784\u5e08\u5e94\u53c2\u8003\u76f8\u5173\u89c4\u8303\u548c\u8f6f\u4ef6\u914d\u7f6e\u624b\u518c\u3002","title":"\u5b89\u5168\u5f15\u5bfc"},{"location":"security/security-guide/#_71","text":"\u8282\u70b9\u5e94\u4f7f\u7528\u9884\u5f15\u5bfc\u6267\u884c\u73af\u5883\uff08PXE\uff09\u8fdb\u884c\u914d\u7f6e\u3002\u8fd9\u5927\u5927\u51cf\u5c11\u4e86\u91cd\u65b0\u90e8\u7f72\u8282\u70b9\u6240\u9700\u7684\u5de5\u4f5c\u91cf\u3002\u5178\u578b\u7684\u8fc7\u7a0b\u6d89\u53ca\u8282\u70b9\u4ece\u670d\u52a1\u5668\u63a5\u6536\u5404\u79cd\u5f15\u5bfc\u9636\u6bb5\uff08\u5373\u6267\u884c\u7684\u8f6f\u4ef6\u9010\u6e10\u590d\u6742\uff09\u3002 \u6211\u4eec\u5efa\u8bae\u5728\u7ba1\u7406\u5b89\u5168\u57df\u4e2d\u4f7f\u7528\u5355\u72ec\u7684\u9694\u79bb\u7f51\u7edc\u8fdb\u884c\u7f6e\u5907\u3002\u6b64\u7f51\u7edc\u5c06\u5904\u7406\u6240\u6709 PXE \u6d41\u91cf\uff0c\u4ee5\u53ca\u4e0a\u9762\u63cf\u8ff0\u7684\u540e\u7eed\u542f\u52a8\u9636\u6bb5\u4e0b\u8f7d\u3002\u8bf7\u6ce8\u610f\uff0c\u8282\u70b9\u5f15\u5bfc\u8fc7\u7a0b\u4ece\u4e24\u4e2a\u4e0d\u5b89\u5168\u7684\u64cd\u4f5c\u5f00\u59cb\uff1aDHCP \u548c TFTP\u3002\u7136\u540e\uff0c\u5f15\u5bfc\u8fc7\u7a0b\u4f7f\u7528 TLS \u4e0b\u8f7d\u90e8\u7f72\u8282\u70b9\u6240\u9700\u7684\u5176\u4f59\u4fe1\u606f\u3002\u8fd9\u53ef\u80fd\u662f\u64cd\u4f5c\u7cfb\u7edf\u5b89\u88c5\u7a0b\u5e8f\u3001\u7531 Chef \u6216 Puppet \u7ba1\u7406\u7684\u57fa\u672c\u5b89\u88c5\uff0c\u751a\u81f3\u662f\u76f4\u63a5\u5199\u5165\u78c1\u76d8\u7684\u5b8c\u6574\u6587\u4ef6\u7cfb\u7edf\u6620\u50cf\u3002 \u867d\u7136\u5728 PXE \u542f\u52a8\u8fc7\u7a0b\u4e2d\u4f7f\u7528 TLS \u66f4\u5177\u6311\u6218\u6027\uff0c\u4f46\u5e38\u89c1\u7684 PXE \u56fa\u4ef6\u9879\u76ee\uff08\u5982 iPXE\uff09\u63d0\u4f9b\u4e86\u8fd9\u79cd\u652f\u6301\u3002\u901a\u5e38\uff0c\u8fd9\u6d89\u53ca\u5728\u4e86\u89e3\u5141\u8bb8\u7684 TLS \u8bc1\u4e66\u94fe\u7684\u60c5\u51b5\u4e0b\u6784\u5efa PXE \u56fa\u4ef6\uff0c\u4ee5\u4fbf\u5b83\u53ef\u4ee5\u6b63\u786e\u9a8c\u8bc1\u670d\u52a1\u5668\u8bc1\u4e66\u3002\u8fd9\u901a\u8fc7\u9650\u5236\u4e0d\u5b89\u5168\u7684\u7eaf\u6587\u672c\u7f51\u7edc\u64cd\u4f5c\u7684\u6570\u91cf\u6765\u63d0\u9ad8\u653b\u51fb\u8005\u7684\u95e8\u69db\u3002","title":"\u8282\u70b9\u914d\u7f6e"},{"location":"security/security-guide/#_72","text":"\u901a\u5e38\uff0c\u6709\u4e24\u79cd\u4e0d\u540c\u7684\u7b56\u7565\u6765\u9a8c\u8bc1\u542f\u52a8\u8fc7\u7a0b\u3002\u4f20\u7edf\u7684\u5b89\u5168\u542f\u52a8\u5c06\u9a8c\u8bc1\u5728\u8fc7\u7a0b\u4e2d\u7684\u6bcf\u4e2a\u6b65\u9aa4\u8fd0\u884c\u7684\u4ee3\u7801\uff0c\u5e76\u5728\u4ee3\u7801\u4e0d\u6b63\u786e\u65f6\u505c\u6b62\u542f\u52a8\u3002\u542f\u52a8\u8bc1\u660e\u5c06\u8bb0\u5f55\u5728\u6bcf\u4e2a\u6b65\u9aa4\u4e2d\u8fd0\u884c\u7684\u4ee3\u7801\uff0c\u5e76\u5c06\u6b64\u4fe1\u606f\u63d0\u4f9b\u7ed9\u53e6\u4e00\u53f0\u8ba1\u7b97\u673a\uff0c\u4ee5\u8bc1\u660e\u542f\u52a8\u8fc7\u7a0b\u6309\u9884\u671f\u5b8c\u6210\u3002\u5728\u8fd9\u4e24\u79cd\u60c5\u51b5\u4e0b\uff0c\u7b2c\u4e00\u6b65\u90fd\u662f\u5728\u8fd0\u884c\u4e4b\u524d\u6d4b\u91cf\u6bcf\u6bb5\u4ee3\u7801\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u6d4b\u91cf\u5b9e\u9645\u4e0a\u662f\u4ee3\u7801\u7684 SHA-1 \u54c8\u5e0c\u503c\uff0c\u5728\u6267\u884c\u4e4b\u524d\u83b7\u53d6\u3002\u54c8\u5e0c\u5b58\u50a8\u5728 TPM \u7684\u5e73\u53f0\u914d\u7f6e\u5bc4\u5b58\u5668 \uff08PCR\uff09 \u4e2d\u3002 \u6ce8\u610f \u6b64\u5904\u4f7f\u7528 SHA-1\uff0c\u56e0\u4e3a\u8fd9\u662f TPM \u82af\u7247\u652f\u6301\u7684\u5185\u5bb9\u3002 \u6bcf\u4e2a TPM \u81f3\u5c11\u6709 24 \u4e2a PCR\u30022005 \u5e74 3 \u6708\u7684 TCG \u901a\u7528\u670d\u52a1\u5668\u89c4\u8303 v1.0 \u5b9a\u4e49\u4e86\u542f\u52a8\u65f6\u5b8c\u6574\u6027\u6d4b\u91cf\u7684 PCR \u5206\u914d\u3002\u4e0b\u8868\u663e\u793a\u4e86\u5178\u578b\u7684PCR\u914d\u7f6e\u3002\u4e0a\u4e0b\u6587\u6307\u793a\u8fd9\u4e9b\u503c\u662f\u6839\u636e\u8282\u70b9\u786c\u4ef6\uff08\u56fa\u4ef6\uff09\u8fd8\u662f\u6839\u636e\u8282\u70b9\u4e0a\u7f6e\u5907\u7684\u8f6f\u4ef6\u786e\u5b9a\u7684\u3002\u67d0\u4e9b\u503c\u53d7\u56fa\u4ef6\u7248\u672c\u3001\u78c1\u76d8\u5927\u5c0f\u548c\u5176\u4ed6\u4f4e\u7ea7\u4fe1\u606f\u7684\u5f71\u54cd\u3002\u56e0\u6b64\uff0c\u5728\u914d\u7f6e\u7ba1\u7406\u65b9\u9762\u91c7\u53d6\u826f\u597d\u7684\u505a\u6cd5\u975e\u5e38\u91cd\u8981\uff0c\u4ee5\u786e\u4fdd\u90e8\u7f72\u7684\u6bcf\u4e2a\u7cfb\u7edf\u90fd\u5b8c\u5168\u6309\u7167\u9884\u671f\u8fdb\u884c\u914d\u7f6e\u3002 \u6ce8\u518c \u6d4b\u91cf\u5185\u5bb9 \u4e0a\u4e0b\u6587 PCR-00 \u6838\u5fc3\u4fe1\u4efb\u6839\u6d4b\u91cf \uff08CRTM\uff09\u3001BIOS \u4ee3\u7801\u3001\u4e3b\u673a\u5e73\u53f0\u6269\u5c55 \u786c\u4ef6 PCR-01 \u4e3b\u673a\u5e73\u53f0\u914d\u7f6e \u786c\u4ef6 PCR-02 \u9009\u9879 ROM \u4ee3\u7801 \u786c\u4ef6 PCR-03 \u9009\u9879 ROM \u914d\u7f6e\u548c\u6570\u636e \u786c\u4ef6 PCR-04 \u521d\u59cb\u7a0b\u5e8f\u52a0\u8f7d\u7a0b\u5e8f \uff08IPL\uff09 \u4ee3\u7801\u3002\u4f8b\u5982\uff0c\u4e3b\u5f15\u5bfc\u8bb0\u5f55\u3002 \u8f6f\u4ef6 PCR-05 IPL \u4ee3\u7801\u914d\u7f6e\u548c\u6570\u636e \u8f6f\u4ef6 PCR-06 \u72b6\u6001\u8f6c\u6362\u548c\u5524\u9192\u4e8b\u4ef6 \u8f6f\u4ef6 PCR-07 \u4e3b\u673a\u5e73\u53f0\u5236\u9020\u5546\u63a7\u5236 \u8f6f\u4ef6 PCR-08 \u7279\u5b9a\u4e8e\u5e73\u53f0\uff0c\u901a\u5e38\u662f\u5185\u6838\u3001\u5185\u6838\u6269\u5c55\u548c\u9a71\u52a8\u7a0b\u5e8f \u8f6f\u4ef6 PCR-09 \u7279\u5b9a\u4e8e\u5e73\u53f0\uff0c\u901a\u5e38\u662f Initramfs \u8f6f\u4ef6 PCR-10 \u81f3 PCR-23 \u7279\u5b9a\u4e8e\u5e73\u53f0 \u8f6f\u4ef6 \u5b89\u5168\u542f\u52a8\u53ef\u80fd\u662f\u6784\u5efa\u4e91\u7684\u4e00\u4e2a\u9009\u9879\uff0c\u4f46\u9700\u8981\u5728\u786c\u4ef6\u9009\u62e9\u65b9\u9762\u8fdb\u884c\u4ed4\u7ec6\u89c4\u5212\u3002\u4f8b\u5982\uff0c\u786e\u4fdd\u60a8\u5177\u6709 TPM \u548c\u82f1\u7279\u5c14 TXT \u652f\u6301\u3002\u7136\u540e\u9a8c\u8bc1\u8282\u70b9\u786c\u4ef6\u4f9b\u5e94\u5546\u5982\u4f55\u586b\u5145 PCR \u503c\u3002\u4f8b\u5982\uff0c\u54ea\u4e9b\u503c\u53ef\u7528\u4e8e\u9a8c\u8bc1\u3002\u901a\u5e38\uff0c\u4e0a\u8868\u4e2d\u8f6f\u4ef6\u4e0a\u4e0b\u6587\u4e0b\u5217\u51fa\u7684 PCR \u503c\u662f\u4e91\u67b6\u6784\u5e08\u53ef\u4ee5\u76f4\u63a5\u63a7\u5236\u7684\u503c\u3002\u4f46\u5373\u4f7f\u8fd9\u4e9b\u4e5f\u53ef\u80fd\u968f\u7740\u4e91\u4e2d\u8f6f\u4ef6\u7684\u5347\u7ea7\u800c\u6539\u53d8\u3002\u914d\u7f6e\u7ba1\u7406\u5e94\u94fe\u63a5\u5230 PCR \u7b56\u7565\u5f15\u64ce\uff0c\u4ee5\u786e\u4fdd\u9a8c\u8bc1\u59cb\u7ec8\u662f\u6700\u65b0\u7684\u3002 \u6bcf\u4e2a\u5236\u9020\u5546\u90fd\u5fc5\u987b\u4e3a\u5176\u670d\u52a1\u5668\u63d0\u4f9b BIOS \u548c\u56fa\u4ef6\u4ee3\u7801\u3002\u4e0d\u540c\u7684\u670d\u52a1\u5668\u3001\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u548c\u64cd\u4f5c\u7cfb\u7edf\u5c06\u9009\u62e9\u586b\u5145\u4e0d\u540c\u7684 PCR\u3002\u5728\u5927\u591a\u6570\u5b9e\u9645\u90e8\u7f72\u4e2d\uff0c\u4e0d\u53ef\u80fd\u6839\u636e\u5df2\u77e5\u7684\u826f\u597d\u6570\u91cf\uff08\u201c\u9ec4\u91d1\u6d4b\u91cf\u201d\uff09\u9a8c\u8bc1\u6bcf\u4e2aPCR\u3002\u7ecf\u9a8c\u8868\u660e\uff0c\u5373\u4f7f\u5728\u5355\u4e2a\u4f9b\u5e94\u5546\u7684\u4ea7\u54c1\u7ebf\u4e2d\uff0c\u7ed9\u5b9aPCR\u7684\u6d4b\u91cf\u8fc7\u7a0b\u4e5f\u53ef\u80fd\u4e0d\u4e00\u81f4\u3002\u5efa\u8bae\u4e3a\u6bcf\u4e2a\u670d\u52a1\u5668\u5efa\u7acb\u57fa\u7ebf\uff0c\u5e76\u76d1\u89c6 PCR \u503c\u4ee5\u67e5\u627e\u610f\u5916\u66f4\u6539\u3002\u7b2c\u4e09\u65b9\u8f6f\u4ef6\u53ef\u80fd\u53ef\u7528\u4e8e\u534f\u52a9 TPM \u9884\u914d\u548c\u76d1\u89c6\u8fc7\u7a0b\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u6240\u9009\u7684\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u89e3\u51b3\u65b9\u6848\u3002 \u521d\u59cb\u7a0b\u5e8f\u52a0\u8f7d\u7a0b\u5e8f \uff08IPL\uff09 \u4ee3\u7801\u5f88\u53ef\u80fd\u662f PXE \u56fa\u4ef6\uff0c\u5047\u8bbe\u91c7\u7528\u4e0a\u8ff0\u8282\u70b9\u90e8\u7f72\u7b56\u7565\u3002\u56e0\u6b64\uff0c\u5b89\u5168\u542f\u52a8\u6216\u542f\u52a8\u8bc1\u660e\u8fc7\u7a0b\u53ef\u4ee5\u6d4b\u91cf\u6240\u6709\u65e9\u671f\u542f\u52a8\u4ee3\u7801\uff0c\u4f8b\u5982 BIOS\u3001\u56fa\u4ef6\u3001PXE \u56fa\u4ef6\u548c\u5185\u6838\u6620\u50cf\u3002\u786e\u4fdd\u6bcf\u4e2a\u8282\u70b9\u90fd\u5b89\u88c5\u4e86\u8fd9\u4e9b\u90e8\u4ef6\u7684\u6b63\u786e\u7248\u672c\uff0c\u4e3a\u6784\u5efa\u8282\u70b9\u8f6f\u4ef6\u5806\u6808\u7684\u5176\u4f59\u90e8\u5206\u5960\u5b9a\u4e86\u575a\u5b9e\u7684\u57fa\u7840\u3002 \u6839\u636e\u6240\u9009\u7684\u7b56\u7565\uff0c\u5728\u53d1\u751f\u6545\u969c\u65f6\uff0c\u8282\u70b9\u5c06\u65e0\u6cd5\u542f\u52a8\uff0c\u6216\u8005\u5b83\u53ef\u4ee5\u5c06\u6545\u969c\u62a5\u544a\u7ed9\u4e91\u4e2d\u7684\u53e6\u4e00\u4e2a\u5b9e\u4f53\u3002\u4e3a\u4e86\u5b9e\u73b0\u5b89\u5168\u5f15\u5bfc\uff0c\u8282\u70b9\u5c06\u65e0\u6cd5\u5f15\u5bfc\uff0c\u7ba1\u7406\u5b89\u5168\u57df\u4e2d\u7684\u7f6e\u5907\u670d\u52a1\u5fc5\u987b\u8bc6\u522b\u8fd9\u4e00\u70b9\u5e76\u8bb0\u5f55\u4e8b\u4ef6\u3002\u5bf9\u4e8e\u542f\u52a8\u8bc1\u660e\uff0c\u5f53\u68c0\u6d4b\u5230\u6545\u969c\u65f6\uff0c\u8282\u70b9\u5c06\u5df2\u7ecf\u5728\u8fd0\u884c\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u5e94\u901a\u8fc7\u7981\u7528\u8282\u70b9\u7684\u7f51\u7edc\u8bbf\u95ee\u6765\u7acb\u5373\u9694\u79bb\u8282\u70b9\u3002\u7136\u540e\uff0c\u5e94\u5206\u6790\u4e8b\u4ef6\u7684\u6839\u672c\u539f\u56e0\u3002\u65e0\u8bba\u54ea\u79cd\u60c5\u51b5\uff0c\u7b56\u7565\u90fd\u5e94\u89c4\u5b9a\u5728\u5931\u8d25\u540e\u5982\u4f55\u7ee7\u7eed\u3002\u4e91\u53ef\u80fd\u4f1a\u81ea\u52a8\u5c1d\u8bd5\u91cd\u65b0\u914d\u7f6e\u8282\u70b9\u4e00\u5b9a\u6b21\u6570\u3002\u6216\u8005\uff0c\u5b83\u53ef\u80fd\u4f1a\u7acb\u5373\u901a\u77e5\u4e91\u7ba1\u7406\u5458\u8c03\u67e5\u95ee\u9898\u3002\u6b64\u5904\u7684\u6b63\u786e\u7b56\u7565\u662f\u7279\u5b9a\u4e8e\u90e8\u7f72\u548c\u6545\u969c\u6a21\u5f0f\u7684\u3002","title":"\u9a8c\u8bc1\u542f\u52a8"},{"location":"security/security-guide/#_73","text":"\u6b64\u65f6\uff0c\u6211\u4eec\u77e5\u9053\u8282\u70b9\u5df2\u4f7f\u7528\u6b63\u786e\u7684\u5185\u6838\u548c\u5e95\u5c42\u7ec4\u4ef6\u542f\u52a8\u3002\u4e0b\u4e00\u6b65\u662f\u5f3a\u5316\u64cd\u4f5c\u7cfb\u7edf\uff0c\u5b83\u4ece\u4e00\u7ec4\u884c\u4e1a\u516c\u8ba4\u7684\u5f3a\u5316\u63a7\u4ef6\u5f00\u59cb\u3002\u4ee5\u4e0b\u6307\u5357\u662f\u5f88\u597d\u7684\u793a\u4f8b\uff1a \u5b89\u5168\u6280\u672f\u5b9e\u65bd\u6307\u5357 \uff08STIG\uff09 \u56fd\u9632\u4fe1\u606f\u7cfb\u7edf\u5c40 \uff08DISA\uff09\uff08\u96b6\u5c5e\u4e8e\u7f8e\u56fd\u56fd\u9632\u90e8\uff09\u53d1\u5e03\u9002\u7528\u4e8e\u5404\u79cd\u64cd\u4f5c\u7cfb\u7edf\u3001\u5e94\u7528\u7a0b\u5e8f\u548c\u786c\u4ef6\u7684 STIG \u5185\u5bb9\u3002\u8fd9\u4e9b\u63a7\u4ef6\u5728\u672a\u9644\u52a0\u4efb\u4f55\u8bb8\u53ef\u8bc1\u7684\u60c5\u51b5\u4e0b\u53d1\u5e03\u3002 \u4e92\u8054\u7f51\u5b89\u5168\u4e2d\u5fc3 \uff08CIS\uff09 \u57fa\u51c6\u6d4b\u8bd5 CIS \u4f1a\u5b9a\u671f\u53d1\u5e03\u5b89\u5168\u57fa\u51c6\u4ee5\u53ca\u81ea\u52a8\u5e94\u7528\u8fd9\u4e9b\u5b89\u5168\u63a7\u5236\u7684\u81ea\u52a8\u5316\u5de5\u5177\u3002\u8fd9\u4e9b\u57fa\u51c6\u6d4b\u8bd5\u662f\u5728\u5177\u6709\u4e00\u4e9b\u9650\u5236\u7684\u77e5\u8bc6\u5171\u4eab\u8bb8\u53ef\u4e0b\u53d1\u5e03\u7684\u3002 \u8fd9\u4e9b\u5b89\u5168\u63a7\u5236\u6700\u597d\u901a\u8fc7\u81ea\u52a8\u5316\u65b9\u6cd5\u5e94\u7528\u3002\u81ea\u52a8\u5316\u786e\u4fdd\u6bcf\u6b21\u5bf9\u6bcf\u4e2a\u7cfb\u7edf\u90fd\u4ee5\u76f8\u540c\u7684\u65b9\u5f0f\u5e94\u7528\u63a7\u5236\uff0c\u5e76\u4e14\u5b83\u4eec\u8fd8\u63d0\u4f9b\u4e86\u4e00\u79cd\u7528\u4e8e\u5ba1\u6838\u73b0\u6709\u7cfb\u7edf\u7684\u5feb\u901f\u65b9\u6cd5\u3002\u81ea\u52a8\u5316\u6709\u591a\u79cd\u9009\u62e9\uff1a OpenSCAP OpenSCAP \u662f\u4e00\u4e2a\u5f00\u6e90\u5de5\u5177\uff0c\u5b83\u91c7\u7528 SCAP \u5185\u5bb9\uff08\u63cf\u8ff0\u5b89\u5168\u63a7\u5236\u7684 XML \u6587\u4ef6\uff09\u5e76\u5c06\u8be5\u5185\u5bb9\u5e94\u7528\u4e8e\u5404\u79cd\u7cfb\u7edf\u3002\u76ee\u524d\u53ef\u7528\u7684\u5927\u591a\u6570\u5185\u5bb9\u90fd\u9002\u7528\u4e8e Red Hat Enterprise Linux \u548c CentOS\uff0c\u4f46\u8fd9\u4e9b\u5de5\u5177\u9002\u7528\u4e8e\u4efb\u4f55 Linux \u6216 Windows \u7cfb\u7edf\u3002 ansible \u52a0\u56fa ansible-hardening \u9879\u76ee\u63d0\u4f9b\u4e86\u4e00\u4e2a Ansible \u89d2\u8272\uff0c\u53ef\u5c06\u5b89\u5168\u63a7\u5236\u5e94\u7528\u4e8e\u5404\u79cd Linux \u64cd\u4f5c\u7cfb\u7edf\u3002\u5b83\u8fd8\u53ef\u7528\u4e8e\u5ba1\u6838\u73b0\u6709\u7cfb\u7edf\u3002\u4ed4\u7ec6\u68c0\u67e5\u6bcf\u4e2a\u63a7\u5236\u63aa\u65bd\uff0c\u4ee5\u786e\u5b9a\u5b83\u662f\u5426\u53ef\u80fd\u5bf9\u751f\u4ea7\u7cfb\u7edf\u9020\u6210\u635f\u5bb3\u3002\u8fd9\u4e9b\u63a7\u4ef6\u57fa\u4e8e Red Hat Enterprise Linux 7 STIG\u3002 \u5b8c\u5168\u52a0\u56fa\u7684\u7cfb\u7edf\u662f\u4e00\u4e2a\u5177\u6709\u6311\u6218\u6027\u7684\u8fc7\u7a0b\uff0c\u53ef\u80fd\u9700\u8981\u5bf9\u67d0\u4e9b\u7cfb\u7edf\u8fdb\u884c\u5927\u91cf\u66f4\u6539\u3002\u5176\u4e2d\u4e00\u4e9b\u66f4\u6539\u53ef\u80fd\u4f1a\u5f71\u54cd\u751f\u4ea7\u5de5\u4f5c\u8d1f\u8f7d\u3002\u5982\u679c\u7cfb\u7edf\u65e0\u6cd5\u5b8c\u5168\u52a0\u56fa\uff0c\u5f3a\u70c8\u5efa\u8bae\u8fdb\u884c\u4ee5\u4e0b\u4e24\u9879\u66f4\u6539\uff0c\u4ee5\u4fbf\u5728\u4e0d\u9020\u6210\u91cd\u5927\u4e2d\u65ad\u7684\u60c5\u51b5\u4e0b\u63d0\u9ad8\u5b89\u5168\u6027\uff1a","title":"\u8282\u70b9\u52a0\u56fa"},{"location":"security/security-guide/#mac","text":"\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236\u4f1a\u5f71\u54cd\u7cfb\u7edf\u4e0a\u7684\u6240\u6709\u7528\u6237\uff0c\u5305\u62ec root\uff0c\u5185\u6838\u7684\u5de5\u4f5c\u662f\u6839\u636e\u5f53\u524d\u5b89\u5168\u7b56\u7565\u5ba1\u67e5\u6d3b\u52a8\u3002\u5982\u679c\u6d3b\u52a8\u4e0d\u5728\u5141\u8bb8\u7684\u7b56\u7565\u8303\u56f4\u5185\uff0c\u5219\u4f1a\u88ab\u963b\u6b62\uff0c\u5373\u4f7f\u5bf9\u4e8e root \u7528\u6237\u4e5f\u662f\u5982\u6b64\u3002\u6709\u5173\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u67e5\u770b\u4e0b\u9762\u5173\u4e8e sVirt\u3001SELinux \u548c AppArmor \u7684\u8ba8\u8bba\u3002","title":"\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236 \uff08MAC\uff09"},{"location":"security/security-guide/#_74","text":"\u786e\u4fdd\u7cfb\u7edf\u5b89\u88c5\u7684\u8f6f\u4ef6\u5305\u6570\u91cf\u5c3d\u53ef\u80fd\u5c11\uff0c\u5e76\u4e14\u8fd0\u884c\u7684\u670d\u52a1\u6570\u91cf\u5c3d\u53ef\u80fd\u5c11\u3002\u5220\u9664\u4e0d\u9700\u8981\u7684\u8f6f\u4ef6\u5305\u53ef\u4ee5\u66f4\u8f7b\u677e\u5730\u8fdb\u884c\u4fee\u8865\uff0c\u5e76\u51cf\u5c11\u7cfb\u7edf\u4e0a\u53ef\u80fd\u5bfc\u81f4\u8fdd\u89c4\u7684\u9879\u76ee\u6570\u91cf\u3002\u505c\u6b62\u4e0d\u9700\u8981\u7684\u670d\u52a1\u4f1a\u7f29\u5c0f\u7cfb\u7edf\u4e0a\u7684\u653b\u51fb\u9762\uff0c\u5e76\u4f7f\u653b\u51fb\u66f4\u52a0\u56f0\u96be\u3002 \u6211\u4eec\u8fd8\u5efa\u8bae\u5bf9\u751f\u4ea7\u8282\u70b9\u6267\u884c\u4ee5\u4e0b\u9644\u52a0\u6b65\u9aa4\uff1a","title":"\u5220\u9664\u8f6f\u4ef6\u5305\u5e76\u505c\u6b62\u670d\u52a1"},{"location":"security/security-guide/#_75","text":"\u5c3d\u53ef\u80fd\u4f7f\u7528\u53ea\u8bfb\u6587\u4ef6\u7cfb\u7edf\u3002\u786e\u4fdd\u53ef\u5199\u6587\u4ef6\u7cfb\u7edf\u4e0d\u5141\u8bb8\u6267\u884c\u3002\u8fd9\u53ef\u4ee5\u4f7f\u7528 noexec \u4e2d\u7684 \u3001 nosuid \u548c nodev \u6302\u8f7d\u9009\u9879\u6765\u5904\u7406 /etc/fstab \u3002","title":"\u53ea\u8bfb\u6587\u4ef6\u7cfb\u7edf"},{"location":"security/security-guide/#_76","text":"\u6700\u540e\uff0c\u8282\u70b9\u5185\u6838\u5e94\u8be5\u6709\u4e00\u79cd\u673a\u5236\u6765\u9a8c\u8bc1\u8282\u70b9\u7684\u5176\u4f59\u90e8\u5206\u662f\u5426\u4ee5\u5df2\u77e5\u7684\u826f\u597d\u72b6\u6001\u542f\u52a8\u3002\u8fd9\u63d0\u4f9b\u4e86\u4ece\u5f15\u5bfc\u9a8c\u8bc1\u8fc7\u7a0b\u5230\u9a8c\u8bc1\u6574\u4e2a\u7cfb\u7edf\u7684\u5fc5\u8981\u94fe\u63a5\u3002\u6267\u884c\u6b64\u64cd\u4f5c\u7684\u6b65\u9aa4\u5c06\u7279\u5b9a\u4e8e\u90e8\u7f72\u3002\u4f8b\u5982\uff0c\u5185\u6838\u6a21\u5757\u53ef\u4ee5\u5728\u4f7f\u7528 dm-verity \u6302\u8f7d\u6587\u4ef6\u7cfb\u7edf\u4e4b\u524d\u9a8c\u8bc1\u7ec4\u6210\u6587\u4ef6\u7cfb\u7edf\u7684\u5757\u7684\u54c8\u5e0c\u503c\u3002","title":"\u7cfb\u7edf\u9a8c\u8bc1"},{"location":"security/security-guide/#_77","text":"\u4e00\u65e6\u8282\u70b9\u8fd0\u884c\uff0c\u6211\u4eec\u9700\u8981\u786e\u4fdd\u5b83\u968f\u7740\u65f6\u95f4\u7684\u63a8\u79fb\u4fdd\u6301\u826f\u597d\u7684\u72b6\u6001\u3002\u4ece\u5e7f\u4e49\u4e0a\u8bb2\uff0c\u8fd9\u5305\u62ec\u914d\u7f6e\u7ba1\u7406\u548c\u5b89\u5168\u76d1\u63a7\u3002\u8fd9\u4e9b\u9886\u57df\u4e2d\u6bcf\u4e2a\u9886\u57df\u7684\u76ee\u6807\u90fd\u4e0d\u540c\u3002\u901a\u8fc7\u68c0\u67e5\u8fd9\u4e24\u8005\uff0c\u6211\u4eec\u53ef\u4ee5\u66f4\u597d\u5730\u786e\u4fdd\u7cfb\u7edf\u6309\u9884\u671f\u8fd0\u884c\u3002\u6211\u4eec\u5c06\u5728\u7ba1\u7406\u90e8\u5206\u8ba8\u8bba\u914d\u7f6e\u7ba1\u7406\uff0c\u5e76\u5728\u4e0b\u9762\u8ba8\u8bba\u5b89\u5168\u76d1\u63a7\u3002","title":"\u8fd0\u884c\u65f6\u9a8c\u8bc1"},{"location":"security/security-guide/#_78","text":"\u57fa\u4e8e\u4e3b\u673a\u7684\u5165\u4fb5\u68c0\u6d4b\u5de5\u5177\u5bf9\u4e8e\u81ea\u52a8\u9a8c\u8bc1\u4e91\u5185\u90e8\u4e5f\u5f88\u6709\u7528\u3002\u6709\u5404\u79cd\u5404\u6837\u7684\u57fa\u4e8e\u4e3b\u673a\u7684\u5165\u4fb5\u68c0\u6d4b\u5de5\u5177\u53ef\u7528\u3002\u6709\u4e9b\u662f\u514d\u8d39\u63d0\u4f9b\u7684\u5f00\u6e90\u9879\u76ee\uff0c\u800c\u53e6\u4e00\u4e9b\u5219\u662f\u5546\u4e1a\u9879\u76ee\u3002\u901a\u5e38\uff0c\u8fd9\u4e9b\u5de5\u5177\u4f1a\u5206\u6790\u6765\u81ea\u5404\u79cd\u6765\u6e90\u7684\u6570\u636e\uff0c\u5e76\u6839\u636e\u89c4\u5219\u96c6\u548c/\u6216\u8bad\u7ec3\u751f\u6210\u5b89\u5168\u8b66\u62a5\u3002\u5178\u578b\u529f\u80fd\u5305\u62ec\u65e5\u5fd7\u5206\u6790\u3001\u6587\u4ef6\u5b8c\u6574\u6027\u68c0\u67e5\u3001\u7b56\u7565\u76d1\u63a7\u548c rootkit \u68c0\u6d4b\u3002\u66f4\u9ad8\u7ea7\uff08\u901a\u5e38\u662f\u81ea\u5b9a\u4e49\uff09\u5de5\u5177\u53ef\u4ee5\u9a8c\u8bc1\u5185\u5b58\u4e2d\u8fdb\u7a0b\u6620\u50cf\u662f\u5426\u4e0e\u78c1\u76d8\u4e0a\u7684\u53ef\u6267\u884c\u6587\u4ef6\u5339\u914d\uff0c\u5e76\u9a8c\u8bc1\u6b63\u5728\u8fd0\u884c\u7684\u8fdb\u7a0b\u7684\u6267\u884c\u72b6\u6001\u3002 \u5bf9\u4e8e\u4e91\u67b6\u6784\u5e08\u6765\u8bf4\uff0c\u4e00\u4e2a\u5173\u952e\u7684\u7b56\u7565\u51b3\u7b56\u662f\u5982\u4f55\u5904\u7406\u5b89\u5168\u76d1\u63a7\u5de5\u5177\u7684\u8f93\u51fa\u3002\u5b9e\u9645\u4e0a\u6709\u4e24\u79cd\u9009\u62e9\u3002\u9996\u5148\u662f\u63d0\u9192\u4eba\u7c7b\u8fdb\u884c\u8c03\u67e5\u548c/\u6216\u91c7\u53d6\u7ea0\u6b63\u63aa\u65bd\u3002\u8fd9\u53ef\u4ee5\u901a\u8fc7\u5728\u4e91\u7ba1\u7406\u5458\u7684\u65e5\u5fd7\u6216\u4e8b\u4ef6\u6e90\u4e2d\u5305\u542b\u5b89\u5168\u8b66\u62a5\u6765\u5b8c\u6210\u3002\u7b2c\u4e8c\u79cd\u9009\u62e9\u662f\u8ba9\u4e91\u81ea\u52a8\u91c7\u53d6\u67d0\u79cd\u5f62\u5f0f\u7684\u8865\u6551\u63aa\u65bd\uff0c\u4ee5\u53ca\u8bb0\u5f55\u4e8b\u4ef6\u3002\u8865\u6551\u63aa\u65bd\u53ef\u80fd\u5305\u62ec\u4ece\u91cd\u65b0\u5b89\u88c5\u8282\u70b9\u5230\u6267\u884c\u6b21\u8981\u670d\u52a1\u914d\u7f6e\u7684\u4efb\u4f55\u5185\u5bb9\u3002\u4f46\u662f\uff0c\u7531\u4e8e\u53ef\u80fd\u5b58\u5728\u8bef\u62a5\uff0c\u81ea\u52a8\u8865\u6551\u63aa\u65bd\u53ef\u80fd\u5177\u6709\u6311\u6218\u6027\u3002 \u5f53\u5b89\u5168\u76d1\u89c6\u5de5\u5177\u4e3a\u826f\u6027\u4e8b\u4ef6\u751f\u6210\u5b89\u5168\u8b66\u62a5\u65f6\uff0c\u4f1a\u53d1\u751f\u8bef\u62a5\u3002\u7531\u4e8e\u5b89\u5168\u76d1\u63a7\u5de5\u5177\u7684\u6027\u8d28\uff0c\u8bef\u62a5\u80af\u5b9a\u4f1a\u4e0d\u65f6\u53d1\u751f\u3002\u901a\u5e38\uff0c\u4e91\u7ba1\u7406\u5458\u53ef\u4ee5\u8c03\u6574\u5b89\u5168\u76d1\u63a7\u5de5\u5177\u4ee5\u51cf\u5c11\u8bef\u62a5\uff0c\u4f46\u8fd9\u4e5f\u53ef\u80fd\u540c\u65f6\u964d\u4f4e\u6574\u4f53\u68c0\u6d4b\u7387\u3002\u5728\u4e91\u4e2d\u8bbe\u7f6e\u5b89\u5168\u76d1\u63a7\u7cfb\u7edf\u65f6\uff0c\u5fc5\u987b\u4e86\u89e3\u5e76\u8003\u8651\u8fd9\u4e9b\u7ecf\u5178\u7684\u6743\u8861\u3002 \u57fa\u4e8e\u4e3b\u673a\u7684\u5165\u4fb5\u68c0\u6d4b\u5de5\u5177\u7684\u9009\u62e9\u548c\u914d\u7f6e\u5177\u6709\u9ad8\u5ea6\u7684\u90e8\u7f72\u7279\u5f02\u6027\u3002\u6211\u4eec\u5efa\u8bae\u4ece\u63a2\u7d22\u4ee5\u4e0b\u5f00\u6e90\u9879\u76ee\u5f00\u59cb\uff0c\u8fd9\u4e9b\u9879\u76ee\u5b9e\u73b0\u4e86\u5404\u79cd\u57fa\u4e8e\u4e3b\u673a\u7684\u5165\u4fb5\u68c0\u6d4b\u548c\u6587\u4ef6\u76d1\u63a7\u529f\u80fd\u3002 OSSEC Samhain Tripwire AIDE \u7f51\u7edc\u5165\u4fb5\u68c0\u6d4b\u5de5\u5177\u662f\u5bf9\u57fa\u4e8e\u4e3b\u673a\u7684\u5de5\u5177\u7684\u8865\u5145\u3002OpenStack \u6ca1\u6709\u5185\u7f6e\u7279\u5b9a\u7684\u7f51\u7edc IDS\uff0c\u4f46 OpenStack Networking \u63d0\u4f9b\u4e86\u4e00\u79cd\u63d2\u4ef6\u673a\u5236\uff0c\u53ef\u4ee5\u901a\u8fc7 Networking API \u542f\u7528\u4e0d\u540c\u7684\u6280\u672f\u3002\u6b64\u63d2\u4ef6\u4f53\u7cfb\u7ed3\u6784\u5c06\u5141\u8bb8\u79df\u6237\u5f00\u53d1 API \u6269\u5c55\uff0c\u4ee5\u63d2\u5165\u548c\u914d\u7f6e\u81ea\u5df1\u7684\u9ad8\u7ea7\u7f51\u7edc\u670d\u52a1\uff0c\u4f8b\u5982\u9632\u706b\u5899\u3001\u5165\u4fb5\u68c0\u6d4b\u7cfb\u7edf\u6216\u865a\u62df\u673a\u4e4b\u95f4\u7684 VPN\u3002 \u4e0e\u57fa\u4e8e\u4e3b\u673a\u7684\u5de5\u5177\u7c7b\u4f3c\uff0c\u57fa\u4e8e\u7f51\u7edc\u7684\u5165\u4fb5\u68c0\u6d4b\u5de5\u5177\u7684\u9009\u62e9\u548c\u914d\u7f6e\u662f\u7279\u5b9a\u4e8e\u90e8\u7f72\u7684\u3002Snort \u662f\u9886\u5148\u7684\u5f00\u6e90\u7f51\u7edc\u5165\u4fb5\u68c0\u6d4b\u5de5\u5177\uff0c\u4e5f\u662f\u4e86\u89e3\u66f4\u591a\u4fe1\u606f\u7684\u826f\u597d\u8d77\u70b9\u3002 \u5bf9\u4e8e\u57fa\u4e8e\u7f51\u7edc\u548c\u4e3b\u673a\u7684\u5165\u4fb5\u68c0\u6d4b\u7cfb\u7edf\uff0c\u6709\u4e00\u4e9b\u91cd\u8981\u7684\u5b89\u5168\u6ce8\u610f\u4e8b\u9879\u3002 \u91cd\u8981\u7684\u662f\u8981\u8003\u8651\u5c06\u7f51\u7edc IDS \u653e\u7f6e\u5728\u4e91\u4e0a\uff08\u4f8b\u5982\uff0c\u5c06\u5176\u6dfb\u52a0\u5230\u7f51\u7edc\u8fb9\u754c\u548c/\u6216\u654f\u611f\u7f51\u7edc\u5468\u56f4\uff09\u3002\u653e\u7f6e\u4f4d\u7f6e\u53d6\u51b3\u4e8e\u60a8\u7684\u7f51\u7edc\u73af\u5883\uff0c\u4f46\u8bf7\u786e\u4fdd\u76d1\u63a7 IDS \u53ef\u80fd\u5bf9\u60a8\u7684\u670d\u52a1\u4ea7\u751f\u7684\u5f71\u54cd\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u60a8\u9009\u62e9\u6dfb\u52a0\u7684\u4f4d\u7f6e\u3002\u7f51\u7edc IDS \u901a\u5e38\u65e0\u6cd5\u68c0\u67e5\u52a0\u5bc6\u6d41\u91cf\uff08\u5982 TLS\uff09\u7684\u5185\u5bb9\u3002\u4f46\u662f\uff0c\u7f51\u7edc IDS \u5728\u8bc6\u522b\u7f51\u7edc\u4e0a\u7684\u5f02\u5e38\u672a\u52a0\u5bc6\u6d41\u91cf\u65b9\u9762\u4ecd\u53ef\u80fd\u63d0\u4f9b\u4e00\u4e9b\u597d\u5904\u3002 \u5728\u67d0\u4e9b\u90e8\u7f72\u4e2d\uff0c\u53ef\u80fd\u9700\u8981\u5728\u5b89\u5168\u57df\u7f51\u6865\u4e0a\u7684\u654f\u611f\u7ec4\u4ef6\u4e0a\u6dfb\u52a0\u57fa\u4e8e\u4e3b\u673a\u7684 IDS\u3002\u57fa\u4e8e\u4e3b\u673a\u7684 IDS \u53ef\u80fd\u4f1a\u901a\u8fc7\u7ec4\u4ef6\u4e0a\u906d\u5230\u5165\u4fb5\u6216\u672a\u7ecf\u6388\u6743\u7684\u8fdb\u7a0b\u6765\u68c0\u6d4b\u5f02\u5e38\u6d3b\u52a8\u3002IDS \u5e94\u5728\u7ba1\u7406\u7f51\u7edc\u4e0a\u4f20\u8f93\u8b66\u62a5\u548c\u65e5\u5fd7\u4fe1\u606f\u3002","title":"\u5165\u4fb5\u68c0\u6d4b\u7cfb\u7edf"},{"location":"security/security-guide/#_79","text":"\u4e91\u73af\u5883\u4e2d\u7684\u670d\u52a1\u5668\uff0c\u5305\u62ec undercloud \u548c overcloud \u57fa\u7840\u67b6\u6784\uff0c\u5e94\u5b9e\u65bd\u5f3a\u5316\u6700\u4f73\u5b9e\u8df5\u3002\u7531\u4e8e\u64cd\u4f5c\u7cfb\u7edf\u548c\u670d\u52a1\u5668\u5f3a\u5316\u5f88\u5e38\u89c1\uff0c\u56e0\u6b64\u6b64\u5904\u4e0d\u6db5\u76d6\u9002\u7528\u7684\u6700\u4f73\u5b9e\u8df5\uff0c\u5305\u62ec\u4f46\u4e0d\u9650\u4e8e\u65e5\u5fd7\u8bb0\u5f55\u3001\u7528\u6237\u5e10\u6237\u9650\u5236\u548c\u5b9a\u671f\u66f4\u65b0\uff0c\u4f46\u5e94\u5e94\u7528\u4e8e\u6240\u6709\u57fa\u7840\u7ed3\u6784\u3002","title":"\u670d\u52a1\u5668\u52a0\u56fa"},{"location":"security/security-guide/#fim","text":"\u6587\u4ef6\u5b8c\u6574\u6027\u7ba1\u7406 \uff08FIM\uff09 \u662f\u786e\u4fdd\u654f\u611f\u7cfb\u7edf\u6216\u5e94\u7528\u7a0b\u5e8f\u914d\u7f6e\u6587\u4ef6\u7b49\u6587\u4ef6\u4e0d\u4f1a\u635f\u574f\u6216\u66f4\u6539\u4ee5\u5141\u8bb8\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u6216\u6076\u610f\u884c\u4e3a\u7684\u65b9\u6cd5\u3002\u8fd9\u53ef\u4ee5\u901a\u8fc7\u5b9e\u7528\u7a0b\u5e8f\uff08\u5982 Samhain\uff09\u6765\u5b8c\u6210\uff0c\u8be5\u5b9e\u7528\u7a0b\u5e8f\u5c06\u521b\u5efa\u6307\u5b9a\u8d44\u6e90\u7684\u6821\u9a8c\u548c\u54c8\u5e0c\uff0c\u7136\u540e\u5b9a\u671f\u9a8c\u8bc1\u8be5\u54c8\u5e0c\uff0c\u6216\u8005\u901a\u8fc7 DMVerity \u7b49\u5de5\u5177\u6765\u5b8c\u6210\uff0c\u8be5\u5de5\u5177\u53ef\u4ee5\u83b7\u53d6\u5757\u8bbe\u5907\u7684\u54c8\u5e0c\u503c\uff0c\u5e76\u5728\u7cfb\u7edf\u8bbf\u95ee\u8fd9\u4e9b\u54c8\u5e0c\u503c\u65f6\u5bf9\u5176\u8fdb\u884c\u9a8c\u8bc1\uff0c\u7136\u540e\u518d\u5c06\u5176\u5448\u73b0\u7ed9\u7528\u6237\u3002 \u8fd9\u4e9b\u5e94\u8be5\u653e\u5728\u9002\u5f53\u7684\u4f4d\u7f6e\uff0c\u4ee5\u76d1\u63a7\u548c\u62a5\u544a\u5bf9\u7cfb\u7edf\u3001\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u548c\u5e94\u7528\u7a0b\u5e8f\u914d\u7f6e\u6587\u4ef6\uff08\u5982 \u548c /etc/keystone/keystone.conf \uff09\u4ee5\u53ca\u5185\u6838\u6a21\u5757\uff08\u5982 /etc/pam.d/system-auth virtio\uff09\u7684\u66f4\u6539\u3002\u6700\u4f73\u505a\u6cd5\u662f\u4f7f\u7528 lsmod \u547d\u4ee4\u6765\u663e\u793a\u7cfb\u7edf\u4e0a\u5b9a\u671f\u52a0\u8f7d\u7684\u5185\u5bb9\uff0c\u4ee5\u5e2e\u52a9\u786e\u5b9a FIM \u68c0\u67e5\u4e2d\u5e94\u5305\u542b\u6216\u4e0d\u5e94\u5305\u542b\u7684\u5185\u5bb9\u3002","title":"\u6587\u4ef6\u5b8c\u6574\u6027\u7ba1\u7406\uff08FIM\uff09"},{"location":"security/security-guide/#_80","text":"\u7ba1\u7406\u5458\u9700\u8981\u5bf9\u4e91\u6267\u884c\u547d\u4ee4\u548c\u63a7\u5236\uff0c\u4ee5\u5b9e\u73b0\u5404\u79cd\u64cd\u4f5c\u529f\u80fd\u3002\u7406\u89e3\u548c\u4fdd\u62a4\u8fd9\u4e9b\u6307\u6325\u548c\u63a7\u5236\u8bbe\u65bd\u975e\u5e38\u91cd\u8981\u3002 OpenStack \u4e3a\u8fd0\u7ef4\u4eba\u5458\u548c\u79df\u6237\u63d0\u4f9b\u4e86\u591a\u79cd\u7ba1\u7406\u754c\u9762\uff1a OpenStack \u4eea\u8868\u677f \uff08horizon\uff09 OpenStack \u63a5\u53e3 \u5b89\u5168\u5916\u58f3 \uff08SSH\uff09 OpenStack \u7ba1\u7406\u5b9e\u7528\u7a0b\u5e8f\uff0c\u4f8b\u5982 nova-manage \u548c glance-manage \u5e26\u5916\u7ba1\u7406\u63a5\u53e3\uff0c\u5982 IPMI","title":"\u7ba1\u7406\u754c\u9762"},{"location":"security/security-guide/#_81","text":"OpenStack \u4eea\u8868\u677f \uff08horizon\uff09 \u4e3a\u7ba1\u7406\u5458\u548c\u79df\u6237\u63d0\u4f9b\u4e86\u4e00\u4e2a\u57fa\u4e8e Web \u7684\u56fe\u5f62\u754c\u9762\uff0c\u7528\u4e8e\u7f6e\u5907\u548c\u8bbf\u95ee\u57fa\u4e8e\u4e91\u7684\u8d44\u6e90\u3002\u4eea\u8868\u677f\u901a\u8fc7\u8c03\u7528 OpenStack API \u4e0e\u540e\u7aef\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\u3002","title":"\u4eea\u8868\u677f"},{"location":"security/security-guide/#_82","text":"\u4f5c\u4e3a\u4e91\u7ba1\u7406\u5458\uff0c\u4eea\u8868\u677f\u63d0\u4f9b\u4e91\u5927\u5c0f\u548c\u72b6\u6001\u7684\u6574\u4f53\u89c6\u56fe\u3002\u60a8\u53ef\u4ee5\u521b\u5efa\u7528\u6237\u548c\u79df\u6237/\u9879\u76ee\uff0c\u5c06\u7528\u6237\u5206\u914d\u7ed9\u79df\u6237/\u9879\u76ee\uff0c\u5e76\u5bf9\u53ef\u4f9b\u4ed6\u4eec\u4f7f\u7528\u7684\u8d44\u6e90\u8bbe\u7f6e\u9650\u5236\u3002 \u4eea\u8868\u677f\u4e3a\u79df\u6237\u7528\u6237\u63d0\u4f9b\u4e86\u4e00\u4e2a\u81ea\u52a9\u670d\u52a1\u95e8\u6237\uff0c\u7528\u4e8e\u5728\u7ba1\u7406\u5458\u8bbe\u7f6e\u7684\u9650\u5236\u8303\u56f4\u5185\u9884\u914d\u81ea\u5df1\u7684\u8d44\u6e90\u3002 \u4eea\u8868\u677f\u4e3a\u8def\u7531\u5668\u548c\u8d1f\u8f7d\u5e73\u8861\u5668\u63d0\u4f9b GUI \u652f\u6301\u3002\u4f8b\u5982\uff0c\u4eea\u8868\u677f\u73b0\u5728\u5b9e\u73b0\u4e86\u6240\u6709\u4e3b\u8981\u7684\u7f51\u7edc\u529f\u80fd\u3002 \u5b83\u662f\u4e00\u4e2a\u53ef\u6269\u5c55\u7684 Django Web \u5e94\u7528\u7a0b\u5e8f\uff0c\u5141\u8bb8\u8f7b\u677e\u63d2\u5165\u7b2c\u4e09\u65b9\u4ea7\u54c1\u548c\u670d\u52a1\uff0c\u4f8b\u5982\u8ba1\u8d39\u3001\u76d1\u63a7\u548c\u5176\u4ed6\u7ba1\u7406\u5de5\u5177\u3002 \u4eea\u8868\u677f\u8fd8\u53ef\u4ee5\u4e3a\u670d\u52a1\u63d0\u4f9b\u5546\u548c\u5176\u4ed6\u5546\u4e1a\u4f9b\u5e94\u5546\u6253\u9020\u54c1\u724c\u3002","title":"\u529f\u80fd"},{"location":"security/security-guide/#_83","text":"\u4eea\u8868\u677f\u8981\u6c42\u5728 Web \u6d4f\u89c8\u5668\u4e2d\u542f\u7528 Cookie \u548c JavaScript\u3002 \u6258\u7ba1\u4eea\u8868\u677f\u7684 Web \u670d\u52a1\u5668\u5e94\u914d\u7f6e\u4e3a\u4f7f\u7528 TLS\uff0c\u4ee5\u786e\u4fdd\u6570\u636e\u5df2\u52a0\u5bc6\u3002 Horizon Web Service \u53ca\u5176\u7528\u4e8e\u4e0e\u540e\u7aef\u901a\u4fe1\u7684 OpenStack API \u90fd\u5bb9\u6613\u53d7\u5230 Web \u653b\u51fb\u5a92\u4ecb\uff08\u5982\u62d2\u7edd\u670d\u52a1\uff09\u7684\u653b\u51fb\uff0c\u56e0\u6b64\u5fc5\u987b\u5bf9\u5176\u8fdb\u884c\u76d1\u63a7\u3002 \u73b0\u5728\u53ef\u4ee5\u901a\u8fc7\u4eea\u8868\u677f\u5c06\u955c\u50cf\u6587\u4ef6\u76f4\u63a5\u4ece\u7528\u6237\u7684\u786c\u76d8\u4e0a\u4f20\u5230 OpenStack \u955c\u50cf\u670d\u52a1\uff08\u5c3d\u7ba1\u5b58\u5728\u8bb8\u591a\u90e8\u7f72/\u5b89\u5168\u9690\u60a3\uff09\u3002\u5bf9\u4e8e\u591a GB \u7684\u6620\u50cf\uff0c\u4ecd\u5f3a\u70c8\u5efa\u8bae\u4f7f\u7528 glance CLI \u8fdb\u884c\u4e0a\u4f20\u3002 \u901a\u8fc7\u4eea\u8868\u76d8\u521b\u5efa\u548c\u7ba1\u7406\u5b89\u5168\u7ec4\u3002\u5b89\u5168\u7ec4\u5141\u8bb8\u5bf9\u5b89\u5168\u7b56\u7565\u8fdb\u884c L3-L4 \u6570\u636e\u5305\u7b5b\u9009\uff0c\u4ee5\u4fdd\u62a4\u865a\u62df\u673a\u3002","title":"\u5b89\u5168\u6ce8\u610f\u4e8b\u9879"},{"location":"security/security-guide/#_84","text":"OpenStack.org\uff0cReleaseNotes/Liberty\u30022015. OpenStack Liberty \u53d1\u884c\u8bf4\u660e","title":"\u53c2\u8003\u4e66\u76ee"},{"location":"security/security-guide/#openstack_3","text":"OpenStack API \u662f\u4e00\u4e2a RESTful Web \u670d\u52a1\u7aef\u70b9\uff0c\u7528\u4e8e\u8bbf\u95ee\u3001\u914d\u7f6e\u548c\u81ea\u52a8\u5316\u57fa\u4e8e\u4e91\u7684\u8d44\u6e90\u3002\u64cd\u4f5c\u5458\u548c\u7528\u6237\u901a\u5e38\u901a\u8fc7\u547d\u4ee4\u884c\u5b9e\u7528\u7a0b\u5e8f\uff08\u4f8b\u5982\uff0c nova \u6216\uff09\u3001\u7279\u5b9a\u4e8e\u8bed\u8a00\u7684\u5e93\u6216 glance \u7b2c\u4e09\u65b9\u5de5\u5177\u8bbf\u95ee API\u3002","title":"OpenStack \u63a5\u53e3"},{"location":"security/security-guide/#_85","text":"To the cloud administrator, the API provides an overall view of the size and state of the cloud deployment and allows the creation of users, tenants/projects, assigning users to tenants/projects, and specifying resource quotas on a per tenant/project basis. \u5bf9\u4e8e\u4e91\u7ba1\u7406\u5458\u6765\u8bf4\uff0cAPI \u63d0\u4f9b\u4e86\u4e91\u90e8\u7f72\u5927\u5c0f\u548c\u72b6\u6001\u7684\u6574\u4f53\u89c6\u56fe\uff0c\u5e76\u5141\u8bb8\u521b\u5efa\u7528\u6237\u3001\u79df\u6237/\u9879\u76ee\u3001\u5c06\u7528\u6237\u5206\u914d\u7ed9\u79df\u6237/\u9879\u76ee\uff0c\u4ee5\u53ca\u4e3a\u6bcf\u4e2a\u79df\u6237/\u9879\u76ee\u6307\u5b9a\u8d44\u6e90\u914d\u989d\u3002 The API provides a tenant interface for provisioning, managing, and accessing their resources. API \u63d0\u4f9b\u4e86\u4e00\u4e2a\u79df\u6237\u63a5\u53e3\uff0c\u7528\u4e8e\u9884\u914d\u3001\u7ba1\u7406\u548c\u8bbf\u95ee\u5176\u8d44\u6e90\u3002","title":"\u529f\u80fd"},{"location":"security/security-guide/#_86","text":"\u5e94\u4e3a TLS \u914d\u7f6e API \u670d\u52a1\uff0c\u4ee5\u786e\u4fdd\u6570\u636e\u5df2\u52a0\u5bc6\u3002 \u4f5c\u4e3a Web \u670d\u52a1\uff0cOpenStack API \u5bb9\u6613\u53d7\u5230\u719f\u6089\u7684\u7f51\u7ad9\u653b\u51fb\u5a92\u4ecb\u7684\u5f71\u54cd\uff0c\u4f8b\u5982\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002","title":"\u5b89\u5168\u6ce8\u610f\u4e8b\u9879"},{"location":"security/security-guide/#ssh","text":"\u4f7f\u7528\u5b89\u5168\u5916\u58f3 \uff08SSH\uff09 \u8bbf\u95ee\u6765\u7ba1\u7406 Linux \u548c Unix \u7cfb\u7edf\u5df2\u6210\u4e3a\u884c\u4e1a\u60ef\u4f8b\u3002SSH \u4f7f\u7528\u5b89\u5168\u7684\u52a0\u5bc6\u539f\u8bed\u8fdb\u884c\u901a\u4fe1\u3002\u9274\u4e8e SSH \u5728\u5178\u578b OpenStack \u90e8\u7f72\u4e2d\u7684\u8303\u56f4\u548c\u91cd\u8981\u6027\uff0c\u4e86\u89e3\u90e8\u7f72 SSH \u7684\u6700\u4f73\u5b9e\u8df5\u975e\u5e38\u91cd\u8981\u3002","title":"\u5b89\u5168\u5916\u58f3 \uff08SSH\uff09"},{"location":"security/security-guide/#_87","text":"\u7ecf\u5e38\u88ab\u5ffd\u89c6\u7684\u662f SSH \u4e3b\u673a\u7684\u5bc6\u94a5\u7ba1\u7406\u9700\u6c42\u3002\u7531\u4e8e OpenStack \u90e8\u7f72\u4e2d\u7684\u5927\u591a\u6570\u6216\u6240\u6709\u4e3b\u673a\u90fd\u5c06\u63d0\u4f9b SSH \u670d\u52a1\uff0c\u56e0\u6b64\u5bf9\u4e0e\u8fd9\u4e9b\u4e3b\u673a\u7684\u8fde\u63a5\u5145\u6ee1\u4fe1\u5fc3\u975e\u5e38\u91cd\u8981\u3002\u4e0d\u80fd\u4f4e\u4f30\u7684\u662f\uff0c\u672a\u80fd\u63d0\u4f9b\u5408\u7406\u5b89\u5168\u4e14\u53ef\u8bbf\u95ee\u7684\u65b9\u6cd5\u6765\u9a8c\u8bc1 SSH \u4e3b\u673a\u5bc6\u94a5\u6307\u7eb9\u662f\u6ee5\u7528\u548c\u5229\u7528\u7684\u6210\u719f\u65f6\u673a\u3002 \u6240\u6709 SSH \u5b88\u62a4\u7a0b\u5e8f\u90fd\u5177\u6709\u4e13\u7528\u4e3b\u673a\u5bc6\u94a5\uff0c\u5e76\u5728\u8fde\u63a5\u65f6\u63d0\u4f9b\u4e3b\u673a\u5bc6\u94a5\u6307\u7eb9\u3002\u6b64\u4e3b\u673a\u5bc6\u94a5\u6307\u7eb9\u662f\u672a\u7b7e\u540d\u516c\u94a5\u7684\u54c8\u5e0c\u503c\u3002\u5728\u4e0e\u8fd9\u4e9b\u4e3b\u673a\u5efa\u7acb SSH \u8fde\u63a5\u4e4b\u524d\uff0c\u5fc5\u987b\u77e5\u9053\u8fd9\u4e9b\u4e3b\u673a\u5bc6\u94a5\u6307\u7eb9\u3002\u9a8c\u8bc1\u4e3b\u673a\u5bc6\u94a5\u6307\u7eb9\u6709\u52a9\u4e8e\u68c0\u6d4b\u4e2d\u95f4\u4eba\u653b\u51fb\u3002 \u901a\u5e38\uff0c\u5728\u5b89\u88c5 SSH \u5b88\u62a4\u7a0b\u5e8f\u65f6\uff0c\u5c06\u751f\u6210\u4e3b\u673a\u5bc6\u94a5\u3002\u5728\u4e3b\u673a\u5bc6\u94a5\u751f\u6210\u8fc7\u7a0b\u4e2d\uff0c\u4e3b\u673a\u5fc5\u987b\u5177\u6709\u8db3\u591f\u7684\u71b5\u3002\u4e3b\u673a\u5bc6\u94a5\u751f\u6210\u671f\u95f4\u7684\u71b5\u4e0d\u8db3\u53ef\u80fd\u5bfc\u81f4\u7a83\u542c SSH \u4f1a\u8bdd\u3002 \u751f\u6210 SSH \u4e3b\u673a\u5bc6\u94a5\u540e\uff0c\u4e3b\u673a\u5bc6\u94a5\u6307\u7eb9\u5e94\u5b58\u50a8\u5728\u5b89\u5168\u4e14\u53ef\u67e5\u8be2\u7684\u4f4d\u7f6e\u3002\u4e00\u4e2a\u7279\u522b\u65b9\u4fbf\u7684\u89e3\u51b3\u65b9\u6848\u662f\u4f7f\u7528 RFC-4255 \u4e2d\u5b9a\u4e49\u7684 SSHFP \u8d44\u6e90\u8bb0\u5f55\u7684 DNS\u3002\u4e3a\u4e86\u5b89\u5168\u8d77\u89c1\uff0c\u6709\u5fc5\u8981\u90e8\u7f72 DNSSEC\u3002","title":"\u4e3b\u673a\u5bc6\u94a5\u6307\u7eb9"},{"location":"security/security-guide/#_88","text":"OpenStack Management Utilities \u662f\u8fdb\u884c API \u8c03\u7528\u7684\u5f00\u6e90 Python \u547d\u4ee4\u884c\u5ba2\u6237\u7aef\u3002\u6bcf\u4e2a OpenStack \u670d\u52a1\u90fd\u6709\u4e00\u4e2a\u5ba2\u6237\u7aef\uff08\u4f8b\u5982\uff0cnova\u3001glance\uff09\u3002\u9664\u4e86\u6807\u51c6\u7684 CLI \u5ba2\u6237\u7aef\u4e4b\u5916\uff0c\u5927\u591a\u6570\u670d\u52a1\u90fd\u5177\u6709\u7ba1\u7406\u547d\u4ee4\u884c\u5b9e\u7528\u7a0b\u5e8f\uff0c\u7528\u4e8e\u76f4\u63a5\u8c03\u7528\u6570\u636e\u5e93\u3002\u8fd9\u4e9b\u4e13\u7528\u7ba1\u7406\u5b9e\u7528\u7a0b\u5e8f\u6b63\u5728\u6162\u6162\u88ab\u5f03\u7528\u3002","title":"\u7ba1\u7406\u5b9e\u7528\u7a0b\u5e8f"},{"location":"security/security-guide/#_89","text":"\u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\uff0c\u4e13\u7528\u7ba1\u7406\u5b9e\u7528\u7a0b\u5e8f \uff08*-manage\uff09 \u4f7f\u7528\u76f4\u63a5\u6570\u636e\u5e93\u8fde\u63a5\u3002 \u786e\u4fdd\u5305\u542b\u51ed\u636e\u4fe1\u606f\u7684 .rc \u6587\u4ef6\u662f\u5b89\u5168\u7684\u3002","title":"\u5b89\u5168\u6ce8\u610f\u4e8b\u9879"},{"location":"security/security-guide/#_90","text":"OpenStack.org\uff0c\u201cOpenStack \u6700\u7ec8\u7528\u6237\u6307\u5357\u201d\u90e8\u5206\u30022016. OpenStack \u547d\u4ee4\u884c\u5ba2\u6237\u7aef\u6982\u8ff0\u3002 OpenStack.org\uff0c\u4f7f\u7528 OpenStack RC \u6587\u4ef6\u8bbe\u7f6e\u73af\u5883\u53d8\u91cf\u30022016. \u4e0b\u8f7d\u5e76\u83b7\u53d6 OpenStack RC \u6587\u4ef6\u3002","title":"\u53c2\u8003\u4e66\u76ee"},{"location":"security/security-guide/#_91","text":"OpenStack \u7ba1\u7406\u4f9d\u8d56\u4e8e\u5e26\u5916\u7ba1\u7406\u63a5\u53e3\uff08\u5982 IPMI \u534f\u8bae\uff09\u6765\u8bbf\u95ee\u8fd0\u884c OpenStack \u7ec4\u4ef6\u7684\u8282\u70b9\u3002IPMI \u662f\u4e00\u79cd\u975e\u5e38\u6d41\u884c\u7684\u89c4\u8303\uff0c\u7528\u4e8e\u8fdc\u7a0b\u7ba1\u7406\u3001\u8bca\u65ad\u548c\u91cd\u65b0\u542f\u52a8\u670d\u52a1\u5668\uff0c\u65e0\u8bba\u64cd\u4f5c\u7cfb\u7edf\u6b63\u5728\u8fd0\u884c\u8fd8\u662f\u7cfb\u7edf\u5d29\u6e83\u3002","title":"\u5e26\u5916\u7ba1\u7406\u63a5\u53e3"},{"location":"security/security-guide/#_92","text":"\u4f7f\u7528\u5f3a\u5bc6\u7801\u5e76\u4fdd\u62a4\u5b83\u4eec\uff0c\u6216\u4f7f\u7528\u5ba2\u6237\u7aef TLS \u8eab\u4efd\u9a8c\u8bc1\u3002 \u786e\u4fdd\u7f51\u7edc\u63a5\u53e3\u4f4d\u4e8e\u5176\u81ea\u5df1\u7684\u4e13\u7528\uff08\u7ba1\u7406\u6216\u5355\u72ec\u7684\uff09\u7f51\u7edc\u4e0a\u3002\u4f7f\u7528\u9632\u706b\u5899\u6216\u5176\u4ed6\u7f51\u7edc\u8bbe\u5907\u9694\u79bb\u7ba1\u7406\u57df\u3002 \u5982\u679c\u60a8\u4f7f\u7528 Web \u754c\u9762\u4e0e BMC/IPMI \u4ea4\u4e92\uff0c\u8bf7\u59cb\u7ec8\u4f7f\u7528 TLS \u63a5\u53e3\uff0c\u4f8b\u5982 HTTPS \u6216\u7aef\u53e3 443\u3002\u6b64 TLS \u63a5\u53e3\u4e0d\u5e94\u4f7f\u7528\u81ea\u7b7e\u540d\u8bc1\u4e66\uff08\u901a\u5e38\u662f\u9ed8\u8ba4\u7684\uff09\uff0c\u4f46\u5e94\u5177\u6709\u4f7f\u7528\u6b63\u786e\u5b9a\u4e49\u7684\u5b8c\u5168\u9650\u5b9a\u57df\u540d \uff08FQDN\uff09 \u7684\u53d7\u4fe1\u4efb\u8bc1\u4e66\u3002 \u76d1\u63a7\u7ba1\u7406\u7f51\u7edc\u4e0a\u7684\u6d41\u91cf\u3002\u4e0e\u7e41\u5fd9\u7684\u8ba1\u7b97\u8282\u70b9\u76f8\u6bd4\uff0c\u5f02\u5e38\u53ef\u80fd\u66f4\u5bb9\u6613\u8ddf\u8e2a\u3002 \u5e26\u5916\u7ba1\u7406\u754c\u9762\u901a\u5e38\u8fd8\u5305\u62ec\u56fe\u5f62\u8ba1\u7b97\u673a\u63a7\u5236\u53f0\u8bbf\u95ee\u3002\u8fd9\u4e9b\u63a5\u53e3\u901a\u5e38\u53ef\u4ee5\u52a0\u5bc6\uff0c\u4f46\u4e0d\u4e00\u5b9a\u662f\u9ed8\u8ba4\u7684\u3002\u8bf7\u53c2\u9605\u7cfb\u7edf\u8f6f\u4ef6\u6587\u6863\u4ee5\u52a0\u5bc6\u8fd9\u4e9b\u63a5\u53e3\u3002","title":"\u5b89\u5168\u6ce8\u610f\u4e8b\u9879"},{"location":"security/security-guide/#_93","text":"SANS \u6280\u672f\u7814\u7a76\u6240\uff0cInfoSec Handlers \u65e5\u8bb0\u535a\u5ba2\u30022012. \u9ed1\u5ba2\u653b\u51fb\u5df2\u5173\u95ed\u7684\u670d\u52a1\u5668\u3002","title":"\u53c2\u8003\u4e66\u76ee"},{"location":"security/security-guide/#_94","text":"\u8bbe\u5907\u95f4\u901a\u4fe1\u662f\u4e00\u4e2a\u4e25\u91cd\u7684\u5b89\u5168\u95ee\u9898\u3002\u5728\u5927\u578b\u9879\u76ee\u9519\u8bef\uff08\u5982 Heartbleed\uff09\u6216\u66f4\u9ad8\u7ea7\u7684\u653b\u51fb\uff08\u5982 BEAST \u548c CRIME\uff09\u4e4b\u95f4\uff0c\u901a\u8fc7\u7f51\u7edc\u8fdb\u884c\u5b89\u5168\u901a\u4fe1\u7684\u65b9\u6cd5\u53d8\u5f97\u8d8a\u6765\u8d8a\u91cd\u8981\u3002\u4f46\u662f\uff0c\u5e94\u8be5\u8bb0\u4f4f\uff0c\u52a0\u5bc6\u5e94\u8be5\u4f5c\u4e3a\u66f4\u5927\u7684\u5b89\u5168\u7b56\u7565\u7684\u4e00\u90e8\u5206\u6765\u5e94\u7528\u3002\u7aef\u70b9\u7684\u5165\u4fb5\u610f\u5473\u7740\u653b\u51fb\u8005\u4e0d\u518d\u9700\u8981\u7834\u574f\u6240\u4f7f\u7528\u7684\u52a0\u5bc6\uff0c\u800c\u662f\u80fd\u591f\u5728\u7cfb\u7edf\u5904\u7406\u6d88\u606f\u65f6\u67e5\u770b\u548c\u64cd\u7eb5\u6d88\u606f\u3002 \u672c\u7ae0\u5c06\u56de\u987e\u6709\u5173\u914d\u7f6e TLS \u4ee5\u4fdd\u62a4\u5185\u90e8\u548c\u5916\u90e8\u8d44\u6e90\u7684\u51e0\u4e2a\u529f\u80fd\uff0c\u5e76\u6307\u51fa\u5e94\u7279\u522b\u6ce8\u610f\u7684\u7279\u5b9a\u7c7b\u522b\u7684\u7cfb\u7edf\u3002 TLS \u548c SSL \u7b80\u4ecb \u8bc1\u4e66\u9881\u53d1\u673a\u6784 TLS \u5e93 \u52a0\u5bc6\u7b97\u6cd5\u3001\u5bc6\u7801\u6a21\u5f0f\u548c\u534f\u8bae \u603b\u7ed3 TLS \u4ee3\u7406\u548c HTTP \u670d\u52a1 \u4f8b\u5b50 HTTP \u4e25\u683c\u4f20\u8f93\u5b89\u5168\u6027 \u5b8c\u7f8e\u524d\u5411\u4fdd\u5bc6 \u5b89\u5168\u53c2\u8003\u67b6\u6784 SSL/TLS \u4ee3\u7406\u5728\u524d\u9762 SSL/TLS \u4e0e API \u7aef\u70b9\u4f4d\u4e8e\u540c\u4e00\u7269\u7406\u4e3b\u673a\u4e0a \u8d1f\u8f7d\u5747\u8861\u5668\u4e0a\u7684 SSL/TLS \u5916\u90e8\u548c\u5185\u90e8\u73af\u5883\u7684\u52a0\u5bc6\u5206\u79bb","title":"\u5b89\u5168\u901a\u4fe1"},{"location":"security/security-guide/#tls-ssl","text":"\u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\uff0c\u9700\u8981\u5b89\u5168\u6765\u786e\u4fdd OpenStack \u90e8\u7f72\u4e2d\u7f51\u7edc\u6d41\u91cf\u7684\u673a\u5bc6\u6027\u6216\u5b8c\u6574\u6027\u3002\u8fd9\u901a\u5e38\u662f\u4f7f\u7528\u52a0\u5bc6\u63aa\u65bd\u5b9e\u73b0\u7684\uff0c\u4f8b\u5982\u4f20\u8f93\u5c42\u5b89\u5168\u6027 \uff08TLS\uff09 \u534f\u8bae\u3002 \u5728\u5178\u578b\u90e8\u7f72\u4e2d\uff0c\u901a\u8fc7\u516c\u5171\u7f51\u7edc\u4f20\u8f93\u7684\u6240\u6709\u6d41\u91cf\u90fd\u662f\u5b89\u5168\u7684\uff0c\u4f46\u5b89\u5168\u6700\u4f73\u5b9e\u8df5\u8981\u6c42\u5185\u90e8\u6d41\u91cf\u4e5f\u5fc5\u987b\u5f97\u5230\u4fdd\u62a4\u3002\u4ec5\u4ec5\u4f9d\u9760\u5b89\u5168\u57df\u5206\u79bb\u8fdb\u884c\u4fdd\u62a4\u662f\u4e0d\u591f\u7684\u3002\u5982\u679c\u653b\u51fb\u8005\u83b7\u5f97\u5bf9\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u6216\u4e3b\u673a\u8d44\u6e90\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u7834\u574f API \u7aef\u70b9\u6216\u4efb\u4f55\u5176\u4ed6\u670d\u52a1\uff0c\u5219\u4ed6\u4eec\u4e00\u5b9a\u65e0\u6cd5\u8f7b\u677e\u6ce8\u5165\u6216\u6355\u83b7\u6d88\u606f\u3001\u547d\u4ee4\u6216\u4ee5\u5176\u4ed6\u65b9\u5f0f\u5f71\u54cd\u4e91\u7684\u7ba1\u7406\u529f\u80fd\u3002 \u6240\u6709\u57df\u90fd\u5e94\u4f7f\u7528 TLS \u8fdb\u884c\u4fdd\u62a4\uff0c\u5305\u62ec\u7ba1\u7406\u57df\u670d\u52a1\u548c\u670d\u52a1\u5185\u901a\u4fe1\u3002TLS \u63d0\u4f9b\u4e86\u786e\u4fdd\u7528\u6237\u4e0e OpenStack \u670d\u52a1\u4e4b\u95f4\u4ee5\u53ca OpenStack \u670d\u52a1\u672c\u8eab\u4e4b\u95f4\u901a\u4fe1\u7684\u8eab\u4efd\u9a8c\u8bc1\u3001\u4e0d\u53ef\u5426\u8ba4\u6027\u3001\u673a\u5bc6\u6027\u548c\u5b8c\u6574\u6027\u7684\u673a\u5236\u3002 \u7531\u4e8e\u5b89\u5168\u5957\u63a5\u5b57\u5c42 \uff08SSL\uff09 \u534f\u8bae\u4e2d\u5df2\u53d1\u5e03\u7684\u6f0f\u6d1e\uff0c\u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\u4f18\u5148\u4f7f\u7528 TLS \u800c\u4e0d\u662f SSL\uff0c\u5e76\u4e14\u5728\u4efb\u4f55\u60c5\u51b5\u4e0b\u90fd\u7981\u7528 SSL\uff0c\u9664\u975e\u9700\u8981\u4e0e\u8fc7\u65f6\u7684\u6d4f\u89c8\u5668\u6216\u5e93\u517c\u5bb9\u3002 \u516c\u94a5\u57fa\u7840\u8bbe\u65bd \uff08PKI\uff09 \u662f\u7528\u4e8e\u4fdd\u62a4\u7f51\u7edc\u901a\u4fe1\u7684\u6846\u67b6\u3002\u5b83\u7531\u4e00\u7ec4\u7cfb\u7edf\u548c\u6d41\u7a0b\u7ec4\u6210\uff0c\u4ee5\u786e\u4fdd\u5728\u9a8c\u8bc1\u5404\u65b9\u8eab\u4efd\u7684\u540c\u65f6\u53ef\u4ee5\u5b89\u5168\u5730\u53d1\u9001\u6d41\u91cf\u3002\u6b64\u5904\u63cf\u8ff0\u7684 PKI \u914d\u7f6e\u6587\u4ef6\u662f\u7531 PKIX \u5de5\u4f5c\u7ec4\u5f00\u53d1\u7684 Internet \u5de5\u7a0b\u4efb\u52a1\u7ec4 \uff08IETF\uff09 \u516c\u94a5\u57fa\u7840\u7ed3\u6784 \uff08PKIX\uff09 \u914d\u7f6e\u6587\u4ef6\u3002PKI\u7684\u6838\u5fc3\u7ec4\u4ef6\u5305\u62ec\uff1a \u6570\u5b57\u8bc1\u4e66 \u7b7e\u540d\u516c\u94a5\u8bc1\u4e66\u662f\u5177\u6709\u5b9e\u4f53\u7684\u53ef\u9a8c\u8bc1\u6570\u636e\u3001\u5176\u516c\u94a5\u4ee5\u53ca\u5176\u4ed6\u4e00\u4e9b\u5c5e\u6027\u7684\u6570\u636e\u7ed3\u6784\u3002\u8fd9\u4e9b\u8bc1\u4e66\u7531\u8bc1\u4e66\u9881\u53d1\u673a\u6784 \uff08CA\uff09 \u9881\u53d1\u3002\u7531\u4e8e\u8bc1\u4e66\u7531\u53d7\u4fe1\u4efb\u7684 CA \u7b7e\u540d\uff0c\u56e0\u6b64\u4e00\u65e6\u9a8c\u8bc1\uff0c\u4e0e\u5b9e\u4f53\u5173\u8054\u7684\u516c\u94a5\u5c06\u4fdd\u8bc1\u4e0e\u6240\u8ff0\u5b9e\u4f53\u76f8\u5173\u8054\u3002\u7528\u4e8e\u5b9a\u4e49\u8fd9\u4e9b\u8bc1\u4e66\u7684\u6700\u5e38\u89c1\u6807\u51c6\u662f X.509 \u6807\u51c6\u3002X.509 v3 \u662f\u5f53\u524d\u7684\u6807\u51c6\uff0c\u5728 RFC5280 \u4e2d\u8fdb\u884c\u4e86\u8be6\u7ec6\u63cf\u8ff0\u3002\u8bc1\u4e66\u7531 CA \u9881\u53d1\uff0c\u4f5c\u4e3a\u8bc1\u660e\u5728\u7ebf\u5b9e\u4f53\u8eab\u4efd\u7684\u673a\u5236\u3002CA \u901a\u8fc7\u4ece\u8bc1\u4e66\u521b\u5efa\u6d88\u606f\u6458\u8981\u5e76\u4f7f\u7528\u5176\u79c1\u94a5\u5bf9\u6458\u8981\u8fdb\u884c\u52a0\u5bc6\uff0c\u5bf9\u8bc1\u4e66\u8fdb\u884c\u6570\u5b57\u7b7e\u540d\u3002 \u7ed3\u675f\u5b9e\u4f53 \u4f5c\u4e3a\u8bc1\u4e66\u4e3b\u9898\u7684\u7528\u6237\u3001\u8fdb\u7a0b\u6216\u7cfb\u7edf\u3002\u6700\u7ec8\u5b9e\u4f53\u5c06\u5176\u8bc1\u4e66\u8bf7\u6c42\u53d1\u9001\u5230\u6ce8\u518c\u673a\u6784 \uff08RA\uff09 \u8fdb\u884c\u5ba1\u6279\u3002\u5982\u679c\u83b7\u5f97\u6279\u51c6\uff0cRA \u4f1a\u5c06\u8bf7\u6c42\u8f6c\u53d1\u7ed9\u8bc1\u4e66\u9881\u53d1\u673a\u6784 \uff08CA\uff09\u3002\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u9a8c\u8bc1\u8bf7\u6c42\uff0c\u5982\u679c\u4fe1\u606f\u6b63\u786e\uff0c\u5219\u751f\u6210\u8bc1\u4e66\u5e76\u7b7e\u540d\u3002\u7136\u540e\uff0c\u6b64\u7b7e\u540d\u8bc1\u4e66\u5c06\u53d1\u9001\u5230\u8bc1\u4e66\u5b58\u50a8\u5e93\u3002 \u4fe1\u8d56\u65b9 \u63a5\u6536\u6570\u5b57\u7b7e\u540d\u8bc1\u4e66\u7684\u7ec8\u7ed3\u70b9\uff0c\u8be5\u8bc1\u4e66\u53ef\u53c2\u8003\u8bc1\u4e66\u4e0a\u5217\u51fa\u7684\u516c\u94a5\u8fdb\u884c\u9a8c\u8bc1\u3002\u4fe1\u8d56\u65b9\u5e94\u80fd\u591f\u9a8c\u8bc1\u8bc1\u4e66\u7684\u94fe\u4e0a\uff0c\u786e\u4fdd\u5b83\u4e0d\u5b58\u5728\u4e8e CRL \u4e2d\uff0c\u5e76\u4e14\u8fd8\u5fc5\u987b\u80fd\u591f\u9a8c\u8bc1\u8bc1\u4e66\u7684\u5230\u671f\u65e5\u671f\u3002 \u8bc1\u4e66\u9881\u53d1\u673a\u6784 \uff08CA\uff09 CA \u662f\u53d7\u4fe1\u4efb\u7684\u5b9e\u4f53\uff0c\u65e0\u8bba\u662f\u6700\u7ec8\u65b9\u8fd8\u662f\u4f9d\u8d56\u8bc1\u4e66\u8fdb\u884c\u8bc1\u4e66\u7b56\u7565\u3001\u7ba1\u7406\u5904\u7406\u548c\u8bc1\u4e66\u9881\u53d1\u7684\u4e00\u65b9\u3002 \u6ce8\u518c\u673a\u6784 \uff08RA\uff09 CA \u5c06\u67d0\u4e9b\u7ba1\u7406\u529f\u80fd\u59d4\u6d3e\u7ed9\u7684\u53ef\u9009\u7cfb\u7edf\uff0c\u8fd9\u5305\u62ec\u5728 CA \u9881\u53d1\u8bc1\u4e66\u4e4b\u524d\u5bf9\u7ec8\u7aef\u5b9e\u4f53\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u7b49\u529f\u80fd\u3002 \u8bc1\u4e66\u540a\u9500\u5217\u8868 \uff08CRL\uff09 \u8bc1\u4e66\u540a\u9500\u5217\u8868 \uff08CRL\uff09 \u662f\u5df2\u540a\u9500\u7684\u8bc1\u4e66\u5e8f\u5217\u53f7\u5217\u8868\u3002\u5728 PKI \u6a21\u578b\u4e2d\uff0c\u4e0d\u5e94\u4fe1\u4efb\u63d0\u4f9b\u8fd9\u4e9b\u8bc1\u4e66\u7684\u6700\u7ec8\u5b9e\u4f53\u3002\u540a\u9500\u53ef\u80fd\u7531\u4e8e\u591a\u79cd\u539f\u56e0\u800c\u53d1\u751f\uff0c\u4f8b\u5982\u5bc6\u94a5\u6cc4\u9732\u3001CA \u6cc4\u9732\u3002 CRL \u53d1\u884c\u4eba CA \u5c06\u8bc1\u4e66\u540a\u9500\u5217\u8868\u7684\u53d1\u5e03\u59d4\u6258\u7ed9\u7684\u53ef\u9009\u7cfb\u7edf\u3002 \u8bc1\u4e66\u5b58\u50a8\u5e93 \u5b58\u50a8\u548c\u67e5\u627e\u6700\u7ec8\u5b9e\u4f53\u8bc1\u4e66\u548c\u8bc1\u4e66\u540a\u9500\u5217\u8868\u7684\u4f4d\u7f6e - \u6709\u65f6\u79f0\u4e3a\u8bc1\u4e66\u6346\u7ed1\u5305\u3002 PKI \u6784\u5efa\u4e86\u4e00\u4e2a\u6846\u67b6\uff0c\u7528\u4e8e\u63d0\u4f9b\u52a0\u5bc6\u7b97\u6cd5\u3001\u5bc6\u7801\u6a21\u5f0f\u548c\u534f\u8bae\uff0c\u4ee5\u4fdd\u62a4\u6570\u636e\u548c\u8eab\u4efd\u9a8c\u8bc1\u3002\u5f3a\u70c8\u5efa\u8bae\u4f7f\u7528\u516c\u94a5\u57fa\u7840\u7ed3\u6784 \uff08PKI\uff09 \u4fdd\u62a4\u6240\u6709\u670d\u52a1\uff0c\u5305\u62ec\u5bf9 API \u7ec8\u7ed3\u70b9\u4f7f\u7528 TLS\u3002\u4ec5\u9760\u4f20\u8f93\u6216\u6d88\u606f\u7684\u52a0\u5bc6\u6216\u7b7e\u540d\u662f\u4e0d\u53ef\u80fd\u89e3\u51b3\u6240\u6709\u8fd9\u4e9b\u95ee\u9898\u7684\u3002\u4e3b\u673a\u672c\u8eab\u5fc5\u987b\u662f\u5b89\u5168\u7684\uff0c\u5e76\u5b9e\u65bd\u7b56\u7565\u3001\u547d\u540d\u7a7a\u95f4\u548c\u5176\u4ed6\u63a7\u5236\u63aa\u65bd\u6765\u4fdd\u62a4\u5176\u79c1\u6709\u51ed\u636e\u548c\u5bc6\u94a5\u3002\u4f46\u662f\uff0c\u5bc6\u94a5\u7ba1\u7406\u548c\u4fdd\u62a4\u7684\u6311\u6218\u5e76\u6ca1\u6709\u51cf\u5c11\u8fd9\u4e9b\u63a7\u5236\u7684\u5fc5\u8981\u6027\uff0c\u4e5f\u6ca1\u6709\u964d\u4f4e\u5b83\u4eec\u7684\u91cd\u8981\u6027\u3002","title":"TLS \u548c SSL \u7b80\u4ecb"},{"location":"security/security-guide/#_95","text":"\u8bb8\u591a\u7ec4\u7ec7\u90fd\u5efa\u7acb\u4e86\u516c\u94a5\u57fa\u7840\u8bbe\u65bd\uff0c\u5176\u4e2d\u5305\u542b\u81ea\u5df1\u7684\u8bc1\u4e66\u9881\u53d1\u673a\u6784 \uff08CA\uff09\u3001\u8bc1\u4e66\u7b56\u7565\u548c\u7ba1\u7406\uff0c\u4ed6\u4eec\u5e94\u8be5\u4f7f\u7528\u8fd9\u4e9b\u8bc1\u4e66\u4e3a\u5185\u90e8 OpenStack \u7528\u6237\u6216\u670d\u52a1\u9881\u53d1\u8bc1\u4e66\u3002\u516c\u5171\u5b89\u5168\u57df\u9762\u5411 Internet \u7684\u7ec4\u7ec7\u8fd8\u9700\u8981\u7531\u5e7f\u6cdb\u8ba4\u53ef\u7684\u516c\u5171 CA \u7b7e\u540d\u7684\u8bc1\u4e66\u3002\u5bf9\u4e8e\u901a\u8fc7\u7ba1\u7406\u7f51\u7edc\u8fdb\u884c\u7684\u52a0\u5bc6\u901a\u4fe1\uff0c\u5efa\u8bae\u4e0d\u8981\u4f7f\u7528\u516c\u5171 CA\u3002\u76f8\u53cd\uff0c\u6211\u4eec\u671f\u671b\u5e76\u5efa\u8bae\u5927\u591a\u6570\u90e8\u7f72\u90e8\u7f72\u81ea\u5df1\u7684\u5185\u90e8 CA\u3002 \u5efa\u8bae OpenStack \u4e91\u67b6\u6784\u5e08\u8003\u8651\u5bf9\u5185\u90e8\u7cfb\u7edf\u548c\u9762\u5411\u5ba2\u6237\u7684\u670d\u52a1\u4f7f\u7528\u5355\u72ec\u7684 PKI \u90e8\u7f72\u3002\u8fd9\u4f7f\u4e91\u90e8\u7f72\u4eba\u5458\u80fd\u591f\u4fdd\u6301\u5bf9\u5176 PKI \u57fa\u7840\u8bbe\u65bd\u7684\u63a7\u5236\uff0c\u5e76\u4e14\u4f7f\u5185\u90e8\u7cfb\u7edf\u7684\u8bc1\u4e66\u8bf7\u6c42\u3001\u7b7e\u540d\u548c\u90e8\u7f72\u53d8\u5f97\u66f4\u52a0\u5bb9\u6613\u3002\u9ad8\u7ea7\u914d\u7f6e\u53ef\u4ee5\u5bf9\u4e0d\u540c\u7684\u5b89\u5168\u57df\u4f7f\u7528\u5355\u72ec\u7684 PKI \u90e8\u7f72\u3002\u8fd9\u5141\u8bb8\u90e8\u7f72\u4eba\u5458\u4fdd\u6301\u73af\u5883\u7684\u52a0\u5bc6\u9694\u79bb\uff0c\u786e\u4fdd\u9881\u53d1\u7ed9\u4e00\u4e2a\u73af\u5883\u7684\u8bc1\u4e66\u4e0d\u88ab\u53e6\u4e00\u4e2a\u73af\u5883\u8bc6\u522b\u3002 \u7528\u4e8e\u5728\u9762\u5411 Internet \u7684\u4e91\u7aef\u70b9\uff08\u6216\u5ba2\u6237\u63a5\u53e3\uff0c\u5176\u4e2d\u5ba2\u6237\u9884\u8ba1\u4e0d\u4f1a\u5b89\u88c5\u9664\u6807\u51c6\u64cd\u4f5c\u7cfb\u7edf\u63d0\u4f9b\u7684\u8bc1\u4e66\u6346\u7ed1\u5305\u4ee5\u5916\u7684\u4efb\u4f55\u5185\u5bb9\uff09\u4e0a\u652f\u6301 TLS \u7684\u8bc1\u4e66\u5e94\u4f7f\u7528\u5b89\u88c5\u5728\u64cd\u4f5c\u7cfb\u7edf\u8bc1\u4e66\u6346\u7ed1\u5305\u4e2d\u7684\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u8fdb\u884c\u9884\u914d\u3002\u5178\u578b\u7684\u77e5\u540d\u4f9b\u5e94\u5546\u5305\u62ec Let's Encrypt\u3001Verisign \u548c Thawte\uff0c\u4f46\u8fd8\u6709\u8bb8\u591a\u5176\u4ed6\u4f9b\u5e94\u5546\u3002 \u5728\u521b\u5efa\u548c\u7b7e\u7f72\u8bc1\u4e66\u65b9\u9762\u5b58\u5728\u7ba1\u7406\u3001\u7b56\u7565\u548c\u6280\u672f\u65b9\u9762\u7684\u6311\u6218\u3002\u5728\u8fd9\u4e2a\u9886\u57df\uff0c\u4e91\u67b6\u6784\u5e08\u6216\u64cd\u4f5c\u5458\u53ef\u80fd\u5e0c\u671b\u5bfb\u6c42\u884c\u4e1a\u9886\u5bfc\u8005\u548c\u4f9b\u5e94\u5546\u7684\u5efa\u8bae\uff0c\u4ee5\u53ca\u6b64\u5904\u63a8\u8350\u7684\u6307\u5bfc\u3002","title":"\u8bc1\u4e66\u9881\u53d1\u673a\u6784"},{"location":"security/security-guide/#tls","text":"OpenStack \u751f\u6001\u7cfb\u7edf\u4e2d\u7684\u7ec4\u4ef6\u3001\u670d\u52a1\u548c\u5e94\u7528\u7a0b\u5e8f\u6216 OpenStack \u7684\u4f9d\u8d56\u9879\u5df2\u5b9e\u73b0\u6216\u53ef\u4ee5\u914d\u7f6e\u4e3a\u4f7f\u7528 TLS \u5e93\u3002OpenStack \u4e2d\u7684 TLS \u548c HTTP \u670d\u52a1\u901a\u5e38\u4f7f\u7528 OpenSSL \u5b9e\u73b0\uff0cOpenSSL \u5177\u6709\u5df2\u9488\u5bf9 FIPS 140-2 \u9a8c\u8bc1\u7684\u6a21\u5757\u3002\u4f46\u662f\uff0c\u8bf7\u8bb0\u4f4f\uff0c\u6bcf\u4e2a\u5e94\u7528\u7a0b\u5e8f\u6216\u670d\u52a1\u5728\u4f7f\u7528 OpenSSL \u5e93\u7684\u65b9\u5f0f\u4e0a\u4ecd\u53ef\u80fd\u5f15\u5165\u5f31\u70b9\u3002","title":"TLS \u5e93"},{"location":"security/security-guide/#_96","text":"\u5efa\u8bae\u81f3\u5c11\u4f7f\u7528 TLS 1.2\u3002\u65e7\u7248\u672c\uff08\u5982 TLS 1.0\u30011.1 \u548c\u6240\u6709\u7248\u672c\u7684 SSL\uff08TLS \u7684\u524d\u8eab\uff09\u5bb9\u6613\u53d7\u5230\u591a\u79cd\u516c\u5f00\u5df2\u77e5\u7684\u653b\u51fb\uff0c\u56e0\u6b64\u4e0d\u5f97\u4f7f\u7528\u3002TLS 1.2 \u53ef\u7528\u4e8e\u5e7f\u6cdb\u7684\u5ba2\u6237\u7aef\u517c\u5bb9\u6027\uff0c\u4f46\u5728\u542f\u7528\u6b64\u534f\u8bae\u65f6\u8981\u5c0f\u5fc3\u3002\u4ec5\u5f53\u5b58\u5728\u5f3a\u5236\u6027\u517c\u5bb9\u6027\u8981\u6c42\u5e76\u4e14\u60a8\u4e86\u89e3\u6240\u6d89\u53ca\u7684\u98ce\u9669\u65f6\uff0c\u624d\u542f\u7528 TLS \u7248\u672c 1.1\u3002 \u4f7f\u7528 TLS 1.2 \u5e76\u540c\u65f6\u63a7\u5236\u5ba2\u6237\u7aef\u548c\u670d\u52a1\u5668\u65f6\uff0c\u5bc6\u7801\u5957\u4ef6\u5e94\u9650\u5236\u4e3a ECDHE-ECDSA-AES256-GCM-SHA384 .\u5728\u4e0d\u63a7\u5236\u8fd9\u4e24\u4e2a\u7ec8\u7ed3\u70b9\u5e76\u4f7f\u7528 TLS 1.1 \u6216 1.2 \u7684\u60c5\u51b5\u4e0b\uff0c\u66f4\u901a\u7528 HIGH:!aNULL:!eNULL:!DES:!3DES:!SSLv3:!TLSv1:!CAMELLIA \u7684\u662f\u5408\u7406\u7684\u5bc6\u7801\u9009\u62e9\u3002 \u4f46\u662f\uff0c\u7531\u4e8e\u672c\u4e66\u5e76\u4e0d\u6253\u7b97\u5168\u9762\u4ecb\u7ecd\u5bc6\u7801\u5b66\uff0c\u56e0\u6b64\u6211\u4eec\u4e0d\u5e0c\u671b\u89c4\u5b9a\u5728OpenStack\u670d\u52a1\u4e2d\u5e94\u8be5\u542f\u7528\u6216\u7981\u7528\u54ea\u4e9b\u7279\u5b9a\u7684\u7b97\u6cd5\u6216\u5bc6\u7801\u6a21\u5f0f\u3002\u6211\u4eec\u60f3\u63a8\u8350\u4e00\u4e9b\u6743\u5a01\u7684\u53c2\u8003\u8d44\u6599\uff0c\u4ee5\u63d0\u4f9b\u66f4\u591a\u4fe1\u606f\uff1a \u56fd\u5bb6\u5b89\u5168\u5c40\uff0cSuite B \u5bc6\u7801\u5b66 OWASP\u5bc6\u7801\u5b66\u6307\u5357 OWASP \u4f20\u8f93\u5c42\u4fdd\u62a4\u5907\u5fd8\u5355 SoK\uff1aSSL \u548c HTTPS\uff1a\u91cd\u6e29\u8fc7\u53bb\u7684\u6311\u6218\u5e76\u8bc4\u4f30\u8bc1\u4e66\u4fe1\u4efb\u6a21\u578b\u589e\u5f3a\u529f\u80fd \u4e16\u754c\u4e0a\u6700\u5371\u9669\u7684\u4ee3\u7801\uff1a\u5728\u975e\u6d4f\u89c8\u5668\u8f6f\u4ef6\u4e2d\u9a8c\u8bc1SSL\u8bc1\u4e66 OpenSSL \u548c FIPS 140-2","title":"\u52a0\u5bc6\u7b97\u6cd5\u3001\u5bc6\u7801\u6a21\u5f0f\u548c\u534f\u8bae"},{"location":"security/security-guide/#_97","text":"\u9274\u4e8e OpenStack \u7ec4\u4ef6\u7684\u590d\u6742\u6027\u548c\u90e8\u7f72\u53ef\u80fd\u6027\u7684\u6570\u91cf\uff0c\u60a8\u5fc5\u987b\u6ce8\u610f\u786e\u4fdd\u6bcf\u4e2a\u7ec4\u4ef6\u90fd\u83b7\u5f97 TLS \u8bc1\u4e66\u3001\u5bc6\u94a5\u548c CA \u7684\u9002\u5f53\u914d\u7f6e\u3002\u540e\u7eed\u90e8\u5206\u5c06\u8ba8\u8bba\u4ee5\u4e0b\u670d\u52a1\uff1a \u8ba1\u7b97 API \u7aef\u70b9 \u8eab\u4efd API \u7aef\u70b9 \u7f51\u7edc API \u7aef\u70b9 \u5b58\u50a8 API \u7aef\u70b9 \u6d88\u606f\u670d\u52a1\u5668 \u6570\u636e\u5e93\u670d\u52a1\u5668 \u4eea\u8868\u677f","title":"\u603b\u7ed3"},{"location":"security/security-guide/#tls-http","text":"OpenStack\u7684\u7ec8\u7aef\u662f\u63d0\u4f9bAPI\u7ed9\u516c\u5171\u7f51\u7edc\u4e0a\u7684\u7ec8\u7aef\u7528\u6237\u548c\u7ba1\u7406\u7f51\u7edc\u4e0a\u7684\u5176\u4ed6OpenStack\u670d\u52a1\u7684HTTP\u670d\u52a1\u3002\u5f3a\u70c8\u5efa\u8bae\u6240\u6709\u8fd9\u4e9b\u8bf7\u6c42\uff0c\u65e0\u8bba\u662f\u5185\u90e8\u8fd8\u662f\u5916\u90e8\uff0c\u90fd\u4f7f\u7528TLS\u8fdb\u884c\u64cd\u4f5c\u3002\u4e3a\u4e86\u5b9e\u73b0\u8fd9\u4e2a\u76ee\u6807\uff0cAPI\u670d\u52a1\u5fc5\u987b\u90e8\u7f72\u5728TLS\u4ee3\u7406\u540e\u9762\uff0c\u8be5\u4ee3\u7406\u80fd\u591f\u5efa\u7acb\u548c\u7ec8\u6b62TLS\u4f1a\u8bdd\u3002\u4e0b\u8868\u63d0\u4f9b\u4e86\u53ef\u7528\u4e8e\u6b64\u76ee\u7684\u7684\u5f00\u6e90\u8f6f\u4ef6\u7684\u975e\u8be6\u5c3d\u5217\u8868\uff1a Pound Stud Nginx Apache httpd \u5728\u8f6f\u4ef6\u7ec8\u7aef\u6027\u80fd\u4e0d\u8db3\u7684\u60c5\u51b5\u4e0b\uff0c\u786c\u4ef6\u52a0\u901f\u5668\u53ef\u80fd\u503c\u5f97\u63a2\u7d22\u4f5c\u4e3a\u66ff\u4ee3\u9009\u9879\u3002\u8bf7\u52a1\u5fc5\u6ce8\u610f\u4efb\u4f55\u9009\u5b9a\u7684 TLS \u4ee3\u7406\u5c06\u5904\u7406\u7684\u8bf7\u6c42\u7684\u5927\u5c0f\u3002","title":"TLS \u4ee3\u7406\u548c HTTP \u670d\u52a1"},{"location":"security/security-guide/#_98","text":"\u4e0b\u9762\u6211\u4eec\u63d0\u4f9b\u4e86\u4e00\u4e9b\u66f4\u6d41\u884c\u7684 Web \u670d\u52a1\u5668/TLS \u7ec8\u7ed3\u5668\u4e2d\u542f\u7528 TLS \u7684\u63a8\u8350\u914d\u7f6e\u8bbe\u7f6e\u793a\u4f8b\u3002 \u5728\u6df1\u5165\u7814\u7a76\u914d\u7f6e\u4e4b\u524d\uff0c\u6211\u4eec\u7b80\u8981\u8ba8\u8bba\u5bc6\u7801\u7684\u914d\u7f6e\u5143\u7d20\u53ca\u5176\u683c\u5f0f\u3002\u6709\u5173\u53ef\u7528\u5bc6\u7801\u548c OpenSSL \u5bc6\u7801\u5217\u8868\u683c\u5f0f\u7684\u66f4\u8be6\u5c3d\u5904\u7406\uff0c\u8bf7\u53c2\u9605\uff1a\u5bc6\u7801\u3002 ciphers = \"HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM\" \u6216 ciphers = \"kEECDH:kEDH:kRSA:HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM\" \u5bc6\u7801\u5b57\u7b26\u4e32\u9009\u9879\u7531 \u201c\uff1a\u201d \u5206\u9694\uff0c\u800c \u201c\uff01\u201d \u63d0\u4f9b\u7d27\u63a5\u7740\u7684\u5143\u7d20\u7684\u5426\u5b9a\u3002\u5143\u7d20\u987a\u5e8f\u6307\u793a\u9996\u9009\u9879\uff0c\u9664\u975e\u88ab\u9650\u5b9a\u7b26\uff08\u5982 HIGH\uff09\u8986\u76d6\u3002\u8ba9\u6211\u4eec\u4ed4\u7ec6\u770b\u770b\u4e0a\u9762\u793a\u4f8b\u5b57\u7b26\u4e32\u4e2d\u7684\u5143\u7d20\u3002 kEECDH:kEDH \u4e34\u65f6\u692d\u5706\u66f2\u7ebf Diffie-Hellman\uff08\u7f29\u5199\u4e3a EECDH \u548c ECDHE\uff09\u3002 Ephemeral Diffie-Hellman\uff08\u7f29\u5199\u4e3a EDH \u6216 DHE\uff09\u4f7f\u7528\u7d20\u6570\u573a\u7fa4\u3002 \u8fd9\u4e24\u79cd\u65b9\u6cd5\u90fd\u63d0\u4f9b\u5b8c\u5168\u524d\u5411\u4fdd\u5bc6 \uff08PFS\uff09\u3002\u6709\u5173\u6b63\u786e\u914d\u7f6e PFS \u7684\u66f4\u591a\u8ba8\u8bba\uff0c\u8bf7\u53c2\u9605\u5b8c\u5168\u524d\u5411\u4fdd\u5bc6\u3002 \u4e34\u65f6\u692d\u5706\u66f2\u7ebf\u8981\u6c42\u670d\u52a1\u5668\u914d\u7f6e\u547d\u540d\u66f2\u7ebf\uff0c\u5e76\u63d0\u4f9b\u6bd4\u4e3b\u5b57\u6bb5\u7ec4\u66f4\u597d\u7684\u5b89\u5168\u6027\u548c\u66f4\u4f4e\u7684\u8ba1\u7b97\u6210\u672c\u3002\u4f46\u662f\uff0c\u4e3b\u8981\u5b57\u6bb5\u7ec4\u7684\u5b9e\u73b0\u8303\u56f4\u66f4\u5e7f\uff0c\u56e0\u6b64\u901a\u5e38\u4e24\u8005\u90fd\u5305\u542b\u5728\u5217\u8868\u4e2d\u3002 kRSA \u5206\u522b\u4f7f\u7528 RSA \u4ea4\u6362\u3001\u8eab\u4efd\u9a8c\u8bc1\u6216\u4e24\u8005\u4e4b\u4e00\u7684\u5bc6\u7801\u5957\u4ef6\u3002 HIGH \u5728\u534f\u5546\u9636\u6bb5\u9009\u62e9\u53ef\u80fd\u7684\u6700\u9ad8\u5b89\u5168\u5bc6\u7801\u3002\u8fd9\u4e9b\u5bc6\u94a5\u901a\u5e38\u5177\u6709\u957f\u5ea6\u4e3a 128 \u4f4d\u6216\u66f4\u957f\u7684\u5bc6\u94a5\u3002 !RC4 \u6ca1\u6709 RC4\u3002RC4 \u5728 TLS V3 \u7684\u4e0a\u4e0b\u6587\u4e2d\u5b58\u5728\u7f3a\u9677\u3002\u8bf7\u53c2\u9605 TLS \u548c WPA \u4e2d RC4 \u7684\u5b89\u5168\u6027\u3002 !MD5 \u6ca1\u6709 MD5\u3002MD5 \u4e0d\u5177\u6709\u9632\u51b2\u7a81\u529f\u80fd\uff0c\u56e0\u6b64\u4e0d\u63a5\u53d7\u6d88\u606f\u9a8c\u8bc1\u7801 \uff08MAC\uff09 \u6216\u7b7e\u540d\u3002 !aNULL:!eNULL Disallows clear text. \u4e0d\u5141\u8bb8\u660e\u6587\u3002 !EXP \u4e0d\u5141\u8bb8\u5bfc\u51fa\u52a0\u5bc6\u7b97\u6cd5\uff0c\u8fd9\u4e9b\u7b97\u6cd5\u5728\u8bbe\u8ba1\u4e0a\u5f80\u5f80\u5f88\u5f31\uff0c\u901a\u5e38\u4f7f\u7528 40 \u4f4d\u548c 56 \u4f4d\u5bc6\u94a5\u3002 \u7f8e\u56fd\u5bf9\u5bc6\u7801\u5b66\u7cfb\u7edf\u7684\u51fa\u53e3\u9650\u5236\u5df2\u88ab\u53d6\u6d88\uff0c\u4e0d\u518d\u9700\u8981\u652f\u6301\u3002 !LOW:!MEDIUM \u4e0d\u5141\u8bb8\u4f7f\u7528\u4f4e\uff0856 \u6216 64 \u4f4d\u957f\u5bc6\u94a5\uff09\u548c\u4e2d\u7b49\uff08128 \u4f4d\u957f\u5bc6\u94a5\uff09\u5bc6\u7801\uff0c\u56e0\u4e3a\u5b83\u4eec\u5bb9\u6613\u53d7\u5230\u66b4\u529b\u653b\u51fb\uff08\u793a\u4f8b 2-DES\uff09\u3002\u6b64\u89c4\u5219\u4ecd\u5141\u8bb8\u4e09\u91cd\u6570\u636e\u52a0\u5bc6\u6807\u51c6 \uff08Triple DES\uff09\uff0c\u4e5f\u79f0\u4e3a\u4e09\u91cd\u6570\u636e\u52a0\u5bc6\u7b97\u6cd5 \uff08TDEA\uff09 \u548c\u9ad8\u7ea7\u52a0\u5bc6\u6807\u51c6 \uff08AES\uff09\uff0c\u6bcf\u4e2a\u6807\u51c6\u90fd\u5177\u6709\u5927\u4e8e\u7b49\u4e8e 128 \u4f4d\u7684\u5bc6\u94a5\uff0c\u56e0\u6b64\u66f4\u5b89\u5168\u3002 Protocols \u534f\u8bae\u901a\u8fc7SSL_CTX_set_options\u542f\u7528/\u7981\u7528\u3002\u5efa\u8bae\u7981\u7528 SSLv2/v3 \u5e76\u542f\u7528 TLS\u3002","title":"\u793a\u4f8b"},{"location":"security/security-guide/#pound","text":"\u6b64 Pound \u793a\u4f8b\u542f\u7528 AES-NI \u52a0\u901f\uff0c\u8fd9\u6709\u52a9\u4e8e\u63d0\u9ad8\u5177\u6709\u652f\u6301\u6b64\u529f\u80fd\u7684\u5904\u7406\u5668\u7684\u7cfb\u7edf\u7684\u6027\u80fd\u3002\u9ed8\u8ba4\u914d\u7f6e\u6587\u4ef6\u4f4d\u4e8e /etc/pound/pound.cfg Ubuntu\u3001RHEL\u3001CentOS\u3001 /etc/pound.cfg openSUSE \u548c SUSE Linux Enterprise \u4e0a\u3002 ## see pound(8) for details daemon 1 ###################################################################### ## global options: User \"swift\" Group \"swift\" #RootJail \"/chroot/pound\" ## Logging: (goes to syslog by default) ## 0 no logging ## 1 normal ## 2 extended ## 3 Apache-style (common log format) LogLevel 0 ## turn on dynamic scaling (off by default) # Dyn Scale 1 ## check backend every X secs: Alive 30 ## client timeout #Client 10 ## allow 10 second proxy connect time ConnTO 10 ## use hardware-acceleration card supported by openssl(1): SSLEngine \"aesni\" # poundctl control socket Control \"/var/run/pound/poundctl.socket\" ###################################################################### ## listen, redirect and ... to: ## redirect all swift requests on port 443 to local swift proxy ListenHTTPS Address 0.0.0.0 Port 443 Cert \"/etc/pound/cert.pem\" ## Certs to accept from clients ## CAlist \"CA_file\" ## Certs to use for client verification ## VerifyList \"Verify_file\" ## Request client cert - don't verify ## Ciphers \"AES256-SHA\" ## allow PUT and DELETE also (by default only GET, POST and HEAD)?: NoHTTPS11 0 ## allow PUT and DELETE also (by default only GET, POST and HEAD)?: xHTTP 1 Service BackEnd Address 127.0.0.1 Port 80 End End End","title":"Pound"},{"location":"security/security-guide/#stud","text":"\u5bc6\u7801\u884c\u53ef\u4ee5\u6839\u636e\u60a8\u7684\u9700\u8981\u8fdb\u884c\u8c03\u6574\uff0c\u4f46\u8fd9\u662f\u4e00\u4e2a\u5408\u7406\u7684\u8d77\u70b9\u3002\u9ed8\u8ba4\u914d\u7f6e\u6587\u4ef6\u4f4d\u4e8e\u76ee\u5f55\u4e2d /etc/stud \u3002\u4f46\u662f\uff0c\u9ed8\u8ba4\u60c5\u51b5\u4e0b\u4e0d\u63d0\u4f9b\u5b83\u3002 # SSL x509 certificate file. pem-file = \" # SSL protocol. tls = on ssl = off # List of allowed SSL ciphers. # OpenSSL's high-strength ciphers which require authentication # NOTE: forbids clear text, use of RC4 or MD5 or LOW and MEDIUM strength ciphers ciphers = \"HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM\" # Enforce server cipher list order prefer-server-ciphers = on # Number of worker processes workers = 4 # Listen backlog size backlog = 1000 # TCP socket keepalive interval in seconds keepalive = 3600 # Chroot directory chroot = \"\" # Set uid after binding a socket user = \"www-data\" # Set gid after binding a socket group = \"www-data\" # Quiet execution, report only error messages quiet = off # Use syslog for logging syslog = on # Syslog facility to use syslog-facility = \"daemon\" # Run as daemon daemon = off # Report client address using SENDPROXY protocol for haproxy # Disabling this until we upgrade to HAProxy 1.5 write-proxy = off","title":"Stud"},{"location":"security/security-guide/#nginx","text":"\u6b64 Nginx \u793a\u4f8b\u9700\u8981 TLS v1.1 \u6216 v1.2 \u624d\u80fd\u83b7\u5f97\u6700\u5927\u7684\u5b89\u5168\u6027\u3002\u53ef\u4ee5\u6839\u636e\u60a8\u7684\u9700\u8981\u8c03\u6574\u751f\u4ea7\u7ebf ssl_ciphers \uff0c\u4f46\u8fd9\u662f\u4e00\u4e2a\u5408\u7406\u7684\u8d77\u70b9\u3002\u7f3a\u7701\u914d\u7f6e\u6587\u4ef6\u4e3a /etc/nginx/nginx.conf \u3002 server { listen : ssl; ssl_certificate ; ssl_certificate_key ; ssl_protocols TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM ssl_session_tickets off; server_name _; keepalive_timeout 5; location / { } }","title":"Nginx"},{"location":"security/security-guide/#apache","text":"\u9ed8\u8ba4\u914d\u7f6e\u6587\u4ef6\u4f4d\u4e8e /etc/apache2/apache2.conf Ubuntu\u3001RHEL \u548c CentOS\u3001 /etc/httpd/conf/httpd.conf /etc/apache2/httpd.conf openSUSE \u548c SUSE Linux Enterprise \u4e0a\u3002 <VirtualHost <ip address>:80> ServerName <site FQDN> RedirectPermanent / https://<site FQDN>/ </VirtualHost> <VirtualHost <ip address>:443> ServerName <site FQDN> SSLEngine On SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2 SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM SSLCertificateFile /path/<site FQDN>.crt SSLCACertificateFile /path/<site FQDN>.crt SSLCertificateKeyFile /path/<site FQDN>.key WSGIScriptAlias / <WSGI script location> WSGIDaemonProcess horizon user=<user> group=<group> processes=3 threads=10 Alias /static <static files location> <Directory <WSGI dir>> # For http server 2.2 and earlier: Order allow,deny Allow from all # Or, in Apache http server 2.4 and later: # Require all granted </Directory> </VirtualHost> Apache \u4e2d\u7684\u8ba1\u7b97 API SSL \u7aef\u70b9\uff0c\u5fc5\u987b\u4e0e\u7b80\u77ed\u7684 WSGI \u811a\u672c\u914d\u5bf9\u3002 <VirtualHost <ip address>:8447> ServerName <site FQDN> SSLEngine On SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2 SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM SSLCertificateFile /path/<site FQDN>.crt SSLCACertificateFile /path/<site FQDN>.crt SSLCertificateKeyFile /path/<site FQDN>.key SSLSessionTickets Off WSGIScriptAlias / <WSGI script location> WSGIDaemonProcess osapi user=<user> group=<group> processes=3 threads=10 <Directory <WSGI dir>> # For http server 2.2 and earlier: Order allow,deny Allow from all # Or, in Apache http server 2.4 and later: # Require all granted </Directory> </VirtualHost>","title":"Apache"},{"location":"security/security-guide/#http","text":"\u5efa\u8bae\u6240\u6709\u751f\u4ea7\u90e8\u7f72\u90fd\u4f7f\u7528 HTTP \u4e25\u683c\u4f20\u8f93\u5b89\u5168\u6027 \uff08HSTS\uff09\u3002\u6b64\u6807\u5934\u53ef\u9632\u6b62\u6d4f\u89c8\u5668\u5728\u5efa\u7acb\u5355\u4e2a\u5b89\u5168\u8fde\u63a5\u540e\u5efa\u7acb\u4e0d\u5b89\u5168\u7684\u8fde\u63a5\u3002\u5982\u679c\u60a8\u5df2\u5c06 HTTP \u670d\u52a1\u90e8\u7f72\u5728\u516c\u5171\u57df\u6216\u4e0d\u53d7\u4fe1\u4efb\u7684\u57df\u4e0a\uff0c\u5219 HSTS \u5c24\u4e3a\u91cd\u8981\u3002\u8981\u542f\u7528 HSTS\uff0c\u8bf7\u5c06 Web \u670d\u52a1\u5668\u914d\u7f6e\u4e3a\u53d1\u9001\u5305\u542b\u6240\u6709\u8bf7\u6c42\u7684\u6807\u5934\uff0c\u5982\u4e0b\u6240\u793a\uff1a Strict-Transport-Security: max-age=31536000; includeSubDomains \u5728\u6d4b\u8bd5\u671f\u95f4\u4ece 1 \u5929\u7684\u77ed\u6682\u505c\u5f00\u59cb\uff0c\u5e76\u5728\u6d4b\u8bd5\u8868\u660e\u60a8\u6ca1\u6709\u7ed9\u7528\u6237\u5e26\u6765\u95ee\u9898\u540e\u5c06\u5176\u63d0\u9ad8\u5230\u4e00\u5e74\u3002\u8bf7\u6ce8\u610f\uff0c\u4e00\u65e6\u6b64\u6807\u5934\u8bbe\u7f6e\u4e3a\u8f83\u5927\u7684\u8d85\u65f6\uff0c\u5b83\uff08\u6839\u636e\u8bbe\u8ba1\uff09\u5c31\u5f88\u96be\u7981\u7528\u3002","title":"HTTP \u4e25\u683c\u4f20\u8f93\u5b89\u5168"},{"location":"security/security-guide/#_99","text":"\u914d\u7f6e TLS \u670d\u52a1\u5668\u4ee5\u5b9e\u73b0\u5b8c\u7f8e\u7684\u524d\u5411\u4fdd\u5bc6\u9700\u8981\u56f4\u7ed5\u5bc6\u94a5\u5927\u5c0f\u3001\u4f1a\u8bdd ID \u548c\u4f1a\u8bdd\u7968\u8bc1\u8fdb\u884c\u4ed4\u7ec6\u89c4\u5212\u3002\u6b64\u5916\uff0c\u5bf9\u4e8e\u591a\u670d\u52a1\u5668\u90e8\u7f72\uff0c\u5171\u4eab\u72b6\u6001\u4e5f\u662f\u4e00\u4e2a\u91cd\u8981\u7684\u8003\u8651\u56e0\u7d20\u3002\u4e0a\u9762\u7684 Apache \u548c Nginx \u793a\u4f8b\u914d\u7f6e\u7981\u7528\u4e86\u4f1a\u8bdd\u7968\u8bc1\u9009\u9879\uff0c\u4ee5\u5e2e\u52a9\u7f13\u89e3\u5176\u4e2d\u4e00\u4e9b\u95ee\u9898\u3002\u5b9e\u9645\u90e8\u7f72\u53ef\u80fd\u5e0c\u671b\u542f\u7528\u6b64\u529f\u80fd\u4ee5\u63d0\u9ad8\u6027\u80fd\u3002\u8fd9\u53ef\u4ee5\u5b89\u5168\u5730\u5b8c\u6210\uff0c\u4f46\u9700\u8981\u7279\u522b\u8003\u8651\u5bc6\u94a5\u7ba1\u7406\u3002\u6b64\u7c7b\u914d\u7f6e\u8d85\u51fa\u4e86\u672c\u6307\u5357\u7684\u8303\u56f4\u3002\u6211\u4eec\u5efa\u8bae\u9605\u8bfb ImperialViolet \u7684 How to botch TLS forward secrecy \u4f5c\u4e3a\u7406\u89e3\u95ee\u9898\u7a7a\u95f4\u7684\u8d77\u70b9\u3002","title":"\u5b8c\u5168\u524d\u5411\u4fdd\u5bc6"},{"location":"security/security-guide/#_100","text":"\u5efa\u8bae\u5728 TLS \u4ee3\u7406\u548c HTTP \u670d\u52a1\u7684\u516c\u7528\u7f51\u7edc\u548c\u7ba1\u7406\u7f51\u7edc\u4e0a\u4f7f\u7528 SSL/TLS\u3002\u4f46\u662f\uff0c\u5982\u679c\u5b9e\u9645\u5728\u4efb\u4f55\u5730\u65b9\u90e8\u7f72 SSL/TLS \u592a\u56f0\u96be\uff0c\u6211\u4eec\u5efa\u8bae\u60a8\u8bc4\u4f30\u60a8\u7684 OpenStack SSL/TLS \u9700\u6c42\uff0c\u5e76\u9075\u5faa\u6b64\u5904\u8ba8\u8bba\u7684\u67b6\u6784\u4e4b\u4e00\u3002 \u5728\u8bc4\u4f30\u5176 OpenStack SSL/TLS \u9700\u6c42\u65f6\uff0c\u5e94\u8be5\u505a\u7684\u7b2c\u4e00\u4ef6\u4e8b\u662f\u8bc6\u522b\u5a01\u80c1\u3002\u60a8\u53ef\u4ee5\u5c06\u8fd9\u4e9b\u5a01\u80c1\u5206\u4e3a\u5916\u90e8\u653b\u51fb\u8005\u548c\u5185\u90e8\u653b\u51fb\u8005\u7c7b\u522b\uff0c\u4f46\u7531\u4e8e OpenStack \u7684\u67d0\u4e9b\u7ec4\u4ef6\u5728\u516c\u5171\u548c\u7ba1\u7406\u7f51\u7edc\u4e0a\u8fd0\u884c\uff0c\u56e0\u6b64\u754c\u9650\u5f80\u5f80\u4f1a\u53d8\u5f97\u6a21\u7cca\u3002 \u5bf9\u4e8e\u9762\u5411\u516c\u4f17\u7684\u670d\u52a1\uff0c\u5a01\u80c1\u975e\u5e38\u7b80\u5355\u3002\u7528\u6237\u5c06\u4f7f\u7528\u5176\u7528\u6237\u540d\u548c\u5bc6\u7801\u5bf9 Horizon \u548c Keystone \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u7528\u6237\u8fd8\u5c06\u4f7f\u7528\u5176 keystone \u4ee4\u724c\u8bbf\u95ee\u5176\u4ed6\u670d\u52a1\u7684 API \u7aef\u70b9\u3002\u5982\u679c\u6b64\u7f51\u7edc\u6d41\u91cf\u672a\u52a0\u5bc6\uff0c\u5219\u653b\u51fb\u8005\u53ef\u4ee5\u4f7f\u7528\u4e2d\u95f4\u4eba\u653b\u51fb\u622a\u83b7\u5bc6\u7801\u548c\u4ee4\u724c\u3002\u7136\u540e\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u4f7f\u7528\u8fd9\u4e9b\u6709\u6548\u51ed\u636e\u6267\u884c\u6076\u610f\u64cd\u4f5c\u3002\u6240\u6709\u5b9e\u9645\u90e8\u7f72\u90fd\u5e94\u4f7f\u7528 SSL/TLS \u6765\u4fdd\u62a4\u9762\u5411\u516c\u4f17\u7684\u670d\u52a1\u3002 \u5bf9\u4e8e\u90e8\u7f72\u5728\u7ba1\u7406\u7f51\u7edc\u4e0a\u7684\u670d\u52a1\uff0c\u7531\u4e8e\u5b89\u5168\u57df\u4e0e\u7f51\u7edc\u5b89\u5168\u7684\u6865\u63a5\uff0c\u5a01\u80c1\u5e76\u4e0d\u90a3\u4e48\u660e\u786e\u3002\u6709\u6743\u8bbf\u95ee\u7ba1\u7406\u7f51\u7edc\u7684\u7ba1\u7406\u5458\u603b\u662f\u6709\u53ef\u80fd\u51b3\u5b9a\u6267\u884c\u6076\u610f\u64cd\u4f5c\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u5982\u679c\u5141\u8bb8\u653b\u51fb\u8005\u8bbf\u95ee\u79c1\u94a5\uff0cSSL/TLS \u5c06\u65e0\u6d4e\u4e8e\u4e8b\u3002\u5f53\u7136\uff0c\u5e76\u4e0d\u662f\u7ba1\u7406\u7f51\u7edc\u4e0a\u7684\u6bcf\u4e2a\u4eba\u90fd\u88ab\u5141\u8bb8\u8bbf\u95ee\u79c1\u94a5\uff0c\u56e0\u6b64\u4f7f\u7528 SSL/TLS \u6765\u4fdd\u62a4\u81ea\u5df1\u514d\u53d7\u5185\u90e8\u653b\u51fb\u8005\u7684\u653b\u51fb\u4ecd\u7136\u5f88\u6709\u4ef7\u503c\u3002\u5373\u4f7f\u5141\u8bb8\u8bbf\u95ee\u60a8\u7684\u7ba1\u7406\u7f51\u7edc\u7684\u6bcf\u4e2a\u4eba\u90fd\u662f 100% \u53d7\u4fe1\u4efb\u7684\uff0c\u4ecd\u7136\u5b58\u5728\u672a\u7ecf\u6388\u6743\u7684\u7528\u6237\u901a\u8fc7\u5229\u7528\u9519\u8bef\u914d\u7f6e\u6216\u8f6f\u4ef6\u6f0f\u6d1e\u8bbf\u95ee\u60a8\u7684\u5185\u90e8\u7f51\u7edc\u7684\u5a01\u80c1\u3002\u5fc5\u987b\u8bb0\u4f4f\uff0c\u7528\u6237\u5728 OpenStack Compute \u8282\u70b9\u4e2d\u7684\u5b9e\u4f8b\u4e0a\u8fd0\u884c\u81ea\u5df1\u7684\u4ee3\u7801\uff0c\u8fd9\u4e9b\u8282\u70b9\u90e8\u7f72\u5728\u7ba1\u7406\u7f51\u7edc\u4e0a\u3002\u5982\u679c\u6f0f\u6d1e\u5141\u8bb8\u4ed6\u4eec\u7a81\u7834\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\uff0c\u4ed6\u4eec\u5c06\u53ef\u4ee5\u8bbf\u95ee\u60a8\u7684\u7ba1\u7406\u7f51\u7edc\u3002\u5728\u7ba1\u7406\u7f51\u7edc\u4e0a\u4f7f\u7528 SSL/TLS \u53ef\u4ee5\u6700\u5927\u7a0b\u5ea6\u5730\u51cf\u5c11\u653b\u51fb\u8005\u53ef\u80fd\u9020\u6210\u7684\u635f\u5bb3\u3002","title":"\u5b89\u5168\u53c2\u8003\u67b6\u6784"},{"location":"security/security-guide/#ssltls","text":"\u4eba\u4eec\u666e\u904d\u8ba4\u4e3a\uff0c\u6700\u597d\u5c3d\u65e9\u52a0\u5bc6\u654f\u611f\u6570\u636e\uff0c\u5e76\u5c3d\u53ef\u80fd\u665a\u5730\u89e3\u5bc6\u3002\u5c3d\u7ba1\u6709\u8fd9\u79cd\u6700\u4f73\u5b9e\u8df5\uff0c\u4f46\u5728OpenStack\u670d\u52a1\u524d\u9762\u4f7f\u7528SSL / TLS\u4ee3\u7406\u5e76\u5728\u4e4b\u540e\u4f7f\u7528\u6e05\u6670\u7684\u901a\u4fe1\u4f3c\u4e4e\u662f\u5f88\u5e38\u89c1\u7684\uff0c\u5982\u4e0b\u6240\u793a\uff1a \u5982\u4e0a\u56fe\u6240\u793a\uff0c\u4f7f\u7528 SSL/TLS \u4ee3\u7406\u7684\u4e00\u4e9b\u95ee\u9898\uff1a OpenStack \u670d\u52a1\u4e2d\u7684\u539f\u751f SSL/TLS \u7684\u6027\u80fd/\u6269\u5c55\u6027\u4e0d\u5982 SSL \u4ee3\u7406\uff08\u7279\u522b\u662f\u5bf9\u4e8e\u50cf Eventlet \u8fd9\u6837\u7684 Python \u5b9e\u73b0\uff09\u3002 OpenStack \u670d\u52a1\u4e2d\u7684\u539f\u751f SSL/TLS \u6ca1\u6709\u50cf\u66f4\u6210\u719f\u7684\u89e3\u51b3\u65b9\u6848\u90a3\u6837\u7ecf\u8fc7\u4ed4\u7ec6\u5ba1\u67e5/\u5ba1\u8ba1\u3002 \u672c\u673a SSL/TLS \u914d\u7f6e\u5f88\u56f0\u96be\uff08\u6ca1\u6709\u5f88\u597d\u7684\u6587\u6863\u8bb0\u5f55\u3001\u6d4b\u8bd5\u6216\u8de8\u670d\u52a1\u4fdd\u6301\u4e00\u81f4\uff09\u3002 \u6743\u9650\u5206\u79bb\uff08OpenStack \u670d\u52a1\u8fdb\u7a0b\u4e0d\u5e94\u76f4\u63a5\u8bbf\u95ee\u7528\u4e8e SSL/TLS \u7684\u79c1\u94a5\uff09\u3002 \u6d41\u91cf\u68c0\u67e5\u9700\u8981\u8d1f\u8f7d\u5747\u8861\u3002 \u4ee5\u4e0a\u6240\u6709\u95ee\u9898\u90fd\u662f\u6709\u9053\u7406\u7684\uff0c\u4f46\u5b83\u4eec\u90fd\u4e0d\u80fd\u963b\u6b62\u5728\u7ba1\u7406\u7f51\u7edc\u4e0a\u4f7f\u7528 SSL/TLS\u3002\u8ba9\u6211\u4eec\u8003\u8651\u4e0b\u4e00\u4e2a\u90e8\u7f72\u6a21\u578b\u3002","title":"SSL/TLS \u4ee3\u7406\u5728\u524d\u9762"},{"location":"security/security-guide/#api-ssltls","text":"\u8fd9\u4e0e\u524d\u9762\u7684 SSL/TLS \u4ee3\u7406\u975e\u5e38\u76f8\u4f3c\uff0c\u4f46 SSL/TLS \u4ee3\u7406\u4e0e API \u7aef\u70b9\u4f4d\u4e8e\u540c\u4e00\u7269\u7406\u7cfb\u7edf\u4e0a\u3002API \u7aef\u70b9\u5c06\u914d\u7f6e\u4e3a\u4ec5\u4fa6\u542c\u672c\u5730\u7f51\u7edc\u63a5\u53e3\u3002\u4e0e API \u7aef\u70b9\u7684\u6240\u6709\u8fdc\u7a0b\u901a\u4fe1\u90fd\u5c06\u901a\u8fc7 SSL/TLS \u4ee3\u7406\u8fdb\u884c\u3002\u901a\u8fc7\u6b64\u90e8\u7f72\u6a21\u578b\uff0c\u6211\u4eec\u5c06\u89e3\u51b3 SSL/TLS \u4ee3\u7406\u4e2d\u7684\u8bb8\u591a\u8981\u70b9\uff1a\u5c06\u4f7f\u7528\u6027\u80fd\u826f\u597d\u7684\u7ecf\u8fc7\u9a8c\u8bc1\u7684 SSL \u5b9e\u73b0\u3002\u6240\u6709\u670d\u52a1\u90fd\u5c06\u4f7f\u7528\u76f8\u540c\u7684 SSL \u4ee3\u7406\u8f6f\u4ef6\uff0c\u56e0\u6b64 API \u7aef\u70b9\u7684 SSL \u914d\u7f6e\u5c06\u662f\u4e00\u81f4\u7684\u3002OpenStack \u670d\u52a1\u8fdb\u7a0b\u5c06\u65e0\u6cd5\u76f4\u63a5\u8bbf\u95ee\u7528\u4e8e SSL/TLS \u7684\u79c1\u94a5\uff0c\u56e0\u4e3a\u60a8\u5c06\u4ee5\u4e0d\u540c\u7684\u7528\u6237\u8eab\u4efd\u8fd0\u884c SSL \u4ee3\u7406\uff0c\u5e76\u4f7f\u7528\u6743\u9650\u9650\u5236\u8bbf\u95ee\uff08\u4ee5\u53ca\u4f7f\u7528 SELinux \u4e4b\u7c7b\u7684\u989d\u5916\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236\uff09\u3002\u7406\u60f3\u60c5\u51b5\u4e0b\uff0c\u6211\u4eec\u4f1a\u8ba9 API \u7aef\u70b9\u5728 Unix \u5957\u63a5\u5b57\u4e0a\u76d1\u542c\uff0c\u8fd9\u6837\u6211\u4eec\u5c31\u53ef\u4ee5\u4f7f\u7528\u6743\u9650\u548c\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236\u6765\u9650\u5236\u5bf9\u5b83\u7684\u8bbf\u95ee\u3002\u4e0d\u5e78\u7684\u662f\uff0c\u6839\u636e\u6211\u4eec\u7684\u6d4b\u8bd5\uff0c\u8fd9\u5728 Eventlet \u4e2d\u76ee\u524d\u4f3c\u4e4e\u4e0d\u8d77\u4f5c\u7528\u3002\u8fd9\u662f\u4e00\u4e2a\u5f88\u597d\u7684\u672a\u6765\u53d1\u5c55\u76ee\u6807\u3002","title":"\u4e0e API \u7aef\u70b9\u4f4d\u4e8e\u540c\u4e00\u7269\u7406\u4e3b\u673a\u4e0a\u7684 SSL/TLS"},{"location":"security/security-guide/#ssltls_1","text":"\u9700\u8981\u68c0\u67e5\u6d41\u91cf\u7684\u9ad8\u53ef\u7528\u6027\u6216\u8d1f\u8f7d\u5747\u8861\u90e8\u7f72\u4f1a\u600e\u6837\uff1f\u4ee5\u524d\u7684\u90e8\u7f72\u6a21\u578b\uff08\u4e0e API \u7aef\u70b9\u4f4d\u4e8e\u540c\u4e00\u7269\u7406\u4e3b\u673a\u4e0a\u7684 SSL/TLS\uff09\u4e0d\u5141\u8bb8\u8fdb\u884c\u6df1\u5ea6\u6570\u636e\u5305\u68c0\u6d4b\uff0c\u56e0\u4e3a\u6d41\u91cf\u662f\u52a0\u5bc6\u7684\u3002\u5982\u679c\u4ec5\u51fa\u4e8e\u57fa\u672c\u8def\u7531\u76ee\u7684\u800c\u9700\u8981\u68c0\u67e5\u6d41\u91cf\uff0c\u5219\u8d1f\u8f7d\u5747\u8861\u5668\u53ef\u80fd\u6ca1\u6709\u5fc5\u8981\u8bbf\u95ee\u672a\u52a0\u5bc6\u7684\u6d41\u91cf\u3002HAProxy \u80fd\u591f\u5728\u63e1\u624b\u671f\u95f4\u63d0\u53d6 SSL/TLS \u4f1a\u8bdd ID\uff0c\u7136\u540e\u53ef\u4ee5\u4f7f\u7528\u8be5 ID \u6765\u5b9e\u73b0\u4f1a\u8bdd\u4eb2\u548c\u6027\uff08\u4f1a\u8bdd ID \u914d\u7f6e\u8be6\u7ec6\u4fe1\u606f \u6b64\u5904 \uff09\u3002HAProxy\u8fd8\u53ef\u4ee5\u4f7f\u7528TLS\u670d\u52a1\u5668\u540d\u79f0\u6307\u793a\uff08SNI\uff09\u6269\u5c55\u6765\u786e\u5b9a\u5e94\u5c06\u6d41\u91cf\u8def\u7531\u5230\u7684\u4f4d\u7f6e\uff08SNI\u914d\u7f6e\u8be6\u7ec6\u4fe1\u606f\u8bf7\u5728\u6b64\u5904\uff09\u3002\u8fd9\u4e9b\u529f\u80fd\u53ef\u80fd\u6db5\u76d6\u4e86\u4e00\u4e9b\u6700\u5e38\u89c1\u7684\u8d1f\u8f7d\u5747\u8861\u5668\u9700\u6c42\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0cHAProxy \u5c06\u80fd\u591f\u5c06 HTTPS \u6d41\u91cf\u76f4\u63a5\u4f20\u9012\u5230 API \u7aef\u70b9\u7cfb\u7edf\uff1a","title":"SSL/TLS\u8d1f\u8f7d\u5e73\u8861\u5668"},{"location":"security/security-guide/#_101","text":"\u5982\u679c\u60a8\u5e0c\u671b\u5bf9\u5916\u90e8\u548c\u5185\u90e8\u73af\u5883\u8fdb\u884c\u52a0\u5bc6\u5206\u79bb\uff0c\u8be5\u600e\u4e48\u529e\uff1f\u516c\u6709\u4e91\u63d0\u4f9b\u5546\u53ef\u80fd\u5e0c\u671b\u5176\u9762\u5411\u516c\u4f17\u7684\u670d\u52a1\uff08\u6216\u4ee3\u7406\uff09\u4f7f\u7528\u7531 CA \u9881\u53d1\u7684\u8bc1\u4e66\uff0c\u8be5\u8bc1\u4e66\u94fe\u63a5\u5230\u53d7\u4fe1\u4efb\u7684\u6839 CA\uff0c\u8be5\u6839 CA \u5206\u5e03\u5728\u6d41\u884c\u7684 SSL/TLS Web \u6d4f\u89c8\u5668\u8f6f\u4ef6\u4e2d\u3002\u5bf9\u4e8e\u5185\u90e8\u670d\u52a1\uff0c\u53ef\u80fd\u5e0c\u671b\u6539\u7528\u81ea\u5df1\u7684 PKI \u6765\u9881\u53d1 SSL/TLS \u8bc1\u4e66\u3002\u53ef\u4ee5\u901a\u8fc7\u5728\u7f51\u7edc\u8fb9\u754c\u7ec8\u6b62 SSL\uff0c\u7136\u540e\u4f7f\u7528\u5185\u90e8\u9881\u53d1\u7684\u8bc1\u4e66\u91cd\u65b0\u52a0\u5bc6\u6765\u5b9e\u73b0\u8fd9\u79cd\u52a0\u5bc6\u5206\u79bb\u3002\u6d41\u91cf\u5c06\u5728\u9762\u5411\u516c\u4f17\u7684 SSL/TLS \u4ee3\u7406\u4e0a\u77ed\u65f6\u95f4\u5185\u672a\u52a0\u5bc6\uff0c\u4f46\u6c38\u8fdc\u4e0d\u4f1a\u4ee5\u660e\u6587\u5f62\u5f0f\u901a\u8fc7\u7f51\u7edc\u4f20\u8f93\u3002\u5982\u679c\u8d1f\u8f7d\u5747\u8861\u5668\u4e0a\u786e\u5b9e\u9700\u8981\u6df1\u5ea6\u6570\u636e\u5305\u68c0\u6d4b\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u7528\u4e8e\u5b9e\u73b0\u52a0\u5bc6\u5206\u79bb\u7684\u76f8\u540c\u91cd\u65b0\u52a0\u5bc6\u65b9\u6cd5\u3002\u4e0b\u9762\u662f\u6b64\u90e8\u7f72\u6a21\u578b\u7684\u6837\u5b50\uff1a\u4e0b\u9762\u662f\u6b64\u90e8\u7f72\u6a21\u578b\u7684\u5916\u89c2: \u4e0e\u5927\u591a\u6570\u4e8b\u60c5\u4e00\u6837\uff0c\u9700\u8981\u6743\u8861\u53d6\u820d\u3002\u4e3b\u8981\u7684\u6743\u8861\u662f\u5728\u5b89\u5168\u6027\u548c\u6027\u80fd\u4e4b\u95f4\u3002\u52a0\u5bc6\u662f\u6709\u4ee3\u4ef7\u7684\uff0c\u4f46\u88ab\u9ed1\u5ba2\u5165\u4fb5\u4e5f\u662f\u6709\u4ee3\u4ef7\u7684\u3002\u6bcf\u4e2a\u90e8\u7f72\u7684\u5b89\u5168\u6027\u548c\u6027\u80fd\u8981\u6c42\u90fd\u4f1a\u6709\u6240\u4e0d\u540c\uff0c\u56e0\u6b64\u5982\u4f55\u4f7f\u7528 SSL/TLS \u6700\u7ec8\u5c06\u7531\u4e2a\u4eba\u51b3\u5b9a\u3002","title":"\u5916\u90e8\u548c\u5185\u90e8\u73af\u5883\u7684\u52a0\u5bc6\u5206\u79bb"},{"location":"security/security-guide/#api","text":"\u4f7f\u7528 OpenStack \u4e91\u7684\u8fc7\u7a0b\u662f\u901a\u8fc7\u67e5\u8be2 API \u7aef\u70b9\u5f00\u59cb\u7684\u3002\u867d\u7136\u516c\u5171\u548c\u4e13\u7528\u7ec8\u7ed3\u70b9\u9762\u4e34\u4e0d\u540c\u7684\u6311\u6218\uff0c\u4f46\u8fd9\u4e9b\u662f\u9ad8\u4ef7\u503c\u8d44\u4ea7\uff0c\u5982\u679c\u906d\u5230\u5165\u4fb5\uff0c\u53ef\u80fd\u4f1a\u5e26\u6765\u91cd\u5927\u98ce\u9669\u3002 \u672c\u7ae0\u5efa\u8bae\u5bf9\u9762\u5411\u516c\u5171\u548c\u79c1\u6709\u7684 API \u7aef\u70b9\u8fdb\u884c\u5b89\u5168\u589e\u5f3a\u3002 API \u7aef\u70b9\u914d\u7f6e\u5efa\u8bae \u5185\u90e8 API \u901a\u4fe1 \u7c98\u8d34\u4ef6\u548c\u4e2d\u95f4\u4ef6 API \u7aef\u70b9\u8fdb\u7a0b\u9694\u79bb\u548c\u7b56\u7565 API \u7ec8\u7aef\u8282\u70b9\u901f\u7387\u9650\u5236","title":"API \u7aef\u70b9"},{"location":"security/security-guide/#api_1","text":"","title":"API \u7aef\u70b9\u914d\u7f6e\u5efa\u8bae"},{"location":"security/security-guide/#api_2","text":"OpenStack \u63d0\u4f9b\u9762\u5411\u516c\u4f17\u548c\u79c1\u6709\u7684 API \u7aef\u70b9\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0cOpenStack \u7ec4\u4ef6\u4f7f\u7528\u516c\u5f00\u5b9a\u4e49\u7684\u7aef\u70b9\u3002\u5efa\u8bae\u5c06\u8fd9\u4e9b\u7ec4\u4ef6\u914d\u7f6e\u4e3a\u5728\u9002\u5f53\u7684\u5b89\u5168\u57df\u4e2d\u4f7f\u7528 API \u7aef\u70b9\u3002 \u670d\u52a1\u6839\u636e OpenStack \u670d\u52a1\u76ee\u5f55\u9009\u62e9\u5404\u81ea\u7684 API \u7aef\u70b9\u3002\u8fd9\u4e9b\u670d\u52a1\u53ef\u80fd\u4e0d\u9075\u5b88\u5217\u51fa\u7684\u516c\u5171\u6216\u5185\u90e8 API \u7aef\u70b9\u503c\u3002\u8fd9\u53ef\u80fd\u4f1a\u5bfc\u81f4\u5185\u90e8\u7ba1\u7406\u6d41\u91cf\u8def\u7531\u5230\u5916\u90e8 API \u7ec8\u7ed3\u70b9\u3002","title":"\u5185\u90e8 API \u901a\u4fe1"},{"location":"security/security-guide/#url","text":"Identity \u670d\u52a1\u76ee\u5f55\u5e94\u4e86\u89e3\u60a8\u7684\u5185\u90e8 URL\u3002\u867d\u7136\u9ed8\u8ba4\u60c5\u51b5\u4e0b\u4e0d\u4f7f\u7528\u6b64\u529f\u80fd\uff0c\u4f46\u53ef\u4ee5\u901a\u8fc7\u914d\u7f6e\u6765\u5229\u7528\u5b83\u3002\u6b64\u5916\uff0c\u4e00\u65e6\u6b64\u884c\u4e3a\u6210\u4e3a\u9ed8\u8ba4\u884c\u4e3a\uff0c\u5b83\u5e94\u8be5\u4e0e\u9884\u671f\u7684\u66f4\u6539\u5411\u524d\u517c\u5bb9\u3002 \u8981\u4e3a\u7ec8\u7ed3\u70b9\u6ce8\u518c\u5185\u90e8 URL\uff0c\u8bf7\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\uff1a $ openstack endpoint create identity \\ --region RegionOne internal \\ https://MANAGEMENT_IP:5000/v3 \u66ff\u6362\u4e3a MANAGEMENT_IP \u63a7\u5236\u5668\u8282\u70b9\u7684\u7ba1\u7406 IP \u5730\u5740\u3002","title":"\u5728\u8eab\u4efd\u670d\u52a1\u76ee\u5f55\u4e2d\u914d\u7f6e\u5185\u90e8 URL"},{"location":"security/security-guide/#url_1","text":"\u60a8\u53ef\u4ee5\u5f3a\u5236\u67d0\u4e9b\u670d\u52a1\u4f7f\u7528\u7279\u5b9a\u7684 API \u7aef\u70b9\u3002\u56e0\u6b64\uff0c\u5efa\u8bae\u5fc5\u987b\u5c06\u6bcf\u4e2a\u4e0e\u53e6\u4e00\u4e2a\u670d\u52a1\u7684 API \u901a\u4fe1\u7684 OpenStack \u670d\u52a1\u663e\u5f0f\u914d\u7f6e\u4e3a\u8bbf\u95ee\u6b63\u786e\u7684\u5185\u90e8 API \u7aef\u70b9\u3002 \u6bcf\u4e2a\u9879\u76ee\u90fd\u53ef\u80fd\u5448\u73b0\u5b9a\u4e49\u76ee\u6807 API \u7aef\u70b9\u7684\u4e0d\u4e00\u81f4\u65b9\u5f0f\u3002OpenStack \u7684\u672a\u6765\u7248\u672c\u8bd5\u56fe\u901a\u8fc7\u4e00\u81f4\u5730\u4f7f\u7528\u8eab\u4efd\u670d\u52a1\u76ee\u5f55\u6765\u89e3\u51b3\u8fd9\u4e9b\u4e0d\u4e00\u81f4\u95ee\u9898\u3002 \u914d\u7f6e\u793a\u4f8b #1\uff1anova cinder_catalog_info='volume:cinder:internalURL' glance_protocol='https' neutron_url='https://neutron-host:9696' neutron_admin_auth_url='https://neutron-host:9696' s3_host='s3-host' s3_use_ssl=True \u914d\u7f6e\u793a\u4f8b #2\uff1acinder glance_host = 'https://glance-server'","title":"\u4e3a\u5185\u90e8 URL \u914d\u7f6e\u5e94\u7528\u7a0b\u5e8f"},{"location":"security/security-guide/#_102","text":"OpenStack \u4e2d\u7684\u5927\u591a\u6570 API \u7aef\u70b9\u548c\u5176\u4ed6 HTTP \u670d\u52a1\u90fd\u4f7f\u7528 Python Paste Deploy \u5e93\u3002\u4ece\u5b89\u5168\u89d2\u5ea6\u6765\u770b\uff0c\u6b64\u5e93\u5141\u8bb8\u901a\u8fc7\u5e94\u7528\u7a0b\u5e8f\u7684\u914d\u7f6e\u6765\u64cd\u4f5c\u8bf7\u6c42\u7b5b\u9009\u5668\u7ba1\u9053\u3002\u6b64\u94fe\u4e2d\u7684\u6bcf\u4e2a\u5143\u7d20\u90fd\u79f0\u4e3a\u4e2d\u95f4\u4ef6\u3002\u66f4\u6539\u7ba1\u9053\u4e2d\u7b5b\u9009\u5668\u7684\u987a\u5e8f\u6216\u6dfb\u52a0\u5176\u4ed6\u4e2d\u95f4\u4ef6\u53ef\u80fd\u4f1a\u4ea7\u751f\u4e0d\u53ef\u9884\u77e5\u7684\u5b89\u5168\u5f71\u54cd\u3002 \u901a\u5e38\uff0c\u5b9e\u73b0\u8005\u4f1a\u6dfb\u52a0\u4e2d\u95f4\u4ef6\u6765\u6269\u5c55 OpenStack \u7684\u57fa\u672c\u529f\u80fd\u3002\u6211\u4eec\u5efa\u8bae\u5b9e\u73b0\u8005\u4ed4\u7ec6\u8003\u8651\u5c06\u975e\u6807\u51c6\u8f6f\u4ef6\u7ec4\u4ef6\u6dfb\u52a0\u5230\u5176 HTTP \u8bf7\u6c42\u7ba1\u9053\u4e2d\u53ef\u80fd\u5e26\u6765\u7684\u98ce\u9669\u3002 \u6709\u5173\u7c98\u8d34\u90e8\u7f72\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 Python \u7c98\u8d34\u90e8\u7f72\u6587\u6863\u3002","title":"\u7c98\u8d34\u548c\u4e2d\u95f4\u4ef6"},{"location":"security/security-guide/#api_3","text":"\u60a8\u5e94\u8be5\u9694\u79bb API \u7aef\u70b9\u8fdb\u7a0b\uff0c\u5c24\u5176\u662f\u90a3\u4e9b\u4f4d\u4e8e\u516c\u5171\u5b89\u5168\u57df\u4e2d\u7684\u8fdb\u7a0b\uff0c\u5e94\u5c3d\u53ef\u80fd\u9694\u79bb\u3002\u5728\u90e8\u7f72\u5141\u8bb8\u7684\u60c5\u51b5\u4e0b\uff0cAPI \u7aef\u70b9\u5e94\u90e8\u7f72\u5728\u5355\u72ec\u7684\u4e3b\u673a\u4e0a\uff0c\u4ee5\u589e\u5f3a\u9694\u79bb\u6027\u3002","title":"API \u7aef\u70b9\u8fdb\u7a0b\u9694\u79bb\u548c\u7b56\u7565"},{"location":"security/security-guide/#_103","text":"\u73b0\u5728\uff0c\u8bb8\u591a\u64cd\u4f5c\u7cfb\u7edf\u90fd\u63d0\u4f9b\u5206\u533a\u5316\u652f\u6301\u3002Linux \u652f\u6301\u547d\u540d\u7a7a\u95f4\u5c06\u8fdb\u7a0b\u5206\u914d\u5230\u72ec\u7acb\u7684\u57df\u4e2d\u3002\u672c\u6307\u5357\u7684\u5176\u4ed6\u90e8\u5206\u66f4\u8be6\u7ec6\u5730\u4ecb\u7ecd\u4e86\u7cfb\u7edf\u533a\u9694\u3002","title":"\u547d\u540d\u7a7a\u95f4"},{"location":"security/security-guide/#_104","text":"\u7531\u4e8e API \u7aef\u70b9\u901a\u5e38\u6865\u63a5\u591a\u4e2a\u5b89\u5168\u57df\uff0c\u56e0\u6b64\u60a8\u5fc5\u987b\u7279\u522b\u6ce8\u610f API \u8fdb\u7a0b\u7684\u5212\u5206\u3002\u6709\u5173\u6b64\u533a\u57df\u7684\u5176\u4ed6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u6865\u63a5\u5b89\u5168\u57df\u3002 \u901a\u8fc7\u4ed4\u7ec6\u5efa\u6a21\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528\u7f51\u7edc ACL \u548c IDS \u6280\u672f\u5728\u7f51\u7edc\u670d\u52a1\u4e4b\u95f4\u5f3a\u5236\u5b9e\u65bd\u663e\u5f0f\u70b9\u5bf9\u70b9\u901a\u4fe1\u3002\u4f5c\u4e3a\u4e00\u9879\u5173\u952e\u7684\u8de8\u57df\u670d\u52a1\uff0c\u8fd9\u79cd\u663e\u5f0f\u5f3a\u5236\u6267\u884c\u5bf9 OpenStack \u7684\u6d88\u606f\u961f\u5217\u670d\u52a1\u975e\u5e38\u6709\u6548\u3002 \u8981\u5b9e\u65bd\u7b56\u7565\uff0c\u60a8\u53ef\u4ee5\u914d\u7f6e\u670d\u52a1\u3001\u57fa\u4e8e\u4e3b\u673a\u7684\u9632\u706b\u5899\uff08\u4f8b\u5982 iptables\uff09\u3001\u672c\u5730\u7b56\u7565\uff08SELinux \u6216 AppArmor\uff09\u4ee5\u53ca\u53ef\u9009\u7684\u5168\u5c40\u7f51\u7edc\u7b56\u7565\u3002","title":"\u7f51\u7edc\u7b56\u7565"},{"location":"security/security-guide/#_105","text":"\u60a8\u5e94\u8be5\u5c06 API \u7aef\u70b9\u8fdb\u7a0b\u5f7c\u6b64\u9694\u79bb\uff0c\u5e76\u9694\u79bb\u8ba1\u7b97\u673a\u4e0a\u7684\u5176\u4ed6\u8fdb\u7a0b\u3002\u8fd9\u4e9b\u8fdb\u7a0b\u7684\u914d\u7f6e\u4e0d\u4ec5\u5e94\u901a\u8fc7\u4efb\u610f\u8bbf\u95ee\u63a7\u5236\uff0c\u8fd8\u5e94\u901a\u8fc7\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236\u6765\u9650\u5236\u8fd9\u4e9b\u8fdb\u7a0b\u3002\u8fd9\u4e9b\u589e\u5f3a\u7684\u8bbf\u95ee\u63a7\u5236\u7684\u76ee\u6807\u662f\u5e2e\u52a9\u904f\u5236\u548c\u5347\u7ea7 API \u7aef\u70b9\u5b89\u5168\u6f0f\u6d1e\u3002\u901a\u8fc7\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236\uff0c\u6b64\u7c7b\u8fdd\u89c4\u884c\u4e3a\u4f1a\u4e25\u91cd\u9650\u5236\u5bf9\u8d44\u6e90\u7684\u8bbf\u95ee\uff0c\u5e76\u9488\u5bf9\u6b64\u7c7b\u4e8b\u4ef6\u63d0\u4f9b\u65e9\u671f\u8b66\u62a5\u3002","title":"\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236"},{"location":"security/security-guide/#api_4","text":"\u901f\u7387\u9650\u5236\u662f\u4e00\u79cd\u63a7\u5236\u57fa\u4e8e\u7f51\u7edc\u7684\u5e94\u7528\u7a0b\u5e8f\u63a5\u6536\u4e8b\u4ef6\u9891\u7387\u7684\u65b9\u6cd5\u3002\u5982\u679c\u4e0d\u5b58\u5728\u53ef\u9760\u7684\u901f\u7387\u9650\u5236\uff0c\u5219\u53ef\u80fd\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5bb9\u6613\u53d7\u5230\u5404\u79cd\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u5bf9\u4e8e API \u5c24\u5176\u5982\u6b64\uff0c\u56e0\u4e3a API \u7684\u672c\u8d28\u662f\u65e8\u5728\u63a5\u53d7\u9ad8\u9891\u7387\u7684\u7c7b\u4f3c\u8bf7\u6c42\u7c7b\u578b\u548c\u64cd\u4f5c\u3002 \u5728 OpenStack \u4e2d\uff0c\u5efa\u8bae\u901a\u8fc7\u901f\u7387\u9650\u5236\u4ee3\u7406\u6216 Web \u5e94\u7528\u7a0b\u5e8f\u9632\u706b\u5899\u4e3a\u6240\u6709\u7aef\u70b9\uff08\u5c24\u5176\u662f\u516c\u5171\u7aef\u70b9\uff09\u63d0\u4f9b\u989d\u5916\u7684\u4fdd\u62a4\u5c42\u3002 \u5728\u914d\u7f6e\u548c\u5b9e\u73b0\u4efb\u4f55\u901f\u7387\u9650\u5236\u529f\u80fd\u65f6\uff0c\u8fd0\u8425\u5546\u5fc5\u987b\u4ed4\u7ec6\u89c4\u5212\u5e76\u8003\u8651\u5176 OpenStack \u4e91\u4e2d\u7528\u6237\u548c\u670d\u52a1\u7684\u4e2a\u4eba\u6027\u80fd\u9700\u6c42\uff0c\u8fd9\u4e00\u70b9\u81f3\u5173\u91cd\u8981\u3002 \u63d0\u4f9b\u901f\u7387\u9650\u5236\u7684\u5e38\u89c1\u89e3\u51b3\u65b9\u6848\u662f Nginx\u3001HAProxy\u3001OpenPose \u6216 Apache \u6a21\u5757\uff0c\u4f8b\u5982 mod_ratelimit\u3001mod_qos \u6216 mod_security\u3002","title":"API \u7aef\u70b9\u901f\u7387\u9650\u5236"},{"location":"security/security-guide/#_106","text":"Keystone\u8eab\u4efd\u670d\u52a1\u4e3aOpenStack\u7cfb\u5217\u670d\u52a1\u4e13\u95e8\u63d0\u4f9b\u8eab\u4efd\u3001\u4ee4\u724c\u3001\u76ee\u5f55\u548c\u7b56\u7565\u670d\u52a1\u3002\u8eab\u4efd\u670d\u52a1\u7ec4\u7ec7\u4e3a\u4e00\u7ec4\u5185\u90e8\u670d\u52a1\uff0c\u901a\u8fc7\u4e00\u4e2a\u6216\u591a\u4e2a\u7aef\u70b9\u66b4\u9732\u3002\u8fd9\u4e9b\u670d\u52a1\u4e2d\u7684\u8bb8\u591a\u662f\u7531\u524d\u7aef\u4ee5\u7ec4\u5408\u65b9\u5f0f\u4f7f\u7528\u7684\u3002\u4f8b\u5982\uff0c\u8eab\u4efd\u9a8c\u8bc1\u8c03\u7528\u901a\u8fc7\u8eab\u4efd\u670d\u52a1\u9a8c\u8bc1\u7528\u6237\u548c\u9879\u76ee\u51ed\u636e\u3002\u5982\u679c\u6210\u529f\uff0c\u5b83\u5c06\u4f7f\u7528\u4ee4\u724c\u670d\u52a1\u521b\u5efa\u5e76\u8fd4\u56de\u4ee4\u724c\u3002\u66f4\u591a\u4fe1\u606f\u53ef\u4ee5\u5728Keystone\u5f00\u53d1\u8005\u6587\u6863\u4e2d\u627e\u5230\u3002 \u8ba4\u8bc1 \u65e0\u6548\u7684\u767b\u5f55\u5c1d\u8bd5 \u591a\u56e0\u7d20\u8ba4\u8bc1 \u8ba4\u8bc1\u65b9\u6cd5 \u5185\u90e8\u5b9e\u65bd\u7684\u8ba4\u8bc1\u65b9\u6cd5 \u5916\u90e8\u8ba4\u8bc1\u65b9\u6cd5 \u6388\u6743 \u5efa\u7acb\u6b63\u5f0f\u7684\u8bbf\u95ee\u63a7\u5236\u7b56\u7565 \u670d\u52a1\u6388\u6743 \u7ba1\u7406\u539f\u7528\u6237 \u7ec8\u7aef\u7528\u6237 \u7b56\u7565 \u4ee4\u724c Fernet \u4ee4\u724c JWT \u4ee4\u724c \u57df \u8054\u5408 Keystone \u4e3a\u4ec0\u4e48\u8981\u4f7f\u7528\u8054\u5408\u9274\u522b \u68c0\u67e5\u8868 Check-Identity-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a keystone\uff1f Check-Identity-02\uff1a\u662f\u5426\u4e3a\u8eab\u4efd\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u6743\u9650 Check-Identity-03\uff1a\u662f\u5426\u4e3a Identity \u542f\u7528\u4e86 TLS\uff1f Check-Identity-04\uff1a\uff08\u5df2\u8fc7\u65f6\uff09 Check-Identity-05\uff1a\u662f\u5426 max_request_body_size \u8bbe\u7f6e\u4e3a\u9ed8\u8ba4\u503c \uff08114688\uff09\uff1f check-identity-06:\u7981\u7528/etc/keystone/keystone.conf\u4e2d\u7684\u7ba1\u7406\u4ee4\u724c check-identity-07:/etc/keystone/keystone.conf\u4e2d\u7684\u4e0d\u5b89\u5168_\u8c03\u8bd5\u4e3a\u5047 check-identity-08:\u4f7f\u7528/etc/keystone/keystone.conf\u4e2d\u7684Fernet\u4ee4\u724c","title":"\u8eab\u4efd\u9274\u522b"},{"location":"security/security-guide/#_107","text":"\u8eab\u4efd\u8ba4\u8bc1\u662f\u4efb\u4f55\u5b9e\u9645OpenStack\u90e8\u7f72\u4e2d\u4e0d\u53ef\u6216\u7f3a\u7684\u4e00\u90e8\u5206\uff0c\u56e0\u6b64\u5e94\u8be5\u4ed4\u7ec6\u8003\u8651\u7cfb\u7edf\u8bbe\u8ba1\u7684\u8fd9\u4e00\u65b9\u9762\u3002\u672c\u4e3b\u9898\u7684\u5b8c\u6574\u5904\u7406\u8d85\u51fa\u4e86\u672c\u6307\u5357\u7684\u8303\u56f4\uff0c\u4f46\u662f\u4ee5\u4e0b\u5404\u8282\u4ecb\u7ecd\u4e86\u4e00\u4e9b\u5173\u952e\u4e3b\u9898\u3002 \u4ece\u6839\u672c\u4e0a\u8bf4\uff0c\u8eab\u4efd\u8ba4\u8bc1\u662f\u786e\u8ba4\u8eab\u4efd\u7684\u8fc7\u7a0b - \u7528\u6237\u5b9e\u9645\u4e0a\u662f\u4ed6\u4eec\u58f0\u79f0\u7684\u8eab\u4efd\u3002\u4e00\u4e2a\u719f\u6089\u7684\u793a\u4f8b\u662f\u5728\u767b\u5f55\u7cfb\u7edf\u65f6\u63d0\u4f9b\u7528\u6237\u540d\u548c\u5bc6\u7801\u3002 OpenStack \u8eab\u4efd\u9274\u522b\u670d\u52a1\uff08keystone\uff09\u652f\u6301\u591a\u79cd\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\uff0c\u5305\u62ec\u7528\u6237\u540d\u548c\u5bc6\u7801\u3001LDAP \u548c\u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u3002\u8eab\u4efd\u8ba4\u8bc1\u6210\u529f\u540e\uff0c\u8eab\u4efd\u9274\u522b\u670d\u52a1\u4f1a\u5411\u7528\u6237\u63d0\u4f9b\u7528\u4e8e\u540e\u7eed\u670d\u52a1\u8bf7\u6c42\u7684\u6388\u6743\u4ee4\u724c\u3002 \u4f20\u8f93\u5c42\u5b89\u5168\u6027 \uff08TLS\uff09 \u4f7f\u7528 X.509 \u8bc1\u4e66\u5728\u670d\u52a1\u548c\u4eba\u5458\u4e4b\u95f4\u63d0\u4f9b\u8eab\u4efd\u9a8c\u8bc1\u3002\u5c3d\u7ba1 TLS \u7684\u9ed8\u8ba4\u6a21\u5f0f\u662f\u4ec5\u670d\u52a1\u5668\u7aef\u8eab\u4efd\u9a8c\u8bc1\uff0c\u4f46\u8bc1\u4e66\u4e5f\u53ef\u7528\u4e8e\u5ba2\u6237\u7aef\u8eab\u4efd\u9a8c\u8bc1\u3002","title":"\u8ba4\u8bc1"},{"location":"security/security-guide/#_108","text":"\u4ece Newton \u7248\u672c\u5f00\u59cb\uff0c\u8eab\u4efd\u9274\u522b\u670d\u52a1\u53ef\u4ee5\u5728\u591a\u6b21\u767b\u5f55\u5c1d\u8bd5\u5931\u8d25\u540e\u9650\u5236\u5bf9\u5e10\u6237\u7684\u8bbf\u95ee\u3002\u91cd\u590d\u5931\u8d25\u767b\u5f55\u5c1d\u8bd5\u7684\u6a21\u5f0f\u901a\u5e38\u662f\u66b4\u529b\u653b\u51fb\u7684\u6307\u6807\uff08\u8bf7\u53c2\u9605\u653b\u51fb\u7c7b\u578b\uff09\u3002\u8fd9\u79cd\u7c7b\u578b\u7684\u653b\u51fb\u5728\u516c\u6709\u4e91\u90e8\u7f72\u4e2d\u66f4\u4e3a\u666e\u904d\u3002 \u5bf9\u4e8e\u9700\u8981\u6b64\u529f\u80fd\u7684\u65e7\u90e8\u7f72\uff0c\u53ef\u4ee5\u4f7f\u7528\u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1\u7cfb\u7edf\u8fdb\u884c\u9884\u9632\uff0c\u8be5\u7cfb\u7edf\u5728\u914d\u7f6e\u7684\u767b\u5f55\u5c1d\u8bd5\u5931\u8d25\u6b21\u6570\u540e\u9501\u5b9a\u5e10\u6237\u3002\u7136\u540e\uff0c\u53ea\u6709\u901a\u8fc7\u8fdb\u4e00\u6b65\u7684\u4fa7\u4fe1\u9053\u5e72\u9884\u624d\u80fd\u89e3\u9501\u8be5\u5e10\u6237\u3002 \u5982\u679c\u65e0\u6cd5\u9884\u9632\uff0c\u5219\u53ef\u4ee5\u4f7f\u7528\u68c0\u6d4b\u6765\u51cf\u8f7b\u635f\u5bb3\u3002\u68c0\u6d4b\u6d89\u53ca\u9891\u7e41\u67e5\u770b\u8bbf\u95ee\u63a7\u5236\u65e5\u5fd7\uff0c\u4ee5\u8bc6\u522b\u672a\u7ecf\u6388\u6743\u7684\u5e10\u6237\u8bbf\u95ee\u5c1d\u8bd5\u3002\u53ef\u80fd\u7684\u8865\u6551\u63aa\u65bd\u5305\u62ec\u68c0\u67e5\u7528\u6237\u5bc6\u7801\u7684\u5f3a\u5ea6\uff0c\u6216\u901a\u8fc7\u9632\u706b\u5899\u89c4\u5219\u963b\u6b62\u653b\u51fb\u7684\u7f51\u7edc\u6e90\u3002Keystone \u670d\u52a1\u5668\u4e0a\u9650\u5236\u8fde\u63a5\u6570\u7684\u9632\u706b\u5899\u89c4\u5219\u53ef\u7528\u4e8e\u964d\u4f4e\u653b\u51fb\u6548\u7387\uff0c\u4ece\u800c\u529d\u963b\u653b\u51fb\u8005\u3002 \u6b64\u5916\uff0c\u68c0\u67e5\u5e10\u6237\u6d3b\u52a8\u662f\u5426\u5b58\u5728\u5f02\u5e38\u767b\u5f55\u65f6\u95f4\u548c\u53ef\u7591\u64cd\u4f5c\uff0c\u5e76\u91c7\u53d6\u7ea0\u6b63\u63aa\u65bd\uff08\u5982\u7981\u7528\u5e10\u6237\uff09\u4e5f\u5f88\u6709\u7528\u3002\u901a\u5e38\uff0c\u4fe1\u7528\u5361\u63d0\u4f9b\u5546\u91c7\u7528\u8fd9\u79cd\u65b9\u6cd5\u8fdb\u884c\u6b3a\u8bc8\u68c0\u6d4b\u548c\u8b66\u62a5\u3002","title":"\u65e0\u6548\u7684\u767b\u5f55\u5c1d\u8bd5"},{"location":"security/security-guide/#_109","text":"\u91c7\u7528\u591a\u91cd\u8eab\u4efd\u9a8c\u8bc1\u5bf9\u7279\u6743\u7528\u6237\u5e10\u6237\u8fdb\u884c\u7f51\u7edc\u8bbf\u95ee\u3002\u8eab\u4efd\u9274\u522b\u670d\u52a1\u901a\u8fc7\u53ef\u63d0\u4f9b\u6b64\u529f\u80fd\u7684 Apache Web \u670d\u52a1\u5668\u652f\u6301\u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u3002\u670d\u52a1\u5668\u8fd8\u53ef\u4ee5\u4f7f\u7528\u8bc1\u4e66\u5f3a\u5236\u6267\u884c\u5ba2\u6237\u7aef\u8eab\u4efd\u9a8c\u8bc1\u3002 \u6b64\u5efa\u8bae\u53ef\u9632\u6b62\u66b4\u529b\u7834\u89e3\u3001\u793e\u4f1a\u5de5\u7a0b\u4ee5\u53ca\u53ef\u80fd\u6cc4\u9732\u7ba1\u7406\u5458\u5bc6\u7801\u7684\u72d9\u51fb\u548c\u5927\u89c4\u6a21\u7f51\u7edc\u9493\u9c7c\u653b\u51fb\u3002","title":"\u591a\u56e0\u7d20\u8eab\u4efd\u9a8c\u8bc1"},{"location":"security/security-guide/#_110","text":"","title":"\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5"},{"location":"security/security-guide/#_111","text":"\u8eab\u4efd\u8ba4\u8bc1\u670d\u52a1\u53ef\u4ee5\u5c06\u7528\u6237\u51ed\u636e\u5b58\u50a8\u5728 SQL \u6570\u636e\u5e93\u4e2d\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u7b26\u5408 LDAP \u7684\u76ee\u5f55\u670d\u52a1\u5668\u3002\u8eab\u4efd\u6570\u636e\u5e93\u53ef\u4ee5\u4e0e\u5176\u4ed6 OpenStack \u670d\u52a1\u4f7f\u7528\u7684\u6570\u636e\u5e93\u5206\u5f00\uff0c\u4ee5\u964d\u4f4e\u5b58\u50a8\u51ed\u636e\u6cc4\u9732\u7684\u98ce\u9669\u3002 \u5f53\u60a8\u4f7f\u7528\u7528\u6237\u540d\u548c\u5bc6\u7801\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u65f6\uff0c\u8eab\u4efd\u670d\u52a1\u4e0d\u4f1a\u5f3a\u5236\u6267\u884c NIST Special Publication 800-118\uff08\u8349\u6848\uff09\u4e2d\u63a8\u8350\u7684\u6709\u5173\u5bc6\u7801\u5f3a\u5ea6\u3001\u8fc7\u671f\u6216\u5931\u8d25\u8eab\u4efd\u9a8c\u8bc1\u5c1d\u8bd5\u7684\u7b56\u7565\u3002\u5e0c\u671b\u6267\u884c\u66f4\u4e25\u683c\u5bc6\u7801\u7b56\u7565\u7684\u7ec4\u7ec7\u5e94\u8003\u8651\u4f7f\u7528\u8eab\u4efd\u670d\u52a1\u7684\u6269\u5c55\u6216\u5916\u90e8\u8ba4\u8bc1\u670d\u52a1\u3002 LDAP \u7b80\u5316\u4e86\u8eab\u4efd\u8ba4\u8bc1\u4e0e\u7ec4\u7ec7\u73b0\u6709\u76ee\u5f55\u670d\u52a1\u548c\u7528\u6237\u5e10\u6237\u7ba1\u7406\u6d41\u7a0b\u7684\u96c6\u6210\u3002 OpenStack \u4e2d\u7684\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743\u7b56\u7565\u53ef\u4ee5\u59d4\u6258\u7ed9\u5176\u4ed6\u670d\u52a1\u3002\u4e00\u4e2a\u5178\u578b\u7684\u7528\u4f8b\u662f\u5bfb\u6c42\u90e8\u7f72\u79c1\u6709\u4e91\u7684\u7ec4\u7ec7\uff0c\u5e76\u4e14\u5df2\u7ecf\u5728 LDAP \u7cfb\u7edf\u4e2d\u62e5\u6709\u5458\u5de5\u548c\u7528\u6237\u7684\u6570\u636e\u5e93\u3002\u4f7f\u7528\u6b64\u8eab\u4efd\u9a8c\u8bc1\u673a\u6784\uff0c\u5c06\u5bf9\u8eab\u4efd\u670d\u52a1\u7684\u8bf7\u6c42\u59d4\u6258\u7ed9 LDAP \u7cfb\u7edf\uff0c\u7136\u540e LDAP \u7cfb\u7edf\u5c06\u6839\u636e\u5176\u7b56\u7565\u8fdb\u884c\u6388\u6743\u6216\u62d2\u7edd\u3002\u8eab\u4efd\u9a8c\u8bc1\u6210\u529f\u540e\uff0c\u8eab\u4efd\u9274\u522b\u670d\u52a1\u4f1a\u751f\u6210\u4e00\u4e2a\u4ee4\u724c\uff0c\u7528\u4e8e\u8bbf\u95ee\u6388\u6743\u670d\u52a1\u3002 \u8bf7\u6ce8\u610f\uff0c\u5982\u679c LDAP \u7cfb\u7edf\u5177\u6709\u4e3a\u7528\u6237\u5b9a\u4e49\u7684\u5c5e\u6027\uff0c\u4f8b\u5982 admin\u3001finance\u3001HR \u7b49\uff0c\u5219\u5fc5\u987b\u5c06\u8fd9\u4e9b\u5c5e\u6027\u6620\u5c04\u5230\u8eab\u4efd\u9274\u522b\u4e2d\u7684\u89d2\u8272\u548c\u7ec4\uff0c\u4ee5\u4f9b\u5404\u79cd OpenStack \u670d\u52a1\u4f7f\u7528\u3002\u8be5\u6587\u4ef6 /etc/keystone/keystone.conf \u5c06 LDAP \u5c5e\u6027\u6620\u5c04\u5230\u8eab\u4efd\u5c5e\u6027\u3002 \u4e0d\u5f97\u5141\u8bb8\u8eab\u4efd\u670d\u52a1\u5199\u5165\u7528\u4e8e OpenStack \u90e8\u7f72\u4e4b\u5916\u7684\u8eab\u4efd\u9a8c\u8bc1\u7684 LDAP \u670d\u52a1\uff0c\u56e0\u4e3a\u8fd9\u5c06\u5141\u8bb8\u5177\u6709\u8db3\u591f\u6743\u9650\u7684 keystone \u7528\u6237\u5bf9 LDAP \u76ee\u5f55\u8fdb\u884c\u66f4\u6539\u3002\u8fd9\u5c06\u5141\u8bb8\u5728\u66f4\u5e7f\u6cdb\u7684\u7ec4\u7ec7\u5185\u8fdb\u884c\u6743\u9650\u5347\u7ea7\uff0c\u6216\u4fc3\u8fdb\u5bf9\u5176\u4ed6\u4fe1\u606f\u548c\u8d44\u6e90\u7684\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002\u5728\u8fd9\u6837\u7684\u90e8\u7f72\u4e2d\uff0c\u7528\u6237\u914d\u7f6e\u5c06\u8d85\u51fa OpenStack \u90e8\u7f72\u7684\u8303\u56f4\u3002 \u6ce8\u610f \u6709\u4e00\u4e2a\u5173\u4e8e keystone.conf \u6743\u9650\u7684 OpenStack \u5b89\u5168\u8bf4\u660e \uff08OSSN\uff09\u3002 \u6709\u4e00\u4e2a\u5173\u4e8e\u6f5c\u5728 DoS \u653b\u51fb\u7684 OpenStack \u5b89\u5168\u8bf4\u660e \uff08OSSN\uff09\u3002","title":"\u5185\u90e8\u5b9e\u73b0\u7684\u8ba4\u8bc1\u65b9\u5f0f"},{"location":"security/security-guide/#_112","text":"\u672c\u7ec4\u7ec7\u53ef\u80fd\u5e0c\u671b\u5b9e\u73b0\u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1\uff0c\u4ee5\u4fbf\u4e0e\u73b0\u6709\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u517c\u5bb9\uff0c\u6216\u5f3a\u5236\u5b9e\u65bd\u66f4\u5f3a\u7684\u8eab\u4efd\u9a8c\u8bc1\u7b56\u7565\u8981\u6c42\u3002\u5c3d\u7ba1\u5bc6\u7801\u662f\u6700\u5e38\u89c1\u7684\u8eab\u4efd\u9a8c\u8bc1\u5f62\u5f0f\uff0c\u4f46\u5b83\u4eec\u53ef\u4ee5\u901a\u8fc7\u591a\u79cd\u65b9\u6cd5\u6cc4\u9732\uff0c\u5305\u62ec\u51fb\u952e\u8bb0\u5f55\u548c\u5bc6\u7801\u6cc4\u9732\u3002\u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u53ef\u4ee5\u63d0\u4f9b\u66ff\u4ee3\u5f62\u5f0f\u7684\u8eab\u4efd\u9a8c\u8bc1\uff0c\u4ee5\u6700\u5927\u7a0b\u5ea6\u5730\u964d\u4f4e\u5f31\u5bc6\u7801\u5e26\u6765\u7684\u98ce\u9669\u3002 \u8fd9\u4e9b\u5305\u62ec\uff1a \u5bc6\u7801\u7b56\u7565\u5b9e\u65bd \u8981\u6c42\u7528\u6237\u5bc6\u7801\u7b26\u5408\u957f\u5ea6\u3001\u5b57\u7b26\u591a\u6837\u6027\u3001\u8fc7\u671f\u6216\u767b\u5f55\u5c1d\u8bd5\u5931\u8d25\u7684\u6700\u4f4e\u6807\u51c6\u3002\u5728\u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6848\u4e2d\uff0c\u8fd9\u5c06\u662f\u539f\u59cb\u8eab\u4efd\u5b58\u50a8\u4e0a\u7684\u5bc6\u7801\u7b56\u7565\u3002 \u591a\u56e0\u7d20\u8eab\u4efd\u9a8c\u8bc1 \u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u8981\u6c42\u7528\u6237\u6839\u636e\u4ed6\u4eec\u62e5\u6709\u7684\u5185\u5bb9\uff08\u5982\u4e00\u6b21\u6027\u5bc6\u7801\u4ee4\u724c\u6216 X.509 \u8bc1\u4e66\uff09\u548c\u4ed6\u4eec\u77e5\u9053\u7684\u5185\u5bb9\uff08\u5982\u5bc6\u7801\uff09\u63d0\u4f9b\u4fe1\u606f\u3002 Kerberos \u4e00\u79cd\u4f7f\u7528\u201c\u7968\u8bc1\u201d\u8fdb\u884c\u53cc\u5411\u8ba4\u8bc1\u7684\u7f51\u7edc\u534f\u8bae\uff0c\u7528\u4e8e\u4fdd\u62a4\u5ba2\u6237\u7aef\u548c\u670d\u52a1\u5668\u4e4b\u95f4\u7684\u901a\u4fe1\u3002Kerberos \u7968\u8bc1\u6388\u4e88\u7968\u8bc1\u53ef\u5b89\u5168\u5730\u4e3a\u7279\u5b9a\u670d\u52a1\u63d0\u4f9b\u7968\u8bc1\u3002","title":"\u5916\u90e8\u8ba4\u8bc1\u65b9\u5f0f"},{"location":"security/security-guide/#_113","text":"\u8eab\u4efd\u670d\u52a1\u652f\u6301\u7ec4\u548c\u89d2\u8272\u7684\u6982\u5ff5\u3002\u7528\u6237\u5c5e\u4e8e\u7ec4\uff0c\u800c\u7ec4\u5177\u6709\u89d2\u8272\u5217\u8868\u3002OpenStack \u670d\u52a1\u5f15\u7528\u5c1d\u8bd5\u8bbf\u95ee\u8be5\u670d\u52a1\u7684\u7528\u6237\u7684\u89d2\u8272\u3002OpenStack \u7b56\u7565\u6267\u884c\u5668\u4e2d\u95f4\u4ef6\u4f1a\u8003\u8651\u4e0e\u6bcf\u4e2a\u8d44\u6e90\u5173\u8054\u7684\u7b56\u7565\u89c4\u5219\uff0c\u7136\u540e\u8003\u8651\u7528\u6237\u7684\u7ec4/\u89d2\u8272\u548c\u5173\u8054\uff0c\u4ee5\u786e\u5b9a\u662f\u5426\u5141\u8bb8\u8bbf\u95ee\u6240\u8bf7\u6c42\u7684\u8d44\u6e90\u3002 \u7b56\u7565\u5b9e\u65bd\u4e2d\u95f4\u4ef6\u652f\u6301\u5bf9 OpenStack \u8d44\u6e90\u8fdb\u884c\u7ec6\u7c92\u5ea6\u7684\u8bbf\u95ee\u63a7\u5236\u3002\u7b56\u7565\u4e2d\u6df1\u5165\u8ba8\u8bba\u4e86\u7b56\u7565\u7684\u884c\u4e3a\u3002","title":"\u6388\u6743"},{"location":"security/security-guide/#_114","text":"\u5728\u914d\u7f6e\u89d2\u8272\u3001\u7ec4\u548c\u7528\u6237\u4e4b\u524d\uff0c\u8bf7\u8bb0\u5f55 OpenStack \u5b89\u88c5\u6240\u9700\u7684\u8bbf\u95ee\u63a7\u5236\u7b56\u7565\u3002\u8fd9\u4e9b\u7b56\u7565\u5e94\u4e0e\u7ec4\u7ec7\u7684\u4efb\u4f55\u6cd5\u89c4\u6216\u6cd5\u5f8b\u8981\u6c42\u4fdd\u6301\u4e00\u81f4\u3002\u5c06\u6765\u5bf9\u8bbf\u95ee\u63a7\u5236\u914d\u7f6e\u7684\u4fee\u6539\u5e94\u4e0e\u6b63\u5f0f\u7b56\u7565\u4fdd\u6301\u4e00\u81f4\u3002\u7b56\u7565\u5e94\u5305\u62ec\u521b\u5efa\u3001\u5220\u9664\u3001\u7981\u7528\u548c\u542f\u7528\u5e10\u6237\u4ee5\u53ca\u4e3a\u5e10\u6237\u5206\u914d\u6743\u9650\u7684\u6761\u4ef6\u548c\u8fc7\u7a0b\u3002\u5b9a\u671f\u67e5\u770b\u7b56\u7565\uff0c\u5e76\u786e\u4fdd\u914d\u7f6e\u7b26\u5408\u6279\u51c6\u7684\u7b56\u7565\u3002","title":"\u5efa\u7acb\u6b63\u5f0f\u7684\u8bbf\u95ee\u63a7\u5236\u7b56\u7565"},{"location":"security/security-guide/#_115","text":"\u4e91\u7ba1\u7406\u5458\u5fc5\u987b\u4e3a\u6bcf\u4e2a\u670d\u52a1\u5b9a\u4e49\u4e00\u4e2a\u5177\u6709\u7ba1\u7406\u5458\u89d2\u8272\u7684\u7528\u6237\uff0c\u5982\u300aOpenStack \u7ba1\u7406\u5458\u6307\u5357\u300b\u4e2d\u6240\u8ff0\u3002\u6b64\u670d\u52a1\u5e10\u6237\u4e3a\u670d\u52a1\u63d0\u4f9b\u5bf9\u7528\u6237\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u7684\u6388\u6743\u3002 \u53ef\u4ee5\u5c06\u8ba1\u7b97\u548c\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u914d\u7f6e\u4e3a\u4f7f\u7528\u8eab\u4efd\u670d\u52a1\u6765\u5b58\u50a8\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u3002\u5b58\u50a8\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u7684\u5176\u4ed6\u9009\u9879\u5305\u62ec\u4f7f\u7528\u201ctempAuth\u201d\u6587\u4ef6\uff0c\u4f46\u4e0d\u5e94\u5c06\u5176\u90e8\u7f72\u5728\u751f\u4ea7\u73af\u5883\u4e2d\uff0c\u56e0\u4e3a\u5bc6\u7801\u4ee5\u7eaf\u6587\u672c\u5f62\u5f0f\u663e\u793a\u3002 \u8eab\u4efd\u9274\u522b\u670d\u52a1\u652f\u6301\u5bf9 TLS \u8fdb\u884c\u5ba2\u6237\u7aef\u8eab\u4efd\u9a8c\u8bc1\uff0c\u8be5\u8eab\u4efd\u9a8c\u8bc1\u53ef\u80fd\u5df2\u542f\u7528\u3002\u9664\u4e86\u7528\u6237\u540d\u548c\u5bc6\u7801\u4e4b\u5916\uff0cTLS \u5ba2\u6237\u7aef\u8eab\u4efd\u9a8c\u8bc1\u8fd8\u63d0\u4f9b\u4e86\u989d\u5916\u7684\u8eab\u4efd\u9a8c\u8bc1\u56e0\u7d20\uff0c\u4ece\u800c\u63d0\u9ad8\u4e86\u7528\u6237\u6807\u8bc6\u7684\u53ef\u9760\u6027\u3002\u5f53\u7528\u6237\u540d\u548c\u5bc6\u7801\u53ef\u80fd\u88ab\u6cc4\u9732\u65f6\uff0c\u5b83\u964d\u4f4e\u4e86\u672a\u7ecf\u6388\u6743\u8bbf\u95ee\u7684\u98ce\u9669\u3002\u4f46\u662f\uff0c\u5411\u7528\u6237\u9881\u53d1\u8bc1\u4e66\u4f1a\u4ea7\u751f\u989d\u5916\u7684\u7ba1\u7406\u5f00\u9500\u548c\u6210\u672c\uff0c\u8fd9\u5728\u6bcf\u6b21\u90e8\u7f72\u4e2d\u90fd\u53ef\u80fd\u4e0d\u53ef\u884c\u3002 \u6ce8\u610f \u6211\u4eec\u5efa\u8bae\u60a8\u5c06\u5ba2\u6237\u7aef\u8eab\u4efd\u9a8c\u8bc1\u4e0e TLS \u7ed3\u5408\u4f7f\u7528\uff0c\u4ee5\u4fbf\u5bf9\u8eab\u4efd\u9274\u522b\u670d\u52a1\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002 \u4e91\u7ba1\u7406\u5458\u5e94\u4fdd\u62a4\u654f\u611f\u7684\u914d\u7f6e\u6587\u4ef6\u514d\u906d\u672a\u7ecf\u6388\u6743\u7684\u4fee\u6539\u3002\u8fd9\u53ef\u4ee5\u901a\u8fc7\u5f3a\u5236\u6027\u8bbf\u95ee\u63a7\u5236\u6846\u67b6\uff08\u5982 SELinux\uff09\u6765\u5b9e\u73b0\uff0c\u5305\u62ec /etc/keystone/keystone.conf X.509 \u8bc1\u4e66\u3002 \u4f7f\u7528 TLS \u7684\u5ba2\u6237\u7aef\u8eab\u4efd\u9a8c\u8bc1\u9700\u8981\u5411\u670d\u52a1\u9881\u53d1\u8bc1\u4e66\u3002\u8fd9\u4e9b\u8bc1\u4e66\u53ef\u4ee5\u7531\u5916\u90e8\u6216\u5185\u90e8\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u7b7e\u540d\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0cOpenStack \u670d\u52a1\u4f1a\u6839\u636e\u53d7\u4fe1\u4efb\u7684 CA \u68c0\u67e5\u8bc1\u4e66\u7b7e\u540d\u7684\u6709\u6548\u6027\uff0c\u5982\u679c\u7b7e\u540d\u65e0\u6548\u6216 CA \u4e0d\u53ef\u4fe1\uff0c\u8fde\u63a5\u5c06\u5931\u8d25\u3002\u4e91\u90e8\u7f72\u4eba\u5458\u53ef\u4ee5\u4f7f\u7528\u81ea\u7b7e\u540d\u8bc1\u4e66\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u5fc5\u987b\u7981\u7528\u6709\u6548\u6027\u68c0\u67e5\uff0c\u6216\u8005\u5e94\u5c06\u8bc1\u4e66\u6807\u8bb0\u4e3a\u53d7\u4fe1\u4efb\u3002\u82e5\u8981\u7981\u7528\u81ea\u7b7e\u540d\u8bc1\u4e66\u7684\u9a8c\u8bc1\uff0c\u8bf7\u5728 /etc/nova/api.paste.ini \u6587\u4ef6\u7684 [filter:authtoken] \u201c\u90e8\u5206\u201d\u4e2d\u8fdb\u884c\u8bbe\u7f6e insecure=False \u3002\u6b64\u8bbe\u7f6e\u8fd8\u4f1a\u7981\u7528\u5176\u4ed6\u7ec4\u4ef6\u7684\u8bc1\u4e66\u3002","title":"\u670d\u52a1\u6388\u6743"},{"location":"security/security-guide/#_116","text":"\u6211\u4eec\u5efa\u8bae\u7ba1\u7406\u5458\u7528\u6237\u4f7f\u7528\u8eab\u4efd\u670d\u52a1\u548c\u652f\u6301 2 \u56e0\u7d20\u8eab\u4efd\u9a8c\u8bc1\u7684\u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\uff08\u4f8b\u5982\u8bc1\u4e66\uff09\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u8fd9\u6837\u53ef\u4ee5\u964d\u4f4e\u5bc6\u7801\u53ef\u80fd\u88ab\u6cc4\u9732\u7684\u98ce\u9669\u3002\u6b64\u5efa\u8bae\u7b26\u5408 NIST 800-53 IA-2\uff081\uff09 \u6307\u5357\uff0c\u5373\u4f7f\u7528\u591a\u91cd\u8eab\u4efd\u9a8c\u8bc1\u5bf9\u7279\u6743\u5e10\u6237\u8fdb\u884c\u7f51\u7edc\u8bbf\u95ee\u3002","title":"\u7ba1\u7406\u5458\u7528\u6237"},{"location":"security/security-guide/#_117","text":"\u8eab\u4efd\u9274\u522b\u670d\u52a1\u53ef\u4ee5\u76f4\u63a5\u63d0\u4f9b\u6700\u7ec8\u7528\u6237\u8eab\u4efd\u9a8c\u8bc1\uff0c\u4e5f\u53ef\u4ee5\u914d\u7f6e\u4e3a\u4f7f\u7528\u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u4ee5\u7b26\u5408\u7ec4\u7ec7\u7684\u5b89\u5168\u7b56\u7565\u548c\u8981\u6c42\u3002","title":"\u7ec8\u7aef\u7528\u6237"},{"location":"security/security-guide/#_118","text":"\u6bcf\u4e2a OpenStack \u670d\u52a1\u90fd\u5728\u5173\u8054\u7684\u7b56\u7565\u6587\u4ef6\u4e2d\u5b9a\u4e49\u5176\u8d44\u6e90\u7684\u8bbf\u95ee\u7b56\u7565\u3002\u4f8b\u5982\uff0c\u8d44\u6e90\u53ef\u4ee5\u662f API \u8bbf\u95ee\u3001\u9644\u52a0\u5230\u5377\u6216\u542f\u52a8\u5b9e\u4f8b\u7684\u80fd\u529b\u3002\u7b56\u7565\u89c4\u5219\u4ee5 JSON \u683c\u5f0f\u6307\u5b9a\uff0c\u6587\u4ef6\u79f0\u4e3a policy.json .\u6b64\u6587\u4ef6\u7684\u8bed\u6cd5\u548c\u683c\u5f0f\u5728\u914d\u7f6e\u53c2\u8003\u4e2d\u8fdb\u884c\u4e86\u8ba8\u8bba\u3002 \u4e91\u7ba1\u7406\u5458\u53ef\u4ee5\u4fee\u6539\u6216\u66f4\u65b0\u8fd9\u4e9b\u7b56\u7565\uff0c\u4ee5\u63a7\u5236\u5bf9\u5404\u79cd\u8d44\u6e90\u7684\u8bbf\u95ee\u3002\u786e\u4fdd\u5bf9\u8bbf\u95ee\u63a7\u5236\u7b56\u7565\u7684\u4efb\u4f55\u66f4\u6539\u90fd\u4e0d\u4f1a\u65e0\u610f\u4e2d\u524a\u5f31\u4efb\u4f55\u8d44\u6e90\u7684\u5b89\u5168\u6027\u3002\u53e6\u8bf7\u6ce8\u610f\uff0c\u5bf9 policy.json \u6587\u4ef6\u7684\u66f4\u6539\u4f1a\u7acb\u5373\u751f\u6548\uff0c\u5e76\u4e14\u4e0d\u9700\u8981\u91cd\u65b0\u542f\u52a8\u670d\u52a1\u3002 \u4ee5\u4e0b\u793a\u4f8b\u663e\u793a\u4e86\u8be5\u670d\u52a1\u5982\u4f55\u5c06\u521b\u5efa\u3001\u66f4\u65b0\u548c\u5220\u9664\u8d44\u6e90\u7684\u8bbf\u95ee\u6743\u9650\u9650\u5236\u4e3a\u4ec5\u5177\u6709\u89d2\u8272 cloud_admin \u7684\u7528\u6237\uff0c\u8be5\u89d2\u8272\u5df2\u5b9a\u4e49\u4e3a role = admin \u548c domain_id = admin_domain_id \u7684\u7ed3\u5408\uff0c\u800c get \u548c list \u8d44\u6e90\u53ef\u4f9b\u89d2\u8272\u4e3a cloud_admin \u6216 admin \u7684\u7528\u6237\u4f7f\u7528\u3002 { \"admin_required\": \"role:admin\", \"cloud_admin\": \"rule:admin_required and domain_id:admin_domain_id\", \"service_role\": \"role:service\", \"service_or_admin\": \"rule:admin_required or rule:service_role\", \"owner\" : \"user_id:%(user_id)s or user_id:%(target.token.user_id)s\", \"admin_or_owner\": \"(rule:admin_required and domain_id:%(target.token.user.domain.id)s) or rule:owner\", \"admin_or_cloud_admin\": \"rule:admin_required or rule:cloud_admin\", \"admin_and_matching_domain_id\": \"rule:admin_required and domain_id:%(domain_id)s\", \"service_admin_or_owner\": \"rule:service_or_admin or rule:owner\", \"default\": \"rule:admin_required\", \"identity:get_service\": \"rule:admin_or_cloud_admin\", \"identity:list_services\": \"rule:admin_or_cloud_admin\", \"identity:create_service\": \"rule:cloud_admin\", \"identity:update_service\": \"rule:cloud_admin\", \"identity:delete_service\": \"rule:cloud_admin\", \"identity:get_endpoint\": \"rule:admin_or_cloud_admin\", \"identity:list_endpoints\": \"rule:admin_or_cloud_admin\", \"identity:create_endpoint\": \"rule:cloud_admin\", \"identity:update_endpoint\": \"rule:cloud_admin\", \"identity:delete_endpoint\": \"rule:cloud_admin\", }","title":"\u653f\u7b56"},{"location":"security/security-guide/#_119","text":"\u7528\u6237\u901a\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u540e\uff0c\u5c06\u751f\u6210\u4e00\u4e2a\u4ee4\u724c\uff0c\u7528\u4e8e\u6388\u6743\u548c\u8bbf\u95ee OpenStack \u73af\u5883\u3002\u4ee3\u5e01\u53ef\u4ee5\u5177\u6709\u53ef\u53d8\u7684\u751f\u547d\u5468\u671f;\u4f46\u662f\uff0cexpiry \u7684\u9ed8\u8ba4\u503c\u4e3a 1 \u5c0f\u65f6\u3002\u5efa\u8bae\u7684\u8fc7\u671f\u503c\u5e94\u8bbe\u7f6e\u4e3a\u8f83\u4f4e\u7684\u503c\uff0c\u4ee5\u4fbf\u5185\u90e8\u670d\u52a1\u6709\u8db3\u591f\u7684\u65f6\u95f4\u5b8c\u6210\u4efb\u52a1\u3002\u5982\u679c\u4ee4\u724c\u5728\u4efb\u52a1\u5b8c\u6210\u4e4b\u524d\u8fc7\u671f\uff0c\u4e91\u53ef\u80fd\u4f1a\u53d8\u5f97\u65e0\u54cd\u5e94\u6216\u505c\u6b62\u63d0\u4f9b\u670d\u52a1\u3002\u4f8b\u5982\uff0c\u8ba1\u7b97\u670d\u52a1\u5c06\u78c1\u76d8\u6620\u50cf\u4f20\u8f93\u5230\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u4ee5\u8fdb\u884c\u672c\u5730\u7f13\u5b58\u6240\u9700\u7684\u65f6\u95f4\u3002\u5141\u8bb8\u5728\u4f7f\u7528\u6709\u6548\u7684\u670d\u52a1\u4ee4\u724c\u65f6\u63d0\u53d6\u8fc7\u671f\u7684\u4ee4\u724c\u3002 \u4ee4\u724c\u901a\u5e38\u5728 Identity \u670d\u52a1\u54cd\u5e94\u7684\u8f83\u5927\u4e0a\u4e0b\u6587\u7684\u7ed3\u6784\u4e2d\u4f20\u9012\u3002\u8fd9\u4e9b\u54cd\u5e94\u8fd8\u63d0\u4f9b\u4e86\u5404\u79cd OpenStack \u670d\u52a1\u7684\u76ee\u5f55\u3002\u5217\u51fa\u4e86\u6bcf\u4e2a\u670d\u52a1\u7684\u540d\u79f0\u3001\u5185\u90e8\u8bbf\u95ee\u3001\u7ba1\u7406\u5458\u8bbf\u95ee\u548c\u516c\u5171\u8bbf\u95ee\u7684\u8bbf\u95ee\u7ec8\u7ed3\u70b9\u3002 \u53ef\u4ee5\u4f7f\u7528\u6807\u8bc6 API \u540a\u9500\u4ee4\u724c\u3002 \u5728 Stein \u7248\u672c\u4e2d\uff0c\u6709\u4e24\u79cd\u53d7\u652f\u6301\u7684\u4ee4\u724c\u7c7b\u578b\uff1afernet \u548c JWT\u3002 fernet \u548c JWT \u4ee4\u724c\u90fd\u4e0d\u9700\u8981\u6301\u4e45\u6027\u3002Keystone \u4ee4\u724c\u6570\u636e\u5e93\u4e0d\u518d\u56e0\u8eab\u4efd\u9a8c\u8bc1\u7684\u526f\u4f5c\u7528\u800c\u906d\u53d7\u81a8\u80c0\u3002\u8fc7\u671f\u4ee4\u724c\u7684\u4fee\u526a\u4f1a\u81ea\u52a8\u8fdb\u884c\u3002\u4e5f\u4e0d\u518d\u9700\u8981\u8de8\u591a\u4e2a\u8282\u70b9\u8fdb\u884c\u590d\u5236\u3002\u53ea\u8981\u6bcf\u4e2a keystone \u8282\u70b9\u5171\u4eab\u76f8\u540c\u7684\u5b58\u50a8\u5e93\uff0c\u5c31\u53ef\u4ee5\u5728\u6240\u6709\u8282\u70b9\u4e0a\u7acb\u5373\u521b\u5efa\u548c\u9a8c\u8bc1\u4ee4\u724c\u3002","title":"\u4ee4\u724c"},{"location":"security/security-guide/#fernet","text":"Fernet \u4ee4\u724c\u662f Stein \u652f\u6301\u7684\u4ee4\u724c\u63d0\u4f9b\u7a0b\u5e8f\uff08\u9ed8\u8ba4\uff09\u3002Fernet \u662f\u4e00\u79cd\u5b89\u5168\u7684\u6d88\u606f\u4f20\u9012\u683c\u5f0f\uff0c\u4e13\u95e8\u8bbe\u8ba1\u7528\u4e8e API \u4ee4\u724c\u3002\u5b83\u4eec\u662f\u8f7b\u91cf\u7ea7\u7684\uff08\u8303\u56f4\u5728 180 \u5230 240 \u5b57\u8282\u4e4b\u95f4\uff09\uff0c\u5e76\u51cf\u5c11\u4e86\u8fd0\u884c\u4e91\u6240\u9700\u7684\u8fd0\u8425\u5f00\u9500\u3002\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743\u5143\u6570\u636e\u88ab\u6574\u9f50\u5730\u6346\u7ed1\u5230\u6d88\u606f\u6253\u5305\u7684\u6709\u6548\u8d1f\u8f7d\u4e2d\uff0c\u7136\u540e\u5bf9\u5176\u8fdb\u884c\u52a0\u5bc6\u5e76\u4f5c\u4e3a fernet \u4ee4\u724c\u767b\u5f55\u3002","title":"Fernet \u4ee4\u724c"},{"location":"security/security-guide/#jwt","text":"JSON Web \u7b7e\u540d \uff08JWS\uff09 \u4ee4\u724c\u662f\u5728 Stein \u7248\u672c\u4e2d\u5f15\u5165\u7684\u3002\u4e0efernet\u76f8\u6bd4\uff0cJWS\u901a\u8fc7\u9650\u5236\u9700\u8981\u5171\u4eab\u5bf9\u79f0\u52a0\u5bc6\u5bc6\u94a5\u7684\u4e3b\u673a\u6570\u91cf\uff0c\u4e3a\u8fd0\u8425\u5546\u63d0\u4f9b\u4e86\u6f5c\u5728\u7684\u597d\u5904\u3002\u8fd9\u6709\u52a9\u4e8e\u9632\u6b62\u53ef\u80fd\u5df2\u5728\u90e8\u7f72\u4e2d\u7ad9\u7a33\u811a\u8ddf\u7684\u6076\u610f\u53c2\u4e0e\u8005\u6269\u6563\u5230\u5176\u4ed6\u8282\u70b9\u3002 \u6709\u5173\u8fd9\u4e9b\u4ee4\u724c\u63d0\u4f9b\u7a0b\u5e8f\u4e4b\u95f4\u5dee\u5f02\u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u6b64\u5904 https://docs.openstack.org/keystone/stein/admin/tokens-overview.html#token-providers","title":"JWT \u4ee4\u724c"},{"location":"security/security-guide/#_120","text":"\u57df\u662f\u9879\u76ee\u3001\u7528\u6237\u548c\u7ec4\u7684\u9ad8\u7ea7\u5bb9\u5668\u3002\u56e0\u6b64\uff0c\u5b83\u4eec\u53ef\u7528\u4e8e\u96c6\u4e2d\u7ba1\u7406\u6240\u6709\u57fa\u4e8e keystone \u7684\u8eab\u4efd\u7ec4\u4ef6\u3002\u968f\u7740\u5e10\u6237\u57df\u7684\u5f15\u5165\uff0c\u670d\u52a1\u5668\u3001\u5b58\u50a8\u548c\u5176\u4ed6\u8d44\u6e90\u73b0\u5728\u53ef\u4ee5\u5728\u903b\u8f91\u4e0a\u5206\u7ec4\u5230\u591a\u4e2a\u9879\u76ee\uff08\u4ee5\u524d\u79f0\u4e3a\u79df\u6237\uff09\u4e2d\uff0c\u8fd9\u4e9b\u9879\u76ee\u672c\u8eab\u53ef\u4ee5\u5206\u7ec4\u5230\u7c7b\u4f3c\u4e3b\u5e10\u6237\u7684\u5bb9\u5668\u4e0b\u3002\u6b64\u5916\uff0c\u53ef\u4ee5\u5728\u4e00\u4e2a\u5e10\u6237\u57df\u4e2d\u7ba1\u7406\u591a\u4e2a\u7528\u6237\uff0c\u5e76\u4e3a\u6bcf\u4e2a\u9879\u76ee\u5206\u914d\u4e0d\u540c\u7684\u89d2\u8272\u3002 Identity V3 API \u652f\u6301\u591a\u4e2a\u57df\u3002\u4e0d\u540c\u57df\u7684\u7528\u6237\u53ef\u80fd\u5728\u4e0d\u540c\u7684\u8eab\u4efd\u9a8c\u8bc1\u540e\u7aef\u4e2d\u8868\u793a\uff0c\u751a\u81f3\u5177\u6709\u4e0d\u540c\u7684\u5c5e\u6027\uff0c\u8fd9\u4e9b\u5c5e\u6027\u5fc5\u987b\u6620\u5c04\u5230\u4e00\u7ec4\u89d2\u8272\u548c\u6743\u9650\uff0c\u8fd9\u4e9b\u89d2\u8272\u548c\u6743\u9650\u5728\u7b56\u7565\u5b9a\u4e49\u4e2d\u7528\u4e8e\u8bbf\u95ee\u5404\u79cd\u670d\u52a1\u8d44\u6e90\u3002 \u5982\u679c\u89c4\u5219\u53ef\u4ee5\u4ec5\u6307\u5b9a\u5bf9\u7ba1\u7406\u5458\u7528\u6237\u548c\u5c5e\u4e8e\u79df\u6237\u7684\u7528\u6237\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u5219\u6620\u5c04\u53ef\u80fd\u5f88\u7b80\u5355\u3002\u5728\u5176\u4ed6\u60c5\u51b5\u4e0b\uff0c\u4e91\u7ba1\u7406\u5458\u53ef\u80fd\u9700\u8981\u6279\u51c6\u6bcf\u4e2a\u79df\u6237\u7684\u6620\u5c04\u4f8b\u7a0b\u3002 \u7279\u5b9a\u4e8e\u57df\u7684\u8eab\u4efd\u9a8c\u8bc1\u9a71\u52a8\u7a0b\u5e8f\u5141\u8bb8\u4f7f\u7528\u7279\u5b9a\u4e8e\u57df\u7684\u914d\u7f6e\u6587\u4ef6\u4e3a\u591a\u4e2a\u57df\u914d\u7f6e\u6807\u8bc6\u670d\u52a1\u3002\u542f\u7528\u9a71\u52a8\u7a0b\u5e8f\u5e76\u8bbe\u7f6e\u7279\u5b9a\u4e8e\u57df\u7684\u914d\u7f6e\u6587\u4ef6\u4f4d\u7f6e\u53d1\u751f\u5728 keystone.conf \u6587\u4ef6 [identity] \u90e8\u5206\u4e2d\uff1a [identity] domain_specific_drivers_enabled = True domain_config_dir = /etc/keystone/domains \u4efb\u4f55\u6ca1\u6709\u7279\u5b9a\u4e8e\u57df\u7684\u914d\u7f6e\u6587\u4ef6\u7684\u57df\u90fd\u5c06\u4f7f\u7528\u4e3b keystone.conf \u6587\u4ef6\u4e2d\u7684\u9009\u9879\u3002","title":"\u57df"},{"location":"security/security-guide/#_121","text":"\u91cd\u8981\u5b9a\u4e49\uff1a \u670d\u52a1\u63d0\u4f9b\u5546 \uff08SP\uff09 \u5411\u59d4\u6258\u4eba\u6216\u5176\u4ed6\u7cfb\u7edf\u5b9e\u4f53\u63d0\u4f9b\u670d\u52a1\u7684\u7cfb\u7edf\u5b9e\u4f53\uff0c\u5728\u672c\u4f8b\u4e2d\uff0cOpenStack Identity \u662f\u670d\u52a1\u63d0\u4f9b\u8005\u3002 \u8eab\u4efd\u63d0\u4f9b\u5546 \uff08IdP\uff09 \u76ee\u5f55\u670d\u52a1\uff08\u5982 LDAP\u3001RADIUS \u548c Active Directory\uff09\u5141\u8bb8\u7528\u6237\u4f7f\u7528\u7528\u6237\u540d\u548c\u5bc6\u7801\u767b\u5f55\uff0c\u662f\u8eab\u4efd\u63d0\u4f9b\u5546\u5904\u8eab\u4efd\u9a8c\u8bc1\u4ee4\u724c\uff08\u4f8b\u5982\u5bc6\u7801\uff09\u7684\u5178\u578b\u6765\u6e90\u3002 \u8054\u5408\u9274\u6743\u662f\u4e00\u79cd\u5728 IdP \u548c SP \u4e4b\u95f4\u5efa\u7acb\u4fe1\u4efb\u7684\u673a\u5236\uff0c\u5728\u672c\u4f8b\u4e2d\uff0c\u662f\u5728\u8eab\u4efd\u63d0\u4f9b\u8005\u548c OpenStack Cloud \u63d0\u4f9b\u7684\u670d\u52a1\u4e4b\u95f4\u5efa\u7acb\u4fe1\u4efb\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u79cd\u5b89\u5168\u7684\u65b9\u6cd5\uff0c\u53ef\u4ee5\u4f7f\u7528\u73b0\u6709\u51ed\u636e\u8de8\u591a\u4e2a\u7aef\u70b9\u8bbf\u95ee\u4e91\u8d44\u6e90\uff0c\u4f8b\u5982\u670d\u52a1\u5668\u3001\u5377\u548c\u6570\u636e\u5e93\u3002\u51ed\u8bc1\u7531\u7528\u6237\u7684 IdP \u7ef4\u62a4\u3002","title":"\u8054\u5408\u9274\u6743"},{"location":"security/security-guide/#_122","text":"\u4e24\u4e2a\u6839\u672c\u539f\u56e0\uff1a \u964d\u4f4e\u590d\u6742\u6027\u4f7f\u90e8\u7f72\u66f4\u6613\u4e8e\u4fdd\u62a4\u3002 \u5b83\u4e3a\u60a8\u548c\u60a8\u7684\u7528\u6237\u8282\u7701\u4e86\u65f6\u95f4\u3002 \u96c6\u4e2d\u7ba1\u7406\u5e10\u6237\uff0c\u9632\u6b62 OpenStack \u57fa\u7840\u67b6\u6784\u5185\u90e8\u7684\u91cd\u590d\u5de5\u4f5c\u3002 \u51cf\u8f7b\u7528\u6237\u8d1f\u62c5\u3002\u5355\u70b9\u767b\u5f55\u5141\u8bb8\u4f7f\u7528\u5355\u4e00\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u6765\u8bbf\u95ee\u8bb8\u591a\u4e0d\u540c\u7684\u670d\u52a1\u548c\u73af\u5883\u3002 \u5c06\u5bc6\u7801\u6062\u590d\u8fc7\u7a0b\u7684\u8d23\u4efb\u8f6c\u79fb\u5230 IdP\u3002 \u8fdb\u4e00\u6b65\u7684\u7406\u7531\u548c\u7ec6\u8282\u53ef\u4ee5\u5728 Keystone \u5173\u4e8e\u8054\u5408\u7684\u6587\u6863\u4e2d\u627e\u5230\u3002","title":"\u4e3a\u4ec0\u4e48\u8981\u4f7f\u7528\u8054\u5408\u8eab\u4efd\uff1f"},{"location":"security/security-guide/#_123","text":"","title":"\u68c0\u67e5\u8868"},{"location":"security/security-guide/#check-identity-01-keystone","text":"\u914d\u7f6e\u6587\u4ef6\u5305\u542b\u7ec4\u4ef6\u5e73\u7a33\u8fd0\u884c\u6240\u9700\u7684\u5173\u952e\u53c2\u6570\u548c\u4fe1\u606f\u3002\u5982\u679c\u975e\u7279\u6743\u7528\u6237\u6709\u610f\u6216\u65e0\u610f\u5730\u4fee\u6539\u6216\u5220\u9664\u4efb\u4f55\u53c2\u6570\u6216\u6587\u4ef6\u672c\u8eab\uff0c\u5219\u4f1a\u5bfc\u81f4\u4e25\u91cd\u7684\u53ef\u7528\u6027\u95ee\u9898\uff0c\u4ece\u800c\u5bfc\u81f4\u5bf9\u5176\u4ed6\u6700\u7ec8\u7528\u6237\u7684\u62d2\u7edd\u670d\u52a1\u3002\u56e0\u6b64\uff0c\u6b64\u7c7b\u5173\u952e\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a\u8be5\u7ec4\u4ef6\u6240\u6709\u8005\u3002\u6b64\u5916\uff0c\u5305\u542b\u76ee\u5f55\u5e94\u5177\u6709\u76f8\u540c\u7684\u6240\u6709\u6743\uff0c\u4ee5\u786e\u4fdd\u6b63\u786e\u62e5\u6709\u65b0\u6587\u4ef6\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%U %G\" /etc/keystone/keystone.conf | egrep \"keystone keystone\" $ stat -L -c \"%U %G\" /etc/keystone/keystone-paste.ini | egrep \"keystone keystone\" $ stat -L -c \"%U %G\" /etc/keystone/policy.json | egrep \"keystone keystone\" $ stat -L -c \"%U %G\" /etc/keystone/logging.conf | egrep \"keystone keystone\" $ stat -L -c \"%U %G\" /etc/keystone/ssl/certs/signing_cert.pem | egrep \"keystone keystone\" $ stat -L -c \"%U %G\" /etc/keystone/ssl/private/signing_key.pem | egrep \"keystone keystone\" $ stat -L -c \"%U %G\" /etc/keystone/ssl/certs/ca.pem | egrep \"keystone keystone\" $ stat -L -c \"%U %G\" /etc/keystone | egrep \"keystone keystone\" \u901a\u8fc7\uff1a \u5982\u679c\u6240\u6709\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u90fd\u8bbe\u7f6e\u4e3a keystone\u3002\u4e0a\u8ff0\u547d\u4ee4\u663e\u793a keystone keystone \u7684\u8f93\u51fa\u3002 \u5931\u8d25\uff1a \u5982\u679c\u4e0a\u8ff0\u547d\u4ee4\u672a\u8fd4\u56de\u4efb\u4f55\u8f93\u51fa\uff0c\u56e0\u4e3a\u7528\u6237\u6216\u7ec4\u6240\u6709\u6743\u53ef\u80fd\u5df2\u8bbe\u7f6e\u4e3a\u9664 keystone \u4ee5\u5916\u7684\u4efb\u4f55\u7528\u6237\u3002 \u63a8\u8350\u4e8e\uff1a\u5185\u90e8\u5b9e\u73b0\u7684\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u3002","title":"Check-Identity-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a keystone\uff1f"},{"location":"security/security-guide/#check-identity-02-identity","text":"\u4e0e\u524d\u9762\u7684\u68c0\u67e5\u7c7b\u4f3c\uff0c\u5efa\u8bae\u5bf9\u6b64\u7c7b\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e25\u683c\u7684\u8bbf\u95ee\u6743\u9650\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%a\" /etc/keystone/keystone.conf $ stat -L -c \"%a\" /etc/keystone/keystone-paste.ini $ stat -L -c \"%a\" /etc/keystone/policy.json $ stat -L -c \"%a\" /etc/keystone/logging.conf $ stat -L -c \"%a\" /etc/keystone/ssl/certs/signing_cert.pem $ stat -L -c \"%a\" /etc/keystone/ssl/private/signing_key.pem $ stat -L -c \"%a\" /etc/keystone/ssl/certs/ca.pem $ stat -L -c \"%a\" /etc/keystone \u8fd8\u53ef\u4ee5\u8fdb\u884c\u66f4\u5e7f\u6cdb\u7684\u9650\u5236\uff1a\u5982\u679c\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\uff0c\u5219\u4fdd\u8bc1\u6b64\u76ee\u5f55\u4e2d\u65b0\u521b\u5efa\u7684\u6587\u4ef6\u5177\u6709\u6240\u9700\u7684\u6743\u9650\u3002 \u901a\u8fc7\uff1a \u5982\u679c\u6743\u9650\u8bbe\u7f6e\u4e3a 640 \u6216\u66f4\u4e25\u683c\uff0c\u6216\u8005\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\u3002 \u5931\u8d25\uff1a \u5982\u679c\u6743\u9650\u672a\u8bbe\u7f6e\u4e3a\u81f3\u5c11 640/750\u3002 \u63a8\u8350\u4e8e\uff1a\u5185\u90e8\u5b9e\u73b0\u7684\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u3002","title":"Check-Identity-02\uff1a\u662f\u5426\u4e3a Identity \u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u6743\u9650\uff1f"},{"location":"security/security-guide/#check-identity-03-identity-tls","text":"OpenStack \u7ec4\u4ef6\u4f7f\u7528\u5404\u79cd\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\uff0c\u901a\u4fe1\u53ef\u80fd\u6d89\u53ca\u654f\u611f\u6216\u673a\u5bc6\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5c1d\u8bd5\u7a83\u542c\u9891\u9053\u4ee5\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u56e0\u6b64\uff0c\u6240\u6709\u7ec4\u4ef6\u90fd\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u901a\u4fe1\u534f\u8bae\uff08\u5982 HTTPS\uff09\u76f8\u4e92\u901a\u4fe1\u3002 \u5982\u679c\u5c06 HTTP/WSGI \u670d\u52a1\u5668\u7528\u4e8e\u6807\u8bc6\uff0c\u5219\u5e94\u5728 HTTP/WSGI \u670d\u52a1\u5668\u4e0a\u542f\u7528 TLS\u3002 \u901a\u8fc7\uff1a \u5982\u679c\u5728 HTTP \u670d\u52a1\u5668\u4e0a\u542f\u7528\u4e86 TLS\u3002 \u5931\u8d25\uff1a \u5982\u679c HTTP \u670d\u52a1\u5668\u4e0a\u672a\u542f\u7528 TLS\u3002 \u63a8\u8350\u4e8e\uff1a\u5b89\u5168\u901a\u4fe1\u3002","title":"Check-Identity-03\uff1a\u662f\u5426\u4e3a Identity \u542f\u7528\u4e86 TLS\uff1f"},{"location":"security/security-guide/#check-identity-04","text":"","title":"Check-Identity-04\uff1a\uff08\u5df2\u8fc7\u65f6\uff09"},{"location":"security/security-guide/#check-identity-05-max_request_body_size-114688","text":"\u8be5\u53c2\u6570 max_request_body_size \u5b9a\u4e49\u6bcf\u4e2a\u8bf7\u6c42\u7684\u6700\u5927\u6b63\u6587\u5927\u5c0f\uff08\u4ee5\u5b57\u8282\u4e3a\u5355\u4f4d\uff09\u3002\u5982\u679c\u672a\u5b9a\u4e49\u6700\u5927\u5927\u5c0f\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u6784\u5efa\u4efb\u610f\u5927\u5bb9\u91cf\u8bf7\u6c42\uff0c\u5bfc\u81f4\u670d\u52a1\u5d29\u6e83\uff0c\u6700\u7ec8\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u5206\u914d\u6700\u5927\u503c\u53ef\u786e\u4fdd\u963b\u6b62\u4efb\u4f55\u6076\u610f\u7684\u8d85\u5927\u8bf7\u6c42\uff0c\u4ece\u800c\u786e\u4fdd\u7ec4\u4ef6\u7684\u6301\u7eed\u53ef\u7528\u6027\u3002 \u901a\u8fc7\uff1a \u5982\u679c\u53c2\u6570 max_request_body_size in /etc/keystone/keystone.conf \u7684\u503c\u8bbe\u7f6e\u4e3a\u9ed8\u8ba4\u503c \uff08114688\uff09 \u6216\u6839\u636e\u60a8\u7684\u73af\u5883\u8bbe\u7f6e\u7684\u67d0\u4e2a\u5408\u7406\u503c\u3002 \u5931\u8d25\uff1a \u5982\u679c\u672a\u8bbe\u7f6e\u53c2\u6570 max_request_body_size \u503c\u3002","title":"Check-Identity-05\uff1a\u662f\u5426 max_request_body_size \u8bbe\u7f6e\u4e3a\u9ed8\u8ba4\u503c \uff08114688\uff09\uff1f"},{"location":"security/security-guide/#check-identity-06etckeystonekeystoneconf","text":"\u7ba1\u7406\u5458\u4ee4\u724c\u901a\u5e38\u7528\u4e8e\u5f15\u5bfc Identity\u3002\u6b64\u4ee4\u724c\u662f\u6700\u6709\u4ef7\u503c\u7684\u6807\u8bc6\u8d44\u4ea7\uff0c\u53ef\u7528\u4e8e\u83b7\u53d6\u4e91\u7ba1\u7406\u5458\u6743\u9650\u3002 \u901a\u8fc7\uff1a \u5982\u679c admin_token under [DEFAULT] section in /etc/keystone/keystone.conf \u88ab\u7981\u7528\u3002\u5e76\u4e14\uff0c AdminTokenAuthMiddleware under [filter:admin_token_auth] \u4ece /etc/keystone/keystone-paste.ini \u5931\u8d25\uff1a \u5982\u679c admin_token \u8bbe\u7f6e\u4e86 under [DEFAULT] \u90e8\u5206\u5e76 AdminTokenAuthMiddleware \u5b58\u5728\u4e8e keystone-paste.ini \u4e2d\u3002 \u5efa\u8bae \u7981\u7528 `admin_token` \u610f\u5473\u7740\u5b83\u7684\u503c\u4e3a `<none>` \u3002","title":"check-identity-06:\u7981\u7528/etc/keystone/keystone.conf\u4e2d\u7684\u7ba1\u7406\u4ee4\u724c"},{"location":"security/security-guide/#check-identity-07etckeystonekeystoneconf_","text":"\u5982\u679c insecure_debug \u8bbe\u7f6e\u4e3a true\uff0c\u5219\u670d\u52a1\u5668\u5c06\u5728 HTTP \u54cd\u5e94\u4e2d\u8fd4\u56de\u4fe1\u606f\uff0c\u8fd9\u4e9b\u4fe1\u606f\u53ef\u80fd\u5141\u8bb8\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u6216\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u7528\u6237\u83b7\u53d6\u6bd4\u6b63\u5e38\u60c5\u51b5\u66f4\u591a\u7684\u4fe1\u606f\uff0c\u4f8b\u5982\u6709\u5173\u8eab\u4efd\u9a8c\u8bc1\u5931\u8d25\u539f\u56e0\u7684\u5176\u4ed6\u8be6\u7ec6\u4fe1\u606f\u3002 \u901a\u8fc7\uff1a \u5982\u679c insecure_debug under [DEFAULT] section in /etc/keystone/keystone.conf \u4e3a false\u3002 \u5931\u8d25\uff1a \u5982\u679c insecure_debug under [DEFAULT] section in /etc/keystone/keystone.conf \u4e3a true\u3002","title":"check-identity-07:/etc/keystone/keystone.conf\u4e2d\u7684\u4e0d\u5b89\u5168_\u8c03\u8bd5\u4e3a\u5047"},{"location":"security/security-guide/#check-identity-08etckeystonekeystoneconffernet","text":"OpenStack Identity \u670d\u52a1\u63d0\u4f9b uuid \u548c fernet \u4f5c\u4e3a\u4ee4\u724c\u63d0\u4f9b\u8005\u3002 uuid \u4ee4\u724c\u5fc5\u987b\u6301\u4e45\u5316\uff0c\u5e76\u88ab\u89c6\u4e3a\u4e0d\u5b89\u5168\u3002 \u901a\u8fc7\uff1a \u5982\u679c section in /etc/keystone/keystone.conf \u4e0b\u7684 [token] \u53c2\u6570 provider \u503c\u8bbe\u7f6e\u4e3a fernet\u3002 \u5931\u8d25\uff1a \u5982\u679c section \u4e0b\u7684 [token] \u53c2\u6570 provider \u503c\u8bbe\u7f6e\u4e3a uuid\u3002","title":"check-identity-08:\u4f7f\u7528/etc/keystone/keystone.conf\u4e2d\u7684Fernet\u4ee4\u724c"},{"location":"security/security-guide/#_124","text":"Dashboard \uff08horizon\uff09 \u662f OpenStack \u4eea\u8868\u677f\uff0c\u5b83\u4e3a\u7528\u6237\u63d0\u4f9b\u4e86\u4e00\u4e2a\u81ea\u52a9\u670d\u52a1\u95e8\u6237\uff0c\u4ee5\u4fbf\u5728\u7ba1\u7406\u5458\u8bbe\u7f6e\u7684\u9650\u5236\u8303\u56f4\u5185\u914d\u7f6e\u81ea\u5df1\u7684\u8d44\u6e90\u3002\u5176\u4e2d\u5305\u62ec\u9884\u7f6e\u7528\u6237\u3001\u5b9a\u4e49\u5b9e\u4f8b\u53d8\u79cd\u3001\u4e0a\u4f20\u865a\u62df\u673a \uff08VM\uff09 \u6620\u50cf\u3001\u7ba1\u7406\u7f51\u7edc\u3001\u8bbe\u7f6e\u5b89\u5168\u7ec4\u3001\u542f\u52a8\u5b9e\u4f8b\u4ee5\u53ca\u901a\u8fc7\u63a7\u5236\u53f0\u8bbf\u95ee\u5b9e\u4f8b\u3002 \u4eea\u8868\u677f\u57fa\u4e8e Django Web \u6846\u67b6\uff0c\u786e\u4fdd Django \u7684\u5b89\u5168\u90e8\u7f72\u5b9e\u8df5\u76f4\u63a5\u5e94\u7528\u4e8e Horizon\u3002\u672c\u6307\u5357\u63d0\u4f9b\u4e86\u4e00\u7ec4 Django \u5b89\u5168\u5efa\u8bae\u3002\u66f4\u591a\u4fe1\u606f\u53ef\u4ee5\u901a\u8fc7\u9605\u8bfb Django \u6587\u6863\u627e\u5230\u3002 \u4eea\u8868\u677f\u9644\u5e26\u9ed8\u8ba4\u5b89\u5168\u8bbe\u7f6e\uff0c\u5e76\u5177\u6709\u90e8\u7f72\u548c\u914d\u7f6e\u6587\u6863\u3002 \u57df\u540d\u3001\u4eea\u8868\u677f\u5347\u7ea7\u548c\u57fa\u672c Web \u670d\u52a1\u5668\u914d\u7f6e \u57df\u540d \u57fa\u672c Web \u670d\u52a1\u5668\u914d\u7f6e \u5141\u8bb8\u7684\u4e3b\u673a \u6620\u50cf\u4e0a\u4f20 HTTPS\u3001HSTS\u3001XSS \u548c SSRF \u8de8\u7ad9\u70b9\u811a\u672c \uff08XSS\uff09 \u8de8\u7ad9\u70b9\u8bf7\u6c42\u4f2a\u9020 \uff08CSRF\uff09 \u8de8\u5e27\u811a\u672c \uff08XFS\uff09 HTTPS\u534f\u8bae HTTP \u4e25\u683c\u4f20\u8f93\u5b89\u5168 \uff08HSTS\uff09 \u524d\u7aef\u7f13\u5b58\u548c\u4f1a\u8bdd\u540e\u7aef \u524d\u7aef\u7f13\u5b58 \u4f1a\u8bdd\u540e\u7aef \u9759\u6001\u5a92\u4f53 \u5bc6\u7801 \u5bc6\u94a5 \u7f51\u7ad9\u6570\u636e \u8de8\u57df\u8d44\u6e90\u5171\u4eab \uff08CORS\uff09 \u8c03\u8bd5 \u68c0\u67e5\u8868 Check-Dashboard-01\uff1a\u7528\u6237/\u914d\u7f6e\u6587\u4ef6\u7ec4\u662f\u5426\u8bbe\u7f6e\u4e3a root/horizon\uff1f Check-Dashboard-02\uff1a\u662f\u5426\u4e3a Horizon \u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u6743\u9650\uff1f Check-Dashboard-03\uff1a\u53c2\u6570\u662f\u5426 DISALLOW_IFRAME_EMBED \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-04\uff1a\u53c2\u6570\u662f\u5426 CSRF_COOKIE_SECURE \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-05\uff1a\u53c2\u6570\u662f\u5426 SESSION_COOKIE_SECURE \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-06\uff1a\u53c2\u6570\u662f\u5426 SESSION_COOKIE_HTTPONLY \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-07\uff1a PASSWORD_AUTOCOMPLETE \u8bbe\u7f6e\u4e3a False \uff1f Check-Dashboard-08\uff1a DISABLE_PASSWORD_REVEAL \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-09\uff1a ENFORCE_PASSWORD_CHECK \u8bbe\u7f6e\u4e3a True \uff1f Check-Dashboard-10\uff1a\u662f\u5426 PASSWORD_VALIDATOR \u5df2\u914d\u7f6e\uff1f Check-Dashboard-11\uff1a\u662f\u5426 SECURE_PROXY_SSL_HEADER \u5df2\u914d\u7f6e\uff1f","title":"\u4eea\u8868\u677f"},{"location":"security/security-guide/#web","text":"","title":"\u57df\u540d\u3001\u4eea\u8868\u677f\u5347\u7ea7\u548c\u57fa\u672c Web \u670d\u52a1\u5668\u914d\u7f6e"},{"location":"security/security-guide/#_125","text":"\u8bb8\u591a\u7ec4\u7ec7\u901a\u5e38\u5728\u603b\u4f53\u7ec4\u7ec7\u57df\u7684\u5b50\u57df\u4e2d\u90e8\u7f72 Web \u5e94\u7528\u7a0b\u5e8f\u3002\u7528\u6237\u5f88\u81ea\u7136\u5730\u671f\u671b openstack.example.org .\u5728\u6b64\u4e0a\u4e0b\u6587\u4e2d\uff0c\u901a\u5e38\u5b58\u5728\u90e8\u7f72\u5728\u540c\u4e00\u4e2a\u4e8c\u7ea7\u547d\u540d\u7a7a\u95f4\u4e2d\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\u6b64\u540d\u79f0\u7ed3\u6784\u975e\u5e38\u65b9\u4fbf\uff0c\u5e76\u7b80\u5316\u4e86\u540d\u79f0\u670d\u52a1\u5668\u7684\u7ef4\u62a4\u3002 \u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\u5c06\u4eea\u8868\u677f\u90e8\u7f72\u5230\u4e8c\u7ea7\u57df\uff0c\u4f8b\u5982 \uff0c\u800c\u4e0d\u662f\u5728\u4efb\u4f55\u7ea7\u522b\u7684\u5171\u4eab\u5b50\u57df\u4e0a\u90e8\u7f72\u4eea\u8868\u677f\uff0c\u4f8b\u5982 https://example.com https://openstack.example.org \u6216 https://horizon.openstack.example.org \u3002\u6211\u4eec\u8fd8\u5efa\u8bae\u4e0d\u8981\u90e8\u7f72\u5230\u88f8\u5185\u90e8\u57df\uff0c\u4f8b\u5982 https://horizon/ .\u8fd9\u4e9b\u5efa\u8bae\u57fa\u4e8e\u6d4f\u89c8\u5668\u540c\u6e90\u7b56\u7565\u7684\u9650\u5236\u3002 \u5982\u679c\u5c06\u4eea\u8868\u677f\u90e8\u7f72\u5728\u8fd8\u6258\u7ba1\u7528\u6237\u751f\u6210\u5185\u5bb9\u7684\u57df\u4e2d\uff0c\u5219\u672c\u6307\u5357\u4e2d\u63d0\u4f9b\u7684\u5efa\u8bae\u65e0\u6cd5\u6709\u6548\u9632\u8303\u5df2\u77e5\u653b\u51fb\uff0c\u5373\u4f7f\u6b64\u5185\u5bb9\u9a7b\u7559\u5728\u5355\u72ec\u7684\u5b50\u57df\u4e2d\u4e5f\u662f\u5982\u6b64\u3002\u7528\u6237\u751f\u6210\u7684\u5185\u5bb9\u53ef\u4ee5\u5305\u542b\u4efb\u4f55\u7c7b\u578b\u7684\u811a\u672c\u3001\u56fe\u50cf\u6216\u4e0a\u4f20\u5185\u5bb9\u3002\u5927\u591a\u6570\u4e3b\u8981\u7684 Web \u5b58\u5728\uff08\u5305\u62ec googleusercontent.com\u3001fbcdn.com\u3001github.io \u548c twimg.co\uff09\u90fd\u4f7f\u7528\u8fd9\u79cd\u65b9\u6cd5\u5c06\u7528\u6237\u751f\u6210\u7684\u5185\u5bb9\u4e0e Cookie \u548c\u5b89\u5168\u4ee4\u724c\u9694\u79bb\u5f00\u6765\u3002 \u5982\u679c\u60a8\u4e0d\u9075\u5faa\u6709\u5173\u4e8c\u7ea7\u57df\u7684\u5efa\u8bae\uff0c\u8bf7\u907f\u514d\u4f7f\u7528 Cookie \u652f\u6301\u7684\u4f1a\u8bdd\u5b58\u50a8\uff0c\u5e76\u91c7\u7528 HTTP \u4e25\u683c\u4f20\u8f93\u5b89\u5168 \uff08HSTS\uff09\u3002\u5f53\u90e8\u7f72\u5728\u5b50\u57df\u4e0a\u65f6\uff0c\u4eea\u8868\u677f\u7684\u5b89\u5168\u6027\u7b49\u540c\u4e8e\u90e8\u7f72\u5728\u540c\u4e00\u4e8c\u7ea7\u57df\u4e0a\u7684\u5b89\u5168\u6027\u6700\u4f4e\u7684\u5e94\u7528\u7a0b\u5e8f\u3002","title":"\u57df\u540d"},{"location":"security/security-guide/#web_1","text":"\u4eea\u8868\u677f\u5e94\u90e8\u7f72\u4e3a HTTPS \u4ee3\u7406\uff08\u5982 Apache \u6216 Nginx\uff09\u540e\u9762\u7684 Web \u670d\u52a1\u7f51\u5173\u63a5\u53e3 \uff08WSGI\uff09 \u5e94\u7528\u7a0b\u5e8f\u3002\u5982\u679c Apache \u5c1a\u672a\u4f7f\u7528\uff0c\u6211\u4eec\u5efa\u8bae\u4f7f\u7528 Nginx\uff0c\u56e0\u4e3a\u5b83\u662f\u8f7b\u91cf\u7ea7\u7684\uff0c\u5e76\u4e14\u66f4\u5bb9\u6613\u6b63\u786e\u914d\u7f6e\u3002 \u4f7f\u7528 Nginx \u65f6\uff0c\u6211\u4eec\u5efa\u8bae gunicorn \u4f5c\u4e3a WSGI \u4e3b\u673a\uff0c\u5e76\u5177\u6709\u9002\u5f53\u6570\u91cf\u7684\u540c\u6b65\u5de5\u4f5c\u7ebf\u7a0b\u3002\u4f7f\u7528 Apache \u65f6\uff0c\u6211\u4eec\u5efa\u8bae mod_wsgi \u6258\u7ba1\u4eea\u8868\u677f\u3002","title":"\u57fa\u672c\u7684 Web \u670d\u52a1\u5668\u914d\u7f6e"},{"location":"security/security-guide/#_126","text":"\u4f7f\u7528 OpenStack \u4eea\u8868\u677f\u63d0\u4f9b\u7684\u5b8c\u5168\u9650\u5b9a\u4e3b\u673a\u540d\u914d\u7f6e\u8bbe\u7f6e ALLOWED_HOSTS \u3002\u63d0\u4f9b\u6b64\u8bbe\u7f6e\u540e\uff0c\u5982\u679c\u4f20\u5165 HTTP \u8bf7\u6c42\u7684\u201cHost\uff1a\u201d\u6807\u5934\u4e2d\u7684\u503c\u4e0e\u6b64\u5217\u8868\u4e2d\u7684\u4efb\u4f55\u503c\u90fd\u4e0d\u5339\u914d\uff0c\u5219\u5c06\u5f15\u53d1\u9519\u8bef\uff0c\u5e76\u4e14\u8bf7\u6c42\u8005\u5c06\u65e0\u6cd5\u7ee7\u7eed\u3002\u5982\u679c\u672a\u80fd\u914d\u7f6e\u6b64\u9009\u9879\uff0c\u6216\u8005\u5728\u6307\u5b9a\u7684\u4e3b\u673a\u540d\u4e2d\u4f7f\u7528\u901a\u914d\u7b26\uff0c\u5c06\u5bfc\u81f4\u4eea\u8868\u677f\u5bb9\u6613\u53d7\u5230\u4e0e\u865a\u5047 HTTP \u4e3b\u673a\u6807\u5934\u5173\u8054\u7684\u5b89\u5168\u6f0f\u6d1e\u7684\u5f71\u54cd\u3002 \u6709\u5173\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 Django \u6587\u6863\u3002","title":"\u5141\u8bb8\u7684\u4e3b\u673a"},{"location":"security/security-guide/#horizon","text":"\u6211\u4eec\u5efa\u8bae\u5b9e\u65bd\u8005\u7981\u7528HORIZON_IMAGES_ALLOW_UPLOAD\uff0c\u9664\u975e\u4ed6\u4eec\u5df2\u5b9e\u65bd\u9632\u6b62\u8d44\u6e90\u8017\u5c3d\u548c\u62d2\u7edd\u670d\u52a1\u7684\u8ba1\u5212\u3002","title":"Horizon \u955c\u50cf\u4e0a\u4f20"},{"location":"security/security-guide/#httpshstsxss-ssrf","text":"","title":"HTTPS\u3001HSTS\u3001XSS \u548c SSRF"},{"location":"security/security-guide/#xss","text":"\u4e0e\u8bb8\u591a\u7c7b\u4f3c\u7684\u7cfb\u7edf\u4e0d\u540c\uff0cOpenStack \u4eea\u8868\u677f\u5141\u8bb8\u5728\u5927\u591a\u6570\u5b57\u6bb5\u4e2d\u4f7f\u7528\u6574\u4e2a Unicode \u5b57\u7b26\u96c6\u3002\u8fd9\u610f\u5473\u7740\u5f00\u53d1\u4eba\u5458\u72af\u9519\u8bef\u7684\u81ea\u7531\u5ea6\u8f83\u5c0f\uff0c\u8fd9\u4e9b\u9519\u8bef\u4e3a\u8de8\u7ad9\u70b9\u811a\u672c \uff08XSS\uff09 \u6253\u5f00\u4e86\u653b\u51fb\u5a92\u4ecb\u3002 Dashboard \u4e3a\u5f00\u53d1\u4eba\u5458\u63d0\u4f9b\u4e86\u907f\u514d\u521b\u5efa XSS \u6f0f\u6d1e\u7684\u5de5\u5177\uff0c\u4f46\u5b83\u4eec\u53ea\u6709\u5728\u5f00\u53d1\u4eba\u5458\u6b63\u786e\u4f7f\u7528\u5b83\u4eec\u65f6\u624d\u6709\u6548\u3002\u5ba1\u6838\u4efb\u4f55\u81ea\u5b9a\u4e49\u4eea\u8868\u677f\uff0c\u7279\u522b\u6ce8\u610f mark_safe \u51fd\u6570\u7684\u4f7f\u7528\u3001\u4e0e\u81ea\u5b9a\u4e49\u6a21\u677f\u6807\u8bb0\u7684\u4f7f\u7528 is_safe \u3001 safe \u6a21\u677f\u6807\u8bb0\u7684\u4f7f\u7528\u3001\u5173\u95ed\u81ea\u52a8\u8f6c\u4e49\u7684\u4efb\u4f55\u4f4d\u7f6e\uff0c\u4ee5\u53ca\u4efb\u4f55\u53ef\u80fd\u8bc4\u4f30\u4e0d\u5f53\u8f6c\u4e49\u6570\u636e\u7684 JavaScript\u3002","title":"\u8de8\u7ad9\u811a\u672c \uff08XSS\uff09"},{"location":"security/security-guide/#csrf","text":"Django \u6709\u4e13\u95e8\u7684\u4e2d\u95f4\u4ef6\u7528\u4e8e\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020 \uff08CSRF\uff09\u3002\u6709\u5173\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 Django \u6587\u6863\u3002 OpenStack \u4eea\u8868\u677f\u65e8\u5728\u963b\u6b62\u5f00\u53d1\u4eba\u5458\u5728\u5f15\u5165\u7ebf\u7a0b\u65f6\u4f7f\u7528\u81ea\u5b9a\u4e49\u4eea\u8868\u677f\u5f15\u5165\u8de8\u7ad9\u70b9\u811a\u672c\u6f0f\u6d1e\u3002\u5e94\u5ba1\u6838\u4f7f\u7528\u591a\u4e2a JavaScript \u5b9e\u4f8b\u7684\u4eea\u8868\u677f\u662f\u5426\u5b58\u5728\u6f0f\u6d1e\uff0c\u4f8b\u5982\u4e0d\u5f53\u4f7f\u7528 @csrf_exempt \u88c5\u9970\u5668\u3002\u5728\u653e\u5bbd\u9650\u5236\u4e4b\u524d\uff0c\u5e94\u4ed4\u7ec6\u8bc4\u4f30\u4efb\u4f55\u4e0d\u9075\u5faa\u8fd9\u4e9b\u5efa\u8bae\u7684\u5b89\u5168\u8bbe\u7f6e\u7684\u4eea\u8868\u677f\u3002","title":"\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020 \uff08CSRF\uff09"},{"location":"security/security-guide/#xfs","text":"\u4f20\u7edf\u6d4f\u89c8\u5668\u4ecd\u7136\u5bb9\u6613\u53d7\u5230\u8de8\u5e27\u811a\u672c \uff08XFS\uff09 \u6f0f\u6d1e\u7684\u653b\u51fb\uff0c\u56e0\u6b64 OpenStack \u4eea\u8868\u677f\u63d0\u4f9b\u4e86\u4e00\u4e2a\u9009\u9879 DISALLOW_IFRAME_EMBED \uff0c\u5141\u8bb8\u5728\u90e8\u7f72\u4e2d\u4e0d\u4f7f\u7528 iframe \u7684\u60c5\u51b5\u4e0b\u8fdb\u884c\u989d\u5916\u7684\u5b89\u5168\u5f3a\u5316\u3002","title":"\u8de8\u5e27\u811a\u672c \uff08XFS\uff09"},{"location":"security/security-guide/#https","text":"\u4f7f\u7528\u6765\u81ea\u516c\u8ba4\u7684\u8bc1\u4e66\u9881\u53d1\u673a\u6784 \uff08CA\uff09 \u7684\u6709\u6548\u53d7\u4fe1\u4efb\u8bc1\u4e66\uff0c\u5c06\u4eea\u8868\u677f\u90e8\u7f72\u5728\u5b89\u5168 HTTPS \u670d\u52a1\u5668\u540e\u9762\u3002\u4ec5\u5f53\u4fe1\u4efb\u6839\u9884\u5b89\u88c5\u5728\u6240\u6709\u7528\u6237\u6d4f\u89c8\u5668\u4e2d\u65f6\uff0c\u79c1\u6709\u7ec4\u7ec7\u9881\u53d1\u7684\u8bc1\u4e66\u624d\u9002\u7528\u3002 \u914d\u7f6e\u5bf9\u4eea\u8868\u677f\u57df\u7684 HTTP \u8bf7\u6c42\uff0c\u4ee5\u91cd\u5b9a\u5411\u5230\u5b8c\u5168\u9650\u5b9a\u7684 HTTPS URL\u3002","title":"HTTPS \u51fd\u6570"},{"location":"security/security-guide/#http-hsts","text":"\u5f3a\u70c8\u5efa\u8bae\u4f7f\u7528 HTTP \u4e25\u683c\u4f20\u8f93\u5b89\u5168 \uff08HSTS\uff09\u3002 \u6ce8\u610f \u5982\u679c\u60a8\u5728 Web \u670d\u52a1\u5668\u524d\u9762\u4f7f\u7528 HTTPS \u4ee3\u7406\uff0c\u800c\u4e0d\u662f\u4f7f\u7528\u5177\u6709 HTTPS \u529f\u80fd\u7684 HTTP \u670d\u52a1\u5668\uff0c\u8bf7\u4fee\u6539\u8be5 `SECURE_PROXY_SSL_HEADER` \u53d8\u91cf\u3002\u6709\u5173\u4fee\u6539 `SECURE_PROXY_SSL_HEADER` \u53d8\u91cf\u7684\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 Django \u6587\u6863\u3002 \u6709\u5173 HTTPS \u914d\u7f6e\uff08\u5305\u62ec HSTS \u914d\u7f6e\uff09\u7684\u66f4\u5177\u4f53\u5efa\u8bae\u548c\u670d\u52a1\u5668\u914d\u7f6e\uff0c\u8bf7\u53c2\u9605\u201c\u5b89\u5168\u901a\u4fe1\u201d\u4e00\u7ae0\u3002","title":"HTTP \u4e25\u683c\u4f20\u8f93\u5b89\u5168 \uff08HSTS\uff09"},{"location":"security/security-guide/#_127","text":"","title":"\u524d\u7aef\u7f13\u5b58\u548c\u4f1a\u8bdd\u540e\u7aef"},{"location":"security/security-guide/#_128","text":"\u6211\u4eec\u4e0d\u5efa\u8bae\u5728\u4eea\u8868\u677f\u4e2d\u4f7f\u7528\u524d\u7aef\u7f13\u5b58\u5de5\u5177\u3002\u4eea\u8868\u677f\u6b63\u5728\u6e32\u67d3\u76f4\u63a5\u7531 OpenStack API \u8bf7\u6c42\u751f\u6210\u7684\u52a8\u6001\u5185\u5bb9\uff0c\u524d\u7aef\u7f13\u5b58\u5c42\uff08\u5982 varnish\uff09\u53ef\u80fd\u4f1a\u963b\u6b62\u663e\u793a\u6b63\u786e\u7684\u5185\u5bb9\u3002\u5728 Django \u4e2d\uff0c\u9759\u6001\u5a92\u4f53\u76f4\u63a5\u4ece Apache \u6216 Nginx \u63d0\u4f9b\uff0c\u5e76\u4e14\u5df2\u7ecf\u53d7\u76ca\u4e8e Web \u4e3b\u673a\u7f13\u5b58\u3002","title":"\u524d\u7aef\u7f13\u5b58"},{"location":"security/security-guide/#_129","text":"Horizon \u7684\u9ed8\u8ba4\u4f1a\u8bdd\u540e\u7aef django.contrib.sessions.backends.signed_cookies \u5c06\u7528\u6237\u6570\u636e\u4fdd\u5b58\u5728\u6d4f\u89c8\u5668\u4e2d\u5b58\u50a8\u7684\u5df2\u7b7e\u540d\u4f46\u672a\u52a0\u5bc6\u7684 Cookie \u4e2d\u3002\u7531\u4e8e\u6bcf\u4e2a\u4eea\u8868\u677f\u5b9e\u4f8b\u90fd\u662f\u65e0\u72b6\u6001\u7684\uff0c\u56e0\u6b64\u524d\u9762\u63d0\u5230\u7684\u65b9\u6cd5\u63d0\u4f9b\u4e86\u5b9e\u73b0\u6700\u7b80\u5355\u7684\u4f1a\u8bdd\u540e\u7aef\u6269\u5c55\u7684\u80fd\u529b\u3002 \u5e94\u8be5\u6ce8\u610f\u7684\u662f\uff0c\u5728\u8fd9\u79cd\u7c7b\u578b\u7684\u5b9e\u73b0\u4e2d\uff0c\u654f\u611f\u7684\u8bbf\u95ee\u4ee4\u724c\u5c06\u5b58\u50a8\u5728\u6d4f\u89c8\u5668\u4e2d\uff0c\u5e76\u5c06\u968f\u7740\u6bcf\u4e2a\u8bf7\u6c42\u7684\u53d1\u51fa\u800c\u4f20\u8f93\u3002\u540e\u7aef\u786e\u4fdd\u4f1a\u8bdd\u6570\u636e\u7684\u5b8c\u6574\u6027\uff0c\u5373\u4f7f\u4f20\u8f93\u7684\u6570\u636e\u4ec5\u901a\u8fc7 HTTPS \u52a0\u5bc6\u3002 \u5982\u679c\u60a8\u7684\u67b6\u6784\u5141\u8bb8\u5171\u4eab\u5b58\u50a8\uff0c\u5e76\u4e14\u60a8\u6b63\u786e\u914d\u7f6e\u4e86\u7f13\u5b58\uff0c\u6211\u4eec\u5efa\u8bae\u60a8\u5c06\u5176\u8bbe\u7f6e\u4e3a SESSION_ENGINE django.contrib.sessions.backends.cache \u5e76\u7528\u4f5c\u57fa\u4e8e\u7f13\u5b58\u7684\u4f1a\u8bdd\u540e\u7aef\uff0c\u5e76\u5c06 memcached \u4f5c\u4e3a\u7f13\u5b58\u3002Memcached \u662f\u4e00\u79cd\u9ad8\u6548\u7684\u5185\u5b58\u952e\u503c\u5b58\u50a8\uff0c\u7528\u4e8e\u5b58\u50a8\u6570\u636e\u5757\uff0c\u53ef\u5728\u9ad8\u53ef\u7528\u6027\u548c\u5206\u5e03\u5f0f\u73af\u5883\u4e2d\u4f7f\u7528\uff0c\u5e76\u4e14\u6613\u4e8e\u914d\u7f6e\u3002\u4f46\u662f\uff0c\u60a8\u9700\u8981\u786e\u4fdd\u6ca1\u6709\u6570\u636e\u6cc4\u6f0f\u3002Memcached \u5229\u7528\u5907\u7528 RAM \u6765\u5b58\u50a8\u7ecf\u5e38\u8bbf\u95ee\u7684\u6570\u636e\u5757\uff0c\u5c31\u50cf\u91cd\u590d\u8bbf\u95ee\u4fe1\u606f\u7684\u5185\u5b58\u7f13\u5b58\u4e00\u6837\u3002\u7531\u4e8e memcached \u4f7f\u7528\u672c\u5730\u5185\u5b58\uff0c\u56e0\u6b64\u4e0d\u4f1a\u4ea7\u751f\u6570\u636e\u5e93\u548c\u6587\u4ef6\u7cfb\u7edf\u4f7f\u7528\u5f00\u9500\uff0c\u4ece\u800c\u5bfc\u81f4\u76f4\u63a5\u4ece RAM \u800c\u4e0d\u662f\u4ece\u78c1\u76d8\u8bbf\u95ee\u6570\u636e\u3002 \u6211\u4eec\u5efa\u8bae\u4f7f\u7528 memcached \u800c\u4e0d\u662f\u672c\u5730\u5185\u5b58\u7f13\u5b58\uff0c\u56e0\u4e3a\u5b83\u901f\u5ea6\u5feb\uff0c\u6570\u636e\u4fdd\u7559\u65f6\u95f4\u66f4\u957f\uff0c\u591a\u8fdb\u7a0b\u5b89\u5168\uff0c\u5e76\u4e14\u80fd\u591f\u5728\u591a\u4e2a\u670d\u52a1\u5668\u4e0a\u5171\u4eab\u7f13\u5b58\uff0c\u4f46\u4ecd\u5c06\u5176\u89c6\u4e3a\u5355\u4e2a\u7f13\u5b58\u3002 \u8981\u542f\u7528 memcached\uff0c\u8bf7\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache' } \u6709\u5173\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 Django \u6587\u6863\u3002","title":"\u4f1a\u8bdd\u540e\u7aef"},{"location":"security/security-guide/#_130","text":"\u4eea\u8868\u677f\u7684\u9759\u6001\u5a92\u4f53\u5e94\u90e8\u7f72\u5230\u4eea\u8868\u677f\u57df\u7684\u5b50\u57df\uff0c\u5e76\u7531 Web \u670d\u52a1\u5668\u63d0\u4f9b\u670d\u52a1\u3002\u4f7f\u7528\u5916\u90e8\u5185\u5bb9\u5206\u53d1\u7f51\u7edc \uff08CDN\uff09 \u4e5f\u662f\u53ef\u4ee5\u63a5\u53d7\u7684\u3002\u6b64\u5b50\u57df\u4e0d\u5e94\u8bbe\u7f6e Cookie \u6216\u63d0\u4f9b\u7528\u6237\u63d0\u4f9b\u7684\u5185\u5bb9\u3002\u5a92\u4f53\u4e5f\u5e94\u4f7f\u7528 HTTPS \u63d0\u4f9b\u3002 Django \u5a92\u4f53\u8bbe\u7f6e\u8bb0\u5f55\u5728 Django \u6587\u6863\u4e2d\u3002 Dashboard \u7684\u9ed8\u8ba4\u914d\u7f6e\u4f7f\u7528 django_compressor \u6765\u538b\u7f29\u548c\u7f29\u5c0f CSS \u548c JavaScript \u5185\u5bb9\uff0c\u7136\u540e\u518d\u63d0\u4f9b\u8fd9\u4e9b\u5185\u5bb9\u3002\u6b64\u8fc7\u7a0b\u5e94\u5728\u90e8\u7f72\u4eea\u8868\u677f\u4e4b\u524d\u9759\u6001\u5b8c\u6210\uff0c\u800c\u4e0d\u662f\u4f7f\u7528\u9ed8\u8ba4\u7684\u8bf7\u6c42\u5185\u52a8\u6001\u538b\u7f29\uff0c\u5e76\u5c06\u751f\u6210\u7684\u6587\u4ef6\u4e0e\u5df2\u90e8\u7f72\u7684\u4ee3\u7801\u4e00\u8d77\u590d\u5236\u5230 CDN \u670d\u52a1\u5668\u3002\u538b\u7f29\u5e94\u5728\u975e\u751f\u4ea7\u751f\u6210\u73af\u5883\u4e2d\u5b8c\u6210\u3002\u5982\u679c\u8fd9\u4e0d\u53ef\u884c\uff0c\u6211\u4eec\u5efa\u8bae\u5b8c\u5168\u7981\u7528\u8d44\u6e90\u538b\u7f29\u3002\u4e0d\u5e94\u5728\u751f\u4ea7\u8ba1\u7b97\u673a\u4e0a\u5b89\u88c5\u8054\u673a\u538b\u7f29\u4f9d\u8d56\u9879\uff08\u8f83\u5c11\uff0cNode.js\uff09\u3002","title":"\u9759\u6001\u5a92\u4f53"},{"location":"security/security-guide/#_131","text":"\u5bc6\u7801\u7ba1\u7406\u5e94\u8be5\u662f\u4e91\u7ba1\u7406\u8ba1\u5212\u4e0d\u53ef\u6216\u7f3a\u7684\u4e00\u90e8\u5206\u3002\u5173\u4e8e\u5bc6\u7801\u7684\u6743\u5a01\u6559\u7a0b\u8d85\u51fa\u4e86\u672c\u4e66\u7684\u8303\u56f4;\u4f46\u662f\uff0c\u4e91\u7ba1\u7406\u5458\u5e94\u53c2\u8003 NIST \u4f01\u4e1a\u5bc6\u7801\u7ba1\u7406\u7279\u522b\u51fa\u7248\u7269\u6307\u5357\u7b2c 4 \u7ae0\u4e2d\u63a8\u8350\u7684\u6700\u4f73\u5b9e\u8df5\u3002 \u65e0\u8bba\u662f\u901a\u8fc7\u4eea\u8868\u677f\u8fd8\u662f\u5176\u4ed6\u5e94\u7528\u7a0b\u5e8f\uff0c\u57fa\u4e8e\u6d4f\u89c8\u5668\u7684 OpenStack \u4e91\u8bbf\u95ee\u90fd\u4f1a\u5f15\u5165\u989d\u5916\u7684\u6ce8\u610f\u4e8b\u9879\u3002\u73b0\u4ee3\u6d4f\u89c8\u5668\u90fd\u652f\u6301\u67d0\u79cd\u5f62\u5f0f\u7684\u5bc6\u7801\u5b58\u50a8\u548c\u81ea\u52a8\u586b\u5145\u8bb0\u4f4f\u7684\u7ad9\u70b9\u7684\u51ed\u636e\u3002\u8fd9\u5728\u4f7f\u7528\u4e0d\u5bb9\u6613\u8bb0\u4f4f\u6216\u952e\u5165\u7684\u5f3a\u5bc6\u7801\u65f6\u975e\u5e38\u6709\u7528\uff0c\u4f46\u5982\u679c\u5ba2\u6237\u7aef\u7684\u7269\u7406\u5b89\u5168\u6027\u53d7\u5230\u5a01\u80c1\uff0c\u53ef\u80fd\u4f1a\u5bfc\u81f4\u6d4f\u89c8\u5668\u6210\u4e3a\u8584\u5f31\u73af\u8282\u3002\u5982\u679c\u6d4f\u89c8\u5668\u7684\u5bc6\u7801\u5b58\u50a8\u672c\u8eab\u4e0d\u53d7\u5f3a\u5bc6\u7801\u4fdd\u62a4\uff0c\u6216\u8005\u5982\u679c\u5141\u8bb8\u5bc6\u7801\u5b58\u50a8\u5728\u4f1a\u8bdd\u671f\u95f4\u4fdd\u6301\u89e3\u9501\u72b6\u6001\uff0c\u5219\u5f88\u5bb9\u6613\u83b7\u5f97\u5bf9\u7cfb\u7edf\u7684\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002 KeePassX \u548c Password Safe \u7b49\u5bc6\u7801\u7ba1\u7406\u5e94\u7528\u7a0b\u5e8f\u975e\u5e38\u6709\u7528\uff0c\u56e0\u4e3a\u5927\u591a\u6570\u5e94\u7528\u7a0b\u5e8f\u90fd\u652f\u6301\u751f\u6210\u5f3a\u5bc6\u7801\u548c\u5b9a\u671f\u63d0\u9192\u751f\u6210\u65b0\u5bc6\u7801\u3002\u6700\u91cd\u8981\u7684\u662f\uff0c\u5bc6\u7801\u5b58\u50a8\u4ec5\u77ed\u6682\u4fdd\u6301\u89e3\u9501\u72b6\u6001\uff0c\u4ece\u800c\u964d\u4f4e\u4e86\u5bc6\u7801\u6cc4\u9732\u548c\u901a\u8fc7\u6d4f\u89c8\u5668\u6216\u7cfb\u7edf\u5165\u4fb5\u8fdb\u884c\u672a\u7ecf\u6388\u6743\u7684\u8d44\u6e90\u8bbf\u95ee\u7684\u98ce\u9669\u3002","title":"\u5bc6\u7801"},{"location":"security/security-guide/#_132","text":"\u4eea\u8868\u677f\u4f9d\u8d56\u4e8e\u67d0\u4e9b\u5b89\u5168\u529f\u80fd\u7684\u5171\u4eab SECRET_KEY \u8bbe\u7f6e\u3002\u5bc6\u94a5\u5e94\u4e3a\u968f\u673a\u751f\u6210\u7684\u5b57\u7b26\u4e32\uff0c\u957f\u5ea6\u81f3\u5c11\u4e3a 64 \u4e2a\u5b57\u7b26\uff0c\u5fc5\u987b\u5728\u6240\u6709\u6d3b\u52a8\u4eea\u8868\u677f\u5b9e\u4f8b\u4e4b\u95f4\u5171\u4eab\u3002\u6cc4\u9732\u6b64\u5bc6\u94a5\u53ef\u80fd\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u8f6e\u6362\u6b64\u5bc6\u94a5\u4f1a\u4f7f\u73b0\u6709\u7528\u6237\u4f1a\u8bdd\u548c\u7f13\u5b58\u5931\u6548\u3002\u8bf7\u52ff\u5c06\u6b64\u5bc6\u94a5\u63d0\u4ea4\u5230\u516c\u5171\u5b58\u50a8\u5e93\u3002","title":"\u5bc6\u94a5"},{"location":"security/security-guide/#cookies","text":"\u4f1a\u8bddCookies\u5e94\u8bbe\u7f6e\u4e3a HTTPONLY\uff1a SESSION_COOKIE_HTTPONLY = True \u5207\u52ff\u5c06 CSRF \u6216\u4f1a\u8bdd Cookie \u914d\u7f6e\u4e3a\u5177\u6709\u5e26\u524d\u5bfc\u70b9\u7684\u901a\u914d\u7b26\u57df\u3002\u4f7f\u7528 HTTPS \u90e8\u7f72\u65f6\uff0c\u5e94\u4fdd\u62a4 Horizon \u7684\u4f1a\u8bdd\u548c CSRF Cookie\uff1a CSRF_COOKIE_SECURE = True SESSION_COOKIE_SECURE = True","title":"Cookies"},{"location":"security/security-guide/#cors","text":"\u5c06 Web \u670d\u52a1\u5668\u914d\u7f6e\u4e3a\u5728\u6bcf\u6b21\u54cd\u5e94\u65f6\u53d1\u9001\u9650\u5236\u6027 CORS \u6807\u5934\uff0c\u4ec5\u5141\u8bb8\u4eea\u8868\u677f\u57df\u548c\u534f\u8bae\uff1a Access-Control-Allow-Origin: https://example.com/ \u6c38\u8fdc\u4e0d\u5141\u8bb8\u901a\u914d\u7b26\u6765\u6e90\u3002","title":"\u8de8\u57df\u8d44\u6e90\u5171\u4eab \uff08CORS\uff09"},{"location":"security/security-guide/#_133","text":"\u5efa\u8bae\u5728\u751f\u4ea7\u73af\u5883\u4e2d\u5c06 DEBUG \u8be5\u8bbe\u7f6e\u8bbe\u7f6e\u4e3a False \u3002\u5982\u679c DEBUG \u8bbe\u7f6e\u4e3a True\uff0c\u5219\u5f53\u629b\u51fa\u5f02\u5e38\u65f6\uff0cDjango \u5c06\u663e\u793a\u5806\u6808\u8ddf\u8e2a\u548c\u654f\u611f\u7684 Web \u670d\u52a1\u5668\u72b6\u6001\u4fe1\u606f\u3002","title":"\u8c03\u8bd5"},{"location":"security/security-guide/#_134","text":"","title":"\u68c0\u67e5\u8868"},{"location":"security/security-guide/#check-dashboard-01-roothorizon","text":"\u914d\u7f6e\u6587\u4ef6\u5305\u542b\u7ec4\u4ef6\u5e73\u7a33\u8fd0\u884c\u6240\u9700\u7684\u5173\u952e\u53c2\u6570\u548c\u4fe1\u606f\u3002\u5982\u679c\u975e\u7279\u6743\u7528\u6237\u6709\u610f\u6216\u65e0\u610f\u5730\u4fee\u6539\u6216\u5220\u9664\u4efb\u4f55\u53c2\u6570\u6216\u6587\u4ef6\u672c\u8eab\uff0c\u5219\u4f1a\u5bfc\u81f4\u4e25\u91cd\u7684\u53ef\u7528\u6027\u95ee\u9898\uff0c\u4ece\u800c\u5bfc\u81f4\u5bf9\u5176\u4ed6\u6700\u7ec8\u7528\u6237\u7684\u62d2\u7edd\u670d\u52a1\u3002\u56e0\u6b64\uff0c\u6b64\u7c7b\u5173\u952e\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a root\uff0c\u7ec4\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a horizon\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%U %G\" /etc/openstack-dashboard/local_settings.py | egrep \"root horizon\" \u901a\u8fc7\uff1a\u5982\u679c\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u5206\u522b\u8bbe\u7f6e\u4e3a root \u548c horizon\u3002\u4e0a\u9762\u7684\u547d\u4ee4\u663e\u793a\u4e86\u6839\u5730\u5e73\u7ebf\u7684\u8f93\u51fa\u3002 \u5931\u8d25\uff1a\u5982\u679c\u4e0a\u8ff0\u547d\u4ee4\u672a\u8fd4\u56de\u4efb\u4f55\u8f93\u51fa\uff0c\u56e0\u4e3a\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u53ef\u80fd\u5df2\u8bbe\u7f6e\u4e3a\u9664 root \u4ee5\u5916\u7684\u4efb\u4f55\u7528\u6237\u6216\u9664 Horizon \u4ee5\u5916\u7684\u4efb\u4f55\u7ec4\u3002","title":"Check-Dashboard-01\uff1a\u7528\u6237/\u914d\u7f6e\u6587\u4ef6\u7ec4\u662f\u5426\u8bbe\u7f6e\u4e3a root/horizon\uff1f"},{"location":"security/security-guide/#check-dashboard-02-horizon","text":"\u4e0e\u524d\u9762\u7684\u68c0\u67e5\u7c7b\u4f3c\uff0c\u5efa\u8bae\u5bf9\u6b64\u7c7b\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e25\u683c\u7684\u8bbf\u95ee\u6743\u9650\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%a\" /etc/openstack-dashboard/local_settings.py \u901a\u8fc7\uff1a\u5982\u679c\u6743\u9650\u8bbe\u7f6e\u4e3a 640 \u6216\u66f4\u4e25\u683c\u3002640 \u7684\u6743\u9650\u8f6c\u6362\u4e3a\u6240\u6709\u8005 r/w\u3001\u7ec4 r\uff0c\u800c\u5bf9\u5176\u4ed6\u4eba\u6ca1\u6709\u6743\u9650\uff0c\u5373\u201cu=rw\uff0cg=r\uff0co=\u201d\u3002\u8bf7\u6ce8\u610f\uff0c\u4f7f\u7528 Check-Dashboard-01 \u65f6\uff1a\u7528\u6237/\u914d\u7f6e\u6587\u4ef6\u7ec4\u662f\u5426\u8bbe\u7f6e\u4e3a root/horizon\uff1f\u6743\u9650\u8bbe\u7f6e\u4e3a 640\uff0c\u5219 root \u7528\u6237\u5177\u6709\u8bfb/\u5199\u8bbf\u95ee\u6743\u9650\uff0cHorizon \u5177\u6709\u5bf9\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u8bfb\u53d6\u8bbf\u95ee\u6743\u9650\u3002\u4e5f\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u9a8c\u8bc1\u8bbf\u95ee\u6743\u9650\u3002\u4ec5\u5f53\u6b64\u547d\u4ee4\u652f\u6301 ACL \u65f6\uff0c\u5b83\u624d\u5728\u60a8\u7684\u7cfb\u7edf\u4e0a\u53ef\u7528\u3002 $ getfacl --tabular -a /etc/openstack-dashboard/local_settings.py getfacl: Removing leading '/' from absolute path names # file: etc/openstack-dashboard/local_settings.py USER root rw- GROUP horizon r-- mask r-- other --- \u5931\u8d25\uff1a\u5982\u679c\u6743\u9650\u672a\u8bbe\u7f6e\u4e3a\u81f3\u5c11 640\u3002","title":"Check-Dashboard-02\uff1a\u662f\u5426\u4e3a Horizon \u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u6743\u9650\uff1f"},{"location":"security/security-guide/#check-dashboard-03-disallow_iframe_embed-true","text":"DISALLOW_IFRAME_EMBED \u53ef\u7528\u4e8e\u9632\u6b62 OpenStack Dashboard \u5d4c\u5165\u5230 iframe \u4e2d\u3002 \u65e7\u7248\u6d4f\u89c8\u5668\u4ecd\u7136\u5bb9\u6613\u53d7\u5230\u8de8\u5e27\u811a\u672c \uff08XFS\uff09 \u6f0f\u6d1e\u7684\u5f71\u54cd\uff0c\u56e0\u6b64\u6b64\u9009\u9879\u5141\u8bb8\u5728\u90e8\u7f72\u4e2d\u672a\u4f7f\u7528 iframe \u7684\u60c5\u51b5\u4e0b\u8fdb\u884c\u989d\u5916\u7684\u5b89\u5168\u5f3a\u5316\u3002 \u9ed8\u8ba4\u8bbe\u7f6e\u4e3a True\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 DISALLOW_IFRAME_EMBED in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a True \u3002 \u5931\u8d25\uff1a\u5982\u679c\u53c2\u6570 DISALLOW_IFRAME_EMBED in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a False \u3002 \u63a8\u8350\u7528\u4e8e\uff1aHTTPS\u3001HSTS\u3001XSS \u548c SSRF\u3002","title":"Check-Dashboard-03\uff1a\u53c2\u6570\u662f\u5426 DISALLOW_IFRAME_EMBED \u8bbe\u7f6e\u4e3a True \uff1f"},{"location":"security/security-guide/#check-dashboard-04-csrf_cookie_secure-true","text":"CSRF\uff08\u8de8\u7ad9\u70b9\u8bf7\u6c42\u4f2a\u9020\uff09\u662f\u4e00\u79cd\u653b\u51fb\uff0c\u5b83\u8feb\u4f7f\u6700\u7ec8\u7528\u6237\u5728\u4ed6/\u5979\u5f53\u524d\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684 Web \u5e94\u7528\u7a0b\u5e8f\u4e0a\u6267\u884c\u672a\u7ecf\u6388\u6743\u7684\u547d\u4ee4\u3002\u6210\u529f\u7684 CSRF \u6f0f\u6d1e\u53ef\u80fd\u4f1a\u5371\u53ca\u6700\u7ec8\u7528\u6237\u7684\u6570\u636e\u548c\u64cd\u4f5c\u3002\u5982\u679c\u76ee\u6807\u6700\u7ec8\u7528\u6237\u5177\u6709\u7ba1\u7406\u5458\u6743\u9650\uff0c\u8fd9\u53ef\u80fd\u4f1a\u5371\u53ca\u6574\u4e2a Web \u5e94\u7528\u7a0b\u5e8f\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 CSRF_COOKIE_SECURE in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a True \u3002 \u5931\u8d25\uff1a\u5982\u679c\u53c2\u6570 CSRF_COOKIE_SECURE in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a False \u3002 \u63a8\u8350\u4e8e\uff1aCookies\u3002","title":"Check-Dashboard-04\uff1a\u53c2\u6570\u662f\u5426 CSRF_COOKIE_SECURE \u8bbe\u7f6e\u4e3a True \uff1f"},{"location":"security/security-guide/#check-dashboard-05-session_cookie_secure-true","text":"\u201cSECURE\u201dcookie \u5c5e\u6027\u6307\u793a Web \u6d4f\u89c8\u5668\u4ec5\u901a\u8fc7\u52a0\u5bc6\u7684 HTTPS \uff08SSL/TLS\uff09 \u8fde\u63a5\u53d1\u9001 cookie\u3002\u6b64\u4f1a\u8bdd\u4fdd\u62a4\u673a\u5236\u662f\u5f3a\u5236\u6027\u7684\uff0c\u4ee5\u9632\u6b62\u901a\u8fc7 MitM\uff08\u4e2d\u95f4\u4eba\uff09\u653b\u51fb\u6cc4\u9732\u4f1a\u8bdd ID\u3002\u5b83\u786e\u4fdd\u653b\u51fb\u8005\u65e0\u6cd5\u7b80\u5355\u5730\u4ece Web \u6d4f\u89c8\u5668\u6d41\u91cf\u4e2d\u6355\u83b7\u4f1a\u8bdd ID\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 SESSION_COOKIE_SECURE in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a True \u3002 \u5931\u8d25\uff1a\u5982\u679c\u53c2\u6570 SESSION_COOKIE_SECURE in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a False \u3002 \u63a8\u8350\u4e8e\uff1aCookies\u3002","title":"Check-Dashboard-05\uff1a\u53c2\u6570\u662f\u5426 SESSION_COOKIE_SECURE \u8bbe\u7f6e\u4e3a True \uff1f"},{"location":"security/security-guide/#check-dashboard-06-session_cookie_httponly-true","text":"\u201cHTTPONLY\u201dcookie \u5c5e\u6027\u6307\u793a Web \u6d4f\u89c8\u5668\u4e0d\u5141\u8bb8\u811a\u672c\uff08\u4f8b\u5982 JavaScript \u6216 VBscript\uff09\u901a\u8fc7 DOM document.cookie \u5bf9\u8c61\u8bbf\u95ee cookie\u3002\u6b64\u4f1a\u8bdd ID \u4fdd\u62a4\u662f\u5fc5\u9700\u7684\uff0c\u4ee5\u9632\u6b62\u901a\u8fc7 XSS \u653b\u51fb\u7a83\u53d6\u4f1a\u8bdd ID\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 SESSION_COOKIE_HTTPONLY in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a True \u3002 \u5931\u8d25\uff1a\u5982\u679c\u53c2\u6570 SESSION_COOKIE_HTTPONLY in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a False \u3002 \u63a8\u8350\u4e8e\uff1aCookies\u3002","title":"Check-Dashboard-06\uff1a\u53c2\u6570\u662f\u5426 SESSION_COOKIE_HTTPONLY \u8bbe\u7f6e\u4e3a True \uff1f"},{"location":"security/security-guide/#check-dashboard-07-password_autocomplete-false","text":"\u5e94\u7528\u7a0b\u5e8f\u7528\u4e8e\u4e3a\u7528\u6237\u63d0\u4f9b\u4fbf\u5229\u7684\u5e38\u89c1\u529f\u80fd\u662f\u5c06\u5bc6\u7801\u672c\u5730\u7f13\u5b58\u5728\u6d4f\u89c8\u5668\u4e2d\uff08\u5728\u5ba2\u6237\u7aef\u8ba1\u7b97\u673a\u4e0a\uff09\uff0c\u5e76\u5728\u6240\u6709\u540e\u7eed\u8bf7\u6c42\u4e2d\u201c\u9884\u5148\u952e\u5165\u201d\u3002\u867d\u7136\u6b64\u529f\u80fd\u5bf9\u666e\u901a\u7528\u6237\u6765\u8bf4\u975e\u5e38\u53cb\u597d\uff0c\u4f46\u540c\u65f6\uff0c\u5b83\u5f15\u5165\u4e86\u4e00\u4e2a\u7f3a\u9677\uff0c\u56e0\u4e3a\u5728\u5ba2\u6237\u7aef\u8ba1\u7b97\u673a\u4e0a\u4f7f\u7528\u76f8\u540c\u5e10\u6237\u7684\u4efb\u4f55\u4eba\u90fd\u53ef\u4ee5\u8f7b\u677e\u8bbf\u95ee\u7528\u6237\u5e10\u6237\uff0c\u4ece\u800c\u53ef\u80fd\u5bfc\u81f4\u7528\u6237\u5e10\u6237\u53d7\u635f\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 PASSWORD_AUTOCOMPLETE in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a off \u3002 \u5931\u8d25\uff1a\u5982\u679c\u53c2\u6570 PASSWORD_AUTOCOMPLETE in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a on \u3002","title":"Check-Dashboard-07\uff1a PASSWORD_AUTOCOMPLETE \u8bbe\u7f6e\u4e3a False \uff1f"},{"location":"security/security-guide/#check-dashboard-08-disable_password_reveal-true","text":"\u4e0e\u4e4b\u524d\u7684\u68c0\u67e5\u7c7b\u4f3c\uff0c\u5efa\u8bae\u4e0d\u8981\u663e\u793a\u5bc6\u7801\u5b57\u6bb5\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 DISABLE_PASSWORD_REVEAL in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a True \u3002 \u5931\u8d25\uff1a\u5982\u679c\u53c2\u6570 DISABLE_PASSWORD_REVEAL in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a False \u3002 \u6ce8\u610f \u6b64\u9009\u9879\u662f\u5728 Kilo \u7248\u672c\u4e2d\u5f15\u5165\u7684\u3002","title":"Check-Dashboard-08\uff1a DISABLE_PASSWORD_REVEAL \u8bbe\u7f6e\u4e3a True \uff1f"},{"location":"security/security-guide/#check-dashboard-09-enforce_password_check-true","text":"\u8bbe\u7f6e\u4e3a ENFORCE_PASSWORD_CHECK True \u5c06\u5728\u201c\u66f4\u6539\u5bc6\u7801\u201d\u7a97\u4f53\u4e0a\u663e\u793a\u201c\u7ba1\u7406\u5458\u5bc6\u7801\u201d\u5b57\u6bb5\uff0c\u4ee5\u9a8c\u8bc1\u662f\u5426\u786e\u5b9e\u662f\u7ba1\u7406\u5458\u767b\u5f55\u7684\u8981\u66f4\u6539\u5bc6\u7801\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 ENFORCE_PASSWORD_CHECK in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a True \u3002 \u5931\u8d25\uff1a\u5982\u679c\u53c2\u6570 ENFORCE_PASSWORD_CHECK in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a False \u3002","title":"Check-Dashboard-09\uff1a ENFORCE_PASSWORD_CHECK \u8bbe\u7f6e\u4e3a True \uff1f"},{"location":"security/security-guide/#check-dashboard-10-password_validator","text":"\u5141\u8bb8\u6b63\u5219\u8868\u8fbe\u5f0f\u9a8c\u8bc1\u7528\u6237\u5bc6\u7801\u7684\u590d\u6742\u6027\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 PASSWORD_VALIDATOR in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a defaul \u4e4b\u5916\u7684\u4efb\u4f55\u503c\uff0c\u5219\u5141\u8bb8\u6240\u6709 \u201cregex\u201d\uff1a '.*'\uff0c \u5931\u8d25\uff1a\u5982\u679c\u53c2\u6570 PASSWORD_VALIDATOR in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a\u5141\u8bb8\u6240\u6709 \u201cregex\u201d\uff1a '.*'","title":"Check-Dashboard-10\uff1a\u662f\u5426 PASSWORD_VALIDATOR \u5df2\u914d\u7f6e\uff1f"},{"location":"security/security-guide/#check-dashboard-11-secure_proxy_ssl_header","text":"\u5982\u679c OpenStack Dashboard \u90e8\u7f72\u5728\u4ee3\u7406\u540e\u9762\uff0c\u5e76\u4e14\u4ee3\u7406\u4ece\u6240\u6709\u4f20\u5165\u8bf7\u6c42\u4e2d\u5265\u79bb X-Forwarded-Proto \u6807\u5934\uff0c\u6216\u8005\u8bbe\u7f6e\u6807\u5934 X-Forwarded-Proto \u5e76\u5c06\u5176\u53d1\u9001\u5230 Dashboard\uff0c\u4f46\u4ec5\u9002\u7528\u4e8e\u6700\u521d\u901a\u8fc7 HTTPS \u4f20\u5165\u7684\u8bf7\u6c42\uff0c\u90a3\u4e48\u60a8\u5e94\u8be5\u8003\u8651\u914d\u7f6e SECURE_PROXY_SSL_HEADER \u66f4\u591a\u4fe1\u606f\u53ef\u4ee5\u5728 Django \u6587\u6863\u4e2d\u627e\u5230\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 SECURE_PROXY_SSL_HEADER in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u8bbe\u7f6e\u4e3a 'HTTP_X_FORWARDED_PROTO', 'https' \u5931\u8d25\uff1a\u5982\u679c\u53c2\u6570 SECURE_PROXY_SSL_HEADER in /etc/openstack-dashboard/local_settings.py \u7684\u503c\u672a\u8bbe\u7f6e\u4e3a 'HTTP_X_FORWARDED_PROTO', 'https' \u6216\u6ce8\u91ca\u6389\u3002","title":"Check-Dashboard-11\uff1a\u662f\u5426 SECURE_PROXY_SSL_HEADER \u5df2\u914d\u7f6e\uff1f"},{"location":"security/security-guide/#_135","text":"OpenStack \u8ba1\u7b97\u670d\u52a1 \uff08nova\uff09 \u5728\u6574\u4e2a\u4e91\u4e2d\u7684\u8bb8\u591a\u4f4d\u7f6e\u8fd0\u884c\uff0c\u5e76\u4e0e\u5404\u79cd\u5185\u90e8\u670d\u52a1\u8fdb\u884c\u4ea4\u4e92\u3002OpenStack \u8ba1\u7b97\u670d\u52a1\u63d0\u4f9b\u4e86\u591a\u79cd\u914d\u7f6e\u9009\u9879\uff0c\u8fd9\u4e9b\u9009\u9879\u53ef\u80fd\u662f\u7279\u5b9a\u4e8e\u90e8\u7f72\u7684\u3002 \u5728\u672c\u7ae0\u4e2d\uff0c\u6211\u4eec\u5c06\u4ecb\u7ecd\u6709\u5173\u8ba1\u7b97\u5b89\u5168\u6027\u7684\u4e00\u822c\u6700\u4f73\u5b9e\u8df5\uff0c\u4ee5\u53ca\u53ef\u80fd\u5bfc\u81f4\u5b89\u5168\u95ee\u9898\u7684\u7279\u5b9a\u5df2\u77e5\u914d\u7f6e\u3002 nova.conf \u6587\u4ef6\u548c /var/lib/nova \u4f4d\u7f6e\u5e94\u53d7\u5230\u4fdd\u62a4\u3002\u5e94\u5b9e\u65bd\u96c6\u4e2d\u5f0f\u65e5\u5fd7\u8bb0\u5f55\u3001 policy.json \u6587\u4ef6\u548c\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236\u6846\u67b6\u7b49\u63a7\u5236\u63aa\u65bd\u3002 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u9009\u62e9 OpenStack \u4e2d\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f \u7eb3\u5165\u6392\u9664\u6807\u51c6 \u56e2\u961f\u4e13\u957f \u4ea7\u54c1\u6216\u9879\u76ee\u6210\u719f\u5ea6 \u8ba4\u8bc1\u548c\u8bc1\u660e \u901a\u7528\u6807\u51c6 \u52a0\u5bc6\u6807\u51c6 FIPS 140-2 \u786c\u4ef6\u95ee\u9898 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e0e\u88f8\u673a \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5185\u5b58\u4f18\u5316 KVM \u5185\u6838 Samepage \u5408\u5e76 XEN\u900f\u660e\u9875\u9762\u5171\u4eab \u5185\u5b58\u4f18\u5316\u7684\u5b89\u5168\u6ce8\u610f\u4e8b\u9879 \u5176\u4ed6\u5b89\u5168\u529f\u80fd \u4e66\u76ee \u5f3a\u5316\u865a\u62df\u5316\u5c42 \u7269\u7406\u786c\u4ef6\uff08PCI \u76f4\u901a\uff09 \u865a\u62df\u786c\u4ef6 \uff08QEMU\uff09 \u6700\u5c0f\u5316 QEMU \u4ee3\u7801\u5e93 \u7f16\u8bd1\u5668\u5f3a\u5316 \u5b89\u5168\u52a0\u5bc6\u865a\u62df\u5316 \u5f3a\u5236\u8bbf\u95ee\u63a7\u5236 sVirt\uff1aSELinux \u548c\u865a\u62df\u5316 \u6807\u7b7e\u548c\u7c7b\u522b SELinux \u7528\u6237\u548c\u89d2\u8272 \u5e03\u5c14\u503c \u5f3a\u5316\u8ba1\u7b97\u90e8\u7f72 OpenStack \u6f0f\u6d1e\u7ba1\u7406\u56e2\u961f OpenStack \u5b89\u5168\u8bf4\u660e OpenStack-dev \u90ae\u4ef6\u5217\u8868 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u90ae\u4ef6\u5217\u8868 \u6f0f\u6d1e\u610f\u8bc6 OpenStack \u6f0f\u6d1e\u7ba1\u7406\u56e2\u961f OpenStack \u5b89\u5168\u8bf4\u660e OpenStack-\u8ba8\u8bba\u90ae\u4ef6\u5217\u8868 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u90ae\u4ef6\u5217\u8868 \u5982\u4f55\u9009\u62e9\u865a\u62df\u63a7\u5236\u53f0 \u865a\u62df\u7f51\u7edc\u8ba1\u7b97\u673a \uff08VNC\uff09 \u72ec\u7acb\u8ba1\u7b97\u73af\u5883\u7684\u7b80\u5355\u534f\u8bae \uff08SPICE\uff09 \u68c0\u67e5\u8868 Check-Compute-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/nova\uff1f Check-Compute-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Compute-03\uff1aKeystone \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Compute-04\uff1a\u662f\u5426\u4f7f\u7528\u5b89\u5168\u534f\u8bae\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Compute-05\uff1aNova \u4e0e Glance \u7684\u901a\u4fe1\u662f\u5426\u5b89\u5168\uff1f","title":"\u8ba1\u7b97"},{"location":"security/security-guide/#_136","text":"","title":"\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u9009\u62e9"},{"location":"security/security-guide/#openstack_4","text":"\u65e0\u8bbaOpenStack\u662f\u90e8\u7f72\u5728\u79c1\u6709\u6570\u636e\u4e2d\u5fc3\u5185\uff0c\u8fd8\u662f\u4f5c\u4e3a\u516c\u5171\u4e91\u670d\u52a1\u90e8\u7f72\uff0c\u5e95\u5c42\u865a\u62df\u5316\u6280\u672f\u90fd\u80fd\u5728\u53ef\u6269\u5c55\u6027\u3001\u8d44\u6e90\u6548\u7387\u548c\u6b63\u5e38\u8fd0\u884c\u65f6\u95f4\u65b9\u9762\u63d0\u4f9b\u4f01\u4e1a\u7ea7\u529f\u80fd\u3002\u867d\u7136\u5728\u8bb8\u591a OpenStack \u652f\u6301\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u6280\u672f\u4e2d\u901a\u5e38\u90fd\u5177\u6709\u8fd9\u79cd\u9ad8\u7ea7\u4f18\u52bf\uff0c\u4f46\u6bcf\u4e2a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u7684\u5b89\u5168\u67b6\u6784\u548c\u529f\u80fd\u90fd\u5b58\u5728\u663e\u8457\u5dee\u5f02\uff0c\u5c24\u5176\u662f\u5728\u8003\u8651\u5f39\u6027 OpenStack \u73af\u5883\u7279\u6709\u7684\u5b89\u5168\u5a01\u80c1\u5411\u91cf\u65f6\u3002\u968f\u7740\u5e94\u7528\u7a0b\u5e8f\u6574\u5408\u5230\u5355\u4e2a\u57fa\u7840\u67b6\u6784\u5373\u670d\u52a1 \uff08IaaS\uff09 \u5e73\u53f0\u4e2d\uff0c\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u7ea7\u522b\u7684\u5b9e\u4f8b\u9694\u79bb\u53d8\u5f97\u81f3\u5173\u91cd\u8981\u3002\u5b89\u5168\u9694\u79bb\u7684\u8981\u6c42\u5728\u5546\u4e1a\u3001\u653f\u5e9c\u548c\u519b\u4e8b\u793e\u533a\u4e2d\u90fd\u9002\u7528\u3002 \u5728 OpenStack \u6846\u67b6\u4e2d\uff0c\u60a8\u53ef\u4ee5\u5728\u4f17\u591a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5e73\u53f0\u548c\u76f8\u5e94\u7684 OpenStack \u63d2\u4ef6\u4e2d\u8fdb\u884c\u9009\u62e9\uff0c\u4ee5\u4f18\u5316\u60a8\u7684\u4e91\u73af\u5883\u3002\u5728\u672c\u6307\u5357\u7684\u4e0a\u4e0b\u6587\u4e2d\uff0c\u91cd\u70b9\u4ecb\u7ecd\u4e86\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u9009\u62e9\u6ce8\u610f\u4e8b\u9879\uff0c\u56e0\u4e3a\u5b83\u4eec\u4e0e\u5bf9\u5b89\u5168\u6027\u81f3\u5173\u91cd\u8981\u7684\u529f\u80fd\u96c6\u6709\u5173\u3002\u4f46\u662f\uff0c\u8fd9\u4e9b\u6ce8\u610f\u4e8b\u9879\u5e76\u4e0d\u610f\u5473\u7740\u5bf9\u7279\u5b9a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u7684\u4f18\u7f3a\u70b9\u8fdb\u884c\u8be6\u5c3d\u7684\u8c03\u67e5\u3002NIST \u5728\u7279\u522b\u51fa\u7248\u7269 800-125\u201c\u5b8c\u6574\u865a\u62df\u5316\u6280\u672f\u5b89\u5168\u6307\u5357\u201d\u4e2d\u63d0\u4f9b\u4e86\u5176\u4ed6\u6307\u5bfc\u3002","title":"OpenStack \u4e2d\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f"},{"location":"security/security-guide/#_137","text":"\u4f5c\u4e3a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u9009\u62e9\u8fc7\u7a0b\u7684\u4e00\u90e8\u5206\uff0c\u60a8\u5fc5\u987b\u8003\u8651\u8bb8\u591a\u91cd\u8981\u56e0\u7d20\uff0c\u4ee5\u5e2e\u52a9\u6539\u5584\u60a8\u7684\u5b89\u5168\u72b6\u51b5\u3002\u5177\u4f53\u6765\u8bf4\uff0c\u60a8\u5fc5\u987b\u719f\u6089\u4ee5\u4e0b\u65b9\u9762\uff1a \u56e2\u961f\u4e13\u957f \u4ea7\u54c1\u6216\u9879\u76ee\u6210\u719f\u5ea6 \u901a\u7528\u6807\u51c6 \u8ba4\u8bc1\u548c\u8bc1\u660e \u786c\u4ef6\u95ee\u9898 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e0e\u88f8\u673a \u5176\u4ed6\u5b89\u5168\u529f\u80fd \u6b64\u5916\uff0c\u5f3a\u70c8\u5efa\u8bae\u5728\u4e3a OpenStack \u90e8\u7f72\u9009\u62e9\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u65f6\u8bc4\u4f30\u4ee5\u4e0b\u4e0e\u5b89\u5168\u76f8\u5173\u7684\u6807\u51c6\uff1a * \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u662f\u5426\u7ecf\u8fc7\u901a\u7528\u6807\u51c6\u8ba4\u8bc1\uff1f\u5982\u679c\u662f\u8fd9\u6837\uff0c\u8fbe\u5230\u4ec0\u4e48\u6c34\u5e73\uff1f* \u5e95\u5c42\u5bc6\u7801\u5b66\u662f\u5426\u7ecf\u8fc7\u7b2c\u4e09\u65b9\u8ba4\u8bc1\uff1f","title":"\u9009\u62e9\u6807\u51c6"},{"location":"security/security-guide/#_138","text":"\u6700\u6709\u53ef\u80fd\u7684\u662f\uff0c\u5728\u9009\u62e9\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u65f6\uff0c\u6700\u91cd\u8981\u7684\u65b9\u9762\u662f\u60a8\u7684\u5458\u5de5\u5728\u7ba1\u7406\u548c\u7ef4\u62a4\u7279\u5b9a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5e73\u53f0\u65b9\u9762\u7684\u4e13\u4e1a\u77e5\u8bc6\u3002\u60a8\u7684\u56e2\u961f\u5bf9\u7ed9\u5b9a\u4ea7\u54c1\u3001\u5176\u914d\u7f6e\u53ca\u5176\u602a\u7656\u8d8a\u719f\u6089\uff0c\u914d\u7f6e\u9519\u8bef\u5c31\u8d8a\u5c11\u3002\u6b64\u5916\uff0c\u5728\u7ed9\u5b9a\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e0a\u5c06\u5458\u5de5\u4e13\u4e1a\u77e5\u8bc6\u5206\u5e03\u5728\u6574\u4e2a\u7ec4\u7ec7\u4e2d\u53ef\u4ee5\u63d0\u9ad8\u7cfb\u7edf\u7684\u53ef\u7528\u6027\uff0c\u5141\u8bb8\u804c\u8d23\u5206\u79bb\uff0c\u5e76\u5728\u56e2\u961f\u6210\u5458\u4e0d\u53ef\u7528\u65f6\u7f13\u89e3\u95ee\u9898\u3002","title":"\u56e2\u961f\u4e13\u957f"},{"location":"security/security-guide/#_139","text":"\u7ed9\u5b9a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4ea7\u54c1\u6216\u9879\u76ee\u7684\u6210\u719f\u5ea6\u5bf9\u60a8\u7684\u5b89\u5168\u72b6\u51b5\u4e5f\u81f3\u5173\u91cd\u8981\u3002\u90e8\u7f72\u4e91\u540e\uff0c\u4ea7\u54c1\u6210\u719f\u5ea6\u4f1a\u4ea7\u751f\u8bb8\u591a\u5f71\u54cd\uff1a\u7ed9\u5b9a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4ea7\u54c1\u6216\u9879\u76ee\u7684\u6210\u719f\u5ea6\u5bf9\u60a8\u7684\u5b89\u5168\u72b6\u51b5\u4e5f\u81f3\u5173\u91cd\u8981\u3002\u90e8\u7f72\u4e91\u540e\uff0c\u4ea7\u54c1\u6210\u719f\u5ea6\u4f1a\u4ea7\u751f\u8bb8\u591a\u5f71\u54cd\uff1a \u4e13\u4e1a\u77e5\u8bc6\u7684\u53ef\u7528\u6027 \u6d3b\u8dc3\u7684\u5f00\u53d1\u4eba\u5458\u548c\u7528\u6237\u793e\u533a \u66f4\u65b0\u7684\u53ca\u65f6\u6027\u548c\u53ef\u7528\u6027 \u53d1\u75c5\u7387\u54cd\u5e94 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u6210\u719f\u5ea6\u7684\u6700\u5927\u6307\u6807\u4e4b\u4e00\u662f\u56f4\u7ed5\u5b83\u7684\u793e\u533a\u7684\u89c4\u6a21\u548c\u6d3b\u529b\u3002\u7531\u4e8e\u8fd9\u6d89\u53ca\u5b89\u5168\u6027\uff0c\u56e0\u6b64\u5982\u679c\u60a8\u9700\u8981\u989d\u5916\u7684\u4e91\u64cd\u4f5c\u5458\uff0c\u793e\u533a\u7684\u8d28\u91cf\u4f1a\u5f71\u54cd\u4e13\u4e1a\u77e5\u8bc6\u7684\u53ef\u7528\u6027\u3002\u8fd9\u4e5f\u8868\u660e\u4e86\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u7684\u5e7f\u6cdb\u90e8\u7f72\uff0c\u8fdb\u800c\u5bfc\u81f4\u4efb\u4f55\u53c2\u8003\u67b6\u6784\u548c\u6700\u4f73\u5b9e\u8df5\u7684\u6218\u5907\u72b6\u6001\u3002 \u6b64\u5916\uff0c\u793e\u533a\u7684\u8d28\u91cf\uff0c\u56e0\u4e3a\u5b83\u56f4\u7ed5\u7740KVM\u6216Xen\u7b49\u5f00\u6e90\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\uff0c\u5bf9\u9519\u8bef\u4fee\u590d\u548c\u5b89\u5168\u66f4\u65b0\u7684\u53ca\u65f6\u6027\u6709\u76f4\u63a5\u5f71\u54cd\u3002\u5728\u8c03\u67e5\u5546\u4e1a\u548c\u5f00\u6e90\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u65f6\uff0c\u60a8\u5fc5\u987b\u67e5\u770b\u5b83\u4eec\u7684\u53d1\u5e03\u548c\u652f\u6301\u5468\u671f\uff0c\u4ee5\u53ca\u53d1\u5e03\u9519\u8bef\u6216\u5b89\u5168\u95ee\u9898\u4e0e\u8865\u4e01\u6216\u54cd\u5e94\u4e4b\u95f4\u7684\u65f6\u95f4\u5dee\u3002\u6700\u540e\uff0cOpenStack \u8ba1\u7b97\u652f\u6301\u7684\u529f\u80fd\u56e0\u6240\u9009\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u800c\u5f02\u3002\u8bf7\u53c2\u9605 OpenStack Hypervisor Support Matrix\uff0c\u4e86\u89e3 Hypervisor \u5bf9 OpenStack \u8ba1\u7b97\u529f\u80fd\u7684\u652f\u6301\u3002","title":"\u4ea7\u54c1\u6216\u9879\u76ee\u6210\u719f\u5ea6"},{"location":"security/security-guide/#_140","text":"\u9009\u62e9\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u65f6\uff0c\u53e6\u4e00\u4e2a\u8003\u8651\u56e0\u7d20\u662f\u5404\u79cd\u6b63\u5f0f\u8ba4\u8bc1\u548c\u8bc1\u660e\u7684\u53ef\u7528\u6027\u3002\u867d\u7136\u5b83\u4eec\u53ef\u80fd\u4e0d\u662f\u7279\u5b9a\u7ec4\u7ec7\u7684\u8981\u6c42\uff0c\u4f46\u8fd9\u4e9b\u8ba4\u8bc1\u548c\u8bc1\u660e\u8bf4\u660e\u4e86\u7279\u5b9a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5e73\u53f0\u6240\u7ecf\u8fc7\u7684\u6d4b\u8bd5\u7684\u6210\u719f\u5ea6\u3001\u751f\u4ea7\u51c6\u5907\u60c5\u51b5\u548c\u5f7b\u5e95\u6027\u3002","title":"\u8ba4\u8bc1\u548c\u8bc1\u660e"},{"location":"security/security-guide/#_141","text":"\u901a\u7528\u6807\u51c6\u662f\u4e00\u4e2a\u56fd\u9645\u6807\u51c6\u5316\u7684\u8f6f\u4ef6\u8bc4\u4f30\u8fc7\u7a0b\uff0c\u653f\u5e9c\u548c\u5546\u4e1a\u516c\u53f8\u4f7f\u7528\u5b83\u6765\u9a8c\u8bc1\u8f6f\u4ef6\u6280\u672f\u662f\u5426\u5982\u5ba3\u4f20\u7684\u90a3\u6837\u3002\u5728\u653f\u5e9c\u90e8\u95e8\uff0cNSTISSP \u7b2c 11 \u53f7\u89c4\u5b9a\u7f8e\u56fd\u653f\u5e9c\u673a\u6784\u53ea\u80fd\u91c7\u8d2d\u5df2\u901a\u8fc7\u901a\u7528\u6807\u51c6\u8ba4\u8bc1\u7684\u8f6f\u4ef6\uff0c\u8be5\u653f\u7b56\u81ea 2002 \u5e74 7 \u6708\u8d77\u5b9e\u65bd\u3002 \u6ce8\u610f OpenStack\u5c1a\u672a\u901a\u8fc7\u901a\u7528\u6807\u51c6\u8ba4\u8bc1\uff0c\u4f46\u8bb8\u591a\u53ef\u7528\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u90fd\u7ecf\u8fc7\u4e86\u8ba4\u8bc1\u3002 \u9664\u4e86\u9a8c\u8bc1\u6280\u672f\u80fd\u529b\u5916\uff0c\u901a\u7528\u6807\u51c6\u6d41\u7a0b\u8fd8\u8bc4\u4f30\u6280\u672f\u7684\u5f00\u53d1\u65b9\u5f0f\u3002 \u5982\u4f55\u8fdb\u884c\u6e90\u4ee3\u7801\u7ba1\u7406\uff1f \u5982\u4f55\u6388\u4e88\u7528\u6237\u5bf9\u6784\u5efa\u7cfb\u7edf\u7684\u8bbf\u95ee\u6743\u9650\uff1f \u8be5\u6280\u672f\u5728\u5206\u53d1\u524d\u662f\u5426\u7ecf\u8fc7\u52a0\u5bc6\u7b7e\u540d\uff1f KVM \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5df2\u901a\u8fc7\u7f8e\u56fd\u653f\u5e9c\u548c\u5546\u4e1a\u53d1\u884c\u7248\u7684\u901a\u7528\u6807\u51c6\u8ba4\u8bc1\u3002\u8fd9\u4e9b\u5df2\u7ecf\u8fc7\u9a8c\u8bc1\uff0c\u53ef\u4ee5\u5c06\u865a\u62df\u673a\u7684\u8fd0\u884c\u65f6\u73af\u5883\u5f7c\u6b64\u5206\u79bb\uff0c\u4ece\u800c\u63d0\u4f9b\u57fa\u7840\u6280\u672f\u6765\u5b9e\u65bd\u5b9e\u4f8b\u9694\u79bb\u3002\u9664\u4e86\u865a\u62df\u673a\u9694\u79bb\u4e4b\u5916\uff0cKVM \u8fd8\u901a\u8fc7\u4e86\u901a\u7528\u6807\u51c6\u8ba4\u8bc1\uff1a \"...provide system-inherent separation mechanisms to the resources of virtual machines. This separation ensures that large software component used for virtualizing and simulating devices executing for each virtual machine cannot interfere with each other. Using the SELinux multi-category mechanism, the virtualization and simulation software instances are isolated. The virtual machine management framework configures SELinux multi-category settings transparently to the administrator.\" \u867d\u7136\u8bb8\u591a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4f9b\u5e94\u5546\uff08\u5982 Red Hat\u3001Microsoft \u548c VMware\uff09\u5df2\u83b7\u5f97\u901a\u7528\u6807\u51c6\u8ba4\u8bc1\uff0c\u4f46\u5176\u57fa\u7840\u8ba4\u8bc1\u529f\u80fd\u96c6\u6709\u6240\u4e0d\u540c\uff0c\u4f46\u6211\u4eec\u5efa\u8bae\u8bc4\u4f30\u4f9b\u5e94\u5546\u58f0\u660e\uff0c\u4ee5\u786e\u4fdd\u5b83\u4eec\u81f3\u5c11\u6ee1\u8db3\u4ee5\u4e0b\u8981\u6c42\uff1a \u5ba1\u8ba1 \u8be5\u7cfb\u7edf\u63d0\u4f9b\u4e86\u5ba1\u6838\u5927\u91cf\u4e8b\u4ef6\u7684\u529f\u80fd\uff0c\u5305\u62ec\u5355\u4e2a\u7cfb\u7edf\u8c03\u7528\u548c\u53d7\u4fe1\u4efb\u8fdb\u7a0b\u751f\u6210\u7684\u4e8b\u4ef6\u3002\u5ba1\u8ba1\u6570\u636e\u4ee5 ASCII \u683c\u5f0f\u6536\u96c6\u5728\u5e38\u89c4\u6587\u4ef6\u4e2d\u3002\u7cfb\u7edf\u63d0\u4f9b\u4e86\u4e00\u4e2a\u7528\u4e8e\u641c\u7d22\u5ba1\u8ba1\u8bb0\u5f55\u7684\u7a0b\u5e8f\u3002\u7cfb\u7edf\u7ba1\u7406\u5458\u53ef\u4ee5\u5b9a\u4e49\u4e00\u4e2a\u89c4\u5219\u5e93\uff0c\u4ee5\u5c06\u5ba1\u6838\u9650\u5236\u4e3a\u4ed6\u4eec\u611f\u5174\u8da3\u7684\u4e8b\u4ef6\u3002\u8fd9\u5305\u62ec\u5c06\u5ba1\u6838\u9650\u5236\u4e3a\u7279\u5b9a\u4e8b\u4ef6\u3001\u7279\u5b9a\u7528\u6237\u3001\u7279\u5b9a\u5bf9\u8c61\u6216\u6240\u6709\u8fd9\u4e9b\u7684\u7ec4\u5408\u7684\u80fd\u529b\u3002\u5ba1\u8ba1\u8bb0\u5f55\u53ef\u4ee5\u4f20\u8f93\u5230\u8fdc\u7a0b\u5ba1\u8ba1\u5b88\u62a4\u7a0b\u5e8f\u3002 \u81ea\u4e3b\u8bbf\u95ee\u63a7\u5236 \u81ea\u4e3b\u8bbf\u95ee\u63a7\u5236 \uff08DAC\uff09 \u9650\u5236\u5bf9\u57fa\u4e8e ACL \u7684\u6587\u4ef6\u7cfb\u7edf\u5bf9\u8c61\u7684\u8bbf\u95ee\uff0c\u8fd9\u4e9b\u5bf9\u8c61\u5305\u62ec\u7528\u6237\u3001\u7ec4\u548c\u5176\u4ed6\u4eba\u5458\u7684\u6807\u51c6 UNIX \u6743\u9650\u3002\u8bbf\u95ee\u63a7\u5236\u673a\u5236\u8fd8\u53ef\u4ee5\u4fdd\u62a4 IPC \u5bf9\u8c61\u514d\u53d7\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002\u8be5\u7cfb\u7edf\u5305\u62ec ext4 \u6587\u4ef6\u7cfb\u7edf\uff0c\u5b83\u652f\u6301 POSIX ACL\u3002\u8fd9\u5141\u8bb8\u5b9a\u4e49\u5bf9\u6b64\u7c7b\u6587\u4ef6\u7cfb\u7edf\u4e2d\u6587\u4ef6\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u7cbe\u786e\u5230\u5355\u4e2a\u7528\u6237\u7684\u7c92\u5ea6\u3002 \u5f3a\u5236\u8bbf\u95ee\u63a7\u5236 \u5f3a\u5236\u8bbf\u95ee\u63a7\u5236 \uff08MAC\uff09 \u6839\u636e\u5206\u914d\u7ed9\u4e3b\u4f53\u548c\u5bf9\u8c61\u7684\u6807\u7b7e\u6765\u9650\u5236\u5bf9\u5bf9\u8c61\u7684\u8bbf\u95ee\u3002\u654f\u611f\u5ea6\u6807\u7b7e\u4f1a\u81ea\u52a8\u9644\u52a0\u5230\u8fdb\u7a0b\u548c\u5bf9\u8c61\u3002\u4f7f\u7528\u8fd9\u4e9b\u6807\u7b7e\u5f3a\u5236\u5b9e\u65bd\u7684\u8bbf\u95ee\u63a7\u5236\u7b56\u7565\u6d3e\u751f\u81ea Bell-LaPadula \u6a21\u578b\u3002SELinux \u7c7b\u522b\u9644\u52a0\u5230\u865a\u62df\u673a\u53ca\u5176\u8d44\u6e90\u3002\u5982\u679c\u865a\u62df\u673a\u7684\u7c7b\u522b\u4e0e\u6240\u8bbf\u95ee\u8d44\u6e90\u7684\u7c7b\u522b\u76f8\u540c\uff0c\u5219\u4f7f\u7528\u8fd9\u4e9b\u7c7b\u522b\u5f3a\u5236\u5b9e\u65bd\u7684\u8bbf\u95ee\u63a7\u5236\u7b56\u7565\u5c06\u6388\u4e88\u865a\u62df\u673a\u5bf9\u8d44\u6e90\u7684\u8bbf\u95ee\u6743\u9650\u3002TOE \u5b9e\u73b0\u975e\u5206\u5c42\u7c7b\u522b\u6765\u63a7\u5236\u5bf9\u865a\u62df\u673a\u7684\u8bbf\u95ee\u3002 \u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236 \u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236 \uff08RBAC\uff09 \u5141\u8bb8\u89d2\u8272\u5206\u79bb\uff0c\u65e0\u9700\u5168\u80fd\u7684\u7cfb\u7edf\u7ba1\u7406\u5458\u3002 \u5bf9\u8c61\u91cd\u7528 \u6587\u4ef6\u7cfb\u7edf\u5bf9\u8c61\u3001\u5185\u5b58\u548c IPC \u5bf9\u8c61\u5728\u88ab\u5c5e\u4e8e\u5176\u4ed6\u7528\u6237\u7684\u8fdb\u7a0b\u91cd\u7528\u4e4b\u524d\u4f1a\u88ab\u6e05\u9664\u3002 \u5b89\u5168\u7ba1\u7406 \u7cfb\u7edf\u5b89\u5168\u5173\u952e\u53c2\u6570\u7684\u7ba1\u7406\u7531\u7ba1\u7406\u7528\u6237\u6267\u884c\u3002\u4e00\u7ec4\u9700\u8981 root \u6743\u9650\uff08\u6216\u4f7f\u7528 RBAC \u65f6\u9700\u8981\u7279\u5b9a\u89d2\u8272\uff09\u7684\u547d\u4ee4\u7528\u4e8e\u7cfb\u7edf\u7ba1\u7406\u3002\u5b89\u5168\u53c2\u6570\u5b58\u50a8\u5728\u7279\u5b9a\u6587\u4ef6\u4e2d\uff0c\u8fd9\u4e9b\u6587\u4ef6\u53d7\u7cfb\u7edf\u7684\u8bbf\u95ee\u63a7\u5236\u673a\u5236\u4fdd\u62a4\uff0c\u9632\u6b62\u975e\u7ba1\u7406\u7528\u6237\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002 \u5b89\u5168\u901a\u4fe1 \u7cfb\u7edf\u652f\u6301\u4f7f\u7528 SSH \u5b9a\u4e49\u53ef\u4fe1\u901a\u9053\u3002\u652f\u6301\u57fa\u4e8e\u5bc6\u7801\u7684\u8eab\u4efd\u9a8c\u8bc1\u3002\u5728\u8bc4\u4f30\u7684\u914d\u7f6e\u4e2d\uff0c\u8fd9\u4e9b\u534f\u8bae\u4ec5\u652f\u6301\u6709\u9650\u6570\u91cf\u7684\u5bc6\u7801\u5957\u4ef6\u3002 \u5b58\u50a8\u52a0\u5bc6 \u7cfb\u7edf\u652f\u6301\u52a0\u5bc6\u5757\u8bbe\u5907\uff0c\u901a\u8fc7 dm_crypt \u63d0\u4f9b\u5b58\u50a8\u673a\u5bc6\u6027\u3002 TSF \u4fdd\u62a4 \u5728\u8fd0\u884c\u65f6\uff0c\u5185\u6838\u8f6f\u4ef6\u548c\u6570\u636e\u53d7\u5230\u786c\u4ef6\u5185\u5b58\u4fdd\u62a4\u673a\u5236\u7684\u4fdd\u62a4\u3002\u5185\u6838\u7684\u5185\u5b58\u548c\u8fdb\u7a0b\u7ba1\u7406\u7ec4\u4ef6\u786e\u4fdd\u7528\u6237\u8fdb\u7a0b\u65e0\u6cd5\u8bbf\u95ee\u5185\u6838\u5b58\u50a8\u6216\u5c5e\u4e8e\u5176\u4ed6\u8fdb\u7a0b\u7684\u5b58\u50a8\u3002\u975e\u5185\u6838 TSF \u8f6f\u4ef6\u548c\u6570\u636e\u53d7 DAC \u548c\u8fdb\u7a0b\u9694\u79bb\u673a\u5236\u4fdd\u62a4\u3002\u5728\u8bc4\u4f30\u7684\u914d\u7f6e\u4e2d\uff0c\u4fdd\u7559\u7528\u6237 ID root \u62e5\u6709\u5b9a\u4e49 TSF \u914d\u7f6e\u7684\u76ee\u5f55\u548c\u6587\u4ef6\u3002\u901a\u5e38\uff0c\u5305\u542b\u5185\u90e8 TSF \u6570\u636e\u7684\u6587\u4ef6\u548c\u76ee\u5f55\uff08\u5982\u914d\u7f6e\u6587\u4ef6\u548c\u6279\u5904\u7406\u4f5c\u4e1a\u961f\u5217\uff09\u4e5f\u53d7\u5230 DAC \u6743\u9650\u7684\u4fdd\u62a4\uff0c\u4e0d\u4f1a\u88ab\u8bfb\u53d6\u3002\u7cfb\u7edf\u4ee5\u53ca\u786c\u4ef6\u548c\u56fa\u4ef6\u7ec4\u4ef6\u9700\u8981\u53d7\u5230\u7269\u7406\u4fdd\u62a4\uff0c\u4ee5\u9632\u6b62\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002\u7cfb\u7edf\u5185\u6838\u8c03\u89e3\u5bf9\u786c\u4ef6\u673a\u5236\u672c\u8eab\u7684\u6240\u6709\u8bbf\u95ee\uff0c\u4f46\u7a0b\u5e8f\u53ef\u89c1\u7684 CPU \u6307\u4ee4\u51fd\u6570\u9664\u5916\u3002\u6b64\u5916\uff0c\u8fd8\u63d0\u4f9b\u4e86\u9632\u6b62\u5806\u6808\u6ea2\u51fa\u653b\u51fb\u7684\u673a\u5236\u3002","title":"\u901a\u7528\u6807\u51c6"},{"location":"security/security-guide/#_142","text":"OpenStack \u4e2d\u63d0\u4f9b\u4e86\u591a\u79cd\u52a0\u5bc6\u7b97\u6cd5\uff0c\u7528\u4e8e\u8bc6\u522b\u548c\u6388\u6743\u3001\u6570\u636e\u4f20\u8f93\u548c\u9759\u6001\u6570\u636e\u4fdd\u62a4\u3002\u9009\u62e9\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u65f6\uff0c\u6211\u4eec\u5efa\u8bae\u91c7\u7528\u4ee5\u4e0b\u7b97\u6cd5\u548c\u5b9e\u73b0\u6807\u51c6\uff1a \u7b97\u6cd5 \u5bc6\u94a5\u957f\u5ea6 \u9884\u671f\u76ee\u7684 \u5b89\u5168\u529f\u80fd \u6267\u884c\u6807\u51c6 AES 128\u3001192 \u6216 256 \u4f4d \u52a0\u5bc6/\u89e3\u5bc6 \u53d7\u4fdd\u62a4\u7684\u6570\u636e\u4f20\u8f93\uff0c\u4fdd\u62a4\u9759\u6001\u6570\u636e RFC 4253 TDES 168 \u4f4d \u52a0\u5bc6/\u89e3\u5bc6 \u53d7\u4fdd\u62a4\u7684\u6570\u636e\u4f20\u8f93 RFC 4253 RSA 1024\u30012048 \u6216 3072 \u4f4d \u8eab\u4efd\u9a8c\u8bc1\u3001\u5bc6\u94a5\u4ea4\u6362 \u8bc6\u522b\u548c\u8eab\u4efd\u9a8c\u8bc1\uff0c\u53d7\u4fdd\u62a4\u7684\u6570\u636e\u4f20\u8f93 U.S. NIST FIPS PUB 186-3 DSA L=1024\uff0cN=160\u4f4d \u8eab\u4efd\u9a8c\u8bc1\u3001\u5bc6\u94a5\u4ea4\u6362 \u8bc6\u522b\u548c\u8eab\u4efd\u9a8c\u8bc1\uff0c\u53d7\u4fdd\u62a4\u7684\u6570\u636e\u4f20\u8f93 U.S. NIST FIPS PUB 186-3 Serpent 128\u3001192 \u6216 256 \u4f4d \u52a0\u5bc6/\u89e3\u5bc6 \u9759\u6001\u6570\u636e\u4fdd\u62a4 http://www.cl.cam.ac.uk/~rja14/Papers/serpent.pdf Twofish 128\u3001192 \u6216 256 \u4f4d \u52a0\u5bc6/\u89e3\u5bc6 \u9759\u6001\u6570\u636e\u4fdd\u62a4 https://www.schneier.com/paper-twofish-paper.html SHA-1 \u6d88\u606f\u6458\u8981 \u4fdd\u62a4\u9759\u6001\u6570\u636e\uff0c\u53d7\u4fdd\u62a4\u7684\u6570\u636e\u4f20\u8f93 U.S. NIST FIPS PUB 180-3 SHA-2\uff08224\u3001256\u3001384 \u6216 512 \u4f4d\uff09 \u6d88\u606f\u6458\u8981 Protection for data at rest, identification and authentication \u4fdd\u62a4\u9759\u6001\u6570\u636e\u3001\u8bc6\u522b\u548c\u8eab\u4efd\u9a8c\u8bc1 U.S. NIST FIPS PUB 180-3","title":"\u5bc6\u7801\u5b66\u6807\u51c6"},{"location":"security/security-guide/#fips-140-2","text":"\u5728\u7f8e\u56fd\uff0c\u7f8e\u56fd\u56fd\u5bb6\u79d1\u5b66\u6280\u672f\u7814\u7a76\u9662 \uff08NIST\uff09 \u901a\u8fc7\u79f0\u4e3a\u52a0\u5bc6\u6a21\u5757\u9a8c\u8bc1\u8ba1\u5212\u7684\u8fc7\u7a0b\u5bf9\u52a0\u5bc6\u7b97\u6cd5\u8fdb\u884c\u8ba4\u8bc1\u3002NIST \u8ba4\u8bc1\u7b97\u6cd5\u7b26\u5408\u8054\u90a6\u4fe1\u606f\u5904\u7406\u6807\u51c6 140-2 \uff08FIPS 140-2\uff09\uff0c\u786e\u4fdd\uff1a \"... Products validated as conforming to FIPS 140-2 are accepted by the Federal agencies of both countries [United States and Canada] for the protection of sensitive information (United States) or Designated Information (Canada). The goal of the CMVP is to promote the use of validated cryptographic modules and provide Federal agencies with a security metric to use in procuring equipment containing validated cryptographic modules.\" \u5728\u8bc4\u4f30\u57fa\u672c\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u6280\u672f\u65f6\uff0c\u8bf7\u8003\u8651\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u662f\u5426\u5df2\u901a\u8fc7 FIPS 140-2 \u8ba4\u8bc1\u3002\u6839\u636e\u7f8e\u56fd\u653f\u5e9c\u653f\u7b56\uff0c\u4e0d\u4ec5\u5f3a\u5236\u8981\u6c42\u7b26\u5408 FIPS 140-2\uff0c\u800c\u4e14\u6b63\u5f0f\u8ba4\u8bc1\u8868\u660e\u5df2\u5bf9\u52a0\u5bc6\u7b97\u6cd5\u7684\u7ed9\u5b9a\u5b9e\u73b0\u8fdb\u884c\u4e86\u5ba1\u67e5\uff0c\u4ee5\u786e\u4fdd\u7b26\u5408\u6a21\u5757\u89c4\u8303\u3001\u52a0\u5bc6\u6a21\u5757\u7aef\u53e3\u548c\u63a5\u53e3;\u89d2\u8272\u3001\u670d\u52a1\u548c\u8eab\u4efd\u9a8c\u8bc1;\u6709\u9650\u72b6\u6001\u6a21\u578b;\u4eba\u8eab\u5b89\u5168;\u64cd\u4f5c\u73af\u5883;\u52a0\u5bc6\u5bc6\u94a5\u7ba1\u7406;\u7535\u78c1\u5e72\u6270/\u7535\u78c1\u517c\u5bb9\u6027\uff08EMI/EMC\uff09;\u81ea\u68c0;\u8bbe\u8ba1\u4fdd\u8bc1;\u4ee5\u53ca\u7f13\u89e3\u5176\u4ed6\u653b\u51fb\u3002","title":"FIPS 140-2"},{"location":"security/security-guide/#_143","text":"\u5728\u8bc4\u4f30\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5e73\u53f0\u65f6\uff0c\u8bf7\u8003\u8651\u8fd0\u884c\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u7684\u786c\u4ef6\u7684\u53ef\u652f\u6301\u6027\u3002\u6b64\u5916\uff0c\u8bf7\u8003\u8651\u786c\u4ef6\u4e2d\u53ef\u7528\u7684\u5176\u4ed6\u529f\u80fd\uff0c\u4ee5\u53ca\u60a8\u5728 OpenStack \u90e8\u7f72\u4e2d\u9009\u62e9\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5982\u4f55\u652f\u6301\u8fd9\u4e9b\u529f\u80fd\u3002\u4e3a\u6b64\uff0c\u6bcf\u4e2a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u90fd\u6709\u81ea\u5df1\u7684\u786c\u4ef6\u517c\u5bb9\u6027\u5217\u8868 \uff08HCL\uff09\u3002\u5728\u9009\u62e9\u517c\u5bb9\u7684\u786c\u4ef6\u65f6\uff0c\u4ece\u5b89\u5168\u89d2\u5ea6\u6765\u770b\uff0c\u63d0\u524d\u4e86\u89e3\u54ea\u4e9b\u57fa\u4e8e\u786c\u4ef6\u7684\u865a\u62df\u5316\u6280\u672f\u662f\u91cd\u8981\u7684\uff0c\u8fd9\u4e00\u70b9\u5f88\u91cd\u8981\u3002 \u63cf\u8ff0 \u79d1\u6280 \u89e3\u91ca I/O MMU VT-d / AMD-Vi \u4fdd\u62a4 PCI \u76f4\u901a\u6240\u5fc5\u9700\u7684 \u82f1\u7279\u5c14\u53ef\u4fe1\u6267\u884c\u6280\u672f Intel TXT / SEM \u52a8\u6001\u8bc1\u660e\u670d\u52a1\u662f\u5fc5\u9700\u7684 PCI-SIG I/O \u865a\u62df\u5316 SR-IOV, MR-IOV, ATS \u9700\u8981\u5141\u8bb8\u5b89\u5168\u5171\u4eab PCI Express \u8bbe\u5907 \u7f51\u7edc\u865a\u62df\u5316 VT-c \u63d0\u9ad8\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e0a\u7684\u7f51\u7edc I/O \u6027\u80fd","title":"\u786c\u4ef6\u95ee\u9898"},{"location":"security/security-guide/#_144","text":"\u91cd\u8981\u7684\u662f\u8981\u8ba4\u8bc6\u5230\u4f7f\u7528 Linux \u5bb9\u5668 \uff08LXC\uff09 \u6216\u88f8\u673a\u7cfb\u7edf\u4e0e\u4f7f\u7528 KVM \u7b49\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e4b\u95f4\u7684\u533a\u522b\u3002\u5177\u4f53\u6765\u8bf4\uff0c\u672c\u5b89\u5168\u6307\u5357\u7684\u91cd\u70b9\u4e3b\u8981\u57fa\u4e8e\u62e5\u6709\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u548c\u865a\u62df\u5316\u5e73\u53f0\u3002\u4f46\u662f\uff0c\u5982\u679c\u60a8\u7684\u5b9e\u73b0\u9700\u8981\u4f7f\u7528\u88f8\u673a\u6216 LXC \u73af\u5883\uff0c\u5219\u5fc5\u987b\u6ce8\u610f\u8be5\u73af\u5883\u90e8\u7f72\u65b9\u9762\u7684\u7279\u6b8a\u5dee\u5f02\u3002 \u5728\u91cd\u65b0\u9884\u914d\u4e4b\u524d\uff0c\u8bf7\u786e\u4fdd\u6700\u7ec8\u7528\u6237\u5df2\u6b63\u786e\u6e05\u7406\u8282\u70b9\u7684\u6570\u636e\u3002\u6b64\u5916\uff0c\u5728\u91cd\u7528\u8282\u70b9\u4e4b\u524d\uff0c\u5fc5\u987b\u4fdd\u8bc1\u786c\u4ef6\u672a\u88ab\u7be1\u6539\u6216\u4ee5\u5176\u4ed6\u65b9\u5f0f\u53d7\u5230\u635f\u5bb3\u3002 \u6ce8\u610f \u867d\u7136OpenStack\u6709\u4e00\u4e2a\u88f8\u673a\u9879\u76ee\uff0c\u4f46\u5bf9\u8fd0\u884c\u88f8\u673a\u7684\u7279\u6b8a\u5b89\u5168\u5f71\u54cd\u7684\u8ba8\u8bba\u8d85\u51fa\u4e86\u672c\u4e66\u7684\u8303\u56f4\u3002 \u7531\u4e8e\u4e66\u672c\u51b2\u523a\u7684\u65f6\u95f4\u9650\u5236\uff0c\u8be5\u56e2\u961f\u9009\u62e9\u5728\u6211\u4eec\u7684\u793a\u4f8b\u5b9e\u73b0\u548c\u67b6\u6784\u4e2d\u4f7f\u7528 KVM \u4f5c\u4e3a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002 \u6ce8\u610f \u6709\u4e00\u4e2a\u5173\u4e8e\u5728\u8ba1\u7b97\u4e2d\u4f7f\u7528 LXC \u7684 OpenStack \u5b89\u5168\u8bf4\u660e\u3002","title":"\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e0e\u88f8\u673a"},{"location":"security/security-guide/#hypervisor","text":"\u8bb8\u591a\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u4f7f\u7528\u5185\u5b58\u4f18\u5316\u6280\u672f\u5c06\u5185\u5b58\u8fc7\u91cf\u4f7f\u7528\u5230\u6765\u5bbe\u865a\u62df\u673a\u3002\u8fd9\u662f\u4e00\u9879\u6709\u7528\u7684\u529f\u80fd\uff0c\u53ef\u7528\u4e8e\u90e8\u7f72\u975e\u5e38\u5bc6\u96c6\u7684\u8ba1\u7b97\u7fa4\u96c6\u3002\u5b9e\u73b0\u6b64\u76ee\u7684\u7684\u4e00\u79cd\u65b9\u6cd5\u662f\u901a\u8fc7\u91cd\u590d\u6570\u636e\u6d88\u9664\u6216\u5171\u4eab\u5185\u5b58\u9875\u3002\u5f53\u4e24\u4e2a\u865a\u62df\u673a\u5728\u5185\u5b58\u4e2d\u5177\u6709\u76f8\u540c\u7684\u6570\u636e\u65f6\uff0c\u8ba9\u5b83\u4eec\u5f15\u7528\u76f8\u540c\u7684\u5185\u5b58\u662f\u6709\u597d\u5904\u7684\u3002 \u901a\u5e38\uff0c\u8fd9\u662f\u901a\u8fc7\u5199\u5165\u65f6\u590d\u5236 \uff08COW\uff09 \u673a\u5236\u5b9e\u73b0\u7684\u3002\u8fd9\u4e9b\u673a\u5236\u5df2\u88ab\u8bc1\u660e\u5bb9\u6613\u53d7\u5230\u4fa7\u4fe1\u9053\u653b\u51fb\uff0c\u5176\u4e2d\u4e00\u4e2a VM \u53ef\u4ee5\u63a8\u65ad\u51fa\u53e6\u4e00\u4e2a VM \u7684\u72b6\u6001\uff0c\u5e76\u4e14\u53ef\u80fd\u4e0d\u9002\u7528\u4e8e\u5e76\u975e\u6240\u6709\u79df\u6237\u90fd\u53d7\u4fe1\u4efb\u6216\u5171\u4eab\u76f8\u540c\u4fe1\u4efb\u7ea7\u522b\u7684\u591a\u79df\u6237\u73af\u5883\u3002","title":"Hypervisor \u5185\u5b58\u4f18\u5316"},{"location":"security/security-guide/#kvm","text":"\u5728\u7248\u672c 2.6.32 \u4e2d\u5f15\u5165\u5230 Linux \u5185\u6838\u4e2d\uff0c\u5185\u6838\u76f8\u540c\u9875\u5408\u5e76 \uff08KSM\uff09 \u5728 Linux \u8fdb\u7a0b\u4e4b\u95f4\u6574\u5408\u4e86\u76f8\u540c\u7684\u5185\u5b58\u9875\u3002\u7531\u4e8e KVM \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e0b\u7684\u6bcf\u4e2a\u5ba2\u6237\u673a\u865a\u62df\u673a\u90fd\u5728\u81ea\u5df1\u7684\u8fdb\u7a0b\u4e2d\u8fd0\u884c\uff0c\u56e0\u6b64 KSM \u53ef\u7528\u4e8e\u4f18\u5316\u865a\u62df\u673a\u4e4b\u95f4\u7684\u5185\u5b58\u4f7f\u7528\u3002","title":"KVM \u5185\u6838\u540c\u9875\u5408\u5e76"},{"location":"security/security-guide/#xen","text":"XenServer 5.6 \u5305\u542b\u4e00\u4e2a\u540d\u4e3a\u900f\u660e\u9875\u9762\u5171\u4eab \uff08TPS\uff09 \u7684\u5185\u5b58\u8fc7\u91cf\u4f7f\u7528\u529f\u80fd\u3002TPS \u626b\u63cf 4 KB \u533a\u5757\u4e2d\u7684\u5185\u5b58\u4ee5\u67e5\u627e\u4efb\u4f55\u91cd\u590d\u9879\u3002\u627e\u5230\u540e\uff0cXen \u865a\u62df\u673a\u76d1\u89c6\u5668 \uff08VMM\uff09 \u5c06\u4e22\u5f03\u5176\u4e2d\u4e00\u4e2a\u91cd\u590d\u9879\uff0c\u5e76\u8bb0\u5f55\u7b2c\u4e8c\u4e2a\u526f\u672c\u7684\u5f15\u7528\u3002","title":"XEN \u900f\u660e\u9875\u9762\u5171\u4eab"},{"location":"security/security-guide/#_145","text":"\u4f20\u7edf\u4e0a\uff0c\u5185\u5b58\u91cd\u590d\u6570\u636e\u6d88\u9664\u7cfb\u7edf\u5bb9\u6613\u53d7\u5230\u4fa7\u4fe1\u9053\u653b\u51fb\u3002KSM \u548c TPS \u90fd\u5df2\u88ab\u8bc1\u660e\u5bb9\u6613\u53d7\u5230\u67d0\u79cd\u5f62\u5f0f\u7684\u653b\u51fb\u3002\u5728\u5b66\u672f\u7814\u7a76\u4e2d\uff0c\u653b\u51fb\u8005\u80fd\u591f\u901a\u8fc7\u5206\u6790\u653b\u51fb\u8005\u865a\u62df\u673a\u4e0a\u7684\u5185\u5b58\u8bbf\u95ee\u65f6\u95f4\u6765\u8bc6\u522b\u76f8\u90bb\u865a\u62df\u673a\u4e0a\u8fd0\u884c\u7684\u8f6f\u4ef6\u5305\u548c\u7248\u672c\uff0c\u4ee5\u53ca\u8f6f\u4ef6\u4e0b\u8f7d\u548c\u5176\u4ed6\u654f\u611f\u4fe1\u606f\u3002 \u5982\u679c\u4e91\u90e8\u7f72\u9700\u8981\u5f3a\u79df\u6237\u5206\u79bb\uff08\u5982\u516c\u6709\u4e91\u548c\u67d0\u4e9b\u79c1\u6709\u4e91\u7684\u60c5\u51b5\uff09\uff0c\u90e8\u7f72\u4eba\u5458\u5e94\u8003\u8651\u7981\u7528 TPS \u548c KSM \u5185\u5b58\u4f18\u5316\u3002","title":"\u5185\u5b58\u4f18\u5316\u7684\u5b89\u5168\u6ce8\u610f\u4e8b\u9879"},{"location":"security/security-guide/#_146","text":"\u9009\u62e9\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5e73\u53f0\u65f6\u8981\u8003\u8651\u7684\u53e6\u4e00\u4ef6\u4e8b\u662f\u7279\u5b9a\u5b89\u5168\u529f\u80fd\u7684\u53ef\u7528\u6027\u3002\u7279\u522b\u662f\u529f\u80fd\u3002\u4f8b\u5982\uff0cXen Server \u7684 XSM \u6216 Xen \u5b89\u5168\u6a21\u5757\u3001sVirt\u3001Intel TXT \u6216 AppArmor\u3002 \u4e0b\u8868\u6309\u5e38\u89c1\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5e73\u53f0\u5217\u51fa\u4e86\u8fd9\u4e9b\u529f\u80fd\u3002 XSM sVirt TXT AppArmor cgroups MAC \u7b56\u7565 KVM X X X X X Xen X X ESXi X Hyper-V \u6ce8\u610f \u6b64\u8868\u4e2d\u7684\u529f\u80fd\u53ef\u80fd\u4e0d\u9002\u7528\u4e8e\u6240\u6709\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\uff0c\u4e5f\u53ef\u80fd\u65e0\u6cd5\u5728\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e4b\u95f4\u76f4\u63a5\u6620\u5c04\u3002","title":"\u5176\u4ed6\u5b89\u5168\u529f\u80fd"},{"location":"security/security-guide/#_147","text":"Sunar\u3001Eisenbarth\u3001Inci\u3001Gorka Irazoqui Apecechea\u3002\u5bf9 Xen \u548c VMware \u8fdb\u884c\u7ec6\u7c92\u5ea6\u8de8\u865a\u62df\u673a\u653b\u51fb\u662f\u53ef\u80fd\u7684\uff012014\u3002 https://eprint.iacr.org/2014/248.pfd Artho\u3001Yagi\u3001Iijima\u3001Kuniyasu Suzaki\u3002\u5185\u5b58\u91cd\u590d\u6570\u636e\u5220\u9664\u5bf9\u5ba2\u6237\u673a\u64cd\u4f5c\u7cfb\u7edf\u7684\u5a01\u80c1\u30022011 \u5e74\u3002https://staff.aist.go.jp/c.artho/papers/EuroSec2011-suzaki.pdf KVM\uff1a\u57fa\u4e8e\u5185\u6838\u7684\u865a\u62df\u673a\u3002\u5185\u6838\u76f8\u540c\u9875\u5408\u5e76\u30022010\u3002http://www.linux-kvm.org/page/KSM Xen \u9879\u76ee\uff0cXen \u5b89\u5168\u6a21\u5757\uff1aXSM-FLASK\u30022014\u3002 http://wiki.xen.org/wiki/Xen_Security_Modules_:_XSM-FLASK SELinux \u9879\u76ee\uff0cSVirt\u30022011\u3002 http://selinuxproject.org/page/SVirt Intel.com\uff0c\u91c7\u7528\u82f1\u7279\u5c14\u53ef\u4fe1\u6267\u884c\u6280\u672f \uff08Intel TXT\uff09 \u7684\u53ef\u4fe1\u8ba1\u7b97\u6c60\u3002http://www.intel.com/txt AppArmor.net\uff0cAppArmor \u4e3b\u9875\u30022011\u3002 http://wiki.apparmor.net/index.php/Main_Page Kernel.org\uff0cCGroups\u30022004\u3002https://www.kernel.org/doc/Documentation/cgroup-v1/cgroups.txt \u8ba1\u7b97\u673a\u5b89\u5168\u8d44\u6e90\u4e2d\u5fc3\u3002\u5b8c\u6574\u865a\u62df\u5316\u6280\u672f\u5b89\u5168\u6307\u5357\u30022011\u3002 http://csrc.nist.gov/publications/nistpubs/800-125/SP800-125-final.pdf \u56fd\u5bb6\u4fe1\u606f\u4fdd\u969c\u4f19\u4f34\u5173\u7cfb\uff0c\u56fd\u5bb6\u5b89\u5168\u7535\u4fe1\u548c\u4fe1\u606f\u7cfb\u7edf\u5b89\u5168\u653f\u7b56\u30022003\u3002http://www.niap-ccevs.org/cc-scheme/nstissp_11_revised_factsheet.pdf","title":"\u53c2\u8003\u4e66\u76ee"},{"location":"security/security-guide/#_148","text":"\u5728\u672c\u7ae0\u7684\u5f00\u5934\uff0c\u6211\u4eec\u5c06\u8ba8\u8bba\u5b9e\u4f8b\u5bf9\u7269\u7406\u548c\u865a\u62df\u786c\u4ef6\u7684\u4f7f\u7528\u3001\u76f8\u5173\u7684\u5b89\u5168\u98ce\u9669\u4ee5\u53ca\u7f13\u89e3\u8fd9\u4e9b\u98ce\u9669\u7684\u4e00\u4e9b\u5efa\u8bae\u3002\u7136\u540e\uff0c\u6211\u4eec\u5c06\u8ba8\u8bba\u5982\u4f55\u4f7f\u7528\u5b89\u5168\u52a0\u5bc6\u865a\u62df\u5316\u6280\u672f\u6765\u52a0\u5bc6\u652f\u6301\u8be5\u6280\u672f\u7684\u57fa\u4e8e AMD \u7684\u673a\u5668\u4e0a\u7684\u865a\u62df\u673a\u7684\u5185\u5b58\u3002\u5728\u672c\u7ae0\u7684\u6700\u540e\uff0c\u6211\u4eec\u5c06\u8ba8\u8bba sVirt\uff0c\u8fd9\u662f\u4e00\u4e2a\u5f00\u6e90\u9879\u76ee\uff0c\u7528\u4e8e\u5c06 SELinux \u5f3a\u5236\u8bbf\u95ee\u63a7\u5236\u4e0e\u865a\u62df\u5316\u7ec4\u4ef6\u96c6\u6210\u3002","title":"\u52a0\u56fa\u865a\u62df\u5316\u5c42"},{"location":"security/security-guide/#pci","text":"\u8bb8\u591a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u90fd\u63d0\u4f9b\u4e00\u79cd\u79f0\u4e3a PCI \u76f4\u901a\u7684\u529f\u80fd\u3002\u8fd9\u5141\u8bb8\u5b9e\u4f8b\u76f4\u63a5\u8bbf\u95ee\u8282\u70b9\u4e0a\u7684\u786c\u4ef6\u3002\u4f8b\u5982\uff0c\u8fd9\u53ef\u7528\u4e8e\u5141\u8bb8\u5b9e\u4f8b\u8bbf\u95ee\u63d0\u4f9b\u8ba1\u7b97\u7edf\u4e00\u8bbe\u5907\u67b6\u6784 \uff08CUDA\uff09 \u4ee5\u5b9e\u73b0\u9ad8\u6027\u80fd\u8ba1\u7b97\u7684\u89c6\u9891\u5361\u6216 GPU\u3002\u6b64\u529f\u80fd\u5b58\u5728\u4e24\u79cd\u7c7b\u578b\u7684\u5b89\u5168\u98ce\u9669\uff1a\u76f4\u63a5\u5185\u5b58\u8bbf\u95ee\u548c\u786c\u4ef6\u611f\u67d3\u3002 \u76f4\u63a5\u5185\u5b58\u8bbf\u95ee \uff08DMA\uff09 \u662f\u4e00\u79cd\u529f\u80fd\uff0c\u5b83\u5141\u8bb8\u67d0\u4e9b\u786c\u4ef6\u8bbe\u5907\u8bbf\u95ee\u4e3b\u673a\u4e2d\u7684\u4efb\u610f\u7269\u7406\u5185\u5b58\u5730\u5740\u3002\u89c6\u9891\u5361\u901a\u5e38\u5177\u6709\u6b64\u529f\u80fd\u3002\u4f46\u662f\uff0c\u4e0d\u5e94\u5411\u5b9e\u4f8b\u6388\u4e88\u4efb\u610f\u7269\u7406\u5185\u5b58\u8bbf\u95ee\u6743\u9650\uff0c\u56e0\u4e3a\u8fd9\u5c06\u4f7f\u5176\u80fd\u591f\u5168\u9762\u4e86\u89e3\u4e3b\u673a\u7cfb\u7edf\u548c\u5728\u540c\u4e00\u8282\u70b9\u4e0a\u8fd0\u884c\u7684\u5176\u4ed6\u5b9e\u4f8b\u3002\u5728\u8fd9\u4e9b\u60c5\u51b5\u4e0b\uff0c\u786c\u4ef6\u4f9b\u5e94\u5546\u4f7f\u7528\u8f93\u5165/\u8f93\u51fa\u5185\u5b58\u7ba1\u7406\u5355\u5143 \uff08IOMMU\uff09 \u6765\u7ba1\u7406 DMA \u8bbf\u95ee\u3002\u6211\u4eec\u5efa\u8bae\u4e91\u67b6\u6784\u5e08\u5e94\u786e\u4fdd\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u914d\u7f6e\u4e3a\u4f7f\u7528\u6b64\u786c\u4ef6\u529f\u80fd\u3002 KVM: KVM\uff1a \u5982\u4f55\u5728 KVM \u4e2d\u4f7f\u7528 VT-d \u5206\u914d\u8bbe\u5907 Xen: Xen\uff1a Xen VTd Howto Xen VTd \u8d34\u58eb\u6307\u5357 \u6ce8\u610f IOMMU \u529f\u80fd\u7531 Intel \u4f5c\u4e3a VT-d \u9500\u552e\uff0c\u7531 AMD \u4ee5 AMD-Vi \u9500\u552e\u3002 \u5f53\u5b9e\u4f8b\u5bf9\u56fa\u4ef6\u6216\u8bbe\u5907\u7684\u67d0\u4e9b\u5176\u4ed6\u90e8\u5206\u8fdb\u884c\u6076\u610f\u4fee\u6539\u65f6\uff0c\u5c31\u4f1a\u53d1\u751f\u786c\u4ef6\u611f\u67d3\u3002\u7531\u4e8e\u6b64\u8bbe\u5907\u7531\u5176\u4ed6\u5b9e\u4f8b\u6216\u4e3b\u673a\u64cd\u4f5c\u7cfb\u7edf\u4f7f\u7528\uff0c\u56e0\u6b64\u6076\u610f\u4ee3\u7801\u53ef\u80fd\u4f1a\u4f20\u64ad\u5230\u8fd9\u4e9b\u7cfb\u7edf\u4e2d\u3002\u6700\u7ec8\u7ed3\u679c\u662f\uff0c\u4e00\u4e2a\u5b9e\u4f8b\u53ef\u4ee5\u5728\u5176\u5b89\u5168\u57df\u4e4b\u5916\u8fd0\u884c\u4ee3\u7801\u3002\u8fd9\u662f\u4e00\u4e2a\u91cd\u5927\u7684\u6f0f\u6d1e\uff0c\u56e0\u4e3a\u91cd\u7f6e\u7269\u7406\u786c\u4ef6\u7684\u72b6\u6001\u6bd4\u91cd\u7f6e\u865a\u62df\u786c\u4ef6\u66f4\u96be\uff0c\u5e76\u4e14\u53ef\u80fd\u5bfc\u81f4\u989d\u5916\u7684\u66b4\u9732\uff0c\u4f8b\u5982\u8bbf\u95ee\u7ba1\u7406\u7f51\u7edc\u3002 \u786c\u4ef6\u611f\u67d3\u95ee\u9898\u7684\u89e3\u51b3\u65b9\u6848\u662f\u7279\u5b9a\u4e8e\u57df\u7684\u3002\u8be5\u7b56\u7565\u662f\u786e\u5b9a\u5b9e\u4f8b\u5982\u4f55\u4fee\u6539\u786c\u4ef6\u72b6\u6001\uff0c\u7136\u540e\u786e\u5b9a\u5728\u4f7f\u7528\u786c\u4ef6\u5b8c\u6210\u5b9e\u4f8b\u65f6\u5982\u4f55\u91cd\u7f6e\u4efb\u4f55\u4fee\u6539\u3002\u4f8b\u5982\uff0c\u4e00\u79cd\u9009\u62e9\u53ef\u80fd\u662f\u5728\u4f7f\u7528\u540e\u91cd\u65b0\u5237\u65b0\u56fa\u4ef6\u3002\u9700\u8981\u5e73\u8861\u786c\u4ef6\u5bff\u547d\u548c\u5b89\u5168\u6027\uff0c\u56e0\u4e3a\u67d0\u4e9b\u56fa\u4ef6\u5728\u5927\u91cf\u5199\u5165\u540e\u4f1a\u51fa\u73b0\u6545\u969c\u3002\u5b89\u5168\u5f15\u5bfc\u4e2d\u6240\u8ff0\u7684 TPM \u6280\u672f\u662f\u4e00\u79cd\u7528\u4e8e\u68c0\u6d4b\u672a\u7ecf\u6388\u6743\u7684\u56fa\u4ef6\u66f4\u6539\u7684\u89e3\u51b3\u65b9\u6848\u3002\u65e0\u8bba\u9009\u62e9\u54ea\u79cd\u7b56\u7565\uff0c\u90fd\u5fc5\u987b\u4e86\u89e3\u4e0e\u6b64\u7c7b\u786c\u4ef6\u5171\u4eab\u76f8\u5173\u7684\u98ce\u9669\uff0c\u4ee5\u4fbf\u9488\u5bf9\u7ed9\u5b9a\u7684\u90e8\u7f72\u65b9\u6848\u9002\u5f53\u7f13\u89e3\u8fd9\u4e9b\u98ce\u9669\u3002 \u7531\u4e8e\u4e0e PCI \u76f4\u901a\u76f8\u5173\u7684\u98ce\u9669\u548c\u590d\u6742\u6027\uff0c\u9ed8\u8ba4\u60c5\u51b5\u4e0b\u5e94\u7981\u7528\u5b83\u3002\u5982\u679c\u4e3a\u7279\u5b9a\u9700\u6c42\u542f\u7528\uff0c\u5219\u9700\u8981\u5236\u5b9a\u9002\u5f53\u7684\u6d41\u7a0b\uff0c\u4ee5\u786e\u4fdd\u786c\u4ef6\u5728\u91cd\u65b0\u53d1\u884c\u4e4b\u524d\u662f\u5e72\u51c0\u7684\u3002","title":"\u7269\u7406\u786c\u4ef6\uff08PCI\u76f4\u901a\uff09"},{"location":"security/security-guide/#qemu","text":"\u8fd0\u884c\u865a\u62df\u673a\u65f6\uff0c\u865a\u62df\u786c\u4ef6\u662f\u4e3a\u865a\u62df\u673a\u63d0\u4f9b\u786c\u4ef6\u63a5\u53e3\u7684\u8f6f\u4ef6\u5c42\u3002\u5b9e\u4f8b\u4f7f\u7528\u6b64\u529f\u80fd\u63d0\u4f9b\u53ef\u80fd\u9700\u8981\u7684\u7f51\u7edc\u3001\u5b58\u50a8\u3001\u89c6\u9891\u548c\u5176\u4ed6\u8bbe\u5907\u3002\u8003\u8651\u5230\u8fd9\u4e00\u70b9\uff0c\u73af\u5883\u4e2d\u7684\u5927\u591a\u6570\u5b9e\u4f8b\u5c06\u4e13\u95e8\u4f7f\u7528\u865a\u62df\u786c\u4ef6\uff0c\u5c11\u6570\u5b9e\u4f8b\u9700\u8981\u76f4\u63a5\u786c\u4ef6\u8bbf\u95ee\u3002\u4e3b\u8981\u7684\u5f00\u6e90\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4f7f\u7528 QEMU \u6765\u5b9e\u73b0\u6b64\u529f\u80fd\u3002\u867d\u7136 QEMU \u6ee1\u8db3\u4e86\u5bf9\u865a\u62df\u5316\u5e73\u53f0\u7684\u91cd\u8981\u9700\u6c42\uff0c\u4f46\u5b83\u5df2\u88ab\u8bc1\u660e\u662f\u4e00\u4e2a\u975e\u5e38\u5177\u6709\u6311\u6218\u6027\u7684\u8f6f\u4ef6\u9879\u76ee\u3002QEMU \u4e2d\u7684\u8bb8\u591a\u529f\u80fd\u90fd\u662f\u901a\u8fc7\u5927\u591a\u6570\u5f00\u53d1\u4eba\u5458\u96be\u4ee5\u7406\u89e3\u7684\u4f4e\u7ea7\u4ee3\u7801\u5b9e\u73b0\u7684\u3002QEMU \u865a\u62df\u5316\u7684\u786c\u4ef6\u5305\u62ec\u8bb8\u591a\u4f20\u7edf\u8bbe\u5907\uff0c\u8fd9\u4e9b\u8bbe\u5907\u6709\u81ea\u5df1\u7684\u4e00\u5957\u602a\u7656\u3002\u7efc\u4e0a\u6240\u8ff0\uff0cQEMU \u4e00\u76f4\u662f\u8bb8\u591a\u5b89\u5168\u95ee\u9898\u7684\u6839\u6e90\uff0c\u5305\u62ec\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u7a81\u7834\u653b\u51fb\u3002 \u91c7\u53d6\u79ef\u6781\u4e3b\u52a8\u7684\u63aa\u65bd\u6765\u5f3a\u5316 QEMU \u975e\u5e38\u91cd\u8981\u3002\u6211\u4eec\u5efa\u8bae\u6267\u884c\u4e09\u4e2a\u5177\u4f53\u6b65\u9aa4\uff1a \u6700\u5c0f\u5316\u4ee3\u7801\u5e93\u3002 \u4f7f\u7528\u7f16\u8bd1\u5668\u5f3a\u5316\u3002 \u4f7f\u7528\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236\uff0c\u4f8b\u5982 sVirt\u3001SELinux \u6216 AppArmor\u3002 \u786e\u4fdd\u60a8\u7684 iptables \u5177\u6709\u8fc7\u6ee4\u7f51\u7edc\u6d41\u91cf\u7684\u9ed8\u8ba4\u7b56\u7565\uff0c\u5e76\u8003\u8651\u68c0\u67e5\u73b0\u6709\u89c4\u5219\u96c6\u4ee5\u4e86\u89e3\u6bcf\u4e2a\u89c4\u5219\u5e76\u786e\u5b9a\u662f\u5426\u9700\u8981\u6269\u5c55\u8be5\u7b56\u7565\u3002","title":"\u865a\u62df\u786c\u4ef6 \uff08QEMU\uff09"},{"location":"security/security-guide/#qemu_1","text":"\u6211\u4eec\u5efa\u8bae\u901a\u8fc7\u4ece\u7cfb\u7edf\u4e2d\u5220\u9664\u672a\u4f7f\u7528\u7684\u7ec4\u4ef6\u6765\u6700\u5c0f\u5316 QEMU \u4ee3\u7801\u5e93\u3002QEMU \u4e3a\u8bb8\u591a\u4e0d\u540c\u7684\u865a\u62df\u786c\u4ef6\u8bbe\u5907\u63d0\u4f9b\u652f\u6301\uff0c\u4f46\u7ed9\u5b9a\u5b9e\u4f8b\u53ea\u9700\u8981\u5c11\u91cf\u8bbe\u5907\u3002\u6700\u5e38\u89c1\u7684\u786c\u4ef6\u8bbe\u5907\u662f virtio \u8bbe\u5907\u3002\u67d0\u4e9b\u65e7\u5b9e\u4f8b\u5c06\u9700\u8981\u8bbf\u95ee\u7279\u5b9a\u786c\u4ef6\uff0c\u8fd9\u4e9b\u786c\u4ef6\u53ef\u4ee5\u4f7f\u7528 glance \u5143\u6570\u636e\u6307\u5b9a\uff1a $ glance image-update \\ --property hw_disk_bus=ide \\ --property hw_cdrom_bus=ide \\ --property hw_vif_model=e1000 \\ f16-x86_64-openstack-sda \u4e91\u67b6\u6784\u5e08\u5e94\u51b3\u5b9a\u5411\u4e91\u7528\u6237\u63d0\u4f9b\u54ea\u4e9b\u8bbe\u5907\u3002\u4efb\u4f55\u4e0d\u9700\u8981\u7684\u4e1c\u897f\u90fd\u5e94\u8be5\u4ece QEMU \u4e2d\u5220\u9664\u3002\u6b64\u6b65\u9aa4\u9700\u8981\u5728\u4fee\u6539\u4f20\u9012\u7ed9 QEMU \u914d\u7f6e\u811a\u672c\u7684\u9009\u9879\u540e\u91cd\u65b0\u7f16\u8bd1 QEMU\u3002\u8981\u83b7\u5f97\u6700\u65b0\u9009\u9879\u7684\u5b8c\u6574\u5217\u8868\uff0c\u53ea\u9700\u4ece QEMU \u6e90\u76ee\u5f55\u4e2d\u8fd0\u884c ./configure --help\u3002\u786e\u5b9a\u90e8\u7f72\u6240\u9700\u7684\u5185\u5bb9\uff0c\u5e76\u7981\u7528\u5176\u4f59\u9009\u9879\u3002","title":"\u6700\u5c0f\u5316 QEMU \u4ee3\u7801\u5e93"},{"location":"security/security-guide/#_149","text":"\u4f7f\u7528\u7f16\u8bd1\u5668\u5f3a\u5316\u9009\u9879\u5f3a\u5316 QEMU\u3002\u73b0\u4ee3\u7f16\u8bd1\u5668\u63d0\u4f9b\u4e86\u591a\u79cd\u7f16\u8bd1\u65f6\u9009\u9879\uff0c\u4ee5\u63d0\u9ad8\u751f\u6210\u7684\u4e8c\u8fdb\u5236\u6587\u4ef6\u7684\u5b89\u5168\u6027\u3002\u8fd9\u4e9b\u529f\u80fd\u5305\u62ec\u53ea\u8bfb\u91cd\u5b9a\u4f4d \uff08RELRO\uff09\u3001\u5806\u6808\u91d1\u4e1d\u96c0\u3001\u4ece\u4e0d\u6267\u884c \uff08NX\uff09\u3001\u4f4d\u7f6e\u65e0\u5173\u53ef\u6267\u884c\u6587\u4ef6 \uff08PIE\uff09 \u548c\u5730\u5740\u7a7a\u95f4\u5e03\u5c40\u968f\u673a\u5316 \uff08ASLR\uff09\u3002 \u8bb8\u591a\u73b0\u4ee3 Linux \u53d1\u884c\u7248\u5df2\u7ecf\u5728\u6784\u5efa\u542f\u7528\u7f16\u8bd1\u5668\u5f3a\u5316\u7684 QEMU\uff0c\u6211\u4eec\u5efa\u8bae\u5728\u7ee7\u7eed\u64cd\u4f5c\u4e4b\u524d\u9a8c\u8bc1\u73b0\u6709\u7684\u53ef\u6267\u884c\u6587\u4ef6\u3002\u53ef\u4ee5\u5e2e\u52a9\u60a8\u8fdb\u884c\u6b64\u9a8c\u8bc1\u7684\u4e00\u79cd\u5de5\u5177\u79f0\u4e3a checksec.sh RELocation \u53ea\u8bfb \uff08RELRO\uff09 \u5f3a\u5316\u53ef\u6267\u884c\u6587\u4ef6\u7684\u6570\u636e\u90e8\u5206\u3002gcc \u652f\u6301\u5b8c\u6574\u548c\u90e8\u5206 RELRO \u6a21\u5f0f\u3002\u5bf9\u4e8eQEMU\u6765\u8bf4\uff0c\u5b8c\u6574\u7684RELLO\u662f\u60a8\u7684\u6700\u4f73\u9009\u62e9\u3002\u8fd9\u5c06\u4f7f\u5168\u5c40\u504f\u79fb\u8868\u6210\u4e3a\u53ea\u8bfb\u7684\uff0c\u5e76\u5728\u751f\u6210\u7684\u53ef\u6267\u884c\u6587\u4ef6\u4e2d\u5c06\u5404\u79cd\u5185\u90e8\u6570\u636e\u90e8\u5206\u653e\u5728\u7a0b\u5e8f\u6570\u636e\u90e8\u5206\u4e4b\u524d\u3002 \u6808\u4fdd\u62a4 \u5c06\u503c\u653e\u5728\u5806\u6808\u4e0a\u5e76\u9a8c\u8bc1\u5176\u662f\u5426\u5b58\u5728\uff0c\u4ee5\u5e2e\u52a9\u9632\u6b62\u7f13\u51b2\u533a\u6ea2\u51fa\u653b\u51fb\u3002 \u4ece\u4e0d\u6267\u884c \uff08NX\uff09 \u4e5f\u79f0\u4e3a\u6570\u636e\u6267\u884c\u4fdd\u62a4 \uff08DEP\uff09\uff0c\u786e\u4fdd\u65e0\u6cd5\u6267\u884c\u53ef\u6267\u884c\u6587\u4ef6\u7684\u6570\u636e\u90e8\u5206\u3002 \u4f4d\u7f6e\u65e0\u5173\u53ef\u6267\u884c\u6587\u4ef6 \uff08PIE\uff09 \u751f\u6210\u4e00\u4e2a\u72ec\u7acb\u4e8e\u4f4d\u7f6e\u7684\u53ef\u6267\u884c\u6587\u4ef6\uff0c\u8fd9\u662f ASLR \u6240\u5fc5\u9700\u7684\u3002 \u5730\u5740\u7a7a\u95f4\u5e03\u5c40\u968f\u673a\u5316 \uff08ASLR\uff09 \u8fd9\u786e\u4fdd\u4e86\u4ee3\u7801\u548c\u6570\u636e\u533a\u57df\u7684\u653e\u7f6e\u90fd\u662f\u968f\u673a\u7684\u3002\u5f53\u4f7f\u7528 PIE \u6784\u5efa\u53ef\u6267\u884c\u6587\u4ef6\u65f6\uff0c\u7531\u5185\u6838\u542f\u7528\uff08\u6240\u6709\u73b0\u4ee3 Linux \u5185\u6838\u90fd\u652f\u6301 ASLR\uff09\u3002 \u7f16\u8bd1 QEMU \u65f6\uff0c\u5efa\u8bae\u5bf9 GCC \u4f7f\u7528\u4ee5\u4e0b\u7f16\u8bd1\u5668\u9009\u9879\uff1a CFLAGS=\"-arch x86_64 -fstack-protector-all -Wstack-protector \\ --param ssp-buffer-size=4 -pie -fPIE -ftrapv -D_FORTIFY_SOURCE=2 -O2 \\ -Wl,-z,relro,-z,now\" \u6211\u4eec\u5efa\u8bae\u5728\u7f16\u8bd1 QEMU \u53ef\u6267\u884c\u6587\u4ef6\u540e\u5bf9\u5176\u8fdb\u884c\u6d4b\u8bd5\uff0c\u4ee5\u786e\u4fdd\u7f16\u8bd1\u5668\u5f3a\u5316\u6b63\u5e38\u5de5\u4f5c\u3002 \u5927\u591a\u6570\u4e91\u90e8\u7f72\u4e0d\u4f1a\u624b\u52a8\u6784\u5efa\u8f6f\u4ef6\uff0c\u4f8b\u5982 QEMU\u3002\u6700\u597d\u4f7f\u7528\u6253\u5305\u6765\u786e\u4fdd\u8be5\u8fc7\u7a0b\u662f\u53ef\u91cd\u590d\u7684\uff0c\u5e76\u786e\u4fdd\u6700\u7ec8\u7ed3\u679c\u53ef\u4ee5\u8f7b\u677e\u5730\u90e8\u7f72\u5728\u6574\u4e2a\u4e91\u4e2d\u3002\u4e0b\u9762\u7684\u53c2\u8003\u8d44\u6599\u63d0\u4f9b\u4e86\u6709\u5173\u5c06\u7f16\u8bd1\u5668\u5f3a\u5316\u9009\u9879\u5e94\u7528\u4e8e\u73b0\u6709\u5305\u7684\u4e00\u4e9b\u5176\u4ed6\u8be6\u7ec6\u4fe1\u606f\u3002 DEB \u5c01\u88c5\uff1a \u786c\u5316\u6307\u5357 RPM \u5305\uff1a \u5982\u4f55\u521b\u5efa RPM \u5305","title":"\u7f16\u8bd1\u5668\u52a0\u56fa"},{"location":"security/security-guide/#_150","text":"\u5b89\u5168\u52a0\u5bc6\u865a\u62df\u5316 \uff08SEV\uff09 \u662f AMD \u7684\u4e00\u9879\u6280\u672f\uff0c\u5b83\u5141\u8bb8\u4f7f\u7528 VM \u552f\u4e00\u7684\u5bc6\u94a5\u5bf9 VM \u7684\u5185\u5b58\u8fdb\u884c\u52a0\u5bc6\u3002SEV \u5728 Train \u7248\u672c\u4e2d\u4f5c\u4e3a\u6280\u672f\u9884\u89c8\u7248\u63d0\u4f9b\uff0c\u5728\u67d0\u4e9b\u57fa\u4e8e AMD \u7684\u673a\u5668\u4e0a\u63d0\u4f9b KVM \u5ba2\u6237\u673a\uff0c\u7528\u4e8e\u8bc4\u4f30\u6280\u672f\u3002 nova \u914d\u7f6e\u6307\u5357\u7684 KVM \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u90e8\u5206\u5305\u542b\u914d\u7f6e\u8ba1\u7b97\u673a\u548c\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u6240\u9700\u7684\u4fe1\u606f\uff0c\u5e76\u5217\u51fa\u4e86 SEV \u7684\u51e0\u4e2a\u9650\u5236\u3002 SEV \u4e3a\u6b63\u5728\u8fd0\u884c\u7684 VM \u4f7f\u7528\u7684\u5185\u5b58\u4e2d\u7684\u6570\u636e\u63d0\u4f9b\u4fdd\u62a4\u3002\u4f46\u662f\uff0c\u867d\u7136 SEV \u4e0e OpenStack \u96c6\u6210\u7684\u7b2c\u4e00\u9636\u6bb5\u652f\u6301\u865a\u62df\u673a\u52a0\u5bc6\u5185\u5b58\uff0c\u4f46\u91cd\u8981\u7684\u662f\u5b83\u4e0d\u63d0\u4f9b SEV \u56fa\u4ef6\u63d0\u4f9b\u7684 LAUNCH_MEASURE or LAUNCH_SECRET \u529f\u80fd\u3002\u8fd9\u610f\u5473\u7740\u53d7 SEV \u4fdd\u62a4\u7684 VM \u4f7f\u7528\u7684\u6570\u636e\u53ef\u80fd\u4f1a\u53d7\u5230\u63a7\u5236\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u7684\u6709\u52a8\u673a\u7684\u5bf9\u624b\u7684\u653b\u51fb\u3002\u4f8b\u5982\uff0c\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u8ba1\u7b97\u673a\u4e0a\u7684\u6076\u610f\u7ba1\u7406\u5458\u53ef\u4ee5\u4e3a\u5177\u6709\u540e\u95e8\u548c\u95f4\u8c0d\u8f6f\u4ef6\u7684\u79df\u6237\u63d0\u4f9b VM \u6620\u50cf\uff0c\u8fd9\u4e9b\u540e\u95e8\u548c\u95f4\u8c0d\u8f6f\u4ef6\u80fd\u591f\u7a83\u53d6\u673a\u5bc6\uff0c\u6216\u8005\u66ff\u6362 VNC \u670d\u52a1\u5668\u8fdb\u7a0b\u4ee5\u7aa5\u63a2\u53d1\u9001\u5230 VM \u63a7\u5236\u53f0\u6216\u4ece VM \u63a7\u5236\u53f0\u53d1\u9001\u7684\u6570\u636e\uff0c\u5305\u62ec\u89e3\u9501\u5168\u78c1\u76d8\u52a0\u5bc6\u89e3\u51b3\u65b9\u6848\u7684\u5bc6\u7801\u3002 \u4e3a\u4e86\u51cf\u5c11\u6076\u610f\u7ba1\u7406\u5458\u672a\u7ecf\u6388\u6743\u8bbf\u95ee\u6570\u636e\u7684\u673a\u4f1a\uff0c\u4f7f\u7528 SEV \u65f6\u5e94\u9075\u5faa\u4ee5\u4e0b\u5b89\u5168\u505a\u6cd5\uff1a VM \u5e94\u4f7f\u7528\u5b8c\u6574\u78c1\u76d8\u52a0\u5bc6\u89e3\u51b3\u65b9\u6848\u3002 \u5e94\u5728 VM \u4e0a\u4f7f\u7528\u5f15\u5bfc\u52a0\u8f7d\u7a0b\u5e8f\u5bc6\u7801\u3002 \u6b64\u5916\uff0c\u5e94\u5c06\u6807\u51c6\u5b89\u5168\u6700\u4f73\u505a\u6cd5\u7528\u4e8e VM\uff0c\u5305\u62ec\u4ee5\u4e0b\u5185\u5bb9\uff1a VM \u5e94\u5f97\u5230\u826f\u597d\u7684\u7ef4\u62a4\uff0c\u5305\u62ec\u5b9a\u671f\u8fdb\u884c\u5b89\u5168\u626b\u63cf\u548c\u4fee\u8865\uff0c\u4ee5\u786e\u4fdd VM \u6301\u7eed\u4fdd\u6301\u5f3a\u5927\u7684\u5b89\u5168\u6001\u52bf\u3002 \u4e0e VM \u7684\u8fde\u63a5\u5e94\u4f7f\u7528\u52a0\u5bc6\u548c\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u534f\u8bae\uff0c\u4f8b\u5982 HTTPS \u548c SSH\u3002 \u5e94\u8003\u8651\u4f7f\u7528\u5176\u4ed6\u5b89\u5168\u5de5\u5177\u548c\u6d41\u7a0b\uff0c\u5e76\u5c06\u5176\u7528\u4e8e\u9002\u5408\u6570\u636e\u654f\u611f\u5ea6\u7ea7\u522b\u7684 VM\u3002","title":"\u5b89\u5168\u52a0\u5bc6\u865a\u62df\u5316"},{"location":"security/security-guide/#_151","text":"\u7f16\u8bd1\u5668\u52a0\u56fa\u4f7f\u653b\u51fb QEMU \u8fdb\u7a0b\u53d8\u5f97\u66f4\u52a0\u56f0\u96be\u3002\u4f46\u662f\uff0c\u5982\u679c\u653b\u51fb\u8005\u5f97\u901e\uff0c\u5219\u9700\u8981\u9650\u5236\u653b\u51fb\u7684\u5f71\u54cd\u3002\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236\u901a\u8fc7\u5c06 QEMU \u8fdb\u7a0b\u4e0a\u7684\u6743\u9650\u9650\u5236\u4e3a\u4ec5\u9700\u8981\u7684\u6743\u9650\u6765\u5b9e\u73b0\u6b64\u76ee\u7684\u3002\u8fd9\u53ef\u4ee5\u901a\u8fc7\u4f7f\u7528 sVirt\u3001SELinux \u6216 AppArmor \u6765\u5b9e\u73b0\u3002\u4f7f\u7528 sVirt \u65f6\uff0cSELinux \u914d\u7f6e\u4e3a\u5728\u5355\u72ec\u7684\u5b89\u5168\u4e0a\u4e0b\u6587\u4e0b\u8fd0\u884c\u6bcf\u4e2a QEMU \u8fdb\u7a0b\u3002AppArmor \u53ef\u4ee5\u914d\u7f6e\u4e3a\u63d0\u4f9b\u7c7b\u4f3c\u7684\u529f\u80fd\u3002\u6211\u4eec\u5728\u4ee5\u4e0b sVirt \u548c\u5b9e\u4f8b\u9694\u79bb\u90e8\u5206\u4e2d\u63d0\u4f9b\u4e86\u6709\u5173 sVirt \u548c\u5b9e\u4f8b\u9694\u79bb\u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff1aSELinux \u548c\u865a\u62df\u5316\u3002 \u7279\u5b9a\u7684 SELinux \u7b56\u7565\u53ef\u7528\u4e8e\u8bb8\u591a OpenStack \u670d\u52a1\u3002CentOS \u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u5b89\u88c5 selinux-policy \u6e90\u7801\u5305\u6765\u67e5\u770b\u8fd9\u4e9b\u7b56\u7565\u3002\u6700\u65b0\u7684\u7b56\u7565\u51fa\u73b0\u5728 Fedora \u7684 selinux-policy \u5b58\u50a8\u5e93\u4e2d\u3002rawhide-contrib \u5206\u652f\u5305\u542b\u4ee5 .te \u7ed3\u5c3e\u7684\u6587\u4ef6\uff0c\u4f8b\u5982 cinder.te \uff0c\u8fd9\u4e9b\u6587\u4ef6\u53ef\u4ee5\u5728\u8fd0\u884c SELinux \u7684\u7cfb\u7edf\u4e0a\u4f7f\u7528\u3002 OpenStack \u670d\u52a1\u7684 AppArmor \u914d\u7f6e\u6587\u4ef6\u5f53\u524d\u4e0d\u5b58\u5728\uff0c\u4f46 OpenStack-Ansible \u9879\u76ee\u901a\u8fc7\u5c06 AppArmor \u914d\u7f6e\u6587\u4ef6\u5e94\u7528\u4e8e\u8fd0\u884c OpenStack \u670d\u52a1\u7684\u6bcf\u4e2a\u5bb9\u5668\u6765\u5904\u7406\u6b64\u95ee\u9898\u3002","title":"\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236"},{"location":"security/security-guide/#svirtselinux","text":"\u51ed\u501f\u72ec\u7279\u7684\u5185\u6838\u7ea7\u67b6\u6784\u548c\u56fd\u5bb6\u5b89\u5168\u5c40 \uff08NSA\uff09 \u5f00\u53d1\u7684\u5b89\u5168\u673a\u5236\uff0cKVM \u4e3a\u591a\u79df\u6237\u63d0\u4f9b\u4e86\u57fa\u7840\u9694\u79bb\u6280\u672f\u3002\u5b89\u5168\u865a\u62df\u5316 \uff08sVirt\uff09 \u6280\u672f\u7684\u53d1\u5c55\u8d77\u6e90\u4e8e 2002 \u5e74\uff0c\u662f SELinux \u5bf9\u73b0\u4ee3\u865a\u62df\u5316\u7684\u5e94\u7528\u3002SELinux \u65e8\u5728\u5e94\u7528\u57fa\u4e8e\u6807\u7b7e\u7684\u5206\u79bb\u63a7\u5236\uff0c\u73b0\u5df2\u6269\u5c55\u4e3a\u5728\u865a\u62df\u673a\u8fdb\u7a0b\u3001\u8bbe\u5907\u3001\u6570\u636e\u6587\u4ef6\u548c\u4ee3\u8868\u5b83\u4eec\u6267\u884c\u64cd\u4f5c\u7684\u7cfb\u7edf\u8fdb\u7a0b\u4e4b\u95f4\u63d0\u4f9b\u9694\u79bb\u3002 OpenStack \u7684 sVirt \u5b9e\u73b0\u65e8\u5728\u4fdd\u62a4\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e3b\u673a\u548c\u865a\u62df\u673a\u514d\u53d7\u4e24\u4e2a\u4e3b\u8981\u5a01\u80c1\u5a92\u4ecb\u7684\u4fb5\u5bb3\uff1a \u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u5a01\u80c1 \u5728\u865a\u62df\u673a\u4e2d\u8fd0\u884c\u7684\u53d7\u635f\u5e94\u7528\u7a0b\u5e8f\u4f1a\u653b\u51fb\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u4ee5\u8bbf\u95ee\u5e95\u5c42\u8d44\u6e90\u3002\u4f8b\u5982\uff0c\u5f53\u865a\u62df\u673a\u80fd\u591f\u8bbf\u95ee\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u64cd\u4f5c\u7cfb\u7edf\u3001\u7269\u7406\u8bbe\u5907\u6216\u5176\u4ed6\u5e94\u7528\u7a0b\u5e8f\u65f6\u3002\u6b64\u5a01\u80c1\u5411\u91cf\u5b58\u5728\u76f8\u5f53\u5927\u7684\u98ce\u9669\uff0c\u56e0\u4e3a\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u4e0a\u7684\u5165\u4fb5\u53ef\u80fd\u4f1a\u611f\u67d3\u7269\u7406\u786c\u4ef6\u5e76\u66b4\u9732\u5176\u4ed6\u865a\u62df\u673a\u548c\u7f51\u6bb5\u3002 \u865a\u62df\u673a\uff08\u591a\u79df\u6237\uff09\u5a01\u80c1 \u5728 VM \u4e2d\u8fd0\u884c\u7684\u53d7\u635f\u5e94\u7528\u7a0b\u5e8f\u4f1a\u653b\u51fb\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\uff0c\u4ee5\u8bbf\u95ee\u6216\u63a7\u5236\u53e6\u4e00\u4e2a\u865a\u62df\u673a\u53ca\u5176\u8d44\u6e90\u3002\u8fd9\u662f\u865a\u62df\u5316\u7279\u6709\u7684\u5a01\u80c1\u5411\u91cf\uff0c\u5b58\u5728\u76f8\u5f53\u5927\u7684\u98ce\u9669\uff0c\u56e0\u4e3a\u5927\u91cf\u865a\u62df\u673a\u6587\u4ef6\u6620\u50cf\u53ef\u80fd\u56e0\u5355\u4e2a\u5e94\u7528\u7a0b\u5e8f\u4e2d\u7684\u6f0f\u6d1e\u800c\u53d7\u5230\u635f\u5bb3\u3002\u8fd9\u79cd\u865a\u62df\u7f51\u7edc\u653b\u51fb\u662f\u4e00\u4e2a\u4e3b\u8981\u95ee\u9898\uff0c\u56e0\u4e3a\u7528\u4e8e\u4fdd\u62a4\u771f\u5b9e\u7f51\u7edc\u7684\u7ba1\u7406\u6280\u672f\u5e76\u4e0d\u76f4\u63a5\u9002\u7528\u4e8e\u865a\u62df\u73af\u5883\u3002 \u6bcf\u4e2a\u57fa\u4e8e KVM \u7684\u865a\u62df\u673a\u90fd\u662f\u4e00\u4e2a\u7531 SELinux \u6807\u8bb0\u7684\u8fdb\u7a0b\uff0c\u4ece\u800c\u6709\u6548\u5730\u5728\u6bcf\u4e2a\u865a\u62df\u673a\u5468\u56f4\u5efa\u7acb\u5b89\u5168\u8fb9\u754c\u3002\u6b64\u5b89\u5168\u8fb9\u754c\u7531 Linux \u5185\u6838\u76d1\u89c6\u548c\u5f3a\u5236\u6267\u884c\uff0c\u4ece\u800c\u9650\u5236\u865a\u62df\u673a\u8bbf\u95ee\u5176\u8fb9\u754c\u4e4b\u5916\u7684\u8d44\u6e90\uff0c\u4f8b\u5982\u4e3b\u673a\u6570\u636e\u6587\u4ef6\u6216\u5176\u4ed6 VM\u3002 \u65e0\u8bba\u865a\u62df\u673a\u5185\u8fd0\u884c\u7684\u5ba2\u6237\u673a\u64cd\u4f5c\u7cfb\u7edf\u5982\u4f55\uff0c\u90fd\u4f1a\u63d0\u4f9b sVirt \u9694\u79bb\u3002\u53ef\u4ee5\u4f7f\u7528 Linux \u6216 Windows VM\u3002\u6b64\u5916\uff0c\u8bb8\u591a Linux \u53d1\u884c\u7248\u5728\u64cd\u4f5c\u7cfb\u7edf\u4e2d\u63d0\u4f9b SELinux\uff0c\u4f7f\u865a\u62df\u673a\u80fd\u591f\u4fdd\u62a4\u5185\u90e8\u865a\u62df\u8d44\u6e90\u514d\u53d7\u5a01\u80c1\u3002","title":"sVirt\uff1aSELinux \u548c\u865a\u62df\u5316"},{"location":"security/security-guide/#_152","text":"\u57fa\u4e8e KVM \u7684\u865a\u62df\u673a\u5b9e\u4f8b\u4f7f\u7528\u5176\u81ea\u5df1\u7684 SELinux \u6570\u636e\u7c7b\u578b\u8fdb\u884c\u6807\u8bb0\uff0c\u79f0\u4e3a svirt_image_t \u3002\u5185\u6838\u7ea7\u4fdd\u62a4\u53ef\u9632\u6b62\u672a\u7ecf\u6388\u6743\u7684\u7cfb\u7edf\u8fdb\u7a0b\uff08\u5982\u6076\u610f\u8f6f\u4ef6\uff09\u64cd\u7eb5\u78c1\u76d8\u4e0a\u7684\u865a\u62df\u673a\u6620\u50cf\u6587\u4ef6\u3002\u5173\u95ed\u865a\u62df\u673a\u7535\u6e90\u540e\uff0c\u6620\u50cf\u7684\u5b58\u50a8 svirt_image_t \u65b9\u5f0f\u5982\u4e0b\u6240\u793a\uff1a system_u:object_r:svirt_image_t:SystemLow image1 system_u:object_r:svirt_image_t:SystemLow image2 system_u:object_r:svirt_image_t:SystemLow image3 system_u:object_r:svirt_image_t:SystemLow image4 \u8be5 svirt_image_t \u6807\u7b7e\u552f\u4e00\u6807\u8bc6\u78c1\u76d8\u4e0a\u7684\u56fe\u50cf\u6587\u4ef6\uff0c\u5141\u8bb8 SELinux \u7b56\u7565\u9650\u5236\u8bbf\u95ee\u3002\u5f53\u57fa\u4e8e KVM \u7684\u8ba1\u7b97\u6620\u50cf\u901a\u7535\u65f6\uff0csVirt \u4f1a\u5c06\u968f\u673a\u6570\u5b57\u6807\u8bc6\u7b26\u9644\u52a0\u5230\u6620\u50cf\u4e2d\u3002sVirt \u80fd\u591f\u4e3a\u6bcf\u4e2a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u8282\u70b9\u6700\u591a\u5206\u914d 524,288 \u4e2a\u865a\u62df\u673a\u7684\u6570\u5b57\u6807\u8bc6\u7b26\uff0c\u4f46\u5927\u591a\u6570 OpenStack \u90e8\u7f72\u6781\u4e0d\u53ef\u80fd\u9047\u5230\u6b64\u9650\u5236\u3002 \u6b64\u793a\u4f8b\u663e\u793a\u4e86 sVirt \u7c7b\u522b\u6807\u8bc6\u7b26\uff1a system_u:object_r:svirt_image_t:s0:c87,c520 image1 system_u:object_r:svirt_image_t:s0:419,c172 image2","title":"\u6807\u7b7e\u548c\u7c7b\u522b"},{"location":"security/security-guide/#selinux","text":"SELinux \u7ba1\u7406\u7528\u6237\u89d2\u8272\u3002\u53ef\u4ee5\u901a\u8fc7 -Z \u6807\u5fd7\u6216\u4f7f\u7528 semanage \u547d\u4ee4\u67e5\u770b\u8fd9\u4e9b\u5185\u5bb9\u3002\u5728\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e0a\uff0c\u53ea\u6709\u7ba1\u7406\u5458\u624d\u80fd\u8bbf\u95ee\u7cfb\u7edf\uff0c\u5e76\u4e14\u5e94\u8be5\u56f4\u7ed5\u7ba1\u7406\u7528\u6237\u548c\u7cfb\u7edf\u4e0a\u7684\u4efb\u4f55\u5176\u4ed6\u7528\u6237\u5177\u6709\u9002\u5f53\u7684\u4e0a\u4e0b\u6587\u3002\u6709\u5173\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 SELinux \u7528\u6237\u6587\u6863\u3002","title":"SELinux \u7528\u6237\u548c\u89d2\u8272"},{"location":"security/security-guide/#_153","text":"\u4e3a\u4e86\u51cf\u8f7b\u7ba1\u7406 SELinux \u7684\u7ba1\u7406\u8d1f\u62c5\uff0c\u8bb8\u591a\u4f01\u4e1a Linux \u5e73\u53f0\u5229\u7528 SELinux \u5e03\u5c14\u503c\u6765\u5feb\u901f\u6539\u53d8 sVirt \u7684\u5b89\u5168\u6001\u52bf\u3002 \u57fa\u4e8e Red Hat Enterprise Linux \u7684 KVM \u90e8\u7f72\u4f7f\u7528\u4ee5\u4e0b sVirt \u5e03\u5c14\u503c\uff1a sVirt SELinux \u5e03\u5c14\u503c \u63cf\u8ff0 virt_use_common \u5141\u8bb8 virt \u4f7f\u7528\u4e32\u884c\u6216\u5e76\u884c\u901a\u4fe1\u7aef\u53e3\u3002 virt_use_fusefs \u5141\u8bb8 virt \u8bfb\u53d6 FUSE \u6302\u8f7d\u7684\u6587\u4ef6\u3002 virt_use_nfs \u5141\u8bb8 virt \u7ba1\u7406 NFS \u6302\u8f7d\u7684\u6587\u4ef6\u3002 virt_use_samba \u5141\u8bb8 virt \u7ba1\u7406 CIFS \u6302\u8f7d\u7684\u6587\u4ef6\u3002 virt_use_sanlock \u5141\u8bb8\u53d7\u9650\u7684\u865a\u62df\u8bbf\u5ba2\u4e0e sanlock \u4ea4\u4e92\u3002 virt_use_sysfs \u5141\u8bb8 virt \u7ba1\u7406\u8bbe\u5907\u914d\u7f6e \uff08PCI\uff09\u3002 virt_use_usb \u5141\u8bb8 virt \u4f7f\u7528 USB \u8bbe\u5907\u3002 virt_use_xserver \u5141\u8bb8\u865a\u62df\u673a\u4e0e X Window \u7cfb\u7edf\u4ea4\u4e92\u3002","title":"\u5e03\u5c14\u503c"},{"location":"security/security-guide/#_154","text":"\u4efb\u4f55OpenStack\u90e8\u7f72\u7684\u4e3b\u8981\u5b89\u5168\u95ee\u9898\u4e4b\u4e00\u662f\u56f4\u7ed5\u654f\u611f\u6587\u4ef6\uff08\u5982 nova.conf \u6587\u4ef6\uff09\u7684\u5b89\u5168\u6027\u548c\u63a7\u5236\u3002\u6b64\u914d\u7f6e\u6587\u4ef6\u901a\u5e38\u5305\u542b\u5728 /etc \u76ee\u5f55\u4e2d\uff0c\u5305\u542b\u8bb8\u591a\u654f\u611f\u9009\u9879\uff0c\u5305\u62ec\u914d\u7f6e\u8be6\u7ec6\u4fe1\u606f\u548c\u670d\u52a1\u5bc6\u7801\u3002\u5e94\u4e3a\u6240\u6709\u6b64\u7c7b\u654f\u611f\u6587\u4ef6\u6388\u4e88\u4e25\u683c\u7684\u6587\u4ef6\u7ea7\u6743\u9650\uff0c\u5e76\u901a\u8fc7\u6587\u4ef6\u5b8c\u6574\u6027\u76d1\u89c6 \uff08FIM\uff09 \u5de5\u5177\uff08\u5982 iNotify \u6216 Samhain\uff09\u76d1\u89c6\u66f4\u6539\u3002\u8fd9\u4e9b\u5b9e\u7528\u7a0b\u5e8f\u5c06\u83b7\u53d6\u5904\u4e8e\u5df2\u77e5\u826f\u597d\u72b6\u6001\u7684\u76ee\u6807\u6587\u4ef6\u7684\u54c8\u5e0c\u503c\uff0c\u7136\u540e\u5b9a\u671f\u83b7\u53d6\u8be5\u6587\u4ef6\u7684\u65b0\u54c8\u5e0c\u503c\uff0c\u5e76\u5c06\u5176\u4e0e\u5df2\u77e5\u826f\u597d\u7684\u54c8\u5e0c\u503c\u8fdb\u884c\u6bd4\u8f83\u3002\u5982\u679c\u53d1\u73b0\u8b66\u62a5\u88ab\u610f\u5916\u4fee\u6539\uff0c\u5219\u53ef\u4ee5\u521b\u5efa\u8b66\u62a5\u3002 \u53ef\u4ee5\u68c0\u67e5\u6587\u4ef6\u7684\u6743\u9650\uff0c\u6211\u79fb\u52a8\u5230\u6587\u4ef6\u6240\u5728\u7684\u76ee\u5f55\u5e76\u8fd0\u884c ls -lh \u547d\u4ee4\u3002\u8fd9\u5c06\u663e\u793a\u6709\u6743\u8bbf\u95ee\u6587\u4ef6\u7684\u6743\u9650\u3001\u6240\u6709\u8005\u548c\u7ec4\uff0c\u4ee5\u53ca\u5176\u4ed6\u4fe1\u606f\uff0c\u4f8b\u5982\u4e0a\u6b21\u4fee\u6539\u6587\u4ef6\u7684\u65f6\u95f4\u548c\u521b\u5efa\u65f6\u95f4\u3002 \u8be5 /var/lib/nova \u76ee\u5f55\u7528\u4e8e\u4fdd\u5b58\u6709\u5173\u7ed9\u5b9a\u8ba1\u7b97\u4e3b\u673a\u4e0a\u7684\u5b9e\u4f8b\u7684\u8be6\u7ec6\u4fe1\u606f\u3002\u6b64\u76ee\u5f55\u4e5f\u5e94\u88ab\u89c6\u4e3a\u654f\u611f\u76ee\u5f55\uff0c\u5e76\u5177\u6709\u4e25\u683c\u5f3a\u5236\u6267\u884c\u7684\u6587\u4ef6\u6743\u9650\u3002\u6b64\u5916\uff0c\u5e94\u5b9a\u671f\u5907\u4efd\u5b83\uff0c\u56e0\u4e3a\u5b83\u5305\u542b\u4e0e\u8be5\u4e3b\u673a\u5173\u8054\u7684\u5b9e\u4f8b\u7684\u4fe1\u606f\u548c\u5143\u6570\u636e\u3002 \u5982\u679c\u90e8\u7f72\u4e0d\u9700\u8981\u5b8c\u6574\u7684\u865a\u62df\u673a\u5907\u4efd\uff0c\u5efa\u8bae\u6392\u9664\u8be5 /var/lib/nova/instances \u76ee\u5f55\uff0c\u56e0\u4e3a\u5b83\u7684\u5927\u5c0f\u5c06\u4e0e\u8be5\u8282\u70b9\u4e0a\u8fd0\u884c\u7684\u6bcf\u4e2a VM \u7684\u603b\u7a7a\u95f4\u4e00\u6837\u5927\u3002\u5982\u679c\u90e8\u7f72\u786e\u5b9e\u9700\u8981\u5b8c\u6574 VM \u5907\u4efd\uff0c\u5219\u9700\u8981\u786e\u4fdd\u6210\u529f\u5907\u4efd\u6b64\u76ee\u5f55\u3002 \u76d1\u89c6\u662f IT \u57fa\u7840\u7ed3\u6784\u7684\u5173\u952e\u7ec4\u4ef6\uff0c\u6211\u4eec\u5efa\u8bae\u76d1\u89c6\u548c\u5206\u6790\u8ba1\u7b97\u65e5\u5fd7\u6587\u4ef6\uff0c\u4ee5\u4fbf\u53ef\u4ee5\u521b\u5efa\u6709\u610f\u4e49\u7684\u8b66\u62a5\u3002","title":"\u52a0\u56fa\u8ba1\u7b97\u90e8\u7f72"},{"location":"security/security-guide/#openstack_5","text":"\u6211\u4eec\u5efa\u8bae\u5728\u53d1\u5e03\u5b89\u5168\u95ee\u9898\u548c\u5efa\u8bae\u65f6\u53ca\u65f6\u4e86\u89e3\u5b83\u4eec\u3002OpenStack \u5b89\u5168\u95e8\u6237\u662f\u4e00\u4e2a\u4e2d\u592e\u95e8\u6237\uff0c\u53ef\u4ee5\u5728\u8fd9\u91cc\u534f\u8c03\u5efa\u8bae\u3001\u901a\u77e5\u3001\u4f1a\u8bae\u548c\u6d41\u7a0b\u3002\u6b64\u5916\uff0cOpenStack \u6f0f\u6d1e\u7ba1\u7406\u56e2\u961f \uff08VMT\uff09 \u95e8\u6237\u901a\u8fc7\u5c06 Bug \u6807\u8bb0\u4e3a\u201c\u6b64 bug \u662f\u5b89\u5168\u6f0f\u6d1e\u201d\u6765\u534f\u8c03 OpenStack \u9879\u76ee\u5185\u7684\u8865\u6551\u63aa\u65bd\uff0c\u4ee5\u53ca\u8c03\u67e5\u8d1f\u8d23\u4efb\u5730\uff08\u79c1\u4e0b\uff09\u5411 VMT \u62ab\u9732\u7684\u62a5\u544a bug \u7684\u8fc7\u7a0b\u3002VMT \u6d41\u7a0b\u9875\u9762\u4e2d\u6982\u8ff0\u4e86\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u5e76\u751f\u6210\u4e86 OpenStack \u5b89\u5168\u516c\u544a \uff08OSSA\uff09\u3002\u6b64 OSSA \u6982\u8ff0\u4e86\u95ee\u9898\u548c\u4fee\u590d\u7a0b\u5e8f\uff0c\u5e76\u94fe\u63a5\u5230\u539f\u59cb\u9519\u8bef\u548c\u8865\u4e01\u6258\u7ba1\u4f4d\u7f6e\u3002","title":"OpenStack \u6f0f\u6d1e\u7ba1\u7406\u56e2\u961f"},{"location":"security/security-guide/#openstack_6","text":"\u62a5\u544a\u7684\u5b89\u5168\u6f0f\u6d1e\u88ab\u53d1\u73b0\u662f\u914d\u7f6e\u9519\u8bef\u7684\u7ed3\u679c\uff0c\u6216\u8005\u4e0d\u662f\u4e25\u683c\u610f\u4e49\u4e0a\u7684 OpenStack \u7684\u4e00\u90e8\u5206\uff0c\u8fd9\u4e9b\u6f0f\u6d1e\u5c06\u88ab\u8d77\u8349\u5230 OpenStack \u5b89\u5168\u8bf4\u660e \uff08OSSN\uff09 \u4e2d\u3002\u8fd9\u4e9b\u95ee\u9898\u5305\u62ec\u914d\u7f6e\u95ee\u9898\uff0c\u4f8b\u5982\u786e\u4fdd\u8eab\u4efd\u63d0\u4f9b\u7a0b\u5e8f\u6620\u5c04\u4ee5\u53ca\u975e OpenStack\uff0c\u4f46\u5173\u952e\u95ee\u9898\uff08\u4f8b\u5982\u5f71\u54cd OpenStack \u4f7f\u7528\u7684\u5e73\u53f0\u7684 Bashbug/Ghost \u6216 Venom \u6f0f\u6d1e\uff09\u3002\u5f53\u524d\u7684 OSSN \u96c6\u4f4d\u4e8e\u5b89\u5168\u8bf4\u660e wiki \u4e2d\u3002","title":"OpenStack \u5b89\u5168\u6ce8\u610f\u4e8b\u9879"},{"location":"security/security-guide/#openstack-dev","text":"\u6240\u6709\u9519\u8bef\u3001OSSA \u548c OSSN \u90fd\u901a\u8fc7 openstack-discuss \u90ae\u4ef6\u5217\u8868\u516c\u5f00\u53d1\u5e03\uff0c\u4e3b\u9898\u884c\u4e2d\u5e26\u6709 [security] \u4e3b\u9898\u3002\u6211\u4eec\u5efa\u8bae\u8ba2\u9605\u6b64\u5217\u8868\u4ee5\u53ca\u90ae\u4ef6\u8fc7\u6ee4\u89c4\u5219\uff0c\u4ee5\u786e\u4fdd\u4e0d\u4f1a\u9057\u6f0f OSSN\u3001OSSA \u548c\u5176\u4ed6\u91cd\u8981\u516c\u544a\u3002openstack-discuss \u90ae\u4ef6\u5217\u8868\u901a\u8fc7 OpenStack Development Mailing List \u8fdb\u884c\u7ba1\u7406\u3002openstack-discuss \u4f7f\u7528\u300a\u9879\u76ee\u56e2\u961f\u6307\u5357\u300b\u4e2d\u5b9a\u4e49\u7684\u6807\u8bb0\u3002","title":"OpenStack-dev \u90ae\u4ef6\u5217\u8868"},{"location":"security/security-guide/#_155","text":"\u5728\u5b9e\u65bdOpenStack\u65f6\uff0c\u6838\u5fc3\u51b3\u7b56\u4e4b\u4e00\u662f\u4f7f\u7528\u54ea\u4e2a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002\u6211\u4eec\u5efa\u8bae\u60a8\u4e86\u89e3\u4e0e\u60a8\u9009\u62e9\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u76f8\u5173\u7684\u516c\u544a\u3002\u4ee5\u4e0b\u662f\u51e0\u4e2a\u5e38\u89c1\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5b89\u5168\u5217\u8868\uff1a Xen\uff1a http://xenbits.xen.org/xsa/ VMWare\uff1a http://blogs.vmware.com/security/ \u5176\u4ed6\uff08KVM \u7b49\uff09\uff1a http://seclists.org/oss-sec","title":"\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u90ae\u4ef6\u5217\u8868"},{"location":"security/security-guide/#_156","text":"","title":"\u6f0f\u6d1e\u610f\u8bc6"},{"location":"security/security-guide/#openstack_7","text":"\u6211\u4eec\u5efa\u8bae\u5728\u53d1\u5e03\u5b89\u5168\u95ee\u9898\u548c\u5efa\u8bae\u65f6\u53ca\u65f6\u4e86\u89e3\u5b83\u4eec\u3002OpenStack \u5b89\u5168\u95e8\u6237\u662f\u4e00\u4e2a\u4e2d\u592e\u95e8\u6237\uff0c\u53ef\u4ee5\u5728\u8fd9\u91cc\u534f\u8c03\u5efa\u8bae\u3001\u901a\u77e5\u3001\u4f1a\u8bae\u548c\u6d41\u7a0b\u3002\u6b64\u5916\uff0cOpenStack \u6f0f\u6d1e\u7ba1\u7406\u56e2\u961f \uff08VMT\uff09 \u95e8\u6237\u534f\u8c03 OpenStack \u5185\u90e8\u7684\u8865\u6551\u63aa\u65bd\uff0c\u4ee5\u53ca\u8c03\u67e5\u8d1f\u8d23\u4efb\u5730\uff08\u79c1\u4e0b\uff09\u5411 VMT \u62ab\u9732\u7684\u62a5\u544a\u9519\u8bef\u7684\u8fc7\u7a0b\uff0c\u65b9\u6cd5\u662f\u5c06\u9519\u8bef\u6807\u8bb0\u4e3a\u201c\u6b64\u9519\u8bef\u662f\u5b89\u5168\u6f0f\u6d1e\u201d\u3002VMT \u6d41\u7a0b\u9875\u9762\u4e2d\u6982\u8ff0\u4e86\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u5e76\u751f\u6210\u4e86 OpenStack \u5b89\u5168\u516c\u544a \uff08OSSA\uff09\u3002\u6b64 OSSA \u6982\u8ff0\u4e86\u95ee\u9898\u548c\u4fee\u590d\u7a0b\u5e8f\uff0c\u5e76\u94fe\u63a5\u5230\u539f\u59cb\u9519\u8bef\u548c\u8865\u4e01\u6258\u7ba1\u4f4d\u7f6e\u3002","title":"OpenStack \u6f0f\u6d1e\u7ba1\u7406\u56e2\u961f"},{"location":"security/security-guide/#openstack_8","text":"\u62a5\u544a\u7684\u5b89\u5168\u6f0f\u6d1e\u88ab\u53d1\u73b0\u662f\u914d\u7f6e\u9519\u8bef\u7684\u7ed3\u679c\uff0c\u6216\u8005\u4e0d\u662f\u4e25\u683c\u610f\u4e49\u4e0a\u7684 OpenStack \u7684\u4e00\u90e8\u5206\uff0c\u5c06\u88ab\u8d77\u8349\u5230 OpenStack \u5b89\u5168\u8bf4\u660e \uff08OSSN\uff09 \u4e2d\u3002\u8fd9\u4e9b\u95ee\u9898\u5305\u62ec\u914d\u7f6e\u95ee\u9898\uff0c\u4f8b\u5982\u786e\u4fdd\u8eab\u4efd\u63d0\u4f9b\u5546\u6620\u5c04\uff0c\u4ee5\u53ca\u975e OpenStack \u4f46\u5173\u952e\u7684\u95ee\u9898\uff0c\u4f8b\u5982\u5f71\u54cd OpenStack \u4f7f\u7528\u7684\u5e73\u53f0\u7684 Bashbug/Ghost \u6216 Venom \u6f0f\u6d1e\u3002\u5f53\u524d\u7684 OSSN \u96c6\u4f4d\u4e8e\u5b89\u5168\u8bf4\u660e wiki \u4e2d\u3002","title":"OpenStack \u5b89\u5168\u6ce8\u610f\u4e8b\u9879"},{"location":"security/security-guide/#openstack-discuss","text":"\u6240\u6709 bug\u3001OSSA \u548c OSSN \u90fd\u901a\u8fc7 openstack-discuss \u90ae\u4ef6\u5217\u8868\u516c\u5f00\u53d1\u5e03\uff0c\u4e3b\u9898\u884c\u4e2d\u5305\u542b [security] \u4e3b\u9898\u3002\u6211\u4eec\u5efa\u8bae\u8ba2\u9605\u6b64\u5217\u8868\u4ee5\u53ca\u90ae\u4ef6\u8fc7\u6ee4\u89c4\u5219\uff0c\u4ee5\u786e\u4fdd\u4e0d\u4f1a\u9057\u6f0f OSSN\u3001OSSA \u548c\u5176\u4ed6\u91cd\u8981\u516c\u544a\u3002openstack-discuss \u90ae\u4ef6\u5217\u8868\u901a\u8fc7 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-discuss \u8fdb\u884c\u7ba1\u7406\u3002openstack-discuss \u4f7f\u7528\u300a\u9879\u76ee\u56e2\u961f\u6307\u5357\u300b\u4e2d\u5b9a\u4e49\u7684\u6807\u8bb0\u3002","title":"OpenStack-discuss \u90ae\u4ef6\u5217\u8868"},{"location":"security/security-guide/#_157","text":"\u5728\u5b9e\u65bdOpenStack\u65f6\uff0c\u6838\u5fc3\u51b3\u7b56\u4e4b\u4e00\u662f\u4f7f\u7528\u54ea\u4e2a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002\u6211\u4eec\u5efa\u8bae\u60a8\u4e86\u89e3\u4e0e\u60a8\u9009\u62e9\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u76f8\u5173\u7684\u516c\u544a\u3002\u4ee5\u4e0b\u662f\u51e0\u4e2a\u5e38\u89c1\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5b89\u5168\u5217\u8868\uff1a Xen\uff1a http://xenbits.xen.org/xsa/ VMWare\uff1a http://blogs.vmware.com/security/ \u5176\u4ed6\uff08KVM \u7b49\uff09\uff1a http://seclists.org/oss-sec","title":"\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u90ae\u4ef6\u5217\u8868"},{"location":"security/security-guide/#_158","text":"\u4e91\u67b6\u6784\u5e08\u9700\u8981\u505a\u51fa\u7684\u6709\u5173\u8ba1\u7b97\u670d\u52a1\u914d\u7f6e\u7684\u4e00\u4e2a\u51b3\u5b9a\u662f\u4f7f\u7528 VNC \u8fd8\u662f SPICE\u3002","title":"\u5982\u4f55\u9009\u62e9\u865a\u62df\u63a7\u5236\u53f0"},{"location":"security/security-guide/#vnc","text":"OpenStack \u53ef\u4ee5\u914d\u7f6e\u4e3a\u4f7f\u7528\u865a\u62df\u7f51\u7edc\u8ba1\u7b97\u673a \uff08VNC\uff09 \u534f\u8bae\u4e3a\u79df\u6237\u548c\u7ba1\u7406\u5458\u63d0\u4f9b\u5bf9\u5b9e\u4f8b\u7684\u8fdc\u7a0b\u684c\u9762\u63a7\u5236\u53f0\u8bbf\u95ee\u3002","title":"\u865a\u62df\u7f51\u7edc\u8ba1\u7b97\u673a \uff08VNC\uff09"},{"location":"security/security-guide/#_159","text":"OpenStack Dashboard \uff08horizon\uff09 \u53ef\u4ee5\u4f7f\u7528 HTML5 noVNC \u5ba2\u6237\u7aef\u76f4\u63a5\u5728\u7f51\u9875\u4e0a\u4e3a\u5b9e\u4f8b\u63d0\u4f9b VNC \u63a7\u5236\u53f0\u3002\u8fd9\u8981\u6c42 nova-novncproxy \u670d\u52a1\u4ece\u516c\u7528\u7f51\u7edc\u6865\u63a5\u5230\u7ba1\u7406\u7f51\u7edc\u3002 nova \u547d\u4ee4\u884c\u5b9e\u7528\u7a0b\u5e8f\u53ef\u4ee5\u8fd4\u56de VNC \u63a7\u5236\u53f0\u7684 URL\uff0c\u4ee5\u4f9b nova Java VNC \u5ba2\u6237\u7aef\u8bbf\u95ee\u3002\u8fd9\u8981\u6c42 nova-xvpvncproxy \u670d\u52a1\u4ece\u516c\u7528\u7f51\u7edc\u6865\u63a5\u5230\u7ba1\u7406\u7f51\u7edc\u3002","title":"\u529f\u80fd"},{"location":"security/security-guide/#_160","text":"\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c nova-novncproxy \u548c nova-xvpvncproxy \u670d\u52a1\u4f1a\u6253\u5f00\u7ecf\u8fc7\u4ee4\u724c\u8eab\u4efd\u9a8c\u8bc1\u7684\u9762\u5411\u516c\u4f17\u7684\u7aef\u53e3\u3002 \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u8fdc\u7a0b\u684c\u9762\u6d41\u91cf\u672a\u52a0\u5bc6\u3002\u53ef\u4ee5\u542f\u7528 TLS \u6765\u52a0\u5bc6 VNC \u6d41\u91cf\u3002\u8bf7\u53c2\u9605 TLS \u548c SSL \u7b80\u4ecb\u4ee5\u83b7\u53d6\u9002\u5f53\u7684\u5efa\u8bae\u3002","title":"\u5b89\u5168\u6ce8\u610f\u4e8b\u9879"},{"location":"security/security-guide/#_161","text":"blog.malchuk.ru, OpenStack VNC Security. 2013. Secure Connections to VNC ports blog.malchuk.ru\uff0cOpenStack VNC \u5b89\u5168\u6027\u30022013. \u4e0e VNC \u7aef\u53e3\u7684\u5b89\u5168\u8fde\u63a5 OpenStack Mailing List, [OpenStack] nova-novnc SSL configuration - Havana. 2014. OpenStack nova-novnc SSL Configuration OpenStack \u90ae\u4ef6\u5217\u8868\uff0c[OpenStack] nova-novnc SSL \u914d\u7f6e - \u54c8\u74e6\u90a3\u30022014. OpenStack nova-novnc SSL\u914d\u7f6e Redhat.com/solutions\uff0c\u5728 OpenStack \u4e2d\u4f7f\u7528 SSL \u52a0\u5bc6 nova-novacproxy\u30022014. OpenStack nova-novncproxy SSL\u52a0\u5bc6","title":"\u53c2\u8003\u4e66\u76ee"},{"location":"security/security-guide/#spice","text":"\u4f5c\u4e3a VNC \u7684\u66ff\u4ee3\u65b9\u6848\uff0cOpenStack \u4f7f\u7528\u72ec\u7acb\u8ba1\u7b97\u73af\u5883\u7684\u7b80\u5355\u534f\u8bae \uff08SPICE\uff09 \u534f\u8bae\u63d0\u4f9b\u5bf9\u5ba2\u6237\u673a\u865a\u62df\u673a\u7684\u8fdc\u7a0b\u684c\u9762\u8bbf\u95ee\u3002","title":"\u72ec\u7acb\u8ba1\u7b97\u73af\u5883\u7684\u7b80\u5355\u534f\u8bae \uff08SPICE\uff09"},{"location":"security/security-guide/#_162","text":"OpenStack Dashboard \uff08horizon\uff09 \u76f4\u63a5\u5728\u5b9e\u4f8b\u7f51\u9875\u4e0a\u652f\u6301 SPICE\u3002\u8fd9\u9700\u8981\u670d\u52a1 nova-spicehtml5proxy \u3002 nova \u547d\u4ee4\u884c\u5b9e\u7528\u7a0b\u5e8f\u53ef\u4ee5\u8fd4\u56de SPICE \u63a7\u5236\u53f0\u7684 URL\uff0c\u4ee5\u4f9b SPICE-html \u5ba2\u6237\u7aef\u8bbf\u95ee\u3002","title":"\u529f\u80fd"},{"location":"security/security-guide/#_163","text":"\u5c3d\u7ba1 SPICE \u4e0e VNC \u76f8\u6bd4\u5177\u6709\u8bb8\u591a\u4f18\u52bf\uff0c\u4f46 spice-html5 \u6d4f\u89c8\u5668\u96c6\u6210\u76ee\u524d\u4e0d\u5141\u8bb8\u7ba1\u7406\u5458\u5229\u7528\u8fd9\u4e9b\u4f18\u52bf\u3002\u4e3a\u4e86\u5229\u7528 \u591a\u663e\u793a\u5668\u3001USB \u76f4\u901a\u7b49 SPICE \u529f\u80fd\uff0c\u6211\u4eec\u5efa\u8bae\u7ba1\u7406\u5458\u5728\u7ba1\u7406\u7f51\u7edc\u4e2d\u4f7f\u7528\u72ec\u7acb\u7684 SPICE \u5ba2\u6237\u7aef\u3002","title":"\u9650\u5236"},{"location":"security/security-guide/#_164","text":"\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u8be5 nova-spicehtml5proxy \u670d\u52a1\u4f1a\u6253\u5f00\u7ecf\u8fc7\u4ee4\u724c\u8eab\u4efd\u9a8c\u8bc1\u7684\u9762\u5411\u516c\u4f17\u7684\u7aef\u53e3\u3002 \u529f\u80fd\u548c\u96c6\u6210\u4ecd\u5728\u4e0d\u65ad\u53d1\u5c55\u3002\u6211\u4eec\u5c06\u5728\u4e0b\u4e00\u4e2a\u7248\u672c\u4e2d\u8bbf\u95ee\u8fd9\u4e9b\u529f\u80fd\u5e76\u63d0\u51fa\u5efa\u8bae\u3002 \u4e0e VNC \u7684\u60c5\u51b5\u4e00\u6837\uff0c\u76ee\u524d\u6211\u4eec\u5efa\u8bae\u4ece\u7ba1\u7406\u7f51\u7edc\u4f7f\u7528 SPICE\uff0c\u6b64\u5916\u8fd8\u9650\u5236\u4f7f\u7528\u5c11\u6570\u4eba\u3002","title":"\u5b89\u5168\u6ce8\u610f\u4e8b\u9879"},{"location":"security/security-guide/#_165","text":"OpenStack \u7ba1\u7406\u5458\u6307\u5357\u3002SPICE\u63a7\u5236\u53f0\u3002SPICE\u63a7\u5236\u53f0\u3002 bugzilla.redhat.com\uff0c Bug 913607 - RFE\uff1a \u652f\u6301\u901a\u8fc7 websockets \u96a7\u9053\u4f20\u8f93 SPICE\u30022013. RedHat \u9519\u8bef913607\u3002","title":"\u53c2\u8003\u4e66\u76ee"},{"location":"security/security-guide/#_166","text":"","title":"\u68c0\u67e5\u8868"},{"location":"security/security-guide/#check-compute-01-rootnova","text":"\u914d\u7f6e\u6587\u4ef6\u5305\u542b\u7ec4\u4ef6\u5e73\u7a33\u8fd0\u884c\u6240\u9700\u7684\u5173\u952e\u53c2\u6570\u548c\u4fe1\u606f\u3002\u5982\u679c\u975e\u7279\u6743\u7528\u6237\u6709\u610f\u6216\u65e0\u610f\u5730\u4fee\u6539\u6216\u5220\u9664\u4efb\u4f55\u53c2\u6570\u6216\u6587\u4ef6\u672c\u8eab\uff0c\u5219\u4f1a\u5bfc\u81f4\u4e25\u91cd\u7684\u53ef\u7528\u6027\u95ee\u9898\uff0c\u4ece\u800c\u5bfc\u81f4\u62d2\u7edd\u5411\u5176\u4ed6\u6700\u7ec8\u7528\u6237\u63d0\u4f9b\u670d\u52a1\u3002\u6b64\u7c7b\u5173\u952e\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a nova \uff0c root \u5e76\u4e14\u7ec4\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a \u3002\u6b64\u5916\uff0c\u5305\u542b\u76ee\u5f55\u5e94\u5177\u6709\u76f8\u540c\u7684\u6240\u6709\u6743\uff0c\u4ee5\u786e\u4fdd\u6b63\u786e\u62e5\u6709\u65b0\u6587\u4ef6\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%U %G\" /etc/nova/nova.conf | egrep \"root nova\" $ stat -L -c \"%U %G\" /etc/nova/api-paste.ini | egrep \"root nova\" $ stat -L -c \"%U %G\" /etc/nova/policy.json | egrep \"root nova\" $ stat -L -c \"%U %G\" /etc/nova/rootwrap.conf | egrep \"root nova\" $ stat -L -c \"%U %G\" /etc/nova | egrep \"root nova\" \u901a\u8fc7\uff1a\u5982\u679c\u6240\u6709\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u5206\u522b\u8bbe\u7f6e\u4e3a root \u548c nova \u3002\u4e0a\u8ff0\u547d\u4ee4\u663e\u793a \u7684 root nova \u8f93\u51fa\u3002 \u5931\u8d25\uff1a\u5982\u679c\u4e0a\u8ff0\u547d\u4ee4\u672a\u8fd4\u56de\u4efb\u4f55\u8f93\u51fa\uff0c\u5219\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u53ef\u80fd\u5df2\u8bbe\u7f6e\u4e3a\u9664 \u4ee5\u5916\u7684\u4efb\u4f55\u7528\u6237\u6216\u9664 nova \u4ee5\u5916\u7684 root \u4efb\u4f55\u7ec4\u3002 \u63a8\u8350\u4e8e\uff1a\u8ba1\u7b97\u3002","title":"Check-Compute-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/nova\uff1f"},{"location":"security/security-guide/#check-compute-02","text":"\u4e0e\u524d\u9762\u7684\u68c0\u67e5\u7c7b\u4f3c\uff0c\u6211\u4eec\u5efa\u8bae\u4e3a\u6b64\u7c7b\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e25\u683c\u7684\u8bbf\u95ee\u6743\u9650\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%a\" /etc/nova/nova.conf $ stat -L -c \"%a\" /etc/nova/api-paste.ini $ stat -L -c \"%a\" /etc/nova/policy.json $ stat -L -c \"%a\" /etc/nova/rootwrap.conf \u8fd8\u53ef\u4ee5\u8fdb\u884c\u66f4\u5e7f\u6cdb\u7684\u9650\u5236\uff1a\u5982\u679c\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\uff0c\u5219\u4fdd\u8bc1\u6b64\u76ee\u5f55\u4e2d\u65b0\u521b\u5efa\u7684\u6587\u4ef6\u5177\u6709\u6240\u9700\u7684\u6743\u9650\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u6743\u9650\u8bbe\u7f6e\u4e3a 640 \u6216\u66f4\u4e25\u683c\uff0c\u6216\u8005\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\u3002640/750 \u7684\u6743\u9650\u8f6c\u6362\u4e3a\u6240\u6709\u8005 r/w\u3001\u7ec4 r\uff0c\u800c\u5bf9\u5176\u4ed6\u4eba\u6ca1\u6709\u6743\u9650\u3002\u4f8b\u5982\uff0c\u201cu=rw\uff0cg=r\uff0co=\u201d\u3002 \u6ce8\u610f \u5982\u679c Check-Compute-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/nova\uff1f\u6743\u9650\u8bbe\u7f6e\u4e3a 640\uff0croot \u5177\u6709\u8bfb/\u5199\u8bbf\u95ee\u6743\u9650\uff0cnova \u5177\u6709\u5bf9\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u8bfb\u53d6\u8bbf\u95ee\u6743\u9650\u3002\u4e5f\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u9a8c\u8bc1\u8bbf\u95ee\u6743\u9650\u3002\u4ec5\u5f53\u6b64\u547d\u4ee4\u652f\u6301 ACL \u65f6\uff0c\u5b83\u624d\u5728\u60a8\u7684\u7cfb\u7edf\u4e0a\u53ef\u7528\u3002 $ getfacl --tabular -a /etc/nova/nova.conf getfacl: Removing leading '/' from absolute path names # file: etc/nova/nova.conf USER root rw- GROUP nova r-- mask r-- other --- \u5931\u8d25\uff1a\u5982\u679c\u6743\u9650\u672a\u8bbe\u7f6e\u4e3a\u81f3\u5c11 640/750\u3002 \u63a8\u8350\u4e8e\uff1a\u8ba1\u7b97\u3002","title":"Check-Compute-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f"},{"location":"security/security-guide/#check-compute-03keystone","text":"\u6ce8\u610f \u6b64\u9879\u4ec5\u9002\u7528\u4e8e OpenStack \u7248\u672c Rocky \u53ca\u4e4b\u524d\u7248\u672c\uff0c\u56e0\u4e3a `auth_strategy` Stein \u4e2d\u5df2\u5f03\u7528\u3002 OpenStack \u652f\u6301\u5404\u79cd\u8eab\u4efd\u9a8c\u8bc1\u7b56\u7565\uff0c\u5982 noauth \u548c keystone\u3002\u5982\u679c\u4f7f\u7528 noauth \u7b56\u7565\uff0c\u90a3\u4e48\u7528\u6237\u65e0\u9700\u4efb\u4f55\u8eab\u4efd\u9a8c\u8bc1\u5373\u53ef\u4e0e OpenStack \u670d\u52a1\u8fdb\u884c\u4ea4\u4e92\u3002\u8fd9\u53ef\u80fd\u662f\u4e00\u4e2a\u6f5c\u5728\u7684\u98ce\u9669\uff0c\u56e0\u4e3a\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u83b7\u5f97\u5bf9 OpenStack \u7ec4\u4ef6\u7684\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002\u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\u6240\u6709\u670d\u52a1\u90fd\u5fc5\u987b\u4f7f\u7528\u5176\u670d\u52a1\u5e10\u6237\u901a\u8fc7 keystone \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002 \u5728Ocata\u4e4b\u524d\uff1a \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 auth_strategy \u8bbe\u7f6e\u4e3a keystone \u3002 [DEFAULT] /etc/nova/nova.conf \u5931\u8d25\uff1a\u5982\u679c section \u4e0b\u7684 [DEFAULT] \u53c2\u6570 auth_strategy \u503c\u8bbe\u7f6e\u4e3a noauth \u6216 noauth2 \u3002 \u5728Ocata\u4e4b\u540e\uff1a \u901a\u8fc7\uff1a\u5982\u679c under [api] \u6216 [DEFAULT] section in /etc/nova/nova.conf \u7684\u53c2\u6570 auth_strategy \u503c\u8bbe\u7f6e\u4e3a keystone \u3002 \u5931\u8d25\uff1a\u5982\u679c or [DEFAULT] \u90e8\u5206\u4e0b\u7684 [api] \u53c2\u6570 auth_strategy \u503c\u8bbe\u7f6e\u4e3a noauth \u6216 noauth2 \u3002","title":"Check-Compute-03\uff1aKeystone \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f"},{"location":"security/security-guide/#check-compute-04","text":"OpenStack \u7ec4\u4ef6\u4f7f\u7528\u5404\u79cd\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\uff0c\u901a\u4fe1\u53ef\u80fd\u6d89\u53ca\u654f\u611f\u6216\u673a\u5bc6\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5c1d\u8bd5\u7a83\u542c\u9891\u9053\u4ee5\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u6240\u6709\u7ec4\u4ef6\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in /etc/nova/nova.conf \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a Identity API \u7aef\u70b9\u5f00\u5934\uff0c https:// \u5e76\u4e14 same /etc/nova/nova.conf \u4e2d\u540c\u4e00 [keystone_authtoken] \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri insecure \u503c\u8bbe\u7f6e\u4e3a False \u3002 \u5931\u8d25\uff1a\u5982\u679c in /etc/nova/nova.conf \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri \u503c\u672a\u8bbe\u7f6e\u4e3a\u4ee5 \u5f00\u5934\u7684\u8eab\u4efd API \u7aef\u70b9\uff0c https:// \u6216\u8005\u540c\u4e00 /etc/nova/nova.conf \u90e8\u5206\u4e2d\u7684\u53c2\u6570 insecure [keystone_authtoken] \u503c\u8bbe\u7f6e\u4e3a True \u3002","title":"Check-Compute-04\uff1a\u662f\u5426\u4f7f\u7528\u5b89\u5168\u534f\u8bae\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f"},{"location":"security/security-guide/#check-compute-05nova-glance","text":"OpenStack \u7ec4\u4ef6\u4f7f\u7528\u5404\u79cd\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\uff0c\u901a\u4fe1\u53ef\u80fd\u6d89\u53ca\u654f\u611f\u6216\u673a\u5bc6\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5c1d\u8bd5\u7a83\u542c\u9891\u9053\u4ee5\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u6240\u6709\u7ec4\u4ef6\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a False \uff0c\u5e76\u4e14 section in /etc/nova/nova.conf /etc/nova/nova.conf \u4e0b\u7684 [glance] [glance] \u53c2\u6570 api_insecure api_servers \u503c\u8bbe\u7f6e\u4e3a\u4ee5 https:// \u5f00\u5934\u7684\u503c\u3002 \u5931\u8d25\uff1a\u5982\u679c in /etc/nova/nova.conf \u8282\u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a True \uff0c\u6216\u8005 in /etc/nova/nova.conf \u8282\u4e0b\u7684 [glance] [glance] \u53c2\u6570 api_insecure api_servers \u503c\u8bbe\u7f6e\u4e3a\u4e0d\u4ee5 https:// \u5f00\u5934\u7684\u503c\u3002","title":"Check-Compute-05\uff1aNova \u4e0e Glance \u7684\u901a\u4fe1\u662f\u5426\u5b89\u5168\uff1f"},{"location":"security/security-guide/#_167","text":"OpenStack Block Storage \uff08cinder\uff09 \u662f\u4e00\u9879\u670d\u52a1\uff0c\u5b83\u63d0\u4f9b\u8f6f\u4ef6\uff08\u670d\u52a1\u548c\u5e93\uff09\u6765\u81ea\u52a9\u7ba1\u7406\u6301\u4e45\u6027\u5757\u7ea7\u5b58\u50a8\u8bbe\u5907\u3002\u8fd9\u5c06\u521b\u5efa\u5bf9\u5757\u5b58\u50a8\u8d44\u6e90\u7684\u6309\u9700\u8bbf\u95ee\uff0c\u4ee5\u4fbf\u4e0e OpenStack \u8ba1\u7b97 \uff08nova\uff09 \u5b9e\u4f8b\u4e00\u8d77\u4f7f\u7528\u3002\u901a\u8fc7\u5c06\u5757\u5b58\u50a8\u6c60\u865a\u62df\u5316\u5230\u5404\u79cd\u540e\u7aef\u5b58\u50a8\u8bbe\u5907\uff08\u53ef\u4ee5\u662f\u8f6f\u4ef6\u5b9e\u73b0\u6216\u4f20\u7edf\u786c\u4ef6\u5b58\u50a8\u4ea7\u54c1\uff09\uff0c\u901a\u8fc7\u62bd\u8c61\u521b\u5efa\u8f6f\u4ef6\u5b9a\u4e49\u5b58\u50a8\u3002\u5176\u4e3b\u8981\u529f\u80fd\u662f\u7ba1\u7406\u5757\u8bbe\u5907\u7684\u521b\u5efa\u3001\u9644\u52a0\u548c\u5206\u79bb\u3002\u6d88\u8d39\u8005\u4e0d\u9700\u8981\u77e5\u9053\u540e\u7aef\u5b58\u50a8\u8bbe\u5907\u7684\u7c7b\u578b\u6216\u5b83\u7684\u4f4d\u7f6e\u3002 \u8ba1\u7b97\u5b9e\u4f8b\u901a\u8fc7\u884c\u4e1a\u6807\u51c6\u5b58\u50a8\u534f\u8bae\uff08\u5982 iSCSI\u3001\u4ee5\u592a\u7f51 ATA \u6216\u5149\u7ea4\u901a\u9053\uff09\u5b58\u50a8\u548c\u68c0\u7d22\u5757\u5b58\u50a8\u3002\u8fd9\u4e9b\u8d44\u6e90\u901a\u8fc7 OpenStack \u539f\u751f\u6807\u51c6 HTTP RESTful API \u8fdb\u884c\u7ba1\u7406\u548c\u914d\u7f6e\u3002\u6709\u5173 API \u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 OpenStack \u5757\u5b58\u50a8\u6587\u6863\u3002 \u5377\u64e6\u9664 \u68c0\u67e5\u8868 Check-Block-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/cinder\uff1f Check-Block-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Block-03\uff1aKeystone \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Block-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Block-05\uff1acinder \u662f\u5426\u901a\u8fc7 TLS \u4e0e nova \u901a\u4fe1\uff1f Check-Block-06\uff1acinder \u662f\u5426\u901a\u8fc7 TLS \u4e0e glance \u901a\u4fe1\uff1f Check-Block-07\uff1a NAS \u662f\u5426\u5728\u5b89\u5168\u7684\u73af\u5883\u4e2d\u8fd0\u884c\uff1f Check-Block-08\uff1a\u8bf7\u6c42\u6b63\u6587\u7684\u6700\u5927\u5927\u5c0f\u662f\u5426\u8bbe\u7f6e\u4e3a\u9ed8\u8ba4\u503c \uff08114688\uff09\uff1f Check-Block-09\uff1a\u662f\u5426\u542f\u7528\u4e86\u5377\u52a0\u5bc6\u529f\u80fd\uff1f \u6ce8\u610f \u867d\u7136\u672c\u7ae0\u76ee\u524d\u5bf9\u5177\u4f53\u6307\u5357\u7684\u4ecb\u7ecd\u5f88\u5c11\uff0c\u4f46\u9884\u8ba1\u5c06\u9075\u5faa\u6807\u51c6\u7684\u5f3a\u5316\u5b9e\u8df5\u3002\u672c\u8282\u5c06\u6269\u5c55\u76f8\u5173\u4fe1\u606f\u3002","title":"\u5757\u5b58\u50a8"},{"location":"security/security-guide/#_168","text":"\u6709\u51e0\u79cd\u65b9\u6cd5\u53ef\u4ee5\u64e6\u9664\u5757\u5b58\u50a8\u8bbe\u5907\u3002\u4f20\u7edf\u7684\u65b9\u6cd5\u662f\u5c06 lvm_type \u8bbe\u7f6e\u4e3a thin \uff0c\u5982\u679c\u4f7f\u7528 LVM \u540e\u7aef\uff0c\u5219\u4f7f\u7528 volume_clear \u8be5\u53c2\u6570\u3002\u6216\u8005\uff0c\u5982\u679c\u4f7f\u7528\u5377\u52a0\u5bc6\u529f\u80fd\uff0c\u5219\u5728\u5220\u9664\u5377\u52a0\u5bc6\u5bc6\u94a5\u65f6\u4e0d\u9700\u8981\u5377\u64e6\u9664\u3002\u6709\u5173\u8bbe\u7f6e\u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u5377\u52a0\u5bc6\u90e8\u5206\u4e2d\u7684 OpenStack \u914d\u7f6e\u53c2\u8003\u6587\u6863\uff0c\u4ee5\u53ca\u6709\u5173\u5bc6\u94a5\u5220\u9664\u7684 Castellan \u4f7f\u7528\u6587\u6863 \u6ce8\u610f \u5728\u8f83\u65e7\u7684 OpenStack \u7248\u672c\u4e2d\uff0c `lvm_type=default` \u7528\u4e8e\u8868\u793a\u64e6\u9664\u3002\u867d\u7136\u6b64\u65b9\u6cd5\u4ecd\u7136\u6709\u6548\uff0c\u4f46 `lvm_type=default` \u4e0d\u5efa\u8bae\u7528\u4e8e\u8bbe\u7f6e\u5b89\u5168\u5220\u9664\u3002 \u8be5 volume_clear \u53c2\u6570\u53ef\u4ee5\u8bbe\u7f6e\u4e3a zero \u3002\u8be5 zero \u53c2\u6570\u5c06\u5411\u8bbe\u5907\u5199\u5165\u4e00\u6b21\u96f6\u4f20\u9012\u3002 \u6709\u5173\u8be5 lvm_type \u53c2\u6570\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 cinder \u9879\u76ee\u6587\u6863\u7684\u7cbe\u7b80\u7f6e\u5907\u4e2d\u7684 LVM \u548c\u8d85\u989d\u8ba2\u9605\u90e8\u5206\u3002 \u6709\u5173\u8be5 volume_clear \u53c2\u6570\u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 cinder \u9879\u76ee\u6587\u6863\u7684 Cinder \u914d\u7f6e\u9009\u9879\u90e8\u5206\u3002","title":"\u5377\u64e6\u9664"},{"location":"security/security-guide/#_169","text":"","title":"\u68c0\u67e5\u8868"},{"location":"security/security-guide/#check-block-01-rootcinder","text":"\u914d\u7f6e\u6587\u4ef6\u5305\u542b\u7ec4\u4ef6\u5e73\u7a33\u8fd0\u884c\u6240\u9700\u7684\u5173\u952e\u53c2\u6570\u548c\u4fe1\u606f\u3002\u5982\u679c\u975e\u7279\u6743\u7528\u6237\u6709\u610f\u6216\u65e0\u610f\u5730\u4fee\u6539\u6216\u5220\u9664\u4efb\u4f55\u53c2\u6570\u6216\u6587\u4ef6\u672c\u8eab\uff0c\u5219\u4f1a\u5bfc\u81f4\u4e25\u91cd\u7684\u53ef\u7528\u6027\u95ee\u9898\uff0c\u4ece\u800c\u5bfc\u81f4\u62d2\u7edd\u5411\u5176\u4ed6\u6700\u7ec8\u7528\u6237\u63d0\u4f9b\u670d\u52a1\u3002\u56e0\u6b64\uff0c\u6b64\u7c7b\u5173\u952e\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a root\uff0c\u7ec4\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a cinder\u3002\u6b64\u5916\uff0c\u5305\u542b\u76ee\u5f55\u5e94\u5177\u6709\u76f8\u540c\u7684\u6240\u6709\u6743\uff0c\u4ee5\u786e\u4fdd\u6b63\u786e\u62e5\u6709\u65b0\u6587\u4ef6\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%U %G\" /etc/cinder/cinder.conf | egrep \"root cinder\" $ stat -L -c \"%U %G\" /etc/cinder/api-paste.ini | egrep \"root cinder\" $ stat -L -c \"%U %G\" /etc/cinder/policy.json | egrep \"root cinder\" $ stat -L -c \"%U %G\" /etc/cinder/rootwrap.conf | egrep \"root cinder\" $ stat -L -c \"%U %G\" /etc/cinder | egrep \"root cinder\" \u901a\u8fc7\uff1a\u5982\u679c\u6240\u6709\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u5206\u522b\u8bbe\u7f6e\u4e3a root \u548c cinder\u3002\u4e0a\u9762\u7684\u547d\u4ee4\u663e\u793a\u4e86\u6839\u7164\u6e23\u7684\u8f93\u51fa\u3002 \u5931\u8d25\uff1a\u5982\u679c\u4e0a\u8ff0\u547d\u4ee4\u672a\u8fd4\u56de\u4efb\u4f55\u8f93\u51fa\uff0c\u56e0\u4e3a\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u53ef\u80fd\u5df2\u8bbe\u7f6e\u4e3a\u9664 root \u4ee5\u5916\u7684\u4efb\u4f55\u7528\u6237\u6216\u9664 cinder \u4ee5\u5916\u7684\u4efb\u4f55\u7ec4\u3002","title":"Check-Block-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/cinder\uff1f"},{"location":"security/security-guide/#check-block-02","text":"\u4e0e\u524d\u9762\u7684\u68c0\u67e5\u7c7b\u4f3c\uff0c\u6211\u4eec\u5efa\u8bae\u4e3a\u6b64\u7c7b\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e25\u683c\u7684\u8bbf\u95ee\u6743\u9650\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%a\" /etc/cinder/cinder.conf $ stat -L -c \"%a\" /etc/cinder/api-paste.ini $ stat -L -c \"%a\" /etc/cinder/policy.json $ stat -L -c \"%a\" /etc/cinder/rootwrap.conf $ stat -L -c \"%a\" /etc/cinder \u8fd8\u53ef\u4ee5\u8fdb\u884c\u66f4\u5e7f\u6cdb\u7684\u9650\u5236\uff1a\u5982\u679c\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\uff0c\u5219\u4fdd\u8bc1\u6b64\u76ee\u5f55\u4e2d\u65b0\u521b\u5efa\u7684\u6587\u4ef6\u5177\u6709\u6240\u9700\u7684\u6743\u9650\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u6743\u9650\u8bbe\u7f6e\u4e3a 640 \u6216\u66f4\u4e25\u683c\uff0c\u6216\u8005\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\u3002640/750 \u7684\u6743\u9650\u8f6c\u6362\u4e3a\u6240\u6709\u8005 r/w\u3001\u7ec4 r\uff0c\u800c\u5bf9\u5176\u4ed6\u4eba\u6ca1\u6709\u6743\u9650\uff0c\u5373\u201cu=rw\uff0cg=r\uff0co=\u201d\u3002\u8bf7\u6ce8\u610f\uff0c\u4f7f\u7528 Check-Block-01 \u65f6\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/cinder\uff1f\u6743\u9650\u8bbe\u7f6e\u4e3a 640\uff0croot \u5177\u6709\u8bfb/\u5199\u8bbf\u95ee\u6743\u9650\uff0ccinder \u5177\u6709\u5bf9\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u8bfb\u53d6\u8bbf\u95ee\u6743\u9650\u3002\u4e5f\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u9a8c\u8bc1\u8bbf\u95ee\u6743\u9650\u3002\u4ec5\u5f53\u6b64\u547d\u4ee4\u652f\u6301 ACL \u65f6\uff0c\u5b83\u624d\u5728\u60a8\u7684\u7cfb\u7edf\u4e0a\u53ef\u7528\u3002 $ getfacl --tabular -a /etc/cinder/cinder.conf getfacl: Removing leading '/' from absolute path names # file: etc/cinder/cinder.conf USER root rw- GROUP cinder r-- mask r-- other --- \u5931\u8d25\uff1a\u5982\u679c\u6743\u9650\u672a\u8bbe\u7f6e\u4e3a\u81f3\u5c11 640\u3002","title":"Check-Block-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f"},{"location":"security/security-guide/#check-block-03keystone","text":"\u6ce8\u610f \u6b64\u9879\u4ec5\u9002\u7528\u4e8e OpenStack \u7248\u672c Rocky \u53ca\u4e4b\u524d\u7248\u672c\uff0c\u56e0\u4e3a `auth_strategy` Stein \u4e2d\u5df2\u5f03\u7528\u3002 OpenStack \u652f\u6301\u5404\u79cd\u8eab\u4efd\u9a8c\u8bc1\u7b56\u7565\uff0c\u5982 noauth\u3001keystone \u7b49\u3002\u5982\u679c\u4f7f\u7528\u201cnoauth\u201d\u7b56\u7565\uff0c\u90a3\u4e48\u7528\u6237\u65e0\u9700\u4efb\u4f55\u8eab\u4efd\u9a8c\u8bc1\u5373\u53ef\u4e0eOpenStack\u670d\u52a1\u8fdb\u884c\u4ea4\u4e92\u3002\u8fd9\u53ef\u80fd\u662f\u4e00\u4e2a\u6f5c\u5728\u7684\u98ce\u9669\uff0c\u56e0\u4e3a\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u83b7\u5f97\u5bf9 OpenStack \u7ec4\u4ef6\u7684\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002\u56e0\u6b64\uff0c\u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\u6240\u6709\u670d\u52a1\u90fd\u5fc5\u987b\u4f7f\u7528\u5176\u670d\u52a1\u5e10\u6237\u901a\u8fc7 keystone \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 auth_strategy \u8bbe\u7f6e\u4e3a keystone \u3002 [DEFAULT] /etc/cinder/cinder.conf \u5931\u8d25\uff1a\u5982\u679c section \u4e0b\u7684 [DEFAULT] \u53c2\u6570 auth_strategy \u503c\u8bbe\u7f6e\u4e3a noauth \u3002","title":"Check-Block-03\uff1aKeystone \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f"},{"location":"security/security-guide/#check-block-04-tls","text":"OpenStack \u7ec4\u4ef6\u4f7f\u7528\u5404\u79cd\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\uff0c\u901a\u4fe1\u53ef\u80fd\u6d89\u53ca\u654f\u611f/\u673a\u5bc6\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5c1d\u8bd5\u7a83\u542c\u9891\u9053\u4ee5\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u56e0\u6b64\uff0c\u6240\u6709\u7ec4\u4ef6\u90fd\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u7684\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in /etc/cinder/cinder.conf \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a Identity API \u7aef\u70b9\u5f00\u5934\uff0c https:// \u5e76\u4e14 same /etc/cinder/cinder.conf \u4e2d\u540c\u4e00 [keystone_authtoken] \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri insecure \u503c\u8bbe\u7f6e\u4e3a False \u3002 \u5931\u8d25\uff1a\u5982\u679c in /etc/cinder/cinder.conf \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri \u503c\u672a\u8bbe\u7f6e\u4e3a\u4ee5 \u5f00\u5934\u7684\u8eab\u4efd API \u7aef\u70b9\uff0c https:// \u6216\u8005\u540c\u4e00 /etc/cinder/cinder.conf \u90e8\u5206\u4e2d\u7684\u53c2\u6570 insecure [keystone_authtoken] \u503c\u8bbe\u7f6e\u4e3a True \u3002","title":"Check-Block-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f"},{"location":"security/security-guide/#check-block-05cinder-tls-nova","text":"OpenStack \u7ec4\u4ef6\u4f7f\u7528\u5404\u79cd\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\uff0c\u901a\u4fe1\u53ef\u80fd\u6d89\u53ca\u654f\u611f/\u673a\u5bc6\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5c1d\u8bd5\u7a83\u542c\u9891\u9053\u4ee5\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u56e0\u6b64\uff0c\u6240\u6709\u7ec4\u4ef6\u90fd\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u7684\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 nova_api_insecure \u8bbe\u7f6e\u4e3a False \u3002 [DEFAULT] /etc/cinder/cinder.conf \u5931\u8d25\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 nova_api_insecure \u8bbe\u7f6e\u4e3a True \u3002 [DEFAULT] /etc/cinder/cinder.conf","title":"Check-Block-05\uff1acinder \u662f\u5426\u901a\u8fc7 TLS \u4e0e nova \u901a\u4fe1\uff1f"},{"location":"security/security-guide/#check-block-06cinder-tls-glance","text":"\u4e0e\u4e4b\u524d\u7684\u68c0\u67e5\uff08Check-Block-05\uff1acinder \u662f\u5426\u901a\u8fc7 TLS \u4e0e nova \u901a\u4fe1\uff1f\uff09\u7c7b\u4f3c\uff0c\u6211\u4eec\u5efa\u8bae\u6240\u6709\u7ec4\u4ef6\u4f7f\u7528\u5b89\u5168\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c in \u90e8\u5206\u4e0b\u7684 [DEFAULT] \u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a False \u5e76\u4e14\u53c2\u6570 glance_api_servers glance_api_insecure \u503c\u8bbe\u7f6e\u4e3a\u4ee5 https:// \u5f00\u5934 /etc/cinder/cinder.conf \u7684\u503c\u3002 \u5931\u8d25\uff1a\u5982\u679c\u5c06 section in \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a True \u6216\u53c2\u6570 glance_api_servers glance_api_insecure \u503c\u8bbe\u7f6e\u4e3a\u4e0d\u4ee5 https:// \u5f00\u5934\u7684\u503c\u3002 [DEFAULT] /etc/cinder/cinder.conf","title":"Check-Block-06\uff1acinder \u662f\u5426\u901a\u8fc7 TLS \u4e0e glance \u901a\u4fe1\uff1f"},{"location":"security/security-guide/#check-block-07-nas","text":"Cinder \u652f\u6301 NFS \u9a71\u52a8\u7a0b\u5e8f\uff0c\u5176\u5de5\u4f5c\u65b9\u5f0f\u4e0e\u4f20\u7edf\u7684\u5757\u5b58\u50a8\u9a71\u52a8\u7a0b\u5e8f\u4e0d\u540c\u3002NFS \u9a71\u52a8\u7a0b\u5e8f\u5b9e\u9645\u4e0a\u4e0d\u5141\u8bb8\u5b9e\u4f8b\u5728\u5757\u7ea7\u522b\u8bbf\u95ee\u5b58\u50a8\u8bbe\u5907\u3002\u76f8\u53cd\uff0c\u6587\u4ef6\u662f\u5728 NFS \u5171\u4eab\u4e0a\u521b\u5efa\u7684\uff0c\u5e76\u6620\u5c04\u5230\u6a21\u62df\u5757\u50a8\u5b58\u8bbe\u5907\u7684\u5b9e\u4f8b\u3002Cinder \u901a\u8fc7\u5728\u521b\u5efa Cinder \u5377\u65f6\u63a7\u5236\u6587\u4ef6\u6743\u9650\u6765\u652f\u6301\u6b64\u7c7b\u6587\u4ef6\u7684\u5b89\u5168\u914d\u7f6e\u3002Cinder \u914d\u7f6e\u8fd8\u53ef\u4ee5\u63a7\u5236\u662f\u4ee5 root \u7528\u6237\u8eab\u4efd\u8fd8\u662f\u5f53\u524d OpenStack \u8fdb\u7a0b\u7528\u6237\u8eab\u4efd\u8fd0\u884c\u6587\u4ef6\u64cd\u4f5c\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 nas_secure_file_permissions \u8bbe\u7f6e\u4e3a auto \u3002 [DEFAULT] /etc/cinder/cinder.conf \u5982\u679c\u8bbe\u7f6e\u4e3a auto \uff0c\u5219\u5728 cinder \u542f\u52a8\u671f\u95f4\u8fdb\u884c\u68c0\u67e5\u4ee5\u786e\u5b9a\u662f\u5426\u5b58\u5728\u73b0\u6709\u7684 cinder \u5377\uff0c\u4efb\u4f55\u5377\u90fd\u4e0d\u4f1a\u5c06\u9009\u9879\u8bbe\u7f6e\u4e3a True \uff0c\u5e76\u4f7f\u7528\u5b89\u5168\u6587\u4ef6\u6743\u9650\u3002\u68c0\u6d4b\u73b0\u6709\u5377\u4f1a\u5c06\u9009\u9879\u8bbe\u7f6e\u4e3a False \uff0c\u5e76\u4f7f\u7528\u5f53\u524d\u4e0d\u5b89\u5168\u7684\u65b9\u6cd5\u6765\u5904\u7406\u6587\u4ef6\u6743\u9650\u3002\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 nas_secure_file_operations \u8bbe\u7f6e\u4e3a auto \u3002 [DEFAULT] /etc/cinder/cinder.conf \u5f53\u8bbe\u7f6e\u4e3a\u201cauto\u201d\u65f6\uff0c\u5728 cinder \u542f\u52a8\u671f\u95f4\u8fdb\u884c\u68c0\u67e5\u4ee5\u786e\u5b9a\u662f\u5426\u5b58\u5728\u73b0\u6709\u7684 cinder \u5377\uff0c\u4efb\u4f55\u5377\u90fd\u4e0d\u4f1a\u5c06\u9009\u9879\u8bbe\u7f6e\u4e3a True \uff0c\u5b89\u5168\u4e14\u4e0d\u4ee5 root \u7528\u6237\u8eab\u4efd\u8fd0\u884c\u3002\u5bf9\u73b0\u6709\u5377\u7684\u68c0\u6d4b\u4f1a\u5c06\u9009\u9879\u8bbe\u7f6e\u4e3a False \uff0c\u5e76\u4f7f\u7528\u5f53\u524d\u65b9\u6cd5\u4ee5 root \u7528\u6237\u8eab\u4efd\u8fd0\u884c\u64cd\u4f5c\u3002\u5bf9\u4e8e\u65b0\u5b89\u88c5\uff0c\u4f1a\u7f16\u5199\u4e00\u4e2a\u201c\u6807\u8bb0\u6587\u4ef6\u201d\uff0c\u4ee5\u4fbf\u968f\u540e\u91cd\u65b0\u542f\u52a8 cinder \u5c06\u77e5\u9053\u539f\u59cb\u786e\u5b9a\u662f\u4ec0\u4e48\u3002 \u5931\u8d25\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a False \uff0c\u5e76\u4e14 section in /etc/cinder/cinder.conf /etc/cinder/cinder.conf \u4e0b\u7684 [DEFAULT] [DEFAULT] \u53c2\u6570 nas_secure_file_permissions nas_secure_file_operations \u503c\u8bbe\u7f6e\u4e3a False \u3002","title":"Check-Block-07\uff1a NAS \u662f\u5426\u5728\u5b89\u5168\u7684\u73af\u5883\u4e2d\u8fd0\u884c\uff1f"},{"location":"security/security-guide/#check-block-08-114688","text":"\u5982\u679c\u672a\u5b9a\u4e49\u6bcf\u4e2a\u8bf7\u6c42\u7684\u6700\u5927\u6b63\u6587\u5927\u5c0f\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u6784\u5efa\u4efb\u610f\u8f83\u5927\u7684osapi\u8bf7\u6c42\uff0c\u5bfc\u81f4\u670d\u52a1\u5d29\u6e83\uff0c\u6700\u7ec8\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u5206\u914d\u6700\u5927\u503c\u53ef\u786e\u4fdd\u963b\u6b62\u4efb\u4f55\u6076\u610f\u8d85\u5927\u8bf7\u6c42\uff0c\u4ece\u800c\u786e\u4fdd\u670d\u52a1\u7684\u6301\u7eed\u53ef\u7528\u6027\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a 114688 114688 \uff0c\u6216\u8005 section in /etc/cinder/cinder.conf /etc/cinder/cinder.conf \u4e0b\u7684 [oslo_middleware] [DEFAULT] \u53c2\u6570 osapi_max_request_body_size max_request_body_size \u503c\u8bbe\u7f6e\u4e3a \u3002 \u5931\u8d25\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570\u503c\u672a\u8bbe\u7f6e\u4e3a 114688 \uff0c 114688 \u6216\u8005 section in /etc/cinder/cinder.conf /etc/cinder/cinder.conf \u4e0b\u7684 [oslo_middleware] [DEFAULT] \u53c2\u6570 osapi_max_request_body_size max_request_body_size \u503c\u672a\u8bbe\u7f6e\u4e3a \u3002","title":"Check-Block-08\uff1a\u8bf7\u6c42\u6b63\u6587\u7684\u6700\u5927\u5927\u5c0f\u662f\u5426\u8bbe\u7f6e\u4e3a\u9ed8\u8ba4\u503c \uff08114688\uff09\uff1f"},{"location":"security/security-guide/#check-block-09","text":"\u672a\u52a0\u5bc6\u7684\u5377\u6570\u636e\u4f7f\u5377\u6258\u7ba1\u5e73\u53f0\u6210\u4e3a\u653b\u51fb\u8005\u7279\u522b\u9ad8\u4ef7\u503c\u7684\u76ee\u6807\uff0c\u56e0\u4e3a\u5b83\u5141\u8bb8\u653b\u51fb\u8005\u8bfb\u53d6\u8bb8\u591a\u4e0d\u540c VM \u7684\u6570\u636e\u3002\u6b64\u5916\uff0c\u7269\u7406\u5b58\u50a8\u4ecb\u8d28\u53ef\u80fd\u4f1a\u88ab\u7a83\u53d6\u3001\u91cd\u65b0\u88c5\u8f7d\u548c\u4ece\u53e6\u4e00\u53f0\u8ba1\u7b97\u673a\u8bbf\u95ee\u3002\u52a0\u5bc6\u5377\u6570\u636e\u53ef\u4ee5\u964d\u4f4e\u8fd9\u4e9b\u98ce\u9669\uff0c\u5e76\u4e3a\u5377\u6258\u7ba1\u5e73\u53f0\u63d0\u4f9b\u6df1\u5ea6\u9632\u5fa1\u3002\u5757\u5b58\u50a8 \uff08cinder\uff09 \u80fd\u591f\u5728\u5c06\u5377\u6570\u636e\u5199\u5165\u78c1\u76d8\u4e4b\u524d\u5bf9\u5176\u8fdb\u884c\u52a0\u5bc6\uff0c\u56e0\u6b64\u5efa\u8bae\u5f00\u542f\u5377\u52a0\u5bc6\u529f\u80fd\u3002\u6709\u5173\u8bf4\u660e\uff0c\u8bf7\u53c2\u9605 Openstack Cinder \u670d\u52a1\u914d\u7f6e\u6587\u6863\u7684\u5377\u52a0\u5bc6\u90e8\u5206\u3002 \u901a\u8fc7\uff1a\u5982\u679c 1\uff09 \u8bbe\u7f6e\u4e86 in [key_manager] \u90e8\u5206\u4e0b\u7684\u53c2\u6570\u503c\uff0c2\uff09 \u8bbe\u7f6e\u4e86 in \u4e0b\u7684 [key_manager] \u53c2\u6570 backend backend \u503c\uff0c\u4ee5\u53ca 3\uff09 \u5982\u679c\u6b63\u786e\u9075\u5faa\u4e86 /etc/cinder/cinder.conf /etc/nova/nova.conf \u4e0a\u8ff0\u6587\u6863\u4e2d\u7684\u8bf4\u660e\u3002 \u82e5\u8981\u8fdb\u4e00\u6b65\u9a8c\u8bc1\uff0c\u8bf7\u5728\u5b8c\u6210\u5377\u52a0\u5bc6\u8bbe\u7f6e\u5e76\u4e3a LUKS \u521b\u5efa\u5377\u7c7b\u578b\u540e\u6267\u884c\u8fd9\u4e9b\u6b65\u9aa4\uff0c\u5982\u4e0a\u8ff0\u6587\u6863\u4e2d\u6240\u8ff0\u3002 \u521b\u5efa VM\uff1a $ openstack server create --image cirros-0.3.1-x86_64-disk --flavor m1.tiny TESTVM \u521b\u5efa\u52a0\u5bc6\u5377\u5e76\u5c06\u5176\u9644\u52a0\u5230 VM\uff1a $ openstack volume create --size 1 --type LUKS 'encrypted volume' $ openstack volume list $ openstack server add volume --device /dev/vdb TESTVM 'encrypted volume' \u5728 VM \u4e0a\uff0c\u5c06\u4e00\u4e9b\u6587\u672c\u53d1\u9001\u5230\u65b0\u9644\u52a0\u7684\u5377\u5e76\u540c\u6b65\u5b83\uff1a # echo \"Hello, world (encrypted /dev/vdb)\" >> /dev/vdb # sync && sleep 2 \u5728\u6258\u7ba1 cinder \u5377\u670d\u52a1\u7684\u7cfb\u7edf\u4e0a\uff0c\u540c\u6b65\u4ee5\u5237\u65b0 I/O \u7f13\u5b58\uff0c\u7136\u540e\u6d4b\u8bd5\u662f\u5426\u53ef\u4ee5\u627e\u5230\u5b57\u7b26\u4e32\uff1a # sync && sleep 2 # strings /dev/stack-volumes/volume-* | grep \"Hello\" \u641c\u7d22\u4e0d\u5e94\u8fd4\u56de\u5199\u5165\u52a0\u5bc6\u5377\u7684\u5b57\u7b26\u4e32\u3002 \u5931\u8d25\uff1a\u5982\u679c\u672a\u8bbe\u7f6e in \u90e8\u5206\u4e0b\u7684\u53c2\u6570\u503c\uff0c\u6216\u8005\u672a\u8bbe\u7f6e in /etc/cinder/cinder.conf /etc/nova/nova.conf \u90e8\u5206\u4e0b\u7684 [key_manager] [key_manager] \u53c2\u6570 backend backend \u503c\uff0c\u6216\u8005\u672a\u6b63\u786e\u9075\u5faa\u4e0a\u8ff0\u6587\u6863\u4e2d\u7684\u8bf4\u660e\u3002","title":"Check-Block-09\uff1a\u662f\u5426\u542f\u7528\u4e86\u5377\u52a0\u5bc6\u529f\u80fd\uff1f"},{"location":"security/security-guide/#_170","text":"OpenStack Image Storage \uff08glance\uff09 \u662f\u4e00\u9879\u670d\u52a1\uff0c\u7528\u6237\u53ef\u4ee5\u5728\u5176\u4e2d\u4e0a\u4f20\u548c\u53d1\u73b0\u65e8\u5728\u4e0e\u5176\u4ed6\u670d\u52a1\u4e00\u8d77\u4f7f\u7528\u7684\u6570\u636e\u8d44\u4ea7\u3002\u8fd9\u76ee\u524d\u5305\u62ec\u56fe\u50cf\u548c\u5143\u6570\u636e\u5b9a\u4e49\u3002 \u6620\u50cf\u670d\u52a1\u5305\u62ec\u53d1\u73b0\u3001\u6ce8\u518c\u548c\u68c0\u7d22\u865a\u62df\u673a\u6620\u50cf\u3002Glance \u6709\u4e00\u4e2a RESTful API\uff0c\u5141\u8bb8\u67e5\u8be2 VM \u6620\u50cf\u5143\u6570\u636e\u4ee5\u53ca\u68c0\u7d22\u5b9e\u9645\u6620\u50cf\u3002 \u6709\u5173\u8be5\u670d\u52a1\u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 OpenStack Glance \u6587\u6863\u3002 \u68c0\u67e5\u8868 Check-Image-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/glance\uff1f Check-Image-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Image-03\uff1aKeystone \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Image-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Image-05\uff1a\u662f\u5426\u963b\u6b62\u4e86\u5c4f\u853d\u7aef\u53e3\u626b\u63cf\uff1f \u6ce8\u610f \u867d\u7136\u672c\u7ae0\u76ee\u524d\u5bf9\u5177\u4f53\u6307\u5357\u7684\u4ecb\u7ecd\u5f88\u5c11\uff0c\u4f46\u9884\u8ba1\u5c06\u9075\u5faa\u6807\u51c6\u7684\u5f3a\u5316\u5b9e\u8df5\u3002\u672c\u8282\u5c06\u6269\u5c55\u76f8\u5173\u4fe1\u606f\u3002","title":"\u56fe\u50cf\u5b58\u50a8"},{"location":"security/security-guide/#_171","text":"","title":"\u68c0\u67e5\u8868"},{"location":"security/security-guide/#check-image-01-rootglance","text":"\u914d\u7f6e\u6587\u4ef6\u5305\u542b\u7ec4\u4ef6\u5e73\u7a33\u8fd0\u884c\u6240\u9700\u7684\u5173\u952e\u53c2\u6570\u548c\u4fe1\u606f\u3002\u5982\u679c\u975e\u7279\u6743\u7528\u6237\u6709\u610f\u6216\u65e0\u610f\u5730\u4fee\u6539\u6216\u5220\u9664\u4efb\u4f55\u53c2\u6570\u6216\u6587\u4ef6\u672c\u8eab\uff0c\u5219\u4f1a\u5bfc\u81f4\u4e25\u91cd\u7684\u53ef\u7528\u6027\u95ee\u9898\uff0c\u4ece\u800c\u5bfc\u81f4\u62d2\u7edd\u5411\u5176\u4ed6\u6700\u7ec8\u7528\u6237\u63d0\u4f9b\u670d\u52a1\u3002\u56e0\u6b64\uff0c\u5fc5\u987b\u5c06\u6b64\u7c7b\u5173\u952e\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u6240\u6709\u6743\u8bbe\u7f6e\u4e3a glance \uff0c root \u5e76\u4e14\u5fc5\u987b\u5c06\u7ec4\u6240\u6709\u6743\u8bbe\u7f6e\u4e3a \u3002\u6b64\u5916\uff0c\u5305\u542b\u76ee\u5f55\u5e94\u5177\u6709\u76f8\u540c\u7684\u6240\u6709\u6743\uff0c\u4ee5\u786e\u4fdd\u6b63\u786e\u62e5\u6709\u65b0\u6587\u4ef6\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%U %G\" /etc/glance/glance-api-paste.ini | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance/glance-api.conf | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance/glance-cache.conf | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance/glance-manage.conf | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance/glance-registry-paste.ini | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance/glance-registry.conf | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance/glance-scrubber.conf | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance/glance-swift-store.conf | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance/policy.json | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance/schema-image.json | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance/schema.json | egrep \"root glance\" $ stat -L -c \"%U %G\" /etc/glance | egrep \"root glance\" \u901a\u8fc7\uff1a\u5982\u679c\u6240\u6709\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u5206\u522b\u8bbe\u7f6e\u4e3a root \u548c glance\u3002\u4e0a\u9762\u7684\u547d\u4ee4\u663e\u793a\u4e86 root glance \u7684\u8f93\u51fa\u3002 \u5931\u8d25\uff1a\u5982\u679c\u4e0a\u8ff0\u547d\u4ee4\u4e0d\u8fd4\u56de\u4efb\u4f55\u8f93\u51fa\u3002","title":"Check-Image-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/glance\uff1f"},{"location":"security/security-guide/#check-image-02","text":"\u4e0e\u524d\u9762\u7684\u68c0\u67e5\u7c7b\u4f3c\uff0c\u6211\u4eec\u5efa\u8bae\u60a8\u4e3a\u6b64\u7c7b\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e25\u683c\u7684\u8bbf\u95ee\u6743\u9650\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%a\" /etc/glance/glance-api-paste.ini $ stat -L -c \"%a\" /etc/glance/glance-api.conf $ stat -L -c \"%a\" /etc/glance/glance-cache.conf $ stat -L -c \"%a\" /etc/glance/glance-manage.conf $ stat -L -c \"%a\" /etc/glance/glance-registry-paste.ini $ stat -L -c \"%a\" /etc/glance/glance-registry.conf $ stat -L -c \"%a\" /etc/glance/glance-scrubber.conf $ stat -L -c \"%a\" /etc/glance/glance-swift-store.conf $ stat -L -c \"%a\" /etc/glance/policy.json $ stat -L -c \"%a\" /etc/glance/schema-image.json $ stat -L -c \"%a\" /etc/glance/schema.json $ stat -L -c \"%a\" /etc/glance \u8fd8\u53ef\u4ee5\u8fdb\u884c\u66f4\u5e7f\u6cdb\u7684\u9650\u5236\uff1a\u5982\u679c\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\uff0c\u5219\u4fdd\u8bc1\u6b64\u76ee\u5f55\u4e2d\u65b0\u521b\u5efa\u7684\u6587\u4ef6\u5177\u6709\u6240\u9700\u7684\u6743\u9650\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u6743\u9650\u8bbe\u7f6e\u4e3a 640 \u6216\u66f4\u4e25\u683c\uff0c\u6216\u8005\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\u3002640/750 \u7684\u6743\u9650\u8f6c\u6362\u4e3a\u6240\u6709\u8005 r/w\u3001\u7ec4 r\uff0c\u800c\u5bf9\u5176\u4ed6\u4eba\u6ca1\u6709\u6743\u9650\u3002\u4f8b\u5982\uff0c u=rw,g=r,o= . \u6ce8\u610f \u4f7f\u7528 Check-Image-01\uff1a Devices / Group Ownership of config files \u662f\u5426\u8bbe\u7f6e\u4e3a root/glance\uff1f\uff0c\u6743\u9650\u8bbe\u7f6e\u4e3a 640\uff0c\u5219 root \u5177\u6709\u8bfb/\u5199\u8bbf\u95ee\u6743\u9650\uff0cglance \u5177\u6709\u5bf9\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u8bfb\u53d6\u8bbf\u95ee\u6743\u9650\u3002\u4e5f\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u9a8c\u8bc1\u8bbf\u95ee\u6743\u9650\u3002\u4ec5\u5f53\u6b64\u547d\u4ee4\u652f\u6301 ACL \u65f6\uff0c\u5b83\u624d\u5728\u60a8\u7684\u7cfb\u7edf\u4e0a\u53ef\u7528\u3002 $ getfacl --tabular -a /etc/glance/glance-api.conf getfacl: Removing leading '/' from absolute path names # file: /etc/glance/glance-api.conf USER root rw- GROUP glance r-- mask r-- other --- \u5931\u8d25\uff1a\u5982\u679c\u6743\u9650\u672a\u8bbe\u7f6e\u4e3a\u81f3\u5c11 640\u3002","title":"Check-Image-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f"},{"location":"security/security-guide/#check-image-03keystone","text":"\u6ce8\u610f \u6b64\u9879\u4ec5\u9002\u7528\u4e8e OpenStack \u7248\u672c Rocky \u53ca\u4e4b\u524d\u7248\u672c\uff0c\u56e0\u4e3a `auth_strategy` Stein \u4e2d\u5df2\u5f03\u7528\u3002 OpenStack \u652f\u6301\u5404\u79cd\u8eab\u4efd\u9a8c\u8bc1\u7b56\u7565\uff0c\u5305\u62ec noauth \u548c keystone\u3002\u5982\u679c\u4f7f\u7528\u8be5 noauth \u7b56\u7565\uff0c\u5219\u7528\u6237\u65e0\u9700\u4efb\u4f55\u8eab\u4efd\u9a8c\u8bc1\u5373\u53ef\u4e0e OpenStack \u670d\u52a1\u8fdb\u884c\u4ea4\u4e92\u3002\u8fd9\u53ef\u80fd\u662f\u4e00\u4e2a\u6f5c\u5728\u7684\u98ce\u9669\uff0c\u56e0\u4e3a\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u83b7\u5f97\u5bf9 OpenStack \u7ec4\u4ef6\u7684\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002\u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\u6240\u6709\u670d\u52a1\u90fd\u5fc5\u987b\u4f7f\u7528\u5176\u670d\u52a1\u5e10\u6237\u901a\u8fc7 keystone \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a \uff0c keystone \u5e76\u4e14 section in /etc/glance/glance-api.conf /etc/glance /glance-registry.conf \u4e0b\u7684 [DEFAULT] [DEFAULT] \u53c2\u6570 auth_strategy auth_strategy \u503c\u8bbe\u7f6e\u4e3a keystone \u3002 \u5931\u8d25\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a noauth \u6216 section in /etc/glance/glance-api.conf /etc/glance/glance- registry.conf \u4e0b\u7684 [DEFAULT] [DEFAULT] \u53c2\u6570 auth_strategy auth_strategy \u503c\u8bbe\u7f6e\u4e3a noauth \u3002","title":"Check-Image-03\uff1aKeystone \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f"},{"location":"security/security-guide/#check-image-04-tls","text":"OpenStack \u7ec4\u4ef6\u4f7f\u7528\u5404\u79cd\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\uff0c\u901a\u4fe1\u53ef\u80fd\u6d89\u53ca\u654f\u611f\u6216\u673a\u5bc6\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5c1d\u8bd5\u7a83\u542c\u9891\u9053\u4ee5\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u6240\u6709\u7ec4\u4ef6\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u7684\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a\u4ee5 \u5f00\u5934\u7684 Identity API \u7aef\u70b9 https:// \uff0c\u5e76\u4e14\u8be5\u53c2\u6570 insecure www_authenticate_uri \u7684\u503c\u4f4d\u4e8e same /etc/glance/glance-registry.conf \u4e2d\u7684\u540c\u4e00 [keystone_authtoken] \u90e8\u5206\u4e0b\uff0c\u5219\u8bbe\u7f6e\u4e3a False \u3002 [keystone_authtoken] /etc/glance/glance-api.conf \u5931\u8d25\uff1a\u5982\u679c \u4e2d\u7684 /etc/glance/glance-api.conf \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri \u503c\u672a\u8bbe\u7f6e\u4e3a\u4ee5 https:// \u5f00\u5934\u7684\u6807\u8bc6 API \u7aef\u70b9\uff0c\u6216\u8005\u540c\u4e00 /etc/glance/glance-api.conf \u90e8\u5206\u4e2d\u7684\u53c2\u6570 insecure [keystone_authtoken] \u503c\u8bbe\u7f6e\u4e3a True \u3002","title":"Check-Image-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f"},{"location":"security/security-guide/#check-image-05","text":"Glance \u63d0\u4f9b\u7684\u6620\u50cf\u670d\u52a1 API v1 \u4e2d\u7684 copy_from \u529f\u80fd\u53ef\u5141\u8bb8\u653b\u51fb\u8005\u6267\u884c\u5c4f\u853d\u7684\u7f51\u7edc\u7aef\u53e3\u626b\u63cf\u3002\u5982\u679c\u542f\u7528\u4e86 v1 API\uff0c\u5219\u5e94\u5c06\u6b64\u7b56\u7565\u8bbe\u7f6e\u4e3a\u53d7\u9650\u503c\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 copy_from in /etc/glance/policy.json \u7684\u503c\u8bbe\u7f6e\u4e3a\u53d7\u9650\u503c\uff0c\u4f8b\u5982 role:admin . \u5931\u8d25\uff1a\u672a\u8bbe\u7f6e\u53c2\u6570 copy_from in /etc/glance/policy.json \u7684\u503c\u3002","title":"Check-Image-05\uff1a\u662f\u5426\u963b\u6b62\u4e86\u5c4f\u853d\u7aef\u53e3\u626b\u63cf\uff1f"},{"location":"security/security-guide/#_172","text":"\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\uff08manila\uff09\u63d0\u4f9b\u4e86\u4e00\u7ec4\u670d\u52a1\uff0c\u7528\u4e8e\u7ba1\u7406\u591a\u79df\u6237\u4e91\u73af\u5883\u4e2d\u7684\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u3002\u5b83\u7c7b\u4f3c\u4e8eOpenStack\u901a\u8fc7OpenStack\u5757\u5b58\u50a8\u670d\u52a1\uff08cinder\uff09\u9879\u76ee\u63d0\u4f9b\u57fa\u4e8e\u5757\u7684\u5b58\u50a8\u7ba1\u7406\u7684\u65b9\u5f0f\u3002\u4f7f\u7528\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\uff0c\u60a8\u53ef\u4ee5\u521b\u5efa\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u5e76\u7ba1\u7406\u5176\u5c5e\u6027\uff0c\u4f8b\u5982\u53ef\u89c1\u6027\u3001\u53ef\u8bbf\u95ee\u6027\u548c\u4f7f\u7528\u914d\u989d\u3002 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u9002\u7528\u4e8e\u4f7f\u7528\u4ee5\u4e0b\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\u7684\u5404\u79cd\u5b58\u50a8\u63d0\u4f9b\u7a0b\u5e8f\uff1aNFS\u3001CIFS\u3001GlusterFS \u548c HDFS\u3002 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u7684\u7528\u9014\u4e0e Amazon Elastic File System \uff08EFS\uff09 \u76f8\u540c\u3002 \u4ecb\u7ecd \u4e00\u822c\u5b89\u5168\u4fe1\u606f \u7f51\u7edc\u548c\u5b89\u5168\u6a21\u578b \u5171\u4eab\u540e\u7aef\u6a21\u5f0f \u6241\u5e73\u5316\u7f51\u7edc\u4e0e\u5206\u6bb5\u5316\u7f51\u7edc \u7f51\u7edc\u63d2\u4ef6 \u5b89\u5168\u670d\u52a1 \u5b89\u5168\u670d\u52a1\u7b80\u4ecb \u5b89\u5168\u670d\u52a1\u7ba1\u7406 \u5171\u4eab\u8bbf\u95ee\u63a7\u5236 \u5171\u4eab\u7c7b\u578b\u8bbf\u95ee\u63a7\u5236 \u653f\u7b56 \u68c0\u67e5\u8868 Check-Shared-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/manila\uff1f Check-Shared-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Shared-03\uff1aOpenStack Identity \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Shared-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Shared-05\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u8ba1\u7b97\u8054\u7cfb\uff1f Check-Shared-06\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u7f51\u7edc\u8054\u7cfb\uff1f Check-Shared-07\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u5757\u5b58\u50a8\u8054\u7cfb\uff1f Check-Shared-08\uff1a\u8bf7\u6c42\u6b63\u6587\u7684\u6700\u5927\u5927\u5c0f\u662f\u5426\u8bbe\u7f6e\u4e3a\u9ed8\u8ba4\u503c \uff08114688\uff09\uff1f","title":"\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf"},{"location":"security/security-guide/#_173","text":"\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\uff08\u9a6c\u5c3c\u62c9\uff09\u65e8\u5728\u5728\u5355\u8282\u70b9\u6216\u8de8\u591a\u4e2a\u8282\u70b9\u8fd0\u884c\u3002\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u7531\u56db\u4e2a\u4e3b\u8981\u670d\u52a1\u7ec4\u6210\uff0c\u5b83\u4eec\u7c7b\u4f3c\u4e8e\u5757\u5b58\u50a8\u670d\u52a1\uff1a manila-api manila-scheduler manila-share manila-data manila-api \u63d0\u4f9b\u7a33\u5b9a RESTful API \u7684\u670d\u52a1\u3002\u8be5\u670d\u52a1\u5728\u6574\u4e2a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4e2d\u5bf9\u8bf7\u6c42\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u548c\u8def\u7531\u3002\u6709 python-manilaclient \u53ef\u4ee5\u4e0e API \u4ea4\u4e92\u3002\u6709\u5173\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf API \u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 OpenStack \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf API\u3002 manila-share \u8d1f\u8d23\u7ba1\u7406\u5171\u4eab\u6587\u4ef6\u670d\u52a1\u8bbe\u5907\uff0c\u7279\u522b\u662f\u540e\u7aef\u8bbe\u5907\u3002 manila-scheduler \u8d1f\u8d23\u5b89\u6392\u8bf7\u6c42\u5e76\u5c06\u5176\u8def\u7531\u5230\u76f8\u5e94\u7684 manila-share \u670d\u52a1\u3002\u5b83\u901a\u8fc7\u9009\u62e9\u4e00\u4e2a\u540e\u7aef\uff0c\u540c\u65f6\u8fc7\u6ee4\u9664\u4e00\u4e2a\u540e\u7aef\u4e4b\u5916\u7684\u6240\u6709\u540e\u7aef\u6765\u5b9e\u73b0\u8fd9\u4e00\u70b9\u3002 manila-data \u6b64\u670d\u52a1\u8d1f\u8d23\u7ba1\u7406\u6570\u636e\u64cd\u4f5c\uff0c\u5982\u679c\u4e0d\u5355\u72ec\u5904\u7406\uff0c\u53ef\u80fd\u9700\u8981\u5f88\u957f\u65f6\u95f4\u624d\u80fd\u5b8c\u6210\uff0c\u5e76\u963b\u6b62\u5176\u4ed6\u670d\u52a1\u3002 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4f7f\u7528\u57fa\u4e8e SQL \u7684\u4e2d\u592e\u6570\u636e\u5e93\uff0c\u8be5\u6570\u636e\u5e93\u7531\u7cfb\u7edf\u4e2d\u7684\u6240\u6709\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5171\u4eab\u3002\u5b83\u53ef\u4ee5\u4f7f\u7528 ORM SQLALcvery \u652f\u6301\u7684\u4efb\u4f55 SQL \u65b9\u8a00\uff0c\u4f46\u4ec5\u4f7f\u7528 MySQL \u548c PostgreSQL \u6570\u636e\u5e93\u8fdb\u884c\u6d4b\u8bd5\u3002 \u4f7f\u7528 SQL\uff0c\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u7c7b\u4f3c\u4e8e\u5176\u4ed6 OpenStack \u670d\u52a1\uff0c\u53ef\u4ee5\u4e0e\u4efb\u4f55 OpenStack \u90e8\u7f72\u4e00\u8d77\u4f7f\u7528\u3002\u6709\u5173 API \u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 OpenStack \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf API \u8bf4\u660e\u3002\u6709\u5173 CLI \u7528\u6cd5\u548c\u914d\u7f6e\u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u4e91\u7ba1\u7406\u6307\u5357\u3002 \u4e0b\u56fe\u4e2d\uff0c\u60a8\u53ef\u4ee5\u770b\u5230\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u7684\u4e0d\u540c\u90e8\u5206\u5982\u4f55\u76f8\u4e92\u4ea4\u4e92\u3002 \u9664\u4e86\u5df2\u7ecf\u63cf\u8ff0\u7684\u670d\u52a1\u4e4b\u5916\uff0c\u60a8\u8fd8\u53ef\u4ee5\u5728\u56fe\u50cf\u4e0a\u770b\u5230\u53e6\u5916\u4e24\u4e2a\u5b9e\u4f53\uff1a python-manilaclient \u548c storage controller \u3002 python-manilaclient \u547d\u4ee4\u884c\u754c\u9762\uff0c\u7528\u4e8e\u901a\u8fc7 manila-api \u4e0e\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u8fdb\u884c\u4ea4\u4e92\uff0c\u4ee5\u53ca\u7528\u4e8e\u4ee5\u7f16\u7a0b\u65b9\u5f0f\u4e0e\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4ea4\u4e92\u7684 Python \u6a21\u5757\u3002 Storage controller \u901a\u5e38\u662f\u4e00\u4e2a\u91d1\u5c5e\u76d2\uff0c\u5e26\u6709\u65cb\u8f6c\u78c1\u76d8\u3001\u4ee5\u592a\u7f51\u7aef\u53e3\u548c\u67d0\u79cd\u8f6f\u4ef6\uff0c\u5141\u8bb8\u7f51\u7edc\u5ba2\u6237\u7aef\u5728\u78c1\u76d8\u4e0a\u8bfb\u53d6\u548c\u5199\u5165\u6587\u4ef6\u3002\u8fd8\u6709\u4e00\u4e9b\u5728\u4efb\u610f\u786c\u4ef6\u4e0a\u8fd0\u884c\u7684\u7eaf\u8f6f\u4ef6\u5b58\u50a8\u63a7\u5236\u5668\uff0c\u7fa4\u96c6\u63a7\u5236\u5668\u53ef\u80fd\u5141\u8bb8\u591a\u4e2a\u7269\u7406\u8bbe\u5907\u663e\u793a\u4e3a\u5355\u4e2a\u5b58\u50a8\u63a7\u5236\u5668\uff0c\u6216\u7eaf\u865a\u62df\u5b58\u50a8\u63a7\u5236\u5668\u3002 \u5171\u4eab\u662f\u8fdc\u7a0b\u7684\u3001\u53ef\u88c5\u8f7d\u7684\u6587\u4ef6\u7cfb\u7edf\u3002\u60a8\u53ef\u4ee5\u4e00\u6b21\u5c06\u5171\u4eab\u88c5\u8f7d\u5230\u591a\u4e2a\u4e3b\u673a\uff0c\u4e5f\u53ef\u4ee5\u7531\u591a\u4e2a\u7528\u6237\u4ece\u591a\u4e2a\u4e3b\u673a\u8bbf\u95ee\u5171\u4eab\u3002 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u53ef\u4ee5\u4f7f\u7528\u4e0d\u540c\u7684\u7f51\u7edc\u7c7b\u578b\uff1a\u6241\u5e73\u7f51\u7edc\u3001VLAN\u3001VXLAN \u6216 GRE\uff0c\u5e76\u652f\u6301\u5206\u6bb5\u7f51\u7edc\u3002\u6b64\u5916\uff0c\u8fd8\u6709\u4e0d\u540c\u7684\u7f51\u7edc\u63d2\u4ef6\uff0c\u5b83\u4eec\u63d0\u4f9b\u4e86\u4e0e OpenStack \u63d0\u4f9b\u7684\u7f51\u7edc\u670d\u52a1\u7684\u5404\u79cd\u96c6\u6210\u65b9\u6cd5\u3002 \u4e0d\u540c\u4f9b\u5e94\u5546\u521b\u5efa\u4e86\u5927\u91cf\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\uff0c\u8fd9\u4e9b\u9a71\u52a8\u7a0b\u5e8f\u652f\u6301\u4e0d\u540c\u7684\u786c\u4ef6\u5b58\u50a8\u89e3\u51b3\u65b9\u6848\uff0c\u4f8b\u5982 NetApp \u96c6\u7fa4\u6a21\u5f0f Data ONTAP \uff08 cDOT \uff09\u9a71\u52a8\u7a0b\u5e8f\uff0c\u534e\u4e3a NAS \u9a71\u52a8\u7a0b\u5e8f\u6216 GlusterFS \u9a71\u52a8\u7a0b\u5e8f\u3002\u6bcf\u4e2a\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u90fd\u662f\u4e00\u4e2a Python \u7c7b\uff0c\u53ef\u4ee5\u4e3a\u540e\u7aef\u8bbe\u7f6e\u5e76\u5728\u540e\u7aef\u8fd0\u884c\u4ee5\u7ba1\u7406\u5171\u4eab\u64cd\u4f5c\uff0c\u5176\u4e2d\u4e00\u4e9b\u64cd\u4f5c\u53ef\u80fd\u662f\u7279\u5b9a\u4e8e\u4f9b\u5e94\u5546\u7684\u3002\u540e\u7aef\u662f manila-share \u670d\u52a1\u7684\u4e00\u4e2a\u5b9e\u4f8b\u3002 \u5ba2\u6237\u7aef\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743\u7684\u914d\u7f6e\u6570\u636e\u53ef\u4ee5\u7531\u5b89\u5168\u670d\u52a1\u5b58\u50a8\u3002\u53ef\u4ee5\u914d\u7f6e\u548c\u4f7f\u7528 LDAP\u3001Kerberos \u6216 Microsoft Active Directory \u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u7b49\u534f\u8bae\u3002 \u9664\u975e\u672a\u5728 policy.json \u4e2d\u663e\u5f0f\u66f4\u6539\uff0c\u5426\u5219\u7ba1\u7406\u5458\u6216\u62e5\u6709\u5171\u4eab\u7684\u79df\u6237\u90fd\u80fd\u591f\u7ba1\u7406\u5bf9\u5171\u4eab\u7684\u8bbf\u95ee\u3002\u8bbf\u95ee\u7ba1\u7406\u662f\u901a\u8fc7\u521b\u5efa\u8bbf\u95ee\u89c4\u5219\u6765\u5b8c\u6210\u7684\uff0c\u8be5\u89c4\u5219\u901a\u8fc7 IP \u5730\u5740\u3001\u7528\u6237\u3001\u7ec4\u6216 TLS \u8bc1\u4e66\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u53ef\u7528\u7684\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u53d6\u51b3\u4e8e\u60a8\u914d\u7f6e\u548c\u4f7f\u7528\u7684\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u548c\u5b89\u5168\u670d\u52a1\u3002 \u6ce8\u610f \u4e0d\u540c\u7684\u9a71\u52a8\u7a0b\u5e8f\u652f\u6301\u4e0d\u540c\u7684\u8bbf\u95ee\u9009\u9879\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u4f7f\u7528\u7684\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\u3002\u652f\u6301\u7684\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\u5305\u62ec NFS\u3001CIFS\u3001GlusterFS \u548c HDFS\u3002\u4f8b\u5982\uff0c\u901a\u7528\uff08\u5757\u5b58\u50a8\u4f5c\u4e3a\u540e\u7aef\uff09\u9a71\u52a8\u7a0b\u5e8f\u4e0d\u652f\u6301\u7528\u6237\u548c\u8bc1\u4e66\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u3002\u5b83\u8fd8\u4e0d\u652f\u6301\u4efb\u4f55\u5b89\u5168\u670d\u52a1\uff0c\u4f8b\u5982 LDAP\u3001Kerberos \u6216 Active Directory\u3002\u6709\u5173\u4e0d\u540c\u9a71\u52a8\u7a0b\u5e8f\u652f\u6301\u7684\u529f\u80fd\u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u9a6c\u5c3c\u62c9\u5171\u4eab\u529f\u80fd\u652f\u6301\u6620\u5c04\u3002 \u4f5c\u4e3a\u7ba1\u7406\u5458\uff0c\u60a8\u53ef\u4ee5\u521b\u5efa\u5171\u4eab\u7c7b\u578b\uff0c\u4f7f\u8ba1\u5212\u7a0b\u5e8f\u80fd\u591f\u5728\u521b\u5efa\u5171\u4eab\u4e4b\u524d\u7b5b\u9009\u540e\u7aef\u3002\u5171\u4eab\u7c7b\u578b\u5177\u6709\u989d\u5916\u7684\u89c4\u8303\uff0c\u60a8\u53ef\u4ee5\u4e3a\u8ba1\u5212\u7a0b\u5e8f\u8bbe\u7f6e\u8fd9\u4e9b\u89c4\u8303\uff0c\u4ee5\u7b5b\u9009\u548c\u6743\u8861\u540e\u7aef\uff0c\u4ee5\u4fbf\u4e3a\u8bf7\u6c42\u521b\u5efa\u5171\u4eab\u7684\u7528\u6237\u9009\u62e9\u9002\u5f53\u7684\u5171\u4eab\u7c7b\u578b\u3002\u5171\u4eab\u548c\u5171\u4eab\u7c7b\u578b\u53ef\u4ee5\u521b\u5efa\u4e3a\u516c\u5171\u6216\u79c1\u6709\u3002\u6b64\u53ef\u89c1\u6027\u7ea7\u522b\u5b9a\u4e49\u5176\u4ed6\u79df\u6237\u662f\u5426\u80fd\u591f\u770b\u5230\u8fd9\u4e9b\u5bf9\u8c61\u5e76\u5bf9\u5176\u8fdb\u884c\u64cd\u4f5c\u3002\u7ba1\u7406\u5458\u53ef\u4ee5\u4e3a\u8eab\u4efd\u670d\u52a1\u4e2d\u7684\u7279\u5b9a\u7528\u6237\u6216\u79df\u6237\u6dfb\u52a0\u5bf9\u4e13\u7528\u5171\u4eab\u7c7b\u578b\u7684\u8bbf\u95ee\u6743\u9650\u3002\u56e0\u6b64\uff0c\u60a8\u6388\u4e88\u8bbf\u95ee\u6743\u9650\u7684\u7528\u6237\u53ef\u4ee5\u770b\u5230\u53ef\u7528\u7684\u5171\u4eab\u7c7b\u578b\uff0c\u5e76\u4f7f\u7528\u5b83\u4eec\u521b\u5efa\u5171\u4eab\u3002 \u4e0d\u540c\u7528\u6237\u53ca\u5176\u89d2\u8272\u7684 API \u8c03\u7528\u6743\u9650\u7531\u7b56\u7565\u51b3\u5b9a\uff0c\u5c31\u50cf\u5728\u5176\u4ed6 OpenStack \u670d\u52a1\u4e2d\u4e00\u6837\u3002 \u6807\u8bc6\u670d\u52a1\u53ef\u7528\u4e8e\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4e2d\u7684\u8eab\u4efd\u9a8c\u8bc1\u3002\u8bf7\u53c2\u9605\u201c\u8eab\u4efd\u201d\u90e8\u5206\u4e2d\u7684\u8eab\u4efd\u670d\u52a1\u5b89\u5168\u6027\u7684\u8be6\u7ec6\u4fe1\u606f\u3002","title":"\u4ecb\u7ecd"},{"location":"security/security-guide/#_174","text":"\u4e0e\u5176\u4ed6 OpenStack \u9879\u76ee\u7c7b\u4f3c\uff0c\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5df2\u6ce8\u518c\u5230 Identity \u670d\u52a1\uff0c\u56e0\u6b64\u60a8\u53ef\u4ee5\u4f7f\u7528 manila endpoints \u547d\u4ee4\u67e5\u627e\u5171\u4eab\u670d\u52a1 v1 \u548c v2 \u7684 API \u7aef\u70b9\uff1a $ manila endpoints +-------------+-----------------------------------------+ | manila | Value | +-------------+-----------------------------------------+ | adminURL | http://172.18.198.55:8786/v1/20787a7b...| | region | RegionOne | | publicURL | http://172.18.198.55:8786/v1/20787a7b...| | internalURL | http://172.18.198.55:8786/v1/20787a7b...| | id | 82cc5535aa444632b64585f138cb9b61 | +-------------+-----------------------------------------+ +-------------+-----------------------------------------+ | manilav2 | Value | +-------------+-----------------------------------------+ | adminURL | http://172.18.198.55:8786/v2/20787a7b...| | region | RegionOne | | publicURL | http://172.18.198.55:8786/v2/20787a7b...| | internalURL | http://172.18.198.55:8786/v2/20787a7b...| | id | 2e8591bfcac4405fa7e5dc3fd61a2b85 | +-------------+-----------------------------------------+ \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf API \u670d\u52a1\u4ec5\u4fa6\u542c tcp6 \u7c7b\u578b\u540c\u65f6\u652f\u6301 IPv4 \u548c IPv6 \u7684\u7aef\u53e3 8786 \u3002 \u6ce8\u610f \u8be5\u7aef\u53e3\u662f\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u7684\u9ed8\u8ba4\u7aef\u53e3 8786 \u3002\u5b83\u53ef\u4ee5\u66f4\u6539\u4e3a\u4efb\u4f55\u5176\u4ed6\u7aef\u53e3\uff0c\u4f46\u6b64\u66f4\u6539\u4e5f\u5e94\u5728\u914d\u7f6e\u6587\u4ef6\u4e2d\u7684 \u9009\u9879\u4e2d\u8fdb\u884c\uff0c\u8be5\u9009\u9879 osapi_share_listen_port \u9ed8\u8ba4\u4e3a 8786 \u3002 \u5728 /etc/manila/ \u76ee\u5f55\u4e2d\uff0c\u60a8\u53ef\u4ee5\u627e\u5230\u51e0\u4e2a\u914d\u7f6e\u6587\u4ef6\uff1a api-paste.ini manila.conf policy.json rootwrap.conf rootwrap.d ./rootwrap.d: share.filters \u5efa\u8bae\u60a8\u5c06\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u914d\u7f6e\u4e3a\u5728\u975e root \u670d\u52a1\u5e10\u6237\u4e0b\u8fd0\u884c\uff0c\u5e76\u66f4\u6539\u6587\u4ef6\u6743\u9650\uff0c\u4ee5\u4fbf\u53ea\u6709\u7cfb\u7edf\u7ba1\u7406\u5458\u624d\u80fd\u4fee\u6539\u5b83\u4eec\u3002\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u8981\u6c42\u53ea\u6709\u7ba1\u7406\u5458\u624d\u80fd\u5199\u5165\u914d\u7f6e\u6587\u4ef6\uff0c\u800c\u670d\u52a1\u53ea\u80fd\u901a\u8fc7\u5176\u5728\u7ec4\u4e2d\u7684 manila \u7ec4\u6210\u5458\u8eab\u4efd\u8bfb\u53d6\u5b83\u4eec\u3002\u5176\u4ed6\u4eba\u4e00\u5b9a\u65e0\u6cd5\u8bfb\u53d6\u8fd9\u4e9b\u6587\u4ef6\uff0c\u56e0\u4e3a\u8fd9\u4e9b\u6587\u4ef6\u5305\u542b\u4e0d\u540c\u670d\u52a1\u7684\u7ba1\u7406\u5458\u5bc6\u7801\u3002 \u5e94\u7528\u68c0\u67e5 Check-Shared-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/manila\uff1f\u548c Check-Shared-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f\u4ece\u6e05\u5355\u4e2d\u9a8c\u8bc1\u6743\u9650\u8bbe\u7f6e\u662f\u5426\u6b63\u786e\u3002 \u6ce8\u610f \u6587\u4ef6\u4e2d\u7684 manila-rootwrap \u914d\u7f6e\u548c\u6587\u4ef6\u4e2d `rootwrap.conf` `rootwrap.d/share.filters` \u5171\u4eab\u8282\u70b9\u7684 manila-rootwrap \u547d\u4ee4\u8fc7\u6ee4\u5668\u5e94\u5f52 root \u7528\u6237\u6240\u6709\uff0c\u5e76\u4e14\u53ea\u80fd\u7531 root \u7528\u6237\u5199\u5165\u3002 \u5efa\u8bae manila \u914d\u7f6e\u6587\u4ef6 `manila.conf` \u53ef\u4ee5\u653e\u7f6e\u5728\u4efb\u4f55\u4f4d\u7f6e\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u8be5\u8def\u5f84 `/etc/manila/manila.conf` \u662f\u5fc5\u9700\u7684\u3002","title":"\u4e00\u822c\u5b89\u5168\u4fe1\u606f"},{"location":"security/security-guide/#_175","text":"\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4e2d\u7684\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u662f\u4e00\u4e2a Python \u7c7b\uff0c\u53ef\u4ee5\u4e3a\u540e\u7aef\u8bbe\u7f6e\u5e76\u5728\u5176\u4e2d\u8fd0\u884c\u4ee5\u7ba1\u7406\u5171\u4eab\u64cd\u4f5c\uff0c\u5176\u4e2d\u4e00\u4e9b\u64cd\u4f5c\u662f\u7279\u5b9a\u4e8e\u4f9b\u5e94\u5546\u7684\u3002\u540e\u7aef\u662f manila-share \u670d\u52a1\u7684\u5b9e\u4f8b\u3002\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4e2d\u6709\u8bb8\u591a\u7531\u4e0d\u540c\u4f9b\u5e94\u5546\u521b\u5efa\u7684\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u3002\u6bcf\u4e2a\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u90fd\u652f\u6301\u4e00\u79cd\u6216\u591a\u79cd\u540e\u7aef\u6a21\u5f0f\uff1a\u5171\u4eab\u670d\u52a1\u5668\u548c\u65e0\u5171\u4eab\u670d\u52a1\u5668\u3002\u7ba1\u7406\u5458\u901a\u8fc7\u5728\u914d\u7f6e\u6587\u4ef6\u4e2d manila.conf \u6307\u5b9a\u6a21\u5f0f\u6765\u9009\u62e9\u4f7f\u7528\u54ea\u79cd\u6a21\u5f0f\u3002\u5b83\u4f7f\u7528\u4e86\u4e00\u4e2a\u9009\u9879 driver_handles_share_servers \u3002 \u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f\u53ef\u4ee5\u914d\u7f6e\u4e3a\u6241\u5e73\u7f51\u7edc\uff0c\u4e5f\u53ef\u4ee5\u914d\u7f6e\u5206\u6bb5\u7f51\u7edc\u3002\u8fd9\u53d6\u51b3\u4e8e\u7f51\u7edc\u63d0\u4f9b\u5546\u3002 \u5982\u679c\u60a8\u60f3\u4f7f\u7528\u4e0d\u540c\u7684\u914d\u7f6e\uff0c\u5219\u53ef\u4ee5\u4e3a\u4e0d\u540c\u7684\u6a21\u5f0f\u4f7f\u7528\u76f8\u540c\u7684\u786c\u4ef6\u4f7f\u7528\u5355\u72ec\u7684\u9a71\u52a8\u7a0b\u5e8f\u3002\u6839\u636e\u9009\u62e9\u7684\u6a21\u5f0f\uff0c\u7ba1\u7406\u5458\u53ef\u80fd\u9700\u8981\u901a\u8fc7\u914d\u7f6e\u6587\u4ef6\u63d0\u4f9b\u66f4\u591a\u914d\u7f6e\u8be6\u7ec6\u4fe1\u606f\u3002","title":"\u7f51\u7edc\u548c\u5b89\u5168\u6a21\u578b"},{"location":"security/security-guide/#_176","text":"\u6bcf\u4e2a\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u81f3\u5c11\u652f\u6301\u4e00\u79cd\u53ef\u80fd\u7684\u9a71\u52a8\u7a0b\u5e8f\u6a21\u5f0f\uff1a \u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f \u65e0\u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f \u8bbe\u7f6e\u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f\u6216\u65e0\u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f\u7684 manila.conf \u914d\u7f6e\u9009\u9879\u662f driver_handles_share_servers \u9009\u9879\u3002\u5b83\u6307\u793a\u9a71\u52a8\u7a0b\u5e8f\u662f\u81ea\u884c\u5904\u7406\u5171\u4eab\u670d\u52a1\u5668\uff0c\u8fd8\u662f\u671f\u671b\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u6267\u884c\u6b64\u64cd\u4f5c\u3002 \u6a21\u5f0f \u914d\u7f6e\u9009\u9879 \u63cf\u8ff0 \u5171\u4eab\u670d\u52a1\u5668 driver_handles_share_servers =True \u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u521b\u5efa\u5171\u4eab\u670d\u52a1\u5668\u5e76\u7ba1\u7406\u6216\u5904\u7406\u5171\u4eab\u670d\u52a1\u5668\u751f\u547d\u5468\u671f\u3002 \u65e0\u5171\u4eab\u670d\u52a1\u5668 driver_handles_share_servers =False \u7ba1\u7406\u5458\uff08\u800c\u4e0d\u662f\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\uff09\u4f7f\u7528\u67d0\u4e9b\u7f51\u7edc\u63a5\u53e3\uff08\u800c\u4e0d\u662f\u5171\u4eab\u670d\u52a1\u5668\u7684\u5b58\u5728\uff09\u7ba1\u7406\u88f8\u673a\u5b58\u50a8\u3002 \u65e0\u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f \u5728\u8fd9\u79cd\u6a21\u5f0f\u4e0b\uff0c\u9a71\u52a8\u7a0b\u5e8f\u57fa\u672c\u4e0a\u6ca1\u6709\u4efb\u4f55\u7f51\u7edc\u8981\u6c42\u3002\u5047\u5b9a\u7531\u9a71\u52a8\u7a0b\u5e8f\u7ba1\u7406\u7684\u5b58\u50a8\u63a7\u5236\u5668\u5177\u6709\u6240\u9700\u7684\u6240\u6709\u7f51\u7edc\u63a5\u53e3\u3002\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5c06\u671f\u671b\u9a71\u52a8\u7a0b\u5e8f\u76f4\u63a5\u8bbe\u7f6e\u5171\u4eab\uff0c\u800c\u65e0\u9700\u4e8b\u5148\u521b\u5efa\u4efb\u4f55\u5171\u4eab\u670d\u52a1\u5668\u3002\u6b64\u6a21\u5f0f\u5bf9\u5e94\u4e8e\u67d0\u4e9b\u73b0\u6709\u9a71\u52a8\u7a0b\u5e8f\u5df2\u5728\u6267\u884c\u7684\u64cd\u4f5c\uff0c\u4f46\u5b83\u4f7f\u7ba1\u7406\u5458\u53ef\u4ee5\u660e\u786e\u9009\u62e9\u3002\u5728\u6b64\u6a21\u5f0f\u4e0b\uff0c\u5171\u4eab\u521b\u5efa\u65f6\u4e0d\u9700\u8981\u5171\u4eab\u7f51\u7edc\uff0c\u4e5f\u4e0d\u5f97\u63d0\u4f9b\u5171\u4eab\u7f51\u7edc\u3002 \u6ce8\u610f \u5728\u65e0\u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f\u4e0b\uff0c\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5c06\u5047\u5b9a\u6240\u6709\u79df\u6237\u90fd\u5df2\u53ef\u8bbf\u95ee\u7528\u4e8e\u5bfc\u51fa\u4efb\u4f55\u5171\u4eab\u7684\u7f51\u7edc\u63a5\u53e3\u3002 \u5728\u65e0\u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f\u4e0b\uff0c\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u4e0d\u5904\u7406\u5b58\u50a8\u751f\u547d\u5468\u671f\u3002\u7ba1\u7406\u5458\u5e94\u5904\u7406\u5b58\u50a8\u3001\u7f51\u7edc\u63a5\u53e3\u548c\u5176\u4ed6\u4e3b\u673a\u914d\u7f6e\u3002\u5728\u6b64\u6a21\u5f0f\u4e0b\uff0c\u7ba1\u7406\u5458\u53ef\u4ee5\u5c06\u5b58\u50a8\u8bbe\u7f6e\u4e3a\u5bfc\u51fa\u5171\u4eab\u7684\u4e3b\u673a\u3002\u6b64\u6a21\u5f0f\u7684\u4e3b\u8981\u7279\u5f81\u662f\u5b58\u50a8\u4e0d\u7531\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5904\u7406\u3002\u79df\u6237\u4e2d\u7684\u7528\u6237\u5171\u4eab\u516c\u5171\u7f51\u7edc\u3001\u4e3b\u673a\u3001\u5904\u7406\u5668\u548c\u7f51\u7edc\u7ba1\u9053\u3002\u5982\u679c\u7ba1\u7406\u5458\u6216\u4ee3\u7406\u4e4b\u524d\u914d\u7f6e\u7684\u5b58\u50a8\u6ca1\u6709\u6b63\u786e\u7684\u5e73\u8861\u8c03\u6574\uff0c\u5b83\u4eec\u53ef\u80fd\u4f1a\u76f8\u4e92\u963b\u788d\u3002\u5728\u516c\u6709\u4e91\u4e2d\uff0c\u6240\u6709\u7f51\u7edc\u5bb9\u91cf\u53ef\u80fd\u90fd\u7531\u4e00\u4e2a\u5ba2\u6237\u7aef\u4f7f\u7528\uff0c\u56e0\u6b64\u7ba1\u7406\u5458\u5e94\u6ce8\u610f\u4e0d\u8981\u53d1\u751f\u8fd9\u79cd\u60c5\u51b5\u3002\u5e73\u8861\u8c03\u6574\u53ef\u4ee5\u901a\u8fc7\u4efb\u4f55\u65b9\u5f0f\u5b8c\u6210\uff0c\u800c\u4e0d\u4e00\u5b9a\u662f\u4f7f\u7528 OpenStack \u5de5\u5177\u3002 \u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f \u5728\u6b64\u6a21\u5f0f\u4e0b\uff0c\u9a71\u52a8\u7a0b\u5e8f\u80fd\u591f\u521b\u5efa\u5171\u4eab\u670d\u52a1\u5668\u5e76\u5c06\u5176\u63d2\u5165\u73b0\u6709\u7f51\u7edc\u3002\u63d0\u4f9b\u65b0\u7684\u5171\u4eab\u670d\u52a1\u5668\u65f6\uff0c\u9a71\u52a8\u7a0b\u5e8f\u9700\u8981\u6765\u81ea\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u7684 IP \u5730\u5740\u548c\u5b50\u7f51\u3002 \u4e0e\u65e0\u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f\u4e0d\u540c\uff0c\u5728\u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f\u4e0b\uff0c\u7528\u6237\u5177\u6709\u4e00\u4e2a\u5171\u4eab\u7f51\u7edc\u548c\u4e00\u4e2a\u4e3a\u6bcf\u4e2a\u5171\u4eab\u7f51\u7edc\u521b\u5efa\u7684\u5171\u4eab\u670d\u52a1\u5668\u3002\u56e0\u6b64\uff0c\u6240\u6709\u7528\u6237\u90fd\u6709\u5355\u72ec\u7684 CPU\u3001CPU \u65f6\u95f4\u3001\u7f51\u7edc\u3001\u5bb9\u91cf\u548c\u541e\u5410\u91cf\u3002 \u60a8\u8fd8\u53ef\u4ee5\u5728\u5171\u4eab\u670d\u52a1\u5668\u548c\u65e0\u5171\u4eab\u670d\u52a1\u5668\u540e\u7aef\u6a21\u5f0f\u4e0b\u914d\u7f6e\u5b89\u5168\u670d\u52a1\u3002\u4f46\u662f\uff0c\u5982\u679c\u6ca1\u6709\u5171\u4eab\u670d\u52a1\u5668\u540e\u7aef\u6a21\u5f0f\uff0c\u7ba1\u7406\u5458\u5e94\u5728\u4e3b\u673a\u4e0a\u624b\u52a8\u8bbe\u7f6e\u6240\u9700\u7684\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u3002\u5728\u5171\u4eab\u670d\u52a1\u5668\u6a21\u5f0f\u4e0b\uff0c\u53ef\u4ee5\u4f7f\u7528\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u652f\u6301\u7684\u4efb\u4f55\u73b0\u6709\u5b89\u5168\u670d\u52a1\u81ea\u52a8\u914d\u7f6e\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u3002","title":"\u5171\u4eab\u540e\u7aef\u6a21\u5f0f"},{"location":"security/security-guide/#_177","text":"\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5141\u8bb8\u4f7f\u7528\u4e0d\u540c\u7c7b\u578b\u7684\u7f51\u7edc\uff1a flat GRE VLAN VXLAN \u6ce8\u610f \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u53ea\u662f\u5c06\u6709\u5173\u7f51\u7edc\u7684\u4fe1\u606f\u4fdd\u5b58\u5728\u6570\u636e\u5e93\u4e2d\uff0c\u800c\u771f\u6b63\u7684\u7f51\u7edc\u5219\u7531\u7f51\u7edc\u63d0\u4f9b\u5546\u63d0\u4f9b\u3002\u5728OpenStack\u4e2d\uff0c\u5b83\u53ef\u4ee5\u662f\u4f20\u7edf\u7f51\u7edc\uff08nova-network\uff09\u6216\u7f51\u7edc\uff08neutron\uff09\u670d\u52a1\uff0c\u4f46\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u751a\u81f3\u53ef\u4ee5\u5728OpenStack\u4e4b\u5916\u5de5\u4f5c\u3002\u8fd9\u662f\u5141\u8bb8\u7684\uff0c `StandaloneNetworkPlugin` \u53ef\u4ee5\u4e0e\u4efb\u4f55\u7f51\u7edc\u5e73\u53f0\u4e00\u8d77\u4f7f\u7528\uff0c\u5e76\u4e14\u4e0d\u9700\u8981OpenStack\u4e2d\u7684\u67d0\u4e9b\u7279\u5b9a\u7f51\u7edc\u670d\u52a1\uff0c\u5982Networking\u6216Legacy\u7f51\u7edc\u670d\u52a1\u3002\u60a8\u53ef\u4ee5\u5728\u5176\u914d\u7f6e\u6587\u4ef6\u4e2d\u8bbe\u7f6e\u7f51\u7edc\u53c2\u6570\u3002 \u5728\u5171\u4eab\u670d\u52a1\u5668\u540e\u7aef\u6a21\u5f0f\u4e0b\uff0c\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u4e3a\u6bcf\u4e2a\u5171\u4eab\u7f51\u7edc\u521b\u5efa\u548c\u7ba1\u7406\u5171\u4eab\u670d\u52a1\u5668\u3002\u6b64\u6a21\u5f0f\u53ef\u5206\u4e3a\u4e24\u79cd\u53d8\u4f53\uff1a \u5171\u4eab\u670d\u52a1\u5668\u540e\u7aef\u6a21\u5f0f\u4e0b\u7684\u6241\u5e73\u7f51\u7edc \u5171\u4eab\u670d\u52a1\u5668\u540e\u7aef\u6a21\u5f0f\u4e0b\u7684\u5206\u6bb5\u7f51\u7edc \u6700\u521d\uff0c\u5728\u521b\u5efa\u5171\u4eab\u7f51\u7edc\u65f6\uff0c\u60a8\u53ef\u4ee5\u8bbe\u7f6e OpenStack Networking \uff08neutron\uff09 \u7684\u7f51\u7edc\u548c\u5b50\u7f51\uff0c\u4e5f\u53ef\u4ee5\u8bbe\u7f6e Legacy \u7f51\u7edc \uff08nova-network\uff09 \u670d\u52a1\u7f51\u7edc\u3002\u7b2c\u4e09\u79cd\u65b9\u6cd5\u662f\u5728\u6ca1\u6709\u65e7\u7248\u7f51\u7edc\u548c\u7f51\u7edc\u670d\u52a1\u7684\u60c5\u51b5\u4e0b\u914d\u7f6e\u7f51\u7edc\u3002 StandaloneNetworkPlugin \u53ef\u4e0e\u4efb\u4f55\u7f51\u7edc\u5e73\u53f0\u4e00\u8d77\u4f7f\u7528\u3002\u60a8\u53ef\u4ee5\u5728\u5176\u914d\u7f6e\u6587\u4ef6\u4e2d\u8bbe\u7f6e\u7f51\u7edc\u53c2\u6570\u3002 \u5efa\u8bae \u6240\u6709\u4f7f\u7528 OpenStack Compute \u670d\u52a1\u7684\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u90fd\u4e0d\u4f7f\u7528\u7f51\u7edc\u63d2\u4ef6\u3002\u5728 Mitaka \u7248\u672c\u4e2d\uff0c\u5b83\u662f Windows \u548c\u901a\u7528\u9a71\u52a8\u7a0b\u5e8f\u3002\u8fd9\u4e9b\u5171\u4eab\u9a71\u52a8\u5668\u5177\u6709\u5176\u4ed6\u9009\u9879\u5e76\u4f7f\u7528\u4e0d\u540c\u7684\u65b9\u6cd5\u3002 \u521b\u5efa\u5171\u4eab\u7f51\u7edc\u540e\uff0c\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5c06\u68c0\u7d22\u7531\u7f51\u7edc\u63d0\u4f9b\u5546\u786e\u5b9a\u7684\u7f51\u7edc\u4fe1\u606f\uff1a\u7f51\u7edc\u7c7b\u578b\u3001\u5206\u6bb5\u6807\u8bc6\u7b26\uff08\u5982\u679c\u7f51\u7edc\u4f7f\u7528\u5206\u6bb5\uff09\u548c CIDR \u8868\u793a\u6cd5\u4e2d\u7684 IP \u5757\uff0c\u4ee5\u4fbf\u4ece\u4e2d\u5206\u914d\u7f51\u7edc\u3002 \u5171\u4eab\u670d\u52a1\u5668\u540e\u7aef\u6a21\u5f0f\u4e0b\u7684\u6241\u5e73\u7f51\u7edc \u5728\u6b64\u6a21\u5f0f\u4e0b\uff0c\u67d0\u4e9b\u5b58\u50a8\u63a7\u5236\u5668\u53ef\u4ee5\u521b\u5efa\u5171\u4eab\u670d\u52a1\u5668\uff0c\u4f46\u7531\u4e8e\u7269\u7406\u6216\u903b\u8f91\u7f51\u7edc\u7684\u5404\u79cd\u9650\u5236\uff0c\u6240\u6709\u5171\u4eab\u670d\u52a1\u5668\u90fd\u5fc5\u987b\u4f4d\u4e8e\u6241\u5e73\u7f51\u7edc\u4e0a\u3002\u5728\u6b64\u6a21\u5f0f\u4e0b\uff0c\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u9700\u8981\u4e00\u4e9b\u4e1c\u897f\u6765\u4e3a\u5171\u4eab\u670d\u52a1\u5668\u9884\u914d IP \u5730\u5740\uff0c\u4f46 IP \u5c06\u5168\u90e8\u6765\u81ea\u540c\u4e00\u5b50\u7f51\uff0c\u5e76\u4e14\u5047\u5b9a\u6240\u6709\u79df\u6237\u90fd\u53ef\u4ee5\u8bbf\u95ee\u8be5\u5b50\u7f51\u672c\u8eab\u3002 \u5171\u4eab\u7f51\u7edc\u7684\u5b89\u5168\u670d\u52a1\u90e8\u5206\u6307\u5b9a\u5b89\u5168\u8981\u6c42\uff0c\u4f8b\u5982 AD \u6216 LDAP \u57df\u6216 Kerberos \u57df\u3002\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5047\u5b9a\u5b89\u5168\u670d\u52a1\u4e2d\u5f15\u7528\u7684\u4efb\u4f55\u4e3b\u673a\u90fd\u53ef\u4ee5\u4ece\u521b\u5efa\u5171\u4eab\u670d\u52a1\u5668\u7684\u5b50\u7f51\u8bbf\u95ee\uff0c\u8fd9\u9650\u5236\u4e86\u53ef\u4ee5\u4f7f\u7528\u6b64\u6a21\u5f0f\u7684\u60c5\u51b5\u6570\u3002 \u5171\u4eab\u670d\u52a1\u5668\u540e\u7aef\u6a21\u5f0f\u4e0b\u7684\u5206\u6bb5\u7f51\u7edc \u5728\u6b64\u6a21\u5f0f\u4e0b\uff0c\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u80fd\u591f\u521b\u5efa\u5171\u4eab\u670d\u52a1\u5668\u5e76\u5c06\u5176\u63d2\u5165\u5230\u73b0\u6709\u7684\u5206\u6bb5\u7f51\u7edc\u3002\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u671f\u671b\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4e3a\u6bcf\u4e2a\u65b0\u7684\u5171\u4eab\u670d\u52a1\u5668\u63d0\u4f9b\u5b50\u7f51\u5b9a\u4e49\u3002\u6b64\u5b9a\u4e49\u5e94\u5305\u62ec\u5206\u6bb5\u7c7b\u578b\u3001\u5206\u6bb5 ID \u4ee5\u53ca\u4e0e\u5206\u6bb5\u7c7b\u578b\u76f8\u5173\u7684\u4efb\u4f55\u5176\u4ed6\u4fe1\u606f\u3002 \u6ce8\u610f \u67d0\u4e9b\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u53ef\u80fd\u4e0d\u652f\u6301\u6240\u6709\u7c7b\u578b\u7684\u5206\u6bb5\uff0c\u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u6b63\u5728\u4f7f\u7528\u7684\u9a71\u52a8\u7a0b\u5e8f\u7684\u89c4\u8303\u3002","title":"\u6241\u5e73\u5316\u4e0e\u5206\u6bb5\u5316\u7f51\u7edc"},{"location":"security/security-guide/#_178","text":"\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4f53\u7cfb\u7ed3\u6784\u5b9a\u4e49\u4e86\u7528\u4e8e\u7f51\u7edc\u8d44\u6e90\u8c03\u914d\u7684\u62bd\u8c61\u5c42\u3002\u5b83\u5141\u8bb8\u7ba1\u7406\u5458\u4ece\u4e0d\u540c\u7684\u9009\u9879\u4e2d\u8fdb\u884c\u9009\u62e9\uff0c\u4ee5\u51b3\u5b9a\u5982\u4f55\u5c06\u7f51\u7edc\u8d44\u6e90\u5206\u914d\u7ed9\u5176\u79df\u6237\u7684\u7f51\u7edc\u5b58\u50a8\u3002\u6709\u51e0\u4e2a\u7f51\u7edc\u63d2\u4ef6\u63d0\u4f9b\u4e86\u4e0eOpenStack\u63d0\u4f9b\u7684\u7f51\u7edc\u670d\u52a1\u7684\u5404\u79cd\u96c6\u6210\u65b9\u6cd5\u3002 \u7f51\u7edc\u63d2\u4ef6\u5141\u8bb8\u4f7f\u7528 OpenStack Networking \u548c Legacy \u7f51\u7edc\u670d\u52a1\u7684\u4efb\u4f55\u529f\u80fd\u3001\u914d\u7f6e\u3002\u53ef\u4ee5\u4f7f\u7528\u7f51\u7edc\u670d\u52a1\u652f\u6301\u7684\u4efb\u4f55\u7f51\u7edc\u5206\u6bb5\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u4f20\u7edf\u7f51\u7edc \uff08nova-network\uff09 \u670d\u52a1\u7684\u6241\u5e73\u7f51\u7edc\u6216 VLAN \u5206\u6bb5\u7f51\u7edc\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528\u63d2\u4ef6\u6765\u72ec\u7acb\u4e8e OpenStack \u7f51\u7edc\u670d\u52a1\u6307\u5b9a\u7f51\u7edc\u3002\u6709\u5173\u5982\u4f55\u4f7f\u7528\u4e0d\u540c\u7f51\u7edc\u63d2\u4ef6\u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u7f51\u7edc\u63d2\u4ef6\u3002","title":"\u7f51\u7edc\u63d2\u4ef6"},{"location":"security/security-guide/#_179","text":"\u5bf9\u4e8e\u5ba2\u6237\u7aef\u7684\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743\uff0c\u53ef\u4ee5\u9009\u62e9\u4f7f\u7528\u4e0d\u540c\u7684\u7f51\u7edc\u8eab\u4efd\u9a8c\u8bc1\u534f\u8bae\u914d\u7f6e\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u670d\u52a1\u3002\u652f\u6301\u7684\u8eab\u4efd\u9a8c\u8bc1\u534f\u8bae\u5305\u62ec LDAP\u3001Kerberos \u548c Microsoft Active Directory \u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u3002","title":"\u5b89\u5168\u670d\u52a1"},{"location":"security/security-guide/#_180","text":"\u521b\u5efa\u5171\u4eab\u5e76\u83b7\u53d6\u5176\u5bfc\u51fa\u4f4d\u7f6e\u540e\uff0c\u7528\u6237\u65e0\u6743\u88c5\u8f7d\u8be5\u5171\u4eab\u5e76\u5904\u7406\u6587\u4ef6\u3002\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u9700\u8981\u663e\u5f0f\u6388\u4e88\u5bf9\u65b0\u5171\u4eab\u7684\u8bbf\u95ee\u6743\u9650\u3002 \u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743 \uff08AuthN/AuthZ\uff09 \u7684\u5ba2\u6237\u673a\u914d\u7f6e\u6570\u636e\u53ef\u4ee5\u901a\u8fc7 \u5b58\u50a8 security services \u3002\u5982\u679c\u4f7f\u7528\u7684\u9a71\u52a8\u7a0b\u5e8f\u548c\u540e\u7aef\u652f\u6301 LDAP\u3001Kerberos \u6216 Microsoft Active Directory\uff0c\u5219\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u53ef\u4ee5\u4f7f\u7528\u5b83\u4eec\u3002\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u4e5f\u53ef\u4ee5\u5728\u6ca1\u6709\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u7684\u60c5\u51b5\u4e0b\u8fdb\u884c\u914d\u7f6e\u3002 \u6ce8\u610f \u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\uff0c\u9700\u8981\u663e\u5f0f\u6307\u5b9a\u5176\u4e2d\u4e00\u9879\u5b89\u5168\u670d\u52a1\uff0c\u4f8b\u5982\uff0cNetApp\u3001EMC \u548c Windows \u9a71\u52a8\u7a0b\u5e8f\u9700\u8981 Active Directory \u624d\u80fd\u521b\u5efa\u4e0e CIFS \u534f\u8bae\u7684\u5171\u4eab\u3002","title":"\u5b89\u5168\u670d\u52a1\u4ecb\u7ecd"},{"location":"security/security-guide/#_181","text":"\u5b89\u5168\u670d\u52a1\u662f\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\uff08\u9a6c\u5c3c\u62c9\uff09\u5b9e\u4f53\uff0c\u5b83\u62bd\u8c61\u51fa\u4e00\u7ec4\u9009\u9879\uff0c\u8fd9\u4e9b\u9009\u9879\u4e3a\u7279\u5b9a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\uff08\u5982 Active Directory \u57df\u6216 Kerberos \u57df\uff09\u5b9a\u4e49\u5b89\u5168\u57df\u3002\u5b89\u5168\u670d\u52a1\u5305\u542b\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u521b\u5efa\u52a0\u5165\u7ed9\u5b9a\u57df\u7684\u670d\u52a1\u5668\u6240\u9700\u7684\u6240\u6709\u4fe1\u606f\u3002 \u4f7f\u7528 API\uff0c\u7528\u6237\u53ef\u4ee5\u521b\u5efa\u3001\u66f4\u65b0\u3001\u67e5\u770b\u548c\u5220\u9664\u5b89\u5168\u670d\u52a1\u3002\u5b89\u5168\u670d\u52a1\u7684\u8bbe\u8ba1\u57fa\u4e8e\u4ee5\u4e0b\u5047\u8bbe\uff1a \u79df\u6237\u63d0\u4f9b\u5b89\u5168\u670d\u52a1\u7684\u8be6\u7ec6\u4fe1\u606f\u3002 \u7ba1\u7406\u5458\u5173\u5fc3\u5b89\u5168\u670d\u52a1\uff1a\u4ed6\u4eec\u914d\u7f6e\u6b64\u7c7b\u5b89\u5168\u670d\u52a1\u7684\u670d\u52a1\u5668\u7aef\u3002 \u5728\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf API \u4e2d\uff0ca security_service \u4e0e share_networks \u5173\u8054\u3002 \u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u4f7f\u7528\u5b89\u5168\u670d\u52a1\u4e2d\u7684\u6570\u636e\u6765\u914d\u7f6e\u65b0\u521b\u5efa\u7684\u5171\u4eab\u670d\u52a1\u5668\u3002 \u521b\u5efa\u5b89\u5168\u670d\u52a1\u65f6\uff0c\u53ef\u4ee5\u9009\u62e9\u4ee5\u4e0b\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u4e4b\u4e00\uff1a \u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1 \u63cf\u8ff0 LDAP \u8f7b\u91cf\u7ea7\u76ee\u5f55\u8bbf\u95ee\u534f\u8bae\u3002\u7528\u4e8e\u901a\u8fc7 IP \u7f51\u7edc\u8bbf\u95ee\u548c\u7ef4\u62a4\u5206\u5e03\u5f0f\u76ee\u5f55\u4fe1\u606f\u670d\u52a1\u7684\u5e94\u7528\u7a0b\u5e8f\u534f\u8bae\u3002 Kerberos \u7f51\u7edc\u8eab\u4efd\u9a8c\u8bc1\u534f\u8bae\uff0c\u5b83\u57fa\u4e8e\u7968\u8bc1\u5de5\u4f5c\uff0c\u5141\u8bb8\u901a\u8fc7\u975e\u5b89\u5168\u7f51\u7edc\u8fdb\u884c\u901a\u4fe1\u7684\u8282\u70b9\u4ee5\u5b89\u5168\u7684\u65b9\u5f0f\u76f8\u4e92\u8bc1\u660e\u5176\u8eab\u4efd\u3002 \u6d3b\u52a8\u76ee\u5f55 Microsoft \u4e3a Windows \u57df\u7f51\u7edc\u5f00\u53d1\u7684\u76ee\u5f55\u670d\u52a1\u3002\u4f7f\u7528 LDAP\u3001Microsoft \u7684 Kerberos \u7248\u672c\u548c DNS\u3002 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5141\u8bb8\u60a8\u4f7f\u7528\u4ee5\u4e0b\u9009\u9879\u914d\u7f6e\u5b89\u5168\u670d\u52a1\uff1a \u79df\u6237\u7f51\u7edc\u5185\u90e8\u4f7f\u7528\u7684 DNS IP \u5730\u5740\u3002 \u5b89\u5168\u670d\u52a1\u7684 IP \u5730\u5740\u6216\u4e3b\u673a\u540d\u3002 \u5b89\u5168\u670d\u52a1\u7684\u57df\u3002 \u79df\u6237\u4f7f\u7528\u7684\u7528\u6237\u540d\u6216\u7ec4\u540d\u3002 \u5982\u679c\u6307\u5b9a\u7528\u6237\u540d\uff0c\u5219\u9700\u8981\u4e00\u4e2a\u7528\u6237\u5bc6\u7801\u3002 \u73b0\u6709\u5b89\u5168\u670d\u52a1\u5b9e\u4f53\u53ef\u4ee5\u4e0e\u5171\u4eab\u7f51\u7edc\u5b9e\u4f53\u76f8\u5173\u8054\uff0c\u8fd9\u4e9b\u5b9e\u4f53\u901a\u77e5\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4e00\u7ec4\u5171\u4eab\u7684\u5b89\u5168\u6027\u548c\u7f51\u7edc\u914d\u7f6e\u3002\u60a8\u8fd8\u53ef\u4ee5\u67e5\u770b\u6307\u5b9a\u5171\u4eab\u7f51\u7edc\u7684\u6240\u6709\u5b89\u5168\u670d\u52a1\u7684\u5217\u8868\uff0c\u5e76\u53d6\u6d88\u5b83\u4eec\u4e0e\u5171\u4eab\u7f51\u7edc\u7684\u5173\u8054\u3002 \u6709\u5173\u901a\u8fc7 API \u7ba1\u7406\u5b89\u5168\u670d\u52a1\u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u5b89\u5168\u670d\u52a1 API\u3002\u60a8\u8fd8\u53ef\u4ee5\u901a\u8fc7 python-manilaclient \u7ba1\u7406\u5b89\u5168\u670d\u52a1\uff0c\u8bf7\u53c2\u9605\u5b89\u5168\u670d\u52a1 CLI \u7ba1\u7406\u3002 \u7ba1\u7406\u5458\u548c\u4f5c\u4e3a\u5171\u4eab\u6240\u6709\u8005\u7684\u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u521b\u5efa\u8bbf\u95ee\u89c4\u5219\uff0c\u5e76\u901a\u8fc7 IP \u5730\u5740\u3001\u7528\u6237\u3001\u7ec4\u6216 TLS \u8bc1\u4e66\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u6765\u7ba1\u7406\u5bf9\u5171\u4eab\u7684\u8bbf\u95ee\u3002\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u53d6\u51b3\u4e8e\u60a8\u914d\u7f6e\u548c\u4f7f\u7528\u7684\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u548c\u5b89\u5168\u670d\u52a1\u3002 \u56e0\u6b64\uff0c\u4f5c\u4e3a\u7ba1\u7406\u5458\uff0c\u60a8\u53ef\u4ee5\u5c06\u540e\u7aef\u914d\u7f6e\u4e3a\u901a\u8fc7\u7f51\u7edc\u4f7f\u7528\u7279\u5b9a\u7684\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\uff0c\u5b83\u5c06\u5b58\u50a8\u7528\u6237\u3002\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u53ef\u4ee5\u5728\u6ca1\u6709\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u548c\u6807\u8bc6\u670d\u52a1\u7684\u5ba2\u6237\u7aef\u4e0a\u8fd0\u884c\u3002 \u6ce8\u610f \u4e0d\u540c\u7684\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u652f\u6301\u4e0d\u540c\u7684\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u3002\u6709\u5173\u4e0d\u540c\u9a71\u52a8\u7a0b\u5e8f\u652f\u6301\u529f\u80fd\u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u9a6c\u5c3c\u62c9\u5171\u4eab\u529f\u80fd\u652f\u6301\u6620\u5c04\u3002\u9a71\u52a8\u7a0b\u5e8f\u5bf9\u7279\u5b9a\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u7684\u652f\u6301\u5e76\u4e0d\u610f\u5473\u7740\u53ef\u4ee5\u4f7f\u7528\u4efb\u4f55\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\u5bf9\u5176\u8fdb\u884c\u914d\u7f6e\u3002\u652f\u6301\u7684\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\u5305\u62ec NFS\u3001CIFS\u3001GlusterFS \u548c HDFS\u3002\u6709\u5173\u7279\u5b9a\u9a71\u52a8\u7a0b\u5e8f\u53ca\u5176\u5b89\u5168\u670d\u52a1\u914d\u7f6e\u7684\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u9a71\u52a8\u7a0b\u5e8f\u4f9b\u5e94\u5546\u7684\u6587\u6863\u3002 \u67d0\u4e9b\u9a71\u52a8\u7a0b\u5e8f\u652f\u6301\u5b89\u5168\u670d\u52a1\uff0c\u800c\u5176\u4ed6\u9a71\u52a8\u7a0b\u5e8f\u4e0d\u652f\u6301\u4e0a\u8ff0\u4efb\u4f55\u5b89\u5168\u670d\u52a1\u3002\u4f8b\u5982\uff0c\u5177\u6709 NFS \u6216 CIFS \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\u7684\u901a\u7528\u9a71\u52a8\u7a0b\u5e8f\u4ec5\u652f\u6301\u901a\u8fc7 IP \u5730\u5740\u7684\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u3002 \u5efa\u8bae - \u5728\u5927\u591a\u6570\u60c5\u51b5\u4e0b\uff0c\u652f\u6301 CIFS \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\u7684\u9a71\u52a8\u7a0b\u5e8f\u53ef\u4ee5\u914d\u7f6e\u4e3a\u4f7f\u7528 Active Directory \u5e76\u901a\u8fc7\u7528\u6237\u8eab\u4efd\u9a8c\u8bc1\u7ba1\u7406\u8bbf\u95ee\u3002 - \u652f\u6301 GlusterFS \u534f\u8bae\u7684\u9a71\u52a8\u7a0b\u5e8f\u53ef\u4ee5\u901a\u8fc7 TLS \u8bc1\u4e66\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002 - \u4f7f\u7528\u652f\u6301 NFS \u534f\u8bae\u7684\u9a71\u52a8\u7a0b\u5e8f\uff0c\u901a\u8fc7 IP \u5730\u5740\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u662f\u552f\u4e00\u53d7\u652f\u6301\u7684\u9009\u9879\u3002 - \u7531\u4e8e HDFS \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\u4f7f\u7528 NFS \u8bbf\u95ee\uff0c\u56e0\u6b64\u4e5f\u53ef\u4ee5\u5c06\u5176\u914d\u7f6e\u4e3a\u901a\u8fc7 IP \u5730\u5740\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002 \u4f46\u8bf7\u6ce8\u610f\uff0c\u901a\u8fc7 IP \u8fdb\u884c\u7684\u8eab\u4efd\u9a8c\u8bc1\u662f\u6700\u4e0d\u5b89\u5168\u7684\u8eab\u4efd\u9a8c\u8bc1\u7c7b\u578b\u3002 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5b9e\u9645\u4f7f\u7528\u60c5\u51b5\u7684\u5efa\u8bae\u914d\u7f6e\u662f\u4f7f\u7528 CIFS \u5171\u4eab\u534f\u8bae\u521b\u5efa\u5171\u4eab\uff0c\u5e76\u5411\u5176\u6dfb\u52a0 Microsoft Active Directory \u76ee\u5f55\u670d\u52a1\u3002\u5728\u6b64\u914d\u7f6e\u4e2d\uff0c\u60a8\u5c06\u83b7\u5f97\u96c6\u4e2d\u5f0f\u6570\u636e\u5e93\u4ee5\u53ca\u5c06Kerberos\u548cLDAP\u65b9\u6cd5\u7ed3\u5408\u5728\u4e00\u8d77\u7684\u670d\u52a1\u3002\u8fd9\u662f\u4e00\u4e2a\u771f\u5b9e\u7684\u7528\u4f8b\uff0c\u5bf9\u4e8e\u751f\u4ea7\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u6765\u8bf4\u5f88\u65b9\u4fbf\u3002","title":"\u5b89\u5168\u670d\u52a1\u7ba1\u7406"},{"location":"security/security-guide/#_182","text":"\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5141\u8bb8\u6388\u4e88\u6216\u62d2\u7edd\u5176\u4ed6\u5ba2\u6237\u7aef\u5bf9\u670d\u52a1\u7684\u4e0d\u540c\u5b9e\u4f53\u7684\u8bbf\u95ee\u3002 \u5c06\u5171\u4eab\u4f5c\u4e3a\u6587\u4ef6\u7cfb\u7edf\u7684\u53ef\u8fdc\u7a0b\u6302\u8f7d\u5b9e\u4f8b\uff0c\u53ef\u4ee5\u7ba1\u7406\u5bf9\u6307\u5b9a\u5171\u4eab\u7684\u8bbf\u95ee\uff0c\u5e76\u5217\u51fa\u6307\u5b9a\u5171\u4eab\u7684\u6743\u9650\u3002 \u5171\u4eab\u53ef\u4ee5\u662f\u516c\u5171\u7684\uff0c\u4e5f\u53ef\u4ee5\u662f\u79c1\u6709\u7684\u3002\u8fd9\u662f\u5171\u4eab\u7684\u53ef\u89c1\u6027\u7ea7\u522b\uff0c\u7528\u4e8e\u5b9a\u4e49\u5176\u4ed6\u79df\u6237\u662f\u5426\u53ef\u4ee5\u770b\u5230\u5171\u4eab\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u6240\u6709\u5171\u4eab\u90fd\u521b\u5efa\u4e3a\u4e13\u7528\u5171\u4eab\u3002\u521b\u5efa\u5171\u4eab\u65f6\uff0c\u8bf7\u4f7f\u7528\u5bc6\u94a5 --public \u5c06\u5171\u4eab\u516c\u5f00\uff0c\u4f9b\u5176\u4ed6\u79df\u6237\u67e5\u770b\u5171\u4eab\u5217\u8868\u5e76\u67e5\u770b\u5176\u8be6\u7ec6\u4fe1\u606f\u3002 \u6839\u636e policy.json \u6587\u4ef6\uff0c\u7ba1\u7406\u5458\u548c\u4f5c\u4e3a\u5171\u4eab\u6240\u6709\u8005\u7684\u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u521b\u5efa\u8bbf\u95ee\u89c4\u5219\u6765\u7ba1\u7406\u5bf9\u5171\u4eab\u7684\u8bbf\u95ee\u3002\u4f7f\u7528 manila access-allow\u3001manila access-deny \u548c manila access-list \u547d\u4ee4\uff0c\u60a8\u53ef\u4ee5\u76f8\u5e94\u5730\u6388\u4e88\u3001\u62d2\u7edd\u548c\u5217\u51fa\u5bf9\u6307\u5b9a\u5171\u4eab\u7684\u8bbf\u95ee\u6743\u9650\u3002 \u5efa\u8bae \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u5f53\u521b\u5efa\u5171\u4eab\u5e76\u5177\u6709\u5176\u5bfc\u51fa\u4f4d\u7f6e\u65f6\uff0c\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u671f\u671b\u4efb\u4f55\u4eba\u90fd\u65e0\u6cd5\u901a\u8fc7\u88c5\u8f7d\u5171\u4eab\u6765\u8bbf\u95ee\u8be5\u5171\u4eab\u3002\u8bf7\u6ce8\u610f\uff0c\u60a8\u4f7f\u7528\u7684\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u53ef\u4ee5\u66f4\u6539\u6b64\u914d\u7f6e\uff0c\u4e5f\u53ef\u4ee5\u76f4\u63a5\u5728\u5171\u4eab\u5b58\u50a8\u4e0a\u66f4\u6539\u3002\u8981\u786e\u4fdd\u8bbf\u95ee\u5171\u4eab\uff0c\u8bf7\u68c0\u67e5\u5bfc\u51fa\u534f\u8bae\u7684\u6302\u8f7d\u914d\u7f6e\u3002 \u521a\u521b\u5efa\u5171\u4eab\u65f6\uff0c\u6ca1\u6709\u4e0e\u4e4b\u5173\u8054\u7684\u9ed8\u8ba4\u8bbf\u95ee\u89c4\u5219\u548c\u88c5\u8f7d\u6743\u9650\u3002\u8fd9\u53ef\u4ee5\u5728\u6b63\u5728\u4f7f\u7528\u7684\u5bfc\u51fa\u534f\u8bae\u7684\u6302\u8f7d\u914d\u7f6e\u4e2d\u770b\u5230\u3002\u4f8b\u5982\uff0c\u5b58\u50a8\u4e0a\u6709\u4e00\u4e2a NFS \u547d\u4ee4 exportfs \u6216 /etc/exports \u6587\u4ef6\uff0c\u7528\u4e8e\u63a7\u5236\u6bcf\u4e2a\u8fdc\u7a0b\u5171\u4eab\u5e76\u5b9a\u4e49\u53ef\u4ee5\u8bbf\u95ee\u5b83\u7684\u4e3b\u673a\u3002\u5982\u679c\u6ca1\u6709\u4eba\u53ef\u4ee5\u6302\u8f7d\u5171\u4eab\uff0c\u5219\u4e3a\u7a7a\u3002\u5bf9\u4e8e\u8fdc\u7a0b CIFS \u670d\u52a1\u5668\uff0c\u6709\u4e00\u4e2a net conf list \u663e\u793a\u914d\u7f6e\u7684\u547d\u4ee4\u3002 hosts deny \u53c2\u6570\u5e94\u7531\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u8bbe\u7f6e 0.0.0.0/0 \uff0c\u8fd9\u610f\u5473\u7740\u4efb\u4f55\u4e3b\u673a\u90fd\u88ab\u62d2\u7edd\u6302\u8f7d\u5171\u4eab\u3002 \u4f7f\u7528\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\uff0c\u53ef\u4ee5\u901a\u8fc7\u6307\u5b9a\u4ee5\u4e0b\u652f\u6301\u7684\u5171\u4eab\u8bbf\u95ee\u7ea7\u522b\u4e4b\u4e00\u6765\u6388\u4e88\u6216\u62d2\u7edd\u5bf9\u5171\u4eab\u7684\u8bbf\u95ee\uff1a rw\u3002\u8bfb\u53d6\u548c\u5199\u5165 \uff08RW\uff09 \u8bbf\u95ee\u3002\u8fd9\u662f\u9ed8\u8ba4\u503c\u3002 ro\u3002\u53ea\u8bfb \uff08RO\uff09 \u8bbf\u95ee\u3002 \u5efa\u8bae \u5f53\u7ba1\u7406\u5458\u4e3a\u67d0\u4e9b\u7279\u5b9a\u7f16\u8f91\u8005\u6216\u8d21\u732e\u8005\u63d0\u4f9b\u8bfb\u5199 \uff08RW\uff09 \u8bbf\u95ee\u6743\u9650\u5e76\u4e3a\u5176\u4f59\u7528\u6237\uff08\u67e5\u770b\u8005\uff09\u63d0\u4f9b\u53ea\u8bfb \uff08RO\uff09 \u8bbf\u95ee\u6743\u9650\u65f6\uff0cRO \u8bbf\u95ee\u7ea7\u522b\u5728\u516c\u5171\u5171\u4eab\u4e2d\u4f1a\u5f88\u6709\u5e2e\u52a9\u3002 \u60a8\u8fd8\u5fc5\u987b\u6307\u5b9a\u4ee5\u4e0b\u53d7\u652f\u6301\u7684\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u4e4b\u4e00\uff1a ip\u3002\u901a\u8fc7\u5b9e\u4f8b\u7684 IP \u5730\u5740\u5bf9\u5b9e\u4f8b\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u6709\u6548\u683c\u5f0f\u4e3a XX.XX.XX.XX \u6216 XX.XX.XX.XX/XX\u3002\u4f8b\u5982\uff0c0.0.0.0/0\u3002 cert\u3002\u901a\u8fc7 TLS \u8bc1\u4e66\u5bf9\u5b9e\u4f8b\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u5c06 TLS \u6807\u8bc6\u6307\u5b9a\u4e3a IDENTKEY\u3002\u6709\u6548\u503c\u662f\u8bc1\u4e66\u516c\u7528\u540d \uff08CN\uff09 \u4e2d\u957f\u5ea6\u4e0d\u8d85\u8fc7 64 \u4e2a\u5b57\u7b26\u7684\u4efb\u4f55\u5b57\u7b26\u4e32\u3002 user\u3002\u6309\u6307\u5b9a\u7684\u7528\u6237\u540d\u6216\u7ec4\u540d\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u6709\u6548\u503c\u662f\u4e00\u4e2a\u5b57\u6bcd\u6570\u5b57\u5b57\u7b26\u4e32\uff0c\u53ef\u4ee5\u5305\u542b\u4e00\u4e9b\u7279\u6b8a\u5b57\u7b26\uff0c\u957f\u5ea6\u4e3a 4 \u5230 32 \u4e2a\u5b57\u7b26\u3002 \u6ce8\u610f \u652f\u6301\u7684\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u53d6\u51b3\u4e8e\u60a8\u914d\u7f6e\u548c\u4f7f\u7528\u7684\u5171\u4eab\u9a71\u52a8\u7a0b\u5e8f\u3001\u5b89\u5168\u670d\u52a1\u548c\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\u3002\u652f\u6301\u7684\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\u5305\u62ec NFS\u3001CIFS\u3001GlusterFS \u548c HDFS\u3002\u652f\u6301\u7684\u5b89\u5168\u670d\u52a1\u5305\u62ec LDAP\u3001Kerberos \u534f\u8bae\u6216 Microsoft Active Directory \u670d\u52a1\u3002\u6709\u5173\u4e0d\u540c\u9a71\u52a8\u7a0b\u5e8f\u652f\u6301\u529f\u80fd\u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u9a6c\u5c3c\u62c9\u5171\u4eab\u529f\u80fd\u652f\u6301\u6620\u5c04\u3002 \u4e0b\u9762\u662f\u4e0e\u901a\u7528\u9a71\u52a8\u7a0b\u5e8f\u5171\u4eab\u7684 NFS \u793a\u4f8b\u3002\u521b\u5efa\u5171\u4eab\u540e\uff0c\u5b83\u5177\u6709\u5bfc\u51fa\u4f4d\u7f6e 10.254.0.3:/shares/share-b2874f8d-d428-4a5c-b056-e6af80a995de \u3002\u5982\u679c\u60a8\u5c1d\u8bd5\u4f7f\u7528 10.254.0.4 IP \u5730\u5740\u5c06\u5176\u6302\u8f7d\u5230\u4e3b\u673a\u4e0a\uff0c\u60a8\u5c06\u6536\u5230\u201c\u6743\u9650\u88ab\u62d2\u7edd\u201d\u6d88\u606f\u3002 # mount.nfs -v 10.254.0.3:/shares/share-b2874f8d-d428-4a5c-b056-e6af80a995de /mnt mount.nfs: timeout set for Mon Oct 12 13:07:47 2015 mount.nfs: trying text-based options 'vers=4,addr=10.254.0.3,clientaddr=10.254.0.4' mount.nfs: mount(2): Permission denied mount.nfs: access denied by server while mounting 10.254.0.3:/shares/share-b2874f8d-... \u4f5c\u4e3a\u7ba1\u7406\u5458\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7 SSH \u8fde\u63a5\u5230\u5177\u6709 IP \u5730\u5740\u7684 10.254.0.3 \u4e3b\u673a\uff0c\u68c0\u67e5\u5176 /etc/exports \u4e0a\u7684\u6587\u4ef6\u5e76\u67e5\u770b\u5b83\u662f\u5426\u4e3a\u7a7a\uff1a # cat /etc/exports # \u6211\u4eec\u5728\u793a\u4f8b\u4e2d\u4f7f\u7528\u7684\u901a\u7528\u9a71\u52a8\u7a0b\u5e8f\u4e0d\u652f\u6301\u4efb\u4f55\u5b89\u5168\u670d\u52a1\uff0c\u56e0\u6b64\u4f7f\u7528 NFS \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u534f\u8bae\uff0c\u6211\u4eec\u53ea\u80fd\u901a\u8fc7 IP \u5730\u5740\u6388\u4e88\u8bbf\u95ee\u6743\u9650\uff1a $ manila access-allow Share_demo2 ip 10.254.0.4 +--------------+--------------------------------------+ | Property | Value | +--------------+--------------------------------------+ | share_id | e57c25a8-0392-444f-9ffc-5daadb9f756c | | access_type | ip | | access_to | 10.254.0.4 | | access_level | rw | | state | new | | id | 62b8e453-d712-4074-8410-eab6227ba267 | +--------------+--------------------------------------+ \u89c4\u5219\u8fdb\u5165\u72b6\u6001 active \u540e\uff0c\u6211\u4eec\u53ef\u4ee5\u518d\u6b21\u8fde\u63a5\u5230 10.254.0.3 \u4e3b\u673a\u5e76\u68c0\u67e5 /etc/exports \u6587\u4ef6\uff0c\u5e76\u67e5\u770b\u662f\u5426\u6dfb\u52a0\u4e86\u5e26\u6709\u89c4\u5219\u7684\u884c\uff1a # cat /etc/exports /shares/share-b2874f8d-d428-4a5c-b056-e6af80a995de 10.254.0.4(rw,sync,wdelay,hide,nocrossmnt,secure,root_squash,no_all_squash,no_subtree_check,secure_locks,acl,anonuid=65534,anongid=65534,sec=sys,rw,root_squash,no_all_squash) \u73b0\u5728\uff0c\u6211\u4eec\u53ef\u4ee5\u4f7f\u7528 IP \u5730\u5740 10.254.0.4 \u5728\u4e3b\u673a\u4e0a\u6302\u8f7d\u5171\u4eab\uff0c\u5e76\u62e5\u6709 rw \u5171\u4eab\u6743\u9650\uff1a # mount.nfs -v 10.254.0.3:/shares/share-b2874f8d-d428-4a5c-b056-e6af80a995de /mnt # ls -a /mnt . .. lost+found # echo \"Hello!\" > /mnt/1.txt # ls -a /mnt . .. 1.txt lost+found #","title":"\u5171\u4eab\u8bbf\u95ee\u63a7\u5236"},{"location":"security/security-guide/#_183","text":"\u5171\u4eab\u7c7b\u578b\u662f\u7ba1\u7406\u5458\u5b9a\u4e49\u7684\u201c\u670d\u52a1\u7c7b\u578b\u201d\uff0c\u7531\u79df\u6237\u53ef\u89c1\u63cf\u8ff0\u548c\u79df\u6237\u4e0d\u53ef\u89c1\u952e\u503c\u5bf9\u5217\u8868\uff08\u989d\u5916\u89c4\u8303\uff09\u7ec4\u6210\u3002manila-scheduler \u4f7f\u7528\u989d\u5916\u7684\u89c4\u8303\u6765\u505a\u51fa\u8c03\u5ea6\u51b3\u7b56\uff0c\u9a71\u52a8\u7a0b\u5e8f\u63a7\u5236\u5171\u4eab\u521b\u5efa\u3002 \u7ba1\u7406\u5458\u53ef\u4ee5\u521b\u5efa\u548c\u5220\u9664\u5171\u4eab\u7c7b\u578b\uff0c\u8fd8\u53ef\u4ee5\u7ba1\u7406\u5728\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4e2d\u8d4b\u4e88\u5b83\u4eec\u542b\u4e49\u7684\u989d\u5916\u89c4\u8303\u3002\u79df\u6237\u53ef\u4ee5\u5217\u51fa\u5171\u4eab\u7c7b\u578b\uff0c\u5e76\u53ef\u4ee5\u4f7f\u7528\u5b83\u4eec\u521b\u5efa\u65b0\u5171\u4eab\u3002\u6709\u5173\u7ba1\u7406\u5171\u4eab\u7c7b\u578b\u7684\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf API \u548c\u5171\u4eab\u7c7b\u578b\u7ba1\u7406\u6587\u6863\u3002 \u5171\u4eab\u7c7b\u578b\u53ef\u4ee5\u521b\u5efa\u4e3a\u516c\u5171\u548c\u79c1\u6709\u3002\u8fd9\u662f\u5171\u4eab\u7c7b\u578b\u7684\u53ef\u89c1\u6027\u7ea7\u522b\uff0c\u7528\u4e8e\u5b9a\u4e49\u5176\u4ed6\u79df\u6237\u662f\u5426\u53ef\u4ee5\u5728\u5171\u4eab\u7c7b\u578b\u5217\u8868\u4e2d\u770b\u5230\u5b83\uff0c\u5e76\u4f7f\u7528\u5b83\u6765\u521b\u5efa\u65b0\u5171\u4eab\u3002 \u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u5171\u4eab\u7c7b\u578b\u521b\u5efa\u4e3a\u516c\u5171\u7c7b\u578b\u3002\u521b\u5efa\u5171\u4eab\u7c7b\u578b\u65f6\uff0c\u8bf7\u4f7f\u7528 --is_public \u53c2\u6570\u96c6 \u8bbe\u7f6e\u4e3a False \u79c1\u6709\u5171\u4eab\u7c7b\u578b\uff0c\u8fd9\u5c06\u9632\u6b62\u5176\u4ed6\u79df\u6237\u5728\u5171\u4eab\u7c7b\u578b\u5217\u8868\u4e2d\u770b\u5230\u5b83\u5e76\u4f7f\u7528\u5b83\u521b\u5efa\u65b0\u5171\u4eab\u3002\u53e6\u4e00\u65b9\u9762\uff0c\u516c\u5171\u5171\u4eab\u7c7b\u578b\u53ef\u4f9b\u4e91\u4e2d\u7684\u6bcf\u4e2a\u79df\u6237\u4f7f\u7528\u3002 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u5141\u8bb8\u7ba1\u7406\u5458\u6388\u4e88\u6216\u62d2\u7edd\u5bf9\u79df\u6237\u7684\u4e13\u7528\u5171\u4eab\u7c7b\u578b\u7684\u8bbf\u95ee\u6743\u9650\u3002\u8fd8\u53ef\u4ee5\u83b7\u53d6\u6709\u5173\u6307\u5b9a\u4e13\u7528\u5171\u4eab\u7c7b\u578b\u7684\u8bbf\u95ee\u6743\u9650\u7684\u4fe1\u606f\u3002 \u5efa\u8bae \u7531\u4e8e\u5171\u4eab\u7c7b\u578b\u7531\u4e8e\u5176\u989d\u5916\u7684\u89c4\u8303\u800c\u6709\u52a9\u4e8e\u5728\u7528\u6237\u521b\u5efa\u5171\u4eab\u4e4b\u524d\u7b5b\u9009\u6216\u9009\u62e9\u540e\u7aef\uff0c\u56e0\u6b64\u4f7f\u7528\u5bf9\u5171\u4eab\u7c7b\u578b\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u53ef\u4ee5\u9650\u5236\u5ba2\u6237\u7aef\u9009\u62e9\u7279\u5b9a\u7684\u540e\u7aef\u3002 \u4f8b\u5982\uff0c\u4f5c\u4e3a\u7ba1\u7406\u5458\u79df\u6237\u4e2d\u7684\u7ba1\u7406\u5458\u7528\u6237\uff0c\u53ef\u4ee5\u521b\u5efa\u540d\u4e3a my_type \u7684\u4e13\u7528\u5171\u4eab\u7c7b\u578b\uff0c\u5e76\u5728\u5217\u8868\u4e2d\u67e5\u770b\u5b83\u3002\u5728\u63a7\u5236\u53f0\u793a\u4f8b\u4e2d\uff0c\u7701\u7565\u4e86\u767b\u5f55\u548c\u6ce8\u9500\uff0c\u5e76\u63d0\u4f9b\u4e86\u73af\u5883\u53d8\u91cf\u4ee5\u663e\u793a\u5f53\u524d\u767b\u5f55\u7684\u7528\u6237\u3002 $ env | grep OS_ ... OS_USERNAME=admin OS_TENANT_NAME=admin ... $ manila type-list --all +----+--------+-----------+-----------+-----------------------------------+-----------------------+ | ID | Name | Visibility| is_default| required_extra_specs | optional_extra_specs | +----+--------+-----------+-----------+-----------------------------------+-----------------------+ | 4..| my_type| private | - | driver_handles_share_servers:False| snapshot_support:True | | 5..| default| public | YES | driver_handles_share_servers:True | snapshot_support:True | +----+--------+-----------+-----------+-----------------------------------+-----------------------+ demo \u79df\u6237\u4e2d\u7684 demo \u7528\u6237\u53ef\u4ee5\u5217\u51fa\u7c7b\u578b\uff0c\u5e76\u4e14\u547d\u540d my_type \u7684\u4e13\u7528\u5171\u4eab\u7c7b\u578b\u5bf9\u4ed6\u4e0d\u53ef\u89c1\u3002 $ env | grep OS_ ... OS_USERNAME=demo OS_TENANT_NAME=demo ... $ manila type-list --all +----+--------+-----------+-----------+----------------------------------+----------------------+ | ID | Name | Visibility| is_default| required_extra_specs | optional_extra_specs | +----+--------+-----------+-----------+----------------------------------+----------------------+ | 5..| default| public | YES | driver_handles_share_servers:True| snapshot_support:True| +----+--------+-----------+-----------+----------------------------------+----------------------+ \u7ba1\u7406\u5458\u53ef\u4ee5\u6388\u4e88\u5bf9\u79df\u6237 ID \u7b49\u4e8e df29a37db5ae48d19b349fe947fada46 \u7684\u6f14\u793a\u79df\u6237\u7684\u4e13\u7528\u5171\u4eab\u7c7b\u578b\u7684\u8bbf\u95ee\u6743\u9650\uff1a $ env | grep OS_ ... OS_USERNAME=admin OS_TENANT_NAME=admin ... $ openstack project list +----------------------------------+--------------------+ | ID | Name | +----------------------------------+--------------------+ | ... | ... | | df29a37db5ae48d19b349fe947fada46 | demo | +----------------------------------+--------------------+ $ manila type-access-add my_type df29a37db5ae48d19b349fe947fada46 \u56e0\u6b64\uff0c\u73b0\u5728\u6f14\u793a\u79df\u6237\u4e2d\u7684\u7528\u6237\u53ef\u4ee5\u770b\u5230\u4e13\u7528\u5171\u4eab\u7c7b\u578b\uff0c\u5e76\u5728\u5171\u4eab\u521b\u5efa\u4e2d\u4f7f\u7528\u5b83\uff1a $ env | grep OS_ ... OS_USERNAME=demo OS_TENANT_NAME=demo ... $ manila type-list --all +----+--------+-----------+-----------+-----------------------------------+-----------------------+ | ID | Name | Visibility| is_default| required_extra_specs | optional_extra_specs | +----+--------+-----------+-----------+-----------------------------------+-----------------------+ | 4..| my_type| private | - | driver_handles_share_servers:False| snapshot_support:True | | 5..| default| public | YES | driver_handles_share_servers:True | snapshot_support:True | +----+--------+-----------+-----------+-----------------------------------+- \u8981\u62d2\u7edd\u5bf9\u6307\u5b9a\u9879\u76ee\u7684\u8bbf\u95ee\uff0c\u8bf7\u4f7f\u7528 manila type-access-remove \u547d\u4ee4\u3002 \u5efa\u8bae \u4e00\u4e2a\u771f\u5b9e\u7684\u751f\u4ea7\u7528\u4f8b\u663e\u793a\u4e86\u5171\u4eab\u7c7b\u578b\u7684\u7528\u9014\u548c\u5bf9\u5b83\u4eec\u7684\u8bbf\u95ee\uff0c\u5f53\u4f60\u6709\u4e24\u4e2a\u540e\u7aef\u65f6\uff1a\u5ec9\u4ef7\u7684 LVM \u4f5c\u4e3a\u516c\u5171\u5b58\u50a8\uff0c\u6602\u8d35\u7684 Ceph \u4f5c\u4e3a\u79c1\u6709\u5b58\u50a8\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u53ef\u4ee5\u5411\u67d0\u4e9b\u79df\u6237\u6388\u4e88\u8bbf\u95ee\u6743\u9650\uff0c\u5e76\u4f7f\u7528 `user/group` \u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u8fdb\u884c\u8bbf\u95ee\u3002","title":"\u5171\u4eab\u7c7b\u578b\u8bbf\u95ee\u63a7\u5236"},{"location":"security/security-guide/#_184","text":"\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u6709\u81ea\u5df1\u7684\u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u7b56\u7565\u3002\u5b83\u4eec\u786e\u5b9a\u54ea\u4e2a\u7528\u6237\u53ef\u4ee5\u4ee5\u54ea\u79cd\u65b9\u5f0f\u8bbf\u95ee\u54ea\u4e9b\u5bf9\u8c61\uff0c\u5e76\u5728\u670d\u52a1\u7684 policy.json \u6587\u4ef6\u4e2d\u5b9a\u4e49\u3002 \u5efa\u8bae \u914d\u7f6e\u6587\u4ef6 `policy.json` \u53ef\u4ee5\u653e\u7f6e\u5728\u4efb\u4f55\u4f4d\u7f6e\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u8be5\u8def\u5f84 `/etc/manila/policy.json` \u662f\u5fc5\u9700\u7684\u3002 \u6bcf\u5f53\u5bf9\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u8fdb\u884c API \u8c03\u7528\u65f6\uff0c\u7b56\u7565\u5f15\u64ce\u90fd\u4f1a\u4f7f\u7528\u76f8\u5e94\u7684\u7b56\u7565\u5b9a\u4e49\u6765\u786e\u5b9a\u662f\u5426\u53ef\u4ee5\u63a5\u53d7\u8be5\u8c03\u7528\u3002 \u7b56\u7565\u89c4\u5219\u786e\u5b9a\u5728\u4ec0\u4e48\u60c5\u51b5\u4e0b\u5141\u8bb8 API \u8c03\u7528\u3002\u5f53 /etc/manila/policy.json \u89c4\u5219\u4e3a\u7a7a\u5b57\u7b26\u4e32\u65f6\uff0c\u8be5\u6587\u4ef6\u5177\u6709\u59cb\u7ec8\u5141\u8bb8\u64cd\u4f5c\u7684\u89c4\u5219\uff1a \"\" ;\u57fa\u4e8e\u7528\u6237\u89d2\u8272\u6216\u89c4\u5219\u7684\u89c4\u5219;\u5e26\u6709\u5e03\u5c14\u8868\u8fbe\u5f0f\u7684\u89c4\u5219\u3002\u4e0b\u9762\u662f\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1 policy.json \u7684\u6587\u4ef6\u7247\u6bb5\u3002\u4ece\u4e00\u4e2aOpenStack\u7248\u672c\u5230\u53e6\u4e00\u4e2aOpenStack\u7248\u672c\uff0c\u53ef\u4ee5\u5bf9\u5176\u8fdb\u884c\u66f4\u6539\u3002 { \"context_is_admin\": \"role:admin\", \"admin_or_owner\": \"is_admin:True or project_id:%(project_id)s\", \"default\": \"rule:admin_or_owner\", \"share_extension:quotas:show\": \"\", \"share_extension:quotas:update\": \"rule:admin_api\", \"share_extension:quotas:delete\": \"rule:admin_api\", \"share_extension:quota_classes\": \"\", } \u5fc5\u987b\u5c06\u7528\u6237\u5206\u914d\u5230\u7b56\u7565\u4e2d\u5f15\u7528\u7684\u7ec4\u548c\u89d2\u8272\u3002\u5f53\u4f7f\u7528\u7528\u6237\u7ba1\u7406\u547d\u4ee4\u65f6\uff0c\u670d\u52a1\u4f1a\u81ea\u52a8\u5b8c\u6210\u6b64\u64cd\u4f5c\u3002 \u6ce8\u610f \u4efb\u4f55\u66f4\u6539 `/etc/manila/policy.json` \u90fd\u4f1a\u7acb\u5373\u751f\u6548\uff0c\u8fd9\u5141\u8bb8\u5728\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u8fd0\u884c\u65f6\u5b9e\u65bd\u65b0\u7b56\u7565\u3002\u624b\u52a8\u4fee\u6539\u7b56\u7565\u53ef\u80fd\u4f1a\u4ea7\u751f\u610f\u60f3\u4e0d\u5230\u7684\u526f\u4f5c\u7528\uff0c\u56e0\u6b64\u4e0d\u9f13\u52b1\u8fd9\u6837\u505a\u3002\u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 policy.json \u6587\u4ef6\u3002","title":"\u653f\u7b56"},{"location":"security/security-guide/#_185","text":"","title":"\u68c0\u67e5\u8868"},{"location":"security/security-guide/#check-shared-01-rootmanila","text":"\u914d\u7f6e\u6587\u4ef6\u5305\u542b\u7ec4\u4ef6\u5e73\u7a33\u8fd0\u884c\u6240\u9700\u7684\u5173\u952e\u53c2\u6570\u548c\u4fe1\u606f\u3002\u5982\u679c\u975e\u7279\u6743\u7528\u6237\u6709\u610f\u6216\u65e0\u610f\u5730\u4fee\u6539\u6216\u5220\u9664\u4efb\u4f55\u53c2\u6570\u6216\u6587\u4ef6\u672c\u8eab\uff0c\u5219\u4f1a\u5bfc\u81f4\u4e25\u91cd\u7684\u53ef\u7528\u6027\u95ee\u9898\uff0c\u4ece\u800c\u5bfc\u81f4\u62d2\u7edd\u5411\u5176\u4ed6\u6700\u7ec8\u7528\u6237\u63d0\u4f9b\u670d\u52a1\u3002\u56e0\u6b64\uff0c\u6b64\u7c7b\u5173\u952e\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a root\uff0c\u7ec4\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a manila\u3002\u6b64\u5916\uff0c\u5305\u542b\u76ee\u5f55\u5e94\u5177\u6709\u76f8\u540c\u7684\u6240\u6709\u6743\uff0c\u4ee5\u786e\u4fdd\u6b63\u786e\u62e5\u6709\u65b0\u6587\u4ef6\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%U %G\" /etc/manila/manila.conf | egrep \"root manila\" $ stat -L -c \"%U %G\" /etc/manila/api-paste.ini | egrep \"root manila\" $ stat -L -c \"%U %G\" /etc/manila/policy.json | egrep \"root manila\" $ stat -L -c \"%U %G\" /etc/manila/rootwrap.conf | egrep \"root manila\" $ stat -L -c \"%U %G\" /etc/manila | egrep \"root manila\" \u901a\u8fc7\uff1a\u5982\u679c\u6240\u6709\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u5206\u522b\u8bbe\u7f6e\u4e3a root \u548c manila\u3002\u4e0a\u9762\u7684\u547d\u4ee4\u663e\u793a\u4e86\u6839\u9a6c\u5c3c\u62c9\u7684\u8f93\u51fa\u3002 \u5931\u8d25\uff1a\u5982\u679c\u4e0a\u8ff0\u547d\u4ee4\u672a\u8fd4\u56de\u4efb\u4f55\u8f93\u51fa\uff0c\u56e0\u4e3a\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u53ef\u80fd\u5df2\u8bbe\u7f6e\u4e3a\u9664 root \u4ee5\u5916\u7684\u4efb\u4f55\u7528\u6237\u6216\u9a6c\u5c3c\u62c9\u4ee5\u5916\u7684\u4efb\u4f55\u7ec4\u3002","title":"Check-Shared-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/manila\uff1f"},{"location":"security/security-guide/#check-shared-02","text":"\u4e0e\u524d\u9762\u7684\u68c0\u67e5\u7c7b\u4f3c\uff0c\u5efa\u8bae\u5bf9\u6b64\u7c7b\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e25\u683c\u7684\u8bbf\u95ee\u6743\u9650\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%a\" /etc/manila/manila.conf $ stat -L -c \"%a\" /etc/manila/api-paste.ini $ stat -L -c \"%a\" /etc/manila/policy.json $ stat -L -c \"%a\" /etc/manila/rootwrap.conf $ stat -L -c \"%a\" /etc/manila \u8fd8\u53ef\u4ee5\u8fdb\u884c\u66f4\u5e7f\u6cdb\u7684\u9650\u5236\uff1a\u5982\u679c\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\uff0c\u5219\u4fdd\u8bc1\u6b64\u76ee\u5f55\u4e2d\u65b0\u521b\u5efa\u7684\u6587\u4ef6\u5177\u6709\u6240\u9700\u7684\u6743\u9650\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u6743\u9650\u8bbe\u7f6e\u4e3a 640 \u6216\u66f4\u4e25\u683c\uff0c\u6216\u8005\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\u3002640 \u7684\u6743\u9650\u8f6c\u6362\u4e3a\u6240\u6709\u8005 r/w\u3001\u7ec4 r\uff0c\u800c\u5bf9\u5176\u4ed6\u4eba\u6ca1\u6709\u6743\u9650\uff0c\u5373\u201cu=rw\uff0cg=r\uff0co=\u201d\u3002\u8bf7\u6ce8\u610f\uff0c\u4f7f\u7528 Check-Shared-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/manila\uff1f\u6743\u9650\u8bbe\u7f6e\u4e3a 640\uff0croot \u5177\u6709\u8bfb/\u5199\u8bbf\u95ee\u6743\u9650\uff0cmanila \u5177\u6709\u5bf9\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u8bfb\u53d6\u8bbf\u95ee\u6743\u9650\u3002\u4e5f\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u9a8c\u8bc1\u8bbf\u95ee\u6743\u9650\u3002\u4ec5\u5f53\u6b64\u547d\u4ee4\u652f\u6301 ACL \u65f6\uff0c\u5b83\u624d\u5728\u60a8\u7684\u7cfb\u7edf\u4e0a\u53ef\u7528\u3002 $ getfacl --tabular -a /etc/manila/manila.conf getfacl: Removing leading '/' from absolute path names # file: etc/manila/manila.conf USER root rw- GROUP manila r-- mask r-- other --- \u5931\u8d25\uff1a\u5982\u679c\u6743\u9650\u672a\u8bbe\u7f6e\u4e3a\u81f3\u5c11 640\u3002","title":"Check-Shared-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f"},{"location":"security/security-guide/#check-shared-03openstack-identity","text":"\u6ce8\u610f \u6b64\u9879\u4ec5\u9002\u7528\u4e8e OpenStack \u7248\u672c Rocky \u53ca\u4e4b\u524d\u7248\u672c\uff0c\u56e0\u4e3a `auth_strategy` Stein \u4e2d\u5df2\u5f03\u7528\u3002 OpenStack \u652f\u6301\u5404\u79cd\u8eab\u4efd\u9a8c\u8bc1\u7b56\u7565\uff0c\u5982 noauth \u548c keystone\u3002\u5982\u679c\u4f7f\u7528 ' noauth ' \u7b56\u7565\uff0c\u5219\u7528\u6237\u65e0\u9700\u4efb\u4f55\u8eab\u4efd\u9a8c\u8bc1\u5373\u53ef\u4e0e OpenStack \u670d\u52a1\u8fdb\u884c\u4ea4\u4e92\u3002\u8fd9\u53ef\u80fd\u662f\u4e00\u4e2a\u6f5c\u5728\u7684\u98ce\u9669\uff0c\u56e0\u4e3a\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u83b7\u5f97\u5bf9 OpenStack \u7ec4\u4ef6\u7684\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002\u56e0\u6b64\uff0c\u5f3a\u70c8\u5efa\u8bae\u6240\u6709\u670d\u52a1\u90fd\u5fc5\u987b\u4f7f\u7528\u5176\u670d\u52a1\u5e10\u6237\u901a\u8fc7 keystone \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 auth_strategy \u8bbe\u7f6e\u4e3a keystone \u3002 [DEFAULT] manila.conf \u5931\u8d25\uff1a\u5982\u679c section \u4e0b\u7684 [DEFAULT] \u53c2\u6570 auth_strategy \u503c\u8bbe\u7f6e\u4e3a noauth \u3002","title":"Check-Shared-03\uff1aOpenStack Identity \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f"},{"location":"security/security-guide/#check-shared-04-tls","text":"OpenStack \u7ec4\u4ef6\u4f7f\u7528\u5404\u79cd\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\uff0c\u901a\u4fe1\u53ef\u80fd\u6d89\u53ca\u654f\u611f\u6216\u673a\u5bc6\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5c1d\u8bd5\u7a83\u542c\u9891\u9053\u4ee5\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u6240\u6709\u7ec4\u4ef6\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in /etc/manila/manila.conf \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a Identity API \u7aef\u70b9\u5f00\u5934\uff0c https:// \u5e76\u4e14 same /etc/manila/manila.conf \u4e2d\u540c\u4e00 [keystone_authtoken] \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri insecure \u503c\u8bbe\u7f6e\u4e3a False \u3002 \u5931\u8d25\uff1a\u5982\u679c in /etc/manila/manila.conf \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri \u503c\u672a\u8bbe\u7f6e\u4e3a\u4ee5 \u5f00\u5934\u7684\u8eab\u4efd API \u7aef\u70b9\uff0c https:// \u6216\u8005\u540c\u4e00 /etc/manila/manila.conf \u90e8\u5206\u4e2d\u7684\u53c2\u6570 insecure [keystone_authtoken] \u503c\u8bbe\u7f6e\u4e3a True \u3002","title":"Check-Shared-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f"},{"location":"security/security-guide/#check-shared-05-tls","text":"\u6ce8\u610f \u6b64\u9879\u4ec5\u9002\u7528\u4e8e OpenStack \u7248\u672c Train \u53ca\u4e4b\u524d\u7248\u672c\uff0c\u56e0\u4e3a `auth_strategy` Ussuri \u4e2d\u5df2\u5f03\u7528\u3002 OpenStack \u7ec4\u4ef6\u4f7f\u7528\u5404\u79cd\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\uff0c\u901a\u4fe1\u53ef\u80fd\u6d89\u53ca\u654f\u611f\u6216\u673a\u5bc6\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5c1d\u8bd5\u7a83\u542c\u9891\u9053\u4ee5\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u56e0\u6b64\uff0c\u6240\u6709\u7ec4\u4ef6\u90fd\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u7684\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 nova_api_insecure \u8bbe\u7f6e\u4e3a False \u3002 [DEFAULT] manila.conf \u5931\u8d25\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 nova_api_insecure \u8bbe\u7f6e\u4e3a True \u3002 [DEFAULT] manila.conf","title":"Check-Shared-05\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u8ba1\u7b97\u8054\u7cfb\uff1f"},{"location":"security/security-guide/#check-shared-06-tls","text":"\u6ce8\u610f \u6b64\u9879\u4ec5\u9002\u7528\u4e8e OpenStack \u7248\u672c Train \u53ca\u4e4b\u524d\u7248\u672c\uff0c\u56e0\u4e3a `auth_strategy` Ussuri \u4e2d\u5df2\u5f03\u7528\u3002 \u4e0e\u4e4b\u524d\u7684\u68c0\u67e5\uff08Check-Shared-05\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u8ba1\u7b97\u8054\u7cfb\uff1f\uff09\u7c7b\u4f3c\uff0c\u5efa\u8bae\u6240\u6709\u7ec4\u4ef6\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 neutron_api_insecure \u8bbe\u7f6e\u4e3a False \u3002 [DEFAULT] manila.conf \u5931\u8d25\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 neutron_api_insecure \u8bbe\u7f6e\u4e3a True \u3002 [DEFAULT] manila.conf","title":"Check-Shared-06\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u7f51\u7edc\u8054\u7cfb\uff1f"},{"location":"security/security-guide/#check-shared-07-tls","text":"\u6ce8\u610f \u6b64\u9879\u4ec5\u9002\u7528\u4e8e OpenStack \u7248\u672c Train \u53ca\u4e4b\u524d\u7248\u672c\uff0c\u56e0\u4e3a `auth_strategy` Ussuri \u4e2d\u5df2\u5f03\u7528\u3002 \u4e0e\u4e4b\u524d\u7684\u68c0\u67e5\uff08Check-Shared-05\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u8ba1\u7b97\u8054\u7cfb\uff1f\uff09\u7c7b\u4f3c\uff0c\u5efa\u8bae\u6240\u6709\u7ec4\u4ef6\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 cinder_api_insecure \u8bbe\u7f6e\u4e3a False \u3002 [DEFAULT] manila.conf \u5931\u8d25\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 cinder_api_insecure \u8bbe\u7f6e\u4e3a True \u3002 [DEFAULT] manila.conf","title":"Check-Shared-07\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u662f\u5426\u901a\u8fc7 TLS \u4e0e\u5757\u5b58\u50a8\u8054\u7cfb\uff1f"},{"location":"security/security-guide/#check-shared-08-114688","text":"\u5982\u679c\u672a\u5b9a\u4e49\u6bcf\u4e2a\u8bf7\u6c42\u7684\u6700\u5927\u6b63\u6587\u5927\u5c0f\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u6784\u5efa\u4efb\u610f\u8f83\u5927\u7684OSAPI\u8bf7\u6c42\uff0c\u5bfc\u81f4\u670d\u52a1\u5d29\u6e83\uff0c\u6700\u7ec8\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u5206\u914d\u6700\u5927\u503c\u53ef\u786e\u4fdd\u963b\u6b62\u4efb\u4f55\u6076\u610f\u8d85\u5927\u8bf7\u6c42\uff0c\u4ece\u800c\u786e\u4fdd\u670d\u52a1\u7684\u6301\u7eed\u53ef\u7528\u6027\u3002 \u901a\u8fc7\uff1a\u5982\u679c in \u8282\u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a \uff0c\u6216\u8005 in manila.conf manila.conf \u8282\u4e0b\u7684 [oslo_middleware] [DEFAULT] \u53c2\u6570 max_request_body_size osapi_max_request_body_size \u503c\u8bbe\u7f6e\u4e3a 114688 \u3002 114688 \u4e0b\u9762\u7684 [DEFAULT] \u53c2\u6570 osapi_max_request_body_size \u5df2\u5f03\u7528\uff0c\u6700\u597d\u4f7f\u7528 [oslo_middleware]/ max_request_body_size \u3002 \u5931\u8d25\uff1a\u5982\u679c in manila.conf \u8282\u4e0b\u7684\u53c2\u6570\u503c\u672a\u8bbe\u7f6e\u4e3a 114688 \uff0c\u6216\u8005 in manila.conf \u8282\u4e0b\u7684 [DEFAULT] [oslo_middleware] \u53c2\u6570 max_request_body_size osapi_max_request_body_size \u503c\u672a\u8bbe\u7f6e\u4e3a 114688 \u3002","title":"Check-Shared-08\uff1a\u8bf7\u6c42\u6b63\u6587\u7684\u6700\u5927\u5927\u5c0f\u662f\u5426\u8bbe\u7f6e\u4e3a\u9ed8\u8ba4\u503c \uff08114688\uff09\uff1f"},{"location":"security/security-guide/#_186","text":"OpenStack \u7f51\u7edc\u670d\u52a1 \uff08neutron\uff09 \u4f7f\u6700\u7ec8\u7528\u6237\u6216\u79df\u6237\u80fd\u591f\u5b9a\u4e49\u3001\u5229\u7528\u548c\u4f7f\u7528\u7f51\u7edc\u8d44\u6e90\u3002OpenStack Networking \u63d0\u4f9b\u4e86\u4e00\u4e2a\u9762\u5411\u79df\u6237\u7684 API\uff0c\u7528\u4e8e\u5b9a\u4e49\u4e91\u4e2d\u5b9e\u4f8b\u7684\u7f51\u7edc\u8fde\u63a5\u548c IP \u5bfb\u5740\uff0c\u4ee5\u53ca\u7f16\u6392\u7f51\u7edc\u914d\u7f6e\u3002\u968f\u7740\u5411\u4ee5 API \u4e3a\u4e2d\u5fc3\u7684\u7f51\u7edc\u670d\u52a1\u7684\u8fc7\u6e21\uff0c\u4e91\u67b6\u6784\u5e08\u548c\u7ba1\u7406\u5458\u5e94\u8003\u8651\u6700\u4f73\u5b9e\u8df5\u6765\u4fdd\u62a4\u7269\u7406\u548c\u865a\u62df\u7f51\u7edc\u57fa\u7840\u67b6\u6784\u548c\u670d\u52a1\u3002 OpenStack Networking \u91c7\u7528\u63d2\u4ef6\u67b6\u6784\u8bbe\u8ba1\uff0c\u901a\u8fc7\u5f00\u6e90\u793e\u533a\u6216\u7b2c\u4e09\u65b9\u670d\u52a1\u63d0\u4f9b API \u7684\u53ef\u6269\u5c55\u6027\u3002\u5728\u8bc4\u4f30\u67b6\u6784\u8bbe\u8ba1\u8981\u6c42\u65f6\uff0c\u786e\u5b9a OpenStack Networking \u6838\u5fc3\u670d\u52a1\u4e2d\u6709\u54ea\u4e9b\u529f\u80fd\u3001\u7b2c\u4e09\u65b9\u4ea7\u54c1\u63d0\u4f9b\u7684\u4efb\u4f55\u5176\u4ed6\u670d\u52a1\u4ee5\u53ca\u9700\u8981\u5728\u7269\u7406\u57fa\u7840\u67b6\u6784\u4e2d\u5b9e\u73b0\u54ea\u4e9b\u8865\u5145\u670d\u52a1\u975e\u5e38\u91cd\u8981\u3002 \u672c\u8282\u7b80\u8981\u6982\u8ff0\u4e86\u5728\u5b9e\u73b0 OpenStack Networking \u65f6\u5e94\u8003\u8651\u54ea\u4e9b\u6d41\u7a0b\u548c\u6700\u4f73\u5b9e\u8df5\u3002 \u7f51\u7edc\u67b6\u6784 \u5728\u7269\u7406\u670d\u52a1\u5668\u4e0a\u653e\u7f6e OpenStack Networking \u670d\u52a1 \u7f51\u7edc\u670d\u52a1 \u4f7f\u7528 VLAN \u548c\u96a7\u9053\u7684 L2 \u9694\u79bb \u7f51\u7edc\u670d\u52a1 \u7f51\u7edc\u670d\u52a1\u6269\u5c55 \u7f51\u7edc\u670d\u52a1\u9650\u5236 \u7f51\u7edc\u670d\u52a1\u5b89\u5168\u6700\u4f73\u505a\u6cd5 OpenStack Networking \u670d\u52a1\u914d\u7f6e \u4fdd\u62a4 OpenStack \u7f51\u7edc\u670d\u52a1 \u9879\u76ee\u7f51\u7edc\u670d\u52a1\u5de5\u4f5c\u6d41\u7a0b \u7f51\u7edc\u8d44\u6e90\u7b56\u7565\u5f15\u64ce \u5b89\u5168\u7ec4 \u914d\u989d \u7f13\u89e3 ARP \u6b3a\u9a97 \u68c0\u67e5\u8868 Check-Neutron-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/neutron\uff1f Check-Neutron-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Neutron-03\uff1aKeystone\u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Neutron-04\uff1a\u662f\u5426\u4f7f\u7528\u5b89\u5168\u534f\u8bae\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Neutron-05\uff1aNeutron API \u670d\u52a1\u5668\u4e0a\u662f\u5426\u542f\u7528\u4e86 TLS\uff1f","title":"\u8054\u7f51"},{"location":"security/security-guide/#_187","text":"OpenStack Networking \u662f\u4e00\u4e2a\u72ec\u7acb\u7684\u670d\u52a1\uff0c\u901a\u5e38\u5728\u591a\u4e2a\u8282\u70b9\u4e0a\u90e8\u7f72\u591a\u4e2a\u8fdb\u7a0b\u3002\u8fd9\u4e9b\u8fdb\u7a0b\u5f7c\u6b64\u4ea4\u4e92\uff0c\u5e76\u4e0e\u5176\u4ed6 OpenStack \u670d\u52a1\u4ea4\u4e92\u3002OpenStack Networking \u670d\u52a1\u7684\u4e3b\u8981\u8fdb\u7a0b\u662f neutron-server\uff0c\u8fd9\u662f\u4e00\u4e2a Python \u5b88\u62a4\u8fdb\u7a0b\uff0c\u5b83\u516c\u5f00 OpenStack Networking API\uff0c\u5e76\u5c06\u79df\u6237\u8bf7\u6c42\u4f20\u9012\u7ed9\u4e00\u7ec4\u63d2\u4ef6\u8fdb\u884c\u989d\u5916\u5904\u7406\u3002 OpenStack Networking \u7ec4\u4ef6\u5305\u62ec\uff1a neutron \u670d\u52a1\u5668\uff08neutron-server \u548c neutron-*-plugin\uff09 \u6b64\u670d\u52a1\u5728\u7f51\u7edc\u8282\u70b9\u4e0a\u8fd0\u884c\uff0c\u4e3a\u7f51\u7edc API \u53ca\u5176\u6269\u5c55\u63d0\u4f9b\u670d\u52a1\u3002\u5b83\u8fd8\u5f3a\u5236\u6267\u884c\u6bcf\u4e2a\u7aef\u53e3\u7684\u7f51\u7edc\u6a21\u578b\u548c IP \u5bfb\u5740\u3002neutron-server \u9700\u8981\u95f4\u63a5\u8bbf\u95ee\u6301\u4e45\u6027\u6570\u636e\u5e93\u3002\u8fd9\u662f\u901a\u8fc7\u63d2\u4ef6\u5b9e\u73b0\u7684\uff0c\u63d2\u4ef6\u4f7f\u7528 AMQP\uff08\u9ad8\u7ea7\u6d88\u606f\u961f\u5217\u534f\u8bae\uff09\u4e0e\u6570\u636e\u5e93\u8fdb\u884c\u901a\u4fe1\u3002 \u63d2\u4ef6\u4ee3\u7406 \uff08neutron-*-agent\uff09 \u5728\u6bcf\u4e2a\u8ba1\u7b97\u8282\u70b9\u4e0a\u8fd0\u884c\uff0c\u4ee5\u7ba1\u7406\u672c\u5730\u865a\u62df\u4ea4\u6362\u673a \uff08vswitch\uff09 \u914d\u7f6e\u3002\u60a8\u4f7f\u7528\u7684\u63d2\u4ef6\u51b3\u5b9a\u4e86\u8fd0\u884c\u54ea\u4e9b\u4ee3\u7406\u3002\u6b64\u670d\u52a1\u9700\u8981\u6d88\u606f\u961f\u5217\u8bbf\u95ee\uff0c\u5e76\u53d6\u51b3\u4e8e\u6240\u4f7f\u7528\u7684\u63d2\u4ef6\u3002\u4e00\u4e9b\u63d2\u4ef6\uff0c\u5982 OpenDaylight\uff08ODL\uff09 \u548c\u5f00\u653e\u865a\u62df\u7f51\u7edc \uff08OVN\uff09\uff0c\u5728\u8ba1\u7b97\u8282\u70b9\u4e0a\u4e0d\u9700\u8981\u4efb\u4f55 python \u4ee3\u7406\u3002 DHCP \u4ee3\u7406 \uff08neutron-dhcp-agent\uff09 \u4e3a\u79df\u6237\u7f51\u7edc\u63d0\u4f9bDHCP\u670d\u52a1\u3002\u6b64\u4ee3\u7406\u5728\u6240\u6709\u63d2\u4ef6\u4e2d\u90fd\u662f\u76f8\u540c\u7684\uff0c\u5e76\u8d1f\u8d23\u7ef4\u62a4 DHCP \u914d\u7f6e\u3002neutron-dhcp-agent \u9700\u8981\u6d88\u606f\u961f\u5217\u8bbf\u95ee\u3002\u53ef\u9009\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u63d2\u4ef6\u3002 L3 \u4ee3\u7406\uff08neutron-L3-agent\uff09 \u4e3a\u79df\u6237\u7f51\u7edc\u4e0a\u7684\u865a\u62df\u673a\u63d0\u4f9b L3/NAT \u8f6c\u53d1\u3002\u9700\u8981\u6d88\u606f\u961f\u5217\u8bbf\u95ee\u6743\u9650\u3002\u53ef\u9009\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u63d2\u4ef6\u3002 \u7f51\u7edc\u63d0\u4f9b\u5546\u670d\u52a1\uff08SDN \u670d\u52a1\u5668/\u670d\u52a1\uff09 \u4e3a\u79df\u6237\u7f51\u7edc\u63d0\u4f9b\u5176\u4ed6\u7f51\u7edc\u670d\u52a1\u3002\u8fd9\u4e9b SDN \u670d\u52a1\u53ef\u4ee5\u901a\u8fc7 REST API \u7b49\u901a\u4fe1\u901a\u9053\u4e0e neutron-server\u3001neutron-plugin \u548c plugin-agents \u8fdb\u884c\u4ea4\u4e92\u3002 \u4e0b\u56fe\u663e\u793a\u4e86 OpenStack Networking \u7ec4\u4ef6\u7684\u67b6\u6784\u548c\u7f51\u7edc\u6d41\u7a0b\u56fe\uff1a","title":"\u7f51\u7edc\u67b6\u6784"},{"location":"security/security-guide/#openstack-networking","text":"\u672c\u6307\u5357\u91cd\u70b9\u4ecb\u7ecd\u4e00\u4e2a\u6807\u51c6\u67b6\u6784\uff0c\u5176\u4e2d\u5305\u62ec\u4e00\u4e2a\u4e91\u63a7\u5236\u5668\u4e3b\u673a\u3001\u4e00\u4e2a\u7f51\u7edc\u4e3b\u673a\u548c\u4e00\u7ec4\u7528\u4e8e\u8fd0\u884c VM \u7684\u8ba1\u7b97\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u3002","title":"OpenStack Networking \u670d\u52a1\u5728\u7269\u7406\u670d\u52a1\u5668\u4e0a\u7684\u653e\u7f6e"},{"location":"security/security-guide/#_188","text":"\u6807\u51c6\u7684 OpenStack Networking \u8bbe\u7f6e\u6700\u591a\u6709\u56db\u4e2a\u4e0d\u540c\u7684\u7269\u7406\u6570\u636e\u4e2d\u5fc3\u7f51\u7edc\uff1a \u7ba1\u7406\u7f51\u7edc \u7528\u4e8e OpenStack \u7ec4\u4ef6\u4e4b\u95f4\u7684\u5185\u90e8\u901a\u4fe1\u3002\u6b64\u7f51\u7edc\u4e0a\u7684 IP \u5730\u5740\u5e94\u53ea\u80fd\u5728\u6570\u636e\u4e2d\u5fc3\u5185\u8bbf\u95ee\uff0c\u5e76\u88ab\u89c6\u4e3a\u7ba1\u7406\u5b89\u5168\u57df\u3002 \u8bbf\u5ba2\u7f51\u7edc \u7528\u4e8e\u4e91\u90e8\u7f72\u4e2d\u7684 VM \u6570\u636e\u901a\u4fe1\u3002\u6b64\u7f51\u7edc\u7684 IP \u5bfb\u5740\u8981\u6c42\u53d6\u51b3\u4e8e\u6240\u4f7f\u7528\u7684 OpenStack Networking \u63d2\u4ef6\u4ee5\u53ca\u79df\u6237\u5bf9\u865a\u62df\u7f51\u7edc\u6240\u505a\u7684\u7f51\u7edc\u914d\u7f6e\u9009\u62e9\u3002\u6b64\u7f51\u7edc\u88ab\u89c6\u4e3a\u5ba2\u6237\u673a\u5b89\u5168\u57df\u3002 \u5916\u90e8\u7f51\u7edc \u7528\u4e8e\u5728\u67d0\u4e9b\u90e8\u7f72\u65b9\u6848\u4e2d\u4e3a VM \u63d0\u4f9b Internet \u8bbf\u95ee\u6743\u9650\u3002Internet \u4e0a\u7684\u4efb\u4f55\u4eba\u90fd\u53ef\u4ee5\u8bbf\u95ee\u6b64\u7f51\u7edc\u4e0a\u7684 IP \u5730\u5740\u3002\u6b64\u7f51\u7edc\u88ab\u89c6\u4e3a\u5c5e\u4e8e\u516c\u5171\u5b89\u5168\u57df\u3002 API\u7f51\u7edc \u5411\u79df\u6237\u516c\u5f00\u6240\u6709 OpenStack API\uff0c\u5305\u62ec OpenStack \u7f51\u7edc API\u3002Internet \u4e0a\u7684\u4efb\u4f55\u4eba\u90fd\u53ef\u4ee5\u8bbf\u95ee\u6b64\u7f51\u7edc\u4e0a\u7684 IP \u5730\u5740\u3002\u8fd9\u53ef\u80fd\u4e0e\u5916\u90e8\u7f51\u7edc\u662f\u540c\u4e00\u7f51\u7edc\uff0c\u56e0\u4e3a\u53ef\u4ee5\u4e3a\u4f7f\u7528 IP \u5206\u914d\u8303\u56f4\u7684\u5916\u90e8\u7f51\u7edc\u521b\u5efa\u4e00\u4e2a\u5b50\u7f51\uff0c\u4ee5\u4fbf\u4ec5\u4f7f\u7528 IP \u5757\u4e2d\u5c0f\u4e8e\u5168\u90e8\u8303\u56f4\u7684 IP \u5730\u5740\u3002\u6b64\u7f51\u7edc\u88ab\u89c6\u4e3a\u516c\u5171\u5b89\u5168\u57df\u3002 \u6709\u5173\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u300aOpenStack \u7ba1\u7406\u5458\u6307\u5357\u300b\u3002","title":"\u7269\u7406\u670d\u52a1\u5668\u7684\u7f51\u7edc\u8fde\u63a5"},{"location":"security/security-guide/#_189","text":"\u5728\u8bbe\u8ba1 OpenStack \u7f51\u7edc\u57fa\u7840\u67b6\u6784\u7684\u521d\u59cb\u67b6\u6784\u9636\u6bb5\uff0c\u786e\u4fdd\u63d0\u4f9b\u9002\u5f53\u7684\u4e13\u4e1a\u77e5\u8bc6\u6765\u534f\u52a9\u8bbe\u8ba1\u7269\u7406\u7f51\u7edc\u57fa\u7840\u67b6\u6784\uff0c\u786e\u5b9a\u9002\u5f53\u7684\u5b89\u5168\u63a7\u5236\u548c\u5ba1\u8ba1\u673a\u5236\u975e\u5e38\u91cd\u8981\u3002 OpenStack Networking \u589e\u52a0\u4e86\u4e00\u5c42\u865a\u62df\u5316\u7f51\u7edc\u670d\u52a1\uff0c\u4f7f\u79df\u6237\u80fd\u591f\u6784\u5efa\u81ea\u5df1\u7684\u865a\u62df\u7f51\u7edc\u3002\u76ee\u524d\uff0c\u8fd9\u4e9b\u865a\u62df\u5316\u670d\u52a1\u8fd8\u6ca1\u6709\u4f20\u7edf\u7f51\u7edc\u7684\u6210\u719f\u3002\u5728\u91c7\u7528\u8fd9\u4e9b\u865a\u62df\u5316\u670d\u52a1\u4e4b\u524d\uff0c\u8bf7\u8003\u8651\u8fd9\u4e9b\u670d\u52a1\u7684\u5f53\u524d\u72b6\u6001\uff0c\u56e0\u4e3a\u5b83\u51b3\u5b9a\u4e86\u60a8\u53ef\u80fd\u9700\u8981\u5728\u865a\u62df\u5316\u548c\u4f20\u7edf\u7f51\u7edc\u8fb9\u754c\u4e0a\u5b9e\u73b0\u54ea\u4e9b\u63a7\u5236\u3002","title":"\u7f51\u7edc\u670d\u52a1"},{"location":"security/security-guide/#vlan-l2","text":"OpenStack Networking \u53ef\u4ee5\u91c7\u7528\u4e24\u79cd\u4e0d\u540c\u7684\u673a\u5236\u5bf9\u6bcf\u4e2a\u79df\u6237/\u7f51\u7edc\u7ec4\u5408\u8fdb\u884c\u6d41\u91cf\u9694\u79bb\uff1aVLAN\uff08IEEE 802.1Q \u6807\u8bb0\uff09\u6216\u4f7f\u7528 GRE \u5c01\u88c5\u7684 L2 \u96a7\u9053\u3002OpenStack \u90e8\u7f72\u7684\u8303\u56f4\u548c\u89c4\u6a21\u51b3\u5b9a\u4e86\u60a8\u5e94\u8be5\u4f7f\u7528\u54ea\u79cd\u65b9\u6cd5\u8fdb\u884c\u6d41\u91cf\u9694\u79bb\u6216\u9694\u79bb\u3002","title":"\u4f7f\u7528 VLAN \u548c\u96a7\u9053\u7684 L2 \u9694\u79bb"},{"location":"security/security-guide/#vlans","text":"VLAN \u5728\u7279\u5b9a\u7269\u7406\u7f51\u7edc\u4e0a\u5b9e\u73b0\u4e3a\u6570\u636e\u5305\uff0c\u5176\u4e2d\u5305\u542b\u5177\u6709\u7279\u5b9a VLAN ID \uff08VID\uff09 \u5b57\u6bb5\u503c\u7684 IEEE 802.1Q \u6807\u5934\u3002\u5171\u4eab\u540c\u4e00\u7269\u7406\u7f51\u7edc\u7684 VLAN \u7f51\u7edc\u5728 L2 \u4e0a\u5f7c\u6b64\u9694\u79bb\uff0c\u751a\u81f3\u53ef\u4ee5\u6709\u91cd\u53e0\u7684 IP \u5730\u5740\u7a7a\u95f4\u3002\u6bcf\u4e2a\u652f\u6301 VLAN \u7f51\u7edc\u7684\u4e0d\u540c\u7269\u7406\u7f51\u7edc\u90fd\u88ab\u89c6\u4e3a\u4e00\u4e2a\u5355\u72ec\u7684 VLAN \u4e2d\u7ee7\uff0c\u5177\u6709\u4e0d\u540c\u7684 VID \u503c\u7a7a\u95f4\u3002\u6709\u6548\u7684 VID \u503c\u4e3a 1 \u5230 4094\u3002 VLAN \u914d\u7f6e\u7684\u590d\u6742\u6027\u53d6\u51b3\u4e8e\u60a8\u7684 OpenStack \u8bbe\u8ba1\u8981\u6c42\u3002\u4e3a\u4e86\u8ba9 OpenStack Networking \u80fd\u591f\u6709\u6548\u5730\u4f7f\u7528 VLAN\uff0c\u60a8\u5fc5\u987b\u5206\u914d\u4e00\u4e2a VLAN \u8303\u56f4\uff08\u6bcf\u4e2a\u79df\u6237\u4e00\u4e2a\uff09\uff0c\u5e76\u5c06\u6bcf\u4e2a\u8ba1\u7b97\u8282\u70b9\u7269\u7406\u4ea4\u6362\u673a\u7aef\u53e3\u8f6c\u6362\u4e3a VLAN \u4e2d\u7ee7\u7aef\u53e3\u3002 \u6ce8\u610f \u5982\u679c\u60a8\u6253\u7b97\u8ba9\u60a8\u7684\u7f51\u7edc\u652f\u6301\u8d85\u8fc7 4094 \u4e2a\u79df\u6237\uff0c\u5219 VLAN \u53ef\u80fd\u4e0d\u662f\u60a8\u7684\u6b63\u786e\u9009\u62e9\uff0c\u56e0\u4e3a\u9700\u8981\u591a\u4e2a\u201c\u9ed1\u5ba2\u201d\u624d\u80fd\u5c06 VLAN \u6807\u8bb0\u6269\u5c55\u5230\u8d85\u8fc7 4094 \u4e2a\u79df\u6237\u3002","title":"VLANs"},{"location":"security/security-guide/#l2","text":"\u7f51\u7edc\u96a7\u9053\u4f7f\u7528\u552f\u4e00\u7684\u201ctunnel-id\u201d\u5c01\u88c5\u6bcf\u4e2a\u79df\u6237/\u7f51\u7edc\u7ec4\u5408\uff0c\u8be5 ID \u7528\u4e8e\u6807\u8bc6\u5c5e\u4e8e\u8be5\u7ec4\u5408\u7684\u7f51\u7edc\u6d41\u91cf\u3002\u79df\u6237\u7684 L2 \u7f51\u7edc\u8fde\u63a5\u4e0e\u7269\u7406\u4f4d\u7f6e\u6216\u57fa\u7840\u7f51\u7edc\u8bbe\u8ba1\u65e0\u5173\u3002\u901a\u8fc7\u5c06\u6d41\u91cf\u5c01\u88c5\u5728 IP \u6570\u636e\u5305\u4e2d\uff0c\u8be5\u6d41\u91cf\u53ef\u4ee5\u8de8\u8d8a\u7b2c 3 \u5c42\u8fb9\u754c\uff0c\u65e0\u9700\u9884\u914d\u7f6e VLAN \u548c VLAN \u4e2d\u7ee7\u3002\u96a7\u9053\u4e3a\u7f51\u7edc\u6570\u636e\u6d41\u91cf\u589e\u52a0\u4e86\u4e00\u5c42\u6df7\u6dc6\uff0c\u4ece\u76d1\u63a7\u7684\u89d2\u5ea6\u964d\u4f4e\u4e86\u5355\u4e2a\u79df\u6237\u6d41\u91cf\u7684\u53ef\u89c1\u6027\u3002 OpenStack Networking \u76ee\u524d\u652f\u6301 GRE \u548c VXLAN \u5c01\u88c5\u3002 \u63d0\u4f9b L2 \u9694\u79bb\u7684\u6280\u672f\u9009\u62e9\u53d6\u51b3\u4e8e\u5c06\u5728\u90e8\u7f72\u4e2d\u521b\u5efa\u7684\u79df\u6237\u7f51\u7edc\u7684\u8303\u56f4\u548c\u5927\u5c0f\u3002\u5982\u679c\u60a8\u7684\u73af\u5883\u7684 VLAN ID \u53ef\u7528\u6027\u6709\u9650\u6216\u5c06\u5177\u6709\u5927\u91cf L2 \u7f51\u7edc\uff0c\u6211\u4eec\u5efa\u8bae\u60a8\u4f7f\u7528\u96a7\u9053\u3002","title":"L2 \u96a7\u9053"},{"location":"security/security-guide/#_190","text":"\u79df\u6237\u7f51\u7edc\u9694\u79bb\u7684\u9009\u62e9\u4f1a\u5f71\u54cd\u79df\u6237\u670d\u52a1\u7684\u7f51\u7edc\u5b89\u5168\u548c\u63a7\u5236\u8fb9\u754c\u7684\u5b9e\u73b0\u65b9\u5f0f\u3002\u4ee5\u4e0b\u9644\u52a0\u7f51\u7edc\u670d\u52a1\u5df2\u7ecf\u53ef\u7528\u6216\u76ee\u524d\u6b63\u5728\u5f00\u53d1\u4e2d\uff0c\u4ee5\u589e\u5f3a OpenStack \u7f51\u7edc\u67b6\u6784\u7684\u5b89\u5168\u6001\u52bf\u3002","title":"\u7f51\u7edc\u670d\u52a1"},{"location":"security/security-guide/#_191","text":"OpenStack \u8ba1\u7b97\u5728\u4e0e\u65e7\u7248 nova-network \u670d\u52a1\u4e00\u8d77\u90e8\u7f72\u65f6\u76f4\u63a5\u652f\u6301\u79df\u6237\u7f51\u7edc\u6d41\u91cf\u8bbf\u95ee\u63a7\u5236\uff0c\u6216\u8005\u53ef\u4ee5\u5c06\u8bbf\u95ee\u63a7\u5236\u63a8\u8fdf\u5230 OpenStack Networking \u670d\u52a1\u3002 \u8bf7\u6ce8\u610f\uff0c\u65e7\u7248 nova-network \u5b89\u5168\u7ec4\u4f7f\u7528 iptables \u5e94\u7528\u4e8e\u5b9e\u4f8b\u4e0a\u7684\u6240\u6709\u865a\u62df\u63a5\u53e3\u7aef\u53e3\u3002 \u5b89\u5168\u7ec4\u5141\u8bb8\u7ba1\u7406\u5458\u548c\u79df\u6237\u6307\u5b9a\u6d41\u91cf\u7c7b\u578b\u4ee5\u53ca\u5141\u8bb8\u901a\u8fc7\u865a\u62df\u63a5\u53e3\u7aef\u53e3\u7684\u65b9\u5411\uff08\u5165\u53e3/\u51fa\u53e3\uff09\u3002\u5b89\u5168\u7ec4\u89c4\u5219\u662f\u6709\u72b6\u6001\u7684 L2-L4 \u6d41\u91cf\u8fc7\u6ee4\u5668\u3002 \u4f7f\u7528\u7f51\u7edc\u670d\u52a1\u65f6\uff0c\u5efa\u8bae\u5728\u6b64\u670d\u52a1\u4e2d\u542f\u7528\u5b89\u5168\u7ec4\uff0c\u5e76\u5728\u8ba1\u7b97\u670d\u52a1\u4e2d\u7981\u7528\u5b89\u5168\u7ec4\u3002","title":"\u8bbf\u95ee\u63a7\u5236\u5217\u8868"},{"location":"security/security-guide/#l3-nat","text":"OpenStack Networking \u8def\u7531\u5668\u53ef\u4ee5\u8fde\u63a5\u591a\u4e2a L2 \u7f51\u7edc\uff0c\u5e76\u4e14\u8fd8\u53ef\u4ee5\u63d0\u4f9b\u8fde\u63a5\u4e00\u4e2a\u6216\u591a\u4e2a\u79c1\u6709 L2 \u7f51\u7edc\u5230\u5171\u4eab\u5916\u90e8\u7f51\u7edc\uff08\u4f8b\u5982\u7528\u4e8e\u8bbf\u95ee\u4e92\u8054\u7f51\u7684\u516c\u5171\u7f51\u7edc\uff09\u7684\u7f51\u5173\u3002 L3 \u8def\u7531\u5668\u5728\u5c06\u8def\u7531\u5668\u4e0a\u884c\u94fe\u8def\u5230\u5916\u90e8\u7f51\u7edc\u7684\u7f51\u5173\u7aef\u53e3\u4e0a\u63d0\u4f9b\u57fa\u672c\u7684\u7f51\u7edc\u5730\u5740\u8f6c\u6362 \uff08NAT\uff09 \u529f\u80fd\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u6b64\u8def\u7531\u5668\u4f1a SNAT\uff08\u9759\u6001 NAT\uff09\u6240\u6709\u6d41\u91cf\uff0c\u5e76\u652f\u6301\u6d6e\u52a8 IP\uff0c\u8fd9\u4f1a\u521b\u5efa\u4ece\u5916\u90e8\u7f51\u7edc\u4e0a\u7684\u516c\u5171 IP \u5230\u8fde\u63a5\u5230\u8def\u7531\u5668\u7684\u5176\u4ed6\u5b50\u7f51\u4e0a\u7684\u4e13\u7528 IP \u7684\u9759\u6001\u4e00\u5bf9\u4e00\u6620\u5c04\u3002 \u6211\u4eec\u5efa\u8bae\u5229\u7528\u6bcf\u4e2a\u79df\u6237\u7684 L3 \u8def\u7531\u548c\u6d6e\u52a8 IP \u6765\u5b9e\u73b0\u79df\u6237 VM \u7684\u66f4\u7cbe\u7ec6\u8fde\u63a5\u3002","title":"L3 \u8def\u7531\u548c NAT"},{"location":"security/security-guide/#qos","text":"\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u670d\u52a1\u8d28\u91cf \uff08QoS\uff09 \u7b56\u7565\u548c\u89c4\u5219\u7531\u4e91\u7ba1\u7406\u5458\u7ba1\u7406\uff0c\u8fd9\u4f1a\u5bfc\u81f4\u79df\u6237\u65e0\u6cd5\u521b\u5efa\u7279\u5b9a\u7684 QoS \u89c4\u5219\uff0c\u4e5f\u65e0\u6cd5\u5c06\u7279\u5b9a\u7aef\u53e3\u9644\u52a0\u5230\u7b56\u7565\u3002\u5728\u67d0\u4e9b\u7528\u4f8b\u4e2d\uff0c\u4f8b\u5982\u67d0\u4e9b\u7535\u4fe1\u5e94\u7528\u7a0b\u5e8f\uff0c\u7ba1\u7406\u5458\u53ef\u80fd\u4fe1\u4efb\u79df\u6237\uff0c\u56e0\u6b64\u5141\u8bb8\u4ed6\u4eec\u521b\u5efa\u81ea\u5df1\u7684\u7b56\u7565\u5e76\u5c06\u5176\u9644\u52a0\u5230\u7aef\u53e3\u3002\u8fd9\u53ef\u4ee5\u901a\u8fc7\u4fee\u6539 policy.json \u6587\u4ef6\u548c\u7279\u5b9a\u6587\u6863\u6765\u5b9e\u73b0\u3002\u5c06\u4e0e\u6269\u5c55\u4e00\u8d77\u53d1\u5e03\u3002 \u7f51\u7edc\u670d\u52a1 \uff08neutron\uff09 \u652f\u6301 Liberty \u53ca\u66f4\u9ad8\u7248\u672c\u4e2d\u7684\u5e26\u5bbd\u9650\u5236 QoS \u89c4\u5219\u3002\u6b64 QoS \u89c4\u5219\u5df2\u547d\u540d QosBandwidthLimitRule \uff0c\u5b83\u63a5\u53d7\u4e24\u4e2a\u975e\u8d1f\u6574\u6570\uff0c\u4ee5\u5343\u6bd4\u7279/\u79d2\u4e3a\u5355\u4f4d\uff1a max-kbps \uff1a\u5e26\u5bbd max-burst-kbps \uff1a\u7a81\u53d1\u7f13\u51b2\u533a \u5df2 QoSBandwidthLimitRule \u5728 neutron Open vSwitch\u3001Linux \u7f51\u6865\u548c\u5355\u6839\u8f93\u5165/\u8f93\u51fa\u865a\u62df\u5316 \uff08SR-IOV\uff09 \u9a71\u52a8\u7a0b\u5e8f\u4e2d\u5b9e\u73b0\u3002 \u5728 Newton \u4e2d\uff0c\u6dfb\u52a0\u4e86 QoS \u89c4\u5219 QosDscpMarkingRule \u3002\u6b64\u89c4\u5219\u5728 IPv4 \uff08RFC 2474\uff09 \u4e0a\u7684\u670d\u52a1\u6807\u5934\u7c7b\u578b\u548c IPv6 \u4e0a\u7684\u6d41\u91cf\u7c7b\u6807\u5934\u4e2d\u6807\u8bb0\u5dee\u5206\u670d\u52a1\u4ee3\u7801\u70b9 \uff08DSCP\uff09 \u503c\uff0c\u8fd9\u4e9b\u503c\u9002\u7528\u4e8e\u5e94\u7528\u89c4\u5219\u7684\u865a\u62df\u673a\u7684\u6240\u6709\u6d41\u91cf\u3002\u8fd9\u662f\u4e00\u4e2a 6 \u4f4d\u6807\u5934\uff0c\u5177\u6709 21 \u4e2a\u6709\u6548\u503c\uff0c\u8868\u793a\u6570\u636e\u5305\u5728\u9047\u5230\u62e5\u585e\u65f6\u7a7f\u8fc7\u7f51\u7edc\u65f6\u7684\u4e22\u5f03\u4f18\u5148\u7ea7\u3002\u9632\u706b\u5899\u8fd8\u53ef\u4ee5\u4f7f\u7528\u5b83\u6765\u5c06\u6709\u6548\u6216\u65e0\u6548\u6d41\u91cf\u4e0e\u5176\u8bbf\u95ee\u63a7\u5236\u5217\u8868\u8fdb\u884c\u5339\u914d\u3002 \u7aef\u53e3\u955c\u50cf\u670d\u52a1\u6d89\u53ca\u5c06\u8fdb\u5165\u6216\u79bb\u5f00\u4e00\u4e2a\u7aef\u53e3\u7684\u6570\u636e\u5305\u526f\u672c\u53d1\u9001\u5230\u53e6\u4e00\u4e2a\u7aef\u53e3\uff0c\u8be5\u7aef\u53e3\u901a\u5e38\u4e0e\u88ab\u955c\u50cf\u6570\u636e\u5305\u7684\u539f\u59cb\u76ee\u7684\u5730\u4e0d\u540c\u3002Tap-as-a-Service \uff08TaaS\uff09 \u662f OpenStack \u7f51\u7edc\u670d\u52a1 \uff08neutron\uff09 \u7684\u6269\u5c55\u3002\u5b83\u4e3a\u79df\u6237\u865a\u62df\u7f51\u7edc\u63d0\u4f9b\u8fdc\u7a0b\u7aef\u53e3\u955c\u50cf\u529f\u80fd\u3002\u6b64\u670d\u52a1\u4e3b\u8981\u65e8\u5728\u5e2e\u52a9\u79df\u6237\uff08\u6216\u4e91\u7ba1\u7406\u5458\uff09\u8c03\u8bd5\u590d\u6742\u7684\u865a\u62df\u7f51\u7edc\uff0c\u5e76\u901a\u8fc7\u76d1\u89c6\u4e0e\u5176\u5173\u8054\u7684\u7f51\u7edc\u6d41\u91cf\u6765\u4e86\u89e3\u5176 VM\u3002TaaS \u9075\u5faa\u79df\u6237\u8fb9\u754c\uff0c\u5176\u955c\u50cf\u4f1a\u8bdd\u80fd\u591f\u8de8\u8d8a\u591a\u4e2a\u8ba1\u7b97\u548c\u7f51\u7edc\u8282\u70b9\u3002\u5b83\u662f\u4e00\u4e2a\u5fc5\u4e0d\u53ef\u5c11\u7684\u57fa\u7840\u8bbe\u65bd\u7ec4\u4ef6\uff0c\u53ef\u7528\u4e8e\u5411\u5404\u79cd\u7f51\u7edc\u5206\u6790\u548c\u5b89\u5168\u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u6570\u636e\u3002","title":"\u670d\u52a1\u8d28\u91cf \uff08QoS\uff09"},{"location":"security/security-guide/#_192","text":"OpenStack Networking \u7684\u53e6\u4e00\u4e2a\u7279\u6027\u662f\u8d1f\u8f7d\u5747\u8861\u5668\u5373\u670d\u52a1 \uff08LBaaS\uff09\u3002LBaaS \u53c2\u8003\u5b9e\u73b0\u57fa\u4e8e HA-Proxy\u3002OpenStack Networking \u4e2d\u7684\u6269\u5c55\u6b63\u5728\u5f00\u53d1\u7b2c\u4e09\u65b9\u63d2\u4ef6\uff0c\u4ee5\u4fbf\u4e3a\u865a\u62df\u63a5\u53e3\u7aef\u53e3\u63d0\u4f9b\u5e7f\u6cdb\u7684 L4-L7 \u529f\u80fd\u3002","title":"\u8d1f\u8f7d\u5747\u8861"},{"location":"security/security-guide/#_193","text":"FW-as-a-Service\uff08FWaaS\uff09\u88ab\u8ba4\u4e3a\u662fOpenStack Networking\u7684Kilo\u7248\u672c\u7684\u5b9e\u9a8c\u6027\u529f\u80fd\u3002FWaaS \u6ee1\u8db3\u4e86\u7ba1\u7406\u548c\u5229\u7528\u5178\u578b\u9632\u706b\u5899\u4ea7\u54c1\u63d0\u4f9b\u7684\u4e30\u5bcc\u5b89\u5168\u529f\u80fd\u7684\u9700\u6c42\uff0c\u8fd9\u4e9b\u4ea7\u54c1\u901a\u5e38\u6bd4\u5f53\u524d\u5b89\u5168\u7ec4\u63d0\u4f9b\u7684\u8981\u5168\u9762\u5f97\u591a\u3002\u98de\u601d\u5361\u5c14\u548c\u82f1\u7279\u5c14\u90fd\u5f00\u53d1\u4e86\u7b2c\u4e09\u65b9\u63d2\u4ef6\u4f5c\u4e3aOpenStack Networking\u7684\u6269\u5c55\uff0c\u4ee5\u5728Kilo\u7248\u672c\u4e2d\u652f\u6301\u6b64\u7ec4\u4ef6\u3002\u6709\u5173 FWaaS \u7ba1\u7406\u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u300aOpenStack \u7ba1\u7406\u5458\u6307\u5357\u300b\u4e2d\u7684\u9632\u706b\u5899\u5373\u670d\u52a1 \uff08FWaaS\uff09 \u6982\u8ff0\u3002 \u5728\u8bbe\u8ba1 OpenStack Networking \u57fa\u7840\u67b6\u6784\u65f6\uff0c\u4e86\u89e3\u53ef\u7528\u7f51\u7edc\u670d\u52a1\u7684\u5f53\u524d\u7279\u6027\u548c\u5c40\u9650\u6027\u975e\u5e38\u91cd\u8981\u3002\u4e86\u89e3\u865a\u62df\u7f51\u7edc\u548c\u7269\u7406\u7f51\u7edc\u7684\u8fb9\u754c\u5c06\u6709\u52a9\u4e8e\u5728\u60a8\u7684\u73af\u5883\u4e2d\u6dfb\u52a0\u6240\u9700\u7684\u5b89\u5168\u63a7\u4ef6\u3002","title":"\u9632\u706b\u5899"},{"location":"security/security-guide/#_194","text":"\u5f00\u6e90\u793e\u533a\u6216\u4f7f\u7528 OpenStack Networking \u7684 SDN \u516c\u53f8\u63d0\u4f9b\u7684\u5df2\u77e5\u63d2\u4ef6\u5217\u8868\u53ef\u5728 OpenStack neutron \u63d2\u4ef6\u548c\u9a71\u52a8\u7a0b\u5e8f wiki \u9875\u9762\u4e0a\u627e\u5230\u3002","title":"\u7f51\u7edc\u670d\u52a1\u6269\u5c55"},{"location":"security/security-guide/#_195","text":"OpenStack Networking \u5177\u6709\u4ee5\u4e0b\u5df2\u77e5\u9650\u5236\uff1a \u91cd\u53e0\u7684 IP \u5730\u5740 \u5982\u679c\u8fd0\u884c neutron-l3-agent \u6216 neutron-dhcp-agent \u7684\u8282\u70b9\u4f7f\u7528\u91cd\u53e0\u7684 IP \u5730\u5740\uff0c\u5219\u8fd9\u4e9b\u8282\u70b9\u5fc5\u987b\u4f7f\u7528 Linux \u7f51\u7edc\u547d\u540d\u7a7a\u95f4\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0cDHCP \u548c L3 \u4ee3\u7406\u4f7f\u7528 Linux \u7f51\u7edc\u547d\u540d\u7a7a\u95f4\uff0c\u5e76\u5728\u5404\u81ea\u7684\u547d\u540d\u7a7a\u95f4\u4e2d\u8fd0\u884c\u3002\u4f46\u662f\uff0c\u5982\u679c\u4e3b\u673a\u4e0d\u652f\u6301\u591a\u4e2a\u547d\u540d\u7a7a\u95f4\uff0c\u5219 DHCP \u548c L3 \u4ee3\u7406\u5e94\u5728\u4e0d\u540c\u7684\u4e3b\u673a\u4e0a\u8fd0\u884c\u3002\u8fd9\u662f\u56e0\u4e3a L3 \u4ee3\u7406\u548c DHCP \u4ee3\u7406\u521b\u5efa\u7684 IP \u5730\u5740\u4e4b\u95f4\u6ca1\u6709\u9694\u79bb\u3002 \u5982\u679c\u4e0d\u5b58\u5728\u7f51\u7edc\u547d\u540d\u7a7a\u95f4\u652f\u6301\uff0c\u5219 L3 \u4ee3\u7406\u7684\u53e6\u4e00\u4e2a\u9650\u5236\u662f\u4ec5\u652f\u6301\u5355\u4e2a\u903b\u8f91\u8def\u7531\u5668\u3002 \u591a\u4e3b\u673a DHCP \u4ee3\u7406 OpenStack Networking \u652f\u6301\u591a\u4e2a\u5177\u6709\u8d1f\u8f7d\u5747\u8861\u529f\u80fd\u7684 L3 \u548c DHCP \u4ee3\u7406\u3002\u4f46\u662f\uff0c\u4e0d\u652f\u6301\u865a\u62df\u673a\u4f4d\u7f6e\u7684\u7d27\u5bc6\u8026\u5408\u3002\u6362\u8a00\u4e4b\uff0c\u5728\u521b\u5efa\u865a\u62df\u673a\u65f6\uff0c\u9ed8\u8ba4\u865a\u62df\u673a\u8c03\u5ea6\u7a0b\u5e8f\u4e0d\u4f1a\u8003\u8651\u4ee3\u7406\u7684\u4f4d\u7f6e\u3002 L3 \u4ee3\u7406\u4e0d\u652f\u6301 IPv6 neutron-l3-agent \u88ab\u8bb8\u591a\u63d2\u4ef6\u7528\u4e8e\u5b9e\u73b0 L3 \u8f6c\u53d1\uff0c\u4ec5\u652f\u6301 IPv4 \u8f6c\u53d1\u3002","title":"\u7f51\u7edc\u670d\u52a1\u9650\u5236"},{"location":"security/security-guide/#_196","text":"\u8981\u4fdd\u62a4 OpenStack Networking\uff0c\u60a8\u5fc5\u987b\u4e86\u89e3\u5982\u4f55\u5c06\u79df\u6237\u5b9e\u4f8b\u521b\u5efa\u7684\u5de5\u4f5c\u6d41\u8fc7\u7a0b\u6620\u5c04\u5230\u5b89\u5168\u57df\u3002 \u6709\u56db\u4e2a\u4e3b\u8981\u670d\u52a1\u4e0e OpenStack Networking \u4ea4\u4e92\u3002\u5728\u5178\u578b\u7684 OpenStack \u90e8\u7f72\u4e2d\uff0c\u8fd9\u4e9b\u670d\u52a1\u6620\u5c04\u5230\u4ee5\u4e0b\u5b89\u5168\u57df\uff1a OpenStack \u4eea\u8868\u677f\uff1a\u516c\u5171\u548c\u7ba1\u7406 OpenStack Identity\uff1a\u7ba1\u7406 OpenStack \u8ba1\u7b97\u8282\u70b9\uff1a\u7ba1\u7406\u548c\u5ba2\u6237\u7aef OpenStack \u7f51\u7edc\u8282\u70b9\uff1a\u7ba1\u7406\u3001\u5ba2\u6237\u7aef\uff0c\u4ee5\u53ca\u53ef\u80fd\u7684\u516c\u5171\u8282\u70b9\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u6b63\u5728\u4f7f\u7528\u7684 neutron-plugin\u3002 SDN \u670d\u52a1\u8282\u70b9\uff1a\u7ba1\u7406\u3001\u8bbf\u5ba2\u548c\u53ef\u80fd\u7684\u516c\u5171\u670d\u52a1\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u4f7f\u7528\u7684\u4ea7\u54c1\u3002 \u8981\u9694\u79bb OpenStack Networking \u670d\u52a1\u4e0e\u5176\u4ed6 OpenStack \u6838\u5fc3\u670d\u52a1\u4e4b\u95f4\u7684\u654f\u611f\u6570\u636e\u901a\u4fe1\uff0c\u8bf7\u5c06\u8fd9\u4e9b\u901a\u4fe1\u901a\u9053\u914d\u7f6e\u4e3a\u4ec5\u5141\u8bb8\u901a\u8fc7\u9694\u79bb\u7684\u7ba1\u7406\u7f51\u7edc\u8fdb\u884c\u901a\u4fe1\u3002","title":"\u7f51\u7edc\u670d\u52a1\u5b89\u5168\u6700\u4f73\u505a\u6cd5"},{"location":"security/security-guide/#openstack-networking_1","text":"","title":"OpenStack Networking \u670d\u52a1\u914d\u7f6e"},{"location":"security/security-guide/#api-neutron-server","text":"\u8981\u9650\u5236 OpenStack Networking API \u670d\u52a1\u4e3a\u4f20\u5165\u5ba2\u6237\u7aef\u8fde\u63a5\u7ed1\u5b9a\u7f51\u7edc\u5957\u63a5\u5b57\u7684\u63a5\u53e3\u6216 IP \u5730\u5740\uff0c\u8bf7\u5728 neutron.conf \u6587\u4ef6\u4e2d\u6307\u5b9a bind_host \u548c bind_port\uff0c\u5982\u4e0b\u6240\u793a\uff1a # Address to bind the API server bind_host = IP ADDRESS OF SERVER # Port the bind the API server to bind_port = 9696","title":"\u9650\u5236 API \u670d\u52a1\u5668\u7684\u7ed1\u5b9a\u5730\u5740\uff1aneutron-server"},{"location":"security/security-guide/#openstack-networking-db-rpc","text":"OpenStack Networking \u670d\u52a1\u7684\u5404\u79cd\u7ec4\u4ef6\u4f7f\u7528\u6d88\u606f\u961f\u5217\u6216\u6570\u636e\u5e93\u8fde\u63a5\u4e0e OpenStack Networking \u4e2d\u7684\u5176\u4ed6\u7ec4\u4ef6\u8fdb\u884c\u901a\u4fe1\u3002 \u5bf9\u4e8e\u9700\u8981\u76f4\u63a5\u6570\u636e\u5e93\u8fde\u63a5\u7684\u6240\u6709\u7ec4\u4ef6\uff0c\u5efa\u8bae\u60a8\u9075\u5faa\u6570\u636e\u5e93\u8eab\u4efd\u9a8c\u8bc1\u548c\u8bbf\u95ee\u63a7\u5236\u4e2d\u63d0\u4f9b\u7684\u51c6\u5219\u3002 \u5efa\u8bae\u60a8\u9075\u5faa\u961f\u5217\u8eab\u4efd\u9a8c\u8bc1\u548c\u8bbf\u95ee\u63a7\u5236\u4e2d\u63d0\u4f9b\u7684\u51c6\u5219\uff0c\u9002\u7528\u4e8e\u9700\u8981 RPC \u901a\u4fe1\u7684\u6240\u6709\u7ec4\u4ef6\u3002","title":"\u9650\u5236 OpenStack Networking \u670d\u52a1\u7684 DB \u548c RPC \u901a\u4fe1"},{"location":"security/security-guide/#openstack_9","text":"\u672c\u8282\u8ba8\u8bba OpenStack Networking \u914d\u7f6e\u6700\u4f73\u5b9e\u8df5\uff0c\u56e0\u4e3a\u5b83\u4eec\u9002\u7528\u4e8e OpenStack \u90e8\u7f72\u4e2d\u7684\u9879\u76ee\u7f51\u7edc\u5b89\u5168\u3002","title":"\u4fdd\u62a4 OpenStack \u7f51\u7edc\u670d\u52a1"},{"location":"security/security-guide/#_197","text":"OpenStack Networking \u4e3a\u7528\u6237\u63d0\u4f9b\u7f51\u7edc\u8d44\u6e90\u548c\u914d\u7f6e\u7684\u81ea\u52a9\u670d\u52a1\u3002\u4e91\u67b6\u6784\u5e08\u548c\u8fd0\u7ef4\u4eba\u5458\u5fc5\u987b\u8bc4\u4f30\u5176\u8bbe\u8ba1\u7528\u4f8b\uff0c\u4ee5\u4fbf\u4e3a\u7528\u6237\u63d0\u4f9b\u521b\u5efa\u3001\u66f4\u65b0\u548c\u9500\u6bc1\u53ef\u7528\u7f51\u7edc\u8d44\u6e90\u7684\u80fd\u529b\u3002","title":"\u9879\u76ee\u7f51\u7edc\u670d\u52a1\u5de5\u4f5c\u6d41"},{"location":"security/security-guide/#_198","text":"OpenStack Networking \u4e2d\u7684\u7b56\u7565\u5f15\u64ce\u53ca\u5176\u914d\u7f6e\u6587\u4ef6 policy.json \u63d0\u4f9b\u4e86\u4e00\u79cd\u65b9\u6cd5\uff0c\u53ef\u4ee5\u5bf9\u7528\u6237\u5728\u9879\u76ee\u7f51\u7edc\u65b9\u6cd5\u548c\u5bf9\u8c61\u4e0a\u63d0\u4f9b\u66f4\u7ec6\u7c92\u5ea6\u7684\u6388\u6743\u3002OpenStack Networking \u7b56\u7565\u5b9a\u4e49\u4f1a\u5f71\u54cd\u7f51\u7edc\u53ef\u7528\u6027\u3001\u7f51\u7edc\u5b89\u5168\u548c\u6574\u4f53 OpenStack \u5b89\u5168\u6027\u3002\u4e91\u67b6\u6784\u5e08\u548c\u8fd0\u7ef4\u4eba\u5458\u5e94\u4ed4\u7ec6\u8bc4\u4f30\u5176\u5bf9\u7528\u6237\u548c\u9879\u76ee\u8bbf\u95ee\u7f51\u7edc\u8d44\u6e90\u7ba1\u7406\u7684\u7b56\u7565\u3002\u6709\u5173 OpenStack Networking \u7b56\u7565\u5b9a\u4e49\u7684\u66f4\u8be6\u7ec6\u8bf4\u660e\uff0c\u8bf7\u53c2\u9605\u300aOpenStack \u7ba1\u7406\u5458\u6307\u5357\u300b\u4e2d\u7684\u201c\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743\u201d\u90e8\u5206\u3002 \u6ce8\u610f \u8bf7\u52a1\u5fc5\u67e5\u770b\u9ed8\u8ba4\u7f51\u7edc\u8d44\u6e90\u7b56\u7565\uff0c\u56e0\u4e3a\u53ef\u4ee5\u4fee\u6539\u6b64\u7b56\u7565\u4ee5\u9002\u5408\u60a8\u7684\u5b89\u5168\u72b6\u51b5\u3002 \u5982\u679c\u60a8\u7684 OpenStack \u90e8\u7f72\u4e3a\u4e0d\u540c\u7684\u5b89\u5168\u57df\u63d0\u4f9b\u4e86\u591a\u4e2a\u5916\u90e8\u8bbf\u95ee\u70b9\uff0c\u90a3\u4e48\u9650\u5236\u9879\u76ee\u5c06\u591a\u4e2a vNIC \u8fde\u63a5\u5230\u591a\u4e2a\u5916\u90e8\u8bbf\u95ee\u70b9\u7684\u80fd\u529b\u975e\u5e38\u91cd\u8981\uff0c\u8fd9\u5c06\u6865\u63a5\u8fd9\u4e9b\u5b89\u5168\u57df\uff0c\u5e76\u53ef\u80fd\u5bfc\u81f4\u4e0d\u53ef\u9884\u89c1\u7684\u5b89\u5168\u5371\u5bb3\u3002\u901a\u8fc7\u5229\u7528 OpenStack Compute \u63d0\u4f9b\u7684\u4e3b\u673a\u805a\u5408\u529f\u80fd\uff0c\u6216\u8005\u5c06\u9879\u76ee\u865a\u62df\u673a\u62c6\u5206\u4e3a\u5177\u6709\u4e0d\u540c\u865a\u62df\u7f51\u7edc\u914d\u7f6e\u7684\u591a\u4e2a\u9879\u76ee\u9879\u76ee\uff0c\u53ef\u4ee5\u964d\u4f4e\u8fd9\u79cd\u98ce\u9669\u3002","title":"\u7f51\u7edc\u8d44\u6e90\u7b56\u7565\u5f15\u64ce"},{"location":"security/security-guide/#_199","text":"OpenStack Networking \u670d\u52a1\u4f7f\u7528\u6bd4 OpenStack Compute \u4e2d\u5185\u7f6e\u7684\u5b89\u5168\u7ec4\u529f\u80fd\u66f4\u7075\u6d3b\u3001\u66f4\u5f3a\u5927\u7684\u673a\u5236\u63d0\u4f9b\u5b89\u5168\u7ec4\u529f\u80fd\u3002\u56e0\u6b64\uff0c\u5728\u4f7f\u7528 OpenStack Network \u65f6\uff0c\u5e94\u59cb\u7ec8\u7981\u7528\u5185\u7f6e\u5b89\u5168\u7ec4\uff0c nova.conf \u5e76\u5c06\u6240\u6709\u5b89\u5168\u7ec4\u8c03\u7528\u4ee3\u7406\u5230 OpenStack Networking API\u3002\u5982\u679c\u4e0d\u8fd9\u6837\u505a\uff0c\u5c06\u5bfc\u81f4\u4e24\u4e2a\u670d\u52a1\u540c\u65f6\u5e94\u7528\u51b2\u7a81\u7684\u5b89\u5168\u7b56\u7565\u3002\u8981\u5c06\u5b89\u5168\u7ec4\u4ee3\u7406\u5230 OpenStack Networking\uff0c\u8bf7\u4f7f\u7528\u4ee5\u4e0b\u914d\u7f6e\u503c\uff1a firewall_driver \u5fc5\u987b\u8bbe\u7f6e\u4e3a nova.virt.firewall.NoopFirewallDriver \uff0c\u4ee5\u4fbf nova-compute \u672c\u8eab\u4e0d\u6267\u884c\u57fa\u4e8e iptables \u7684\u8fc7\u6ee4\u3002 security_group_api \u5fc5\u987b\u8bbe\u7f6e\u4e3a neutron \u4ee5\u4fbf\u5c06\u6240\u6709\u5b89\u5168\u7ec4\u8bf7\u6c42\u4ee3\u7406\u5230 OpenStack Networking \u670d\u52a1\u3002 \u5b89\u5168\u7ec4\u662f\u5b89\u5168\u7ec4\u89c4\u5219\u7684\u5bb9\u5668\u3002\u5b89\u5168\u7ec4\u53ca\u5176\u89c4\u5219\u5141\u8bb8\u7ba1\u7406\u5458\u548c\u9879\u76ee\u6307\u5b9a\u5141\u8bb8\u901a\u8fc7\u865a\u62df\u63a5\u53e3\u7aef\u53e3\u7684\u6d41\u91cf\u7c7b\u578b\u548c\u65b9\u5411\uff08\u5165\u53e3/\u51fa\u53e3\uff09\u3002\u5728 OpenStack Networking \u4e2d\u521b\u5efa\u865a\u62df\u63a5\u53e3\u7aef\u53e3\u65f6\uff0c\u8be5\u7aef\u53e3\u4e0e\u5b89\u5168\u7ec4\u76f8\u5173\u8054\u3002\u6709\u5173\u7aef\u53e3\u5b89\u5168\u7ec4\u9ed8\u8ba4\u884c\u4e3a\u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u7f51\u7edc\u5b89\u5168\u7ec4\u884c\u4e3a\u6587\u6863\u3002\u53ef\u4ee5\u5c06\u89c4\u5219\u6dfb\u52a0\u5230\u9ed8\u8ba4\u5b89\u5168\u7ec4\uff0c\u4ee5\u4fbf\u6839\u636e\u6bcf\u4e2a\u90e8\u7f72\u66f4\u6539\u884c\u4e3a\u3002 \u4f7f\u7528 OpenStack Compute API \u4fee\u6539\u5b89\u5168\u7ec4\u65f6\uff0c\u66f4\u65b0\u540e\u7684\u5b89\u5168\u7ec4\u5c06\u5e94\u7528\u4e8e\u5b9e\u4f8b\u4e0a\u7684\u6240\u6709\u865a\u62df\u63a5\u53e3\u7aef\u53e3\u3002\u8fd9\u662f\u56e0\u4e3a OpenStack Compute \u5b89\u5168\u7ec4 API \u662f\u57fa\u4e8e\u5b9e\u4f8b\u7684\uff0c\u800c\u4e0d\u662f\u57fa\u4e8e\u7aef\u53e3\u7684\uff0c\u5982 OpenStack Networking \u4e2d\u6240\u793a\u3002","title":"\u5b89\u5168\u7ec4"},{"location":"security/security-guide/#_200","text":"\u914d\u989d\u63d0\u4f9b\u4e86\u9650\u5236\u9879\u76ee\u53ef\u7528\u7684\u7f51\u7edc\u8d44\u6e90\u6570\u91cf\u7684\u529f\u80fd\u3002\u60a8\u53ef\u4ee5\u5bf9\u6240\u6709\u9879\u76ee\u5f3a\u5236\u5b9e\u65bd\u9ed8\u8ba4\u914d\u989d\u3002\u5305\u62ec /etc/neutron/neutron.conf \u4ee5\u4e0b\u914d\u989d\u9009\u9879\uff1a [QUOTAS] # resource name(s) that are supported in quota features quota_items = network,subnet,port # default number of resource allowed per tenant, minus for unlimited #default_quota = -1 # number of networks allowed per tenant, and minus means unlimited quota_network = 10 # number of subnets allowed per tenant, and minus means unlimited quota_subnet = 10 # number of ports allowed per tenant, and minus means unlimited quota_port = 50 # number of security groups allowed per tenant, and minus means unlimited quota_security_group = 10 # number of security group rules allowed per tenant, and minus means unlimited quota_security_group_rule = 100 # default driver to use for quota checks quota_driver = neutron.quota.ConfDriver OpenStack Networking \u8fd8\u901a\u8fc7\u914d\u989d\u6269\u5c55 API \u652f\u6301\u6bcf\u4e2a\u9879\u76ee\u7684\u914d\u989d\u9650\u5236\u3002\u8981\u542f\u7528\u6bcf\u4e2a\u9879\u76ee\u7684\u914d\u989d\uff0c\u5fc5\u987b\u5728 \u4e2d\u8bbe\u7f6e\u9009\u9879 quota_driver neutron.conf \u3002 quota_driver = neutron.db.quota.driver.DbQuotaDriver","title":"\u914d\u989d"},{"location":"security/security-guide/#arp","text":"\u4f7f\u7528\u6241\u5e73\u7f51\u7edc\u65f6\uff0c\u4e0d\u80fd\u5047\u5b9a\u5171\u4eab\u540c\u4e00\u7b2c 2 \u5c42\u7f51\u7edc\uff08\u6216\u5e7f\u64ad\u57df\uff09\u7684\u9879\u76ee\u5f7c\u6b64\u5b8c\u5168\u9694\u79bb\u3002\u8fd9\u4e9b\u9879\u76ee\u53ef\u80fd\u5bb9\u6613\u53d7\u5230 ARP \u6b3a\u9a97\u7684\u653b\u51fb\uff0c\u4ece\u800c\u6709\u53ef\u80fd\u906d\u53d7\u4e2d\u95f4\u4eba\u653b\u51fb\u3002 \u5982\u679c\u4f7f\u7528\u652f\u6301 ARP \u5b57\u6bb5\u5339\u914d\u7684 Open vSwitch \u7248\u672c\uff0c\u5219\u53ef\u4ee5\u901a\u8fc7\u542f\u7528 Open vSwitch \u4ee3\u7406 prevent_arp_spoofing \u9009\u9879\u6765\u5e2e\u52a9\u964d\u4f4e\u6b64\u98ce\u9669\u3002\u6b64\u9009\u9879\u53ef\u9632\u6b62\u5b9e\u4f8b\u6267\u884c\u6b3a\u9a97\u653b\u51fb;\u5b83\u4e0d\u80fd\u4fdd\u62a4\u4ed6\u4eec\u514d\u53d7\u6b3a\u9a97\u653b\u51fb\u3002\u8bf7\u6ce8\u610f\uff0c\u6b64\u8bbe\u7f6e\u9884\u8ba1\u5c06\u5728 Ocata \u4e2d\u5220\u9664\uff0c\u8be5\u884c\u4e3a\u5c06\u6c38\u4e45\u5904\u4e8e\u6d3b\u52a8\u72b6\u6001\u3002 \u4f8b\u5982\uff0c\u5728 /etc/neutron/plugins/ml2/openvswitch_agent.ini \uff1a prevent_arp_spoofing = True \u9664 Open vSwitch \u5916\uff0c\u5176\u4ed6\u63d2\u4ef6\u4e5f\u53ef\u80fd\u5305\u542b\u7c7b\u4f3c\u7684\u7f13\u89e3\u63aa\u65bd;\u5efa\u8bae\u60a8\u5728\u9002\u5f53\u7684\u60c5\u51b5\u4e0b\u542f\u7528\u6b64\u529f\u80fd\u3002 \u6ce8\u610f \u5373\u4f7f\u542f\u7528 `prevent_arp_spoofing` \u4e86\u6241\u5e73\u7f51\u7edc\uff0c\u4e5f\u65e0\u6cd5\u63d0\u4f9b\u5b8c\u6574\u7684\u9879\u76ee\u9694\u79bb\u7ea7\u522b\uff0c\u56e0\u4e3a\u6240\u6709\u9879\u76ee\u6d41\u91cf\u4ecd\u4f1a\u53d1\u9001\u5230\u540c\u4e00 VLAN\u3002","title":"\u7f13\u89e3 ARP \u6b3a\u9a97"},{"location":"security/security-guide/#_201","text":"","title":"\u68c0\u67e5\u8868"},{"location":"security/security-guide/#check-neutron-01-rootneutron","text":"\u914d\u7f6e\u6587\u4ef6\u5305\u542b\u7ec4\u4ef6\u5e73\u7a33\u8fd0\u884c\u6240\u9700\u7684\u5173\u952e\u53c2\u6570\u548c\u4fe1\u606f\u3002\u5982\u679c\u975e\u7279\u6743\u7528\u6237\u6709\u610f\u6216\u65e0\u610f\u5730\u4fee\u6539\u6216\u5220\u9664\u4efb\u4f55\u53c2\u6570\u6216\u6587\u4ef6\u672c\u8eab\uff0c\u5219\u4f1a\u5bfc\u81f4\u4e25\u91cd\u7684\u53ef\u7528\u6027\u95ee\u9898\uff0c\u4ece\u800c\u5bfc\u81f4\u5bf9\u5176\u4ed6\u6700\u7ec8\u7528\u6237\u7684\u62d2\u7edd\u670d\u52a1\u3002\u56e0\u6b64\uff0c\u6b64\u7c7b\u5173\u952e\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a root\uff0c\u7ec4\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a neutron\u3002\u6b64\u5916\uff0c\u5305\u542b\u76ee\u5f55\u5e94\u5177\u6709\u76f8\u540c\u7684\u6240\u6709\u6743\uff0c\u4ee5\u786e\u4fdd\u6b63\u786e\u62e5\u6709\u65b0\u6587\u4ef6\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%U %G\" /etc/neutron/neutron.conf | egrep \"root neutron\" $ stat -L -c \"%U %G\" /etc/neutron/api-paste.ini | egrep \"root neutron\" $ stat -L -c \"%U %G\" /etc/neutron/policy.json | egrep \"root neutron\" $ stat -L -c \"%U %G\" /etc/neutron/rootwrap.conf | egrep \"root neutron\" $ stat -L -c \"%U %G\" /etc/neutron | egrep \"root neutron\" \u901a\u8fc7\uff1a\u5982\u679c\u6240\u6709\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u5206\u522b\u8bbe\u7f6e\u4e3a root \u548c neutron\u3002\u4e0a\u9762\u7684\u547d\u4ee4\u663e\u793a\u4e86\u6839\u4e2d\u5b50\u7684\u8f93\u51fa\u3002 \u5931\u8d25\uff1a\u5982\u679c\u4e0a\u8ff0\u547d\u4ee4\u672a\u8fd4\u56de\u4efb\u4f55\u8f93\u51fa\uff0c\u56e0\u4e3a\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u53ef\u80fd\u5df2\u8bbe\u7f6e\u4e3a\u9664 root \u4ee5\u5916\u7684\u4efb\u4f55\u7528\u6237\u6216\u9664 neutron \u4ee5\u5916\u7684\u4efb\u4f55\u7ec4\u3002","title":"Check-Neutron-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/neutron\uff1f"},{"location":"security/security-guide/#check-neutron-02","text":"\u4e0e\u524d\u9762\u7684\u68c0\u67e5\u7c7b\u4f3c\uff0c\u5efa\u8bae\u5bf9\u6b64\u7c7b\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e25\u683c\u7684\u8bbf\u95ee\u6743\u9650\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%a\" /etc/neutron/neutron.conf $ stat -L -c \"%a\" /etc/neutron/api-paste.ini $ stat -L -c \"%a\" /etc/neutron/policy.json $ stat -L -c \"%a\" /etc/neutron/rootwrap.conf $ stat -L -c \"%a\" /etc/neutron \u8fd8\u53ef\u4ee5\u8fdb\u884c\u66f4\u5e7f\u6cdb\u7684\u9650\u5236\uff1a\u5982\u679c\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\uff0c\u5219\u4fdd\u8bc1\u6b64\u76ee\u5f55\u4e2d\u65b0\u521b\u5efa\u7684\u6587\u4ef6\u5177\u6709\u6240\u9700\u7684\u6743\u9650\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u6743\u9650\u8bbe\u7f6e\u4e3a 640 \u6216\u66f4\u4e25\u683c\uff0c\u6216\u8005\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\u3002640 \u7684\u6743\u9650\u8f6c\u6362\u4e3a\u6240\u6709\u8005 r/w\u3001\u7ec4 r\uff0c\u800c\u5bf9\u5176\u4ed6\u4eba\u6ca1\u6709\u6743\u9650\uff0c\u5373\u201cu=rw\uff0cg=r\uff0co=\u201d\u3002 \u8bf7\u6ce8\u610f\uff0c\u4f7f\u7528 Check-Neutron-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237/\u7ec4\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/neutron\uff1f\u6743\u9650\u8bbe\u7f6e\u4e3a 640\uff0croot \u5177\u6709\u8bfb/\u5199\u8bbf\u95ee\u6743\u9650\uff0cneutron \u5177\u6709\u5bf9\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u8bfb\u53d6\u8bbf\u95ee\u6743\u9650\u3002\u4e5f\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u9a8c\u8bc1\u8bbf\u95ee\u6743\u9650\u3002\u4ec5\u5f53\u6b64\u547d\u4ee4\u652f\u6301 ACL \u65f6\uff0c\u5b83\u624d\u5728\u60a8\u7684\u7cfb\u7edf\u4e0a\u53ef\u7528\u3002 $ getfacl --tabular -a /etc/neutron/neutron.conf getfacl: Removing leading '/' from absolute path names # file: etc/neutron/neutron.conf USER root rw- GROUP neutron r-- mask r-- other --- \u5931\u8d25\uff1a\u5982\u679c\u6743\u9650\u6ca1\u6709\u8bbe\u7f6e\u81f3\u5c11\u4e3a640\u3002","title":"Check-Neutron-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f"},{"location":"security/security-guide/#check-neutron-03keystone","text":"\u6ce8\u610f \u6b64\u9879\u4ec5\u9002\u7528\u4e8e OpenStack \u7248\u672c Rocky \u53ca\u4e4b\u524d\u7248\u672c\uff0c\u56e0\u4e3a `auth_strategy` Stein \u4e2d\u5df2\u5f03\u7528\u3002 OpenStack \u652f\u6301\u5404\u79cd\u8eab\u4efd\u9a8c\u8bc1\u7b56\u7565\uff0c\u5982 noauth\u3001keystone \u7b49\u3002\u5982\u679c\u4f7f\u7528\u201cnoauth\u201d\u7b56\u7565\uff0c\u90a3\u4e48\u7528\u6237\u65e0\u9700\u4efb\u4f55\u8eab\u4efd\u9a8c\u8bc1\u5373\u53ef\u4e0eOpenStack\u670d\u52a1\u8fdb\u884c\u4ea4\u4e92\u3002\u8fd9\u53ef\u80fd\u662f\u4e00\u4e2a\u6f5c\u5728\u7684\u98ce\u9669\uff0c\u56e0\u4e3a\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u83b7\u5f97\u5bf9 OpenStack \u7ec4\u4ef6\u7684\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002\u56e0\u6b64\uff0c\u5f3a\u70c8\u5efa\u8bae\u6240\u6709\u670d\u52a1\u90fd\u5fc5\u987b\u4f7f\u7528\u5176\u670d\u52a1\u5e10\u6237\u901a\u8fc7 keystone \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 auth_strategy \u8bbe\u7f6e\u4e3a keystone \u3002 [DEFAULT] /etc/neutron/neutron.conf \u5931\u8d25\uff1a\u5982\u679c section \u4e0b\u7684 [DEFAULT] \u53c2\u6570 auth_strategy \u503c\u8bbe\u7f6e\u4e3a noauth \u6216 noauth2 \u3002","title":"Check-Neutron-03\uff1aKeystone\u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f"},{"location":"security/security-guide/#check-neutron-04","text":"OpenStack \u7ec4\u4ef6\u4f7f\u7528\u5404\u79cd\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\uff0c\u901a\u4fe1\u53ef\u80fd\u6d89\u53ca\u654f\u611f/\u673a\u5bc6\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5c1d\u8bd5\u7a83\u542c\u9891\u9053\u4ee5\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u56e0\u6b64\uff0c\u6240\u6709\u7ec4\u4ef6\u90fd\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u7684\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in /etc/neutron/neutron.conf \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a Identity API \u7aef\u70b9\u5f00\u5934\uff0c https:// \u5e76\u4e14 same /etc/neutron/neutron.conf \u4e2d\u540c\u4e00 [keystone_authtoken] \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri insecure \u503c\u8bbe\u7f6e\u4e3a False \u3002 \u5931\u8d25\uff1a\u5982\u679c in /etc/neutron/neutron.conf \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri \u503c\u672a\u8bbe\u7f6e\u4e3a\u4ee5 \u5f00\u5934\u7684\u8eab\u4efd API \u7aef\u70b9\uff0c https:// \u6216\u8005\u540c\u4e00 /etc/neutron/neutron.conf \u90e8\u5206\u4e2d\u7684\u53c2\u6570 insecure [keystone_authtoken] \u503c\u8bbe\u7f6e\u4e3a True \u3002","title":"Check-Neutron-04\uff1a\u662f\u5426\u4f7f\u7528\u5b89\u5168\u534f\u8bae\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f"},{"location":"security/security-guide/#check-neutron-05neutron-api-tls","text":"\u4e0e\u4e4b\u524d\u7684\u68c0\u67e5\u7c7b\u4f3c\uff0c\u5efa\u8bae\u5728 API \u670d\u52a1\u5668\u4e0a\u542f\u7528\u5b89\u5168\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 use_ssl \u8bbe\u7f6e\u4e3a True \u3002 [DEFAULT] /etc/neutron/neutron.conf \u5931\u8d25\uff1a\u5982\u679c section in \u4e0b\u7684\u53c2\u6570 use_ssl \u8bbe\u7f6e\u4e3a False \u3002 [DEFAULT] /etc/neutron/neutron.conf","title":"Check-Neutron-05\uff1aNeutron API \u670d\u52a1\u5668\u4e0a\u662f\u5426\u542f\u7528\u4e86 TLS\uff1f"},{"location":"security/security-guide/#_202","text":"OpenStack \u5bf9\u8c61\u5b58\u50a8 \uff08swift\uff09 \u670d\u52a1\u63d0\u4f9b\u901a\u8fc7 HTTP \u5b58\u50a8\u548c\u68c0\u7d22\u6570\u636e\u7684\u8f6f\u4ef6\u3002\u5bf9\u8c61\uff08\u6570\u636e blob\uff09\u5b58\u50a8\u5728\u7ec4\u7ec7\u5c42\u6b21\u7ed3\u6784\u4e2d\uff0c\u8be5\u5c42\u6b21\u7ed3\u6784\u63d0\u4f9b\u533f\u540d\u53ea\u8bfb\u8bbf\u95ee\u3001ACL \u5b9a\u4e49\u7684\u8bbf\u95ee\uff0c\u751a\u81f3\u4e34\u65f6\u8bbf\u95ee\u3002\u5bf9\u8c61\u5b58\u50a8\u652f\u6301\u901a\u8fc7\u4e2d\u95f4\u4ef6\u5b9e\u73b0\u7684\u591a\u79cd\u57fa\u4e8e\u4ee4\u724c\u7684\u8eab\u4efd\u9a8c\u8bc1\u673a\u5236\u3002 \u5e94\u7528\u7a0b\u5e8f\u901a\u8fc7\u884c\u4e1a\u6807\u51c6\u7684 HTTP RESTful API \u5728\u5bf9\u8c61\u5b58\u50a8\u4e2d\u5b58\u50a8\u548c\u68c0\u7d22\u6570\u636e\u3002\u5bf9\u8c61\u5b58\u50a8\u7684\u540e\u7aef\u7ec4\u4ef6\u9075\u5faa\u76f8\u540c\u7684 RESTful \u6a21\u578b\uff0c\u5c3d\u7ba1\u67d0\u4e9b API\uff08\u4f8b\u5982\u7ba1\u7406\u6301\u4e45\u6027\u7684 API\uff09\u5bf9\u96c6\u7fa4\u662f\u79c1\u6709\u7684\u3002\u6709\u5173 API \u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 OpenStack Storage API\u3002 \u5bf9\u8c61\u5b58\u50a8\u7684\u7ec4\u4ef6\u5206\u4e3a\u4ee5\u4e0b\u4e3b\u8981\u7ec4\uff1a \u4ee3\u7406\u670d\u52a1 \u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1 \u5b58\u50a8\u670d\u52a1 \u8d26\u6237\u670d\u52a1 \u5bb9\u5668\u670d\u52a1 \u5bf9\u8c61\u670d\u52a1 OpenStack \u5bf9\u8c61\u5b58\u50a8\u7ba1\u7406\u6307\u5357 \uff082013\uff09 \u4e2d\u7684\u793a\u4f8b\u56fe \u6ce8\u610f \u5bf9\u8c61\u5b58\u50a8\u5b89\u88c5\u4e0d\u5fc5\u4f4d\u4e8e Internet \u4e0a\uff0c\u4e5f\u53ef\u4ee5\u662f\u79c1\u6709\u4e91\uff0c\u5176\u4e2d\u516c\u5171\u4ea4\u6362\u673a\u662f\u7ec4\u7ec7\u5185\u90e8\u7f51\u7edc\u57fa\u7840\u67b6\u6784\u7684\u4e00\u90e8\u5206\u3002","title":"\u5bf9\u8c61\u5b58\u50a8"},{"location":"security/security-guide/#_203","text":"\u8981\u4fdd\u62a4\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff0c\u9996\u5148\u8981\u4fdd\u62a4\u7f51\u7edc\u7ec4\u4ef6\u3002\u5982\u679c\u60a8\u8df3\u8fc7\u4e86\u7f51\u7edc\u7ae0\u8282\uff0c\u8bf7\u8fd4\u56de\u5230\u7f51\u7edc\u90e8\u5206\u3002 rsync \u534f\u8bae\u7528\u4e8e\u5728\u5b58\u50a8\u670d\u52a1\u8282\u70b9\u4e4b\u95f4\u590d\u5236\u6570\u636e\u4ee5\u5b9e\u73b0\u9ad8\u53ef\u7528\u6027\u3002\u6b64\u5916\uff0c\u5728\u5ba2\u6237\u7aef\u7aef\u70b9\u548c\u4e91\u73af\u5883\u4e4b\u95f4\u6765\u56de\u4e2d\u7ee7\u6570\u636e\u65f6\uff0c\u4ee3\u7406\u670d\u52a1\u4f1a\u4e0e\u5b58\u50a8\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\u3002 \u8b66\u544a \u5bf9\u8c61\u5b58\u50a8\u4e0d\u5bf9\u8282\u70b9\u95f4\u901a\u4fe1\u8fdb\u884c\u52a0\u5bc6\u6216\u8eab\u4efd\u9a8c\u8bc1\u3002\u8fd9\u5c31\u662f\u60a8\u5728\u4f53\u7cfb\u7ed3\u6784\u56fe\u4e2d\u770b\u5230\u4e13\u7528\u4ea4\u6362\u673a\u6216\u4e13\u7528\u7f51\u7edc \uff08[V]LAN\uff09 \u7684\u539f\u56e0\u3002\u8fd9\u4e2a\u6570\u636e\u57df\u4e5f\u5e94\u8be5\u4e0e\u5176\u4ed6OpenStack\u6570\u636e\u7f51\u7edc\u5206\u5f00\u3002\u6709\u5173\u5b89\u5168\u57df\u7684\u8fdb\u4e00\u6b65\u8ba8\u8bba\uff0c\u8bf7\u53c2\u9605\u5b89\u5168\u8fb9\u754c\u548c\u5a01\u80c1\u3002 \u5efa\u8bae \u5bf9\u6570\u636e\u57df\u4e2d\u7684\u5b58\u50a8\u8282\u70b9\u4f7f\u7528\u4e13\u7528 \uff08V\uff09LAN \u7f51\u6bb5\u3002 \u8fd9\u9700\u8981\u4ee3\u7406\u8282\u70b9\u5177\u6709\u53cc\u63a5\u53e3\uff08\u7269\u7406\u6216\u865a\u62df\uff09\uff1a \u4e00\u4e2a\u4f5c\u4e3a\u6d88\u8d39\u8005\u8bbf\u95ee\u7684\u516c\u5171\u754c\u9762\u3002 \u53e6\u4e00\u4e2a\u4f5c\u4e3a\u53ef\u4ee5\u8bbf\u95ee\u5b58\u50a8\u8282\u70b9\u7684\u4e13\u7528\u63a5\u53e3\u3002 \u4e0b\u56fe\u6f14\u793a\u4e86\u4e00\u79cd\u53ef\u80fd\u7684\u7f51\u7edc\u4f53\u7cfb\u7ed3\u6784\u3002 \u5177\u6709\u7ba1\u7406\u8282\u70b9\uff08OSAM\uff09\u7684\u5bf9\u8c61\u5b58\u50a8\u7f51\u7edc\u67b6\u6784","title":"\u7f51\u7edc\u5b89\u5168"},{"location":"security/security-guide/#_204","text":"","title":"\u4e00\u822c\u670d\u52a1\u5b89\u5168"},{"location":"security/security-guide/#root","text":"\u6211\u4eec\u5efa\u8bae\u60a8\u5c06\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u914d\u7f6e\u4e3a\u5728\u975e root \uff08UID 0\uff09 \u670d\u52a1\u5e10\u6237\u4e0b\u8fd0\u884c\u3002\u4e00\u4e2a\u5efa\u8bae\u662f swift \u5177\u6709\u4e3b\u7ec4 swift \u7684\u7528\u6237\u540d\u3002\u4f8b\u5982\uff0c proxy-server \u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5305\u62ec\u3001\u3001 container-server account-server \u3002\u6709\u5173\u8bbe\u7f6e\u548c\u914d\u7f6e\u7684\u8be6\u7ec6\u6b65\u9aa4\uff0c\u8bf7\u53c2\u9605\u300a\u5b89\u88c5\u6307\u5357\u300b\u7684\u201c\u6dfb\u52a0\u5bf9\u8c61\u5b58\u50a8\u201d\u4e00\u7ae0\u7684 OpenStack \u6587\u6863\u7d22\u5f15\u3002 \u6ce8\u610f \u4e0a\u9762\u7684\u94fe\u63a5\u9ed8\u8ba4\u4e3aUbuntu\u7248\u672c\u3002","title":"\u4ee5\u975e root \u7528\u6237\u8eab\u4efd\u8fd0\u884c\u670d\u52a1"},{"location":"security/security-guide/#_205","text":"\u8be5 /etc/swift \u76ee\u5f55\u5305\u542b\u6709\u5173\u73af\u5f62\u62d3\u6251\u548c\u73af\u5883\u914d\u7f6e\u7684\u4fe1\u606f\u3002\u5efa\u8bae\u4f7f\u7528\u4ee5\u4e0b\u6743\u9650\uff1a # chown -R root:swift /etc/swift/* # find /etc/swift/ -type f -exec chmod 640 {} \\; # find /etc/swift/ -type d -exec chmod 750 {} \\; \u8fd9\u5c06\u9650\u5236\u53ea\u6709 root \u7528\u6237\u80fd\u591f\u4fee\u6539\u914d\u7f6e\u6587\u4ef6\uff0c\u540c\u65f6\u5141\u8bb8\u670d\u52a1\u901a\u8fc7\u5176 swift \u5728\u7ec4\u4e2d\u7684\u7ec4\u6210\u5458\u8eab\u4efd\u8bfb\u53d6\u5b83\u4eec\u3002","title":"\u6587\u4ef6\u6743\u9650"},{"location":"security/security-guide/#_206","text":"\u4ee5\u4e0b\u662f\u5404\u79cd\u5b58\u50a8\u670d\u52a1\u7684\u9ed8\u8ba4\u4fa6\u542c\u7aef\u53e3\uff1a \u670d\u52a1\u540d\u79f0 \u6e2f\u53e3 \u7c7b\u578b \u8d26\u6237\u670d\u52a1 6002 TCP \u5bb9\u5668\u670d\u52a1 6001 TCP \u5bf9\u8c61\u670d\u52a1 6000 TCP \u540c\u6b65 [1] 873 TCP \u5982\u679c\u4f7f\u7528 ssync \u800c\u4e0d\u662f rsync\uff0c\u5219\u4f7f\u7528\u5bf9\u8c61\u670d\u52a1\u7aef\u53e3\u6765\u7ef4\u62a4\u6301\u4e45\u6027\u3002 \u91cd\u8981 \u5728\u5b58\u50a8\u8282\u70b9\u4e0a\u4e0d\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u5982\u679c\u80fd\u591f\u5728\u5176\u4e2d\u4e00\u4e2a\u7aef\u53e3\u4e0a\u8fde\u63a5\u5230\u5b58\u50a8\u8282\u70b9\uff0c\u5219\u65e0\u9700\u8eab\u4efd\u9a8c\u8bc1\u5373\u53ef\u8bbf\u95ee\u6216\u4fee\u6539\u6570\u636e\u3002\u4e3a\u4e86\u9632\u6b62\u6b64\u95ee\u9898\uff0c\u60a8\u5e94\u8be5\u9075\u5faa\u4e4b\u524d\u7ed9\u51fa\u7684\u6709\u5173\u4f7f\u7528\u4e13\u7528\u5b58\u50a8\u7f51\u7edc\u7684\u5efa\u8bae\u3002","title":"\u4fdd\u62a4\u5b58\u50a8\u670d\u52a1"},{"location":"security/security-guide/#_207","text":"\u5bf9\u8c61\u5b58\u50a8\u5e10\u6237\u4e0d\u662f\u7528\u6237\u5e10\u6237\u6216\u51ed\u636e\u3002\u4e0b\u9762\u5bf9\u8fd9\u4e9b\u5173\u7cfb\u8fdb\u884c\u8bf4\u660e\uff1a \u5bf9\u8c61\u5b58\u50a8\u5e10\u6237 \u5bb9\u5668\u7684\u6536\u96c6;\u4e0d\u662f\u7528\u6237\u5e10\u6237\u6216\u8eab\u4efd\u9a8c\u8bc1\u3002\u54ea\u4e9b\u7528\u6237\u4e0e\u8be5\u5e10\u6237\u76f8\u5173\u8054\u4ee5\u53ca\u4ed6\u4eec\u5982\u4f55\u8bbf\u95ee\u8be5\u5e10\u6237\u53d6\u51b3\u4e8e\u6240\u4f7f\u7528\u7684\u8eab\u4efd\u9a8c\u8bc1\u7cfb\u7edf\u3002\u8bf7\u53c2\u9605\u5bf9\u8c61\u5b58\u50a8\u8eab\u4efd\u9a8c\u8bc1\u3002 \u5bf9\u8c61\u5b58\u50a8\u5bb9\u5668 \u5bf9\u8c61\u7684\u96c6\u5408\u3002\u5bb9\u5668\u4e0a\u7684\u5143\u6570\u636e\u53ef\u7528\u4e8e ACL\u3002ACL \u7684\u542b\u4e49\u53d6\u51b3\u4e8e\u6240\u4f7f\u7528\u7684\u8eab\u4efd\u9a8c\u8bc1\u7cfb\u7edf\u3002 \u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61 \u5b9e\u9645\u6570\u636e\u5bf9\u8c61\u3002\u5bf9\u8c61\u7ea7\u522b\u7684 ACL \u4e5f\u53ef\u4ee5\u4e0e\u5143\u6570\u636e\u4e00\u8d77\u4f7f\u7528\uff0c\u5e76\u4e14\u53d6\u51b3\u4e8e\u6240\u4f7f\u7528\u7684\u8eab\u4efd\u9a8c\u8bc1\u7cfb\u7edf\u3002 \u5728\u6bcf\u4e2a\u7ea7\u522b\uff0c\u60a8\u90fd\u6709 ACL\uff0c\u7528\u4e8e\u6307\u793a\u8c01\u62e5\u6709\u54ea\u79cd\u7c7b\u578b\u7684\u8bbf\u95ee\u6743\u9650\u3002ACL \u662f\u6839\u636e\u6b63\u5728\u4f7f\u7528\u7684\u8eab\u4efd\u9a8c\u8bc1\u7cfb\u7edf\u8fdb\u884c\u89e3\u91ca\u7684\u3002\u6700\u5e38\u7528\u7684\u4e24\u79cd\u8eab\u4efd\u9a8c\u8bc1\u63d0\u4f9b\u7a0b\u5e8f\u7c7b\u578b\u662f Identity service \uff08keystone\uff09 \u548c TempAuth\u3002\u81ea\u5b9a\u4e49\u8eab\u4efd\u9a8c\u8bc1\u63d0\u4f9b\u7a0b\u5e8f\u4e5f\u662f\u53ef\u80fd\u7684\u3002\u6709\u5173\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u5bf9\u8c61\u5b58\u50a8\u8eab\u4efd\u9a8c\u8bc1\u3002","title":"\u5bf9\u8c61\u5b58\u50a8\u5e10\u6237\u672f\u8bed"},{"location":"security/security-guide/#_208","text":"\u4ee3\u7406\u8282\u70b9\u5e94\u81f3\u5c11\u5177\u6709\u4e24\u4e2a\u63a5\u53e3\uff08\u7269\u7406\u6216\u865a\u62df\uff09\uff1a\u4e00\u4e2a\u516c\u5171\u63a5\u53e3\u548c\u4e00\u4e2a\u4e13\u7528\u63a5\u53e3\u3002\u9632\u706b\u5899\u6216\u670d\u52a1\u7ed1\u5b9a\u53ef\u80fd\u4f1a\u4fdd\u62a4\u516c\u5171\u63a5\u53e3\u3002\u9762\u5411\u516c\u4f17\u7684\u670d\u52a1\u662f\u4e00\u4e2a HTTP Web \u670d\u52a1\u5668\uff0c\u7528\u4e8e\u5904\u7406\u7aef\u70b9\u5ba2\u6237\u7aef\u8bf7\u6c42\u3001\u5bf9\u5176\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u5e76\u6267\u884c\u76f8\u5e94\u7684\u64cd\u4f5c\u3002\u4e13\u7528\u63a5\u53e3\u4e0d\u9700\u8981\u4efb\u4f55\u4fa6\u542c\u670d\u52a1\uff0c\u800c\u662f\u7528\u4e8e\u5efa\u7acb\u4e0e\u4e13\u7528\u5b58\u50a8\u7f51\u7edc\u4e0a\u7684\u5b58\u50a8\u8282\u70b9\u7684\u4f20\u51fa\u8fde\u63a5\u3002","title":"\u4fdd\u62a4\u4ee3\u7406\u670d\u52a1"},{"location":"security/security-guide/#http_1","text":"\u5982\u524d\u6240\u8ff0\uff0c\u60a8\u5e94\u8be5\u5c06 Web \u670d\u52a1\u914d\u7f6e\u4e3a\u975e root\uff08\u65e0 UID 0\uff09\u7528\u6237 swift \u3002\u9700\u8981\u4f7f\u7528\u5927\u4e8e 1024 \u7684\u7aef\u53e3\u624d\u80fd\u8f7b\u677e\u5b8c\u6210\u6b64\u64cd\u4f5c\uff0c\u5e76\u907f\u514d\u4ee5 root \u8eab\u4efd\u8fd0\u884c Web \u5bb9\u5668\u7684\u4efb\u4f55\u90e8\u5206\u3002\u901a\u5e38\uff0c\u4f7f\u7528 HTTP REST API \u5e76\u6267\u884c\u8eab\u4efd\u9a8c\u8bc1\u7684\u5ba2\u6237\u7aef\u4f1a\u81ea\u52a8\u4ece\u8eab\u4efd\u9a8c\u8bc1\u54cd\u5e94\u4e2d\u68c0\u7d22\u6240\u9700\u7684\u5b8c\u6574 REST API URL\u3002OpenStack \u7684 REST API \u5141\u8bb8\u5ba2\u6237\u7aef\u5bf9\u4e00\u4e2a URL \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff0c\u7136\u540e\u88ab\u544a\u77e5\u5bf9\u5b9e\u9645\u670d\u52a1\u4f7f\u7528\u5b8c\u5168\u4e0d\u540c\u7684 URL\u3002\u4f8b\u5982\uff0c\u5ba2\u6237\u7aef\u5411 https://identity.cloud.example.org:55443/v1/auth \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff0c\u5e76\u83b7\u53d6\u5176\u8eab\u4efd\u9a8c\u8bc1\u5bc6\u94a5\u548c\u5b58\u50a8 URL\uff08\u4ee3\u7406\u8282\u70b9\u6216\u8d1f\u8f7d\u5747\u8861\u5668\u7684 URL\uff09https://swift.cloud.example.org:44443/v1/AUTH_8980 \u54cd\u5e94\u3002 \u5c06 Web \u670d\u52a1\u5668\u914d\u7f6e\u4e3a\u4ee5\u975e root \u7528\u6237\u8eab\u4efd\u542f\u52a8\u548c\u8fd0\u884c\u7684\u65b9\u6cd5\u56e0 Web \u670d\u52a1\u5668\u548c\u64cd\u4f5c\u7cfb\u7edf\u800c\u5f02\u3002","title":"HTTP \u76d1\u542c\u7aef\u53e3"},{"location":"security/security-guide/#_209","text":"\u5982\u679c\u4f7f\u7528 Apache \u7684\u9009\u9879\u4e0d\u53ef\u884c\uff0c\u6216\u8005\u4e3a\u4e86\u63d0\u9ad8\u6027\u80fd\uff0c\u60a8\u5e0c\u671b\u51cf\u8f7b TLS \u5de5\u4f5c\uff0c\u5219\u53ef\u4ee5\u4f7f\u7528\u4e13\u7528\u7684\u7f51\u7edc\u8bbe\u5907\u8d1f\u8f7d\u5e73\u8861\u5668\u3002\u8fd9\u662f\u5728\u4f7f\u7528\u591a\u4e2a\u4ee3\u7406\u8282\u70b9\u65f6\u63d0\u4f9b\u5197\u4f59\u548c\u8d1f\u8f7d\u5e73\u8861\u7684\u5e38\u7528\u65b9\u6cd5\u3002 \u5982\u679c\u9009\u62e9\u5378\u8f7d TLS\uff0c\u8bf7\u786e\u4fdd\u8d1f\u8f7d\u5747\u8861\u5668\u548c\u4ee3\u7406\u8282\u70b9\u4e4b\u95f4\u7684\u7f51\u7edc\u94fe\u8def\u4f4d\u4e8e\u4e13\u7528 \uff08V\uff09LAN \u7f51\u6bb5\u4e0a\uff0c\u4ee5\u4fbf\u7f51\u7edc\u4e0a\u7684\u5176\u4ed6\u8282\u70b9\uff08\u53ef\u80fd\u5df2\u6cc4\u9732\uff09\u65e0\u6cd5\u7a83\u542c\uff08\u55c5\u63a2\uff09\u672a\u52a0\u5bc6\u7684\u6d41\u91cf\u3002\u5982\u679c\u53d1\u751f\u6b64\u7c7b\u8fdd\u89c4\u884c\u4e3a\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u8bbf\u95ee\u7aef\u70b9\u5ba2\u6237\u7aef\u6216\u4e91\u7ba1\u7406\u5458\u51ed\u636e\u5e76\u8bbf\u95ee\u4e91\u6570\u636e\u3002 \u60a8\u4f7f\u7528\u7684\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\uff08\u4f8b\u5982\u8eab\u4efd\u670d\u52a1\uff08keystone\uff09\u6216TempAuth\uff09\u5c06\u51b3\u5b9a\u5982\u4f55\u5728\u5bf9\u7aef\u70b9\u5ba2\u6237\u7aef\u7684\u54cd\u5e94\u4e2d\u914d\u7f6e\u4e0d\u540c\u7684URL\uff0c\u4ee5\u4fbf\u5b83\u4eec\u4f7f\u7528\u8d1f\u8f7d\u5e73\u8861\u5668\u800c\u4e0d\u662f\u5355\u4e2a\u4ee3\u7406\u8282\u70b9\u3002","title":"\u8d1f\u8f7d\u5747\u8861\u5668"},{"location":"security/security-guide/#_210","text":"\u5bf9\u8c61\u5b58\u50a8\u4f7f\u7528 WSGI \u6a21\u578b\u6765\u63d0\u4f9b\u4e2d\u95f4\u4ef6\u529f\u80fd\uff0c\u8be5\u529f\u80fd\u4e0d\u4ec5\u63d0\u4f9b\u901a\u7528\u53ef\u6269\u5c55\u6027\uff0c\u8fd8\u7528\u4e8e\u7aef\u70b9\u5ba2\u6237\u7aef\u7684\u8eab\u4efd\u9a8c\u8bc1\u3002\u8eab\u4efd\u9a8c\u8bc1\u63d0\u4f9b\u7a0b\u5e8f\u5b9a\u4e49\u5b58\u5728\u7684\u89d2\u8272\u548c\u7528\u6237\u7c7b\u578b\u3002\u6709\u4e9b\u4f7f\u7528\u4f20\u7edf\u7684\u7528\u6237\u540d\u548c\u5bc6\u7801\u51ed\u636e\uff0c\u800c\u53e6\u4e00\u4e9b\u5219\u53ef\u80fd\u5229\u7528 API \u5bc6\u94a5\u4ee4\u724c\u751a\u81f3\u5ba2\u6237\u7aef x.509 \u8bc1\u4e66\u3002\u81ea\u5b9a\u4e49\u63d0\u4f9b\u7a0b\u5e8f\u53ef\u4ee5\u96c6\u6210\u5230\u4f7f\u7528\u81ea\u5b9a\u4e49\u4e2d\u95f4\u4ef6\u4e2d\u3002 \u5bf9\u8c61\u5b58\u50a8\u9ed8\u8ba4\u81ea\u5e26\u4e24\u4e2a\u8ba4\u8bc1\u4e2d\u95f4\u4ef6\u6a21\u5757\uff0c\u5176\u4e2d\u4efb\u4f55\u4e00\u4e2a\u6a21\u5757\u90fd\u53ef\u4ee5\u4f5c\u4e3a\u5f00\u53d1\u81ea\u5b9a\u4e49\u8ba4\u8bc1\u4e2d\u95f4\u4ef6\u7684\u793a\u4f8b\u4ee3\u7801\u3002","title":"\u5bf9\u8c61\u5b58\u50a8\u8eab\u4efd\u9a8c\u8bc1"},{"location":"security/security-guide/#tempauth","text":"TempAuth \u662f\u5bf9\u8c61\u5b58\u50a8\u7684\u9ed8\u8ba4\u8eab\u4efd\u9a8c\u8bc1\u3002\u4e0e Identity \u76f8\u6bd4\uff0c\u5b83\u5c06\u7528\u6237\u5e10\u6237\u3001\u51ed\u636e\u548c\u5143\u6570\u636e\u5b58\u50a8\u5728\u5bf9\u8c61\u5b58\u50a8\u672c\u8eab\u4e2d\u3002\u6709\u5173\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u5bf9\u8c61\u5b58\u50a8 \uff08swift\uff09 \u6587\u6863\u7684\u8eab\u4efd\u9a8c\u8bc1\u7cfb\u7edf\u90e8\u5206\u3002","title":"TempAuth \u51fd\u6570"},{"location":"security/security-guide/#keystone","text":"Keystone \u662f OpenStack \u4e2d\u5e38\u7528\u7684\u8eab\u4efd\u63d0\u4f9b\u7a0b\u5e8f\u3002\u5b83\u8fd8\u53ef\u7528\u4e8e\u5bf9\u8c61\u5b58\u50a8\u4e2d\u7684\u8eab\u4efd\u9a8c\u8bc1\u3002Identity \u4e2d\u5df2\u63d0\u4f9b\u4fdd\u62a4 keystone \u7684\u8986\u76d6\u8303\u56f4\u3002","title":"Keystone"},{"location":"security/security-guide/#_211","text":"\u5728 \u4e2d /etc/swift \uff0c\u5728\u6bcf\u4e2a\u8282\u70b9\u4e0a\uff0c\u90fd\u6709\u4e00\u4e2a\u8bbe\u7f6e\u548c\u4e00\u4e2a swift_hash_path_prefix swift_hash_path_suffix \u8bbe\u7f6e\u3002\u63d0\u4f9b\u8fd9\u4e9b\u662f\u4e3a\u4e86\u51cf\u5c11\u5b58\u50a8\u5bf9\u8c61\u53d1\u751f\u54c8\u5e0c\u51b2\u7a81\u7684\u53ef\u80fd\u6027\uff0c\u5e76\u907f\u514d\u4e00\u4e2a\u7528\u6237\u8986\u76d6\u53e6\u4e00\u4e2a\u7528\u6237\u7684\u6570\u636e\u3002 \u6b64\u503c\u6700\u521d\u5e94\u4f7f\u7528\u52a0\u5bc6\u5b89\u5168\u7684\u968f\u673a\u6570\u751f\u6210\u5668\u8fdb\u884c\u8bbe\u7f6e\uff0c\u5e76\u5728\u6240\u6709\u8282\u70b9\u4e0a\u4fdd\u6301\u4e00\u81f4\u3002\u786e\u4fdd\u5b83\u53d7\u5230\u9002\u5f53\u7684 ACL \u4fdd\u62a4\uff0c\u5e76\u4e14\u60a8\u6709\u5907\u4efd\u526f\u672c\u4ee5\u907f\u514d\u6570\u636e\u4e22\u5931\u3002","title":"\u5176\u4ed6\u503c\u5f97\u6ce8\u610f\u7684\u4e8b\u9879"},{"location":"security/security-guide/#_212","text":"\u64cd\u4f5c\u5458\u901a\u8fc7\u4f7f\u7528\u5404\u79cd\u52a0\u5bc6\u5e94\u7528\u7a0b\u5e8f\u6765\u4fdd\u62a4\u4e91\u90e8\u7f72\u4e2d\u7684\u654f\u611f\u4fe1\u606f\u3002\u4f8b\u5982\uff0c\u5bf9\u9759\u6001\u6570\u636e\u8fdb\u884c\u52a0\u5bc6\u6216\u5bf9\u6620\u50cf\u8fdb\u884c\u7b7e\u540d\u4ee5\u8bc1\u660e\u5176\u672a\u88ab\u7be1\u6539\u3002\u5728\u6240\u6709\u60c5\u51b5\u4e0b\uff0c\u8fd9\u4e9b\u52a0\u5bc6\u529f\u80fd\u90fd\u9700\u8981\u67d0\u79cd\u5bc6\u94a5\u6750\u6599\u624d\u80fd\u8fd0\u884c\u3002 \u673a\u5bc6\u7ba1\u7406\u63cf\u8ff0\u4e86\u4e00\u7ec4\u65e8\u5728\u4fdd\u62a4\u8f6f\u4ef6\u7cfb\u7edf\u4e2d\u7684\u5173\u952e\u6750\u6599\u7684\u6280\u672f\u3002\u4f20\u7edf\u4e0a\uff0c\u5bc6\u94a5\u7ba1\u7406\u6d89\u53ca\u786c\u4ef6\u5b89\u5168\u6a21\u5757 \uff08HSM\uff09 \u7684\u90e8\u7f72\u3002\u8fd9\u4e9b\u8bbe\u5907\u5df2\u7ecf\u8fc7\u7269\u7406\u5f3a\u5316\uff0c\u53ef\u9632\u6b62\u7be1\u6539\u3002 \u968f\u7740\u6280\u672f\u7684\u8fdb\u6b65\uff0c\u9700\u8981\u4fdd\u62a4\u7684\u79d8\u5bc6\u7269\u54c1\u7684\u6570\u91cf\u5df2\u7ecf\u4ece\u5bc6\u94a5\u6750\u6599\u589e\u52a0\u5230\u5305\u62ec\u8bc1\u4e66\u5bf9\u3001API \u5bc6\u94a5\u3001\u7cfb\u7edf\u5bc6\u7801\u3001\u7b7e\u540d\u5bc6\u94a5\u7b49\u3002\u8fd9\u79cd\u589e\u957f\u4ea7\u751f\u4e86\u5bf9\u66f4\u5177\u53ef\u6269\u5c55\u6027\u7684\u5bc6\u94a5\u7ba1\u7406\u65b9\u6cd5\u7684\u9700\u6c42\uff0c\u5e76\u5bfc\u81f4\u521b\u5efa\u4e86\u8bb8\u591a\u63d0\u4f9b\u53ef\u6269\u5c55\u52a8\u6001\u5bc6\u94a5\u7ba1\u7406\u7684\u8f6f\u4ef6\u670d\u52a1\u3002\u672c\u7ae0\u4ecb\u7ecd\u4e86\u76ee\u524d\u5b58\u5728\u7684\u670d\u52a1\uff0c\u5e76\u91cd\u70b9\u4ecb\u7ecd\u4e86\u90a3\u4e9b\u80fd\u591f\u96c6\u6210\u5230OpenStack\u4e91\u4e2d\u7684\u670d\u52a1\u3002 \u73b0\u6709\u6280\u672f\u6458\u8981 \u76f8\u5173 Openstack \u9879\u76ee \u4f7f\u7528\u6848\u4f8b \u955c\u50cf\u7b7e\u540d\u9a8c\u8bc1 \u5377\u52a0\u5bc6 \u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6 Sahara Magnum Octavia/LBaaS Swift \u914d\u7f6e\u6587\u4ef6\u4e2d\u7684\u5bc6\u7801 Barbican \u6982\u8ff0 \u52a0\u5bc6\u63d2\u4ef6 \u7b80\u5355\u7684\u52a0\u5bc6\u63d2\u4ef6 PKCS#11\u52a0\u5bc6\u63d2\u4ef6 \u5bc6\u94a5\u5546\u5e97\u63d2\u4ef6 KMIP\u63d2\u4ef6 Dogtag \u63d2\u4ef6 Vault \u63d2\u4ef6 Castellan \u6982\u8ff0 \u5e38\u89c1\u95ee\u9898\u89e3\u7b54 \u68c0\u67e5\u8868 Check-Key-Manager-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/barbican\uff1f Check-Key-Manager-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f Check-Key-Manager-03\uff1aOpenStack Identity \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f Check-Key-Manager-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f","title":"\u673a\u5bc6\u7ba1\u7406"},{"location":"security/security-guide/#_213","text":"\u5728OpenStack\u4e2d\uff0c\u6709\u4e24\u79cd\u63a8\u8350\u7528\u4e8e\u673a\u5bc6\u7ba1\u7406\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u5373Barbican\u548cCastellan\u3002\u672c\u7ae0\u5c06\u6982\u8ff0\u4e0d\u540c\u7684\u65b9\u6848\uff0c\u4ee5\u5e2e\u52a9\u64cd\u4f5c\u5458\u9009\u62e9\u4f7f\u7528\u54ea\u4e2a\u5bc6\u94a5\u7ba1\u7406\u5668\u3002 \u7b2c\u4e09\u79cd\u4e0d\u53d7\u652f\u6301\u7684\u65b9\u6cd5\u662f\u56fa\u5b9a/\u786c\u7f16\u7801\u5bc6\u94a5\u3002\u4f17\u6240\u5468\u77e5\uff0c\u67d0\u4e9b OpenStack \u670d\u52a1\u53ef\u4ee5\u9009\u62e9\u5728\u5176\u914d\u7f6e\u6587\u4ef6\u4e2d\u6307\u5b9a\u5bc6\u94a5\u3002\u8fd9\u662f\u6700\u4e0d\u5b89\u5168\u7684\u64cd\u4f5c\u65b9\u5f0f\uff0c\u6211\u4eec\u4e0d\u5efa\u8bae\u5728\u4efb\u4f55\u7c7b\u578b\u7684\u751f\u4ea7\u73af\u5883\u4e2d\u4f7f\u7528\u3002 \u5176\u4ed6\u89e3\u51b3\u65b9\u6848\u5305\u62ec KeyWhiz\u3001Confidant\u3001Conjur\u3001EJSON\u3001Knox \u548c Red October\uff0c\u4f46\u5728\u672c\u6587\u6863\u7684\u8ba8\u8bba\u8303\u56f4\u4e4b\u5916\uff0c\u65e0\u6cd5\u6db5\u76d6\u6240\u6709\u53ef\u7528\u7684 Key Manager\u3002 \u5bf9\u4e8e\u673a\u5bc6\u7684\u5b58\u50a8\uff0c\u5f3a\u70c8\u5efa\u8bae\u4f7f\u7528\u786c\u4ef6\u5b89\u5168\u6a21\u5757 \uff08HSM\uff09 \u3002HSM \u53ef\u4ee5\u6709\u591a\u79cd\u5f62\u5f0f\u3002\u4f20\u7edf\u8bbe\u5907\u662f\u673a\u67b6\u5f0f\u8bbe\u5907\uff0c\u5982\u4ee5\u4e0b\u535a\u5ba2\u6587\u7ae0\u4e2d\u6240\u793a\u3002","title":"\u73b0\u6709\u6280\u672f\u6458\u8981"},{"location":"security/security-guide/#openstack_10","text":"Castellan \u662f\u4e00\u4e2a\u5e93\uff0c\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u7b80\u5355\u7684\u901a\u7528\u63a5\u53e3\u6765\u5b58\u50a8\u3001\u751f\u6210\u548c\u68c0\u7d22\u673a\u5bc6\u3002\u5927\u591a\u6570 Openstack \u670d\u52a1\u90fd\u4f7f\u7528\u5b83\u8fdb\u884c\u673a\u5bc6\u7ba1\u7406\u3002\u4f5c\u4e3a\u4e00\u4e2a\u56fe\u4e66\u9986\uff0cCastellan \u672c\u8eab\u5e76\u4e0d\u63d0\u4f9b\u79d8\u5bc6\u5b58\u50a8\u3002\u76f8\u53cd\uff0c\u9700\u8981\u90e8\u7f72\u540e\u7aef\u5b9e\u73b0\u3002 \u8bf7\u6ce8\u610f\uff0cCastellan \u4e0d\u63d0\u4f9b\u4efb\u4f55\u8eab\u4efd\u9a8c\u8bc1\u3002\u5b83\u53ea\u662f\u901a\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u51ed\u636e\uff08\u4f8b\u5982Keystone\u4ee4\u724c\uff09\u4f20\u9012\u5230\u540e\u7aef\u3002 Barbican \u662f\u4e00\u4e2a OpenStack \u670d\u52a1\uff0c\u4e3a Castellan \u63d0\u4f9b\u540e\u7aef\u3002Barbican \u9700\u8981\u5e76\u9a8c\u8bc1 keystone \u8eab\u4efd\u9a8c\u8bc1\u4ee4\u724c\uff0c\u4ee5\u8bc6\u522b\u8bbf\u95ee\u6216\u5b58\u50a8\u5bc6\u94a5\u7684\u7528\u6237\u548c\u9879\u76ee\u3002\u7136\u540e\uff0c\u5b83\u5e94\u7528\u7b56\u7565\u6765\u786e\u5b9a\u662f\u5426\u5141\u8bb8\u8bbf\u95ee\u3002\u5b83\u8fd8\u63d0\u4f9b\u4e86\u8bb8\u591a\u989d\u5916\u7684\u6709\u7528\u529f\u80fd\u6765\u6539\u8fdb\u5bc6\u94a5\u7ba1\u7406\uff0c\u5305\u62ec\u914d\u989d\u3001\u6bcf\u4e2a\u5bc6\u94a5\u7684 ACL\u3001\u8ddf\u8e2a\u5bc6\u94a5\u4f7f\u7528\u8005\u4ee5\u53ca\u5bc6\u94a5\u5bb9\u5668\u4e2d\u7684\u5bc6\u94a5\u5206\u7ec4\u3002\u4f8b\u5982\uff0c\u660e\u9510\u76f4\u63a5\u4e0e\u5df4\u6bd4\u80af\uff08\u800c\u4e0d\u662f\u5361\u65af\u7279\u62c9\u5170\uff09\u96c6\u6210\uff0c\u4ee5\u5229\u7528\u5176\u4e2d\u4e00\u4e9b\u529f\u80fd\u3002 Barbican \u6709\u8bb8\u591a\u540e\u7aef\u63d2\u4ef6\uff0c\u53ef\u7528\u4e8e\u5c06\u673a\u5bc6\u5b89\u5168\u5730\u5b58\u50a8\u5728\u672c\u5730\u6570\u636e\u5e93\u6216 HSM \u4e2d\u3002 \u76ee\u524d\uff0cBarbican \u662f Castellan \u552f\u4e00\u53ef\u7528\u7684\u540e\u7aef\u3002\u7136\u800c\uff0c\u6709\u51e0\u4e2a\u540e\u7aef\u6b63\u5728\u5f00\u53d1\u4e2d\uff0c\u5305\u62ec KMIP\u3001Dogtag\u3001Hashicorp Vault \u548c Custodia\u3002\u5bf9\u4e8e\u90a3\u4e9b\u4e0d\u5e0c\u671b\u90e8\u7f72 Barbican \u5e76\u4e14\u5bc6\u94a5\u7ba1\u7406\u9700\u6c42\u76f8\u5bf9\u7b80\u5355\u7684\u90e8\u7f72\u4eba\u5458\u6765\u8bf4\uff0c\u4f7f\u7528\u8fd9\u4e9b\u540e\u7aef\u4e4b\u4e00\u53ef\u80fd\u662f\u4e00\u4e2a\u53ef\u884c\u7684\u66ff\u4ee3\u65b9\u6848\u3002\u4f46\u662f\uff0c\u5728\u68c0\u7d22\u5bc6\u94a5\u65f6\uff0c\u7f3a\u5c11\u7684\u662f\u591a\u79df\u6237\u548c\u79df\u6237\u7b56\u7565\u7684\u5b9e\u65bd\uff0c\u4ee5\u53ca\u4e0a\u9762\u63d0\u5230\u7684\u4efb\u4f55\u989d\u5916\u529f\u80fd\u3002","title":"\u76f8\u5173 Openstack \u9879\u76ee"},{"location":"security/security-guide/#_214","text":"","title":"\u4f7f\u7528\u6848\u4f8b"},{"location":"security/security-guide/#_215","text":"\u9a8c\u8bc1\u955c\u50cf\u7b7e\u540d\u53ef\u786e\u4fdd\u955c\u50cf\u81ea\u539f\u59cb\u4e0a\u4f20\u4ee5\u6765\u4e0d\u4f1a\u88ab\u66ff\u6362\u6216\u66f4\u6539\u3002\u955c\u50cf\u7b7e\u540d\u9a8c\u8bc1\u529f\u80fd\u4f7f\u7528 Castellan \u4f5c\u4e3a\u5176\u5bc6\u94a5\u7ba1\u7406\u5668\u6765\u5b58\u50a8\u52a0\u5bc6\u7b7e\u540d\u3002\u955c\u50cf\u7b7e\u540d\u548c\u8bc1\u4e66 UUID \u5c06\u4e0e\u955c\u50cf\u4e00\u8d77\u4e0a\u4f20\u5230\u955c\u50cf \uff08glance\uff09 \u670d\u52a1\u3002Glance \u5728\u4ece\u5bc6\u94a5\u7ba1\u7406\u5668\u68c0\u7d22\u8bc1\u4e66\u540e\u9a8c\u8bc1\u7b7e\u540d\u3002\u542f\u52a8\u955c\u50cf\u65f6\uff0c\u8ba1\u7b97\u670d\u52a1 \uff08nova\uff09 \u5728\u4ece\u5bc6\u94a5\u7ba1\u7406\u5668\u68c0\u7d22\u8bc1\u4e66\u540e\u9a8c\u8bc1\u7b7e\u540d\u3002 \u6709\u5173\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u53ef\u4fe1\u6620\u50cf\u6587\u6863\u3002","title":"\u955c\u50cf\u7b7e\u540d\u9a8c\u8bc1"},{"location":"security/security-guide/#_216","text":"\u5377\u52a0\u5bc6\u529f\u80fd\u4f7f\u7528 Castellan \u63d0\u4f9b\u9759\u6001\u6570\u636e\u52a0\u5bc6\u3002\u5f53\u7528\u6237\u521b\u5efa\u52a0\u5bc6\u5377\u7c7b\u578b\u5e76\u4f7f\u7528\u8be5\u7c7b\u578b\u521b\u5efa\u5377\u65f6\uff0c\u5757\u5b58\u50a8 \uff08cinder\uff09 \u670d\u52a1\u4f1a\u8bf7\u6c42\u5bc6\u94a5\u7ba1\u7406\u5668\u521b\u5efa\u8981\u4e0e\u8be5\u5377\u5173\u8054\u7684\u5bc6\u94a5\u3002\u5f53\u5377\u9644\u52a0\u5230\u5b9e\u4f8b\u65f6\uff0cnova \u4f1a\u68c0\u7d22\u5bc6\u94a5\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u6570\u636e\u52a0\u5bc6\u90e8\u5206\u3002\u548c\u5377\u52a0\u5bc6\u3002","title":"\u5377\u52a0\u5bc6"},{"location":"security/security-guide/#_217","text":"\u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\u529f\u80fd\u53ef\u89e3\u51b3\u6570\u636e\u9690\u79c1\u95ee\u9898\u3002\u4e34\u65f6\u78c1\u76d8\u662f\u865a\u62df\u4e3b\u673a\u64cd\u4f5c\u7cfb\u7edf\u4f7f\u7528\u7684\u4e34\u65f6\u5de5\u4f5c\u7a7a\u95f4\u3002\u5982\u679c\u4e0d\u52a0\u5bc6\uff0c\u53ef\u4ee5\u5728\u6b64\u78c1\u76d8\u4e0a\u8bbf\u95ee\u654f\u611f\u7684\u7528\u6237\u4fe1\u606f\uff0c\u5e76\u4e14\u5728\u5378\u8f7d\u78c1\u76d8\u540e\u53ef\u80fd\u4f1a\u4fdd\u7559\u6b8b\u7559\u4fe1\u606f\u3002 \u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\u529f\u80fd\u53ef\u4ee5\u901a\u8fc7\u5b89\u5168\u5305\u88c5\u5668\u4e0e\u5bc6\u94a5\u7ba1\u7406\u670d\u52a1\u4ea4\u4e92\uff0c\u5e76\u901a\u8fc7\u6309\u79df\u6237\u63d0\u4f9b\u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\u5bc6\u94a5\u6765\u652f\u6301\u6570\u636e\u9694\u79bb\u3002\u5efa\u8bae\u4f7f\u7528\u540e\u7aef\u5bc6\u94a5\u5b58\u50a8\u4ee5\u589e\u5f3a\u5b89\u5168\u6027\uff08\u4f8b\u5982\uff0cHSM \u6216 KMIP \u670d\u52a1\u5668\u53ef\u7528\u4f5c barbican \u540e\u7aef\u5bc6\u94a5\u5b58\u50a8\uff09\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\u6587\u6863\u3002","title":"\u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6"},{"location":"security/security-guide/#sahara","text":"Sahara\u5728\u64cd\u4f5c\u8fc7\u7a0b\u4e2d\u751f\u6210\u5e76\u5b58\u50a8\u591a\u4e2a\u5bc6\u7801\u3002\u4e3a\u4e86\u52a0\u5f3aSahara\u5bf9\u5bc6\u7801\u7684\u4f7f\u7528\uff0c\u53ef\u4ee5\u6307\u793a\u5b83\u4f7f\u7528\u5916\u90e8\u5bc6\u94a5\u7ba1\u7406\u5668\u6765\u5b58\u50a8\u548c\u68c0\u7d22\u8fd9\u4e9b\u5bc6\u94a5\u3002\u8981\u542f\u7528\u6b64\u529f\u80fd\uff0c\u5fc5\u987b\u9996\u5148\u5728\u5806\u6808\u4e2d\u90e8\u7f72\u4e00\u4e2a OpenStack Key Manager \u670d\u52a1\u3002 \u5728\u5806\u6808\u4e0a\u90e8\u7f72\u5bc6\u94a5\u7ba1\u7406\u5668\u670d\u52a1\u540e\uff0c\u5fc5\u987b\u5c06 sahara \u914d\u7f6e\u4e3a\u542f\u7528\u5bc6\u94a5\u7684\u5916\u90e8\u5b58\u50a8\u3002Sahara \u4f7f\u7528 Castellan \u5e93\u4e0e OpenStack Key Manager \u670d\u52a1\u8fdb\u884c\u4ea4\u4e92\u3002\u6b64\u5e93\u63d0\u4f9b\u5bf9\u5bc6\u94a5\u7ba1\u7406\u5668\u7684\u53ef\u914d\u7f6e\u8bbf\u95ee\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 Sahara \u9ad8\u7ea7\u914d\u7f6e\u6307\u5357\u3002","title":"Sahara"},{"location":"security/security-guide/#magnum","text":"\u4e3a\u4e86\u4f7f\u7528\u672c\u673a\u5ba2\u6237\u7aef\uff08 docker \u6216 kubectl \u5206\u522b\uff09\u63d0\u4f9b\u5bf9 Docker Swarm \u6216 Kubernetes \u7684\u8bbf\u95ee\uff0cmagnum \u4f7f\u7528 TLS \u8bc1\u4e66\u3002\u8981\u5b58\u50a8\u8bc1\u4e66\uff0c\u5efa\u8bae\u4f7f\u7528 Barbican \u6216 Magnum \u6570\u636e\u5e93 \uff08 x590keypair \uff09\u3002 \u4e5f\u53ef\u4ee5\u4f7f\u7528\u672c\u5730\u76ee\u5f55 \uff08 local \uff09\uff0c\u4f46\u88ab\u8ba4\u4e3a\u662f\u4e0d\u5b89\u5168\u7684\uff0c\u4e0d\u9002\u5408\u751f\u4ea7\u73af\u5883\u3002 \u6709\u5173\u4e3a Magnum \u8bbe\u7f6e\u8bc1\u4e66\u7ba1\u7406\u5668\u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u5bb9\u5668\u57fa\u7840\u67b6\u6784\u7ba1\u7406\u670d\u52a1\u6587\u6863\u3002","title":"Magnum"},{"location":"security/security-guide/#octavialbaas","text":"Neutron \u548c Octavia \u9879\u76ee\u7684 LBaaS\uff08\u8d1f\u8f7d\u5747\u8861\u5668\u5373\u670d\u52a1\uff09\u529f\u80fd\u9700\u8981\u8bc1\u4e66\u53ca\u5176\u79c1\u94a5\u6765\u4e3a TLS \u8fde\u63a5\u63d0\u4f9b\u8d1f\u8f7d\u5747\u8861\u3002Barbican \u53ef\u7528\u4e8e\u5b58\u50a8\u6b64\u654f\u611f\u4fe1\u606f\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u5982\u4f55\u521b\u5efa TLS \u8d1f\u8f7d\u5747\u8861\u5668\u548c\u90e8\u7f72\u4ee5 TLS \u7ed3\u5c3e\u7684 HTTPS \u8d1f\u8f7d\u5747\u8861\u5668\u3002","title":"Octavia/LBaaS"},{"location":"security/security-guide/#swift","text":"\u5bf9\u79f0\u5bc6\u94a5\u53ef\u7528\u4e8e\u52a0\u5bc6 Swift \u5bb9\u5668\uff0c\u4ee5\u964d\u4f4e\u7528\u6237\u6570\u636e\u88ab\u8bfb\u53d6\u7684\u98ce\u9669\uff0c\u5982\u679c\u672a\u7ecf\u6388\u6743\u7684\u4e00\u65b9\u8981\u83b7\u5f97\u5bf9\u78c1\u76d8\u7684\u7269\u7406\u8bbf\u95ee\u6743\u9650\u3002 \u6709\u5173\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u5b98\u65b9 swift \u6587\u6863\u4e2d\u7684\u5bf9\u8c61\u52a0\u5bc6\u90e8\u5206\u3002","title":"Swift"},{"location":"security/security-guide/#_218","text":"OpenStack \u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u5305\u542b\u8bb8\u591a\u7eaf\u6587\u672c\u5bc6\u7801\u3002\u4f8b\u5982\uff0c\u8fd9\u4e9b\u5305\u62ec\u670d\u52a1\u7528\u6237\u7528\u4e8e\u5411 keystone \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u4ee5\u9a8c\u8bc1 keystone \u4ee4\u724c\u7684\u5bc6\u7801\u3002 \u76ee\u524d\u6ca1\u6709\u5bf9\u8fd9\u4e9b\u5bc6\u7801\u8fdb\u884c\u6a21\u7cca\u5904\u7406\u7684\u89e3\u51b3\u65b9\u6848\u3002\u5efa\u8bae\u901a\u8fc7\u6587\u4ef6\u6743\u9650\u9002\u5f53\u5730\u4fdd\u62a4\u8fd9\u4e9b\u6587\u4ef6\u3002 \u76ee\u524d\u6b63\u5728\u52aa\u529b\u5c06\u8fd9\u4e9b\u5bc6\u94a5\u5b58\u50a8\u5728 Castellan \u540e\u7aef\uff0c\u7136\u540e\u8ba9 oslo.config \u4f7f\u7528 Castellan \u6765\u68c0\u7d22\u8fd9\u4e9b\u5bc6\u94a5\u3002","title":"\u914d\u7f6e\u6587\u4ef6\u4e2d\u7684\u5bc6\u7801"},{"location":"security/security-guide/#barbican","text":"","title":"Barbican"},{"location":"security/security-guide/#_219","text":"Barbican \u662f\u4e00\u4e2a REST API\uff0c\u65e8\u5728\u5b89\u5168\u5b58\u50a8\u3001\u914d\u7f6e\u548c\u7ba1\u7406\u5bc6\u7801\u3001\u52a0\u5bc6\u5bc6\u94a5\u548c X.509 \u8bc1\u4e66\u7b49\u673a\u5bc6\u3002\u5b83\u65e8\u5728\u5bf9\u6240\u6709\u73af\u5883\u90fd\u6709\u7528\uff0c\u5305\u62ec\u5927\u578b\u77ed\u6682\u4e91\u3002 Barbican \u4e0e\u591a\u4e2a OpenStack \u529f\u80fd\u96c6\u6210\uff0c\u53ef\u4ee5\u76f4\u63a5\u96c6\u6210\uff0c\u4e5f\u53ef\u4ee5\u4f5c\u4e3a Castellan \u7684\u540e\u7aef\u96c6\u6210\u3002 Barbican \u901a\u5e38\u7528\u4f5c\u5bc6\u94a5\u7ba1\u7406\u7cfb\u7edf\uff0c\u4ee5\u5b9e\u73b0\u56fe\u50cf\u7b7e\u540d\u9a8c\u8bc1\u3001\u5377\u52a0\u5bc6\u7b49\u7528\u4f8b\u3002\u8fd9\u4e9b\u7528\u4f8b\u5728\u7528\u4f8b\u4e2d\u8fdb\u884c\u4e86\u6982\u8ff0","title":"\u6982\u8ff0"},{"location":"security/security-guide/#barbican_1","text":"\u5f85\u5b9a","title":"Barbican \u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236"},{"location":"security/security-guide/#_220","text":"Key Manager \u670d\u52a1\u5177\u6709\u63d2\u4ef6\u67b6\u6784\uff0c\u5141\u8bb8\u90e8\u7f72\u7a0b\u5e8f\u5c06\u5bc6\u94a5\u5b58\u50a8\u5728\u4e00\u4e2a\u6216\u591a\u4e2a\u5bc6\u94a5\u5b58\u50a8\u4e2d\u3002\u673a\u5bc6\u5b58\u50a8\u53ef\u4ee5\u662f\u57fa\u4e8e\u8f6f\u4ef6\u7684\uff08\u5982\u8f6f\u4ef6\u4ee4\u724c\uff09\uff0c\u4e5f\u53ef\u4ee5\u662f\u57fa\u4e8e\u786c\u4ef6\u8bbe\u5907\uff08\u5982\u786c\u4ef6\u5b89\u5168\u6a21\u5757 \uff08HSM\uff09\uff09\u7684\u3002\u672c\u8282\u4ecb\u7ecd\u5f53\u524d\u53ef\u7528\u7684\u63d2\u4ef6\uff0c\u5e76\u8ba8\u8bba\u6bcf\u4e2a\u63d2\u4ef6\u7684\u5b89\u5168\u72b6\u51b5\u3002\u63d2\u4ef6\u5df2\u542f\u7528\u5e76\u4f7f\u7528\u914d\u7f6e\u6587\u4ef6\u4e2d\u7684 /etc/barbican/barbican.conf \u8bbe\u7f6e\u8fdb\u884c\u914d\u7f6e\u3002 \u6709\u4e24\u79cd\u7c7b\u578b\u7684\u63d2\u4ef6\uff1a\u52a0\u5bc6\u63d2\u4ef6\u548c\u673a\u5bc6\u5b58\u50a8\u63d2\u4ef6\u3002","title":"\u673a\u5bc6\u5b58\u50a8\u540e\u7aef"},{"location":"security/security-guide/#_221","text":"\u52a0\u5bc6\u63d2\u4ef6\u5c06\u673a\u5bc6\u5b58\u50a8\u4e3a Barbican \u6570\u636e\u5e93\u4e2d\u7684\u52a0\u5bc6 blob\u3002\u8c03\u7528\u8be5\u63d2\u4ef6\u6765\u52a0\u5bc6\u5bc6\u94a5\u5b58\u50a8\u4e0a\u7684\u5bc6\u94a5\uff0c\u5e76\u5728\u5bc6\u94a5\u68c0\u7d22\u65f6\u89e3\u5bc6\u5bc6\u94a5\u3002\u76ee\u524d\u6709\u4e24\u79cd\u7c7b\u578b\u7684\u5b58\u50a8\u63d2\u4ef6\u53ef\u7528\uff1aSimple Crypto \u63d2\u4ef6\u548c PKCS#11 \u52a0\u5bc6\u63d2\u4ef6\u3002","title":"\u52a0\u5bc6\u63d2\u4ef6"},{"location":"security/security-guide/#_222","text":"\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u5728 \u4e2d barbican.conf \u914d\u7f6e\u4e86\u7b80\u5355\u7684\u52a0\u5bc6\u63d2\u4ef6\u3002\u8be5\u63d2\u4ef6\u4f7f\u7528\u5355\u4e2a\u5bf9\u79f0\u5bc6\u94a5\uff08KEK - \u6216\u201c\u5bc6\u94a5\u52a0\u5bc6\u5bc6\u94a5\u201d\uff09\uff0c\u8be5\u5bc6\u94a5\u4ee5\u7eaf\u6587\u672c\u5f62\u5f0f\u5b58\u50a8\u5728 barbican.conf \u6587\u4ef6\u4e2d\uff0c\u4ee5\u52a0\u5bc6\u548c\u89e3\u5bc6\u6240\u6709\u673a\u5bc6\u3002\u6b64\u63d2\u4ef6\u88ab\u8ba4\u4e3a\u662f\u4e0d\u592a\u5b89\u5168\u7684\u9009\u9879\uff0c\u4ec5\u9002\u7528\u4e8e\u5f00\u53d1\u548c\u6d4b\u8bd5\uff0c\u56e0\u4e3a\u4e3b\u5bc6\u94a5\u4ee5\u7eaf\u6587\u672c\u5f62\u5f0f\u5b58\u50a8\u5728\u914d\u7f6e\u6587\u4ef6\u4e2d\uff0c\u56e0\u6b64\u4e0d\u5efa\u8bae\u5728\u751f\u4ea7\u90e8\u7f72\u4e2d\u4f7f\u7528\u3002","title":"\u7b80\u5355\u7684\u52a0\u5bc6\u63d2\u4ef6"},{"location":"security/security-guide/#pkcs11","text":"PKCS#11 \u52a0\u5bc6\u63d2\u4ef6\u53ef\u7528\u4e8e\u4e0e\u4f7f\u7528 PKCS#11 \u534f\u8bae\u7684\u786c\u4ef6\u5b89\u5168\u6a21\u5757 \uff08HSM\uff09 \u8fde\u63a5\u3002\u673a\u5bc6\u7531\u9879\u76ee\u7279\u5b9a\u7684\u5bc6\u94a5\u52a0\u5bc6\u5bc6\u94a5 \uff08KEK\uff09 \u52a0\u5bc6 \uff08\u5e76\u5728\u68c0\u7d22\u65f6\u89e3\u5bc6\uff09 \u3002KEK \u53d7\u4e3b KEK \uff08MKEK\uff09 \u4fdd\u62a4\uff08\u52a0\u5bc6\uff09\u3002MKEK \u4e0e HMAC \u4e00\u8d77\u9a7b\u7559\u5728 HSM \u4e2d\u3002\u7531\u4e8e\u6bcf\u4e2a\u9879\u76ee\u90fd\u4f7f\u7528\u4e0d\u540c\u7684 KEK\uff0c\u5e76\u4e14\u7531\u4e8e KEK \u4ee5\u52a0\u5bc6\u5f62\u5f0f\uff08\u800c\u4e0d\u662f\u914d\u7f6e\u6587\u4ef6\u4e2d\u7684\u660e\u6587\uff09\u5b58\u50a8\u5728\u6570\u636e\u5e93\u4e2d\uff0c\u56e0\u6b64 PKCS#11 \u63d2\u4ef6\u6bd4\u7b80\u5355\u7684\u52a0\u5bc6\u63d2\u4ef6\u5b89\u5168\u5f97\u591a\u3002\u5b83\u662f Barbican \u90e8\u7f72\u4e2d\u6700\u53d7\u6b22\u8fce\u7684\u540e\u7aef\u3002","title":"PKCS#11 \u52a0\u5bc6\u63d2\u4ef6"},{"location":"security/security-guide/#_223","text":"\u5bc6\u94a5\u5b58\u50a8\u63d2\u4ef6\u4e0e\u5b89\u5168\u5b58\u50a8\u7cfb\u7edf\u63a5\u53e3\uff0c\u4ee5\u5c06\u5bc6\u94a5\u5b58\u50a8\u5728\u8fd9\u4e9b\u7cfb\u7edf\u4e2d\u3002\u5bc6\u94a5\u5b58\u50a8\u63d2\u4ef6\u6709\u4e09\u79cd\u7c7b\u578b\uff1aKMIP \u63d2\u4ef6\u3001Dogtag \u63d2\u4ef6\u548c Vault \u63d2\u4ef6\u3002","title":"\u673a\u5bc6\u5b58\u50a8\u63d2\u4ef6"},{"location":"security/security-guide/#kmip","text":"\u5bc6\u94a5\u7ba1\u7406\u4e92\u64cd\u4f5c\u6027\u534f\u8bae \uff08KMIP\uff09 \u5bc6\u94a5\u5b58\u50a8\u63d2\u4ef6\u7528\u4e8e\u4e0e\u542f\u7528\u4e86 KMIP \u7684\u8bbe\u5907\uff08\u5982\u786c\u4ef6\u5b89\u5168\u6a21\u5757 \uff08HSM\uff09\uff09\u8fdb\u884c\u901a\u4fe1\u3002\u5bc6\u94a5\u76f4\u63a5\u5b89\u5168\u5730\u5b58\u50a8\u5728\u542f\u7528\u4e86 KMIP \u7684\u8bbe\u5907\u4e2d\uff0c\u800c\u4e0d\u662f\u5b58\u50a8\u5728 Barbican \u6570\u636e\u5e93\u4e2d\u3002Barbican \u6570\u636e\u5e93\u7ef4\u62a4\u5bf9\u5bc6\u94a5\u4f4d\u7f6e\u7684\u5f15\u7528\uff0c\u4ee5\u4f9b\u4ee5\u540e\u68c0\u7d22\u3002\u8be5\u63d2\u4ef6\u53ef\u4ee5\u914d\u7f6e\u4e3a\u4f7f\u7528\u7528\u6237\u540d\u548c\u5bc6\u7801\u6216\u4f7f\u7528\u5ba2\u6237\u7aef\u8bc1\u4e66\u5411\u542f\u7528\u4e86 KMIP \u7684\u8bbe\u5907\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u6b64\u4fe1\u606f\u5b58\u50a8\u5728 Barbican \u914d\u7f6e\u6587\u4ef6\u4e2d\u3002","title":"KMIP \u63d2\u4ef6"},{"location":"security/security-guide/#dogtag","text":"Dogtag \u79d8\u5bc6\u5b58\u50a8\u63d2\u4ef6\u7528\u4e8e\u4e0e Dogtag \u901a\u4fe1\u3002Dogtag \u662f\u5bf9\u5e94\u4e8e Red Hat \u8bc1\u4e66\u7cfb\u7edf\u7684\u4e0a\u6e38\u9879\u76ee\uff0cRed Hat Certificate System \u662f\u4e00\u4e2a\u901a\u7528\u6807\u51c6/FIPS \u8ba4\u8bc1\u7684 PKI \u89e3\u51b3\u65b9\u6848\uff0c\u5305\u542b\u8bc1\u4e66\u7ba1\u7406\u5668 \uff08CA\uff09 \u548c\u5bc6\u94a5\u6062\u590d\u673a\u6784 \uff08KRA\uff09\uff0c\u7528\u4e8e\u5b89\u5168\u5b58\u50a8\u673a\u5bc6\u3002KRA \u5c06\u673a\u5bc6\u4f5c\u4e3a\u52a0\u5bc6\u7684 blob \u5b58\u50a8\u5728\u5176\u5185\u90e8\u6570\u636e\u5e93\u4e2d\uff0c\u4e3b\u52a0\u5bc6\u5bc6\u94a5\u5b58\u50a8\u5728\u57fa\u4e8e\u8f6f\u4ef6\u7684 NSS \u5b89\u5168\u6570\u636e\u5e93\u4e2d\uff0c\u6216\u5b58\u50a8\u5728\u786c\u4ef6\u5b89\u5168\u6a21\u5757 \uff08HSM\uff09 \u4e2d\u3002\u57fa\u4e8e\u8f6f\u4ef6\u7684 NSS \u6570\u636e\u5e93\u914d\u7f6e\u4e3a\u4e0d\u5e0c\u671b\u4f7f\u7528 HSM \u7684\u90e8\u7f72\u63d0\u4f9b\u4e86\u5b89\u5168\u9009\u9879\u3002KRA \u662f FreeIPA \u7684\u4e00\u4e2a\u7ec4\u4ef6\uff0c\u56e0\u6b64\u53ef\u4ee5\u4f7f\u7528 FreeIPA \u670d\u52a1\u5668\u914d\u7f6e\u63d2\u4ef6\u3002\u4ee5\u4e0b\u535a\u5ba2\u6587\u7ae0\u4e2d\u63d0\u4f9b\u4e86\u6709\u5173\u5982\u4f55\u4f7f\u7528 FreeIPA \u8bbe\u7f6e Barbican \u7684\u66f4\u8be6\u7ec6\u8bf4\u660e\u3002","title":"Dogtag \u63d2\u4ef6"},{"location":"security/security-guide/#vault","text":"Vault \u662f Hashicorp \u5f00\u53d1\u7684\u79d8\u5bc6\u5b58\u50a8\uff0c\u7528\u4e8e\u5b89\u5168\u8bbf\u95ee\u673a\u5bc6\u548c\u5176\u4ed6\u5bf9\u8c61\uff0c\u4f8b\u5982 API \u5bc6\u94a5\u3001\u5bc6\u7801\u6216\u8bc1\u4e66\u3002\u4fdd\u9669\u67dc\u4e3a\u4efb\u4f55\u673a\u5bc6\u63d0\u4f9b\u7edf\u4e00\u7684\u754c\u9762\uff0c\u540c\u65f6\u63d0\u4f9b\u4e25\u683c\u7684\u8bbf\u95ee\u63a7\u5236\u5e76\u8bb0\u5f55\u8be6\u7ec6\u7684\u5ba1\u6838\u65e5\u5fd7\u3002Vault \u4f01\u4e1a\u7248\u8fd8\u5141\u8bb8\u4e0e HSM \u96c6\u6210\u4ee5\u8fdb\u884c\u81ea\u52a8\u89e3\u5c01\u3001\u63d0\u4f9b FIPS \u5bc6\u94a5\u5b58\u50a8\u548c\u71b5\u589e\u5f3a\u3002\u4f46\u662f\uff0cVault \u63d2\u4ef6\u7684\u7f3a\u70b9\u662f\u5b83\u4e0d\u652f\u6301\u591a\u79df\u6237\uff0c\u56e0\u6b64\u6240\u6709\u5bc6\u94a5\u90fd\u5c06\u5b58\u50a8\u5728\u540c\u4e00\u4e2a\u952e/\u503c\u5bc6\u94a5\u5f15\u64ce\u4e0b\u3002\u6302\u8f7d\u70b9\u3002","title":"Vault \u63d2\u4ef6"},{"location":"security/security-guide/#_224","text":"Barbican \u56e2\u961f\u4e0e OpenStack \u5b89\u5168\u9879\u76ee\u5408\u4f5c\uff0c\u5bf9\u6700\u4f73\u5b9e\u8df5 Barbican \u90e8\u7f72\u8fdb\u884c\u4e86\u5b89\u5168\u5ba1\u67e5\u3002\u5b89\u5168\u5ba1\u67e5\u7684\u76ee\u7684\u662f\u8bc6\u522b\u670d\u52a1\u8bbe\u8ba1\u548c\u4f53\u7cfb\u7ed3\u6784\u4e2d\u7684\u5f31\u70b9\u548c\u7f3a\u9677\uff0c\u5e76\u63d0\u51fa\u89e3\u51b3\u8fd9\u4e9b\u95ee\u9898\u7684\u63a7\u5236\u6216\u4fee\u590d\u63aa\u65bd\u3002 \u5df4\u6bd4\u80af\u5a01\u80c1\u5206\u6790\u786e\u5b9a\u4e86\u516b\u9879\u5b89\u5168\u53d1\u73b0\u548c\u4e24\u9879\u5efa\u8bae\uff0c\u4ee5\u63d0\u9ad8\u5df4\u6bd4\u80af\u90e8\u7f72\u7684\u5b89\u5168\u6027\u3002\u8fd9\u4e9b\u7ed3\u679c\u53ef\u4ee5\u5728\u5b89\u5168\u5206\u6790\u5b58\u50a8\u5e93\u4e2d\u67e5\u770b\uff0c\u4ee5\u53ca Barbican \u4f53\u7cfb\u7ed3\u6784\u56fe\u548c\u4f53\u7cfb\u7ed3\u6784\u63cf\u8ff0\u9875\u3002","title":"\u5a01\u80c1\u5206\u6790"},{"location":"security/security-guide/#castellan","text":"","title":"Castellan"},{"location":"security/security-guide/#_225","text":"Castellan \u662f\u7531 Barbican \u56e2\u961f\u5f00\u53d1\u7684\u901a\u7528\u5bc6\u94a5\u7ba1\u7406\u5668\u754c\u9762\u3002\u5b83\u4f7f\u9879\u76ee\u80fd\u591f\u4f7f\u7528\u53ef\u914d\u7f6e\u7684\u5bc6\u94a5\u7ba1\u7406\u5668\uff0c\u8be5\u7ba1\u7406\u5668\u53ef\u4ee5\u7279\u5b9a\u4e8e\u90e8\u7f72\u3002","title":"\u6982\u8ff0"},{"location":"security/security-guide/#_226","text":"\u200b 1.\u5728 OpenStack \u4e2d\u5b89\u5168\u5b58\u50a8\u5bc6\u94a5\u7684\u63a8\u8350\u65b9\u6cd5\u662f\u4ec0\u4e48\uff1f \u5728OpenStack\u4e2d\u5b89\u5168\u5730\u5b58\u50a8\u548c\u7ba1\u7406\u5bc6\u94a5\u7684\u63a8\u8350\u65b9\u6cd5\u662f\u4f7f\u7528Barbican\u3002 \u200b 2.\u6211\u4e3a\u4ec0\u4e48\u8981\u4f7f\u7528Barbican\uff1f Barbican \u662f\u4e00\u79cd OpenStack \u670d\u52a1\uff0c\u5b83\u652f\u6301\u591a\u79df\u6237\uff0c\u5e76\u4f7f\u7528 Keystone \u4ee4\u724c\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u8fd9\u610f\u5473\u7740\u5bf9\u5bc6\u94a5\u7684\u8bbf\u95ee\u662f\u901a\u8fc7\u79df\u6237\u548c RBAC \u89d2\u8272\u7684 OpenStack \u7b56\u7565\u6765\u63a7\u5236\u7684\u3002 Barbican \u5177\u6709\u591a\u4e2a\u53ef\u63d2\u62d4\u540e\u7aef\uff0c\u53ef\u4ee5\u4f7f\u7528 PKCS#11 \u6216 KMIP \u4e0e\u57fa\u4e8e\u8f6f\u4ef6\u548c\u786c\u4ef6\u7684\u5b89\u5168\u6a21\u5757\u8fdb\u884c\u901a\u4fe1\u3002 \u200b 3.\u5982\u679c\u6211\u4e0d\u60f3\u4f7f\u7528Barbican\u600e\u4e48\u529e\uff1f \u5728 Openstack \u4e0a\u4e0b\u6587\u4e2d\uff0c\u9700\u8981\u7ba1\u7406\u4e24\u79cd\u7c7b\u578b\u7684\u5bc6\u94a5 - \u9700\u8981\u5bc6\u94a5\u5931\u771f\u4ee4\u724c\u624d\u80fd\u8bbf\u95ee\u7684\u5bc6\u94a5\uff0c\u4ee5\u53ca\u4e0d\u9700\u8981\u5bc6\u94a5\u9a8c\u8bc1\u4ee4\u724c\u7684\u5bc6\u94a5\u3002 \u9700\u8981 keystone \u8eab\u4efd\u9a8c\u8bc1\u7684\u5bc6\u94a5\u7684\u4e00\u4e2a\u793a\u4f8b\u662f\u7279\u5b9a\u9879\u76ee\u62e5\u6709\u7684\u5bc6\u7801\u548c\u5bc6\u94a5\u3002\u4f8b\u5982\uff0c\u8fd9\u4e9b\u5305\u62ec\u9879\u76ee\u52a0\u5bc6\u7164\u6e23\u5377\u7684\u52a0\u5bc6\u5bc6\u94a5\u6216\u9879\u76ee\u6982\u89c8\u56fe\u50cf\u7684\u7b7e\u540d\u5bc6\u94a5\u3002 \u4e0d\u9700\u8981 keystone \u4ee4\u724c\u5373\u53ef\u8bbf\u95ee\u7684\u5bc6\u94a5\u793a\u4f8b\u5305\u62ec\u670d\u52a1\u914d\u7f6e\u6587\u4ef6\u4e2d\u670d\u52a1\u7528\u6237\u7684\u5bc6\u7801\u6216\u4e0d\u5c5e\u4e8e\u4efb\u4f55\u7279\u5b9a\u9879\u76ee\u7684\u52a0\u5bc6\u5bc6\u94a5\u3002 \u9700\u8981 keystone \u4ee4\u724c\u7684\u673a\u5bc6\u5e94\u4f7f\u7528 Barbican \u8fdb\u884c\u5b58\u50a8\u3002 \u4e0d\u9700\u8981 keystone \u8eab\u4efd\u9a8c\u8bc1\u7684\u5bc6\u94a5\u53ef\u4ee5\u5b58\u50a8\u5728\u4efb\u4f55\u5bc6\u94a5\u5b58\u50a8\u4e2d\uff0c\u8be5\u5bc6\u94a5\u5b58\u50a8\u5b9e\u73b0\u4e86\u901a\u8fc7 Castellan \u516c\u5f00\u7684\u7b80\u5355\u5bc6\u94a5\u5b58\u50a8 API\u3002\u8fd9\u4e5f\u5305\u62ec\u5df4\u6bd4\u80af\u3002 \u200b 4.\u5982\u4f55\u4f7f\u7528 Vault\u3001Keywhiz\u3001Custodia \u7b49...\uff1f \u5982\u679c\u5df2\u4e3a\u8be5\u5bc6\u94a5\u7ba1\u7406\u5668\u7f16\u5199\u4e86 Castellan \u63d2\u4ef6\uff0c\u5219\u60a8\u9009\u62e9\u7684\u5bc6\u94a5\u7ba1\u7406\u5668\u53ef\u4ee5\u4e0e\u8be5\u5bc6\u94a5\u7ba1\u7406\u5668\u4e00\u8d77\u4f7f\u7528\u3002\u4e00\u65e6\u8be5\u63d2\u4ef6\u88ab\u7f16\u5199\u51fa\u6765\uff0c\u76f4\u63a5\u4f7f\u7528\u8be5\u63d2\u4ef6\u6216\u5728 Barbican \u540e\u9762\u4f7f\u7528\u8be5\u63d2\u4ef6\u662f\u76f8\u5bf9\u5fae\u4e0d\u8db3\u9053\u7684\u3002 \u76ee\u524d\uff0cVault \u548c Custodia \u63d2\u4ef6\u6b63\u5728\u4e3a Queens \u5468\u671f\u5f00\u53d1\u3002","title":"\u5e38\u89c1\u95ee\u9898\u89e3\u7b54"},{"location":"security/security-guide/#_227","text":"","title":"\u68c0\u67e5\u8868"},{"location":"security/security-guide/#check-key-manager-01-rootbarbican","text":"\u914d\u7f6e\u6587\u4ef6\u5305\u542b\u7ec4\u4ef6\u5e73\u7a33\u8fd0\u884c\u6240\u9700\u7684\u5173\u952e\u53c2\u6570\u548c\u4fe1\u606f\u3002\u5982\u679c\u975e\u7279\u6743\u7528\u6237\u6709\u610f\u6216\u65e0\u610f\u5730\u4fee\u6539\u6216\u5220\u9664\u4efb\u4f55\u53c2\u6570\u6216\u6587\u4ef6\u672c\u8eab\uff0c\u5219\u4f1a\u5bfc\u81f4\u4e25\u91cd\u7684\u53ef\u7528\u6027\u95ee\u9898\uff0c\u4ece\u800c\u5bfc\u81f4\u62d2\u7edd\u5411\u5176\u4ed6\u6700\u7ec8\u7528\u6237\u63d0\u4f9b\u670d\u52a1\u3002\u6b64\u7c7b\u5173\u952e\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a root\uff0c\u7ec4\u6240\u6709\u6743\u5fc5\u987b\u8bbe\u7f6e\u4e3a barbican\u3002\u6b64\u5916\uff0c\u5305\u542b\u76ee\u5f55\u5e94\u5177\u6709\u76f8\u540c\u7684\u6240\u6709\u6743\uff0c\u4ee5\u786e\u4fdd\u6b63\u786e\u62e5\u6709\u65b0\u6587\u4ef6\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%U %G\" /etc/barbican/barbican.conf | egrep \"root barbican\" $ stat -L -c \"%U %G\" /etc/barbican/barbican-api-paste.ini | egrep \"root barbican\" $ stat -L -c \"%U %G\" /etc/barbican/policy.json | egrep \"root barbican\" $ stat -L -c \"%U %G\" /etc/barbican | egrep \"root barbican\" \u901a\u8fc7\uff1a\u5982\u679c\u6240\u6709\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u5206\u522b\u8bbe\u7f6e\u4e3a root \u548c barbican\u3002\u4e0a\u9762\u7684\u547d\u4ee4\u663e\u793a\u4e86 root / barbican \u7684\u8f93\u51fa\u3002 \u5931\u8d25\uff1a\u5982\u679c\u4e0a\u8ff0\u547d\u4ee4\u672a\u8fd4\u56de\u4efb\u4f55\u8f93\u51fa\uff0c\u5219\u7528\u6237\u548c\u7ec4\u6240\u6709\u6743\u53ef\u80fd\u5df2\u8bbe\u7f6e\u4e3a\u9664 root \u4ee5\u5916\u7684\u4efb\u4f55\u7528\u6237\u6216\u9664 barbican \u4ee5\u5916\u7684\u4efb\u4f55\u7ec4\u3002","title":"Check-Key-Manager-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/barbican\uff1f"},{"location":"security/security-guide/#check-key-manager-02","text":"\u4e0e\u524d\u9762\u7684\u68c0\u67e5\u7c7b\u4f3c\uff0c\u6211\u4eec\u5efa\u8bae\u4e3a\u6b64\u7c7b\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e25\u683c\u7684\u8bbf\u95ee\u6743\u9650\u3002 \u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a $ stat -L -c \"%a\" /etc/barbican/barbican.conf $ stat -L -c \"%a\" /etc/barbican/barbican-api-paste.ini $ stat -L -c \"%a\" /etc/barbican/policy.json $ stat -L -c \"%a\" /etc/barbican \u8fd8\u53ef\u4ee5\u8fdb\u884c\u66f4\u5e7f\u6cdb\u7684\u9650\u5236\uff1a\u5982\u679c\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\uff0c\u5219\u4fdd\u8bc1\u6b64\u76ee\u5f55\u4e2d\u65b0\u521b\u5efa\u7684\u6587\u4ef6\u5177\u6709\u6240\u9700\u7684\u6743\u9650\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u6743\u9650\u8bbe\u7f6e\u4e3a 640 \u6216\u66f4\u4e25\u683c\uff0c\u6216\u8005\u5305\u542b\u76ee\u5f55\u8bbe\u7f6e\u4e3a 750\u3002640 \u7684\u6743\u9650\u8f6c\u6362\u4e3a\u6240\u6709\u8005 r/w\u3001\u7ec4 r\uff0c\u800c\u5bf9\u5176\u4ed6\u4eba\u6ca1\u6709\u6743\u9650\uff0c\u4f8b\u5982\u201cu=rw\uff0cg=r\uff0co=\u201d\u3002 \u6ce8\u610f \u4f7f\u7528 Check-Key-Manager-01\uff1a\u914d\u7f6e\u6587\u4ef6\u7684\u6240\u6709\u6743\u662f\u5426\u8bbe\u7f6e\u4e3a root/barbican\uff1f\u6743\u9650\u8bbe\u7f6e\u4e3a 640\uff0croot \u5177\u6709\u8bfb/\u5199\u8bbf\u95ee\u6743\u9650\uff0cBarbican \u5177\u6709\u5bf9\u8fd9\u4e9b\u914d\u7f6e\u6587\u4ef6\u7684\u8bfb\u53d6\u8bbf\u95ee\u6743\u9650\u3002\u4e5f\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u9a8c\u8bc1\u8bbf\u95ee\u6743\u9650\u3002\u4ec5\u5f53\u6b64\u547d\u4ee4\u652f\u6301 ACL \u65f6\uff0c\u5b83\u624d\u5728\u60a8\u7684\u7cfb\u7edf\u4e0a\u53ef\u7528\u3002 $ getfacl --tabular -a /etc/barbican/barbican.conf getfacl: Removing leading '/' from absolute path names # file: etc/barbican/barbican.conf USER root rw- GROUP barbican r-- mask r-- other --- \u5931\u8d25\uff1a\u5982\u679c\u6743\u9650\u8bbe\u7f6e\u5927\u4e8e 640\u3002","title":"Check-Key-Manager-02\uff1a\u662f\u5426\u4e3a\u914d\u7f6e\u6587\u4ef6\u8bbe\u7f6e\u4e86\u4e25\u683c\u7684\u6743\u9650\uff1f"},{"location":"security/security-guide/#check-key-manager-03openstack-identity","text":"OpenStack \u652f\u6301\u5404\u79cd\u8eab\u4efd\u9a8c\u8bc1\u7b56\u7565\uff0c\u5982 noauth \u548c keystone \u3002\u5982\u679c\u4f7f\u7528\u8be5 noauth \u7b56\u7565\uff0c\u5219\u7528\u6237\u65e0\u9700\u4efb\u4f55\u8eab\u4efd\u9a8c\u8bc1\u5373\u53ef\u4e0e OpenStack \u670d\u52a1\u8fdb\u884c\u4ea4\u4e92\u3002\u8fd9\u53ef\u80fd\u662f\u4e00\u4e2a\u6f5c\u5728\u7684\u98ce\u9669\uff0c\u56e0\u4e3a\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u83b7\u5f97\u5bf9 OpenStack \u7ec4\u4ef6\u7684\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002\u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\u6240\u6709\u670d\u52a1\u90fd\u5fc5\u987b\u4f7f\u7528\u5176\u670d\u52a1\u5e10\u6237\u901a\u8fc7 keystone \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002 \u901a\u8fc7\uff1a\u5982\u679c\u53c2\u6570 authtoken \u5217\u5728 \u4e2d\u7684 pipeline:barbican-api-keystone barbican-api-paste.ini \u90e8\u5206\u4e0b\u3002 \u5931\u8d25\uff1a\u5982\u679c \u4e2d\u7684 pipeline:barbican-api-keystone barbican-api-paste.ini \u90e8\u5206\u4e0b\u7f3a\u5c11\u8be5\u53c2\u6570 authtoken \u3002","title":"Check-Key-Manager-03\uff1aOpenStack Identity \u662f\u5426\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\uff1f"},{"location":"security/security-guide/#check-key-manager-04-tls","text":"OpenStack \u7ec4\u4ef6\u4f7f\u7528\u5404\u79cd\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\uff0c\u901a\u4fe1\u53ef\u80fd\u6d89\u53ca\u654f\u611f\u6216\u673a\u5bc6\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u5c1d\u8bd5\u7a83\u542c\u9891\u9053\u4ee5\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u3002\u6240\u6709\u7ec4\u4ef6\u5fc5\u987b\u4f7f\u7528\u5b89\u5168\u901a\u4fe1\u534f\u8bae\u76f8\u4e92\u901a\u4fe1\u3002 \u901a\u8fc7\uff1a\u5982\u679c section in /etc/barbican/barbican.conf \u4e0b\u7684\u53c2\u6570\u503c\u8bbe\u7f6e\u4e3a Identity API \u7aef\u70b9\u5f00\u5934\uff0c https:// \u5e76\u4e14 same /etc/barbican/barbican.conf \u4e2d\u540c\u4e00 [keystone_authtoken] \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri insecure \u503c\u8bbe\u7f6e\u4e3a False \u3002 \u5931\u8d25\uff1a\u5982\u679c in /etc/barbican/barbican.conf \u90e8\u5206\u4e0b\u7684 [keystone_authtoken] \u53c2\u6570 www_authenticate_uri \u503c\u672a\u8bbe\u7f6e\u4e3a\u4ee5 \u5f00\u5934\u7684\u8eab\u4efd API \u7aef\u70b9\uff0c https:// \u6216\u8005\u540c\u4e00 /etc/barbican/barbican.conf \u90e8\u5206\u4e2d\u7684\u53c2\u6570 insecure [keystone_authtoken] \u503c\u8bbe\u7f6e\u4e3a True \u3002","title":"Check-Key-Manager-04\uff1a\u662f\u5426\u542f\u7528\u4e86 TLS \u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff1f"},{"location":"security/security-guide/#_228","text":"\u6d88\u606f\u961f\u5217\u670d\u52a1\u4fc3\u8fdb\u4e86 OpenStack \u4e2d\u7684\u8fdb\u7a0b\u95f4\u901a\u4fe1\u3002OpenStack \u652f\u6301\u4ee5\u4e0b\u6d88\u606f\u961f\u5217\u670d\u52a1\u540e\u7aef\uff1a RabbitMQ Qpid ZeroMQ \u6216 0MQ RabbitMQ \u548c Qpid \u90fd\u662f\u9ad8\u7ea7\u6d88\u606f\u961f\u5217\u534f\u8bae \uff08AMQP\uff09 \u6846\u67b6\uff0c\u5b83\u4eec\u4e3a\u70b9\u5bf9\u70b9\u901a\u4fe1\u63d0\u4f9b\u6d88\u606f\u961f\u5217\u3002\u961f\u5217\u5b9e\u73b0\u901a\u5e38\u90e8\u7f72\u4e3a\u96c6\u4e2d\u5f0f\u6216\u5206\u6563\u5f0f\u961f\u5217\u670d\u52a1\u5668\u6c60\u3002ZeroMQ \u901a\u8fc7 TCP \u5957\u63a5\u5b57\u63d0\u4f9b\u76f4\u63a5\u7684\u70b9\u5bf9\u70b9\u901a\u4fe1\u3002 \u6d88\u606f\u961f\u5217\u6709\u6548\u5730\u4fc3\u8fdb\u4e86\u8de8 OpenStack \u90e8\u7f72\u7684\u547d\u4ee4\u548c\u63a7\u5236\u529f\u80fd\u3002\u4e00\u65e6\u5141\u8bb8\u8bbf\u95ee\u961f\u5217\uff0c\u5c31\u4e0d\u4f1a\u6267\u884c\u8fdb\u4e00\u6b65\u7684\u6388\u6743\u68c0\u67e5\u3002\u53ef\u901a\u8fc7\u961f\u5217\u8bbf\u95ee\u7684\u670d\u52a1\u4f1a\u9a8c\u8bc1\u5b9e\u9645\u6d88\u606f\u8d1f\u8f7d\u4e2d\u7684\u4e0a\u4e0b\u6587\u548c\u4ee4\u724c\u3002\u4f46\u662f\uff0c\u60a8\u5fc5\u987b\u6ce8\u610f\u4ee4\u724c\u7684\u5230\u671f\u65e5\u671f\uff0c\u56e0\u4e3a\u4ee4\u724c\u53ef\u80fd\u53ef\u91cd\u64ad\uff0c\u5e76\u4e14\u53ef\u4ee5\u6388\u6743\u57fa\u7840\u7ed3\u6784\u4e2d\u7684\u5176\u4ed6\u670d\u52a1\u3002 OpenStack \u4e0d\u652f\u6301\u6d88\u606f\u7ea7\u522b\u7684\u5b89\u5168\u6027\uff0c\u4f8b\u5982\u6d88\u606f\u7b7e\u540d\u3002\u56e0\u6b64\uff0c\u60a8\u5fc5\u987b\u5bf9\u6d88\u606f\u4f20\u8f93\u672c\u8eab\u8fdb\u884c\u5b89\u5168\u548c\u8eab\u4efd\u9a8c\u8bc1\u3002\u5bf9\u4e8e\u9ad8\u53ef\u7528\u6027 \uff08HA\uff09 \u914d\u7f6e\uff0c\u60a8\u5fc5\u987b\u6267\u884c\u961f\u5217\u5bf9\u961f\u5217\u7684\u8eab\u4efd\u9a8c\u8bc1\u548c\u52a0\u5bc6\u3002 \u901a\u8fc7 ZeroMQ \u6d88\u606f\u4f20\u9012\uff0cIPC \u5957\u63a5\u5b57\u5728\u5355\u4e2a\u673a\u5668\u4e0a\u4f7f\u7528\u3002\u7531\u4e8e\u8fd9\u4e9b\u5957\u63a5\u5b57\u5bb9\u6613\u53d7\u5230\u653b\u51fb\uff0c\u56e0\u6b64\u8bf7\u786e\u4fdd\u4e91\u8fd0\u8425\u5546\u5df2\u4fdd\u62a4\u5b83\u4eec\u3002 \u6d88\u606f\u5b89\u5168 \u6d88\u606f\u4f20\u8f93\u5b89\u5168 \u961f\u5217\u8eab\u4efd\u9a8c\u8bc1\u548c\u8bbf\u95ee\u63a7\u5236 \u6d88\u606f\u961f\u5217\u8fdb\u7a0b\u9694\u79bb\u548c\u7b56\u7565","title":"\u6d88\u606f\u961f\u5217"},{"location":"security/security-guide/#_229","text":"\u672c\u8282\u8ba8\u8bba OpenStack \u4e2d\u4f7f\u7528\u7684\u4e09\u79cd\u6700\u5e38\u89c1\u7684\u6d88\u606f\u961f\u5217\u89e3\u51b3\u65b9\u6848\u7684\u5b89\u5168\u5f3a\u5316\u65b9\u6cd5\uff1aRabbitMQ\u3001Qpid \u548c ZeroMQ\u3002","title":"\u6d88\u606f\u5b89\u5168"},{"location":"security/security-guide/#_230","text":"\u57fa\u4e8e AMQP \u7684\u89e3\u51b3\u65b9\u6848\uff08Qpid \u548c RabbitMQ\uff09\u652f\u6301\u4f7f\u7528 TLS \u7684\u4f20\u8f93\u7ea7\u5b89\u5168\u6027\u3002ZeroMQ \u6d88\u606f\u4f20\u9012\u672c\u8eab\u4e0d\u652f\u6301 TLS\uff0c\u4f46\u4f7f\u7528\u6807\u8bb0\u7684 IPsec \u6216 CIPSO \u7f51\u7edc\u6807\u7b7e\u53ef\u4ee5\u5b9e\u73b0\u4f20\u8f93\u7ea7\u5b89\u5168\u6027\u3002 \u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\u4e3a\u60a8\u7684\u6d88\u606f\u961f\u5217\u542f\u7528\u4f20\u8f93\u7ea7\u52a0\u5bc6\u3002\u5c06 TLS \u7528\u4e8e\u6d88\u606f\u4f20\u9012\u5ba2\u6237\u7aef\u8fde\u63a5\u53ef\u4ee5\u4fdd\u62a4\u901a\u4fe1\u5728\u4f20\u8f93\u5230\u6d88\u606f\u4f20\u9012\u670d\u52a1\u5668\u7684\u8fc7\u7a0b\u4e2d\u4e0d\u88ab\u7be1\u6539\u548c\u7a83\u542c\u3002\u4ee5\u4e0b\u662f\u6709\u5173\u5982\u4f55\u4e3a\u4e24\u4e2a\u5e38\u7528\u6d88\u606f\u4f20\u9012\u670d\u52a1\u5668 Qpid \u548c RabbitMQ \u914d\u7f6e TLS \u7684\u6307\u5357\u3002\u5728\u914d\u7f6e\u6d88\u606f\u4f20\u9012\u670d\u52a1\u5668\u7528\u4e8e\u9a8c\u8bc1\u5ba2\u6237\u673a\u8fde\u63a5\u7684\u53ef\u4fe1\u8bc1\u4e66\u9881\u53d1\u673a\u6784 \uff08CA\uff09 \u6346\u7ed1\u8f6f\u4ef6\u65f6\uff0c\u5efa\u8bae\u4ec5\u5c06\u5176\u9650\u5236\u4e3a\u7528\u4e8e\u8282\u70b9\u7684 CA\uff0c\u6700\u597d\u662f\u5185\u90e8\u7ba1\u7406\u7684 CA\u3002\u53d7\u4fe1\u4efb\u7684 CA \u6346\u7ed1\u5305\u5c06\u786e\u5b9a\u54ea\u4e9b\u5ba2\u6237\u7aef\u8bc1\u4e66\u5c06\u83b7\u5f97\u6388\u6743\uff0c\u5e76\u901a\u8fc7\u8bbe\u7f6e TLS \u8fde\u63a5\u7684\u5ba2\u6237\u7aef-\u670d\u52a1\u5668\u9a8c\u8bc1\u6b65\u9aa4\u3002\u8bf7\u6ce8\u610f\uff0c\u5728\u5b89\u88c5\u8bc1\u4e66\u548c\u5bc6\u94a5\u6587\u4ef6\u65f6\uff0c\u8bf7\u786e\u4fdd\u6587\u4ef6\u6743\u9650\u53d7\u5230\u9650\u5236\uff0c\u4f8b\u5982\u4f7f\u7528 chmod 0600 \uff0c\u5e76\u4e14\u6240\u6709\u6743\u9650\u5236\u4e3a\u6d88\u606f\u4f20\u9012\u670d\u52a1\u5668\u5b88\u62a4\u7a0b\u5e8f\u7528\u6237\uff0c\u4ee5\u9632\u6b62\u6d88\u606f\u4f20\u9012\u670d\u52a1\u5668\u4e0a\u7684\u5176\u4ed6\u8fdb\u7a0b\u548c\u7528\u6237\u8fdb\u884c\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002","title":"\u6d88\u606f\u4f20\u8f93\u5b89\u5168"},{"location":"security/security-guide/#rabbitmq-ssl","text":"\u5e94\u5c06\u4ee5\u4e0b\u884c\u6dfb\u52a0\u5230\u7cfb\u7edf\u8303\u56f4\u7684 RabbitMQ \u914d\u7f6e\u6587\u4ef6\u4e2d\uff0c\u901a\u5e38 /etc/rabbitmq/rabbitmq.config \uff1a [ {rabbit, [ {tcp_listeners, [] }, {ssl_listeners, [{\"<IP address or hostname of management network interface>\", 5671}] }, {ssl_options, [{cacertfile,\"/etc/ssl/cacert.pem\"}, {certfile,\"/etc/ssl/rabbit-server-cert.pem\"}, {keyfile,\"/etc/ssl/rabbit-server-key.pem\"}, {verify,verify_peer}, {fail_if_no_peer_cert,true}]} ]} ]. \u8bf7\u6ce8\u610f\uff0c\u8be5 tcp_listeners \u9009\u9879\u8bbe\u7f6e\u4e3a [] \u963b\u6b62\u5b83\u4fa6\u542c\u975e SSL \u7aef\u53e3\u3002\u5e94\u5c06\u8be5 ssl_listeners \u9009\u9879\u9650\u5236\u4e3a\u4ec5\u5728\u7ba1\u7406\u7f51\u7edc\u4e0a\u4fa6\u542c\u670d\u52a1\u3002 \u6709\u5173 RabbitMQ SSL \u914d\u7f6e\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\uff1a RabbitMQ \u914d\u7f6e RabbitMQ SSL\u534f\u8bae","title":"RabbitMQ \u670d\u52a1\u5668 SSL \u914d\u7f6e"},{"location":"security/security-guide/#qpid-ssl","text":"Apache \u57fa\u91d1\u4f1a\u4e3a Qpid \u63d0\u4f9b\u4e86\u6d88\u606f\u4f20\u9012\u5b89\u5168\u6307\u5357\u3002\u8bf7\u53c2\u9605\uff1a Apache Qpid SSL","title":"Qpid \u670d\u52a1\u5668 SSL \u914d\u7f6e"},{"location":"security/security-guide/#_231","text":"RabbitMQ \u548c Qpid \u63d0\u4f9b\u8eab\u4efd\u9a8c\u8bc1\u548c\u8bbf\u95ee\u63a7\u5236\u673a\u5236\uff0c\u7528\u4e8e\u63a7\u5236\u5bf9\u961f\u5217\u7684\u8bbf\u95ee\u3002ZeroMQ \u4e0d\u63d0\u4f9b\u6b64\u7c7b\u673a\u5236\u3002 \u7b80\u5355\u8eab\u4efd\u9a8c\u8bc1\u548c\u5b89\u5168\u5c42 \uff08SASL\uff09 \u662f Internet \u534f\u8bae\u4e2d\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\u548c\u6570\u636e\u5b89\u5168\u7684\u6846\u67b6\u3002RabbitMQ \u548c Qpid \u90fd\u63d0\u4f9b SASL \u548c\u5176\u4ed6\u53ef\u63d2\u5165\u7684\u8eab\u4efd\u9a8c\u8bc1\u673a\u5236\uff0c\u800c\u4e0d\u4ec5\u4ec5\u662f\u7b80\u5355\u7684\u7528\u6237\u540d\u548c\u5bc6\u7801\uff0c\u4ece\u800c\u53ef\u4ee5\u63d0\u9ad8\u8eab\u4efd\u9a8c\u8bc1\u5b89\u5168\u6027\u3002\u867d\u7136 RabbitMQ \u652f\u6301 SASL\uff0c\u4f46 OpenStack \u4e2d\u7684\u652f\u6301\u76ee\u524d\u4e0d\u5141\u8bb8\u8bf7\u6c42\u7279\u5b9a\u7684 SASL \u8eab\u4efd\u9a8c\u8bc1\u673a\u5236\u3002OpenStack \u4e2d\u7684 RabbitMQ \u652f\u6301\u5141\u8bb8\u901a\u8fc7\u672a\u52a0\u5bc6\u7684\u8fde\u63a5\u8fdb\u884c\u7528\u6237\u540d\u548c\u5bc6\u7801\u8eab\u4efd\u9a8c\u8bc1\uff0c\u6216\u8005\u5c06\u7528\u6237\u540d\u548c\u5bc6\u7801\u4e0e X.509 \u5ba2\u6237\u7aef\u8bc1\u4e66\u7ed3\u5408\u4f7f\u7528\uff0c\u4ee5\u5efa\u7acb\u5b89\u5168\u7684 TLS \u8fde\u63a5\u3002 \u6211\u4eec\u5efa\u8bae\u5728\u6240\u6709 OpenStack \u670d\u52a1\u8282\u70b9\u4e0a\u914d\u7f6e X.509 \u5ba2\u6237\u7aef\u8bc1\u4e66\uff0c\u4ee5\u4fbf\u5ba2\u6237\u7aef\u8fde\u63a5\u5230\u6d88\u606f\u4f20\u9012\u961f\u5217\uff0c\u5e76\u5728\u53ef\u80fd\u7684\u60c5\u51b5\u4e0b\uff08\u76ee\u524d\u4ec5 Qpid\uff09\u4f7f\u7528 X.509 \u5ba2\u6237\u7aef\u8bc1\u4e66\u6267\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u4f7f\u7528\u7528\u6237\u540d\u548c\u5bc6\u7801\u65f6\uff0c\u5e94\u6309\u670d\u52a1\u548c\u8282\u70b9\u521b\u5efa\u5e10\u6237\uff0c\u4ee5\u4fbf\u5bf9\u961f\u5217\u7684\u8bbf\u95ee\u8fdb\u884c\u66f4\u7cbe\u7ec6\u7684\u53ef\u5ba1\u6838\u6027\u3002 \u5728\u90e8\u7f72\u4e4b\u524d\uff0c\u8bf7\u8003\u8651\u6392\u961f\u670d\u52a1\u5668\u4f7f\u7528\u7684 TLS \u5e93\u3002Qpid \u4f7f\u7528 Mozilla \u7684 NSS \u5e93\uff0c\u800c RabbitMQ \u4f7f\u7528 Erlang \u7684 TLS \u6a21\u5757\uff0c\u8be5\u6a21\u5757\u4f7f\u7528 OpenSSL\u3002","title":"\u961f\u5217\u8ba4\u8bc1\u548c\u8bbf\u95ee\u63a7\u5236"},{"location":"security/security-guide/#rabbitmq","text":"\u5728 RabbitMQ \u670d\u52a1\u5668\u4e0a\uff0c\u5220\u9664\u9ed8\u8ba4 guest \u7528\u6237\uff1a # rabbitmqctl delete_user guest \u5728 RabbitMQ \u670d\u52a1\u5668\u4e0a\uff0c\u5bf9\u4e8e\u4e0e\u6d88\u606f\u961f\u5217\u901a\u4fe1\u7684\u6bcf\u4e2a OpenStack \u670d\u52a1\u6216\u8282\u70b9\uff0c\u8bf7\u8bbe\u7f6e\u7528\u6237\u5e10\u6237\u548c\u6743\u9650\uff1a # rabbitmqctl add_user compute01 RABBIT_PASS # rabbitmqctl set_permissions compute01 \".*\" \".*\" \".*\" \u5c06RABBIT_PASS\u66ff\u6362\u4e3a\u5408\u9002\u7684\u5bc6\u7801\u3002 \u6709\u5173\u5176\u4ed6\u914d\u7f6e\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\uff1a RabbitMQ \u8bbf\u95ee\u63a7\u5236 RabbitMQ \u8eab\u4efd\u9a8c\u8bc1 RabbitMQ \u63d2\u4ef6 RabbitMQ SASL \u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1","title":"\u8eab\u4efd\u9a8c\u8bc1\u914d\u7f6e\u793a\u4f8b\uff1aRabbitMQ"},{"location":"security/security-guide/#openstack-rabbitmq","text":"[DEFAULT] rpc_backend = nova.openstack.common.rpc.impl_kombu rabbit_use_ssl = True rabbit_host = RABBIT_HOST rabbit_port = 5671 rabbit_user = compute01 rabbit_password = RABBIT_PASS kombu_ssl_keyfile = /etc/ssl/node-key.pem kombu_ssl_certfile = /etc/ssl/node-cert.pem kombu_ssl_ca_certs = /etc/ssl/cacert.pem","title":"OpenStack \u670d\u52a1\u914d\u7f6e\uff1aRabbitMQ"},{"location":"security/security-guide/#qpid","text":"\u6709\u5173\u914d\u7f6e\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\uff1a Apache Qpid \u8eab\u4efd\u9a8c\u8bc1 Apache Qpid \u6388\u6743","title":"\u8eab\u4efd\u9a8c\u8bc1\u914d\u7f6e\u793a\u4f8b\uff1aQpid"},{"location":"security/security-guide/#openstack-qpid","text":"[DEFAULT] rpc_backend = nova.openstack.common.rpc.impl_qpid qpid_protocol = ssl qpid_hostname = <IP or hostname of management network interface of messaging server> qpid_port = 5671 qpid_username = compute01 qpid_password = QPID_PASS \uff08\u53ef\u9009\uff09\u5982\u679c\u5c06 SASL \u4e0e Qpid \u4e00\u8d77\u4f7f\u7528\uff0c\u8bf7\u901a\u8fc7\u6dfb\u52a0\u4ee5\u4e0b\u5185\u5bb9\u6765\u6307\u5b9a\u6b63\u5728\u4f7f\u7528\u7684 SASL \u673a\u5236\uff1a qpid_sasl_mechanisms = <space separated list of SASL mechanisms to use for auth>","title":"OpenStack \u670d\u52a1\u914d\u7f6e\uff1aQpid"},{"location":"security/security-guide/#_232","text":"\u6bcf\u4e2a\u9879\u76ee\u90fd\u63d0\u4f9b\u4e86\u8bb8\u591a\u53d1\u9001\u548c\u4f7f\u7528\u6d88\u606f\u7684\u670d\u52a1\u3002\u6bcf\u4e2a\u53d1\u9001\u6d88\u606f\u7684\u4e8c\u8fdb\u5236\u6587\u4ef6\u90fd\u5e94\u8be5\u4f7f\u7528\u961f\u5217\u4e2d\u7684\u6d88\u606f\uff0c\u5982\u679c\u53ea\u662f\u56de\u590d\u7684\u8bdd\u3002 \u6d88\u606f\u961f\u5217\u670d\u52a1\u8fdb\u7a0b\u5e94\u5f7c\u6b64\u9694\u79bb\uff0c\u5e76\u5e94\u4e0e\u8ba1\u7b97\u673a\u4e0a\u7684\u5176\u4ed6\u8fdb\u7a0b\u9694\u79bb\u3002","title":"\u6d88\u606f\u961f\u5217\u8fdb\u7a0b\u9694\u79bb\u548c\u7b56\u7565"},{"location":"security/security-guide/#_233","text":"\u5f3a\u70c8\u5efa\u8bae\u5728 OpenStack Compute Hypervisor \u4e0a\u8fd0\u884c\u7684\u6240\u6709\u670d\u52a1\u4f7f\u7528\u7f51\u7edc\u547d\u540d\u7a7a\u95f4\u3002\u8fd9\u5c06\u6709\u52a9\u4e8e\u9632\u6b62 VM \u6765\u5bbe\u548c\u7ba1\u7406\u7f51\u7edc\u4e4b\u95f4\u7684\u7f51\u7edc\u6d41\u91cf\u6865\u63a5\u3002 \u4f7f\u7528 ZeroMQ \u6d88\u606f\u4f20\u9012\u65f6\uff0c\u6bcf\u4e2a\u4e3b\u673a\u5fc5\u987b\u81f3\u5c11\u8fd0\u884c\u4e00\u4e2a ZeroMQ \u6d88\u606f\u63a5\u6536\u5668\uff0c\u4ee5\u63a5\u6536\u6765\u81ea\u7f51\u7edc\u7684\u6d88\u606f\u5e76\u901a\u8fc7 IPC \u5c06\u6d88\u606f\u8f6c\u53d1\u5230\u672c\u5730\u8fdb\u7a0b\u3002\u5728 IPC \u547d\u540d\u7a7a\u95f4\u4e2d\u4e3a\u6bcf\u4e2a\u9879\u76ee\u8fd0\u884c\u4e00\u4e2a\u72ec\u7acb\u7684\u6d88\u606f\u63a5\u6536\u5668\u662f\u53ef\u80fd\u7684\uff0c\u4e5f\u662f\u53ef\u53d6\u7684\uff0c\u4ee5\u53ca\u540c\u4e00\u9879\u76ee\u4e2d\u7684\u5176\u4ed6\u670d\u52a1\u3002","title":"\u547d\u540d\u7a7a\u95f4"},{"location":"security/security-guide/#_234","text":"\u961f\u5217\u670d\u52a1\u5668\u5e94\u4ec5\u63a5\u53d7\u6765\u81ea\u7ba1\u7406\u7f51\u7edc\u7684\u8fde\u63a5\u3002\u8fd9\u9002\u7528\u4e8e\u6240\u6709\u5b9e\u73b0\u3002\u8fd9\u5e94\u901a\u8fc7\u670d\u52a1\u914d\u7f6e\u6765\u5b9e\u73b0\uff0c\u5e76\u53ef\u9009\u62e9\u901a\u8fc7\u5168\u5c40\u7f51\u7edc\u7b56\u7565\u5f3a\u5236\u5b9e\u65bd\u3002 \u4f7f\u7528 ZeroMQ \u6d88\u606f\u4f20\u9012\u65f6\uff0c\u6bcf\u4e2a\u9879\u76ee\u90fd\u5e94\u5728\u4e13\u7528\u4e8e\u5c5e\u4e8e\u8be5\u9879\u76ee\u7684\u670d\u52a1\u7684\u7aef\u53e3\u4e0a\u8fd0\u884c\u5355\u72ec\u7684 ZeroMQ \u63a5\u6536\u65b9\u8fdb\u7a0b\u3002\u8fd9\u76f8\u5f53\u4e8e AMQP \u7684\u63a7\u5236\u4ea4\u6362\u6982\u5ff5\u3002","title":"\u7f51\u7edc\u7b56\u7565"},{"location":"security/security-guide/#_235","text":"\u4f7f\u7528\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236 \uff08MAC\uff09 \u548c\u81ea\u7531\u8bbf\u95ee\u63a7\u5236 \uff08DAC\uff09 \u5c06\u8fdb\u7a0b\u7684\u914d\u7f6e\u9650\u5236\u4e3a\u4ec5\u8fd9\u4e9b\u8fdb\u7a0b\u3002\u6b64\u9650\u5236\u53ef\u9632\u6b62\u8fd9\u4e9b\u8fdb\u7a0b\u4e0e\u5728\u540c\u4e00\u53f0\u8ba1\u7b97\u673a\u4e0a\u8fd0\u884c\u7684\u5176\u4ed6\u8fdb\u7a0b\u9694\u79bb\u3002","title":"\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236"},{"location":"security/security-guide/#_236","text":"\u6570\u636e\u5904\u7406\u670d\u52a1\uff08sahara\uff09\u63d0\u4f9b\u4e86\u4e00\u4e2a\u5e73\u53f0\uff0c\u7528\u4e8e\u4f7f\u7528Hadoop\u548cSpark\u7b49\u5904\u7406\u6846\u67b6\u6765\u914d\u7f6e\u548c\u7ba1\u7406\u5b9e\u4f8b\u96c6\u7fa4\u3002\u901a\u8fc7 OpenStack Dashboard \u6216 REST API\uff0c\u7528\u6237\u80fd\u591f\u4e0a\u4f20\u548c\u6267\u884c\u6846\u67b6\u5e94\u7528\u7a0b\u5e8f\uff0c\u8fd9\u4e9b\u5e94\u7528\u7a0b\u5e8f\u53ef\u4ee5\u8bbf\u95ee\u5bf9\u8c61\u5b58\u50a8\u6216\u5916\u90e8\u63d0\u4f9b\u7a0b\u5e8f\u4e2d\u7684\u6570\u636e\u3002\u6570\u636e\u5904\u7406\u63a7\u5236\u5668\u4f7f\u7528\u7f16\u6392\u670d\u52a1 \uff08heat\uff09 \u521b\u5efa\u5b9e\u4f8b\u96c6\u7fa4\uff0c\u8fd9\u4e9b\u96c6\u7fa4\u53ef\u4ee5\u4f5c\u4e3a\u957f\u671f\u8fd0\u884c\u7684\u7ec4\u5b58\u5728\uff0c\u8fd9\u4e9b\u7ec4\u53ef\u4ee5\u6839\u636e\u8bf7\u6c42\u8fdb\u884c\u6269\u5c55\u548c\u6536\u7f29\uff0c\u4e5f\u53ef\u4ee5\u4f5c\u4e3a\u4e3a\u5355\u4e2a\u5de5\u4f5c\u8d1f\u8f7d\u521b\u5efa\u7684\u77ac\u6001\u7ec4\u5b58\u5728\u3002 \u6570\u636e\u5904\u7406\u7b80\u4ecb \u67b6\u6784 \u6d89\u53ca\u7684\u6280\u672f \u7528\u6237\u5bf9\u8d44\u6e90\u7684\u8bbf\u95ee\u6743\u9650 \u90e8\u7f72 \u63a7\u5236\u5668\u5bf9\u96c6\u7fa4\u7684\u7f51\u7edc\u8bbf\u95ee \u914d\u7f6e\u548c\u5f3a\u5316 TLS \u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236\u7b56\u7565 \u5b89\u5168\u7ec4 \u4ee3\u7406\u57df \u81ea\u5b9a\u4e49\u7f51\u7edc\u62d3\u6251 \u95f4\u63a5\u8bbf\u95ee \u6839\u5305\u88c5 \u65e5\u5fd7\u8bb0\u5f55 \u53c2\u8003\u4e66\u76ee","title":"\u6570\u636e\u5904\u7406"},{"location":"security/security-guide/#_237","text":"\u6570\u636e\u5904\u7406\u670d\u52a1\u63a7\u5236\u5668\u5c06\u8d1f\u8d23\u521b\u5efa\u3001\u7ef4\u62a4\u548c\u9500\u6bc1\u4e3a\u5176\u96c6\u7fa4\u521b\u5efa\u7684\u4efb\u4f55\u5b9e\u4f8b\u3002\u63a7\u5236\u5668\u5c06\u4f7f\u7528\u7f51\u7edc\u670d\u52a1\u5728\u81ea\u8eab\u548c\u96c6\u7fa4\u5b9e\u4f8b\u4e4b\u95f4\u5efa\u7acb\u7f51\u7edc\u8def\u5f84\u3002\u5b83\u8fd8\u5c06\u7ba1\u7406\u8981\u5728\u96c6\u7fa4\u4e0a\u8fd0\u884c\u7684\u7528\u6237\u5e94\u7528\u7a0b\u5e8f\u7684\u90e8\u7f72\u548c\u751f\u547d\u5468\u671f\u3002\u96c6\u7fa4\u4e2d\u7684\u5b9e\u4f8b\u5305\u542b\u6846\u67b6\u5904\u7406\u5f15\u64ce\u7684\u6838\u5fc3\uff0c\u6570\u636e\u5904\u7406\u670d\u52a1\u63d0\u4f9b\u4e86\u591a\u4e2a\u9009\u9879\u6765\u521b\u5efa\u548c\u7ba1\u7406\u4e0e\u8fd9\u4e9b\u5b9e\u4f8b\u7684\u8fde\u63a5\u3002 \u6570\u636e\u5904\u7406\u8d44\u6e90\uff08\u7fa4\u96c6\u3001\u4f5c\u4e1a\u548c\u6570\u636e\u6e90\uff09\u6309\u8eab\u4efd\u670d\u52a1\u4e2d\u5b9a\u4e49\u7684\u9879\u76ee\u8fdb\u884c\u5206\u9694\u3002\u8fd9\u4e9b\u8d44\u6e90\u5728\u9879\u76ee\u4e2d\u5171\u4eab\uff0c\u4e86\u89e3\u4f7f\u7528\u8be5\u670d\u52a1\u7684\u4eba\u5458\u7684\u8bbf\u95ee\u9700\u6c42\u975e\u5e38\u91cd\u8981\u3002\u901a\u8fc7\u4f7f\u7528\u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236\uff0c\u53ef\u4ee5\u8fdb\u4e00\u6b65\u9650\u5236\u9879\u76ee\u4e2d\u7684\u6d3b\u52a8\uff08\u4f8b\u5982\u542f\u52a8\u96c6\u7fa4\u3001\u4e0a\u4f20\u4f5c\u4e1a\u7b49\uff09\u3002 \u5728\u672c\u7ae0\u4e2d\uff0c\u6211\u4eec\u5c06\u8ba8\u8bba\u5982\u4f55\u8bc4\u4f30\u6570\u636e\u5904\u7406\u7528\u6237\u5bf9\u5176\u5e94\u7528\u7a0b\u5e8f\u3001\u4ed6\u4eec\u4f7f\u7528\u7684\u6570\u636e\u4ee5\u53ca\u4ed6\u4eec\u5728\u9879\u76ee\u4e2d\u7684\u9884\u671f\u529f\u80fd\u7684\u9700\u6c42\u3002\u6211\u4eec\u8fd8\u5c06\u6f14\u793a\u670d\u52a1\u63a7\u5236\u5668\u53ca\u5176\u96c6\u7fa4\u7684\u4e00\u4e9b\u5f3a\u5316\u6280\u672f\uff0c\u5e76\u63d0\u4f9b\u5404\u79cd\u63a7\u5236\u5668\u914d\u7f6e\u548c\u7528\u6237\u7ba1\u7406\u65b9\u6cd5\u7684\u793a\u4f8b\uff0c\u4ee5\u786e\u4fdd\u8db3\u591f\u7684\u5b89\u5168\u548c\u9690\u79c1\u7ea7\u522b\u3002","title":"\u6570\u636e\u5904\u7406\u7b80\u4ecb"},{"location":"security/security-guide/#_238","text":"\u4e0b\u56fe\u663e\u793a\u4e86\u6570\u636e\u5904\u7406\u670d\u52a1\u5982\u4f55\u9002\u5e94\u66f4\u5927\u7684 OpenStack \u751f\u6001\u7cfb\u7edf\u7684\u6982\u5ff5\u89c6\u56fe\u3002 \u6570\u636e\u5904\u7406\u670d\u52a1\u5728\u96c6\u7fa4\u914d\u7f6e\u8fc7\u7a0b\u4e2d\u5927\u91cf\u4f7f\u7528\u8ba1\u7b97\u3001\u7f16\u6392\u3001\u955c\u50cf\u548c\u5757\u5b58\u50a8\u670d\u52a1\u3002\u5b83\u8fd8\u5c06\u4f7f\u7528\u5728\u7fa4\u96c6\u521b\u5efa\u671f\u95f4\u63d0\u4f9b\u7684\u7531\u7f51\u7edc\u670d\u52a1\u521b\u5efa\u7684\u4e00\u4e2a\u6216\u591a\u4e2a\u7f51\u7edc\u6765\u7ba1\u7406\u5b9e\u4f8b\u3002\u5f53\u7528\u6237\u8fd0\u884c\u6846\u67b6\u5e94\u7528\u7a0b\u5e8f\u65f6\uff0c\u63a7\u5236\u5668\u548c\u96c6\u7fa4\u5c06\u8bbf\u95ee\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u3002\u9274\u4e8e\u8fd9\u4e9b\u670d\u52a1\u7528\u6cd5\uff0c\u6211\u4eec\u5efa\u8bae\u6309\u7167\u7cfb\u7edf\u6587\u6863\u4e2d\u6982\u8ff0\u7684\u8bf4\u660e\u5bf9\u5b89\u88c5\u7684\u6240\u6709\u7ec4\u4ef6\u8fdb\u884c\u7f16\u76ee\u3002","title":"\u67b6\u6784"},{"location":"security/security-guide/#_239","text":"\u6570\u636e\u5904\u7406\u670d\u52a1\u8d1f\u8d23\u90e8\u7f72\u548c\u7ba1\u7406\u591a\u4e2a\u5e94\u7528\u7a0b\u5e8f\u3002\u4e3a\u4e86\u5168\u9762\u4e86\u89e3\u6240\u63d0\u4f9b\u7684\u5b89\u5168\u9009\u9879\uff0c\u6211\u4eec\u5efa\u8bae\u64cd\u4f5c\u5458\u5927\u81f4\u719f\u6089\u8fd9\u4e9b\u5e94\u7528\u7a0b\u5e8f\u3002\u7a81\u51fa\u663e\u793a\u7684\u6280\u672f\u5217\u8868\u5206\u4e3a\u4e24\u90e8\u5206\uff1a\u7b2c\u4e00\u90e8\u5206\uff0c\u5bf9\u5b89\u5168\u6027\u5f71\u54cd\u8f83\u5927\u7684\u9ad8\u4f18\u5148\u7ea7\u5e94\u7528\u7a0b\u5e8f\uff0c\u7b2c\u4e8c\u90e8\u5206\uff0c\u652f\u6301\u5f71\u54cd\u8f83\u5c0f\u7684\u5e94\u7528\u7a0b\u5e8f\u3002 \u66f4\u9ad8\u7684\u5f71\u54cd Hadoop Hadoop\u5b89\u5168\u6a21\u5f0f\u6587\u6863 HDFS Spark Spark \u5b89\u5168 Storm Zookeeper \u8f83\u4f4e\u7684\u5f71\u54cd Oozie Hive Pig \u8fd9\u4e9b\u6280\u672f\u6784\u6210\u4e86\u4e0e\u6570\u636e\u5904\u7406\u670d\u52a1\u4e00\u8d77\u90e8\u7f72\u7684\u6846\u67b6\u7684\u6838\u5fc3\u3002\u9664\u4e86\u8fd9\u4e9b\u6280\u672f\u4e4b\u5916\uff0c\u8be5\u670d\u52a1\u8fd8\u5305\u62ec\u7b2c\u4e09\u65b9\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u6346\u7ed1\u6846\u67b6\u3002\u8fd9\u4e9b\u6346\u7ed1\u6846\u67b6\u662f\u4f7f\u7528\u4e0a\u8ff0\u76f8\u540c\u6838\u5fc3\u90e8\u5206\u4ee5\u53ca\u4f9b\u5e94\u5546\u5305\u542b\u7684\u914d\u7f6e\u548c\u5e94\u7528\u7a0b\u5e8f\u6784\u5efa\u7684\u3002\u6709\u5173\u7b2c\u4e09\u65b9\u6846\u67b6\u6346\u7ed1\u5305\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u4ee5\u4e0b\u94fe\u63a5\uff1a Cloudera CDH Hortonworks Data Platform MapR","title":"\u6d89\u53ca\u7684\u6280\u672f"},{"location":"security/security-guide/#_240","text":"\u6570\u636e\u5904\u7406\u670d\u52a1\u7684\u8d44\u6e90\uff08\u96c6\u7fa4\u3001\u4f5c\u4e1a\u548c\u6570\u636e\u6e90\uff09\u5728\u9879\u76ee\u8303\u56f4\u5185\u5171\u4eab\u3002\u5c3d\u7ba1\u5355\u4e2a\u63a7\u5236\u5668\u5b89\u88c5\u53ef\u4ee5\u7ba1\u7406\u591a\u7ec4\u8d44\u6e90\uff0c\u4f46\u8fd9\u4e9b\u8d44\u6e90\u7684\u8303\u56f4\u5c06\u9650\u5b9a\u4e3a\u5355\u4e2a\u9879\u76ee\u3002\u9274\u4e8e\u6b64\u9650\u5236\uff0c\u6211\u4eec\u5efa\u8bae\u5bc6\u5207\u76d1\u89c6\u9879\u76ee\u4e2d\u7684\u7528\u6237\u6210\u5458\u8eab\u4efd\uff0c\u4ee5\u4fdd\u6301\u8d44\u6e90\u7684\u9002\u5f53\u9694\u79bb\u3002 \u7531\u4e8e\u90e8\u7f72\u6b64\u670d\u52a1\u7684\u7ec4\u7ec7\u7684\u5b89\u5168\u8981\u6c42\u4f1a\u6839\u636e\u5176\u7279\u5b9a\u9700\u6c42\u800c\u6709\u6240\u4e0d\u540c\uff0c\u56e0\u6b64\u6211\u4eec\u5efa\u8bae\u8fd0\u8425\u5546\u5c06\u91cd\u70b9\u653e\u5728\u6570\u636e\u9690\u79c1\u3001\u96c6\u7fa4\u7ba1\u7406\u548c\u6700\u7ec8\u7528\u6237\u5e94\u7528\u7a0b\u5e8f\u4e0a\uff0c\u4f5c\u4e3a\u8bc4\u4f30\u7528\u6237\u9700\u6c42\u7684\u8d77\u70b9\u3002\u8fd9\u4e9b\u51b3\u7b56\u5c06\u6709\u52a9\u4e8e\u6307\u5bfc\u914d\u7f6e\u7528\u6237\u5bf9\u670d\u52a1\u7684\u8bbf\u95ee\u7684\u8fc7\u7a0b\u3002\u6709\u5173\u6570\u636e\u9690\u79c1\u7684\u6269\u5c55\u8ba8\u8bba\uff0c\u8bf7\u53c2\u9605\u79df\u6237\u6570\u636e\u9690\u79c1\u3002 \u6570\u636e\u5904\u7406\u5b89\u88c5\u7684\u9ed8\u8ba4\u5047\u8bbe\u662f\u7528\u6237\u5c06\u6709\u6743\u8bbf\u95ee\u5176\u9879\u76ee\u4e2d\u7684\u6240\u6709\u529f\u80fd\u3002\u5982\u679c\u9700\u8981\u66f4\u7cbe\u7ec6\u7684\u63a7\u5236\uff0c\u6570\u636e\u5904\u7406\u670d\u52a1\u4f1a\u63d0\u4f9b\u7b56\u7565\u6587\u4ef6\uff08\u5982\u7b56\u7565\u4e2d\u6240\u8ff0\uff09\u3002\u8fd9\u4e9b\u914d\u7f6e\u5c06\u9ad8\u5ea6\u4f9d\u8d56\u4e8e\u5b89\u88c5\u7ec4\u7ec7\u7684\u9700\u6c42\uff0c\u56e0\u6b64\u6ca1\u6709\u5173\u4e8e\u5176\u4f7f\u7528\u7684\u4e00\u822c\u5efa\u8bae\uff1a\u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236\u7b56\u7565\u3002","title":"\u7528\u6237\u8bbf\u95ee\u8d44\u6e90"},{"location":"security/security-guide/#_241","text":"\u4e0e\u8bb8\u591a\u5176\u4ed6 OpenStack \u670d\u52a1\u4e00\u6837\uff0c\u6570\u636e\u5904\u7406\u670d\u52a1\u88ab\u90e8\u7f72\u4e3a\u5728\u8fde\u63a5\u5230\u5806\u6808\u7684\u4e3b\u673a\u4e0a\u8fd0\u884c\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\u4ece Kilo \u7248\u672c\u5f00\u59cb\uff0c\u5b83\u80fd\u591f\u4ee5\u5206\u5e03\u5f0f\u65b9\u5f0f\u90e8\u7f72\u591a\u4e2a\u5197\u4f59\u63a7\u5236\u5668\u3002\u4e0e\u5176\u4ed6\u670d\u52a1\u4e00\u6837\uff0c\u5b83\u4e5f\u9700\u8981\u4e00\u4e2a\u6570\u636e\u5e93\u6765\u5b58\u50a8\u6709\u5173\u5176\u8d44\u6e90\u7684\u4fe1\u606f\u3002\u8bf7\u53c2\u9605\u6570\u636e\u5e93\u3002\u8bf7\u52a1\u5fc5\u6ce8\u610f\uff0c\u6570\u636e\u5904\u7406\u670d\u52a1\u5c06\u9700\u8981\u7ba1\u7406\u591a\u4e2a\u6807\u8bc6\u670d\u52a1\u4fe1\u4efb\uff0c\u76f4\u63a5\u4e0e\u4e1a\u52a1\u6d41\u7a0b\u548c\u7f51\u7edc\u670d\u52a1\u901a\u4fe1\uff0c\u5e76\u53ef\u80fd\u5728\u4ee3\u7406\u57df\u4e2d\u521b\u5efa\u7528\u6237\u3002\u7531\u4e8e\u8fd9\u4e9b\u539f\u56e0\uff0c\u63a7\u5236\u5668\u5c06\u9700\u8981\u8bbf\u95ee\u63a7\u5236\u5e73\u9762\uff0c\u56e0\u6b64\u6211\u4eec\u5efa\u8bae\u5c06\u5176\u4e0e\u5176\u4ed6\u670d\u52a1\u63a7\u5236\u5668\u4e00\u8d77\u5b89\u88c5\u3002 \u6570\u636e\u5904\u7406\u76f4\u63a5\u4e0e\u591a\u4e2a OpenStack \u670d\u52a1\u4ea4\u4e92\uff1a \u8ba1\u7b97 \u8eab\u4efd\u9a8c\u8bc1 \u8054\u7f51 \u5bf9\u8c61\u5b58\u50a8 \u914d\u5668 \u5757\u5b58\u50a8\uff08\u53ef\u9009\uff09 \u5efa\u8bae\u8bb0\u5f55\u8fd9\u4e9b\u670d\u52a1\u4e0e\u6570\u636e\u5904\u7406\u63a7\u5236\u5668\u4e4b\u95f4\u7684\u6240\u6709\u6570\u636e\u6d41\u548c\u6865\u63a5\u70b9\u3002\u8bf7\u53c2\u9605\u7cfb\u7edf\u6587\u6863\u3002 \u6570\u636e\u5904\u7406\u670d\u52a1\u4f7f\u7528\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u6765\u5b58\u50a8\u4f5c\u4e1a\u4e8c\u8fdb\u5236\u6587\u4ef6\u548c\u6570\u636e\u6e90\u3002\u5e0c\u671b\u8bbf\u95ee\u5b8c\u6574\u6570\u636e\u5904\u7406\u670d\u52a1\u529f\u80fd\u7684\u7528\u6237\u5c06\u9700\u8981\u5728\u4ed6\u4eec\u6b63\u5728\u4f7f\u7528\u7684\u9879\u76ee\u4e2d\u5b58\u50a8\u5bf9\u8c61\u3002 \u7f51\u7edc\u670d\u52a1\u5728\u7fa4\u96c6\u7684\u914d\u7f6e\u4e2d\u8d77\u7740\u91cd\u8981\u4f5c\u7528\u3002\u5728\u9884\u914d\u4e4b\u524d\uff0c\u7528\u6237\u5e94\u4e3a\u7fa4\u96c6\u5b9e\u4f8b\u63d0\u4f9b\u4e00\u4e2a\u6216\u591a\u4e2a\u7f51\u7edc\u3002\u5173\u8054\u7f51\u7edc\u7684\u64cd\u4f5c\u7c7b\u4f3c\u4e8e\u901a\u8fc7\u4eea\u8868\u677f\u542f\u52a8\u5b9e\u4f8b\u65f6\u5206\u914d\u7f51\u7edc\u7684\u8fc7\u7a0b\u3002\u63a7\u5236\u5668\u4f7f\u7528\u8fd9\u4e9b\u7f51\u7edc\u5bf9\u5176\u96c6\u7fa4\u7684\u5b9e\u4f8b\u548c\u6846\u67b6\u8fdb\u884c\u7ba1\u7406\u8bbf\u95ee\u3002 \u53e6\u5916\u503c\u5f97\u6ce8\u610f\u7684\u662f\u8eab\u4efd\u670d\u52a1\u3002\u6570\u636e\u5904\u7406\u670d\u52a1\u7684\u7528\u6237\u9700\u8981\u5728\u5176\u9879\u76ee\u4e2d\u5177\u6709\u9002\u5f53\u7684\u89d2\u8272\uff0c\u4ee5\u5141\u8bb8\u4e3a\u5176\u96c6\u7fa4\u9884\u7f6e\u5b9e\u4f8b\u3002\u4f7f\u7528\u4ee3\u7406\u57df\u914d\u7f6e\u7684\u5b89\u88c5\u9700\u8981\u7279\u522b\u6ce8\u610f\u3002\u8bf7\u53c2\u9605\u4ee3\u7406\u57df\u3002\u5177\u4f53\u800c\u8a00\uff0c\u6570\u636e\u5904\u7406\u670d\u52a1\u5c06\u9700\u8981\u80fd\u591f\u5728\u4ee3\u7406\u57df\u4e2d\u521b\u5efa\u7528\u6237\u3002","title":"\u90e8\u7f72"},{"location":"security/security-guide/#_242","text":"\u6570\u636e\u5904\u7406\u63a7\u5236\u5668\u7684\u4e3b\u8981\u4efb\u52a1\u4e4b\u4e00\u662f\u4e0e\u5176\u751f\u6210\u7684\u5b9e\u4f8b\u8fdb\u884c\u901a\u4fe1\u3002\u8fd9\u4e9b\u5b9e\u4f8b\u662f\u9884\u7f6e\u7684\uff0c\u7136\u540e\u6839\u636e\u6240\u4f7f\u7528\u7684\u6846\u67b6\u8fdb\u884c\u914d\u7f6e\u3002\u63a7\u5236\u5668\u548c\u5b9e\u4f8b\u4e4b\u95f4\u7684\u901a\u4fe1\u4f7f\u7528\u5b89\u5168\u5916\u58f3 \uff08SSH\uff09 \u548c HTTP \u534f\u8bae\u3002 \u5728\u9884\u914d\u96c6\u7fa4\u65f6\uff0c\u5c06\u5728\u7528\u6237\u63d0\u4f9b\u7684\u7f51\u7edc\u4e2d\u4e3a\u6bcf\u4e2a\u5b9e\u4f8b\u63d0\u4f9b\u4e00\u4e2a IP \u5730\u5740\u3002\u7b2c\u4e00\u4e2a\u7f51\u7edc\u901a\u5e38\u79f0\u4e3a\u6570\u636e\u5904\u7406\u7ba1\u7406\u7f51\u7edc\uff0c\u5b9e\u4f8b\u53ef\u4ee5\u4f7f\u7528\u7f51\u7edc\u670d\u52a1\u4e3a\u6b64\u7f51\u7edc\u5206\u914d\u7684\u56fa\u5b9a IP \u5730\u5740\u3002\u63a7\u5236\u5668\u8fd8\u53ef\u4ee5\u914d\u7f6e\u4e3a\u9664\u4e86\u56fa\u5b9a\u5730\u5740\u4e4b\u5916\uff0c\u8fd8\u5bf9\u5b9e\u4f8b\u4f7f\u7528\u6d6e\u52a8 IP \u5730\u5740\u3002\u4e0e\u5b9e\u4f8b\u901a\u4fe1\u65f6\uff0c\u63a7\u5236\u5668\u5c06\u9996\u9009\u6d6e\u52a8\u5730\u5740\uff08\u5982\u679c\u542f\u7528\uff09\u3002 \u5bf9\u4e8e\u56fa\u5b9a\u548c\u6d6e\u52a8 IP \u5730\u5740\u65e0\u6cd5\u63d0\u4f9b\u6240\u9700\u529f\u80fd\u7684\u60c5\u51b5\uff0c\u63a7\u5236\u5668\u53ef\u4ee5\u901a\u8fc7\u4e24\u79cd\u66ff\u4ee3\u65b9\u6cd5\u63d0\u4f9b\u8bbf\u95ee\uff1a\u81ea\u5b9a\u4e49\u7f51\u7edc\u62d3\u6251\u548c\u95f4\u63a5\u8bbf\u95ee\u3002\u81ea\u5b9a\u4e49\u7f51\u7edc\u62d3\u6251\u529f\u80fd\u5141\u8bb8\u63a7\u5236\u5668\u901a\u8fc7\u914d\u7f6e\u6587\u4ef6\u4e2d\u63d0\u4f9b\u7684 shell \u547d\u4ee4\u8bbf\u95ee\u5b9e\u4f8b\u3002\u95f4\u63a5\u8bbf\u95ee\u7528\u4e8e\u6307\u5b9a\u7528\u6237\u5728\u96c6\u7fa4\u7f6e\u5907\u671f\u95f4\u53ef\u7528\u4f5c\u4ee3\u7406\u7f51\u5173\u7684\u5b9e\u4f8b\u3002\u8fd9\u4e9b\u9009\u9879\u901a\u8fc7\u914d\u7f6e\u548c\u5f3a\u5316\u4e2d\u7684\u7528\u6cd5\u793a\u4f8b\u8fdb\u884c\u8ba8\u8bba\u3002","title":"\u63a7\u5236\u5668\u5bf9\u96c6\u7fa4\u7684\u7f51\u7edc\u8bbf\u95ee"},{"location":"security/security-guide/#_243","text":"\u6709\u591a\u4e2a\u914d\u7f6e\u9009\u9879\u548c\u90e8\u7f72\u7b56\u7565\u53ef\u4ee5\u63d0\u9ad8\u6570\u636e\u5904\u7406\u670d\u52a1\u7684\u5b89\u5168\u6027\u3002\u670d\u52a1\u63a7\u5236\u5668\u901a\u8fc7\u4e3b\u914d\u7f6e\u6587\u4ef6\u548c\u4e00\u4e2a\u6216\u591a\u4e2a\u7b56\u7565\u6587\u4ef6\u8fdb\u884c\u914d\u7f6e\u3002\u4f7f\u7528\u6570\u636e\u5c40\u90e8\u6027\u529f\u80fd\u7684\u5b89\u88c5\u8fd8\u5c06\u5177\u6709\u4e24\u4e2a\u9644\u52a0\u6587\u4ef6\uff0c\u7528\u4e8e\u6307\u5b9a\u8ba1\u7b97\u8282\u70b9\u548c\u5bf9\u8c61\u5b58\u50a8\u8282\u70b9\u7684\u7269\u7406\u4f4d\u7f6e\u3002","title":"\u914d\u7f6e\u548c\u5f3a\u5316"},{"location":"security/security-guide/#tls_1","text":"\u4e0e\u8bb8\u591a\u5176\u4ed6 OpenStack \u63a7\u5236\u5668\u4e00\u6837\uff0c\u6570\u636e\u5904\u7406\u670d\u52a1\u63a7\u5236\u5668\u53ef\u4ee5\u914d\u7f6e\u4e3a\u9700\u8981 TLS \u8fde\u63a5\u3002 Pre-Kilo \u7248\u672c\u5c06\u9700\u8981 TLS \u4ee3\u7406\uff0c\u56e0\u4e3a\u63a7\u5236\u5668\u4e0d\u5141\u8bb8\u76f4\u63a5 TLS \u8fde\u63a5\u3002TLS \u4ee3\u7406\u548c HTTP \u670d\u52a1\u4e2d\u4ecb\u7ecd\u4e86\u5982\u4f55\u914d\u7f6e TLS \u4ee3\u7406\uff0c\u6211\u4eec\u5efa\u8bae\u6309\u7167\u5176\u4e2d\u7684\u5efa\u8bae\u521b\u5efa\u6b64\u7c7b\u5b89\u88c5\u3002 \u4ece Kilo \u7248\u672c\u5f00\u59cb\uff0c\u6570\u636e\u5904\u7406\u63a7\u5236\u5668\u5141\u8bb8\u76f4\u63a5 TLS \u8fde\u63a5\uff0c\u6211\u4eec\u5efa\u8bae\u8fd9\u6837\u505a\u3002\u542f\u7528\u6b64\u884c\u4e3a\u9700\u8981\u5bf9\u63a7\u5236\u5668\u914d\u7f6e\u6587\u4ef6\u8fdb\u884c\u4e00\u4e9b\u5c0f\u7684\u8c03\u6574\u3002 \u4f8b\u3002\u914d\u7f6e\u5bf9\u63a7\u5236\u5668\u7684 TLS \u8bbf\u95ee [ssl] ca_file = cafile.pem cert_file = certfile.crt key_file = keyfile.key","title":"TLS\u7cfb\u7edf"},{"location":"security/security-guide/#_244","text":"\u6570\u636e\u5904\u7406\u670d\u52a1\u4f7f\u7528\u7b56\u7565\u6587\u4ef6\uff08\u5982\u7b56\u7565\u4e2d\u6240\u8ff0\uff09\u6765\u914d\u7f6e\u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236\u3002\u4f7f\u7528\u7b56\u7565\u6587\u4ef6\uff0c\u64cd\u4f5c\u5458\u53ef\u4ee5\u9650\u5236\u7ec4\u5bf9\u7279\u5b9a\u6570\u636e\u5904\u7406\u529f\u80fd\u7684\u8bbf\u95ee\u3002 \u6267\u884c\u6b64\u64cd\u4f5c\u7684\u539f\u56e0\u5c06\u6839\u636e\u5b89\u88c5\u7684\u7ec4\u7ec7\u8981\u6c42\u800c\u66f4\u6539\u3002\u901a\u5e38\uff0c\u8fd9\u4e9b\u7ec6\u7c92\u5ea6\u63a7\u4ef6\u7528\u4e8e\u64cd\u4f5c\u5458\u9700\u8981\u9650\u5236\u6570\u636e\u5904\u7406\u670d\u52a1\u8d44\u6e90\u7684\u521b\u5efa\u3001\u5220\u9664\u548c\u68c0\u7d22\u7684\u60c5\u51b5\u3002\u9700\u8981\u9650\u5236\u9879\u76ee\u5185\u8bbf\u95ee\u7684\u64cd\u4f5c\u5458\u5e94\u5145\u5206\u610f\u8bc6\u5230\uff0c\u9700\u8981\u6709\u5176\u4ed6\u65b9\u6cd5\u8ba9\u7528\u6237\u8bbf\u95ee\u670d\u52a1\u7684\u6838\u5fc3\u529f\u80fd\uff08\u4f8b\u5982\uff0c\u914d\u7f6e\u96c6\u7fa4\uff09\u3002 \u4f8b\u3002\u5141\u8bb8\u6240\u6709\u7528\u6237\u4f7f\u7528\u6240\u6709\u65b9\u6cd5\uff08\u9ed8\u8ba4\u7b56\u7565\uff09 { \"default\": \"\" } \u4f8b\u3002\u7981\u6b62\u5bf9\u975e\u7ba1\u7406\u5458\u7528\u6237\u8fdb\u884c\u6620\u50cf\u6ce8\u518c\u8868\u64cd\u4f5c { \"default\": \"\", \"data-processing:images:register\": \"role:admin\", \"data-processing:images:unregister\": \"role:admin\", \"data-processing:images:add_tags\": \"role:admin\", \"data-processing:images:remove_tags\": \"role:admin\" }","title":"\u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236\u7b56\u7565"},{"location":"security/security-guide/#_245","text":"\u6570\u636e\u5904\u7406\u670d\u52a1\u5141\u8bb8\u5c06\u5b89\u5168\u7ec4\u4e0e\u4e3a\u5176\u96c6\u7fa4\u9884\u7f6e\u7684\u5b9e\u4f8b\u76f8\u5173\u8054\u3002\u65e0\u9700\u5176\u4ed6\u914d\u7f6e\uff0c\u8be5\u670d\u52a1\u5c06\u5bf9\u9884\u7f6e\u96c6\u7fa4\u7684\u4efb\u4f55\u9879\u76ee\u4f7f\u7528\u9ed8\u8ba4\u5b89\u5168\u7ec4\u3002\u5982\u679c\u8bf7\u6c42\uff0c\u53ef\u4ee5\u4f7f\u7528\u4e0d\u540c\u7684\u5b89\u5168\u7ec4\uff0c\u6216\u8005\u5b58\u5728\u4e00\u4e2a\u81ea\u52a8\u9009\u9879\uff0c\u8be5\u9009\u9879\u6307\u793a\u670d\u52a1\u6839\u636e\u6240\u8bbf\u95ee\u6846\u67b6\u6307\u5b9a\u7684\u7aef\u53e3\u521b\u5efa\u5b89\u5168\u7ec4\u3002 \u5bf9\u4e8e\u751f\u4ea7\u73af\u5883\uff0c\u6211\u4eec\u5efa\u8bae\u624b\u52a8\u63a7\u5236\u5b89\u5168\u7ec4\uff0c\u5e76\u521b\u5efa\u4e00\u7ec4\u9002\u5408\u5b89\u88c5\u7684\u7ec4\u89c4\u5219\u3002\u901a\u8fc7\u8fd9\u79cd\u65b9\u5f0f\uff0c\u64cd\u4f5c\u5458\u53ef\u4ee5\u786e\u4fdd\u9ed8\u8ba4\u5b89\u5168\u7ec4\u5c06\u5305\u542b\u6240\u6709\u9002\u5f53\u7684\u89c4\u5219\u3002\u6709\u5173\u5b89\u5168\u7ec4\u7684\u6269\u5c55\u8ba8\u8bba\uff0c\u8bf7\u53c2\u9605\u5b89\u5168\u7ec4\u3002","title":"\u5b89\u5168\u7ec4"},{"location":"security/security-guide/#_246","text":"\u5c06\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u4e0e\u6570\u636e\u5904\u7406\u7ed3\u5408\u4f7f\u7528\u65f6\uff0c\u9700\u8981\u6dfb\u52a0\u5b58\u50a8\u8bbf\u95ee\u51ed\u636e\u3002\u4f7f\u7528\u4ee3\u7406\u57df\uff0c\u6570\u636e\u5904\u7406\u670d\u52a1\u53ef\u4ee5\u6539\u7528\u6765\u81ea\u6807\u8bc6\u670d\u52a1\u7684\u59d4\u6d3e\u4fe1\u4efb\uff0c\u4ee5\u5141\u8bb8\u901a\u8fc7\u57df\u4e2d\u521b\u5efa\u7684\u4e34\u65f6\u7528\u6237\u8fdb\u884c\u5b58\u50a8\u8bbf\u95ee\u3002\u8981\u4f7f\u6b64\u59d4\u6d3e\u673a\u5236\u8d77\u4f5c\u7528\uff0c\u5fc5\u987b\u5c06\u6570\u636e\u5904\u7406\u670d\u52a1\u914d\u7f6e\u4e3a\u4f7f\u7528\u4ee3\u7406\u57df\uff0c\u5e76\u4e14\u64cd\u4f5c\u5458\u5fc5\u987b\u4e3a\u4ee3\u7406\u7528\u6237\u914d\u7f6e\u8eab\u4efd\u57df\u3002 \u6570\u636e\u5904\u7406\u63a7\u5236\u5668\u4fdd\u7559\u4e3a\u5bf9\u8c61\u5b58\u50a8\u8bbf\u95ee\u63d0\u4f9b\u7684\u7528\u6237\u540d\u548c\u5bc6\u7801\u7684\u4e34\u65f6\u5b58\u50a8\u3002\u4f7f\u7528\u4ee3\u7406\u57df\u65f6\uff0c\u63a7\u5236\u5668\u5c06\u4e3a\u4ee3\u7406\u7528\u6237\u751f\u6210\u6b64\u5bf9\uff0c\u5e76\u4e14\u6b64\u7528\u6237\u7684\u8bbf\u95ee\u5c06\u4ec5\u9650\u4e8e\u8eab\u4efd\u4fe1\u4efb\u7684\u8bbf\u95ee\u3002\u6211\u4eec\u5efa\u8bae\u5728\u63a7\u5236\u5668\u6216\u5176\u6570\u636e\u5e93\u5177\u6709\u4e0e\u516c\u5171\u7f51\u7edc\u4e4b\u95f4\u7684\u8def\u7531\u7684\u4efb\u4f55\u5b89\u88c5\u4e2d\u4f7f\u7528\u4ee3\u7406\u57df\u3002 \u793a\u4f8b\uff1a\u4e3a\u540d\u4e3a\u201cdp_proxy\u201d\u7684\u4ee3\u7406\u57df\u8fdb\u884c\u914d\u7f6e [DEFAULT] use_domain_for_proxy_users = true proxy_user_domain_name = dp_proxy proxy_user_role_names = Member","title":"\u4ee3\u7406\u57df"},{"location":"security/security-guide/#_247","text":"\u6570\u636e\u5904\u7406\u63a7\u5236\u5668\u53ef\u4ee5\u914d\u7f6e\u4e3a\u4f7f\u7528\u4ee3\u7406\u547d\u4ee4\u6765\u8bbf\u95ee\u5176\u96c6\u7fa4\u5b9e\u4f8b\u3002\u901a\u8fc7\u8fd9\u79cd\u65b9\u5f0f\uff0c\u53ef\u4ee5\u4e3a\u4e0d\u4f7f\u7528\u7f51\u7edc\u670d\u52a1\u76f4\u63a5\u63d0\u4f9b\u7684\u7f51\u7edc\u7684\u5b89\u88c5\u521b\u5efa\u81ea\u5b9a\u4e49\u7f51\u7edc\u62d3\u6251\u3002\u5bf9\u4e8e\u9700\u8981\u9650\u5236\u63a7\u5236\u5668\u548c\u5b9e\u4f8b\u4e4b\u95f4\u8bbf\u95ee\u7684\u5b89\u88c5\uff0c\u6211\u4eec\u5efa\u8bae\u4f7f\u7528\u6b64\u9009\u9879\u3002 \u793a\u4f8b\uff1a\u901a\u8fc7\u6307\u5b9a\u7684\u4e2d\u7ee7\u673a\u8bbf\u95ee\u5b9e\u4f8b [DEFAULT] proxy_command='ssh relay-machine-{tenant_id} nc {host} {port}' \u793a\u4f8b\uff1a\u901a\u8fc7\u81ea\u5b9a\u4e49\u7f51\u7edc\u547d\u540d\u7a7a\u95f4\u8bbf\u95ee\u5b9e\u4f8b [DEFAULT] proxy_command='ip netns exec ns_for_{network_id} nc {host} {port}'","title":"\u81ea\u5b9a\u4e49\u7f51\u7edc\u62d3\u6251"},{"location":"security/security-guide/#_248","text":"\u5bf9\u4e8e\u63a7\u5236\u5668\u5bf9\u96c6\u7fa4\u6240\u6709\u5b9e\u4f8b\u7684\u8bbf\u95ee\u6743\u9650\u6709\u9650\u7684\u5b89\u88c5\uff0c\u7531\u4e8e\u5bf9\u6d6e\u52a8 IP \u5730\u5740\u6216\u5b89\u5168\u89c4\u5219\u7684\u9650\u5236\uff0c\u53ef\u4ee5\u914d\u7f6e\u95f4\u63a5\u8bbf\u95ee\u3002\u8fd9\u5141\u8bb8\u5c06\u67d0\u4e9b\u5b9e\u4f8b\u6307\u5b9a\u4e3a\u96c6\u7fa4\u5176\u4ed6\u5b9e\u4f8b\u7684\u4ee3\u7406\u7f51\u5173\u3002 \u53ea\u6709\u5728\u5b9a\u4e49\u5c06\u6784\u6210\u6570\u636e\u5904\u7406\u96c6\u7fa4\u7684\u8282\u70b9\u7ec4\u6a21\u677f\u65f6\uff0c\u624d\u80fd\u542f\u7528\u6b64\u914d\u7f6e\u3002\u5b83\u4f5c\u4e3a\u8fd0\u884c\u65f6\u9009\u9879\u63d0\u4f9b\uff0c\u53ef\u5728\u7fa4\u96c6\u7f6e\u5907\u8fc7\u7a0b\u4e2d\u542f\u7528\u3002","title":"\u95f4\u63a5\u8bbf\u95ee"},{"location":"security/security-guide/#rootwrap","text":"\u5728\u4e3a\u7f51\u7edc\u8bbf\u95ee\u521b\u5efa\u81ea\u5b9a\u4e49\u62d3\u6251\u65f6\uff0c\u53ef\u80fd\u9700\u8981\u5141\u8bb8\u975e root \u7528\u6237\u8fd0\u884c\u4ee3\u7406\u547d\u4ee4\u3002\u5bf9\u4e8e\u8fd9\u4e9b\u60c5\u51b5\uff0coslo rootwrap \u8f6f\u4ef6\u5305\u7528\u4e8e\u4e3a\u975e root \u7528\u6237\u63d0\u4f9b\u8fd0\u884c\u7279\u6743\u547d\u4ee4\u7684\u5de5\u5177\u3002\u6b64\u914d\u7f6e\u8981\u6c42\u4e0e\u6570\u636e\u5904\u7406\u63a7\u5236\u5668\u5e94\u7528\u7a0b\u5e8f\u5173\u8054\u7684\u7528\u6237\u4f4d\u4e8e sudoers \u5217\u8868\u4e2d\uff0c\u5e76\u5728\u914d\u7f6e\u6587\u4ef6\u4e2d\u542f\u7528\u8be5\u9009\u9879\u3002\u6216\u8005\uff0c\u53ef\u4ee5\u63d0\u4f9b\u5907\u7528 rootwrap \u547d\u4ee4\u3002 \u793a\u4f8b\uff1a\u542f\u7528 rootwrap \u7528\u6cd5\u5e76\u663e\u793a\u9ed8\u8ba4\u547d\u4ee4 [DEFAULT] use_rootwrap=True rootwrap_command=\u2019sudo sahara-rootwrap /etc/sahara/rootwrap.conf\u2019 \u5173\u4e8e rootwrap \u9879\u76ee\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u8003\u5b98\u65b9\u6587\u6863\uff1ahttps://wiki.openstack.org/wiki/Rootwrap","title":"Rootwrap"},{"location":"security/security-guide/#_249","text":"\u76d1\u89c6\u670d\u52a1\u63a7\u5236\u5668\u7684\u8f93\u51fa\u662f\u4e00\u4e2a\u5f3a\u5927\u7684\u53d6\u8bc1\u5de5\u5177\uff0c\u5982\u76d1\u89c6\u548c\u65e5\u5fd7\u8bb0\u5f55\u4e2d\u66f4\u8be6\u7ec6\u5730\u63cf\u8ff0\u7684\u90a3\u6837\u3002\u6570\u636e\u5904\u7406\u670d\u52a1\u63a7\u5236\u5668\u63d0\u4f9b\u4e86\u51e0\u4e2a\u9009\u9879\u6765\u8bbe\u7f6e\u65e5\u5fd7\u8bb0\u5f55\u7684\u4f4d\u7f6e\u548c\u7ea7\u522b\u3002 \u793a\u4f8b\uff1a\u5c06\u65e5\u5fd7\u7ea7\u522b\u8bbe\u7f6e\u4e3a\u9ad8\u4e8e\u8b66\u544a\u5e76\u6307\u5b9a\u8f93\u51fa\u6587\u4ef6\u3002 [DEFAULT] verbose = true log_file = /var/log/data-processing.log","title":"\u65e5\u5fd7"},{"location":"security/security-guide/#_250","text":"OpenStack.org\uff0c\u6b22\u8fce\u6765\u5230Sahara\uff012016.Sahara\u9879\u76ee\u6587\u6863 Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0c\u6b22\u8fce\u6765\u5230 Apache Hadoop\uff012016. Apache Hadoop \u9879\u76ee Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0c\u5b89\u5168\u6a21\u5f0f\u4e0b\u7684 Hadoop\u30022016. Hadoop \u5b89\u5168\u6a21\u5f0f\u6587\u6863 Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0cHDFS \u7528\u6237\u6307\u5357\u30022016. Hadoop HDFS \u6587\u6863 Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0cSpark\u30022016. Spark\u9879\u76ee Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0cSpark Security\u30022016. Spark \u5b89\u5168\u6587\u6863 Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0cApache Storm\u30022016. Storm \u9879\u76ee Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0cApache Zookeeper\u30022016. Zookeeper \u9879\u76ee Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0cApache Oozie Workflow Scheduler for Hadoop\u30022016. Oozie\u9879\u76ee Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0cApache Hive\u30022016. Hive Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0c\u6b22\u8fce\u6765\u5230 Apache Pig\u30022016.Pig Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\uff0cCloudera \u4ea7\u54c1\u6587\u6863\u30022016. Cloudera CDH \u6587\u6863 Hortonworks\uff0cHortonworks\u30022016. Hortonworks \u6570\u636e\u5e73\u53f0\u6587\u6863 MapR Technologies\uff0c\u7528\u4e8e MapR \u878d\u5408\u6570\u636e\u5e73\u53f0\u7684 Apache Hadoop\u30022016. MapR \u9879\u76ee","title":"\u53c2\u8003\u4e66\u76ee"},{"location":"security/security-guide/#_251","text":"\u6570\u636e\u5e93\u670d\u52a1\u5668\u7684\u9009\u62e9\u662f OpenStack \u90e8\u7f72\u5b89\u5168\u6027\u7684\u4e00\u4e2a\u91cd\u8981\u8003\u8651\u56e0\u7d20\u3002\u5728\u51b3\u5b9a\u4f7f\u7528\u6570\u636e\u5e93\u670d\u52a1\u5668\u65f6\uff0c\u5e94\u8003\u8651\u591a\u79cd\u56e0\u7d20\uff0c\u4f46\u5728\u672c\u672c\u4e66\u7684\u8303\u56f4\u5185\uff0c\u5c06\u53ea\u8ba8\u8bba\u5b89\u5168\u6ce8\u610f\u4e8b\u9879\u3002OpenStack \u652f\u6301\u591a\u79cd\u6570\u636e\u5e93\u7c7b\u578b\u3002\u6709\u5173\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u300aOpenStack \u7ba1\u7406\u5458\u6307\u5357\u300b\u3002 \u300a\u5b89\u5168\u6307\u5357\u300b\u76ee\u524d\u4e3b\u8981\u9488\u5bf9 PostgreSQL \u548c MySQL\u3002 \u6570\u636e\u5e93\u540e\u7aef\u6ce8\u610f\u4e8b\u9879 \u6570\u636e\u5e93\u540e\u7aef\u7684\u5b89\u5168\u53c2\u8003 \u6570\u636e\u5e93\u8bbf\u95ee\u63a7\u5236 OpenStack \u6570\u636e\u5e93\u8bbf\u95ee\u6a21\u578b \u6570\u636e\u5e93\u8eab\u4efd\u9a8c\u8bc1\u548c\u8bbf\u95ee\u63a7\u5236 \u8981\u6c42\u7528\u6237\u5e10\u6237\u9700\u8981 SSL \u4f20\u8f93 \u4f7f\u7528 X.509 \u8bc1\u4e66\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1 OpenStack \u670d\u52a1\u6570\u636e\u5e93\u914d\u7f6e Nova-conductor \u6570\u636e\u5e93\u4f20\u8f93\u5b89\u5168\u6027 \u6570\u636e\u5e93\u670d\u52a1\u5668 IP \u5730\u5740\u7ed1\u5b9a \u6570\u636e\u5e93\u4f20\u8f93 MySQL SSL\u914d\u7f6e PostgreSQL SSL \u914d\u7f6e","title":"\u6570\u636e\u5e93"},{"location":"security/security-guide/#_252","text":"PostgreSQL \u5177\u6709\u8bb8\u591a\u7406\u60f3\u7684\u5b89\u5168\u529f\u80fd\uff0c\u4f8b\u5982 Kerberos \u8eab\u4efd\u9a8c\u8bc1\u3001\u5bf9\u8c61\u7ea7\u5b89\u5168\u6027\u548c\u52a0\u5bc6\u652f\u6301\u3002PostgreSQL \u793e\u533a\u5728\u63d0\u4f9b\u53ef\u9760\u7684\u6307\u5bfc\u3001\u6587\u6863\u548c\u5de5\u5177\u4ee5\u4fc3\u8fdb\u79ef\u6781\u7684\u5b89\u5168\u5b9e\u8df5\u65b9\u9762\u505a\u5f97\u5f88\u597d\u3002 MySQL\u62e5\u6709\u5e9e\u5927\u7684\u793e\u533a\uff0c\u88ab\u5e7f\u6cdb\u91c7\u7528\uff0c\u5e76\u63d0\u4f9b\u9ad8\u53ef\u7528\u6027\u9009\u9879\u3002MySQL\u8fd8\u80fd\u591f\u901a\u8fc7\u63d2\u4ef6\u8eab\u4efd\u9a8c\u8bc1\u673a\u5236\u63d0\u4f9b\u589e\u5f3a\u7684\u5ba2\u6237\u7aef\u8eab\u4efd\u9a8c\u8bc1\u3002MySQL\u793e\u533a\u4e2d\u7684\u5206\u53c9\u53d1\u884c\u7248\u63d0\u4f9b\u4e86\u8bb8\u591a\u53ef\u4f9b\u8003\u8651\u7684\u9009\u9879\u3002\u6839\u636e\u5bf9\u5b89\u5168\u6001\u52bf\u7684\u5168\u9762\u8bc4\u4f30\u548c\u4e3a\u7ed9\u5b9a\u53d1\u884c\u7248\u63d0\u4f9b\u7684\u652f\u6301\u7ea7\u522b\uff0c\u9009\u62e9MySQL\u7684\u7279\u5b9a\u5b9e\u73b0\u975e\u5e38\u91cd\u8981\u3002","title":"\u6570\u636e\u5e93\u540e\u7aef\u6ce8\u610f\u4e8b\u9879"},{"location":"security/security-guide/#_253","text":"\u5efa\u8bae\u90e8\u7f72 MySQL \u6216 PostgreSQL \u7684\u7528\u6237\u53c2\u8003\u73b0\u6709\u7684\u5b89\u5168\u6307\u5357\u3002\u4e0b\u9762\u5217\u51fa\u4e86\u4e00\u4e9b\u53c2\u8003\u8d44\u6599\uff1a MySQL\u6570\u636e\u5e93\uff1a OWASP MySQL\u5f3a\u5316 MySQL \u53ef\u63d2\u5165\u8eab\u4efd\u9a8c\u8bc1 MySQL\u4e2d\u7684\u5b89\u5168\u6027 PostgreSQL\u683c\u5f0f\uff1a OWASP PostgreSQL \u5f3a\u5316 PostgreSQL \u6570\u636e\u5e93\u4e2d\u7684\u603b\u4f53\u5b89\u5168\u6027","title":"\u6570\u636e\u5e93\u540e\u7aef\u7684\u5b89\u5168\u53c2\u8003"},{"location":"security/security-guide/#_254","text":"\u6bcf\u4e2a\u6838\u5fc3 OpenStack \u670d\u52a1\uff08\u8ba1\u7b97\u3001\u8eab\u4efd\u3001\u7f51\u7edc\u3001\u5757\u5b58\u50a8\uff09\u90fd\u5c06\u72b6\u6001\u548c\u914d\u7f6e\u4fe1\u606f\u5b58\u50a8\u5728\u6570\u636e\u5e93\u4e2d\u3002\u5728\u672c\u7ae0\u4e2d\uff0c\u6211\u4eec\u5c06\u8ba8\u8bba\u5f53\u524d\u5728OpenStack\u4e2d\u4f7f\u7528\u6570\u636e\u5e93\u7684\u65b9\u5f0f\u3002\u6211\u4eec\u8fd8\u63a2\u8ba8\u4e86\u5b89\u5168\u95ee\u9898\uff0c\u4ee5\u53ca\u6570\u636e\u5e93\u540e\u7aef\u9009\u62e9\u7684\u5b89\u5168\u540e\u679c\u3002","title":"\u6570\u636e\u5e93\u8bbf\u95ee\u63a7\u5236"},{"location":"security/security-guide/#openstack_11","text":"OpenStack \u9879\u76ee\u4e2d\u7684\u6240\u6709\u670d\u52a1\u90fd\u8bbf\u95ee\u5355\u4e2a\u6570\u636e\u5e93\u3002\u76ee\u524d\u6ca1\u6709\u7528\u4e8e\u521b\u5efa\u57fa\u4e8e\u8868\u6216\u884c\u7684\u6570\u636e\u5e93\u8bbf\u95ee\u9650\u5236\u7684\u53c2\u8003\u7b56\u7565\u3002 \u5728OpenStack\u4e2d\uff0c\u6ca1\u6709\u5bf9\u6570\u636e\u5e93\u64cd\u4f5c\u8fdb\u884c\u7cbe\u7ec6\u63a7\u5236\u7684\u4e00\u822c\u89c4\u5b9a\u3002\u8bbf\u95ee\u6743\u9650\u548c\u7279\u6743\u7684\u6388\u4e88\u4ec5\u57fa\u4e8e\u8282\u70b9\u662f\u5426\u6709\u6743\u8bbf\u95ee\u6570\u636e\u5e93\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u6709\u6743\u8bbf\u95ee\u6570\u636e\u5e93\u7684\u8282\u70b9\u53ef\u80fd\u5177\u6709 DROP\u3001INSERT \u6216 UPDATE \u51fd\u6570\u7684\u5b8c\u5168\u6743\u9650\u3002","title":"OpenStack \u6570\u636e\u5e93\u8bbf\u95ee\u6a21\u578b"},{"location":"security/security-guide/#_255","text":"\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u6bcf\u4e2a OpenStack \u670d\u52a1\u53ca\u5176\u8fdb\u7a0b\u90fd\u4f7f\u7528\u4e00\u7ec4\u5171\u4eab\u51ed\u636e\u8bbf\u95ee\u6570\u636e\u5e93\u3002\u8fd9\u4f7f\u5f97\u5ba1\u6838\u6570\u636e\u5e93\u64cd\u4f5c\u548c\u64a4\u6d88\u670d\u52a1\u53ca\u5176\u8fdb\u7a0b\u5bf9\u6570\u636e\u5e93\u7684\u8bbf\u95ee\u6743\u9650\u53d8\u5f97\u7279\u522b\u56f0\u96be\u3002","title":"\u7cbe\u7ec6\u8bbf\u95ee\u63a7\u5236"},{"location":"security/security-guide/#nova-conductor","text":"\u8ba1\u7b97\u8282\u70b9\u662f OpenStack \u4e2d\u6700\u4e0d\u53d7\u4fe1\u4efb\u7684\u670d\u52a1\uff0c\u56e0\u4e3a\u5b83\u4eec\u6258\u7ba1\u79df\u6237\u5b9e\u4f8b\u3002\u5f15\u5165\u8be5 nova-conductor \u670d\u52a1\u4f5c\u4e3a\u6570\u636e\u5e93\u4ee3\u7406\uff0c\u5145\u5f53\u8ba1\u7b97\u8282\u70b9\u548c\u6570\u636e\u5e93\u4e4b\u95f4\u7684\u4e2d\u4ecb\u3002\u6211\u4eec\u5c06\u5728\u672c\u7ae0\u540e\u9762\u8ba8\u8bba\u5176\u540e\u679c\u3002 \u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\uff1a \u6240\u6709\u6570\u636e\u5e93\u901a\u4fe1\u90fd\u4e0e\u7ba1\u7406\u7f51\u7edc\u9694\u79bb \u4f7f\u7528 TLS \u4fdd\u62a4\u901a\u4fe1 \u4e3a\u6bcf\u4e2a OpenStack \u670d\u52a1\u7aef\u70b9\u521b\u5efa\u552f\u4e00\u7684\u6570\u636e\u5e93\u7528\u6237\u5e10\u6237\uff08\u5982\u4e0b\u56fe\u6240\u793a\uff09","title":"Nova-conductor"},{"location":"security/security-guide/#_256","text":"\u8003\u8651\u5230\u8bbf\u95ee\u6570\u636e\u5e93\u7684\u98ce\u9669\uff0c\u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\u4e3a\u6bcf\u4e2a\u9700\u8981\u8bbf\u95ee\u6570\u636e\u5e93\u7684\u8282\u70b9\u521b\u5efa\u552f\u4e00\u7684\u6570\u636e\u5e93\u7528\u6237\u5e10\u6237\u3002\u8fd9\u6837\u505a\u6709\u52a9\u4e8e\u66f4\u597d\u5730\u8fdb\u884c\u5206\u6790\u548c\u5ba1\u6838\uff0c\u4ee5\u786e\u4fdd\u5408\u89c4\u6027\uff0c\u6216\u8005\u5728\u8282\u70b9\u906d\u5230\u5165\u4fb5\u65f6\uff0c\u901a\u8fc7\u5728\u68c0\u6d4b\u5230\u8be5\u8282\u70b9\u65f6\u5220\u9664\u8be5\u8282\u70b9\u5bf9\u6570\u636e\u5e93\u7684\u8bbf\u95ee\u6765\u9694\u79bb\u53d7\u611f\u67d3\u7684\u4e3b\u673a\u3002\u521b\u5efa\u8fd9\u4e9b\u6bcf\u4e2a\u670d\u52a1\u7ec8\u7ed3\u70b9\u6570\u636e\u5e93\u7528\u6237\u5e10\u6237\u65f6\uff0c\u5e94\u6ce8\u610f\u786e\u4fdd\u5c06\u5176\u914d\u7f6e\u4e3a\u9700\u8981 TLS\u3002\u6216\u8005\uff0c\u4e3a\u4e86\u63d0\u9ad8\u5b89\u5168\u6027\uff0c\u5efa\u8bae\u9664\u4e86\u7528\u6237\u540d\u548c\u5bc6\u7801\u5916\uff0c\u8fd8\u4f7f\u7528 X.509 \u8bc1\u4e66\u8eab\u4efd\u9a8c\u8bc1\u6765\u914d\u7f6e\u6570\u636e\u5e93\u5e10\u6237\u3002","title":"\u6570\u636e\u5e93\u8ba4\u8bc1\u548c\u8bbf\u95ee\u63a7\u5236"},{"location":"security/security-guide/#_257","text":"\u5e94\u521b\u5efa\u5e76\u4fdd\u62a4\u4e00\u4e2a\u5355\u72ec\u7684\u6570\u636e\u5e93\u7ba1\u7406\u5458 \uff08DBA\uff09 \u5e10\u6237\uff0c\u8be5\u5e10\u6237\u5177\u6709\u521b\u5efa/\u5220\u9664\u6570\u636e\u5e93\u3001\u521b\u5efa\u7528\u6237\u5e10\u6237\u548c\u66f4\u65b0\u7528\u6237\u6743\u9650\u7684\u5b8c\u5168\u6743\u9650\u3002\u8fd9\u79cd\u7b80\u5355\u7684\u8d23\u4efb\u5206\u79bb\u65b9\u6cd5\u6709\u52a9\u4e8e\u9632\u6b62\u610f\u5916\u914d\u7f6e\u9519\u8bef\uff0c\u964d\u4f4e\u98ce\u9669\u5e76\u7f29\u5c0f\u5371\u5bb3\u8303\u56f4\u3002 \u4e3a OpenStack \u670d\u52a1\u548c\u6bcf\u4e2a\u8282\u70b9\u521b\u5efa\u7684\u6570\u636e\u5e93\u7528\u6237\u5e10\u6237\u7684\u6743\u9650\u5e94\u4ec5\u9650\u4e8e\u4e0e\u8be5\u8282\u70b9\u6240\u5c5e\u7684\u670d\u52a1\u76f8\u5173\u7684\u6570\u636e\u5e93\u3002","title":"\u6743\u9650"},{"location":"security/security-guide/#ssl","text":"","title":"\u8981\u6c42\u7528\u6237\u5e10\u6237\u9700\u8981 SSL \u4f20\u8f93"},{"location":"security/security-guide/#1mysql","text":"GRANT ALL ON dbname.* to 'compute01'@'hostname' IDENTIFIED BY 'NOVA_DBPASS' REQUIRE SSL;","title":"\u914d\u7f6e\u793a\u4f8b #1\uff1a\uff08MySQL\uff09"},{"location":"security/security-guide/#2postgresql","text":"\u5728\u6587\u4ef6\u4e2d pg_hba.conf \uff1a hostssl dbname compute01 hostname md5 \u8bf7\u6ce8\u610f\uff0c\u6b64\u547d\u4ee4\u4ec5\u6dfb\u52a0\u901a\u8fc7 SSL \u8fdb\u884c\u901a\u4fe1\u7684\u529f\u80fd\uff0c\u5e76\u4e14\u662f\u975e\u72ec\u5360\u7684\u3002\u5e94\u7981\u7528\u53ef\u80fd\u5141\u8bb8\u672a\u52a0\u5bc6\u4f20\u8f93\u7684\u5176\u4ed6\u8bbf\u95ee\u65b9\u6cd5\uff0c\u4ee5\u4fbf SSL \u662f\u552f\u4e00\u7684\u8bbf\u95ee\u65b9\u6cd5\u3002 \u8be5 md5 \u53c2\u6570\u5c06\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u5b9a\u4e49\u4e3a\u54c8\u5e0c\u5bc6\u7801\u3002\u6211\u4eec\u5728\u4ee5\u4e0b\u90e8\u5206\u4e2d\u63d0\u4f9b\u4e86\u4e00\u4e2a\u5b89\u5168\u8eab\u4efd\u9a8c\u8bc1\u793a\u4f8b\u3002","title":"\u914d\u7f6e\u793a\u4f8b #2\uff1a\uff08PostgreSQL\uff09"},{"location":"security/security-guide/#openstack_12","text":"\u5982\u679c\u6570\u636e\u5e93\u670d\u52a1\u5668\u914d\u7f6e\u4e3a\u4f7f\u7528 TLS \u4f20\u8f93\uff0c\u5219\u9700\u8981\u6307\u5b9a\u7528\u4e8e SQLAlchemy \u67e5\u8be2\u4e2d\u7684\u521d\u59cb\u8fde\u63a5\u5b57\u7b26\u4e32\u7684\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u4fe1\u606f\u3002","title":"OpenStack \u670d\u52a1\u6570\u636e\u5e93\u914d\u7f6e"},{"location":"security/security-guide/#mysql-sql_connection","text":"sql_connection = mysql://compute01:NOVA_DBPASS@localhost/nova?charset=utf8&ssl_ca=/etc/mysql/cacert.pem","title":"MySQL :sql_connection \u7684\u5b57\u7b26\u4e32\u793a\u4f8b\uff1a"},{"location":"security/security-guide/#x509","text":"\u901a\u8fc7\u8981\u6c42\u4f7f\u7528 X.509 \u5ba2\u6237\u7aef\u8bc1\u4e66\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff0c\u53ef\u4ee5\u589e\u5f3a\u5b89\u5168\u6027\u3002\u4ee5\u8fd9\u79cd\u65b9\u5f0f\u5bf9\u6570\u636e\u5e93\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u53ef\u4ee5\u4e3a\u4e0e\u6570\u636e\u5e93\u5efa\u7acb\u8fde\u63a5\u7684\u5ba2\u6237\u7aef\u63d0\u4f9b\u66f4\u597d\u7684\u8eab\u4efd\u4fdd\u8bc1\uff0c\u5e76\u786e\u4fdd\u901a\u4fe1\u662f\u52a0\u5bc6\u7684\u3002","title":"\u4f7f\u7528 X.509 \u8bc1\u4e66\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1"},{"location":"security/security-guide/#1mysql_1","text":"GRANT ALL on dbname.* to 'compute01'@'hostname' IDENTIFIED BY 'NOVA_DBPASS' REQUIRE SUBJECT '/C=XX/ST=YYY/L=ZZZZ/O=cloudycloud/CN=compute01' AND ISSUER '/C=XX/ST=YYY/L=ZZZZ/O=cloudycloud/CN=cloud-ca';","title":"\u914d\u7f6e\u793a\u4f8b #1\uff1a\uff08MySQL\uff09"},{"location":"security/security-guide/#2postgresql_1","text":"hostssl dbname compute01 hostname cert","title":"\u914d\u7f6e\u793a\u4f8b #2\uff1a\uff08PostgreSQL\uff09"},{"location":"security/security-guide/#openstack_13","text":"\u5982\u679c\u6570\u636e\u5e93\u670d\u52a1\u5668\u914d\u7f6e\u4e3a\u9700\u8981 X.509 \u8bc1\u4e66\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff0c\u5219\u9700\u8981\u4e3a\u6570\u636e\u5e93\u540e\u7aef\u6307\u5b9a\u76f8\u5e94\u7684 SQLAlchemy \u67e5\u8be2\u53c2\u6570\u3002\u8fd9\u4e9b\u53c2\u6570\u6307\u5b9a\u7528\u4e8e\u521d\u59cb\u8fde\u63a5\u5b57\u7b26\u4e32\u7684\u8bc1\u4e66\u3001\u79c1\u94a5\u548c\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u4fe1\u606f\u3002 MySQL \u7684 X.509 \u8bc1\u4e66\u8eab\u4efd\u9a8c\u8bc1 :sql_connection \u5b57\u7b26\u4e32\u793a\u4f8b\uff1a sql_connection = mysql://compute01:NOVA_DBPASS@localhost/nova? charset=utf8&ssl_ca = /etc/mysql/cacert.pem&ssl_cert=/etc/mysql/server-cert.pem&ssl_key=/etc/mysql/server-key.pem","title":"OpenStack \u670d\u52a1\u6570\u636e\u5e93\u914d\u7f6e"},{"location":"security/security-guide/#nova-conductor_1","text":"OpenStack Compute \u63d0\u4f9b\u4e86\u4e00\u4e2a\u79f0\u4e3a nova-conductor \u7684\u5b50\u670d\u52a1\uff0c\u7528\u4e8e\u4ee3\u7406\u6570\u636e\u5e93\u8fde\u63a5\uff0c\u5176\u4e3b\u8981\u76ee\u7684\u662f\u8ba9 nova \u8ba1\u7b97\u8282\u70b9\u4e0e nova-conductor \u8fde\u63a5\u4ee5\u6ee1\u8db3\u6570\u636e\u6301\u4e45\u6027\u9700\u6c42\uff0c\u800c\u4e0d\u662f\u76f4\u63a5\u4e0e\u6570\u636e\u5e93\u901a\u4fe1\u3002 Nova-conductor \u901a\u8fc7 RPC \u63a5\u6536\u8bf7\u6c42\u5e76\u4ee3\u8868\u8c03\u7528\u670d\u52a1\u6267\u884c\u64cd\u4f5c\uff0c\u800c\u65e0\u9700\u6388\u4e88\u5bf9\u6570\u636e\u5e93\u3001\u5176\u8868\u6216\u5176\u4e2d\u6570\u636e\u7684\u7cbe\u7ec6\u8bbf\u95ee\u6743\u9650\u3002Nova-conductor \u5b9e\u8d28\u4e0a\u5c06\u76f4\u63a5\u6570\u636e\u5e93\u8bbf\u95ee\u4ece\u8ba1\u7b97\u8282\u70b9\u4e2d\u62bd\u8c61\u51fa\u6765\u3002 \u8fd9\u79cd\u62bd\u8c61\u7684\u4f18\u70b9\u662f\u5c06\u670d\u52a1\u9650\u5236\u4e3a\u4f7f\u7528\u53c2\u6570\u6267\u884c\u65b9\u6cd5\uff0c\u7c7b\u4f3c\u4e8e\u5b58\u50a8\u8fc7\u7a0b\uff0c\u4ece\u800c\u9632\u6b62\u5927\u91cf\u7cfb\u7edf\u76f4\u63a5\u8bbf\u95ee\u6216\u4fee\u6539\u6570\u636e\u5e93\u6570\u636e\u3002\u8fd9\u662f\u5728\u4e0d\u5728\u6570\u636e\u5e93\u672c\u8eab\u7684\u4e0a\u4e0b\u6587\u6216\u8303\u56f4\u5185\u5b58\u50a8\u6216\u6267\u884c\u8fd9\u4e9b\u8fc7\u7a0b\u7684\u60c5\u51b5\u4e0b\u5b8c\u6210\u7684\uff0c\u8fd9\u662f\u5bf9\u5178\u578b\u5b58\u50a8\u8fc7\u7a0b\u7684\u5e38\u89c1\u6279\u8bc4\u3002 \u9057\u61be\u7684\u662f\uff0c\u6b64\u89e3\u51b3\u65b9\u6848\u4f7f\u66f4\u7ec6\u7c92\u5ea6\u7684\u8bbf\u95ee\u63a7\u5236\u548c\u5ba1\u6838\u6570\u636e\u8bbf\u95ee\u7684\u80fd\u529b\u7684\u4efb\u52a1\u590d\u6742\u5316\u3002\u7531\u4e8e nova-conductor \u670d\u52a1\u901a\u8fc7 RPC \u63a5\u6536\u8bf7\u6c42\uff0c\u56e0\u6b64\u5b83\u7a81\u51fa\u4e86\u63d0\u9ad8\u6d88\u606f\u4f20\u9012\u5b89\u5168\u6027\u7684\u91cd\u8981\u6027\u3002\u4efb\u4f55\u6709\u6743\u8bbf\u95ee\u6d88\u606f\u961f\u5217\u7684\u8282\u70b9\u90fd\u53ef\u4ee5\u6267\u884c nova-conductor \u63d0\u4f9b\u7684\u8fd9\u4e9b\u65b9\u6cd5\uff0c\u5e76\u6709\u6548\u5730\u4fee\u6539\u6570\u636e\u5e93\u3002 \u8bf7\u6ce8\u610f\uff0c\u7531\u4e8e nova-conductor \u4ec5\u9002\u7528\u4e8e OpenStack Compute\uff0c\u56e0\u6b64\u5bf9\u4e8e\u5176\u4ed6 OpenStack \u7ec4\u4ef6\uff08\u5982 Telemetry\uff08\u4e91\u9ad8\u8ba1\uff09\u3001\u7f51\u7edc\u548c\u5757\u5b58\u50a8\uff09\u7684\u8fd0\u884c\uff0c\u53ef\u80fd\u4ecd\u7136\u9700\u8981\u4ece\u8ba1\u7b97\u4e3b\u673a\u76f4\u63a5\u8bbf\u95ee\u6570\u636e\u5e93\u3002 \u82e5\u8981\u7981\u7528 nova-conductor\uff0c\u8bf7\u5c06\u4ee5\u4e0b\u5185\u5bb9\u653e\u5165 nova.conf \u6587\u4ef6\u4e2d\uff08\u5728\u8ba1\u7b97\u4e3b\u673a\u4e0a\uff09\uff1a [conductor] use_local = true","title":"Nova-conductor"},{"location":"security/security-guide/#_258","text":"\u672c\u7ae0\u4ecb\u7ecd\u4e0e\u6570\u636e\u5e93\u670d\u52a1\u5668\u4e4b\u95f4\u7684\u7f51\u7edc\u901a\u4fe1\u76f8\u5173\u7684\u95ee\u9898\u3002\u8fd9\u5305\u62ec IP \u5730\u5740\u7ed1\u5b9a\u548c\u4f7f\u7528 TLS \u52a0\u5bc6\u7f51\u7edc\u6d41\u91cf\u3002","title":"\u6570\u636e\u5e93\u4f20\u8f93\u5b89\u5168\u6027"},{"location":"security/security-guide/#ip","text":"\u82e5\u8981\u9694\u79bb\u670d\u52a1\u548c\u6570\u636e\u5e93\u4e4b\u95f4\u7684\u654f\u611f\u6570\u636e\u5e93\u901a\u4fe1\uff0c\u5f3a\u70c8\u5efa\u8bae\u5c06\u6570\u636e\u5e93\u670d\u52a1\u5668\u914d\u7f6e\u4e3a\u4ec5\u5141\u8bb8\u901a\u8fc7\u9694\u79bb\u7684\u7ba1\u7406\u7f51\u7edc\u4e0e\u6570\u636e\u5e93\u8fdb\u884c\u901a\u4fe1\u3002\u8fd9\u662f\u901a\u8fc7\u9650\u5236\u6570\u636e\u5e93\u670d\u52a1\u5668\u4e3a\u4f20\u5165\u5ba2\u6237\u7aef\u8fde\u63a5\u7ed1\u5b9a\u7f51\u7edc\u5957\u63a5\u5b57\u7684\u63a5\u53e3\u6216 IP \u5730\u5740\u6765\u5b9e\u73b0\u7684\u3002","title":"\u6570\u636e\u5e93\u670d\u52a1\u5668 IP \u5730\u5740\u7ed1\u5b9a"},{"location":"security/security-guide/#mysql","text":"\u5728 my.cnf \uff1a [mysqld] ... bind-address <ip address or hostname of management network interface>","title":"\u9650\u5236 MySQL \u7684\u7ed1\u5b9a\u5730\u5740"},{"location":"security/security-guide/#postgresql","text":"\u5728 postgresql.conf \uff1a listen_addresses = <ip address or hostname of management network interface>","title":"\u9650\u5236 PostgreSQL \u7684\u76d1\u542c\u5730\u5740"},{"location":"security/security-guide/#_259","text":"\u9664\u4e86\u5c06\u6570\u636e\u5e93\u901a\u4fe1\u9650\u5236\u4e3a\u7ba1\u7406\u7f51\u7edc\u5916\uff0c\u6211\u4eec\u8fd8\u5f3a\u70c8\u5efa\u8bae\u4e91\u7ba1\u7406\u5458\u5c06\u5176\u6570\u636e\u5e93\u540e\u7aef\u914d\u7f6e\u4e3a\u9700\u8981 TLS\u3002\u5c06 TLS \u7528\u4e8e\u6570\u636e\u5e93\u5ba2\u6237\u7aef\u8fde\u63a5\u53ef\u4fdd\u62a4\u901a\u4fe1\u4e0d\u88ab\u7be1\u6539\u548c\u7a83\u542c\u3002\u6b63\u5982\u4e0b\u4e00\u8282\u5c06\u8ba8\u8bba\u7684\u90a3\u6837\uff0c\u4f7f\u7528 TLS \u8fd8\u63d0\u4f9b\u4e86\u901a\u8fc7 X.509 \u8bc1\u4e66\uff08\u901a\u5e38\u79f0\u4e3a PKI\uff09\u6267\u884c\u6570\u636e\u5e93\u7528\u6237\u8eab\u4efd\u9a8c\u8bc1\u7684\u6846\u67b6\u3002\u4ee5\u4e0b\u662f\u6709\u5173\u5982\u4f55\u4e3a\u4e24\u4e2a\u6d41\u884c\u7684\u6570\u636e\u5e93\u540e\u7aef MySQL \u548c PostgreSQL \u914d\u7f6e TLS \u7684\u6307\u5357\u3002 \u6ce8\u610f \u5b89\u88c5\u8bc1\u4e66\u548c\u5bc6\u94a5\u6587\u4ef6\u65f6\uff0c\u8bf7\u786e\u4fdd\u6587\u4ef6\u6743\u9650\u53d7\u5230\u9650\u5236\uff0c\u4f8b\u5982 `chmod 0600` \uff0c\u6240\u6709\u6743\u9650\u5236\u4e3a\u6570\u636e\u5e93\u5b88\u62a4\u7a0b\u5e8f\u7528\u6237\uff0c\u4ee5\u9632\u6b62\u6570\u636e\u5e93\u670d\u52a1\u5668\u4e0a\u7684\u5176\u4ed6\u8fdb\u7a0b\u548c\u7528\u6237\u8fdb\u884c\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002","title":"\u6570\u636e\u5e93\u4f20\u8f93"},{"location":"security/security-guide/#mysql-ssl","text":"\u5e94\u5728\u7cfb\u7edf\u8303\u56f4\u7684MySQL\u914d\u7f6e\u6587\u4ef6\u4e2d\u6dfb\u52a0\u4ee5\u4e0b\u884c\uff1a \u5728 my.cnf \uff1a [[mysqld]] ... ssl-ca = /path/to/ssl/cacert.pem ssl-cert = /path/to/ssl/server-cert.pem ssl-key = /path/to/ssl/server-key.pem \uff08\u53ef\u9009\uff09\u5982\u679c\u60a8\u5e0c\u671b\u9650\u5236\u7528\u4e8e\u52a0\u5bc6\u8fde\u63a5\u7684 SSL \u5bc6\u7801\u96c6\u3002\u6709\u5173\u5bc6\u7801\u5217\u8868\u548c\u7528\u4e8e\u6307\u5b9a\u5bc6\u7801\u5b57\u7b26\u4e32\u7684\u8bed\u6cd5\uff0c\u8bf7\u53c2\u9605\u5bc6\u7801\uff1a ssl-cipher = 'cipher:list'","title":"MySQL SSL\u914d\u7f6e"},{"location":"security/security-guide/#postgresql-ssl","text":"\u5e94\u5728\u7cfb\u7edf\u8303\u56f4\u7684 PostgreSQL \u914d\u7f6e\u6587\u4ef6\u4e2d\u6dfb\u52a0\u4ee5\u4e0b\u884c\u3002 postgresql.conf ssl = true \uff08\u53ef\u9009\uff09\u5982\u679c\u60a8\u5e0c\u671b\u9650\u5236\u7528\u4e8e\u52a0\u5bc6\u8fde\u63a5\u7684 SSL \u5bc6\u7801\u96c6\u3002\u6709\u5173\u5bc6\u7801\u5217\u8868\u548c\u7528\u4e8e\u6307\u5b9a\u5bc6\u7801\u5b57\u7b26\u4e32\u7684\u8bed\u6cd5\uff0c\u8bf7\u53c2\u9605\u5bc6\u7801\uff1a ssl-ciphers = 'cipher:list' \u670d\u52a1\u5668\u8bc1\u4e66\u3001\u5bc6\u94a5\u548c\u8bc1\u4e66\u9881\u53d1\u673a\u6784 \uff08CA\uff09 \u6587\u4ef6\u5e94\u653e\u5728\u4ee5\u4e0b\u6587\u4ef6\u7684 $PGDATA \u76ee\u5f55\u4e2d\uff1a $PGDATA/server.crt - \u670d\u52a1\u5668\u8bc1\u4e66 $PGDATA/server.key - \u79c1\u94a5\u5bf9\u5e94\u4e8e server.crt $PGDATA/root.crt - \u53ef\u4fe1\u8bc1\u4e66\u9881\u53d1\u673a\u6784 $PGDATA/root.crl - \u8bc1\u4e66\u64a4\u9500\u5217\u8868","title":"PostgreSQL SSL \u914d\u7f6e"},{"location":"security/security-guide/#_260","text":"OpenStack\u65e8\u5728\u652f\u6301\u591a\u79df\u6237\uff0c\u8fd9\u4e9b\u79df\u6237\u5f88\u53ef\u80fd\u6709\u4e0d\u540c\u7684\u6570\u636e\u8981\u6c42\u3002\u4f5c\u4e3a\u4e91\u6784\u5efa\u8005\u6216\u8fd0\u8425\u5546\uff0c\u60a8\u5fc5\u987b\u786e\u4fdd\u60a8\u7684 OpenStack \u73af\u5883\u80fd\u591f\u89e3\u51b3\u6570\u636e\u9690\u79c1\u95ee\u9898\u548c\u6cd5\u89c4\u3002\u5728\u672c\u7ae0\u4e2d\uff0c\u6211\u4eec\u5c06\u8ba8\u8bba\u4e0e OpenStack \u5b9e\u73b0\u76f8\u5173\u7684\u6570\u636e\u9a7b\u7559\u548c\u5904\u7f6e\u3002 \u6570\u636e\u9690\u79c1\u95ee\u9898 \u6570\u636e\u9a7b\u7559 \u6570\u636e\u5904\u7f6e \u6570\u636e\u52a0\u5bc6 \u5377\u52a0\u5bc6 \u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6 \u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61 \u5757\u5b58\u50a8\u6027\u80fd\u548c\u540e\u7aef \u7f51\u7edc\u6570\u636e \u5bc6\u94a5\u7ba1\u7406 \u53c2\u8003\u4e66\u76ee:","title":"\u79df\u6237\u6570\u636e\u9690\u79c1"},{"location":"security/security-guide/#_261","text":"","title":"\u6570\u636e\u9690\u79c1\u95ee\u9898"},{"location":"security/security-guide/#_262","text":"\u5728\u8fc7\u53bb\u51e0\u5e74\u4e2d\uff0c\u6570\u636e\u7684\u9690\u79c1\u548c\u9694\u79bb\u4e00\u76f4\u88ab\u8ba4\u4e3a\u662f\u91c7\u7528\u4e91\u7684\u4e3b\u8981\u969c\u788d\u3002\u8fc7\u53bb\uff0c\u5bf9\u8c01\u62e5\u6709\u4e91\u4e2d\u6570\u636e\u4ee5\u53ca\u4e91\u8fd0\u8425\u5546\u662f\u5426\u53ef\u4ee5\u6700\u7ec8\u4fe1\u4efb\u8fd9\u4e9b\u6570\u636e\u7684\u4fdd\u7ba1\u4eba\u7684\u62c5\u5fe7\u4e00\u76f4\u662f\u91cd\u5927\u95ee\u9898\u3002 \u8bb8\u591a OpenStack \u670d\u52a1\u7ef4\u62a4\u5c5e\u4e8e\u79df\u6237\u7684\u6570\u636e\u548c\u5143\u6570\u636e\u6216\u53c2\u8003\u79df\u6237\u4fe1\u606f\u3002 \u5b58\u50a8\u5728 OpenStack \u4e91\u4e2d\u7684\u79df\u6237\u6570\u636e\u53ef\u80fd\u5305\u62ec\u4ee5\u4e0b\u9879\u76ee\uff1a \u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61 \u8ba1\u7b97\u5b9e\u4f8b\u4e34\u65f6\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8 \u8ba1\u7b97\u5b9e\u4f8b\u5185\u5b58 \u5757\u5b58\u50a8\u5377\u6570\u636e \u7528\u4e8e\u8ba1\u7b97\u8bbf\u95ee\u7684\u516c\u94a5 \u6620\u50cf\u670d\u52a1\u4e2d\u7684\u865a\u62df\u673a\u6620\u50cf \u8ba1\u7b97\u673a\u5feb\u7167 \u4f20\u9012\u7ed9 OpenStack Compute \u7684\u914d\u7f6e\u9a71\u52a8\u5668\u6269\u5c55\u7684\u6570\u636e OpenStack \u4e91\u5b58\u50a8\u7684\u5143\u6570\u636e\u5305\u62ec\u4ee5\u4e0b\u975e\u8be6\u5c3d\u9879\u76ee\uff1a \u7ec4\u7ec7\u540d\u79f0 \u7528\u6237\u7684\u201c\u771f\u5b9e\u59d3\u540d\u201d \u6b63\u5728\u8fd0\u884c\u7684\u5b9e\u4f8b\u3001\u5b58\u50a8\u6876\u3001\u5bf9\u8c61\u3001\u5377\u548c\u5176\u4ed6\u914d\u989d\u76f8\u5173\u9879\u76ee\u7684\u6570\u91cf\u6216\u5927\u5c0f \u8fd0\u884c\u5b9e\u4f8b\u6216\u5b58\u50a8\u6570\u636e\u7684\u5c0f\u65f6\u6570 \u7528\u6237\u7684 IP \u5730\u5740 \u5185\u90e8\u751f\u6210\u7684\u7528\u4e8e\u8ba1\u7b97\u6620\u50cf\u6346\u7ed1\u7684\u79c1\u94a5","title":"\u6570\u636e\u9a7b\u7559"},{"location":"security/security-guide/#_263","text":"OpenStack\u8fd0\u8425\u5546\u5e94\u52aa\u529b\u63d0\u4f9b\u4e00\u5b9a\u7a0b\u5ea6\u7684\u79df\u6237\u6570\u636e\u5904\u7f6e\u4fdd\u8bc1\u3002\u6700\u4f73\u5b9e\u8df5\u5efa\u8bae\u64cd\u4f5c\u5458\u5728\u5904\u7f6e\u3001\u91ca\u653e\u7ec4\u7ec7\u63a7\u5236\u6216\u91ca\u653e\u4ee5\u4f9b\u91cd\u590d\u4f7f\u7528\u4e4b\u524d\u5bf9\u4e91\u7cfb\u7edf\u4ecb\u8d28\uff08\u6570\u5b57\u548c\u975e\u6570\u5b57\uff09\u8fdb\u884c\u6e05\u7406\u3002\u9274\u4e8e\u4fe1\u606f\u7684\u7279\u5b9a\u5b89\u5168\u57df\u548c\u654f\u611f\u6027\uff0c\u6e05\u7406\u65b9\u6cd5\u5e94\u5b9e\u73b0\u9002\u5f53\u7ea7\u522b\u7684\u5f3a\u5ea6\u548c\u5b8c\u6574\u6027\u3002 \u201c\u6e05\u7406\u8fc7\u7a0b\u4f1a\u4ece\u4ecb\u8d28\u4e2d\u5220\u9664\u4fe1\u606f\uff0c\u56e0\u6b64\u65e0\u6cd5\u68c0\u7d22\u6216\u91cd\u5efa\u4fe1\u606f\u3002\u6e05\u7406\u6280\u672f\uff0c\u5305\u62ec\u6e05\u9664\u3001\u6e05\u9664\u3001\u52a0\u5bc6\u64e6\u9664\u548c\u9500\u6bc1\uff0c\u53ef\u9632\u6b62\u5728\u91cd\u590d\u4f7f\u7528\u6216\u91ca\u653e\u5904\u7f6e\u6b64\u7c7b\u4ecb\u8d28\u65f6\u5411\u672a\u7ecf\u6388\u6743\u7684\u4e2a\u4eba\u62ab\u9732\u4fe1\u606f\u3002NIST \u7279\u522b\u51fa\u7248\u7269 800-53 \u4fee\u8ba2\u7248 4 NIST\u5efa\u8bae\u7684\u5b89\u5168\u63a7\u5236\u63aa\u65bd\u4e2d\u91c7\u7528\u7684\u4e00\u822c\u6570\u636e\u5904\u7f6e\u548c\u6e05\u7406\u6307\u5357\u3002\u4e91\u8fd0\u8425\u5546\u5e94\uff1a \u8ddf\u8e2a\u3001\u8bb0\u5f55\u548c\u9a8c\u8bc1\u4ecb\u8d28\u6e05\u7406\u548c\u5904\u7f6e\u64cd\u4f5c\u3002 \u6d4b\u8bd5\u6e05\u7406\u8bbe\u5907\u548c\u7a0b\u5e8f\u4ee5\u9a8c\u8bc1\u5176\u6027\u80fd\u662f\u5426\u6b63\u5e38\u3002 \u5728\u5c06\u4fbf\u643a\u5f0f\u53ef\u79fb\u52a8\u5b58\u50a8\u8bbe\u5907\u8fde\u63a5\u5230\u4e91\u57fa\u7840\u67b6\u6784\u4e4b\u524d\uff0c\u5148\u5bf9\u5176\u8fdb\u884c\u6e05\u7406\u3002 \u9500\u6bc1\u65e0\u6cd5\u6e05\u7406\u7684\u4e91\u7cfb\u7edf\u4ecb\u8d28\u3002 \u5728 OpenStack \u90e8\u7f72\u4e2d\uff0c\u60a8\u9700\u8981\u89e3\u51b3\u4ee5\u4e0b\u95ee\u9898\uff1a \u5b89\u5168\u6570\u636e\u64e6\u9664 \u5b9e\u4f8b\u5185\u5b58\u6e05\u7406 \u5757\u5b58\u50a8\u5377\u6570\u636e \u8ba1\u7b97\u5b9e\u4f8b\u4e34\u65f6\u5b58\u50a8 \u88f8\u673a\u670d\u52a1\u5668\u6e05\u7406","title":"\u6570\u636e\u5904\u7f6e"},{"location":"security/security-guide/#_264","text":"\u5728OpenStack\u4e2d\uff0c\u67d0\u4e9b\u6570\u636e\u53ef\u80fd\u4f1a\u88ab\u5220\u9664\uff0c\u4f46\u5728\u4e0a\u8ff0NIST\u6807\u51c6\u7684\u4e0a\u4e0b\u6587\u4e2d\u4e0d\u4f1a\u88ab\u5b89\u5168\u5220\u9664\u3002\u8fd9\u901a\u5e38\u9002\u7528\u4e8e\u5b58\u50a8\u5728\u6570\u636e\u5e93\u4e2d\u7684\u5927\u591a\u6570\u6216\u5168\u90e8\u4e0a\u8ff0\u5b9a\u4e49\u7684\u5143\u6570\u636e\u548c\u4fe1\u606f\u3002\u8fd9\u53ef\u4ee5\u901a\u8fc7\u6570\u636e\u5e93\u548c/\u6216\u7cfb\u7edf\u914d\u7f6e\u8fdb\u884c\u81ea\u52a8\u5438\u5c18\u548c\u5b9a\u671f\u53ef\u7528\u7a7a\u95f4\u64e6\u9664\u6765\u4fee\u590d\u3002","title":"\u6570\u636e\u672a\u5b89\u5168\u5220\u9664"},{"location":"security/security-guide/#_265","text":"\u7279\u5b9a\u4e8e\u5404\u79cd\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u7684\u662f\u5b9e\u4f8b\u5185\u5b58\u7684\u5904\u7406\u3002OpenStack Compute \u4e2d\u6ca1\u6709\u5b9a\u4e49\u6b64\u884c\u4e3a\uff0c\u5c3d\u7ba1\u901a\u5e38\u671f\u671b hypervisor \u5728\u5220\u9664\u5b9e\u4f8b\u548c/\u6216\u521b\u5efa\u5b9e\u4f8b\u65f6\u5c3d\u6700\u5927\u52aa\u529b\u6e05\u7406\u5185\u5b58\u3002 Xen \u663e\u5f0f\u5730\u4e3a\u5b9e\u4f8b\u5206\u914d\u4e13\u7528\u5185\u5b58\u533a\u57df\uff0c\u5e76\u5728\u5b9e\u4f8b\uff08\u6216 Xen \u672f\u8bed\u4e2d\u7684\u57df\uff09\u9500\u6bc1\u65f6\u6e05\u7406\u6570\u636e\u3002KVM \u5728\u5f88\u5927\u7a0b\u5ea6\u4e0a\u4f9d\u8d56\u4e8e Linux \u9875\u9762\u7ba1\u7406;KVM \u6587\u6863\u4e2d\u5b9a\u4e49\u4e86\u4e00\u7ec4\u4e0e KVM \u5206\u9875\u76f8\u5173\u7684\u590d\u6742\u89c4\u5219\u3002 \u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u4f7f\u7528 Xen \u5185\u5b58\u6c14\u7403\u529f\u80fd\u53ef\u80fd\u4f1a\u5bfc\u81f4\u4fe1\u606f\u6cc4\u9732\u3002\u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\u907f\u514d\u4f7f\u7528\u6b64\u529f\u80fd\u3002 \u5bf9\u4e8e\u8fd9\u4e9b\u548c\u5176\u4ed6\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\uff0c\u6211\u4eec\u5efa\u8bae\u53c2\u8003\u7279\u5b9a\u4e8e\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u7684\u6587\u6863\u3002","title":"\u5b9e\u4f8b\u5185\u5b58\u6e05\u7406"},{"location":"security/security-guide/#cinder","text":"\u5f3a\u70c8\u5efa\u8bae\u4f7f\u7528 OpenStack \u5377\u52a0\u5bc6\u529f\u80fd\u3002\u4e0b\u9762\u201c\u5377\u52a0\u5bc6\u201d\u4e0b\u7684\u201c\u6570\u636e\u52a0\u5bc6\u201d\u90e8\u5206\u5bf9\u6b64\u8fdb\u884c\u4e86\u8ba8\u8bba\u3002\u4f7f\u7528\u6b64\u529f\u80fd\u65f6\uff0c\u901a\u8fc7\u5b89\u5168\u5730\u5220\u9664\u52a0\u5bc6\u5bc6\u94a5\u6765\u5b8c\u6210\u6570\u636e\u9500\u6bc1\u3002\u6700\u7ec8\u7528\u6237\u53ef\u4ee5\u5728\u521b\u5efa\u5377\u65f6\u9009\u62e9\u6b64\u529f\u80fd\uff0c\u4f46\u8bf7\u6ce8\u610f\uff0c\u7ba1\u7406\u5458\u5fc5\u987b\u5148\u6267\u884c\u5377\u52a0\u5bc6\u529f\u80fd\u7684\u4e00\u6b21\u6027\u8bbe\u7f6e\u3002\u6709\u5173\u6b64\u8bbe\u7f6e\u7684\u8bf4\u660e\uff0c\u8bf7\u53c2\u9605\u201c\u914d\u7f6e\u53c2\u8003\u201d\u7684\u201c\u5757\u5b58\u50a8\u201d\u90e8\u5206\u7684\u201c\u5377\u52a0\u5bc6\u201d\u4e0b\u3002 \u5982\u679c\u4e0d\u4f7f\u7528 OpenStack \u5377\u52a0\u5bc6\u529f\u80fd\uff0c\u90a3\u4e48\u5176\u4ed6\u65b9\u6cd5\u901a\u5e38\u66f4\u96be\u542f\u7528\u3002\u5982\u679c\u4f7f\u7528\u540e\u7aef\u63d2\u4ef6\uff0c\u5219\u53ef\u80fd\u5b58\u5728\u72ec\u7acb\u7684\u52a0\u5bc6\u65b9\u6cd5\u6216\u975e\u6807\u51c6\u8986\u76d6\u89e3\u51b3\u65b9\u6848\u3002OpenStack Block Storage \u7684\u63d2\u4ef6\u5c06\u4ee5\u591a\u79cd\u65b9\u5f0f\u5b58\u50a8\u6570\u636e\u3002\u8bb8\u591a\u63d2\u4ef6\u7279\u5b9a\u4e8e\u4f9b\u5e94\u5546\u6216\u6280\u672f\uff0c\u800c\u5176\u4ed6\u63d2\u4ef6\u5219\u66f4\u591a\u5730\u662f\u56f4\u7ed5\u6587\u4ef6\u7cfb\u7edf\uff08\u5982 LVM \u6216 ZFS\uff09\u7684 DIY \u89e3\u51b3\u65b9\u6848\u3002\u5b89\u5168\u9500\u6bc1\u6570\u636e\u7684\u65b9\u6cd5\u56e0\u63d2\u4ef6\u800c\u5f02\uff0c\u56e0\u4f9b\u5e94\u5546\u7684\u89e3\u51b3\u65b9\u6848\u800c\u5f02\uff0c\u4e5f\u56e0\u6587\u4ef6\u7cfb\u7edf\u800c\u5f02\u3002 \u4e00\u4e9b\u540e\u7aef\uff08\u5982 ZFS\uff09\u5c06\u652f\u6301\u5199\u5165\u65f6\u590d\u5236\uff0c\u4ee5\u9632\u6b62\u6570\u636e\u6cc4\u9732\u3002\u5728\u8fd9\u4e9b\u60c5\u51b5\u4e0b\uff0c\u4ece\u672a\u5199\u5165\u5757\u4e2d\u8bfb\u53d6\u5c06\u59cb\u7ec8\u8fd4\u56de\u96f6\u3002\u5176\u4ed6\u540e\u7aef\uff08\u5982 LVM\uff09\u53ef\u80fd\u672c\u8eab\u4e0d\u652f\u6301\u6b64\u529f\u80fd\uff0c\u56e0\u6b64\u5757\u5b58\u50a8\u63d2\u4ef6\u8d1f\u8d23\u5728\u5c06\u4e4b\u524d\u5199\u5165\u7684\u5757\u4ea4\u7ed9\u7528\u6237\u4e4b\u524d\u8986\u76d6\u5b83\u4eec\u3002\u8bf7\u52a1\u5fc5\u67e5\u770b\u6240\u9009\u5377\u540e\u7aef\u63d0\u4f9b\u54ea\u4e9b\u4fdd\u8bc1\uff0c\u5e76\u67e5\u770b\u54ea\u4e9b\u4e2d\u4ecb\u53ef\u7528\u4e8e\u672a\u63d0\u4f9b\u7684\u4fdd\u8bc1\u3002","title":"Cinder \u5377\u6570\u636e"},{"location":"security/security-guide/#_266","text":"OpenStack \u955c\u50cf\u670d\u52a1\u5177\u6709\u5ef6\u8fdf\u5220\u9664\u529f\u80fd\uff0c\u8be5\u529f\u80fd\u5c06\u5728\u5b9a\u4e49\u7684\u65f6\u95f4\u6bb5\u5185\u7b49\u5f85\u955c\u50cf\u7684\u5220\u9664\u3002\u5982\u679c\u5b58\u5728\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u901a\u8fc7\u7f16\u8f91 etc/glance/glance-api.conf \u6587\u4ef6\u5e76\u5c06 delayed_delete \u9009\u9879\u8bbe\u7f6e\u4e3a False \u6765\u7981\u7528\u6b64\u529f\u80fd\u3002","title":"\u955c\u50cf\u670d\u52a1\u5ef6\u65f6\u5220\u9664\u529f\u80fd"},{"location":"security/security-guide/#_267","text":"OpenStack Compute \u5177\u6709\u8f6f\u5220\u9664\u529f\u80fd\uff0c\u8be5\u529f\u80fd\u4f7f\u88ab\u5220\u9664\u7684\u5b9e\u4f8b\u5728\u5b9a\u4e49\u7684\u65f6\u95f4\u6bb5\u5185\u5904\u4e8e\u8f6f\u5220\u9664\u72b6\u6001\u3002\u5b9e\u4f8b\u53ef\u4ee5\u5728\u6b64\u65f6\u95f4\u6bb5\u5185\u6062\u590d\u3002\u82e5\u8981\u7981\u7528\u8f6f\u5220\u9664\u529f\u80fd\uff0c\u8bf7\u7f16\u8f91 etc/nova/nova.conf \u6587\u4ef6\u5e76\u5c06\u8be5 reclaim_instance_interval \u9009\u9879\u7559\u7a7a\u3002","title":"\u8ba1\u7b97\u8f6f\u5220\u9664\u529f\u80fd"},{"location":"security/security-guide/#_268","text":"\u8bf7\u6ce8\u610f\uff0cOpenStack \u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\u529f\u80fd\u63d0\u4f9b\u4e86\u4e00\u79cd\u6539\u8fdb\u4e34\u65f6\u5b58\u50a8\u9690\u79c1\u548c\u9694\u79bb\u7684\u65b9\u6cd5\uff0c\u65e0\u8bba\u662f\u5728\u4e3b\u52a8\u4f7f\u7528\u671f\u95f4\u8fd8\u662f\u5728\u9500\u6bc1\u6570\u636e\u65f6\u3002\u4e0e\u52a0\u5bc6\u5757\u5b58\u50a8\u4e00\u6837\uff0c\u53ea\u9700\u5220\u9664\u52a0\u5bc6\u5bc6\u94a5\u5373\u53ef\u6709\u6548\u5730\u9500\u6bc1\u6570\u636e\u3002 \u5728\u521b\u5efa\u548c\u9500\u6bc1\u4e34\u65f6\u5b58\u50a8\u65f6\uff0c\u63d0\u4f9b\u6570\u636e\u9690\u79c1\u7684\u66ff\u4ee3\u63aa\u65bd\u5c06\u5728\u4e00\u5b9a\u7a0b\u5ea6\u4e0a\u53d6\u51b3\u4e8e\u6240\u9009\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u548c OpenStack \u8ba1\u7b97\u63d2\u4ef6\u3002 \u7528\u4e8e\u8ba1\u7b97\u7684 libvirt \u63d2\u4ef6\u53ef\u4ee5\u76f4\u63a5\u5728\u6587\u4ef6\u7cfb\u7edf\u4e0a\u6216 LVM \u4e2d\u7ef4\u62a4\u4e34\u65f6\u5b58\u50a8\u3002\u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u901a\u5e38\u4e0d\u4f1a\u5728\u5220\u9664\u6570\u636e\u65f6\u8986\u76d6\u6570\u636e\uff0c\u4f46\u53ef\u4ee5\u4fdd\u8bc1\u4e0d\u4f1a\u5411\u7528\u6237\u63d0\u4f9b\u810f\u76d8\u533a\u3002 \u5f53\u4f7f\u7528 LVM \u652f\u6301\u7684\u57fa\u4e8e\u5757\u7684\u4e34\u65f6\u5b58\u50a8\u65f6\uff0cOpenStack \u8ba1\u7b97\u8f6f\u4ef6\u5fc5\u987b\u5b89\u5168\u5730\u64e6\u9664\u5757\u4ee5\u9632\u6b62\u4fe1\u606f\u6cc4\u9732\u3002\u8fc7\u53bb\u66fe\u5b58\u5728\u4e0e\u4e0d\u5f53\u64e6\u9664\u7684\u4e34\u65f6\u5757\u5b58\u50a8\u8bbe\u5907\u76f8\u5173\u7684\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002 \u6587\u4ef6\u7cfb\u7edf\u5b58\u50a8\u5bf9\u4e8e\u4e34\u65f6\u5757\u5b58\u50a8\u8bbe\u5907\u6765\u8bf4\u662f\u4e00\u79cd\u6bd4 LVM \u66f4\u5b89\u5168\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u56e0\u4e3a\u65e0\u6cd5\u4e3a\u7528\u6237\u63d0\u4f9b\u810f\u76d8\u533a\u3002\u4f46\u662f\uff0c\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u7528\u6237\u6570\u636e\u4e0d\u4f1a\u88ab\u7834\u574f\uff0c\u56e0\u6b64\u5efa\u8bae\u5bf9\u540e\u5907\u6587\u4ef6\u7cfb\u7edf\u8fdb\u884c\u52a0\u5bc6\u3002","title":"\u8ba1\u7b97\u5b9e\u4f8b\u4e34\u65f6\u5b58\u50a8"},{"location":"security/security-guide/#_269","text":"\u7528\u4e8e\u8ba1\u7b97\u7684\u88f8\u673a\u670d\u52a1\u5668\u9a71\u52a8\u7a0b\u5e8f\u6b63\u5728\u5f00\u53d1\u4e2d\uff0c\u6b64\u540e\u5df2\u8f6c\u79fb\u5230\u4e00\u4e2a\u540d\u4e3a ironic \u7684\u5355\u72ec\u9879\u76ee\u4e2d\u3002\u5728\u64b0\u5199\u672c\u6587\u65f6\uff0c\u5177\u6709\u8bbd\u523a\u610f\u5473\u7684\u662f\uff0c\u4f3c\u4e4e\u6ca1\u6709\u89e3\u51b3\u9a7b\u7559\u5728\u7269\u7406\u786c\u4ef6\u4e2d\u7684\u79df\u6237\u6570\u636e\u7684\u6e05\u7406\u95ee\u9898\u3002 \u6b64\u5916\uff0c\u88f8\u673a\u7cfb\u7edf\u7684\u79df\u6237\u53ef\u4ee5\u4fee\u6539\u7cfb\u7edf\u56fa\u4ef6\u3002\u5b89\u5168\u5f15\u5bfc\u4e2d\u6240\u8ff0\u7684 TPM \u6280\u672f\u63d0\u4f9b\u4e86\u4e00\u79cd\u7528\u4e8e\u68c0\u6d4b\u672a\u7ecf\u6388\u6743\u7684\u56fa\u4ef6\u66f4\u6539\u7684\u89e3\u51b3\u65b9\u6848\u3002","title":"\u88f8\u673a\u670d\u52a1\u5668\u6e05\u7406"},{"location":"security/security-guide/#_270","text":"\u8be5\u9009\u9879\u53ef\u4f9b\u5b9e\u65bd\u8005\u52a0\u5bc6\u79df\u6237\u6570\u636e\uff0c\u65e0\u8bba\u8fd9\u4e9b\u6570\u636e\u5b58\u50a8\u5728\u78c1\u76d8\u4e0a\u6216\u901a\u8fc7\u7f51\u7edc\u4f20\u8f93\uff0c\u4f8b\u5982\u4e0b\u9762\u63cf\u8ff0\u7684 OpenStack \u5377\u52a0\u5bc6\u529f\u80fd\u3002\u8fd9\u8d85\u51fa\u4e86\u7528\u6237\u5728\u5c06\u81ea\u5df1\u7684\u6570\u636e\u53d1\u9001\u7ed9\u63d0\u4f9b\u5546\u4e4b\u524d\u52a0\u5bc6\u81ea\u5df1\u7684\u6570\u636e\u7684\u4e00\u822c\u5efa\u8bae\u3002 \u4ee3\u8868\u79df\u6237\u52a0\u5bc6\u6570\u636e\u7684\u91cd\u8981\u6027\u5f88\u5927\u7a0b\u5ea6\u4e0a\u4e0e\u63d0\u4f9b\u5546\u627f\u62c5\u7684\u653b\u51fb\u8005\u53ef\u80fd\u8bbf\u95ee\u79df\u6237\u6570\u636e\u7684\u98ce\u9669\u6709\u5173\u3002\u653f\u5e9c\u53ef\u80fd\u6709\u8981\u6c42\uff0c\u4e5f\u6709\u6bcf\u4e2a\u7b56\u7565\u7684\u8981\u6c42\uff0c\u79c1\u6709\u5408\u540c\uff0c\u751a\u81f3\u4e0e\u516c\u5171\u4e91\u63d0\u4f9b\u5546\u7684\u79c1\u6709\u5408\u540c\u6709\u5173\u7684\u5224\u4f8b\u6cd5\u3002\u5efa\u8bae\u5728\u9009\u62e9\u79df\u6237\u52a0\u5bc6\u7b56\u7565\u4e4b\u524d\u8fdb\u884c\u98ce\u9669\u8bc4\u4f30\u548c\u6cd5\u5f8b\u987e\u95ee\u3002 \u6309\u5b9e\u4f8b\u6216\u6309\u5bf9\u8c61\u52a0\u5bc6\u6bd4\u6309\u9879\u76ee\u3001\u6309\u79df\u6237\u3001\u6309\u4e3b\u673a\u548c\u6309\u4e91\u805a\u5408\u964d\u5e8f\u8fdb\u884c\u52a0\u5bc6\u66f4\u53ef\u53d6\u3002\u8fd9\u9879\u5efa\u8bae\u4e0e\u5b9e\u65bd\u7684\u590d\u6742\u6027\u548c\u96be\u5ea6\u76f8\u53cd\u3002\u76ee\u524d\uff0c\u5728\u67d0\u4e9b\u9879\u76ee\u4e2d\uff0c\u5f88\u96be\u6216\u4e0d\u53ef\u80fd\u5b9e\u73b0\u50cf\u6bcf\u4e2a\u79df\u6237\u4e00\u6837\u677e\u6563\u7684\u52a0\u5bc6\u3002\u6211\u4eec\u5efa\u8bae\u5b9e\u73b0\u8005\u5c3d\u6700\u5927\u52aa\u529b\u52a0\u5bc6\u79df\u6237\u6570\u636e\u3002 \u901a\u5e38\uff0c\u6570\u636e\u52a0\u5bc6\u4e0e\u53ef\u9760\u5730\u9500\u6bc1\u79df\u6237\u548c\u6bcf\u4e2a\u5b9e\u4f8b\u6570\u636e\u7684\u80fd\u529b\u5448\u6b63\u76f8\u5173\uff0c\u53ea\u9700\u4e22\u5f03\u5bc6\u94a5\u5373\u53ef\u3002\u5e94\u8be5\u6307\u51fa\u7684\u662f\uff0c\u5728\u8fd9\u6837\u505a\u65f6\uff0c\u4ee5\u53ef\u9760\u548c\u5b89\u5168\u7684\u65b9\u5f0f\u9500\u6bc1\u8fd9\u4e9b\u5bc6\u94a5\u53d8\u5f97\u975e\u5e38\u91cd\u8981\u3002 Opportunities to encrypt data for users are present: \u5b58\u5728\u4e3a\u7528\u6237\u52a0\u5bc6\u6570\u636e\u7684\u673a\u4f1a\uff1a \u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61 \u7f51\u7edc\u6570\u636e","title":"\u6570\u636e\u52a0\u5bc6"},{"location":"security/security-guide/#_271","text":"OpenStack \u4e2d\u7684\u5377\u52a0\u5bc6\u529f\u80fd\u652f\u6301\u57fa\u4e8e\u6bcf\u4e2a\u79df\u6237\u7684\u9690\u79c1\u4fdd\u62a4\u3002\u4ece Kilo \u7248\u672c\u5f00\u59cb\uff0c\u652f\u6301\u4ee5\u4e0b\u529f\u80fd\uff1a \u521b\u5efa\u548c\u4f7f\u7528\u52a0\u5bc6\u5377\u7c7b\u578b\uff0c\u901a\u8fc7\u4eea\u8868\u677f\u6216\u547d\u4ee4\u884c\u754c\u9762\u542f\u52a8 \u542f\u7528\u52a0\u5bc6\u5e76\u9009\u62e9\u52a0\u5bc6\u7b97\u6cd5\u548c\u5bc6\u94a5\u5927\u5c0f\u7b49\u53c2\u6570 iSCSI \u6570\u636e\u5305\u4e2d\u5305\u542b\u7684\u5377\u6570\u636e\u5df2\u52a0\u5bc6 \u5982\u679c\u539f\u59cb\u5377\u5df2\u52a0\u5bc6\uff0c\u5219\u652f\u6301\u52a0\u5bc6\u5907\u4efd \u4eea\u8868\u677f\u6307\u793a\u5377\u52a0\u5bc6\u72b6\u6001\u3002\u5305\u62ec\u5377\u5df2\u52a0\u5bc6\u7684\u6307\u793a\uff0c\u5e76\u5305\u62ec\u7b97\u6cd5\u548c\u5bc6\u94a5\u5927\u5c0f\u7b49\u52a0\u5bc6\u53c2\u6570 \u901a\u8fc7\u5b89\u5168\u5305\u88c5\u5668\u4e0e\u5bc6\u94a5\u7ba1\u7406\u670d\u52a1\u4ea4\u4e92 \u540e\u7aef\u5bc6\u94a5\u5b58\u50a8\u652f\u6301\u5377\u52a0\u5bc6\uff0c\u4ee5\u589e\u5f3a\u5b89\u5168\u6027\uff08\u4f8b\u5982\uff0c\u786c\u4ef6\u5b89\u5168\u6a21\u5757 \uff08HSM\uff09 \u6216 KMIP \u670d\u52a1\u5668\u53ef\u7528\u4f5c barbican \u540e\u7aef\u5bc6\u94a5\u5b58\u50a8\uff09","title":"\u5377\u52a0\u5bc6"},{"location":"security/security-guide/#_272","text":"\u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\u529f\u80fd\u53ef\u89e3\u51b3\u6570\u636e\u9690\u79c1\u95ee\u9898\u3002\u4e34\u65f6\u78c1\u76d8\u662f\u865a\u62df\u4e3b\u673a\u64cd\u4f5c\u7cfb\u7edf\u4f7f\u7528\u7684\u4e34\u65f6\u5de5\u4f5c\u7a7a\u95f4\u3002\u5982\u679c\u4e0d\u52a0\u5bc6\uff0c\u53ef\u4ee5\u5728\u6b64\u78c1\u76d8\u4e0a\u8bbf\u95ee\u654f\u611f\u7684\u7528\u6237\u4fe1\u606f\uff0c\u5e76\u4e14\u5728\u5378\u8f7d\u78c1\u76d8\u540e\u53ef\u80fd\u4f1a\u4fdd\u7559\u6b8b\u7559\u4fe1\u606f\u3002\u4ece Kilo \u7248\u672c\u5f00\u59cb\uff0c\u652f\u6301\u4ee5\u4e0b\u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\u529f\u80fd\uff1a \u521b\u5efa\u548c\u4f7f\u7528\u52a0\u5bc6\u7684 LVM \u4e34\u65f6\u78c1\u76d8\uff08\u6ce8\u610f\uff1a\u76ee\u524d OpenStack \u8ba1\u7b97\u670d\u52a1\u4ec5\u652f\u6301 LVM \u683c\u5f0f\u7684\u52a0\u5bc6\u4e34\u65f6\u78c1\u76d8\uff09 \u8ba1\u7b97\u914d\u7f6e \uff0c nova.conf \u5728\u201c[ephemeral_storage_encryption]\u201d\u90e8\u5206\u4e2d\u5177\u6709\u4ee5\u4e0b\u9ed8\u8ba4\u53c2\u6570 \u9009\u9879\uff1a\u201c\u5bc6\u7801 = AES-XTS-plain64\u201d \u6b64\u5b57\u6bb5\u8bbe\u7f6e\u7528\u4e8e\u52a0\u5bc6\u4e34\u65f6\u5b58\u50a8\u7684\u5bc6\u7801\u548c\u6a21\u5f0f\u3002NIST\u5efa\u8bae\u5c06AES-XTS\u4e13\u95e8\u7528\u4e8e\u78c1\u76d8\u5b58\u50a8\uff0c\u8be5\u540d\u79f0\u662f\u4f7f\u7528XTS\u52a0\u5bc6\u6a21\u5f0f\u7684AES\u52a0\u5bc6\u7684\u7b80\u5199\u3002\u53ef\u7528\u7684\u5bc6\u7801\u53d6\u51b3\u4e8e\u5185\u6838\u652f\u6301\u3002\u5728\u547d\u4ee4\u884c\u4e2d\uff0c\u8f93\u5165\u201ccryptsetup benchmark\u201d\u4ee5\u786e\u5b9a\u53ef\u7528\u9009\u9879\uff08\u5e76\u67e5\u770b\u57fa\u51c6\u6d4b\u8bd5\u7ed3\u679c\uff09\uff0c\u6216\u8f6c\u5230 /proc/crypto \u9009\u9879\uff1a 'enabled = false' \u8981\u4f7f\u7528\u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\uff0c\u8bf7\u8bbe\u7f6e\u9009\u9879\uff1a\u201cenabled = true\u201d \u9009\u9879\uff1a\u201ckey_size = 512\u201d \u8bf7\u6ce8\u610f\uff0c\u540e\u7aef\u5bc6\u94a5\u7ba1\u7406\u5668\u53ef\u80fd\u5b58\u5728\u5bc6\u94a5\u5927\u5c0f\u9650\u5236\uff0c\u53ef\u80fd\u9700\u8981\u4f7f\u7528\u201ckey_size = 256\u201d\uff0c\u8fd9\u4ec5\u63d0\u4f9b 128 \u4f4d\u7684 AES \u5bc6\u94a5\u5927\u5c0f\u3002\u9664\u4e86 AES \u6240\u9700\u7684\u52a0\u5bc6\u5bc6\u94a5\u5916\uff0cXTS \u8fd8\u9700\u8981\u81ea\u5df1\u7684\u201c\u8c03\u6574\u5bc6\u94a5\u201d\u3002\u8fd9\u901a\u5e38\u8868\u793a\u4e3a\u5355\u4e2a\u5927\u952e\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u4f7f\u7528 512 \u4f4d\u8bbe\u7f6e\uff0cAES \u5c06\u4f7f\u7528 256 \u4f4d\uff0cXTS \u5c06\u4f7f\u7528 256 \u4f4d\u3002\uff08\u89c1NIST\uff09 \u901a\u8fc7\u5b89\u5168\u5305\u88c5\u5668\u4e0e\u5bc6\u94a5\u7ba1\u7406\u670d\u52a1\u4ea4\u4e92 \u5bc6\u94a5\u7ba1\u7406\u670d\u52a1\u5c06\u901a\u8fc7\u4e3a\u6bcf\u4e2a\u79df\u6237\u63d0\u4f9b\u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\u5bc6\u94a5\u6765\u652f\u6301\u6570\u636e\u9694\u79bb \u540e\u7aef\u5bc6\u94a5\u5b58\u50a8\u652f\u6301\u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\uff0c\u4ee5\u589e\u5f3a\u5b89\u5168\u6027\uff08\u4f8b\u5982\uff0cHSM \u6216 KMIP \u670d\u52a1\u5668\u53ef\u7528\u4f5c barbican \u540e\u7aef\u5bc6\u94a5\u5b58\u50a8\uff09 \u4f7f\u7528\u5bc6\u94a5\u7ba1\u7406\u670d\u52a1\u65f6\uff0c\u5f53\u4e0d\u518d\u9700\u8981\u4e34\u65f6\u78c1\u76d8\u65f6\uff0c\u53ea\u9700\u5220\u9664\u5bc6\u94a5\u5373\u53ef\u53d6\u4ee3\u8986\u76d6\u4e34\u65f6\u78c1\u76d8\u5b58\u50a8\u533a\u57df","title":"\u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6"},{"location":"security/security-guide/#_273","text":"\u5bf9\u8c61\u5b58\u50a8 \uff08swift\uff09 \u652f\u6301\u5bf9\u5b58\u50a8\u8282\u70b9\u4e0a\u7684\u9759\u6001\u5bf9\u8c61\u6570\u636e\u8fdb\u884c\u53ef\u9009\u52a0\u5bc6\u3002\u5bf9\u8c61\u6570\u636e\u7684\u52a0\u5bc6\u65e8\u5728\u964d\u4f4e\u5728\u672a\u7ecf\u6388\u6743\u7684\u4e00\u65b9\u83b7\u5f97\u5bf9\u78c1\u76d8\u7684\u7269\u7406\u8bbf\u95ee\u6743\u9650\u65f6\u8bfb\u53d6\u7528\u6237\u6570\u636e\u7684\u98ce\u9669\u3002 \u9759\u6001\u6570\u636e\u52a0\u5bc6\u7531\u4e2d\u95f4\u4ef6\u5b9e\u73b0\uff0c\u4e2d\u95f4\u4ef6\u53ef\u80fd\u5305\u542b\u5728\u4ee3\u7406\u670d\u52a1\u5668 WSGI \u7ba1\u9053\u4e2d\u3002\u8be5\u529f\u80fd\u662f swift \u96c6\u7fa4\u5185\u90e8\u7684\uff0c\u4e0d\u901a\u8fc7 API \u516c\u5f00\u3002\u5ba2\u6237\u7aef\u4e0d\u77e5\u9053 swift \u670d\u52a1\u5185\u90e8\u7684\u6b64\u529f\u80fd\u5bf9\u6570\u636e\u8fdb\u884c\u4e86\u52a0\u5bc6;\u5185\u90e8\u52a0\u5bc6\u7684\u6570\u636e\u4e0d\u5e94\u901a\u8fc7 swift API \u8fd4\u56de\u7ed9\u5ba2\u6237\u7aef\u3002 \u4ee5\u4e0b\u6570\u636e\u5728 swift \u4e2d\u9759\u6001\u65f6\u88ab\u52a0\u5bc6\uff1a \u5bf9\u8c61\u5185\u5bb9\u3002\u4f8b\u5982\uff0c\u5bf9\u8c61 PUT \u8bf7\u6c42\u6b63\u6587\u7684\u5185\u5bb9 \u5177\u6709\u975e\u96f6\u5185\u5bb9\u7684\u5bf9\u8c61\u7684\u5b9e\u4f53\u6807\u8bb0 \uff08ETag\uff09 \u6240\u6709\u81ea\u5b9a\u4e49\u7528\u6237\u5bf9\u8c61\u5143\u6570\u636e\u503c\u3002\u4f8b\u5982\uff0c\u4f7f\u7528 X-Object-Meta- \u5e26\u6709 PUT \u6216 POST \u8bf7\u6c42\u7684\u524d\u7f00\u6807\u5934\u53d1\u9001\u7684\u5143\u6570\u636e \u4e0a\u8ff0\u5217\u8868\u4e2d\u672a\u5305\u542b\u7684\u4efb\u4f55\u6570\u636e\u6216\u5143\u6570\u636e\u5747\u672a\u52a0\u5bc6\uff0c\u5305\u62ec\uff1a \u5e10\u6237\u3001\u5bb9\u5668\u548c\u5bf9\u8c61\u540d\u79f0 \u5e10\u6237\u548c\u5bb9\u5668\u81ea\u5b9a\u4e49\u7528\u6237\u5143\u6570\u636e\u503c \u6240\u6709\u81ea\u5b9a\u4e49\u7528\u6237\u5143\u6570\u636e\u540d\u79f0 \u5bf9\u8c61\u5185\u5bb9\u7c7b\u578b\u503c \u5bf9\u8c61\u5927\u5c0f \u7cfb\u7edf\u5143\u6570\u636e \u6709\u5173\u5bf9\u8c61\u5b58\u50a8\u52a0\u5bc6\u7684\u90e8\u7f72\u3001\u64cd\u4f5c\u6216\u5b9e\u65bd\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u6709\u5173\u5bf9\u8c61\u52a0\u5bc6\u7684 swift \u5f00\u53d1\u4eba\u5458\u6587\u6863\u3002","title":"\u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61"},{"location":"security/security-guide/#_274","text":"\u542f\u7528\u64cd\u4f5c\u7cfb\u7edf\u65f6\uff0c\u53ef\u4ee5\u4f7f\u7528 Intel \u548c AMD \u5904\u7406\u5668\u4e2d\u5f53\u524d\u53ef\u7528\u7684\u786c\u4ef6\u52a0\u901f\u529f\u80fd\u6765\u589e\u5f3a OpenStack Volume Encryption \u6027\u80fd\u3002OpenStack \u5377\u52a0\u5bc6\u529f\u80fd\u548c OpenStack \u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\u529f\u80fd\u90fd\u7528\u4e8e dm-crypt \u4fdd\u62a4\u5377\u6570\u636e\u3002 dm-crypt \u662f Linux \u5185\u6838\u7248\u672c 2.6 \u53ca\u66f4\u9ad8\u7248\u672c\u4e2d\u7684\u900f\u660e\u78c1\u76d8\u52a0\u5bc6\u529f\u80fd\u3002\u542f\u7528\u5377\u52a0\u5bc6\u540e\uff0c\u52a0\u5bc6\u6570\u636e\u5c06\u901a\u8fc7 iSCSI \u53d1\u9001\u5230\u5757\u5b58\u50a8\uff0c\u4ece\u800c\u540c\u65f6\u4fdd\u62a4\u4f20\u8f93\u4e2d\u7684\u6570\u636e\u548c\u9759\u6001\u6570\u636e\u3002\u4f7f\u7528\u786c\u4ef6\u52a0\u901f\u65f6\uff0c\u8fd9\u4e24\u79cd\u52a0\u5bc6\u529f\u80fd\u5bf9\u6027\u80fd\u7684\u5f71\u54cd\u90fd\u4f1a\u964d\u5230\u6700\u4f4e\u3002 \u867d\u7136\u6211\u4eec\u5efa\u8bae\u4f7f\u7528 OpenStack \u5377\u52a0\u5bc6\u529f\u80fd\uff0c\u4f46\u5757\u5b58\u50a8\u652f\u6301\u591a\u79cd\u66ff\u4ee3\u540e\u7aef\u6765\u63d0\u4f9b\u53ef\u6302\u8f7d\u5377\uff0c\u5176\u4e2d\u4e00\u4e9b\u8fd8\u53ef\u80fd\u63d0\u4f9b\u5377\u52a0\u5bc6\u3002\u7531\u4e8e\u540e\u7aef\u5982\u6b64\u4e4b\u591a\uff0c\u5e76\u4e14\u5fc5\u987b\u4ece\u6bcf\u4e2a\u4f9b\u5e94\u5546\u5904\u83b7\u53d6\u4fe1\u606f\uff0c\u56e0\u6b64\u6307\u5b9a\u5728\u4efb\u4f55\u4e00\u4e2a\u4f9b\u5e94\u5546\u4e2d\u5b9e\u65bd\u52a0\u5bc6\u7684\u5efa\u8bae\u8d85\u51fa\u4e86\u672c\u6307\u5357\u7684\u8303\u56f4\u3002","title":"\u5757\u5b58\u50a8\u6027\u80fd\u548c\u540e\u7aef"},{"location":"security/security-guide/#_275","text":"\u8ba1\u7b97\u7684\u79df\u6237\u6570\u636e\u53ef\u4ee5\u901a\u8fc7 IPsec \u6216\u5176\u4ed6\u96a7\u9053\u8fdb\u884c\u52a0\u5bc6\u3002\u8fd9\u5728OpenStack\u4e2d\u5e76\u4e0d\u5e38\u89c1\u6216\u6807\u51c6\uff0c\u4f46\u5bf9\u4e8e\u6709\u52a8\u529b\u548c\u611f\u5174\u8da3\u7684\u5b9e\u73b0\u8005\u6765\u8bf4\uff0c\u8fd9\u662f\u4e00\u4e2a\u9009\u9879\u3002 \u540c\u6837\uff0c\u52a0\u5bc6\u6570\u636e\u5728\u901a\u8fc7\u7f51\u7edc\u4f20\u8f93\u65f6\u5c06\u4fdd\u6301\u52a0\u5bc6\u72b6\u6001\u3002","title":"\u7f51\u7edc\u6570\u636e"},{"location":"security/security-guide/#_276","text":"\u4e3a\u4e86\u89e3\u51b3\u7ecf\u5e38\u63d0\u5230\u7684\u79df\u6237\u6570\u636e\u9690\u79c1\u548c\u9650\u5236\u4e91\u63d0\u4f9b\u5546\u8d23\u4efb\u7684\u95ee\u9898\uff0cOpenStack\u793e\u533a\u5bf9\u4f7f\u6570\u636e\u52a0\u5bc6\u66f4\u52a0\u666e\u904d\u7684\u5174\u8da3\u8d8a\u6765\u8d8a\u5927\u3002\u5bf9\u4e8e\u6700\u7ec8\u7528\u6237\u6765\u8bf4\uff0c\u5728\u5c06\u6570\u636e\u4fdd\u5b58\u5230\u4e91\u4e4b\u524d\u5bf9\u5176\u8fdb\u884c\u52a0\u5bc6\u76f8\u5bf9\u5bb9\u6613\uff0c\u8fd9\u662f\u79df\u6237\u5bf9\u8c61\uff08\u5982\u5a92\u4f53\u6587\u4ef6\u3001\u6570\u636e\u5e93\u5b58\u6863\u7b49\uff09\u7684\u53ef\u884c\u8def\u5f84\u3002\u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\uff0c\u5ba2\u6237\u7aef\u52a0\u5bc6\u7528\u4e8e\u52a0\u5bc6\u865a\u62df\u5316\u6280\u672f\u4fdd\u5b58\u7684\u6570\u636e\uff0c\u8fd9\u9700\u8981\u5ba2\u6237\u7aef\u4ea4\u4e92\uff08\u4f8b\u5982\u63d0\u4f9b\u5bc6\u94a5\uff09\u6765\u89e3\u5bc6\u6570\u636e\u4ee5\u4f9b\u5c06\u6765\u4f7f\u7528\u3002\u4e3a\u4e86\u65e0\u7f1d\u5730\u4fdd\u62a4\u6570\u636e\u5e76\u4f7f\u5176\u53ef\u8bbf\u95ee\uff0c\u800c\u65e0\u9700\u7ed9\u5ba2\u6237\u5e26\u6765\u7ba1\u7406\u5176\u5bc6\u94a5\u7684\u8d1f\u62c5\uff0c\u5e76\u4ee5\u4ea4\u4e92\u65b9\u5f0f\u5411\u4ed6\u4eec\u63d0\u4f9b OpenStack \u4e2d\u7684\u5bc6\u94a5\u7ba1\u7406\u670d\u52a1\u3002\u4f5c\u4e3aOpenStack\u7684\u4e00\u90e8\u5206\uff0c\u63d0\u4f9b\u52a0\u5bc6\u548c\u5bc6\u94a5\u7ba1\u7406\u670d\u52a1\u53ef\u4ee5\u7b80\u5316\u9759\u6001\u6570\u636e\u5b89\u5168\u91c7\u7528\uff0c\u5e76\u89e3\u51b3\u5ba2\u6237\u5bf9\u9690\u79c1\u6216\u6570\u636e\u6ee5\u7528\u7684\u62c5\u5fe7\uff0c\u540c\u65f6\u4e5f\u9650\u5236\u4e86\u4e91\u63d0\u4f9b\u5546\u7684\u8d23\u4efb\u3002\u8fd9\u6709\u52a9\u4e8e\u51cf\u5c11\u63d0\u4f9b\u5546\u5728\u591a\u79df\u6237\u516c\u6709\u4e91\u4e2d\u7684\u4e8b\u4ef6\u8c03\u67e5\u671f\u95f4\u5904\u7406\u79df\u6237\u6570\u636e\u65f6\u7684\u8d23\u4efb\u3002 \u5377\u52a0\u5bc6\u548c\u4e34\u65f6\u78c1\u76d8\u52a0\u5bc6\u529f\u80fd\u4f9d\u8d56\u4e8e\u5bc6\u94a5\u7ba1\u7406\u670d\u52a1\uff08\u4f8b\u5982\uff0cbarbican\uff09\u6765\u521b\u5efa\u548c\u5b89\u5168\u5b58\u50a8\u5bc6\u94a5\u3002\u5bc6\u94a5\u7ba1\u7406\u5668\u662f\u53ef\u63d2\u5165\u7684\uff0c\u4ee5\u65b9\u4fbf\u9700\u8981\u7b2c\u4e09\u65b9\u786c\u4ef6\u5b89\u5168\u6a21\u5757 \uff08HSM\uff09 \u6216\u4f7f\u7528\u5bc6\u94a5\u7ba1\u7406\u4ea4\u6362\u534f\u8bae \uff08KMIP\uff09 \u7684\u90e8\u7f72\uff0c\u8be5\u534f\u8bae\u7531\u540d\u4e3a PyKMIP \u7684\u5f00\u6e90\u9879\u76ee\u652f\u6301\u3002","title":"\u5bc6\u94a5\u7ba1\u7406"},{"location":"security/security-guide/#_277","text":"OpenStack.org\uff0c\u6b22\u8fce\u6765\u5230 barbican \u7684\u5f00\u53d1\u8005\u6587\u6863\uff012014\u3002Barbican \u5f00\u53d1\u8005\u6587\u6863 oasis-open.org\uff0cOASIS \u5bc6\u94a5\u7ba1\u7406\u4e92\u64cd\u4f5c\u6027\u534f\u8bae \uff08KMIP\uff09\u30022014\u5e74\u3002KMIP PyKMIP \u5e93 \u673a\u5bc6\u7ba1\u7406 \u673a\u5bc6\u7ba1\u7406","title":"\u53c2\u8003\u4e66\u76ee\uff1a"},{"location":"security/security-guide/#_278","text":"\u5728\u865a\u62df\u5316\u73af\u5883\u4e2d\u8fd0\u884c\u5b9e\u4f8b\u7684\u4f18\u70b9\u4e4b\u4e00\u662f\uff0c\u5b83\u4e3a\u5b89\u5168\u63a7\u5236\u5f00\u8f9f\u4e86\u65b0\u7684\u673a\u4f1a\uff0c\u800c\u8fd9\u4e9b\u63a7\u5236\u5728\u90e8\u7f72\u5230\u88f8\u673a\u4e0a\u65f6\u901a\u5e38\u4e0d\u53ef\u7528\u3002\u6709\u51e0\u79cd\u6280\u672f\u53ef\u4ee5\u5e94\u7528\u4e8e\u865a\u62df\u5316\u5806\u6808\uff0c\u4e3a\u4e91\u79df\u6237\u5e26\u6765\u66f4\u597d\u7684\u4fe1\u606f\u4fdd\u969c\u3002 \u5177\u6709\u5f3a\u70c8\u5b89\u5168\u8981\u6c42\u7684 OpenStack \u90e8\u7f72\u4eba\u5458\u6216\u7528\u6237\u53ef\u80fd\u9700\u8981\u8003\u8651\u90e8\u7f72\u8fd9\u4e9b\u6280\u672f\u3002\u5e76\u975e\u6240\u6709\u60c5\u51b5\u90fd\u9002\u7528\u3002\u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\uff0c\u7531\u4e8e\u89c4\u8303\u6027\u4e1a\u52a1\u9700\u6c42\uff0c\u53ef\u80fd\u4f1a\u6392\u9664\u5728\u4e91\u4e2d\u4f7f\u7528\u6280\u672f\u3002\u540c\u6837\uff0c\u67d0\u4e9b\u6280\u672f\u4f1a\u68c0\u67e5\u5b9e\u4f8b\u6570\u636e\uff0c\u4f8b\u5982\u8fd0\u884c\u72b6\u6001\uff0c\u8fd9\u5bf9\u7cfb\u7edf\u7528\u6237\u6765\u8bf4\u53ef\u80fd\u662f\u4e0d\u5e0c\u671b\u7684\u3002 \u5728\u672c\u7ae0\u4e2d\uff0c\u6211\u4eec\u5c06\u63a2\u8ba8\u8fd9\u4e9b\u6280\u672f\uff0c\u5e76\u63cf\u8ff0\u5b83\u4eec\u53ef\u7528\u4e8e\u589e\u5f3a\u5b9e\u4f8b\u6216\u5e95\u5c42\u5b9e\u4f8b\u5b89\u5168\u6027\u7684\u60c5\u51b5\u3002\u6211\u4eec\u8fd8\u8bd5\u56fe\u5f3a\u8c03\u53ef\u80fd\u5b58\u5728\u9690\u79c1\u95ee\u9898\u7684\u5730\u65b9\u3002\u8fd9\u4e9b\u5305\u62ec\u6570\u636e\u4f20\u9012\u3001\u5185\u7701\u6216\u63d0\u4f9b\u71b5\u6e90\u3002\u5728\u672c\u8282\u4e2d\uff0c\u6211\u4eec\u5c06\u91cd\u70b9\u4ecb\u7ecd\u4ee5\u4e0b\u9644\u52a0\u5b89\u5168\u670d\u52a1\uff1a \u5b9e\u4f8b\u7684\u71b5 \u5c06\u5b9e\u4f8b\u8c03\u5ea6\u5230\u8282\u70b9 \u53d7\u4fe1\u4efb\u7684\u6620\u50cf \u5b9e\u4f8b\u8fc1\u79fb \u76d1\u63a7\u3001\u8b66\u62a5\u548c\u62a5\u544a \u66f4\u65b0\u548c\u8865\u4e01 \u9632\u706b\u5899\u548c\u5176\u4ed6\u57fa\u4e8e\u4e3b\u673a\u7684\u5b89\u5168\u63a7\u5236 \u5b9e\u4f8b\u7684\u5b89\u5168\u670d\u52a1 \u5b9e\u4f8b\u7684\u71b5 \u5c06\u5b9e\u4f8b\u8c03\u5ea6\u5230\u8282\u70b9 \u53d7\u4fe1\u4efb\u7684\u6620\u50cf \u5b9e\u4f8b\u8fc1\u79fb \u76d1\u63a7\u3001\u8b66\u62a5\u548c\u62a5\u544a \u66f4\u65b0\u548c\u8865\u4e01 \u9632\u706b\u5899\u548c\u5176\u4ed6\u57fa\u4e8e\u4e3b\u673a\u7684\u5b89\u5168\u63a7\u5236","title":"\u5b9e\u4f8b\u5b89\u5168\u7ba1\u7406"},{"location":"security/security-guide/#_279","text":"","title":"\u5b9e\u4f8b\u7684\u5b89\u5168\u670d\u52a1"},{"location":"security/security-guide/#_280","text":"\u6211\u4eec\u8ba4\u4e3a\u71b5\u662f\u6307\u5b9e\u4f8b\u53ef\u7528\u7684\u968f\u673a\u6570\u636e\u7684\u8d28\u91cf\u548c\u6765\u6e90\u3002\u52a0\u5bc6\u6280\u672f\u901a\u5e38\u4e25\u91cd\u4f9d\u8d56\u968f\u673a\u6027\uff0c\u9700\u8981\u9ad8\u8d28\u91cf\u7684\u71b5\u6c60\u624d\u80fd\u4ece\u4e2d\u6c72\u53d6\u3002\u865a\u62df\u673a\u901a\u5e38\u5f88\u96be\u83b7\u5f97\u8db3\u591f\u7684\u71b5\u6765\u652f\u6301\u8fd9\u4e9b\u64cd\u4f5c\uff0c\u8fd9\u79f0\u4e3a\u71b5\u9965\u997f\u3002\u71b5\u9965\u997f\u53ef\u4ee5\u8868\u73b0\u4e3a\u770b\u4f3c\u65e0\u5173\u7684\u4e8b\u60c5\u3002\u4f8b\u5982\uff0c\u542f\u52a8\u65f6\u95f4\u6162\u53ef\u80fd\u662f\u7531\u4e8e\u5b9e\u4f8b\u7b49\u5f85 ssh \u5bc6\u94a5\u751f\u6210\u9020\u6210\u7684\u3002\u71b5\u9965\u997f\u8fd8\u53ef\u80fd\u4fc3\u4f7f\u7528\u6237\u5728\u5b9e\u4f8b\u4e2d\u4f7f\u7528\u8d28\u91cf\u8f83\u5dee\u7684\u71b5\u6e90\uff0c\u4ece\u800c\u4f7f\u5728\u4e91\u4e2d\u8fd0\u884c\u7684\u5e94\u7528\u7a0b\u5e8f\u6574\u4f53\u5b89\u5168\u6027\u964d\u4f4e\u3002 \u5e78\u8fd0\u7684\u662f\uff0c\u4e91\u67b6\u6784\u5e08\u53ef\u4ee5\u901a\u8fc7\u4e3a\u4e91\u5b9e\u4f8b\u63d0\u4f9b\u9ad8\u8d28\u91cf\u7684\u71b5\u6e90\u6765\u89e3\u51b3\u8fd9\u4e9b\u95ee\u9898\u3002\u8fd9\u53ef\u4ee5\u901a\u8fc7\u5728\u4e91\u4e2d\u62e5\u6709\u8db3\u591f\u7684\u786c\u4ef6\u968f\u673a\u6570\u751f\u6210\u5668 \uff08HRNG\uff09 \u6765\u652f\u6301\u5b9e\u4f8b\u6765\u5b9e\u73b0\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u201c\u8db3\u591f\u201d\u5728\u67d0\u79cd\u7a0b\u5ea6\u4e0a\u662f\u7279\u5b9a\u4e8e\u57df\u7684\u3002\u5bf9\u4e8e\u65e5\u5e38\u64cd\u4f5c\uff0c\u73b0\u4ee3 HRNG \u53ef\u80fd\u4f1a\u4ea7\u751f\u8db3\u591f\u7684\u71b5\u6765\u652f\u6301 50-100 \u4e2a\u8ba1\u7b97\u8282\u70b9\u3002\u9ad8\u5e26\u5bbd HRNG\uff08\u4f8b\u5982\u82f1\u7279\u5c14 Ivy Bridge \u548c\u66f4\u65b0\u7684\u5904\u7406\u5668\u63d0\u4f9b\u7684 RdRand \u6307\u4ee4\uff09\u53ef\u80fd\u4f1a\u5904\u7406\u66f4\u591a\u8282\u70b9\u3002\u5bf9\u4e8e\u7ed9\u5b9a\u7684\u4e91\uff0c\u67b6\u6784\u5e08\u9700\u8981\u4e86\u89e3\u5e94\u7528\u7a0b\u5e8f\u8981\u6c42\uff0c\u4ee5\u786e\u4fdd\u6709\u8db3\u591f\u7684\u71b5\u53ef\u7528\u3002 Virtio RNG \u662f\u4e00\u4e2a\u968f\u673a\u6570\u751f\u6210\u5668\uff0c\u9ed8\u8ba4\u60c5\u51b5\u4e0b\u7528\u4f5c /dev/random \u71b5\u6e90\uff0c\u4f46\u53ef\u4ee5\u914d\u7f6e\u4e3a\u4f7f\u7528\u786c\u4ef6 RNG \u6216\u71b5\u6536\u96c6\u5b88\u62a4\u7a0b\u5e8f \uff08EGD\uff09 \u7b49\u5de5\u5177\uff0c\u4ee5\u63d0\u4f9b\u4e00\u79cd\u901a\u8fc7\u5206\u5e03\u5f0f\u7cfb\u7edf\u516c\u5e73\u5b89\u5168\u5730\u5206\u914d\u71b5\u7684\u65b9\u6cd5\u3002Virtio RNG \u662f\u4f7f\u7528\u7528\u4e8e\u521b\u5efa\u5b9e\u4f8b\u7684\u5143\u6570\u636e\u7684 hw_rng \u5c5e\u6027\u542f\u7528\u7684\u3002","title":"\u5b9e\u4f8b\u7684\u71b5"},{"location":"security/security-guide/#_281","text":"\u5728\u521b\u5efa\u5b9e\u4f8b\u4e4b\u524d\uff0c\u5fc5\u987b\u9009\u62e9\u7528\u4e8e\u955c\u50cf\u5b9e\u4f8b\u5316\u7684\u4e3b\u673a\u3002\u6b64\u9009\u62e9\u7531 nova-scheduler \u786e\u5b9a\u5982\u4f55\u5206\u6d3e\u8ba1\u7b97\u548c\u5377\u8bf7\u6c42\u7684 \u6267\u884c\u3002 \u8fd9\u662f FilterScheduler OpenStack Compute\u7684\u9ed8\u8ba4\u8c03\u5ea6\u7a0b\u5e8f\uff0c\u5c3d\u7ba1\u5b58\u5728\u5176\u4ed6\u8c03\u5ea6\u7a0b\u5e8f\uff08\u8bf7\u53c2\u9605 OpenStack Configuration Reference \u4e2d\u7684 Scheduling \u90e8\u5206\uff09\u3002\u8fd9\u4e0e\u201c\u8fc7\u6ee4\u5668\u63d0\u793a\u201d\u534f\u540c\u5de5\u4f5c\uff0c\u4ee5\u51b3\u5b9a\u5b9e\u4f8b\u7684\u542f\u52a8\u4f4d\u7f6e\u3002\u6b64\u4e3b\u673a\u9009\u62e9\u8fc7\u7a0b\u5141\u8bb8\u7ba1\u7406\u5458\u6ee1\u8db3\u8bb8\u591a\u4e0d\u540c\u7684\u5b89\u5168\u6027\u548c\u5408\u89c4\u6027\u8981\u6c42\u3002\u4f8b\u5982\uff0c\u6839\u636e\u4e91\u90e8\u7f72\u7c7b\u578b\uff0c\u5982\u679c\u6570\u636e\u9694\u79bb\u662f\u4e3b\u8981\u95ee\u9898\uff0c\u5219\u53ef\u4ee5\u9009\u62e9\u5c3d\u53ef\u80fd\u8ba9\u79df\u6237\u5b9e\u4f8b\u9a7b\u7559\u5728\u76f8\u540c\u7684\u4e3b\u673a\u4e0a\u3002\u76f8\u53cd\uff0c\u51fa\u4e8e\u53ef\u7528\u6027\u6216\u5bb9\u9519\u539f\u56e0\uff0c\u53ef\u4ee5\u5c1d\u8bd5\u5c06\u79df\u6237\u7684\u5b9e\u4f8b\u9a7b\u7559\u5728\u5c3d\u53ef\u80fd\u591a\u7684\u4e0d\u540c\u4e3b\u673a\u4e0a\u3002 \u7b5b\u9009\u5668\u8ba1\u5212\u7a0b\u5e8f\u5206\u4e3a\u56db\u5927\u7c7b\uff1a \u57fa\u4e8e\u8d44\u6e90\u7684\u7b5b\u9009\u5668 \u8fd9\u4e9b\u7b5b\u9009\u5668\u5c06\u6839\u636e\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u4e3b\u673a\u96c6\u7684\u5229\u7528\u7387\u521b\u5efa\u5b9e\u4f8b\uff0c\u5e76\u53ef\u4ee5\u5728\u53ef\u7528\u6216\u4f7f\u7528\u7684\u5c5e\u6027\uff08\u5982 RAM\u3001IO \u6216 CPU \u5229\u7528\u7387\uff09\u4e0a\u89e6\u53d1\u3002 \u57fa\u4e8e\u6620\u50cf\u7684\u8fc7\u6ee4\u5668 \u8fd9\u5c06\u6839\u636e\u4f7f\u7528\u7684\u6620\u50cf\uff08\u4f8b\u5982 VM \u7684\u64cd\u4f5c\u7cfb\u7edf\u6216\u4f7f\u7528\u7684\u6620\u50cf\u7c7b\u578b\uff09\u59d4\u6d3e\u5b9e\u4f8b\u521b\u5efa\u3002 \u57fa\u4e8e\u73af\u5883\u7684\u8fc7\u6ee4\u5668 \u6b64\u7b5b\u9009\u5668\u5c06\u57fa\u4e8e\u5916\u90e8\u8be6\u7ec6\u4fe1\u606f\u521b\u5efa\u5b9e\u4f8b\uff0c\u4f8b\u5982\u5728\u7279\u5b9a IP \u8303\u56f4\u5185\u3001\u8de8\u53ef\u7528\u533a\u6216\u4e0e\u5176\u4ed6\u5b9e\u4f8b\u4f4d\u4e8e\u540c\u4e00\u4e3b\u673a\u4e0a\u3002 \u81ea\u5b9a\u4e49\u6761\u4ef6 \u6b64\u7b5b\u9009\u5668\u5c06\u6839\u636e\u7528\u6237\u6216\u7ba1\u7406\u5458\u63d0\u4f9b\u7684\u6761\u4ef6\uff08\u5982\u4fe1\u4efb\u6216\u5143\u6570\u636e\u5206\u6790\uff09\u59d4\u6d3e\u5b9e\u4f8b\u521b\u5efa\u3002 \u53ef\u4ee5\u540c\u65f6\u5e94\u7528\u591a\u4e2a\u7b5b\u9009\u5668\uff0c\u4f8b\u5982\uff0c\u7b5b\u9009\u5668\u7528\u4e8e\u786e\u4fdd\u5728\u4e00\u7ec4\u7279\u5b9a\u4e3b\u673a\u7684\u6210\u5458\u4e0a\u521b\u5efa\u5b9e\u4f8b\uff0c\u4ee5\u53ca ServerGroupAntiAffinity \u7528\u4e8e\u786e\u4fdd\u4e0d\u4f1a\u5728\u53e6\u4e00\u7ec4\u7279\u5b9a\u4e3b\u673a\u4e0a\u521b\u5efa\u540c\u4e00\u5b9e\u4f8b\u7684\u7b5b\u9009\u5668 ServerGroupAffinity \u3002\u5e94\u4ed4\u7ec6\u5206\u6790\u8fd9\u4e9b\u7b5b\u9009\u5668\uff0c\u4ee5\u786e\u4fdd\u5b83\u4eec\u4e0d\u4f1a\u76f8\u4e92\u51b2\u7a81\uff0c\u5e76\u5bfc\u81f4\u963b\u6b62\u521b\u5efa\u5b9e\u4f8b\u7684\u89c4\u5219\u3002 GroupAffinity \u548c GroupAntiAffinity \u7b5b\u9009\u5668\u51b2\u7a81\uff0c\u4e0d\u5e94\u540c\u65f6\u542f\u7528\u3002 \u7b5b\u9009\u5668 DiskFilter \u80fd\u591f\u8d85\u989d\u8ba2\u9605\u78c1\u76d8\u7a7a\u95f4\u3002\u867d\u7136\u901a\u5e38\u4e0d\u662f\u95ee\u9898\uff0c\u4f46\u5bf9\u4e8e\u7cbe\u7b80\u9884\u914d\u7684\u5b58\u50a8\u8bbe\u5907\u6765\u8bf4\uff0c\u8fd9\u53ef\u80fd\u662f\u4e00\u4e2a\u95ee\u9898\uff0c\u5e76\u4e14\u6b64\u7b5b\u9009\u5668\u5e94\u4e0e\u5e94\u7528\u7ecf\u8fc7\u5145\u5206\u6d4b\u8bd5\u7684\u914d\u989d\u4e00\u8d77\u4f7f\u7528\u3002 \u6211\u4eec\u5efa\u8bae\u60a8\u7981\u7528\u8fc7\u6ee4\u5668\uff0c\u8fd9\u4e9b\u8fc7\u6ee4\u5668\u53ef\u4ee5\u5206\u6790\u7528\u6237\u63d0\u4f9b\u7684\u5185\u5bb9\u6216\u53ef\u64cd\u4f5c\u7684\u5185\u5bb9\uff0c\u4f8b\u5982\u5143\u6570\u636e\u3002","title":"\u5c06\u5b9e\u4f8b\u8c03\u5ea6\u5230\u8282\u70b9"},{"location":"security/security-guide/#_282","text":"\u5728\u4e91\u73af\u5883\u4e2d\uff0c\u7528\u6237\u4f7f\u7528\u9884\u5b89\u88c5\u7684\u6620\u50cf\u6216\u4ed6\u4eec\u81ea\u5df1\u4e0a\u4f20\u7684\u6620\u50cf\u3002\u5728\u8fd9\u4e24\u79cd\u60c5\u51b5\u4e0b\uff0c\u7528\u6237\u90fd\u5e94\u8be5\u80fd\u591f\u786e\u4fdd\u4ed6\u4eec\u6b63\u5728\u4f7f\u7528\u7684\u56fe\u50cf\u6ca1\u6709\u88ab\u7be1\u6539\u3002\u9a8c\u8bc1\u56fe\u50cf\u7684\u80fd\u529b\u662f\u5b89\u5168\u6027\u7684\u57fa\u672c\u8981\u6c42\u3002\u4ece\u6620\u50cf\u6e90\u5230\u4f7f\u7528\u6620\u50cf\u7684\u76ee\u6807\u9700\u8981\u4fe1\u4efb\u94fe\u3002\u8fd9\u53ef\u4ee5\u901a\u8fc7\u5bf9\u4ece\u53d7\u4fe1\u4efb\u6765\u6e90\u83b7\u53d6\u7684\u6620\u50cf\u8fdb\u884c\u7b7e\u540d\u5e76\u5728\u4f7f\u7528\u524d\u9a8c\u8bc1\u7b7e\u540d\u6765\u5b9e\u73b0\u3002\u4e0b\u9762\u5c06\u8ba8\u8bba\u83b7\u53d6\u548c\u521b\u5efa\u5df2\u9a8c\u8bc1\u56fe\u50cf\u7684\u5404\u79cd\u65b9\u6cd5\uff0c\u7136\u540e\u4ecb\u7ecd\u56fe\u50cf\u7b7e\u540d\u9a8c\u8bc1\u529f\u80fd\u3002","title":"\u53ef\u4fe1\u955c\u50cf"},{"location":"security/security-guide/#_283","text":"OpenStack \u6587\u6863\u63d0\u4f9b\u4e86\u6709\u5173\u5982\u4f55\u521b\u5efa\u6620\u50cf\u5e76\u5c06\u5176\u4e0a\u4f20\u5230\u6620\u50cf\u670d\u52a1\u7684\u6307\u5bfc\u3002\u6b64\u5916\uff0c\u5047\u5b9a\u60a8\u6709\u4e00\u4e2a\u5b89\u88c5\u548c\u5f3a\u5316\u64cd\u4f5c\u7cfb\u7edf\u7684\u8fc7\u7a0b\u3002\u56e0\u6b64\uff0c\u4ee5\u4e0b\u5404\u9879\u5c06\u63d0\u4f9b\u6709\u5173\u5982\u4f55\u786e\u4fdd\u5c06\u6620\u50cf\u5b89\u5168\u5730\u4f20\u8f93\u5230 OpenStack \u4e2d\u7684\u989d\u5916\u6307\u5bfc\u3002\u6709\u591a\u79cd\u9009\u9879\u53ef\u7528\u4e8e\u83b7\u53d6\u56fe\u50cf\u3002\u6bcf\u4e2a\u6b65\u9aa4\u90fd\u6709\u7279\u5b9a\u7684\u6b65\u9aa4\uff0c\u6709\u52a9\u4e8e\u9a8c\u8bc1\u56fe\u50cf\u7684\u51fa\u5904\u3002 \u7b2c\u4e00\u4e2a\u9009\u9879\u662f\u4ece\u53d7\u4fe1\u4efb\u7684\u6765\u6e90\u83b7\u53d6\u542f\u52a8\u5a92\u4f53\u3002 $ mkdir -p /tmp/download_directorycd /tmp/download_directory $ wget http://mirror.anl.gov/pub/ubuntu-iso/CDs/precise/ubuntu-12.04.2-server-amd64.iso $ wget http://mirror.anl.gov/pub/ubuntu-iso/CDs/precise/SHA256SUMS $ wget http://mirror.anl.gov/pub/ubuntu-iso/CDs/precise/SHA256SUMS.gpg $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xFBB75451 $ gpg --verify SHA256SUMS.gpg SHA256SUMSsha256sum -c SHA256SUMS 2>&1 | grep OK \u7b2c\u4e8c\u79cd\u9009\u62e9\u662f\u4f7f\u7528 OpenStack \u865a\u62df\u673a\u6620\u50cf\u6307\u5357\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u60a8\u9700\u8981\u9075\u5faa\u7ec4\u7ec7\u7684\u64cd\u4f5c\u7cfb\u7edf\u5f3a\u5316\u51c6\u5219\u6216\u53d7\u4fe1\u4efb\u7684\u7b2c\u4e09\u65b9\uff08\u5982 Linux STIG\uff09\u63d0\u4f9b\u7684\u51c6\u5219\u3002 \u6700\u540e\u4e00\u79cd\u9009\u62e9\u662f\u4f7f\u7528\u81ea\u52a8\u6620\u50cf\u751f\u6210\u5668\u3002\u4ee5\u4e0b\u793a\u4f8b\u4f7f\u7528 Oz \u6620\u50cf\u751f\u6210\u5668\u3002OpenStack \u793e\u533a\u6700\u8fd1\u521b\u5efa\u4e86\u4e00\u4e2a\u503c\u5f97\u7814\u7a76\u7684\u65b0\u5de5\u5177\uff1adisk-image-builder\u3002\u6211\u4eec\u5c1a\u672a\u4ece\u5b89\u5168\u89d2\u5ea6\u8bc4\u4f30\u6b64\u5de5\u5177\u3002 RHEL 6 CCE-26976-1 \u793a\u4f8b\uff0c\u8fd9\u5c06\u6709\u52a9\u4e8e\u5728 OZ \u4e2d\u5b9e\u65bd NIST 800-53 \u7b2c AC-19\uff08d\uff09\u8282\u3002 <template> <name>centos64</name> <os> <name>RHEL-6</name> <version>4</version> <arch>x86_64</arch> <install type='iso'> <iso>http://trusted_local_iso_mirror/isos/x86_64/RHEL-6.4-x86_64-bin-DVD1.iso</iso> </install> <rootpw>CHANGE THIS TO YOUR ROOT PASSWORD</rootpw> </os> <description>RHEL 6.4 x86_64</description> <repositories> <repository name='epel-6'> <url>http://download.fedoraproject.org/pub/epel/6/$basearch</url> <signed>no</signed> </repository> </repositories> <packages> <package name='epel-release'/> <package name='cloud-utils'/> <package name='cloud-init'/> </packages> <commands> <command name='update'> yum update yum clean all rm -rf /var/log/yum sed -i '/^HWADDR/d' /etc/sysconfig/network-scripts/ifcfg-eth0 echo -n > /etc/udev/rules.d/70-persistent-net.rules echo -n > /lib/udev/rules.d/75-persistent-net-generator.rules chkconfig --level 0123456 autofs off service autofs stop </command> </commands> </template> \u5efa\u8bae\u907f\u514d\u624b\u52a8\u6620\u50cf\u6784\u5efa\u8fc7\u7a0b\uff0c\u56e0\u4e3a\u5b83\u5f88\u590d\u6742\u4e14\u5bb9\u6613\u51fa\u9519\u3002\u6b64\u5916\uff0c\u4f7f\u7528 Oz \u7b49\u81ea\u52a8\u5316\u7cfb\u7edf\u8fdb\u884c\u6620\u50cf\u6784\u5efa\uff0c\u6216\u4f7f\u7528 Chef \u6216 Puppet \u7b49\u914d\u7f6e\u7ba1\u7406\u5b9e\u7528\u7a0b\u5e8f\u8fdb\u884c\u542f\u52a8\u540e\u6620\u50cf\u5f3a\u5316\uff0c\u4f7f\u60a8\u80fd\u591f\u751f\u6210\u4e00\u81f4\u7684\u6620\u50cf\uff0c\u5e76\u8ddf\u8e2a\u57fa\u7840\u6620\u50cf\u5728\u4e00\u6bb5\u65f6\u95f4\u5185\u662f\u5426\u7b26\u5408\u5176\u5404\u81ea\u7684\u5f3a\u5316\u51c6\u5219\u3002 \u5982\u679c\u8ba2\u9605\u516c\u6709\u4e91\u670d\u52a1\uff0c\u5219\u5e94\u4e0e\u4e91\u63d0\u4f9b\u5546\u8054\u7cfb\uff0c\u4e86\u89e3\u7528\u4e8e\u751f\u6210\u5176\u9ed8\u8ba4\u6620\u50cf\u7684\u8fc7\u7a0b\u7684\u6982\u8ff0\u3002\u5982\u679c\u63d0\u4f9b\u5546\u5141\u8bb8\u60a8\u4e0a\u4f20\u81ea\u5df1\u7684\u6620\u50cf\uff0c\u5219\u9700\u8981\u786e\u4fdd\u5728\u4f7f\u7528\u6620\u50cf\u521b\u5efa\u5b9e\u4f8b\u4e4b\u524d\u80fd\u591f\u9a8c\u8bc1\u6620\u50cf\u662f\u5426\u672a\u88ab\u4fee\u6539\u3002\u4e3a\u6b64\uff0c\u8bf7\u53c2\u9605\u4ee5\u4e0b\u6709\u5173\u56fe\u50cf\u7b7e\u540d\u9a8c\u8bc1\u7684\u90e8\u5206\uff0c\u5982\u679c\u65e0\u6cd5\u4f7f\u7528\u7b7e\u540d\uff0c\u8bf7\u53c2\u9605\u4ee5\u4e0b\u6bb5\u843d\u3002 \u6620\u50cf\u4ece\u8282\u70b9\u4e0a\u7684\u6620\u50cf\u670d\u52a1\u4f20\u8f93\u5230\u8ba1\u7b97\u670d\u52a1\u3002\u5e94\u901a\u8fc7\u901a\u8fc7 TLS \u8fd0\u884c\u6765\u4fdd\u62a4\u6b64\u4f20\u8f93\u3002\u6620\u50cf\u4f4d\u4e8e\u8282\u70b9\u4e0a\u540e\uff0c\u5c06\u4f7f\u7528\u57fa\u672c\u6821\u9a8c\u548c\u5bf9\u5176\u8fdb\u884c\u9a8c\u8bc1\uff0c\u7136\u540e\u6839\u636e\u8981\u542f\u52a8\u7684\u5b9e\u4f8b\u7684\u5927\u5c0f\u6269\u5c55\u5176\u78c1\u76d8\u3002\u5982\u679c\u7a0d\u540e\u5728\u6b64\u8282\u70b9\u4e0a\u4ee5\u76f8\u540c\u7684\u5b9e\u4f8b\u5927\u5c0f\u542f\u52a8\u540c\u4e00\u6620\u50cf\uff0c\u5219\u4f1a\u4ece\u540c\u4e00\u6269\u5c55\u6620\u50cf\u542f\u52a8\u8be5\u6620\u50cf\u3002\u7531\u4e8e\u6b64\u6269\u5c55\u6620\u50cf\u5728\u542f\u52a8\u524d\u9ed8\u8ba4\u4e0d\u4f1a\u91cd\u65b0\u9a8c\u8bc1\uff0c\u56e0\u6b64\u5b83\u53ef\u80fd\u5df2\u88ab\u7be1\u6539\u3002\u9664\u975e\u5728\u751f\u6210\u7684\u6620\u50cf\u4e2d\u5bf9\u6587\u4ef6\u6267\u884c\u624b\u52a8\u68c0\u67e5\uff0c\u5426\u5219\u7528\u6237\u4e0d\u4f1a\u610f\u8bc6\u5230\u7be1\u6539\u3002","title":"\u955c\u50cf\u521b\u5efa\u8fc7\u7a0b"},{"location":"security/security-guide/#_284","text":"OpenStack \u4e2d\u73b0\u5728\u63d0\u4f9b\u4e86\u4e00\u4e9b\u4e0e\u6620\u50cf\u7b7e\u540d\u76f8\u5173\u7684\u529f\u80fd\u3002\u4ece Mitaka \u7248\u672c\u5f00\u59cb\uff0c\u6620\u50cf\u670d\u52a1\u53ef\u4ee5\u9a8c\u8bc1\u8fd9\u4e9b\u5df2\u7b7e\u540d\u7684\u6620\u50cf\uff0c\u5e76\u4e14\u4e3a\u4e86\u63d0\u4f9b\u5b8c\u6574\u7684\u4fe1\u4efb\u94fe\uff0c\u8ba1\u7b97\u670d\u52a1\u53ef\u4ee5\u9009\u62e9\u5728\u6620\u50cf\u542f\u52a8\u4e4b\u524d\u6267\u884c\u6620\u50cf\u7b7e\u540d\u9a8c\u8bc1\u3002\u5728\u6620\u50cf\u542f\u52a8\u4e4b\u524d\u6210\u529f\u8fdb\u884c\u7b7e\u540d\u9a8c\u8bc1\u53ef\u786e\u4fdd\u5df2\u7b7e\u540d\u7684\u6620\u50cf\u672a\u66f4\u6539\u3002\u542f\u7528\u6b64\u529f\u80fd\u540e\uff0c\u53ef\u4ee5\u68c0\u6d4b\u5230\u672a\u7ecf\u6388\u6743\u7684\u6620\u50cf\u4fee\u6539\uff08\u4f8b\u5982\uff0c\u4fee\u6539\u6620\u50cf\u4ee5\u5305\u542b\u6076\u610f\u8f6f\u4ef6\u6216 rootkit\uff09\u3002 \u7ba1\u7406\u5458\u53ef\u4ee5\u901a\u8fc7\u5728\u6587\u4ef6\u4e2d\u5c06 verify_glance_signatures \u6807\u5fd7\u8bbe\u7f6e\u4e3a\u6765 True \u542f\u7528\u5b9e\u4f8b\u7b7e\u540d /etc/nova/nova.conf \u9a8c\u8bc1\u3002\u542f\u7528\u540e\uff0c\u8ba1\u7b97\u670d\u52a1\u4f1a\u5728\u4ece\u5f71\u50cf\u670d\u52a1\u68c0\u7d22\u7b7e\u540d\u5b9e\u4f8b\u65f6\u81ea\u52a8\u5bf9\u5176\u8fdb\u884c\u9a8c\u8bc1\u3002\u5982\u679c\u6b64\u9a8c\u8bc1\u5931\u8d25\uff0c\u5219\u4e0d\u4f1a\u542f\u52a8\u3002\u300aOpenStack \u64cd\u4f5c\u6307\u5357\u300b\u63d0\u4f9b\u4e86\u6709\u5173\u5982\u4f55\u521b\u5efa\u548c\u4e0a\u4f20\u7b7e\u540d\u6620\u50cf\u4ee5\u53ca\u5982\u4f55\u4f7f\u7528\u6b64\u529f\u80fd\u7684\u6307\u5bfc\u3002\u6709\u5173\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u300a\u64cd\u4f5c\u6307\u5357\u300b\u4e2d\u7684\u6dfb\u52a0\u7b7e\u540d\u6620\u50cf\u3002","title":"\u6620\u50cf\u7b7e\u540d\u9a8c\u8bc1"},{"location":"security/security-guide/#_285","text":"OpenStack \u548c\u5e95\u5c42\u865a\u62df\u5316\u5c42\u63d0\u4f9b\u5728 OpenStack \u8282\u70b9\u4e4b\u95f4\u5b9e\u65f6\u8fc1\u79fb\u6620\u50cf\uff0c\u4f7f\u60a8\u80fd\u591f\u65e0\u7f1d\u5730\u6267\u884c OpenStack \u8ba1\u7b97\u8282\u70b9\u7684\u6eda\u52a8\u5347\u7ea7\uff0c\u800c\u65e0\u9700\u5b9e\u4f8b\u505c\u673a\u3002\u4f46\u662f\uff0c\u5b9e\u65f6\u8fc1\u79fb\u4e5f\u5b58\u5728\u91cd\u5927\u98ce\u9669\u3002\u82e5\u8981\u4e86\u89e3\u6240\u6d89\u53ca\u7684\u98ce\u9669\uff0c\u4ee5\u4e0b\u662f\u5728\u5b9e\u65f6\u8fc1\u79fb\u671f\u95f4\u6267\u884c\u7684\u9ad8\u7ea7\u6b65\u9aa4\uff1a \u5728\u76ee\u6807\u4e3b\u673a\u4e0a\u542f\u52a8\u5b9e\u4f8b \u4f20\u8f93\u5185\u5b58 \u505c\u6b62\u5ba2\u6237\u673a\u548c\u540c\u6b65\u78c1\u76d8 \u4f20\u8f93\u72b6\u6001 \u542f\u52a8\u5ba2\u6237\u673a","title":"\u5b9e\u4f8b\u8fc1\u79fb"},{"location":"security/security-guide/#_286","text":"\u5728\u5b9e\u65f6\u8fc1\u79fb\u8fc7\u7a0b\u7684\u5404\u4e2a\u9636\u6bb5\uff0c\u5b9e\u4f8b\u8fd0\u884c\u65f6\u3001\u5185\u5b58\u548c\u78c1\u76d8\u7684\u5185\u5bb9\u4ee5\u7eaf\u6587\u672c\u5f62\u5f0f\u901a\u8fc7\u7f51\u7edc\u4f20\u8f93\u3002\u56e0\u6b64\uff0c\u5728\u4f7f\u7528\u5b9e\u65f6\u8fc1\u79fb\u65f6\u9700\u8981\u89e3\u51b3\u4e00\u4e9b\u98ce\u9669\u3002\u4ee5\u4e0b\u8be6\u5c3d\u5217\u8868\u8be6\u7ec6\u4ecb\u7ecd\u4e86\u5176\u4e2d\u7684\u4e00\u4e9b\u98ce\u9669\uff1a \u62d2\u7edd\u670d\u52a1 \uff08DoS\uff09\uff1a\u5982\u679c\u5728\u8fc1\u79fb\u8fc7\u7a0b\u4e2d\u51fa\u73b0\u6545\u969c\uff0c\u5b9e\u4f8b\u53ef\u80fd\u4f1a\u4e22\u5931\u3002 \u6570\u636e\u6cc4\u9732\uff1a\u5fc5\u987b\u5b89\u5168\u5730\u5904\u7406\u5185\u5b58\u6216\u78c1\u76d8\u4f20\u8f93\u3002 \u6570\u636e\u64cd\u7eb5\uff1a\u5982\u679c\u5185\u5b58\u6216\u78c1\u76d8\u4f20\u8f93\u672a\u5f97\u5230\u5b89\u5168\u5904\u7406\uff0c\u5219\u653b\u51fb\u8005\u53ef\u4ee5\u5728\u8fc1\u79fb\u8fc7\u7a0b\u4e2d\u64cd\u7eb5\u7528\u6237\u6570\u636e\u3002 \u4ee3\u7801\u6ce8\u5165\uff1a\u5982\u679c\u5185\u5b58\u6216\u78c1\u76d8\u4f20\u8f93\u672a\u5f97\u5230\u5b89\u5168\u5904\u7406\uff0c\u5219\u653b\u51fb\u8005\u53ef\u4ee5\u5728\u8fc1\u79fb\u671f\u95f4\u64cd\u7eb5\u78c1\u76d8\u6216\u5185\u5b58\u4e2d\u7684\u53ef\u6267\u884c\u6587\u4ef6\u3002","title":"\u5b9e\u65f6\u8fc1\u79fb\u98ce\u9669"},{"location":"security/security-guide/#_287","text":"\u6709\u51e0\u79cd\u65b9\u6cd5\u53ef\u4ee5\u7f13\u89e3\u4e0e\u5b9e\u65f6\u8fc1\u79fb\u76f8\u5173\u7684\u4e00\u4e9b\u98ce\u9669\uff0c\u4ee5\u4e0b\u5217\u8868\u8be6\u7ec6\u4ecb\u7ecd\u4e86\u5176\u4e2d\u7684\u4e00\u4e9b\u65b9\u6cd5\uff1a \u7981\u7528\u5b9e\u65f6\u8fc1\u79fb I\u9694\u79bb\u7684\u8fc1\u79fb\u7f51\u7edc \u52a0\u5bc6\u5b9e\u65f6\u8fc1\u79fb","title":"\u5b9e\u65f6\u8fc1\u79fb\u7f13\u89e3\u63aa\u65bd"},{"location":"security/security-guide/#_288","text":"\u76ee\u524d\uff0cOpenStack \u4e2d\u9ed8\u8ba4\u542f\u7528\u5b9e\u65f6\u8fc1\u79fb\u3002\u53ef\u4ee5\u901a\u8fc7\u5411 nova policy.json \u6587\u4ef6\u6dfb\u52a0\u4ee5\u4e0b\u884c\u6765\u7981\u7528\u5b9e\u65f6\u8fc1\u79fb\uff1a { \"compute_extension:admin_actions:migrate\": \"!\", \"compute_extension:admin_actions:migrateLive\": \"!\", }","title":"\u7981\u7528\u5b9e\u65f6\u8fc1\u79fb"},{"location":"security/security-guide/#_289","text":"\u4e00\u822c\u505a\u6cd5\u662f\uff0c\u5b9e\u65f6\u8fc1\u79fb\u6d41\u91cf\u5e94\u9650\u5236\u5728\u7ba1\u7406\u5b89\u5168\u57df\u5185\uff0c\u8bf7\u53c2\u9605\u5b89\u5168\u8fb9\u754c\u548c\u5a01\u80c1\u3002\u5bf9\u4e8e\u5b9e\u65f6\u8fc1\u79fb\u6d41\u91cf\uff0c\u7531\u4e8e\u5176\u7eaf\u6587\u672c\u6027\u8d28\u4ee5\u53ca\u60a8\u6b63\u5728\u4f20\u8f93\u6b63\u5728\u8fd0\u884c\u7684\u5b9e\u4f8b\u7684\u78c1\u76d8\u548c\u5185\u5b58\u5185\u5bb9\uff0c\u56e0\u6b64\u5efa\u8bae\u60a8\u8fdb\u4e00\u6b65\u5c06\u5b9e\u65f6\u8fc1\u79fb\u6d41\u91cf\u5206\u79bb\u5230\u4e13\u7528\u7f51\u7edc\u4e0a\u3002\u5c06\u6d41\u91cf\u9694\u79bb\u5230\u4e13\u7528\u7f51\u7edc\u53ef\u4ee5\u964d\u4f4e\u66b4\u9732\u98ce\u9669\u3002","title":"\u8fc1\u79fb\u7f51\u7edc"},{"location":"security/security-guide/#_290","text":"\u5982\u679c\u6709\u8db3\u591f\u7684\u4e1a\u52a1\u6848\u4f8b\u6765\u4fdd\u6301\u5b9e\u65f6\u8fc1\u79fb\u7684\u542f\u7528\u72b6\u6001\uff0c\u5219 libvirtd \u53ef\u4ee5\u4e3a\u5b9e\u65f6\u8fc1\u79fb\u63d0\u4f9b\u52a0\u5bc6\u96a7\u9053\u3002\u4f46\u662f\uff0c\u6b64\u529f\u80fd\u76ee\u524d\u5c1a\u672a\u5728 OpenStack Dashboard \u6216 nova-client \u547d\u4ee4\u4e2d\u516c\u5f00\uff0c\u53ea\u80fd\u901a\u8fc7\u624b\u52a8\u914d\u7f6e libvirtd \u6765\u8bbf\u95ee\u3002\u7136\u540e\uff0c\u5b9e\u65f6\u8fc1\u79fb\u8fc7\u7a0b\u5c06\u66f4\u6539\u4e3a\u4ee5\u4e0b\u9ad8\u7ea7\u6b65\u9aa4\uff1a \u5b9e\u4f8b\u6570\u636e\u4ece\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u590d\u5236\u5230 libvirtd\u3002 \u5728\u6e90\u4e3b\u673a\u548c\u76ee\u6807\u4e3b\u673a\u4e0a\u7684 libvirtd \u8fdb\u7a0b\u4e4b\u95f4\u521b\u5efa\u52a0\u5bc6\u96a7\u9053\u3002 \u76ee\u6807 libvirtd \u4e3b\u673a\u5c06\u5b9e\u4f8b\u590d\u5236\u56de\u5e95\u5c42\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002","title":"\u52a0\u5bc6\u5b9e\u65f6\u8fc1\u79fb"},{"location":"security/security-guide/#_291","text":"\u7531\u4e8e OpenStack \u865a\u62df\u673a\u662f\u80fd\u591f\u8de8\u4e3b\u673a\u590d\u5236\u7684\u670d\u52a1\u5668\u6620\u50cf\uff0c\u56e0\u6b64\u65e5\u5fd7\u8bb0\u5f55\u7684\u6700\u4f73\u5b9e\u8df5\u540c\u6837\u9002\u7528\u4e8e\u7269\u7406\u4e3b\u673a\u548c\u865a\u62df\u4e3b\u673a\u3002\u5e94\u8bb0\u5f55\u64cd\u4f5c\u7cfb\u7edf\u7ea7\u548c\u5e94\u7528\u7a0b\u5e8f\u7ea7\u4e8b\u4ef6\uff0c\u5305\u62ec\u5bf9\u4e3b\u673a\u548c\u6570\u636e\u7684\u8bbf\u95ee\u4e8b\u4ef6\u3001\u7528\u6237\u6dfb\u52a0\u548c\u5220\u9664\u3001\u6743\u9650\u66f4\u6539\u4ee5\u53ca\u73af\u5883\u89c4\u5b9a\u7684\u5176\u4ed6\u4e8b\u4ef6\u3002\u7406\u60f3\u60c5\u51b5\u4e0b\uff0c\u60a8\u53ef\u4ee5\u5c06\u8fd9\u4e9b\u65e5\u5fd7\u914d\u7f6e\u4e3a\u5bfc\u51fa\u5230\u65e5\u5fd7\u805a\u5408\u5668\uff0c\u8be5\u805a\u5408\u5668\u6536\u96c6\u65e5\u5fd7\u4e8b\u4ef6\uff0c\u5c06\u5b83\u4eec\u5173\u8054\u8d77\u6765\u8fdb\u884c\u5206\u6790\uff0c\u5e76\u5b58\u50a8\u5b83\u4eec\u4ee5\u4f9b\u53c2\u8003\u6216\u8fdb\u4e00\u6b65\u64cd\u4f5c\u3002\u5b9e\u73b0\u6b64\u76ee\u7684\u7684\u4e00\u4e2a\u5e38\u89c1\u5de5\u5177\u662f ELK \u5806\u6808\uff0c\u5373 Elasticsearch\u3001Logstash \u548c Kibana\u3002 \u5e94\u5b9a\u671f\u67e5\u770b\u8fd9\u4e9b\u65e5\u5fd7\uff0c\u4f8b\u5982\u7531\u7f51\u7edc\u8fd0\u8425\u4e2d\u5fc3 \uff08NOC\uff09 \u5b9e\u65f6\u67e5\u770b\uff0c\u6216\u8005\u5982\u679c\u73af\u5883\u4e0d\u591f\u5927\u800c\u4e0d\u9700\u8981 NOC\uff0c\u5219\u65e5\u5fd7\u5e94\u5b9a\u671f\u8fdb\u884c\u65e5\u5fd7\u5ba1\u67e5\u8fc7\u7a0b\u3002 \u5f88\u591a\u65f6\u5019\uff0c\u6709\u8da3\u7684\u4e8b\u4ef6\u4f1a\u89e6\u53d1\u8b66\u62a5\uff0c\u8be5\u8b66\u62a5\u5c06\u53d1\u9001\u7ed9\u54cd\u5e94\u65b9\u4ee5\u91c7\u53d6\u884c\u52a8\u3002\u901a\u5e38\uff0c\u6b64\u8b66\u62a5\u91c7\u7528\u5305\u542b\u76f8\u5173\u6d88\u606f\u7684\u7535\u5b50\u90ae\u4ef6\u5f62\u5f0f\u3002\u4e00\u4e2a\u6709\u8da3\u7684\u4e8b\u4ef6\u53ef\u80fd\u662f\u91cd\u5927\u6545\u969c\uff0c\u4e5f\u53ef\u80fd\u662f\u6302\u8d77\u6545\u969c\u7684\u5df2\u77e5\u8fd0\u884c\u72b6\u51b5\u6307\u793a\u5668\u3002\u7528\u4e8e\u7ba1\u7406\u544a\u8b66\u7684\u4e24\u4e2a\u5e38\u89c1\u5b9e\u7528\u7a0b\u5e8f\u662f Nagios \u548c Zabbix\u3002","title":"\u76d1\u63a7\u3001\u544a\u8b66\u548c\u62a5\u544a"},{"location":"security/security-guide/#_292","text":"\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u8fd0\u884c\u72ec\u7acb\u7684\u865a\u62df\u673a\u3002\u6b64\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u53ef\u4ee5\u5728\u64cd\u4f5c\u7cfb\u7edf\u4e2d\u8fd0\u884c\uff0c\u4e5f\u53ef\u4ee5\u76f4\u63a5\u5728\u786c\u4ef6\u4e0a\u8fd0\u884c\uff08\u79f0\u4e3a\u88f8\u673a\uff09\u3002\u5bf9\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u7684\u66f4\u65b0\u4e0d\u4f1a\u5411\u4e0b\u4f20\u64ad\u5230\u865a\u62df\u673a\u3002\u4f8b\u5982\uff0c\u5982\u679c\u90e8\u7f72\u4f7f\u7528\u7684\u662f XenServer\uff0c\u5e76\u4e14\u5177\u6709\u4e00\u7ec4 Debian \u865a\u62df\u673a\uff0c\u5219\u5bf9 XenServer \u7684\u66f4\u65b0\u4e0d\u4f1a\u66f4\u65b0 Debian \u865a\u62df\u673a\u4e0a\u8fd0\u884c\u7684\u4efb\u4f55\u5185\u5bb9\u3002 \u56e0\u6b64\uff0c\u6211\u4eec\u5efa\u8bae\u5206\u914d\u865a\u62df\u673a\u7684\u660e\u786e\u6240\u6709\u6743\uff0c\u5e76\u7531\u8fd9\u4e9b\u6240\u6709\u8005\u8d1f\u8d23\u865a\u62df\u673a\u7684\u5f3a\u5316\u3001\u90e8\u7f72\u548c\u6301\u7eed\u529f\u80fd\u3002\u6211\u4eec\u8fd8\u5efa\u8bae\u5b9a\u671f\u90e8\u7f72\u66f4\u65b0\u3002\u8fd9\u4e9b\u8865\u4e01\u5e94\u5728\u5c3d\u53ef\u80fd\u63a5\u8fd1\u751f\u4ea7\u73af\u5883\u7684\u73af\u5883\u4e2d\u8fdb\u884c\u6d4b\u8bd5\uff0c\u4ee5\u786e\u4fdd\u8865\u4e01\u80cc\u540e\u7684\u95ee\u9898\u7684\u7a33\u5b9a\u6027\u548c\u89e3\u51b3\u65b9\u6848\u3002","title":"\u66f4\u65b0\u548c\u8865\u4e01"},{"location":"security/security-guide/#_293","text":"\u6700\u5e38\u89c1\u7684\u64cd\u4f5c\u7cfb\u7edf\u5305\u62ec\u57fa\u4e8e\u4e3b\u673a\u7684\u9632\u706b\u5899\uff0c\u4ee5\u63d0\u9ad8\u5b89\u5168\u6027\u3002\u867d\u7136\u6211\u4eec\u5efa\u8bae\u865a\u62df\u673a\u8fd0\u884c\u5c3d\u53ef\u80fd\u5c11\u7684\u5e94\u7528\u7a0b\u5e8f\uff08\u5982\u679c\u53ef\u80fd\u7684\u8bdd\uff0c\u8fbe\u5230\u5355\u4e00\u7528\u9014\u5b9e\u4f8b\u7684\u7a0b\u5ea6\uff09\uff0c\u4f46\u5e94\u5206\u6790\u865a\u62df\u673a\u4e0a\u8fd0\u884c\u7684\u6240\u6709\u5e94\u7528\u7a0b\u5e8f\uff0c\u4ee5\u786e\u5b9a\u5e94\u7528\u7a0b\u5e8f\u9700\u8981\u8bbf\u95ee\u54ea\u4e9b\u7cfb\u7edf\u8d44\u6e90\u3001\u8fd0\u884c\u6240\u9700\u7684\u6700\u4f4e\u7279\u6743\u7ea7\u522b\uff0c\u4ee5\u53ca\u5c06\u8fdb\u51fa\u865a\u62df\u673a\u7684\u9884\u671f\u7f51\u7edc\u6d41\u91cf\u3002\u6b64\u9884\u671f\u6d41\u91cf\u5e94\u4f5c\u4e3a\u5141\u8bb8\u7684\u6d41\u91cf\uff08\u6216\u5217\u5165\u767d\u540d\u5355\uff09\u6dfb\u52a0\u5230\u57fa\u4e8e\u4e3b\u673a\u7684\u9632\u706b\u5899\u4e2d\uff0c\u4ee5\u53ca\u4efb\u4f55\u5fc5\u8981\u7684\u65e5\u5fd7\u8bb0\u5f55\u548c\u7ba1\u7406\u901a\u4fe1\uff0c\u4f8b\u5982 SSH \u6216 RDP\u3002\u5e94\u5728\u9632\u706b\u5899\u914d\u7f6e\u4e2d\u660e\u786e\u62d2\u7edd\u6240\u6709\u5176\u4ed6\u6d41\u91cf\u3002 \u5728 Linux \u865a\u62df\u673a\u4e0a\uff0c\u4e0a\u8ff0\u5e94\u7528\u7a0b\u5e8f\u914d\u7f6e\u6587\u4ef6\u53ef\u4ee5\u4e0e audit2allow \u7b49\u5de5\u5177\u7ed3\u5408\u4f7f\u7528\uff0c\u4ee5\u6784\u5efa SELinux \u7b56\u7565\uff0c\u4ee5\u8fdb\u4e00\u6b65\u4fdd\u62a4\u5927\u591a\u6570 Linux \u53d1\u884c\u7248\u4e0a\u7684\u654f\u611f\u7cfb\u7edf\u4fe1\u606f\u3002SELinux \u4f7f\u7528\u7528\u6237\u3001\u7b56\u7565\u548c\u5b89\u5168\u4e0a\u4e0b\u6587\u7684\u7ec4\u5408\u6765\u5212\u5206\u5e94\u7528\u7a0b\u5e8f\u8fd0\u884c\u6240\u9700\u7684\u8d44\u6e90\uff0c\u5e76\u5c06\u5176\u4e0e\u5176\u4ed6\u4e0d\u9700\u8981\u7684\u7cfb\u7edf\u8d44\u6e90\u533a\u5206\u5f00\u6765\u3002 OpenStack \u4e3a\u4e3b\u673a\u548c\u7f51\u7edc\u63d0\u4f9b\u5b89\u5168\u7ec4\uff0c\u4ee5\u589e\u52a0\u5bf9\u7ed9\u5b9a\u9879\u76ee\u4e2d\u865a\u62df\u673a\u7684\u6df1\u5ea6\u9632\u5fa1\u3002\u8fd9\u4e9b\u89c4\u5219\u7c7b\u4f3c\u4e8e\u57fa\u4e8e\u4e3b\u673a\u7684\u9632\u706b\u5899\uff0c\u56e0\u4e3a\u5b83\u4eec\u6839\u636e\u7aef\u53e3\u3001\u534f\u8bae\u548c\u5730\u5740\u5141\u8bb8\u6216\u62d2\u7edd\u4f20\u5165\u6d41\u91cf\uff0c\u4f46\u5b89\u5168\u7ec4\u89c4\u5219\u4ec5\u9002\u7528\u4e8e\u4f20\u5165\u6d41\u91cf\uff0c\u800c\u57fa\u4e8e\u4e3b\u673a\u7684\u9632\u706b\u5899\u89c4\u5219\u80fd\u591f\u5e94\u7528\u4e8e\u4f20\u5165\u548c\u4f20\u51fa\u6d41\u91cf\u3002\u4e3b\u673a\u548c\u7f51\u7edc\u5b89\u5168\u7ec4\u89c4\u5219\u4e5f\u53ef\u80fd\u53d1\u751f\u51b2\u7a81\u5e76\u62d2\u7edd\u5408\u6cd5\u6d41\u91cf\u3002\u6211\u4eec\u5efa\u8bae\u786e\u4fdd\u4e3a\u6b63\u5728\u4f7f\u7528\u7684\u7f51\u7edc\u6b63\u786e\u914d\u7f6e\u5b89\u5168\u7ec4\u3002\u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u672c\u6307\u5357\u4e2d\u7684\u5b89\u5168\u7ec4\u3002","title":"\u9632\u706b\u5899\u548c\u5176\u4ed6\u57fa\u4e8e\u4e3b\u673a\u7684\u5b89\u5168\u63a7\u5236"},{"location":"security/security-guide/#_294","text":"\u5728\u4e91\u73af\u5883\u4e2d\uff0c\u786c\u4ef6\u3001\u64cd\u4f5c\u7cfb\u7edf\u3001\u865a\u62df\u673a\u7ba1\u7406\u5668\u3001OpenStack \u670d\u52a1\u3001\u4e91\u7528\u6237\u6d3b\u52a8\uff08\u4f8b\u5982\u521b\u5efa\u5b9e\u4f8b\u548c\u9644\u52a0\u5b58\u50a8\uff09\u3001\u7f51\u7edc\u4ee5\u53ca\u4f7f\u7528\u5728\u5404\u79cd\u5b9e\u4f8b\u4e0a\u8fd0\u884c\u7684\u5e94\u7528\u7a0b\u5e8f\u7684\u6700\u7ec8\u7528\u6237\u6df7\u5408\u5728\u4e00\u8d77\u3002 \u65e5\u5fd7\u8bb0\u5f55\u7684\u57fa\u7840\u77e5\u8bc6\uff1a\u914d\u7f6e\u3001\u8bbe\u7f6e\u65e5\u5fd7\u7ea7\u522b\u3001\u65e5\u5fd7\u6587\u4ef6\u7684\u4f4d\u7f6e\u3001\u5982\u4f55\u4f7f\u7528\u548c\u81ea\u5b9a\u4e49\u65e5\u5fd7\uff0c\u4ee5\u53ca\u5982\u4f55\u96c6\u4e2d\u6536\u96c6\u65e5\u5fd7\uff0c\u8fd9\u4e9b\u5728 OpenStack \u64cd\u4f5c\u6307\u5357\u4e2d\u90fd\u6709\u5f88\u597d\u7684\u4ecb\u7ecd\u3002 \u53d6\u8bc1\u548c\u4e8b\u4ef6\u54cd\u5e94 \u76d1\u63a7\u7528\u4f8b \u53c2\u8003\u4e66\u76ee","title":"\u76d1\u89c6\u548c\u65e5\u5fd7\u8bb0\u5f55"},{"location":"security/security-guide/#_295","text":"\u65e5\u5fd7\u7684\u751f\u6210\u548c\u6536\u96c6\u662f\u5b89\u5168\u76d1\u63a7 OpenStack \u57fa\u7840\u67b6\u6784\u7684\u91cd\u8981\u7ec4\u6210\u90e8\u5206\u3002\u65e5\u5fd7\u63d0\u4f9b\u5bf9\u7ba1\u7406\u5458\u3001\u79df\u6237\u548c\u6765\u5bbe\u65e5\u5e38\u64cd\u4f5c\u7684\u53ef\u89c1\u6027\uff0c\u4ee5\u53ca\u8ba1\u7b97\u3001\u7f51\u7edc\u548c\u5b58\u50a8\u4ee5\u53ca\u6784\u6210 OpenStack \u90e8\u7f72\u7684\u5176\u4ed6\u7ec4\u4ef6\u4e2d\u7684\u6d3b\u52a8\u3002 \u65e5\u5fd7\u4e0d\u4ec5\u5bf9\u4e3b\u52a8\u5b89\u5168\u548c\u6301\u7eed\u5408\u89c4\u6027\u6d3b\u52a8\u5f88\u6709\u4ef7\u503c\uff0c\u800c\u4e14\u4e5f\u662f\u8c03\u67e5\u548c\u54cd\u5e94\u4e8b\u4ef6\u7684\u5b9d\u8d35\u4fe1\u606f\u6e90\u3002 \u4f8b\u5982\uff0c\u5206\u6790\u8eab\u4efd\u670d\u52a1\u6216\u5176\u66ff\u4ee3\u8eab\u4efd\u9a8c\u8bc1\u7cfb\u7edf\u7684\u8bbf\u95ee\u65e5\u5fd7\u4f1a\u63d0\u9192\u6211\u4eec\u767b\u5f55\u5931\u8d25\u3001\u9891\u7387\u3001\u6e90 IP\u3001\u4e8b\u4ef6\u662f\u5426\u4ec5\u9650\u4e8e\u9009\u62e9\u5e10\u6237\u548c\u5176\u4ed6\u76f8\u5173\u4fe1\u606f\u3002\u65e5\u5fd7\u5206\u6790\u652f\u6301\u68c0\u6d4b\u3002 \u53ef\u4ee5\u91c7\u53d6\u63aa\u65bd\u6765\u7f13\u89e3\u6f5c\u5728\u7684\u6076\u610f\u6d3b\u52a8\uff0c\u4f8b\u5982\u5c06 IP \u5730\u5740\u5217\u5165\u9ed1\u540d\u5355\u3001\u5efa\u8bae\u52a0\u5f3a\u7528\u6237\u5bc6\u7801\u6216\u505c\u7528\u88ab\u89c6\u4e3a\u4f11\u7720\u7684\u7528\u6237\u5e10\u6237\u3002","title":"\u53d6\u8bc1\u548c\u4e8b\u4ef6\u54cd\u5e94"},{"location":"security/security-guide/#_296","text":"\u4e8b\u4ef6\u76d1\u63a7\u662f\u4e00\u79cd\u66f4\u4e3b\u52a8\u7684\u65b9\u6cd5\uff0c\u53ef\u4ee5\u4fdd\u62a4\u73af\u5883\uff0c\u63d0\u4f9b\u5b9e\u65f6\u68c0\u6d4b\u548c\u54cd\u5e94\u3002\u6709\u51e0\u79cd\u5de5\u5177\u53ef\u4ee5\u5e2e\u52a9\u8fdb\u884c\u76d1\u63a7\u3002 \u5bf9\u4e8eOpenStack\u4e91\u5b9e\u4f8b\uff0c\u6211\u4eec\u9700\u8981\u76d1\u63a7\u786c\u4ef6\u3001OpenStack\u670d\u52a1\u548c\u4e91\u8d44\u6e90\u4f7f\u7528\u60c5\u51b5\u3002\u540e\u8005\u6e90\u4e8e\u5e0c\u671b\u5177\u6709\u5f39\u6027\uff0c\u4ee5\u9002\u5e94\u7528\u6237\u7684\u52a8\u6001\u9700\u6c42\u3002 \u4ee5\u4e0b\u662f\u5728\u5b9e\u65bd\u65e5\u5fd7\u805a\u5408\u3001\u5206\u6790\u548c\u76d1\u63a7\u65f6\u9700\u8981\u8003\u8651\u7684\u51e0\u4e2a\u91cd\u8981\u7528\u4f8b\u3002\u8fd9\u4e9b\u7528\u4f8b\u53ef\u4ee5\u901a\u8fc7\u5404\u79cd\u5e94\u7528\u7a0b\u5e8f\u3001\u5de5\u5177\u6216\u811a\u672c\u6765\u5b9e\u73b0\u548c\u76d1\u63a7\u3002\u6709\u5f00\u6e90\u548c\u5546\u4e1a\u89e3\u51b3\u65b9\u6848\uff0c\u4e00\u4e9b\u8fd0\u8425\u5546\u5f00\u53d1\u81ea\u5df1\u7684\u5185\u90e8\u89e3\u51b3\u65b9\u6848\u3002\u8fd9\u4e9b\u5de5\u5177\u548c\u811a\u672c\u53ef\u4ee5\u751f\u6210\u4e8b\u4ef6\uff0c\u8fd9\u4e9b\u4e8b\u4ef6\u53ef\u4ee5\u901a\u8fc7\u7535\u5b50\u90ae\u4ef6\u53d1\u9001\u7ed9\u7ba1\u7406\u5458\u6216\u5728\u96c6\u6210\u4eea\u8868\u677f\u4e2d\u67e5\u770b\u3002\u8bf7\u52a1\u5fc5\u8003\u8651\u53ef\u80fd\u9002\u7528\u4e8e\u60a8\u7684\u7279\u5b9a\u7f51\u7edc\u7684\u5176\u4ed6\u7528\u4f8b\uff0c\u4ee5\u53ca\u60a8\u53ef\u80fd\u8ba4\u4e3a\u7684\u5f02\u5e38\u884c\u4e3a\u3002 \u68c0\u6d4b\u65e5\u5fd7\u751f\u6210\u7f3a\u5931\u662f\u4e00\u4e2a\u5177\u6709\u5f88\u9ad8\u4ef7\u503c\u7684\u4e8b\u4ef6\u3002\u6b64\u7c7b\u4e8b\u4ef6\u5c06\u8868\u660e\u670d\u52a1\u5931\u8d25\uff0c\u751a\u81f3\u8868\u793a\u5165\u4fb5\u8005\u6682\u65f6\u5173\u95ed\u4e86\u65e5\u5fd7\u8bb0\u5f55\u6216\u4fee\u6539\u4e86\u65e5\u5fd7\u7ea7\u522b\u4ee5\u9690\u85cf\u5176\u8e2a\u8ff9\u3002 \u5e94\u7528\u7a0b\u5e8f\u4e8b\u4ef6\uff08\u5982\u8ba1\u5212\u5916\u7684\u542f\u52a8\u6216\u505c\u6b62\u4e8b\u4ef6\uff09\u4e5f\u662f\u8981\u76d1\u89c6\u548c\u68c0\u67e5\u53ef\u80fd\u7684\u5b89\u5168\u9690\u60a3\u7684\u4e8b\u4ef6\u3002 OpenStack \u670d\u52a1\u673a\u5668\u4e0a\u7684\u64cd\u4f5c\u7cfb\u7edf\u4e8b\u4ef6\uff08\u5982\u7528\u6237\u767b\u5f55\u6216\u91cd\u65b0\u542f\u52a8\uff09\u4e5f\u4e3a\u7cfb\u7edf\u7684\u6b63\u786e\u548c\u4e0d\u5f53\u4f7f\u7528\u63d0\u4f9b\u4e86\u6709\u4ef7\u503c\u7684\u89c1\u89e3\u3002 \u80fd\u591f\u68c0\u6d4bOpenStack\u670d\u52a1\u5668\u4e0a\u7684\u8d1f\u8f7d\u8fd8\u53ef\u4ee5\u901a\u8fc7\u5f15\u5165\u5176\u4ed6\u670d\u52a1\u5668\u8fdb\u884c\u8d1f\u8f7d\u5e73\u8861\u6765\u505a\u51fa\u54cd\u5e94\uff0c\u4ee5\u786e\u4fdd\u9ad8\u53ef\u7528\u6027\u3002 \u5176\u4ed6\u53ef\u64cd\u4f5c\u7684\u4e8b\u4ef6\u5305\u62ec\u7f51\u7edc\u7f51\u6865\u5173\u95ed\u3001\u8ba1\u7b97\u8282\u70b9\u4e0a\u7684 IP \u8868\u88ab\u5237\u65b0\uff0c\u4ee5\u53ca\u968f\u4e4b\u800c\u6765\u7684\u5bf9\u5b9e\u4f8b\u7684\u8bbf\u95ee\u4e22\u5931\uff0c\u5bfc\u81f4\u5ba2\u6237\u4e0d\u6ee1\u610f\u3002 \u4e3a\u4e86\u964d\u4f4e\u5728\u8eab\u4efd\u670d\u52a1\u4e2d\u5220\u9664\u7528\u6237\u3001\u79df\u6237\u6216\u57df\u65f6\u5b64\u7acb\u5b9e\u4f8b\u7684\u5b89\u5168\u98ce\u9669\uff0c\u6211\u4eec\u8ba8\u8bba\u4e86\u5728\u7cfb\u7edf\u4e2d\u751f\u6210\u901a\u77e5\uff0c\u5e76\u8ba9 OpenStack \u7ec4\u4ef6\u9002\u5f53\u5730\u54cd\u5e94\u8fd9\u4e9b\u4e8b\u4ef6\uff0c\u4f8b\u5982\u7ec8\u6b62\u5b9e\u4f8b\u3001\u65ad\u5f00\u8fde\u63a5\u7684\u5377\u3001\u56de\u6536 CPU \u548c\u5b58\u50a8\u8d44\u6e90\u7b49\u3002 \u4e91\u5c06\u6258\u7ba1\u8bb8\u591a\u865a\u62df\u5b9e\u4f8b\uff0c\u5e76\u4e14\u76d1\u89c6\u8fd9\u4e9b\u5b9e\u4f8b\u8d85\u51fa\u4e86\u53ef\u80fd\u4ec5\u5305\u542b CRUD \u4e8b\u4ef6\u7684\u786c\u4ef6\u76d1\u89c6\u548c\u65e5\u5fd7\u6587\u4ef6\u3002 \u5b89\u5168\u76d1\u63a7\u63a7\u5236\uff08\u5982\u5165\u4fb5\u68c0\u6d4b\u8f6f\u4ef6\u3001\u9632\u75c5\u6bd2\u8f6f\u4ef6\u4ee5\u53ca\u95f4\u8c0d\u8f6f\u4ef6\u68c0\u6d4b\u548c\u5220\u9664\u5b9e\u7528\u7a0b\u5e8f\uff09\u53ef\u4ee5\u751f\u6210\u65e5\u5fd7\uff0c\u663e\u793a\u653b\u51fb\u6216\u5165\u4fb5\u53d1\u751f\u7684\u65f6\u95f4\u548c\u65b9\u5f0f\u3002\u5728\u4e91\u8ba1\u7b97\u673a\u4e0a\u90e8\u7f72\u8fd9\u4e9b\u5de5\u5177\u53ef\u63d0\u4f9b\u4ef7\u503c\u548c\u4fdd\u62a4\u3002\u4e91\u7528\u6237\uff0c\u5373\u5728\u4e91\u4e0a\u8fd0\u884c\u5b9e\u4f8b\u7684\u7528\u6237\uff0c\u53ef\u80fd\u4e5f\u5e0c\u671b\u5728\u5176\u5b9e\u4f8b\u4e0a\u8fd0\u884c\u6b64\u7c7b\u5de5\u5177\u3002","title":"\u76d1\u63a7\u7528\u4f8b"},{"location":"security/security-guide/#_297","text":"Siwczak, Piotr\uff0c\u5728 OpenStack \u4e91\u4e2d\u8fdb\u884c\u76d1\u63a7\u7684\u4e00\u4e9b\u5b9e\u9645\u6ce8\u610f\u4e8b\u9879\u30022012. blog.sflow.com\uff0c sflow\uff1a\u4e3b\u673a sFlow \u5206\u5e03\u5f0f\u4ee3\u7406\u30022012. blog.sflow.com\uff0csflow\uff1aLAN \u548c WAN\u30022009. blog.sflow.com\u3001sflow\uff1a\u5feb\u901f\u68c0\u6d4b\u5927\u6d41\u91cf sFlow \u4e0e NetFlow/IPFIX\u30022013.","title":"\u53c2\u8003\u4e66\u76ee"},{"location":"security/security-guide/#_298","text":"OpenStack \u90e8\u7f72\u53ef\u80fd\u9700\u8981\u51fa\u4e8e\u591a\u79cd\u76ee\u7684\u8fdb\u884c\u5408\u89c4\u6027\u6d3b\u52a8\uff0c\u4f8b\u5982\u6cd5\u89c4\u548c\u6cd5\u5f8b\u8981\u6c42\u3001\u5ba2\u6237\u9700\u6c42\u3001\u9690\u79c1\u6ce8\u610f\u4e8b\u9879\u548c\u5b89\u5168\u6700\u4f73\u5b9e\u8df5\u3002\u5408\u89c4\u529f\u80fd\u5bf9\u4f01\u4e1a\u53ca\u5176\u5ba2\u6237\u5f88\u91cd\u8981\u3002\u5408\u89c4\u610f\u5473\u7740\u9075\u5b88\u6cd5\u89c4\u3001\u89c4\u8303\u3001\u6807\u51c6\u548c\u6cd5\u5f8b\u3002\u5b83\u8fd8\u7528\u4e8e\u63cf\u8ff0\u6709\u5173\u8bc4\u4f30\u3001\u5ba1\u6838\u548c\u8ba4\u8bc1\u7684\u7ec4\u7ec7\u72b6\u6001\u3002\u5982\u679c\u64cd\u4f5c\u5f97\u5f53\uff0c\u5408\u89c4\u6027\u53ef\u4ee5\u7edf\u4e00\u548c\u52a0\u5f3a\u672c\u6307\u5357\u4e2d\u8ba8\u8bba\u7684\u5176\u4ed6\u5b89\u5168\u4e3b\u9898\u3002 \u672c\u7ae0\u6709\u51e0\u4e2a\u76ee\u6807\uff1a \u67e5\u770b\u5e38\u89c1\u7684\u5b89\u5168\u539f\u5219\u3002 \u8ba8\u8bba\u5e38\u89c1\u7684\u63a7\u5236\u6846\u67b6\u548c\u8ba4\u8bc1\u8d44\u6e90\uff0c\u4ee5\u5b9e\u73b0\u884c\u4e1a\u8ba4\u8bc1\u6216\u76d1\u7ba1\u673a\u6784\u8ba4\u8bc1\u3002 \u5728\u8bc4\u4f30 OpenStack \u90e8\u7f72\u65f6\uff0c\u53ef\u4f5c\u4e3a\u5ba1\u8ba1\u4eba\u5458\u7684\u53c2\u8003\u3002 \u4ecb\u7ecd\u7279\u5b9a\u4e8e OpenStack \u548c\u4e91\u73af\u5883\u7684\u9690\u79c1\u6ce8\u610f\u4e8b\u9879\u3002 \u5408\u89c4\u6027\u6982\u8ff0 \u5b89\u5168\u539f\u5219 \u5e38\u89c1\u63a7\u5236\u6846\u67b6 \u5ba1\u6838\u53c2\u8003 \u4e86\u89e3\u5ba1\u6838\u6d41\u7a0b \u786e\u5b9a\u5ba1\u8ba1\u8303\u56f4 \u5ba1\u8ba1\u9636\u6bb5 \u5185\u90e8\u5ba1\u8ba1 \u51c6\u5907\u5916\u90e8\u5ba1\u8ba1 \u5916\u90e8\u5ba1\u8ba1 \u5408\u89c4\u6027\u7ef4\u62a4 \u5408\u89c4\u6d3b\u52a8 \u4fe1\u606f\u5b89\u5168\u7ba1\u7406\u7cfb\u7edf\uff08ISMS\uff09 \u98ce\u9669\u8bc4\u4f30 \u8bbf\u95ee\u548c\u65e5\u5fd7\u5ba1\u67e5 \u5907\u4efd\u548c\u707e\u96be\u6062\u590d \u5b89\u5168\u57f9\u8bad \u5b89\u5168\u5ba1\u67e5 \u6f0f\u6d1e\u7ba1\u7406 \u6570\u636e\u5206\u7c7b \u5f02\u5e38\u8fc7\u7a0b \u8ba4\u8bc1\u548c\u5408\u89c4\u58f0\u660e \u5546\u4e1a\u6807\u51c6 \u653f\u5e9c\u6807\u51c6 \u9690\u79c1","title":"\u5408\u89c4"},{"location":"security/security-guide/#_299","text":"","title":"\u5408\u89c4\u6027\u6982\u8ff0"},{"location":"security/security-guide/#_300","text":"\u884c\u4e1a\u6807\u51c6\u5b89\u5168\u539f\u5219\u4e3a\u5408\u89c4\u6027\u8ba4\u8bc1\u548c\u8bc1\u660e\u63d0\u4f9b\u4e86\u57fa\u51c6\u3002\u5982\u679c\u5728\u6574\u4e2a OpenStack \u90e8\u7f72\u8fc7\u7a0b\u4e2d\u8003\u8651\u548c\u5f15\u7528\u8fd9\u4e9b\u539f\u5219\uff0c\u5219\u53ef\u4ee5\u7b80\u5316\u8ba4\u8bc1\u6d3b\u52a8\u3002","title":"\u5b89\u5168\u539f\u5219"},{"location":"security/security-guide/#_301","text":"\u786e\u5b9a\u4e91\u67b6\u6784\u4e2d\u5b58\u5728\u98ce\u9669\u7684\u4f4d\u7f6e\uff0c\u5e76\u5e94\u7528\u63a7\u5236\u63aa\u65bd\u6765\u964d\u4f4e\u98ce\u9669\u3002\u5728\u91cd\u5927\u5173\u6ce8\u9886\u57df\uff0c\u5206\u5c42\u9632\u5fa1\u63d0\u4f9b\u591a\u79cd\u4e92\u8865\u63a7\u5236\uff0c\u5c06\u98ce\u9669\u7ba1\u7406\u5230\u53ef\u63a5\u53d7\u7684\u6c34\u5e73\u3002\u4f8b\u5982\uff0c\u4e3a\u4e86\u786e\u4fdd\u4e91\u79df\u6237\u4e4b\u95f4\u7684\u5145\u5206\u9694\u79bb\uff0c\u6211\u4eec\u5efa\u8bae\u5f3a\u5316 QEMU\uff0c\u4f7f\u7528\u652f\u6301 SELinux \u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\uff0c\u5b9e\u65bd\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236\u7b56\u7565\uff0c\u5e76\u51cf\u5c11\u6574\u4f53\u653b\u51fb\u9762\u3002\u57fa\u672c\u539f\u5219\u662f\u7528\u591a\u5c42\u9632\u5fa1\u6765\u5f3a\u5316\u5173\u6ce8\u533a\u57df\uff0c\u8fd9\u6837\uff0c\u5982\u679c\u4efb\u4f55\u4e00\u5c42\u53d7\u5230\u635f\u5bb3\uff0c\u5176\u4ed6\u5c42\u5c06\u5b58\u5728\u4ee5\u63d0\u4f9b\u4fdd\u62a4\u5e76\u6700\u5927\u9650\u5ea6\u5730\u51cf\u5c11\u66b4\u9732\u3002","title":"\u5206\u5c42\u9632\u5fa1"},{"location":"security/security-guide/#_302","text":"\u5728\u53d1\u751f\u6545\u969c\u7684\u60c5\u51b5\u4e0b\uff0c\u7cfb\u7edf\u5e94\u914d\u7f6e\u4e3a\u5728\u5173\u95ed\u7684\u5b89\u5168\u72b6\u6001\u4e2d\u5931\u8d25\u3002\u4f8b\u5982\uff0c\u5982\u679cTLS\u8bc1\u4e66\u9a8c\u8bc1\u672a\u901a\u8fc7\uff0c\u5373CNAME\u4e0e\u670d\u52a1\u5668\u7684DNS\u540d\u79f0\u4e0d\u5339\u914d\uff0c\u5e94\u901a\u8fc7\u5207\u65ad\u7f51\u7edc\u8fde\u63a5\u6765\u5b89\u5168\u5931\u8d25\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u8f6f\u4ef6\u901a\u5e38\u4f1a\u4ee5\u5f00\u653e\u65b9\u5f0f\u5931\u8d25\uff0c\u5141\u8bb8\u8fde\u63a5\u5728\u6ca1\u6709CNAME\u5339\u914d\u7684\u60c5\u51b5\u4e0b\u7ee7\u7eed\u8fdb\u884c\uff0c\u8fd9\u6837\u4e0d\u591f\u5b89\u5168\uff0c\u4e5f\u4e0d\u5efa\u8bae\u3002","title":"\u5b89\u5168\u5931\u8d25"},{"location":"security/security-guide/#_303","text":"\u4ec5\u6388\u4e88\u7528\u6237\u548c\u7cfb\u7edf\u670d\u52a1\u7684\u6700\u4f4e\u8bbf\u95ee\u7ea7\u522b\u3002\u8fd9\u79cd\u8bbf\u95ee\u57fa\u4e8e\u89d2\u8272\u3001\u804c\u8d23\u548c\u5de5\u4f5c\u804c\u80fd\u3002\u8fd9\u79cd\u6700\u5c0f\u7279\u6743\u5b89\u5168\u539f\u5219\u5df2\u5199\u5165\u591a\u4e2a\u56fd\u9645\u653f\u5e9c\u5b89\u5168\u7b56\u7565\u4e2d\uff0c\u4f8b\u5982\u7f8e\u56fd\u5883\u5185\u7684 NIST 800-53 \u7b2c AC-6 \u8282\u3002","title":"\u6700\u5c0f\u6743\u9650"},{"location":"security/security-guide/#_304","text":"\u7cfb\u7edf\u5e94\u4ee5\u8fd9\u6837\u4e00\u79cd\u65b9\u5f0f\u9694\u79bb\uff0c\u5373\u5982\u679c\u4e00\u53f0\u8ba1\u7b97\u673a\u6216\u7cfb\u7edf\u7ea7\u670d\u52a1\u53d7\u5230\u635f\u5bb3\uff0c\u5176\u4ed6\u7cfb\u7edf\u7684\u5b89\u5168\u6027\u5c06\u4fdd\u6301\u4e0d\u53d8\u3002\u5b9e\u9645\u4e0a\uff0cSELinux \u7684\u542f\u7528\u548c\u6b63\u786e\u4f7f\u7528\u6709\u52a9\u4e8e\u5b9e\u73b0\u8fd9\u4e00\u76ee\u6807\u3002","title":"\u5206\u9694"},{"location":"security/security-guide/#_305","text":"\u5e94\u5c3d\u91cf\u51cf\u5c11\u53ef\u4ee5\u6536\u96c6\u7684\u6709\u5173\u7cfb\u7edf\u53ca\u5176\u7528\u6237\u7684\u4fe1\u606f\u91cf\u3002","title":"\u4fc3\u8fdb\u9690\u79c1"},{"location":"security/security-guide/#_306","text":"\u5b9e\u65bd\u9002\u5f53\u7684\u65e5\u5fd7\u8bb0\u5f55\u4ee5\u76d1\u63a7\u672a\u7ecf\u6388\u6743\u7684\u4f7f\u7528\u3001\u4e8b\u4ef6\u54cd\u5e94\u548c\u53d6\u8bc1\u3002\u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\u9009\u5b9a\u7684\u5ba1\u8ba1\u5b50\u7cfb\u7edf\u901a\u8fc7\u901a\u7528\u6807\u51c6\u8ba4\u8bc1\uff0c\u8be5\u6807\u51c6\u5728\u5927\u591a\u6570\u56fd\u5bb6/\u5730\u533a\u63d0\u4f9b\u4e0d\u53ef\u8bc1\u660e\u7684\u4e8b\u4ef6\u8bb0\u5f55\u3002","title":"\u65e5\u5fd7\u8bb0\u5f55\u80fd\u529b"},{"location":"security/security-guide/#_307","text":"\u4ee5\u4e0b\u662f\u7ec4\u7ec7\u53ef\u7528\u4e8e\u6784\u5efa\u5176\u5b89\u5168\u63a7\u5236\u7684\u63a7\u5236\u6846\u67b6\u5217\u8868\u3002 \u4e91\u5b89\u5168\u8054\u76df \uff08CSA\uff09 \u901a\u7528\u63a7\u5236\u77e9\u9635 \uff08CCM\uff09 CSA CCM \u4e13\u95e8\u7528\u4e8e\u63d0\u4f9b\u57fa\u672c\u7684\u5b89\u5168\u539f\u5219\uff0c\u4ee5\u6307\u5bfc\u4e91\u4f9b\u5e94\u5546\u5e76\u5e2e\u52a9\u6f5c\u5728\u7684\u4e91\u5ba2\u6237\u8bc4\u4f30\u4e91\u63d0\u4f9b\u5546\u7684\u6574\u4f53\u5b89\u5168\u98ce\u9669\u3002CSA CCM \u63d0\u4f9b\u4e86\u4e00\u4e2a\u8de8 16 \u4e2a\u5b89\u5168\u57df\u4fdd\u6301\u4e00\u81f4\u7684\u63a7\u5236\u6846\u67b6\u3002\u4e91\u63a7\u5236\u77e9\u9635\u7684\u57fa\u7840\u5728\u4e8e\u5176\u4e0e\u5176\u4ed6\u884c\u4e1a\u6807\u51c6\u3001\u6cd5\u89c4\u548c\u63a7\u5236\u6846\u67b6\u7684\u5b9a\u5236\u5173\u7cfb\uff0c\u4f8b\u5982\uff1aISO 27001\uff1a2013\u3001COBIT 5.0\u3001PCI\uff1aDSS v3\u3001AICPA 2014 \u4fe1\u4efb\u670d\u52a1\u539f\u5219\u548c\u6807\u51c6\uff0c\u5e76\u589e\u5f3a\u4e86\u670d\u52a1\u7ec4\u7ec7\u63a7\u5236\u62a5\u544a\u8bc1\u660e\u7684\u5185\u90e8\u63a7\u5236\u65b9\u5411\u3002 CSA CCM \u901a\u8fc7\u51cf\u5c11\u4e91\u4e2d\u7684\u5b89\u5168\u5a01\u80c1\u548c\u6f0f\u6d1e\u6765\u52a0\u5f3a\u73b0\u6709\u7684\u4fe1\u606f\u5b89\u5168\u63a7\u5236\u73af\u5883\uff0c\u63d0\u4f9b\u6807\u51c6\u5316\u7684\u5b89\u5168\u548c\u8fd0\u8425\u98ce\u9669\u7ba1\u7406\uff0c\u5e76\u5bfb\u6c42\u89c4\u8303\u5316\u5b89\u5168\u671f\u671b\u3001\u4e91\u5206\u7c7b\u548c\u672f\u8bed\u4ee5\u53ca\u5728\u4e91\u4e2d\u5b9e\u65bd\u7684\u5b89\u5168\u63aa\u65bd\u3002 ISO 27001/2:2013 ISO 27001/2\uff1a2013 \u8ba4\u8bc1 ISO 27001 \u4fe1\u606f\u5b89\u5168\u6807\u51c6\u548c\u8ba4\u8bc1\u591a\u5e74\u6765\u4e00\u76f4\u7528\u4e8e\u8bc4\u4f30\u548c\u533a\u5206\u7ec4\u7ec7\u662f\u5426\u7b26\u5408\u4fe1\u606f\u5b89\u5168\u6700\u4f73\u5b9e\u8df5\u3002\u8be5\u6807\u51c6\u7531\u4e24\u90e8\u5206\u7ec4\u6210\uff1a\u5b9a\u4e49\u4fe1\u606f\u5b89\u5168\u7ba1\u7406\u7cfb\u7edf \uff08ISMS\uff09 \u7684\u5f3a\u5236\u6027\u6761\u6b3e\u548c\u5305\u542b\u6309\u9886\u57df\u7ec4\u7ec7\u7684\u63a7\u5236\u5217\u8868\u7684\u9644\u5f55 A\u3002 \u4fe1\u606f\u5b89\u5168\u7ba1\u7406\u7cfb\u7edf\u901a\u8fc7\u5e94\u7528\u98ce\u9669\u7ba1\u7406\u6d41\u7a0b\u6765\u4fdd\u6301\u4fe1\u606f\u7684\u673a\u5bc6\u6027\u3001\u5b8c\u6574\u6027\u548c\u53ef\u7528\u6027\uff0c\u5e76\u4f7f\u76f8\u5173\u65b9\u76f8\u4fe1\u98ce\u9669\u5f97\u5230\u5145\u5206\u7ba1\u7406\u3002 \u53ef\u4fe1\u5b89\u5168\u539f\u5219 \u4fe1\u6258\u670d\u52a1\u662f\u4e00\u5957\u57fa\u4e8e\u4e00\u5957\u6838\u5fc3\u539f\u5219\u548c\u6807\u51c6\u7684\u4e13\u4e1a\u8ba4\u8bc1\u548c\u54a8\u8be2\u670d\u52a1\uff0c\u7528\u4e8e\u89e3\u51b3 IT \u7cfb\u7edf\u548c\u9690\u79c1\u8ba1\u5212\u7684\u98ce\u9669\u548c\u673a\u9047\u3002\u901a\u5e38\u79f0\u4e3a SOC \u5ba1\u8ba1\uff0c\u8fd9\u4e9b\u539f\u5219\u5b9a\u4e49\u4e86\u8981\u6c42\u662f\u4ec0\u4e48\uff0c\u7ec4\u7ec7\u6709\u8d23\u4efb\u5b9a\u4e49\u6ee1\u8db3\u8981\u6c42\u7684\u63a7\u5236\u63aa\u65bd\u3002","title":"\u5e38\u7528\u63a7\u5236\u6846\u67b6"},{"location":"security/security-guide/#_308","text":"OpenStack\u5728\u8bb8\u591a\u65b9\u9762\u90fd\u662f\u521b\u65b0\u7684\uff0c\u4f46\u662f\u7528\u4e8e\u5ba1\u8ba1OpenStack\u90e8\u7f72\u7684\u8fc7\u7a0b\u76f8\u5f53\u666e\u904d\u3002\u5ba1\u6838\u5458\u5c06\u6839\u636e\u4e24\u4e2a\u6807\u51c6\u8bc4\u4f30\u6d41\u7a0b\uff1a\u63a7\u5236\u662f\u5426\u6709\u6548\u8bbe\u8ba1\u4ee5\u53ca\u63a7\u5236\u662f\u5426\u6709\u6548\u8fd0\u884c\u3002\u4e86\u89e3\u5ba1\u8ba1\u5e08\u5982\u4f55\u8bc4\u4f30\u63a7\u5236\u63aa\u65bd\u662f\u5426\u6709\u6548\u8bbe\u8ba1\u548c\u8fd0\u884c\uff0c\u5c06\u5728\u201c\u4e86\u89e3\u5ba1\u8ba1\u8fc7\u7a0b\u201d\u4e00\u8282\u4e2d\u8ba8\u8bba\u3002 \u7528\u4e8e\u5ba1\u6838\u548c\u8bc4\u4f30\u4e91\u90e8\u7f72\u7684\u6700\u5e38\u89c1\u6846\u67b6\u5305\u62ec\u524d\u9762\u63d0\u5230\u7684 ISO 27001/2 \u4fe1\u606f\u5b89\u5168\u6807\u51c6\u3001ISACA \u7684\u4fe1\u606f\u548c\u76f8\u5173\u6280\u672f\u63a7\u5236\u76ee\u6807 \uff08COBIT\uff09 \u6846\u67b6\u3001\u7279\u96f7\u5fb7\u97e6\u59d4\u5458\u4f1a\u8d5e\u52a9\u7ec4\u7ec7\u59d4\u5458\u4f1a \uff08COSO\uff09 \u548c\u4fe1\u606f\u6280\u672f\u57fa\u7840\u8bbe\u65bd\u5e93 \uff08ITIL\uff09\u3002\u5ba1\u8ba1\u901a\u5e38\u5305\u62ec\u4e00\u4e2a\u6216\u591a\u4e2a\u8fd9\u4e9b\u6846\u67b6\u4e2d\u7684\u91cd\u70b9\u9886\u57df\u3002\u5e78\u8fd0\u7684\u662f\uff0c\u8fd9\u4e9b\u6846\u67b6\u4e4b\u95f4\u6709\u5f88\u591a\u91cd\u53e0\uff0c\u56e0\u6b64\u91c7\u7528\u6846\u67b6\u7684\u7ec4\u7ec7\u5c06\u5728\u5ba1\u8ba1\u65f6\u5904\u4e8e\u6709\u5229\u5730\u4f4d\u3002","title":"\u5ba1\u8ba1\u53c2\u8003"},{"location":"security/security-guide/#_309","text":"\u4fe1\u606f\u7cfb\u7edf\u5b89\u5168\u5408\u89c4\u6027\u4f9d\u8d56\u4e8e\u4e24\u4e2a\u57fa\u672c\u6d41\u7a0b\u7684\u5b8c\u6210\uff1a \u5b89\u5168\u63a7\u5236\u7684\u5b9e\u65bd\u548c\u64cd\u4f5c \u4f7f\u4fe1\u606f\u7cfb\u7edf\u4e0e\u8303\u56f4\u5185\u7684\u6807\u51c6\u548c\u6cd5\u89c4\u4fdd\u6301\u4e00\u81f4\u6d89\u53ca\u5185\u90e8\u4efb\u52a1\uff0c\u8fd9\u4e9b\u4efb\u52a1\u5fc5\u987b\u5728\u6b63\u5f0f\u8bc4\u4f30\u4e4b\u524d\u8fdb\u884c\u3002\u5ba1\u6838\u5458\u53ef\u80fd\u4f1a\u53c2\u4e0e\u6b64\u72b6\u6001\uff0c\u4ee5\u8fdb\u884c\u5dee\u8ddd\u5206\u6790\uff0c\u63d0\u4f9b\u6307\u5bfc\uff0c\u5e76\u589e\u52a0\u6210\u529f\u8ba4\u8bc1\u7684\u53ef\u80fd\u6027\u3002 \u72ec\u7acb\u9a8c\u8bc1\u548c\u786e\u8ba4 \u5728\u8bb8\u591a\u4fe1\u606f\u7cfb\u7edf\u83b7\u5f97\u8ba4\u8bc1\u72b6\u6001\u4e4b\u524d\uff0c\u9700\u8981\u5411\u4e2d\u7acb\u7684\u7b2c\u4e09\u65b9\u8bc1\u660e\u7cfb\u7edf\u5b89\u5168\u63a7\u5236\u5df2\u5b9e\u65bd\u5e76\u6709\u6548\u8fd0\u884c\uff0c\u7b26\u5408\u8303\u56f4\u5185\u7684\u6807\u51c6\u548c\u6cd5\u89c4\u3002\u8bb8\u591a\u8ba4\u8bc1\u9700\u8981\u5b9a\u671f\u5ba1\u6838\uff0c\u4ee5\u786e\u4fdd\u6301\u7eed\u8ba4\u8bc1\uff0c\u8fd9\u88ab\u8ba4\u4e3a\u662f\u603b\u4f53\u6301\u7eed\u76d1\u63a7\u5b9e\u8df5\u7684\u4e00\u90e8\u5206\u3002","title":"\u4e86\u89e3\u5ba1\u6838\u6d41\u7a0b"},{"location":"security/security-guide/#_310","text":"\u786e\u5b9a\u5ba1\u8ba1\u8303\u56f4\uff0c\u7279\u522b\u662f\u9700\u8981\u54ea\u4e9b\u63a7\u5236\u63aa\u65bd\uff0c\u4ee5\u53ca\u5982\u4f55\u8bbe\u8ba1\u6216\u4fee\u6539OpenStack\u90e8\u7f72\u4ee5\u6ee1\u8db3\u8fd9\u4e9b\u63a7\u5236\u63aa\u65bd\uff0c\u5e94\u8be5\u662f\u6700\u521d\u7684\u89c4\u5212\u6b65\u9aa4\u3002 \u5728\u51fa\u4e8e\u5408\u89c4\u6027\u76ee\u7684\u786e\u5b9a OpenStack \u90e8\u7f72\u8303\u56f4\u65f6\uff0c\u5e94\u4f18\u5148\u8003\u8651\u5bf9\u654f\u611f\u670d\u52a1\u7684\u63a7\u5236\uff0c\u4f8b\u5982\u547d\u4ee4\u548c\u63a7\u5236\u529f\u80fd\u4ee5\u53ca\u57fa\u672c\u865a\u62df\u5316\u6280\u672f\u3002\u8fd9\u4e9b\u8bbe\u65bd\u7684\u59a5\u534f\u53ef\u80fd\u4f1a\u5f71\u54cd\u6574\u4e2a OpenStack \u73af\u5883\u3002 \u7f29\u5c0f\u8303\u56f4\u6709\u52a9\u4e8e\u786e\u4fdd OpenStack \u67b6\u6784\u5e08\u5efa\u7acb\u9488\u5bf9\u7279\u5b9a\u90e8\u7f72\u91cf\u8eab\u5b9a\u5236\u7684\u9ad8\u8d28\u91cf\u5b89\u5168\u63a7\u5236\uff0c\u4f46\u6700\u91cd\u8981\u7684\u662f\u786e\u4fdd\u8fd9\u4e9b\u5b9e\u8df5\u4e0d\u4f1a\u9057\u6f0f\u5b89\u5168\u5f3a\u5316\u4e2d\u7684\u533a\u57df\u6216\u529f\u80fd\u3002\u4e00\u4e2a\u5e38\u89c1\u7684\u4f8b\u5b50\u662fPCI-DSS\u51c6\u5219\uff0c\u5176\u4e2d\u4e0e\u652f\u4ed8\u76f8\u5173\u7684\u57fa\u7840\u8bbe\u65bd\u53ef\u80fd\u4f1a\u53d7\u5230\u5b89\u5168\u95ee\u9898\u7684\u5ba1\u67e5\uff0c\u4f46\u652f\u6301\u670d\u52a1\u88ab\u5ffd\u89c6\uff0c\u5e76\u4e14\u5bb9\u6613\u53d7\u5230\u653b\u51fb\u3002 \u5728\u89e3\u51b3\u5408\u89c4\u6027\u95ee\u9898\u65f6\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u786e\u5b9a\u9002\u7528\u4e8e\u591a\u4e2a\u8ba4\u8bc1\u7684\u5e38\u89c1\u9886\u57df\u548c\u6807\u51c6\u6765\u63d0\u9ad8\u6548\u7387\u5e76\u51cf\u5c11\u5de5\u4f5c\u91cf\u3002\u672c\u4e66\u4e2d\u8ba8\u8bba\u7684\u8bb8\u591a\u5ba1\u8ba1\u539f\u5219\u548c\u51c6\u5219\u5c06\u6709\u52a9\u4e8e\u786e\u5b9a\u8fd9\u4e9b\u63a7\u5236\u63aa\u65bd\uff0c\u6b64\u5916\uff0c\u4e00\u4e9b\u5916\u90e8\u5b9e\u4f53\u63d0\u4f9b\u4e86\u5168\u9762\u7684\u6e05\u5355\u3002\u4ee5\u4e0b\u662f\u4e00\u4e9b\u793a\u4f8b\uff1a \u4e91\u5b89\u5168\u8054\u76df\u4e91\u63a7\u5236\u77e9\u9635 \uff08CCM\uff09 \u53ef\u5e2e\u52a9\u4e91\u63d0\u4f9b\u5546\u548c\u6d88\u8d39\u8005\u8bc4\u4f30\u4e91\u63d0\u4f9b\u5546\u7684\u6574\u4f53\u5b89\u5168\u6027\u3002CSA CMM \u63d0\u4f9b\u4e86\u4e00\u4e2a\u63a7\u5236\u6846\u67b6\uff0c\u8be5\u6846\u67b6\u6620\u5c04\u5230\u8bb8\u591a\u884c\u4e1a\u516c\u8ba4\u7684\u6807\u51c6\u548c\u6cd5\u89c4\uff0c\u5305\u62ec ISO 27001/2\u3001ISACA\u3001COBIT\u3001PCI\u3001NIST\u3001Jericho Forum \u548c NERC CIP\u3002 \u300aSCAP \u5b89\u5168\u6307\u5357\u300b\u662f\u53e6\u4e00\u4e2a\u6709\u7528\u7684\u53c2\u8003\u3002\u8fd9\u4ecd\u7136\u662f\u4e00\u4e2a\u65b0\u5174\u7684\u6765\u6e90\uff0c\u4f46\u6211\u4eec\u9884\u8ba1\u8fd9\u5c06\u53d1\u5c55\u6210\u4e3a\u4e00\u4e2a\u5de5\u5177\uff0c\u5176\u63a7\u4ef6\u6620\u5c04\u66f4\u4fa7\u91cd\u4e8e\u7f8e\u56fd\u8054\u90a6\u653f\u5e9c\u7684\u8ba4\u8bc1\u548c\u5efa\u8bae\u3002\u4f8b\u5982\uff0cSCAP \u5b89\u5168\u6307\u5357\u76ee\u524d\u5305\u542b\u5b89\u5168\u6280\u672f\u5b9e\u65bd\u6307\u5357 \uff08STIG\uff09 \u548c NIST-800-53 \u7684\u4e00\u4e9b\u6620\u5c04\u3002 \u8fd9\u4e9b\u63a7\u5236\u6620\u5c04\u5c06\u6709\u52a9\u4e8e\u8bc6\u522b\u8de8\u8ba4\u8bc1\u7684\u901a\u7528\u63a7\u5236\u6807\u51c6\uff0c\u5e76\u4e3a\u5ba1\u6838\u5458\u548c\u88ab\u5ba1\u6838\u65b9\u63d0\u4f9b\u5bf9\u7279\u5b9a\u5408\u89c4\u6027\u8ba4\u8bc1\u548c\u8bc1\u660e\u7684\u63a7\u5236\u96c6\u4e2d\u95ee\u9898\u533a\u57df\u7684\u53ef\u89c1\u6027\u3002","title":"\u786e\u5b9a\u5ba1\u8ba1\u8303\u56f4"},{"location":"security/security-guide/#_311","text":"\u5ba1\u8ba1\u6709\u56db\u4e2a\u4e0d\u540c\u7684\u9636\u6bb5\uff0c\u5c3d\u7ba1\u5927\u591a\u6570\u5229\u76ca\u76f8\u5173\u8005\u548c\u63a7\u5236\u6240\u6709\u8005\u53ea\u4f1a\u53c2\u4e0e\u4e00\u4e24\u4e2a\u9636\u6bb5\u3002\u56db\u4e2a\u9636\u6bb5\u662f\u89c4\u5212\u3001\u5b9e\u5730\u8003\u5bdf\u3001\u62a5\u544a\u548c\u603b\u7ed3\u3002\u4e0b\u9762\u5c06\u8ba8\u8bba\u8fd9\u4e9b\u9636\u6bb5\u4e2d\u7684\u6bcf\u4e00\u4e2a\u3002 \u89c4\u5212\u9636\u6bb5\u901a\u5e38\u5728\u5b9e\u5730\u5de5\u4f5c\u5f00\u59cb\u524d\u4e24\u5468\u5230\u516d\u4e2a\u6708\u8fdb\u884c\u3002\u5728\u6b64\u9636\u6bb5\uff0c\u5c06\u8ba8\u8bba\u5e76\u6700\u7ec8\u786e\u5b9a\u65f6\u95f4\u8303\u56f4\u3001\u65f6\u95f4\u8868\u3001\u8981\u8bc4\u4f30\u7684\u63a7\u5236\u63aa\u65bd\u548c\u63a7\u5236\u6240\u6709\u8005\u7b49\u5ba1\u8ba1\u9879\u76ee\u3002\u5bf9\u8d44\u6e90\u53ef\u7528\u6027\u3001\u516c\u6b63\u6027\u548c\u6210\u672c\u7684\u62c5\u5fe7\u4e5f\u5f97\u5230\u4e86\u89e3\u51b3\u3002 \u5b9e\u5730\u8003\u5bdf\u9636\u6bb5\u662f\u5ba1\u8ba1\u4e2d\u6700\u660e\u663e\u7684\u90e8\u5206\u3002\u8fd9\u662f\u5ba1\u8ba1\u5458\u5728\u73b0\u573a\u7684\u5730\u65b9\uff0c\u4e0e\u63a7\u5236\u6240\u6709\u8005\u9762\u8c08\uff0c\u8bb0\u5f55\u73b0\u6709\u7684\u63a7\u5236\u63aa\u65bd\uff0c\u5e76\u786e\u5b9a\u4efb\u4f55\u95ee\u9898\u3002\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u5ba1\u8ba1\u5e08\u5c06\u4f7f\u7528\u4e24\u90e8\u5206\u6d41\u7a0b\u6765\u8bc4\u4f30\u73b0\u6709\u7684\u63a7\u5236\u63aa\u65bd\u3002\u7b2c\u4e00\u90e8\u5206\u662f\u8bc4\u4f30\u63a7\u5236\u7684\u8bbe\u8ba1\u6709\u6548\u6027\u3002\u5728\u8fd9\u91cc\uff0c\u5ba1\u8ba1\u5458\u5c06\u8bc4\u4f30\u63a7\u5236\u662f\u5426\u80fd\u591f\u6709\u6548\u5730\u9884\u9632\u6216\u68c0\u6d4b\u548c\u7ea0\u6b63\u5f31\u70b9\u548c\u7f3a\u9677\u3002\u63a7\u4ef6\u5fc5\u987b\u901a\u8fc7\u6b64\u6d4b\u8bd5\u624d\u80fd\u5728\u7b2c\u4e8c\u9636\u6bb5\u8fdb\u884c\u8bc4\u4f30\u3002\u8fd9\u662f\u56e0\u4e3a\u5bf9\u4e8e\u8bbe\u8ba1\u65e0\u6548\u7684\u63a7\u4ef6\uff0c\u6ca1\u6709\u5fc5\u8981\u8003\u8651\u5b83\u662f\u5426\u6709\u6548\u8fd0\u884c\u3002\u7b2c\u4e8c\u90e8\u5206\u662f\u8fd0\u8425\u6548\u7387\u3002\u64cd\u4f5c\u6709\u6548\u6027\u6d4b\u8bd5\u5c06\u786e\u5b9a\u5982\u4f55\u5e94\u7528\u63a7\u5236\u63aa\u65bd\uff0c\u5e94\u7528\u63a7\u5236\u63aa\u65bd\u7684\u4e00\u81f4\u6027\u4ee5\u53ca\u7531\u8c01\u6216\u4ee5\u4f55\u79cd\u65b9\u5f0f\u5e94\u7528\u63a7\u5236\u63aa\u65bd\u3002\u4e00\u9879\u63a7\u5236\u53ef\u80fd\u4f9d\u8d56\u4e8e\u5176\u4ed6\u63a7\u5236\uff08\u95f4\u63a5\u63a7\u5236\uff09\uff0c\u5982\u679c\u5b83\u4eec\u4f9d\u8d56\u4e8e\u5176\u4ed6\u63a7\u5236\uff0c\u5219\u5ba1\u8ba1\u5e08\u53ef\u80fd\u9700\u8981\u989d\u5916\u7684\u8bc1\u636e\u6765\u8bc1\u660e\u8fd9\u4e9b\u95f4\u63a5\u63a7\u5236\u7684\u8fd0\u4f5c\u6709\u6548\u6027\uff0c\u4ee5\u786e\u5b9a\u63a7\u5236\u7684\u6574\u4f53\u8fd0\u4f5c\u6709\u6548\u6027\u3002 \u5728\u62a5\u544a\u9636\u6bb5\uff0c\u7ba1\u7406\u5c42\u5c06\u5bf9\u5728\u5b9e\u5730\u5de5\u4f5c\u9636\u6bb5\u53d1\u73b0\u7684\u4efb\u4f55\u95ee\u9898\u8fdb\u884c\u9a8c\u8bc1\u3002\u51fa\u4e8e\u540e\u52e4\u76ee\u7684\uff0c\u4e00\u4e9b\u6d3b\u52a8\uff08\u4f8b\u5982\u95ee\u9898\u9a8c\u8bc1\uff09\u53ef\u80fd\u4f1a\u5728\u5b9e\u5730\u5de5\u4f5c\u9636\u6bb5\u6267\u884c\u3002\u7ba1\u7406\u5c42\u8fd8\u9700\u8981\u63d0\u4f9b\u8865\u6551\u8ba1\u5212\u6765\u89e3\u51b3\u95ee\u9898\uff0c\u5e76\u786e\u4fdd\u5b83\u4eec\u4e0d\u4f1a\u518d\u6b21\u53d1\u751f\u3002\u5c06\u5411\u5229\u76ca\u6538\u5173\u65b9\u548c\u7ba1\u7406\u5c42\u5206\u53d1\u4e00\u4efd\u603b\u4f53\u62a5\u544a\u8349\u7a3f\uff0c\u4f9b\u5176\u5ba1\u67e5\u3002\u5546\u5b9a\u7684\u4fee\u6539\u88ab\u7eb3\u5165\uff0c\u66f4\u65b0\u540e\u7684\u8349\u6848\u5c06\u9001\u4ea4\u9ad8\u7ea7\u7ba1\u7406\u5c42\u5ba1\u67e5\u548c\u6279\u51c6\u3002\u4e00\u65e6\u9ad8\u7ea7\u7ba1\u7406\u5c42\u6279\u51c6\u62a5\u544a\uff0c\u8be5\u62a5\u544a\u5c31\u4f1a\u5b9a\u7a3f\u5e76\u5206\u53d1\u7ed9\u6267\u884c\u7ba1\u7406\u5c42\u3002\u4efb\u4f55\u95ee\u9898\u90fd\u4f1a\u8f93\u5165\u5230\u7ec4\u7ec7\u4f7f\u7528\u7684\u95ee\u9898\u8ddf\u8e2a\u6216\u98ce\u9669\u8ddf\u8e2a\u673a\u5236\u4e2d\u3002 \u603b\u7ed3\u9636\u6bb5\u662f\u5ba1\u8ba1\u6b63\u5f0f\u7ec8\u6b62\u7684\u5730\u65b9\u3002\u6b64\u65f6\uff0c\u7ba1\u7406\u5c42\u5c06\u5f00\u59cb\u6574\u6539\u6d3b\u52a8\u3002\u4f7f\u7528\u8fc7\u7a0b\u548c\u901a\u77e5\u786e\u4fdd\u5c06\u4efb\u4f55\u4e0e\u5ba1\u8ba1\u76f8\u5173\u7684\u4fe1\u606f\u90fd\u88ab\u79fb\u81f3\u5b89\u5168\u5b58\u50a8\u5e930\u3002","title":"\u5ba1\u8ba1\u7684\u9636\u6bb5"},{"location":"security/security-guide/#_312","text":"\u90e8\u7f72\u4e91\u540e\uff0c\u5c31\u8be5\u8fdb\u884c\u5185\u90e8\u5ba1\u8ba1\u4e86\u3002\u73b0\u5728\u662f\u65f6\u5019\u5c06\u4e0a\u9762\u786e\u5b9a\u7684\u63a7\u4ef6\u4e0e\u4e91\u4e2d\u4f7f\u7528\u7684\u8bbe\u8ba1\u3001\u529f\u80fd\u548c\u90e8\u7f72\u7b56\u7565\u8fdb\u884c\u6bd4\u8f83\u4e86\u3002\u76ee\u6807\u662f\u4e86\u89e3\u6bcf\u4e2a\u63a7\u4ef6\u7684\u5904\u7406\u65b9\u5f0f\u4ee5\u53ca\u5b58\u5728\u5dee\u8ddd\u7684\u4f4d\u7f6e\u3002\u8bb0\u5f55\u6240\u6709\u53d1\u73b0\u4ee5\u5907\u5c06\u6765\u53c2\u8003\u3002 \u5728\u5ba1\u8ba1OpenStack\u4e91\u65f6\uff0c\u4e86\u89e3OpenStack\u67b6\u6784\u56fa\u6709\u7684\u591a\u79df\u6237\u73af\u5883\u662f\u5f88\u91cd\u8981\u7684\u3002\u9700\u8981\u5173\u6ce8\u7684\u4e00\u4e9b\u5173\u952e\u9886\u57df\u5305\u62ec\u6570\u636e\u5904\u7f6e\u3001\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u5b89\u5168\u6027\u3001\u8282\u70b9\u5f3a\u5316\u548c\u8eab\u4efd\u9a8c\u8bc1\u673a\u5236\u3002","title":"\u5185\u90e8\u5ba1\u8ba1"},{"location":"security/security-guide/#_313","text":"\u4e00\u65e6\u5185\u90e8\u5ba1\u8ba1\u7ed3\u679c\u770b\u8d77\u6765\u4e0d\u9519\uff0c\u5c31\u8be5\u4e3a\u5916\u90e8\u5ba1\u8ba1\u505a\u51c6\u5907\u4e86\u3002\u5728\u6b64\u9636\u6bb5\u9700\u8981\u91c7\u53d6\u51e0\u9879\u5173\u952e\u884c\u52a8\uff0c\u8fd9\u4e9b\u884c\u52a8\u6982\u8ff0\u5982\u4e0b\uff1a \u4fdd\u6301\u5185\u90e8\u5ba1\u8ba1\u7684\u826f\u597d\u8bb0\u5f55\u3002\u8fd9\u4e9b\u5c06\u5728\u5916\u90e8\u5ba1\u8ba1\u671f\u95f4\u8bc1\u660e\u5f88\u6709\u7528\uff0c\u56e0\u6b64\u60a8\u53ef\u4ee5\u51c6\u5907\u597d\u56de\u7b54\u6709\u5173\u5c06\u5408\u89c4\u6027\u63a7\u5236\u6620\u5c04\u5230\u7279\u5b9a\u90e8\u7f72\u7684\u95ee\u9898\u3002 \u90e8\u7f72\u81ea\u52a8\u5316\u6d4b\u8bd5\u5de5\u5177\uff0c\u786e\u4fdd\u4e91\u957f\u671f\u4fdd\u6301\u5408\u89c4\u3002 \u9009\u62e9\u5ba1\u8ba1\u5458\u3002 \u9009\u62e9\u5ba1\u8ba1\u5e08\u53ef\u80fd\u5177\u6709\u6311\u6218\u6027\u3002\u7406\u60f3\u60c5\u51b5\u4e0b\uff0c\u60a8\u6b63\u5728\u5bfb\u627e\u5177\u6709\u4e91\u5408\u89c4\u6027\u5ba1\u6838\u7ecf\u9a8c\u7684\u4eba\u3002OpenStack\u7ecf\u9a8c\u662f\u53e6\u4e00\u5927\u4f18\u52bf\u3002\u901a\u5e38\uff0c\u6700\u597d\u54a8\u8be2\u7ecf\u5386\u8fc7\u6b64\u8fc7\u7a0b\u7684\u4eba\u8fdb\u884c\u8f6c\u8bca\u3002\u6210\u672c\u53ef\u80fd\u4f1a\u56e0\u53c2\u4e0e\u8303\u56f4\u548c\u6240\u8003\u8651\u7684\u5ba1\u8ba1\u516c\u53f8\u800c\u6709\u5f88\u5927\u5dee\u5f02\u3002","title":"\u51c6\u5907\u5916\u90e8\u5ba1\u8ba1"},{"location":"security/security-guide/#_314","text":"\u8fd9\u662f\u6b63\u5f0f\u7684\u5ba1\u8ba1\u8fc7\u7a0b\u3002\u5ba1\u8ba1\u5458\u5c06\u6d4b\u8bd5\u7279\u5b9a\u8ba4\u8bc1\u8303\u56f4\u5185\u7684\u5b89\u5168\u63a7\u5236\u63aa\u65bd\uff0c\u5e76\u8981\u6c42\u63d0\u4f9b\u8bc1\u636e\u8981\u6c42\uff0c\u4ee5\u8bc1\u660e\u8fd9\u4e9b\u63a7\u5236\u63aa\u65bd\u5728\u5ba1\u8ba1\u7a97\u53e3\u5185\u4e5f\u5df2\u5230\u4f4d\uff08\u4f8b\u5982\uff0cSOC 2 \u5ba1\u8ba1\u901a\u5e38\u5728 6-12 \u4e2a\u6708\u5185\u8bc4\u4f30\u5b89\u5168\u63a7\u5236\u63aa\u65bd\uff09\u3002\u4efb\u4f55\u63a7\u5236\u5931\u8d25\u90fd\u4f1a\u88ab\u8bb0\u5f55\u4e0b\u6765\uff0c\u5e76\u5c06\u8bb0\u5f55\u5728\u5916\u90e8\u5ba1\u8ba1\u5e08\u7684\u6700\u7ec8\u62a5\u544a\u4e2d\u3002\u6839\u636e OpenStack \u90e8\u7f72\u7684\u7c7b\u578b\uff0c\u5ba2\u6237\u53ef\u80fd\u4f1a\u67e5\u770b\u8fd9\u4e9b\u62a5\u544a\uff0c\u56e0\u6b64\u907f\u514d\u63a7\u5236\u5931\u8d25\u975e\u5e38\u91cd\u8981\u3002\u8fd9\u5c31\u662f\u4e3a\u4ec0\u4e48\u5ba1\u8ba1\u51c6\u5907\u5982\u6b64\u91cd\u8981\u7684\u539f\u56e0\u3002","title":"\u5916\u90e8\u5ba1\u8ba1"},{"location":"security/security-guide/#_315","text":"\u8be5\u8fc7\u7a0b\u4e0d\u4f1a\u56e0\u5355\u4e00\u7684\u5916\u90e8\u5ba1\u8ba1\u800c\u7ed3\u675f\u3002\u5927\u591a\u6570\u8ba4\u8bc1\u90fd\u9700\u8981\u6301\u7eed\u7684\u5408\u89c4\u6d3b\u52a8\uff0c\u8fd9\u610f\u5473\u7740\u8981\u5b9a\u671f\u91cd\u590d\u5ba1\u6838\u8fc7\u7a0b\u3002\u6211\u4eec\u5efa\u8bae\u5c06\u81ea\u52a8\u5408\u89c4\u6027\u9a8c\u8bc1\u5de5\u5177\u96c6\u6210\u5230\u4e91\u4e2d\uff0c\u4ee5\u786e\u4fdd\u5176\u59cb\u7ec8\u5408\u89c4\u3002\u9664\u4e86\u5176\u4ed6\u5b89\u5168\u76d1\u63a7\u5de5\u5177\u4e4b\u5916\uff0c\u8fd8\u5e94\u8be5\u8fd9\u6837\u505a\u3002\u8bf7\u8bb0\u4f4f\uff0c\u76ee\u6807\u65e2\u662f\u5b89\u5168\u6027\uff0c\u4e5f\u662f\u5408\u89c4\u6027\u3002\u5982\u679c\u5728\u4e0a\u8ff0\u4efb\u4f55\u4e00\u9879\u65b9\u9762\u90fd\u5931\u8d25\uff0c\u5c06\u4f7f\u672a\u6765\u7684\u5ba1\u8ba1\u53d8\u5f97\u975e\u5e38\u590d\u6742\u3002","title":"\u5408\u89c4\u6027\u7ef4\u62a4"},{"location":"security/security-guide/#_316","text":"\u6709\u8bb8\u591a\u6807\u51c6\u6d3b\u52a8\u5c06\u6781\u5927\u5730\u5e2e\u52a9\u5408\u89c4\u8fc7\u7a0b\u3002\u672c\u7ae0\u6982\u8ff0\u4e86\u4e00\u4e9b\u6700\u5e38\u89c1\u7684\u5408\u89c4\u6027\u6d3b\u52a8\u3002\u8fd9\u4e9b\u5e76\u4e0d\u662fOpenStack\u6240\u7279\u6709\u7684\uff0c\u4f46\u662f\u672c\u4e66\u4e2d\u63d0\u4f9b\u4e86\u76f8\u5173\u7ae0\u8282\u7684\u53c2\u8003\u8d44\u6599\uff0c\u4f5c\u4e3a\u6709\u7528\u7684\u4e0a\u4e0b\u6587\u3002","title":"\u5408\u89c4\u6d3b\u52a8"},{"location":"security/security-guide/#isms","text":"\u4fe1\u606f\u5b89\u5168\u7ba1\u7406\u7cfb\u7edf \uff08ISMS\uff09 \u662f\u7ec4\u7ec7\u521b\u5efa\u548c\u7ef4\u62a4\u7684\u4e00\u5957\u5168\u9762\u7684\u7b56\u7565\u548c\u6d41\u7a0b\uff0c\u7528\u4e8e\u7ba1\u7406\u4fe1\u606f\u8d44\u4ea7\u7684\u98ce\u9669\u3002\u4e91\u90e8\u7f72\u6700\u5e38\u89c1\u7684 ISMS \u662f ISO/IEC 27001/2\uff0c\u5b83\u4e3a\u5b89\u5168\u63a7\u5236\u548c\u5b9e\u8df5\u5960\u5b9a\u4e86\u575a\u5b9e\u7684\u57fa\u7840\uff0c\u4ee5\u5b9e\u73b0\u66f4\u4e25\u683c\u7684\u5408\u89c4\u6027\u8ba4\u8bc1\u3002\u8be5\u6807\u51c6\u4e8e 2013 \u5e74\u8fdb\u884c\u4e86\u66f4\u65b0\uff0c\u4ee5\u53cd\u6620\u4e91\u670d\u52a1\u7684\u65e5\u76ca\u4f7f\u7528\uff0c\u5e76\u66f4\u52a0\u5f3a\u8c03\u8861\u91cf\u548c\u8bc4\u4f30\u7ec4\u7ec7\u7684 ISMS \u6027\u80fd\u3002","title":"\u4fe1\u606f\u5b89\u5168\u7ba1\u7406\u7cfb\u7edf \uff08ISMS\uff09"},{"location":"security/security-guide/#_317","text":"\u98ce\u9669\u8bc4\u4f30\u6846\u67b6\u53ef\u8bc6\u522b\u7ec4\u7ec7\u6216\u670d\u52a1\u4e2d\u7684\u98ce\u9669\uff0c\u5e76\u6307\u5b9a\u8fd9\u4e9b\u98ce\u9669\u7684\u6240\u6709\u6743\uff0c\u4ee5\u53ca\u5b9e\u65bd\u548c\u7f13\u89e3\u7b56\u7565\u3002\u98ce\u9669\u9002\u7528\u4e8e\u670d\u52a1\u7684\u6240\u6709\u9886\u57df\uff0c\u4ece\u6280\u672f\u63a7\u5236\u5230\u73af\u5883\u707e\u96be\u573a\u666f\u548c\u4eba\u4e3a\u56e0\u7d20\u3002\u4f8b\u5982\uff0c\u6076\u610f\u5185\u90e8\u4eba\u5458\u3002\u53ef\u4ee5\u4f7f\u7528\u591a\u79cd\u673a\u5236\u5bf9\u98ce\u9669\u8fdb\u884c\u8bc4\u7ea7\u3002\u4f8b\u5982\uff0c\u53ef\u80fd\u6027\u4e0e\u5f71\u54cd\u3002OpenStack \u90e8\u7f72\u98ce\u9669\u8bc4\u4f30\u53ef\u4ee5\u5305\u62ec\u63a7\u5236\u5dee\u8ddd\u3002","title":"\u98ce\u9669\u8bc4\u4f30"},{"location":"security/security-guide/#_318","text":"\u9700\u8981\u5b9a\u671f\u8bbf\u95ee\u548c\u65e5\u5fd7\u5ba1\u67e5\uff0c\u4ee5\u786e\u4fdd\u670d\u52a1\u90e8\u7f72\u4e2d\u7684\u8eab\u4efd\u9a8c\u8bc1\u3001\u6388\u6743\u548c\u95ee\u8d23\u5236\u3002\u6709\u5173\u8fd9\u4e9b\u4e3b\u9898\u7684 OpenStack \u7684\u5177\u4f53\u6307\u5357\u5728\u76d1\u63a7\u548c\u65e5\u5fd7\u8bb0\u5f55\u4e2d\u8fdb\u884c\u4e86\u6df1\u5165\u8ba8\u8bba\u3002 OpenStack Identity \u670d\u52a1\u652f\u6301\u4e91\u5ba1\u8ba1\u6570\u636e\u8054\u5408 \uff08CADF\uff09 \u901a\u77e5\uff0c\u63d0\u4f9b\u5ba1\u8ba1\u6570\u636e\u4ee5\u7b26\u5408\u5b89\u5168\u6027\u3001\u64cd\u4f5c\u548c\u4e1a\u52a1\u6d41\u7a0b\u3002\u6709\u5173\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 Keystone \u5f00\u53d1\u4eba\u5458\u6587\u6863\u3002","title":"\u8bbf\u95ee\u548c\u65e5\u5fd7\u5ba1\u67e5"},{"location":"security/security-guide/#_319","text":"\u707e\u96be\u6062\u590d \uff08DR\uff09 \u548c\u4e1a\u52a1\u8fde\u7eed\u6027\u89c4\u5212 \uff08BCP\uff09 \u8ba1\u5212\u662f ISMS \u548c\u5408\u89c4\u6027\u6d3b\u52a8\u7684\u5e38\u89c1\u8981\u6c42\u3002\u8fd9\u4e9b\u8ba1\u5212\u5fc5\u987b\u5b9a\u671f\u6d4b\u8bd5\u5e76\u8bb0\u5f55\u5728\u6848\u3002\u5728 OpenStack \u4e2d\uff0c\u5173\u952e\u533a\u57df\u4f4d\u4e8e\u7ba1\u7406\u5b89\u5168\u57df\u4e2d\uff0c\u4ee5\u53ca\u4efb\u4f55\u53ef\u4ee5\u8bc6\u522b\u5355\u70b9\u6545\u969c \uff08SPOF\uff09 \u7684\u5730\u65b9\u3002","title":"\u5907\u4efd\u548c\u707e\u96be\u6062\u590d"},{"location":"security/security-guide/#_320","text":"\u9488\u5bf9\u7279\u5b9a\u89d2\u8272\u7684\u5e74\u5ea6\u5b89\u5168\u57f9\u8bad\u662f\u51e0\u4e4e\u6240\u6709\u5408\u89c4\u6027\u8ba4\u8bc1\u548c\u8bc1\u660e\u7684\u5f3a\u5236\u6027\u8981\u6c42\u3002\u4e3a\u4e86\u4f18\u5316\u5b89\u5168\u57f9\u8bad\u7684\u6709\u6548\u6027\uff0c\u4e00\u79cd\u5e38\u89c1\u7684\u65b9\u6cd5\u662f\u63d0\u4f9b\u7279\u5b9a\u4e8e\u89d2\u8272\u7684\u57f9\u8bad\uff0c\u4f8b\u5982\u5411\u5f00\u53d1\u4eba\u5458\u3001\u64cd\u4f5c\u4eba\u5458\u548c\u975e\u6280\u672f\u4eba\u5458\u63d0\u4f9b\u57f9\u8bad\u3002\u57fa\u4e8e\u6b64\u5f3a\u5316\u6307\u5357\u7684\u5176\u4ed6\u4e91\u5b89\u5168\u6216 OpenStack \u5b89\u5168\u57f9\u8bad\u5c06\u662f\u7406\u60f3\u7684\u9009\u62e9\u3002","title":"\u5b89\u5168\u57f9\u8bad"},{"location":"security/security-guide/#_321","text":"\u7531\u4e8eOpenStack\u662f\u4e00\u4e2a\u6d41\u884c\u7684\u5f00\u6e90\u9879\u76ee\uff0c\u56e0\u6b64\u8bb8\u591a\u4ee3\u7801\u5e93\u548c\u67b6\u6784\u5df2\u7ecf\u8fc7\u4e2a\u4eba\u8d21\u732e\u8005\u3001\u7ec4\u7ec7\u548c\u4f01\u4e1a\u7684\u5ba1\u67e5\u3002\u4ece\u5b89\u5168\u89d2\u5ea6\u6765\u770b\uff0c\u8fd9\u53ef\u80fd\u662f\u6709\u5229\u7684\uff0c\u4f46\u662f\u5bf9\u4e8e\u670d\u52a1\u63d0\u4f9b\u5546\u6765\u8bf4\uff0c\u5b89\u5168\u5ba1\u67e5\u7684\u9700\u6c42\u4ecd\u7136\u662f\u4e00\u4e2a\u5173\u952e\u7684\u8003\u8651\u56e0\u7d20\uff0c\u56e0\u4e3a\u90e8\u7f72\u5404\u4e0d\u76f8\u540c\uff0c\u800c\u4e14\u5b89\u5168\u6027\u5e76\u4e0d\u603b\u662f\u8d21\u732e\u8005\u7684\u4e3b\u8981\u5173\u6ce8\u70b9\u3002\u5168\u9762\u7684\u5b89\u5168\u5ba1\u67e5\u8fc7\u7a0b\u53ef\u80fd\u5305\u62ec\u67b6\u6784\u5ba1\u67e5\u3001\u5a01\u80c1\u5efa\u6a21\u3001\u6e90\u4ee3\u7801\u5206\u6790\u548c\u6e17\u900f\u6d4b\u8bd5\u3002\u6709\u8bb8\u591a\u7528\u4e8e\u8fdb\u884c\u5b89\u5168\u5ba1\u67e5\u7684\u6280\u672f\u548c\u5efa\u8bae\uff0c\u53ef\u4ee5\u5728\u516c\u5f00\u53d1\u5e03\u4e2d\u627e\u5230\u3002\u4e00\u4e2a\u7ecf\u8fc7\u5145\u5206\u6d4b\u8bd5\u7684\u4f8b\u5b50\u662f Microsoft SDL\uff0c\u5b83\u662f\u4f5c\u4e3a Microsoft \u53ef\u4fe1\u8ba1\u7b97\u8ba1\u5212\u7684\u4e00\u90e8\u5206\u521b\u5efa\u7684\u3002","title":"\u5b89\u5168\u5ba1\u67e5"},{"location":"security/security-guide/#_322","text":"\u5b89\u5168\u66f4\u65b0\u5bf9\u4e8e\u4efb\u4f55 IaaS \u90e8\u7f72\uff08\u65e0\u8bba\u662f\u79c1\u6709\u90e8\u7f72\u8fd8\u662f\u516c\u5171\u90e8\u7f72\uff09\u90fd\u81f3\u5173\u91cd\u8981\u3002\u6613\u53d7\u653b\u51fb\u7684\u7cfb\u7edf\u6269\u5927\u4e86\u653b\u51fb\u9762\uff0c\u662f\u653b\u51fb\u8005\u7684\u660e\u663e\u76ee\u6807\u3002\u5e38\u89c1\u7684\u626b\u63cf\u6280\u672f\u548c\u6f0f\u6d1e\u901a\u77e5\u670d\u52a1\u53ef\u4ee5\u5e2e\u52a9\u7f13\u89e3\u8fd9\u79cd\u5a01\u80c1\u3002\u91cd\u8981\u7684\u662f\uff0c\u626b\u63cf\u8981\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\uff0c\u5e76\u4e14\u7f13\u89e3\u7b56\u7565\u8981\u8d85\u8d8a\u7b80\u5355\u7684\u5916\u56f4\u5f3a\u5316\u3002OpenStack \u7b49\u591a\u79df\u6237\u67b6\u6784\u7279\u522b\u5bb9\u6613\u53d7\u5230\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u6f0f\u6d1e\u7684\u5f71\u54cd\uff0c\u56e0\u6b64\u8fd9\u662f\u6f0f\u6d1e\u7ba1\u7406\u7cfb\u7edf\u7684\u5173\u952e\u90e8\u5206\u3002","title":"\u6f0f\u6d1e\u7ba1\u7406"},{"location":"security/security-guide/#_323","text":"\u6570\u636e\u5206\u7c7b\u5b9a\u4e49\u4e86\u4e00\u79cd\u5bf9\u4fe1\u606f\u8fdb\u884c\u5206\u7c7b\u548c\u5904\u7406\u7684\u65b9\u6cd5\uff0c\u901a\u5e38\u7528\u4e8e\u4fdd\u62a4\u5ba2\u6237\u4fe1\u606f\u514d\u906d\u610f\u5916\u6216\u6545\u610f\u76d7\u7a83\u3001\u4e22\u5931\u6216\u4e0d\u5f53\u62ab\u9732\u3002\u6700\u5e38\u89c1\u7684\u60c5\u51b5\u662f\uff0c\u8fd9\u6d89\u53ca\u5c06\u4fe1\u606f\u5206\u7c7b\u4e3a\u654f\u611f\u6216\u975e\u654f\u611f\u4fe1\u606f\uff0c\u6216\u4e2a\u4eba\u8eab\u4efd\u4fe1\u606f \uff08PII\uff09\u3002\u6839\u636e\u90e8\u7f72\u7684\u4e0a\u4e0b\u6587\uff0c\u53ef\u4ee5\u4f7f\u7528\u5404\u79cd\u5176\u4ed6\u5206\u7c7b\u6807\u51c6\uff08\u653f\u5e9c\u3001\u533b\u7597\u4fdd\u5065\uff09\u3002\u57fa\u672c\u539f\u5219\u662f\u660e\u786e\u5b9a\u4e49\u548c\u4f7f\u7528\u6570\u636e\u5206\u7c7b\u3002\u6700\u5e38\u89c1\u7684\u4fdd\u62a4\u673a\u5236\u5305\u62ec\u884c\u4e1a\u6807\u51c6\u52a0\u5bc6\u6280\u672f\u3002","title":"\u6570\u636e\u5206\u7c7b"},{"location":"security/security-guide/#_324","text":"\u5f02\u5e38\u8fc7\u7a0b\u662f ISMS \u7684\u91cd\u8981\u7ec4\u6210\u90e8\u5206\u3002\u5f53\u67d0\u4e9b\u64cd\u4f5c\u4e0d\u7b26\u5408\u7ec4\u7ec7\u5b9a\u4e49\u7684\u5b89\u5168\u7b56\u7565\u65f6\uff0c\u5fc5\u987b\u8bb0\u5f55\u8fd9\u4e9b\u64cd\u4f5c\u3002\u9700\u8981\u5305\u62ec\u9002\u5f53\u7684\u7406\u7531\u3001\u63cf\u8ff0\u548c\u7f13\u89e3\u7ec6\u8282\uff0c\u5e76\u7531\u6709\u5173\u5f53\u5c40\u7b7e\u7f72\u3002OpenStack \u9ed8\u8ba4\u914d\u7f6e\u5728\u6ee1\u8db3\u5404\u79cd\u5408\u89c4\u6027\u6807\u51c6\u65b9\u9762\u53ef\u80fd\u4f1a\u6709\u6240\u4e0d\u540c\uff0c\u5e94\u8bb0\u5f55\u4e0d\u7b26\u5408\u5408\u89c4\u6027\u8981\u6c42\u7684\u533a\u57df\uff0c\u5e76\u8003\u8651\u6f5c\u5728\u7684\u4fee\u590d\u7a0b\u5e8f\u4ee5\u5bf9\u793e\u533a\u505a\u51fa\u8d21\u732e\u3002","title":"\u5f02\u5e38\u8fc7\u7a0b"},{"location":"security/security-guide/#_325","text":"\u5408\u89c4\u6027\u548c\u5b89\u5168\u6027\u4e0d\u662f\u6392\u4ed6\u6027\u7684\uff0c\u5fc5\u987b\u4e00\u8d77\u89e3\u51b3\u3002\u5982\u679c\u4e0d\u8fdb\u884c\u5b89\u5168\u5f3a\u5316\uff0cOpenStack \u90e8\u7f72\u4e0d\u592a\u53ef\u80fd\u6ee1\u8db3\u5408\u89c4\u6027\u8981\u6c42\u3002\u4e0b\u9762\u7684\u5217\u8868\u63d0\u4f9b\u4e86 OpenStack \u67b6\u6784\u5e08\u7684\u57fa\u7840\u77e5\u8bc6\u548c\u6307\u5bfc\uff0c\u4ee5\u5b9e\u73b0\u5bf9\u5546\u4e1a\u548c\u653f\u5e9c\u8ba4\u8bc1\u548c\u6807\u51c6\u7684\u5408\u89c4\u6027\u3002","title":"\u8ba4\u8bc1\u548c\u5408\u89c4\u58f0\u660e"},{"location":"security/security-guide/#_326","text":"\u5bf9\u4e8eOpenStack\u7684\u5546\u4e1a\u90e8\u7f72\uff0c\u6211\u4eec\u5efa\u8bae\u5c06SOC 1/2\u4e0eISO 2700 1/2\u76f8\u7ed3\u5408\uff0c\u4f5c\u4e3aOpenStack\u8ba4\u8bc1\u6d3b\u52a8\u7684\u8d77\u70b9\u3002\u8fd9\u4e9b\u8ba4\u8bc1\u89c4\u5b9a\u7684\u6240\u9700\u5b89\u5168\u6d3b\u52a8\u6709\u52a9\u4e8e\u4e3a\u5b89\u5168\u6700\u4f73\u5b9e\u8df5\u548c\u901a\u7528\u63a7\u5236\u6807\u51c6\u5960\u5b9a\u57fa\u7840\uff0c\u4ece\u800c\u6709\u52a9\u4e8e\u5b9e\u73b0\u66f4\u4e25\u683c\u7684\u5408\u89c4\u6027\u6d3b\u52a8\uff0c\u5305\u62ec\u653f\u5e9c\u8bc1\u660e\u548c\u8ba4\u8bc1\u3002 \u5b8c\u6210\u8fd9\u4e9b\u521d\u59cb\u8ba4\u8bc1\u540e\uff0c\u5176\u4f59\u8ba4\u8bc1\u5c06\u66f4\u52a0\u7279\u5b9a\u4e8e\u90e8\u7f72\u3002\u4f8b\u5982\uff0c\u5904\u7406\u4fe1\u7528\u5361\u4ea4\u6613\u7684\u4e91\u9700\u8981 PCI-DSS\uff0c\u5b58\u50a8\u533b\u7597\u4fdd\u5065\u4fe1\u606f\u7684\u4e91\u9700\u8981 HIPAA\uff0c\u8054\u90a6\u653f\u5e9c\u5185\u90e8\u7684\u4e91\u53ef\u80fd\u9700\u8981 FedRAMP/FISMA \u548c ITAR \u8ba4\u8bc1\u3002","title":"\u5546\u4e1a\u6807\u51c6"},{"location":"security/security-guide/#soc-1-ssae-16-isae-3402","text":"\u670d\u52a1\u7ec4\u7ec7\u63a7\u5236 \uff08SOC\uff09 \u6807\u51c6\u7531\u7f8e\u56fd\u6ce8\u518c\u4f1a\u8ba1\u5e08\u534f\u4f1a \uff08AICPA\uff09 \u5b9a\u4e49\u3002SOC \u63a7\u5236\u8bc4\u4f30\u670d\u52a1\u63d0\u4f9b\u5546\u7684\u76f8\u5173\u8d22\u52a1\u62a5\u8868\u548c\u65ad\u8a00\uff0c\u4f8b\u5982\u662f\u5426\u9075\u5b88\u300a\u8428\u73ed\u65af-\u5965\u514b\u65af\u5229\u6cd5\u6848\u300b\u3002 SOC 1 \u53d6\u4ee3\u4e86\u5ba1\u8ba1\u51c6\u5219\u7b2c 70 \u53f7\u58f0\u660e \uff08SAS 70\uff09 II \u7c7b\u62a5\u544a\u3002\u8fd9\u4e9b\u63a7\u5236\u63aa\u65bd\u901a\u5e38\u5305\u62ec\u8303\u56f4\u5185\u7684\u7269\u7406\u6570\u636e\u4e2d\u5fc3\u3002 \u6709\u4e24\u79cd\u7c7b\u578b\u7684 SOC 1 \u62a5\u544a\uff1a \u7c7b\u578b 1 - \u62a5\u544a\u7ba1\u7406\u5c42\u5bf9\u670d\u52a1\u7ec4\u7ec7\u7cfb\u7edf\u7684\u63cf\u8ff0\u7684\u516c\u5141\u6027\uff0c\u4ee5\u53ca\u63a7\u5236\u8bbe\u8ba1\u662f\u5426\u9002\u5408\u5b9e\u73b0\u622a\u81f3\u6307\u5b9a\u65e5\u671f\u7684\u63cf\u8ff0\u4e2d\u5305\u542b\u7684\u76f8\u5173\u63a7\u5236\u76ee\u6807\u3002 \u7c7b\u578b 2 - \u62a5\u544a\u7ba1\u7406\u5c42\u5bf9\u670d\u52a1\u7ec4\u7ec7\u7cfb\u7edf\u7684\u63cf\u8ff0\u7684\u516c\u5141\u6027\uff0c\u4ee5\u53ca\u63a7\u5236\u63aa\u65bd\u7684\u8bbe\u8ba1\u548c\u8fd0\u8425\u6709\u6548\u6027\u662f\u5426\u9002\u5408\u5728\u7279\u5b9a\u65f6\u671f\u5185\u5b9e\u73b0\u63cf\u8ff0\u4e2d\u5305\u542b\u7684\u76f8\u5173\u63a7\u5236\u76ee\u6807 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605AICPA\u5173\u4e8e\u4e0e\u7528\u6237\u5b9e\u4f53\u8d22\u52a1\u62a5\u544a\u5185\u90e8\u63a7\u5236\u76f8\u5173\u7684\u670d\u52a1\u7ec4\u7ec7\u63a7\u5236\u7684\u62a5\u544a\u3002","title":"SOC 1 \uff08SSAE 16\uff09 / ISAE 3402"},{"location":"security/security-guide/#soc-2","text":"\u670d\u52a1\u7ec4\u7ec7\u63a7\u5236 \uff08SOC\uff09 2 \u662f\u5bf9\u5f71\u54cd\u670d\u52a1\u7ec4\u7ec7\u7528\u4e8e\u5904\u7406\u7528\u6237\u6570\u636e\u7684\u7cfb\u7edf\u7684\u5b89\u5168\u6027\u3001\u53ef\u7528\u6027\u548c\u5904\u7406\u5b8c\u6574\u6027\u4ee5\u53ca\u8fd9\u4e9b\u7cfb\u7edf\u5904\u7406\u7684\u4fe1\u606f\u7684\u673a\u5bc6\u6027\u548c\u9690\u79c1\u6027\u7684\u63a7\u5236\u7684\u81ea\u6211\u8bc1\u660e\u3002\u7528\u6237\u793a\u4f8b\u5305\u62ec\u8d1f\u8d23\u670d\u52a1\u7ec4\u7ec7\u6cbb\u7406\u7684\u4eba\u5458\u3001\u670d\u52a1\u7ec4\u7ec7\u7684\u5ba2\u6237\u3001\u76d1\u7ba1\u673a\u6784\u3001\u4e1a\u52a1\u5408\u4f5c\u4f19\u4f34\u3001\u4f9b\u5e94\u5546\u4ee5\u53ca\u4e86\u89e3\u670d\u52a1\u7ec4\u7ec7\u53ca\u5176\u63a7\u5236\u63aa\u65bd\u7684\u5176\u4ed6\u4eba\u5458\u3002 \u6709\u4e24\u79cd\u7c7b\u578b\u7684 SOC 2 \u62a5\u544a\uff1a \u7c7b\u578b 1 - \u62a5\u544a\u7ba1\u7406\u5c42\u5bf9\u670d\u52a1\u7ec4\u7ec7\u7cfb\u7edf\u7684\u63cf\u8ff0\u7684\u516c\u5141\u6027\uff0c\u4ee5\u53ca\u63a7\u5236\u8bbe\u8ba1\u662f\u5426\u9002\u5408\u5b9e\u73b0\u622a\u81f3\u6307\u5b9a\u65e5\u671f\u7684\u63cf\u8ff0\u4e2d\u5305\u542b\u7684\u76f8\u5173\u63a7\u5236\u76ee\u6807\u3002 \u7c7b\u578b 2 - \u62a5\u544a\u7ba1\u7406\u5c42\u5bf9\u670d\u52a1\u7ec4\u7ec7\u7cfb\u7edf\u7684\u63cf\u8ff0\u7684\u516c\u5141\u6027\uff0c\u4ee5\u53ca\u63a7\u5236\u7684\u8bbe\u8ba1\u548c\u8fd0\u8425\u6709\u6548\u6027\u7684\u9002\u7528\u6027\uff0c\u4ee5\u5728\u7279\u5b9a\u65f6\u671f\u5185\u5b9e\u73b0\u63cf\u8ff0\u4e2d\u5305\u542b\u7684\u76f8\u5173\u63a7\u5236\u76ee\u6807\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 AICPA \u5173\u4e8e\u670d\u52a1\u7ec4\u7ec7\u4e2d\u4e0e\u5b89\u5168\u6027\u3001\u53ef\u7528\u6027\u3001\u5904\u7406\u5b8c\u6574\u6027\u3001\u673a\u5bc6\u6027\u6216\u9690\u79c1\u76f8\u5173\u7684\u63a7\u5236\u7684\u62a5\u544a\u3002","title":"SOC 2 \u51fd\u6570"},{"location":"security/security-guide/#soc-3","text":"\u670d\u52a1\u7ec4\u7ec7\u63a7\u5236 \uff08SOC\uff09 3 \u662f\u670d\u52a1\u7ec4\u7ec7\u7684\u4fe1\u4efb\u670d\u52a1\u62a5\u544a\u3002\u8fd9\u4e9b\u62a5\u544a\u65e8\u5728\u6ee1\u8db3\u4ee5\u4e0b\u7528\u6237\u7684\u9700\u6c42\uff1a\u8fd9\u4e9b\u7528\u6237\u5e0c\u671b\u786e\u4fdd\u670d\u52a1\u7ec4\u7ec7\u4e2d\u4e0e\u5b89\u5168\u6027\u3001\u53ef\u7528\u6027\u3001\u5904\u7406\u5b8c\u6574\u6027\u3001\u673a\u5bc6\u6027\u6216\u9690\u79c1\u76f8\u5173\u7684\u63a7\u5236\u63aa\u65bd\uff0c\u4f46\u6ca1\u6709\u6709\u6548\u4f7f\u7528 SOC 2 \u62a5\u544a\u6240\u9700\u7684\u77e5\u8bc6\u3002\u8fd9\u4e9b\u62a5\u544a\u662f\u6839\u636e AICPA/\u52a0\u62ff\u5927\u7279\u8bb8\u4f1a\u8ba1\u5e08\u534f\u4f1a \uff08CICA\uff09 \u5173\u4e8e\u5b89\u5168\u6027\u3001\u53ef\u7528\u6027\u3001\u5904\u7406\u5b8c\u6574\u6027\u3001\u673a\u5bc6\u6027\u548c\u9690\u79c1\u7684\u4fe1\u6258\u670d\u52a1\u539f\u5219\u3001\u6807\u51c6\u548c\u63d2\u56fe\u7f16\u5199\u7684\u3002\u7531\u4e8e SOC 3 \u62a5\u544a\u662f\u901a\u7528\u62a5\u544a\uff0c\u56e0\u6b64\u53ef\u4ee5\u4f5c\u4e3a\u5370\u7ae0\u81ea\u7531\u5206\u53d1\u6216\u53d1\u5e03\u5728\u7f51\u7ad9\u4e0a\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u670d\u52a1\u7ec4\u7ec7\u7684 AICPA \u4fe1\u4efb\u670d\u52a1\u62a5\u544a\u3002","title":"SOC 3 \u51fd\u6570"},{"location":"security/security-guide/#iso-270012","text":"ISO/IEC 27001/2 \u6807\u51c6\u53d6\u4ee3\u4e86 BS7799-2\uff0c\u662f\u4fe1\u606f\u5b89\u5168\u7ba1\u7406\u4f53\u7cfb \uff08ISMS\uff09 \u7684\u89c4\u8303\u3002ISMS \u662f\u7ec4\u7ec7\u4e3a\u7ba1\u7406\u4fe1\u606f\u8d44\u4ea7\u98ce\u9669\u800c\u521b\u5efa\u548c\u7ef4\u62a4\u7684\u4e00\u6574\u5957\u7b56\u7565\u548c\u8fc7\u7a0b\u3002\u8fd9\u4e9b\u98ce\u9669\u57fa\u4e8e\u7528\u6237\u4fe1\u606f\u7684\u673a\u5bc6\u6027\u3001\u5b8c\u6574\u6027\u548c\u53ef\u7528\u6027 \uff08CIA\uff09\u3002\u4e2d\u592e\u60c5\u62a5\u5c40\u7684\u5b89\u5168\u4e09\u5408\u4f1a\u5df2\u88ab\u7528\u4f5c\u672c\u4e66\u5927\u90e8\u5206\u7ae0\u8282\u7684\u57fa\u7840\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 ISO 27001\u3002","title":"ISO 27001/2 \u8ba4\u8bc1"},{"location":"security/security-guide/#hipaa-hitech","text":"\u5065\u5eb7\u4fdd\u9669\u6d41\u901a\u4e0e\u8d23\u4efb\u6cd5\u6848 \uff08HIPAA\uff09 \u662f\u7f8e\u56fd\u56fd\u4f1a\u7684\u4e00\u9879\u6cd5\u6848\uff0c\u7528\u4e8e\u7ba1\u7406\u60a3\u8005\u5065\u5eb7\u8bb0\u5f55\u7684\u6536\u96c6\u3001\u5b58\u50a8\u3001\u4f7f\u7528\u548c\u9500\u6bc1\u3002\u8be5\u6cd5\u6848\u89c4\u5b9a\uff0c\u53d7\u4fdd\u62a4\u7684\u5065\u5eb7\u4fe1\u606f\uff08PHI\uff09\u5fc5\u987b\u5bf9\u672a\u7ecf\u6388\u6743\u7684\u4eba\u5458\u201c\u4e0d\u53ef\u7528\u3001\u4e0d\u53ef\u8bfb\u6216\u65e0\u6cd5\u7834\u8bd1\u201d\uff0c\u5e76\u4e14\u5e94\u89e3\u51b3\u201c\u9759\u6001\u201d\u548c\u201c\u52a8\u6001\u201d\u6570\u636e\u7684\u52a0\u5bc6\u95ee\u9898\u3002 HIPAA \u4e0d\u662f\u8ba4\u8bc1\uff0c\u800c\u662f\u4fdd\u62a4\u533b\u7597\u4fdd\u5065\u6570\u636e\u7684\u6307\u5357\u3002\u4e0e PCI-DSS \u7c7b\u4f3c\uff0cPCI \u548c HIPPA \u6700\u91cd\u8981\u7684\u95ee\u9898\u662f\u4e0d\u4f1a\u53d1\u751f\u4fe1\u7528\u5361\u4fe1\u606f\u548c\u5065\u5eb7\u6570\u636e\u6cc4\u9732\u7684\u60c5\u51b5\u3002\u5728\u53d1\u751f\u8fdd\u89c4\u884c\u4e3a\u65f6\uff0c\u5c06\u4ed4\u7ec6\u5ba1\u67e5\u4e91\u63d0\u4f9b\u5546\u662f\u5426\u7b26\u5408 PCI \u548c HIPPA \u63a7\u5236\u63aa\u65bd\u3002\u5982\u679c\u8bc1\u660e\u5408\u89c4\uff0c\u63d0\u4f9b\u5546\u5c06\u7acb\u5373\u5b9e\u65bd\u8865\u6551\u63a7\u5236\u3001\u8fdd\u89c4\u901a\u77e5\u8d23\u4efb\u4ee5\u53ca\u7528\u4e8e\u989d\u5916\u5408\u89c4\u6d3b\u52a8\u7684\u5927\u91cf\u652f\u51fa\u3002\u5982\u679c\u4e0d\u5408\u89c4\uff0c\u4e91\u63d0\u4f9b\u5546\u53ef\u80fd\u4f1a\u9762\u4e34\u73b0\u573a\u5ba1\u8ba1\u56e2\u961f\u3001\u7f5a\u6b3e\u3001\u6f5c\u5728\u7684\u5546\u5bb6 ID \uff08PCI\uff09 \u4e22\u5931\u4ee5\u53ca\u5de8\u5927\u7684\u58f0\u8a89\u5f71\u54cd\u3002 \u62e5\u6709 PHI \u7684\u7528\u6237\u6216\u7ec4\u7ec7\u5fc5\u987b\u652f\u6301 HIPAA \u8981\u6c42\uff0c\u5e76\u4e14\u662f HIPAA \u6db5\u76d6\u7684\u5b9e\u4f53\u3002\u5982\u679c\u5b9e\u4f53\u6253\u7b97\u4f7f\u7528\u67d0\u9879\u670d\u52a1\uff0c\u6216\u8005\u5728\u672c\u4f8b\u4e2d\uff0c\u4f7f\u7528\u53ef\u80fd\u4f7f\u7528\u3001\u5b58\u50a8\u6216\u8bbf\u95ee\u8be5 PHI \u7684 OpenStack \u4e91\uff0c\u5219\u5fc5\u987b\u7b7e\u7f72\u4e1a\u52a1\u4f19\u4f34\u534f\u8bae \uff08BAA\uff09\u3002BAA \u662f HIPAA \u6db5\u76d6\u7684\u5b9e\u4f53\u4e0e OpenStack \u670d\u52a1\u63d0\u4f9b\u5546\u4e4b\u95f4\u7684\u5408\u540c\uff0c\u8981\u6c42\u63d0\u4f9b\u5546\u6839\u636e HIPAA \u8981\u6c42\u5904\u7406\u8be5 PHI\u3002\u5982\u679c\u670d\u52a1\u63d0\u4f9b\u5546\u4e0d\u5904\u7406 PHI\uff0c\u4f8b\u5982\u5b89\u5168\u63a7\u5236\u548c\u5f3a\u5316\uff0c\u90a3\u4e48\u4ed6\u4eec\u5c06\u53d7\u5230 HIPAA \u7684\u7f5a\u6b3e\u548c\u5904\u7f5a\u3002 OpenStack \u67b6\u6784\u5e08\u89e3\u91ca\u548c\u54cd\u5e94 HIPAA \u58f0\u660e\uff0c\u6570\u636e\u52a0\u5bc6\u4ecd\u7136\u662f\u6838\u5fc3\u5b9e\u8df5\u3002\u76ee\u524d\uff0c\u8fd9\u5c06\u8981\u6c42\u4f7f\u7528\u884c\u4e1a\u6807\u51c6\u52a0\u5bc6\u7b97\u6cd5\u5bf9 OpenStack \u90e8\u7f72\u4e2d\u5305\u542b\u7684\u4efb\u4f55\u53d7\u4fdd\u62a4\u7684\u5065\u5eb7\u4fe1\u606f\u8fdb\u884c\u52a0\u5bc6\u3002\u672a\u6765\u6f5c\u5728\u7684OpenStack\u9879\u76ee\uff0c\u5982\u5bf9\u8c61\u52a0\u5bc6\uff0c\u5c06\u4fc3\u8fdbHIPAA\u51c6\u5219\u7684\u9075\u5b88\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u300a\u5065\u5eb7\u4fdd\u9669\u6d41\u901a\u4e0e\u8d23\u4efb\u6cd5\u6848\u300b\u3002","title":"HIPAA / HITECH"},{"location":"security/security-guide/#pci-dss","text":"\u652f\u4ed8\u5361\u884c\u4e1a\u6570\u636e\u5b89\u5168\u6807\u51c6 \uff08PCI DSS\uff09 \u7531\u652f\u4ed8\u5361\u884c\u4e1a\u6807\u51c6\u59d4\u5458\u4f1a\u5b9a\u4e49\uff0c\u65e8\u5728\u52a0\u5f3a\u5bf9\u6301\u5361\u4eba\u6570\u636e\u7684\u63a7\u5236\uff0c\u4ee5\u51cf\u5c11\u4fe1\u7528\u5361\u6b3a\u8bc8\u3002\u5e74\u5ea6\u5408\u89c4\u6027\u9a8c\u8bc1\u7531\u5916\u90e8\u5408\u683c\u5b89\u5168\u8bc4\u4f30\u673a\u6784 \uff08QSA\uff09 \u8fdb\u884c\u8bc4\u4f30\uff0c\u8be5\u8bc4\u4f30\u673a\u6784\u4f1a\u6839\u636e\u6301\u5361\u4eba\u7684\u4ea4\u6613\u91cf\u521b\u5efa\u5408\u89c4\u62a5\u544a \uff08ROC\uff09\uff0c\u6216\u901a\u8fc7\u81ea\u6211\u8bc4\u4f30\u95ee\u5377 \uff08SAQ\uff09 \u8fdb\u884c\u8bc4\u4f30\u3002 \u5b58\u50a8\u3001\u5904\u7406\u6216\u4f20\u8f93\u652f\u4ed8\u5361\u8be6\u7ec6\u4fe1\u606f\u7684 OpenStack \u90e8\u7f72\u5728 PCI-DSS \u7684\u8303\u56f4\u5185\u3002\u6240\u6709\u672a\u4ece\u5904\u7406\u652f\u4ed8\u6570\u636e\u7684\u7cfb\u7edf\u6216\u7f51\u7edc\u4e2d\u6b63\u786e\u5206\u5272\u7684 OpenStack \u7ec4\u4ef6\u90fd\u5c5e\u4e8e PCI-DSS \u7684\u51c6\u5219\u3002PCI-DSS \u4e0a\u4e0b\u6587\u4e2d\u7684\u5206\u6bb5\u4e0d\u652f\u6301\u591a\u79df\u6237\uff0c\u800c\u662f\u7269\u7406\u5206\u79bb\uff08\u4e3b\u673a/\u7f51\u7edc\uff09\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 PCI \u5b89\u5168\u6807\u51c6\u3002","title":"PCI-DSS"},{"location":"security/security-guide/#_327","text":"","title":"\u653f\u5e9c\u6807\u51c6"},{"location":"security/security-guide/#fedramp","text":"\u201c\u8054\u90a6\u98ce\u9669\u548c\u6388\u6743\u7ba1\u7406\u8ba1\u5212 \uff08FedRAMP\uff09 \u662f\u4e00\u9879\u653f\u5e9c\u8303\u56f4\u7684\u8ba1\u5212\uff0c\u5b83\u4e3a\u4e91\u4ea7\u54c1\u548c\u670d\u52a1\u7684\u5b89\u5168\u8bc4\u4f30\u3001\u6388\u6743\u548c\u6301\u7eed\u76d1\u63a7\u63d0\u4f9b\u4e86\u4e00\u79cd\u6807\u51c6\u5316\u65b9\u6cd5\u201d\u3002NIST 800-53 \u662f FISMA \u548c FedRAMP \u7684\u57fa\u7840\uff0c\u540e\u8005\u8981\u6c42\u4e13\u95e8\u9009\u62e9\u5b89\u5168\u63a7\u5236\u4ee5\u5728\u4e91\u73af\u5883\u4e2d\u63d0\u4f9b\u4fdd\u62a4\u3002\u7531\u4e8e\u5b89\u5168\u63a7\u5236\u7684\u7279\u6b8a\u6027\u4ee5\u53ca\u6ee1\u8db3\u653f\u5e9c\u6807\u51c6\u6240\u9700\u7684\u6587\u6863\u91cf\uff0cFedRAMP \u53ef\u80fd\u975e\u5e38\u5bc6\u96c6\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605 FedRAMP\u3002","title":"FedRAMP"},{"location":"security/security-guide/#itar","text":"\u300a\u56fd\u9645\u6b66\u5668\u8d38\u6613\u6761\u4f8b\u300b\uff08ITAR\uff09 \u662f\u4e00\u5957\u7f8e\u56fd\u653f\u5e9c\u6cd5\u89c4\uff0c\u7528\u4e8e\u63a7\u5236\u7f8e\u56fd\u519b\u9700\u54c1\u6e05\u5355 \uff08USML\uff09 \u548c\u76f8\u5173\u6280\u672f\u6570\u636e\u4e2d\u4e0e\u56fd\u9632\u76f8\u5173\u7684\u7269\u54c1\u548c\u670d\u52a1\u7684\u8fdb\u51fa\u53e3\u3002ITAR\u901a\u5e38\u88ab\u4e91\u63d0\u4f9b\u5546\u89c6\u4e3a\u201c\u64cd\u4f5c\u4e00\u81f4\u6027\u201d\uff0c\u800c\u4e0d\u662f\u6b63\u5f0f\u8ba4\u8bc1\u3002\u8fd9\u901a\u5e38\u6d89\u53ca\u6309\u7167 FISMA \u8981\u6c42\uff0c\u9075\u5faa\u57fa\u4e8e NIST 800-53 \u6846\u67b6\u7684\u505a\u6cd5\u5b9e\u65bd\u9694\u79bb\u7684\u4e91\u73af\u5883\uff0c\u5e76\u8f85\u4ee5\u9650\u5236\u4ec5\u8bbf\u95ee\u201c\u7f8e\u56fd\u4eba\u201d\u548c\u80cc\u666f\u7b5b\u9009\u7684\u989d\u5916\u63a7\u5236\u63aa\u65bd\u3002 \u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u300a\u56fd\u9645\u6b66\u5668\u8d38\u6613\u6761\u4f8b\u300b\uff08ITAR\uff09\u3002","title":"ITAR"},{"location":"security/security-guide/#fisma","text":"\u300a\u8054\u90a6\u4fe1\u606f\u5b89\u5168\u7ba1\u7406\u6cd5\u300b\u8981\u6c42\u653f\u5e9c\u673a\u6784\u5236\u5b9a\u4e00\u9879\u5168\u9762\u7684\u8ba1\u5212\uff0c\u4ee5\u5b9e\u65bd\u4f17\u591a\u653f\u5e9c\u5b89\u5168\u6807\u51c6\uff0c\u5e76\u5728 2002 \u5e74\u7684\u300a\u7535\u5b50\u653f\u52a1\u6cd5\u300b\u4e2d\u9881\u5e03\u3002FISMA\u6982\u8ff0\u4e86\u4e00\u4e2a\u8fc7\u7a0b\uff0c\u8be5\u8fc7\u7a0b\u5229\u7528\u591a\u4e2aNIST\u51fa\u7248\u7269\uff0c\u51c6\u5907\u4e86\u4e00\u4e2a\u4fe1\u606f\u7cfb\u7edf\u6765\u5b58\u50a8\u548c\u5904\u7406\u653f\u5e9c\u6570\u636e\u3002 \u6b64\u8fc7\u7a0b\u5206\u4e3a\u4e09\u4e2a\u4e3b\u8981\u7c7b\u522b\uff1a \u7cfb\u7edf\u5206\u7c7b\uff1a \u4fe1\u606f\u7cfb\u7edf\u5c06\u6536\u5230\u8054\u90a6\u4fe1\u606f\u5904\u7406\u6807\u51c6\u51fa\u7248\u7269 199 \uff08FIPS 199\uff09 \u4e2d\u5b9a\u4e49\u7684\u5b89\u5168\u7c7b\u522b\u3002\u8fd9\u4e9b\u7c7b\u522b\u53cd\u6620\u4e86\u7cfb\u7edf\u5165\u4fb5\u7684\u6f5c\u5728\u5f71\u54cd\u3002 \u63a7\u4ef6\u9009\u62e9\uff1a \u6839\u636e FIPS 199 \u4e2d\u5b9a\u4e49\u7684\u7cfb\u7edf\u5b89\u5168\u7c7b\u522b\uff0c\u7ec4\u7ec7\u5229\u7528 FIPS 200 \u6765\u786e\u5b9a\u4fe1\u606f\u7cfb\u7edf\u7684\u7279\u5b9a\u5b89\u5168\u63a7\u5236\u8981\u6c42\u3002\u4f8b\u5982\uff0c\u5982\u679c\u7cfb\u7edf\u88ab\u5f52\u7c7b\u4e3a\u201c\u4e2d\u7b49\u201d\uff0c\u5219\u53ef\u80fd\u4f1a\u5f15\u5165\u5f3a\u5236\u8981\u6c42\u201c\u5b89\u5168\u5bc6\u7801\u201d\u7684\u8981\u6c42\u3002 \u63a7\u5236\u5b9a\u5236\uff1a \u4e00\u65e6\u786e\u5b9a\u4e86\u7cfb\u7edf\u5b89\u5168\u63a7\u5236\u63aa\u65bd\uff0cOpenStack \u67b6\u6784\u5e08\u5c06\u5229\u7528 NIST 800-53 \u6765\u63d0\u53d6\u91cf\u8eab\u5b9a\u5236\u7684\u63a7\u5236\u63aa\u65bd\u9009\u62e9\u3002\u4f8b\u5982\uff0c\u89c4\u8303\u4ec0\u4e48\u662f\u201c\u5b89\u5168\u5bc6\u7801\u201d\u3002","title":"FISMA"},{"location":"security/security-guide/#_328","text":"\u9690\u79c1\u662f\u5408\u89c4\u8ba1\u5212\u4e2d\u8d8a\u6765\u8d8a\u91cd\u8981\u7684\u5143\u7d20\u3002\u5ba2\u6237\u5bf9\u4f01\u4e1a\u7684\u8981\u6c42\u8d8a\u6765\u8d8a\u9ad8\uff0c\u4ed6\u4eec\u8d8a\u6765\u8d8a\u6709\u5174\u8da3\u4ece\u9690\u79c1\u7684\u89d2\u5ea6\u4e86\u89e3\u4ed6\u4eec\u7684\u6570\u636e\u662f\u5982\u4f55\u88ab\u5904\u7406\u7684\u3002 OpenStack\u90e8\u7f72\u53ef\u80fd\u9700\u8981\u8bc1\u660e\u7b26\u5408\u7ec4\u7ec7\u7684\u9690\u79c1\u653f\u7b56\uff0c\u4ee5\u53ca\u7f8e\u56fd-\u6b27\u76df\u3002\u5b89\u5168\u6e2f\u6846\u67b6\u3001ISO/IEC 29100\uff1a2011 \u9690\u79c1\u6846\u67b6\u6216\u5176\u4ed6\u7279\u5b9a\u4e8e\u9690\u79c1\u7684\u51c6\u5219\u3002\u5728\u7f8e\u56fd\uff0c\u7f8e\u56fd\u6ce8\u518c\u4f1a\u8ba1\u5e08\u534f\u4f1a\uff08AICPA\uff09\u5df2\u7ecf\u5b9a\u4e49\u4e8610\u4e2a\u9690\u79c1\u91cd\u70b9\u9886\u57df\uff0c\u5728\u5546\u4e1a\u73af\u5883\u4e2d\u90e8\u7f72OpenStack\u53ef\u80fd\u5e0c\u671b\u8bc1\u660e\u5176\u4e2d\u7684\u90e8\u5206\u6216\u5168\u90e8\u539f\u5219\u3002 \u4e3a\u4e86\u5e2e\u52a9 OpenStack \u67b6\u6784\u5e08\u4fdd\u62a4\u4e2a\u4eba\u6570\u636e\uff0c\u6211\u4eec\u5efa\u8bae OpenStack \u67b6\u6784\u5e08\u67e5\u770b NIST \u51fa\u7248\u7269 800-122\uff0c\u6807\u9898\u4e3a\u201c\u4fdd\u62a4\u4e2a\u4eba\u8eab\u4efd\u4fe1\u606f \uff08PII\uff09 \u673a\u5bc6\u6027\u6307\u5357\u201d\u3002\u672c\u6307\u5357\u9010\u6b65\u5b8c\u6210\u4fdd\u62a4\u8fc7\u7a0b\uff1a \"...\u7531\u673a\u6784\u7ef4\u62a4\u7684\u6709\u5173\u4e2a\u4eba\u7684\u4efb\u4f55\u4fe1\u606f\uff0c\u5305\u62ec \uff081\uff09 \u53ef\u7528\u4e8e\u533a\u5206\u6216\u8ffd\u8e2a\u4e2a\u4eba\u8eab\u4efd\u7684\u4efb\u4f55\u4fe1\u606f\uff0c\u4f8b\u5982\u59d3\u540d\u3001\u793e\u4f1a\u5b89\u5168\u53f7\u7801\u3001\u51fa\u751f\u65e5\u671f\u548c\u5730\u70b9\u3001\u6bcd\u4eb2\u7684\u5a5a\u524d\u59d3\u6c0f\u6216\u751f\u7269\u8bc6\u522b\u8bb0\u5f55;\uff082\uff09\u4e0e\u4e2a\u4eba\u6709\u8054\u7cfb\u6216\u53ef\u8054\u7cfb\u7684\u4efb\u4f55\u5176\u4ed6\u4fe1\u606f\uff0c\u5982\u533b\u7597\u3001\u6559\u80b2\u3001\u8d22\u52a1\u548c\u5c31\u4e1a\u4fe1\u606f......\u201d \u5168\u9762\u7684\u9690\u79c1\u7ba1\u7406\u9700\u8981\u5927\u91cf\u7684\u51c6\u5907\u3001\u601d\u8003\u548c\u6295\u8d44\u3002\u5728\u6784\u5efa\u5168\u7403OpenStack\u4e91\u65f6\uff0c\u8fd8\u5f15\u5165\u4e86\u989d\u5916\u7684\u590d\u6742\u6027\uff0c\u4f8b\u5982\uff0c\u5728\u7f8e\u56fd\u548c\u66f4\u4e25\u683c\u7684\u6b27\u76df\u9690\u79c1\u6cd5\u4e4b\u95f4\u7684\u5dee\u5f02\u4e2d\u5bfc\u822a\u3002\u6b64\u5916\uff0c\u5728\u5904\u7406\u654f\u611f\u7684 PII \u65f6\u9700\u8981\u683c\u5916\u5c0f\u5fc3\uff0c\u5176\u4e2d\u53ef\u80fd\u5305\u62ec\u4fe1\u7528\u5361\u53f7\u6216\u533b\u7597\u8bb0\u5f55\u7b49\u4fe1\u606f\u3002\u8fd9\u4e9b\u654f\u611f\u6570\u636e\u4e0d\u4ec5\u53d7\u9690\u79c1\u6cd5\u7684\u7ea6\u675f\uff0c\u8fd8\u53d7\u76d1\u7ba1\u548c\u653f\u5e9c\u6cd5\u89c4\u7684\u7ea6\u675f\u3002\u901a\u8fc7\u9075\u5faa\u65e2\u5b9a\u7684\u6700\u4f73\u5b9e\u8df5\uff0c\u5305\u62ec\u653f\u5e9c\u53d1\u5e03\u7684\u6700\u4f73\u5b9e\u8df5\uff0c\u53ef\u4ee5\u4e3aOpenStack\u90e8\u7f72\u521b\u5efa\u548c\u5b9e\u8df5\u4e00\u4e2a\u5168\u9762\u7684\u9690\u79c1\u7ba1\u7406\u653f\u7b56\u3002","title":"\u9690\u79c1"},{"location":"security/security-guide/#_329","text":"OpenStack\u793e\u533a\u5b89\u5168\u5ba1\u67e5\u7684\u76ee\u6807\u662f\u8bc6\u522bOpenStack\u9879\u76ee\u8bbe\u8ba1\u6216\u5b9e\u73b0\u4e2d\u7684\u5f31\u70b9\u3002\u867d\u7136\u8fd9\u4e9b\u5f31\u70b9\u5f88\u5c11\u89c1\uff0c\u4f46\u53ef\u80fd\u4f1a\u5bf9OpenStack\u90e8\u7f72\u7684\u5b89\u5168\u6027\u4ea7\u751f\u707e\u96be\u6027\u7684\u5f71\u54cd\uff0c\u56e0\u6b64\u5e94\u8be5\u52aa\u529b\u5c06\u8fd9\u4e9b\u7f3a\u9677\u5728\u5df2\u53d1\u5e03\u9879\u76ee\u4e2d\u7684\u53ef\u80fd\u6027\u964d\u5230\u6700\u4f4e\u3002\u5728\u5b89\u5168\u5ba1\u67e5\u8fc7\u7a0b\u4e2d\uff0c\u5e94\u4e86\u89e3\u5e76\u8bb0\u5f55\u4ee5\u4e0b\u5185\u5bb9\uff1a \u7cfb\u7edf\u7684\u6240\u6709\u5165\u53e3\u70b9 \u98ce\u9669\u8d44\u4ea7 \u6570\u636e\u6301\u4e45\u5316\u7684\u4f4d\u7f6e \u6570\u636e\u5982\u4f55\u5728\u7cfb\u7edf\u7ec4\u4ef6\u4e4b\u95f4\u4f20\u8f93 \u6570\u636e\u683c\u5f0f\u548c\u8f6c\u6362 \u9879\u76ee\u7684\u5916\u90e8\u4f9d\u8d56\u9879 \u4e00\u7ec4\u5546\u5b9a\u7684\u8c03\u67e5\u7ed3\u679c\u548c/\u6216\u7f3a\u9677 \u9879\u76ee\u5982\u4f55\u4e0e\u5916\u90e8\u4f9d\u8d56\u9879\u4ea4\u4e92 \u5bf9 OpenStack \u53ef\u4ea4\u4ed8\u5b58\u50a8\u5e93\u6267\u884c\u5b89\u5168\u5ba1\u67e5\u7684\u4e00\u4e2a\u5e38\u89c1\u539f\u56e0\u662f\u534f\u52a9\u6f0f\u6d1e\u7ba1\u7406\u56e2\u961f \uff08VMT\uff09 \u76d1\u7763\u3002OpenStack VMT \u5217\u51fa\u4e86\u53d7\u76d1\u7763\u7684\u5b58\u50a8\u5e93\uff0c\u5176\u4e2d\u6f0f\u6d1e\u7684\u62a5\u544a\u63a5\u6536\u548c\u62ab\u9732\u7531 VMT \u7ba1\u7406\u3002\u867d\u7136\u4e0d\u662f\u4e25\u683c\u7684\u8981\u6c42\uff0c\u4f46\u67d0\u79cd\u5f62\u5f0f\u7684\u5b89\u5168\u5ba1\u67e5\u3001\u5ba1\u8ba1\u6216\u5a01\u80c1\u5206\u6790\u53ef\u4ee5\u5e2e\u52a9\u6bcf\u4e2a\u4eba\u66f4\u8f7b\u677e\u5730\u67e5\u660e\u7cfb\u7edf\u66f4\u5bb9\u6613\u51fa\u73b0\u6f0f\u6d1e\u7684\u533a\u57df\uff0c\u5e76\u5728\u5b83\u4eec\u6210\u4e3a\u7528\u6237\u95ee\u9898\u4e4b\u524d\u89e3\u51b3\u5b83\u4eec\u3002 OpenStack VMT \u5efa\u8bae\uff0c\u5bf9\u9879\u76ee\u63a8\u8350\u7684\u90e8\u7f72\u8fdb\u884c\u67b6\u6784\u5ba1\u67e5\u662f\u4e00\u79cd\u9002\u5f53\u7684\u5b89\u5168\u5ba1\u67e5\u5f62\u5f0f\uff0c\u5728\u5ba1\u67e5\u9700\u6c42\u4e0e OpenStack \u89c4\u6a21\u7684\u9879\u76ee\u8d44\u6e90\u9700\u6c42\u4e4b\u95f4\u53d6\u5f97\u5e73\u8861\u3002\u5b89\u5168\u67b6\u6784\u5ba1\u67e5\u901a\u5e38\u4e5f\u79f0\u4e3a\u5a01\u80c1\u5206\u6790\u3001\u5b89\u5168\u5206\u6790\u6216\u5a01\u80c1\u5efa\u6a21\u3002\u5728OpenStack\u5b89\u5168\u5ba1\u67e5\u7684\u80cc\u666f\u4e0b\uff0c\u8fd9\u4e9b\u672f\u8bed\u662f\u67b6\u6784\u5b89\u5168\u5ba1\u67e5\u7684\u540c\u4e49\u8bcd\uff0c\u5b83\u53ef\u4ee5\u8bc6\u522b\u9879\u76ee\u6216\u53c2\u8003\u67b6\u6784\u8bbe\u8ba1\u4e2d\u7684\u7f3a\u9677\uff0c\u5e76\u53ef\u80fd\u5bfc\u81f4\u8fdb\u4e00\u6b65\u7684\u8c03\u67e5\u5de5\u4f5c\u6765\u9a8c\u8bc1\u90e8\u5206\u5b9e\u73b0\u3002 \u5bf9\u4e8e\u65b0\u9879\u76ee\u4ee5\u53ca\u7b2c\u4e09\u65b9\u672a\u8fdb\u884c\u5b89\u5168\u5ba1\u67e5\u6216\u65e0\u6cd5\u5171\u4eab\u5176\u7ed3\u679c\u7684\u60c5\u51b5\uff0c\u9884\u8ba1\u5b89\u5168\u5ba1\u67e5\u5c06\u662f\u6b63\u5e38\u9014\u5f84\u3002\u9700\u8981\u5b89\u5168\u5ba1\u67e5\u7684\u9879\u76ee\u7684\u4fe1\u606f\u5c06\u5728\u5373\u5c06\u5230\u6765\u7684\u5b89\u5168\u5ba1\u67e5\u8fc7\u7a0b\u4e2d\u63d0\u4f9b\u3002 \u5982\u679c\u7b2c\u4e09\u65b9\u5df2\u7ecf\u6267\u884c\u4e86\u5b89\u5168\u5ba1\u67e5\uff0c\u6216\u8005\u9879\u76ee\u66f4\u559c\u6b22\u4f7f\u7528\u7b2c\u4e09\u65b9\u6765\u6267\u884c\u5ba1\u67e5\uff0c\u5219\u5728\u5373\u5c06\u5230\u6765\u7684\u7b2c\u4e09\u65b9\u5b89\u5168\u5ba1\u67e5\u8fc7\u7a0b\u4e2d\u5c06\u63d0\u4f9b\u6709\u5173\u5982\u4f55\u83b7\u53d6\u8be5\u7b2c\u4e09\u65b9\u5ba1\u67e5\u7684\u8f93\u51fa\u5e76\u5c06\u5176\u63d0\u4ea4\u9a8c\u8bc1\u7684\u4fe1\u606f\u3002 \u65e0\u8bba\u54ea\u79cd\u60c5\u51b5\uff0c\u5bf9\u6587\u6863\u5de5\u4ef6\u7684\u8981\u6c42\u90fd\u662f\u76f8\u4f3c\u7684 - \u9879\u76ee\u5fc5\u987b\u63d0\u4f9b\u6700\u4f73\u5b9e\u8df5\u90e8\u7f72\u7684\u67b6\u6784\u56fe\u3002\u867d\u7136\u5f3a\u70c8\u5efa\u8bae\u4f5c\u4e3a\u6240\u6709\u56e2\u961f\u5f00\u53d1\u5468\u671f\u7684\u4e00\u90e8\u5206\uff0c\u4f46\u6f0f\u6d1e\u626b\u63cf\u548c\u9759\u6001\u5206\u6790\u626b\u63cf\u4e0d\u8db3\u4ee5\u4f5c\u4e3a\u7b2c\u4e09\u65b9\u5ba1\u67e5\u7684\u8bc1\u636e\u3002 \u67b6\u6784\u9875\u9762\u6307\u5357 \u6807\u9898\u3001\u7248\u672c\u4fe1\u606f\u3001\u8054\u7cfb\u65b9\u5f0f \u9879\u76ee\u63cf\u8ff0\u548c\u76ee\u7684 \u4e3b\u8981\u7528\u6237\u548c\u7528\u4f8b \u5916\u90e8\u4f9d\u8d56\u5173\u7cfb\u548c\u5173\u8054\u7684\u5b89\u5168\u5047\u8bbe \u7ec4\u4ef6 \u670d\u52a1\u67b6\u6784\u56fe \u6570\u636e\u8d44\u4ea7 \u6570\u636e\u8d44\u4ea7\u5f71\u54cd\u5206\u6790 \u63a5\u53e3 \u8d44\u6e90","title":"\u5b89\u5168\u5ba1\u67e5"},{"location":"security/security-guide/#_330","text":"\u67b6\u6784\u9875\u9762\u7684\u76ee\u7684\u662f\u8bb0\u5f55\u670d\u52a1\u6216\u9879\u76ee\u7684\u4f53\u7cfb\u7ed3\u6784\u3001\u7528\u9014\u548c\u5b89\u5168\u63a7\u5236\u3002\u5b83\u5e94\u8be5\u8bb0\u5f55\u8be5\u9879\u76ee\u7684\u6700\u4f73\u5b9e\u8df5\u90e8\u7f72\u3002 \u67b6\u6784\u9875\u9762\u6709\u4e00\u4e9b\u5173\u952e\u90e8\u5206\uff0c\u4e0b\u9762\u5c06\u66f4\u8be6\u7ec6\u5730\u89e3\u91ca\u8fd9\u4e9b\u90e8\u5206\uff1a \u6807\u9898\u3001\u7248\u672c\u4fe1\u606f\u3001\u8054\u7cfb\u65b9\u5f0f \u9879\u76ee\u63cf\u8ff0\u548c\u76ee\u7684 \u4e3b\u8981\u7528\u6237\u548c\u7528\u4f8b \u5916\u90e8\u4f9d\u8d56\u5173\u7cfb\u548c\u5173\u8054\u7684\u5b89\u5168\u5047\u8bbe \u7ec4\u4ef6 \u67b6\u6784\u56fe \u6570\u636e\u8d44\u4ea7 \u6570\u636e\u8d44\u4ea7\u5f71\u54cd\u5206\u6790 \u63a5\u53e3","title":"\u67b6\u6784\u9875\u9762\u6307\u5357"},{"location":"security/security-guide/#_331","text":"\u672c\u90e8\u5206\u4e3a\u67b6\u6784\u9875\u9762\u6dfb\u52a0\u6807\u9898\uff0c\u63d0\u4f9b\u8bc4\u5ba1\u72b6\u6001\uff08\u8349\u7a3f\u3001\u51c6\u5907\u8bc4\u5ba1\u3001\u5df2\u5ba1\u6838\uff09\uff0c\u5e76\u6355\u83b7\u9879\u76ee\u7684\u53d1\u5e03\u548c\u7248\u672c\uff08\u5982\u679c\u76f8\u5173\uff09\u3002\u5b83\u8fd8\u8bb0\u5f55\u4e86\u9879\u76ee\u7684 PTL\u3001\u8d1f\u8d23\u751f\u6210\u67b6\u6784\u9875\u9762\u3001\u56fe\u8868\u548c\u5b8c\u6210\u8bc4\u5ba1\u7684\u9879\u76ee\u67b6\u6784\u5e08\uff08\u8fd9\u53ef\u80fd\u662f\u4e5f\u53ef\u80fd\u4e0d\u662f PTL\uff09\u548c\u5b89\u5168\u8bc4\u5ba1\u5458\u3002","title":"\u6807\u9898\u3001\u7248\u672c\u4fe1\u606f\u3001\u8054\u7cfb\u65b9\u5f0f"},{"location":"security/security-guide/#_332","text":"\u672c\u8282\u5c06\u5305\u542b\u9879\u76ee\u7684\u7b80\u8981\u8bf4\u660e\uff0c\u4ee5\u5411\u7b2c\u4e09\u65b9\u4ecb\u7ecd\u8be5\u670d\u52a1\u3002\u8fd9\u5e94\u8be5\u662f\u4e00\u4e24\u4e2a\u6bb5\u843d\uff0c\u53ef\u4ee5\u4ece wiki \u6216\u5176\u4ed6\u6587\u6863\u4e2d\u526a\u5207/\u7c98\u8d34\u3002\u5305\u62ec\u76f8\u5173\u6f14\u793a\u6587\u7a3f\u548c\u66f4\u591a\u6587\u6863\u7684\u94fe\u63a5\uff08\u5982\u679c\u6709\uff09\u3002 \u4f8b\u5982\uff1a \u201cAnchor \u662f\u4e00\u79cd\u516c\u94a5\u57fa\u7840\u8bbe\u65bd \uff08PKI\uff09 \u670d\u52a1\uff0c\u5b83\u4f7f\u7528\u81ea\u52a8\u8bc1\u4e66\u8bf7\u6c42\u9a8c\u8bc1\u6765\u81ea\u52a8\u505a\u51fa\u9881\u53d1\u51b3\u7b56\u3002\u8bc1\u4e66\u7684\u9881\u53d1\u65f6\u95f4\u5f88\u77ed\uff08\u901a\u5e38\u4e3a 12-48 \u5c0f\u65f6\uff09\uff0c\u4ee5\u907f\u514d\u4e0e CRL \u548c OCSP \u76f8\u5173\u7684\u6709\u7f3a\u9677\u7684\u540a\u9500\u95ee\u9898\u3002","title":"\u9879\u76ee\u63cf\u8ff0\u548c\u76ee\u7684"},{"location":"security/security-guide/#_333","text":"\u5df2\u5b9e\u73b0\u67b6\u6784\u7684\u9884\u671f\u4e3b\u8981\u7528\u6237\u53ca\u5176\u7528\u4f8b\u7684\u5217\u8868\u3002\u201c\u7528\u6237\u201d\u53ef\u4ee5\u662f OpenStack \u4e2d\u7684\u53c2\u4e0e\u8005\u6216\u5176\u4ed6\u670d\u52a1\u3002 \u4f8b\u5982\uff1a \u6700\u7ec8\u7528\u6237\u5c06\u4f7f\u7528\u7cfb\u7edf\u6765\u5b58\u50a8\u654f\u611f\u6570\u636e\uff0c\u4f8b\u5982\u5bc6\u7801\u3001\u52a0\u5bc6\u5bc6\u94a5\u7b49\u3002 \u4e91\u7ba1\u7406\u5458\u5c06\u4f7f\u7528\u7ba1\u7406 API \u6765\u7ba1\u7406\u8d44\u6e90\u914d\u989d\u3002","title":"\u4e3b\u8981\u7528\u6237\u548c\u7528\u4f8b"},{"location":"security/security-guide/#_334","text":"\u5916\u90e8\u4f9d\u8d56\u9879\u662f\u670d\u52a1\u64cd\u4f5c\u6240\u9700\u7684\u4e0d\u53d7\u63a7\u5236\u7684\u9879\uff0c\u5982\u679c\u5b83\u4eec\u53d7\u5230\u5a01\u80c1\u6216\u53d8\u5f97\u4e0d\u53ef\u7528\uff0c\u53ef\u80fd\u4f1a\u5f71\u54cd\u670d\u52a1\u3002\u8fd9\u4e9b\u9879\u76ee\u901a\u5e38\u4e0d\u5728\u5f00\u53d1\u4eba\u5458\u7684\u63a7\u5236\u8303\u56f4\u5185\uff0c\u4f46\u5728\u90e8\u7f72\u8005\u7684\u63a7\u5236\u8303\u56f4\u5185\uff0c\u6216\u8005\u5b83\u4eec\u53ef\u80fd\u7531\u7b2c\u4e09\u65b9\u64cd\u4f5c\u3002\u8bbe\u5907\u5e94\u88ab\u89c6\u4e3a\u5916\u90e8\u4f9d\u8d56\u9879\u3002 \u4f8b\u5982\uff1a Nova \u8ba1\u7b97\u670d\u52a1\u4f9d\u8d56\u4e8e\u5916\u90e8\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743\u670d\u52a1\u3002\u5728\u5178\u578b\u90e8\u7f72\u4e2d\uff0c\u6b64\u4f9d\u8d56\u5173\u7cfb\u5c06\u7531 keystone \u670d\u52a1\u5b9e\u73b0\u3002 Barbican \u4f9d\u8d56\u4e8e\u786c\u4ef6\u5b89\u5168\u6a21\u5757 \uff08HSM\uff09 \u8bbe\u5907\u7684\u4f7f\u7528\u3002","title":"\u5916\u90e8\u4f9d\u8d56\u548c\u76f8\u5173\u7684\u5b89\u5168\u5047\u8bbe"},{"location":"security/security-guide/#_335","text":"\u5df2\u90e8\u7f72\u9879\u76ee\u7684\u7ec4\u4ef6\u5217\u8868\uff0c\u4e0d\u5305\u62ec\u5916\u90e8\u5b9e\u4f53\u3002\u6bcf\u4e2a\u7ec4\u4ef6\u90fd\u5e94\u547d\u540d\u5e76\u7b80\u8981\u63cf\u8ff0\u5176\u7528\u9014\uff0c\u5e76\u4f7f\u7528\u4f7f\u7528\u7684\u4e3b\u8981\u6280\u672f\uff08\u4f8b\u5982 Python\u3001MySQL\u3001RabbitMQ\uff09\u8fdb\u884c\u6807\u8bb0\u3002 \u4f8b\u5982\uff1a keystone \u76d1\u542c\u5668\u8fdb\u7a0b \uff08Python\uff09\uff1a\u4f7f\u7528 keystone \u670d\u52a1\u53d1\u5e03\u7684 keystone \u4e8b\u4ef6\u7684 Python \u8fdb\u7a0b\u3002 \u6570\u636e\u5e93 \uff08MySQL\uff09\uff1aMySQL \u6570\u636e\u5e93\uff0c\u7528\u4e8e\u5b58\u50a8\u4e0e\u5176\u6258\u7ba1\u5b9e\u4f53\u53ca\u5176\u5143\u6570\u636e\u76f8\u5173\u7684\u5df4\u6bd4\u80af\u72b6\u6001\u6570\u636e\u3002","title":"\u7ec4\u4ef6"},{"location":"security/security-guide/#_336","text":"\u67b6\u6784\u56fe\u663e\u793a\u4e86\u7cfb\u7edf\u7684\u903b\u8f91\u5e03\u5c40\uff0c\u4ee5\u4fbf\u5b89\u5168\u5ba1\u9605\u8005\u53ef\u4ee5\u4e0e\u9879\u76ee\u56e2\u961f\u4e00\u8d77\u9010\u6b65\u5b8c\u6210\u67b6\u6784\u3002\u5b83\u662f\u4e00\u4e2a\u903b\u8f91\u56fe\uff0c\u663e\u793a\u7ec4\u4ef6\u5982\u4f55\u4ea4\u4e92\u3001\u5b83\u4eec\u5982\u4f55\u8fde\u63a5\u5230\u5916\u90e8\u5b9e\u4f53\u4ee5\u53ca\u901a\u4fe1\u8de8\u8d8a\u4fe1\u4efb\u8fb9\u754c\u7684\u4f4d\u7f6e\u3002\u6709\u5173\u67b6\u6784\u56fe\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u5305\u62ec\u7b26\u53f7\u952e\uff0c\u5c06\u5728\u5373\u5c06\u53d1\u5e03\u7684\u67b6\u6784\u56fe\u6307\u5357\u4e2d\u7ed9\u51fa\u3002\u53ef\u4ee5\u5728\u4efb\u4f55\u53ef\u4ee5\u751f\u6210\u4f7f\u7528\u952e\u4e2d\u7b26\u53f7\u7684\u56fe\u8868\u7684\u5de5\u5177\u4e2d\u7ed8\u5236\u56fe\u8868\uff0c\u4f46\u5f3a\u70c8\u5efa\u8bae draw.io\u3002 \u6b64\u793a\u4f8b\u663e\u793a\u4e86 barbican \u67b6\u6784\u56fe\uff1a","title":"\u670d\u52a1\u67b6\u6784\u56fe"},{"location":"security/security-guide/#_337","text":"\u6570\u636e\u8d44\u4ea7\u662f\u653b\u51fb\u8005\u53ef\u80fd\u9488\u5bf9\u7684\u7528\u6237\u6570\u636e\u3001\u9ad8\u4ef7\u503c\u6570\u636e\u3001\u914d\u7f6e\u9879\u3001\u6388\u6743\u4ee4\u724c\u6216\u5176\u4ed6\u9879\u3002\u6570\u636e\u9879\u96c6\u56e0\u9879\u76ee\u800c\u5f02\uff0c\u4f46\u4e00\u822c\u800c\u8a00\uff0c\u5e94\u5c06\u5176\u89c6\u4e3a\u5bf9\u9879\u76ee\u9884\u671f\u64cd\u4f5c\u81f3\u5173\u91cd\u8981\u7684\u7c7b\u522b\u3002\u6240\u9700\u7684\u8be6\u7ec6\u7a0b\u5ea6\u5728\u67d0\u79cd\u7a0b\u5ea6\u4e0a\u53d6\u51b3\u4e8e\u4e0a\u4e0b\u6587\u3002\u6570\u636e\u901a\u5e38\u53ef\u4ee5\u5206\u7ec4\uff0c\u4f8b\u5982\u201c\u7528\u6237\u6570\u636e\u201d\u3001\u201c\u673a\u5bc6\u6570\u636e\u201d\u6216\u201c\u914d\u7f6e\u6587\u4ef6\u201d\uff0c\u4f46\u4e5f\u53ef\u4ee5\u662f\u5355\u6570\uff0c\u4f8b\u5982\u201c\u7ba1\u7406\u5458\u8eab\u4efd\u4ee4\u724c\u201d\u6216\u201c\u7528\u6237\u8eab\u4efd\u4ee4\u724c\u201d\u6216\u201c\u6570\u636e\u5e93\u914d\u7f6e\u6587\u4ef6\u201d\u3002 \u6570\u636e\u8d44\u4ea7\u5e94\u5305\u62ec\u8be5\u8d44\u4ea7\u6301\u4e45\u5316\u4f4d\u7f6e\u7684\u58f0\u660e\u3002 \u4f8b\u5982\uff1a \u673a\u5bc6\u6570\u636e - \u5bc6\u7801\u3001\u52a0\u5bc6\u5bc6\u94a5\u3001RSA \u5bc6\u94a5 - \u4fdd\u7559\u5728\u6570\u636e\u5e93 [PKCS#11] \u6216 HSM [KMIP] \u6216 [KMIP\u3001Dogtag] \u4e2d RBAC \u89c4\u5219\u96c6 - \u4fdd\u7559\u5728 policy.json \u4e2d RabbitMQ \u51ed\u8bc1 - \u4fdd\u7559\u5728 barbican.conf \u4e2d keystone \u4e8b\u4ef6\u961f\u5217\u51ed\u636e - \u4fdd\u7559\u5728 barbican.conf \u4e2d \u4e2d\u95f4\u4ef6\u914d\u7f6e - \u4fdd\u7559\u5728\u7c98\u8d34 .ini \u4e2d","title":"\u6570\u636e\u8d44\u4ea7"},{"location":"security/security-guide/#_338","text":"\u6570\u636e\u8d44\u4ea7\u5f71\u54cd\u5206\u6790\u5206\u89e3\u4e86\u6bcf\u4e2a\u6570\u636e\u8d44\u4ea7\u7684\u673a\u5bc6\u6027\u3001\u5b8c\u6574\u6027\u6216\u53ef\u7528\u6027\u635f\u5931\u7684\u5f71\u54cd\u3002\u9879\u76ee\u67b6\u6784\u5e08\u5e94\u8be5\u5c1d\u8bd5\u5b8c\u6210\u8fd9\u9879\u5de5\u4f5c\uff0c\u56e0\u4e3a\u4ed6\u4eec\u6700\u8be6\u7ec6\u5730\u4e86\u89e3\u4ed6\u4eec\u7684\u9879\u76ee\uff0c\u4f46 OpenStack \u5b89\u5168\u9879\u76ee \uff08OSSP\uff09 \u5c06\u5728\u5b89\u5168\u5ba1\u67e5\u671f\u95f4\u4e0e\u9879\u76ee\u4e00\u8d77\u89e3\u51b3\u8fd9 \u4e2a\u95ee\u9898\uff0c\u5e76\u53ef\u80fd\u6dfb\u52a0\u6216\u66f4\u65b0\u5f71\u54cd\u7ec6\u8282\u3002 \u4f8b\u5982\uff1a RabbitMQ \u51ed\u636e\uff1a \u5b8c\u6574\u6027\u6545\u969c\u5f71\u54cd\uff1abarbican \u548c Workers \u65e0\u6cd5\u518d\u8bbf\u95ee\u961f\u5217\u3002\u62d2\u7edd\u670d\u52a1\u3002 \u673a\u5bc6\u6027\u6545\u969c\u5f71\u54cd\uff1a\u653b\u51fb\u8005\u53ef\u4ee5\u5c06\u65b0\u4efb\u52a1\u6dfb\u52a0\u5230\u961f\u5217\u4e2d\uff0c\u8fd9\u4e9b\u4efb\u52a1\u5c06\u7531\u5de5\u4f5c\u4eba\u5458\u6267\u884c\u3002\u653b\u51fb\u8005\u53ef\u80fd\u8017\u5c3d\u7528\u6237\u914d\u989d\u3002\u62d2\u7edd\u670d\u52a1\u3002\u7528\u6237\u5c06\u65e0\u6cd5\u521b\u5efa\u771f\u6b63\u7684\u673a\u5bc6\u3002 \u53ef\u7528\u6027\u6545\u969c\u5f71\u54cd\uff1a\u5982\u679c\u6ca1\u6709\u5bf9\u961f\u5217\u7684\u8bbf\u95ee\u6743\u9650\uff0cbarbican \u65e0\u6cd5\u518d\u521b\u5efa\u65b0\u5bc6\u94a5\u3002 Keystone \u51ed\u636e\uff1a \u5b8c\u6574\u6027\u6545\u969c\u5f71\u54cd\uff1abarbican \u5c06\u65e0\u6cd5\u9a8c\u8bc1\u7528\u6237\u51ed\u636e\u5e76\u5931\u8d25\u3002\u62d2\u7edd\u670d\u52a1\u3002 \u673a\u5bc6\u6027\u6545\u969c\u5f71\u54cd\uff1a\u6076\u610f\u7528\u6237\u53ef\u80fd\u4f1a\u6ee5\u7528\u5176\u4ed6 OpenStack \u670d\u52a1\uff08\u53d6\u51b3\u4e8e keystone \u89d2\u8272\u914d\u7f6e\uff09\uff0c\u4f46 barbican \u4e0d\u53d7\u5f71\u54cd\u3002\u5982\u679c\u7528\u4e8e\u4ee4\u724c\u9a8c\u8bc1\u7684\u670d\u52a1\u5e10\u6237\u4e5f\u5177\u6709 barbican \u7ba1\u7406\u5458\u6743\u9650\uff0c\u5219\u6076\u610f\u7528\u6237\u53ef\u4ee5\u64cd\u7eb5 barbican \u7ba1\u7406\u5458\u529f\u80fd\u3002 \u53ef\u7528\u6027\u6545\u969c\u5f71\u54cd\uff1abarbican \u5c06\u65e0\u6cd5\u9a8c\u8bc1\u7528\u6237\u51ed\u636e\u5e76\u5931\u8d25\u3002\u62d2\u7edd\u670d\u52a1\u3002","title":"\u6570\u636e\u8d44\u4ea7\u5f71\u54cd\u5206\u6790"},{"location":"security/security-guide/#_339","text":"\u63a5\u53e3\u5217\u8868\u6355\u83b7\u4e86\u5ba1\u67e5\u8303\u56f4\u5185\u7684\u63a5\u53e3\u3002\u8fd9\u5305\u62ec\u67b6\u6784\u56fe\u4e0a\u8de8\u8d8a\u4fe1\u4efb\u8fb9\u754c\u6216\u4e0d\u4f7f\u7528\u884c\u4e1a\u6807\u51c6\u52a0\u5bc6\u534f\u8bae\uff08\u5982 TLS \u6216 SSH\uff09\u7684\u6a21\u5757\u4e4b\u95f4\u7684\u8fde\u63a5\u3002\u5bf9\u4e8e\u6bcf\u4e2a\u63a5\u53e3\uff0c\u5c06\u6355\u83b7\u4ee5\u4e0b\u4fe1\u606f\uff1a \u4f7f\u7528\u7684\u534f\u8bae \u901a\u8fc7\u8be5\u63a5\u53e3\u4f20\u8f93\u7684\u4efb\u4f55\u6570\u636e\u8d44\u4ea7 \u6709\u5173\u7528\u4e8e\u8fde\u63a5\u5230\u8be5\u63a5\u53e3\u7684\u8eab\u4efd\u9a8c\u8bc1\u7684\u4fe1\u606f \u63a5\u53e3\u7528\u9014\u7684\u7b80\u8981\u8bf4\u660e\u3002 \u8bb0\u5f55\u683c\u5f0f\u5982\u4e0b\uff1a \u4ece>\u5230[\u4f20\u8f93\u65b9\u5f0f]\uff1a \u52a8\u6001\u8d44\u4ea7 \u8eab\u4efd\u8ba4\u8bc1\uff1f \u63cf\u8ff0 \u4f8b\u5982\uff1a \u5ba2\u6237\u7aef>API \u8fdb\u7a0b [TLS]\uff1a \u4f20\u8f93\u4e2d\u7684\u8d44\u4ea7\uff1a\u7528\u6237\u5bc6\u94a5\u5931\u771f\u51ed\u636e\u3001\u660e\u6587\u5bc6\u94a5\u3001HTTP \u8c13\u8bcd\u3001\u5bc6\u94a5 ID\u3001\u8def\u5f84 \u5bf9 keystone \u51ed\u636e\u6216\u660e\u6587\u673a\u5bc6\u7684\u8bbf\u95ee\u88ab\u89c6\u4e3a\u7cfb\u7edf\u7684\u5b8c\u5168\u5b89\u5168\u6545\u969c - \u6b64\u63a5\u53e3\u5fc5\u987b\u5177\u6709\u5f3a\u5927\u7684\u673a\u5bc6\u6027\u548c\u5b8c\u6574\u6027\u63a7\u5236\u3002","title":"\u63a5\u53e3"},{"location":"security/security-guide/#_340","text":"\u5217\u51fa\u4e0e\u9879\u76ee\u76f8\u5173\u7684\u8d44\u6e90\uff0c\u4f8b\u5982\u63cf\u8ff0\u5176\u90e8\u7f72\u548c\u7528\u6cd5\u7684 Wiki \u9875\u9762\uff0c\u4ee5\u53ca\u6307\u5411\u4ee3\u7801\u5b58\u50a8\u5e93\u548c\u76f8\u5173\u6f14\u793a\u6587\u7a3f\u7684\u94fe\u63a5\u3002","title":"\u8d44\u6e90"},{"location":"security/security-guide/#_341","text":"\u8eab\u4efd\u670d\u52a1\u68c0\u67e5\u8868 \u4eea\u8868\u677f\u68c0\u67e5\u8868 \u8ba1\u7b97\u670d\u52a1\u68c0\u67e5\u8868 \u5757\u5b58\u50a8\u670d\u52a1\u68c0\u67e5\u8868 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u68c0\u67e5\u8868 \u7f51\u7edc\u670d\u52a1\u68c0\u67e5\u8868","title":"\u5b89\u5168\u68c0\u67e5\u8868"},{"location":"security/security-guide/#_342","text":"\u793e\u533a\u652f\u6301 \u8bcd\u6c47\u8868","title":"\u9644\u5f55"},{"location":"security/security-guide/#_343","text":"\u4ee5\u4e0b\u8d44\u6e90\u53ef\u5e2e\u52a9\u60a8\u8fd0\u884c\u548c\u4f7f\u7528 OpenStack\u3002OpenStack\u793e\u533a\u4e0d\u65ad\u6539\u8fdb\u548c\u589e\u52a0OpenStack\u7684\u4e3b\u8981\u529f\u80fd\uff0c\u4f46\u5982\u679c\u60a8\u6709\u4efb\u4f55\u95ee\u9898\uff0c\u8bf7\u968f\u65f6\u63d0\u95ee\u3002\u4f7f\u7528\u4ee5\u4e0b\u8d44\u6e90\u83b7\u53d6 OpenStack \u652f\u6301\u5e76\u5bf9\u5b89\u88c5\u8fdb\u884c\u6545\u969c\u6392\u9664\u3002","title":"\u793e\u533a\u652f\u6301"},{"location":"security/security-guide/#_344","text":"\u6709\u5173\u53ef\u7528\u7684 OpenStack \u6587\u6863\uff0c\u8bf7\u53c2\u9605 docs.openstack.org\u3002 \u4ee5\u4e0b\u6307\u5357\u89e3\u91ca\u4e86\u5982\u4f55\u5b89\u88c5\u6982\u5ff5\u9a8c\u8bc1 OpenStack \u4e91\u53ca\u5176\u76f8\u5173\u7ec4\u4ef6\uff1a Rocky \u5b89\u88c5\u6307\u5357 \u4ee5\u4e0b\u4e66\u7c4d\u4ecb\u7ecd\u4e86\u5982\u4f55\u914d\u7f6e\u548c\u8fd0\u884c OpenStack \u4e91\uff1a \u67b6\u6784\u8bbe\u8ba1\u6307\u5357 Rocky \u7ba1\u7406\u5458\u6307\u5357 Rocky \u914d\u7f6e\u6307\u5357 Rocky \u7f51\u7edc\u6307\u5357 \u9ad8\u53ef\u7528\u6027\u6307\u5357 \u5b89\u5168\u6307\u5357 \u865a\u62df\u673a\u6620\u50cf\u6307\u5357 \u4ee5\u4e0b\u4e66\u7c4d\u4ecb\u7ecd\u4e86\u5982\u4f55\u4f7f\u7528\u547d\u4ee4\u884c\u5ba2\u6237\u7aef\uff1a Rocky API \u7ed1\u5b9a \u4ee5\u4e0b\u6587\u6863\u63d0\u4f9b\u4e86 OpenStack API \u7684\u53c2\u8003\u548c\u6307\u5bfc\u4fe1\u606f\uff1a API \u6587\u6863 \u4ee5\u4e0b\u6307\u5357\u63d0\u4f9b\u4e86\u6709\u5173\u5982\u4f55\u4e3a OpenStack \u6587\u6863\u505a\u51fa\u8d21\u732e\u7684\u4fe1\u606f\uff1a \u6587\u6863\u8d21\u732e\u8005\u6307\u5357","title":"\u6587\u6863"},{"location":"security/security-guide/#openstack-wiki","text":"OpenStack wiki \u5305\u542b\u5e7f\u6cdb\u7684\u4e3b\u9898\uff0c\u4f46\u6709\u4e9b\u4fe1\u606f\u53ef\u80fd\u5f88\u96be\u627e\u5230\u6216\u53ea\u6709\u51e0\u9875\u6df1\u3002\u5e78\u8fd0\u7684\u662f\uff0cWiki \u641c\u7d22\u529f\u80fd\u4f7f\u60a8\u80fd\u591f\u6309\u6807\u9898\u6216\u5185\u5bb9\u8fdb\u884c\u641c\u7d22\u3002\u5982\u679c\u60a8\u641c\u7d22\u7279\u5b9a\u4fe1\u606f\uff0c\u4f8b\u5982\u6709\u5173\u7f51\u7edc\u6216 OpenStack \u8ba1\u7b97\u7684\u4fe1\u606f\uff0c\u60a8\u53ef\u4ee5\u627e\u5230\u5927\u91cf\u76f8\u5173\u6750\u6599\u3002\u66f4\u591a\u5185\u5bb9\u4e00\u76f4\u5728\u6dfb\u52a0\uff0c\u56e0\u6b64\u8bf7\u52a1\u5fc5\u7ecf\u5e38\u56de\u6765\u67e5\u770b\u3002\u60a8\u53ef\u4ee5\u5728\u4efb\u4f55 OpenStack wiki \u9875\u9762\u7684\u53f3\u4e0a\u89d2\u627e\u5230\u641c\u7d22\u6846\u3002","title":"OpenStack wiki"},{"location":"security/security-guide/#launchpad-bug","text":"OpenStack \u793e\u533a\u91cd\u89c6\u60a8\u7684\u8bbe\u7f6e\u548c\u6d4b\u8bd5\u5de5\u4f5c\uff0c\u5e76\u5e0c\u671b\u5f97\u5230\u60a8\u7684\u53cd\u9988\u3002\u8981\u8bb0\u5f55bug\uff0c\u60a8\u5fc5\u987b\u6ce8\u518c\u4e00\u4e2a Launchpad \u5e10\u6237\u3002\u60a8\u53ef\u4ee5\u5728 Launchpad bug \u533a\u57df\u4e2d\u67e5\u770b\u73b0\u6709bug\u5e76\u62a5\u544abug\u3002\u4f7f\u7528\u641c\u7d22\u529f\u80fd\u786e\u5b9abug\u662f\u5426\u5df2\u62a5\u544a\u6216\u5df2\u4fee\u590d\u3002\u5982\u679c\u60a8\u7684bug\u4f3c\u4e4e\u4ecd\u672a\u62a5\u544a\uff0c\u8bf7\u586b\u5199bug\u62a5\u544a\u3002 \u4e00\u4e9b\u63d0\u793a\uff1a \u7ed9\u51fa\u4e00\u4e2a\u6e05\u6670\u3001\u7b80\u6d01\u7684\u603b\u7ed3\u3002 \u5728\u63cf\u8ff0\u4e2d\u63d0\u4f9b\u5c3d\u53ef\u80fd\u591a\u7684\u8be6\u7ec6\u4fe1\u606f\u3002\u7c98\u8d34\u547d\u4ee4\u8f93\u51fa\u6216\u5806\u6808\u8ddf\u8e2a\u3001\u5c4f\u5e55\u622a\u56fe\u94fe\u63a5\u4ee5\u53ca\u53ef\u80fd\u6709\u7528\u7684\u4efb\u4f55\u5176\u4ed6\u4fe1\u606f\u3002 \u8bf7\u52a1\u5fc5\u5305\u62ec\u60a8\u6b63\u5728\u4f7f\u7528\u7684\u8f6f\u4ef6\u548c\u8f6f\u4ef6\u5305\u7248\u672c\uff0c\u5c24\u5176\u662f\u5728\u4f7f\u7528\u5f00\u53d1\u5206\u652f\uff08\u5982 \"Kilo release\" vs git commit bc79c3ecc55929bac585d04a03475b72e06a3208 . \u4efb\u4f55\u7279\u5b9a\u4e8e\u90e8\u7f72\u7684\u4fe1\u606f\u90fd\u5f88\u6709\u7528\uff0c\u4f8b\u5982\u60a8\u4f7f\u7528\u7684\u662f Ubuntu 14.04 \u8fd8\u662f\u6b63\u5728\u6267\u884c\u591a\u8282\u70b9\u5b89\u88c5\u3002 \u4ee5\u4e0b Launchpad Bug \u533a\u57df\u53ef\u7528\uff1a Bugs\uff1aOpenStack \u5757\u5b58\u50a8 \uff08cinder\uff09 Bugs\uff1aOpenStack \u8ba1\u7b97\uff08nova\uff09 Bugs\uff1aOpenStack \u4eea\u8868\u677f\uff08horizon\uff09 Bugs\uff1aOpenStack \u8eab\u4efd\u8ba4\u8bc1\uff08keystone\uff09 Bugs\uff1aOpenStack \u955c\u50cf\u670d\u52a1 \uff08glance\uff09 Bugs\uff1aOpenStack \u7f51\u7edc\uff08neutron\uff09 Bugs\uff1aOpenStack \u5bf9\u8c61\u5b58\u50a8 \uff08swift\uff09 Bugs\uff1a\u5e94\u7528\u7a0b\u5e8f\u76ee\u5f55 \uff08murano\uff09 Bugs\uff1a\u88f8\u673a\u670d\u52a1\uff08ironic\uff09 Bugs\uff1a\u96c6\u7fa4\u670d\u52a1\uff08senlin\uff09 Bugs\uff1a\u5bb9\u5668\u57fa\u7840\u67b6\u6784\u7ba1\u7406\u670d\u52a1\uff08magnum\uff09 Bugs\uff1a\u6570\u636e\u5904\u7406\u670d\u52a1\uff08sahara\uff09 Bugs\uff1a\u6570\u636e\u5e93\u670d\u52a1 \uff08trove\uff09 Bugs\uff1aDNS\u670d\u52a1\uff08designate\uff09 Bugs\uff1a\u5bc6\u94a5\u7ba1\u7406\u670d\u52a1\uff08barbican\uff09 Bugs\uff1a\u76d1\u63a7 \uff08monasca\uff09 Bugs\uff1a\u7f16\u6392 \uff08heat\uff09 Bugs\uff1a\u8bc4\u7ea7 \uff08cloudkitty\uff09 Bugs\uff1a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf \uff08manila\uff09 Bugs\uff1a\u9065\u6d4b\uff08ceilometer\uff09 Bugs\uff1a\u9065\u6d4bv3 \uff08gnocchi\uff09 Bugs\uff1a\u5de5\u4f5c\u6d41\u670d\u52a1 \uff08mistral\uff09 Bugs\uff1a\u6d88\u606f\u4f20\u9012\u670d\u52a1 \uff08zaqar\uff09 Bugs\uff1a\u5bb9\u5668\u670d\u52a1 \uff08zun\uff09 Bugs\uff1aOpenStack API \u6587\u6863 \uff08developer.openstack.org\uff09 Bugs\uff1aOpenStack \u6587\u6863 \uff08docs.openstack.org\uff09","title":"Launchpad bug \u533a\u57df"},{"location":"security/security-guide/#_345","text":"\u8981\u63d0\u4f9b\u6709\u5173\u6587\u6863\u7684\u53cd\u9988\uff0c\u8bf7\u52a0\u5165\u6211\u4eec\u5728 OFTC IRC \u7f51\u7edc\u4e0a\u7684 IRC \u9891\u9053 #openstack-doc \uff0c\u6216\u5728 Launchpad \u4e2d\u62a5\u544a\u9519\u8bef\u5e76\u9009\u62e9\u6587\u6863\u6240\u5c5e\u7684\u7279\u5b9a\u9879\u76ee\u3002","title":"\u6587\u6863\u53cd\u9988"},{"location":"security/security-guide/#openstack-irc","text":"OpenStack \u793e\u533a\u4f4d\u4e8e OFTC \u7f51\u7edc\u4e0a\u7684 #openstack IRC \u9891\u9053\u4e2d\u3002\u60a8\u53ef\u4ee5\u5728\u8fd9\u91cc\u63d0\u95ee\uff0c\u83b7\u53d6\u5373\u65f6\u53cd\u9988\uff0c\u89e3\u51b3\u7d27\u6025\u95ee\u9898\u3002\u8981\u5b89\u88c5 IRC \u5ba2\u6237\u7aef\u6216\u4f7f\u7528\u57fa\u4e8e\u6d4f\u89c8\u5668\u7684\u5ba2\u6237\u7aef\uff0c\u8bf7\u8bbf\u95ee https://webchat.oftc.net/\u3002\u60a8\u8fd8\u53ef\u4ee5\u4f7f\u7528Colloquy \uff08Mac OS X\uff09\u3001mIRC \uff08Windows\uff09 \u6216 XChat \uff08Linux\uff09\u3002\u5f53\u60a8\u5728 IRC \u9891\u9053\u4e2d\u5e76\u4e14\u60f3\u8981\u5171\u4eab\u4ee3\u7801\u6216\u547d\u4ee4\u8f93\u51fa\u65f6\uff0c\u901a\u5e38\u63a5\u53d7\u7684\u65b9\u6cd5\u662f\u4f7f\u7528 Paste Bin\u3002OpenStack \u9879\u76ee\u6709\u4e00\u4e2aPaste\u7f51\u7ad9\u3002\u53ea\u9700\u5c06\u8f83\u957f\u7684\u6587\u672c\u6216\u65e5\u5fd7\u7c98\u8d34\u5230 Web \u8868\u5355\u4e2d\uff0c\u5373\u53ef\u83b7\u5f97\u4e00\u4e2aURL\uff0c\u53ef\u4ee5\u5c06\u5176\u7c98\u8d34\u5230\u9891\u9053\u4e2d\u3002OpenStack IRC \u9891\u9053\u5904\u4e8e #openstack . irc.oftc.net \u60a8\u53ef\u4ee5\u5728 wiki \u7684 IRC \u9875\u9762\u4e0a\u627e\u5230\u6240\u6709 OpenStack IRC \u9891\u9053\u7684\u5217\u8868\u3002","title":"OpenStack IRC \u9891\u9053"},{"location":"security/security-guide/#openstack_14","text":"\u83b7\u5f97\u7b54\u6848\u548c\u89c1\u89e3\u7684\u4e00\u4e2a\u597d\u65b9\u6cd5\u662f\u5c06\u60a8\u7684\u95ee\u9898\u6216\u6709\u95ee\u9898\u7684\u573a\u666f\u53d1\u5e03\u5230 OpenStack \u90ae\u4ef6\u5217\u8868\u4e2d\u3002\u60a8\u53ef\u4ee5\u5411\u53ef\u80fd\u9047\u5230\u7c7b\u4f3c\u95ee\u9898\u7684\u5176\u4ed6\u4eba\u5b66\u4e60\u548c\u63d0\u4f9b\u5e2e\u52a9\u3002\u8981\u8ba2\u9605\u6216\u67e5\u770b\u5b58\u6863\uff0c\u8bf7\u8bbf\u95ee\u4e00\u822c\u7684 OpenStack \u90ae\u4ef6\u5217\u8868\u3002\u5982\u679c\u60a8\u5bf9\u7279\u5b9a\u9879\u76ee\u6216\u5f00\u53d1\u7684\u5176\u4ed6\u90ae\u4ef6\u5217\u8868\u611f\u5174\u8da3\uff0c\u8bf7\u53c2\u9605\u90ae\u4ef6\u5217\u8868\u3002","title":"OpenStack \u90ae\u4ef6\u5217\u8868"},{"location":"security/security-guide/#openstack_15","text":"\u4ee5\u4e0b Linux \u53d1\u884c\u7248\u4e3a OpenStack \u63d0\u4f9b\u793e\u533a\u652f\u6301\u7684\u8f6f\u4ef6\u5305\uff1a CentOS, Fedora, and Red Hat Enterprise Linux: https://www.rdoproject.org/ openSUSE and SUSE Linux Enterprise Server: https://en.opensuse.org/Portal:OpenStack Ubuntu: https://wiki.ubuntu.com/OpenStack/CloudArchive","title":"OpenStack \u53d1\u884c\u5305"},{"location":"security/security-guide/#_346","text":"\u672c\u8bcd\u6c47\u8868\u63d0\u4f9b\u4e86\u4e00\u7cfb\u5217\u672f\u8bed\u548c\u5b9a\u4e49\uff0c\u7528\u4e8e\u5b9a\u4e49 OpenStack \u76f8\u5173\u6982\u5ff5\u7684\u8bcd\u6c47\u8868\u3002 \u8981\u6dfb\u52a0\u5230 OpenStack \u672f\u8bed\u8868\uff0c\u8bf7\u514b\u9686 openstack/openstack-manuals \u5b58\u50a8\u5e93\uff0c\u5e76\u901a\u8fc7 OpenStack \u8d21\u732e\u8fc7\u7a0b\u66f4\u65b0\u6e90\u6587\u4ef6 doc/common/glossary.rst \u3002","title":"\u8bcd\u6c47\u8868"},{"location":"security/security-guide/#0-9","text":"2023.1 Antelope OpenStack \u7b2c 27 \u7248\u7684\u4ee3\u53f7\u3002\u6b64\u7248\u672c\u662f\u57fa\u4e8e\u201c\u5e74\u201d\u4e4b\u540e\u5f62\u6210\u7684\u65b0\u7248\u672c\u6807\u8bc6\u8fc7\u7a0b\u7684\u7b2c\u4e00\u4e2a\u7248\u672c\u3002\u5e74\u5185\u91ca\u653e\u8ba1\u6570\u201c\uff0cAntelope\u662f\u4e00\u79cd\u654f\u6377\u800c\u4eb2\u5207\u7684\u52a8\u7269\uff0c\u4e5f\u662f\u4e00\u79cd\u84b8\u6c7d\u673a\u8f66\u7684\u7c7b\u578b\u3002 2023.2 Bobcat OpenStack \u7b2c 28 \u7248\u7684\u4ee3\u53f7\u3002 2024.1 Caracal OpenStack \u7b2c 29 \u7248\u7684\u4ee3\u53f7\u3002 6to4 \u4e00\u79cd\u5141\u8bb8 IPv6 \u6570\u636e\u5305\u901a\u8fc7 IPv4 \u7f51\u7edc\u4f20\u8f93\u7684\u673a\u5236\uff0c\u63d0\u4f9b\u8fc1\u79fb\u5230 IPv6 \u7684\u7b56\u7565\u3002","title":"0-9"},{"location":"security/security-guide/#a","text":"\u7edd\u5bf9\u9650\u5236 \u5ba2\u6237\u673a\u865a\u62df\u673a\u7684\u4e0d\u53ef\u903e\u8d8a\u9650\u5236\u3002 \u8bbe\u7f6e\u5305\u62ec\u603b RAM \u5927\u5c0f\u3001\u6700\u5927 vCPU \u6570\u548c\u6700\u5927\u78c1\u76d8\u5927\u5c0f\u3002 \u8bbf\u95ee\u63a7\u5236\u5217\u8868\uff08ACL\uff09 \u9644\u52a0\u5230\u5bf9\u8c61\u7684\u6743\u9650\u5217\u8868\u3002ACL \u6307\u5b9a\u54ea\u4e9b\u7528\u6237\u6216\u7cfb\u7edf\u8fdb\u7a0b\u6709\u6743\u8bbf\u95ee\u5bf9\u8c61\u3002\u5b83\u8fd8\u5b9a\u4e49\u53ef\u4ee5\u5bf9\u6307\u5b9a\u5bf9\u8c61\u6267\u884c\u54ea\u4e9b\u64cd\u4f5c\u3002\u5178\u578b ACL \u4e2d\u7684\u6bcf\u4e2a\u6761\u76ee\u90fd\u6307\u5b9a\u4e00\u4e2a\u4e3b\u9898\u548c\u4e00\u4e2a\u64cd\u4f5c\u3002\u4f8b\u5982\uff0c\u6587\u4ef6\u7684 ACL \u6761\u76ee (Alice, delete) \u6388\u4e88 Alice \u5220\u9664\u8be5\u6587\u4ef6\u7684\u6743\u9650\u3002 \u8bbf\u95ee\u5bc6\u94a5 Amazon EC2 \u8bbf\u95ee\u5bc6\u94a5\u7684\u66ff\u4ee3\u672f\u8bed\u3002\u8bf7\u53c2\u9605 EC2 \u8bbf\u95ee\u5bc6\u94a5\u3002 \u8d26\u6237 \u5bf9\u8c61\u5b58\u50a8\u4e2d\u8d26\u6237\u7684\u4e0a\u4e0b\u6587\u3002\u4e0d\u8981\u4e0e\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u4e2d\u7684\u7528\u6237\u5e10\u6237\u6df7\u6dc6\uff0c\u4f8b\u5982 Active Directory\u3001/etc/passwd\u3001OpenLDAP\u3001OpenStack Identity \u7b49\u3002 \u8d26\u6237\u5ba1\u6838\u5458 \u901a\u8fc7\u5bf9\u540e\u7aef SQLite \u6570\u636e\u5e93\u8fd0\u884c\u67e5\u8be2\uff0c\u68c0\u67e5\u6307\u5b9a\u5bf9\u8c61\u5b58\u50a8\u5e10\u6237\u4e2d\u7f3a\u5c11\u7684\u526f\u672c\u4ee5\u53ca\u4e0d\u6b63\u786e\u6216\u635f\u574f\u7684\u5bf9\u8c61\u3002 \u8d26\u6237\u6570\u636e\u5e93 \u4e00\u4e2a SQLite \u6570\u636e\u5e93\uff0c\u5176\u4e2d\u5305\u542b\u5bf9\u8c61\u5b58\u50a8\u5e10\u6237\u548c\u76f8\u5173\u5143\u6570\u636e\uff0c\u5e76\u4e14\u5e10\u6237\u670d\u52a1\u5668\u53ef\u4ee5\u8bbf\u95ee\u8be5\u6570\u636e\u5e93\u3002 \u8d26\u6237\u56de\u6536\u5668 \u4e00\u4e2a\u5bf9\u8c61\u5b58\u50a8\u5de5\u4f5c\u7ebf\u7a0b\uff0c\u7528\u4e8e\u626b\u63cf\u548c\u5220\u9664\u5e10\u6237\u6570\u636e\u5e93\uff0c\u5e76\u4e14\u5e10\u6237\u670d\u52a1\u5668\u5df2\u6807\u8bb0\u4e3a\u5220\u9664\u3002 \u8d26\u6237\u670d\u52a1\u5668 \u5217\u51fa\u5bf9\u8c61\u5b58\u50a8\u4e2d\u7684\u5bb9\u5668\uff0c\u5e76\u5c06\u5bb9\u5668\u4fe1\u606f\u5b58\u50a8\u5728\u5e10\u6237\u6570\u636e\u5e93\u4e2d\u3002 \u8d26\u6237\u670d\u52a1 \u5bf9\u8c61\u5b58\u50a8\u7ec4\u4ef6\uff0c\u63d0\u4f9b\u5217\u8868\u3001\u521b\u5efa\u3001\u4fee\u6539\u3001\u5ba1\u8ba1\u7b49\u8d26\u53f7\u670d\u52a1\u3002\u4e0d\u8981\u4e0e OpenStack Identity \u670d\u52a1\u3001OpenLDAP \u6216\u7c7b\u4f3c\u7684\u7528\u6237\u5e10\u6237\u670d\u52a1\u6df7\u6dc6\u3002 \u4f1a\u8ba1 \u8ba1\u7b97\u670d\u52a1\u901a\u8fc7\u4e8b\u4ef6\u901a\u77e5\u548c\u7cfb\u7edf\u4f7f\u7528\u60c5\u51b5\u6570\u636e\u5de5\u5177\u63d0\u4f9b\u4f1a\u8ba1\u4fe1\u606f\u3002 \u6d3b\u52a8\u76ee\u5f55 Microsoft \u57fa\u4e8e LDAP \u7684\u8eab\u4efd\u9a8c\u8bc1\u548c\u8eab\u4efd\u670d\u52a1\u3002\u5728 OpenStack \u4e2d\u53d7\u652f\u6301\u3002 \u4e3b/\u4e3b\u914d\u7f6e \u5728\u5177\u6709\u4e3b/\u4e3b\u914d\u7f6e\u7684\u9ad8\u53ef\u7528\u6027\u8bbe\u7f6e\u4e2d\uff0c\u591a\u4e2a\u7cfb\u7edf\u4e00\u8d77\u5206\u62c5\u8d1f\u8f7d\uff0c\u5982\u679c\u5176\u4e2d\u4e00\u4e2a\u7cfb\u7edf\u53d1\u751f\u6545\u969c\uff0c\u5219\u8d1f\u8f7d\u5c06\u5206\u914d\u7ed9\u5176\u4f59\u7cfb\u7edf\u3002 \u4e3b/\u5907\u914d\u7f6e \u5728\u5177\u6709\u4e3b/\u5907\u914d\u7f6e\u7684\u9ad8\u53ef\u7528\u6027\u8bbe\u7f6e\u4e2d\uff0c\u7cfb\u7edf\u8bbe\u7f6e\u4e3a\u4f7f\u5176\u4ed6\u8d44\u6e90\u8054\u673a\u4ee5\u66ff\u6362\u90a3\u4e9b\u51fa\u73b0\u6545\u969c\u7684\u8d44\u6e90\u3002 \u5730\u5740\u6c60 \u5206\u914d\u7ed9\u9879\u76ee\u7684\u4e00\u7ec4\u56fa\u5b9a\u548c/\u6216\u6d6e\u52a8 IP \u5730\u5740\uff0c\u53ef\u7531\u9879\u76ee\u4e2d\u7684 VM \u5b9e\u4f8b\u4f7f\u7528\u6216\u5206\u914d\u7ed9\u9879\u76ee\u3002 \u5730\u5740\u89e3\u6790\u534f\u8bae \uff08ARP\uff09 \u5c06\u4e09\u5c42IP\u5730\u5740\u89e3\u6790\u4e3a\u4e8c\u5c42\u94fe\u8def\u672c\u5730\u5730\u5740\u7684\u534f\u8bae\u3002 \u7ba1\u7406\u5458 API \u6388\u6743\u7ba1\u7406\u5458\u53ef\u8bbf\u95ee\u7684 API \u8c03\u7528\u5b50\u96c6\uff0c\u6700\u7ec8\u7528\u6237\u6216\u516c\u5171 Internet \u901a\u5e38\u65e0\u6cd5\u8bbf\u95ee\u8fd9\u4e9b\u8c03\u7528\u3002\u5b83\u4eec\u53ef\u4ee5\u4f5c\u4e3a\u5355\u72ec\u7684\u670d\u52a1 \uff08keystone\uff09 \u5b58\u5728\uff0c\u4e5f\u53ef\u4ee5\u662f\u53e6\u4e00\u4e2a API \uff08nova\uff09 \u7684\u5b50\u96c6\u3002 \u7ba1\u7406\u5458\u670d\u52a1\u5668 \u5728 Identity \u670d\u52a1\u7684\u4e0a\u4e0b\u6587\u4e2d\uff0c\u63d0\u4f9b\u5bf9\u7ba1\u7406 API \u7684\u8bbf\u95ee\u7684\u5de5\u4f5c\u8fdb\u7a0b\u3002 \u7ba1\u7406\u5458 \u8d1f\u8d23\u5b89\u88c5\u3001\u914d\u7f6e\u548c\u7ba1\u7406 OpenStack \u4e91\u7684\u4eba\u5458\u3002 \u9ad8\u7ea7\u6d88\u606f\u961f\u5217\u534f\u8bae \uff08AMQP\uff09 OpenStack \u7ec4\u4ef6\u7528\u4e8e\u670d\u52a1\u5185\u90e8\u901a\u4fe1\u7684\u5f00\u653e\u6807\u51c6\u6d88\u606f\u4f20\u9012\u534f\u8bae\uff0c\u7531 RabbitMQ\u3001Qpid \u6216 ZeroMQ \u63d0\u4f9b\u3002 \u9ad8\u7ea7 RISC \u673a\u5668 \uff08ARM\uff09 \u4f4e\u529f\u8017 CPU \u5e38\u89c1\u4e8e\u79fb\u52a8\u548c\u5d4c\u5165\u5f0f\u8bbe\u5907\u4e2d\u3002\u7531 OpenStack \u652f\u6301\u3002 \u8b66\u62a5 \u8ba1\u7b97\u670d\u52a1\u53ef\u4ee5\u901a\u8fc7\u5176\u901a\u77e5\u7cfb\u7edf\u53d1\u9001\u8b66\u62a5\uff0c\u8be5\u7cfb\u7edf\u5305\u62ec\u7528\u4e8e\u521b\u5efa\u81ea\u5b9a\u4e49\u901a\u77e5\u9a71\u52a8\u7a0b\u5e8f\u7684\u5de5\u5177\u3002\u8b66\u62a5\u53ef\u4ee5\u53d1\u9001\u5230\u5e76\u5728\u4eea\u8868\u677f\u4e0a\u663e\u793a\u3002 \u5206\u914d \u4ece\u5730\u5740\u6c60\u4e2d\u83b7\u53d6\u6d6e\u52a8 IP \u5730\u5740\uff0c\u4ee5\u4fbf\u5c06\u5176\u4e0e\u6765\u5bbe VM \u5b9e\u4f8b\u4e0a\u7684\u56fa\u5b9a IP \u76f8\u5173\u8054\u7684\u8fc7\u7a0b\u3002 Amazon \u5185\u6838\u6620\u50cf \uff08AKI\uff09 VM \u5bb9\u5668\u683c\u5f0f\u548c\u78c1\u76d8\u683c\u5f0f\u3002\u53d7Image\u670d\u52a1\u652f\u6301\u3002 Amazon \u7cfb\u7edf\u6620\u50cf \uff08AMI\uff09 VM \u5bb9\u5668\u683c\u5f0f\u548c\u78c1\u76d8\u683c\u5f0f\u3002\u53d7Image\u670d\u52a1\u652f\u6301\u3002 Amazon Ramdisk \u6620\u50cf \uff08ARI\uff09 VM \u5bb9\u5668\u683c\u5f0f\u548c\u78c1\u76d8\u683c\u5f0f\u3002\u53d7Image\u670d\u52a1\u652f\u6301\u3002 Anvil \u5c06\u540d\u4e3a DevStack \u7684\u57fa\u4e8e shell \u811a\u672c\u7684\u9879\u76ee\u79fb\u690d\u5230 Python \u7684\u9879\u76ee\u3002 AODH OpenStack \u9065\u6d4b\u670d\u52a1\u7684\u4e00\u90e8\u5206;\u63d0\u4f9b\u62a5\u8b66\u529f\u80fd\u3002 Apache Apache \u8f6f\u4ef6\u57fa\u91d1\u4f1a\u652f\u6301 Apache \u5f00\u6e90\u8f6f\u4ef6\u9879\u76ee\u7684 Apache \u793e\u533a\u3002\u8fd9\u4e9b\u9879\u76ee\u4e3a\u516c\u5171\u5229\u76ca\u63d0\u4f9b\u8f6f\u4ef6\u4ea7\u54c1\u3002 Apache \u8bb8\u53ef\u8bc1 2.0 \u6240\u6709 OpenStack \u6838\u5fc3\u9879\u76ee\u90fd\u662f\u6839\u636e Apache License 2.0 \u8bb8\u53ef\u8bc1\u7684\u6761\u6b3e\u63d0\u4f9b\u7684\u3002 Apache Web \u670d\u52a1\u5668 \u76ee\u524d\u5728 Internet \u4e0a\u4f7f\u7528\u7684\u6700\u5e38\u7528\u7684 Web \u670d\u52a1\u5668\u8f6f\u4ef6\u3002 API \u7aef\u70b9 \u5ba2\u6237\u7aef\u4e3a\u8bbf\u95ee API \u800c\u4e0e\u4e4b\u901a\u4fe1\u7684\u5b88\u62a4\u7a0b\u5e8f\u3001\u5de5\u4f5c\u7a0b\u5e8f\u6216\u670d\u52a1\u3002API \u7ec8\u7ed3\u70b9\u53ef\u4ee5\u63d0\u4f9b\u4efb\u610f\u6570\u91cf\u7684\u670d\u52a1\uff0c\u4f8b\u5982\u8eab\u4efd\u9a8c\u8bc1\u3001\u9500\u552e\u6570\u636e\u3001\u6027\u80fd\u6307\u6807\u3001\u8ba1\u7b97 VM \u547d\u4ee4\u3001\u4eba\u53e3\u666e\u67e5\u6570\u636e\u7b49\u3002 API \u6269\u5c55 \u6269\u5c55\u67d0\u4e9b OpenStack \u6838\u5fc3 API \u7684\u81ea\u5b9a\u4e49\u6a21\u5757\u3002 API \u6269\u5c55\u63d2\u4ef6 \u7f51\u7edc\u63d2\u4ef6\u6216\u7f51\u7edc API \u6269\u5c55\u7684\u66ff\u4ee3\u672f\u8bed\u3002 API \u5bc6\u94a5 API \u4ee4\u724c\u7684\u66ff\u4ee3\u672f\u8bed\u3002 API \u670d\u52a1\u5668 \u8fd0\u884c\u63d0\u4f9b API \u7aef\u70b9\u7684\u5b88\u62a4\u7a0b\u5e8f\u6216\u5de5\u4f5c\u7ebf\u7a0b\u7684\u4efb\u4f55\u8282\u70b9\u3002 API \u4ee4\u724c \u4f20\u9012\u7ed9 API \u8bf7\u6c42\u5e76\u7531 OpenStack \u7528\u4e8e\u9a8c\u8bc1\u5ba2\u6237\u7aef\u662f\u5426\u6709\u6743\u8fd0\u884c\u8bf7\u6c42\u7684\u64cd\u4f5c\u3002 API \u7248\u672c \u5728 OpenStack \u4e2d\uff0c\u9879\u76ee\u7684 API \u7248\u672c\u662f URL \u7684\u4e00\u90e8\u5206\u3002\u4f8b\u5982\uff0c example.com/nova/v1/foobar . \u5c0f\u5e94\u7528\u7a0b\u5e8f \u53ef\u4ee5\u5d4c\u5165\u5230\u7f51\u9875\u4e2d\u7684 Java \u7a0b\u5e8f\u3002 \u5e94\u7528\u7a0b\u5e8f\u76ee\u5f55\u670d\u52a1\uff08murano\uff09 \u63d0\u4f9b\u5e94\u7528\u7a0b\u5e8f\u76ee\u5f55\u670d\u52a1\u7684\u9879\u76ee\uff0c\u4ee5\u4fbf\u7528\u6237\u53ef\u4ee5\u5728\u7ba1\u7406\u5e94\u7528\u7a0b\u5e8f\u751f\u547d\u5468\u671f\u7684\u540c\u65f6\uff0c\u5728\u5e94\u7528\u7a0b\u5e8f\u62bd\u8c61\u7ea7\u522b\u4e0a\u7f16\u5199\u548c\u90e8\u7f72\u590d\u5408\u73af\u5883\u3002 \u5e94\u7528\u7a0b\u5e8f\u7f16\u7a0b\u63a5\u53e3\uff08API\uff09 \u7528\u4e8e\u8bbf\u95ee\u670d\u52a1\u3001\u5e94\u7528\u7a0b\u5e8f\u6216\u7a0b\u5e8f\u7684\u89c4\u8303\u96c6\u5408\u3002\u5305\u62ec\u670d\u52a1\u8c03\u7528\u3001\u6bcf\u4e2a\u8c03\u7528\u7684\u5fc5\u9700\u53c2\u6570\u4ee5\u53ca\u9884\u671f\u7684\u8fd4\u56de\u503c\u3002 \u5e94\u7528\u670d\u52a1\u5668 \u4e00\u79cd\u8f6f\u4ef6\uff0c\u5b83\u4f7f\u53e6\u4e00\u79cd\u8f6f\u4ef6\u5728\u7f51\u7edc\u4e0a\u53ef\u7528\u3002 \u5e94\u7528\u670d\u52a1\u63d0\u4f9b\u8005\u5546\uff08ASP\uff09 \u79df\u7528\u4e13\u7528\u5e94\u7528\u7a0b\u5e8f\u7684\u516c\u53f8\uff0c\u8fd9\u4e9b\u5e94\u7528\u7a0b\u5e8f\u53ef\u5e2e\u52a9\u4f01\u4e1a\u548c\u7ec4\u7ec7\u4ee5\u66f4\u4f4e\u7684\u6210\u672c\u63d0\u4f9b\u9644\u52a0\u670d\u52a1\u3002 \u53ef\u5206\u914d \u7528\u4e8e\u7ef4\u62a4 Linux \u5185\u6838\u9632\u706b\u5899\u6a21\u5757\u4e2d\u7684\u5730\u5740\u89e3\u6790\u534f\u8bae\u6570\u636e\u5305\u8fc7\u6ee4\u89c4\u5219\u7684\u5de5\u5177\u3002\u5728\u8ba1\u7b97\u4e2d\u4e0e iptables\u3001ebtables \u548c ip6tables \u4e00\u8d77\u4f7f\u7528\uff0c\u4e3a VM \u63d0\u4f9b\u9632\u706b\u5899\u670d\u52a1\u3002 \u5173\u8054 \u5c06\u8ba1\u7b97\u6d6e\u52a8 IP \u5730\u5740\u4e0e\u56fa\u5b9a IP \u5730\u5740\u5173\u8054\u7684\u8fc7\u7a0b\u3002 \u5f02\u6b65 JavaScript \u548c XML \uff08AJAX\uff09 \u4e00\u7ec4\u76f8\u4e92\u5173\u8054\u7684 Web \u5f00\u53d1\u6280\u672f\uff0c\u7528\u4e8e\u5728\u5ba2\u6237\u7aef\u521b\u5efa\u5f02\u6b65 Web \u5e94\u7528\u7a0b\u5e8f\u3002\u5728\u5730\u5e73\u7ebf\u4e2d\u5e7f\u6cdb\u4f7f\u7528\u3002 \u4ee5\u592a\u7f51 ATA \uff08AoE\uff09 \u5728\u4ee5\u592a\u7f51\u4e2d\u5efa\u7acb\u96a7\u9053\u7684\u78c1\u76d8\u5b58\u50a8\u534f\u8bae\u3002 \u9644\u52a0 \u5728\u7f51\u7edc\u4e2d\u5c06 VIF \u6216 vNIC \u8fde\u63a5\u5230 L2 \u7f51\u7edc\u7684\u8fc7\u7a0b\u3002\u5728\u8ba1\u7b97\u4e0a\u4e0b\u6587\u4e2d\uff0c\u6b64\u8fc7\u7a0b\u5c06\u5b58\u50a8\u5377\u8fde\u63a5\u5230\u5b9e\u4f8b\u3002 \u9644\u4ef6\uff08\u7f51\u7edc\uff09 \u63a5\u53e3 ID \u4e0e\u903b\u8f91\u7aef\u53e3\u7684\u5173\u8054\u3002\u5c06\u63a5\u53e3\u63d2\u5165\u7aef\u53e3\u3002 \u5ba1\u8ba1 \u901a\u8fc7\u7cfb\u7edf\u4f7f\u7528\u60c5\u51b5\u6570\u636e\u5de5\u5177\u5728\u8ba1\u7b97\u4e2d\u63d0\u4f9b\u3002 \u5ba1\u8ba1\u5458 \u9a8c\u8bc1\u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61\u3001\u5bb9\u5668\u548c\u5e10\u6237\u5b8c\u6574\u6027\u7684\u5de5\u4f5c\u8fdb\u7a0b\u3002\u5ba1\u6838\u5458\u662f\u5bf9\u8c61\u5b58\u50a8\u5e10\u6237\u5ba1\u8ba1\u5458\u3001\u5bb9\u5668\u5ba1\u8ba1\u5458\u548c\u5bf9\u8c61\u5ba1\u8ba1\u5458\u7684\u7edf\u79f0\u3002 Austin OpenStack \u521d\u59cb\u7248\u672c\u7684\u4ee3\u53f7\u3002\u9996\u5c4a\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u7f8e\u56fd\u5fb7\u514b\u8428\u65af\u5dde\u5965\u65af\u6c40\u4e3e\u884c\u3002 auth \u8282\u70b9 \u5bf9\u8c61\u5b58\u50a8\u6388\u6743\u8282\u70b9\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u8eab\u4efd\u9a8c\u8bc1 \u901a\u8fc7\u79c1\u94a5\u3001\u79d8\u5bc6\u4ee4\u724c\u3001\u5bc6\u7801\u3001\u6307\u7eb9\u6216\u7c7b\u4f3c\u65b9\u6cd5\u786e\u8ba4\u7528\u6237\u3001\u8fdb\u7a0b\u6216\u5ba2\u6237\u7aef\u786e\u5b9e\u662f\u4ed6\u4eec\u6240\u8bf4\u7684\u4eba\u7684\u8fc7\u7a0b\u3002 \u8eab\u4efd\u9a8c\u8bc1\u4ee4\u724c \u8eab\u4efd\u9a8c\u8bc1\u540e\u63d0\u4f9b\u7ed9\u5ba2\u6237\u7aef\u7684\u6587\u672c\u5b57\u7b26\u4e32\u3002\u5fc5\u987b\u7531\u7528\u6237\u6216\u8fdb\u7a0b\u5728\u5bf9 API \u7aef\u70b9\u7684\u540e\u7eed\u8bf7\u6c42\u4e2d\u63d0\u4f9b\u3002 AuthN \u63d0\u4f9b\u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1\u7684\u6807\u8bc6\u670d\u52a1\u7ec4\u4ef6\u3002 \u6388\u6743 \u9a8c\u8bc1\u7528\u6237\u3001\u8fdb\u7a0b\u6216\u5ba2\u6237\u7aef\u662f\u5426\u6709\u6743\u6267\u884c\u64cd\u4f5c\u7684\u884c\u4e3a\u3002 \u6388\u6743\u8282\u70b9 \u63d0\u4f9b\u6388\u6743\u670d\u52a1\u7684\u5bf9\u8c61\u5b58\u50a8\u8282\u70b9\u3002 AuthZ \u63d0\u4f9b\u9ad8\u7ea7\u6388\u6743\u670d\u52a1\u7684\u8eab\u4efd\u7ec4\u4ef6\u3002 \u81ea\u52a8\u786e\u8ba4 RabbitMQ \u4e2d\u7684\u914d\u7f6e\u8bbe\u7f6e\uff0c\u7528\u4e8e\u542f\u7528\u6216\u7981\u7528\u6d88\u606f\u786e\u8ba4\u3002\u9ed8\u8ba4\u542f\u7528\u3002 \u81ea\u52a8\u58f0\u660e \u4e00\u4e2a Compute RabbitMQ \u8bbe\u7f6e\uff0c\u7528\u4e8e\u786e\u5b9a\u5728\u7a0b\u5e8f\u542f\u52a8\u65f6\u662f\u5426\u81ea\u52a8\u521b\u5efa\u6d88\u606f\u4ea4\u6362\u3002 \u53ef\u7528\u533a \u7528\u4e8e\u5bb9\u9519\u7684\u9694\u79bb\u533a\u57df\u7684 Amazon EC2 \u6982\u5ff5\u3002\u4e0d\u8981\u4e0e OpenStack Compute \u533a\u57df\u6216\u5355\u5143\u6df7\u6dc6\u3002 AWS CloudFormation \u6a21\u677f AWS CloudFormation \u5141\u8bb8 Amazon Web Services \uff08AWS\uff09 \u7528\u6237\u521b\u5efa\u548c\u7ba1\u7406\u76f8\u5173\u8d44\u6e90\u7684\u96c6\u5408\u3002\u7f16\u6392\u670d\u52a1\u652f\u6301\u4e0e CloudFormation \u517c\u5bb9\u7684\u683c\u5f0f \uff08CFN\uff09\u3002","title":"A"},{"location":"security/security-guide/#b","text":"\u540e\u7aef \u5bf9\u7528\u6237\u8fdb\u884c\u6a21\u7cca\u5904\u7406\u7684\u4ea4\u4e92\u548c\u8fdb\u7a0b\uff0c\u4f8b\u5982\u8ba1\u7b97\u5377\u6302\u8f7d\u3001\u5b88\u62a4\u7a0b\u5e8f\u5411 iSCSI \u76ee\u6807\u4f20\u8f93\u6570\u636e\u6216\u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61\u5b8c\u6574\u6027\u68c0\u67e5\u3002 \u540e\u7aef\u76ee\u5f55 \u8eab\u4efd\u670d\u52a1\u76ee\u5f55\u670d\u52a1\u7528\u4e8e\u5b58\u50a8\u548c\u68c0\u7d22\u6709\u5173\u5ba2\u6237\u7aef\u53ef\u7528\u7684 API \u7aef\u70b9\u7684\u4fe1\u606f\u7684\u5b58\u50a8\u65b9\u6cd5\u3002\u793a\u4f8b\u5305\u62ec SQL \u6570\u636e\u5e93\u3001LDAP \u6570\u636e\u5e93\u6216 KVS \u540e\u7aef\u3002 \u540e\u7aef\u5b58\u50a8 \u7528\u4e8e\u4fdd\u5b58\u548c\u68c0\u7d22\u670d\u52a1\u4fe1\u606f\u7684\u6301\u4e45\u6027\u6570\u636e\u5b58\u50a8\uff0c\u4f8b\u5982\u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61\u5217\u8868\u3001\u5ba2\u6237\u673a\u865a\u62df\u673a\u7684\u5f53\u524d\u72b6\u6001\u3001\u7528\u6237\u540d\u5217\u8868\u7b49\u3002\u6b64\u5916\uff0c\u6620\u50cf\u670d\u52a1\u7528\u4e8e\u83b7\u53d6\u548c\u5b58\u50a8 VM \u6620\u50cf\u7684\u65b9\u6cd5\u3002\u9009\u9879\u5305\u62ec\u5bf9\u8c61\u5b58\u50a8\u3001\u672c\u5730\u6302\u8f7d\u7684\u6587\u4ef6\u7cfb\u7edf\u3001RADOS \u5757\u8bbe\u5907\u3001VMware \u6570\u636e\u5b58\u50a8\u548c HTTP\u3002 \u5907\u4efd\u3001\u6062\u590d\u548c\u707e\u96be\u6062\u590d\u670d\u52a1\uff08freezer\uff09 \u63d0\u4f9b\u7528\u4e8e\u5907\u4efd\u3001\u8fd8\u539f\u548c\u6062\u590d\u6587\u4ef6\u7cfb\u7edf\u3001\u5b9e\u4f8b\u6216\u6570\u636e\u5e93\u5907\u4efd\u7684\u96c6\u6210\u5de5\u5177\u7684\u9879\u76ee\u3002 \u5e26\u5bbd \u901a\u4fe1\u8d44\u6e90\uff08\u5982 Internet\uff09\u4f7f\u7528\u7684\u53ef\u7528\u6570\u636e\u91cf\u3002\u8868\u793a\u7528\u4e8e\u4e0b\u8f7d\u5185\u5bb9\u7684\u6570\u636e\u91cf\u6216\u53ef\u4f9b\u4e0b\u8f7d\u7684\u6570\u636e\u91cf\u3002 barbican Key Manager \u670d\u52a1\u7684\u4ee3\u53f7\u3002 \u88f8\u673a \u6620\u50cf\u670d\u52a1\u5bb9\u5668\u683c\u5f0f\uff0c\u6307\u793a VM \u6620\u50cf\u4e0d\u5b58\u5728\u5bb9\u5668\u3002 \u88f8\u673a\u670d\u52a1\uff08ironic\uff09 OpenStack \u670d\u52a1\uff0c\u5b83\u63d0\u4f9b\u670d\u52a1\u548c\u5173\u8054\u7684\u5e93\uff0c\u80fd\u591f\u4ee5\u5b89\u5168\u611f\u77e5\u548c\u5bb9\u9519\u7684\u65b9\u5f0f\u7ba1\u7406\u548c\u914d\u7f6e\u7269\u7406\u673a\u3002 \u57fa\u7840\u6620\u50cf OpenStack \u63d0\u4f9b\u7684\u6620\u50cf\u3002 Bell-LaPadula \u6a21\u578b \u4e00\u79cd\u5b89\u5168\u6a21\u578b\uff0c\u4fa7\u91cd\u4e8e\u6570\u636e\u673a\u5bc6\u6027\u548c\u5bf9\u673a\u5bc6\u4fe1\u606f\u7684\u53d7\u63a7\u8bbf\u95ee\u3002\u8be5\u6a21\u578b\u5c06\u5b9e\u4f53\u5206\u4e3a\u4e3b\u4f53\u548c\u5ba2\u4f53\u3002\u5c06\u4e3b\u4f53\u7684\u8bb8\u53ef\u4e0e\u4e3b\u4f53\u7684\u5206\u7c7b\u8fdb\u884c\u6bd4\u8f83\uff0c\u4ee5\u786e\u5b9a\u4e3b\u4f53\u662f\u5426\u88ab\u6388\u6743\u7528\u4e8e\u7279\u5b9a\u7684\u8bbf\u95ee\u6a21\u5f0f\u3002\u95f4\u9699\u6216\u5206\u7c7b\u65b9\u6848\u7528\u6676\u683c\u8868\u793a\u3002 \u57fa\u51c6\u670d\u52a1\uff08\u53cd\u5f39\uff09 OpenStack\u9879\u76ee\uff0c\u4e3a\u5355\u4e2aOpenStack\u7ec4\u4ef6\u7684\u6027\u80fd\u5206\u6790\u548c\u57fa\u51c6\u6d4b\u8bd5\u4ee5\u53ca\u5b8c\u6574\u7684\u751f\u4ea7OpenStack\u4e91\u90e8\u7f72\u63d0\u4f9b\u4e86\u4e00\u4e2a\u6846\u67b6\u3002 Bexar 2011 \u5e74 2 \u6708\u53d1\u5e03\u7684\u4e0e OpenStack \u76f8\u5173\u7684\u9879\u76ee\u7684\u5206\u7ec4\u7248\u672c\u3002\u5b83\u4ec5\u5305\u62ec\u8ba1\u7b97 \uff08nova\uff09 \u548c\u5bf9\u8c61\u5b58\u50a8 \uff08swift\uff09\u3002Bexar \u662f OpenStack \u7b2c\u4e8c\u4e2a\u7248\u672c\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u7f8e\u56fd\u5fb7\u514b\u8428\u65af\u5dde\u5723\u5b89\u4e1c\u5c3c\u5965\u4e3e\u884c\uff0c\u8fd9\u91cc\u662f\u8d1d\u514b\u8428\u5c14\u53bf\u7684\u53bf\u57ce\u3002 \u4e8c\u8fdb\u5236 \u4ec5\u7531 1 \u548c 0 \u7ec4\u6210\u7684\u4fe1\u606f\uff0c\u8fd9\u662f\u8ba1\u7b97\u673a\u7684\u8bed\u8a00\u3002 \u4f4d \u4f4d\u662f\u4ee5 2 \u4e3a\u57fa\u6570\u7684\u4e2a\u4f4d\u6570\uff080 \u6216 1\uff09\u3002\u5e26\u5bbd\u4f7f\u7528\u91cf\u4ee5\u6bcf\u79d2\u4f4d\u6570\u4e3a\u5355\u4f4d\u3002 \u6bcf\u79d2\u6bd4\u7279\u6570 \uff08BPS\uff09 \u901a\u7528\u6d4b\u91cf\u6570\u636e\u4ece\u4e00\u4e2a\u5730\u65b9\u4f20\u8f93\u5230\u53e6\u4e00\u4e2a\u5730\u65b9\u7684\u901f\u5ea6\u3002 \u5757\u8bbe\u5907 \u4e00\u79cd\u4ee5\u5757\u7684\u5f62\u5f0f\u79fb\u52a8\u6570\u636e\u7684\u8bbe\u5907\u3002\u8fd9\u4e9b\u8bbe\u5907\u8282\u70b9\u8fde\u63a5\u8bbe\u5907\uff0c\u4f8b\u5982\u786c\u76d8\u3001CD-ROM \u9a71\u52a8\u5668\u3001\u95ea\u5b58\u9a71\u52a8\u5668\u548c\u5176\u4ed6\u53ef\u5bfb\u5740\u5185\u5b58\u533a\u57df\u3002 \u533a\u5757\u8fc1\u79fb KVM \u4f7f\u7528\u7684\u4e00\u79cd\u865a\u62df\u673a\u5b9e\u65f6\u8fc1\u79fb\u65b9\u6cd5\uff0c\u7528\u4e8e\u5728\u7528\u6237\u542f\u52a8\u7684\u5207\u6362\u671f\u95f4\u5c06\u5b9e\u4f8b\u4ece\u4e00\u53f0\u4e3b\u673a\u64a4\u79bb\u5230\u53e6\u4e00\u53f0\u4e3b\u673a\uff0c\u505c\u673a\u65f6\u95f4\u975e\u5e38\u77ed\u3002\u4e0d\u9700\u8981\u5171\u4eab\u5b58\u50a8\u3002\u7531\u8ba1\u7b97\u652f\u6301\u3002 \u5757\u5b58\u50a8 API \u5355\u72ec\u7ec8\u7ed3\u70b9\u4e0a\u7684 API\uff0c\u7528\u4e8e\u4e3a\u8ba1\u7b97 VM \u9644\u52a0\u3001\u5206\u79bb\u548c\u521b\u5efa\u5757\u5b58\u50a8\u3002 \u5757\u5b58\u50a8\u670d\u52a1\uff08cinder\uff09 OpenStack \u670d\u52a1\uff0c\u5b83\u5b9e\u73b0\u4e86\u670d\u52a1\u548c\u5e93\uff0c\u901a\u8fc7\u5728\u5176\u4ed6\u5757\u5b58\u50a8\u8bbe\u5907\u4e4b\u4e0a\u7684\u62bd\u8c61\u548c\u81ea\u52a8\u5316\uff0c\u63d0\u4f9b\u5bf9\u5757\u5b58\u50a8\u8d44\u6e90\u7684\u6309\u9700\u81ea\u52a9\u8bbf\u95ee\u3002 BMC\uff08\u57fa\u677f\u7ba1\u7406\u63a7\u5236\u5668\uff09 IPMI\u67b6\u6784\u4e2d\u7684\u667a\u80fd\uff0c\u5b83\u662f\u4e00\u79cd\u4e13\u7528\u7684\u5fae\u63a7\u5236\u5668\uff0c\u5d4c\u5165\u5728\u8ba1\u7b97\u673a\u4e3b\u677f\u4e0a\u5e76\u5145\u5f53\u670d\u52a1\u5668\u3002\u7ba1\u7406\u7cfb\u7edf\u7ba1\u7406\u8f6f\u4ef6\u548c\u5e73\u53f0\u786c\u4ef6\u4e4b\u95f4\u7684\u63a5\u53e3\u3002 \u53ef\u542f\u52a8\u78c1\u76d8\u6620\u50cf \u4e00\u79cd VM \u6620\u50cf\u7c7b\u578b\uff0c\u4ee5\u5355\u4e2a\u53ef\u542f\u52a8\u6587\u4ef6\u7684\u5f62\u5f0f\u5b58\u5728\u3002 Bootstrap \u534f\u8bae \uff08BOOTP\uff09 \u7f51\u7edc\u5ba2\u6237\u7aef\u7528\u4e8e\u4ece\u914d\u7f6e\u670d\u52a1\u5668\u83b7\u53d6 IP \u5730\u5740\u7684\u7f51\u7edc\u534f\u8bae\u3002\u5728\u4f7f\u7528 FlatDHCP \u7ba1\u7406\u5668\u6216 VLAN \u7ba1\u7406\u5668\u7f51\u7edc\u7ba1\u7406\u5668\u65f6\uff0c\u901a\u8fc7 dnsmasq \u5b88\u62a4\u7a0b\u5e8f\u8fdb\u884c\u8ba1\u7b97\u4e2d\u63d0\u4f9b\u3002 \u8fb9\u754c\u7f51\u5173\u534f\u8bae \uff08BGP\uff09 \u8fb9\u754c\u7f51\u5173\u534f\u8bae\u662f\u4e00\u79cd\u8fde\u63a5\u81ea\u6cbb\u7cfb\u7edf\u7684\u52a8\u6001\u8def\u7531\u534f\u8bae\u3002\u8be5\u534f\u8bae\u88ab\u8ba4\u4e3a\u662f\u4e92\u8054\u7f51\u7684\u9aa8\u5e72\uff0c\u5c06\u4e0d\u540c\u7684\u7f51\u7edc\u8fde\u63a5\u8d77\u6765\uff0c\u5f62\u6210\u4e00\u4e2a\u66f4\u5927\u7684\u7f51\u7edc\u3002 \u6d4f\u89c8\u5668 \u4f7f\u8ba1\u7b97\u673a\u6216\u8bbe\u5907\u80fd\u591f\u8bbf\u95ee Internet \u7684\u4efb\u4f55\u5ba2\u6237\u7aef\u8f6f\u4ef6\u3002 \u6784\u5efa\u5668\u6587\u4ef6 \u5305\u542b\u5bf9\u8c61\u5b58\u50a8\u7528\u4e8e\u91cd\u65b0\u914d\u7f6e\u73af\u6216\u5728\u53d1\u751f\u4e25\u91cd\u6545\u969c\u540e\u4ece\u5934\u5f00\u59cb\u91cd\u65b0\u521b\u5efa\u73af\u7684\u914d\u7f6e\u4fe1\u606f\u3002 \u6269\u5c55 \u5728\u4e3b\u73af\u5883\u8d44\u6e90\u53d7\u9650\u65f6\uff0c\u5229\u7528\u8f85\u52a9\u73af\u5883\u6309\u9700\u5f39\u6027\u6784\u5efa\u5b9e\u4f8b\u7684\u505a\u6cd5\u3002 \u6309\u94ae\u7c7b \u5730\u5e73\u7ebf\u4e2d\u7684\u4e00\u7ec4\u76f8\u5173\u6309\u94ae\u7c7b\u578b\u3002\u7528\u4e8e\u542f\u52a8\u3001\u505c\u6b62\u548c\u6302\u8d77 VM \u7684\u6309\u94ae\u4f4d\u4e8e\u4e00\u4e2a\u7c7b\u4e2d\u3002\u7528\u4e8e\u5173\u8054\u548c\u53d6\u6d88\u5173\u8054\u6d6e\u52a8 IP \u5730\u5740\u7684\u6309\u94ae\u4f4d\u4e8e\u53e6\u4e00\u4e2a\u7c7b\u4e2d\uff0c\u4f9d\u6b64\u7c7b\u63a8\u3002 \u5b57\u8282 \u6784\u6210\u5355\u4e2a\u5b57\u7b26\u7684\u4f4d\u96c6;\u4e00\u4e2a\u5b57\u8282\u901a\u5e38\u6709 8 \u4f4d\u3002","title":"B"},{"location":"security/security-guide/#c","text":"\u7f13\u5b58\u4fee\u526a\u5668 \u5c06\u6620\u50cf\u670d\u52a1\u865a\u62df\u673a\u6620\u50cf\u7f13\u5b58\u4fdd\u6301\u5728\u6216\u4f4e\u4e8e\u5176\u914d\u7f6e\u7684\u6700\u5927\u5927\u5c0f\u7684\u7a0b\u5e8f\u3002 Cactus 2011 \u5e74\u6625\u5b63\u53d1\u5e03\u7684 OpenStack \u9879\u76ee\u5206\u7ec4\u7248\u672c\u3002\u5b83\u5305\u62ec\u8ba1\u7b97 \uff08nova\uff09\u3001\u5bf9\u8c61\u5b58\u50a8 \uff08swift\uff09 \u548c\u56fe\u50cf\u670d\u52a1 \uff08glance\uff09\u3002Cactus \u662f\u7f8e\u56fd\u5fb7\u514b\u8428\u65af\u5dde\u7684\u4e00\u4e2a\u57ce\u5e02\uff0c\u662f OpenStack \u7b2c\u4e09\u4e2a\u7248\u672c\u7684\u4ee3\u53f7\u3002\u5f53OpenStack\u7248\u672c\u4ece3\u4e2a\u6708\u5ef6\u957f\u52306\u4e2a\u6708\u65f6\uff0c\u8be5\u7248\u672c\u7684\u4ee3\u53f7\u53d1\u751f\u4e86\u53d8\u5316\uff0c\u4ee5\u5339\u914d\u6700\u63a5\u8fd1\u4e0a\u4e00\u6b21\u5cf0\u4f1a\u7684\u5730\u7406\u4f4d\u7f6e\u3002 \u8c03\u7528 OpenStack \u6d88\u606f\u961f\u5217\u8f6f\u4ef6\u4f7f\u7528\u7684 RPC \u539f\u8bed\u4e4b\u4e00\u3002\u53d1\u9001\u6d88\u606f\u5e76\u7b49\u5f85\u54cd\u5e94\u3002 \u80fd\u529b \u5b9a\u4e49\u5355\u5143\u7684\u8d44\u6e90\uff0c\u5305\u62ec CPU\u3001\u5b58\u50a8\u548c\u7f51\u7edc\u3002\u53ef\u4ee5\u5e94\u7528\u4e8e\u4e00\u4e2a\u5355\u5143\u6216\u6574\u4e2a\u5355\u5143\u5185\u7684\u7279\u5b9a\u670d\u52a1\u3002 \u5bb9\u91cf\u7f13\u5b58 \u8ba1\u7b97\u540e\u7aef\u6570\u636e\u5e93\u8868\uff0c\u5176\u4e2d\u5305\u542b\u5f53\u524d\u5de5\u4f5c\u8d1f\u8f7d\u3001\u53ef\u7528 RAM \u91cf\u4ee5\u53ca\u6bcf\u4e2a\u4e3b\u673a\u4e0a\u8fd0\u884c\u7684 VM \u6570\u3002\u7528\u4e8e\u786e\u5b9a VM \u5728\u54ea\u4e2a\u4e3b\u673a\u4e0a\u542f\u52a8\u3002 \u5bb9\u91cf\u66f4\u65b0\u7a0b\u5e8f \u76d1\u89c6 VM \u5b9e\u4f8b\u5e76\u6839\u636e\u9700\u8981\u66f4\u65b0\u5bb9\u91cf\u7f13\u5b58\u7684\u901a\u77e5\u9a71\u52a8\u7a0b\u5e8f\u3002 \u6295\u5c04 OpenStack \u6d88\u606f\u961f\u5217\u8f6f\u4ef6\u4f7f\u7528\u7684 RPC \u539f\u8bed\u4e4b\u4e00\u3002\u53d1\u9001\u6d88\u606f\uff0c\u4e0d\u7b49\u5f85\u54cd\u5e94\u3002 \u76ee\u5f55 \u7528\u6237\u5728\u4f7f\u7528 Identity \u670d\u52a1\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u540e\u53ef\u7528\u7684 API \u7aef\u70b9\u5217\u8868\u3002 \u76ee\u5f55\u670d\u52a1 \u4e00\u79cd\u8eab\u4efd\u670d\u52a1\uff0c\u5217\u51fa\u7528\u6237\u5728\u4f7f\u7528 Identity \u670d\u52a1\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u540e\u53ef\u7528\u7684 API \u7aef\u70b9\u3002 \u6d4b\u9ad8\u4eea OpenStack Telemetry \u670d\u52a1\u7684\u4e00\u90e8\u5206;\u6536\u96c6\u548c\u5b58\u50a8\u6765\u81ea\u5176\u4ed6 OpenStack \u670d\u52a1\u7684\u6307\u6807\u3002 \u5355\u5143\u683c \u5728\u5b50\u5173\u7cfb\u548c\u7236\u5173\u7cfb\u4e2d\u63d0\u4f9b\u8ba1\u7b97\u8d44\u6e90\u7684\u903b\u8f91\u5206\u533a\u3002\u5982\u679c\u7236\u5355\u5143\u65e0\u6cd5\u63d0\u4f9b\u8bf7\u6c42\u7684\u8d44\u6e90\uff0c\u5219\u8bf7\u6c42\u5c06\u4ece\u7236\u5355\u5143\u4f20\u9012\u5230\u5b50\u5355\u5143\u3002 \u5355\u5143\u683c\u8f6c\u53d1 \u4e00\u4e2a\u201c\u8ba1\u7b97\u201d\u9009\u9879\uff0c\u8be5\u9009\u9879\u4f7f\u7236\u5355\u5143\u80fd\u591f\u5728\u7236\u5355\u5143\u65e0\u6cd5\u63d0\u4f9b\u6240\u8bf7\u6c42\u7684\u8d44\u6e90\u65f6\u5c06\u8d44\u6e90\u8bf7\u6c42\u4f20\u9012\u7ed9\u5b50\u5355\u5143\u3002 \u5355\u5143\u683c\u7ba1\u7406\u5668 \u8ba1\u7b97\u7ec4\u4ef6\uff0c\u5176\u4e2d\u5305\u542b\u5355\u5143\u4e2d\u6bcf\u4e2a\u4e3b\u673a\u7684\u5f53\u524d\u529f\u80fd\u5217\u8868\uff0c\u5e76\u6839\u636e\u9700\u8981\u8def\u7531\u8bf7\u6c42\u3002 CentOS \u64cd\u4f5c\u7cfb\u7edf \u4e0e OpenStack \u517c\u5bb9\u7684 Linux \u53d1\u884c\u7248\u3002 Ceph \u51fd\u6570 \u53ef\u5927\u89c4\u6a21\u6269\u5c55\u7684\u5206\u5e03\u5f0f\u5b58\u50a8\u7cfb\u7edf\uff0c\u7531\u5bf9\u8c61\u5b58\u50a8\u3001\u5757\u5b58\u50a8\u548c\u517c\u5bb9 POSIX \u7684\u5206\u5e03\u5f0f\u6587\u4ef6\u7cfb\u7edf\u7ec4\u6210\u3002\u4e0eOpenStack\u517c\u5bb9\u3002 CephFS Ceph \u63d0\u4f9b\u7684\u7b26\u5408 POSIX \u6807\u51c6\u7684\u6587\u4ef6\u7cfb\u7edf\u3002 \u8bc1\u4e66\u9881\u53d1\u673a\u6784 \uff08CA\uff09 \u5728\u5bc6\u7801\u5b66\u4e2d\uff0c\u9881\u53d1\u6570\u5b57\u8bc1\u4e66\u7684\u5b9e\u4f53\u3002\u6570\u5b57\u8bc1\u4e66\u901a\u8fc7\u8bc1\u4e66\u7684\u6307\u5b9a\u4e3b\u4f53\u8bc1\u660e\u516c\u94a5\u7684\u6240\u6709\u6743\u3002\u8fd9\u4f7f\u5176\u4ed6\u4eba\uff08\u4f9d\u8d56\u65b9\uff09\u80fd\u591f\u4f9d\u8d56\u4e0e\u8ba4\u8bc1\u516c\u94a5\u76f8\u5bf9\u5e94\u7684\u79c1\u94a5\u6240\u505a\u7684\u7b7e\u540d\u6216\u65ad\u8a00\u3002\u5728\u8fd9\u79cd\u4fe1\u4efb\u5173\u7cfb\u6a21\u578b\u4e2d\uff0cCA \u662f\u8bc1\u4e66\u4e3b\u4f53\uff08\u6240\u6709\u8005\uff09\u548c\u4f9d\u8d56\u8bc1\u4e66\u7684\u4e00\u65b9\u7684\u53d7\u4fe1\u4efb\u7b2c\u4e09\u65b9\u3002CA \u662f\u8bb8\u591a\u516c\u94a5\u57fa\u7840\u7ed3\u6784 \uff08PKI\uff09 \u65b9\u6848\u7684\u7279\u5f81\u3002\u5728 OpenStack \u4e2d\uff0cCompute \u4e3a cloudpipe VPN \u548c VM \u6620\u50cf\u89e3\u5bc6\u63d0\u4f9b\u4e86\u4e00\u4e2a\u7b80\u5355\u7684\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u3002 \u6311\u6218\u63e1\u624b\u8eab\u4efd\u9a8c\u8bc1\u534f\u8bae \uff08CHAP\uff09 \u8ba1\u7b97\u652f\u6301\u7684 iSCSI \u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u3002 \u673a\u4f1a\u8c03\u5ea6\u5668 \u8ba1\u7b97\u4f7f\u7528\u7684\u4e00\u79cd\u8ba1\u5212\u65b9\u6cd5\uff0c\u7528\u4e8e\u4ece\u6c60\u4e2d\u968f\u673a\u9009\u62e9\u53ef\u7528\u4e3b\u673a\u3002 \u81ea\u4e0a\u6b21\u66f4\u6539\u4ee5\u6765 \u4e00\u4e2a\u8ba1\u7b97 API \u53c2\u6570\uff0c\u8be5\u53c2\u6570\u5141\u8bb8\u4e0b\u8f7d\u81ea\u4e0a\u6b21\u8bf7\u6c42\u4ee5\u6765\u5bf9\u6240\u8bf7\u6c42\u9879\u7684\u66f4\u6539\uff0c\u800c\u4e0d\u662f\u4e0b\u8f7d\u4e00\u7ec4\u65b0\u7684\u6570\u636e\u5e76\u5c06\u5176\u4e0e\u65e7\u6570\u636e\u8fdb\u884c\u6bd4\u8f83\u3002 Chef \u652f\u6301 OpenStack \u90e8\u7f72\u7684\u64cd\u4f5c\u7cfb\u7edf\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\u3002 \u5b50\u5355\u5143\u683c \u5982\u679c\u8bf7\u6c42\u7684\u8d44\u6e90\uff08\u5982 CPU \u65f6\u95f4\u3001\u78c1\u76d8\u5b58\u50a8\u6216\u5185\u5b58\uff09\u5728\u7236\u5355\u5143\u4e2d\u4e0d\u53ef\u7528\uff0c\u5219\u8be5\u8bf7\u6c42\u5c06\u8f6c\u53d1\u5230\u5176\u5173\u8054\u7684\u5b50\u5355\u5143\u3002\u5982\u679c\u5b50\u5355\u5143\u53ef\u4ee5\u6ee1\u8db3\u8bf7\u6c42\uff0c\u5219\u5b83\u786e\u5b9e\u53ef\u4ee5\u3002\u5426\u5219\uff0c\u5b83\u4f1a\u5c1d\u8bd5\u5c06\u8bf7\u6c42\u4f20\u9012\u7ed9\u5176\u4efb\u4f55\u5b50\u7ea7\u3002 cinder \u5757\u5b58\u50a8\u670d\u52a1\u7684\u4ee3\u53f7\u3002 CirrOS \u4e00\u4e2a\u6700\u5c0f\u7684 Linux \u53d1\u884c\u7248\uff0c\u8bbe\u8ba1\u7528\u4f5c\u4e91\uff08\u5982 OpenStack\uff09\u4e0a\u7684\u6d4b\u8bd5\u6620\u50cf\u3002 Cisco neutron \u63d2\u4ef6 \u9002\u7528\u4e8e Cisco \u8bbe\u5907\u548c\u6280\u672f\uff08\u5305\u62ec UCS \u548c Nexus\uff09\u7684\u7f51\u7edc\u63d2\u4ef6\u3002 \u4e91\u67b6\u6784\u5e08 \u8ba1\u5212\u3001\u8bbe\u8ba1\u548c\u76d1\u7763\u4e91\u521b\u5efa\u7684\u4eba\u3002 \u4e91\u5ba1\u8ba1\u6570\u636e\u8054\u90a6 \uff08CADF\uff09 Cloud Auditing Data Federation \uff08CADF\uff09 \u662f\u7528\u4e8e\u5ba1\u6838\u4e8b\u4ef6\u6570\u636e\u7684\u89c4\u8303\u3002CADF \u53d7 OpenStack Identity \u652f\u6301\u3002 \u4e91\u8ba1\u7b97 \u4e00\u79cd\u6a21\u578b\uff0c\u652f\u6301\u8bbf\u95ee\u53ef\u914d\u7f6e\u8ba1\u7b97\u8d44\u6e90\uff08\u5982\u7f51\u7edc\u3001\u670d\u52a1\u5668\u3001\u5b58\u50a8\u3001\u5e94\u7528\u7a0b\u5e8f\u548c\u670d\u52a1\uff09\u7684\u5171\u4eab\u6c60\uff0c\u8fd9\u4e9b\u8d44\u6e90\u53ef\u4ee5\u5feb\u901f\u914d\u7f6e\u548c\u53d1\u5e03\uff0c\u53ea\u9700\u6700\u5c11\u7684\u7ba1\u7406\u5de5\u4f5c\u6216\u670d\u52a1\u63d0\u4f9b\u5546\u4ea4\u4e92\u3002 \u4e91\u8ba1\u7b97\u57fa\u7840\u8bbe\u65bd \u652f\u6301\u4e91\u8ba1\u7b97\u6a21\u578b\u7684\u8ba1\u7b97\u8981\u6c42\u6240\u9700\u7684\u786c\u4ef6\u548c\u8f6f\u4ef6\u7ec4\u4ef6\uff0c\u4f8b\u5982\u670d\u52a1\u5668\u3001\u5b58\u50a8\u3001\u7f51\u7edc\u548c\u865a\u62df\u5316\u8f6f\u4ef6\u3002 \u4e91\u8ba1\u7b97\u5e73\u53f0\u8f6f\u4ef6 \u901a\u8fc7\u4e92\u8054\u7f51\u63d0\u4f9b\u4e0d\u540c\u7684\u670d\u52a1\u3002\u8fd9\u4e9b\u8d44\u6e90\u5305\u62ec\u6570\u636e\u5b58\u50a8\u3001\u670d\u52a1\u5668\u3001\u6570\u636e\u5e93\u3001\u7f51\u7edc\u548c\u8f6f\u4ef6\u7b49\u5de5\u5177\u548c\u5e94\u7528\u7a0b\u5e8f\u3002\u53ea\u8981\u7535\u5b50\u8bbe\u5907\u53ef\u4ee5\u8bbf\u95ee\u7f51\u7edc\uff0c\u5b83\u5c31\u53ef\u4ee5\u8bbf\u95ee\u6570\u636e\u548c\u8fd0\u884c\u5b83\u7684\u8f6f\u4ef6\u7a0b\u5e8f\u3002 \u4e91\u8ba1\u7b97\u670d\u52a1\u67b6\u6784 \u4e91\u670d\u52a1\u4f53\u7cfb\u7ed3\u6784\u5b9a\u4e49\u4e86\u5728\u4f01\u4e1a\u4e1a\u52a1\u7f51\u7edc\u8fb9\u754c\u5185\u548c\u8de8\u4f01\u4e1a\u4e1a\u52a1\u7f51\u7edc\u8fb9\u754c\u5b9e\u65bd\u7684\u6574\u4f53\u4e91\u8ba1\u7b97\u670d\u52a1\u548c\u89e3\u51b3\u65b9\u6848\u3002\u8003\u8651\u6838\u5fc3\u4e1a\u52a1\u9700\u6c42\uff0c\u5e76\u5c06\u5176\u4e0e\u53ef\u80fd\u7684\u4e91\u89e3\u51b3\u65b9\u6848\u76f8\u5339\u914d\u3002 \u4e91\u63a7\u5236\u5668 \u8868\u793a\u4e91\u5168\u5c40\u72b6\u6001\u7684\u8ba1\u7b97\u7ec4\u4ef6\u7684\u96c6\u5408;\u901a\u8fc7\u961f\u5217\u4e0e\u670d\u52a1\uff08\u4f8b\u5982\u8eab\u4efd\u8ba4\u8bc1\u3001\u5bf9\u8c61\u5b58\u50a8\u548c\u8282\u70b9/\u5b58\u50a8\u5de5\u4f5c\u7ebf\u7a0b\uff09\u8fdb\u884c\u901a\u4fe1\u3002 \u4e91\u63a7\u5236\u5668\u8282\u70b9 \u8fd0\u884c\u7f51\u7edc\u3001\u5377\u3001API\u3001\u8c03\u5ea6\u7a0b\u5e8f\u548c\u6620\u50cf\u670d\u52a1\u7684\u8282\u70b9\u3002\u6bcf\u4e2a\u670d\u52a1\u90fd\u53ef\u4ee5\u5206\u89e3\u4e3a\u5355\u72ec\u7684\u8282\u70b9\uff0c\u4ee5\u5b9e\u73b0\u53ef\u4f38\u7f29\u6027\u6216\u53ef\u7528\u6027\u3002 \u4e91\u6570\u636e\u7ba1\u7406\u63a5\u53e3\uff08CDMI\uff09 SINA\u6807\u51c6\u5b9a\u4e49\u4e86\u4e00\u4e2aRESTful API\uff0c\u7528\u4e8e\u7ba1\u7406\u4e91\u4e2d\u7684\u5bf9\u8c61\uff0c\u76ee\u524d\u5728OpenStack\u4e2d\u4e0d\u53d7\u652f\u6301\u3002 \u4e91\u57fa\u7840\u8bbe\u65bd\u7ba1\u7406\u63a5\u53e3\uff08CIMI\uff09 \u6b63\u5728\u8fdb\u884c\u7684\u4e91\u7ba1\u7406\u89c4\u8303\u3002\u76ee\u524d\u5728 OpenStack \u4e2d\u4e0d\u53d7\u652f\u6301\u3002 \u4e91\u6280\u672f \u4e91\u662f\u7531\u7ba1\u7406\u548c\u81ea\u52a8\u5316\u8f6f\u4ef6\u7f16\u6392\u7684\u865a\u62df\u6e90\u5de5\u5177\u3002\u8fd9\u5305\u62ec\u539f\u59cb\u5904\u7406\u80fd\u529b\u3001\u5185\u5b58\u3001\u7f51\u7edc\u3001\u57fa\u4e8e\u4e91\u7684\u5e94\u7528\u7a0b\u5e8f\u7684\u5b58\u50a8\u3002 cloud-init \u51fd\u6570 \u901a\u5e38\u5b89\u88c5\u5728 VM \u6620\u50cf\u4e2d\u7684\u5305\uff0c\u7528\u4e8e\u5728\u542f\u52a8\u540e\u4f7f\u7528\u4ece\u5143\u6570\u636e\u670d\u52a1\u68c0\u7d22\u5230\u7684\u4fe1\u606f\uff08\u5982 SSH \u516c\u94a5\u548c\u7528\u6237\u6570\u636e\uff09\u6267\u884c\u5b9e\u4f8b\u7684\u521d\u59cb\u5316\u3002 cloudadmin \u8ba1\u7b97 RBAC \u7cfb\u7edf\u4e2d\u7684\u9ed8\u8ba4\u89d2\u8272\u4e4b\u4e00\u3002\u6388\u4e88\u5b8c\u6574\u7684\u7cfb\u7edf\u8bbf\u95ee\u6743\u9650\u3002 Cloudbase-\u521d\u59cb\u5316 \u63d0\u4f9b\u6765\u5bbe\u521d\u59cb\u5316\u529f\u80fd\u7684 Windows \u9879\u76ee\uff0c\u7c7b\u4f3c\u4e8e cloud-init\u3002 cloudpipe \u4e00\u79cd\u57fa\u4e8e\u6bcf\u4e2a\u9879\u76ee\u521b\u5efa VPN \u7684\u8ba1\u7b97\u670d\u52a1\u3002 CloudPipe \u955c\u50cf \u4f5c\u4e3a cloudpipe \u670d\u52a1\u5668\u7684\u9884\u5236 VM \u955c\u50cf\u3002\u4ece\u672c\u8d28\u4e0a\u8bb2\uff0cOpenVPN\u8fd0\u884c\u5728Linux\u4e0a\u3002 \u96c6\u7fa4\u670d\u52a1\uff08senlin\uff09 \u5b9e\u73b0\u96c6\u7fa4\u670d\u52a1\u548c\u5e93\u7684\u9879\u76ee\uff0c\u7528\u4e8e\u7ba1\u7406\u7531\u5176\u4ed6 OpenStack \u670d\u52a1\u516c\u5f00\u7684\u540c\u6784\u5bf9\u8c61\u7ec4\u3002 \u547d\u4ee4\u8fc7\u6ee4\u5668 \u5217\u51fa\u8ba1\u7b97 rootwrap \u5de5\u5177\u4e2d\u5141\u8bb8\u7684\u547d\u4ee4\u3002 \u547d\u4ee4\u884c\u754c\u9762 \uff08CLI\uff09 \u4e00\u4e2a\u57fa\u4e8e\u6587\u672c\u7684\u5ba2\u6237\u7aef\uff0c\u53ef\u5e2e\u52a9\u60a8\u521b\u5efa\u811a\u672c\u4ee5\u4e0e OpenStack \u4e91\u8fdb\u884c\u4ea4\u4e92\u3002 \u901a\u7528 Internet \u6587\u4ef6\u7cfb\u7edf \uff08CIFS\uff09 \u6587\u4ef6\u5171\u4eab\u534f\u8bae\u3002\u5b83\u662f Microsoft \u5f00\u53d1\u548c\u4f7f\u7528\u7684\u539f\u59cb\u670d\u52a1\u5668\u6d88\u606f\u5757 \uff08SMB\uff09 \u534f\u8bae\u7684\u516c\u5171\u6216\u5f00\u653e\u53d8\u4f53\u3002\u4e0e SMB \u534f\u8bae\u4e00\u6837\uff0c CIFS \u5728\u66f4\u9ad8\u7ea7\u522b\u8fd0\u884c\u5e76\u4f7f\u7528 TCP/IP \u534f\u8bae\u3002 \u516c\u5171\u5e93 \uff08oslo\uff09 \u751f\u6210\u4e00\u7ec4 python \u5e93\u7684\u9879\u76ee\uff0c\u5176\u4e2d\u5305\u542b OpenStack \u9879\u76ee\u5171\u4eab\u7684\u4ee3\u7801\u3002\u8fd9\u4e9b\u5e93\u63d0\u4f9b\u7684 API \u5e94\u8be5\u662f\u9ad8\u8d28\u91cf\u3001\u7a33\u5b9a\u3001\u4e00\u81f4\u3001\u6709\u6587\u6863\u8bb0\u5f55\u7684\u548c\u666e\u904d\u9002\u7528\u7684\u3002 \u793e\u533a\u9879\u76ee \u4e00\u4e2a\u6ca1\u6709\u5f97\u5230OpenStack\u6280\u672f\u59d4\u5458\u4f1a\u6b63\u5f0f\u8ba4\u53ef\u7684\u9879\u76ee\u3002\u5982\u679c\u9879\u76ee\u8db3\u591f\u6210\u529f\uff0c\u5b83\u53ef\u80fd\u4f1a\u88ab\u63d0\u5347\u4e3a\u5b75\u5316\u9879\u76ee\uff0c\u7136\u540e\u88ab\u63d0\u5347\u4e3a\u6838\u5fc3\u9879\u76ee\uff0c\u6216\u8005\u5b83\u53ef\u80fd\u4e0e\u4e3b\u4ee3\u7801\u4e3b\u5e72\u5408\u5e76\u3002 \u538b\u7f29 \u901a\u8fc7\u7279\u6b8a\u7f16\u7801\u51cf\u5c0f\u6587\u4ef6\u5927\u5c0f\uff0c\u6587\u4ef6\u53ef\u4ee5\u518d\u6b21\u89e3\u538b\u7f29\u4e3a\u539f\u59cb\u5185\u5bb9\u3002OpenStack \u652f\u6301 Linux \u6587\u4ef6\u7cfb\u7edf\u7ea7\u522b\u7684\u538b\u7f29\uff0c\u4f46\u4e0d\u652f\u6301\u5bf9\u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61\u6216\u955c\u50cf\u670d\u52a1\u865a\u62df\u673a\u6620\u50cf\u7b49\u5185\u5bb9\u8fdb\u884c\u538b\u7f29\u3002 \u8ba1\u7b97 API \uff08nova API\uff09 nova-api \u5b88\u62a4\u7a0b\u5e8f\u63d0\u4f9b\u5bf9 nova \u670d\u52a1\u7684\u8bbf\u95ee\u3002\u53ef\u4ee5\u4e0e\u5176\u4ed6 API \u901a\u4fe1\uff0c\u4f8b\u5982 Amazon EC2 API\u3002 \u8ba1\u7b97\u63a7\u5236\u5668 \u8ba1\u7b97\u7ec4\u4ef6\uff0c\u7528\u4e8e\u9009\u62e9\u8981\u5728\u5176\u4e0a\u542f\u52a8 VM \u5b9e\u4f8b\u7684\u5408\u9002\u4e3b\u673a\u3002 \u8ba1\u7b97\u4e3b\u673a \u4e13\u7528\u4e8e\u8fd0\u884c\u8ba1\u7b97\u8282\u70b9\u7684\u7269\u7406\u4e3b\u673a\u3002 \u8ba1\u7b97\u8282\u70b9 \u8fd0\u884c nova-compute \u5b88\u62a4\u7a0b\u5e8f\u7684\u8282\u70b9\uff0c\u8be5\u5b88\u62a4\u7a0b\u5e8f\u7ba1\u7406\u63d0\u4f9b\u5404\u79cd\u670d\u52a1\uff08\u5982 Web \u5e94\u7528\u7a0b\u5e8f\u548c\u5206\u6790\uff09\u7684 VM \u5b9e\u4f8b\u3002 \u8ba1\u7b97\u670d\u52a1 \uff08nova\uff09 OpenStack \u6838\u5fc3\u9879\u76ee\uff0c\u7528\u4e8e\u5b9e\u73b0\u670d\u52a1\u548c\u76f8\u5173\u5e93\uff0c\u4ee5\u63d0\u4f9b\u5bf9\u8ba1\u7b97\u8d44\u6e90\uff08\u5305\u62ec\u88f8\u673a\u3001\u865a\u62df\u673a\u548c\u5bb9\u5668\uff09\u7684\u5927\u89c4\u6a21\u53ef\u6269\u5c55\u3001\u6309\u9700\u3001\u81ea\u52a9\u8bbf\u95ee\u3002 \u8ba1\u7b97\u5de5\u4f5c\u8fdb\u7a0b \u5728\u6bcf\u4e2a\u8ba1\u7b97\u8282\u70b9\u4e0a\u8fd0\u884c\u5e76\u7ba1\u7406 VM \u5b9e\u4f8b\u751f\u547d\u5468\u671f\u7684\u8ba1\u7b97\u7ec4\u4ef6\uff0c\u5305\u62ec\u8fd0\u884c\u3001\u91cd\u65b0\u542f\u52a8\u3001\u7ec8\u6b62\u3001\u9644\u52a0/\u5206\u79bb\u5377\u7b49\u3002\u7531 nova-compute \u5b88\u62a4\u7a0b\u5e8f\u63d0\u4f9b\u3002 \u4e32\u8054\u5bf9\u8c61 \u5bf9\u8c61\u5b58\u50a8\u7ec4\u5408\u5e76\u53d1\u9001\u5230\u5ba2\u6237\u7aef\u7684\u4e00\u7ec4\u5206\u6bb5\u5bf9\u8c61\u3002 \u5bfc\u4f53 \u5728\u8ba1\u7b97\u4e2d\uff0cconductor \u662f\u4ee3\u7406\u6765\u81ea\u8ba1\u7b97\u8fdb\u7a0b\u7684\u6570\u636e\u5e93\u8bf7\u6c42\u7684\u8fdb\u7a0b\u3002\u4f7f\u7528 conductor \u53ef\u4ee5\u63d0\u9ad8\u5b89\u5168\u6027\uff0c\u56e0\u4e3a\u8ba1\u7b97\u8282\u70b9\u4e0d\u9700\u8981\u76f4\u63a5\u8bbf\u95ee\u6570\u636e\u5e93\u3002 congress \u6cbb\u7406\u670d\u52a1\u7684\u4ee3\u7801\u540d\u79f0\u3002 \u4e00\u81f4\u6027\u7a97\u53e3 \u6240\u6709\u5ba2\u6237\u7aef\u90fd\u53ef\u4ee5\u8bbf\u95ee\u65b0\u7684\u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61\u6240\u9700\u7684\u65f6\u95f4\u3002 \u63a7\u5236\u53f0\u65e5\u5fd7 \u5305\u542b\u8ba1\u7b97\u4e2d Linux VM \u63a7\u5236\u53f0\u7684\u8f93\u51fa\u3002 \u5bb9\u5668 \u5728\u5bf9\u8c61\u5b58\u50a8\u4e2d\u7ec4\u7ec7\u548c\u5b58\u50a8\u5bf9\u8c61\u3002\u7c7b\u4f3c\u4e8e Linux \u76ee\u5f55\u7684\u6982\u5ff5\uff0c\u4f46\u4e0d\u80fd\u5d4c\u5957\u3002\u5f71\u50cf\u670d\u52a1\u5bb9\u5668\u683c\u5f0f\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u5bb9\u5668\u5ba1\u6838\u5458 \u901a\u8fc7\u5bf9 SQLite \u540e\u7aef\u6570\u636e\u5e93\u7684\u67e5\u8be2\uff0c\u68c0\u67e5\u6307\u5b9a\u5bf9\u8c61\u5b58\u50a8\u5bb9\u5668\u4e2d\u7f3a\u5c11\u526f\u672c\u6216\u4e0d\u6b63\u786e\u7684\u5bf9\u8c61\u3002 \u5bb9\u5668\u6570\u636e\u5e93 \u5b58\u50a8\u5bf9\u8c61\u5b58\u50a8\u5bb9\u5668\u548c\u5bb9\u5668\u5143\u6570\u636e\u7684 SQLite \u6570\u636e\u5e93\u3002\u5bb9\u5668\u670d\u52a1\u5668\u8bbf\u95ee\u6b64\u6570\u636e\u5e93\u3002 \u5bb9\u5668\u683c\u5f0f \u6620\u50cf\u670d\u52a1\u4f7f\u7528\u7684\u5305\u88c5\u5668\uff0c\u5176\u4e2d\u5305\u542b VM \u6620\u50cf\u53ca\u5176\u5173\u8054\u7684\u5143\u6570\u636e\uff0c\u4f8b\u5982\u8ba1\u7b97\u673a\u72b6\u6001\u3001OS \u78c1\u76d8\u5927\u5c0f\u7b49\u3002 \u5bb9\u5668\u57fa\u7840\u8bbe\u65bd\u7ba1\u7406\u670d\u52a1\uff08magnum\uff09 \u8be5\u9879\u76ee\u63d0\u4f9b\u4e00\u7ec4\u7528\u4e8e\u9884\u914d\u3001\u6269\u5c55\u548c\u7ba1\u7406\u5bb9\u5668\u7f16\u6392\u5f15\u64ce\u7684\u670d\u52a1\u3002 \u5bb9\u5668\u670d\u52a1\u5668 \u7ba1\u7406\u5bb9\u5668\u7684\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5668\u3002 \u5bb9\u5668\u670d\u52a1 \u63d0\u4f9b\u521b\u5efa\u3001\u5220\u9664\u3001\u5217\u8868\u7b49\u5bb9\u5668\u670d\u52a1\u7684\u5bf9\u8c61\u5b58\u50a8\u7ec4\u4ef6\u3002 \u5185\u5bb9\u5206\u53d1\u7f51\u7edc \uff08CDN\uff09 \u5185\u5bb9\u5206\u53d1\u7f51\u7edc\u662f\u7528\u4e8e\u5c06\u5185\u5bb9\u5206\u53d1\u5230\u5ba2\u6237\u7aef\u7684\u4e13\u7528\u7f51\u7edc\uff0c\u901a\u5e38\u4f4d\u4e8e\u5ba2\u6237\u7aef\u9644\u8fd1\u4ee5\u63d0\u9ad8\u6027\u80fd\u3002 \u6301\u7eed\u4ea4\u4ed8 \u4e00\u79cd\u8f6f\u4ef6\u5de5\u7a0b\u65b9\u6cd5\uff0c\u56e2\u961f\u5728\u77ed\u5468\u671f\u5185\u751f\u4ea7\u8f6f\u4ef6\uff0c\u786e\u4fdd\u8f6f\u4ef6\u53ef\u4ee5\u968f\u65f6\u53ef\u9760\u5730\u53d1\u5e03\uff0c\u5e76\u4e14\u5728\u53d1\u5e03\u8f6f\u4ef6\u65f6\u624b\u52a8\u53d1\u5e03\u3002 \u6301\u7eed\u90e8\u7f72 \u4e00\u79cd\u8f6f\u4ef6\u53d1\u5e03\u8fc7\u7a0b\uff0c\u8be5\u8fc7\u7a0b\u4f7f\u7528\u81ea\u52a8\u5316\u6d4b\u8bd5\u6765\u9a8c\u8bc1\u5bf9\u4ee3\u7801\u5e93\u7684\u66f4\u6539\u662f\u5426\u6b63\u786e\u4e14\u7a33\u5b9a\uff0c\u4ee5\u4fbf\u7acb\u5373\u81ea\u4e3b\u90e8\u7f72\u5230\u751f\u4ea7\u73af\u5883\u3002 \u6301\u7eed\u96c6\u6210 \u6bcf\u5929\u591a\u6b21\u5c06\u6240\u6709\u5f00\u53d1\u4eba\u5458\u7684\u5de5\u4f5c\u526f\u672c\u5408\u5e76\u5230\u5171\u4eab\u4e3b\u7ebf\u7684\u505a\u6cd5\u3002 \u63a7\u5236\u5668\u8282\u70b9 \u4e91\u63a7\u5236\u5668\u8282\u70b9\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u6838\u5fc3 API \u6839\u636e\u4e0a\u4e0b\u6587\uff0c\u6838\u5fc3 API \u53ef\u4ee5\u662f OpenStack API \u6216\u7279\u5b9a\u6838\u5fc3\u9879\u76ee\u7684\u4e3b API\uff0c\u4f8b\u5982\u8ba1\u7b97\u3001\u7f51\u7edc\u3001\u6620\u50cf\u670d\u52a1\u7b49\u3002 \u6838\u5fc3\u670d\u52a1 \u7531 Interop \u5de5\u4f5c\u7ec4\u5b9a\u4e49\u4e3a\u6838\u5fc3\u7684\u5b98\u65b9 OpenStack \u670d\u52a1\u3002\u76ee\u524d\u7531\u5757\u5b58\u50a8\u670d\u52a1\uff08cinder\uff09\u3001\u8ba1\u7b97\u670d\u52a1\uff08nova\uff09\u3001\u8eab\u4efd\u670d\u52a1\uff08keystone\uff09\u3001\u955c\u50cf\u670d\u52a1\uff08glance\uff09\u3001\u7f51\u7edc\u670d\u52a1\uff08neutron\uff09\u548c\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff08swift\uff09\u7ec4\u6210\u3002 \u6210\u672c \u5728\u8ba1\u7b97\u5206\u5e03\u5f0f\u8ba1\u5212\u7a0b\u5e8f\u4e0b\uff0c\u8fd9\u662f\u901a\u8fc7\u67e5\u770b\u6bcf\u4e2a\u4e3b\u673a\u76f8\u5bf9\u4e8e\u6240\u8bf7\u6c42\u7684 VM \u5b9e\u4f8b\u7684\u98ce\u683c\u7684\u529f\u80fd\u6765\u8ba1\u7b97\u7684\u3002 \u51ed\u8bc1 \u53ea\u6709\u7528\u6237\u77e5\u9053\u6216\u53ef\u8bbf\u95ee\u7684\u6570\u636e\uff0c\u7528\u4e8e\u9a8c\u8bc1\u7528\u6237\u662f\u5426\u662f\u4ed6\u6240\u8bf4\u7684\u4eba\u3002\u5728\u8eab\u4efd\u9a8c\u8bc1\u671f\u95f4\uff0c\u5c06\u51ed\u636e\u63d0\u4f9b\u7ed9\u670d\u52a1\u5668\u3002\u793a\u4f8b\u5305\u62ec\u5bc6\u7801\u3001\u5bc6\u94a5\u3001\u6570\u5b57\u8bc1\u4e66\u548c\u6307\u7eb9\u3002 CRL \u51fd\u6570 PKI \u6a21\u578b\u4e2d\u7684\u8bc1\u4e66\u540a\u9500\u5217\u8868 \uff08CRL\uff09 \u662f\u5df2\u540a\u9500\u7684\u8bc1\u4e66\u5217\u8868\u3002\u4e0d\u5e94\u4fe1\u4efb\u63d0\u4f9b\u8fd9\u4e9b\u8bc1\u4e66\u7684\u6700\u7ec8\u5b9e\u4f53\u3002 \u8de8\u57df\u8d44\u6e90\u5171\u4eab \uff08CORS\uff09 \u4e00\u79cd\u673a\u5236\uff0c\u5141\u8bb8\u4ece\u8d44\u6e90\u6765\u6e90\u57df\u4e4b\u5916\u7684\u53e6\u4e00\u4e2a\u57df\u8bf7\u6c42\u7f51\u9875\u4e0a\u7684\u8bb8\u591a\u8d44\u6e90\uff08\u4f8b\u5982\uff0c\u5b57\u4f53\u3001JavaScript\uff09\u3002\u7279\u522b\u662f\uff0cJavaScript \u7684 AJAX \u8c03\u7528\u53ef\u4ee5\u4f7f\u7528 XMLHttpRequest \u673a\u5236\u3002 Crowbar SUSE \u7684\u5f00\u6e90\u793e\u533a\u9879\u76ee\uff0c\u65e8\u5728\u63d0\u4f9b\u6240\u6709\u5fc5\u8981\u7684\u670d\u52a1\uff0c\u4ee5\u5feb\u901f\u90e8\u7f72\u548c\u7ba1\u7406\u4e91\u3002 \u5f53\u524d\u5de5\u4f5c\u8d1f\u8f7d \u8ba1\u7b97\u5bb9\u91cf\u7f13\u5b58\u7684\u4e00\u4e2a\u5143\u7d20\uff0c\u6839\u636e\u7ed9\u5b9a\u4e3b\u673a\u4e0a\u5f53\u524d\u6b63\u5728\u8fdb\u884c\u7684\u751f\u6210\u3001\u5feb\u7167\u3001\u8fc1\u79fb\u548c\u8c03\u6574\u5927\u5c0f\u64cd\u4f5c\u7684\u6570\u91cf\u8fdb\u884c\u8ba1\u7b97\u3002 \u5ba2\u6237 \u9879\u76ee\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u81ea\u5b9a\u4e49\u6a21\u5757 \u7528\u6237\u521b\u5efa\u7684 Python \u6a21\u5757\uff0c\u7531 horizon \u52a0\u8f7d\uff0c\u7528\u4e8e\u66f4\u6539\u4eea\u8868\u677f\u7684\u5916\u89c2\u3002","title":"C"},{"location":"security/security-guide/#d","text":"\u5b88\u62a4\u8fdb\u7a0b \u5728\u540e\u53f0\u8fd0\u884c\u5e76\u7b49\u5f85\u8bf7\u6c42\u7684\u8fdb\u7a0b\u3002\u53ef\u80fd\u4fa6\u542c\u4e5f\u53ef\u80fd\u4e0d\u4fa6\u542c TCP \u6216 UDP \u7aef\u53e3\u3002\u4e0d\u8981\u4e0e\u5de5\u4eba\u6df7\u6dc6\u3002 \u4eea\u8868\u677f\uff08horizon\uff09 OpenStack \u9879\u76ee\uff0c\u4e3a\u6240\u6709 OpenStack \u670d\u52a1\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u3001\u7edf\u4e00\u7684\u3001\u57fa\u4e8e Web \u7684\u7528\u6237\u754c\u9762\u3002 \u6570\u636e\u52a0\u5bc6 \u955c\u50cf\u670d\u52a1\u548c\u8ba1\u7b97\u90fd\u652f\u6301\u52a0\u5bc6\u7684\u865a\u62df\u673a \uff08VM\uff09 \u955c\u50cf\uff08\u4f46\u4e0d\u652f\u6301\u5b9e\u4f8b\uff09\u3002OpenStack \u652f\u6301\u4f7f\u7528 HTTPS\u3001SSL\u3001TLS \u548c SSH \u7b49\u6280\u672f\u8fdb\u884c\u4f20\u8f93\u4e2d\u6570\u636e\u52a0\u5bc6\u3002\u5bf9\u8c61\u5b58\u50a8\u4e0d\u652f\u6301\u5e94\u7528\u7a0b\u5e8f\u7ea7\u522b\u7684\u5bf9\u8c61\u52a0\u5bc6\uff0c\u4f46\u53ef\u80fd\u652f\u6301\u4f7f\u7528\u78c1\u76d8\u52a0\u5bc6\u7684\u5b58\u50a8\u3002 \u6570\u636e\u4e22\u5931\u9632\u62a4\uff08DLP\uff09 \u8f6f\u4ef6 \u7528\u4e8e\u4fdd\u62a4\u654f\u611f\u4fe1\u606f\u5e76\u901a\u8fc7\u68c0\u6d4b\u548c\u62d2\u7edd\u6570\u636e\u4f20\u8f93\u6765\u9632\u6b62\u5176\u6cc4\u6f0f\u5230\u7f51\u7edc\u8fb9\u754c\u4e4b\u5916\u7684\u8f6f\u4ef6\u7a0b\u5e8f\u3002 \u6570\u636e\u5904\u7406\u670d\u52a1\uff08sahara\uff09 OpenStack \u9879\u76ee\uff0c\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u6570\u636e\u5904\u7406\u5806\u6808\u548c\u5173\u8054\u7684\u7ba1\u7406\u63a5\u53e3\u3002 \u6570\u636e\u5b58\u50a8 \u6570\u636e\u5e93\u670d\u52a1\u652f\u6301\u7684\u6570\u636e\u5e93\u5f15\u64ce\u3002 \u6570\u636e\u5e93 ID \u4e3a\u5bf9\u8c61\u5b58\u50a8\u6570\u636e\u5e93\u7684\u6bcf\u4e2a\u526f\u672c\u6307\u5b9a\u7684\u552f\u4e00 ID\u3002 \u6570\u636e\u5e93\u590d\u5236\u5668 \u4e00\u4e2a\u5bf9\u8c61\u5b58\u50a8\u7ec4\u4ef6\uff0c\u7528\u4e8e\u5c06\u5e10\u6237\u3001\u5bb9\u5668\u548c\u5bf9\u8c61\u6570\u636e\u5e93\u4e2d\u7684\u66f4\u6539\u590d\u5236\u5230\u5176\u4ed6\u8282\u70b9\u3002 \u6570\u636e\u5e93\u670d\u52a1\uff08trove\uff09 \u4e00\u4e2a\u96c6\u6210\u9879\u76ee\uff0c\u4e3a\u5173\u7cfb\u548c\u975e\u5173\u7cfb\u6570\u636e\u5e93\u5f15\u64ce\u63d0\u4f9b\u53ef\u6269\u5c55\u4e14\u53ef\u9760\u7684\u4e91\u6570\u636e\u5e93\u5373\u670d\u52a1\u529f\u80fd\u3002 \u89e3\u9664\u5206\u914d \u5220\u9664\u6d6e\u52a8 IP \u5730\u5740\u548c\u56fa\u5b9a IP \u5730\u5740\u4e4b\u95f4\u7684\u5173\u8054\u7684\u8fc7\u7a0b\u3002\u5220\u9664\u6b64\u5173\u8054\u540e\uff0c\u6d6e\u52a8 IP \u5c06\u8fd4\u56de\u5230\u5730\u5740\u6c60\u3002 Debian \u4e0e OpenStack \u517c\u5bb9\u7684 Linux \u53d1\u884c\u7248\u3002 \u91cd\u590d\u6570\u636e\u5220\u9664 \u5728\u78c1\u76d8\u5757\u3001\u6587\u4ef6\u548c/\u6216\u5bf9\u8c61\u7ea7\u522b\u67e5\u627e\u91cd\u590d\u6570\u636e\u4ee5\u6700\u5927\u7a0b\u5ea6\u5730\u51cf\u5c11\u5b58\u50a8\u4f7f\u7528\u7684\u8fc7\u7a0b - \u76ee\u524d\u5728 OpenStack \u4e2d\u4e0d\u53d7\u652f\u6301\u3002 \u9ed8\u8ba4\u9762\u677f \u7528\u6237\u8bbf\u95ee\u4eea\u8868\u677f\u65f6\u663e\u793a\u7684\u9ed8\u8ba4\u9762\u677f\u3002 \u9ed8\u8ba4\u9879\u76ee \u5982\u679c\u5728\u521b\u5efa\u7528\u6237\u65f6\u672a\u6307\u5b9a\u4efb\u4f55\u9879\u76ee\uff0c\u5219\u4f1a\u5c06\u65b0\u7528\u6237\u5206\u914d\u7ed9\u6b64\u9879\u76ee\u3002 \u9ed8\u8ba4\u4ee4\u724c \u4e00\u4e2a\u6807\u8bc6\u670d\u52a1\u4ee4\u724c\uff0c\u8be5\u4ee4\u724c\u4e0d\u4e0e\u7279\u5b9a\u9879\u76ee\u5173\u8054\uff0c\u5e76\u4ea4\u6362\u4e3a\u4f5c\u7528\u57df\u5185\u4ee4\u724c\u3002 \u5ef6\u8fdf\u5220\u9664 \u5f71\u50cf\u670d\u52a1\u4e2d\u7684\u4e00\u4e2a\u9009\u9879\uff0c\u7528\u4e8e\u5728\u9884\u5b9a\u4e49\u7684\u79d2\u6570\u540e\u5220\u9664\u5f71\u50cf\uff0c\u800c\u4e0d\u662f\u7acb\u5373\u5220\u9664\u5f71\u50cf\u3002 \u4ea4\u4ed8\u65b9\u5f0f Compute RabbitMQ\u6d88\u606f\u6295\u9012\u6a21\u5f0f\u7684\u8bbe\u7f6e;\u53ef\u4ee5\u8bbe\u7f6e\u4e3a\u77ac\u6001\u6216\u6301\u4e45\u6027\u3002 \u62d2\u7edd\u670d\u52a1 \uff08DoS\uff09 \u62d2\u7edd\u670d\u52a1 \uff08DoS\uff09 \u662f\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u7684\u7b80\u79f0\u3002\u8fd9\u662f\u963b\u6b62\u5408\u6cd5\u7528\u6237\u4f7f\u7528\u670d\u52a1\u7684\u6076\u610f\u5c1d\u8bd5\u3002 \u5df2\u5f03\u7528\u7684\u8eab\u4efd\u9a8c\u8bc1 \u8ba1\u7b97\u4e2d\u7684\u4e00\u4e2a\u9009\u9879\uff0c\u4f7f\u7ba1\u7406\u5458\u80fd\u591f\u901a\u8fc7 nova-manage \u547d\u4ee4\u521b\u5efa\u548c\u7ba1\u7406\u7528\u6237\uff0c\u800c\u4e0d\u662f\u4f7f\u7528\u6807\u8bc6\u670d\u52a1\u3002 \u6307\u5b9a DNS \u670d\u52a1\u7684\u4ee3\u53f7\u3002 \u684c\u9762\u5373\u670d\u52a1 \u4e00\u4e2a\u5e73\u53f0\uff0c\u5b83\u63d0\u4f9b\u4e86\u4e00\u5957\u684c\u9762\u73af\u5883\uff0c\u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95ee\u8fd9\u4e9b\u73af\u5883\u4ece\u4efb\u4f55\u4f4d\u7f6e\u63a5\u6536\u684c\u9762\u4f53\u9a8c\u3002\u8fd9\u53ef\u4ee5\u63d0\u4f9b\u901a\u7528\u3001\u5f00\u53d1\u751a\u81f3\u540c\u6784\u6d4b\u8bd5\u73af\u5883\u3002 \u5f00\u53d1\u8005 \u8ba1\u7b97 RBAC \u7cfb\u7edf\u4e2d\u7684\u9ed8\u8ba4\u89d2\u8272\u4e4b\u4e00\uff0c\u4e5f\u662f\u5206\u914d\u7ed9\u65b0\u7528\u6237\u7684\u9ed8\u8ba4\u89d2\u8272\u3002 \u8bbe\u5907 ID \u5c06\u5bf9\u8c61\u5b58\u50a8\u5206\u533a\u6620\u5c04\u5230\u7269\u7406\u5b58\u50a8\u8bbe\u5907\u3002 \u8bbe\u5907\u6743\u91cd \u6839\u636e\u6bcf\u4e2a\u8bbe\u5907\u7684\u5b58\u50a8\u5bb9\u91cf\uff0c\u5728\u5bf9\u8c61\u5b58\u50a8\u8bbe\u5907\u4e4b\u95f4\u6309\u6bd4\u4f8b\u5206\u914d\u5206\u533a\u3002 \u5f00\u53d1\u5806\u6808 \u4f7f\u7528 shell \u811a\u672c\u5feb\u901f\u6784\u5efa\u5b8c\u6574 OpenStack \u5f00\u53d1\u73af\u5883\u7684\u793e\u533a\u9879\u76ee\u3002 DHCP\u4ee3\u7406 \u4e3a\u865a\u62df\u7f51\u7edc\u63d0\u4f9b DHCP \u670d\u52a1\u7684 OpenStack Networking \u4ee3\u7406\u3002 Diablo 2011 \u5e74\u79cb\u5b63\u53d1\u5e03\u7684\u4e0e OpenStack \u76f8\u5173\u7684\u9879\u76ee\u7684\u5206\u7ec4\u7248\u672c\uff0c\u662f OpenStack \u7684\u7b2c\u56db\u4e2a\u7248\u672c\u3002\u5b83\u5305\u62ec\u8ba1\u7b97 \uff08nova 2011.3\uff09\u3001\u5bf9\u8c61\u5b58\u50a8 \uff08swift 1.4.3\uff09 \u548c\u955c\u50cf\u670d\u52a1 \uff08glance\uff09\u3002Diablo\u662fOpenStack\u7b2c\u56db\u4e2a\u7248\u672c\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u7f8e\u56fd\u52a0\u5229\u798f\u5c3c\u4e9a\u5dde\u5723\u514b\u62c9\u62c9\u9644\u8fd1\u7684\u6e7e\u533a\u4e3e\u884c\uff0cDiablo\u662f\u9644\u8fd1\u7684\u57ce\u5e02\u3002 \u76f4\u63a5\u6d88\u8d39\u8005 Compute RabbitMQ \u7684\u4e00\u4e2a\u5143\u7d20\uff0c\u5728\u6267\u884c RPC \u8c03\u7528\u65f6\u751f\u6548\u3002\u5b83\u901a\u8fc7\u552f\u4e00\u7684\u72ec\u5360\u961f\u5217\u8fde\u63a5\u5230\u76f4\u63a5\u4ea4\u6362\uff0c\u53d1\u9001\u6d88\u606f\uff0c\u7136\u540e\u7ec8\u6b62\u3002 \u76f4\u63a5\u4ea4\u6362 RPC \u8c03\u7528\u671f\u95f4\u5728 Compute RabbitMQ \u4e2d\u521b\u5efa\u7684\u8def\u7531\u8868;\u4e3a\u6bcf\u4e2a\u8c03\u7528\u7684 RPC \u8c03\u7528\u521b\u5efa\u4e00\u4e2a\u3002 \u76f4\u63a5\u53d1\u5e03\u8005 RabbitMQ \u7684\u5143\u7d20\uff0c\u7528\u4e8e\u63d0\u4f9b\u5bf9\u4f20\u5165 MQ \u6d88\u606f\u7684\u54cd\u5e94\u3002 \u89e3\u9664\u5173\u8054 \u5220\u9664\u6d6e\u52a8 IP \u5730\u5740\u548c\u56fa\u5b9a IP \u4e4b\u95f4\u7684\u5173\u8054\uff0c\u4ece\u800c\u5c06\u6d6e\u52a8 IP \u5730\u5740\u8fd4\u56de\u5230\u5730\u5740\u6c60\u7684\u8fc7\u7a0b\u3002 \u81ea\u4e3b\u8bbf\u95ee\u63a7\u5236 \uff08DAC\uff09 \u63a7\u5236\u4f7f\u7528\u8005\u8bbf\u95ee\u5bf9\u8c61\u7684\u80fd\u529b\uff0c\u540c\u65f6\u4f7f\u7528\u6237\u80fd\u591f\u505a\u51fa\u7b56\u7565\u51b3\u7b56\u5e76\u5206\u914d\u5b89\u5168\u5c5e\u6027\u3002\u4f20\u7edf\u7684\u7528\u6237\u3001\u7ec4\u548c\u8bfb-\u5199-\u6267\u884c\u6743\u9650\u7684 UNIX \u7cfb\u7edf\u5c31\u662f DAC \u7684\u4e00\u4e2a\u793a\u4f8b\u3002 \u78c1\u76d8\u52a0\u5bc6 \u80fd\u591f\u5728\u6587\u4ef6\u7cfb\u7edf\u3001\u78c1\u76d8\u5206\u533a\u6216\u6574\u4e2a\u78c1\u76d8\u7ea7\u522b\u52a0\u5bc6\u6570\u636e\u3002\u5728\u8ba1\u7b97 VM \u4e2d\u53d7\u652f\u6301\u3002 \u78c1\u76d8\u683c\u5f0f VM \u7684\u78c1\u76d8\u6620\u50cf\u5728\u6620\u50cf\u670d\u52a1\u540e\u7aef\u5b58\u50a8\u4e2d\u5b58\u50a8\u7684\u57fa\u7840\u683c\u5f0f\u3002\u4f8b\u5982\uff0cAMI\u3001ISO\u3001QCOW2\u3001VMDK \u7b49\u3002 \u5206\u6563 \u5728\u5bf9\u8c61\u5b58\u50a8\u4e2d\uff0c\u7528\u4e8e\u6d4b\u8bd5\u548c\u786e\u4fdd\u5bf9\u8c61\u548c\u5bb9\u5668\u5206\u6563\u4ee5\u786e\u4fdd\u5bb9\u9519\u7684\u5de5\u5177\u3002 \u5206\u5e03\u5f0f\u865a\u62df\u8def\u7531\u5668 \uff08DVR\uff09 \u4f7f\u7528 OpenStack Networking \uff08neutron\uff09 \u65f6\u5b9e\u73b0\u9ad8\u53ef\u7528\u6027\u591a\u4e3b\u673a\u8def\u7531\u7684\u673a\u5236\u3002 Django \u5728\u5730\u5e73\u7ebf\u4e2d\u5e7f\u6cdb\u4f7f\u7528\u7684 Web \u6846\u67b6\u3002 DNS \u8bb0\u5f55 \u6307\u5b9a\u6709\u5173\u7279\u5b9a\u57df\u5e76\u5c5e\u4e8e\u8be5\u57df\u7684\u4fe1\u606f\u7684\u8bb0\u5f55\u3002 DNS\u670d\u52a1\uff08\u6307\u5b9a\uff09 OpenStack \u9879\u76ee\uff0c\u4ee5\u4e0e\u6280\u672f\u65e0\u5173\u7684\u65b9\u5f0f\u63d0\u4f9b\u5bf9\u6743\u5a01 DNS \u670d\u52a1\u7684\u53ef\u6269\u5c55\u3001\u6309\u9700\u3001\u81ea\u52a9\u8bbf\u95ee\u3002 dnsmasq \u4e3a\u865a\u62df\u7f51\u7edc\u63d0\u4f9b DNS\u3001DHCP\u3001BOOTP \u548c TFTP \u670d\u52a1\u7684\u5b88\u62a4\u7a0b\u5e8f\u3002 \u57df \u6807\u8bc6 API v3 \u5b9e\u4f53\u3002\u8868\u793a\u9879\u76ee\u3001\u7ec4\u548c\u7528\u6237\u7684\u96c6\u5408\uff0c\u7528\u4e8e\u5b9a\u4e49\u7528\u4e8e\u7ba1\u7406 OpenStack Identity \u5b9e\u4f53\u7684\u7ba1\u7406\u8fb9\u754c\u3002\u5728 Internet \u4e0a\uff0c\u5c06\u7f51\u7ad9\u4e0e\u5176\u4ed6\u7f51\u7ad9\u5206\u5f00\u3002\u901a\u5e38\uff0c\u57df\u540d\u6709\u4e24\u4e2a\u6216\u591a\u4e2a\u90e8\u5206\uff0c\u7528\u70b9\u5206\u9694\u3002\u4f8b\u5982\uff0cyahoo.com\u3001usa.gov\u3001harvard.edu \u6216 mail.yahoo.com\u3002\u6b64\u5916\uff0c\u57df\u662f\u5305\u542b\u4e00\u6761\u6216\u591a\u6761\u8bb0\u5f55\u7684\u6240\u6709 DNS \u76f8\u5173\u4fe1\u606f\u7684\u5b9e\u4f53\u6216\u5bb9\u5668\u3002 \u57df\u540d\u7cfb\u7edf\uff08DNS\uff09 \u7528\u4e8e\u786e\u5b9a Internet \u57df\u540d\u5230\u5730\u5740\u548c\u5730\u5740\u5230\u540d\u79f0\u89e3\u6790\u7684\u7cfb\u7edf\u3002DNS \u901a\u8fc7\u5c06 IP \u5730\u5740\u8f6c\u6362\u4e3a\u66f4\u6613\u4e8e\u8bb0\u5fc6\u7684\u5730\u5740\u6765\u5e2e\u52a9\u6d4f\u89c8 Internet\u3002\u4f8b\u5982\uff0c\u5c06 111.111.111.1 \u8f6c\u6362\u4e3a www.yahoo.com\u3002\u6240\u6709\u57df\u53ca\u5176\u7ec4\u4ef6\uff08\u5982\u90ae\u4ef6\u670d\u52a1\u5668\uff09\u90fd\u5229\u7528 DNS \u89e3\u6790\u5230\u9002\u5f53\u7684\u4f4d\u7f6e\u3002DNS\u670d\u52a1\u5668\u901a\u5e38\u8bbe\u7f6e\u5728\u4e3b\u4ece\u5173\u7cfb\u4e2d\uff0c\u4ee5\u4fbf\u4e3b\u670d\u52a1\u5668\u6545\u969c\u8c03\u7528\u4ece\u670d\u52a1\u5668\u3002\u8fd8\u53ef\u4ee5\u5bf9 DNS \u670d\u52a1\u5668\u8fdb\u884c\u7fa4\u96c6\u6216\u590d\u5236\uff0c\u4ee5\u4fbf\u5bf9\u4e00\u4e2a DNS \u670d\u52a1\u5668\u6240\u505a\u7684\u66f4\u6539\u81ea\u52a8\u4f20\u64ad\u5230\u5176\u4ed6\u6d3b\u52a8\u670d\u52a1\u5668\u3002\u5728\u8ba1\u7b97\u4e2d\uff0c\u652f\u6301\u5c06 DNS \u6761\u76ee\u4e0e\u6d6e\u52a8 IP \u5730\u5740\u3001\u8282\u70b9\u6216\u5355\u5143\u76f8\u5173\u8054\uff0c\u4ee5\u4fbf\u4e3b\u673a\u540d\u5728\u91cd\u65b0\u542f\u52a8\u65f6\u4fdd\u6301\u4e00\u81f4\u3002 \u4e0b\u8f7d \u5c06\u6570\u636e\uff08\u901a\u5e38\u4ee5\u6587\u4ef6\u7684\u5f62\u5f0f\uff09\u4ece\u4e00\u53f0\u8ba1\u7b97\u673a\u4f20\u8f93\u5230\u53e6\u4e00\u53f0\u8ba1\u7b97\u673a\u3002 \u6301\u4e45\u4ea4\u6362 \u670d\u52a1\u5668\u91cd\u65b0\u542f\u52a8\u65f6\u4fdd\u6301\u6d3b\u52a8\u72b6\u6001\u7684 Compute RabbitMQ \u6d88\u606f\u4ea4\u6362\u3002 \u6301\u4e45\u961f\u5217 \u4e00\u4e2a Compute RabbitMQ \u6d88\u606f\u961f\u5217\uff0c\u5728\u670d\u52a1\u5668\u91cd\u65b0\u542f\u52a8\u65f6\u4fdd\u6301\u6d3b\u52a8\u72b6\u6001\u3002 \u52a8\u6001\u4e3b\u673a\u914d\u7f6e\u534f\u8bae \uff08DHCP\uff09 \u4e00\u79cd\u7f51\u7edc\u534f\u8bae\uff0c\u7528\u4e8e\u914d\u7f6e\u8fde\u63a5\u5230\u7f51\u7edc\u7684\u8bbe\u5907\uff0c\u4ee5\u4fbf\u5b83\u4eec\u53ef\u4ee5\u4f7f\u7528 Internet \u534f\u8bae \uff08IP\uff09 \u5728\u8be5\u7f51\u7edc\u4e0a\u8fdb\u884c\u901a\u4fe1\u3002\u8be5\u534f\u8bae\u5728\u5ba2\u6237\u7aef-\u670d\u52a1\u5668\u6a21\u578b\u4e2d\u5b9e\u73b0\uff0c\u5176\u4e2d DHCP \u5ba2\u6237\u7aef\u4ece DHCP \u670d\u52a1\u5668\u8bf7\u6c42\u914d\u7f6e\u6570\u636e\uff0c\u4f8b\u5982 IP \u5730\u5740\u3001\u9ed8\u8ba4\u8def\u7531\u4ee5\u53ca\u4e00\u4e2a\u6216\u591a\u4e2a DNS \u670d\u52a1\u5668\u5730\u5740\u3002\u4e00\u79cd\u5728\u5f15\u5bfc\u65f6\u81ea\u52a8\u4e3a\u4e3b\u673a\u914d\u7f6e\u7f51\u7edc\u7684\u65b9\u6cd5\u3002\u7531\u7f51\u7edc\u548c\u8ba1\u7b97\u63d0\u4f9b\u3002 \u52a8\u6001\u8d85\u6587\u672c\u6807\u8bb0\u8bed\u8a00 \uff08DHTML\uff09 \u4f7f\u7528 HTML\u3001JavaScript \u548c\u7ea7\u8054\u6837\u5f0f\u8868\u4f7f\u7528\u6237\u80fd\u591f\u4e0e\u7f51\u9875\u4ea4\u4e92\u6216\u663e\u793a\u7b80\u5355\u52a8\u753b\u7684\u9875\u9762\u3002","title":"D"},{"location":"security/security-guide/#e","text":"\u4e1c\u897f\u5411\u6d41\u91cf \u540c\u4e00\u4e91\u6216\u6570\u636e\u4e2d\u5fc3\u4e2d\u7684\u670d\u52a1\u5668\u4e4b\u95f4\u7684\u7f51\u7edc\u6d41\u91cf\u3002\u53e6\u8bf7\u53c2\u9605\u5357\u5317\u5411\u6d41\u91cf\u3002 EBS \u542f\u52a8\u5377 \u5305\u542b\u53ef\u542f\u52a8 VM \u6620\u50cf\u7684 Amazon EBS \u5b58\u50a8\u5377\uff0cOpenStack \u76ee\u524d\u4e0d\u652f\u6301\u8be5\u6620\u50cf\u3002 ebtables \u7528\u4e8e Linux \u6865\u63a5\u9632\u706b\u5899\u7684\u8fc7\u6ee4\u5de5\u5177\uff0c\u652f\u6301\u8fc7\u6ee4\u901a\u8fc7 Linux \u6865\u63a5\u7684\u7f51\u7edc\u6d41\u91cf\u3002\u5728\u8ba1\u7b97\u4e2d\u4e0e arptables\u3001iptables \u548c ip6tables \u4e00\u8d77\u4f7f\u7528\uff0c\u4ee5\u786e\u4fdd\u7f51\u7edc\u901a\u4fe1\u7684\u9694\u79bb\u3002 EC2 \u51fd\u6570 Amazon \u5546\u4e1a\u8ba1\u7b97\u4ea7\u54c1\uff0c\u7c7b\u4f3c\u4e8e\u8ba1\u7b97\u3002 EC2 \u8bbf\u95ee\u5bc6\u94a5 \u4e0e EC2 \u79c1\u6709\u5bc6\u94a5\u4e00\u8d77\u4f7f\u7528\u4ee5\u8bbf\u95ee\u8ba1\u7b97 EC2 API\u3002 EC2 API OpenStack \u652f\u6301\u901a\u8fc7\u8ba1\u7b97\u8bbf\u95ee Amazon EC2 API\u3002 EC2 \u517c\u5bb9\u6027 API \u4f7f OpenStack \u80fd\u591f\u4e0e Amazon EC2 \u901a\u4fe1\u7684\u8ba1\u7b97\u7ec4\u4ef6\u3002 EC2 \u79c1\u6709\u5bc6\u94a5 \u4e0e\u8ba1\u7b97 EC2 API \u901a\u4fe1\u65f6\u4e0e EC2 \u8bbf\u95ee\u5bc6\u94a5\u4e00\u8d77\u4f7f\u7528;\u7528\u4e8e\u5bf9\u6bcf\u4e2a\u8bf7\u6c42\u8fdb\u884c\u6570\u5b57\u7b7e\u540d\u3002 \u8fb9\u7f18\u8ba1\u7b97 \u5728\u4e91\u4e2d\u8fd0\u884c\u66f4\u5c11\u7684\u8fdb\u7a0b\uff0c\u5e76\u5c06\u8fd9\u4e9b\u8fdb\u7a0b\u79fb\u52a8\u5230\u672c\u5730\u3002 \u5f39\u6027\u5757\u5b58\u50a8 \uff08EBS\uff09 Amazon \u5546\u4e1a\u5757\u5b58\u50a8\u4ea7\u54c1\u3002 \u5c01\u88c5 \u5c06\u4e00\u79cd\u6570\u636e\u5305\u7c7b\u578b\u7f6e\u4e8e\u53e6\u4e00\u79cd\u6570\u636e\u5305\u7c7b\u578b\u4e2d\uff0c\u4ee5\u63d0\u53d6\u6216\u4fdd\u62a4\u6570\u636e\u3002\u793a\u4f8b\u5305\u62ec GRE\u3001MPLS \u6216 IPsec\u3002 \u52a0\u5bc6 OpenStack\u652f\u6301HTTPS\u3001SSH\u3001SSL\u3001TLS\u3001\u6570\u5b57\u8bc1\u4e66\u3001\u6570\u636e\u52a0\u5bc6\u7b49\u52a0\u5bc6\u6280\u672f\u3002 \u7aef\u70b9 \u8bf7\u53c2\u9605 API \u7aef\u70b9\u3002 \u7aef\u70b9\u6ce8\u518c\u8868 \u8eab\u4efd\u670d\u52a1\u76ee\u5f55\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u7aef\u70b9\u6a21\u677f URL \u548c\u7aef\u53e3\u53f7\u7aef\u70b9\u5217\u8868\uff0c\u6307\u793a\u53ef\u4ee5\u8bbf\u95ee\u670d\u52a1\uff08\u5982\u5bf9\u8c61\u5b58\u50a8\u3001\u8ba1\u7b97\u3001\u6807\u8bc6\u7b49\uff09\u7684\u4f4d\u7f6e\u3002 \u4f01\u4e1a\u4e91\u8ba1\u7b97 \u4f4d\u4e8e\u9632\u706b\u5899\u540e\u9762\u7684\u8ba1\u7b97\u73af\u5883\uff0c\u4e3a\u4f01\u4e1a\u63d0\u4f9b\u8f6f\u4ef6\u3001\u57fa\u7840\u8bbe\u65bd\u548c\u5e73\u53f0\u670d\u52a1\u3002 \u5b9e\u4f53 \u4efb\u4f55\u60f3\u8981\u8fde\u63a5\u5230\u7f51\u7edc\uff08\u7f51\u7edc\u8fde\u63a5\u670d\u52a1\uff09\u63d0\u4f9b\u7684\u7f51\u7edc\u670d\u52a1\u7684\u786c\u4ef6\u6216\u8f6f\u4ef6\u3002\u5b9e\u4f53\u53ef\u4ee5\u901a\u8fc7\u5b9e\u73b0 VIF \u6765\u5229\u7528\u7f51\u7edc\u3002 \u4e34\u65f6\u6620\u50cf \u4e0d\u4fdd\u5b58\u5bf9\u5176\u5377\u6240\u505a\u7684\u66f4\u6539\u5e76\u5728\u5b9e\u4f8b\u7ec8\u6b62\u540e\u5c06\u5176\u6062\u590d\u5230\u539f\u59cb\u72b6\u6001\u7684 VM \u6620\u50cf\u3002 \u4e34\u65f6\u5377 \u4e0d\u4fdd\u5b58\u5bf9\u5176\u6240\u505a\u7684\u66f4\u6539\u5e76\u5728\u5f53\u524d\u7528\u6237\u653e\u5f03\u63a7\u5236\u6743\u65f6\u6062\u590d\u5230\u5176\u539f\u59cb\u72b6\u6001\u7684\u5377\u3002 Essex 2012 \u5e74 4 \u6708\u53d1\u5e03\u7684\u4e0e OpenStack \u76f8\u5173\u7684\u9879\u76ee\u7684\u5206\u7ec4\u7248\u672c\uff0c\u662f OpenStack \u7684\u7b2c\u4e94\u4e2a\u7248\u672c\u3002\u5b83\u5305\u62ec\u8ba1\u7b97\uff08nova 2012.1\uff09\u3001\u5bf9\u8c61\u5b58\u50a8\uff08swift 1.4.8\uff09\u3001\u56fe\u50cf\uff08glance\uff09\u3001\u8eab\u4efd\uff08keystone\uff09\u548c\u4eea\u8868\u677f\uff08horizon\uff09\u3002Essex \u662f OpenStack \u7b2c\u4e94\u4e2a\u7248\u672c\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u7f8e\u56fd\u9a6c\u8428\u8bf8\u585e\u5dde\u6ce2\u58eb\u987f\u4e3e\u884c\uff0cEssex\u662f\u9644\u8fd1\u7684\u57ce\u5e02\u3002 ESXi \u652f\u6301 OpenStack \u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002 ETag \u51fd\u6570 \u5bf9\u8c61\u5b58\u50a8\u4e2d\u5bf9\u8c61\u7684 MD5 \u54c8\u5e0c\u503c\uff0c\u7528\u4e8e\u786e\u4fdd\u6570\u636e\u5b8c\u6574\u6027\u3002 euca2ools \u7528\u4e8e\u7ba1\u7406 VM \u7684\u547d\u4ee4\u884c\u5de5\u5177\u96c6\u5408;\u5927\u591a\u6570\u90fd\u4e0eOpenStack\u517c\u5bb9\u3002 Eucalyptus Kernel Image \uff08EKI\uff09 \u4e0e ERI \u4e00\u8d77\u4f7f\u7528\u4ee5\u521b\u5efa EMI\u3002 Eucalyptus\u673a\u5668\u6620\u50cf \uff08EMI\uff09 \u6620\u50cf\u670d\u52a1\u652f\u6301\u7684\u865a\u62df\u673a\u955c\u50cf\u5bb9\u5668\u683c\u5f0f\u3002 Eucalyptus Ramdisk \u955c\u50cf \uff08ERI\uff09 \u4e0e EKI \u4e00\u8d77\u4f7f\u7528\u4ee5\u521b\u5efa EMI\u3002 \u64a4\u79bb \u5c06\u4e00\u4e2a\u6216\u6240\u6709\u865a\u62df\u673a \uff08VM\uff09 \u5b9e\u4f8b\u4ece\u4e00\u53f0\u4e3b\u673a\u8fc1\u79fb\u5230\u53e6\u4e00\u53f0\u4e3b\u673a\u7684\u8fc7\u7a0b\uff0c\u4e0e\u5171\u4eab\u5b58\u50a8\u5b9e\u65f6\u8fc1\u79fb\u548c\u5757\u8fc1\u79fb\u517c\u5bb9\u3002 \u4ea4\u6362 RabbitMQ \u6d88\u606f\u4ea4\u6362\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u4ea4\u6362\u7c7b\u578b Compute RabbitMQ \u4e2d\u7684\u8def\u7531\u7b97\u6cd5\u3002 \u72ec\u5360\u961f\u5217 \u7531 RabbitMQ \u4e2d\u7684\u76f4\u63a5\u4f7f\u7528\u8005\u8fde\u63a5\u5230 - \u8ba1\u7b97\uff0c\u6d88\u606f\u53ea\u80fd\u7531\u5f53\u524d\u8fde\u63a5\u4f7f\u7528\u3002 \u6269\u5c55\u5c5e\u6027 \uff08xattr\uff09 \u6587\u4ef6\u7cfb\u7edf\u9009\u9879\uff0c\u7528\u4e8e\u5b58\u50a8\u6240\u6709\u8005\u3001\u7ec4\u3001\u6743\u9650\u3001\u4fee\u6539\u65f6\u95f4\u7b49\u4ee5\u5916\u7684\u5176\u4ed6\u4fe1\u606f\u3002\u5e95\u5c42\u5bf9\u8c61\u5b58\u50a8\u6587\u4ef6\u7cfb\u7edf\u5fc5\u987b\u652f\u6301\u6269\u5c55\u5c5e\u6027\u3002 \u6269\u5c55 API \u6269\u5c55\u6216\u63d2\u4ef6\u7684\u66ff\u4ee3\u672f\u8bed\u3002\u5728 Identity \u670d\u52a1\u7684\u4e0a\u4e0b\u6587\u4e2d\uff0c\u8fd9\u662f\u7279\u5b9a\u4e8e\u5b9e\u73b0\u7684\u8c03\u7528\uff0c\u4f8b\u5982\u6dfb\u52a0\u5bf9 OpenID \u7684\u652f\u6301\u3002 \u5916\u90e8\u7f51\u7edc \u901a\u5e38\u7528\u4e8e Internet \u8bbf\u95ee\u7684\u7f51\u6bb5\u3002 \u989d\u5916\u89c4\u683c \u6307\u5b9a\u8ba1\u7b97\u786e\u5b9a\u4ece\u4f55\u5904\u5f00\u59cb\u65b0\u5b9e\u4f8b\u65f6\u7684\u5176\u4ed6\u8981\u6c42\u3002\u793a\u4f8b\u5305\u62ec\u6700\u5c0f\u7f51\u7edc\u5e26\u5bbd\u6216 GPU \u91cf\u3002","title":"E"},{"location":"security/security-guide/#f","text":"FakeLDAP \u521b\u5efa\u7528\u4e8e\u6d4b\u8bd5\u8eab\u4efd\u548c\u8ba1\u7b97\u7684\u672c\u5730 LDAP \u76ee\u5f55\u7684\u7b80\u5355\u65b9\u6cd5\u3002\u9700\u8981 Redis\u3002 fan-out\u4ea4\u6362 \u5728 RabbitMQ \u548c Compute \u4e2d\uff0c\u8c03\u5ea6\u7a0b\u5e8f\u670d\u52a1\u4f7f\u7528\u6d88\u606f\u4f20\u9012\u63a5\u53e3\u4ece\u8ba1\u7b97\u3001\u5377\u548c\u7f51\u7edc\u8282\u70b9\u63a5\u6536\u529f\u80fd\u6d88\u606f\u3002 \u8054\u5408\u8eab\u4efd \u4e00\u79cd\u5728\u8eab\u4efd\u63d0\u4f9b\u5546\u548c OpenStack \u4e91\u4e4b\u95f4\u5efa\u7acb\u4fe1\u4efb\u7684\u65b9\u6cd5\u3002 Fedora \u4e0e OpenStack \u517c\u5bb9\u7684 Linux \u53d1\u884c\u7248\u3002 \u5149\u7ea4\u901a\u9053 \u5b58\u50a8\u534f\u8bae\u5728\u6982\u5ff5\u4e0a\u7c7b\u4f3c\u4e8e TCP/IP;\u5c01\u88c5 SCSI \u547d\u4ee4\u548c\u6570\u636e\u3002 \u4ee5\u592a\u7f51\u5149\u7ea4\u901a\u9053 \uff08FCoE\uff09 \u5149\u7ea4\u901a\u9053\u534f\u8bae\u5728\u4ee5\u592a\u7f51\u5185\u901a\u8fc7\u96a7\u9053\u4f20\u8f93\u3002 \u586b\u5145\u4f18\u5148\u8c03\u5ea6\u5668 \u8ba1\u7b97\u8ba1\u5212\u65b9\u6cd5\uff0c\u5c1d\u8bd5\u7528 VM \u586b\u5145\u4e3b\u673a\uff0c\u800c\u4e0d\u662f\u5728\u5404\u79cd\u4e3b\u673a\u4e0a\u542f\u52a8\u65b0 VM\u3002 \u8fc7\u6ee4\u5668 \u8ba1\u7b97\u8ba1\u5212\u8fc7\u7a0b\u4e2d\u7684\u6b65\u9aa4\uff0c\u5f53\u65e0\u6cd5\u8fd0\u884c VM \u7684\u4e3b\u673a\u88ab\u6dd8\u6c70\u4e14\u672a\u88ab\u9009\u4e2d\u65f6\u3002 \u9632\u706b\u5899 \u7528\u4e8e\u9650\u5236\u4e3b\u673a\u548c/\u6216\u8282\u70b9\u4e4b\u95f4\u7684\u901a\u4fe1\uff0c\u5728\u8ba1\u7b97\u4e2d\u4f7f\u7528 iptables\u3001arptables\u3001ip6tables \u548c ebtables \u5b9e\u73b0\u3002 \u9632\u706b\u5899\u5373\u670d\u52a1 \uff08FWaaS\uff09 \u63d0\u4f9b\u5916\u56f4\u9632\u706b\u5899\u529f\u80fd\u7684\u7f51\u7edc\u6269\u5c55\u3002 \u56fa\u5b9a IP \u5730\u5740 \u6bcf\u6b21\u542f\u52a8\u5b9e\u4f8b\u65f6\u90fd\u4e0e\u540c\u4e00\u5b9e\u4f8b\u5173\u8054\u7684 IP \u5730\u5740\u901a\u5e38\u4e0d\u5bf9\u6700\u7ec8\u7528\u6237\u6216\u516c\u5171 Internet \u8bbf\u95ee\uff0c\u5e76\u7528\u4e8e\u7ba1\u7406\u5b9e\u4f8b\u3002 \u5e73\u9762\u7ba1\u7406\u5668 \u8ba1\u7b97\u7ec4\u4ef6\u4e3a\u6388\u6743\u8282\u70b9\u63d0\u4f9b IP \u5730\u5740\uff0c\u5e76\u5047\u5b9a DHCP\u3001DNS \u4ee5\u53ca\u8def\u7531\u914d\u7f6e\u548c\u670d\u52a1\u7531\u5176\u4ed6\u8bbe\u5907\u63d0\u4f9b\u3002 \u5e73\u9762\u6a21\u5f0f\u6ce8\u5165 \u4e00\u79cd\u8ba1\u7b97\u7f51\u7edc\u65b9\u6cd5\uff0c\u5728\u5b9e\u4f8b\u542f\u52a8\u4e4b\u524d\u5c06\u64cd\u4f5c\u7cfb\u7edf\u7f51\u7edc\u914d\u7f6e\u4fe1\u606f\u6ce8\u5165\u5230 VM \u6620\u50cf\u4e2d\u3002 \u5e73\u9762\u7f51\u7edc \u865a\u62df\u7f51\u7edc\u7c7b\u578b\uff0c\u4e0d\u4f7f\u7528VLAN\u6216\u96a7\u9053\u6765\u5206\u9694\u9879\u76ee\u6d41\u91cf\u3002\u6bcf\u4e2a\u5e73\u9762\u7f51\u7edc\u901a\u5e38\u9700\u8981\u5b9a\u4e49\u7531\u6865\u63a5\u6620\u5c04\u5b9a\u4e49\u7684\u5355\u72ec\u7684\u5e95\u5c42\u7269\u7406\u63a5\u53e3\u3002\u4f46\u662f\uff0c\u5e73\u9762\u7f51\u7edc\u53ef\u4ee5\u5305\u542b\u591a\u4e2a\u5b50\u7f51\u3002FlatDHCP \u7ba1\u7406\u5668 \u63d0\u4f9b dnsmasq\uff08DHCP\u3001DNS\u3001BOOTP\u3001TFTP\uff09\u548c radvd\uff08\u8def\u7531\uff09\u670d\u52a1\u7684\u8ba1\u7b97\u7ec4\u4ef6\u3002 \u89c4\u683c VM \u5b9e\u4f8b\u7c7b\u578b\u7684\u66ff\u4ee3\u672f\u8bed \u89c4\u683cID \u6bcf\u79cd\u8ba1\u7b97\u6216\u6620\u50cf\u670d\u52a1\u865a\u62df\u673a\u89c4\u683c\u6216\u5b9e\u4f8b\u7c7b\u578b\u7684 UUID\u3002 \u6d6e\u52a8 IP \u5730\u5740 \u9879\u76ee\u53ef\u4ee5\u4e0e VM \u5173\u8054\u7684 IP \u5730\u5740\uff0c\u4ee5\u4fbf\u5b9e\u4f8b\u5728\u6bcf\u6b21\u542f\u52a8\u65f6\u90fd\u5177\u6709\u76f8\u540c\u7684\u516c\u6709 IP \u5730\u5740\u3002\u60a8\u53ef\u4ee5\u521b\u5efa\u4e00\u4e2a\u6d6e\u52a8 IP \u5730\u5740\u6c60\uff0c\u5e76\u5728\u5b9e\u4f8b\u542f\u52a8\u65f6\u5c06\u5176\u5206\u914d\u7ed9\u5b9e\u4f8b\uff0c\u4ee5\u4fdd\u6301\u4e00\u81f4\u7684 IP \u5730\u5740\u4ee5\u7ef4\u62a4 DNS \u5206\u914d\u3002 Folsom 2012 \u5e74\u79cb\u5b63\u53d1\u5e03\u7684\u4e0e OpenStack \u76f8\u5173\u7684\u9879\u76ee\u7684\u5206\u7ec4\u7248\u672c\uff0c\u662f OpenStack \u7684\u7b2c\u516d\u4e2a\u7248\u672c\u3002\u5b83\u5305\u62ec\u8ba1\u7b97 \uff08nova\uff09\u3001\u5bf9\u8c61\u5b58\u50a8 \uff08swift\uff09\u3001\u8eab\u4efd \uff08keystone\uff09\u3001\u7f51\u7edc \uff08neutron\uff09\u3001\u6620\u50cf\u670d\u52a1 \uff08glance\uff09 \u4ee5\u53ca\u5377\u6216\u5757\u5b58\u50a8 \uff08cinder\uff09\u3002Folsom \u662f OpenStack \u7b2c\u516d\u4e2a\u7248\u672c\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u7f8e\u56fd\u52a0\u5229\u798f\u5c3c\u4e9a\u5dde\u65e7\u91d1\u5c71\u4e3e\u884c\uff0c\u798f\u5c14\u745f\u59c6\u662f\u9644\u8fd1\u7684\u57ce\u5e02\u3002 FormPost \u5bf9\u8c61\u5b58\u50a8\u4e2d\u95f4\u4ef6\uff0c\u901a\u8fc7\u7f51\u9875\u4e0a\u7684\u8868\u5355\u4e0a\u4f20\uff08\u53d1\u5e03\uff09\u56fe\u50cf\u3002 freezer \u5907\u4efd\u3001\u8fd8\u539f\u548c\u707e\u96be\u6062\u590d\u670d\u52a1\u7684\u4ee3\u53f7\u3002 \u524d\u7aef \u7528\u6237\u4e0e\u670d\u52a1\u4ea4\u4e92\u7684\u70b9;\u53ef\u4ee5\u662f API \u7aef\u70b9\u3001\u4eea\u8868\u677f\u6216\u547d\u4ee4\u884c\u5de5\u5177\u3002","title":"F"},{"location":"security/security-guide/#g","text":"\u7f51\u5173 \u901a\u5e38\u5206\u914d\u7ed9\u8def\u7531\u5668\u7684 IP \u5730\u5740\uff0c\u7528\u4e8e\u5728\u4e0d\u540c\u7f51\u7edc\u4e4b\u95f4\u4f20\u9012\u7f51\u7edc\u6d41\u91cf\u3002 \u901a\u7528\u63a5\u6536\u5378\u8f7d \uff08GRO\uff09 \u67d0\u4e9b\u7f51\u7edc\u63a5\u53e3\u9a71\u52a8\u7a0b\u5e8f\u7684\u529f\u80fd\uff0c\u5728\u4f20\u9001\u5230\u5185\u6838 IP \u5806\u6808\u4e4b\u524d\uff0c\u5c06\u8bb8\u591a\u8f83\u5c0f\u7684\u63a5\u6536\u6570\u636e\u5305\u5408\u5e76\u4e3a\u4e00\u4e2a\u5927\u6570\u636e\u5305\u3002 \u901a\u7528\u8def\u7531\u5c01\u88c5 \uff08GRE\uff09 \u5728\u865a\u62df\u70b9\u5bf9\u70b9\u94fe\u8def\u4e2d\u5c01\u88c5\u5404\u79cd\u7f51\u7edc\u5c42\u534f\u8bae\u7684\u534f\u8bae\u3002 glance \u5f71\u50cf\u670d\u52a1\u7684\u4ee3\u53f7\u3002 glance API \u670d\u52a1\u5668 \u56fe\u50cf API \u7684\u66ff\u4ee3\u540d\u79f0\u3002 glance \u6ce8\u518c\u8868 \u6620\u50cf\u670d\u52a1\u6620\u50cf\u6ce8\u518c\u8868\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u5168\u5c40\u7aef\u70b9\u6a21\u677f \u5305\u542b\u53ef\u7528\u4e8e\u6240\u6709\u9879\u76ee\u7684\u670d\u52a1\u7684\u6807\u8bc6\u670d\u52a1\u7ec8\u7ed3\u70b9\u6a21\u677f\u3002 GlusterFS \u4e00\u4e2a\u65e8\u5728\u805a\u5408 NAS \u4e3b\u673a\u7684\u6587\u4ef6\u7cfb\u7edf\uff0c\u4e0e OpenStack \u517c\u5bb9\u3002 gnocchi OpenStack Telemetry \u670d\u52a1\u7684\u4e00\u90e8\u5206;\u63d0\u4f9b\u7d22\u5f15\u5668\u548c\u65f6\u5e8f\u6570\u636e\u5e93\u3002 golden\u6620\u50cf \u4e00\u79cd\u64cd\u4f5c\u7cfb\u7edf\u5b89\u88c5\u65b9\u6cd5\uff0c\u5176\u4e2d\u521b\u5efa\u6700\u7ec8\u7684\u78c1\u76d8\u6620\u50cf\uff0c\u7136\u540e\u7531\u6240\u6709\u8282\u70b9\u4f7f\u7528\uff0c\u65e0\u9700\u4fee\u6539\u3002 \u6cbb\u7406\u670d\u52a1\uff08\u5927\u4f1a\uff09 \u8be5\u9879\u76ee\u5728\u4efb\u4f55\u4e91\u670d\u52a1\u96c6\u5408\u4e2d\u63d0\u4f9b\u6cbb\u7406\u5373\u670d\u52a1\uff0c\u4ee5\u4fbf\u76d1\u89c6\u3001\u5b9e\u65bd\u548c\u5ba1\u6838\u52a8\u6001\u57fa\u7840\u7ed3\u6784\u4e0a\u7684\u7b56\u7565\u3002 \u56fe\u5f62\u4ea4\u6362\u683c\u5f0f \uff08GIF\uff09 \u4e00\u79cd\u901a\u5e38\u7528\u4e8e\u7f51\u9875\u4e0a\u7684\u52a8\u753b\u56fe\u50cf\u7684\u56fe\u50cf\u6587\u4ef6\u3002 \u56fe\u5f62\u5904\u7406\u5355\u5143 \uff08GPU\uff09 OpenStack \u76ee\u524d\u4e0d\u652f\u6301\u6839\u636e GPU \u7684\u5b58\u5728\u6765\u9009\u62e9\u4e3b\u673a\u3002 \u7eff\u8272\u7ebf\u7a0b Python \u4f7f\u7528\u7684\u534f\u4f5c\u7ebf\u7a0b\u6a21\u578b;\u51cf\u5c11\u4e89\u7528\u6761\u4ef6\uff0c\u5e76\u4e14\u4ec5\u5728\u8fdb\u884c\u7279\u5b9a\u5e93\u8c03\u7528\u65f6\u8fdb\u884c\u4e0a\u4e0b\u6587\u5207\u6362\u3002\u6bcf\u4e2a OpenStack \u670d\u52a1\u90fd\u662f\u5b83\u81ea\u5df1\u7684\u7ebf\u7a0b\u3002 Grizzly OpenStack \u7b2c\u4e03\u4e2a\u7248\u672c\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u7f8e\u56fd\u52a0\u5229\u798f\u5c3c\u4e9a\u5dde\u5723\u5730\u4e9a\u54e5\u4e3e\u884c\uff0cGrizzly\u662f\u52a0\u5229\u798f\u5c3c\u4e9a\u5dde\u5dde\u65d7\u7684\u4e00\u4e2a\u5143\u7d20\u3002 \u5206\u7ec4 Identity v3 API \u5b9e\u4f53\u3002\u8868\u793a\u7279\u5b9a\u57df\u6240\u62e5\u6709\u7684\u7528\u6237\u96c6\u5408\u3002 \u5ba2\u6237\u673a\u64cd\u4f5c\u7cfb\u7edf \u5728\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u7684\u63a7\u5236\u4e0b\u8fd0\u884c\u7684\u64cd\u4f5c\u7cfb\u7edf\u5b9e\u4f8b\u3002","title":"G"},{"location":"security/security-guide/#h","text":"Hadoop Apache Hadoop \u662f\u4e00\u4e2a\u5f00\u6e90\u8f6f\u4ef6\u6846\u67b6\uff0c\u652f\u6301\u6570\u636e\u5bc6\u96c6\u578b\u5206\u5e03\u5f0f\u5e94\u7528\u7a0b\u5e8f\u3002 Hadoop \u5206\u5e03\u5f0f\u6587\u4ef6\u7cfb\u7edf \uff08HDFS\uff09 \u4e00\u79cd\u5206\u5e03\u5f0f\u3001\u9ad8\u5ea6\u5bb9\u9519\u7684\u6587\u4ef6\u7cfb\u7edf\uff0c\u8bbe\u8ba1\u7528\u4e8e\u5728\u4f4e\u6210\u672c\u5546\u7528\u786c\u4ef6\u4e0a\u8fd0\u884c\u3002 \u4ea4\u63a5 \u5bf9\u8c61\u5b58\u50a8\u4e2d\u7684\u4e00\u79cd\u5bf9\u8c61\u72b6\u6001\uff0c\u5176\u4e2d\u7531\u4e8e\u9a71\u52a8\u5668\u6545\u969c\u800c\u81ea\u52a8\u521b\u5efa\u5bf9\u8c61\u7684\u65b0\u526f\u672c\u3002 HAProxy \u51fd\u6570 \u4e3a\u57fa\u4e8e TCP \u548c HTTP \u7684\u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u8d1f\u8f7d\u5e73\u8861\u5668\uff0c\u5c06\u8bf7\u6c42\u5206\u6563\u5230\u591a\u4e2a\u670d\u52a1\u5668\u3002 \u786c\u91cd\u542f \u4e00\u79cd\u91cd\u65b0\u542f\u52a8\u7c7b\u578b\uff0c\u5176\u4e2d\u6309\u4e0b\u7269\u7406\u6216\u865a\u62df\u7535\u6e90\u6309\u94ae\uff0c\u800c\u4e0d\u662f\u6b63\u5e38\u3001\u6b63\u786e\u5730\u5173\u95ed\u64cd\u4f5c\u7cfb\u7edf\u3002 Havana OpenStack \u7b2c\u516b\u7248\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u7f8e\u56fd\u4fc4\u52d2\u5188\u5dde\u6ce2\u7279\u5170\u5e02\u4e3e\u884c\uff0cHavana\u662f\u4fc4\u52d2\u5188\u5dde\u7684\u4e00\u4e2a\u975e\u6cd5\u4eba\u793e\u533a\u3002 \u5065\u5eb7\u76d1\u89c6\u5668 \u786e\u5b9a VIP \u6c60\u7684\u540e\u7aef\u6210\u5458\u662f\u5426\u53ef\u4ee5\u5904\u7406\u8bf7\u6c42\u3002\u4e00\u4e2a\u6c60\u53ef\u4ee5\u6709\u591a\u4e2a\u4e0e\u4e4b\u5173\u8054\u7684\u8fd0\u884c\u72b6\u51b5\u76d1\u89c6\u5668\u3002\u5f53\u6c60\u6709\u591a\u4e2a\u4e0e\u4e4b\u5173\u8054\u7684\u76d1\u89c6\u5668\u65f6\uff0c\u6240\u6709\u76d1\u89c6\u5668\u90fd\u4f1a\u68c0\u67e5\u6c60\u7684\u6bcf\u4e2a\u6210\u5458\u3002\u6240\u6709\u76d1\u89c6\u5668\u90fd\u5fc5\u987b\u58f0\u660e\u6210\u5458\u8fd0\u884c\u72b6\u51b5\u826f\u597d\uff0c\u624d\u80fd\u4fdd\u6301\u6d3b\u52a8\u72b6\u6001\u3002 heat \u4e1a\u52a1\u6d41\u7a0b\u670d\u52a1\u7684\u4ee3\u53f7\u3002 Heat \u7f16\u6392\u6a21\u677f \uff08HOT\uff09 \u4ee5 OpenStack \u539f\u751f\u683c\u5f0f\u7684 Heat \u8f93\u5165\u3002 \u9ad8\u53ef\u7528\u6027 \uff08HA\uff09 \u9ad8\u53ef\u7528\u6027\u7cfb\u7edf\u8bbe\u8ba1\u65b9\u6cd5\u548c\u76f8\u5173\u670d\u52a1\u5b9e\u65bd\u53ef\u786e\u4fdd\u5728\u5408\u540c\u6d4b\u91cf\u671f\u95f4\u8fbe\u5230\u9884\u5148\u5b89\u6392\u7684\u8fd0\u8425\u7ee9\u6548\u6c34\u5e73\u3002\u9ad8\u53ef\u7528\u6027\u7cfb\u7edf\u529b\u6c42\u6700\u5927\u9650\u5ea6\u5730\u51cf\u5c11\u7cfb\u7edf\u505c\u673a\u65f6\u95f4\u548c\u6570\u636e\u4e22\u5931\u3002 horizon \u4eea\u8868\u677f\u7684\u4ee3\u53f7\u3002 Horizon \u63d2\u4ef6 OpenStack Dashboard \uff08horizon\uff09 \u7684\u63d2\u4ef6\u3002 \u4e3b\u673a \u7269\u7406\u8ba1\u7b97\u673a\uff0c\u800c\u4e0d\u662f VM \u5b9e\u4f8b\uff08\u8282\u70b9\uff09\u3002 \u4e3b\u673a\u805a\u5408 \u4e00\u79cd\u5c06\u53ef\u7528\u6027\u533a\u57df\u8fdb\u4e00\u6b65\u7ec6\u5206\u4e3a\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u6c60\uff08\u516c\u5171\u4e3b\u673a\u7684\u96c6\u5408\uff09\u7684\u65b9\u6cd5\u3002 \u4e3b\u673a\u603b\u7ebf\u9002\u914d\u5668 \uff08HBA\uff09 \u63d2\u5165 PCI \u63d2\u69fd\uff08\u5982\u5149\u7ea4\u901a\u9053\u6216\u7f51\u5361\uff09\u7684\u8bbe\u5907\u3002 \u6df7\u5408\u4e91 \u6df7\u5408\u4e91\u662f\u7531\u4e24\u4e2a\u6216\u591a\u4e2a\u4e91\uff08\u79c1\u6709\u4e91\u3001\u793e\u533a\u4e91\u6216\u516c\u6709\u4e91\uff09\u7ec4\u6210\u7684\uff0c\u8fd9\u4e9b\u4e91\u4ecd\u7136\u662f\u4e0d\u540c\u7684\u5b9e\u4f53\uff0c\u4f46\u7ed1\u5b9a\u5728\u4e00\u8d77\uff0c\u63d0\u4f9b\u591a\u79cd\u90e8\u7f72\u6a21\u578b\u7684\u4f18\u52bf\u3002\u6df7\u5408\u4e91\u8fd8\u610f\u5473\u7740\u80fd\u591f\u5c06\u4e3b\u673a\u6258\u7ba1\u3001\u6258\u7ba1\u548c/\u6216\u4e13\u7528\u670d\u52a1\u4e0e\u4e91\u8d44\u6e90\u8fde\u63a5\u8d77\u6765\u3002 \u6df7\u5408\u4e91\u8ba1\u7b97 \u6df7\u5408\u4e86\u672c\u5730\u3001\u79c1\u6709\u4e91\u548c\u7b2c\u4e09\u65b9\u516c\u6709\u4e91\u670d\u52a1\uff0c\u5e76\u5728\u4e24\u4e2a\u5e73\u53f0\u4e4b\u95f4\u8fdb\u884c\u7f16\u6392\u3002 Hyper-V OpenStack \u652f\u6301\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e4b\u4e00\u3002 \u8d85\u94fe\u63a5 \u5305\u542b\u6307\u5411\u5176\u4ed6\u7f51\u7ad9\u7684\u94fe\u63a5\u7684\u4efb\u4f55\u7c7b\u578b\u7684\u6587\u672c\uff0c\u5e38\u89c1\u4e8e\u5355\u51fb\u4e00\u4e2a\u6216\u591a\u4e2a\u5355\u8bcd\u4f1a\u6253\u5f00\u5176\u4ed6\u7f51\u7ad9\u7684\u6587\u6863\u4e2d\u3002 \u8d85\u6587\u672c\u4f20\u8f93\u534f\u8bae \uff08HTTP\uff09 \u7528\u4e8e\u5206\u5e03\u5f0f\u3001\u534f\u4f5c\u5f0f\u3001\u8d85\u5a92\u4f53\u4fe1\u606f\u7cfb\u7edf\u7684\u5e94\u7528\u534f\u8bae\u3002\u5b83\u662f\u4e07\u7ef4\u7f51\u6570\u636e\u901a\u4fe1\u7684\u57fa\u7840\u3002\u8d85\u6587\u672c\u662f\u5728\u5305\u542b\u6587\u672c\u7684\u8282\u70b9\u4e4b\u95f4\u4f7f\u7528\u903b\u8f91\u94fe\u63a5\uff08\u8d85\u94fe\u63a5\uff09\u7684\u7ed3\u6784\u5316\u6587\u672c\u3002HTTP\u662f\u4ea4\u6362\u6216\u4f20\u8f93\u8d85\u6587\u672c\u7684\u534f\u8bae\u3002 \u5b89\u5168\u8d85\u6587\u672c\u4f20\u8f93\u534f\u8bae \uff08HTTPS\uff09\u4e00\u79cd\u52a0\u5bc6\u901a\u4fe1\u534f\u8bae\uff0c\u7528\u4e8e\u901a\u8fc7\u8ba1\u7b97\u673a\u7f51\u7edc\u8fdb\u884c\u5b89\u5168\u901a\u4fe1\uff0c\u5728 Internet \u4e0a\u7684\u90e8\u7f72\u7279\u522b\u5e7f\u6cdb\u3002\u4ece\u6280\u672f\u4e0a\u8bb2\uff0c\u5b83\u672c\u8eab\u4e0d\u662f\u4e00\u4e2a\u534f\u8bae;\u76f8\u53cd\uff0c\u5b83\u662f\u7b80\u5355\u5730\u5c06\u8d85\u6587\u672c\u4f20\u8f93\u534f\u8bae \uff08HTTP\uff09 \u5206\u5c42\u5728 TLS \u6216 SSL \u534f\u8bae\u4e4b\u4e0a\u7684\u7ed3\u679c\uff0c\u4ece\u800c\u5c06 TLS \u6216 SSL \u7684\u5b89\u5168\u529f\u80fd\u6dfb\u52a0\u5230\u6807\u51c6 HTTP \u901a\u4fe1\u4e2d\u3002\u5927\u591a\u6570 OpenStack API \u7aef\u70b9\u548c\u8bb8\u591a\u7ec4\u4ef6\u95f4\u901a\u4fe1\u90fd\u652f\u6301 HTTPS \u901a\u4fe1\u3002 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f \u4ef2\u88c1\u548c\u63a7\u5236 VM \u5bf9\u5b9e\u9645\u5e95\u5c42\u786c\u4ef6\u7684\u8bbf\u95ee\u7684\u8f6f\u4ef6\u3002 \u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u6c60 \u901a\u8fc7\u4e3b\u673a\u805a\u5408\u7ec4\u5408\u5728\u4e00\u8d77\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u7684\u96c6\u5408\u3002","title":"H"},{"location":"security/security-guide/#i","text":"Icehouse OpenStack \u7b2c\u4e5d\u4e2a\u7248\u672c\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u9999\u6e2f\u4e3e\u884c\uff0cIce House\u662f\u8be5\u5e02\u7684\u4e00\u6761\u8857\u9053\u7684\u540d\u5b57\u3002 \u8eab\u4efd\u8bc1\u53f7\u7801 \u4e0e\u8eab\u4efd\u4e2d\u7684\u6bcf\u4e2a\u7528\u6237\u5173\u8054\u7684\u552f\u4e00\u6570\u5b57 ID\uff0c\u5728\u6982\u5ff5\u4e0a\u7c7b\u4f3c\u4e8e Linux \u6216 LDAP UID\u3002 \u8eab\u4efd\u9a8c\u8bc1 API Identity \u670d\u52a1 API \u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u8eab\u4efd\u9a8c\u8bc1\u540e\u7aef Identity \u670d\u52a1\u7528\u4e8e\u68c0\u7d22\u7528\u6237\u4fe1\u606f\u7684\u6e90;\u4f8b\u5982\uff0cOpenLDAP \u670d\u52a1\u5668\u3002 \u8eab\u4efd\u63d0\u4f9b\u8005 \u4e00\u79cd\u76ee\u5f55\u670d\u52a1\uff0c\u5141\u8bb8\u7528\u6237\u4f7f\u7528\u7528\u6237\u540d\u548c\u5bc6\u7801\u767b\u5f55\u3002\u5b83\u662f\u8eab\u4efd\u9a8c\u8bc1\u4ee4\u724c\u7684\u5178\u578b\u6765\u6e90\u3002 \u8eab\u4efd\u670d\u52a1\uff08keystone\uff09 \u4fc3\u8fdb API \u5ba2\u6237\u7aef\u8eab\u4efd\u9a8c\u8bc1\u3001\u670d\u52a1\u53d1\u73b0\u3001\u5206\u5e03\u5f0f\u591a\u9879\u76ee\u6388\u6743\u548c\u5ba1\u8ba1\u7684\u9879\u76ee\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u7528\u6237\u6620\u5c04\u5230\u4ed6\u4eec\u53ef\u4ee5\u8bbf\u95ee\u7684 OpenStack \u670d\u52a1\u7684\u4e2d\u592e\u76ee\u5f55\u3002\u5b83\u8fd8\u4e3a OpenStack \u670d\u52a1\u6ce8\u518c\u7aef\u70b9\uff0c\u5e76\u5145\u5f53\u901a\u7528\u8eab\u4efd\u9a8c\u8bc1\u7cfb\u7edf\u3002 \u8eab\u4efd\u670d\u52a1 API \u7528\u4e8e\u8bbf\u95ee\u901a\u8fc7 keystone \u63d0\u4f9b\u7684 OpenStack Identity \u670d\u52a1\u7684 API\u3002 IETF \uff08\u82f1\u8bed\uff09 Internet \u5de5\u7a0b\u4efb\u52a1\u7ec4 \uff08IETF\uff09 \u662f\u4e00\u4e2a\u5f00\u653e\u6807\u51c6\u7ec4\u7ec7\uff0c\u8d1f\u8d23\u5236\u5b9a Internet \u6807\u51c6\uff0c\u5c24\u5176\u662f\u4e0e TCP/IP \u76f8\u5173\u7684\u6807\u51c6\u3002 \u6620\u50cf \u7528\u4e8e\u521b\u5efa\u6216\u91cd\u5efa\u670d\u52a1\u5668\u7684\u7279\u5b9a\u64cd\u4f5c\u7cfb\u7edf \uff08OS\uff09 \u7684\u6587\u4ef6\u96c6\u5408\u3002OpenStack \u63d0\u4f9b\u9884\u6784\u5efa\u7684\u6620\u50cf\u3002\u60a8\u8fd8\u53ef\u4ee5\u4ece\u5df2\u542f\u52a8\u7684\u670d\u52a1\u5668\u521b\u5efa\u81ea\u5b9a\u4e49\u6620\u50cf\u6216\u5feb\u7167\u3002\u81ea\u5b9a\u4e49\u6620\u50cf\u53ef\u7528\u4e8e\u6570\u636e\u5907\u4efd\uff0c\u6216\u7528\u4f5c\u5176\u4ed6\u670d\u52a1\u5668\u7684\u201c\u9ec4\u91d1\u201d\u6620\u50cf\u3002 \u6620\u50cfAPI \u7528\u4e8e\u7ba1\u7406 VM \u6620\u50cf\u7684\u6620\u50cf\u670d\u52a1 API \u7ec8\u7ed3\u70b9\u3002\u5904\u7406\u5ba2\u6237\u7aef\u5bf9 VM \u7684\u8bf7\u6c42\uff0c\u66f4\u65b0\u6ce8\u518c\u8868\u670d\u52a1\u5668\u4e0a\u7684\u6620\u50cf\u670d\u52a1\u5143\u6570\u636e\uff0c\u5e76\u4e0e\u5b58\u50a8\u9002\u914d\u5668\u901a\u4fe1\u4ee5\u4ece\u540e\u7aef\u5b58\u50a8\u4e0a\u4f20 VM \u6620\u50cf\u3002 \u6620\u50cf\u7f13\u5b58 \u7531\u56fe\u50cf\u670d\u52a1\u7528\u4e8e\u83b7\u53d6\u672c\u5730\u4e3b\u673a\u4e0a\u7684\u56fe\u50cf\uff0c\u800c\u4e0d\u662f\u5728\u6bcf\u6b21\u8bf7\u6c42\u56fe\u50cf\u65f6\u4ece\u56fe\u50cf\u670d\u52a1\u5668\u91cd\u65b0\u4e0b\u8f7d\u56fe\u50cf\u3002 \u6620\u50cf ID URI \u548c UUID \u7684\u7ec4\u5408\uff0c\u7528\u4e8e\u901a\u8fc7\u955c\u50cf API \u8bbf\u95ee\u955c\u50cf\u670d\u52a1\u865a\u62df\u673a\u955c\u50cf\u3002 \u6620\u50cf\u6210\u5458 \u53ef\u4ee5\u5728\u6620\u50cf\u670d\u52a1\u4e2d\u8bbf\u95ee\u7ed9\u5b9a VM \u6620\u50cf\u7684\u9879\u76ee\u5217\u8868\u3002 \u6620\u50cf\u6240\u6709\u8005 \u62e5\u6709\u955c\u50cf\u670d\u52a1\u865a\u62df\u673a\u955c\u50cf\u7684\u9879\u76ee\u3002 \u6620\u50cf\u6ce8\u518c\u8868 \u53ef\u901a\u8fc7\u6620\u50cf\u670d\u52a1\u83b7\u53d6\u7684 VM \u6620\u50cf\u7684\u5217\u8868\u3002 \u6620\u50cf\u670d\u52a1\uff08glance\uff09 OpenStack \u670d\u52a1\uff0c\u5b83\u63d0\u4f9b\u670d\u52a1\u548c\u5173\u8054\u7684\u5e93\u6765\u5b58\u50a8\u3001\u6d4f\u89c8\u3001\u5171\u4eab\u3001\u5206\u53d1\u548c\u7ba1\u7406\u53ef\u542f\u52a8\u78c1\u76d8\u6620\u50cf\u3001\u4e0e\u521d\u59cb\u5316\u8ba1\u7b97\u8d44\u6e90\u5bc6\u5207\u76f8\u5173\u7684\u5176\u4ed6\u6570\u636e\u4ee5\u53ca\u5143\u6570\u636e\u5b9a\u4e49\u3002 \u6620\u50cf\u72b6\u6001 \u955c\u50cf\u670d\u52a1\u4e2d\u865a\u62df\u673a\u955c\u50cf\u7684\u5f53\u524d\u72b6\u6001\uff0c\u4e0d\u8981\u4e0e\u6b63\u5728\u8fd0\u884c\u7684\u5b9e\u4f8b\u7684\u72b6\u6001\u6df7\u6dc6\u3002 \u6620\u50cf\u5b58\u50a8 \u6620\u50cf\u670d\u52a1\u7528\u4e8e\u5b58\u50a8\u865a\u62df\u673a\u6620\u50cf\u7684\u540e\u7aef\u5b58\u50a8\uff0c\u9009\u9879\u5305\u62ec\u5bf9\u8c61\u5b58\u50a8\u3001\u672c\u5730\u6302\u8f7d\u7684\u6587\u4ef6\u7cfb\u7edf\u3001RADOS \u5757\u8bbe\u5907\u3001VMware \u6570\u636e\u5b58\u50a8\u6216 HTTP\u3002 \u6620\u50cf UUID \u6620\u50cf\u670d\u52a1\u7528\u4e8e\u552f\u4e00\u6807\u8bc6\u6bcf\u4e2a VM \u6620\u50cf\u7684 UUID\u3002 \u5b75\u5316\u9879\u76ee \u793e\u533a\u9879\u76ee\u53ef\u4ee5\u63d0\u5347\u5230\u6b64\u72b6\u6001\uff0c\u7136\u540e\u63d0\u5347\u4e3a\u6838\u5fc3\u9879\u76ee \u57fa\u7840\u8bbe\u65bd\u4f18\u5316\u670d\u52a1\uff08\u89c2\u5bdf\u8005\uff09 OpenStack\u9879\u76ee\uff0c\u65e8\u5728\u4e3a\u57fa\u4e8eOpenStack\u7684\u591a\u9879\u76ee\u4e91\u63d0\u4f9b\u7075\u6d3b\u4e14\u53ef\u6269\u5c55\u7684\u8d44\u6e90\u4f18\u5316\u670d\u52a1\u3002 \u57fa\u7840\u67b6\u6784\u5373\u670d\u52a1 \uff08IaaS\uff09 IaaS \u662f\u4e00\u79cd\u914d\u7f6e\u6a21\u578b\uff0c\u5728\u8fd9\u79cd\u6a21\u578b\u4e2d\uff0c\u7ec4\u7ec7\u5916\u5305\u6570\u636e\u4e2d\u5fc3\u7684\u7269\u7406\u7ec4\u4ef6\uff0c\u4f8b\u5982\u5b58\u50a8\u3001\u786c\u4ef6\u3001\u670d\u52a1\u5668\u548c\u7f51\u7edc\u7ec4\u4ef6\u3002\u670d\u52a1\u63d0\u4f9b\u5546\u62e5\u6709\u8bbe\u5907\uff0c\u5e76\u8d1f\u8d23\u8bbe\u5907\u7684\u5b89\u88c5\u3001\u64cd\u4f5c\u548c\u7ef4\u62a4\u3002\u5ba2\u6237\u901a\u5e38\u6309\u4f7f\u7528\u91cf\u4ed8\u8d39\u3002IaaS \u662f\u4e00\u79cd\u63d0\u4f9b\u4e91\u670d\u52a1\u7684\u6a21\u578b\u3002 Ingress \u8fc7\u6ee4 \u7b5b\u9009\u4f20\u5165\u7f51\u7edc\u6d41\u91cf\u7684\u8fc7\u7a0b\u3002\u7531\u8ba1\u7b97\u652f\u6301\u3002 INI \u683c\u5f0f OpenStack \u914d\u7f6e\u6587\u4ef6\u4f7f\u7528 INI \u683c\u5f0f\u6765\u63cf\u8ff0\u9009\u9879\u53ca\u5176\u503c\u3002\u5b83\u7531\u90e8\u5206\u548c\u952e\u503c\u5bf9\u7ec4\u6210\u3002 \u6ce8\u5165 \u5728\u542f\u52a8\u5b9e\u4f8b\u4e4b\u524d\u5c06\u6587\u4ef6\u653e\u5165\u865a\u62df\u673a\u6620\u50cf\u7684\u8fc7\u7a0b\u3002 \u6bcf\u79d2\u8f93\u5165/\u8f93\u51fa\u64cd\u4f5c\u6570 \uff08IOPS\uff09 IOPS \u662f\u4e00\u79cd\u5e38\u89c1\u7684\u6027\u80fd\u5ea6\u91cf\uff0c\u7528\u4e8e\u5bf9\u8ba1\u7b97\u673a\u5b58\u50a8\u8bbe\u5907\uff08\u5982\u786c\u76d8\u9a71\u52a8\u5668\u3001\u56fa\u6001\u9a71\u52a8\u5668\u548c\u5b58\u50a8\u533a\u57df\u7f51\u7edc\uff09\u8fdb\u884c\u57fa\u51c6\u6d4b\u8bd5\u3002 \u5b9e\u4f8b \u6b63\u5728\u8fd0\u884c\u7684 VM \u6216\u5904\u4e8e\u5df2\u77e5\u72b6\u6001\uff08\u5982\u6302\u8d77\uff09\u7684 VM\uff0c\u53ef\u4ee5\u50cf\u786c\u4ef6\u670d\u52a1\u5668\u4e00\u6837\u4f7f\u7528\u3002 \u5b9e\u4f8bID \u4f8b\u5982UUID\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u5b9e\u4f8b\u72b6\u6001 \u6765\u5bbe\u865a\u62df\u673a\u6620\u50cf\u7684\u5f53\u524d\u72b6\u6001\u3002 \u5b9e\u4f8b\u96a7\u9053\u7f51\u7edc \u7528\u4e8e\u8ba1\u7b97\u8282\u70b9\u548c\u7f51\u7edc\u8282\u70b9\u4e4b\u95f4\u7684\u5b9e\u4f8b\u6d41\u91cf\u96a7\u9053\u7684\u7f51\u6bb5\u3002 \u5b9e\u4f8b\u7c7b\u578b \u63cf\u8ff0\u53ef\u4f9b\u7528\u6237\u4f7f\u7528\u7684\u5404\u79cd\u865a\u62df\u673a\u6620\u50cf\u7684\u53c2\u6570;\u5305\u62ec CPU\u3001\u5b58\u50a8\u548c\u5185\u5b58\u7b49\u53c2\u6570\u3002\u98ce\u5473\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u5b9e\u4f8b\u7c7b\u578b ID \u7279\u5b9a\u5b9e\u4f8b ID \u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u5b9e\u4f8b UUID \u5206\u914d\u7ed9\u6bcf\u4e2a\u6765\u5bbe VM \u5b9e\u4f8b\u7684\u552f\u4e00 ID\u3002 \u667a\u80fd\u5e73\u53f0\u7ba1\u7406\u63a5\u53e3\uff08IPMI\uff09 IPMI \u662f\u7cfb\u7edf\u7ba1\u7406\u5458\u7528\u4e8e\u8ba1\u7b97\u673a\u7cfb\u7edf\u5e26\u5916\u7ba1\u7406\u548c\u76d1\u63a7\u5176\u64cd\u4f5c\u7684\u6807\u51c6\u5316\u8ba1\u7b97\u673a\u7cfb\u7edf\u63a5\u53e3\u3002\u901a\u4fd7\u5730\u8bf4\uff0c\u5b83\u662f\u4e00\u79cd\u4f7f\u7528\u76f4\u63a5\u7f51\u7edc\u8fde\u63a5\u7ba1\u7406\u8ba1\u7b97\u673a\u7684\u65b9\u6cd5\uff0c\u65e0\u8bba\u5b83\u662f\u5426\u6253\u5f00;\u8fde\u63a5\u5230\u786c\u4ef6\uff0c\u800c\u4e0d\u662f\u64cd\u4f5c\u7cfb\u7edf\u6216\u767b\u5f55 shell\u3002 \u63a5\u53e3 \u63d0\u4f9b\u4e0e\u5176\u4ed6\u8bbe\u5907\u6216\u4ecb\u8d28\u7684\u8fde\u63a5\u7684\u7269\u7406\u6216\u865a\u62df\u8bbe\u5907\u3002 \u63a5\u53e3 ID UUID \u5f62\u5f0f\u7684\u7f51\u7edc VIF \u6216 vNIC \u7684\u552f\u4e00 ID\u3002 \u4e92\u8054\u7f51\u63a7\u5236\u6d88\u606f\u534f\u8bae \uff08ICMP\uff09 \u7f51\u7edc\u8bbe\u5907\u7528\u4e8e\u63a7\u5236\u6d88\u606f\u7684\u7f51\u7edc\u534f\u8bae\u3002\u4f8b\u5982\uff0cping \u4f7f\u7528 ICMP \u6765\u6d4b\u8bd5\u8fde\u63a5\u3002 \u4e92\u8054\u7f51\u534f\u8bae \uff08IP\uff09 Internet \u534f\u8bae\u5957\u4ef6\u4e2d\u7684\u4e3b\u8981\u901a\u4fe1\u534f\u8bae\uff0c\u7528\u4e8e\u8de8\u7f51\u7edc\u8fb9\u754c\u4e2d\u7ee7\u6570\u636e\u62a5\u3002 \u4e92\u8054\u7f51\u670d\u52a1\u63d0\u4f9b\u5546 \uff08ISP\uff09 \u4efb\u4f55\u5411\u4e2a\u4eba\u6216\u4f01\u4e1a\u63d0\u4f9b\u4e92\u8054\u7f51\u8bbf\u95ee\u7684\u4f01\u4e1a\u3002 \u4e92\u8054\u7f51\u5c0f\u578b\u8ba1\u7b97\u673a\u7cfb\u7edf\u63a5\u53e3\uff08iSCSI\uff09 \u5c01\u88c5 SCSI \u5e27\u4ee5\u901a\u8fc7 IP \u7f51\u7edc\u4f20\u8f93\u7684\u5b58\u50a8\u534f\u8bae\u3002\u53d7\u8ba1\u7b97\u3001\u5bf9\u8c61\u5b58\u50a8\u548c\u955c\u50cf\u670d\u52a1\u652f\u6301\u3002 IO \u8f93\u5165\u548c\u8f93\u51fa\u7684\u7f29\u5199\u3002 IP \u5730\u5740 Internet \u4e0a\u6bcf\u4e2a\u8ba1\u7b97\u673a\u7cfb\u7edf\u552f\u4e00\u7684\u7f16\u53f7\u3002\u5730\u5740\u4f7f\u7528\u4e86\u4e24\u4e2a\u7248\u672c\u7684 Internet \u534f\u8bae \uff08IP\uff09\uff1aIPv4 \u548c IPv6\u3002 IP \u5730\u5740\u7ba1\u7406 \uff08IPAM\uff09 \u81ea\u52a8\u6267\u884c IP \u5730\u5740\u5206\u914d\u3001\u89e3\u9664\u5206\u914d\u548c\u7ba1\u7406\u7684\u8fc7\u7a0b\u3002\u76ee\u524d\u7531 Compute\u3001melange \u548c Networking \u63d0\u4f9b\u3002 ip6tables \u7528\u4e8e\u5728 Linux \u5185\u6838\u4e2d\u8bbe\u7f6e\u3001\u7ef4\u62a4\u548c\u68c0\u67e5 IPv6 \u6570\u636e\u5305\u8fc7\u6ee4\u89c4\u5219\u8868\u7684\u5de5\u5177\u3002\u5728 OpenStack \u8ba1\u7b97\u4e2d\uff0cip6tables \u4e0e arptables\u3001ebtables \u548c iptables \u4e00\u8d77\u4f7f\u7528\uff0c\u4e3a\u8282\u70b9\u548c\u865a\u62df\u673a\u521b\u5efa\u9632\u706b\u5899\u3002 ipset \u5bf9 iptables \u7684\u6269\u5c55\uff0c\u5141\u8bb8\u521b\u5efa\u540c\u65f6\u5339\u914d\u6574\u4e2a IP \u5730\u5740\u201c\u96c6\u201d\u7684\u9632\u706b\u5899\u89c4\u5219\u3002\u8fd9\u4e9b\u96c6\u9a7b\u7559\u5728\u7d22\u5f15\u6570\u636e\u7ed3\u6784\u4e2d\u4ee5\u63d0\u9ad8\u6548\u7387\uff0c\u5c24\u5176\u662f\u5728\u5177\u6709\u5927\u91cf\u89c4\u5219\u7684\u7cfb\u7edf\u4e0a\u3002 iptables iptables \u4e0e arptables \u548c ebtables \u4e00\u8d77\u4f7f\u7528\uff0c\u53ef\u5728 Compute \u4e2d\u521b\u5efa\u9632\u706b\u5899\u3002iptables \u662f Linux \u5185\u6838\u9632\u706b\u5899\uff08\u4f5c\u4e3a\u4e0d\u540c\u7684 Netfilter \u6a21\u5757\u5b9e\u73b0\uff09\u63d0\u4f9b\u7684\u8868\u53ca\u5176\u5b58\u50a8\u7684\u94fe\u548c\u89c4\u5219\u3002\u76ee\u524d\u4e0d\u540c\u7684\u5185\u6838\u6a21\u5757\u548c\u7a0b\u5e8f\u7528\u4e8e\u4e0d\u540c\u7684\u534f\u8bae\uff1aiptables \u9002\u7528\u4e8e IPv4\uff0cip6tables \u9002\u7528\u4e8e IPv6\uff0carptables \u9002\u7528\u4e8e ARP\uff0cebtables \u7528\u4e8e\u4ee5\u592a\u7f51\u5e27\u3002\u9700\u8981 root \u6743\u9650\u624d\u80fd\u64cd\u4f5c\u3002 ironic \u88f8\u673a\u670d\u52a1\u7684\u4ee3\u53f7\u3002 iSCSI \u9650\u5b9a\u540d\u79f0 \uff08IQN\uff09 IQN \u662f\u6700\u5e38\u7528\u7684 iSCSI \u540d\u79f0\u683c\u5f0f\uff0c\u7528\u4e8e\u552f\u4e00\u6807\u8bc6 iSCSI \u7f51\u7edc\u4e2d\u7684\u8282\u70b9\u3002\u6240\u6709 IQN \u90fd\u9075\u5faa iqn.yyyy-mm.domain\uff1aidentifier \u6a21\u5f0f\uff0c\u5176\u4e2d\u201cyyyy-mm\u201d\u662f\u57df\u540d\u6ce8\u518c\u7684\u5e74\u4efd\u548c\u6708\u4efd\uff0c\u201cdomain\u201d\u662f\u9881\u53d1\u7ec4\u7ec7\u7684\u53cd\u5411\u57df\u540d\uff0c\u201cidentifier\u201d\u662f\u4e00\u4e2a\u53ef\u9009\u5b57\u7b26\u4e32\uff0c\u4f7f\u540c\u4e00\u57df\u540d\u4e0b\u7684\u6bcf\u4e2a IQN \u90fd\u662f\u552f\u4e00\u7684\u3002\u4f8b\u5982\uff0c\u201ciqn.2015-10.org.openstack.408ae959bce1\u201d\u3002 ISO9660 \u955c\u50cf\u670d\u52a1\u652f\u6301\u7684\u865a\u62df\u673a\u955c\u50cf\u78c1\u76d8\u683c\u5f0f\u4e4b\u4e00\u3002 ITSEC \u51fd\u6570 \u8ba1\u7b97 RBAC \u7cfb\u7edf\u4e2d\u7684\u9ed8\u8ba4\u89d2\u8272\uff0c\u53ef\u4ee5\u9694\u79bb\u4efb\u4f55\u9879\u76ee\u4e2d\u7684\u5b9e\u4f8b\u3002","title":"I"},{"location":"security/security-guide/#j","text":"Java \u4e00\u79cd\u7f16\u7a0b\u8bed\u8a00\uff0c\u7528\u4e8e\u521b\u5efa\u901a\u8fc7\u7f51\u7edc\u6d89\u53ca\u591a\u53f0\u8ba1\u7b97\u673a\u7684\u7cfb\u7edf\u3002 JavaScript \u4e00\u79cd\u7528\u4e8e\u751f\u6210\u7f51\u9875\u7684\u811a\u672c\u8bed\u8a00\u3002 JavaScript \u5bf9\u8c61\u8868\u793a\u6cd5 \uff08JSON\uff09 OpenStack \u4e2d\u652f\u6301\u7684\u54cd\u5e94\u683c\u5f0f\u4e4b\u4e00\u3002 \u6846\u67b6\u7684\u5f62\u72b6 \u73b0\u4ee3\u4ee5\u592a\u7f51\u7f51\u7edc\u4e2d\u7684\u529f\u80fd\uff0c\u652f\u6301\u9ad8\u8fbe\u7ea6 9000 \u5b57\u8282\u7684\u5e27\u3002 Juno OpenStack \u7b2c\u5341\u7248\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u7f8e\u56fd\u4f50\u6cbb\u4e9a\u5dde\u4e9a\u7279\u5170\u5927\u4e3e\u884c\uff0cJuno\u662f\u4f50\u6cbb\u4e9a\u5dde\u7684\u4e00\u4e2a\u975e\u6cd5\u4eba\u793e\u533a\u3002","title":"J"},{"location":"security/security-guide/#k","text":"Kerberos \u4e00\u79cd\u57fa\u4e8e\u7968\u8bc1\u7684\u7f51\u7edc\u8eab\u4efd\u9a8c\u8bc1\u534f\u8bae\u3002Kerberos \u5141\u8bb8\u8282\u70b9\u901a\u8fc7\u975e\u5b89\u5168\u7f51\u7edc\u8fdb\u884c\u901a\u4fe1\uff0c\u5e76\u5141\u8bb8\u8282\u70b9\u4ee5\u5b89\u5168\u7684\u65b9\u5f0f\u76f8\u4e92\u8bc1\u660e\u5176\u8eab\u4efd\u3002 \u57fa\u4e8e\u5185\u6838\u7684\u865a\u62df\u673a \uff08KVM\uff09 \u652f\u6301 OpenStack \u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002KVM \u662f\u9002\u7528\u4e8e Linux on x86 \u786c\u4ef6\u7684\u5b8c\u6574\u865a\u62df\u5316\u89e3\u51b3\u65b9\u6848\uff0c\u5305\u542b\u865a\u62df\u5316\u6269\u5c55\uff08Intel VT \u6216 AMD-V\uff09\u3001ARM\u3001IBM Power \u548c IBM zSeries\u3002\u5b83\u7531\u4e00\u4e2a\u53ef\u52a0\u8f7d\u7684\u5185\u6838\u6a21\u5757\u7ec4\u6210\uff0c\u8be5\u6a21\u5757\u63d0\u4f9b\u6838\u5fc3\u865a\u62df\u5316\u57fa\u7840\u67b6\u6784\u548c\u7279\u5b9a\u4e8e\u5904\u7406\u5668\u7684\u6a21\u5757\u3002 \u5bc6\u94a5\u7ba1\u7406\u5668\u670d\u52a1\uff08barbican\uff09 \u8be5\u9879\u76ee\u4ea7\u751f\u4e00\u4e2a\u79d8\u5bc6\u5b58\u50a8\u548c\u751f\u6210\u7cfb\u7edf\uff0c\u80fd\u591f\u4e3a\u5e0c\u671b\u542f\u7528\u52a0\u5bc6\u529f\u80fd\u7684\u670d\u52a1\u63d0\u4f9b\u5bc6\u94a5\u7ba1\u7406\u3002 keystone Identity \u670d\u52a1\u7684\u4ee3\u53f7\u3002 \u5feb\u901f\u542f\u52a8 \u7528\u4e8e\u5728\u57fa\u4e8e Red Hat\u3001Fedora \u548c CentOS \u7684 Linux \u53d1\u884c\u7248\u4e0a\u81ea\u52a8\u8fdb\u884c\u7cfb\u7edf\u914d\u7f6e\u548c\u5b89\u88c5\u7684\u5de5\u5177\u3002 Kilo OpenStack \u7b2c 11 \u7248\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u6cd5\u56fd\u5df4\u9ece\u4e3e\u884c\u3002\u7531\u4e8e\u540d\u79f0\u9009\u62e9\u7684\u5ef6\u8fdf\uff0c\u8be5\u7248\u672c\u4ec5\u88ab\u79f0\u4e3a K\u3002\u7531\u4e8e k kilo \u662f\u5355\u4f4d\u7b26\u53f7\uff0c\u800c kilogram \u53c2\u8003\u5de5\u4ef6\u5b58\u653e\u5728\u5df4\u9ece\u9644\u8fd1\u7684\u585e\u592b\u5c14 Pavillon de Breteuil \u4e2d\uff0c\u56e0\u6b64\u793e\u533a\u9009\u62e9\u4e86 Kilo \u4f5c\u4e3a\u7248\u672c\u540d\u79f0\u3002 L \u5927\u5bf9\u8c61 Object Storage \u4e2d\u5927\u4e8e 5 GB \u7684\u5bf9\u8c61\u3002 \u542f\u52a8\u677f OpenStack \u7684\u534f\u4f5c\u7ad9\u70b9\u3002 \u4e8c\u5c42\uff08L2\uff09\u4ee3\u7406 \u4e3a\u865a\u62df\u7f51\u7edc\u63d0\u4f9b\u7b2c 2 \u5c42\u8fde\u63a5\u7684 OpenStack Networking \u4ee3\u7406\u3002 \u4e8c\u5c42\u7f51\u7edc OSI \u7f51\u7edc\u4f53\u7cfb\u7ed3\u6784\u4e2d\u7528\u4e8e\u6570\u636e\u94fe\u8def\u5c42\u7684\u672f\u8bed\u3002\u6570\u636e\u94fe\u8def\u5c42\u8d1f\u8d23\u5a92\u4f53\u8bbf\u95ee\u63a7\u5236\u3001\u6d41\u91cf\u63a7\u5236\u4ee5\u53ca\u68c0\u6d4b\u548c\u7ea0\u6b63\u7269\u7406\u5c42\u4e2d\u53ef\u80fd\u53d1\u751f\u7684\u9519\u8bef\u3002 \u4e09\u5c42 \uff08L3\uff09 \u4ee3\u7406 OpenStack Networking \u4ee3\u7406\uff0c\u4e3a\u865a\u62df\u7f51\u7edc\u63d0\u4f9b\u7b2c 3 \u5c42\uff08\u8def\u7531\uff09\u670d\u52a1\u3002 \u4e09\u5c42\u7f51\u7edc \u5728 OSI \u7f51\u7edc\u4f53\u7cfb\u7ed3\u6784\u4e2d\u7528\u4e8e\u7f51\u7edc\u5c42\u7684\u672f\u8bed\u3002\u7f51\u7edc\u5c42\u8d1f\u8d23\u6570\u636e\u5305\u8f6c\u53d1\uff0c\u5305\u62ec\u4ece\u4e00\u4e2a\u8282\u70b9\u5230\u53e6\u4e00\u4e2a\u8282\u70b9\u7684\u8def\u7531\u3002 Liberty OpenStack \u7b2c 12 \u7248\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u52a0\u62ff\u5927\u6e29\u54e5\u534e\u4e3e\u884c\uff0cLiberty\u662f\u52a0\u62ff\u5927\u8428\u65af\u5580\u5f7b\u6e29\u7701\u4e00\u4e2a\u6751\u5e84\u7684\u540d\u5b57\u3002 libvirt OpenStack \u7528\u6765\u4e0e\u8bb8\u591a\u53d7\u652f\u6301\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u8fdb\u884c\u4ea4\u4e92\u7684\u865a\u62df\u5316 API \u5e93\u3002 \u8f7b\u91cf\u7ea7\u76ee\u5f55\u8bbf\u95ee\u534f\u8bae \uff08LDAP\uff09 \u7528\u4e8e\u901a\u8fc7 IP \u7f51\u7edc\u8bbf\u95ee\u548c\u7ef4\u62a4\u5206\u5e03\u5f0f\u76ee\u5f55\u4fe1\u606f\u670d\u52a1\u7684\u5e94\u7528\u7a0b\u5e8f\u534f\u8bae\u3002 Linux \u64cd\u4f5c\u7cfb\u7edf \u7c7bUnix\u8ba1\u7b97\u673a\u64cd\u4f5c\u7cfb\u7edf\uff0c\u5728\u81ea\u7531\u548c\u5f00\u6e90\u8f6f\u4ef6\u5f00\u53d1\u548c\u5206\u53d1\u7684\u6a21\u5f0f\u4e0b\u7ec4\u88c5\u3002 Linux\u6865\u63a5 \u4f7f\u591a\u4e2a VM \u80fd\u591f\u5728\u8ba1\u7b97\u4e2d\u5171\u4eab\u5355\u4e2a\u7269\u7406 NIC \u7684\u8f6f\u4ef6\u3002 Linux Bridge neutron \u63d2\u4ef6 \u4f7f Linux \u7f51\u6865\u80fd\u591f\u7406\u89e3\u7f51\u7edc\u7aef\u53e3\u3001\u63a5\u53e3\u8fde\u63a5\u548c\u5176\u4ed6\u62bd\u8c61\u3002 Linux \u5bb9\u5668 \uff08LXC\uff09 \u652f\u6301 OpenStack \u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002 \u5b9e\u65f6\u8fc1\u79fb \u8ba1\u7b97\u4e2d\u80fd\u591f\u5c06\u6b63\u5728\u8fd0\u884c\u7684\u865a\u62df\u673a\u5b9e\u4f8b\u4ece\u4e00\u53f0\u4e3b\u673a\u79fb\u52a8\u5230\u53e6\u4e00\u53f0\u4e3b\u673a\uff0c\u5728\u5207\u6362\u671f\u95f4\u4ec5\u53d1\u751f\u5c11\u91cf\u670d\u52a1\u4e2d\u65ad\u3002 \u8d1f\u8f7d\u5747\u8861\u5668 \u8d1f\u8f7d\u5747\u8861\u5668\u662f\u5c5e\u4e8e\u4e91\u5e10\u6237\u7684\u903b\u8f91\u8bbe\u5907\u3002\u5b83\u7528\u4e8e\u6839\u636e\u5b9a\u4e49\u4e3a\u5176\u914d\u7f6e\u4e00\u90e8\u5206\u7684\u6761\u4ef6\u5728\u591a\u4e2a\u540e\u7aef\u7cfb\u7edf\u6216\u670d\u52a1\u4e4b\u95f4\u5206\u914d\u5de5\u4f5c\u8d1f\u8f7d\u3002 \u8d1f\u8f7d\u5747\u8861 \u5728\u4e24\u4e2a\u6216\u591a\u4e2a\u8282\u70b9\u4e4b\u95f4\u5206\u6563\u5ba2\u6237\u7aef\u8bf7\u6c42\u4ee5\u63d0\u9ad8\u6027\u80fd\u548c\u53ef\u7528\u6027\u7684\u8fc7\u7a0b\u3002 \u8d1f\u8f7d\u5747\u8861\u5668\u5373\u670d\u52a1\uff08LBaaS\uff09 \u4f7f\u7f51\u7edc\u80fd\u591f\u5728\u6307\u5b9a\u5b9e\u4f8b\u4e4b\u95f4\u5747\u5300\u5206\u914d\u4f20\u5165\u8bf7\u6c42\u3002 \u8d1f\u8f7d\u5747\u8861\u670d\u52a1\uff08octavia\uff09 \u8be5\u9879\u76ee\u65e8\u5728\u4ee5\u4e0e\u6280\u672f\u65e0\u5173\u7684\u65b9\u5f0f\u63d0\u4f9b\u5bf9\u8d1f\u8f7d\u5747\u8861\u5668\u670d\u52a1\u7684\u53ef\u6269\u5c55\u3001\u6309\u9700\u3001\u81ea\u52a9\u670d\u52a1\u8bbf\u95ee\u3002 \u903b\u8f91\u5377\u7ba1\u7406\u5668 \uff08LVM\uff09 \u63d0\u4f9b\u4e00\u79cd\u5728\u5927\u5bb9\u91cf\u5b58\u50a8\u8bbe\u5907\u4e0a\u5206\u914d\u7a7a\u95f4\u7684\u65b9\u6cd5\uff0c\u8be5\u65b9\u6cd5\u6bd4\u4f20\u7edf\u7684\u5206\u533a\u65b9\u6848\u66f4\u7075\u6d3b\u3002","title":"K"},{"location":"security/security-guide/#m","text":"magnum \u5bb9\u5668\u57fa\u7840\u7ed3\u6784\u7ba1\u7406\u670d\u52a1\u7684\u4ee3\u53f7\u3002 \u7ba1\u7406 API \u7ba1\u7406 API \u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u7ba1\u7406\u7f51\u7edc \u7528\u4e8e\u7ba1\u7406\u7684\u7f51\u6bb5\uff0c\u516c\u5171 Internet \u65e0\u6cd5\u8bbf\u95ee\u3002 \u7ba1\u7406\u5668 \u76f8\u5173\u4ee3\u7801\u7684\u903b\u8f91\u5206\u7ec4\uff0c\u4f8b\u5982\u5757\u5b58\u50a8\u5377\u7ba1\u7406\u5668\u6216\u7f51\u7edc\u7ba1\u7406\u5668\u3002 \u6e05\u5355 \u7528\u4e8e\u8ddf\u8e2a\u5bf9\u8c61\u5b58\u50a8\u4e2d\u5927\u578b\u5bf9\u8c61\u7684\u6bb5\u3002 manifest \u5bf9\u8c61 \u4e00\u4e2a\u7279\u6b8a\u7684\u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61\uff0c\u5176\u4e2d\u5305\u542b\u5927\u578b\u5bf9\u8c61\u7684\u6e05\u5355\u3002 manila OpenStack \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u7684\u4ee3\u53f7\u3002 manila\u5206\u4eab \u8d1f\u8d23\u7ba1\u7406\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u8bbe\u5907\uff0c\u7279\u522b\u662f\u540e\u7aef\u8bbe\u5907\u3002 \u6700\u5927\u4f20\u8f93\u5355\u5143 \uff08MTU\uff09 \u7279\u5b9a\u7f51\u7edc\u4ecb\u8d28\u7684\u6700\u5927\u5e27\u6216\u6570\u636e\u5305\u5927\u5c0f\u3002\u4ee5\u592a\u7f51\u901a\u5e38\u4e3a 1500 \u5b57\u8282\u3002 \u673a\u5236\u9a71\u52a8 \u7a0b\u5e8f \u6a21\u5757\u5316\u7b2c 2 \u5c42 \uff08ML2\uff09 neutron \u63d2\u4ef6\u7684\u9a71\u52a8\u7a0b\u5e8f\uff0c\u4e3a\u865a\u62df\u5b9e\u4f8b\u63d0\u4f9b\u7b2c 2 \u5c42\u8fde\u63a5\u3002\u5355\u4e2a OpenStack \u5b89\u88c5\u53ef\u4ee5\u4f7f\u7528\u591a\u4e2a\u673a\u5236\u9a71\u52a8\u7a0b\u5e8f\u3002 melange OpenStack Network Information Service \u7684\u9879\u76ee\u540d\u79f0\u3002\u5c06\u4e0e\u7f51\u7edc\u5408\u5e76\u3002 \u6210\u5458\u5173\u7cfb \u955c\u50cf\u670d\u52a1\u865a\u62df\u673a\u955c\u50cf\u4e0e\u9879\u76ee\u4e4b\u95f4\u7684\u5173\u8054\u3002\u5141\u8bb8\u4e0e\u6307\u5b9a\u9879\u76ee\u5171\u4eab\u56fe\u50cf\u3002 \u6210\u5458\u5217\u8868 \u53ef\u4ee5\u5728\u6620\u50cf\u670d\u52a1\u4e2d\u8bbf\u95ee\u7ed9\u5b9a VM \u6620\u50cf\u7684\u9879\u76ee\u5217\u8868\u3002 \u5185\u5b58\u7f13\u5b58 \u5bf9\u8c61\u5b58\u50a8\u7528\u4e8e\u7f13\u5b58\u7684\u5206\u5e03\u5f0f\u5185\u5b58\u5bf9\u8c61\u7f13\u5b58\u7cfb\u7edf\u3002 \u5185\u5b58\u8fc7\u91cf\u5206\u914d \u80fd\u591f\u6839\u636e\u4e3b\u673a\u7684\u5b9e\u9645\u5185\u5b58\u4f7f\u7528\u60c5\u51b5\u542f\u52a8\u65b0\u7684 VM \u5b9e\u4f8b\uff0c\u800c\u4e0d\u662f\u6839\u636e\u6bcf\u4e2a\u6b63\u5728\u8fd0\u884c\u7684\u5b9e\u4f8b\u8ba4\u4e3a\u5176\u53ef\u7528\u7684 RAM \u91cf\u6765\u505a\u51fa\u51b3\u5b9a\u3002\u4e5f\u79f0\u4e3a RAM \u8fc7\u91cf\u4f7f\u7528\u3002 \u6d88\u606f\u4ee3\u7406 \u7528\u4e8e\u5728\u8ba1\u7b97\u4e2d\u63d0\u4f9b AMQP \u6d88\u606f\u4f20\u9012\u529f\u80fd\u7684\u8f6f\u4ef6\u5305\u3002\u9ed8\u8ba4\u5305\u4e3a RabbitMQ\u3002 \u6d88\u606f\u603b\u7ebf \u6240\u6709 AMQP \u6d88\u606f\u7528\u4e8e\u8ba1\u7b97\u4e2d\u7684\u4e91\u95f4\u901a\u4fe1\u7684\u4e3b\u8981\u865a\u62df\u901a\u4fe1\u7ebf\u8def\u3002 \u6d88\u606f\u961f\u5217 \u5c06\u6765\u81ea\u5ba2\u6237\u7aef\u7684\u8bf7\u6c42\u4f20\u9012\u7ed9\u76f8\u5e94\u7684\u5de5\u4f5c\u7ebf\u7a0b\uff0c\u5e76\u5728\u4f5c\u4e1a\u5b8c\u6210\u540e\u5c06\u8f93\u51fa\u8fd4\u56de\u7ed9\u5ba2\u6237\u7aef\u3002 \u6d88\u606f\u670d\u52a1 \uff08zaqar\uff09 \u8be5\u9879\u76ee\u63d0\u4f9b\u6d88\u606f\u4f20\u9012\u670d\u52a1\uff0c\u8be5\u670d\u52a1\u4ee5\u9ad8\u6548\u3001\u53ef\u6269\u5c55\u548c\u9ad8\u5ea6\u53ef\u7528\u7684\u65b9\u5f0f\u63d0\u4f9b\u5404\u79cd\u5206\u5e03\u5f0f\u5e94\u7528\u7a0b\u5e8f\u6a21\u5f0f\uff0c\u5e76\u521b\u5efa\u548c\u7ef4\u62a4\u5173\u8054\u7684 Python \u5e93\u548c\u6587\u6863\u3002 \u5143\u6570\u636e\u670d\u52a1\u5668 \uff08MDS\uff09 \u5b58\u50a8 CephFS \u5143\u6570\u636e\u3002 \u5143\u6570\u636e\u4ee3\u7406 \u4e3a\u5b9e\u4f8b\u63d0\u4f9b\u5143\u6570\u636e\u670d\u52a1\u7684 OpenStack Networking \u4ee3\u7406\u3002 \u8fc1\u79fb \u5c06 VM \u5b9e\u4f8b\u4ece\u4e00\u53f0\u4e3b\u673a\u79fb\u52a8\u5230\u53e6\u4e00\u53f0\u4e3b\u673a\u7684\u8fc7\u7a0b\u3002 mistral \u5de5\u4f5c\u6d41\u670d\u52a1\u7684\u4ee3\u53f7\u3002 Mitaka OpenStack \u7b2c 13 \u7248\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u65e5\u672c\u4e1c\u4eac\u4e3e\u884c\u3002Mitaka\u662f\u4e1c\u4eac\u7684\u4e00\u5ea7\u57ce\u5e02\u3002 \u6a21\u5757\u5316\u7b2c 2 \u5c42 \uff08ML2\uff09neutron\u63d2\u4ef6 \u53ef\u4ee5\u5728\u7f51\u7edc\u4e2d\u540c\u65f6\u4f7f\u7528\u591a\u79cd\u4e8c\u5c42\u7f51\u7edc\u6280\u672f\uff0c\u5982802.1Q\u548cVXLAN\u3002 monasca OpenStack \u76d1\u63a7\u7684\u4ee3\u53f7\u3002 \u76d1\u63a7 \uff08LBaaS\uff09 LBaaS \u529f\u80fd\uff0c\u4f7f\u7528 ping \u547d\u4ee4\u3001TCP \u548c HTTP/HTTPS GET \u63d0\u4f9b\u53ef\u7528\u6027\u76d1\u63a7\u3002 \u76d1\u89c6\u5668 \uff08Mon\uff09 \u4e00\u4e2a Ceph \u7ec4\u4ef6\uff0c\u7528\u4e8e\u4e0e\u5916\u90e8\u5ba2\u6237\u7aef\u901a\u4fe1\u3001\u68c0\u67e5\u6570\u636e\u72b6\u6001\u548c\u4e00\u81f4\u6027\u4ee5\u53ca\u6267\u884c\u4ef2\u88c1\u529f\u80fd\u3002 \u76d1\u63a7 \uff08monasca\uff09 OpenStack \u670d\u52a1\uff0c\u4e3a\u6307\u6807\u3001\u590d\u6742\u4e8b\u4ef6\u5904\u7406\u548c\u65e5\u5fd7\u8bb0\u5f55\u63d0\u4f9b\u591a\u9879\u76ee\u3001\u9ad8\u5ea6\u53ef\u6269\u5c55\u3001\u9ad8\u6027\u80fd\u3001\u5bb9\u9519\u7684\u76d1\u63a7\u5373\u670d\u52a1\u89e3\u51b3\u65b9\u6848\u3002\u4e3a\u9ad8\u7ea7\u76d1\u63a7\u670d\u52a1\u6784\u5efa\u4e00\u4e2a\u53ef\u6269\u5c55\u7684\u5e73\u53f0\uff0c\u8fd0\u8425\u5546\u548c\u9879\u76ee\u90fd\u53ef\u4ee5\u4f7f\u7528\u8be5\u5e73\u53f0\u6765\u83b7\u5f97\u8fd0\u8425\u6d1e\u5bdf\u529b\u548c\u53ef\u89c1\u6027\uff0c\u786e\u4fdd\u53ef\u7528\u6027\u548c\u7a33\u5b9a\u6027\u3002 \u591a\u4e91\u8ba1\u7b97 \u5728\u5355\u4e2a\u7f51\u7edc\u67b6\u6784\u4e2d\u4f7f\u7528\u591a\u79cd\u4e91\u8ba1\u7b97\u548c\u5b58\u50a8\u670d\u52a1\u3002 \u591a\u4e91 SDK \u63d0\u4f9b\u591a\u4e91\u62bd\u8c61\u5c42\u5e76\u5305\u542b\u5bf9 OpenStack \u7684\u652f\u6301\u7684 SDK\u3002\u8fd9\u4e9b SDK \u975e\u5e38\u9002\u5408\u7f16\u5199\u9700\u8981\u4f7f\u7528\u591a\u79cd\u7c7b\u578b\u7684\u4e91\u63d0\u4f9b\u5546\u7684\u5e94\u7528\u7a0b\u5e8f\uff0c\u4f46\u53ef\u80fd\u4f1a\u516c\u5f00\u4e00\u7ec4\u66f4\u6709\u9650\u7684\u529f\u80fd\u3002 \u591a\u56e0\u7d20\u8eab\u4efd\u9a8c\u8bc1 \u4f7f\u7528\u4e24\u4e2a\u6216\u591a\u4e2a\u51ed\u636e\uff08\u5982\u5bc6\u7801\u548c\u79c1\u94a5\uff09\u7684\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u3002\u76ee\u524d\u5728 Identity \u4e2d\u4e0d\u53d7\u652f\u6301\u3002 \u591a\u4e3b\u673a \u4f20\u7edf \uff08nova\uff09 \u7f51\u7edc\u7684\u9ad8\u53ef\u7528\u6027\u6a21\u5f0f\u3002\u6bcf\u4e2a\u8ba1\u7b97\u8282\u70b9\u5904\u7406 NAT \u548c DHCP\uff0c\u5e76\u5145\u5f53\u5176\u4e0a\u6240\u6709 VM \u7684\u7f51\u5173\u3002\u4e00\u4e2a\u8ba1\u7b97\u8282\u70b9\u4e0a\u7684\u7f51\u7edc\u6545\u969c\u4e0d\u4f1a\u5f71\u54cd\u5176\u4ed6\u8ba1\u7b97\u8282\u70b9\u4e0a\u7684 VM\u3002 multinic \u51fd\u6570 \u8ba1\u7b97\u4e2d\u7684\u5de5\u5177\uff0c\u5141\u8bb8\u6bcf\u4e2a\u865a\u62df\u673a\u5b9e\u4f8b\u8fde\u63a5\u591a\u4e2a VIF\u3002 murano \u5e94\u7528\u7a0b\u5e8f\u76ee\u5f55\u670d\u52a1\u7684\u4ee3\u53f7\u3002","title":"M"},{"location":"security/security-guide/#n","text":"Nebula NASA \u4e8e 2010 \u5e74\u4ee5\u5f00\u6e90\u5f62\u5f0f\u53d1\u5e03\uff0c\u662f Compute \u7684\u57fa\u7840\u3002 \u7f51\u7edc\u7ba1\u7406\u5458 \u8ba1\u7b97 RBAC \u7cfb\u7edf\u4e2d\u7684\u9ed8\u8ba4\u89d2\u8272\u4e4b\u4e00\u3002\u5141\u8bb8\u7528\u6237\u4e3a\u5b9e\u4f8b\u5206\u914d\u53ef\u516c\u5f00\u8bbf\u95ee\u7684 IP \u5730\u5740\u5e76\u66f4\u6539\u9632\u706b\u5899\u89c4\u5219\u3002 NetApp \u5377\u9a71\u52a8\u7a0b\u5e8f \u4f7f\u8ba1\u7b97\u80fd\u591f\u901a\u8fc7 NetApp OnCommand \u914d\u7f6e\u7ba1\u7406\u5668\u4e0e NetApp \u5b58\u50a8\u8bbe\u5907\u8fdb\u884c\u901a\u4fe1\u3002 \u7f51\u7edc \u5728\u5b9e\u4f53\u4e4b\u95f4\u63d0\u4f9b\u8fde\u63a5\u7684\u865a\u62df\u7f51\u7edc\u3002\u4f8b\u5982\uff0c\u5171\u4eab\u7f51\u7edc\u8fde\u63a5\u7684\u865a\u62df\u7aef\u53e3\u7684\u96c6\u5408\u3002\u5728\u7f51\u7edc\u672f\u8bed\u4e2d\uff0c\u7f51\u7edc\u59cb\u7ec8\u662f\u7b2c 2 \u5c42\u7f51\u7edc\u3002 \u7f51\u7edc\u5730\u5740\u8f6c\u6362 \uff08NAT\uff09 \u5728\u4f20\u8f93\u8fc7\u7a0b\u4e2d\u4fee\u6539 IP \u5730\u5740\u4fe1\u606f\u7684\u8fc7\u7a0b\u3002\u7531\u8ba1\u7b97\u548c\u7f51\u7edc\u652f\u6301\u3002 \u7f51\u7edc\u63a7\u5236\u5668 \u4e00\u4e2a\u8ba1\u7b97\u5b88\u62a4\u7a0b\u5e8f\uff0c\u7528\u4e8e\u534f\u8c03\u8282\u70b9\u7684\u7f51\u7edc\u914d\u7f6e\uff0c\u5305\u62ec IP \u5730\u5740\u3001VLAN \u548c\u6865\u63a5\u3002\u8fd8\u7ba1\u7406\u516c\u5171\u7f51\u7edc\u548c\u4e13\u7528\u7f51\u7edc\u7684\u8def\u7531\u3002 \u7f51\u7edc\u6587\u4ef6\u7cfb\u7edf \uff08NFS\uff09 \u4e00\u79cd\u4f7f\u6587\u4ef6\u7cfb\u7edf\u5728\u7f51\u7edc\u4e0a\u53ef\u7528\u7684\u65b9\u6cd5\u3002\u7531 OpenStack \u652f\u6301\u3002 \u7f51\u7edc ID \u5206\u914d\u7ed9\u7f51\u7edc\u4e2d\u6bcf\u4e2a\u7f51\u6bb5\u7684\u552f\u4e00 ID\u3002\u4e0e\u7f51\u7edc UUID \u76f8\u540c\u3002 \u7f51\u7edc\u7ba1\u7406\u5668 \u7528\u4e8e\u7ba1\u7406\u5404\u79cd\u7f51\u7edc\u7ec4\u4ef6\uff08\u5982\u9632\u706b\u5899\u89c4\u5219\u3001IP \u5730\u5740\u5206\u914d\u7b49\uff09\u7684\u8ba1\u7b97\u7ec4\u4ef6\u3002 \u7f51\u7edc\u547d\u540d\u7a7a\u95f4 Linux \u5185\u6838\u529f\u80fd\uff0c\u5728\u5355\u4e2a\u4e3b\u673a\u4e0a\u63d0\u4f9b\u72ec\u7acb\u7684\u865a\u62df\u7f51\u7edc\u5b9e\u4f8b\uff0c\u5177\u6709\u5355\u72ec\u7684\u8def\u7531\u8868\u548c\u63a5\u53e3\u3002\u7c7b\u4f3c\u4e8e\u7269\u7406\u7f51\u7edc\u8bbe\u5907\u4e0a\u7684\u865a\u62df\u8def\u7531\u548c\u8f6c\u53d1 \uff08VRF\uff09 \u670d\u52a1\u3002 \u7f51\u7edc\u8282\u70b9 \u8fd0\u884c Network Worker \u5b88\u62a4\u7a0b\u5e8f\u7684\u4efb\u4f55\u8ba1\u7b97\u8282\u70b9\u3002 \u7f51\u7edc\u6bb5 \u8868\u793a\u7f51\u7edc\u4e2d\u865a\u62df\u7684\u9694\u79bb OSI \u7b2c 2 \u5c42\u5b50\u7f51\u3002 \u7f51\u7edc\u670d\u52a1\u6807\u5934 \uff08NSH\uff09 \u63d0\u4f9b\u6cbf\u5b9e\u4f8b\u5316\u670d\u52a1\u8def\u5f84\u8fdb\u884c\u5143\u6570\u636e\u4ea4\u6362\u7684\u673a\u5236\u3002 \u7f51\u7edc\u65f6\u95f4\u534f\u8bae \uff08NTP\uff09 \u901a\u8fc7\u4e0e\u53ef\u4fe1\u3001\u51c6\u786e\u7684\u65f6\u95f4\u6e90\u901a\u4fe1\u6765\u4fdd\u6301\u4e3b\u673a\u6216\u8282\u70b9\u65f6\u949f\u6b63\u786e\u7684\u65b9\u6cd5\u3002 \u7f51\u7edc UUID \u7f51\u7edc\u7f51\u6bb5\u7684\u552f\u4e00 ID\u3002 \u7f51\u7edc\u5de5\u4f5c\u8fdb\u7a0b nova-network worker \u5b88\u62a4\u8fdb\u7a0b;\u63d0\u4f9b\u8bf8\u5982\u4e3a\u542f\u52a8\u7684 nova \u5b9e\u4f8b\u63d0\u4f9b IP \u5730\u5740\u7b49\u670d\u52a1\u3002 \u7f51\u7edc API\uff08Neutron API\uff09 \u7528\u4e8e\u8bbf\u95ee OpenStack Networking \u7684 API\u3002\u63d0\u4f9b\u53ef\u6269\u5c55\u7684\u4f53\u7cfb\u7ed3\u6784\u4ee5\u542f\u7528\u81ea\u5b9a\u4e49\u63d2\u4ef6\u521b\u5efa\u3002 \u7f51\u7edc\u670d\u52a1\uff08neutron\uff09 OpenStack \u9879\u76ee\uff0c\u5b83\u5b9e\u73b0\u4e86\u670d\u52a1\u548c\u76f8\u5173\u5e93\uff0c\u4ee5\u63d0\u4f9b\u6309\u9700\u3001\u53ef\u6269\u5c55\u4e14\u4e0e\u6280\u672f\u65e0\u5173\u7684\u7f51\u7edc\u62bd\u8c61\u3002 neutron OpenStack Networking \u670d\u52a1\u7684\u4ee3\u53f7\u3002 neutron API \u7f51\u7edc API \u7684\u66ff\u4ee3\u540d\u79f0\u3002 Neutron \u7ba1\u7406\u5668 \u542f\u7528\u8ba1\u7b97\u548c\u7f51\u7edc\u96c6\u6210\uff0c\u4f7f\u7f51\u7edc\u80fd\u591f\u5bf9\u6765\u5bbe VM \u6267\u884c\u7f51\u7edc\u7ba1\u7406\u3002 Neutron \u63d2\u4ef6 \u7f51\u7edc\u4e2d\u7684\u63a5\u53e3\uff0c\u4f7f\u7ec4\u7ec7\u80fd\u591f\u4e3a\u9ad8\u7ea7\u529f\u80fd\uff08\u5982 QoS\u3001ACL \u6216 IDS\uff09\u521b\u5efa\u81ea\u5b9a\u4e49\u63d2\u4ef6\u3002 Newton OpenStack \u7b2c 14 \u7248\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u7f8e\u56fd\u5fb7\u514b\u8428\u65af\u5dde\u5965\u65af\u6c40\u4e3e\u884c\u3002\u8be5\u7248\u672c\u4ee5\u4f4d\u4e8e\u5fb7\u514b\u8428\u65af\u5dde\u5965\u65af\u6c40\u5e02\u7b2c\u4e5d\u8857 1013 \u53f7\u7684\u201cNewton House\u201d\u547d\u540d\u3002\u88ab\u5217\u5165\u56fd\u5bb6\u53f2\u8ff9\u540d\u5f55\u3002 Nexenta \u5377\u9a71\u52a8\u7a0b\u5e8f \u4e3a\u8ba1\u7b97\u4e2d\u7684 NexentaStor \u8bbe\u5907\u63d0\u4f9b\u652f\u6301\u3002 NFV \u7f16\u6392\u670d\u52a1\uff08tacker\uff09 OpenStack \u670d\u52a1\uff0c\u65e8\u5728\u5b9e\u73b0\u7f51\u7edc\u529f\u80fd\u865a\u62df\u5316 \uff08NFV\uff09 \u7f16\u6392\u670d\u52a1\u548c\u5e93\uff0c\u7528\u4e8e\u7f51\u7edc\u670d\u52a1\u548c\u865a\u62df\u7f51\u7edc\u529f\u80fd \uff08VNF\uff09 \u7684\u7aef\u5230\u7aef\u751f\u547d\u5468\u671f\u7ba1\u7406\u3002 Nginx \u51fd\u6570 HTTP \u548c\u53cd\u5411\u4ee3\u7406\u670d\u52a1\u5668\u3001\u90ae\u4ef6\u4ee3\u7406\u670d\u52a1\u5668\u548c\u901a\u7528 TCP/UDP \u4ee3\u7406\u670d\u52a1\u5668\u3002 \u65e0 ACK \u5728 Compute RabbitMQ \u4e2d\u7981\u7528\u670d\u52a1\u5668\u7aef\u6d88\u606f\u786e\u8ba4\u3002\u63d0\u9ad8\u6027\u80fd\u4f46\u964d\u4f4e\u53ef\u9760\u6027\u3002 \u8282\u70b9 \u5728\u4e3b\u673a\u4e0a\u8fd0\u884c\u7684 VM \u5b9e\u4f8b\u3002 \u975e\u6301\u4e45\u4ea4\u6362 \u670d\u52a1\u91cd\u65b0\u542f\u52a8\u65f6\u6e05\u9664\u7684\u6d88\u606f\u4ea4\u6362\u3002\u5176\u6570\u636e\u4e0d\u4f1a\u5199\u5165\u6301\u4e45\u6027\u5b58\u50a8\u3002 \u975e\u6301\u4e45\u961f\u5217 \u670d\u52a1\u91cd\u65b0\u542f\u52a8\u65f6\u6e05\u9664\u7684\u6d88\u606f\u961f\u5217\u3002\u5176\u6570\u636e\u4e0d\u4f1a\u5199\u5165\u6301\u4e45\u6027\u5b58\u50a8\u3002 \u975e\u6301\u4e45\u5316\u5377 \u4e34\u65f6\u5377\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u5357\u5317\u5411\u6d41\u91cf \u7528\u6237\u6216\u5ba2\u6237\u7aef\uff08\u5317\uff09\u4e0e\u670d\u52a1\u5668\uff08\u5357\uff09\u4e4b\u95f4\u7684\u7f51\u7edc\u6d41\u91cf\uff0c\u6216\u8fdb\u5165\u4e91\uff08\u5357\uff09\u548c\u4e91\u5916\uff08\u5317\uff09\u7684\u6d41\u91cf\u3002\u53e6\u8bf7\u53c2\u9605\u4e1c\u897f\u5411\u6d41\u91cf\u3002 nova OpenStack \u8ba1\u7b97\u670d\u52a1\u7684\u4ee3\u53f7\u3002 Nova API \u63a5\u53e3 \u8ba1\u7b97 API \u7684\u66ff\u4ee3\u672f\u8bed\u3002 nova-network \uff08\u65b0\u661f\u7f51\u7edc\uff09 \u4e00\u4e2a\u8ba1\u7b97\u7ec4\u4ef6\uff0c\u7528\u4e8e\u7ba1\u7406 IP \u5730\u5740\u5206\u914d\u3001\u9632\u706b\u5899\u548c\u5176\u4ed6\u4e0e\u7f51\u7edc\u76f8\u5173\u7684\u4efb\u52a1\u3002\u8fd9\u662f\u65e7\u7248\u7f51\u7edc\u9009\u9879\uff0c\u4e5f\u662f\u7f51\u7edc\u7684\u66ff\u4ee3\u65b9\u6cd5\u3002","title":"N"},{"location":"security/security-guide/#o","text":"\u5bf9\u8c61 \u5bf9\u8c61\u5b58\u50a8\u4fdd\u5b58\u7684\u6570\u636e\u7684 BLOB;\u53ef\u4ee5\u662f\u4efb\u4f55\u683c\u5f0f\u3002 \u5bf9\u8c61\u5ba1\u8ba1\u5668 \u6253\u5f00\u5bf9\u8c61\u670d\u52a1\u5668\u7684\u6240\u6709\u5bf9\u8c61\uff0c\u5e76\u9a8c\u8bc1\u6bcf\u4e2a\u5bf9\u8c61\u7684 MD5 \u54c8\u5e0c\u3001\u5927\u5c0f\u548c\u5143\u6570\u636e\u3002 \u5bf9\u8c61\u8fc7\u671f Object Storage \u4e2d\u7684\u4e00\u4e2a\u53ef\u914d\u7f6e\u9009\u9879\uff0c\u7528\u4e8e\u5728\u7ecf\u8fc7\u6307\u5b9a\u65f6\u95f4\u6216\u8fbe\u5230\u7279\u5b9a\u65e5\u671f\u540e\u81ea\u52a8\u5220\u9664\u5bf9\u8c61\u3002 \u5bf9\u8c61\u54c8\u5e0c \u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61\u7684\u552f\u4e00 ID\u3002 \u5bf9\u8c61\u8def\u5f84\u54c8\u5e0c \u5bf9\u8c61\u5b58\u50a8\u7528\u4e8e\u786e\u5b9a\u5bf9\u8c61\u5728\u73af\u4e2d\u7684\u4f4d\u7f6e\u3002\u5c06\u5bf9\u8c61\u6620\u5c04\u5230\u5206\u533a\u3002 \u5bf9\u8c61\u590d\u5236\u5668 \u4e00\u4e2a\u5bf9\u8c61\u5b58\u50a8\u7ec4\u4ef6\uff0c\u7528\u4e8e\u5c06\u5bf9\u8c61\u590d\u5236\u5230\u8fdc\u7a0b\u5206\u533a\u4ee5\u5b9e\u73b0\u5bb9\u9519\u3002 \u5bf9\u8c61\u670d\u52a1\u5668 \u8d1f\u8d23\u7ba1\u7406\u5bf9\u8c61\u7684\u5bf9\u8c61\u5b58\u50a8\u7ec4\u4ef6\u3002 \u5bf9\u8c61\u5b58\u50a8 API \u7528\u4e8e\u8bbf\u95ee OpenStack \u5bf9\u8c61\u5b58\u50a8\u7684 API\u3002 \u5bf9\u8c61\u5b58\u50a8\u8bbe\u5907 \uff08OSD\uff09 Ceph \u5b58\u50a8\u5b88\u62a4\u8fdb\u7a0b\u3002 \u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\uff08swift\uff09 OpenStack \u6838\u5fc3\u9879\u76ee\uff0c\u4e3a\u56fa\u5b9a\u6570\u5b57\u5185\u5bb9\u63d0\u4f9b\u6700\u7ec8\u4e00\u81f4\u6027\u548c\u5197\u4f59\u7684\u5b58\u50a8\u548c\u68c0\u7d22\u3002 \u5bf9\u8c61\u7248\u672c\u63a7\u5236 \u5141\u8bb8\u7528\u6237\u5728\u5bf9\u8c61\u5b58\u50a8\u5bb9\u5668\u4e0a\u8bbe\u7f6e\u6807\u5fd7\uff0c\u4ee5\u4fbf\u5bf9\u5bb9\u5668\u5185\u7684\u6240\u6709\u5bf9\u8c61\u8fdb\u884c\u7248\u672c\u63a7\u5236\u3002 Ocata OpenStack \u7b2c 15 \u7248\u7684\u4ee3\u53f7\u3002\u8bbe\u8ba1\u5cf0\u4f1a\u5728\u897f\u73ed\u7259\u5df4\u585e\u7f57\u90a3\u4e3e\u884c\u3002Ocata\u662f\u5df4\u585e\u7f57\u90a3\u5317\u90e8\u7684\u4e00\u4e2a\u6d77\u6ee9\u3002 Octavia \u8d1f\u8f7d\u5e73\u8861\u670d\u52a1\u7684\u4ee3\u53f7\u3002 Oldie \u957f\u65f6\u95f4\u8fd0\u884c\u7684\u5bf9\u8c61\u5b58\u50a8\u8fdb\u7a0b\u7684\u672f\u8bed\u3002\u53ef\u4ee5\u6307\u793a\u6302\u8d77\u7684\u8fdb\u7a0b\u3002 \u5f00\u653e\u4e91\u8ba1\u7b97\u63a5\u53e3\uff08OCCI\uff09 \u7528\u4e8e\u7ba1\u7406\u8ba1\u7b97\u3001\u6570\u636e\u548c\u7f51\u7edc\u8d44\u6e90\u7684\u6807\u51c6\u5316\u63a5\u53e3\uff0c\u76ee\u524d\u5728 OpenStack \u4e2d\u4e0d\u53d7\u652f\u6301\u3002 \u5f00\u653e\u865a\u62df\u5316\u683c\u5f0f \uff08OVF\uff09 \u6253\u5305 VM \u6620\u50cf\u7684\u6807\u51c6\u3002\u5728 OpenStack \u4e2d\u53d7\u652f\u6301\u3002 \u6253\u5f00 vSwitch Open vSwitch \u662f\u5728\u5f00\u6e90 Apache 2.0 \u8bb8\u53ef\u8bc1\u4e0b\u83b7\u5f97\u8bb8\u53ef\u7684\u751f\u4ea7\u8d28\u91cf\u7684\u591a\u5c42\u865a\u62df\u4ea4\u6362\u673a\u3002\u5b83\u65e8\u5728\u901a\u8fc7\u7f16\u7a0b\u6269\u5c55\u5b9e\u73b0\u5927\u89c4\u6a21\u7f51\u7edc\u81ea\u52a8\u5316\uff0c\u540c\u65f6\u4ecd\u652f\u6301\u6807\u51c6\u7ba1\u7406\u63a5\u53e3\u548c\u534f\u8bae\uff08\u4f8b\u5982 NetFlow\u3001sFlow\u3001SPAN\u3001RSPAN\u3001CLI\u3001LACP\u3001802.1ag\uff09\u3002 Open vSwitch\uff08OVS\uff09\u4ee3\u7406 \u4e3a\u7f51\u7edc\u63d2\u4ef6\u63d0\u4f9b\u5e95\u5c42 Open vSwitch \u670d\u52a1\u7684\u63a5\u53e3\u3002 \u6253\u5f00 vSwitch neutron \u63d2\u4ef6 \u5728\u7f51\u7edc\u4e2d\u63d0\u4f9b\u5bf9 Open vSwitch \u7684\u652f\u6301\u3002 OpenDev OpenDev \u662f\u4e00\u4e2a\u534f\u4f5c\u5f00\u6e90\u8f6f\u4ef6\u5f00\u53d1\u7684\u7a7a\u95f4\u3002 OpenDev \u7684\u4f7f\u547d\u662f\u4e3a\u5f00\u6e90\u8f6f\u4ef6\u9879\u76ee\u63d0\u4f9b\u9879\u76ee\u6258\u7ba1\u3001\u6301\u7eed\u96c6\u6210\u5de5\u5177\u548c\u865a\u62df\u534f\u4f5c\u7a7a\u95f4\u3002OpenDev \u672c\u8eab\u662f\u81ea\u6258\u7ba1\u5728\u8fd9\u5957\u5de5\u5177\u4e0a\uff0c\u5305\u62ec\u4ee3\u7801\u5ba1\u67e5\u3001\u6301\u7eed\u96c6\u6210\u3001etherpad\u3001wiki\u3001\u4ee3\u7801\u6d4f\u89c8\u7b49\u3002\u8fd9\u610f\u5473\u7740 OpenDev \u672c\u8eab\u5c31\u50cf\u4e00\u4e2a\u5f00\u6e90\u9879\u76ee\u4e00\u6837\u8fd0\u884c\uff0c\u60a8\u53ef\u4ee5\u52a0\u5165\u6211\u4eec\u5e76\u5e2e\u52a9\u8fd0\u884c\u7cfb\u7edf\u3002\u6b64\u5916\uff0c\u8fd0\u884c\u7684\u6240\u6709\u670d\u52a1\u672c\u8eab\u90fd\u662f\u5f00\u6e90\u8f6f\u4ef6\u3002 OpenStack \u9879\u76ee\u662f\u4f7f\u7528 OpenDev \u7684\u6700\u5927\u9879\u76ee\u3002 OpenLDAP \u5f00\u6e90 LDAP \u670d\u52a1\u5668\u3002\u53d7\u8ba1\u7b97\u548c\u6807\u8bc6\u652f\u6301\u3002 OpenStack OpenStack \u662f\u4e00\u4e2a\u4e91\u64cd\u4f5c\u7cfb\u7edf\uff0c\u53ef\u63a7\u5236\u6574\u4e2a\u6570\u636e\u4e2d\u5fc3\u7684\u5927\u578b\u8ba1\u7b97\u3001\u5b58\u50a8\u548c\u7f51\u7edc\u8d44\u6e90\u6c60\uff0c\u6240\u6709\u8fd9\u4e9b\u8d44\u6e90\u90fd\u901a\u8fc7\u4eea\u8868\u677f\u8fdb\u884c\u7ba1\u7406\uff0c\u8be5\u4eea\u8868\u677f\u4f7f\u7ba1\u7406\u5458\u80fd\u591f\u8fdb\u884c\u63a7\u5236\uff0c\u540c\u65f6\u6388\u6743\u7528\u6237\u901a\u8fc7 Web \u754c\u9762\u914d\u7f6e\u8d44\u6e90\u3002OpenStack \u662f\u4e00\u4e2a\u6839\u636e Apache License 2.0 \u8bb8\u53ef\u7684\u5f00\u6e90\u9879\u76ee\u3002 OpenStack \u4ee3\u7801\u540d\u79f0 \u6bcf\u4e2a OpenStack \u7248\u672c\u90fd\u6709\u4e00\u4e2a\u4ee3\u53f7\u3002\u4ee3\u53f7\u6309\u5b57\u6bcd\u987a\u5e8f\u6392\u5217\uff1aAustin, Bexar, Cactus, Diablo, Essex, Folsom, Grizzly, Havana, Icehouse, Juno, Kilo, Liberty, Mitaka, Newton, Ocata, Pike, Queens, Rocky, Stein, Train, Ussuri, Victoria, Wallaby, Xena, Yoga, Zed\u3002 Wallaby \u662f\u65b0\u7b56\u7565\u9009\u62e9\u7684\u7b2c\u4e00\u4e2a\u4ee3\u53f7\uff1a\u4ee3\u53f7\u7531\u793e\u533a\u6309\u7167\u5b57\u6bcd\u987a\u5e8f\u9009\u62e9\uff0c\u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u53d1\u5e03\u540d\u79f0\u6807\u51c6\u3002 \u7ef4\u591a\u5229\u4e9a\u7684\u540d\u5b57\u662f\u59d3\u6c0f\uff0c\u5176\u4e2d\u4ee3\u53f7\u662f\u9760\u8fd1\u76f8\u5e94OpenStack\u8bbe\u8ba1\u5cf0\u4f1a\u4e3e\u529e\u5730\u7684\u57ce\u5e02\u6216\u53bf\u3002\u4e00\u4e2a\u4f8b\u5916\uff0c\u79f0\u4e3a\u6c83\u5c14\u767b\u4f8b\u5916\uff0c\u88ab\u6388\u4e88\u5dde\u65d7\u4e2d\u542c\u8d77\u6765\u7279\u522b\u9177\u7684\u5143\u7d20\u3002\u4ee3\u53f7\u7531\u5927\u4f17\u6295\u7968\u9009\u51fa\u3002 \u4e0e\u6b64\u540c\u65f6\uff0c\u968f\u7740OpenStack\u53d1\u884c\u7248\u7684\u5b57\u6bcd\u8868\u7528\u5b8c\uff0c\u6280\u672f\u59d4\u5458\u4f1a\u6539\u53d8\u4e86\u547d\u540d\u8fc7\u7a0b\uff0c\u5c06\u53d1\u884c\u53f7\u548c\u53d1\u884c\u7248\u540d\u79f0\u4f5c\u4e3a\u8bc6\u522b\u7801\u3002\u7248\u672c\u53f7\u5c06\u662f\u4e3b\u8981\u6807\u8bc6\u7b26\uff1a\u201cyear\u201d\u3002\u5e74\u5185\u53d1\u5e03\u8ba1\u6570\u201c\uff0c\u8be5\u540d\u79f0\u5c06\u4e3b\u8981\u7528\u4e8e\u8425\u9500\u76ee\u7684\u3002\u7b2c\u4e00\u4e2a\u8fd9\u6837\u7684\u7248\u672c\u662f 2023.1 Antelope\u3002\u7d27\u968f\u5176\u540e\u7684\u662f 2023.2 Bobcat\u30012024.1 Caracal\u3002 openSUSE \u4e0e OpenStack \u517c\u5bb9\u7684 Linux \u53d1\u884c\u7248\u3002 \u64cd\u4f5c\u5458 \u8d1f\u8d23\u89c4\u5212\u548c\u7ef4\u62a4 OpenStack \u5b89\u88c5\u7684\u4eba\u5458\u3002 \u53ef\u9009\u670d\u52a1 \u7531 Interop \u5de5\u4f5c\u7ec4\u5b9a\u4e49\u4e3a\u53ef\u9009\u7684\u5b98\u65b9 OpenStack \u670d\u52a1\u3002\u76ee\u524d\uff0c\u7531 Dashboard \uff08horizon\uff09\u3001Telemetry \u670d\u52a1 \uff08Telemetry\uff09\u3001Orchestration \u670d\u52a1 \uff08heat\uff09\u3001Database \u670d\u52a1 \uff08trove\uff09\u3001Bare Metal \u670d\u52a1 \uff08ironic\uff09 \u7b49\u7ec4\u6210\u3002 \u7f16\u6392\u670d\u52a1\uff08heat\uff09 OpenStack \u670d\u52a1\uff0c\u5b83\u901a\u8fc7 OpenStack \u539f\u751f REST API \u4f7f\u7528\u58f0\u660e\u6027\u6a21\u677f\u683c\u5f0f\u7f16\u6392\u590d\u5408\u4e91\u5e94\u7528\u7a0b\u5e8f\u3002 orphan \u5728\u5bf9\u8c61\u5b58\u50a8\u7684\u4e0a\u4e0b\u6587\u4e2d\uff0c\u8fd9\u662f\u4e00\u4e2a\u5728\u5347\u7ea7\u3001\u91cd\u65b0\u542f\u52a8\u6216\u91cd\u65b0\u52a0\u8f7d\u670d\u52a1\u540e\u4e0d\u4f1a\u7ec8\u6b62\u7684\u8fc7\u7a0b\u3002 Oslo Common Libraries \u9879\u76ee\u7684\u4ee3\u53f7\u3002","title":"O"},{"location":"security/security-guide/#p","text":"panko OpenStack Telemetry \u670d\u52a1\u7684\u4e00\u90e8\u5206;\u63d0\u4f9b\u4e8b\u4ef6\u5b58\u50a8\u3002 \u7236\u5355\u5143\u683c \u5982\u679c\u8bf7\u6c42\u7684\u8d44\u6e90\uff08\u5982 CPU \u65f6\u95f4\u3001\u78c1\u76d8\u5b58\u50a8\u6216\u5185\u5b58\uff09\u5728\u7236\u5355\u5143\u4e2d\u4e0d\u53ef\u7528\uff0c\u5219\u8be5\u8bf7\u6c42\u5c06\u8f6c\u53d1\u5230\u5173\u8054\u7684\u5b50\u5355\u5143\u3002 \u5206\u533a \u5bf9\u8c61\u5b58\u50a8\u4e2d\u7528\u4e8e\u5b58\u50a8\u5bf9\u8c61\u7684\u5b58\u50a8\u5355\u5143\u3002\u5b83\u5b58\u5728\u4e8e\u8bbe\u5907\u4e4b\u4e0a\uff0c\u5e76\u88ab\u590d\u5236\u4ee5\u5b9e\u73b0\u5bb9\u9519\u3002. \u5206\u533a\u7d22\u5f15 \u5305\u542b\u73af\u5185\u6240\u6709\u5bf9\u8c61\u5b58\u50a8\u5206\u533a\u7684\u4f4d\u7f6e\u3002 \u5206\u533a\u504f\u79fb\u503c \u5bf9\u8c61\u5b58\u50a8\u7528\u4e8e\u786e\u5b9a\u6570\u636e\u5e94\u9a7b\u7559\u5728\u54ea\u4e2a\u5206\u533a\u4e0a\u3002 \u8def\u5f84 MTU \u53d1\u73b0 \uff08PMTUD\uff09 IP \u7f51\u7edc\u4e2d\u7528\u4e8e\u68c0\u6d4b\u7aef\u5230\u7aef MTU \u5e76\u76f8\u5e94\u5730\u8c03\u6574\u6570\u636e\u5305\u5927\u5c0f\u7684\u673a\u5236\u3002 \u6682\u505c \u672a\u53d1\u751f\u4efb\u4f55\u66f4\u6539\uff08\u5185\u5b58\u672a\u66f4\u6539\u3001\u7f51\u7edc\u901a\u4fe1\u505c\u6b62\u7b49\uff09\u7684 VM \u72b6\u6001;VM \u5df2\u51bb\u7ed3\uff0c\u4f46\u672a\u5173\u95ed\u3002 PCI\u76f4\u901a \u4e3a\u5ba2\u6237\u673a\u865a\u62df\u673a\u63d0\u4f9b\u5bf9 PCI \u8bbe\u5907\u7684\u72ec\u5360\u8bbf\u95ee\u6743\u9650\u3002\u76ee\u524d\u5728 OpenStack Havana \u53ca\u66f4\u9ad8\u7248\u672c\u4e2d\u53d7\u652f\u6301\u3002 \u6301\u4e45\u6d88\u606f \u5b58\u50a8\u5728\u5185\u5b58\u548c\u78c1\u76d8\u4e0a\u7684\u6d88\u606f\u3002\u5931\u8d25\u6216\u91cd\u65b0\u542f\u52a8\u540e\uff0c\u6d88\u606f\u4e0d\u4f1a\u4e22\u5931\u3002 \u6301\u4e45\u5377 \u5c06\u4fdd\u5b58\u5bf9\u8fd9\u4e9b\u7c7b\u578b\u7684\u78c1\u76d8\u5377\u6240\u505a\u7684\u66f4\u6539\u3002 \u4e2a\u6027\u6587\u4ef6 \u7528\u4e8e\u81ea\u5b9a\u4e49 Compute \u5b9e\u4f8b\u7684\u6587\u4ef6\u3002\u5b83\u53ef\u7528\u4e8e\u6ce8\u5165 SSH \u5bc6\u94a5\u6216\u7279\u5b9a\u7684\u7f51\u7edc\u914d\u7f6e\u3002 Pike OpenStack \u7b2c 16 \u7248\u7684\u4ee3\u53f7\u3002OpenStack\u5cf0\u4f1a\u5728\u7f8e\u56fd\u9a6c\u8428\u8bf8\u585e\u5dde\u6ce2\u58eb\u987f\u4e3e\u884c\u3002\u8be5\u7248\u672c\u4ee5\u9a6c\u8428\u8bf8\u585e\u5dde\u6536\u8d39\u516c\u8def\u547d\u540d\uff0c\u901a\u5e38\u7f29\u5199\u4e3a\u9a6c\u8428\u8bf8\u585e\u5dde\u6536\u8d39\u516c\u8def\uff0c\u8fd9\u662f 90 \u53f7\u5dde\u9645\u516c\u8def\u6700\u4e1c\u7aef\u7684\u8def\u6bb5\u3002 \u5e73\u53f0\u5373\u670d\u52a1\uff08PaaS\uff09 \u4e3a\u4f7f\u7528\u8005\u63d0\u4f9b\u64cd\u4f5c\u7cfb\u7edf\uff0c\u901a\u5e38\u8fd8\u4e3a\u8bed\u8a00\u8fd0\u884c\u65f6\u548c\u5e93\uff08\u7edf\u79f0\u4e3a\u201c\u5e73\u53f0\u201d\uff09\u63d0\u4f9b\uff0c\u6d88\u8d39\u8005\u53ef\u4ee5\u5728\u5176\u4e0a\u8fd0\u884c\u81ea\u5df1\u7684\u5e94\u7528\u7a0b\u5e8f\u4ee3\u7801\uff0c\u800c\u65e0\u9700\u63d0\u4f9b\u5bf9\u5e95\u5c42\u57fa\u7840\u7ed3\u6784\u7684\u4efb\u4f55\u63a7\u5236\u3002\u5e73\u53f0\u5373\u670d\u52a1\u63d0\u4f9b\u5546\u7684\u793a\u4f8b\u5305\u62ec Cloud Foundry \u548c OpenShift\u3002 \u63d2\u4ef6 \u4e3a\u7f51\u7edc API \u6216\u8ba1\u7b97 API \u63d0\u4f9b\u5b9e\u9645\u5b9e\u73b0\u7684\u8f6f\u4ef6\u7ec4\u4ef6\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u4e0a\u4e0b\u6587\u3002 \u7b56\u7565\u670d\u52a1 \u6807\u8bc6\u7ec4\u4ef6\uff0c\u63d0\u4f9b\u89c4\u5219\u7ba1\u7406\u63a5\u53e3\u548c\u57fa\u4e8e\u89c4\u5219\u7684\u6388\u6743\u5f15\u64ce\u3002 \u57fa\u4e8e\u7b56\u7565\u7684\u8def\u7531 \uff08PBR\uff09 \u63d0\u4f9b\u4e00\u79cd\u673a\u5236\uff0c\u7528\u4e8e\u6839\u636e\u7f51\u7edc\u7ba1\u7406\u5458\u5b9a\u4e49\u7684\u7b56\u7565\u5b9e\u73b0\u6570\u636e\u5305\u8f6c\u53d1\u548c\u8def\u7531\u3002 \u6c60 \u4e00\u7ec4\u903b\u8f91\u8bbe\u5907\uff0c\u4f8b\u5982 Web \u670d\u52a1\u5668\uff0c\u60a8\u53ef\u4ee5\u5c06\u5176\u7ec4\u5408\u5728\u4e00\u8d77\u4ee5\u63a5\u6536\u548c\u5904\u7406\u6d41\u91cf\u3002\u8d1f\u8f7d\u5e73\u8861\u529f\u80fd\u9009\u62e9\u6c60\u4e2d\u7684\u54ea\u4e2a\u6210\u5458\u5904\u7406\u5728 VIP \u5730\u5740\u4e0a\u6536\u5230\u7684\u65b0\u8bf7\u6c42\u6216\u8fde\u63a5\u3002\u6bcf\u4e2aVIP\u90fd\u6709\u4e00\u4e2a\u6e38\u6cf3\u6c60\u3002 \u6c60\u6210\u5458 \u5728\u8d1f\u8f7d\u5e73\u8861\u7cfb\u7edf\u4e2d\u7684\u540e\u7aef\u670d\u52a1\u5668\u4e0a\u8fd0\u884c\u7684\u5e94\u7528\u7a0b\u5e8f\u3002 \u7aef\u53e3 \u7f51\u7edc\u4e2d\u7684\u865a\u62df\u7f51\u7edc\u7aef\u53e3;VIF / vNIC \u8fde\u63a5\u5230\u7aef\u53e3\u3002 \u7aef\u53e3 UUID \u7f51\u7edc\u7aef\u53e3\u7684\u552f\u4e00 ID\u3002 \u9884\u7f6e \u5728\u57fa\u4e8e Debian \u7684 Linux \u53d1\u884c\u7248\u4e0a\u81ea\u52a8\u8fdb\u884c\u7cfb\u7edf\u914d\u7f6e\u548c\u5b89\u88c5\u7684\u5de5\u5177\u3002 \u79c1\u6709\u4e91 \u4e00\u4e2a\u4f01\u4e1a\u6216\u7ec4\u7ec7\u72ec\u5360\u4f7f\u7528\u7684\u8ba1\u7b97\u8d44\u6e90\u3002 \u79c1\u6709\u6620\u50cf \u4ec5\u5bf9\u6307\u5b9a\u9879\u76ee\u53ef\u7528\u7684\u6620\u50cf\u670d\u52a1\u865a\u62df\u673a\u6620\u50cf\u3002 \u79c1\u6709 IP \u5730\u5740 \u7528\u4e8e\u7ba1\u7406\u548c\u7ba1\u7406\u7684 IP \u5730\u5740\uff0c\u4e0d\u53ef\u7528\u4e8e\u516c\u5171 Internet\u3002 \u4e13\u7528\u7f51\u7edc \u7f51\u7edc\u63a7\u5236\u5668\u63d0\u4f9b\u865a\u62df\u7f51\u7edc\uff0c\u4f7f\u8ba1\u7b97\u670d\u52a1\u5668\u80fd\u591f\u76f8\u4e92\u4ea4\u4e92\u4ee5\u53ca\u4e0e\u516c\u7528\u7f51\u7edc\u4ea4\u4e92\u3002\u6240\u6709\u8ba1\u7b97\u673a\u90fd\u5fc5\u987b\u5177\u6709\u516c\u5171\u548c\u4e13\u7528\u7f51\u7edc\u63a5\u53e3\u3002\u4e13\u7528\u7f51\u7edc\u63a5\u53e3\u53ef\u4ee5\u662f\u5e73\u9762\u7f51\u7edc\u63a5\u53e3\uff0c\u4e5f\u53ef\u4ee5\u662f VLAN \u7f51\u7edc\u63a5\u53e3\u3002\u6241\u5e73\u5316\u7f51\u7edc\u63a5\u53e3\u7531\u5177\u6709\u6241\u5e73\u5316\u7ba1\u7406\u5668\u7684flat_interface\u63a7\u5236\u3002VLAN \u7f51\u7edc\u63a5\u53e3\u7531\u5e26\u6709 VLAN \u7ba1\u7406\u5668\u7684 vlan_interface \u9009\u4ef6\u63a7\u5236\u3002 \u9879\u76ee \u9879\u76ee\u4ee3\u8868\u4e86OpenStack\u4e2d\u201c\u6240\u6709\u6743\u201d\u7684\u57fa\u672c\u5355\u4f4d\uff0c\u56e0\u4e3aOpenStack\u4e2d\u7684\u6240\u6709\u8d44\u6e90\u90fd\u5e94\u8be5\u7531\u7279\u5b9a\u9879\u76ee\u62e5\u6709\u3002\u5728 OpenStack Identity \u4e2d\uff0c\u9879\u76ee\u5fc5\u987b\u7531\u7279\u5b9a\u57df\u62e5\u6709\u3002 \u9879\u76ee ID Identity \u670d\u52a1\u5206\u914d\u7ed9\u6bcf\u4e2a\u9879\u76ee\u7684\u552f\u4e00 ID\u3002 \u9879\u76ee VPN cloudpipe \u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u6df7\u6742\u6a21\u5f0f \u4f7f\u7f51\u7edc\u63a5\u53e3\u5c06\u5176\u63a5\u6536\u7684\u6240\u6709\u6d41\u91cf\u4f20\u9012\u5230\u4e3b\u673a\uff0c\u800c\u4e0d\u662f\u4ec5\u4f20\u9012\u5bfb\u5740\u5230\u5b83\u7684\u5e27\u3002 \u53d7\u4fdd\u62a4\u7684\u5c5e\u6027 \u901a\u5e38\uff0c\u53ea\u6709\u4e91\u7ba1\u7406\u5458\u624d\u80fd\u8bbf\u95ee\u7684\u6620\u50cf\u670d\u52a1\u6620\u50cf\u4e0a\u7684\u989d\u5916\u5c5e\u6027\u3002\u9650\u5236\u54ea\u4e9b\u7528\u6237\u89d2\u8272\u53ef\u4ee5\u5bf9\u8be5\u5c5e\u6027\u6267\u884c CRUD \u64cd\u4f5c\u3002\u4e91\u7ba1\u7406\u5458\u53ef\u4ee5\u5c06\u4efb\u4f55\u6620\u50cf\u5c5e\u6027\u914d\u7f6e\u4e3a\u53d7\u4fdd\u62a4\u3002 \u63d0\u4f9b\u8005 \u6709\u6743\u8bbf\u95ee\u6240\u6709\u4e3b\u673a\u548c\u5b9e\u4f8b\u7684\u7ba1\u7406\u5458\u3002 \u4ee3\u7406\u8282\u70b9 \u63d0\u4f9bObject Storage\u4ee3\u7406\u670d\u52a1\u7684\u8282\u70b9\u3002 \u4ee3\u7406\u670d\u52a1\u5668 \u5bf9\u8c61\u5b58\u50a8\u7684\u7528\u6237\u901a\u8fc7\u4ee3\u7406\u670d\u52a1\u5668\u4e0e\u670d\u52a1\u8fdb\u884c\u4ea4\u4e92\uff0c\u4ee3\u7406\u670d\u52a1\u5668\u53c8\u5728\u73af\u5185\u67e5\u627e\u6240\u8bf7\u6c42\u6570\u636e\u7684\u4f4d\u7f6e\uff0c\u5e76\u5c06\u7ed3\u679c\u8fd4\u56de\u7ed9\u7528\u6237\u3002 \u516c\u5171 API \u7528\u4e8e\u670d\u52a1\u5230\u670d\u52a1\u901a\u4fe1\u548c\u6700\u7ec8\u7528\u6237\u4ea4\u4e92\u7684 API \u7ec8\u7ed3\u70b9\u3002 \u516c\u6709\u4e91 \u8bb8\u591a\u7528\u6237\u53ef\u901a\u8fc7 Internet \u8bbf\u95ee\u7684\u6570\u636e\u4e2d\u5fc3\u3002 \u516c\u5171\u955c\u50cf \u53ef\u4f9b\u6240\u6709\u9879\u76ee\u4f7f\u7528\u7684\u955c\u50cf\u670d\u52a1\u865a\u62df\u673a\u955c\u50cf\u3002 \u516c\u7f51 IP \u5730\u5740 \u6700\u7ec8\u7528\u6237\u53ef\u8bbf\u95ee\u7684 IP \u5730\u5740\u3002 \u516c\u94a5\u8ba4\u8bc1 \u4f7f\u7528\u5bc6\u94a5\u800c\u4e0d\u662f\u5bc6\u7801\u7684\u8eab\u4efd\u9a8c\u8bc1\u65b9\u6cd5\u3002 \u516c\u7f51 \u7f51\u7edc\u63a7\u5236\u5668\u63d0\u4f9b\u865a\u62df\u7f51\u7edc\uff0c\u4f7f\u8ba1\u7b97\u670d\u52a1\u5668\u80fd\u591f\u76f8\u4e92\u4ea4\u4e92\u4ee5\u53ca\u4e0e\u516c\u7528\u7f51\u7edc\u4ea4\u4e92\u3002\u6240\u6709\u8ba1\u7b97\u673a\u90fd\u5fc5\u987b\u5177\u6709\u516c\u5171\u548c\u4e13\u7528\u7f51\u7edc\u63a5\u53e3\u3002\u516c\u7528\u7f51\u7edc\u63a5\u53e3\u7531\u8be5 public_interface \u9009\u9879\u63a7\u5236\u3002 Puppet OpenStack\u652f\u6301\u7684\u64cd\u4f5c\u7cfb\u7edf\u914d\u7f6e\u7ba1\u7406\u5de5\u5177\u3002 Python \u6a21\u578b OpenStack\u4e2d\u5e7f\u6cdb\u4f7f\u7528\u7684\u7f16\u7a0b\u8bed\u8a00\u3002","title":"P"},{"location":"security/security-guide/#q","text":"QEMU \u5199\u5165\u65f6\u590d\u5236 2 \uff08QCOW2\uff09 \u955c\u50cf\u670d\u52a1\u652f\u6301\u7684\u865a\u62df\u673a\u955c\u50cf\u78c1\u76d8\u683c\u5f0f\u4e4b\u4e00\u3002 Qpid penStack\u652f\u6301\u7684\u6d88\u606f\u961f\u5217\u8f6f\u4ef6;RabbitMQ \u7684\u66ff\u4ee3\u54c1\u3002 \u670d\u52a1\u8d28\u91cf \uff08QoS\uff09 \u4fdd\u8bc1\u67d0\u4e9b\u7f51\u7edc\u6216\u5b58\u50a8\u8981\u6c42\u4ee5\u6ee1\u8db3\u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u5546\u548c\u6700\u7ec8\u7528\u6237\u4e4b\u95f4\u7684\u670d\u52a1\u7ea7\u522b\u534f\u8bae \uff08SLA\uff09 \u7684\u80fd\u529b\u3002\u901a\u5e38\u5305\u62ec\u7f51\u7edc\u5e26\u5bbd\u3001\u5ef6\u8fdf\u3001\u6296\u52a8\u6821\u6b63\u548c\u53ef\u9760\u6027\u7b49\u6027\u80fd\u8981\u6c42\uff0c\u4ee5\u53ca\u6bcf\u79d2\u8f93\u5165/\u8f93\u51fa\u64cd\u4f5c\u6570 \uff08IOPS\uff09 \u4e2d\u7684\u5b58\u50a8\u6027\u80fd\u3001\u9650\u5236\u534f\u8bae\u548c\u5cf0\u503c\u8d1f\u8f7d\u4e0b\u7684\u6027\u80fd\u9884\u671f\u3002 \u9694\u79bb \u5982\u679c\u5bf9\u8c61\u5b58\u50a8\u53d1\u73b0\u5bf9\u8c61\u3001\u5bb9\u5668\u6216\u5e10\u6237\u5df2\u635f\u574f\uff0c\u5219\u4f1a\u5c06\u5176\u7f6e\u4e8e\u6b64\u72b6\u6001\uff0c\u4e0d\u4f1a\u88ab\u590d\u5236\uff0c\u5ba2\u6237\u7aef\u65e0\u6cd5\u8bfb\u53d6\uff0c\u5e76\u4e14\u4f1a\u91cd\u65b0\u590d\u5236\u6b63\u786e\u7684\u526f\u672c\u3002 Queens OpenStack \u7b2c 17 \u7248\u7684\u4ee3\u53f7\u3002OpenStack\u5cf0\u4f1a\u5728\u6fb3\u5927\u5229\u4e9a\u6089\u5c3c\u4e3e\u884c\u3002\u8be5\u7248\u672c\u4ee5\u65b0\u5357\u5a01\u5c14\u58eb\u5dde\u5357\u6d77\u5cb8\u5730\u533a\u7684\u7687\u540e\u5e9e\u5fb7\u6cb3\u547d\u540d\u3002 Quick EMUlator \uff08QEMU\uff09 \uff08\u5feb\u901f EMUlator\uff09 QEMU \u662f\u4e00\u4e2a\u901a\u7528\u7684\u5f00\u6e90\u673a\u5668\u4eff\u771f\u5668\u548c\u865a\u62df\u5316\u5668\u3002OpenStack \u652f\u6301\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e4b\u4e00\uff0c\u901a\u5e38\u7528\u4e8e\u5f00\u53d1\u76ee\u7684\u3002 \u914d\u989d \u5728\u8ba1\u7b97\u548c\u5757\u5b58\u50a8\u4e2d\uff0c\u80fd\u591f\u57fa\u4e8e\u6bcf\u4e2a\u9879\u76ee\u8bbe\u7f6e\u8d44\u6e90\u9650\u5236\u3002","title":"Q"},{"location":"security/security-guide/#r","text":"RabbitMQ \u6a21\u578b OpenStack \u4f7f\u7528\u7684\u9ed8\u8ba4\u6d88\u606f\u961f\u5217\u8f6f\u4ef6\u3002 Rackspace \u4e91\u6587\u4ef6 2010 \u5e74\u7531 Rackspace \u5f00\u6e90\u53d1\u5e03;\u5bf9\u8c61\u5b58\u50a8\u7684\u57fa\u7840\u3002 RADOS \u5757\u8bbe\u5907 \uff08RBD\uff09 Ceph \u7ec4\u4ef6\uff0c\u4f7f Linux \u5757\u8bbe\u5907\u80fd\u591f\u5728\u591a\u4e2a\u5206\u5e03\u5f0f\u6570\u636e\u5b58\u50a8\u4e0a\u8fdb\u884c\u6761\u5e26\u5316\u3002 radvd \u8def\u7531\u5668\u901a\u544a\u5b88\u62a4\u7a0b\u5e8f\uff0c\u7531\u8ba1\u7b97 VLAN \u7ba1\u7406\u5668\u548c FlatDHCP \u7ba1\u7406\u5668\u7528\u4e8e\u4e3a VM \u5b9e\u4f8b\u63d0\u4f9b\u8def\u7531\u670d\u52a1\u3002 rally Benchmark \u670d\u52a1\u7684\u4ee3\u53f7\u3002 RAM\u8fc7\u6ee4\u5668 \u542f\u7528\u6216\u7981\u7528 RAM \u8fc7\u91cf\u5206\u914d\u7684\u8ba1\u7b97\u8bbe\u7f6e\u3002 RAM \u8fc7\u91cf\u5206\u914d \u80fd\u591f\u6839\u636e\u4e3b\u673a\u7684\u5b9e\u9645\u5185\u5b58\u4f7f\u7528\u60c5\u51b5\u542f\u52a8\u65b0\u7684 VM \u5b9e\u4f8b\uff0c\u800c\u4e0d\u662f\u6839\u636e\u6bcf\u4e2a\u6b63\u5728\u8fd0\u884c\u7684\u5b9e\u4f8b\u8ba4\u4e3a\u5176\u53ef\u7528\u7684 RAM \u91cf\u6765\u505a\u51fa\u51b3\u5b9a\u3002\u4e5f\u79f0\u4e3a\u5185\u5b58\u8fc7\u91cf\u4f7f\u7528\u3002 \u901f\u7387\u9650\u5236 \u5bf9\u8c61\u5b58\u50a8\u4e2d\u7684\u53ef\u914d\u7f6e\u9009\u9879\uff0c\u7528\u4e8e\u9650\u5236\u6bcf\u4e2a\u5e10\u6237\u548c/\u6216\u6bcf\u4e2a\u5bb9\u5668\u7684\u6570\u636e\u5e93\u5199\u5165\u3002 \u539f\u59cb \u6620\u50cf\u670d\u52a1\u652f\u6301\u7684\u865a\u62df\u673a\u6620\u50cf\u78c1\u76d8\u683c\u5f0f\u4e4b\u4e00;\u975e\u7ed3\u6784\u5316\u78c1\u76d8\u6620\u50cf\u3002 \u91cd\u65b0\u5e73\u8861 \u5728\u73af\u4e2d\u7684\u6240\u6709\u9a71\u52a8\u5668\u4e4b\u95f4\u5206\u914d\u5bf9\u8c61\u5b58\u50a8\u5206\u533a\u7684\u8fc7\u7a0b;\u5728\u521d\u59cb\u73af\u521b\u5efa\u671f\u95f4\u548c\u73af\u91cd\u65b0\u914d\u7f6e\u540e\u4f7f\u7528\u3002 \u91cd\u542f \u5bf9\u670d\u52a1\u5668\u8fdb\u884c\u8f6f\u91cd\u542f\u6216\u786c\u91cd\u542f\u3002\u901a\u8fc7\u8f6f\u91cd\u542f\uff0c\u64cd\u4f5c\u7cfb\u7edf\u4f1a\u53d1\u51fa\u91cd\u65b0\u542f\u52a8\u4fe1\u53f7\uff0c\u4ece\u800c\u53ef\u4ee5\u6b63\u5e38\u5173\u95ed\u6240\u6709\u8fdb\u7a0b\u3002\u786c\u91cd\u542f\u76f8\u5f53\u4e8e\u91cd\u542f\u670d\u52a1\u5668\u3002\u865a\u62df\u5316\u5e73\u53f0\u5e94\u786e\u4fdd\u91cd\u65b0\u542f\u52a8\u64cd\u4f5c\u5df2\u6210\u529f\u5b8c\u6210\uff0c\u5373\u4f7f\u5728\u57fa\u7840\u57df/VM \u6682\u505c\u6216\u505c\u6b62/\u505c\u6b62\u7684\u60c5\u51b5\u4e0b\u4e5f\u662f\u5982\u6b64\u3002 \u91cd\u5efa \u5220\u9664\u670d\u52a1\u5668\u4e0a\u7684\u6240\u6709\u6570\u636e\uff0c\u5e76\u5c06\u5176\u66ff\u6362\u4e3a\u6307\u5b9a\u7684\u6620\u50cf\u3002\u670d\u52a1\u5668 ID \u548c IP \u5730\u5740\u4fdd\u6301\u4e0d\u53d8\u3002 \u4fa6\u5bdf \u7528\u4e8e\u6536\u96c6\u8ba1\u91cf\u7684\u5bf9\u8c61\u5b58\u50a8\u7ec4\u4ef6\u3002 \u8bb0\u5f55 \u5c5e\u4e8e\u7279\u5b9a\u57df\uff0c\u7528\u4e8e\u6307\u5b9a\u6709\u5173\u8be5\u57df\u7684\u4fe1\u606f\u3002\u6709\u51e0\u79cd\u7c7b\u578b\u7684 DNS \u8bb0\u5f55\u3002\u6bcf\u79cd\u8bb0\u5f55\u7c7b\u578b\u90fd\u5305\u542b\u7528\u4e8e\u63cf\u8ff0\u8be5\u8bb0\u5f55\u7528\u9014\u7684\u7279\u5b9a\u4fe1\u606f\u3002\u793a\u4f8b\u5305\u62ec\u90ae\u4ef6\u4ea4\u6362 \uff08MX\uff09 \u8bb0\u5f55\uff0c\u5b83\u6307\u5b9a\u7279\u5b9a\u57df\u7684\u90ae\u4ef6\u670d\u52a1\u5668;\u548c\u540d\u79f0\u670d\u52a1\u5668 \uff08NS\uff09 \u8bb0\u5f55\uff0c\u7528\u4e8e\u6307\u5b9a\u57df\u7684\u6743\u5a01\u540d\u79f0\u670d\u52a1\u5668\u3002 \u8bb0\u5f55 ID \u6570\u636e\u5e93\u4e2d\u7684\u4e00\u4e2a\u6570\u5b57\uff0c\u6bcf\u6b21\u8fdb\u884c\u66f4\u6539\u65f6\u90fd\u4f1a\u9012\u589e\u3002\u5bf9\u8c61\u5b58\u50a8\u5728\u590d\u5236\u65f6\u4f7f\u7528\u3002 Red Hat Enterprise Linux \uff08RHEL\uff09 \uff08\u82f1\u8bed\uff09 \u4e0e OpenStack \u517c\u5bb9\u7684 Linux \u53d1\u884c\u7248\u3002 \u53c2\u8003\u67b6\u6784 OpenStack \u4e91\u7684\u63a8\u8350\u67b6\u6784\u3002 \u533a\u57df \u5177\u6709\u4e13\u7528 API \u7aef\u70b9\u7684\u79bb\u6563 OpenStack \u73af\u5883\uff0c\u901a\u5e38\u4ec5\u4e0e\u5176\u4ed6\u533a\u57df\u5171\u4eab\u8eab\u4efd \uff08keystone\uff09\u3002 \u6ce8\u518c\u8868 \u5f71\u50cf\u670d\u52a1\u6ce8\u518c\u8868\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u6ce8\u518c\u8868\u670d\u52a1\u5668 \u5411\u5ba2\u6237\u7aef\u63d0\u4f9b\u865a\u62df\u673a\u955c\u50cf\u5143\u6570\u636e\u4fe1\u606f\u7684\u955c\u50cf\u670d\u52a1\u3002 \u53ef\u9760\u3001\u81ea\u4e3b\u7684\u5206\u5e03\u5f0f\u5bf9\u8c61\u5b58\u50a8 \uff08\u96f7\u8fbe\uff09 \u5728 Ceph \u4e2d\u63d0\u4f9b\u5bf9\u8c61\u5b58\u50a8\u7684\u7ec4\u4ef6\u96c6\u5408\u3002\u7c7b\u4f3c\u4e8e OpenStack Object Storage\u3002 \u8fdc\u7a0b\u8fc7\u7a0b\u8c03\u7528 \uff08RPC\uff09 \u8ba1\u7b97RabbitMQ \u7528\u4e8e\u670d\u52a1\u5185\u901a\u4fe1\u7684\u65b9\u6cd5\u3002 \u526f\u672c \u901a\u8fc7\u521b\u5efa\u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61\u3001\u5e10\u6237\u548c\u5bb9\u5668\u7684\u526f\u672c\u6765\u63d0\u4f9b\u6570\u636e\u5197\u4f59\u548c\u5bb9\u9519\uff0c\u4ee5\u4fbf\u5728\u5e95\u5c42\u5b58\u50a8\u53d1\u751f\u6545\u969c\u65f6\u4e0d\u4f1a\u4e22\u5931\u5b83\u4eec\u3002 \u526f\u672c\u6570\u91cf \u5bf9\u8c61\u5b58\u50a8\u73af\u4e2d\u6570\u636e\u7684\u526f\u672c\u6570\u3002 \u590d\u5236 \u5c06\u6570\u636e\u590d\u5236\u5230\u5355\u72ec\u7684\u7269\u7406\u8bbe\u5907\u4ee5\u5b9e\u73b0\u5bb9\u9519\u548c\u6027\u80fd\u7684\u8fc7\u7a0b\u3002 \u590d\u5236\u5668 \u5bf9\u8c61\u5b58\u50a8\u540e\u7aef\u8fdb\u7a0b\uff0c\u7528\u4e8e\u521b\u5efa\u548c\u7ba1\u7406\u5bf9\u8c61\u526f\u672c\u3002 \u8bf7\u6c42 ID \u5206\u914d\u7ed9\u53d1\u9001\u5230\u8ba1\u7b97\u7684\u6bcf\u4e2a\u8bf7\u6c42\u7684\u552f\u4e00 ID\u3002 \u6551\u63f4\u6620\u50cf \u4e00\u79cd\u7279\u6b8a\u7c7b\u578b\u7684 VM \u6620\u50cf\uff0c\u5728\u5c06\u5b9e\u4f8b\u7f6e\u4e8e\u6551\u63f4\u6a21\u5f0f\u65f6\u542f\u52a8\u3002\u5141\u8bb8\u7ba1\u7406\u5458\u6302\u8f7d\u5b9e\u4f8b\u7684\u6587\u4ef6\u7cfb\u7edf\u4ee5\u66f4\u6b63\u95ee\u9898\u3002 \u8c03\u6574\u5927\u5c0f \u5c06\u73b0\u6709\u670d\u52a1\u5668\u8f6c\u6362\u4e3a\u5176\u4ed6\u98ce\u683c\uff0c\u4ece\u800c\u6269\u5c55\u6216\u7f29\u51cf\u670d\u52a1\u5668\u3002\u4fdd\u5b58\u539f\u59cb\u670d\u52a1\u5668\u4ee5\u5728\u51fa\u73b0\u95ee\u9898\u65f6\u542f\u7528\u56de\u6eda\u3002\u5fc5\u987b\u6d4b\u8bd5\u5e76\u660e\u786e\u786e\u8ba4\u6240\u6709\u8c03\u6574\u5927\u5c0f\uff0c\u6b64\u65f6\u5c06\u5220\u9664\u539f\u59cb\u670d\u52a1\u5668\u3002 RESTful \u4e00\u79cd\u4f7f\u7528 REST \u6216\u5177\u8c61\u72b6\u6001\u4f20\u8f93\u7684 Web \u670d\u52a1 API\u3002REST\u662f\u7528\u4e8e\u4e07\u7ef4\u7f51\u7684\u8d85\u5a92\u4f53\u7cfb\u7edf\u7684\u67b6\u6784\u98ce\u683c \u73af \u5c06\u5bf9\u8c61\u5b58\u50a8\u6570\u636e\u6620\u5c04\u5230\u5206\u533a\u7684\u5b9e\u4f53\u3002\u6bcf\u4e2a\u670d\u52a1\uff08\u4f8b\u5982\u5e10\u6237\u3001\u5bf9\u8c61\u548c\u5bb9\u5668\uff09\u90fd\u5b58\u5728\u4e00\u4e2a\u5355\u72ec\u7684\u73af\u3002 \u73af\u6784\u5efa\u5668 \u5728\u5bf9\u8c61\u5b58\u50a8\u4e2d\u6784\u5efa\u548c\u7ba1\u7406\u73af\uff0c\u4e3a\u8bbe\u5907\u5206\u914d\u5206\u533a\uff0c\u5e76\u5c06\u914d\u7f6e\u63a8\u9001\u5230\u5176\u4ed6\u5b58\u50a8\u8282\u70b9\u3002 Rocky OpenStack \u7b2c 18 \u7248\u7684\u4ee3\u53f7\u3002OpenStack\u5cf0\u4f1a\u5728\u52a0\u62ff\u5927\u6e29\u54e5\u534e\u4e3e\u884c\u3002\u8be5\u7248\u672c\u4ee5\u843d\u57fa\u5c71\u8109\u547d\u540d\u3002 \u89d2\u8272 \u7528\u6237\u4e3a\u6267\u884c\u4e00\u7ec4\u7279\u5b9a\u64cd\u4f5c\u800c\u5047\u5b9a\u7684\u4e2a\u6027\u3002\u89d2\u8272\u5305\u62ec\u4e00\u7ec4\u6743\u9650\u548c\u7279\u6743\u3002\u62c5\u4efb\u8be5\u89d2\u8272\u7684\u7528\u6237\u5c06\u7ee7\u627f\u8fd9\u4e9b\u6743\u5229\u548c\u7279\u6743\u3002 \u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236 \uff08RBAC\uff09 \u63d0\u4f9b\u7528\u6237\u53ef\u4ee5\u6267\u884c\u7684\u64cd\u4f5c\u7684\u9884\u5b9a\u4e49\u5217\u8868\uff0c\u4f8b\u5982\u542f\u52a8\u6216\u505c\u6b62 VM\u3001\u91cd\u7f6e\u5bc6\u7801\u7b49\u3002\u5728\u6807\u8bc6\u548c\u8ba1\u7b97\u4e2d\u5747\u53d7\u652f\u6301\uff0c\u53ef\u4ee5\u4f7f\u7528\u4eea\u8868\u677f\u8fdb\u884c\u914d\u7f6e\u3002 \u89d2\u8272 ID \u5206\u914d\u7ed9\u6bcf\u4e2a\u8eab\u4efd\u670d\u52a1\u89d2\u8272\u7684\u5b57\u6bcd\u6570\u5b57 ID\u3002 \u6839\u672c\u539f\u56e0\u5206\u6790\uff08RCA\uff09\u670d\u52a1\uff08Vitrage\uff09 OpenStack\u9879\u76ee\u65e8\u5728\u7ec4\u7ec7\u3001\u5206\u6790\u548c\u53ef\u89c6\u5316OpenStack\u8b66\u62a5\u548c\u4e8b\u4ef6\uff0c\u6df1\u5165\u4e86\u89e3\u95ee\u9898\u7684\u6839\u672c\u539f\u56e0\uff0c\u5e76\u5728\u76f4\u63a5\u68c0\u6d4b\u5230\u95ee\u9898\u4e4b\u524d\u63a8\u65ad\u51fa\u5b83\u4eec\u7684\u5b58\u5728\u3002 rootwrap \u8ba1\u7b97\u7684\u4e00\u9879\u529f\u80fd\uff0c\u5141\u8bb8\u975e\u7279\u6743\u201cnova\u201d\u7528\u6237\u4ee5 Linux root \u7528\u6237\u8eab\u4efd\u8fd0\u884c\u6307\u5b9a\u7684\u547d\u4ee4\u5217\u8868\u3002 \u5faa\u73af\u8c03\u5ea6\u5668 \u5728\u53ef\u7528\u4e3b\u673a\u4e4b\u95f4\u5747\u5300\u5206\u914d\u5b9e\u4f8b\u7684\u8ba1\u7b97\u8ba1\u5212\u7a0b\u5e8f\u7684\u7c7b\u578b\u3002 \u8def\u7531\u5668 \u5728\u4e0d\u540c\u7f51\u7edc\u4e4b\u95f4\u4f20\u9012\u7f51\u7edc\u6d41\u91cf\u7684\u7269\u7406\u6216\u865a\u62df\u7f51\u7edc\u8bbe\u5907\u3002 \u8def\u7531\u5bc6\u94a5 \u8ba1\u7b97\u76f4\u63a5\u4ea4\u6362\u3001\u6247\u51fa\u4ea4\u6362\u548c\u4e3b\u9898\u4ea4\u6362\u4f7f\u7528\u6b64\u5bc6\u94a5\u6765\u786e\u5b9a\u5982\u4f55\u5904\u7406\u6d88\u606f;\u5904\u7406\u65b9\u5f0f\u56e0 Exchange \u7c7b\u578b\u800c\u5f02\u3002 RPC \u9a71\u52a8\u7a0b\u5e8f \u6a21\u5757\u5316\u7cfb\u7edf\uff0c\u5141\u8bb8\u66f4\u6539 Compute \u7684\u5e95\u5c42\u6d88\u606f\u961f\u5217\u8f6f\u4ef6\u3002\u4f8b\u5982\uff0c\u4ece RabbitMQ \u5230 ZeroMQ \u6216 Qpid\u3002 rsync \u7531\u5bf9\u8c61\u5b58\u50a8\u7528\u4e8e\u63a8\u9001\u5bf9\u8c61\u526f\u672c\u3002 RXTX \u9650 \u5236 \u8ba1\u7b97 VM \u5b9e\u4f8b\u53ef\u4ee5\u53d1\u9001\u548c\u63a5\u6536\u7684\u7f51\u7edc\u6d41\u91cf\u7684\u7edd\u5bf9\u9650\u5236\u3002 RXTX \u914d\u989d \u5bf9\u8ba1\u7b97 VM \u5b9e\u4f8b\u53ef\u4ee5\u53d1\u9001\u548c\u63a5\u6536\u7684\u7f51\u7edc\u6d41\u91cf\u7684\u8f6f\u9650\u5236\u3002","title":"R"},{"location":"security/security-guide/#s","text":"sahara \u6570\u636e\u5904\u7406\u670d\u52a1\u7684\u4ee3\u53f7\u3002 SAML \u65ad\u8a00 \u5305\u542b\u6807\u8bc6\u63d0\u4f9b\u8005\u63d0\u4f9b\u7684\u6709\u5173\u7528\u6237\u7684\u4fe1\u606f\u3002\u8fd9\u8868\u793a\u7528\u6237\u5df2\u901a\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u3002 \u6c99\u76d2 \u4e00\u4e2a\u865a\u62df\u7a7a\u95f4\uff0c\u53ef\u4ee5\u5728\u5176\u4e2d\u5b89\u5168\u5730\u8fd0\u884c\u65b0\u7684\u6216\u672a\u7ecf\u6d4b\u8bd5\u7684\u8f6f\u4ef6\u3002 \u8c03\u5ea6\u5668\u7ba1\u7406\u5668 \u4e00\u4e2a\u8ba1\u7b97\u7ec4\u4ef6\uff0c\u7528\u4e8e\u786e\u5b9a VM \u5b9e\u4f8b\u7684\u542f\u52a8\u4f4d\u7f6e\u3002\u91c7\u7528\u6a21\u5757\u5316\u8bbe\u8ba1\uff0c\u652f\u6301\u591a\u79cd\u8c03\u5ea6\u7a0b\u5e8f\u7c7b\u578b\u3002 \u4f5c\u7528\u57df\u4ee4\u724c \u4e0e\u7279\u5b9a\u9879\u76ee\u5173\u8054\u7684\u8eab\u4efd\u670d\u52a1 API \u8bbf\u95ee\u4ee4\u724c\u3002 \u6d17\u6da4\u5668 \u68c0\u67e5\u5e76\u5220\u9664\u672a\u4f7f\u7528\u7684\u865a\u62df\u673a;\u5b9e\u73b0\u5ef6\u8fdf\u5220\u9664\u7684\u5f71\u50cf\u670d\u52a1\u7ec4\u4ef6\u3002 \u5bc6\u94a5 \u53ea\u6709\u7528\u6237\u77e5\u9053\u7684\u6587\u672c\u5b57\u7b26\u4e32;\u4e0e\u8bbf\u95ee\u5bc6\u94a5\u4e00\u8d77\u4f7f\u7528\uff0c\u4ee5\u5411\u8ba1\u7b97 API \u53d1\u51fa\u8bf7\u6c42\u3002 \u5b89\u5168\u542f\u52a8 \u7cfb\u7edf\u56fa\u4ef6\u9a8c\u8bc1\u542f\u52a8\u8fc7\u7a0b\u4e2d\u6d89\u53ca\u7684\u4ee3\u7801\u7684\u771f\u5b9e\u6027\u7684\u8fc7\u7a0b\u3002 \u5b89\u5168\u5916\u58f3 \uff08SSH\uff09 \u7528\u4e8e\u901a\u8fc7\u52a0\u5bc6\u901a\u4fe1\u901a\u9053\u8bbf\u95ee\u8fdc\u7a0b\u4e3b\u673a\u7684\u5f00\u6e90\u5de5\u5177\uff0c\u8ba1\u7b97\u652f\u6301 SSH \u5bc6\u94a5\u6ce8\u5165\u3002 \u5b89\u5168\u7ec4 \u5e94\u7528\u4e8e\u8ba1\u7b97\u5b9e\u4f8b\u7684\u4e00\u7ec4\u7f51\u7edc\u6d41\u91cf\u7b5b\u9009\u89c4\u5219\u3002 \u5206\u6bb5\u5bf9\u8c61 \u5df2\u5206\u89e3\u4e3a\u591a\u4e2a\u90e8\u5206\u7684\u5bf9\u8c61\u5b58\u50a8\u5927\u578b\u5bf9\u8c61\u3002\u91cd\u65b0\u7ec4\u5408\u7684\u5bf9\u8c61\u79f0\u4e3a\u4e32\u8054\u5bf9\u8c61\u3002 \u81ea\u52a9\u670d\u52a1 \u5bf9\u4e8e IaaS\uff0c\u5e38\u89c4\uff08\u975e\u7279\u6743\uff09\u5e10\u6237\u80fd\u591f\u5728\u4e0d\u6d89\u53ca\u7ba1\u7406\u5458\u7684\u60c5\u51b5\u4e0b\u7ba1\u7406\u865a\u62df\u57fa\u7840\u67b6\u6784\u7ec4\u4ef6\uff08\u5982\u7f51\u7edc\uff09\u3002 SELinux \u51fd\u6570 Linux \u5185\u6838\u5b89\u5168\u6a21\u5757\uff0c\u63d0\u4f9b\u7528\u4e8e\u652f\u6301\u8bbf\u95ee\u63a7\u5236\u7b56\u7565\u7684\u673a\u5236\u3002 senlin \u7fa4\u96c6\u670d\u52a1\u7684\u4ee3\u7801\u540d\u79f0\u3002 \u670d\u52a1\u5668 \u4e3a\u8be5\u7cfb\u7edf\u4e0a\u8fd0\u884c\u7684\u5ba2\u6237\u7aef\u8f6f\u4ef6\u63d0\u4f9b\u663e\u5f0f\u670d\u52a1\u7684\u8ba1\u7b97\u673a\uff0c\u901a\u5e38\u7ba1\u7406\u5404\u79cd\u8ba1\u7b97\u673a\u64cd\u4f5c\u3002\u670d\u52a1\u5668\u662f\u8ba1\u7b97\u7cfb\u7edf\u4e2d\u7684 VM \u5b9e\u4f8b\u3002\u98ce\u683c\u548c\u56fe\u50cf\u662f\u521b\u5efa\u670d\u52a1\u5668\u65f6\u7684\u5fc5\u8981\u5143\u7d20\u3002 \u670d\u52a1\u5668\u6620\u50cf VM \u6620\u50cf\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u670d\u52a1\u5668 UUID \u5206\u914d\u7ed9\u6bcf\u4e2a\u6765\u5bbe VM \u5b9e\u4f8b\u7684\u552f\u4e00 ID\u3002 \u670d\u52a1 OpenStack \u670d\u52a1\uff0c\u4f8b\u5982\u8ba1\u7b97\u3001\u5bf9\u8c61\u5b58\u50a8\u6216\u6620\u50cf\u670d\u52a1\u3002\u63d0\u4f9b\u4e00\u4e2a\u6216\u591a\u4e2a\u7aef\u70b9\uff0c\u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u8fd9\u4e9b\u7aef\u70b9\u8bbf\u95ee\u8d44\u6e90\u548c\u6267\u884c\u64cd\u4f5c\u3002 \u670d\u52a1\u76ee\u5f55 Identity \u670d\u52a1\u76ee\u5f55\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u670d\u52a1\u529f\u80fd\u94fe \uff08SFC\uff09 \u5bf9\u4e8e\u7ed9\u5b9a\u7684\u670d\u52a1\uff0cSFC \u662f\u6240\u9700\u670d\u52a1\u529f\u80fd\u53ca\u5176\u5e94\u7528\u987a\u5e8f\u7684\u62bd\u8c61\u89c6\u56fe\u3002 \u670d\u52a1 ID \u5206\u914d\u7ed9 Identity \u670d\u52a1\u76ee\u5f55\u4e2d\u53ef\u7528\u7684\u6bcf\u4e2a\u670d\u52a1\u7684\u552f\u4e00 ID\u3002 \u670d\u52a1\u6c34\u5e73\u534f\u8bae \uff08SLA\uff09 \u786e\u4fdd\u670d\u52a1\u53ef\u7528\u6027\u7684\u5408\u540c\u4e49\u52a1\u3002 \u670d\u52a1\u9879\u76ee \u5305\u542b\u76ee\u5f55\u4e2d\u5217\u51fa\u7684\u6240\u6709\u670d\u52a1\u7684\u7279\u6b8a\u9879\u76ee\u3002 \u670d\u52a1\u63d0\u4f9b\u8005 \u5411\u5176\u4ed6\u7cfb\u7edf\u5b9e\u4f53\u63d0\u4f9b\u670d\u52a1\u7684\u7cfb\u7edf\u3002\u5728\u8054\u5408\u8eab\u4efd\u7684\u60c5\u51b5\u4e0b\uff0cOpenStack \u8eab\u4efd\u662f\u670d\u52a1\u63d0\u4f9b\u8005\u3002 \u670d\u52a1\u6ce8\u518c \u4e00\u79cd\u8eab\u4efd\u670d\u52a1\u529f\u80fd\uff0c\u4f7f\u670d\u52a1\uff08\u5982\u8ba1\u7b97\uff09\u80fd\u591f\u81ea\u52a8\u6ce8\u518c\u5230\u76ee\u5f55\u3002 \u670d\u52a1\u4ee4\u724c \u7ba1\u7406\u5458\u5b9a\u4e49\u7684\u4ee4\u724c\uff0c\u7531\u8ba1\u7b97\u7528\u4e8e\u4e0e\u8eab\u4efd\u670d\u52a1\u8fdb\u884c\u5b89\u5168\u901a\u4fe1\u3002 \u4f1a\u8bdd\u540e\u7aef Horizon \u7528\u4e8e\u8ddf\u8e2a\u5ba2\u6237\u7aef\u4f1a\u8bdd\u7684\u5b58\u50a8\u65b9\u6cd5\uff0c\u4f8b\u5982\u672c\u5730\u5185\u5b58\u3001Cookie\u3001\u6570\u636e\u5e93\u6216 memcached\u3002 \u4f1a\u8bdd\u6301\u4e45\u5316 \u8d1f\u8f7d\u5e73\u8861\u670d\u52a1\u7684\u4e00\u9879\u529f\u80fd\u3002\u53ea\u8981\u67d0\u4e2a\u670d\u52a1\u5904\u4e8e\u8054\u673a\u72b6\u6001\uff0c\u5b83\u5c31\u4f1a\u5c1d\u8bd5\u5f3a\u5236\u5c06\u670d\u52a1\u7684\u540e\u7eed\u8fde\u63a5\u91cd\u5b9a\u5411\u5230\u540c\u4e00\u8282\u70b9\u3002 \u4f1a\u8bdd\u5b58\u50a8 \u7528\u4e8e\u5b58\u50a8\u548c\u8ddf\u8e2a\u5ba2\u6237\u7aef\u4f1a\u8bdd\u4fe1\u606f\u7684 Horizon \u7ec4\u4ef6\u3002\u901a\u8fc7 Django \u4f1a\u8bdd\u6846\u67b6\u5b9e\u73b0\u3002 \u5171\u4eab \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4e0a\u4e0b\u6587\u4e2d\u7684\u8fdc\u7a0b\u53ef\u6302\u8f7d\u6587\u4ef6\u7cfb\u7edf\u3002\u60a8\u53ef\u4ee5\u4e00\u6b21\u5c06\u5171\u4eab\u88c5\u8f7d\u5230\u591a\u4e2a\u4e3b\u673a\uff0c\u4e5f\u53ef\u4ee5\u7531\u591a\u4e2a\u7528\u6237\u4ece\u591a\u4e2a\u4e3b\u673a\u8bbf\u95ee\u5171\u4eab\u3002 \u5171\u4eab\u7f51\u7edc \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4e0a\u4e0b\u6587\u4e2d\u7684\u5b9e\u4f53\uff0c\u7528\u4e8e\u5c01\u88c5\u4e0e\u7f51\u7edc\u670d\u52a1\u7684\u4ea4\u4e92\u3002\u5982\u679c\u6240\u9009\u9a71\u52a8\u7a0b\u5e8f\u5728\u9700\u8981\u6b64\u7c7b\u4ea4\u4e92\u7684\u6a21\u5f0f\u4e0b\u8fd0\u884c\uff0c\u5219\u9700\u8981\u6307\u5b9a\u5171\u4eab\u7f51\u7edc\u4ee5\u521b\u5efa\u5171\u4eab\u3002 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf API \u63d0\u4f9b\u7a33\u5b9a RESTful API \u7684\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u3002\u8be5\u670d\u52a1\u5728\u6574\u4e2a\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\u4e2d\u5bf9\u8bf7\u6c42\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u548c\u8def\u7531\u3002\u6709 python-manilaclient \u53ef\u4ee5\u4e0e API \u4ea4\u4e92\u3002 \u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\uff08manila\uff09 \u8be5\u670d\u52a1\u63d0\u4f9b\u4e00\u7ec4\u670d\u52a1\uff0c\u7528\u4e8e\u7ba1\u7406\u591a\u9879\u76ee\u4e91\u73af\u5883\u4e2d\u7684\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\uff0c\u7c7b\u4f3c\u4e8e OpenStack \u901a\u8fc7 OpenStack Block Storage \u670d\u52a1\u9879\u76ee\u63d0\u4f9b\u57fa\u4e8e\u5757\u7684\u5b58\u50a8\u7ba1\u7406\u3002\u4f7f\u7528\u5171\u4eab\u6587\u4ef6\u7cfb\u7edf\u670d\u52a1\uff0c\u60a8\u53ef\u4ee5\u521b\u5efa\u8fdc\u7a0b\u6587\u4ef6\u7cfb\u7edf\u5e76\u5c06\u6587\u4ef6\u7cfb\u7edf\u6302\u8f7d\u5230\u60a8\u7684\u5b9e\u4f8b\u4e0a\u3002\u60a8\u8fd8\u53ef\u4ee5\u5728\u6587\u4ef6\u7cfb\u7edf\u4e2d\u8bfb\u53d6\u548c\u5199\u5165\u5b9e\u4f8b\u4e2d\u7684\u6570\u636e\u3002 \u5171\u4eab IP \u5730\u5740 \u53ef\u5206\u914d\u7ed9\u5171\u4eab IP \u7ec4\u4e2d\u7684 VM \u5b9e\u4f8b\u7684 IP \u5730\u5740\u3002\u516c\u5171 IP \u5730\u5740\u53ef\u4ee5\u5728\u591a\u4e2a\u670d\u52a1\u5668\u4e4b\u95f4\u5171\u4eab\uff0c\u4ee5\u4fbf\u5728\u5404\u79cd\u9ad8\u53ef\u7528\u6027\u65b9\u6848\u4e2d\u4f7f\u7528\u3002\u5f53 IP \u5730\u5740\u5171\u4eab\u5230\u53e6\u4e00\u53f0\u670d\u52a1\u5668\u65f6\uff0c\u5c06\u4fee\u6539\u4e91\u7f51\u7edc\u9650\u5236\uff0c\u4f7f\u6bcf\u4e2a\u670d\u52a1\u5668\u90fd\u80fd\u4fa6\u542c\u548c\u54cd\u5e94\u8be5 IP \u5730\u5740\u3002\u60a8\u53ef\u4ee5\u9009\u62e9\u6307\u5b9a\u4fee\u6539\u76ee\u6807\u670d\u52a1\u5668\u7f51\u7edc\u914d\u7f6e\u3002\u5171\u4eab IP \u5730\u5740\u53ef\u4ee5\u4e0e\u8bb8\u591a\u6807\u51c6\u68c0\u6d4b\u4fe1\u53f7\u5de5\u5177\uff08\u5982 keepalive\uff09\u4e00\u8d77\u4f7f\u7528\uff0c\u8fd9\u4e9b\u5de5\u5177\u53ef\u76d1\u89c6\u6545\u969c\u5e76\u7ba1\u7406 IP \u6545\u969c\u8f6c\u79fb\u3002 \u5171\u4eab IP \u7ec4 \u53ef\u4ee5\u4e0e\u7ec4\u7684\u5176\u4ed6\u6210\u5458\u5171\u4eab IP \u7684\u670d\u52a1\u5668\u96c6\u5408\u3002\u7ec4\u4e2d\u7684\u4efb\u4f55\u670d\u52a1\u5668\u90fd\u53ef\u4ee5\u4e0e\u7ec4\u4e2d\u7684\u4efb\u4f55\u5176\u4ed6\u670d\u52a1\u5668\u5171\u4eab\u4e00\u4e2a\u6216\u591a\u4e2a\u516c\u5171 IP\u3002\u9664\u4e86\u5171\u4eab IP \u7ec4\u4e2d\u7684\u7b2c\u4e00\u53f0\u670d\u52a1\u5668\u5916\uff0c\u670d\u52a1\u5668\u5fc5\u987b\u542f\u52a8\u5230\u5171\u4eab IP \u7ec4\u4e2d\u3002\u4e00\u53f0\u670d\u52a1\u5668\u53ea\u80fd\u662f\u4e00\u4e2a\u5171\u4eab IP \u7ec4\u7684\u6210\u5458\u3002 \u5171\u4eab\u5b58\u50a8 \u53ef\u7531\u591a\u4e2a\u5ba2\u6237\u7aef\u540c\u65f6\u8bbf\u95ee\u7684\u5757\u5b58\u50a8\uff0c\u4f8b\u5982 NFS\u3002 Sheepdog \u9762\u5411 QEMU \u7684\u5206\u5e03\u5f0f\u5757\u5b58\u50a8\u7cfb\u7edf\uff0c\u7531 OpenStack \u63d0\u4f9b\u652f\u6301\u3002 \u7b80\u5355\u4e91\u8eab\u4efd\u7ba1\u7406 \uff08SCIM\uff09 \u7528\u4e8e\u5728\u4e91\u4e2d\u7ba1\u7406\u8eab\u4efd\u7684\u89c4\u8303\uff0c\u76ee\u524d\u4e0d\u53d7 OpenStack \u652f\u6301\u3002 \u72ec\u7acb\u8ba1\u7b97\u73af\u5883\u7684\u7b80\u5355\u534f\u8bae \uff08SPICE\uff09 SPICE \u63d0\u4f9b\u5bf9\u5ba2\u6237\u673a\u865a\u62df\u673a\u7684\u8fdc\u7a0b\u684c\u9762\u8bbf\u95ee\u3002\u5b83\u662f VNC \u7684\u66ff\u4ee3\u54c1\u3002OpenStack\u652f\u6301SPICE\u3002 \u5355\u6839 I/O \u865a\u62df\u5316 \uff08SR-IOV\uff09 \u5f53\u7531\u7269\u7406 PCIe \u8bbe\u5907\u5b9e\u73b0\u65f6\uff0c\u8be5\u89c4\u8303\u4f7f\u5176\u80fd\u591f\u663e\u793a\u4e3a\u591a\u4e2a\u5355\u72ec\u7684 PCIe \u8bbe\u5907\u3002\u8fd9\u4f7f\u591a\u4e2a\u865a\u62df\u5316\u5ba2\u6237\u673a\u80fd\u591f\u5171\u4eab\u5bf9\u7269\u7406\u8bbe\u5907\u7684\u76f4\u63a5\u8bbf\u95ee\uff0c\u4ece\u800c\u63d0\u4f9b\u6bd4\u7b49\u6548\u865a\u62df\u8bbe\u5907\u66f4\u9ad8\u7684\u6027\u80fd\u3002\u76ee\u524d\u5728 OpenStack Havana \u53ca\u66f4\u9ad8\u7248\u672c\u4e2d\u53d7\u652f\u6301\u3002 SmokeStack \u9488\u5bf9\u6838\u5fc3 OpenStack API \u8fd0\u884c\u81ea\u52a8\u5316\u6d4b\u8bd5;\u7528 Rails \u7f16\u5199\u3002 \u5feb\u7167 OpenStack \u5b58\u50a8\u5377\u6216\u6620\u50cf\u7684\u65f6\u95f4\u70b9\u526f\u672c\u3002\u4f7f\u7528\u5b58\u50a8\u5377\u5feb\u7167\u5907\u4efd\u5377\u3002\u4f7f\u7528\u6620\u50cf\u5feb\u7167\u6765\u5907\u4efd\u6570\u636e\uff0c\u6216\u4f5c\u4e3a\u5176\u4ed6\u670d\u52a1\u5668\u7684\u201c\u9ec4\u91d1\u201d\u6620\u50cf\u3002 \u8f6f\u91cd\u542f \u901a\u8fc7\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6b63\u786e\u91cd\u542f VM \u5b9e\u4f8b\u7684\u53d7\u63a7\u91cd\u542f\u3002 \u8f6f\u4ef6\u5f00\u53d1\u5de5\u5177\u5305 \uff08SDK\uff09 \u5305\u542b\u4ee3\u7801\u3001\u793a\u4f8b\u548c\u6587\u6863\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528\u8fd9\u4e9b\u4ee3\u7801\u3001\u793a\u4f8b\u548c\u6587\u6863\u4ee5\u6240\u9009\u8bed\u8a00\u521b\u5efa\u5e94\u7528\u7a0b\u5e8f\u3002 \u8f6f\u4ef6\u5f00\u53d1\u751f\u547d\u5468\u671f\u81ea\u52a8\u5316\u670d\u52a1\uff08solum\uff09 OpenStack\u9879\u76ee\uff0c\u65e8\u5728\u901a\u8fc7\u81ea\u52a8\u5316\u4ece\u6e90\u5230\u6620\u50cf\u7684\u8fc7\u7a0b\uff0c\u5e76\u7b80\u5316\u4ee5\u5e94\u7528\u7a0b\u5e8f\u4e3a\u4e2d\u5fc3\u7684\u90e8\u7f72\uff0c\u4f7f\u4e91\u670d\u52a1\u66f4\u6613\u4e8e\u4f7f\u7528\u5e76\u4e0e\u5e94\u7528\u7a0b\u5e8f\u5f00\u53d1\u8fc7\u7a0b\u96c6\u6210\u3002 \u8f6f\u4ef6\u5b9a\u4e49\u7f51\u7edc \uff08SDN\uff09 \u4e3a\u7f51\u7edc\u7ba1\u7406\u5458\u63d0\u4f9b\u4e00\u79cd\u65b9\u6cd5\uff0c\u901a\u8fc7\u62bd\u8c61\u8f83\u4f4e\u7ea7\u522b\u7684\u529f\u80fd\u6765\u7ba1\u7406\u8ba1\u7b97\u673a\u7f51\u7edc\u670d\u52a1\u3002 SolidFire \u5377\u9a71\u52a8\u7a0b\u5e8f SolidFire iSCSI \u5b58\u50a8\u8bbe\u5907\u7684\u5757\u5b58\u50a8\u9a71\u52a8\u7a0b\u5e8f\u3002 solum \u8f6f\u4ef6\u5f00\u53d1\u751f\u547d\u5468\u671f\u81ea\u52a8\u5316\u670d\u52a1\u7684\u4ee3\u53f7\u3002 \u70b9\u5dee\u4f18\u5148\u8c03\u5ea6\u5668 \u8ba1\u7b97 VM \u8ba1\u5212\u7b97\u6cd5\uff0c\u5c1d\u8bd5\u4ee5\u6700\u5c0f\u7684\u8d1f\u8f7d\u5728\u4e3b\u673a\u4e0a\u542f\u52a8\u65b0 VM\u3002 SQLAlchemy \u7528\u4e8e Python \u7684\u5f00\u6e90 SQL \u5de5\u5177\u5305\uff0c\u7528\u4e8e OpenStack\u3002 SQLite \u4e00\u4e2a\u8f7b\u91cf\u7ea7\u7684 SQL \u6570\u636e\u5e93\uff0c\u5728\u8bb8\u591a OpenStack \u670d\u52a1\u4e2d\u7528\u4f5c\u9ed8\u8ba4\u7684\u6301\u4e45\u5316\u5b58\u50a8\u65b9\u6cd5\u3002 \u5806\u6808 \u7531\u7f16\u6392\u670d\u52a1\u6839\u636e\u7ed9\u5b9a\u6a21\u677f\uff08AWS CloudFormation \u6a21\u677f\u6216 Heat \u7f16\u6392\u6a21\u677f \uff08HOT\uff09\uff09\u521b\u5efa\u548c\u7ba1\u7406\u7684\u4e00\u7ec4 OpenStack \u8d44\u6e90\u3002 StackTach \u6355\u83b7\u8ba1\u7b97 AMQP \u901a\u4fe1\u7684\u793e\u533a\u9879\u76ee;\u5bf9\u8c03\u8bd5\u5f88\u6709\u7528\u3002 \u9759\u6001 IP \u5730\u5740 \u56fa\u5b9a IP \u5730\u5740\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u9759\u6001\u7f51\u9875 \u5bf9\u8c61\u5b58\u50a8\u7684 WSGI \u4e2d\u95f4\u4ef6\u7ec4\u4ef6\uff0c\u5c06\u5bb9\u5668\u6570\u636e\u4f5c\u4e3a\u9759\u6001\u7f51\u9875\u63d0\u4f9b\u3002 Stein OpenStack \u7b2c 19 \u7248\u7684\u4ee3\u53f7\u3002OpenStack\u5cf0\u4f1a\u5728\u5fb7\u56fd\u67cf\u6797\u4e3e\u884c\u3002\u8be5\u7248\u672c\u4ee5\u67cf\u6797\u7684 Steinstra\u00dfe \u8857\u547d\u540d\u3002 \u5b58\u50a8\u540e\u7aef \u670d\u52a1\u7528\u4e8e\u6301\u4e45\u6027\u5b58\u50a8\u7684\u65b9\u6cd5\uff0c\u4f8b\u5982 iSCSI\u3001NFS \u6216\u672c\u5730\u78c1\u76d8\u3002 \u5b58\u50a8\u7ba1\u7406\u5668 \u4e00\u4e2a XenAPI \u7ec4\u4ef6\uff0c\u5b83\u63d0\u4f9b\u53ef\u63d2\u5165\u63a5\u53e3\u4ee5\u652f\u6301\u5404\u79cd\u6301\u4e45\u6027\u5b58\u50a8\u540e\u7aef\u3002 \u5b58\u50a8\u7ba1\u7406\u5668\u540e\u7aef XenAPI \u652f\u6301\u7684\u6301\u4e45\u6027\u5b58\u50a8\u65b9\u6cd5\uff0c\u4f8b\u5982 iSCSI \u6216 NFS\u3002 \u5b58\u50a8\u8282\u70b9 \u63d0\u4f9b\u5bb9\u5668\u670d\u52a1\u3001\u8d26\u6237\u670d\u52a1\u548c\u5bf9\u8c61\u670d\u52a1\u7684\u5bf9\u8c61\u5b58\u50a8\u8282\u70b9;\u63a7\u5236\u5e10\u6237\u6570\u636e\u5e93\u3001\u5bb9\u5668\u6570\u636e\u5e93\u548c\u5bf9\u8c61\u5b58\u50a8\u3002 \u5b58\u50a8\u670d\u52a1 \u63d0\u4f9b\u5bb9\u5668\u670d\u52a1\u3001\u8d26\u6237\u670d\u52a1\u548c\u5bf9\u8c61\u670d\u52a1\u7684\u5bf9\u8c61\u5b58\u50a8\u8282\u70b9;\u63a7\u5236\u5e10\u6237\u6570\u636e\u5e93\u3001\u5bb9\u5668\u6570\u636e\u5e93\u548c\u5bf9\u8c61\u5b58\u50a8\u3002 \u5b58\u50a8\u670d\u52a1 \u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61\u670d\u52a1\u3001\u5bb9\u5668\u670d\u52a1\u548c\u5e10\u6237\u670d\u52a1\u7684\u96c6\u5408\u540d\u79f0\u3002 \u7b56\u7565 \u6307\u5b9a\u955c\u50cf\u670d\u52a1\u6216\u8eab\u4efd\u4f7f\u7528\u7684\u8ba4\u8bc1\u6e90\u3002\u5728\u6570\u636e\u5e93\u670d\u52a1\u4e2d\uff0c\u5b83\u662f\u6307\u4e3a\u6570\u636e\u5b58\u50a8\u5b9e\u73b0\u7684\u6269\u5c55\u3002 \u5b50\u57df \u7236\u57df\u4e2d\u7684\u57df\u3002\u65e0\u6cd5\u6ce8\u518c\u5b50\u57df\u3002\u5b50\u57df\u4f7f\u60a8\u80fd\u591f\u59d4\u6d3e\u57df\u3002\u5b50\u57df\u672c\u8eab\u53ef\u4ee5\u6709\u5b50\u57df\uff0c\u56e0\u6b64\u53ef\u4ee5\u8fdb\u884c\u4e09\u7ea7\u3001\u56db\u7ea7\u3001\u4e94\u7ea7\u548c\u66f4\u6df1\u7ea7\u522b\u7684\u5d4c\u5957\u3002 \u5b50\u7f51 IP \u7f51\u7edc\u7684\u903b\u8f91\u7ec6\u5206\u3002 SUSE Linux Enterprise Server \uff08SLES\uff09 \uff08\u82f1\u8bed\uff09 \u4e0e OpenStack \u517c\u5bb9\u7684 Linux \u53d1\u884c\u7248\u3002 \u6302\u8d77 \u865a\u62df\u673a\u5b9e\u4f8b\u5c06\u6682\u505c\uff0c\u5176\u72b6\u6001\u5c06\u4fdd\u5b58\u5230\u4e3b\u673a\u7684\u78c1\u76d8\u4e2d\u3002 \u4ea4\u6362 \u64cd\u4f5c\u7cfb\u7edf\u4f7f\u7528\u7684\u57fa\u4e8e\u78c1\u76d8\u7684\u865a\u62df\u5185\u5b58\uff0c\u7528\u4e8e\u63d0\u4f9b\u6bd4\u7cfb\u7edf\u4e0a\u5b9e\u9645\u53ef\u7528\u7684\u5185\u5b58\u66f4\u591a\u7684\u5185\u5b58\u3002 swift OpenStack \u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u7684\u4ee3\u53f7\u3002 swift \u591a\u5408\u4e00 \uff08SAIO\uff09 Swift \u4e2d\u95f4\u4ef6 \u63d0\u4f9b\u9644\u52a0\u529f\u80fd\u7684\u5bf9\u8c61\u5b58\u50a8\u7ec4\u4ef6\u7684\u7edf\u79f0\u3002 Swift \u4ee3\u7406\u670d\u52a1\u5668 \u5145\u5f53\u5bf9\u8c61\u5b58\u50a8\u7684\u7f51\u5b88\uff0c\u5e76\u8d1f\u8d23\u5bf9\u7528\u6237\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002 Swift \u5b58\u50a8\u8282\u70b9 \u8fd0\u884c\u5bf9\u8c61\u5b58\u50a8\u5e10\u6237\u3001\u5bb9\u5668\u548c\u5bf9\u8c61\u670d\u52a1\u7684\u8282\u70b9\u3002 \u540c\u6b65\u70b9 \u81ea\u4e0a\u6b21\u5bb9\u5668\u548c\u5e10\u6237\u6570\u636e\u5e93\u5728\u5bf9\u8c61\u5b58\u50a8\u4e2d\u7684\u8282\u70b9\u4e4b\u95f4\u540c\u6b65\u4ee5\u6765\u7684\u65f6\u95f4\u70b9\u3002 \u7cfb\u7edf\u7ba1\u7406\u5458 \u8ba1\u7b97 RBAC \u7cfb\u7edf\u4e2d\u7684\u9ed8\u8ba4\u89d2\u8272\u4e4b\u4e00\u3002\u4f7f\u7528\u6237\u80fd\u591f\u5c06\u5176\u4ed6\u7528\u6237\u6dfb\u52a0\u5230\u9879\u76ee\u4e2d\uff0c\u4e0e\u4e0e\u9879\u76ee\u5173\u8054\u7684 VM \u6620\u50cf\u8fdb\u884c\u4ea4\u4e92\uff0c\u4ee5\u53ca\u542f\u52a8\u548c\u505c\u6b62 VM \u5b9e\u4f8b\u3002 \u7cfb\u7edf\u4f7f\u7528\u60c5\u51b5 \u4e00\u4e2a\u8ba1\u7b97\u7ec4\u4ef6\uff0c\u5b83\u4e0e\u901a\u77e5\u7cfb\u7edf\u4e00\u8d77\u6536\u96c6\u8ba1\u91cf\u548c\u4f7f\u7528\u60c5\u51b5\u4fe1\u606f\u3002\u6b64\u4fe1\u606f\u53ef\u7528\u4e8e\u8ba1\u8d39\u3002","title":"S"},{"location":"security/security-guide/#t","text":"Tacker NFV \u7f16\u6392\u670d\u52a1\u7684\u4ee3\u7801\u540d\u79f0 \u9065\u6d4b\u670d\u52a1\uff08telemetry\uff09 OpenStack\u9879\u76ee\u6536\u96c6\u5305\u542b\u5df2\u90e8\u7f72\u4e91\u7684\u7269\u7406\u548c\u865a\u62df\u8d44\u6e90\u5229\u7528\u7387\u7684\u6d4b\u91cf\u503c\uff0c\u4fdd\u7559\u6b64\u6570\u636e\u4ee5\u4f9b\u540e\u7eed\u68c0\u7d22\u548c\u5206\u6790\uff0c\u5e76\u5728\u6ee1\u8db3\u5b9a\u4e49\u7684\u6761\u4ef6\u65f6\u89e6\u53d1\u64cd\u4f5c\u3002 TempAuth \u51fd\u6570 Object Storage\u4e2d\u7684\u4e00\u79cd\u8eab\u4efd\u9a8c\u8bc1\u5de5\u5177\uff0c\u4f7fObject Storage\u672c\u8eab\u80fd\u591f\u6267\u884c\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743\u3002\u7ecf\u5e38\u7528\u4e8e\u6d4b\u8bd5\u548c\u5f00\u53d1\u3002 Tempest \u81ea\u52a8\u5316\u8f6f\u4ef6\u6d4b\u8bd5\u5957\u4ef6\uff0c\u65e8\u5728\u9488\u5bf9 OpenStack \u6838\u5fc3\u9879\u76ee\u7684\u4e3b\u5e72\u8fd0\u884c\u3002 TempURL \u4e00\u4e2a\u5bf9\u8c61\u5b58\u50a8\u4e2d\u95f4\u4ef6\u7ec4\u4ef6\uff0c\u7528\u4e8e\u521b\u5efa\u7528\u4e8e\u4e34\u65f6\u5bf9\u8c61\u8bbf\u95ee\u7684 URL\u3002 \u79df\u6237 \u4e00\u7ec4\u7528\u6237;\u7528\u4e8e\u9694\u79bb\u5bf9\u8ba1\u7b97\u8d44\u6e90\u7684\u8bbf\u95ee\u3002\u9879\u76ee\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u79df\u6237 API \u9879\u76ee\u53ef\u8bbf\u95ee\u7684 API\u3002 \u79df\u6237\u7aef\u70b9 \u4e0e\u4e00\u4e2a\u6216\u591a\u4e2a\u9879\u76ee\u5173\u8054\u7684\u8eab\u4efd\u670d\u52a1 API \u7aef\u70b9\u3002 \u79df\u6237 ID \u9879\u76ee ID \u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u4ee4\u724c \u7528\u4e8e\u8bbf\u95ee OpenStack API \u548c\u8d44\u6e90\u7684\u5b57\u6bcd\u6570\u5b57\u6587\u672c\u5b57\u7b26\u4e32\u3002 \u4ee4\u724c\u670d\u52a1 \u4e00\u4e2a\u8eab\u4efd\u670d\u52a1\u7ec4\u4ef6\uff0c\u7528\u4e8e\u5728\u7528\u6237\u6216\u9879\u76ee\u901a\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u540e\u7ba1\u7406\u548c\u9a8c\u8bc1\u4ee4\u724c\u3002 \u903b\u8f91\u5220\u9664 \u7528\u4e8e\u6807\u8bb0\u5df2\u5220\u9664\u7684\u5bf9\u8c61\u5b58\u50a8\u5bf9\u8c61;\u786e\u4fdd\u5bf9\u8c61\u5728\u5220\u9664\u540e\u4e0d\u4f1a\u5728\u53e6\u4e00\u4e2a\u8282\u70b9\u4e0a\u66f4\u65b0\u3002 \u4e3b\u9898\u53d1\u5e03\u8005 \u6267\u884c RPC \u8c03\u7528\u65f6\u521b\u5efa\u7684\u8fdb\u7a0b;\u7528\u4e8e\u5c06\u6d88\u606f\u63a8\u9001\u5230\u4e3b\u9898\u4ea4\u6362\u3002 Torpedo \u7528\u4e8e\u9488\u5bf9 OpenStack API \u8fd0\u884c\u81ea\u52a8\u5316\u6d4b\u8bd5\u7684\u793e\u533a\u9879\u76ee\u3002 Train OpenStack \u7b2c 20 \u7248\u7684\u4ee3\u53f7\u3002OpenStack \u57fa\u7840\u67b6\u6784\u5cf0\u4f1a\u5728\u7f8e\u56fd\u79d1\u7f57\u62c9\u591a\u5dde\u4e39\u4f5b\u5e02\u4e3e\u884c\u3002 \u4e39\u4f5b\u7684\u4e24\u6b21\u9879\u76ee\u56e2\u961f\u805a\u4f1a\u4f1a\u8bae\u5728\u4ece\u5e02\u4e2d\u5fc3\u5230\u673a\u573a\u7684\u706b\u8f66\u7ebf\u65c1\u8fb9\u7684\u4e00\u5bb6\u9152\u5e97\u4e3e\u884c\u3002\u90a3\u91cc\u7684\u4ea4\u53c9\u4fe1\u53f7\u706f\u8fc7\u53bb\u66fe\u51fa\u73b0\u8fc7\u67d0\u79cd\u6545\u969c\uff0c\u5bfc\u81f4\u5b83\u4eec\u5728\u706b\u8f66\u6b63\u5e38\u9a76\u6765\u65f6\u6ca1\u6709\u505c\u4e0b\u8f66\u53a2\u3002\u56e0\u6b64\uff0c\u706b\u8f66\u5728\u7ecf\u8fc7\u8be5\u5730\u533a\u65f6\u5fc5\u987b\u9e23\u5587\u53ed\u3002\u663e\u7136\uff0c\u4f4f\u5728\u9152\u5e97\u91cc\uff0c\u4e58\u5750\u706b\u8f6624/7\u5439\u5587\u53ed\uff0c\u4e0d\u592a\u7406\u60f3\u3002\u7ed3\u679c\uff0c\u51fa\u73b0\u4e86\u8bb8\u591a\u5173\u4e8e\u4e39\u4f5b\u548c\u706b\u8f66\u7684\u7b11\u8bdd\u2014\u2014\u56e0\u6b64\u8fd9\u4e2a\u7248\u672c\u88ab\u79f0\u4e3a\u706b\u8f66\u3002 \u4ea4\u6613 ID \u5206\u914d\u7ed9\u6bcf\u4e2a\u5bf9\u8c61\u5b58\u50a8\u8bf7\u6c42\u7684\u552f\u4e00 ID;\u7528\u4e8e\u8c03\u8bd5\u548c\u8ddf\u8e2a\u3002 \u77ac\u6001 \u975e\u8010\u7528\u54c1\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u77ac\u6001\u4ea4\u6362 \u975e\u6301\u4e45\u4ea4\u6362\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u77ac\u6001\u6d88\u606f \u5b58\u50a8\u5728\u5185\u5b58\u4e2d\u5e76\u5728\u670d\u52a1\u5668\u91cd\u65b0\u542f\u52a8\u540e\u4e22\u5931\u7684\u6d88\u606f\u3002 \u77ac\u6001\u961f\u5217 \u975e\u6301\u4e45\u961f\u5217\u7684\u66ff\u4ee3\u672f\u8bed\u3002 TripleO OpenStack-on-OpenStack \u7a0b\u5e8f\u3002OpenStack Deployment \u7a0b\u5e8f\u7684\u4ee3\u53f7\u3002 Trove OpenStack \u6570\u636e\u5e93\u670d\u52a1\u7684\u4ee3\u53f7\u3002 \u53ef\u4fe1\u5e73\u53f0\u6a21\u5757\uff08TPM\uff09 \u4e13\u7528\u5fae\u5904\u7406\u5668\uff0c\u7528\u4e8e\u5c06\u52a0\u5bc6\u5bc6\u94a5\u6574\u5408\u5230\u8bbe\u5907\u4e2d\uff0c\u4ee5\u9a8c\u8bc1\u548c\u4fdd\u62a4\u786c\u4ef6\u5e73\u53f0\u3002","title":"T"},{"location":"security/security-guide/#u","text":"Ubuntu \u57fa\u4e8e Debian \u7684 Linux \u53d1\u884c\u7248\u3002 \u65e0\u4f5c\u7528\u57df\u4ee4\u724c Identity \u670d\u52a1\u9ed8\u8ba4\u4ee4\u724c\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u66f4\u65b0\u5668 \u4e00\u7ec4\u5bf9\u8c61\u5b58\u50a8\u7ec4\u4ef6\u7684\u7edf\u79f0\uff0c\u7528\u4e8e\u5904\u7406\u5bb9\u5668\u548c\u5bf9\u8c61\u7684\u6392\u961f\u548c\u5931\u8d25\u7684\u66f4\u65b0\u3002 \u7528\u6237 \u5728 OpenStack Identity \u4e2d\uff0c\u5b9e\u4f53\u4ee3\u8868\u5355\u4e2a API \u4f7f\u7528\u8005\uff0c\u5e76\u7531\u7279\u5b9a\u57df\u62e5\u6709\u3002\u5728 OpenStack \u8ba1\u7b97\u4e2d\uff0c\u7528\u6237\u53ef\u4ee5\u4e0e\u89d2\u8272\u548c/\u6216\u9879\u76ee\u76f8\u5173\u8054\u3002 \u7528\u6237\u6570\u636e \u7528\u6237\u5728\u542f\u52a8\u5b9e\u4f8b\u65f6\u53ef\u4ee5\u6307\u5b9a\u7684\u6570\u636e Blob\u3002\u5b9e\u4f8b\u53ef\u4ee5\u901a\u8fc7\u5143\u6570\u636e\u670d\u52a1\u6216\u914d\u7f6e\u9a71\u52a8\u5668\u8bbf\u95ee\u6b64\u6570\u636e\u3002\u901a\u5e38\u7528\u4e8e\u4f20\u9012\u5b9e\u4f8b\u5728\u542f\u52a8\u65f6\u8fd0\u884c\u7684 shell \u811a\u672c\u3002 \u7528\u6237\u6a21\u5f0f Linux \uff08UML\uff09 \u652f\u6301 OpenStack \u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002 Ussuri OpenStack \u7b2c 21 \u7248\u7684\u4ee3\u53f7\u3002OpenStack\u57fa\u7840\u8bbe\u65bd\u5cf0\u4f1a\u5728\u4e2d\u534e\u4eba\u6c11\u5171\u548c\u56fd\u4e0a\u6d77\u4e3e\u884c\u3002\u8be5\u7248\u672c\u4ee5\u4e4c\u82cf\u91cc\u6cb3\u547d\u540d\u3002","title":"U"},{"location":"security/security-guide/#v","text":"Victoria OpenStack \u7b2c 22 \u7248\u7684\u4ee3\u53f7\u3002OpenDev + PTG \u8ba1\u5212\u5728\u52a0\u62ff\u5927\u4e0d\u5217\u98a0\u54e5\u4f26\u6bd4\u4e9a\u7701\u6e29\u54e5\u534e\u4e3e\u884c\u3002\u8be5\u7248\u672c\u4ee5\u4e0d\u5217\u98a0\u54e5\u4f26\u6bd4\u4e9a\u7701\u9996\u5e9c\u7ef4\u591a\u5229\u4e9a\u547d\u540d\u3002 \u7531\u4e8e COVID-19\uff0c\u73b0\u573a\u6d3b\u52a8\u88ab\u53d6\u6d88\u3002\u8be5\u4e8b\u4ef6\u6b63\u5728\u865a\u62df\u5316\u3002 VIF UUID \u5206\u914d\u7ed9\u6bcf\u4e2a\u7f51\u7edc VIF \u7684\u552f\u4e00 ID\u3002 \u865a\u62df\u4e2d\u592e\u5904\u7406\u5668 \uff08vCPU\uff09 \u7ec6\u5206\u7269\u7406 CPU\u3002\u7136\u540e\uff0c\u5b9e\u4f8b\u53ef\u4ee5\u4f7f\u7528\u8fd9\u4e9b\u5206\u533a\u3002 \u865a\u62df\u78c1\u76d8\u6620\u50cf \uff08VDI\uff09 \u6620\u50cf\u670d\u52a1\u652f\u6301\u7684\u865a\u62df\u673a\u6620\u50cf\u78c1\u76d8\u683c\u5f0f\u4e4b\u4e00\u3002 \u865a\u62df\u53ef\u6269\u5c55\u5c40\u57df\u7f51 \uff08VXLAN\uff09 \u4e00\u79cd\u7f51\u7edc\u865a\u62df\u5316\u6280\u672f\uff0c\u8bd5\u56fe\u51cf\u5c11\u4e0e\u5927\u578b\u4e91\u8ba1\u7b97\u90e8\u7f72\u76f8\u5173\u7684\u53ef\u4f38\u7f29\u6027\u95ee\u9898\u3002\u5b83\u4f7f\u7528\u7c7b\u4f3c VLAN \u7684\u5c01\u88c5\u6280\u672f\u5c06\u4ee5\u592a\u7f51\u5e27\u5c01\u88c5\u5728 UDP \u6570\u636e\u5305\u4e2d\u3002 \u865a\u62df\u786c\u76d8 \uff08VHD\uff09 \u955c\u50cf\u670d\u52a1\u652f\u6301\u7684\u865a\u62df\u673a\u955c\u50cf\u78c1\u76d8\u683c\u5f0f\u4e4b\u4e00\u3002 \u865a\u62df IP \u5730\u5740 \uff08VIP\uff09 \u5728\u8d1f\u8f7d\u5e73\u8861\u5668\u4e0a\u914d\u7f6e\u7684 Internet \u534f\u8bae \uff08IP\uff09 \u5730\u5740\uff0c\u4f9b\u8fde\u63a5\u5230\u8d1f\u8f7d\u5e73\u8861\u670d\u52a1\u7684\u5ba2\u6237\u7aef\u4f7f\u7528\u3002\u4f20\u5165\u8fde\u63a5\u5c06\u6839\u636e\u8d1f\u8f7d\u5747\u8861\u5668\u7684\u914d\u7f6e\u5206\u53d1\u5230\u540e\u7aef\u8282\u70b9\u3002 \u865a\u62df\u673a \uff08VM\uff09 \u5728\u865a\u62df\u673a\u76d1\u63a7\u7a0b\u5e8f\u4e0a\u8fd0\u884c\u7684\u64cd\u4f5c\u7cfb\u7edf\u5b9e\u4f8b\u3002\u591a\u4e2a VM \u53ef\u4ee5\u5728\u540c\u4e00\u7269\u7406\u4e3b\u673a\u4e0a\u540c\u65f6\u8fd0\u884c\u3002 \u865a\u62df\u7f51\u7edc \u7f51\u7edc\u4e2d\u7684 L2 \u7f51\u6bb5\u3002 \u865a\u62df\u7f51\u7edc\u8ba1\u7b97 \uff08VNC\uff09 \u7528\u4e8e\u8fdc\u7a0b\u63a7\u5236\u53f0\u8bbf\u95ee VM \u7684\u5f00\u6e90 GUI \u548c CLI \u5de5\u5177\u3002 \u865a\u62df\u7f51\u7edc\u63a5\u53e3 \uff08VIF\uff09 \u63d2\u5165\u7f51\u7edc\u7f51\u7edc\u4e2d\u7684\u7aef\u53e3\u7684\u63a5\u53e3\u3002\u901a\u5e38\u5c5e\u4e8e VM \u7684\u865a\u62df\u7f51\u7edc\u63a5\u53e3\u3002 \u865a\u62df\u7f51\u7edc \u4f7f\u7528\u7269\u7406\u7f51\u7edc\u57fa\u7840\u67b6\u6784\u4e0a\u7684\u865a\u62df\u673a\u548c\u8986\u76d6\u7f51\u7edc\u7ec4\u5408\u5b9e\u73b0\u7f51\u7edc\u529f\u80fd\u865a\u62df\u5316\uff08\u5982\u4ea4\u6362\u3001\u8def\u7531\u3001\u8d1f\u8f7d\u5e73\u8861\u548c\u5b89\u5168\u6027\uff09\u7684\u901a\u7528\u672f\u8bed\u3002 \u865a\u62df\u7aef\u53e3 \u865a\u62df\u63a5\u53e3\u8fde\u63a5\u5230\u865a\u62df\u7f51\u7edc\u7684\u8fde\u63a5\u70b9\u3002 \u865a\u62df\u4e13\u7528\u7f51\u7edc \uff08VPN\uff09 \u7531 Compute \u4ee5 cloudpipes \u7684\u5f62\u5f0f\u63d0\u4f9b\uff0c\u8fd9\u4e9b\u4e13\u7528\u5b9e\u4f8b\u7528\u4e8e\u6309\u9879\u76ee\u521b\u5efa VPN\u3002 \u865a\u62df\u670d\u52a1\u5668 VM \u6216\u6765\u5bbe\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u865a\u62df\u4ea4\u6362\u673a \uff08vSwitch\uff09 \u5728\u4e3b\u673a\u6216\u8282\u70b9\u4e0a\u8fd0\u884c\u5e76\u63d0\u4f9b\u57fa\u4e8e\u786c\u4ef6\u7684\u7f51\u7edc\u4ea4\u6362\u673a\u7684\u7279\u6027\u548c\u529f\u80fd\u7684\u8f6f\u4ef6\u3002 \u865a\u62df VLAN \u865a\u62df\u7f51\u7edc\u7684\u66ff\u4ee3\u672f\u8bed\u3002 VirtualBox \u652f\u6301 OpenStack \u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002 Vitrage Root Cause Analysis\u670d\u52a1\u7684\u4ee3\u7801\u540d\u79f0\u3002 VLAN \u7ba1\u7406\u5668 \u4e00\u4e2a Compute \u7ec4\u4ef6\uff0c\u5b83\u63d0\u4f9b dnsmasq \u548c radvd\uff0c\u5e76\u8bbe\u7f6e\u4e0e cloudpipe \u5b9e\u4f8b\u4e4b\u95f4\u7684\u8f6c\u53d1\u3002 VLAN \u7f51\u7edc \u7f51\u7edc\u63a7\u5236\u5668\u63d0\u4f9b\u865a\u62df\u7f51\u7edc\uff0c\u4f7f\u8ba1\u7b97\u670d\u52a1\u5668\u80fd\u591f\u76f8\u4e92\u4ea4\u4e92\u4ee5\u53ca\u4e0e\u516c\u7528\u7f51\u7edc\u4ea4\u4e92\u3002\u6240\u6709\u8ba1\u7b97\u673a\u90fd\u5fc5\u987b\u5177\u6709\u516c\u5171\u548c\u4e13\u7528\u7f51\u7edc\u63a5\u53e3\u3002VLAN \u7f51\u7edc\u662f\u4e00\u4e2a\u4e13\u7528\u7f51\u7edc\u63a5\u53e3\uff0c\u7531 VLAN \u7ba1\u7406\u5668 vlan_interface \u9009\u9879\u63a7\u5236\u3002 \u865a\u62df\u673a\u78c1\u76d8\uff08VMDK\uff09 \u955c\u50cf\u670d\u52a1\u652f\u6301\u7684\u865a\u62df\u673a\u955c\u50cf\u78c1\u76d8\u683c\u5f0f\u4e4b\u4e00\u3002 \u865a\u62df\u673a\u6620\u50cf \u6620\u50cf\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u865a\u62df\u673a\u8fdc\u7a0b\u63a7\u5236 \uff08VMRC\uff09 \u4f7f\u7528 Web \u6d4f\u89c8\u5668\u8bbf\u95ee VM \u5b9e\u4f8b\u63a7\u5236\u53f0\u7684\u65b9\u6cd5\u3002\u7531\u8ba1\u7b97\u652f\u6301\u3002 VMware API \u63a5\u53e3 \u652f\u6301\u5728\u8ba1\u7b97\u4e2d\u4e0e VMware \u4ea7\u54c1\u8fdb\u884c\u4ea4\u4e92\u3002 VMware NSX Neutron \u63d2\u4ef6 \u5728 Neutron \u4e2d\u63d0\u4f9b\u5bf9 VMware NSX \u7684\u652f\u6301\u3002 VNC \u4ee3\u7406 \u4e00\u4e2a\u8ba1\u7b97\u7ec4\u4ef6\uff0c\u5141\u8bb8\u7528\u6237\u901a\u8fc7 VNC \u6216 VMRC \u8bbf\u95ee\u5176 VM \u5b9e\u4f8b\u7684\u63a7\u5236\u53f0\u3002 \u5377 \u57fa\u4e8e\u78c1\u76d8\u7684\u6570\u636e\u5b58\u50a8\u901a\u5e38\u8868\u793a\u4e3a\u5177\u6709\u652f\u6301\u6269\u5c55\u5c5e\u6027\u7684\u6587\u4ef6\u7cfb\u7edf\u7684 iSCSI \u76ee\u6807;\u53ef\u4ee5\u662f\u6301\u4e45\u7684\uff0c\u4e5f\u53ef\u4ee5\u662f\u77ed\u6682\u7684\u3002 \u5377 API \u5757\u5b58\u50a8 API \u7684\u66ff\u4ee3\u540d\u79f0\u3002 \u5377\u63a7\u5236\u5668 \u4e00\u4e2a\u5757\u5b58\u50a8\u7ec4\u4ef6\uff0c\u7528\u4e8e\u76d1\u7763\u548c\u534f\u8c03\u5b58\u50a8\u5377\u64cd\u4f5c\u3002 \u5377\u9a71\u52a8\u7a0b\u5e8f \u5377\u63d2\u4ef6\u7684\u66ff\u4ee3\u672f\u8bed\u3002 \u5377 ID \u5e94\u7528\u4e8e\u5757\u5b58\u50a8\u63a7\u5236\u4e0b\u6bcf\u4e2a\u5b58\u50a8\u5377\u7684\u552f\u4e00 ID\u3002 \u5377\u7ba1\u7406\u5668 \u7528\u4e8e\u521b\u5efa\u3001\u9644\u52a0\u548c\u5206\u79bb\u6301\u4e45\u6027\u5b58\u50a8\u5377\u7684\u5757\u5b58\u50a8\u7ec4\u4ef6\u3002 \u5377\u8282\u70b9 \u8fd0\u884c cinder-volume \u5b88\u62a4\u7a0b\u5e8f\u7684\u5757\u5b58\u50a8\u8282\u70b9\u3002 \u5377\u63d2\u4ef6 \u4e3a\u5757\u5b58\u50a8\u5377\u7ba1\u7406\u5668\u63d0\u4f9b\u5bf9\u65b0\u578b\u548c\u4e13\u7528\u540e\u7aef\u5b58\u50a8\u7c7b\u578b\u7684\u652f\u6301\u3002 \u5377\u5de5\u4f5c\u5668 \u4e00\u4e2a cinder \u7ec4\u4ef6\uff0c\u5b83\u4e0e\u540e\u7aef\u5b58\u50a8\u4ea4\u4e92\uff0c\u4ee5\u7ba1\u7406\u5377\u7684\u521b\u5efa\u548c\u5220\u9664\u4ee5\u53ca\u8ba1\u7b97\u5377\u7684\u521b\u5efa\uff0c\u7531 cinder-volume \u5b88\u62a4\u7a0b\u5e8f\u63d0\u4f9b\u3002 vSphere \u652f\u6301 OpenStack \u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002","title":"V"},{"location":"security/security-guide/#w","text":"Wallaby OpenStack \u7b2c 23 \u7248\u7684\u4ee3\u53f7\u3002\u5c0f\u888b\u9f20\u539f\u4ea7\u4e8e\u6fb3\u5927\u5229\u4e9a\uff0c\u5728\u8fd9\u4e2a\u547d\u540d\u671f\u5f00\u59cb\u65f6\uff0c\u6fb3\u5927\u5229\u4e9a\u6b63\u5728\u7ecf\u5386\u524d\u6240\u672a\u6709\u7684\u91ce\u706b\u3002 Watcher \u57fa\u7840\u7ed3\u6784\u4f18\u5316\u670d\u52a1\u7684\u4ee3\u53f7\u3002 \u6743\u91cd \u5bf9\u8c61\u5b58\u50a8\u8bbe\u5907\u7528\u4e8e\u786e\u5b9a\u54ea\u4e9b\u5b58\u50a8\u8bbe\u5907\u9002\u5408\u4f5c\u4e1a\u3002\u8bbe\u5907\u6309\u5927\u5c0f\u52a0\u6743\u3002 \u52a0\u6743\u6210\u672c \u51b3\u5b9a\u5728\u8ba1\u7b97\u4e2d\u542f\u52a8\u65b0 VM \u5b9e\u4f8b\u7684\u4f4d\u7f6e\u65f6\u6240\u4f7f\u7528\u7684\u6bcf\u4e2a\u6210\u672c\u7684\u603b\u548c\u3002 \u52a0\u6743 \u4e00\u4e2a\u8ba1\u7b97\u8fc7\u7a0b\uff0c\u7528\u4e8e\u786e\u5b9a VM \u5b9e\u4f8b\u662f\u5426\u9002\u5408\u7279\u5b9a\u4e3b\u673a\u7684\u4f5c\u4e1a\u3002\u4f8b\u5982\uff0c\u4e3b\u673a\u4e0a\u7684 RAM \u4e0d\u8db3\u3001\u4e3b\u673a\u4e0a\u7684 CPU \u8fc7\u591a\u7b49\u3002 \u5de5\u4f5c\u8005 \u4fa6\u542c\u961f\u5217\u5e76\u6267\u884c\u4efb\u52a1\u4ee5\u54cd\u5e94\u6d88\u606f\u7684\u5b88\u62a4\u7a0b\u5e8f\u3002\u4f8b\u5982\uff0c cinder-volume worker \u7ba1\u7406\u5b58\u50a8\u9635\u5217\u4e0a\u7684\u5377\u521b\u5efa\u548c\u5220\u9664\u3002 \u5de5\u4f5c\u6d41\u670d\u52a1 \uff08mistral\uff09 OpenStack\u670d\u52a1\u63d0\u4f9b\u4e86\u4e00\u79cd\u57fa\u4e8eYAML\u7684\u7b80\u5355\u8bed\u8a00\u6765\u7f16\u5199\u5de5\u4f5c\u6d41\uff08\u4efb\u52a1\u548c\u8f6c\u6362\u89c4\u5219\uff09\uff0c\u4ee5\u53ca\u4e00\u79cd\u5141\u8bb8\u4e0a\u4f20\u3001\u4fee\u6539\u3001\u5927\u89c4\u6a21\u548c\u9ad8\u5ea6\u53ef\u7528\u7684\u65b9\u5f0f\u8fd0\u884c\u5b83\u4eec\u3001\u7ba1\u7406\u548c\u76d1\u63a7\u5de5\u4f5c\u6d41\u6267\u884c\u72b6\u6001\u548c\u5355\u4e2a\u4efb\u52a1\u72b6\u6001\u7684\u670d\u52a1\u3002","title":"W"},{"location":"security/security-guide/#x","text":"X.509 X.509 \u662f\u5b9a\u4e49\u6570\u5b57\u8bc1\u4e66\u7684\u6700\u5e7f\u6cdb\u4f7f\u7528\u7684\u6807\u51c6\u3002\u5b83\u662f\u4e00\u79cd\u6570\u636e\u7ed3\u6784\uff0c\u5305\u542b\u4e3b\u9898\uff08\u5b9e\u4f53\uff09\u53ef\u8bc6\u522b\u4fe1\u606f\uff0c\u4f8b\u5982\u5176\u540d\u79f0\u53ca\u5176\u516c\u94a5\u3002\u8bc1\u4e66\u8fd8\u53ef\u4ee5\u5305\u542b\u4e00\u4e9b\u5176\u4ed6\u5c5e\u6027\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u7248\u672c\u3002X.509 \u7684\u6700\u65b0\u6807\u51c6\u7248\u672c\u662f v3\u3002 Xen Xen \u662f\u4e00\u4e2a\u4f7f\u7528\u5fae\u5185\u6838\u8bbe\u8ba1\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\uff0c\u5b83\u63d0\u4f9b\u7684\u670d\u52a1\u5141\u8bb8\u591a\u4e2a\u8ba1\u7b97\u673a\u64cd\u4f5c\u7cfb\u7edf\u5728\u540c\u4e00\u8ba1\u7b97\u673a\u786c\u4ef6\u4e0a\u540c\u65f6\u6267\u884c\u3002 Xen API Xen \u7ba1\u7406 API\uff0c\u53d7 Compute \u652f\u6301\u3002 Xen \u4e91\u5e73\u53f0 \uff08XCP\uff09 \u652f\u6301 OpenStack \u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002 Xen Storage Manager \u5377\u9a71\u52a8\u7a0b\u5e8f \u652f\u6301\u4e0e Xen Storage Manager API \u8fdb\u884c\u901a\u4fe1\u7684\u5757\u5b58\u50a8\u5377\u63d2\u4ef6\u3002 Xena OpenStack \u7b2c 24 \u7248\u7684\u4ee3\u53f7\u3002\u8be5\u7248\u672c\u4ee5\u865a\u6784\u7684\u6218\u58eb\u516c\u4e3b\u547d\u540d\u3002 XenServer An OpenStack-supported hypervisor. \u652f\u6301 OpenStack \u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u3002 XFS \u51fd\u6570 \u7531 Silicon Graphics \u521b\u5efa\u7684\u9ad8\u6027\u80fd 64 \u4f4d\u6587\u4ef6\u7cfb\u7edf\u3002\u5728\u5e76\u884c I/O \u64cd\u4f5c\u548c\u6570\u636e\u4e00\u81f4\u6027\u65b9\u9762\u8868\u73b0\u51fa\u8272\u3002","title":"X"},{"location":"security/security-guide/#y","text":"Yoga OpenStack \u7b2c 25 \u7248\u7684\u4ee3\u53f7\u3002\u8be5\u7248\u672c\u4ee5\u6765\u81ea\u5370\u5ea6\u7684\u4e00\u6240\u54f2\u5b66\u5b66\u6821\u547d\u540d\uff0c\u8be5\u5b66\u6821\u5177\u6709\u5fc3\u7406\u548c\u8eab\u4f53\u5b9e\u8df5\u3002","title":"Y"},{"location":"security/security-guide/#z","text":"Yoga \u6d88\u606f\u670d\u52a1\u7684\u4ee3\u53f7\u3002 Zed OpenStack \u7b2c 26 \u7248\u7684\u4ee3\u53f7\u3002\u8be5\u7248\u672c\u4ee5\u5b57\u6bcd Z \u7684\u53d1\u97f3\u547d\u540d\u3002 ZeroMQ OpenStack \u652f\u6301\u7684\u6d88\u606f\u961f\u5217\u8f6f\u4ef6\u3002RabbitMQ \u7684\u66ff\u4ee3\u54c1\u3002\u4e5f\u62fc\u5199\u4e3a 0MQ\u3002 Zuul Zuul \u662f\u4e00\u4e2a\u5f00\u6e90 CI/CD \u5e73\u53f0\uff0c\u4e13\u95e8\u7528\u4e8e\u5728\u767b\u9646\u5355\u4e2a\u8865\u4e01\u4e4b\u524d\u8de8\u591a\u4e2a\u7cfb\u7edf\u548c\u5e94\u7528\u7a0b\u5e8f\u8fdb\u884c\u95e8\u63a7\u66f4\u6539\u3002 Zuul \u7528\u4e8e OpenStack \u5f00\u53d1\uff0c\u4ee5\u786e\u4fdd\u53ea\u6709\u7ecf\u8fc7\u6d4b\u8bd5\u7684\u4ee3\u7801\u624d\u4f1a\u88ab\u5408\u5e76\u3002","title":"Z"},{"location":"spec/distributed-traffic/","text":"\u6d41\u91cf\u5206\u6563 \u00b6 \u6982\u8ff0 \u00b6 OpenStack\u4e3a\u7528\u6237\u63d0\u4f9b\u8ba1\u7b97\u548c\u7f51\u7edc\u670d\u52a1\u3002\u7528\u6237\u521b\u5efa\u865a\u62df\u673a\u5e76\u8fde\u63a5Router\u53ef\u4ee5\u8bbf\u95ee\u5916\u90e8\u7f51\u7edc\uff0c\u540c\u65f6\u53ef\u4ee5\u5f00\u542f\u6d6e\u52a8IP\u7684\u7aef\u53e3\u6620\u5c04\uff0c\u8ba9\u5916\u90e8\u7f51\u7edc\u7684\u8bbe\u5907\u8bbf\u95ee\u865a\u62df\u673a\u5185\u90e8\u7684\u670d\u52a1\u3002\u4f46\u4e0e\u6b64\u540c\u65f6\uff0c\u968f\u7740\u865a\u62df\u673a\u548c\u6d6e\u52a8IP \u7aef\u53e3\u6620\u5c04\u7684\u6570\u91cf\u7684\u589e\u591a\uff0c\u7f51\u7edc\u8282\u70b9\u7684\u538b\u529b\u4e5f\u8d8a\u6765\u8d8a\u5927\uff0c\u5fc5\u987b\u627e\u5230\u5206\u6563\u7f51\u7edc\u8282\u70b9\u6d41\u91cf\uff0c\u758f\u89e3\u7f51\u7edc\u8282\u70b9\u538b\u529b\u7684\u65b9\u6cd5\u3002\u672c\u65b9\u6848\u5b9e\u73b0\u4e86\u5728OpenStack\u73af\u5883\u4e2d\u5c06\u7f51\u7edc\u8282\u70b9\u6d41\u91cf\u5206\u6563\uff0c\u4fdd\u8bc1\u517c\u5bb9\u652f\u6301L3 HA\u548cDVR\uff0c\u540c\u65f6\u53c8\u5c06\u7f51\u7edc\u8d44\u6e90\u4f7f\u7528\u6700\u5c0f\u5316\u3002 \u80cc\u666f \u00b6 \u7528\u6237\u521b\u5efa\u865a\u62df\u673a\u5e76\u8fde\u63a5Router\u7684\u57fa\u672c\u6d41\u7a0b\u5982\u4e0b\u3002 \u7528\u6237\u63d0\u524d\u521b\u5efa\u5185\u90e8\u7f51\u7edc\u548c\u5916\u90e8\u7f51\u7edc\u3002 \u521b\u5efaRouter\u65f6\u6307\u5b9aExternal Gateway\u4e3a\u63d0\u524d\u521b\u5efa\u7684\u5916\u90e8\u7f51\u7edc\u3002 \u5c06Router\u548c\u521b\u5efa\u597d\u7684\u5185\u90e8\u7f51\u7edc\u8fdb\u884c\u8fde\u63a5\u3002 \u521b\u5efa\u865a\u62df\u673a\u5b9e\u4f8b\u65f6\u6307\u5b9a\u5185\u90e8\u7f51\u7edc\u3002 \u5229\u7528\u521b\u5efa\u7684\u5916\u90e8\u7f51\u7edc\u521b\u5efa\u6d6e\u52a8IP\u3002 \u4e3a\u865a\u62df\u673a\u5b9e\u4f8b\u5f00\u542f\u6d6e\u52a8IP\u7aef\u53e3\u6620\u5c04\u3002 \u7ecf\u8fc7\u4e0a\u9762\u7684\u64cd\u4f5c\uff0c\u7528\u6237\u521b\u5efa\u7684\u865a\u62df\u673a\u5b9e\u4f8b\u53ef\u4ee5\u8bbf\u95ee\u5230\u5916\u90e8\u7f51\u7edc\uff0c\u5916\u90e8\u7f51\u7edc\u7684\u8bbe\u5907\u4e5f\u53ef\u4ee5\u6839\u636e\u6d6e\u52a8IP\u6307\u5b9a\u7684\u7aef\u53e3\u8bbf\u95ee\u865a\u62df\u673a\u5b9e\u4f8b\u5185\u90e8\u7684\u670d\u52a1\u3002 \u5728\u4e00\u4e2a\u57fa\u672c\u7684OpenStack\u73af\u5883\u4e2d\u865a\u62df\u673a\u5b9e\u4f8b\u7684\u6d41\u91cf\u8d70\u5411\u5982\u4e0b\u6240\u793a\u3002 \u5728\u7528\u6237\u521b\u5efa\u5b8c\u591a\u4e2a\u5b9e\u4f8b\u540e\uff0c\u865a\u62df\u673a\u5b9e\u4f8b\u53ef\u80fd\u4f1a\u5747\u5300\u5206\u5e03\u5728\u5404\u4e2a\u8ba1\u7b97\u8282\u70b9\uff0c\u865a\u62df\u673a\u7684\u6d41\u91cf\u8d70\u5411\u53ef\u80fd\u5982\u4e0b\u56fe\u6240\u793a\u3002 \u53ef\u4ee5\u770b\u5230\uff0c\u4e0d\u8bba\u865a\u62df\u673a\u7684\u4e1c\u897f\u6d41\u91cf\u8fd8\u662f\u5357\u5317\u6d41\u91cf\u90fd\u4f1a\u7ecf\u8fc7Network-1\u8282\u70b9\uff0c\u8fd9\u65e0\u7591\u52a0\u5927\u4e86\u7f51\u7edc\u8282\u70b9\u7684\u8d1f\u8f7d\uff0c\u540c\u65f6\u5f53\u7f51\u7edc\u8282\u70b9\u53d1\u751f\u6545\u969c\u65f6\u4e0d\u80fd\u5f88\u597d\u7684\u8fdb\u884c\u6545\u969c\u6062\u590d\u3002 \u90a3\u4e48\u662f\u5426\u53ef\u4ee5\u5c06\u540c\u4e00\u5b50\u7f51\u7ed1\u5b9a\u591a\u4e2aRouter\uff0c\u5728OpenStack\u4e2d\u540c\u4e00\u5b50\u7f51\u53ef\u4ee5\u7ed1\u5b9a\u591a\u4e2aRouter\uff0c\u4f46\u662f\u5b50\u7f51\u5728\u7ed1\u5b9aRouter\u65f6\u9ed8\u8ba4\u4f1a\u5c06\u5b50\u7f51\u7684\u7f51\u5173\u5730\u5740\u7ed1\u5b9a\u5230Router\u4e0a\uff0c\u4e00\u4e2a\u5b50\u7f51\u53ea\u6709\u4e00\u4e2a\u7f51\u5173\u5730\u5740\uff0c\u540c\u65f6\u8fd9\u4e2a\u7f51\u5173\u5730\u5740\u53c8\u4f1a\u5728DHCP\u670d\u52a1\u4e2d\u7528\u5230\uff0c\u7528\u4e8e\u7ed9\u865a\u62df\u673a\u5b9e\u4f8b\u63d0\u4f9b\u4e0b\u4e00\u8df3\u7684\u7f51\u5173\u5730\u5740\uff0c\u4e8e\u662f\u4e4e\u5373\u4f7f\u5c06\u5b50\u7f51\u7ed1\u5b9a\u5230\u591a\u4e2aRouter\u4e0a\uff0c\u865a\u62df\u673a\u5185\u90e8\u4e0b\u4e00\u8df3\u7684\u7f51\u5173\u5730\u5740\u8fd8\u4f1a\u662f\u5b50\u7f51\u7684\u7f51\u5173\u5730\u5740\uff0c\u800c\u4e14Router\u9009\u62e9\u7684\u7f51\u7edc\u8282\u70b9\u7528\u6237\u662f\u4e0d\u53ef\u63a7\u7684\uff0c\u96be\u514d\u4f1a\u51fa\u73b0\u867d\u7136\u5b50\u7f51\u7ed1\u5b9a\u4e86\u4e24\u4e2aRouter\uff0c\u4f46\u662f\u8fd9\u4e24\u4e2aRouter\u5728\u540c\u4e00\u4e2a\u7f51\u7edc\u8282\u70b9\u4e0a\u7684\u5c34\u5c2c\u573a\u9762\u3002 \u4e3a\u4e86\u5206\u6563\u6d41\u91cfOpenStack\u6709\u5e94\u5bf9\u7684\u7b56\u7565\uff0c\u53ef\u4ee5\u5c06neutron\u7684DVR\u529f\u80fd\u6253\u5f00\uff0c\u4e3a\u9884\u9632\u7f51\u7edc\u8282\u70b9\u7684\u5355\u70b9\u6545\u969c\u4e5f\u53ef\u4ee5\u6253\u5f00neutron\u7684L3 HA\uff0c\u4f46\u662f\u4e0a\u8ff0\u65b9\u6cd5\u4e5f\u6709\u5b83\u4eec\u7684\u5c40\u9650\u6027\u3002 DVR\u7684\u6d41\u91cf\u5206\u6563\u6709\u6bd4\u8f83\u5927\u7684\u5c40\u9650\u6027\uff0c\u539f\u56e0\u6709\u4ee5\u4e0b\u51e0\u70b9\u3002 DVR\u53ea\u662f\u4f5c\u7528\u4e8e\u540c\u4e00Router\u4e0b\u4e0d\u540c\u8ba1\u7b97\u8282\u70b9\u7684\u865a\u62df\u673a\u5b9e\u4f8b\u4e4b\u95f4\u7684\u4e1c\u897f\u6d41\u91cf\uff0c\u5df2\u7ecf\u7ed1\u5b9a\u6d6e\u52a8IP\u865a\u62df\u673a\u7684\u5357\u5317\u6d41\u91cf\uff0c\u5bf9\u4e8e\u672a\u7ed1\u5b9a\u6d6e\u52a8IP\u7684\u865a\u62df\u673a\u8bbf\u95ee\u5916\u90e8\u7f51\u7edc\u4f9d\u636e\u9700\u8981\u7ecf\u8fc7\u7f51\u7edc\u8282\u70b9\u3002 \u751f\u4ea7\u73af\u5883\u4e0b\uff0c\u7ed9\u6bcf\u4e2a\u865a\u62df\u673a\u90fd\u7ed1\u5b9a\u6d6e\u52a8IP\u662f\u4e0d\u5207\u5b9e\u9645\u7684\uff0c\u4f46\u662f\u53ef\u4ee5\u901a\u8fc7\u5f00\u542f\u6d6e\u52a8IP\u7684\u7aef\u53e3\u6620\u5c04\uff0c\u8ba9\u591a\u53f0\u865a\u62df\u673a\u5bf9\u5e94\u4e00\u4e2a\u6d6e\u52a8IP\uff0c\u4f46\u5728\u76ee\u524d\u7684OpenStack\u7248\u672c\u4e2d\uff0c\u4e0d\u8bba\u662f\u5426\u5f00\u542fDVR\uff0c\u6d6e\u52a8IP\u7684\u7aef\u53e3\u6620\u5c04\u7684\u5b9e\u73b0\u90fd\u662f\u5728\u7f51\u7edc\u8282\u70b9\u7684\u7f51\u7edc\u547d\u540d\u7a7a\u95f4\u4e2d\u5b8c\u6210\u7684\u3002 \u6700\u540e\u4e00\u70b9\uff0cDVR\u6a21\u5f0f\u4e0b\uff0c\u4e3a\u4e86\u8ba9\u865a\u62df\u673a\u7684\u5357\u5317\u6d41\u91cf\u4e0d\u7ecf\u8fc7\u7f51\u7edc\u8282\u70b9\uff0c\u4ece\u8ba1\u7b97\u8282\u70b9\u4e0a\u76f4\u63a5\u8d70\u51fa\uff0c\u90fd\u4f1a\u5728\u6bcf\u4e2a\u8ba1\u7b97\u8282\u70b9\u4e0a\u751f\u6210\u4e00\u4e2afip\u5f00\u5934\u7684\u7f51\u7edc\u547d\u540d\u7a7a\u95f4\uff0c\u5373\u4f7f\u865a\u62df\u673a\u4e0d\u4f1a\u7ed1\u5b9a\u6d6e\u52a8IP\u3002\u800c\u8fd9\u4e2afip\u7f51\u7edc\u547d\u540d\u7a7a\u95f4\u4e2d\u4f1a\u5360\u7528\u4e00\u4e2a\u5916\u90e8\u7f51\u7edc\u7684IP\u5730\u5740\uff0c\u8fd9\u65e0\u7591\u4f1a\u52a0\u5927\u7f51\u7edc\u8d44\u6e90\u7684\u6d88\u8017\u3002 L3 HA\u4e5f\u6709\u51e0\u70b9\u4e0d\u8db3\uff0c\u5f00\u542fL3 HA\u540e\uff0cRouter\u5229\u7528keepalived\u4f1a\u5728\u51e0\u4e2a\u7f51\u7edc\u8282\u70b9\u4e4b\u95f4\u8fdb\u884c\u9009\u62e9\uff0c\u53ea\u6709Keepalived\u7684\u72b6\u6001\u4e3aMaster \u7684\u7f51\u7edc\u8282\u70b9\u624d\u4f1a\u62c5\u4efb\u771f\u6b63\u7684\u6d41\u91cf\u8fd0\u8f93\u7684\u4efb\u52a1\uff0c\u800c\u5bf9\u4e8e\u7f51\u7edc\u8282\u70b9\u9009\u62e9\uff0c\u7528\u6237\u65e0\u6743\u5e72\u6d89\u3002\u867d\u7136neutron\u4e2d\u7ed9\u51fa\u4e86Router\u7684\u9ed8\u8ba4\u8c03\u5ea6\u7b56\u7565\uff0c\u4e5f\u5c31\u662f\u6700\u5c11Router\u6570\uff0cRouter\u4f1a\u8c03\u5ea6\u5230Router\u4e2a\u6570\u6700\u5c11\u7684\u7f51\u7edc\u8282\u70b9\u4e0a\u3002\u800c\u4e14\u5728\u5e95\u5c42keepalived\u5f00\u542f\u7684\u6a21\u5f0f\u662f\u975e\u62a2\u5360\u7684\uff0c\u4e5f\u5c31\u662f\u5f53vip\u53d1\u751f\u6f02\u79fb\u540e\uff0c\u5373\u4f7f\u4e3b\u670d\u52a1\u5668\u6062\u590d\u6b63\u5e38\uff0c\u4e5f\u4e0d\u4f1a\u81ea\u52a8\u5c06\u8d44\u6e90\u4ece\u5907\u7528\u670d\u52a1\u5668\u624b\u4e2d\u62a2\u5360\u56de\u6765\uff0c\u8fd9\u53c8\u589e\u52a0\u4e86\u5bf9\u4e8e\u771f\u6b63\u8fd0\u884cRouter\u7684\u7f51\u7edc\u8282\u70b9\u7684\u4e0d\u786e\u5b9a\u6027\u3002 \u603b\u7ed3\u4e00\u4e0b\uff0c\u73b0\u6709\u7684\u6280\u672f\u65b9\u6848\u505a\u4e0d\u5230\u771f\u6b63\u7684\u6d41\u91cf\u5206\u53d1\uff0c\u5373\u4f7f\u5728\u5f00\u542fDVR\u540e\uff0c\u4e00\u65b9\u9762\u4f1a\u6709\u4e00\u4e9b\u989d\u5916\u7f51\u7edc\u8d44\u6e90\u7684\u635f\u8017\uff0c\u540c\u65f6\u53c8\u56e0\u4e3aRouter\u7684\u7f51\u7edc\u8282\u70b9\u7684\u4e0d\u786e\u5b9a\u6027\uff0c\u5bfc\u81f4\u865a\u62df\u673a\u7684\u5357\u5317\u6d41\u91cf\u65e0\u6cd5\u505a\u5230\u5f88\u597d\u7684\u5206\u53d1\u3002 \u9700\u8981\u89e3\u51b3\u7684\u95ee\u9898 \u00b6 \u5b9e\u73b0DVR\u6a21\u5f0f\u548cL3 HA\u6a21\u5f0f\u4e0b\u4ee5\u53caLegacy\u6a21\u5f0f\u4e0b\u7f51\u7edc\u5206\u53d1\u3002\u9996\u5148\u8981\u89e3\u51b3\u4ee5\u4e0b\u51e0\u4e2a\u6280\u672f\u95ee\u9898\uff1a Router\u53ef\u4ee5\u6307\u5b9a\u7f51\u7edc\u8282\u70b9\uff0c\u4e0d\u8bba\u662f\u5426\u5f00\u542fL3 HA\u3002 \u540c\u4e00\u5b50\u7f51\u7ed1\u5b9a\u591a\u4e2aRouter\u65f6\uff0cDHCP\u670d\u52a1\u80fd\u4e3a\u4e0d\u540c\u8ba1\u7b97\u8282\u70b9\u7684\u865a\u62df\u673a\u63d0\u4f9b\u4e0d\u540c\u7684\u8def\u7531\u65b9\u5f0f\u3002 \u5728\u7528\u6237\u4f7f\u7528\u7aef\u53e3\u6620\u5c04\u65f6\uff0c\u53ef\u4ee5\u5c06Router\u7684External Gateway\u7684IP\u5730\u5740\u4f5c\u4e3a\u5916\u90e8\u7f51\u7edc\u7684\u5730\u5740\u3002 \u5b9e\u73b0\u65b9\u6848 \u00b6 \u89e3\u51b3\u6307\u5b9aL3 agent\u7684\u95ee\u9898 \u00b6 \u9996\u5148\u4fee\u6539Router\u7684\u5e95\u5c42\u6570\u636e\u5e93\u4e3a\u5176\u6dfb\u52a0\u4e00\u4e2aconfigurations\u5b57\u6bb5\uff0c\u7528\u4e8e\u5b58\u50a8Router\u7684\u76f8\u5173\u914d\u7f6e\u4fe1\u606f\uff0cconfigurations\u7684\u683c\u5f0f\u5982\u4e0b\u6240\u793a\u3002 { \"configurations\": { \"preferred_agent\": \"network-1\" } } \u5728\u672a\u5f00\u542fL3 HA\u65f6\uff0cpreferred_agent\u5b57\u6bb5\u7528\u4e8e\u6307\u5b9aRouter\u4f4d\u4e8e\u7684\u7f51\u7edc\u8282\u70b9\u3002 \u5728\u5f00\u542fL3 HA\u65f6\uff0cconfigurations\u7684\u683c\u5f0f\u5982\u4e0b\u6240\u793a\u3002 { \"configurations\": { \"slave_agents\": [ \"compute-1\" ], \"master_agent\": \"network-1\" } } master_agent\u7528\u4e8e\u6307\u5b9aMaster\u89d2\u8272\u7684\u7f51\u7edc\u8282\u70b9\uff0cslave_agents\u7528\u4e8e\u6307\u5b9aSlave\u89d2\u8272\u7684\u7f51\u7edc\u8282\u70b9\u6570\u7ec4\u3002 \u7136\u540e\u8981\u4fee\u6539Router\u7684\u521b\u5efa\u903b\u8f91\uff0c\u9700\u8981\u4e3aRouter\u65b0\u589e\u4e00\u4e2a\u8c03\u5ea6\u65b9\u6cd5\u3002Neutron\u4e2drouter_scheduler_driver\u9ed8\u8ba4\u662fLeastRoutersScheduler\uff08\u6700\u5c11Router\u4e2a\u6570\u7684\u7f51\u7edc\u8282\u70b9\uff09\uff0c\u7ee7\u627f\u8be5\u7c7b\u65b0\u589e\u8c03\u5ea6\u65b9\u6cd5\uff0c\u53ef\u4ee5\u6839\u636eRouter\u7684configurations\u5b57\u6bb5\u9009\u62e9\u6307\u5b9a\u7684\u7f51\u7edc\u8282\u70b9\u3002 \u6700\u540e\u9700\u8981\u4fee\u6539neutron-l3-agent\u7684Router\u66f4\u65b0\u7684\u903b\u8f91\u4ee3\u7801\uff0c\u7531\u4e8eneutron-l3-agent\u542f\u52a8\u65f6\u4f1a\u521d\u59cb\u5316\u4e00\u4e2a\u8d44\u6e90\u961f\u5217\u7528\u4e8e\u66f4\u65b0\u8d44\u6e90\u72b6\u6001\uff0c\u540c\u65f6\u5f00\u542f\u4e00\u4e2a\u5b88\u62a4\u7ebf\u7a0b\u7528\u4e8e\u8bfb\u53d6\u8d44\u6e90\u961f\u5217\uff0c\u6bcf\u6b21\u7f51\u7edc\u8d44\u6e90\u72b6\u6001\u6709\u53d8\u5316\uff08\u521b\u5efa\u3001\u5220\u9664\u6216\u8005\u66f4\u65b0\uff09\u65f6\uff0c\u5c31\u4f1a\u6dfb\u52a0\u5230\u8be5\u961f\u5217\u4e2d\uff0c\u6700\u540e\u6839\u636e\u8d44\u6e90\u7684\u7c7b\u578b\u548c\u72b6\u6001\u786e\u5b9a\u5c06\u8981\u6267\u884c\u7684\u52a8\u4f5c\u3002 \u8fd9\u91ccRouter\u521b\u5efa\u5b8c\u540e\uff0cneutron-l3-agent\u6700\u540e\u4f1a\u6267\u884c_process_added_router\u65b9\u6cd5\uff0c\u5148\u8c03\u7528RouterInfo\u7684initialize\u65b9\u6cd5\uff0c\u518d\u8c03\u7528process\u65b9\u6cd5\u3002 initialize\u65b9\u6cd5\u4e3b\u8981\u6d89\u53ca\u5230Router\u4fe1\u606f\u7684\u4e00\u4e9b\u521d\u59cb\u5316\uff0c\u5305\u62ec\u7f51\u7edc\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3001port\u7684\u521b\u5efa\u3001keepalived\u8fdb\u7a0b\u7684\u521d\u59cb\u5316\u7b49\u7b49\u3002 process\u65b9\u6cd5\u4e2d\u4f1a\u505a\u4e0b\u9762\u51e0\u4e2a\u64cd\u4f5c\u3002 \u8bbe\u7f6e\u5185\u90e8\u7684Port\uff0c\u7528\u4e8e\u8fde\u63a5\u5185\u90e8\u7f51\u7edc\uff1b \u8bbe\u7f6e\u5916\u90e8Port\uff0c\u7528\u4e8e\u8fde\u63a5\u5916\u90e8\u7f51\u7edc\uff1b \u66f4\u65b0\u8def\u7531\u8868\uff1b \u5bf9\u4e8e\u5f00\u542fL3 HA\u7684Router\uff0c\u9700\u8981\u8bbe\u7f6eHA\u7684Port\uff0c\u7136\u540e\u5f00\u542fkeepalived\u8fdb\u7a0b\u3002 \u5bf9\u4e8e\u5f00\u542fDVR\u7684Router\uff0c\u8fd8\u9700\u8981\u8bbe\u7f6e\u4e00\u4e0bfip\u547d\u540d\u7a7a\u95f4\u4e2d\u7684Port\u3002 \u8fd9\u91cc\u53ea\u9700\u8981\u8003\u8651L3 HA\u5f00\u542f\u7684\u60c5\u51b5\uff0c\u56e0\u4e3a\u5728\u672a\u5f00\u542fL3 HA\u65f6\uff0cneutron-server\u521b\u5efa\u5b8cRouter\u540e\uff0c\u7ecf\u8fc7\u65b0\u7684\u8c03\u5ea6\u65b9\u6cd5\u9009\u62e9\u7279\u5b9a\u7684\u7f51\u7edc\u8282\u70b9\uff0cRPC\u8c03\u7528\u76f4\u63a5\u53d1\u9001\u7ed9\u7279\u5b9a\u7f51\u7edc\u8282\u70b9\u7684neutron-l3-agent\u670d\u52a1\u3002\u5f00\u542fL3 HA\u65f6\uff0c\u8c03\u5ea6\u65b9\u6cd5\u4f1a\u9009\u62e9\u51famaster\u548cslave\u7f51\u7edc\u8282\u70b9\uff0c\u5e76\u4e14RPC\u8c03\u7528\u4f1a\u53d1\u9001\u7ed9\u8fd9\u4e9b\u7f51\u7edc\u8282\u70b9\u4e0a\u7684neutron-l3-agent\u670d\u52a1\u3002 neutron-l3-agent\u4f1a\u4e3a\u6bcf\u4e2aRouter\u542f\u52a8\u4e00\u4e2akeepalived\u8fdb\u7a0b\u7528\u4e8eL3 HA\uff0c\u6240\u4ee5\u9700\u8981\u5728keepalived\u521d\u59cb\u5316\u65f6\uff0c\u5c06keepalived\u542f\u52a8\u903b\u8f91\u4fee\u6539\u3002\u5229\u7528configurations\u5b57\u6bb5\u7684\u4fe1\u606f\uff0c\u83b7\u53d6master\u548cslave\u7f51\u7edc\u8282\u70b9\uff0c\u540c\u65f6\u548c\u5f53\u524d\u7f51\u7edc\u8282\u70b9\u7684\u4fe1\u606f\u5224\u65ad\uff0c\u786e\u5b9a\u7f51\u7edc\u8282\u70b9\u7684\u89d2\u8272\u3002\u6700\u540e\uff0c\u56e0\u4e3a\u6307\u5b9a\u4e86master\u548cslave\u8282\u70b9\uff0c\u907f\u514d\u51fa\u73b0master\u7f51\u7edc\u8282\u70b9\u5b95\u673a\u6062\u590d\u540e\uff0cvip\u4f9d\u65e7\u5728slave\u8282\u70b9\u7684\u60c5\u51b5\uff0c\u8981\u628akeepalived\u7684\u6a21\u5f0f\u6539\u4e3a\u62a2\u5360\u6a21\u5f0f\u3002 \u89e3\u51b3\u8def\u7531\u95ee\u9898 \u00b6 \u89e3\u51b3\u540c\u4e00\u5b50\u7f51\u7ed1\u5b9a\u591a\u4e2aRouter\u540e\uff0c\u865a\u62df\u673a\u5b9e\u4f8b\u7684\u8def\u7531\u95ee\u9898\u3002DHCP\u534f\u8bae\u529f\u80fd\u4e0d\u4ec5\u5305\u62ec\u548cDNS\u670d\u52a1\u5668\u5206\u914d\u8fd8\u5305\u62ec\u7f51\u5173\u5730\u5740\u5206\u914d\uff0c\u4e5f\u5c31\u662f\u53ef\u4ee5\u901a\u8fc7DHCP\u534f\u8bae\u5c06\u8def\u7531\u4fe1\u606f\u4f20\u7ed9\u865a\u62df\u673a\u5b9e\u4f8b\u3002\u5728OpenStack\u4e2d\uff0c\u865a\u62df\u673a\u5b9e\u4f8b\u7684DHCP\u7531neutron-dhcp-agent\u63d0\u4f9b\uff0cneutron-dhcp-agent\u7684\u6838\u5fc3\u529f\u80fd\u57fa\u672c\u7531dnsmasq\u5b8c\u6210\u3002 dnsmasq\u4e2d\u63d0\u4f9btag\u6807\u7b7e\uff0c\u53ef\u4ee5\u4e3a\u6307\u5b9aIP\u5730\u5740\u6dfb\u52a0\u6807\u7b7e\uff0c\u7136\u540e\u53ef\u4ee5\u6839\u636e\u6807\u7b7e\u4e0b\u53d1\u914d\u7f6e\u3002 dnsmasq\u7684host\u914d\u7f6e\u6587\u4ef6\u5982\u4e0b\u6240\u793a\u3002 fa:16:3e:28:a5:0a,host-172-16-0-1.openstacklocal,172.16.0.1,set:subnet-6a4db541-e563-43ff-891b-aa8c05c988c5 fa:16:3e:2b:dd:88,host-172-16-0-10.openstacklocal,172.16.0.10,set:subnet-6a4db541-e563-43ff-891b-aa8c05c988c5 fa:16:3e:a1:96:fc,host-172-16-0-207.openstacklocal,172.16.0.207,set:compute-1-subnet-6a4db541-e563-43ff-891b-aa8c05c988c5 fa:16:3e:45:b4:1a,host-172-16-10-1.openstacklocal,172.16.10.1,set:subnet-faeec4d1-2c0c-4f7a-bc9b-0af562694902 dnsmasq\u7684option\u914d\u7f6e\u6587\u4ef6\u5982\u4e0b\u6240\u793a\u3002 tag:subnet-faeec4d1-2c0c-4f7a-bc9b-0af562694902,option:dns-server,8.8.8.8 tag:subnet-faeec4d1-2c0c-4f7a-bc9b-0af562694902,option:classless-static-route,172.16.0.0/24,0.0.0.0,169.254.169.254/32,172.16.0.2,0.0.0.0/0,172.16.0.1 tag:subnet-faeec4d1-2c0c-4f7a-bc9b-0af562694902,249,172.16.0.0/24,0.0.0.0,169.254.169.254/32,172.16.0.2,0.0.0.0/0,172.16.0.1 tag:subnet-faeec4d1-2c0c-4f7a-bc9b-0af562694902,option:router,172.16.0.1 tag:compute-1-subnet-6a4db541-e563-43ff-891b-aa8c05c988c5,option:classless-static-route,172.16.10.0/24,0.0.0.0,169.254.169.254/32,172.16.0.2,0.0.0.0/0,172.16.0.10 tag:compute-1-subnet-6a4db541-e563-43ff-891b-aa8c05c988c5,249,172.16.0.0/24,0.0.0.0,169.254.169.254/32,172.16.0.2,0.0.0.0/0,172.16.0.10 tag:compute-1-subnet-6a4db541-e563-43ff-891b-aa8c05c988c5,option:router,172.16.0.10 \u53ef\u4ee5\u770b\u5230IP172.16.0.207\u88ab\u6253\u4e0a\u4e86compute-1\u5f00\u5934\u7684tag\uff0c\u5339\u914d\u5230option\u6587\u4ef6\u540e\uff0c172.16.0.207\u7684\u865a\u62df\u673a\u7684\u9ed8\u8ba4\u8def\u7531\u7f51\u5173\u5730\u5740\u5c31\u4f1a\u4ece172.16.0.1\u53d8\u4e3a172.16.0.10\u3002\u5f53\u7136\u8fd9\u4e00\u5207\u7684\u524d\u63d0\u5b50\u7f51\u9700\u8981\u7ed1\u5b9a\u591a\u4e2aRouter\u3002 \u540c\u65f6\u4e3aneutron-dhcp-agent\u63d0\u4f9b\u53ef\u4f9b\u7ba1\u7406\u5458\u4fee\u6539\u7684\u914d\u7f6e\u9879\uff0c\u7528\u4e8e\u6307\u5b9a\u8ba1\u7b97\u8282\u70b9\u548c\u7f51\u7edc\u8282\u70b9\u7684\u5173\u7cfb\uff0c\u53ef\u4ee5\u662f\u4e00\u5bf9\u4e00\uff0c\u53ef\u4ee5\u662f\u591a\u5bf9\u4e00\u3002 \u89e3\u51b3Router Gateway\u7aef\u53e3\u8f6c\u53d1\u7684\u95ee\u9898 \u00b6 \u5c06\u539f\u672c\u57fa\u4e8e\u6d6e\u52a8IP\u7684\u7aef\u53e3\u6620\u5c04\u6539\u4e3a\u57fa\u4e8eRouter\u7684External Gateway\u7684\u65b9\u5f0f\u3002\u539f\u56e0\u6709\u4e8c\uff1a \u57fa\u4e8e\u6d6e\u52a8IP\u7684\u7aef\u53e3\u6620\u5c04\uff0c\u5bf9\u4e8e\u539f\u672c\u5c31\u8981\u4f7f\u7528Router\u7684External Gateway\u7684\u7528\u6237\u5c31\u4f1a\u591a\u5360\u7528\u4e00\u4e2a\u5916\u90e8\u7f51\u7edc\u7684IP\uff0c\u4e3a\u51cf\u5c11\u5916\u90e8\u7f51\u7edcIP\u7684\u4f7f\u7528\u6539\u7528External Gateway\u7684\u65b9\u5f0f\u8fdb\u884c\u7aef\u53e3\u6620\u5c04\u3002 \u57fa\u4e8e\u6d6e\u52a8IP\u7684\u7aef\u53e3\u6620\u5c04\uff0c\u4f9d\u8d56Router\u7684\u7f51\u7edc\u547d\u540d\u7a7a\u95f4\u6765\u505aNAT\uff0c\u4e0d\u5f00\u542fL3 HA\u65f6\uff0c\u540c\u4e00\u5b50\u7f51\u5728\u7ed1\u5b9a\u591a\u4e2aRouter\u540e\uff0c\u7531\u4e8e\u7aef\u53e3\u6620\u5c04\u521b\u5efa\u7684\u903b\u8f91\uff0cNAT\u4f1a\u53d1\u751f\u5728\u5b50\u7f51\u7f51\u5173\u5730\u5740\u6240\u5728\u7684Router\u7684\u7f51\u7edc\u547d\u540d\u7a7a\u95f4\u4e2d\uff08\u7279\u5b9a\u7684\u7f51\u7edc\u8282\u70b9\uff09\uff0c\u4e0d\u4f1a\u5206\u6563\u5728\u5404\u4e2aRouter\u7684\u7f51\u7edc\u547d\u540d\u7a7a\u95f4\u4e2d\uff08\u6bcf\u4e2a\u7f51\u7edc\u8282\u70b9\uff09\u3002\u8fd9\u6837\u5728\u7aef\u53e3\u6620\u5c04\u65f6\uff0c\u4f1a\u589e\u52a0\u7f51\u7edc\u8282\u70b9\u7684\u538b\u529b\u3002 \u5b9e\u73b0\u65b9\u5f0f\u548c\u57fa\u4e8e\u6d6e\u52a8IP\u7684\u7aef\u53e3\u6620\u5c04\u7c7b\u4f3c\uff0c\u4e0e\u4e4b\u4e0d\u540c\u7684\u662fExternal Gateway\u4e0d\u9700\u8981\u9009\u62e9Router\uff0c\u56e0\u4e3aExternal Gateway\u672c\u6765\u548cRouter\u5c31\u662f\u76f8\u5173\u8054\u7684\u3002\u57fa\u4e8e\u6d6e\u52a8IP\u7684\u7aef\u53e3\u6620\u5c04\u5728\u9009\u62e9Router\u65f6\uff0c\u9009\u62e9\u7684\u662f\u5b50\u7f51\u7684\u7f51\u5173\u5730\u5740\u6240\u5728\u7684Router\u3002 \u6700\u540e\uff0c\u5728\u5b9e\u73b0\u4e0a\u9762\u4e09\u4e2a\u90e8\u5206\u540e\uff0c\u7528\u6237\u5b9e\u73b0\u6d41\u91cf\u5206\u6563\u7684\u6b65\u9aa4\u5982\u4e0b\u3002 \u7528\u6237\u4fee\u6539neutron-dhcp-agent\u7684\u914d\u7f6e\u6587\u4ef6\uff0c\u4fee\u6539\u8ba1\u7b97\u8282\u70b9\u548c\u7f51\u7edc\u8282\u70b9\u7684\u6620\u5c04\u5173\u7cfb\u3002\u4f8b\u5982\u4e09\u4e2a\u7f51\u7edc\u8282\u70b9\u3001\u4e09\u4e2a\u8ba1\u7b97\u8282\u70b9\uff0c\u914d\u7f6ecompute-1\u8d70network-1\u8282\u70b9\uff0ccompute-2\u548ccompute-3\u8d70network-2\u8282\u70b9\u3002 \u5229\u7528neutron\u7684API\u521b\u5efa\u591a\u4e2aRouter\u5e76\u6307\u5b9a\u7f51\u7edc\u8282\u70b9\uff0c\u5e76\u5c06Router\u7ed1\u5b9a\u5230\u540c\u4e00\u5b50\u7f51\u3002 \u5229\u7528\u5b50\u7f51\u7f51\u7edc\u521b\u5efa\u591a\u4e2a\u865a\u62df\u673a\u5b9e\u4f8b\u3002 \u865a\u62df\u673a\u5b9e\u4f8b\u7684\u7f51\u7edc\u6d41\u91cf\u7684\u6d41\u5411\u5982\u4e0b\u56fe\u6240\u793a\u3002 \u53ef\u4ee5\u770b\u5230\uff0cVM-1\u8bbf\u95ee\u5916\u90e8\u7f51\u7edc\u7ecf\u8fc7\u7684\u662fnetwork-1\u8282\u70b9\uff0cVM-2\u548cVM-3\u8bbf\u95ee\u5916\u90e8\u7f51\u7edc\u7ecf\u8fc7\u7684\u662fnetwork-2\u8282\u70b9\u3002\u540c\u65f6VM-1\u3001VM-2\u548cVM-3\u53c8\u662f\u5728\u540c\u4e00\u4e2a\u5b50\u7f51\u4e0b\uff0c\u53ef\u4ee5\u4e92\u76f8\u8bbf\u95ee\u3002 API \u00b6 \u67e5\u770b\u8def\u7531\u5668\u7f51\u5173\u7aef\u53e3\u8f6c\u53d1\u5217\u8868 \u00b6 GET /v2.0/routers/{router_id}/gateway_port_forwardings Response { \"gateway_port_forwardings\": [ { \"id\": \"67a70b09-f9e7-441e-bd49-7177fe70bb47\", \"external_port\": 34203, \"protocol\": \"tcp\", \"internal_port_id\": \"b671c61a-95c3-49cd-89f2-b7e817d1f486\", \"internal_ip_address\": \"172.16.0.196\", \"internal_port\": 518, \"gw_ip_address\": \"192.168.57.234\" } ] } \u67e5\u770b\u8def\u7531\u5668\u7f51\u5173\u7aef\u53e3\u8f6c\u53d1 \u00b6 GET /v2.0/routers/{router_id}/gateway_port_forwardings/{port_forwarding_id} Response { \"gateway_port_forwarding\": { \"id\": \"67a70b09-f9e7-441e-bd49-7177fe70bb47\", \"external_port\": 34203, \"protocol\": \"tcp\", \"internal_port_id\": \"b671c61a-95c3-49cd-89f2-b7e817d1f486\", \"internal_ip_address\": \"172.16.0.196\", \"internal_port\": 518, \"gw_ip_address\": \"192.168.57.234\" } } \u521b\u5efa\u8def\u7531\u5668\u7f51\u5173\u7aef\u53e3\u8f6c\u53d1 \u00b6 POST /v2.0/routers/{router_id}/gateway_port_forwardings Request Body { \"gateway_port_forwarding\": { \"external_port\": int, \"internal_port\": int, \"internal_ip_address\": \"string\", \"protocol\": \"tcp\", \"internal_port_id\": \"string\" } } Response { \"gateway_port_forwarding\": { \"id\": \"da554833-b756-4626-9900-6256c361f94b\", \"external_port\": 14122, \"protocol\": \"tcp\", \"internal_port_id\": \"b671c61a-95c3-49cd-89f2-b7e817d1f486\", \"internal_ip_address\": \"172.16.0.196\", \"internal_port\": 3634, \"gw_ip_address\": \"192.168.57.234\" } } \u66f4\u65b0\u8def\u7531\u5668\u7f51\u5173\u7aef\u53e3\u8f6c\u53d1 \u00b6 PUT /v2.0/routers/{router_id}/gateway_port_forwardings/{port_forwarding_id} Request Body { \"gateway_port_forwarding\": { \"external_port\": int, \"internal_port\": int, \"internal_ip_address\": \"string\", \"protocol\": \"tcp\", \"internal_port_id\": \"string\" } } Response { \"gateway_port_forwarding\": { \"id\": \"da554833-b756-4626-9900-6256c361f94b\", \"external_port\": 14122, \"protocol\": \"tcp\", \"internal_port_id\": \"b671c61a-95c3-49cd-89f2-b7e817d1f486\", \"internal_ip_address\": \"172.16.0.196\", \"internal_port\": 3634, \"gw_ip_address\": \"192.168.57.234\" } } \u5220\u9664\u8def\u7531\u5668\u7f51\u5173\u7aef\u53e3\u8f6c\u53d1 \u00b6 DELETE /v2.0/routers/{router_id}/gateway_port_forwardings/{port_forwarding_id} \u65b0\u5efa\u8def\u7531\u5668 \u00b6 POST /v2.0/routers Request Body { \"router\": { \"name\": \"string\", \"admin_state_up\": true, \"configurations\": { \"preferred_agent\": \"string\", \"master_agent\": \"string\", \"slave_agents\": [ \"string\" ] } } } \u66f4\u65b0\u8def\u7531\u5668 \u00b6 PUT /v2.0/routers/{router_id} Request Body { \"router\": { \"name\": \"string\", \"admin_state_up\": true, \"configurations\": { \"preferred_agent\": \"string\", \"master_agent\": \"control01\", \"slave_agents\": [ \"control01\" ] } } } \u5f00\u53d1\u8282\u594f \u00b6 2023-07-28\u52302023-08-30 \u5b8c\u6210\u5f00\u53d1 2023-09-01\u52302023-11-15 \u6d4b\u8bd5\u3001\u95ee\u9898\u4fee\u590d 2023-11-30\u5f15\u5165openEuler 20.03 LTS SP4\u7248\u672c 2023-12-30\u5f15\u5165openEuler 22.03 LTS SP3\u7248\u672c","title":"\u6d41\u91cf\u5206\u6563"},{"location":"spec/distributed-traffic/#_1","text":"","title":"\u6d41\u91cf\u5206\u6563"},{"location":"spec/distributed-traffic/#_2","text":"OpenStack\u4e3a\u7528\u6237\u63d0\u4f9b\u8ba1\u7b97\u548c\u7f51\u7edc\u670d\u52a1\u3002\u7528\u6237\u521b\u5efa\u865a\u62df\u673a\u5e76\u8fde\u63a5Router\u53ef\u4ee5\u8bbf\u95ee\u5916\u90e8\u7f51\u7edc\uff0c\u540c\u65f6\u53ef\u4ee5\u5f00\u542f\u6d6e\u52a8IP\u7684\u7aef\u53e3\u6620\u5c04\uff0c\u8ba9\u5916\u90e8\u7f51\u7edc\u7684\u8bbe\u5907\u8bbf\u95ee\u865a\u62df\u673a\u5185\u90e8\u7684\u670d\u52a1\u3002\u4f46\u4e0e\u6b64\u540c\u65f6\uff0c\u968f\u7740\u865a\u62df\u673a\u548c\u6d6e\u52a8IP \u7aef\u53e3\u6620\u5c04\u7684\u6570\u91cf\u7684\u589e\u591a\uff0c\u7f51\u7edc\u8282\u70b9\u7684\u538b\u529b\u4e5f\u8d8a\u6765\u8d8a\u5927\uff0c\u5fc5\u987b\u627e\u5230\u5206\u6563\u7f51\u7edc\u8282\u70b9\u6d41\u91cf\uff0c\u758f\u89e3\u7f51\u7edc\u8282\u70b9\u538b\u529b\u7684\u65b9\u6cd5\u3002\u672c\u65b9\u6848\u5b9e\u73b0\u4e86\u5728OpenStack\u73af\u5883\u4e2d\u5c06\u7f51\u7edc\u8282\u70b9\u6d41\u91cf\u5206\u6563\uff0c\u4fdd\u8bc1\u517c\u5bb9\u652f\u6301L3 HA\u548cDVR\uff0c\u540c\u65f6\u53c8\u5c06\u7f51\u7edc\u8d44\u6e90\u4f7f\u7528\u6700\u5c0f\u5316\u3002","title":"\u6982\u8ff0"},{"location":"spec/distributed-traffic/#_3","text":"\u7528\u6237\u521b\u5efa\u865a\u62df\u673a\u5e76\u8fde\u63a5Router\u7684\u57fa\u672c\u6d41\u7a0b\u5982\u4e0b\u3002 \u7528\u6237\u63d0\u524d\u521b\u5efa\u5185\u90e8\u7f51\u7edc\u548c\u5916\u90e8\u7f51\u7edc\u3002 \u521b\u5efaRouter\u65f6\u6307\u5b9aExternal Gateway\u4e3a\u63d0\u524d\u521b\u5efa\u7684\u5916\u90e8\u7f51\u7edc\u3002 \u5c06Router\u548c\u521b\u5efa\u597d\u7684\u5185\u90e8\u7f51\u7edc\u8fdb\u884c\u8fde\u63a5\u3002 \u521b\u5efa\u865a\u62df\u673a\u5b9e\u4f8b\u65f6\u6307\u5b9a\u5185\u90e8\u7f51\u7edc\u3002 \u5229\u7528\u521b\u5efa\u7684\u5916\u90e8\u7f51\u7edc\u521b\u5efa\u6d6e\u52a8IP\u3002 \u4e3a\u865a\u62df\u673a\u5b9e\u4f8b\u5f00\u542f\u6d6e\u52a8IP\u7aef\u53e3\u6620\u5c04\u3002 \u7ecf\u8fc7\u4e0a\u9762\u7684\u64cd\u4f5c\uff0c\u7528\u6237\u521b\u5efa\u7684\u865a\u62df\u673a\u5b9e\u4f8b\u53ef\u4ee5\u8bbf\u95ee\u5230\u5916\u90e8\u7f51\u7edc\uff0c\u5916\u90e8\u7f51\u7edc\u7684\u8bbe\u5907\u4e5f\u53ef\u4ee5\u6839\u636e\u6d6e\u52a8IP\u6307\u5b9a\u7684\u7aef\u53e3\u8bbf\u95ee\u865a\u62df\u673a\u5b9e\u4f8b\u5185\u90e8\u7684\u670d\u52a1\u3002 \u5728\u4e00\u4e2a\u57fa\u672c\u7684OpenStack\u73af\u5883\u4e2d\u865a\u62df\u673a\u5b9e\u4f8b\u7684\u6d41\u91cf\u8d70\u5411\u5982\u4e0b\u6240\u793a\u3002 \u5728\u7528\u6237\u521b\u5efa\u5b8c\u591a\u4e2a\u5b9e\u4f8b\u540e\uff0c\u865a\u62df\u673a\u5b9e\u4f8b\u53ef\u80fd\u4f1a\u5747\u5300\u5206\u5e03\u5728\u5404\u4e2a\u8ba1\u7b97\u8282\u70b9\uff0c\u865a\u62df\u673a\u7684\u6d41\u91cf\u8d70\u5411\u53ef\u80fd\u5982\u4e0b\u56fe\u6240\u793a\u3002 \u53ef\u4ee5\u770b\u5230\uff0c\u4e0d\u8bba\u865a\u62df\u673a\u7684\u4e1c\u897f\u6d41\u91cf\u8fd8\u662f\u5357\u5317\u6d41\u91cf\u90fd\u4f1a\u7ecf\u8fc7Network-1\u8282\u70b9\uff0c\u8fd9\u65e0\u7591\u52a0\u5927\u4e86\u7f51\u7edc\u8282\u70b9\u7684\u8d1f\u8f7d\uff0c\u540c\u65f6\u5f53\u7f51\u7edc\u8282\u70b9\u53d1\u751f\u6545\u969c\u65f6\u4e0d\u80fd\u5f88\u597d\u7684\u8fdb\u884c\u6545\u969c\u6062\u590d\u3002 \u90a3\u4e48\u662f\u5426\u53ef\u4ee5\u5c06\u540c\u4e00\u5b50\u7f51\u7ed1\u5b9a\u591a\u4e2aRouter\uff0c\u5728OpenStack\u4e2d\u540c\u4e00\u5b50\u7f51\u53ef\u4ee5\u7ed1\u5b9a\u591a\u4e2aRouter\uff0c\u4f46\u662f\u5b50\u7f51\u5728\u7ed1\u5b9aRouter\u65f6\u9ed8\u8ba4\u4f1a\u5c06\u5b50\u7f51\u7684\u7f51\u5173\u5730\u5740\u7ed1\u5b9a\u5230Router\u4e0a\uff0c\u4e00\u4e2a\u5b50\u7f51\u53ea\u6709\u4e00\u4e2a\u7f51\u5173\u5730\u5740\uff0c\u540c\u65f6\u8fd9\u4e2a\u7f51\u5173\u5730\u5740\u53c8\u4f1a\u5728DHCP\u670d\u52a1\u4e2d\u7528\u5230\uff0c\u7528\u4e8e\u7ed9\u865a\u62df\u673a\u5b9e\u4f8b\u63d0\u4f9b\u4e0b\u4e00\u8df3\u7684\u7f51\u5173\u5730\u5740\uff0c\u4e8e\u662f\u4e4e\u5373\u4f7f\u5c06\u5b50\u7f51\u7ed1\u5b9a\u5230\u591a\u4e2aRouter\u4e0a\uff0c\u865a\u62df\u673a\u5185\u90e8\u4e0b\u4e00\u8df3\u7684\u7f51\u5173\u5730\u5740\u8fd8\u4f1a\u662f\u5b50\u7f51\u7684\u7f51\u5173\u5730\u5740\uff0c\u800c\u4e14Router\u9009\u62e9\u7684\u7f51\u7edc\u8282\u70b9\u7528\u6237\u662f\u4e0d\u53ef\u63a7\u7684\uff0c\u96be\u514d\u4f1a\u51fa\u73b0\u867d\u7136\u5b50\u7f51\u7ed1\u5b9a\u4e86\u4e24\u4e2aRouter\uff0c\u4f46\u662f\u8fd9\u4e24\u4e2aRouter\u5728\u540c\u4e00\u4e2a\u7f51\u7edc\u8282\u70b9\u4e0a\u7684\u5c34\u5c2c\u573a\u9762\u3002 \u4e3a\u4e86\u5206\u6563\u6d41\u91cfOpenStack\u6709\u5e94\u5bf9\u7684\u7b56\u7565\uff0c\u53ef\u4ee5\u5c06neutron\u7684DVR\u529f\u80fd\u6253\u5f00\uff0c\u4e3a\u9884\u9632\u7f51\u7edc\u8282\u70b9\u7684\u5355\u70b9\u6545\u969c\u4e5f\u53ef\u4ee5\u6253\u5f00neutron\u7684L3 HA\uff0c\u4f46\u662f\u4e0a\u8ff0\u65b9\u6cd5\u4e5f\u6709\u5b83\u4eec\u7684\u5c40\u9650\u6027\u3002 DVR\u7684\u6d41\u91cf\u5206\u6563\u6709\u6bd4\u8f83\u5927\u7684\u5c40\u9650\u6027\uff0c\u539f\u56e0\u6709\u4ee5\u4e0b\u51e0\u70b9\u3002 DVR\u53ea\u662f\u4f5c\u7528\u4e8e\u540c\u4e00Router\u4e0b\u4e0d\u540c\u8ba1\u7b97\u8282\u70b9\u7684\u865a\u62df\u673a\u5b9e\u4f8b\u4e4b\u95f4\u7684\u4e1c\u897f\u6d41\u91cf\uff0c\u5df2\u7ecf\u7ed1\u5b9a\u6d6e\u52a8IP\u865a\u62df\u673a\u7684\u5357\u5317\u6d41\u91cf\uff0c\u5bf9\u4e8e\u672a\u7ed1\u5b9a\u6d6e\u52a8IP\u7684\u865a\u62df\u673a\u8bbf\u95ee\u5916\u90e8\u7f51\u7edc\u4f9d\u636e\u9700\u8981\u7ecf\u8fc7\u7f51\u7edc\u8282\u70b9\u3002 \u751f\u4ea7\u73af\u5883\u4e0b\uff0c\u7ed9\u6bcf\u4e2a\u865a\u62df\u673a\u90fd\u7ed1\u5b9a\u6d6e\u52a8IP\u662f\u4e0d\u5207\u5b9e\u9645\u7684\uff0c\u4f46\u662f\u53ef\u4ee5\u901a\u8fc7\u5f00\u542f\u6d6e\u52a8IP\u7684\u7aef\u53e3\u6620\u5c04\uff0c\u8ba9\u591a\u53f0\u865a\u62df\u673a\u5bf9\u5e94\u4e00\u4e2a\u6d6e\u52a8IP\uff0c\u4f46\u5728\u76ee\u524d\u7684OpenStack\u7248\u672c\u4e2d\uff0c\u4e0d\u8bba\u662f\u5426\u5f00\u542fDVR\uff0c\u6d6e\u52a8IP\u7684\u7aef\u53e3\u6620\u5c04\u7684\u5b9e\u73b0\u90fd\u662f\u5728\u7f51\u7edc\u8282\u70b9\u7684\u7f51\u7edc\u547d\u540d\u7a7a\u95f4\u4e2d\u5b8c\u6210\u7684\u3002 \u6700\u540e\u4e00\u70b9\uff0cDVR\u6a21\u5f0f\u4e0b\uff0c\u4e3a\u4e86\u8ba9\u865a\u62df\u673a\u7684\u5357\u5317\u6d41\u91cf\u4e0d\u7ecf\u8fc7\u7f51\u7edc\u8282\u70b9\uff0c\u4ece\u8ba1\u7b97\u8282\u70b9\u4e0a\u76f4\u63a5\u8d70\u51fa\uff0c\u90fd\u4f1a\u5728\u6bcf\u4e2a\u8ba1\u7b97\u8282\u70b9\u4e0a\u751f\u6210\u4e00\u4e2afip\u5f00\u5934\u7684\u7f51\u7edc\u547d\u540d\u7a7a\u95f4\uff0c\u5373\u4f7f\u865a\u62df\u673a\u4e0d\u4f1a\u7ed1\u5b9a\u6d6e\u52a8IP\u3002\u800c\u8fd9\u4e2afip\u7f51\u7edc\u547d\u540d\u7a7a\u95f4\u4e2d\u4f1a\u5360\u7528\u4e00\u4e2a\u5916\u90e8\u7f51\u7edc\u7684IP\u5730\u5740\uff0c\u8fd9\u65e0\u7591\u4f1a\u52a0\u5927\u7f51\u7edc\u8d44\u6e90\u7684\u6d88\u8017\u3002 L3 HA\u4e5f\u6709\u51e0\u70b9\u4e0d\u8db3\uff0c\u5f00\u542fL3 HA\u540e\uff0cRouter\u5229\u7528keepalived\u4f1a\u5728\u51e0\u4e2a\u7f51\u7edc\u8282\u70b9\u4e4b\u95f4\u8fdb\u884c\u9009\u62e9\uff0c\u53ea\u6709Keepalived\u7684\u72b6\u6001\u4e3aMaster \u7684\u7f51\u7edc\u8282\u70b9\u624d\u4f1a\u62c5\u4efb\u771f\u6b63\u7684\u6d41\u91cf\u8fd0\u8f93\u7684\u4efb\u52a1\uff0c\u800c\u5bf9\u4e8e\u7f51\u7edc\u8282\u70b9\u9009\u62e9\uff0c\u7528\u6237\u65e0\u6743\u5e72\u6d89\u3002\u867d\u7136neutron\u4e2d\u7ed9\u51fa\u4e86Router\u7684\u9ed8\u8ba4\u8c03\u5ea6\u7b56\u7565\uff0c\u4e5f\u5c31\u662f\u6700\u5c11Router\u6570\uff0cRouter\u4f1a\u8c03\u5ea6\u5230Router\u4e2a\u6570\u6700\u5c11\u7684\u7f51\u7edc\u8282\u70b9\u4e0a\u3002\u800c\u4e14\u5728\u5e95\u5c42keepalived\u5f00\u542f\u7684\u6a21\u5f0f\u662f\u975e\u62a2\u5360\u7684\uff0c\u4e5f\u5c31\u662f\u5f53vip\u53d1\u751f\u6f02\u79fb\u540e\uff0c\u5373\u4f7f\u4e3b\u670d\u52a1\u5668\u6062\u590d\u6b63\u5e38\uff0c\u4e5f\u4e0d\u4f1a\u81ea\u52a8\u5c06\u8d44\u6e90\u4ece\u5907\u7528\u670d\u52a1\u5668\u624b\u4e2d\u62a2\u5360\u56de\u6765\uff0c\u8fd9\u53c8\u589e\u52a0\u4e86\u5bf9\u4e8e\u771f\u6b63\u8fd0\u884cRouter\u7684\u7f51\u7edc\u8282\u70b9\u7684\u4e0d\u786e\u5b9a\u6027\u3002 \u603b\u7ed3\u4e00\u4e0b\uff0c\u73b0\u6709\u7684\u6280\u672f\u65b9\u6848\u505a\u4e0d\u5230\u771f\u6b63\u7684\u6d41\u91cf\u5206\u53d1\uff0c\u5373\u4f7f\u5728\u5f00\u542fDVR\u540e\uff0c\u4e00\u65b9\u9762\u4f1a\u6709\u4e00\u4e9b\u989d\u5916\u7f51\u7edc\u8d44\u6e90\u7684\u635f\u8017\uff0c\u540c\u65f6\u53c8\u56e0\u4e3aRouter\u7684\u7f51\u7edc\u8282\u70b9\u7684\u4e0d\u786e\u5b9a\u6027\uff0c\u5bfc\u81f4\u865a\u62df\u673a\u7684\u5357\u5317\u6d41\u91cf\u65e0\u6cd5\u505a\u5230\u5f88\u597d\u7684\u5206\u53d1\u3002","title":"\u80cc\u666f"},{"location":"spec/distributed-traffic/#_4","text":"\u5b9e\u73b0DVR\u6a21\u5f0f\u548cL3 HA\u6a21\u5f0f\u4e0b\u4ee5\u53caLegacy\u6a21\u5f0f\u4e0b\u7f51\u7edc\u5206\u53d1\u3002\u9996\u5148\u8981\u89e3\u51b3\u4ee5\u4e0b\u51e0\u4e2a\u6280\u672f\u95ee\u9898\uff1a Router\u53ef\u4ee5\u6307\u5b9a\u7f51\u7edc\u8282\u70b9\uff0c\u4e0d\u8bba\u662f\u5426\u5f00\u542fL3 HA\u3002 \u540c\u4e00\u5b50\u7f51\u7ed1\u5b9a\u591a\u4e2aRouter\u65f6\uff0cDHCP\u670d\u52a1\u80fd\u4e3a\u4e0d\u540c\u8ba1\u7b97\u8282\u70b9\u7684\u865a\u62df\u673a\u63d0\u4f9b\u4e0d\u540c\u7684\u8def\u7531\u65b9\u5f0f\u3002 \u5728\u7528\u6237\u4f7f\u7528\u7aef\u53e3\u6620\u5c04\u65f6\uff0c\u53ef\u4ee5\u5c06Router\u7684External Gateway\u7684IP\u5730\u5740\u4f5c\u4e3a\u5916\u90e8\u7f51\u7edc\u7684\u5730\u5740\u3002","title":"\u9700\u8981\u89e3\u51b3\u7684\u95ee\u9898"},{"location":"spec/distributed-traffic/#_5","text":"","title":"\u5b9e\u73b0\u65b9\u6848"},{"location":"spec/distributed-traffic/#l3-agent","text":"\u9996\u5148\u4fee\u6539Router\u7684\u5e95\u5c42\u6570\u636e\u5e93\u4e3a\u5176\u6dfb\u52a0\u4e00\u4e2aconfigurations\u5b57\u6bb5\uff0c\u7528\u4e8e\u5b58\u50a8Router\u7684\u76f8\u5173\u914d\u7f6e\u4fe1\u606f\uff0cconfigurations\u7684\u683c\u5f0f\u5982\u4e0b\u6240\u793a\u3002 { \"configurations\": { \"preferred_agent\": \"network-1\" } } \u5728\u672a\u5f00\u542fL3 HA\u65f6\uff0cpreferred_agent\u5b57\u6bb5\u7528\u4e8e\u6307\u5b9aRouter\u4f4d\u4e8e\u7684\u7f51\u7edc\u8282\u70b9\u3002 \u5728\u5f00\u542fL3 HA\u65f6\uff0cconfigurations\u7684\u683c\u5f0f\u5982\u4e0b\u6240\u793a\u3002 { \"configurations\": { \"slave_agents\": [ \"compute-1\" ], \"master_agent\": \"network-1\" } } master_agent\u7528\u4e8e\u6307\u5b9aMaster\u89d2\u8272\u7684\u7f51\u7edc\u8282\u70b9\uff0cslave_agents\u7528\u4e8e\u6307\u5b9aSlave\u89d2\u8272\u7684\u7f51\u7edc\u8282\u70b9\u6570\u7ec4\u3002 \u7136\u540e\u8981\u4fee\u6539Router\u7684\u521b\u5efa\u903b\u8f91\uff0c\u9700\u8981\u4e3aRouter\u65b0\u589e\u4e00\u4e2a\u8c03\u5ea6\u65b9\u6cd5\u3002Neutron\u4e2drouter_scheduler_driver\u9ed8\u8ba4\u662fLeastRoutersScheduler\uff08\u6700\u5c11Router\u4e2a\u6570\u7684\u7f51\u7edc\u8282\u70b9\uff09\uff0c\u7ee7\u627f\u8be5\u7c7b\u65b0\u589e\u8c03\u5ea6\u65b9\u6cd5\uff0c\u53ef\u4ee5\u6839\u636eRouter\u7684configurations\u5b57\u6bb5\u9009\u62e9\u6307\u5b9a\u7684\u7f51\u7edc\u8282\u70b9\u3002 \u6700\u540e\u9700\u8981\u4fee\u6539neutron-l3-agent\u7684Router\u66f4\u65b0\u7684\u903b\u8f91\u4ee3\u7801\uff0c\u7531\u4e8eneutron-l3-agent\u542f\u52a8\u65f6\u4f1a\u521d\u59cb\u5316\u4e00\u4e2a\u8d44\u6e90\u961f\u5217\u7528\u4e8e\u66f4\u65b0\u8d44\u6e90\u72b6\u6001\uff0c\u540c\u65f6\u5f00\u542f\u4e00\u4e2a\u5b88\u62a4\u7ebf\u7a0b\u7528\u4e8e\u8bfb\u53d6\u8d44\u6e90\u961f\u5217\uff0c\u6bcf\u6b21\u7f51\u7edc\u8d44\u6e90\u72b6\u6001\u6709\u53d8\u5316\uff08\u521b\u5efa\u3001\u5220\u9664\u6216\u8005\u66f4\u65b0\uff09\u65f6\uff0c\u5c31\u4f1a\u6dfb\u52a0\u5230\u8be5\u961f\u5217\u4e2d\uff0c\u6700\u540e\u6839\u636e\u8d44\u6e90\u7684\u7c7b\u578b\u548c\u72b6\u6001\u786e\u5b9a\u5c06\u8981\u6267\u884c\u7684\u52a8\u4f5c\u3002 \u8fd9\u91ccRouter\u521b\u5efa\u5b8c\u540e\uff0cneutron-l3-agent\u6700\u540e\u4f1a\u6267\u884c_process_added_router\u65b9\u6cd5\uff0c\u5148\u8c03\u7528RouterInfo\u7684initialize\u65b9\u6cd5\uff0c\u518d\u8c03\u7528process\u65b9\u6cd5\u3002 initialize\u65b9\u6cd5\u4e3b\u8981\u6d89\u53ca\u5230Router\u4fe1\u606f\u7684\u4e00\u4e9b\u521d\u59cb\u5316\uff0c\u5305\u62ec\u7f51\u7edc\u547d\u540d\u7a7a\u95f4\u7684\u521b\u5efa\u3001port\u7684\u521b\u5efa\u3001keepalived\u8fdb\u7a0b\u7684\u521d\u59cb\u5316\u7b49\u7b49\u3002 process\u65b9\u6cd5\u4e2d\u4f1a\u505a\u4e0b\u9762\u51e0\u4e2a\u64cd\u4f5c\u3002 \u8bbe\u7f6e\u5185\u90e8\u7684Port\uff0c\u7528\u4e8e\u8fde\u63a5\u5185\u90e8\u7f51\u7edc\uff1b \u8bbe\u7f6e\u5916\u90e8Port\uff0c\u7528\u4e8e\u8fde\u63a5\u5916\u90e8\u7f51\u7edc\uff1b \u66f4\u65b0\u8def\u7531\u8868\uff1b \u5bf9\u4e8e\u5f00\u542fL3 HA\u7684Router\uff0c\u9700\u8981\u8bbe\u7f6eHA\u7684Port\uff0c\u7136\u540e\u5f00\u542fkeepalived\u8fdb\u7a0b\u3002 \u5bf9\u4e8e\u5f00\u542fDVR\u7684Router\uff0c\u8fd8\u9700\u8981\u8bbe\u7f6e\u4e00\u4e0bfip\u547d\u540d\u7a7a\u95f4\u4e2d\u7684Port\u3002 \u8fd9\u91cc\u53ea\u9700\u8981\u8003\u8651L3 HA\u5f00\u542f\u7684\u60c5\u51b5\uff0c\u56e0\u4e3a\u5728\u672a\u5f00\u542fL3 HA\u65f6\uff0cneutron-server\u521b\u5efa\u5b8cRouter\u540e\uff0c\u7ecf\u8fc7\u65b0\u7684\u8c03\u5ea6\u65b9\u6cd5\u9009\u62e9\u7279\u5b9a\u7684\u7f51\u7edc\u8282\u70b9\uff0cRPC\u8c03\u7528\u76f4\u63a5\u53d1\u9001\u7ed9\u7279\u5b9a\u7f51\u7edc\u8282\u70b9\u7684neutron-l3-agent\u670d\u52a1\u3002\u5f00\u542fL3 HA\u65f6\uff0c\u8c03\u5ea6\u65b9\u6cd5\u4f1a\u9009\u62e9\u51famaster\u548cslave\u7f51\u7edc\u8282\u70b9\uff0c\u5e76\u4e14RPC\u8c03\u7528\u4f1a\u53d1\u9001\u7ed9\u8fd9\u4e9b\u7f51\u7edc\u8282\u70b9\u4e0a\u7684neutron-l3-agent\u670d\u52a1\u3002 neutron-l3-agent\u4f1a\u4e3a\u6bcf\u4e2aRouter\u542f\u52a8\u4e00\u4e2akeepalived\u8fdb\u7a0b\u7528\u4e8eL3 HA\uff0c\u6240\u4ee5\u9700\u8981\u5728keepalived\u521d\u59cb\u5316\u65f6\uff0c\u5c06keepalived\u542f\u52a8\u903b\u8f91\u4fee\u6539\u3002\u5229\u7528configurations\u5b57\u6bb5\u7684\u4fe1\u606f\uff0c\u83b7\u53d6master\u548cslave\u7f51\u7edc\u8282\u70b9\uff0c\u540c\u65f6\u548c\u5f53\u524d\u7f51\u7edc\u8282\u70b9\u7684\u4fe1\u606f\u5224\u65ad\uff0c\u786e\u5b9a\u7f51\u7edc\u8282\u70b9\u7684\u89d2\u8272\u3002\u6700\u540e\uff0c\u56e0\u4e3a\u6307\u5b9a\u4e86master\u548cslave\u8282\u70b9\uff0c\u907f\u514d\u51fa\u73b0master\u7f51\u7edc\u8282\u70b9\u5b95\u673a\u6062\u590d\u540e\uff0cvip\u4f9d\u65e7\u5728slave\u8282\u70b9\u7684\u60c5\u51b5\uff0c\u8981\u628akeepalived\u7684\u6a21\u5f0f\u6539\u4e3a\u62a2\u5360\u6a21\u5f0f\u3002","title":"\u89e3\u51b3\u6307\u5b9aL3 agent\u7684\u95ee\u9898"},{"location":"spec/distributed-traffic/#_6","text":"\u89e3\u51b3\u540c\u4e00\u5b50\u7f51\u7ed1\u5b9a\u591a\u4e2aRouter\u540e\uff0c\u865a\u62df\u673a\u5b9e\u4f8b\u7684\u8def\u7531\u95ee\u9898\u3002DHCP\u534f\u8bae\u529f\u80fd\u4e0d\u4ec5\u5305\u62ec\u548cDNS\u670d\u52a1\u5668\u5206\u914d\u8fd8\u5305\u62ec\u7f51\u5173\u5730\u5740\u5206\u914d\uff0c\u4e5f\u5c31\u662f\u53ef\u4ee5\u901a\u8fc7DHCP\u534f\u8bae\u5c06\u8def\u7531\u4fe1\u606f\u4f20\u7ed9\u865a\u62df\u673a\u5b9e\u4f8b\u3002\u5728OpenStack\u4e2d\uff0c\u865a\u62df\u673a\u5b9e\u4f8b\u7684DHCP\u7531neutron-dhcp-agent\u63d0\u4f9b\uff0cneutron-dhcp-agent\u7684\u6838\u5fc3\u529f\u80fd\u57fa\u672c\u7531dnsmasq\u5b8c\u6210\u3002 dnsmasq\u4e2d\u63d0\u4f9btag\u6807\u7b7e\uff0c\u53ef\u4ee5\u4e3a\u6307\u5b9aIP\u5730\u5740\u6dfb\u52a0\u6807\u7b7e\uff0c\u7136\u540e\u53ef\u4ee5\u6839\u636e\u6807\u7b7e\u4e0b\u53d1\u914d\u7f6e\u3002 dnsmasq\u7684host\u914d\u7f6e\u6587\u4ef6\u5982\u4e0b\u6240\u793a\u3002 fa:16:3e:28:a5:0a,host-172-16-0-1.openstacklocal,172.16.0.1,set:subnet-6a4db541-e563-43ff-891b-aa8c05c988c5 fa:16:3e:2b:dd:88,host-172-16-0-10.openstacklocal,172.16.0.10,set:subnet-6a4db541-e563-43ff-891b-aa8c05c988c5 fa:16:3e:a1:96:fc,host-172-16-0-207.openstacklocal,172.16.0.207,set:compute-1-subnet-6a4db541-e563-43ff-891b-aa8c05c988c5 fa:16:3e:45:b4:1a,host-172-16-10-1.openstacklocal,172.16.10.1,set:subnet-faeec4d1-2c0c-4f7a-bc9b-0af562694902 dnsmasq\u7684option\u914d\u7f6e\u6587\u4ef6\u5982\u4e0b\u6240\u793a\u3002 tag:subnet-faeec4d1-2c0c-4f7a-bc9b-0af562694902,option:dns-server,8.8.8.8 tag:subnet-faeec4d1-2c0c-4f7a-bc9b-0af562694902,option:classless-static-route,172.16.0.0/24,0.0.0.0,169.254.169.254/32,172.16.0.2,0.0.0.0/0,172.16.0.1 tag:subnet-faeec4d1-2c0c-4f7a-bc9b-0af562694902,249,172.16.0.0/24,0.0.0.0,169.254.169.254/32,172.16.0.2,0.0.0.0/0,172.16.0.1 tag:subnet-faeec4d1-2c0c-4f7a-bc9b-0af562694902,option:router,172.16.0.1 tag:compute-1-subnet-6a4db541-e563-43ff-891b-aa8c05c988c5,option:classless-static-route,172.16.10.0/24,0.0.0.0,169.254.169.254/32,172.16.0.2,0.0.0.0/0,172.16.0.10 tag:compute-1-subnet-6a4db541-e563-43ff-891b-aa8c05c988c5,249,172.16.0.0/24,0.0.0.0,169.254.169.254/32,172.16.0.2,0.0.0.0/0,172.16.0.10 tag:compute-1-subnet-6a4db541-e563-43ff-891b-aa8c05c988c5,option:router,172.16.0.10 \u53ef\u4ee5\u770b\u5230IP172.16.0.207\u88ab\u6253\u4e0a\u4e86compute-1\u5f00\u5934\u7684tag\uff0c\u5339\u914d\u5230option\u6587\u4ef6\u540e\uff0c172.16.0.207\u7684\u865a\u62df\u673a\u7684\u9ed8\u8ba4\u8def\u7531\u7f51\u5173\u5730\u5740\u5c31\u4f1a\u4ece172.16.0.1\u53d8\u4e3a172.16.0.10\u3002\u5f53\u7136\u8fd9\u4e00\u5207\u7684\u524d\u63d0\u5b50\u7f51\u9700\u8981\u7ed1\u5b9a\u591a\u4e2aRouter\u3002 \u540c\u65f6\u4e3aneutron-dhcp-agent\u63d0\u4f9b\u53ef\u4f9b\u7ba1\u7406\u5458\u4fee\u6539\u7684\u914d\u7f6e\u9879\uff0c\u7528\u4e8e\u6307\u5b9a\u8ba1\u7b97\u8282\u70b9\u548c\u7f51\u7edc\u8282\u70b9\u7684\u5173\u7cfb\uff0c\u53ef\u4ee5\u662f\u4e00\u5bf9\u4e00\uff0c\u53ef\u4ee5\u662f\u591a\u5bf9\u4e00\u3002","title":"\u89e3\u51b3\u8def\u7531\u95ee\u9898"},{"location":"spec/distributed-traffic/#router-gateway","text":"\u5c06\u539f\u672c\u57fa\u4e8e\u6d6e\u52a8IP\u7684\u7aef\u53e3\u6620\u5c04\u6539\u4e3a\u57fa\u4e8eRouter\u7684External Gateway\u7684\u65b9\u5f0f\u3002\u539f\u56e0\u6709\u4e8c\uff1a \u57fa\u4e8e\u6d6e\u52a8IP\u7684\u7aef\u53e3\u6620\u5c04\uff0c\u5bf9\u4e8e\u539f\u672c\u5c31\u8981\u4f7f\u7528Router\u7684External Gateway\u7684\u7528\u6237\u5c31\u4f1a\u591a\u5360\u7528\u4e00\u4e2a\u5916\u90e8\u7f51\u7edc\u7684IP\uff0c\u4e3a\u51cf\u5c11\u5916\u90e8\u7f51\u7edcIP\u7684\u4f7f\u7528\u6539\u7528External Gateway\u7684\u65b9\u5f0f\u8fdb\u884c\u7aef\u53e3\u6620\u5c04\u3002 \u57fa\u4e8e\u6d6e\u52a8IP\u7684\u7aef\u53e3\u6620\u5c04\uff0c\u4f9d\u8d56Router\u7684\u7f51\u7edc\u547d\u540d\u7a7a\u95f4\u6765\u505aNAT\uff0c\u4e0d\u5f00\u542fL3 HA\u65f6\uff0c\u540c\u4e00\u5b50\u7f51\u5728\u7ed1\u5b9a\u591a\u4e2aRouter\u540e\uff0c\u7531\u4e8e\u7aef\u53e3\u6620\u5c04\u521b\u5efa\u7684\u903b\u8f91\uff0cNAT\u4f1a\u53d1\u751f\u5728\u5b50\u7f51\u7f51\u5173\u5730\u5740\u6240\u5728\u7684Router\u7684\u7f51\u7edc\u547d\u540d\u7a7a\u95f4\u4e2d\uff08\u7279\u5b9a\u7684\u7f51\u7edc\u8282\u70b9\uff09\uff0c\u4e0d\u4f1a\u5206\u6563\u5728\u5404\u4e2aRouter\u7684\u7f51\u7edc\u547d\u540d\u7a7a\u95f4\u4e2d\uff08\u6bcf\u4e2a\u7f51\u7edc\u8282\u70b9\uff09\u3002\u8fd9\u6837\u5728\u7aef\u53e3\u6620\u5c04\u65f6\uff0c\u4f1a\u589e\u52a0\u7f51\u7edc\u8282\u70b9\u7684\u538b\u529b\u3002 \u5b9e\u73b0\u65b9\u5f0f\u548c\u57fa\u4e8e\u6d6e\u52a8IP\u7684\u7aef\u53e3\u6620\u5c04\u7c7b\u4f3c\uff0c\u4e0e\u4e4b\u4e0d\u540c\u7684\u662fExternal Gateway\u4e0d\u9700\u8981\u9009\u62e9Router\uff0c\u56e0\u4e3aExternal Gateway\u672c\u6765\u548cRouter\u5c31\u662f\u76f8\u5173\u8054\u7684\u3002\u57fa\u4e8e\u6d6e\u52a8IP\u7684\u7aef\u53e3\u6620\u5c04\u5728\u9009\u62e9Router\u65f6\uff0c\u9009\u62e9\u7684\u662f\u5b50\u7f51\u7684\u7f51\u5173\u5730\u5740\u6240\u5728\u7684Router\u3002 \u6700\u540e\uff0c\u5728\u5b9e\u73b0\u4e0a\u9762\u4e09\u4e2a\u90e8\u5206\u540e\uff0c\u7528\u6237\u5b9e\u73b0\u6d41\u91cf\u5206\u6563\u7684\u6b65\u9aa4\u5982\u4e0b\u3002 \u7528\u6237\u4fee\u6539neutron-dhcp-agent\u7684\u914d\u7f6e\u6587\u4ef6\uff0c\u4fee\u6539\u8ba1\u7b97\u8282\u70b9\u548c\u7f51\u7edc\u8282\u70b9\u7684\u6620\u5c04\u5173\u7cfb\u3002\u4f8b\u5982\u4e09\u4e2a\u7f51\u7edc\u8282\u70b9\u3001\u4e09\u4e2a\u8ba1\u7b97\u8282\u70b9\uff0c\u914d\u7f6ecompute-1\u8d70network-1\u8282\u70b9\uff0ccompute-2\u548ccompute-3\u8d70network-2\u8282\u70b9\u3002 \u5229\u7528neutron\u7684API\u521b\u5efa\u591a\u4e2aRouter\u5e76\u6307\u5b9a\u7f51\u7edc\u8282\u70b9\uff0c\u5e76\u5c06Router\u7ed1\u5b9a\u5230\u540c\u4e00\u5b50\u7f51\u3002 \u5229\u7528\u5b50\u7f51\u7f51\u7edc\u521b\u5efa\u591a\u4e2a\u865a\u62df\u673a\u5b9e\u4f8b\u3002 \u865a\u62df\u673a\u5b9e\u4f8b\u7684\u7f51\u7edc\u6d41\u91cf\u7684\u6d41\u5411\u5982\u4e0b\u56fe\u6240\u793a\u3002 \u53ef\u4ee5\u770b\u5230\uff0cVM-1\u8bbf\u95ee\u5916\u90e8\u7f51\u7edc\u7ecf\u8fc7\u7684\u662fnetwork-1\u8282\u70b9\uff0cVM-2\u548cVM-3\u8bbf\u95ee\u5916\u90e8\u7f51\u7edc\u7ecf\u8fc7\u7684\u662fnetwork-2\u8282\u70b9\u3002\u540c\u65f6VM-1\u3001VM-2\u548cVM-3\u53c8\u662f\u5728\u540c\u4e00\u4e2a\u5b50\u7f51\u4e0b\uff0c\u53ef\u4ee5\u4e92\u76f8\u8bbf\u95ee\u3002","title":"\u89e3\u51b3Router Gateway\u7aef\u53e3\u8f6c\u53d1\u7684\u95ee\u9898"},{"location":"spec/distributed-traffic/#api","text":"","title":"API"},{"location":"spec/distributed-traffic/#_7","text":"GET /v2.0/routers/{router_id}/gateway_port_forwardings Response { \"gateway_port_forwardings\": [ { \"id\": \"67a70b09-f9e7-441e-bd49-7177fe70bb47\", \"external_port\": 34203, \"protocol\": \"tcp\", \"internal_port_id\": \"b671c61a-95c3-49cd-89f2-b7e817d1f486\", \"internal_ip_address\": \"172.16.0.196\", \"internal_port\": 518, \"gw_ip_address\": \"192.168.57.234\" } ] }","title":"\u67e5\u770b\u8def\u7531\u5668\u7f51\u5173\u7aef\u53e3\u8f6c\u53d1\u5217\u8868"},{"location":"spec/distributed-traffic/#_8","text":"GET /v2.0/routers/{router_id}/gateway_port_forwardings/{port_forwarding_id} Response { \"gateway_port_forwarding\": { \"id\": \"67a70b09-f9e7-441e-bd49-7177fe70bb47\", \"external_port\": 34203, \"protocol\": \"tcp\", \"internal_port_id\": \"b671c61a-95c3-49cd-89f2-b7e817d1f486\", \"internal_ip_address\": \"172.16.0.196\", \"internal_port\": 518, \"gw_ip_address\": \"192.168.57.234\" } }","title":"\u67e5\u770b\u8def\u7531\u5668\u7f51\u5173\u7aef\u53e3\u8f6c\u53d1"},{"location":"spec/distributed-traffic/#_9","text":"POST /v2.0/routers/{router_id}/gateway_port_forwardings Request Body { \"gateway_port_forwarding\": { \"external_port\": int, \"internal_port\": int, \"internal_ip_address\": \"string\", \"protocol\": \"tcp\", \"internal_port_id\": \"string\" } } Response { \"gateway_port_forwarding\": { \"id\": \"da554833-b756-4626-9900-6256c361f94b\", \"external_port\": 14122, \"protocol\": \"tcp\", \"internal_port_id\": \"b671c61a-95c3-49cd-89f2-b7e817d1f486\", \"internal_ip_address\": \"172.16.0.196\", \"internal_port\": 3634, \"gw_ip_address\": \"192.168.57.234\" } }","title":"\u521b\u5efa\u8def\u7531\u5668\u7f51\u5173\u7aef\u53e3\u8f6c\u53d1"},{"location":"spec/distributed-traffic/#_10","text":"PUT /v2.0/routers/{router_id}/gateway_port_forwardings/{port_forwarding_id} Request Body { \"gateway_port_forwarding\": { \"external_port\": int, \"internal_port\": int, \"internal_ip_address\": \"string\", \"protocol\": \"tcp\", \"internal_port_id\": \"string\" } } Response { \"gateway_port_forwarding\": { \"id\": \"da554833-b756-4626-9900-6256c361f94b\", \"external_port\": 14122, \"protocol\": \"tcp\", \"internal_port_id\": \"b671c61a-95c3-49cd-89f2-b7e817d1f486\", \"internal_ip_address\": \"172.16.0.196\", \"internal_port\": 3634, \"gw_ip_address\": \"192.168.57.234\" } }","title":"\u66f4\u65b0\u8def\u7531\u5668\u7f51\u5173\u7aef\u53e3\u8f6c\u53d1"},{"location":"spec/distributed-traffic/#_11","text":"DELETE /v2.0/routers/{router_id}/gateway_port_forwardings/{port_forwarding_id}","title":"\u5220\u9664\u8def\u7531\u5668\u7f51\u5173\u7aef\u53e3\u8f6c\u53d1"},{"location":"spec/distributed-traffic/#_12","text":"POST /v2.0/routers Request Body { \"router\": { \"name\": \"string\", \"admin_state_up\": true, \"configurations\": { \"preferred_agent\": \"string\", \"master_agent\": \"string\", \"slave_agents\": [ \"string\" ] } } }","title":"\u65b0\u5efa\u8def\u7531\u5668"},{"location":"spec/distributed-traffic/#_13","text":"PUT /v2.0/routers/{router_id} Request Body { \"router\": { \"name\": \"string\", \"admin_state_up\": true, \"configurations\": { \"preferred_agent\": \"string\", \"master_agent\": \"control01\", \"slave_agents\": [ \"control01\" ] } } }","title":"\u66f4\u65b0\u8def\u7531\u5668"},{"location":"spec/distributed-traffic/#_14","text":"2023-07-28\u52302023-08-30 \u5b8c\u6210\u5f00\u53d1 2023-09-01\u52302023-11-15 \u6d4b\u8bd5\u3001\u95ee\u9898\u4fee\u590d 2023-11-30\u5f15\u5165openEuler 20.03 LTS SP4\u7248\u672c 2023-12-30\u5f15\u5165openEuler 22.03 LTS SP3\u7248\u672c","title":"\u5f00\u53d1\u8282\u594f"},{"location":"spec/openkite/","text":"1\u3001\u524d\u5e8f \u00b6 1.1\u3001 \u8f6f\u4ef6\u8bb8\u53ef\u534f\u8bae \u00b6 \u672c\u8f6f\u4ef6\u57fa\u4e8eLGPL V3\u534f\u8bae\uff0c\u8bf7\u7528\u6237\u548c\u5f00\u53d1\u8005\u6ce8\u610fLGPL\u534f\u8bae\u7684\u8981\u6c42\uff0c\u5176\u4e2d\u6700\u91cd\u8981\u7684\u4e00\u70b9\u662f \u4e0d\u5141\u8bb8fork\u9879\u76ee\u95ed\u6e90 \u3002 1.2\u3001 \u8f6f\u4ef6\u7528\u9014 \u00b6 1.3\u3001 \u5f00\u53d1\u4eba\u5458\u540d\u5355 \u00b6 1.4\u3001 \u751f\u547d\u5f00\u53d1\u5468\u671f \u00b6 1.5\u3001 \u529f\u80fd\u5f00\u53d1\u987a\u5e8f \u00b6 2\u3001\u5f00\u53d1\u89c4\u8303\u7ea6\u5b9a \u00b6 2.1\u3001 \u7a97\u4f53\u63a7\u4ef6\u547d\u540d\u89c4\u8303 \u00b6 \u63a7\u4ef6\u539f\u540d\u79f0_\u7a97\u4f53_\u63a7\u4ef6\u540d\u79f0\u7ec4\u5408\u4f53\u9996\u5b57\u6bcd\u5927\u5199 \u793a\u4f8b\uff1a \u6309\u94ae\u539f\u540d\u79f0\uff1apushButton \u4e3b\u7a97\u4f53 \u83dc\u5355\u6309\u94ae \u547d\u540d\u89c4\u8303\uff1apushButton_MainWindow_Menu \u6309\u94ae\u539f\u540d\u79f0\uff1atoolButton \u4e3b\u7a97\u4f53 \u4e0a\u4f20\u6309\u94ae \u547d\u540d\u89c4\u8303\uff1atoolButton_MainWindow_UpLoad 2.2\u3001 \u540e\u53f0\u529f\u80fd\u5b9e\u73b0\u547d\u540d\u89c4\u8303 \u00b6 \u53d8\u91cf\u3001\u5e38\u91cf\u3001\u51fd\u6570\u3001\u7c7b\u3001\u5bb9\u5668\u7b49 2.3\u3001 \u8f6f\u4ef6\u5305\u6587\u4ef6\u540d\u547d\u540d\u89c4\u8303 \u00b6 2.4\u3001 \u6587\u4ef6\u547d\u540d\u89c4\u8303 \u00b6 2.5\u3001 \u6807\u6ce8 \u00b6 \u5220\u9664\u3001\u79fb\u52a8\u3001\u6539\u540d\u3001\u6743\u9650\u8bbe\u7f6e 3\u3001\u7a97\u53e3\u4e3b\u4f53\u63a7\u4ef6\u540d\u79f0\u3001\u5c3a\u5bf8\u3001\u7528\u9014 \u00b6 3.1\u3001\u83dc\u5355\u529f\u80fd\u5927\u7c7b \u00b6 PushButton\u63a7\u4ef6\u7528\u4e8e\u83dc\u5355\u5927\u7c7b\u8c03\u7528\u7a97\u53e3 \u63a7\u4ef6\u5c3a\u5bf8\uff1a \u56fa\u5b9a\u5c3a\u5bf8 80*25 \u63a7\u4ef6\u4e2d\u6587\u540d \u63a7\u4ef6\u79cd\u7c7b \u63a7\u4ef6\u540d \u7528\u9014 \u83dc\u5355 PushButton pushButton_MainWindow_Menu \u8c03\u51fa\u83dc\u5355\u7a97\u53e3 \u5e2e\u52a9 PushButton pushButton_MainWindow_Help \u8c03\u51fa\u5e2e\u52a9\u7a97\u53e3 \u5de5\u5177 PushButton pushButton_MainWindow_Tool \u8c03\u51fa\u5de5\u5177\u7a97\u53e3 \u62a5\u9519\u5206\u6790 PushButton pushButton_MainWindow_ErrorAnalysis \u8c03\u51fa\u62a5\u9519\u5206\u6790\u7a97\u53e3 \u76d1\u63a7 PushButton pushButton_MainWindow_Monitor \u8c03\u51fa\u76d1\u63a7\u7a97\u53e3 \u8fd0\u7ef4\u65e5\u5fd7 PushButton pushButton_MainWindow_OperationLog \u8c03\u51fa\u8fd0\u7ef4\u65e5\u5fd7\u7a97\u53e3 3.1.1\u3001\u83dc\u5355\u5b50\u7c7b \u00b6 \u8bbe\u7f6e \u8f6f\u4ef6\u4e3b\u9898 3.1.2\u3001\u5e2e\u52a9\u7c7b \u00b6 \u793e\u533a \u7248\u672c\u66f4\u65b0 \u4f7f\u7528\u624b\u518c 3.1.3\u3001\u5de5\u5177\u7c7b \u00b6 \u63d2\u4ef6\u4ed3\u5e93 img\u955c\u50cf\u5de5\u5177 MD5\u6821\u9a8c\u5de5\u5177 OpenStack\u6a21\u5757\u529f\u80fd\u6d4b\u8bd5 \u538b\u529b\u6d4b\u8bd5 3.1.4\u3001\u62a5\u9519\u5206\u6790\u7c7b \u00b6 \u7cfb\u7edf\u62a5\u9519\uff08\u8282\u70b9\u62a5\u9519\u5206\u6790\uff09 OpenStack\u62a5\u9519 K8S\u62a5\u9519 3.1.5\u3001\u76d1\u63a7\u7c7b \u00b6 OPS\u76d1\u63a7\u72b6\u6001\u4e0e\u6027\u80fd\u4f7f\u7528\u5206\u6790 K8S\u76d1\u63a7\u72b6\u6001\u4e0e\u6027\u80fd\u4f7f\u7528\u5206\u6790 3.1.6\u3001\u8fd0\u7ef4\u65e5\u5fd7\u7c7b \u00b6 \u67e5\u770b\u5386\u53f2\u8fd0\u7ef4\u65e5\u5fd7 \u65e5\u5fd7\u5bfc\u51fa 3.2\u3001\u6570\u636e\u53ef\u89c6\u5316\u7c7b \u00b6 3.2.1\u3001\u8ba1\u7b97\u673a\u786c\u4ef6\u4fe1\u606f\u7c7b \u00b6 ProgressBar\u63a7\u4ef6\u663e\u793a\u8ba1\u7b97\u673a\u786c\u4ef6\u6027\u80fd\u5360\u7528\u6bd4 \u63a7\u4ef6\u5c3a\u5bf8\uff1a \u6700\u5c0f\u5c3a\u5bf8 116*27 \u9ad8\u5ea6\u5c3a\u5bf8\u56fa\u5b9a \u63a7\u4ef6\u4e2d\u6587\u540d \u63a7\u4ef6\u79cd\u7c7b \u63a7\u4ef6\u540d \u7528\u9014 \u672c\u673aCPU ProgressBar progressBar_MainWindow_LocalCPU \u663e\u793a\u672c\u5730CPU\u4f7f\u7528\u7387 \u76ee\u6807CPU ProgressBar progressBar_MainWindow_TargetCPU \u663e\u793a\u76ee\u6807CPU\u4f7f\u7528\u7387 \u672c\u673aRAM ProgressBar progressBar_MainWindow_LocalRAM \u663e\u793a\u672c\u673aRAM\u4f7f\u7528\u7387 \u76ee\u6807RAM ProgressBar progressBar_MainWindow_TargetRAM \u663e\u793a\u76ee\u6807RAM\u4f7f\u7528\u7387 \u672c\u673a\u7f51\u7edc ProgressBar progressBar_MainWindow_LocalNetwork \u663e\u793a\u672c\u673a\u7f51\u7edc\u5e26\u5bbd\u4f7f\u7528\u7387 \u76ee\u6807\u7f51\u7edc ProgressBar progressBar_MainWindow_TargetNetwork \u663e\u793a\u76ee\u6807\u7f51\u7edc\u5e26\u5bbd\u4f7f\u7528\u7387 \u672c\u673a\u78c1\u76d8 ProgressBar progressBar_MainWindow_LocalDisk \u663e\u793a\u672c\u673a\u78c1\u76d8IO\u4f7f\u7528\u7387 \u76ee\u6807\u78c1\u76d8 ProgressBar progressBar_MainWindow_TargetDisk \u663e\u793a\u76ee\u6807\u78c1\u76d8IO\u4f7f\u7528\u7387 3.2.2\u3001\u8ba1\u7b97\u673a\u8f6f\u4ef6\u4fe1\u606f\u7c7b \u00b6 Label\u63a7\u4ef6\u663e\u793a\u7cfb\u7edfIP\u4e0eDNS \u63a7\u4ef6\u5c3a\u5bf8\uff1a \u56fa\u5b9a\u5c3a\u5bf8 110*27 \u63a7\u4ef6\u4e2d\u6587\u540d \u63a7\u4ef6\u79cd\u7c7b \u63a7\u4ef6\u540d \u7528\u9014 \u672c\u673aIP Label label_MainWindow_LocalIP \u663e\u793a\u672c\u673aIP \u76ee\u6807IP Label label_MainWindow_TargetIP \u663e\u793a\u76ee\u6807IP \u672c\u673aDNS Label label_MainWindow_LocalNDS \u663e\u793a\u672c\u673aDNS \u76ee\u6807DNS Label label_MainWindow_TargetNDS \u663e\u793a\u76ee\u6807DNS ListWidget\u63a7\u4ef6\u663e\u793a\u7cfb\u7edf\u5fc5\u8981\u4fe1\u606f\u9879\u8bf4\u660e \u63a7\u4ef6\u5c3a\u5bf8\uff1a \u56fa\u5b9a\u5c3a\u5bf8 200*111 \u63a7\u4ef6\u4e2d\u6587\u540d \u63a7\u4ef6\u79cd\u7c7b \u63a7\u4ef6\u540d \u7528\u9014 \u7cfb\u7edf\u4fe1\u606f\u663e\u793a ListWidgets listWidget_MainWidow_SystemShow \u663e\u793a\u7cfb\u7edf\u5fc5\u8981\u4fe1\u606f \u7cfb\u7edf\u5fc5\u8981\u4fe1\u606f\u663e\u793a\u6240\u7528\u53d8\u91cf\u7684API\u63a5\u53e3 \u4e2d\u6587\u540d \u53d8\u91cf\u7c7b\u578b \u53d8\u91cf\u540d \u7528\u9014 \u53d1\u884c\u7248 QStringList systemNameShow linux\u53d1\u884c\u7248\u540d\u79f0 \u7248\u672c\u53f7 QStringList systemVersion linux\u53d1\u884c\u7248\u7248\u672c\u53f7 \u5185\u6838\u53f7 QStringList systemKernel linux\u53d1\u884c\u7248\u5185\u6838\u7248\u672c \u7ba1\u7406\u6743\u9650 QStringList systemAdminPower \u5f53\u524d\u8d26\u53f7\u64cd\u4f5c\u6743\u9650 \u670d\u52a1\u540d\u79f0 QStringList systemServiceName \u5f53\u524d\u8fd0\u7ef4\u8f6f\u4ef6\u670d\u52a1\u540d\u79f0 \u670d\u52a1\u7248\u672c QStringList systemServicVersion \u5f53\u524d\u8fd0\u7ef4\u8f6f\u4ef6\u7248\u672c Label\u4e0eProgressBar\u63a7\u4ef6\u663e\u793a\u5f53\u524d\u8fd0\u884c\u547d\u4ee4\u53ca\u8fdb\u5ea6 \u63a7\u4ef6\u5c3a\u5bf8\uff1a \u5f53\u524d\u8fd0\u884c\u547d\u4ee4\u63a7\u4ef6\u5c3a\u5bf8\uff1a \u6700\u5c0f\u5c3a\u5bf8\uff1a500*31 \u9ad8\u5ea6\u5c3a\u5bf8\u56fa\u5b9a \u5f53\u524d\u547d\u4ee4\u8fdb\u5ea6\u63a7\u4ef6\u5c3a\u5bf8\uff1a \u6700\u5c0f\u5c3a\u5bf8\uff1a171*31 \u9ad8\u5ea6\u5c3a\u5bf8\u56fa\u5b9a \u4e2d\u6587\u540d \u63a7\u4ef6\u79cd\u7c7b \u63a7\u4ef6\u540d \u7528\u9014 \u5f53\u524d\u8fd0\u884c\u547d\u4ee4 Label label_MainWindow_ShowCurrentCommand \u663e\u793a\u5f53\u524d\u96c6\u7fa4\u6216\u8282\u70b9\u6b63\u5728\u8fd0\u884c\u7684\u547d\u4ee4 \u5f53\u524d\u547d\u4ee4\u8fdb\u5ea6 ProgressBar progressBar_MainWindow_ShowCommandProgress \u663e\u793a\u5f53\u524d\u96c6\u7fa4\u6216\u8282\u70b9\u6b63\u5728\u8fd0\u884c\u7684\u547d\u4ee4\u7684\u8fdb\u5ea6 3.3\u3001\u6dfb\u52a0\u96c6\u7fa4\u7c7b \u00b6 3.3.1\u3001 \u96c6\u7fa4\u6dfb\u52a0\u7c7b \u00b6 ToolButton\u63a7\u4ef6\u6dfb\u52a0\u96c6\u7fa4\u8282\u70b9\u4fe1\u606f \u63a7\u4ef6\u5c3a\u5bf8\uff1a \u56fa\u5b9a\u5c3a\u5bf8\uff1a300*31 \u4e2d\u6587\u540d \u63a7\u4ef6\u7c7b\u578b \u63a7\u4ef6\u540d \u7528\u9014 \u6dfb\u52a0\u96c6\u7fa4/\u8282\u70b9 ToolButton toolButton_MainWindow_AddNode \u5f39\u51fa\u7a97\u53e3\u6dfb\u52a0\u96c6\u7fa4\u6216\u8282\u70b9 \u5355\u8282\u70b9\u6dfb\u52a0 \u6279\u91cf\u8282\u70b9\u6dfb\u52a0 \u96c6\u7fa4\u6dfb\u52a0 3.3.2\u3001\u96c6\u7fa4\u663e\u793a\u7c7b \u00b6 TreeWidget\u63a7\u4ef6\u663e\u793a\u96c6\u7fa4\u4fe1\u606f \u63a7\u4ef6\u5c3a\u5bf8\uff1a \u6700\u5c0f\u5c3a\u5bf8\uff1a200*438 \u5bbd\u5ea6\u5c3a\u5bf8\u56fa\u5b9a \u4e2d\u6587\u540d \u63a7\u4ef6\u7c7b\u578b \u63a7\u4ef6\u540d \u7528\u9014 \u8282\u70b9\u4fe1\u606f TreeWidget treeWidget_MainWindow_ShowNode \u7528\u4e8e\u663e\u793a\u96c6\u7fa4\u4e0e\u8282\u70b9\u4fe1\u606f\u6216\u70b9\u51fb\u4fe1\u606f\u540e\u521b\u5efaSSH\u8fdc\u7a0b\u7a97\u53e3\u754c\u9762 \u96c6\u7fa4\u540d\u79f0 \u8282\u70b9\u540d\u79f0 \u8282\u70b9IP\u5730\u5740 3.4\u3001\u811a\u672c\u4e0e\u90e8\u7f72\u7c7b \u00b6 TerrWidget\u63a7\u4ef6\u5f39\u7a97 \u63a7\u4ef6\u5c3a\u5bf8\uff1a \u4e0a\u4f20\u3001\u811a\u672c\u6309\u94ae\u56fa\u5b9a\u5c3a\u5bf8\uff1a63*31 \u90e8\u7f72\u6309\u94ae\u56fa\u5b9a\u5c3a\u5bf8\uff1a65*31 \u4e2d\u6587\u540d \u63a7\u4ef6\u7c7b\u578b \u63a7\u4ef6\u540d \u7528\u9014 \u4e0a\u4f20 terrWidget toolButton_MainWindow_UpLoad \u5f39\u51fa\u4e0a\u4f20\u7a97\u4f53:load.ui \u811a\u672c terrWidget toolButton_MainWindow_Shell \u5f39\u51fa\u811a\u672c\u7a97\u4f53:shell.ui \u90e8\u7f72 terrWidget toolButton_MainWindow_Deploy \u5f39\u51fa\u90e8\u7f72\u7a97\u4f53:deploy.ui 3.4.1\u3001\u4e0a\u4f20\u4e0e\u4e0b\u8f7d\u529f\u80fd\u7c7b \u00b6 \u811a\u672c\u7f16\u8bd1\u5668 yaml\u7f16\u8bd1\u5668 \u811a\u672c\u7f16\u8bd1\u5668 \u52a0\u8f7d\u672c\u5730\u7b56\u7565 \u52a0\u8f7d\u96c6\u7fa4\u914d\u7f6e\u7b56\u7565 \u52a0\u8f7d\u8282\u70b9\u914d\u7f6e\u7b56\u7565 \u4e0a\u4f20\u6587\u4ef6\u5230\u76ee\u6807\u8ba1\u7b97\u673a \u5355\u8282\u70b9 \u591a\u8282\u70b9 \u4e0b\u8f7d\u6587\u4ef6\u5230\u672c\u5730\u8ba1\u7b97\u673a \u5355\u8282\u70b9 \u591a\u8282\u70b9 \u76ee\u6807\u8ba1\u7b97\u673a\u6587\u4ef6\u4e92\u4f20 \u70b9\u5bf9\u70b9\u4e92\u4f20 \u70b9\u5bf9\u591a\u4e92\u4f20 3.4.2\u3001\u811a\u672c\u7c7b \u00b6 \u7f16\u8f91 \u7f16\u8f91\u5b50\u6a21\u5757\u811a\u672c \u7f16\u8f91\u96c6\u7fa4\u6a21\u5757\u811a\u672c \u67e5\u770b \u67e5\u770b\u5b50\u6a21\u5757\u811a\u672c \u67e5\u770b\u96c6\u7fa4\u6a21\u5757\u811a\u672c \u5bfc\u51fa \u5bfc\u51fa\u5b50\u6a21\u5757\u811a\u672c \u5bfc\u51fa\u96c6\u7fa4\u6a21\u5757\u811a\u672c \u5bfc\u51fa\u6240\u6709\u811a\u672c 3.4.3\u3001\u90e8\u7f72\u7c7b \u00b6 \u90e8\u7f72 \u53ef\u6279\u91cf\u9009\u62e9\u8282\u70b9\u90e8\u7f72\u4e0d\u540c\u529f\u80fd\u811a\u672c \u53ef\u96c6\u7fa4\u90e8\u7f72\u4e0d\u540c\u8282\u70b9\u4e0d\u540c\u529f\u80fd\u811a\u672c \u53ef\u5355\u8282\u70b9\u90e8\u7f72\u4e0d\u540c\u529f\u80fd\u811a\u672c \u7ec8\u6b62 \u53ef\u6279\u91cf\u591a\u8282\u70b9\u3001\u5355\u8282\u70b9\u3001\u96c6\u7fa4\u7ec8\u6b62\u5f53\u524d\u90e8\u7f72 3.5\u3001\u529f\u80fd\u63d2\u4ef6\u7c7b \u00b6 3.5.1\u3001\u57fa\u7840\u8fd0\u7ef4\u7c7b \u00b6 \u4fee\u6539\u670d\u52a1\u5668\u8ba1\u7b97\u673a\u540d \u4fee\u6539\u670d\u52a1\u5668\u7528\u6237\u540d \u4fee\u6539\u670d\u52a1\u5668\u5bc6\u7801 \u4fee\u6539\u9632\u706b\u5899\u914d\u7f6e \u4fee\u6539host \u4fee\u6539DNS \u4fee\u6539\u7f51\u5173 \u4fee\u6539IP \u90e8\u7f72\u65f6\u95f4\u670d\u52a1 \u90e8\u7f72DNS\u670d\u52a1 3.5.2\u3001\u5176\u4ed6\u529f\u80fd\u63d2\u4ef6\u7c7b \u00b6 OpenStack\u63d2\u4ef6\u7c7b K8S\u63d2\u4ef6\u7c7b Ceph\u63d2\u4ef6\u7c7b 3.6\u3001ssh\u8fdc\u7a0b\u663e\u793a\u7c7b \u00b6 \u53ef\u590d\u5236\u7c98\u8d34\u547d\u4ee4\uff0c\u4e2d\u6587\u663e\u793a\u7efc\u5408\u7aef\u53e3 3.6.1\u3001\u96c6\u7fa4SSH\u8fdc\u7a0b\u663e\u793a\u7c7b \u00b6 \u7efc\u5408\u7aef\u53e3\u663e\u793a\uff0c\u70b9\u5bf9\u591assh\u8fdc\u7a0b 3.6.2\u3001\u5355\u8282\u70b9SSH\u8fdc\u7a0b\u663e\u793a\u7c7b \u00b6 \u70b9\u5bf9\u70b9ssh\u8fdc\u7a0b 4\u3001\u7a97\u53e3\u4e3b\u4f53\u529f\u80fd\u63d2\u4ef6\u6dfb\u52a0\u65b9\u5f0f\u3001\u89c4\u8303\u3001API\u4e0e\u529f\u80fd\u6ce8\u91ca \u00b6 4.1\u3001\u5de5\u5177\u7c7b \u00b6 \u5f00\u53d1\u89c4\u8303\uff1a API\u63a5\u53e3\uff1a \u529f\u80fd\u6ce8\u91ca\uff1a \u9762\u677f\u6dfb\u52a0\u65b9\u5f0f\uff1a \u540e\u53f0\u529f\u80fd\u6a21\u5757\u6dfb\u52a0\u65b9\u5f0f\uff1a \u6587\u4ef6\u5939\u4f4d\u7f6e\uff1a 4.2\u3001\u529f\u80fd\u63d2\u4ef6\u7c7b \u00b6 \u5f00\u53d1\u89c4\u8303\uff1a API\u63a5\u53e3\uff1a \u529f\u80fd\u6ce8\u91ca\uff1a \u9762\u677f\u6dfb\u52a0\u65b9\u5f0f\uff1a \u540e\u53f0\u529f\u80fd\u6a21\u5757\u6dfb\u52a0\u65b9\u5f0f\uff1a \u6587\u4ef6\u5939\u4f4d\u7f6e\uff1a 5\u3001\u540e\u53f0API\u8c03\u7528\u3001\u89c4\u8303\u4e0e\u4f7f\u7528\u8bf4\u660e \u00b6 5.1\u3001\u8ba1\u7b97\u673a\u786c\u4ef6 \u00b6 5.1.1\u3001CPU \u00b6 5.1.2\u3001RAM \u00b6 5.2\u3001\u8ba1\u7b97\u673a\u8f6f\u4ef6 \u00b6 5.2.1\u3001\u672c\u5730\u8f6f\u4ef6\u5305 \u00b6 5.2.2\u3001\u6e90\u8f6f\u4ef6\u5305 \u00b6 6\u3001\u5f00\u53d1\u601d\u8def\u5907\u6ce8 \u00b6 \u5728\u5404\u79cd\u64cd\u4f5c\u524d\u8fdb\u884c\u5224\u65ad\u672c\u5730\u7f51\u7edc\u4e0e\u76ee\u6807\u7f51\u7edc\u662f\u5426\u8fde\u540c \u5728\u76ee\u6807\u7f51\u7edc\u65e0\u6cd5\u8fde\u901a\u65f6\u63d0\u793a\uff1a\u76ee\u6807IP\u7f51\u7edc\u4e0d\u901a \u5728\u96c6\u7fa4\u8282\u70b9\u90fd\u65e0\u6cd5\u8054\u901a\u65f6\uff0c\u96c6\u7fa4\u8282\u70b9\u5b57\u4f53\u7070\u8272 \u5728\u96c6\u7fa4\u64cd\u4f5c\u6216\u591a\u8282\u70b9\u64cd\u4f5c\u65f6\u63d0\u793a\u65e0\u6cd5\u8fde\u63a5\u7684\u76ee\u6807\u4fe1\u606f\uff0c\u5e76\u63d0\u793a\u786e\u5b9e\u662f\u5426\u7ee7\u7eed\uff0c\u5982\u7ee7\u7eed\u5219\u5c4f\u853d\u65e0\u6cd5\u8fde\u63a5\u7684\u8282\u70b9\u53bb\u8fdb\u884c\u6279\u91cf\u90e8\u7f72 \u754c\u9762\u4fe1\u606f\u5237\u65b0\u9891\u7387 \u8f6f\u786c\u4ef6\u4fe1\u606f\u5237\u65b0\u9891\u7387 cpu\u3001\u5185\u5b58\u7b49\u5360\u6bd4\u663e\u793a\u4fe1\u606f\u7684\u5237\u65b0\u9891\u7387\u4e3a0.5s ssh\u754c\u9762\u5237\u5c4f\u9891\u7387\u4e3a\u5b9e\u65f6\u5237\u65b0 \u96c6\u7fa4\u663e\u793a\u4fe1\u606f\u4e3a\u5b9e\u65f6\u5237\u65b0 \u7cfb\u7edf\u5fc5\u8981\u4fe1\u606f\u663e\u793a\u533a\u57df\u4e3a\u5b9e\u65f6\u5237\u65b0","title":"1\u3001\u524d\u5e8f"},{"location":"spec/openkite/#1","text":"","title":"1\u3001\u524d\u5e8f"},{"location":"spec/openkite/#11","text":"\u672c\u8f6f\u4ef6\u57fa\u4e8eLGPL V3\u534f\u8bae\uff0c\u8bf7\u7528\u6237\u548c\u5f00\u53d1\u8005\u6ce8\u610fLGPL\u534f\u8bae\u7684\u8981\u6c42\uff0c\u5176\u4e2d\u6700\u91cd\u8981\u7684\u4e00\u70b9\u662f \u4e0d\u5141\u8bb8fork\u9879\u76ee\u95ed\u6e90 \u3002","title":"1.1\u3001 \u8f6f\u4ef6\u8bb8\u53ef\u534f\u8bae"},{"location":"spec/openkite/#12","text":"","title":"1.2\u3001 \u8f6f\u4ef6\u7528\u9014"},{"location":"spec/openkite/#13","text":"","title":"1.3\u3001 \u5f00\u53d1\u4eba\u5458\u540d\u5355"},{"location":"spec/openkite/#14","text":"","title":"1.4\u3001 \u751f\u547d\u5f00\u53d1\u5468\u671f"},{"location":"spec/openkite/#15","text":"","title":"1.5\u3001 \u529f\u80fd\u5f00\u53d1\u987a\u5e8f"},{"location":"spec/openkite/#2","text":"","title":"2\u3001\u5f00\u53d1\u89c4\u8303\u7ea6\u5b9a"},{"location":"spec/openkite/#21","text":"\u63a7\u4ef6\u539f\u540d\u79f0_\u7a97\u4f53_\u63a7\u4ef6\u540d\u79f0\u7ec4\u5408\u4f53\u9996\u5b57\u6bcd\u5927\u5199 \u793a\u4f8b\uff1a \u6309\u94ae\u539f\u540d\u79f0\uff1apushButton \u4e3b\u7a97\u4f53 \u83dc\u5355\u6309\u94ae \u547d\u540d\u89c4\u8303\uff1apushButton_MainWindow_Menu \u6309\u94ae\u539f\u540d\u79f0\uff1atoolButton \u4e3b\u7a97\u4f53 \u4e0a\u4f20\u6309\u94ae \u547d\u540d\u89c4\u8303\uff1atoolButton_MainWindow_UpLoad","title":"2.1\u3001 \u7a97\u4f53\u63a7\u4ef6\u547d\u540d\u89c4\u8303"},{"location":"spec/openkite/#22","text":"\u53d8\u91cf\u3001\u5e38\u91cf\u3001\u51fd\u6570\u3001\u7c7b\u3001\u5bb9\u5668\u7b49","title":"2.2\u3001 \u540e\u53f0\u529f\u80fd\u5b9e\u73b0\u547d\u540d\u89c4\u8303"},{"location":"spec/openkite/#23","text":"","title":"2.3\u3001 \u8f6f\u4ef6\u5305\u6587\u4ef6\u540d\u547d\u540d\u89c4\u8303"},{"location":"spec/openkite/#24","text":"","title":"2.4\u3001 \u6587\u4ef6\u547d\u540d\u89c4\u8303"},{"location":"spec/openkite/#25","text":"\u5220\u9664\u3001\u79fb\u52a8\u3001\u6539\u540d\u3001\u6743\u9650\u8bbe\u7f6e","title":"2.5\u3001 \u6807\u6ce8"},{"location":"spec/openkite/#3","text":"","title":"3\u3001\u7a97\u53e3\u4e3b\u4f53\u63a7\u4ef6\u540d\u79f0\u3001\u5c3a\u5bf8\u3001\u7528\u9014"},{"location":"spec/openkite/#31","text":"PushButton\u63a7\u4ef6\u7528\u4e8e\u83dc\u5355\u5927\u7c7b\u8c03\u7528\u7a97\u53e3 \u63a7\u4ef6\u5c3a\u5bf8\uff1a \u56fa\u5b9a\u5c3a\u5bf8 80*25 \u63a7\u4ef6\u4e2d\u6587\u540d \u63a7\u4ef6\u79cd\u7c7b \u63a7\u4ef6\u540d \u7528\u9014 \u83dc\u5355 PushButton pushButton_MainWindow_Menu \u8c03\u51fa\u83dc\u5355\u7a97\u53e3 \u5e2e\u52a9 PushButton pushButton_MainWindow_Help \u8c03\u51fa\u5e2e\u52a9\u7a97\u53e3 \u5de5\u5177 PushButton pushButton_MainWindow_Tool \u8c03\u51fa\u5de5\u5177\u7a97\u53e3 \u62a5\u9519\u5206\u6790 PushButton pushButton_MainWindow_ErrorAnalysis \u8c03\u51fa\u62a5\u9519\u5206\u6790\u7a97\u53e3 \u76d1\u63a7 PushButton pushButton_MainWindow_Monitor \u8c03\u51fa\u76d1\u63a7\u7a97\u53e3 \u8fd0\u7ef4\u65e5\u5fd7 PushButton pushButton_MainWindow_OperationLog \u8c03\u51fa\u8fd0\u7ef4\u65e5\u5fd7\u7a97\u53e3","title":"3.1\u3001\u83dc\u5355\u529f\u80fd\u5927\u7c7b"},{"location":"spec/openkite/#311","text":"\u8bbe\u7f6e \u8f6f\u4ef6\u4e3b\u9898","title":"3.1.1\u3001\u83dc\u5355\u5b50\u7c7b"},{"location":"spec/openkite/#312","text":"\u793e\u533a \u7248\u672c\u66f4\u65b0 \u4f7f\u7528\u624b\u518c","title":"3.1.2\u3001\u5e2e\u52a9\u7c7b"},{"location":"spec/openkite/#313","text":"\u63d2\u4ef6\u4ed3\u5e93 img\u955c\u50cf\u5de5\u5177 MD5\u6821\u9a8c\u5de5\u5177 OpenStack\u6a21\u5757\u529f\u80fd\u6d4b\u8bd5 \u538b\u529b\u6d4b\u8bd5","title":"3.1.3\u3001\u5de5\u5177\u7c7b"},{"location":"spec/openkite/#314","text":"\u7cfb\u7edf\u62a5\u9519\uff08\u8282\u70b9\u62a5\u9519\u5206\u6790\uff09 OpenStack\u62a5\u9519 K8S\u62a5\u9519","title":"3.1.4\u3001\u62a5\u9519\u5206\u6790\u7c7b"},{"location":"spec/openkite/#315","text":"OPS\u76d1\u63a7\u72b6\u6001\u4e0e\u6027\u80fd\u4f7f\u7528\u5206\u6790 K8S\u76d1\u63a7\u72b6\u6001\u4e0e\u6027\u80fd\u4f7f\u7528\u5206\u6790","title":"3.1.5\u3001\u76d1\u63a7\u7c7b"},{"location":"spec/openkite/#316","text":"\u67e5\u770b\u5386\u53f2\u8fd0\u7ef4\u65e5\u5fd7 \u65e5\u5fd7\u5bfc\u51fa","title":"3.1.6\u3001\u8fd0\u7ef4\u65e5\u5fd7\u7c7b"},{"location":"spec/openkite/#32","text":"","title":"3.2\u3001\u6570\u636e\u53ef\u89c6\u5316\u7c7b"},{"location":"spec/openkite/#321","text":"ProgressBar\u63a7\u4ef6\u663e\u793a\u8ba1\u7b97\u673a\u786c\u4ef6\u6027\u80fd\u5360\u7528\u6bd4 \u63a7\u4ef6\u5c3a\u5bf8\uff1a \u6700\u5c0f\u5c3a\u5bf8 116*27 \u9ad8\u5ea6\u5c3a\u5bf8\u56fa\u5b9a \u63a7\u4ef6\u4e2d\u6587\u540d \u63a7\u4ef6\u79cd\u7c7b \u63a7\u4ef6\u540d \u7528\u9014 \u672c\u673aCPU ProgressBar progressBar_MainWindow_LocalCPU \u663e\u793a\u672c\u5730CPU\u4f7f\u7528\u7387 \u76ee\u6807CPU ProgressBar progressBar_MainWindow_TargetCPU \u663e\u793a\u76ee\u6807CPU\u4f7f\u7528\u7387 \u672c\u673aRAM ProgressBar progressBar_MainWindow_LocalRAM \u663e\u793a\u672c\u673aRAM\u4f7f\u7528\u7387 \u76ee\u6807RAM ProgressBar progressBar_MainWindow_TargetRAM \u663e\u793a\u76ee\u6807RAM\u4f7f\u7528\u7387 \u672c\u673a\u7f51\u7edc ProgressBar progressBar_MainWindow_LocalNetwork \u663e\u793a\u672c\u673a\u7f51\u7edc\u5e26\u5bbd\u4f7f\u7528\u7387 \u76ee\u6807\u7f51\u7edc ProgressBar progressBar_MainWindow_TargetNetwork \u663e\u793a\u76ee\u6807\u7f51\u7edc\u5e26\u5bbd\u4f7f\u7528\u7387 \u672c\u673a\u78c1\u76d8 ProgressBar progressBar_MainWindow_LocalDisk \u663e\u793a\u672c\u673a\u78c1\u76d8IO\u4f7f\u7528\u7387 \u76ee\u6807\u78c1\u76d8 ProgressBar progressBar_MainWindow_TargetDisk \u663e\u793a\u76ee\u6807\u78c1\u76d8IO\u4f7f\u7528\u7387","title":"3.2.1\u3001\u8ba1\u7b97\u673a\u786c\u4ef6\u4fe1\u606f\u7c7b"},{"location":"spec/openkite/#322","text":"Label\u63a7\u4ef6\u663e\u793a\u7cfb\u7edfIP\u4e0eDNS \u63a7\u4ef6\u5c3a\u5bf8\uff1a \u56fa\u5b9a\u5c3a\u5bf8 110*27 \u63a7\u4ef6\u4e2d\u6587\u540d \u63a7\u4ef6\u79cd\u7c7b \u63a7\u4ef6\u540d \u7528\u9014 \u672c\u673aIP Label label_MainWindow_LocalIP \u663e\u793a\u672c\u673aIP \u76ee\u6807IP Label label_MainWindow_TargetIP \u663e\u793a\u76ee\u6807IP \u672c\u673aDNS Label label_MainWindow_LocalNDS \u663e\u793a\u672c\u673aDNS \u76ee\u6807DNS Label label_MainWindow_TargetNDS \u663e\u793a\u76ee\u6807DNS ListWidget\u63a7\u4ef6\u663e\u793a\u7cfb\u7edf\u5fc5\u8981\u4fe1\u606f\u9879\u8bf4\u660e \u63a7\u4ef6\u5c3a\u5bf8\uff1a \u56fa\u5b9a\u5c3a\u5bf8 200*111 \u63a7\u4ef6\u4e2d\u6587\u540d \u63a7\u4ef6\u79cd\u7c7b \u63a7\u4ef6\u540d \u7528\u9014 \u7cfb\u7edf\u4fe1\u606f\u663e\u793a ListWidgets listWidget_MainWidow_SystemShow \u663e\u793a\u7cfb\u7edf\u5fc5\u8981\u4fe1\u606f \u7cfb\u7edf\u5fc5\u8981\u4fe1\u606f\u663e\u793a\u6240\u7528\u53d8\u91cf\u7684API\u63a5\u53e3 \u4e2d\u6587\u540d \u53d8\u91cf\u7c7b\u578b \u53d8\u91cf\u540d \u7528\u9014 \u53d1\u884c\u7248 QStringList systemNameShow linux\u53d1\u884c\u7248\u540d\u79f0 \u7248\u672c\u53f7 QStringList systemVersion linux\u53d1\u884c\u7248\u7248\u672c\u53f7 \u5185\u6838\u53f7 QStringList systemKernel linux\u53d1\u884c\u7248\u5185\u6838\u7248\u672c \u7ba1\u7406\u6743\u9650 QStringList systemAdminPower \u5f53\u524d\u8d26\u53f7\u64cd\u4f5c\u6743\u9650 \u670d\u52a1\u540d\u79f0 QStringList systemServiceName \u5f53\u524d\u8fd0\u7ef4\u8f6f\u4ef6\u670d\u52a1\u540d\u79f0 \u670d\u52a1\u7248\u672c QStringList systemServicVersion \u5f53\u524d\u8fd0\u7ef4\u8f6f\u4ef6\u7248\u672c Label\u4e0eProgressBar\u63a7\u4ef6\u663e\u793a\u5f53\u524d\u8fd0\u884c\u547d\u4ee4\u53ca\u8fdb\u5ea6 \u63a7\u4ef6\u5c3a\u5bf8\uff1a \u5f53\u524d\u8fd0\u884c\u547d\u4ee4\u63a7\u4ef6\u5c3a\u5bf8\uff1a \u6700\u5c0f\u5c3a\u5bf8\uff1a500*31 \u9ad8\u5ea6\u5c3a\u5bf8\u56fa\u5b9a \u5f53\u524d\u547d\u4ee4\u8fdb\u5ea6\u63a7\u4ef6\u5c3a\u5bf8\uff1a \u6700\u5c0f\u5c3a\u5bf8\uff1a171*31 \u9ad8\u5ea6\u5c3a\u5bf8\u56fa\u5b9a \u4e2d\u6587\u540d \u63a7\u4ef6\u79cd\u7c7b \u63a7\u4ef6\u540d \u7528\u9014 \u5f53\u524d\u8fd0\u884c\u547d\u4ee4 Label label_MainWindow_ShowCurrentCommand \u663e\u793a\u5f53\u524d\u96c6\u7fa4\u6216\u8282\u70b9\u6b63\u5728\u8fd0\u884c\u7684\u547d\u4ee4 \u5f53\u524d\u547d\u4ee4\u8fdb\u5ea6 ProgressBar progressBar_MainWindow_ShowCommandProgress \u663e\u793a\u5f53\u524d\u96c6\u7fa4\u6216\u8282\u70b9\u6b63\u5728\u8fd0\u884c\u7684\u547d\u4ee4\u7684\u8fdb\u5ea6","title":"3.2.2\u3001\u8ba1\u7b97\u673a\u8f6f\u4ef6\u4fe1\u606f\u7c7b"},{"location":"spec/openkite/#33","text":"","title":"3.3\u3001\u6dfb\u52a0\u96c6\u7fa4\u7c7b"},{"location":"spec/openkite/#331","text":"ToolButton\u63a7\u4ef6\u6dfb\u52a0\u96c6\u7fa4\u8282\u70b9\u4fe1\u606f \u63a7\u4ef6\u5c3a\u5bf8\uff1a \u56fa\u5b9a\u5c3a\u5bf8\uff1a300*31 \u4e2d\u6587\u540d \u63a7\u4ef6\u7c7b\u578b \u63a7\u4ef6\u540d \u7528\u9014 \u6dfb\u52a0\u96c6\u7fa4/\u8282\u70b9 ToolButton toolButton_MainWindow_AddNode \u5f39\u51fa\u7a97\u53e3\u6dfb\u52a0\u96c6\u7fa4\u6216\u8282\u70b9 \u5355\u8282\u70b9\u6dfb\u52a0 \u6279\u91cf\u8282\u70b9\u6dfb\u52a0 \u96c6\u7fa4\u6dfb\u52a0","title":"3.3.1\u3001 \u96c6\u7fa4\u6dfb\u52a0\u7c7b"},{"location":"spec/openkite/#332","text":"TreeWidget\u63a7\u4ef6\u663e\u793a\u96c6\u7fa4\u4fe1\u606f \u63a7\u4ef6\u5c3a\u5bf8\uff1a \u6700\u5c0f\u5c3a\u5bf8\uff1a200*438 \u5bbd\u5ea6\u5c3a\u5bf8\u56fa\u5b9a \u4e2d\u6587\u540d \u63a7\u4ef6\u7c7b\u578b \u63a7\u4ef6\u540d \u7528\u9014 \u8282\u70b9\u4fe1\u606f TreeWidget treeWidget_MainWindow_ShowNode \u7528\u4e8e\u663e\u793a\u96c6\u7fa4\u4e0e\u8282\u70b9\u4fe1\u606f\u6216\u70b9\u51fb\u4fe1\u606f\u540e\u521b\u5efaSSH\u8fdc\u7a0b\u7a97\u53e3\u754c\u9762 \u96c6\u7fa4\u540d\u79f0 \u8282\u70b9\u540d\u79f0 \u8282\u70b9IP\u5730\u5740","title":"3.3.2\u3001\u96c6\u7fa4\u663e\u793a\u7c7b"},{"location":"spec/openkite/#34","text":"TerrWidget\u63a7\u4ef6\u5f39\u7a97 \u63a7\u4ef6\u5c3a\u5bf8\uff1a \u4e0a\u4f20\u3001\u811a\u672c\u6309\u94ae\u56fa\u5b9a\u5c3a\u5bf8\uff1a63*31 \u90e8\u7f72\u6309\u94ae\u56fa\u5b9a\u5c3a\u5bf8\uff1a65*31 \u4e2d\u6587\u540d \u63a7\u4ef6\u7c7b\u578b \u63a7\u4ef6\u540d \u7528\u9014 \u4e0a\u4f20 terrWidget toolButton_MainWindow_UpLoad \u5f39\u51fa\u4e0a\u4f20\u7a97\u4f53:load.ui \u811a\u672c terrWidget toolButton_MainWindow_Shell \u5f39\u51fa\u811a\u672c\u7a97\u4f53:shell.ui \u90e8\u7f72 terrWidget toolButton_MainWindow_Deploy \u5f39\u51fa\u90e8\u7f72\u7a97\u4f53:deploy.ui","title":"3.4\u3001\u811a\u672c\u4e0e\u90e8\u7f72\u7c7b"},{"location":"spec/openkite/#341","text":"\u811a\u672c\u7f16\u8bd1\u5668 yaml\u7f16\u8bd1\u5668 \u811a\u672c\u7f16\u8bd1\u5668 \u52a0\u8f7d\u672c\u5730\u7b56\u7565 \u52a0\u8f7d\u96c6\u7fa4\u914d\u7f6e\u7b56\u7565 \u52a0\u8f7d\u8282\u70b9\u914d\u7f6e\u7b56\u7565 \u4e0a\u4f20\u6587\u4ef6\u5230\u76ee\u6807\u8ba1\u7b97\u673a \u5355\u8282\u70b9 \u591a\u8282\u70b9 \u4e0b\u8f7d\u6587\u4ef6\u5230\u672c\u5730\u8ba1\u7b97\u673a \u5355\u8282\u70b9 \u591a\u8282\u70b9 \u76ee\u6807\u8ba1\u7b97\u673a\u6587\u4ef6\u4e92\u4f20 \u70b9\u5bf9\u70b9\u4e92\u4f20 \u70b9\u5bf9\u591a\u4e92\u4f20","title":"3.4.1\u3001\u4e0a\u4f20\u4e0e\u4e0b\u8f7d\u529f\u80fd\u7c7b"},{"location":"spec/openkite/#342","text":"\u7f16\u8f91 \u7f16\u8f91\u5b50\u6a21\u5757\u811a\u672c \u7f16\u8f91\u96c6\u7fa4\u6a21\u5757\u811a\u672c \u67e5\u770b \u67e5\u770b\u5b50\u6a21\u5757\u811a\u672c \u67e5\u770b\u96c6\u7fa4\u6a21\u5757\u811a\u672c \u5bfc\u51fa \u5bfc\u51fa\u5b50\u6a21\u5757\u811a\u672c \u5bfc\u51fa\u96c6\u7fa4\u6a21\u5757\u811a\u672c \u5bfc\u51fa\u6240\u6709\u811a\u672c","title":"3.4.2\u3001\u811a\u672c\u7c7b"},{"location":"spec/openkite/#343","text":"\u90e8\u7f72 \u53ef\u6279\u91cf\u9009\u62e9\u8282\u70b9\u90e8\u7f72\u4e0d\u540c\u529f\u80fd\u811a\u672c \u53ef\u96c6\u7fa4\u90e8\u7f72\u4e0d\u540c\u8282\u70b9\u4e0d\u540c\u529f\u80fd\u811a\u672c \u53ef\u5355\u8282\u70b9\u90e8\u7f72\u4e0d\u540c\u529f\u80fd\u811a\u672c \u7ec8\u6b62 \u53ef\u6279\u91cf\u591a\u8282\u70b9\u3001\u5355\u8282\u70b9\u3001\u96c6\u7fa4\u7ec8\u6b62\u5f53\u524d\u90e8\u7f72","title":"3.4.3\u3001\u90e8\u7f72\u7c7b"},{"location":"spec/openkite/#35","text":"","title":"3.5\u3001\u529f\u80fd\u63d2\u4ef6\u7c7b"},{"location":"spec/openkite/#351","text":"\u4fee\u6539\u670d\u52a1\u5668\u8ba1\u7b97\u673a\u540d \u4fee\u6539\u670d\u52a1\u5668\u7528\u6237\u540d \u4fee\u6539\u670d\u52a1\u5668\u5bc6\u7801 \u4fee\u6539\u9632\u706b\u5899\u914d\u7f6e \u4fee\u6539host \u4fee\u6539DNS \u4fee\u6539\u7f51\u5173 \u4fee\u6539IP \u90e8\u7f72\u65f6\u95f4\u670d\u52a1 \u90e8\u7f72DNS\u670d\u52a1","title":"3.5.1\u3001\u57fa\u7840\u8fd0\u7ef4\u7c7b"},{"location":"spec/openkite/#352","text":"OpenStack\u63d2\u4ef6\u7c7b K8S\u63d2\u4ef6\u7c7b Ceph\u63d2\u4ef6\u7c7b","title":"3.5.2\u3001\u5176\u4ed6\u529f\u80fd\u63d2\u4ef6\u7c7b"},{"location":"spec/openkite/#36ssh","text":"\u53ef\u590d\u5236\u7c98\u8d34\u547d\u4ee4\uff0c\u4e2d\u6587\u663e\u793a\u7efc\u5408\u7aef\u53e3","title":"3.6\u3001ssh\u8fdc\u7a0b\u663e\u793a\u7c7b"},{"location":"spec/openkite/#361ssh","text":"\u7efc\u5408\u7aef\u53e3\u663e\u793a\uff0c\u70b9\u5bf9\u591assh\u8fdc\u7a0b","title":"3.6.1\u3001\u96c6\u7fa4SSH\u8fdc\u7a0b\u663e\u793a\u7c7b"},{"location":"spec/openkite/#362ssh","text":"\u70b9\u5bf9\u70b9ssh\u8fdc\u7a0b","title":"3.6.2\u3001\u5355\u8282\u70b9SSH\u8fdc\u7a0b\u663e\u793a\u7c7b"},{"location":"spec/openkite/#4api","text":"","title":"4\u3001\u7a97\u53e3\u4e3b\u4f53\u529f\u80fd\u63d2\u4ef6\u6dfb\u52a0\u65b9\u5f0f\u3001\u89c4\u8303\u3001API\u4e0e\u529f\u80fd\u6ce8\u91ca"},{"location":"spec/openkite/#41","text":"\u5f00\u53d1\u89c4\u8303\uff1a API\u63a5\u53e3\uff1a \u529f\u80fd\u6ce8\u91ca\uff1a \u9762\u677f\u6dfb\u52a0\u65b9\u5f0f\uff1a \u540e\u53f0\u529f\u80fd\u6a21\u5757\u6dfb\u52a0\u65b9\u5f0f\uff1a \u6587\u4ef6\u5939\u4f4d\u7f6e\uff1a","title":"4.1\u3001\u5de5\u5177\u7c7b"},{"location":"spec/openkite/#42","text":"\u5f00\u53d1\u89c4\u8303\uff1a API\u63a5\u53e3\uff1a \u529f\u80fd\u6ce8\u91ca\uff1a \u9762\u677f\u6dfb\u52a0\u65b9\u5f0f\uff1a \u540e\u53f0\u529f\u80fd\u6a21\u5757\u6dfb\u52a0\u65b9\u5f0f\uff1a \u6587\u4ef6\u5939\u4f4d\u7f6e\uff1a","title":"4.2\u3001\u529f\u80fd\u63d2\u4ef6\u7c7b"},{"location":"spec/openkite/#5api","text":"","title":"5\u3001\u540e\u53f0API\u8c03\u7528\u3001\u89c4\u8303\u4e0e\u4f7f\u7528\u8bf4\u660e"},{"location":"spec/openkite/#51","text":"","title":"5.1\u3001\u8ba1\u7b97\u673a\u786c\u4ef6"},{"location":"spec/openkite/#511cpu","text":"","title":"5.1.1\u3001CPU"},{"location":"spec/openkite/#512ram","text":"","title":"5.1.2\u3001RAM"},{"location":"spec/openkite/#52","text":"","title":"5.2\u3001\u8ba1\u7b97\u673a\u8f6f\u4ef6"},{"location":"spec/openkite/#521","text":"","title":"5.2.1\u3001\u672c\u5730\u8f6f\u4ef6\u5305"},{"location":"spec/openkite/#522","text":"","title":"5.2.2\u3001\u6e90\u8f6f\u4ef6\u5305"},{"location":"spec/openkite/#6","text":"\u5728\u5404\u79cd\u64cd\u4f5c\u524d\u8fdb\u884c\u5224\u65ad\u672c\u5730\u7f51\u7edc\u4e0e\u76ee\u6807\u7f51\u7edc\u662f\u5426\u8fde\u540c \u5728\u76ee\u6807\u7f51\u7edc\u65e0\u6cd5\u8fde\u901a\u65f6\u63d0\u793a\uff1a\u76ee\u6807IP\u7f51\u7edc\u4e0d\u901a \u5728\u96c6\u7fa4\u8282\u70b9\u90fd\u65e0\u6cd5\u8054\u901a\u65f6\uff0c\u96c6\u7fa4\u8282\u70b9\u5b57\u4f53\u7070\u8272 \u5728\u96c6\u7fa4\u64cd\u4f5c\u6216\u591a\u8282\u70b9\u64cd\u4f5c\u65f6\u63d0\u793a\u65e0\u6cd5\u8fde\u63a5\u7684\u76ee\u6807\u4fe1\u606f\uff0c\u5e76\u63d0\u793a\u786e\u5b9e\u662f\u5426\u7ee7\u7eed\uff0c\u5982\u7ee7\u7eed\u5219\u5c4f\u853d\u65e0\u6cd5\u8fde\u63a5\u7684\u8282\u70b9\u53bb\u8fdb\u884c\u6279\u91cf\u90e8\u7f72 \u754c\u9762\u4fe1\u606f\u5237\u65b0\u9891\u7387 \u8f6f\u786c\u4ef6\u4fe1\u606f\u5237\u65b0\u9891\u7387 cpu\u3001\u5185\u5b58\u7b49\u5360\u6bd4\u663e\u793a\u4fe1\u606f\u7684\u5237\u65b0\u9891\u7387\u4e3a0.5s ssh\u754c\u9762\u5237\u5c4f\u9891\u7387\u4e3a\u5b9e\u65f6\u5237\u65b0 \u96c6\u7fa4\u663e\u793a\u4fe1\u606f\u4e3a\u5b9e\u65f6\u5237\u65b0 \u7cfb\u7edf\u5fc5\u8981\u4fe1\u606f\u663e\u793a\u533a\u57df\u4e3a\u5b9e\u65f6\u5237\u65b0","title":"6\u3001\u5f00\u53d1\u601d\u8def\u5907\u6ce8"},{"location":"spec/openstack-sig-tool-requirement/","text":"openEuler OpenStack\u5f00\u53d1\u5e73\u53f0\u9700\u6c42\u8bf4\u660e\u4e66 \u00b6 \u80cc\u666f \u00b6 \u76ee\u524d\uff0c\u968f\u7740SIG\u7684\u4e0d\u65ad\u53d1\u5c55\uff0c\u6211\u4eec\u660e\u663e\u7684\u9047\u5230\u4e86\u4ee5\u4e0b\u51e0\u7c7b\u95ee\u9898\uff1a 1. OpenStack\u6280\u672f\u590d\u6742\uff0c\u6d89\u53ca\u4e91IAAS\u5c42\u7684\u8ba1\u7b97\u3001\u7f51\u7edc\u3001\u5b58\u50a8\u3001\u955c\u50cf\u3001\u9274\u6743\u7b49\u65b9\u65b9\u9762\u9762\u7684\u6280\u672f\uff0c\u5f00\u53d1\u8005\u5f88\u96be\u5168\u77e5\u5168\u4f1a\uff0c\u63d0\u4ea4\u7684 \u4ee3\u7801\u903b\u8f91\u3001\u8d28\u91cf\u582a\u5fe7 \u3002 2. OpenStack\u662f\u7531python\u7f16\u5199\u7684\uff0cpython\u8f6f\u4ef6\u7684\u4f9d\u8d56\u95ee\u9898\u96be\u4ee5\u5904\u7406\uff0c\u4ee5OpenStack Wallaby\u7248\u672c\u4e3a\u4f8b\uff0c\u6d89\u53ca\u6838\u5fc3python\u8f6f\u4ef6\u5305400+\uff0c \u6bcf\u4e2a\u8f6f\u4ef6\u7684\u4f9d\u8d56\u5c42\u7ea7\u3001\u4f9d\u8d56\u7248\u672c \u9519\u7efc\u590d\u6742\uff0c\u9009\u578b\u56f0\u96be \uff0c\u96be\u4ee5\u5f62\u6210\u95ed\u73af\u3002 3. OpenStack\u8f6f\u4ef6\u5305\u4f17\u591a\uff0cRPM Spec\u7f16\u5199\u5f00\u53d1\u91cf\u5de8\u5927\uff0c\u5e76\u4e14\u968f\u7740openEuler\u3001OpenStack\u672c\u8eab\u7248\u672c\u7684\u4e0d\u65ad\u6f14\u8fdb\uff0cN:N\u7684\u9002\u914d\u5173\u7cfb\u4f1a\u5bfc\u81f4 \u5de5\u4f5c\u91cf\u6210\u500d\u589e\u957f\uff0c\u4eba\u529b\u6210\u672c\u8d8a\u6765\u8d8a\u5927 \u3002 4. OpenStack\u6d4b\u8bd5\u95e8\u69db\u8fc7\u9ad8\uff0c\u4e0d\u4ec5\u9700\u8981\u5f00\u53d1\u4eba\u5458\u719f\u6089OpenStack\uff0c\u8fd8\u8981\u5bf9\u865a\u62df\u5316\u3001\u865a\u62df\u7f51\u6865\u3001\u5757\u5b58\u50a8\u7b49Linux\u5e95\u5c42\u6280\u672f\u6709\u4e00\u5b9a\u4e86\u89e3\u4e0e\u638c\u63e1\uff0c\u90e8\u7f72\u4e00\u5957OpenStack\u73af\u5883\u8017\u65f6\u8fc7\u957f\uff0c\u529f\u80fd\u6d4b\u8bd5\u96be\u5ea6\u5de8\u5927\u3002\u5e76\u4e14\u6d4b\u8bd5\u573a\u666f\u591a\uff0c\u6bd4\u5982X86\u3001ARM64\u67b6\u6784\u6d4b\u8bd5\uff0c\u88f8\u673a\u3001\u865a\u673a\u79cd\u7c7b\u6d4b\u8bd5\uff0cOVS\u3001OVN\u7f51\u6865\u6d4b\u8bd5\uff0cLVM\u3001Ceph\u5b58\u50a8\u6d4b\u8bd5\u7b49\u7b49\uff0c\u66f4\u52a0\u52a0\u91cd\u4e86 \u4eba\u529b\u6210\u672c\u4ee5\u53ca\u6280\u672f\u95e8\u69db \u3002 \u9488\u5bf9\u4ee5\u4e0a\u95ee\u9898\u9700\u8981\u5728openEuler OpenStack\u63d0\u4f9b\u4e00\u4e2a\u5f00\u53d1\u5e73\u53f0\uff0c\u89e3\u51b3\u5f00\u53d1\u8fc7\u7a0b\u9047\u5230\u7684\u4ee5\u4e0a\u75db\u70b9\u95ee\u9898\u3002 \u76ee\u6807 \u00b6 \u8bbe\u8ba1\u5e76\u5f00\u53d1\u4e00\u4e2aOpenStack\u5f3a\u76f8\u5173\u7684openEuler\u5f00\u6e90\u5f00\u53d1\u5e73\u53f0\uff0c\u901a\u8fc7\u89c4\u8303\u5316\u3001\u5de5\u5177\u5316\u3001\u81ea\u52a8\u5316\u7684\u65b9\u5f0f\uff0c\u6ee1\u8db3SIG\u5f00\u53d1\u8005\u7684\u65e5\u5e38\u5f00\u53d1\u9700\u6c42\uff0c\u964d\u4f4e\u5f00\u53d1\u6210\u672c\uff0c\u51cf\u5c11\u4eba\u529b\u6295\u5165\u6210\u672c\uff0c\u964d\u4f4e\u5f00\u53d1\u95e8\u69db\uff0c\u4ece\u800c\u63d0\u9ad8\u5f00\u53d1\u6548\u7387\u3001\u63d0\u9ad8SIG\u8f6f\u4ef6\u8d28\u91cf\u3001\u53d1\u5c55SIG\u751f\u6001\u3001\u5438\u5f15\u66f4\u591a\u5f00\u53d1\u8005\u52a0\u5165SIG\u3002 \u8303\u56f4 \u00b6 \u7528\u6237\u8303\u56f4 \uff1aopenEuler OpenStack SIG\u5f00\u53d1\u8005 \u4e1a\u52a1\u8303\u56f4 \uff1aopenEuler OpenStack SIG\u65e5\u5e38\u5f00\u53d1\u6d3b\u52a8 \u7f16\u7a0b\u8bed\u8a00 \uff1aPython\u3001Ansible\u3001Jinja\u3001JavaScript IT\u6280\u672f \uff1aWeb\u670d\u52a1\u3001RestFul\u89c4\u8303\u3001CLI\u89c4\u8303\u3001\u524d\u7aefGUI\u3001\u6570\u636e\u5e93\u4f7f\u7528 \u529f\u80fd \u00b6 OpenStack\u5f00\u53d1\u5e73\u53f0\u6574\u4f53\u91c7\u7528C/S\u67b6\u6784\uff0c\u4ee5SIG\u5bf9\u5916\u63d0\u4f9b\u5e73\u53f0\u80fd\u529b\uff0cclient\u7aef\u9762\u5411\u6307\u5b9a\u7528\u6237\u767d\u540d\u5355\u5f00\u653e\u3002 \u4e3a\u65b9\u4fbf\u767d\u540d\u5355\u4ee5\u5916\u7528\u6237\u4f7f\u7528\uff0c\u672c\u5e73\u53f0\u8fd8\u63d0\u4f9bCLI\u6a21\u5f0f\uff0c\u5728\u6b64\u6a21\u5f0f\u4e0b\u4e0d\u9700\u8981\u989d\u5916\u670d\u52a1\u7aef\u901a\u4fe1\uff0c\u5728\u672c\u5730\u5373\u53ef\u5f00\u7bb1\u5373\u7528\u3002 \u8f93\u51faOpenStack\u670d\u52a1\u7c7b\u8f6f\u4ef6\u3001\u4f9d\u8d56\u5e93\u8f6f\u4ef6\u7684RPM SPEC\u5f00\u53d1\u89c4\u8303\uff0c\u5f00\u53d1\u8005\u53caReviewer\u9700\u8981\u4e25\u683c\u9075\u5b88\u89c4\u8303\u8fdb\u884c\u5f00\u53d1\u5b9e\u65bd\u3002 \u63d0\u4f9bOpenStack python\u8f6f\u4ef6\u4f9d\u8d56\u5206\u6790\u529f\u80fd\uff0c\u4e00\u952e\u751f\u6210\u4f9d\u8d56\u62d3\u6251\u4e0e\u7ed3\u679c\uff0c\u4fdd\u8bc1\u4f9d\u8d56\u95ed\u73af\uff0c\u907f\u514d\u8f6f\u4ef6\u4f9d\u8d56\u98ce\u9669\u3002 \u63d0\u4f9bOpenStack RPM spec\u751f\u6210\u529f\u80fd\uff0c\u9488\u5bf9\u901a\u7528\u6027\u8f6f\u4ef6\uff0c\u63d0\u4f9b\u4e00\u952e\u751f\u6210 RPM spec\u7684\u529f\u80fd\uff0c\u7f29\u77ed\u5f00\u53d1\u65f6\u95f4\uff0c\u964d\u4f4e\u6295\u5165\u6210\u672c\u3002 \u63d0\u4f9b\u81ea\u52a8\u5316\u90e8\u7f72\u3001\u6d4b\u8bd5\u5e73\u53f0\u529f\u80fd\uff0c\u5b9e\u73b0\u4e00\u952e\u5728\u4efb\u4f55openEuler\u7248\u672c\u4e0a\u90e8\u7f72\u6307\u5b9aOpenStack\u7248\u672c\u7684\u80fd\u529b\uff0c\u5feb\u901f\u6d4b\u8bd5\u3001\u5feb\u901f\u8fed\u4ee3\u3002 \u63d0\u4f9bopenEuler Gitee\u4ed3\u5e93\u81ea\u52a8\u5316\u5904\u7406\u80fd\u529b\uff0c\u6ee1\u8db3\u6279\u91cf\u4fee\u6539\u8f6f\u4ef6\u7684\u9700\u6c42\uff0c\u6bd4\u5982\u521b\u5efa\u4ee3\u7801\u5206\u652f\u3001\u521b\u5efa\u4ed3\u5e93\u3001\u63d0\u4ea4Pull Request\u7b49\u529f\u80fd\u3002 SPEC\u5f00\u53d1\u89c4\u8303\u5236\u5b9a \u00b6 \u3010\u529f\u80fd\u70b9\u3011 1. \u7ea6\u675fOpenStack\u670d\u52a1\u7ea7\u9879\u76eeSPEC\u683c\u5f0f\u4e0e\u5185\u5bb9\u89c4\u8303 2. \u89c4\u5b9aOpenStack\u4f9d\u8d56\u5e93\u7ea7\u522b\u9879\u76eeSPEC\u7684\u6846\u67b6\u3002 \u3010\u5148\u51b3\u6761\u4ef6\u3011\uff1aOpenStack SIG\u5168\u4f53Maintainer\u8fbe\u6210\u4e00\u81f4\uff0c\u53c2\u4e0e\u5382\u5546\u6ca1\u6709\u5206\u6b67\u3002 \u3010\u53c2\u4e0e\u65b9\u3011\uff1a\u4e2d\u56fd\u7535\u4fe1\u3001\u4e2d\u56fd\u8054\u901a\u3001\u7edf\u4fe1\u8f6f\u4ef6 \u3010\u8f93\u5165\u3011\uff1aRPM SPEC\u7f16\u5199\u6807\u51c6 \u3010\u8f93\u51fa\u3011\uff1a\u670d\u52a1\u7ea7\u3001\u4f9d\u8d56\u5e93\u7ea7SPEC\u6a21\u677f\uff1b\u8f6f\u4ef6\u5206\u5c42\u89c4\u8303\u3002 \u3010\u5bf9\u5176\u4ed6\u529f\u80fd\u7684\u5f71\u54cd\u3011\uff1a\u672c\u529f\u80fd\u662f\u4ee5\u4e0b\u8f6f\u4ef6\u529f\u80fd\u7684\u524d\u63d0\uff0c\u4e0b\u8ff0\u5982 SPEC\u81ea\u52a8\u751f\u6210\u529f\u80fd \u9700\u9075\u5faa\u672c\u89c4\u8303\u6267\u884c\u3002 \u4f9d\u8d56\u5206\u6790\u9700\u6c42 \u00b6 \u3010\u529f\u80fd\u70b9\u3011 1. \u81ea\u52a8\u751f\u6210\u57fa\u4e8e\u6307\u5b9aopenEuler\u7248\u672c\u7684OpenStack\u4f9d\u8d56\u8868\u3002 2. \u80fd\u5904\u7406\u4f9d\u8d56\u6210\u73af\u3001\u7248\u672c\u7f3a\u7701\u3001\u540d\u79f0\u4e0d\u4e00\u81f4\u7b49\u4f9d\u8d56\u5e38\u89c1\u95ee\u9898\u3002 \u3010\u5148\u51b3\u6761\u4ef6\u3011\uff1aN/A \u3010\u53c2\u4e0e\u65b9\u3011\uff1aOpenStack SIG\u6838\u5fc3\u5f00\u53d1\u8005 \u3010\u8f93\u5165\u3011\uff1aopenEuler\u7248\u672c\u53f7\u3001OpenStack\u7248\u672c\u53f7\u3001\u76ee\u6807\u4f9d\u8d56\u8303\u56f4\uff08\u6838\u5fc3/\u6d4b\u8bd5/\u6587\u6863\uff09 \u3010\u8f93\u51fa\u3011\uff1a\u6307\u5b9aOpenStack\u7248\u672c\u7684\u5168\u91cf\u4f9d\u8d56\u5e93\u4fe1\u606f\uff0c\u5305\u62ec\u6700\u5c0f/\u6700\u5927\u4f9d\u8d56\u7248\u672c\u3001\u6240\u5c5eopenEuler SIG\u3001RPM\u5305\u540d\u3001\u4f9d\u8d56\u5c42\u7ea7\u3001\u5b50\u4f9d\u8d56\u6811\u7b49\u5185\u5bb9\uff0c\u53ef\u4ee5\u4ee5Excel\u8868\u683c\u7684\u65b9\u5f0f\u8f93\u51fa\u3002 \u3010\u5bf9\u5176\u4ed6\u529f\u80fd\u7684\u5f71\u54cd\u3011\uff1aN/A Spec\u81ea\u52a8\u751f\u6210\u9700\u6c42 \u00b6 \u3010\u529f\u80fd\u70b9\u3011 1. \u4e00\u952e\u751f\u6210OpenStack\u4f9d\u8d56\u5e93\u7c7b\u8f6f\u4ef6\u7684RPM SPEC 2. \u652f\u6301\u5404\u79cdPython\u8f6f\u4ef6\u6784\u5efa\u7cfb\u7edf\uff0c\u6bd4\u5982setuptools\u3001pyproject\u7b49\u3002 \u3010\u5148\u51b3\u6761\u4ef6\u3011\uff1a\u9700\u9075\u5b88 SPEC\u5f00\u53d1\u89c4\u8303 \u3010\u53c2\u4e0e\u65b9\u3011\uff1aOpenStack SIG\u6838\u5fc3\u5f00\u53d1\u8005 \u3010\u8f93\u5165\u3011\uff1a\u6307\u5b9a\u8f6f\u4ef6\u540d\u53ca\u76ee\u6807\u7248\u672c \u3010\u8f93\u51fa\u3011\uff1a\u5bf9\u5e94\u8f6f\u4ef6\u7684RPM SPEC\u6587\u4ef6 \u3010\u5bf9\u5176\u4ed6\u529f\u80fd\u7684\u5f71\u54cd\u3011\uff1a\u751f\u6210\u7684SPEC\u53ef\u4ee5\u901a\u8fc7\u4e0b\u8ff0 \u4ee3\u7801\u63d0\u4ea4\u529f\u80fd \u4e00\u952epush\u5230openEuler\u793e\u533a\u3002 \u81ea\u52a8\u5316\u90e8\u7f72\u3001\u6d4b\u8bd5\u9700\u6c42 \u00b6 \u3010\u529f\u80fd\u70b9\u3011 1. \u4e00\u952e\u5feb\u901f\u90e8\u7f72\u6307\u5b9aOpenStack\u7248\u672c\u3001\u62d3\u6251\u3001\u529f\u80fd\u7684OpenStack\u5355/\u591a\u8282\u70b9\u73af\u5883 2. \u4e00\u952e\u57fa\u4e8e\u5df2\u90e8\u7f72OpenStack\u73af\u5883\u8fdb\u884c\u8d44\u6e90\u9884\u914d\u7f6e\u4e0e\u529f\u80fd\u6d4b\u8bd5\u3002 3. \u652f\u6301\u591a\u4e91\u3001\u4e3b\u673a\u7eb3\u7ba1\u529f\u80fd\uff0c\u652f\u6301\u63d2\u4ef6\u81ea\u5b9a\u4e49\u529f\u80fd\u3002 \u3010\u5148\u51b3\u6761\u4ef6\u3011\uff1aN/A \u3010\u53c2\u4e0e\u65b9\u3011\uff1aOpenStack SIG\u6838\u5fc3\u5f00\u53d1\u8005\u3001\u5404\u4e2a\u4e91\u5e73\u53f0\u76f8\u5173\u5f00\u53d1\u8005 \u3010\u8f93\u5165\u3011\uff1a\u76ee\u6807OpenStack\u7248\u672c\u3001\u8ba1\u7b97/\u7f51\u7edc/\u5b58\u50a8\u7684driver\u573a\u666f \u3010\u8f93\u51fa\u3011\uff1a\u4e00\u4e2a\u53ef\u4ee5\u4e00\u952e\u6267\u884cOpenStack Tempest\u6d4b\u8bd5\u7684OpenStack\u73af\u5883\uff1bTempest\u6d4b\u8bd5\u62a5\u544a\u3002 \u3010\u5bf9\u5176\u4ed6\u529f\u80fd\u7684\u5f71\u54cd\u3011\uff1a N/A \u4e00\u952e\u4ee3\u7801\u5904\u7406\u9700\u6c42 \u00b6 \u3010\u529f\u80fd\u70b9\u3011 1. \u4e00\u952e\u9488\u5bf9openEuler OpenStack\u6240\u5c5e\u9879\u76ee\u7684Repo\u3001Branch\u3001PR\u6267\u884c\u5404\u79cd\u64cd\u4f5c\u3002 2. \u64cd\u4f5c\u5305\u62ec\uff1a\u5efa\u7acb/\u5220\u9664\u6e90\u7801\u4ed3;\u5efa\u7acb/\u5220\u9664openEuler\u5206\u652f\uff1b\u63d0\u4ea4\u8f6f\u4ef6Update PR\uff1b\u5728PR\u4e2d\u6dfb\u52a0\u8bc4\u5ba1\u610f\u89c1\u3002 \u3010\u5148\u51b3\u6761\u4ef6\u3011\uff1a\u63d0\u4ea4PR\u529f\u80fd\u4f9d\u8d56\u4e0a\u8ff0 SPEC\u751f\u6210 \u529f\u80fd \u3010\u53c2\u4e0e\u65b9\u3011\uff1aOpenStack SIG\u6838\u5fc3\u5f00\u53d1\u8005 \u3010\u8f93\u5165\u3011\uff1a\u6307\u5b9a\u8f6f\u4ef6\u540d\u3001openEuler release\u540d\u3001\u76ee\u6807Spec\u6587\u4ef6\u3001\u8bc4\u5ba1\u610f\u89c1\u5185\u5bb9\u3002 \u3010\u8f93\u51fa\u3011\uff1a\u8f6f\u4ef6\u5efa\u4ed3PR\uff1b\u8f6f\u4ef6\u521b\u5efa\u5206\u652fPR\uff1b\u8f6f\u4ef6\u5347\u7ea7PR\uff1bPR\u65b0\u589e\u8bc4\u5ba1\u610f\u89c1\u3002 \u3010\u5bf9\u5176\u4ed6\u529f\u80fd\u7684\u5f71\u54cd\u3011\uff1aN/A \u975e\u529f\u80fd\u9700\u6c42 \u00b6 \u6d4b\u8bd5\u9700\u6c42 \u00b6 \u5bf9\u5e94\u8f6f\u4ef6\u4ee3\u7801\u9700\u5305\u542b\u5355\u5143\u6d4b\u8bd5\uff0c\u8986\u76d6\u7387\u4e0d\u4f4e\u4e8e80%\u3002 \u9700\u63d0\u4f9b\u7aef\u5230\u7aef\u529f\u80fd\u6d4b\u8bd5\uff0c\u8986\u76d6\u4e0a\u8ff0\u6240\u6709\u63a5\u53e3\uff0c\u4ee5\u53ca\u6838\u5fc3\u7684\u573a\u666f\u6d4b\u8bd5\u3002 \u57fa\u4e8eopenEuler\u793e\u533aCI\uff0c\u6784\u5efaCI/CD\u6d41\u7a0b\uff0c\u6240\u6709Pull Request\u8981\u6709CI\u4fdd\u8bc1\u4ee3\u7801\u8d28\u91cf\uff0c\u5b9a\u671f\u53d1\u5e03release\u7248\u672c\uff0c\u8f6f\u4ef6\u53d1\u5e03\u95f4\u9694\u4e0d\u5927\u4e8e3\u4e2a\u6708\u3002 \u5b89\u5168 \u00b6 \u6570\u636e\u5b89\u5168\uff1a\u8f6f\u4ef6\u5168\u7a0b\u4e0d\u8054\u7f51\uff0c\u6301\u4e45\u5b58\u50a8\u4e2d\u4e0d\u5305\u542b\u7528\u6237\u654f\u611f\u4fe1\u606f\u3002 \u7f51\u7edc\u5b89\u5168\uff1aOOS\u5728REST\u67b6\u6784\u4e0b\u4f7f\u7528http\u534f\u8bae\u901a\u4fe1\uff0c\u4f46\u8f6f\u4ef6\u8bbe\u8ba1\u76ee\u6807\u5b9e\u5728\u5185\u7f51\u73af\u5883\u4e2d\u4f7f\u7528\uff0c\u4e0d\u5efa\u8bae\u66b4\u9732\u5728\u516c\u7f51IP\u4e2d\uff0c\u5982\u5fc5\u987b\u5982\u6b64\uff0c\u5efa\u8bae\u589e\u52a0\u8bbf\u95eeIP\u767d\u540d\u5355\u9650\u5236\u3002 \u7cfb\u7edf\u5b89\u5168\uff1a\u57fa\u4e8eopenEuler\u5b89\u5168\u673a\u5236\uff0c\u5b9a\u671f\u53d1\u5e03CVE\u4fee\u590d\u6216\u5b89\u5168\u8865\u4e01\u3002 \u5e94\u7528\u5c42\u5b89\u5168\uff1a\u4e0d\u6d89\u53ca\uff0c\u4e0d\u63d0\u4f9b\u5e94\u7528\u7ea7\u5b89\u5168\u670d\u52a1\uff0c\u4f8b\u5982\u5bc6\u7801\u7b56\u7565\u3001\u8bbf\u95ee\u63a7\u5236\u7b49\u3002 \u7ba1\u7406\u5b89\u5168\uff1a\u8f6f\u4ef6\u63d0\u4f9b\u65e5\u5fd7\u751f\u6210\u548c\u5468\u671f\u6027\u5907\u4efd\u673a\u5236\uff0c\u65b9\u4fbf\u7528\u6237\u5b9a\u671f\u5ba1\u8ba1\u3002 \u53ef\u9760\u6027 \u00b6 \u672c\u8f6f\u4ef6\u9762\u5411openEuler\u793e\u533aOpenStack\u5f00\u53d1\u884c\u4e3a\uff0c\u4e0d\u6d89\u53ca\u670d\u52a1\u4e0a\u7ebf\u6216\u8005\u5546\u4e1a\u751f\u4ea7\u843d\u5730\uff0c\u6240\u6709\u4ee3\u7801\u516c\u5f00\u900f\u660e\uff0c\u4e0d\u6d89\u53ca\u79c1\u6709\u529f\u80fd\u53ca\u4ee3\u7801\u3002\u56e0\u6b64\u4e0d\u63d0\u4f9b\u4f8b\u5982\u8282\u70b9\u5197\u4f59\u3001\u5bb9\u707e\u5907\u4efd\u80fd\u529f\u80fd\u3002 \u5f00\u6e90\u5408\u89c4 \u00b6 \u672c\u5e73\u53f0\u91c7\u7528Apache2.0 License\uff0c\u4e0d\u9650\u5236\u4e0b\u6e38fork\u8f6f\u4ef6\u7684\u95ed\u6e90\u4e0e\u5546\u4e1a\u884c\u4e3a\uff0c\u4f46\u4e0b\u6e38\u8f6f\u4ef6\u9700\u6807\u6ce8\u4ee3\u7801\u6765\u6e90\u4ee5\u53ca\u4fdd\u7559\u539f\u6709License\u3002 \u5b9e\u65bd\u8ba1\u5212 \u00b6 \u65f6\u95f4 \u5185\u5bb9 2021.06 \u5b8c\u6210\u8f6f\u4ef6\u6574\u4f53\u6846\u67b6\u7f16\u5199\uff0c\u5b9e\u73b0CLI Built-in\u673a\u5236\uff0c\u81f3\u5c11\u4e00\u4e2aAPI\u53ef\u7528 2021.12 \u5b8c\u6210CLI Built-in\u673a\u5236\u7684\u5168\u91cf\u529f\u80fd\u53ef\u7528 2022.06 \u5b8c\u6210\u8d28\u91cf\u52a0\u56fa\uff0c\u4fdd\u8bc1\u529f\u80fd\uff0c\u5728openEuler OpenStack\u793e\u533a\u5f00\u53d1\u6d41\u7a0b\u4e2d\u6b63\u5f0f\u5f15\u5165OOS 2022.12 \u4e0d\u65ad\u5b8c\u6210OOS\uff0c\u4fdd\u8bc1\u6613\u7528\u6027\u3001\u5065\u58ee\u6027\uff0c\u81ea\u52a8\u5316\u8986\u76d6\u5ea6\u8d85\u8fc780%\uff0c\u964d\u4f4e\u5f00\u53d1\u4eba\u529b\u6295\u5165 2023.06 \u8865\u9f50REST\u6846\u67b6\u3001CI/CD\u6d41\u7a0b\uff0c\u4e30\u5bccPlugin\u673a\u5236\uff0c\u5f15\u5165\u66f4\u591abackend\u652f\u6301 2023.12 \u5b8c\u6210\u524d\u7aefGUI\u529f\u80fd","title":"openEuler OpenStack\u5f00\u53d1\u5e73\u53f0\u9700\u6c42\u8bf4\u660e\u4e66"},{"location":"spec/openstack-sig-tool-requirement/#openeuler-openstack","text":"","title":"openEuler OpenStack\u5f00\u53d1\u5e73\u53f0\u9700\u6c42\u8bf4\u660e\u4e66"},{"location":"spec/openstack-sig-tool-requirement/#_1","text":"\u76ee\u524d\uff0c\u968f\u7740SIG\u7684\u4e0d\u65ad\u53d1\u5c55\uff0c\u6211\u4eec\u660e\u663e\u7684\u9047\u5230\u4e86\u4ee5\u4e0b\u51e0\u7c7b\u95ee\u9898\uff1a 1. OpenStack\u6280\u672f\u590d\u6742\uff0c\u6d89\u53ca\u4e91IAAS\u5c42\u7684\u8ba1\u7b97\u3001\u7f51\u7edc\u3001\u5b58\u50a8\u3001\u955c\u50cf\u3001\u9274\u6743\u7b49\u65b9\u65b9\u9762\u9762\u7684\u6280\u672f\uff0c\u5f00\u53d1\u8005\u5f88\u96be\u5168\u77e5\u5168\u4f1a\uff0c\u63d0\u4ea4\u7684 \u4ee3\u7801\u903b\u8f91\u3001\u8d28\u91cf\u582a\u5fe7 \u3002 2. OpenStack\u662f\u7531python\u7f16\u5199\u7684\uff0cpython\u8f6f\u4ef6\u7684\u4f9d\u8d56\u95ee\u9898\u96be\u4ee5\u5904\u7406\uff0c\u4ee5OpenStack Wallaby\u7248\u672c\u4e3a\u4f8b\uff0c\u6d89\u53ca\u6838\u5fc3python\u8f6f\u4ef6\u5305400+\uff0c \u6bcf\u4e2a\u8f6f\u4ef6\u7684\u4f9d\u8d56\u5c42\u7ea7\u3001\u4f9d\u8d56\u7248\u672c \u9519\u7efc\u590d\u6742\uff0c\u9009\u578b\u56f0\u96be \uff0c\u96be\u4ee5\u5f62\u6210\u95ed\u73af\u3002 3. OpenStack\u8f6f\u4ef6\u5305\u4f17\u591a\uff0cRPM Spec\u7f16\u5199\u5f00\u53d1\u91cf\u5de8\u5927\uff0c\u5e76\u4e14\u968f\u7740openEuler\u3001OpenStack\u672c\u8eab\u7248\u672c\u7684\u4e0d\u65ad\u6f14\u8fdb\uff0cN:N\u7684\u9002\u914d\u5173\u7cfb\u4f1a\u5bfc\u81f4 \u5de5\u4f5c\u91cf\u6210\u500d\u589e\u957f\uff0c\u4eba\u529b\u6210\u672c\u8d8a\u6765\u8d8a\u5927 \u3002 4. OpenStack\u6d4b\u8bd5\u95e8\u69db\u8fc7\u9ad8\uff0c\u4e0d\u4ec5\u9700\u8981\u5f00\u53d1\u4eba\u5458\u719f\u6089OpenStack\uff0c\u8fd8\u8981\u5bf9\u865a\u62df\u5316\u3001\u865a\u62df\u7f51\u6865\u3001\u5757\u5b58\u50a8\u7b49Linux\u5e95\u5c42\u6280\u672f\u6709\u4e00\u5b9a\u4e86\u89e3\u4e0e\u638c\u63e1\uff0c\u90e8\u7f72\u4e00\u5957OpenStack\u73af\u5883\u8017\u65f6\u8fc7\u957f\uff0c\u529f\u80fd\u6d4b\u8bd5\u96be\u5ea6\u5de8\u5927\u3002\u5e76\u4e14\u6d4b\u8bd5\u573a\u666f\u591a\uff0c\u6bd4\u5982X86\u3001ARM64\u67b6\u6784\u6d4b\u8bd5\uff0c\u88f8\u673a\u3001\u865a\u673a\u79cd\u7c7b\u6d4b\u8bd5\uff0cOVS\u3001OVN\u7f51\u6865\u6d4b\u8bd5\uff0cLVM\u3001Ceph\u5b58\u50a8\u6d4b\u8bd5\u7b49\u7b49\uff0c\u66f4\u52a0\u52a0\u91cd\u4e86 \u4eba\u529b\u6210\u672c\u4ee5\u53ca\u6280\u672f\u95e8\u69db \u3002 \u9488\u5bf9\u4ee5\u4e0a\u95ee\u9898\u9700\u8981\u5728openEuler OpenStack\u63d0\u4f9b\u4e00\u4e2a\u5f00\u53d1\u5e73\u53f0\uff0c\u89e3\u51b3\u5f00\u53d1\u8fc7\u7a0b\u9047\u5230\u7684\u4ee5\u4e0a\u75db\u70b9\u95ee\u9898\u3002","title":"\u80cc\u666f"},{"location":"spec/openstack-sig-tool-requirement/#_2","text":"\u8bbe\u8ba1\u5e76\u5f00\u53d1\u4e00\u4e2aOpenStack\u5f3a\u76f8\u5173\u7684openEuler\u5f00\u6e90\u5f00\u53d1\u5e73\u53f0\uff0c\u901a\u8fc7\u89c4\u8303\u5316\u3001\u5de5\u5177\u5316\u3001\u81ea\u52a8\u5316\u7684\u65b9\u5f0f\uff0c\u6ee1\u8db3SIG\u5f00\u53d1\u8005\u7684\u65e5\u5e38\u5f00\u53d1\u9700\u6c42\uff0c\u964d\u4f4e\u5f00\u53d1\u6210\u672c\uff0c\u51cf\u5c11\u4eba\u529b\u6295\u5165\u6210\u672c\uff0c\u964d\u4f4e\u5f00\u53d1\u95e8\u69db\uff0c\u4ece\u800c\u63d0\u9ad8\u5f00\u53d1\u6548\u7387\u3001\u63d0\u9ad8SIG\u8f6f\u4ef6\u8d28\u91cf\u3001\u53d1\u5c55SIG\u751f\u6001\u3001\u5438\u5f15\u66f4\u591a\u5f00\u53d1\u8005\u52a0\u5165SIG\u3002","title":"\u76ee\u6807"},{"location":"spec/openstack-sig-tool-requirement/#_3","text":"\u7528\u6237\u8303\u56f4 \uff1aopenEuler OpenStack SIG\u5f00\u53d1\u8005 \u4e1a\u52a1\u8303\u56f4 \uff1aopenEuler OpenStack SIG\u65e5\u5e38\u5f00\u53d1\u6d3b\u52a8 \u7f16\u7a0b\u8bed\u8a00 \uff1aPython\u3001Ansible\u3001Jinja\u3001JavaScript IT\u6280\u672f \uff1aWeb\u670d\u52a1\u3001RestFul\u89c4\u8303\u3001CLI\u89c4\u8303\u3001\u524d\u7aefGUI\u3001\u6570\u636e\u5e93\u4f7f\u7528","title":"\u8303\u56f4"},{"location":"spec/openstack-sig-tool-requirement/#_4","text":"OpenStack\u5f00\u53d1\u5e73\u53f0\u6574\u4f53\u91c7\u7528C/S\u67b6\u6784\uff0c\u4ee5SIG\u5bf9\u5916\u63d0\u4f9b\u5e73\u53f0\u80fd\u529b\uff0cclient\u7aef\u9762\u5411\u6307\u5b9a\u7528\u6237\u767d\u540d\u5355\u5f00\u653e\u3002 \u4e3a\u65b9\u4fbf\u767d\u540d\u5355\u4ee5\u5916\u7528\u6237\u4f7f\u7528\uff0c\u672c\u5e73\u53f0\u8fd8\u63d0\u4f9bCLI\u6a21\u5f0f\uff0c\u5728\u6b64\u6a21\u5f0f\u4e0b\u4e0d\u9700\u8981\u989d\u5916\u670d\u52a1\u7aef\u901a\u4fe1\uff0c\u5728\u672c\u5730\u5373\u53ef\u5f00\u7bb1\u5373\u7528\u3002 \u8f93\u51faOpenStack\u670d\u52a1\u7c7b\u8f6f\u4ef6\u3001\u4f9d\u8d56\u5e93\u8f6f\u4ef6\u7684RPM SPEC\u5f00\u53d1\u89c4\u8303\uff0c\u5f00\u53d1\u8005\u53caReviewer\u9700\u8981\u4e25\u683c\u9075\u5b88\u89c4\u8303\u8fdb\u884c\u5f00\u53d1\u5b9e\u65bd\u3002 \u63d0\u4f9bOpenStack python\u8f6f\u4ef6\u4f9d\u8d56\u5206\u6790\u529f\u80fd\uff0c\u4e00\u952e\u751f\u6210\u4f9d\u8d56\u62d3\u6251\u4e0e\u7ed3\u679c\uff0c\u4fdd\u8bc1\u4f9d\u8d56\u95ed\u73af\uff0c\u907f\u514d\u8f6f\u4ef6\u4f9d\u8d56\u98ce\u9669\u3002 \u63d0\u4f9bOpenStack RPM spec\u751f\u6210\u529f\u80fd\uff0c\u9488\u5bf9\u901a\u7528\u6027\u8f6f\u4ef6\uff0c\u63d0\u4f9b\u4e00\u952e\u751f\u6210 RPM spec\u7684\u529f\u80fd\uff0c\u7f29\u77ed\u5f00\u53d1\u65f6\u95f4\uff0c\u964d\u4f4e\u6295\u5165\u6210\u672c\u3002 \u63d0\u4f9b\u81ea\u52a8\u5316\u90e8\u7f72\u3001\u6d4b\u8bd5\u5e73\u53f0\u529f\u80fd\uff0c\u5b9e\u73b0\u4e00\u952e\u5728\u4efb\u4f55openEuler\u7248\u672c\u4e0a\u90e8\u7f72\u6307\u5b9aOpenStack\u7248\u672c\u7684\u80fd\u529b\uff0c\u5feb\u901f\u6d4b\u8bd5\u3001\u5feb\u901f\u8fed\u4ee3\u3002 \u63d0\u4f9bopenEuler Gitee\u4ed3\u5e93\u81ea\u52a8\u5316\u5904\u7406\u80fd\u529b\uff0c\u6ee1\u8db3\u6279\u91cf\u4fee\u6539\u8f6f\u4ef6\u7684\u9700\u6c42\uff0c\u6bd4\u5982\u521b\u5efa\u4ee3\u7801\u5206\u652f\u3001\u521b\u5efa\u4ed3\u5e93\u3001\u63d0\u4ea4Pull Request\u7b49\u529f\u80fd\u3002","title":"\u529f\u80fd"},{"location":"spec/openstack-sig-tool-requirement/#spec","text":"\u3010\u529f\u80fd\u70b9\u3011 1. \u7ea6\u675fOpenStack\u670d\u52a1\u7ea7\u9879\u76eeSPEC\u683c\u5f0f\u4e0e\u5185\u5bb9\u89c4\u8303 2. \u89c4\u5b9aOpenStack\u4f9d\u8d56\u5e93\u7ea7\u522b\u9879\u76eeSPEC\u7684\u6846\u67b6\u3002 \u3010\u5148\u51b3\u6761\u4ef6\u3011\uff1aOpenStack SIG\u5168\u4f53Maintainer\u8fbe\u6210\u4e00\u81f4\uff0c\u53c2\u4e0e\u5382\u5546\u6ca1\u6709\u5206\u6b67\u3002 \u3010\u53c2\u4e0e\u65b9\u3011\uff1a\u4e2d\u56fd\u7535\u4fe1\u3001\u4e2d\u56fd\u8054\u901a\u3001\u7edf\u4fe1\u8f6f\u4ef6 \u3010\u8f93\u5165\u3011\uff1aRPM SPEC\u7f16\u5199\u6807\u51c6 \u3010\u8f93\u51fa\u3011\uff1a\u670d\u52a1\u7ea7\u3001\u4f9d\u8d56\u5e93\u7ea7SPEC\u6a21\u677f\uff1b\u8f6f\u4ef6\u5206\u5c42\u89c4\u8303\u3002 \u3010\u5bf9\u5176\u4ed6\u529f\u80fd\u7684\u5f71\u54cd\u3011\uff1a\u672c\u529f\u80fd\u662f\u4ee5\u4e0b\u8f6f\u4ef6\u529f\u80fd\u7684\u524d\u63d0\uff0c\u4e0b\u8ff0\u5982 SPEC\u81ea\u52a8\u751f\u6210\u529f\u80fd \u9700\u9075\u5faa\u672c\u89c4\u8303\u6267\u884c\u3002","title":"SPEC\u5f00\u53d1\u89c4\u8303\u5236\u5b9a"},{"location":"spec/openstack-sig-tool-requirement/#_5","text":"\u3010\u529f\u80fd\u70b9\u3011 1. \u81ea\u52a8\u751f\u6210\u57fa\u4e8e\u6307\u5b9aopenEuler\u7248\u672c\u7684OpenStack\u4f9d\u8d56\u8868\u3002 2. \u80fd\u5904\u7406\u4f9d\u8d56\u6210\u73af\u3001\u7248\u672c\u7f3a\u7701\u3001\u540d\u79f0\u4e0d\u4e00\u81f4\u7b49\u4f9d\u8d56\u5e38\u89c1\u95ee\u9898\u3002 \u3010\u5148\u51b3\u6761\u4ef6\u3011\uff1aN/A \u3010\u53c2\u4e0e\u65b9\u3011\uff1aOpenStack SIG\u6838\u5fc3\u5f00\u53d1\u8005 \u3010\u8f93\u5165\u3011\uff1aopenEuler\u7248\u672c\u53f7\u3001OpenStack\u7248\u672c\u53f7\u3001\u76ee\u6807\u4f9d\u8d56\u8303\u56f4\uff08\u6838\u5fc3/\u6d4b\u8bd5/\u6587\u6863\uff09 \u3010\u8f93\u51fa\u3011\uff1a\u6307\u5b9aOpenStack\u7248\u672c\u7684\u5168\u91cf\u4f9d\u8d56\u5e93\u4fe1\u606f\uff0c\u5305\u62ec\u6700\u5c0f/\u6700\u5927\u4f9d\u8d56\u7248\u672c\u3001\u6240\u5c5eopenEuler SIG\u3001RPM\u5305\u540d\u3001\u4f9d\u8d56\u5c42\u7ea7\u3001\u5b50\u4f9d\u8d56\u6811\u7b49\u5185\u5bb9\uff0c\u53ef\u4ee5\u4ee5Excel\u8868\u683c\u7684\u65b9\u5f0f\u8f93\u51fa\u3002 \u3010\u5bf9\u5176\u4ed6\u529f\u80fd\u7684\u5f71\u54cd\u3011\uff1aN/A","title":"\u4f9d\u8d56\u5206\u6790\u9700\u6c42"},{"location":"spec/openstack-sig-tool-requirement/#spec_1","text":"\u3010\u529f\u80fd\u70b9\u3011 1. \u4e00\u952e\u751f\u6210OpenStack\u4f9d\u8d56\u5e93\u7c7b\u8f6f\u4ef6\u7684RPM SPEC 2. \u652f\u6301\u5404\u79cdPython\u8f6f\u4ef6\u6784\u5efa\u7cfb\u7edf\uff0c\u6bd4\u5982setuptools\u3001pyproject\u7b49\u3002 \u3010\u5148\u51b3\u6761\u4ef6\u3011\uff1a\u9700\u9075\u5b88 SPEC\u5f00\u53d1\u89c4\u8303 \u3010\u53c2\u4e0e\u65b9\u3011\uff1aOpenStack SIG\u6838\u5fc3\u5f00\u53d1\u8005 \u3010\u8f93\u5165\u3011\uff1a\u6307\u5b9a\u8f6f\u4ef6\u540d\u53ca\u76ee\u6807\u7248\u672c \u3010\u8f93\u51fa\u3011\uff1a\u5bf9\u5e94\u8f6f\u4ef6\u7684RPM SPEC\u6587\u4ef6 \u3010\u5bf9\u5176\u4ed6\u529f\u80fd\u7684\u5f71\u54cd\u3011\uff1a\u751f\u6210\u7684SPEC\u53ef\u4ee5\u901a\u8fc7\u4e0b\u8ff0 \u4ee3\u7801\u63d0\u4ea4\u529f\u80fd \u4e00\u952epush\u5230openEuler\u793e\u533a\u3002","title":"Spec\u81ea\u52a8\u751f\u6210\u9700\u6c42"},{"location":"spec/openstack-sig-tool-requirement/#_6","text":"\u3010\u529f\u80fd\u70b9\u3011 1. \u4e00\u952e\u5feb\u901f\u90e8\u7f72\u6307\u5b9aOpenStack\u7248\u672c\u3001\u62d3\u6251\u3001\u529f\u80fd\u7684OpenStack\u5355/\u591a\u8282\u70b9\u73af\u5883 2. \u4e00\u952e\u57fa\u4e8e\u5df2\u90e8\u7f72OpenStack\u73af\u5883\u8fdb\u884c\u8d44\u6e90\u9884\u914d\u7f6e\u4e0e\u529f\u80fd\u6d4b\u8bd5\u3002 3. \u652f\u6301\u591a\u4e91\u3001\u4e3b\u673a\u7eb3\u7ba1\u529f\u80fd\uff0c\u652f\u6301\u63d2\u4ef6\u81ea\u5b9a\u4e49\u529f\u80fd\u3002 \u3010\u5148\u51b3\u6761\u4ef6\u3011\uff1aN/A \u3010\u53c2\u4e0e\u65b9\u3011\uff1aOpenStack SIG\u6838\u5fc3\u5f00\u53d1\u8005\u3001\u5404\u4e2a\u4e91\u5e73\u53f0\u76f8\u5173\u5f00\u53d1\u8005 \u3010\u8f93\u5165\u3011\uff1a\u76ee\u6807OpenStack\u7248\u672c\u3001\u8ba1\u7b97/\u7f51\u7edc/\u5b58\u50a8\u7684driver\u573a\u666f \u3010\u8f93\u51fa\u3011\uff1a\u4e00\u4e2a\u53ef\u4ee5\u4e00\u952e\u6267\u884cOpenStack Tempest\u6d4b\u8bd5\u7684OpenStack\u73af\u5883\uff1bTempest\u6d4b\u8bd5\u62a5\u544a\u3002 \u3010\u5bf9\u5176\u4ed6\u529f\u80fd\u7684\u5f71\u54cd\u3011\uff1a N/A","title":"\u81ea\u52a8\u5316\u90e8\u7f72\u3001\u6d4b\u8bd5\u9700\u6c42"},{"location":"spec/openstack-sig-tool-requirement/#_7","text":"\u3010\u529f\u80fd\u70b9\u3011 1. \u4e00\u952e\u9488\u5bf9openEuler OpenStack\u6240\u5c5e\u9879\u76ee\u7684Repo\u3001Branch\u3001PR\u6267\u884c\u5404\u79cd\u64cd\u4f5c\u3002 2. \u64cd\u4f5c\u5305\u62ec\uff1a\u5efa\u7acb/\u5220\u9664\u6e90\u7801\u4ed3;\u5efa\u7acb/\u5220\u9664openEuler\u5206\u652f\uff1b\u63d0\u4ea4\u8f6f\u4ef6Update PR\uff1b\u5728PR\u4e2d\u6dfb\u52a0\u8bc4\u5ba1\u610f\u89c1\u3002 \u3010\u5148\u51b3\u6761\u4ef6\u3011\uff1a\u63d0\u4ea4PR\u529f\u80fd\u4f9d\u8d56\u4e0a\u8ff0 SPEC\u751f\u6210 \u529f\u80fd \u3010\u53c2\u4e0e\u65b9\u3011\uff1aOpenStack SIG\u6838\u5fc3\u5f00\u53d1\u8005 \u3010\u8f93\u5165\u3011\uff1a\u6307\u5b9a\u8f6f\u4ef6\u540d\u3001openEuler release\u540d\u3001\u76ee\u6807Spec\u6587\u4ef6\u3001\u8bc4\u5ba1\u610f\u89c1\u5185\u5bb9\u3002 \u3010\u8f93\u51fa\u3011\uff1a\u8f6f\u4ef6\u5efa\u4ed3PR\uff1b\u8f6f\u4ef6\u521b\u5efa\u5206\u652fPR\uff1b\u8f6f\u4ef6\u5347\u7ea7PR\uff1bPR\u65b0\u589e\u8bc4\u5ba1\u610f\u89c1\u3002 \u3010\u5bf9\u5176\u4ed6\u529f\u80fd\u7684\u5f71\u54cd\u3011\uff1aN/A","title":"\u4e00\u952e\u4ee3\u7801\u5904\u7406\u9700\u6c42"},{"location":"spec/openstack-sig-tool-requirement/#_8","text":"","title":"\u975e\u529f\u80fd\u9700\u6c42"},{"location":"spec/openstack-sig-tool-requirement/#_9","text":"\u5bf9\u5e94\u8f6f\u4ef6\u4ee3\u7801\u9700\u5305\u542b\u5355\u5143\u6d4b\u8bd5\uff0c\u8986\u76d6\u7387\u4e0d\u4f4e\u4e8e80%\u3002 \u9700\u63d0\u4f9b\u7aef\u5230\u7aef\u529f\u80fd\u6d4b\u8bd5\uff0c\u8986\u76d6\u4e0a\u8ff0\u6240\u6709\u63a5\u53e3\uff0c\u4ee5\u53ca\u6838\u5fc3\u7684\u573a\u666f\u6d4b\u8bd5\u3002 \u57fa\u4e8eopenEuler\u793e\u533aCI\uff0c\u6784\u5efaCI/CD\u6d41\u7a0b\uff0c\u6240\u6709Pull Request\u8981\u6709CI\u4fdd\u8bc1\u4ee3\u7801\u8d28\u91cf\uff0c\u5b9a\u671f\u53d1\u5e03release\u7248\u672c\uff0c\u8f6f\u4ef6\u53d1\u5e03\u95f4\u9694\u4e0d\u5927\u4e8e3\u4e2a\u6708\u3002","title":"\u6d4b\u8bd5\u9700\u6c42"},{"location":"spec/openstack-sig-tool-requirement/#_10","text":"\u6570\u636e\u5b89\u5168\uff1a\u8f6f\u4ef6\u5168\u7a0b\u4e0d\u8054\u7f51\uff0c\u6301\u4e45\u5b58\u50a8\u4e2d\u4e0d\u5305\u542b\u7528\u6237\u654f\u611f\u4fe1\u606f\u3002 \u7f51\u7edc\u5b89\u5168\uff1aOOS\u5728REST\u67b6\u6784\u4e0b\u4f7f\u7528http\u534f\u8bae\u901a\u4fe1\uff0c\u4f46\u8f6f\u4ef6\u8bbe\u8ba1\u76ee\u6807\u5b9e\u5728\u5185\u7f51\u73af\u5883\u4e2d\u4f7f\u7528\uff0c\u4e0d\u5efa\u8bae\u66b4\u9732\u5728\u516c\u7f51IP\u4e2d\uff0c\u5982\u5fc5\u987b\u5982\u6b64\uff0c\u5efa\u8bae\u589e\u52a0\u8bbf\u95eeIP\u767d\u540d\u5355\u9650\u5236\u3002 \u7cfb\u7edf\u5b89\u5168\uff1a\u57fa\u4e8eopenEuler\u5b89\u5168\u673a\u5236\uff0c\u5b9a\u671f\u53d1\u5e03CVE\u4fee\u590d\u6216\u5b89\u5168\u8865\u4e01\u3002 \u5e94\u7528\u5c42\u5b89\u5168\uff1a\u4e0d\u6d89\u53ca\uff0c\u4e0d\u63d0\u4f9b\u5e94\u7528\u7ea7\u5b89\u5168\u670d\u52a1\uff0c\u4f8b\u5982\u5bc6\u7801\u7b56\u7565\u3001\u8bbf\u95ee\u63a7\u5236\u7b49\u3002 \u7ba1\u7406\u5b89\u5168\uff1a\u8f6f\u4ef6\u63d0\u4f9b\u65e5\u5fd7\u751f\u6210\u548c\u5468\u671f\u6027\u5907\u4efd\u673a\u5236\uff0c\u65b9\u4fbf\u7528\u6237\u5b9a\u671f\u5ba1\u8ba1\u3002","title":"\u5b89\u5168"},{"location":"spec/openstack-sig-tool-requirement/#_11","text":"\u672c\u8f6f\u4ef6\u9762\u5411openEuler\u793e\u533aOpenStack\u5f00\u53d1\u884c\u4e3a\uff0c\u4e0d\u6d89\u53ca\u670d\u52a1\u4e0a\u7ebf\u6216\u8005\u5546\u4e1a\u751f\u4ea7\u843d\u5730\uff0c\u6240\u6709\u4ee3\u7801\u516c\u5f00\u900f\u660e\uff0c\u4e0d\u6d89\u53ca\u79c1\u6709\u529f\u80fd\u53ca\u4ee3\u7801\u3002\u56e0\u6b64\u4e0d\u63d0\u4f9b\u4f8b\u5982\u8282\u70b9\u5197\u4f59\u3001\u5bb9\u707e\u5907\u4efd\u80fd\u529f\u80fd\u3002","title":"\u53ef\u9760\u6027"},{"location":"spec/openstack-sig-tool-requirement/#_12","text":"\u672c\u5e73\u53f0\u91c7\u7528Apache2.0 License\uff0c\u4e0d\u9650\u5236\u4e0b\u6e38fork\u8f6f\u4ef6\u7684\u95ed\u6e90\u4e0e\u5546\u4e1a\u884c\u4e3a\uff0c\u4f46\u4e0b\u6e38\u8f6f\u4ef6\u9700\u6807\u6ce8\u4ee3\u7801\u6765\u6e90\u4ee5\u53ca\u4fdd\u7559\u539f\u6709License\u3002","title":"\u5f00\u6e90\u5408\u89c4"},{"location":"spec/openstack-sig-tool-requirement/#_13","text":"\u65f6\u95f4 \u5185\u5bb9 2021.06 \u5b8c\u6210\u8f6f\u4ef6\u6574\u4f53\u6846\u67b6\u7f16\u5199\uff0c\u5b9e\u73b0CLI Built-in\u673a\u5236\uff0c\u81f3\u5c11\u4e00\u4e2aAPI\u53ef\u7528 2021.12 \u5b8c\u6210CLI Built-in\u673a\u5236\u7684\u5168\u91cf\u529f\u80fd\u53ef\u7528 2022.06 \u5b8c\u6210\u8d28\u91cf\u52a0\u56fa\uff0c\u4fdd\u8bc1\u529f\u80fd\uff0c\u5728openEuler OpenStack\u793e\u533a\u5f00\u53d1\u6d41\u7a0b\u4e2d\u6b63\u5f0f\u5f15\u5165OOS 2022.12 \u4e0d\u65ad\u5b8c\u6210OOS\uff0c\u4fdd\u8bc1\u6613\u7528\u6027\u3001\u5065\u58ee\u6027\uff0c\u81ea\u52a8\u5316\u8986\u76d6\u5ea6\u8d85\u8fc780%\uff0c\u964d\u4f4e\u5f00\u53d1\u4eba\u529b\u6295\u5165 2023.06 \u8865\u9f50REST\u6846\u67b6\u3001CI/CD\u6d41\u7a0b\uff0c\u4e30\u5bccPlugin\u673a\u5236\uff0c\u5f15\u5165\u66f4\u591abackend\u652f\u6301 2023.12 \u5b8c\u6210\u524d\u7aefGUI\u529f\u80fd","title":"\u5b9e\u65bd\u8ba1\u5212"},{"location":"spec/openstack-sig-tool/","text":"openEuler OpenStack \u5f00\u53d1\u5e73\u53f0 \u00b6 openEuler OpenStack SIG\u6210\u7acb\u4e8e2021\u5e74\uff0c\u662f\u7531\u4e2d\u56fd\u8054\u901a\u3001\u4e2d\u56fd\u7535\u4fe1\u3001\u534e\u4e3a\u3001\u7edf\u4fe1\u7b49\u516c\u53f8\u7684\u5f00\u53d1\u8005\u5171\u540c\u6295\u5165\u5e76\u7ef4\u62a4\u7684SIG\u5c0f\u7ec4\uff0c\u65e8\u5728openEuler\u4e4b\u4e0a\u63d0\u4f9b\u539f\u751f\u7684OpenStack\uff0c\u6784\u5efa\u5f00\u653e\u53ef\u9760\u7684\u4e91\u8ba1\u7b97\u6280\u672f\u6808\uff0c\u662fopenEuler\u7684\u6807\u6746SIG\u3002\u4f46OpenStack\u672c\u8eab\u6280\u672f\u590d\u6742\u3001\u5305\u542b\u670d\u52a1\u4f17\u591a\uff0c\u5f00\u53d1\u95e8\u69db\u8f83\u9ad8\uff0c\u5bf9\u8d21\u732e\u8005\u7684\u6280\u672f\u80fd\u529b\u8981\u6c42\u4e5f\u8f83\u9ad8\uff0c\u4eba\u529b\u6210\u672c\u9ad8\u5c45\u4e0d\u4e0b\uff0c\u5728\u5b9e\u9645\u5f00\u53d1\u4e0e\u8d21\u732e\u4e2d\u5b58\u5728\u5404\u79cd\u5404\u6837\u7684\u95ee\u9898\u3002\u4e3a\u4e86\u89e3\u51b3SIG\u9762\u4e34\u7684\u95ee\u9898\uff0c\u4e9f\u9700\u4e00\u4e2aopenEuler+OpenStack\u89e3\u51b3\u65b9\u6848\uff0c\u4ece\u800c\u964d\u4f4e\u5f00\u53d1\u8005\u95e8\u69db\uff0c\u964d\u4f4e\u6295\u5165\u6210\u672c\uff0c\u63d0\u9ad8\u5f00\u53d1\u6548\u7387\uff0c\u4fdd\u8bc1SIG\u7684\u6301\u7eed\u6d3b\u8dc3\u4e0e\u53ef\u6301\u7eed\u53d1\u5c55\u3002 1. \u6982\u8ff0 \u00b6 1.1 \u5f53\u524d\u73b0\u72b6 \u00b6 \u76ee\u524d\uff0c\u968f\u7740SIG\u7684\u4e0d\u65ad\u53d1\u5c55\uff0c\u6211\u4eec\u660e\u663e\u7684\u9047\u5230\u4e86\u4ee5\u4e0b\u51e0\u7c7b\u95ee\u9898\uff1a 1. OpenStack\u6280\u672f\u590d\u6742\uff0c\u6d89\u53ca\u4e91IAAS\u5c42\u7684\u8ba1\u7b97\u3001\u7f51\u7edc\u3001\u5b58\u50a8\u3001\u955c\u50cf\u3001\u9274\u6743\u7b49\u65b9\u65b9\u9762\u9762\u7684\u6280\u672f\uff0c\u5f00\u53d1\u8005\u5f88\u96be\u5168\u77e5\u5168\u4f1a\uff0c\u63d0\u4ea4\u7684\u4ee3\u7801\u903b\u8f91\u3001\u8d28\u91cf\u582a\u5fe7\u3002 2. OpenStack\u662f\u7531python\u7f16\u5199\u7684\uff0cpython\u8f6f\u4ef6\u7684\u4f9d\u8d56\u95ee\u9898\u96be\u4ee5\u5904\u7406\uff0c\u4ee5OpenStack Wallaby\u7248\u672c\u4e3a\u4f8b\uff0c\u6d89\u53ca\u6838\u5fc3python\u8f6f\u4ef6\u5305400+\uff0c \u6bcf\u4e2a\u8f6f\u4ef6\u7684\u4f9d\u8d56\u5c42\u7ea7\u3001\u4f9d\u8d56\u7248\u672c\u9519\u7efc\u590d\u6742\uff0c\u9009\u578b\u56f0\u96be\uff0c\u96be\u4ee5\u5f62\u6210\u95ed\u73af\u3002 3. OpenStack\u8f6f\u4ef6\u5305\u4f17\u591a\uff0cRPM Spec\u7f16\u5199\u5f00\u53d1\u91cf\u5de8\u5927\uff0c\u5e76\u4e14\u968f\u7740openEuler\u3001OpenStack\u672c\u8eab\u7248\u672c\u7684\u4e0d\u65ad\u6f14\u8fdb\uff0cN:N\u7684\u9002\u914d\u5173\u7cfb\u4f1a\u5bfc\u81f4\u5de5\u4f5c\u91cf\u6210\u500d\u589e\u957f\uff0c\u4eba\u529b\u6210\u672c\u8d8a\u6765\u8d8a\u5927\u3002 4. OpenStack\u6d4b\u8bd5\u95e8\u69db\u8fc7\u9ad8\uff0c\u4e0d\u4ec5\u9700\u8981\u5f00\u53d1\u4eba\u5458\u719f\u6089OpenStack\uff0c\u8fd8\u8981\u5bf9\u865a\u62df\u5316\u3001\u865a\u62df\u7f51\u6865\u3001\u5757\u5b58\u50a8\u7b49Linux\u5e95\u5c42\u6280\u672f\u6709\u4e00\u5b9a\u4e86\u89e3\u4e0e\u638c\u63e1\uff0c\u90e8\u7f72\u4e00\u5957OpenStack\u73af\u5883\u8017\u65f6\u8fc7\u957f\uff0c\u529f\u80fd\u6d4b\u8bd5\u96be\u5ea6\u5de8\u5927\u3002\u5e76\u4e14\u6d4b\u8bd5\u573a\u666f\u591a\uff0c\u6bd4\u5982X86\u3001ARM64\u67b6\u6784\u6d4b\u8bd5\uff0c\u88f8\u673a\u3001\u865a\u673a\u79cd\u7c7b\u6d4b\u8bd5\uff0cOVS\u3001OVN\u7f51\u6865\u6d4b\u8bd5\uff0cLVM\u3001Ceph\u5b58\u50a8\u6d4b\u8bd5\u7b49\u7b49\uff0c\u66f4\u52a0\u52a0\u91cd\u4e86\u4eba\u529b\u6210\u672c\u4ee5\u53ca\u6280\u672f\u95e8\u69db\u3002 1.2 \u89e3\u51b3\u65b9\u6848 \u00b6 \u9488\u5bf9\u4ee5\u4e0a\u76ee\u524dSIG\u9047\u5230\u7684\u95ee\u9898\uff0c\u89c4\u8303\u5316\u3001\u5de5\u5177\u5316\u3001\u81ea\u52a8\u5316\u7684\u76ee\u6807\u52bf\u5728\u5fc5\u884c\u3002\u672c\u7bc7\u8bbe\u8ba1\u6587\u6863\u65e8\u5728\u5728openEuler OpenStack SIG\u4e2d\u63d0\u4f9b\u4e00\u4e2a\u7aef\u5230\u7aef\u53ef\u7528\u7684\u5f00\u53d1\u89e3\u51b3\u65b9\u6848\uff0c\u4ece\u6280\u672f\u89c4\u8303\u5230\u6280\u672f\u5b9e\u73b0\uff0c\u63d0\u51fa\u4e25\u683c\u7684\u6807\u51c6\u8981\u6c42\u4e0e\u8bbe\u8ba1\u65b9\u6848\uff0c\u6ee1\u8db3SIG\u5f00\u53d1\u8005\u7684\u65e5\u5e38\u5f00\u53d1\u9700\u6c42\uff0c\u964d\u4f4e\u5f00\u53d1\u6210\u672c\uff0c\u51cf\u5c11\u4eba\u529b\u6295\u5165\u6210\u672c\uff0c\u964d\u4f4e\u5f00\u53d1\u95e8\u69db\uff0c\u4ece\u800c\u63d0\u9ad8\u5f00\u53d1\u6548\u7387\u3001\u63d0\u9ad8SIG\u8f6f\u4ef6\u8d28\u91cf\u3001\u53d1\u5c55SIG\u751f\u6001\u3001\u5438\u5f15\u66f4\u591a\u5f00\u53d1\u8005\u52a0\u5165SIG\u3002\u4e3b\u8981\u52a8\u4f5c\u5982\u4e0b\uff1a 1. \u8f93\u51faOpenStack\u670d\u52a1\u7c7b\u8f6f\u4ef6\u3001\u4f9d\u8d56\u5e93\u8f6f\u4ef6\u7684RPM SPEC\u5f00\u53d1\u89c4\u8303\uff0c\u5f00\u53d1\u8005\u53caReviewer\u9700\u8981\u4e25\u683c\u9075\u5b88\u89c4\u8303\u8fdb\u884c\u5f00\u53d1\u5b9e\u65bd\u3002 2. \u63d0\u4f9bOpenStack python\u8f6f\u4ef6\u4f9d\u8d56\u5206\u6790\u529f\u80fd\uff0c\u4e00\u952e\u751f\u6210\u4f9d\u8d56\u62d3\u6251\u4e0e\u7ed3\u679c\uff0c\u4fdd\u8bc1\u4f9d\u8d56\u95ed\u73af\uff0c\u907f\u514d\u8f6f\u4ef6\u4f9d\u8d56\u98ce\u9669\u3002 3. \u63d0\u4f9bOpenStack RPM spec\u751f\u6210\u529f\u80fd\uff0c\u9488\u5bf9\u901a\u7528\u6027\u8f6f\u4ef6\uff0c\u63d0\u4f9b\u4e00\u952e\u751f\u6210 RPM spec\u7684\u529f\u80fd\uff0c\u7f29\u77ed\u5f00\u53d1\u65f6\u95f4\uff0c\u964d\u4f4e\u6295\u5165\u6210\u672c\u3002 4. \u63d0\u4f9b\u81ea\u52a8\u5316\u90e8\u7f72\u3001\u6d4b\u8bd5\u5e73\u53f0\u529f\u80fd\uff0c\u5b9e\u73b0\u4e00\u952e\u5728\u4efb\u4f55openEuler\u7248\u672c\u4e0a\u90e8\u7f72\u6307\u5b9aOpenStack\u7248\u672c\u7684\u80fd\u529b\uff0c\u5feb\u901f\u6d4b\u8bd5\u3001\u5feb\u901f\u8fed\u4ee3\u3002 5. \u63d0\u4f9bopenEuler Gitee\u4ed3\u5e93\u81ea\u52a8\u5316\u5904\u7406\u80fd\u529b\uff0c\u6ee1\u8db3\u6279\u91cf\u4fee\u6539\u8f6f\u4ef6\u7684\u9700\u6c42\uff0c\u6bd4\u5982\u521b\u5efa\u4ee3\u7801\u5206\u652f\u3001\u521b\u5efa\u4ed3\u5e93\u3001\u63d0\u4ea4Pull Request\u7b49\u529f\u80fd\u3002 \u4ee5\u4e0a\u89e3\u51b3\u65b9\u6cd5\u53ef\u4ee5\u7edf\u4e00\u5230\u4e00\u4e2a\u7cfb\u7edf\u5e73\u53f0\u4e2d\uff0c\u6211\u4eec\u79f0\u4f5cOpenStack SIG Tool\uff08\u4ee5\u4e0b\u7b80\u79f0oos\uff09\uff0c\u5373\u5c31\u662fopenEuler OpenStack\u5f00\u53d1\u5e73\u53f0\uff0c\u5177\u4f53\u67b6\u6784\u5982\u4e0b\uff1a \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u2502 CLI \u2502 \u2502 GUI \u2502 \u2514\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2502 \u2502 \u2502 Built-in\u2502 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2502 \u2502REST \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u2502 OpenStack Develop Platform \u2502 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2502 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u2502 \u2502 \u2502 \u2502 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2510 \u2502Dependency Analysis\u2502 \u2502SPEC Generation\u2502 \u2502Deploy and Test\u2502 \u2502Code Action\u2502 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u8be5\u67b6\u6784\u4e3b\u8981\u6709\u4ee5\u4e0b\u4e24\u79cd\u6a21\u5f0f\uff1a 1. Client/Server\u6a21\u5f0f \u5728\u8fd9\u79cd\u6a21\u5f0f\u4e0b\uff0coos\u90e8\u7f72\u6210Web Server\u5f62\u5f0f\uff0cClient\u901a\u8fc7REST\u65b9\u5f0f\u8c03\u7528oos\u3002 - \u4f18\u70b9\uff1a\u63d0\u4f9b\u5f02\u6b65\u8c03\u7528\u80fd\u529b\uff0c\u652f\u6301\u5e76\u53d1\u5904\u7406\uff0c\u652f\u6301\u8bb0\u5f55\u6301\u4e45\u5316\u3002 - \u7f3a\u70b9\uff1a\u6709\u4e00\u5b9a\u5b89\u88c5\u90e8\u7f72\u6210\u672c\uff0c\u4f7f\u7528\u65b9\u5f0f\u8f83\u4e3a\u6b7b\u677f\u3002 Built-in\u6a21\u5f0f \u5728\u8fd9\u79cd\u6a21\u5f0f\u4e0b\uff0coos\u65e0\u9700\u90e8\u7f72\uff0c\u4ee5\u5185\u7f6eCLI\u7684\u65b9\u5f0f\u5bf9\u5916\u63d0\u4f9b\u670d\u52a1\uff0c\u7528\u6237\u901a\u8fc7cli\u76f4\u63a5\u8c03\u7528\u5404\u79cd\u529f\u80fd\u3002 \u4f18\u70b9\uff1a\u65e0\u9700\u90e8\u7f72\uff0c\u968f\u65f6\u968f\u5730\u53ef\u7528\u3002 \u7f3a\u70b9\uff1a\u6ca1\u6709\u6301\u4e45\u5316\u80fd\u529b\uff0c\u4e0d\u652f\u6301\u5e76\u53d1\uff0c\u5355\u4eba\u5355\u7528\u3002 2. \u8be6\u7ec6\u8bbe\u8ba1 \u00b6 2.1 OpenStack Spec\u89c4\u8303 \u00b6 Spec\u89c4\u8303\u662f\u4e00\u4e2a\u6216\u591a\u4e2aspec\u6a21\u677f\uff0c\u9488\u5bf9RPM spec\u7684\u6bcf\u4e2a\u5173\u952e\u5b57\u53ca\u6784\u5efa\u7ae0\u8282\uff0c\u4e25\u683c\u89c4\u5b9a\u76f8\u5173\u5185\u5bb9\uff0c\u5f00\u53d1\u8005\u5728\u7f16\u5199spec\u65f6\uff0c\u5fc5\u987b\u6ee1\u8db3\u89c4\u8303\u8981\u6c42\uff0c\u5426\u5219\u4ee3\u7801\u4e0d\u5141\u8bb8\u88ab\u5408\u5165\u3002\u89c4\u8303\u5185\u5bb9\u7531SIG maintainer\u516c\u5f00\u8ba8\u8bba\u540e\u5f62\u6210\u7ed3\u8bba\uff0c\u5e76\u5b9a\u671f\u5ba1\u89c6\u66f4\u65b0\u3002\u4efb\u4f55\u4eba\u90fd\u6709\u6743\u5229\u63d0\u51fa\u5bf9\u89c4\u8303\u7684\u8d28\u7591\u548c\u5efa\u8bae\uff0c maintainer\u8d1f\u8d23\u89e3\u91ca\u4e0e\u5237\u65b0\u3002\u89c4\u8303\u76ee\u524d\u5305\u62ec\u4e24\u7c7b\uff1a 1. \u670d\u52a1\u7c7b\u8f6f\u4ef6\u89c4\u8303 \u6b64\u7c7b\u8f6f\u4ef6\u4ee5Nova\u3001Neutron\u3001Cinder\u7b49OpenStack\u6838\u5fc3\u670d\u52a1\u4e3a\u4f8b\uff0c\u5b83\u4eec\u4e00\u822c\u5b9a\u5236\u5316\u8981\u6c42\u9ad8\uff0c\u5185\u5bb9\u533a\u522b\u5927\uff0c\u5fc5\u8981\u4eba\u4e3a\u624b\u52a8\u7f16\u5199\u3002\u89c4\u8303\u9700\u6e05\u6670\u89c4\u5b9a\u8f6f\u4ef6\u7684\u5206\u5c42\u65b9\u6cd5\u3001\u6784\u5efa\u65b9\u6cd5\u3001\u8f6f\u4ef6\u5305\u7ec4\u6210\u5185\u5bb9\u3001\u6d4b\u8bd5\u65b9\u6cd5\u3001\u7248\u672c\u53f7\u89c4\u5219\u7b49\u5185\u5bb9\u3002 \u901a\u7528\u4f9d\u8d56\u7c7b\u8f6f\u4ef6\u89c4\u8303 \u6b64\u7c7b\u8f6f\u4ef6\u4e00\u822c\u5b9a\u5236\u5316\u4f4e\uff0c\u5185\u5bb9\u7ed3\u6784\u533a\u522b\u5c0f\uff0c\u9002\u5408\u81ea\u52a8\u5316\u5de5\u5177\u4e00\u952e\u751f\u6210\uff0c\u6211\u4eec\u53ea\u9700\u8981\u5728\u89c4\u8303\u4e2d\u5b9a\u4e49\u76f8\u5173\u5de5\u5177\u7684\u751f\u6210\u89c4\u5219\u5373\u53ef\u3002 2.1.1 \u670d\u52a1\u7c7b\u8f6f\u4ef6\u89c4\u8303 \u00b6 OpenStack\u6bcf\u4e2a\u670d\u52a1\u901a\u5e38\u5305\u542b\u82e5\u5e72\u5b50\u670d\u52a1\uff0c\u9488\u5bf9\u8fd9\u4e9b\u5b50\u670d\u52a1\uff0c\u6211\u4eec\u5728\u6253\u5305\u7684\u65f6\u5019\u4e5f\u8981\u505a\u62c6\u5305\u5904\u7406\uff0c\u5206\u6210\u82e5\u5e72\u4e2a\u5b50RPM\u5305\u3002\u672c\u7ae0\u8282\u89c4\u5b9a\u4e86openEuler SIG\u5bf9OpenStack\u670d\u52a1\u7684RPM\u5305\u62c6\u5206\u7684\u539f\u5219\u3002 2.1.1.1 \u901a\u7528\u539f\u5219 \u00b6 \u91c7\u7528\u5206\u5c42\u67b6\u6784\uff0cRPM\u5305\u7ed3\u6784\u5982\u4e0b\u56fe\u6240\u793a\uff0c\u4ee5openstack-nova\u4e3a\u4f8b\uff1a Level | Package | Example | | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25021\u2502 | \u2502 Root Package \u2502 \u2502 Doc Package (Optional) \u2502 | \u2502 openstack-nova.rpm \u2502 \u2502 openstack-nova-doc.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2502 | | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u253c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | | \u2502 \u2502 | | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25022\u2502 | \u2502 Service1 Package \u2502 \u2502 Service2 Package \u2502 | | \u2502 openstack-nova-compute.rpm \u2502 \u2502 openstack-nova-api.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | | | | | | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | | | | | | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25023\u2502 | \u2502 Common Package \u2502 | | \u2502 openstack-nova-common.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2502 | | | \u2502 | | | \u2502 | | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25024\u2502 | \u2502 Library Package \u25c4------------| Library Test Package (Optional) \u2502 | \u2502 python2-nova.rpm \u2502 \u2502 python2-nova-tests.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u5982\u56fe\u6240\u793a\uff0c\u5206\u4e3a4\u7ea7 Root Package\u4e3a\u603bRPM\u5305\uff0c\u539f\u5219\u4e0a\u4e0d\u5305\u542b\u4efb\u4f55\u6587\u4ef6\u3002\u53ea\u505a\u670d\u52a1\u96c6\u5408\u7528\u3002\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5RPM\u4e00\u952e\u5b89\u88c5\u6240\u6709\u5b50RPM\u5305\u3002 \u5982\u679c\u9879\u76ee\u6709doc\u76f8\u5173\u7684\u6587\u4ef6\uff0c\u4e5f\u53ef\u4ee5\u5355\u72ec\u6210\u5305\uff08\u53ef\u9009\uff09 Service Package\u4e3a\u5b50\u670d\u52a1RPM\u5305\uff0c\u5305\u542b\u8be5\u670d\u52a1\u7684systemd\u670d\u52a1\u542f\u52a8\u6587\u4ef6\u3001\u81ea\u5df1\u72ec\u6709\u7684\u914d\u7f6e\u6587\u4ef6\u7b49\u3002 Common Package\u662f\u5171\u7528\u4f9d\u8d56\u7684RPM\u5305\uff0c\u5305\u542b\u5404\u4e2a\u5b50\u670d\u52a1\u4f9d\u8d56\u7684\u901a\u7528\u914d\u7f6e\u6587\u4ef6\u3001\u7cfb\u7edf\u914d\u7f6e\u6587\u4ef6\u7b49\u3002 Library Package\u4e3apython\u6e90\u7801\u5305\uff0c\u5305\u542b\u4e86\u8be5\u9879\u76ee\u7684python\u4ee3\u7801\u3002 \u5982\u679c\u9879\u76ee\u6709test\u76f8\u5173\u7684\u6587\u4ef6\uff0c\u4e5f\u53ef\u4ee5\u5355\u72ec\u6210\u5305\uff08\u53ef\u9009\uff09 \u6d89\u53ca\u672c\u539f\u5219\u7684\u9879\u76ee\u6709\uff1a openstack-nova openstack-cinder openstack-glance openstack-placment openstack-ironic 2.1.1.2 \u7279\u6b8a\u60c5\u51b5 \u00b6 \u6709\u4e9bopenstack\u7ec4\u4ef6\u672c\u8eab\u53ea\u5305\u542b\u4e00\u4e2a\u670d\u52a1\uff0c\u4e0d\u5b58\u5728\u5b50\u670d\u52a1\u7684\u6982\u5ff5,\u8fd9\u79cd\u670d\u52a1\u5219\u53ea\u9700\u8981\u5206\u4e3a\u4e24\u7ea7\uff1a Level | Package | Example | | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25021\u2502 | \u2502 Root Package \u2502 \u2502 Doc Package (Optional) \u2502 | \u2502 openstack-keystone.rpm \u2502 \u2502 openstack-keystone-doc.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | | | | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25022\u2502 | \u2502 Library Package \u25c4-----| Library Test Package (Optional) \u2502 | \u2502 python2-keystone.rpm \u2502 \u2502 python2-keystone-tests.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 Root Package RPM\u5305\u5305\u542b\u4e86\u9664python\u6e90\u7801\u5916\u7684\u5176\u4ed6\u6240\u6709\u6587\u4ef6\uff0c\u5305\u62ec\u670d\u52a1\u542f\u52a8\u6587\u4ef6\u3001\u9879\u76ee\u914d\u7f6e\u6587\u4ef6\u3001\u7cfb\u7edf\u914d\u7f6e\u6587\u4ef6\u7b49\u7b49\u3002 \u5982\u679c\u9879\u76ee\u6709doc\u76f8\u5173\u7684\u6587\u4ef6\uff0c\u4e5f\u53ef\u4ee5\u5355\u72ec\u6210\u5305\uff08\u53ef\u9009\uff09 Library Package\u4e3apython\u6e90\u7801\u5305\uff0c\u5305\u542b\u4e86\u8be5\u9879\u76ee\u7684python\u4ee3\u7801\u3002 \u5982\u679c\u9879\u76ee\u6709test\u76f8\u5173\u7684\u6587\u4ef6\uff0c\u4e5f\u53ef\u4ee5\u5355\u72ec\u6210\u5305\uff08\u53ef\u9009\uff09 \u6d89\u53ca\u672c\u539f\u5219\u7684\u9879\u76ee\u6709\uff1a openstack-keystone openstack-horizon \u8fd8\u6709\u4e9b\u9879\u76ee\u867d\u7136\u6709\u82e5\u5e72\u5b50RPM\u5305\uff0c\u4f46\u8fd9\u4e9b\u5b50RPM\u5305\u662f\u4e92\u65a5\u7684\uff0c\u5219\u8fd9\u79cd\u670d\u52a1\u7684\u7ed3\u6784\u5982\u4e0b\uff1a Level | Package | Example | | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25021\u2502 | \u2502 Root Package \u2502 \u2502 Doc Package (Optional) \u2502 | \u2502 openstack-neutron.rpm \u2502 \u2502 openstack-neutron-doc.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2502 | | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | | \u2502 | | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25022\u2502 | \u2502 Service1 Package \u2502 \u2502 Service2 Package \u2502 \u2502 Service3 Package \u2502 | | \u2502 openstack-neutron-server.rpm \u2502 \u2502 openstack-neutron-openvswitch.rpm \u2502 \u2502 openstack-neutron-linuxbridge.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | | | | | | | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u253c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | | | | | | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25023\u2502 | \u2502 Common Package \u2502 | | \u2502 openstack-neutron-common.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2502 | | | \u2502 | | | \u2502 | | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25024\u2502 | \u2502 Library Package \u25c4------| Library Test Package (Optional) \u2502 | \u2502 python2-neutron.rpm \u2502 \u2502 python2-neutron-tests.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u5982\u56fe\u6240\u793a\uff0cService2\u548cService3\u4e92\u65a5\u3002 Root\u5305\u53ea\u5305\u542b\u4e0d\u4e92\u65a5\u7684\u5b50\u5305\uff0c\u4e92\u65a5\u7684\u5b50\u5305\u5355\u72ec\u63d0\u4f9b\u3002 \u5982\u679c\u9879\u76ee\u6709doc\u76f8\u5173\u7684\u6587\u4ef6\uff0c\u4e5f\u53ef\u4ee5\u5355\u72ec\u6210\u5305\uff08\u53ef\u9009\uff09 Service Package\u4e3a\u5b50\u670d\u52a1RPM\u5305\uff0c\u5305\u542b\u8be5\u670d\u52a1\u7684systemd\u670d\u52a1\u542f\u52a8\u6587\u4ef6\u3001\u81ea\u5df1\u72ec\u6709\u7684\u914d\u7f6e\u6587\u4ef6\u7b49\u3002 \u4e92\u65a5\u7684Service\u5305\u4e0d\u88abRoot\u5305\u6240\u5305\u542b\uff0c\u7528\u6237\u9700\u8981\u5355\u72ec\u5b89\u88c5\u3002 Common Package\u662f\u5171\u7528\u4f9d\u8d56\u7684RPM\u5305\uff0c\u5305\u542b\u5404\u4e2a\u5b50\u670d\u52a1\u4f9d\u8d56\u7684\u901a\u7528\u914d\u7f6e\u6587\u4ef6\u3001\u7cfb\u7edf\u914d\u7f6e\u6587\u4ef6\u7b49\u3002 Library Package\u4e3apython\u6e90\u7801\u5305\uff0c\u5305\u542b\u4e86\u8be5\u9879\u76ee\u7684python\u4ee3\u7801\u3002 \u5982\u679c\u9879\u76ee\u6709test\u76f8\u5173\u7684\u6587\u4ef6\uff0c\u4e5f\u53ef\u4ee5\u5355\u72ec\u6210\u5305\uff08\u53ef\u9009\uff09 \u6d89\u53ca\u672c\u539f\u5219\u7684\u9879\u76ee\u6709\uff1a openstack-neutron 2.1.2 \u901a\u7528\u4f9d\u8d56\u7c7b\u8f6f\u4ef6\u89c4\u8303 \u00b6 \u4e00\u4e2a\u4f9d\u8d56\u5e93\u4e00\u822c\u53ea\u5305\u542b\u4e00\u4e2aRPM\u5305\uff0c\u4e0d\u9700\u8981\u505a\u62c6\u5206\u5904\u7406\u3002 Level | Package | Example | | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25021\u2502 | \u2502 Library Package \u2502 \u2502 Help Package (Optional)\u2502 | \u2502 python2-oslo-service.rpm \u2502 \u2502 python2-oslo-service-help.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 NOTE openEuler\u793e\u533a\u5bf9python2\u548cpython3 RPM\u5305\u7684\u547d\u540d\u6709\u8981\u6c42\uff0cpython2\u7684\u5305\u524d\u7f00\u4e3a python2- \uff0cpython3\u7684\u5305\u524d\u7f00\u4e3a python3- \u3002\u56e0\u6b64\uff0cOpenStack\u8981\u6c42\u5f00\u53d1\u8005\u5728\u6253Library\u7684RPM\u5305\u65f6\uff0c\u4e5f\u8981\u9075\u5b88openEuler\u793e\u533a\u89c4\u8303\u3002 2.2 \u8f6f\u4ef6\u4f9d\u8d56\u529f\u80fd \u00b6 \u8f6f\u4ef6\u4f9d\u8d56\u5206\u6790\u529f\u80fd\u4e3a\u7528\u6237\u63d0\u4f9b\u4e00\u952e\u5206\u6790\u76ee\u6807OpenStack\u7248\u672c\u5305\u542b\u7684\u5168\u91cfpython\u8f6f\u4ef6\u4f9d\u8d56\u62d3\u6251\u53ca\u5bf9\u5e94\u8f6f\u4ef6\u7248\u672c\u7684\u80fd\u529b\u3002\u5e76\u81ea\u52a8\u4e0e\u76ee\u6807openEuler\u7248\u672c\u8fdb\u884c\u6bd4\u5bf9\uff0c\u8f93\u51fa\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u5f00\u53d1\u5efa\u8bae\u3002\u672c\u529f\u80fd\u5305\u542b\u4e24\u4e2a\u5b50\u529f\u80fd\uff1a - \u4f9d\u8d56\u5206\u6790 \u5bf9OpenStack python\u5305\u7684\u4f9d\u8d56\u6811\u8fdb\u884c\u89e3\u6790\uff0c\u62c6\u89e3\u4f9d\u8d56\u62d3\u6251\u3002\u4f9d\u8d56\u6811\u672c\u8d28\u4e0a\u662f\u5bf9\u6709\u5411\u56fe\u7684\u904d\u5386\uff0c\u7406\u8bba\u4e0a\uff0c\u4e00\u4e2a\u6b63\u5e38\u7684python\u4f9d\u8d56\u6811\u662f\u4e00\u4e2a\u6709\u5411\u65e0\u73af\u56fe\uff0c\u6709\u5411\u65e0\u73af\u56fe\u7684\u89e3\u6790\u65b9\u6cd5\u5f88\u591a\uff0c\u8fd9\u91cc\u91c7\u7528\u5e38\u7528\u7684\u5e7f\u5ea6\u4f18\u5148\u641c\u7d22\u65b9\u6cd5\u5373\u53ef\u3002\u4f46\u5728\u67d0\u4e9b\u7279\u6b8a\u573a\u666f\u4e0b\uff0cpython\u4f9d\u8d56\u6811\u4f1a\u53d8\u6210\u6709\u5411\u6709\u73af\u56fe\uff0c\u4f8b\u5982\uff1aSphinx\u662f\u4e00\u4e2a\u6587\u6863\u751f\u4ea7\u9879\u76ee\uff0c\u4f46\u5b83\u81ea\u5df1\u7684\u6587\u6863\u751f\u6210\u4e5f\u4f9d\u8d56Sphinx\uff0c\u8fd9\u5c31\u5bfc\u81f4\u4e86\u4f9d\u8d56\u73af\u7684\u5f62\u6210\u3002\u9488\u5bf9\u8fd9\u79cd\u95ee\u9898\uff0c\u6211\u4eec\u53ea\u9700\u8981\u628a\u73af\u4e0a\u7684\u7279\u5b9a\u8282\u70b9\u624b\u52a8\u65ad\u5f00\u5373\u53ef\u3002\u7c7b\u4f3c\u7684\u8fd8\u6709\u4e00\u4e9b\u6d4b\u8bd5\u4f9d\u8d56\u5e93\u3002\u53e6\u4e00\u79cd\u89c4\u907f\u65b9\u6cd5\u662f\u8df3\u8fc7\u6587\u6863\u3001\u6d4b\u8bd5\u8fd9\u79cd\u975e\u6838\u5fc3\u5e93\uff0c\u8fd9\u6837\u4e0d\u4ec5\u907f\u514d\u4e86\u4f9d\u8d56\u73af\u7684\u5f62\u6210\uff0c\u4e5f\u4f1a\u6781\u5927\u51cf\u5c11\u8f6f\u4ef6\u5305\u7684\u6570\u91cf\uff0c\u964d\u4f4e\u5f00\u53d1\u5de5\u4f5c\u91cf\u3002\u4ee5OpenStack Wallaby\u7248\u672c\u4e3a\u4f8b\uff0c\u5168\u91cf\u4f9d\u8d56\u5305\u5927\u6982\u5728700+\u4ee5\u4e0a\uff0c\u53bb\u6389\u6587\u6863\u3001\u6d4b\u8bd5\u540e\uff0c\u4f9d\u8d56\u5305\u5927\u6982\u662f300+\u5de6\u53f3\u3002\u56e0\u6b64\u6211\u4eec\u5f15\u5165`core`\u6838\u5fc3\u7684\u6982\u5ff5\uff0c\u7528\u6237\u6839\u636e\u81ea\u5df1\u7684\u9700\u6c42\uff0c\u9009\u62e9\u8981\u5206\u6790\u7684\u8f6f\u4ef6\u8303\u56f4\u3002\u53e6\u5916\u867d\u7136OpenStack\u5305\u542b\u670d\u52a1\u51e0\u5341\u4e2a\uff0c\u4f46\u7528\u6237\u53ef\u80fd\u53ea\u9700\u8981\u5176\u4e2d\u7684\u67d0\u4e9b\u670d\u52a1\uff0c\u56e0\u6b64\u6211\u4eec\u53e6\u5916\u5f15\u5165`projects`\u8fc7\u6ee4\u5668\uff0c\u7528\u6237\u53ef\u4ee5\u6839\u636e\u81ea\u5df1\u7684\u9700\u6c42\uff0c\u6307\u5b9a\u5206\u6790\u7684\u8f6f\u4ef6\u4f9d\u8d56\u8303\u56f4\u3002 \u4f9d\u8d56\u6bd4\u5bf9 \u4f9d\u8d56\u5206\u6790\u5b8c\u540e\uff0c\u8fd8\u8981\u6709\u5bf9\u5e94\u7684openEuler\u5f00\u53d1\u52a8\u4f5c\uff0c\u56e0\u6b64\u6211\u4eec\u8fd8\u8981\u63d0\u4f9b\u57fa\u4e8e\u76ee\u6807openEuler\u7248\u672c\u7684RPM\u8f6f\u4ef6\u5305\u5f00\u53d1\u5efa\u8bae\u3002openEuler\u4e0eOpenStack\u7248\u672c\u4e4b\u95f4\u6709N:N\u7684\u6620\u5c04\u5173\u7cfb\uff0c\u4e00\u4e2aopenEuler\u7248\u672c\u53ef\u4ee5\u652f\u6301\u591a\u4e2aOpenStack\u7248\u672c\uff0c\u4e00\u4e2aOpenStack\u7248\u672c\u53ef\u4ee5\u90e8\u7f72\u5728\u591a\u4e2aopenEuler\u7248\u672c\u4e0a\u3002\u7528\u6237\u5728\u6307\u5b9a\u4e86\u76ee\u6807openEuler\u7248\u672c\u548cOpenStack\u7248\u672c\u540e\uff0c\u672c\u529f\u80fd\u81ea\u52a8\u904d\u5386openEuler\u8f6f\u4ef6\u5e93\uff0c\u5206\u6790\u5e76\u8f93\u51faOpenStack\u6d89\u53ca\u7684\u5168\u91cf\u8f6f\u4ef6\u5305\u9700\u8981\u8fdb\u884c\u4e86\u64cd\u4f5c\uff0c\u4f8b\u5982\u9700\u8981\u521d\u59cb\u5316\u4ed3\u5e93\u3001\u521b\u5efaopenEuler\u5206\u652f\u3001\u5347\u7ea7\u8f6f\u4ef6\u5305\u7b49\u7b49\u3002\u4e3a\u5f00\u53d1\u8005\u540e\u7eed\u7684\u5f00\u53d1\u63d0\u4f9b\u6307\u5bfc\u3002 2.2.1 \u7248\u672c\u5339\u914d\u89c4\u8303 \u00b6 \u4f9d\u8d56\u5206\u6790 \u8f93\u5165\uff1a\u76ee\u6807OpenStack\u7248\u672c\u3001\u76ee\u6807OpenStack\u670d\u52a1\u5217\u8868\u3001\u662f\u5426\u53ea\u5206\u6790\u6838\u5fc3\u8f6f\u4ef6 \u8f93\u51fa\uff1a\u6240\u6709\u6d89\u53ca\u7684\u8f6f\u4ef6\u5305\u53ca\u6bcf\u4e2a\u8f6f\u4ef6\u5305\u7684\u5bf9\u5e94\u5185\u5bb9\u3002\u683c\u5f0f\u5982\u4e0b\uff1a \u2514\u2500\u2500{OpenStack\u7248\u672c\u540d}_cached_file \u2514\u2500\u2500packageA.yaml \u2514\u2500\u2500packageB.yaml \u2514\u2500\u2500packageC.yaml ...... \u6bcf\u4e2a\u8f6f\u4ef6\u5185\u5bb9\u683c\u5f0f\u5982\u4e0b\uff1a { \"name\": \"packageA\", \"version_dict\": { \"version\": \"0.3.7\", \"eq_version\": \"\", \"ge_version\": \"0.3.5\", \"lt_version\": \"\", \"ne_version\": [], \"upper_version\": \"0.3.7\"}, \"deep\": { \"count\": 1, \"list\": [\"packageB\", \"packageC\"]}, \"requires\": {} } \u5173\u952e\u5b57\u8bf4\u660e | Key | Description | |:-----------------:|:-----------:| | name | \u8f6f\u4ef6\u5305\u540d | | version_dict | \u8f6f\u4ef6\u7248\u672c\u8981\u6c42\uff0c\u5305\u62ec\u7b49\u4e8e\u3001\u5927\u4e8e\u7b49\u4e8e\u3001\u5c0f\u4e8e\u3001\u4e0d\u7b49\u4e8e\uff0c\u7b49\u7b49 | | version_dict.deep | \u8868\u793a\u8be5\u8f6f\u4ef6\u5728\u5168\u91cf\u4f9d\u8d56\u6811\u7684\u6df1\u5ea6\uff0c\u4ee5\u53ca\u6df1\u5ea6\u904d\u5386\u7684\u8def\u5f84 | | requires | \u5305\u542b\u672c\u8f6f\u4ef6\u7684\u4f9d\u8d56\u8f6f\u4ef6\u5217\u8868 | \u4f9d\u8d56\u6bd4\u5bf9 \u8f93\u5165\uff1a\u4f9d\u8d56\u5206\u6790\u7ed3\u679c\u3001\u76ee\u6807openEuler\u7248\u672c\u4ee5\u53cabase\u6bd4\u5bf9\u57fa\u7ebf \u8f93\u51fa\uff1a\u4e00\u4e2a\u8868\u683c\uff0c\u5305\u542b\u6bcf\u4e2a\u8f6f\u4ef6\u7684\u5206\u6790\u7ed3\u679c\u53ca\u5904\u7406\u5efa\u8bae\uff0c\u6bcf\u4e00\u884c\u8868\u793a\u4e00\u4e2a\u8f6f\u4ef6\uff0c\u6240\u6709\u5217\u540d\u53ca\u5b9a\u4e49\u89c4\u8303\u5982\u4e0b\uff1a Column Description Project Name \u8f6f\u4ef6\u5305\u540d openEuler Repo \u8f6f\u4ef6\u5728openEuler\u4e0a\u7684\u6e90\u7801\u4ed3\u5e93\u540d Repo version openEuler\u4e0a\u7684\u6e90\u7801\u7248\u672c Required (Min) Version \u8981\u6c42\u7684\u6700\u5c0f\u7248\u672c lt Version \u8981\u6c42\u5c0f\u4e8e\u7684\u7248\u672c ne Version \u8981\u6c42\u7684\u4e0d\u7b49\u4e8e\u7248\u672c Upper Version \u8981\u6c42\u7684\u6700\u5927\u7248\u672c Status \u5f00\u53d1\u5efa\u8bae Requires \u8f6f\u4ef6\u7684\u4f9d\u8d56\u5217\u8868 Depth \u8f6f\u4ef6\u7684\u4f9d\u8d56\u6811\u6df1\u5ea6 \u5176\u4e2d Status \u5305\u542b\u7684\u5efa\u8bae\u6709: - \u201cOK\u201d\uff1a\u5f53\u524d\u7248\u672c\u76f4\u63a5\u53ef\u7528\uff0c\u4e0d\u9700\u8981\u5904\u7406\u3002 - \u201cNeed Create Repo\u201d\uff1aopenEuler \u7cfb\u7edf\u4e2d\u6ca1\u6709\u6b64\u8f6f\u4ef6\u5305\uff0c\u9700\u8981\u5728 Gitee \u4e2d\u7684 src-openeuler repo \u4ed3\u65b0\u5efa\u4ed3\u5e93\u3002 - \u201cNeed Create Branch\u201d\uff1a\u4ed3\u5e93\u4e2d\u6ca1\u6709\u6240\u9700\u5206\u652f\uff0c\u9700\u8981\u5f00\u53d1\u8005\u521b\u5efa\u5e76\u521d\u59cb\u5316\u3002 - \u201cNeed Init Branch\u201d\uff1a\u8868\u660e\u5206\u652f\u5b58\u5728\uff0c\u4f46\u662f\u91cc\u9762\u5e76\u6ca1\u6709\u4efb\u4f55\u7248\u672c\u7684\u6e90\u7801\u5305\uff0c\u5f00\u53d1\u8005\u9700\u8981\u5bf9\u6b64\u5206\u652f\u8fdb\u884c\u521d\u59cb\u5316\u3002 - \u201cNeed Downgrade\u201d\uff1a\u964d\u7ea7\u8f6f\u4ef6\u5305\u3002 - \u201cNeed Upgrade\u201d\uff1a\u5347\u7ea7\u8f6f\u4ef6\u5305\u3002 \u5f00\u53d1\u8005\u6839\u636e Status \u7684\u5efa\u8bae\u8fdb\u884c\u540e\u7eed\u5f00\u53d1\u52a8\u4f5c\u3002 2.2.2 API\u548cCLI\u5b9a\u4e49 \u00b6 \u521b\u5efa\u4f9d\u8d56\u5206\u6790 CLI: oos dependence analysis create endpoint: /dependence/analysis type: POST sync OR async: async request body: { \"release\"[required]: Enum(\"OpenStack Relase\"), \"runtime\"[optional][Default: \"3.10\"]: Enum(\"Python version\"), \"core\"[optional][Default: False]: Boolean, \"projects\"[optional][Default: None]: List(\"OpenStack service\") } response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } \u83b7\u53d6\u4f9d\u8d56\u5206\u6790 CLI: oos dependence analysis show \u3001 oos dependence analysis list endpoint: /dependence/analysis/{UUID} \u3001 /dependence/analysis type: GET sync OR async: sync request body: None response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\", \"OK\") } \u5220\u9664\u4f9d\u8d56\u5206\u6790 CLI: oos dependence analysis delete endpoint: /dependence/analysis/{UUID} type: DELETE sync OR async: sync request body: None response body: { \"ID\": UUID, \"status\": Enum(\"Error\", \"OK\") } \u521b\u5efa\u4f9d\u8d56\u6bd4\u5bf9 CLI: oos dependence generate endpoint: /dependence/generate type: POST sync OR async: async request body: { \"analysis_id\"[required]: UUID, \"compare\"[optional][Default: None]: { \"token\"[required]: GITEE_TOKEN_ID, \"compare-from\"[optional][Default: master]: Enum(\"openEuler project branch\"), \"compare-branch\"[optional][Default: master]: Enum(\"openEuler project branch\") } } response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } \u83b7\u53d6\u4f9d\u8d56\u6bd4\u5bf9 CLI: oos dependence generate show \u3001 oos dependence generate list endpoint: /dependence/generate/{UUID} \u3001 /dependence/generate type: GET sync OR async: sync request body: None response body: { \"ID\": UUID, \"data\" RAW(result data file) } \u5220\u9664\u4f9d\u8d56\u6bd4\u5bf9 CLI: oos dependence generate delete endpoint: /dependence/generate/{UUID} type: DELETE sync OR async: sync request body: None response body: { \"ID\": UUID, \"status\": Enum(\"Error\", \"OK\") } 2.3 \u8f6f\u4ef6SPEC\u751f\u6210\u529f\u80fd \u00b6 OpenStack\u4f9d\u8d56\u7684\u5927\u91cfpython\u5e93\u662f\u9762\u5411\u5f00\u53d1\u8005\u7684\uff0c\u8fd9\u79cd\u5e93\u4e0d\u5bf9\u5916\u63d0\u4f9b\u7528\u6237\u670d\u52a1\uff0c\u53ea\u63d0\u4f9b\u4ee3\u7801\u7ea7\u8c03\u7528\uff0c\u5176RPM\u5185\u5bb9\u6784\u6210\u5355\u4e00\u3001\u683c\u5f0f\u56fa\u5b9a\uff0c\u9002\u5408\u4f7f\u7528\u5de5\u5177\u5316\u65b9\u5f0f\u63d0\u9ad8\u5f00\u53d1\u6548\u7387\u3002 2.3.1 SPEC\u751f\u6210\u89c4\u8303 \u00b6 SPEC\u7f16\u5199\u4e00\u822c\u5206\u4e3a\u51e0\u4e2a\u9636\u6bb5\uff0c\u6bcf\u4e2a\u9636\u6bb5\u6709\u5bf9\u5e94\u7684\u89c4\u8303\u8981\u6c42\uff1a 1. \u5e38\u89c4\u9879\u586b\u5199\uff0c\u5305\u62ecName\u3001Version\u3001Release\u3001Summary\u3001License\u7b49\u5185\u5bb9\uff0c\u8fd9\u4e9b\u5185\u5bb9\u7531\u76ee\u6807\u8f6f\u4ef6\u7684pypi\u4fe1\u606f\u63d0\u4f9b 2. \u5b50\u8f6f\u4ef6\u5305\u4fe1\u606f\u586b\u5199\uff0c\u5305\u62ec\u8f6f\u4ef6\u5305\u540d\u3001\u7f16\u8bd1\u4f9d\u8d56\u3001\u5b89\u88c5\u4f9d\u8d56\u3001\u63cf\u8ff0\u4fe1\u606f\u7b49\u3002\u8fd9\u4e9b\u5185\u5bb9\u4e5f\u7531\u76ee\u6807\u8f6f\u4ef6\u7684pypi\u4fe1\u606f\u63d0\u4f9b\u3002\u5176\u4e2d\u8f6f\u4ef6\u5305\u540d\u9700\u8981\u6709\u660e\u663e\u7684python\u5316\u663e\u793a\uff0c\u6bd4\u5982\u4ee5 python3- \u4e3a\u524d\u7f00\u3002 3. \u6784\u5efa\u8fc7\u7a0b\u4fe1\u606f\u586b\u5199\uff0c\u5305\u62ec%prep\u3001%build %install %check\u5185\u5bb9\uff0c\u8fd9\u4e9b\u5185\u5bb9\u5f62\u5f0f\u56fa\u5b9a\uff0c\u751f\u6210\u5bf9\u5e94rpm\u5b8f\u547d\u4ee4\u5373\u53ef\u3002 4. RPM\u5305\u6587\u4ef6\u5c01\u88c5\u9636\u6bb5\uff0c\u672c\u9636\u6bb5\u901a\u8fc7\u6587\u4ef6\u641c\u7d22\u65b9\u5f0f\uff0c\u628abin\u3001lib\u3001doc\u7b49\u5185\u5bb9\u5206\u522b\u653e\u5230\u5bf9\u5e94\u76ee\u5f55\u5373\u53ef\u3002 NOTE \uff1a\u5728\u901a\u7528\u89c4\u8303\u5916\uff0c\u4e5f\u6709\u4e00\u4e9b\u4f8b\u5916\u60c5\u51b5\uff0c\u9700\u8981\u7279\u6b8a\u8bf4\u660e\uff1a 1. \u8f6f\u4ef6\u5305\u540d\u5982\u679c\u672c\u8eab\u5df2\u5305\u542b python \u8fd9\u6837\u7684\u5b57\u773c\uff0c\u4e0d\u518d\u9700\u8981\u6dfb\u52a0 python- \u6216 python3- \u524d\u7f00\u3002 2. \u8f6f\u4ef6\u6784\u5efa\u548c\u5b89\u88c5\u9636\u6bb5\uff0c\u6839\u636e\u8f6f\u4ef6\u672c\u8eab\u7684\u5b89\u88c5\u65b9\u5f0f\u4e0d\u540c\uff0c\u5b8f\u547d\u4ee4\u5305\u62ec %py3_build \u6216 pyproject_build \uff0c\u9700\u8981\u4eba\u5de5\u5ba1\u89c6\u3002 3. \u5982\u679c\u8f6f\u4ef6\u672c\u8eab\u5305\u542bC\u8bed\u8a00\u7b49\u7f16\u8bd1\u7c7b\u4ee3\u7801\uff0c\u5219\u9700\u8981\u79fb\u9664 BuildArch: noarch \u5173\u952e\u5b57,\u5e76\u4e14\u5728%file\u9636\u6bb5\u6ce8\u610fRPM\u5b8f %{python3_sitelib} \u548c %{python3_sitearch} \u7684\u533a\u522b\u3002 2.3.2 API\u548cCLI\u5b9a\u4e49 \u00b6 \u521b\u5efaSPEC CLI: oos spec create endpoint: /spec type: POST sync OR async: async request body: { \"name\"[required]: String, \"version\"[optional][Default: \"latest\"]: String, \"arch\"[optional][Default: False]: Boolean, \"check\"[optional][Default: True]: Boolean, \"pyproject\"[optional][Default: False]: Boolean, } response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } \u83b7\u53d6SPEC CLI: oos spec show \u3001 oos spec list endpoint: /spec/{UUID} \u3001 /spec/ type: GET sync OR async: sync request body: None response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\", \"OK\") } \u66f4\u65b0SPEC CLI: oos spec update endpoint: /spec/{UUID} type: POST sync OR async: async request body: { \"name\"[required]: String, \"version\"[optional][Default: \"latest\"]: String, } response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } \u5220\u9664SPEC CLI: oos spec delete endpoint: /spec/{UUID} type: DELETE sync OR async: sync request body: None response body: { \"ID\": UUID, \"status\": Enum(\"Error\", \"OK\") } 2.4 \u81ea\u52a8\u5316\u90e8\u7f72\u3001\u6d4b\u8bd5\u529f\u80fd \u00b6 OpenStack\u7684\u90e8\u7f72\u573a\u666f\u591a\u6837\u3001\u90e8\u7f72\u6d41\u7a0b\u590d\u6742\u3001\u90e8\u7f72\u6280\u672f\u95e8\u69db\u8f83\u9ad8\uff0c\u4e3a\u4e86\u89e3\u51b3\u95e8\u69db\u9ad8\u3001\u6548\u7387\u4f4e\u3001\u4eba\u529b\u591a\u7684\u95ee\u9898\uff0copenEuler OpenStack\u5f00\u53d1\u5e73\u53f0\u9700\u8981\u63d0\u4f9b\u81ea\u52a8\u5316\u90e8\u7f72\u3001\u6d4b\u8bd5\u529f\u80fd\u3002 \u81ea\u52a8\u5316\u90e8\u7f72 \u63d0\u4f9b\u57fa\u4e8eopenEuler\u7684OpenStack\u7684\u4e00\u952e\u90e8\u7f72\u80fd\u529b\uff0c\u5305\u62ec\u652f\u6301\u4e0d\u540c\u67b6\u6784\u3001\u4e0d\u540c\u670d\u52a1\u3001\u4e0d\u540c\u573a\u666f\u7684\u90e8\u7f72\u529f\u80fd\uff0c\u63d0\u4f9b\u57fa\u4e8e\u4e0d\u540c\u73af\u5883\u5feb\u901f\u53d1\u653e\u3001\u914d\u7f6eopenEuler\u73af\u5883\u7684\u80fd\u529b\u3002\u5e76\u63d0\u4f9b \u63d2\u4ef6\u5316 \u80fd\u529b\uff0c\u65b9\u4fbf\u7528\u6237\u6269\u5c55\u652f\u6301\u7684\u90e8\u7f72\u540e\u7aef\u548c\u573a\u666f\u3002 \u81ea\u52a8\u5316\u6d4b\u8bd5 \u63d0\u4f9b\u57fa\u4e8eopenEuler\u7684OpenStack\u7684\u4e00\u952e\u6d4b\u8bd5\u80fd\u529b\uff0c\u5305\u62ec\u652f\u6301\u4e0d\u540c\u573a\u666f\u7684\u6d4b\u8bd5\uff0c\u63d0\u4f9b\u7528\u6237\u81ea\u5b9a\u4e49\u6d4b\u8bd5\u7684\u80fd\u529b\uff0c\u5e76\u89c4\u8303\u6d4b\u8bd5\u62a5\u544a\uff0c\u4ee5\u53ca\u652f\u6301\u5bf9\u6d4b\u8bd5\u7ed3\u679c\u4e0a\u62a5\u548c\u6301\u4e45\u5316\u7684\u80fd\u529b\u3002 2.4.1 \u81ea\u52a8\u5316\u90e8\u7f72 \u00b6 \u81ea\u52a8\u5316\u90e8\u7f72\u4e3b\u8981\u5305\u62ec\u4e24\u90e8\u5206\uff1aopenEuler\u73af\u5883\u51c6\u5907\u548cOpenStack\u90e8\u7f72\u3002 openEuler\u73af\u5883\u51c6\u5907 \u63d0\u4f9b\u5feb\u901f\u53d1\u653eopenEuler\u73af\u5883\u7684\u80fd\u529b\uff0c\u652f\u6301\u7684\u53d1\u653e\u65b9\u5f0f\u5305\u62ec \u521b\u5efa\u516c\u6709\u4e91\u8d44\u6e90 \u548c \u7eb3\u7ba1\u5df2\u6709\u73af\u5883 \uff0c\u5177\u4f53\u8bbe\u8ba1\u5982\u4e0b\uff1a **NOTE** openEuler\u7684OpenStack\u652f\u6301\u4ee5RPM + systemd\u7684\u65b9\u5f0f\u4e3a\u4e3b\uff0c\u6682\u4e0d\u652f\u6301\u5bb9\u5668\u65b9\u5f0f\u3002 \u521b\u5efa\u516c\u6709\u4e91\u8d44\u6e90 \u521b\u5efa\u516c\u6709\u4e91\u8d44\u6e90\u4ee5\u865a\u62df\u673a\u652f\u6301\u4e3a\u4e3b\uff08\u88f8\u673a\u5728\u4e91\u4e0a\u64cd\u4f5c\u8d1f\u8d23\uff0c\u751f\u6001\u6ee1\u8db3\u5ea6\u4e0d\u8db3\uff0c\u6682\u4e0d\u505a\u652f\u6301\uff09\u3002\u91c7\u7528\u63d2\u4ef6\u5316\u65b9\u5f0f\uff0c\u63d0\u4f9b\u591a\u4e91\u652f\u6301\u7684\u80fd\u529b\uff0c\u4ee5\u534e\u4e3a\u4e91\u4e3a\u53c2\u8003\u5b9e\u73b0\uff0c\u4f18\u5148\u5b9e\u73b0\u3002\u5176\u4ed6\u4e91\u7684\u652f\u6301\u6839\u636e\u7528\u6237\u9700\u6c42\uff0c\u6301\u7eed\u63a8\u8fdb\u3002\u6839\u636e\u573a\u666f\uff0c\u652f\u6301all in one\u548c\u4e09\u8282\u70b9\u62d3\u6251\u3002 1. \u521b\u5efa\u73af\u5883 - CLI: oos env create - endpoint: `/environment` - type: POST - sync OR async: async - request body: ``` { \"name\"[required]: String, \"type\"[required]: Enmu(\"all-in-one\", \"cluster\"), \"release\"[required]: Enmu(\"openEuler_Release\"), \"flavor\"[required]\uff1a Enmu(\"small\", \"medium\", \"large\"), \"arch\"[required]\uff1a Enmu(\"x86\", \"arm64\"), } ``` - response body: ``` { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } ``` \u67e5\u8be2\u73af\u5883 CLI: oos env list endpoint: /environment type: GET sync OR async: async request body: None response body: { \"ID\": UUID, \"Provider\": String, \"Name\": String, \"IP\": IP_ADDRESS, \"Flavor\": Enmu(\"small\", \"medium\", \"large\"), \"openEuler_release\": String, \"OpenStack_release\": String, \"create_time\": TIME, } \u5220\u9664\u73af\u5883 CLI: oos env delete endpoint: /environment/{UUID} type: DELETE sync OR async: sync request body: None response body: { \"ID\": UUID, \"status\": Enum(\"Error\", \"OK\") } \u7eb3\u7ba1\u5df2\u6709\u73af\u5883 \u7528\u6237\u8fd8\u53ef\u4ee5\u76f4\u63a5\u4f7f\u7528\u5df2\u6709\u7684openEuler\u73af\u5883\u8fdb\u884cOpenStack\u90e8\u7f72\uff0c\u9700\u8981\u628a\u5df2\u6709\u73af\u5883\u7eb3\u7ba1\u5230\u5e73\u53f0\u4e2d\u3002\u7eb3\u7ba1\u540e\uff0c\u73af\u5883\u4e0e\u521b\u5efa\u7684\u9879\u76ee\uff0c\u53ef\u4ee5\u76f4\u63a5\u67e5\u8be2\u6216\u5220\u9664\u3002 1. \u7eb3\u7ba1\u73af\u5883 - CLI: oos env manage - endpoint: `/environment/manage` - type: POST - sync OR async: sync - request body: ``` { \"name\"[required]: String, \"ip\"[required]: IP_ADDRESS, \"release\"[required]: Enmu(\"openEuler_Release\"), \"password\"[required]\uff1a String, } ``` - response body: ``` { \"ID\": UUID, \"status\": Enum(\"Error\", \"OK\") } ``` OpenStack\u90e8\u7f72 \u63d0\u4f9b\u5728\u5df2\u521b\u5efa/\u7eb3\u7ba1\u7684openEuler\u73af\u5883\u4e0a\u90e8\u7f72\u6307\u5b9aOpenStack\u7248\u672c\u7684\u80fd\u529b\u3002 1. \u90e8\u7f72OpenStack - CLI: oos env setup - endpoint: `/environment/setup` - type: POST - sync OR async: async - request body: ``` { \"target\"[required]: UUID(environment), \"release\"[required]: Enmu(\"OpenStack_Release\"), } ``` - response body: ``` { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } ``` \u521d\u59cb\u5316OpenStack\u8d44\u6e90 CLI: oos env init endpoint: /environment/init type: POST sync OR async: async request body: { \"target\"[required]: UUID(environment), } response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } \u5378\u8f7d\u5df2\u90e8\u7f72OpenStack CLI: oos env clean endpoint: /environment/clean type: POST sync OR async: async request body: { \"target\"[required]: UUID(environment), } response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } \u81ea\u52a8\u5316\u6d4b\u8bd5 \u00b6 \u73af\u5883\u90e8\u7f72\u6210\u529f\u540e\uff0cSIG\u5f00\u53d1\u5e73\u53f0\u63d0\u4f9b\u57fa\u4e8e\u5df2\u90e8\u7f72OpenStack\u73af\u5883\u7684\u81ea\u52a8\u5316\u6d4b\u8bd5\u529f\u80fd\u3002\u4e3b\u8981\u5305\u542b\u4ee5\u4e0b\u51e0\u4e2a\u91cd\u8981\u5185\u5bb9\uff1a OpenStack\u672c\u8eab\u63d0\u4f9b\u4e00\u5957\u5b8c\u5584\u7684\u6d4b\u8bd5\u6846\u67b6\u3002\u5305\u62ec \u5355\u5143\u6d4b\u8bd5 \u548c \u529f\u80fd\u6d4b\u8bd5 \uff0c\u5176\u4e2d \u5355\u5143\u6d4b\u8bd5 \u5728 2.3\u7ae0\u8282 \u4e2d\u5df2\u7ecf\u7531RPM spec\u5305\u542b\uff0cspec\u7684%check\u9636\u6bb5\u53ef\u4ee5\u5b9a\u4e49\u6bcf\u4e2a\u9879\u76ee\u7684\u5355\u5143\u6d4b\u8bd5\u65b9\u5f0f\uff0c\u4e00\u822c\u60c5\u51b5\u4e0b\u53ea\u9700\u8981\u6dfb\u52a0 pytest \u6216 stestr \u5373\u53ef\u3002 \u529f\u80fd\u6d4b\u8bd5 \u7531OpenStack Tempest\u670d\u52a1\u63d0\u4f9b\uff0c\u5728\u4e0a\u6587\u6240\u8ff0\u7684\u81ea\u52a8\u5316\u90e8\u7f72 oos env init \u9636\u6bb5\uff0coos\u4f1a\u81ea\u52a8\u5b89\u88c5Tempest\u5e76\u751f\u6210\u9ed8\u8ba4\u7684\u914d\u7f6e\u6587\u4ef6\u3002 - CLI: oos env test endpoint: /environment/test type: POST sync OR async: async request body: { \"target\"[required]: UUID(environment), } response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } \u6d4b\u8bd5\u6267\u884c\u5b8c\u540e\uff0coos\u4f1a\u8f93\u51fa\u6d4b\u8bd5\u62a5\u544a\uff0c\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0coos\u4f7f\u7528 subunit2html \u5de5\u5177\uff0c\u751f\u6210html\u683c\u5f0f\u7684Tempest\u6d4b\u8bd5\u7ed3\u679c\u6587\u4ef6\u3002 2.5 openEuler\u81ea\u52a8\u5316\u5f00\u53d1\u529f\u80fd \u00b6 OpenStack\u6d89\u53ca\u8f6f\u4ef6\u5305\u4f17\u591a\uff0c\u968f\u7740\u7248\u672c\u4e0d\u65ad\u5730\u6f14\u8fdb\u3001\u652f\u6301\u670d\u52a1\u4e0d\u65ad\u7684\u5b8c\u5584\uff0cSIG\u7ef4\u62a4\u7684\u8f6f\u4ef6\u5305\u5217\u8868\u4f1a\u4e0d\u65ad\u5237\u65b0\uff0c\u4e3a\u4e86\u964d\u4f4e\u91cd\u590d\u7684\u5f00\u53d1\u52a8\u4f5c\uff0coos\u8fd8\u5c01\u88c5\u4e86\u4e00\u4e9b\u6613\u7528\u7684\u4ee3\u7801\u5f00\u53d1\u5e73\u53f0\u81ea\u52a8\u5316\u80fd\u529b\uff0c\u6bd4\u5982\u57fa\u4e8eGitee\u7684\u81ea\u52a8\u4ee3\u7801\u63d0\u4ea4\u80fd\u529b\u3002\u529f\u80fd\u5982\u4e0b\uff1a \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u2502 Code Action \u2502 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2502 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u253c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u2502 \u2502 \u2502 \u250c\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u2502Repo Action\u2502 \u2502Branch Action\u2502 \u2502Pull Request Action\u2502 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 Repo Action \u63d0\u4f9b\u4e0e\u8f6f\u4ef6\u4ed3\u76f8\u5173\u7684\u81ea\u52a8\u5316\u529f\u80fd\uff1a \u81ea\u52a8\u5efa\u4ed3 CLI: oos repo create endpoint: /repo type: POST sync OR async: async request body: { \"project\"[required]: String, \"repo\"[required]: String, \"push\"[optional][Default: \"False\"]: Boolean, } response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } Branch Action \u63d0\u4f9b\u4e0e\u8f6f\u4ef6\u5206\u652f\u76f8\u5173\u7684\u81ea\u52a8\u5316\u529f\u80fd\uff1a \u81ea\u52a8\u521b\u5efa\u5206\u652f CLI: oos repo branch-create endpoint: /repo/branch type: POST sync OR async: async request body: { \"branches\"[required]: { \"branch-name\"[required]: String, \"branch-type\"[optional][Default: \"None\"]: Enum(\"protected\"), \"parent-branch\"[required]: String } } response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } Pull Request Action \u63d0\u4f9b\u4e0e\u4ee3\u7801PR\u76f8\u5173\u7684\u81ea\u52a8\u5316\u529f\u80fd\uff1a \u65b0\u589ePR\u8bc4\u8bba\uff0c\u65b9\u4fbf\u7528\u6237\u6267\u884c\u7c7b\u4f3c retest \u3001 /lgtm \u7b49\u5e38\u89c4\u5316\u8bc4\u8bba\u3002 CLI: oos repo pr-comment endpoint: /repo/pr/comment type: POST sync OR async: sync request body: { \"repo\"[required]: String, \"pr_number\"[required]: Int, \"comment\"[required]: String } response body: { \"ID\": UUID, \"status\": Enum(\"OK\", \"Error\") } \u83b7\u53d6SIG\u6240\u6709PR\uff0c\u65b9\u4fbfmaintainer\u83b7\u53d6\u5f53\u524dSIG\u7684\u5f00\u53d1\u73b0\u72b6\uff0c\u63d0\u9ad8\u8bc4\u5ba1\u6548\u7387\u3002 CLI: oos repo pr-fetch endpoint: /repo/pr/fetch type: POST sync OR async: async request body: { \"repo\"[optional][Default: \"None\"]: List[String] } response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } 3. \u8d28\u91cf\u3001\u5b89\u5168\u4e0e\u5408\u89c4 \u00b6 SIG\u5f00\u6e90\u8f6f\u4ef6\u9700\u8981\u7b26\u5408openeEuler\u793e\u533a\u5bf9\u5176\u4e2d\u8f6f\u4ef6\u7684\u5404\u79cd\u8981\u6c42\uff0c\u5e76\u4e14\u4e5f\u8981\u7b26\u5408OpenStack\u793e\u533a\u8f6f\u4ef6\u7684\u51fa\u53e3\u6807\u51c6\u3002 3.1 \u8d28\u91cf\u4e0e\u5b89\u5168 \u00b6 \u8f6f\u4ef6\u8d28\u91cf\uff08\u53ef\u670d\u52a1\u6027\uff09 \u5bf9\u5e94\u8f6f\u4ef6\u4ee3\u7801\u9700\u5305\u542b\u5355\u5143\u6d4b\u8bd5\uff0c\u8986\u76d6\u7387\u4e0d\u4f4e\u4e8e80%\u3002 \u9700\u63d0\u4f9b\u7aef\u5230\u7aef\u529f\u80fd\u6d4b\u8bd5\uff0c\u8986\u76d6\u4e0a\u8ff0\u6240\u6709\u63a5\u53e3\uff0c\u4ee5\u53ca\u6838\u5fc3\u7684\u573a\u666f\u6d4b\u8bd5\u3002 \u57fa\u4e8eopenEuler\u793e\u533aCI\uff0c\u6784\u5efaCI/CD\u6d41\u7a0b\uff0c\u6240\u6709Pull Request\u8981\u6709CI\u4fdd\u8bc1\u4ee3\u7801\u8d28\u91cf\uff0c\u5b9a\u671f\u53d1\u5e03release\u7248\u672c\uff0c\u8f6f\u4ef6\u53d1\u5e03\u95f4\u9694\u4e0d\u5927\u4e8e3\u4e2a\u6708\u3002 \u57fa\u4e8eGitee ISSUE\u7cfb\u7edf\u5904\u7406\u7528\u6237\u53d1\u73b0\u5e76\u53cd\u9988\u7684\u95ee\u9898\uff0c\u95ed\u73af\u7387\u5927\u4e8e80%\uff0c\u95ed\u73af\u5468\u671f\u4e0d\u8d85\u8fc71\u5468\u3002 \u8f6f\u4ef6\u5b89\u5168 \u6570\u636e\u5b89\u5168\uff1a\u8f6f\u4ef6\u5168\u7a0b\u4e0d\u8054\u7f51\uff0c\u6301\u4e45\u5b58\u50a8\u4e2d\u4e0d\u5305\u542b\u7528\u6237\u654f\u611f\u4fe1\u606f\u3002 \u7f51\u7edc\u5b89\u5168\uff1aOOS\u5728REST\u67b6\u6784\u4e0b\u4f7f\u7528http\u534f\u8bae\u901a\u4fe1\uff0c\u4f46\u8f6f\u4ef6\u8bbe\u8ba1\u76ee\u6807\u5b9e\u5728\u5185\u7f51\u73af\u5883\u4e2d\u4f7f\u7528\uff0c\u4e0d\u5efa\u8bae\u66b4\u9732\u5728\u516c\u7f51IP\u4e2d\uff0c\u5982\u5fc5\u987b\u5982\u6b64\uff0c\u5efa\u8bae\u589e\u52a0\u8bbf\u95eeIP\u767d\u540d\u5355\u9650\u5236\u3002 \u7cfb\u7edf\u5b89\u5168\uff1a\u57fa\u4e8eopenEuler\u5b89\u5168\u673a\u5236\uff0c\u5b9a\u671f\u53d1\u5e03CVE\u4fee\u590d\u6216\u5b89\u5168\u8865\u4e01\u3002 \u5e94\u7528\u5c42\u5b89\u5168\uff1a\u4e0d\u6d89\u53ca\uff0c\u4e0d\u63d0\u4f9b\u5e94\u7528\u7ea7\u5b89\u5168\u670d\u52a1\uff0c\u4f8b\u5982\u5bc6\u7801\u7b56\u7565\u3001\u8bbf\u95ee\u63a7\u5236\u7b49\u3002 \u7ba1\u7406\u5b89\u5168\uff1a\u8f6f\u4ef6\u63d0\u4f9b\u65e5\u5fd7\u751f\u6210\u548c\u5468\u671f\u6027\u5907\u4efd\u673a\u5236\uff0c\u65b9\u4fbf\u7528\u6237\u5b9a\u671f\u5ba1\u8ba1\u3002 \u53ef\u9760\u6027 \u672c\u8f6f\u4ef6\u9762\u5411openEuler\u793e\u533aOpenStack\u5f00\u53d1\u884c\u4e3a\uff0c\u4e0d\u6d89\u53ca\u670d\u52a1\u4e0a\u7ebf\u6216\u8005\u5546\u4e1a\u751f\u4ea7\u843d\u5730\uff0c\u6240\u6709\u4ee3\u7801\u516c\u5f00\u900f\u660e\uff0c\u4e0d\u6d89\u53ca\u79c1\u6709\u529f\u80fd\u53ca\u4ee3\u7801\u3002\u56e0\u6b64\u4e0d\u63d0\u4f9b\u4f8b\u5982\u8282\u70b9\u5197\u4f59\u3001\u5bb9\u707e\u5907\u4efd\u80fd\u529f\u80fd\u3002 3.2 \u5408\u89c4 \u00b6 License\u5408\u89c4 \u672c\u5e73\u53f0\u91c7\u7528Apache2.0 License\uff0c\u4e0d\u9650\u5236\u4e0b\u6e38fork\u8f6f\u4ef6\u7684\u95ed\u6e90\u4e0e\u5546\u4e1a\u884c\u4e3a\uff0c\u4f46\u4e0b\u6e38\u8f6f\u4ef6\u9700\u6807\u6ce8\u4ee3\u7801\u6765\u6e90\u4ee5\u53ca\u4fdd\u7559\u539f\u6709License\u3002 \u6cd5\u52a1\u5408\u89c4 \u672c\u5e73\u53f0\u7531\u5f00\u6e90\u5f00\u53d1\u8005\u5171\u540c\u5f00\u53d1\u7ef4\u62a4\uff0c\u4e0d\u6d89\u53ca\u5546\u4e1a\u516c\u53f8\u7684\u79d8\u5bc6\u4ee5\u53ca\u975e\u516c\u5f00\u4ee3\u7801\u3002\u6240\u6709\u8d21\u732e\u8005\u9700\u9075\u5b88openEuler\u793e\u533a\u8d21\u732e\u51c6\u5219\uff0c\u786e\u4fdd\u81ea\u8eab\u7684\u8d21\u732e\u5408\u89c4\u5408\u6cd5\u3002SIG\u53ca\u793e\u533a\u672c\u8eab\u4e0d\u627f\u62c5\u76f8\u5e94\u8d23\u4efb\u3002 \u5982\u53d1\u73b0\u4e0d\u5408\u89c4\u7684\u6e90\u7801\uff0cSIG\u65e0\u9700\u83b7\u53d6\u8d21\u732e\u8005\u7684\u5141\u8bb8\uff0c\u6709\u6743\u5229\u53ca\u4e49\u52a1\u53ca\u65f6\u5220\u9664\u3002\u5e76\u6709\u6743\u7981\u6b62\u4e0d\u5408\u89c4\u4ee3\u7801\u6216\u5f00\u53d1\u8005\u7ee7\u7eed\u8d21\u732e\u3002 \u5f00\u53d1\u8005\u5982\u679c\u6709\u975e\u516c\u5f00\u4ee3\u7801\u9700\u8981\u8d21\u732e\uff0c\u5219\u8981\u5148\u9075\u5b88\u672c\u516c\u53f8\u7684\u5f00\u6e90\u6d41\u7a0b\u4e0e\u89c4\u5b9a\uff0c\u5e76\u6309\u7167openEuler\u793e\u533a\u5f00\u6e90\u89c4\u8303\u516c\u5f00\u8d21\u732e\u4ee3\u7801\u3002 4. \u5b9e\u65bd\u8ba1\u5212 \u00b6 \u65f6\u95f4 \u5185\u5bb9 \u72b6\u6001 2021.06 \u5b8c\u6210\u8f6f\u4ef6\u6574\u4f53\u6846\u67b6\u7f16\u5199\uff0c\u5b9e\u73b0CLI Built-in\u673a\u5236\uff0c\u81f3\u5c11\u4e00\u4e2aAPI\u53ef\u7528 Done 2021.12 \u5b8c\u6210CLI Built-in\u673a\u5236\u7684\u5168\u91cf\u529f\u80fd\u53ef\u7528 Done 2022.06 \u5b8c\u6210\u8d28\u91cf\u52a0\u56fa\uff0c\u4fdd\u8bc1\u529f\u80fd\uff0c\u5728openEuler OpenStack\u793e\u533a\u5f00\u53d1\u6d41\u7a0b\u4e2d\u6b63\u5f0f\u5f15\u5165OOS Done 2022.12 \u4e0d\u65ad\u5b8c\u6210OOS\uff0c\u4fdd\u8bc1\u6613\u7528\u6027\u3001\u5065\u58ee\u6027\uff0c\u81ea\u52a8\u5316\u8986\u76d6\u5ea6\u8d85\u8fc780%\uff0c\u964d\u4f4e\u5f00\u53d1\u4eba\u529b\u6295\u5165 Done 2023.06 \u8865\u9f50REST\u6846\u67b6\u3001CI/CD\u6d41\u7a0b\uff0c\u4e30\u5bccPlugin\u673a\u5236\uff0c\u5f15\u5165\u66f4\u591abackend\u652f\u6301 Working in progress 2023.12 \u5b8c\u6210\u524d\u7aefGUI\u529f\u80fd Planning","title":"openEuler OpenStack \u5f00\u53d1\u5e73\u53f0"},{"location":"spec/openstack-sig-tool/#openeuler-openstack","text":"openEuler OpenStack SIG\u6210\u7acb\u4e8e2021\u5e74\uff0c\u662f\u7531\u4e2d\u56fd\u8054\u901a\u3001\u4e2d\u56fd\u7535\u4fe1\u3001\u534e\u4e3a\u3001\u7edf\u4fe1\u7b49\u516c\u53f8\u7684\u5f00\u53d1\u8005\u5171\u540c\u6295\u5165\u5e76\u7ef4\u62a4\u7684SIG\u5c0f\u7ec4\uff0c\u65e8\u5728openEuler\u4e4b\u4e0a\u63d0\u4f9b\u539f\u751f\u7684OpenStack\uff0c\u6784\u5efa\u5f00\u653e\u53ef\u9760\u7684\u4e91\u8ba1\u7b97\u6280\u672f\u6808\uff0c\u662fopenEuler\u7684\u6807\u6746SIG\u3002\u4f46OpenStack\u672c\u8eab\u6280\u672f\u590d\u6742\u3001\u5305\u542b\u670d\u52a1\u4f17\u591a\uff0c\u5f00\u53d1\u95e8\u69db\u8f83\u9ad8\uff0c\u5bf9\u8d21\u732e\u8005\u7684\u6280\u672f\u80fd\u529b\u8981\u6c42\u4e5f\u8f83\u9ad8\uff0c\u4eba\u529b\u6210\u672c\u9ad8\u5c45\u4e0d\u4e0b\uff0c\u5728\u5b9e\u9645\u5f00\u53d1\u4e0e\u8d21\u732e\u4e2d\u5b58\u5728\u5404\u79cd\u5404\u6837\u7684\u95ee\u9898\u3002\u4e3a\u4e86\u89e3\u51b3SIG\u9762\u4e34\u7684\u95ee\u9898\uff0c\u4e9f\u9700\u4e00\u4e2aopenEuler+OpenStack\u89e3\u51b3\u65b9\u6848\uff0c\u4ece\u800c\u964d\u4f4e\u5f00\u53d1\u8005\u95e8\u69db\uff0c\u964d\u4f4e\u6295\u5165\u6210\u672c\uff0c\u63d0\u9ad8\u5f00\u53d1\u6548\u7387\uff0c\u4fdd\u8bc1SIG\u7684\u6301\u7eed\u6d3b\u8dc3\u4e0e\u53ef\u6301\u7eed\u53d1\u5c55\u3002","title":"openEuler OpenStack \u5f00\u53d1\u5e73\u53f0"},{"location":"spec/openstack-sig-tool/#1","text":"","title":"1. \u6982\u8ff0"},{"location":"spec/openstack-sig-tool/#11","text":"\u76ee\u524d\uff0c\u968f\u7740SIG\u7684\u4e0d\u65ad\u53d1\u5c55\uff0c\u6211\u4eec\u660e\u663e\u7684\u9047\u5230\u4e86\u4ee5\u4e0b\u51e0\u7c7b\u95ee\u9898\uff1a 1. OpenStack\u6280\u672f\u590d\u6742\uff0c\u6d89\u53ca\u4e91IAAS\u5c42\u7684\u8ba1\u7b97\u3001\u7f51\u7edc\u3001\u5b58\u50a8\u3001\u955c\u50cf\u3001\u9274\u6743\u7b49\u65b9\u65b9\u9762\u9762\u7684\u6280\u672f\uff0c\u5f00\u53d1\u8005\u5f88\u96be\u5168\u77e5\u5168\u4f1a\uff0c\u63d0\u4ea4\u7684\u4ee3\u7801\u903b\u8f91\u3001\u8d28\u91cf\u582a\u5fe7\u3002 2. OpenStack\u662f\u7531python\u7f16\u5199\u7684\uff0cpython\u8f6f\u4ef6\u7684\u4f9d\u8d56\u95ee\u9898\u96be\u4ee5\u5904\u7406\uff0c\u4ee5OpenStack Wallaby\u7248\u672c\u4e3a\u4f8b\uff0c\u6d89\u53ca\u6838\u5fc3python\u8f6f\u4ef6\u5305400+\uff0c \u6bcf\u4e2a\u8f6f\u4ef6\u7684\u4f9d\u8d56\u5c42\u7ea7\u3001\u4f9d\u8d56\u7248\u672c\u9519\u7efc\u590d\u6742\uff0c\u9009\u578b\u56f0\u96be\uff0c\u96be\u4ee5\u5f62\u6210\u95ed\u73af\u3002 3. OpenStack\u8f6f\u4ef6\u5305\u4f17\u591a\uff0cRPM Spec\u7f16\u5199\u5f00\u53d1\u91cf\u5de8\u5927\uff0c\u5e76\u4e14\u968f\u7740openEuler\u3001OpenStack\u672c\u8eab\u7248\u672c\u7684\u4e0d\u65ad\u6f14\u8fdb\uff0cN:N\u7684\u9002\u914d\u5173\u7cfb\u4f1a\u5bfc\u81f4\u5de5\u4f5c\u91cf\u6210\u500d\u589e\u957f\uff0c\u4eba\u529b\u6210\u672c\u8d8a\u6765\u8d8a\u5927\u3002 4. OpenStack\u6d4b\u8bd5\u95e8\u69db\u8fc7\u9ad8\uff0c\u4e0d\u4ec5\u9700\u8981\u5f00\u53d1\u4eba\u5458\u719f\u6089OpenStack\uff0c\u8fd8\u8981\u5bf9\u865a\u62df\u5316\u3001\u865a\u62df\u7f51\u6865\u3001\u5757\u5b58\u50a8\u7b49Linux\u5e95\u5c42\u6280\u672f\u6709\u4e00\u5b9a\u4e86\u89e3\u4e0e\u638c\u63e1\uff0c\u90e8\u7f72\u4e00\u5957OpenStack\u73af\u5883\u8017\u65f6\u8fc7\u957f\uff0c\u529f\u80fd\u6d4b\u8bd5\u96be\u5ea6\u5de8\u5927\u3002\u5e76\u4e14\u6d4b\u8bd5\u573a\u666f\u591a\uff0c\u6bd4\u5982X86\u3001ARM64\u67b6\u6784\u6d4b\u8bd5\uff0c\u88f8\u673a\u3001\u865a\u673a\u79cd\u7c7b\u6d4b\u8bd5\uff0cOVS\u3001OVN\u7f51\u6865\u6d4b\u8bd5\uff0cLVM\u3001Ceph\u5b58\u50a8\u6d4b\u8bd5\u7b49\u7b49\uff0c\u66f4\u52a0\u52a0\u91cd\u4e86\u4eba\u529b\u6210\u672c\u4ee5\u53ca\u6280\u672f\u95e8\u69db\u3002","title":"1.1 \u5f53\u524d\u73b0\u72b6"},{"location":"spec/openstack-sig-tool/#12","text":"\u9488\u5bf9\u4ee5\u4e0a\u76ee\u524dSIG\u9047\u5230\u7684\u95ee\u9898\uff0c\u89c4\u8303\u5316\u3001\u5de5\u5177\u5316\u3001\u81ea\u52a8\u5316\u7684\u76ee\u6807\u52bf\u5728\u5fc5\u884c\u3002\u672c\u7bc7\u8bbe\u8ba1\u6587\u6863\u65e8\u5728\u5728openEuler OpenStack SIG\u4e2d\u63d0\u4f9b\u4e00\u4e2a\u7aef\u5230\u7aef\u53ef\u7528\u7684\u5f00\u53d1\u89e3\u51b3\u65b9\u6848\uff0c\u4ece\u6280\u672f\u89c4\u8303\u5230\u6280\u672f\u5b9e\u73b0\uff0c\u63d0\u51fa\u4e25\u683c\u7684\u6807\u51c6\u8981\u6c42\u4e0e\u8bbe\u8ba1\u65b9\u6848\uff0c\u6ee1\u8db3SIG\u5f00\u53d1\u8005\u7684\u65e5\u5e38\u5f00\u53d1\u9700\u6c42\uff0c\u964d\u4f4e\u5f00\u53d1\u6210\u672c\uff0c\u51cf\u5c11\u4eba\u529b\u6295\u5165\u6210\u672c\uff0c\u964d\u4f4e\u5f00\u53d1\u95e8\u69db\uff0c\u4ece\u800c\u63d0\u9ad8\u5f00\u53d1\u6548\u7387\u3001\u63d0\u9ad8SIG\u8f6f\u4ef6\u8d28\u91cf\u3001\u53d1\u5c55SIG\u751f\u6001\u3001\u5438\u5f15\u66f4\u591a\u5f00\u53d1\u8005\u52a0\u5165SIG\u3002\u4e3b\u8981\u52a8\u4f5c\u5982\u4e0b\uff1a 1. \u8f93\u51faOpenStack\u670d\u52a1\u7c7b\u8f6f\u4ef6\u3001\u4f9d\u8d56\u5e93\u8f6f\u4ef6\u7684RPM SPEC\u5f00\u53d1\u89c4\u8303\uff0c\u5f00\u53d1\u8005\u53caReviewer\u9700\u8981\u4e25\u683c\u9075\u5b88\u89c4\u8303\u8fdb\u884c\u5f00\u53d1\u5b9e\u65bd\u3002 2. \u63d0\u4f9bOpenStack python\u8f6f\u4ef6\u4f9d\u8d56\u5206\u6790\u529f\u80fd\uff0c\u4e00\u952e\u751f\u6210\u4f9d\u8d56\u62d3\u6251\u4e0e\u7ed3\u679c\uff0c\u4fdd\u8bc1\u4f9d\u8d56\u95ed\u73af\uff0c\u907f\u514d\u8f6f\u4ef6\u4f9d\u8d56\u98ce\u9669\u3002 3. \u63d0\u4f9bOpenStack RPM spec\u751f\u6210\u529f\u80fd\uff0c\u9488\u5bf9\u901a\u7528\u6027\u8f6f\u4ef6\uff0c\u63d0\u4f9b\u4e00\u952e\u751f\u6210 RPM spec\u7684\u529f\u80fd\uff0c\u7f29\u77ed\u5f00\u53d1\u65f6\u95f4\uff0c\u964d\u4f4e\u6295\u5165\u6210\u672c\u3002 4. \u63d0\u4f9b\u81ea\u52a8\u5316\u90e8\u7f72\u3001\u6d4b\u8bd5\u5e73\u53f0\u529f\u80fd\uff0c\u5b9e\u73b0\u4e00\u952e\u5728\u4efb\u4f55openEuler\u7248\u672c\u4e0a\u90e8\u7f72\u6307\u5b9aOpenStack\u7248\u672c\u7684\u80fd\u529b\uff0c\u5feb\u901f\u6d4b\u8bd5\u3001\u5feb\u901f\u8fed\u4ee3\u3002 5. \u63d0\u4f9bopenEuler Gitee\u4ed3\u5e93\u81ea\u52a8\u5316\u5904\u7406\u80fd\u529b\uff0c\u6ee1\u8db3\u6279\u91cf\u4fee\u6539\u8f6f\u4ef6\u7684\u9700\u6c42\uff0c\u6bd4\u5982\u521b\u5efa\u4ee3\u7801\u5206\u652f\u3001\u521b\u5efa\u4ed3\u5e93\u3001\u63d0\u4ea4Pull Request\u7b49\u529f\u80fd\u3002 \u4ee5\u4e0a\u89e3\u51b3\u65b9\u6cd5\u53ef\u4ee5\u7edf\u4e00\u5230\u4e00\u4e2a\u7cfb\u7edf\u5e73\u53f0\u4e2d\uff0c\u6211\u4eec\u79f0\u4f5cOpenStack SIG Tool\uff08\u4ee5\u4e0b\u7b80\u79f0oos\uff09\uff0c\u5373\u5c31\u662fopenEuler OpenStack\u5f00\u53d1\u5e73\u53f0\uff0c\u5177\u4f53\u67b6\u6784\u5982\u4e0b\uff1a \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u2502 CLI \u2502 \u2502 GUI \u2502 \u2514\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2502 \u2502 \u2502 Built-in\u2502 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2502 \u2502REST \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u2502 OpenStack Develop Platform \u2502 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2502 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u2502 \u2502 \u2502 \u2502 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2510 \u2502Dependency Analysis\u2502 \u2502SPEC Generation\u2502 \u2502Deploy and Test\u2502 \u2502Code Action\u2502 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u8be5\u67b6\u6784\u4e3b\u8981\u6709\u4ee5\u4e0b\u4e24\u79cd\u6a21\u5f0f\uff1a 1. Client/Server\u6a21\u5f0f \u5728\u8fd9\u79cd\u6a21\u5f0f\u4e0b\uff0coos\u90e8\u7f72\u6210Web Server\u5f62\u5f0f\uff0cClient\u901a\u8fc7REST\u65b9\u5f0f\u8c03\u7528oos\u3002 - \u4f18\u70b9\uff1a\u63d0\u4f9b\u5f02\u6b65\u8c03\u7528\u80fd\u529b\uff0c\u652f\u6301\u5e76\u53d1\u5904\u7406\uff0c\u652f\u6301\u8bb0\u5f55\u6301\u4e45\u5316\u3002 - \u7f3a\u70b9\uff1a\u6709\u4e00\u5b9a\u5b89\u88c5\u90e8\u7f72\u6210\u672c\uff0c\u4f7f\u7528\u65b9\u5f0f\u8f83\u4e3a\u6b7b\u677f\u3002 Built-in\u6a21\u5f0f \u5728\u8fd9\u79cd\u6a21\u5f0f\u4e0b\uff0coos\u65e0\u9700\u90e8\u7f72\uff0c\u4ee5\u5185\u7f6eCLI\u7684\u65b9\u5f0f\u5bf9\u5916\u63d0\u4f9b\u670d\u52a1\uff0c\u7528\u6237\u901a\u8fc7cli\u76f4\u63a5\u8c03\u7528\u5404\u79cd\u529f\u80fd\u3002 \u4f18\u70b9\uff1a\u65e0\u9700\u90e8\u7f72\uff0c\u968f\u65f6\u968f\u5730\u53ef\u7528\u3002 \u7f3a\u70b9\uff1a\u6ca1\u6709\u6301\u4e45\u5316\u80fd\u529b\uff0c\u4e0d\u652f\u6301\u5e76\u53d1\uff0c\u5355\u4eba\u5355\u7528\u3002","title":"1.2 \u89e3\u51b3\u65b9\u6848"},{"location":"spec/openstack-sig-tool/#2","text":"","title":"2. \u8be6\u7ec6\u8bbe\u8ba1"},{"location":"spec/openstack-sig-tool/#21-openstack-spec","text":"Spec\u89c4\u8303\u662f\u4e00\u4e2a\u6216\u591a\u4e2aspec\u6a21\u677f\uff0c\u9488\u5bf9RPM spec\u7684\u6bcf\u4e2a\u5173\u952e\u5b57\u53ca\u6784\u5efa\u7ae0\u8282\uff0c\u4e25\u683c\u89c4\u5b9a\u76f8\u5173\u5185\u5bb9\uff0c\u5f00\u53d1\u8005\u5728\u7f16\u5199spec\u65f6\uff0c\u5fc5\u987b\u6ee1\u8db3\u89c4\u8303\u8981\u6c42\uff0c\u5426\u5219\u4ee3\u7801\u4e0d\u5141\u8bb8\u88ab\u5408\u5165\u3002\u89c4\u8303\u5185\u5bb9\u7531SIG maintainer\u516c\u5f00\u8ba8\u8bba\u540e\u5f62\u6210\u7ed3\u8bba\uff0c\u5e76\u5b9a\u671f\u5ba1\u89c6\u66f4\u65b0\u3002\u4efb\u4f55\u4eba\u90fd\u6709\u6743\u5229\u63d0\u51fa\u5bf9\u89c4\u8303\u7684\u8d28\u7591\u548c\u5efa\u8bae\uff0c maintainer\u8d1f\u8d23\u89e3\u91ca\u4e0e\u5237\u65b0\u3002\u89c4\u8303\u76ee\u524d\u5305\u62ec\u4e24\u7c7b\uff1a 1. \u670d\u52a1\u7c7b\u8f6f\u4ef6\u89c4\u8303 \u6b64\u7c7b\u8f6f\u4ef6\u4ee5Nova\u3001Neutron\u3001Cinder\u7b49OpenStack\u6838\u5fc3\u670d\u52a1\u4e3a\u4f8b\uff0c\u5b83\u4eec\u4e00\u822c\u5b9a\u5236\u5316\u8981\u6c42\u9ad8\uff0c\u5185\u5bb9\u533a\u522b\u5927\uff0c\u5fc5\u8981\u4eba\u4e3a\u624b\u52a8\u7f16\u5199\u3002\u89c4\u8303\u9700\u6e05\u6670\u89c4\u5b9a\u8f6f\u4ef6\u7684\u5206\u5c42\u65b9\u6cd5\u3001\u6784\u5efa\u65b9\u6cd5\u3001\u8f6f\u4ef6\u5305\u7ec4\u6210\u5185\u5bb9\u3001\u6d4b\u8bd5\u65b9\u6cd5\u3001\u7248\u672c\u53f7\u89c4\u5219\u7b49\u5185\u5bb9\u3002 \u901a\u7528\u4f9d\u8d56\u7c7b\u8f6f\u4ef6\u89c4\u8303 \u6b64\u7c7b\u8f6f\u4ef6\u4e00\u822c\u5b9a\u5236\u5316\u4f4e\uff0c\u5185\u5bb9\u7ed3\u6784\u533a\u522b\u5c0f\uff0c\u9002\u5408\u81ea\u52a8\u5316\u5de5\u5177\u4e00\u952e\u751f\u6210\uff0c\u6211\u4eec\u53ea\u9700\u8981\u5728\u89c4\u8303\u4e2d\u5b9a\u4e49\u76f8\u5173\u5de5\u5177\u7684\u751f\u6210\u89c4\u5219\u5373\u53ef\u3002","title":"2.1 OpenStack Spec\u89c4\u8303"},{"location":"spec/openstack-sig-tool/#211","text":"OpenStack\u6bcf\u4e2a\u670d\u52a1\u901a\u5e38\u5305\u542b\u82e5\u5e72\u5b50\u670d\u52a1\uff0c\u9488\u5bf9\u8fd9\u4e9b\u5b50\u670d\u52a1\uff0c\u6211\u4eec\u5728\u6253\u5305\u7684\u65f6\u5019\u4e5f\u8981\u505a\u62c6\u5305\u5904\u7406\uff0c\u5206\u6210\u82e5\u5e72\u4e2a\u5b50RPM\u5305\u3002\u672c\u7ae0\u8282\u89c4\u5b9a\u4e86openEuler SIG\u5bf9OpenStack\u670d\u52a1\u7684RPM\u5305\u62c6\u5206\u7684\u539f\u5219\u3002","title":"2.1.1 \u670d\u52a1\u7c7b\u8f6f\u4ef6\u89c4\u8303"},{"location":"spec/openstack-sig-tool/#2111","text":"\u91c7\u7528\u5206\u5c42\u67b6\u6784\uff0cRPM\u5305\u7ed3\u6784\u5982\u4e0b\u56fe\u6240\u793a\uff0c\u4ee5openstack-nova\u4e3a\u4f8b\uff1a Level | Package | Example | | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25021\u2502 | \u2502 Root Package \u2502 \u2502 Doc Package (Optional) \u2502 | \u2502 openstack-nova.rpm \u2502 \u2502 openstack-nova-doc.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2502 | | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u253c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | | \u2502 \u2502 | | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25022\u2502 | \u2502 Service1 Package \u2502 \u2502 Service2 Package \u2502 | | \u2502 openstack-nova-compute.rpm \u2502 \u2502 openstack-nova-api.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | | | | | | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | | | | | | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25023\u2502 | \u2502 Common Package \u2502 | | \u2502 openstack-nova-common.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2502 | | | \u2502 | | | \u2502 | | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25024\u2502 | \u2502 Library Package \u25c4------------| Library Test Package (Optional) \u2502 | \u2502 python2-nova.rpm \u2502 \u2502 python2-nova-tests.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u5982\u56fe\u6240\u793a\uff0c\u5206\u4e3a4\u7ea7 Root Package\u4e3a\u603bRPM\u5305\uff0c\u539f\u5219\u4e0a\u4e0d\u5305\u542b\u4efb\u4f55\u6587\u4ef6\u3002\u53ea\u505a\u670d\u52a1\u96c6\u5408\u7528\u3002\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u8be5RPM\u4e00\u952e\u5b89\u88c5\u6240\u6709\u5b50RPM\u5305\u3002 \u5982\u679c\u9879\u76ee\u6709doc\u76f8\u5173\u7684\u6587\u4ef6\uff0c\u4e5f\u53ef\u4ee5\u5355\u72ec\u6210\u5305\uff08\u53ef\u9009\uff09 Service Package\u4e3a\u5b50\u670d\u52a1RPM\u5305\uff0c\u5305\u542b\u8be5\u670d\u52a1\u7684systemd\u670d\u52a1\u542f\u52a8\u6587\u4ef6\u3001\u81ea\u5df1\u72ec\u6709\u7684\u914d\u7f6e\u6587\u4ef6\u7b49\u3002 Common Package\u662f\u5171\u7528\u4f9d\u8d56\u7684RPM\u5305\uff0c\u5305\u542b\u5404\u4e2a\u5b50\u670d\u52a1\u4f9d\u8d56\u7684\u901a\u7528\u914d\u7f6e\u6587\u4ef6\u3001\u7cfb\u7edf\u914d\u7f6e\u6587\u4ef6\u7b49\u3002 Library Package\u4e3apython\u6e90\u7801\u5305\uff0c\u5305\u542b\u4e86\u8be5\u9879\u76ee\u7684python\u4ee3\u7801\u3002 \u5982\u679c\u9879\u76ee\u6709test\u76f8\u5173\u7684\u6587\u4ef6\uff0c\u4e5f\u53ef\u4ee5\u5355\u72ec\u6210\u5305\uff08\u53ef\u9009\uff09 \u6d89\u53ca\u672c\u539f\u5219\u7684\u9879\u76ee\u6709\uff1a openstack-nova openstack-cinder openstack-glance openstack-placment openstack-ironic","title":"2.1.1.1 \u901a\u7528\u539f\u5219"},{"location":"spec/openstack-sig-tool/#2112","text":"\u6709\u4e9bopenstack\u7ec4\u4ef6\u672c\u8eab\u53ea\u5305\u542b\u4e00\u4e2a\u670d\u52a1\uff0c\u4e0d\u5b58\u5728\u5b50\u670d\u52a1\u7684\u6982\u5ff5,\u8fd9\u79cd\u670d\u52a1\u5219\u53ea\u9700\u8981\u5206\u4e3a\u4e24\u7ea7\uff1a Level | Package | Example | | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25021\u2502 | \u2502 Root Package \u2502 \u2502 Doc Package (Optional) \u2502 | \u2502 openstack-keystone.rpm \u2502 \u2502 openstack-keystone-doc.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | | | | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25022\u2502 | \u2502 Library Package \u25c4-----| Library Test Package (Optional) \u2502 | \u2502 python2-keystone.rpm \u2502 \u2502 python2-keystone-tests.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 Root Package RPM\u5305\u5305\u542b\u4e86\u9664python\u6e90\u7801\u5916\u7684\u5176\u4ed6\u6240\u6709\u6587\u4ef6\uff0c\u5305\u62ec\u670d\u52a1\u542f\u52a8\u6587\u4ef6\u3001\u9879\u76ee\u914d\u7f6e\u6587\u4ef6\u3001\u7cfb\u7edf\u914d\u7f6e\u6587\u4ef6\u7b49\u7b49\u3002 \u5982\u679c\u9879\u76ee\u6709doc\u76f8\u5173\u7684\u6587\u4ef6\uff0c\u4e5f\u53ef\u4ee5\u5355\u72ec\u6210\u5305\uff08\u53ef\u9009\uff09 Library Package\u4e3apython\u6e90\u7801\u5305\uff0c\u5305\u542b\u4e86\u8be5\u9879\u76ee\u7684python\u4ee3\u7801\u3002 \u5982\u679c\u9879\u76ee\u6709test\u76f8\u5173\u7684\u6587\u4ef6\uff0c\u4e5f\u53ef\u4ee5\u5355\u72ec\u6210\u5305\uff08\u53ef\u9009\uff09 \u6d89\u53ca\u672c\u539f\u5219\u7684\u9879\u76ee\u6709\uff1a openstack-keystone openstack-horizon \u8fd8\u6709\u4e9b\u9879\u76ee\u867d\u7136\u6709\u82e5\u5e72\u5b50RPM\u5305\uff0c\u4f46\u8fd9\u4e9b\u5b50RPM\u5305\u662f\u4e92\u65a5\u7684\uff0c\u5219\u8fd9\u79cd\u670d\u52a1\u7684\u7ed3\u6784\u5982\u4e0b\uff1a Level | Package | Example | | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25021\u2502 | \u2502 Root Package \u2502 \u2502 Doc Package (Optional) \u2502 | \u2502 openstack-neutron.rpm \u2502 \u2502 openstack-neutron-doc.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2502 | | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | | \u2502 | | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25022\u2502 | \u2502 Service1 Package \u2502 \u2502 Service2 Package \u2502 \u2502 Service3 Package \u2502 | | \u2502 openstack-neutron-server.rpm \u2502 \u2502 openstack-neutron-openvswitch.rpm \u2502 \u2502 openstack-neutron-linuxbridge.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | | | | | | | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u253c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | | | | | | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25023\u2502 | \u2502 Common Package \u2502 | | \u2502 openstack-neutron-common.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2502 | | | \u2502 | | | \u2502 | | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25024\u2502 | \u2502 Library Package \u25c4------| Library Test Package (Optional) \u2502 | \u2502 python2-neutron.rpm \u2502 \u2502 python2-neutron-tests.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u5982\u56fe\u6240\u793a\uff0cService2\u548cService3\u4e92\u65a5\u3002 Root\u5305\u53ea\u5305\u542b\u4e0d\u4e92\u65a5\u7684\u5b50\u5305\uff0c\u4e92\u65a5\u7684\u5b50\u5305\u5355\u72ec\u63d0\u4f9b\u3002 \u5982\u679c\u9879\u76ee\u6709doc\u76f8\u5173\u7684\u6587\u4ef6\uff0c\u4e5f\u53ef\u4ee5\u5355\u72ec\u6210\u5305\uff08\u53ef\u9009\uff09 Service Package\u4e3a\u5b50\u670d\u52a1RPM\u5305\uff0c\u5305\u542b\u8be5\u670d\u52a1\u7684systemd\u670d\u52a1\u542f\u52a8\u6587\u4ef6\u3001\u81ea\u5df1\u72ec\u6709\u7684\u914d\u7f6e\u6587\u4ef6\u7b49\u3002 \u4e92\u65a5\u7684Service\u5305\u4e0d\u88abRoot\u5305\u6240\u5305\u542b\uff0c\u7528\u6237\u9700\u8981\u5355\u72ec\u5b89\u88c5\u3002 Common Package\u662f\u5171\u7528\u4f9d\u8d56\u7684RPM\u5305\uff0c\u5305\u542b\u5404\u4e2a\u5b50\u670d\u52a1\u4f9d\u8d56\u7684\u901a\u7528\u914d\u7f6e\u6587\u4ef6\u3001\u7cfb\u7edf\u914d\u7f6e\u6587\u4ef6\u7b49\u3002 Library Package\u4e3apython\u6e90\u7801\u5305\uff0c\u5305\u542b\u4e86\u8be5\u9879\u76ee\u7684python\u4ee3\u7801\u3002 \u5982\u679c\u9879\u76ee\u6709test\u76f8\u5173\u7684\u6587\u4ef6\uff0c\u4e5f\u53ef\u4ee5\u5355\u72ec\u6210\u5305\uff08\u53ef\u9009\uff09 \u6d89\u53ca\u672c\u539f\u5219\u7684\u9879\u76ee\u6709\uff1a openstack-neutron","title":"2.1.1.2 \u7279\u6b8a\u60c5\u51b5"},{"location":"spec/openstack-sig-tool/#212","text":"\u4e00\u4e2a\u4f9d\u8d56\u5e93\u4e00\u822c\u53ea\u5305\u542b\u4e00\u4e2aRPM\u5305\uff0c\u4e0d\u9700\u8981\u505a\u62c6\u5206\u5904\u7406\u3002 Level | Package | Example | | \u250c\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 | \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u25021\u2502 | \u2502 Library Package \u2502 \u2502 Help Package (Optional)\u2502 | \u2502 python2-oslo-service.rpm \u2502 \u2502 python2-oslo-service-help.rpm \u2502 \u2514\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 | \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 NOTE openEuler\u793e\u533a\u5bf9python2\u548cpython3 RPM\u5305\u7684\u547d\u540d\u6709\u8981\u6c42\uff0cpython2\u7684\u5305\u524d\u7f00\u4e3a python2- \uff0cpython3\u7684\u5305\u524d\u7f00\u4e3a python3- \u3002\u56e0\u6b64\uff0cOpenStack\u8981\u6c42\u5f00\u53d1\u8005\u5728\u6253Library\u7684RPM\u5305\u65f6\uff0c\u4e5f\u8981\u9075\u5b88openEuler\u793e\u533a\u89c4\u8303\u3002","title":"2.1.2 \u901a\u7528\u4f9d\u8d56\u7c7b\u8f6f\u4ef6\u89c4\u8303"},{"location":"spec/openstack-sig-tool/#22","text":"\u8f6f\u4ef6\u4f9d\u8d56\u5206\u6790\u529f\u80fd\u4e3a\u7528\u6237\u63d0\u4f9b\u4e00\u952e\u5206\u6790\u76ee\u6807OpenStack\u7248\u672c\u5305\u542b\u7684\u5168\u91cfpython\u8f6f\u4ef6\u4f9d\u8d56\u62d3\u6251\u53ca\u5bf9\u5e94\u8f6f\u4ef6\u7248\u672c\u7684\u80fd\u529b\u3002\u5e76\u81ea\u52a8\u4e0e\u76ee\u6807openEuler\u7248\u672c\u8fdb\u884c\u6bd4\u5bf9\uff0c\u8f93\u51fa\u5bf9\u5e94\u7684\u8f6f\u4ef6\u5305\u5f00\u53d1\u5efa\u8bae\u3002\u672c\u529f\u80fd\u5305\u542b\u4e24\u4e2a\u5b50\u529f\u80fd\uff1a - \u4f9d\u8d56\u5206\u6790 \u5bf9OpenStack python\u5305\u7684\u4f9d\u8d56\u6811\u8fdb\u884c\u89e3\u6790\uff0c\u62c6\u89e3\u4f9d\u8d56\u62d3\u6251\u3002\u4f9d\u8d56\u6811\u672c\u8d28\u4e0a\u662f\u5bf9\u6709\u5411\u56fe\u7684\u904d\u5386\uff0c\u7406\u8bba\u4e0a\uff0c\u4e00\u4e2a\u6b63\u5e38\u7684python\u4f9d\u8d56\u6811\u662f\u4e00\u4e2a\u6709\u5411\u65e0\u73af\u56fe\uff0c\u6709\u5411\u65e0\u73af\u56fe\u7684\u89e3\u6790\u65b9\u6cd5\u5f88\u591a\uff0c\u8fd9\u91cc\u91c7\u7528\u5e38\u7528\u7684\u5e7f\u5ea6\u4f18\u5148\u641c\u7d22\u65b9\u6cd5\u5373\u53ef\u3002\u4f46\u5728\u67d0\u4e9b\u7279\u6b8a\u573a\u666f\u4e0b\uff0cpython\u4f9d\u8d56\u6811\u4f1a\u53d8\u6210\u6709\u5411\u6709\u73af\u56fe\uff0c\u4f8b\u5982\uff1aSphinx\u662f\u4e00\u4e2a\u6587\u6863\u751f\u4ea7\u9879\u76ee\uff0c\u4f46\u5b83\u81ea\u5df1\u7684\u6587\u6863\u751f\u6210\u4e5f\u4f9d\u8d56Sphinx\uff0c\u8fd9\u5c31\u5bfc\u81f4\u4e86\u4f9d\u8d56\u73af\u7684\u5f62\u6210\u3002\u9488\u5bf9\u8fd9\u79cd\u95ee\u9898\uff0c\u6211\u4eec\u53ea\u9700\u8981\u628a\u73af\u4e0a\u7684\u7279\u5b9a\u8282\u70b9\u624b\u52a8\u65ad\u5f00\u5373\u53ef\u3002\u7c7b\u4f3c\u7684\u8fd8\u6709\u4e00\u4e9b\u6d4b\u8bd5\u4f9d\u8d56\u5e93\u3002\u53e6\u4e00\u79cd\u89c4\u907f\u65b9\u6cd5\u662f\u8df3\u8fc7\u6587\u6863\u3001\u6d4b\u8bd5\u8fd9\u79cd\u975e\u6838\u5fc3\u5e93\uff0c\u8fd9\u6837\u4e0d\u4ec5\u907f\u514d\u4e86\u4f9d\u8d56\u73af\u7684\u5f62\u6210\uff0c\u4e5f\u4f1a\u6781\u5927\u51cf\u5c11\u8f6f\u4ef6\u5305\u7684\u6570\u91cf\uff0c\u964d\u4f4e\u5f00\u53d1\u5de5\u4f5c\u91cf\u3002\u4ee5OpenStack Wallaby\u7248\u672c\u4e3a\u4f8b\uff0c\u5168\u91cf\u4f9d\u8d56\u5305\u5927\u6982\u5728700+\u4ee5\u4e0a\uff0c\u53bb\u6389\u6587\u6863\u3001\u6d4b\u8bd5\u540e\uff0c\u4f9d\u8d56\u5305\u5927\u6982\u662f300+\u5de6\u53f3\u3002\u56e0\u6b64\u6211\u4eec\u5f15\u5165`core`\u6838\u5fc3\u7684\u6982\u5ff5\uff0c\u7528\u6237\u6839\u636e\u81ea\u5df1\u7684\u9700\u6c42\uff0c\u9009\u62e9\u8981\u5206\u6790\u7684\u8f6f\u4ef6\u8303\u56f4\u3002\u53e6\u5916\u867d\u7136OpenStack\u5305\u542b\u670d\u52a1\u51e0\u5341\u4e2a\uff0c\u4f46\u7528\u6237\u53ef\u80fd\u53ea\u9700\u8981\u5176\u4e2d\u7684\u67d0\u4e9b\u670d\u52a1\uff0c\u56e0\u6b64\u6211\u4eec\u53e6\u5916\u5f15\u5165`projects`\u8fc7\u6ee4\u5668\uff0c\u7528\u6237\u53ef\u4ee5\u6839\u636e\u81ea\u5df1\u7684\u9700\u6c42\uff0c\u6307\u5b9a\u5206\u6790\u7684\u8f6f\u4ef6\u4f9d\u8d56\u8303\u56f4\u3002 \u4f9d\u8d56\u6bd4\u5bf9 \u4f9d\u8d56\u5206\u6790\u5b8c\u540e\uff0c\u8fd8\u8981\u6709\u5bf9\u5e94\u7684openEuler\u5f00\u53d1\u52a8\u4f5c\uff0c\u56e0\u6b64\u6211\u4eec\u8fd8\u8981\u63d0\u4f9b\u57fa\u4e8e\u76ee\u6807openEuler\u7248\u672c\u7684RPM\u8f6f\u4ef6\u5305\u5f00\u53d1\u5efa\u8bae\u3002openEuler\u4e0eOpenStack\u7248\u672c\u4e4b\u95f4\u6709N:N\u7684\u6620\u5c04\u5173\u7cfb\uff0c\u4e00\u4e2aopenEuler\u7248\u672c\u53ef\u4ee5\u652f\u6301\u591a\u4e2aOpenStack\u7248\u672c\uff0c\u4e00\u4e2aOpenStack\u7248\u672c\u53ef\u4ee5\u90e8\u7f72\u5728\u591a\u4e2aopenEuler\u7248\u672c\u4e0a\u3002\u7528\u6237\u5728\u6307\u5b9a\u4e86\u76ee\u6807openEuler\u7248\u672c\u548cOpenStack\u7248\u672c\u540e\uff0c\u672c\u529f\u80fd\u81ea\u52a8\u904d\u5386openEuler\u8f6f\u4ef6\u5e93\uff0c\u5206\u6790\u5e76\u8f93\u51faOpenStack\u6d89\u53ca\u7684\u5168\u91cf\u8f6f\u4ef6\u5305\u9700\u8981\u8fdb\u884c\u4e86\u64cd\u4f5c\uff0c\u4f8b\u5982\u9700\u8981\u521d\u59cb\u5316\u4ed3\u5e93\u3001\u521b\u5efaopenEuler\u5206\u652f\u3001\u5347\u7ea7\u8f6f\u4ef6\u5305\u7b49\u7b49\u3002\u4e3a\u5f00\u53d1\u8005\u540e\u7eed\u7684\u5f00\u53d1\u63d0\u4f9b\u6307\u5bfc\u3002","title":"2.2 \u8f6f\u4ef6\u4f9d\u8d56\u529f\u80fd"},{"location":"spec/openstack-sig-tool/#221","text":"\u4f9d\u8d56\u5206\u6790 \u8f93\u5165\uff1a\u76ee\u6807OpenStack\u7248\u672c\u3001\u76ee\u6807OpenStack\u670d\u52a1\u5217\u8868\u3001\u662f\u5426\u53ea\u5206\u6790\u6838\u5fc3\u8f6f\u4ef6 \u8f93\u51fa\uff1a\u6240\u6709\u6d89\u53ca\u7684\u8f6f\u4ef6\u5305\u53ca\u6bcf\u4e2a\u8f6f\u4ef6\u5305\u7684\u5bf9\u5e94\u5185\u5bb9\u3002\u683c\u5f0f\u5982\u4e0b\uff1a \u2514\u2500\u2500{OpenStack\u7248\u672c\u540d}_cached_file \u2514\u2500\u2500packageA.yaml \u2514\u2500\u2500packageB.yaml \u2514\u2500\u2500packageC.yaml ...... \u6bcf\u4e2a\u8f6f\u4ef6\u5185\u5bb9\u683c\u5f0f\u5982\u4e0b\uff1a { \"name\": \"packageA\", \"version_dict\": { \"version\": \"0.3.7\", \"eq_version\": \"\", \"ge_version\": \"0.3.5\", \"lt_version\": \"\", \"ne_version\": [], \"upper_version\": \"0.3.7\"}, \"deep\": { \"count\": 1, \"list\": [\"packageB\", \"packageC\"]}, \"requires\": {} } \u5173\u952e\u5b57\u8bf4\u660e | Key | Description | |:-----------------:|:-----------:| | name | \u8f6f\u4ef6\u5305\u540d | | version_dict | \u8f6f\u4ef6\u7248\u672c\u8981\u6c42\uff0c\u5305\u62ec\u7b49\u4e8e\u3001\u5927\u4e8e\u7b49\u4e8e\u3001\u5c0f\u4e8e\u3001\u4e0d\u7b49\u4e8e\uff0c\u7b49\u7b49 | | version_dict.deep | \u8868\u793a\u8be5\u8f6f\u4ef6\u5728\u5168\u91cf\u4f9d\u8d56\u6811\u7684\u6df1\u5ea6\uff0c\u4ee5\u53ca\u6df1\u5ea6\u904d\u5386\u7684\u8def\u5f84 | | requires | \u5305\u542b\u672c\u8f6f\u4ef6\u7684\u4f9d\u8d56\u8f6f\u4ef6\u5217\u8868 | \u4f9d\u8d56\u6bd4\u5bf9 \u8f93\u5165\uff1a\u4f9d\u8d56\u5206\u6790\u7ed3\u679c\u3001\u76ee\u6807openEuler\u7248\u672c\u4ee5\u53cabase\u6bd4\u5bf9\u57fa\u7ebf \u8f93\u51fa\uff1a\u4e00\u4e2a\u8868\u683c\uff0c\u5305\u542b\u6bcf\u4e2a\u8f6f\u4ef6\u7684\u5206\u6790\u7ed3\u679c\u53ca\u5904\u7406\u5efa\u8bae\uff0c\u6bcf\u4e00\u884c\u8868\u793a\u4e00\u4e2a\u8f6f\u4ef6\uff0c\u6240\u6709\u5217\u540d\u53ca\u5b9a\u4e49\u89c4\u8303\u5982\u4e0b\uff1a Column Description Project Name \u8f6f\u4ef6\u5305\u540d openEuler Repo \u8f6f\u4ef6\u5728openEuler\u4e0a\u7684\u6e90\u7801\u4ed3\u5e93\u540d Repo version openEuler\u4e0a\u7684\u6e90\u7801\u7248\u672c Required (Min) Version \u8981\u6c42\u7684\u6700\u5c0f\u7248\u672c lt Version \u8981\u6c42\u5c0f\u4e8e\u7684\u7248\u672c ne Version \u8981\u6c42\u7684\u4e0d\u7b49\u4e8e\u7248\u672c Upper Version \u8981\u6c42\u7684\u6700\u5927\u7248\u672c Status \u5f00\u53d1\u5efa\u8bae Requires \u8f6f\u4ef6\u7684\u4f9d\u8d56\u5217\u8868 Depth \u8f6f\u4ef6\u7684\u4f9d\u8d56\u6811\u6df1\u5ea6 \u5176\u4e2d Status \u5305\u542b\u7684\u5efa\u8bae\u6709: - \u201cOK\u201d\uff1a\u5f53\u524d\u7248\u672c\u76f4\u63a5\u53ef\u7528\uff0c\u4e0d\u9700\u8981\u5904\u7406\u3002 - \u201cNeed Create Repo\u201d\uff1aopenEuler \u7cfb\u7edf\u4e2d\u6ca1\u6709\u6b64\u8f6f\u4ef6\u5305\uff0c\u9700\u8981\u5728 Gitee \u4e2d\u7684 src-openeuler repo \u4ed3\u65b0\u5efa\u4ed3\u5e93\u3002 - \u201cNeed Create Branch\u201d\uff1a\u4ed3\u5e93\u4e2d\u6ca1\u6709\u6240\u9700\u5206\u652f\uff0c\u9700\u8981\u5f00\u53d1\u8005\u521b\u5efa\u5e76\u521d\u59cb\u5316\u3002 - \u201cNeed Init Branch\u201d\uff1a\u8868\u660e\u5206\u652f\u5b58\u5728\uff0c\u4f46\u662f\u91cc\u9762\u5e76\u6ca1\u6709\u4efb\u4f55\u7248\u672c\u7684\u6e90\u7801\u5305\uff0c\u5f00\u53d1\u8005\u9700\u8981\u5bf9\u6b64\u5206\u652f\u8fdb\u884c\u521d\u59cb\u5316\u3002 - \u201cNeed Downgrade\u201d\uff1a\u964d\u7ea7\u8f6f\u4ef6\u5305\u3002 - \u201cNeed Upgrade\u201d\uff1a\u5347\u7ea7\u8f6f\u4ef6\u5305\u3002 \u5f00\u53d1\u8005\u6839\u636e Status \u7684\u5efa\u8bae\u8fdb\u884c\u540e\u7eed\u5f00\u53d1\u52a8\u4f5c\u3002","title":"2.2.1 \u7248\u672c\u5339\u914d\u89c4\u8303"},{"location":"spec/openstack-sig-tool/#222-apicli","text":"\u521b\u5efa\u4f9d\u8d56\u5206\u6790 CLI: oos dependence analysis create endpoint: /dependence/analysis type: POST sync OR async: async request body: { \"release\"[required]: Enum(\"OpenStack Relase\"), \"runtime\"[optional][Default: \"3.10\"]: Enum(\"Python version\"), \"core\"[optional][Default: False]: Boolean, \"projects\"[optional][Default: None]: List(\"OpenStack service\") } response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } \u83b7\u53d6\u4f9d\u8d56\u5206\u6790 CLI: oos dependence analysis show \u3001 oos dependence analysis list endpoint: /dependence/analysis/{UUID} \u3001 /dependence/analysis type: GET sync OR async: sync request body: None response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\", \"OK\") } \u5220\u9664\u4f9d\u8d56\u5206\u6790 CLI: oos dependence analysis delete endpoint: /dependence/analysis/{UUID} type: DELETE sync OR async: sync request body: None response body: { \"ID\": UUID, \"status\": Enum(\"Error\", \"OK\") } \u521b\u5efa\u4f9d\u8d56\u6bd4\u5bf9 CLI: oos dependence generate endpoint: /dependence/generate type: POST sync OR async: async request body: { \"analysis_id\"[required]: UUID, \"compare\"[optional][Default: None]: { \"token\"[required]: GITEE_TOKEN_ID, \"compare-from\"[optional][Default: master]: Enum(\"openEuler project branch\"), \"compare-branch\"[optional][Default: master]: Enum(\"openEuler project branch\") } } response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } \u83b7\u53d6\u4f9d\u8d56\u6bd4\u5bf9 CLI: oos dependence generate show \u3001 oos dependence generate list endpoint: /dependence/generate/{UUID} \u3001 /dependence/generate type: GET sync OR async: sync request body: None response body: { \"ID\": UUID, \"data\" RAW(result data file) } \u5220\u9664\u4f9d\u8d56\u6bd4\u5bf9 CLI: oos dependence generate delete endpoint: /dependence/generate/{UUID} type: DELETE sync OR async: sync request body: None response body: { \"ID\": UUID, \"status\": Enum(\"Error\", \"OK\") }","title":"2.2.2 API\u548cCLI\u5b9a\u4e49"},{"location":"spec/openstack-sig-tool/#23-spec","text":"OpenStack\u4f9d\u8d56\u7684\u5927\u91cfpython\u5e93\u662f\u9762\u5411\u5f00\u53d1\u8005\u7684\uff0c\u8fd9\u79cd\u5e93\u4e0d\u5bf9\u5916\u63d0\u4f9b\u7528\u6237\u670d\u52a1\uff0c\u53ea\u63d0\u4f9b\u4ee3\u7801\u7ea7\u8c03\u7528\uff0c\u5176RPM\u5185\u5bb9\u6784\u6210\u5355\u4e00\u3001\u683c\u5f0f\u56fa\u5b9a\uff0c\u9002\u5408\u4f7f\u7528\u5de5\u5177\u5316\u65b9\u5f0f\u63d0\u9ad8\u5f00\u53d1\u6548\u7387\u3002","title":"2.3 \u8f6f\u4ef6SPEC\u751f\u6210\u529f\u80fd"},{"location":"spec/openstack-sig-tool/#231-spec","text":"SPEC\u7f16\u5199\u4e00\u822c\u5206\u4e3a\u51e0\u4e2a\u9636\u6bb5\uff0c\u6bcf\u4e2a\u9636\u6bb5\u6709\u5bf9\u5e94\u7684\u89c4\u8303\u8981\u6c42\uff1a 1. \u5e38\u89c4\u9879\u586b\u5199\uff0c\u5305\u62ecName\u3001Version\u3001Release\u3001Summary\u3001License\u7b49\u5185\u5bb9\uff0c\u8fd9\u4e9b\u5185\u5bb9\u7531\u76ee\u6807\u8f6f\u4ef6\u7684pypi\u4fe1\u606f\u63d0\u4f9b 2. \u5b50\u8f6f\u4ef6\u5305\u4fe1\u606f\u586b\u5199\uff0c\u5305\u62ec\u8f6f\u4ef6\u5305\u540d\u3001\u7f16\u8bd1\u4f9d\u8d56\u3001\u5b89\u88c5\u4f9d\u8d56\u3001\u63cf\u8ff0\u4fe1\u606f\u7b49\u3002\u8fd9\u4e9b\u5185\u5bb9\u4e5f\u7531\u76ee\u6807\u8f6f\u4ef6\u7684pypi\u4fe1\u606f\u63d0\u4f9b\u3002\u5176\u4e2d\u8f6f\u4ef6\u5305\u540d\u9700\u8981\u6709\u660e\u663e\u7684python\u5316\u663e\u793a\uff0c\u6bd4\u5982\u4ee5 python3- \u4e3a\u524d\u7f00\u3002 3. \u6784\u5efa\u8fc7\u7a0b\u4fe1\u606f\u586b\u5199\uff0c\u5305\u62ec%prep\u3001%build %install %check\u5185\u5bb9\uff0c\u8fd9\u4e9b\u5185\u5bb9\u5f62\u5f0f\u56fa\u5b9a\uff0c\u751f\u6210\u5bf9\u5e94rpm\u5b8f\u547d\u4ee4\u5373\u53ef\u3002 4. RPM\u5305\u6587\u4ef6\u5c01\u88c5\u9636\u6bb5\uff0c\u672c\u9636\u6bb5\u901a\u8fc7\u6587\u4ef6\u641c\u7d22\u65b9\u5f0f\uff0c\u628abin\u3001lib\u3001doc\u7b49\u5185\u5bb9\u5206\u522b\u653e\u5230\u5bf9\u5e94\u76ee\u5f55\u5373\u53ef\u3002 NOTE \uff1a\u5728\u901a\u7528\u89c4\u8303\u5916\uff0c\u4e5f\u6709\u4e00\u4e9b\u4f8b\u5916\u60c5\u51b5\uff0c\u9700\u8981\u7279\u6b8a\u8bf4\u660e\uff1a 1. \u8f6f\u4ef6\u5305\u540d\u5982\u679c\u672c\u8eab\u5df2\u5305\u542b python \u8fd9\u6837\u7684\u5b57\u773c\uff0c\u4e0d\u518d\u9700\u8981\u6dfb\u52a0 python- \u6216 python3- \u524d\u7f00\u3002 2. \u8f6f\u4ef6\u6784\u5efa\u548c\u5b89\u88c5\u9636\u6bb5\uff0c\u6839\u636e\u8f6f\u4ef6\u672c\u8eab\u7684\u5b89\u88c5\u65b9\u5f0f\u4e0d\u540c\uff0c\u5b8f\u547d\u4ee4\u5305\u62ec %py3_build \u6216 pyproject_build \uff0c\u9700\u8981\u4eba\u5de5\u5ba1\u89c6\u3002 3. \u5982\u679c\u8f6f\u4ef6\u672c\u8eab\u5305\u542bC\u8bed\u8a00\u7b49\u7f16\u8bd1\u7c7b\u4ee3\u7801\uff0c\u5219\u9700\u8981\u79fb\u9664 BuildArch: noarch \u5173\u952e\u5b57,\u5e76\u4e14\u5728%file\u9636\u6bb5\u6ce8\u610fRPM\u5b8f %{python3_sitelib} \u548c %{python3_sitearch} \u7684\u533a\u522b\u3002","title":"2.3.1 SPEC\u751f\u6210\u89c4\u8303"},{"location":"spec/openstack-sig-tool/#232-apicli","text":"\u521b\u5efaSPEC CLI: oos spec create endpoint: /spec type: POST sync OR async: async request body: { \"name\"[required]: String, \"version\"[optional][Default: \"latest\"]: String, \"arch\"[optional][Default: False]: Boolean, \"check\"[optional][Default: True]: Boolean, \"pyproject\"[optional][Default: False]: Boolean, } response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } \u83b7\u53d6SPEC CLI: oos spec show \u3001 oos spec list endpoint: /spec/{UUID} \u3001 /spec/ type: GET sync OR async: sync request body: None response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\", \"OK\") } \u66f4\u65b0SPEC CLI: oos spec update endpoint: /spec/{UUID} type: POST sync OR async: async request body: { \"name\"[required]: String, \"version\"[optional][Default: \"latest\"]: String, } response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } \u5220\u9664SPEC CLI: oos spec delete endpoint: /spec/{UUID} type: DELETE sync OR async: sync request body: None response body: { \"ID\": UUID, \"status\": Enum(\"Error\", \"OK\") }","title":"2.3.2 API\u548cCLI\u5b9a\u4e49"},{"location":"spec/openstack-sig-tool/#24","text":"OpenStack\u7684\u90e8\u7f72\u573a\u666f\u591a\u6837\u3001\u90e8\u7f72\u6d41\u7a0b\u590d\u6742\u3001\u90e8\u7f72\u6280\u672f\u95e8\u69db\u8f83\u9ad8\uff0c\u4e3a\u4e86\u89e3\u51b3\u95e8\u69db\u9ad8\u3001\u6548\u7387\u4f4e\u3001\u4eba\u529b\u591a\u7684\u95ee\u9898\uff0copenEuler OpenStack\u5f00\u53d1\u5e73\u53f0\u9700\u8981\u63d0\u4f9b\u81ea\u52a8\u5316\u90e8\u7f72\u3001\u6d4b\u8bd5\u529f\u80fd\u3002 \u81ea\u52a8\u5316\u90e8\u7f72 \u63d0\u4f9b\u57fa\u4e8eopenEuler\u7684OpenStack\u7684\u4e00\u952e\u90e8\u7f72\u80fd\u529b\uff0c\u5305\u62ec\u652f\u6301\u4e0d\u540c\u67b6\u6784\u3001\u4e0d\u540c\u670d\u52a1\u3001\u4e0d\u540c\u573a\u666f\u7684\u90e8\u7f72\u529f\u80fd\uff0c\u63d0\u4f9b\u57fa\u4e8e\u4e0d\u540c\u73af\u5883\u5feb\u901f\u53d1\u653e\u3001\u914d\u7f6eopenEuler\u73af\u5883\u7684\u80fd\u529b\u3002\u5e76\u63d0\u4f9b \u63d2\u4ef6\u5316 \u80fd\u529b\uff0c\u65b9\u4fbf\u7528\u6237\u6269\u5c55\u652f\u6301\u7684\u90e8\u7f72\u540e\u7aef\u548c\u573a\u666f\u3002 \u81ea\u52a8\u5316\u6d4b\u8bd5 \u63d0\u4f9b\u57fa\u4e8eopenEuler\u7684OpenStack\u7684\u4e00\u952e\u6d4b\u8bd5\u80fd\u529b\uff0c\u5305\u62ec\u652f\u6301\u4e0d\u540c\u573a\u666f\u7684\u6d4b\u8bd5\uff0c\u63d0\u4f9b\u7528\u6237\u81ea\u5b9a\u4e49\u6d4b\u8bd5\u7684\u80fd\u529b\uff0c\u5e76\u89c4\u8303\u6d4b\u8bd5\u62a5\u544a\uff0c\u4ee5\u53ca\u652f\u6301\u5bf9\u6d4b\u8bd5\u7ed3\u679c\u4e0a\u62a5\u548c\u6301\u4e45\u5316\u7684\u80fd\u529b\u3002","title":"2.4 \u81ea\u52a8\u5316\u90e8\u7f72\u3001\u6d4b\u8bd5\u529f\u80fd"},{"location":"spec/openstack-sig-tool/#241","text":"\u81ea\u52a8\u5316\u90e8\u7f72\u4e3b\u8981\u5305\u62ec\u4e24\u90e8\u5206\uff1aopenEuler\u73af\u5883\u51c6\u5907\u548cOpenStack\u90e8\u7f72\u3002 openEuler\u73af\u5883\u51c6\u5907 \u63d0\u4f9b\u5feb\u901f\u53d1\u653eopenEuler\u73af\u5883\u7684\u80fd\u529b\uff0c\u652f\u6301\u7684\u53d1\u653e\u65b9\u5f0f\u5305\u62ec \u521b\u5efa\u516c\u6709\u4e91\u8d44\u6e90 \u548c \u7eb3\u7ba1\u5df2\u6709\u73af\u5883 \uff0c\u5177\u4f53\u8bbe\u8ba1\u5982\u4e0b\uff1a **NOTE** openEuler\u7684OpenStack\u652f\u6301\u4ee5RPM + systemd\u7684\u65b9\u5f0f\u4e3a\u4e3b\uff0c\u6682\u4e0d\u652f\u6301\u5bb9\u5668\u65b9\u5f0f\u3002 \u521b\u5efa\u516c\u6709\u4e91\u8d44\u6e90 \u521b\u5efa\u516c\u6709\u4e91\u8d44\u6e90\u4ee5\u865a\u62df\u673a\u652f\u6301\u4e3a\u4e3b\uff08\u88f8\u673a\u5728\u4e91\u4e0a\u64cd\u4f5c\u8d1f\u8d23\uff0c\u751f\u6001\u6ee1\u8db3\u5ea6\u4e0d\u8db3\uff0c\u6682\u4e0d\u505a\u652f\u6301\uff09\u3002\u91c7\u7528\u63d2\u4ef6\u5316\u65b9\u5f0f\uff0c\u63d0\u4f9b\u591a\u4e91\u652f\u6301\u7684\u80fd\u529b\uff0c\u4ee5\u534e\u4e3a\u4e91\u4e3a\u53c2\u8003\u5b9e\u73b0\uff0c\u4f18\u5148\u5b9e\u73b0\u3002\u5176\u4ed6\u4e91\u7684\u652f\u6301\u6839\u636e\u7528\u6237\u9700\u6c42\uff0c\u6301\u7eed\u63a8\u8fdb\u3002\u6839\u636e\u573a\u666f\uff0c\u652f\u6301all in one\u548c\u4e09\u8282\u70b9\u62d3\u6251\u3002 1. \u521b\u5efa\u73af\u5883 - CLI: oos env create - endpoint: `/environment` - type: POST - sync OR async: async - request body: ``` { \"name\"[required]: String, \"type\"[required]: Enmu(\"all-in-one\", \"cluster\"), \"release\"[required]: Enmu(\"openEuler_Release\"), \"flavor\"[required]\uff1a Enmu(\"small\", \"medium\", \"large\"), \"arch\"[required]\uff1a Enmu(\"x86\", \"arm64\"), } ``` - response body: ``` { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } ``` \u67e5\u8be2\u73af\u5883 CLI: oos env list endpoint: /environment type: GET sync OR async: async request body: None response body: { \"ID\": UUID, \"Provider\": String, \"Name\": String, \"IP\": IP_ADDRESS, \"Flavor\": Enmu(\"small\", \"medium\", \"large\"), \"openEuler_release\": String, \"OpenStack_release\": String, \"create_time\": TIME, } \u5220\u9664\u73af\u5883 CLI: oos env delete endpoint: /environment/{UUID} type: DELETE sync OR async: sync request body: None response body: { \"ID\": UUID, \"status\": Enum(\"Error\", \"OK\") } \u7eb3\u7ba1\u5df2\u6709\u73af\u5883 \u7528\u6237\u8fd8\u53ef\u4ee5\u76f4\u63a5\u4f7f\u7528\u5df2\u6709\u7684openEuler\u73af\u5883\u8fdb\u884cOpenStack\u90e8\u7f72\uff0c\u9700\u8981\u628a\u5df2\u6709\u73af\u5883\u7eb3\u7ba1\u5230\u5e73\u53f0\u4e2d\u3002\u7eb3\u7ba1\u540e\uff0c\u73af\u5883\u4e0e\u521b\u5efa\u7684\u9879\u76ee\uff0c\u53ef\u4ee5\u76f4\u63a5\u67e5\u8be2\u6216\u5220\u9664\u3002 1. \u7eb3\u7ba1\u73af\u5883 - CLI: oos env manage - endpoint: `/environment/manage` - type: POST - sync OR async: sync - request body: ``` { \"name\"[required]: String, \"ip\"[required]: IP_ADDRESS, \"release\"[required]: Enmu(\"openEuler_Release\"), \"password\"[required]\uff1a String, } ``` - response body: ``` { \"ID\": UUID, \"status\": Enum(\"Error\", \"OK\") } ``` OpenStack\u90e8\u7f72 \u63d0\u4f9b\u5728\u5df2\u521b\u5efa/\u7eb3\u7ba1\u7684openEuler\u73af\u5883\u4e0a\u90e8\u7f72\u6307\u5b9aOpenStack\u7248\u672c\u7684\u80fd\u529b\u3002 1. \u90e8\u7f72OpenStack - CLI: oos env setup - endpoint: `/environment/setup` - type: POST - sync OR async: async - request body: ``` { \"target\"[required]: UUID(environment), \"release\"[required]: Enmu(\"OpenStack_Release\"), } ``` - response body: ``` { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } ``` \u521d\u59cb\u5316OpenStack\u8d44\u6e90 CLI: oos env init endpoint: /environment/init type: POST sync OR async: async request body: { \"target\"[required]: UUID(environment), } response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } \u5378\u8f7d\u5df2\u90e8\u7f72OpenStack CLI: oos env clean endpoint: /environment/clean type: POST sync OR async: async request body: { \"target\"[required]: UUID(environment), } response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") }","title":"2.4.1 \u81ea\u52a8\u5316\u90e8\u7f72"},{"location":"spec/openstack-sig-tool/#_1","text":"\u73af\u5883\u90e8\u7f72\u6210\u529f\u540e\uff0cSIG\u5f00\u53d1\u5e73\u53f0\u63d0\u4f9b\u57fa\u4e8e\u5df2\u90e8\u7f72OpenStack\u73af\u5883\u7684\u81ea\u52a8\u5316\u6d4b\u8bd5\u529f\u80fd\u3002\u4e3b\u8981\u5305\u542b\u4ee5\u4e0b\u51e0\u4e2a\u91cd\u8981\u5185\u5bb9\uff1a OpenStack\u672c\u8eab\u63d0\u4f9b\u4e00\u5957\u5b8c\u5584\u7684\u6d4b\u8bd5\u6846\u67b6\u3002\u5305\u62ec \u5355\u5143\u6d4b\u8bd5 \u548c \u529f\u80fd\u6d4b\u8bd5 \uff0c\u5176\u4e2d \u5355\u5143\u6d4b\u8bd5 \u5728 2.3\u7ae0\u8282 \u4e2d\u5df2\u7ecf\u7531RPM spec\u5305\u542b\uff0cspec\u7684%check\u9636\u6bb5\u53ef\u4ee5\u5b9a\u4e49\u6bcf\u4e2a\u9879\u76ee\u7684\u5355\u5143\u6d4b\u8bd5\u65b9\u5f0f\uff0c\u4e00\u822c\u60c5\u51b5\u4e0b\u53ea\u9700\u8981\u6dfb\u52a0 pytest \u6216 stestr \u5373\u53ef\u3002 \u529f\u80fd\u6d4b\u8bd5 \u7531OpenStack Tempest\u670d\u52a1\u63d0\u4f9b\uff0c\u5728\u4e0a\u6587\u6240\u8ff0\u7684\u81ea\u52a8\u5316\u90e8\u7f72 oos env init \u9636\u6bb5\uff0coos\u4f1a\u81ea\u52a8\u5b89\u88c5Tempest\u5e76\u751f\u6210\u9ed8\u8ba4\u7684\u914d\u7f6e\u6587\u4ef6\u3002 - CLI: oos env test endpoint: /environment/test type: POST sync OR async: async request body: { \"target\"[required]: UUID(environment), } response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } \u6d4b\u8bd5\u6267\u884c\u5b8c\u540e\uff0coos\u4f1a\u8f93\u51fa\u6d4b\u8bd5\u62a5\u544a\uff0c\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0coos\u4f7f\u7528 subunit2html \u5de5\u5177\uff0c\u751f\u6210html\u683c\u5f0f\u7684Tempest\u6d4b\u8bd5\u7ed3\u679c\u6587\u4ef6\u3002","title":"\u81ea\u52a8\u5316\u6d4b\u8bd5"},{"location":"spec/openstack-sig-tool/#25-openeuler","text":"OpenStack\u6d89\u53ca\u8f6f\u4ef6\u5305\u4f17\u591a\uff0c\u968f\u7740\u7248\u672c\u4e0d\u65ad\u5730\u6f14\u8fdb\u3001\u652f\u6301\u670d\u52a1\u4e0d\u65ad\u7684\u5b8c\u5584\uff0cSIG\u7ef4\u62a4\u7684\u8f6f\u4ef6\u5305\u5217\u8868\u4f1a\u4e0d\u65ad\u5237\u65b0\uff0c\u4e3a\u4e86\u964d\u4f4e\u91cd\u590d\u7684\u5f00\u53d1\u52a8\u4f5c\uff0coos\u8fd8\u5c01\u88c5\u4e86\u4e00\u4e9b\u6613\u7528\u7684\u4ee3\u7801\u5f00\u53d1\u5e73\u53f0\u81ea\u52a8\u5316\u80fd\u529b\uff0c\u6bd4\u5982\u57fa\u4e8eGitee\u7684\u81ea\u52a8\u4ee3\u7801\u63d0\u4ea4\u80fd\u529b\u3002\u529f\u80fd\u5982\u4e0b\uff1a \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u2502 Code Action \u2502 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2502 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u253c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u2502 \u2502 \u2502 \u250c\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25bc\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u2502Repo Action\u2502 \u2502Branch Action\u2502 \u2502Pull Request Action\u2502 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 Repo Action \u63d0\u4f9b\u4e0e\u8f6f\u4ef6\u4ed3\u76f8\u5173\u7684\u81ea\u52a8\u5316\u529f\u80fd\uff1a \u81ea\u52a8\u5efa\u4ed3 CLI: oos repo create endpoint: /repo type: POST sync OR async: async request body: { \"project\"[required]: String, \"repo\"[required]: String, \"push\"[optional][Default: \"False\"]: Boolean, } response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } Branch Action \u63d0\u4f9b\u4e0e\u8f6f\u4ef6\u5206\u652f\u76f8\u5173\u7684\u81ea\u52a8\u5316\u529f\u80fd\uff1a \u81ea\u52a8\u521b\u5efa\u5206\u652f CLI: oos repo branch-create endpoint: /repo/branch type: POST sync OR async: async request body: { \"branches\"[required]: { \"branch-name\"[required]: String, \"branch-type\"[optional][Default: \"None\"]: Enum(\"protected\"), \"parent-branch\"[required]: String } } response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") } Pull Request Action \u63d0\u4f9b\u4e0e\u4ee3\u7801PR\u76f8\u5173\u7684\u81ea\u52a8\u5316\u529f\u80fd\uff1a \u65b0\u589ePR\u8bc4\u8bba\uff0c\u65b9\u4fbf\u7528\u6237\u6267\u884c\u7c7b\u4f3c retest \u3001 /lgtm \u7b49\u5e38\u89c4\u5316\u8bc4\u8bba\u3002 CLI: oos repo pr-comment endpoint: /repo/pr/comment type: POST sync OR async: sync request body: { \"repo\"[required]: String, \"pr_number\"[required]: Int, \"comment\"[required]: String } response body: { \"ID\": UUID, \"status\": Enum(\"OK\", \"Error\") } \u83b7\u53d6SIG\u6240\u6709PR\uff0c\u65b9\u4fbfmaintainer\u83b7\u53d6\u5f53\u524dSIG\u7684\u5f00\u53d1\u73b0\u72b6\uff0c\u63d0\u9ad8\u8bc4\u5ba1\u6548\u7387\u3002 CLI: oos repo pr-fetch endpoint: /repo/pr/fetch type: POST sync OR async: async request body: { \"repo\"[optional][Default: \"None\"]: List[String] } response body: { \"ID\": UUID, \"status\": Enum(\"Running\", \"Error\") }","title":"2.5 openEuler\u81ea\u52a8\u5316\u5f00\u53d1\u529f\u80fd"},{"location":"spec/openstack-sig-tool/#3","text":"SIG\u5f00\u6e90\u8f6f\u4ef6\u9700\u8981\u7b26\u5408openeEuler\u793e\u533a\u5bf9\u5176\u4e2d\u8f6f\u4ef6\u7684\u5404\u79cd\u8981\u6c42\uff0c\u5e76\u4e14\u4e5f\u8981\u7b26\u5408OpenStack\u793e\u533a\u8f6f\u4ef6\u7684\u51fa\u53e3\u6807\u51c6\u3002","title":"3. \u8d28\u91cf\u3001\u5b89\u5168\u4e0e\u5408\u89c4"},{"location":"spec/openstack-sig-tool/#31","text":"\u8f6f\u4ef6\u8d28\u91cf\uff08\u53ef\u670d\u52a1\u6027\uff09 \u5bf9\u5e94\u8f6f\u4ef6\u4ee3\u7801\u9700\u5305\u542b\u5355\u5143\u6d4b\u8bd5\uff0c\u8986\u76d6\u7387\u4e0d\u4f4e\u4e8e80%\u3002 \u9700\u63d0\u4f9b\u7aef\u5230\u7aef\u529f\u80fd\u6d4b\u8bd5\uff0c\u8986\u76d6\u4e0a\u8ff0\u6240\u6709\u63a5\u53e3\uff0c\u4ee5\u53ca\u6838\u5fc3\u7684\u573a\u666f\u6d4b\u8bd5\u3002 \u57fa\u4e8eopenEuler\u793e\u533aCI\uff0c\u6784\u5efaCI/CD\u6d41\u7a0b\uff0c\u6240\u6709Pull Request\u8981\u6709CI\u4fdd\u8bc1\u4ee3\u7801\u8d28\u91cf\uff0c\u5b9a\u671f\u53d1\u5e03release\u7248\u672c\uff0c\u8f6f\u4ef6\u53d1\u5e03\u95f4\u9694\u4e0d\u5927\u4e8e3\u4e2a\u6708\u3002 \u57fa\u4e8eGitee ISSUE\u7cfb\u7edf\u5904\u7406\u7528\u6237\u53d1\u73b0\u5e76\u53cd\u9988\u7684\u95ee\u9898\uff0c\u95ed\u73af\u7387\u5927\u4e8e80%\uff0c\u95ed\u73af\u5468\u671f\u4e0d\u8d85\u8fc71\u5468\u3002 \u8f6f\u4ef6\u5b89\u5168 \u6570\u636e\u5b89\u5168\uff1a\u8f6f\u4ef6\u5168\u7a0b\u4e0d\u8054\u7f51\uff0c\u6301\u4e45\u5b58\u50a8\u4e2d\u4e0d\u5305\u542b\u7528\u6237\u654f\u611f\u4fe1\u606f\u3002 \u7f51\u7edc\u5b89\u5168\uff1aOOS\u5728REST\u67b6\u6784\u4e0b\u4f7f\u7528http\u534f\u8bae\u901a\u4fe1\uff0c\u4f46\u8f6f\u4ef6\u8bbe\u8ba1\u76ee\u6807\u5b9e\u5728\u5185\u7f51\u73af\u5883\u4e2d\u4f7f\u7528\uff0c\u4e0d\u5efa\u8bae\u66b4\u9732\u5728\u516c\u7f51IP\u4e2d\uff0c\u5982\u5fc5\u987b\u5982\u6b64\uff0c\u5efa\u8bae\u589e\u52a0\u8bbf\u95eeIP\u767d\u540d\u5355\u9650\u5236\u3002 \u7cfb\u7edf\u5b89\u5168\uff1a\u57fa\u4e8eopenEuler\u5b89\u5168\u673a\u5236\uff0c\u5b9a\u671f\u53d1\u5e03CVE\u4fee\u590d\u6216\u5b89\u5168\u8865\u4e01\u3002 \u5e94\u7528\u5c42\u5b89\u5168\uff1a\u4e0d\u6d89\u53ca\uff0c\u4e0d\u63d0\u4f9b\u5e94\u7528\u7ea7\u5b89\u5168\u670d\u52a1\uff0c\u4f8b\u5982\u5bc6\u7801\u7b56\u7565\u3001\u8bbf\u95ee\u63a7\u5236\u7b49\u3002 \u7ba1\u7406\u5b89\u5168\uff1a\u8f6f\u4ef6\u63d0\u4f9b\u65e5\u5fd7\u751f\u6210\u548c\u5468\u671f\u6027\u5907\u4efd\u673a\u5236\uff0c\u65b9\u4fbf\u7528\u6237\u5b9a\u671f\u5ba1\u8ba1\u3002 \u53ef\u9760\u6027 \u672c\u8f6f\u4ef6\u9762\u5411openEuler\u793e\u533aOpenStack\u5f00\u53d1\u884c\u4e3a\uff0c\u4e0d\u6d89\u53ca\u670d\u52a1\u4e0a\u7ebf\u6216\u8005\u5546\u4e1a\u751f\u4ea7\u843d\u5730\uff0c\u6240\u6709\u4ee3\u7801\u516c\u5f00\u900f\u660e\uff0c\u4e0d\u6d89\u53ca\u79c1\u6709\u529f\u80fd\u53ca\u4ee3\u7801\u3002\u56e0\u6b64\u4e0d\u63d0\u4f9b\u4f8b\u5982\u8282\u70b9\u5197\u4f59\u3001\u5bb9\u707e\u5907\u4efd\u80fd\u529f\u80fd\u3002","title":"3.1 \u8d28\u91cf\u4e0e\u5b89\u5168"},{"location":"spec/openstack-sig-tool/#32","text":"License\u5408\u89c4 \u672c\u5e73\u53f0\u91c7\u7528Apache2.0 License\uff0c\u4e0d\u9650\u5236\u4e0b\u6e38fork\u8f6f\u4ef6\u7684\u95ed\u6e90\u4e0e\u5546\u4e1a\u884c\u4e3a\uff0c\u4f46\u4e0b\u6e38\u8f6f\u4ef6\u9700\u6807\u6ce8\u4ee3\u7801\u6765\u6e90\u4ee5\u53ca\u4fdd\u7559\u539f\u6709License\u3002 \u6cd5\u52a1\u5408\u89c4 \u672c\u5e73\u53f0\u7531\u5f00\u6e90\u5f00\u53d1\u8005\u5171\u540c\u5f00\u53d1\u7ef4\u62a4\uff0c\u4e0d\u6d89\u53ca\u5546\u4e1a\u516c\u53f8\u7684\u79d8\u5bc6\u4ee5\u53ca\u975e\u516c\u5f00\u4ee3\u7801\u3002\u6240\u6709\u8d21\u732e\u8005\u9700\u9075\u5b88openEuler\u793e\u533a\u8d21\u732e\u51c6\u5219\uff0c\u786e\u4fdd\u81ea\u8eab\u7684\u8d21\u732e\u5408\u89c4\u5408\u6cd5\u3002SIG\u53ca\u793e\u533a\u672c\u8eab\u4e0d\u627f\u62c5\u76f8\u5e94\u8d23\u4efb\u3002 \u5982\u53d1\u73b0\u4e0d\u5408\u89c4\u7684\u6e90\u7801\uff0cSIG\u65e0\u9700\u83b7\u53d6\u8d21\u732e\u8005\u7684\u5141\u8bb8\uff0c\u6709\u6743\u5229\u53ca\u4e49\u52a1\u53ca\u65f6\u5220\u9664\u3002\u5e76\u6709\u6743\u7981\u6b62\u4e0d\u5408\u89c4\u4ee3\u7801\u6216\u5f00\u53d1\u8005\u7ee7\u7eed\u8d21\u732e\u3002 \u5f00\u53d1\u8005\u5982\u679c\u6709\u975e\u516c\u5f00\u4ee3\u7801\u9700\u8981\u8d21\u732e\uff0c\u5219\u8981\u5148\u9075\u5b88\u672c\u516c\u53f8\u7684\u5f00\u6e90\u6d41\u7a0b\u4e0e\u89c4\u5b9a\uff0c\u5e76\u6309\u7167openEuler\u793e\u533a\u5f00\u6e90\u89c4\u8303\u516c\u5f00\u8d21\u732e\u4ee3\u7801\u3002","title":"3.2 \u5408\u89c4"},{"location":"spec/openstack-sig-tool/#4","text":"\u65f6\u95f4 \u5185\u5bb9 \u72b6\u6001 2021.06 \u5b8c\u6210\u8f6f\u4ef6\u6574\u4f53\u6846\u67b6\u7f16\u5199\uff0c\u5b9e\u73b0CLI Built-in\u673a\u5236\uff0c\u81f3\u5c11\u4e00\u4e2aAPI\u53ef\u7528 Done 2021.12 \u5b8c\u6210CLI Built-in\u673a\u5236\u7684\u5168\u91cf\u529f\u80fd\u53ef\u7528 Done 2022.06 \u5b8c\u6210\u8d28\u91cf\u52a0\u56fa\uff0c\u4fdd\u8bc1\u529f\u80fd\uff0c\u5728openEuler OpenStack\u793e\u533a\u5f00\u53d1\u6d41\u7a0b\u4e2d\u6b63\u5f0f\u5f15\u5165OOS Done 2022.12 \u4e0d\u65ad\u5b8c\u6210OOS\uff0c\u4fdd\u8bc1\u6613\u7528\u6027\u3001\u5065\u58ee\u6027\uff0c\u81ea\u52a8\u5316\u8986\u76d6\u5ea6\u8d85\u8fc780%\uff0c\u964d\u4f4e\u5f00\u53d1\u4eba\u529b\u6295\u5165 Done 2023.06 \u8865\u9f50REST\u6846\u67b6\u3001CI/CD\u6d41\u7a0b\uff0c\u4e30\u5bccPlugin\u673a\u5236\uff0c\u5f15\u5165\u66f4\u591abackend\u652f\u6301 Working in progress 2023.12 \u5b8c\u6210\u524d\u7aefGUI\u529f\u80fd Planning","title":"4. \u5b9e\u65bd\u8ba1\u5212"},{"location":"spec/priority_vm/","text":"\u9ad8\u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u6df7\u90e8 \u00b6 \u865a\u62df\u673a\u6df7\u5408\u90e8\u7f72\u662f\u6307\u628a\u5bf9CPU\u3001IO\u3001Memory\u7b49\u8d44\u6e90\u6709\u4e0d\u540c\u9700\u6c42\u7684\u865a\u62df\u673a\u901a\u8fc7\u8c03\u5ea6\u65b9\u5f0f\u90e8\u7f72\u3001\u8fc1\u79fb\u5230\u540c\u4e00\u4e2a\u8ba1\u7b97\u8282\u70b9\u4e0a\uff0c\u4ece\u800c\u4f7f\u5f97\u8282\u70b9\u7684\u8d44\u6e90\u5f97\u5230\u5145\u5206\u5229\u7528\u3002\u5728\u5355\u673a\u7684\u8d44\u6e90\u8c03\u5ea6\u5206\u914d\u4e0a\uff0c\u533a\u5206\u51fa\u9ad8\u4f4e\u4f18\u5148\u7ea7\uff0c\u5373\u9ad8\u4f18\u5148\u7ea7\u865a\u673a\u548c\u4f4e\u4f18\u5148\u7ea7\u865a\u673a\u53d1\u751f\u8d44\u6e90\u7ade\u4e89\u65f6\uff0c\u8d44\u6e90\u4f18\u5148\u5206\u914d\u7ed9\u524d\u8005\uff0c\u4e25\u683c\u4fdd\u969c\u5176QoS\u3002 \u865a\u62df\u673a\u6df7\u5408\u90e8\u7f72\u7684\u573a\u666f\u6709\u591a\u79cd\uff0c\u6bd4\u5982\u901a\u8fc7\u52a8\u6001\u8d44\u6e90\u8c03\u5ea6\u6ee1\u8db3\u8282\u70b9\u8d44\u6e90\u7684\u52a8\u6001\u8c03\u6574\uff1b\u6839\u636e\u7528\u6237\u4f7f\u7528\u4e60\u60ef\u52a8\u6001\u8c03\u6574\u8282\u70b9\u865a\u62df\u673a\u5206\u5e03\u7b49\u7b49\u3002\u800c\u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u8c03\u5ea6\u4e5f\u662f\u5176\u4e2d\u7684\u4e00\u79cd\u5b9e\u73b0\u65b9\u6cd5\u3002 \u5728OpenStack Nova\u4e2d\u5f15\u5165\u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u6280\u672f\uff0c\u53ef\u4ee5\u4e00\u5b9a\u7a0b\u5ea6\u4e0a\u6ee1\u8db3\u865a\u62df\u673a\u7684\u6df7\u5408\u90e8\u7f72\u8981\u6c42\u3002\u672c\u6587\u6863\u4e3b\u8981\u9488\u5bf9OpenStack Nova\u865a\u62df\u673a\u521b\u5efa\u529f\u80fd\uff0c\u4ecb\u7ecd\u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u8c03\u5ea6\u7684\u8bbe\u8ba1\u4e0e\u5b9e\u73b0\u3002 \u5b9e\u73b0\u65b9\u6848 \u00b6 \u5728Nova\u7684\u865a\u62df\u673a\u521b\u5efa\u3001\u8fc1\u79fb\u6d41\u7a0b\u4e2d\u5f15\u5165\u9ad8\u4f4e\u4f18\u5148\u7ea7\u6982\u5ff5\uff0c\u865a\u62df\u673a\u5bf9\u8c61\u65b0\u589e\u9ad8\u4f4e\u4f18\u5148\u7ea7\u5c5e\u6027\u3002\u9ad8\u4f18\u5148\u7ea7\u865a\u62df\u673a\u5728\u8c03\u5ea6\u7684\u8fc7\u7a0b\u4e2d\uff0c\u4f1a\u5c3d\u53ef\u80fd\u7684\u8c03\u5ea6\u5230\u8d44\u6e90\u5145\u8db3\u7684\u8282\u70b9\uff0c\u8fd9\u6837\u7684\u8282\u70b9\u9700\u8981\u81f3\u5c11\u6ee1\u8db3\u5185\u5b58\u4e0d\u8d85\u5356\u3001\u9ad8\u4f18\u5148\u7ea7\u865a\u62df\u673a\u6240\u7528CPU\u4e0d\u8d85\u5356\u7684\u8981\u6c42\u3002 \u672c\u7279\u6027\u7684\u5b9e\u73b0\u57fa\u4e8eOpenStack Yoga\u7248\u672c\uff0c\u627f\u8f7d\u4e8eopenEuler 22.09\u521b\u65b0\u7248\u672c\u4e2d\u3002\u540c\u65f6\u5f15\u5165openEuler 22.03 LTS SP1\u7684Train\u7248\u672c\u3002 \u603b\u4f53\u67b6\u6784 \u00b6 \u7528\u6237\u521b\u5efaflavor\u6216\u521b\u5efa\u865a\u673a\u65f6\uff0c\u53ef\u6307\u5b9a\u5176\u4f18\u5148\u7ea7\u5c5e\u6027\u3002\u4f46\u4f18\u5148\u7ea7\u5c5e\u6027\u4e0d\u5f71\u54cdNova\u73b0\u6709\u7684\u8d44\u6e90\u6a21\u578b\u53ca\u8282\u70b9\u8c03\u5ea6\u7b56\u7565\uff0c\u5373Nova\u4ecd\u6309\u6b63\u5e38\u6d41\u7a0b\u9009\u53d6\u8ba1\u7b97\u8282\u70b9\u53ca\u521b\u5efa\u865a\u673a\u3002 \u865a\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u7279\u6027\u4e3b\u8981\u5f71\u54cd\u865a\u673a\u521b\u5efa\u540e\u5355\u673a\u5c42\u9762\u7684\u8d44\u6e90\u8c03\u5ea6\u5206\u914d\u7b56\u7565\u3002\u9ad8\u4f18\u5148\u7ea7\u865a\u673a\u548c\u4f4e\u4f18\u5148\u7ea7\u865a\u673a\u53d1\u751f\u8d44\u6e90\u7ade\u4e89\u65f6\uff0c\u8d44\u6e90\u4f18\u5148\u5206\u914d\u7ed9\u524d\u8005\uff0c\u4e25\u683c\u4fdd\u969c\u5176QoS\u3002 Nova\u9488\u5bf9\u865a\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u7279\u6027\u6709\u4ee5\u4e0b\u6539\u53d8\uff1a 1. VM\u5bf9\u8c61\u548cflavor\u65b0\u589e\u9ad8\u4f4e\u4f18\u5148\u7ea7\u5c5e\u6027\u914d\u7f6e\u3002\u540c\u65f6\u7ed3\u5408\u4e1a\u52a1\u573a\u666f\uff0c\u7ea6\u675f\u9ad8\u4f18\u5148\u7ea7\u5c5e\u6027\u53ea\u80fd\u8bbe\u7f6e\u7ed9\u7ed1\u6838\u7c7b\u578b\u865a\u673a\uff0c\u4f4e\u4f18\u5148\u7ea7\u5c5e\u6027\u53ea\u80fd\u8bbe\u7f6e\u7ed9\u975e\u7ed1\u6838\u7c7b\u865a\u673a\u3002 2. \u5bf9\u4e8e\u5177\u6709\u4f18\u5148\u7ea7\u5c5e\u6027\u7684\u865a\u673a\uff0c\u9700\u4fee\u6539libvirt XML\u914d\u7f6e\uff0c\u8ba9\u5355\u673a\u4e0a\u7684QoS\u7ba1\u7406\u7ec4\u4ef6\uff08\u540d\u4e3aSkylark\uff09\u611f\u77e5\uff0c\u4ece\u800c\u81ea\u52a8\u8fdb\u884c\u8d44\u6e90\u5206\u914d\u548cQoS\u7ba1\u7406\u3002 3. \u4f4e\u4f18\u5148\u7ea7\u865a\u673a\u7684\u7ed1\u6838\u8303\u56f4\u6709\u6539\u53d8\uff0c\u4ee5\u5145\u5206\u5229\u7528\u9ad8\u4f18\u5148\u7ea7\u865a\u673a\u7a7a\u95f2\u7684\u8d44\u6e90\u3002 \u8d44\u6e90\u6a21\u578b \u00b6 VM\u5bf9\u8c61\u65b0\u589e\u53ef\u9009\u5c5e\u6027 priority \uff0c priority \u53ef\u88ab\u8bbe\u7f6e\u6210 high \u6216 low \uff0c\u5206\u522b\u8868\u793a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u3002 flavor extra_specs\u65b0\u589e hw:cpu_priority \u5b57\u6bb5\uff0c\u6807\u8bc6\u4e3a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u89c4\u683c\uff0c\u503c\u4e3a high \u6216 low \u3002 \u53c2\u6570\u9650\u5236\u53ca\u89c4\u5219\uff1a priority=high \u5fc5\u987b\u4e0e hw:cpu_policy=dedicated \u914d\u5957\u4f7f\u7528\uff0c\u5426\u5219\u62a5\u9519\u3002 priority=low \u5fc5\u987b\u4e0e hw:cpu_policy=shared (\u9ed8\u8ba4\u503c)\u914d\u5957\u4f7f\u7528\uff0c\u5426\u5219\u62a5\u9519\u3002 VM\u5bf9\u8c61\u7684\u4f18\u5148\u7ea7\u914d\u7f6e\u548cflavor\u7684\u4f18\u5148\u7ea7\u914d\u7f6e\u90fd\u4e3a\u53ef\u9009\uff0c\u90fd\u4e0d\u914d\u7f6e\u65f6\u4ee3\u8868\u662f\u666e\u901aVM\uff0c\u90fd\u914d\u7f6e\u65f6\u4ee5VM\u5bf9\u8c61\u7684\u4f18\u5148\u7ea7\u5c5e\u6027\u4e3a\u51c6\u3002 \u666e\u901aVM\u53ef\u4e0e\u5177\u6709\u4f18\u5148\u7ea7\u5c5e\u6027\u7684VM\u5171\u5b58\uff0c\u56e0\u4e3a\u4f18\u5148\u7ea7\u5c5e\u6027\u4e0d\u5f71\u54cdNova\u73b0\u6709\u7684\u8d44\u6e90\u6a21\u578b\u53ca\u8282\u70b9\u8c03\u5ea6\u7b56\u7565\u3002\u5f53\u666e\u901aVM\u4e0e\u9ad8\u4f18\u5148\u7ea7VM\u53d1\u751f\u8d44\u6e90\u7ade\u4e89\u65f6\uff0cSkylark\u7ec4\u4ef6\u4e0d\u4f1a\u5e72\u9884\u3002\u5f53\u666e\u901aVM\u4e0e\u4f4e\u4f18\u5148\u7ea7VM\u53d1\u751f\u8d44\u6e90\u7ade\u4e89\u65f6\uff0cSkylark\u7ec4\u4ef6\u4f1a\u4f18\u5148\u4fdd\u969c\u666e\u901aVM\u7684\u8d44\u6e90\u5206\u914d\u3002 API \u00b6 \u521b\u5efa\u865a\u62df\u673aAPI\u4e2d\u53ef\u9009\u53c2\u6570 os:scheduler_hints.priority \u53ef\u88ab\u8bbe\u7f6e\u6210 high \u6216 low \uff0c\u7528\u4e8e\u8bbe\u7f6eVM\u5bf9\u8c61\u7684\u4f18\u5148\u7ea7\u3002 POST v2/servers (v2.1\u9ed8\u8ba4\u7248\u672c) { \"OS-SCH-HNT:scheduler_hints\": {\"priority\": \"high\"} } Scheduler \u00b6 \u4fdd\u6301\u4e0d\u53d8 Compute \u00b6 \u8d44\u6e90\u4e0a\u62a5 \u00b6 \u4fdd\u6301\u4e0d\u53d8 \u8d44\u6e90\u5206\u914d\u7ed1\u5b9a \u00b6 \u9ad8\u4f4e\u4f18\u5148\u7ea7\u673a\u5668\u521b\u5efa\u6309\u7167priority\u6807\u5fd7\u5206\u914dCPU\uff1a \u9ad8\u4f18\u5148\u7ea7\u865a\u62df\u673a\u53ea\u80fd\u662f\u7ed1\u6838\u7c7b\u578b\u865a\u673a\uff0c\u4e00\u5bf9\u4e00\u7ed1\u5b9a cpu_dedicated_set \u4e2d\u6307\u5b9aCPU \u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u53ea\u80fd\u662f\u975e\u7ed1\u6838\u7c7b\u578b\u865a\u673a\uff0c\u9ed8\u8ba4\u8303\u56f4\u7ed1\u5b9a cpu_shared_set \u4e2d\u6307\u5b9a\u7684CPU\u3002 \u6b64\u5916\uff0c nova.conf \u7684 compute \u5757\u4e2d\u65b0\u589e\u914d\u7f6e\u9879 cpu_priority_mix_enable \uff0c\u9ed8\u8ba4\u503c\u4e3aFalse\u3002\u8bbe\u7f6e\u4e3aTrue\u540e\uff0c\u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u53ef\u4f7f\u7528\u9ad8\u4f18\u5148\u7ea7\u7684\u865a\u62df\u673a\u7ed1\u5b9a\u7684CPU\uff0c\u5373\u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u53ef\u8303\u56f4\u7ed1\u5b9a cpu_shared_set \u4e0e cpu_dedicated_set \u6307\u5b9a\u7684CPU\u3002 \u865a\u62df\u673axml \u00b6 \u9ad8\u4f4e\u4f18\u5148\u7ea7\u673a\u5668\u521b\u5efa\u6309\u7167priority\u6807\u5fd7\uff0c\u5bf9\u865a\u62df\u673a\u8fdb\u884c\u6807\u8bc6\u3002 Libvirt XML\u4e2d\u65b0\u589e\u5c5e\u6027 <resource> \u7247\u6bb5\uff0c\u5305\u62ec /high_prio_machine \u3001 /low_prio_machine \u4e24\u79cd\u503c\uff0c\u5206\u522b\u8868\u793a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u3002\u8be5\u7247\u6bb5\u672c\u8eab\u5728Nova\u4e2d\u6ca1\u6709\u4efb\u4f55\u4f5c\u7528\uff0c\u53ea\u662f\u4e3a Skylark QoS\u670d\u52a1\u6307\u660eVM\u7684\u9ad8\u4f4e\u4f18\u5148\u7ea7\u5c5e\u6027\u3002 \u4e3e\u4f8b \u00b6 \u5047\u8bbe\u4e00\u4e2acompute\u8282\u70b9\u62e5\u670914\u4e2acore\uff0c\u8bbe\u7f6ecpu_dedicated_set=0-11\uff0c\u4e00\u517112\u4e2a\u6838\uff0ccpu_shared_set=12-13\uff0c\u4e00\u51712\u4e2a\u6838\u5fc3\uff0ccpu_allocation_ratio=8 \u5219\uff1a \u9ad8\u4f18VM\u5728scheduler\u89c6\u89d2\u53ef\u7528core\u4e3a12\uff0ccompute\u89c6\u89d2\u53ef\u7ed1\u6838core\u4e5f\u662f12\uff0c\u4e0eNova\u539f\u6709\u903b\u8f91\u4e00\u81f4\u3002 \u4f4e\u4f18VM\u5728scheduler\u89c6\u89d2\u53ef\u7528core\u4e3a2 * 8 = 16\uff0ccompute\u89c6\u89d2\u53ef\u7ed1\u6838core\u4e3a2(\u5f53cpu_priority_mix_enable=False)\uff0c\u4e0eNova\u539f\u6709\u903b\u8f91\u4e00\u81f4\u3002 \u4f4e\u4f18VM\u5728scheduler\u89c6\u89d2\u53ef\u7528core\u4e3a2 * 8 = 16\uff0ccompute\u89c6\u89d2\u53ef\u7ed1\u6838core\u4e3a2+12(\u5f53cpu_priority_mix_enable=True)\uff0c\u4e0eNova\u539f\u6709\u903b\u8f91\u6709\u5dee\u5f02\u3002 \u53c2\u6570\u914d\u7f6e\u5efa\u8bae \u00b6 \u5148\u786e\u5b9a\u5168\u5c40\u8d85\u5206\u6bd4\u548c\u6781\u7aef\u8d85\u5206\u6bd4\u3002 \u5168\u5c40\u8d85\u5206\u6bd4\u7684\u5b9a\u4e49\uff1a\u6240\u6709\u53ef\u5206\u914dvCPU\u6570\u91cf\uff08\u9ad8\u548c\u4f4e\u603b\u548c\uff09\u4e0e\u6240\u6709\u53ef\u7528\u7269\u7406core\u6570\u91cf\u7684\u6bd4\u503c\uff0c\u8fd9\u662f\u4e00\u4e2a\u8ba1\u7b97\u51fa\u6765\u7684\u7406\u8bba\u503c\uff0c\u6bd4\u5982\u4e0a\u8ff0\u4e3e\u4f8b\u4e2d\uff0c\u5168\u5c40\u8d85\u5206\u6bd4\u4e3a (12 + 2 \\* 8) / 14 = 2\u3002 \u5168\u5c40\u8d85\u5206\u6bd4\u7684\u610f\u4e49\uff1a\u5728\u9ad8\u4f4e\u4f18\u5148\u7ea7\u573a\u666f\u4e0b\uff0c\u5168\u5c40\u8d85\u5206\u6bd4\u4e3b\u8981\u5f71\u54cd\u4f4e\u4f18\u5148\u7ea7\u865a\u673a\u4e00\u822c\u6761\u4ef6\u4e0b\uff08\u9ad8\u4f18\u5148\u7ea7\u865a\u673avCPU\u6ca1\u6709\u540c\u65f6\u51b2\u9ad8\uff09\u7684QoS\u3002\u8bbe\u7f6e\u5408\u7406\u7684\u5168\u5c40\u8d85\u5206\u6bd4\u53ef\u4ee5\u51cf\u5c11\u5e95\u5c42\u8d44\u6e90\u5145\u8db3\u4f46\u8c03\u5ea6\u5931\u8d25\u7684\u60c5\u51b5\u51fa\u73b0\u3002 \u6781\u7aef\u8d85\u5206\u6bd4\u7684\u5b9a\u4e49\uff1a\u5373cpu_allocation_ratio\u3002\u53ea\u5f71\u54cdshare\u6838\u5fc3\u7684\u8d85\u5206\u80fd\u529b\u3002 \u6781\u7aef\u8d85\u5206\u6bd4\u7684\u610f\u4e49\uff1a\u5728\u9ad8\u4f4e\u4f18\u5148\u7ea7\u573a\u666f\u4e0b\uff0c\u6781\u7aef\u8d85\u5206\u6bd4\u4e3b\u8981\u5f71\u54cd\u4f4e\u4f18\u5148\u7ea7\u865a\u673a\u6781\u7aef\u6761\u4ef6\u4e0b\uff08\u6240\u6709\u9ad8\u4f18\u5148\u7ea7\u865a\u673avCPU\u540c\u65f6\u51b2\u9ad8\uff09\u7684QoS\u3002 \u7528\u6237\u7ed3\u5408\u4e1a\u52a1\u7279\u5f81\u53caQoS\u76ee\u6807\uff0c\u9009\u62e9\u5408\u9002\u7684\u5168\u5c40\u8d85\u5206\u6bd4\u548c\u6781\u7aef\u8d85\u5206\u6bd4\u540e\uff0c\u7136\u540e\u6309\u7167\u4e0b\u9762\u7684\u8ba1\u7b97\u516c\u5f0f\uff0c\u914d\u7f6e\u5408\u7406\u7684cpu_dedicated_set\u53cacpu_shared_set\u3002 \u8ba1\u7b97\u516c\u5f0f\uff1a ``` \u7528\u6237\u671f\u671b\u7684\u5168\u5c40\u8d85\u5206\u6bd4 = (\u6781\u7aef\u8d85\u5206\u6bd4 * shared\u6838\u5fc3\u6570 + dedicated\u6838\u5fc3\u6570) / compute\u6240\u6709\u6838\u5fc3\u6570 ``` \u8fd8\u662f\u4ee5\u4e0a\u8ff0compute\u8282\u70b9\u4e3a\u4f8b\uff0ccompute\u6240\u6709\u6838\u5fc3\u6570\u4e3a14\uff0c\u5047\u8bbe\u6781\u7aef\u8d85\u5206\u6bd4\u4e3a8\uff0c\u5219\u8ba1\u7b97\u53ef\u5f97\uff1a ``` \u5f53dedicated\u6838\u5fc3\u6570\u4e3a12\u65f6\uff0cshared\u6838\u5fc3\u6570\u4e3a2\u65f6\uff0c\u7528\u6237\u671f\u671b\u7684\u5168\u5c40\u8d85\u5206 = (8*2+12)/14 = 2 \u5f53dedicated\u6838\u5fc3\u6570\u4e3a4\u65f6\uff0cshared\u6838\u5fc3\u6570\u4e3a10\u65f6\uff0c\u7528\u6237\u671f\u671b\u7684\u5168\u5c40\u8d85\u5206 = (8*10+4)/14 = 6 ``` \u5f00\u53d1\u8282\u594f \u00b6 \u5f00\u53d1\u8005\uff1a \u738b\u73ba\u6e90 wangxiyuan1007@gmail.com \u90ed\u96f7 guolei_yewu@cmss.chinamobile.com \u9a6c\u5e72\u6797 maganlin_yewu@cmss.chinamobile.com \u97e9\u5149\u5b87 hanguangyu@uniontech.com \u5f20\u8fce zhangy1317@foxmail.com \u5f20\u5e06 zh.f@outlook.com \u65f6\u95f4\u70b9\uff1a 2022-04-01\u52302022-05-30 \u5b8c\u6210\u5f00\u53d1 2022-06-01\u52302022-07-30 \u6d4b\u8bd5\u3001\u8054\u8c03\u3001\u5237\u65b0\u4ee3\u7801 2022-08-01\u52302022-08-30 \u5b8c\u6210RPM\u5305\u6784\u5efa 2022-09-30\u5f15\u5165openEuler 22.09 Yoga\u7248\u672c 2022-12-30\u5f15\u5165openEuler 22.03 LTS SP1 Train\u7248\u672c","title":"\u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7"},{"location":"spec/priority_vm/#_1","text":"\u865a\u62df\u673a\u6df7\u5408\u90e8\u7f72\u662f\u6307\u628a\u5bf9CPU\u3001IO\u3001Memory\u7b49\u8d44\u6e90\u6709\u4e0d\u540c\u9700\u6c42\u7684\u865a\u62df\u673a\u901a\u8fc7\u8c03\u5ea6\u65b9\u5f0f\u90e8\u7f72\u3001\u8fc1\u79fb\u5230\u540c\u4e00\u4e2a\u8ba1\u7b97\u8282\u70b9\u4e0a\uff0c\u4ece\u800c\u4f7f\u5f97\u8282\u70b9\u7684\u8d44\u6e90\u5f97\u5230\u5145\u5206\u5229\u7528\u3002\u5728\u5355\u673a\u7684\u8d44\u6e90\u8c03\u5ea6\u5206\u914d\u4e0a\uff0c\u533a\u5206\u51fa\u9ad8\u4f4e\u4f18\u5148\u7ea7\uff0c\u5373\u9ad8\u4f18\u5148\u7ea7\u865a\u673a\u548c\u4f4e\u4f18\u5148\u7ea7\u865a\u673a\u53d1\u751f\u8d44\u6e90\u7ade\u4e89\u65f6\uff0c\u8d44\u6e90\u4f18\u5148\u5206\u914d\u7ed9\u524d\u8005\uff0c\u4e25\u683c\u4fdd\u969c\u5176QoS\u3002 \u865a\u62df\u673a\u6df7\u5408\u90e8\u7f72\u7684\u573a\u666f\u6709\u591a\u79cd\uff0c\u6bd4\u5982\u901a\u8fc7\u52a8\u6001\u8d44\u6e90\u8c03\u5ea6\u6ee1\u8db3\u8282\u70b9\u8d44\u6e90\u7684\u52a8\u6001\u8c03\u6574\uff1b\u6839\u636e\u7528\u6237\u4f7f\u7528\u4e60\u60ef\u52a8\u6001\u8c03\u6574\u8282\u70b9\u865a\u62df\u673a\u5206\u5e03\u7b49\u7b49\u3002\u800c\u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u8c03\u5ea6\u4e5f\u662f\u5176\u4e2d\u7684\u4e00\u79cd\u5b9e\u73b0\u65b9\u6cd5\u3002 \u5728OpenStack Nova\u4e2d\u5f15\u5165\u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u6280\u672f\uff0c\u53ef\u4ee5\u4e00\u5b9a\u7a0b\u5ea6\u4e0a\u6ee1\u8db3\u865a\u62df\u673a\u7684\u6df7\u5408\u90e8\u7f72\u8981\u6c42\u3002\u672c\u6587\u6863\u4e3b\u8981\u9488\u5bf9OpenStack Nova\u865a\u62df\u673a\u521b\u5efa\u529f\u80fd\uff0c\u4ecb\u7ecd\u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u8c03\u5ea6\u7684\u8bbe\u8ba1\u4e0e\u5b9e\u73b0\u3002","title":"\u9ad8\u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u6df7\u90e8"},{"location":"spec/priority_vm/#_2","text":"\u5728Nova\u7684\u865a\u62df\u673a\u521b\u5efa\u3001\u8fc1\u79fb\u6d41\u7a0b\u4e2d\u5f15\u5165\u9ad8\u4f4e\u4f18\u5148\u7ea7\u6982\u5ff5\uff0c\u865a\u62df\u673a\u5bf9\u8c61\u65b0\u589e\u9ad8\u4f4e\u4f18\u5148\u7ea7\u5c5e\u6027\u3002\u9ad8\u4f18\u5148\u7ea7\u865a\u62df\u673a\u5728\u8c03\u5ea6\u7684\u8fc7\u7a0b\u4e2d\uff0c\u4f1a\u5c3d\u53ef\u80fd\u7684\u8c03\u5ea6\u5230\u8d44\u6e90\u5145\u8db3\u7684\u8282\u70b9\uff0c\u8fd9\u6837\u7684\u8282\u70b9\u9700\u8981\u81f3\u5c11\u6ee1\u8db3\u5185\u5b58\u4e0d\u8d85\u5356\u3001\u9ad8\u4f18\u5148\u7ea7\u865a\u62df\u673a\u6240\u7528CPU\u4e0d\u8d85\u5356\u7684\u8981\u6c42\u3002 \u672c\u7279\u6027\u7684\u5b9e\u73b0\u57fa\u4e8eOpenStack Yoga\u7248\u672c\uff0c\u627f\u8f7d\u4e8eopenEuler 22.09\u521b\u65b0\u7248\u672c\u4e2d\u3002\u540c\u65f6\u5f15\u5165openEuler 22.03 LTS SP1\u7684Train\u7248\u672c\u3002","title":"\u5b9e\u73b0\u65b9\u6848"},{"location":"spec/priority_vm/#_3","text":"\u7528\u6237\u521b\u5efaflavor\u6216\u521b\u5efa\u865a\u673a\u65f6\uff0c\u53ef\u6307\u5b9a\u5176\u4f18\u5148\u7ea7\u5c5e\u6027\u3002\u4f46\u4f18\u5148\u7ea7\u5c5e\u6027\u4e0d\u5f71\u54cdNova\u73b0\u6709\u7684\u8d44\u6e90\u6a21\u578b\u53ca\u8282\u70b9\u8c03\u5ea6\u7b56\u7565\uff0c\u5373Nova\u4ecd\u6309\u6b63\u5e38\u6d41\u7a0b\u9009\u53d6\u8ba1\u7b97\u8282\u70b9\u53ca\u521b\u5efa\u865a\u673a\u3002 \u865a\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u7279\u6027\u4e3b\u8981\u5f71\u54cd\u865a\u673a\u521b\u5efa\u540e\u5355\u673a\u5c42\u9762\u7684\u8d44\u6e90\u8c03\u5ea6\u5206\u914d\u7b56\u7565\u3002\u9ad8\u4f18\u5148\u7ea7\u865a\u673a\u548c\u4f4e\u4f18\u5148\u7ea7\u865a\u673a\u53d1\u751f\u8d44\u6e90\u7ade\u4e89\u65f6\uff0c\u8d44\u6e90\u4f18\u5148\u5206\u914d\u7ed9\u524d\u8005\uff0c\u4e25\u683c\u4fdd\u969c\u5176QoS\u3002 Nova\u9488\u5bf9\u865a\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u7279\u6027\u6709\u4ee5\u4e0b\u6539\u53d8\uff1a 1. VM\u5bf9\u8c61\u548cflavor\u65b0\u589e\u9ad8\u4f4e\u4f18\u5148\u7ea7\u5c5e\u6027\u914d\u7f6e\u3002\u540c\u65f6\u7ed3\u5408\u4e1a\u52a1\u573a\u666f\uff0c\u7ea6\u675f\u9ad8\u4f18\u5148\u7ea7\u5c5e\u6027\u53ea\u80fd\u8bbe\u7f6e\u7ed9\u7ed1\u6838\u7c7b\u578b\u865a\u673a\uff0c\u4f4e\u4f18\u5148\u7ea7\u5c5e\u6027\u53ea\u80fd\u8bbe\u7f6e\u7ed9\u975e\u7ed1\u6838\u7c7b\u865a\u673a\u3002 2. \u5bf9\u4e8e\u5177\u6709\u4f18\u5148\u7ea7\u5c5e\u6027\u7684\u865a\u673a\uff0c\u9700\u4fee\u6539libvirt XML\u914d\u7f6e\uff0c\u8ba9\u5355\u673a\u4e0a\u7684QoS\u7ba1\u7406\u7ec4\u4ef6\uff08\u540d\u4e3aSkylark\uff09\u611f\u77e5\uff0c\u4ece\u800c\u81ea\u52a8\u8fdb\u884c\u8d44\u6e90\u5206\u914d\u548cQoS\u7ba1\u7406\u3002 3. \u4f4e\u4f18\u5148\u7ea7\u865a\u673a\u7684\u7ed1\u6838\u8303\u56f4\u6709\u6539\u53d8\uff0c\u4ee5\u5145\u5206\u5229\u7528\u9ad8\u4f18\u5148\u7ea7\u865a\u673a\u7a7a\u95f2\u7684\u8d44\u6e90\u3002","title":"\u603b\u4f53\u67b6\u6784"},{"location":"spec/priority_vm/#_4","text":"VM\u5bf9\u8c61\u65b0\u589e\u53ef\u9009\u5c5e\u6027 priority \uff0c priority \u53ef\u88ab\u8bbe\u7f6e\u6210 high \u6216 low \uff0c\u5206\u522b\u8868\u793a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u3002 flavor extra_specs\u65b0\u589e hw:cpu_priority \u5b57\u6bb5\uff0c\u6807\u8bc6\u4e3a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u89c4\u683c\uff0c\u503c\u4e3a high \u6216 low \u3002 \u53c2\u6570\u9650\u5236\u53ca\u89c4\u5219\uff1a priority=high \u5fc5\u987b\u4e0e hw:cpu_policy=dedicated \u914d\u5957\u4f7f\u7528\uff0c\u5426\u5219\u62a5\u9519\u3002 priority=low \u5fc5\u987b\u4e0e hw:cpu_policy=shared (\u9ed8\u8ba4\u503c)\u914d\u5957\u4f7f\u7528\uff0c\u5426\u5219\u62a5\u9519\u3002 VM\u5bf9\u8c61\u7684\u4f18\u5148\u7ea7\u914d\u7f6e\u548cflavor\u7684\u4f18\u5148\u7ea7\u914d\u7f6e\u90fd\u4e3a\u53ef\u9009\uff0c\u90fd\u4e0d\u914d\u7f6e\u65f6\u4ee3\u8868\u662f\u666e\u901aVM\uff0c\u90fd\u914d\u7f6e\u65f6\u4ee5VM\u5bf9\u8c61\u7684\u4f18\u5148\u7ea7\u5c5e\u6027\u4e3a\u51c6\u3002 \u666e\u901aVM\u53ef\u4e0e\u5177\u6709\u4f18\u5148\u7ea7\u5c5e\u6027\u7684VM\u5171\u5b58\uff0c\u56e0\u4e3a\u4f18\u5148\u7ea7\u5c5e\u6027\u4e0d\u5f71\u54cdNova\u73b0\u6709\u7684\u8d44\u6e90\u6a21\u578b\u53ca\u8282\u70b9\u8c03\u5ea6\u7b56\u7565\u3002\u5f53\u666e\u901aVM\u4e0e\u9ad8\u4f18\u5148\u7ea7VM\u53d1\u751f\u8d44\u6e90\u7ade\u4e89\u65f6\uff0cSkylark\u7ec4\u4ef6\u4e0d\u4f1a\u5e72\u9884\u3002\u5f53\u666e\u901aVM\u4e0e\u4f4e\u4f18\u5148\u7ea7VM\u53d1\u751f\u8d44\u6e90\u7ade\u4e89\u65f6\uff0cSkylark\u7ec4\u4ef6\u4f1a\u4f18\u5148\u4fdd\u969c\u666e\u901aVM\u7684\u8d44\u6e90\u5206\u914d\u3002","title":"\u8d44\u6e90\u6a21\u578b"},{"location":"spec/priority_vm/#api","text":"\u521b\u5efa\u865a\u62df\u673aAPI\u4e2d\u53ef\u9009\u53c2\u6570 os:scheduler_hints.priority \u53ef\u88ab\u8bbe\u7f6e\u6210 high \u6216 low \uff0c\u7528\u4e8e\u8bbe\u7f6eVM\u5bf9\u8c61\u7684\u4f18\u5148\u7ea7\u3002 POST v2/servers (v2.1\u9ed8\u8ba4\u7248\u672c) { \"OS-SCH-HNT:scheduler_hints\": {\"priority\": \"high\"} }","title":"API"},{"location":"spec/priority_vm/#scheduler","text":"\u4fdd\u6301\u4e0d\u53d8","title":"Scheduler"},{"location":"spec/priority_vm/#compute","text":"","title":"Compute"},{"location":"spec/priority_vm/#_5","text":"\u4fdd\u6301\u4e0d\u53d8","title":"\u8d44\u6e90\u4e0a\u62a5"},{"location":"spec/priority_vm/#_6","text":"\u9ad8\u4f4e\u4f18\u5148\u7ea7\u673a\u5668\u521b\u5efa\u6309\u7167priority\u6807\u5fd7\u5206\u914dCPU\uff1a \u9ad8\u4f18\u5148\u7ea7\u865a\u62df\u673a\u53ea\u80fd\u662f\u7ed1\u6838\u7c7b\u578b\u865a\u673a\uff0c\u4e00\u5bf9\u4e00\u7ed1\u5b9a cpu_dedicated_set \u4e2d\u6307\u5b9aCPU \u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u53ea\u80fd\u662f\u975e\u7ed1\u6838\u7c7b\u578b\u865a\u673a\uff0c\u9ed8\u8ba4\u8303\u56f4\u7ed1\u5b9a cpu_shared_set \u4e2d\u6307\u5b9a\u7684CPU\u3002 \u6b64\u5916\uff0c nova.conf \u7684 compute \u5757\u4e2d\u65b0\u589e\u914d\u7f6e\u9879 cpu_priority_mix_enable \uff0c\u9ed8\u8ba4\u503c\u4e3aFalse\u3002\u8bbe\u7f6e\u4e3aTrue\u540e\uff0c\u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u53ef\u4f7f\u7528\u9ad8\u4f18\u5148\u7ea7\u7684\u865a\u62df\u673a\u7ed1\u5b9a\u7684CPU\uff0c\u5373\u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u53ef\u8303\u56f4\u7ed1\u5b9a cpu_shared_set \u4e0e cpu_dedicated_set \u6307\u5b9a\u7684CPU\u3002","title":"\u8d44\u6e90\u5206\u914d\u7ed1\u5b9a"},{"location":"spec/priority_vm/#xml","text":"\u9ad8\u4f4e\u4f18\u5148\u7ea7\u673a\u5668\u521b\u5efa\u6309\u7167priority\u6807\u5fd7\uff0c\u5bf9\u865a\u62df\u673a\u8fdb\u884c\u6807\u8bc6\u3002 Libvirt XML\u4e2d\u65b0\u589e\u5c5e\u6027 <resource> \u7247\u6bb5\uff0c\u5305\u62ec /high_prio_machine \u3001 /low_prio_machine \u4e24\u79cd\u503c\uff0c\u5206\u522b\u8868\u793a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u3002\u8be5\u7247\u6bb5\u672c\u8eab\u5728Nova\u4e2d\u6ca1\u6709\u4efb\u4f55\u4f5c\u7528\uff0c\u53ea\u662f\u4e3a Skylark QoS\u670d\u52a1\u6307\u660eVM\u7684\u9ad8\u4f4e\u4f18\u5148\u7ea7\u5c5e\u6027\u3002","title":"\u865a\u62df\u673axml"},{"location":"spec/priority_vm/#_7","text":"\u5047\u8bbe\u4e00\u4e2acompute\u8282\u70b9\u62e5\u670914\u4e2acore\uff0c\u8bbe\u7f6ecpu_dedicated_set=0-11\uff0c\u4e00\u517112\u4e2a\u6838\uff0ccpu_shared_set=12-13\uff0c\u4e00\u51712\u4e2a\u6838\u5fc3\uff0ccpu_allocation_ratio=8 \u5219\uff1a \u9ad8\u4f18VM\u5728scheduler\u89c6\u89d2\u53ef\u7528core\u4e3a12\uff0ccompute\u89c6\u89d2\u53ef\u7ed1\u6838core\u4e5f\u662f12\uff0c\u4e0eNova\u539f\u6709\u903b\u8f91\u4e00\u81f4\u3002 \u4f4e\u4f18VM\u5728scheduler\u89c6\u89d2\u53ef\u7528core\u4e3a2 * 8 = 16\uff0ccompute\u89c6\u89d2\u53ef\u7ed1\u6838core\u4e3a2(\u5f53cpu_priority_mix_enable=False)\uff0c\u4e0eNova\u539f\u6709\u903b\u8f91\u4e00\u81f4\u3002 \u4f4e\u4f18VM\u5728scheduler\u89c6\u89d2\u53ef\u7528core\u4e3a2 * 8 = 16\uff0ccompute\u89c6\u89d2\u53ef\u7ed1\u6838core\u4e3a2+12(\u5f53cpu_priority_mix_enable=True)\uff0c\u4e0eNova\u539f\u6709\u903b\u8f91\u6709\u5dee\u5f02\u3002","title":"\u4e3e\u4f8b"},{"location":"spec/priority_vm/#_8","text":"\u5148\u786e\u5b9a\u5168\u5c40\u8d85\u5206\u6bd4\u548c\u6781\u7aef\u8d85\u5206\u6bd4\u3002 \u5168\u5c40\u8d85\u5206\u6bd4\u7684\u5b9a\u4e49\uff1a\u6240\u6709\u53ef\u5206\u914dvCPU\u6570\u91cf\uff08\u9ad8\u548c\u4f4e\u603b\u548c\uff09\u4e0e\u6240\u6709\u53ef\u7528\u7269\u7406core\u6570\u91cf\u7684\u6bd4\u503c\uff0c\u8fd9\u662f\u4e00\u4e2a\u8ba1\u7b97\u51fa\u6765\u7684\u7406\u8bba\u503c\uff0c\u6bd4\u5982\u4e0a\u8ff0\u4e3e\u4f8b\u4e2d\uff0c\u5168\u5c40\u8d85\u5206\u6bd4\u4e3a (12 + 2 \\* 8) / 14 = 2\u3002 \u5168\u5c40\u8d85\u5206\u6bd4\u7684\u610f\u4e49\uff1a\u5728\u9ad8\u4f4e\u4f18\u5148\u7ea7\u573a\u666f\u4e0b\uff0c\u5168\u5c40\u8d85\u5206\u6bd4\u4e3b\u8981\u5f71\u54cd\u4f4e\u4f18\u5148\u7ea7\u865a\u673a\u4e00\u822c\u6761\u4ef6\u4e0b\uff08\u9ad8\u4f18\u5148\u7ea7\u865a\u673avCPU\u6ca1\u6709\u540c\u65f6\u51b2\u9ad8\uff09\u7684QoS\u3002\u8bbe\u7f6e\u5408\u7406\u7684\u5168\u5c40\u8d85\u5206\u6bd4\u53ef\u4ee5\u51cf\u5c11\u5e95\u5c42\u8d44\u6e90\u5145\u8db3\u4f46\u8c03\u5ea6\u5931\u8d25\u7684\u60c5\u51b5\u51fa\u73b0\u3002 \u6781\u7aef\u8d85\u5206\u6bd4\u7684\u5b9a\u4e49\uff1a\u5373cpu_allocation_ratio\u3002\u53ea\u5f71\u54cdshare\u6838\u5fc3\u7684\u8d85\u5206\u80fd\u529b\u3002 \u6781\u7aef\u8d85\u5206\u6bd4\u7684\u610f\u4e49\uff1a\u5728\u9ad8\u4f4e\u4f18\u5148\u7ea7\u573a\u666f\u4e0b\uff0c\u6781\u7aef\u8d85\u5206\u6bd4\u4e3b\u8981\u5f71\u54cd\u4f4e\u4f18\u5148\u7ea7\u865a\u673a\u6781\u7aef\u6761\u4ef6\u4e0b\uff08\u6240\u6709\u9ad8\u4f18\u5148\u7ea7\u865a\u673avCPU\u540c\u65f6\u51b2\u9ad8\uff09\u7684QoS\u3002 \u7528\u6237\u7ed3\u5408\u4e1a\u52a1\u7279\u5f81\u53caQoS\u76ee\u6807\uff0c\u9009\u62e9\u5408\u9002\u7684\u5168\u5c40\u8d85\u5206\u6bd4\u548c\u6781\u7aef\u8d85\u5206\u6bd4\u540e\uff0c\u7136\u540e\u6309\u7167\u4e0b\u9762\u7684\u8ba1\u7b97\u516c\u5f0f\uff0c\u914d\u7f6e\u5408\u7406\u7684cpu_dedicated_set\u53cacpu_shared_set\u3002 \u8ba1\u7b97\u516c\u5f0f\uff1a ``` \u7528\u6237\u671f\u671b\u7684\u5168\u5c40\u8d85\u5206\u6bd4 = (\u6781\u7aef\u8d85\u5206\u6bd4 * shared\u6838\u5fc3\u6570 + dedicated\u6838\u5fc3\u6570) / compute\u6240\u6709\u6838\u5fc3\u6570 ``` \u8fd8\u662f\u4ee5\u4e0a\u8ff0compute\u8282\u70b9\u4e3a\u4f8b\uff0ccompute\u6240\u6709\u6838\u5fc3\u6570\u4e3a14\uff0c\u5047\u8bbe\u6781\u7aef\u8d85\u5206\u6bd4\u4e3a8\uff0c\u5219\u8ba1\u7b97\u53ef\u5f97\uff1a ``` \u5f53dedicated\u6838\u5fc3\u6570\u4e3a12\u65f6\uff0cshared\u6838\u5fc3\u6570\u4e3a2\u65f6\uff0c\u7528\u6237\u671f\u671b\u7684\u5168\u5c40\u8d85\u5206 = (8*2+12)/14 = 2 \u5f53dedicated\u6838\u5fc3\u6570\u4e3a4\u65f6\uff0cshared\u6838\u5fc3\u6570\u4e3a10\u65f6\uff0c\u7528\u6237\u671f\u671b\u7684\u5168\u5c40\u8d85\u5206 = (8*10+4)/14 = 6 ```","title":"\u53c2\u6570\u914d\u7f6e\u5efa\u8bae"},{"location":"spec/priority_vm/#_9","text":"\u5f00\u53d1\u8005\uff1a \u738b\u73ba\u6e90 wangxiyuan1007@gmail.com \u90ed\u96f7 guolei_yewu@cmss.chinamobile.com \u9a6c\u5e72\u6797 maganlin_yewu@cmss.chinamobile.com \u97e9\u5149\u5b87 hanguangyu@uniontech.com \u5f20\u8fce zhangy1317@foxmail.com \u5f20\u5e06 zh.f@outlook.com \u65f6\u95f4\u70b9\uff1a 2022-04-01\u52302022-05-30 \u5b8c\u6210\u5f00\u53d1 2022-06-01\u52302022-07-30 \u6d4b\u8bd5\u3001\u8054\u8c03\u3001\u5237\u65b0\u4ee3\u7801 2022-08-01\u52302022-08-30 \u5b8c\u6210RPM\u5305\u6784\u5efa 2022-09-30\u5f15\u5165openEuler 22.09 Yoga\u7248\u672c 2022-12-30\u5f15\u5165openEuler 22.03 LTS SP1 Train\u7248\u672c","title":"\u5f00\u53d1\u8282\u594f"},{"location":"test/openEuler-20.03-LTS-SP2/","text":"\u7248\u6743\u6240\u6709 \u00a9 2021 openEuler\u793e\u533a \u60a8\u5bf9\u201c\u672c\u6587\u6863\u201d\u7684\u590d\u5236\u3001\u4f7f\u7528\u3001\u4fee\u6539\u53ca\u5206\u53d1\u53d7\u77e5\u8bc6\u5171\u4eab(Creative Commons)\u7f72\u540d\u2014\u76f8\u540c\u65b9\u5f0f\u5171\u4eab4.0\u56fd\u9645\u516c\u5171\u8bb8\u53ef\u534f\u8bae(\u4ee5\u4e0b\u7b80\u79f0\u201cCC BY-SA 4.0\u201d)\u7684\u7ea6\u675f\u3002\u4e3a\u4e86\u65b9\u4fbf\u7528\u6237\u7406\u89e3\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95ee https://creativecommons.org/licenses/by-sa/4.0/ \u4e86\u89e3CC BY-SA 4.0\u7684\u6982\u8981 (\u4f46\u4e0d\u662f\u66ff\u4ee3)\u3002CC BY-SA 4.0\u7684\u5b8c\u6574\u534f\u8bae\u5185\u5bb9\u60a8\u53ef\u4ee5\u8bbf\u95ee\u5982\u4e0b\u7f51\u5740\u83b7\u53d6\uff1a https://creativecommons.org/licenses/by-sa/4.0/legalcode\u3002 \u4fee\u8ba2\u8bb0\u5f55 \u65e5\u671f \u4fee\u8ba2\u7248\u672c \u4fee\u6539\u63cf\u8ff0 \u4f5c\u8005 2021-6-16 1 \u521d\u7a3f \u738b\u73ba\u6e90 2021-6-17 2 \u589e\u52a0Rocky\u7248\u672c\u6d4b\u8bd5\u62a5\u544a \u9ec4\u586b\u534e \u5173\u952e\u8bcd\uff1a OpenStack \u6458\u8981\uff1a \u5728openEuler 20.03 LTS SP2\u7248\u672c\u4e2d\u63d0\u4f9bOpenStack Queens\u3001Rocky\u7248\u672c\u7684RPM\u5b89\u88c5\u5305\u3002\u65b9\u4fbf\u7528\u6237\u5feb\u901f\u90e8\u7f72OpenStack\u3002 \u7f29\u7565\u8bed\u6e05\u5355\uff1a \u7f29\u7565\u8bed \u82f1\u6587\u5168\u540d \u4e2d\u6587\u89e3\u91ca CLI Command Line Interface \u547d\u4ee4\u884c\u5de5\u5177 ECS Elastic Cloud Server \u5f39\u6027\u4e91\u670d\u52a1\u5668 1 \u7279\u6027\u6982\u8ff0 \u00b6 \u5728openEuler 20.03 LTS SP2 release\u4e2d\u63d0\u4f9bOpenStack Queens\u3001Rocky RPM\u5b89\u88c5\u5305\u652f\u6301\uff0c\u5305\u62ec\u9879\u76ee\uff1aKeystone\u3001Glance\u3001Nova\u3001Neutron\u3001Cinder\u3001Ironic\u3001Trove\u3001Kolla\u3001Horizon\u3001Tempest\u4ee5\u53ca\u6bcf\u4e2a\u9879\u76ee\u914d\u5957\u7684CLI\u3002 2 \u7279\u6027\u6d4b\u8bd5\u4fe1\u606f \u00b6 \u672c\u8282\u63cf\u8ff0\u88ab\u6d4b\u5bf9\u8c61\u7684\u7248\u672c\u4fe1\u606f\u548c\u6d4b\u8bd5\u7684\u65f6\u95f4\u53ca\u6d4b\u8bd5\u8f6e\u6b21\uff0c\u5305\u62ec\u4f9d\u8d56\u7684\u786c\u4ef6\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u8d77\u59cb\u65f6\u95f4 \u6d4b\u8bd5\u7ed3\u675f\u65f6\u95f4 openEuler 20.03 LTS SP2 (OpenStack\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2021.6.1 2021.6.7 openEuler 20.03 LTS SP2 \uff08OpenStack\u57fa\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5\uff09 2021.6.8 2021.6.10 openEuler 20.03 LTS SP2 \uff08OpenStack tempest\u96c6\u6210\u6d4b\u8bd5\uff09 2021.6.11 2021.6.15 openEuler 20.03 LTS SP2 \uff08\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5\uff09 2021.6.16 2021.6.17 \u63cf\u8ff0\u7279\u6027\u6d4b\u8bd5\u7684\u786c\u4ef6\u73af\u5883\u4fe1\u606f \u786c\u4ef6\u578b\u53f7 \u786c\u4ef6\u914d\u7f6e\u4fe1\u606f \u5907\u6ce8 \u534e\u4e3a\u4e91ECS Intel Cascade Lake 3.0GHz 8U16G \u534e\u4e3a\u4e91x86\u865a\u62df\u673a \u534e\u4e3a\u4e91ECS Huawei Kunpeng 920 2.6GHz 8U16G \u534e\u4e3a\u4e91arm64\u865a\u62df\u673a TaiShan 200-2280 Kunpeng 920,48 Core@2.6GHz*2; 256GB DDR4 RAM ARM\u67b6\u6784\u670d\u52a1\u5668 3 \u6d4b\u8bd5\u7ed3\u8bba\u6982\u8ff0 \u00b6 3.1 \u6d4b\u8bd5\u6574\u4f53\u7ed3\u8bba \u00b6 OpenStack Queens\u7248\u672c\uff0c\u5171\u8ba1\u6267\u884cTempest\u7528\u4f8b1164\u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86API\u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc77*24\u7684\u957f\u7a33\u6d4b\u8bd5\uff0cSkip\u7528\u4f8b52\u4e2a\uff08\u5168\u662fopenStack Queens\u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982Keystone V1\u3001Cinder V1\u7b49\uff09\uff0c\u5931\u8d25\u7528\u4f8b3\u4e2a\uff08\u6d4b\u8bd5\u7528\u4f8b\u672c\u8eab\u95ee\u9898\uff09\uff0c\u5176\u4ed61109\u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 OpenStack Rocky\u7248\u672c\uff0c\u5171\u8ba1\u6267\u884cTempest\u7528\u4f8b1197\u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86API\u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc77*24\u7684\u957f\u7a33\u6d4b\u8bd5\uff0cSkip\u7528\u4f8b105\u4e2a\uff08\u5168\u662fopenStack Rocky\u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982KeystoneV1\u3001Cinder V1\u7b49\uff0c\u548c\u4e0d\u652f\u6301\u7684barbican\u9879\u76ee\uff09\uff0c\u5931\u8d25\u7528\u4f8b1\u4e2a\uff0c\u5176\u4ed61091\u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 \u6d4b\u8bd5\u6d3b\u52a8 tempest\u96c6\u6210\u6d4b\u8bd5 \u63a5\u53e3\u6d4b\u8bd5 API\u5168\u8986\u76d6 \u529f\u80fd\u6d4b\u8bd5 Queens\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1164\u4e2a\uff0c\u5176\u4e2dSkip 52\u4e2a\uff0cFail 3\u4e2a\uff0c\u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u529f\u80fd\u6d4b\u8bd5 Rocky\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1197\u4e2a\uff0c\u5176\u4e2dSkip 105\u4e2a\uff0cFail 1\u4e2a, \u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u6d4b\u8bd5\u6d3b\u52a8 \u529f\u80fd\u6d4b\u8bd5 \u529f\u80fd\u6d4b\u8bd5 \u865a\u62df\u673a\uff08KVM\u3001Qemu)\u3001\u5b58\u50a8\uff08lvm\u3001NFS\u3001Ceph\u540e\u7aef\uff09\u3001\u7f51\u7edc\u8d44\u6e90\uff08linuxbridge\u3001openvswitch\uff09\u7ba1\u7406\u64cd\u4f5c\u6b63\u5e38 3.2 \u7ea6\u675f\u8bf4\u660e \u00b6 \u672c\u6b21\u6d4b\u8bd5\u6ca1\u6709\u8986\u76d6OpenStack Queens\u3001Rocky\u7248\u4e2d\u660e\u786e\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff0c\u56e0\u6b64\u4e0d\u80fd\u4fdd\u8bc1\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff08\u524d\u6587\u63d0\u5230\u7684Skip\u7684\u7528\u4f8b\uff09\u5728openEuler 20.03 LTS SP2\u4e0a\u80fd\u6b63\u5e38\u4f7f\u7528\u3002 3.3 \u9057\u7559\u95ee\u9898\u5206\u6790 \u00b6 3.3.1 \u9057\u7559\u95ee\u9898\u5f71\u54cd\u4ee5\u53ca\u89c4\u907f\u63aa\u65bd \u00b6 \u95ee\u9898\u5355\u53f7 \u95ee\u9898\u63cf\u8ff0 \u95ee\u9898\u7ea7\u522b \u95ee\u9898\u5f71\u54cd\u548c\u89c4\u907f\u63aa\u65bd \u5f53\u524d\u72b6\u6001 1 targetcli\u8f6f\u4ef6\u5305\u4e0epython2-rtslib-fb\u5305\u51b2\u7a81\uff0c\u65e0\u6cd5\u5b89\u88c5 \u4e2d \u4f7f\u7528tgtadm\u4ee3\u66fflioadm\u547d\u4ee4 \u89e3\u51b3\u4e2d 2 python2-flake8\u8f6f\u4ef6\u5305\u4f9d\u8d56\u4f4e\u7248\u672c\u7684pyflakes\uff0c\u5bfc\u81f4yum update\u547d\u4ee4\u62a5\u51fa\u8b66\u544a \u4f4e \u4f7f\u7528yum update --nobest\u547d\u4ee4\u5347\u7ea7\u8f6f\u4ef6\u5305 \u89e3\u51b3\u4e2d 3.3.2 \u95ee\u9898\u7edf\u8ba1 \u00b6 \u95ee\u9898\u603b\u6570 \u4e25\u91cd \u4e3b\u8981 \u6b21\u8981 \u4e0d\u91cd\u8981 \u6570\u76ee 14 3 6 5 \u767e\u5206\u6bd4 100 21.4 42.8 35.8 4 \u6d4b\u8bd5\u6267\u884c \u00b6 4.1 \u6d4b\u8bd5\u6267\u884c\u7edf\u8ba1\u6570\u636e \u00b6 \u672c\u8282\u5185\u5bb9\u6839\u636e\u6d4b\u8bd5\u7528\u4f8b\u53ca\u5b9e\u9645\u6267\u884c\u60c5\u51b5\u8fdb\u884c\u7279\u6027\u6574\u4f53\u6d4b\u8bd5\u7684\u7edf\u8ba1\uff0c\u53ef\u6839\u636e\u7b2c\u4e8c\u7ae0\u7684\u6d4b\u8bd5\u8f6e\u6b21\u5206\u5f00\u8fdb\u884c\u7edf\u8ba1\u8bf4\u660e\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u7528\u4f8b\u6570 \u7528\u4f8b\u6267\u884c\u7ed3\u679c \u53d1\u73b0\u95ee\u9898\u5355\u6570 openEuler 20.03 LTS SP2 OpenStack Queens 1164 \u901a\u8fc71109\u4e2a\uff0cskip 52\u4e2a\uff0cFail 3\u4e2a 7 openEuler 20.03 LTS SP2 OpenStack Rocky 1197 \u901a\u8fc71001\u4e2a\uff0cskip 101\u4e2a 7 4.2 \u540e\u7eed\u6d4b\u8bd5\u5efa\u8bae \u00b6 \u6db5\u76d6\u4e3b\u8981\u7684\u6027\u80fd\u6d4b\u8bd5 \u8986\u76d6\u66f4\u591a\u7684driver/plugin\u6d4b\u8bd5 5 \u9644\u4ef6 \u00b6 N/A","title":"openEuler-20.03-LTS-SP2"},{"location":"test/openEuler-20.03-LTS-SP2/#1","text":"\u5728openEuler 20.03 LTS SP2 release\u4e2d\u63d0\u4f9bOpenStack Queens\u3001Rocky RPM\u5b89\u88c5\u5305\u652f\u6301\uff0c\u5305\u62ec\u9879\u76ee\uff1aKeystone\u3001Glance\u3001Nova\u3001Neutron\u3001Cinder\u3001Ironic\u3001Trove\u3001Kolla\u3001Horizon\u3001Tempest\u4ee5\u53ca\u6bcf\u4e2a\u9879\u76ee\u914d\u5957\u7684CLI\u3002","title":"1 \u7279\u6027\u6982\u8ff0"},{"location":"test/openEuler-20.03-LTS-SP2/#2","text":"\u672c\u8282\u63cf\u8ff0\u88ab\u6d4b\u5bf9\u8c61\u7684\u7248\u672c\u4fe1\u606f\u548c\u6d4b\u8bd5\u7684\u65f6\u95f4\u53ca\u6d4b\u8bd5\u8f6e\u6b21\uff0c\u5305\u62ec\u4f9d\u8d56\u7684\u786c\u4ef6\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u8d77\u59cb\u65f6\u95f4 \u6d4b\u8bd5\u7ed3\u675f\u65f6\u95f4 openEuler 20.03 LTS SP2 (OpenStack\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2021.6.1 2021.6.7 openEuler 20.03 LTS SP2 \uff08OpenStack\u57fa\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5\uff09 2021.6.8 2021.6.10 openEuler 20.03 LTS SP2 \uff08OpenStack tempest\u96c6\u6210\u6d4b\u8bd5\uff09 2021.6.11 2021.6.15 openEuler 20.03 LTS SP2 \uff08\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5\uff09 2021.6.16 2021.6.17 \u63cf\u8ff0\u7279\u6027\u6d4b\u8bd5\u7684\u786c\u4ef6\u73af\u5883\u4fe1\u606f \u786c\u4ef6\u578b\u53f7 \u786c\u4ef6\u914d\u7f6e\u4fe1\u606f \u5907\u6ce8 \u534e\u4e3a\u4e91ECS Intel Cascade Lake 3.0GHz 8U16G \u534e\u4e3a\u4e91x86\u865a\u62df\u673a \u534e\u4e3a\u4e91ECS Huawei Kunpeng 920 2.6GHz 8U16G \u534e\u4e3a\u4e91arm64\u865a\u62df\u673a TaiShan 200-2280 Kunpeng 920,48 Core@2.6GHz*2; 256GB DDR4 RAM ARM\u67b6\u6784\u670d\u52a1\u5668","title":"2 \u7279\u6027\u6d4b\u8bd5\u4fe1\u606f"},{"location":"test/openEuler-20.03-LTS-SP2/#3","text":"","title":"3 \u6d4b\u8bd5\u7ed3\u8bba\u6982\u8ff0"},{"location":"test/openEuler-20.03-LTS-SP2/#31","text":"OpenStack Queens\u7248\u672c\uff0c\u5171\u8ba1\u6267\u884cTempest\u7528\u4f8b1164\u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86API\u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc77*24\u7684\u957f\u7a33\u6d4b\u8bd5\uff0cSkip\u7528\u4f8b52\u4e2a\uff08\u5168\u662fopenStack Queens\u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982Keystone V1\u3001Cinder V1\u7b49\uff09\uff0c\u5931\u8d25\u7528\u4f8b3\u4e2a\uff08\u6d4b\u8bd5\u7528\u4f8b\u672c\u8eab\u95ee\u9898\uff09\uff0c\u5176\u4ed61109\u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 OpenStack Rocky\u7248\u672c\uff0c\u5171\u8ba1\u6267\u884cTempest\u7528\u4f8b1197\u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86API\u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc77*24\u7684\u957f\u7a33\u6d4b\u8bd5\uff0cSkip\u7528\u4f8b105\u4e2a\uff08\u5168\u662fopenStack Rocky\u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982KeystoneV1\u3001Cinder V1\u7b49\uff0c\u548c\u4e0d\u652f\u6301\u7684barbican\u9879\u76ee\uff09\uff0c\u5931\u8d25\u7528\u4f8b1\u4e2a\uff0c\u5176\u4ed61091\u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 \u6d4b\u8bd5\u6d3b\u52a8 tempest\u96c6\u6210\u6d4b\u8bd5 \u63a5\u53e3\u6d4b\u8bd5 API\u5168\u8986\u76d6 \u529f\u80fd\u6d4b\u8bd5 Queens\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1164\u4e2a\uff0c\u5176\u4e2dSkip 52\u4e2a\uff0cFail 3\u4e2a\uff0c\u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u529f\u80fd\u6d4b\u8bd5 Rocky\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1197\u4e2a\uff0c\u5176\u4e2dSkip 105\u4e2a\uff0cFail 1\u4e2a, \u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u6d4b\u8bd5\u6d3b\u52a8 \u529f\u80fd\u6d4b\u8bd5 \u529f\u80fd\u6d4b\u8bd5 \u865a\u62df\u673a\uff08KVM\u3001Qemu)\u3001\u5b58\u50a8\uff08lvm\u3001NFS\u3001Ceph\u540e\u7aef\uff09\u3001\u7f51\u7edc\u8d44\u6e90\uff08linuxbridge\u3001openvswitch\uff09\u7ba1\u7406\u64cd\u4f5c\u6b63\u5e38","title":"3.1 \u6d4b\u8bd5\u6574\u4f53\u7ed3\u8bba"},{"location":"test/openEuler-20.03-LTS-SP2/#32","text":"\u672c\u6b21\u6d4b\u8bd5\u6ca1\u6709\u8986\u76d6OpenStack Queens\u3001Rocky\u7248\u4e2d\u660e\u786e\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff0c\u56e0\u6b64\u4e0d\u80fd\u4fdd\u8bc1\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff08\u524d\u6587\u63d0\u5230\u7684Skip\u7684\u7528\u4f8b\uff09\u5728openEuler 20.03 LTS SP2\u4e0a\u80fd\u6b63\u5e38\u4f7f\u7528\u3002","title":"3.2 \u7ea6\u675f\u8bf4\u660e"},{"location":"test/openEuler-20.03-LTS-SP2/#33","text":"","title":"3.3 \u9057\u7559\u95ee\u9898\u5206\u6790"},{"location":"test/openEuler-20.03-LTS-SP2/#331","text":"\u95ee\u9898\u5355\u53f7 \u95ee\u9898\u63cf\u8ff0 \u95ee\u9898\u7ea7\u522b \u95ee\u9898\u5f71\u54cd\u548c\u89c4\u907f\u63aa\u65bd \u5f53\u524d\u72b6\u6001 1 targetcli\u8f6f\u4ef6\u5305\u4e0epython2-rtslib-fb\u5305\u51b2\u7a81\uff0c\u65e0\u6cd5\u5b89\u88c5 \u4e2d \u4f7f\u7528tgtadm\u4ee3\u66fflioadm\u547d\u4ee4 \u89e3\u51b3\u4e2d 2 python2-flake8\u8f6f\u4ef6\u5305\u4f9d\u8d56\u4f4e\u7248\u672c\u7684pyflakes\uff0c\u5bfc\u81f4yum update\u547d\u4ee4\u62a5\u51fa\u8b66\u544a \u4f4e \u4f7f\u7528yum update --nobest\u547d\u4ee4\u5347\u7ea7\u8f6f\u4ef6\u5305 \u89e3\u51b3\u4e2d","title":"3.3.1 \u9057\u7559\u95ee\u9898\u5f71\u54cd\u4ee5\u53ca\u89c4\u907f\u63aa\u65bd"},{"location":"test/openEuler-20.03-LTS-SP2/#332","text":"\u95ee\u9898\u603b\u6570 \u4e25\u91cd \u4e3b\u8981 \u6b21\u8981 \u4e0d\u91cd\u8981 \u6570\u76ee 14 3 6 5 \u767e\u5206\u6bd4 100 21.4 42.8 35.8","title":"3.3.2 \u95ee\u9898\u7edf\u8ba1"},{"location":"test/openEuler-20.03-LTS-SP2/#4","text":"","title":"4 \u6d4b\u8bd5\u6267\u884c"},{"location":"test/openEuler-20.03-LTS-SP2/#41","text":"\u672c\u8282\u5185\u5bb9\u6839\u636e\u6d4b\u8bd5\u7528\u4f8b\u53ca\u5b9e\u9645\u6267\u884c\u60c5\u51b5\u8fdb\u884c\u7279\u6027\u6574\u4f53\u6d4b\u8bd5\u7684\u7edf\u8ba1\uff0c\u53ef\u6839\u636e\u7b2c\u4e8c\u7ae0\u7684\u6d4b\u8bd5\u8f6e\u6b21\u5206\u5f00\u8fdb\u884c\u7edf\u8ba1\u8bf4\u660e\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u7528\u4f8b\u6570 \u7528\u4f8b\u6267\u884c\u7ed3\u679c \u53d1\u73b0\u95ee\u9898\u5355\u6570 openEuler 20.03 LTS SP2 OpenStack Queens 1164 \u901a\u8fc71109\u4e2a\uff0cskip 52\u4e2a\uff0cFail 3\u4e2a 7 openEuler 20.03 LTS SP2 OpenStack Rocky 1197 \u901a\u8fc71001\u4e2a\uff0cskip 101\u4e2a 7","title":"4.1 \u6d4b\u8bd5\u6267\u884c\u7edf\u8ba1\u6570\u636e"},{"location":"test/openEuler-20.03-LTS-SP2/#42","text":"\u6db5\u76d6\u4e3b\u8981\u7684\u6027\u80fd\u6d4b\u8bd5 \u8986\u76d6\u66f4\u591a\u7684driver/plugin\u6d4b\u8bd5","title":"4.2 \u540e\u7eed\u6d4b\u8bd5\u5efa\u8bae"},{"location":"test/openEuler-20.03-LTS-SP2/#5","text":"N/A","title":"5 \u9644\u4ef6"},{"location":"test/openEuler-20.03-LTS-SP3/","text":"\u7248\u6743\u6240\u6709 \u00a9 2021 openEuler\u793e\u533a \u60a8\u5bf9\u201c\u672c\u6587\u6863\u201d\u7684\u590d\u5236\u3001\u4f7f\u7528\u3001\u4fee\u6539\u53ca\u5206\u53d1\u53d7\u77e5\u8bc6\u5171\u4eab(Creative Commons)\u7f72\u540d\u2014\u76f8\u540c\u65b9\u5f0f\u5171\u4eab4.0\u56fd\u9645\u516c\u5171\u8bb8\u53ef\u534f\u8bae(\u4ee5\u4e0b\u7b80\u79f0\u201cCC BY-SA 4.0\u201d)\u7684\u7ea6\u675f\u3002\u4e3a\u4e86\u65b9\u4fbf\u7528\u6237\u7406\u89e3\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95ee https://creativecommons.org/licenses/by-sa/4.0/ \u4e86\u89e3CC BY-SA 4.0\u7684\u6982\u8981 (\u4f46\u4e0d\u662f\u66ff\u4ee3)\u3002CC BY-SA 4.0\u7684\u5b8c\u6574\u534f\u8bae\u5185\u5bb9\u60a8\u53ef\u4ee5\u8bbf\u95ee\u5982\u4e0b\u7f51\u5740\u83b7\u53d6\uff1a https://creativecommons.org/licenses/by-sa/4.0/legalcode\u3002 \u4fee\u8ba2\u8bb0\u5f55 \u65e5\u671f \u4fee\u8ba2\u7248\u672c \u4fee\u6539\u63cf\u8ff0 \u4f5c\u8005 2021-12-10 1 \u521d\u7a3f\u53ca\u540c\u6b65Train\u7248\u672c\u6d4b\u8bd5\u60c5\u51b5 \u9ec4\u586b\u534e \u5173\u952e\u8bcd\uff1a OpenStack \u6458\u8981\uff1a \u5728openEuler 20.03 LTS SP3\u7248\u672c\u4e2d\u63d0\u4f9bOpenStack Queens\u3001Rocky\u3001Train\u7248\u672c\u7684RPM\u5b89\u88c5\u5305\u3002\u65b9\u4fbf\u7528\u6237\u5feb\u901f\u90e8\u7f72OpenStack\u3002 \u7f29\u7565\u8bed\u6e05\u5355\uff1a \u7f29\u7565\u8bed \u82f1\u6587\u5168\u540d \u4e2d\u6587\u89e3\u91ca CLI Command Line Interface \u547d\u4ee4\u884c\u5de5\u5177 ECS Elastic Cloud Server \u5f39\u6027\u4e91\u670d\u52a1\u5668 1 \u7279\u6027\u6982\u8ff0 \u00b6 \u5728openEuler 20.03 LTS SP2 release\u4e2d\u63d0\u4f9bOpenStack Queens\u3001Rocky RPM\u5b89\u88c5\u5305\u652f\u6301\uff0c\u5305\u62ec\u9879\u76ee\uff1aKeystone\u3001Glance\u3001Nova\u3001Neutron\u3001Cinder\u3001Ironic\u3001Trove\u3001Kolla\u3001Horizon\u3001Tempest\u4ee5\u53ca\u6bcf\u4e2a\u9879\u76ee\u914d\u5957\u7684CLI\u3002 openEuler 20.03 LTS SP3 release\u589e\u52a0\u4e86OpenStack Train\u7248\u672cRPM\u5b89\u88c5\u5305\u652f\u6301\uff0c\u5305\u62ec\u9879\u76ee\uff1aKeystone\u3001Glance\u3001Placement\u3001Nova\u3001Neutron\u3001Cinder\u3001Ironic\u3001Trove\u3001Kolla\u3001Heat\u3001Aodh\u3001Ceilometer\u3001Gnocchi\u3001Swift\u3001Horizon\u3001Tempest\u4ee5\u53ca\u6bcf\u4e2a\u9879\u76ee\u914d\u5957\u7684CLI\u3002 2 \u7279\u6027\u6d4b\u8bd5\u4fe1\u606f \u00b6 \u672c\u8282\u63cf\u8ff0\u88ab\u6d4b\u5bf9\u8c61\u7684\u7248\u672c\u4fe1\u606f\u548c\u6d4b\u8bd5\u7684\u65f6\u95f4\u53ca\u6d4b\u8bd5\u8f6e\u6b21\uff0c\u5305\u62ec\u4f9d\u8d56\u7684\u786c\u4ef6\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u8d77\u59cb\u65f6\u95f4 \u6d4b\u8bd5\u7ed3\u675f\u65f6\u95f4 openEuler 20.03 LTS SP3 RC1 \uff08OpenStack Train\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5\uff09 2021.11.25 2021.11.30 openEuler 20.03 LTS SP3 RC1 \uff08OpenStack Train\u7248\u672c\u57fa\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5\uff09 2021.12.1 2021.12.2 openEuler 20.03 LTS SP3 RC2 \uff08OpenStack Train\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5\uff09 2021.12.3 2021.12.9 openEuler 20.03 LTS SP3 RC3 \uff08OpenStack Train\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5\uff09 2021.12.10 2021.12.12 openEuler 20.03 LTS SP3 RC3 \uff08OpenStack Queens&Rocky\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5\uff09 2021.12.10 2021.12.13 openEuler 20.03 LTS SP3 RC3 \uff08OpenStack Queens&Rocky\u7248\u672c\u57fa\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5\uff09 2021.12.14 2021.12.16 openEuler 20.03 LTS SP3 RC4 \uff08OpenStack Queens&Rocky\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5\uff09 2021.12.17 2021.12.20 openEuler 20.03 LTS SP3 RC4 \uff08OpenStack Queens&Rocky\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5\uff09 2021.12.21 2021.12.23 \u63cf\u8ff0\u7279\u6027\u6d4b\u8bd5\u7684\u786c\u4ef6\u73af\u5883\u4fe1\u606f \u786c\u4ef6\u578b\u53f7 \u786c\u4ef6\u914d\u7f6e\u4fe1\u606f \u5907\u6ce8 \u534e\u4e3a\u4e91ECS Intel Cascade Lake 3.0GHz 8U16G \u534e\u4e3a\u4e91x86\u865a\u62df\u673a \u534e\u4e3a\u4e91ECS Huawei Kunpeng 920 2.6GHz 8U16G \u534e\u4e3a\u4e91arm64\u865a\u62df\u673a TaiShan 200-2280 Kunpeng 920,48 Core@2.6GHz*2; 256GB DDR4 RAM ARM\u67b6\u6784\u670d\u52a1\u5668 3 \u6d4b\u8bd5\u7ed3\u8bba\u6982\u8ff0 \u00b6 3.1 \u6d4b\u8bd5\u6574\u4f53\u7ed3\u8bba \u00b6 OpenStack Queens\u7248\u672c\uff0c\u5171\u8ba1\u6267\u884cTempest\u7528\u4f8b1164\u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86API\u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0cSkip\u7528\u4f8b52\u4e2a\uff08\u5168\u662fopenStack Queens\u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982Keystone V1\u3001Cinder V1\u7b49\uff09\uff0c\u5931\u8d25\u7528\u4f8b3\u4e2a\uff08\u6d4b\u8bd5\u7528\u4f8b\u672c\u8eab\u95ee\u9898\uff09\uff0c\u5176\u4ed61109\u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 OpenStack Rocky\u7248\u672c\uff0c\u5171\u8ba1\u6267\u884cTempest\u7528\u4f8b1197\u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86API\u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0cSkip\u7528\u4f8b101\u4e2a\uff08\u5168\u662fopenStack Rocky\u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982KeystoneV1\u3001Cinder V1\u7b49\uff09\uff0c\u5176\u4ed61096\u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 OpenStack Train\u7248\u672c\u9664\u4e86Cyborg\uff08Cyborg\u5b89\u88c5\u90e8\u7f72\u6b63\u5e38\uff0c\u529f\u80fd\u4e0d\u53ef\u7528\uff09\u5404\u7ec4\u4ef6\u57fa\u672c\u529f\u80fd\u6b63\u5e38\uff0c\u5171\u8ba1\u6267\u884cTempest\u7528\u4f8b1179\u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86API\u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0cSkip\u7528\u4f8b115\u4e2a\uff08\u5305\u62ec\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982Keystone V1\u3001Cinder V1\u7b49\uff0c\u5305\u62ec\u4e00\u4e9b\u590d\u6742\u529f\u80fd\uff0c\u6bd4\u5982\u6587\u4ef6\u6ce8\u5165\uff0c\u865a\u62df\u673a\u914d\u7f6e\u7b49\uff09\uff0c\u5176\u4ed61064\u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u5171\u8ba1\u53d1\u73b0\u95ee\u989814\u4e2a\uff08\u5305\u62eclibvirt 1\u4e2a\u95ee\u9898\uff09\uff0c\u5747\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 \u6d4b\u8bd5\u6d3b\u52a8 tempest\u96c6\u6210\u6d4b\u8bd5 \u63a5\u53e3\u6d4b\u8bd5 API\u5168\u8986\u76d6 \u529f\u80fd\u6d4b\u8bd5 Queens\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1164\u4e2a\uff0c\u5176\u4e2dSkip 52\u4e2a\uff0cFail 3\u4e2a\uff0c\u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u529f\u80fd\u6d4b\u8bd5 Rocky\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1197\u4e2a\uff0c\u5176\u4e2dSkip 101\u4e2a\uff0c\u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u529f\u80fd\u6d4b\u8bd5 Train\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1179\u4e2a\uff0c\u5176\u4e2dSkip 115\u4e2a\uff0c\u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u6d4b\u8bd5\u6d3b\u52a8 \u529f\u80fd\u6d4b\u8bd5 \u529f\u80fd\u6d4b\u8bd5 \u865a\u62df\u673a\uff08KVM\u3001Qemu)\u3001\u5b58\u50a8\uff08lvm\uff09\u3001\u7f51\u7edc\u8d44\u6e90\uff08linuxbridge\uff09\u7ba1\u7406\u64cd\u4f5c\u6b63\u5e38 3.2 \u7ea6\u675f\u8bf4\u660e \u00b6 \u672c\u6b21\u6d4b\u8bd5\u6ca1\u6709\u8986\u76d6OpenStack Queens\u3001Rocky\u7248\u4e2d\u660e\u786e\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff0c\u56e0\u6b64\u4e0d\u80fd\u4fdd\u8bc1\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff08\u524d\u6587\u63d0\u5230\u7684Skip\u7684\u7528\u4f8b\uff09\u5728openEuler 20.03 LTS SP3\u4e0a\u80fd\u6b63\u5e38\u4f7f\u7528\uff0c\u53e6\u5916Cyborg\u529f\u80fd\u4e0d\u53ef\u7528\u3002 3.3 \u9057\u7559\u95ee\u9898\u5206\u6790 \u00b6 3.3.1 Queens&Rocky\u9057\u7559\u95ee\u9898\u5f71\u54cd\u4ee5\u53ca\u89c4\u907f\u63aa\u65bd \u00b6 \u95ee\u9898\u5355\u53f7 \u95ee\u9898\u63cf\u8ff0 \u95ee\u9898\u7ea7\u522b \u95ee\u9898\u5f71\u54cd\u548c\u89c4\u907f\u63aa\u65bd \u5f53\u524d\u72b6\u6001 1 targetcli\u8f6f\u4ef6\u5305\u4e0epython2-rtslib-fb\u5305\u51b2\u7a81\uff0c\u65e0\u6cd5\u5b89\u88c5 \u4e2d \u4f7f\u7528tgtadm\u4ee3\u66fflioadm\u547d\u4ee4 \u89e3\u51b3\u4e2d 2 python2-flake8\u8f6f\u4ef6\u5305\u4f9d\u8d56\u4f4e\u7248\u672c\u7684pyflakes\uff0c\u5bfc\u81f4yum update\u547d\u4ee4\u62a5\u51fa\u8b66\u544a \u4f4e \u4f7f\u7528yum update --nobest\u547d\u4ee4\u5347\u7ea7\u8f6f\u4ef6\u5305 \u89e3\u51b3\u4e2d 3.3.2 Train\u7248\u672c\u95ee\u9898\u7edf\u8ba1 \u00b6 \u95ee\u9898\u603b\u6570 \u4e25\u91cd \u4e3b\u8981 \u6b21\u8981 \u4e0d\u91cd\u8981 \u6570\u76ee 14 1 6 7 \u767e\u5206\u6bd4 100 7.1 42.9 50 4 \u6d4b\u8bd5\u6267\u884c \u00b6 4.1 \u6d4b\u8bd5\u6267\u884c\u7edf\u8ba1\u6570\u636e \u00b6 \u672c\u8282\u5185\u5bb9\u6839\u636e\u6d4b\u8bd5\u7528\u4f8b\u53ca\u5b9e\u9645\u6267\u884c\u60c5\u51b5\u8fdb\u884c\u7279\u6027\u6574\u4f53\u6d4b\u8bd5\u7684\u7edf\u8ba1\uff0c\u53ef\u6839\u636e\u7b2c\u4e8c\u7ae0\u7684\u6d4b\u8bd5\u8f6e\u6b21\u5206\u5f00\u8fdb\u884c\u7edf\u8ba1\u8bf4\u660e\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u7528\u4f8b\u6570 \u7528\u4f8b\u6267\u884c\u7ed3\u679c \u53d1\u73b0\u95ee\u9898\u5355\u6570 openEuler 20.03 LTS SP3 OpenStack Queens 1164 \u901a\u8fc71109\u4e2a\uff0cskip 52\u4e2a\uff0cFail 3\u4e2a 0 openEuler 20.03 LTS SP3 OpenStack Rocky 1197 \u901a\u8fc71096\u4e2a\uff0cskip 101\u4e2a 0 openEuler 20.03 LTS SP3 OpenStack Train 1179 \u901a\u8fc71064\u4e2a\uff0cskip 115\u4e2a 14 4.2 \u540e\u7eed\u6d4b\u8bd5\u5efa\u8bae \u00b6 \u6db5\u76d6\u4e3b\u8981\u7684\u6027\u80fd\u6d4b\u8bd5 \u8986\u76d6\u66f4\u591a\u7684driver/plugin\u6d4b\u8bd5 5 \u9644\u4ef6 \u00b6 N/A","title":"openEuler-20.03-LTS-SP3"},{"location":"test/openEuler-20.03-LTS-SP3/#1","text":"\u5728openEuler 20.03 LTS SP2 release\u4e2d\u63d0\u4f9bOpenStack Queens\u3001Rocky RPM\u5b89\u88c5\u5305\u652f\u6301\uff0c\u5305\u62ec\u9879\u76ee\uff1aKeystone\u3001Glance\u3001Nova\u3001Neutron\u3001Cinder\u3001Ironic\u3001Trove\u3001Kolla\u3001Horizon\u3001Tempest\u4ee5\u53ca\u6bcf\u4e2a\u9879\u76ee\u914d\u5957\u7684CLI\u3002 openEuler 20.03 LTS SP3 release\u589e\u52a0\u4e86OpenStack Train\u7248\u672cRPM\u5b89\u88c5\u5305\u652f\u6301\uff0c\u5305\u62ec\u9879\u76ee\uff1aKeystone\u3001Glance\u3001Placement\u3001Nova\u3001Neutron\u3001Cinder\u3001Ironic\u3001Trove\u3001Kolla\u3001Heat\u3001Aodh\u3001Ceilometer\u3001Gnocchi\u3001Swift\u3001Horizon\u3001Tempest\u4ee5\u53ca\u6bcf\u4e2a\u9879\u76ee\u914d\u5957\u7684CLI\u3002","title":"1 \u7279\u6027\u6982\u8ff0"},{"location":"test/openEuler-20.03-LTS-SP3/#2","text":"\u672c\u8282\u63cf\u8ff0\u88ab\u6d4b\u5bf9\u8c61\u7684\u7248\u672c\u4fe1\u606f\u548c\u6d4b\u8bd5\u7684\u65f6\u95f4\u53ca\u6d4b\u8bd5\u8f6e\u6b21\uff0c\u5305\u62ec\u4f9d\u8d56\u7684\u786c\u4ef6\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u8d77\u59cb\u65f6\u95f4 \u6d4b\u8bd5\u7ed3\u675f\u65f6\u95f4 openEuler 20.03 LTS SP3 RC1 \uff08OpenStack Train\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5\uff09 2021.11.25 2021.11.30 openEuler 20.03 LTS SP3 RC1 \uff08OpenStack Train\u7248\u672c\u57fa\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5\uff09 2021.12.1 2021.12.2 openEuler 20.03 LTS SP3 RC2 \uff08OpenStack Train\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5\uff09 2021.12.3 2021.12.9 openEuler 20.03 LTS SP3 RC3 \uff08OpenStack Train\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5\uff09 2021.12.10 2021.12.12 openEuler 20.03 LTS SP3 RC3 \uff08OpenStack Queens&Rocky\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5\uff09 2021.12.10 2021.12.13 openEuler 20.03 LTS SP3 RC3 \uff08OpenStack Queens&Rocky\u7248\u672c\u57fa\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5\uff09 2021.12.14 2021.12.16 openEuler 20.03 LTS SP3 RC4 \uff08OpenStack Queens&Rocky\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5\uff09 2021.12.17 2021.12.20 openEuler 20.03 LTS SP3 RC4 \uff08OpenStack Queens&Rocky\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5\uff09 2021.12.21 2021.12.23 \u63cf\u8ff0\u7279\u6027\u6d4b\u8bd5\u7684\u786c\u4ef6\u73af\u5883\u4fe1\u606f \u786c\u4ef6\u578b\u53f7 \u786c\u4ef6\u914d\u7f6e\u4fe1\u606f \u5907\u6ce8 \u534e\u4e3a\u4e91ECS Intel Cascade Lake 3.0GHz 8U16G \u534e\u4e3a\u4e91x86\u865a\u62df\u673a \u534e\u4e3a\u4e91ECS Huawei Kunpeng 920 2.6GHz 8U16G \u534e\u4e3a\u4e91arm64\u865a\u62df\u673a TaiShan 200-2280 Kunpeng 920,48 Core@2.6GHz*2; 256GB DDR4 RAM ARM\u67b6\u6784\u670d\u52a1\u5668","title":"2 \u7279\u6027\u6d4b\u8bd5\u4fe1\u606f"},{"location":"test/openEuler-20.03-LTS-SP3/#3","text":"","title":"3 \u6d4b\u8bd5\u7ed3\u8bba\u6982\u8ff0"},{"location":"test/openEuler-20.03-LTS-SP3/#31","text":"OpenStack Queens\u7248\u672c\uff0c\u5171\u8ba1\u6267\u884cTempest\u7528\u4f8b1164\u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86API\u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0cSkip\u7528\u4f8b52\u4e2a\uff08\u5168\u662fopenStack Queens\u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982Keystone V1\u3001Cinder V1\u7b49\uff09\uff0c\u5931\u8d25\u7528\u4f8b3\u4e2a\uff08\u6d4b\u8bd5\u7528\u4f8b\u672c\u8eab\u95ee\u9898\uff09\uff0c\u5176\u4ed61109\u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 OpenStack Rocky\u7248\u672c\uff0c\u5171\u8ba1\u6267\u884cTempest\u7528\u4f8b1197\u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86API\u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0cSkip\u7528\u4f8b101\u4e2a\uff08\u5168\u662fopenStack Rocky\u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982KeystoneV1\u3001Cinder V1\u7b49\uff09\uff0c\u5176\u4ed61096\u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 OpenStack Train\u7248\u672c\u9664\u4e86Cyborg\uff08Cyborg\u5b89\u88c5\u90e8\u7f72\u6b63\u5e38\uff0c\u529f\u80fd\u4e0d\u53ef\u7528\uff09\u5404\u7ec4\u4ef6\u57fa\u672c\u529f\u80fd\u6b63\u5e38\uff0c\u5171\u8ba1\u6267\u884cTempest\u7528\u4f8b1179\u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86API\u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0cSkip\u7528\u4f8b115\u4e2a\uff08\u5305\u62ec\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982Keystone V1\u3001Cinder V1\u7b49\uff0c\u5305\u62ec\u4e00\u4e9b\u590d\u6742\u529f\u80fd\uff0c\u6bd4\u5982\u6587\u4ef6\u6ce8\u5165\uff0c\u865a\u62df\u673a\u914d\u7f6e\u7b49\uff09\uff0c\u5176\u4ed61064\u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u5171\u8ba1\u53d1\u73b0\u95ee\u989814\u4e2a\uff08\u5305\u62eclibvirt 1\u4e2a\u95ee\u9898\uff09\uff0c\u5747\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 \u6d4b\u8bd5\u6d3b\u52a8 tempest\u96c6\u6210\u6d4b\u8bd5 \u63a5\u53e3\u6d4b\u8bd5 API\u5168\u8986\u76d6 \u529f\u80fd\u6d4b\u8bd5 Queens\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1164\u4e2a\uff0c\u5176\u4e2dSkip 52\u4e2a\uff0cFail 3\u4e2a\uff0c\u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u529f\u80fd\u6d4b\u8bd5 Rocky\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1197\u4e2a\uff0c\u5176\u4e2dSkip 101\u4e2a\uff0c\u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u529f\u80fd\u6d4b\u8bd5 Train\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1179\u4e2a\uff0c\u5176\u4e2dSkip 115\u4e2a\uff0c\u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u6d4b\u8bd5\u6d3b\u52a8 \u529f\u80fd\u6d4b\u8bd5 \u529f\u80fd\u6d4b\u8bd5 \u865a\u62df\u673a\uff08KVM\u3001Qemu)\u3001\u5b58\u50a8\uff08lvm\uff09\u3001\u7f51\u7edc\u8d44\u6e90\uff08linuxbridge\uff09\u7ba1\u7406\u64cd\u4f5c\u6b63\u5e38","title":"3.1 \u6d4b\u8bd5\u6574\u4f53\u7ed3\u8bba"},{"location":"test/openEuler-20.03-LTS-SP3/#32","text":"\u672c\u6b21\u6d4b\u8bd5\u6ca1\u6709\u8986\u76d6OpenStack Queens\u3001Rocky\u7248\u4e2d\u660e\u786e\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff0c\u56e0\u6b64\u4e0d\u80fd\u4fdd\u8bc1\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff08\u524d\u6587\u63d0\u5230\u7684Skip\u7684\u7528\u4f8b\uff09\u5728openEuler 20.03 LTS SP3\u4e0a\u80fd\u6b63\u5e38\u4f7f\u7528\uff0c\u53e6\u5916Cyborg\u529f\u80fd\u4e0d\u53ef\u7528\u3002","title":"3.2 \u7ea6\u675f\u8bf4\u660e"},{"location":"test/openEuler-20.03-LTS-SP3/#33","text":"","title":"3.3 \u9057\u7559\u95ee\u9898\u5206\u6790"},{"location":"test/openEuler-20.03-LTS-SP3/#331-queensrocky","text":"\u95ee\u9898\u5355\u53f7 \u95ee\u9898\u63cf\u8ff0 \u95ee\u9898\u7ea7\u522b \u95ee\u9898\u5f71\u54cd\u548c\u89c4\u907f\u63aa\u65bd \u5f53\u524d\u72b6\u6001 1 targetcli\u8f6f\u4ef6\u5305\u4e0epython2-rtslib-fb\u5305\u51b2\u7a81\uff0c\u65e0\u6cd5\u5b89\u88c5 \u4e2d \u4f7f\u7528tgtadm\u4ee3\u66fflioadm\u547d\u4ee4 \u89e3\u51b3\u4e2d 2 python2-flake8\u8f6f\u4ef6\u5305\u4f9d\u8d56\u4f4e\u7248\u672c\u7684pyflakes\uff0c\u5bfc\u81f4yum update\u547d\u4ee4\u62a5\u51fa\u8b66\u544a \u4f4e \u4f7f\u7528yum update --nobest\u547d\u4ee4\u5347\u7ea7\u8f6f\u4ef6\u5305 \u89e3\u51b3\u4e2d","title":"3.3.1 Queens&amp;Rocky\u9057\u7559\u95ee\u9898\u5f71\u54cd\u4ee5\u53ca\u89c4\u907f\u63aa\u65bd"},{"location":"test/openEuler-20.03-LTS-SP3/#332-train","text":"\u95ee\u9898\u603b\u6570 \u4e25\u91cd \u4e3b\u8981 \u6b21\u8981 \u4e0d\u91cd\u8981 \u6570\u76ee 14 1 6 7 \u767e\u5206\u6bd4 100 7.1 42.9 50","title":"3.3.2 Train\u7248\u672c\u95ee\u9898\u7edf\u8ba1"},{"location":"test/openEuler-20.03-LTS-SP3/#4","text":"","title":"4 \u6d4b\u8bd5\u6267\u884c"},{"location":"test/openEuler-20.03-LTS-SP3/#41","text":"\u672c\u8282\u5185\u5bb9\u6839\u636e\u6d4b\u8bd5\u7528\u4f8b\u53ca\u5b9e\u9645\u6267\u884c\u60c5\u51b5\u8fdb\u884c\u7279\u6027\u6574\u4f53\u6d4b\u8bd5\u7684\u7edf\u8ba1\uff0c\u53ef\u6839\u636e\u7b2c\u4e8c\u7ae0\u7684\u6d4b\u8bd5\u8f6e\u6b21\u5206\u5f00\u8fdb\u884c\u7edf\u8ba1\u8bf4\u660e\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u7528\u4f8b\u6570 \u7528\u4f8b\u6267\u884c\u7ed3\u679c \u53d1\u73b0\u95ee\u9898\u5355\u6570 openEuler 20.03 LTS SP3 OpenStack Queens 1164 \u901a\u8fc71109\u4e2a\uff0cskip 52\u4e2a\uff0cFail 3\u4e2a 0 openEuler 20.03 LTS SP3 OpenStack Rocky 1197 \u901a\u8fc71096\u4e2a\uff0cskip 101\u4e2a 0 openEuler 20.03 LTS SP3 OpenStack Train 1179 \u901a\u8fc71064\u4e2a\uff0cskip 115\u4e2a 14","title":"4.1 \u6d4b\u8bd5\u6267\u884c\u7edf\u8ba1\u6570\u636e"},{"location":"test/openEuler-20.03-LTS-SP3/#42","text":"\u6db5\u76d6\u4e3b\u8981\u7684\u6027\u80fd\u6d4b\u8bd5 \u8986\u76d6\u66f4\u591a\u7684driver/plugin\u6d4b\u8bd5","title":"4.2 \u540e\u7eed\u6d4b\u8bd5\u5efa\u8bae"},{"location":"test/openEuler-20.03-LTS-SP3/#5","text":"N/A","title":"5 \u9644\u4ef6"},{"location":"test/openEuler-22.03-LTS-SP1/","text":"openEuler 22.03 LTS SP1\u6d4b\u8bd5\u62a5\u544a \u00b6 \u7248\u6743\u6240\u6709 \u00a9 2021 openEuler\u793e\u533a \u60a8\u5bf9\u201c\u672c\u6587\u6863\u201d\u7684\u590d\u5236\u3001\u4f7f\u7528\u3001\u4fee\u6539\u53ca\u5206\u53d1\u53d7\u77e5\u8bc6\u5171\u4eab(Creative Commons)\u7f72\u540d\u2014\u76f8\u540c\u65b9\u5f0f\u5171\u4eab4.0\u56fd\u9645\u516c\u5171\u8bb8\u53ef\u534f\u8bae(\u4ee5\u4e0b\u7b80\u79f0\u201cCC BY-SA 4.0\u201d)\u7684\u7ea6\u675f\u3002\u4e3a\u4e86\u65b9\u4fbf\u7528\u6237\u7406\u89e3\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95ee https://creativecommons.org/licenses/by-sa/4.0/ \u4e86\u89e3CC BY-SA 4.0\u7684\u6982\u8981 (\u4f46\u4e0d\u662f\u66ff\u4ee3)\u3002CC BY-SA 4.0\u7684\u5b8c\u6574\u534f\u8bae\u5185\u5bb9\u60a8\u53ef\u4ee5\u8bbf\u95ee\u5982\u4e0b\u7f51\u5740\u83b7\u53d6\uff1a https://creativecommons.org/licenses/by-sa/4.0/legalcode\u3002 \u4fee\u8ba2\u8bb0\u5f55 \u65e5\u671f \u4fee\u8ba2\u7248\u672c \u4fee\u6539\u63cf\u8ff0 \u4f5c\u8005 2022-12-2 1 \u521d\u7a3f \u738b\u73ba\u6e90 \u5173\u952e\u8bcd\uff1a OpenStack \u6458\u8981\uff1a \u5728 openEuler 22.03 LTS SP1 \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Train \u3001 OpenStack Wallaby \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u65b9\u4fbf\u7528\u6237\u5feb\u901f\u90e8\u7f72 OpenStack \u3002 \u7f29\u7565\u8bed\u6e05\u5355\uff1a \u7f29\u7565\u8bed \u82f1\u6587\u5168\u540d \u4e2d\u6587\u89e3\u91ca CLI Command Line Interface \u547d\u4ee4\u884c\u5de5\u5177 ECS Elastic Cloud Server \u5f39\u6027\u4e91\u670d\u52a1\u5668 1 \u7279\u6027\u6982\u8ff0 \u00b6 \u5728 openEuler 22.03 LTS SP1 \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Train \u3001 OpenStack Wallaby \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u5305\u62ec\u4ee5\u4e0b\u9879\u76ee\u4ee5\u53ca\u6bcf\u4e2a\u9879\u76ee\u914d\u5957\u7684 CLI \u3002 Keystone Neutron Cinder Nova Placement Glance Horizon Aodh Ceilometer Cyborg Gnocchi Heat Swift Ironic Kolla Trove Tempest 2 \u7279\u6027\u6d4b\u8bd5\u4fe1\u606f \u00b6 \u672c\u8282\u63cf\u8ff0\u88ab\u6d4b\u5bf9\u8c61\u7684\u7248\u672c\u4fe1\u606f\u548c\u6d4b\u8bd5\u7684\u65f6\u95f4\u53ca\u6d4b\u8bd5\u8f6e\u6b21\uff0c\u5305\u62ec\u4f9d\u8d56\u7684\u786c\u4ef6\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u8d77\u59cb\u65f6\u95f4 \u6d4b\u8bd5\u7ed3\u675f\u65f6\u95f4 openEuler 22.03 LTS SP1 RC1 (OpenStack Train\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2022.11.23 2022.11.29 openEuler 22.03 LTS SP1 RC1 (OpenStack Train\u7248\u672c\u57fa\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2022.11.23 2022.11.29 openEuler 22.03 LTS SP1 RC2 (OpenStack Train\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2022.12.02 2022.12.08 openEuler 22.03 LTS SP1 RC3 (OpenStack Train\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2022.12.09 2022.12.15 openEuler 22.03 LTS SP1 RC3 (OpenStack Wallaby\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2022.12.09 2022.12.15 openEuler 22.03 LTS SP1 RC3 (OpenStack Wallaby\u57fa\u7248\u672c\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2022.12.09 2022.12.15 openEuler 22.03 LTS SP1 RC4 (OpenStack Wallaby\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2022.12.16 2022.12.20 openEuler 22.03 LTS SP1 RC4 (OpenStack Wallaby\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2022.12.16 2022.12.20 \u63cf\u8ff0\u7279\u6027\u6d4b\u8bd5\u7684\u786c\u4ef6\u73af\u5883\u4fe1\u606f \u786c\u4ef6\u578b\u53f7 \u786c\u4ef6\u914d\u7f6e\u4fe1\u606f \u5907\u6ce8 \u534e\u4e3a\u4e91ECS Intel Cascade Lake 3.0GHz 8U16G \u534e\u4e3a\u4e91x86\u865a\u62df\u673a \u534e\u4e3a\u4e91ECS Huawei Kunpeng 920 2.6GHz 8U16G \u534e\u4e3a\u4e91arm64\u865a\u62df\u673a TaiShan 200-2280 Kunpeng 920,48 Core@2.6GHz*2; 256GB DDR4 RAM ARM\u67b6\u6784\u670d\u52a1\u5668 3 \u6d4b\u8bd5\u7ed3\u8bba\u6982\u8ff0 \u00b6 3.1 \u6d4b\u8bd5\u6574\u4f53\u7ed3\u8bba \u00b6 OpenStack Train \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1354 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86 API \u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 64 \u4e2a\uff08\u5168\u662f OpenStack Train \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982Keystone V1\u3001Cinder V1\u7b49\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff0c\u5176\u4ed6 1290 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 OpenStack Wallaby \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1164 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86API\u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 70 \u4e2a\uff08\u5168\u662f OpenStack Wallaby \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982KeystoneV1\u3001Cinder V1\u7b49\uff0c\u548c\u4e0d\u652f\u6301\u7684barbican\u9879\u76ee\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff0c\u5176\u4ed6 1094 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 \u6d4b\u8bd5\u6d3b\u52a8 tempest\u96c6\u6210\u6d4b\u8bd5 \u63a5\u53e3\u6d4b\u8bd5 API\u5168\u8986\u76d6 \u529f\u80fd\u6d4b\u8bd5 Train\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1354\u4e2a\uff0c\u5176\u4e2dSkip 64\u4e2a\uff0cFail 0\u4e2a\uff0c\u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u529f\u80fd\u6d4b\u8bd5 Wallaby\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1164\u4e2a\uff0c\u5176\u4e2dSkip 70\u4e2a\uff0cFail 0\u4e2a, \u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u6d4b\u8bd5\u6d3b\u52a8 \u529f\u80fd\u6d4b\u8bd5 \u529f\u80fd\u6d4b\u8bd5 \u865a\u62df\u673a\uff08KVM\u3001Qemu)\u3001\u5b58\u50a8\uff08lvm\u3001NFS\u3001Ceph\u540e\u7aef\uff09\u3001\u7f51\u7edc\u8d44\u6e90\uff08linuxbridge\u3001openvswitch\uff09\u7ba1\u7406\u64cd\u4f5c\u6b63\u5e38 3.2 \u7ea6\u675f\u8bf4\u660e \u00b6 \u672c\u6b21\u6d4b\u8bd5\u6ca1\u6709\u8986\u76d6 OpenStack Train \u3001 OpenStack Wallaby \u7248\u4e2d\u660e\u786e\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff0c\u56e0\u6b64\u4e0d\u80fd\u4fdd\u8bc1\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff08\u524d\u6587\u63d0\u5230\u7684Skip\u7684\u7528\u4f8b\uff09\u5728 openEuler 22.03 LTS SP1 \u4e0a\u80fd\u6b63\u5e38\u4f7f\u7528\u3002 3.3 \u9057\u7559\u95ee\u9898\u5206\u6790 \u00b6 3.3.1 \u9057\u7559\u95ee\u9898\u5f71\u54cd\u4ee5\u53ca\u89c4\u907f\u63aa\u65bd \u00b6 \u95ee\u9898\u5355\u53f7 \u95ee\u9898\u63cf\u8ff0 \u95ee\u9898\u7ea7\u522b \u95ee\u9898\u5f71\u54cd\u548c\u89c4\u907f\u63aa\u65bd \u5f53\u524d\u72b6\u6001 N/A N/A N/A N/A N/A 3.3.2 \u95ee\u9898\u7edf\u8ba1 \u00b6 \u95ee\u9898\u603b\u6570 \u4e25\u91cd \u4e3b\u8981 \u6b21\u8981 \u4e0d\u91cd\u8981 \u6570\u76ee 2 1 0 1 0 \u767e\u5206\u6bd4 100 50 0 50 0 ISSUE Link https://gitee.com/openeuler/openstack/issues/I64OL3 https://gitee.com/openeuler/openstack/issues/I66IEB 4 \u6d4b\u8bd5\u6267\u884c \u00b6 4.1 \u6d4b\u8bd5\u6267\u884c\u7edf\u8ba1\u6570\u636e \u00b6 \u672c\u8282\u5185\u5bb9\u6839\u636e\u6d4b\u8bd5\u7528\u4f8b\u53ca\u5b9e\u9645\u6267\u884c\u60c5\u51b5\u8fdb\u884c\u7279\u6027\u6574\u4f53\u6d4b\u8bd5\u7684\u7edf\u8ba1\uff0c\u53ef\u6839\u636e\u7b2c\u4e8c\u7ae0\u7684\u6d4b\u8bd5\u8f6e\u6b21\u5206\u5f00\u8fdb\u884c\u7edf\u8ba1\u8bf4\u660e\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u7528\u4f8b\u6570 \u7528\u4f8b\u6267\u884c\u7ed3\u679c \u53d1\u73b0\u95ee\u9898\u5355\u6570 openEuler 22.03 LTS SP1 OpenStack Train 1354 \u901a\u8fc71289\u4e2a\uff0cskip 64\u4e2a\uff0cFail 0\u4e2a 2 openEuler 22.03 LTS SP1 OpenStack Wallaby 1164 \u901a\u8fc71088\u4e2a\uff0cskip 70\u4e2a\uff0cFail 0\u4e2a 1 4.2 \u540e\u7eed\u6d4b\u8bd5\u5efa\u8bae \u00b6 \u6db5\u76d6\u4e3b\u8981\u7684\u6027\u80fd\u6d4b\u8bd5 \u8986\u76d6\u66f4\u591a\u7684driver/plugin\u6d4b\u8bd5 5 \u9644\u4ef6 \u00b6 N/A","title":"openEuler-22.03-LTS-SP1"},{"location":"test/openEuler-22.03-LTS-SP1/#openeuler-2203-lts-sp1","text":"\u7248\u6743\u6240\u6709 \u00a9 2021 openEuler\u793e\u533a \u60a8\u5bf9\u201c\u672c\u6587\u6863\u201d\u7684\u590d\u5236\u3001\u4f7f\u7528\u3001\u4fee\u6539\u53ca\u5206\u53d1\u53d7\u77e5\u8bc6\u5171\u4eab(Creative Commons)\u7f72\u540d\u2014\u76f8\u540c\u65b9\u5f0f\u5171\u4eab4.0\u56fd\u9645\u516c\u5171\u8bb8\u53ef\u534f\u8bae(\u4ee5\u4e0b\u7b80\u79f0\u201cCC BY-SA 4.0\u201d)\u7684\u7ea6\u675f\u3002\u4e3a\u4e86\u65b9\u4fbf\u7528\u6237\u7406\u89e3\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95ee https://creativecommons.org/licenses/by-sa/4.0/ \u4e86\u89e3CC BY-SA 4.0\u7684\u6982\u8981 (\u4f46\u4e0d\u662f\u66ff\u4ee3)\u3002CC BY-SA 4.0\u7684\u5b8c\u6574\u534f\u8bae\u5185\u5bb9\u60a8\u53ef\u4ee5\u8bbf\u95ee\u5982\u4e0b\u7f51\u5740\u83b7\u53d6\uff1a https://creativecommons.org/licenses/by-sa/4.0/legalcode\u3002 \u4fee\u8ba2\u8bb0\u5f55 \u65e5\u671f \u4fee\u8ba2\u7248\u672c \u4fee\u6539\u63cf\u8ff0 \u4f5c\u8005 2022-12-2 1 \u521d\u7a3f \u738b\u73ba\u6e90 \u5173\u952e\u8bcd\uff1a OpenStack \u6458\u8981\uff1a \u5728 openEuler 22.03 LTS SP1 \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Train \u3001 OpenStack Wallaby \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u65b9\u4fbf\u7528\u6237\u5feb\u901f\u90e8\u7f72 OpenStack \u3002 \u7f29\u7565\u8bed\u6e05\u5355\uff1a \u7f29\u7565\u8bed \u82f1\u6587\u5168\u540d \u4e2d\u6587\u89e3\u91ca CLI Command Line Interface \u547d\u4ee4\u884c\u5de5\u5177 ECS Elastic Cloud Server \u5f39\u6027\u4e91\u670d\u52a1\u5668","title":"openEuler 22.03 LTS SP1\u6d4b\u8bd5\u62a5\u544a"},{"location":"test/openEuler-22.03-LTS-SP1/#1","text":"\u5728 openEuler 22.03 LTS SP1 \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Train \u3001 OpenStack Wallaby \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u5305\u62ec\u4ee5\u4e0b\u9879\u76ee\u4ee5\u53ca\u6bcf\u4e2a\u9879\u76ee\u914d\u5957\u7684 CLI \u3002 Keystone Neutron Cinder Nova Placement Glance Horizon Aodh Ceilometer Cyborg Gnocchi Heat Swift Ironic Kolla Trove Tempest","title":"1 \u7279\u6027\u6982\u8ff0"},{"location":"test/openEuler-22.03-LTS-SP1/#2","text":"\u672c\u8282\u63cf\u8ff0\u88ab\u6d4b\u5bf9\u8c61\u7684\u7248\u672c\u4fe1\u606f\u548c\u6d4b\u8bd5\u7684\u65f6\u95f4\u53ca\u6d4b\u8bd5\u8f6e\u6b21\uff0c\u5305\u62ec\u4f9d\u8d56\u7684\u786c\u4ef6\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u8d77\u59cb\u65f6\u95f4 \u6d4b\u8bd5\u7ed3\u675f\u65f6\u95f4 openEuler 22.03 LTS SP1 RC1 (OpenStack Train\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2022.11.23 2022.11.29 openEuler 22.03 LTS SP1 RC1 (OpenStack Train\u7248\u672c\u57fa\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2022.11.23 2022.11.29 openEuler 22.03 LTS SP1 RC2 (OpenStack Train\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2022.12.02 2022.12.08 openEuler 22.03 LTS SP1 RC3 (OpenStack Train\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2022.12.09 2022.12.15 openEuler 22.03 LTS SP1 RC3 (OpenStack Wallaby\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2022.12.09 2022.12.15 openEuler 22.03 LTS SP1 RC3 (OpenStack Wallaby\u57fa\u7248\u672c\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2022.12.09 2022.12.15 openEuler 22.03 LTS SP1 RC4 (OpenStack Wallaby\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2022.12.16 2022.12.20 openEuler 22.03 LTS SP1 RC4 (OpenStack Wallaby\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2022.12.16 2022.12.20 \u63cf\u8ff0\u7279\u6027\u6d4b\u8bd5\u7684\u786c\u4ef6\u73af\u5883\u4fe1\u606f \u786c\u4ef6\u578b\u53f7 \u786c\u4ef6\u914d\u7f6e\u4fe1\u606f \u5907\u6ce8 \u534e\u4e3a\u4e91ECS Intel Cascade Lake 3.0GHz 8U16G \u534e\u4e3a\u4e91x86\u865a\u62df\u673a \u534e\u4e3a\u4e91ECS Huawei Kunpeng 920 2.6GHz 8U16G \u534e\u4e3a\u4e91arm64\u865a\u62df\u673a TaiShan 200-2280 Kunpeng 920,48 Core@2.6GHz*2; 256GB DDR4 RAM ARM\u67b6\u6784\u670d\u52a1\u5668","title":"2 \u7279\u6027\u6d4b\u8bd5\u4fe1\u606f"},{"location":"test/openEuler-22.03-LTS-SP1/#3","text":"","title":"3 \u6d4b\u8bd5\u7ed3\u8bba\u6982\u8ff0"},{"location":"test/openEuler-22.03-LTS-SP1/#31","text":"OpenStack Train \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1354 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86 API \u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 64 \u4e2a\uff08\u5168\u662f OpenStack Train \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982Keystone V1\u3001Cinder V1\u7b49\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff0c\u5176\u4ed6 1290 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 OpenStack Wallaby \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1164 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86API\u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 70 \u4e2a\uff08\u5168\u662f OpenStack Wallaby \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982KeystoneV1\u3001Cinder V1\u7b49\uff0c\u548c\u4e0d\u652f\u6301\u7684barbican\u9879\u76ee\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff0c\u5176\u4ed6 1094 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 \u6d4b\u8bd5\u6d3b\u52a8 tempest\u96c6\u6210\u6d4b\u8bd5 \u63a5\u53e3\u6d4b\u8bd5 API\u5168\u8986\u76d6 \u529f\u80fd\u6d4b\u8bd5 Train\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1354\u4e2a\uff0c\u5176\u4e2dSkip 64\u4e2a\uff0cFail 0\u4e2a\uff0c\u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u529f\u80fd\u6d4b\u8bd5 Wallaby\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1164\u4e2a\uff0c\u5176\u4e2dSkip 70\u4e2a\uff0cFail 0\u4e2a, \u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u6d4b\u8bd5\u6d3b\u52a8 \u529f\u80fd\u6d4b\u8bd5 \u529f\u80fd\u6d4b\u8bd5 \u865a\u62df\u673a\uff08KVM\u3001Qemu)\u3001\u5b58\u50a8\uff08lvm\u3001NFS\u3001Ceph\u540e\u7aef\uff09\u3001\u7f51\u7edc\u8d44\u6e90\uff08linuxbridge\u3001openvswitch\uff09\u7ba1\u7406\u64cd\u4f5c\u6b63\u5e38","title":"3.1 \u6d4b\u8bd5\u6574\u4f53\u7ed3\u8bba"},{"location":"test/openEuler-22.03-LTS-SP1/#32","text":"\u672c\u6b21\u6d4b\u8bd5\u6ca1\u6709\u8986\u76d6 OpenStack Train \u3001 OpenStack Wallaby \u7248\u4e2d\u660e\u786e\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff0c\u56e0\u6b64\u4e0d\u80fd\u4fdd\u8bc1\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff08\u524d\u6587\u63d0\u5230\u7684Skip\u7684\u7528\u4f8b\uff09\u5728 openEuler 22.03 LTS SP1 \u4e0a\u80fd\u6b63\u5e38\u4f7f\u7528\u3002","title":"3.2 \u7ea6\u675f\u8bf4\u660e"},{"location":"test/openEuler-22.03-LTS-SP1/#33","text":"","title":"3.3 \u9057\u7559\u95ee\u9898\u5206\u6790"},{"location":"test/openEuler-22.03-LTS-SP1/#331","text":"\u95ee\u9898\u5355\u53f7 \u95ee\u9898\u63cf\u8ff0 \u95ee\u9898\u7ea7\u522b \u95ee\u9898\u5f71\u54cd\u548c\u89c4\u907f\u63aa\u65bd \u5f53\u524d\u72b6\u6001 N/A N/A N/A N/A N/A","title":"3.3.1 \u9057\u7559\u95ee\u9898\u5f71\u54cd\u4ee5\u53ca\u89c4\u907f\u63aa\u65bd"},{"location":"test/openEuler-22.03-LTS-SP1/#332","text":"\u95ee\u9898\u603b\u6570 \u4e25\u91cd \u4e3b\u8981 \u6b21\u8981 \u4e0d\u91cd\u8981 \u6570\u76ee 2 1 0 1 0 \u767e\u5206\u6bd4 100 50 0 50 0 ISSUE Link https://gitee.com/openeuler/openstack/issues/I64OL3 https://gitee.com/openeuler/openstack/issues/I66IEB","title":"3.3.2 \u95ee\u9898\u7edf\u8ba1"},{"location":"test/openEuler-22.03-LTS-SP1/#4","text":"","title":"4 \u6d4b\u8bd5\u6267\u884c"},{"location":"test/openEuler-22.03-LTS-SP1/#41","text":"\u672c\u8282\u5185\u5bb9\u6839\u636e\u6d4b\u8bd5\u7528\u4f8b\u53ca\u5b9e\u9645\u6267\u884c\u60c5\u51b5\u8fdb\u884c\u7279\u6027\u6574\u4f53\u6d4b\u8bd5\u7684\u7edf\u8ba1\uff0c\u53ef\u6839\u636e\u7b2c\u4e8c\u7ae0\u7684\u6d4b\u8bd5\u8f6e\u6b21\u5206\u5f00\u8fdb\u884c\u7edf\u8ba1\u8bf4\u660e\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u7528\u4f8b\u6570 \u7528\u4f8b\u6267\u884c\u7ed3\u679c \u53d1\u73b0\u95ee\u9898\u5355\u6570 openEuler 22.03 LTS SP1 OpenStack Train 1354 \u901a\u8fc71289\u4e2a\uff0cskip 64\u4e2a\uff0cFail 0\u4e2a 2 openEuler 22.03 LTS SP1 OpenStack Wallaby 1164 \u901a\u8fc71088\u4e2a\uff0cskip 70\u4e2a\uff0cFail 0\u4e2a 1","title":"4.1 \u6d4b\u8bd5\u6267\u884c\u7edf\u8ba1\u6570\u636e"},{"location":"test/openEuler-22.03-LTS-SP1/#42","text":"\u6db5\u76d6\u4e3b\u8981\u7684\u6027\u80fd\u6d4b\u8bd5 \u8986\u76d6\u66f4\u591a\u7684driver/plugin\u6d4b\u8bd5","title":"4.2 \u540e\u7eed\u6d4b\u8bd5\u5efa\u8bae"},{"location":"test/openEuler-22.03-LTS-SP1/#5","text":"N/A","title":"5 \u9644\u4ef6"},{"location":"test/openEuler-22.03-LTS-SP2/","text":"openEuler 22.03 LTS SP2\u6d4b\u8bd5\u62a5\u544a \u00b6 \u7248\u6743\u6240\u6709 \u00a9 2023 openEuler\u793e\u533a \u60a8\u5bf9\u201c\u672c\u6587\u6863\u201d\u7684\u590d\u5236\u3001\u4f7f\u7528\u3001\u4fee\u6539\u53ca\u5206\u53d1\u53d7\u77e5\u8bc6\u5171\u4eab(Creative Commons)\u7f72\u540d\u2014\u76f8\u540c\u65b9\u5f0f\u5171\u4eab4.0\u56fd\u9645\u516c\u5171\u8bb8\u53ef\u534f\u8bae(\u4ee5\u4e0b\u7b80\u79f0\u201cCC BY-SA 4.0\u201d)\u7684\u7ea6\u675f\u3002\u4e3a\u4e86\u65b9\u4fbf\u7528\u6237\u7406\u89e3\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95eehttps://creativecommons.org/licenses/by-sa/4.0/ \u4e86\u89e3CC BY-SA 4.0\u7684\u6982\u8981 (\u4f46\u4e0d\u662f\u66ff\u4ee3)\u3002CC BY-SA 4.0\u7684\u5b8c\u6574\u534f\u8bae\u5185\u5bb9\u60a8\u53ef\u4ee5\u8bbf\u95ee\u5982\u4e0b\u7f51\u5740\u83b7\u53d6\uff1ahttps://creativecommons.org/licenses/by-sa/4.0/legalcode\u3002 \u4fee\u8ba2\u8bb0\u5f55 \u65e5\u671f \u4fee\u8ba2\u7248\u672c \u4fee\u6539\u63cf\u8ff0 \u4f5c\u8005 2023-06-21 1 \u521d\u7a3f \u738b\u73ba\u6e90 \u5173\u952e\u8bcd\uff1a OpenStack \u6458\u8981\uff1a \u5728 openEuler 22.03 LTS SP2 \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Train \u3001 OpenStack Wallaby \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u65b9\u4fbf\u7528\u6237\u5feb\u901f\u90e8\u7f72 OpenStack \u3002 \u7f29\u7565\u8bed\u6e05\u5355\uff1a \u7f29\u7565\u8bed \u82f1\u6587\u5168\u540d \u4e2d\u6587\u89e3\u91ca CLI Command Line Interface \u547d\u4ee4\u884c\u5de5\u5177 ECS Elastic Cloud Server \u5f39\u6027\u4e91\u670d\u52a1\u5668 1 \u7279\u6027\u6982\u8ff0 \u00b6 \u5728 openEuler 22.03 LTS SP2 \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Train \u3001 OpenStack Wallaby \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u5305\u62ec\u4ee5\u4e0b\u9879\u76ee\u4ee5\u53ca\u6bcf\u4e2a\u9879\u76ee\u914d\u5957\u7684 CLI \u3002 Keystone Neutron Cinder Nova Placement Glance Horizon Aodh Ceilometer Cyborg Gnocchi Heat Swift Ironic Kolla Trove Tempest Barbican Octavia designate Manila Masakari Mistral Senlin Zaqar 2 \u7279\u6027\u6d4b\u8bd5\u4fe1\u606f \u00b6 \u672c\u8282\u63cf\u8ff0\u88ab\u6d4b\u5bf9\u8c61\u7684\u7248\u672c\u4fe1\u606f\u548c\u6d4b\u8bd5\u7684\u65f6\u95f4\u53ca\u6d4b\u8bd5\u8f6e\u6b21\uff0c\u5305\u62ec\u4f9d\u8d56\u7684\u786c\u4ef6\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u8d77\u59cb\u65f6\u95f4 \u6d4b\u8bd5\u7ed3\u675f\u65f6\u95f4 openEuler 22.03 LTS SP2 RC1 (OpenStack Train\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2023.05.17 2023.05.23 openEuler 22.03 LTS SP2 RC1 (OpenStack Train\u7248\u672c\u57fa\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2023.05.17 2023.05.23 openEuler 22.03 LTS SP2 RC2 (OpenStack Train\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2023.05.24 2023.06.02 openEuler 22.03 LTS SP2 RC3 (OpenStack Train\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2023.06.03 2023.06.09 openEuler 22.03 LTS SP2 RC3 (OpenStack Wallaby\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2023.06.03 2023.06.09 openEuler 22.03 LTS SP2 RC3 (OpenStack Wallaby\u57fa\u7248\u672c\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2023.06.03 2023.06.09 openEuler 22.03 LTS SP2 RC4 (OpenStack Wallaby\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2023.06.10 2023.06.16 openEuler 22.03 LTS SP2 RC4 (OpenStack Wallaby\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2023.06.10 2023.06.16 \u63cf\u8ff0\u7279\u6027\u6d4b\u8bd5\u7684\u786c\u4ef6\u73af\u5883\u4fe1\u606f \u786c\u4ef6\u578b\u53f7 \u786c\u4ef6\u914d\u7f6e\u4fe1\u606f \u5907\u6ce8 \u534e\u4e3a\u4e91ECS Intel Cascade Lake 3.0GHz 8U16G \u534e\u4e3a\u4e91x86\u865a\u62df\u673a \u534e\u4e3a\u4e91ECS Huawei Kunpeng 920 2.6GHz 8U16G \u534e\u4e3a\u4e91arm64\u865a\u62df\u673a 3 \u6d4b\u8bd5\u7ed3\u8bba\u6982\u8ff0 \u00b6 3.1 \u6d4b\u8bd5\u6574\u4f53\u7ed3\u8bba \u00b6 OpenStack Train \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1354 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86 API \u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 64 \u4e2a\uff08\u5168\u662f OpenStack Train \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982Keystone V1\u3001Cinder V1\u7b49\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff0c\u5176\u4ed6 1290 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 OpenStack Wallaby \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1164 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86API\u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 70 \u4e2a\uff08\u5168\u662f OpenStack Wallaby \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982KeystoneV1\u3001Cinder V1\u7b49\uff0c\u548c\u4e0d\u652f\u6301\u7684barbican\u9879\u76ee\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff0c\u5176\u4ed6 1094 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 \u6d4b\u8bd5\u6d3b\u52a8 tempest\u96c6\u6210\u6d4b\u8bd5 \u63a5\u53e3\u6d4b\u8bd5 API\u5168\u8986\u76d6 \u529f\u80fd\u6d4b\u8bd5 Train\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1354\u4e2a\uff0c\u5176\u4e2dSkip 64\u4e2a\uff0cFail 0\u4e2a\uff0c\u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u529f\u80fd\u6d4b\u8bd5 Wallaby\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1164\u4e2a\uff0c\u5176\u4e2dSkip 70\u4e2a\uff0cFail 0\u4e2a, \u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u6d4b\u8bd5\u6d3b\u52a8 \u529f\u80fd\u6d4b\u8bd5 \u529f\u80fd\u6d4b\u8bd5 \u865a\u62df\u673a\uff08KVM\u3001Qemu)\u3001\u5b58\u50a8\uff08lvm\u3001NFS\u3001Ceph\u540e\u7aef\uff09\u3001\u7f51\u7edc\u8d44\u6e90\uff08linuxbridge\u3001openvswitch\uff09\u7ba1\u7406\u64cd\u4f5c\u6b63\u5e38 3.2 \u7ea6\u675f\u8bf4\u660e \u00b6 \u672c\u6b21\u6d4b\u8bd5\u6ca1\u6709\u8986\u76d6 OpenStack Train \u3001 OpenStack Wallaby \u7248\u4e2d\u660e\u786e\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff0c\u56e0\u6b64\u4e0d\u80fd\u4fdd\u8bc1\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff08\u524d\u6587\u63d0\u5230\u7684Skip\u7684\u7528\u4f8b\uff09\u5728 openEuler 22.03 LTS SP2 \u4e0a\u80fd\u6b63\u5e38\u4f7f\u7528\u3002 3.3 \u9057\u7559\u95ee\u9898\u5206\u6790 \u00b6 3.3.1 \u9057\u7559\u95ee\u9898\u5f71\u54cd\u4ee5\u53ca\u89c4\u907f\u63aa\u65bd \u00b6 \u95ee\u9898\u5355\u53f7 \u95ee\u9898\u63cf\u8ff0 \u95ee\u9898\u7ea7\u522b \u95ee\u9898\u5f71\u54cd\u548c\u89c4\u907f\u63aa\u65bd \u5f53\u524d\u72b6\u6001 N/A N/A N/A N/A N/A 3.3.2 \u95ee\u9898\u7edf\u8ba1 \u00b6 \u95ee\u9898\u603b\u6570 \u4e25\u91cd \u4e3b\u8981 \u6b21\u8981 \u4e0d\u91cd\u8981 \u6570\u76ee 12 0 5 6 1 \u767e\u5206\u6bd4 100 0 42 50 8 ISSUE Link https://gitee.com/src-openeuler/python-flask-restful/issues/I7ABYH https://gitee.com/src-openeuler/python-zVMCloudConnector/issues/I79KJO https://gitee.com/src-openeuler/openvswitch/issues/I79K23 https://gitee.com/src-openeuler/openstack-nova/issues/I79JC8 https://gitee.com/src-openeuler/python-rtslib-fb/issues/I79IXG https://gitee.com/src-openeuler/python-suds-jurko/issues/I79IQM https://gitee.com/src-openeuler/ovn/issues/I79I7O https://gitee.com/openeuler/openstack/issues/I77LN7 https://gitee.com/openeuler/openstack/issues/I77LQN https://gitee.com/openeuler/openstack/issues/I79OIL https://gitee.com/openeuler/openstack/issues/I7BQC0 https://gitee.com/openeuler/openstack/issues/I7CC2N 4 \u6d4b\u8bd5\u6267\u884c \u00b6 4.1 \u6d4b\u8bd5\u6267\u884c\u7edf\u8ba1\u6570\u636e \u00b6 \u672c\u8282\u5185\u5bb9\u6839\u636e\u6d4b\u8bd5\u7528\u4f8b\u53ca\u5b9e\u9645\u6267\u884c\u60c5\u51b5\u8fdb\u884c\u7279\u6027\u6574\u4f53\u6d4b\u8bd5\u7684\u7edf\u8ba1\uff0c\u53ef\u6839\u636e\u7b2c\u4e8c\u7ae0\u7684\u6d4b\u8bd5\u8f6e\u6b21\u5206\u5f00\u8fdb\u884c\u7edf\u8ba1\u8bf4\u660e\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u7528\u4f8b\u6570 \u7528\u4f8b\u6267\u884c\u7ed3\u679c \u53d1\u73b0\u95ee\u9898\u5355\u6570 openEuler 22.03 LTS SP2 OpenStack Train 1354 \u901a\u8fc71289\u4e2a\uff0cskip 64\u4e2a\uff0cFail 0\u4e2a 2 openEuler 22.03 LTS SP2 OpenStack Wallaby 1164 \u901a\u8fc71088\u4e2a\uff0cskip 70\u4e2a\uff0cFail 0\u4e2a 1 4.2 \u540e\u7eed\u6d4b\u8bd5\u5efa\u8bae \u00b6 \u6db5\u76d6\u4e3b\u8981\u7684\u6027\u80fd\u6d4b\u8bd5\u3002 \u8986\u76d6\u66f4\u591a\u7684driver/plugin\u6d4b\u8bd5\u3002 \u91cd\u70b9\u6d4b\u8bd5SP2\u65b0\u589eOpenStack\u670d\u52a1\uff0c\u5c3d\u65e9\u53d1\u73b0\u95ee\u9898\uff0c\u89e3\u51b3\u95ee\u9898\u3002 5 \u9644\u4ef6 \u00b6 N/A","title":"openEuler-22.03-LTS-SP2"},{"location":"test/openEuler-22.03-LTS-SP2/#openeuler-2203-lts-sp2","text":"\u7248\u6743\u6240\u6709 \u00a9 2023 openEuler\u793e\u533a \u60a8\u5bf9\u201c\u672c\u6587\u6863\u201d\u7684\u590d\u5236\u3001\u4f7f\u7528\u3001\u4fee\u6539\u53ca\u5206\u53d1\u53d7\u77e5\u8bc6\u5171\u4eab(Creative Commons)\u7f72\u540d\u2014\u76f8\u540c\u65b9\u5f0f\u5171\u4eab4.0\u56fd\u9645\u516c\u5171\u8bb8\u53ef\u534f\u8bae(\u4ee5\u4e0b\u7b80\u79f0\u201cCC BY-SA 4.0\u201d)\u7684\u7ea6\u675f\u3002\u4e3a\u4e86\u65b9\u4fbf\u7528\u6237\u7406\u89e3\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95eehttps://creativecommons.org/licenses/by-sa/4.0/ \u4e86\u89e3CC BY-SA 4.0\u7684\u6982\u8981 (\u4f46\u4e0d\u662f\u66ff\u4ee3)\u3002CC BY-SA 4.0\u7684\u5b8c\u6574\u534f\u8bae\u5185\u5bb9\u60a8\u53ef\u4ee5\u8bbf\u95ee\u5982\u4e0b\u7f51\u5740\u83b7\u53d6\uff1ahttps://creativecommons.org/licenses/by-sa/4.0/legalcode\u3002 \u4fee\u8ba2\u8bb0\u5f55 \u65e5\u671f \u4fee\u8ba2\u7248\u672c \u4fee\u6539\u63cf\u8ff0 \u4f5c\u8005 2023-06-21 1 \u521d\u7a3f \u738b\u73ba\u6e90 \u5173\u952e\u8bcd\uff1a OpenStack \u6458\u8981\uff1a \u5728 openEuler 22.03 LTS SP2 \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Train \u3001 OpenStack Wallaby \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u65b9\u4fbf\u7528\u6237\u5feb\u901f\u90e8\u7f72 OpenStack \u3002 \u7f29\u7565\u8bed\u6e05\u5355\uff1a \u7f29\u7565\u8bed \u82f1\u6587\u5168\u540d \u4e2d\u6587\u89e3\u91ca CLI Command Line Interface \u547d\u4ee4\u884c\u5de5\u5177 ECS Elastic Cloud Server \u5f39\u6027\u4e91\u670d\u52a1\u5668","title":"openEuler 22.03 LTS SP2\u6d4b\u8bd5\u62a5\u544a"},{"location":"test/openEuler-22.03-LTS-SP2/#1","text":"\u5728 openEuler 22.03 LTS SP2 \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Train \u3001 OpenStack Wallaby \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u5305\u62ec\u4ee5\u4e0b\u9879\u76ee\u4ee5\u53ca\u6bcf\u4e2a\u9879\u76ee\u914d\u5957\u7684 CLI \u3002 Keystone Neutron Cinder Nova Placement Glance Horizon Aodh Ceilometer Cyborg Gnocchi Heat Swift Ironic Kolla Trove Tempest Barbican Octavia designate Manila Masakari Mistral Senlin Zaqar","title":"1 \u7279\u6027\u6982\u8ff0"},{"location":"test/openEuler-22.03-LTS-SP2/#2","text":"\u672c\u8282\u63cf\u8ff0\u88ab\u6d4b\u5bf9\u8c61\u7684\u7248\u672c\u4fe1\u606f\u548c\u6d4b\u8bd5\u7684\u65f6\u95f4\u53ca\u6d4b\u8bd5\u8f6e\u6b21\uff0c\u5305\u62ec\u4f9d\u8d56\u7684\u786c\u4ef6\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u8d77\u59cb\u65f6\u95f4 \u6d4b\u8bd5\u7ed3\u675f\u65f6\u95f4 openEuler 22.03 LTS SP2 RC1 (OpenStack Train\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2023.05.17 2023.05.23 openEuler 22.03 LTS SP2 RC1 (OpenStack Train\u7248\u672c\u57fa\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2023.05.17 2023.05.23 openEuler 22.03 LTS SP2 RC2 (OpenStack Train\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2023.05.24 2023.06.02 openEuler 22.03 LTS SP2 RC3 (OpenStack Train\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2023.06.03 2023.06.09 openEuler 22.03 LTS SP2 RC3 (OpenStack Wallaby\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2023.06.03 2023.06.09 openEuler 22.03 LTS SP2 RC3 (OpenStack Wallaby\u57fa\u7248\u672c\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2023.06.03 2023.06.09 openEuler 22.03 LTS SP2 RC4 (OpenStack Wallaby\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2023.06.10 2023.06.16 openEuler 22.03 LTS SP2 RC4 (OpenStack Wallaby\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2023.06.10 2023.06.16 \u63cf\u8ff0\u7279\u6027\u6d4b\u8bd5\u7684\u786c\u4ef6\u73af\u5883\u4fe1\u606f \u786c\u4ef6\u578b\u53f7 \u786c\u4ef6\u914d\u7f6e\u4fe1\u606f \u5907\u6ce8 \u534e\u4e3a\u4e91ECS Intel Cascade Lake 3.0GHz 8U16G \u534e\u4e3a\u4e91x86\u865a\u62df\u673a \u534e\u4e3a\u4e91ECS Huawei Kunpeng 920 2.6GHz 8U16G \u534e\u4e3a\u4e91arm64\u865a\u62df\u673a","title":"2 \u7279\u6027\u6d4b\u8bd5\u4fe1\u606f"},{"location":"test/openEuler-22.03-LTS-SP2/#3","text":"","title":"3 \u6d4b\u8bd5\u7ed3\u8bba\u6982\u8ff0"},{"location":"test/openEuler-22.03-LTS-SP2/#31","text":"OpenStack Train \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1354 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86 API \u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 64 \u4e2a\uff08\u5168\u662f OpenStack Train \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982Keystone V1\u3001Cinder V1\u7b49\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff0c\u5176\u4ed6 1290 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 OpenStack Wallaby \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1164 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86API\u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 70 \u4e2a\uff08\u5168\u662f OpenStack Wallaby \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982KeystoneV1\u3001Cinder V1\u7b49\uff0c\u548c\u4e0d\u652f\u6301\u7684barbican\u9879\u76ee\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff0c\u5176\u4ed6 1094 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 \u6d4b\u8bd5\u6d3b\u52a8 tempest\u96c6\u6210\u6d4b\u8bd5 \u63a5\u53e3\u6d4b\u8bd5 API\u5168\u8986\u76d6 \u529f\u80fd\u6d4b\u8bd5 Train\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1354\u4e2a\uff0c\u5176\u4e2dSkip 64\u4e2a\uff0cFail 0\u4e2a\uff0c\u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u529f\u80fd\u6d4b\u8bd5 Wallaby\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1164\u4e2a\uff0c\u5176\u4e2dSkip 70\u4e2a\uff0cFail 0\u4e2a, \u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u6d4b\u8bd5\u6d3b\u52a8 \u529f\u80fd\u6d4b\u8bd5 \u529f\u80fd\u6d4b\u8bd5 \u865a\u62df\u673a\uff08KVM\u3001Qemu)\u3001\u5b58\u50a8\uff08lvm\u3001NFS\u3001Ceph\u540e\u7aef\uff09\u3001\u7f51\u7edc\u8d44\u6e90\uff08linuxbridge\u3001openvswitch\uff09\u7ba1\u7406\u64cd\u4f5c\u6b63\u5e38","title":"3.1 \u6d4b\u8bd5\u6574\u4f53\u7ed3\u8bba"},{"location":"test/openEuler-22.03-LTS-SP2/#32","text":"\u672c\u6b21\u6d4b\u8bd5\u6ca1\u6709\u8986\u76d6 OpenStack Train \u3001 OpenStack Wallaby \u7248\u4e2d\u660e\u786e\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff0c\u56e0\u6b64\u4e0d\u80fd\u4fdd\u8bc1\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff08\u524d\u6587\u63d0\u5230\u7684Skip\u7684\u7528\u4f8b\uff09\u5728 openEuler 22.03 LTS SP2 \u4e0a\u80fd\u6b63\u5e38\u4f7f\u7528\u3002","title":"3.2 \u7ea6\u675f\u8bf4\u660e"},{"location":"test/openEuler-22.03-LTS-SP2/#33","text":"","title":"3.3 \u9057\u7559\u95ee\u9898\u5206\u6790"},{"location":"test/openEuler-22.03-LTS-SP2/#331","text":"\u95ee\u9898\u5355\u53f7 \u95ee\u9898\u63cf\u8ff0 \u95ee\u9898\u7ea7\u522b \u95ee\u9898\u5f71\u54cd\u548c\u89c4\u907f\u63aa\u65bd \u5f53\u524d\u72b6\u6001 N/A N/A N/A N/A N/A","title":"3.3.1 \u9057\u7559\u95ee\u9898\u5f71\u54cd\u4ee5\u53ca\u89c4\u907f\u63aa\u65bd"},{"location":"test/openEuler-22.03-LTS-SP2/#332","text":"\u95ee\u9898\u603b\u6570 \u4e25\u91cd \u4e3b\u8981 \u6b21\u8981 \u4e0d\u91cd\u8981 \u6570\u76ee 12 0 5 6 1 \u767e\u5206\u6bd4 100 0 42 50 8 ISSUE Link https://gitee.com/src-openeuler/python-flask-restful/issues/I7ABYH https://gitee.com/src-openeuler/python-zVMCloudConnector/issues/I79KJO https://gitee.com/src-openeuler/openvswitch/issues/I79K23 https://gitee.com/src-openeuler/openstack-nova/issues/I79JC8 https://gitee.com/src-openeuler/python-rtslib-fb/issues/I79IXG https://gitee.com/src-openeuler/python-suds-jurko/issues/I79IQM https://gitee.com/src-openeuler/ovn/issues/I79I7O https://gitee.com/openeuler/openstack/issues/I77LN7 https://gitee.com/openeuler/openstack/issues/I77LQN https://gitee.com/openeuler/openstack/issues/I79OIL https://gitee.com/openeuler/openstack/issues/I7BQC0 https://gitee.com/openeuler/openstack/issues/I7CC2N","title":"3.3.2 \u95ee\u9898\u7edf\u8ba1"},{"location":"test/openEuler-22.03-LTS-SP2/#4","text":"","title":"4 \u6d4b\u8bd5\u6267\u884c"},{"location":"test/openEuler-22.03-LTS-SP2/#41","text":"\u672c\u8282\u5185\u5bb9\u6839\u636e\u6d4b\u8bd5\u7528\u4f8b\u53ca\u5b9e\u9645\u6267\u884c\u60c5\u51b5\u8fdb\u884c\u7279\u6027\u6574\u4f53\u6d4b\u8bd5\u7684\u7edf\u8ba1\uff0c\u53ef\u6839\u636e\u7b2c\u4e8c\u7ae0\u7684\u6d4b\u8bd5\u8f6e\u6b21\u5206\u5f00\u8fdb\u884c\u7edf\u8ba1\u8bf4\u660e\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u7528\u4f8b\u6570 \u7528\u4f8b\u6267\u884c\u7ed3\u679c \u53d1\u73b0\u95ee\u9898\u5355\u6570 openEuler 22.03 LTS SP2 OpenStack Train 1354 \u901a\u8fc71289\u4e2a\uff0cskip 64\u4e2a\uff0cFail 0\u4e2a 2 openEuler 22.03 LTS SP2 OpenStack Wallaby 1164 \u901a\u8fc71088\u4e2a\uff0cskip 70\u4e2a\uff0cFail 0\u4e2a 1","title":"4.1 \u6d4b\u8bd5\u6267\u884c\u7edf\u8ba1\u6570\u636e"},{"location":"test/openEuler-22.03-LTS-SP2/#42","text":"\u6db5\u76d6\u4e3b\u8981\u7684\u6027\u80fd\u6d4b\u8bd5\u3002 \u8986\u76d6\u66f4\u591a\u7684driver/plugin\u6d4b\u8bd5\u3002 \u91cd\u70b9\u6d4b\u8bd5SP2\u65b0\u589eOpenStack\u670d\u52a1\uff0c\u5c3d\u65e9\u53d1\u73b0\u95ee\u9898\uff0c\u89e3\u51b3\u95ee\u9898\u3002","title":"4.2 \u540e\u7eed\u6d4b\u8bd5\u5efa\u8bae"},{"location":"test/openEuler-22.03-LTS-SP2/#5","text":"N/A","title":"5 \u9644\u4ef6"},{"location":"test/openEuler-22.03-LTS-SP3/","text":"openEuler 22.03 LTS SP3\u6d4b\u8bd5\u62a5\u544a \u00b6 \u7248\u6743\u6240\u6709 \u00a9 2023 openEuler\u793e\u533a \u60a8\u5bf9\u201c\u672c\u6587\u6863\u201d\u7684\u590d\u5236\u3001\u4f7f\u7528\u3001\u4fee\u6539\u53ca\u5206\u53d1\u53d7\u77e5\u8bc6\u5171\u4eab(Creative Commons)\u7f72\u540d\u2014\u76f8\u540c\u65b9\u5f0f\u5171\u4eab4.0\u56fd\u9645\u516c\u5171\u8bb8\u53ef\u534f\u8bae(\u4ee5\u4e0b\u7b80\u79f0\u201cCC BY-SA 4.0\u201d)\u7684\u7ea6\u675f\u3002\u4e3a\u4e86\u65b9\u4fbf\u7528\u6237\u7406\u89e3\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95eehttps://creativecommons.org/licenses/by-sa/4.0/ \u4e86\u89e3CC BY-SA 4.0\u7684\u6982\u8981 (\u4f46\u4e0d\u662f\u66ff\u4ee3)\u3002CC BY-SA 4.0\u7684\u5b8c\u6574\u534f\u8bae\u5185\u5bb9\u60a8\u53ef\u4ee5\u8bbf\u95ee\u5982\u4e0b\u7f51\u5740\u83b7\u53d6\uff1ahttps://creativecommons.org/licenses/by-sa/4.0/legalcode\u3002 \u4fee\u8ba2\u8bb0\u5f55 \u65e5\u671f \u4fee\u8ba2\u7248\u672c \u4fee\u6539\u63cf\u8ff0 \u4f5c\u8005 2023-12-27 1 \u521d\u7a3f \u90d1\u633a \u5173\u952e\u8bcd\uff1a OpenStack \u6458\u8981\uff1a \u5728 openEuler 22.03 LTS SP3 \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Train \u3001 OpenStack Wallaby \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u65b9\u4fbf\u7528\u6237\u5feb\u901f\u90e8\u7f72 OpenStack \u3002 \u7f29\u7565\u8bed\u6e05\u5355\uff1a \u7f29\u7565\u8bed \u82f1\u6587\u5168\u540d \u4e2d\u6587\u89e3\u91ca CLI Command Line Interface \u547d\u4ee4\u884c\u5de5\u5177 ECS Elastic Cloud Server \u5f39\u6027\u4e91\u670d\u52a1\u5668 1 \u7279\u6027\u6982\u8ff0 \u00b6 \u5728 openEuler 22.03 LTS SP3 \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Train \u3001 OpenStack Wallaby \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u5305\u62ec\u4ee5\u4e0b\u9879\u76ee\u4ee5\u53ca\u6bcf\u4e2a\u9879\u76ee\u914d\u5957\u7684 CLI \u3002 Keystone Neutron Cinder Nova Placement Glance Horizon Aodh Ceilometer Cyborg Gnocchi Heat Swift Ironic Kolla Trove Tempest Barbican Octavia designate Manila Masakari Mistral Senlin Zaqar 2 \u7279\u6027\u6d4b\u8bd5\u4fe1\u606f \u00b6 \u672c\u8282\u63cf\u8ff0\u88ab\u6d4b\u5bf9\u8c61\u7684\u7248\u672c\u4fe1\u606f\u548c\u6d4b\u8bd5\u7684\u65f6\u95f4\u53ca\u6d4b\u8bd5\u8f6e\u6b21\uff0c\u5305\u62ec\u4f9d\u8d56\u7684\u786c\u4ef6\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u8d77\u59cb\u65f6\u95f4 \u6d4b\u8bd5\u7ed3\u675f\u65f6\u95f4 openEuler 22.03 LTS SP3 RC1 (OpenStack Train\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2023.11.23 2023.11.27 openEuler 22.03 LTS SP3 RC1 (OpenStack Train\u7248\u672c\u57fa\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2023.11.28 2023.12.1 openEuler 22.03 LTS SP3 RC2 (OpenStack Train\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2023.12.2 2023.12.6 openEuler 22.03 LTS SP3 RC3 (OpenStack Train\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2023.12.7 2023.12.11 openEuler 22.03 LTS SP3 RC3 (OpenStack Wallaby\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2023.12.12 2023.12.16 openEuler 22.03 LTS SP3 RC3 (OpenStack Wallaby\u57fa\u7248\u672c\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2023.12.17 2023.12.21 openEuler 22.03 LTS SP3 RC4 (OpenStack Wallaby\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2023.12.21 2023.12.25 openEuler 22.03 LTS SP3 RC4 (OpenStack Wallaby\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2023.12.25 2023.12.28 \u63cf\u8ff0\u7279\u6027\u6d4b\u8bd5\u7684\u786c\u4ef6\u73af\u5883\u4fe1\u606f \u786c\u4ef6\u578b\u53f7 \u786c\u4ef6\u914d\u7f6e\u4fe1\u606f \u5907\u6ce8 \u534e\u4e3a\u4e91ECS Intel Cascade Lake 3.0GHz 8U16G \u534e\u4e3a\u4e91x86\u865a\u62df\u673a \u534e\u4e3a\u4e91ECS Huawei Kunpeng 920 2.6GHz 8U16G \u534e\u4e3a\u4e91arm64\u865a\u62df\u673a 3 \u6d4b\u8bd5\u7ed3\u8bba\u6982\u8ff0 \u00b6 3.1 \u6d4b\u8bd5\u6574\u4f53\u7ed3\u8bba \u00b6 OpenStack Train \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1303 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86 API \u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 65 \u4e2a\uff08\u5168\u662f OpenStack Train \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982Keystone V1\u3001Cinder V1\u7b49\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff0c\u5176\u4ed6 1238 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 OpenStack Wallaby \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1263 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86API\u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 93 \u4e2a\uff08\u5168\u662f OpenStack Wallaby \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982KeystoneV1\u3001Cinder V1\u7b49\uff0c\u548c\u4e0d\u652f\u6301\u7684barbican\u9879\u76ee\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff0c\u5176\u4ed6 1170 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 \u6d4b\u8bd5\u6d3b\u52a8 tempest\u96c6\u6210\u6d4b\u8bd5 \u63a5\u53e3\u6d4b\u8bd5 API\u5168\u8986\u76d6 \u529f\u80fd\u6d4b\u8bd5 Train\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1303\u4e2a\uff0c\u5176\u4e2dSkip 65\u4e2a\uff0cFail 0\u4e2a\uff0c\u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u529f\u80fd\u6d4b\u8bd5 Wallaby\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1263\u4e2a\uff0c\u5176\u4e2dSkip 93\u4e2a\uff0cFail 0\u4e2a, \u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u6d4b\u8bd5\u6d3b\u52a8 \u529f\u80fd\u6d4b\u8bd5 \u529f\u80fd\u6d4b\u8bd5 \u865a\u62df\u673a\uff08KVM\u3001Qemu)\u3001\u5b58\u50a8\uff08lvm\u3001NFS\u3001Ceph\u540e\u7aef\uff09\u3001\u7f51\u7edc\u8d44\u6e90\uff08linuxbridge\u3001openvswitch\uff09\u7ba1\u7406\u64cd\u4f5c\u6b63\u5e38 3.2 \u7ea6\u675f\u8bf4\u660e \u00b6 \u672c\u6b21\u6d4b\u8bd5\u6ca1\u6709\u8986\u76d6 OpenStack Train \u3001 OpenStack Wallaby \u7248\u4e2d\u660e\u786e\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff0c\u56e0\u6b64\u4e0d\u80fd\u4fdd\u8bc1\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff08\u524d\u6587\u63d0\u5230\u7684Skip\u7684\u7528\u4f8b\uff09\u5728 openEuler 22.03 LTS SP3 \u4e0a\u80fd\u6b63\u5e38\u4f7f\u7528\u3002 3.3 \u9057\u7559\u95ee\u9898\u5206\u6790 \u00b6 3.3.1 \u9057\u7559\u95ee\u9898\u5f71\u54cd\u4ee5\u53ca\u89c4\u907f\u63aa\u65bd \u00b6 \u95ee\u9898\u5355\u53f7 \u95ee\u9898\u63cf\u8ff0 \u95ee\u9898\u7ea7\u522b \u95ee\u9898\u5f71\u54cd\u548c\u89c4\u907f\u63aa\u65bd \u5f53\u524d\u72b6\u6001 N/A N/A N/A N/A N/A 3.3.2 \u95ee\u9898\u7edf\u8ba1 \u00b6 \u95ee\u9898\u603b\u6570 \u4e25\u91cd \u4e3b\u8981 \u6b21\u8981 \u4e0d\u91cd\u8981 \u6570\u76ee 1 0 1 0 0 \u767e\u5206\u6bd4 100 0 100 0 0 ISSUE Link https://gitee.com/src-openeuler/python-ndg-httpsclient/issues/I8Q6GR 4 \u6d4b\u8bd5\u6267\u884c \u00b6 4.1 \u6d4b\u8bd5\u6267\u884c\u7edf\u8ba1\u6570\u636e \u00b6 \u672c\u8282\u5185\u5bb9\u6839\u636e\u6d4b\u8bd5\u7528\u4f8b\u53ca\u5b9e\u9645\u6267\u884c\u60c5\u51b5\u8fdb\u884c\u7279\u6027\u6574\u4f53\u6d4b\u8bd5\u7684\u7edf\u8ba1\uff0c\u53ef\u6839\u636e\u7b2c\u4e8c\u7ae0\u7684\u6d4b\u8bd5\u8f6e\u6b21\u5206\u5f00\u8fdb\u884c\u7edf\u8ba1\u8bf4\u660e\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u7528\u4f8b\u6570 \u7528\u4f8b\u6267\u884c\u7ed3\u679c \u53d1\u73b0\u95ee\u9898\u5355\u6570 openEuler 22.03 LTS SP3 OpenStack Train 1303 \u901a\u8fc71238\u4e2a\uff0cskip 65\u4e2a\uff0cFail 0\u4e2a 0 openEuler 22.03 LTS SP3 OpenStack Wallaby 1263 \u901a\u8fc71170\u4e2a\uff0cskip 93\u4e2a\uff0cFail 0\u4e2a 1 4.2 \u540e\u7eed\u6d4b\u8bd5\u5efa\u8bae \u00b6 \u6db5\u76d6\u4e3b\u8981\u7684\u6027\u80fd\u6d4b\u8bd5\u3002 \u8986\u76d6\u66f4\u591a\u7684driver/plugin\u6d4b\u8bd5\u3002 \u91cd\u70b9\u6d4b\u8bd5SP3\u65b0\u589eOpenStack\u670d\u52a1\uff0c\u5c3d\u65e9\u53d1\u73b0\u95ee\u9898\uff0c\u89e3\u51b3\u95ee\u9898\u3002 5 \u9644\u4ef6 \u00b6 N/A","title":"openEuler-22.03-LTS-SP3"},{"location":"test/openEuler-22.03-LTS-SP3/#openeuler-2203-lts-sp3","text":"\u7248\u6743\u6240\u6709 \u00a9 2023 openEuler\u793e\u533a \u60a8\u5bf9\u201c\u672c\u6587\u6863\u201d\u7684\u590d\u5236\u3001\u4f7f\u7528\u3001\u4fee\u6539\u53ca\u5206\u53d1\u53d7\u77e5\u8bc6\u5171\u4eab(Creative Commons)\u7f72\u540d\u2014\u76f8\u540c\u65b9\u5f0f\u5171\u4eab4.0\u56fd\u9645\u516c\u5171\u8bb8\u53ef\u534f\u8bae(\u4ee5\u4e0b\u7b80\u79f0\u201cCC BY-SA 4.0\u201d)\u7684\u7ea6\u675f\u3002\u4e3a\u4e86\u65b9\u4fbf\u7528\u6237\u7406\u89e3\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95eehttps://creativecommons.org/licenses/by-sa/4.0/ \u4e86\u89e3CC BY-SA 4.0\u7684\u6982\u8981 (\u4f46\u4e0d\u662f\u66ff\u4ee3)\u3002CC BY-SA 4.0\u7684\u5b8c\u6574\u534f\u8bae\u5185\u5bb9\u60a8\u53ef\u4ee5\u8bbf\u95ee\u5982\u4e0b\u7f51\u5740\u83b7\u53d6\uff1ahttps://creativecommons.org/licenses/by-sa/4.0/legalcode\u3002 \u4fee\u8ba2\u8bb0\u5f55 \u65e5\u671f \u4fee\u8ba2\u7248\u672c \u4fee\u6539\u63cf\u8ff0 \u4f5c\u8005 2023-12-27 1 \u521d\u7a3f \u90d1\u633a \u5173\u952e\u8bcd\uff1a OpenStack \u6458\u8981\uff1a \u5728 openEuler 22.03 LTS SP3 \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Train \u3001 OpenStack Wallaby \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u65b9\u4fbf\u7528\u6237\u5feb\u901f\u90e8\u7f72 OpenStack \u3002 \u7f29\u7565\u8bed\u6e05\u5355\uff1a \u7f29\u7565\u8bed \u82f1\u6587\u5168\u540d \u4e2d\u6587\u89e3\u91ca CLI Command Line Interface \u547d\u4ee4\u884c\u5de5\u5177 ECS Elastic Cloud Server \u5f39\u6027\u4e91\u670d\u52a1\u5668","title":"openEuler 22.03 LTS SP3\u6d4b\u8bd5\u62a5\u544a"},{"location":"test/openEuler-22.03-LTS-SP3/#1","text":"\u5728 openEuler 22.03 LTS SP3 \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Train \u3001 OpenStack Wallaby \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u5305\u62ec\u4ee5\u4e0b\u9879\u76ee\u4ee5\u53ca\u6bcf\u4e2a\u9879\u76ee\u914d\u5957\u7684 CLI \u3002 Keystone Neutron Cinder Nova Placement Glance Horizon Aodh Ceilometer Cyborg Gnocchi Heat Swift Ironic Kolla Trove Tempest Barbican Octavia designate Manila Masakari Mistral Senlin Zaqar","title":"1 \u7279\u6027\u6982\u8ff0"},{"location":"test/openEuler-22.03-LTS-SP3/#2","text":"\u672c\u8282\u63cf\u8ff0\u88ab\u6d4b\u5bf9\u8c61\u7684\u7248\u672c\u4fe1\u606f\u548c\u6d4b\u8bd5\u7684\u65f6\u95f4\u53ca\u6d4b\u8bd5\u8f6e\u6b21\uff0c\u5305\u62ec\u4f9d\u8d56\u7684\u786c\u4ef6\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u8d77\u59cb\u65f6\u95f4 \u6d4b\u8bd5\u7ed3\u675f\u65f6\u95f4 openEuler 22.03 LTS SP3 RC1 (OpenStack Train\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2023.11.23 2023.11.27 openEuler 22.03 LTS SP3 RC1 (OpenStack Train\u7248\u672c\u57fa\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2023.11.28 2023.12.1 openEuler 22.03 LTS SP3 RC2 (OpenStack Train\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2023.12.2 2023.12.6 openEuler 22.03 LTS SP3 RC3 (OpenStack Train\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2023.12.7 2023.12.11 openEuler 22.03 LTS SP3 RC3 (OpenStack Wallaby\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2023.12.12 2023.12.16 openEuler 22.03 LTS SP3 RC3 (OpenStack Wallaby\u57fa\u7248\u672c\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2023.12.17 2023.12.21 openEuler 22.03 LTS SP3 RC4 (OpenStack Wallaby\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2023.12.21 2023.12.25 openEuler 22.03 LTS SP3 RC4 (OpenStack Wallaby\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2023.12.25 2023.12.28 \u63cf\u8ff0\u7279\u6027\u6d4b\u8bd5\u7684\u786c\u4ef6\u73af\u5883\u4fe1\u606f \u786c\u4ef6\u578b\u53f7 \u786c\u4ef6\u914d\u7f6e\u4fe1\u606f \u5907\u6ce8 \u534e\u4e3a\u4e91ECS Intel Cascade Lake 3.0GHz 8U16G \u534e\u4e3a\u4e91x86\u865a\u62df\u673a \u534e\u4e3a\u4e91ECS Huawei Kunpeng 920 2.6GHz 8U16G \u534e\u4e3a\u4e91arm64\u865a\u62df\u673a","title":"2 \u7279\u6027\u6d4b\u8bd5\u4fe1\u606f"},{"location":"test/openEuler-22.03-LTS-SP3/#3","text":"","title":"3 \u6d4b\u8bd5\u7ed3\u8bba\u6982\u8ff0"},{"location":"test/openEuler-22.03-LTS-SP3/#31","text":"OpenStack Train \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1303 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86 API \u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 65 \u4e2a\uff08\u5168\u662f OpenStack Train \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982Keystone V1\u3001Cinder V1\u7b49\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff0c\u5176\u4ed6 1238 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 OpenStack Wallaby \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1263 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86API\u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 93 \u4e2a\uff08\u5168\u662f OpenStack Wallaby \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982KeystoneV1\u3001Cinder V1\u7b49\uff0c\u548c\u4e0d\u652f\u6301\u7684barbican\u9879\u76ee\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff0c\u5176\u4ed6 1170 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 \u6d4b\u8bd5\u6d3b\u52a8 tempest\u96c6\u6210\u6d4b\u8bd5 \u63a5\u53e3\u6d4b\u8bd5 API\u5168\u8986\u76d6 \u529f\u80fd\u6d4b\u8bd5 Train\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1303\u4e2a\uff0c\u5176\u4e2dSkip 65\u4e2a\uff0cFail 0\u4e2a\uff0c\u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u529f\u80fd\u6d4b\u8bd5 Wallaby\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1263\u4e2a\uff0c\u5176\u4e2dSkip 93\u4e2a\uff0cFail 0\u4e2a, \u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u6d4b\u8bd5\u6d3b\u52a8 \u529f\u80fd\u6d4b\u8bd5 \u529f\u80fd\u6d4b\u8bd5 \u865a\u62df\u673a\uff08KVM\u3001Qemu)\u3001\u5b58\u50a8\uff08lvm\u3001NFS\u3001Ceph\u540e\u7aef\uff09\u3001\u7f51\u7edc\u8d44\u6e90\uff08linuxbridge\u3001openvswitch\uff09\u7ba1\u7406\u64cd\u4f5c\u6b63\u5e38","title":"3.1 \u6d4b\u8bd5\u6574\u4f53\u7ed3\u8bba"},{"location":"test/openEuler-22.03-LTS-SP3/#32","text":"\u672c\u6b21\u6d4b\u8bd5\u6ca1\u6709\u8986\u76d6 OpenStack Train \u3001 OpenStack Wallaby \u7248\u4e2d\u660e\u786e\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff0c\u56e0\u6b64\u4e0d\u80fd\u4fdd\u8bc1\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff08\u524d\u6587\u63d0\u5230\u7684Skip\u7684\u7528\u4f8b\uff09\u5728 openEuler 22.03 LTS SP3 \u4e0a\u80fd\u6b63\u5e38\u4f7f\u7528\u3002","title":"3.2 \u7ea6\u675f\u8bf4\u660e"},{"location":"test/openEuler-22.03-LTS-SP3/#33","text":"","title":"3.3 \u9057\u7559\u95ee\u9898\u5206\u6790"},{"location":"test/openEuler-22.03-LTS-SP3/#331","text":"\u95ee\u9898\u5355\u53f7 \u95ee\u9898\u63cf\u8ff0 \u95ee\u9898\u7ea7\u522b \u95ee\u9898\u5f71\u54cd\u548c\u89c4\u907f\u63aa\u65bd \u5f53\u524d\u72b6\u6001 N/A N/A N/A N/A N/A","title":"3.3.1 \u9057\u7559\u95ee\u9898\u5f71\u54cd\u4ee5\u53ca\u89c4\u907f\u63aa\u65bd"},{"location":"test/openEuler-22.03-LTS-SP3/#332","text":"\u95ee\u9898\u603b\u6570 \u4e25\u91cd \u4e3b\u8981 \u6b21\u8981 \u4e0d\u91cd\u8981 \u6570\u76ee 1 0 1 0 0 \u767e\u5206\u6bd4 100 0 100 0 0 ISSUE Link https://gitee.com/src-openeuler/python-ndg-httpsclient/issues/I8Q6GR","title":"3.3.2 \u95ee\u9898\u7edf\u8ba1"},{"location":"test/openEuler-22.03-LTS-SP3/#4","text":"","title":"4 \u6d4b\u8bd5\u6267\u884c"},{"location":"test/openEuler-22.03-LTS-SP3/#41","text":"\u672c\u8282\u5185\u5bb9\u6839\u636e\u6d4b\u8bd5\u7528\u4f8b\u53ca\u5b9e\u9645\u6267\u884c\u60c5\u51b5\u8fdb\u884c\u7279\u6027\u6574\u4f53\u6d4b\u8bd5\u7684\u7edf\u8ba1\uff0c\u53ef\u6839\u636e\u7b2c\u4e8c\u7ae0\u7684\u6d4b\u8bd5\u8f6e\u6b21\u5206\u5f00\u8fdb\u884c\u7edf\u8ba1\u8bf4\u660e\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u7528\u4f8b\u6570 \u7528\u4f8b\u6267\u884c\u7ed3\u679c \u53d1\u73b0\u95ee\u9898\u5355\u6570 openEuler 22.03 LTS SP3 OpenStack Train 1303 \u901a\u8fc71238\u4e2a\uff0cskip 65\u4e2a\uff0cFail 0\u4e2a 0 openEuler 22.03 LTS SP3 OpenStack Wallaby 1263 \u901a\u8fc71170\u4e2a\uff0cskip 93\u4e2a\uff0cFail 0\u4e2a 1","title":"4.1 \u6d4b\u8bd5\u6267\u884c\u7edf\u8ba1\u6570\u636e"},{"location":"test/openEuler-22.03-LTS-SP3/#42","text":"\u6db5\u76d6\u4e3b\u8981\u7684\u6027\u80fd\u6d4b\u8bd5\u3002 \u8986\u76d6\u66f4\u591a\u7684driver/plugin\u6d4b\u8bd5\u3002 \u91cd\u70b9\u6d4b\u8bd5SP3\u65b0\u589eOpenStack\u670d\u52a1\uff0c\u5c3d\u65e9\u53d1\u73b0\u95ee\u9898\uff0c\u89e3\u51b3\u95ee\u9898\u3002","title":"4.2 \u540e\u7eed\u6d4b\u8bd5\u5efa\u8bae"},{"location":"test/openEuler-22.03-LTS-SP3/#5","text":"N/A","title":"5 \u9644\u4ef6"},{"location":"test/openEuler-22.03-LTS-SP4/","text":"openEuler 22.03 LTS SP4\u6d4b\u8bd5\u62a5\u544a \u00b6 \u7248\u6743\u6240\u6709 \u00a9 2023 openEuler\u793e\u533a \u60a8\u5bf9\u201c\u672c\u6587\u6863\u201d\u7684\u590d\u5236\u3001\u4f7f\u7528\u3001\u4fee\u6539\u53ca\u5206\u53d1\u53d7\u77e5\u8bc6\u5171\u4eab(Creative Commons)\u7f72\u540d\u2014\u76f8\u540c\u65b9\u5f0f\u5171\u4eab4.0\u56fd\u9645\u516c\u5171\u8bb8\u53ef\u534f\u8bae(\u4ee5\u4e0b\u7b80\u79f0\u201cCC BY-SA 4.0\u201d)\u7684\u7ea6\u675f\u3002\u4e3a\u4e86\u65b9\u4fbf\u7528\u6237\u7406\u89e3\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95eehttps://creativecommons.org/licenses/by-sa/4.0/ \u4e86\u89e3CC BY-SA 4.0\u7684\u6982\u8981 (\u4f46\u4e0d\u662f\u66ff\u4ee3)\u3002CC BY-SA 4.0\u7684\u5b8c\u6574\u534f\u8bae\u5185\u5bb9\u60a8\u53ef\u4ee5\u8bbf\u95ee\u5982\u4e0b\u7f51\u5740\u83b7\u53d6\uff1ahttps://creativecommons.org/licenses/by-sa/4.0/legalcode\u3002 \u4fee\u8ba2\u8bb0\u5f55 \u65e5\u671f \u4fee\u8ba2\u7248\u672c \u4fee\u6539\u63cf\u8ff0 \u4f5c\u8005 2024-06-21 1 \u521d\u7a3f \u738b\u9759 \u5173\u952e\u8bcd\uff1a OpenStack \u6458\u8981\uff1a \u5728 openEuler 22.03 LTS SP4 \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Train \u3001 OpenStack Wallaby \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u65b9\u4fbf\u7528\u6237\u5feb\u901f\u90e8\u7f72 OpenStack \u3002 \u7f29\u7565\u8bed\u6e05\u5355\uff1a \u7f29\u7565\u8bed \u82f1\u6587\u5168\u540d \u4e2d\u6587\u89e3\u91ca CLI Command Line Interface \u547d\u4ee4\u884c\u5de5\u5177 ECS Elastic Cloud Server \u5f39\u6027\u4e91\u670d\u52a1\u5668 1 \u7279\u6027\u6982\u8ff0 \u00b6 \u5728 openEuler 22.03 LTS SP4 \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Train \u3001 OpenStack Wallaby \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u5305\u62ec\u4ee5\u4e0b\u9879\u76ee\u4ee5\u53ca\u6bcf\u4e2a\u9879\u76ee\u914d\u5957\u7684 CLI \u3002 Keystone Neutron Cinder Nova Placement Glance Horizon Aodh Ceilometer Cyborg Gnocchi Heat Swift Ironic Kolla Trove Tempest Barbican Octavia designate Manila Masakari Mistral Senlin Zaqar 2 \u7279\u6027\u6d4b\u8bd5\u4fe1\u606f \u00b6 \u672c\u8282\u63cf\u8ff0\u88ab\u6d4b\u5bf9\u8c61\u7684\u7248\u672c\u4fe1\u606f\u548c\u6d4b\u8bd5\u7684\u65f6\u95f4\u53ca\u6d4b\u8bd5\u8f6e\u6b21\uff0c\u5305\u62ec\u4f9d\u8d56\u7684\u786c\u4ef6\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u8d77\u59cb\u65f6\u95f4 \u6d4b\u8bd5\u7ed3\u675f\u65f6\u95f4 openEuler 22.03 LTS SP4 RC1 (OpenStack Train\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2024.04.23 2024.04.27 openEuler 22.03 LTS SP4 RC1 (OpenStack Train\u7248\u672c\u57fa\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2024.04.28 2024.05.09 openEuler 22.03 LTS SP4 RC2 (OpenStack Train\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2024.05.09 2024.05.16 openEuler 22.03 LTS SP4 RC3 (OpenStack Train\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2024.05.17 2024.05.21 openEuler 22.03 LTS SP4 RC3 (OpenStack Wallaby\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2024.05.22 2024.05.25 openEuler 22.03 LTS SP4 RC3 (OpenStack Wallaby\u57fa\u7248\u672c\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2024.05.27 2024.05.30 openEuler 22.03 LTS SP4 RC4 (OpenStack Wallaby\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2024.06.01 2024.06.07 openEuler 22.03 LTS SP4 RC4 (OpenStack Wallaby\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2024.06.08 2024.06.19 \u63cf\u8ff0\u7279\u6027\u6d4b\u8bd5\u7684\u786c\u4ef6\u73af\u5883\u4fe1\u606f \u786c\u4ef6\u578b\u53f7 \u786c\u4ef6\u914d\u7f6e\u4fe1\u606f \u5907\u6ce8 \u534e\u4e3a\u4e91ECS Intel Cascade Lake 3.0GHz 8U16G \u534e\u4e3a\u4e91x86\u865a\u62df\u673a \u534e\u4e3a\u4e91ECS Huawei Kunpeng 920 2.6GHz 8U16G \u534e\u4e3a\u4e91arm64\u865a\u62df\u673a 3 \u6d4b\u8bd5\u7ed3\u8bba\u6982\u8ff0 \u00b6 3.1 \u6d4b\u8bd5\u6574\u4f53\u7ed3\u8bba \u00b6 OpenStack Train \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1420 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86 API \u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 66 \u4e2a\uff08\u5168\u662f OpenStack Train \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982Keystone V1\u3001Cinder V1\u7b49\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff0c\u5176\u4ed6 1354 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 OpenStack Wallaby \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1436 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86API\u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 95 \u4e2a\uff08\u5168\u662f OpenStack Wallaby \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982KeystoneV1\u3001Cinder V1\u7b49\uff0c\u548c\u4e0d\u652f\u6301\u7684barbican\u9879\u76ee\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff0c\u5176\u4ed6 1341 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 \u6d4b\u8bd5\u6d3b\u52a8 tempest\u96c6\u6210\u6d4b\u8bd5 \u63a5\u53e3\u6d4b\u8bd5 API\u5168\u8986\u76d6 \u529f\u80fd\u6d4b\u8bd5 Train\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1420\u4e2a\uff0c\u5176\u4e2dSkip 66\u4e2a\uff0cFail 0\u4e2a\uff0c\u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u529f\u80fd\u6d4b\u8bd5 Wallaby\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1436\u4e2a\uff0c\u5176\u4e2dSkip 95\u4e2a\uff0cFail 0\u4e2a, \u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u6d4b\u8bd5\u6d3b\u52a8 \u529f\u80fd\u6d4b\u8bd5 \u529f\u80fd\u6d4b\u8bd5 \u865a\u62df\u673a\uff08KVM\u3001Qemu)\u3001\u5b58\u50a8\uff08lvm\u3001NFS\u3001Ceph\u540e\u7aef\uff09\u3001\u7f51\u7edc\u8d44\u6e90\uff08linuxbridge\u3001openvswitch\uff09\u7ba1\u7406\u64cd\u4f5c\u6b63\u5e38 3.2 \u7ea6\u675f\u8bf4\u660e \u00b6 \u672c\u6b21\u6d4b\u8bd5\u6ca1\u6709\u8986\u76d6 OpenStack Train \u3001 OpenStack Wallaby \u7248\u4e2d\u660e\u786e\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff0c\u56e0\u6b64\u4e0d\u80fd\u4fdd\u8bc1\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff08\u524d\u6587\u63d0\u5230\u7684Skip\u7684\u7528\u4f8b\uff09\u5728 openEuler 22.03 LTS SP4 \u4e0a\u80fd\u6b63\u5e38\u4f7f\u7528\u3002 3.3 \u9057\u7559\u95ee\u9898\u5206\u6790 \u00b6 3.3.1 \u9057\u7559\u95ee\u9898\u5f71\u54cd\u4ee5\u53ca\u89c4\u907f\u63aa\u65bd \u00b6 \u95ee\u9898\u5355\u53f7 \u95ee\u9898\u63cf\u8ff0 \u95ee\u9898\u7ea7\u522b \u95ee\u9898\u5f71\u54cd\u548c\u89c4\u907f\u63aa\u65bd \u5f53\u524d\u72b6\u6001 N/A N/A N/A N/A N/A 3.3.2 \u95ee\u9898\u7edf\u8ba1 \u00b6 \u95ee\u9898\u603b\u6570 \u4e25\u91cd \u4e3b\u8981 \u6b21\u8981 \u4e0d\u91cd\u8981 \u6570\u76ee 1 0 1 0 0 \u767e\u5206\u6bd4 100 0 100 0 0 ISSUE Link 4 \u6d4b\u8bd5\u6267\u884c \u00b6 4.1 \u6d4b\u8bd5\u6267\u884c\u7edf\u8ba1\u6570\u636e \u00b6 \u672c\u8282\u5185\u5bb9\u6839\u636e\u6d4b\u8bd5\u7528\u4f8b\u53ca\u5b9e\u9645\u6267\u884c\u60c5\u51b5\u8fdb\u884c\u7279\u6027\u6574\u4f53\u6d4b\u8bd5\u7684\u7edf\u8ba1\uff0c\u53ef\u6839\u636e\u7b2c\u4e8c\u7ae0\u7684\u6d4b\u8bd5\u8f6e\u6b21\u5206\u5f00\u8fdb\u884c\u7edf\u8ba1\u8bf4\u660e\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u7528\u4f8b\u6570 \u7528\u4f8b\u6267\u884c\u7ed3\u679c \u53d1\u73b0\u95ee\u9898\u5355\u6570 openEuler 22.03 LTS SP4 OpenStack Train 1420 \u901a\u8fc71354\u4e2a\uff0cskip 66\u4e2a\uff0cFail 0\u4e2a 0 openEuler 22.03 LTS SP4 OpenStack Wallaby 1436 \u901a\u8fc71431\u4e2a\uff0cskip 95\u4e2a\uff0cFail 0\u4e2a 0 4.2 \u540e\u7eed\u6d4b\u8bd5\u5efa\u8bae \u00b6 \u6db5\u76d6\u4e3b\u8981\u7684\u6027\u80fd\u6d4b\u8bd5\u3002 \u8986\u76d6\u66f4\u591a\u7684driver/plugin\u6d4b\u8bd5\u3002 \u91cd\u70b9\u6d4b\u8bd5SP4\u65b0\u589eOpenStack\u670d\u52a1\uff0c\u5c3d\u65e9\u53d1\u73b0\u95ee\u9898\uff0c\u89e3\u51b3\u95ee\u9898\u3002 5 \u9644\u4ef6 \u00b6 N/A","title":"openEuler-22.03-LTS-SP4"},{"location":"test/openEuler-22.03-LTS-SP4/#openeuler-2203-lts-sp4","text":"\u7248\u6743\u6240\u6709 \u00a9 2023 openEuler\u793e\u533a \u60a8\u5bf9\u201c\u672c\u6587\u6863\u201d\u7684\u590d\u5236\u3001\u4f7f\u7528\u3001\u4fee\u6539\u53ca\u5206\u53d1\u53d7\u77e5\u8bc6\u5171\u4eab(Creative Commons)\u7f72\u540d\u2014\u76f8\u540c\u65b9\u5f0f\u5171\u4eab4.0\u56fd\u9645\u516c\u5171\u8bb8\u53ef\u534f\u8bae(\u4ee5\u4e0b\u7b80\u79f0\u201cCC BY-SA 4.0\u201d)\u7684\u7ea6\u675f\u3002\u4e3a\u4e86\u65b9\u4fbf\u7528\u6237\u7406\u89e3\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95eehttps://creativecommons.org/licenses/by-sa/4.0/ \u4e86\u89e3CC BY-SA 4.0\u7684\u6982\u8981 (\u4f46\u4e0d\u662f\u66ff\u4ee3)\u3002CC BY-SA 4.0\u7684\u5b8c\u6574\u534f\u8bae\u5185\u5bb9\u60a8\u53ef\u4ee5\u8bbf\u95ee\u5982\u4e0b\u7f51\u5740\u83b7\u53d6\uff1ahttps://creativecommons.org/licenses/by-sa/4.0/legalcode\u3002 \u4fee\u8ba2\u8bb0\u5f55 \u65e5\u671f \u4fee\u8ba2\u7248\u672c \u4fee\u6539\u63cf\u8ff0 \u4f5c\u8005 2024-06-21 1 \u521d\u7a3f \u738b\u9759 \u5173\u952e\u8bcd\uff1a OpenStack \u6458\u8981\uff1a \u5728 openEuler 22.03 LTS SP4 \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Train \u3001 OpenStack Wallaby \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u65b9\u4fbf\u7528\u6237\u5feb\u901f\u90e8\u7f72 OpenStack \u3002 \u7f29\u7565\u8bed\u6e05\u5355\uff1a \u7f29\u7565\u8bed \u82f1\u6587\u5168\u540d \u4e2d\u6587\u89e3\u91ca CLI Command Line Interface \u547d\u4ee4\u884c\u5de5\u5177 ECS Elastic Cloud Server \u5f39\u6027\u4e91\u670d\u52a1\u5668","title":"openEuler 22.03 LTS SP4\u6d4b\u8bd5\u62a5\u544a"},{"location":"test/openEuler-22.03-LTS-SP4/#1","text":"\u5728 openEuler 22.03 LTS SP4 \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Train \u3001 OpenStack Wallaby \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u5305\u62ec\u4ee5\u4e0b\u9879\u76ee\u4ee5\u53ca\u6bcf\u4e2a\u9879\u76ee\u914d\u5957\u7684 CLI \u3002 Keystone Neutron Cinder Nova Placement Glance Horizon Aodh Ceilometer Cyborg Gnocchi Heat Swift Ironic Kolla Trove Tempest Barbican Octavia designate Manila Masakari Mistral Senlin Zaqar","title":"1 \u7279\u6027\u6982\u8ff0"},{"location":"test/openEuler-22.03-LTS-SP4/#2","text":"\u672c\u8282\u63cf\u8ff0\u88ab\u6d4b\u5bf9\u8c61\u7684\u7248\u672c\u4fe1\u606f\u548c\u6d4b\u8bd5\u7684\u65f6\u95f4\u53ca\u6d4b\u8bd5\u8f6e\u6b21\uff0c\u5305\u62ec\u4f9d\u8d56\u7684\u786c\u4ef6\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u8d77\u59cb\u65f6\u95f4 \u6d4b\u8bd5\u7ed3\u675f\u65f6\u95f4 openEuler 22.03 LTS SP4 RC1 (OpenStack Train\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2024.04.23 2024.04.27 openEuler 22.03 LTS SP4 RC1 (OpenStack Train\u7248\u672c\u57fa\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2024.04.28 2024.05.09 openEuler 22.03 LTS SP4 RC2 (OpenStack Train\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2024.05.09 2024.05.16 openEuler 22.03 LTS SP4 RC3 (OpenStack Train\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2024.05.17 2024.05.21 openEuler 22.03 LTS SP4 RC3 (OpenStack Wallaby\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2024.05.22 2024.05.25 openEuler 22.03 LTS SP4 RC3 (OpenStack Wallaby\u57fa\u7248\u672c\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2024.05.27 2024.05.30 openEuler 22.03 LTS SP4 RC4 (OpenStack Wallaby\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2024.06.01 2024.06.07 openEuler 22.03 LTS SP4 RC4 (OpenStack Wallaby\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2024.06.08 2024.06.19 \u63cf\u8ff0\u7279\u6027\u6d4b\u8bd5\u7684\u786c\u4ef6\u73af\u5883\u4fe1\u606f \u786c\u4ef6\u578b\u53f7 \u786c\u4ef6\u914d\u7f6e\u4fe1\u606f \u5907\u6ce8 \u534e\u4e3a\u4e91ECS Intel Cascade Lake 3.0GHz 8U16G \u534e\u4e3a\u4e91x86\u865a\u62df\u673a \u534e\u4e3a\u4e91ECS Huawei Kunpeng 920 2.6GHz 8U16G \u534e\u4e3a\u4e91arm64\u865a\u62df\u673a","title":"2 \u7279\u6027\u6d4b\u8bd5\u4fe1\u606f"},{"location":"test/openEuler-22.03-LTS-SP4/#3","text":"","title":"3 \u6d4b\u8bd5\u7ed3\u8bba\u6982\u8ff0"},{"location":"test/openEuler-22.03-LTS-SP4/#31","text":"OpenStack Train \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1420 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86 API \u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 66 \u4e2a\uff08\u5168\u662f OpenStack Train \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982Keystone V1\u3001Cinder V1\u7b49\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff0c\u5176\u4ed6 1354 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 OpenStack Wallaby \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1436 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86API\u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 95 \u4e2a\uff08\u5168\u662f OpenStack Wallaby \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982KeystoneV1\u3001Cinder V1\u7b49\uff0c\u548c\u4e0d\u652f\u6301\u7684barbican\u9879\u76ee\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff0c\u5176\u4ed6 1341 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 \u6d4b\u8bd5\u6d3b\u52a8 tempest\u96c6\u6210\u6d4b\u8bd5 \u63a5\u53e3\u6d4b\u8bd5 API\u5168\u8986\u76d6 \u529f\u80fd\u6d4b\u8bd5 Train\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1420\u4e2a\uff0c\u5176\u4e2dSkip 66\u4e2a\uff0cFail 0\u4e2a\uff0c\u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u529f\u80fd\u6d4b\u8bd5 Wallaby\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1436\u4e2a\uff0c\u5176\u4e2dSkip 95\u4e2a\uff0cFail 0\u4e2a, \u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u6d4b\u8bd5\u6d3b\u52a8 \u529f\u80fd\u6d4b\u8bd5 \u529f\u80fd\u6d4b\u8bd5 \u865a\u62df\u673a\uff08KVM\u3001Qemu)\u3001\u5b58\u50a8\uff08lvm\u3001NFS\u3001Ceph\u540e\u7aef\uff09\u3001\u7f51\u7edc\u8d44\u6e90\uff08linuxbridge\u3001openvswitch\uff09\u7ba1\u7406\u64cd\u4f5c\u6b63\u5e38","title":"3.1 \u6d4b\u8bd5\u6574\u4f53\u7ed3\u8bba"},{"location":"test/openEuler-22.03-LTS-SP4/#32","text":"\u672c\u6b21\u6d4b\u8bd5\u6ca1\u6709\u8986\u76d6 OpenStack Train \u3001 OpenStack Wallaby \u7248\u4e2d\u660e\u786e\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff0c\u56e0\u6b64\u4e0d\u80fd\u4fdd\u8bc1\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff08\u524d\u6587\u63d0\u5230\u7684Skip\u7684\u7528\u4f8b\uff09\u5728 openEuler 22.03 LTS SP4 \u4e0a\u80fd\u6b63\u5e38\u4f7f\u7528\u3002","title":"3.2 \u7ea6\u675f\u8bf4\u660e"},{"location":"test/openEuler-22.03-LTS-SP4/#33","text":"","title":"3.3 \u9057\u7559\u95ee\u9898\u5206\u6790"},{"location":"test/openEuler-22.03-LTS-SP4/#331","text":"\u95ee\u9898\u5355\u53f7 \u95ee\u9898\u63cf\u8ff0 \u95ee\u9898\u7ea7\u522b \u95ee\u9898\u5f71\u54cd\u548c\u89c4\u907f\u63aa\u65bd \u5f53\u524d\u72b6\u6001 N/A N/A N/A N/A N/A","title":"3.3.1 \u9057\u7559\u95ee\u9898\u5f71\u54cd\u4ee5\u53ca\u89c4\u907f\u63aa\u65bd"},{"location":"test/openEuler-22.03-LTS-SP4/#332","text":"\u95ee\u9898\u603b\u6570 \u4e25\u91cd \u4e3b\u8981 \u6b21\u8981 \u4e0d\u91cd\u8981 \u6570\u76ee 1 0 1 0 0 \u767e\u5206\u6bd4 100 0 100 0 0 ISSUE Link","title":"3.3.2 \u95ee\u9898\u7edf\u8ba1"},{"location":"test/openEuler-22.03-LTS-SP4/#4","text":"","title":"4 \u6d4b\u8bd5\u6267\u884c"},{"location":"test/openEuler-22.03-LTS-SP4/#41","text":"\u672c\u8282\u5185\u5bb9\u6839\u636e\u6d4b\u8bd5\u7528\u4f8b\u53ca\u5b9e\u9645\u6267\u884c\u60c5\u51b5\u8fdb\u884c\u7279\u6027\u6574\u4f53\u6d4b\u8bd5\u7684\u7edf\u8ba1\uff0c\u53ef\u6839\u636e\u7b2c\u4e8c\u7ae0\u7684\u6d4b\u8bd5\u8f6e\u6b21\u5206\u5f00\u8fdb\u884c\u7edf\u8ba1\u8bf4\u660e\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u7528\u4f8b\u6570 \u7528\u4f8b\u6267\u884c\u7ed3\u679c \u53d1\u73b0\u95ee\u9898\u5355\u6570 openEuler 22.03 LTS SP4 OpenStack Train 1420 \u901a\u8fc71354\u4e2a\uff0cskip 66\u4e2a\uff0cFail 0\u4e2a 0 openEuler 22.03 LTS SP4 OpenStack Wallaby 1436 \u901a\u8fc71431\u4e2a\uff0cskip 95\u4e2a\uff0cFail 0\u4e2a 0","title":"4.1 \u6d4b\u8bd5\u6267\u884c\u7edf\u8ba1\u6570\u636e"},{"location":"test/openEuler-22.03-LTS-SP4/#42","text":"\u6db5\u76d6\u4e3b\u8981\u7684\u6027\u80fd\u6d4b\u8bd5\u3002 \u8986\u76d6\u66f4\u591a\u7684driver/plugin\u6d4b\u8bd5\u3002 \u91cd\u70b9\u6d4b\u8bd5SP4\u65b0\u589eOpenStack\u670d\u52a1\uff0c\u5c3d\u65e9\u53d1\u73b0\u95ee\u9898\uff0c\u89e3\u51b3\u95ee\u9898\u3002","title":"4.2 \u540e\u7eed\u6d4b\u8bd5\u5efa\u8bae"},{"location":"test/openEuler-22.03-LTS-SP4/#5","text":"N/A","title":"5 \u9644\u4ef6"},{"location":"test/openEuler-22.03-LTS/","text":"openEuler 22.03 LTS \u6d4b\u8bd5\u62a5\u544a \u00b6 \u7248\u6743\u6240\u6709 \u00a9 2021 openEuler\u793e\u533a \u60a8\u5bf9\u201c\u672c\u6587\u6863\u201d\u7684\u590d\u5236\u3001\u4f7f\u7528\u3001\u4fee\u6539\u53ca\u5206\u53d1\u53d7\u77e5\u8bc6\u5171\u4eab(Creative Commons)\u7f72\u540d\u2014\u76f8\u540c\u65b9\u5f0f\u5171\u4eab4.0\u56fd\u9645\u516c\u5171\u8bb8\u53ef\u534f\u8bae(\u4ee5\u4e0b\u7b80\u79f0\u201cCC BY-SA 4.0\u201d)\u7684\u7ea6\u675f\u3002\u4e3a\u4e86\u65b9\u4fbf\u7528\u6237\u7406\u89e3\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95ee https://creativecommons.org/licenses/by-sa/4.0/ \u4e86\u89e3CC BY-SA 4.0\u7684\u6982\u8981 (\u4f46\u4e0d\u662f\u66ff\u4ee3)\u3002CC BY-SA 4.0\u7684\u5b8c\u6574\u534f\u8bae\u5185\u5bb9\u60a8\u53ef\u4ee5\u8bbf\u95ee\u5982\u4e0b\u7f51\u5740\u83b7\u53d6\uff1a https://creativecommons.org/licenses/by-sa/4.0/legalcode\u3002 \u4fee\u8ba2\u8bb0\u5f55 \u65e5\u671f \u4fee\u8ba2\u7248\u672c \u4fee\u6539\u63cf\u8ff0 \u4f5c\u8005 2022-03-21 1 \u521d\u7a3f \u674e\u4f73\u4f1f \u5173\u952e\u8bcd\uff1a OpenStack \u6458\u8981\uff1a \u5728 openEuler 22.03 LTS \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Train \u3001 OpenStack Wallaby \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u65b9\u4fbf\u7528\u6237\u5feb\u901f\u90e8\u7f72 OpenStack \u3002 \u7f29\u7565\u8bed\u6e05\u5355\uff1a \u7f29\u7565\u8bed \u82f1\u6587\u5168\u540d \u4e2d\u6587\u89e3\u91ca CLI Command Line Interface \u547d\u4ee4\u884c\u5de5\u5177 ECS Elastic Cloud Server \u5f39\u6027\u4e91\u670d\u52a1\u5668 1 \u7279\u6027\u6982\u8ff0 \u00b6 \u5728 openEuler 22.03 LTS \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Train \u3001 OpenStack Wallaby \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u5305\u62ec\u4ee5\u4e0b\u9879\u76ee\u4ee5\u53ca\u6bcf\u4e2a\u9879\u76ee\u914d\u5957\u7684 CLI \u3002 Keystone Neutron Cinder Nova Placement Glance Horizon Aodh Ceilometer Cyborg Gnocchi Heat Swift Ironic Kolla Trove Tempest 2 \u7279\u6027\u6d4b\u8bd5\u4fe1\u606f \u00b6 \u672c\u8282\u63cf\u8ff0\u88ab\u6d4b\u5bf9\u8c61\u7684\u7248\u672c\u4fe1\u606f\u548c\u6d4b\u8bd5\u7684\u65f6\u95f4\u53ca\u6d4b\u8bd5\u8f6e\u6b21\uff0c\u5305\u62ec\u4f9d\u8d56\u7684\u786c\u4ef6\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u8d77\u59cb\u65f6\u95f4 \u6d4b\u8bd5\u7ed3\u675f\u65f6\u95f4 openEuler 22.03 LTS RC1 (OpenStack Train\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2022.02.20 2022.02.27 openEuler 22.03 LTS RC1 (OpenStack Train\u7248\u672c\u57fa\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2022.02.28 2022.03.03 openEuler 22.03 LTS RC2 (OpenStack Train\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2022.03.04 2022.03.07 openEuler 22.03 LTS RC3 (OpenStack Train\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2022.03.08 2022.03.09 openEuler 22.03 LTS RC3 (OpenStack Wallaby\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2022.03.10 2022.03.15 openEuler 22.03 LTS RC3 (OpenStack Wallaby\u57fa\u7248\u672c\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2022.03.16 2022.03.19 openEuler 22.03 LTS RC4 (OpenStack Wallaby\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2022.03.20 2022.03.21 openEuler 22.03 LTS RC4 (OpenStack Wallaby\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2022.03.21 2022.03.22 \u63cf\u8ff0\u7279\u6027\u6d4b\u8bd5\u7684\u786c\u4ef6\u73af\u5883\u4fe1\u606f \u786c\u4ef6\u578b\u53f7 \u786c\u4ef6\u914d\u7f6e\u4fe1\u606f \u5907\u6ce8 \u534e\u4e3a\u4e91ECS Intel Cascade Lake 3.0GHz 8U16G \u534e\u4e3a\u4e91x86\u865a\u62df\u673a \u534e\u4e3a\u4e91ECS Huawei Kunpeng 920 2.6GHz 8U16G \u534e\u4e3a\u4e91arm64\u865a\u62df\u673a TaiShan 200-2280 Kunpeng 920,48 Core@2.6GHz*2; 256GB DDR4 RAM ARM\u67b6\u6784\u670d\u52a1\u5668 3 \u6d4b\u8bd5\u7ed3\u8bba\u6982\u8ff0 \u00b6 3.1 \u6d4b\u8bd5\u6574\u4f53\u7ed3\u8bba \u00b6 OpenStack Train \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1354 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86 API \u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 64 \u4e2a\uff08\u5168\u662f OpenStack Train \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982Keystone V1\u3001Cinder V1\u7b49\uff09\uff0c\u5931\u8d25\u7528\u4f8b 1 \u4e2a\uff08\u6d4b\u8bd5\u7528\u4f8b\u672c\u8eab\u95ee\u9898\uff09\uff0c\u5176\u4ed6 1289 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 OpenStack Wallaby \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1164 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86API\u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 70 \u4e2a\uff08\u5168\u662f OpenStack Wallaby \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982KeystoneV1\u3001Cinder V1\u7b49\uff0c\u548c\u4e0d\u652f\u6301\u7684barbican\u9879\u76ee\uff09\uff0c\u5931\u8d25\u7528\u4f8b 6 \u4e2a\uff0c\u5176\u4ed6 1088 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 \u6d4b\u8bd5\u6d3b\u52a8 tempest\u96c6\u6210\u6d4b\u8bd5 \u63a5\u53e3\u6d4b\u8bd5 API\u5168\u8986\u76d6 \u529f\u80fd\u6d4b\u8bd5 Train\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1354\u4e2a\uff0c\u5176\u4e2dSkip 64\u4e2a\uff0cFail 1\u4e2a\uff0c\u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u529f\u80fd\u6d4b\u8bd5 Wallaby\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1164\u4e2a\uff0c\u5176\u4e2dSkip 70\u4e2a\uff0cFail 6\u4e2a, \u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u6d4b\u8bd5\u6d3b\u52a8 \u529f\u80fd\u6d4b\u8bd5 \u529f\u80fd\u6d4b\u8bd5 \u865a\u62df\u673a\uff08KVM\u3001Qemu)\u3001\u5b58\u50a8\uff08lvm\u3001NFS\u3001Ceph\u540e\u7aef\uff09\u3001\u7f51\u7edc\u8d44\u6e90\uff08linuxbridge\u3001openvswitch\uff09\u7ba1\u7406\u64cd\u4f5c\u6b63\u5e38 3.2 \u7ea6\u675f\u8bf4\u660e \u00b6 \u672c\u6b21\u6d4b\u8bd5\u6ca1\u6709\u8986\u76d6 OpenStack Train \u3001 OpenStack Wallaby \u7248\u4e2d\u660e\u786e\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff0c\u56e0\u6b64\u4e0d\u80fd\u4fdd\u8bc1\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff08\u524d\u6587\u63d0\u5230\u7684Skip\u7684\u7528\u4f8b\uff09\u5728 openEuler 22.03 LTS \u4e0a\u80fd\u6b63\u5e38\u4f7f\u7528\u3002 3.3 \u9057\u7559\u95ee\u9898\u5206\u6790 \u00b6 3.3.1 \u9057\u7559\u95ee\u9898\u5f71\u54cd\u4ee5\u53ca\u89c4\u907f\u63aa\u65bd \u00b6 \u95ee\u9898\u5355\u53f7 \u95ee\u9898\u63cf\u8ff0 \u95ee\u9898\u7ea7\u522b \u95ee\u9898\u5f71\u54cd\u548c\u89c4\u907f\u63aa\u65bd \u5f53\u524d\u72b6\u6001 N/A N/A N/A N/A N/A 3.3.2 \u95ee\u9898\u7edf\u8ba1 \u00b6 \u95ee\u9898\u603b\u6570 \u4e25\u91cd \u4e3b\u8981 \u6b21\u8981 \u4e0d\u91cd\u8981 \u6570\u76ee 10 2 6 2 0 \u767e\u5206\u6bd4 100 20 60 20 0 4 \u6d4b\u8bd5\u6267\u884c \u00b6 4.1 \u6d4b\u8bd5\u6267\u884c\u7edf\u8ba1\u6570\u636e \u00b6 \u672c\u8282\u5185\u5bb9\u6839\u636e\u6d4b\u8bd5\u7528\u4f8b\u53ca\u5b9e\u9645\u6267\u884c\u60c5\u51b5\u8fdb\u884c\u7279\u6027\u6574\u4f53\u6d4b\u8bd5\u7684\u7edf\u8ba1\uff0c\u53ef\u6839\u636e\u7b2c\u4e8c\u7ae0\u7684\u6d4b\u8bd5\u8f6e\u6b21\u5206\u5f00\u8fdb\u884c\u7edf\u8ba1\u8bf4\u660e\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u7528\u4f8b\u6570 \u7528\u4f8b\u6267\u884c\u7ed3\u679c \u53d1\u73b0\u95ee\u9898\u5355\u6570 openEuler 22.03 LTS OpenStack Train 1354 \u901a\u8fc71289\u4e2a\uff0cskip 64\u4e2a\uff0cFail 1\u4e2a 7 openEuler 22.03 LTS OpenStack Wallaby 1164 \u901a\u8fc71088\u4e2a\uff0cskip 70\u4e2a\uff0cFail 6\u4e2a 3 4.2 \u540e\u7eed\u6d4b\u8bd5\u5efa\u8bae \u00b6 \u6db5\u76d6\u4e3b\u8981\u7684\u6027\u80fd\u6d4b\u8bd5 \u8986\u76d6\u66f4\u591a\u7684driver/plugin\u6d4b\u8bd5 5 \u9644\u4ef6 \u00b6 N/A","title":"openEuler-22.03-LTS"},{"location":"test/openEuler-22.03-LTS/#openeuler-2203-lts","text":"\u7248\u6743\u6240\u6709 \u00a9 2021 openEuler\u793e\u533a \u60a8\u5bf9\u201c\u672c\u6587\u6863\u201d\u7684\u590d\u5236\u3001\u4f7f\u7528\u3001\u4fee\u6539\u53ca\u5206\u53d1\u53d7\u77e5\u8bc6\u5171\u4eab(Creative Commons)\u7f72\u540d\u2014\u76f8\u540c\u65b9\u5f0f\u5171\u4eab4.0\u56fd\u9645\u516c\u5171\u8bb8\u53ef\u534f\u8bae(\u4ee5\u4e0b\u7b80\u79f0\u201cCC BY-SA 4.0\u201d)\u7684\u7ea6\u675f\u3002\u4e3a\u4e86\u65b9\u4fbf\u7528\u6237\u7406\u89e3\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95ee https://creativecommons.org/licenses/by-sa/4.0/ \u4e86\u89e3CC BY-SA 4.0\u7684\u6982\u8981 (\u4f46\u4e0d\u662f\u66ff\u4ee3)\u3002CC BY-SA 4.0\u7684\u5b8c\u6574\u534f\u8bae\u5185\u5bb9\u60a8\u53ef\u4ee5\u8bbf\u95ee\u5982\u4e0b\u7f51\u5740\u83b7\u53d6\uff1a https://creativecommons.org/licenses/by-sa/4.0/legalcode\u3002 \u4fee\u8ba2\u8bb0\u5f55 \u65e5\u671f \u4fee\u8ba2\u7248\u672c \u4fee\u6539\u63cf\u8ff0 \u4f5c\u8005 2022-03-21 1 \u521d\u7a3f \u674e\u4f73\u4f1f \u5173\u952e\u8bcd\uff1a OpenStack \u6458\u8981\uff1a \u5728 openEuler 22.03 LTS \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Train \u3001 OpenStack Wallaby \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u65b9\u4fbf\u7528\u6237\u5feb\u901f\u90e8\u7f72 OpenStack \u3002 \u7f29\u7565\u8bed\u6e05\u5355\uff1a \u7f29\u7565\u8bed \u82f1\u6587\u5168\u540d \u4e2d\u6587\u89e3\u91ca CLI Command Line Interface \u547d\u4ee4\u884c\u5de5\u5177 ECS Elastic Cloud Server \u5f39\u6027\u4e91\u670d\u52a1\u5668","title":"openEuler 22.03 LTS \u6d4b\u8bd5\u62a5\u544a"},{"location":"test/openEuler-22.03-LTS/#1","text":"\u5728 openEuler 22.03 LTS \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Train \u3001 OpenStack Wallaby \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u5305\u62ec\u4ee5\u4e0b\u9879\u76ee\u4ee5\u53ca\u6bcf\u4e2a\u9879\u76ee\u914d\u5957\u7684 CLI \u3002 Keystone Neutron Cinder Nova Placement Glance Horizon Aodh Ceilometer Cyborg Gnocchi Heat Swift Ironic Kolla Trove Tempest","title":"1 \u7279\u6027\u6982\u8ff0"},{"location":"test/openEuler-22.03-LTS/#2","text":"\u672c\u8282\u63cf\u8ff0\u88ab\u6d4b\u5bf9\u8c61\u7684\u7248\u672c\u4fe1\u606f\u548c\u6d4b\u8bd5\u7684\u65f6\u95f4\u53ca\u6d4b\u8bd5\u8f6e\u6b21\uff0c\u5305\u62ec\u4f9d\u8d56\u7684\u786c\u4ef6\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u8d77\u59cb\u65f6\u95f4 \u6d4b\u8bd5\u7ed3\u675f\u65f6\u95f4 openEuler 22.03 LTS RC1 (OpenStack Train\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2022.02.20 2022.02.27 openEuler 22.03 LTS RC1 (OpenStack Train\u7248\u672c\u57fa\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2022.02.28 2022.03.03 openEuler 22.03 LTS RC2 (OpenStack Train\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2022.03.04 2022.03.07 openEuler 22.03 LTS RC3 (OpenStack Train\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2022.03.08 2022.03.09 openEuler 22.03 LTS RC3 (OpenStack Wallaby\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2022.03.10 2022.03.15 openEuler 22.03 LTS RC3 (OpenStack Wallaby\u57fa\u7248\u672c\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2022.03.16 2022.03.19 openEuler 22.03 LTS RC4 (OpenStack Wallaby\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2022.03.20 2022.03.21 openEuler 22.03 LTS RC4 (OpenStack Wallaby\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2022.03.21 2022.03.22 \u63cf\u8ff0\u7279\u6027\u6d4b\u8bd5\u7684\u786c\u4ef6\u73af\u5883\u4fe1\u606f \u786c\u4ef6\u578b\u53f7 \u786c\u4ef6\u914d\u7f6e\u4fe1\u606f \u5907\u6ce8 \u534e\u4e3a\u4e91ECS Intel Cascade Lake 3.0GHz 8U16G \u534e\u4e3a\u4e91x86\u865a\u62df\u673a \u534e\u4e3a\u4e91ECS Huawei Kunpeng 920 2.6GHz 8U16G \u534e\u4e3a\u4e91arm64\u865a\u62df\u673a TaiShan 200-2280 Kunpeng 920,48 Core@2.6GHz*2; 256GB DDR4 RAM ARM\u67b6\u6784\u670d\u52a1\u5668","title":"2 \u7279\u6027\u6d4b\u8bd5\u4fe1\u606f"},{"location":"test/openEuler-22.03-LTS/#3","text":"","title":"3 \u6d4b\u8bd5\u7ed3\u8bba\u6982\u8ff0"},{"location":"test/openEuler-22.03-LTS/#31","text":"OpenStack Train \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1354 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86 API \u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 64 \u4e2a\uff08\u5168\u662f OpenStack Train \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982Keystone V1\u3001Cinder V1\u7b49\uff09\uff0c\u5931\u8d25\u7528\u4f8b 1 \u4e2a\uff08\u6d4b\u8bd5\u7528\u4f8b\u672c\u8eab\u95ee\u9898\uff09\uff0c\u5176\u4ed6 1289 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 OpenStack Wallaby \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1164 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86API\u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 70 \u4e2a\uff08\u5168\u662f OpenStack Wallaby \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982KeystoneV1\u3001Cinder V1\u7b49\uff0c\u548c\u4e0d\u652f\u6301\u7684barbican\u9879\u76ee\uff09\uff0c\u5931\u8d25\u7528\u4f8b 6 \u4e2a\uff0c\u5176\u4ed6 1088 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 \u6d4b\u8bd5\u6d3b\u52a8 tempest\u96c6\u6210\u6d4b\u8bd5 \u63a5\u53e3\u6d4b\u8bd5 API\u5168\u8986\u76d6 \u529f\u80fd\u6d4b\u8bd5 Train\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1354\u4e2a\uff0c\u5176\u4e2dSkip 64\u4e2a\uff0cFail 1\u4e2a\uff0c\u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u529f\u80fd\u6d4b\u8bd5 Wallaby\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1164\u4e2a\uff0c\u5176\u4e2dSkip 70\u4e2a\uff0cFail 6\u4e2a, \u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u6d4b\u8bd5\u6d3b\u52a8 \u529f\u80fd\u6d4b\u8bd5 \u529f\u80fd\u6d4b\u8bd5 \u865a\u62df\u673a\uff08KVM\u3001Qemu)\u3001\u5b58\u50a8\uff08lvm\u3001NFS\u3001Ceph\u540e\u7aef\uff09\u3001\u7f51\u7edc\u8d44\u6e90\uff08linuxbridge\u3001openvswitch\uff09\u7ba1\u7406\u64cd\u4f5c\u6b63\u5e38","title":"3.1 \u6d4b\u8bd5\u6574\u4f53\u7ed3\u8bba"},{"location":"test/openEuler-22.03-LTS/#32","text":"\u672c\u6b21\u6d4b\u8bd5\u6ca1\u6709\u8986\u76d6 OpenStack Train \u3001 OpenStack Wallaby \u7248\u4e2d\u660e\u786e\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff0c\u56e0\u6b64\u4e0d\u80fd\u4fdd\u8bc1\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff08\u524d\u6587\u63d0\u5230\u7684Skip\u7684\u7528\u4f8b\uff09\u5728 openEuler 22.03 LTS \u4e0a\u80fd\u6b63\u5e38\u4f7f\u7528\u3002","title":"3.2 \u7ea6\u675f\u8bf4\u660e"},{"location":"test/openEuler-22.03-LTS/#33","text":"","title":"3.3 \u9057\u7559\u95ee\u9898\u5206\u6790"},{"location":"test/openEuler-22.03-LTS/#331","text":"\u95ee\u9898\u5355\u53f7 \u95ee\u9898\u63cf\u8ff0 \u95ee\u9898\u7ea7\u522b \u95ee\u9898\u5f71\u54cd\u548c\u89c4\u907f\u63aa\u65bd \u5f53\u524d\u72b6\u6001 N/A N/A N/A N/A N/A","title":"3.3.1 \u9057\u7559\u95ee\u9898\u5f71\u54cd\u4ee5\u53ca\u89c4\u907f\u63aa\u65bd"},{"location":"test/openEuler-22.03-LTS/#332","text":"\u95ee\u9898\u603b\u6570 \u4e25\u91cd \u4e3b\u8981 \u6b21\u8981 \u4e0d\u91cd\u8981 \u6570\u76ee 10 2 6 2 0 \u767e\u5206\u6bd4 100 20 60 20 0","title":"3.3.2 \u95ee\u9898\u7edf\u8ba1"},{"location":"test/openEuler-22.03-LTS/#4","text":"","title":"4 \u6d4b\u8bd5\u6267\u884c"},{"location":"test/openEuler-22.03-LTS/#41","text":"\u672c\u8282\u5185\u5bb9\u6839\u636e\u6d4b\u8bd5\u7528\u4f8b\u53ca\u5b9e\u9645\u6267\u884c\u60c5\u51b5\u8fdb\u884c\u7279\u6027\u6574\u4f53\u6d4b\u8bd5\u7684\u7edf\u8ba1\uff0c\u53ef\u6839\u636e\u7b2c\u4e8c\u7ae0\u7684\u6d4b\u8bd5\u8f6e\u6b21\u5206\u5f00\u8fdb\u884c\u7edf\u8ba1\u8bf4\u660e\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u7528\u4f8b\u6570 \u7528\u4f8b\u6267\u884c\u7ed3\u679c \u53d1\u73b0\u95ee\u9898\u5355\u6570 openEuler 22.03 LTS OpenStack Train 1354 \u901a\u8fc71289\u4e2a\uff0cskip 64\u4e2a\uff0cFail 1\u4e2a 7 openEuler 22.03 LTS OpenStack Wallaby 1164 \u901a\u8fc71088\u4e2a\uff0cskip 70\u4e2a\uff0cFail 6\u4e2a 3","title":"4.1 \u6d4b\u8bd5\u6267\u884c\u7edf\u8ba1\u6570\u636e"},{"location":"test/openEuler-22.03-LTS/#42","text":"\u6db5\u76d6\u4e3b\u8981\u7684\u6027\u80fd\u6d4b\u8bd5 \u8986\u76d6\u66f4\u591a\u7684driver/plugin\u6d4b\u8bd5","title":"4.2 \u540e\u7eed\u6d4b\u8bd5\u5efa\u8bae"},{"location":"test/openEuler-22.03-LTS/#5","text":"N/A","title":"5 \u9644\u4ef6"},{"location":"test/openEuler-22.09/","text":"openEuler 22.09 OpenStack Yoga + OpenSD + \u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u7279\u6027\u6d4b\u8bd5\u62a5\u544a \u00b6 \u7248\u6743\u6240\u6709 \u00a9 2022 openEuler\u793e\u533a \u60a8\u5bf9\u201c\u672c\u6587\u6863\u201d\u7684\u590d\u5236\u3001\u4f7f\u7528\u3001\u4fee\u6539\u53ca\u5206\u53d1\u53d7\u77e5\u8bc6\u5171\u4eab(Creative Commons)\u7f72\u540d\u2014\u76f8\u540c\u65b9\u5f0f\u5171\u4eab4.0\u56fd\u9645\u516c\u5171\u8bb8\u53ef\u534f\u8bae(\u4ee5\u4e0b\u7b80\u79f0\u201cCC BY-SA 4.0\u201d)\u7684\u7ea6\u675f\u3002\u4e3a\u4e86\u65b9\u4fbf\u7528\u6237\u7406\u89e3\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95ee https://creativecommons.org/licenses/by-sa/4.0/ \u4e86\u89e3CC BY-SA 4.0\u7684\u6982\u8981 (\u4f46\u4e0d\u662f\u66ff\u4ee3)\u3002CC BY-SA 4.0\u7684\u5b8c\u6574\u534f\u8bae\u5185\u5bb9\u60a8\u53ef\u4ee5\u8bbf\u95ee\u5982\u4e0b\u7f51\u5740\u83b7\u53d6\uff1a https://creativecommons.org/licenses/by-sa/4.0/legalcode\u3002 \u4fee\u8ba2\u8bb0\u5f55 \u65e5\u671f \u4fee\u8ba2\u7248\u672c \u4fee\u6539\u63cf\u8ff0 \u4f5c\u8005 2022-09-15 1 \u521d\u7a3f \u97e9\u5149\u5b87 2022-09-16 2 \u683c\u5f0f\u6574\u6539\uff0c\u65b0\u589eopensd\u6d4b\u8bd5\u62a5\u544a,\u65b0\u589e\u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u7279\u6027\u6d4b\u8bd5\u62a5\u544a \u738b\u73ba\u6e90 \u5173\u952e\u8bcd\uff1a OpenStack\u3001opensd \u6458\u8981\uff1a \u5728 openEuler 22.09 \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Yoga \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u65b9\u4fbf\u7528\u6237\u5feb\u901f\u90e8\u7f72 OpenStack \u3002 opensd\u662f\u4e2d\u56fd\u8054\u901a\u5728openEuler\u5f00\u6e90\u7684OpenStack\u90e8\u7f72\u5de5\u5177\uff0c\u5728 openEuler 22.09 \u4e2d\u63d0\u4f9b\u5bf9 OpenStack Yoga \u7684\u652f\u6301\u3002 \u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7 \u7279\u6027\u662fOpenStack SIG\u81ea\u7814\u7684OpenStack\u7279\u6027\uff0c\u8be5\u7279\u6027\u5141\u8bb8\u7528\u6237\u6307\u5b9a\u865a\u62df\u673a\u7684\u4f18\u5148\u7ea7\uff0c\u57fa\u4e8e\u4e0d\u540c\u7684\u4f18\u5148\u7ea7\uff0cOpenStack\u81ea\u52a8\u5206\u914d\u4e0d\u540c\u7684\u7ed1\u6838\u7b56\u7565\uff0c\u914d\u5408openEuler\u81ea\u7814\u7684 skylark QOS\u670d\u52a1\uff0c\u5b9e\u73b0\u9ad8\u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u5bf9\u8d44\u6e90\u7684\u5408\u7406\u4f7f\u7528\u3002 \u7f29\u7565\u8bed\u6e05\u5355\uff1a \u7f29\u7565\u8bed \u82f1\u6587\u5168\u540d \u4e2d\u6587\u89e3\u91ca CLI Command Line Interface \u547d\u4ee4\u884c\u5de5\u5177 ECS Elastic Cloud Server \u5f39\u6027\u4e91\u670d\u52a1\u5668 1 \u7279\u6027\u6982\u8ff0 \u00b6 \u5728 openEuler 22.09 \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Yoga \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u5305\u62ec\u4ee5\u4e0b\u9879\u76ee\u4ee5\u53ca\u6bcf\u4e2a\u9879\u76ee\u914d\u5957\u7684 CLI \u3002 Keystone Neutron Cinder Nova Placement Glance Horizon Aodh Ceilometer Cyborg Gnocchi Heat Swift Ironic Kolla Trove Tempest \u5728 openEuler 22.09 \u7248\u672c\u4e2d\u63d0\u4f9b opensd \u7684\u5b89\u88c5\u5305\u4ee5\u53ca\u5bf9 openEuler \u548c OpenStack Yoga \u7684\u652f\u6301\u80fd\u529b\u3002 \u5728 openEuler 22.09 \u7248\u672c\u4e2d\u63d0\u4f9b openstack-plugin-priority-vm \u5b89\u88c5\u5305\uff0c\u652f\u6301\u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u7279\u6027\u3002 2 \u7279\u6027\u6d4b\u8bd5\u4fe1\u606f \u00b6 \u672c\u8282\u63cf\u8ff0\u88ab\u6d4b\u5bf9\u8c61\u7684\u7248\u672c\u4fe1\u606f\u548c\u6d4b\u8bd5\u7684\u65f6\u95f4\u53ca\u6d4b\u8bd5\u8f6e\u6b21\uff0c\u5305\u62ec\u4f9d\u8d56\u7684\u786c\u4ef6\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u8d77\u59cb\u65f6\u95f4 \u6d4b\u8bd5\u7ed3\u675f\u65f6\u95f4 openEuler 22.09 RC1 (OpenStack Yoga\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5\uff1bopensd\u5b89\u88c5\u80fd\u529b\u6d4b\u8bd5\uff1b\u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u7279\u6027\u5b89\u88c5\u6d4b\u8bd5) 2022.08.10 2022.08.17 openEuler 22.09 RC2 (OpenStack Yoga\u7248\u672c\u57fa\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\u3001\u5377 \u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5\uff1bopensd\u652f\u6301openEuler\u7684\u80fd\u529b\u6d4b\u8bd5\uff1b\u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u7279\u6027\u529f\u80fd\u6d4b\u8bd5) 2022.08.18 2022.08.23 openEuler 22.09 RC3 (OpenStack Yoga\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5\uff1bopensd\u652f\u6301OpenStack Yoga\u7684\u80fd\u529b\u6d4b\u8bd5\uff1b\u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u7279\u6027\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2022.08.24 2022.09.07 openEuler 22.09 RC4 (OpenStack Yoga\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5\uff1bopensd\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2022.09.08 2022.09.15 \u63cf\u8ff0\u7279\u6027\u6d4b\u8bd5\u7684\u786c\u4ef6\u73af\u5883\u4fe1\u606f \u786c\u4ef6\u578b\u53f7 \u786c\u4ef6\u914d\u7f6e\u4fe1\u606f \u5907\u6ce8 \u534e\u4e3a\u4e91ECS Intel Cascade Lake 3.0GHz 8U16G x86\u865a\u62df\u673a \u8054\u901a\u4e91ECS Intel(R) Xeon(R) Silver 4114 2.20GHz 8U16G X86\u865a\u62df\u673a \u534e\u4e3a 2288H V5 Intel Xeon Gold 6146 3.20GHz 48U192G X86\u7269\u7406\u673a \u8054\u901a\u4e91ECS Huawei Kunpeng 920 2.6GHz 4U8G arm64\u865a\u62df\u673a \u98de\u817eS2500 FT-S2500 2.1GHz 8U16G arm64\u865a\u62df\u673a \u98de\u817eS2500 FT-S2500,64 Core@2.1GHz*2; 512GB DDR4 RAM arm64\u7269\u7406\u673a 3 \u6d4b\u8bd5\u7ed3\u8bba\u6982\u8ff0 \u00b6 3.1 \u6d4b\u8bd5\u6574\u4f53\u7ed3\u8bba \u00b6 OpenStack Yoga \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1452 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86 API \u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 95 \u4e2a\uff08 OpenStack Yoga \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982Keystone V1\u3001Cinder V1\u7b49\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff08FLAT\u7f51\u7edc\u672a\u5b9e\u9645\u8054\u901a\u53ca\u5b58\u5728\u4e00\u4e9b\u8d85\u65f6\u95ee\u9898\uff09\uff0c\u5176\u4ed6 1357 \u4e2a\u7528\u4f8b\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 opensd \u652f\u6301 Yoga \u7248\u672c mariadb\u3001rabbitmq\u3001memcached\u3001ceph_client\u3001keystone\u3001glance\u3001cinder\u3001placement\u3001nova\u3001neutron \u517110\u4e2a\u9879\u76ee\u7684\u90e8\u7f72\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\u3002 \u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u7279\u6027 \uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\u3002 \u6d4b\u8bd5\u6d3b\u52a8 tempest\u96c6\u6210\u6d4b\u8bd5 \u63a5\u53e3\u6d4b\u8bd5 API\u5168\u8986\u76d6 \u529f\u80fd\u6d4b\u8bd5 Yoga\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1452\u4e2a\uff0c\u5176\u4e2dSkip 95\u4e2a\uff0cFail 0\u4e2a, \u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u6d4b\u8bd5\u6d3b\u52a8 \u529f\u80fd\u6d4b\u8bd5 \u529f\u80fd\u6d4b\u8bd5 \u865a\u62df\u673a\uff08KVM\u3001Qemu)\u3001\u5b58\u50a8\uff08lvm\u3001NFS\u3001Ceph\u540e\u7aef\uff09\u3001\u7f51\u7edc\u8d44\u6e90\uff08linuxbridge\u3001openvswitch\uff09\u7ba1\u7406\u64cd\u4f5c\u6b63\u5e38 3.2 \u7ea6\u675f\u8bf4\u660e \u00b6 \u672c\u6b21\u6d4b\u8bd5\u6ca1\u6709\u8986\u76d6 OpenStack Yoga \u7248\u4e2d\u660e\u786e\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff0c\u56e0\u6b64\u4e0d\u80fd\u4fdd\u8bc1\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff08\u524d\u6587\u63d0\u5230\u7684Skip\u7684\u7528\u4f8b\uff09\u5728 openEuler 22.09 \u4e0a\u80fd\u6b63\u5e38\u4f7f\u7528\u3002 opensd \u53ea\u652f\u6301\u6d4b\u8bd5\u8303\u56f4\u5185\u7684\u670d\u52a1\u90e8\u7f72\uff0c\u5176\u4ed6\u670d\u52a1\u672a\u7ecf\u8fc7\u6d4b\u8bd5\uff0c\u4e0d\u4fdd\u8bc1\u8d28\u91cf\u3002 \u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u7279\u6027 \u9700\u8981\u914d\u5408openEuelr 22.09 skylark\u670d\u52a1\u4f7f\u7528\u3002 3.3 \u9057\u7559\u95ee\u9898\u5206\u6790 \u00b6 3.3.1 \u9057\u7559\u95ee\u9898\u5f71\u54cd\u4ee5\u53ca\u89c4\u907f\u63aa\u65bd \u00b6 \u95ee\u9898\u5355\u53f7 \u95ee\u9898\u63cf\u8ff0 \u95ee\u9898\u7ea7\u522b \u95ee\u9898\u5f71\u54cd\u548c\u89c4\u907f\u63aa\u65bd \u5f53\u524d\u72b6\u6001 N/A N/A N/A N/A N/A 3.3.2 \u95ee\u9898\u7edf\u8ba1 \u00b6 \u95ee\u9898\u603b\u6570 \u4e25\u91cd \u4e3b\u8981 \u6b21\u8981 \u4e0d\u91cd\u8981 \u6570\u76ee 4 1 2 1 0 \u767e\u5206\u6bd4 100 25 59 25 0 4 \u6d4b\u8bd5\u6267\u884c \u00b6 4.1 \u6d4b\u8bd5\u6267\u884c\u7edf\u8ba1\u6570\u636e \u00b6 \u672c\u8282\u5185\u5bb9\u6839\u636e\u6d4b\u8bd5\u7528\u4f8b\u53ca\u5b9e\u9645\u6267\u884c\u60c5\u51b5\u8fdb\u884c\u7279\u6027\u6574\u4f53\u6d4b\u8bd5\u7684\u7edf\u8ba1\uff0c\u53ef\u6839\u636e\u7b2c\u4e8c\u7ae0\u7684\u6d4b\u8bd5\u8f6e\u6b21\u5206\u5f00\u8fdb\u884c\u7edf\u8ba1\u8bf4\u660e\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u7528\u4f8b\u6570 \u7528\u4f8b\u6267\u884c\u7ed3\u679c \u53d1\u73b0\u95ee\u9898\u5355\u6570 openEuler 22.09 OpenStack Yoga 1452 \u901a\u8fc71357\u4e2a\uff0cskip 95\u4e2a\uff0cFail 0\u4e2a 3 4.2 \u540e\u7eed\u6d4b\u8bd5\u5efa\u8bae \u00b6 \u6db5\u76d6\u4e3b\u8981\u7684\u6027\u80fd\u6d4b\u8bd5 \u8986\u76d6\u66f4\u591a\u7684driver/plugin\u6d4b\u8bd5 opensd\u6d4b\u8bd5\u9a8c\u8bc1\u66f4\u591aOpenStack\u670d\u52a1\u3002 5 \u9644\u4ef6 \u00b6 N/A","title":"openEuler-22.09"},{"location":"test/openEuler-22.09/#openeuler-2209-openstack-yoga-opensd","text":"\u7248\u6743\u6240\u6709 \u00a9 2022 openEuler\u793e\u533a \u60a8\u5bf9\u201c\u672c\u6587\u6863\u201d\u7684\u590d\u5236\u3001\u4f7f\u7528\u3001\u4fee\u6539\u53ca\u5206\u53d1\u53d7\u77e5\u8bc6\u5171\u4eab(Creative Commons)\u7f72\u540d\u2014\u76f8\u540c\u65b9\u5f0f\u5171\u4eab4.0\u56fd\u9645\u516c\u5171\u8bb8\u53ef\u534f\u8bae(\u4ee5\u4e0b\u7b80\u79f0\u201cCC BY-SA 4.0\u201d)\u7684\u7ea6\u675f\u3002\u4e3a\u4e86\u65b9\u4fbf\u7528\u6237\u7406\u89e3\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95ee https://creativecommons.org/licenses/by-sa/4.0/ \u4e86\u89e3CC BY-SA 4.0\u7684\u6982\u8981 (\u4f46\u4e0d\u662f\u66ff\u4ee3)\u3002CC BY-SA 4.0\u7684\u5b8c\u6574\u534f\u8bae\u5185\u5bb9\u60a8\u53ef\u4ee5\u8bbf\u95ee\u5982\u4e0b\u7f51\u5740\u83b7\u53d6\uff1a https://creativecommons.org/licenses/by-sa/4.0/legalcode\u3002 \u4fee\u8ba2\u8bb0\u5f55 \u65e5\u671f \u4fee\u8ba2\u7248\u672c \u4fee\u6539\u63cf\u8ff0 \u4f5c\u8005 2022-09-15 1 \u521d\u7a3f \u97e9\u5149\u5b87 2022-09-16 2 \u683c\u5f0f\u6574\u6539\uff0c\u65b0\u589eopensd\u6d4b\u8bd5\u62a5\u544a,\u65b0\u589e\u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u7279\u6027\u6d4b\u8bd5\u62a5\u544a \u738b\u73ba\u6e90 \u5173\u952e\u8bcd\uff1a OpenStack\u3001opensd \u6458\u8981\uff1a \u5728 openEuler 22.09 \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Yoga \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u65b9\u4fbf\u7528\u6237\u5feb\u901f\u90e8\u7f72 OpenStack \u3002 opensd\u662f\u4e2d\u56fd\u8054\u901a\u5728openEuler\u5f00\u6e90\u7684OpenStack\u90e8\u7f72\u5de5\u5177\uff0c\u5728 openEuler 22.09 \u4e2d\u63d0\u4f9b\u5bf9 OpenStack Yoga \u7684\u652f\u6301\u3002 \u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7 \u7279\u6027\u662fOpenStack SIG\u81ea\u7814\u7684OpenStack\u7279\u6027\uff0c\u8be5\u7279\u6027\u5141\u8bb8\u7528\u6237\u6307\u5b9a\u865a\u62df\u673a\u7684\u4f18\u5148\u7ea7\uff0c\u57fa\u4e8e\u4e0d\u540c\u7684\u4f18\u5148\u7ea7\uff0cOpenStack\u81ea\u52a8\u5206\u914d\u4e0d\u540c\u7684\u7ed1\u6838\u7b56\u7565\uff0c\u914d\u5408openEuler\u81ea\u7814\u7684 skylark QOS\u670d\u52a1\uff0c\u5b9e\u73b0\u9ad8\u4f4e\u4f18\u5148\u7ea7\u865a\u62df\u673a\u5bf9\u8d44\u6e90\u7684\u5408\u7406\u4f7f\u7528\u3002 \u7f29\u7565\u8bed\u6e05\u5355\uff1a \u7f29\u7565\u8bed \u82f1\u6587\u5168\u540d \u4e2d\u6587\u89e3\u91ca CLI Command Line Interface \u547d\u4ee4\u884c\u5de5\u5177 ECS Elastic Cloud Server \u5f39\u6027\u4e91\u670d\u52a1\u5668","title":"openEuler 22.09 OpenStack Yoga + OpenSD + \u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u7279\u6027\u6d4b\u8bd5\u62a5\u544a"},{"location":"test/openEuler-22.09/#1","text":"\u5728 openEuler 22.09 \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Yoga \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u5305\u62ec\u4ee5\u4e0b\u9879\u76ee\u4ee5\u53ca\u6bcf\u4e2a\u9879\u76ee\u914d\u5957\u7684 CLI \u3002 Keystone Neutron Cinder Nova Placement Glance Horizon Aodh Ceilometer Cyborg Gnocchi Heat Swift Ironic Kolla Trove Tempest \u5728 openEuler 22.09 \u7248\u672c\u4e2d\u63d0\u4f9b opensd \u7684\u5b89\u88c5\u5305\u4ee5\u53ca\u5bf9 openEuler \u548c OpenStack Yoga \u7684\u652f\u6301\u80fd\u529b\u3002 \u5728 openEuler 22.09 \u7248\u672c\u4e2d\u63d0\u4f9b openstack-plugin-priority-vm \u5b89\u88c5\u5305\uff0c\u652f\u6301\u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u7279\u6027\u3002","title":"1 \u7279\u6027\u6982\u8ff0"},{"location":"test/openEuler-22.09/#2","text":"\u672c\u8282\u63cf\u8ff0\u88ab\u6d4b\u5bf9\u8c61\u7684\u7248\u672c\u4fe1\u606f\u548c\u6d4b\u8bd5\u7684\u65f6\u95f4\u53ca\u6d4b\u8bd5\u8f6e\u6b21\uff0c\u5305\u62ec\u4f9d\u8d56\u7684\u786c\u4ef6\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u8d77\u59cb\u65f6\u95f4 \u6d4b\u8bd5\u7ed3\u675f\u65f6\u95f4 openEuler 22.09 RC1 (OpenStack Yoga\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5\uff1bopensd\u5b89\u88c5\u80fd\u529b\u6d4b\u8bd5\uff1b\u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u7279\u6027\u5b89\u88c5\u6d4b\u8bd5) 2022.08.10 2022.08.17 openEuler 22.09 RC2 (OpenStack Yoga\u7248\u672c\u57fa\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\u3001\u5377 \u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5\uff1bopensd\u652f\u6301openEuler\u7684\u80fd\u529b\u6d4b\u8bd5\uff1b\u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u7279\u6027\u529f\u80fd\u6d4b\u8bd5) 2022.08.18 2022.08.23 openEuler 22.09 RC3 (OpenStack Yoga\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5\uff1bopensd\u652f\u6301OpenStack Yoga\u7684\u80fd\u529b\u6d4b\u8bd5\uff1b\u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u7279\u6027\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2022.08.24 2022.09.07 openEuler 22.09 RC4 (OpenStack Yoga\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5\uff1bopensd\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2022.09.08 2022.09.15 \u63cf\u8ff0\u7279\u6027\u6d4b\u8bd5\u7684\u786c\u4ef6\u73af\u5883\u4fe1\u606f \u786c\u4ef6\u578b\u53f7 \u786c\u4ef6\u914d\u7f6e\u4fe1\u606f \u5907\u6ce8 \u534e\u4e3a\u4e91ECS Intel Cascade Lake 3.0GHz 8U16G x86\u865a\u62df\u673a \u8054\u901a\u4e91ECS Intel(R) Xeon(R) Silver 4114 2.20GHz 8U16G X86\u865a\u62df\u673a \u534e\u4e3a 2288H V5 Intel Xeon Gold 6146 3.20GHz 48U192G X86\u7269\u7406\u673a \u8054\u901a\u4e91ECS Huawei Kunpeng 920 2.6GHz 4U8G arm64\u865a\u62df\u673a \u98de\u817eS2500 FT-S2500 2.1GHz 8U16G arm64\u865a\u62df\u673a \u98de\u817eS2500 FT-S2500,64 Core@2.1GHz*2; 512GB DDR4 RAM arm64\u7269\u7406\u673a","title":"2 \u7279\u6027\u6d4b\u8bd5\u4fe1\u606f"},{"location":"test/openEuler-22.09/#3","text":"","title":"3 \u6d4b\u8bd5\u7ed3\u8bba\u6982\u8ff0"},{"location":"test/openEuler-22.09/#31","text":"OpenStack Yoga \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1452 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86 API \u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 95 \u4e2a\uff08 OpenStack Yoga \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982Keystone V1\u3001Cinder V1\u7b49\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff08FLAT\u7f51\u7edc\u672a\u5b9e\u9645\u8054\u901a\u53ca\u5b58\u5728\u4e00\u4e9b\u8d85\u65f6\u95ee\u9898\uff09\uff0c\u5176\u4ed6 1357 \u4e2a\u7528\u4f8b\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 opensd \u652f\u6301 Yoga \u7248\u672c mariadb\u3001rabbitmq\u3001memcached\u3001ceph_client\u3001keystone\u3001glance\u3001cinder\u3001placement\u3001nova\u3001neutron \u517110\u4e2a\u9879\u76ee\u7684\u90e8\u7f72\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\u3002 \u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u7279\u6027 \uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\u3002 \u6d4b\u8bd5\u6d3b\u52a8 tempest\u96c6\u6210\u6d4b\u8bd5 \u63a5\u53e3\u6d4b\u8bd5 API\u5168\u8986\u76d6 \u529f\u80fd\u6d4b\u8bd5 Yoga\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1452\u4e2a\uff0c\u5176\u4e2dSkip 95\u4e2a\uff0cFail 0\u4e2a, \u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u6d4b\u8bd5\u6d3b\u52a8 \u529f\u80fd\u6d4b\u8bd5 \u529f\u80fd\u6d4b\u8bd5 \u865a\u62df\u673a\uff08KVM\u3001Qemu)\u3001\u5b58\u50a8\uff08lvm\u3001NFS\u3001Ceph\u540e\u7aef\uff09\u3001\u7f51\u7edc\u8d44\u6e90\uff08linuxbridge\u3001openvswitch\uff09\u7ba1\u7406\u64cd\u4f5c\u6b63\u5e38","title":"3.1 \u6d4b\u8bd5\u6574\u4f53\u7ed3\u8bba"},{"location":"test/openEuler-22.09/#32","text":"\u672c\u6b21\u6d4b\u8bd5\u6ca1\u6709\u8986\u76d6 OpenStack Yoga \u7248\u4e2d\u660e\u786e\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff0c\u56e0\u6b64\u4e0d\u80fd\u4fdd\u8bc1\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff08\u524d\u6587\u63d0\u5230\u7684Skip\u7684\u7528\u4f8b\uff09\u5728 openEuler 22.09 \u4e0a\u80fd\u6b63\u5e38\u4f7f\u7528\u3002 opensd \u53ea\u652f\u6301\u6d4b\u8bd5\u8303\u56f4\u5185\u7684\u670d\u52a1\u90e8\u7f72\uff0c\u5176\u4ed6\u670d\u52a1\u672a\u7ecf\u8fc7\u6d4b\u8bd5\uff0c\u4e0d\u4fdd\u8bc1\u8d28\u91cf\u3002 \u865a\u62df\u673a\u9ad8\u4f4e\u4f18\u5148\u7ea7\u7279\u6027 \u9700\u8981\u914d\u5408openEuelr 22.09 skylark\u670d\u52a1\u4f7f\u7528\u3002","title":"3.2 \u7ea6\u675f\u8bf4\u660e"},{"location":"test/openEuler-22.09/#33","text":"","title":"3.3 \u9057\u7559\u95ee\u9898\u5206\u6790"},{"location":"test/openEuler-22.09/#331","text":"\u95ee\u9898\u5355\u53f7 \u95ee\u9898\u63cf\u8ff0 \u95ee\u9898\u7ea7\u522b \u95ee\u9898\u5f71\u54cd\u548c\u89c4\u907f\u63aa\u65bd \u5f53\u524d\u72b6\u6001 N/A N/A N/A N/A N/A","title":"3.3.1 \u9057\u7559\u95ee\u9898\u5f71\u54cd\u4ee5\u53ca\u89c4\u907f\u63aa\u65bd"},{"location":"test/openEuler-22.09/#332","text":"\u95ee\u9898\u603b\u6570 \u4e25\u91cd \u4e3b\u8981 \u6b21\u8981 \u4e0d\u91cd\u8981 \u6570\u76ee 4 1 2 1 0 \u767e\u5206\u6bd4 100 25 59 25 0","title":"3.3.2 \u95ee\u9898\u7edf\u8ba1"},{"location":"test/openEuler-22.09/#4","text":"","title":"4 \u6d4b\u8bd5\u6267\u884c"},{"location":"test/openEuler-22.09/#41","text":"\u672c\u8282\u5185\u5bb9\u6839\u636e\u6d4b\u8bd5\u7528\u4f8b\u53ca\u5b9e\u9645\u6267\u884c\u60c5\u51b5\u8fdb\u884c\u7279\u6027\u6574\u4f53\u6d4b\u8bd5\u7684\u7edf\u8ba1\uff0c\u53ef\u6839\u636e\u7b2c\u4e8c\u7ae0\u7684\u6d4b\u8bd5\u8f6e\u6b21\u5206\u5f00\u8fdb\u884c\u7edf\u8ba1\u8bf4\u660e\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u7528\u4f8b\u6570 \u7528\u4f8b\u6267\u884c\u7ed3\u679c \u53d1\u73b0\u95ee\u9898\u5355\u6570 openEuler 22.09 OpenStack Yoga 1452 \u901a\u8fc71357\u4e2a\uff0cskip 95\u4e2a\uff0cFail 0\u4e2a 3","title":"4.1 \u6d4b\u8bd5\u6267\u884c\u7edf\u8ba1\u6570\u636e"},{"location":"test/openEuler-22.09/#42","text":"\u6db5\u76d6\u4e3b\u8981\u7684\u6027\u80fd\u6d4b\u8bd5 \u8986\u76d6\u66f4\u591a\u7684driver/plugin\u6d4b\u8bd5 opensd\u6d4b\u8bd5\u9a8c\u8bc1\u66f4\u591aOpenStack\u670d\u52a1\u3002","title":"4.2 \u540e\u7eed\u6d4b\u8bd5\u5efa\u8bae"},{"location":"test/openEuler-22.09/#5","text":"N/A","title":"5 \u9644\u4ef6"},{"location":"test/openEuler-24.03-LTS/","text":"openEuler 24.03 LTS \u6d4b\u8bd5\u62a5\u544a \u00b6 \u7248\u6743\u6240\u6709 \u00a9 2024 openEuler\u793e\u533a \u60a8\u5bf9\u201c\u672c\u6587\u6863\u201d\u7684\u590d\u5236\u3001\u4f7f\u7528\u3001\u4fee\u6539\u53ca\u5206\u53d1\u53d7\u77e5\u8bc6\u5171\u4eab(Creative Commons)\u7f72\u540d\u2014\u76f8\u540c\u65b9\u5f0f\u5171\u4eab4.0\u56fd\u9645\u516c\u5171\u8bb8\u53ef\u534f\u8bae(\u4ee5\u4e0b\u7b80\u79f0\u201cCC BY-SA 4.0\u201d)\u7684\u7ea6\u675f\u3002\u4e3a\u4e86\u65b9\u4fbf\u7528\u6237\u7406\u89e3\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95eehttps://creativecommons.org/licenses/by-sa/4.0/ \u4e86\u89e3CC BY-SA 4.0\u7684\u6982\u8981 (\u4f46\u4e0d\u662f\u66ff\u4ee3)\u3002CC BY-SA 4.0\u7684\u5b8c\u6574\u534f\u8bae\u5185\u5bb9\u60a8\u53ef\u4ee5\u8bbf\u95ee\u5982\u4e0b\u7f51\u5740\u83b7\u53d6\uff1ahttps://creativecommons.org/licenses/by-sa/4.0/legalcode\u3002 \u4fee\u8ba2\u8bb0\u5f55 \u65e5\u671f \u4fee\u8ba2\u7248\u672c \u4fee\u6539\u63cf\u8ff0 \u4f5c\u8005 2024-06-03 1 \u521d\u7a3f \u90d1\u633a \u5173\u952e\u8bcd\uff1a OpenStack \u6458\u8981\uff1a \u5728 openEuler 24.03 LTS \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Wallaby \u3001 OpenStack Antelope \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u65b9\u4fbf\u7528\u6237\u5feb\u901f\u90e8\u7f72 OpenStack \u3002 \u7f29\u7565\u8bed\u6e05\u5355\uff1a \u7f29\u7565\u8bed \u82f1\u6587\u5168\u540d \u4e2d\u6587\u89e3\u91ca CLI Command Line Interface \u547d\u4ee4\u884c\u5de5\u5177 ECS Elastic Cloud Server \u5f39\u6027\u4e91\u670d\u52a1\u5668 1 \u7279\u6027\u6982\u8ff0 \u00b6 \u5728 openEuler 24.03 LTS \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Wallaby \u3001 OpenStack Antelope \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u5305\u62ec\u4ee5\u4e0b\u9879\u76ee\u4ee5\u53ca\u6bcf\u4e2a\u9879\u76ee\u914d\u5957\u7684 CLI \u3002 Keystone Neutron Cinder Nova Placement Glance Horizon Aodh Ceilometer Cyborg Gnocchi Heat Swift Ironic Kolla Trove Tempest Barbican Octavia designate Manila Masakari Mistral Senlin Zaqar 2 \u7279\u6027\u6d4b\u8bd5\u4fe1\u606f \u00b6 \u672c\u8282\u63cf\u8ff0\u88ab\u6d4b\u5bf9\u8c61\u7684\u7248\u672c\u4fe1\u606f\u548c\u6d4b\u8bd5\u7684\u65f6\u95f4\u53ca\u6d4b\u8bd5\u8f6e\u6b21\uff0c\u5305\u62ec\u4f9d\u8d56\u7684\u786c\u4ef6\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u8d77\u59cb\u65f6\u95f4 \u6d4b\u8bd5\u7ed3\u675f\u65f6\u95f4 openEuler 24.03 LTS RC1 (OpenStack Antelope\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2024.03.31 2024.04.03 openEuler 24.03 LTS RC1 (OpenStack Antelope\u7248\u672c\u57fa\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2024.04.04 2024.04.09 openEuler 24.03 LTS RC2 (OpenStack Antelope\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2024.04.10 2024.04.19 openEuler 24.03 LTS RC3 (OpenStack Antelope\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2024.04.20 2024.05.09 openEuler 24.03 LTS RC4 (OpenStack Wallaby\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2024.05.10 2024.05.14 openEuler 24.03 LTS RC4 (OpenStack Wallaby\u57fa\u7248\u672c\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2024.05.15 2024.05.21 openEuler 24.03 LTS RC5 (OpenStack Wallaby\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2024.05.22 2024.05.28 openEuler 24.03 LTS RC5 (OpenStack Wallaby\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2024.05.29 2024.06.03 \u63cf\u8ff0\u7279\u6027\u6d4b\u8bd5\u7684\u786c\u4ef6\u73af\u5883\u4fe1\u606f \u786c\u4ef6\u578b\u53f7 \u786c\u4ef6\u914d\u7f6e\u4fe1\u606f \u5907\u6ce8 \u534e\u4e3a\u4e91ECS Intel Cascade Lake 3.0GHz 8U16G \u534e\u4e3a\u4e91x86\u865a\u62df\u673a \u534e\u4e3a\u4e91ECS Huawei Kunpeng 920 2.6GHz 8U16G \u534e\u4e3a\u4e91arm64\u865a\u62df\u673a 3 \u6d4b\u8bd5\u7ed3\u8bba\u6982\u8ff0 \u00b6 3.1 \u6d4b\u8bd5\u6574\u4f53\u7ed3\u8bba \u00b6 OpenStack Antelope \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1483 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86 API \u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 100 \u4e2a\uff08\u5168\u662f OpenStack Antelope \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982Keystone V1\u3001Cinder V1\u7b49\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff0c\u5176\u4ed6 1383 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 OpenStack Wallaby \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1434 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86 API \u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 95 \u4e2a\uff08\u5168\u662f OpenStack Wallaby \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982KeystoneV1\u3001Cinder V1\u7b49\uff0c\u548c\u4e0d\u652f\u6301\u7684barbican\u9879\u76ee\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff0c\u5176\u4ed6 1339 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 \u6d4b\u8bd5\u6d3b\u52a8 tempest\u96c6\u6210\u6d4b\u8bd5 \u63a5\u53e3\u6d4b\u8bd5 API\u5168\u8986\u76d6 \u529f\u80fd\u6d4b\u8bd5 Antelope\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1483\u4e2a\uff0c\u5176\u4e2dSkip 100\u4e2a\uff0cFail 0\u4e2a\uff0c\u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u529f\u80fd\u6d4b\u8bd5 Wallaby\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1434\u4e2a\uff0c\u5176\u4e2dSkip 95\u4e2a\uff0cFail 0\u4e2a, \u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u6d4b\u8bd5\u6d3b\u52a8 \u529f\u80fd\u6d4b\u8bd5 \u529f\u80fd\u6d4b\u8bd5 \u865a\u62df\u673a\uff08KVM\u3001Qemu)\u3001\u5b58\u50a8\uff08lvm\u3001NFS\u3001Ceph\u540e\u7aef\uff09\u3001\u7f51\u7edc\u8d44\u6e90\uff08linuxbridge\u3001openvswitch\uff09\u7ba1\u7406\u64cd\u4f5c\u6b63\u5e38 3.2 \u7ea6\u675f\u8bf4\u660e \u00b6 \u672c\u6b21\u6d4b\u8bd5\u6ca1\u6709\u8986\u76d6 OpenStack Antelope \u3001 OpenStack Wallaby \u7248\u4e2d\u660e\u786e\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff0c\u56e0\u6b64\u4e0d\u80fd\u4fdd\u8bc1\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff08\u524d\u6587\u63d0\u5230\u7684Skip\u7684\u7528\u4f8b\uff09\u5728 openEuler 24.03 LTS \u4e0a\u80fd\u6b63\u5e38\u4f7f\u7528\u3002 3.3 \u9057\u7559\u95ee\u9898\u5206\u6790 \u00b6 3.3.1 \u9057\u7559\u95ee\u9898\u5f71\u54cd\u4ee5\u53ca\u89c4\u907f\u63aa\u65bd \u00b6 \u95ee\u9898\u5355\u53f7 \u95ee\u9898\u63cf\u8ff0 \u95ee\u9898\u7ea7\u522b \u95ee\u9898\u5f71\u54cd\u548c\u89c4\u907f\u63aa\u65bd \u5f53\u524d\u72b6\u6001 N/A N/A N/A N/A N/A 3.3.2 \u95ee\u9898\u7edf\u8ba1 \u00b6 \u95ee\u9898\u603b\u6570 \u4e25\u91cd \u4e3b\u8981 \u6b21\u8981 \u4e0d\u91cd\u8981 \u6570\u76ee 6 0 6 0 0 \u767e\u5206\u6bd4 100 0 100 0 0 ISSUE Link https://gitee.com/openeuler/openstack/issues/I9RUHD?from=project-issue https://gitee.com/openeuler/openstack/issues/I9RKHC?from=project-issue https://gitee.com/openeuler/openstack/issues/I9S2L0?from=project-issue https://gitee.com/openeuler/openstack/issues/I9S2LT?from=project-issue https://gitee.com/openeuler/openstack/issues/I9UF6L?from=project-issue https://gitee.com/openeuler/openstack/issues/I9UFAZ?from=project-issue 4 \u6d4b\u8bd5\u6267\u884c \u00b6 4.1 \u6d4b\u8bd5\u6267\u884c\u7edf\u8ba1\u6570\u636e \u00b6 \u672c\u8282\u5185\u5bb9\u6839\u636e\u6d4b\u8bd5\u7528\u4f8b\u53ca\u5b9e\u9645\u6267\u884c\u60c5\u51b5\u8fdb\u884c\u7279\u6027\u6574\u4f53\u6d4b\u8bd5\u7684\u7edf\u8ba1\uff0c\u53ef\u6839\u636e\u7b2c\u4e8c\u7ae0\u7684\u6d4b\u8bd5\u8f6e\u6b21\u5206\u5f00\u8fdb\u884c\u7edf\u8ba1\u8bf4\u660e\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u7528\u4f8b\u6570 \u7528\u4f8b\u6267\u884c\u7ed3\u679c \u53d1\u73b0\u95ee\u9898\u5355\u6570 openEuler 24.03 LTS OpenStack Antelope 1483 \u901a\u8fc71383\u4e2a\uff0cskip 100\u4e2a\uff0cFail 0\u4e2a 1 openEuler 24.03 LTS OpenStack Wallaby 1434 \u901a\u8fc71339\u4e2a\uff0cskip 95\u4e2a\uff0cFail 0\u4e2a 5 4.2 \u540e\u7eed\u6d4b\u8bd5\u5efa\u8bae \u00b6 \u6db5\u76d6\u4e3b\u8981\u7684\u6027\u80fd\u6d4b\u8bd5\u3002 \u8986\u76d6\u66f4\u591a\u7684driver/plugin\u6d4b\u8bd5\u3002 \u91cd\u70b9\u6d4b\u8bd5Antelope\u548cWallaby\u7248\u672c\u5bf9python3.11\u7248\u672c\u7684\u9002\u914d\u60c5\u51b5\u3002 5 \u9644\u4ef6 \u00b6 N/A","title":"openEuler-24.03-LTS"},{"location":"test/openEuler-24.03-LTS/#openeuler-2403-lts","text":"\u7248\u6743\u6240\u6709 \u00a9 2024 openEuler\u793e\u533a \u60a8\u5bf9\u201c\u672c\u6587\u6863\u201d\u7684\u590d\u5236\u3001\u4f7f\u7528\u3001\u4fee\u6539\u53ca\u5206\u53d1\u53d7\u77e5\u8bc6\u5171\u4eab(Creative Commons)\u7f72\u540d\u2014\u76f8\u540c\u65b9\u5f0f\u5171\u4eab4.0\u56fd\u9645\u516c\u5171\u8bb8\u53ef\u534f\u8bae(\u4ee5\u4e0b\u7b80\u79f0\u201cCC BY-SA 4.0\u201d)\u7684\u7ea6\u675f\u3002\u4e3a\u4e86\u65b9\u4fbf\u7528\u6237\u7406\u89e3\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u8bbf\u95eehttps://creativecommons.org/licenses/by-sa/4.0/ \u4e86\u89e3CC BY-SA 4.0\u7684\u6982\u8981 (\u4f46\u4e0d\u662f\u66ff\u4ee3)\u3002CC BY-SA 4.0\u7684\u5b8c\u6574\u534f\u8bae\u5185\u5bb9\u60a8\u53ef\u4ee5\u8bbf\u95ee\u5982\u4e0b\u7f51\u5740\u83b7\u53d6\uff1ahttps://creativecommons.org/licenses/by-sa/4.0/legalcode\u3002 \u4fee\u8ba2\u8bb0\u5f55 \u65e5\u671f \u4fee\u8ba2\u7248\u672c \u4fee\u6539\u63cf\u8ff0 \u4f5c\u8005 2024-06-03 1 \u521d\u7a3f \u90d1\u633a \u5173\u952e\u8bcd\uff1a OpenStack \u6458\u8981\uff1a \u5728 openEuler 24.03 LTS \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Wallaby \u3001 OpenStack Antelope \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u65b9\u4fbf\u7528\u6237\u5feb\u901f\u90e8\u7f72 OpenStack \u3002 \u7f29\u7565\u8bed\u6e05\u5355\uff1a \u7f29\u7565\u8bed \u82f1\u6587\u5168\u540d \u4e2d\u6587\u89e3\u91ca CLI Command Line Interface \u547d\u4ee4\u884c\u5de5\u5177 ECS Elastic Cloud Server \u5f39\u6027\u4e91\u670d\u52a1\u5668","title":"openEuler 24.03 LTS \u6d4b\u8bd5\u62a5\u544a"},{"location":"test/openEuler-24.03-LTS/#1","text":"\u5728 openEuler 24.03 LTS \u7248\u672c\u4e2d\u63d0\u4f9b OpenStack Wallaby \u3001 OpenStack Antelope \u7248\u672c\u7684 RPM \u5b89\u88c5\u5305\uff0c\u5305\u62ec\u4ee5\u4e0b\u9879\u76ee\u4ee5\u53ca\u6bcf\u4e2a\u9879\u76ee\u914d\u5957\u7684 CLI \u3002 Keystone Neutron Cinder Nova Placement Glance Horizon Aodh Ceilometer Cyborg Gnocchi Heat Swift Ironic Kolla Trove Tempest Barbican Octavia designate Manila Masakari Mistral Senlin Zaqar","title":"1 \u7279\u6027\u6982\u8ff0"},{"location":"test/openEuler-24.03-LTS/#2","text":"\u672c\u8282\u63cf\u8ff0\u88ab\u6d4b\u5bf9\u8c61\u7684\u7248\u672c\u4fe1\u606f\u548c\u6d4b\u8bd5\u7684\u65f6\u95f4\u53ca\u6d4b\u8bd5\u8f6e\u6b21\uff0c\u5305\u62ec\u4f9d\u8d56\u7684\u786c\u4ef6\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u8d77\u59cb\u65f6\u95f4 \u6d4b\u8bd5\u7ed3\u675f\u65f6\u95f4 openEuler 24.03 LTS RC1 (OpenStack Antelope\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2024.03.31 2024.04.03 openEuler 24.03 LTS RC1 (OpenStack Antelope\u7248\u672c\u57fa\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2024.04.04 2024.04.09 openEuler 24.03 LTS RC2 (OpenStack Antelope\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2024.04.10 2024.04.19 openEuler 24.03 LTS RC3 (OpenStack Antelope\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2024.04.20 2024.05.09 openEuler 24.03 LTS RC4 (OpenStack Wallaby\u7248\u672c\u5404\u7ec4\u4ef6\u7684\u5b89\u88c5\u90e8\u7f72\u6d4b\u8bd5) 2024.05.10 2024.05.14 openEuler 24.03 LTS RC4 (OpenStack Wallaby\u57fa\u7248\u672c\u672c\u529f\u80fd\u6d4b\u8bd5\uff0c\u5305\u62ec\u865a\u62df\u673a\uff0c\u5377\uff0c\u7f51\u7edc\u76f8\u5173\u8d44\u6e90\u7684\u589e\u5220\u6539\u67e5) 2024.05.15 2024.05.21 openEuler 24.03 LTS RC5 (OpenStack Wallaby\u7248\u672ctempest\u96c6\u6210\u6d4b\u8bd5) 2024.05.22 2024.05.28 openEuler 24.03 LTS RC5 (OpenStack Wallaby\u7248\u672c\u95ee\u9898\u56de\u5f52\u6d4b\u8bd5) 2024.05.29 2024.06.03 \u63cf\u8ff0\u7279\u6027\u6d4b\u8bd5\u7684\u786c\u4ef6\u73af\u5883\u4fe1\u606f \u786c\u4ef6\u578b\u53f7 \u786c\u4ef6\u914d\u7f6e\u4fe1\u606f \u5907\u6ce8 \u534e\u4e3a\u4e91ECS Intel Cascade Lake 3.0GHz 8U16G \u534e\u4e3a\u4e91x86\u865a\u62df\u673a \u534e\u4e3a\u4e91ECS Huawei Kunpeng 920 2.6GHz 8U16G \u534e\u4e3a\u4e91arm64\u865a\u62df\u673a","title":"2 \u7279\u6027\u6d4b\u8bd5\u4fe1\u606f"},{"location":"test/openEuler-24.03-LTS/#3","text":"","title":"3 \u6d4b\u8bd5\u7ed3\u8bba\u6982\u8ff0"},{"location":"test/openEuler-24.03-LTS/#31","text":"OpenStack Antelope \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1483 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86 API \u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 100 \u4e2a\uff08\u5168\u662f OpenStack Antelope \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982Keystone V1\u3001Cinder V1\u7b49\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff0c\u5176\u4ed6 1383 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 OpenStack Wallaby \u7248\u672c\uff0c\u5171\u8ba1\u6267\u884c Tempest \u7528\u4f8b 1434 \u4e2a\uff0c\u4e3b\u8981\u8986\u76d6\u4e86 API \u6d4b\u8bd5\u548c\u529f\u80fd\u6d4b\u8bd5\uff0c\u901a\u8fc7 7*24 \u7684\u957f\u7a33\u6d4b\u8bd5\uff0c Skip \u7528\u4f8b 95 \u4e2a\uff08\u5168\u662f OpenStack Wallaby \u7248\u4e2d\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u6216\u63a5\u53e3\uff0c\u5982KeystoneV1\u3001Cinder V1\u7b49\uff0c\u548c\u4e0d\u652f\u6301\u7684barbican\u9879\u76ee\uff09\uff0c\u5931\u8d25\u7528\u4f8b 0 \u4e2a\uff0c\u5176\u4ed6 1339 \u4e2a\u7528\u4f8b\u5168\u90e8\u901a\u8fc7\uff0c\u53d1\u73b0\u95ee\u9898\u5df2\u89e3\u51b3\uff0c\u56de\u5f52\u901a\u8fc7\uff0c\u65e0\u9057\u7559\u98ce\u9669\uff0c\u6574\u4f53\u8d28\u91cf\u826f\u597d\u3002 \u6d4b\u8bd5\u6d3b\u52a8 tempest\u96c6\u6210\u6d4b\u8bd5 \u63a5\u53e3\u6d4b\u8bd5 API\u5168\u8986\u76d6 \u529f\u80fd\u6d4b\u8bd5 Antelope\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1483\u4e2a\uff0c\u5176\u4e2dSkip 100\u4e2a\uff0cFail 0\u4e2a\uff0c\u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u529f\u80fd\u6d4b\u8bd5 Wallaby\u7248\u672c\u8986\u76d6Tempest\u6240\u6709\u76f8\u5173\u6d4b\u8bd5\u7528\u4f8b1434\u4e2a\uff0c\u5176\u4e2dSkip 95\u4e2a\uff0cFail 0\u4e2a, \u5176\u4ed6\u5168\u901a\u8fc7\u3002 \u6d4b\u8bd5\u6d3b\u52a8 \u529f\u80fd\u6d4b\u8bd5 \u529f\u80fd\u6d4b\u8bd5 \u865a\u62df\u673a\uff08KVM\u3001Qemu)\u3001\u5b58\u50a8\uff08lvm\u3001NFS\u3001Ceph\u540e\u7aef\uff09\u3001\u7f51\u7edc\u8d44\u6e90\uff08linuxbridge\u3001openvswitch\uff09\u7ba1\u7406\u64cd\u4f5c\u6b63\u5e38","title":"3.1 \u6d4b\u8bd5\u6574\u4f53\u7ed3\u8bba"},{"location":"test/openEuler-24.03-LTS/#32","text":"\u672c\u6b21\u6d4b\u8bd5\u6ca1\u6709\u8986\u76d6 OpenStack Antelope \u3001 OpenStack Wallaby \u7248\u4e2d\u660e\u786e\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff0c\u56e0\u6b64\u4e0d\u80fd\u4fdd\u8bc1\u5df2\u5e9f\u5f03\u7684\u529f\u80fd\u548c\u63a5\u53e3\uff08\u524d\u6587\u63d0\u5230\u7684Skip\u7684\u7528\u4f8b\uff09\u5728 openEuler 24.03 LTS \u4e0a\u80fd\u6b63\u5e38\u4f7f\u7528\u3002","title":"3.2 \u7ea6\u675f\u8bf4\u660e"},{"location":"test/openEuler-24.03-LTS/#33","text":"","title":"3.3 \u9057\u7559\u95ee\u9898\u5206\u6790"},{"location":"test/openEuler-24.03-LTS/#331","text":"\u95ee\u9898\u5355\u53f7 \u95ee\u9898\u63cf\u8ff0 \u95ee\u9898\u7ea7\u522b \u95ee\u9898\u5f71\u54cd\u548c\u89c4\u907f\u63aa\u65bd \u5f53\u524d\u72b6\u6001 N/A N/A N/A N/A N/A","title":"3.3.1 \u9057\u7559\u95ee\u9898\u5f71\u54cd\u4ee5\u53ca\u89c4\u907f\u63aa\u65bd"},{"location":"test/openEuler-24.03-LTS/#332","text":"\u95ee\u9898\u603b\u6570 \u4e25\u91cd \u4e3b\u8981 \u6b21\u8981 \u4e0d\u91cd\u8981 \u6570\u76ee 6 0 6 0 0 \u767e\u5206\u6bd4 100 0 100 0 0 ISSUE Link https://gitee.com/openeuler/openstack/issues/I9RUHD?from=project-issue https://gitee.com/openeuler/openstack/issues/I9RKHC?from=project-issue https://gitee.com/openeuler/openstack/issues/I9S2L0?from=project-issue https://gitee.com/openeuler/openstack/issues/I9S2LT?from=project-issue https://gitee.com/openeuler/openstack/issues/I9UF6L?from=project-issue https://gitee.com/openeuler/openstack/issues/I9UFAZ?from=project-issue","title":"3.3.2 \u95ee\u9898\u7edf\u8ba1"},{"location":"test/openEuler-24.03-LTS/#4","text":"","title":"4 \u6d4b\u8bd5\u6267\u884c"},{"location":"test/openEuler-24.03-LTS/#41","text":"\u672c\u8282\u5185\u5bb9\u6839\u636e\u6d4b\u8bd5\u7528\u4f8b\u53ca\u5b9e\u9645\u6267\u884c\u60c5\u51b5\u8fdb\u884c\u7279\u6027\u6574\u4f53\u6d4b\u8bd5\u7684\u7edf\u8ba1\uff0c\u53ef\u6839\u636e\u7b2c\u4e8c\u7ae0\u7684\u6d4b\u8bd5\u8f6e\u6b21\u5206\u5f00\u8fdb\u884c\u7edf\u8ba1\u8bf4\u660e\u3002 \u7248\u672c\u540d\u79f0 \u6d4b\u8bd5\u7528\u4f8b\u6570 \u7528\u4f8b\u6267\u884c\u7ed3\u679c \u53d1\u73b0\u95ee\u9898\u5355\u6570 openEuler 24.03 LTS OpenStack Antelope 1483 \u901a\u8fc71383\u4e2a\uff0cskip 100\u4e2a\uff0cFail 0\u4e2a 1 openEuler 24.03 LTS OpenStack Wallaby 1434 \u901a\u8fc71339\u4e2a\uff0cskip 95\u4e2a\uff0cFail 0\u4e2a 5","title":"4.1 \u6d4b\u8bd5\u6267\u884c\u7edf\u8ba1\u6570\u636e"},{"location":"test/openEuler-24.03-LTS/#42","text":"\u6db5\u76d6\u4e3b\u8981\u7684\u6027\u80fd\u6d4b\u8bd5\u3002 \u8986\u76d6\u66f4\u591a\u7684driver/plugin\u6d4b\u8bd5\u3002 \u91cd\u70b9\u6d4b\u8bd5Antelope\u548cWallaby\u7248\u672c\u5bf9python3.11\u7248\u672c\u7684\u9002\u914d\u60c5\u51b5\u3002","title":"4.2 \u540e\u7eed\u6d4b\u8bd5\u5efa\u8bae"},{"location":"test/openEuler-24.03-LTS/#5","text":"N/A","title":"5 \u9644\u4ef6"}]}
\ No newline at end of file
diff --git a/site/sitemap.xml.gz b/site/sitemap.xml.gz
index 0ebc29e2f6630689d64fd9a721899584476c3354..b3d9f09530152b1e505db81e36a45e9a83eac32b 100644
Binary files a/site/sitemap.xml.gz and b/site/sitemap.xml.gz differ